670 files changed, 123905 insertions, 22321 deletions

diff --git a/.gitignore b/.gitignore
index 1a479903dc..f304a32ecf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,14 @@
 *.pyo
 # Cscope
 cscope.*
+# OSX junk
+*.dSYM
+.DS_Store
+# updateFallbackDirs.py temp files
+details-*.json
+uptime-*.json
+*.full_url
+*.last_modified
 
 # /
 /Makefile
@@ -57,6 +65,7 @@ cscope.*
 /mkinstalldirs
 /Tor*Bundle.dmg
 /tor-*-win32.exe
+/coverage_html/
 
 # /contrib/
 /contrib/dist/tor.sh
@@ -109,6 +118,10 @@ cscope.*
 /doc/spec/Makefile
 /doc/spec/Makefile.in
 
+# /scripts
+/scripts/maint/checkOptionDocs.pl
+/scripts/maint/updateVersions.pl
+
 # /src/
 /src/Makefile
 /src/Makefile.in
@@ -116,7 +129,6 @@ cscope.*
 # /src/common/
 /src/common/Makefile
 /src/common/Makefile.in
-/src/common/common_sha1.i
 /src/common/libor.a
 /src/common/libor-testing.a
 /src/common/libor.lib
@@ -135,11 +147,19 @@ cscope.*
 /src/config/sample-server-torrc
 /src/config/torrc
 /src/config/torrc.sample
+/src/config/torrc.minimal
+
+# /src/ext/
+/src/ext/ed25519/ref10/libed25519_ref10.a
+/src/ext/ed25519/ref10/libed25519_ref10.lib
+/src/ext/ed25519/donna/libed25519_donna.a
+/src/ext/ed25519/donna/libed25519_donna.lib
+/src/ext/keccak-tiny/libkeccak-tiny.a
+/src/ext/keccak-tiny/libkeccak-tiny.lib
 
 # /src/or/
 /src/or/Makefile
 /src/or/Makefile.in
-/src/or/or_sha1.i
 /src/or/tor
 /src/or/tor.exe
 /src/or/tor-cov
@@ -154,24 +174,40 @@ cscope.*
 /src/test/bench
 /src/test/bench.exe
 /src/test/test
+/src/test/test-slow
 /src/test/test-bt-cl
 /src/test/test-child
+/src/test/test-memwipe
 /src/test/test-ntor-cl
+/src/test/test-switch-id
+/src/test/test_workqueue
 /src/test/test.exe
+/src/test/test-slow.exe
 /src/test/test-bt-cl.exe
 /src/test/test-child.exe
 /src/test/test-ntor-cl.exe
+/src/test/test-memwipe.exe
+/src/test/test-switch-id.exe
+/src/test/test_workqueue.exe
 
 # /src/tools/
 /src/tools/tor-checkkey
 /src/tools/tor-resolve
+/src/tools/tor-cov-resolve
 /src/tools/tor-gencert
+/src/tools/tor-cov-gencert
 /src/tools/tor-checkkey.exe
 /src/tools/tor-resolve.exe
+/src/tools/tor-cov-resolve.exe
 /src/tools/tor-gencert.exe
+/src/tools/tor-cov-gencert.exe
 /src/tools/Makefile
 /src/tools/Makefile.in
 
+# /src/trunnel/
+/src/trunnel/libor-trunnel-testing.a
+/src/trunnel/libor-trunnel.a
+
 # /src/tools/tor-fw-helper/
 /src/tools/tor-fw-helper/tor-fw-helper
 /src/tools/tor-fw-helper/tor-fw-helper.exe
diff --git a/ChangeLog b/ChangeLog
index 4a2918490e..c93348ac01 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,3406 @@
+Changes in version 0.2.8.2-alpha - 2016-03-28
+  Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous
+  bugs in earlier versions of Tor, including some that prevented
+  authorities using Tor 0.2.7.x from running correctly. IPv6 and
+  directory support should also be much improved.
+
+  o New system requirements:
+    - Tor no longer supports versions of OpenSSL with a broken
+      implementation of counter mode. (This bug was present in OpenSSL
+      1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no
+      longer runs with, these versions.
+    - Tor no longer attempts to support platforms where the "time_t"
+      type is unsigned. (To the best of our knowledge, only OpenVMS does
+      this, and Tor has never actually built on OpenVMS.) Closes
+      ticket 18184.
+    - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or
+      later (released in 2008 and 2009 respectively). If you are
+      building Tor from the git repository instead of from the source
+      distribution, and your tools are older than this, you will need to
+      upgrade. Closes ticket 17732.
+
+  o Major bugfixes (security, pointers):
+    - Avoid a difficult-to-trigger heap corruption attack when extending
+      a smartlist to contain over 16GB of pointers. Fixes bug 18162;
+      bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
+      Reported by Guido Vranken.
+
+  o Major bugfixes (bridges, pluggable transports):
+    - Modify the check for OR connections to private addresses. Allow
+      bridges on private addresses, including pluggable transports that
+      ignore the (potentially private) address in the bridge line. Fixes
+      bug 18517; bugfix on 0.2.8.1-alpha. Reported by gk, patch by teor.
+
+  o Major bugfixes (compilation):
+    - Repair hardened builds under the clang compiler. Previously, our
+      use of _FORTIFY_SOURCE would conflict with clang's address
+      sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
+
+  o Major bugfixes (crash on shutdown):
+    - Correctly handle detaching circuits from muxes when shutting down.
+      Fixes bug 18116; bugfix on 0.2.8.1-alpha.
+    - Fix an assert-on-exit bug related to counting memory usage in
+      rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha.
+
+  o Major bugfixes (crash on startup):
+    - Fix a segfault during startup: If a Unix domain socket was
+      configured as listener (such as a ControlSocket or a SocksPort
+      "unix:" socket), and tor was started as root but not configured to
+      switch to another user, tor would segfault while trying to string
+      compare a NULL value. Fixes bug 18261; bugfix on 0.2.8.1-alpha.
+      Patch by weasel.
+
+  o Major bugfixes (dns proxy mode, crash):
+    - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+      bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
+
+  o Major bugfixes (relays, bridge clients):
+    - Ensure relays always allow IPv4 OR and Dir connections. Ensure
+      bridge clients use the address configured in the bridge line.
+      Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb,
+      patch by teor.
+
+  o Major bugfixes (voting):
+    - Actually enable support for authorities to match routers by their
+      Ed25519 identities. Previously, the code had been written, but
+      some debugging code that had accidentally been left in the
+      codebase made it stay turned off. Fixes bug 17702; bugfix
+      on 0.2.7.2-alpha.
+    - When collating votes by Ed25519 identities, authorities now
+      include a "NoEdConsensus" flag if the ed25519 value (or lack
+      thereof) for a server does not reflect the majority consensus.
+      Related to bug 17668; bugfix on 0.2.7.2-alpha.
+    - When generating a vote with keypinning disabled, never include two
+      entries for the same ed25519 identity. This bug was causing
+      authorities to generate votes that they could not parse when a
+      router violated key pinning by changing its RSA identity but
+      keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug
+      18318. Bugfix on 0.2.7.2-alpha.
+
+  o Minor features (security, win32):
+    - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
+      attack. Fixes bug 18123; bugfix on all tor versions. Patch
+      by teor.
+
+  o Minor features (bug-resistance):
+    - Make Tor survive errors involving connections without a
+      corresponding event object. Previously we'd fail with an
+      assertion; now we produce a log message. Related to bug 16248.
+
+  o Minor features (build):
+    - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD)
+      as having possible IPFW support. Closes ticket 18448. Patch from
+      Steven Chamberlain.
+
+  o Minor features (code hardening):
+    - Use tor_snprintf() and tor_vsnprintf() even in external and low-
+      level code, to harden against accidental failures to NUL-
+      terminate. Part of ticket 17852. Patch from jsturgix. Found
+      with Flawfinder.
+
+  o Minor features (crypto):
+    - Validate the hard-coded Diffie-Hellman parameters and ensure that
+      p is a safe prime, and g is a suitable generator. Closes
+      ticket 18221.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden service directory):
+    - Streamline relay-side hsdir handling: when relays consider whether
+      to accept an uploaded hidden service descriptor, they no longer
+      check whether they are one of the relays in the network that is
+      "supposed" to handle that descriptor. Implements ticket 18332.
+
+  o Minor features (IPv6):
+    - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
+      to 1, tor prefers IPv6 directory addresses.
+    - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor
+      avoids using IPv4 for client OR and directory connections.
+    - Try harder to obey the IP version restrictions "ClientUseIPv4 0",
+      "ClientUseIPv6 0", "ClientPreferIPv6ORPort", and
+      "ClientPreferIPv6DirPort". Closes ticket 17840; patch by teor.
+
+  o Minor features (linux seccomp2 sandbox):
+    - Reject attempts to change our Address with "Sandbox 1" enabled.
+      Changing Address with Sandbox turned on would never actually work,
+      but previously it would fail in strange and confusing ways. Found
+      while fixing 18548.
+
+  o Minor features (robustness):
+    - Exit immediately with an error message if the code attempts to use
+      Libevent without having initialized it. This should resolve some
+      frequently-made mistakes in our unit tests. Closes ticket 18241.
+
+  o Minor features (unix domain sockets):
+    - Add a new per-socket option, RelaxDirModeCheck, to allow creating
+      Unix domain sockets without checking the permissions on the parent
+      directory. (Tor checks permissions by default because some
+      operating systems only check permissions on the parent directory.
+      However, some operating systems do look at permissions on the
+      socket, and tor's default check is unneeded.) Closes ticket 18458.
+      Patch by weasel.
+
+  o Minor bugfixes (exit policies, security):
+    - Refresh an exit relay's exit policy when interface addresses
+      change. Previously, tor only refreshed the exit policy when the
+      configured external address changed. Fixes bug 18208; bugfix on
+      0.2.7.3-rc. Patch by teor.
+
+  o Minor bugfixes (security, hidden services):
+    - Prevent hidden services connecting to client-supplied rendezvous
+      addresses that are reserved as internal or multicast. Fixes bug
+      8976; bugfix on 0.2.3.21-rc. Patch by dgoulet and teor.
+
+  o Minor bugfixes (build):
+    - Do not link the unit tests against both the testing and non-
+      testing versions of the static libraries. Fixes bug 18490; bugfix
+      on 0.2.7.1-alpha.
+    - Avoid spurious failures from configure files related to calling
+      exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on
+      0.2.0.1-alpha. Patch from "cypherpunks".
+    - Silence spurious clang-scan warnings in the ed25519_donna code by
+      explicitly initializing some objects. Fixes bug 18384; bugfix on
+      0.2.7.2-alpha. Patch by teor.
+
+  o Minor bugfixes (client, bootstrap):
+    - Count receipt of new microdescriptors as progress towards
+      bootstrapping. Previously, with EntryNodes set, Tor might not
+      successfully repopulate the guard set on bootstrapping. Fixes bug
+      16825; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (code correctness):
+    - Update to the latest version of Trunnel, which tries harder to
+      avoid generating code that can invoke memcpy(p,NULL,0). Bug found
+      by clang address sanitizer. Fixes bug 18373; bugfix
+      on 0.2.7.2-alpha.
+
+  o Minor bugfixes (configuration):
+    - Fix a tiny memory leak when parsing a port configuration ending in
+      ":auto". Fixes bug 18374; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (containers):
+    - If we somehow attempt to construct a heap with more than
+      1073741822 elements, avoid an integer overflow when maintaining
+      the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
+
+  o Minor bugfixes (correctness):
+    - Fix a bad memory handling bug that would occur if we had queued a
+      cell on a channel's incoming queue. Fortunately, we can't actually
+      queue a cell like that as our code is constructed today, but it's
+      best to avoid this kind of error, even if there isn't any code
+      that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (directory):
+    - When generating a URL for a directory server on an IPv6 address,
+      wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix
+      on 0.2.3.9-alpha. Patch from Malek.
+
+  o Minor bugfixes (fallback directory mirrors):
+    - When requesting extrainfo descriptors from a trusted directory
+      server, check whether it is an authority or a fallback directory
+      which supports extrainfo descriptors. Fixes bug 18489; bugfix on
+      0.2.4.7-alpha. Reported by atagar, patch by teor.
+
+  o Minor bugfixes (hidden service, client):
+    - Handle the case where the user makes several fast consecutive
+      requests to the same .onion address. Previously, the first six
+      requests would each trigger a descriptor fetch, each picking a
+      directory (there are 6 overall) and the seventh one would fail
+      because no directories were left, thereby triggering a close on
+      all current directory connections asking for the hidden service.
+      The solution here is to not close the connections if we have
+      pending directory fetches. Fixes bug 15937; bugfix
+      on 0.2.7.1-alpha.
+
+  o Minor bugfixes (hidden service, control port):
+    - Add the onion address to the HS_DESC event for the UPLOADED action
+      both on success or failure. It was previously hardcoded with
+      UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (hidden service, directory):
+    - Bridges now refuse "rendezvous2" (hidden service descriptor)
+      publish attempts. Suggested by ticket 18332.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the setrlimit syscall, and the prlimit and prlimit64
+      syscalls, which some libc implementations use under the hood.
+      Fixes bug 15221; bugfix on 0.2.5.1-alpha.
+    - Avoid a 10-second delay when starting as a client with "Sandbox 1"
+      enabled and no DNS resolvers configured. This should help TAILS
+      start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha.
+    - Fix the sandbox's interoperability with unix domain sockets under
+      setuid. Fixes bug 18253; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (logging):
+    - When logging information about an unparsable networkstatus vote or
+      consensus, do not say "vote" when we mean consensus. Fixes bug
+      18368; bugfix on 0.2.0.8-alpha.
+    - Scrub service name in "unrecognized service ID" log messages.
+      Fixes bug 18600; bugfix on 0.2.4.11-alpha.
+    - Downgrade logs and backtraces about IP versions to info-level.
+      Only log backtraces once each time tor runs. Assists in diagnosing
+      bug 18351; bugfix on 0.2.8.1-alpha. Reported by sysrqb and
+      Christian, patch by teor.
+
+  o Minor bugfixes (memory safety):
+    - Avoid freeing an uninitialized pointer when opening a socket fails
+      in get_interface_addresses_ioctl(). Fixes bug 18454; bugfix on
+      0.2.3.11-alpha. Reported by toralf and "cypherpunks", patch
+      by teor.
+    - Correctly duplicate addresses in get_interface_address6_list().
+      Fixes bug 18454; bugfix on 0.2.8.1-alpha. Reported by toralf,
+      patch by "cypherpunks".
+    - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix
+      on 0.2.0.1-alpha.
+    - Fix a memory leak in "tor --list-fingerprint". Fixes part of bug
+      18672; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (private directory):
+    - Prevent a race condition when creating private directories. Fixes
+      part of bug 17852; bugfix on 0.0.2pre13. Part of ticket 17852.
+      Patch from jsturgix. Found with Flawfinder.
+
+  o Minor bugfixes (test networks, IPv6):
+    - Allow internal IPv6 addresses in descriptors in test networks.
+      Fixes bug 17153; bugfix on 0.2.3.16-alpha. Patch by teor, reported
+      by karsten.
+
+  o Minor bugfixes (testing):
+    - We no longer disable assertions in the unit tests when coverage is
+      enabled. Instead, we require you to say --disable-asserts-in-tests
+      to the configure script if you need assertions disabled in the
+      unit tests (for example, if you want to perform branch coverage).
+      Fixes bug 18242; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (time parsing):
+    - Avoid overflow in tor_timegm when parsing dates in and after 2038
+      on platforms with 32-bit time_t. Fixes bug 18479; bugfix on
+      0.0.2pre14. Patch by teor.
+
+  o Minor bugfixes (tor-gencert):
+    - Correctly handle the case where an authority operator enters a
+      passphrase but sends an EOF before sending a newline. Fixes bug
+      17443; bugfix on 0.2.0.20-rc. Found by junglefowl.
+
+  o Code simplification and refactoring:
+    - Quote all the string interpolations in configure.ac -- even those
+      which we are pretty sure can't contain spaces. Closes ticket
+      17744. Patch from zerosion.
+    - Remove specialized code for non-inplace AES_CTR. 99% of our AES is
+      inplace, so there's no need to have a separate implementation for
+      the non-inplace code. Closes ticket 18258. Patch from Malek.
+    - Simplify return types for some crypto functions that can't
+      actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
+
+  o Documentation:
+    - Change build messages to refer to "Fedora" instead of "Fedora
+      Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426.
+      Patches from "icanhasaccount" and "cypherpunks".
+
+  o Removed features:
+    - We no longer maintain an internal freelist in memarea.c.
+      Allocators should be good enough to make this code unnecessary,
+      and it's doubtful that it ever had any performance benefit.
+
+  o Testing:
+    - Fix several warnings from clang's address sanitizer produced in
+      the unit tests.
+    - Treat backtrace test failures as expected on FreeBSD until we
+      solve bug 17808. Closes ticket 18204.
+
+
+Changes in version 0.2.8.1-alpha - 2016-02-04
+  Tor 0.2.8.1-alpha is the first alpha release in its series. It
+  includes numerous small features and bugfixes against previous Tor
+  versions, and numerous small infrastructure improvements. The most
+  notable features are a set of improvements to the directory subsystem.
+
+  o Major features (security, Linux):
+    - When Tor starts as root on Linux and is told to switch user ID, it
+      can now retain the capability to bind to low ports. By default,
+      Tor will do this only when it's switching user ID and some low
+      ports have been configured. You can change this behavior with the
+      new option KeepBindCapabilities. Closes ticket 8195.
+
+  o Major features (directory system):
+    - When bootstrapping multiple consensus downloads at a time, use the
+      first one that starts downloading, and close the rest. This
+      reduces failures when authorities or fallback directories are slow
+      or down. Together with the code for feature 15775, this feature
+      should reduces failures due to fallback churn. Implements ticket
+      4483. Patch by "teor". Implements IPv4 portions of proposal 210 by
+      "mikeperry" and "teor".
+    - Include a trial list of default fallback directories, based on an
+      opt-in survey of suitable relays. Doing this should make clients
+      bootstrap more quickly and reliably, and reduce the load on the
+      directory authorities. Closes ticket 15775. Patch by "teor".
+      Candidates identified using an OnionOO script by "weasel", "teor",
+      "gsathya", and "karsten".
+    - Previously only relays that explicitly opened a directory port
+      (DirPort) accepted directory requests from clients. Now all
+      relays, with and without a DirPort, accept and serve tunneled
+      directory requests that they receive through their ORPort. You can
+      disable this behavior using the new DirCache option. Closes
+      ticket 12538.
+
+  o Major key updates:
+    - Update the V3 identity key for the dannenberg directory authority:
+      it was changed on 18 November 2015. Closes task 17906. Patch
+      by "teor".
+
+  o Minor features (security, clock):
+    - Warn when the system clock appears to move back in time (when the
+      state file was last written in the future). Tor doesn't know that
+      consensuses have expired if the clock is in the past. Patch by
+      "teor". Implements ticket 17188.
+
+  o Minor features (security, exit policies):
+    - ExitPolicyRejectPrivate now rejects more private addresses by
+      default. Specifically, it now rejects the relay's outbound bind
+      addresses (if configured), and the relay's configured port
+      addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on
+      0.2.0.11-alpha. Patch by "teor".
+
+  o Minor features (security, memory erasure):
+    - Set the unused entries in a smartlist to NULL. This helped catch
+      a (harmless) bug, and shouldn't affect performance too much.
+      Implements ticket 17026.
+    - Use SecureMemoryWipe() function to securely clean memory on
+      Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function.
+      Implements feature 17986.
+    - Use explicit_bzero or memset_s when present. Previously, we'd use
+      OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
+      from <logan@hackers.mu> and <selven@hackers.mu>.
+    - Make memwipe() do nothing when passed a NULL pointer or buffer of
+      zero size. Check size argument to memwipe() for underflow. Fixes
+      bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
+      patch by "teor".
+
+  o Minor features (security, RNG):
+    - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
+      positively are not allowed to fail. Previously we depended on
+      internal details of OpenSSL's behavior. Closes ticket 17686.
+    - Never use the system entropy output directly for anything besides
+      seeding the PRNG. When we want to generate important keys, instead
+      of using system entropy directly, we now hash it with the PRNG
+      stream. This may help resist certain attacks based on broken OS
+      entropy implementations. Closes part of ticket 17694.
+    - Use modern system calls (like getentropy() or getrandom()) to
+      generate strong entropy on platforms that have them. Closes
+      ticket 13696.
+
+  o Minor features (accounting):
+    - Added two modes to the AccountingRule option: One for limiting
+      only the number of bytes sent ("AccountingRule out"), and one for
+      limiting only the number of bytes received ("AccountingRule in").
+      Closes ticket 15989; patch from "unixninja92".
+
+  o Minor features (build):
+    - Since our build process now uses "make distcheck", we no longer
+      force "make dist" to depend on "make check". Closes ticket 17893;
+      patch from "cypherpunks."
+    - Tor now builds successfully with the recent OpenSSL 1.1
+      development branch, and with the latest LibreSSL. Closes tickets
+      17549, 17921, and 17984.
+
+  o Minor features (controller):
+    - Adds the FallbackDir entries to 'GETINFO config/defaults'. Closes
+      tickets 16774 and 17817. Patch by George Tankersley.
+    - New 'GETINFO hs/service/desc/id/' command to retrieve a hidden
+      service descriptor from a service's local hidden service
+      descriptor cache. Closes ticket 14846.
+    - Add 'GETINFO exit-policy/reject-private/[default,relay]', so
+      controllers can examine the the reject rules added by
+      ExitPolicyRejectPrivate. This makes it easier for stem to display
+      exit policies.
+
+  o Minor features (crypto):
+    - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
+      George Tankersley.
+    - Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
+    - When allocating a digest state object, allocate no more space than
+      we actually need. Previously, we would allocate as much space as
+      the state for the largest algorithm would need. This change saves
+      up to 672 bytes per circuit. Closes ticket 17796.
+    - Improve performance when hashing non-multiple of 8 sized buffers,
+      based on Andrew Moon's public domain SipHash-2-4 implementation.
+      Fixes bug 17544; bugfix on 0.2.5.3-alpha.
+
+  o Minor features (directory downloads):
+    - Wait for busy authorities and fallback directories to become non-
+      busy when bootstrapping. (A similar change was made in 6c443e987d
+      for directory caches chosen from the consensus.) Closes ticket
+      17864; patch by "teor".
+    - Add UseDefaultFallbackDirs, which enables any hard-coded fallback
+      directory mirrors. The default is 1; set it to 0 to disable
+      fallbacks. Implements ticket 17576. Patch by "teor".
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (IPv6):
+    - Add an argument 'ipv6=address:orport' to the DirAuthority and
+      FallbackDir torrc options, to specify an IPv6 address for an
+      authority or fallback directory. Add hard-coded ipv6 addresses for
+      directory authorities that have them. Closes ticket 17327; patch
+      from Nick Mathewson and "teor".
+    - Add address policy assume_action support for IPv6 addresses.
+    - Limit IPv6 mask bits to 128.
+    - Warn when comparing against an AF_UNSPEC address in a policy, it's
+      almost always a bug. Closes ticket 17863; patch by "teor".
+    - Allow users to configure directory authorities and fallback
+      directory servers with IPv6 addresses and ORPorts. Resolves
+      ticket 6027.
+    - routerset_parse now accepts IPv6 literal addresses. Fixes bug
+      17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
+    - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
+      17638; bugfix on 0.0.2pre8. Patch by "teor".
+
+  o Minor features (logging):
+    - When logging to syslog, allow a tag to be added to the syslog
+      identity (the string prepended to every log message). The tag can
+      be configured with SyslogIdentityTag and defaults to none. Setting
+      it to "foo" will cause logs to be tagged as "Tor-foo". Closes
+      ticket 17194.
+
+  o Minor features (portability):
+    - Use timingsafe_memcmp() where available. Closes ticket 17944;
+      patch from <logan@hackers.mu>.
+
+  o Minor features (relay, address discovery):
+    - Add a family argument to get_interface_addresses_raw() and
+      subfunctions to make network interface address interogation more
+      efficient. Now Tor can specifically ask for IPv4, IPv6 or both
+      types of interfaces from the operating system. Resolves
+      ticket 17950.
+    - When get_interface_address6_list(.,AF_UNSPEC,.) is called and
+      fails to enumerate interface addresses using the platform-specific
+      API, have it rely on the UDP socket fallback technique to try and
+      find out what IP addresses (both IPv4 and IPv6) our machine has.
+      Resolves ticket 17951.
+
+  o Minor features (replay cache):
+    - The replay cache now uses SHA256 instead of SHA1. Implements
+      feature 8961. Patch by "teor", issue reported by "rransom".
+
+  o Minor features (unix file permissions):
+    - Defer creation of Unix sockets until after setuid. This avoids
+      needing CAP_CHOWN and CAP_FOWNER when using systemd's
+      CapabilityBoundingSet, or chown and fowner when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+    - If any directory created by Tor is marked as group readable, the
+      filesystem group is allowed to be either the default GID or the
+      root user. Allowing root to read the DataDirectory prevents the
+      need for CAP_READ_SEARCH when using systemd's
+      CapabilityBoundingSet, or dac_read_search when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+    - Introduce a new DataDirectoryGroupReadable option. If it is set to
+      1, the DataDirectory will be made readable by the default GID.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+
+  o Minor bugfixes (accounting):
+    - The max bandwidth when using 'AccountRule sum' is now correctly
+      logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
+      from "unixninja92".
+
+  o Minor bugfixes (code correctness):
+    - When closing an entry connection, generate a warning if we should
+      have sent an end cell for it but we haven't. Fixes bug 17876;
+      bugfix on 0.2.3.2-alpha.
+    - Assert that allocated memory held by the reputation code is freed
+      according to its internal counters. Fixes bug 17753; bugfix
+      on 0.1.1.1-alpha.
+    - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
+      bugfix on 0.0.6.
+
+  o Minor bugfixes (compilation):
+    - Mark all object files that include micro-revision.i as depending
+      on it, so as to make parallel builds more reliable. Fixes bug
+      17826; bugfix on 0.2.5.1-alpha.
+    - Don't try to use the pthread_condattr_setclock() function unless
+      it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug
+      17819; bugfix on 0.2.6.3-alpha.
+    - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix
+      on 0.2.5.2-alpha.
+    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+    - Fix search for libevent libraries on OpenBSD (and other systems
+      that install libevent 1 and libevent 2 in parallel). Fixes bug
+      16651; bugfix on 0.1.0.7-rc. Patch from "rubiate".
+    - Isolate environment variables meant for tests from the rest of the
+      build system. Fixes bug 17818; bugfix on 0.2.7.3-rc.
+    - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix
+      on 0.0.2pre8.
+    - Remove config.log only from make distclean, not from make clean.
+      Fixes bug 17924; bugfix on 0.2.4.1-alpha.
+
+  o Minor bugfixes (crypto):
+    - Check the return value of HMAC() and assert on failure. Fixes bug
+      17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
+
+  o Minor bugfixes (fallback directories):
+    - Mark fallbacks as "too busy" when they return a 503 response,
+      rather than just marking authorities. Fixes bug 17572; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+
+  o Minor bugfixes (IPv6):
+    - Update the limits in max_dl_per_request for IPv6 address length.
+      Fixes bug 17573; bugfix on 0.2.1.5-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Fix a crash when using offline master ed25519 keys with the Linux
+      seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-rc.
+
+  o Minor bugfixes (logging):
+    - In log messages that include a function name, use __FUNCTION__
+      instead of __PRETTY_FUNCTION__. In GCC, these are synonymous, but
+      with clang __PRETTY_FUNCTION__ has extra information we don't
+      need. Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van
+      der Woerdt.
+    - Remove needless quotes from a log message about unparseable
+      addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (portability):
+    - Remove an #endif from configure.ac so that we correctly detect the
+      presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
+      on 0.2.0.13-alpha.
+
+  o Minor bugfixes (relays):
+    - Check that both the ORPort and DirPort (if present) are reachable
+      before publishing a relay descriptor. Otherwise, relays publish a
+      descriptor with DirPort 0 when the DirPort reachability test takes
+      longer than the ORPort reachability test. Fixes bug 18050; bugfix
+      on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
+
+  o Minor bugfixes (relays, hidden services):
+    - Refuse connection requests to private OR addresses unless
+      ExtendAllowPrivateAddresses is set. Previously, tor would connect,
+      then refuse to send any cells to a private address. Fixes bugs
+      17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
+
+  o Minor bugfixes (safe logging):
+    - When logging a malformed hostname received through socks4, scrub
+      it if SafeLogging says we should. Fixes bug 17419; bugfix
+      on 0.1.1.16-rc.
+
+  o Minor bugfixes (statistics code):
+    - Consistently check for overflow in round_*_to_next_multiple_of
+      functions, and add unit tests with additional and maximal values.
+      Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
+    - Handle edge cases in the laplace functions: avoid division by
+      zero, avoid taking the log of zero, and silence clang type
+      conversion warnings using round and trunc. Add unit tests for edge
+      cases with maximal values. Fixes part of bug 13192; bugfix
+      on 0.2.6.2-alpha.
+
+  o Minor bugfixes (testing):
+    - The test for log_heartbeat was incorrectly failing in timezones
+      with non-integer offsets. Instead of comparing the end of the time
+      string against a constant, compare it to the output of
+      format_local_iso_time when given the correct input. Fixes bug
+      18039; bugfix on 0.2.5.4-alpha.
+    - Make unit tests pass on IPv6-only systems, and systems without
+      localhost addresses (like some FreeBSD jails). Fixes bug 17632;
+      bugfix on 0.2.7.3-rc. Patch by "teor".
+    - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
+      on 0.2.4.8-alpha.
+    - Check the full results of SHA256 and SHA512 digests in the unit
+      tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
+
+  o Code simplification and refactoring:
+    - Move logging of redundant policy entries in
+      policies_parse_exit_policy_internal into its own function. Closes
+      ticket 17608; patch from "juce".
+    - Extract the more complicated parts of circuit_mark_for_close()
+      into a new function that we run periodically before circuits are
+      freed. This change removes more than half of the functions
+      currently in the "blob". Closes ticket 17218.
+    - Clean up a little duplicated code in
+      crypto_expand_key_material_TAP(). Closes ticket 17587; patch
+      from "pfrankw".
+    - Decouple the list of streams waiting to be attached to circuits
+      from the overall connection list. This change makes it possible to
+      attach streams quickly while simplifying Tor's callgraph and
+      avoiding O(N) scans of the entire connection list. Closes
+      ticket 17590.
+    - When a direct directory request fails immediately on launch,
+      instead of relaunching that request from inside the code that
+      launches it, instead mark the connection for teardown. This change
+      simplifies Tor's callback and prevents the directory-request
+      launching code from invoking itself recursively. Closes
+      ticket 17589
+    - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't
+      use them. Closes ticket 17926.
+
+  o Documentation:
+    - Add a description of the correct use of the '--keygen' command-
+      line option. Closes ticket 17583; based on text by 's7r'.
+    - Document the minimum HeartbeatPeriod value. Closes ticket 15638.
+    - Explain actual minima for BandwidthRate. Closes ticket 16382.
+    - Fix a minor formatting typo in the manpage. Closes ticket 17791.
+    - Mention torspec URL in the manpage and point the reader to it
+      whenever we mention a document that belongs in torspce. Fixes
+      issue 17392.
+
+  o Removed features:
+    - Remove client-side support for connecting to Tor relays running
+      versions of Tor before 0.2.3.6-alpha. These relays didn't support
+      the v3 TLS handshake protocol, and are no longer allowed on the
+      Tor network. Implements the client side of ticket 11150. Based on
+      patches by Tom van der Woerdt.
+
+  o Testing:
+    - Add unit tests to check for common RNG failure modes, such as
+      returning all zeroes, identical values, or incrementing values
+      (OpenSSL's rand_predictable feature). Patch by "teor".
+    - Log more information when the backtrace tests fail. Closes ticket
+      17892. Patch from "cypherpunks."
+    - Always test both ed25519 backends, so that we can be sure that our
+      batch-open replacement code works. Part of ticket 16794.
+    - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
+      portion of ticket 16831.
+    - More unit tests for compat_libevent.c, procmon.c, tortls.c,
+      util_format.c, directory.c, and options_validate.c. Closes tickets
+      17075, 17082, 17084, 17003, and 17076 respectively. Patches from
+      Ola Bini.
+    - Unit tests for directory_handle_command_get. Closes ticket 17004.
+      Patch from Reinaldo de Souza Jr.
+
+
+Changes in version 0.2.7.6 - 2015-12-10
+  Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
+  well as a minor bug in hidden service reliability.
+
+  o Major bugfixes (guard selection):
+    - Actually look at the Guard flag when selecting a new directory
+      guard. When we implemented the directory guard design, we
+      accidentally started treating all relays as if they have the Guard
+      flag during guard selection, leading to weaker anonymity and worse
+      performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
+      by Mohsen Imani.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - When checking for net/pfvar.h, include netinet/in.h if possible.
+      This fixes transparent proxy detection on OpenBSD. Fixes bug
+      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
+    - Fix a compilation warning with Clang 3.6: Do not check the
+      presence of an address which can never be NULL. Fixes bug 17781.
+
+  o Minor bugfixes (correctness):
+    - When displaying an IPv6 exit policy, include the mask bits
+      correctly even when the number is greater than 31. Fixes bug
+      16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
+    - The wrong list was used when looking up expired intro points in a
+      rend service object, causing what we think could be reachability
+      issues for hidden services, and triggering a BUG log. Fixes bug
+      16702; bugfix on 0.2.7.2-alpha.
+    - Fix undefined behavior in the tor_cert_checksig function. Fixes
+      bug 17722; bugfix on 0.2.7.2-alpha.
+
+
+Changes in version 0.2.7.5 - 2015-11-20
+  The Tor 0.2.7 release series is dedicated to the memory of Tor user
+  and privacy advocate Caspar Bowden (1961-2015). Caspar worked
+  tirelessly to advocate human rights regardless of national borders,
+  and oppose the encroachments of mass surveillance. He opposed national
+  exceptionalism, he brought clarity to legal and policy debates, he
+  understood and predicted the impact of mass surveillance on the world,
+  and he laid the groundwork for resisting it. While serving on the Tor
+  Project's board of directors, he brought us his uncompromising focus
+  on technical excellence in the service of humankind. Caspar was an
+  inimitable force for good and a wonderful friend. He was kind,
+  humorous, generous, gallant, and believed we should protect one
+  another without exception. We honor him here for his ideals, his
+  efforts, and his accomplishments. Please honor his memory with works
+  that would make him proud.
+
+  Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.
+
+  The 0.2.7 series adds a more secure identity key type for relays,
+  improves cryptography performance, resolves several longstanding
+  hidden-service performance issues, improves controller support for
+  hidden services, and includes small bugfixes and performance
+  improvements throughout the program. This release series also includes
+  more tests than before, and significant simplifications to which parts
+  of Tor invoke which others.
+
+  (This release contains no code changes since 0.2.7.4-rc.)
+
+
+Changes in version 0.2.7.4-rc - 2015-10-21
+  Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
+  fixes some important memory leaks, and a scary-looking (but mostly
+  harmless in practice) invalid-read bug. It also has a few small
+  bugfixes, notably fixes for compilation and portability on different
+  platforms. If no further significant bounds are found, the next
+  release will the the official stable release.
+
+  o Major bugfixes (security, correctness):
+    - Fix an error that could cause us to read 4 bytes before the
+      beginning of an openssl string. This bug could be used to cause
+      Tor to crash on systems with unusual malloc implementations, or
+      systems with unusual hardening installed. Fixes bug 17404; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (correctness):
+    - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
+      bug 17401; bugfix on 0.2.7.3-rc.
+
+  o Major bugfixes (memory leaks):
+    - Fix a memory leak in ed25519 batch signature checking. Fixes bug
+      17398; bugfix on 0.2.6.1-alpha.
+    - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
+      17402; bugfix on 0.2.7.3-rc.
+    - Fix a memory leak when reading an expired signing key from disk.
+      Fixes bug 17403; bugfix on 0.2.7.2-rc.
+
+  o Minor features (geoIP):
+    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - Repair compilation with the most recent (unreleased, alpha)
+      vesions of OpenSSL 1.1. Fixes part of ticket 17237.
+    - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
+      17251; bugfix on 0.2.7.2-alpha.
+    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+
+  o Minor bugfixes (portability):
+    - Use libexecinfo on FreeBSD to enable backtrace support. Fixes
+      part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
+      Marcin Cieślak.
+
+  o Minor bugfixes (sandbox):
+    - Add the "hidserv-stats" filename to our sandbox filter for the
+      HiddenServiceStatistics option to work properly. Fixes bug 17354;
+      bugfix on 0.2.6.2-alpha. Patch from David Goulet.
+
+  o Minor bugfixes (testing):
+    - Add unit tests for get_interface_address* failure cases. Fixes bug
+      17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
+    - Fix breakage when running 'make check' with BSD make. Fixes bug
+      17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
+    - Make the get_ifaddrs_* unit tests more tolerant of different
+      network configurations. (Don't assume every test box has an IPv4
+      address, and don't assume every test box has a non-localhost
+      address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
+    - Skip backtrace tests when backtrace support is not compiled in.
+      Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
+      Marcin Cieślak.
+
+  o Documentation:
+    - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
+    - Note that HiddenServicePorts can take a unix domain socket. Closes
+      ticket 17364.
+
+
+Changes in version 0.2.7.3-rc - 2015-09-25
+  Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
+  contains numerous usability fixes for Ed25519 keys, safeguards against
+  several misconfiguration problems, significant simplifications to
+  Tor's callgraph, and numerous bugfixes and small features.
+
+  This is the most tested release of Tor to date. The unit tests cover
+  39.40% of the code, and the integration tests (accessible with "make
+  test-full-online", requiring stem and chutney and a network
+  connection) raise the coverage to 64.49%.
+
+  o Major features (security, hidden services):
+    - Hidden services, if using the EntryNodes option, are required to
+      use more than one EntryNode, in order to avoid a guard discovery
+      attack. (This would only affect people who had configured hidden
+      services and manually specified the EntryNodes option with a
+      single entry-node. The impact was that it would be easy to
+      remotely identify the guard node used by such a hidden service.
+      See ticket for more information.) Fixes ticket 14917.
+
+  o Major features (Ed25519 keys, keypinning):
+    - The key-pinning option on directory authorities is now advisory-
+      only by default. In a future version, or when the AuthDirPinKeys
+      option is set, pins are enforced again. Disabling key-pinning
+      seemed like a good idea so that we can survive the fallout of any
+      usability problems associated with Ed25519 keys. Closes
+      ticket 17135.
+
+  o Major features (Ed25519 performance):
+    - Improve the speed of Ed25519 operations and Curve25519 keypair
+      generation when built targeting 32 bit x86 platforms with SSE2
+      available. Implements ticket 16535.
+    - Improve the runtime speed of Ed25519 signature verification by
+      using Ed25519-donna's batch verification support. Implements
+      ticket 16533.
+
+  o Major features (performance testing):
+    - The test-network.sh script now supports performance testing.
+      Requires corresponding chutney performance testing changes. Patch
+      by "teor". Closes ticket 14175.
+
+  o Major features (relay, Ed25519):
+    - Significant usability improvements for Ed25519 key management. Log
+      messages are better, and the code can recover from far more
+      failure conditions. Thanks to "s7r" for reporting and diagnosing
+      so many of these!
+    - Add a new OfflineMasterKey option to tell Tor never to try loading
+      or generating a secret Ed25519 identity key. You can use this in
+      combination with tor --keygen to manage offline and/or encrypted
+      Ed25519 keys. Implements ticket 16944.
+    - Add a --newpass option to allow changing or removing the
+      passphrase of an encrypted key with tor --keygen. Implements part
+      of ticket 16769.
+    - On receiving a HUP signal, check to see whether the Ed25519
+      signing key has changed, and reload it if so. Closes ticket 16790.
+
+  o Major bugfixes (relay, Ed25519):
+    - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
+      0.2.7.2-alpha. Reported by "s7r".
+    - Improve handling of expired signing keys with offline master keys.
+      Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
+
+  o Minor features (client-side privacy):
+    - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit
+      lifespan when IsolateSOCKSAuth and streams with SOCKS
+      authentication are attached to the circuit. This allows
+      applications like TorBrowser to manage circuit lifetime on their
+      own. Implements feature 15482.
+    - When logging malformed hostnames from SOCKS5 requests, respect
+      SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
+
+  o Minor features (compilation):
+    - Give a warning as early as possible when trying to build with an
+      unsupported OpenSSL version. Closes ticket 16901.
+    - Fail during configure if we're trying to build against an OpenSSL
+      built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha
+      which started requiring ECC.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden services):
+    - Relays need to have the Fast flag to get the HSDir flag. As this
+      is being written, we'll go from 2745 HSDirs down to 2342, a ~14%
+      drop. This change should make some attacks against the hidden
+      service directory system harder. Fixes ticket 15963.
+    - Turn on hidden service statistics collection by setting the torrc
+      option HiddenServiceStatistics to "1" by default. (This keeps
+      track only of the fraction of traffic used by hidden services, and
+      the total number of hidden services in existence.) Closes
+      ticket 15254.
+    - Client now uses an introduction point failure cache to know when
+      to fetch or keep a descriptor in their cache. Previously, failures
+      were recorded implicitly, but not explicitly remembered. Closes
+      ticket 16389.
+
+  o Minor features (testing, authorities, documentation):
+    - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
+      explicitly manage consensus flags in testing networks. Patch by
+      "robgjansen", modified by "teor". Implements part of ticket 14882.
+
+  o Minor bugfixes (security, exit policies):
+    - ExitPolicyRejectPrivate now also rejects the relay's published
+      IPv6 address (if any), and any publicly routable IPv4 or IPv6
+      addresses on any local interfaces. ticket 17027. Patch by "teor".
+      Fixes bug 17027; bugfix on 0.2.0.11-alpha.
+
+  o Minor bug fixes (torrc exit policies):
+    - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only
+      produce IPv6 wildcard addresses. Previously they would produce
+      both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
+      of bug 16069; bugfix on 0.2.4.7-alpha.
+    - When parsing torrc ExitPolicies, we now warn for a number of cases
+      where the user's intent is likely to differ from Tor's actual
+      behavior. These include: using an IPv4 address with an accept6 or
+      reject6 line; using "private" on an accept6 or reject6 line; and
+      including any ExitPolicy lines after accept *:* or reject *:*.
+      Related to ticket 16069.
+    - When parsing torrc ExitPolicies, we now issue an info-level
+      message when expanding an "accept/reject *" line to include both
+      IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
+    - In each instance above, usage advice is provided to avoid the
+      message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
+      16069; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (authority):
+    - Don't assign "HSDir" to a router if it isn't Valid and Running.
+      Fixes bug 16524; bugfix on 0.2.7.2-alpha.
+    - Downgrade log messages about Ed25519 key issues if they are in old
+      cached router descriptors. Fixes part of bug 16286; bugfix
+      on 0.2.7.2-alpha.
+    - When we find an Ed25519 key issue in a cached descriptor, stop
+      saying the descriptor was just "uploaded". Fixes another part of
+      bug 16286; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (control port):
+    - Repair a warning and a spurious result when getting the maximum
+      number of file descriptors from the controller. Fixes bug 16697;
+      bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (correctness):
+    - When calling channel_free_list(), avoid calling smartlist_remove()
+      while inside a FOREACH loop. This partially reverts commit
+      17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
+      incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (documentation):
+    - Advise users on how to configure separate IPv4 and IPv6 exit
+      policies in the manpage and sample torrcs. Related to ticket 16069.
+    - Fix the usage message of tor-resolve(1) so that it no longer lists
+      the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
+    - Fix an error in the manual page and comments for
+      TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
+      required "ORPort connectivity". While this is true, it is in no
+      way unique to the HSDir flag. Of all the flags, only HSDirs need a
+      DirPort configured in order for the authorities to assign that
+      particular flag. Patch by "teor". Fixed as part of 14882; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (Ed25519):
+    - Fix a memory leak when reading router descriptors with expired
+      Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow bridge authorities to run correctly under the seccomp2
+      sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
+    - Allow routers with ed25519 keys to run correctly under the
+      seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (open file limit):
+    - Fix set_max_file_descriptors() to set by default the max open file
+      limit to the current limit when setrlimit() fails. Fixes bug
+      16274; bugfix on 0.2.0.10-alpha. Patch by dgoulet.
+
+  o Minor bugfixes (portability):
+    - Try harder to normalize the exit status of the Tor process to the
+      standard-provided range. Fixes bug 16975; bugfix on every version
+      of Tor ever.
+    - Check correctly for Windows socket errors in the workqueue
+      backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
+    - Fix the behavior of crypto_rand_time_range() when told to consider
+      times before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
+    - Restore correct operation of TLS client-cipher detection on
+      OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (relay):
+    - Ensure that worker threads actually exit when a fatal error or
+      shutdown is indicated. This fix doesn't currently affect the
+      behavior of Tor, because Tor workers never indicates fatal error
+      or shutdown except in the unit tests. Fixes bug 16868; bugfix
+      on 0.2.6.3-alpha.
+    - Unblock threads before releasing the work queue mutex to ensure
+      predictable scheduling behavior. Fixes bug 16644; bugfix
+      on 0.2.6.3-alpha.
+
+  o Code simplification and refactoring:
+    - Change the function that's called when we need to retry all
+      downloads so that it only reschedules the downloads to happen
+      immediately, rather than launching them all at once itself. This
+      further simplifies Tor's callgraph.
+    - Move some format-parsing functions out of crypto.c and
+      crypto_curve25519.c into crypto_format.c and/or util_format.c.
+    - Move the client-only parts of init_keys() into a separate
+      function. Closes ticket 16763.
+    - Simplify the microdesc_free() implementation so that it no longer
+      appears (to code analysis tools) to potentially invoke a huge
+      suite of other microdesc functions.
+    - Simply the control graph further by deferring the inner body of
+      directory_all_unreachable() into a callback. Closes ticket 16762.
+    - Treat the loss of an owning controller as equivalent to a SIGTERM
+      signal. This removes a tiny amount of duplicated code, and
+      simplifies our callgraph. Closes ticket 16788.
+    - When generating an event to send to the controller, we no longer
+      put the event over the network immediately. Instead, we queue
+      these events, and use a Libevent callback to deliver them. This
+      change simplifies Tor's callgraph by reducing the number of
+      functions from which all other Tor functions are reachable. Closes
+      ticket 16695.
+    - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
+      that try to scan or compile every file on Unix won't decide that
+      they are broken.
+    - Remove the unused "nulterminate" argument from buf_pullup().
+
+  o Documentation:
+    - Recommend a 40 GB example AccountingMax in torrc.sample rather
+      than a 4 GB max. Closes ticket 16742.
+    - Include the TUNING document in our source tarball. It is referred
+      to in the ChangeLog and an error message. Fixes bug 16929; bugfix
+      on 0.2.6.1-alpha.
+
+  o Removed code:
+    - The internal pure-C tor-fw-helper tool is now removed from the Tor
+      distribution, in favor of the pure-Go clone available from
+      https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries
+      used by the C tor-fw-helper are not, in our opinion, very
+      confidence- inspiring in their secure-programming techniques.
+      Closes ticket 13338.
+    - Remove the code that would try to aggressively flush controller
+      connections while writing to them. This code was introduced in
+      0.1.2.7-alpha, in order to keep output buffers from exceeding
+      their limits. But there is no longer a maximum output buffer size,
+      and flushing data in this way caused some undesirable recursions
+      in our call graph. Closes ticket 16480.
+
+  o Testing:
+    - Make "bridges+hs" the default test network. This tests almost all
+      tor functionality during make test-network, while allowing tests
+      to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
+      test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
+      (chutney). Patches by "teor".
+    - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
+      by-side in the same parent directory. Closes ticket 16903. Patch
+      by "teor".
+    - Use environment variables rather than autoconf substitutions to
+      send variables from the build system to the test scripts. This
+      change should be easier to maintain, and cause 'make distcheck' to
+      work better than before. Fixes bug 17148.
+    - Add a new set of callgraph analysis scripts that use clang to
+      produce a list of which Tor functions are reachable from which
+      other Tor functions. We're planning to use these to help simplify
+      our code structure by identifying illogical dependencies.
+    - Add new 'test-full' and 'test-full-online' targets to run all
+      tests, including integration tests with stem and chutney.
+    - Make the test-workqueue test work on Windows by initializing the
+      network before we begin.
+    - New make target (make test-network-all) to run multiple applicable
+      chutney test cases. Patch from Teor; closes 16953.
+    - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl()
+      functions in dns.c. Implements a portion of ticket 16831.
+    - When building Tor with testing coverage enabled, run Chutney tests
+      (if any) using the 'tor-cov' coverage binary.
+    - When running test-network or test-stem, check for the absence of
+      stem/chutney before doing any build operations.
+
+
+Changes in version 0.2.7.2-alpha - 2015-07-27
+  This, the second alpha in the Tor 0.2.7 series, has a number of new
+  features, including a way to manually pick the number of introduction
+  points for hidden services, and the much stronger Ed25519 signing key
+  algorithm for regular Tor relays (including support for encrypted
+  offline identity keys in the new algorithm).
+
+  Support for Ed25519 on relays is currently limited to signing router
+  descriptors; later alphas in this series will extend Ed25519 key
+  support to more parts of the Tor protocol.
+
+  o Major features (Ed25519 identity keys, Proposal 220):
+    - All relays now maintain a stronger identity key, using the Ed25519
+      elliptic curve signature format. This master key is designed so
+      that it can be kept offline. Relays also generate an online
+      signing key, and a set of other Ed25519 keys and certificates.
+      These are all automatically regenerated and rotated as needed.
+      Implements part of ticket 12498.
+    - Directory authorities now vote on Ed25519 identity keys along with
+      RSA1024 keys. Implements part of ticket 12498.
+    - Directory authorities track which Ed25519 identity keys have been
+      used with which RSA1024 identity keys, and do not allow them to
+      vary freely. Implements part of ticket 12498.
+    - Microdescriptors now include Ed25519 identity keys. Implements
+      part of ticket 12498.
+    - Add support for offline encrypted Ed25519 master keys. To use this
+      feature on your tor relay, run "tor --keygen" to make a new master
+      key (or to make a new signing key if you already have a master
+      key). Closes ticket 13642.
+
+  o Major features (Hidden services):
+    - Add the torrc option HiddenServiceNumIntroductionPoints, to
+      specify a fixed number of introduction points. Its maximum value
+      is 10 and default is 3. Using this option can increase a hidden
+      service's reliability under load, at the cost of making it more
+      visible that the hidden service is facing extra load. Closes
+      ticket 4862.
+    - Remove the adaptive algorithm for choosing the number of
+      introduction points, which used to change the number of
+      introduction points (poorly) depending on the number of
+      connections the HS sees. Closes ticket 4862.
+
+  o Major features (onion key cross-certification):
+    - Relay descriptors now include signatures of their own identity
+      keys, made using the TAP and ntor onion keys. These signatures
+      allow relays to prove ownership of their own onion keys. Because
+      of this change, microdescriptors will no longer need to include
+      RSA identity keys. Implements proposal 228; closes ticket 12499.
+
+  o Major features (performance):
+    - Improve the runtime speed of Ed25519 operations by using the
+      public-domain Ed25519-donna by Andrew M. ("floodyberry").
+      Implements ticket 16467.
+    - Improve the runtime speed of the ntor handshake by using an
+      optimized curve25519 basepoint scalarmult implementation from the
+      public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
+      ideas by Adam Langley. Implements ticket 9663.
+
+  o Major bugfixes (client-side privacy, also in 0.2.6.9):
+    - Properly separate out each SOCKSPort when applying stream
+      isolation. The error occurred because each port's session group
+      was being overwritten by a default value when the listener
+      connection was initialized. Fixes bug 16247; bugfix on
+      0.2.6.3-alpha. Patch by "jojelino".
+
+  o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
+    - Stop refusing to store updated hidden service descriptors on a
+      client. This reverts commit 9407040c59218 (which indeed fixed bug
+      14219, but introduced a major hidden service reachability
+      regression detailed in bug 16381). This is a temporary fix since
+      we can live with the minor issue in bug 14219 (it just results in
+      some load on the network) but the regression of 16381 is too much
+      of a setback. First-round fix for bug 16381; bugfix
+      on 0.2.6.3-alpha.
+
+  o Major bugfixes (hidden services):
+    - When cannibalizing a circuit for an introduction point, always
+      extend to the chosen exit node (creating a 4 hop circuit).
+      Previously Tor would use the current circuit exit node, which
+      changed the original choice of introduction point, and could cause
+      the hidden service to skip excluded introduction points or
+      reconnect to a skipped introduction point. Fixes bug 16260; bugfix
+      on 0.1.0.1-rc.
+
+  o Major bugfixes (open file limit):
+    - The open file limit wasn't checked before calling
+      tor_accept_socket_nonblocking(), which would make Tor exceed the
+      limit. Now, before opening a new socket, Tor validates the open
+      file limit just before, and if the max has been reached, return an
+      error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
+
+  o Major bugfixes (stability, also in 0.2.6.10):
+    - Stop crashing with an assertion failure when parsing certain kinds
+      of malformed or truncated microdescriptors. Fixes bug 16400;
+      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+      by "cypherpunks_backup".
+    - Stop random client-side assertion failures that could occur when
+      connecting to a busy hidden service, or connecting to a hidden
+      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor features (directory authorities, security, also in 0.2.6.9):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable to
+      require at the very least 7 days, while maintaining the 96 hours
+      uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor features (client):
+    - Relax the validation of hostnames in SOCKS5 requests, allowing the
+      character '_' to appear, in order to cope with domains observed in
+      the wild that are serving non-RFC compliant records. Resolves
+      ticket 16430.
+    - Relax the validation done to hostnames in SOCKS5 requests, and
+      allow a single trailing '.' to cope with clients that pass FQDNs
+      using that syntax to explicitly indicate that the domain name is
+      fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
+    - Add GroupWritable and WorldWritable options to unix-socket based
+      SocksPort and ControlPort options. These options apply to a single
+      socket, and override {Control,Socks}SocketsGroupWritable. Closes
+      ticket 15220.
+
+  o Minor features (control protocol):
+    - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
+      the control protocol. Resolves ticket 15358.
+
+  o Minor features (directory authorities):
+    - Directory authorities no longer vote against the "Fast", "Stable",
+      and "HSDir" flags just because they were going to vote against
+      "Running": if the consensus turns out to be that the router was
+      running, then the authority's vote should count. Patch from Peter
+      Retzlaff; closes issue 8712.
+
+  o Minor features (geoip, also in 0.2.6.10):
+    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
+
+  o Minor features (hidden services):
+    - Add the new options "HiddenServiceMaxStreams" and
+      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
+      limit the maximum number of simultaneous streams per circuit, and
+      optionally tear down the circuit when the limit is exceeded. Part
+      of ticket 16052.
+
+  o Minor features (portability):
+    - Use C99 variadic macros when the compiler is not GCC. This avoids
+      failing compilations on MSVC, and fixes a log-file-based race
+      condition in our old workarounds. Original patch from Gisle Vanem.
+
+  o Minor bugfixes (compilation, also in 0.2.6.9):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (controller):
+    - Add the descriptor ID in each HS_DESC control event. It was
+      missing, but specified in control-spec.txt. Fixes bug 15881;
+      bugfix on 0.2.5.2-alpha.
+
+  o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (hidden services):
+    - Fix a crash when reloading configuration while at least one
+      configured and one ephemeral hidden service exists. Fixes bug
+      16060; bugfix on 0.2.7.1-alpha.
+    - Avoid crashing with a double-free bug when we create an ephemeral
+      hidden service but adding it fails for some reason. Fixes bug
+      16228; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
+      defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
+    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+      these when eventfd2() support is missing. Fixes bug 16363; bugfix
+      on 0.2.6.3-alpha. Patch from "teor".
+
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
+    - Fix sandboxing to work when running as a relay, by allowing the
+      renaming of secret_id_key, and allowing the eventfd2 and futex
+      syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
+      Peter Palfrader.
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (relay):
+    - Fix a rarely-encountered memory leak when failing to initialize
+      the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch
+      from "cypherpunks".
+
+  o Minor bugfixes (systemd):
+    - Fix an accidental formatting error that broke the systemd
+      configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
+    - Tor's systemd unit file no longer contains extraneous spaces.
+      These spaces would sometimes confuse tools like deb-systemd-
+      helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
+
+  o Minor bugfixes (tests):
+    - Use the configured Python executable when running test-stem-full.
+      Fixes bug 16470; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (tests, also in 0.2.6.9):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+  o Minor bugfixes (threads, comments):
+    - Always initialize return value in compute_desc_id in rendcommon.c
+      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+    - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
+      Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+    - Remove undefined directive-in-macro in test_util_writepid clang
+      3.7 complains that using a preprocessor directive inside a macro
+      invocation in test_util_writepid in test_util.c is undefined.
+      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+
+  o Code simplification and refactoring:
+    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
+      to ensure they remain consistent and visible everywhere.
+    - Remove some vestigial workarounds for the MSVC6 compiler. We
+      haven't supported that in ages.
+    - The link authentication code has been refactored for better
+      testability and reliability. It now uses code generated with the
+      "trunnel" binary encoding generator, to reduce the risk of bugs
+      due to programmer error. Done as part of ticket 12498.
+
+  o Documentation:
+    - Include a specific and (hopefully) accurate documentation of the
+      torrc file's meta-format in doc/torrc_format.txt. This is mainly
+      of interest to people writing programs to parse or generate torrc
+      files. This document is not a commitment to long-term
+      compatibility; some aspects of the current format are a bit
+      ridiculous. Closes ticket 2325.
+
+  o Removed features:
+    - Tor no longer supports copies of OpenSSL that are missing support
+      for Elliptic Curve Cryptography. (We began using ECC when
+      available in 0.2.4.8-alpha, for more safe and efficient key
+      negotiation.) In particular, support for at least one of P256 or
+      P224 is now required, with manual configuration needed if only
+      P224 is available. Resolves ticket 16140.
+    - Tor no longer supports versions of OpenSSL before 1.0. (If you are
+      on an operating system that has not upgraded to OpenSSL 1.0 or
+      later, and you compile Tor from source, you will need to install a
+      more recent OpenSSL to link Tor against.) These versions of
+      OpenSSL are still supported by the OpenSSL, but the numerous
+      cryptographic improvements in later OpenSSL releases makes them a
+      clear choice. Resolves ticket 16034.
+    - Remove the HidServDirectoryV2 option. Now all relays offer to
+      store hidden service descriptors. Related to 16543.
+    - Remove the VoteOnHidServDirectoriesV2 option, since all
+      authorities have long set it to 1. Closes ticket 16543.
+
+  o Testing:
+    - Document use of coverity, clang static analyzer, and clang dynamic
+      undefined behavior and address sanitizers in doc/HACKING. Include
+      detailed usage instructions in the blacklist. Patch by "teor".
+      Closes ticket 15817.
+    - The link authentication protocol code now has extensive tests.
+    - The relay descriptor signature testing code now has
+      extensive tests.
+    - The test_workqueue program now runs faster, and is enabled by
+      default as a part of "make check".
+    - Now that OpenSSL has its own scrypt implementation, add an unit
+      test that checks for interoperability between libscrypt_scrypt()
+      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
+      and rely on EVP_PBE_scrypt() whenever possible. Resolves
+      ticket 16189.
+
+
+Changes in version 0.2.6.10 - 2015-07-12
+  Tor version 0.2.6.10 fixes some significant stability and hidden
+  service client bugs, bulletproofs the cryptography init process, and
+  fixes a bug when using the sandbox code with some older versions of
+  Linux. Everyone running an older version, especially an older version
+  of 0.2.6, should upgrade.
+
+  o Major bugfixes (hidden service clients, stability):
+    - Stop refusing to store updated hidden service descriptors on a
+      client. This reverts commit 9407040c59218 (which indeed fixed bug
+      14219, but introduced a major hidden service reachability
+      regression detailed in bug 16381). This is a temporary fix since
+      we can live with the minor issue in bug 14219 (it just results in
+      some load on the network) but the regression of 16381 is too much
+      of a setback. First-round fix for bug 16381; bugfix
+      on 0.2.6.3-alpha.
+
+  o Major bugfixes (stability):
+    - Stop crashing with an assertion failure when parsing certain kinds
+      of malformed or truncated microdescriptors. Fixes bug 16400;
+      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+      by "cypherpunks_backup".
+    - Stop random client-side assertion failures that could occur when
+      connecting to a busy hidden service, or connecting to a hidden
+      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor features (geoip):
+    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
+
+  o Minor bugfixes (crypto error-handling):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+      these when eventfd2() support is missing. Fixes bug 16363; bugfix
+      on 0.2.6.3-alpha. Patch from "teor".
+
+
+Changes in version 0.2.6.9 - 2015-06-11
+  Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
+  requirements for receiving an HSDir flag, and addresses some other small
+  bugs in the systemd and sandbox code. Clients using circuit isolation
+  should upgrade; all directory authorities should upgrade.
+
+  o Major bugfixes (client-side privacy):
+    - Properly separate out each SOCKSPort when applying stream
+      isolation. The error occurred because each port's session group was
+      being overwritten by a default value when the listener connection
+      was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
+      by "jojelino".
+
+  o Minor feature (directory authorities, security):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable which
+      takes at the very least 7 days to do so and by keeping the 96
+      hours uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor bugfixes (compilation):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Fix sandboxing to work when running as a relaymby renaming of
+      secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
+      bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (tests):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+
+Changes in version 0.2.6.8 - 2015-05-21
+  Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
+  fixes an authority-side bug in assigning the HSDir flag. All directory
+  authorities should upgrade.
+
+  o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
+    - Revert commit that made directory authorities assign the HSDir
+      flag to relay without a DirPort; this was bad because such relays
+      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.7.1-alpha - 2015-05-12
+  Tor 0.2.7.1-alpha is the first alpha release in its series. It
+  includes numerous small features and bugfixes against previous Tor
+  versions, and numerous small infrastructure improvements. The most
+  notable features are several new ways for controllers to interact with
+  the hidden services subsystem.
+
+  o New system requirements:
+    - Tor no longer includes workarounds to support Libevent versions
+      before 1.3e. Libevent 2.0 or later is recommended. Closes
+      ticket 15248.
+
+  o Major features (controller):
+    - Add the ADD_ONION and DEL_ONION commands that allow the creation
+      and management of hidden services via the controller. Closes
+      ticket 6411.
+    - New "GETINFO onions/current" and "GETINFO onions/detached"
+      commands to get information about hidden services created via the
+      controller. Part of ticket 6411.
+    - New HSFETCH command to launch a request for a hidden service
+      descriptor. Closes ticket 14847.
+    - New HSPOST command to upload a hidden service descriptor. Closes
+      ticket 3523. Patch by "DonnchaC".
+
+  o Major bugfixes (hidden services):
+    - Revert commit that made directory authorities assign the HSDir
+      flag to relay without a DirPort; this was bad because such relays
+      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor features (clock-jump tolerance):
+    - Recover better when our clock jumps back many hours, like might
+      happen for Tails or Whonix users who start with a very wrong
+      hardware clock, use Tor to discover a more accurate time, and then
+      fix their clock. Resolves part of ticket 8766.
+
+  o Minor features (command-line interface):
+    - Make --hash-password imply --hush to prevent unnecessary noise.
+      Closes ticket 15542. Patch from "cypherpunks".
+    - Print a warning whenever we find a relative file path being used
+      as torrc option. Resolves issue 14018.
+
+  o Minor features (controller):
+    - Add DirAuthority lines for default directory authorities to the
+      output of the "GETINFO config/defaults" command if not already
+      present. Implements ticket 14840.
+    - Controllers can now use "GETINFO hs/client/desc/id/..." to
+      retrieve items from the client's hidden service descriptor cache.
+      Closes ticket 14845.
+    - Implement a new controller command "GETINFO status/fresh-relay-
+      descs" to fetch a descriptor/extrainfo pair that was generated on
+      demand just for the controller's use. Implements ticket 14784.
+
+  o Minor features (DoS-resistance):
+    - Make it harder for attackers to overload hidden services with
+      introductions, by blocking multiple introduction requests on the
+      same circuit. Resolves ticket 15515.
+
+  o Minor features (geoip):
+    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (HS popularity countermeasure):
+    - To avoid leaking HS popularity, don't cycle the introduction point
+      when we've handled a fixed number of INTRODUCE2 cells but instead
+      cycle it when a random number of introductions is reached, thus
+      making it more difficult for an attacker to find out the amount of
+      clients that have used the introduction point for a specific HS.
+      Closes ticket 15745.
+
+  o Minor features (logging):
+    - Include the Tor version in all LD_BUG log messages, since people
+      tend to cut and paste those into the bugtracker. Implements
+      ticket 15026.
+
+  o Minor features (pluggable transports):
+    - When launching managed pluggable transports on Linux systems,
+      attempt to have the kernel deliver a SIGTERM on tor exit if the
+      pluggable transport process is still running. Resolves
+      ticket 15471.
+    - When launching managed pluggable transports, setup a valid open
+      stdin in the child process that can be used to detect if tor has
+      terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" environment variable
+      can be used by implementations to detect this new behavior.
+      Resolves ticket 15435.
+
+  o Minor features (testing):
+    - Add a test to verify that the compiler does not eliminate our
+      memwipe() implementation. Closes ticket 15377.
+    - Add make rule `check-changes` to verify the format of changes
+      files. Closes ticket 15180.
+    - Add unit tests for control_event_is_interesting(). Add a compile-
+      time check that the number of events doesn't exceed the capacity
+      of control_event_t.event_mask. Closes ticket 15431, checks for
+      bugs similar to 13085. Patch by "teor".
+    - Command-line argument tests moved to Stem. Resolves ticket 14806.
+    - Integrate the ntor, backtrace, and zero-length keys tests into the
+      automake test suite. Closes ticket 15344.
+    - Remove assertions during builds to determine Tor's test coverage.
+      We don't want to trigger these even in assertions, so including
+      them artificially makes our branch coverage look worse than it is.
+      This patch provides the new test-stem-full and coverage-html-full
+      configure options. Implements ticket 15400.
+
+  o Minor bugfixes (build):
+    - Improve out-of-tree builds by making non-standard rules work and
+      clean up additional files and directories. Fixes bug 15053; bugfix
+      on 0.2.7.0-alpha.
+
+  o Minor bugfixes (command-line interface):
+    - When "--quiet" is provided along with "--validate-config", do not
+      write anything to stdout on success. Fixes bug 14994; bugfix
+      on 0.2.3.3-alpha.
+    - When complaining about bad arguments to "--dump-config", use
+      stderr, not stdout.
+
+  o Minor bugfixes (configuration, unit tests):
+    - Only add the default fallback directories when the DirAuthorities,
+      AlternateDirAuthority, and FallbackDir directory config options
+      are set to their defaults. The default fallback directory list is
+      currently empty, this fix will only change tor's behavior when it
+      has default fallback directories. Includes unit tests for
+      consider_adding_dir_servers(). Fixes bug 15642; bugfix on
+      90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
+
+  o Minor bugfixes (correctness):
+    - For correctness, avoid modifying a constant string in
+      handle_control_postdescriptor. Fixes bug 15546; bugfix
+      on 0.1.1.16-rc.
+    - Remove side-effects from tor_assert() calls. This was harmless,
+      because we never disable assertions, but it is bad style and
+      unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
+      and 0.2.0.10.
+
+  o Minor bugfixes (hidden service):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+    - Remove an extraneous newline character from the end of hidden
+      service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
+
+  o Minor bugfixes (interface):
+    - Print usage information for --dump-config when it is used without
+      an argument. Also, fix the error message to use different wording
+      and add newline at the end. Fixes bug 15541; bugfix
+      on 0.2.5.1-alpha.
+
+  o Minor bugfixes (logs):
+    - When building Tor under Clang, do not include an extra set of
+      parentheses in log messages that include function names. Fixes bug
+      15269; bugfix on every released version of Tor when compiled with
+      recent enough Clang.
+
+  o Minor bugfixes (network):
+    - When attempting to use fallback technique for network interface
+      lookup, disregard loopback and multicast addresses since they are
+      unsuitable for public communications.
+
+  o Minor bugfixes (statistics):
+    - Disregard the ConnDirectionStatistics torrc options when Tor is
+      not a relay since in that mode of operation no sensible data is
+      being collected and because Tor might run into measurement hiccups
+      when running as a client for some time, then becoming a relay.
+      Fixes bug 15604; bugfix on 0.2.2.35.
+
+  o Minor bugfixes (test networks):
+    - When self-testing reachability, use ExtendAllowPrivateAddresses to
+      determine if local/private addresses imply reachability. The
+      previous fix used TestingTorNetwork, which implies
+      ExtendAllowPrivateAddresses, but this excluded rare configurations
+      where ExtendAllowPrivateAddresses is set but TestingTorNetwork is
+      not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor",
+      issue discovered by CJ Ess.
+
+  o Minor bugfixes (testing):
+    - Check for matching value in server response in ntor_ref.py. Fixes
+      bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
+      by "joelanders".
+    - Set the severity correctly when testing
+      get_interface_addresses_ifaddrs() and
+      get_interface_addresses_win32(), so that the tests fail gracefully
+      instead of triggering an assertion. Fixes bug 15759; bugfix on
+      0.2.6.3-alpha. Reported by Nicolas Derive.
+
+  o Code simplification and refactoring:
+    - Move the hacky fallback code out of get_interface_address6() into
+      separate function and get it covered with unit-tests. Resolves
+      ticket 14710.
+    - Refactor hidden service client-side cache lookup to intelligently
+      report its various failure cases, and disentangle failure cases
+      involving a lack of introduction points. Closes ticket 14391.
+    - Use our own Base64 encoder instead of OpenSSL's, to allow more
+      control over the output. Part of ticket 15652.
+
+  o Documentation:
+    - Improve the descriptions of statistics-related torrc options in
+      the manpage to describe rationale and possible uses cases. Fixes
+      issue 15550.
+    - Improve the layout and formatting of ./configure --help messages.
+      Closes ticket 15024. Patch from "cypherpunks".
+    - Standardize on the term "server descriptor" in the manual page.
+      Previously, we had used "router descriptor", "server descriptor",
+      and "relay descriptor" interchangeably. Part of ticket 14987.
+
+  o Removed code:
+    - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
+      and always use the internal Base64 decoder. The internal decoder
+      has been part of tor since 0.2.0.10-alpha, and no one should
+      be using the OpenSSL one. Part of ticket 15652.
+    - Remove the 'tor_strclear()' function; use memwipe() instead.
+      Closes ticket 14922.
+
+  o Removed features:
+    - Remove the (seldom-used) DynamicDHGroups feature. For anti-
+      fingerprinting we now recommend pluggable transports; for forward-
+      secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
+    - Remove the undocumented "--digests" command-line option. It
+      complicated our build process, caused subtle build issues on
+      multiple platforms, and is now redundant since we started
+      including git version identifiers. Closes ticket 14742.
+    - Tor no longer contains checks for ancient directory cache versions
+      that didn't know about microdescriptors.
+    - Tor no longer contains workarounds for stat files generated by
+      super-old versions of Tor that didn't choose guards sensibly.
+
+
+Changes in version 0.2.4.27 - 2015-04-06
+  Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.5.12 - 2015-04-06
+  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.6.7 - 2015-04-06
+  Tor 0.2.6.7 fixes two security issues that could be used by an
+  attacker to crash hidden services, or crash clients visiting hidden
+  services. Hidden services should upgrade as soon as possible; clients
+  should upgrade whenever packages become available.
+
+  This release also contains two simple improvements to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+    - Decrease the amount of reattempts that a hidden service performs
+      when its rendezvous circuits fail. This reduces the computational
+      cost for running a hidden service under heavy load. Resolves
+      ticket 11447.
+
+
+Changes in version 0.2.6.6 - 2015-03-24
+  Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
+
+  It adds numerous safety, security, correctness, and performance
+  improvements. Client programs can be configured to use more kinds of
+  sockets, AutomapHosts works better, the multithreading backend is
+  improved, cell transmission is refactored, test coverage is much
+  higher, more denial-of-service attacks are handled, guard selection is
+  improved to handle long-term guards better, pluggable transports
+  should work a bit better, and some annoying hidden service performance
+  bugs should be addressed.
+
+  o Minor bugfixes (portability):
+    - Use the correct datatype in the SipHash-2-4 function to prevent
+      compilers from assuming any sort of alignment. Fixes bug 15436;
+      bugfix on 0.2.5.3-alpha.
+
+Changes in version 0.2.6.5-rc - 2015-03-18
+  Tor 0.2.6.5-rc is the second and (hopefully) last release candidate in
+  the 0.2.6. It fixes a small number of bugs found in 0.2.6.4-rc.
+
+  o Major bugfixes (client):
+    - Avoid crashing when making certain configuration option changes on
+      clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
+      by "anonym".
+
+  o Major bugfixes (pluggable transports):
+    - Initialize the extended OR Port authentication cookie before
+      launching pluggable transports. This prevents a race condition
+      that occured when server-side pluggable transports would cache the
+      authentication cookie before it has been (re)generated. Fixes bug
+      15240; bugfix on 0.2.5.1-alpha.
+
+  o Major bugfixes (portability):
+    - Do not crash on startup when running on Solaris. Fixes a bug
+      related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
+      by "ruebezahl".
+
+  o Minor features (heartbeat):
+    - On relays, report how many connections we negotiated using each
+      version of the Tor link protocols. This information will let us
+      know if removing support for very old versions of the Tor
+      protocols is harming the network. Closes ticket 15212.
+
+  o Code simplification and refactoring:
+    - Refactor main loop to extract the 'loop' part. This makes it
+      easier to run Tor under Shadow. Closes ticket 15176.
+
+
+Changes in version 0.2.5.11 - 2015-03-17
+  Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+  It backports several bugfixes from the 0.2.6 branch, including a
+  couple of medium-level security fixes for relays and exit nodes.
+  It also updates the list of directory authorities.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (compilation):
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+  Tor 0.2.4.26 includes an updated list of directory authorities.  It
+  also backports a couple of stability and security bugfixes from 0.2.5
+  and beyond.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+Changes in version 0.2.6.4-rc - 2015-03-09
+  Tor 0.2.6.4-alpha fixes an issue in the directory code that an
+  attacker might be able to use in order to crash certain Tor
+  directories. It also resolves some minor issues left over from, or
+  introduced in, Tor 0.2.6.3-alpha or earlier.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout is passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from "cypherpunks".
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (FreeBSD IPFW transparent proxy):
+    - Fix address detection with FreeBSD transparent proxies, when
+      "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
+      on 0.2.5.4-alpha.
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux
+      seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix
+      on 0.2.6.3-alpha.
+    - Allow AF_UNIX hidden services to be used with the seccomp2
+      sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - Messages about problems in the bootstrap process now include
+      information about the server we were trying to connect to when we
+      noticed the problem. Closes ticket 15006.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (logs):
+    - Quiet some log messages in the heartbeat and at startup. Closes
+      ticket 14950.
+
+  o Minor bugfixes (certificate handling):
+    - If an authority operator accidentally makes a signing certificate
+      with a future publication time, do not discard its real signing
+      certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
+    - Remove any old authority certificates that have been superseded
+      for at least two days. Previously, we would keep superseded
+      certificates until they expired, if they were published close in
+      time to the certificate that superseded them. Fixes bug 11454;
+      bugfix on 0.2.1.8-alpha.
+
+  o Minor bugfixes (compilation):
+    - Fix a compilation warning on s390. Fixes bug 14988; bugfix
+      on 0.2.5.2-alpha.
+    - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix
+      on 0.2.6.2-alpha.
+
+  o Minor bugfixes (testing):
+    - Fix endianness issues in unit test for resolve_my_address() to
+      have it pass on big endian systems. Fixes bug 14980; bugfix on
+      Tor 0.2.6.3-alpha.
+    - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
+      15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
+    - When running the new 'make test-stem' target, use the configured
+      python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
+      from "cypherpunks".
+    - When running the zero-length-keys tests, do not use the default
+      torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
+      by "reezer".
+
+  o Directory authority IP change:
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Removed code:
+    - Remove some lingering dead code that once supported mempools.
+      Mempools were disabled by default in 0.2.5, and removed entirely
+      in 0.2.6.3-alpha. Closes more of ticket 14848; patch
+      by "cypherpunks".
+
+
+Changes in version 0.2.6.3-alpha - 2015-02-19
+  Tor 0.2.6.3-alpha is the third (and hopefully final) alpha release in
+  the 0.2.6.x series. It introduces support for more kinds of sockets,
+  makes it harder to accidentally run an exit, improves our
+  multithreading backend, incorporates several fixes for the
+  AutomapHostsOnResolve option, and fixes numerous other bugs besides.
+
+  If no major regressions or security holes are found in this version,
+  the next version will be a release candidate.
+
+  o Deprecated versions:
+    - Tor relays older than 0.2.4.18-rc are no longer allowed to
+      advertise themselves on the network. Closes ticket 13555.
+
+  o Major features (security, unix domain sockets):
+    - Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk
+      applications can reach Tor without having to create AF_INET or
+      AF_INET6 sockets, meaning they can completely disable their
+      ability to make non-Tor network connections. To create a socket of
+      this type, use "SocksPort unix:/path/to/socket". Implements
+      ticket 12585.
+    - Support mapping hidden service virtual ports to AF_UNIX sockets.
+      The syntax is "HiddenServicePort 80 unix:/path/to/socket".
+      Implements ticket 11485.
+
+  o Major features (changed defaults):
+    - Prevent relay operators from unintentionally running exits: When a
+      relay is configured as an exit node, we now warn the user unless
+      the "ExitRelay" option is set to 1. We warn even more loudly if
+      the relay is configured with the default exit policy, since this
+      can indicate accidental misconfiguration. Setting "ExitRelay 0"
+      stops Tor from running as an exit relay. Closes ticket 10067.
+
+  o Major features (directory system):
+    - When downloading server- or microdescriptors from a directory
+      server, we no longer launch multiple simultaneous requests to the
+      same server. This reduces load on the directory servers,
+      especially when directory guards are in use. Closes ticket 9969.
+    - When downloading server- or microdescriptors over a tunneled
+      connection, do not limit the length of our requests to what the
+      Squid proxy is willing to handle. Part of ticket 9969.
+    - Authorities can now vote on the correct digests and latest
+      versions for different software packages. This allows packages
+      that include Tor to use the Tor authority system as a way to get
+      notified of updates and their correct digests. Implements proposal
+      227. Closes ticket 10395.
+
+  o Major features (guards):
+    - Introduce the Guardfraction feature to improves load balancing on
+      guard nodes. Specifically, it aims to reduce the traffic gap that
+      guard nodes experience when they first get the Guard flag. This is
+      a required step if we want to increase the guard lifetime to 9
+      months or greater.  Closes ticket 9321.
+
+  o Major features (performance):
+    - Make the CPU worker implementation more efficient by avoiding the
+      kernel and lengthening pipelines. The original implementation used
+      sockets to transfer data from the main thread to the workers, and
+      didn't allow any thread to be assigned more than a single piece of
+      work at once. The new implementation avoids communications
+      overhead by making requests in shared memory, avoiding kernel IO
+      where possible, and keeping more requests in flight at once.
+      Implements ticket 9682.
+
+  o Major features (relay):
+    - Raise the minimum acceptable configured bandwidth rate for bridges
+      to 50 KiB/sec and for relays to 75 KiB/sec. (The old values were
+      20 KiB/sec.) Closes ticket 13822.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (mixed relay-client operation):
+    - When running as a relay and client at the same time (not
+      recommended), if we decide not to use a new guard because we want
+      to retry older guards, only close the locally-originating circuits
+      passing through that guard. Previously we would close all the
+      circuits through that guard. Fixes bug 9819; bugfix on
+      0.2.1.1-alpha. Reported by "skruffy".
+
+  o Minor features (build):
+    - New --disable-system-torrc compile-time option to prevent Tor from
+      looking for the system-wide torrc or torrc-defaults files.
+      Resolves ticket 13037.
+
+  o Minor features (controller):
+    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
+      events so controllers can observe circuit isolation inputs. Closes
+      ticket 8405.
+    - ControlPort now supports the unix:/path/to/socket syntax as an
+      alternative to the ControlSocket option, for consistency with
+      SocksPort and HiddenServicePort. Closes ticket 14451.
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (Denial of service resistance):
+    - Count the total number of bytes used storing hidden service
+      descriptors against the value of MaxMemInQueues. If we're low on
+      memory, and more than 20% of our memory is used holding hidden
+      service descriptors, free them until no more than 10% of our
+      memory holds hidden service descriptors. Free the least recently
+      fetched descriptors first. Resolves ticket 13806.
+    - When we have recently been under memory pressure (over 3/4 of
+      MaxMemInQueues is allocated), then allocate smaller zlib objects
+      for small requests. Closes ticket 11791.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 files to the January 7 2015 Maxmind
+      GeoLite2 Country database.
+
+  o Minor features (guard nodes):
+    - Reduce the time delay before saving guard status to disk from 10
+      minutes to 30 seconds (or from one hour to 10 minutes if
+      AvoidDiskWrites is set). Closes ticket 12485.
+
+  o Minor features (hidden service):
+    - Make Sybil attacks against hidden services harder by changing the
+      minimum time required to get the HSDir flag from 25 hours up to 96
+      hours. Addresses ticket 14149.
+    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
+      services to disable the anti-scanning feature introduced in
+      0.2.6.2-alpha. With this option not set, a connection to an
+      unlisted port closes the circuit. With this option set, only a
+      RELAY_DONE cell is sent. Closes ticket 14084.
+
+  o Minor features (interface):
+    - Implement "-f -" command-line option to read torrc configuration
+      from standard input, if you don't want to store the torrc file in
+      the file system. Implements feature 13865.
+
+  o Minor features (logging):
+    - Add a count of unique clients to the bridge heartbeat message.
+      Resolves ticket 6852.
+    - Suppress "router info incompatible with extra info" message when
+      reading extrainfo documents from cache. (This message got loud
+      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes
+      ticket 13762.
+    - Elevate hidden service authorized-client message from DEBUG to
+      INFO. Closes ticket 14015.
+
+  o Minor features (stability):
+    - Add assertions in our hash-table iteration code to check for
+      corrupted values that could cause infinite loops. Closes
+      ticket 11737.
+
+  o Minor features (systemd):
+    - Various improvements and modernizations in systemd hardening
+      support. Closes ticket 13805. Patch from Craig Andrews.
+
+  o Minor features (testing networks):
+    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
+      and the default on a testing network to 2 minutes. Drop the
+      MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, but
+      keep the default on a testing network at 30 seconds. This reduces
+      HS bootstrap time to around 25 seconds. Also, change the default
+      time in test-network.sh to match. Closes ticket 13401. Patch
+      by "teor".
+    - Create TestingDirAuthVoteHSDir to correspond to
+      TestingDirAuthVoteExit/Guard. Ensures that authorities vote the
+      HSDir flag for the listed relays regardless of uptime or ORPort
+      connectivity. Respects the value of VoteOnHidServDirectoriesV2.
+      Partial implementation for ticket 14067. Patch by "teor".
+
+  o Minor features (tor2web mode):
+    - Introduce the config option Tor2webRendezvousPoints, which allows
+      clients in Tor2webMode to select a specific Rendezvous Point to be
+      used in HS circuits. This might allow better performance for
+      Tor2Web nodes. Implements ticket 12844.
+
+  o Minor bugfixes (client DNS):
+    - Report the correct cached DNS expiration times on SOCKS port or in
+      DNS replies. Previously, we would report everything as "never
+      expires." Fixes bug 14193; bugfix on 0.2.3.17-beta.
+    - Avoid a small memory leak when we find a cached answer for a
+      reverse DNS lookup in a client-side DNS cache. (Remember, client-
+      side DNS caching is off by default, and is not recommended.) Fixes
+      bug 14259; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+    - Prevent changes to other options from removing the wildcard value
+      "." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix
+      on 0.2.0.1-alpha.
+    - Allow MapAddress and AutomapHostsOnResolve to work together when
+      an address is mapped into another address type (like .onion) that
+      must be automapped at resolve time. Fixes bug 7555; bugfix
+      on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, bridges):
+    - When we are using bridges and we had a network connectivity
+      problem, only retry connecting to our currently configured
+      bridges, not all bridges we know about and remember using. Fixes
+      bug 14216; bugfix on 0.2.2.17-alpha.
+
+  o Minor bugfixes (client, IPv6):
+    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
+      flag is not set; and not because the NoIPv4Traffic flag was set.
+      Previously we'd looked at the NoIPv4Traffic flag for both types of
+      literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (compilation):
+    - The address of an array in the middle of a structure will always
+      be non-NULL. clang recognises this and complains. Disable the
+      tautologous and redundant check to silence this warning. Fixes bug
+      14001; bugfix on 0.2.1.2-alpha.
+    - Avoid warnings when building with systemd 209 or later. Fixes bug
+      14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
+    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
+      Addresses ticket 14188.
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+    - Do not compile any code related to Tor2Web mode when Tor2Web mode
+      is not enabled at compile time. Previously, this code was included
+      in a disabled state. See discussion on ticket 12844.
+    - Remove the --disable-threads configure option again. It was
+      accidentally partially reintroduced in 29ac883606d6d. Fixes bug
+      14819; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (controller):
+    - Report "down" in response to the "GETINFO entry-guards" command
+      when relays are down with an unreachable_since value. Previously,
+      we would report "up". Fixes bug 14184; bugfix on 0.1.2.2-alpha.
+    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug
+      14116; bugfix on 0.2.2.9-alpha.
+    - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
+      reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Do not attempt to download extrainfo documents which we will be
+      unable to validate with a matching server descriptor. Fixes bug
+      13762; bugfix on 0.2.0.1-alpha.
+    - Fix a bug that was truncating AUTHDIR_NEWDESC events sent to the
+      control port. Fixes bug 14953; bugfix on 0.2.0.1-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (file handling):
+    - Stop failing when key files are zero-length. Instead, generate new
+      keys, and overwrite the empty key files. Fixes bug 13111; bugfix
+      on all versions of Tor. Patch by "teor".
+    - Stop generating a fresh .old RSA onion key file when the .old file
+      is missing. Fixes part of 13111; bugfix on 0.0.6rc1.
+    - Avoid overwriting .old key files with empty key files.
+    - Skip loading zero-length extrainfo store, router store, stats,
+      state, and key files.
+    - Avoid crashing when trying to reload a torrc specified as a
+      relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix
+      on 0.2.3.11-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Close the introduction circuit when we have no more usable intro
+      points, instead of waiting for it to time out. This also ensures
+      that no follow-up HS descriptor fetch is triggered when the
+      circuit eventually times out. Fixes bug 14224; bugfix on 0.0.6.
+    - When fetching a hidden service descriptor for a down service that
+      was recently up, do not keep refetching until we try the same
+      replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha.
+    - Successfully launch Tor with a nonexistent hidden service
+      directory. Our fix for bug 13942 didn't catch this case. Fixes bug
+      14106; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (logging):
+    - Avoid crashing when there are more log domains than entries in
+      domain_list. Bugfix on 0.2.3.1-alpha.
+    - Add a string representation for LD_SCHED. Fixes bug 14740; bugfix
+      on 0.2.6.1-alpha.
+    - Don't log messages to stdout twice when starting up. Fixes bug
+      13993; bugfix on 0.2.6.1-alpha.
+
+  o Minor bugfixes (parsing):
+    - Stop accepting milliseconds (or other junk) at the end of
+      descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25.
+    - Support two-number and three-number version numbers correctly, in
+      case we change the Tor versioning system in the future. Fixes bug
+      13661; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (path counting):
+    - When deciding whether the consensus lists any exit nodes, count
+      the number listed in the consensus, not the number we have
+      descriptors for. Fixes part of bug 14918; bugfix on 0.2.6.2-alpha.
+    - When deciding whether we have any exit nodes, only examine
+      ExitNodes when the ExitNodes option is actually set. Fixes part of
+      bug 14918; bugfix on 0.2.6.2-alpha.
+    - Get rid of redundant and possibly scary warnings that we are
+      missing directory information while we bootstrap. Fixes part of
+      bug 14918; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (portability):
+    - Fix the ioctl()-based network interface lookup code so that it
+      will work on systems that have variable-length struct ifreq, for
+      example Mac OS X.
+    - Fix scheduler compilation on targets where char is unsigned. Fixes
+      bug 14764; bugfix on 0.2.6.2-alpha. Reported by Christian Kujau.
+
+  o Minor bugfixes (sandbox):
+    - Allow glibc fatal errors to be sent to stderr before Tor exits.
+      Previously, glibc would try to write them to /dev/tty, and the
+      sandbox would trap the call and make Tor exit prematurely. Fixes
+      bug 14759; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (shutdown):
+    - When shutting down, always call event_del() on lingering read or
+      write events before freeing them. Otherwise, we risk double-frees
+      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix
+      on 0.1.0.2-rc.
+
+  o Minor bugfixes (small memory leaks):
+    - Avoid leaking memory when using IPv6 virtual address mappings.
+      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van
+      der Woerdt.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (systemd support):
+    - Fix detection and operation of systemd watchdog. Fixes part of bug
+      14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
+    - Run correctly under systemd with the RunAsDaemon option set. Fixes
+      part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz.
+    - Inform the systemd supervisor about more changes in the Tor
+      process status. Implements part of ticket 14141. Patch from
+      Tomasz Torcz.
+    - Cause the "--disable-systemd" option to actually disable systemd
+      support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch
+      from "blueness".
+
+  o Minor bugfixes (TLS):
+    - Check more thoroughly throughout the TLS code for possible
+      unlogged TLS errors. Possible diagnostic or fix for bug 13319.
+
+  o Minor bugfixes (transparent proxy):
+    - Use getsockname, not getsockopt, to retrieve the address for a
+      TPROXY-redirected connection. Fixes bug 13796; bugfix
+      on 0.2.5.2-alpha.
+
+  o Code simplification and refactoring:
+    - Move fields related to isolating and configuring client ports into
+      a shared structure. Previously, they were duplicated across
+      port_cfg_t, listener_connection_t, and edge_connection_t. Failure
+      to copy them correctly had been the cause of at least one bug in
+      the past. Closes ticket 8546.
+    - Refactor the get_interface_addresses_raw() doom-function into
+      multiple smaller and simpler subfunctions. Cover the resulting
+      subfunctions with unit-tests. Fixes a significant portion of
+      issue 12376.
+    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was
+      only for version <= 0.2.2.24 which is now deprecated. Closes
+      ticket 14202.
+    - Remove a test for a long-defunct broken version-one
+      directory server.
+
+  o Documentation:
+    - Adding section on OpenBSD to our TUNING document. Thanks to mmcc
+      for writing the OpenBSD-specific tips. Resolves ticket 13702.
+    - Make the tor-resolve documentation match its help string and its
+      options. Resolves part of ticket 14325.
+    - Log a more useful error message from tor-resolve when failing to
+      look up a hidden service address. Resolves part of ticket 14325.
+
+  o Downgraded warnings:
+    - Don't warn when we've attempted to contact a relay using the wrong
+      ntor onion key. Closes ticket 9635.
+
+  o Removed features:
+    - To avoid confusion with the "ExitRelay" option, "ExitNode" is no
+      longer silently accepted as an alias for "ExitNodes".
+    - The --enable-mempool and --enable-buf-freelists options, which
+      were originally created to work around bad malloc implementations,
+      no longer exist. They were off-by-default in 0.2.5. Closes
+      ticket 14848.
+
+  o Testing:
+    - Make the checkdir/perms test complete successfully even if the
+      global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
+    - Test that tor does not fail when key files are zero-length. Check
+      that tor generates new keys, and overwrites the empty key files.
+    - Test that tor generates new keys when keys are missing
+      (existing behavior).
+    - Test that tor does not overwrite key files that already contain
+      data (existing behavior). Tests bug 13111. Patch by "teor".
+    - New "make test-stem" target to run stem integration tests.
+      Requires that the "STEM_SOURCE_DIR" environment variable be set.
+      Closes ticket 14107.
+    - Make the test_cmdline_args.py script work correctly on Windows.
+      Patch from Gisle Vanem.
+    - Move the slower unit tests into a new "./src/test/test-slow"
+      binary that can be run independently of the other tests. Closes
+      ticket 13243.
+    - Avoid undefined behavior when sampling huge values from the
+      Laplace distribution. This made unittests fail on Raspberry Pi.
+      Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.
+
+
+Changes in version 0.2.6.2-alpha - 2014-12-31
+  Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
+  It introduces a major new backend for deciding when to send cells on
+  channels, which should lead down the road to big performance
+  increases. It contains security and statistics features for better
+  work on hidden services, and numerous bugfixes.
+
+  This release contains many new unit tests, along with major
+  performance improvements for running testing networks using Chutney.
+  Thanks to a series of patches contributed by "teor", testing networks
+  should now bootstrap in seconds, rather than minutes.
+
+  o Major features (relay, infrastructure):
+    - Complete revision of the code that relays use to decide which cell
+      to send next. Formerly, we selected the best circuit to write on
+      each channel, but we didn't select among channels in any
+      sophisticated way. Now, we choose the best circuits globally from
+      among those whose channels are ready to deliver traffic.
+
+      This patch implements a new inter-cmux comparison API, a global
+      high/low watermark mechanism and a global scheduler loop for
+      transmission prioritization across all channels as well as among
+      circuits on one channel. This schedule is currently tuned to
+      (tolerantly) avoid making changes in network performance, but it
+      should form the basis for major circuit performance increases in
+      the future. Code by Andrea; tuning by Rob Jansen; implements
+      ticket 9262.
+
+  o Major features (hidden services):
+    - Make HS port scanning more difficult by immediately closing the
+      circuit when a user attempts to connect to a nonexistent port.
+      Closes ticket 13667.
+    - Add a HiddenServiceStatistics option that allows Tor relays to
+      gather and publish statistics about the overall size and volume of
+      hidden service usage. Specifically, when this option is turned on,
+      an HSDir will publish an approximate number of hidden services
+      that have published descriptors to it the past 24 hours. Also, if
+      a relay has acted as a hidden service rendezvous point, it will
+      publish the approximate amount of rendezvous cells it has relayed
+      the past 24 hours. The statistics themselves are obfuscated so
+      that the exact values cannot be derived. For more details see
+      proposal 238, "Better hidden service stats from Tor relays". This
+      feature is currently disabled by default. Implements feature 13192.
+
+  o Major bugfixes (client, automap):
+    - Repair automapping with IPv6 addresses. This automapping should
+      have worked previously, but one piece of debugging code that we
+      inserted to detect a regression actually caused the regression to
+      manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
+      0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
+      Izquierdo Riera.
+
+  o Major bugfixes (hidden services):
+    - When closing an introduction circuit that was opened in parallel
+      with others, don't mark the introduction point as unreachable.
+      Previously, the first successful connection to an introduction
+      point would make the other introduction points get marked as
+      having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+
+  o Major removed features:
+    - Tor clients no longer support connecting to hidden services
+      running on Tor 0.2.2.x and earlier; the Support022HiddenServices
+      option has been removed. (There shouldn't be any hidden services
+      running these versions on the network.) Closes ticket 7803.
+
+  o Minor features (client):
+    - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
+      is enabled, reject requests with IP addresses as hostnames.
+      Resolves ticket 13315.
+
+  o Minor features (controller):
+    - Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
+      write an unscheduled heartbeat message to the log. Implements
+      feature 9503.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 15 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden services):
+    - When re-enabling the network, don't try to build introduction
+      circuits until we have successfully built a circuit. This makes
+      hidden services come up faster when the network is re-enabled.
+      Patch from "akwizgran". Closes ticket 13447.
+    - When we fail to retrieve a hidden service descriptor, send the
+      controller an "HS_DESC FAILED" controller event. Implements
+      feature 13212.
+    - New HiddenServiceDirGroupReadable option to cause hidden service
+      directories and hostname files to be created group-readable. Patch
+      from "anon", David Stainton, and "meejah". Closes ticket 11291.
+
+  o Minor features (systemd):
+    - Where supported, when running with systemd, report successful
+      startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
+    - When running with systemd, support systemd watchdog messages. Part
+      of ticket 11016. Patch by Michael Scherer.
+
+  o Minor features (transparent proxy):
+    - Update the transparent proxy option checks to allow for both ipfw
+      and pf on OS X. Closes ticket 14002.
+    - Use the correct option when using IPv6 with transparent proxy
+      support on Linux. Resolves 13808. Patch by Francisco Blas
+      Izquierdo Riera.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+    - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
+      just the part that's used. This makes it harder for data leak bugs
+      to occur in the event of other programming failures. Resolves
+      ticket 14041.
+
+  o Minor bugfixes (client, microdescriptors):
+    - Use a full 256 bits of the SHA256 digest of a microdescriptor when
+      computing which microdescriptors to download. This keeps us from
+      erroneous download behavior if two microdescriptor digests ever
+      have the same first 160 bits. Fixes part of bug 13399; bugfix
+      on 0.2.3.1-alpha.
+    - Reset a router's status if its microdescriptor digest changes,
+      even if the first 160 bits remain the same. Fixes part of bug
+      13399; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (compilation):
+    - Silence clang warnings under --enable-expensive-hardening,
+      including implicit truncation of 64 bit values to 32 bit, const
+      char assignment to self, tautological compare, and additional
+      parentheses around equality tests. Fixes bug 13577; bugfix
+      on 0.2.5.4-alpha.
+    - Fix a clang warning about checking whether an address in the
+      middle of a structure is NULL. Fixes bug 14001; bugfix
+      on 0.2.1.2-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Correctly send a controller event when we find that a rendezvous
+      circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
+    - Pre-check directory permissions for new hidden-services to avoid
+      at least one case of "Bug: Acting on config options left us in a
+      broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
+    - When adding a new hidden service (for example, via SETCONF), Tor
+      no longer congratulates the user for running a relay. Fixes bug
+      13941; bugfix on 0.2.6.1-alpha.
+    - When fetching hidden service descriptors, we now check not only
+      for whether we got the hidden service we had in mind, but also
+      whether we got the particular descriptors we wanted. This prevents
+      a class of inefficient but annoying DoS attacks by hidden service
+      directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
+      by "special".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Make transparent proxy support work along with the seccomp2
+      sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
+      by Francisco Blas Izquierdo Riera.
+    - Fix a memory leak in tor-resolve when running with the sandbox
+      enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
+
+  o Minor bugfixes (logging):
+    - Downgrade warnings about RSA signature failures to info log level.
+      Emit a warning when an extra info document is found incompatible
+      with a corresponding router descriptor. Fixes bug 9812; bugfix
+      on 0.0.6rc3.
+    - Make connection_ap_handshake_attach_circuit() log the circuit ID
+      correctly. Fixes bug 13701; bugfix on 0.0.6.
+
+  o Minor bugfixes (misc):
+    - Stop allowing invalid address patterns like "*/24" that contain
+      both a wildcard address and a bit prefix length. This affects all
+      our address-range parsing code. Fixes bug 7484; bugfix
+      on 0.0.2pre14.
+
+  o Minor bugfixes (testing networks, fast startup):
+    - Allow Tor to build circuits using a consensus with no exits. If
+      the consensus has no exits (typical of a bootstrapping test
+      network), allow Tor to build circuits once enough descriptors have
+      been downloaded. This assists in bootstrapping a testing Tor
+      network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
+      by "teor".
+    - When V3AuthVotingInterval is low, give a lower If-Modified-Since
+      header to directory servers. This allows us to obtain consensuses
+      promptly when the consensus interval is very short. This assists
+      in bootstrapping a testing Tor network. Fixes parts of bugs 13718
+      and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
+    - Stop assuming that private addresses are local when checking
+      reachability in a TestingTorNetwork. Instead, when testing, assume
+      all OR connections are remote. (This is necessary due to many test
+      scenarios running all relays on localhost.) This assists in
+      bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
+      0.1.0.1-rc. Patch by "teor".
+    - Avoid building exit circuits from a consensus with no exits. Now
+      thanks to our fix for 13718, we accept a no-exit network as not
+      wholly lost, but we need to remember not to try to build exit
+      circuits on it. Closes ticket 13814; patch by "teor".
+    - Stop requiring exits to have non-zero bandwithcapacity in a
+      TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
+      ignore exit bandwidthcapacity. This assists in bootstrapping a
+      testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
+      on 0.2.0.3-alpha. Patch by "teor".
+    - Add "internal" to some bootstrap statuses when no exits are
+      available. If the consensus does not contain Exits, Tor will only
+      build internal circuits. In this case, relevant statuses will
+      contain the word "internal" as indicated in the Tor control-
+       spec.txt. When bootstrap completes, Tor will be ready to build
+      internal circuits. If a future consensus contains Exits, exit
+      circuits may become available. Fixes part of bug 13718; bugfix on
+      0.2.4.10-alpha. Patch by "teor".
+    - Decrease minimum consensus interval to 10 seconds when
+      TestingTorNetwork is set, or 5 seconds for the first consensus.
+      Fix assumptions throughout the code that assume larger intervals.
+      Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
+      by "teor".
+    - Avoid excluding guards from path building in minimal test
+      networks, when we're in a test network and excluding guards would
+      exclude all relays. This typically occurs in incredibly small tor
+      networks, and those using "TestingAuthVoteGuard *". Fixes part of
+      bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
+
+  o Code simplification and refactoring:
+    - Stop using can_complete_circuits as a global variable; access it
+      with a function instead.
+    - Avoid using operators directly as macro arguments: this lets us
+      apply coccinelle transformations to our codebase more directly.
+      Closes ticket 13172.
+    - Combine the functions used to parse ClientTransportPlugin and
+      ServerTransportPlugin into a single function. Closes ticket 6456.
+    - Add inline functions and convenience macros for inspecting channel
+      state. Refactor the code to use convenience macros instead of
+      checking channel state directly. Fixes issue 7356.
+    - Document all members of was_router_added_t and rename
+      ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
+      confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
+    - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
+      constant instead of hardcoded value. Fixes issue 13840.
+    - Refactor our generic strmap and digestmap types into a single
+      implementation, so that we can add a new digest256map
+      type trivially.
+
+  o Documentation:
+    - Document the bridge-authority-only 'networkstatus-bridges' file.
+      Closes ticket 13713; patch from "tom".
+    - Fix typo in PredictedPortsRelevanceTime option description in
+      manpage. Resolves issue 13707.
+    - Stop suggesting that users specify relays by nickname: it isn't a
+      good idea. Also, properly cross-reference how to specify relays in
+      all parts of manual documenting options that take a list of
+      relays. Closes ticket 13381.
+    - Clarify the HiddenServiceDir option description in manpage to make
+      it clear that relative paths are taken with respect to the current
+      working directory. Also clarify that this behavior is not
+      guaranteed to remain indefinitely. Fixes issue 13913.
+
+  o Testing:
+    - New tests for many parts of channel, relay, and circuitmux
+      functionality. Code by Andrea; part of 9262.
+    - New tests for parse_transport_line(). Part of ticket 6456.
+    - In the unit tests, use chgrp() to change the group of the unit
+      test temporary directory to the current user, so that the sticky
+      bit doesn't interfere with tests that check directory groups.
+      Closes 13678.
+    - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
+      by 'rl1987'.
+
+
+Changes in version 0.2.6.1-alpha - 2014-10-30
+  Tor 0.2.6.1-alpha is the first release in the Tor 0.2.6.x series. It
+  includes numerous code cleanups and new tests, and fixes a large
+  number of annoying bugs. Out-of-memory conditions are handled better
+  than in 0.2.5, pluggable transports have improved proxy support, and
+  clients now use optimistic data for contacting hidden services. Also,
+  we are now more robust to changes in what we consider a parseable
+  directory object, so that tightening restrictions does not have a risk
+  of introducing infinite download loops.
+
+  This is the first alpha release in a new series, so expect there to be
+  bugs. Users who would rather test out a more stable branch should stay
+  with 0.2.5.x for now.
+
+  o New compiler and system requirements:
+    - Tor 0.2.6.x requires that your compiler support more of the C99
+      language standard than before. The 'configure' script now detects
+      whether your compiler supports C99 mid-block declarations and
+      designated initializers. If it does not, Tor will not compile.
+
+      We may revisit this requirement if it turns out that a significant
+      number of people need to build Tor with compilers that don't
+      bother implementing a 15-year-old standard. Closes ticket 13233.
+    - Tor no longer supports systems without threading support. When we
+      began working on Tor, there were several systems that didn't have
+      threads, or where the thread support wasn't able to run the
+      threads of a single process on multiple CPUs. That no longer
+      holds: every system where Tor needs to run well now has threading
+      support. Resolves ticket 12439.
+
+  o Removed platform support:
+    - We no longer include special code to build on Windows CE; as far
+      as we know, nobody has used Tor on Windows CE in a very long time.
+      Closes ticket 11446.
+
+  o Major features (bridges):
+    - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
+      transports if they are configured via the "TOR_PT_PROXY"
+      environment variable. Implements proposal 232. Resolves
+      ticket 8402.
+
+  o Major features (client performance, hidden services):
+    - Allow clients to use optimistic data when connecting to a hidden
+      service, which should remove a round-trip from hidden service
+      initialization. See proposal 181 for details. Implements
+      ticket 13211.
+
+  o Major features (directory system):
+    - Upon receiving an unparseable directory object, if its digest
+      matches what we expected, then don't try to download it again.
+      Previously, when we got a descriptor we didn't like, we would keep
+      trying to download it over and over. Closes ticket 11243.
+
+  o Major features (sample torrc):
+    - Add a new, infrequently-changed "torrc.minimal". This file is
+      similar to torrc.sample, but it will change as infrequently as
+      possible, for the benefit of users whose systems prompt them for
+      intervention whenever a default configuration file is changed.
+      Making this change allows us to update torrc.sample to be a more
+      generally useful "sample torrc".
+
+  o Major bugfixes (directory authorities):
+    - Do not assign the HSDir flag to relays if they are not Valid, or
+      currently hibernating. Fixes 12573; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (directory bandwidth performance):
+    - Don't flush the zlib buffer aggressively when compressing
+      directory information for clients. This should save about 7% of
+      the bandwidth currently used for compressed descriptors and
+      microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
+
+  o Minor features (security, memory wiping):
+    - Ensure we securely wipe keys from memory after
+      crypto_digest_get_digest and init_curve25519_keypair_from_file
+      have finished using them. Resolves ticket 13477.
+
+  o Minor features (security, out-of-memory handling):
+    - When handling an out-of-memory condition, allocate less memory for
+      temporary data structures. Fixes issue 10115.
+    - When handling an out-of-memory condition, consider more types of
+      buffers, including those on directory connections, and zlib
+      buffers. Resolves ticket 11792.
+
+  o Minor features:
+    - When identity keypair is generated for first time, log a
+      congratulatory message that links to the new relay lifecycle
+      document. Implements feature 10427.
+
+  o Minor features (client):
+    - Clients are now willing to send optimistic data (before they
+      receive a 'connected' cell) to relays of any version. (Relays
+      without support for optimistic data are no longer supported on the
+      Tor network.) Resolves ticket 13153.
+
+  o Minor features (directory authorities):
+    - Don't list relays with a bandwidth estimate of 0 in the consensus.
+      Implements a feature proposed during discussion of bug 13000.
+    - In tor-gencert, report an error if the user provides the same
+      argument more than once.
+    - If a directory authority can't find a best consensus method in the
+      votes that it holds, it now falls back to its favorite consensus
+      method. Previously, it fell back to method 1. Neither of these is
+      likely to get enough signatures, but "fall back to favorite"
+      doesn't require us to maintain support an obsolete consensus
+      method. Implements part of proposal 215.
+
+  o Minor features (logging):
+    - On Unix-like systems, you can now use named pipes as the target of
+      the Log option, and other options that try to append to files.
+      Closes ticket 12061. Patch from "carlo von lynX".
+    - When opening a log file at startup, send it every log message that
+      we generated between startup and opening it. Previously, log
+      messages that were generated before opening the log file were only
+      logged to stdout. Closes ticket 6938.
+    - Add a TruncateLogFile option to overwrite logs instead of
+      appending to them. Closes ticket 5583.
+
+  o Minor features (portability, Solaris):
+    - Threads are no longer disabled by default on Solaris; we believe
+      that the versions of Solaris with broken threading support are all
+      obsolete by now. Resolves ticket 9495.
+
+  o Minor features (relay):
+    - Re-check our address after we detect a changed IP address from
+      getsockname(). This ensures that the controller command "GETINFO
+      address" will report the correct value. Resolves ticket 11582.
+      Patch from "ra".
+    - A new AccountingRule option lets Relays set whether they'd like
+      AccountingMax to be applied separately to inbound and outbound
+      traffic, or applied to the sum of inbound and outbound traffic.
+      Resolves ticket 961. Patch by "chobe".
+
+  o Minor features (testing networks):
+    - Add the TestingDirAuthVoteExit option, which lists nodes to assign
+      the "Exit" flag regardless of their uptime, bandwidth, or exit
+      policy. TestingTorNetwork must be set for this option to have any
+      effect. Previously, authorities would take up to 35 minutes to
+      give nodes the Exit flag in a test network. Partially implements
+      ticket 13161.
+
+  o Minor features (validation):
+    - Check all date/time values passed to tor_timegm and
+      parse_rfc1123_time for validity, taking leap years into account.
+      Improves HTTP header validation. Implemented with bug 13476.
+    - In correct_tm(), limit the range of values returned by system
+      localtime(_r) and gmtime(_r) to be between the years 1 and 8099.
+      This means we don't have to deal with negative or too large dates,
+      even if a clock is wrong. Otherwise we might fail to read a file
+      written by us which includes such a date. Fixes bug 13476.
+
+  o Minor bugfixes (bridge clients):
+    - When configured to use a bridge without an identity digest (not
+      recommended), avoid launching an extra channel to it when
+      bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (bridges):
+    - When DisableNetwork is set, do not launch pluggable transport
+      plugins, and if any are running, terminate them. Fixes bug 13213;
+      bugfix on 0.2.3.6-alpha.
+
+  o Minor bugfixes (C correctness):
+    - Fix several instances of possible integer overflow/underflow/NaN.
+      Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
+      from "teor".
+    - In circuit_build_times_calculate_timeout() in circuitstats.c,
+      avoid dividing by zero in the pareto calculations. This traps
+      under clang's "undefined-trap" sanitizer. Fixes bug 13290; bugfix
+      on 0.2.2.2-alpha.
+    - Fix an integer overflow in format_time_interval(). Fixes bug
+      13393; bugfix on 0.2.0.10-alpha.
+    - Set the correct day of year value when the system's localtime(_r)
+      or gmtime(_r) functions fail to set struct tm. Not externally
+      visible. Fixes bug 13476; bugfix on 0.0.2pre14.
+    - Avoid unlikely signed integer overflow in tor_timegm on systems
+      with 32-bit time_t. Fixes bug 13476; bugfix on 0.0.2pre14.
+
+  o Minor bugfixes (client):
+    - Fix smartlist_choose_node_by_bandwidth() so that relays with the
+      BadExit flag are not considered worthy candidates. Fixes bug
+      13066; bugfix on 0.1.2.3-alpha.
+    - Use the consensus schedule for downloading consensuses, and not
+      the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
+    - Handle unsupported or malformed SOCKS5 requests properly by
+      responding with the appropriate error message before closing the
+      connection. Fixes bugs 12971 and 13314; bugfix on 0.0.2pre13.
+
+  o Minor bugfixes (client, torrc):
+    - Stop modifying the value of our DirReqStatistics torrc option just
+      because we're not a bridge or relay. This bug was causing Tor
+      Browser users to write "DirReqStatistics 0" in their torrc files
+      as if they had chosen to change the config. Fixes bug 4244; bugfix
+      on 0.2.3.1-alpha.
+    - When GeoIPExcludeUnknown is enabled, do not incorrectly decide
+      that our options have changed every time we SIGHUP. Fixes bug
+      9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
+
+  o Minor bugfixes (controller):
+    - Return an error when the second or later arguments of the
+      "setevents" controller command are invalid events. Previously we
+      would return success while silently skipping invalid events. Fixes
+      bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
+
+  o Minor bugfixes (directory system):
+    - Always believe that v3 directory authorities serve extra-info
+      documents, whether they advertise "caches-extra-info" or not.
+      Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+    - When running as a v3 directory authority, advertise that you serve
+      extra-info documents so that clients who want them can find them
+      from you too. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+    - Check the BRIDGE_DIRINFO flag bitwise rather than using equality.
+      Previously, directories offering BRIDGE_DIRINFO and some other
+      flag (i.e. microdescriptors or extrainfo) would be ignored when
+      looking for bridges. Partially fixes bug 13163; bugfix
+      on 0.2.0.7-alpha.
+
+  o Minor bugfixes (networking):
+    - Check for orconns and use connection_or_close_for_error() rather
+      than connection_mark_for_close() directly in the getsockopt()
+      failure case of connection_handle_write_impl(). Fixes bug 11302;
+      bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (relay):
+    - When generating our family list, remove spaces from around the
+      entries. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
+    - If our previous bandwidth estimate was 0 bytes, allow publishing a
+      new relay descriptor immediately. Fixes bug 13000; bugfix
+      on 0.1.1.6-alpha.
+
+  o Minor bugfixes (testing networks):
+    - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
+      testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
+    - Stop using the default authorities in networks which provide both
+      AlternateDirAuthority and AlternateBridgeAuthority. Partially
+      fixes bug 13163; bugfix on 0.2.0.13-alpha.
+
+  o Minor bugfixes (testing):
+    - Stop spawn test failures due to a race condition between the
+      SIGCHLD handler updating the process status, and the test reading
+      it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (testing, Windows):
+    - Avoid passing an extra backslash when creating a temporary
+      directory for running the unit tests on Windows. Fixes bug 12392;
+      bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
+
+  o Minor bugfixes (windows):
+    - Remove code to special-case handling of NTE_BAD_KEYSET when
+      acquiring windows CryptoAPI context. This error can't actually
+      occur for the parameters we're providing. Fixes bug 10816; bugfix
+      on 0.0.2pre26.
+
+  o Minor bugfixes (zlib):
+    - Avoid truncating a zlib stream when trying to finalize it with an
+      empty output buffer. Fixes bug 11824; bugfix on 0.1.1.23.
+
+  o Build fixes:
+    - Allow our configure script to build correctly with autoconf 2.62
+      again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
+    - Improve the error message from ./configure to make it clear that
+      when asciidoc has not been found, the user will have to either add
+      --disable-asciidoc argument or install asciidoc. Resolves
+      ticket 13228.
+
+  o Code simplification and refactoring:
+    - Change the entry_is_live() function to take named bitfield
+      elements instead of an unnamed list of booleans. Closes
+      ticket 12202.
+    - Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
+      Resolves ticket 12205.
+    - Use calloc and reallocarray functions instead of multiply-
+      then-malloc. This makes it less likely for us to fall victim to an
+      integer overflow attack when allocating. Resolves ticket 12855.
+    - Use the standard macro name SIZE_MAX, instead of our
+      own SIZE_T_MAX.
+    - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
+      functions which take them as arguments. Replace 0 with NO_DIRINFO
+      in a function call for clarity. Seeks to prevent future issues
+      like 13163.
+    - Avoid 4 null pointer errors under clang static analysis by using
+      tor_assert() to prove that the pointers aren't null. Fixes
+      bug 13284.
+    - Rework the API of policies_parse_exit_policy() to use a bitmask to
+      represent parsing options, instead of a confusing mess of
+      booleans. Resolves ticket 8197.
+    - Introduce a helper function to parse ExitPolicy in
+      or_options_t structure.
+
+  o Documentation:
+    - Add a doc/TUNING document with tips for handling large numbers of
+      TCP connections when running busy Tor relay. Update the warning
+      message to point to this file when running out of sockets
+      operating system is allowing to use simultaneously. Resolves
+      ticket 9708.
+
+  o Removed features:
+    - We no longer remind the user about configuration options that have
+      been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
+    - Remove our old, non-weighted bandwidth-based node selection code.
+      Previously, we used it as a fallback when we couldn't perform
+      weighted bandwidth-based node selection. But that would only
+      happen in the cases where we had no consensus, or when we had a
+      consensus generated by buggy or ancient directory authorities. In
+      either case, it's better to use the more modern, better maintained
+      algorithm, with reasonable defaults for the weights. Closes
+      ticket 13126.
+    - Remove the --disable-curve25519 configure option. Relays and
+      clients now are required to support curve25519 and the
+      ntor handshake.
+    - The old "StrictEntryNodes" and "StrictExitNodes" options, which
+      used to be deprecated synonyms for "StrictNodes", are now marked
+      obsolete. Resolves ticket 12226.
+    - Clients don't understand the BadDirectory flag in the consensus
+      anymore, and ignore it.
+
+  o Testing:
+    - Refactor the function that chooses guard nodes so that it can more
+      easily be tested; write some tests for it.
+    - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
+      bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
+    - Create unit tests for format_time_interval(). With bug 13393.
+    - Add unit tests for tor_timegm signed overflow, tor_timegm and
+      parse_rfc1123_time validity checks, correct_tm year clamping. Unit
+      tests (visible) fixes in bug 13476.
+    - Add a "coverage-html" make target to generate HTML-visualized
+      coverage results when building with --enable-coverage. (Requires
+      lcov.) Patch from Kevin Murray.
+    - Enable the backtrace handler (where supported) when running the
+      unit tests.
+    - Revise all unit tests that used the legacy test_* macros to
+      instead use the recommended tt_* macros. This patch was generated
+      with coccinelle, to avoid manual errors. Closes ticket 13119.
+
+  o Distribution (systemd):
+    - systemd unit file: only allow tor to write to /var/lib/tor and
+      /var/log/tor. The rest of the filesystem is accessible for reading
+      only. Patch by intrigeri; resolves ticket 12751.
+    - systemd unit file: ensure that the process and all its children
+      can never gain new privileges. Patch by intrigeri; resolves
+      ticket 12939.
+    - systemd unit file: set up /var/run/tor as writable for the Tor
+      service. Patch by intrigeri; resolves ticket 13196.
+
+  o Removed features (directory authorities):
+    - Remove code that prevented authorities from listing Tor relays
+      affected by CVE-2011-2769 as guards. These relays are already
+      rejected altogether due to the minimum version requirement of
+      0.2.3.16-alpha. Closes ticket 13152.
+    - The "AuthDirRejectUnlisted" option no longer has any effect, as
+      the fingerprints file (approved-routers) has been deprecated.
+    - Directory authorities do not support being Naming dirauths anymore.
+      The "NamingAuthoritativeDir" config option is now obsolete.
+    - Directory authorities do not support giving out the BadDirectory
+      flag anymore.
+    - Directory authorities no longer advertise or support consensus
+      methods 1 through 12 inclusive. These consensus methods were
+      obsolete and/or insecure: maintaining the ability to support them
+      served no good purpose. Implements part of proposal 215; closes
+      ticket 10163.
+
+  o Testing (test-network.sh):
+    - Stop using "echo -n", as some shells' built-in echo doesn't
+      support "-n". Instead, use "/bin/echo -n". Partially fixes
+      bug 13161.
+    - Stop an apparent test-network hang when used with make -j2. Fixes
+      bug 13331.
+    - Add a --delay option to test-network.sh, which configures the
+      delay before the chutney network tests for data transmission.
+      Partially implements ticket 13161.
+
+
+Changes in version 0.2.5.10 - 2014-10-24
+  Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
+
+  It adds several new security features, including improved
+  denial-of-service resistance for relays, new compiler hardening
+  options, and a system-call sandbox for hardened installations on Linux
+  (requires seccomp2). The controller protocol has several new features,
+  resolving IPv6 addresses should work better than before, and relays
+  should be a little more CPU-efficient. We've added support for more
+  OpenBSD and FreeBSD transparent proxy types. We've improved the build
+  system and testing infrastructure to allow unit testing of more parts
+  of the Tor codebase. Finally, we've addressed several nagging pluggable
+  transport usability issues, and included numerous other small bugfixes
+  and features mentioned below.
+
+  This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+  have accumulated many known flaws; everyone should upgrade.
+
+  o Deprecated versions:
+    - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+      attention for some while.
+
+
+Changes in version 0.2.5.9-rc - 2014-10-20
+  Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
+  series. It disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor). It also contains a few miscellaneous fixes.
+
+  o Major security fixes:
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+  o Minor bugfixes:
+    - Disable the sandbox name resolver cache when running tor-resolve:
+      tor-resolve doesn't use the sandbox code, and turning it on was
+      breaking attempts to do tor-resolve on a non-default server on
+      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
+
+  o Compilation fixes:
+    - Build and run correctly on systems like OpenBSD-current that have
+      patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
+
+  o Downgraded warnings:
+    - Downgrade the severity of the 'unexpected sendme cell from client'
+      from 'warn' to 'protocol warning'. Closes ticket 8093.
+
+
+Changes in version 0.2.4.25 - 2014-10-20
+  Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor).
+
+  o Major security fixes (also in 0.2.5.9-rc):
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+
+Changes in version 0.2.5.8-rc - 2014-09-22
+  Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
+  series. It fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+
+Changes in version 0.2.4.24 - 2014-09-22
+  Tor 0.2.4.24 fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.7-rc - 2014-09-11
+  Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
+  release series, and some long-standing bugs related to ORPort reachability
+  testing and failure to send CREATE cells. It is the first release
+  candidate for the Tor 0.2.5.x series.
+
+  o Major bugfixes (client, startup):
+    - Start making circuits as soon as DisabledNetwork is turned off.
+      When Tor started with DisabledNetwork set, it would correctly
+      conclude that it shouldn't build circuits, but it would mistakenly
+      cache this conclusion, and continue believing it even when
+      DisableNetwork is set to 0. Fixes the bug introduced by the fix
+      for bug 11200; bugfix on 0.2.5.4-alpha.
+    - Resume expanding abbreviations for command-line options. The fix
+      for bug 4647 accidentally removed our hack from bug 586 that
+      rewrote HashedControlPassword to __HashedControlSessionPassword
+      when it appears on the commandline (which allowed the user to set
+      her own HashedControlPassword in the torrc file while the
+      controller generates a fresh session password for each run). Fixes
+      bug 12948; bugfix on 0.2.5.1-alpha.
+    - Warn about attempts to run hidden services and relays in the same
+      process: that's probably not a good idea. Closes ticket 12908.
+
+  o Major bugfixes (relay):
+    - Avoid queuing or sending destroy cells for circuit ID zero when we
+      fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
+      Found and fixed by "cypherpunks".
+    - Fix ORPort reachability detection on relays running behind a
+      proxy, by correctly updating the "local" mark on the controlling
+      channel when changing the address of an or_connection_t after the
+      handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
+
+  o Minor features (bridge):
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (logging):
+    - Reduce the log severity of the "Pluggable transport proxy does not
+      provide any needed transports and will not be launched." message,
+      since Tor Browser includes several ClientTransportPlugin lines in
+      its torrc-defaults file, leading every Tor Browser user who looks
+      at her logs to see these notices and wonder if they're dangerous.
+      Resolves bug 13124; bugfix on 0.2.5.3-alpha.
+    - Downgrade "Unexpected onionskin length after decryption" warning
+      to a protocol-warn, since there's nothing relay operators can do
+      about a client that sends them a malformed create cell. Resolves
+      bug 12996; bugfix on 0.0.6rc1.
+    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
+      cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
+    - When logging information about an EXTEND2 or EXTENDED2 cell, log
+      their names correctly. Fixes part of bug 12700; bugfix
+      on 0.2.4.8-alpha.
+    - When logging information about a relay cell whose command we don't
+      recognize, log its command as an integer. Fixes part of bug 12700;
+      bugfix on 0.2.1.10-alpha.
+    - Escape all strings from the directory connection before logging
+      them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
+
+  o Minor bugfixes (controller):
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes
+      bug 12864; bugfix on 0.2.5.1-alpha.
+    - Actually send TRANSPORT_LAUNCHED and HS_DESC events to
+      controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
+      by "teor".
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
+      bugfix on 0.2.5.5-alpha.
+    - Make the nmake make files work again. Fixes bug 13081. Bugfix on
+      0.2.5.1-alpha. Patch from "NewEraCracker".
+    - In routerlist_assert_ok(), don't take the address of a
+      routerinfo's cache_info member unless that routerinfo is non-NULL.
+      Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
+    - Fix a large number of false positive warnings from the clang
+      analyzer static analysis tool. This should make real warnings
+      easier for clang analyzer to find. Patch from "teor". Closes
+      ticket 13036.
+
+  o Distribution (systemd):
+    - Verify configuration file via ExecStartPre in the systemd unit
+      file. Patch from intrigeri; resolves ticket 12730.
+    - Explicitly disable RunAsDaemon in the systemd unit file. Our
+      current systemd unit uses "Type = simple", so systemd does not
+      expect tor to fork. If the user has "RunAsDaemon 1" in their
+      torrc, then things won't work as expected. This is e.g. the case
+      on Debian (and derivatives), since there we pass "--defaults-torrc
+      /usr/share/tor/tor-service-defaults-torrc" (that contains
+      "RunAsDaemon 1") by default. Patch by intrigeri; resolves
+      ticket 12731.
+
+  o Documentation:
+    - Adjust the URLs in the README to refer to the new locations of
+      several documents on the website. Fixes bug 12830. Patch from
+      Matt Pagan.
+    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
+      ticket 12878.
+
+
+Changes in version 0.2.5.6-alpha - 2014-07-28
+  Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
+  risk from guard rotation, and fixes a variety of other issues to get
+  us closer to a release candidate.
+
+  o Major features (also in 0.2.4.23):
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes (also in 0.2.4.23):
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Major bugfixes:
+    - Perform circuit cleanup operations even when circuit
+      construction operations are disabled (because the network is
+      disabled, or because there isn't enough directory information).
+      Previously, when we were not building predictive circuits, we
+      were not closing expired circuits either. Fixes bug 8387; bugfix on
+      0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
+      became more strict about when we have "enough directory information
+      to build circuits".
+
+  o Minor features:
+    - Authorities now assign the Guard flag to the fastest 25% of the
+      network (it used to be the fastest 50%). Also raise the consensus
+      weight that guarantees the Guard flag from 250 to 2000. For the
+      current network, this results in about 1100 guards, down from 2500.
+      This step paves the way for moving the number of entry guards
+      down to 1 (proposal 236) while still providing reasonable expected
+      performance for most users. Implements ticket 12690.
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+    - Slightly enhance the diagnostic message for bug 12184.
+
+  o Minor bugfixes (also in 0.2.4.23):
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Fix compilation when building with bufferevents enabled. (This
+      configuration is still not expected to work, however.)
+      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
+      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
+      Gunasekaran.
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+
+
+Changes in version 0.2.4.23 - 2014-07-28
+  Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
+  guard rotation, and also backports several important fixes from the
+  Tor 0.2.5 alpha release series.
+
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes:
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Minor bugfixes:
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+    - Avoid an illegal read from stack when initializing the TLS
+      module using a version of OpenSSL without all of the ciphers
+      used by the v2 link handshake. Fixes bug 12227; bugfix on
+      0.2.4.8-alpha.  Found by "starlight".
+
+  o Minor features:
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.5.5-alpha - 2014-06-18
   Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
   0.2.5.x release series, including a couple of DoS issues, some
@@ -293,7 +3696,7 @@ Changes in version 0.2.5.5-alpha - 2014-06-18
 
   o Removed code:
     - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
-      and MTBF calculations, but that nobody was using. Fixes #11742.
+      and MTBF calculations, but that nobody was using. Fixes ticket 11742.
     - The TunnelDirConns and PreferTunnelledDirConns options no longer
       exist; tunneled directory connections have been available since
       0.1.2.5-alpha, and turning them off is not a good idea. This is a
@@ -2936,7 +6339,7 @@ Changes in version 0.2.3.23-rc - 2012-10-20
     - Correct file sizes when reading binary files on Cygwin, to avoid
       a bug where Tor would fail to read its state file. Fixes bug 6844;
       bugfix on 0.1.2.7-alpha.
-    - Avoid undefined behaviour when parsing the list of supported
+    - Avoid undefined behavior when parsing the list of supported
       rendezvous/introduction protocols in a hidden service descriptor.
       Previously, Tor would have confused (as-yet-unused) protocol version
       numbers greater than 32 with lower ones on many platforms. Fixes
@@ -3012,7 +6415,7 @@ Changes in version 0.2.4.3-alpha - 2012-09-22
     - Reject consensus votes with more than 64 known-flags. We aren't even
       close to that limit yet, and our code doesn't handle it correctly.
       Fixes bug 6833; bugfix on 0.2.0.1-alpha.
-    - Avoid undefined behaviour when parsing the list of supported
+    - Avoid undefined behavior when parsing the list of supported
       rendezvous/introduction protocols in a hidden service descriptor.
       Previously, Tor would have confused (as-yet-unused) protocol version
       numbers greater than 32 with lower ones on many platforms. Fixes
@@ -4449,7 +7852,7 @@ Changes in version 0.2.3.11-alpha - 2012-01-22
       be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
       option. Fixes part of bug 1297; bugfix on 0.2.2.2-alpha.
     - Don't close hidden-service-side rendezvous circuits when they
-      reach the normal circuit-build timeout. This behaviour change can
+      reach the normal circuit-build timeout. This behavior change can
       be disabled using the new
       CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
       remaining part of bug 1297; bugfix on 0.2.2.2-alpha.
@@ -6030,14 +9433,14 @@ Changes in version 0.2.2.29-beta - 2011-06-20
       directory's group would be checked against the current group, not
       the configured group. Patch by Jérémy Bobbio. Fixes bug 3393;
       bugfix on 0.2.2.26-beta.
-    - Make connection_printf_to_buf()'s behaviour sane. Its callers
+    - Make connection_printf_to_buf()'s behavior sane. Its callers
       expect it to emit a CRLF iff the format string ends with CRLF;
       it actually emitted a CRLF iff (a) the format string ended with
       CRLF or (b) the resulting string was over 1023 characters long or
       (c) the format string did not end with CRLF *and* the resulting
       string was 1021 characters long or longer. Bugfix on 0.1.1.9-alpha;
       fixes part of bug 3407.
-    - Make send_control_event_impl()'s behaviour sane. Its callers
+    - Make send_control_event_impl()'s behavior sane. Its callers
       expect it to always emit a CRLF at the end of the string; it
       might have emitted extra control characters as well. Bugfix on
       0.1.1.9-alpha; fixes another part of bug 3407.
@@ -6296,7 +9699,7 @@ Changes in version 0.2.2.26-beta - 2011-05-17
       at least _half_ the length of the store, not _twice_ the length
       of the store. Bugfix on 0.2.2.6-alpha; fixes part of bug 2230.
     - Fix a potential null-pointer dereference while computing a
-      consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of
+      consensus. Bugfix on 0.2.0.3-alpha, found with the help of
       clang's analyzer.
     - Avoid a possible null-pointer dereference when rebuilding the mdesc
       cache without actually having any descriptors to cache. Bugfix on
@@ -8138,7 +11541,7 @@ Changes in version 0.2.2.9-alpha - 2010-02-22
     - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by
       "memcpyfail".
     - Make the DNSPort option work with libevent 2.x. Don't alter the
-      behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+      behavior for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
     - Emit a GUARD DROPPED controller event for a case we missed.
     - Make more fields in the controller protocol case-insensitive, since
       control-spec.txt said they were.
diff --git a/Doxyfile.in b/Doxyfile.in
index 344ee27149..a39348f2cb 100644
--- a/Doxyfile.in
+++ b/Doxyfile.in
@@ -38,7 +38,7 @@ PROJECT_NUMBER         = @VERSION@
 # If a relative path is entered, it will be relative to the location 
 # where doxygen was started. If left blank the current directory will be used.
 
-OUTPUT_DIRECTORY       = ./doc/doxygen
+OUTPUT_DIRECTORY       = @top_builddir@/doc/doxygen
 
 # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
 # 4096 sub-directories (in 2 levels) under the output directory of each output 
@@ -534,8 +534,8 @@ WARN_LOGFILE           =
 # directories like "/usr/src/myproject". Separate the files or directories 
 # with spaces.
 
-INPUT                  = src/common \
-                         src/or
+INPUT                  = @top_srcdir@/src/common \
+                         @top_srcdir@/src/or
 
 # This tag can be used to specify the character encoding of the source files 
 # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is 
diff --git a/LICENSE b/LICENSE
index 4ebab1823f..bc0ac4195b 100644
--- a/LICENSE
+++ b/LICENSE
@@ -13,7 +13,7 @@ Tor is distributed under this license:
 
 Copyright (c) 2001-2004, Roger Dingledine
 Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-Copyright (c) 2007-2013, The Tor Project, Inc.
+Copyright (c) 2007-2016, The Tor Project, Inc.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -122,6 +122,38 @@ src/ext/csiphash.c is licensed under the following license:
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  THE SOFTWARE.
+===============================================================================
+Trunnel is distributed under this license:
+
+Copyright 2014  The Tor Project, Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+    * Neither the names of the copyright owners nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ===============================================================================
 src/config/geoip is licensed under the following license:
@@ -159,7 +191,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 DATABASE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ===============================================================================
 m4/pc_from_ucontext.m4 is available under the following license.  Note that
-it is *not* built into the Tor license.
+it is *not* built into the Tor software.
 
 Copyright (c) 2005, Google Inc.
 All rights reserved.
@@ -191,6 +223,54 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ===============================================================================
+m4/pkg.m4 is available under the following license.  Note that
+it is *not* built into the Tor software.
+
+pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
+serial 1 (pkg-config-0.24)
+
+Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+As a special exception to the GNU General Public License, if you
+distribute this file as part of a program that contains a
+configuration script generated by Autoconf, you may include it under
+the same distribution terms that you use for the rest of that program.
+===============================================================================
+src/ext/readpassphrase.[ch] are distributed under this license:
+
+  Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+
+  Permission to use, copy, modify, and distribute this software for any
+  purpose with or without fee is hereby granted, provided that the above
+  copyright notice and this permission notice appear in all copies.
+
+  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+  ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+  Sponsored in part by the Defense Advanced Research Projects
+  Agency (DARPA) and Air Force Research Laboratory, Air Force
+  Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+===============================================================================
 If you got Tor as a static binary with OpenSSL included, then you should know:
  "This product includes software developed by the OpenSSL Project
  for use in the OpenSSL Toolkit (http://www.openssl.org/)"
diff --git a/Makefile.am b/Makefile.am
index 6eceb761f4..cd88264264 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,12 +1,8 @@
 # Copyright (c) 2001-2004, Roger Dingledine
 # Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-# Copyright (c) 2007-2011, The Tor Project, Inc.
+# Copyright (c) 2007-2015, The Tor Project, Inc.
 # See LICENSE for licensing information
 
-# "foreign" means we don't follow GNU package layout standards
-# 1.9 means we require automake vesion 1.9
-AUTOMAKE_OPTIONS = foreign 1.9 subdir-objects
-
 ACLOCAL_AMFLAGS = -I m4
 
 noinst_LIBRARIES=
@@ -19,11 +15,19 @@ noinst_PROGRAMS=
 DISTCLEANFILES=
 bin_SCRIPTS=
 AM_CPPFLAGS=
+AM_CFLAGS = @TOR_SYSTEMD_CFLAGS@
+SHELL = @SHELL@
+
+if COVERAGE_ENABLED
+TESTING_TOR_BINARY="$(top_builddir)/src/or/tor-cov"
+else
+TESTING_TOR_BINARY="$(top_builddir)/src/or/tor"
+endif
+
 include src/include.am
 include doc/include.am
 include contrib/include.am
 
-
 EXTRA_DIST+= \
 	ChangeLog					\
 	INSTALL						\
@@ -34,10 +38,21 @@ EXTRA_DIST+= \
 
 if COVERAGE_ENABLED
 TEST_CFLAGS=-fno-inline -fprofile-arcs -ftest-coverage
+if DISABLE_ASSERTS_IN_UNIT_TESTS
+TEST_CPPFLAGS=-DTOR_UNIT_TESTS -DTOR_COVERAGE -DDISABLE_ASSERTS_IN_UNIT_TESTS
+else
+TEST_CPPFLAGS=-DTOR_UNIT_TESTS -DTOR_COVERAGE
+endif
+TEST_NETWORK_FLAGS=--coverage --hs-multi-client 1
 else
 TEST_CFLAGS=
+TEST_CPPFLAGS=-DTOR_UNIT_TESTS
+TEST_NETWORK_FLAGS=--hs-multi-client 1
 endif
 
+TEST_NETWORK_ALL_LOG_DIR=$(top_builddir)/test_network_log
+TEST_NETWORK_ALL_DRIVER_FLAGS=--color-tests yes
+
 #install-data-local:
 #	$(INSTALL) -m 755 -d $(LOCALSTATEDIR)/lib/tor
 
@@ -58,38 +73,133 @@ dist-rpm: dist-gzip
 	echo "RPM build finished";						\
 	#end of dist-rpm
 
-dist: check
-
 doxygen:
 	doxygen && cd doc/doxygen/latex && make
 
 test: all
-	./src/test/test
+	$(top_builddir)/src/test/test
+
+need-chutney-path:
+	@if test ! -d "$$CHUTNEY_PATH"; then \
+		echo '$$CHUTNEY_PATH was not set.'; \
+		if test -d $(top_srcdir)/../chutney -a -x $(top_srcdir)/../chutney/chutney; then \
+			echo "Assuming test-network.sh will find" $(top_srcdir)/../chutney; \
+		else \
+			echo; \
+			echo "To run these tests, git clone https://git.torproject.org/chutney.git ; export CHUTNEY_PATH=\`pwd\`/chutney"; \
+			exit 1; \
+		fi \
+	fi
 
 # Note that test-network requires a copy of Chutney in $CHUTNEY_PATH.
 # Chutney can be cloned from https://git.torproject.org/chutney.git .
-test-network: all
-	./src/test/test-network.sh
+test-network: need-chutney-path all
+	$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_FLAGS)
+
+# Run all available tests using automake's test-driver
+# only run IPv6 tests if we can ping6 ::1 (localhost)
+# some IPv6 tests will fail without an IPv6 DNS server (see #16971 and #17011)
+# only run mixed tests if we have a tor-stable binary
+# see #17015 for autodetection of different tor versions
+test-network-all: need-chutney-path all test-driver
+	mkdir -p $(TEST_NETWORK_ALL_LOG_DIR)
+	@flavors="$(TEST_CHUTNEY_FLAVORS)"; \
+	if ping6 -q -c 1 -o ::1 >/dev/null 2>&1; then \
+		echo "ping6 ::1 succeeded, running IPv6 flavors: $(TEST_CHUTNEY_FLAVORS_IPV6)."; \
+		flavors="$$flavors $(TEST_CHUTNEY_FLAVORS_IPV6)"; \
+	else \
+		echo "ping6 ::1 failed, skipping IPv6 flavors: $(TEST_CHUTNEY_FLAVORS_IPV6)."; \
+		skip_flavors="$$skip_flavors $(TEST_CHUTNEY_FLAVORS_IPV6)"; \
+	fi; \
+	if command -v tor-stable >/dev/null 2>&1; then \
+		echo "tor-stable found, running mixed flavors: $(TEST_CHUTNEY_FLAVORS_MIXED)."; \
+		flavors="$$flavors $(TEST_CHUTNEY_FLAVORS_MIXED)"; \
+	else \
+		echo "tor-stable not found, skipping mixed flavors: $(TEST_CHUTNEY_FLAVORS_MIXED)."; \
+		skip_flavors="$$skip_flavors $(TEST_CHUTNEY_FLAVORS_MIXED)"; \
+	fi; \
+	for f in $$skip_flavors; do \
+		echo "SKIP: $$f"; \
+	done; \
+	for f in $$flavors; do \
+		./test-driver --test-name $$f --log-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.log --trs-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.trs $(TEST_NETWORK_ALL_DRIVER_FLAGS) $(top_srcdir)/src/test/test-network.sh --flavor $$f $(TEST_NETWORK_FLAGS); \
+	done; \
+	echo "Log and result files are available in $(TEST_NETWORK_ALL_LOG_DIR)."; \
+	! grep -q FAIL test_network_log/*.trs
+
+need-stem-path:
+	@if test ! -d "$$STEM_SOURCE_DIR"; then \
+		echo '$$STEM_SOURCE_DIR was not set.'; echo; \
+		echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
+		exit 1; \
+	fi
+
+test-stem: need-stem-path all
+	@$(PYTHON) "$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL;
+
+test-stem-full: need-stem-path all
+	@$(PYTHON) "$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL,ONLINE -v;
+
+test-full: need-stem-path need-chutney-path check test-network test-stem
+
+test-full-online: need-stem-path need-chutney-path check test-network test-stem-full
 
 reset-gcov:
-	rm -f src/*/*.gcda
+	rm -f $(top_builddir)/src/*/*.gcda $(top_builddir)/src/*/*/*.gcda
+
+HTML_COVER_DIR=$(top_builddir)/coverage_html
+coverage-html: all
+if COVERAGE_ENABLED
+	test -e "`which lcov`" || (echo "lcov must be installed. See <http://ltp.sourceforge.net/coverage/lcov.php>." && false)
+	test -d "$(HTML_COVER_DIR)" || $(MKDIR_P) "$(HTML_COVER_DIR)"
+	lcov --rc lcov_branch_coverage=1 --directory $(top_builddir)/src --zerocounters
+	$(MAKE) reset-gcov
+	$(MAKE) check
+	lcov --capture --rc lcov_branch_coverage=1 --no-external --directory $(top_builddir) --base-directory $(top_srcdir) --output-file "$(HTML_COVER_DIR)/lcov.tmp"
+	lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
+	genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
+else
+	@printf "Not configured with --enable-coverage, run ./configure --enable-coverage\n"
+endif
+
+coverage-html-full: all
+	test -e "`which lcov`" || (echo "lcov must be installed. See <http://ltp.sourceforge.net/coverage/lcov.php>." && false)
+	test -d "$(HTML_COVER_DIR)" || mkdir -p "$(HTML_COVER_DIR)"
+	lcov --rc lcov_branch_coverage=1 --directory ./src --zerocounters
+	$(MAKE) reset-gcov
+	$(MAKE) check
+	$(MAKE) test-stem-full
+	CHUTNEY_TOR=tor-cov CHUTNEY_TOR_GENCERT=tor-cov-gencert $(top_srcdir)/src/test/test-network.sh
+	CHUTNEY_TOR=tor-cov CHUTNEY_TOR_GENCERT=tor-cov-gencert $(top_srcdir)/src/test/test-network.sh --flavor hs
+	lcov --capture --rc lcov_branch_coverage=1 --no-external --directory . --output-file "$(HTML_COVER_DIR)/lcov.tmp"
+	lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
+	genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
 
 # Avoid strlcpy.c, strlcat.c, aes.c, OpenBSD_malloc_Linux.c, sha256.c,
 # eventdns.[hc], tinytest*.[ch]
 check-spaces:
-	./scripts/maint/checkSpace.pl -C              \
-		src/common/*.[ch]		      \
-		src/or/*.[ch]			      \
-		src/test/*.[ch]			      \
-		src/tools/*.[ch]		      \
-		src/tools/tor-fw-helper/*.[ch]
+	$(top_srcdir)/scripts/maint/checkSpace.pl -C \
+		$(top_srcdir)/src/common/*.[ch] \
+		$(top_srcdir)/src/or/*.[ch] \
+		$(top_srcdir)/src/test/*.[ch] \
+		$(top_srcdir)/src/tools/*.[ch]
 
-check-docs:
-	./scripts/maint/checkOptionDocs.pl
+check-docs: all
+	$(PERL) $(top_builddir)/scripts/maint/checkOptionDocs.pl
 
 check-logs:
-	./scripts/maint/checkLogs.pl                  \
-		src/*/*.[ch] | sort -n
+	$(top_srcdir)/scripts/maint/checkLogs.pl \
+		$(top_srcdir)/src/*/*.[ch] | sort -n
+
+.PHONY: check-changes
+check-changes:
+	@if test -d "$(top_srcdir)/changes"; then \
+		$(PYTHON) $(top_srcdir)/scripts/maint/lintChanges.py $(top_srcdir)/changes/*; \
+		fi
+
+.PHONY: update-versions
+update-versions:
+	$(PERL) $(top_builddir)/scripts/maint/updateVersions.pl
 
 version:
 	@echo "Tor @VERSION@"
@@ -99,4 +209,7 @@ version:
 	fi
 
 mostlyclean-local:
-	rm -f src/*/*.gc{da,no}
+	rm -f $(top_builddir)/src/*/*.gc{da,no} $(top_builddir)/src/*/*/*.gc{da,no}
+	rm -rf $(HTML_COVER_DIR)
+	rm -rf $(top_builddir)/doc/doxygen
+	rm -rf $(TEST_NETWORK_ALL_LOG_DIR)
diff --git a/README b/README
index e878476aa6..d246a6930e 100644
--- a/README
+++ b/README
@@ -6,6 +6,9 @@ configure it properly.
 To build Tor from source:
         ./configure && make && make install
 
+To build Tor from a just-cloned git repository:
+        sh autogen.sh && ./configure && make && make install
+
 Home page:
         https://www.torproject.org/
 
@@ -23,4 +26,4 @@ Frequently Asked Questions:
 
 
 To get started working on Tor development:
-        See the doc/HACKING file.
+        See the doc/HACKING directory.
diff --git a/ReleaseNotes b/ReleaseNotes
index 19185a2968..ba5de30c01 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -1,8 +1,2982 @@
-
 This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
+Changes in version 0.2.7.6 - 2015-12-10
+  Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
+  well as a minor bug in hidden service reliability.
+
+  o Major bugfixes (guard selection):
+    - Actually look at the Guard flag when selecting a new directory
+      guard. When we implemented the directory guard design, we
+      accidentally started treating all relays as if they have the Guard
+      flag during guard selection, leading to weaker anonymity and worse
+      performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
+      by Mohsen Imani.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - When checking for net/pfvar.h, include netinet/in.h if possible.
+      This fixes transparent proxy detection on OpenBSD. Fixes bug
+      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
+    - Fix a compilation warning with Clang 3.6: Do not check the
+      presence of an address which can never be NULL. Fixes bug 17781.
+
+  o Minor bugfixes (correctness):
+    - When displaying an IPv6 exit policy, include the mask bits
+      correctly even when the number is greater than 31. Fixes bug
+      16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
+    - The wrong list was used when looking up expired intro points in a
+      rend service object, causing what we think could be reachability
+      issues for hidden services, and triggering a BUG log. Fixes bug
+      16702; bugfix on 0.2.7.2-alpha.
+    - Fix undefined behavior in the tor_cert_checksig function. Fixes
+      bug 17722; bugfix on 0.2.7.2-alpha.
+
+
+Changes in version 0.2.7.5 - 2015-11-20
+  The Tor 0.2.7 release series is dedicated to the memory of Tor user
+  and privacy advocate Caspar Bowden (1961-2015). Caspar worked
+  tirelessly to advocate human rights regardless of national borders,
+  and oppose the encroachments of mass surveillance. He opposed national
+  exceptionalism, he brought clarity to legal and policy debates, he
+  understood and predicted the impact of mass surveillance on the world,
+  and he laid the groundwork for resisting it. While serving on the Tor
+  Project's board of directors, he brought us his uncompromising focus
+  on technical excellence in the service of humankind. Caspar was an
+  inimitable force for good and a wonderful friend. He was kind,
+  humorous, generous, gallant, and believed we should protect one
+  another without exception. We honor him here for his ideals, his
+  efforts, and his accomplishments. Please honor his memory with works
+  that would make him proud.
+
+  Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.
+
+  The 0.2.7 series adds a more secure identity key type for relays,
+  improves cryptography performance, resolves several longstanding
+  hidden-service performance issues, improves controller support for
+  hidden services, and includes small bugfixes and performance
+  improvements throughout the program. This release series also includes
+  more tests than before, and significant simplifications to which parts
+  of Tor invoke which others. For a full list of changes, see below.
+
+  o New system requirements:
+    - Tor no longer includes workarounds to support Libevent versions
+      before 1.3e. Libevent 2.0 or later is recommended. Closes
+      ticket 15248.
+    - Tor no longer supports copies of OpenSSL that are missing support
+      for Elliptic Curve Cryptography. (We began using ECC when
+      available in 0.2.4.8-alpha, for more safe and efficient key
+      negotiation.) In particular, support for at least one of P256 or
+      P224 is now required, with manual configuration needed if only
+      P224 is available. Resolves ticket 16140.
+    - Tor no longer supports versions of OpenSSL before 1.0. (If you are
+      on an operating system that has not upgraded to OpenSSL 1.0 or
+      later, and you compile Tor from source, you will need to install a
+      more recent OpenSSL to link Tor against.) These versions of
+      OpenSSL are still supported by the OpenSSL, but the numerous
+      cryptographic improvements in later OpenSSL releases makes them a
+      clear choice. Resolves ticket 16034.
+
+  o Major features (controller):
+    - Add the ADD_ONION and DEL_ONION commands that allow the creation
+      and management of hidden services via the controller. Closes
+      ticket 6411.
+    - New "GETINFO onions/current" and "GETINFO onions/detached"
+      commands to get information about hidden services created via the
+      controller. Part of ticket 6411.
+    - New HSFETCH command to launch a request for a hidden service
+      descriptor. Closes ticket 14847.
+    - New HSPOST command to upload a hidden service descriptor. Closes
+      ticket 3523. Patch by "DonnchaC".
+
+  o Major features (Ed25519 identity keys, Proposal 220):
+    - Add support for offline encrypted Ed25519 master keys. To use this
+      feature on your tor relay, run "tor --keygen" to make a new master
+      key (or to make a new signing key if you already have a master
+      key). Closes ticket 13642.
+    - All relays now maintain a stronger identity key, using the Ed25519
+      elliptic curve signature format. This master key is designed so
+      that it can be kept offline. Relays also generate an online
+      signing key, and a set of other Ed25519 keys and certificates.
+      These are all automatically regenerated and rotated as needed.
+      Implements part of ticket 12498.
+    - Directory authorities now vote on Ed25519 identity keys along with
+      RSA1024 keys. Implements part of ticket 12498.
+    - Directory authorities track which Ed25519 identity keys have been
+      used with which RSA1024 identity keys, and do not allow them to
+      vary freely. Implements part of ticket 12498.
+    - Microdescriptors now include Ed25519 identity keys. Implements
+      part of ticket 12498.
+    - Add a --newpass option to allow changing or removing the
+      passphrase of an encrypted key with tor --keygen. Implements part
+      of ticket 16769.
+    - Add a new OfflineMasterKey option to tell Tor never to try loading
+      or generating a secret Ed25519 identity key. You can use this in
+      combination with tor --keygen to manage offline and/or encrypted
+      Ed25519 keys. Implements ticket 16944.
+    - On receiving a HUP signal, check to see whether the Ed25519
+      signing key has changed, and reload it if so. Closes ticket 16790.
+    - Significant usability improvements for Ed25519 key management. Log
+      messages are better, and the code can recover from far more
+      failure conditions. Thanks to "s7r" for reporting and diagnosing
+      so many of these!
+
+  o Major features (ECC performance):
+    - Improve the runtime speed of Ed25519 signature verification by
+      using Ed25519-donna's batch verification support. Implements
+      ticket 16533.
+    - Improve the speed of Ed25519 operations and Curve25519 keypair
+      generation when built targeting 32 bit x86 platforms with SSE2
+      available. Implements ticket 16535.
+    - Improve the runtime speed of Ed25519 operations by using the
+      public-domain Ed25519-donna by Andrew M. ("floodyberry").
+      Implements ticket 16467.
+    - Improve the runtime speed of the ntor handshake by using an
+      optimized curve25519 basepoint scalarmult implementation from the
+      public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
+      ideas by Adam Langley. Implements ticket 9663.
+
+  o Major features (Hidden services):
+    - Hidden services, if using the EntryNodes option, are required to
+      use more than one EntryNode, in order to avoid a guard discovery
+      attack. (This would only affect people who had configured hidden
+      services and manually specified the EntryNodes option with a
+      single entry-node. The impact was that it would be easy to
+      remotely identify the guard node used by such a hidden service.
+      See ticket for more information.) Fixes ticket 14917.
+    - Add the torrc option HiddenServiceNumIntroductionPoints, to
+      specify a fixed number of introduction points. Its maximum value
+      is 10 and default is 3. Using this option can increase a hidden
+      service's reliability under load, at the cost of making it more
+      visible that the hidden service is facing extra load. Closes
+      ticket 4862.
+    - Remove the adaptive algorithm for choosing the number of
+      introduction points, which used to change the number of
+      introduction points (poorly) depending on the number of
+      connections the HS sees. Closes ticket 4862.
+
+  o Major features (onion key cross-certification):
+    - Relay descriptors now include signatures of their own identity
+      keys, made using the TAP and ntor onion keys. These signatures
+      allow relays to prove ownership of their own onion keys. Because
+      of this change, microdescriptors will no longer need to include
+      RSA identity keys. Implements proposal 228; closes ticket 12499.
+
+  o Major bugfixes (client-side privacy, also in 0.2.6.9):
+    - Properly separate out each SOCKSPort when applying stream
+      isolation. The error occurred because each port's session group
+      was being overwritten by a default value when the listener
+      connection was initialized. Fixes bug 16247; bugfix on
+      0.2.6.3-alpha. Patch by "jojelino".
+
+  o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
+    - Stop refusing to store updated hidden service descriptors on a
+      client. This reverts commit 9407040c59218 (which indeed fixed bug
+      14219, but introduced a major hidden service reachability
+      regression detailed in bug 16381). This is a temporary fix since
+      we can live with the minor issue in bug 14219 (it just results in
+      some load on the network) but the regression of 16381 is too much
+      of a setback. First-round fix for bug 16381; bugfix
+      on 0.2.6.3-alpha.
+
+  o Major bugfixes (hidden services):
+    - Revert commit that made directory authorities assign the HSDir
+      flag to relay without a DirPort; this was bad because such relays
+      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+      on 0.2.6.3-alpha.
+    - When cannibalizing a circuit for an introduction point, always
+      extend to the chosen exit node (creating a 4 hop circuit).
+      Previously Tor would use the current circuit exit node, which
+      changed the original choice of introduction point, and could cause
+      the hidden service to skip excluded introduction points or
+      reconnect to a skipped introduction point. Fixes bug 16260; bugfix
+      on 0.1.0.1-rc.
+
+  o Major bugfixes (memory leaks):
+    - Fix a memory leak in ed25519 batch signature checking. Fixes bug
+      17398; bugfix on 0.2.6.1-alpha.
+
+  o Major bugfixes (open file limit):
+    - The open file limit wasn't checked before calling
+      tor_accept_socket_nonblocking(), which would make Tor exceed the
+      limit. Now, before opening a new socket, Tor validates the open
+      file limit just before, and if the max has been reached, return an
+      error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
+
+  o Major bugfixes (security, correctness):
+    - Fix an error that could cause us to read 4 bytes before the
+      beginning of an openssl string. This bug could be used to cause
+      Tor to crash on systems with unusual malloc implementations, or
+      systems with unusual hardening installed. Fixes bug 17404; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (stability, also in 0.2.6.10):
+    - Stop crashing with an assertion failure when parsing certain kinds
+      of malformed or truncated microdescriptors. Fixes bug 16400;
+      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+      by "cypherpunks_backup".
+    - Stop random client-side assertion failures that could occur when
+      connecting to a busy hidden service, or connecting to a hidden
+      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor features (client, SOCKS):
+    - Add GroupWritable and WorldWritable options to unix-socket based
+      SocksPort and ControlPort options. These options apply to a single
+      socket, and override {Control,Socks}SocketsGroupWritable. Closes
+      ticket 15220.
+    - Relax the validation done to hostnames in SOCKS5 requests, and
+      allow a single trailing '.' to cope with clients that pass FQDNs
+      using that syntax to explicitly indicate that the domain name is
+      fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
+    - Relax the validation of hostnames in SOCKS5 requests, allowing the
+      character '_' to appear, in order to cope with domains observed in
+      the wild that are serving non-RFC compliant records. Resolves
+      ticket 16430.
+
+  o Minor features (client-side privacy):
+    - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit
+      lifespan when IsolateSOCKSAuth and streams with SOCKS
+      authentication are attached to the circuit. This allows
+      applications like TorBrowser to manage circuit lifetime on their
+      own. Implements feature 15482.
+    - When logging malformed hostnames from SOCKS5 requests, respect
+      SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
+
+  o Minor features (clock-jump tolerance):
+    - Recover better when our clock jumps back many hours, like might
+      happen for Tails or Whonix users who start with a very wrong
+      hardware clock, use Tor to discover a more accurate time, and then
+      fix their clock. Resolves part of ticket 8766.
+
+  o Minor features (command-line interface):
+    - Make --hash-password imply --hush to prevent unnecessary noise.
+      Closes ticket 15542. Patch from "cypherpunks".
+    - Print a warning whenever we find a relative file path being used
+      as torrc option. Resolves issue 14018.
+
+  o Minor features (compilation):
+    - Give a warning as early as possible when trying to build with an
+      unsupported OpenSSL version. Closes ticket 16901.
+    - Use C99 variadic macros when the compiler is not GCC. This avoids
+      failing compilations on MSVC, and fixes a log-file-based race
+      condition in our old workarounds. Original patch from Gisle Vanem.
+
+  o Minor features (control protocol):
+    - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
+      the control protocol. Resolves ticket 15358.
+
+  o Minor features (controller):
+    - Add DirAuthority lines for default directory authorities to the
+      output of the "GETINFO config/defaults" command if not already
+      present. Implements ticket 14840.
+    - Controllers can now use "GETINFO hs/client/desc/id/..." to
+      retrieve items from the client's hidden service descriptor cache.
+      Closes ticket 14845.
+    - Implement a new controller command "GETINFO status/fresh-relay-
+      descs" to fetch a descriptor/extrainfo pair that was generated on
+      demand just for the controller's use. Implements ticket 14784.
+
+  o Minor features (directory authorities):
+    - Directory authorities no longer vote against the "Fast", "Stable",
+      and "HSDir" flags just because they were going to vote against
+      "Running": if the consensus turns out to be that the router was
+      running, then the authority's vote should count. Patch from Peter
+      Retzlaff; closes issue 8712.
+
+  o Minor features (directory authorities, security, also in 0.2.6.9):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable to
+      require at the very least 7 days, while maintaining the 96 hours
+      uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor features (DoS-resistance):
+    - Make it harder for attackers to overload hidden services with
+      introductions, by blocking multiple introduction requests on the
+      same circuit. Resolves ticket 15515.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden services):
+    - Add the new options "HiddenServiceMaxStreams" and
+      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
+      limit the maximum number of simultaneous streams per circuit, and
+      optionally tear down the circuit when the limit is exceeded. Part
+      of ticket 16052.
+    - Client now uses an introduction point failure cache to know when
+      to fetch or keep a descriptor in their cache. Previously, failures
+      were recorded implicitly, but not explicitly remembered. Closes
+      ticket 16389.
+    - Relays need to have the Fast flag to get the HSDir flag. As this
+      is being written, we'll go from 2745 HSDirs down to 2342, a ~14%
+      drop. This change should make some attacks against the hidden
+      service directory system harder. Fixes ticket 15963.
+    - Turn on hidden service statistics collection by setting the torrc
+      option HiddenServiceStatistics to "1" by default. (This keeps
+      track only of the fraction of traffic used by hidden services, and
+      the total number of hidden services in existence.) Closes
+      ticket 15254.
+    - To avoid leaking HS popularity, don't cycle the introduction point
+      when we've handled a fixed number of INTRODUCE2 cells but instead
+      cycle it when a random number of introductions is reached, thus
+      making it more difficult for an attacker to find out the amount of
+      clients that have used the introduction point for a specific HS.
+      Closes ticket 15745.
+
+  o Minor features (logging):
+    - Include the Tor version in all LD_BUG log messages, since people
+      tend to cut and paste those into the bugtracker. Implements
+      ticket 15026.
+
+  o Minor features (pluggable transports):
+    - When launching managed pluggable transports on Linux systems,
+      attempt to have the kernel deliver a SIGTERM on tor exit if the
+      pluggable transport process is still running. Resolves
+      ticket 15471.
+    - When launching managed pluggable transports, setup a valid open
+      stdin in the child process that can be used to detect if tor has
+      terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" environment variable
+      can be used by implementations to detect this new behavior.
+      Resolves ticket 15435.
+
+  o Minor bugfixes (torrc exit policies):
+    - In each instance above, usage advice is provided to avoid the
+      message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
+      16069; bugfix on 0.2.4.7-alpha.
+    - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only
+      produce IPv6 wildcard addresses. Previously they would produce
+      both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
+      of bug 16069; bugfix on 0.2.4.7-alpha.
+    - When parsing torrc ExitPolicies, we now issue an info-level
+      message when expanding an "accept/reject *" line to include both
+      IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
+    - When parsing torrc ExitPolicies, we now warn for a number of cases
+      where the user's intent is likely to differ from Tor's actual
+      behavior. These include: using an IPv4 address with an accept6 or
+      reject6 line; using "private" on an accept6 or reject6 line; and
+      including any ExitPolicy lines after accept *:* or reject *:*.
+      Related to ticket 16069.
+
+  o Minor bugfixes (command-line interface):
+    - When "--quiet" is provided along with "--validate-config", do not
+      write anything to stdout on success. Fixes bug 14994; bugfix
+      on 0.2.3.3-alpha.
+    - When complaining about bad arguments to "--dump-config", use
+      stderr, not stdout.
+    - Print usage information for --dump-config when it is used without
+      an argument. Also, fix the error message to use different wording
+      and add newline at the end. Fixes bug 15541; bugfix
+      on 0.2.5.1-alpha.
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+    - Repair compilation with the most recent (unreleased, alpha)
+      vesions of OpenSSL 1.1. Fixes part of ticket 17237.
+
+  o Minor bugfixes (compilation, also in 0.2.6.9):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (configuration, unit tests):
+    - Only add the default fallback directories when the DirAuthorities,
+      AlternateDirAuthority, and FallbackDir directory config options
+      are set to their defaults. The default fallback directory list is
+      currently empty, this fix will only change tor's behavior when it
+      has default fallback directories. Includes unit tests for
+      consider_adding_dir_servers(). Fixes bug 15642; bugfix on
+      90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
+
+  o Minor bugfixes (controller):
+    - Add the descriptor ID in each HS_DESC control event. It was
+      missing, but specified in control-spec.txt. Fixes bug 15881;
+      bugfix on 0.2.5.2-alpha.
+
+  o Minor bugfixes (correctness):
+    - For correctness, avoid modifying a constant string in
+      handle_control_postdescriptor. Fixes bug 15546; bugfix
+      on 0.1.1.16-rc.
+    - Remove side-effects from tor_assert() calls. This was harmless,
+      because we never disable assertions, but it is bad style and
+      unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
+      and 0.2.0.10.
+    - When calling channel_free_list(), avoid calling smartlist_remove()
+      while inside a FOREACH loop. This partially reverts commit
+      17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
+      incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (hidden service):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+    - Remove an extraneous newline character from the end of hidden
+      service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
+      defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
+    - Allow bridge authorities to run correctly under the seccomp2
+      sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
+    - Add the "hidserv-stats" filename to our sandbox filter for the
+      HiddenServiceStatistics option to work properly. Fixes bug 17354;
+      bugfix on 0.2.6.2-alpha. Patch from David Goulet.
+
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
+    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+      these when eventfd2() support is missing. Fixes bug 16363; bugfix
+      on 0.2.6.3-alpha. Patch from "teor".
+
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+    - Fix sandboxing to work when running as a relay, by allowing the
+      renaming of secret_id_key, and allowing the eventfd2 and futex
+      syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (logging):
+    - When building Tor under Clang, do not include an extra set of
+      parentheses in log messages that include function names. Fixes bug
+      15269; bugfix on every released version of Tor when compiled with
+      recent enough Clang.
+
+  o Minor bugfixes (network):
+    - When attempting to use fallback technique for network interface
+      lookup, disregard loopback and multicast addresses since they are
+      unsuitable for public communications.
+
+  o Minor bugfixes (open file limit):
+    - Fix set_max_file_descriptors() to set by default the max open file
+      limit to the current limit when setrlimit() fails. Fixes bug
+      16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet.
+
+  o Minor bugfixes (portability):
+    - Check correctly for Windows socket errors in the workqueue
+      backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
+    - Try harder to normalize the exit status of the Tor process to the
+      standard-provided range. Fixes bug 16975; bugfix on every version
+      of Tor ever.
+    - Use libexecinfo on FreeBSD to enable backtrace support. Fixes part
+      of bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak.
+
+  o Minor bugfixes (relay):
+    - Ensure that worker threads actually exit when a fatal error or
+      shutdown is indicated. This fix doesn't currently affect the
+      behavior of Tor, because Tor workers never indicates fatal error
+      or shutdown except in the unit tests. Fixes bug 16868; bugfix
+      on 0.2.6.3-alpha.
+    - Fix a rarely-encountered memory leak when failing to initialize
+      the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch
+      from "cypherpunks".
+    - Unblock threads before releasing the work queue mutex to ensure
+      predictable scheduling behavior. Fixes bug 16644; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (security, exit policies):
+    - ExitPolicyRejectPrivate now also rejects the relay's published
+      IPv6 address (if any), and any publicly routable IPv4 or IPv6
+      addresses on any local interfaces. ticket 17027. Patch by "teor".
+      Fixes bug 17027; bugfix on 0.2.0.11-alpha.
+
+  o Minor bugfixes (statistics):
+    - Disregard the ConnDirectionStatistics torrc options when Tor is
+      not a relay since in that mode of operation no sensible data is
+      being collected and because Tor might run into measurement hiccups
+      when running as a client for some time, then becoming a relay.
+      Fixes bug 15604; bugfix on 0.2.2.35.
+
+  o Minor bugfixes (systemd):
+    - Tor's systemd unit file no longer contains extraneous spaces.
+      These spaces would sometimes confuse tools like deb-systemd-
+      helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
+
+  o Minor bugfixes (test networks):
+    - When self-testing reachability, use ExtendAllowPrivateAddresses to
+      determine if local/private addresses imply reachability. The
+      previous fix used TestingTorNetwork, which implies
+      ExtendAllowPrivateAddresses, but this excluded rare configurations
+      where ExtendAllowPrivateAddresses is set but TestingTorNetwork is
+      not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor",
+      issue discovered by CJ Ess.
+
+  o Minor bugfixes (tests, also in 0.2.6.9):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+  o Code simplification and refactoring:
+    - Change the function that's called when we need to retry all
+      downloads so that it only reschedules the downloads to happen
+      immediately, rather than launching them all at once itself. This
+      further simplifies Tor's callgraph.
+    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
+      to ensure they remain consistent and visible everywhere.
+    - Move some format-parsing functions out of crypto.c and
+      crypto_curve25519.c into crypto_format.c and/or util_format.c.
+    - Move the client-only parts of init_keys() into a separate
+      function. Closes ticket 16763.
+    - Move the hacky fallback code out of get_interface_address6() into
+      separate function and get it covered with unit-tests. Resolves
+      ticket 14710.
+    - Refactor hidden service client-side cache lookup to intelligently
+      report its various failure cases, and disentangle failure cases
+      involving a lack of introduction points. Closes ticket 14391.
+    - Remove some vestigial workarounds for the MSVC6 compiler. We
+      haven't supported that in ages.
+    - Remove the unused "nulterminate" argument from buf_pullup().
+    - Simplify the microdesc_free() implementation so that it no longer
+      appears (to code analysis tools) to potentially invoke a huge
+      suite of other microdesc functions.
+    - Simply the control graph further by deferring the inner body of
+      directory_all_unreachable() into a callback. Closes ticket 16762.
+    - The link authentication code has been refactored for better
+      testability and reliability. It now uses code generated with the
+      "trunnel" binary encoding generator, to reduce the risk of bugs
+      due to programmer error. Done as part of ticket 12498.
+    - Treat the loss of an owning controller as equivalent to a SIGTERM
+      signal. This removes a tiny amount of duplicated code, and
+      simplifies our callgraph. Closes ticket 16788.
+    - Use our own Base64 encoder instead of OpenSSL's, to allow more
+      control over the output. Part of ticket 15652.
+    - When generating an event to send to the controller, we no longer
+      put the event over the network immediately. Instead, we queue
+      these events, and use a Libevent callback to deliver them. This
+      change simplifies Tor's callgraph by reducing the number of
+      functions from which all other Tor functions are reachable. Closes
+      ticket 16695.
+    - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
+      that try to scan or compile every file on Unix won't decide that
+      they are broken.
+
+  o Documentation:
+    - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
+    - Improve the descriptions of statistics-related torrc options in
+      the manpage to describe rationale and possible uses cases. Fixes
+      issue 15550.
+    - Improve the layout and formatting of ./configure --help messages.
+      Closes ticket 15024. Patch from "cypherpunks".
+    - Include a specific and (hopefully) accurate documentation of the
+      torrc file's meta-format in doc/torrc_format.txt. This is mainly
+      of interest to people writing programs to parse or generate torrc
+      files. This document is not a commitment to long-term
+      compatibility; some aspects of the current format are a bit
+      ridiculous. Closes ticket 2325.
+    - Include the TUNING document in our source tarball. It is referred
+      to in the ChangeLog and an error message. Fixes bug 16929; bugfix
+      on 0.2.6.1-alpha.
+    - Note that HiddenServicePorts can take a unix domain socket. Closes
+      ticket 17364.
+    - Recommend a 40 GB example AccountingMax in torrc.sample rather
+      than a 4 GB max. Closes ticket 16742.
+    - Standardize on the term "server descriptor" in the manual page.
+      Previously, we had used "router descriptor", "server descriptor",
+      and "relay descriptor" interchangeably. Part of ticket 14987.
+    - Advise users on how to configure separate IPv4 and IPv6 exit
+      policies in the manpage and sample torrcs. Related to ticket 16069.
+    - Fix an error in the manual page and comments for
+      TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
+      required "ORPort connectivity". While this is true, it is in no
+      way unique to the HSDir flag. Of all the flags, only HSDirs need a
+      DirPort configured in order for the authorities to assign that
+      particular flag. Patch by "teor". Fixed as part of 14882; bugfix
+      on 0.2.6.3-alpha.
+    - Fix the usage message of tor-resolve(1) so that it no longer lists
+      the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
+
+  o Removed code:
+    - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
+      and always use the internal Base64 decoder. The internal decoder
+      has been part of tor since 0.2.0.10-alpha, and no one should
+      be using the OpenSSL one. Part of ticket 15652.
+    - Remove the 'tor_strclear()' function; use memwipe() instead.
+      Closes ticket 14922.
+    - Remove the code that would try to aggressively flush controller
+      connections while writing to them. This code was introduced in
+      0.1.2.7-alpha, in order to keep output buffers from exceeding
+      their limits. But there is no longer a maximum output buffer size,
+      and flushing data in this way caused some undesirable recursions
+      in our call graph. Closes ticket 16480.
+    - The internal pure-C tor-fw-helper tool is now removed from the Tor
+      distribution, in favor of the pure-Go clone available from
+      https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries
+      used by the C tor-fw-helper are not, in our opinion, very
+      confidence- inspiring in their secure-programming techniques.
+      Closes ticket 13338.
+
+  o Removed features:
+    - Remove the (seldom-used) DynamicDHGroups feature. For anti-
+      fingerprinting we now recommend pluggable transports; for forward-
+      secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
+    - Remove the HidServDirectoryV2 option. Now all relays offer to
+      store hidden service descriptors. Related to 16543.
+    - Remove the VoteOnHidServDirectoriesV2 option, since all
+      authorities have long set it to 1. Closes ticket 16543.
+    - Remove the undocumented "--digests" command-line option. It
+      complicated our build process, caused subtle build issues on
+      multiple platforms, and is now redundant since we started
+      including git version identifiers. Closes ticket 14742.
+    - Tor no longer contains checks for ancient directory cache versions
+      that didn't know about microdescriptors.
+    - Tor no longer contains workarounds for stat files generated by
+      super-old versions of Tor that didn't choose guards sensibly.
+
+  o Testing:
+    - The test-network.sh script now supports performance testing.
+      Requires corresponding chutney performance testing changes. Patch
+      by "teor". Closes ticket 14175.
+    - Add a new set of callgraph analysis scripts that use clang to
+      produce a list of which Tor functions are reachable from which
+      other Tor functions. We're planning to use these to help simplify
+      our code structure by identifying illogical dependencies.
+    - Add new 'test-full' and 'test-full-online' targets to run all
+      tests, including integration tests with stem and chutney.
+    - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
+      by-side in the same parent directory. Closes ticket 16903. Patch
+      by "teor".
+    - Document use of coverity, clang static analyzer, and clang dynamic
+      undefined behavior and address sanitizers in doc/HACKING. Include
+      detailed usage instructions in the blacklist. Patch by "teor".
+      Closes ticket 15817.
+    - Make "bridges+hs" the default test network. This tests almost all
+      tor functionality during make test-network, while allowing tests
+      to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
+      test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
+      (chutney). Patches by "teor".
+    - Make the test-workqueue test work on Windows by initializing the
+      network before we begin.
+    - New make target (make test-network-all) to run multiple applicable
+      chutney test cases. Patch from Teor; closes 16953.
+    - Now that OpenSSL has its own scrypt implementation, add an unit
+      test that checks for interoperability between libscrypt_scrypt()
+      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
+      and rely on EVP_PBE_scrypt() whenever possible. Resolves
+      ticket 16189.
+    - The link authentication protocol code now has extensive tests.
+    - The relay descriptor signature testing code now has
+      extensive tests.
+    - The test_workqueue program now runs faster, and is enabled by
+      default as a part of "make check".
+    - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl()
+      functions in dns.c. Implements a portion of ticket 16831.
+    - Use environment variables rather than autoconf substitutions to
+      send variables from the build system to the test scripts. This
+      change should be easier to maintain, and cause 'make distcheck' to
+      work better than before. Fixes bug 17148.
+    - When building Tor with testing coverage enabled, run Chutney tests
+      (if any) using the 'tor-cov' coverage binary.
+    - When running test-network or test-stem, check for the absence of
+      stem/chutney before doing any build operations.
+    - Add a test to verify that the compiler does not eliminate our
+      memwipe() implementation. Closes ticket 15377.
+    - Add make rule `check-changes` to verify the format of changes
+      files. Closes ticket 15180.
+    - Add unit tests for control_event_is_interesting(). Add a compile-
+      time check that the number of events doesn't exceed the capacity
+      of control_event_t.event_mask. Closes ticket 15431, checks for
+      bugs similar to 13085. Patch by "teor".
+    - Command-line argument tests moved to Stem. Resolves ticket 14806.
+    - Integrate the ntor, backtrace, and zero-length keys tests into the
+      automake test suite. Closes ticket 15344.
+    - Remove assertions during builds to determine Tor's test coverage.
+      We don't want to trigger these even in assertions, so including
+      them artificially makes our branch coverage look worse than it is.
+      This patch provides the new test-stem-full and coverage-html-full
+      configure options. Implements ticket 15400.
+    - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
+      explicitly manage consensus flags in testing networks. Patch by
+      "robgjansen", modified by "teor". Implements part of ticket 14882.
+    - Check for matching value in server response in ntor_ref.py. Fixes
+      bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
+      by "joelanders".
+    - Set the severity correctly when testing
+      get_interface_addresses_ifaddrs() and
+      get_interface_addresses_win32(), so that the tests fail gracefully
+      instead of triggering an assertion. Fixes bug 15759; bugfix on
+      0.2.6.3-alpha. Reported by Nicolas Derive.
+
+Changes in version 0.2.6.10 - 2015-07-12
+  Tor version 0.2.6.10 fixes some significant stability and hidden
+  service client bugs, bulletproofs the cryptography init process, and
+  fixes a bug when using the sandbox code with some older versions of
+  Linux. Everyone running an older version, especially an older version
+  of 0.2.6, should upgrade.
+
+  o Major bugfixes (hidden service clients, stability):
+    - Stop refusing to store updated hidden service descriptors on a
+      client. This reverts commit 9407040c59218 (which indeed fixed bug
+      14219, but introduced a major hidden service reachability
+      regression detailed in bug 16381). This is a temporary fix since
+      we can live with the minor issue in bug 14219 (it just results in
+      some load on the network) but the regression of 16381 is too much
+      of a setback. First-round fix for bug 16381; bugfix
+      on 0.2.6.3-alpha.
+
+  o Major bugfixes (stability):
+    - Stop crashing with an assertion failure when parsing certain kinds
+      of malformed or truncated microdescriptors. Fixes bug 16400;
+      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+      by "cypherpunks_backup".
+    - Stop random client-side assertion failures that could occur when
+      connecting to a busy hidden service, or connecting to a hidden
+      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor features (geoip):
+    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
+
+  o Minor bugfixes (crypto error-handling):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+      these when eventfd2() support is missing. Fixes bug 16363; bugfix
+      on 0.2.6.3-alpha. Patch from "teor".
+
+
+Changes in version 0.2.6.9 - 2015-06-11
+  Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
+  requirements for receiving an HSDir flag, and addresses some other small
+  bugs in the systemd and sandbox code. Clients using circuit isolation
+  should upgrade; all directory authorities should upgrade.
+
+  o Major bugfixes (client-side privacy):
+    - Properly separate out each SOCKSPort when applying stream
+      isolation. The error occurred because each port's session group was
+      being overwritten by a default value when the listener connection
+      was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
+      by "jojelino".
+
+  o Minor feature (directory authorities, security):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable which
+      takes at the very least 7 days to do so and by keeping the 96
+      hours uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor bugfixes (compilation):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Fix sandboxing to work when running as a relaymby renaming of
+      secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
+      bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (tests):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+
+Changes in version 0.2.6.8 - 2015-05-21
+  Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
+  fixes an authority-side bug in assigning the HSDir flag. All directory
+  authorities should upgrade.
+
+  o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
+    - Revert commit that made directory authorities assign the HSDir
+      flag to relay without a DirPort; this was bad because such relays
+      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.6.7 - 2015-04-06
+  Tor 0.2.6.7 fixes two security issues that could be used by an
+  attacker to crash hidden services, or crash clients visiting hidden
+  services. Hidden services should upgrade as soon as possible; clients
+  should upgrade whenever packages become available.
+
+  This release also contains two simple improvements to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+    - Decrease the amount of reattempts that a hidden service performs
+      when its rendezvous circuits fail. This reduces the computational
+      cost for running a hidden service under heavy load. Resolves
+      ticket 11447.
+
+
+Changes in version 0.2.5.12 - 2015-04-06
+  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.4.27 - 2015-04-06
+  Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.6.6 - 2015-03-24
+  Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
+
+  It adds numerous safety, security, correctness, and performance
+  improvements. Client programs can be configured to use more kinds of
+  sockets, AutomapHosts works better, the multithreading backend is
+  improved, cell transmission is refactored, test coverage is much
+  higher, more denial-of-service attacks are handled, guard selection is
+  improved to handle long-term guards better, pluggable transports
+  should work a bit better, and some annoying hidden service performance
+  bugs should be addressed.
+
+  o New compiler and system requirements:
+    - Tor 0.2.6.x requires that your compiler support more of the C99
+      language standard than before. The 'configure' script now detects
+      whether your compiler supports C99 mid-block declarations and
+      designated initializers. If it does not, Tor will not compile.
+
+      We may revisit this requirement if it turns out that a significant
+      number of people need to build Tor with compilers that don't
+      bother implementing a 15-year-old standard. Closes ticket 13233.
+    - Tor no longer supports systems without threading support. When we
+      began working on Tor, there were several systems that didn't have
+      threads, or where the thread support wasn't able to run the
+      threads of a single process on multiple CPUs. That no longer
+      holds: every system where Tor needs to run well now has threading
+      support. Resolves ticket 12439.
+
+  o Deprecated versions and removed support:
+    - Tor relays older than 0.2.4.18-rc are no longer allowed to
+      advertise themselves on the network. Closes ticket 13555.
+    - Tor clients no longer support connecting to hidden services
+      running on Tor 0.2.2.x and earlier; the Support022HiddenServices
+      option has been removed. (There shouldn't be any hidden services
+      running these versions on the network.) Closes ticket 7803.
+
+  o Directory authority changes:
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+
+  o Major features (bridges):
+    - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
+      transports if they are configured via the "TOR_PT_PROXY"
+      environment variable. Implements proposal 232. Resolves
+      ticket 8402.
+
+  o Major features (changed defaults):
+    - Prevent relay operators from unintentionally running exits: When a
+      relay is configured as an exit node, we now warn the user unless
+      the "ExitRelay" option is set to 1. We warn even more loudly if
+      the relay is configured with the default exit policy, since this
+      can indicate accidental misconfiguration. Setting "ExitRelay 0"
+      stops Tor from running as an exit relay. Closes ticket 10067.
+
+  o Major features (client performance, hidden services):
+    - Allow clients to use optimistic data when connecting to a hidden
+      service, which should remove a round-trip from hidden service
+      initialization. See proposal 181 for details. Implements
+      ticket 13211.
+
+  o Major features (directory system):
+    - Upon receiving an unparseable directory object, if its digest
+      matches what we expected, then don't try to download it again.
+      Previously, when we got a descriptor we didn't like, we would keep
+      trying to download it over and over. Closes ticket 11243.
+    - When downloading server- or microdescriptors from a directory
+      server, we no longer launch multiple simultaneous requests to the
+      same server. This reduces load on the directory servers,
+      especially when directory guards are in use. Closes ticket 9969.
+    - When downloading server- or microdescriptors over a tunneled
+      connection, do not limit the length of our requests to what the
+      Squid proxy is willing to handle. Part of ticket 9969.
+    - Authorities can now vote on the correct digests and latest
+      versions for different software packages. This allows packages
+      that include Tor to use the Tor authority system as a way to get
+      notified of updates and their correct digests. Implements proposal
+      227. Closes ticket 10395.
+
+  o Major features (guards):
+    - Introduce the Guardfraction feature to improves load balancing on
+      guard nodes. Specifically, it aims to reduce the traffic gap that
+      guard nodes experience when they first get the Guard flag. This is
+      a required step if we want to increase the guard lifetime to 9
+      months or greater.  Closes ticket 9321.
+
+  o Major features (hidden services):
+    - Make HS port scanning more difficult by immediately closing the
+      circuit when a user attempts to connect to a nonexistent port.
+      Closes ticket 13667.
+    - Add a HiddenServiceStatistics option that allows Tor relays to
+      gather and publish statistics about the overall size and volume of
+      hidden service usage. Specifically, when this option is turned on,
+      an HSDir will publish an approximate number of hidden services
+      that have published descriptors to it the past 24 hours. Also, if
+      a relay has acted as a hidden service rendezvous point, it will
+      publish the approximate amount of rendezvous cells it has relayed
+      the past 24 hours. The statistics themselves are obfuscated so
+      that the exact values cannot be derived. For more details see
+      proposal 238, "Better hidden service stats from Tor relays". This
+      feature is currently disabled by default. Implements feature 13192.
+
+  o Major features (performance):
+    - Make the CPU worker implementation more efficient by avoiding the
+      kernel and lengthening pipelines. The original implementation used
+      sockets to transfer data from the main thread to the workers, and
+      didn't allow any thread to be assigned more than a single piece of
+      work at once. The new implementation avoids communications
+      overhead by making requests in shared memory, avoiding kernel IO
+      where possible, and keeping more requests in flight at once.
+      Implements ticket 9682.
+
+  o Major features (relay):
+    - Raise the minimum acceptable configured bandwidth rate for bridges
+      to 50 KiB/sec and for relays to 75 KiB/sec. (The old values were
+      20 KiB/sec.) Closes ticket 13822.
+    - Complete revision of the code that relays use to decide which cell
+      to send next. Formerly, we selected the best circuit to write on
+      each channel, but we didn't select among channels in any
+      sophisticated way. Now, we choose the best circuits globally from
+      among those whose channels are ready to deliver traffic.
+
+      This patch implements a new inter-cmux comparison API, a global
+      high/low watermark mechanism and a global scheduler loop for
+      transmission prioritization across all channels as well as among
+      circuits on one channel. This schedule is currently tuned to
+      (tolerantly) avoid making changes in network performance, but it
+      should form the basis for major circuit performance increases in
+      the future. Code by Andrea; tuning by Rob Jansen; implements
+      ticket 9262.
+
+  o Major features (sample torrc):
+    - Add a new, infrequently-changed "torrc.minimal". This file is
+      similar to torrc.sample, but it will change as infrequently as
+      possible, for the benefit of users whose systems prompt them for
+      intervention whenever a default configuration file is changed.
+      Making this change allows us to update torrc.sample to be a more
+      generally useful "sample torrc".
+
+  o Major features (security, unix domain sockets):
+    - Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk
+      applications can reach Tor without having to create AF_INET or
+      AF_INET6 sockets, meaning they can completely disable their
+      ability to make non-Tor network connections. To create a socket of
+      this type, use "SocksPort unix:/path/to/socket". Implements
+      ticket 12585.
+    - Support mapping hidden service virtual ports to AF_UNIX sockets.
+      The syntax is "HiddenServicePort 80 unix:/path/to/socket".
+      Implements ticket 11485.
+
+  o Major bugfixes (client, automap):
+    - Repair automapping with IPv6 addresses. This automapping should
+      have worked previously, but one piece of debugging code that we
+      inserted to detect a regression actually caused the regression to
+      manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
+      0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
+      Izquierdo Riera.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (directory authorities):
+    - Do not assign the HSDir flag to relays if they are not Valid, or
+      currently hibernating. Fixes 12573; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (directory bandwidth performance):
+    - Don't flush the zlib buffer aggressively when compressing
+      directory information for clients. This should save about 7% of
+      the bandwidth currently used for compressed descriptors and
+      microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (FreeBSD IPFW transparent proxy):
+    - Fix address detection with FreeBSD transparent proxies, when
+      "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
+      on 0.2.5.4-alpha.
+
+  o Major bugfixes (hidden services):
+    - When closing an introduction circuit that was opened in parallel
+      with others, don't mark the introduction point as unreachable.
+      Previously, the first successful connection to an introduction
+      point would make the other introduction points get marked as
+      having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Major bugfixes (mixed relay-client operation):
+    - When running as a relay and client at the same time (not
+      recommended), if we decide not to use a new guard because we want
+      to retry older guards, only close the locally-originating circuits
+      passing through that guard. Previously we would close all the
+      circuits through that guard. Fixes bug 9819; bugfix on
+      0.2.1.1-alpha. Reported by "skruffy".
+
+  o Major bugfixes (pluggable transports):
+    - Initialize the extended OR Port authentication cookie before
+      launching pluggable transports. This prevents a race condition
+      that occured when server-side pluggable transports would cache the
+      authentication cookie before it has been (re)generated. Fixes bug
+      15240; bugfix on 0.2.5.1-alpha.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout is passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from "cypherpunks".
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Minor features (build):
+    - New --disable-system-torrc compile-time option to prevent Tor from
+      looking for the system-wide torrc or torrc-defaults files.
+      Resolves ticket 13037.
+
+  o Minor features (client):
+    - Clients are now willing to send optimistic data (before they
+      receive a 'connected' cell) to relays of any version. (Relays
+      without support for optimistic data are no longer supported on the
+      Tor network.) Resolves ticket 13153.
+
+  o Minor features (client):
+    - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
+      is enabled, reject requests with IP addresses as hostnames.
+      Resolves ticket 13315.
+
+  o Minor features (controller):
+    - Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
+      write an unscheduled heartbeat message to the log. Implements
+      feature 9503.
+    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
+      events so controllers can observe circuit isolation inputs. Closes
+      ticket 8405.
+    - ControlPort now supports the unix:/path/to/socket syntax as an
+      alternative to the ControlSocket option, for consistency with
+      SocksPort and HiddenServicePort. Closes ticket 14451.
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+    - Messages about problems in the bootstrap process now include
+      information about the server we were trying to connect to when we
+      noticed the problem. Closes ticket 15006.
+
+  o Minor features (Denial of service resistance):
+    - Count the total number of bytes used storing hidden service
+      descriptors against the value of MaxMemInQueues. If we're low on
+      memory, and more than 20% of our memory is used holding hidden
+      service descriptors, free them until no more than 10% of our
+      memory holds hidden service descriptors. Free the least recently
+      fetched descriptors first. Resolves ticket 13806.
+    - When we have recently been under memory pressure (over 3/4 of
+      MaxMemInQueues is allocated), then allocate smaller zlib objects
+      for small requests. Closes ticket 11791.
+
+  o Minor features (directory authorities):
+    - Don't list relays with a bandwidth estimate of 0 in the consensus.
+      Implements a feature proposed during discussion of bug 13000.
+    - In tor-gencert, report an error if the user provides the same
+      argument more than once.
+    - If a directory authority can't find a best consensus method in the
+      votes that it holds, it now falls back to its favorite consensus
+      method. Previously, it fell back to method 1. Neither of these is
+      likely to get enough signatures, but "fall back to favorite"
+      doesn't require us to maintain support an obsolete consensus
+      method. Implements part of proposal 215.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (guard nodes):
+    - Reduce the time delay before saving guard status to disk from 10
+      minutes to 30 seconds (or from one hour to 10 minutes if
+      AvoidDiskWrites is set). Closes ticket 12485.
+
+  o Minor features (heartbeat):
+    - On relays, report how many connections we negotiated using each
+      version of the Tor link protocols. This information will let us
+      know if removing support for very old versions of the Tor
+      protocols is harming the network. Closes ticket 15212.
+
+  o Minor features (hidden service):
+    - Make Sybil attacks against hidden services harder by changing the
+      minimum time required to get the HSDir flag from 25 hours up to 96
+      hours. Addresses ticket 14149.
+    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
+      services to disable the anti-scanning feature introduced in
+      0.2.6.2-alpha. With this option not set, a connection to an
+      unlisted port closes the circuit. With this option set, only a
+      RELAY_DONE cell is sent. Closes ticket 14084.
+    - When re-enabling the network, don't try to build introduction
+      circuits until we have successfully built a circuit. This makes
+      hidden services come up faster when the network is re-enabled.
+      Patch from "akwizgran". Closes ticket 13447.
+    - When we fail to retrieve a hidden service descriptor, send the
+      controller an "HS_DESC FAILED" controller event. Implements
+      feature 13212.
+    - New HiddenServiceDirGroupReadable option to cause hidden service
+      directories and hostname files to be created group-readable. Patch
+      from "anon", David Stainton, and "meejah". Closes ticket 11291.
+
+  o Minor features (interface):
+    - Implement "-f -" command-line option to read torrc configuration
+      from standard input, if you don't want to store the torrc file in
+      the file system. Implements feature 13865.
+
+  o Minor features (logging):
+    - Add a count of unique clients to the bridge heartbeat message.
+      Resolves ticket 6852.
+    - Suppress "router info incompatible with extra info" message when
+      reading extrainfo documents from cache. (This message got loud
+      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes
+      ticket 13762.
+    - Elevate hidden service authorized-client message from DEBUG to
+      INFO. Closes ticket 14015.
+    - On Unix-like systems, you can now use named pipes as the target of
+      the Log option, and other options that try to append to files.
+      Closes ticket 12061. Patch from "carlo von lynX".
+    - When opening a log file at startup, send it every log message that
+      we generated between startup and opening it. Previously, log
+      messages that were generated before opening the log file were only
+      logged to stdout. Closes ticket 6938.
+    - Add a TruncateLogFile option to overwrite logs instead of
+      appending to them. Closes ticket 5583.
+    - Quiet some log messages in the heartbeat and at startup. Closes
+      ticket 14950.
+
+  o Minor features (portability, Solaris):
+    - Threads are no longer disabled by default on Solaris; we believe
+      that the versions of Solaris with broken threading support are all
+      obsolete by now. Resolves ticket 9495.
+
+  o Minor features (relay):
+    - Re-check our address after we detect a changed IP address from
+      getsockname(). This ensures that the controller command "GETINFO
+      address" will report the correct value. Resolves ticket 11582.
+      Patch from "ra".
+    - A new AccountingRule option lets Relays set whether they'd like
+      AccountingMax to be applied separately to inbound and outbound
+      traffic, or applied to the sum of inbound and outbound traffic.
+      Resolves ticket 961. Patch by "chobe".
+    - When identity keypair is generated for first time, log a
+      congratulatory message that links to the new relay lifecycle
+      document. Implements feature 10427.
+
+  o Minor features (security, memory wiping):
+    - Ensure we securely wipe keys from memory after
+      crypto_digest_get_digest and init_curve25519_keypair_from_file
+      have finished using them. Resolves ticket 13477.
+
+  o Minor features (security, out-of-memory handling):
+    - When handling an out-of-memory condition, allocate less memory for
+      temporary data structures. Fixes issue 10115.
+    - When handling an out-of-memory condition, consider more types of
+      buffers, including those on directory connections, and zlib
+      buffers. Resolves ticket 11792.
+
+  o Minor features (stability):
+    - Add assertions in our hash-table iteration code to check for
+      corrupted values that could cause infinite loops. Closes
+      ticket 11737.
+
+  o Minor features (systemd):
+    - Various improvements and modernizations in systemd hardening
+      support. Closes ticket 13805. Patch from Craig Andrews.
+    - Where supported, when running with systemd, report successful
+      startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
+    - When running with systemd, support systemd watchdog messages. Part
+      of ticket 11016. Patch by Michael Scherer.
+
+  o Minor features (testing networks):
+    - Add the TestingDirAuthVoteExit option, which lists nodes to assign
+      the "Exit" flag regardless of their uptime, bandwidth, or exit
+      policy. TestingTorNetwork must be set for this option to have any
+      effect. Previously, authorities would take up to 35 minutes to
+      give nodes the Exit flag in a test network. Partially implements
+      ticket 13161.
+    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
+      and the default on a testing network to 2 minutes. Drop the
+      MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, but
+      keep the default on a testing network at 30 seconds. This reduces
+      HS bootstrap time to around 25 seconds. Also, change the default
+      time in test-network.sh to match. Closes ticket 13401. Patch
+      by "teor".
+    - Create TestingDirAuthVoteHSDir to correspond to
+      TestingDirAuthVoteExit/Guard. Ensures that authorities vote the
+      HSDir flag for the listed relays regardless of uptime or ORPort
+      connectivity. Respects the value of VoteOnHidServDirectoriesV2.
+      Partial implementation for ticket 14067. Patch by "teor".
+
+  o Minor features (tor2web mode):
+    - Introduce the config option Tor2webRendezvousPoints, which allows
+      clients in Tor2webMode to select a specific Rendezvous Point to be
+      used in HS circuits. This might allow better performance for
+      Tor2Web nodes. Implements ticket 12844.
+
+  o Minor features (transparent proxy):
+    - Update the transparent proxy option checks to allow for both ipfw
+      and pf on OS X. Closes ticket 14002.
+    - Use the correct option when using IPv6 with transparent proxy
+      support on Linux. Resolves 13808. Patch by Francisco Blas
+      Izquierdo Riera.
+
+  o Minor features (validation):
+    - Check all date/time values passed to tor_timegm and
+      parse_rfc1123_time for validity, taking leap years into account.
+      Improves HTTP header validation. Implemented with bug 13476.
+    - In correct_tm(), limit the range of values returned by system
+      localtime(_r) and gmtime(_r) to be between the years 1 and 8099.
+      This means we don't have to deal with negative or too large dates,
+      even if a clock is wrong. Otherwise we might fail to read a file
+      written by us which includes such a date. Fixes bug 13476.
+    - Stop allowing invalid address patterns like "*/24" that contain
+      both a wildcard address and a bit prefix length. This affects all
+      our address-range parsing code. Fixes bug 7484; bugfix
+      on 0.0.2pre14.
+
+  o Minor bugfixes (bridge clients):
+    - When configured to use a bridge without an identity digest (not
+      recommended), avoid launching an extra channel to it when
+      bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (bridges):
+    - When DisableNetwork is set, do not launch pluggable transport
+      plugins, and if any are running, terminate them. Fixes bug 13213;
+      bugfix on 0.2.3.6-alpha.
+
+  o Minor bugfixes (C correctness):
+    - Fix several instances of possible integer overflow/underflow/NaN.
+      Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
+      from "teor".
+    - In circuit_build_times_calculate_timeout() in circuitstats.c,
+      avoid dividing by zero in the pareto calculations. This traps
+      under clang's "undefined-trap" sanitizer. Fixes bug 13290; bugfix
+      on 0.2.2.2-alpha.
+    - Fix an integer overflow in format_time_interval(). Fixes bug
+      13393; bugfix on 0.2.0.10-alpha.
+    - Set the correct day of year value when the system's localtime(_r)
+      or gmtime(_r) functions fail to set struct tm. Not externally
+      visible. Fixes bug 13476; bugfix on 0.0.2pre14.
+    - Avoid unlikely signed integer overflow in tor_timegm on systems
+      with 32-bit time_t. Fixes bug 13476; bugfix on 0.0.2pre14.
+
+  o Minor bugfixes (certificate handling):
+    - If an authority operator accidentally makes a signing certificate
+      with a future publication time, do not discard its real signing
+      certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
+    - Remove any old authority certificates that have been superseded
+      for at least two days. Previously, we would keep superseded
+      certificates until they expired, if they were published close in
+      time to the certificate that superseded them. Fixes bug 11454;
+      bugfix on 0.2.1.8-alpha.
+
+  o Minor bugfixes (client):
+    - Fix smartlist_choose_node_by_bandwidth() so that relays with the
+      BadExit flag are not considered worthy candidates. Fixes bug
+      13066; bugfix on 0.1.2.3-alpha.
+    - Use the consensus schedule for downloading consensuses, and not
+      the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
+    - Handle unsupported or malformed SOCKS5 requests properly by
+      responding with the appropriate error message before closing the
+      connection. Fixes bugs 12971 and 13314; bugfix on 0.0.2pre13.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+    - Prevent changes to other options from removing the wildcard value
+      "." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix
+      on 0.2.0.1-alpha.
+    - Allow MapAddress and AutomapHostsOnResolve to work together when
+      an address is mapped into another address type (like .onion) that
+      must be automapped at resolve time. Fixes bug 7555; bugfix
+      on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, bridges):
+    - When we are using bridges and we had a network connectivity
+      problem, only retry connecting to our currently configured
+      bridges, not all bridges we know about and remember using. Fixes
+      bug 14216; bugfix on 0.2.2.17-alpha.
+
+  o Minor bugfixes (client, DNS):
+    - Report the correct cached DNS expiration times on SOCKS port or in
+      DNS replies. Previously, we would report everything as "never
+      expires." Fixes bug 14193; bugfix on 0.2.3.17-beta.
+    - Avoid a small memory leak when we find a cached answer for a
+      reverse DNS lookup in a client-side DNS cache. (Remember, client-
+      side DNS caching is off by default, and is not recommended.) Fixes
+      bug 14259; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, IPv6):
+    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
+      flag is not set; and not because the NoIPv4Traffic flag was set.
+      Previously we'd looked at the NoIPv4Traffic flag for both types of
+      literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (client, microdescriptors):
+    - Use a full 256 bits of the SHA256 digest of a microdescriptor when
+      computing which microdescriptors to download. This keeps us from
+      erroneous download behavior if two microdescriptor digests ever
+      have the same first 160 bits. Fixes part of bug 13399; bugfix
+      on 0.2.3.1-alpha.
+    - Reset a router's status if its microdescriptor digest changes,
+      even if the first 160 bits remain the same. Fixes part of bug
+      13399; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (client, torrc):
+    - Stop modifying the value of our DirReqStatistics torrc option just
+      because we're not a bridge or relay. This bug was causing Tor
+      Browser users to write "DirReqStatistics 0" in their torrc files
+      as if they had chosen to change the config. Fixes bug 4244; bugfix
+      on 0.2.3.1-alpha.
+    - When GeoIPExcludeUnknown is enabled, do not incorrectly decide
+      that our options have changed every time we SIGHUP. Fixes bug
+      9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
+
+  o Minor bugfixes (compilation):
+    - Fix a compilation warning on s390. Fixes bug 14988; bugfix
+      on 0.2.5.2-alpha.
+    - Silence clang warnings under --enable-expensive-hardening,
+      including implicit truncation of 64 bit values to 32 bit, const
+      char assignment to self, tautological compare, and additional
+      parentheses around equality tests. Fixes bug 13577; bugfix
+      on 0.2.5.4-alpha.
+    - Fix a clang warning about checking whether an address in the
+      middle of a structure is NULL. Fixes bug 14001; bugfix
+      on 0.2.1.2-alpha.
+    - The address of an array in the middle of a structure will always
+      be non-NULL. clang recognises this and complains. Disable the
+      tautologous and redundant check to silence this warning. Fixes bug
+      14001; bugfix on 0.2.1.2-alpha.
+    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
+      Addresses ticket 14188.
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+    - Do not compile any code related to Tor2Web mode when Tor2Web mode
+      is not enabled at compile time. Previously, this code was included
+      in a disabled state. See discussion on ticket 12844.
+    - Allow our configure script to build correctly with autoconf 2.62
+      again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
+    - Improve the error message from ./configure to make it clear that
+      when asciidoc has not been found, the user will have to either add
+      --disable-asciidoc argument or install asciidoc. Resolves
+      ticket 13228.
+
+  o Minor bugfixes (controller):
+    - Report "down" in response to the "GETINFO entry-guards" command
+      when relays are down with an unreachable_since value. Previously,
+      we would report "up". Fixes bug 14184; bugfix on 0.1.2.2-alpha.
+    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug
+      14116; bugfix on 0.2.2.9-alpha.
+
+  o Minor bugfixes (controller):
+    - Return an error when the second or later arguments of the
+      "setevents" controller command are invalid events. Previously we
+      would return success while silently skipping invalid events. Fixes
+      bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Do not attempt to download extrainfo documents which we will be
+      unable to validate with a matching server descriptor. Fixes bug
+      13762; bugfix on 0.2.0.1-alpha.
+    - Fix a bug that was truncating AUTHDIR_NEWDESC events sent to the
+      control port. Fixes bug 14953; bugfix on 0.2.0.1-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+    - When running as a v3 directory authority, advertise that you serve
+      extra-info documents so that clients who want them can find them
+      from you too. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (directory system):
+    - Always believe that v3 directory authorities serve extra-info
+      documents, whether they advertise "caches-extra-info" or not.
+      Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+    - Check the BRIDGE_DIRINFO flag bitwise rather than using equality.
+      Previously, directories offering BRIDGE_DIRINFO and some other
+      flag (i.e. microdescriptors or extrainfo) would be ignored when
+      looking for bridges. Partially fixes bug 13163; bugfix
+      on 0.2.0.7-alpha.
+
+  o Minor bugfixes (file handling):
+    - Stop failing when key files are zero-length. Instead, generate new
+      keys, and overwrite the empty key files. Fixes bug 13111; bugfix
+      on all versions of Tor. Patch by "teor".
+    - Stop generating a fresh .old RSA onion key file when the .old file
+      is missing. Fixes part of 13111; bugfix on 0.0.6rc1.
+    - Avoid overwriting .old key files with empty key files.
+    - Skip loading zero-length extrainfo store, router store, stats,
+      state, and key files.
+    - Avoid crashing when trying to reload a torrc specified as a
+      relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix
+      on 0.2.3.11-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Close the introduction circuit when we have no more usable intro
+      points, instead of waiting for it to time out. This also ensures
+      that no follow-up HS descriptor fetch is triggered when the
+      circuit eventually times out. Fixes bug 14224; bugfix on 0.0.6.
+    - When fetching a hidden service descriptor for a down service that
+      was recently up, do not keep refetching until we try the same
+      replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha.
+    - Correctly send a controller event when we find that a rendezvous
+      circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
+    - Pre-check directory permissions for new hidden-services to avoid
+      at least one case of "Bug: Acting on config options left us in a
+      broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
+    - When fetching hidden service descriptors, we now check not only
+      for whether we got the hidden service we had in mind, but also
+      whether we got the particular descriptors we wanted. This prevents
+      a class of inefficient but annoying DoS attacks by hidden service
+      directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
+      by "special".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Make transparent proxy support work along with the seccomp2
+      sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
+      by Francisco Blas Izquierdo Riera.
+    - Fix a memory leak in tor-resolve when running with the sandbox
+      enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
+    - Allow glibc fatal errors to be sent to stderr before Tor exits.
+      Previously, glibc would try to write them to /dev/tty, and the
+      sandbox would trap the call and make Tor exit prematurely. Fixes
+      bug 14759; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (logging):
+    - Avoid crashing when there are more log domains than entries in
+      domain_list. Bugfix on 0.2.3.1-alpha.
+    - Downgrade warnings about RSA signature failures to info log level.
+      Emit a warning when an extra info document is found incompatible
+      with a corresponding router descriptor. Fixes bug 9812; bugfix
+      on 0.0.6rc3.
+    - Make connection_ap_handshake_attach_circuit() log the circuit ID
+      correctly. Fixes bug 13701; bugfix on 0.0.6.
+
+  o Minor bugfixes (networking):
+    - Check for orconns and use connection_or_close_for_error() rather
+      than connection_mark_for_close() directly in the getsockopt()
+      failure case of connection_handle_write_impl(). Fixes bug 11302;
+      bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (parsing):
+    - Stop accepting milliseconds (or other junk) at the end of
+      descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25.
+    - Support two-number and three-number version numbers correctly, in
+      case we change the Tor versioning system in the future. Fixes bug
+      13661; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (portability):
+    - Fix the ioctl()-based network interface lookup code so that it
+      will work on systems that have variable-length struct ifreq, for
+      example Mac OS X.
+    - Use the correct datatype in the SipHash-2-4 function to prevent
+      compilers from assuming any sort of alignment. Fixes bug 15436;
+      bugfix on 0.2.5.3-alpha.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+    - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
+      just the part that's used. This makes it harder for data leak bugs
+      to occur in the event of other programming failures. Resolves
+      ticket 14041.
+
+  o Minor bugfixes (relay):
+    - When generating our family list, remove spaces from around the
+      entries. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
+    - If our previous bandwidth estimate was 0 bytes, allow publishing a
+      new relay descriptor immediately. Fixes bug 13000; bugfix
+      on 0.1.1.6-alpha.
+
+  o Minor bugfixes (shutdown):
+    - When shutting down, always call event_del() on lingering read or
+      write events before freeing them. Otherwise, we risk double-frees
+      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix
+      on 0.1.0.2-rc.
+
+  o Minor bugfixes (small memory leaks):
+    - Avoid leaking memory when using IPv6 virtual address mappings.
+      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van
+      der Woerdt.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (systemd support):
+    - Run correctly under systemd with the RunAsDaemon option set. Fixes
+      part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz.
+    - Inform the systemd supervisor about more changes in the Tor
+      process status. Implements part of ticket 14141. Patch from
+      Tomasz Torcz.
+
+  o Minor bugfixes (testing networks):
+    - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
+      testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
+    - Stop using the default authorities in networks which provide both
+      AlternateDirAuthority and AlternateBridgeAuthority. Partially
+      fixes bug 13163; bugfix on 0.2.0.13-alpha.
+
+  o Minor bugfixes (testing networks, fast startup):
+    - Allow Tor to build circuits using a consensus with no exits. If
+      the consensus has no exits (typical of a bootstrapping test
+      network), allow Tor to build circuits once enough descriptors have
+      been downloaded. This assists in bootstrapping a testing Tor
+      network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
+      by "teor".
+    - When V3AuthVotingInterval is low, give a lower If-Modified-Since
+      header to directory servers. This allows us to obtain consensuses
+      promptly when the consensus interval is very short. This assists
+      in bootstrapping a testing Tor network. Fixes parts of bugs 13718
+      and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
+    - Stop assuming that private addresses are local when checking
+      reachability in a TestingTorNetwork. Instead, when testing, assume
+      all OR connections are remote. (This is necessary due to many test
+      scenarios running all relays on localhost.) This assists in
+      bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
+      0.1.0.1-rc. Patch by "teor".
+    - Avoid building exit circuits from a consensus with no exits. Now
+      thanks to our fix for 13718, we accept a no-exit network as not
+      wholly lost, but we need to remember not to try to build exit
+      circuits on it. Closes ticket 13814; patch by "teor".
+    - Stop requiring exits to have non-zero bandwithcapacity in a
+      TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
+      ignore exit bandwidthcapacity. This assists in bootstrapping a
+      testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
+      on 0.2.0.3-alpha. Patch by "teor".
+    - Add "internal" to some bootstrap statuses when no exits are
+      available. If the consensus does not contain Exits, Tor will only
+      build internal circuits. In this case, relevant statuses will
+      contain the word "internal" as indicated in the Tor control-
+       spec.txt. When bootstrap completes, Tor will be ready to build
+      internal circuits. If a future consensus contains Exits, exit
+      circuits may become available. Fixes part of bug 13718; bugfix on
+      0.2.4.10-alpha. Patch by "teor".
+    - Decrease minimum consensus interval to 10 seconds when
+      TestingTorNetwork is set, or 5 seconds for the first consensus.
+      Fix assumptions throughout the code that assume larger intervals.
+      Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
+      by "teor".
+    - Avoid excluding guards from path building in minimal test
+      networks, when we're in a test network and excluding guards would
+      exclude all relays. This typically occurs in incredibly small tor
+      networks, and those using "TestingAuthVoteGuard *". Fixes part of
+      bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
+
+  o Minor bugfixes (testing):
+    - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
+      15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
+    - Stop spawn test failures due to a race condition between the
+      SIGCHLD handler updating the process status, and the test reading
+      it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
+    - Avoid passing an extra backslash when creating a temporary
+      directory for running the unit tests on Windows. Fixes bug 12392;
+      bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
+
+  o Minor bugfixes (TLS):
+    - Check more thoroughly throughout the TLS code for possible
+      unlogged TLS errors. Possible diagnostic or fix for bug 13319.
+
+  o Minor bugfixes (transparent proxy):
+    - Use getsockname, not getsockopt, to retrieve the address for a
+      TPROXY-redirected connection. Fixes bug 13796; bugfix
+      on 0.2.5.2-alpha.
+
+  o Minor bugfixes (windows):
+    - Remove code to special-case handling of NTE_BAD_KEYSET when
+      acquiring windows CryptoAPI context. This error can't actually
+      occur for the parameters we're providing. Fixes bug 10816; bugfix
+      on 0.0.2pre26.
+
+  o Minor bugfixes (zlib):
+    - Avoid truncating a zlib stream when trying to finalize it with an
+      empty output buffer. Fixes bug 11824; bugfix on 0.1.1.23.
+
+  o Code simplification and refactoring:
+    - Change the entry_is_live() function to take named bitfield
+      elements instead of an unnamed list of booleans. Closes
+      ticket 12202.
+    - Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
+      Resolves ticket 12205.
+    - Use calloc and reallocarray functions instead of multiply-
+      then-malloc. This makes it less likely for us to fall victim to an
+      integer overflow attack when allocating. Resolves ticket 12855.
+    - Use the standard macro name SIZE_MAX, instead of our
+      own SIZE_T_MAX.
+    - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
+      functions which take them as arguments. Replace 0 with NO_DIRINFO
+      in a function call for clarity. Seeks to prevent future issues
+      like 13163.
+    - Avoid 4 null pointer errors under clang static analysis by using
+      tor_assert() to prove that the pointers aren't null. Fixes
+      bug 13284.
+    - Rework the API of policies_parse_exit_policy() to use a bitmask to
+      represent parsing options, instead of a confusing mess of
+      booleans. Resolves ticket 8197.
+    - Introduce a helper function to parse ExitPolicy in
+      or_options_t structure.
+    - Move fields related to isolating and configuring client ports into
+      a shared structure. Previously, they were duplicated across
+      port_cfg_t, listener_connection_t, and edge_connection_t. Failure
+      to copy them correctly had been the cause of at least one bug in
+      the past. Closes ticket 8546.
+    - Refactor the get_interface_addresses_raw() doom-function into
+      multiple smaller and simpler subfunctions. Cover the resulting
+      subfunctions with unit-tests. Fixes a significant portion of
+      issue 12376.
+    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was
+      only for version <= 0.2.2.24 which is now deprecated. Closes
+      ticket 14202.
+    - Remove a test for a long-defunct broken version-one
+      directory server.
+    - Refactor main loop to extract the 'loop' part. This makes it
+      easier to run Tor under Shadow. Closes ticket 15176.
+    - Stop using can_complete_circuits as a global variable; access it
+      with a function instead.
+    - Avoid using operators directly as macro arguments: this lets us
+      apply coccinelle transformations to our codebase more directly.
+      Closes ticket 13172.
+    - Combine the functions used to parse ClientTransportPlugin and
+      ServerTransportPlugin into a single function. Closes ticket 6456.
+    - Add inline functions and convenience macros for inspecting channel
+      state. Refactor the code to use convenience macros instead of
+      checking channel state directly. Fixes issue 7356.
+    - Document all members of was_router_added_t and rename
+      ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
+      confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
+    - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
+      constant instead of hardcoded value. Fixes issue 13840.
+    - Refactor our generic strmap and digestmap types into a single
+      implementation, so that we can add a new digest256map
+      type trivially.
+
+  o Documentation:
+    - Add a doc/TUNING document with tips for handling large numbers of
+      TCP connections when running busy Tor relay. Update the warning
+      message to point to this file when running out of sockets
+      operating system is allowing to use simultaneously. Resolves
+      ticket 9708.
+    - Adding section on OpenBSD to our TUNING document. Thanks to mmcc
+      for writing the OpenBSD-specific tips. Resolves ticket 13702.
+    - Make the tor-resolve documentation match its help string and its
+      options. Resolves part of ticket 14325.
+    - Log a more useful error message from tor-resolve when failing to
+      look up a hidden service address. Resolves part of ticket 14325.
+    - Document the bridge-authority-only 'networkstatus-bridges' file.
+      Closes ticket 13713; patch from "tom".
+    - Fix typo in PredictedPortsRelevanceTime option description in
+      manpage. Resolves issue 13707.
+    - Stop suggesting that users specify relays by nickname: it isn't a
+      good idea. Also, properly cross-reference how to specify relays in
+      all parts of manual documenting options that take a list of
+      relays. Closes ticket 13381.
+    - Clarify the HiddenServiceDir option description in manpage to make
+      it clear that relative paths are taken with respect to the current
+      working directory. Also clarify that this behavior is not
+      guaranteed to remain indefinitely. Fixes issue 13913.
+
+  o Distribution (systemd):
+    - systemd unit file: only allow tor to write to /var/lib/tor and
+      /var/log/tor. The rest of the filesystem is accessible for reading
+      only. Patch by intrigeri; resolves ticket 12751.
+    - systemd unit file: ensure that the process and all its children
+      can never gain new privileges. Patch by intrigeri; resolves
+      ticket 12939.
+    - systemd unit file: set up /var/run/tor as writable for the Tor
+      service. Patch by intrigeri; resolves ticket 13196.
+
+  o Downgraded warnings:
+    - Don't warn when we've attempted to contact a relay using the wrong
+      ntor onion key. Closes ticket 9635.
+
+  o Removed code:
+    - Remove some lingering dead code that once supported mempools.
+      Mempools were disabled by default in 0.2.5, and removed entirely
+      in 0.2.6.3-alpha. Closes more of ticket 14848; patch
+      by "cypherpunks".
+
+  o Removed features (directory authorities):
+    - Remove code that prevented authorities from listing Tor relays
+      affected by CVE-2011-2769 as guards. These relays are already
+      rejected altogether due to the minimum version requirement of
+      0.2.3.16-alpha. Closes ticket 13152.
+    - The "AuthDirRejectUnlisted" option no longer has any effect, as
+      the fingerprints file (approved-routers) has been deprecated.
+    - Directory authorities do not support being Naming dirauths anymore.
+      The "NamingAuthoritativeDir" config option is now obsolete.
+    - Directory authorities do not support giving out the BadDirectory
+      flag anymore.
+    - Directory authorities no longer advertise or support consensus
+      methods 1 through 12 inclusive. These consensus methods were
+      obsolete and/or insecure: maintaining the ability to support them
+      served no good purpose. Implements part of proposal 215; closes
+      ticket 10163.
+
+  o Removed features:
+    - To avoid confusion with the "ExitRelay" option, "ExitNode" is no
+      longer silently accepted as an alias for "ExitNodes".
+    - The --enable-mempool and --enable-buf-freelists options, which
+      were originally created to work around bad malloc implementations,
+      no longer exist. They were off-by-default in 0.2.5. Closes
+      ticket 14848.
+    - We no longer remind the user about configuration options that have
+      been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
+    - Remove our old, non-weighted bandwidth-based node selection code.
+      Previously, we used it as a fallback when we couldn't perform
+      weighted bandwidth-based node selection. But that would only
+      happen in the cases where we had no consensus, or when we had a
+      consensus generated by buggy or ancient directory authorities. In
+      either case, it's better to use the more modern, better maintained
+      algorithm, with reasonable defaults for the weights. Closes
+      ticket 13126.
+    - Remove the --disable-curve25519 configure option. Relays and
+      clients now are required to support curve25519 and the
+      ntor handshake.
+    - The old "StrictEntryNodes" and "StrictExitNodes" options, which
+      used to be deprecated synonyms for "StrictNodes", are now marked
+      obsolete. Resolves ticket 12226.
+    - Clients don't understand the BadDirectory flag in the consensus
+      anymore, and ignore it.
+
+  o Removed platform support:
+    - We no longer include special code to build on Windows CE; as far
+      as we know, nobody has used Tor on Windows CE in a very long time.
+      Closes ticket 11446.
+
+  o Testing (test-network.sh):
+    - Stop using "echo -n", as some shells' built-in echo doesn't
+      support "-n". Instead, use "/bin/echo -n". Partially fixes
+      bug 13161.
+    - Stop an apparent test-network hang when used with make -j2. Fixes
+      bug 13331.
+    - Add a --delay option to test-network.sh, which configures the
+      delay before the chutney network tests for data transmission.
+      Partially implements ticket 13161.
+
+  o Testing:
+    - Test that tor does not fail when key files are zero-length. Check
+      that tor generates new keys, and overwrites the empty key files.
+    - Test that tor generates new keys when keys are missing
+      (existing behavior).
+    - Test that tor does not overwrite key files that already contain
+      data (existing behavior). Tests bug 13111. Patch by "teor".
+    - New "make test-stem" target to run stem integration tests.
+      Requires that the "STEM_SOURCE_DIR" environment variable be set.
+      Closes ticket 14107.
+    - Make the test_cmdline_args.py script work correctly on Windows.
+      Patch from Gisle Vanem.
+    - Move the slower unit tests into a new "./src/test/test-slow"
+      binary that can be run independently of the other tests. Closes
+      ticket 13243.
+    - New tests for many parts of channel, relay, and circuitmux
+      functionality. Code by Andrea; part of 9262.
+    - New tests for parse_transport_line(). Part of ticket 6456.
+    - In the unit tests, use chgrp() to change the group of the unit
+      test temporary directory to the current user, so that the sticky
+      bit doesn't interfere with tests that check directory groups.
+      Closes 13678.
+    - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
+      by 'rl1987'.
+    - Refactor the function that chooses guard nodes so that it can more
+      easily be tested; write some tests for it.
+    - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
+      bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
+    - Create unit tests for format_time_interval(). With bug 13393.
+    - Add unit tests for tor_timegm signed overflow, tor_timegm and
+      parse_rfc1123_time validity checks, correct_tm year clamping. Unit
+      tests (visible) fixes in bug 13476.
+    - Add a "coverage-html" make target to generate HTML-visualized
+      coverage results when building with --enable-coverage. (Requires
+      lcov.) Patch from Kevin Murray.
+    - Enable the backtrace handler (where supported) when running the
+      unit tests.
+    - Revise all unit tests that used the legacy test_* macros to
+      instead use the recommended tt_* macros. This patch was generated
+      with coccinelle, to avoid manual errors. Closes ticket 13119.
+
+Changes in version 0.2.5.11 - 2015-03-17
+  Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+  It backports several bugfixes from the 0.2.6 branch, including a
+  couple of medium-level security fixes for relays and exit nodes.
+  It also updates the list of directory authorities.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (compilation):
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+  Tor 0.2.4.26 includes an updated list of directory authorities.  It
+  also backports a couple of stability and security bugfixes from 0.2.5
+  and beyond.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+Changes in version 0.2.5.10 - 2014-10-24
+  Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
+
+  It adds several new security features, including improved
+  denial-of-service resistance for relays, new compiler hardening
+  options, and a system-call sandbox for hardened installations on Linux
+  (requires seccomp2). The controller protocol has several new features,
+  resolving IPv6 addresses should work better than before, and relays
+  should be a little more CPU-efficient. We've added support for more
+  OpenBSD and FreeBSD transparent proxy types. We've improved the build
+  system and testing infrastructure to allow unit testing of more parts
+  of the Tor codebase. Finally, we've addressed several nagging pluggable
+  transport usability issues, and included numerous other small bugfixes
+  and features mentioned below.
+
+  This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+  have accumulated many known flaws; everyone should upgrade.
+
+  o Major features (security):
+    - The ntor handshake is now on-by-default, no matter what the
+      directory authorities recommend. Implements ticket 8561.
+    - Make the "tor-gencert" tool used by directory authority operators
+      create 2048-bit signing keys by default (rather than 1024-bit, since
+      1024-bit is uncomfortably small these days). Addresses ticket 10324.
+    - Warn about attempts to run hidden services and relays in the same
+      process: that's probably not a good idea. Closes ticket 12908.
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major features (relay security, DoS-resistance):
+    - When deciding whether we have run out of memory and we need to
+      close circuits, also consider memory allocated in buffers for
+      streams attached to each circuit.
+
+      This change, which extends an anti-DoS feature introduced in
+      0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays
+      better resist more memory-based DoS attacks than before. Since the
+      MaxMemInCellQueues option now applies to all queues, it is renamed
+      to MaxMemInQueues. This feature fixes bug 10169.
+    - Avoid hash-flooding denial-of-service attacks by using the secure
+      SipHash-2-4 hash function for our hashtables. Without this
+      feature, an attacker could degrade performance of a targeted
+      client or server by flooding their data structures with a large
+      number of entries to be stored at the same hash table position,
+      thereby slowing down the Tor instance. With this feature, hash
+      table positions are derived from a randomized cryptographic key,
+      and an attacker cannot predict which entries will collide. Closes
+      ticket 4900.
+    - If you don't specify MaxMemInQueues yourself, Tor now tries to
+      pick a good value based on your total system memory. Previously,
+      the default was always 8 GB. You can still override the default by
+      setting MaxMemInQueues yourself. Resolves ticket 11396.
+
+  o Major features (bridges and pluggable transports):
+    - Add support for passing arguments to managed pluggable transport
+      proxies. Implements ticket 3594.
+    - Bridges now track GeoIP information and the number of their users
+      even when pluggable transports are in use, and report usage
+      statistics in their extra-info descriptors. Resolves tickets 4773
+      and 5040.
+    - Don't launch pluggable transport proxies if we don't have any
+      bridges configured that would use them. Now we can list many
+      pluggable transports, and Tor will dynamically start one when it
+      hears a bridge address that needs it. Resolves ticket 5018.
+    - The bridge directory authority now assigns status flags (Stable,
+      Guard, etc) to bridges based on thresholds calculated over all
+      Running bridges. Now bridgedb can finally make use of its features
+      to e.g. include at least one Stable bridge in its answers. Fixes
+      bug 9859.
+
+  o Major features (controller):
+    - Extend ORCONN controller event to include an "ID" parameter,
+      and add four new controller event types CONN_BW, CIRC_BW,
+      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
+      The new events are emitted in private Tor networks only, with the
+      goal of being able to better track performance and load during
+      full-network simulations. Implements proposal 218 and ticket 7359.
+
+  o Major features (relay performance):
+    - Speed up server-side lookups of rendezvous and introduction point
+      circuits by using hashtables instead of linear searches. These
+      functions previously accounted between 3 and 7% of CPU usage on
+      some busy relays. Resolves ticket 9841.
+    - Avoid wasting CPU when extending a circuit over a channel that is
+      nearly out of circuit IDs. Previously, we would do a linear scan
+      over possible circuit IDs before finding one or deciding that we
+      had exhausted our possibilities. Now, we try at most 64 random
+      circuit IDs before deciding that we probably won't succeed. Fixes
+      a possible root cause of ticket 11553.
+
+  o Major features (seccomp2 sandbox, Linux only):
+    - Use the seccomp2 syscall filtering facility on Linux to limit
+      which system calls Tor can invoke. This is an experimental,
+      Linux-only feature to provide defense-in-depth against unknown
+      attacks. To try turning it on, set "Sandbox 1" in your torrc
+      file. Please be ready to report bugs. We hope to add support
+      for better sandboxing in the future, including more fine-grained
+      filters, better division of responsibility, and support for more
+      platforms. This work has been done by Cristian-Matei Toader for
+      Google Summer of Code. Resolves tickets 11351 and 11465.
+
+  o Major features (testing networks):
+    - Make testing Tor networks bootstrap better: lower directory fetch
+      retry schedules and maximum interval without directory requests,
+      and raise maximum download tries. Implements ticket 6752.
+    - Add make target 'test-network' to run tests on a Chutney network.
+      Implements ticket 8530.
+
+  o Major features (other):
+    - On some platforms (currently: recent OSX versions, glibc-based
+      platforms that support the ELF format, and a few other
+      Unix-like operating systems), Tor can now dump stack traces
+      when a crash occurs or an assertion fails. By default, traces
+      are dumped to stderr (if possible) and to any logs that are
+      reporting errors. Implements ticket 9299.
+
+  o Deprecated versions:
+    - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+      attention for some while.
+
+  o Major bugfixes (security, directory authorities):
+    - Directory authorities now include a digest of each relay's
+      identity key as a part of its microdescriptor.
+
+      This is a workaround for bug 11743 (reported by "cypherpunks"),
+      where Tor clients do not support receiving multiple
+      microdescriptors with the same SHA256 digest in the same
+      consensus. When clients receive a consensus like this, they only
+      use one of the relays. Without this fix, a hostile relay could
+      selectively disable some client use of target relays by
+      constructing a router descriptor with a different identity and the
+      same microdescriptor parameters and getting the authorities to
+      list it in a microdescriptor consensus. This fix prevents an
+      attacker from causing a microdescriptor collision, because the
+      router's identity is not forgeable.
+
+  o Major bugfixes (openssl bug workaround):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes
+      bug 13471. This is a workaround for an OpenSSL bug.
+
+  o Major bugfixes (client):
+    - Perform circuit cleanup operations even when circuit
+      construction operations are disabled (because the network is
+      disabled, or because there isn't enough directory information).
+      Previously, when we were not building predictive circuits, we
+      were not closing expired circuits either. Fixes bug 8387; bugfix on
+      0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
+      became more strict about when we have "enough directory information
+      to build circuits".
+
+  o Major bugfixes (client, pluggable transports):
+    - When managing pluggable transports, use OS notification facilities
+      to learn if they have crashed, and don't attempt to kill any
+      process that has already exited. Fixes bug 8746; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (relay denial of service):
+    - Instead of writing destroy cells directly to outgoing connection
+      buffers, queue them and intersperse them with other outgoing cells.
+      This can prevent a set of resource starvation conditions where too
+      many pending destroy cells prevent data cells from actually getting
+      delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
+      bugfix on 0.2.0.1-alpha.
+
+  o Major bugfixes (relay):
+    - Avoid queuing or sending destroy cells for circuit ID zero when we
+      fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
+      Found and fixed by "cypherpunks".
+    - Fix ORPort reachability detection on relays running behind a
+      proxy, by correctly updating the "local" mark on the controlling
+      channel when changing the address of an or_connection_t after the
+      handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
+    - Use a direct dirport connection when uploading non-anonymous
+      descriptors to the directory authorities. Previously, relays would
+      incorrectly use tunnel connections under a fairly wide variety of
+      circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha.
+    - When a circuit accidentally has the same circuit ID for its
+      forward and reverse direction, correctly detect the direction of
+      cells using that circuit. Previously, this bug made roughly one
+      circuit in a million non-functional. Fixes bug 12195; this is a
+      bugfix on every version of Tor.
+
+  o Minor features (security):
+    - New --enable-expensive-hardening option to enable security
+      hardening options that consume nontrivial amounts of CPU and
+      memory. Right now, this includes AddressSanitizer and UbSan, which
+      are supported in newer versions of GCC and Clang. Closes ticket
+      11477.
+    - Authorities now assign the Guard flag to the fastest 25% of the
+      network (it used to be the fastest 50%). Also raise the consensus
+      weight that guarantees the Guard flag from 250 to 2000. For the
+      current network, this results in about 1100 guards, down from 2500.
+      This step paves the way for moving the number of entry guards
+      down to 1 (proposal 236) while still providing reasonable expected
+      performance for most users. Implements ticket 12690.
+
+  o Minor features (security, memory management):
+    - Memory allocation tricks (mempools and buffer freelists) are now
+      disabled by default. You can turn them back on with
+      --enable-mempools and --enable-buf-freelists respectively. We're
+      disabling these features because malloc performance is good enough
+      on most platforms, and a similar feature in OpenSSL exacerbated
+      exploitation of the Heartbleed attack. Resolves ticket 11476.
+
+  o Minor features (bridge client):
+    - Report a more useful failure message when we can't connect to a
+      bridge because we don't have the right pluggable transport
+      configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
+
+  o Minor features (bridge):
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
+
+  o Minor features (bridges, pluggable transports):
+    - Bridges now write the SHA1 digest of their identity key
+      fingerprint (that is, a hash of a hash of their public key) to
+      notice-level logs, and to a new hashed-fingerprint file. This
+      information will help bridge operators look up their bridge in
+      Globe and similar tools. Resolves ticket 10884.
+    - Improve the message that Tor displays when running as a bridge
+      using pluggable transports without an Extended ORPort listener.
+      Also, log the message in the log file too. Resolves ticket 11043.
+    - Add threshold cutoffs to the networkstatus document created by
+      the Bridge Authority. Fixes bug 1117.
+    - On Windows, spawn background processes using the CREATE_NO_WINDOW
+      flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
+      doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
+      Vidalia set this option for us.) Implements ticket 10297.
+
+  o Minor features (build):
+    - The configure script has a --disable-seccomp option to turn off
+      support for libseccomp on systems that have it, in case it (or
+      Tor's use of it) is broken. Resolves ticket 11628.
+    - Assume that a user using ./configure --host wants to cross-compile,
+      and give an error if we cannot find a properly named
+      tool-chain. Add a --disable-tool-name-check option to proceed
+      nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
+    - If we run ./configure and the compiler recognizes -fstack-protector
+      but the linker rejects it, warn the user about a potentially missing
+      libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
+    - Add support for `--library-versions` flag. Implements ticket 6384.
+    - Return the "unexpected sendme" warnings to a warn severity, but make
+      them rate limited, to help diagnose ticket 8093.
+    - Detect a missing asciidoc, and warn the user about it, during
+      configure rather than at build time. Fixes issue 6506. Patch from
+      Arlo Breault.
+
+  o Minor features (client):
+    - Add a new option, PredictedPortsRelevanceTime, to control how long
+      after having received a request to connect to a given port Tor
+      will try to keep circuits ready in anticipation of future requests
+      for that port. Patch from "unixninja92"; implements ticket 9176.
+
+  o Minor features (config options and command line):
+    - Add an --allow-missing-torrc commandline option that tells Tor to
+      run even if the configuration file specified by -f is not available.
+      Implements ticket 10060.
+    - Add support for the TPROXY transparent proxying facility on Linux.
+      See documentation for the new TransProxyType option for more
+      details. Implementation by "thomo". Closes ticket 10582.
+
+  o Minor features (config options):
+    - Config (torrc) lines now handle fingerprints which are missing
+      their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5.
+    - Support a --dump-config option to print some or all of the
+      configured options. Mainly useful for debugging the command-line
+      option parsing code. Helps resolve ticket 4647.
+    - Raise awareness of safer logging: notify user of potentially
+      unsafe config options, like logging more verbosely than severity
+      "notice" or setting SafeLogging to 0. Resolves ticket 5584.
+    - Add a new configuration option TestingV3AuthVotingStartOffset
+      that bootstraps a network faster by changing the timing for
+      consensus votes. Addresses ticket 8532.
+    - Add a new torrc option "ServerTransportOptions" that allows
+      bridge operators to pass configuration parameters to their
+      pluggable transports. Resolves ticket 8929.
+    - The config (torrc) file now accepts bandwidth and space limits in
+      bits as well as bytes. (Anywhere that you can say "2 Kilobytes",
+      you can now say "16 kilobits", and so on.) Resolves ticket 9214.
+      Patch by CharlieB.
+
+  o Minor features (controller):
+    - Make the entire exit policy available from the control port via
+      GETINFO exit-policy/*. Implements enhancement 7952. Patch from
+      "rl1987".
+    - Because of the fix for ticket 11396, the real limit for memory
+      usage may no longer match the configured MaxMemInQueues value. The
+      real limit is now exposed via GETINFO limits/max-mem-in-queues.
+    - Add a new "HS_DESC" controller event that reports activities
+      related to hidden service descriptors. Resolves ticket 8510.
+    - New "DROPGUARDS" controller command to forget all current entry
+      guards. Not recommended for ordinary use, since replacing guards
+      too frequently makes several attacks easier. Resolves ticket 9934;
+      patch from "ra".
+    - Implement the TRANSPORT_LAUNCHED control port event that
+      notifies controllers about new launched pluggable
+      transports. Resolves ticket 5609.
+
+  o Minor features (diagnostic):
+    - When logging a warning because of bug 7164, additionally check the
+      hash table for consistency (as proposed on ticket 11737). This may
+      help diagnose bug 7164.
+    - When we log a heartbeat, log how many one-hop circuits we have
+      that are at least 30 minutes old, and log status information about
+      a few of them. This is an attempt to track down bug 8387.
+    - When encountering an unexpected CR while writing text to a file on
+      Windows, log the name of the file. Should help diagnosing
+      bug 11233.
+    - Give more specific warnings when a client notices that an onion
+      handshake has failed. Fixes ticket 9635.
+    - Add significant new logging code to attempt to diagnose bug 12184,
+      where relays seem to run out of available circuit IDs.
+    - Improve the diagnostic log message for bug 8387 even further to
+      try to improve our odds of figuring out why one-hop directory
+      circuits sometimes do not get closed.
+    - Add more log messages to diagnose bug 7164, which causes
+      intermittent "microdesc_free() called but md was still referenced"
+      warnings. We now include more information, to figure out why we
+      might be cleaning a microdescriptor for being too old if it's
+      still referenced by a live node_t object.
+    - Log current accounting state (bytes sent and received + remaining
+      time for the current accounting period) in the relay's heartbeat
+      message. Implements ticket 5526; patch from Peter Retzlaff.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (interface):
+    - Generate a warning if any ports are listed in the SocksPolicy,
+      DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
+      AuthDirBadExit options. (These options only support address
+      ranges.) Fixes part of ticket 11108.
+
+  o Minor features (kernel API usage):
+    - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
+      sockets in a single system call. Implements ticket 5129.
+
+  o Minor features (log messages):
+    - When ServerTransportPlugin is set on a bridge, Tor can write more
+      useful statistics about bridge use in its extrainfo descriptors,
+      but only if the Extended ORPort ("ExtORPort") is set too. Add a
+      log message to inform the user in this case. Resolves ticket 9651.
+    - When receiving a new controller connection, log the origin address.
+      Resolves ticket 9698; patch from "sigpipe".
+    - When logging OpenSSL engine status at startup, log the status of
+      more engines. Fixes ticket 10043; patch from Joshua Datko.
+
+  o Minor features (log verbosity):
+    - Demote the message that we give when a flushing connection times
+      out for too long from NOTICE to INFO. It was usually meaningless.
+      Resolves ticket 5286.
+    - Don't log so many notice-level bootstrapping messages at startup
+      about downloading descriptors. Previously, we'd log a notice
+      whenever we learned about more routers. Now, we only log a notice
+      at every 5% of progress. Fixes bug 9963.
+    - Warn less verbosely when receiving a malformed
+      ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
+
+  o Minor features (performance):
+    - If we're using the pure-C 32-bit curve25519_donna implementation
+      of curve25519, build it with the -fomit-frame-pointer option to
+      make it go faster on register-starved hosts. This improves our
+      handshake performance by about 6% on i386 hosts without nacl.
+      Closes ticket 8109.
+
+  o Minor features (relay):
+    - If a circuit timed out for at least 3 minutes, check if we have a
+      new external IP address, and publish a new descriptor with the new
+      IP address if it changed. Resolves ticket 2454.
+
+  o Minor features (testing):
+    - If Python is installed, "make check" now runs extra tests beyond
+      the unit test scripts.
+    - When bootstrapping a test network, sometimes very few relays get
+      the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
+      specify a set of relays which should be voted Guard regardless of
+      their uptime or bandwidth. Addresses ticket 9206.
+
+  o Minor features (transparent proxy, *BSD):
+    - Support FreeBSD's ipfw firewall interface for TransPort ports on
+      FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
+      10267; patch from "yurivict".
+    - Support OpenBSD's divert-to rules with the pf firewall for
+      transparent proxy ports. To enable it, set "TransProxyType
+      pf-divert". This allows Tor to run a TransPort transparent proxy
+      port on OpenBSD 4.4 or later without root privileges. See the
+      pf.conf(5) manual page for information on configuring pf to use
+      divert-to rules. Closes ticket 10896; patch from Dana Koch.
+
+  o Minor bugfixes (bridge client):
+    - Stop accepting bridge lines containing hostnames. Doing so would
+      cause clients to perform DNS requests on the hostnames, which was
+      not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (bridges):
+    - Avoid potential crashes or bad behavior when launching a
+      server-side managed proxy with ORPort or ExtORPort temporarily
+      disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
+    - Fix a bug where the first connection works to a bridge that uses a
+      pluggable transport with client-side parameters, but we don't send
+      the client-side parameters on subsequent connections. (We don't
+      use any pluggable transports with client-side parameters yet,
+      but ScrambleSuit will soon become the first one.) Fixes bug 9162;
+      bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
+
+  o Minor bugfixes (build, auxiliary programs):
+    - Stop preprocessing the "torify" script with autoconf, since
+      it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
+      from Guilhem.
+    - The tor-fw-helper program now follows the standard convention and
+      exits with status code "0" on success. Fixes bug 9030; bugfix on
+      0.2.3.1-alpha. Patch by Arlo Breault.
+    - Corrected ./configure advice for what openssl dev package you should
+      install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client):
+    - Avoid "Tried to open a socket with DisableNetwork set" warnings
+      when starting a client with bridges configured and DisableNetwork
+      set. (Tor launcher starts Tor with DisableNetwork set the first
+      time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
+    - Improve the log message when we can't connect to a hidden service
+      because all of the hidden service directory nodes hosting its
+      descriptor are excluded. Improves on our fix for bug 10722, which
+      was a bugfix on 0.2.0.10-alpha.
+    - Raise a control port warning when we fail to connect to all of
+      our bridges. Previously, we didn't inform the controller, and
+      the bootstrap process would stall. Fixes bug 11069; bugfix on
+      0.2.1.2-alpha.
+    - Exit immediately when a process-owning controller exits.
+      Previously, tor relays would wait for a little while after their
+      controller exited, as if they had gotten an INT signal -- but this
+      was problematic, since there was no feedback for the user. To do a
+      clean shutdown, controllers should send an INT signal and give Tor
+      a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta.
+    - Stop attempting to connect to bridges before our pluggable
+      transports are configured (harmless but resulted in some erroneous
+      log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha.
+    - Fix connections to IPv6 addresses over SOCKS5. Previously, we were
+      generating incorrect SOCKS5 responses, and confusing client
+      applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (client, DNSPort):
+    - When using DNSPort, try to respond to AAAA requests with AAAA
+      answers. Previously, we hadn't looked at the request type when
+      deciding which answer type to prefer. Fixes bug 10468; bugfix on
+      0.2.4.7-alpha.
+    - When receiving a DNS query for an unsupported record type, reply
+      with no answer rather than with a NOTIMPL error. This behavior
+      isn't correct either, but it will break fewer client programs, we
+      hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
+      from "epoch".
+
+  o Minor bugfixes (client, logging during bootstrap):
+    - Only report the first fatal bootstrap error on a given OR
+      connection. This stops us from telling the controller bogus error
+      messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
+    - Avoid generating spurious warnings when starting with
+      DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
+      0.2.3.9-alpha.
+
+  o Minor bugfixes (closing OR connections):
+    - If write_to_buf() in connection_write_to_buf_impl_() ever fails,
+      check if it's an or_connection_t and correctly call
+      connection_or_close_for_error() rather than
+      connection_mark_for_close() directly. Fixes bug 11304; bugfix on
+      0.2.4.4-alpha.
+    - When closing all connections on setting DisableNetwork to 1, use
+      connection_or_close_normally() rather than closing OR connections
+      out from under the channel layer. Fixes bug 11306; bugfix on
+      0.2.4.4-alpha.
+
+  o Minor bugfixes (code correctness):
+    - Previously we used two temporary files when writing descriptors to
+      disk; now we only use one. Fixes bug 1376.
+    - Remove an erroneous (but impossible and thus harmless) pointer
+      comparison that would have allowed compilers to skip a bounds
+      check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
+      0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
+    - Fix an always-true assertion in pluggable transports code so it
+      actually checks what it was trying to check. Fixes bug 10046;
+      bugfix on 0.2.3.9-alpha. Found by "dcb".
+
+  o Minor bugfixes (command line):
+    - Use a single command-line parser for parsing torrc options on the
+      command line and for finding special command-line options to avoid
+      inconsistent behavior for torrc option arguments that have the same
+      names as command-line options. Fixes bugs 4647 and 9578; bugfix on
+      0.0.9pre5.
+    - No longer allow 'tor --hash-password' with no arguments. Fixes bug
+      9573; bugfix on 0.0.9pre5.
+
+  o Minor bugfixes (compilation):
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+    - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
+      turned off (that is, without support for v2 link handshakes). Fixes
+      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
+    - In routerlist_assert_ok(), don't take the address of a
+      routerinfo's cache_info member unless that routerinfo is non-NULL.
+      Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
+    - Fix a large number of false positive warnings from the clang
+      analyzer static analysis tool. This should make real warnings
+      easier for clang analyzer to find. Patch from "teor". Closes
+      ticket 13036.
+    - Resolve GCC complaints on OpenBSD about discarding constness in
+      TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix
+      on 0.1.1.23. Patch from Dana Koch.
+    - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
+      treatment of long and time_t as comparable types. Fixes part of
+      bug 11633. Patch from Dana Koch.
+    - When deciding whether to build the 64-bit curve25519
+      implementation, detect platforms where we can compile 128-bit
+      arithmetic but cannot link it. Fixes bug 11729; bugfix on
+      0.2.4.8-alpha. Patch from "conradev".
+    - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
+      bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
+    - Fix compilation with dmalloc. Fixes bug 11605; bugfix
+      on 0.2.4.10-alpha.
+    - Build and run correctly on systems like OpenBSD-current that have
+      patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
+
+  o Minor bugfixes (controller and command-line):
+    - If changing a config option via "setconf" fails in a recoverable
+      way, we used to nonetheless write our new control ports to the
+      file described by the "ControlPortWriteToFile" option. Now we only
+      write out that file if we successfully switch to the new config
+      option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
+
+  o Minor bugfixes (directory server):
+    - No longer accept malformed http headers when parsing urls from
+      headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
+      bugfix on 0.0.6pre1.
+    - When sending a compressed set of descriptors or microdescriptors,
+      make sure to finalize the zlib stream. Previously, we would write
+      all the compressed data, but if the last descriptor we wanted to
+      send was missing or too old, we would not mark the stream as
+      finished. This caused problems for decompression tools. Fixes bug
+      11648; bugfix on 0.1.1.23.
+
+  o Minor bugfixes (hidden service):
+    - Only retry attempts to connect to a chosen rendezvous point 8
+      times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (interface):
+    - Reject relative control socket paths and emit a warning. Previously,
+      single-component control socket paths would be rejected, but Tor
+      would not log why it could not validate the config. Fixes bug 9258;
+      bugfix on 0.2.3.16-alpha.
+
+  o Minor bugfixes (log messages):
+    - Fix a bug where clients using bridges would report themselves
+      as 50% bootstrapped even without a live consensus document.
+      Fixes bug 9922; bugfix on 0.2.1.1-alpha.
+    - Suppress a warning where, if there's only one directory authority
+      in the network, we would complain that votes and signatures cannot
+      be uploaded to other directory authorities. Fixes bug 10842;
+      bugfix on 0.2.2.26-beta.
+    - Report bootstrapping progress correctly when we're downloading
+      microdescriptors. We had updated our "do we have enough microdescs
+      to begin building circuits?" logic most recently in 0.2.4.10-alpha
+      (see bug 5956), but we left the bootstrap status event logic at
+      "how far through getting 1/4 of them are we?" Fixes bug 9958;
+      bugfix on 0.2.2.36, which is where they diverged (see bug 5343).
+
+  o Minor bugfixes (logging):
+    - Downgrade "Unexpected onionskin length after decryption" warning
+      to a protocol-warn, since there's nothing relay operators can do
+      about a client that sends them a malformed create cell. Resolves
+      bug 12996; bugfix on 0.0.6rc1.
+    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
+      cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
+    - When logging information about an EXTEND2 or EXTENDED2 cell, log
+      their names correctly. Fixes part of bug 12700; bugfix
+      on 0.2.4.8-alpha.
+    - When logging information about a relay cell whose command we don't
+      recognize, log its command as an integer. Fixes part of bug 12700;
+      bugfix on 0.2.1.10-alpha.
+    - Escape all strings from the directory connection before logging
+      them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
+    - Squelch a spurious LD_BUG message "No origin circuit for
+      successful SOCKS stream" in certain hidden service failure cases;
+      fixes bug 10616.
+    - Downgrade the severity of the 'unexpected sendme cell from client'
+      from 'warn' to 'protocol warning'. Closes ticket 8093.
+
+  o Minor bugfixes (misc code correctness):
+    - In munge_extrainfo_into_routerinfo(), check the return value of
+      memchr(). This would have been a serious issue if we ever passed
+      it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
+      from Arlo Breault.
+    - On the chance that somebody manages to build Tor on a
+      platform where time_t is unsigned, correct the way that
+      microdesc_add_to_cache() handles negative time arguments.
+      Fixes bug 8042; bugfix on 0.2.3.1-alpha.
+    - Fix various instances of undefined behavior in channeltls.c,
+      tor_memmem(), and eventdns.c that would cause us to construct
+      pointers to memory outside an allocated object. (These invalid
+      pointers were not accessed, but C does not even allow them to
+      exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha,
+      0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom".
+    - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
+      fix some miscellaneous errors in our tests and codebase. Fixes bug
+      11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
+    - Always check return values for unlink, munmap, UnmapViewOfFile;
+      check strftime return values more often. In some cases all we can
+      do is report a warning, but this may help prevent deeper bugs from
+      going unnoticed. Closes ticket 8787; bugfixes on many, many tor
+      versions.
+    - Fix numerous warnings from the clang "scan-build" static analyzer.
+      Some of these are programming style issues; some of them are false
+      positives that indicated awkward code; some are undefined behavior
+      cases related to constructing (but not using) invalid pointers;
+      some are assumptions about API behavior; some are (harmlessly)
+      logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be
+      correct; and one or two are genuine bugs that weren't reachable
+      from the rest of the program. Fixes bug 8793; bugfixes on many,
+      many tor versions.
+
+  o Minor bugfixes (node selection):
+    - If ExcludeNodes is set, consider non-excluded hidden service
+      directory servers before excluded ones. Do not consider excluded
+      hidden service directory servers at all if StrictNodes is
+      set. (Previously, we would sometimes decide to connect to those
+      servers, and then realize before we initiated a connection that
+      we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
+      Reported by "mr-4".
+    - If we set the ExitNodes option but it doesn't include any nodes
+      that have the Exit flag, we would choose not to bootstrap. Now we
+      bootstrap so long as ExitNodes includes nodes which can exit to
+      some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (performance):
+    - Avoid a bug where every successful connection made us recompute
+      the flag telling us whether we have sufficient information to
+      build circuits. Previously, we would forget our cached value
+      whenever we successfully opened a channel (or marked a router as
+      running or not running for any other reason), regardless of
+      whether we had previously believed the router to be running. This
+      forced us to run an expensive update operation far too often.
+      Fixes bug 12170; bugfix on 0.1.2.1-alpha.
+    - Avoid using tor_memeq() for checking relay cell integrity. This
+      removes a possible performance bottleneck. Fixes part of bug
+      12169; bugfix on 0.2.1.31.
+
+  o Minor bugfixes (platform-specific):
+    - When dumping a malformed directory object to disk, save it in
+      binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
+      0.2.2.1-alpha.
+    - Don't report failures from make_socket_reuseable() on incoming
+      sockets on OSX: this can happen when incoming connections close
+      early. Fixes bug 10081.
+
+  o Minor bugfixes (pluggable transports):
+    - Avoid another 60-second delay when starting Tor in a pluggable-
+      transport-using configuration when we already have cached
+      descriptors for our bridges. Fixes bug 11965; bugfix
+      on 0.2.3.6-alpha.
+
+  o Minor bugfixes (protocol correctness):
+    - When receiving a VERSIONS cell with an odd number of bytes, close
+      the connection immediately since the cell is malformed. Fixes bug
+      10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
+      "rl1987".
+
+  o Minor bugfixes (relay, other):
+    - We now drop CREATE cells for already-existent circuit IDs and for
+      zero-valued circuit IDs, regardless of other factors that might
+      otherwise have called for DESTROY cells. Fixes bug 12191; bugfix
+      on 0.0.8pre1.
+    - When rejecting DATA cells for stream_id zero, still count them
+      against the circuit's deliver window so that we don't fail to send
+      a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (relay, threading):
+    - Check return code on spawn_func() in cpuworker code, so that we
+      don't think we've spawned a nonworking cpuworker and write junk to
+      it forever. Fix related to bug 4345; bugfix on all released Tor
+      versions. Found by "skruffy".
+    - Use a pthread_attr to make sure that spawn_func() cannot return an
+      error while at the same time launching a thread. Fix related to
+      bug 4345; bugfix on all released Tor versions. Reported
+      by "cypherpunks".
+
+  o Minor bugfixes (relays and bridges):
+    - Avoid crashing on a malformed resolv.conf file when running a
+      relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
+    - Non-exit relays no longer launch mock DNS requests to check for
+      DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
+      non-exit relays stopped servicing DNS requests. Fixes bug 965;
+      bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
+    - Bridges now report complete directory request statistics. Related
+      to bug 5824; bugfix on 0.2.2.1-alpha.
+    - Bridges now never collect statistics that were designed for
+      relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha.
+
+  o Minor bugfixes (testing):
+    - Fix all valgrind warnings produced by the unit tests. There were
+      over a thousand memory leak warnings previously, mostly produced
+      by forgetting to free things in the unit test code. Fixes bug
+      11618, bugfixes on many versions of Tor.
+
+  o Minor bugfixes (tor-fw-helper):
+    - Give a correct log message when tor-fw-helper fails to launch.
+      (Previously, we would say something like "tor-fw-helper sent us a
+      string we could not parse".) Fixes bug 9781; bugfix
+      on 0.2.4.2-alpha.
+
+  o Minor bugfixes (trivial memory leaks):
+    - Fix a small memory leak when signing a directory object. Fixes bug
+      11275; bugfix on 0.2.4.13-alpha.
+    - Resolve some memory leaks found by coverity in the unit tests, on
+      exit in tor-gencert, and on a failure to compute digests for our
+      own keys when generating a v3 networkstatus vote. These leaks
+      should never have affected anyone in practice.
+
+  o Code simplification and refactoring:
+    - Remove some old fallback code designed to keep Tor clients working
+      in a network with only two working relays. Elsewhere in the code we
+      have long since stopped supporting such networks, so there wasn't
+      much point in keeping it around. Addresses ticket 9926.
+    - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
+      bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
+    - Extract the common duplicated code for creating a subdirectory
+      of the data directory and writing to a file in it. Fixes ticket
+      4282; patch from Peter Retzlaff.
+    - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output
+      buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(),
+      i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170.
+    - Add a set of accessor functions for the circuit timeout data
+      structure. Fixes ticket 6153; patch from "piet".
+    - Clean up exit paths from connection_listener_new(). Closes ticket
+      8789. Patch from Arlo Breault.
+    - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp()
+      and drop our own custom pkey_eq() implementation. Fixes bug 9043.
+    - Use a doubly-linked list to implement the global circuit list.
+      Resolves ticket 9108. Patch from Marek Majkowski.
+    - Remove contrib/id_to_fp.c since it wasn't used anywhere.
+    - Remove constants and tests for PKCS1 padding; it's insecure and
+      shouldn't be used for anything new. Fixes bug 8792; patch
+      from Arlo Breault.
+    - Remove instances of strcpy() from the unit tests. They weren't
+      hurting anything, since they were only in the unit tests, but it's
+      embarassing to have strcpy() in the code at all, and some analysis
+      tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and
+      0.2.3.8-alpha. Patch from Arlo Breault.
+    - Remove is_internal_IP() function. Resolves ticket 4645.
+    - Remove unused function circuit_dump_by_chan from circuitlist.c.
+      Closes issue 9107; patch from "marek".
+    - Change our use of the ENUM_BF macro to avoid declarations that
+      confuse Doxygen.
+    - Get rid of router->address, since in all cases it was just the
+      string representation of router->addr. Resolves ticket 5528.
+
+  o Documentation:
+    - Adjust the URLs in the README to refer to the new locations of
+      several documents on the website. Fixes bug 12830. Patch from
+      Matt Pagan.
+    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
+      ticket 12878.
+    - Update manpage to describe some of the files you can expect to
+      find in Tor's DataDirectory. Addresses ticket 9839.
+    - Clean up several option names in the manpage to match their real
+      names, add the missing documentation for a couple of testing and
+      directory authority options, remove the documentation for a
+      V2-directory fetching option that no longer exists. Resolves
+      ticket 11634.
+    - Correct the documenation so that it lists the correct directory
+      for the stats files. (They are in a subdirectory called "stats",
+      not "status".)
+    - In the manpage, move more authority-only options into the
+      directory authority section so that operators of regular directory
+      caches don't get confused.
+    - Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
+      11061; bugfix on 0.2.4.7-alpha.
+    - Resolve warnings from Doxygen.
+    - Document in the manpage that "KBytes" may also be written as
+      "kilobytes" or "KB", that "Kbits" may also be written as
+      "kilobits", and so forth. Closes ticket 9222.
+    - Document that the ClientOnly config option overrides ORPort.
+      Our old explanation made ClientOnly sound as though it did
+      nothing at all. Resolves bug 9059.
+    - Explain that SocksPolicy, DirPolicy, and similar options don't
+      take port arguments. Fixes the other part of ticket 11108.
+    - Fix a comment about the rend_server_descriptor_t.protocols field
+      to more accurately describe its range. Also, make that field
+      unsigned, to more accurately reflect its usage. Fixes bug 9099;
+      bugfix on 0.2.1.5-alpha.
+    - Fix the manpage's description of HiddenServiceAuthorizeClient:
+      the maximum client name length is 16, not 19. Fixes bug 11118;
+      bugfix on 0.2.1.6-alpha.
+
+  o Package cleanup:
+    - The contrib directory has been sorted and tidied. Before, it was
+      an unsorted dumping ground for useful and not-so-useful things.
+      Now, it is divided based on functionality, and the items which
+      seemed to be nonfunctional or useless have been removed. Resolves
+      ticket 8966; based on patches from "rl1987".
+
+  o Removed code and features:
+    - Clients now reject any directory authority certificates lacking
+      a dir-key-crosscert element. These have been included since
+      0.2.1.9-alpha, so there's no real reason for them to be optional
+      any longer. Completes proposal 157. Resolves ticket 10162.
+    - Remove all code that existed to support the v2 directory system,
+      since there are no longer any v2 directory authorities. Resolves
+      ticket 10758.
+    - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
+      options, which were used for designating authorities as "Hidden
+      service authorities". There has been no use of hidden service
+      authorities since 0.2.2.1-alpha, when we stopped uploading or
+      downloading v0 hidden service descriptors. Fixes bug 10881; also
+      part of a fix for bug 10841.
+    - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
+      and MTBF calculations, but that nobody was using. Fixes bug 11742.
+    - The TunnelDirConns and PreferTunnelledDirConns options no longer
+      exist; tunneled directory connections have been available since
+      0.1.2.5-alpha, and turning them off is not a good idea. This is a
+      brute-force fix for 10849, where "TunnelDirConns 0" would break
+      hidden services.
+    - Remove all code for the long unused v1 directory protocol.
+      Resolves ticket 11070.
+    - Remove all remaining code related to version-0 hidden service
+      descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
+      the rest of bug 10841.
+    - Remove migration code from when we renamed the "cached-routers"
+      file to "cached-descriptors" back in 0.2.0.8-alpha. This
+      incidentally resolves ticket 6502 by cleaning up the related code
+      a bit. Patch from Akshay Hebbar.
+
+  o Test infrastructure:
+    - Tor now builds each source file in two modes: a mode that avoids
+      exposing identifiers needlessly, and another mode that exposes
+      more identifiers for testing. This lets the compiler do better at
+      optimizing the production code, while enabling us to take more
+      radical measures to let the unit tests test things.
+    - The production builds no longer include functions used only in
+      the unit tests; all functions exposed from a module only for
+      unit-testing are now static in production builds.
+    - Add an --enable-coverage configuration option to make the unit
+      tests (and a new src/or/tor-cov target) to build with gcov test
+      coverage support.
+    - Update to the latest version of tinytest.
+    - Improve the tinytest implementation of string operation tests so
+      that comparisons with NULL strings no longer crash the tests; they
+      now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
+    - New macros in test.h to simplify writing mock-functions for unit
+      tests. Part of ticket 11507. Patch from Dana Koch.
+    - We now have rudimentary function mocking support that our unit
+      tests can use to test functions in isolation. Function mocking
+      lets the tests temporarily replace a function's dependencies with
+      stub functions, so that the tests can check the function without
+      invoking the other functions it calls.
+
+  o Testing:
+    - Complete tests for the status.c module. Resolves ticket 11507.
+      Patch from Dana Koch.
+    - Add more unit tests for the <circid,channel>->circuit map, and
+      the destroy-cell-tracking code to fix bug 7912.
+    - Unit tests for failing cases of the TAP onion handshake.
+    - More unit tests for address-manipulation functions.
+
+  o Distribution (systemd):
+    - Include a tor.service file in contrib/dist for use with systemd.
+      Some distributions will be able to use this file unmodified;
+      others will need to tweak it, or write their own. Patch from Jamie
+      Nguyen; resolves ticket 8368.
+    - Verify configuration file via ExecStartPre in the systemd unit
+      file. Patch from intrigeri; resolves ticket 12730.
+    - Explicitly disable RunAsDaemon in the systemd unit file. Our
+      current systemd unit uses "Type = simple", so systemd does not
+      expect tor to fork. If the user has "RunAsDaemon 1" in their
+      torrc, then things won't work as expected. This is e.g. the case
+      on Debian (and derivatives), since there we pass "--defaults-torrc
+      /usr/share/tor/tor-service-defaults-torrc" (that contains
+      "RunAsDaemon 1") by default. Patch by intrigeri; resolves
+      ticket 12731.
+
+
+Changes in version 0.2.4.25 - 2014-10-20
+  Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor).
+
+  o Major security fixes (also in 0.2.5.9-rc):
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+
+Changes in version 0.2.4.24 - 2014-09-22
+  Tor 0.2.4.24 fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.4.23 - 2014-07-28
+  Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
+  guard rotation, and also backports several important fixes from the
+  Tor 0.2.5 alpha release series.
+
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes:
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Minor bugfixes:
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+    - Avoid an illegal read from stack when initializing the TLS
+      module using a version of OpenSSL without all of the ciphers
+      used by the v2 link handshake. Fixes bug 12227; bugfix on
+      0.2.4.8-alpha.  Found by "starlight".
+
+  o Minor features:
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.4.22 - 2014-05-16
   Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
   alpha release series. These include blocking all authority signing
@@ -1908,7 +4882,7 @@ Changes in version 0.2.3.25 - 2012-11-19
       but not that other sensitive operations on the client and service
       side are not performed using single-hop circuits. Fixes bug 3332;
       bugfix on 0.0.6.
-    - Avoid undefined behaviour when parsing the list of supported
+    - Avoid undefined behavior when parsing the list of supported
       rendezvous/introduction protocols in a hidden service descriptor.
       Previously, Tor would have confused (as-yet-unused) protocol version
       numbers greater than 32 with lower ones on many platforms. Fixes
@@ -1926,7 +4900,7 @@ Changes in version 0.2.3.25 - 2012-11-19
 
   o Minor bugfixes (hidden services, service-side):
     - Don't close hidden-service-side rendezvous circuits when they
-      reach the normal circuit-build timeout. This behaviour change can
+      reach the normal circuit-build timeout. This behavior change can
       be disabled using the new
       CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
       remaining part of bug 1297; bugfix on 0.2.2.2-alpha.
@@ -3755,7 +6729,7 @@ Changes in version 0.2.2.32 - 2011-08-27
     - Resolve an edge case in path weighting that could make us misweight
       our relay selection. Fixes bug 1203; bugfix on 0.0.8rc1.
     - Make the DNSPort option work with libevent 2.x. Don't alter the
-      behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+      behavior for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
 
   o Minor bugfixes (directory authorities):
     - Make directory authorities more accurate at recording when
@@ -3970,14 +6944,14 @@ Changes in version 0.2.2.32 - 2011-08-27
       passing it to the kernel. (Not a security issue: kernels are
       smart enough to reject bad sockaddr_uns.) Found by Coverity;
       CID #428. Bugfix on Tor 0.2.0.3-alpha.
-    - Make connection_printf_to_buf()'s behaviour sane. Its callers
+    - Make connection_printf_to_buf()'s behavior sane. Its callers
       expect it to emit a CRLF iff the format string ends with CRLF;
       it actually emitted a CRLF iff (a) the format string ended with
       CRLF or (b) the resulting string was over 1023 characters long or
       (c) the format string did not end with CRLF *and* the resulting
       string was 1021 characters long or longer. Bugfix on 0.1.1.9-alpha;
       fixes part of bug 3407.
-    - Make send_control_event_impl()'s behaviour sane. Its callers
+    - Make send_control_event_impl()'s behavior sane. Its callers
       expect it to always emit a CRLF at the end of the string; it
       might have emitted extra control characters as well. Bugfix on
       0.1.1.9-alpha; fixes another part of bug 3407.
@@ -3986,7 +6960,7 @@ Changes in version 0.2.2.32 - 2011-08-27
       negative number if given a value above INT_MAX+1. Found by George
       Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
     - Fix a potential null-pointer dereference while computing a
-      consensus. Bugfix on tor-0.2.0.3-alpha, found with the help of
+      consensus. Bugfix on 0.2.0.3-alpha, found with the help of
       clang's analyzer.
     - If we fail to compute the identity digest of a v3 legacy keypair,
       warn, and don't use a buffer-full of junk instead. Bugfix on
diff --git a/acinclude.m4 b/acinclude.m4
index 7401e0b242..7b1aab2f99 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2,7 +2,7 @@ dnl Helper macros for Tor configure.ac
 dnl Copyright (c) 2001-2004, Roger Dingledine
 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2008, Roger Dingledine, Nick Mathewson
-dnl Copyright (c) 2007-2013, The Tor Project, Inc.
+dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_DEFUN([TOR_EXTEND_CODEPATH],
@@ -109,7 +109,7 @@ if test -f /etc/debian_version && test x"$tor_$1_$2_debian" != x; then
   fi 
 fi
 if test -f /etc/fedora-release && test x"$tor_$1_$2_redhat" != x; then
-  AC_WARN([On Fedora Core, you can install$h $1 using "yum install $tor_$1_$2_redhat"])
+  AC_WARN([On Fedora, you can install$h $1 using "dnf install $tor_$1_$2_redhat"])
   if test x"$tor_$1_$2_redhat" != x"$tor_$1_devpkg_redhat"; then 
     AC_WARN([   You will probably need to install $tor_$1_devpkg_redhat too.])
   fi 
@@ -137,7 +137,7 @@ dnl
 AC_DEFUN([TOR_SEARCH_LIBRARY], [
 try$1dir=""
 AC_ARG_WITH($1-dir,
-  [  --with-$1-dir=PATH    Specify path to $1 installation ],
+  AS_HELP_STRING(--with-$1-dir=PATH, [specify path to $1 installation]),
   [
      if test x$withval != xno ; then
         try$1dir="$withval"
diff --git a/changes/.dummy b/changes/.dummy
new file mode 100644
index 0000000000..dd9738feb2
--- /dev/null
+++ b/changes/.dummy
@@ -0,0 +1,37 @@
+This file is here to keep git from removing the changes directory when
+all the changes files have been merged.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+"I'm Nobody! Who are you?
+ Are you--Nobody--too?
+ Then there's a pair of us!
+ Don’t tell! they'd advertise--you know!
+
+ How dreary--to be--Somebody!
+ How public--like a Frog--
+ To tell one's name--the livelong June--
+ To an admiring Bog!"
+    -- Emily Dickinson
+
diff --git a/changes/13295 b/changes/13295
deleted file mode 100644
index 433432595f..0000000000
--- a/changes/13295
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Disable sandbox name resolver cache when running tor-resolve:
-      tor-resolve doesn't use the sandbox code, and turning it on was
-      breaking attempts to do tor-resolve on a non-default server on
-      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
diff --git a/changes/asciidoc-UTC b/changes/asciidoc-UTC
new file mode 100644
index 0000000000..21fbfc1d67
--- /dev/null
+++ b/changes/asciidoc-UTC
@@ -0,0 +1,4 @@
+  o Minor bugfixes (build):
+    - When building manual pages, set the timezone to "UTC", so that the
+      output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha.
+      Patch from intrigeri.
diff --git a/changes/broken-028-fallbacks b/changes/broken-028-fallbacks
new file mode 100644
index 0000000000..698fd6e37a
--- /dev/null
+++ b/changes/broken-028-fallbacks
@@ -0,0 +1,3 @@
+  o Minor feature (fallback directories):
+    - Remove broken fallbacks from the hard-coded fallback directory list.
+      Closes ticket 20190; patch by teor.
diff --git a/changes/bug20384 b/changes/buf-sentinel
index 591015ad94..7c5b829c19 100644
--- a/changes/bug20384
+++ b/changes/buf-sentinel
@@ -1,10 +1,11 @@
   o Major features (security fixes):
+
     - Prevent a class of security bugs caused by treating the contents
-      of a buffer chunk as if they were a NUL-terminated string. At
+      of a buffer chunk as if they were a NUL-terminated string.  At
       least one such bug seems to be present in all currently used
       versions of Tor, and would allow an attacker to remotely crash
       most Tor instances, especially those compiled with extra compiler
       hardening. With this defense in place, such bugs can't crash Tor,
-      though we should still fix them as they occur. Closes ticket
-      20384 (TROVE-2016-10-001).
+      though we should still fix them as they occur. Closes ticket 20384
+      (TROVE-2016-10-001).
 
diff --git a/changes/bufferevent_compilation b/changes/bufferevent_compilation
deleted file mode 100644
index 3a328731fe..0000000000
--- a/changes/bufferevent_compilation
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Fix compilation when building with bufferevents enabled. (This
-      configuration is still not expected to work, however.)
-      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
-      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
-      Gunasekaran.
diff --git a/changes/bug1038-3 b/changes/bug1038-3
deleted file mode 100644
index 5af4afa46f..0000000000
--- a/changes/bug1038-3
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Warn and drop the circuit if we receive an inbound 'relay early'
-      cell. Those used to be normal to receive on hidden service circuits
-      due to bug 1038, but the buggy Tor versions are long gone from
-      the network so we can afford to resume watching for them. Resolves
-      the rest of bug 1038; bugfix on 0.2.1.19.
diff --git a/changes/bug11200-caching b/changes/bug11200-caching
deleted file mode 100644
index e3fbaeca73..0000000000
--- a/changes/bug11200-caching
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes:
-    - When Tor starts with DisabledNetwork set, it would correctly
-      conclude that it shouldn't try making circuits, but it would
-      mistakenly cache this conclusion and continue believing it even
-      when DisableNetwork is set to 0. Fixes the bug introduced by the
-      fix for bug 11200; bugfix on 0.2.5.4-alpha.
-
diff --git a/changes/bug12160 b/changes/bug12160
deleted file mode 100644
index 2a7ace3410..0000000000
--- a/changes/bug12160
+++ /dev/null
@@ -1,4 +0,0 @@
- o Bugfixes
-   - Correctly update the local mark on the controlling channel when changing
-     the address of an or_connection_t after the handshake.  Fixes bug #12160;
-     bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug12602 b/changes/bug12602
deleted file mode 100644
index 29fa49ac45..0000000000
--- a/changes/bug12602
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (portability):
-    - Compile correctly with builds and forks of OpenSSL (such as
-      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
-      0.2.1.1-alpha. Patch from "dhill".
-
diff --git a/changes/bug12700 b/changes/bug12700
deleted file mode 100644
index 1d8caeb8bd..0000000000
--- a/changes/bug12700
+++ /dev/null
@@ -1,10 +0,0 @@
-  o Minor bugfixes:
-    - When logging information about an EXTEND2 or EXTENDED2 cell, log
-      their names correctly. Fixes part of bug 12700; bugfix on
-      0.2.4.8-alpha.
-
-  o Minor bugfixes:
-    - When logging information about a relay cell whose command we
-      don't recognize, log its command as an integer. Fixes part of
-      bug 12700; bugfix on 0.2.1.10-alpha.
-
diff --git a/changes/bug12718 b/changes/bug12718
deleted file mode 100644
index 0c5f708446..0000000000
--- a/changes/bug12718
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Correct a confusing error message when trying to extend a circuit
-      via the control protocol but we don't know a descriptor or
-      microdescriptor for one of the specified relays. Fixes bug 12718;
-      bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug12730-systemd-verify-config b/changes/bug12730-systemd-verify-config
deleted file mode 100644
index 221633c78e..0000000000
--- a/changes/bug12730-systemd-verify-config
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Distribution:
-    - Verify configuration file via ExecStartPre in the systemd unit file.
-      Patch from intrigeri; resolves ticket 12730.
diff --git a/changes/bug12731-systemd-no-run-as-daemon b/changes/bug12731-systemd-no-run-as-daemon
deleted file mode 100644
index f92e5aff00..0000000000
--- a/changes/bug12731-systemd-no-run-as-daemon
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Distribution:
-    - Explicitly disable RunAsDaemon in the systemd unit file.
-      Our current systemd unit uses "Type = simple", so systemd does
-      not expect tor to fork. If the user has "RunAsDaemon 1" in their
-      torrc, then things won't work as expected. This is e.g. the case
-      on Debian (and derivatives), since there we pass
-      "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
-      (that contains "RunAsDaemon 1") by default.
-      Patch by intrigeri; resolves ticket 12731.
diff --git a/changes/bug12830 b/changes/bug12830
deleted file mode 100644
index 835ebe2fa7..0000000000
--- a/changes/bug12830
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Documentation:
-    - Adjust the URLs in the README to refer to the new locations of
-      several documents on the website. Patch from Matt Pagan. Fixes
-      bug 12830.
diff --git a/changes/bug12848 b/changes/bug12848
deleted file mode 100644
index 7aa79c395e..0000000000
--- a/changes/bug12848
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major bugfixes (relay):
-    - Avoid queuing or sending destroy cells for circuit ID zero when
-      we fail to send a CREATE cell. Fixes bug 12848; bugfix on
-      0.0.8pre1. Found and fixed by "cypherpunks".
diff --git a/changes/bug12864 b/changes/bug12864
deleted file mode 100644
index 79e751f427..0000000000
--- a/changes/bug12864
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
-      12864; bugfix on 0.2.5.1-alpha.
-
-  o Minor features:
-    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
-      cookie file for the ExtORPort g+r by default.
diff --git a/changes/bug12878 b/changes/bug12878
deleted file mode 100644
index a05fc446b9..0000000000
--- a/changes/bug12878
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Documentation:
-    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves 
-      ticket 12878.
diff --git a/changes/bug12908 b/changes/bug12908
deleted file mode 100644
index bd6784cbd2..0000000000
--- a/changes/bug12908
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Warn about attempts to run hidden services and relays in the
-      same process: that's probably not a good idea. Closes ticket
-      12908.
diff --git a/changes/bug12948 b/changes/bug12948
deleted file mode 100644
index 431c0a1019..0000000000
--- a/changes/bug12948
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes:
-    - Resume expanding abbreviations for command-line options. The fix
-      for bug 4647 accidentally removed our hack from bug 586 that rewrote
-      HashedControlPassword to __HashedControlSessionPassword when it
-      appears on the commandline (which allowed the user to set her
-      own HashedControlPassword in the torrc file while the controller
-      generates a fresh session password for each run). Fixes bug 12948;
-      bugfix on 0.2.5.1-alpha.
diff --git a/changes/bug12996 b/changes/bug12996
deleted file mode 100644
index 4b4fb0dceb..0000000000
--- a/changes/bug12996
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Downgrade "Unexpected onionskin length after decryption" warning
-      to a protocol-warn, since there's nothing relay operators can do
-      about a client that sends them a malformed create cell. Resolves
-      bug 12996; bugfix on 0.0.6rc1.
diff --git a/changes/bug12997 b/changes/bug12997
deleted file mode 100644
index fb6e7a8459..0000000000
--- a/changes/bug12997
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell
-      on a cannibalized or non-OR circuit. Resolves ticket 12997.
diff --git a/changes/bug13071 b/changes/bug13071
deleted file mode 100644
index 8212b6c049..0000000000
--- a/changes/bug13071
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (relay):
-    - Escape all strings from the directory connection before logging them.
-      Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
diff --git a/changes/bug13081 b/changes/bug13081
deleted file mode 100644
index 154f73fb0a..0000000000
--- a/changes/bug13081
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Compilation fixes:
-    - Make the nmake make files work again. Fixes bug 13081. Bugfix on 0.2.5.1-alpha. Patch
-      from "NewEraCracker".
diff --git a/changes/bug13085 b/changes/bug13085
deleted file mode 100644
index a46457c797..0000000000
--- a/changes/bug13085
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (controller):
-    - Actually send TRANSPORT_LAUNCHED and HS_DESC events to controllers.
-      Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch by "teor".
diff --git a/changes/bug13096 b/changes/bug13096
deleted file mode 100644
index 521faaf143..0000000000
--- a/changes/bug13096
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (conformance):
-    - In routerlist_assert_ok(), don't take the address of a routerinfo's
-      cache_info member unless that routerinfo is non-NULL. Fixes bug
-      13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
diff --git a/changes/bug13100 b/changes/bug13100
deleted file mode 100644
index bbe43e65a7..0000000000
--- a/changes/bug13100
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Directory authority changes:
-    - Change IP address for gabelmoo (v3 directory authority).
-
diff --git a/changes/bug13124 b/changes/bug13124
deleted file mode 100644
index be7df70347..0000000000
--- a/changes/bug13124
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Minor bugfixes:
-    - Reduce the log severity of the "Pluggable transport proxy does
-      not provide any needed transports and will not be launched."
-      message, since Tor Browser includes several ClientTransportPlugin
-      lines in its torrc-defaults file, leading every Tor Browser user
-      who looks at her logs to see these notices and wonder if they're
-      dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha.
-
diff --git a/changes/bug13151-client b/changes/bug13151-client
deleted file mode 100644
index 1218dfdfab..0000000000
--- a/changes/bug13151-client
+++ /dev/null
@@ -1,13 +0,0 @@
-  o Major bugfixes:
-    - Clients now send the correct address for their chosen rendezvous
-      point when trying to access a hidden service. They used to send
-      the wrong address, which would still work some of the time because
-      they also sent the identity digest of the rendezvous point, and if
-      the hidden service happened to try connecting to the rendezvous
-      point from a relay that already had a connection open to it,
-      the relay would reuse that connection. Now connections to hidden
-      services should be more robust and faster. Also, this bug meant
-      that clients were leaking to the hidden service whether they were
-      on a little-endian (common) or big-endian (rare) system, which for
-      some users might have reduced their anonymity. Fixes bug 13151;
-      bugfix on 0.2.1.5-alpha.
diff --git a/changes/bug13296 b/changes/bug13296
deleted file mode 100644
index d6fe038c30..0000000000
--- a/changes/bug13296
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Directory authority changes:
-    - Remove turtles as a directory authority.
-    - Add longclaw as a new (v3) directory authority. This implements
-      ticket 13296. This keeps the directory authority count at 9.
-
diff --git a/changes/bug13325 b/changes/bug13325
deleted file mode 100644
index b1da4d0bd5..0000000000
--- a/changes/bug13325
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Compilation fixes:
-    - Build and run correctly on systems like OpenBSD-current that
-      have patched OpenSSL to remove get_cipher_by_char and/or its
-      implementations. Fixes issue 13325.
diff --git a/changes/bug13471 b/changes/bug13471
deleted file mode 100644
index c116a4aeeb..0000000000
--- a/changes/bug13471
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (openssl bug workaround):
-    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
-      1.0.1j, built with the 'no-ssl3' configuration option. Fixes
-      bug 13471. This is a workaround for an OpenSSL bug.
-
diff --git a/changes/bug13988 b/changes/bug13988
deleted file mode 100644
index e816335a3b..0000000000
--- a/changes/bug13988
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (statistics):
-    - Increase period over which bandwidth observations are aggregated
-      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
diff --git a/changes/bug14013 b/changes/bug14013
deleted file mode 100644
index 640cf859f5..0000000000
--- a/changes/bug14013
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - When reading a hexadecimal, base-32, or base-64 encoded value
-      from a string, always overwrite the complete output buffer. This
-      prevents some bugs where we would look at (but fortunately, not
-      reveal) uninitialized memory on the stack. Fixes bug 14013;
-      bugfix on all versions of Tor.
diff --git a/changes/bug14125 b/changes/bug14125
deleted file mode 100644
index fe6821a332..0000000000
--- a/changes/bug14125
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (dirauth):
-    - Enlarge the buffer to read bw-auth generated files to avoid an
-      issue when parsing the file in dirserv_read_measured_bandwidths().
-      Bugfix on 0.2.2.1-alpha, fixes #14125.
-
diff --git a/changes/bug14129 b/changes/bug14129
deleted file mode 100644
index 6153cd84fd..0000000000
--- a/changes/bug14129
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes (exit node stability):
-
-    - Fix an assertion failure that could occur under high DNS load.  Fixes
-      bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
-      by "cypherpunks".
-
-
diff --git a/changes/bug14142-parse-virtual-addr b/changes/bug14142-parse-virtual-addr
deleted file mode 100644
index f78b7c7d81..0000000000
--- a/changes/bug14142-parse-virtual-addr
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes (client):
-    - Check for a missing option value in parse_virtual_addr_network
-      before asserting on the NULL in tor_addr_parse_mask_ports.
-      This avoids crashing on torrc lines like
-      Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
-      Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142.
-      Patch by "teor".
diff --git a/changes/bug14195 b/changes/bug14195
deleted file mode 100644
index d2b82f31b0..0000000000
--- a/changes/bug14195
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (client):
-    - Fix a memory leak when using AutomapHostsOnResolve.
-      Fixes bug 14195; bugfix on 0.1.0.1-rc.
diff --git a/changes/bug14220 b/changes/bug14220
deleted file mode 100644
index 51cfa502bc..0000000000
--- a/changes/bug14220
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Build without warnings with the stock OpenSSL srtp.h header,
-      which has a duplicate declaration of SSL_get_selected_srtp_profile().
-      Fixes bug 14220; this is OpenSSL's bug, not ours.
diff --git a/changes/bug14261 b/changes/bug14261
deleted file mode 100644
index 1260ccba1e..0000000000
--- a/changes/bug14261
+++ /dev/null
@@ -1,5 +0,0 @@
-  O Minor bugfixes (directory authority):
-    - Allow directory authorities to fetch more data from one
-      another if they find themselves missing lots of votes.
-      Previously, they had been bumping against the 10 MB queued
-      data limit. Fixes bug 14261. Bugfix on 0.1.2.5-alpha.
diff --git a/changes/bug15083 b/changes/bug15083
deleted file mode 100644
index 5cc79b5ba1..0000000000
--- a/changes/bug15083
+++ /dev/null
@@ -1,10 +0,0 @@
-  o Major bugfixes (relay, stability, possible security):
-    - Fix a bug that could lead to a relay crashing with an assertion
-      failure if a buffer of exactly the wrong layout was passed
-      to buf_pullup() at exactly the wrong time. Fixes bug 15083;
-      bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
-
-    - Do not assert if the 'data' pointer on a buffer is advanced to the very
-      end of the buffer; log a BUG message instead.  Only assert if it is
-      past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
-
diff --git a/changes/bug15088 b/changes/bug15088
deleted file mode 100644
index 95878bdb39..0000000000
--- a/changes/bug15088
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (Linux seccomp2 sandbox):
-    - Upon receiving sighup, do not crash during attempts to call
-      wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from
-      "sanic".
diff --git a/changes/bug15205 b/changes/bug15205
deleted file mode 100644
index 0cb9f3f4bc..0000000000
--- a/changes/bug15205
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (crash, OSX, security):
-    - Fix a remote denial-of-service opportunity caused by a bug
-      in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
-      appeared in OSX 10.9. 
-      
diff --git a/changes/bug15515 b/changes/bug15515
deleted file mode 100644
index dda7c2fcd8..0000000000
--- a/changes/bug15515
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (DoS-resistance):
-    - Make it harder for attackers to overwhelm hidden services with
-      introductions, by blocking multiple introduction requests on the
-      same circuit. Resolves ticket #15515.
diff --git a/changes/bug15600 b/changes/bug15600
deleted file mode 100644
index ee1d6cfe19..0000000000
--- a/changes/bug15600
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service):
-    - Fix an issue that would allow a malicious client to trigger
-      an assertion failure and halt a hidden service. Fixes
-      bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
-
diff --git a/changes/bug15601 b/changes/bug15601
deleted file mode 100644
index 2cc880af7f..0000000000
--- a/changes/bug15601
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major bugfixes (security, hidden service):
-    - Fix a bug that could cause a client to crash with an assertion
-      failure when parsing a malformed hidden service descriptor.
-      Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
diff --git a/changes/bug15823 b/changes/bug15823
deleted file mode 100644
index 987de5d9ac..0000000000
--- a/changes/bug15823
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
-      on a client authorized hidden service. Fixes bug 15823; bugfix
-      on 0.2.1.6-alpha.
diff --git a/changes/bug16248 b/changes/bug16248
deleted file mode 100644
index 399b7093cd..0000000000
--- a/changes/bug16248
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (dns proxy mode, crash):
-    - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
-      0.2.0.1-alpha. Patch from 'cypherpunks'.
-
-  o Minor features (bug-resistance):
-    - Make Tor survive errors involving connections without a corresponding
-      event object. Previously we'd fail with an assertion; now we produce a
-      log message. Related to bug 16248.
diff --git a/changes/bug16360-failed-crypto-early-init b/changes/bug16360-failed-crypto-early-init
deleted file mode 100644
index 21972bce52..0000000000
--- a/changes/bug16360-failed-crypto-early-init
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes (crypto error-handling):
-    - If crypto_early_init fails, a typo in a return value from tor_init
-      means that tor_main continues running, rather than returning
-      an error value.
-      Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha,
-      introduced when implementing #4900.
-      Patch by "teor".
diff --git a/changes/bug17150 b/changes/bug17150
new file mode 100644
index 0000000000..686cc34296
--- /dev/null
+++ b/changes/bug17150
@@ -0,0 +1,7 @@
+  o Minor bugfixes (directory warnings):
+    - When fetching extrainfo documents, compare their SHA256 digests
+      and Ed25519 signing key certificates
+      with the routerinfo that led us to fetch them, rather than
+      with the most recent routerinfo. Otherwise we generate many
+      spurious warnings about mismatches. Fixes bug 17150; bugfix
+      on 0.2.7.2-alpha.
diff --git a/changes/bug17404 b/changes/bug17404
deleted file mode 100644
index d524f6662d..0000000000
--- a/changes/bug17404
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (security, correctness):
-    - Fix a programming error that could cause us to read 4 bytes before
-      the beginning of an openssl string. This could be used to provoke
-      a crash on systems with an unusual malloc implementation, or
-      systems with unsual hardening installed. Fixes bug 17404; bugfix
-      on 0.2.3.6-alpha.
diff --git a/changes/bug17744_redux b/changes/bug17744_redux
new file mode 100644
index 0000000000..d61e17fec3
--- /dev/null
+++ b/changes/bug17744_redux
@@ -0,0 +1,5 @@
+  o Minor bugfixes (build):
+    - Remove a pair of redundant AM_CONDITIONAL declarations from
+      configure.ac. Fixes one final case of bug 17744; bugfix on
+      0.2.8.2-alpha.
+
diff --git a/changes/bug17772 b/changes/bug17772
deleted file mode 100644
index 54d457c601..0000000000
--- a/changes/bug17772
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes (guard selection):
-    - Actually look at the Guard flag when selecting a new directory
-      guard. When we implemented the directory guard design, we
-      accidentally started treating all relays as if they have the Guard
-      flag during guard selection, leading to weaker anonymity and worse
-      performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
-      by Mohsen Imani.
diff --git a/changes/bug17781 b/changes/bug17781
deleted file mode 100644
index 01ed231b0a..0000000000
--- a/changes/bug17781
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Compilation fixes:
-    - Fix a compilation warning with Clang 3.6: Do not check the
-      presence of an address which can never be NULL. Fixes bug 17781.
diff --git a/changes/bug17906 b/changes/bug17906
deleted file mode 100644
index fff76d1c59..0000000000
--- a/changes/bug17906
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (authorities):
-    - Update the V3 identity key for dannenberg, it was changed on
-      18 November 2015.
-      Closes task #17906. Patch by "teor".
diff --git a/changes/bug18089 b/changes/bug18089
deleted file mode 100644
index c1fb342f77..0000000000
--- a/changes/bug18089
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor fixes (security):
-    - Make memwipe() do nothing when passed a NULL pointer
-      or zero size. Check size argument to memwipe() for underflow.
-      Closes bug #18089. Reported by "gk", patch by "teor".
-      Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
-      commit 49dd5ef3 on 7 Nov 2012.
diff --git a/changes/bug18133 b/changes/bug18133
new file mode 100644
index 0000000000..177d286495
--- /dev/null
+++ b/changes/bug18133
@@ -0,0 +1,4 @@
+  o Minor bugfixes (logging):
+    - When we can't generate a signing key because OfflineMasterKey is set,
+      do not imply that we should have been able to load it.
+      Fixes bug 18133; bugfix on 0.2.7.2-alpha.
diff --git a/changes/bug18162 b/changes/bug18162
deleted file mode 100644
index 0844d6f62f..0000000000
--- a/changes/bug18162
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes (security, pointers):
-
-    - Avoid a difficult-to-trigger heap corruption attack when extending
-      a smartlist to contain over 16GB of pointers. Fixes bug #18162;
-      bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
-      incompletely. Reported by Guido Vranken.
-
diff --git a/changes/bug18286 b/changes/bug18286
new file mode 100644
index 0000000000..e398fb004b
--- /dev/null
+++ b/changes/bug18286
@@ -0,0 +1,5 @@
+  o Minor features (build):
+    - Tor now builds again with the recent OpenSSL 1.1 development branch
+      (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes ticket 18286.
+
+
diff --git a/changes/bug18312 b/changes/bug18312
new file mode 100644
index 0000000000..7dcb3266bf
--- /dev/null
+++ b/changes/bug18312
@@ -0,0 +1,4 @@
+  o Documentation:
+    - Stop recommending use of nicknames to identify relays in our
+      MapAddress documentation. Closes ticket 18312.
+
diff --git a/changes/bug18397 b/changes/bug18397
new file mode 100644
index 0000000000..53993da4e6
--- /dev/null
+++ b/changes/bug18397
@@ -0,0 +1,7 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Add a few missing syscalls to the seccomp2 sandbox: sysinfo,
+      getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On
+      some systems, these are required for Tor to start with
+      "Sandbox 1" enabled.
+      Fixes bug 18397; bugfix on 0.2.5.1-alpha. Patch from
+      Daniel Pinto.
diff --git a/changes/bug18460 b/changes/bug18460
new file mode 100644
index 0000000000..a8c1a19774
--- /dev/null
+++ b/changes/bug18460
@@ -0,0 +1,4 @@
+  o Minor bugfixes (statistics):
+    - We now include consensus downloads via IPv6 in our directory-request statistics.
+      Fixes bug 18460; bugfix on 0.2.3.14-alpha.
+
diff --git a/changes/bug18481 b/changes/bug18481
new file mode 100644
index 0000000000..6fd882b36b
--- /dev/null
+++ b/changes/bug18481
@@ -0,0 +1,5 @@
+  o Minor bugfixes (client):
+    - Turn all TestingClientBootstrap* into non-testing torrc options. This
+      changes simply renames them by removing "Testing" in front of them and
+      they do not require TestingTorNetwork to be enabled anymore. Fixes
+      bug 18481; bugfix on 0.2.8.1-alpha.
diff --git a/changes/bug18616 b/changes/bug18616
new file mode 100644
index 0000000000..ec59e846ed
--- /dev/null
+++ b/changes/bug18616
@@ -0,0 +1,14 @@
+  o Major bugfixes (directory mirrors):
+    - Decide whether to advertise begindir support the same way we decide
+      whether to advertise our DirPort. These decisions being out of sync
+      led to surprising behavior like advertising begindir support when
+      our hibernation config options made us not advertise a DirPort.
+      Resolves bug 18616; bugfix on 0.2.8.1-alpha. Patch by teor.
+
+  o Minor bugfixes:
+    - Consider more config options when relays decide whether to regenerate
+      their descriptor. Fixes more of bug 12538; bugfix on 0.2.8.1-alpha.
+    - Resolve some edge cases where we might launch an ORPort reachability
+      check even when DisableNetwork is set. Noticed while fixing bug
+      18616; bugfix on 0.2.3.9-alpha.
+
diff --git a/changes/bug18668 b/changes/bug18668
new file mode 100644
index 0000000000..4b186b5c05
--- /dev/null
+++ b/changes/bug18668
@@ -0,0 +1,3 @@
+  o Minor bugfixes (tests):
+    - Avoid "WSANOTINITIALISED" warnings in the unit tests. Fixes bug 18668;
+      bugfix on 0.2.8.1-alpha.
diff --git a/changes/bug18673 b/changes/bug18673
new file mode 100644
index 0000000000..5d6161718a
--- /dev/null
+++ b/changes/bug18673
@@ -0,0 +1,4 @@
+  o Minor bugfixes (memory leak):
+    - Fix a small memory leak that would occur when the
+      TestingEnableCellStatsEvent option was turned on.  Fixes bug 18673;
+      bugfix on 0.2.5.2-alpha.
diff --git a/changes/bug18686 b/changes/bug18686
new file mode 100644
index 0000000000..23547d211d
--- /dev/null
+++ b/changes/bug18686
@@ -0,0 +1,5 @@
+  o Minor bugfixes (pluggable transports):
+    - Avoid reporting a spurious error when we decide that we don't
+      need to terminate a pluggable transport because it has already
+      exited. Fixes bug 18686; bugfix on 0.2.5.5-alpha.
+
diff --git a/changes/bug18716 b/changes/bug18716
new file mode 100644
index 0000000000..b15a343f4c
--- /dev/null
+++ b/changes/bug18716
@@ -0,0 +1,4 @@
+  o Minor bugfixes (assert, portability):
+    - Fix an assertion failure in memarea.c on systems where "long" is
+      shorter than the size of a pointer.
+      Fixes bug 18716; bugfix on 0.2.1.1-alpha
diff --git a/changes/bug18728 b/changes/bug18728
new file mode 100644
index 0000000000..e181c17e65
--- /dev/null
+++ b/changes/bug18728
@@ -0,0 +1,4 @@
+  o Minor bugfixes (build):
+    - Resolve warnings when building on systems that are concerned with
+      signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha and 
+      0.2.6.1-alpha.
diff --git a/changes/bug18729 b/changes/bug18729
new file mode 100644
index 0000000000..4ec9ca3254
--- /dev/null
+++ b/changes/bug18729
@@ -0,0 +1,3 @@
+  o Minor features (logging):
+    - Stop blasting twelve lines per second from periodic_event_dispatch()
+      at loglevel debug. Resolves ticket 18729; fix on 0.2.8.1-alpha.
diff --git a/changes/bug18761 b/changes/bug18761
new file mode 100644
index 0000000000..78500a88ea
--- /dev/null
+++ b/changes/bug18761
@@ -0,0 +1,3 @@
+  o Minor feature (logging):
+    - When rejecting a misformed INTRODUCE2 cell, only log at PROTOCOL_WARN
+      severity. Closes ticket 18761.
diff --git a/changes/bug18809 b/changes/bug18809
new file mode 100644
index 0000000000..1e151874b7
--- /dev/null
+++ b/changes/bug18809
@@ -0,0 +1,16 @@
+  o Major bugfixes (bootstrap):
+    - Check if bootstrap consensus downloads are still needed
+      when the linked connection attaches. This prevents tor
+      making unnecessary begindir-style connections, which are
+      the only directory connections tor clients make since
+      the fix for 18483 was merged.
+    - Fix some edge cases where consensus download connections
+      may not have been closed, even though they were not needed.
+      Related to fix  18809.
+    - Make relays retry consensus downloads the correct number of
+      times, rather than the more aggressive client retry count.
+      Fixes part of ticket 18809.
+    - Stop downloading consensuses when we have a consensus,
+      even if we don't have all the certificates for it yet.
+      Fixes bug 18809; bugfix on 0.2.8.1-alpha.
+      Patches by arma and teor.
diff --git a/changes/bug18812 b/changes/bug18812
new file mode 100644
index 0000000000..793e1102f7
--- /dev/null
+++ b/changes/bug18812
@@ -0,0 +1,4 @@
+  o Minor bugfixes (bootstrap):
+    - When a fallback changes its fingerprint from the hard-coded
+      fingerprint, log a less severe, more explanatory log message.
+      Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor.
diff --git a/changes/bug18816 b/changes/bug18816
new file mode 100644
index 0000000000..103f816962
--- /dev/null
+++ b/changes/bug18816
@@ -0,0 +1,4 @@
+  o Minor bugfix (bootstrap):
+    - Consistently use the consensus download schedule for
+      authority certificates.
+      Fixes bug 18816; bugfix on 0.2.4.13-alpha.
diff --git a/changes/bug18841.1 b/changes/bug18841.1
new file mode 100644
index 0000000000..205ee5a425
--- /dev/null
+++ b/changes/bug18841.1
@@ -0,0 +1,7 @@
+  o Major bugfixes (compilation):
+    - Correctly detect compiler flags on systems where _FORTIFY_SOURCE
+      is predefined. Previously, our use of -D_FORTIFY_SOURCE would
+      cause a compiler warning, thereby making other checks fail.
+      Fixes one case of bug 18841; bugfix on 0.2.3.17-beta. Patch from
+      "trudokal".
+
diff --git a/changes/bug18849 b/changes/bug18849
new file mode 100644
index 0000000000..b12a8da011
--- /dev/null
+++ b/changes/bug18849
@@ -0,0 +1,4 @@
+  o Minor bugfix (logging):
+    - Reduce excessive logging when directories can't be found.
+      Fixes bug 18849; bugfix on 0.2.8.3-alpha and 0.2.8.1-alpha.
+      Patch by teor.
diff --git a/changes/bug18920 b/changes/bug18920
new file mode 100644
index 0000000000..1babfd6656
--- /dev/null
+++ b/changes/bug18920
@@ -0,0 +1,5 @@
+  o Minor bugfixes (controller, microdescriptors):
+    - Make GETINFO dir/status-vote/current/consensus conform to the control
+      specification by returning "551 Could not open cached consensus..."
+      when not caching consensuses.
+      Fixes bug 18920; bugfix on 0.2.2.6-alpha.
diff --git a/changes/bug18921 b/changes/bug18921
new file mode 100644
index 0000000000..cdd868a005
--- /dev/null
+++ b/changes/bug18921
@@ -0,0 +1,4 @@
+  o Major bugfixes (IPv6 bridges):
+    - Fix directory address selection for IPv6 bridges.
+      Fixes bug 18921; bugfix on 0.2.8.1-alpha.
+      Patch by "teor".
diff --git a/changes/bug18929 b/changes/bug18929
new file mode 100644
index 0000000000..c607e630a6
--- /dev/null
+++ b/changes/bug18929
@@ -0,0 +1,5 @@
+  o Minor bugfixes (IPv6):
+    - Make directory node selection more reliable, mainly for
+      IPv6-only clients and clients with few reachable addresses.
+      Fixes bug 18929; bugfix on 0.2.8.1-alpha.
+      Patch by "teor".
diff --git a/changes/bug18943 b/changes/bug18943
new file mode 100644
index 0000000000..6bcd868460
--- /dev/null
+++ b/changes/bug18943
@@ -0,0 +1,6 @@
+  o Major bugfixes (crypto, portability):
+    - The SHA3 and SHAKE routines now produce the correct output on
+      Big Endian systems, unbreaking the unit tests.  No code calls
+      either algorithm family yet, so this is primarily a build fix.
+      Fixes bug 18943; bugfix on 0.2.8.1-alpha.
+
diff --git a/changes/bug18977 b/changes/bug18977
new file mode 100644
index 0000000000..3f46b09fba
--- /dev/null
+++ b/changes/bug18977
@@ -0,0 +1,4 @@
+  o Minor bugfixes (time handling):
+    - When correcting a corrupt 'struct tm' value, fill in the tm_wday
+      field. Otherwise, our unit tests crash on Windows.
+      Fixes bug 18977; bugfix on 0.2.2.25-alpha.
diff --git a/changes/bug19003 b/changes/bug19003
new file mode 100644
index 0000000000..ca94938ef9
--- /dev/null
+++ b/changes/bug19003
@@ -0,0 +1,5 @@
+  o Minor bugfixes (small networks):
+    - Allow directories in small networks to bootstrap by
+      skipping DirPort checks when the consensus has no exits.
+      Fixes bug 19003; bugfix on 0.2.8.1-alpha.
+      Patch by teor.
diff --git a/changes/bug19008 b/changes/bug19008
new file mode 100644
index 0000000000..c51c98faa6
--- /dev/null
+++ b/changes/bug19008
@@ -0,0 +1,3 @@
+  o Major bugfixes (testing):
+    - Fix a bug that would block 'make test-network-all' on systems
+      where IPv6 packets were lost. Fixes bug 19008; bugfix on tor-0.2.7.3-rc.
diff --git a/changes/bug19032 b/changes/bug19032
new file mode 100644
index 0000000000..93f17c2f91
--- /dev/null
+++ b/changes/bug19032
@@ -0,0 +1,4 @@
+  o Major bugfixes (security, directory authorities):
+    - Fix a crash and out-of-bounds write during authority voting, when the
+      list of relays includes duplicate ed25519 identity keys. Fixes bug 19032;
+      bugfix on 0.2.8.2-alpha.
diff --git a/changes/bug19161 b/changes/bug19161
new file mode 100644
index 0000000000..78c2165308
--- /dev/null
+++ b/changes/bug19161
@@ -0,0 +1,3 @@
+  o Minor bugfixes (compilation):
+    - When libscrypt.h is found, but no libscrypt library can be linked,
+      treat libscrypt as absent. Fixes bug 19161; bugfix on 0.2.6.1-alpha.
diff --git a/changes/bug19191 b/changes/bug19191
new file mode 100644
index 0000000000..8670aaa7fd
--- /dev/null
+++ b/changes/bug19191
@@ -0,0 +1,5 @@
+  o Minor bugfixes (downloading):
+    - Predict more correctly whether we'll be downloading over HTTP when we
+      determine the maximum length of a URL. This should avoid a "BUG"
+      warning about the Squid HTTP proxy and its URL limits. Fixes bug 19191;
+      bugfix on ?????.
diff --git a/changes/bug19203 b/changes/bug19203
new file mode 100644
index 0000000000..96bc1e855a
--- /dev/null
+++ b/changes/bug19203
@@ -0,0 +1,4 @@
+  o Major bugfixes (user interface):
+    - Correctly give a warning in the cases where a relay is specified by
+      nickname, and one such relay is found, but it is not officially Named.
+      Fixes bug 19203; bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug19213 b/changes/bug19213
new file mode 100644
index 0000000000..6217814fb4
--- /dev/null
+++ b/changes/bug19213
@@ -0,0 +1,3 @@
+  o Minor bugfixes (compilation):
+    - Cause the unit tests to compile correctly on mingw64 versions
+      that lack sscanf. Fixes bug 19213; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug19406 b/changes/bug19406
new file mode 100644
index 0000000000..e8b661b512
--- /dev/null
+++ b/changes/bug19406
@@ -0,0 +1,4 @@
+  o Minor features (build):
+    - Tor now again builds with the recent OpenSSL 1.1 development branch
+      (tested against 1.1.0-pre5 and 1.1.0-pre6-dev).
+
diff --git a/changes/bug19454 b/changes/bug19454
new file mode 100644
index 0000000000..05650b5c61
--- /dev/null
+++ b/changes/bug19454
@@ -0,0 +1,3 @@
+  o Minor bugfixes (heartbeat):
+    - Fix regression that crashes Tor when disabling heartbeats. Fixes bug
+      19454; bugfix on tor-0.2.8.1-alpha. Reported by "kubaku".
diff --git a/changes/bug19464 b/changes/bug19464
new file mode 100644
index 0000000000..22c9e73dc7
--- /dev/null
+++ b/changes/bug19464
@@ -0,0 +1,6 @@
+  o Minor bugfixes (user interface):
+    - Remove a warning message "Service [scrubbed] not found after
+      descriptor upload". This message appears when one uses HSPOST control
+      command to upload a service descriptor. Since there is only a descriptor
+      and no service, showing this message is pointless and confusing.
+      Fixes bug 19464; bugfix on 0.2.7.2-alpha.
diff --git a/changes/bug19499 b/changes/bug19499
new file mode 100644
index 0000000000..59bdb29dfa
--- /dev/null
+++ b/changes/bug19499
@@ -0,0 +1,4 @@
+  o Minor features (build):
+    - Tor now again builds with the recent OpenSSL 1.1 development branch
+      (tested against 1.1.0-pre6-dev). Closes ticket 19499.
+
diff --git a/changes/bug19556 b/changes/bug19556
new file mode 100644
index 0000000000..31856b3db9
--- /dev/null
+++ b/changes/bug19556
@@ -0,0 +1,7 @@
+  o Minor bugfixes (sandboxing):
+    - When sandboxing is enabled, we could not write any stats to
+      disk.  check_or_create_data_subdir("stats"), which prepares the
+      private stats directory, calls check_private_dir(), which also
+      opens and not just stats() the directory.  Therefore, we need to
+      also allow open() for the stats dir in our sandboxing setup.
+      Fixes bug 19556; bugfix on 0.2.5.1-alpha.
diff --git a/changes/bug19557 b/changes/bug19557
new file mode 100644
index 0000000000..55214b0c97
--- /dev/null
+++ b/changes/bug19557
@@ -0,0 +1,4 @@
+  o Major bugfixes (sandboxing):
+    - Our sandboxing code would not allow us to write to stats/hidserv-stats,
+      causing tor to abort while trying to write stats.  This was previously
+      masked by bug 19556. Fixes bug 19557; bugfix on 0.2.6.1-alpha.
diff --git a/changes/bug19608 b/changes/bug19608
new file mode 100644
index 0000000000..66c2de214e
--- /dev/null
+++ b/changes/bug19608
@@ -0,0 +1,6 @@
+  o Minor bugfixes (IPv6, microdescriptors):
+    - Don't check node addresses when we only have a routerstatus.
+      This allows IPv6-only clients to bootstrap by fetching
+      microdescriptors from fallback directory mirrors.
+      (The microdescriptor consensus has no IPv6 addresses in it.)
+      Fixes bug 19608; bugfix on c281c036 in 0.2.8.2-alpha.
diff --git a/changes/bug19660 b/changes/bug19660
new file mode 100644
index 0000000000..72d32c8fe2
--- /dev/null
+++ b/changes/bug19660
@@ -0,0 +1,8 @@
+  o Minor bugfixes (sandboxing):
+    - If we did not find a non-private IPaddress by iterating over
+      interfaces, we would try to get one via
+      get_interface_address6_via_udp_socket_hack().  This opens a
+      datagram socket with IPPROTO_UDP.  Previously all our datagram
+      sockets (via libevent) used IPPROTO_IP, so we did not have that
+      in the sandboxing whitelist.  Add (SOCK_DGRAM, IPPROTO_UDP)
+      sockets to the sandboxing whitelist.  Fixes bug 19660.
diff --git a/changes/bug19682 b/changes/bug19682
new file mode 100644
index 0000000000..c799c417ac
--- /dev/null
+++ b/changes/bug19682
@@ -0,0 +1,3 @@
+  o Minor bugfixes (compilation):
+    - Fix compilation warning in the unit tests on systems where
+      char is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha.
diff --git a/changes/bifroest b/changes/bug19728
index 41af658ed8..98ba34290f 100644
--- a/changes/bifroest
+++ b/changes/bug19728
@@ -1,3 +1,3 @@
-  o Directory authority changes (also in 0.2.8.7):
+  o Directory authority changes:
     - The "Tonga" bridge authority has been retired; the new bridge
       authority is "Bifroest". Closes tickets 19728 and 19690.
diff --git a/changes/bug19782 b/changes/bug19782
new file mode 100644
index 0000000000..37660ead73
--- /dev/null
+++ b/changes/bug19782
@@ -0,0 +1,3 @@
+  o Minor bugfixes (fallback directories):
+    - Remove a fallback that was on the hardcoded list, then opted-out.
+      Fixes bug 19782; update to fallback list from 0.2.8.2-alpha.
diff --git a/changes/bug19903 b/changes/bug19903
new file mode 100644
index 0000000000..33aa8789d7
--- /dev/null
+++ b/changes/bug19903
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+    - Remove an inappropriate "inline" in tortls.c that was causing warnings
+      on older versions of GCC. Fixes bug 19903; 0.2.8.1-alpha.
+
diff --git a/changes/bug19947 b/changes/bug19947
new file mode 100644
index 0000000000..b9dce8b753
--- /dev/null
+++ b/changes/bug19947
@@ -0,0 +1,4 @@
+ o Minor bugfixes (fallback directories):
+    - Avoid logging a NULL string pointer when loading fallback directory information.
+      Fixes bug 19947; bugfix on 0.2.4.7-alpha and 0.2.8.1-alpha.
+      Report and patch by "rubiate".
diff --git a/changes/bug19969 b/changes/bug19969
new file mode 100644
index 0000000000..0bdd880bb7
--- /dev/null
+++ b/changes/bug19969
@@ -0,0 +1,10 @@
+  o Major bugfixes (client performance);
+    - Clients now respond to new application stream requests when
+      they arrive, rather than waiting up to one second before starting
+      to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
+
+  o Major bugfixes (clients on flaky network connections);
+    - When Tor leaves standby because of a new application request, open
+      circuits as needed to serve that request. Previously, we would
+      potentially wait a very long time. Fixes part of bug 19969; bugfix
+      on 0.2.8.1-alpha.
diff --git a/changes/bug19973 b/changes/bug19973
new file mode 100644
index 0000000000..7bd5c554f9
--- /dev/null
+++ b/changes/bug19973
@@ -0,0 +1,6 @@
+  o Major bugfixes (client, security):
+    - Only use the ReachableAddresses option to restrict the first hop
+      in a path. Previously, it would apply to every hop in the path,
+      with a possible degredation in anonymity for anyone using an
+      uncommon ReachableAddress setting. Fixes bug 19973; bugfix on
+      0.2.8.2-alpha.
diff --git a/changes/bug20103 b/changes/bug20103
new file mode 100644
index 0000000000..bf0aeec009
--- /dev/null
+++ b/changes/bug20103
@@ -0,0 +1,7 @@
+  o Major bugfixes (crash):
+
+    - Fix a complicated crash bug that could affect Tor clients
+      configured to use bridges when replacing a networkstatus consensus
+      in which one of their bridges was mentioned. OpenBSD users saw
+      more crashes here, but all platforms were potentially affected.
+      Fixes bug 20103; bugfix on 0.2.8.2-alpha.
diff --git a/changes/bug20203 b/changes/bug20203
new file mode 100644
index 0000000000..711c91ba85
--- /dev/null
+++ b/changes/bug20203
@@ -0,0 +1,6 @@
+  o Major bugfixes (relay, OOM handler):
+    - Fix a timing-dependent assertion failure that could occur when we
+      tried to flush from a circuit after having freed its cells because
+      of an out-of-memory condition. Fixes bug 20203; bugfix on
+      0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing this
+      one.
diff --git a/changes/bug20235 b/changes/bug20235
new file mode 100644
index 0000000000..54026a8943
--- /dev/null
+++ b/changes/bug20235
@@ -0,0 +1,4 @@
+  o Minor features (compatibility):
+    - Work around a bug in the OSX 10.12 SDK that would prevent us
+      from successfully targetting earlier versions of OSX.
+      Resolves ticket 20235.
diff --git a/changes/bug20551 b/changes/bug20551
new file mode 100644
index 0000000000..1e0746b666
--- /dev/null
+++ b/changes/bug20551
@@ -0,0 +1,3 @@
+  o Minor bugfixes (compilation);
+    - Fix implicit conversion warnings under OpenSSL 1.1.
+      Fixes bug 20551; bugfix on 0.2.1.1-alpha.
diff --git a/changes/bug20553 b/changes/bug20553
new file mode 100644
index 0000000000..12a2780303
--- /dev/null
+++ b/changes/bug20553
@@ -0,0 +1,3 @@
+  o Minor bugfixes (memory leak):
+    - Work around a memory leak in OpenSSL 1.1 when encoding public keys.
+      Fixes bug 20553; bugfix on 0.0.2pre8.
diff --git a/changes/bug20588 b/changes/bug20588
new file mode 100644
index 0000000000..be199b2de0
--- /dev/null
+++ b/changes/bug20588
@@ -0,0 +1,3 @@
+  o Minor bugfixes (portability):
+    - Fix compilation with OpenSSL 1.1 and less commonly-used
+      CPU architectures. Closes ticket 20588.
diff --git a/changes/bug20865 b/changes/bug20865
new file mode 100644
index 0000000000..575d886a3e
--- /dev/null
+++ b/changes/bug20865
@@ -0,0 +1,7 @@
+  o Minor bugfixes (portability):
+    - Avoid compilation errors when building on OSX Sierra. Sierra began
+      to support the getentropy() API, but created a few problems in
+      doing so. Tor 0.2.9 has a more thorough set of workarounds; in
+      0.2.8, we are just using the /dev/urandom interface. Fixes
+      bug 20865. Bugfix on 0.2.8.1-alpha.
+
diff --git a/changes/bug22838_028 b/changes/bug22838_028
new file mode 100644
index 0000000000..1d0a4fbfd1
--- /dev/null
+++ b/changes/bug22838_028
@@ -0,0 +1,5 @@
+  o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+    - Backport a fix for an "unused variable" warning that appeared
+      in some versions of mingw. Fixes bug 22838; bugfix on
+      0.2.8.1-alpha.
+
diff --git a/changes/bug23690 b/changes/bug23690
new file mode 100644
index 0000000000..36ff32e499
--- /dev/null
+++ b/changes/bug23690
@@ -0,0 +1,5 @@
+  o Major bugfixes (relay, crash, assertion failure):
+    - Fix a timing-based assertion failure that could occur when the
+      circuit out-of-memory handler freed a connection's output buffer.
+      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
diff --git a/changes/bug8093 b/changes/bug8093
deleted file mode 100644
index f0fbc618c2..0000000000
--- a/changes/bug8093
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Downgraded warnings:
-    - Downgrade the severity of the 'unexpected sendme cell from client' from
-      'warn' to 'protocol warning'. Closes ticket 8093.
diff --git a/changes/bug8387 b/changes/bug8387
deleted file mode 100644
index 2ec0487bf8..0000000000
--- a/changes/bug8387
+++ /dev/null
@@ -1,11 +0,0 @@
-  o Major bugfixes (client):
-
-    - Perform circuit cleanup operations even when circuit
-      construction operations are disabled (because the network is
-      disabled, or because there isn't enough directory information).
-      Previously, when we were not building predictive circuits, we
-      were not closing expired circuits either.
-
-      Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible
-      in 0.2.4.10-alpha when we became more strict about when we have
-      "enough directory information to build circuits".
diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug
deleted file mode 100644
index 7fccab1b0c..0000000000
--- a/changes/curve25519-donna32-bug
+++ /dev/null
@@ -1,12 +0,0 @@
-  o Major bugfixes:
-
-    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
-      implementation that caused incorrect results on 32-bit
-      implementations when certain malformed inputs were used along with
-      a small class of private ntor keys. This bug does not currently
-      appear to allow an attacker to learn private keys or impersonate a
-      Tor server, but it could provide a means to distinguish 32-bit Tor
-      implementations from 64-bit Tor implementations. Fixes bug 12694;
-      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
-      Adam Langley.
-
diff --git a/changes/disable_sslv3 b/changes/disable_sslv3
deleted file mode 100644
index bb4c2df7a2..0000000000
--- a/changes/disable_sslv3
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major security fixes:
-    - Disable support for SSLv3. All versions of OpenSSL in use with
-      Tor today support TLS 1.0 or later, so we can safely turn off
-      support for this old (and insecure) protocol. Fixes bug 13426.
diff --git a/changes/doc17621 b/changes/doc17621
new file mode 100644
index 0000000000..ab37d29b50
--- /dev/null
+++ b/changes/doc17621
@@ -0,0 +1,3 @@
+  o Documentation:
+    - Document the contents of the 'datadir/keys' subdirectory in the manual
+      page. Closes ticket 17621.
diff --git a/changes/fallbacks-201604 b/changes/fallbacks-201604
new file mode 100644
index 0000000000..7acefaaf08
--- /dev/null
+++ b/changes/fallbacks-201604
@@ -0,0 +1,9 @@
+  o Minor features (fallback directory mirrors):
+    - Give each fallback the same weight for client selection;
+      restrict fallbacks to one per operator;
+      report fallback directory detail changes when rebuilding list;
+      add new fallback directory mirrors to the whitelist;
+      update fallback directories based on the latest OnionOO data;
+      and any other minor simplifications and fixes.
+      Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of
+      bug 18812 on 0.2.8.1-alpha; patch by "teor".
diff --git a/changes/feature18483 b/changes/feature18483
new file mode 100644
index 0000000000..d0fa8df58d
--- /dev/null
+++ b/changes/feature18483
@@ -0,0 +1,4 @@
+  o Minor features (clients):
+    - Make clients, onion services, and bridge relays always
+      use an encrypted begindir connection for directory requests.
+      Resolves ticket 18483. Patch by "teor".
diff --git a/changes/further-12184-diagnostic b/changes/further-12184-diagnostic
deleted file mode 100644
index 89e9f4612f..0000000000
--- a/changes/further-12184-diagnostic
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Minor features (diagnostic):
-    - Slightly enhance the diagnostic message for bug 12184.
diff --git a/changes/geoip-april2015 b/changes/geoip-april2015
deleted file mode 100644
index 7db38ed797..0000000000
--- a/changes/geoip-april2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-april2016 b/changes/geoip-april2016
index 4cd03e556b..c55aa179b5 100644
--- a/changes/geoip-april2016
+++ b/changes/geoip-april2016
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (geoip):
     - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2
       Country database.
 
diff --git a/changes/geoip-august2014 b/changes/geoip-august2014
deleted file mode 100644
index 90d8ecb300..0000000000
--- a/changes/geoip-august2014
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-december2015 b/changes/geoip-december2015
deleted file mode 100644
index 597bcc92f8..0000000000
--- a/changes/geoip-december2015
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/geoip-february2016 b/changes/geoip-february2016
deleted file mode 100644
index 49a8041fad..0000000000
--- a/changes/geoip-february2016
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/geoip-january2015 b/changes/geoip-january2015
deleted file mode 100644
index 67324f27f2..0000000000
--- a/changes/geoip-january2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-january2016 b/changes/geoip-january2016
deleted file mode 100644
index fe2d5c7dc7..0000000000
--- a/changes/geoip-january2016
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/geoip-july2014 b/changes/geoip-july2014
deleted file mode 100644
index a0523ecac9..0000000000
--- a/changes/geoip-july2014
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the July 10 2014 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-july2015 b/changes/geoip-july2015
deleted file mode 100644
index 381c2df231..0000000000
--- a/changes/geoip-july2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016
index 8d308f6f72..6c9847ca58 100644
--- a/changes/geoip-jun2016
+++ b/changes/geoip-jun2016
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (geoip):
     - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
       Country database.
 
diff --git a/changes/geoip-june2015 b/changes/geoip-june2015
deleted file mode 100644
index 9d6cd3658b..0000000000
--- a/changes/geoip-june2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-march2015 b/changes/geoip-march2015
deleted file mode 100644
index 565781280a..0000000000
--- a/changes/geoip-march2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-march2016 b/changes/geoip-march2016
deleted file mode 100644
index d7b1bd42f9..0000000000
--- a/changes/geoip-march2016
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/geoip-may2016 b/changes/geoip-may2016
index 3fd42dce24..cf78ab10c7 100644
--- a/changes/geoip-may2016
+++ b/changes/geoip-may2016
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (geoip):
     - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
       Country database.
 
diff --git a/changes/geoip-november2014 b/changes/geoip-november2014
deleted file mode 100644
index 52cbeb3e41..0000000000
--- a/changes/geoip-november2014
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the November 15 2014 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-october2015 b/changes/geoip-october2015
deleted file mode 100644
index f20febec5a..0000000000
--- a/changes/geoip-october2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-september2015 b/changes/geoip-september2015
deleted file mode 100644
index a4f99efaa2..0000000000
--- a/changes/geoip-september2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-september2016 b/changes/geoip-september2016
index a14c7c699f..1bf5570f2d 100644
--- a/changes/geoip-september2016
+++ b/changes/geoip-september2016
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (geoip):
     - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
       Country database.
 
diff --git a/changes/geoip6-april2015 b/changes/geoip6-april2015
deleted file mode 100644
index 241c9119b6..0000000000
--- a/changes/geoip6-april2015
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.
diff --git a/changes/geoip6-august2014 b/changes/geoip6-august2014
deleted file mode 100644
index 7e7c9a975d..0000000000
--- a/changes/geoip6-august2014
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip6-january2015 b/changes/geoip6-january2015
deleted file mode 100644
index b86fe2be57..0000000000
--- a/changes/geoip6-january2015
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database.
diff --git a/changes/geoip6-july2014 b/changes/geoip6-july2014
deleted file mode 100644
index 155788ef88..0000000000
--- a/changes/geoip6-july2014
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the July 10 2014 Maxmind GeoLite2 Country database.
diff --git a/changes/geoip6-june2015 b/changes/geoip6-june2015
deleted file mode 100644
index 527dbff53b..0000000000
--- a/changes/geoip6-june2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip6-march2015 b/changes/geoip6-march2015
deleted file mode 100644
index 9a38c65e62..0000000000
--- a/changes/geoip6-march2015
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip6-november2014 b/changes/geoip6-november2014
deleted file mode 100644
index e91fcc0d3b..0000000000
--- a/changes/geoip6-november2014
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the November 15 2014 Maxmind GeoLite2 Country database.
-
diff --git a/changes/longclaw-ipv6 b/changes/longclaw-ipv6
new file mode 100644
index 0000000000..75899c9d07
--- /dev/null
+++ b/changes/longclaw-ipv6
@@ -0,0 +1,6 @@
+  o Minor features (directory authorities):
+    - Remove longclaw's IPv6 address, as it will soon change.
+      Authority IPv6 addresses were originally added in 0.2.8.1-alpha.
+      This leaves 3/8 directory authorities with IPv6 addresses, but there
+      are also 52 fallback directory mirrors with IPv6 addresses.
+      Resolves 19760.
diff --git a/changes/memarea_overflow b/changes/memarea_overflow
new file mode 100644
index 0000000000..8fdc38cc09
--- /dev/null
+++ b/changes/memarea_overflow
@@ -0,0 +1,7 @@
+  o Minor bugfixes (pointer arithmetic):
+    - Fix a bug in memarea_alloc() that could have resulted in remote heap
+      write access, if Tor had ever passed an unchecked size to
+      memarea_alloc().  Fortunately, all the sizes we pass to memarea_alloc()
+      are pre-checked to be less than 128 kilobytes. Fixes bug 19150; bugfix
+      on 0.2.1.1-alpha. Bug found by Guido Vranken.
+
diff --git a/changes/test.h_msvc b/changes/test.h_msvc
deleted file mode 100644
index 3afbc13aaa..0000000000
--- a/changes/test.h_msvc
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
-      bugfix on 0.2.5.5-alpha.
diff --git a/changes/ticket12688 b/changes/ticket12688
deleted file mode 100644
index 88228e5506..0000000000
--- a/changes/ticket12688
+++ /dev/null
@@ -1,6 +0,0 @@
-  Major features:
-    - Make the number of entry guards configurable via a new
-      NumEntryGuards consensus parameter, and the number of directory
-      guards configurable via a new NumDirectoryGuards consensus
-      parameter. Implements ticket 12688.
-
diff --git a/changes/ticket12690 b/changes/ticket12690
deleted file mode 100644
index 5091883602..0000000000
--- a/changes/ticket12690
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Minor features:
-    - Authorities now assign the Guard flag to the fastest 25% of the
-      network (it used to be the fastest 50%). Also raise the consensus
-      weight that guarantees the Guard flag from 250 to 2000. For the
-      current network, this results in about 1100 guards, down from 2500.
-      This step paves the way for moving the number of entry guards
-      down to 1 (proposal 236) while still providing reasonable expected
-      performance for most users. Implements ticket 12690.
-
diff --git a/changes/ticket13036 b/changes/ticket13036
deleted file mode 100644
index 1b4784358a..0000000000
--- a/changes/ticket13036
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Fix a large number of false positive warnings from the clang
-      analyzer static analysis tool. This should make real warnings
-      easier for clang analyzer to find. Patch from "teor". Closes
-      ticket 13036.
diff --git a/changes/ticket14128 b/changes/ticket14128
deleted file mode 100644
index 38b25fa7dc..0000000000
--- a/changes/ticket14128
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (controller):
-    - New "GETINFO bw-event-cache" to get information about recent bandwidth
-      events. Closes ticket 14128. Useful for controllers to get recent
-      bandwidth history after the fix for 13988.
-
diff --git a/changes/ticket14487 b/changes/ticket14487
deleted file mode 100644
index 577337ff24..0000000000
--- a/changes/ticket14487
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Directory authority IP change:
-    - The directory authority Faravahar has a new IP address. Closes
-      ticket 14487.
diff --git a/changes/ticket19071-19480 b/changes/ticket19071-19480
new file mode 100644
index 0000000000..ab5c72a2d1
--- /dev/null
+++ b/changes/ticket19071-19480
@@ -0,0 +1,13 @@
+  o Minor bugfixes (fallback directory selection):
+    - Avoid errors during fallback selection if there are no eligible
+      fallbacks. Fixes bug 19480; bugfix on ba76910 and 78ec782 in
+      0.2.8.3-alpha. Patch by teor.
+  o Minor features (fallback directory list):
+    - Update hard-coded fallback list to remove unsuitable fallbacks.
+      Resolves ticket 19071. Patch by teor.
+    - Add a comment to the generated list that explains how to comment-out
+      unsuitable fallbacks in a way that's compatible with the stem fallback
+      parser.
+    - Update fallback whitelist and blacklist based on relay operator
+      emails. Blacklist unsuitable fallbacks. Resolves ticket 19071.
+      Patch by teor.
diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3
new file mode 100644
index 0000000000..d634e72053
--- /dev/null
+++ b/changes/ticket20170-v3
@@ -0,0 +1,5 @@
+  o Minor features (fallback directory list):
+    - Replace the 81 remaining fallbacks of the 100 originally introduced
+      in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
+      (123 new, 54 existing, 27 removed) generated in December 2016.
+      Resolves ticket 20170.
diff --git a/changes/ticket21564 b/changes/ticket21564
new file mode 100644
index 0000000000..7e01f41f8f
--- /dev/null
+++ b/changes/ticket21564
@@ -0,0 +1,6 @@
+  o Minor features (fallback directory list):
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+      December 2016 (of which ~126 were still functional), with a list of
+      151 fallbacks (32 new, 119 existing, 58 removed) generated in
+      May 2017.
+      Resolves ticket 21564.
diff --git a/changes/trove-2017-008 b/changes/trove-2017-008
new file mode 100644
index 0000000000..4b9c5b0a12
--- /dev/null
+++ b/changes/trove-2017-008
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, hidden services, loggging):
+    - Fix a bug where we could log uninitialized stack when a certain
+      hidden service error occurred while SafeLogging was disabled.
+      Fixes bug #23490; bugfix on 0.2.7.2-alpha.
+      This is also tracked as TROVE-2017-008 and CVE-2017-0380.
diff --git a/configure.ac b/configure.ac
index 3177782753..6fb101bf9b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,19 +1,27 @@
 dnl Copyright (c) 2001-2004, Roger Dingledine
 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-dnl Copyright (c) 2007-2013, The Tor Project, Inc.
+dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
-AC_INIT([tor],[0.2.5.15-dev])
+AC_PREREQ([2.63])
+AC_INIT([tor],[0.2.8.16-dev])
 AC_CONFIG_SRCDIR([src/or/main.c])
 AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE
+
+# "foreign" means we don't follow GNU package layout standards
+# "1.11" means we require automake version 1.11 or newer
+# "subdir-objects" means put .o files in the same directory as the .c files
+AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects])
+
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 AC_CONFIG_HEADERS([orconfig.h])
 
 AC_CANONICAL_HOST
 
-if test -f /etc/redhat-release ; then
-  if test -f /usr/kerberos/include ; then
+PKG_PROG_PKG_CONFIG
+
+if test -f "/etc/redhat-release"; then
+  if test -f "/usr/kerberos/include"; then
     CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
   fi
 fi
@@ -23,31 +31,34 @@ fi
 CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
 
 #XXXX020 We should make these enabled or not, before 0.2.0.x-final
-AC_ARG_ENABLE(buf-freelists,
-   AS_HELP_STRING(--enable-buf-freelists, enable freelists for buffer RAM))
-AC_ARG_ENABLE(mempools,
-   AS_HELP_STRING(--enable-mempools, enable mempools for relay cells))
 AC_ARG_ENABLE(openbsd-malloc,
-   AS_HELP_STRING(--enable-openbsd-malloc, Use malloc code from openbsd.  Linux only))
+   AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD.  Linux only]))
 AC_ARG_ENABLE(instrument-downloads,
-   AS_HELP_STRING(--enable-instrument-downloads, Instrument downloads of directory resources etc.))
+   AS_HELP_STRING(--enable-instrument-downloads, [instrument downloads of directory resources etc.]))
 AC_ARG_ENABLE(static-openssl,
-   AS_HELP_STRING(--enable-static-openssl, Link against a static openssl library. Requires --with-openssl-dir))
+   AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
 AC_ARG_ENABLE(static-libevent,
-   AS_HELP_STRING(--enable-static-libevent, Link against a static libevent library. Requires --with-libevent-dir))
+   AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
 AC_ARG_ENABLE(static-zlib,
-   AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
+   AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
 AC_ARG_ENABLE(static-tor,
-   AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
-AC_ARG_ENABLE(curve25519,
-   AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support))
+   AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
 AC_ARG_ENABLE(unittests,
-   AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
+   AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
 AC_ARG_ENABLE(coverage,
-   AS_HELP_STRING(--enable-coverage, [Enable coverage support in the unit-test build]))
+   AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
+AC_ARG_ENABLE(asserts-in-tests,
+   AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
+AC_ARG_ENABLE(system-torrc,
+   AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
+
+if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
+    AC_MSG_ERROR([Can't disable assertions outside of coverage build])
+fi
 
-AM_CONDITIONAL(UNITTESTS_ENABLED, test x$enable_unittests != xno)
-AM_CONDITIONAL(COVERAGE_ENABLED, test x$enable_coverage = xyes)
+AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
+AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
+AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
 
 if test "$enable_static_tor" = "yes"; then
   enable_static_libevent="yes";
@@ -56,102 +67,100 @@ if test "$enable_static_tor" = "yes"; then
   CFLAGS="$CFLAGS -static"
 fi
 
-if test x$enable_buf_freelists = xyes; then
-  AC_DEFINE(ENABLE_BUF_FREELISTS, 1,
-            [Defined if we try to use freelists for buffer RAM chunks])
-fi
-
-AM_CONDITIONAL(USE_MEMPOOLS, test x$enable_mempools = xyes)
-if test x$enable_mempools = xyes; then
-  AC_DEFINE(ENABLE_MEMPOOLS, 1,
-            [Defined if we try to use mempools for cells being relayed])
+if test "$enable_system_torrc" = "no"; then
+  AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
+            [Defined if we're not going to look for a torrc in SYSCONF])
 fi
 
-AM_CONDITIONAL(USE_OPENBSD_MALLOC, test x$enable_openbsd_malloc = xyes)
-if test x$enable_instrument_downloads = xyes; then
+AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")
+if test "x$enable_instrument_downloads" = "xyes"; then
   AC_DEFINE(INSTRUMENT_DOWNLOADS, 1,
             [Defined if we want to keep track of how much of each kind of resource we download.])
 fi
 
 AC_ARG_ENABLE(transparent,
-     AS_HELP_STRING(--disable-transparent, disable transparent proxy support),
+     AS_HELP_STRING(--disable-transparent, [disable transparent proxy support]),
      [case "${enableval}" in
-        yes) transparent=true ;;
-        no)  transparent=false ;;
+        "yes") transparent=true ;;
+        "no")  transparent=false ;;
         *) AC_MSG_ERROR(bad value for --enable-transparent) ;;
       esac], [transparent=true])
 
 AC_ARG_ENABLE(asciidoc,
-     AS_HELP_STRING(--disable-asciidoc, don't use asciidoc (disables building of manpages)),
+     AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
      [case "${enableval}" in
-        yes) asciidoc=true ;;
-        no)  asciidoc=false ;;
+        "yes") asciidoc=true ;;
+        "no")  asciidoc=false ;;
         *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
       esac], [asciidoc=true])
 
-# By default, we're not ready to ship a NAT-PMP aware Tor
-AC_ARG_ENABLE(nat-pmp,
-     AS_HELP_STRING(--enable-nat-pmp, enable NAT-PMP support),
-     [case "${enableval}" in
-        yes) natpmp=true ;;
-        no)  natpmp=false ;;
-        * ) AC_MSG_ERROR(bad value for --enable-nat-pmp) ;;
-      esac], [natpmp=false])
-
-# By default, we're not ready to ship a UPnP aware Tor
-AC_ARG_ENABLE(upnp,
-     AS_HELP_STRING(--enable-upnp, enable UPnP support),
-     [case "${enableval}" in
-        yes) upnp=true ;;
-        no)  upnp=false ;;
-        * ) AC_MSG_ERROR(bad value for --enable-upnp) ;;
-      esac], [upnp=false])
-
-
-AC_ARG_ENABLE(threads,
-     AS_HELP_STRING(--disable-threads, disable multi-threading support))
-
-if test x$enable_threads = x; then
-   case $host in
-    *-*-solaris* )
-     # Don't try multithreading on solaris -- cpuworkers seem to lock.
-     AC_MSG_NOTICE([You are running Solaris; Sometimes threading makes
-cpu workers lock up here, so I will disable threads.])
-     enable_threads="no";;
-    *)
-     enable_threads="yes";;
-   esac
+# systemd notify support
+AC_ARG_ENABLE(systemd,
+      AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
+      [case "${enableval}" in
+        "yes") systemd=true ;;
+        "no")  systemd=false ;;
+        * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
+      esac], [systemd=auto])
+
+
+
+# systemd support
+if test "x$enable_systemd" = "xno"; then
+    have_systemd=no;
+else
+    PKG_CHECK_MODULES(SYSTEMD,
+        [libsystemd-daemon],
+        have_systemd=yes,
+        have_systemd=no)
+    if test "x$have_systemd" = "xno"; then
+        AC_MSG_NOTICE([Okay, checking for systemd a different way...])
+        PKG_CHECK_MODULES(SYSTEMD,
+            [libsystemd],
+            have_systemd=yes,
+            have_systemd=no)
+    fi
+fi
+
+if test "x$have_systemd" = "xyes"; then
+    AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
+    TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
+    TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
+    PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
+         [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
 fi
+AC_SUBST(TOR_SYSTEMD_CFLAGS)
+AC_SUBST(TOR_SYSTEMD_LIBS)
 
-if test "$enable_threads" = "yes"; then
-  AC_DEFINE(ENABLE_THREADS, 1, [Defined if we will try to use multithreading])
+if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
+    AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
 fi
 
-case $host in
+case "$host" in
    *-*-solaris* )
      AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
      ;;
 esac
 
 AC_ARG_ENABLE(gcc-warnings,
-     AS_HELP_STRING(--enable-gcc-warnings, enable verbose warnings))
+     AS_HELP_STRING(--enable-gcc-warnings, [enable verbose warnings]))
 AC_ARG_ENABLE(gcc-warnings-advisory,
      AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror]))
 
 dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
 AC_ARG_ENABLE(gcc-hardening,
-    AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks))
+    AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
 
 AC_ARG_ENABLE(expensive-hardening,
-    AS_HELP_STRING(--enable-expensive-hardening, enable more expensive compiler hardening; makes Tor slower))
+    AS_HELP_STRING(--enable-expensive-hardening, [enable more expensive compiler hardening; makes Tor slower]))
 
 dnl Linker hardening options
 dnl Currently these options are ELF specific - you can't use this with MacOSX
 AC_ARG_ENABLE(linker-hardening,
-    AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups))
+    AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
 
 AC_ARG_ENABLE(local-appdata,
-   AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows))
+   AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
 if test "$enable_local_appdata" = "yes"; then
   AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
             [Defined if we default to host local appdata paths on Windows])
@@ -159,19 +168,22 @@ fi
 
 # Tor2web mode flag
 AC_ARG_ENABLE(tor2web-mode,
-     AS_HELP_STRING(--enable-tor2web-mode, support tor2web non-anonymous mode),
-[if test x$enableval = xyes; then
+     AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
+[if test "x$enableval" = "xyes"; then
     CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
 fi])
 
 AC_ARG_ENABLE(bufferevents,
-     AS_HELP_STRING(--enable-bufferevents, use Libevent's buffered IO.))
+     AS_HELP_STRING(--enable-bufferevents, [use Libevent's buffered IO]))
 
 AC_ARG_ENABLE(tool-name-check,
-     AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling))
+     AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
 
 AC_ARG_ENABLE(seccomp,
-     AS_HELP_STRING(--disable-seccomp, do not attempt to use libseccomp))
+     AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
+
+AC_ARG_ENABLE(libscrypt,
+     AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
 
 dnl check for the correct "ar" when cross-compiling
 AN_MAKEVAR([AR], [AC_PROG_AR])
@@ -185,10 +197,10 @@ dnl because that will find any cc on the system, not only the cross-compiler,
 dnl and then verify that a binary built with this compiler runs on the
 dnl build system. It will then come to the false conclusion that we're not
 dnl cross-compiling.
-if test x$enable_tool_name_check != xno; then
-    if test x$ac_tool_warned = xyes; then
+if test "x$enable_tool_name_check" != "xno"; then
+    if test "x$ac_tool_warned" = "xyes"; then
         AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
-	elif test "x$ac_ct_AR" != x -a x$cross_compiling = xmaybe; then
+	elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
 		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
 	fi
 fi
@@ -198,6 +210,8 @@ AC_PROG_CPP
 AC_PROG_MAKE_SET
 AC_PROG_RANLIB
 
+AC_PATH_PROG([PERL], [perl])
+
 dnl autoconf 2.59 appears not to support AC_PROG_SED
 AC_CHECK_PROG([SED],[sed],[sed],[/bin/false])
 
@@ -205,14 +219,15 @@ dnl check for asciidoc and a2x
 AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
 AC_PATH_PROGS([A2X], [a2x a2x.py], none)
 
-AM_CONDITIONAL(USE_ASCIIDOC, test x$asciidoc = xtrue)
+AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
 
-AM_CONDITIONAL(USE_FW_HELPER, test x$natpmp = xtrue || test x$upnp = xtrue)
-AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue)
-AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue)
+AM_CONDITIONAL(USE_FW_HELPER, test "x$natpmp" = "xtrue" || test "x$upnp" = "xtrue")
+AM_CONDITIONAL(NAT_PMP, test "x$natpmp" = "xtrue")
+AM_CONDITIONAL(MINIUPNPC, test "x$upnp" = "xtrue")
 AM_PROG_CC_C_O
+AC_PROG_CC_C99
 
-AC_ARG_VAR(PYTHON)
+AC_ARG_VAR([PYTHON], [path to Python binary])
 AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
 if test "x$PYTHON" = "x"; then
   AC_MSG_WARN([Python unavailable; some tests will not be run.])
@@ -234,19 +249,38 @@ AC_C_FLEXIBLE_ARRAY_MEMBER
 ]),
   [tor_cv_c_flexarray=yes],
   [tor_cv_c_flexarray=no])])
- if test $tor_cv_flexarray = yes ; then
+ if test "$tor_cv_flexarray" = "yes"; then
    AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
  else
    AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
  fi
 ])
 
-AC_PATH_PROG([SHA1SUM], [sha1sum], none)
-AC_PATH_PROG([OPENSSL], [openssl], none)
+AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
+      tor_cv_c_c99_decl,
+      [AC_COMPILE_IFELSE(
+         [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
+	 [tor_cv_c_c99_decl=yes],
+	 [tor_cv_c_c99_decl=no] )])
+if test "$tor_cv_c_c99_decl" != "yes"; then
+  AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
+fi
+
+AC_CACHE_CHECK([for working C99 designated initializers],
+      tor_cv_c_c99_designated_init,
+      [AC_COMPILE_IFELSE(
+         [AC_LANG_PROGRAM([struct s { int a; int b; };],
+  	       [[ struct s ss = { .b = 5, .a = 6 }; ]])],
+	 [tor_cv_c_c99_designated_init=yes],
+	 [tor_cv_c_c99_designated_init=no] )])
+
+if test "$tor_cv_c_c99_designated_init" != "yes"; then
+  AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
+fi
 
 TORUSER=_tor
 AC_ARG_WITH(tor-user,
-        [  --with-tor-user=NAME    Specify username for tor daemon ],
+        AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
         [
            TORUSER=$withval
         ]
@@ -255,7 +289,7 @@ AC_SUBST(TORUSER)
 
 TORGROUP=_tor
 AC_ARG_WITH(tor-group,
-        [  --with-tor-group=NAME   Specify group name for tor daemon ],
+        AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
         [
            TORGROUP=$withval
         ]
@@ -282,7 +316,7 @@ bwin32=false; AC_MSG_RESULT([no]),
 bwin32=cross; AC_MSG_RESULT([cross])
 )
 
-if test "$bwin32" = cross; then
+if test "$bwin32" = "cross"; then
 AC_MSG_CHECKING([for win32 (cross)])
 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
 #ifdef _WIN32
@@ -296,7 +330,27 @@ bwin32=true; AC_MSG_RESULT([yes]),
 bwin32=false; AC_MSG_RESULT([no]))
 fi
 
-AM_CONDITIONAL(BUILD_NT_SERVICES, test x$bwin32 = xtrue)
+AH_BOTTOM([
+#ifdef _WIN32
+/* Defined to access windows functions and definitions for >=WinXP */
+# ifndef WINVER
+#  define WINVER 0x0501
+# endif
+
+/* Defined to access _other_ windows functions and definitions for >=WinXP */
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0501
+# endif
+
+/* Defined to avoid including some windows headers as part of Windows.h */
+# ifndef WIN32_LEAN_AND_MEAN
+#  define WIN32_LEAN_AND_MEAN 1
+# endif
+#endif
+])
+
+
+AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
 
 dnl Enable C99 when compiling with MIPSpro
 AC_MSG_CHECKING([for MIPSpro compiler])
@@ -309,7 +363,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
 bmipspro=false; AC_MSG_RESULT(no),
 bmipspro=true; AC_MSG_RESULT(yes))
 
-if test "$bmipspro" = true; then
+if test "$bmipspro" = "true"; then
   CFLAGS="$CFLAGS -c99"
 fi
 
@@ -319,6 +373,7 @@ AC_SEARCH_LIBS(socket, [socket network])
 AC_SEARCH_LIBS(gethostbyname, [nsl])
 AC_SEARCH_LIBS(dlopen, [dl])
 AC_SEARCH_LIBS(inet_aton, [resolv])
+AC_SEARCH_LIBS(backtrace, [execinfo])
 saved_LIBS="$LIBS"
 AC_SEARCH_LIBS([clock_gettime], [rt])
 if test "$LIBS" != "$saved_LIBS"; then
@@ -326,28 +381,31 @@ if test "$LIBS" != "$saved_LIBS"; then
    have_rt=yes
 fi
 
-if test "$enable_threads" = "yes"; then
-  AC_SEARCH_LIBS(pthread_create, [pthread])
-  AC_SEARCH_LIBS(pthread_detach, [pthread])
-fi
+AC_SEARCH_LIBS(pthread_create, [pthread])
+AC_SEARCH_LIBS(pthread_detach, [pthread])
 
-dnl -------------------------------------------------------------------
-dnl Check for functions before libevent, since libevent-1.2 apparently
-dnl exports strlcpy without defining it in a header.
+AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
+AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
 
 AC_CHECK_FUNCS(
         _NSGetEnviron \
+	RtlSecureZeroMemory \
+	SecureZeroMemory \
         accept4 \
         backtrace \
         backtrace_symbols_fd \
-        clock_gettime \
+	eventfd \
+	explicit_bzero \
+	timingsafe_memcmp \
         flock \
         ftime \
         getaddrinfo \
         getifaddrs \
+        getpass \
         getrlimit \
         gettimeofday \
         gmtime_r \
+	htonll \
         inet_aton \
         ioctl \
         issetugid \
@@ -355,32 +413,78 @@ AC_CHECK_FUNCS(
         localtime_r \
         lround \
         memmem \
+        memset_s \
+	pipe \
+	pipe2 \
         prctl \
+	readpassphrase \
         rint \
         sigaction \
         socketpair \
+	statvfs \
         strlcat \
         strlcpy \
+	strnlen \
         strptime \
         strtok_r \
         strtoull \
         sysconf \
 	sysctl \
         uname \
-        usleep \
+	usleep \
         vasprintf \
 	_vscprintf
 )
 
-if test "$enable_threads" = "yes"; then
+# Apple messed up when they added two functions functions in Sierra: they
+# forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION
+# checks. So we should only probe for those functions if we are sure that we
+# are not targetting OSX 10.11 or earlier.
+AC_MSG_CHECKING([for a pre-Sierra OSX build target])
+AC_TRY_COMPILE([
+#ifdef __APPLE__
+#  include <AvailabilityMacros.h>
+#  ifndef MAC_OS_VERSION_10_12
+#    define MAC_OS_VERSION_10_12 101200
+#  endif
+#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
+#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_VERSION_10_12
+#      error "Running on Mac OSX 10.11 or earlier"
+#    endif
+#  endif
+#endif
+], [],
+   [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])],
+   [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])])
+
+if test "$on_macos_pre_10_12" = "no"; then
+  AC_CHECK_FUNCS(
+        clock_gettime \
+        getentropy \
+  )
+fi
+
+if test "$bwin32" != "true"; then
   AC_CHECK_HEADERS(pthread.h)
   AC_CHECK_FUNCS(pthread_create)
+  AC_CHECK_FUNCS(pthread_condattr_setclock)
 fi
 
+if test "$bwin32" = "true"; then
+  AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
+#include <windows.h>
+#include <conio.h>
+#include <wchar.h>
+                 ])
+fi
+
+AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
+  test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
+
 dnl ------------------------------------------------------
 dnl Where do you live, libevent?  And how do we call you?
 
-if test "$bwin32" = true; then
+if test "$bwin32" = "true"; then
   TOR_LIB_WS32=-lws2_32
   TOR_LIB_IPHLPAPI=-liphlpapi
   # Some of the cargo-cults recommend -lwsock32 as well, but I don't
@@ -394,15 +498,6 @@ AC_SUBST(TOR_LIB_WS32)
 AC_SUBST(TOR_LIB_GDI)
 AC_SUBST(TOR_LIB_IPHLPAPI)
 
-dnl We need to do this before we try our disgusting hack below.
-AC_CHECK_HEADERS([sys/types.h])
-
-dnl This is a disgusting hack so we safely include older libevent headers.
-AC_CHECK_TYPE(u_int64_t, unsigned long long)
-AC_CHECK_TYPE(u_int32_t, unsigned long)
-AC_CHECK_TYPE(u_int16_t, unsigned short)
-AC_CHECK_TYPE(u_int8_t, unsigned char)
-
 tor_libevent_pkg_redhat="libevent"
 tor_libevent_pkg_debian="libevent-dev"
 tor_libevent_devpkg_redhat="libevent-devel"
@@ -412,7 +507,7 @@ dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
 dnl linking for static builds.
 STATIC_LIBEVENT_FLAGS=""
 if test "$enable_static_libevent" = "yes"; then
-    if test "$have_rt" = yes; then
+    if test "$have_rt" = "yes"; then
       STATIC_LIBEVENT_FLAGS=" -lrt "
     fi
 fi
@@ -421,19 +516,18 @@ TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $T
 #ifdef _WIN32
 #include <winsock2.h>
 #endif
-#include <stdlib.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <event.h>], [
 #ifdef _WIN32
 #include <winsock2.h>
 #endif
-void exit(int); void *event_init(void);],
+void *event_init(void);],
     [
 #ifdef _WIN32
 {WSADATA d; WSAStartup(0x101,&d); }
 #endif
-event_init(); exit(0);
+event_init();
 ], [--with-libevent-dir], [/opt/libevent])
 
 dnl Now check for particular libevent functions.
@@ -443,25 +537,20 @@ save_CPPFLAGS="$CPPFLAGS"
 LIBS="-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $LIBS"
 LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
 CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
-AC_CHECK_FUNCS([event_get_version \
-                event_get_version_number \
-                event_get_method \
-                event_set_log_callback \
+AC_CHECK_FUNCS([event_get_version_number \
                 evutil_secure_rng_set_urandom_device_file \
                 evutil_secure_rng_init \
-                event_base_loopexit])
+               ])
 AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
 [#include <event.h>
 ])
 
 AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
 
-LIBS="$save_LIBS"
-LDFLAGS="$save_LDFLAGS"
-CPPFLAGS="$save_CPPFLAGS"
-
+LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
 
-AM_CONDITIONAL(USE_EXTERNAL_EVDNS, test x$ac_cv_header_event2_dns_h = xyes)
+AM_CONDITIONAL(USE_EXTERNAL_EVDNS,
+  test "x$ac_cv_header_event2_dns_h" = "xyes")
 
 if test "$enable_static_libevent" = "yes"; then
    if test "$tor_cv_library_libevent_dir" = "(system)"; then
@@ -470,13 +559,29 @@ if test "$enable_static_libevent" = "yes"; then
      TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
    fi
 else
-     TOR_LIBEVENT_LIBS="-levent"
+     if test "x$ac_cv_header_event2_event_h" = "xyes"; then
+       AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
+       AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))
+
+       if test "$ac_cv_search_event_new" != "none required"; then
+         TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
+       fi
+       if test "$ac_cv_search_evdns_base_new" != "none required"; then
+         TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
+       fi
+     else
+       TOR_LIBEVENT_LIBS="-levent"
+     fi
 fi
 
+LIBS="$save_LIBS"
+LDFLAGS="$save_LDFLAGS"
+CPPFLAGS="$save_CPPFLAGS"
+
 dnl This isn't the best test for Libevent 2.0.3-alpha.  Once it's released,
 dnl we can do much better.
-if test "$enable_bufferevents" = "yes" ; then
-  if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes" ; then
+if test "$enable_bufferevents" = "yes"; then
+  if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes"; then
     AC_MSG_ERROR([You've asked for bufferevent support, but you're using a version of Libevent without SSL support.  This won't work.  We need Libevent 2.0.8-rc or later, and you don't seem to even have Libevent 2.0.3-alpha.])
   else
 
@@ -494,7 +599,7 @@ int x = 1;
 #endif
   ])], [event_version_number_works=yes; AC_MSG_RESULT([yes]) ],
      [event_version_number_works=no;  AC_MSG_RESULT([no])])
-    if test "$event_version_number_works" != 'yes'; then
+    if test "$event_version_number_works" != "yes"; then
       AC_MSG_WARN([Version detection on Libevent seems broken.  Your Libevent installation is probably screwed up or very old.])
     else
       AC_MSG_CHECKING([whether Libevent is new enough for bufferevents])
@@ -552,9 +657,9 @@ tor_openssl_devpkg_debian="libssl-dev"
 
 ALT_openssl_WITHVAL=""
 AC_ARG_WITH(ssl-dir,
-  [  --with-ssl-dir=PATH    Obsolete alias for --with-openssl-dir ],
+  AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
   [
-      if test "x$withval" != xno && test "x$withval" != "x" ; then
+      if test "x$withval" != "xno" && test "x$withval" != "x"; then
          ALT_openssl_WITHVAL="$withval"
       fi
   ])
@@ -562,7 +667,7 @@ AC_ARG_WITH(ssl-dir,
 TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI],
     [#include <openssl/rand.h>],
     [void RAND_add(const void *buf, int num, double entropy);],
-    [RAND_add((void*)0,0,0); exit(0);], [],
+    [RAND_add((void*)0,0,0);], [],
     [/usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/athena /opt/openssl])
 
 dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
@@ -578,10 +683,56 @@ else
 fi
 AC_SUBST(TOR_OPENSSL_LIBS)
 
+dnl Now check for particular openssl functions.
+save_LIBS="$LIBS"
+save_LDFLAGS="$LDFLAGS"
+save_CPPFLAGS="$CPPFLAGS"
+LIBS="$TOR_OPENSSL_LIBS $LIBS"
+LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
+CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
+
+AC_TRY_COMPILE([
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x1000000fL
+#error "too old"
+#endif
+   ], [],
+   [ : ],
+   [ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
+
+AC_TRY_COMPILE([
+#include <openssl/opensslv.h>
+#include <openssl/evp.h>
+#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
+#error "no ECC"
+#endif
+#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
+#error "curves unavailable"
+#endif
+   ], [],
+   [ : ],
+   [ AC_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
+
 AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
 [#include <openssl/ssl.h>
 ])
 
+AC_CHECK_FUNCS([ \
+		SSL_SESSION_get_master_key \
+		SSL_get_server_random \
+                SSL_get_client_ciphers \
+                SSL_get_client_random \
+		SSL_CIPHER_find \
+		TLS_method
+	       ])
+
+dnl Check if OpenSSL has scrypt implementation.
+AC_CHECK_FUNCS([ EVP_PBE_scrypt ])
+
+LIBS="$save_LIBS"
+LDFLAGS="$save_LDFLAGS"
+CPPFLAGS="$save_CPPFLAGS"
+
 dnl ------------------------------------------------------
 dnl Where do you live, zlib?  And how do we call you?
 
@@ -593,7 +744,7 @@ tor_zlib_devpkg_debian="zlib1g-dev"
 TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
     [#include <zlib.h>],
     [const char * zlibVersion(void);],
-    [zlibVersion(); exit(0);], [--with-zlib-dir],
+    [zlibVersion();], [--with-zlib-dir],
     [/opt/zlib])
 
 if test "$enable_static_zlib" = "yes"; then
@@ -608,6 +759,19 @@ else
 fi
 AC_SUBST(TOR_ZLIB_LIBS)
 
+dnl ----------------------------------------------------------------------
+dnl Check if libcap is available for capabilities.
+
+tor_cap_pkg_debian="libcap2"
+tor_cap_pkg_redhat="libcap"
+tor_cap_devpkg_debian="libcap-dev"
+tor_cap_devpkg_redhat="libcap-devel"
+
+AC_CHECK_LIB([cap], [cap_init], [],
+  AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
+)
+AC_CHECK_FUNCS(cap_set_proc)
+
 dnl ---------------------------------------------------------------------
 dnl Now that we know about our major libraries, we can check for compiler
 dnl and linker hardening options.  We need to do this with the libraries known,
@@ -615,26 +779,27 @@ dnl since sometimes the linker will like an option but not be willing to
 dnl use it with a build of a library.
 
 all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
-all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
+all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_CAP_LIBS"
 
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
 #if !defined(__clang__)
 #error
 #endif])], have_clang=yes, have_clang=no)
 
-if test x$enable_gcc_hardening != xno; then
-    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
-    if test x$have_clang = xyes; then
+if test "x$enable_gcc_hardening" != "xno"; then
+    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
+    if test "x$have_clang" = "xyes"; then
         TOR_CHECK_CFLAGS(-Qunused-arguments)
     fi
     TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
     AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
     AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
+m4_ifdef([AS_VAR_IF],[
     AS_VAR_IF(can_compile, [yes],
         AS_VAR_IF(can_link, [yes],
                   [],
                   AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
-        )
+        )])
     AS_VAR_POPDEF([can_link])
     AS_VAR_POPDEF([can_compile])
     TOR_CHECK_CFLAGS(-Wstack-protector)
@@ -646,13 +811,13 @@ if test x$enable_gcc_hardening != xno; then
     fi
 fi
 
-if test x$enable_expensive_hardening = xyes ; then
+if test "x$enable_expensive_hardening" = "xyes"; then
    TOR_CHECK_CFLAGS([-fsanitize=address])
    TOR_CHECK_CFLAGS([-fsanitize=undefined])
    TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
 fi
 
-if test x$enable_linker_hardening != xno; then
+if test "x$enable_linker_hardening" != "xno"; then
     TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
 fi
 
@@ -666,7 +831,7 @@ saved_CFLAGS="$CFLAGS"
 TOR_CHECK_CFLAGS(-fomit-frame-pointer)
 F_OMIT_FRAME_POINTER=''
 if test "$saved_CFLAGS" != "$CFLAGS"; then
-  if test x$enable_expensive_hardening != xyes ; then
+  if test "x$enable_expensive_hardening" != "xyes"; then
     F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
   fi
 fi
@@ -680,65 +845,6 @@ dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
 dnl code will work.
 TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)
 
-dnl ------------------------------------------------------
-dnl Where do you live, libnatpmp?  And how do we call you?
-dnl There are no packages for Debian or Redhat as of this patch
-
-if test "$natpmp" = "true"; then
-    AC_DEFINE(NAT_PMP, 1, [Define to 1 if we are building with nat-pmp.])
-    TOR_SEARCH_LIBRARY(libnatpmp, $trylibnatpmpdir, [-lnatpmp $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI],
-        [#include <natpmp.h>],
-        [#ifdef _WIN32
-         #define STATICLIB
-         #endif
-         #include <natpmp.h>],
-        [   int r;
-            natpmp_t natpmp;
-            natpmpresp_t response;
-            r = initnatpmp(&natpmp, 0, 0);],
-            [printf("initnatpmp() returned %d (%s)\n", r, r?"FAILED":"SUCCESS");
-            exit(0);],
-        [--with-libnatpmp-dir],
-        [/usr/lib/])
-fi
-
-
-dnl ------------------------------------------------------
-dnl Where do you live, libminiupnpc?  And how do we call you?
-dnl There are no packages for Debian or Redhat as of this patch
-
-if test "$upnp" = "true"; then
-    AC_DEFINE(MINIUPNPC, 1, [Define to 1 if we are building with UPnP.])
-
-    dnl Before we call TOR_SEARCH_LIBRARY we'll do a quick compile test
-    dnl to see if we have miniupnpc-1.5 or -1.6
-    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <miniupnpc/miniupnpc.h>],
-        [upnpDiscover(1, 0, 0, 0);exit(0);])],[miniupnpc15="true"],[miniupnpc15="false"])
-
-    if test "$miniupnpc15" = "true" ; then
-        AC_DEFINE([MINIUPNPC15],[1],[libminiupnpc version 1.5 found])
-        TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI],
-            [#include <miniupnpc/miniwget.h>
-             #include <miniupnpc/miniupnpc.h>
-             #include <miniupnpc/upnpcommands.h>],
-            [void upnpDiscover(int delay, const char * multicastif,
-             const char * minissdpdsock, int sameport);],
-            [upnpDiscover(1, 0, 0, 0); exit(0);],
-            [--with-libminiupnpc-dir],
-            [/usr/lib/])
-    else
-        TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI],
-            [#include <miniupnpc/miniwget.h>
-             #include <miniupnpc/miniupnpc.h>
-             #include <miniupnpc/upnpcommands.h>],
-            [void upnpDiscover(int delay, const char * multicastif,
-             const char * minissdpdsock, int sameport, int ipv6, int * error);],
-            [upnpDiscover(1, 0, 0, 0, 0, 0); exit(0);],
-            [--with-libminiupnpc-dir],
-            [/usr/lib/])
-    fi
-fi
-
 dnl ============================================================
 dnl Check for libseccomp
 
@@ -748,115 +854,116 @@ if test "x$enable_seccomp" != "xno"; then
 fi
 
 dnl ============================================================
+dnl Check for libscrypt
+
+if test "x$enable_libscrypt" != "xno"; then
+  AC_CHECK_HEADERS([libscrypt.h])
+  AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt])
+  AC_CHECK_FUNCS([libscrypt_scrypt])
+fi
+
+dnl ============================================================
 dnl We need an implementation of curve25519.
 
 dnl set these defaults.
-have_a_curve25519=no
 build_curve25519_donna=no
 build_curve25519_donna_c64=no
 use_curve25519_donna=no
 use_curve25519_nacl=no
 CURVE25519_LIBS=
 
-if test x$enable_curve25519 != xno; then
-
-  dnl The best choice is using curve25519-donna-c64, but that requires
-  dnl that we
-  AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
-    tor_cv_can_use_curve25519_donna_c64,
-    [AC_RUN_IFELSE(
-      [AC_LANG_PROGRAM([dnl
-        #include <stdint.h>
-        typedef unsigned uint128_t __attribute__((mode(TI)));
-	int func(uint64_t a, uint64_t b) {
-  	     uint128_t c = ((uint128_t)a) * b;
-             int ok = ((uint64_t)(c>>96)) == 522859 &&
-	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
-                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
-                   (((uint64_t)(c))&0xffffffffL) == 0;
-             return ok;
-        }
-	], [dnl
-	  int ok = func( ((uint64_t)2000000000) * 1000000000,
-	  	         ((uint64_t)1234567890) << 24);
-          return !ok;
-        ])],
-	[tor_cv_can_use_curve25519_donna_c64=yes],
-        [tor_cv_can_use_curve25519_donna_c64=no],
-	[AC_LINK_IFELSE(
-          [AC_LANG_PROGRAM([dnl
-        #include <stdint.h>
-        typedef unsigned uint128_t __attribute__((mode(TI)));
-	int func(uint64_t a, uint64_t b) {
-  	     uint128_t c = ((uint128_t)a) * b;
-             int ok = ((uint64_t)(c>>96)) == 522859 &&
-	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
-                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
-                   (((uint64_t)(c))&0xffffffffL) == 0;
-             return ok;
-        }
-	], [dnl
-	  int ok = func( ((uint64_t)2000000000) * 1000000000,
-	  	         ((uint64_t)1234567890) << 24);
-          return !ok;
-        ])],
-            [tor_cv_can_use_curve25519_donna_c64=cross],
-	    [tor_cv_can_use_curve25519_donna_c64=no])])])
-
-  AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
-                    nacl/crypto_scalarmult_curve25519.h])
-
-  AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
-    tor_cv_can_use_curve25519_nacl,
-    [tor_saved_LIBS="$LIBS"
-     LIBS="$LIBS -lnacl"
-     AC_LINK_IFELSE(
-       [AC_LANG_PROGRAM([dnl
-         #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
-         #include <crypto_scalarmult_curve25519.h>
-	 #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
-	 #include <nacl/crypto_scalarmult_curve25519.h>
-	 #endif
-         #ifdef crypto_scalarmult_curve25519_ref_BYTES
-	 #error Hey, this is the reference implementation! That's not fast.
-	 #endif
-       ], [
-	 unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
-       ])], [tor_cv_can_use_curve25519_nacl=yes],
-       [tor_cv_can_use_curve25519_nacl=no])
-     LIBS="$tor_saved_LIBS" ])
-
-   dnl Okay, now we need to figure out which one to actually use. Fall back
-   dnl to curve25519-donna.c
-
-   if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
-     build_curve25519_donna_c64=yes
-     use_curve25519_donna=yes
-   elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
-     use_curve25519_nacl=yes
-     CURVE25519_LIBS=-lnacl
-   else
-     build_curve25519_donna=yes
-     use_curve25519_donna=yes
-   fi
-   have_a_curve25519=yes
-fi
+dnl The best choice is using curve25519-donna-c64, but that requires
+dnl that we
+AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
+  tor_cv_can_use_curve25519_donna_c64,
+  [AC_RUN_IFELSE(
+    [AC_LANG_PROGRAM([dnl
+      #include <stdint.h>
+      typedef unsigned uint128_t __attribute__((mode(TI)));
+  int func(uint64_t a, uint64_t b) {
+           uint128_t c = ((uint128_t)a) * b;
+           int ok = ((uint64_t)(c>>96)) == 522859 &&
+             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
+                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
+                 (((uint64_t)(c))&0xffffffffL) == 0;
+           return ok;
+      }
+  ], [dnl
+    int ok = func( ((uint64_t)2000000000) * 1000000000,
+                   ((uint64_t)1234567890) << 24);
+        return !ok;
+      ])],
+  [tor_cv_can_use_curve25519_donna_c64=yes],
+      [tor_cv_can_use_curve25519_donna_c64=no],
+  [AC_LINK_IFELSE(
+        [AC_LANG_PROGRAM([dnl
+      #include <stdint.h>
+      typedef unsigned uint128_t __attribute__((mode(TI)));
+  int func(uint64_t a, uint64_t b) {
+           uint128_t c = ((uint128_t)a) * b;
+           int ok = ((uint64_t)(c>>96)) == 522859 &&
+             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
+                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
+                 (((uint64_t)(c))&0xffffffffL) == 0;
+           return ok;
+      }
+  ], [dnl
+    int ok = func( ((uint64_t)2000000000) * 1000000000,
+    	         ((uint64_t)1234567890) << 24);
+        return !ok;
+      ])],
+          [tor_cv_can_use_curve25519_donna_c64=cross],
+      [tor_cv_can_use_curve25519_donna_c64=no])])])
+
+AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
+                  nacl/crypto_scalarmult_curve25519.h])
+
+AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
+  tor_cv_can_use_curve25519_nacl,
+  [tor_saved_LIBS="$LIBS"
+   LIBS="$LIBS -lnacl"
+   AC_LINK_IFELSE(
+     [AC_LANG_PROGRAM([dnl
+       #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
+       #include <crypto_scalarmult_curve25519.h>
+   #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
+   #include <nacl/crypto_scalarmult_curve25519.h>
+   #endif
+       #ifdef crypto_scalarmult_curve25519_ref_BYTES
+   #error Hey, this is the reference implementation! That's not fast.
+   #endif
+     ], [
+   unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
+     ])], [tor_cv_can_use_curve25519_nacl=yes],
+     [tor_cv_can_use_curve25519_nacl=no])
+   LIBS="$tor_saved_LIBS" ])
+
+ dnl Okay, now we need to figure out which one to actually use. Fall back
+ dnl to curve25519-donna.c
+
+ if test "x$tor_cv_can_use_curve25519_donna_c64" != "xno"; then
+   build_curve25519_donna_c64=yes
+   use_curve25519_donna=yes
+ elif test "x$tor_cv_can_use_curve25519_nacl" = "xyes"; then
+   use_curve25519_nacl=yes
+   CURVE25519_LIBS=-lnacl
+ else
+   build_curve25519_donna=yes
+   use_curve25519_donna=yes
+ fi
 
-if test x$have_a_curve25519 = xyes; then
-  AC_DEFINE(CURVE25519_ENABLED, 1,
-            [Defined if we have a curve25519 implementation])
-fi
-if test x$use_curve25519_donna = xyes; then
+if test "x$use_curve25519_donna" = "xyes"; then
   AC_DEFINE(USE_CURVE25519_DONNA, 1,
             [Defined if we should use an internal curve25519_donna{,_c64} implementation])
 fi
-if test x$use_curve25519_nacl = xyes; then
+if test "x$use_curve25519_nacl" = "xyes"; then
   AC_DEFINE(USE_CURVE25519_NACL, 1,
             [Defined if we should use a curve25519 from nacl])
 fi
-AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes)
-AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes)
-AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes)
+AM_CONDITIONAL(BUILD_CURVE25519_DONNA,
+  test "x$build_curve25519_donna" = "xyes")
+AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64,
+  test "x$build_curve25519_donna_c64" = "xyes")
 AC_SUBST(CURVE25519_LIBS)
 
 dnl Make sure to enable support for large off_t if available.
@@ -868,6 +975,7 @@ AC_CHECK_HEADERS(
         fcntl.h \
         signal.h \
         string.h \
+	sys/capability.h \
         sys/fcntl.h \
         sys/stat.h \
         sys/time.h \
@@ -895,7 +1003,9 @@ AC_CHECK_HEADERS(
         netinet/in.h \
         netinet/in6.h \
         pwd.h \
+	readpassphrase.h \
         stdint.h \
+	sys/eventfd.h \
         sys/file.h \
         sys/ioctl.h \
         sys/limits.h \
@@ -905,6 +1015,8 @@ AC_CHECK_HEADERS(
         sys/resource.h \
         sys/select.h \
         sys/socket.h \
+	sys/statvfs.h \
+        sys/syscall.h \
 	sys/sysctl.h \
         sys/syslimits.h \
         sys/time.h \
@@ -934,7 +1046,18 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
 #endif
 #ifdef HAVE_NET_IF_H
 #include <net/if.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
 #endif])
+
+AC_CHECK_HEADERS(linux/if.h,[],[],
+[
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+])
+
 AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
         linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
 [#ifdef HAVE_SYS_TYPES_H
@@ -956,17 +1079,44 @@ AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
 #include <netinet/in.h>
 #endif])
 
-if test x$transparent = xtrue ; then
+AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
+        linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifdef HAVE_LINUX_TYPES_H
+#include <linux/types.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif])
+
+if test "x$transparent" = "xtrue"; then
    transparent_ok=0
-   if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then
+   if test "x$net_if_found" = "x1" && test "x$net_pfvar_found" = "x1"; then
+     transparent_ok=1
+   fi
+   if test "x$linux_netfilter_ipv4" = "x1"; then
      transparent_ok=1
    fi
-   if test x$linux_netfilter_ipv4 = x1 ; then
+   if test "x$linux_netfilter_ipv6_ip6_tables" = "x1"; then
      transparent_ok=1
    fi
-   if test x$transparent_ok = x1 ; then
+   if test "x$transparent_ok" = "x1"; then
      AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
-     case $host in
+     case "$host" in
        *-*-openbsd* | *-*-bitrig*)
          AC_DEFINE(OPENBSD, 1, "Define to handle pf on OpenBSD properly") ;;
      esac
@@ -1012,7 +1162,7 @@ AC_CHECK_SIZEOF(pid_t)
 
 AC_CHECK_TYPES([uint, u_char, ssize_t])
 
-AC_PC_FROM_UCONTEXT([/bin/true])
+AC_PC_FROM_UCONTEXT([:])
 
 dnl used to include sockaddr_storage, but everybody has that.
 AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , ,
@@ -1031,13 +1181,9 @@ AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , ,
 #ifdef _WIN32
 #define _WIN32_WINNT 0x0501
 #define WIN32_LEAN_AND_MEAN
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
-#include <winsock.h>
-#else
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#endif
 ])
 AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len], , ,
 [#ifdef HAVE_SYS_TYPES_H
@@ -1055,13 +1201,9 @@ AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct s
 #ifdef _WIN32
 #define _WIN32_WINNT 0x0501
 #define WIN32_LEAN_AND_MEAN
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
-#include <winsock.h>
-#else
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#endif
 ])
 
 AC_CHECK_TYPES([rlim_t], , ,
@@ -1077,7 +1219,7 @@ AC_CHECK_TYPES([rlim_t], , ,
 ])
 
 AX_CHECK_SIGN([time_t],
-       [ AC_DEFINE(TIME_T_IS_SIGNED, 1, [Define if time_t is signed]) ],
+       [ : ],
        [ : ], [
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -1090,8 +1232,8 @@ AX_CHECK_SIGN([time_t],
 #endif
 ])
 
-if test "$ax_cv_decl_time_t_signed" = no; then
-  AC_MSG_WARN([You have an unsigned time_t; some things will probably break. Please tell the Tor developers about your interesting platform.])
+if test "$ax_cv_decl_time_t_signed" = "no"; then
+  AC_MSG_ERROR([You have an unsigned time_t; Tor does not support that. Please tell the Tor developers about your interesting platform.])
 fi
 
 AX_CHECK_SIGN([size_t],
@@ -1102,7 +1244,7 @@ AX_CHECK_SIGN([size_t],
 #endif
 ])
 
-if test "$ax_cv_decl_size_t_signed" = yes; then
+if test "$ax_cv_decl_size_t_signed" = "yes"; then
   AC_MSG_ERROR([You have a signed size_t; that's grossly nonconformant.])
 fi
 
@@ -1137,12 +1279,12 @@ return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
        [tor_cv_null_is_zero=no],
        [tor_cv_null_is_zero=cross])])
 
-if test "$tor_cv_null_is_zero" = cross ; then
+if test "$tor_cv_null_is_zero" = "cross"; then
   # Cross-compiling; let's hope that the target isn't raving mad.
   AC_MSG_NOTICE([Cross-compiling: we'll assume that NULL is represented as a sequence of 0-valued bytes.])
 fi
 
-if test "$tor_cv_null_is_zero" != no; then
+if test "$tor_cv_null_is_zero" != "no"; then
   AC_DEFINE([NULL_REP_IS_ZERO_BYTES], 1,
             [Define to 1 iff memset(0) sets pointers to NULL])
 fi
@@ -1161,12 +1303,12 @@ return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
        [tor_cv_dbl0_is_zero=no],
        [tor_cv_dbl0_is_zero=cross])])
 
-if test "$tor_cv_dbl0_is_zero" = cross ; then
+if test "$tor_cv_dbl0_is_zero" = "cross"; then
   # Cross-compiling; let's hope that the target isn't raving mad.
   AC_MSG_NOTICE([Cross-compiling: we'll assume that 0.0 can be represented as a sequence of 0-valued bytes.])
 fi
 
-if test "$tor_cv_dbl0_is_zero" != no; then
+if test "$tor_cv_dbl0_is_zero" != "no"; then
   AC_DEFINE([DOUBLE_0_REP_IS_ZERO_BYTES], 1,
             [Define to 1 iff memset(0) sets doubles to 0.0])
 fi
@@ -1185,12 +1327,12 @@ int main () { return malloc(0)?0:1; }]])],
        [tor_cv_malloc_zero_works=no],
        [tor_cv_malloc_zero_works=cross])])
 
-if test "$tor_cv_malloc_zero_works" = cross; then
+if test "$tor_cv_malloc_zero_works" = "cross"; then
   # Cross-compiling; let's hope that the target isn't raving mad.
   AC_MSG_NOTICE([Cross-compiling: we'll assume that we need to check malloc() arguments for 0.])
 fi
 
-if test "$tor_cv_malloc_zero_works" = yes; then
+if test "$tor_cv_malloc_zero_works" = "yes"; then
   AC_DEFINE([MALLOC_ZERO_WORKS], 1,
             [Define to 1 iff malloc(0) returns a pointer])
 fi
@@ -1204,14 +1346,15 @@ return problem ? 1 : 0; }]])],
        [tor_cv_twos_complement=no],
        [tor_cv_twos_complement=cross])])
 
-if test "$tor_cv_twos_complement" = cross ; then
+if test "$tor_cv_twos_complement" = "cross"; then
   # Cross-compiling; let's hope that the target isn't raving mad.
   AC_MSG_NOTICE([Cross-compiling: we'll assume that negative integers are represented with two's complement.])
 fi
 
-if test "$tor_cv_twos_complement" != no ; then
+if test "$tor_cv_twos_complement" != "no"; then
   AC_DEFINE([USING_TWOS_COMPLEMENT], 1,
-            [Define to 1 iff we represent negative integers with two's complement])
+            [Define to 1 iff we represent negative integers with
+             two's complement])
 fi
 
 # What does shifting a negative value do?
@@ -1222,12 +1365,12 @@ AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor
        [tor_cv_sign_extend=no],
        [tor_cv_sign_extend=cross])])
 
-if test "$tor_cv_sign_extend" = cross ; then
+if test "$tor_cv_sign_extend" = "cross"; then
   # Cross-compiling; let's hope that the target isn't raving mad.
   AC_MSG_NOTICE([Cross-compiling: we'll assume that right-shifting negative integers causes sign-extension])
 fi
 
-if test "$tor_cv_sign_extend" != no ; then
+if test "$tor_cv_sign_extend" != "no"; then
   AC_DEFINE([RSHIFT_DOES_SIGN_EXTEND], 1,
             [Define to 1 iff right-shifting a negative value performs sign-extension])
 fi
@@ -1235,7 +1378,7 @@ fi
 # Whether we should use the dmalloc memory allocation debugging library.
 AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library))
 AC_ARG_WITH(dmalloc,
-[  --with-dmalloc          Use debug memory allocation library. ],
+AS_HELP_STRING(--with-dmalloc, [use debug memory allocation library]),
 [if [[ "$withval" = "yes" ]]; then
   dmalloc=1
   AC_MSG_RESULT(yes)
@@ -1253,21 +1396,21 @@ if [[ $dmalloc -eq 1 ]]; then
 fi
 
 AC_ARG_WITH(tcmalloc,
-[  --with-tcmalloc         Use tcmalloc memory allocation library. ],
+AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library]),
 [ tcmalloc=yes ], [ tcmalloc=no ])
 
-if test x$tcmalloc = xyes ; then
+if test "x$tcmalloc" = "xyes"; then
    LDFLAGS="-ltcmalloc $LDFLAGS"
 fi
 
 using_custom_malloc=no
-if test x$enable_openbsd_malloc = xyes ; then
+if test "x$enable_openbsd_malloc" = "xyes"; then
    using_custom_malloc=yes
 fi
-if test x$tcmalloc = xyes ; then
+if test "x$tcmalloc" = "xyes"; then
    using_custom_malloc=yes
 fi
-if test $using_custom_malloc = no ; then
+if test "$using_custom_malloc" = "no"; then
    AC_CHECK_FUNCS(mallinfo)
 fi
 
@@ -1283,7 +1426,7 @@ AC_CHECK_DECLS([mlockall], , , [
 
 # Allow user to specify an alternate syslog facility
 AC_ARG_WITH(syslog-facility,
-[  --with-syslog-facility=LOG syslog facility to use (default=LOG_DAEMON)],
+AS_HELP_STRING(--with-syslog-facility=LOG, [syslog facility to use (default=LOG_DAEMON)]),
 syslog_facility="$withval", syslog_facility="LOG_DAEMON")
 AC_DEFINE_UNQUOTED(LOGFACILITY,$syslog_facility,[name of the syslog facility])
 AC_SUBST(LOGFACILITY)
@@ -1384,20 +1527,20 @@ int main(int c, char **v) { char **t = environ; }])],
   tor_cv_have_environ_declared=yes,
   tor_cv_have_environ_declared=no))
 
-if test "$tor_cv_have_func_macro" = 'yes'; then
+if test "$tor_cv_have_func_macro" = "yes"; then
   AC_DEFINE(HAVE_MACRO__func__, 1, [Defined if the compiler supports __func__])
 fi
 
-if test "$tor_cv_have_FUNC_macro" = 'yes'; then
+if test "$tor_cv_have_FUNC_macro" = "yes"; then
   AC_DEFINE(HAVE_MACRO__FUNC__, 1, [Defined if the compiler supports __FUNC__])
 fi
 
-if test "$tor_cv_have_FUNCTION_macro" = 'yes'; then
+if test "$tor_cv_have_FUNCTION_macro" = "yes"; then
   AC_DEFINE(HAVE_MACRO__FUNCTION__, 1,
            [Defined if the compiler supports __FUNCTION__])
 fi
 
-if test "$tor_cv_have_environ_declared" = 'yes'; then
+if test "$tor_cv_have_environ_declared" = "yes"; then
   AC_DEFINE(HAVE_EXTERN_ENVIRON_DECLARED, 1,
            [Defined if we have extern char **environ already declared])
 fi
@@ -1433,7 +1576,7 @@ AC_SUBST(BINDIR)
 LOCALSTATEDIR=`eval echo $localstatedir`
 AC_SUBST(LOCALSTATEDIR)
 
-if test "$bwin32" = true; then
+if test "$bwin32" = "true"; then
   # Test if the linker supports the --nxcompat and --dynamicbase options
   # for Windows
   save_LDFLAGS="$LDFLAGS"
@@ -1449,13 +1592,12 @@ fi
 
 # Set CFLAGS _after_ all the above checks, since our warnings are stricter
 # than autoconf's macros like.
-if test "$GCC" = yes; then
+if test "$GCC" = "yes"; then
   # Disable GCC's strict aliasing checks.  They are an hours-to-debug
   # accident waiting to happen.
   CFLAGS="$CFLAGS -Wall -fno-strict-aliasing"
 else
-  # Autoconf sets -g -O2 by default. Override optimization level
-  # for non-gcc compilers
+  # Override optimization level for non-gcc compilers
   CFLAGS="$CFLAGS -O"
   enable_gcc_warnings=no
   enable_gcc_warnings_advisory=no
@@ -1473,7 +1615,8 @@ esac
 
 # Add some more warnings which we use in development but not in the
 # released versions.  (Some relevant gcc versions can't handle these.)
-if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xyes; then
+if test "x$enable_gcc_warnings" = "xyes" ||
+  test "x$enable_gcc_warnings_advisory" = "xyes"; then
 
   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
 #if !defined(__GNUC__) || (__GNUC__ < 4)
@@ -1502,7 +1645,7 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
                     have_shorten64_flag=no)
   CFLAGS="$save_CFLAGS"
 
-  case $host in
+  case "$host" in
     *-*-openbsd* | *-*-bitrig*)
       # Some OpenBSD versions (like 4.8) have -Wsystem-headers by default.
       # That's fine, except that the headers don't pass -Wredundant-decls.
@@ -1517,18 +1660,18 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
   CFLAGS="$CFLAGS -Wwrite-strings -Wmissing-declarations -Wredundant-decls"
   CFLAGS="$CFLAGS -Wnested-externs -Wbad-function-cast -Wswitch-enum"
 
-  if test x$enable_gcc_warnings = xyes; then
+  if test "x$enable_gcc_warnings" = "xyes"; then
     CFLAGS="$CFLAGS -Werror"
   fi
 
   # Disabled, so we can use mallinfo(): -Waggregate-return
 
-  if test x$have_gcc4 = xyes ; then
+  if test "x$have_gcc4" = "xyes"; then
     # These warnings break gcc 3.3.5 and work on gcc 4.0.2
-    CFLAGS="$CFLAGS -Winit-self -Wmissing-field-initializers -Wdeclaration-after-statement -Wold-style-definition"
+    CFLAGS="$CFLAGS -Winit-self -Wmissing-field-initializers -Wold-style-definition"
   fi
 
-  if test x$have_gcc42 = xyes ; then
+  if test "x$have_gcc42" = "xyes"; then
     # These warnings break gcc 4.0.2 and work on gcc 4.2
     # XXXX020 See if any of these work with earlier versions.
     CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wstrict-overflow=1"
@@ -1536,24 +1679,24 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
     # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3.
   fi
 
-  if test x$have_gcc42 = xyes && test x$have_clang = xno; then
+  if test "x$have_gcc42" = "xyes" && test "x$have_clang" = "xno"; then
     # These warnings break gcc 4.0.2 and clang, but work on gcc 4.2
     CFLAGS="$CFLAGS -Wnormalized=id -Woverride-init"
   fi
 
-  if test x$have_gcc43 = xyes ; then
+  if test "x$have_gcc43" = "xyes"; then
     # These warnings break gcc 4.2 and work on gcc 4.3
     # XXXX020 See if any of these work with earlier versions.
     CFLAGS="$CFLAGS -Wextra -Warray-bounds"
   fi
 
-  if test x$have_gcc46 = xyes ; then
+  if test "x$have_gcc46" = "xyes"; then
     # This warning was added in gcc 4.3, but it appears to generate
     # spurious warnings in gcc 4.4.  I don't know if it works in 4.5.
     CFLAGS="$CFLAGS -Wlogical-op"
   fi
 
-  if test x$have_shorten64_flag = xyes ; then
+  if test "x$have_shorten64_flag" = "xyes"; then
     CFLAGS="$CFLAGS -Wshorten-64-to-32"
   fi
 
@@ -1563,7 +1706,7 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
 # CFLAGS="$CFLAGS -Winline"
 fi
 
-if test "$enable_coverage" = yes && test "$have_clang" = "no"; then
+if test "$enable_coverage" = "yes" && test "$have_clang" = "no"; then
    case "$host_os" in
     darwin*)
       AC_MSG_WARN([Tried to enable coverage on OSX without using the clang compiler. This might not work! If coverage fails, use CC=clang when configuring with --enable-profiling.])
@@ -1581,15 +1724,20 @@ AC_CONFIG_FILES([
         contrib/dist/torctl
         contrib/dist/tor.service
         src/config/torrc.sample
+        src/config/torrc.minimal
+        scripts/maint/checkOptionDocs.pl
+        scripts/maint/updateVersions.pl
 ])
 
-if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then
+if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then
   regular_mans="doc/tor doc/tor-gencert doc/tor-resolve doc/torify"
   for file in $regular_mans ; do
     if ! [[ -f "$srcdir/$file.1.in" ]] || ! [[ -f "$srcdir/$file.html.in" ]] ; then
       echo "==================================";
       echo;
-      echo "You need asciidoc installed to be able to build the manpage.";
+      echo "Building Tor has failed since manpages cannot be built.";
+      echo;
+      echo "You need asciidoc installed to be able to build the manpages.";
       echo "To build without manpages, use the --disable-asciidoc argument";
       echo "when calling configure.";
       echo;
@@ -1600,7 +1748,3 @@ if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then
 fi
 
 AC_OUTPUT
-
-if test -x /usr/bin/perl && test -x ./scripts/maint/updateVersions.pl ; then
-  ./scripts/maint/updateVersions.pl
-fi
diff --git a/contrib/README b/contrib/README
index 07c6f777d5..3a94bb5016 100644
--- a/contrib/README
+++ b/contrib/README
@@ -11,6 +11,13 @@ add-tor is an old script to manipulate the approved-routers file.
 nagios-check-tor-authority-cert is a nagios script to check when Tor
 authority certificates are expired or nearly expired.
 
+clang/ -- Files for use with the clang compiler
+-----------------------------------------------
+
+sanitize_blacklist.txt is used to build Tor with clang's dynamic
+AddressSanitizer and UndefinedBehaviorSanitizer. It contains detailed
+instructions on configuration, build, and testing with clang's sanitizers.
+
 client-tools/ -- Tools for use with Tor clients
 -----------------------------------------------
 
diff --git a/contrib/clang/sanitize_blacklist.txt b/contrib/clang/sanitize_blacklist.txt
new file mode 100644
index 0000000000..03d1e70f31
--- /dev/null
+++ b/contrib/clang/sanitize_blacklist.txt
@@ -0,0 +1,92 @@
+# clang sanitizer special case list
+# syntax specified in http://clang.llvm.org/docs/SanitizerSpecialCaseList.html
+# for more info see http://clang.llvm.org/docs/AddressSanitizer.html
+
+# usage:
+# 1. configure tor build:
+#    ./configure \
+#    CC=clang \
+#    CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \
+#    LDFLAGS="-fsanitize=address" \
+#    --disable-gcc-hardening
+# and any other flags required to build tor on your OS.
+#
+# 2. build tor:
+#    make
+#
+# 3. test tor:
+#    ASAN_OPTIONS=allow_user_segv_handler=1 make test
+#    ASAN_OPTIONS=allow_user_segv_handler=1 make check
+#    make test-network # requires chutney
+#
+# 4. the tor binary is now instrumented with clang sanitizers,
+#    and can be run just like a standard tor binary
+
+# Compatibility:
+# This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer
+# and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing
+# on both x86_64 and i386 (using CC="clang -arch i386")
+# It has not been tested with ThreadSanitizer or MemorySanitizer
+# Success report and patches for other sanitizers or OSs are welcome
+
+# ccache and make don't account for the sanitizer blacklist as a dependency
+# you might need to set CCACHE_DISABLE=1 and/or use make clean to workaround
+
+# Configuration Flags:
+# -fno-sanitize-recover=all
+# causes clang to crash on undefined behavior, rather than printing
+# a warning and continuing (the AddressSanitizer always crashes)
+# -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline
+# make clang backtraces easier to read
+# --disable-gcc-hardening
+# disables warnings about the redefinition of _FORTIFY_SOURCE
+# (it conflicts with the sanitizers)
+
+# Turning the sanitizers off for particular functions:
+# (Unfortunately, exempting functions doesn't work for the blacklisted
+# functions below, and we can't turn the code off because it's essential)
+#
+# #if defined(__has_feature)
+# #if __has_feature(address_sanitizer)
+# /* tell clang AddressSanitizer not to instrument this function */
+# #define NOASAN __attribute__((no_sanitize_address))
+# #define _CLANG_ASAN_
+# #else
+# #define NOASAN
+# #endif
+# #else
+# #define NOASAN
+# #endif
+#
+# /* Telling AddressSanitizer to not instrument a function */
+# void func(void) NOASAN;
+#
+# /* Including or excluding sections of code */
+# #ifdef _CLANG_ASAN_
+# /* code that only runs under address sanitizer */
+# #else
+# /* code that doesn't run under address sanitizer */
+# #endif
+
+# Blacklist Entries:
+
+# test-memwipe.c checks if a freed buffer was properly wiped
+fun:vmemeq
+fun:check_a_buffer
+
+# we need to allow the tor bt handler to catch SIGSEGV
+# otherwise address sanitizer munges the expected output and the test fails
+# we can do this by setting an environmental variable
+# See https://code.google.com/p/address-sanitizer/wiki/Flags
+# ASAN_OPTIONS=allow_user_segv_handler=1
+
+# test_bt_cl.c stores to a NULL pointer to trigger a crash
+fun:crash
+
+# curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed
+# integers. Until #13538 is resolved, we exempt functions that do left shifts.
+# Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c
+fun:freduce_coefficients
+fun:freduce_degree
+fun:s32_eq
+fun:fcontract
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index 2fe51c75d9..9c1a255b2e 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -1,24 +1,35 @@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service.  You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow.  Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
 [Unit]
-Description = Anonymizing overlay network for TCP
-After = syslog.target network.target nss-lookup.target
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
 
 [Service]
-Type = simple
-ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
-# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
-# let's explicitly override it.
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
-ExecReload = /bin/kill -HUP ${MAINPID}
-KillSignal = SIGINT
-TimeoutSec = 30
-Restart = on-failure
-LimitNOFILE = 32768
+Type=notify
+NotifyAccess=all
+ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config
+ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutSec=30
+Restart=on-failure
+WatchdogSec=1m
+LimitNOFILE=32768
 
 # Hardening
-PrivateTmp = yes
-DeviceAllow = /dev/null rw
-DeviceAllow = /dev/urandom r
-InaccessibleDirectories = /home
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-@LOCALSTATEDIR@/lib/tor
+ReadWriteDirectories=-@LOCALSTATEDIR@/log/tor
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
 
 [Install]
-WantedBy = multi-user.target
+WantedBy=multi-user.target
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index 6dc7cbd764..b9eac37c53 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.2.5.15-dev"
+!define VERSION "0.2.8.16-dev"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"
diff --git a/doc/HACKING b/doc/HACKING
deleted file mode 100644
index c69b2a6fee..0000000000
--- a/doc/HACKING
+++ /dev/null
@@ -1,545 +0,0 @@
-Hacking Tor: An Incomplete Guide
-================================
-
-Getting started
----------------
-
-For full information on how Tor is supposed to work, look at the files in
-https://gitweb.torproject.org/torspec.git/tree
-
-For an explanation of how to change Tor's design to work differently, look at
-https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/001-process.txt
-
-For the latest version of the code, get a copy of git, and
-
-   git clone https://git.torproject.org/git/tor
-
-We talk about Tor on the tor-talk mailing list.  Design proposals and
-discussion belong on the tor-dev mailing list.  We hang around on
-irc.oftc.net, with general discussion happening on #tor and development
-happening on #tor-dev.
-
-How we use Git branches
------------------------
-
-Each main development series (like 0.2.1, 0.2.2, etc) has its main work
-applied to a single branch.  At most one series can be the development series
-at a time; all other series are maintenance series that get bug-fixes only.
-The development series is built in a git branch called "master"; the
-maintenance series are built in branches called "maint-0.2.0", "maint-0.2.1",
-and so on.  We regularly merge the active maint branches forward.
-
-For all series except the development series, we also have a "release" branch
-(as in "release-0.2.1").  The release series is based on the corresponding
-maintenance series, except that it deliberately lags the maint series for
-most of its patches, so that bugfix patches are not typically included in a
-maintenance release until they've been tested for a while in a development
-release.  Occasionally, we'll merge an urgent bugfix into the release branch
-before it gets merged into maint, but that's rare.
-
-If you're working on a bugfix for a bug that occurs in a particular version,
-base your bugfix branch on the "maint" branch for the first supported series
-that has that bug.  (As of June 2013, we're supporting 0.2.3 and later.) If
-you're working on a new feature, base it on the master branch.
-
-
-How we log changes
-------------------
-
-When you do a commit that needs a ChangeLog entry, add a new file to
-the "changes" toplevel subdirectory.  It should have the format of a
-one-entry changelog section from the current ChangeLog file, as in
-
-  o Major bugfixes:
-    - Fix a potential buffer overflow. Fixes bug 99999; bugfix on
-      0.3.1.4-beta.
-
-To write a changes file, first categorize the change.  Some common categories
-are: Minor bugfixes, Major bugfixes, Minor features, Major features, Code
-simplifications and refactoring.  Then say what the change does.  If
-it's a bugfix, mention what bug it fixes and when the bug was
-introduced.  To find out which Git tag the change was introduced in,
-you can use "git describe --contains <sha1 of commit>".
-
-If at all possible, try to create this file in the same commit where
-you are making the change.  Please give it a distinctive name that no
-other branch will use for the lifetime of your change.
-
-When we go to make a release, we will concatenate all the entries
-in changes to make a draft changelog, and clear the directory. We'll
-then edit the draft changelog into a nice readable format.
-
-What needs a changes file?::
-   A not-exhaustive list: Anything that might change user-visible
-   behavior. Anything that changes internals, documentation, or the build
-   system enough that somebody could notice.  Big or interesting code
-   rewrites.  Anything about which somebody might plausibly wonder "when
-   did that happen, and/or why did we do that" 6 months down the line.
-
-Why use changes files instead of Git commit messages?::
-   Git commit messages are written for developers, not users, and they
-   are nigh-impossible to revise after the fact.
-
-Why use changes files instead of entries in the ChangeLog?::
-   Having every single commit touch the ChangeLog file tended to create
-   zillions of merge conflicts.
-
-Useful tools
-------------
-
-These aren't strictly necessary for hacking on Tor, but they can help track
-down bugs.
-
-Jenkins
-~~~~~~~
-
-https://jenkins.torproject.org
-
-Dmalloc
-~~~~~~~
-
-The dmalloc library will keep track of memory allocation, so you can find out
-if we're leaking memory, doing any double-frees, or so on.
-
-  dmalloc -l ~/dmalloc.log
-  (run the commands it tells you)
-  ./configure --with-dmalloc
-
-Valgrind
-~~~~~~~~
-
-valgrind --leak-check=yes --error-limit=no --show-reachable=yes src/or/tor
-
-(Note that if you get a zillion openssl warnings, you will also need to
-pass --undef-value-errors=no to valgrind, or rebuild your openssl
-with -DPURIFY.)
-
-Running gcov for unit test coverage
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
------
-   ./configure --enable-coverage
-   make
-   make check
-   mkdir coverage-output
-   ./scripts/test/coverage coverage-output
------
-
-(On OSX, you'll need to start with "--enable-coverage CC=clang".)
-
-Then, look at the .gcov files in coverage-output.  '-' before a line means
-that the compiler generated no code for that line.  '######' means that the
-line was never reached.  Lines with numbers were called that number of times.
-
-If that doesn't work:
-   * Try configuring Tor with --disable-gcc-hardening
-   * You might need to run 'make clean' after you run './configure'.
-
-If you make changes to Tor and want to get another set of coverage results,
-you can run "make reset-gcov" to clear the intermediary gcov output.
-
-If you have two different "coverage-output" directories, and you want to see
-a meaningful diff between them, you can run:
-
------
-   ./scripts/test/cov-diff coverage-output1 coverage-output2 | less
------
-
-In this diff, any lines that were visited at least once will have coverage
-"1".  This lets you inspect what you (probably) really want to know: which
-untested lines were changed?  Are there any new untested lines?
-
-Running integration tests
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-We have the beginnings of a set of scripts to run integration tests using
-Chutney. To try them, set CHUTNEY_PATH to your chutney source directory, and
-run "make test-network".
-
-Profiling Tor with oprofile
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The oprofile tool runs (on Linux only!) to tell you what functions Tor is
-spending its CPU time in, so we can identify berformance pottlenecks.
-
-Here are some basic instructions
-
- - Build tor with debugging symbols (you probably already have, unless
-   you messed with CFLAGS during the build process).
- - Build all the libraries you care about with debugging symbols
-   (probably you only care about libssl, maybe zlib and Libevent).
- - Copy this tor to a new directory
- - Copy all the libraries it uses to that dir too (ldd ./tor will
-   tell you)
- - Set LD_LIBRARY_PATH to include that dir.  ldd ./tor should now
-   show you it's using the libs in that dir
- - Run that tor
- - Reset oprofiles counters/start it
-   * "opcontrol --reset; opcontrol --start", if Nick remembers right.
- - After a while, have it dump the stats on tor and all the libs
-   in that dir you created.
-   * "opcontrol --dump;"
-   * "opreport -l that_dir/*"
- - Profit
-
-
-Coding conventions
-------------------
-
-Patch checklist
-~~~~~~~~~~~~~~~
-
-If possible, send your patch as one of these (in descending order of
-preference)
-
-   - A git branch we can pull from
-   - Patches generated by git format-patch
-   - A unified diff
-
-Did you remember...
-
-   - To build your code while configured with --enable-gcc-warnings?
-   - To run "make check-spaces" on your code?
-   - To run "make check-docs" to see whether all new options are on
-     the manpage?
-   - To write unit tests, as possible?
-   - To base your code on the appropriate branch?
-   - To include a file in the "changes" directory as appropriate?
-
-Whitespace and C conformance
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Invoke "make check-spaces" from time to time, so it can tell you about
-deviations from our C whitespace style.  Generally, we use:
-
-    - Unix-style line endings
-    - K&R-style indentation
-    - No space before newlines
-    - A blank line at the end of each file
-    - Never more than one blank line in a row
-    - Always spaces, never tabs
-    - No more than 79-columns per line.
-    - Two spaces per indent.
-    - A space between control keywords and their corresponding paren
-      "if (x)", "while (x)", and "switch (x)", never "if(x)", "while(x)", or
-      "switch(x)".
-    - A space between anything and an open brace.
-    - No space between a function name and an opening paren. "puts(x)", not
-      "puts (x)".
-    - Function declarations at the start of the line.
-
-We try hard to build without warnings everywhere.  In particular, if you're
-using gcc, you should invoke the configure script with the option
-"--enable-gcc-warnings".  This will give a bunch of extra warning flags to
-the compiler, and help us find divergences from our preferred C style.
-
-Getting emacs to edit Tor source properly
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Nick likes to put the following snippet in his .emacs file:
-
------
-    (add-hook 'c-mode-hook
-          (lambda ()
-            (font-lock-mode 1)
-            (set-variable 'show-trailing-whitespace t)
-
-            (let ((fname (expand-file-name (buffer-file-name))))
-              (cond
-               ((string-match "^/home/nickm/src/libevent" fname)
-                (set-variable 'indent-tabs-mode t)
-                (set-variable 'c-basic-offset 4)
-                (set-variable 'tab-width 4))
-               ((string-match "^/home/nickm/src/tor" fname)
-                (set-variable 'indent-tabs-mode nil)
-                (set-variable 'c-basic-offset 2))
-               ((string-match "^/home/nickm/src/openssl" fname)
-                (set-variable 'indent-tabs-mode t)
-                (set-variable 'c-basic-offset 8)
-                (set-variable 'tab-width 8))
-            ))))
------
-
-You'll note that it defaults to showing all trailing whitespace.  The "cond"
-test detects whether the file is one of a few C free software projects that I
-often edit, and sets up the indentation level and tab preferences to match
-what they want.
-
-If you want to try this out, you'll need to change the filename regex
-patterns to match where you keep your Tor files.
-
-If you use emacs for editing Tor and nothing else, you could always just say:
-
------
-   (add-hook 'c-mode-hook
-          (lambda ()
-            (font-lock-mode 1)
-            (set-variable 'show-trailing-whitespace t)
-            (set-variable 'indent-tabs-mode nil)
-            (set-variable 'c-basic-offset 2)))
------
-
-There is probably a better way to do this.  No, we are probably not going
-to clutter the files with emacs stuff.
-
-
-Functions to use
-~~~~~~~~~~~~~~~~
-
-We have some wrapper functions like tor_malloc, tor_free, tor_strdup, and
-tor_gettimeofday; use them instead of their generic equivalents.  (They
-always succeed or exit.)
-
-You can get a full list of the compatibility functions that Tor provides by
-looking through src/common/util.h and src/common/compat.h.  You can see the
-available containers in src/common/containers.h.  You should probably
-familiarize yourself with these modules before you write too much code, or
-else you'll wind up reinventing the wheel.
-
-Use 'INLINE' instead of 'inline', so that we work properly on Windows.
-
-Calling and naming conventions
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Whenever possible, functions should return -1 on error and 0 on success.
-
-For multi-word identifiers, use lowercase words combined with
-underscores. (e.g., "multi_word_identifier").  Use ALL_CAPS for macros and
-constants.
-
-Typenames should end with "_t".
-
-Function names should be prefixed with a module name or object name.  (In
-general, code to manipulate an object should be a module with the same name
-as the object, so it's hard to tell which convention is used.)
-
-Functions that do things should have imperative-verb names
-(e.g. buffer_clear, buffer_resize); functions that return booleans should
-have predicate names (e.g. buffer_is_empty, buffer_needs_resizing).
-
-If you find that you have four or more possible return code values, it's
-probably time to create an enum.  If you find that you are passing three or
-more flags to a function, it's probably time to create a flags argument that
-takes a bitfield.
-
-What To Optimize
-~~~~~~~~~~~~~~~~
-
-Don't optimize anything if it's not in the critical path.  Right now, the
-critical path seems to be AES, logging, and the network itself.  Feel free to
-do your own profiling to determine otherwise.
-
-Log conventions
-~~~~~~~~~~~~~~~
-
-https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#loglevel
-
-No error or warning messages should be expected during normal OR or OP
-operation.
-
-If a library function is currently called such that failure always means ERR,
-then the library function should log WARN and let the caller log ERR.
-
-Every message of severity INFO or higher should either (A) be intelligible
-to end-users who don't know the Tor source; or (B) somehow inform the
-end-users that they aren't expected to understand the message (perhaps
-with a string like "internal error"). Option (A) is to be preferred to
-option (B).
-
-Doxygen
-~~~~~~~~
-
-We use the 'doxygen' utility to generate documentation from our
-source code. Here's how to use it:
-
-  1. Begin every file that should be documented with
-         /**
-          * \file filename.c
-          * \brief Short description of the file.
-          **/
-
-     (Doxygen will recognize any comment beginning with /** as special.)
-
-  2. Before any function, structure, #define, or variable you want to
-     document, add a comment of the form:
-
-        /** Describe the function's actions in imperative sentences.
-         *
-         * Use blank lines for paragraph breaks
-         *   - and
-         *   - hyphens
-         *   - for
-         *   - lists.
-         *
-         * Write <b>argument_names</b> in boldface.
-         *
-         * \code
-         *     place_example_code();
-         *     between_code_and_endcode_commands();
-         * \endcode
-         */
-
-  3. Make sure to escape the characters "<", ">", "\", "%" and "#" as "\<",
-     "\>", "\\", "\%", and "\#".
-
-  4. To document structure members, you can use two forms:
-
-       struct foo {
-         /** You can put the comment before an element; */
-         int a;
-         int b; /**< Or use the less-than symbol to put the comment
-                 * after the element. */
-       };
-
-  5. To generate documentation from the Tor source code, type:
-
-     $ doxygen -g
-
-     To generate a file called 'Doxyfile'.  Edit that file and run
-     'doxygen' to generate the API documentation.
-
-  6. See the Doxygen manual for more information; this summary just
-     scratches the surface.
-
-Doxygen comment conventions
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Say what functions do as a series of one or more imperative sentences, as
-though you were telling somebody how to be the function.  In other words, DO
-NOT say:
-
-     /** The strtol function parses a number.
-      *
-      * nptr -- the string to parse.  It can include whitespace.
-      * endptr -- a string pointer to hold the first thing that is not part
-      *    of the number, if present.
-      * base -- the numeric base.
-      * returns: the resulting number.
-      */
-     long strtol(const char *nptr, char **nptr, int base);
-
-Instead, please DO say:
-
-     /** Parse a number in radix <b>base</b> from the string <b>nptr</b>,
-      * and return the result.  Skip all leading whitespace.  If
-      * <b>endptr</b> is not NULL, set *<b>endptr</b> to the first character
-      * after the number parsed.
-      **/
-     long strtol(const char *nptr, char **nptr, int base);
-
-Doxygen comments are the contract in our abstraction-by-contract world: if
-the functions that call your function rely on it doing something, then your
-function should mention that it does that something in the documentation.  If
-you rely on a function doing something beyond what is in its documentation,
-then you should watch out, or it might do something else later.
-
-Putting out a new release
--------------------------
-
-Here are the steps Roger takes when putting out a new Tor release:
-
-1) Use it for a while, as a client, as a relay, as a hidden service,
-and as a directory authority. See if it has any obvious bugs, and
-resolve those.
-
-1.5) As applicable, merge the maint-X branch into the release-X branch.
-
-2) Gather the changes/* files into a changelog entry, rewriting many
-of them and reordering to focus on what users and funders would find
-interesting and understandable.
-
-   2.1) Make sure that everything that wants a bug number has one.
-        Make sure that everything which is a bugfix says what version
-        it was a bugfix on.
-   2.2) Concatenate them.
-   2.3) Sort them by section. Within each section, sort by "version it's
-        a bugfix on", else by numerical ticket order.
-
-   2.4) Clean them up:
-
-   Standard idioms:
-     "Fixes bug 9999; bugfix on 0.3.3.3-alpha."
-
-   One period after a space.
-
-   Make stuff very terse
-
-   Make sure each section name ends with a colon
-
-   Describe the user-visible problem right away
-
-   Mention relevant config options by name.  If they're rare or unusual,
-   remind people what they're for
-
-   Avoid starting lines with open-paren
-
-   Present and imperative tense: not past.
-
-   'Relays', not 'servers' or 'nodes' or 'Tor relays'.
-
-   "Stop FOOing", not "Fix a bug where we would FOO".
-
-   Try not to let any given section be longer than about a page. Break up
-   long sections into subsections by some sort of common subtopic. This
-   guideline is especially important when organizing Release Notes for
-   new stable releases.
-
-   If a given changes stanza showed up in a different release (e.g.
-   maint-0.2.1), be sure to make the stanzas identical (so people can
-   distinguish if these are the same change).
-
-   2.5) Merge them in.
-
-   2.6) Clean everything one last time.
-
-   2.7) Run it through fmt to make it pretty.
-
-3) Compose a short release blurb to highlight the user-facing
-changes. Insert said release blurb into the ChangeLog stanza. If it's
-a stable release, add it to the ReleaseNotes file too. If we're adding
-to a release-0.2.x branch, manually commit the changelogs to the later
-git branches too.
-
-4) Bump the version number in configure.ac and rebuild.
-
-5) Make dist, put the tarball up somewhere, and tell #tor about it. Wait
-a while to see if anybody has problems building it. Try to get Sebastian
-or somebody to try building it on Windows.
-
-6) Get at least two of weasel/arma/sebastian to put the new version number
-in their approved versions list.
-
-7) Sign the tarball, then sign and push the git tag:
-  gpg -ba <the_tarball>
-  git tag -u <keyid> tor-0.2.x.y-status
-  git push origin tag tor-0.2.x.y-status
-
-8) scp the tarball and its sig to the website in the dist/ directory
-(i.e. /srv/www-master.torproject.org/htdocs/dist/ on vescum). Edit
-"include/versions.wmi" and "Makefile" to note the new version. From your
-website checkout, run ./publish to build and publish the website.
-
-9) Email the packagers (cc'ing tor-assistants) that a new tarball is up.
-
-10) Add the version number to Trac.  To do this, go to Trac, log in,
-select "Admin" near the top of the screen, then select "Versions" from
-the menu on the left.  At the right, there will be an "Add version"
-box.  By convention, we enter the version in the form "Tor:
-0.2.2.23-alpha" (or whatever the version is), and we select the date as
-the date in the ChangeLog.
-
-11) Forward-port the ChangeLog.
-
-12) Wait up to a day or two (for a development release), or until most
-packages are up (for a stable release), and mail the release blurb and
-changelog to tor-talk or tor-announce.
-
-  (We might be moving to faster announcements, but don't announce until
-  the website is at least updated.)
-
-13) If it's a stable release, bump the version number in the maint-x.y.z
-    branch to "newversion-dev", and do a "merge -s ours" merge to avoid
-    taking that change into master.  Do a similar 'merge -s theirs'
-    merge to get the change (and only that change) into release.  (Some
-    of the build scripts require that maint merge cleanly into release.)
-
diff --git a/doc/HACKING/CodingStandards.md b/doc/HACKING/CodingStandards.md
new file mode 100644
index 0000000000..4aafa5ddd4
--- /dev/null
+++ b/doc/HACKING/CodingStandards.md
@@ -0,0 +1,245 @@
+Coding conventions for Tor
+==========================
+
+tl;dr:
+
+   - Run configure with `--enable-gcc-warnings`
+   - Run `make check-spaces` to catch whitespace errors
+   - Document your functions
+   - Write unit tests
+   - Add a file in `changes` for your branch.
+
+Patch checklist
+---------------
+
+If possible, send your patch as one of these (in descending order of
+preference)
+
+   - A git branch we can pull from
+   - Patches generated by git format-patch
+   - A unified diff
+
+Did you remember...
+
+   - To build your code while configured with `--enable-gcc-warnings`?
+   - To run `make check-spaces` on your code?
+   - To run `make check-docs` to see whether all new options are on
+     the manpage?
+   - To write unit tests, as possible?
+   - To base your code on the appropriate branch?
+   - To include a file in the `changes` directory as appropriate?
+
+How we use Git branches
+=======================
+
+Each main development series (like 0.2.1, 0.2.2, etc) has its main work
+applied to a single branch.  At most one series can be the development series
+at a time; all other series are maintenance series that get bug-fixes only.
+The development series is built in a git branch called "master"; the
+maintenance series are built in branches called "maint-0.2.0", "maint-0.2.1",
+and so on.  We regularly merge the active maint branches forward.
+
+For all series except the development series, we also have a "release" branch
+(as in "release-0.2.1").  The release series is based on the corresponding
+maintenance series, except that it deliberately lags the maint series for
+most of its patches, so that bugfix patches are not typically included in a
+maintenance release until they've been tested for a while in a development
+release.  Occasionally, we'll merge an urgent bugfix into the release branch
+before it gets merged into maint, but that's rare.
+
+If you're working on a bugfix for a bug that occurs in a particular version,
+base your bugfix branch on the "maint" branch for the first supported series
+that has that bug.  (As of June 2013, we're supporting 0.2.3 and later.) If
+you're working on a new feature, base it on the master branch.
+
+
+How we log changes
+==================
+
+When you do a commit that needs a ChangeLog entry, add a new file to
+the `changes` toplevel subdirectory.  It should have the format of a
+one-entry changelog section from the current ChangeLog file, as in
+
+- Major bugfixes:
+    - Fix a potential buffer overflow. Fixes bug 99999; bugfix on
+      0.3.1.4-beta.
+
+To write a changes file, first categorize the change.  Some common categories
+are: Minor bugfixes, Major bugfixes, Minor features, Major features, Code
+simplifications and refactoring.  Then say what the change does.  If
+it's a bugfix, mention what bug it fixes and when the bug was
+introduced.  To find out which Git tag the change was introduced in,
+you can use `git describe --contains <sha1 of commit>`.
+
+If at all possible, try to create this file in the same commit where you are
+making the change.  Please give it a distinctive name that no other branch will
+use for the lifetime of your change. To verify the format of the changes file,
+you can use `make check-changes`.
+
+When we go to make a release, we will concatenate all the entries
+in changes to make a draft changelog, and clear the directory. We'll
+then edit the draft changelog into a nice readable format.
+
+To make sure that stuff is in the right format, we use
+scripts/maint/lintChanges.py to check the changes files for
+(superficial) validity.  You can run this script on your own changes
+files!
+
+What needs a changes file?
+
+   * A not-exhaustive list: Anything that might change user-visible
+   behavior. Anything that changes internals, documentation, or the build
+   system enough that somebody could notice.  Big or interesting code
+   rewrites.  Anything about which somebody might plausibly wonder "when
+   did that happen, and/or why did we do that" 6 months down the line.
+
+Why use changes files instead of Git commit messages?
+
+   * Git commit messages are written for developers, not users, and they
+   are nigh-impossible to revise after the fact.
+
+Why use changes files instead of entries in the ChangeLog?
+
+   * Having every single commit touch the ChangeLog file tended to create
+   zillions of merge conflicts.
+
+Whitespace and C conformance
+----------------------------
+
+Invoke `make check-spaces` from time to time, so it can tell you about
+deviations from our C whitespace style.  Generally, we use:
+
+   - Unix-style line endings
+   - K&R-style indentation
+   - No space before newlines
+   - A blank line at the end of each file
+   - Never more than one blank line in a row
+   - Always spaces, never tabs
+   - No more than 79-columns per line.
+   - Two spaces per indent.
+   - A space between control keywords and their corresponding paren
+     `if (x)`, `while (x)`, and `switch (x)`, never `if(x)`, `while(x)`, or
+     `switch(x)`.
+   - A space between anything and an open brace.
+   - No space between a function name and an opening paren. `puts(x)`, not
+     `puts (x)`.
+   - Function declarations at the start of the line.
+
+We try hard to build without warnings everywhere.  In particular, if you're
+using gcc, you should invoke the configure script with the option
+`--enable-gcc-warnings`.  This will give a bunch of extra warning flags to
+the compiler, and help us find divergences from our preferred C style.
+
+Functions to use; functions not to use
+--------------------------------------
+
+We have some wrapper functions like `tor_malloc`, `tor_free`, `tor_strdup`, and
+`tor_gettimeofday;` use them instead of their generic equivalents.  (They
+always succeed or exit.)
+
+You can get a full list of the compatibility functions that Tor provides by
+looking through `src/common/util*.h` and `src/common/compat*.h`.  You can see the
+available containers in `src/common/containers*.h`.  You should probably
+familiarize yourself with these modules before you write too much code, or
+else you'll wind up reinventing the wheel.
+
+We don't use `strcat` or `strcpy` or `sprintf` of any of those notoriously broken
+old C functions.  Use `strlcat`, `strlcpy`, or `tor_snprintf/tor_asprintf` instead.
+
+We don't call `memcmp()` directly.  Use `fast_memeq()`, `fast_memneq()`,
+`tor_memeq()`, or `tor_memneq()` for most purposes.
+
+Functions not to write
+----------------------
+
+Try to never hand-write new code to parse or generate binary
+formats. Instead, use trunnel if at all possible.  See
+
+    https://gitweb.torproject.org/trunnel.git/tree
+
+for more information about trunnel.
+
+For information on adding new trunnel code to Tor, see src/trunnel/README
+
+
+Calling and naming conventions
+------------------------------
+
+Whenever possible, functions should return -1 on error and 0 on success.
+
+For multi-word identifiers, use lowercase words combined with
+underscores. (e.g., `multi_word_identifier`).  Use ALL_CAPS for macros and
+constants.
+
+Typenames should end with `_t`.
+
+Function names should be prefixed with a module name or object name.  (In
+general, code to manipulate an object should be a module with the same name
+as the object, so it's hard to tell which convention is used.)
+
+Functions that do things should have imperative-verb names
+(e.g. `buffer_clear`, `buffer_resize`); functions that return booleans should
+have predicate names (e.g. `buffer_is_empty`, `buffer_needs_resizing`).
+
+If you find that you have four or more possible return code values, it's
+probably time to create an enum.  If you find that you are passing three or
+more flags to a function, it's probably time to create a flags argument that
+takes a bitfield.
+
+What To Optimize
+----------------
+
+Don't optimize anything if it's not in the critical path.  Right now, the
+critical path seems to be AES, logging, and the network itself.  Feel free to
+do your own profiling to determine otherwise.
+
+Log conventions
+---------------
+
+`https://www.torproject.org/docs/faq#LogLevel`
+
+No error or warning messages should be expected during normal OR or OP
+operation.
+
+If a library function is currently called such that failure always means ERR,
+then the library function should log WARN and let the caller log ERR.
+
+Every message of severity INFO or higher should either (A) be intelligible
+to end-users who don't know the Tor source; or (B) somehow inform the
+end-users that they aren't expected to understand the message (perhaps
+with a string like "internal error"). Option (A) is to be preferred to
+option (B).
+
+
+
+Doxygen comment conventions
+---------------------------
+
+Say what functions do as a series of one or more imperative sentences, as
+though you were telling somebody how to be the function.  In other words, DO
+NOT say:
+
+     /** The strtol function parses a number.
+      *
+      * nptr -- the string to parse.  It can include whitespace.
+      * endptr -- a string pointer to hold the first thing that is not part
+      *    of the number, if present.
+      * base -- the numeric base.
+      * returns: the resulting number.
+      */
+     long strtol(const char *nptr, char **nptr, int base);
+
+Instead, please DO say:
+
+     /** Parse a number in radix <b>base</b> from the string <b>nptr</b>,
+      * and return the result.  Skip all leading whitespace.  If
+      * <b>endptr</b> is not NULL, set *<b>endptr</b> to the first character
+      * after the number parsed.
+      **/
+     long strtol(const char *nptr, char **nptr, int base);
+
+Doxygen comments are the contract in our abstraction-by-contract world: if
+the functions that call your function rely on it doing something, then your
+function should mention that it does that something in the documentation.  If
+you rely on a function doing something beyond what is in its documentation,
+then you should watch out, or it might do something else later.
diff --git a/doc/HACKING/GettingStarted.md b/doc/HACKING/GettingStarted.md
new file mode 100644
index 0000000000..0295adc1ff
--- /dev/null
+++ b/doc/HACKING/GettingStarted.md
@@ -0,0 +1,187 @@
+
+Getting started in Tor development
+==================================
+
+Congratulations!  You've found this file, and you're reading it!  This
+means that you might be interested in getting started in developing Tor.
+
+(This guide is just about Tor itself--the small network program at the
+heart of the Tor network--and not about all the other programs in the
+whole Tor ecosystem.)
+
+
+If you are looking for a more bare-bones, less user-friendly information
+dump of important information, you might like reading doc/HACKING
+instead.  You should probably read it before you write your first patch.
+
+
+Required background
+-------------------
+
+First, I'm going to assume that you can build Tor from source, and that
+you know enough of the C language to read and write it.  (See the README
+file that comes with the Tor source for more information on building it,
+and any high-quality guide to C for information on programming.)
+
+I'm also going to assume that you know a little bit about how to use
+Git, or that you're able to follow one of the several excellent guides
+at http://git-scm.org to learn.
+
+Most Tor developers develop using some Unix-based system, such as Linux,
+BSD, or OSX.  It's okay to develop on Windows if you want, but you're
+going to have a more difficult time.
+
+
+Getting your first patch into Tor
+---------------------------------
+
+Once you've reached this point, here's what you need to know.
+
+  1. Get the source.
+
+     We keep our source under version control in Git.  To get the latest
+     version, run
+
+         git clone https://git.torproject.org/git/tor
+
+     This will give you a checkout of the master branch.  If you're
+     going to fix a bug that appears in a stable version, check out the
+     appropriate "maint" branch, as in:
+
+         git checkout maint-0.2.7
+
+  2. Find your way around the source
+
+     Our overall code structure is explained in the "torguts" documents,
+     currently at
+
+        git clone https://git.torproject.org/user/nickm/torguts.git
+
+     Find a part of the code that looks interesting to you, and start
+     looking around it to see how it fits together!
+
+     We do some unusual things in our codebase.  Our testing-related
+     practices and kludges are explained in doc/WritingTests.txt.
+
+     If you see something that doesn't make sense, we love to get
+     questions!
+
+  3. Find something cool to hack on.
+
+     You may already have a good idea of what you'd like to work on, or
+     you might be looking for a way to contribute.
+
+     Many people have gotten started by looking for an area where they
+     personally felt Tor was underperforming, and investigating ways to
+     fix it. If you're looking for ideas, you can head to our bug
+     tracker at trac.torproject.org and look for tickets that have
+     received the "easy" tag: these are ones that developers think would
+     be pretty simple for a new person to work on.  For a bigger
+     challenge, you might want to look for tickets with the "lorax"
+     keyword: these are tickets that the developers think might be a
+     good idea to build, but which we have no time to work on any time
+     soon.
+
+     Or you might find another open ticket that piques your
+     interest. It's all fine!
+
+     For your first patch, it is probably NOT a good idea to make
+     something huge or invasive.  In particular, you should probably
+     avoid:
+
+       * Major changes spread across many parts of the codebase.
+       * Major changes to programming practice or coding style.
+       * Huge new features or protocol changes.
+
+  4. Meet the developers!
+
+     We discuss stuff on the tor-dev mailing list and on the #tor-dev
+     IRC channel on OFTC.  We're generally friendly and approachable,
+     and we like to talk about how Tor fits together.  If we have ideas
+     about how something should be implemented, we'll be happy to share
+     them.
+
+     We currently have a patch workshop at least once a week, where
+     people share patches they've made and discuss how to make them
+     better.  The time might change in the future, but generally,
+     there's no bad time to talk, and ask us about patch ideas.
+
+  5. Do you need to write a design proposal?
+
+     If your idea is very large, or it will require a change to Tor's
+     protocols, there needs to be a written design proposal before it
+     can be merged. (We use this process to manage changes in the
+     protocols.)  To write one, see the instructions at
+     https://gitweb.torproject.org/torspec.git/tree/proposals/001-process.txt
+     .  If you'd like help writing a proposal, just ask!  We're happy to
+     help out with good ideas.
+
+     You might also like to look around the rest of that directory, to
+     see more about open and past proposed changes to Tor's behavior.
+
+  6. Writing your patch
+
+     As you write your code, you'll probably want it to fit in with the
+     standards of the rest of the Tor codebase so it will be easy for us
+     to review and merge.  You can learn our coding standards in
+     doc/HACKING.
+
+     If your patch is large and/or is divided into multiple logical
+     components, remember to divide it into a series of Git commits.  A
+     series of small changes is much easier to review than one big lump.
+
+  7. Testing your patch
+
+     We prefer that all new or modified code have unit tests for it to
+     ensure that it runs correctly.  Also, all code should actually be
+     _run_ by somebody, to make sure it works.
+
+     See doc/WritingTests.txt for more information on how we test things
+     in Tor.  If you'd like any help writing tests, just ask!  We're
+     glad to help out.
+
+  8. Submitting your patch
+
+     We review patches through tickets on our bugtracker at
+     trac.torproject.org.  You can either upload your patches there, or
+     put them at a public git repository somewhere we can fetch them
+     (like github or bitbucket) and then paste a link on the appropriate
+     trac ticket.
+
+     Once your patches are available, write a short explanation of what
+     you've done on trac, and then change the status of the ticket to
+     needs_review.
+
+  9. Review, Revision, and Merge
+
+     With any luck, somebody will review your patch soon!  If not, you
+     can ask on the IRC channel; sometimes we get really busy and take
+     longer than we should.  But don't let us slow you down: you're the
+     one who's offering help here, and we should respect your time and
+     contributions.
+
+     When your patch is reviewed, one of these things will happen:
+
+       * The reviewer will say "looks good to me" and your
+         patch will get merged right into Tor.  [Assuming we're not
+         in the middle of a code-freeze window.  If the codebase is
+         frozen, your patch will go into the next release series.]
+
+       * OR the reviewer will say "looks good, just needs some small
+         changes!"  And then the reviewer will make those changes,
+         and merge the modified patch into Tor.
+
+       * OR the reviewer will say "Here are some questions and
+         comments," followed by a bunch of stuff that the reviewer
+         thinks should change in your code, or questions that the
+         reviewer has.
+
+         At this point, you might want to make the requested changes
+         yourself, and comment on the trac ticket once you have done
+         so. Or if you disagree with any of the comments, you should
+         say so!  And if you won't have time to make some of the
+         changes, you should say that too, so that other developers
+         will be able to pick up the unfinished portion.
+
+    Congratulations!  You have now written your first patch, and gotten
+    it integrated into mainline Tor.
diff --git a/doc/HACKING/HelpfulTools.md b/doc/HACKING/HelpfulTools.md
new file mode 100644
index 0000000000..a7f36e6c7e
--- /dev/null
+++ b/doc/HACKING/HelpfulTools.md
@@ -0,0 +1,293 @@
+Useful tools
+============
+
+These aren't strictly necessary for hacking on Tor, but they can help track
+down bugs.
+
+Jenkins
+-------
+
+    https://jenkins.torproject.org
+
+Dmalloc
+-------
+
+The dmalloc library will keep track of memory allocation, so you can find out
+if we're leaking memory, doing any double-frees, or so on.
+
+    dmalloc -l -/dmalloc.log
+    (run the commands it tells you)
+    ./configure --with-dmalloc
+
+Valgrind
+--------
+
+    valgrind --leak-check=yes --error-limit=no --show-reachable=yes src/or/tor
+
+(Note that if you get a zillion openssl warnings, you will also need to
+pass `--undef-value-errors=no` to valgrind, or rebuild your openssl
+with `-DPURIFY`.)
+
+Coverity
+--------
+
+Nick regularly runs the coverity static analyzer on the Tor codebase.
+
+The preprocessor define `__COVERITY__` is used to work around instances
+where coverity picks up behavior that we wish to permit.
+
+clang Static Analyzer
+---------------------
+
+The clang static analyzer can be run on the Tor codebase using Xcode (WIP)
+or a command-line build.
+
+The preprocessor define `__clang_analyzer__` is used to work around instances
+where clang picks up behavior that we wish to permit.
+
+clang Runtime Sanitizers
+------------------------
+
+To build the Tor codebase with the clang Address and Undefined Behavior
+sanitizers, see the file `contrib/clang/sanitize_blacklist.txt`.
+
+Preprocessor workarounds for instances where clang picks up behavior that
+we wish to permit are also documented in the blacklist file.
+
+Running lcov for unit test coverage
+-----------------------------------
+
+Lcov is a utility that generates pretty HTML reports of test code coverage.
+To generate such a report:
+
+    ./configure --enable-coverage
+    make
+    make coverage-html
+    $BROWSER ./coverage_html/index.html
+
+This will run the tor unit test suite `./src/test/test` and generate the HTML
+coverage code report under the directory `./coverage_html/`. To change the
+output directory, use `make coverage-html HTML_COVER_DIR=./funky_new_cov_dir`.
+
+Coverage diffs using lcov are not currently implemented, but are being
+investigated (as of July 2014).
+
+Running the unit tests
+----------------------
+
+To quickly run all the tests distributed with Tor:
+
+    make check
+
+To run the fast unit tests only:
+
+    make test
+
+To selectively run just some tests (the following can be combined
+arbitrarily):
+
+    ./src/test/test <name_of_test> [<name of test 2>] ...
+    ./src/test/test <prefix_of_name_of_test>.. [<prefix_of_name_of_test2>..] ...
+    ./src/test/test :<name_of_excluded_test> [:<name_of_excluded_test2]...
+
+To run all tests, including those based on Stem or Chutney:
+
+    make test-full
+
+To run all tests, including those based on Stem or Chutney that require a
+working connection to the internet:
+
+    make test-full-online
+
+Running gcov for unit test coverage
+-----------------------------------
+
+    ./configure --enable-coverage
+    make
+    make check
+    # or--- make test-full ? make test-full-online?
+    mkdir coverage-output
+    ./scripts/test/coverage coverage-output
+
+(On OSX, you'll need to start with `--enable-coverage CC=clang`.)
+
+Then, look at the .gcov files in `coverage-output`.  '-' before a line means
+that the compiler generated no code for that line.  '######' means that the
+line was never reached.  Lines with numbers were called that number of times.
+
+If that doesn't work:
+
+   * Try configuring Tor with `--disable-gcc-hardening`
+   * You might need to run `make clean` after you run `./configure`.
+
+If you make changes to Tor and want to get another set of coverage results,
+you can run `make reset-gcov` to clear the intermediary gcov output.
+
+If you have two different `coverage-output` directories, and you want to see
+a meaningful diff between them, you can run:
+
+    ./scripts/test/cov-diff coverage-output1 coverage-output2 | less
+
+In this diff, any lines that were visited at least once will have coverage
+"1".  This lets you inspect what you (probably) really want to know: which
+untested lines were changed?  Are there any new untested lines?
+
+Running integration tests
+-------------------------
+
+We have the beginnings of a set of scripts to run integration tests using
+Chutney. To try them, set CHUTNEY_PATH to your chutney source directory, and
+run `make test-network`.
+
+We also have scripts to run integration tests using Stem.  To try them, set
+`STEM_SOURCE_DIR` to your Stem source directory, and run `test-stem`.
+
+Profiling Tor with oprofile
+---------------------------
+
+The oprofile tool runs (on Linux only!) to tell you what functions Tor is
+spending its CPU time in, so we can identify performance bottlenecks.
+
+Here are some basic instructions
+
+ - Build tor with debugging symbols (you probably already have, unless
+   you messed with CFLAGS during the build process).
+ - Build all the libraries you care about with debugging symbols
+   (probably you only care about libssl, maybe zlib and Libevent).
+ - Copy this tor to a new directory
+ - Copy all the libraries it uses to that dir too (`ldd ./tor` will
+   tell you)
+ - Set LD_LIBRARY_PATH to include that dir.  `ldd ./tor` should now
+   show you it's using the libs in that dir
+ - Run that tor
+ - Reset oprofiles counters/start it
+   * `opcontrol --reset; opcontrol --start`, if Nick remembers right.
+ - After a while, have it dump the stats on tor and all the libs
+   in that dir you created.
+   * `opcontrol --dump;`
+   * `opreport -l that_dir/*`
+ - Profit
+
+Generating and analyzing a callgraph
+------------------------------------
+
+1. Run `./scripts/maint/generate_callgraph.sh`.  This will generate a
+   bunch of files in a new ./callgraph directory.
+
+2. Run `./scripts/maint/analyze_callgraph.py callgraph/src/*/*`.  This
+   will do a lot of graph operations and then dump out a new
+   `callgraph.pkl` file, containing data in Python's 'pickle' format.
+
+3. Run `./scripts/maint/display_callgraph.py`.  It will display:
+    - the number of functions reachable from each function.
+    - all strongly-connnected components in the Tor callgraph
+    - the largest bottlenecks in the largest SCC in the Tor callgraph.
+
+Note that currently the callgraph generator can't detect calls that pass
+through function pointers.
+
+Getting emacs to edit Tor source properly
+-----------------------------------------
+
+Nick likes to put the following snippet in his .emacs file:
+
+
+    (add-hook 'c-mode-hook
+          (lambda ()
+            (font-lock-mode 1)
+            (set-variable 'show-trailing-whitespace t)
+
+            (let ((fname (expand-file-name (buffer-file-name))))
+              (cond
+               ((string-match "^/home/nickm/src/libevent" fname)
+                (set-variable 'indent-tabs-mode t)
+                (set-variable 'c-basic-offset 4)
+                (set-variable 'tab-width 4))
+               ((string-match "^/home/nickm/src/tor" fname)
+                (set-variable 'indent-tabs-mode nil)
+                (set-variable 'c-basic-offset 2))
+               ((string-match "^/home/nickm/src/openssl" fname)
+                (set-variable 'indent-tabs-mode t)
+                (set-variable 'c-basic-offset 8)
+                (set-variable 'tab-width 8))
+            ))))
+
+
+You'll note that it defaults to showing all trailing whitespace.  The `cond`
+test detects whether the file is one of a few C free software projects that I
+often edit, and sets up the indentation level and tab preferences to match
+what they want.
+
+If you want to try this out, you'll need to change the filename regex
+patterns to match where you keep your Tor files.
+
+If you use emacs for editing Tor and nothing else, you could always just say:
+
+
+    (add-hook 'c-mode-hook
+        (lambda ()
+            (font-lock-mode 1)
+            (set-variable 'show-trailing-whitespace t)
+            (set-variable 'indent-tabs-mode nil)
+            (set-variable 'c-basic-offset 2)))
+
+
+There is probably a better way to do this.  No, we are probably not going
+to clutter the files with emacs stuff.
+
+
+Doxygen
+-------
+
+We use the 'doxygen' utility to generate documentation from our
+source code. Here's how to use it:
+
+  1. Begin every file that should be documented with
+
+         /**
+          * \file filename.c
+          * \brief Short description of the file.
+          */
+
+     (Doxygen will recognize any comment beginning with /** as special.)
+
+  2. Before any function, structure, #define, or variable you want to
+     document, add a comment of the form:
+
+        /** Describe the function's actions in imperative sentences.
+         *
+         * Use blank lines for paragraph breaks
+         *   - and
+         *   - hyphens
+         *   - for
+         *   - lists.
+         *
+         * Write <b>argument_names</b> in boldface.
+         *
+         * \code
+         *     place_example_code();
+         *     between_code_and_endcode_commands();
+         * \endcode
+         */
+
+  3. Make sure to escape the characters `<`, `>`, `\`, `%` and `#` as `\<`,
+     `\>`, `\\`, `\%` and `\#`.
+
+  4. To document structure members, you can use two forms:
+
+        struct foo {
+          /** You can put the comment before an element; */
+          int a;
+          int b; /**< Or use the less-than symbol to put the comment
+                 * after the element. */
+        };
+
+  5. To generate documentation from the Tor source code, type:
+
+        $ doxygen -g
+
+     to generate a file called `Doxyfile`.  Edit that file and run
+     `doxygen` to generate the API documentation.
+
+  6. See the Doxygen manual for more information; this summary just
+     scratches the surface.
diff --git a/doc/HACKING/HowToReview.md b/doc/HACKING/HowToReview.md
new file mode 100644
index 0000000000..de7891c923
--- /dev/null
+++ b/doc/HACKING/HowToReview.md
@@ -0,0 +1,85 @@
+How to review a patch
+=====================
+
+Some folks have said that they'd like to review patches more often, but they
+don't know how.
+
+So, here are a bunch of things to check for when reviewing a patch!
+
+Note that if you can't do every one of these, that doesn't mean you can't do
+a good review!  Just make it clear what you checked for and what you didn't.
+
+
+Top-level smell-checks
+----------------------
+
+(Difficulty: easy)
+
+- Does it compile with `--enable-gcc-warnings`?
+
+- Does `make check-spaces` pass?
+
+- Does it have a reasonable amount of tests?  Do they pass?  Do they leak
+  memory?
+
+- Do all the new functions, global variables, types, and structure members have
+ documentation?
+
+- Do all the functions, global variables, types, and structure members with
+  modified behavior have modified documentation?
+
+- Do all the new torrc options have documentation?
+
+- If this changes Tor's behavior on the wire, is there a design proposal?
+
+
+
+Let's look at the code!
+-----------------------
+
+- Does the code conform to CodingStandards.txt?
+
+- Does the code leak memory?
+
+- If two or more pointers ever point to the same object, is it clear which
+  pointer "owns" the object?
+
+- Are all allocated resources freed?
+
+- Are all pointers that should be const, const?
+
+- Are `#defines` used for 'magic' numbers?
+
+- Can you understand what the code is trying to do?
+
+- Can you convince yourself that the code really does that?
+
+- Is there duplicated code that could be turned into a function?
+
+
+Let's look at the documentation!
+--------------------------------
+
+- Does the documentation confirm to CodingStandards.txt?
+
+- Does it make sense?
+
+- Can you predict what the function will do from its documentation?
+
+
+Let's think about security!
+---------------------------
+
+- If there are any arrays, buffers, are you 100% sure that they cannot
+  overflow?
+
+- If there is any integer math, can it overflow or underflow?
+
+- If there are any allocations, are you sure there are corresponding
+  deallocations?
+
+- Is there a safer pattern that could be used in any case?
+
+- Have they used one of the Forbidden Functions?
+
+(Also see your favorite secure C programming guides.)
diff --git a/doc/HACKING/README.1st.md b/doc/HACKING/README.1st.md
new file mode 100644
index 0000000000..8299fe634a
--- /dev/null
+++ b/doc/HACKING/README.1st.md
@@ -0,0 +1,62 @@
+
+In this directory
+-----------------
+
+This directory has helpful information about what you need to know to
+hack on Tor!
+
+First, read `GettingStarted.md` to learn how to get a start in Tor
+development.
+
+If you've decided to write a patch, `CodingStandards.txt` will give
+you a bunch of information about how we structure our code.
+
+It's important to get code right!  Reading `WritingTests.md` will
+tell you how to write and run tests in the Tor codebase.
+
+There are a bunch of other programs we use to help maintain and
+develop the codebase: `HelpfulTools.md` can tell you how to use them
+with Tor.
+
+If it's your job to put out Tor releases, see `ReleasingTor.md` so
+that you don't miss any steps!
+
+
+-----------------------
+
+For full information on how Tor is supposed to work, look at the files in
+`https://gitweb.torproject.org/torspec.git/tree`.
+
+For an explanation of how to change Tor's design to work differently, look at
+`https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/001-process.txt`.
+
+For the latest version of the code, get a copy of git, and
+
+    git clone https://git.torproject.org/git/tor
+
+We talk about Tor on the `tor-talk` mailing list.  Design proposals and
+discussion belong on the `tor-dev` mailing list.  We hang around on
+irc.oftc.net, with general discussion happening on #tor and development
+happening on `#tor-dev`.
+
+The other files in this `HACKING` directory may also be useful as you
+get started working with Tor.
+
+Happy hacking!
+
+
+-----------------------
+
+XXXXX also describe
+
+doc/HACKING/WritingTests.md
+
+torguts.git
+
+torspec.git
+
+The design paper
+
+freehaven.net/anonbib
+
+XXXX describe these and add links.
diff --git a/doc/HACKING/ReleasingTor.md b/doc/HACKING/ReleasingTor.md
new file mode 100644
index 0000000000..2378aef568
--- /dev/null
+++ b/doc/HACKING/ReleasingTor.md
@@ -0,0 +1,143 @@
+
+Putting out a new release
+-------------------------
+
+Here are the steps Roger takes when putting out a new Tor release:
+
+1. Use it for a while, as a client, as a relay, as a hidden service,
+   and as a directory authority. See if it has any obvious bugs, and
+   resolve those.
+
+   As applicable, merge the `maint-X` branch into the `release-X` branch.
+
+2. Gather the `changes/*` files into a changelog entry, rewriting many
+   of them and reordering to focus on what users and funders would find
+   interesting and understandable.
+
+   1. Make sure that everything that wants a bug number has one.
+      Make sure that everything which is a bugfix says what version
+      it was a bugfix on.
+
+   2. Concatenate them.
+
+   3. Sort them by section. Within each section, sort by "version it's
+      a bugfix on", else by numerical ticket order.
+
+   4. Clean them up:
+
+      Standard idioms:
+      `Fixes bug 9999; bugfix on 0.3.3.3-alpha.`
+
+      One space after a period.
+
+      Make stuff very terse
+
+      Make sure each section name ends with a colon
+
+      Describe the user-visible problem right away
+
+      Mention relevant config options by name.  If they're rare or unusual,
+      remind people what they're for
+
+      Avoid starting lines with open-paren
+
+      Present and imperative tense: not past.
+
+      'Relays', not 'servers' or 'nodes' or 'Tor relays'.
+
+      "Stop FOOing", not "Fix a bug where we would FOO".
+
+      Try not to let any given section be longer than about a page. Break up
+      long sections into subsections by some sort of common subtopic. This
+      guideline is especially important when organizing Release Notes for
+      new stable releases.
+
+      If a given changes stanza showed up in a different release (e.g.
+      maint-0.2.1), be sure to make the stanzas identical (so people can
+      distinguish if these are the same change).
+
+   5. Merge them in.
+
+   6. Clean everything one last time.
+
+   7. Run `./scripts/maint/format_changelog.py` to make it prettier.
+
+3. Compose a short release blurb to highlight the user-facing
+   changes. Insert said release blurb into the ChangeLog stanza. If it's
+   a stable release, add it to the ReleaseNotes file too. If we're adding
+   to a release-0.2.x branch, manually commit the changelogs to the later
+   git branches too.
+
+   If you're doing the first stable release in a series, you need to
+   create a ReleaseNotes for the series as a whole.  To get started
+   there, copy all of the Changelog entries from the series into a new
+   file, and run `./scripts/maint/sortChanges.py` on it.  That will
+   group them by category.  Then kill every bugfix entry for fixing
+   bugs that were introduced within that release series; those aren't
+   relevant changes since the last series.  At that point, it's time
+   to start sorting and condensing entries.  (Generally, we don't edit the
+   text of existing entries, though.)
+
+4. In `maint-0.2.x`, bump the version number in `configure.ac` and run
+   `scripts/maint/updateVersions.pl` to update version numbers in other
+   places, and commit.  Then merge `maint-0.2.x` into `release-0.2.x`.
+
+   (NOTE: To bump the version number, edit `configure.ac`, and then run
+   either `make`, or `perl scripts/maint/updateVersions.pl`, depending on
+   your version.)
+
+5. Make distcheck, put the tarball up somewhere, and tell `#tor` about
+   it. Wait a while to see if anybody has problems building it. Try to
+   get Sebastian or somebody to try building it on Windows.
+
+6. Get at least two of weasel/arma/Sebastian to put the new version number
+   in their approved versions list.
+
+7. Sign the tarball, then sign and push the git tag:
+
+        gpg -ba <the_tarball>
+        git tag -u <keyid> tor-0.2.x.y-status
+        git push origin tag tor-0.2.x.y-status
+
+8. scp the tarball and its sig to the dist website, i.e.
+   `/srv/dist-master.torproject.org/htdocs/` on dist-master. When you want
+   it to go live, you run "static-update-component dist.torproject.org"
+   on dist-master.
+
+   Edit `include/versions.wmi` and `Makefile` to note the new version.
+
+   (NOTE: Due to #17805, there can only be one stable version listed at
+   once.  Nonetheless, do not call your version "alpha" if it is stable,
+   or people will get confused.)
+
+9. Email the packagers (cc'ing tor-assistants) that a new tarball is up.
+   The current list of packagers is:
+
+       - {weasel,gk,mikeperry} at torproject dot org
+       - {blueness} at gentoo dot org
+       - {paul} at invizbox dot io
+       - {ondrej.mikle} at gmail dot com
+       - {lfleischer} at archlinux dot org
+       - {tails-dev} at boum dot org
+
+10. Add the version number to Trac.  To do this, go to Trac, log in,
+    select "Admin" near the top of the screen, then select "Versions" from
+    the menu on the left.  At the right, there will be an "Add version"
+    box.  By convention, we enter the version in the form "Tor:
+    0.2.2.23-alpha" (or whatever the version is), and we select the date as
+    the date in the ChangeLog.
+
+11. Forward-port the ChangeLog (and ReleaseNotes if appropriate).
+
+12. Wait up to a day or two (for a development release), or until most
+    packages are up (for a stable release), and mail the release blurb and
+    changelog to tor-talk or tor-announce.
+
+   (We might be moving to faster announcements, but don't announce until
+   the website is at least updated.)
+
+13. If it's a stable release, bump the version number in the `maint-x.y.z`
+    branch to "newversion-dev", and do a `merge -s ours` merge to avoid
+    taking that change into master.  Do a similar `merge -s theirs`
+    merge to get the change (and only that change) into release.  (Some
+    of the build scripts require that maint merge cleanly into release.)
diff --git a/doc/HACKING/WritingTests.md b/doc/HACKING/WritingTests.md
new file mode 100644
index 0000000000..4e98d3d645
--- /dev/null
+++ b/doc/HACKING/WritingTests.md
@@ -0,0 +1,445 @@
+
+Writing tests for Tor: an incomplete guide
+==========================================
+
+Tor uses a variety of testing frameworks and methodologies to try to
+keep from introducing bugs.  The major ones are:
+
+   1. Unit tests written in C and shipped with the Tor distribution.
+
+   2. Integration tests written in Python and shipped with the Tor
+      distribution.
+
+   3. Integration tests written in Python and shipped with the Stem
+      library.  Some of these use the Tor controller protocol.
+
+   4. System tests written in Python and SH, and shipped with the
+      Chutney package.  These work by running many instances of Tor
+      locally, and sending traffic through them.
+
+   5. The Shadow network simulator.
+
+How to run these tests
+----------------------
+
+### The easy version
+
+To run all the tests that come bundled with Tor, run `make check`.
+
+To run the Stem tests as well, fetch stem from the git repository,
+set `STEM_SOURCE_DIR` to the checkout, and run `make test-stem`.
+
+To run the Chutney tests as well, fetch chutney from the git repository,
+set `CHUTNEY_PATH` to the checkout, and run `make test-network`.
+
+To run all of the above, run `make test-full`.
+
+To run all of the above, plus tests that require a working connection to the
+internet, run `make test-full-online`.
+
+### Running particular subtests
+
+The Tor unit tests are divided into separate programs and a couple of
+bundled unit test programs.
+
+Separate programs are easy.  For example, to run the memwipe tests in
+isolation, you just run `./src/test/test-memwipe`.
+
+To run tests within the unit test programs, you can specify the name
+of the test.  The string ".." can be used as a wildcard at the end of the
+test name.  For example, to run all the cell format tests, enter
+`./src/test/test cellfmt/..`.  To run
+
+Many tests that need to mess with global state run in forked subprocesses in
+order to keep from contaminating one another.  But when debugging a failing test,
+you might want to run it without forking a subprocess.  To do so, use the
+`--no-fork` option with a single test.  (If you specify it along with
+multiple tests, they might interfere.)
+
+You can turn on logging in the unit tests by passing one of `--debug`,
+`--info`, `--notice`, or `--warn`.  By default only errors are displayed.
+
+Unit tests are divided into `./src/test/test` and `./src/test/test-slow`.
+The former are those that should finish in a few seconds; the latter tend to
+take more time, and may include CPU-intensive operations, deliberate delays,
+and stuff like that.
+
+### Finding test coverage
+
+Test coverage is a measurement of which lines your tests actually visit.
+
+When you configure Tor with the `--enable-coverage` option, it should
+build with support for coverage in the unit tests, and in a special
+`tor-cov` binary.
+
+Then, run the tests you'd like to see coverage from.  If you have old
+coverage output, you may need to run `reset-gcov` first.
+
+Now you've got a bunch of files scattered around your build directories
+called `*.gcda`.  In order to extract the coverage output from them, make a
+temporary directory for them and run `./scripts/test/coverage ${TMPDIR}`,
+where `${TMPDIR}` is the temporary directory you made.  This will create a
+`.gcov` file for each source file under tests, containing that file's source
+annotated with the number of times the tests hit each line.  (You'll need to
+have gcov installed.)
+
+You can get a summary of the test coverage for each file by running
+`./scripts/test/cov-display ${TMPDIR}/*` .  Each line lists the file's name,
+the number of uncovered lines, the number of uncovered lines, and the
+coverage percentage.
+
+For a summary of the test coverage for each _function_, run
+`./scripts/test/cov-display -f ${TMPDIR}/*`.
+
+### Comparing test coverage
+
+Sometimes it's useful to compare test coverage for a branch you're writing to
+coverage from another branch (such as git master, for example).  But you
+can't run `diff` on the two coverage outputs directly, since the actual
+number of times each line is executed aren't so important, and aren't wholly
+deterministic.
+
+Instead, follow the instructions above for each branch, creating a separate
+temporary directory for each.  Then, run `./scripts/test/cov-diff ${D1}
+${D2}`, where D1 and D2 are the directories you want to compare.  This will
+produce a diff of the two directories, with all lines normalized to be either
+covered or uncovered.
+
+To count new or modified uncovered lines in D2, you can run:
+
+    ./scripts/test/cov-diff ${D1} ${D2}" | grep '^+ *\#' | wc -l
+
+
+What kinds of test should I write?
+----------------------------------
+
+Integration testing and unit testing are complementary: it's probably a
+good idea to make sure that your code is hit by both if you can.
+
+If your code is very-low level, and its behavior is easily described in
+terms of a relation between inputs and outputs, or a set of state
+transitions, then it's a natural fit for unit tests.  (If not, please
+consider refactoring it until most of it _is_ a good fit for unit
+tests!)
+
+If your code adds new externally visible functionality to Tor, it would
+be great to have a test for that functionality.  That's where
+integration tests more usually come in.
+
+Unit and regression tests: Does this function do what it's supposed to?
+-----------------------------------------------------------------------
+
+Most of Tor's unit tests are made using the "tinytest" testing framework.
+You can see a guide to using it in the tinytest manual at
+
+    https://github.com/nmathewson/tinytest/blob/master/tinytest-manual.md
+
+To add a new test of this kind, either edit an existing C file in `src/test/`,
+or create a new C file there.  Each test is a single function that must
+be indexed in the table at the end of the file.  We use the label "done:" as
+a cleanup point for all test functions.
+
+(Make sure you read `tinytest-manual.md` before proceeding.)
+
+I use the term "unit test" and "regression tests" very sloppily here.
+
+### A simple example
+
+Here's an example of a test function for a simple function in util.c:
+
+    static void
+    test_util_writepid(void *arg)
+    {
+      (void) arg;
+
+      char *contents = NULL;
+      const char *fname = get_fname("tmp_pid");
+      unsigned long pid;
+      char c;
+
+      write_pidfile(fname);
+
+      contents = read_file_to_str(fname, 0, NULL);
+      tt_assert(contents);
+
+      int n = sscanf(contents, "%lu\n%c", &pid, &c);
+      tt_int_op(n, OP_EQ, 1);
+      tt_int_op(pid, OP_EQ, getpid());
+
+    done:
+      tor_free(contents);
+    }
+
+This should look pretty familiar to you if you've read the tinytest
+manual.  One thing to note here is that we use the testing-specific
+function `get_fname` to generate a file with respect to a temporary
+directory that the tests use.  You don't need to delete the file;
+it will get removed when the tests are done.
+
+Also note our use of `OP_EQ` instead of `==` in the `tt_int_op()` calls.
+We define `OP_*` macros to use instead of the binary comparison
+operators so that analysis tools can more easily parse our code.
+(Coccinelle really hates to see `==` used as a macro argument.)
+
+Finally, remember that by convention, all `*_free()` functions that
+Tor defines are defined to accept NULL harmlessly.  Thus, you don't
+need to say `if (contents)` in the cleanup block.
+
+### Exposing static functions for testing
+
+Sometimes you need to test a function, but you don't want to expose
+it outside its usual module.
+
+To support this, Tor's build system compiles a testing version of
+each module, with extra identifiers exposed.  If you want to
+declare a function as static but available for testing, use the
+macro `STATIC` instead of `static`.  Then, make sure there's a
+macro-protected declaration of the function in the module's header.
+
+For example, `crypto_curve25519.h` contains:
+
+    #ifdef CRYPTO_CURVE25519_PRIVATE
+    STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
+                           const uint8_t *basepoint);
+    #endif
+
+The `crypto_curve25519.c` file and the `test_crypto.c` file both define
+`CRYPTO_CURVE25519_PRIVATE`, so they can see this declaration.
+
+### STOP!  Does this test really test?
+
+When writing tests, it's not enough to just generate coverage on all the
+lines of the code that you're testing:  It's important to make sure that
+the test _really tests_ the code.
+
+For example, here is a _bad_ test for the unlink() function (which is
+supposed to remove a file).
+
+    static void
+    test_unlink_badly(void *arg)
+    {
+      (void) arg;
+      int r;
+
+      const char *fname = get_fname("tmpfile");
+
+      /* If the file isn't there, unlink returns -1 and sets ENOENT */
+      r = unlink(fname);
+      tt_int_op(n, OP_EQ, -1);
+      tt_int_op(errno, OP_EQ, ENOENT);
+
+      /* If the file DOES exist, unlink returns 0. */
+      write_str_to_file(fname, "hello world", 0);
+      r = unlink(fnme);
+      tt_int_op(r, OP_EQ, 0);
+
+    done:
+      tor_free(contents);
+    }
+
+
+This test might get very high coverage on unlink().  So why is it a
+bad test? Because it doesn't check that unlink() *actually removes the
+named file*!
+
+Remember, the purpose of a test is to succeed if the code does what
+it's supposed to do, and fail otherwise.  Try to design your tests so
+that they check for the code's intended and documented functionality
+as much as possible.
+
+
+### Mock functions for testing in isolation
+
+Often we want to test that a function works right, but the function to
+be tested depends on other functions whose behavior is hard to observe,
+or which require a working Tor network, or something like that.
+
+To write tests for this case, you can replace the underlying functions
+with testing stubs while your unit test is running.  You need to declare
+the underlying function as 'mockable', as follows:
+
+    MOCK_DECL(returntype, functionname, (argument list));
+
+and then later implement it as:
+
+    MOCK_IMPL(returntype, functionname, (argument list))
+    {
+       /* implementation here */
+    }
+
+For example, if you had a 'connect to remote server' function, you could
+declare it as:
+
+
+    MOCK_DECL(int, connect_to_remote, (const char *name, status_t *status));
+
+When you declare a function this way, it will be declared as normal in
+regular builds, but when the module is built for testing, it is declared
+as a function pointer initialized to the actual implementation.
+
+In your tests, if you want to override the function with a temporary
+replacement, you say:
+
+    MOCK(functionname, replacement_function_name);
+
+And later, you can restore the original function with:
+
+    UNMOCK(functionname);
+
+For more information, see the definitions of this mocking logic in
+`testsupport.h`.
+
+### Okay but what should my tests actually do?
+
+We talk above about "test coverage" -- making sure that your tests visit
+every line of code, or every branch of code.  But visiting the code isn't
+enough: we want to verify that it's correct.
+
+So when writing tests, try to make tests that should pass with any correct
+implementation of the code, and that should fail if the code doesn't do what
+it's supposed to do.
+
+You can write "black-box" tests or "glass-box" tests.  A black-box test is
+one that you write without looking at the structure of the function.  A
+glass-box one is one you implement while looking at how the function is
+implemented.
+
+In either case, make sure to consider common cases *and* edge cases; success
+cases and failure csaes.
+
+For example, consider testing this function:
+
+    /** Remove all elements E from sl such that E==element.  Preserve
+     * the order of any elements before E, but elements after E can be
+     * rearranged.
+     */
+    void smartlist_remove(smartlist_t *sl, const void *element);
+
+In order to test it well, you should write tests for at least all of the
+following cases.  (These would be black-box tests, since we're only looking
+at the declared behavior for the function:
+
+   * Remove an element that is in the smartlist.
+   * Remove an element that is not in the smartlist.
+   * Remove an element that appears in the smartlist more than once.
+
+And your tests should verify that it behaves correct.  At minimum, you should
+test:
+
+   * That other elements before E are in the same order after you call the
+     functions.
+   * That the target element is really removed.
+   * That _only_ the target element is removed.
+
+When you consider edge cases, you might try:
+
+   * Remove an element from an empty list.
+   * Remove an element from a singleton list containing that element.
+   * Remove an element for a list containing several instances of that
+     element, and nothing else.
+
+Now let's look at the implementation:
+
+    void
+    smartlist_remove(smartlist_t *sl, const void *element)
+    {
+      int i;
+      if (element == NULL)
+        return;
+      for (i=0; i < sl->num_used; i++)
+        if (sl->list[i] == element) {
+          sl->list[i] = sl->list[--sl->num_used]; /* swap with the end */
+          i--; /* so we process the new i'th element */
+          sl->list[sl->num_used] = NULL;
+        }
+    }
+
+Based on the implementation, we now see three more edge cases to test:
+
+   * Removing NULL from the list.
+   * Removing an element from the end of the list
+   * Removing an element from a position other than the end of the list.
+
+
+### What should my tests NOT do?
+
+Tests shouldn't require a network connection.
+
+Whenever possible, tests shouldn't take more than a second.  Put the test
+into test/slow if it genuinely needs to be run.
+
+Tests should not alter global state unless they run with `TT_FORK`: Tests
+should not require other tests to be run before or after them.
+
+Tests should not leak memory or other resources.  To find out if your tests
+are leaking memory, run them under valgrind (see HelpfulTools.txt for more
+information on how to do that).
+
+When possible, tests should not be over-fit to the implementation.  That is,
+the test should verify that the documented behavior is implemented, but
+should not break if other permissible behavior is later implemented.
+
+
+### Advanced techniques: Namespaces
+
+Sometimes, when you're doing a lot of mocking at once, it's convenient to
+isolate your identifiers within a single namespace.  If this were C++, we'd
+already have namespaces, but for C, we do the best we can with macros and
+token-pasting.
+
+We have some macros defined for this purpose in `src/test/test.h`.  To use
+them, you define `NS_MODULE` to a prefix to be used for your identifiers, and
+then use other macros in place of identifier names.  See `src/test/test.h` for
+more documentation.
+
+
+Integration tests: Calling Tor from the outside
+-----------------------------------------------
+
+Some tests need to invoke Tor from the outside, and shouldn't run from the
+same process as the Tor test program.  Reasons for doing this might include:
+
+   * Testing the actual behavior of Tor when run from the command line
+   * Testing that a crash-handler correctly logs a stack trace
+   * Verifying that violating a sandbox or capability requirement will
+     actually crash the program.
+   * Needing to run as root in order to test capability inheritance or
+     user switching.
+
+To add one of these, you generally want a new C program in `src/test`.  Add it
+to `TESTS` and `noinst_PROGRAMS` if it can run on its own and return success or
+failure.  If it needs to be invoked multiple times, or it needs to be
+wrapped, add a new shell script to `TESTS`, and the new program to
+`noinst_PROGRAMS`.  If you need access to any environment variable from the
+makefile (eg `${PYTHON}` for a python interpreter), then make sure that the
+makefile exports them.
+
+Writing integration tests with Stem
+-----------------------------------
+
+The 'stem' library includes extensive unit tests for the Tor controller
+protocol.
+
+For more information on writing new tests for stem, have a look around
+the `test/*` directory in stem, and find a good example to emulate.  You
+might want to start with
+`https://gitweb.torproject.org/stem.git/tree/test/integ/control/controller.py`
+to improve Tor's test coverage.
+
+You can run stem tests from tor with `make test-stem`, or see
+`https://stem.torproject.org/faq.html#how-do-i-run-the-tests`.
+
+System testing with Chutney
+---------------------------
+
+The 'chutney' program configures and launches a set of Tor relays,
+authorities, and clients on your local host.  It has a `test network`
+functionality to send traffic through them and verify that the traffic
+arrives correctly.
+
+You can write new test networks by adding them to `networks`. To add
+them to Tor's tests, add them to the `test-network` or `test-network-all`
+targets in `Makefile.am`.
+
+(Adding new kinds of program to chutney will still require hacking the
+code.)
diff --git a/doc/TUNING b/doc/TUNING
new file mode 100644
index 0000000000..24552a38cb
--- /dev/null
+++ b/doc/TUNING
@@ -0,0 +1,86 @@
+Most operating systems limit an amount of TCP sockets that can be used 
+simultaneously. It is possible for a busy Tor relay to run into these
+limits, thus being unable to fully utilize the bandwidth resources it 
+has at its disposal. Following system-specific tips might be helpful
+to alleviate the aforementioned problem.
+
+Linux
+-----
+
+Use 'ulimit -n' to raise an allowed number of file descriptors to be 
+opened on your host at the same time.
+
+FreeBSD
+-------
+
+Tune the followind sysctl(8) variables:
+ * kern.maxfiles - maximum allowed file descriptors (for entire system)
+ * kern.maxfilesperproc - maximum file descriptors one process is allowed
+   to use
+ * kern.ipc.maxsockets - overall maximum numbers of sockets for entire 
+   system
+ * kern.ipc.somaxconn - size of listen queue for incoming TCP connections
+   for entire system
+
+See also:
+ * https://www.freebsd.org/doc/handbook/configtuning-kernel-limits.html
+ * https://wiki.freebsd.org/NetworkPerformanceTuning
+
+Mac OS X
+--------
+
+Since Mac OS X is BSD-based system, most of the above hold for OS X as well.
+However, launchd(8) is known to modify kern.maxfiles and kern.maxfilesperproc
+when it launches tor service (see launchd.plist(5) manpage). Also, 
+kern.ipc.maxsockets is determined dynamically by the system and thus is 
+read-only on OS X.
+
+OpenBSD
+-------
+
+Because OpenBSD is primarily focused on security and stability, it uses default
+resource limits stricter than those of more popular Unix-like operating systems.
+
+OpenBSD stores a kernel-level file descriptor limit in the sysctl variable
+kern.maxfiles. It defaults to 7,030. To change it to, for example, 16,000 while
+the system is running, use the command 'sudo sysctl kern.maxfiles=16000'.
+kern.maxfiles will reset to the default value upon system reboot unless you also
+add 'kern.maxfiles=16000' to the file /etc/sysctl.conf.
+
+There are stricter resource limits set on user classes, which are stored in
+/etc/login.conf. This config file also allows limit sets for daemons started
+with scripts in the /etc/rc.d directory, which presumably includes Tor.
+
+To increase the file descriptor limit from its default of 1,024, add the
+following to /etc/login.conf:
+
+tor:\
+	:openfiles-max=13500:\
+	:tc=daemon:
+
+Upon restarting Tor, it will be able to open up to 13,500 file descriptors.
+
+This will work *only* if you are starting Tor with the script /etc/rc.d/tor. If
+you're using a custom build instead of the package, you can easily copy the rc.d
+script from the Tor port directory. Alternatively, you can ensure that the Tor's
+daemon user has its own user class and make a /etc/login.conf entry for it.
+
+High-bandwidth relays sometimes give the syslog warning:
+
+/bsd: WARNING: mclpools limit reached; increase kern.maxclusters
+
+In this case, increase kern.maxclusters with the sysctl command and in the file
+/etc/sysctl.conf, as described with kern.maxfiles above. Use 'sysctl
+kern.maxclusters' to query the current value. Increasing by about 15% per day
+until the error no longer appears is a good guideline.
+
+Disclaimer
+----------
+
+Do note that this document is a draft and above information may be
+technically incorrect and/or incomplete. If so, please open a ticket
+on https://trac.torproject.org or post to tor-relays mailing list.
+
+Are you running a busy Tor relay? Let us know how you are solving
+the out-of-sockets problem on your system.
+
diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh
index c06b57026b..a3ef53f884 100755
--- a/doc/asciidoc-helper.sh
+++ b/doc/asciidoc-helper.sh
@@ -19,7 +19,7 @@ if [ "$1" = "html" ]; then
     base=${output%%.html.in}
 
     if [ "$2" != none ]; then
-      "$2" -d manpage -o $output $input;
+      TZ=UTC "$2" -d manpage -o $output $input;
     else
       echo "==================================";
       echo;
diff --git a/doc/building-tor-msvc.txt b/doc/building-tor-msvc.txt
new file mode 100644
index 0000000000..3d3eced8af
--- /dev/null
+++ b/doc/building-tor-msvc.txt
@@ -0,0 +1,122 @@
+Building Tor with MSVC.

+=======================

+

+NOTE: This is not the preferred method for building Tor on windows: we use

+mingw for our packages.

+

+Last updated 9 September 2014.

+

+

+Requirements:

+-------------

+

+ * Visual Studio 2010

+    http://go.microsoft.com/fwlink/?LinkId=323467

+ * CMake 2.8.12.2

+    http://www.cmake.org/download/

+ * Perl 5.16

+    http://www.activestate.com/activeperl/downloads

+ * Latest stable OpenSSL tarball

+    https://www.openssl.org/source/

+ * Latest stable zlib tarball

+    http://zlib.net/

+ * Latest stable libevent Libevent tarball

+    https://github.com/libevent/libevent/releases

+

+Make sure you check signatures for all these packages.

+

+Steps:

+------

+

+Building OpenSSL from source as a shared library:

+

+ cd <openssl source dir>

+ perl Configure VC-WIN32

+ perl util\mkfiles.pl >MINFO

+ perl util\mk1mf.pl no-asm dll VC-WIN32 >32dll.mak

+ perl util\mkdef.pl 32 libeay > ms\libeay32.def

+ perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

+ nmake -f 32dll.mak

+

+Making OpenSSL final package:

+

+ Create <openssl final package dir>, I'd recommend using a name like <openssl

+ source dir>-vc10.

+

+ Copy the following directories and files to their respective locations

+  <openssl source dir>\inc32\openssl => <openssl final package dir>\include\openssl

+  <openssl source dir>\out32dll\libeay32.lib => <openssl final package dir>\lib\libeay32.lib

+  <openssl source dir>\out32dll\ssleay32.lib => <openssl final package dir>\lib\ssleay32.lib

+  <openssl source dir>\out32dll\libeay32.dll => <openssl final package dir>\bin\libeay32.dll

+  <openssl source dir>\out32dll\openssl.exe => <openssl final package dir>\bin\openssl.exe

+  <openssl source dir>\out32dll\ssleay32.dll => <openssl final package dir>\bin\ssleay32.dll

+

+Building Zlib from source:

+

+ cd <zlib source dir>

+ nmake -f win32/Makefile.msc

+

+Building libevent:

+

+ cd <libevent source dir>

+ mkdir build && cd build

+ SET OPENSSL_ROOT_DIR=<openssl final package dir>

+ cmake -G "NMake Makefiles" .. -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo -DCMAKE_C_FLAGS_RELWITHDEBINFO:STRING="/MT /Zi /O2 /Ob1 /D NDEBUG" -DZLIB_LIBRARY:FILEPATH="<zlib source dir>\zdll.lib" -DZLIB_INCLUDE_DIR:PATH="<zlib source dir>"

+ nmake event

+

+Building Tor:

+

+ Create a dir above tor source dir named build-alpha and two subdirs include

+ and lib.

+

+ Your build tree should now be similar to this one:

+  * build-alpha

+    - include

+    - lib

+  * <libevent source dir>

+    - build

+    - cmake

+    - ...

+  * <openssl source dir>

+    - ...

+    - ms

+    - util

+    - ...

+  * <openssl final package dir>

+    - bin

+    - include

+    - lib

+  * <tor source dir>

+    - ...

+    - src

+    - ...

+  * <zlib source dir>

+    - ...

+    - win32

+    - ...

+

+ Copy the following dirs and files to the following locations:

+  <openssl final package dir>\include\openssl => build-alpha\include\openssl

+  <libevent source dir>\include => build-alpha\include

+  <libevent source dir>\WIN32-Code\nmake\event2 => build-alpha\include\event2

+  <zlib source dir>\z*.h => build-alpha\include\z*.h

+

+ Now copy the following files to the following locations and rename them

+ according new names:

+

+  <libevent source dir>\build\lib\event.lib => build-alpha\lib\libevent.lib

+  <openssl final package dir>\lib\libeay32.lib => build-alpha\lib\libcrypto.lib

+  <openssl final package dir>\lib\ssleay32.lib => build-alpha\lib\libssl.lib

+  <zlib source dir>\zdll.lib => build-alpha\lib\libz.lib

+

+ And we are now ready for the build process:

+

+  cd <tor source dir>

+  nmake -f Makefile.nmake

+

+ After the above process is completed there should be a tor.exe in <tor

+ source dir>\src\or

+

+ Copy tor.exe to desired location and also copy zlib1.dll, libeay32.dll and

+ ssleay32.dll from built zlib and openssl packages

+

diff --git a/doc/contrib/tor-rpm-creation.txt b/doc/contrib/tor-rpm-creation.txt
index a03891e2b9..9c4e05764e 100644
--- a/doc/contrib/tor-rpm-creation.txt
+++ b/doc/contrib/tor-rpm-creation.txt
@@ -42,7 +42,7 @@ Here's a workaround:
 Before even building the source RPM, install fedora-packager and instruct
 the build system to use rpmbuild-md5 like this:
 
-yum install fedora-packager
+dnf install fedora-packager
 export RPMBUILD=rpmbuild-md5
 
 Then proceed as usual to create the source RPM and binary RPMs:
diff --git a/doc/include.am b/doc/include.am
index 30d3e20d83..7164a4b2a0 100644
--- a/doc/include.am
+++ b/doc/include.am
@@ -13,7 +13,7 @@
 # just use the .1 and .html files.
 
 base_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify
-all_mans = $(base_mans) doc/tor-fw-helper
+all_mans = $(base_mans)
 if USE_FW_HELPER
 install_mans = $(all_mans)
 else
@@ -34,9 +34,18 @@ nodist_man1_MANS =
 doc_DATA =
 endif
 
-EXTRA_DIST+= doc/HACKING doc/asciidoc-helper.sh			\
+EXTRA_DIST+= doc/asciidoc-helper.sh			\
              $(html_in) $(man_in) $(txt_in)			\
-             doc/state-contents.txt
+             doc/state-contents.txt				\
+             doc/torrc_format.txt 				\
+	     doc/TUNING						\
+	     doc/HACKING/README.1st.md				\
+	     doc/HACKING/CodingStandards.md 			\
+	     doc/HACKING/GettingStarted.md 			\
+	     doc/HACKING/HelpfulTools.md 			\
+	     doc/HACKING/HowToReview.md  			\
+	     doc/HACKING/ReleasingTor.md                        \
+	     doc/HACKING/WritingTests.md
 
 docdir = @docdir@
 
@@ -56,34 +65,30 @@ doc/tor.1.in: doc/tor.1.txt
 doc/torify.1.in: doc/torify.1.txt
 doc/tor-gencert.1.in: doc/tor-gencert.1.txt
 doc/tor-resolve.1.in: doc/tor-resolve.1.txt
-doc/tor-fw-helper.1.in: doc/tor-fw-helper.1.txt
 
 doc/tor.html.in: doc/tor.1.txt
 doc/torify.html.in: doc/torify.1.txt
 doc/tor-gencert.html.in: doc/tor-gencert.1.txt
 doc/tor-resolve.html.in: doc/tor-resolve.1.txt
-doc/tor-fw-helper.html.in: doc/tor-fw-helper.1.txt
 
-# use ../config.status to swap all machine-specific magic strings
+# use config.status to swap all machine-specific magic strings
 # in the asciidoc with their replacements.
 $(asciidoc_product) :
 	$(AM_V_GEN)$(MKDIR_P) $(@D)
 	$(AM_V_at)if test -e $(top_srcdir)/$@.in && ! test -e $@.in ; then \
 		cp $(top_srcdir)/$@.in $@; \
 	fi
-	$(AM_V_at)./config.status -q --file=$@;
+	$(AM_V_at)$(top_builddir)/config.status -q --file=$@;
 
 doc/tor.html: doc/tor.html.in
 doc/tor-gencert.html: doc/tor-gencert.html.in
 doc/tor-resolve.html: doc/tor-resolve.html.in
 doc/torify.html: doc/torify.html.in
-doc/tor-fw-helper.html: doc/tor-fw-helper.html.in
 
 doc/tor.1: doc/tor.1.in
 doc/tor-gencert.1: doc/tor-gencert.1.in
 doc/tor-resolve.1: doc/tor-resolve.1.in
 doc/torify.1: doc/torify.1.in
-doc/tor-fw-helper.1: doc/tor-fw-helper.1.in
 
-CLEANFILES+= $(asciidoc_product) config.log
+CLEANFILES+= $(asciidoc_product)
 DISTCLEANFILES+= $(html_in) $(man_in)
diff --git a/doc/tor-fw-helper.1.txt b/doc/tor-fw-helper.1.txt
deleted file mode 100644
index 1c103d9250..0000000000
--- a/doc/tor-fw-helper.1.txt
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) The Tor Project, Inc.
-// See LICENSE for licensing information
-// This is an asciidoc file used to generate the manpage/html reference.
-// Learn asciidoc on http://www.methods.co.nz/asciidoc/userguide.html
-:man source:   Tor
-:man manual:   Tor Manual
-tor-fw-helper(1)
-================
-Jacob Appelbaum
-
-NAME
-----
-tor-fw-helper - Manage upstream firewall/NAT devices
-
-SYNOPSIS
---------
-**tor-fw-helper** [-h|--help] [-T|--test-commandline] [-v|--verbose] [-g|--fetch-public-ip]
- [-p __external port__:__internal_port__]
-
-DESCRIPTION
------------
-**tor-fw-helper** currently supports Apple's NAT-PMP protocol and the UPnP
-standard for TCP port mapping. It is written as the reference implementation of
-tor-fw-helper-spec.txt and conforms to that loose plugin API.  If your network
-supports either NAT-PMP or UPnP, tor-fw-helper will attempt to automatically
-map the required TCP ports for Tor's Or and Dir ports. +
-
-OPTIONS
--------
-**-h** or **--help**::
-    Display help text and exit.
-
-**-v** or **--verbose**::
-    Display verbose output.
-
-**-T** or **--test-commandline**::
-    Display test information and print the test information in
-    tor-fw-helper.log
-
-**-g** or **--fetch-public-ip**::
-    Fetch the the public ip address for each supported NAT helper method.
-
-**-p** or **--port** __external_port__:__internal_port__::
-    Forward external_port to internal_port.  This option can appear
-    more than once.
-
-BUGS
-----
-This probably doesn't run on Windows. That's not a big issue, since we don't
-really want to deal with Windows before October 2010 anyway.
-
-SEE ALSO
---------
-**tor**(1) +
-
-See also the "tor-fw-helper-spec.txt" file, distributed with Tor.
-
-AUTHORS
--------
-    Jacob Appelbaum <jacob@torproject.org>, Steven J. Murdoch <Steven.Murdoch@cl.cam.ac.uk>
diff --git a/doc/tor-resolve.1.txt b/doc/tor-resolve.1.txt
index 341d302244..30e16d5daa 100644
--- a/doc/tor-resolve.1.txt
+++ b/doc/tor-resolve.1.txt
@@ -14,7 +14,7 @@ tor-resolve - resolve a hostname to an IP address via tor
 
 SYNOPSIS
 --------
-**tor-resolve** [-4|-5] [-v] [-x] __hostname__ [__sockshost__[:__socksport__]]
+**tor-resolve** [-4|-5] [-v] [-x] [-p __socksport__] __hostname__ [__sockshost__[:__socksport__]]
 
 DESCRIPTION
 -----------
@@ -40,6 +40,9 @@ OPTIONS
     Use the SOCKS4a protocol rather than the default SOCKS5 protocol. Doesn't
     support reverse DNS.
 
+**-p** __socksport__::
+    Override the default SOCKS port without setting the hostname.
+
 SEE ALSO
 --------
 **tor**(1), **torify**(1). +
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 8d51f6e3c2..74915b7119 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -30,7 +30,7 @@ Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the
 network, and recipients, observers, and even the relays themselves have
 difficulty tracking the source of the stream.
 
-By default, **tor** will only act as a client only.  To help the network
+By default, **tor** will act as a client only.  To help the network
 by providing bandwidth as a relay, change the **ORPort** configuration
 option -- see below.  Please also consult the documentation on the Tor
 Project's website.
@@ -42,7 +42,8 @@ COMMAND-LINE OPTIONS
 
 [[opt-f]] **-f** __FILE__::
     Specify a new configuration file to contain further Tor configuration
-    options. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not
+    options OR pass *-* to make Tor read its configuration from standard
+    input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not
     found)
 
 [[opt-allow-missing-torrc]] **--allow-missing-torrc**::
@@ -72,7 +73,7 @@ COMMAND-LINE OPTIONS
 [[opt-serviceinstall]] **--service install** [**--options** __command-line options__]::
     Install an instance of Tor as a Windows service, with the provided
     command-line options. Current instructions can be found at
-    https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#HowdoIrunmyTorrelayasanNTservice
+    https://www.torproject.org/docs/faq#NTService
 
 [[opt-service]] **--service** **remove**|**start**|**stop**::
     Remove, start, or stop a configured Tor Windows service.
@@ -94,11 +95,34 @@ COMMAND-LINE OPTIONS
     which tells Tor to only send warnings and errors to the console, or with
     the **--quiet** option, which tells Tor not to log to the console at all.
 
+[[opt-keygen]] **--keygen** [**--newpass**]::
+   Running "tor --keygen" creates a new ed25519 master identity key for a
+   relay, or only a fresh temporary signing key and certificate, if you
+   already have a master key.  Optionally you can encrypt the master identity
+   key with a passphrase: Tor will ask you for one. If you don't want to
+   encrypt the master key, just don't enter any passphrase when asked. +
+ +
+   The **--newpass** option should be used with --keygen only when you need
+   to add, change, or remove a passphrase on an existing ed25519 master
+   identity key. You will be prompted for the old passphase (if any),
+   and the new passphrase (if any). +
+ +
+   When generating a master key, you will probably want to use
+   **--DataDirectory** to control where the keys
+   and certificates will be stored, and **--SigningKeyLifetime** to
+   control their lifetimes.  Their behavior is as documented in the
+   server options section below.  (You must have write access to the specified
+   DataDirectory.) +
+ +
+   To use the generated files, you must copy them to the DataDirectory/keys
+   directory of your Tor daemon, and make sure that they are owned by the
+   user actually running the Tor daemon on your system.
+
 Other options can be specified on the command-line in the format "--option
 value", in the format "option value", or in a configuration file.  For
 instance, you can tell Tor to start listening for SOCKS connections on port
-9999 by passing --SOCKSPort 9999 or SOCKSPort 9999 to it on the command line,
-or by putting "SOCKSPort 9999" in the configuration file.  You will need to
+9999 by passing --SocksPort 9999 or SocksPort 9999 to it on the command line,
+or by putting "SocksPort 9999" in the configuration file.  You will need to
 quote options with spaces in them: if you want Tor to log all debugging
 messages to debug.log, you will probably need to say --Log 'debug file
 debug.log'.
@@ -124,26 +148,31 @@ the defaults file.
 
 This rule is simple for options that take a single value, but it can become
 complicated for options that are allowed to occur more than once: if you
-specify four SOCKSPorts in your configuration file, and one more SOCKSPort on
+specify four SocksPorts in your configuration file, and one more SocksPort on
 the command line, the option on the command line will replace __all__ of the
-SOCKSPorts in the configuration file.  If this isn't what you want, prefix
-the option name with a plus sign, and it will be appended to the previous set
-of options instead.
+SocksPorts in the configuration file.  If this isn't what you want, prefix
+the option name with a plus sign (+), and it will be appended to the previous
+set of options instead.  For example, setting SocksPort 9100 will use only
+port 9100, but setting +SocksPort 9100 will use ports 9100 and 9050 (because
+this is the default).
 
 Alternatively, you might want to remove every instance of an option in the
 configuration file, and not replace it at all: you might want to say on the
-command line that you want no SOCKSPorts at all.  To do that, prefix the
-option name with a forward slash.
+command line that you want no SocksPorts at all.  To do that, prefix the
+option name with a forward slash (/).  You can use the plus sign (+) and the
+forward slash (/) in the configuration file and on the command line.
 
 GENERAL OPTIONS
 ---------------
 
 [[BandwidthRate]] **BandwidthRate** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**KBits**|**MBits**|**GBits**::
-    A token bucket limits the average incoming bandwidth usage on this node to
-    the specified number of bytes per second, and the average outgoing
+    A token bucket limits the average incoming bandwidth usage on this node
+    to the specified number of bytes per second, and the average outgoing
     bandwidth usage to that same value.  If you want to run a relay in the
-    public network, this needs to be _at the very least_ 30 KBytes (that is,
-    30720 bytes). (Default: 1 GByte) +
+    public network, this needs to be _at the very least_ 75 KBytes for a
+    relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) -- but of
+    course, more is better; we recommend at least 250 KBytes (2 mbits) if
+    possible.  (Default: 1 GByte) +
  +
     With this option, and in other options that take arguments in bytes,
     KBytes, and so on, other formats are also supported. Notably, "KBytes" can
@@ -215,7 +244,7 @@ GENERAL OPTIONS
     any pluggable transport proxy that tries to launch __transport__. +
     (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache)
 
-[[ExtORPort]] **ExtORPort** \['address':]__port__|**auto**
+[[ExtORPort]] **ExtORPort** \['address':]__port__|**auto**::
     Open this port to listen for Extended ORPort connections from your
     pluggable transports.
 
@@ -273,16 +302,28 @@ GENERAL OPTIONS
     all sockets will be set to this limit. Must be a value between 2048 and
     262144, in 1024 byte increments. Default of 8192 is recommended.
 
-[[ControlPort]] **ControlPort** __PORT__|**auto**::
+[[ControlPort]] **ControlPort** __PORT__|**unix:**__path__|**auto** [__flags__]::
     If set, Tor will accept connections on this port and allow those
     connections to control the Tor process using the Tor Control Protocol
-    (described in control-spec.txt). Note: unless you also specify one or
-    more of **HashedControlPassword** or **CookieAuthentication**,
-    setting this option will cause Tor to allow any process on the local
-    host to control it. (Setting both authentication methods means either
-    method is sufficient to authenticate to Tor.) This
+    (described in control-spec.txt in
+    https://spec.torproject.org[torspec]). Note: unless you also
+    specify one or more of **HashedControlPassword** or
+    **CookieAuthentication**, setting this option will cause Tor to allow
+    any process on the local host to control it. (Setting both authentication
+    methods means eithermethod is sufficient to authenticate to Tor.) This
     option is required for many Tor controllers; most use the value of 9051.
-    Set it to "auto" to have Tor pick a port for you. (Default: 0)
+    Set it to "auto" to have Tor pick a port for you. (Default: 0) +
+ +
+    Recognized flags are...
+    **GroupWritable**;;
+        Unix domain sockets only: makes the socket get created as
+        group-writable.
+    **WorldWritable**;;
+        Unix domain sockets only: makes the socket get created as
+        world-writable.
+    **RelaxDirModeCheck**;;
+        Unix domain sockets only: Do not insist that the directory
+        that holds the socket be read-restricted.
 
 [[ControlListenAddress]] **ControlListenAddress** __IP__[:__PORT__]::
     Bind the controller listener to this address. If you specify a port, bind
@@ -294,7 +335,7 @@ GENERAL OPTIONS
 
 [[ControlSocket]] **ControlSocket** __Path__::
     Like ControlPort, but listens on a Unix domain socket, rather than a TCP
-    socket. (Unix and Unix-like systems only.)
+    socket. '0' disables ControlSocket (Unix and Unix-like systems only.)
 
 [[ControlSocketsGroupWritable]] **ControlSocketsGroupWritable** **0**|**1**::
     If this option is set to 0, don't allow the filesystem group to read and
@@ -338,10 +379,26 @@ GENERAL OPTIONS
 [[DataDirectory]] **DataDirectory** __DIR__::
     Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
 
-[[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__]::
+[[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read the
+    DataDirectory. If the option is set to 1, make the DataDirectory readable
+    by the default GID. (Default: 0)
+
+[[FallbackDir]] **FallbackDir** __address__:__port__ orport=__port__ id=__fingerprint__ [weight=__num__] [ipv6=__address__:__orport__]::
     When we're unable to connect to any directory cache for directory info
-    (usually because we don't know about any yet) we try a FallbackDir.
-    By default, the directory authorities are also FallbackDirs.
+    (usually because we don't know about any yet) we try a directory authority.
+    Clients also simultaneously try a FallbackDir, to avoid hangs on client
+    startup if a directory authority is down. Clients retry FallbackDirs more
+    often than directory authorities, to reduce the load on the directory
+    authorities.
+    By default, the directory authorities are also FallbackDirs. Specifying a
+    FallbackDir replaces Tor's default hard-coded FallbackDirs (if any).
+    (See the **DirAuthority** entry for an explanation of each flag.)
+
+[[UseDefaultFallbackDirs]] **UseDefaultFallbackDirs** **0**|**1**::
+    Use Tor's default hard-coded FallbackDirs (if any). (When a
+    FallbackDir line is present, it replaces the hard-coded FallbackDirs,
+    regardless of the value of UseDefaultFallbackDirs.) (Default: 1)
 
 [[DirAuthority]] **DirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__::
     Use a nonstandard authoritative directory server at the provided address
@@ -354,9 +411,16 @@ GENERAL OPTIONS
     "bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
     given port when opening encrypted tunnels to the dirserver. If a flag
     "weight=**num**" is given, then the directory server is chosen randomly
-    with probability proportional to that weight (default 1.0). Lastly, if a
+    with probability proportional to that weight (default 1.0). If a
     flag "v3ident=**fp**" is given, the dirserver is a v3 directory authority
-    whose v3 long-term signing key has the fingerprint **fp**. +
+    whose v3 long-term signing key has the fingerprint **fp**. Lastly,
+    if an "ipv6=__address__:__orport__" flag is present, then the directory
+    authority is listening for IPv6 connections on the indicated IPv6 address
+    and OR Port. +
+ +
+    Tor will contact the authority at __address__:__port__ (the DirPort) to
+    download directory documents. If an IPv6 address is supplied, Tor will
+    also download directory documents at the IPv6 address on the DirPort. +
  +
     If no **DirAuthority** line is given, Tor will use the default directory
     authorities. NOTE: this option is intended for setting up a private Tor
@@ -370,12 +434,6 @@ GENERAL OPTIONS
     chosen with their regular weights, multiplied by this number, which
     should be 1.0 or less. (Default: 1.0)
 
-[[DynamicDHGroups]] **DynamicDHGroups** **0**|**1**::
-    If this option is set to 1, when running as a server, generate our
-    own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
-    This option may help circumvent censorship based on static
-    Diffie-Hellman parameters. (Default: 0)
-
 [[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
 
 [[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
@@ -483,6 +541,11 @@ GENERAL OPTIONS
     in accordance to RFC 1929. Both username and password must be between 1 and
     255 characters.
 
+[[SocksSocketsGroupWritable]] **SocksSocketsGroupWritable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read and
+    write unix sockets (e.g. SocksSocket). If the option is set to 1, make
+    the SocksSocket socket readable and writable by the default GID. (Default: 0)
+
 [[KeepalivePeriod]] **KeepalivePeriod** __NUM__::
     To keep firewalls from expiring connections, send a padding keepalive cell
     every NUM seconds on open connections that are in use. If the connection
@@ -550,7 +613,7 @@ GENERAL OPTIONS
     \'info'. (Default: 0)
 
 [[PredictedPortsRelevanceTime]] **PredictedPortsRelevanceTime** __NUM__::
-    Set how long, after the client has mad an anonymized connection to a
+    Set how long, after the client has made an anonymized connection to a
     given port, we will try to make sure that we build circuits to
     exits that support that port. The maximum value for this option is 1
     hour. (Default: 1 hour)
@@ -568,6 +631,14 @@ GENERAL OPTIONS
     messages to affect times logged by a controller, times attached to
     syslog messages, or the mtime fields on log files.  (Default: 1 second)
 
+[[TruncateLogFile]] **TruncateLogFile** **0**|**1**::
+    If 1, Tor will overwrite logs at startup and in response to a HUP signal,
+    instead of appending to them. (Default: 0)
+
+[[SyslogIdentityTag]] **SyslogIdentityTag** __tag__::
+    When logging to syslog, adds a tag to the syslog identity such that
+    log entries are marked with "Tor-__tag__".  (Default: none)
+
 [[SafeLogging]] **SafeLogging** **0**|**1**|**relay**::
     Tor can scrub potentially sensitive strings from log messages (e.g.
     addresses) by replacing them with the string [scrubbed]. This way logs can
@@ -582,6 +653,14 @@ GENERAL OPTIONS
 [[User]] **User** __UID__::
     On startup, setuid to this user and setgid to their primary group.
 
+[[KeepBindCapabilities]] **KeepBindCapabilities** **0**|**1**|**auto**::
+    On Linux, when we are started as root and we switch our identity using
+    the **User** option, the **KeepBindCapabilities** option tells us whether to
+    try to retain our ability to bind to low ports.  If this value is 1, we
+    try to keep the capability; if it is 0 we do not; and if it is **auto**,
+    we keep the capability only if we are configured to listen on a low port.
+    (Default: auto.)
+
 [[HardwareAccel]] **HardwareAccel** **0**|**1**::
     If non-zero, try to use built-in (static) crypto hardware acceleration when
     available. (Default: 0)
@@ -668,9 +747,12 @@ The following options are useful only for clients (that is, if
     fingerprint to look up the bridge descriptor at the bridge authority, if
     it's provided and if UpdateBridgesFromAuthority is set too.  +
  +
-    If "transport" is provided, and matches to a ClientTransportPlugin
-    line, we use that pluggable transports proxy to transfer data to
-    the bridge.
+    If "transport" is provided, it must match a ClientTransportPlugin line. We
+    then use that pluggable transport's proxy to transfer data to the bridge,
+    rather than connecting to the bridge directly. Some transports use a
+    transport-specific method to work out the remote address to connect to.
+    These transports typically ignore the "IP:ORPort" specified in the bridge
+    line.
 
 [[LearnCircuitBuildTimeout]] **LearnCircuitBuildTimeout** **0**|**1**::
     If 0, CircuitBuildTimeout adaptive learning is disabled. (Default: 1)
@@ -707,10 +789,12 @@ The following options are useful only for clients (that is, if
     unless ORPort, ExtORPort, or DirPort are configured.) (Default: 0)
 
 [[ExcludeNodes]] **ExcludeNodes** __node__,__node__,__...__::
-    A list of identity fingerprints, nicknames, country codes and address
-    patterns of nodes to avoid when building a circuit.
+    A list of identity fingerprints, country codes, and address
+    patterns of nodes to avoid when building a circuit. Country codes are
+    2-letter ISO3166 codes, and must
+    be wrapped in braces; fingerprints may be preceded by a dollar sign.
     (Example:
-    ExcludeNodes SlowServer, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
+    ExcludeNodes ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
  +
     By default, this option is treated as a preference that Tor is allowed
     to override in order to keep working.
@@ -730,11 +814,13 @@ The following options are useful only for clients (that is, if
 
 
 [[ExcludeExitNodes]] **ExcludeExitNodes** __node__,__node__,__...__::
-    A list of identity fingerprints, nicknames, country codes and address
+    A list of identity fingerprints, country codes, and address
     patterns of nodes to never use when picking an exit node---that is, a
     node that delivers traffic for you outside the Tor network.   Note that any
     node listed in ExcludeNodes is automatically considered to be part of this
-    list too.  See also the caveats on the "ExitNodes" option below.
+    list too.  See
+    the **ExcludeNodes** option for more information on how to specify
+    nodes. See also the caveats on the "ExitNodes" option below.
 
 [[GeoIPExcludeUnknown]] **GeoIPExcludeUnknown** **0**|**1**|**auto**::
     If this option is set to 'auto', then whenever any country code is set in
@@ -745,9 +831,10 @@ The following options are useful only for clients (that is, if
     configured or can't be found.  (Default: auto)
 
 [[ExitNodes]] **ExitNodes** __node__,__node__,__...__::
-    A list of identity fingerprints, nicknames, country codes and address
+    A list of identity fingerprints, country codes, and address
     patterns of nodes to use as exit node---that is, a
-    node that delivers traffic for you outside the Tor network. +
+    node that delivers traffic for you outside the Tor network.  See
+    the **ExcludeNodes** option for more information on how to specify nodes. +
  +
     Note that if you list too few nodes here, or if you exclude too many exit
     nodes with ExcludeExitNodes, you can degrade functionality.  For example,
@@ -768,7 +855,7 @@ The following options are useful only for clients (that is, if
     this option.
 
 [[EntryNodes]] **EntryNodes** __node__,__node__,__...__::
-    A list of identity fingerprints, nicknames, and country codes of nodes
+    A list of identity fingerprints and country codes of nodes
     to use for the first hop in your normal circuits.
     Normal circuits include all
     circuits except for direct connections to directory servers.  The Bridge
@@ -776,7 +863,8 @@ The following options are useful only for clients (that is, if
     UseBridges is 1, the Bridges are used as your entry nodes. +
  +
     The ExcludeNodes option overrides this option: any node listed in both
-    EntryNodes and ExcludeNodes is treated as excluded.
+    EntryNodes and ExcludeNodes is treated as excluded. See
+    the **ExcludeNodes** option for more information on how to specify nodes.
 
 [[StrictNodes]] **StrictNodes** **0**|**1**::
     If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a
@@ -873,12 +961,12 @@ The following options are useful only for clients (that is, if
     When a request for address arrives to Tor, it will transform to newaddress
     before processing it. For example, if you always want connections to
     www.example.com to exit via __torserver__ (where __torserver__ is the
-    nickname of the server), use "MapAddress www.example.com
+    fingerprint of the server), use "MapAddress www.example.com
     www.example.com.torserver.exit". If the value is prefixed with a
     "\*.", matches an entire domain. For example, if you
     always want connections to example.com and any if its subdomains
     to exit via
-    __torserver__ (where __torserver__ is the nickname of the server), use
+    __torserver__ (where __torserver__ is the fingerprint of the server), use
     "MapAddress \*.example.com \*.example.com.torserver.exit". (Note the
     leading "*." in each part of the directive.) You can also redirect all
     subdomains of a domain to a single address. For example, "MapAddress
@@ -917,7 +1005,9 @@ The following options are useful only for clients (that is, if
     Feel free to reuse a circuit that was first used at most NUM seconds ago,
     but never attach a new stream to a circuit that is too old.  For hidden
     services, this applies to the __last__ time a circuit was used, not the
-    first.  (Default: 10 minutes)
+    first. Circuits with streams constructed with SOCKS authentication via
+    SocksPorts that have **KeepAliveIsolateSOCKSAuth** ignore this value.
+    (Default: 10 minutes)
 
 [[MaxClientCircuitsPending]] **MaxClientCircuitsPending** __NUM__::
     Do not allow more than NUM circuits to be pending at a time for handling
@@ -925,27 +1015,36 @@ The following options are useful only for clients (that is, if
     but it has not yet been completely constructed.  (Default: 32)
 
 [[NodeFamily]] **NodeFamily** __node__,__node__,__...__::
-    The Tor servers, defined by their identity fingerprints or nicknames,
+    The Tor servers, defined by their identity fingerprints,
     constitute a "family" of similar or co-administered servers, so never use
     any two of them in the same circuit. Defining a NodeFamily is only needed
     when a server doesn't list the family itself (with MyFamily). This option
-    can be used multiple times.  In addition to nodes, you can also list
-    IP address and ranges and country codes in {curly braces}.
+    can be used multiple times; each instance defines a separate family.  In
+    addition to nodes, you can also list IP address and ranges and country
+    codes in {curly braces}. See the **ExcludeNodes** option for more
+    information on how to specify nodes.
 
 [[EnforceDistinctSubnets]] **EnforceDistinctSubnets** **0**|**1**::
     If 1, Tor will not put two servers whose IP addresses are "too close" on
     the same circuit. Currently, two addresses are "too close" if they lie in
     the same /16 range. (Default: 1)
 
-[[SOCKSPort]] **SOCKSPort** \['address':]__port__|**auto** [_flags_] [_isolation flags_]::
+[[SocksPort]] **SocksPort** \['address':]__port__|**unix:**__path__|**auto** [_flags_] [_isolation flags_]::
     Open this port to listen for connections from SOCKS-speaking
     applications. Set this to 0 if you don't want to allow application
     connections via SOCKS. Set it to "auto" to have Tor pick a port for
     you. This directive can be specified multiple times to bind
     to multiple addresses/ports. (Default: 9050) +
  +
+        NOTE: Although this option allows you to specify an IP address
+        other than localhost, you should do so only with extreme caution.
+        The SOCKS protocol is unencrypted and (as we use it)
+        unauthenticated, so exposing it in this way could leak your
+        information to anybody watching your network, and allow anybody
+        to use your computer as an open proxy. +
+ +
     The _isolation flags_ arguments give Tor rules for which streams
-    received on this SOCKSPort are allowed to share circuits with one
+    received on this SocksPort are allowed to share circuits with one
     another.  Recognized isolation flags are:
     **IsolateClientAddr**;;
         Don't share circuits with streams from a different
@@ -960,20 +1059,23 @@ The following options are useful only for clients (that is, if
         (SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections,
         and DNSPort requests are all considered to be different protocols.)
     **IsolateDestPort**;;
-        Don't share circuits with streams targetting a different
+        Don't share circuits with streams targeting a different
         destination port.
     **IsolateDestAddr**;;
-        Don't share circuits with streams targetting a different
+        Don't share circuits with streams targeting a different
         destination address.
+    **KeepAliveIsolateSOCKSAuth**;;
+        If **IsolateSOCKSAuth** is enabled, keep alive circuits that have
+        streams with SOCKS authentication set indefinitely.
     **SessionGroup=**__INT__;;
         If no other isolation rules would prevent it, allow streams
         on this port to share circuits with streams from every other
         port with the same session group.  (By default, streams received
-        on different SOCKSPorts, TransPorts, etc are always isolated from one
+        on different SocksPorts, TransPorts, etc are always isolated from one
         another. This option overrides that behavior.)
 
-[[OtherSOCKSPortFlags]]::
-    Other recognized __flags__ for a SOCKSPort are:
+[[OtherSocksPortFlags]]::
+    Other recognized __flags__ for a SocksPort are:
     **NoIPv4Traffic**;;
         Tell exits to not connect to IPv4 addresses in response to SOCKS
         requests on this connection.
@@ -984,20 +1086,18 @@ The following options are useful only for clients (that is, if
     **PreferIPv6**;;
         Tells exits that, if a host has both an IPv4 and an IPv6 address,
         we would prefer to connect to it via IPv6. (IPv4 is the default.) +
- +
-        NOTE: Although this option allows you to specify an IP address
-        other than localhost, you should do so only with extreme caution.
-        The SOCKS protocol is unencrypted and (as we use it)
-        unauthenticated, so exposing it in this way could leak your
-        information to anybody watching your network, and allow anybody
-        to use your computer as an open proxy. +
- +
     **CacheIPv4DNS**;;
         Tells the client to remember IPv4 DNS answers we receive from exit
         nodes via this connection. (On by default.)
     **CacheIPv6DNS**;;
         Tells the client to remember IPv6 DNS answers we receive from exit
         nodes via this connection.
+    **GroupWritable**;;
+        Unix domain sockets only: makes the socket get created as
+        group-writable.
+    **WorldWritable**;;
+        Unix domain sockets only: makes the socket get created as
+        world-writable.
     **CacheDNS**;;
         Tells the client to remember all DNS answers we receive from exit
         nodes via this connection.
@@ -1014,7 +1114,7 @@ The following options are useful only for clients (that is, if
         requests via this connection.
     **PreferIPv6Automap**;;
         When serving a hostname lookup request on this port that
-        should get automapped (according to AutomapHostsOnResove),
+        should get automapped (according to AutomapHostsOnResolve),
         if we could return either an IPv4 or an IPv6 answer, prefer
         an IPv6 answer. (On by default.)
     **PreferSOCKSNoAuth**;;
@@ -1027,14 +1127,14 @@ The following options are useful only for clients (that is, if
         authentication" when IsolateSOCKSAuth is disabled, or when this
         option is set.
 
-[[SOCKSListenAddress]] **SOCKSListenAddress** __IP__[:__PORT__]::
+[[SocksListenAddress]] **SocksListenAddress** __IP__[:__PORT__]::
     Bind to this address to listen for connections from Socks-speaking
     applications. (Default: 127.0.0.1) You can also specify a port (e.g.
     192.168.0.1:9100). This directive can be specified multiple times to bind
     to multiple addresses/ports.  (DEPRECATED: As of 0.2.3.x-alpha, you can
-    now use multiple SOCKSPort entries, and provide addresses for SOCKSPort
-    entries, so SOCKSListenAddress no longer has a purpose.  For backward
-    compatibility, SOCKSListenAddress is only allowed when SOCKSPort is just
+    now use multiple SocksPort entries, and provide addresses for SocksPort
+    entries, so SocksListenAddress no longer has a purpose.  For backward
+    compatibility, SocksListenAddress is only allowed when SocksPort is just
     a port number.)
 
 [[SocksPolicy]] **SocksPolicy** __policy__,__policy__,__...__::
@@ -1097,6 +1197,17 @@ The following options are useful only for clients (that is, if
     download any non-default directory material.  It doesn't currently
     do anything when we lack a live consensus. (Default: 1)
 
+[[GuardfractionFile]] **GuardfractionFile** __FILENAME__::
+    V3 authoritative directories only. Configures the location of the
+    guardfraction file which contains information about how long relays
+    have been guards. (Default: unset)
+
+[[UseGuardFraction]] **UseGuardFraction** **0**|**1**|**auto**::
+    This torrc option specifies whether clients should use the
+    guardfraction information found in the consensus during path
+    selection. If it's set to 'auto', clients will do what the
+    UseGuardFraction consensus parameter tells them to do. (Default: auto)
+
 [[NumEntryGuards]] **NumEntryGuards** __NUM__::
     If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
     as long-term entries for our circuits. If NUM is 0, we try to learn
@@ -1230,7 +1341,7 @@ The following options are useful only for clients (that is, if
     Use 0 if you don't want to allow NATD connections.  Set the port
     to "auto" to have Tor pick a port for you. This directive can be
     specified multiple times to bind to multiple addresses/ports.  See
-    SOCKSPort for an explanation of isolation flags. +
+    SocksPort for an explanation of isolation flags. +
  +
     This option is only for people who cannot use TransPort. (Default: 0)
 
@@ -1258,7 +1369,7 @@ The following options are useful only for clients (that is, if
     doesn't handle arbitrary DNS request types. Set the port to "auto" to
     have Tor pick a port for
     you. This directive can be specified multiple times to bind to multiple
-    addresses/ports. See SOCKSPort for an explanation of isolation
+    addresses/ports. See SocksPort for an explanation of isolation
     flags. (Default: 0)
 
 [[DNSListenAddress]] **DNSListenAddress** __IP__[:__PORT__]::
@@ -1283,7 +1394,7 @@ The following options are useful only for clients (that is, if
 [[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**::
     If true, Tor downloads and caches "extra-info" documents. These documents
     contain information about servers other than the information in their
-    regular router descriptors. Tor does not use this information for anything
+    regular server descriptors. Tor does not use this information for anything
     itself; to save bandwidth, leave this option turned off. (Default: 0)
 
 [[WarnPlaintextPorts]] **WarnPlaintextPorts** __port__,__port__,__...__::
@@ -1318,6 +1429,22 @@ The following options are useful only for clients (that is, if
     To enable this option the compile time flag --enable-tor2webmode must be
     specified. (Default: 0)
 
+[[Tor2webRendezvousPoints]] **Tor2webRendezvousPoints** __node__,__node__,__...__::
+    A list of identity fingerprints, nicknames, country codes and
+    address patterns of nodes that are allowed to be used as RPs
+    in HS circuits; any other nodes will not be used as RPs.
+    (Example:
+    Tor2webRendezvousPoints Fastyfasty, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
+ +
+    This feature can only be used if Tor2webMode is also enabled.
+ +
+    ExcludeNodes have higher priority than Tor2webRendezvousPoints,
+    which means that nodes specified in ExcludeNodes will not be
+    picked as RPs.
+ +
+    If no nodes in Tor2webRendezvousPoints are currently available for
+    use, Tor will choose a random node when building HS circuits.
+
 [[UseMicrodescriptors]] **UseMicrodescriptors** **0**|**1**|**auto**::
     Microdescriptors are a smaller version of the information that Tor needs
     in order to build its circuits.  Using microdescriptors makes Tor clients
@@ -1391,17 +1518,33 @@ The following options are useful only for clients (that is, if
     If no defaults are available there, these options default to 20, .80,
     .60, and 100, respectively.
 
+[[ClientUseIPv4]] **ClientUseIPv4** **0**|**1**::
+    If this option is set to 0, Tor will avoid connecting to directory servers
+    and entry nodes over IPv4. Note that clients with an IPv4
+    address in a **Bridge**, proxy, or pluggable transport line will try
+    connecting over IPv4 even if **ClientUseIPv4** is set to 0. (Default: 1)
+
 [[ClientUseIPv6]] **ClientUseIPv6** **0**|**1**::
-    If this option is set to 1, Tor might connect to entry nodes over
-    IPv6. Note that clients configured with an IPv6 address in a
-    **Bridge** line will try connecting over IPv6 even if
-    **ClientUseIPv6** is set to 0. (Default: 0)
+    If this option is set to 1, Tor might connect to directory servers or
+    entry nodes over IPv6. Note that clients configured with an IPv6 address
+    in a **Bridge**, proxy, or pluggable transport line will try connecting
+    over IPv6 even if **ClientUseIPv6** is set to 0. (Default: 0)
+
+[[ClientPreferIPv6DirPort]] **ClientPreferIPv6DirPort** **0**|**1**|**auto**::
+    If this option is set to 1, Tor prefers a directory port with an IPv6
+    address over one with IPv4, for direct connections, if a given directory
+    server has both. (Tor also prefers an IPv6 DirPort if IPv4Client is set to
+    0.) If this option is set to auto, clients prefer IPv4. Other things may
+    influence the choice. This option breaks a tie to the favor of IPv6.
+    (Default: auto)
 
-[[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**::
+[[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**|**auto**::
     If this option is set to 1, Tor prefers an OR port with an IPv6
-    address over one with IPv4 if a given entry node has both. Other
-    things may influence the choice. This option breaks a tie to the
-    favor of IPv6. (Default: 0)
+    address over one with IPv4 if a given entry node has both. (Tor also
+    prefers an IPv6 ORPort if IPv4Client is set to 0.) If this option is set
+    to auto, Tor bridge clients prefer the configured bridge address, and
+    other clients prefer IPv4. Other things may influence the choice. This
+    option breaks a tie to the favor of IPv6. (Default: auto)
 
 [[PathsNeededToBuildCircuits]] **PathsNeededToBuildCircuits** __NUM__::
     Tor clients don't build circuits for user traffic until they know
@@ -1415,15 +1558,44 @@ The following options are useful only for clients (that is, if
     Tor will use a default value chosen by the directory
     authorities. (Default: -1.)
 
-[[Support022HiddenServices]] **Support022HiddenServices** **0**|**1**|**auto**::
-    Tor hidden services running versions before 0.2.3.x required clients to
-    send timestamps, which can potentially be used to distinguish clients
-    whose view of the current time is skewed. If this option is set to 0, we
-    do not send this timestamp, and hidden services on obsolete Tor versions
-    will not work.  If this option is set to 1, we send the timestamp.  If
-    this optoin is "auto", we take a recommendation from the latest consensus
-    document. (Default: auto)
-
+[[ClientBootstrapConsensusAuthorityDownloadSchedule]] **ClientBootstrapConsensusAuthorityDownloadSchedule** __N__,__N__,__...__::
+    Schedule for when clients should download consensuses from authorities
+    if they are bootstrapping (that is, they don't have a usable, reasonably
+    live consensus). Only used by clients fetching from a list of fallback
+    directory mirrors. This schedule is advanced by (potentially concurrent)
+    connection attempts, unlike other schedules, which are advanced by
+    connection failures. (Default: 10, 11, 3600, 10800, 25200, 54000,
+    111600, 262800)
+
+[[ClientBootstrapConsensusFallbackDownloadSchedule]] **ClientBootstrapConsensusFallbackDownloadSchedule** __N__,__N__,__...__::
+    Schedule for when clients should download consensuses from fallback
+    directory mirrors if they are bootstrapping (that is, they don't have a
+    usable, reasonably live consensus). Only used by clients fetching from a
+    list of fallback directory mirrors. This schedule is advanced by
+    (potentially concurrent) connection attempts, unlike other schedules,
+    which are advanced by connection failures. (Default: 0, 1, 4, 11, 3600,
+    10800, 25200, 54000, 111600, 262800)
+
+[[ClientBootstrapConsensusAuthorityOnlyDownloadSchedule]] **ClientBootstrapConsensusAuthorityOnlyDownloadSchedule** __N__,__N__,__...__::
+    Schedule for when clients should download consensuses from authorities
+    if they are bootstrapping (that is, they don't have a usable, reasonably
+    live consensus). Only used by clients which don't have or won't fetch
+    from a list of fallback directory mirrors. This schedule is advanced by
+    (potentially concurrent) connection attempts, unlike other schedules,
+    which are advanced by connection failures. (Default: 0, 3, 7, 3600,
+    10800, 25200, 54000, 111600, 262800)
+
+[[ClientBootstrapConsensusMaxDownloadTries]] **ClientBootstrapConsensusMaxDownloadTries** __NUM__::
+    Try this many times to download a consensus while bootstrapping using
+    fallback directory mirrors before giving up. (Default: 7)
+
+[[ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries]] **ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries** __NUM__::
+    Try this many times to download a consensus while bootstrapping using
+    authorities before giving up. (Default: 4)
+
+[[ClientBootstrapConsensusMaxInProgressTries]] **ClientBootstrapConsensusMaxInProgressTries** __NUM__::
+    Try this many simultaneous connections to download a consensus before
+    waiting for one to complete, timeout, or error out. (Default: 4)
 
 SERVER OPTIONS
 --------------
@@ -1456,8 +1628,8 @@ is non-zero):
 [[BridgeRelay]] **BridgeRelay** **0**|**1**::
     Sets the relay to act as a "bridge" with respect to relaying connections
     from bridge users to the Tor network. It mainly causes Tor to publish a
-    server descriptor to the bridge database, rather than publishing a relay
-    descriptor to the public directory authorities.
+    server descriptor to the bridge database, rather than
+    to the public directory authorities.
 
 [[ContactInfo]] **ContactInfo** __email_address__::
     Administrative contact information for this relay or bridge. This line
@@ -1468,24 +1640,56 @@ is non-zero):
     that it's an email address and/or generate a new address for this
     purpose.
 
+[[ExitRelay]] **ExitRelay** **0**|**1**|**auto**::
+    Tells Tor whether to run as an exit relay.  If Tor is running as a
+    non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to
+    exit according to the ExitPolicy option (or the default ExitPolicy if
+    none is specified).
+ +
+    If ExitRelay is set to 0, no traffic is allowed to
+    exit, and the ExitPolicy option is ignored. +
+ +
+    If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but
+    warns the user if this would cause traffic to exit.  In a future version,
+    the default value will be 0. (Default: auto)
+
 [[ExitPolicy]] **ExitPolicy** __policy__,__policy__,__...__::
     Set an exit policy for this server. Each policy is of the form
-    "**accept**|**reject** __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
+    "**accept[6]**|**reject[6]**  __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
     omitted then this policy just applies to the host given. Instead of giving
-    a host or network you can also use "\*" to denote the universe (0.0.0.0/0).
+    a host or network you can also use "\*" to denote the universe (0.0.0.0/0
+    and ::/128), or \*4 to denote all IPv4 addresses, and \*6 to denote all
+    IPv6 addresses.
     __PORT__ can be a single port number, an interval of ports
     "__FROM_PORT__-__TO_PORT__", or "\*". If __PORT__ is omitted, that means
     "\*". +
  +
     For example, "accept 18.7.22.69:\*,reject 18.0.0.0/8:\*,accept \*:\*" would
-    reject any traffic destined for MIT except for web.mit.edu, and accept
-    anything else. +
- +
-    To specify all internal and link-local networks (including 0.0.0.0/8,
-    169.254.0.0/16,    127.0.0.0/8,    192.168.0.0/16, 10.0.0.0/8, and
-    172.16.0.0/12), you can use the "private" alias instead of an address.
-    These addresses are rejected by default (at the beginning of your exit
-    policy), along with your public IP address, unless you set the
+    reject any IPv4 traffic destined for MIT except for web.mit.edu, and accept
+    any other IPv4 or IPv6 traffic. +
+ +
+    Tor also allows IPv6 exit policy entries. For instance, "reject6 [FC00::]/7:\*"
+    rejects all destinations that share 7 most significant bit prefix with
+    address FC00::. Respectively, "accept6 [C000::]/3:\*" accepts all destinations
+    that share 3 most significant bit prefix with address C000::. +
+ +
+    accept6 and reject6 only produce IPv6 exit policy entries. Using an IPv4
+    address with accept6 or reject6 is ignored and generates a warning.
+    accept/reject allows either IPv4 or IPv6 addresses. Use \*4 as an IPv4
+    wildcard address, and \*6 as an IPv6 wildcard address. accept/reject *
+    expands to matching IPv4 and IPv6 wildcard address rules. +
+ +
+    To specify all IPv4 and IPv6 internal and link-local networks (including
+    0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8,
+    172.16.0.0/12, [::]/8, [FC00::]/7, [FE80::]/10, [FEC0::]/10, [FF00::]/8,
+    and [::]/127), you can use the "private" alias instead of an address.
+    ("private" always produces rules for IPv4 and IPv6 addresses, even when
+    used with accept6/reject6.) +
+ +
+    Private addresses are rejected by default (at the beginning of your exit
+    policy), along with any configured primary public IPv4 and IPv6 addresses,
+    and any public IPv4 and IPv6 addresses on any interface on the relay.
+    These private addresses are rejected unless you set the
     ExitPolicyRejectPrivate config option to 0. For example, once you've done
     that, you could allow HTTP to 127.0.0.1 and block all other connections to
     internal networks with "accept 127.0.0.1:80,reject private:\*", though that
@@ -1493,18 +1697,17 @@ is non-zero):
     public (external) IP address. See RFC 1918 and RFC 3330 for more details
     about internal and reserved IP address space. +
  +
-    Tor also allow IPv6 exit policy entries. For instance, "reject6 [FC00::]/7:*"
-    rejects all destinations that share 7 most significant bit prefix with 
-    address FC00::. Respectively, "accept6 [C000::]/3:*" accepts all destinations
-    that share 3 most significant bit prefix with address C000::. +
- +
     This directive can be specified multiple times so you don't have to put it
     all on one line. +
  +
     Policies are considered first to last, and the first match wins. If you
-    want to \_replace_ the default exit policy, end your exit policy with
-    either a reject \*:* or an accept \*:*. Otherwise, you're \_augmenting_
-    (prepending to) the default exit policy. The default exit policy is: +
+    want to allow the same ports on IPv4 and IPv6, write your rules using
+    accept/reject \*. If you want to allow different ports on IPv4 and IPv6,
+    write your IPv6 rules using accept6/reject6 \*6, and your IPv4 rules using
+    accept/reject \*4. If you want to \_replace_ the default exit policy, end
+    your exit policy with either a reject \*:* or an accept \*:*. Otherwise,
+    you're \_augmenting_ (prepending to) the default exit policy. The default
+    exit policy is: +
 
        reject *:25
        reject *:119
@@ -1518,9 +1721,18 @@ is non-zero):
        reject *:6881-6999
        accept *:*
 
+    Since the default exit policy uses accept/reject *, it applies to both
+    IPv4 and IPv6 addresses.
+
 [[ExitPolicyRejectPrivate]] **ExitPolicyRejectPrivate** **0**|**1**::
-    Reject all private (local) networks, along with your own public IP address,
-    at the beginning of your exit policy. See above entry on ExitPolicy.
+    Reject all private (local) networks, along with any configured public
+    IPv4 and IPv6 addresses, at the beginning of your exit policy. (This
+    includes the IPv4 and IPv6 addresses advertised by the relay, any
+    OutboundBindAddress, and the bind addresses of any port options, such as
+    ORPort and DirPort.) This also rejects any public IPv4 and IPv6 addresses
+    on any interface on the relay. (If IPv6Exit is not set, all IPv6 addresses
+    will be rejected anyway.)
+    See above entry on ExitPolicy.
     (Default: 1)
 
 [[IPv6Exit]] **IPv6Exit** **0**|**1**::
@@ -1534,7 +1746,7 @@ is non-zero):
 [[MyFamily]] **MyFamily** __node__,__node__,__...__::
     Declare that this Tor server is controlled or administered by a group or
     organization identical or similar to that of the other servers, defined by
-    their identity fingerprints or nicknames. When two servers both declare
+    their identity fingerprints. When two servers both declare
     that they are in the same \'family', Tor clients will not use them in the
     same circuit. (Each server only needs to list the other servers in its
     family; it doesn't need to list itself, but it won't hurt.) Do not list
@@ -1628,22 +1840,37 @@ is non-zero):
     Log a heartbeat message every **HeartbeatPeriod** seconds. This is
     a log level __notice__ message, designed to let you know your Tor
     server is still alive and doing useful things. Settings this
-    to 0 will disable the heartbeat. (Default: 6 hours)
+    to 0 will disable the heartbeat. Otherwise, it must be at least 30
+    minutes. (Default: 6 hours)
 
 [[AccountingMax]] **AccountingMax** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**KBits**|**MBits**|**GBits**|**TBytes**::
-    Never send more than the specified number of bytes in a given accounting
-    period, or receive more than that number in the period. For example, with
-    AccountingMax set to 1 GByte, a server could send 900 MBytes and
-    receive 800 MBytes and continue running. It will only hibernate once
-    one of the two reaches 1 GByte. When the number of bytes gets low,
-    Tor will stop accepting new connections and circuits.  When the
-    number of bytes is exhausted, Tor will hibernate until some
-    time in the next accounting period. To prevent all servers from waking at
-    the same time, Tor will also wait until a random point in each period
-    before waking up. If you have bandwidth cost issues, enabling hibernation
-    is preferable to setting a low bandwidth, since it provides users with a
-    collection of fast servers that are up some of the time, which is more
-    useful than a set of slow servers that are always "available".
+    Limits the max number of bytes sent and received within a set time period
+    using a given calculation rule (see: AccountingStart, AccountingRule).
+    Useful if you need to stay under a specific bandwidth. By default, the
+    number used for calculation is the max of either the bytes sent or
+    received. For example, with AccountingMax set to 1 GByte, a server
+    could send 900 MBytes and receive 800 MBytes and continue running.
+    It will only hibernate once one of the two reaches 1 GByte. This can
+    be changed to use the sum of the both bytes received and sent by setting
+    the AccountingRule option to "sum" (total bandwidth in/out). When the
+    number of bytes remaining gets low, Tor will stop accepting new connections
+    and circuits. When the number of bytes is exhausted, Tor will hibernate
+    until some time in the next accounting period. To prevent all servers
+    from waking at the same time, Tor will also wait until a random point
+    in each period before waking up. If you have bandwidth cost issues,
+    enabling hibernation is preferable to setting a low bandwidth, since
+    it provides users with a collection of fast servers that are up some
+    of the time, which is more useful than a set of slow servers that are
+    always "available".
+
+[[AccountingRule]] **AccountingRule** **sum**|**max**|**in**|**out**::
+    How we determine when our AccountingMax has been reached (when we
+    should hibernate) during a time interval. Set to "max" to calculate
+    using the higher of either the sent or received bytes (this is the
+    default functionality). Set to "sum" to calculate using the sent
+    plus received bytes. Set to "in" to calculate using only the
+    received bytes. Set to "out" to calculate using only the sent bytes.
+    (Default: max)
 
 [[AccountingStart]] **AccountingStart** **day**|**week**|**month** [__day__] __HH:MM__::
     Specify how long accounting periods last. If **month** is given, each
@@ -1693,7 +1920,7 @@ is non-zero):
 [[ServerDNSTestAddresses]] **ServerDNSTestAddresses** __address__,__address__,__...__::
     When we're detecting DNS hijacking, make sure that these __valid__ addresses
     aren't getting redirected. If they are, then our DNS is completely useless,
-    and we'll reset our exit policy to "reject *:*". This option only affects
+    and we'll reset our exit policy to "reject \*:*". This option only affects
     name lookups that your server does on behalf of clients. (Default:
     "www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org")
 
@@ -1731,25 +1958,58 @@ is non-zero):
     (Default: P256)
 
 [[CellStatistics]] **CellStatistics** **0**|**1**::
-    When this option is enabled, Tor writes statistics on the mean time that
-    cells spend in circuit queues to disk every 24 hours. (Default: 0)
+    Relays only.
+    When this option is enabled, Tor collects statistics about cell
+    processing (i.e. mean time a cell is spending in a queue, mean
+    number of cells in a queue and mean number of processed cells per
+    circuit) and writes them into disk every 24 hours. Onion router
+    operators may use the statistics for performance monitoring.
+    If ExtraInfoStatistics is enabled, it will published as part of
+    extra-info document. (Default: 0)
 
 [[DirReqStatistics]] **DirReqStatistics** **0**|**1**::
+    Relays and bridges only.
     When this option is enabled, a Tor directory writes statistics on the
     number and response time of network status requests to disk every 24
-    hours. (Default: 1)
+    hours. Enables relay and bridge operators to monitor how much their
+    server is being used by clients to learn about Tor network.
+    If ExtraInfoStatistics is enabled, it will published as part of
+    extra-info document. (Default: 1)
 
 [[EntryStatistics]] **EntryStatistics** **0**|**1**::
+    Relays only.
     When this option is enabled, Tor writes statistics on the number of
-    directly connecting clients to disk every 24 hours. (Default: 0)
+    directly connecting clients to disk every 24 hours. Enables relay
+    operators to monitor how much inbound traffic that originates from
+    Tor clients passes through their server to go further down the
+    Tor network. If ExtraInfoStatistics is enabled, it will be published
+    as part of extra-info document. (Default: 0)
 
 [[ExitPortStatistics]] **ExitPortStatistics** **0**|**1**::
-    When this option is enabled, Tor writes statistics on the number of relayed
-    bytes and opened stream per exit port to disk every 24 hours. (Default: 0)
+    Exit relays only.
+    When this option is enabled, Tor writes statistics on the number of
+    relayed bytes and opened stream per exit port to disk every 24 hours.
+    Enables exit relay operators to measure and monitor amounts of traffic
+    that leaves Tor network through their exit node. If ExtraInfoStatistics
+    is enabled, it will be published as part of extra-info document.
+    (Default: 0)
 
 [[ConnDirectionStatistics]] **ConnDirectionStatistics** **0**|**1**::
-    When this option is enabled, Tor writes statistics on the bidirectional use
-    of connections to disk every 24 hours. (Default: 0)
+    Relays only.
+    When this option is enabled, Tor writes statistics on the amounts of
+    traffic it passes between itself and other relays to disk every 24
+    hours. Enables relay operators to monitor how much their relay is
+    being used as middle node in the circuit. If ExtraInfoStatistics is
+    enabled, it will be published as part of extra-info document.
+    (Default: 0)
+
+[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
+    Relays only.
+    When this option is enabled, a Tor relay writes obfuscated
+    statistics on its role as hidden-service directory, introduction
+    point, or rendezvous point to disk every 24 hours. If
+    ExtraInfoStatistics is also enabled, these statistics are further
+    published to the directory authorities. (Default: 1)
 
 [[ExtraInfoStatistics]] **ExtraInfoStatistics** **0**|**1**::
     When this option is enabled, Tor includes previously gathered statistics in
@@ -1757,9 +2017,13 @@ is non-zero):
     (Default: 1)
 
 [[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**::
-    When this option is enabled, Tor routers allow EXTEND request to
-    localhost, RFC1918 addresses, and so on. This can create security issues;
-    you should probably leave it off. (Default: 0)
+    When this option is enabled, Tor will connect to relays on localhost,
+    RFC1918 addresses, and so on. In particular, Tor will make direct OR
+    connections, and Tor routers allow EXTEND requests, to these private
+    addresses. (Tor will always allow connections to bridges, proxies, and
+    pluggable transports configured on private addresses.) Enabling this
+    option can create security issues; you should probably leave it off.
+    (Default: 0)
 
 [[MaxMemInQueues]] **MaxMemInQueues**  __N__ **bytes**|**KB**|**MB**|**GB**::
     This option configures a threshold above which Tor will assume that it
@@ -1771,6 +2035,19 @@ is non-zero):
     this.  If this option is set to 0, Tor will try to pick a reasonable
     default based on your system's physical memory.  (Default: 0)
 
+[[SigningKeyLifetime]] **SigningKeyLifetime** __N__ **days**|**weeks**|**months**::
+    For how long should each Ed25519 signing key be valid?  Tor uses a
+    permanent master identity key that can be kept offline, and periodically
+    generates new "signing" keys that it uses online.  This option
+    configures their lifetime.
+    (Default: 30 days)
+
+[[OfflineMasterKey]] **OfflineMasterKey** **0**|**1**::
+    If non-zero, the Tor relay will never generate or load its master secret
+    key.  Instead, you'll have to use "tor --keygen" to manage the permanent
+    ed25519 master identity key, as well as the corresponding temporary
+    signing keys and certificates. (Default: 0)
+
 DIRECTORY SERVER OPTIONS
 ------------------------
 
@@ -1783,11 +2060,6 @@ if DirPort is non-zero):
     to set up a separate webserver. There's a sample disclaimer in
     contrib/operator-tools/tor-exit-notice.html.
 
-[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
-    When this option is set, Tor accepts and serves v2 hidden service
-    descriptors. Setting DirPort is not required for this, because clients
-    connect via the ORPort by default. (Default: 1)
-
 [[DirPort]] **DirPort** \['address':]__PORT__|**auto** [_flags_]::
     If this option is nonzero, advertise the directory service on this port.
     Set it to "auto" to have Tor pick a port for you.  This option can occur
@@ -1811,6 +2083,12 @@ if DirPort is non-zero):
     except that port specifiers are ignored. Any address not matched by
     some entry in the policy is accepted.
 
+[[DirCache]] **DirCache** **0**|**1**::
+    When this option is set, Tor caches all current directory documents and
+    accepts client requests for them. Setting DirPort is not required for this,
+    because clients connect via the ORPort by default. Setting either DirPort
+    or BridgeRelay and setting DirCache to 0 is not supported.  (Default: 1)
+
 
 DIRECTORY AUTHORITY SERVER OPTIONS
 ----------------------------------
@@ -1831,8 +2109,8 @@ on the public Tor network.
 [[V3AuthoritativeDirectory]] **V3AuthoritativeDirectory** **0**|**1**::
     When this option is set in addition to **AuthoritativeDirectory**, Tor
     generates version 3 network statuses and serves descriptors, etc as
-    described in doc/spec/dir-spec.txt (for Tor clients and servers running at
-    least 0.2.0.x).
+    described in dir-spec.txt file of https://spec.torproject.org/[torspec]
+    (for Tor clients and servers running atleast 0.2.0.x).
 
 [[VersioningAuthoritativeDirectory]] **VersioningAuthoritativeDirectory** **0**|**1**::
     When this option is set to 1, Tor adds information on which versions of
@@ -1841,15 +2119,6 @@ on the public Tor network.
     authorities provide this service optionally. See **RecommendedVersions**,
     **RecommendedClientVersions**, and **RecommendedServerVersions**.
 
-[[NamingAuthoritativeDirectory]] **NamingAuthoritativeDirectory** **0**|**1**::
-    When this option is set to 1, then the server advertises that it has
-    opinions about nickname-to-fingerprint bindings. It will include these
-    opinions in its published network-status pages, by listing servers with
-    the flag "Named" if a correct binding between that nickname and fingerprint
-    has been registered with the dirserver. Naming dirservers will refuse to
-    accept or publish descriptors that contradict a registered binding. See
-    **approved-routers** in the **FILES** section below.
-
 [[RecommendedVersions]] **RecommendedVersions** __STRING__::
     STRING is a comma-separated list of Tor versions currently believed to be
     safe. The list is included in each directory, and nodes which pull down the
@@ -1857,6 +2126,12 @@ on the public Tor network.
     multiple times: the values from multiple lines are spliced together. When
     this is set then **VersioningAuthoritativeDirectory** should be set too.
 
+[[RecommendedPackages]] **RecommendedPackages** __PACKAGENAME__ __VERSION__ __URL__ __DIGESTTYPE__**=**__DIGEST__ ::
+    Adds "package" line to the directory authority's vote.  This information
+    is used to vote on the correct URL and digest for the released versions
+    of different Tor-related packages, so that the consensus can certify
+    them.  This line may appear any number of times.
+
 [[RecommendedClientVersions]] **RecommendedClientVersions** __STRING__::
     STRING is a comma-separated list of Tor versions currently believed to be
     safe for clients to use. This information is included in version 2
@@ -1866,7 +2141,7 @@ on the public Tor network.
 
 [[BridgeAuthoritativeDir]] **BridgeAuthoritativeDir** **0**|**1**::
     When this option is set in addition to **AuthoritativeDirectory**, Tor
-    accepts and serves router descriptors, but it caches and serves the main
+    accepts and serves server descriptors, but it caches and serves the main
     networkstatus documents rather than generating its own. (Default: 0)
 
 [[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
@@ -1885,24 +2160,19 @@ on the public Tor network.
     in the "params" line of its networkstatus vote.
 
 [[DirAllowPrivateAddresses]] **DirAllowPrivateAddresses** **0**|**1**::
-    If set to 1, Tor will accept router descriptors with arbitrary "Address"
+    If set to 1, Tor will accept server descriptors with arbitrary "Address"
     elements. Otherwise, if the address is not an IP address or is a private IP
-    address, it will reject the router descriptor. (Default: 0)
+    address, it will reject the server descriptor. (Default: 0)
 
-[[AuthDirBadDir]] **AuthDirBadDir** __AddressPattern...__::
+[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
     Authoritative directories only. A set of address patterns for servers that
-    will be listed as bad directories in any network status document this
-    authority publishes, if **AuthDirListBadDirs** is set. +
+    will be listed as bad exits in any network status document this authority
+    publishes, if **AuthDirListBadExits** is set.
  +
     (The address pattern syntax here and in the options below
     is the same as for exit policies, except that you don't need to say
     "accept" or "reject", and ports are not needed.)
 
-[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
-    Authoritative directories only. A set of address patterns for servers that
-    will be listed as bad exits in any network status document this authority
-    publishes, if **AuthDirListBadExits** is set.
-
 [[AuthDirInvalid]] **AuthDirInvalid** __AddressPattern...__::
     Authoritative directories only. A set of address patterns for servers that
     will never be listed as "valid" in any network status document that this
@@ -1914,8 +2184,6 @@ on the public Tor network.
     authority publishes, or accepted as an OR address in any descriptor
     submitted for publication by this authority.
 
-[[AuthDirBadDirCCs]] **AuthDirBadDirCCs** __CC__,... +
-
 [[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... +
 
 [[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... +
@@ -1923,28 +2191,15 @@ on the public Tor network.
 [[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...::
     Authoritative directories only. These options contain a comma-separated
     list of country codes such that any server in one of those country codes
-    will be marked as a bad directory/bad exit/invalid for use, or rejected
+    will be marked as a bad exit/invalid for use, or rejected
     entirely.
 
-[[AuthDirListBadDirs]] **AuthDirListBadDirs** **0**|**1**::
-    Authoritative directories only. If set to 1, this directory has some
-    opinion about which nodes are unsuitable as directory caches. (Do not set
-    this to 1 unless you plan to list non-functioning directories as bad;
-    otherwise, you are effectively voting in favor  of every declared
-    directory.)
-
 [[AuthDirListBadExits]] **AuthDirListBadExits** **0**|**1**::
     Authoritative directories only. If set to 1, this directory has some
     opinion about which nodes are unsuitable as exit nodes. (Do not set this to
     1 unless you plan to list non-functioning exits as bad; otherwise, you are
     effectively voting in favor of every declared exit as an exit.)
 
-[[AuthDirRejectUnlisted]] **AuthDirRejectUnlisted** **0**|**1**::
-    Authoritative directories only. If set to 1, the directory server rejects
-    all uploaded server descriptors that aren't explicitly listed in the
-    fingerprints file. This acts as a "panic button" if we get hit with a Sybil
-    attack. (Default: 0)
-
 [[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__::
     Authoritative directories only. The maximum number of servers that we will
     list as acceptable on a single IP address. Set this to "0" for "no limit".
@@ -1964,6 +2219,13 @@ on the public Tor network.
     or more is always sufficient to satisfy the bandwidth requirement
     for the Guard flag. (Default: 250 KBytes)
 
+[[AuthDirPinKeys]] **AuthDirPinKeys** **0**|**1**::
+    Authoritative directories only. If non-zero, do not allow any relay to
+    publish a descriptor if any other relay has reserved its <Ed25519,RSA>
+    identity keypair. In all cases, Tor records every keypair it accepts
+    in a journal if it is new, or if it differs from the most recently
+    accepted pinning for one of the keys it contains. (Default: 0)
+
 [[BridgePassword]] **BridgePassword** __Password__::
     If set, contains an HTTP authenticator that tells a bridge authority to
     serve all requested bridge information. Used by the (only partially
@@ -2015,11 +2277,6 @@ on the public Tor network.
     that fine-grained information about nodes can be discarded when it hasn't
     changed for a given amount of time.  (Default: 24 hours)
 
-[[VoteOnHidServDirectoriesV2]] **VoteOnHidServDirectoriesV2** **0**|**1**::
-    When this option is set in addition to **AuthoritativeDirectory**, Tor
-    votes on whether to accept relays as hidden service directories.
-    (Default: 1)
-
 [[AuthDirHasIPv6Connectivity]] **AuthDirHasIPv6Connectivity** **0**|**1**::
     Authoritative directories only. When set to 0, OR ports with an
     IPv6 address are being accepted without reachability testing.
@@ -2041,13 +2298,19 @@ The following options are used to configure a hidden service.
     Store data files for a hidden service in DIRECTORY. Every hidden service
     must have a separate directory. You may use this option  multiple times to
     specify multiple services. DIRECTORY must be an existing directory.
+    (Note: in current versions of Tor, if DIRECTORY is a relative path,
+    it will be relative to current
+    working directory of Tor instance, not to its DataDirectory.  Do not
+    rely on this behavior; it is not guaranteed to remain the same in future
+    versions.)
 
 [[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
     Configure a virtual port VIRTPORT for a hidden service. You may use this
     option multiple times; each time applies to the service using the most
-    recent hiddenservicedir. By default, this option maps the virtual port to
+    recent HiddenServiceDir. By default, this option maps the virtual port to
     the same port on 127.0.0.1 over TCP. You may override the target port,
-    address, or both by specifying a target of addr, port, or addr:port.
+    address, or both by specifying a target of addr, port, addr:port, or
+    **unix:**__path__.  (You can specify an IPv6 target as [addr]:port.)
     You may also have multiple lines with  the same VIRTPORT: when a user
     connects to that VIRTPORT, one of the TARGETs from those lines will be
     chosen at random.
@@ -2074,11 +2337,37 @@ The following options are used to configure a hidden service.
     found in the hostname file. Clients need to put this authorization data in
     their configuration file using **HidServAuth**.
 
+[[HiddenServiceAllowUnknownPorts]] **HiddenServiceAllowUnknownPorts** **0**|**1**::
+   If set to 1, then connections to unrecognized ports do not cause the
+   current hidden service to close rendezvous circuits. (Setting this to 0 is
+   not an authorization mechanism; it is instead meant to be a mild
+   inconvenience to port-scanners.) (Default: 0)
+
+[[HiddenServiceMaxStreams]] **HiddenServiceMaxStreams** __N__::
+   The maximum number of simultaneous streams (connections) per rendezvous
+   circuit. (Setting this to 0 will allow an unlimited number of simultanous
+   streams.) (Default: 0)
+
+[[HiddenServiceMaxStreamsCloseCircuit]] **HiddenServiceMaxStreamsCloseCircuit** **0**|**1**::
+   If set to 1, then exceeding **HiddenServiceMaxStreams** will cause the
+   offending rendezvous circuit to be torn down, as opposed to stream creation
+   requests that exceed the limit being silently ignored. (Default: 0)
+
 [[RendPostPeriod]] **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
     Every time the specified period elapses, Tor uploads any rendezvous
     service descriptors to the directory servers. This information  is also
     uploaded whenever it changes. (Default: 1 hour)
 
+[[HiddenServiceDirGroupReadable]] **HiddenServiceDirGroupReadable** **0**|**1**::
+    If this option is set to 1, allow the filesystem group to read the
+    hidden service directory and hostname file. If the option is set to 0,
+    only owner is able to read the hidden service directory. (Default: 0)
+    Has no effect on Windows.
+
+[[HiddenServiceNumIntroductionPoints]] **HiddenServiceNumIntroductionPoints** __NUM__::
+    Number of introduction points the hidden service will have. You can't
+    have more than 10. (Default: 3)
+
 TESTING NETWORK OPTIONS
 -----------------------
 
@@ -2097,6 +2386,14 @@ The following options are used for running a testing Tor network.
        AssumeReachable 1
        AuthDirMaxServersPerAddr 0
        AuthDirMaxServersPerAuthAddr 0
+       ClientBootstrapConsensusAuthorityDownloadSchedule 0, 2,
+          4 (for 40 seconds), 8, 16, 32, 60
+       ClientBootstrapConsensusFallbackDownloadSchedule 0, 1,
+          4 (for 40 seconds), 8, 16, 32, 60
+       ClientBootstrapConsensusAuthorityOnlyDownloadSchedule 0, 1,
+          4 (for 40 seconds), 8, 16, 32, 60
+       ClientBootstrapConsensusMaxDownloadTries 80
+       ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80
        ClientDNSRejectInternalAddresses 0
        ClientRejectInternalAddresses 0
        CountPrivateBandwidth 1
@@ -2151,7 +2448,7 @@ The following options are used for running a testing Tor network.
     that **TestingTorNetwork** is set.  (Default: 30 minutes)
 
 [[TestingEstimatedDescriptorPropagationTime]] **TestingEstimatedDescriptorPropagationTime** __N__ **minutes**|**hours**::
-    Clients try downloading router descriptors from directory caches after this
+    Clients try downloading server descriptors from directory caches after this
     time. Changing this requires that **TestingTorNetwork** is set. (Default:
     10 minutes)
 
@@ -2195,11 +2492,11 @@ The following options are used for running a testing Tor network.
     5 minutes)
 
 [[TestingConsensusMaxDownloadTries]] **TestingConsensusMaxDownloadTries** __NUM__::
-    Try this often to download a consensus before giving up. Changing
+    Try this many times to download a consensus before giving up. Changing
     this requires that **TestingTorNetwork** is set. (Default: 8)
 
 [[TestingDescriptorMaxDownloadTries]] **TestingDescriptorMaxDownloadTries** __NUM__::
-    Try this often to download a router descriptor before giving up.
+    Try this often to download a server descriptor before giving up.
     Changing this requires that **TestingTorNetwork** is set. (Default: 8)
 
 [[TestingMicrodescMaxDownloadTries]] **TestingMicrodescMaxDownloadTries** __NUM__::
@@ -2210,8 +2507,26 @@ The following options are used for running a testing Tor network.
     Try this often to download a v3 authority certificate before giving up.
     Changing this requires that **TestingTorNetwork** is set. (Default: 8)
 
+[[TestingDirAuthVoteExit]] **TestingDirAuthVoteExit** __node__,__node__,__...__::
+    A list of identity fingerprints, country codes, and
+    address patterns of nodes to vote Exit for regardless of their
+    uptime, bandwidth, or exit policy. See the **ExcludeNodes**
+    option for more information on how to specify nodes.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set. See the **ExcludeNodes** option for more
+    information on how to specify nodes.
+
+[[TestingDirAuthVoteExitIsStrict]] **TestingDirAuthVoteExitIsStrict** **0**|**1** ::
+    If True (1), a node will never receive the Exit flag unless it is specified
+    in the **TestingDirAuthVoteExit** list, regardless of its uptime, bandwidth,
+    or exit policy.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set.
+
 [[TestingDirAuthVoteGuard]] **TestingDirAuthVoteGuard** __node__,__node__,__...__::
-    A list of identity fingerprints, nicknames, country codes and
+    A list of identity fingerprints and country codes and
     address patterns of nodes to vote Guard for regardless of their
     uptime and bandwidth. See the **ExcludeNodes** option for more
     information on how to specify nodes.
@@ -2219,6 +2534,29 @@ The following options are used for running a testing Tor network.
     In order for this option to have any effect, **TestingTorNetwork**
     has to be set.
 
+[[TestingDirAuthVoteGuardIsStrict]] **TestingDirAuthVoteGuardIsStrict** **0**|**1** ::
+    If True (1), a node will never receive the Guard flag unless it is specified
+    in the **TestingDirAuthVoteGuard** list, regardless of its uptime and bandwidth.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set.
+
+[[TestingDirAuthVoteHSDir]] **TestingDirAuthVoteHSDir** __node__,__node__,__...__::
+    A list of identity fingerprints and country codes and
+    address patterns of nodes to vote HSDir for regardless of their
+    uptime and DirPort. See the **ExcludeNodes** option for more
+    information on how to specify nodes.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    must be set.
+
+[[TestingDirAuthVoteHSDirIsStrict]] **TestingDirAuthVoteHSDirIsStrict** **0**|**1** ::
+    If True (1), a node will never receive the HSDir flag unless it is specified
+    in the **TestingDirAuthVoteHSDir** list, regardless of its uptime and DirPort.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set.
+
 [[TestingEnableConnBwEvent]] **TestingEnableConnBwEvent** **0**|**1**::
     If this option is set, then Tor controllers may register for CONN_BW
     events.  Changing this requires that **TestingTorNetwork** is set.
@@ -2239,6 +2577,25 @@ The following options are used for running a testing Tor network.
     authority on a testing network. Overrides the usual default lower bound
     of 4 KB. (Default: 0)
 
+[[TestingLinkCertLifetime]] **TestingLinkCertLifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
+    Overrides the default lifetime for the certificates used to authenticate
+    our X509 link cert with our ed25519 signing key.
+    (Default: 2 days)
+
+[[TestingAuthKeyLifetime]] **TestingAuthKeyLifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
+    Overrides the default lifetime for a signing Ed25519 TLS Link authentication
+    key.
+    (Default: 2 days)
+
+[[TestingLinkKeySlop]] **TestingLinkKeySlop** __N__ **seconds**|**minutes**|**hours** +
+
+[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ **seconds**|**minutes**|**hours** +
+
+[[TestingSigningKeySlop]] **TestingSigningKeySlop** __N__ **seconds**|**minutes**|**hours**::
+    How early before the official expiration of a an Ed25519 signing key do
+    we replace it and issue a new key?
+    (Default: 3 hours for link and auth; 1 day for signing.)
+
 SIGNALS
 -------
 
@@ -2322,7 +2679,7 @@ __DataDirectory__**/state**::
             below).
             - When the file was last written
             - What version of Tor generated the state file
-            - A short history of bandwidth usage, as produced in the router
+            - A short history of bandwidth usage, as produced in the server
             descriptors.
 
 __DataDirectory__**/bw_accounting**::
@@ -2334,8 +2691,8 @@ __DataDirectory__**/bw_accounting**::
 __DataDirectory__**/control_auth_cookie**::
     Used for cookie authentication with the controller. Location can be
     overridden by the CookieAuthFile config option. Regenerated on startup. See
-    control-spec.txt for details. Only used when cookie authentication is
-    enabled.
+    control-spec.txt in https://spec.torproject.org/[torspec] for details.
+    Only used when cookie authentication is enabled.
 
 __DataDirectory__**/lock**::
     This file is used to prevent two Tor instances from using same data
@@ -2345,6 +2702,61 @@ __DataDirectory__**/lock**::
 __DataDirectory__**/keys/***::
     Only used by servers. Holds identity keys and onion keys.
 
+__DataDirectory__**/keys/authority_identity_key**::
+    A v3 directory authority's master identity key, used to authenticate its
+    signing key. Tor doesn't use this while it's running. The tor-gencert
+    program uses this. If you're running an authority, you should keep this
+    key offline, and not actually put it here.
+
+__DataDirectory__**/keys/authority_certificate**::
+    A v3 directory authority's certificate, which authenticates the authority's
+    current vote- and consensus-signing key using its master identity key.
+    Only directory authorities use this file.
+
+__DataDirectory__**/keys/authority_signing_key**::
+    A v3 directory authority's signing key, used to sign votes and consensuses.
+    Only directory authorities use this file.  Corresponds to the
+    **authority_certificate** cert.
+
+__DataDirectory__**/keys/legacy_certificate**::
+    As authority_certificate: used only when V3AuthUseLegacyKey is set.
+    See documentation for V3AuthUseLegacyKey.
+
+__DataDirectory__**/keys/legacy_signing_key**::
+    As authority_signing_key: used only when V3AuthUseLegacyKey is set.
+    See documentation for V3AuthUseLegacyKey.
+
+__DataDirectory__**/keys/secret_id_key**::
+    A relay's RSA1024 permanent identity key, including private and public
+    components.  Used to sign router descriptors, and to sign other keys.
+
+__DataDirectory__**/keys/ed25519_master_id_public_key**::
+    The public part of a relay's Ed25519 permanent identity key.
+
+__DataDirectory__**/keys/ed25519_master_id_secret_key**::
+    The private part of a relay's Ed25519 permanent identity key.  This key
+    is used to sign the medium-term ed25519 signing key.  This file can be
+    kept offline, or kept encrypted. If so, Tor will not be able to generate
+    new signing keys itself; you'll need to use tor --keygen yourself to do
+    so.
+
+__DataDirectory__**/keys/ed25519_signing_secret_key**::
+    The private and public components of a relay's medium-term Ed25519 signing
+    key. This key is authenticated by the Ed25519 master key, in turn
+    authenticates other keys (and router descriptors).
+
+__DataDirectory__**/keys/ed25519_signing_cert**::
+    The certificate which authenticates "ed25519_signing_secret_key" as
+    having been signed by the Ed25519 master key.
+
+__DataDirectory__**/keys/secret_onion_key**::
+    A relay's RSA1024 short-term onion key. Used to decrypt old-style ("TAP")
+    circuit extension requests.
+
+__DataDirectory__**/keys/secret_onion_key_ntor**::
+    A relay's Curve25519 short-term onion key. Used to handle modern ("ntor")
+    circuit extension requests.
+
 __DataDirectory__**/fingerprint**::
     Only used by servers. Holds the fingerprint of the server's identity key.
 
@@ -2352,20 +2764,9 @@ __DataDirectory__**/hashed-fingerprint**::
     Only used by bridges. Holds the hashed fingerprint of the bridge's
     identity key. (That is, the hash of the hash of the identity key.)
 
-__DataDirectory__**/approved-routers**::
-    Only for naming authoritative directory servers (see
-    **NamingAuthoritativeDirectory**). This file lists nickname to identity
-    bindings. Each line lists a nickname and a fingerprint separated by
-    whitespace. See your **fingerprint** file in the __DataDirectory__ for an
-    example line. If the nickname is **!reject** then descriptors from the
-    given identity (fingerprint) are rejected by this server. If it is
-    **!invalid** then descriptors are accepted but marked in the directory as
-    not valid, that is, not recommended.
-
 __DataDirectory__**/v3-status-votes**::
-    Only for authoritative directory servers. This file contains status votes
-    from all the authoritative directory servers and is used to generate the
-    network consensus document.
+    Only for v3 authoritative directory servers. This file contains
+    status votes from all the authoritative directory servers.
 
 __DataDirectory__**/unverified-consensus**::
     This file contains a network consensus document that has been downloaded,
@@ -2377,7 +2778,7 @@ __DataDirectory__**/unverified-microdesc-consensus**::
     to check yet.
 
 __DataDirectory__**/unparseable-desc**::
-    Onion router descriptors that Tor was unable to parse are dumped to this
+    Onion server descriptors that Tor was unable to parse are dumped to this
     file. Only used for debugging.
 
 __DataDirectory__**/router-stability**::
@@ -2409,6 +2810,11 @@ __DataDirectory__**/stats/conn-stats**::
     Only used by servers. This file is used to collect approximate connection
     history (number of active connections over time).
 
+__DataDirectory__**/networkstatus-bridges**::
+    Only used by authoritative bridge directories. Contains information
+    about bridges that have self-reported themselves to the bridge
+    authority.
+
 __HiddenServiceDirectory__**/hostname**::
     The <base32-encoded-fingerprint>.onion domain name for this hidden service.
     If the hidden service is restricted to authorized clients only, this file
@@ -2427,11 +2833,12 @@ SEE ALSO
 
 **https://www.torproject.org/**
 
+**torspec: https://spec.torproject.org **
 
 BUGS
 ----
 
-Plenty, probably. Tor is still in development. Please report them.
+Plenty, probably. Tor is still in development. Please report them at https://trac.torproject.org/.
 
 AUTHORS
 -------
diff --git a/doc/torrc_format.txt b/doc/torrc_format.txt
new file mode 100644
index 0000000000..7a809901d9
--- /dev/null
+++ b/doc/torrc_format.txt
@@ -0,0 +1,205 @@
+
+This document specifies the current format and semantics of the torrc
+file, as of July 2015.  Note that we make no guarantee about the
+stability of this format.  If you write something designed for strict
+compatibility with this document, please expect us to break it sooner or
+later.
+
+Yes, some of this is quite stupid.  My goal here is to explain what it
+does, not what it should do.
+
+  - Nick
+
+
+
+1. File Syntax
+
+   ; The syntax here is defined an Augmented Backus-Naur form, as
+   ; specified in RFC5234.
+
+   ; A file is interpreted as every Entry in the file, in order.
+   TorrcFile = *Line
+
+   Line = BlankLine / Entry
+
+   BlankLine =  *WSP OptComment LF
+   BlankLine =/ *WSP LF
+
+   OptComment = [ Comment ]
+
+   Comment = "#" *NonLF
+
+   ; Each Entry is interpreted as an optional "Magic" flag, a key, and a
+   ; value.
+   Entry =  *WSP [ Magic ] Key 1*(1*WSP / "\" NL *WSP) Val LF
+   Entry =/ *WSP [ Magic ] Key  *( *WSP / "\" NL *WSP) LF
+
+   Magic = "+" / "/"
+
+   ; Keys are always specified verbatim.  They are case insensitive.  It
+   ; is an error to specify a key that Tor does not recognize.
+   Key = 1*KC
+
+   ; Sadly, every kind of value is decoded differently...
+   Val = QuotedVal / ContinuedVal / PlainVal
+
+   ; The text of a PlainVal is the text of its PVBody portion,
+   ; plus the optional trailing backslash.
+   PlainVal = PVBody [ "\" ] *WSP OptComment
+
+   ; Note that a PVBody is copied verbatim.  Slashes are included
+   ; verbatim.  No changes are made.  Note that a body may be empty.
+   PVBody = * (VC / "\" NonLF )
+
+   ; The text of a ContinuedVal is the text of each of its PVBody
+   ; sub-elements, in order, concatenated.
+   ContinuedVal = CVal1 *CVal2 CVal3
+
+   CVal1 = PVBody "\" LF
+   CVal2 = PVBody ( "\" LF / Comment LF )
+   CVal3 = PVBody
+
+   ; The text of a QuotedVal is decoded as if it were a C string.
+   QuotedVal = DQ QVBody DQ *WSP Comment
+
+   QVBody =  QC
+   QVBody =/ "\" ( "n" / "r" / "t" / "\" / "'" / DQUOTE )
+   QVBOdy =/ "\" ( "x" 2HEXDIG / 1*3OCTDIG )
+
+   ; Anything besides NUL and LF
+   NonLF = %x01-%x09 / %x0b - %xff
+
+   OCTDIG = '0' - '7'
+
+   KC = Any character except an isspace() character or '#' or NUL
+   VC = Any character except '\\', '\n', '#', or NUL
+   QC = Any character except '\n', '\\', '\"', or NUL
+
+2. Mid-level Semantics
+
+
+   There are four configuration "domains", from lowest to highest priority:
+
+      * Built-in defaults
+      * The "torrc_defaults" file, if any
+      * The "torrc" file, if any
+      * Arguments provided on the command line, if any.
+
+   Normally, values from high-priority domains override low-priority
+   domains, but see 'magic' below.
+
+   Configuration keys fall into three categories: singletons, lists, and
+   groups.
+
+   A singleton key may appear at most once in any domain.  Its
+   corresponding value is equal to its value in the highest-priority
+   domain in which it occurs.
+
+   A list key may appear any number of times in a domain.  By default,
+   its corresponding value is equal to all of the values specified for
+   it in the highest-priority domain in which it appears. (See 'magic'
+   below).
+
+   A group key may appear any number of times in a domain.  It is
+   associated with a number of other keys in the same group.  The
+   relative positions of entries with the keys in a single group
+   matters, but entries with keys not in the group may be freely
+   interspersed.  By default, the group has a value equal to all keys
+   and values it contains, from the highest-priority domain in which any
+   of its keys occurs.
+
+   Magic:
+
+      If the '/' flag is specified for an entry, it sets the value for
+      that entry to an empty list.  (This will cause a higher-priority
+      domain to clear a list from a lower-priority domain, without
+      actually adding any entries.)
+
+      If the '+' flag is specified for the first entry in a list or a
+      group that appears in a given domain, that list or group is
+      appended to the list or group from the next-lowest-priority
+      domain, rather than replacing it.
+
+3. High-level semantics
+
+   There are further constraints on the values that each entry can take.
+   These constraints are out-of-scope for this document.
+
+4. Examples
+
+   (Indentation is removed in this section, to avoid confusion.)
+
+4.1. Syntax examples
+
+# Here is a simple configuration entry.  The key is "Foo"; the value is
+# "Bar"
+
+Foo Bar
+
+# A configuration entry can have spaces in its value, as below. Here the
+# key is "Foo" and the value is "Bar    Baz"
+Foo    Bar    Baz
+
+# This configuration entry has space at the end of the line, but those
+# spaces don't count, so the key and value are still "Foo" and "Bar    Baz"
+Foo    Bar    Baz    
+
+# There can be an escaped newline between the value and the key.  This
+# is another way to say  key="Hello", value="World"
+Hello\
+World
+
+# In regular entries of this kind, you can have a comment at the end of
+# the line, either with a space before it or not.  Each of these is a
+# different spelling of key="Hello", value="World"
+
+Hello World   #today
+Hello World#tomorrow
+
+# One way to encode a complex entry is as a C string.  This is the same
+# as key="Hello", value="World!"
+Hello "World!"
+
+# The string can contain the usual set of C escapes.  This entry has
+# key="Hello", and value="\"World\"\nand\nuniverse"
+Hello "\"World\"\nand\nuniverse"
+
+# And now we get to the more-or-less awful part.
+#
+# Multi-line entries ending with a backslash on each line aren't so
+# bad.  The backslash is removed, and everything else is included
+# verbatim. So this entry has key="Hello" and value="Worldandfriends"
+Hello\
+World\
+and\
+friends
+
+# Backslashes in the middle of a line are included as-is.  The key of
+# this one is "Too" and the value is "Many\\Backsl\ashes here" (with
+# backslashes in that last string as-is)
+Too \
+Many\\\
+Backsl\ashes \\
+here
+
+# And here's the really yucky part. If a comment appears in a multi-line
+# entry, the entry is still able to continue on the next line, as in the
+# following, where the key is "This" and the value is
+# "entry   and some        are  silly"
+This entry      \
+ # has comments \
+ and some       \
+ are # generally \
+ silly
+
+# But you can also write that without the backslashes at the end of the
+# comment lines.  That is to say, this entry is exactly the same as the
+# one above!
+This entry      \
+ # has comments
+ and some       \
+ are # generally
+ silly
+
+
+
diff --git a/m4/pkg.m4 b/m4/pkg.m4
new file mode 100644
index 0000000000..c5b26b52e6
--- /dev/null
+++ b/m4/pkg.m4
@@ -0,0 +1,214 @@
+# pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
+# serial 1 (pkg-config-0.24)
+# 
+# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# PKG_PROG_PKG_CONFIG([MIN-VERSION])
+# ----------------------------------
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])# PKG_PROG_PKG_CONFIG
+
+# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+#
+# Check to see whether a particular set of modules exists.  Similar
+# to PKG_CHECK_MODULES(), but does not set variables or print errors.
+#
+# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+# only at the first occurence in configure.ac, so if the first place
+# it's called might be skipped (such as if it is within an "if", you
+# have to call PKG_CHECK_EXISTS manually
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+# ---------------------------------------------
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])# _PKG_CONFIG
+
+# _PKG_SHORT_ERRORS_SUPPORTED
+# -----------------------------
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])# _PKG_SHORT_ERRORS_SUPPORTED
+
+
+# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+# [ACTION-IF-NOT-FOUND])
+#
+#
+# Note that if there is a possibility the first call to
+# PKG_CHECK_MODULES might not happen, you should be sure to include an
+# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+#
+#
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $1])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+   	AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else 
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+	m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+     	AC_MSG_RESULT([no])
+	m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+        ])
+else
+	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+	$3
+fi[]dnl
+])# PKG_CHECK_MODULES
+
+
+# PKG_INSTALLDIR(DIRECTORY)
+# -------------------------
+# Substitutes the variable pkgconfigdir as the location where a module
+# should install pkg-config .pc files. By default the directory is
+# $libdir/pkgconfig, but the default can be changed by passing
+# DIRECTORY. The user can override through the --with-pkgconfigdir
+# parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+]) dnl PKG_INSTALLDIR
+
+
+# PKG_NOARCH_INSTALLDIR(DIRECTORY)
+# -------------------------
+# Substitutes the variable noarch_pkgconfigdir as the location where a
+# module should install arch-independent pkg-config .pc files. By
+# default the directory is $datadir/pkgconfig, but the default can be
+# changed by passing DIRECTORY. The user can override through the
+# --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+]) dnl PKG_NOARCH_INSTALLDIR
+
+
+# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+# -------------------------------------------
+# Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])# PKG_CHECK_VAR
diff --git a/scripts/README b/scripts/README
index 70c763923c..02faabe06b 100644
--- a/scripts/README
+++ b/scripts/README
@@ -56,3 +56,8 @@ for servers to choose from.
 codegen/get_mozilla_ciphers.py -- Generate a list of TLS ciphersuites for
 clients to use in order to look like Firefox.
 
+Code transformation scripts
+---------------------------
+
+coccinelle/calloc.cocci -- Transform code to replace variants of
+malloc(a*b) with calloc(a,b)
diff --git a/scripts/coccinelle/calloc.cocci b/scripts/coccinelle/calloc.cocci
new file mode 100644
index 0000000000..fbda88e538
--- /dev/null
+++ b/scripts/coccinelle/calloc.cocci
@@ -0,0 +1,23 @@
+// Use calloc or realloc as appropriate instead of multiply-and-alloc
+
+@malloc_to_calloc@
+identifier f =~ "(tor_malloc|tor_malloc_zero)";
+expression a;
+constant b;
+@@
+- f(a * b)
++ tor_calloc(a, b)
+
+@calloc_arg_order@
+expression a;
+type t;
+@@
+- tor_calloc(sizeof(t), a)
++ tor_calloc(a, sizeof(t))
+
+@realloc_to_reallocarray@
+expression a, b;
+expression p;
+@@
+- tor_realloc(p, a * b)
++ tor_reallocarray(p, a, b)
diff --git a/scripts/coccinelle/malloc_cast.cocci b/scripts/coccinelle/malloc_cast.cocci
new file mode 100644
index 0000000000..20321d4fd0
--- /dev/null
+++ b/scripts/coccinelle/malloc_cast.cocci
@@ -0,0 +1,38 @@
+@cast_malloc@
+expression e;
+type T;
+@@
+- (T *)tor_malloc(e)
++ tor_malloc(e)
+
+@cast_malloc_zero@
+expression e;
+type T;
+identifier func;
+@@
+- (T *)tor_malloc_zero(e)
++ tor_malloc_zero(e)
+
+@cast_calloc@
+expression a, b;
+type T;
+identifier func;
+@@
+- (T *)tor_calloc(a, b)
++ tor_calloc(a, b)
+
+@cast_realloc@
+expression e;
+expression p;
+type T;
+@@
+- (T *)tor_realloc(p, e)
++ tor_realloc(p, e)
+
+@cast_reallocarray@
+expression a,b;
+expression p;
+type T;
+@@
+- (T *)tor_reallocarray(p, a, b)
++ tor_reallocarray(p, a, b)
diff --git a/scripts/coccinelle/uncalloc.cocci b/scripts/coccinelle/uncalloc.cocci
new file mode 100644
index 0000000000..bf3f74165a
--- /dev/null
+++ b/scripts/coccinelle/uncalloc.cocci
@@ -0,0 +1,13 @@
+
+@@
+expression a;
+@@
+- tor_calloc(1, a)
++ tor_malloc_zero(a)
+
+@@
+expression a;
+@@
+- tor_calloc(a, 1)
++ tor_malloc_zero(a)
+
diff --git a/scripts/codegen/gen_server_ciphers.py b/scripts/codegen/gen_server_ciphers.py
index 97ed9d0469..0dca8a6734 100755
--- a/scripts/codegen/gen_server_ciphers.py
+++ b/scripts/codegen/gen_server_ciphers.py
@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright 2014, The Tor Project, Inc
+# Copyright 2014-2015, The Tor Project, Inc
 # See LICENSE for licensing information
 
 # This script parses openssl headers to find ciphersuite names, determines
diff --git a/scripts/codegen/get_mozilla_ciphers.py b/scripts/codegen/get_mozilla_ciphers.py
index 0636eb3658..e673ec7dc6 100644
--- a/scripts/codegen/get_mozilla_ciphers.py
+++ b/scripts/codegen/get_mozilla_ciphers.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 # coding=utf-8
-# Copyright 2011, The Tor Project, Inc
+# Copyright 2011-2015, The Tor Project, Inc
 # original version by Arturo Filastò
 # See LICENSE for licensing information
 
@@ -29,7 +29,7 @@ def ossl(s):
 #####
 # Read the cpp file to understand what Ciphers map to what name :
 # Make "ciphers" a map from name used in the javascript to a cipher macro name
-fileA = open(ff('security/manager/ssl/src/nsNSSComponent.cpp'),'r')
+fileA = open(ff('security/manager/ssl/nsNSSComponent.cpp'),'r')
 
 # The input format is a file containing exactly one section of the form:
 # static CipherPref CipherPrefs[] = {
@@ -71,7 +71,7 @@ for line in cipherLines:
         assert not key_pending
         key_pending = m.group(1)
         continue
-    m = re.search(r'^\s*(\S+)(?:,\s*(true|false))?\s*}', line)
+    m = re.search(r'^\s*(\S+)(?:,\s*(true|false))+\s*}', line)
     if m:
         assert key_pending
         key = key_pending
@@ -107,7 +107,7 @@ fileC.close()
 # Build a map enabled_ciphers from javascript name to "true" or "false",
 # and an (unordered!) list of the macro names for those ciphers that are
 # enabled.
-fileB = open(ff('netwerk/base/public/security-prefs.js'), 'r')
+fileB = open(ff('netwerk/base/security-prefs.js'), 'r')
 
 enabled_ciphers = {}
 for line in fileB:
diff --git a/scripts/codegen/makedesc.py b/scripts/codegen/makedesc.py
new file mode 100644
index 0000000000..d4ba21efae
--- /dev/null
+++ b/scripts/codegen/makedesc.py
@@ -0,0 +1,351 @@
+#!/usr/bin/python
+# Copyright 2014-2015, The Tor Project, Inc.
+# See LICENSE for license information
+
+# This is a kludgey python script that uses ctypes and openssl to sign
+# router descriptors and extrainfo documents and put all the keys in
+# the right places.  There are examples at the end of the file.
+
+# I've used this to make inputs for unit tests.  I wouldn't suggest
+# using it for anything else.
+
+import base64
+import binascii
+import ctypes
+import ctypes.util
+import hashlib
+import optparse
+import os
+import re
+import struct
+import time
+import UserDict
+
+import slow_ed25519
+import slownacl_curve25519
+import ed25519_exts_ref
+
+# Pull in the openssl stuff we need.
+
+crypt = ctypes.CDLL(ctypes.util.find_library('crypto'))
+BIO_s_mem = crypt.BIO_s_mem
+BIO_s_mem.argtypes = []
+BIO_s_mem.restype = ctypes.c_void_p
+
+BIO_new = crypt.BIO_new
+BIO_new.argtypes = [ctypes.c_void_p]
+BIO_new.restype = ctypes.c_void_p
+
+crypt.BIO_free.argtypes = [ctypes.c_void_p]
+crypt.BIO_free.restype = ctypes.c_int
+
+crypt.BIO_ctrl.argtypes = [ctypes.c_void_p, ctypes.c_int, ctypes.c_long, ctypes.c_void_p ]
+crypt.BIO_ctrl.restype = ctypes.c_long
+
+crypt.PEM_write_bio_RSAPublicKey.argtypes = [ ctypes.c_void_p, ctypes.c_void_p ]
+crypt.PEM_write_bio_RSAPublicKey.restype = ctypes.c_int
+
+RSA_generate_key = crypt.RSA_generate_key
+RSA_generate_key.argtypes = [ctypes.c_int, ctypes.c_ulong, ctypes.c_void_p, ctypes.c_void_p]
+RSA_generate_key.restype = ctypes.c_void_p
+
+RSA_private_encrypt = crypt.RSA_private_encrypt
+RSA_private_encrypt.argtypes = [
+    ctypes.c_int, ctypes.c_char_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int ]
+RSA_private_encrypt.restype = ctypes.c_int
+
+i2d_RSAPublicKey = crypt.i2d_RSAPublicKey
+i2d_RSAPublicKey.argtypes = [
+    ctypes.c_void_p, ctypes.POINTER(ctypes.c_char_p)
+]
+i2d_RSAPublicKey.restype = ctypes.c_int
+
+
+def rsa_sign(msg, rsa):
+    buf = ctypes.create_string_buffer(1024)
+    n = RSA_private_encrypt(len(msg), msg, buf, rsa, 1)
+    if n <= 0:
+        raise Exception()
+    return buf.raw[:n]
+
+def b64(x):
+    x = base64.b64encode(x)
+    res = []
+    for i in xrange(0, len(x), 64):
+        res.append(x[i:i+64]+"\n")
+    return "".join(res)
+
+def bio_extract(bio):
+    buf = ctypes.c_char_p()
+    length = crypt.BIO_ctrl(bio, 3, 0, ctypes.byref(buf))
+    return ctypes.string_at(buf, length)
+
+def make_rsa_key(e=65537):
+    rsa = crypt.RSA_generate_key(1024, e, None, None)
+    bio = BIO_new(BIO_s_mem())
+    crypt.PEM_write_bio_RSAPublicKey(bio, rsa)
+    pem = bio_extract(bio).rstrip()
+    crypt.BIO_free(bio)
+    buf = ctypes.create_string_buffer(1024)
+    pBuf = ctypes.c_char_p(ctypes.addressof(buf))
+    n = crypt.i2d_RSAPublicKey(rsa, ctypes.byref(pBuf))
+    s = buf.raw[:n]
+    digest = hashlib.sha1(s).digest()
+    return (rsa,pem,digest)
+
+def makeEdSigningKeyCert(sk_master, pk_master, pk_signing, date,
+                         includeSigning=False, certType=1):
+    assert len(pk_signing) == len(pk_master) == 32
+    expiration = struct.pack("!L", date//3600)
+    if includeSigning:
+        extensions = "\x01\x00\x20\x04\x00%s"%(pk_master)
+    else:
+        extensions = "\x00"
+    signed = "\x01%s%s\x01%s%s" % (
+        chr(certType), expiration, pk_signing, extensions)
+    signature = ed25519_exts_ref.signatureWithESK(signed, sk_master, pk_master)
+    assert len(signature) == 64
+    return signed+signature
+
+def objwrap(identifier, body):
+    return ("-----BEGIN {0}-----\n"
+            "{1}"
+            "-----END {0}-----").format(identifier, body)
+
+MAGIC1 = "<<<<<<MAGIC>>>>>>"
+MAGIC2 = "<<<<<!#!#!#XYZZY#!#!#!>>>>>"
+
+class OnDemandKeys(object):
+    def __init__(self, certDate=None):
+        if certDate is None:
+            certDate = time.time() + 86400
+        self.certDate = certDate
+        self.rsa_id = None
+        self.rsa_onion_key = None
+        self.ed_id_sk = None
+        self.ntor_sk = None
+        self.ntor_crosscert = None
+        self.rsa_crosscert_ed = None
+        self.rsa_crosscert_noed = None
+
+    @property
+    def RSA_IDENTITY(self):
+        if self.rsa_id is None:
+            self.rsa_id, self.rsa_ident_pem, self.rsa_id_digest = make_rsa_key()
+
+        return self.rsa_ident_pem
+
+    @property
+    def RSA_ID_DIGEST(self):
+        self.RSA_IDENTITY
+        return self.rsa_id_digest
+
+    @property
+    def RSA_FINGERPRINT_NOSPACE(self):
+        return binascii.b2a_hex(self.RSA_ID_DIGEST).upper()
+
+    @property
+    def RSA_ONION_KEY(self):
+        if self.rsa_onion_key is None:
+            self.rsa_onion_key, self.rsa_onion_pem, _ = make_rsa_key()
+
+        return self.rsa_onion_pem
+
+    @property
+    def RSA_FINGERPRINT(self):
+        hexdigest = self.RSA_FINGERPRINT_NOSPACEK
+        return " ".join(hexdigest[i:i+4] for i in range(0,len(hexdigest),4))
+
+    @property
+    def RSA_SIGNATURE(self):
+        return MAGIC1
+
+    @property
+    def ED_SIGNATURE(self):
+        return MAGIC2
+
+    @property
+    def NTOR_ONION_KEY(self):
+        if self.ntor_sk is None:
+            self.ntor_sk = slownacl_curve25519.Private()
+            self.ntor_pk = self.ntor_sk.get_public()
+        return base64.b64encode(self.ntor_pk.serialize())
+
+    @property
+    def ED_CERT(self):
+        if self.ed_id_sk is None:
+            self.ed_id_sk = ed25519_exts_ref.expandSK(os.urandom(32))
+            self.ed_signing_sk = ed25519_exts_ref.expandSK(os.urandom(32))
+            self.ed_id_pk = ed25519_exts_ref.publickeyFromESK(self.ed_id_sk)
+            self.ed_signing_pk = ed25519_exts_ref.publickeyFromESK(self.ed_signing_sk)
+            self.ed_cert = makeEdSigningKeyCert(self.ed_id_sk, self.ed_id_pk, self.ed_signing_pk, self.certDate, includeSigning=True, certType=4)
+
+        return objwrap('ED25519 CERT', b64(self.ed_cert))
+
+    @property
+    def NTOR_CROSSCERT(self):
+        if self.ntor_crosscert is None:
+            self.ED_CERT
+            self.NTOR_ONION_KEY
+
+            ed_privkey = self.ntor_sk.serialize() + os.urandom(32)
+            ed_pub0 = ed25519_exts_ref.publickeyFromESK(ed_privkey)
+            sign = (ord(ed_pub0[31]) & 255) >> 7
+
+            self.ntor_crosscert = makeEdSigningKeyCert(self.ntor_sk.serialize() + os.urandom(32), ed_pub0, self.ed_id_pk, self.certDate, certType=10)
+            self.ntor_crosscert_sign = sign
+
+        return objwrap('ED25519 CERT', b64(self.ntor_crosscert))
+
+    @property
+    def NTOR_CROSSCERT_SIGN(self):
+        self.NTOR_CROSSCERT
+        return self.ntor_crosscert_sign
+
+    @property
+    def RSA_CROSSCERT_NOED(self):
+        if self.rsa_crosscert_noed is None:
+            self.RSA_ONION_KEY
+            signed = self.RSA_ID_DIGEST
+            self.rsa_crosscert_noed = rsa_sign(signed, self.rsa_onion_key)
+        return objwrap("CROSSCERT",b64(self.rsa_crosscert_noed))
+
+    @property
+    def RSA_CROSSCERT_ED(self):
+        if self.rsa_crosscert_ed is None:
+            self.RSA_ONION_KEY
+            self.ED_CERT
+            signed = self.RSA_ID_DIGEST + self.ed_id_pk
+            self.rsa_crosscert_ed = rsa_sign(signed, self.rsa_onion_key)
+        return objwrap("CROSSCERT",b64(self.rsa_crosscert_ed))
+
+    def sign_desc(self, body):
+        idx = body.rfind("\nrouter-sig-ed25519 ")
+        if idx >= 0:
+            self.ED_CERT
+            signed_part = body[:idx+len("\nrouter-sig-ed25519 ")]
+            signed_part = "Tor router descriptor signature v1" + signed_part
+            digest = hashlib.sha256(signed_part).digest()
+            ed_sig = ed25519_exts_ref.signatureWithESK(digest,
+                                      self.ed_signing_sk, self.ed_signing_pk)
+
+            body = body.replace(MAGIC2, base64.b64encode(ed_sig).replace("=",""))
+
+        idx = body.rindex("\nrouter-signature")
+        end_of_sig = body.index("\n", idx+1)
+
+        signed_part = body[:end_of_sig+1]
+
+        digest = hashlib.sha1(signed_part).digest()
+        assert len(digest) == 20
+
+        rsasig = rsa_sign(digest, self.rsa_id)
+
+        body = body.replace(MAGIC1, objwrap("SIGNATURE", b64(rsasig)))
+
+        return body
+
+
+def signdesc(body, args_out=None):
+    rsa, ident_pem, id_digest = make_key()
+    _, onion_pem, _ = make_key()
+
+    need_ed = '{ED25519-CERT}' in body or '{ED25519-SIGNATURE}' in body
+    if need_ed:
+        sk_master = os.urandom(32)
+        sk_signing = os.urandom(32)
+        pk_master = slow_ed25519.pubkey(sk_master)
+        pk_signing = slow_ed25519.pubkey(sk_signing)
+
+    hexdigest = binascii.b2a_hex(id_digest).upper()
+    fingerprint = " ".join(hexdigest[i:i+4] for i in range(0,len(hexdigest),4))
+
+    MAGIC = "<<<<<<MAGIC>>>>>>"
+    MORE_MAGIC = "<<<<<!#!#!#XYZZY#!#!#!>>>>>"
+    args = {
+        "RSA-IDENTITY" : ident_pem,
+        "ONION-KEY" : onion_pem,
+        "FINGERPRINT" : fingerprint,
+        "FINGERPRINT-NOSPACE" : hexdigest,
+        "RSA-SIGNATURE" : MAGIC
+    }
+    if need_ed:
+        args['ED25519-CERT'] = makeEdSigningKeyCert(
+            sk_master, pk_master, pk_signing)
+        args['ED25519-SIGNATURE'] = MORE_MAGIC
+
+    if args_out:
+        args_out.update(args)
+    body = body.format(**args)
+
+    idx = body.rindex("\nrouter-signature")
+    end_of_sig = body.index("\n", idx+1)
+
+    signed_part = body[:end_of_sig+1]
+
+    digest = hashlib.sha1(signed_part).digest()
+    assert len(digest) == 20
+
+    buf = ctypes.create_string_buffer(1024)
+    n = RSA_private_encrypt(20, digest, buf, rsa, 1)
+    sig = buf.raw[:n]
+
+    sig = """-----BEGIN SIGNATURE-----
+%s
+-----END SIGNATURE-----""" % b64(sig).rstrip()
+    body = body.replace(MAGIC, sig)
+
+    return body.rstrip()
+
+def print_c_string(ident, body):
+    print "static const char %s[] =" % ident
+    for line in body.split("\n"):
+        print '  "%s\\n"' %(line)
+    print "  ;"
+
+def emit_ri(name, body):
+    info = OnDemandKeys()
+    body = body.format(d=info)
+    body = info.sign_desc(body)
+    print_c_string("EX_RI_%s"%name.upper(), body)
+
+def emit_ei(name, body):
+    info = OnDemandKeys()
+    body = body.format(d=info)
+    body = info.sign_desc(body)
+    print_c_string("EX_EI_%s"%name.upper(), body)
+
+    print 'const char EX_EI_{NAME}_FP[] = "{d.RSA_FINGERPRINT_NOSPACE}";'.format(
+        d=info, NAME=name.upper())
+    print_c_string("EX_EI_%s_KEY"%name.upper(), info.RSA_IDENTITY)
+
+def analyze(s):
+    fields = {}
+    while s.startswith(":::"):
+        first,s=s.split("\n", 1)
+        m = re.match(r'^:::(\w+)=(.*)',first)
+        if not m:
+            raise ValueError(first)
+        k,v = m.groups()
+        fields[k] = v
+    return fields, s
+
+def process_file(s):
+    fields, s = analyze(s)
+    try:
+        name = fields['name']
+        tp = fields['type']
+    except KeyError:
+        raise ValueError("missing required field")
+
+    if tp == 'ei':
+        emit_ei(name, s)
+    elif tp == 'ri':
+        emit_ri(name, s)
+    else:
+        raise ValueError("unrecognized type")
+
+if __name__ == '__main__':
+    import sys
+    for fn in sys.argv[1:]:
+        process_file(open(fn).read())
diff --git a/scripts/codegen/run_trunnel.sh b/scripts/codegen/run_trunnel.sh
new file mode 100755
index 0000000000..d2669931e9
--- /dev/null
+++ b/scripts/codegen/run_trunnel.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if test "x$TRUNNEL_PATH" != "x"; then
+  PYTHONPATH="${TRUNNEL_PATH}:${PYTHONPATH}"
+  export PYTHONPATH
+fi
+
+python -m trunnel --require-version=1.4 ./src/trunnel/*.trunnel
+
+python -m trunnel --require-version=1.4 --write-c-files --target-dir=./src/ext/trunnel/
+
diff --git a/scripts/maint/analyze_callgraph.py b/scripts/maint/analyze_callgraph.py
new file mode 100755
index 0000000000..8ce5827f07
--- /dev/null
+++ b/scripts/maint/analyze_callgraph.py
@@ -0,0 +1,259 @@
+#!/usr/bin/python
+
+import re
+import sys
+import copy
+import cPickle
+import os
+
+class Parser:
+  def __init__(self):
+    self.calls = {}
+    self.definedIn = {}
+
+  def enter_func(self, name):
+    if self.infunc and not self.extern and self.calledfns:
+      if self.infunc in self.definedIn:
+        #print "{}: {} or {}?".format(
+        #  self.infunc, self.definedIn[self.infunc], self.module)
+        self.definedIn[self.infunc] = 'nil'
+      else:
+        self.definedIn[self.infunc] = self.module
+      self.calls.setdefault(self.infunc, set()).update( self.calledfns )
+
+    self.calledfns = set()
+    self.infunc = name
+    self.extern = False
+
+  def parse_callgraph_file(self, inp, module):
+    self.infunc = None
+    self.extern = False
+    self.calledfns = set()
+    self.module = module
+
+    for line in inp:
+       m = re.match(r"Call graph node for function: '([^']+)'", line)
+       if m:
+           self.enter_func(m.group(1))
+           continue
+       m = re.match(r"  CS<[^>]+> calls external node", line)
+       if m:
+           self.extern = True
+       m = re.match(r"  CS<[^>]+> calls function '([^']+)'", line)
+       if m:
+           self.calledfns.add(m.group(1))
+    self.enter_func(None)
+
+  def extract_callgraph(self):
+    c = self.calls
+    self.calls = {}
+    return c
+
+
+def transitive_closure(g):
+    passno = 0
+    changed = True
+    g = copy.deepcopy(g)
+    import random
+    while changed:
+      passno += 1
+      changed = False
+      keys = g.keys()
+      idx = 0
+      for k in keys:
+         idx += 1
+         print "Pass %d/?: %d/%d\r" %(passno, idx, len(keys)),
+         sys.stdout.flush()
+         newset = g[k].copy()
+         for fn in g[k]:
+            newset.update(g.get(fn, set()))
+         if len(newset) != len(g[k]):
+            g[k].update( newset )
+            changed = True
+
+      print
+
+    return g
+
+def strongly_connected_components(g):
+  # From https://en.wikipedia.org/wiki/Tarjan%27s_strongly_connected_components_algorithm, done stupidly.
+  index_of = {}
+  index = [ 0 ]
+  lowlink = {}
+  S = []
+  onStack = set()
+
+  all_sccs = []
+
+  def strongconnect(fn):
+    index_of[fn] = index[0]
+    lowlink[fn] = index[0]
+    index[0] += 1
+    S.append(fn)
+    onStack.add(fn)
+
+    for w in g.get(fn, []):
+      if w not in index_of:
+        strongconnect(w)
+        lowlink[fn] = min(lowlink[fn], lowlink[w])
+      elif w in onStack:
+        lowlink[fn] = min(lowlink[fn], index_of[w])
+
+    if lowlink[fn] == index_of[fn]:
+      this_scc = []
+      all_sccs.append(this_scc)
+      while True:
+        w = S.pop()
+        onStack.remove(w)
+        this_scc.append(w)
+        if w == fn:
+          break
+
+  for v in g.keys():
+    if v not in index_of:
+      strongconnect(v)
+
+  return all_sccs
+
+def biggest_component(sccs):
+  return max(len(c) for c in sccs)
+
+def connection_bottlenecks(callgraph):
+
+  callers = {}
+  for fn in callgraph:
+    for fn2 in callgraph[fn]:
+      callers.setdefault(fn2, set()).add(fn)
+
+  components = strongly_connected_components(callgraph)
+  components.sort(key=len)
+  big_component_fns = components[-1]
+  size = len(big_component_fns)
+
+  function_bottlenecks = fn_results = []
+
+  total = len(big_component_fns)
+  idx = 0
+  for fn in big_component_fns:
+    idx += 1
+    print "Pass 1/3: %d/%d\r"%(idx, total),
+    sys.stdout.flush()
+    cg2 = copy.deepcopy(callgraph)
+    del cg2[fn]
+
+    fn_results.append( (size - biggest_component(strongly_connected_components(cg2)), fn) )
+
+  print
+  bcf_set = set(big_component_fns)
+
+  call_bottlenecks = fn_results = []
+  result_set = set()
+  total = len(big_component_fns)
+  idx = 0
+  for fn in big_component_fns:
+    fn_callers = callers[fn].intersection(bcf_set)
+    idx += 1
+    if len(fn_callers) != 1:
+      continue
+
+    print "Pass 2/3: %d/%d\r"%(idx, total),
+    sys.stdout.flush()
+
+    caller = fn_callers.pop()
+    assert len(fn_callers) == 0
+    cg2 = copy.deepcopy(callgraph)
+    cg2[caller].remove(fn)
+
+    fn_results.append( (size - biggest_component(strongly_connected_components(cg2)), fn, "called by", caller) )
+    result_set.add( (caller, fn) )
+
+  print
+
+  total = len(big_component_fns)
+  idx = 0
+  for fn in big_component_fns:
+    fn_calls = callgraph[fn].intersection(bcf_set)
+    idx += 1
+    if len(fn_calls) != 1:
+      continue
+
+    print "Pass 3/3: %d/%d\r"%(idx, total),
+    sys.stdout.flush()
+
+    callee = fn_calls.pop()
+    if (fn, callee) in result_set:
+      continue
+
+    assert len(fn_calls) == 0
+    cg2 = copy.deepcopy(callgraph)
+    cg2[fn].remove(callee)
+
+    fn_results.append( (size - biggest_component(strongly_connected_components(cg2)), callee, "called by", fn) )
+
+  print
+
+
+  return (function_bottlenecks, call_bottlenecks)
+
+if __name__ == '__main__':
+    p = Parser()
+    for fname in sys.argv[1:]:
+      modname = re.sub(r'.*/', '', fname).replace('.callgraph', '.c')
+      with open(fname, 'r') as f:
+        p.parse_callgraph_file(f, modname)
+
+    sys.stdout.flush()
+
+    print "Building callgraph"
+    callgraph = p.extract_callgraph()
+    inModule = p.definedIn
+
+    print "Deriving module callgraph"
+    modCallgraph = {}
+    for fn in callgraph:
+      fnMod = inModule[fn]
+      for called in callgraph[fn]:
+        try:
+          calledMod = inModule[called]
+        except KeyError:
+            continue
+        modCallgraph.setdefault(fnMod, set()).add(calledMod)
+    del modCallgraph['nil']
+
+    print "Finding strongly connected components"
+    sccs = strongly_connected_components(callgraph)
+
+    print "Finding the transitive closure of the callgraph.."
+    closure = transitive_closure(callgraph)
+
+    print "Finding bottlenecks..."
+    bottlenecks = connection_bottlenecks(callgraph)
+
+    print "Finding module SCCs"
+    modSCCS = strongly_connected_components(modCallgraph)
+
+    print "Finding module TC"
+    modTC = transitive_closure(modCallgraph)
+
+    print "Finding module bottlenecks"
+    modB = connection_bottlenecks(modCallgraph)
+
+    data = {
+      'callgraph' : callgraph,
+      'sccs' : sccs,
+      'closure' : closure,
+      'bottlenecks' : bottlenecks,
+      'modules' : p.definedIn,
+      'modItems' : {
+        'callgraph' : modCallgraph,
+        'sccs' : modSCCS,
+        'closure' : modTC,
+        'bottlenecks' : modB,
+      }
+    }
+
+    with open('callgraph.pkl', 'w') as f:
+      cPickle.dump(data, f)
+
+
+
diff --git a/scripts/maint/checkOptionDocs.pl b/scripts/maint/checkOptionDocs.pl.in
index 94307c6cef..1f53adf099 100755..100644
--- a/scripts/maint/checkOptionDocs.pl
+++ b/scripts/maint/checkOptionDocs.pl.in
@@ -7,7 +7,7 @@ my %torrcSampleOptions = ();
 my %manPageOptions = ();
 
 # Load the canonical list as actually accepted by Tor.
-open(F, "./src/or/tor --list-torrc-options |") or die;
+open(F, "@abs_top_builddir@/src/or/tor --list-torrc-options |") or die;
 while (<F>) {
     next if m!\[notice\] Tor v0\.!;
     if (m!^([A-Za-z0-9_]+)!) {
@@ -34,12 +34,12 @@ sub loadTorrc {
     0;
 }
 
-loadTorrc("./src/config/torrc.sample.in", \%torrcSampleOptions);
+loadTorrc("@abs_top_srcdir@/src/config/torrc.sample.in", \%torrcSampleOptions);
 
 # Try to figure out what's in the man page.
 
 my $considerNextLine = 0;
-open(F, "./doc/tor.1.txt") or die;
+open(F, "@abs_top_srcdir@/doc/tor.1.txt") or die;
 while (<F>) {
     if (m!^(?:\[\[([A-za-z0-9_]+)\]\] *)?\*\*([A-Za-z0-9_]+)\*\*!) {
         $manPageOptions{$2} = 1;
@@ -67,5 +67,3 @@ subtractHashes("Orphaned in torrc.sample.in", \%torrcSampleOptions, \%options);
 
 subtractHashes("Not in man page", \%options, \%manPageOptions);
 subtractHashes("Orphaned in man page", \%manPageOptions, \%options);
-
-
diff --git a/scripts/maint/checkSpace.pl b/scripts/maint/checkSpace.pl
index 682dbced00..906281112d 100755
--- a/scripts/maint/checkSpace.pl
+++ b/scripts/maint/checkSpace.pl
@@ -13,30 +13,45 @@ for $fn (@ARGV) {
     $incomment = 0;
     while (<F>) {
         ## Warn about windows-style newlines.
+	#    (We insist on lines that end with a single LF character, not
+	#    CR LF.)
         if (/\r/) {
             print "       CR:$fn:$.\n";
         }
         ## Warn about tabs.
+	#    (We only use spaces)
         if (/\t/) {
             print "      TAB:$fn:$.\n";
         }
-        ## Warn about markers that don't have a space in front of them
+        ## Warn about labels that don't have a space in front of them
+	#    (We indent every label at least one space)
         if (/^[a-zA-Z_][a-zA-Z_0-9]*:/) {
             print "nosplabel:$fn:$.\n";
         }
         ## Warn about trailing whitespace.
+	#    (We don't allow whitespace at the end of the line; make your
+	#    editor highlight it for you so you can stop adding it in.)
         if (/ +$/) {
             print "Space\@EOL:$fn:$.\n";
         }
         ## Warn about control keywords without following space.
+	#    (We put a space after every 'if', 'while', 'for', 'switch', etc)
         if ($C && /\s(?:if|while|for|switch)\(/) {
             print "      KW(:$fn:$.\n";
         }
         ## Warn about #else #if instead of #elif.
+        #    (We only allow #elif)
         if (($lastline =~ /^\# *else/) and ($_ =~ /^\# *if/)) {
             print " #else#if:$fn:$.\n";
         }
         ## Warn about some K&R violations
+        #    (We use K&R-style C, where open braces go on the same line as
+        #    the statement that introduces them.  In other words:
+        #          if (a) {
+        #            stuff;
+        #          } else {
+        #            other stuff;
+        #          }
         if (/^\s+\{/ and $lastline =~ /^\s*(if|while|for|else if)/ and
 	    $lastline !~ /\{$/) {
             print "non-K&R {:$fn:$.\n";
@@ -46,10 +61,13 @@ for $fn (@ARGV) {
 	}
         $lastline = $_;
         ## Warn about unnecessary empty lines.
+        #   (Don't put an empty line before a line that contains nothing
+        #   but a closing brace.)
         if ($lastnil && /^\s*}\n/) {
             print "  UnnecNL:$fn:$.\n";
         }
         ## Warn about multiple empty lines.
+        #   (At most one blank line in a row.)
         if ($lastnil && /^$/) {
             print " DoubleNL:$fn:$.\n";
         } elsif (/^$/) {
@@ -59,6 +77,7 @@ for $fn (@ARGV) {
         }
         ## Terminals are still 80 columns wide in my world.  I refuse to
         ## accept double-line lines.
+        #   (Don't make lines wider than 80 characters, including newline.)
         if (/^.{80}/) {
             print "     Wide:$fn:$.\n";
         }
@@ -83,11 +102,13 @@ for $fn (@ARGV) {
             s!"(?:[^\"]+|\\.)*"!"X"!g;
             next if /^\#/;
             ## Warn about C++-style comments.
+	    #   (Use C style comments only.)
             if (m!//!) {
                 #    print "       //:$fn:$.\n";
                 s!//.*!!;
             }
             ## Warn about unquoted braces preceded by non-space.
+	    #   (No character except a space should come before a {)
             if (/([^\s'])\{/) {
                 print "       $1\{:$fn:$.\n";
             }
@@ -101,15 +122,22 @@ for $fn (@ARGV) {
             #    print "     {X:$fn:$.\n";
             #}
             ## Warn about function calls with space before parens.
+	    #   (Don't put a space between the name of a function and its
+	    #   arguments.)
             if (/(\w+)\s\(([A-Z]*)/) {
                 if ($1 ne "if" and $1 ne "while" and $1 ne "for" and
                     $1 ne "switch" and $1 ne "return" and $1 ne "int" and
                     $1 ne "elsif" and $1 ne "WINAPI" and $2 ne "WINAPI" and
-                    $1 ne "void" and $1 ne "__attribute__" and $1 ne "op") {
+                    $1 ne "void" and $1 ne "__attribute__" and $1 ne "op" and
+                    $1 ne "size_t" and $1 ne "double" and
+                    $1 ne "workqueue_reply_t") {
                     print "     fn ():$fn:$.\n";
                 }
             }
             ## Warn about functions not declared at start of line.
+	    #    (When you're declaring functions, put "static" and "const"
+	    #    and the return type on one line, and the function name at
+	    #    the start of a new line.)
             if ($in_func_head ||
                 ($fn !~ /\.h$/ && /^[a-zA-Z0-9_]/ &&
                  ! /^(?:const |static )*(?:typedef|struct|union)[^\(]*$/ &&
@@ -130,6 +158,8 @@ for $fn (@ARGV) {
             }
         }
     }
+    ## Warn if the file doesn't end with a blank line.
+    #    (End each file with a single blank line.)
     if (! $lastnil) {
         print "  EOL\@EOF:$fn:$.\n";
     }
diff --git a/scripts/maint/display_callgraph.py b/scripts/maint/display_callgraph.py
new file mode 100755
index 0000000000..c9001c6d96
--- /dev/null
+++ b/scripts/maint/display_callgraph.py
@@ -0,0 +1,41 @@
+#!/usr/bin/python
+
+import cPickle
+
+data = cPickle.load(open("callgraph.pkl"))
+
+# data = data['modItems']
+
+callgraph = data['callgraph']
+closure = data['closure']
+sccs = data['sccs']
+fn_bottle, call_bottle = data['bottlenecks']
+
+for n_reachable, fn in sorted(list((len(r), fn) for fn, r in closure.iteritems())):
+   print "%s can reach %s other functions." %(fn, n_reachable)
+
+
+c = [ (len(component), component) for component in sccs ]
+c.sort()
+
+print "\n================================"
+
+for n, component in c:
+   if n < 2:
+      continue
+   print "Strongly connected component of size %d:"%n
+   print component
+
+
+print "\n================================"
+
+print "====== Number of functions pulled into blob, by function in blob."
+fn_bottle.sort()
+for n, fn in fn_bottle[-30:]:
+   print "%3d: %s"%(n, fn)
+
+print "====== Number of functions pulled into blob, by call in blob."
+call_bottle.sort()
+for n, fn1, _, fn2 in call_bottle[-30:]:
+   print "%3d: %s -> %s "%(n, fn2, fn1)
+
diff --git a/scripts/maint/fallback.blacklist b/scripts/maint/fallback.blacklist
new file mode 100644
index 0000000000..c9fd8a9236
--- /dev/null
+++ b/scripts/maint/fallback.blacklist
@@ -0,0 +1,229 @@
+# updateFallbackDirs.py directory mirror blacklist
+#
+# Format:
+# [ IPv4[:DirPort] ] [ orport=<ORPort> ] [ id=<ID> ] ...
+#   [ ipv6=<IPv6>[:<IPv6 ORPort>] ]
+#
+# If a sufficiently specific group of attributes matches, the directory mirror
+# will be excluded: (each group is listed on its own line)
+# <IPv4>, <DirPort>
+# <IPv4>, <ORPort>
+# <ID>
+# <IPv6>, <DirPort>
+# <IPv6>, <IPv6 ORPort>
+# If DirPort and ORPort are not present, the entire IP address is blacklisted.
+# (The blacklist overrides the whitelist.)
+
+# If a relay operator doesn't want their relay to be a FallbackDir,
+# enter the following information here:
+# <IPv4>:<DirPort> orport=<ORPort> id=<ID> ipv6=<IPv6>:<IPv6 ORPort>
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008364.html
+87.181.248.227:9030 orport=443 id=8827944C4BDCBDAC9079803F47823403C11A9B7A
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008368.html
+149.18.2.82:9030 orport=9001 id=953DB709F2A2DECC8D7560661F934E64411444F7
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008384.html
+80.82.215.199:80 orport=443 id=3BEFAB76461B6B99DCF34C285E933562F5712AE4 ipv6=[2001:4ba0:cafe:a18::1]:443
+
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008515.html
+# later opt-out in
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008521.html
+5.9.158.75:80 orport=443 id=F1BE15429B3CE696D6807F4D4A58B1BFEC45C822 ipv6=[2a01:4f8:190:514a::2]:443
+
+# Email sent directly to teor, verified using relay contact info
+5.34.183.168:80 orport=443 id=601C92108A568742A7A6D9473FE3A414F7149070
+217.12.199.208:8080 orport=22 id=BCFB0933367D626715DA32A147F417194A5D48D6
+
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008555.html
+62.210.207.124:9030 orport=9001 id=58938B1A5C4029B4415D38A4F36B7724273F4755 ipv6=[2001:bc8:31eb:100::1]:9001
+62.210.207.124:9130 orport=9101 id=338D0AB6DBAB7B529B9C91B2FD770658000693C4 ipv6=[2001:bc8:31eb:100::1]:9101
+
+# these fallback candidates fail the consensus download test in a way that
+# causes stem to hang (and not respond to ^C, at least on OS X)
+# (Is something sending weird responses to DirPort traffic?)
+#217.23.14.190:1194
+#151.80.164.147:80
+#148.251.255.92:80
+#78.142.19.59:80
+
+# Email sent directly to teor, verified using relay contact info
+216.17.99.183:80 orport=443 id=D52CD431CEF28E01B11F545A84347EE45524BCA7
+216.17.99.183:8080 orport=9001 id=EE21F83AB6F76E3B3FFCBA5C2496F789CB84E7C6
+65.19.167.130:80 orport=443 id=890E2EA65455FBF0FAAB4159FAC4412BDCB24295
+65.19.167.131:80 orport=443 id=0DA9BD201766EDB19F57F49F1A013A8A5432C008
+65.19.167.132:80 orport=443 id=12B80ABF019354A9D25EE8BE85EB3C0AD8F7DFC1
+65.19.167.133:80 orport=443 id=C170AE5A886C5A09D6D1CF5CF284653632EEF25D
+
+# Email sent directly to teor, verified using relay contact info
+213.136.83.225:80 orport=443 id=B411027C926A9BFFCF7DA91E3CAF1856A321EFFD
+195.154.126.78:80 orport=443 id=F6556156E2B3837248E03FDB770441CF64DBBFBE
+
+# Email sent directly to teor, verified using relay contact info
+178.63.198.113:80 orport=443 id=872B18761953254914F77C71846E8A2623C52591
+
+# Email sent directly to teor, verified using relay contact info
+63.141.226.34:80 orport=9001 id=5EF131C0C82270F40B756987FDB5D54D9C966238
+185.75.56.103:80 orport=9001 id=3763CE5C3F574670D4296573744F821C0FFFB98E
+
+# Email sent directly to teor, verified using relay contact info
+81.7.14.227:9030 orport=9001 id=BCA197C43A44B7B9D14509637F96A45B13C233D0
+
+# Email sent directly to teor, verified using relay contact info
+84.245.32.195:9030 orport=9001 id=4CD4DFFEF3971C902A22100D911CAC639BE2EF5C
+
+# Email sent directly to teor, verified using relay contact info
+185.21.217.10:9030 orport=9001 id=41537E1D3DD3CAE86F5A3F0882F1C647FE8FC0A0
+
+# Email sent directly to teor, verified using relay contact info
+185.21.216.140:9030 orport=9001 id=921DA852C95141F8964B359F774B35502E489869
+
+# Email sent directly to teor, verified using relay contact info
+62.210.82.44:143 orport=21 id=1C90D3AEADFF3BCD079810632C8B85637924A58E ipv6=[2001:bc8:3d7c::]:21
+
+# Email sent directly to teor, verified using relay contact info
+46.101.220.161:80 orport=443 id=7DDFE5B2C306B19A79832FBE581EAA245BAE90C6 ipv6=[2a03:b0c0:3:d0::8b:3001]:443
+
+# Email sent directly to teor, verified using relay contact info
+195.154.107.23:80 orport=443 id=A1F89F26E82209169E4037B035AE7B6C94A49AEB ipv6=[2001:bc8:3829:300::1]:443
+195.154.92.70:80 orport=443 id=E7FF4ECEEFCFE3A40A6D3594898A4A3DE018BBF5 ipv6=[2001:bc8:3829:500::1]:443
+195.154.113.200:80 orport=443 id=D1A4763FA0BD71978901B1951FEE1DC29777F95A ipv6=[2001:bc8:3829:600::1]:443
+195.154.92.155:110 orport=993 id=4477D3466FE136B7FE6F7FF8EBD0D6E2FFE3288B ipv6=[2001:bc8:3829:100::1]:993
+195.154.117.182:110 orport=993 id=B1A0F1143789466AADD5FAE5948C8138548EECEC ipv6=[2001:bc8:3829:400::1]:993
+195.154.97.163:80 orport=443 id=8A2994A63B20813B7724817A8FB8C444D10BA2E2
+
+# Email sent directly to teor, verified using relay contact info
+5.135.154.206:9030 orport=9001 id=7D67B342DC1158F4CFFEE8BC530A2448848026E3
+
+# Email sent directly to teor, verified using relay contact info
+85.24.215.117:9030 orport=9001 id=5989521A85C94EE101E88B8DB2E68321673F9405 ipv6=[2001:9b0:20:2106:21a:4aff:fea5:ad05]:9001
+
+# Email sent directly to teor, verified using relay contact info
+62.210.137.230:8888 orport=8843 id=CD6B850159CFF4C068A8D0F1BA5296AE4EDCAB39 ipv6=[2001:bc8:31d3:100::1]:3443
+62.210.137.230:8080 orport=8443 id=F596E1B1EF98E1DDBBDC934DB722AF54069868F6 ipv6=[2001:bc8:31d3:100::1]:8443
+
+# Email sent directly to teor, verified using relay contact info
+195.154.99.80:80 orport=443 id=6E7CB6E783C1B67B79D0EBBE7D48BC09BD441201
+195.154.127.60:80 orport=443 id=D74ABE34845190E242EC74BA28B8C89B0A480D4B
+
+# Email sent directly to teor, verified using relay contact info
+212.51.143.20:80 orport=443 id=62DA0256BBC28992D41CBAFB549FFD7C9B846A99
+
+# Email sent directly to teor, verified using relay contact info
+195.154.90.122:80 orport=443 id=3A0D88024A30152E6F6372CFDF8F9B725F984362
+
+# Email sent directly to teor, verified using relay contact info
+188.166.118.215:9030 orport=443 id=FB5FF60F5EBA010F8A45AC6ED31A4393718A2C31 ipv6=[2a03:b0c0:2:d0::72:9001]:443
+
+# Email sent directly to teor, verified using relay contact info
+185.87.185.245:40001 orport=40000 id=2A499AEEA95FB10F07544383D562368E49BE32CA
+
+# Email sent directly to teor, verified using relay contact info
+82.161.109.71:9030 orport=9001 id=BD9CE352648B940E788A8E45393C5400CC3E87E7
+
+# Email sent directly to teor, verified using relay contact info
+212.83.40.239:9030 orport=9001 id=6DC5616BD3FC463329DCE87DD7AAAEA112C264B5
+
+# Email sent directly to teor, verified using relay contact info
+178.32.53.53:80 orport=443 id=10582C360E972EE76B0DB1C246F4E892A6BF5465
+
+# Email sent directly to teor, verified using relay contact info
+85.114.135.20:9030 orport=9001 id=ED8A9291A3139E34BBD35037B082081EC6C26C80 ipv6=[2001:4ba0:fff5:2d::8]:9001
+148.251.128.156:9030 orport=9001 id=E382042E06A0A68AFC533E5AD5FB6867A12DF9FF ipv6=[2a01:4f8:210:238a::8]:9001
+62.210.115.147:9030 orport=9001 id=7F1D94E2C36F8CC595C2AB00022A5AE38171D50B ipv6=[2001:bc8:3182:101::8]:9001
+212.47.250.24:9030 orport=9001 id=33DA0CAB7C27812EFF2E22C9705630A54D101FEB
+
+# Email sent directly to teor, verified using relay contact info
+74.208.220.222:60000 orport=59999 id=4AA22235F0E9B3795A33930343CBB3EDAC60C5B0
+
+# Email sent directly to teor, verified using relay contact info
+89.163.140.168:9030 orport=9001 id=839C1212DB15723263BE96C83DA7E1B24FA395E8
+
+# Email sent directly to teor, verified using relay contact info
+212.47.246.211:9030 orport=9001 id=AA34219475E41282095DD3C088009EE562AF14E5
+
+# Email sent directly to teor, verified using relay contact info
+85.195.235.148:9030 orport=9001 id=103336165A0D2EFCAD3605339843A0A7710B8B92
+85.195.235.148:19030 orport=19001 id=713235638AB6C64715EAFD1B4772685E38AFD52A
+
+# Email sent directly to teor, verified using relay contact info
+163.172.7.30:9030 orport=9001 id=E2EACD4752B2583202F374A34CACC844A3AECAC4
+
+# Email sent directly to teor, verified using relay contact info
+178.62.90.111:22 orport=25 id=3254D1DC1F1531D9C07C535E4991F38EE99B99E1
+
+# Email sent directly to teor, verified using relay contact info
+213.200.106.131:9030 orport=4443 id=B07CE79FD215129C381F6645B16E76DCA0845CAB
+
+# Email sent directly to teor, verified using relay contact info
+198.51.75.165:80 orport=9001 id=DABCB84A524A22FDDD3AFCB090E3090CC12D9770
+
+# Email sent directly to teor, verified using relay contact info
+204.194.29.4:80 orport=9001 id=78C7C299DB4C4BD119A22B87B57D5AF5F3741A79
+
+# Email sent directly to teor, verified using relay contact info
+104.207.132.109:9030 orport=9001 id=12D5737383C23E756A7AA1A90BB24413BA428DA7 ipv6=[2001:19f0:300:2261::1]:9001
+
+# Email sent directly to teor, verified using relay contact info
+46.252.25.249:9030 orport=443 id=80DCBB6EF4E86A7CD4FBCBDEE64979645509A610
+
+# Email sent directly to teor, verified using relay contact info
+176.10.99.200:8080 orport=443 id=2B44FD1742D26E4F28D4CACF1F0CF8A686270E45
+176.10.99.200:8000 orport=22 id=EB79F07792A065D3C534063773E83268E069F5EB
+176.10.99.201:667 orport=666 id=3EAAAB35932610411E24FA4317603CB5780B80BC
+176.10.99.201:990 orport=989 id=7C3A4CFF09C1981D41173CDE2A2ADD4A5CA109FD
+176.10.99.202:992 orport=991 id=615EBC4B48F03858FA50A3E23E5AF569D0D2308A
+176.10.99.202:994 orport=993 id=E34E25D958D46DDE5092385B14117C9B301DC0E9
+176.10.99.203:1194 orport=995 id=AD368442E9FF33C08C7407DF2DA7DB958F406CE2
+176.10.99.203:43 orport=53 id=79CF377F0ACEC5F0002D85335E4192B34202A269
+176.10.99.204:1755 orport=1723 id=69DF3CDA1CDA460C17ECAD9D6F0C117A42384FA0
+176.10.99.204:1293 orport=4321 id=3F061400B6FB1F55E7F19BB3C713884D677E55B7
+176.10.99.205:426 orport=425 id=C30B284784BF11D0D58C6A250240EE58D2084AD0
+176.10.99.205:109 orport=110 id=12D17D9F9E30FA901DE68806950A0EA278716CED
+176.10.99.206:24 orport=23 id=2C804AAB0C02F971A4386B3A1F2AC00F9E080679
+176.10.99.206:20 orport=21 id=237588726AB6BEA37FF23CA00F5BD178586CA68E
+176.10.99.207:3390 orport=3389 id=A838D5B8890B10172429ECE92EB5677DF93DC4DD
+176.10.99.207:1415 orport=1414 id=377E5E817A84FAE0F4DC3427805DB2E8A6CBBFC0
+176.10.99.208:390 orport=389 id=7C288587BA0D99CC6B8537CDC2C4639FA827B907
+176.10.99.208:3307 orport=3306 id=1F0D2A44C56F42816DED2022EFD631878C29905B
+176.10.99.209:1434 orport=1433 id=BDA7A91FF3806DE5109FDAE74CFEFB3BABB9E10F
+176.10.99.209:220 orport=219 id=B8C2030001D832066A648269CFBA94171951D34B
+
+# Email sent directly to teor, verified using relay contact info
+78.193.40.205:8080 orport=8443 id=C91450840E75AC1B654A3096744338A573A239C6
+
+# Email sent directly to teor, verified using relay contact info
+37.187.22.172:9030 orport=9035 id=335E4117BD9A4966403C2AFA31CFDD1BC13BD46A
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008367.html
+# Email sent directly to teor to opt-out
+88.198.38.226:22 orport=443 id=4B9E2C56FB42B891794FE2CD2FCAD08A320CC3BB ipv6=[2a01:4f8:a0:1351::2]:80
+213.239.210.204:22 orport=443 id=5BFDECCE9B4A23AE14EC767C5A2C1E10558B00B9 ipv6=[2a01:4f8:a0:9474::2]:80
+213.239.220.25:22 orport=443 id=BEE2317AE127EB681C5AE1551C1EA0630580638A ipv6=[2a01:4f8:a0:710c::2]:80
+85.10.201.38:22 orport=443 id=F6279A203C1950ACF592322A235647A05BFBCF91 ipv6=[2a01:4f8:a0:43cc::2]:80
+
+# Email sent directly to teor, verified using relay contact info
+88.190.208.4:30555 orport=30556 id=030A6EB24725C05D8E0FCE21923CBA5223E75E0E
+
+# Fallback was on 0.2.8.2-alpha list, but changed fingerprint before 0.2.8.5
+46.101.102.71:80 orport=443 id=9504CB22EEB25D344DE63CB7A6F2C46F895C3686 ipv6=[2a03:b0c0:3:d0::2ed:7001]:9050
+# Also blacklist anything with the new fingerprint
+id=9C8A123081EFBE022EF795630F447839DDFDDDEC
+
+# Fallbacks were on 0.2.8.2-alpha list, but downloads were slow before 0.2.8.5
+185.96.88.29:80 orport=443 id=86C281AD135058238D7A337D546C902BE8505DDE
+178.62.36.64:9030 orport=9001 id=B87C84E38DAECFFFFDE98E5AEE5786AFDC748F2C
+
+# Fallback was on 0.2.8.2-alpha list, but changed address before 0.2.8.5
+84.219.173.60:9030 orport=443 id=855BC2DABE24C861CD887DB9B2E950424B49FC34
+# Also blacklist anything with the new address
+84.216.235.55:9030 orport=443
+
+# Fallbacks were on 0.2.8.2-alpha list, but disappeared before 0.2.8.5
+81.7.17.171:80 orport=443 id=CFECDDCA990E3EF7B7EC958B22441386B6B8D820 ipv6=[2a02:180:1:1::517:11ab]:443
+51.254.215.121:80 orport=443 id=262B66AD25C79588AD1FC8ED0E966395B47E5C1D
+185.100.85.138:80 orport=46356 id=5C4DF16A0029CC4F67D3E127356E68F219269859
+
+# Fallback was on 0.2.8.2-alpha list, but opted-out before 0.2.8.6
+37.187.1.149:9030 orport=9001 id=08DC0F3C6E3D9C527C1FC8745D35DD1B0DE1875D ipv6=[2001:41d0:a:195::1]:9001
diff --git a/scripts/maint/fallback.whitelist b/scripts/maint/fallback.whitelist
new file mode 100644
index 0000000000..c801e46b15
--- /dev/null
+++ b/scripts/maint/fallback.whitelist
@@ -0,0 +1,770 @@
+# updateFallbackDirs.py directory mirror whitelist
+#
+# Format:
+# IPv4:DirPort orport=<ORPort> id=<ID> [ ipv6=<IPv6>:<IPv6 ORPort> ]
+#
+# All attributes must match for the directory mirror to be included.
+# If the fallback has an ipv6 key, the whitelist line must also have
+# it, and vice versa, otherwise they don't match.
+# (The blacklist overrides the whitelist.)
+
+# To replace this list with the hard-coded fallback list (for testing), use
+# a command similar to:
+#   cat src/or/fallback_dirs.inc | grep \" | grep -v weight | tr -d '\n' | \
+#   sed 's/"" / /g' | sed 's/""/"/g' | tr \" '\n' | grep -v '^$' \
+#   > scripts/maint/fallback.whitelist
+#
+# When testing before a release, exclusions due to changed details will result
+# in a warning, unless the IPv4 address or port change happened recently.
+# Then it is only logged at info level, as part of the eligibility check.
+# Exclusions due to stability also are only shown at info level.
+#
+# Add the number of selected, slow, and excluded relays, and compare that to
+# the number of hard-coded relays. If it's less, use info-level logs to find
+# out why each of the missing relays was excluded.
+
+# If a relay operator wants their relay to be a FallbackDir,
+# enter the following information here:
+# <IPv4>:<DirPort> orport=<ORPort> id=<ID> [ ipv6=<IPv6>:<IPv6 ORPort> ]
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008362.html
+78.47.18.110:443 orport=80 id=F8D27B163B9247B232A2EEE68DD8B698695C28DE
+131.188.40.188:443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008366.html
+5.39.88.19:9030 orport=9001 id=7CB8C31432A796731EA7B6BF4025548DFEB25E0C ipv6=[2001:41d0:8:9a13::1]:9050
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008370.html
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008517.html
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008555.html
+62.210.124.124:9030 orport=9001 id=86E78DD3720C78DA8673182EF96C54B162CD660C ipv6=[2001:bc8:3f23:100::1]:9001
+62.210.124.124:9130 orport=9101 id=2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E ipv6=[2001:bc8:3f23:100::1]:9101
+212.47.237.95:9030 orport=9001 id=3F5D8A879C58961BB45A3D26AC41B543B40236D6
+212.47.237.95:9130 orport=9101 id=6FB38EB22E57EF7ED5EF00238F6A48E553735D88
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008372.html
+# IPv6 tunnel available on request (is this a good idea?)
+108.53.208.157:80 orport=443 id=4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008373.html
+167.114.35.28:9030 orport=9001 id=E65D300F11E1DB12C534B0146BDAB6972F1A8A48
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008374.html
+170.130.1.7:9030 orport=9001 id=FA3415659444AE006E7E9E5375E82F29700CFDFD
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008378.html
+144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB ipv6=[2a01:4f8:190:9490::dead]:443
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008379.html
+# Email sent directly to teor, verified using relay contact info
+91.121.84.137:4951 orport=4051 id=6DE61A6F72C1E5418A66BFED80DFB63E4C77668F
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008380.html
+5.175.233.86:80 orport=443 id=5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008381.html
+# Sent additional email to teor with more relays
+178.254.44.135:9030 orport=9001 id=8FA37B93397015B2BC5A525C908485260BE9F422
+178.254.20.134:80 orport=443 id=9F5068310818ED7C70B0BC4087AB55CB12CB4377
+178.254.20.134:9030 orport=9001 id=2CE96A8A1DA032664C90F574AFFBECE18A6E8DFC
+178.254.44.135:80 orport=443 id=AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2
+178.254.13.126:80 orport=443 id=F9246DEF2B653807236DA134F2AEAB103D58ABFE
+178.254.13.126:9030 orport=9001 id=0C475BA4D3AA3C289B716F95954CAD616E50C4E5
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008382.html
+51.255.33.237:9091 orport=9001 id=A360C21FA87FFA2046D92C17086A6B47E5C68109
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008383.html
+81.7.14.246:80 orport=443 id=CE75BF0972ADD52AF8807602374E495C815DB304 ipv6=[2a02:180:a:51::dead]:443
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008384.html
+# Sent additional email to teor with fingerprint change
+149.202.98.161:80 orport=443 id=FC64CD763F8C1A319BFBBF62551684F4E1E42332 ipv6=[2001:41d0:8:4528::161]:443
+193.111.136.162:80 orport=443 id=C79552275DFCD486B942510EF663ED36ACA1A84B ipv6=[2001:4ba0:cafe:10d0::1]:443
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008416.html
+185.100.84.212:80 orport=443 id=330CD3DB6AD266DC70CDB512B036957D03D9BC59 ipv6=[2a06:1700:0:7::1]:443
+
+# https://lists.torproject.org/pipermail/tor-relays/2015-December/008417.html
+178.16.208.56:80 orport=443 id=2CDCFED0142B28B002E89D305CBA2E26063FADE2 ipv6=[2a00:1c20:4089:1234:cd49:b58a:9ebe:67ec]:443
+178.16.208.57:80 orport=443 id=92CFD9565B24646CAC2D172D3DB503D69E777B8A ipv6=[2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f]:443
+
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008513.html
+178.62.173.203:9030 orport=9001 id=DD85503F2D1F52EF9EAD621E942298F46CD2FC10 ipv6=[2a03:b0c0:0:1010::a4:b001]:9001
+
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008534.html
+5.9.110.236:9030 orport=9001 id=0756B7CD4DFC8182BE23143FAC0642F515182CEB ipv6=[2a01:4f8:162:51e2::2]:9001
+
+# https://lists.torproject.org/pipermail/tor-relays/2016-January/008542.html
+178.62.199.226:80 orport=443 id=CBEFF7BA4A4062045133C053F2D70524D8BBE5BE ipv6=[2a03:b0c0:2:d0::b7:5001]:443
+
+# Emails sent directly to teor, verified using relay contact info
+217.12.199.208:80 orport=443 id=DF3AED4322B1824BF5539AE54B2D1B38E080FF05
+
+# Email sent directly to teor, verified using relay contact info
+94.23.204.175:9030 orport=9001 id=5665A3904C89E22E971305EE8C1997BCA4123C69
+
+# https://twitter.com/binarytenshi/status/717952514327453697
+94.126.23.174:9030 orport=9001 id=6FC6F08270D565BE89B7C819DD8E2D487397C073
+
+# Email sent directly to teor, verified using relay contact info
+171.25.193.78:80 orport=443 id=A478E421F83194C114F41E94F95999672AED51FE ipv6=[2001:67c:289c:3::78]:443
+171.25.193.77:80 orport=443 id=A10C4F666D27364036B562823E5830BC448E046A ipv6=[2001:67c:289c:3::77]:443
+171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576
+171.25.193.20:80 orport=443 id=DD8BD7307017407FCC36F8D04A688F74A0774C02 ipv6=[2001:67c:289c::20]:443
+# OK, but same machine as 79861CF8522FC637EF046F7688F5289E49D94576
+#171.25.193.132:80 orport=443 id=01C67E0CA8F97111E652C7564CB3204361FFFAB8
+# OK, but same machine as DD8BD7307017407FCC36F8D04A688F74A0774C02
+#171.25.193.25:80 orport=443 id=185663B7C12777F052B2C2D23D7A239D8DA88A0F ipv6=[2001:67c:289c::25]:443
+
+# Email sent directly to teor, verified using relay contact info
+212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68
+93.115.97.242:9030 orport=9001 id=B5212DB685A2A0FCFBAE425738E478D12361710D
+46.28.109.231:9030 orport=9001 id=F70B7C5CD72D74C7F9F2DC84FA9D20D51BA13610 ipv6=[2a02:2b88:2:1::4205:42]:9001
+
+# Email sent directly to teor, verified using relay contact info
+85.235.250.88:80 orport=443 id=72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE
+185.96.180.29:80 orport=443 id=F93D8F37E35C390BCAD9F9069E13085B745EC216
+
+# Email sent directly to teor, verified using relay contact info
+185.11.180.67:80 orport=9001 id=794D8EA8343A4E820320265D05D4FA83AB6D1778
+
+# Email sent directly to teor, verified using relay contact info
+178.16.208.62:80 orport=443 id=5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B ipv6=[2a00:1c20:4089:1234:a6a4:2926:d0af:dfee]:443
+46.165.221.166:80 orport=443 id=EE5F897C752D46BCFF531641B853FC6BC78DD4A7
+178.16.208.60:80 orport=443 id=B44FBE5366AD98B46D829754FA4AC599BAE41A6A ipv6=[2a00:1c20:4089:1234:67bc:79f3:61c0:6e49]:443
+178.16.208.55:80 orport=443 id=C4AEA05CF380BAD2230F193E083B8869B4A29937 ipv6=[2a00:1c20:4089:1234:7b2c:11c5:5221:903e]:443
+178.16.208.61:80 orport=443 id=3B52392E2256C35CDCF7801FF898FC88CE6D431A ipv6=[2a00:1c20:4089:1234:2712:a3d0:666b:88a6]:443
+81.89.96.88:80 orport=443 id=55ED4BB49F6D3F36D8D9499BE43500E017A5EF82 ipv6=[2a02:180:1:1:14c5:b0b7:2d7d:5f3a]:443
+209.222.8.196:80 orport=443 id=C86D2F3DEFE287A0EEB28D4887AF14E35C172733 ipv6=[2001:19f0:1620:41c1:426c:5adf:2ed5:4e88]:443
+81.89.96.89:80 orport=443 id=28651F419F5A1CF74511BB500C58112192DD4943 ipv6=[2a02:180:1:1:2ced:24e:32ea:a03b]:443
+46.165.221.166:9030 orport=9001 id=8C7106C880FE8AA1319DD71B59623FCB8914C9F1
+178.16.208.62:80 orport=443 id=5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B ipv6=[2a00:1c20:4089:1234:a6a4:2926:d0af:dfee]:443"
+46.165.221.166:80 orport=443 id=EE5F897C752D46BCFF531641B853FC6BC78DD4A7
+178.16.208.60:80 orport=443 id=B44FBE5366AD98B46D829754FA4AC599BAE41A6A ipv6=[2a00:1c20:4089:1234:67bc:79f3:61c0:6e49]:443
+178.16.208.55:80 orport=443 id=C4AEA05CF380BAD2230F193E083B8869B4A29937 ipv6=[2a00:1c20:4089:1234:7b2c:11c5:5221:903e]:443
+178.16.208.61:80 orport=443 id=3B52392E2256C35CDCF7801FF898FC88CE6D431A ipv6=[2a00:1c20:4089:1234:2712:a3d0:666b:88a6]:443
+81.89.96.88:80 orport=443 id=55ED4BB49F6D3F36D8D9499BE43500E017A5EF82 ipv6=[2a02:180:1:1:14c5:b0b7:2d7d:5f3a]:443
+209.222.8.196:80 orport=443 id=C86D2F3DEFE287A0EEB28D4887AF14E35C172733 ipv6=[2001:19f0:1620:41c1:426c:5adf:2ed5:4e88]:443
+81.89.96.89:80 orport=443 id=28651F419F5A1CF74511BB500C58112192DD4943 ipv6=[2a02:180:1:1:2ced:24e:32ea:a03b]:443
+46.165.221.166:9030 orport=9001 id=8C7106C880FE8AA1319DD71B59623FCB8914C9F1
+178.16.208.56:80 orport=443 id=2CDCFED0142B28B002E89D305CBA2E26063FADE2 ipv6=[2a00:1c20:4089:1234:cd49:b58a:9ebe:67ec]:443
+178.16.208.58:80 orport=443 id=A4C98CEA3F34E05299417E9F885A642C88EF6029 ipv6=[2a00:1c20:4089:1234:cdae:1b3e:cc38:3d45]:443
+178.16.208.57:80 orport=443 id=92CFD9565B24646CAC2D172D3DB503D69E777B8A ipv6=[2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f]:443
+178.16.208.59:80 orport=443 id=136F9299A5009A4E0E96494E723BDB556FB0A26B ipv6=[2a00:1c20:4089:1234:bff6:e1bb:1ce3:8dc6]:443
+
+# Email sent directly to teor, verified using relay contact info
+195.154.8.111:80 orport=443 id=FCB6695F8F2DC240E974510A4B3A0F2B12AB5B64
+51.255.235.246:80 orport=443 id=9B99C72B02AF8E3E5BE3596964F9CACD0090D132
+5.39.76.158:80 orport=443 id=C41F60F8B00E7FEF5CCC5BC6BB514CA1B8AAB651
+
+# Email sent directly to teor, verified using relay contact info
+109.163.234.5:80 orport=443 id=5C84C35936B7100B949AC75764EEF1352550550B
+109.163.234.7:80 orport=443 id=C46524E586E1B997329703D356C07EE12B28C722
+109.163.234.9:80 orport=443 id=5714542DCBEE1DD9864824723638FD44B2122CEA
+77.247.181.162:80 orport=443 id=7BB160A8F54BD74F3DA5F2CE701E8772B841859D
+109.163.234.4:80 orport=443 id=6B1E001929AF4DDBB747D02EC28340792B7724A6
+77.247.181.164:80 orport=443 id=10E13E340651D0EF66B4DEBF610B3C0981168107
+109.163.234.8:80 orport=443 id=20B0038D7A2FD73C696922551B8344CB0893D1F8
+77.247.181.166:80 orport=443 id=06E123865C590189B3181114F23F0F13A7BC0E69
+109.163.234.2:80 orport=443 id=B4F883DB3D478C7AE569C9F6CB766FD58650DC6A
+62.102.148.67:80 orport=443 id=4A0C3E177AF684581EF780981AEAF51A98A6B5CF
+109.163.234.5:80 orport=443 id=5C84C35936B7100B949AC75764EEF1352550550B
+109.163.234.7:80 orport=443 id=C46524E586E1B997329703D356C07EE12B28C722
+109.163.234.9:80 orport=443 id=5714542DCBEE1DD9864824723638FD44B2122CEA
+77.247.181.162:80 orport=443 id=7BB160A8F54BD74F3DA5F2CE701E8772B841859D
+109.163.234.4:80 orport=443 id=6B1E001929AF4DDBB747D02EC28340792B7724A6
+77.247.181.164:80 orport=443 id=10E13E340651D0EF66B4DEBF610B3C0981168107
+109.163.234.8:80 orport=443 id=20B0038D7A2FD73C696922551B8344CB0893D1F8
+77.247.181.166:80 orport=443 id=06E123865C590189B3181114F23F0F13A7BC0E69
+109.163.234.2:80 orport=443 id=B4F883DB3D478C7AE569C9F6CB766FD58650DC6A
+62.102.148.67:80 orport=443 id=4A0C3E177AF684581EF780981AEAF51A98A6B5CF
+
+# https://twitter.com/biotimylated/status/718994247500718080
+212.47.252.149:9030 orport=9001 id=2CAC39BAA996791CEFAADC9D4754D65AF5EB77C0
+
+# Email sent directly to teor, verified using relay contact info
+46.165.230.5:80 orport=443 id=A0F06C2FADF88D3A39AA3072B406F09D7095AC9E
+
+# Email sent directly to teor, verified using relay contact info
+94.242.246.24:23 orport=8080 id=EC116BCB80565A408CE67F8EC3FE3B0B02C3A065 ipv6=[2a01:608:ffff:ff07::1:24]:9004
+176.126.252.11:443 orport=9001 id=B0279A521375F3CB2AE210BDBFC645FDD2E1973A ipv6=[2a02:59e0:0:7::11]:9003
+176.126.252.12:21 orport=8080 id=379FB450010D17078B3766C2273303C358C3A442 ipv6=[2a02:59e0:0:7::12]:81
+94.242.246.23:443 orport=9001 id=F65E0196C94DFFF48AFBF2F5F9E3E19AAE583FD0 ipv6=[2a01:608:ffff:ff07::1:23]:9003
+85.248.227.164:444 orport=9002 id=B84F248233FEA90CAD439F292556A3139F6E1B82 ipv6=[2a00:1298:8011:212::164]:9004
+85.248.227.163:443 orport=9001 id=C793AB88565DDD3C9E4C6F15CCB9D8C7EF964CE9 ipv6=[2a00:1298:8011:212::163]:9003
+
+# Email sent directly to teor, verified using relay contact info
+148.251.190.229:9030 orport=9010 id=BF0FB582E37F738CD33C3651125F2772705BB8E8 ipv6=[2a01:4f8:211:c68::2]:9010
+
+# Email sent directly to teor, verified using relay contact info
+5.79.68.161:81 orport=443 id=9030DCF419F6E2FBF84F63CBACBA0097B06F557E ipv6=[2001:1af8:4700:a012:1::1]:443
+5.79.68.161:9030 orport=9001 id=B7EC0C02D7D9F1E31B0C251A6B058880778A0CD1 ipv6=[2001:1af8:4700:a012:1::1]:9001
+
+# Email sent directly to teor, verified using relay contact info
+62.210.92.11:9030 orport=9001 id=0266B0660F3F20A7D1F3D8335931C95EF50F6C6B ipv6=[2001:bc8:338c::1]:9001
+62.210.92.11:9130 orport=9101 id=387B065A38E4DAA16D9D41C2964ECBC4B31D30FF ipv6=[2001:bc8:338c::1]:9101
+
+# Email sent directly to teor, verified using relay contact info
+188.165.194.195:9030 orport=9001 id=49E7AD01BB96F6FE3AB8C3B15BD2470B150354DF
+
+# Message sent directly to teor, verified using relay contact info
+95.215.44.110:80 orport=443 id=D56AA4A1AA71961F5279FB70A6DCF7AD7B993EB5
+95.215.44.122:80 orport=443 id=998D8FE06B867AA3F8D257A7D28FFF16964D53E2
+95.215.44.111:80 orport=443 id=A7C7FD510B20BC8BE8F2A1D911364E1A23FBD09F
+
+# Email sent directly to teor, verified using relay contact info
+86.59.119.88:80 orport=443 id=ACD889D86E02EDDAB1AFD81F598C0936238DC6D0
+
+# Email sent directly to teor, verified using relay contact info
+144.76.73.140:9030 orport=9001 id=6A640018EABF3DA9BAD9321AA37C2C87BBE1F907
+
+# Email sent directly to teor, verified using relay contact info
+193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07 ipv6=[2001:6b0:7:125::243]:9001
+109.105.109.162:52860 orport=60784 id=32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F ipv6=[2001:948:7:2::163]:5001
+
+# Email sent directly to teor, verified using relay contact info
+146.0.32.144:9030 orport=9001 id=35E8B344F661F4F2E68B17648F35798B44672D7E
+
+# Email sent directly to teor, verified using relay contact info
+46.252.26.2:45212 orport=49991 id=E589316576A399C511A9781A73DA4545640B479D
+
+# Email sent directly to teor, verified using relay contact info
+89.187.142.208:80 orport=443 id=64186650FFE4469EBBE52B644AE543864D32F43C
+
+# Email sent directly to teor, verified using relay contact info
+212.51.134.123:9030 orport=9001 id=50586E25BE067FD1F739998550EDDCB1A14CA5B2 ipv6=[2a02:168:6e00:0:3a60:77ff:fe9c:8bd1]:9001
+
+# Email sent directly to teor, verified using relay contact info
+46.101.143.173:80 orport=443 id=F960DF50F0FD4075AC9B505C1D4FFC8384C490FB
+
+# Email sent directly to teor, verified using relay contact info
+217.79.190.25:9030 orport=9090 id=361D33C96D0F161275EE67E2C91EE10B276E778B
+
+# Email sent directly to teor, verified using relay contact info
+193.171.202.146:9030 orport=9001 id=01A9258A46E97FF8B2CAC7910577862C14F2C524
+
+# Email sent directly to teor, verified using relay contact info
+197.231.221.211:9030 orport=9001 id=BC630CBBB518BE7E9F4E09712AB0269E9DC7D626
+
+# Email sent directly to teor, verified using relay contact info
+185.61.138.18:8080 orport=4443 id=2541759BEC04D37811C2209A88E863320271EC9C
+
+# Email sent directly to teor, verified using relay contact info
+193.11.114.45:9031 orport=9002 id=80AAF8D5956A43C197104CEF2550CD42D165C6FB
+193.11.114.43:9030 orport=9001 id=12AD30E5D25AA67F519780E2111E611A455FDC89 ipv6=[2001:6b0:30:1000::99]:9050
+193.11.114.46:9032 orport=9003 id=B83DC1558F0D34353BB992EF93AFEAFDB226A73E
+
+# Email sent directly to teor, verified using relay contact info
+144.76.26.175:9012 orport=9011 id=2BA2C8E96B2590E1072AECE2BDB5C48921BF8510
+
+# Email sent directly to teor, verified using relay contact info
+37.221.162.226:9030 orport=9001 id=D64366987CB39F61AD21DBCF8142FA0577B92811
+
+# Email sent directly to teor, verified using relay contact info
+91.219.237.244:80 orport=443 id=92ECC9E0E2AF81BB954719B189AC362E254AD4A5
+
+# Email sent directly to teor, verified using relay contact info
+185.21.100.50:9030 orport=9001 id=58ED9C9C35E433EE58764D62892B4FFD518A3CD0 ipv6=[2a00:1158:2:cd00:0:74:6f:72]:443
+
+# Email sent directly to teor, verified using relay contact info
+193.35.52.53:9030 orport=9001 id=DAA39FC00B196B353C2A271459C305C429AF09E4
+
+# Email sent directly to teor, verified using relay contact info
+134.119.3.164:9030 orport=9001 id=D1B8AAA98C65F3DF7D8BB3AF881CAEB84A33D8EE
+
+# Email sent directly to teor, verified using relay contact info
+81.7.10.93:31336 orport=31337 id=99E246DB480B313A3012BC3363093CC26CD209C7
+
+# Email sent directly to teor, verified using relay contact info
+178.62.22.36:80 orport=443 id=A0766C0D3A667A3232C7D569DE94A28F9922FCB1 ipv6=[2a03:b0c0:1:d0::174:1]:9050
+188.166.23.127:80 orport=443 id=3771A8154DEA98D551607806C80A209CDAA74535 ipv6=[2a03:b0c0:2:d0::27b:7001]:9050
+198.199.64.217:80 orport=443 id=FAD306BAA59F6A02783F8606BDAA431F5FF7D1EA ipv6=[2604:a880:400:d0::1a9:b001]:9050
+159.203.32.149:80 orport=443 id=55C7554AFCEC1062DCBAC93E67B2E03C6F330EFC ipv6=[2604:a880:cad:d0::105:f001]:9050
+
+# Email sent directly to teor, verified using relay contact info
+5.196.31.80:9030 orport=9900 id=DFB2EB472643FAFCD5E73D2E37D51DB67203A695 ipv6=[2001:41d0:52:400::a65]:9900
+
+# Email sent directly to teor, verified using relay contact info
+188.138.112.60:1433 orport=1521 id=C414F28FD2BEC1553024299B31D4E726BEB8E788
+
+# Email sent directly to teor, verified using relay contact info
+213.61.66.118:9031 orport=9001 id=30648BC64CEDB3020F4A405E4AB2A6347FB8FA22
+213.61.66.117:9032 orport=9002 id=6E44A52E3D1FF7683FE5C399C3FB5E912DE1C6B4
+213.61.66.115:9034 orport=9004 id=480CCC94CEA04D2DEABC0D7373868E245D4C2AE2
+213.61.66.116:9033 orport=9003 id=A9DEB920B42B4EC1DE6249034039B06D61F38690
+
+# Email sent directly to teor, verified using relay contact info
+136.243.187.165:9030 orport=443 id=1AC65257D7BFDE7341046625470809693A8ED83E
+
+# Email sent directly to teor, verified using relay contact info
+212.47.230.49:9030 orport=9001 id=3D6D0771E54056AEFC28BB1DE816951F11826E97
+
+# Email sent directly to teor, verified using relay contact info
+176.31.180.157:143 orport=22 id=E781F4EC69671B3F1864AE2753E0890351506329 ipv6=[2001:41d0:8:eb9d::1]:22
+
+# Email sent directly to teor, verified using relay contact info
+192.99.55.69:80 orport=443 id=0682DE15222A4A4A0D67DBA72A8132161992C023
+192.99.59.140:80 orport=443 id=3C9148DA49F20654730FAC83FFF693A4D49D0244
+51.254.215.13:80 orport=443 id=73C30C8ABDD6D9346C822966DE73B9F82CB6178A
+51.254.215.129:80 orport=443 id=7B4491D05144B20AE8519AE784B94F0525A8BB79
+192.99.59.139:80 orport=443 id=82EC878ADA7C205146B9F5193A7310867FAA0D7B
+51.254.215.124:80 orport=443 id=98999EBE89B5FA9AA0C58421F0B46C3D0AF51CBA
+51.254.214.208:80 orport=443 id=C3F0D1417848EAFC41277A73DEB4A9F2AEC23DDF
+192.99.59.141:80 orport=443 id=F45426551795B9DA78BEDB05CD5F2EACED8132E4
+192.99.59.14:80 orport=443 id=161A1B29A37EBF096D2F8A9B1E176D6487FE42AE
+
+# Email sent directly to teor, verified using relay contact info
+151.80.42.103:9030 orport=9001 id=9007C1D8E4F03D506A4A011B907A9E8D04E3C605 ipv6=[2001:41d0:e:f67::114]:9001
+
+# Email sent directly to teor, verified using relay contact info
+5.39.92.199:80 orport=443 id=0BEA4A88D069753218EAAAD6D22EA87B9A1319D6
+
+# Email sent directly to teor, verified using relay contact info
+176.31.159.231:80 orport=443 id=D5DBCC0B4F029F80C7B8D33F20CF7D97F0423BB1
+176.31.159.230:80 orport=443 id=631748AFB41104D77ADBB7E5CD4F8E8AE876E683
+195.154.79.128:80 orport=443 id=C697612CA5AED06B8D829FCC6065B9287212CB2F
+195.154.9.161:80 orport=443 id=B6295A9960F89BD0C743EEBC5670450EA6A34685
+46.148.18.74:8080 orport=443 id=6CACF0B5F03C779672F3C5C295F37C8D234CA3F7
+
+# Email sent directly to teor, verified using relay contact info
+37.187.102.108:9090 orport=5550 id=F4263275CF54A6836EE7BD527B1328836A6F06E1
+212.47.241.21:80 orport=443 id=892F941915F6A0C6E0958E52E0A9685C190CF45C
+
+# Email sent directly to teor, verified using relay contact info
+195.191.233.221:80 orport=443 id=DE134FC8E5CC4EC8A5DE66934E70AC9D70267197
+
+# Email sent directly to teor, verified using relay contact info
+62.210.238.33:9030 orport=9001 id=FDF845FC159C0020E2BDDA120C30C5C5038F74B4
+
+# Email sent directly to teor, verified using relay contact info
+37.157.195.87:8030 orport=443 id=12FD624EE73CEF37137C90D38B2406A66F68FAA2
+
+# Email sent directly to teor, verified using relay contact info
+37.187.7.74:80 orport=443 id=AEA43CB1E47BE5F8051711B2BF01683DB1568E05 ipv6=[2001:41d0:a:74a::1]:443
+
+# Email sent directly to teor, verified using relay contact info
+185.66.250.141:9030 orport=9001 id=B1726B94885CE3AC3910CA8B60622B97B98E2529
+
+# Email sent directly to teor, verified using relay contact info
+185.104.120.7:9030 orport=443 id=445F1C853966624FB3CF1E12442570DC553CC2EC ipv6=[2a06:3000::120:7]:443
+185.104.120.2:9030 orport=21 id=518FF8708698E1DA09C823C36D35DF89A2CAD956
+185.104.120.4:9030 orport=9001 id=F92B3CB9BBE0CB22409843FB1AE4DBCD5EFAC835
+185.104.120.3:9030 orport=21 id=707C1B61AC72227B34487B56D04BAA3BA1179CE8 ipv6=[2a06:3000::120:3]:21
+
+# Email sent directly to teor, verified using relay contact info
+37.187.102.186:9030 orport=9001 id=489D94333DF66D57FFE34D9D59CC2D97E2CB0053 ipv6=[2001:41d0:a:26ba::1]:9001
+
+# Email sent directly to teor, verified using relay contact info
+5.35.251.247:9030 orport=9001 id=9B1F5187DFBA89DC24B37EA7BF896C12B43A27AE
+
+# Email sent directly to teor, verified using relay contact info
+198.96.155.3:8080 orport=5001 id=BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E
+
+# Email sent directly to teor, verified using relay contact info
+212.83.154.33:8888 orport=443 id=3C79699D4FBC37DE1A212D5033B56DAE079AC0EF
+212.83.154.33:8080 orport=8443 id=322C6E3A973BC10FC36DE3037AD27BC89F14723B
+
+# Email sent directly to teor, verified using relay contact info
+51.255.41.65:9030 orport=9001 id=9231DF741915AA1630031A93026D88726877E93A
+
+# Email sent directly to teor, verified using relay contact info
+78.142.142.246:80 orport=443 id=5A5E03355C1908EBF424CAF1F3ED70782C0D2F74
+
+# Email sent directly to teor, verified using relay contact info
+195.154.97.91:80 orport=443 id=BD33C50D50DCA2A46AAED54CA319A1EFEBF5D714
+
+# Email sent directly to teor, verified using relay contact info
+62.210.129.246:80 orport=443 id=79E169B25E4C7CE99584F6ED06F379478F23E2B8
+
+# Email sent directly to teor, verified using relay contact info
+5.196.74.215:9030 orport=9001 id=5818055DFBAF0FA7F67E8125FD63E3E7F88E28F6
+
+# Email sent directly to teor, verified using relay contact info
+212.47.233.86:9030 orport=9001 id=B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20
+
+# Email sent directly to teor, verified using relay contact info
+85.214.206.219:9030 orport=9001 id=98F8D5F359949E41DE8DF3DBB1975A86E96A84A0
+
+# Email sent directly to teor, verified using relay contact info
+46.166.170.4:80 orport=443 id=19F42DB047B72C7507F939F5AEA5CD1FA4656205
+46.166.170.5:80 orport=443 id=DA705AD4591E7B4708FA2CAC3D53E81962F3E6F6
+
+# Email sent directly to teor, verified using relay contact info
+5.189.157.56:80 orport=443 id=77F6D6A6B6EAFB8F5DADDC07A918BBF378ED6725
+
+# Email sent directly to teor, verified using relay contact info
+46.28.110.244:80 orport=443 id=9F7D6E6420183C2B76D3CE99624EBC98A21A967E
+185.13.39.197:80 orport=443 id=001524DD403D729F08F7E5D77813EF12756CFA8D
+95.130.12.119:80 orport=443 id=587E0A9552E4274B251F29B5B2673D38442EE4BF
+
+# Email sent directly to teor, verified using relay contact info
+212.129.62.232:80 orport=443 id=B143D439B72D239A419F8DCE07B8A8EB1B486FA7
+
+# Email sent directly to teor, verified using relay contact info
+91.219.237.229:80 orport=443 id=1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7
+
+# Email sent directly to teor, verified using relay contact info
+# Suitable, check with operator before adding
+#212.47.240.10:82 orport=443 id=2A4C448784F5A83AFE6C78DA357D5E31F7989DEB
+212.47.240.10:81 orport=993 id=72527E3242CB15AADE28374AE0D35833FC083F60
+163.172.131.88:80 orport=443 id=AD253B49E303C6AB1E048B014392AC569E8A7DAE ipv6=[2001:bc8:4400:2100::2:1009]:443
+# Suitable, check with operator before adding
+#163.172.131.88:81 orport=993 id=D5F3FB17504744FB7ECEF46F4B1D155258A6D942 ipv6=D5F3FB17504744FB7ECEF46F4B1D155258A6D942
+
+# Email sent directly to teor, verified using relay contact info
+46.101.151.222:80 orport=443 id=1DBAED235E3957DE1ABD25B4206BE71406FB61F8
+178.62.60.37:80 orport=443 id=175921396C7C426309AB03775A9930B6F611F794
+
+# Email sent directly to teor, verified using relay contact info
+178.62.197.82:80 orport=443 id=0D3EBA17E1C78F1E9900BABDB23861D46FCAF163
+
+# Email sent directly to teor, verified using relay contact info
+82.223.21.74:9030 orport=9001 id=7A32C9519D80CA458FC8B034A28F5F6815649A98 ipv6=[2001:470:53e0::cafe]:9050
+
+# Email sent directly to teor, verified using relay contact info
+146.185.177.103:80 orport=9030 id=9EC5E097663862DF861A18C32B37C5F82284B27D
+
+# Email sent directly to teor, verified using relay contact info
+37.187.22.87:9030 orport=9001 id=36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400 ipv6=[2001:41d0:a:1657::1]:9001
+
+# Email sent directly to teor, verified using relay contact info
+37.59.46.159:9030 orport=9001 id=CBD0D1BD110EC52963082D839AC6A89D0AE243E7
+
+# Email sent directly to teor, verified using relay contact info
+212.47.250.243:9030 orport=9001 id=5B33EDBAEA92F446768B3753549F3B813836D477
+# Confirm with operator before adding these
+#163.172.133.36:9030 orport=9001 id=D8C2BD36F01FA86F4401848A0928C4CB7E5FDFF9
+#158.69.216.70:9030 orport=9001 id=0ACE25A978D4422C742D6BC6345896719BF6A7EB
+
+# Email sent directly to teor, verified using relay contact info
+5.199.142.236:9030 orport=9001 id=F4C0EDAA0BF0F7EC138746F8FEF1CE26C7860265
+
+# Email sent directly to teor, verified using relay contact info
+188.166.133.133:9030 orport=9001 id=774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7 ipv6=[2a03:b0c0:2:d0::5:f001]:9001
+
+# Email sent directly to teor, verified using relay contact info
+5.196.88.122:9030 orport=9001 id=0C2C599AFCB26F5CFC2C7592435924C1D63D9484
+
+# Email sent directly to teor, verified using relay contact info
+46.8.249.10:80 orport=443 id=31670150090A7C3513CB7914B9610E786391A95D
+
+# Email sent directly to teor, verified using relay contact info
+144.76.163.93:9030 orport=9001 id=22F08CF09764C4E8982640D77F71ED72FF26A9AC
+
+# Email sent directly to teor, verified using relay contact info
+46.4.24.161:9030 orport=9001 id=DB4C76A3AD7E234DA0F00D6F1405D8AFDF4D8DED
+46.4.24.161:9031 orport=9002 id=7460F3D12EBE861E4EE073F6233047AACFE46AB4
+46.38.51.132:9030 orport=9001 id=810DEFA7E90B6C6C383C063028EC397A71D7214A
+163.172.194.53:9030 orport=9001 id=8C00FA7369A7A308F6A137600F0FA07990D9D451
+
+# Email sent directly to teor, verified using relay contact info
+176.10.107.180:9030 orport=9001 id=3D7E274A87D9A89AF064C13D1EE4CA1F184F2600
+195.154.75.84:9030 orport=9001 id=F80FDE27EFCB3F6A7B4E2CC517133DBFFA78BA2D
+195.154.127.246:9030 orport=9001 id=4FEE77AFFD157BBCF2D896AE417FBF647860466C
+
+# Email sent directly to teor, verified using relay contact info
+46.28.207.19:80 orport=443 id=5B92FA5C8A49D46D235735504C72DBB3472BA321
+46.28.207.141:80 orport=443 id=F69BED36177ED727706512BA6A97755025EEA0FB
+46.28.205.170:80 orport=443 id=AF322D83A4D2048B22F7F1AF5F38AFF4D09D0B76
+95.183.48.12:80 orport=443 id=7187CED1A3871F837D0E60AC98F374AC541CB0DA
+
+# Email sent directly to teor, verified using relay contact info
+93.180.156.84:9030 orport=9001 id=8844D87E9B038BE3270938F05AF797E1D3C74C0F
+
+# Email sent directly to teor, verified using relay contact info
+37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A
+
+# Email sent directly to teor, verified using relay contact info
+5.34.183.205:80 orport=443 id=DDD7871C1B7FA32CB55061E08869A236E61BDDF8
+
+# Email sent directly to teor, verified using relay contact info
+51.254.246.203:9030 orport=9001 id=47B596B81C9E6277B98623A84B7629798A16E8D5
+
+# Email sent directly to teor, verified using relay contact info
+5.9.146.203:80 orport=443 id=1F45542A24A61BF9408F1C05E0DCE4E29F2CBA11
+
+# Email sent directly to teor, verified using relay contact info
+167.114.152.100:9030 orport=443 id=0EF5E5FFC5D1EABCBDA1AFF6F6D6325C5756B0B2 ipv6=[2607:5300:100:200::1608]:443
+
+# Email sent directly to teor, verified using relay contact info
+192.99.168.102:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207
+167.114.153.21:80 orport=443 id=0B85617241252517E8ECF2CFC7F4C1A32DCD153F
+
+# Email sent directly to teor, verified using relay contact info
+204.11.50.131:9030 orport=9001 id=185F2A57B0C4620582602761097D17DB81654F70
+
+# Email sent directly to teor, verified using relay contact info
+151.236.222.217:44607 orport=9001 id=94D58704C2589C130C9C39ED148BD8EA468DBA54
+
+# Email sent directly to teor, verified using relay contact info
+194.150.168.79:11112 orport=11111 id=29F1020B94BE25E6BE1AD13E93CE19D2131B487C
+
+# Email sent directly to teor, verified using relay contact info
+185.35.202.221:9030 orport=9001 id=C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08 ipv6=[2a02:ed06::221]:9001
+
+# Email sent directly to teor, verified using relay contact info
+5.9.151.241:9030 orport=4223 id=9BF04559224F0F1C3C953D641F1744AF0192543A
+
+# Email sent directly to teor, verified using relay contact info
+89.40.71.149:8081 orport=8080 id=EC639EDAA5121B47DBDF3D6B01A22E48A8CB6CC7
+
+# Email sent directly to teor, verified using relay contact info
+92.222.20.130:80 orport=443 id=0639612FF149AA19DF3BCEA147E5B8FED6F3C87C
+
+# Email sent directly to teor, verified using relay contact info
+80.112.155.100:9030 orport=9001 id=1163378F239C36CA1BDC730AC50BF4F2976141F5 ipv6=[2001:470:7b02::38]:9001
+
+# Email sent directly to teor, verified using relay contact info
+83.212.99.68:80 orport=443 id=DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0 ipv6=[2001:648:2ffc:1225:a800:bff:fe3d:67b5]:443
+
+# Email sent directly to teor, verified using relay contact info
+95.130.11.147:9030 orport=443 id=6B697F3FF04C26123466A5C0E5D1F8D91925967A
+
+# Email sent directly to teor, verified using relay contact info
+176.31.191.26:9030 orport=9001 id=7350AB9ED7568F22745198359373C04AC783C37C
+
+# Email sent directly to teor, verified using relay contact info
+128.199.55.207:9030 orport=9001 id=BCEF908195805E03E92CCFE669C48738E556B9C5 ipv6=[2a03:b0c0:2:d0::158:3001]:9001
+
+# Email sent directly to teor, verified using relay contact info
+178.32.216.146:9030 orport=9001 id=17898F9A2EBC7D69DAF87C00A1BD2FABF3C9E1D2
+
+# Email sent directly to teor, verified using relay contact info
+212.83.40.238:9030 orport=9001 id=F409FA7902FD89270E8DE0D7977EA23BC38E5887
+
+# Email sent directly to teor, verified using relay contact info
+204.8.156.142:80 orport=443 id=94C4B7B8C50C86A92B6A20107539EE2678CF9A28
+
+# Email sent directly to teor, verified using relay contact info
+80.240.139.111:80 orport=443 id=DD3BE7382C221F31723C7B294310EF9282B9111B
+
+# Email sent directly to teor, verified using relay contact info
+185.97.32.18:9030 orport=9001 id=3BAB316CAAEC47E71905EB6C65584636D5689A8A
+
+# Email sent directly to teor, verified using relay contact info
+149.56.45.200:9030 orport=9001 id=FE296180018833AF03A8EACD5894A614623D3F76
+
+# Email sent directly to teor, verified using relay contact info
+81.2.209.10:443 orport=80 id=B6904ADD4C0D10CDA7179E051962350A69A63243
+
+# Email sent directly to teor, verified using relay contact info
+195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C ipv6=[2001:bc8:399f:f000::1]:993
+138.201.26.2:80 orport=443 id=6D3A3ED5671E4E3F58D4951438B10AE552A5FA0F
+81.7.16.182:80 orport=443 id=51E1CF613FD6F9F11FE24743C91D6F9981807D82 ipv6=[2a02:180:1:1::517:10b6]:993
+134.119.36.135:80 orport=443 id=763C9556602BD6207771A7A3D958091D44C43228 ipv6=[2a00:1158:3::2a8]:993
+46.228.199.19:80 orport=443 id=E26AFC5F718E21AC502899B20C653AEFF688B0D2 ipv6=[2001:4ba0:cafe:4a::1]:993
+37.200.98.5:80 orport=443 id=231C2B9C8C31C295C472D031E06964834B745996 ipv6=[2a00:1158:3::11a]:993
+46.23.70.195:80 orport=443 id=C9933B3725239B6FAB5227BA33B30BE7B48BB485
+185.15.244.124:80 orport=443 id=935BABE2564F82016C19AEF63C0C40B5753BA3D2 ipv6=[2001:4ba0:cafe:e35::1]:993
+195.154.116.232:80 orport=443 id=B35C5739C8C5AB72094EB2B05738FD1F8EEF6EBD ipv6=[2001:bc8:399f:200::1]:993
+195.154.121.198:80 orport=443 id=0C77421C890D16B6D201283A2244F43DF5BC89DD ipv6=[2001:bc8:399f:100::1]:993
+37.187.20.59:80 orport=443 id=91D23D8A539B83D2FB56AA67ECD4D75CC093AC55 ipv6=[2001:41d0:a:143b::1]:993
+217.12.208.117:80 orport=443 id=E6E18151300F90C235D3809F90B31330737CEB43 ipv6=[2a00:1ca8:a7::1bb]:993
+81.7.10.251:80 orport=443 id=8073670F8F852971298F8AF2C5B23AE012645901 ipv6=[2a02:180:1:1::517:afb]:993
+46.36.39.50:80 orport=443 id=ED4B0DBA79AEF5521564FA0231455DCFDDE73BB6 ipv6=[2a02:25b0:aaaa:aaaa:8d49:b692:4852:0]:995
+91.194.90.103:80 orport=443 id=75C4495F4D80522CA6F6A3FB349F1B009563F4B7 ipv6=[2a02:c200:0:10:3:0:5449:1]:993
+163.172.25.118:80 orport=22 id=0CF8F3E6590F45D50B70F2F7DA6605ECA6CD408F
+188.138.88.42:80 orport=443 id=70C55A114C0EF3DC5784A4FAEE64388434A3398F
+81.7.13.84:80 orport=443 id=0C1E7DD9ED0676C788933F68A9985ED853CA5812 ipv6=[2a02:180:1:1::5b8f:538c]:993
+213.246.56.95:80 orport=443 id=27E6E8E19C46751E7312420723C6162FF3356A4C ipv6=[2a00:c70:1:213:246:56:95:1]:993
+94.198.100.18:80 orport=443 id=BAACCB29197DB833F107E410E2BFAE5009EE7583
+217.12.203.46:80 orport=443 id=6A29FD8C00D573E6C1D47852345B0E5275BA3307
+212.117.180.107:80 orport=443 id=0B454C7EBA58657B91133A587C1BDAEDC6E23142
+217.12.199.190:80 orport=443 id=A37C47B03FF31CA6937D3D68366B157997FE7BCD ipv6=[2a02:27a8:0:2::486]:993
+216.230.230.247:80 orport=443 id=4C7BF55B1BFF47993DFF995A2926C89C81E4F04A
+69.30.215.42:80 orport=443 id=510176C07005D47B23E6796F02C93241A29AA0E9 ipv6=[2604:4300:a:2e::2]:993
+89.46.100.162:80 orport=443 id=6B7191639E179965FD694612C9B2C8FB4267B27D
+107.181.174.22:80 orport=443 id=5A551BF2E46BF26CC50A983F7435CB749C752553 ipv6=[2607:f7a0:3:4::4e]:993
+
+# Email sent directly to teor, verified using relay contact info
+212.238.208.48:9030 orport=9001 id=F406219CDD339026D160E53FCA0EF6857C70F109 ipv6=[2001:984:a8fb:1:ba27:ebff:feac:c109]:9001
+
+# Email sent directly to teor, verified using relay contact info
+176.158.132.12:9030 orport=9001 id=DC163DDEF4B6F0C6BC226F9F6656A5A30C5C5686
+
+# Email sent directly to teor, verified using relay contact info
+91.229.20.27:9030 orport=9001 id=9A0D54D3A6D2E0767596BF1515E6162A75B3293F
+
+# Email sent directly to teor, verified using relay contact info
+# Awaiting confirmation of new ORPort from relay operator
+80.127.137.19:80 orport=443 id=6EF897645B79B6CB35E853B32506375014DE3621 ipv6=[2001:981:47c1:1::6]:443
+
+# Email sent directly to teor, verified using relay contact info
+163.172.138.22:80 orport=443 id=8664DC892540F3C789DB37008236C096C871734D
+
+# Email sent directly to teor, verified using relay contact info
+97.74.237.196:9030 orport=9001 id=2F0F32AB1E5B943CA7D062C03F18960C86E70D94
+
+# Email sent directly to teor, verified using relay contact info
+192.187.124.98:9030 orport=9001 id=FD1871854BFC06D7B02F10742073069F0528B5CC
+
+# Email sent directly to teor, verified using relay contact info
+178.62.98.160:9030 orport=9001 id=8B92044763E880996A988831B15B2B0E5AD1544A
+
+# Email sent directly to teor, verified using relay contact info
+195.154.15.227:9030 orport=9001 id=6C3E3AB2F5F03CD71B637D433BAD924A1ECC5796
+
+# Email sent directly to teor, verified using relay contact info
+185.100.86.100:80 orport=443 id=0E8C0C8315B66DB5F703804B3889A1DD66C67CE0
+
+# Email sent directly to teor, verified using relay contact info
+164.132.77.175:9030 orport=9001 id=3B33F6FCA645AD4E91428A3AF7DC736AD9FB727B
+78.24.75.53:9030 orport=9001 id=DEB73705B2929AE9BE87091607388939332EF123
+
+# Email sent directly to teor, verified using relay contact info
+46.101.237.246:9030 orport=9001 id=75F1992FD3F403E9C082A5815EB5D12934CDF46C ipv6=[2a03:b0c0:3:d0::208:5001]:9050
+178.62.86.96:9030 orport=9001 id=439D0447772CB107B886F7782DBC201FA26B92D1 ipv6=[2a03:b0c0:1:d0::3cf:7001]:9050
+
+# Email sent directly to teor, verified using relay contact info
+91.233.106.121:80 orport=443 id=896364B7996F5DFBA0E15D1A2E06D0B98B555DD6
+
+# Email sent directly to teor, verified using relay contact info
+167.114.113.48:9030 orport=443 id=2EC0C66EA700C44670444280AABAB1EC78B722A0
+
+# Email sent directly to teor, verified using relay contact info
+79.120.16.42:9030 orport=9001 id=BD552C165E2ED2887D3F1CCE9CFF155DDA2D86E6
+
+# Email sent directly to teor, verified using relay contact info
+95.128.43.164:80 orport=443 id=616081EC829593AF4232550DE6FFAA1D75B37A90 ipv6=[2a02:ec0:209:10::4]:443
+
+# Email sent directly to teor, verified using relay contact info
+166.82.21.200:9030 orport=9029 id=D5C33F3E203728EDF8361EA868B2939CCC43FAFB
+
+# Email sent directly to teor, verified using relay contact info
+91.121.54.8:9030 orport=9001 id=CBEE0F3303C8C50462A12107CA2AE061831931BC
+
+# Email sent directly to teor, verified using relay contact info
+178.217.184.32:8080 orport=443 id=8B7F47AE1A5D954A3E58ACDE0865D09DBA5B738D
+
+# Email sent directly to teor, verified using relay contact info
+85.10.201.47:9030 orport=9001 id=D8B7A3A6542AA54D0946B9DC0257C53B6C376679 ipv6=[2a01:4f8:a0:43eb::beef]:9001
+
+# Email sent directly to teor, verified using relay contact info
+120.29.217.46:80 orport=443 id=5E853C94AB1F655E9C908924370A0A6707508C62
+
+# Email sent directly to teor, verified using relay contact info
+37.153.1.10:9030 orport=9001 id=9772EFB535397C942C3AB8804FB35CFFAD012438
+
+# Email sent directly to teor, verified using relay contact info
+92.222.4.102:9030 orport=9001 id=1A6B8B8272632D8AD38442027F822A367128405C
+
+# Email sent directly to teor, verified using relay contact info
+31.31.78.49:80 orport=443 id=46791D156C9B6C255C2665D4D8393EC7DBAA7798
+
+# Email sent directly to teor, verified using relay contact info
+96.47.231.214:9030 orport=8080 id=F843CB5729575D76FF1FFBB2179BDCF52C0C6387
+192.99.246.48:9030 orport=9001 id=CD6B149BED1BB254EF6DFF9D75DDB11E7F8A38A4 ipv6=[2607:5300:100:200::de3]:9002
+192.160.102.164:80 orport=9001 id=823AA81E277F366505545522CEDC2F529CE4DC3F ipv6=[2605:e200:d00c:c01d::1111]:9002
+
+# Email sent directly to teor, verified using relay contact info
+136.243.214.137:80 orport=443 id=B291D30517D23299AD7CEE3E60DFE60D0E3A4664
+
+# Email sent directly to teor, verified using relay contact info
+192.87.28.28:9030 orport=9001 id=ED2338CAC2711B3E331392E1ED2831219B794024
+192.87.28.82:9030 orport=9001 id=844AE9CAD04325E955E2BE1521563B79FE7094B7
+
+# Email sent directly to teor, verified using relay contact info
+192.87.28.28:9030 orport=9001 id=ED2338CAC2711B3E331392E1ED2831219B794024
+# OK, but same machine as ED2338CAC2711B3E331392E1ED2831219B794024
+#192.87.28.82:9030 orport=9001 id=844AE9CAD04325E955E2BE1521563B79FE7094B7
+
+# https://twitter.com/kosjoli/status/719507270904758272
+85.10.202.87:9030 orport=9001 id=971AFB23C168DCD8EDA17473C1C452B359DE3A5A
+176.9.5.116:9030 orport=9001 id=A1EB8D8F1EE28DB98BBB1EAA3B4BEDD303BAB911
+46.4.111.124:9030 orport=9001 id=D9065F9E57899B3D272AA212317AF61A9B14D204
+
+# Email sent directly to teor, verified using relay contact info
+78.46.164.129:9030 orport=9001 id=52AEA31188331F421B2EDB494DB65CD181E5B257
+
+# Email sent directly to teor, verified using relay contact info
+185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E
+
+# Email sent directly to teor, verified using relay contact info
+108.166.168.158:80 orport=443 id=CDAB3AE06A8C9C6BF817B3B0F1877A4B91465699
+
+# Email sent directly to teor, verified using relay contact info
+91.219.236.222:80 orport=443 id=EC413181CEB1C8EDC17608BBB177CD5FD8535E99
+
+# Email sent directly to teor, verified using relay contact info
+185.14.185.240:9030 orport=443 id=D62FB817B0288085FAC38A6DC8B36DCD85B70260
+192.34.63.137:9030 orport=443 id=ABCB4965F1FEE193602B50A365425105C889D3F8
+
+# Email sent directly to teor, verified using relay contact info
+185.13.38.75:9030 orport=9001 id=D2A1703758A0FBBA026988B92C2F88BAB59F9361
+
+# Email sent directly to teor, verified using relay contact info
+128.204.39.106:9030 orport=9001 id=6F0F3C09AF9580F7606B34A7678238B3AF7A57B7
+
+# Email sent directly to teor, verified using relay contact info
+198.50.191.95:80 orport=443 id=39F096961ED2576975C866D450373A9913AFDC92
+
+# Email sent directly to teor, verified using relay contact info
+167.114.66.61:9696 orport=443 id=DE6CD5F09DF26076F26321B0BDFBE78ACD935C65 ipv6=[2607:5300:100::78d]:443
+
+# Email sent directly to teor, verified using relay contact info
+66.111.2.20:9030 orport=9001 id=9A68B85A02318F4E7E87F2828039FBD5D75B0142
+66.111.2.16:9030 orport=9001 id=3F092986E9B87D3FDA09B71FA3A602378285C77A
+
+# Email sent directly to teor, verified using relay contact info
+92.222.38.67:80 orport=443 id=DED6892FF89DBD737BA689698A171B2392EB3E82
+
+# Email sent directly to teor, verified using relay contact info
+212.47.228.115:9030 orport=443 id=BCA017ACDA48330D02BB70716639ED565493E36E
+
+# Email sent directly to teor, verified using relay contact info
+185.100.84.175:80 orport=443 id=39B59AF4FE54FAD8C5085FA9C15FDF23087250DB
+
+# Email sent directly to teor, verified using relay contact info
+166.70.207.2:9030 orport=9001 id=E3DB2E354B883B59E8DC56B3E7A353DDFD457812
+
+# Emails sent directly to teor, verified using relay contact info
+#69.162.139.9:9030 orport=9001 id=4791FC0692EAB60DF2BCCAFF940B95B74E7654F6 ipv6=[2607:f128:40:1212::45a2:8b09]:9001
+
+# Email sent directly to teor, verified using relay contact info
+213.239.217.18:1338 orport=1337 id=C37BC191AC389179674578C3E6944E925FE186C2 ipv6=[2a01:4f8:a0:746a:101:1:1:1]:1337
+
+# Email sent directly to teor, verified using relay contact info
+188.40.128.246:9030 orport=9001 id=AD19490C7DBB26D3A68EFC824F67E69B0A96E601
+
+# Email sent directly to teor, verified using relay contact info
+88.198.253.13:9030 orport=9001 id=DF924196D69AAE3C00C115A9CCDF7BB62A175310 ipv6=[2a01:4f8:11a:b1f::2]:9001
+
+# Email sent directly to teor, verified using relay contact info
+185.100.86.128:9030 orport=9001 id=9B31F1F1C1554F9FFB3455911F82E818EF7C7883
+46.36.36.127:9030 orport=9001 id=C80DF89B21FF932DEC0D7821F679B6C79E1449C3
+
+# Email sent directly to teor, verified using relay contact info
+176.10.104.240:80 orport=443 id=0111BA9B604669E636FFD5B503F382A4B7AD6E80
+176.10.104.240:8080 orport=8443 id=AD86CD1A49573D52A7B6F4A35750F161AAD89C88
+176.10.104.243:80 orport=443 id=88487BDD980BF6E72092EE690E8C51C0AA4A538C
+176.10.104.243:8080 orport=8443 id=95DA61AEF23A6C851028C1AA88AD8593F659E60F
+
+# Email sent directly to teor, verified using relay contact info
+107.170.101.39:9030 orport=443 id=30973217E70AF00EBE51797FF6D9AA720A902EAA
+
+# Email sent directly to teor, verified using relay contact info
+192.99.212.139:80 orport=443 id=F10BDE279AE71515DDCCCC61DC19AC8765F8A3CC
+
+# Email sent directly to teor, verified using relay contact info
+163.172.35.249:80 orport=443 id=C08DE49658E5B3CFC6F2A952B453C4B608C9A16A
+163.172.35.247:80 orport=443 id=71AB4726D830FAE776D74AEF790CF04D8E0151B4
+163.172.13.124:80 orport=443 id=B771AA877687F88E6F1CA5354756DF6C8A7B6B24
+
+# Email sent directly to teor, verified using relay contact info
+64.113.32.29:9030 orport=9001 id=30C19B81981F450C402306E2E7CFB6C3F79CB6B2
+
+# Email sent directly to teor, verified using relay contact info
+212.51.156.193:995 orport=110 id=32E7AAF1F602814D699BEF6761AD03E387758D49 ipv6=[2a02:168:4a01::49]:110
+
+# Emails sent directly to teor, verified using relay contact info
+51.254.101.242:9002 orport=9001 id=4CC9CC9195EC38645B699A33307058624F660CCF
+
+# Emails sent directly to teor, verified using relay contact info
+85.214.62.48:80 orport=443 id=6A7551EEE18F78A9813096E82BF84F740D32B911
+
+# Email sent directly to teor, verified using relay contact info
+173.255.245.116:9030 orport=9001 id=91E4015E1F82DAF0121D62267E54A1F661AB6DC7
+
+# Email sent directly to teor, verified using relay contact info
+62.216.5.120:9030 orport=9001 id=D032D4D617140D6B828FC7C4334860E45E414FBE
diff --git a/scripts/maint/format_changelog.py b/scripts/maint/format_changelog.py
index f67e89b602..5e4c8cac9a 100755
--- a/scripts/maint/format_changelog.py
+++ b/scripts/maint/format_changelog.py
@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright (c) 2014, The Tor Project, Inc.
+# Copyright (c) 2014-2015, The Tor Project, Inc.
 # See LICENSE for licensing information
 #
 # This script reformats a section of the changelog to wrap everything to
@@ -12,6 +12,7 @@
 import os
 import re
 import sys
+import optparse
 
 # ==============================
 # Oh, look!  It's a cruddy approximation to Knuth's elegant text wrapping
@@ -33,6 +34,8 @@ import sys
 
 NO_HYPHENATE=set("""
 pf-divert
+tor-resolve
+tor-gencert
 """.split())
 
 LASTLINE_UNDERFLOW_EXPONENT = 1
@@ -55,7 +58,7 @@ def generate_wrapping(words, divisions):
         w = words[last:i]
         last = i
         line = " ".join(w).replace("\xff ","-").replace("\xff","-")
-        lines.append(line)
+        lines.append(line.strip())
     return lines
 
 def wrapping_quality(words, divisions, width1, width2):
@@ -115,7 +118,10 @@ def wrap_graf(words, prefix_len1=0, prefix_len2=0, width=72):
 
     return lines
 
-def hyphenateable(word):
+def hyphenatable(word):
+    if "--" in word:
+        return False
+
     if re.match(r'^[^\d\-]\D*-', word):
         stripped = re.sub(r'^\W+','',word)
         stripped = re.sub(r'\W+$','',word)
@@ -128,7 +134,7 @@ def split_paragraph(s):
 
     r = []
     for word in s.split():
-        if hyphenateable(word):
+        if hyphenatable(word):
             while "-" in word:
                 a,word = word.split("-",1)
                 r.append(a+"\xff")
@@ -156,10 +162,13 @@ TP_SECHEAD = 3
 TP_ITEMFIRST = 4
 TP_ITEMBODY = 5
 TP_END = 6
+TP_PREHEAD = 7
 
 def head_parser(line):
-    if re.match(r'^[A-Z]', line):
+    if re.match(r'^Changes in', line):
         return TP_MAINHEAD
+    elif re.match(r'^[A-Za-z]', line):
+        return TP_PREHEAD
     elif re.match(r'^  o ', line):
         return TP_SECHEAD
     elif re.match(r'^\s*$', line):
@@ -178,17 +187,67 @@ def body_parser(line):
         return TP_BLANK
     elif re.match(r'^Changes in', line):
         return TP_END
+    elif re.match(r'^\s+\S', line):
+        return TP_HEADTEXT
     else:
         print "Weird line %r"%line
 
+def clean_head(head):
+    return head
+
+def head_score(s):
+    m = re.match(r'^ +o (.*)', s)
+    if not m:
+        print >>sys.stderr, "Can't score %r"%s
+        return 99999
+    lw = m.group(1).lower()
+    if lw.startswith("security") and "feature" not in lw:
+        score = -300
+    elif lw.startswith("deprecated version"):
+        score = -200
+    elif (('new' in lw and 'requirement' in lw) or
+          ('new' in lw and 'dependenc' in lw) or
+          ('build' in lw and 'requirement' in lw) or
+          ('removed' in lw and 'platform' in lw)):
+        score = -100
+    elif lw.startswith("major feature"):
+        score = 00
+    elif lw.startswith("major bug"):
+        score = 50
+    elif lw.startswith("major"):
+        score = 70
+    elif lw.startswith("minor feature"):
+        score = 200
+    elif lw.startswith("minor bug"):
+        score = 250
+    elif lw.startswith("minor"):
+        score = 270
+    else:
+        score = 1000
+
+    if 'secur' in lw:
+        score -= 2
+
+    if "(other)" in lw:
+        score += 2
+
+    if '(' not in lw:
+        score -= 1
+
+    return score
+
 class ChangeLog(object):
-    def __init__(self):
+    def __init__(self, wrapText=True, blogOrder=True, drupalBreak=False):
+        self.prehead = []
         self.mainhead = None
         self.headtext = []
         self.curgraf = None
         self.sections = []
         self.cursection = None
         self.lineno = 0
+        self.wrapText = wrapText
+        self.blogOrder = blogOrder
+        self.drupalBreak = drupalBreak
 
     def addLine(self, tp, line):
         self.lineno += 1
@@ -197,6 +256,9 @@ class ChangeLog(object):
             assert not self.mainhead
             self.mainhead = line
 
+        elif tp == TP_PREHEAD:
+            self.prehead.append(line)
+
         elif tp == TP_HEADTEXT:
             if self.curgraf is None:
                 self.curgraf = []
@@ -240,6 +302,11 @@ class ChangeLog(object):
                 self.lint_item(item_line, grafs, head_type)
 
     def dumpGraf(self,par,indent1,indent2=-1):
+        if not self.wrapText:
+            for line in par:
+                print line
+            return
+
         if indent2 == -1:
             indent2 = indent1
         text = " ".join(re.sub(r'\s+', ' ', line.strip()) for line in par)
@@ -249,38 +316,210 @@ class ChangeLog(object):
                               initial_indent=" "*indent1,
                               subsequent_indent=" "*indent2))
 
+    def dumpPreheader(self, graf):
+        self.dumpGraf(graf, 0)
+        print
+
+    def dumpMainhead(self, head):
+        print head
+
+    def dumpHeadGraf(self, graf):
+        self.dumpGraf(graf, 2)
+        print
+
+    def dumpSectionHeader(self, header):
+        print header
+
+    def dumpStartOfSections(self):
+        pass
+
+    def dumpEndOfSections(self):
+        pass
+
+    def dumpEndOfSection(self):
+        print
+
+    def dumpEndOfChangelog(self):
+        print
+
+    def dumpDrupalBreak(self):
+        pass
+
+    def dumpItem(self, grafs):
+        self.dumpGraf(grafs[0],4,6)
+        for par in grafs[1:]:
+            print
+            self.dumpGraf(par,6,6)
+
+    def collateAndSortSections(self):
+        heads = []
+        sectionsByHead = { }
+        for _, head, items in self.sections:
+            head = clean_head(head)
+            try:
+                s = sectionsByHead[head]
+            except KeyError:
+                s = sectionsByHead[head] = []
+                heads.append( (head_score(head), head.lower(), head, s) )
+
+            s.extend(items)
+
+        heads.sort()
+        self.sections = [ (0, head, items) for _1,_2,head,items in heads ]
+
     def dump(self):
-        print self.mainhead
+        if self.prehead:
+            self.dumpPreheader(self.prehead)
+
+        if not self.blogOrder:
+            self.dumpMainhead(self.mainhead)
+
         for par in self.headtext:
-            self.dumpGraf(par, 2)
-            print
+            self.dumpHeadGraf(par)
+
+        if self.blogOrder:
+            self.dumpMainhead(self.mainhead)
+
+        drupalBreakAfter = None
+        if self.drupalBreak and len(self.sections) > 4:
+            drupalBreakAfter = self.sections[1][2]
+
+        self.dumpStartOfSections()
         for _,head,items in self.sections:
             if not head.endswith(':'):
                 print >>sys.stderr, "adding : to %r"%head
                 head = head + ":"
-            print head
+            self.dumpSectionHeader(head)
             for _,grafs in items:
-                self.dumpGraf(grafs[0],4,6)
-                for par in grafs[1:]:
-                    print
-                    self.dumpGraf(par,6,6)
-            print
-        print
+                self.dumpItem(grafs)
+            self.dumpEndOfSection()
+            if items is drupalBreakAfter:
+                self.dumpDrupalBreak()
+        self.dumpEndOfSections()
+        self.dumpEndOfChangelog()
+
+class HTMLChangeLog(ChangeLog):
+    def __init__(self, *args, **kwargs):
+        ChangeLog.__init__(self, *args, **kwargs)
+
+    def htmlText(self, graf):
+        for line in graf:
+            line = line.rstrip().replace("&","&amp;")
+            line = line.rstrip().replace("<","&lt;").replace(">","&gt;")
+            sys.stdout.write(line.strip())
+            sys.stdout.write(" ")
+
+    def htmlPar(self, graf):
+        sys.stdout.write("<p>")
+        self.htmlText(graf)
+        sys.stdout.write("</p>\n")
+
+    def dumpPreheader(self, graf):
+        self.htmlPar(graf)
+
+    def dumpMainhead(self, head):
+        sys.stdout.write("<h2>%s</h2>"%head)
+
+    def dumpHeadGraf(self, graf):
+        self.htmlPar(graf)
+
+    def dumpSectionHeader(self, header):
+        header = header.replace(" o ", "", 1).lstrip()
+        sys.stdout.write("  <li>%s\n"%header)
+        sys.stdout.write("  <ul>\n")
+
+    def dumpEndOfSection(self):
+        sys.stdout.write("  </ul>\n\n")
+
+    def dumpEndOfChangelog(self):
+        pass
 
-CL = ChangeLog()
-parser = head_parser
+    def dumpStartOfSections(self):
+        print "<ul>\n"
+
+    def dumpEndOfSections(self):
+        print "</ul>\n"
 
-if len(sys.argv) == 1:
+    def dumpDrupalBreak(self):
+        print "\n</ul>\n"
+        print "<p>&nbsp;</p>"
+        print "\n<!--break-->\n\n"
+        print "<ul>"
+
+    def dumpItem(self, grafs):
+        grafs[0][0] = grafs[0][0].replace(" - ", "", 1).lstrip()
+        sys.stdout.write("  <li>")
+        if len(grafs) > 1:
+            for par in grafs:
+                self.htmlPar(par)
+        else:
+            self.htmlText(grafs[0])
+        print
+
+op = optparse.OptionParser(usage="usage: %prog [options] [filename]")
+op.add_option('-W', '--no-wrap', action='store_false',
+              dest='wrapText', default=True,
+              help='Do not re-wrap paragraphs')
+op.add_option('-S', '--no-sort', action='store_false',
+              dest='sort', default=True,
+              help='Do not sort or collate sections')
+op.add_option('-o', '--output', dest='output',
+              default='-', metavar='FILE', help="write output to FILE")
+op.add_option('-H', '--html', action='store_true',
+              dest='html', default=False,
+              help="generate an HTML fragment")
+op.add_option('-1', '--first', action='store_true',
+              dest='firstOnly', default=False,
+              help="write only the first section")
+op.add_option('-b', '--blog-header', action='store_true',
+              dest='blogOrder', default=False,
+              help="Write the header in blog order")
+op.add_option('-B', '--blog', action='store_true',
+              dest='blogFormat', default=False,
+              help="Set all other options as appropriate for a blog post")
+op.add_option('--inplace', action='store_true',
+              dest='inplace', default=False,
+              help="Alter the ChangeLog in place")
+op.add_option('--drupal-break', action='store_true',
+              dest='drupalBreak', default=False,
+              help='Insert a drupal-friendly <!--break--> as needed')
+
+options,args = op.parse_args()
+
+if options.blogFormat:
+    options.blogOrder = True
+    options.html = True
+    options.sort = False
+    options.wrapText = False
+    options.firstOnly = True
+    options.drupalBreak = True
+
+if len(args) > 1:
+    op.error("Too many arguments")
+elif len(args) == 0:
     fname = 'ChangeLog'
 else:
-    fname = sys.argv[1]
+    fname = args[0]
 
-fname_new = fname+".new"
+if options.inplace:
+    assert options.output == '-'
+    options.output = fname
 
-sys.stdin = open(fname, 'r')
+if fname != '-':
+    sys.stdin = open(fname, 'r')
 
 nextline = None
 
+if options.html:
+    ChangeLogClass = HTMLChangeLog
+else:
+    ChangeLogClass = ChangeLog
+
+CL = ChangeLogClass(wrapText=options.wrapText,
+                    blogOrder=options.blogOrder,
+                    drupalBreak=options.drupalBreak)
+parser = head_parser
+
 for line in sys.stdin:
     line = line.rstrip()
     tp = parser(line)
@@ -295,14 +534,26 @@ for line in sys.stdin:
 
 CL.lint()
 
-sys.stdout = open(fname_new, 'w')
+if options.output != '-':
+    fname_new = options.output+".new"
+    fname_out = options.output
+    sys.stdout = open(fname_new, 'w')
+else:
+    fname_new = fname_out = None
+
+if options.sort:
+    CL.collateAndSortSections()
 
 CL.dump()
 
+if options.firstOnly:
+    sys.exit(0)
+
 if nextline is not None:
     print nextline
 
 for line in sys.stdin:
     sys.stdout.write(line)
 
-os.rename(fname_new, fname)
+if fname_new is not None:
+    os.rename(fname_new, fname_out)
diff --git a/scripts/maint/generate_callgraph.sh b/scripts/maint/generate_callgraph.sh
new file mode 100755
index 0000000000..c6b33c0aea
--- /dev/null
+++ b/scripts/maint/generate_callgraph.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+C_FILES=`echo src/common/*.c src/or/*.c src/tools/*.c`
+CFLAGS="-Isrc/ext/trunnel -Isrc/trunnel -I. -Isrc/ext -Isrc/common -DLOCALSTATEDIR=\"\" -DSHARE_DATADIR=\"\" -Dinline="
+
+mkdir -p callgraph/src/common
+mkdir -p callgraph/src/or
+mkdir -p callgraph/src/tools
+
+for fn in $C_FILES; do
+  echo $fn
+  clang $CFLAGS  -S -emit-llvm -fno-inline -o - $fn  | \
+    opt -analyze -print-callgraph >/dev/null 2> "callgraph/${fn}allgraph"
+done
diff --git a/scripts/maint/lintChanges.py b/scripts/maint/lintChanges.py
new file mode 100755
index 0000000000..48edd06fde
--- /dev/null
+++ b/scripts/maint/lintChanges.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+
+from __future__ import print_function
+from __future__ import with_statement
+import sys
+import re
+import os
+
+
+KNOWN_GROUPS=set([
+    "Minor bugfix",
+    "Minor bugfixes",
+    "Major bugfix",
+    "Major bugfixes",
+    "Minor feature",
+    "Minor features",
+    "Major feature",
+    "Major features",
+    "New system requirements",
+    "Testing",
+    "Documentation",
+    "Code simplification and refactoring",
+    "Removed features"])
+
+def lintfile(fname):
+    have_warned = []
+
+    def warn(s):
+        if not have_warned:
+            have_warned.append(1)
+            print("{}:".format(fname))
+        print("\t{}".format(s))
+
+    m = re.search(r'(\d{3,})', os.path.basename(fname))
+    if m:
+        bugnum = m.group(1)
+    else:
+        bugnum = None
+
+    with open(fname) as f:
+        contents = f.read()
+
+    if bugnum and bugnum not in contents:
+        warn("bug number {} does not appear".format(bugnum))
+
+    lines = contents.split("\n")
+    isBug = ("bug" in lines[0] or "fix" in lines[0])
+
+    m = re.match(r'^[ ]{2}o ([^\(:]*)([^:]*):', contents)
+    if not m:
+        warn("header not in format expected")
+    elif m.group(1).strip() not in KNOWN_GROUPS:
+        warn("Weird header: %r"%m.group(1))
+    elif ( ("bugfix" in m.group(1) or "feature" in m.group(1)) and
+           ("Removed" not in m.group(1)) and
+           '(' not in m.group(2)):
+        warn("Missing subcategory on %s"%m.group(1))
+
+
+    contents = " ".join(contents.split())
+
+    if re.search(r'\#\d{2,}', contents):
+        warn("don't use a # before ticket numbers")
+
+    if isBug and not re.search(r'(\d+)', contents):
+        warn("bugfix does not mention a number")
+    elif isBug and not re.search(r'Fixes ([a-z ]*)bug (\d+)', contents):
+        warn("bugfix does not say 'Fixes bug XXX'")
+
+    if re.search(r'[bB]ug (\d+)', contents):
+        if not re.search(r'[Bb]ugfix on ', contents):
+            warn("bugfix does not say 'bugfix on X.Y.Z'")
+        elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ',
+                           contents):
+            warn("bugfix incant is not semicoloned")
+
+
+if __name__ == '__main__':
+    for fname in sys.argv[1:]:
+        if fname.endswith("~"):
+            continue
+        lintfile(fname)
diff --git a/scripts/maint/locatemissingdoxygen.py b/scripts/maint/locatemissingdoxygen.py
new file mode 100755
index 0000000000..797bf8176f
--- /dev/null
+++ b/scripts/maint/locatemissingdoxygen.py
@@ -0,0 +1,74 @@
+#!/usr/bin/python
+
+"""
+  This script parses the stderr output of doxygen and looks for undocumented
+  stuff.  By default, it just counts the undocumented things per file.  But with
+  the -A option, it rewrites the files to stick in /*DOCDOC*/ comments
+  to highlight the undocumented stuff.
+"""
+
+import os
+import re
+import shutil
+import sys
+
+warning_pattern = re.compile(r'^([^:]+):(\d+): warning: (.*) is not documented')
+
+def readDoxygenOutput(f):
+    " yields (cfilename, lineno, thingname) "
+    for line in f:
+        m = warning_pattern.match(line)
+        if m:
+            yield m.groups()
+
+warnings = {}
+
+def buildWarnings():
+    for fn, lineno, what in list(readDoxygenOutput(sys.stdin)):
+        warnings.setdefault(fn, []).append( (int(lineno), what) )
+
+def count(fn):
+    if os.path.abspath(fn) not in warnings:
+        print "0\t%s"%fn
+    else:
+        n = len(warnings[os.path.abspath(fn)])
+        print "%d\t%s"%(n,fn)
+
+def getIndentation(line):
+    s = line.lstrip()
+    return line[:len(line)-len(s)]
+
+def annotate(filename):
+    if os.path.abspath(filename) not in warnings:
+        return
+    with open(filename) as f:
+        lines = f.readlines()
+    w = warnings[os.path.abspath(filename)][:]
+    w.sort()
+    w.reverse()
+
+    for lineno, what in w:
+        lineno -= 1 # list is 0-indexed.
+        if 'DOCDOC' in lines[lineno]:
+            continue
+        ind = getIndentation(lines[lineno])
+        lines.insert(lineno, "%s/* DOCDOC %s */\n"%(ind,what))
+
+    shutil.copy(filename, filename+".orig")
+    with open(filename, 'w') as f:
+        for l in lines:
+            f.write(l)
+
+
+if __name__ == '__main__':
+    if len(sys.argv) == 1:
+        print "Usage: locatemissingdoxygen.py [-A] filename... <doxygen_log"
+        sys.exit(1)
+    buildWarnings()
+    if sys.argv[1] == '-A':
+        del sys.argv[1]
+        func = annotate
+    else:
+        func = count
+    for fname in sys.argv[1:]:
+        func(fname)
diff --git a/scripts/maint/redox.py b/scripts/maint/redox.py
index fa816a7267..5933d49773 100755
--- a/scripts/maint/redox.py
+++ b/scripts/maint/redox.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-#  Copyright (c) 2008-2013, The Tor Project, Inc.
+#  Copyright (c) 2008-2015, The Tor Project, Inc.
 #  See LICENSE for licensing information.
 #
 # Hi!
diff --git a/scripts/maint/sortChanges.py b/scripts/maint/sortChanges.py
index 726a723f93..d6ec0e269d 100755
--- a/scripts/maint/sortChanges.py
+++ b/scripts/maint/sortChanges.py
@@ -1,12 +1,10 @@
 #!/usr/bin/python
-# Copyright (c) 2014, The Tor Project, Inc.
+# Copyright (c) 2014-2015, The Tor Project, Inc.
 # See LICENSE for licensing information
 
 """This script sorts a bunch of changes files listed on its command
    line into roughly the order in which they should appear in the
    changelog.
-
-   TODO: collation support.
 """
 
 import re
@@ -18,10 +16,36 @@ def fetch(fn):
         s = "%s\n" % s.rstrip()
         return s
 
-def score(s):
-    m = re.match(r'^ +o (.*)', s)
+CSR='Code simplification and refactoring'
+
+REPLACEMENTS = {
+    # plurals
+    'Minor bugfix' : 'Minor bugfixes',
+    'Major bugfix' : 'Major bugfixes',
+    'Minor feature' : 'Minor features',
+    'Major feature' : 'Major features',
+    'Removed feature' : 'Removed features',
+    'Code simplification and refactorings' : CSR,
+    'Code simplifications and refactoring' : CSR,
+    'Code simplifications and refactorings' : CSR,
+
+    # wrong words
+    'Minor fix' : 'Minor bugfixes',
+    'Major fix' : 'Major bugfixes',
+    'Minor fixes' : 'Minor bugfixes',
+    'Major fixes' : 'Major bugfixes',
+    'Minor enhancement' : 'Minor features',
+    'Minor enhancements' : 'Minor features',
+    'Major enhancement' : 'Major features',
+    'Major enhancements' : 'Major features',
+}
+
+def score(s,fname=None):
+    m = re.match(r'^ +o ([^\n]*)\n(.*)', s, re.M|re.S)
     if not m:
-        print >>sys.stderr, "Can't score %r"%s
+        print >>sys.stderr, "Can't score %r from %s"%(s,fname)
+    heading = m.group(1)
+    heading = REPLACEMENTS.get(heading, heading)
     lw = m.group(1).lower()
     if lw.startswith("major feature"):
         score = 0
@@ -38,12 +62,47 @@ def score(s):
     else:
         score = 100
 
-    return (score,  lw, s)
+    return (score, lw, heading, m.group(2))
+
+def splitChanges(s):
+    this_entry = []
+    for line in s.split("\n"):
+        if line.strip() == "":
+            continue
+        if re.match(r" +o ", line):
+            if len(this_entry) > 2:
+                yield "".join(this_entry)
+            curHeader = line
+            this_entry = [ curHeader, "\n" ]
+            continue
+        elif re.match(r" +- ", line):
+            if len(this_entry) > 2:
+                yield "".join(this_entry)
+            this_entry = [ curHeader, "\n" ]
 
+        this_entry.append(line)
+        this_entry.append("\n")
 
-changes = [ score(fetch(fn)) for fn in sys.argv[1:] if not fn.endswith('~') ]
+    if len(this_entry) > 2:
+        yield "".join(this_entry)
+
+
+changes = []
+
+for fn in sys.argv[1:]:
+    if fn.endswith('~'):
+        continue
+    for change in splitChanges(fetch(fn)):
+        changes.append(score(change,fn))
 
 changes.sort()
 
-for _, _, s in changes:
-    print s
+last_lw = "this is not a header"
+for _, lw, header, rest in changes:
+    if lw == last_lw:
+        print rest,
+    else:
+        print
+        print "  o",header
+        print rest,
+        last_lw = lw
diff --git a/scripts/maint/updateCopyright.pl b/scripts/maint/updateCopyright.pl
new file mode 100755
index 0000000000..8bd6a18210
--- /dev/null
+++ b/scripts/maint/updateCopyright.pl
@@ -0,0 +1,7 @@
+#!/usr/bin/perl -i -w -p
+
+$NEWYEAR=2016;
+
+s/Copyright(.*) (201[^6]), The Tor Project/Copyright$1 $2-${NEWYEAR}, The Tor Project/;
+
+s/Copyright(.*)-(20..), The Tor Project/Copyright$1-${NEWYEAR}, The Tor Project/;
diff --git a/scripts/maint/updateFallbackDirs.py b/scripts/maint/updateFallbackDirs.py
new file mode 100755
index 0000000000..110ecda64c
--- /dev/null
+++ b/scripts/maint/updateFallbackDirs.py
@@ -0,0 +1,1999 @@
+#!/usr/bin/python
+
+# Usage: scripts/maint/updateFallbackDirs.py > src/or/fallback_dirs.inc
+#
+# This script should be run from a stable, reliable network connection,
+# with no other network activity (and not over tor).
+# If this is not possible, please disable:
+# PERFORM_IPV4_DIRPORT_CHECKS and PERFORM_IPV6_DIRPORT_CHECKS
+#
+# Needs dateutil (and potentially other python packages)
+# Needs stem available in your PYTHONPATH, or just ln -s ../stem/stem .
+# Optionally uses ipaddress (python 3 builtin) or py2-ipaddress (package)
+# for netblock analysis, in PYTHONPATH, or just
+# ln -s ../py2-ipaddress-3.4.1/ipaddress.py .
+#
+# Then read the logs to make sure the fallbacks aren't dominated by a single
+# netblock or port
+
+# Script by weasel, April 2015
+# Portions by gsathya & karsten, 2013
+# https://trac.torproject.org/projects/tor/attachment/ticket/8374/dir_list.2.py
+# Modifications by teor, 2015
+
+import StringIO
+import string
+import re
+import datetime
+import gzip
+import os.path
+import json
+import math
+import sys
+import urllib
+import urllib2
+import hashlib
+import dateutil.parser
+# bson_lazy provides bson
+#from bson import json_util
+import copy
+
+from stem.descriptor.remote import DescriptorDownloader
+
+import logging
+# INFO tells you why each relay was included or excluded
+# WARN tells you about potential misconfigurations and relay detail changes
+logging.basicConfig(level=logging.WARNING)
+logging.root.name = ''
+# INFO tells you about each consensus download attempt
+logging.getLogger('stem').setLevel(logging.WARNING)
+
+HAVE_IPADDRESS = False
+try:
+  # python 3 builtin, or install package py2-ipaddress
+  # there are several ipaddress implementations for python 2
+  # with slightly different semantics with str typed text
+  # fortunately, all our IP addresses are in unicode
+  import ipaddress
+  HAVE_IPADDRESS = True
+except ImportError:
+  # if this happens, we avoid doing netblock analysis
+  logging.warning('Unable to import ipaddress, please install py2-ipaddress.' +
+                  ' A fallback list will be created, but optional netblock' +
+                  ' analysis will not be performed.')
+
+## Top-Level Configuration
+
+# Output all candidate fallbacks, or only output selected fallbacks?
+OUTPUT_CANDIDATES = False
+
+# Perform DirPort checks over IPv4?
+# Change this to False if IPv4 doesn't work for you, or if you don't want to
+# download a consensus for each fallback
+# Don't check ~1000 candidates when OUTPUT_CANDIDATES is True
+PERFORM_IPV4_DIRPORT_CHECKS = False if OUTPUT_CANDIDATES else True
+
+# Perform DirPort checks over IPv6?
+# If you know IPv6 works for you, set this to True
+# This will exclude IPv6 relays without an IPv6 DirPort configured
+# So it's best left at False until #18394 is implemented
+# Don't check ~1000 candidates when OUTPUT_CANDIDATES is True
+PERFORM_IPV6_DIRPORT_CHECKS = False if OUTPUT_CANDIDATES else False
+
+# Output fallback name, flags, and ContactInfo in a C comment?
+OUTPUT_COMMENTS = True if OUTPUT_CANDIDATES else False
+
+# Output matching ContactInfo in fallbacks list or the blacklist?
+# Useful if you're trying to contact operators
+CONTACT_COUNT = True if OUTPUT_CANDIDATES else False
+CONTACT_BLACKLIST_COUNT = True if OUTPUT_CANDIDATES else False
+
+## OnionOO Settings
+
+ONIONOO = 'https://onionoo.torproject.org/'
+#ONIONOO = 'https://onionoo.thecthulhu.com/'
+
+# Don't bother going out to the Internet, just use the files available locally,
+# even if they're very old
+LOCAL_FILES_ONLY = False
+
+## Whitelist / Blacklist Filter Settings
+
+# The whitelist contains entries that are included if all attributes match
+# (IPv4, dirport, orport, id, and optionally IPv6 and IPv6 orport)
+# The blacklist contains (partial) entries that are excluded if any
+# sufficiently specific group of attributes matches:
+# IPv4 & DirPort
+# IPv4 & ORPort
+# ID
+# IPv6 & DirPort
+# IPv6 & IPv6 ORPort
+# If neither port is included in the blacklist, the entire IP address is
+# blacklisted.
+
+# What happens to entries in neither list?
+# When True, they are included, when False, they are excluded
+INCLUDE_UNLISTED_ENTRIES = True if OUTPUT_CANDIDATES else False
+
+# If an entry is in both lists, what happens?
+# When True, it is excluded, when False, it is included
+BLACKLIST_EXCLUDES_WHITELIST_ENTRIES = True
+
+WHITELIST_FILE_NAME = 'scripts/maint/fallback.whitelist'
+BLACKLIST_FILE_NAME = 'scripts/maint/fallback.blacklist'
+
+# The number of bytes we'll read from a filter file before giving up
+MAX_LIST_FILE_SIZE = 1024 * 1024
+
+## Eligibility Settings
+
+# Reduced due to a bug in tor where a relay submits a 0 DirPort when restarted
+# This causes OnionOO to (correctly) reset its stability timer
+# This issue will be fixed in 0.2.7.7 and 0.2.8.2
+# Until then, the CUTOFFs below ensure a decent level of stability.
+ADDRESS_AND_PORT_STABLE_DAYS = 7
+# What time-weighted-fraction of these flags must FallbackDirs
+# Equal or Exceed?
+CUTOFF_RUNNING = .95
+CUTOFF_V2DIR = .95
+CUTOFF_GUARD = .95
+# What time-weighted-fraction of these flags must FallbackDirs
+# Equal or Fall Under?
+# .00 means no bad exits
+PERMITTED_BADEXIT = .00
+
+# older entries' weights are adjusted with ALPHA^(age in days)
+AGE_ALPHA = 0.99
+
+# this factor is used to scale OnionOO entries to [0,1]
+ONIONOO_SCALE_ONE = 999.
+
+## Fallback Count Limits
+
+# The target for these parameters is 20% of the guards in the network
+# This is around 200 as of October 2015
+_FB_POG = 0.2
+FALLBACK_PROPORTION_OF_GUARDS = None if OUTPUT_CANDIDATES else _FB_POG
+
+# We want exactly 100 fallbacks for the initial release
+# This gives us scope to add extra fallbacks to the list as needed
+# Limit the number of fallbacks (eliminating lowest by advertised bandwidth)
+MAX_FALLBACK_COUNT = None if OUTPUT_CANDIDATES else 100
+# Emit a C #error if the number of fallbacks is below
+MIN_FALLBACK_COUNT = 100
+
+## Fallback Bandwidth Requirements
+
+# Any fallback with the Exit flag has its bandwidth multipled by this fraction
+# to make sure we aren't further overloading exits
+# (Set to 1.0, because we asked that only lightly loaded exits opt-in,
+# and the extra load really isn't that much for large relays.)
+EXIT_BANDWIDTH_FRACTION = 1.0
+
+# If a single fallback's bandwidth is too low, it's pointless adding it
+# We expect fallbacks to handle an extra 30 kilobytes per second of traffic
+# Make sure they can support a hundred times the expected extra load
+# (Use 102.4 to make it come out nicely in MB/s)
+# We convert this to a consensus weight before applying the filter,
+# because all the bandwidth amounts are specified by the relay
+MIN_BANDWIDTH = 102.4 * 30.0 * 1024.0
+
+# Clients will time out after 30 seconds trying to download a consensus
+# So allow fallback directories half that to deliver a consensus
+# The exact download times might change based on the network connection
+# running this script, but only by a few seconds
+# There is also about a second of python overhead
+CONSENSUS_DOWNLOAD_SPEED_MAX = 15.0
+# If the relay fails a consensus check, retry the download
+# This avoids delisting a relay due to transient network conditions
+CONSENSUS_DOWNLOAD_RETRY = True
+
+## Fallback Weights for Client Selection
+
+# All fallback weights are equal, and set to the value below
+# Authorities are weighted 1.0 by default
+# Clients use these weights to select fallbacks and authorities at random
+# If there are 100 fallbacks and 9 authorities:
+#  - each fallback is chosen with probability 10.0/(10.0*100 + 1.0*9) ~= 0.99%
+#  - each authority is chosen with probability 1.0/(10.0*100 + 1.0*9) ~= 0.09%
+# A client choosing a bootstrap directory server will choose a fallback for
+# 10.0/(10.0*100 + 1.0*9) * 100 = 99.1% of attempts, and an authority for
+# 1.0/(10.0*100 + 1.0*9) * 9 = 0.9% of attempts.
+# (This disregards the bootstrap schedules, where clients start by choosing
+# from fallbacks & authoritites, then later choose from only authorities.)
+FALLBACK_OUTPUT_WEIGHT = 10.0
+
+## Parsing Functions
+
+def parse_ts(t):
+  return datetime.datetime.strptime(t, "%Y-%m-%d %H:%M:%S")
+
+def remove_bad_chars(raw_string, bad_char_list):
+  # Remove each character in the bad_char_list
+  cleansed_string = raw_string
+  for c in bad_char_list:
+    cleansed_string = cleansed_string.replace(c, '')
+  return cleansed_string
+
+def cleanse_unprintable(raw_string):
+  # Remove all unprintable characters
+  cleansed_string = ''
+  for c in raw_string:
+    if c in string.printable:
+      cleansed_string += c
+  return cleansed_string
+
+def cleanse_whitespace(raw_string):
+  # Replace all whitespace characters with a space
+  cleansed_string = raw_string
+  for c in string.whitespace:
+    cleansed_string = cleansed_string.replace(c, ' ')
+  return cleansed_string
+
+def cleanse_c_multiline_comment(raw_string):
+  cleansed_string = raw_string
+  # Embedded newlines should be removed by tor/onionoo, but let's be paranoid
+  cleansed_string = cleanse_whitespace(cleansed_string)
+  # ContactInfo and Version can be arbitrary binary data
+  cleansed_string = cleanse_unprintable(cleansed_string)
+  # Prevent a malicious / unanticipated string from breaking out
+  # of a C-style multiline comment
+  # This removes '/*' and '*/' and '//'
+  bad_char_list = '*/'
+  # Prevent a malicious string from using C nulls
+  bad_char_list += '\0'
+  # Be safer by removing bad characters entirely
+  cleansed_string = remove_bad_chars(cleansed_string, bad_char_list)
+  # Some compilers may further process the content of comments
+  # There isn't much we can do to cover every possible case
+  # But comment-based directives are typically only advisory
+  return cleansed_string
+
+def cleanse_c_string(raw_string):
+  cleansed_string = raw_string
+  # Embedded newlines should be removed by tor/onionoo, but let's be paranoid
+  cleansed_string = cleanse_whitespace(cleansed_string)
+  # ContactInfo and Version can be arbitrary binary data
+  cleansed_string = cleanse_unprintable(cleansed_string)
+  # Prevent a malicious address/fingerprint string from breaking out
+  # of a C-style string
+  bad_char_list = '"'
+  # Prevent a malicious string from using escapes
+  bad_char_list += '\\'
+  # Prevent a malicious string from using C nulls
+  bad_char_list += '\0'
+  # Be safer by removing bad characters entirely
+  cleansed_string = remove_bad_chars(cleansed_string, bad_char_list)
+  # Some compilers may further process the content of strings
+  # There isn't much we can do to cover every possible case
+  # But this typically only results in changes to the string data
+  return cleansed_string
+
+## OnionOO Source Functions
+
+# a dictionary of source metadata for each onionoo query we've made
+fetch_source = {}
+
+# register source metadata for 'what'
+# assumes we only retrieve one document for each 'what'
+def register_fetch_source(what, url, relays_published, version):
+  fetch_source[what] = {}
+  fetch_source[what]['url'] = url
+  fetch_source[what]['relays_published'] = relays_published
+  fetch_source[what]['version'] = version
+
+# list each registered source's 'what'
+def fetch_source_list():
+  return sorted(fetch_source.keys())
+
+# given 'what', provide a multiline C comment describing the source
+def describe_fetch_source(what):
+  desc = '/*'
+  desc += '\n'
+  desc += 'Onionoo Source: '
+  desc += cleanse_c_multiline_comment(what)
+  desc += ' Date: '
+  desc += cleanse_c_multiline_comment(fetch_source[what]['relays_published'])
+  desc += ' Version: '
+  desc += cleanse_c_multiline_comment(fetch_source[what]['version'])
+  desc += '\n'
+  desc += 'URL: '
+  desc += cleanse_c_multiline_comment(fetch_source[what]['url'])
+  desc += '\n'
+  desc += '*/'
+  return desc
+
+## File Processing Functions
+
+def write_to_file(str, file_name, max_len):
+  try:
+    with open(file_name, 'w') as f:
+      f.write(str[0:max_len])
+  except EnvironmentError, error:
+    logging.error('Writing file %s failed: %d: %s'%
+                  (file_name,
+                   error.errno,
+                   error.strerror)
+                  )
+
+def read_from_file(file_name, max_len):
+  try:
+    if os.path.isfile(file_name):
+      with open(file_name, 'r') as f:
+        return f.read(max_len)
+  except EnvironmentError, error:
+    logging.info('Loading file %s failed: %d: %s'%
+                 (file_name,
+                  error.errno,
+                  error.strerror)
+                 )
+  return None
+
+def load_possibly_compressed_response_json(response):
+    if response.info().get('Content-Encoding') == 'gzip':
+      buf = StringIO.StringIO( response.read() )
+      f = gzip.GzipFile(fileobj=buf)
+      return json.load(f)
+    else:
+      return json.load(response)
+
+def load_json_from_file(json_file_name):
+    # An exception here may be resolved by deleting the .last_modified
+    # and .json files, and re-running the script
+    try:
+      with open(json_file_name, 'r') as f:
+        return json.load(f)
+    except EnvironmentError, error:
+      raise Exception('Reading not-modified json file %s failed: %d: %s'%
+                    (json_file_name,
+                     error.errno,
+                     error.strerror)
+                    )
+
+## OnionOO Functions
+
+def datestr_to_datetime(datestr):
+  # Parse datetimes like: Fri, 02 Oct 2015 13:34:14 GMT
+  if datestr is not None:
+    dt = dateutil.parser.parse(datestr)
+  else:
+    # Never modified - use start of epoch
+    dt = datetime.datetime.utcfromtimestamp(0)
+  # strip any timezone out (in case they're supported in future)
+  dt = dt.replace(tzinfo=None)
+  return dt
+
+def onionoo_fetch(what, **kwargs):
+  params = kwargs
+  params['type'] = 'relay'
+  #params['limit'] = 10
+  params['first_seen_days'] = '%d-'%(ADDRESS_AND_PORT_STABLE_DAYS,)
+  params['last_seen_days'] = '-7'
+  params['flag'] = 'V2Dir'
+  url = ONIONOO + what + '?' + urllib.urlencode(params)
+
+  # Unfortunately, the URL is too long for some OS filenames,
+  # but we still don't want to get files from different URLs mixed up
+  base_file_name = what + '-' + hashlib.sha1(url).hexdigest()
+
+  full_url_file_name = base_file_name + '.full_url'
+  MAX_FULL_URL_LENGTH = 1024
+
+  last_modified_file_name = base_file_name + '.last_modified'
+  MAX_LAST_MODIFIED_LENGTH = 64
+
+  json_file_name = base_file_name + '.json'
+
+  if LOCAL_FILES_ONLY:
+    # Read from the local file, don't write to anything
+    response_json = load_json_from_file(json_file_name)
+  else:
+    # store the full URL to a file for debugging
+    # no need to compare as long as you trust SHA-1
+    write_to_file(url, full_url_file_name, MAX_FULL_URL_LENGTH)
+
+    request = urllib2.Request(url)
+    request.add_header('Accept-encoding', 'gzip')
+
+    # load the last modified date from the file, if it exists
+    last_mod_date = read_from_file(last_modified_file_name,
+                                   MAX_LAST_MODIFIED_LENGTH)
+    if last_mod_date is not None:
+      request.add_header('If-modified-since', last_mod_date)
+
+    # Parse last modified date
+    last_mod = datestr_to_datetime(last_mod_date)
+
+    # Not Modified and still recent enough to be useful
+    # Onionoo / Globe used to use 6 hours, but we can afford a day
+    required_freshness = datetime.datetime.utcnow()
+    # strip any timezone out (to match dateutil.parser)
+    required_freshness = required_freshness.replace(tzinfo=None)
+    required_freshness -= datetime.timedelta(hours=24)
+
+    # Make the OnionOO request
+    response_code = 0
+    try:
+      response = urllib2.urlopen(request)
+      response_code = response.getcode()
+    except urllib2.HTTPError, error:
+      response_code = error.code
+      if response_code == 304: # not modified
+        pass
+      else:
+        raise Exception("Could not get " + url + ": "
+                        + str(error.code) + ": " + error.reason)
+
+    if response_code == 200: # OK
+      last_mod = datestr_to_datetime(response.info().get('Last-Modified'))
+
+    # Check for freshness
+    if last_mod < required_freshness:
+      if last_mod_date is not None:
+        # This check sometimes fails transiently, retry the script if it does
+        date_message = "Outdated data: last updated " + last_mod_date
+      else:
+        date_message = "No data: never downloaded "
+      raise Exception(date_message + " from " + url)
+
+    # Process the data
+    if response_code == 200: # OK
+
+      response_json = load_possibly_compressed_response_json(response)
+
+      with open(json_file_name, 'w') as f:
+        # use the most compact json representation to save space
+        json.dump(response_json, f, separators=(',',':'))
+
+      # store the last modified date in its own file
+      if response.info().get('Last-modified') is not None:
+        write_to_file(response.info().get('Last-Modified'),
+                      last_modified_file_name,
+                      MAX_LAST_MODIFIED_LENGTH)
+
+    elif response_code == 304: # Not Modified
+
+      response_json = load_json_from_file(json_file_name)
+
+    else: # Unexpected HTTP response code not covered in the HTTPError above
+      raise Exception("Unexpected HTTP response code to " + url + ": "
+                      + str(response_code))
+
+  register_fetch_source(what,
+                        url,
+                        response_json['relays_published'],
+                        response_json['version'])
+
+  return response_json
+
+def fetch(what, **kwargs):
+  #x = onionoo_fetch(what, **kwargs)
+  # don't use sort_keys, as the order of or_addresses is significant
+  #print json.dumps(x, indent=4, separators=(',', ': '))
+  #sys.exit(0)
+
+  return onionoo_fetch(what, **kwargs)
+
+## Fallback Candidate Class
+
+class Candidate(object):
+  CUTOFF_ADDRESS_AND_PORT_STABLE = (datetime.datetime.utcnow()
+                            - datetime.timedelta(ADDRESS_AND_PORT_STABLE_DAYS))
+
+  def __init__(self, details):
+    for f in ['fingerprint', 'nickname', 'last_changed_address_or_port',
+              'consensus_weight', 'or_addresses', 'dir_address']:
+      if not f in details: raise Exception("Document has no %s field."%(f,))
+
+    if not 'contact' in details:
+      details['contact'] = None
+    if not 'flags' in details or details['flags'] is None:
+      details['flags'] = []
+    if (not 'advertised_bandwidth' in details
+        or details['advertised_bandwidth'] is None):
+      # relays without advertised bandwdith have it calculated from their
+      # consensus weight
+      details['advertised_bandwidth'] = 0
+    if (not 'effective_family' in details
+        or details['effective_family'] is None):
+      details['effective_family'] = []
+    details['last_changed_address_or_port'] = parse_ts(
+                                      details['last_changed_address_or_port'])
+    self._data = details
+    self._stable_sort_or_addresses()
+
+    self._fpr = self._data['fingerprint']
+    self._running = self._guard = self._v2dir = 0.
+    self._split_dirport()
+    self._compute_orport()
+    if self.orport is None:
+      raise Exception("Failed to get an orport for %s."%(self._fpr,))
+    self._compute_ipv6addr()
+    if not self.has_ipv6():
+      logging.debug("Failed to get an ipv6 address for %s."%(self._fpr,))
+
+  def _stable_sort_or_addresses(self):
+    # replace self._data['or_addresses'] with a stable ordering,
+    # sorting the secondary addresses in string order
+    # leave the received order in self._data['or_addresses_raw']
+    self._data['or_addresses_raw'] = self._data['or_addresses']
+    or_address_primary = self._data['or_addresses'][:1]
+    # subsequent entries in the or_addresses array are in an arbitrary order
+    # so we stabilise the addresses by sorting them in string order
+    or_addresses_secondaries_stable = sorted(self._data['or_addresses'][1:])
+    or_addresses_stable = or_address_primary + or_addresses_secondaries_stable
+    self._data['or_addresses'] = or_addresses_stable
+
+  def get_fingerprint(self):
+    return self._fpr
+
+  # is_valid_ipv[46]_address by gsathya, karsten, 2013
+  @staticmethod
+  def is_valid_ipv4_address(address):
+    if not isinstance(address, (str, unicode)):
+      return False
+
+    # check if there are four period separated values
+    if address.count(".") != 3:
+      return False
+
+    # checks that each value in the octet are decimal values between 0-255
+    for entry in address.split("."):
+      if not entry.isdigit() or int(entry) < 0 or int(entry) > 255:
+        return False
+      elif entry[0] == "0" and len(entry) > 1:
+        return False  # leading zeros, for instance in "1.2.3.001"
+
+    return True
+
+  @staticmethod
+  def is_valid_ipv6_address(address):
+    if not isinstance(address, (str, unicode)):
+      return False
+
+    # remove brackets
+    address = address[1:-1]
+
+    # addresses are made up of eight colon separated groups of four hex digits
+    # with leading zeros being optional
+    # https://en.wikipedia.org/wiki/IPv6#Address_format
+
+    colon_count = address.count(":")
+
+    if colon_count > 7:
+      return False  # too many groups
+    elif colon_count != 7 and not "::" in address:
+      return False  # not enough groups and none are collapsed
+    elif address.count("::") > 1 or ":::" in address:
+      return False  # multiple groupings of zeros can't be collapsed
+
+    found_ipv4_on_previous_entry = False
+    for entry in address.split(":"):
+      # If an IPv6 address has an embedded IPv4 address,
+      # it must be the last entry
+      if found_ipv4_on_previous_entry:
+        return False
+      if not re.match("^[0-9a-fA-f]{0,4}$", entry):
+        if not Candidate.is_valid_ipv4_address(entry):
+          return False
+        else:
+          found_ipv4_on_previous_entry = True
+
+    return True
+
+  def _split_dirport(self):
+    # Split the dir_address into dirip and dirport
+    (self.dirip, _dirport) = self._data['dir_address'].split(':', 2)
+    self.dirport = int(_dirport)
+
+  def _compute_orport(self):
+    # Choose the first ORPort that's on the same IPv4 address as the DirPort.
+    # In rare circumstances, this might not be the primary ORPort address.
+    # However, _stable_sort_or_addresses() ensures we choose the same one
+    # every time, even if onionoo changes the order of the secondaries.
+    self._split_dirport()
+    self.orport = None
+    for i in self._data['or_addresses']:
+      if i != self._data['or_addresses'][0]:
+        logging.debug('Secondary IPv4 Address Used for %s: %s'%(self._fpr, i))
+      (ipaddr, port) = i.rsplit(':', 1)
+      if (ipaddr == self.dirip) and Candidate.is_valid_ipv4_address(ipaddr):
+        self.orport = int(port)
+        return
+
+  def _compute_ipv6addr(self):
+    # Choose the first IPv6 address that uses the same port as the ORPort
+    # Or, choose the first IPv6 address in the list
+    # _stable_sort_or_addresses() ensures we choose the same IPv6 address
+    # every time, even if onionoo changes the order of the secondaries.
+    self.ipv6addr = None
+    self.ipv6orport = None
+    # Choose the first IPv6 address that uses the same port as the ORPort
+    for i in self._data['or_addresses']:
+      (ipaddr, port) = i.rsplit(':', 1)
+      if (port == self.orport) and Candidate.is_valid_ipv6_address(ipaddr):
+        self.ipv6addr = ipaddr
+        self.ipv6orport = int(port)
+        return
+    # Choose the first IPv6 address in the list
+    for i in self._data['or_addresses']:
+      (ipaddr, port) = i.rsplit(':', 1)
+      if Candidate.is_valid_ipv6_address(ipaddr):
+        self.ipv6addr = ipaddr
+        self.ipv6orport = int(port)
+        return
+
+  @staticmethod
+  def _extract_generic_history(history, which='unknown'):
+    # given a tree like this:
+    #   {
+    #     "1_month": {
+    #         "count": 187,
+    #         "factor": 0.001001001001001001,
+    #         "first": "2015-02-27 06:00:00",
+    #         "interval": 14400,
+    #         "last": "2015-03-30 06:00:00",
+    #         "values": [
+    #             999,
+    #             999
+    #         ]
+    #     },
+    #     "1_week": {
+    #         "count": 169,
+    #         "factor": 0.001001001001001001,
+    #         "first": "2015-03-23 07:30:00",
+    #         "interval": 3600,
+    #         "last": "2015-03-30 07:30:00",
+    #         "values": [ ...]
+    #     },
+    #     "1_year": {
+    #         "count": 177,
+    #         "factor": 0.001001001001001001,
+    #         "first": "2014-04-11 00:00:00",
+    #         "interval": 172800,
+    #         "last": "2015-03-29 00:00:00",
+    #         "values": [ ...]
+    #     },
+    #     "3_months": {
+    #         "count": 185,
+    #         "factor": 0.001001001001001001,
+    #         "first": "2014-12-28 06:00:00",
+    #         "interval": 43200,
+    #         "last": "2015-03-30 06:00:00",
+    #         "values": [ ...]
+    #     }
+    #   },
+    # extract exactly one piece of data per time interval,
+    # using smaller intervals where available.
+    #
+    # returns list of (age, length, value) dictionaries.
+
+    generic_history = []
+
+    periods = history.keys()
+    periods.sort(key = lambda x: history[x]['interval'])
+    now = datetime.datetime.utcnow()
+    newest = now
+    for p in periods:
+      h = history[p]
+      interval = datetime.timedelta(seconds = h['interval'])
+      this_ts = parse_ts(h['last'])
+
+      if (len(h['values']) != h['count']):
+        logging.warning('Inconsistent value count in %s document for %s'
+                        %(p, which))
+      for v in reversed(h['values']):
+        if (this_ts <= newest):
+          agt1 = now - this_ts
+          agt2 = interval
+          agetmp1 = (agt1.microseconds + (agt1.seconds + agt1.days * 24 * 3600)
+                     * 10**6) / 10**6
+          agetmp2 = (agt2.microseconds + (agt2.seconds + agt2.days * 24 * 3600)
+                     * 10**6) / 10**6
+          generic_history.append(
+            { 'age': agetmp1,
+              'length': agetmp2,
+              'value': v
+            })
+          newest = this_ts
+        this_ts -= interval
+
+      if (this_ts + interval != parse_ts(h['first'])):
+        logging.warning('Inconsistent time information in %s document for %s'
+                        %(p, which))
+
+    #print json.dumps(generic_history, sort_keys=True,
+    #                  indent=4, separators=(',', ': '))
+    return generic_history
+
+  @staticmethod
+  def _avg_generic_history(generic_history):
+    a = []
+    for i in generic_history:
+      if i['age'] > (ADDRESS_AND_PORT_STABLE_DAYS * 24 * 3600):
+        continue
+      if (i['length'] is not None
+          and i['age'] is not None
+          and i['value'] is not None):
+        w = i['length'] * math.pow(AGE_ALPHA, i['age']/(3600*24))
+        a.append( (i['value'] * w, w) )
+
+    sv = math.fsum(map(lambda x: x[0], a))
+    sw = math.fsum(map(lambda x: x[1], a))
+
+    if sw == 0.0:
+      svw = 0.0
+    else:
+      svw = sv/sw
+    return svw
+
+  def _add_generic_history(self, history):
+    periods = r['read_history'].keys()
+    periods.sort(key = lambda x: r['read_history'][x]['interval'] )
+
+    print periods
+
+  def add_running_history(self, history):
+    pass
+
+  def add_uptime(self, uptime):
+    logging.debug('Adding uptime %s.'%(self._fpr,))
+
+    # flags we care about: Running, V2Dir, Guard
+    if not 'flags' in uptime:
+      logging.debug('No flags in document for %s.'%(self._fpr,))
+      return
+
+    for f in ['Running', 'Guard', 'V2Dir']:
+      if not f in uptime['flags']:
+        logging.debug('No %s in flags for %s.'%(f, self._fpr,))
+        return
+
+    running = self._extract_generic_history(uptime['flags']['Running'],
+                                            '%s-Running'%(self._fpr))
+    guard = self._extract_generic_history(uptime['flags']['Guard'],
+                                          '%s-Guard'%(self._fpr))
+    v2dir = self._extract_generic_history(uptime['flags']['V2Dir'],
+                                          '%s-V2Dir'%(self._fpr))
+    if 'BadExit' in uptime['flags']:
+      badexit = self._extract_generic_history(uptime['flags']['BadExit'],
+                                              '%s-BadExit'%(self._fpr))
+
+    self._running = self._avg_generic_history(running) / ONIONOO_SCALE_ONE
+    self._guard = self._avg_generic_history(guard) / ONIONOO_SCALE_ONE
+    self._v2dir = self._avg_generic_history(v2dir) / ONIONOO_SCALE_ONE
+    self._badexit = None
+    if 'BadExit' in uptime['flags']:
+      self._badexit = self._avg_generic_history(badexit) / ONIONOO_SCALE_ONE
+
+  def is_candidate(self):
+    must_be_running_now = (PERFORM_IPV4_DIRPORT_CHECKS
+                           or PERFORM_IPV6_DIRPORT_CHECKS)
+    if (must_be_running_now and not self.is_running()):
+      logging.info('%s not a candidate: not running now, unable to check ' +
+                   'DirPort consensus download', self._fpr)
+      return False
+    if (self._data['last_changed_address_or_port'] >
+        self.CUTOFF_ADDRESS_AND_PORT_STABLE):
+      logging.info('%s not a candidate: changed address/port recently (%s)',
+                   self._fpr, self._data['last_changed_address_or_port'])
+      return False
+    if self._running < CUTOFF_RUNNING:
+      logging.info('%s not a candidate: running avg too low (%lf)',
+                   self._fpr, self._running)
+      return False
+    if self._v2dir < CUTOFF_V2DIR:
+      logging.info('%s not a candidate: v2dir avg too low (%lf)',
+                   self._fpr, self._v2dir)
+      return False
+    if self._badexit is not None and self._badexit > PERMITTED_BADEXIT:
+      logging.info('%s not a candidate: badexit avg too high (%lf)',
+                   self._fpr, self._badexit)
+      return False
+    # if the relay doesn't report a version, also exclude the relay
+    if (not self._data.has_key('recommended_version')
+        or not self._data['recommended_version']):
+      logging.info('%s not a candidate: version not recommended', self._fpr)
+      return False
+    if self._guard < CUTOFF_GUARD:
+      logging.info('%s not a candidate: guard avg too low (%lf)',
+                   self._fpr, self._guard)
+      return False
+    if (not self._data.has_key('consensus_weight')
+        or self._data['consensus_weight'] < 1):
+      logging.info('%s not a candidate: consensus weight invalid', self._fpr)
+      return False
+    return True
+
+  def is_in_whitelist(self, relaylist):
+    """ A fallback matches if each key in the whitelist line matches:
+          ipv4
+          dirport
+          orport
+          id
+          ipv6 address and port (if present)
+        If the fallback has an ipv6 key, the whitelist line must also have
+        it, and vice versa, otherwise they don't match. """
+    ipv6 = None
+    if self.has_ipv6():
+      ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
+    for entry in relaylist:
+      if entry['id'] != self._fpr:
+        # can't log here unless we match an IP and port, because every relay's
+        # fingerprint is compared to every entry's fingerprint
+        if entry['ipv4'] == self.dirip and int(entry['orport']) == self.orport:
+          logging.warning('%s excluded: has OR %s:%d changed fingerprint to ' +
+                          '%s?', entry['id'], self.dirip, self.orport,
+                          self._fpr)
+        if self.has_ipv6() and entry.has_key('ipv6') and entry['ipv6'] == ipv6:
+          logging.warning('%s excluded: has OR %s changed fingerprint to ' +
+                          '%s?', entry['id'], ipv6, self._fpr)
+        continue
+      if entry['ipv4'] != self.dirip:
+        logging.warning('%s excluded: has it changed IPv4 from %s to %s?',
+                        self._fpr, entry['ipv4'], self.dirip)
+        continue
+      if int(entry['dirport']) != self.dirport:
+        logging.warning('%s excluded: has it changed DirPort from %s:%d to ' +
+                        '%s:%d?', self._fpr, self.dirip, int(entry['dirport']),
+                        self.dirip, self.dirport)
+        continue
+      if int(entry['orport']) != self.orport:
+        logging.warning('%s excluded: has it changed ORPort from %s:%d to ' +
+                        '%s:%d?', self._fpr, self.dirip, int(entry['orport']),
+                        self.dirip, self.orport)
+        continue
+      if entry.has_key('ipv6') and self.has_ipv6():
+        # if both entry and fallback have an ipv6 address, compare them
+        if entry['ipv6'] != ipv6:
+          logging.warning('%s excluded: has it changed IPv6 ORPort from %s ' +
+                          'to %s?', self._fpr, entry['ipv6'], ipv6)
+          continue
+      # if the fallback has an IPv6 address but the whitelist entry
+      # doesn't, or vice versa, the whitelist entry doesn't match
+      elif entry.has_key('ipv6') and not self.has_ipv6():
+        logging.warning('%s excluded: has it lost its former IPv6 address %s?',
+                        self._fpr, entry['ipv6'])
+        continue
+      elif not entry.has_key('ipv6') and self.has_ipv6():
+        logging.warning('%s excluded: has it gained an IPv6 address %s?',
+                        self._fpr, ipv6)
+        continue
+      return True
+    return False
+
+  def is_in_blacklist(self, relaylist):
+    """ A fallback matches a blacklist line if a sufficiently specific group
+        of attributes matches:
+          ipv4 & dirport
+          ipv4 & orport
+          id
+          ipv6 & dirport
+          ipv6 & ipv6 orport
+        If the fallback and the blacklist line both have an ipv6 key,
+        their values will be compared, otherwise, they will be ignored.
+        If there is no dirport and no orport, the entry matches all relays on
+        that ip. """
+    for entry in relaylist:
+      for key in entry:
+        value = entry[key]
+        if key == 'id' and value == self._fpr:
+          logging.info('%s is in the blacklist: fingerprint matches',
+                       self._fpr)
+          return True
+        if key == 'ipv4' and value == self.dirip:
+          # if the dirport is present, check it too
+          if entry.has_key('dirport'):
+            if int(entry['dirport']) == self.dirport:
+              logging.info('%s is in the blacklist: IPv4 (%s) and ' +
+                           'DirPort (%d) match', self._fpr, self.dirip,
+                           self.dirport)
+              return True
+          # if the orport is present, check it too
+          elif entry.has_key('orport'):
+            if int(entry['orport']) == self.orport:
+              logging.info('%s is in the blacklist: IPv4 (%s) and ' +
+                           'ORPort (%d) match', self._fpr, self.dirip,
+                           self.orport)
+              return True
+          else:
+            logging.info('%s is in the blacklist: IPv4 (%s) matches, and ' +
+                         'entry has no DirPort or ORPort', self._fpr,
+                         self.dirip)
+            return True
+        ipv6 = None
+        if self.has_ipv6():
+          ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
+        if (key == 'ipv6' and self.has_ipv6()):
+        # if both entry and fallback have an ipv6 address, compare them,
+        # otherwise, disregard ipv6 addresses
+          if value == ipv6:
+            # if the dirport is present, check it too
+            if entry.has_key('dirport'):
+              if int(entry['dirport']) == self.dirport:
+                logging.info('%s is in the blacklist: IPv6 (%s) and ' +
+                             'DirPort (%d) match', self._fpr, ipv6,
+                             self.dirport)
+                return True
+            # we've already checked the ORPort, it's part of entry['ipv6']
+            else:
+              logging.info('%s is in the blacklist: IPv6 (%s) matches, and' +
+                           'entry has no DirPort', self._fpr, ipv6)
+              return True
+        elif (key == 'ipv6' or self.has_ipv6()):
+          # only log if the fingerprint matches but the IPv6 doesn't
+          if entry.has_key('id') and entry['id'] == self._fpr:
+            logging.info('%s skipping IPv6 blacklist comparison: relay ' +
+                         'has%s IPv6%s, but entry has%s IPv6%s', self._fpr,
+                         '' if self.has_ipv6() else ' no',
+                         (' (' + ipv6 + ')') if self.has_ipv6() else  '',
+                         '' if key == 'ipv6' else ' no',
+                         (' (' + value + ')') if key == 'ipv6' else '')
+            logging.warning('Has %s %s IPv6 address %s?', self._fpr,
+                        'gained an' if self.has_ipv6() else 'lost its former',
+                        ipv6 if self.has_ipv6() else value)
+    return False
+
+  def cw_to_bw_factor(self):
+    # any relays with a missing or zero consensus weight are not candidates
+    # any relays with a missing advertised bandwidth have it set to zero
+    return self._data['advertised_bandwidth'] / self._data['consensus_weight']
+
+  # since advertised_bandwidth is reported by the relay, it can be gamed
+  # to avoid this, use the median consensus weight to bandwidth factor to
+  # estimate this relay's measured bandwidth, and make that the upper limit
+  def measured_bandwidth(self, median_cw_to_bw_factor):
+    cw_to_bw= median_cw_to_bw_factor
+    # Reduce exit bandwidth to make sure we're not overloading them
+    if self.is_exit():
+      cw_to_bw *= EXIT_BANDWIDTH_FRACTION
+    measured_bandwidth = self._data['consensus_weight'] * cw_to_bw
+    if self._data['advertised_bandwidth'] != 0:
+      # limit advertised bandwidth (if available) to measured bandwidth
+      return min(measured_bandwidth, self._data['advertised_bandwidth'])
+    else:
+      return measured_bandwidth
+
+  def set_measured_bandwidth(self, median_cw_to_bw_factor):
+    self._data['measured_bandwidth'] = self.measured_bandwidth(
+                                                      median_cw_to_bw_factor)
+
+  def is_exit(self):
+    return 'Exit' in self._data['flags']
+
+  def is_guard(self):
+    return 'Guard' in self._data['flags']
+
+  def is_running(self):
+    return 'Running' in self._data['flags']
+
+  # does this fallback have an IPv6 address and orport?
+  def has_ipv6(self):
+    return self.ipv6addr is not None and self.ipv6orport is not None
+
+  # strip leading and trailing brackets from an IPv6 address
+  # safe to use on non-bracketed IPv6 and on IPv4 addresses
+  # also convert to unicode, and make None appear as ''
+  @staticmethod
+  def strip_ipv6_brackets(ip):
+    if ip is None:
+      return unicode('')
+    if len(ip) < 2:
+      return unicode(ip)
+    if ip[0] == '[' and ip[-1] == ']':
+      return unicode(ip[1:-1])
+    return unicode(ip)
+
+  # are ip_a and ip_b in the same netblock?
+  # mask_bits is the size of the netblock
+  # takes both IPv4 and IPv6 addresses
+  # the versions of ip_a and ip_b must be the same
+  # the mask must be valid for the IP version
+  @staticmethod
+  def netblocks_equal(ip_a, ip_b, mask_bits):
+    if ip_a is None or ip_b is None:
+      return False
+    ip_a = Candidate.strip_ipv6_brackets(ip_a)
+    ip_b = Candidate.strip_ipv6_brackets(ip_b)
+    a = ipaddress.ip_address(ip_a)
+    b = ipaddress.ip_address(ip_b)
+    if a.version != b.version:
+      raise Exception('Mismatching IP versions in %s and %s'%(ip_a, ip_b))
+    if mask_bits > a.max_prefixlen:
+      logging.error('Bad IP mask %d for %s and %s'%(mask_bits, ip_a, ip_b))
+      mask_bits = a.max_prefixlen
+    if mask_bits < 0:
+      logging.error('Bad IP mask %d for %s and %s'%(mask_bits, ip_a, ip_b))
+      mask_bits = 0
+    a_net = ipaddress.ip_network('%s/%d'%(ip_a, mask_bits), strict=False)
+    return b in a_net
+
+  # is this fallback's IPv4 address (dirip) in the same netblock as other's
+  # IPv4 address?
+  # mask_bits is the size of the netblock
+  def ipv4_netblocks_equal(self, other, mask_bits):
+    return Candidate.netblocks_equal(self.dirip, other.dirip, mask_bits)
+
+  # is this fallback's IPv6 address (ipv6addr) in the same netblock as
+  # other's IPv6 address?
+  # Returns False if either fallback has no IPv6 address
+  # mask_bits is the size of the netblock
+  def ipv6_netblocks_equal(self, other, mask_bits):
+    if not self.has_ipv6() or not other.has_ipv6():
+      return False
+    return Candidate.netblocks_equal(self.ipv6addr, other.ipv6addr, mask_bits)
+
+  # is this fallback's IPv4 DirPort the same as other's IPv4 DirPort?
+  def dirport_equal(self, other):
+    return self.dirport == other.dirport
+
+  # is this fallback's IPv4 ORPort the same as other's IPv4 ORPort?
+  def ipv4_orport_equal(self, other):
+    return self.orport == other.orport
+
+  # is this fallback's IPv6 ORPort the same as other's IPv6 ORPort?
+  # Returns False if either fallback has no IPv6 address
+  def ipv6_orport_equal(self, other):
+    if not self.has_ipv6() or not other.has_ipv6():
+      return False
+    return self.ipv6orport == other.ipv6orport
+
+  # does this fallback have the same DirPort, IPv4 ORPort, or
+  # IPv6 ORPort as other?
+  # Ignores IPv6 ORPort if either fallback has no IPv6 address
+  def port_equal(self, other):
+    return (self.dirport_equal(other) or self.ipv4_orport_equal(other)
+            or self.ipv6_orport_equal(other))
+
+  # return a list containing IPv4 ORPort, DirPort, and IPv6 ORPort (if present)
+  def port_list(self):
+    ports = [self.dirport, self.orport]
+    if self.has_ipv6() and not self.ipv6orport in ports:
+      ports.append(self.ipv6orport)
+    return ports
+
+  # does this fallback share a port with other, regardless of whether the
+  # port types match?
+  # For example, if self's IPv4 ORPort is 80 and other's DirPort is 80,
+  # return True
+  def port_shared(self, other):
+    for p in self.port_list():
+      if p in other.port_list():
+        return True
+    return False
+
+  # report how long it takes to download a consensus from dirip:dirport
+  @staticmethod
+  def fallback_consensus_download_speed(dirip, dirport, nickname, max_time):
+    download_failed = False
+    downloader = DescriptorDownloader()
+    start = datetime.datetime.utcnow()
+    # some directory mirrors respond to requests in ways that hang python
+    # sockets, which is why we log this line here
+    logging.info('Initiating consensus download from %s (%s:%d).', nickname,
+                 dirip, dirport)
+    # there appears to be about 1 second of overhead when comparing stem's
+    # internal trace time and the elapsed time calculated here
+    TIMEOUT_SLOP = 1.0
+    try:
+      downloader.get_consensus(endpoints = [(dirip, dirport)],
+                               timeout = (max_time + TIMEOUT_SLOP),
+                               validate = True,
+                               retries = 0,
+                               fall_back_to_authority = False).run()
+    except Exception, stem_error:
+      logging.info('Unable to retrieve a consensus from %s: %s', nickname,
+                    stem_error)
+      status = 'error: "%s"' % (stem_error)
+      level = logging.WARNING
+      download_failed = True
+    elapsed = (datetime.datetime.utcnow() - start).total_seconds()
+    if elapsed > max_time:
+      status = 'too slow'
+      level = logging.WARNING
+      download_failed = True
+    else:
+      status = 'ok'
+      level = logging.DEBUG
+    logging.log(level, 'Consensus download: %0.1fs %s from %s (%s:%d), ' +
+                 'max download time %0.1fs.', elapsed, status, nickname,
+                 dirip, dirport, max_time)
+    return download_failed
+
+  # does this fallback download the consensus fast enough?
+  def check_fallback_download_consensus(self):
+    # include the relay if we're not doing a check, or we can't check (IPv6)
+    ipv4_failed = False
+    ipv6_failed = False
+    if PERFORM_IPV4_DIRPORT_CHECKS:
+      ipv4_failed = Candidate.fallback_consensus_download_speed(self.dirip,
+                                                self.dirport,
+                                                self._data['nickname'],
+                                                CONSENSUS_DOWNLOAD_SPEED_MAX)
+    if self.has_ipv6() and PERFORM_IPV6_DIRPORT_CHECKS:
+      # Clients assume the IPv6 DirPort is the same as the IPv4 DirPort
+      ipv6_failed = Candidate.fallback_consensus_download_speed(self.ipv6addr,
+                                                self.dirport,
+                                                self._data['nickname'],
+                                                CONSENSUS_DOWNLOAD_SPEED_MAX)
+    return ((not ipv4_failed) and (not ipv6_failed))
+
+  # if this fallback has not passed a download check, try it again,
+  # and record the result, available in get_fallback_download_consensus
+  def try_fallback_download_consensus(self):
+    if not self.get_fallback_download_consensus():
+      self._data['download_check'] = self.check_fallback_download_consensus()
+
+  # did this fallback pass the download check?
+  def get_fallback_download_consensus(self):
+    # if we're not performing checks, return True
+    if not PERFORM_IPV4_DIRPORT_CHECKS and not PERFORM_IPV6_DIRPORT_CHECKS:
+      return True
+    # if we are performing checks, but haven't done one, return False
+    if not self._data.has_key('download_check'):
+      return False
+    return self._data['download_check']
+
+  # output an optional header comment and info for this fallback
+  # try_fallback_download_consensus before calling this
+  def fallbackdir_line(self, fallbacks, prefilter_fallbacks):
+    s = ''
+    if OUTPUT_COMMENTS:
+      s += self.fallbackdir_comment(fallbacks, prefilter_fallbacks)
+    # if the download speed is ok, output a C string
+    # if it's not, but we OUTPUT_COMMENTS, output a commented-out C string
+    if self.get_fallback_download_consensus() or OUTPUT_COMMENTS:
+      s += self.fallbackdir_info(self.get_fallback_download_consensus())
+    return s
+
+  # output a header comment for this fallback
+  def fallbackdir_comment(self, fallbacks, prefilter_fallbacks):
+    # /*
+    # nickname
+    # flags
+    # [contact]
+    # [identical contact counts]
+    # */
+    # Multiline C comment
+    s = '/*'
+    s += '\n'
+    s += cleanse_c_multiline_comment(self._data['nickname'])
+    s += '\n'
+    s += 'Flags: '
+    s += cleanse_c_multiline_comment(' '.join(sorted(self._data['flags'])))
+    s += '\n'
+    if self._data['contact'] is not None:
+      s += cleanse_c_multiline_comment(self._data['contact'])
+      if CONTACT_COUNT or CONTACT_BLACKLIST_COUNT:
+        fallback_count = len([f for f in fallbacks
+                              if f._data['contact'] == self._data['contact']])
+        if fallback_count > 1:
+          s += '\n'
+          s += '%d identical contacts listed' % (fallback_count)
+      if CONTACT_BLACKLIST_COUNT:
+        prefilter_count = len([f for f in prefilter_fallbacks
+                               if f._data['contact'] == self._data['contact']])
+        filter_count = prefilter_count - fallback_count
+        if filter_count > 0:
+          if fallback_count > 1:
+            s += ' '
+          else:
+            s += '\n'
+          s += '%d blacklisted' % (filter_count)
+      s += '\n'
+    s += '*/'
+    s += '\n'
+
+  # output the fallback info C string for this fallback
+  # this is the text that would go after FallbackDir in a torrc
+  # if this relay failed the download test and we OUTPUT_COMMENTS,
+  # comment-out the returned string
+  def fallbackdir_info(self, dl_speed_ok):
+    # "address:dirport orport=port id=fingerprint"
+    # "[ipv6=addr:orport]"
+    # "weight=FALLBACK_OUTPUT_WEIGHT",
+    #
+    # Do we want a C string, or a commented-out string?
+    c_string = dl_speed_ok
+    comment_string = not dl_speed_ok and OUTPUT_COMMENTS
+    # If we don't want either kind of string, bail
+    if not c_string and not comment_string:
+      return ''
+    s = ''
+    # Comment out the fallback directory entry if it's too slow
+    # See the debug output for which address and port is failing
+    if comment_string:
+      s += '/* Consensus download failed or was too slow:\n'
+    # Multi-Line C string with trailing comma (part of a string list)
+    # This makes it easier to diff the file, and remove IPv6 lines using grep
+    # Integers don't need escaping
+    s += '"%s orport=%d id=%s"'%(
+            cleanse_c_string(self._data['dir_address']),
+            self.orport,
+            cleanse_c_string(self._fpr))
+    s += '\n'
+    if self.has_ipv6():
+      s += '" ipv6=%s:%d"'%(cleanse_c_string(self.ipv6addr), self.ipv6orport)
+      s += '\n'
+    s += '" weight=%d",'%(FALLBACK_OUTPUT_WEIGHT)
+    if comment_string:
+      s += '\n'
+      s += '*/'
+    return s
+
+## Fallback Candidate List Class
+
+class CandidateList(dict):
+  def __init__(self):
+    pass
+
+  def _add_relay(self, details):
+    if not 'dir_address' in details: return
+    c = Candidate(details)
+    self[ c.get_fingerprint() ] = c
+
+  def _add_uptime(self, uptime):
+    try:
+      fpr = uptime['fingerprint']
+    except KeyError:
+      raise Exception("Document has no fingerprint field.")
+
+    try:
+      c = self[fpr]
+    except KeyError:
+      logging.debug('Got unknown relay %s in uptime document.'%(fpr,))
+      return
+
+    c.add_uptime(uptime)
+
+  def _add_details(self):
+    logging.debug('Loading details document.')
+    d = fetch('details',
+        fields=('fingerprint,nickname,contact,last_changed_address_or_port,' +
+                'consensus_weight,advertised_bandwidth,or_addresses,' +
+                'dir_address,recommended_version,flags,effective_family'))
+    logging.debug('Loading details document done.')
+
+    if not 'relays' in d: raise Exception("No relays found in document.")
+
+    for r in d['relays']: self._add_relay(r)
+
+  def _add_uptimes(self):
+    logging.debug('Loading uptime document.')
+    d = fetch('uptime')
+    logging.debug('Loading uptime document done.')
+
+    if not 'relays' in d: raise Exception("No relays found in document.")
+    for r in d['relays']: self._add_uptime(r)
+
+  def add_relays(self):
+    self._add_details()
+    self._add_uptimes()
+
+  def count_guards(self):
+    guard_count = 0
+    for fpr in self.keys():
+      if self[fpr].is_guard():
+        guard_count += 1
+    return guard_count
+
+  # Find fallbacks that fit the uptime, stability, and flags criteria,
+  # and make an array of them in self.fallbacks
+  def compute_fallbacks(self):
+    self.fallbacks = map(lambda x: self[x],
+                         filter(lambda x: self[x].is_candidate(),
+                                self.keys()))
+
+  # sort fallbacks by their consensus weight to advertised bandwidth factor,
+  # lowest to highest
+  # used to find the median cw_to_bw_factor()
+  def sort_fallbacks_by_cw_to_bw_factor(self):
+    self.fallbacks.sort(key=lambda f: f.cw_to_bw_factor())
+
+  # sort fallbacks by their measured bandwidth, highest to lowest
+  # calculate_measured_bandwidth before calling this
+  # this is useful for reviewing candidates in priority order
+  def sort_fallbacks_by_measured_bandwidth(self):
+    self.fallbacks.sort(key=lambda f: f._data['measured_bandwidth'],
+                        reverse=True)
+
+  # sort fallbacks by their fingerprint, lowest to highest
+  # this is useful for stable diffs of fallback lists
+  def sort_fallbacks_by_fingerprint(self):
+    self.fallbacks.sort(key=lambda f: f._fpr)
+
+  @staticmethod
+  def load_relaylist(file_name):
+    """ Read each line in the file, and parse it like a FallbackDir line:
+        an IPv4 address and optional port:
+          <IPv4 address>:<port>
+        which are parsed into dictionary entries:
+          ipv4=<IPv4 address>
+          dirport=<port>
+        followed by a series of key=value entries:
+          orport=<port>
+          id=<fingerprint>
+          ipv6=<IPv6 address>:<IPv6 orport>
+        each line's key/value pairs are placed in a dictonary,
+        (of string -> string key/value pairs),
+        and these dictionaries are placed in an array.
+        comments start with # and are ignored """
+    relaylist = []
+    file_data = read_from_file(file_name, MAX_LIST_FILE_SIZE)
+    if file_data is None:
+      return relaylist
+    for line in file_data.split('\n'):
+      relay_entry = {}
+      # ignore comments
+      line_comment_split = line.split('#')
+      line = line_comment_split[0]
+      # cleanup whitespace
+      line = cleanse_whitespace(line)
+      line = line.strip()
+      if len(line) == 0:
+        continue
+      for item in line.split(' '):
+        item = item.strip()
+        if len(item) == 0:
+          continue
+        key_value_split = item.split('=')
+        kvl = len(key_value_split)
+        if kvl < 1 or kvl > 2:
+          print '#error Bad %s item: %s, format is key=value.'%(
+                                                 file_name, item)
+        if kvl == 1:
+          # assume that entries without a key are the ipv4 address,
+          # perhaps with a dirport
+          ipv4_maybe_dirport = key_value_split[0]
+          ipv4_maybe_dirport_split = ipv4_maybe_dirport.split(':')
+          dirl = len(ipv4_maybe_dirport_split)
+          if dirl < 1 or dirl > 2:
+            print '#error Bad %s IPv4 item: %s, format is ipv4:port.'%(
+                                                        file_name, item)
+          if dirl >= 1:
+            relay_entry['ipv4'] = ipv4_maybe_dirport_split[0]
+          if dirl == 2:
+            relay_entry['dirport'] = ipv4_maybe_dirport_split[1]
+        elif kvl == 2:
+          relay_entry[key_value_split[0]] = key_value_split[1]
+      relaylist.append(relay_entry)
+    return relaylist
+
+  # apply the fallback whitelist and blacklist
+  def apply_filter_lists(self):
+    excluded_count = 0
+    logging.debug('Applying whitelist and blacklist.')
+    # parse the whitelist and blacklist
+    whitelist = self.load_relaylist(WHITELIST_FILE_NAME)
+    blacklist = self.load_relaylist(BLACKLIST_FILE_NAME)
+    filtered_fallbacks = []
+    for f in self.fallbacks:
+      in_whitelist = f.is_in_whitelist(whitelist)
+      in_blacklist = f.is_in_blacklist(blacklist)
+      if in_whitelist and in_blacklist:
+        if BLACKLIST_EXCLUDES_WHITELIST_ENTRIES:
+          # exclude
+          excluded_count += 1
+          logging.warning('Excluding %s: in both blacklist and whitelist.',
+                          f._fpr)
+        else:
+          # include
+          filtered_fallbacks.append(f)
+      elif in_whitelist:
+        # include
+        filtered_fallbacks.append(f)
+      elif in_blacklist:
+        # exclude
+        excluded_count += 1
+        logging.info('Excluding %s: in blacklist.', f._fpr)
+      else:
+        if INCLUDE_UNLISTED_ENTRIES:
+          # include
+          filtered_fallbacks.append(f)
+        else:
+          # exclude
+          excluded_count += 1
+          logging.info('Excluding %s: in neither blacklist nor whitelist.',
+                       f._fpr)
+    self.fallbacks = filtered_fallbacks
+    return excluded_count
+
+  @staticmethod
+  def summarise_filters(initial_count, excluded_count):
+    return '/* Whitelist & blacklist excluded %d of %d candidates. */'%(
+                                                excluded_count, initial_count)
+
+  # calculate each fallback's measured bandwidth based on the median
+  # consensus weight to advertised bandwdith ratio
+  def calculate_measured_bandwidth(self):
+    self.sort_fallbacks_by_cw_to_bw_factor()
+    median_fallback = self.fallback_median(True)
+    if median_fallback is not None:
+      median_cw_to_bw_factor = median_fallback.cw_to_bw_factor()
+    else:
+      # this will never be used, because there are no fallbacks
+      median_cw_to_bw_factor = None
+    for f in self.fallbacks:
+      f.set_measured_bandwidth(median_cw_to_bw_factor)
+
+  # remove relays with low measured bandwidth from the fallback list
+  # calculate_measured_bandwidth for each relay before calling this
+  def remove_low_bandwidth_relays(self):
+    if MIN_BANDWIDTH is None:
+      return
+    above_min_bw_fallbacks = []
+    for f in self.fallbacks:
+      if f._data['measured_bandwidth'] >= MIN_BANDWIDTH:
+        above_min_bw_fallbacks.append(f)
+      else:
+        # the bandwidth we log here is limited by the relay's consensus weight
+        # as well as its adverttised bandwidth. See set_measured_bandwidth
+        # for details
+        logging.info('%s not a candidate: bandwidth %.1fMB/s too low, must ' +
+                     'be at least %.1fMB/s', f._fpr,
+                     f._data['measured_bandwidth']/(1024.0*1024.0),
+                     MIN_BANDWIDTH/(1024.0*1024.0))
+    self.fallbacks = above_min_bw_fallbacks
+
+  # the minimum fallback in the list
+  # call one of the sort_fallbacks_* functions before calling this
+  def fallback_min(self):
+    if len(self.fallbacks) > 0:
+      return self.fallbacks[-1]
+    else:
+      return None
+
+  # the median fallback in the list
+  # call one of the sort_fallbacks_* functions before calling this
+  def fallback_median(self, require_advertised_bandwidth):
+    # use the low-median when there are an evan number of fallbacks,
+    # for consistency with the bandwidth authorities
+    if len(self.fallbacks) > 0:
+      median_position = (len(self.fallbacks) - 1) / 2
+      if not require_advertised_bandwidth:
+        return self.fallbacks[median_position]
+      # if we need advertised_bandwidth but this relay doesn't have it,
+      # move to a fallback with greater consensus weight until we find one
+      while not self.fallbacks[median_position]._data['advertised_bandwidth']:
+        median_position += 1
+        if median_position >= len(self.fallbacks):
+          return None
+      return self.fallbacks[median_position]
+    else:
+      return None
+
+  # the maximum fallback in the list
+  # call one of the sort_fallbacks_* functions before calling this
+  def fallback_max(self):
+    if len(self.fallbacks) > 0:
+      return self.fallbacks[0]
+    else:
+      return None
+
+  # does exclusion_list contain attribute?
+  # if so, return False
+  # if not, return True
+  # if attribute is None or the empty string, always return True
+  @staticmethod
+  def allow(attribute, exclusion_list):
+    if attribute is None or attribute == '':
+      return True
+    elif attribute in exclusion_list:
+      return False
+    else:
+      return True
+
+  # make sure there is only one fallback per IPv4 address, and per IPv6 address
+  # there is only one IPv4 address on each fallback: the IPv4 DirPort address
+  # (we choose the IPv4 ORPort which is on the same IPv4 as the DirPort)
+  # there is at most one IPv6 address on each fallback: the IPv6 ORPort address
+  # we try to match the IPv4 ORPort, but will use any IPv6 address if needed
+  # (clients assume the IPv6 DirPort is the same as the IPv4 DirPort, but
+  # typically only use the IPv6 ORPort)
+  # if there is no IPv6 address, only the IPv4 address is checked
+  # return the number of candidates we excluded
+  def limit_fallbacks_same_ip(self):
+    ip_limit_fallbacks = []
+    ip_list = []
+    for f in self.fallbacks:
+      if (CandidateList.allow(f.dirip, ip_list)
+          and CandidateList.allow(f.ipv6addr, ip_list)):
+        ip_limit_fallbacks.append(f)
+        ip_list.append(f.dirip)
+        if f.has_ipv6():
+          ip_list.append(f.ipv6addr)
+      elif not CandidateList.allow(f.dirip, ip_list):
+        logging.info('Eliminated %s: already have fallback on IPv4 %s'%(
+                                                          f._fpr, f.dirip))
+      elif f.has_ipv6() and not CandidateList.allow(f.ipv6addr, ip_list):
+        logging.info('Eliminated %s: already have fallback on IPv6 %s'%(
+                                                          f._fpr, f.ipv6addr))
+    original_count = len(self.fallbacks)
+    self.fallbacks = ip_limit_fallbacks
+    return original_count - len(self.fallbacks)
+
+  # make sure there is only one fallback per ContactInfo
+  # if there is no ContactInfo, allow the fallback
+  # this check can be gamed by providing no ContactInfo, or by setting the
+  # ContactInfo to match another fallback
+  # However, given the likelihood that relays with the same ContactInfo will
+  # go down at similar times, its usefulness outweighs the risk
+  def limit_fallbacks_same_contact(self):
+    contact_limit_fallbacks = []
+    contact_list = []
+    for f in self.fallbacks:
+      if CandidateList.allow(f._data['contact'], contact_list):
+        contact_limit_fallbacks.append(f)
+        contact_list.append(f._data['contact'])
+      else:
+        logging.info(('Eliminated %s: already have fallback on ' +
+                       'ContactInfo %s')%(f._fpr, f._data['contact']))
+    original_count = len(self.fallbacks)
+    self.fallbacks = contact_limit_fallbacks
+    return original_count - len(self.fallbacks)
+
+  # make sure there is only one fallback per effective family
+  # if there is no family, allow the fallback
+  # this check can't be gamed, because we use effective family, which ensures
+  # mutual family declarations
+  # if any indirect families exist, the result depends on the order in which
+  # fallbacks are sorted in the list
+  def limit_fallbacks_same_family(self):
+    family_limit_fallbacks = []
+    fingerprint_list = []
+    for f in self.fallbacks:
+      if CandidateList.allow(f._fpr, fingerprint_list):
+        family_limit_fallbacks.append(f)
+        fingerprint_list.append(f._fpr)
+        fingerprint_list.extend(f._data['effective_family'])
+      else:
+        # technically, we already have a fallback with this fallback in its
+        # effective family
+        logging.info('Eliminated %s: already have fallback in effective ' +
+                      'family'%(f._fpr))
+    original_count = len(self.fallbacks)
+    self.fallbacks = family_limit_fallbacks
+    return original_count - len(self.fallbacks)
+
+  # try a download check on each fallback candidate in order
+  # stop after max_count successful downloads
+  # but don't remove any candidates from the array
+  def try_download_consensus_checks(self, max_count):
+    dl_ok_count = 0
+    for f in self.fallbacks:
+      f.try_fallback_download_consensus()
+      if f.get_fallback_download_consensus():
+        # this fallback downloaded a consensus ok
+        dl_ok_count += 1
+        if dl_ok_count >= max_count:
+          # we have enough fallbacks
+          return
+
+  # put max_count successful candidates in the fallbacks array:
+  # - perform download checks on each fallback candidate
+  # - retry failed candidates if CONSENSUS_DOWNLOAD_RETRY is set
+  # - eliminate failed candidates
+  # - if there are more than max_count candidates, eliminate lowest bandwidth
+  # - if there are fewer than max_count candidates, leave only successful
+  # Return the number of fallbacks that failed the consensus check
+  def perform_download_consensus_checks(self, max_count):
+    self.sort_fallbacks_by_measured_bandwidth()
+    self.try_download_consensus_checks(max_count)
+    if CONSENSUS_DOWNLOAD_RETRY:
+      # try unsuccessful candidates again
+      # we could end up with more than max_count successful candidates here
+      self.try_download_consensus_checks(max_count)
+    # now we have at least max_count successful candidates,
+    # or we've tried them all
+    original_count = len(self.fallbacks)
+    self.fallbacks = filter(lambda x: x.get_fallback_download_consensus(),
+                            self.fallbacks)
+    # some of these failed the check, others skipped the check,
+    # if we already had enough successful downloads
+    failed_count = original_count - len(self.fallbacks)
+    self.fallbacks = self.fallbacks[:max_count]
+    return failed_count
+
+  # return a string that describes a/b as a percentage
+  @staticmethod
+  def describe_percentage(a, b):
+    if b != 0:
+      return '%d/%d = %.0f%%'%(a, b, (a*100.0)/b)
+    else:
+      # technically, 0/0 is undefined, but 0.0% is a sensible result
+      return '%d/%d = %.0f%%'%(a, b, 0.0)
+
+  # return a dictionary of lists of fallbacks by IPv4 netblock
+  # the dictionary is keyed by the fingerprint of an arbitrary fallback
+  # in each netblock
+  # mask_bits is the size of the netblock
+  def fallbacks_by_ipv4_netblock(self, mask_bits):
+    netblocks = {}
+    for f in self.fallbacks:
+      found_netblock = False
+      for b in netblocks.keys():
+        # we found an existing netblock containing this fallback
+        if f.ipv4_netblocks_equal(self[b], mask_bits):
+          # add it to the list
+          netblocks[b].append(f)
+          found_netblock = True
+          break
+      # make a new netblock based on this fallback's fingerprint
+      if not found_netblock:
+        netblocks[f._fpr] = [f]
+    return netblocks
+
+  # return a dictionary of lists of fallbacks by IPv6 netblock
+  # where mask_bits is the size of the netblock
+  def fallbacks_by_ipv6_netblock(self, mask_bits):
+    netblocks = {}
+    for f in self.fallbacks:
+      # skip fallbacks without IPv6 addresses
+      if not f.has_ipv6():
+        continue
+      found_netblock = False
+      for b in netblocks.keys():
+        # we found an existing netblock containing this fallback
+        if f.ipv6_netblocks_equal(self[b], mask_bits):
+          # add it to the list
+          netblocks[b].append(f)
+          found_netblock = True
+          break
+      # make a new netblock based on this fallback's fingerprint
+      if not found_netblock:
+        netblocks[f._fpr] = [f]
+    return netblocks
+
+  # log a message about the proportion of fallbacks in each IPv4 netblock,
+  # where mask_bits is the size of the netblock
+  def describe_fallback_ipv4_netblock_mask(self, mask_bits):
+    fallback_count = len(self.fallbacks)
+    shared_netblock_fallback_count = 0
+    most_frequent_netblock = None
+    netblocks = self.fallbacks_by_ipv4_netblock(mask_bits)
+    for b in netblocks.keys():
+      if len(netblocks[b]) > 1:
+        # how many fallbacks are in a netblock with other fallbacks?
+        shared_netblock_fallback_count += len(netblocks[b])
+        # what's the netblock with the most fallbacks?
+        if (most_frequent_netblock is None
+            or len(netblocks[b]) > len(netblocks[most_frequent_netblock])):
+          most_frequent_netblock = b
+        logging.debug('Fallback IPv4 addresses in the same /%d:'%(mask_bits))
+        for f in netblocks[b]:
+          logging.debug('%s - %s', f.dirip, f._fpr)
+    if most_frequent_netblock is not None:
+      logging.warning('There are %s fallbacks in the IPv4 /%d containing %s'%(
+                                    CandidateList.describe_percentage(
+                                      len(netblocks[most_frequent_netblock]),
+                                      fallback_count),
+                                    mask_bits,
+                                    self[most_frequent_netblock].dirip))
+    if shared_netblock_fallback_count > 0:
+      logging.warning(('%s of fallbacks are in an IPv4 /%d with other ' +
+                       'fallbacks')%(CandidateList.describe_percentage(
+                                                shared_netblock_fallback_count,
+                                                fallback_count),
+                                     mask_bits))
+
+  # log a message about the proportion of fallbacks in each IPv6 netblock,
+  # where mask_bits is the size of the netblock
+  def describe_fallback_ipv6_netblock_mask(self, mask_bits):
+    fallback_count = len(self.fallbacks_with_ipv6())
+    shared_netblock_fallback_count = 0
+    most_frequent_netblock = None
+    netblocks = self.fallbacks_by_ipv6_netblock(mask_bits)
+    for b in netblocks.keys():
+      if len(netblocks[b]) > 1:
+        # how many fallbacks are in a netblock with other fallbacks?
+        shared_netblock_fallback_count += len(netblocks[b])
+        # what's the netblock with the most fallbacks?
+        if (most_frequent_netblock is None
+            or len(netblocks[b]) > len(netblocks[most_frequent_netblock])):
+          most_frequent_netblock = b
+        logging.debug('Fallback IPv6 addresses in the same /%d:'%(mask_bits))
+        for f in netblocks[b]:
+          logging.debug('%s - %s', f.ipv6addr, f._fpr)
+    if most_frequent_netblock is not None:
+      logging.warning('There are %s fallbacks in the IPv6 /%d containing %s'%(
+                                    CandidateList.describe_percentage(
+                                      len(netblocks[most_frequent_netblock]),
+                                      fallback_count),
+                                    mask_bits,
+                                    self[most_frequent_netblock].ipv6addr))
+    if shared_netblock_fallback_count > 0:
+      logging.warning(('%s of fallbacks are in an IPv6 /%d with other ' +
+                       'fallbacks')%(CandidateList.describe_percentage(
+                                                shared_netblock_fallback_count,
+                                                fallback_count),
+                                     mask_bits))
+
+  # log a message about the proportion of fallbacks in each IPv4 /8, /16,
+  # and /24
+  def describe_fallback_ipv4_netblocks(self):
+   # this doesn't actually tell us anything useful
+   #self.describe_fallback_ipv4_netblock_mask(8)
+   self.describe_fallback_ipv4_netblock_mask(16)
+   self.describe_fallback_ipv4_netblock_mask(24)
+
+  # log a message about the proportion of fallbacks in each IPv6 /12 (RIR),
+  # /23 (smaller RIR blocks), /32 (LIR), /48 (Customer), and /64 (Host)
+  # https://www.iana.org/assignments/ipv6-unicast-address-assignments/
+  def describe_fallback_ipv6_netblocks(self):
+    # these don't actually tell us anything useful
+    #self.describe_fallback_ipv6_netblock_mask(12)
+    #self.describe_fallback_ipv6_netblock_mask(23)
+    self.describe_fallback_ipv6_netblock_mask(32)
+    self.describe_fallback_ipv6_netblock_mask(48)
+    self.describe_fallback_ipv6_netblock_mask(64)
+
+  # log a message about the proportion of fallbacks in each IPv4 and IPv6
+  # netblock
+  def describe_fallback_netblocks(self):
+    self.describe_fallback_ipv4_netblocks()
+    self.describe_fallback_ipv6_netblocks()
+
+  # return a list of fallbacks which are on the IPv4 ORPort port
+  def fallbacks_on_ipv4_orport(self, port):
+    return filter(lambda x: x.orport == port, self.fallbacks)
+
+  # return a list of fallbacks which are on the IPv6 ORPort port
+  def fallbacks_on_ipv6_orport(self, port):
+    return filter(lambda x: x.ipv6orport == port, self.fallbacks_with_ipv6())
+
+  # return a list of fallbacks which are on the DirPort port
+  def fallbacks_on_dirport(self, port):
+    return filter(lambda x: x.dirport == port, self.fallbacks)
+
+  # log a message about the proportion of fallbacks on IPv4 ORPort port
+  # and return that count
+  def describe_fallback_ipv4_orport(self, port):
+    port_count = len(self.fallbacks_on_ipv4_orport(port))
+    fallback_count = len(self.fallbacks)
+    logging.warning('%s of fallbacks are on IPv4 ORPort %d'%(
+                    CandidateList.describe_percentage(port_count,
+                                                      fallback_count),
+                    port))
+    return port_count
+
+  # log a message about the proportion of IPv6 fallbacks on IPv6 ORPort port
+  # and return that count
+  def describe_fallback_ipv6_orport(self, port):
+    port_count = len(self.fallbacks_on_ipv6_orport(port))
+    fallback_count = len(self.fallbacks_with_ipv6())
+    logging.warning('%s of IPv6 fallbacks are on IPv6 ORPort %d'%(
+                    CandidateList.describe_percentage(port_count,
+                                                      fallback_count),
+                    port))
+    return port_count
+
+  # log a message about the proportion of fallbacks on DirPort port
+  # and return that count
+  def describe_fallback_dirport(self, port):
+    port_count = len(self.fallbacks_on_dirport(port))
+    fallback_count = len(self.fallbacks)
+    logging.warning('%s of fallbacks are on DirPort %d'%(
+                    CandidateList.describe_percentage(port_count,
+                                                      fallback_count),
+                    port))
+    return port_count
+
+  # log a message about the proportion of fallbacks on each dirport,
+  # each IPv4 orport, and each IPv6 orport
+  def describe_fallback_ports(self):
+    fallback_count = len(self.fallbacks)
+    ipv4_or_count = fallback_count
+    ipv4_or_count -= self.describe_fallback_ipv4_orport(443)
+    ipv4_or_count -= self.describe_fallback_ipv4_orport(9001)
+    logging.warning('%s of fallbacks are on other IPv4 ORPorts'%(
+                    CandidateList.describe_percentage(ipv4_or_count,
+                                                      fallback_count)))
+    ipv6_fallback_count = len(self.fallbacks_with_ipv6())
+    ipv6_or_count = ipv6_fallback_count
+    ipv6_or_count -= self.describe_fallback_ipv6_orport(443)
+    ipv6_or_count -= self.describe_fallback_ipv6_orport(9001)
+    logging.warning('%s of IPv6 fallbacks are on other IPv6 ORPorts'%(
+                    CandidateList.describe_percentage(ipv6_or_count,
+                                                      ipv6_fallback_count)))
+    dir_count = fallback_count
+    dir_count -= self.describe_fallback_dirport(80)
+    dir_count -= self.describe_fallback_dirport(9030)
+    logging.warning('%s of fallbacks are on other DirPorts'%(
+                    CandidateList.describe_percentage(dir_count,
+                                                      fallback_count)))
+
+  # return a list of fallbacks which have the Exit flag
+  def fallbacks_with_exit(self):
+    return filter(lambda x: x.is_exit(), self.fallbacks)
+
+  # log a message about the proportion of fallbacks with an Exit flag
+  def describe_fallback_exit_flag(self):
+    exit_falback_count = len(self.fallbacks_with_exit())
+    fallback_count = len(self.fallbacks)
+    logging.warning('%s of fallbacks have the Exit flag'%(
+                    CandidateList.describe_percentage(exit_falback_count,
+                                                      fallback_count)))
+
+  # return a list of fallbacks which have an IPv6 address
+  def fallbacks_with_ipv6(self):
+    return filter(lambda x: x.has_ipv6(), self.fallbacks)
+
+  # log a message about the proportion of fallbacks on IPv6
+  def describe_fallback_ip_family(self):
+    ipv6_falback_count = len(self.fallbacks_with_ipv6())
+    fallback_count = len(self.fallbacks)
+    logging.warning('%s of fallbacks are on IPv6'%(
+                    CandidateList.describe_percentage(ipv6_falback_count,
+                                                      fallback_count)))
+
+  def summarise_fallbacks(self, eligible_count, operator_count, failed_count,
+                          guard_count, target_count):
+    s = ''
+    s += '/* To comment-out entries in this file, use C comments, and add *'
+    s += ' to the start of each line. (stem finds fallback entries using "'
+    s += ' at the start of a line.) */'
+    s += '\n'
+    # Report:
+    #  whether we checked consensus download times
+    #  the number of fallback directories (and limits/exclusions, if relevant)
+    #  min & max fallback bandwidths
+    #  #error if below minimum count
+    if PERFORM_IPV4_DIRPORT_CHECKS or PERFORM_IPV6_DIRPORT_CHECKS:
+      s += '/* Checked %s%s%s DirPorts served a consensus within %.1fs. */'%(
+            'IPv4' if PERFORM_IPV4_DIRPORT_CHECKS else '',
+            ' and ' if (PERFORM_IPV4_DIRPORT_CHECKS
+                        and PERFORM_IPV6_DIRPORT_CHECKS) else '',
+            'IPv6' if PERFORM_IPV6_DIRPORT_CHECKS else '',
+            CONSENSUS_DOWNLOAD_SPEED_MAX)
+    else:
+      s += '/* Did not check IPv4 or IPv6 DirPort consensus downloads. */'
+    s += '\n'
+    # Multiline C comment with #error if things go bad
+    s += '/*'
+    s += '\n'
+    # Integers don't need escaping in C comments
+    fallback_count = len(self.fallbacks)
+    if FALLBACK_PROPORTION_OF_GUARDS is None:
+      fallback_proportion = ''
+    else:
+      fallback_proportion = ', Target %d (%d * %.2f)'%(target_count,
+                                                guard_count,
+                                                FALLBACK_PROPORTION_OF_GUARDS)
+    s += 'Final Count: %d (Eligible %d%s'%(fallback_count, eligible_count,
+                                           fallback_proportion)
+    if MAX_FALLBACK_COUNT is not None:
+      s += ', Max %d'%(MAX_FALLBACK_COUNT)
+    s += ')\n'
+    if eligible_count != fallback_count:
+      removed_count = eligible_count - fallback_count
+      excess_to_target_or_max = (eligible_count - operator_count - failed_count
+                                 - fallback_count)
+      # some 'Failed' failed the check, others 'Skipped' the check,
+      # if we already had enough successful downloads
+      s += ('Excluded: %d (Same Operator %d, Failed/Skipped Download %d, ' +
+            'Excess %d)')%(removed_count, operator_count, failed_count,
+                           excess_to_target_or_max)
+      s += '\n'
+    min_fb = self.fallback_min()
+    min_bw = min_fb._data['measured_bandwidth']
+    max_fb = self.fallback_max()
+    max_bw = max_fb._data['measured_bandwidth']
+    s += 'Bandwidth Range: %.1f - %.1f MB/s'%(min_bw/(1024.0*1024.0),
+                                              max_bw/(1024.0*1024.0))
+    s += '\n'
+    s += '*/'
+    if fallback_count < MIN_FALLBACK_COUNT:
+      # We must have a minimum number of fallbacks so they are always
+      # reachable, and are in diverse locations
+      s += '\n'
+      s += '#error Fallback Count %d is too low. '%(fallback_count)
+      s += 'Must be at least %d for diversity. '%(MIN_FALLBACK_COUNT)
+      s += 'Try adding entries to the whitelist, '
+      s += 'or setting INCLUDE_UNLISTED_ENTRIES = True.'
+    return s
+
+## Main Function
+
+def list_fallbacks():
+  """ Fetches required onionoo documents and evaluates the
+      fallback directory criteria for each of the relays """
+
+  logging.warning('Downloading and parsing Onionoo data. ' +
+                  'This may take some time.')
+  # find relays that could be fallbacks
+  candidates = CandidateList()
+  candidates.add_relays()
+
+  # work out how many fallbacks we want
+  guard_count = candidates.count_guards()
+  if FALLBACK_PROPORTION_OF_GUARDS is None:
+    target_count = guard_count
+  else:
+    target_count = int(guard_count * FALLBACK_PROPORTION_OF_GUARDS)
+  # the maximum number of fallbacks is the least of:
+  # - the target fallback count (FALLBACK_PROPORTION_OF_GUARDS * guard count)
+  # - the maximum fallback count (MAX_FALLBACK_COUNT)
+  if MAX_FALLBACK_COUNT is None:
+    max_count = target_count
+  else:
+    max_count = min(target_count, MAX_FALLBACK_COUNT)
+
+  candidates.compute_fallbacks()
+  prefilter_fallbacks = copy.copy(candidates.fallbacks)
+
+  # filter with the whitelist and blacklist
+  # if a relay has changed IPv4 address or ports recently, it will be excluded
+  # as ineligible before we call apply_filter_lists, and so there will be no
+  # warning that the details have changed from those in the whitelist.
+  # instead, there will be an info-level log during the eligibility check.
+  initial_count = len(candidates.fallbacks)
+  excluded_count = candidates.apply_filter_lists()
+  print candidates.summarise_filters(initial_count, excluded_count)
+  eligible_count = len(candidates.fallbacks)
+
+  # calculate the measured bandwidth of each relay,
+  # then remove low-bandwidth relays
+  candidates.calculate_measured_bandwidth()
+  candidates.remove_low_bandwidth_relays()
+
+  # print the raw fallback list
+  #for x in candidates.fallbacks:
+  #  print x.fallbackdir_line(True)
+  #  print json.dumps(candidates[x]._data, sort_keys=True, indent=4,
+  #                   separators=(',', ': '), default=json_util.default)
+
+  # impose mandatory conditions here, like one per contact, family, IP
+  # in measured bandwidth order
+  candidates.sort_fallbacks_by_measured_bandwidth()
+  operator_count = 0
+  # only impose these limits on the final list - operators can nominate
+  # multiple candidate fallbacks, and then we choose the best set
+  if not OUTPUT_CANDIDATES:
+    operator_count += candidates.limit_fallbacks_same_ip()
+    operator_count += candidates.limit_fallbacks_same_contact()
+    operator_count += candidates.limit_fallbacks_same_family()
+
+  # check if each candidate can serve a consensus
+  # there's a small risk we've eliminated relays from the same operator that
+  # can serve a consensus, in favour of one that can't
+  # but given it takes up to 15 seconds to check each consensus download,
+  # the risk is worth it
+  if PERFORM_IPV4_DIRPORT_CHECKS or PERFORM_IPV6_DIRPORT_CHECKS:
+    logging.warning('Checking consensus download speeds. ' +
+                    'This may take some time.')
+  failed_count = candidates.perform_download_consensus_checks(max_count)
+
+  # analyse and log interesting diversity metrics
+  # like netblock, ports, exit, IPv4-only
+  # (we can't easily analyse AS, and it's hard to accurately analyse country)
+  candidates.describe_fallback_ip_family()
+  # if we can't import the ipaddress module, we can't do netblock analysis
+  if HAVE_IPADDRESS:
+    candidates.describe_fallback_netblocks()
+  candidates.describe_fallback_ports()
+  candidates.describe_fallback_exit_flag()
+
+  # output C comments summarising the fallback selection process
+  if len(candidates.fallbacks) > 0:
+    print candidates.summarise_fallbacks(eligible_count, operator_count,
+                                         failed_count, guard_count,
+                                         target_count)
+  else:
+    print '/* No Fallbacks met criteria */'
+
+  # output C comments specifying the OnionOO data used to create the list
+  for s in fetch_source_list():
+    print describe_fetch_source(s)
+
+  # if we're outputting the final fallback list, sort by fingerprint
+  # this makes diffs much more stable
+  # otherwise, leave sorted by bandwidth, which allows operators to be
+  # contacted in priority order
+  if not OUTPUT_CANDIDATES:
+    candidates.sort_fallbacks_by_fingerprint()
+
+  for x in candidates.fallbacks:
+    print x.fallbackdir_line(candidates.fallbacks, prefilter_fallbacks)
+
+if __name__ == "__main__":
+  list_fallbacks()
diff --git a/scripts/maint/updateVersions.pl b/scripts/maint/updateVersions.pl.in
index 15c83b80a7..65c51a1f2d 100755
--- a/scripts/maint/updateVersions.pl
+++ b/scripts/maint/updateVersions.pl.in
@@ -1,8 +1,8 @@
 #!/usr/bin/perl -w
 
-$CONFIGURE_IN = './configure.ac';
-$ORCONFIG_H = './src/win32/orconfig.h';
-$TOR_NSI = './contrib/win32build/tor-mingw.nsi.in';
+$CONFIGURE_IN = '@abs_top_srcdir@/configure.ac';
+$ORCONFIG_H = '@abs_top_srcdir@/src/win32/orconfig.h';
+$TOR_NSI = '@abs_top_srcdir@/contrib/win32build/tor-mingw.nsi.in';
 
 $quiet = 1;
 
diff --git a/scripts/test/cov-diff b/scripts/test/cov-diff
index 33a54802b6..48dbec9d54 100755
--- a/scripts/test/cov-diff
+++ b/scripts/test/cov-diff
@@ -9,8 +9,8 @@ DIRB="$2"
 
 for A in $DIRA/*; do
   B=$DIRB/`basename $A`
-  perl -pe 's/^\s*\d+:/        1:/; s/^([^:]+:)[\d\s]+:/$1/;' "$A" > "$A.tmp"
-  perl -pe 's/^\s*\d+:/        1:/; s/^([^:]+:)[\d\s]+:/$1/;' "$B" > "$B.tmp"
+  perl -pe 's/^\s*\d+:/        1:/; s/^([^:]+:)[\d\s]+:/$1/; s/^ *-:(Runs|Programs):.*//;' "$A" > "$A.tmp"
+  perl -pe 's/^\s*\d+:/        1:/; s/^([^:]+:)[\d\s]+:/$1/; s/^ *-:(Runs|Programs):.*//;' "$B" > "$B.tmp"
   diff -u "$A.tmp" "$B.tmp"
   rm "$A.tmp" "$B.tmp"
 done
diff --git a/scripts/test/cov-display b/scripts/test/cov-display
new file mode 100755
index 0000000000..4628cd589b
--- /dev/null
+++ b/scripts/test/cov-display
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+import sys, re, os
+
+none0, some0 = 0,0
+branchTaken0, branchNot0 = 0,0
+
+BRANCH = False
+FUNC = False
+
+if sys.argv[1] == '-b':
+    BRANCH = True
+    del sys.argv[1]
+
+if sys.argv[1] == '-f':
+    FUNC = True
+    del sys.argv[1]
+
+def show(name, none, some):
+    if some+none == 0:
+        none = 1
+    print name, none, some, "%.02f"%(100*(float(some)/(some+none)))
+
+
+file_args = sys.argv[1:]
+files = []
+for fn in file_args:
+    if os.path.isdir(fn):
+        files.extend(os.path.join(fn, f) for f in os.listdir(fn))
+    else:
+        files.append(fn)
+
+for fn in files:
+    none = some = branchTaken = branchNot = 0
+    inFunc = ""
+    for line in open(fn, 'r'):
+        m = re.match(r'^[^:]*:([^:]*):(.*)', line)
+        if m:
+            body = m.group(2).rstrip()
+            lineno = m.group(1).strip()
+        else:
+            body = ""
+            lineno = "?"
+        m = re.match(r'^([A-Za-z_][A-Za-z0-9_]*)(?:, *)?\(', body)
+        if m:
+	    inFunc = "%s:%s %s" %(fn,lineno,m.group(1))
+	elif body == "}":
+	    if FUNC and inFunc:
+     	        show(inFunc, none, some)
+                none = some = 0
+                inFunc = None
+        if re.match(r'^ *###', line):
+            none += 1
+        elif re.match(r'^ *\d', line):
+            some += 1
+        else:
+            m = re.match(r'^branch.*taken (\d+)%', line)
+            if m:
+                if int(m.group(1)) == 0:
+                    branchNot += 1
+                else:
+                    branchTaken += 1
+
+    none0 += none
+    some0 += some
+    branchTaken0 += branchTaken
+    branchNot0 += branchNot
+    if FUNC:
+       pass
+    elif BRANCH:
+        if branchTaken or branchNot:
+            show(fn, branchNot, branchTaken)
+    else:
+        if some or none:
+            show(fn, none, some)
+
+if BRANCH:
+    if branchTaken0 or branchNot0:
+        show("TOTAL", branchNot0, branchTaken0)
+else:
+    if some0 or none0:
+        show("TOTAL", none0, some0)
diff --git a/scripts/test/scan-build.sh b/scripts/test/scan-build.sh
index 623b227fe4..36e69e6d00 100644
--- a/scripts/test/scan-build.sh
+++ b/scripts/test/scan-build.sh
@@ -3,12 +3,9 @@
 # See LICENSE for licensing information
 #
 # This script is used for running a bunch of clang scan-build checkers
-# on Tor.  
-#
-# It has hardwired paths for Nick's desktop at the moment.
+# on Tor.
 
 CHECKERS="\
-    --use-analyzer=/opt/clang-3.4/bin/clang \
     -disable-checker deadcode.DeadStores \
     -enable-checker alpha.core.CastSize \
     -enable-checker alpha.core.CastToStruct \
@@ -22,28 +19,23 @@ CHECKERS="\
     -enable-checker alpha.unix.cstring.NotNullTerminated \
     -enable-checker alpha.unix.cstring.OutOfBounds \
     -enable-checker alpha.core.FixedAddr \
-    -enable-checker security.insecureAPI.strcpy
+    -enable-checker security.insecureAPI.strcpy \
+    -enable-checker alpha.unix.PthreadLock \
+    -enable-checker alpha.core.PointerArithm \
+    -enable-checker alpha.core.TestAfterDivZero \
 "
 
-/opt/clang-3.4/bin/scan-build/scan-build \
+scan-build \
     $CHECKERS \
-    --use-analyzer=/opt/clang-3.4/bin/clang \
     ./configure
 
-/opt/clang-3.4/bin/scan-build/scan-build \
+scan-build \
     $CHECKERS \
-    --use-analyzer=/opt/clang-3.4/bin/clang \
-    make -j2
-
+    make -j2 -k
 
-# Haven't tried this yet.
-#    -enable-checker alpha.unix.PthreadLock
 
 # This one gives a false positive on every strcmp.
 #    -enable-checker alpha.core.PointerSub
 
-# This one hates it when we stick a nonzero const in a pointer.
-#    -enable-checker alpha.core.FixedAddr
-
-# This one crashes sometimes for me.
-#    -enable-checker alpha.deadcode.IdempotentOperations
+# Needs work
+#  alpha.unix.MallocWithAnnotations ??
diff --git a/src/common/address.c b/src/common/address.c
index 8591f387e6..793a40effc 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -8,24 +8,41 @@
  * \brief Functions to use and manipulate the tor_addr_t structure.
  **/
 
+#define ADDRESS_PRIVATE
+
 #include "orconfig.h"
-#include "compat.h"
-#include "util.h"
-#include "address.h"
-#include "torlog.h"
-#include "container.h"
-#include "sandbox.h"
 
 #ifdef _WIN32
+/* For access to structs needed by GetAdaptersAddresses */
+#ifndef WIN32_LEAN_AND_MEAN
+#error "orconfig.h didn't define WIN32_LEAN_AND_MEAN"
+#endif
+#ifndef WINVER
+#error "orconfig.h didn't define WINVER"
+#endif
+#ifndef _WIN32_WINNT
+#error "orconfig.h didn't define _WIN32_WINNT"
+#endif
+#if WINVER < 0x0501
+#error "winver too low"
+#endif
+#if _WIN32_WINNT < 0x0501
+#error "winver too low"
+#endif
+#include <winsock2.h>
 #include <process.h>
 #include <windows.h>
-#include <winsock2.h>
-/* For access to structs needed by GetAdaptersAddresses */
-#undef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
 #include <iphlpapi.h>
 #endif
 
+#include "compat.h"
+#include "util.h"
+#include "util_format.h"
+#include "address.h"
+#include "torlog.h"
+#include "container.h"
+#include "sandbox.h"
+
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
@@ -89,13 +106,14 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
                      struct sockaddr *sa_out,
                      socklen_t len)
 {
+  memset(sa_out, 0, len);
+
   sa_family_t family = tor_addr_family(a);
   if (family == AF_INET) {
     struct sockaddr_in *sin;
     if (len < (int)sizeof(struct sockaddr_in))
       return 0;
     sin = (struct sockaddr_in *)sa_out;
-    memset(sin, 0, sizeof(struct sockaddr_in));
 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
     sin->sin_len = sizeof(struct sockaddr_in);
 #endif
@@ -108,7 +126,6 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
     if (len < (int)sizeof(struct sockaddr_in6))
       return 0;
     sin6 = (struct sockaddr_in6 *)sa_out;
-    memset(sin6, 0, sizeof(struct sockaddr_in6));
 #ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN
     sin6->sin6_len = sizeof(struct sockaddr_in6);
 #endif
@@ -121,14 +138,28 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
   }
 }
 
+/** Set address <b>a</b> to zero.  This address belongs to
+ * the AF_UNIX family. */
+static void
+tor_addr_make_af_unix(tor_addr_t *a)
+{
+  memset(a, 0, sizeof(*a));
+  a->family = AF_UNIX;
+}
+
 /** Set the tor_addr_t in <b>a</b> to contain the socket address contained in
- * <b>sa</b>. */
+ * <b>sa</b>.  IF <b>port_out</b> is non-NULL and <b>sa</b> contains a port,
+ * set *<b>port_out</b> to that port. Return 0 on success and -1 on
+ * failure. */
 int
 tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
                        uint16_t *port_out)
 {
   tor_assert(a);
   tor_assert(sa);
+
+  memset(a, 0, sizeof(*a));
+
   if (sa->sa_family == AF_INET) {
     struct sockaddr_in *sin = (struct sockaddr_in *) sa;
     tor_addr_from_ipv4n(a, sin->sin_addr.s_addr);
@@ -139,6 +170,9 @@ tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
     tor_addr_from_in6(a, &sin6->sin6_addr);
     if (port_out)
       *port_out = ntohs(sin6->sin6_port);
+  } else if (sa->sa_family == AF_UNIX) {
+    tor_addr_make_af_unix(a);
+    return 0;
   } else {
     tor_addr_make_unspec(a);
     return -1;
@@ -323,17 +357,23 @@ tor_addr_is_internal_(const tor_addr_t *addr, int for_listening,
 {
   uint32_t iph4 = 0;
   uint32_t iph6[4];
-  sa_family_t v_family;
 
   tor_assert(addr);
-  v_family = tor_addr_family(addr);
+  sa_family_t v_family = tor_addr_family(addr);
 
   if (v_family == AF_INET) {
     iph4 = tor_addr_to_ipv4h(addr);
   } else if (v_family == AF_INET6) {
     if (tor_addr_is_v4(addr)) { /* v4-mapped */
+      uint32_t *addr32 = NULL;
       v_family = AF_INET;
-      iph4 = ntohl(tor_addr_to_in6_addr32(addr)[3]);
+      // Work around an incorrect NULL pointer dereference warning in
+      // "clang --analyze" due to limited analysis depth
+      addr32 = tor_addr_to_in6_addr32(addr);
+      // To improve performance, wrap this assertion in:
+      // #if !defined(__clang_analyzer__) || PARANOIA
+      tor_assert(addr32);
+      iph4 = ntohl(addr32[3]);
     }
   }
 
@@ -412,6 +452,10 @@ tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
         ptr = dest;
       }
       break;
+    case AF_UNIX:
+      tor_snprintf(dest, len, "AF_UNIX");
+      ptr = dest;
+      break;
     default:
       return NULL;
   }
@@ -465,7 +509,6 @@ tor_addr_parse_PTR_name(tor_addr_t *result, const char *address,
 
   if (!strcasecmpend(address, ".ip6.arpa")) {
     const char *cp;
-    int i;
     int n0, n1;
     struct in6_addr in6;
 
@@ -473,7 +516,7 @@ tor_addr_parse_PTR_name(tor_addr_t *result, const char *address,
       return -1;
 
     cp = address;
-    for (i = 0; i < 16; ++i) {
+    for (int i = 0; i < 16; ++i) {
       n0 = hex_decode_digit(*cp++); /* The low-order nybble appears first. */
       if (*cp++ != '.') return -1;  /* Then a dot. */
       n1 = hex_decode_digit(*cp++); /* The high-order nybble appears first. */
@@ -579,13 +622,20 @@ tor_addr_to_PTR_name(char *out, size_t outlen,
  *  yield an IPv4 wildcard.
  *
  *  If 'flags & TAPMP_EXTENDED_STAR' is true, then the wildcard address '*'
- *  yields an AF_UNSPEC wildcard address, and the following change is made
+ *  yields an AF_UNSPEC wildcard address, which expands to corresponding
+ *  wildcard IPv4 and IPv6 rules, and the following change is made
  *  in the grammar above:
  *   Address ::= IPv4Address / "[" IPv6Address "]" / "*" / "*4" / "*6"
  *  with the new "*4" and "*6" productions creating a wildcard to match
  *  IPv4 or IPv6 addresses.
  *
- */
+ *  If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV4_ONLY' are
+ *  both true, then the wildcard address '*' yields an IPv4 wildcard.
+ *
+ *  If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV6_ONLY' are
+ *  both true, then the wildcard address '*' yields an IPv6 wildcard.
+ *
+ * TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */
 int
 tor_addr_parse_mask_ports(const char *s,
                           unsigned flags,
@@ -598,10 +648,14 @@ tor_addr_parse_mask_ports(const char *s,
   int any_flag=0, v4map=0;
   sa_family_t family;
   struct in6_addr in6_tmp;
-  struct in_addr in_tmp;
+  struct in_addr in_tmp = { .s_addr = 0 };
 
   tor_assert(s);
   tor_assert(addr_out);
+  /* We can either only want an IPv4 address or only want an IPv6 address,
+   * but we can't only want IPv4 & IPv6 at the same time. */
+  tor_assert(!((flags & TAPMP_STAR_IPV4_ONLY)
+               && (flags & TAPMP_STAR_IPV6_ONLY)));
 
   /** Longest possible length for an address, mask, and port-range combination.
    * Includes IP, [], /mask, :, ports */
@@ -647,8 +701,21 @@ tor_addr_parse_mask_ports(const char *s,
 
   if (!strcmp(address, "*")) {
     if (flags & TAPMP_EXTENDED_STAR) {
-      family = AF_UNSPEC;
-      tor_addr_make_unspec(addr_out);
+      if (flags & TAPMP_STAR_IPV4_ONLY) {
+        family = AF_INET;
+        tor_addr_from_ipv4h(addr_out, 0);
+      } else if (flags & TAPMP_STAR_IPV6_ONLY) {
+        static char nil_bytes[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
+        family = AF_INET6;
+        tor_addr_from_ipv6_bytes(addr_out, nil_bytes);
+      } else {
+        family = AF_UNSPEC;
+        tor_addr_make_unspec(addr_out);
+        log_info(LD_GENERAL,
+                 "'%s' expands into rules which apply to all IPv4 and IPv6 "
+                 "addresses. (Use accept/reject *4:* for IPv4 or "
+                 "accept[6]/reject[6] *6:* for IPv6.)", s);
+      }
     } else {
       family = AF_INET;
       tor_addr_from_ipv4h(addr_out, 0);
@@ -659,7 +726,7 @@ tor_addr_parse_mask_ports(const char *s,
     tor_addr_from_ipv4h(addr_out, 0);
     any_flag = 1;
   } else if (!strcmp(address, "*6") && (flags & TAPMP_EXTENDED_STAR)) {
-    static char nil_bytes[16] = { 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
+    static char nil_bytes[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
     family = AF_INET6;
     tor_addr_from_ipv6_bytes(addr_out, nil_bytes);
     any_flag = 1;
@@ -718,6 +785,11 @@ tor_addr_parse_mask_ports(const char *s,
         /* XXXX_IP6 is this really what we want? */
         bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
       }
+      if (any_flag) {
+        log_warn(LD_GENERAL,
+                 "Found bit prefix with wildcard address; rejecting");
+        goto err;
+      }
     } else { /* pick an appropriate mask, as none was given */
       if (any_flag)
         bits = 0;  /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
@@ -803,6 +875,8 @@ tor_addr_is_null(const tor_addr_t *addr)
     }
     case AF_INET:
       return (tor_addr_to_ipv4n(addr) == 0);
+    case AF_UNIX:
+      return 1;
     case AF_UNSPEC:
       return 1;
     default:
@@ -836,6 +910,59 @@ tor_addr_is_loopback(const tor_addr_t *addr)
   }
 }
 
+/* Is addr valid?
+ * Checks that addr is non-NULL and not tor_addr_is_null().
+ * If for_listening is true, IPv4 addr 0.0.0.0 is allowed.
+ * It means "bind to all addresses on the local machine". */
+int
+tor_addr_is_valid(const tor_addr_t *addr, int for_listening)
+{
+  /* NULL addresses are invalid regardless of for_listening */
+  if (addr == NULL) {
+    return 0;
+  }
+
+  /* Only allow IPv4 0.0.0.0 for_listening. */
+  if (for_listening && addr->family == AF_INET
+      && tor_addr_to_ipv4h(addr) == 0) {
+    return 1;
+  }
+
+  /* Otherwise, the address is valid if it's not tor_addr_is_null() */
+  return !tor_addr_is_null(addr);
+}
+
+/* Is the network-order IPv4 address v4n_addr valid?
+ * Checks that addr is not zero.
+ * Except if for_listening is true, where IPv4 addr 0.0.0.0 is allowed. */
+int
+tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening)
+{
+  /* Any IPv4 address is valid with for_listening. */
+  if (for_listening) {
+    return 1;
+  }
+
+  /* Otherwise, zero addresses are invalid. */
+  return v4n_addr != 0;
+}
+
+/* Is port valid?
+ * Checks that port is not 0.
+ * Except if for_listening is true, where port 0 is allowed.
+ * It means "OS chooses a port". */
+int
+tor_port_is_valid(uint16_t port, int for_listening)
+{
+  /* Any port value is valid with for_listening. */
+  if (for_listening) {
+    return 1;
+  }
+
+  /* Otherwise, zero ports are invalid. */
+  return port != 0;
+}
+
 /** Set <b>dest</b> to equal the IPv4 address in <b>v4addr</b> (given in
  * network order). */
 void
@@ -878,7 +1005,7 @@ tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
   memcpy(dest, src, sizeof(tor_addr_t));
 }
 
-/** Copy a tor_addr_t from <b>src</b> to <b>dest</b>, taking extra case to
+/** Copy a tor_addr_t from <b>src</b> to <b>dest</b>, taking extra care to
  * copy only the well-defined portions. Used for computing hashes of
  * addresses.
  */
@@ -967,6 +1094,8 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
         return r;
       }
       case AF_INET6: {
+        if (mbits > 128)
+          mbits = 128;
         const uint8_t *a1 = tor_addr_to_in6_addr8(addr1);
         const uint8_t *a2 = tor_addr_to_in6_addr8(addr2);
         const int bytes = mbits >> 3;
@@ -1013,7 +1142,6 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
     } else {
       a2 = tor_addr_to_ipv4h(addr2);
     }
-    if (mbits <= 0) return 0;
     if (mbits > 32) mbits = 32;
     a1 >>= (32-mbits);
     a2 >>= (32-mbits);
@@ -1109,7 +1237,8 @@ fmt_addr32(uint32_t addr)
 int
 tor_addr_parse(tor_addr_t *addr, const char *src)
 {
-  char *tmp = NULL; /* Holds substring if we got a dotted quad. */
+  /* Holds substring of IPv6 address after removing square brackets */
+  char *tmp = NULL;
   int result;
   struct in_addr in_tmp;
   struct in6_addr in6_tmp;
@@ -1194,26 +1323,17 @@ typedef ULONG (WINAPI *GetAdaptersAddresses_fn_t)(
               ULONG, ULONG, PVOID, PIP_ADAPTER_ADDRESSES, PULONG);
 #endif
 
-/** Try to ask our network interfaces what addresses they are bound to.
- * Return a new smartlist of tor_addr_t on success, and NULL on failure.
- * (An empty smartlist indicates that we successfully learned that we have no
- * addresses.)  Log failure messages at <b>severity</b>. */
-static smartlist_t *
-get_interface_addresses_raw(int severity)
+#ifdef HAVE_IFADDRS_TO_SMARTLIST
+/*
+ * Convert a linked list consisting of <b>ifaddrs</b> structures
+ * into smartlist of <b>tor_addr_t</b> structures.
+ */
+STATIC smartlist_t *
+ifaddrs_to_smartlist(const struct ifaddrs *ifa, sa_family_t family)
 {
-#if defined(HAVE_GETIFADDRS)
-  /* Most free Unixy systems provide getifaddrs, which gives us a linked list
-   * of struct ifaddrs. */
-  struct ifaddrs *ifa = NULL;
+  smartlist_t *result = smartlist_new();
   const struct ifaddrs *i;
-  smartlist_t *result;
-  if (getifaddrs(&ifa) < 0) {
-    log_fn(severity, LD_NET, "Unable to call getifaddrs(): %s",
-           strerror(errno));
-    return NULL;
-  }
 
-  result = smartlist_new();
   for (i = ifa; i; i = i->ifa_next) {
     tor_addr_t tmp;
     if ((i->ifa_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING))
@@ -1223,14 +1343,79 @@ get_interface_addresses_raw(int severity)
     if (i->ifa_addr->sa_family != AF_INET &&
         i->ifa_addr->sa_family != AF_INET6)
       continue;
+    if (family != AF_UNSPEC && i->ifa_addr->sa_family != family)
+      continue;
     if (tor_addr_from_sockaddr(&tmp, i->ifa_addr, NULL) < 0)
       continue;
     smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
   }
 
+  return result;
+}
+
+/** Use getiffaddrs() function to get list of current machine
+ * network interface addresses. Represent the result by smartlist of
+ * <b>tor_addr_t</b> structures.
+ */
+STATIC smartlist_t *
+get_interface_addresses_ifaddrs(int severity, sa_family_t family)
+{
+
+  /* Most free Unixy systems provide getifaddrs, which gives us a linked list
+   * of struct ifaddrs. */
+  struct ifaddrs *ifa = NULL;
+  smartlist_t *result;
+  if (getifaddrs(&ifa) < 0) {
+    log_fn(severity, LD_NET, "Unable to call getifaddrs(): %s",
+           strerror(errno));
+    return NULL;
+  }
+
+  result = ifaddrs_to_smartlist(ifa, family);
+
   freeifaddrs(ifa);
+
+  return result;
+}
+#endif
+
+#ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
+
+/** Convert a Windows-specific <b>addresses</b> linked list into smartlist
+ * of <b>tor_addr_t</b> structures.
+ */
+
+STATIC smartlist_t *
+ip_adapter_addresses_to_smartlist(const IP_ADAPTER_ADDRESSES *addresses)
+{
+  smartlist_t *result = smartlist_new();
+  const IP_ADAPTER_ADDRESSES *address;
+
+  for (address = addresses; address; address = address->Next) {
+    const IP_ADAPTER_UNICAST_ADDRESS *a;
+    for (a = address->FirstUnicastAddress; a; a = a->Next) {
+      /* Yes, it's a linked list inside a linked list */
+      const struct sockaddr *sa = a->Address.lpSockaddr;
+      tor_addr_t tmp;
+      if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6)
+        continue;
+      if (tor_addr_from_sockaddr(&tmp, sa, NULL) < 0)
+        continue;
+      smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
+    }
+  }
+
   return result;
-#elif defined(_WIN32)
+}
+
+/** Windows only: use GetAdaptersInfo() function to retrieve network interface
+ * addresses of current machine and return them to caller as smartlist of
+ * <b>tor_addr_t</b>  structures.
+ */
+STATIC smartlist_t *
+get_interface_addresses_win32(int severity, sa_family_t family)
+{
+
   /* Windows XP began to provide GetAdaptersAddresses. Windows 2000 had a
      "GetAdaptersInfo", but that's deprecated; let's just try
      GetAdaptersAddresses and fall back to connect+getsockname.
@@ -1239,7 +1424,7 @@ get_interface_addresses_raw(int severity)
   smartlist_t *result = NULL;
   GetAdaptersAddresses_fn_t fn;
   ULONG size, res;
-  IP_ADAPTER_ADDRESSES *addresses = NULL, *address;
+  IP_ADAPTER_ADDRESSES *addresses = NULL;
 
   (void) severity;
 
@@ -1262,7 +1447,7 @@ get_interface_addresses_raw(int severity)
   /* Guess how much space we need. */
   size = 15*1024;
   addresses = tor_malloc(size);
-  res = fn(AF_UNSPEC, FLAGS, NULL, addresses, &size);
+  res = fn(family, FLAGS, NULL, addresses, &size);
   if (res == ERROR_BUFFER_OVERFLOW) {
     /* we didn't guess that we needed enough space; try again */
     tor_free(addresses);
@@ -1274,71 +1459,147 @@ get_interface_addresses_raw(int severity)
     goto done;
   }
 
-  result = smartlist_new();
-  for (address = addresses; address; address = address->Next) {
-    IP_ADAPTER_UNICAST_ADDRESS *a;
-    for (a = address->FirstUnicastAddress; a; a = a->Next) {
-      /* Yes, it's a linked list inside a linked list */
-      struct sockaddr *sa = a->Address.lpSockaddr;
-      tor_addr_t tmp;
-      if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6)
-        continue;
-      if (tor_addr_from_sockaddr(&tmp, sa, NULL) < 0)
-        continue;
-      smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
-    }
-  }
+  result = ip_adapter_addresses_to_smartlist(addresses);
 
  done:
   if (lib)
     FreeLibrary(lib);
   tor_free(addresses);
   return result;
-#elif defined(SIOCGIFCONF) && defined(HAVE_IOCTL)
+}
+
+#endif
+
+#ifdef HAVE_IFCONF_TO_SMARTLIST
+
+/* Guess how much space we need. There shouldn't be any struct ifreqs
+ * larger than this, even on OS X where the struct's size is dynamic. */
+#define IFREQ_SIZE 4096
+
+/* This is defined on Mac OS X */
+#ifndef _SIZEOF_ADDR_IFREQ
+#define _SIZEOF_ADDR_IFREQ sizeof
+#endif
+
+/** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>,
+ * into smartlist of <b>tor_addr_t</b> structures.
+ */
+STATIC smartlist_t *
+ifreq_to_smartlist(char *buf, size_t buflen)
+{
+  smartlist_t *result = smartlist_new();
+  char *end = buf + buflen;
+
+  /* These acrobatics are due to alignment issues which trigger
+   * undefined behaviour traps on OSX. */
+  struct ifreq *r = tor_malloc(IFREQ_SIZE);
+
+  while (buf < end) {
+    /* Copy up to IFREQ_SIZE bytes into the struct ifreq, but don't overrun
+     * buf. */
+    memcpy(r, buf, end - buf < IFREQ_SIZE ? end - buf : IFREQ_SIZE);
+
+    const struct sockaddr *sa = &r->ifr_addr;
+    tor_addr_t tmp;
+    int valid_sa_family = (sa->sa_family == AF_INET ||
+                           sa->sa_family == AF_INET6);
+
+    int conversion_success = (tor_addr_from_sockaddr(&tmp, sa, NULL) == 0);
+
+    if (valid_sa_family && conversion_success)
+      smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
+
+    buf += _SIZEOF_ADDR_IFREQ(*r);
+  }
+
+  tor_free(r);
+  return result;
+}
+
+/** Use ioctl(.,SIOCGIFCONF,.) to get a list of current machine
+ * network interface addresses. Represent the result by smartlist of
+ * <b>tor_addr_t</b> structures.
+ */
+STATIC smartlist_t *
+get_interface_addresses_ioctl(int severity, sa_family_t family)
+{
   /* Some older unixy systems make us use ioctl(SIOCGIFCONF) */
   struct ifconf ifc;
-  int fd, i, sz, n;
+  ifc.ifc_buf = NULL;
+  int fd;
   smartlist_t *result = NULL;
-  /* This interface, AFAICT, only supports AF_INET addresses */
-  fd = socket(AF_INET, SOCK_DGRAM, 0);
+
+  /* This interface, AFAICT, only supports AF_INET addresses,
+   * except on AIX. For Solaris, we could use SIOCGLIFCONF. */
+
+  /* Bail out if family is neither AF_INET nor AF_UNSPEC since
+   * ioctl() technique supports non-IPv4 interface addresses on
+   * a small number of niche systems only. If family is AF_UNSPEC,
+   * fall back to getting AF_INET addresses only. */
+  if (family == AF_UNSPEC)
+    family = AF_INET;
+  else if (family != AF_INET)
+    return NULL;
+
+  fd = socket(family, SOCK_DGRAM, 0);
   if (fd < 0) {
     tor_log(severity, LD_NET, "socket failed: %s", strerror(errno));
     goto done;
   }
-  /* Guess how much space we need. */
-  ifc.ifc_len = sz = 15*1024;
-  ifc.ifc_ifcu.ifcu_req = tor_malloc(sz);
-  if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
-    tor_log(severity, LD_NET, "ioctl failed: %s", strerror(errno));
-    close(fd);
-    goto done;
-  }
-  close(fd);
-  result = smartlist_new();
-  if (ifc.ifc_len < sz)
-    sz = ifc.ifc_len;
-  n = sz / sizeof(struct ifreq);
-  for (i = 0; i < n ; ++i) {
-    struct ifreq *r = &ifc.ifc_ifcu.ifcu_req[i];
-    struct sockaddr *sa = &r->ifr_addr;
-    tor_addr_t tmp;
-    if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6)
-      continue; /* should be impossible */
-    if (tor_addr_from_sockaddr(&tmp, sa, NULL) < 0)
-      continue;
-    smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
-  }
+
+  int mult = 1;
+  do {
+    mult *= 2;
+    ifc.ifc_len = mult * IFREQ_SIZE;
+    ifc.ifc_buf = tor_realloc(ifc.ifc_buf, ifc.ifc_len);
+
+    tor_assert(ifc.ifc_buf);
+
+    if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
+      tor_log(severity, LD_NET, "ioctl failed: %s", strerror(errno));
+      goto done;
+    }
+    /* Ensure we have least IFREQ_SIZE bytes unused at the end. Otherwise, we
+     * don't know if we got everything during ioctl. */
+  } while (mult * IFREQ_SIZE - ifc.ifc_len <= IFREQ_SIZE);
+  result = ifreq_to_smartlist(ifc.ifc_buf, ifc.ifc_len);
+
  done:
-  tor_free(ifc.ifc_ifcu.ifcu_req);
+  if (fd >= 0)
+    close(fd);
+  tor_free(ifc.ifc_buf);
   return result;
-#else
+}
+#endif
+
+/** Try to ask our network interfaces what addresses they are bound to.
+ * Return a new smartlist of tor_addr_t on success, and NULL on failure.
+ * (An empty smartlist indicates that we successfully learned that we have no
+ * addresses.)  Log failure messages at <b>severity</b>. Only return the
+ * interface addresses of requested <b>family</b> and ignore the addresses
+ * of other address families. */
+MOCK_IMPL(smartlist_t *,
+get_interface_addresses_raw,(int severity, sa_family_t family))
+{
+  smartlist_t *result = NULL;
+#if defined(HAVE_IFADDRS_TO_SMARTLIST)
+  if ((result = get_interface_addresses_ifaddrs(severity, family)))
+    return result;
+#endif
+#if defined(HAVE_IP_ADAPTER_TO_SMARTLIST)
+  if ((result = get_interface_addresses_win32(severity, family)))
+    return result;
+#endif
+#if defined(HAVE_IFCONF_TO_SMARTLIST)
+  if ((result = get_interface_addresses_ioctl(severity, family)))
+    return result;
+#endif
   (void) severity;
   return NULL;
-#endif
 }
 
 /** Return true iff <b>a</b> is a multicast address.  */
-static int
+int
 tor_addr_is_multicast(const tor_addr_t *a)
 {
   sa_family_t family = tor_addr_family(a);
@@ -1354,47 +1615,23 @@ tor_addr_is_multicast(const tor_addr_t *a)
   return 0;
 }
 
-/** Set *<b>addr</b> to the IP address (if any) of whatever interface
- * connects to the Internet.  This address should only be used in checking
- * whether our address has changed.  Return 0 on success, -1 on failure.
+/** Attempt to retrieve IP address of current host by utilizing some
+ * UDP socket trickery. Only look for address of given <b>family</b>
+ * (only AF_INET and AF_INET6 are supported). Set result to *<b>addr</b>.
+ * Return 0 on success, -1 on failure.
  */
-int
-get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
+MOCK_IMPL(int,
+get_interface_address6_via_udp_socket_hack,(int severity,
+                                            sa_family_t family,
+                                            tor_addr_t *addr))
 {
-  /* XXX really, this function should yield a smartlist of addresses. */
-  smartlist_t *addrs;
-  int sock=-1, r=-1;
   struct sockaddr_storage my_addr, target_addr;
+  int sock=-1, r=-1;
   socklen_t addr_len;
-  tor_assert(addr);
-
-  /* Try to do this the smart way if possible. */
-  if ((addrs = get_interface_addresses_raw(severity))) {
-    int rv = -1;
-    SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
-      if (family != AF_UNSPEC && family != tor_addr_family(a))
-        continue;
-      if (tor_addr_is_loopback(a) ||
-          tor_addr_is_multicast(a))
-        continue;
 
-      tor_addr_copy(addr, a);
-      rv = 0;
-
-      /* If we found a non-internal address, declare success.  Otherwise,
-       * keep looking. */
-      if (!tor_addr_is_internal(a, 0))
-        break;
-    } SMARTLIST_FOREACH_END(a);
-
-    SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
-    smartlist_free(addrs);
-    return rv;
-  }
-
-  /* Okay, the smart way is out. */
   memset(addr, 0, sizeof(tor_addr_t));
   memset(&target_addr, 0, sizeof(target_addr));
+
   /* Don't worry: no packets are sent. We just need to use a real address
    * on the actual Internet. */
   if (family == AF_INET6) {
@@ -1416,6 +1653,7 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
   } else {
     return -1;
   }
+
   if (sock < 0) {
     int e = tor_socket_errno(-1);
     log_fn(severity, LD_NET, "unable to create socket: %s",
@@ -1423,27 +1661,152 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
     goto err;
   }
 
-  if (connect(sock,(struct sockaddr *)&target_addr, addr_len) < 0) {
+  if (tor_connect_socket(sock,(struct sockaddr *)&target_addr,
+                         addr_len) < 0) {
     int e = tor_socket_errno(sock);
     log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
     goto err;
   }
 
-  if (getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
+  if (tor_getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
     int e = tor_socket_errno(sock);
     log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
            tor_socket_strerror(e));
     goto err;
   }
 
-  tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL);
-  r=0;
+ if (tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL) == 0) {
+    if (tor_addr_is_loopback(addr) || tor_addr_is_multicast(addr)) {
+      log_fn(severity, LD_NET, "Address that we determined via UDP socket"
+                               " magic is unsuitable for public comms.");
+    } else {
+      r=0;
+    }
+ }
+
  err:
   if (sock >= 0)
     tor_close_socket(sock);
+  if (r == -1)
+    memset(addr, 0, sizeof(tor_addr_t));
   return r;
 }
 
+/** Set *<b>addr</b> to an arbitrary IP address (if any) of an interface that
+ * connects to the Internet.  Prefer public IP addresses to internal IP
+ * addresses.  This address should only be used in checking whether our
+ * address has changed, as it may be an internal IP address.  Return 0 on
+ * success, -1 on failure.
+ * Prefer get_interface_address6_list for a list of all addresses on all
+ * interfaces which connect to the Internet.
+ */
+MOCK_IMPL(int,
+get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
+{
+  smartlist_t *addrs;
+  int rv = -1;
+  tor_assert(addr);
+
+  memset(addr, 0, sizeof(tor_addr_t));
+
+  /* Get a list of public or internal IPs in arbitrary order */
+  addrs = get_interface_address6_list(severity, family, 1);
+
+  /* Find the first non-internal address, or the last internal address
+   * Ideally, we want the default route, see #12377 for details */
+  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
+    tor_addr_copy(addr, a);
+    rv = 0;
+
+    /* If we found a non-internal address, declare success.  Otherwise,
+     * keep looking. */
+    if (!tor_addr_is_internal(a, 0))
+      break;
+  } SMARTLIST_FOREACH_END(a);
+
+  free_interface_address6_list(addrs);
+  return rv;
+}
+
+/** Free a smartlist of IP addresses returned by get_interface_address6_list.
+ */
+void
+free_interface_address6_list(smartlist_t *addrs)
+{
+  if (addrs != NULL) {
+    SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
+    smartlist_free(addrs);
+  }
+}
+
+/** Return a smartlist of the IP addresses of type family from all interfaces
+ * on the server. Excludes loopback and multicast addresses. Only includes
+ * internal addresses if include_internal is true. (Note that a relay behind
+ * NAT may use an internal address to connect to the Internet.)
+ * An empty smartlist means that there are no addresses of the selected type
+ * matching these criteria.
+ * Returns NULL on failure.
+ * Use free_interface_address6_list to free the returned list.
+ */
+MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
+                                                     sa_family_t family,
+                                                     int include_internal))
+{
+  smartlist_t *addrs;
+  tor_addr_t addr;
+
+  /* Try to do this the smart way if possible. */
+  if ((addrs = get_interface_addresses_raw(severity, family))) {
+    SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a)
+    {
+      if (tor_addr_is_loopback(a) ||
+          tor_addr_is_multicast(a)) {
+        SMARTLIST_DEL_CURRENT(addrs, a);
+        tor_free(a);
+        continue;
+      }
+
+      if (!include_internal && tor_addr_is_internal(a, 0)) {
+        SMARTLIST_DEL_CURRENT(addrs, a);
+        tor_free(a);
+        continue;
+      }
+    } SMARTLIST_FOREACH_END(a);
+  }
+
+  if (addrs && smartlist_len(addrs) > 0) {
+    return addrs;
+  }
+
+  /* if we removed all entries as unsuitable */
+  if (addrs) {
+    smartlist_free(addrs);
+  }
+
+  /* Okay, the smart way is out. */
+  addrs = smartlist_new();
+
+  if (family == AF_INET || family == AF_UNSPEC) {
+    if (get_interface_address6_via_udp_socket_hack(severity,AF_INET,
+                                                   &addr) == 0) {
+      if (include_internal || !tor_addr_is_internal(&addr, 0)) {
+        smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
+      }
+    }
+  }
+
+  if (family == AF_INET6 || family == AF_UNSPEC) {
+    if (get_interface_address6_via_udp_socket_hack(severity,AF_INET6,
+                                                   &addr) == 0) {
+      if (include_internal || !tor_addr_is_internal(&addr, 0)) {
+        smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
+      }
+    }
+  }
+
+  return addrs;
+}
+
 /* ======
  * IPv4 helpers
  * XXXX024 IPv6 deprecate some of these.
@@ -1497,7 +1860,7 @@ tor_addr_port_parse(int severity, const char *addrport,
 }
 
 /** Given an address of the form "host[:port]", try to divide it into its host
- * ane port portions, setting *<b>address_out</b> to a newly allocated string
+ * and port portions, setting *<b>address_out</b> to a newly allocated string
  * holding the address portion and *<b>port_out</b> to the port (or 0 if no
  * port is given).  Return 0 on success, -1 on failure. */
 int
@@ -1683,17 +2046,22 @@ tor_dup_ip(uint32_t addr)
 }
 
 /**
- * Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever
- * interface connects to the Internet.  This address should only be used in
- * checking whether our address has changed.  Return 0 on success, -1 on
- * failure.
+ * Set *<b>addr</b> to a host-order IPv4 address (if any) of an
+ * interface that connects to the Internet.  Prefer public IP addresses to
+ * internal IP addresses.  This address should only be used in checking
+ * whether our address has changed, as it may be an internal IPv4 address.
+ * Return 0 on success, -1 on failure.
+ * Prefer get_interface_address_list6 for a list of all IPv4 and IPv6
+ * addresses on all interfaces which connect to the Internet.
  */
-int
-get_interface_address(int severity, uint32_t *addr)
+MOCK_IMPL(int,
+get_interface_address,(int severity, uint32_t *addr))
 {
   tor_addr_t local_addr;
   int r;
 
+  memset(addr, 0, sizeof(uint32_t));
+
   r = get_interface_address6(severity, AF_INET, &local_addr);
   if (r>=0)
     *addr = tor_addr_to_ipv4h(&local_addr);
diff --git a/src/common/address.h b/src/common/address.h
index 8dc63b71c1..53712bde02 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -11,9 +11,40 @@
 #ifndef TOR_ADDRESS_H
 #define TOR_ADDRESS_H
 
+//#include <sys/sockio.h>
 #include "orconfig.h"
 #include "torint.h"
 #include "compat.h"
+#include "container.h"
+
+#ifdef ADDRESS_PRIVATE
+
+#if defined(HAVE_SYS_IOCTL_H)
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_GETIFADDRS
+#define HAVE_IFADDRS_TO_SMARTLIST
+#endif
+
+#ifdef _WIN32
+#define HAVE_IP_ADAPTER_TO_SMARTLIST
+#endif
+
+#if defined(SIOCGIFCONF) && defined(HAVE_IOCTL)
+#define HAVE_IFCONF_TO_SMARTLIST
+#endif
+
+#if defined(HAVE_NET_IF_H)
+#include <net/if.h> // for struct ifconf
+#endif
+
+#if defined(HAVE_IFADDRS_TO_SMARTLIST)
+#include <ifaddrs.h>
+#endif
+
+// TODO win32 specific includes
+#endif // ADDRESS_PRIVATE
 
 /** The number of bits from an address to consider while doing a masked
  * comparison. */
@@ -42,13 +73,13 @@ typedef struct tor_addr_port_t
 
 #define TOR_ADDR_NULL {AF_UNSPEC, {0}}
 
-static INLINE const struct in6_addr *tor_addr_to_in6(const tor_addr_t *a);
-static INLINE uint32_t tor_addr_to_ipv4n(const tor_addr_t *a);
-static INLINE uint32_t tor_addr_to_ipv4h(const tor_addr_t *a);
-static INLINE uint32_t tor_addr_to_mapped_ipv4h(const tor_addr_t *a);
-static INLINE sa_family_t tor_addr_family(const tor_addr_t *a);
-static INLINE const struct in_addr *tor_addr_to_in(const tor_addr_t *a);
-static INLINE int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u);
+static inline const struct in6_addr *tor_addr_to_in6(const tor_addr_t *a);
+static inline uint32_t tor_addr_to_ipv4n(const tor_addr_t *a);
+static inline uint32_t tor_addr_to_ipv4h(const tor_addr_t *a);
+static inline uint32_t tor_addr_to_mapped_ipv4h(const tor_addr_t *a);
+static inline sa_family_t tor_addr_family(const tor_addr_t *a);
+static inline const struct in_addr *tor_addr_to_in(const tor_addr_t *a);
+static inline int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u);
 
 socklen_t tor_addr_to_sockaddr(const tor_addr_t *a, uint16_t port,
                                struct sockaddr *sa_out, socklen_t len);
@@ -60,7 +91,7 @@ char *tor_sockaddr_to_str(const struct sockaddr *sa);
 
 /** Return an in6_addr* equivalent to <b>a</b>, or NULL if <b>a</b> is not
  * an IPv6 address. */
-static INLINE const struct in6_addr *
+static inline const struct in6_addr *
 tor_addr_to_in6(const tor_addr_t *a)
 {
   return a->family == AF_INET6 ? &a->addr.in6_addr : NULL;
@@ -84,14 +115,14 @@ tor_addr_to_in6(const tor_addr_t *a)
 
 /** Return an IPv4 address in network order for <b>a</b>, or 0 if
  * <b>a</b> is not an IPv4 address. */
-static INLINE uint32_t
+static inline uint32_t
 tor_addr_to_ipv4n(const tor_addr_t *a)
 {
   return a->family == AF_INET ? a->addr.in_addr.s_addr : 0;
 }
 /** Return an IPv4 address in host order for <b>a</b>, or 0 if
  * <b>a</b> is not an IPv4 address. */
-static INLINE uint32_t
+static inline uint32_t
 tor_addr_to_ipv4h(const tor_addr_t *a)
 {
   return ntohl(tor_addr_to_ipv4n(a));
@@ -100,28 +131,39 @@ tor_addr_to_ipv4h(const tor_addr_t *a)
  * 0 if <b>a</b> is not an IPv6 address.
  *
  * (Does not check whether the address is really a mapped address */
-static INLINE uint32_t
+static inline uint32_t
 tor_addr_to_mapped_ipv4h(const tor_addr_t *a)
 {
-  return a->family == AF_INET6 ? ntohl(tor_addr_to_in6_addr32(a)[3]) : 0;
+  if (a->family == AF_INET6) {
+    uint32_t *addr32 = NULL;
+    // Work around an incorrect NULL pointer dereference warning in
+    // "clang --analyze" due to limited analysis depth
+    addr32 = tor_addr_to_in6_addr32(a);
+    // To improve performance, wrap this assertion in:
+    // #if !defined(__clang_analyzer__) || PARANOIA
+    tor_assert(addr32);
+    return ntohl(addr32[3]);
+  } else {
+    return 0;
+  }
 }
 /** Return the address family of <b>a</b>.  Possible values are:
  * AF_INET6, AF_INET, AF_UNSPEC. */
-static INLINE sa_family_t
+static inline sa_family_t
 tor_addr_family(const tor_addr_t *a)
 {
   return a->family;
 }
 /** Return an in_addr* equivalent to <b>a</b>, or NULL if <b>a</b> is not
  * an IPv4 address. */
-static INLINE const struct in_addr *
+static inline const struct in_addr *
 tor_addr_to_in(const tor_addr_t *a)
 {
   return a->family == AF_INET ? &a->addr.in_addr : NULL;
 }
 /** Return true iff <b>a</b> is an IPv4 address equal to the host-ordered
  * address in <b>u</b>. */
-static INLINE int
+static inline int
 tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u)
 {
   return a->family == AF_INET ? (tor_addr_to_ipv4h(a) == u) : 0;
@@ -148,7 +190,13 @@ char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC;
 const char *fmt_addr_impl(const tor_addr_t *addr, int decorate);
 const char *fmt_addrport(const tor_addr_t *addr, uint16_t port);
 const char * fmt_addr32(uint32_t addr);
-int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr);
+
+MOCK_DECL(int,get_interface_address6,(int severity, sa_family_t family,
+tor_addr_t *addr));
+void free_interface_address6_list(smartlist_t * addrs);
+MOCK_DECL(smartlist_t *,get_interface_address6_list,(int severity,
+                                                     sa_family_t family,
+                                                     int include_internal));
 
 /** Flag to specify how to do a comparison between addresses.  In an "exact"
  * comparison, addresses are equivalent only if they are in the same family
@@ -173,6 +221,7 @@ int tor_addr_is_internal_(const tor_addr_t *ip, int for_listening,
                           const char *filename, int lineno);
 #define tor_addr_is_internal(addr, for_listening) \
   tor_addr_is_internal_((addr), (for_listening), SHORT_FILE__, __LINE__)
+int tor_addr_is_multicast(const tor_addr_t *a);
 
 /** Longest length that can be required for a reverse lookup name. */
 /* 32 nybbles, 32 dots, 8 characters of "ip6.arpa", 1 NUL: 73 characters. */
@@ -184,7 +233,19 @@ int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address,
 
 int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out,
                         uint16_t *port_out);
+
+/* Does the address * yield an AF_UNSPEC wildcard address (1),
+ * which expands to corresponding wildcard IPv4 and IPv6 rules, and do we
+ * allow *4 and *6 for IPv4 and IPv6 wildcards, respectively;
+ * or does the address * yield IPv4 wildcard address (0).  */
 #define TAPMP_EXTENDED_STAR 1
+/* Does the address * yield an IPv4 wildcard address rule (1);
+ * or does it yield wildcard IPv4 and IPv6 rules (0) */
+#define TAPMP_STAR_IPV4_ONLY     (1 << 1)
+/* Does the address * yield an IPv6 wildcard address rule (1);
+ * or does it yield wildcard IPv4 and IPv6 rules (0) */
+#define TAPMP_STAR_IPV6_ONLY     (1 << 2)
+/* TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */
 int tor_addr_parse_mask_ports(const char *s, unsigned flags,
                               tor_addr_t *addr_out, maskbits_t *mask_out,
                               uint16_t *port_min_out, uint16_t *port_max_out);
@@ -206,6 +267,27 @@ void tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6);
 int tor_addr_is_null(const tor_addr_t *addr);
 int tor_addr_is_loopback(const tor_addr_t *addr);
 
+int tor_addr_is_valid(const tor_addr_t *addr, int for_listening);
+int tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening);
+#define tor_addr_is_valid_ipv4h(v4h_addr, for_listening) \
+        tor_addr_is_valid_ipv4n(htonl(v4h_addr), (for_listening))
+int tor_port_is_valid(uint16_t port, int for_listening);
+/* Are addr and port both valid? */
+#define tor_addr_port_is_valid(addr, port, for_listening) \
+        (tor_addr_is_valid((addr), (for_listening)) &&    \
+         tor_port_is_valid((port), (for_listening)))
+/* Are ap->addr and ap->port both valid? */
+#define tor_addr_port_is_valid_ap(ap, for_listening) \
+        tor_addr_port_is_valid(&(ap)->addr, (ap)->port, (for_listening))
+/* Are the network-order v4addr and port both valid? */
+#define tor_addr_port_is_valid_ipv4n(v4n_addr, port, for_listening) \
+        (tor_addr_is_valid_ipv4n((v4n_addr), (for_listening)) &&    \
+         tor_port_is_valid((port), (for_listening)))
+/* Are the host-order v4addr and port both valid? */
+#define tor_addr_port_is_valid_ipv4h(v4h_addr, port, for_listening) \
+        (tor_addr_is_valid_ipv4h((v4h_addr), (for_listening)) &&    \
+         tor_port_is_valid((port), (for_listening)))
+
 int tor_addr_port_split(int severity, const char *addrport,
                         char **address_out, uint16_t *port_out);
 
@@ -225,9 +307,59 @@ int addr_mask_get_bits(uint32_t mask);
 #define INET_NTOA_BUF_LEN 16
 int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
 char *tor_dup_ip(uint32_t addr) ATTR_MALLOC;
-int get_interface_address(int severity, uint32_t *addr);
+MOCK_DECL(int,get_interface_address,(int severity, uint32_t *addr));
+/** Free a smartlist of IP addresses returned by get_interface_address_list.
+ */
+static inline void
+free_interface_address_list(smartlist_t *addrs)
+{
+  free_interface_address6_list(addrs);
+}
+/** Return a smartlist of the IPv4 addresses of all interfaces on the server.
+ * Excludes loopback and multicast addresses. Only includes internal addresses
+ * if include_internal is true. (Note that a relay behind NAT may use an
+ * internal address to connect to the Internet.)
+ * An empty smartlist means that there are no IPv4 addresses.
+ * Returns NULL on failure.
+ * Use free_interface_address_list to free the returned list.
+ */
+static inline smartlist_t *
+get_interface_address_list(int severity, int include_internal)
+{
+  return get_interface_address6_list(severity, AF_INET, include_internal);
+}
 
 tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);
 
+#ifdef ADDRESS_PRIVATE
+MOCK_DECL(smartlist_t *,get_interface_addresses_raw,(int severity,
+                                                     sa_family_t family));
+MOCK_DECL(int,get_interface_address6_via_udp_socket_hack,(int severity,
+                                                          sa_family_t family,
+                                                          tor_addr_t *addr));
+
+#ifdef HAVE_IFADDRS_TO_SMARTLIST
+STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa,
+                                         sa_family_t family);
+STATIC smartlist_t *get_interface_addresses_ifaddrs(int severity,
+                                                    sa_family_t family);
+#endif
+
+#ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
+STATIC smartlist_t *ip_adapter_addresses_to_smartlist(
+                                        const IP_ADAPTER_ADDRESSES *addresses);
+STATIC smartlist_t *get_interface_addresses_win32(int severity,
+                                                  sa_family_t family);
+#endif
+
+#ifdef HAVE_IFCONF_TO_SMARTLIST
+STATIC smartlist_t *ifreq_to_smartlist(char *ifr,
+                                       size_t buflen);
+STATIC smartlist_t *get_interface_addresses_ioctl(int severity,
+                                                  sa_family_t family);
+#endif
+
+#endif // ADDRESS_PRIVATE
+
 #endif
 
diff --git a/src/common/aes.c b/src/common/aes.c
index f454a7f7b2..8edfc5d334 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,31 +12,46 @@
 #include "orconfig.h"
 
 #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
- #ifndef _WIN32_WINNT
- #define _WIN32_WINNT 0x0501
- #endif
- #define WIN32_LEAN_AND_MEAN
- #if defined(_MSC_VER) && (_MSC_VER < 1300)
-    #include <winsock.h>
- #else
-    #include <winsock2.h>
-    #include <ws2tcpip.h>
- #endif
+  #include <winsock2.h>
+  #include <ws2tcpip.h>
 #endif
 
 #include <openssl/opensslv.h>
+#include "crypto.h"
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
+ * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
 #include <assert.h>
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/aes.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
-#include "crypto.h"
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
-/* See comments about which counter mode implementation to use below. */
 #include <openssl/modes.h>
-#define CAN_USE_OPENSSL_CTR
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
 #endif
+
 #include "compat.h"
 #include "aes.h"
 #include "util.h"
@@ -58,7 +73,14 @@
  * gives us, and the best possible counter-mode implementation, and combine
  * them.
  */
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&               \
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0)
+
+/* With newer OpenSSL versions, the older fallback modes don't compile.  So
+ * don't use them, even if we lack specific acceleration. */
+
+#define USE_EVP_AES_CTR
+
+#elif OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) &&               \
   (defined(__i386) || defined(__i386__) || defined(_M_IX86) ||          \
    defined(__x86_64) || defined(__x86_64__) ||                          \
    defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))          \
@@ -88,47 +110,34 @@
 
 #ifdef USE_EVP_AES_CTR
 
-struct aes_cnt_cipher {
-  EVP_CIPHER_CTX evp;
-};
+/* We don't actually define the struct here. */
 
 aes_cnt_cipher_t *
 aes_new_cipher(const char *key, const char *iv)
 {
-  aes_cnt_cipher_t *cipher;
-  cipher = tor_malloc_zero(sizeof(aes_cnt_cipher_t));
-  EVP_EncryptInit(&cipher->evp, EVP_aes_128_ctr(),
+  EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
+  EVP_EncryptInit(cipher, EVP_aes_128_ctr(),
                   (const unsigned char*)key, (const unsigned char *)iv);
-  return cipher;
+  return (aes_cnt_cipher_t *) cipher;
 }
 void
-aes_cipher_free(aes_cnt_cipher_t *cipher)
+aes_cipher_free(aes_cnt_cipher_t *cipher_)
 {
-  if (!cipher)
+  if (!cipher_)
     return;
-  EVP_CIPHER_CTX_cleanup(&cipher->evp);
-  memwipe(cipher, 0, sizeof(aes_cnt_cipher_t));
-  tor_free(cipher);
-}
-void
-aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
-          char *output)
-{
-  int outl;
-
-  tor_assert(len < INT_MAX);
-
-  EVP_EncryptUpdate(&cipher->evp, (unsigned char*)output,
-                    &outl, (const unsigned char *)input, (int)len);
+  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
+  EVP_CIPHER_CTX_cleanup(cipher);
+  EVP_CIPHER_CTX_free(cipher);
 }
 void
-aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
+aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len)
 {
   int outl;
+  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;
 
   tor_assert(len < INT_MAX);
 
-  EVP_EncryptUpdate(&cipher->evp, (unsigned char*)data,
+  EVP_EncryptUpdate(cipher, (unsigned char*)data,
                     &outl, (unsigned char*)data, (int)len);
 }
 int
@@ -189,12 +198,6 @@ struct aes_cnt_cipher {
  * we're testing it or because we have hardware acceleration configured */
 static int should_use_EVP = 0;
 
-#ifdef CAN_USE_OPENSSL_CTR
-/** True iff we have tested the counter-mode implementation and found that it
- * doesn't have the counter-mode bug from OpenSSL 1.0.0. */
-static int should_use_openssl_CTR = 0;
-#endif
-
 /** Check whether we should use the EVP interface for AES. If <b>force_val</b>
  * is nonnegative, we use use EVP iff it is true.  Otherwise, we use EVP
  * if there is an engine enabled for aes-ecb. */
@@ -235,7 +238,6 @@ evaluate_evp_for_aes(int force_val)
 int
 evaluate_ctr_for_aes(void)
 {
-#ifdef CAN_USE_OPENSSL_CTR
   /* Result of encrypting an all-zero block with an all-zero 128-bit AES key.
    * This should be the same as encrypting an all-zero block with an all-zero
    * 128-bit AES key in counter mode, starting at position 0 of the stream.
@@ -260,18 +262,10 @@ evaluate_ctr_for_aes(void)
 
   if (fast_memneq(output, encrypt_zero, 16)) {
     /* Counter mode is buggy */
-    log_notice(LD_CRYPTO, "This OpenSSL has a buggy version of counter mode; "
-               "not using it.");
-  } else {
-    /* Counter mode is okay */
-    log_info(LD_CRYPTO, "This OpenSSL has a good implementation of counter "
-               "mode; using it.");
-    should_use_openssl_CTR = 1;
+    log_err(LD_CRYPTO, "This OpenSSL has a buggy version of counter mode; "
+                  "quitting tor.");
+    exit(1);
   }
-#else
-  log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
-             "counter mode; not using it.");
-#endif
   return 0;
 }
 
@@ -281,29 +275,6 @@ evaluate_ctr_for_aes(void)
 #define COUNTER(c, n) ((c)->counter ## n)
 #endif
 
-/**
- * Helper function: set <b>cipher</b>'s internal buffer to the encrypted
- * value of the current counter.
- */
-static INLINE void
-aes_fill_buf_(aes_cnt_cipher_t *cipher)
-{
-  /* We don't currently use OpenSSL's counter mode implementation because:
-   *  1) some versions have known bugs
-   *  2) its attitude towards IVs is not our own
-   *  3) changing the counter position was not trivial, last time I looked.
-   * None of these issues are insurmountable in principle.
-   */
-
-  if (cipher->using_evp) {
-    int outl=16, inl=16;
-    EVP_EncryptUpdate(&cipher->key.evp, cipher->buf, &outl,
-                      cipher->ctr_buf.buf, inl);
-  } else {
-    AES_encrypt(cipher->ctr_buf.buf, cipher->buf, &cipher->key.aes);
-  }
-}
-
 static void aes_set_key(aes_cnt_cipher_t *cipher, const char *key,
                         int key_bits);
 static void aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv);
@@ -331,7 +302,7 @@ static void
 aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
 {
   if (should_use_EVP) {
-    const EVP_CIPHER *c;
+    const EVP_CIPHER *c = 0;
     switch (key_bits) {
       case 128: c = EVP_aes_128_ecb(); break;
       case 192: c = EVP_aes_192_ecb(); break;
@@ -356,12 +327,7 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
 
   cipher->pos = 0;
 
-#ifdef CAN_USE_OPENSSL_CTR
-  if (should_use_openssl_CTR)
-    memset(cipher->buf, 0, sizeof(cipher->buf));
-  else
-#endif
-    aes_fill_buf_(cipher);
+  memset(cipher->buf, 0, sizeof(cipher->buf));
 }
 
 /** Release storage held by <b>cipher</b>
@@ -386,7 +352,6 @@ aes_cipher_free(aes_cnt_cipher_t *cipher)
 #define UPDATE_CTR_BUF(c, n)
 #endif
 
-#ifdef CAN_USE_OPENSSL_CTR
 /* Helper function to use EVP with openssl's counter-mode wrapper. */
 static void
 evp_block128_fn(const uint8_t in[16],
@@ -397,67 +362,6 @@ evp_block128_fn(const uint8_t in[16],
   int inl=16, outl=16;
   EVP_EncryptUpdate(ctx, out, &outl, in, inl);
 }
-#endif
-
-/** Encrypt <b>len</b> bytes from <b>input</b>, storing the result in
- * <b>output</b>.  Uses the key in <b>cipher</b>, and advances the counter
- * by <b>len</b> bytes as it encrypts.
- */
-void
-aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
-          char *output)
-{
-#ifdef CAN_USE_OPENSSL_CTR
-  if (should_use_openssl_CTR) {
-    if (cipher->using_evp) {
-      /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h.  If
-       * it weren't disabled, it might be better just to use that.
-       */
-      CRYPTO_ctr128_encrypt((const unsigned char *)input,
-                            (unsigned char *)output,
-                            len,
-                            &cipher->key.evp,
-                            cipher->ctr_buf.buf,
-                            cipher->buf,
-                            &cipher->pos,
-                            evp_block128_fn);
-    } else {
-      AES_ctr128_encrypt((const unsigned char *)input,
-                         (unsigned char *)output,
-                         len,
-                         &cipher->key.aes,
-                         cipher->ctr_buf.buf,
-                         cipher->buf,
-                         &cipher->pos);
-    }
-    return;
-  } else
-#endif
-  {
-    int c = cipher->pos;
-    if (PREDICT_UNLIKELY(!len)) return;
-
-    while (1) {
-      do {
-        if (len-- == 0) { cipher->pos = c; return; }
-        *(output++) = *(input++) ^ cipher->buf[c];
-      } while (++c != 16);
-      cipher->pos = c = 0;
-      if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 0))) {
-        if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 1))) {
-          if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 2))) {
-            ++COUNTER(cipher, 3);
-            UPDATE_CTR_BUF(cipher, 3);
-          }
-          UPDATE_CTR_BUF(cipher, 2);
-        }
-        UPDATE_CTR_BUF(cipher, 1);
-      }
-      UPDATE_CTR_BUF(cipher, 0);
-      aes_fill_buf_(cipher);
-    }
-  }
-}
 
 /** Encrypt <b>len</b> bytes from <b>input</b>, storing the results in place.
  * Uses the key in <b>cipher</b>, and advances the counter by <b>len</b> bytes
@@ -466,35 +370,26 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
 void
 aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
 {
-#ifdef CAN_USE_OPENSSL_CTR
-  if (should_use_openssl_CTR) {
-    aes_crypt(cipher, data, len, data);
-    return;
-  } else
-#endif
-  {
-    int c = cipher->pos;
-    if (PREDICT_UNLIKELY(!len)) return;
-
-    while (1) {
-      do {
-        if (len-- == 0) { cipher->pos = c; return; }
-        *(data++) ^= cipher->buf[c];
-      } while (++c != 16);
-      cipher->pos = c = 0;
-      if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 0))) {
-        if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 1))) {
-          if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 2))) {
-            ++COUNTER(cipher, 3);
-            UPDATE_CTR_BUF(cipher, 3);
-          }
-          UPDATE_CTR_BUF(cipher, 2);
-        }
-        UPDATE_CTR_BUF(cipher, 1);
-      }
-      UPDATE_CTR_BUF(cipher, 0);
-      aes_fill_buf_(cipher);
-    }
+  if (cipher->using_evp) {
+    /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h.  If
+     * it weren't disabled, it might be better just to use that.
+     */
+    CRYPTO_ctr128_encrypt((const unsigned char *)data,
+                          (unsigned char *)data,
+                          len,
+                          &cipher->key.evp,
+                          cipher->ctr_buf.buf,
+                          cipher->buf,
+                          &cipher->pos,
+                          evp_block128_fn);
+  } else {
+    AES_ctr128_encrypt((const unsigned char *)data,
+                       (unsigned char *)data,
+                       len,
+                       &cipher->key.aes,
+                       cipher->ctr_buf.buf,
+                       cipher->buf,
+                       &cipher->pos);
   }
 }
 
@@ -511,11 +406,6 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
 #endif
   cipher->pos = 0;
   memcpy(cipher->ctr_buf.buf, iv, 16);
-
-#ifdef CAN_USE_OPENSSL_CTR
-  if (!should_use_openssl_CTR)
-#endif
-    aes_fill_buf_(cipher);
 }
 
 #endif
diff --git a/src/common/aes.h b/src/common/aes.h
index 8ff28a7622..821fb742be 100644
--- a/src/common/aes.h
+++ b/src/common/aes.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Implements a minimal interface to counter-mode AES. */
@@ -13,13 +13,10 @@
  * \brief Headers for aes.c
  */
 
-struct aes_cnt_cipher;
 typedef struct aes_cnt_cipher aes_cnt_cipher_t;
 
 aes_cnt_cipher_t* aes_new_cipher(const char *key, const char *iv);
 void aes_cipher_free(aes_cnt_cipher_t *cipher);
-void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
-               char *output);
 void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len);
 
 int evaluate_evp_for_aes(int force_value);
diff --git a/src/common/backtrace.c b/src/common/backtrace.c
index 3a073a8ff5..3b762b68e3 100644
--- a/src/common/backtrace.c
+++ b/src/common/backtrace.c
@@ -1,6 +1,18 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file backtrace.c
+ *
+ * \brief Functions to produce backtraces on bugs, crashes, or assertion
+ * failures.
+ *
+ * Currently, we've only got an implementation here using the backtrace()
+ * family of functions, which are sometimes provided by libc and sometimes
+ * provided by libexecinfo.  We tie into the sigaction() backend in order to
+ * detect crashes.
+ */
+
 #define __USE_GNU
 #define _GNU_SOURCE 1
 
@@ -62,16 +74,16 @@ static tor_mutex_t cb_buf_mutex;
  * ucontext_t structure.
  */
 void
-clean_backtrace(void **stack, int depth, const ucontext_t *ctx)
+clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx)
 {
 #ifdef PC_FROM_UCONTEXT
 #if defined(__linux__)
-  const int n = 1;
+  const size_t n = 1;
 #elif defined(__darwin__) || defined(__APPLE__) || defined(__OpenBSD__) \
   || defined(__FreeBSD__)
-  const int n = 2;
+  const size_t n = 2;
 #else
-  const int n = 1;
+  const size_t n = 1;
 #endif
   if (depth <= n)
     return;
@@ -80,6 +92,7 @@ clean_backtrace(void **stack, int depth, const ucontext_t *ctx)
 #else
   (void) depth;
   (void) ctx;
+  (void) stack;
 #endif
 }
 
@@ -88,14 +101,14 @@ clean_backtrace(void **stack, int depth, const ucontext_t *ctx)
 void
 log_backtrace(int severity, int domain, const char *msg)
 {
-  int depth;
+  size_t depth;
   char **symbols;
-  int i;
+  size_t i;
 
   tor_mutex_acquire(&cb_buf_mutex);
 
   depth = backtrace(cb_buf, MAX_DEPTH);
-  symbols = backtrace_symbols(cb_buf, depth);
+  symbols = backtrace_symbols(cb_buf, (int)depth);
 
   tor_log(severity, domain, "%s. Stack trace:", msg);
   if (!symbols) {
@@ -119,7 +132,7 @@ static void
 crash_handler(int sig, siginfo_t *si, void *ctx_)
 {
   char buf[40];
-  int depth;
+  size_t depth;
   ucontext_t *ctx = (ucontext_t *) ctx_;
   int n_fds, i;
   const int *fds = NULL;
@@ -138,7 +151,7 @@ crash_handler(int sig, siginfo_t *si, void *ctx_)
 
   n_fds = tor_log_get_sigsafe_err_fds(&fds);
   for (i=0; i < n_fds; ++i)
-    backtrace_symbols_fd(cb_buf, depth, fds[i]);
+    backtrace_symbols_fd(cb_buf, (int)depth, fds[i]);
 
   abort();
 }
@@ -173,8 +186,8 @@ install_bt_handler(void)
      * libc has pre-loaded the symbols we need to dump things, so that later
      * reads won't be denied by the sandbox code */
     char **symbols;
-    int depth = backtrace(cb_buf, MAX_DEPTH);
-    symbols = backtrace_symbols(cb_buf, depth);
+    size_t depth = backtrace(cb_buf, MAX_DEPTH);
+    symbols = backtrace_symbols(cb_buf, (int) depth);
     if (symbols)
       free(symbols);
   }
@@ -214,9 +227,10 @@ int
 configure_backtrace_handler(const char *tor_version)
 {
   tor_free(bt_version);
-  if (!tor_version)
-    tor_version = "";
-  tor_asprintf(&bt_version, "Tor %s", tor_version);
+  if (tor_version)
+    tor_asprintf(&bt_version, "Tor %s", tor_version);
+  else
+    tor_asprintf(&bt_version, "Tor");
 
   return install_bt_handler();
 }
diff --git a/src/common/backtrace.h b/src/common/backtrace.h
index 1f4d73339f..b53fd2c668 100644
--- a/src/common/backtrace.h
+++ b/src/common/backtrace.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_BACKTRACE_H
@@ -13,7 +13,7 @@ void clean_up_backtrace_handler(void);
 #ifdef EXPOSE_CLEAN_BACKTRACE
 #if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
   defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
-void clean_backtrace(void **stack, int depth, const ucontext_t *ctx);
+void clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx);
 #endif
 #endif
 
diff --git a/src/common/compat.c b/src/common/compat.c
index 53d0623c84..ede850792f 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1,12 +1,12 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file compat.c
  * \brief Wrappers to make calls more portable.  This code defines
- * functions such as tor_malloc, tor_snprintf, get/set various data types,
+ * functions such as tor_snprintf, get/set various data types,
  * renaming, setting socket options, switching user IDs.  It is basically
  * where the non-portable items are conditionally included depending on
  * the platform.
@@ -27,7 +27,7 @@
 #include "compat.h"
 
 #ifdef _WIN32
-#include <process.h>
+#include <winsock2.h>
 #include <windows.h>
 #include <sys/locking.h>
 #endif
@@ -68,6 +68,37 @@
 #ifdef HAVE_CRT_EXTERNS_H
 #include <crt_externs.h>
 #endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
+#ifdef _WIN32
+#include <conio.h>
+#include <wchar.h>
+/* Some mingw headers lack these. :p */
+#if defined(HAVE_DECL__GETWCH) && !HAVE_DECL__GETWCH
+wint_t _getwch(void);
+#endif
+#ifndef WEOF
+#define WEOF (wchar_t)(0xFFFF)
+#endif
+#if defined(HAVE_DECL_SECUREZEROMEMORY) && !HAVE_DECL_SECUREZEROMEMORY
+static inline void
+SecureZeroMemory(PVOID ptr, SIZE_T cnt)
+{
+  volatile char *vcptr = (volatile char*)ptr;
+  while (cnt--)
+    *vcptr++ = 0;
+}
+#endif
+#elif defined(HAVE_READPASSPHRASE_H)
+#include <readpassphrase.h>
+#else
+#include "tor_readpassphrase.h"
+#endif
 
 #ifndef HAVE_GETTIMEOFDAY
 #ifdef HAVE_FTIME
@@ -77,6 +108,7 @@
 
 /* Includes for the process attaching prevention */
 #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+/* Only use the linux prctl;  the IRIX prctl is totally different */
 #include <sys/prctl.h>
 #elif defined(__APPLE__)
 #include <sys/types.h>
@@ -110,10 +142,6 @@
 #ifdef HAVE_SYS_FILE_H
 #include <sys/file.h>
 #endif
-#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
-/* Only use the linux prctl;  the IRIX prctl is totally different */
-#include <sys/prctl.h>
-#endif
 #ifdef TOR_UNIT_TESTS
 #if !defined(HAVE_USLEEP) && defined(HAVE_SYS_SELECT_H)
 /* as fallback implementation for tor_sleep_msec */
@@ -135,15 +163,20 @@
 #include "strlcat.c"
 #endif
 
+/* When set_max_file_descriptors() is called, update this with the max file
+ * descriptor value so we can use it to check the limit when opening a new
+ * socket. Default value is what Debian sets as the default hard limit. */
+static int max_sockets = 1024;
+
 /** As open(path, flags, mode), but return an fd with the close-on-exec mode
  * set. */
 int
 tor_open_cloexec(const char *path, int flags, unsigned mode)
 {
   int fd;
+  const char *p = sandbox_intern_string(path);
 #ifdef O_CLOEXEC
-  path = sandbox_intern_string(path);
-  fd = open(path, flags|O_CLOEXEC, mode);
+  fd = open(p, flags|O_CLOEXEC, mode);
   if (fd >= 0)
     return fd;
   /* If we got an error, see if it is EINVAL. EINVAL might indicate that,
@@ -153,8 +186,8 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
     return -1;
 #endif
 
-  log_debug(LD_FS, "Opening %s with flags %x", path, flags);
-  fd = open(path, flags, mode);
+  log_debug(LD_FS, "Opening %s with flags %x", p, flags);
+  fd = open(p, flags, mode);
 #ifdef FD_CLOEXEC
   if (fd >= 0) {
     if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
@@ -543,14 +576,17 @@ tor_vasprintf(char **strp, const char *fmt, va_list args)
   int len, r;
   va_list tmp_args;
   va_copy(tmp_args, args);
-  len = vsnprintf(buf, sizeof(buf), fmt, tmp_args);
+  /* vsnprintf() was properly checked but tor_vsnprintf() available so
+   * why not use it? */
+  len = tor_vsnprintf(buf, sizeof(buf), fmt, tmp_args);
   va_end(tmp_args);
   if (len < (int)sizeof(buf)) {
     *strp = tor_strdup(buf);
     return len;
   }
   strp_tmp = tor_malloc(len+1);
-  r = vsnprintf(strp_tmp, len+1, fmt, args);
+  /* use of tor_vsnprintf() will ensure string is null terminated */
+  r = tor_vsnprintf(strp_tmp, len+1, fmt, args);
   if (r != len) {
     tor_free(strp_tmp);
     *strp = NULL;
@@ -684,7 +720,8 @@ strtok_helper(char *cp, const char *sep)
 }
 
 /** Implementation of strtok_r for platforms whose coders haven't figured out
- * how to write one.  Hey guys!  You can use this code here for free! */
+ * how to write one.  Hey, retrograde libc developers!  You can use this code
+ * here for free! */
 char *
 tor_strtok_r_impl(char *str, const char *sep, char **lasts)
 {
@@ -825,6 +862,7 @@ replace_file(const char *from, const char *to)
     case FN_NOENT:
       break;
     case FN_FILE:
+    case FN_EMPTY:
       if (unlink(to)) return -1;
       break;
     case FN_ERROR:
@@ -981,14 +1019,23 @@ tor_fd_getpos(int fd)
 #endif
 }
 
-/** Move <b>fd</b> to the end of the file. Return -1 on error, 0 on success. */
+/** Move <b>fd</b> to the end of the file. Return -1 on error, 0 on success.
+ * If the file is a pipe, do nothing and succeed.
+ **/
 int
 tor_fd_seekend(int fd)
 {
 #ifdef _WIN32
   return _lseek(fd, 0, SEEK_END) < 0 ? -1 : 0;
 #else
-  return lseek(fd, 0, SEEK_END) < 0 ? -1 : 0;
+  off_t rc = lseek(fd, 0, SEEK_END) < 0 ? -1 : 0;
+#ifdef ESPIPE
+  /* If we get an error and ESPIPE, then it's a pipe or a socket of a fifo:
+   * no need to worry. */
+  if (rc < 0 && errno == ESPIPE)
+    rc = 0;
+#endif
+  return (rc < 0) ? -1 : 0;
 #endif
 }
 
@@ -1004,6 +1051,23 @@ tor_fd_setpos(int fd, off_t pos)
 #endif
 }
 
+/** Replacement for ftruncate(fd, 0): move to the front of the file and remove
+ * all the rest of the file. Return -1 on error, 0 on success. */
+int
+tor_ftruncate(int fd)
+{
+  /* Rumor has it that some versions of ftruncate do not move the file pointer.
+   */
+  if (tor_fd_setpos(fd, 0) < 0)
+    return -1;
+
+#ifdef _WIN32
+  return _chsize(fd, 0);
+#else
+  return ftruncate(fd, 0);
+#endif
+}
+
 #undef DEBUG_SOCKET_COUNTING
 #ifdef DEBUG_SOCKET_COUNTING
 /** A bitarray of all fds that should be passed to tor_socket_close(). Only
@@ -1021,7 +1085,7 @@ static int n_sockets_open = 0;
 static tor_mutex_t *socket_accounting_mutex = NULL;
 
 /** Helper: acquire the socket accounting lock. */
-static INLINE void
+static inline void
 socket_accounting_lock(void)
 {
   if (PREDICT_UNLIKELY(!socket_accounting_mutex))
@@ -1030,7 +1094,7 @@ socket_accounting_lock(void)
 }
 
 /** Helper: release the socket accounting lock. */
-static INLINE void
+static inline void
 socket_accounting_unlock(void)
 {
   tor_mutex_release(socket_accounting_mutex);
@@ -1106,7 +1170,7 @@ tor_close_socket(tor_socket_t s)
 #ifdef DEBUG_SOCKET_COUNTING
 /** Helper: if DEBUG_SOCKET_COUNTING is enabled, remember that <b>s</b> is
  * now an open socket. */
-static INLINE void
+static inline void
 mark_socket_open(tor_socket_t s)
 {
   /* XXXX This bitarray business will NOT work on windows: sockets aren't
@@ -1132,12 +1196,20 @@ mark_socket_open(tor_socket_t s)
 /** @} */
 
 /** As socket(), but counts the number of open sockets. */
-tor_socket_t
-tor_open_socket(int domain, int type, int protocol)
+MOCK_IMPL(tor_socket_t,
+tor_open_socket,(int domain, int type, int protocol))
 {
   return tor_open_socket_with_extensions(domain, type, protocol, 1, 0);
 }
 
+/** Mockable wrapper for connect(). */
+MOCK_IMPL(tor_socket_t,
+tor_connect_socket,(tor_socket_t socket,const struct sockaddr *address,
+                     socklen_t address_len))
+{
+  return connect(socket,address,address_len);
+}
+
 /** As socket(), but creates a nonblocking socket and
  * counts the number of open sockets. */
 tor_socket_t
@@ -1155,6 +1227,18 @@ tor_open_socket_with_extensions(int domain, int type, int protocol,
                                 int cloexec, int nonblock)
 {
   tor_socket_t s;
+
+  /* We are about to create a new file descriptor so make sure we have
+   * enough of them. */
+  if (get_n_open_sockets() >= max_sockets - 1) {
+#ifdef _WIN32
+    WSASetLastError(WSAEMFILE);
+#else
+    errno = EMFILE;
+#endif
+    return TOR_INVALID_SOCKET;
+  }
+
 #if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
   int ext_flags = (cloexec ? SOCK_CLOEXEC : 0) |
                   (nonblock ? SOCK_NONBLOCK : 0);
@@ -1226,6 +1310,18 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
                                  socklen_t *len, int cloexec, int nonblock)
 {
   tor_socket_t s;
+
+  /* We are about to create a new file descriptor so make sure we have
+   * enough of them. */
+  if (get_n_open_sockets() >= max_sockets - 1) {
+#ifdef _WIN32
+    WSASetLastError(WSAEMFILE);
+#else
+    errno = EMFILE;
+#endif
+    return TOR_INVALID_SOCKET;
+  }
+
 #if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
   int ext_flags = (cloexec ? SOCK_CLOEXEC : 0) |
                   (nonblock ? SOCK_NONBLOCK : 0);
@@ -1284,6 +1380,14 @@ get_n_open_sockets(void)
   return n;
 }
 
+/** Mockable wrapper for getsockname(). */
+MOCK_IMPL(int,
+tor_getsockname,(tor_socket_t socket, struct sockaddr *address,
+                 socklen_t *address_len))
+{
+   return getsockname(socket, address, address_len);
+}
+
 /** Turn <b>socket</b> into a nonblocking socket. Return 0 on success, -1
  * on failure.
  */
@@ -1389,6 +1493,20 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
 }
 
 #ifdef NEED_ERSATZ_SOCKETPAIR
+
+static inline socklen_t
+SIZEOF_SOCKADDR(int domain)
+{
+  switch (domain) {
+    case AF_INET:
+      return sizeof(struct sockaddr_in);
+    case AF_INET6:
+      return sizeof(struct sockaddr_in6);
+    default:
+      return 0;
+  }
+}
+
 /**
  * Helper used to implement socketpair on systems that lack it, by
  * making a direct connection to localhost.
@@ -1404,10 +1522,21 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
     tor_socket_t listener = TOR_INVALID_SOCKET;
     tor_socket_t connector = TOR_INVALID_SOCKET;
     tor_socket_t acceptor = TOR_INVALID_SOCKET;
-    struct sockaddr_in listen_addr;
-    struct sockaddr_in connect_addr;
+    tor_addr_t listen_tor_addr;
+    struct sockaddr_storage connect_addr_ss, listen_addr_ss;
+    struct sockaddr *listen_addr = (struct sockaddr *) &listen_addr_ss;
+    uint16_t listen_port = 0;
+    tor_addr_t connect_tor_addr;
+    uint16_t connect_port = 0;
+    struct sockaddr *connect_addr = (struct sockaddr *) &connect_addr_ss;
     socklen_t size;
     int saved_errno = -1;
+    int ersatz_domain = AF_INET;
+
+    memset(&connect_tor_addr, 0, sizeof(connect_tor_addr));
+    memset(&connect_addr_ss, 0, sizeof(connect_addr_ss));
+    memset(&listen_tor_addr, 0, sizeof(listen_tor_addr));
+    memset(&listen_addr_ss, 0, sizeof(listen_addr_ss));
 
     if (protocol
 #ifdef AF_UNIX
@@ -1424,47 +1553,71 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
       return -EINVAL;
     }
 
-    listener = tor_open_socket(AF_INET, type, 0);
-    if (!SOCKET_OK(listener))
-      return -tor_socket_errno(-1);
-    memset(&listen_addr, 0, sizeof(listen_addr));
-    listen_addr.sin_family = AF_INET;
-    listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-    listen_addr.sin_port = 0;   /* kernel chooses port.  */
-    if (bind(listener, (struct sockaddr *) &listen_addr, sizeof (listen_addr))
-        == -1)
+    listener = tor_open_socket(ersatz_domain, type, 0);
+    if (!SOCKET_OK(listener)) {
+      int first_errno = tor_socket_errno(-1);
+      if (first_errno == SOCK_ERRNO(EPROTONOSUPPORT)
+          && ersatz_domain == AF_INET) {
+        /* Assume we're on an IPv6-only system */
+        ersatz_domain = AF_INET6;
+        listener = tor_open_socket(ersatz_domain, type, 0);
+        if (!SOCKET_OK(listener)) {
+          /* Keep the previous behaviour, which was to return the IPv4 error.
+           * (This may be less informative on IPv6-only systems.)
+           * XX/teor - is there a better way to decide which errno to return?
+           * (I doubt we care much either way, once there is an error.)
+           */
+          return -first_errno;
+        }
+      }
+    }
+    /* If there is no 127.0.0.1 or ::1, this will and must fail. Otherwise, we
+     * risk exposing a socketpair on a routable IP address. (Some BSD jails
+     * use a routable address for localhost. Fortunately, they have the real
+     * AF_UNIX socketpair.) */
+    if (ersatz_domain == AF_INET) {
+      tor_addr_from_ipv4h(&listen_tor_addr, INADDR_LOOPBACK);
+    } else {
+      tor_addr_parse(&listen_tor_addr, "[::1]");
+    }
+    tor_assert(tor_addr_is_loopback(&listen_tor_addr));
+    size = tor_addr_to_sockaddr(&listen_tor_addr,
+                         0 /* kernel chooses port.  */,
+                         listen_addr,
+                         sizeof(listen_addr_ss));
+    if (bind(listener, listen_addr, size) == -1)
       goto tidy_up_and_fail;
     if (listen(listener, 1) == -1)
       goto tidy_up_and_fail;
 
-    connector = tor_open_socket(AF_INET, type, 0);
+    connector = tor_open_socket(ersatz_domain, type, 0);
     if (!SOCKET_OK(connector))
       goto tidy_up_and_fail;
     /* We want to find out the port number to connect to.  */
-    size = sizeof(connect_addr);
-    if (getsockname(listener, (struct sockaddr *) &connect_addr, &size) == -1)
+    size = sizeof(connect_addr_ss);
+    if (getsockname(listener, connect_addr, &size) == -1)
       goto tidy_up_and_fail;
-    if (size != sizeof (connect_addr))
+    if (size != SIZEOF_SOCKADDR (connect_addr->sa_family))
       goto abort_tidy_up_and_fail;
-    if (connect(connector, (struct sockaddr *) &connect_addr,
-                sizeof(connect_addr)) == -1)
+    if (connect(connector, connect_addr, size) == -1)
       goto tidy_up_and_fail;
 
-    size = sizeof(listen_addr);
-    acceptor = tor_accept_socket(listener,
-                                 (struct sockaddr *) &listen_addr, &size);
+    size = sizeof(listen_addr_ss);
+    acceptor = tor_accept_socket(listener, listen_addr, &size);
     if (!SOCKET_OK(acceptor))
       goto tidy_up_and_fail;
-    if (size != sizeof(listen_addr))
+    if (size != SIZEOF_SOCKADDR(listen_addr->sa_family))
       goto abort_tidy_up_and_fail;
     /* Now check we are talking to ourself by matching port and host on the
        two sockets.  */
-    if (getsockname(connector, (struct sockaddr *) &connect_addr, &size) == -1)
+    if (getsockname(connector, connect_addr, &size) == -1)
       goto tidy_up_and_fail;
-    if (size != sizeof (connect_addr)
-        || listen_addr.sin_family != connect_addr.sin_family
-        || listen_addr.sin_addr.s_addr != connect_addr.sin_addr.s_addr
-        || listen_addr.sin_port != connect_addr.sin_port) {
+    /* Set *_tor_addr and *_port to the address and port that was used */
+    tor_addr_from_sockaddr(&listen_tor_addr, listen_addr, &listen_port);
+    tor_addr_from_sockaddr(&connect_tor_addr, connect_addr, &connect_port);
+    if (size != SIZEOF_SOCKADDR (connect_addr->sa_family)
+        || tor_addr_compare(&listen_tor_addr, &connect_tor_addr, CMP_SEMANTIC)
+        || listen_port != connect_port) {
       goto abort_tidy_up_and_fail;
     }
     tor_close_socket(listener);
@@ -1490,26 +1643,48 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
       tor_close_socket(acceptor);
     return -saved_errno;
 }
+
+#undef SIZEOF_SOCKADDR
+
 #endif
 
+/* Return the maximum number of allowed sockets. */
+int
+get_max_sockets(void)
+{
+  return max_sockets;
+}
+
 /** Number of extra file descriptors to keep in reserve beyond those that we
  * tell Tor it's allowed to use. */
 #define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond ConnLimit_ */
 
-/** Learn the maximum allowed number of file descriptors, and tell the system
- * we want to use up to that number. (Some systems have a low soft limit, and
- * let us set it higher.)
+/** Learn the maximum allowed number of file descriptors, and tell the
+ * system we want to use up to that number. (Some systems have a low soft
+ * limit, and let us set it higher.)  We compute this by finding the largest
+ * number that we can use.
+ *
+ * If the limit is below the reserved file descriptor value (ULIMIT_BUFFER),
+ * return -1 and <b>max_out</b> is untouched.
  *
- * We compute this by finding the largest number that we can use.
- * If we can't find a number greater than or equal to <b>limit</b>,
- * then we fail: return -1.
+ * If we can't find a number greater than or equal to <b>limit</b>, then we
+ * fail by returning -1 and <b>max_out</b> is untouched.
  *
- * If <b>limit</b> is 0, then do not adjust the current maximum.
+ * If we are unable to set the limit value because of setrlimit() failing,
+ * return -1 and <b>max_out</b> is set to the current maximum value returned
+ * by getrlimit().
  *
- * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>.*/
+ * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>
+ * and set <b>max_sockets</b> with that value as well.*/
 int
 set_max_file_descriptors(rlim_t limit, int *max_out)
 {
+  if (limit < ULIMIT_BUFFER) {
+    log_warn(LD_CONFIG,
+             "ConnLimit must be at least %d. Failing.", ULIMIT_BUFFER);
+    return -1;
+  }
+
   /* Define some maximum connections values for systems where we cannot
    * automatically determine a limit. Re Cygwin, see
    * http://archives.seul.org/or/talk/Aug-2006/msg00210.html
@@ -1544,14 +1719,6 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
              strerror(errno));
     return -1;
   }
-  if (limit == 0) {
-    /* If limit == 0, return the maximum value without setting it. */
-    limit = rlim.rlim_max;
-    if (limit > INT_MAX)
-      limit = INT_MAX;
-    *max_out = (int)limit - ULIMIT_BUFFER;
-    return 0;
-  }
   if (rlim.rlim_max < limit) {
     log_warn(LD_CONFIG,"We need %lu file descriptors available, and we're "
              "limited to %lu. Please change your ulimit -n.",
@@ -1563,6 +1730,9 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
     log_info(LD_NET,"Raising max file descriptors from %lu to %lu.",
              (unsigned long)rlim.rlim_cur, (unsigned long)rlim.rlim_max);
   }
+  /* Set the current limit value so if the attempt to set the limit to the
+   * max fails at least we'll have a valid value of maximum sockets. */
+  *max_out = max_sockets = (int)rlim.rlim_cur - ULIMIT_BUFFER;
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) {
@@ -1596,15 +1766,10 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   limit = rlim.rlim_cur;
 #endif /* HAVE_GETRLIMIT */
 
-  if (limit < ULIMIT_BUFFER) {
-    log_warn(LD_CONFIG,
-             "ConnLimit must be at least %d. Failing.", ULIMIT_BUFFER);
-    return -1;
-  }
   if (limit > INT_MAX)
     limit = INT_MAX;
   tor_assert(max_out);
-  *max_out = (int)limit - ULIMIT_BUFFER;
+  *max_out = max_sockets = (int)limit - ULIMIT_BUFFER;
   return 0;
 }
 
@@ -1670,12 +1835,12 @@ log_credential_status(void)
 
   /* log supplementary groups */
   sup_gids_size = 64;
-  sup_gids = tor_malloc(sizeof(gid_t) * 64);
+  sup_gids = tor_calloc(64, sizeof(gid_t));
   while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 &&
          errno == EINVAL &&
          sup_gids_size < NGROUPS_MAX) {
     sup_gids_size *= 2;
-    sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size);
+    sup_gids = tor_reallocarray(sup_gids, sizeof(gid_t), sup_gids_size);
   }
 
   if (ngids < 0) {
@@ -1766,8 +1931,8 @@ tor_getpwnam(const char *username)
   if ((pw = getpwnam(username))) {
     tor_passwd_free(passwd_cached);
     passwd_cached = tor_passwd_dup(pw);
-    log_notice(LD_GENERAL, "Caching new entry %s for %s",
-               passwd_cached->pw_name, username);
+    log_info(LD_GENERAL, "Caching new entry %s for %s",
+             passwd_cached->pw_name, username);
     return pw;
   }
 
@@ -1808,17 +1973,99 @@ tor_getpwuid(uid_t uid)
 }
 #endif
 
+/** Return true iff we were compiled with capability support, and capabilities
+ * seem to work. **/
+int
+have_capability_support(void)
+{
+#ifdef HAVE_LINUX_CAPABILITIES
+  cap_t caps = cap_get_proc();
+  if (caps == NULL)
+    return 0;
+  cap_free(caps);
+  return 1;
+#else
+  return 0;
+#endif
+}
+
+#ifdef HAVE_LINUX_CAPABILITIES
+/** Helper. Drop all capabilities but a small set, and set PR_KEEPCAPS as
+ * appropriate.
+ *
+ * If pre_setuid, retain only CAP_NET_BIND_SERVICE, CAP_SETUID, and
+ * CAP_SETGID, and use PR_KEEPCAPS to ensure that capabilities persist across
+ * setuid().
+ *
+ * If not pre_setuid, retain only CAP_NET_BIND_SERVICE, and disable
+ * PR_KEEPCAPS.
+ *
+ * Return 0 on success, and -1 on failure.
+ */
+static int
+drop_capabilities(int pre_setuid)
+{
+  /* We keep these three capabilities, and these only, as we setuid.
+   * After we setuid, we drop all but the first. */
+  const cap_value_t caplist[] = {
+    CAP_NET_BIND_SERVICE, CAP_SETUID, CAP_SETGID
+  };
+  const char *where = pre_setuid ? "pre-setuid" : "post-setuid";
+  const int n_effective = pre_setuid ? 3 : 1;
+  const int n_permitted = pre_setuid ? 3 : 1;
+  const int n_inheritable = 1;
+  const int keepcaps = pre_setuid ? 1 : 0;
+
+  /* Sets whether we keep capabilities across a setuid. */
+  if (prctl(PR_SET_KEEPCAPS, keepcaps) < 0) {
+    log_warn(LD_CONFIG, "Unable to call prctl() %s: %s",
+             where, strerror(errno));
+    return -1;
+  }
+
+  cap_t caps = cap_get_proc();
+  if (!caps) {
+    log_warn(LD_CONFIG, "Unable to call cap_get_proc() %s: %s",
+             where, strerror(errno));
+    return -1;
+  }
+  cap_clear(caps);
+
+  cap_set_flag(caps, CAP_EFFECTIVE, n_effective, caplist, CAP_SET);
+  cap_set_flag(caps, CAP_PERMITTED, n_permitted, caplist, CAP_SET);
+  cap_set_flag(caps, CAP_INHERITABLE, n_inheritable, caplist, CAP_SET);
+
+  int r = cap_set_proc(caps);
+  cap_free(caps);
+  if (r < 0) {
+    log_warn(LD_CONFIG, "No permission to set capabilities %s: %s",
+             where, strerror(errno));
+    return -1;
+  }
+
+  return 0;
+}
+#endif
+
 /** Call setuid and setgid to run as <b>user</b> and switch to their
  * primary group.  Return 0 on success.  On failure, log and return -1.
+ *
+ * If SWITCH_ID_KEEP_BINDLOW is set in 'flags', try to use the capability
+ * system to retain the abilitity to bind low ports.
+ *
+ * If SWITCH_ID_WARN_IF_NO_CAPS is set in flags, also warn if we have
+ * don't have capability support.
  */
 int
-switch_id(const char *user)
+switch_id(const char *user, const unsigned flags)
 {
 #ifndef _WIN32
   const struct passwd *pw = NULL;
   uid_t old_uid;
   gid_t old_gid;
   static int have_already_switched_id = 0;
+  const int keep_bindlow = !!(flags & SWITCH_ID_KEEP_BINDLOW);
+  const int warn_if_no_caps = !!(flags & SWITCH_ID_WARN_IF_NO_CAPS);
 
   tor_assert(user);
 
@@ -1842,6 +2089,20 @@ switch_id(const char *user)
     return -1;
   }
 
+#ifdef HAVE_LINUX_CAPABILITIES
+  (void) warn_if_no_caps;
+  if (keep_bindlow) {
+    if (drop_capabilities(1))
+      return -1;
+  }
+#else
+  (void) keep_bindlow;
+  if (warn_if_no_caps) {
+    log_warn(LD_CONFIG, "KeepBindCapabilities set, but no capability support "
+             "on this system.");
+  }
+#endif
+
   /* Properly switch egid,gid,euid,uid here or bail out */
   if (setgroups(1, &pw->pw_gid)) {
     log_warn(LD_GENERAL, "Error setting groups to gid %d: \"%s\".",
@@ -1895,6 +2156,12 @@ switch_id(const char *user)
 
   /* We've properly switched egid, gid, euid, uid, and supplementary groups if
    * we're here. */
+#ifdef HAVE_LINUX_CAPABILITIES
+  if (keep_bindlow) {
+    if (drop_capabilities(0))
+      return -1;
+  }
+#endif
 
 #if !defined(CYGWIN) && !defined(__CYGWIN__)
   /* If we tried to drop privilege to a group/user other than root, attempt to
@@ -1942,9 +2209,9 @@ switch_id(const char *user)
 
 #else
   (void)user;
+  (void)flags;
 
-  log_warn(LD_CONFIG,
-           "User specified but switching users is unsupported on your OS.");
+  log_warn(LD_CONFIG, "Switching users is unsupported on your OS.");
   return -1;
 #endif
 }
@@ -2170,9 +2437,20 @@ get_environment(void)
 #endif
 }
 
-/** Set *addr to the IP address (in dotted-quad notation) stored in c.
- * Return 1 on success, 0 if c is badly formatted.  (Like inet_aton(c,addr),
- * but works on Windows and Solaris.)
+/** Get name of current host and write it to <b>name</b> array, whose
+ * length is specified by <b>namelen</b> argument. Return 0 upon
+ * successfull completion; otherwise return return -1. (Currently,
+ * this function is merely a mockable wrapper for POSIX gethostname().)
+ */
+MOCK_IMPL(int,
+tor_gethostname,(char *name, size_t namelen))
+{
+   return gethostname(name,namelen);
+}
+
+/** Set *addr to the IP address (in dotted-quad notation) stored in *str.
+ * Return 1 on success, 0 if *str is badly formatted.
+ * (Like inet_aton(str,addr), but works on Windows and Solaris.)
  */
 int
 tor_inet_aton(const char *str, struct in_addr* addr)
@@ -2396,8 +2674,9 @@ tor_inet_pton(int af, const char *src, void *dst)
  * (This function exists because standard windows gethostbyname
  * doesn't treat raw IP addresses properly.)
  */
-int
-tor_lookup_hostname(const char *name, uint32_t *addr)
+
+MOCK_IMPL(int,
+tor_lookup_hostname,(const char *name, uint32_t *addr))
 {
   tor_addr_t myaddr;
   int ret;
@@ -2420,8 +2699,7 @@ static int uname_result_is_set = 0;
 
 /** Return a pointer to a description of our platform.
  */
-const char *
-get_uname(void)
+MOCK_IMPL(const char *, get_uname, (void))
 {
 #ifdef HAVE_UNAME
   struct utsname u;
@@ -2489,14 +2767,12 @@ get_uname(void)
                          "Unrecognized version of Windows [major=%d,minor=%d]",
                          (int)info.dwMajorVersion,(int)info.dwMinorVersion);
         }
-#if !defined (WINCE)
 #ifdef VER_NT_SERVER
       if (info.wProductType == VER_NT_SERVER ||
           info.wProductType == VER_NT_DOMAIN_CONTROLLER) {
         strlcat(uname_result, " [server]", sizeof(uname_result));
       }
 #endif
-#endif
 #else
         strlcpy(uname_result, "Unknown platform", sizeof(uname_result));
 #endif
@@ -2510,109 +2786,6 @@ get_uname(void)
  *   Process control
  */
 
-#if defined(USE_PTHREADS)
-/** Wraps a void (*)(void*) function and its argument so we can
- * invoke them in a way pthreads would expect.
- */
-typedef struct tor_pthread_data_t {
-  void (*func)(void *);
-  void *data;
-} tor_pthread_data_t;
-/** Given a tor_pthread_data_t <b>_data</b>, call _data-&gt;func(d-&gt;data)
- * and free _data.  Used to make sure we can call functions the way pthread
- * expects. */
-static void *
-tor_pthread_helper_fn(void *_data)
-{
-  tor_pthread_data_t *data = _data;
-  void (*func)(void*);
-  void *arg;
-  /* mask signals to worker threads to avoid SIGPIPE, etc */
-  sigset_t sigs;
-  /* We're in a subthread; don't handle any signals here. */
-  sigfillset(&sigs);
-  pthread_sigmask(SIG_SETMASK, &sigs, NULL);
-
-  func = data->func;
-  arg = data->data;
-  tor_free(_data);
-  func(arg);
-  return NULL;
-}
-/**
- * A pthread attribute to make threads start detached.
- */
-static pthread_attr_t attr_detached;
-/** True iff we've called tor_threads_init() */
-static int threads_initialized = 0;
-#endif
-
-/** Minimalist interface to run a void function in the background.  On
- * Unix calls fork, on win32 calls beginthread.  Returns -1 on failure.
- * func should not return, but rather should call spawn_exit.
- *
- * NOTE: if <b>data</b> is used, it should not be allocated on the stack,
- * since in a multithreaded environment, there is no way to be sure that
- * the caller's stack will still be around when the called function is
- * running.
- */
-int
-spawn_func(void (*func)(void *), void *data)
-{
-#if defined(USE_WIN32_THREADS)
-  int rv;
-  rv = (int)_beginthread(func, 0, data);
-  if (rv == (int)-1)
-    return -1;
-  return 0;
-#elif defined(USE_PTHREADS)
-  pthread_t thread;
-  tor_pthread_data_t *d;
-  if (PREDICT_UNLIKELY(!threads_initialized))
-    tor_threads_init();
-  d = tor_malloc(sizeof(tor_pthread_data_t));
-  d->data = data;
-  d->func = func;
-  if (pthread_create(&thread,&attr_detached,tor_pthread_helper_fn,d))
-    return -1;
-  return 0;
-#else
-  pid_t pid;
-  pid = fork();
-  if (pid<0)
-    return -1;
-  if (pid==0) {
-    /* Child */
-    func(data);
-    tor_assert(0); /* Should never reach here. */
-    return 0; /* suppress "control-reaches-end-of-non-void" warning. */
-  } else {
-    /* Parent */
-    return 0;
-  }
-#endif
-}
-
-/** End the current thread/process.
- */
-void
-spawn_exit(void)
-{
-#if defined(USE_WIN32_THREADS)
-  _endthread();
-  //we should never get here. my compiler thinks that _endthread returns, this
-  //is an attempt to fool it.
-  tor_assert(0);
-  _exit(0);
-#elif defined(USE_PTHREADS)
-  pthread_exit(NULL);
-#else
-  /* http://www.erlenstar.demon.co.uk/unix/faq_2.html says we should
-   * call _exit, not exit, from child processes. */
-  _exit(0);
-#endif
-}
-
 /** Implementation logic for compute_num_cpus(). */
 static int
 compute_num_cpus_impl(void)
@@ -2701,15 +2874,8 @@ tor_gettimeofday(struct timeval *timeval)
     uint64_t ft_64;
     FILETIME ft_ft;
   } ft;
-#if defined (WINCE)
-  /* wince do not have GetSystemTimeAsFileTime */
-  SYSTEMTIME stime;
-  GetSystemTime(&stime);
-  SystemTimeToFileTime(&stime,&ft.ft_ft);
-#else
   /* number of 100-nsec units since Jan 1, 1601 */
   GetSystemTimeAsFileTime(&ft.ft_ft);
-#endif
   if (ft.ft_64 < EPOCH_BIAS) {
     log_err(LD_GENERAL,"System time is before 1970; failing.");
     exit(1);
@@ -2735,7 +2901,7 @@ tor_gettimeofday(struct timeval *timeval)
   return;
 }
 
-#if defined(TOR_IS_MULTITHREADED) && !defined(_WIN32)
+#if !defined(_WIN32)
 /** Defined iff we need to add locks when defining fake versions of reentrant
  * versions of time-related functions. */
 #define TIME_FNS_NEED_LOCKS
@@ -2754,14 +2920,26 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
   const char *outcome;
 
   if (PREDICT_LIKELY(r)) {
-    if (r->tm_year > 8099) { /* We can't strftime dates after 9999 CE. */
+    /* We can't strftime dates after 9999 CE, and we want to avoid dates
+     * before 1 CE (avoiding the year 0 issue and negative years). */
+    if (r->tm_year > 8099) {
       r->tm_year = 8099;
       r->tm_mon = 11;
       r->tm_mday = 31;
-      r->tm_yday = 365;
+      r->tm_yday = 364;
+      r->tm_wday = 6;
       r->tm_hour = 23;
       r->tm_min = 59;
       r->tm_sec = 59;
+    } else if (r->tm_year < (1-1900)) {
+      r->tm_year = (1-1900);
+      r->tm_mon = 0;
+      r->tm_mday = 1;
+      r->tm_yday = 0;
+      r->tm_wday = 0;
+      r->tm_hour = 0;
+      r->tm_min = 0;
+      r->tm_sec = 0;
     }
     return r;
   }
@@ -2775,7 +2953,8 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
       r->tm_year = 70; /* 1970 CE */
       r->tm_mon = 0;
       r->tm_mday = 1;
-      r->tm_yday = 1;
+      r->tm_yday = 0;
+      r->tm_wday = 0;
       r->tm_hour = 0;
       r->tm_min = 0 ;
       r->tm_sec = 0;
@@ -2788,7 +2967,8 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
       r->tm_year = 137; /* 2037 CE */
       r->tm_mon = 11;
       r->tm_mday = 31;
-      r->tm_yday = 365;
+      r->tm_yday = 364;
+      r->tm_wday = 6;
       r->tm_hour = 23;
       r->tm_min = 59;
       r->tm_sec = 59;
@@ -2857,7 +3037,7 @@ tor_localtime_r(const time_t *timep, struct tm *result)
 /** @} */
 
 /** @{ */
-/** As gmtimee_r, but defined for platforms that don't have it:
+/** As gmtime_r, but defined for platforms that don't have it:
  *
  * Convert *<b>timep</b> to a struct tm in UTC, and store the value in
  * *<b>result</b>.  Return the result on success, or NULL on failure.
@@ -2898,282 +3078,6 @@ tor_gmtime_r(const time_t *timep, struct tm *result)
 }
 #endif
 
-#if defined(USE_WIN32_THREADS)
-void
-tor_mutex_init(tor_mutex_t *m)
-{
-  InitializeCriticalSection(&m->mutex);
-}
-void
-tor_mutex_uninit(tor_mutex_t *m)
-{
-  DeleteCriticalSection(&m->mutex);
-}
-void
-tor_mutex_acquire(tor_mutex_t *m)
-{
-  tor_assert(m);
-  EnterCriticalSection(&m->mutex);
-}
-void
-tor_mutex_release(tor_mutex_t *m)
-{
-  LeaveCriticalSection(&m->mutex);
-}
-unsigned long
-tor_get_thread_id(void)
-{
-  return (unsigned long)GetCurrentThreadId();
-}
-#elif defined(USE_PTHREADS)
-/** A mutex attribute that we're going to use to tell pthreads that we want
- * "reentrant" mutexes (i.e., once we can re-lock if we're already holding
- * them.) */
-static pthread_mutexattr_t attr_reentrant;
-/** Initialize <b>mutex</b> so it can be locked.  Every mutex must be set
- * up with tor_mutex_init() or tor_mutex_new(); not both. */
-void
-tor_mutex_init(tor_mutex_t *mutex)
-{
-  int err;
-  if (PREDICT_UNLIKELY(!threads_initialized))
-    tor_threads_init();
-  err = pthread_mutex_init(&mutex->mutex, &attr_reentrant);
-  if (PREDICT_UNLIKELY(err)) {
-    log_err(LD_GENERAL, "Error %d creating a mutex.", err);
-    tor_fragile_assert();
-  }
-}
-/** Wait until <b>m</b> is free, then acquire it. */
-void
-tor_mutex_acquire(tor_mutex_t *m)
-{
-  int err;
-  tor_assert(m);
-  err = pthread_mutex_lock(&m->mutex);
-  if (PREDICT_UNLIKELY(err)) {
-    log_err(LD_GENERAL, "Error %d locking a mutex.", err);
-    tor_fragile_assert();
-  }
-}
-/** Release the lock <b>m</b> so another thread can have it. */
-void
-tor_mutex_release(tor_mutex_t *m)
-{
-  int err;
-  tor_assert(m);
-  err = pthread_mutex_unlock(&m->mutex);
-  if (PREDICT_UNLIKELY(err)) {
-    log_err(LD_GENERAL, "Error %d unlocking a mutex.", err);
-    tor_fragile_assert();
-  }
-}
-/** Clean up the mutex <b>m</b> so that it no longer uses any system
- * resources.  Does not free <b>m</b>.  This function must only be called on
- * mutexes from tor_mutex_init(). */
-void
-tor_mutex_uninit(tor_mutex_t *m)
-{
-  int err;
-  tor_assert(m);
-  err = pthread_mutex_destroy(&m->mutex);
-  if (PREDICT_UNLIKELY(err)) {
-    log_err(LD_GENERAL, "Error %d destroying a mutex.", err);
-    tor_fragile_assert();
-  }
-}
-/** Return an integer representing this thread. */
-unsigned long
-tor_get_thread_id(void)
-{
-  union {
-    pthread_t thr;
-    unsigned long id;
-  } r;
-  r.thr = pthread_self();
-  return r.id;
-}
-#endif
-
-#ifdef TOR_IS_MULTITHREADED
-/** Return a newly allocated, ready-for-use mutex. */
-tor_mutex_t *
-tor_mutex_new(void)
-{
-  tor_mutex_t *m = tor_malloc_zero(sizeof(tor_mutex_t));
-  tor_mutex_init(m);
-  return m;
-}
-/** Release all storage and system resources held by <b>m</b>. */
-void
-tor_mutex_free(tor_mutex_t *m)
-{
-  if (!m)
-    return;
-  tor_mutex_uninit(m);
-  tor_free(m);
-}
-#endif
-
-/* Conditions. */
-#ifdef USE_PTHREADS
-#if 0
-/** Cross-platform condition implementation. */
-struct tor_cond_t {
-  pthread_cond_t cond;
-};
-/** Return a newly allocated condition, with nobody waiting on it. */
-tor_cond_t *
-tor_cond_new(void)
-{
-  tor_cond_t *cond = tor_malloc_zero(sizeof(tor_cond_t));
-  if (pthread_cond_init(&cond->cond, NULL)) {
-    tor_free(cond);
-    return NULL;
-  }
-  return cond;
-}
-/** Release all resources held by <b>cond</b>. */
-void
-tor_cond_free(tor_cond_t *cond)
-{
-  if (!cond)
-    return;
-  if (pthread_cond_destroy(&cond->cond)) {
-    log_warn(LD_GENERAL,"Error freeing condition: %s", strerror(errno));
-    return;
-  }
-  tor_free(cond);
-}
-/** Wait until one of the tor_cond_signal functions is called on <b>cond</b>.
- * All waiters on the condition must wait holding the same <b>mutex</b>.
- * Returns 0 on success, negative on failure. */
-int
-tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex)
-{
-  return pthread_cond_wait(&cond->cond, &mutex->mutex) ? -1 : 0;
-}
-/** Wake up one of the waiters on <b>cond</b>. */
-void
-tor_cond_signal_one(tor_cond_t *cond)
-{
-  pthread_cond_signal(&cond->cond);
-}
-/** Wake up all of the waiters on <b>cond</b>. */
-void
-tor_cond_signal_all(tor_cond_t *cond)
-{
-  pthread_cond_broadcast(&cond->cond);
-}
-#endif
-/** Set up common structures for use by threading. */
-void
-tor_threads_init(void)
-{
-  if (!threads_initialized) {
-    pthread_mutexattr_init(&attr_reentrant);
-    pthread_mutexattr_settype(&attr_reentrant, PTHREAD_MUTEX_RECURSIVE);
-    tor_assert(0==pthread_attr_init(&attr_detached));
-    tor_assert(0==pthread_attr_setdetachstate(&attr_detached, 1));
-    threads_initialized = 1;
-    set_main_thread();
-  }
-}
-#elif defined(USE_WIN32_THREADS)
-#if 0
-static DWORD cond_event_tls_index;
-struct tor_cond_t {
-  CRITICAL_SECTION mutex;
-  smartlist_t *events;
-};
-tor_cond_t *
-tor_cond_new(void)
-{
-  tor_cond_t *cond = tor_malloc_zero(sizeof(tor_cond_t));
-  InitializeCriticalSection(&cond->mutex);
-  cond->events = smartlist_new();
-  return cond;
-}
-void
-tor_cond_free(tor_cond_t *cond)
-{
-  if (!cond)
-    return;
-  DeleteCriticalSection(&cond->mutex);
-  /* XXXX notify? */
-  smartlist_free(cond->events);
-  tor_free(cond);
-}
-int
-tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex)
-{
-  HANDLE event;
-  int r;
-  tor_assert(cond);
-  tor_assert(mutex);
-  event = TlsGetValue(cond_event_tls_index);
-  if (!event) {
-    event = CreateEvent(0, FALSE, FALSE, NULL);
-    TlsSetValue(cond_event_tls_index, event);
-  }
-  EnterCriticalSection(&cond->mutex);
-
-  tor_assert(WaitForSingleObject(event, 0) == WAIT_TIMEOUT);
-  tor_assert(!smartlist_contains(cond->events, event));
-  smartlist_add(cond->events, event);
-
-  LeaveCriticalSection(&cond->mutex);
-
-  tor_mutex_release(mutex);
-  r = WaitForSingleObject(event, INFINITE);
-  tor_mutex_acquire(mutex);
-
-  switch (r) {
-    case WAIT_OBJECT_0: /* we got the mutex normally. */
-      break;
-    case WAIT_ABANDONED: /* holding thread exited. */
-    case WAIT_TIMEOUT: /* Should never happen. */
-      tor_assert(0);
-      break;
-    case WAIT_FAILED:
-      log_warn(LD_GENERAL, "Failed to acquire mutex: %d",(int) GetLastError());
-  }
-  return 0;
-}
-void
-tor_cond_signal_one(tor_cond_t *cond)
-{
-  HANDLE event;
-  tor_assert(cond);
-
-  EnterCriticalSection(&cond->mutex);
-
-  if ((event = smartlist_pop_last(cond->events)))
-    SetEvent(event);
-
-  LeaveCriticalSection(&cond->mutex);
-}
-void
-tor_cond_signal_all(tor_cond_t *cond)
-{
-  tor_assert(cond);
-
-  EnterCriticalSection(&cond->mutex);
-  SMARTLIST_FOREACH(cond->events, HANDLE, event, SetEvent(event));
-  smartlist_clear(cond->events);
-  LeaveCriticalSection(&cond->mutex);
-}
-#endif
-void
-tor_threads_init(void)
-{
-#if 0
-  cond_event_tls_index = TlsAlloc();
-#endif
-  set_main_thread();
-}
-#endif
-
 #if defined(HAVE_MLOCKALL) && HAVE_DECL_MLOCKALL && defined(RLIMIT_MEMLOCK)
 /** Attempt to raise the current and max rlimit to infinity for our process.
  * This only needs to be done once and can probably only be done when we have
@@ -3257,23 +3161,6 @@ tor_mlockall(void)
 #endif
 }
 
-/** Identity of the "main" thread */
-static unsigned long main_thread_id = -1;
-
-/** Start considering the current thread to be the 'main thread'.  This has
- * no effect on anything besides in_main_thread(). */
-void
-set_main_thread(void)
-{
-  main_thread_id = tor_get_thread_id();
-}
-/** Return true iff called from the main thread. */
-int
-in_main_thread(void)
-{
-  return main_thread_id == tor_get_thread_id();
-}
-
 /**
  * On Windows, WSAEWOULDBLOCK is not always correct: when you see it,
  * you need to ask the socket for its actual errno.  Also, you need to
@@ -3521,7 +3408,7 @@ get_total_system_memory_impl(void)
   size_t len = sizeof(memsize);
   int mib[2] = {CTL_HW, HW_USERMEM};
   if (sysctl(mib,2,&memsize,&len,NULL,0))
-    return -1;
+    return 0;
 
   return memsize;
 
@@ -3552,12 +3439,12 @@ get_total_system_memory(size_t *mem_out)
     return 0;
   }
 
-#if SIZE_T_MAX != UINT64_MAX
-  if (m > SIZE_T_MAX) {
+#if SIZE_MAX != UINT64_MAX
+  if (m > SIZE_MAX) {
     /* I think this could happen if we're a 32-bit Tor running on a 64-bit
      * system: we could have more system memory than would fit in a
      * size_t. */
-    m = SIZE_T_MAX;
+    m = SIZE_MAX;
   }
 #endif
 
@@ -3586,3 +3473,120 @@ tor_sleep_msec(int msec)
 }
 #endif
 
+/** Emit the password prompt <b>prompt</b>, then read up to <b>buflen</b>
+ * bytes of passphrase into <b>output</b>. Return the number of bytes in
+ * the passphrase, excluding terminating NUL.
+ */
+ssize_t
+tor_getpass(const char *prompt, char *output, size_t buflen)
+{
+  tor_assert(buflen <= SSIZE_MAX);
+  tor_assert(buflen >= 1);
+#if defined(HAVE_READPASSPHRASE)
+  char *pwd = readpassphrase(prompt, output, buflen, RPP_ECHO_OFF);
+  if (pwd == NULL)
+    return -1;
+  return strlen(pwd);
+#elif defined(_WIN32)
+  int r = -1;
+  while (*prompt) {
+    _putch(*prompt++);
+  }
+
+  tor_assert(buflen <= INT_MAX);
+  wchar_t *buf = tor_calloc(buflen, sizeof(wchar_t));
+
+  wchar_t *ptr = buf, *lastch = buf + buflen - 1;
+  while (ptr < lastch) {
+    wint_t ch = _getwch();
+    switch (ch) {
+      case '\r':
+      case '\n':
+      case WEOF:
+        goto done_reading;
+      case 3:
+        goto done; /* Can't actually read ctrl-c this way. */
+      case '\b':
+        if (ptr > buf)
+          --ptr;
+        continue;
+      case 0:
+      case 0xe0:
+        ch = _getwch(); /* Ignore; this is a function or arrow key */
+        break;
+      default:
+        *ptr++ = ch;
+        break;
+    }
+  }
+ done_reading:
+  ;
+
+#ifndef WC_ERR_INVALID_CHARS
+#define WC_ERR_INVALID_CHARS 0x80
+#endif
+
+  /* Now convert it to UTF-8 */
+  r = WideCharToMultiByte(CP_UTF8,
+                          WC_NO_BEST_FIT_CHARS|WC_ERR_INVALID_CHARS,
+                          buf, (int)(ptr-buf),
+                          output, (int)(buflen-1),
+                          NULL, NULL);
+  if (r <= 0) {
+    r = -1;
+    goto done;
+  }
+
+  tor_assert(r < (int)buflen);
+
+  output[r] = 0;
+
+ done:
+  SecureZeroMemory(buf, sizeof(wchar_t)*buflen);
+  tor_free(buf);
+  return r;
+#else
+#error "No implementation for tor_getpass found!"
+#endif
+}
+
+/** Return the amount of free disk space we have permission to use, in
+ * bytes. Return -1 if the amount of free space can't be determined. */
+int64_t
+tor_get_avail_disk_space(const char *path)
+{
+#ifdef HAVE_STATVFS
+  struct statvfs st;
+  int r;
+  memset(&st, 0, sizeof(st));
+
+  r = statvfs(path, &st);
+  if (r < 0)
+    return -1;
+
+  int64_t result = st.f_bavail;
+  if (st.f_frsize) {
+    result *= st.f_frsize;
+  } else if (st.f_bsize) {
+    result *= st.f_bsize;
+  } else {
+    return -1;
+  }
+
+  return result;
+#elif defined(_WIN32)
+  ULARGE_INTEGER freeBytesAvail;
+  BOOL ok;
+
+  ok = GetDiskFreeSpaceEx(path, &freeBytesAvail, NULL, NULL);
+  if (!ok) {
+    return -1;
+  }
+  return (int64_t)freeBytesAvail.QuadPart;
+#else
+  (void)path;
+  errno = ENOSYS;
+  return -1;
+#endif
+}
+
diff --git a/src/common/compat.h b/src/common/compat.h
index 531e88f1bd..8cf84580c6 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -1,26 +1,18 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_COMPAT_H
 #define TOR_COMPAT_H
 
 #include "orconfig.h"
-#include "torint.h"
-#include "testsupport.h"
 #ifdef _WIN32
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
-#endif
-#define WIN32_LEAN_AND_MEAN
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
-#include <winsock.h>
-#else
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#endif
+#include "torint.h"
+#include "testsupport.h"
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
@@ -36,9 +28,6 @@
 #ifdef HAVE_STRING_H
 #include <string.h>
 #endif
-#if defined(HAVE_PTHREAD_H) && !defined(_WIN32)
-#include <pthread.h>
-#endif
 #include <stdarg.h>
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
@@ -53,24 +42,18 @@
 #include <netinet6/in6.h>
 #endif
 
+#if defined(__has_feature)
+#  if __has_feature(address_sanitizer)
+/* Some of the fancy glibc strcmp() macros include references to memory that
+ * clang rejects because it is off the end of a less-than-3. Clang hates this,
+ * even though those references never actually happen. */
+#    undef strcmp
+#  endif
+#endif
+
 #include <stdio.h>
 #include <errno.h>
 
-#if defined (WINCE)
-#include <fcntl.h>
-#include <io.h>
-#include <math.h>
-#include <projects.h>
-/* this is not exported as W .... */
-#define SHGetPathFromIDListW SHGetPathFromIDList
-/* wcecompat has vasprintf */
-#define HAVE_VASPRINTF
-/* no service here */
-#ifdef NT_SERVICE
-#undef NT_SERVICE
-#endif
-#endif // WINCE
-
 #ifndef NULL_REP_IS_ZERO_BYTES
 #error "It seems your platform does not represent NULL as zero. We can't cope."
 #endif
@@ -101,20 +84,13 @@
 
 /* inline is __inline on windows. */
 #ifdef _WIN32
-#define INLINE __inline
-#else
-#define INLINE inline
+#define inline __inline
 #endif
 
 /* Try to get a reasonable __func__ substitute in place. */
 #if defined(_MSC_VER)
-/* MSVC compilers before VC7 don't have __func__ at all; later ones call it
- * __FUNCTION__. */
-#if _MSC_VER < 1300
-#define __func__ "???"
-#else
+
 #define __func__ __FUNCTION__
-#endif
 
 #else
 /* For platforms where autoconf works, make sure __func__ is defined
@@ -130,18 +106,8 @@
 #endif /* ifndef MAVE_MACRO__func__ */
 #endif /* if not windows */
 
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
-/* MSVC versions before 7 apparently don't believe that you can cast uint64_t
- * to double and really mean it. */
-extern INLINE double U64_TO_DBL(uint64_t x) {
-  int64_t i = (int64_t) x;
-  return (i < 0) ? ((double) INT64_MAX) : (double) i;
-}
-#define DBL_TO_U64(x) ((uint64_t)(int64_t) (x))
-#else
 #define U64_TO_DBL(x) ((double) (x))
 #define DBL_TO_U64(x) ((uint64_t) (x))
-#endif
 
 #ifdef ENUM_VALS_ARE_SIGNED
 #define ENUM_BF(t) unsigned
@@ -159,6 +125,7 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
 #define ATTR_CONST __attribute__((const))
 #define ATTR_MALLOC __attribute__((malloc))
 #define ATTR_NORETURN __attribute__((noreturn))
+#define ATTR_WUR __attribute__((warn_unused_result))
 /* Alas, nonnull is not at present a good idea for us.  We'd like to get
  * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
  * spottily), but we don't want to tell the compiler to make optimizations
@@ -194,6 +161,7 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
 #define ATTR_NORETURN
 #define ATTR_NONNULL(x)
 #define ATTR_UNUSED
+#define ATTR_WUR
 #define PREDICT_LIKELY(exp) (exp)
 #define PREDICT_UNLIKELY(exp) (exp)
 #endif
@@ -218,6 +186,15 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
 #define STMT_END } while (0)
 #endif
 
+/* Some tools (like coccinelle) don't like to see operators as macro
+ * arguments. */
+#define OP_LT <
+#define OP_GT >
+#define OP_GE >=
+#define OP_LE <=
+#define OP_EQ ==
+#define OP_NE !=
+
 /* ===== String compatibility */
 #ifdef _WIN32
 /* Windows names string functions differently from most other platforms. */
@@ -320,7 +297,7 @@ const void *tor_memmem(const void *haystack, size_t hlen, const void *needle,
                        size_t nlen) ATTR_NONNULL((1,3));
 static const void *tor_memstr(const void *haystack, size_t hlen,
                            const char *needle) ATTR_NONNULL((1,3));
-static INLINE const void *
+static inline const void *
 tor_memstr(const void *haystack, size_t hlen, const char *needle)
 {
   return tor_memmem(haystack, hlen, needle, strlen(needle));
@@ -331,7 +308,7 @@ tor_memstr(const void *haystack, size_t hlen, const char *needle)
 #define DECLARE_CTYPE_FN(name)                                          \
   static int TOR_##name(char c);                                        \
   extern const uint32_t TOR_##name##_TABLE[];                           \
-  static INLINE int TOR_##name(char c) {                                \
+  static inline int TOR_##name(char c) {                                \
     uint8_t u = c;                                                      \
     return !!(TOR_##name##_TABLE[(u >> 5) & 7] & (1u << (u & 31)));     \
   }
@@ -435,6 +412,9 @@ void tor_lockfile_unlock(tor_lockfile_t *lockfile);
 off_t tor_fd_getpos(int fd);
 int tor_fd_setpos(int fd, off_t pos);
 int tor_fd_seekend(int fd);
+int tor_ftruncate(int fd);
+
+int64_t tor_get_avail_disk_space(const char *path);
 
 #ifdef _WIN32
 #define PATH_SEPARATOR "\\"
@@ -471,7 +451,8 @@ int tor_close_socket(tor_socket_t s);
 tor_socket_t tor_open_socket_with_extensions(
                                            int domain, int type, int protocol,
                                            int cloexec, int nonblock);
-tor_socket_t tor_open_socket(int domain, int type, int protocol);
+MOCK_DECL(tor_socket_t,
+tor_open_socket,(int domain, int type, int protocol));
 tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol);
 tor_socket_t tor_accept_socket(tor_socket_t sockfd, struct sockaddr *addr,
                                   socklen_t *len);
@@ -482,8 +463,15 @@ tor_socket_t tor_accept_socket_with_extensions(tor_socket_t sockfd,
                                                struct sockaddr *addr,
                                                socklen_t *len,
                                                int cloexec, int nonblock);
+MOCK_DECL(tor_socket_t,
+tor_connect_socket,(tor_socket_t socket,const struct sockaddr *address,
+                    socklen_t address_len));
 int get_n_open_sockets(void);
 
+MOCK_DECL(int,
+tor_getsockname,(tor_socket_t socket, struct sockaddr *address,
+                 socklen_t *address_len));
+
 #define tor_socket_send(s, buf, len, flags) send(s, buf, len, flags)
 #define tor_socket_recv(s, buf, len, flags) recv(s, buf, len, flags)
 
@@ -549,10 +537,11 @@ struct sockaddr_in6 {
 };
 #endif
 
+MOCK_DECL(int,tor_gethostname,(char *name, size_t namelen));
 int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
 const char *tor_inet_ntop(int af, const void *src, char *dst, size_t len);
 int tor_inet_pton(int af, const char *src, void *dst);
-int tor_lookup_hostname(const char *name, uint32_t *addr) ATTR_NONNULL((1,2));
+MOCK_DECL(int,tor_lookup_hostname,(const char *name, uint32_t *addr));
 int set_socket_nonblocking(tor_socket_t socket);
 int tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]);
 int network_init(void);
@@ -579,26 +568,30 @@ int network_init(void);
 #define ERRNO_IS_ACCEPT_EAGAIN(e)    ERRNO_IS_EAGAIN(e)
 /** Return true if e is EMFILE or another error indicating that a call to
  * accept() has failed because we're out of fds or something. */
-#define ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e) \
+#define ERRNO_IS_RESOURCE_LIMIT(e) \
   ((e) == WSAEMFILE || (e) == WSAENOBUFS)
 /** Return true if e is EADDRINUSE or the local equivalent. */
 #define ERRNO_IS_EADDRINUSE(e)      ((e) == WSAEADDRINUSE)
+/** Return true if e is EINTR  or the local equivalent */
+#define ERRNO_IS_EINTR(e)            ((e) == WSAEINTR || 0)
 int tor_socket_errno(tor_socket_t sock);
 const char *tor_socket_strerror(int e);
 #else
 #define SOCK_ERRNO(e) e
 #if EAGAIN == EWOULDBLOCK
-#define ERRNO_IS_EAGAIN(e)           ((e) == EAGAIN)
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define ERRNO_IS_EAGAIN(e)           ((e) == EAGAIN || 0)
 #else
 #define ERRNO_IS_EAGAIN(e)           ((e) == EAGAIN || (e) == EWOULDBLOCK)
 #endif
-#define ERRNO_IS_EINPROGRESS(e)      ((e) == EINPROGRESS)
-#define ERRNO_IS_CONN_EINPROGRESS(e) ((e) == EINPROGRESS)
+#define ERRNO_IS_EINTR(e)            ((e) == EINTR || 0)
+#define ERRNO_IS_EINPROGRESS(e)      ((e) == EINPROGRESS || 0)
+#define ERRNO_IS_CONN_EINPROGRESS(e) ((e) == EINPROGRESS || 0)
 #define ERRNO_IS_ACCEPT_EAGAIN(e) \
   (ERRNO_IS_EAGAIN(e) || (e) == ECONNABORTED)
-#define ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e) \
+#define ERRNO_IS_RESOURCE_LIMIT(e) \
   ((e) == EMFILE || (e) == ENFILE || (e) == ENOBUFS || (e) == ENOMEM)
-#define ERRNO_IS_EADDRINUSE(e)       ((e) == EADDRINUSE)
+#define ERRNO_IS_EADDRINUSE(e)       (((e) == EADDRINUSE) || 0)
 #define tor_socket_errno(sock)       (errno)
 #define tor_socket_strerror(e)       strerror(e)
 #endif
@@ -617,7 +610,7 @@ typedef enum {
 } socks5_reply_status_t;
 
 /* ===== OS compatibility */
-const char *get_uname(void);
+MOCK_DECL(const char *, get_uname, (void));
 
 uint16_t get_uint16(const void *cp) ATTR_NONNULL((1));
 uint32_t get_uint32(const void *cp) ATTR_NONNULL((1));
@@ -629,7 +622,7 @@ void set_uint64(void *cp, uint64_t v) ATTR_NONNULL((1));
 /* These uint8 variants are defined to make the code more uniform. */
 #define get_uint8(cp) (*(const uint8_t*)(cp))
 static void set_uint8(void *cp, uint8_t v);
-static INLINE void
+static inline void
 set_uint8(void *cp, uint8_t v)
 {
   *(uint8_t*)cp = v;
@@ -638,9 +631,21 @@ set_uint8(void *cp, uint8_t v)
 #if !defined(HAVE_RLIM_T)
 typedef unsigned long rlim_t;
 #endif
+int get_max_sockets(void);
 int set_max_file_descriptors(rlim_t limit, int *max);
 int tor_disable_debugger_attach(void);
-int switch_id(const char *user);
+
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_CAP_SET_PROC)
+#define HAVE_LINUX_CAPABILITIES
+#endif
+
+int have_capability_support(void);
+
+/** Flag for switch_id; see switch_id() for documentation */
+#define SWITCH_ID_KEEP_BINDLOW    (1<<0)
+/** Flag for switch_id; see switch_id() for documentation */
+#define SWITCH_ID_WARN_IF_NO_CAPS (1<<1)
+int switch_id(const char *user, unsigned flags);
 #ifdef HAVE_PWD_H
 char *get_user_homedir(const char *username);
 #endif
@@ -657,77 +662,10 @@ char **get_environment(void);
 
 int get_total_system_memory(size_t *mem_out);
 
-int spawn_func(void (*func)(void *), void *data);
-void spawn_exit(void) ATTR_NORETURN;
-
-#if defined(ENABLE_THREADS) && defined(_WIN32)
-#define USE_WIN32_THREADS
-#define TOR_IS_MULTITHREADED 1
-#elif (defined(ENABLE_THREADS) && defined(HAVE_PTHREAD_H) && \
-       defined(HAVE_PTHREAD_CREATE))
-#define USE_PTHREADS
-#define TOR_IS_MULTITHREADED 1
-#else
-#undef TOR_IS_MULTITHREADED
-#endif
-
 int compute_num_cpus(void);
 
-/* Because we use threads instead of processes on most platforms (Windows,
- * Linux, etc), we need locking for them.  On platforms with poor thread
- * support or broken gethostbyname_r, these functions are no-ops. */
-
-/** A generic lock structure for multithreaded builds. */
-typedef struct tor_mutex_t {
-#if defined(USE_WIN32_THREADS)
-  /** Windows-only: on windows, we implement locks with CRITICAL_SECTIONS. */
-  CRITICAL_SECTION mutex;
-#elif defined(USE_PTHREADS)
-  /** Pthreads-only: with pthreads, we implement locks with
-   * pthread_mutex_t. */
-  pthread_mutex_t mutex;
-#else
-  /** No-threads only: Dummy variable so that tor_mutex_t takes up space. */
-  int _unused;
-#endif
-} tor_mutex_t;
-
 int tor_mlockall(void);
 
-#ifdef TOR_IS_MULTITHREADED
-tor_mutex_t *tor_mutex_new(void);
-void tor_mutex_init(tor_mutex_t *m);
-void tor_mutex_acquire(tor_mutex_t *m);
-void tor_mutex_release(tor_mutex_t *m);
-void tor_mutex_free(tor_mutex_t *m);
-void tor_mutex_uninit(tor_mutex_t *m);
-unsigned long tor_get_thread_id(void);
-void tor_threads_init(void);
-#else
-#define tor_mutex_new() ((tor_mutex_t*)tor_malloc(sizeof(int)))
-#define tor_mutex_init(m) STMT_NIL
-#define tor_mutex_acquire(m) STMT_VOID(m)
-#define tor_mutex_release(m) STMT_NIL
-#define tor_mutex_free(m) STMT_BEGIN tor_free(m); STMT_END
-#define tor_mutex_uninit(m) STMT_NIL
-#define tor_get_thread_id() (1UL)
-#define tor_threads_init() STMT_NIL
-#endif
-
-void set_main_thread(void);
-int in_main_thread(void);
-
-#ifdef TOR_IS_MULTITHREADED
-#if 0
-typedef struct tor_cond_t tor_cond_t;
-tor_cond_t *tor_cond_new(void);
-void tor_cond_free(tor_cond_t *cond);
-int tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex);
-void tor_cond_signal_one(tor_cond_t *cond);
-void tor_cond_signal_all(tor_cond_t *cond);
-#endif
-#endif
-
 /** Macros for MIN/MAX.  Never use these when the arguments could have
  * side-effects.
  * {With GCC extensions we could probably define a safer MIN/MAX.  But
@@ -773,5 +711,10 @@ STATIC int tor_ersatz_socketpair(int family, int type, int protocol,
 #endif
 #endif
 
+ssize_t tor_getpass(const char *prompt, char *output, size_t buflen);
+
+/* This needs some of the declarations above so we include it here. */
+#include "compat_threads.h"
+
 #endif
 
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 74b54bb855..cc58883750 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2009-2013, The Tor Project, Inc. */
+/* Copyright (c) 2009-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -11,6 +11,7 @@
 
 #include "orconfig.h"
 #include "compat.h"
+#define COMPAT_LIBEVENT_PRIVATE
 #include "compat_libevent.h"
 
 #include "crypto.h"
@@ -28,44 +29,11 @@
 #include <event.h>
 #endif
 
-/** A number representing a version of Libevent.
-
-    This is a 4-byte number, with the first three bytes representing the
-    major, minor, and patchlevel respectively of the library.  The fourth
-    byte is unused.
-
-    This is equivalent to the format of LIBEVENT_VERSION_NUMBER on Libevent
-    2.0.1 or later.  For versions of Libevent before 1.4.0, which followed the
-    format of "1.0, 1.0a, 1.0b", we define 1.0 to be equivalent to 1.0.0, 1.0a
-    to be equivalent to 1.0.1, and so on.
-*/
-typedef uint32_t le_version_t;
-
-/** @{ */
-/** Macros: returns the number of a libevent version as a le_version_t */
-#define V(major, minor, patch) \
-  (((major) << 24) | ((minor) << 16) | ((patch) << 8))
-#define V_OLD(major, minor, patch) \
-  V((major), (minor), (patch)-'a'+1)
-/** @} */
-
-/** Represetns a version of libevent so old we can't figure out what version
- * it is. */
-#define LE_OLD V(0,0,0)
-/** Represents a version of libevent so weird we can't figure out what version
- * it is. */
-#define LE_OTHER V(0,0,99)
-
-#if 0
-static le_version_t tor_get_libevent_version(const char **v_out);
-#endif
-
-#if defined(HAVE_EVENT_SET_LOG_CALLBACK) || defined(RUNNING_DOXYGEN)
 /** A string which, if it appears in a libevent log, should be ignored. */
 static const char *suppress_msg = NULL;
 /** Callback function passed to event_set_log() so we can intercept
  * log messages from libevent. */
-static void
+STATIC void
 libevent_logging_callback(int severity, const char *msg)
 {
   char buf[1024];
@@ -107,17 +75,6 @@ suppress_libevent_log_msg(const char *msg)
 {
   suppress_msg = msg;
 }
-#else
-void
-configure_libevent_logging(void)
-{
-}
-void
-suppress_libevent_log_msg(const char *msg)
-{
-  (void)msg;
-}
-#endif
 
 #ifndef HAVE_EVENT2_EVENT_H
 /** Work-alike replacement for event_new() on pre-Libevent-2.0 systems. */
@@ -146,13 +103,25 @@ tor_evsignal_new(struct event_base * base, int sig,
 {
   return tor_event_new(base, sig, EV_SIGNAL|EV_PERSIST, cb, arg);
 }
-/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems. */
+/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems,
+ * except tolerate tor_event_free(NULL). */
 void
 tor_event_free(struct event *ev)
 {
+  if (ev == NULL)
+    return;
   event_del(ev);
   tor_free(ev);
 }
+#else
+/* Wrapper for event_free() that tolerates tor_event_free(NULL) */
+void
+tor_event_free(struct event *ev)
+{
+  if (ev == NULL)
+    return;
+  event_free(ev);
+}
 #endif
 
 /** Global event base for use by the main thread. */
@@ -210,6 +179,9 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
     } else {
       using_iocp_bufferevents = 0;
     }
+#elif defined(__COVERITY__)
+    /* Avoid a 'dead code' warning below. */
+    using_threads = ! torcfg->disable_iocp;
 #endif
 
     if (!using_threads) {
@@ -260,19 +232,11 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
     exit(1);
   }
 
-#if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
   /* Making this a NOTICE for now so we can link bugs to a libevent versions
    * or methods better. */
   log_info(LD_GENERAL,
       "Initialized libevent version %s using method %s. Good.",
       event_get_version(), tor_libevent_get_method());
-#else
-  log_notice(LD_GENERAL,
-      "Initialized old libevent (version 1.0b or earlier).");
-  log_warn(LD_GENERAL,
-      "You have a *VERY* old version of libevent.  It is likely to be buggy; "
-      "please build Tor with a more recent version.");
-#endif
 
 #ifdef USE_BUFFEREVENTS
   tor_libevent_set_tick_timeout(torcfg->msec_per_tick);
@@ -280,40 +244,28 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
 }
 
 /** Return the current Libevent event base that we're set up to use. */
-struct event_base *
-tor_libevent_get_base(void)
+MOCK_IMPL(struct event_base *,
+tor_libevent_get_base, (void))
 {
+  tor_assert(the_event_base != NULL);
   return the_event_base;
 }
 
-#ifndef HAVE_EVENT_BASE_LOOPEXIT
-/** Replacement for event_base_loopexit on some very old versions of Libevent
- * that we are not yet brave enough to deprecate. */
-int
-tor_event_base_loopexit(struct event_base *base, struct timeval *tv)
-{
-  tor_assert(base == the_event_base);
-  return event_loopexit(tv);
-}
-#endif
-
 /** Return the name of the Libevent backend we're using. */
 const char *
 tor_libevent_get_method(void)
 {
 #ifdef HAVE_EVENT2_EVENT_H
   return event_base_get_method(the_event_base);
-#elif defined(HAVE_EVENT_GET_METHOD)
-  return event_get_method();
 #else
-  return "<unknown>";
+  return event_get_method();
 #endif
 }
 
 /** Return the le_version_t for the version of libevent specified in the
  * string <b>v</b>.  If the version is very new or uses an unrecognized
  * version, format, return LE_OTHER. */
-static le_version_t
+STATIC le_version_t
 tor_decode_libevent_version(const char *v)
 {
   unsigned major, minor, patchlevel;
@@ -344,7 +296,7 @@ tor_decode_libevent_version(const char *v)
  * Two different versions with different numbers are sure not to be binary
  * compatible.  Two different versions with the same numbers have a decent
  * chance of binary compatibility.*/
-static int
+STATIC int
 le_versions_compatibility(le_version_t v)
 {
   if (v == LE_OTHER)
@@ -361,54 +313,12 @@ le_versions_compatibility(le_version_t v)
     return 5;
 }
 
-#if 0
-/** Return the version number of the currently running version of Libevent.
- * See le_version_t for info on the format.
- */
-static le_version_t
-tor_get_libevent_version(const char **v_out)
-{
-  const char *v;
-  le_version_t r;
-#if defined(HAVE_EVENT_GET_VERSION_NUMBER)
-  v = event_get_version();
-  r = event_get_version_number();
-#elif defined (HAVE_EVENT_GET_VERSION)
-  v = event_get_version();
-  r = tor_decode_libevent_version(v);
-#else
-  v = "pre-1.0c";
-  r = LE_OLD;
-#endif
-  if (v_out)
-    *v_out = v;
-  return r;
-}
-#endif
-
 /** Return a string representation of the version of the currently running
  * version of Libevent. */
 const char *
 tor_libevent_get_version_str(void)
 {
-#ifdef HAVE_EVENT_GET_VERSION
   return event_get_version();
-#else
-  return "pre-1.0c";
-#endif
-}
-
-/**
- * Compare the current Libevent method and version to a list of versions
- * which are known not to work.  Warn the user as appropriate.
- */
-void
-tor_check_libevent_version(const char *m, int server,
-                           const char **badness_out)
-{
-  (void) m;
-  (void) server;
-  *badness_out = NULL;
 }
 
 #if defined(LIBEVENT_VERSION)
@@ -437,7 +347,7 @@ tor_check_libevent_header_compatibility(void)
   /* In libevent versions before 2.0, it's hard to keep binary compatibility
    * between upgrades, and unpleasant to detect when the version we compiled
    * against is unlike the version we have linked against. Here's how. */
-#if defined(HEADER_VERSION) && defined(HAVE_EVENT_GET_VERSION)
+#if defined(HEADER_VERSION)
   /* We have a header-file version and a function-call version. Easy. */
   if (strcmp(HEADER_VERSION, event_get_version())) {
     le_version_t v1, v2;
@@ -459,7 +369,7 @@ tor_check_libevent_header_compatibility(void)
     else
       log_info(LD_GENERAL, "I think these versions are binary-compatible.");
   }
-#elif defined(HAVE_EVENT_GET_VERSION)
+#else
   /* event_get_version but no _EVENT_VERSION.  We might be in 1.4.0-beta or
      earlier, where that's normal.  To see whether we were compiled with an
      earlier version, let's see whether the struct event defines MIN_HEAP_IDX.
@@ -489,9 +399,6 @@ tor_check_libevent_header_compatibility(void)
   }
 #endif
 
-#elif defined(HEADER_VERSION)
-#warn "_EVENT_VERSION is defined but not get_event_version(): Libevent is odd."
-#else
   /* Your libevent is ancient. */
 #endif
 }
@@ -714,7 +621,7 @@ tor_gettimeofday_cached_monotonic(struct timeval *tv)
   struct timeval last_tv = { 0, 0 };
 
   tor_gettimeofday_cached(tv);
-  if (timercmp(tv, &last_tv, <)) {
+  if (timercmp(tv, &last_tv, OP_LT)) {
     memcpy(tv, &last_tv, sizeof(struct timeval));
   } else {
     memcpy(&last_tv, tv, sizeof(struct timeval));
diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h
index 9ee7b49cfb..4b8b300112 100644
--- a/src/common/compat_libevent.h
+++ b/src/common/compat_libevent.h
@@ -1,10 +1,11 @@
-/* Copyright (c) 2009-2013, The Tor Project, Inc. */
+/* Copyright (c) 2009-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_COMPAT_LIBEVENT_H
 #define TOR_COMPAT_LIBEVENT_H
 
 #include "orconfig.h"
+#include "testsupport.h"
 
 struct event;
 struct event_base;
@@ -28,11 +29,9 @@ void suppress_libevent_log_msg(const char *msg);
 #define tor_event_new     event_new
 #define tor_evtimer_new   evtimer_new
 #define tor_evsignal_new  evsignal_new
-#define tor_event_free    event_free
 #define tor_evdns_add_server_port(sock, tcp, cb, data) \
   evdns_add_server_port_with_base(tor_libevent_get_base(), \
   (sock),(tcp),(cb),(data));
-
 #else
 struct event *tor_event_new(struct event_base * base, evutil_socket_t sock,
            short what, void (*cb)(evutil_socket_t, short, void *), void *arg);
@@ -40,10 +39,11 @@ struct event *tor_evtimer_new(struct event_base * base,
             void (*cb)(evutil_socket_t, short, void *), void *arg);
 struct event *tor_evsignal_new(struct event_base * base, int sig,
             void (*cb)(evutil_socket_t, short, void *), void *arg);
-void tor_event_free(struct event *ev);
 #define tor_evdns_add_server_port evdns_add_server_port
 #endif
 
+void tor_event_free(struct event *ev);
+
 typedef struct periodic_timer_t periodic_timer_t;
 
 periodic_timer_t *periodic_timer_new(struct event_base *base,
@@ -52,12 +52,7 @@ periodic_timer_t *periodic_timer_new(struct event_base *base,
              void *data);
 void periodic_timer_free(periodic_timer_t *);
 
-#ifdef HAVE_EVENT_BASE_LOOPEXIT
 #define tor_event_base_loopexit event_base_loopexit
-#else
-struct timeval;
-int tor_event_base_loopexit(struct event_base *base, struct timeval *tv);
-#endif
 
 /** Defines a configuration for using libevent with Tor: passed as an argument
  * to tor_libevent_initialize() to describe how we want to set up. */
@@ -72,10 +67,8 @@ typedef struct tor_libevent_cfg {
 } tor_libevent_cfg;
 
 void tor_libevent_initialize(tor_libevent_cfg *cfg);
-struct event_base *tor_libevent_get_base(void);
+MOCK_DECL(struct event_base *, tor_libevent_get_base, (void));
 const char *tor_libevent_get_method(void);
-void tor_check_libevent_version(const char *m, int server,
-                                const char **badness_out);
 void tor_check_libevent_header_compatibility(void);
 const char *tor_libevent_get_version_str(void);
 const char *tor_libevent_get_header_version_str(void);
@@ -98,5 +91,42 @@ void tor_gettimeofday_cache_set(const struct timeval *tv);
 #endif
 void tor_gettimeofday_cached_monotonic(struct timeval *tv);
 
+#ifdef COMPAT_LIBEVENT_PRIVATE
+/** A number representing a version of Libevent.
+
+    This is a 4-byte number, with the first three bytes representing the
+    major, minor, and patchlevel respectively of the library.  The fourth
+    byte is unused.
+
+    This is equivalent to the format of LIBEVENT_VERSION_NUMBER on Libevent
+    2.0.1 or later.  For versions of Libevent before 1.4.0, which followed the
+    format of "1.0, 1.0a, 1.0b", we define 1.0 to be equivalent to 1.0.0, 1.0a
+    to be equivalent to 1.0.1, and so on.
+*/
+typedef uint32_t le_version_t;
+
+/** @{ */
+/** Macros: returns the number of a libevent version as a le_version_t */
+#define V(major, minor, patch) \
+  (((major) << 24) | ((minor) << 16) | ((patch) << 8))
+#define V_OLD(major, minor, patch) \
+  V((major), (minor), (patch)-'a'+1)
+/** @} */
+
+/** Represetns a version of libevent so old we can't figure out what version
+ * it is. */
+#define LE_OLD V(0,0,0)
+/** Represents a version of libevent so weird we can't figure out what version
+ * it is. */
+#define LE_OTHER V(0,0,99)
+
+STATIC void
+libevent_logging_callback(int severity, const char *msg);
+STATIC le_version_t
+tor_decode_libevent_version(const char *v);
+STATIC int
+le_versions_compatibility(le_version_t v);
+#endif
+
 #endif
 
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
new file mode 100644
index 0000000000..a7bdb0a224
--- /dev/null
+++ b/src/common/compat_openssl.h
@@ -0,0 +1,46 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_COMPAT_OPENSSL_H
+#define TOR_COMPAT_OPENSSL_H
+
+#include <openssl/opensslv.h>
+
+/**
+ * \file compat_openssl.h
+ *
+ * \brief compatability definitions for working with different openssl forks
+ **/
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
+   ! defined(LIBRESSL_VERSION_NUMBER)
+/* We define this macro if we're trying to build with the majorly refactored
+ * API in OpenSSL 1.1 */
+#define OPENSSL_1_1_API
+#endif
+
+#ifndef OPENSSL_1_1_API
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define OpenSSL_version(v) SSLeay_version(v)
+#define OpenSSL_version_num() SSLeay()
+#define RAND_OpenSSL() RAND_SSLeay()
+#define STATE_IS_SW_SERVER_HELLO(st)       \
+  (((st) == SSL3_ST_SW_SRVR_HELLO_A) ||    \
+   ((st) == SSL3_ST_SW_SRVR_HELLO_B))
+#define OSSL_HANDSHAKE_STATE int
+#define CONST_IF_OPENSSL_1_1_API
+#else
+#define STATE_IS_SW_SERVER_HELLO(st) \
+  ((st) == TLS_ST_SW_SRVR_HELLO)
+#define CONST_IF_OPENSSL_1_1_API const
+#endif
+
+#endif
+
diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c
new file mode 100644
index 0000000000..962b5fc0e4
--- /dev/null
+++ b/src/common/compat_pthreads.c
@@ -0,0 +1,337 @@
+/* Copyright (c) 2003-2004, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file compat_pthreads.c
+ *
+ * \brief Implementation for the pthreads-based multithreading backend
+ * functions.
+ */
+
+#define _GNU_SOURCE
+
+#include "orconfig.h"
+#include <pthread.h>
+#include <signal.h>
+#include <time.h>
+
+#include "compat.h"
+#include "torlog.h"
+#include "util.h"
+
+#ifdef __APPLE__
+#undef CLOCK_MONOTONIC
+#undef HAVE_CLOCK_GETTIME
+#endif
+
+/** Wraps a void (*)(void*) function and its argument so we can
+ * invoke them in a way pthreads would expect.
+ */
+typedef struct tor_pthread_data_t {
+  void (*func)(void *);
+  void *data;
+} tor_pthread_data_t;
+/** Given a tor_pthread_data_t <b>_data</b>, call _data-&gt;func(d-&gt;data)
+ * and free _data.  Used to make sure we can call functions the way pthread
+ * expects. */
+static void *
+tor_pthread_helper_fn(void *_data)
+{
+  tor_pthread_data_t *data = _data;
+  void (*func)(void*);
+  void *arg;
+  /* mask signals to worker threads to avoid SIGPIPE, etc */
+  sigset_t sigs;
+  /* We're in a subthread; don't handle any signals here. */
+  sigfillset(&sigs);
+  pthread_sigmask(SIG_SETMASK, &sigs, NULL);
+
+  func = data->func;
+  arg = data->data;
+  tor_free(_data);
+  func(arg);
+  return NULL;
+}
+/**
+ * A pthread attribute to make threads start detached.
+ */
+static pthread_attr_t attr_detached;
+/** True iff we've called tor_threads_init() */
+static int threads_initialized = 0;
+
+/** Minimalist interface to run a void function in the background.  On
+ * Unix calls pthread_create, on win32 calls beginthread.  Returns -1 on
+ * failure.
+ * func should not return, but rather should call spawn_exit.
+ *
+ * NOTE: if <b>data</b> is used, it should not be allocated on the stack,
+ * since in a multithreaded environment, there is no way to be sure that
+ * the caller's stack will still be around when the called function is
+ * running.
+ */
+int
+spawn_func(void (*func)(void *), void *data)
+{
+  pthread_t thread;
+  tor_pthread_data_t *d;
+  if (PREDICT_UNLIKELY(!threads_initialized)) {
+    tor_threads_init();
+  }
+  d = tor_malloc(sizeof(tor_pthread_data_t));
+  d->data = data;
+  d->func = func;
+  if (pthread_create(&thread, &attr_detached, tor_pthread_helper_fn, d)) {
+    tor_free(d);
+    return -1;
+  }
+
+  return 0;
+}
+
+/** End the current thread/process.
+ */
+void
+spawn_exit(void)
+{
+  pthread_exit(NULL);
+}
+
+/** A mutex attribute that we're going to use to tell pthreads that we want
+ * "recursive" mutexes (i.e., once we can re-lock if we're already holding
+ * them.) */
+static pthread_mutexattr_t attr_recursive;
+
+/** Initialize <b>mutex</b> so it can be locked.  Every mutex must be set
+ * up with tor_mutex_init() or tor_mutex_new(); not both. */
+void
+tor_mutex_init(tor_mutex_t *mutex)
+{
+  if (PREDICT_UNLIKELY(!threads_initialized))
+    tor_threads_init();
+  const int err = pthread_mutex_init(&mutex->mutex, &attr_recursive);
+  if (PREDICT_UNLIKELY(err)) {
+    log_err(LD_GENERAL, "Error %d creating a mutex.", err);
+    tor_fragile_assert();
+  }
+}
+
+/** As tor_mutex_init, but initialize a mutex suitable that may be
+ * non-recursive, if the OS supports that. */
+void
+tor_mutex_init_nonrecursive(tor_mutex_t *mutex)
+{
+  int err;
+  if (PREDICT_UNLIKELY(!threads_initialized))
+    tor_threads_init();
+  err = pthread_mutex_init(&mutex->mutex, NULL);
+  if (PREDICT_UNLIKELY(err)) {
+    log_err(LD_GENERAL, "Error %d creating a mutex.", err);
+    tor_fragile_assert();
+  }
+}
+
+/** Wait until <b>m</b> is free, then acquire it. */
+void
+tor_mutex_acquire(tor_mutex_t *m)
+{
+  int err;
+  tor_assert(m);
+  err = pthread_mutex_lock(&m->mutex);
+  if (PREDICT_UNLIKELY(err)) {
+    log_err(LD_GENERAL, "Error %d locking a mutex.", err);
+    tor_fragile_assert();
+  }
+}
+/** Release the lock <b>m</b> so another thread can have it. */
+void
+tor_mutex_release(tor_mutex_t *m)
+{
+  int err;
+  tor_assert(m);
+  err = pthread_mutex_unlock(&m->mutex);
+  if (PREDICT_UNLIKELY(err)) {
+    log_err(LD_GENERAL, "Error %d unlocking a mutex.", err);
+    tor_fragile_assert();
+  }
+}
+/** Clean up the mutex <b>m</b> so that it no longer uses any system
+ * resources.  Does not free <b>m</b>.  This function must only be called on
+ * mutexes from tor_mutex_init(). */
+void
+tor_mutex_uninit(tor_mutex_t *m)
+{
+  int err;
+  tor_assert(m);
+  err = pthread_mutex_destroy(&m->mutex);
+  if (PREDICT_UNLIKELY(err)) {
+    log_err(LD_GENERAL, "Error %d destroying a mutex.", err);
+    tor_fragile_assert();
+  }
+}
+/** Return an integer representing this thread. */
+unsigned long
+tor_get_thread_id(void)
+{
+  union {
+    pthread_t thr;
+    unsigned long id;
+  } r;
+  r.thr = pthread_self();
+  return r.id;
+}
+
+/* Conditions. */
+
+/** Initialize an already-allocated condition variable. */
+int
+tor_cond_init(tor_cond_t *cond)
+{
+  pthread_condattr_t condattr;
+
+  memset(cond, 0, sizeof(tor_cond_t));
+  /* Default condition attribute. Might be used if clock monotonic is
+   * available else this won't affect anything. */
+  if (pthread_condattr_init(&condattr)) {
+    return -1;
+  }
+
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) \
+  && defined(HAVE_PTHREAD_CONDATTR_SETCLOCK)
+  /* Use monotonic time so when we timedwait() on it, any clock adjustment
+   * won't affect the timeout value. */
+  if (pthread_condattr_setclock(&condattr, CLOCK_MONOTONIC)) {
+    return -1;
+  }
+#endif
+  if (pthread_cond_init(&cond->cond, &condattr)) {
+    return -1;
+  }
+  return 0;
+}
+
+/** Release all resources held by <b>cond</b>, but do not free <b>cond</b>
+ * itself. */
+void
+tor_cond_uninit(tor_cond_t *cond)
+{
+  if (pthread_cond_destroy(&cond->cond)) {
+    log_warn(LD_GENERAL,"Error freeing condition: %s", strerror(errno));
+    return;
+  }
+}
+/** Wait until one of the tor_cond_signal functions is called on <b>cond</b>.
+ * (If <b>tv</b> is set, and that amount of time passes with no signal to
+ * <b>cond</b>, return anyway.  All waiters on the condition must wait holding
+ * the same <b>mutex</b>.  All signallers should hold that mutex.  The mutex
+ * needs to have been allocated with tor_mutex_init_for_cond().
+ *
+ * Returns 0 on success, -1 on failure, 1 on timeout. */
+int
+tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex, const struct timeval *tv)
+{
+  int r;
+  if (tv == NULL) {
+    while (1) {
+      r = pthread_cond_wait(&cond->cond, &mutex->mutex);
+      if (r == EINTR) {
+        /* EINTR should be impossible according to POSIX, but POSIX, like the
+         * Pirate's Code, is apparently treated "more like what you'd call
+         * guidelines than actual rules." */
+        continue;
+      }
+      return r ? -1 : 0;
+    }
+  } else {
+    struct timeval tvnow, tvsum;
+    struct timespec ts;
+    while (1) {
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+      if (clock_gettime(CLOCK_MONOTONIC, &ts) < 0) {
+        return -1;
+      }
+      tvnow.tv_sec = ts.tv_sec;
+      tvnow.tv_usec = ts.tv_nsec / 1000;
+      timeradd(tv, &tvnow, &tvsum);
+#else
+      if (gettimeofday(&tvnow, NULL) < 0)
+        return -1;
+      timeradd(tv, &tvnow, &tvsum);
+#endif /* HAVE_CLOCK_GETTIME, CLOCK_MONOTONIC */
+
+      ts.tv_sec = tvsum.tv_sec;
+      ts.tv_nsec = tvsum.tv_usec * 1000;
+
+      r = pthread_cond_timedwait(&cond->cond, &mutex->mutex, &ts);
+      if (r == 0)
+        return 0;
+      else if (r == ETIMEDOUT)
+        return 1;
+      else if (r == EINTR)
+        continue;
+      else
+        return -1;
+    }
+  }
+}
+/** Wake up one of the waiters on <b>cond</b>. */
+void
+tor_cond_signal_one(tor_cond_t *cond)
+{
+  pthread_cond_signal(&cond->cond);
+}
+/** Wake up all of the waiters on <b>cond</b>. */
+void
+tor_cond_signal_all(tor_cond_t *cond)
+{
+  pthread_cond_broadcast(&cond->cond);
+}
+
+int
+tor_threadlocal_init(tor_threadlocal_t *threadlocal)
+{
+  int err = pthread_key_create(&threadlocal->key, NULL);
+  return err ? -1 : 0;
+}
+
+void
+tor_threadlocal_destroy(tor_threadlocal_t *threadlocal)
+{
+  pthread_key_delete(threadlocal->key);
+  memset(threadlocal, 0, sizeof(tor_threadlocal_t));
+}
+
+void *
+tor_threadlocal_get(tor_threadlocal_t *threadlocal)
+{
+  return pthread_getspecific(threadlocal->key);
+}
+
+void
+tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value)
+{
+  int err = pthread_setspecific(threadlocal->key, value);
+  tor_assert(err == 0);
+}
+
+/** Set up common structures for use by threading. */
+void
+tor_threads_init(void)
+{
+  if (!threads_initialized) {
+    pthread_mutexattr_init(&attr_recursive);
+    pthread_mutexattr_settype(&attr_recursive, PTHREAD_MUTEX_RECURSIVE);
+    const int ret1 = pthread_attr_init(&attr_detached);
+    tor_assert(ret1 == 0);
+#ifndef PTHREAD_CREATE_DETACHED
+#define PTHREAD_CREATE_DETACHED 1
+#endif
+    const int ret2 =
+      pthread_attr_setdetachstate(&attr_detached, PTHREAD_CREATE_DETACHED);
+    tor_assert(ret2 == 0);
+    threads_initialized = 1;
+    set_main_thread();
+  }
+}
+
diff --git a/src/common/compat_threads.c b/src/common/compat_threads.c
new file mode 100644
index 0000000000..8f9001258a
--- /dev/null
+++ b/src/common/compat_threads.c
@@ -0,0 +1,325 @@
+/* Copyright (c) 2003-2004, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file compat_threads.c
+ *
+ * \brief Cross-platform threading and inter-thread communication logic.
+ *  (Platform-specific parts are written in the other compat_*threads
+ *  modules.)
+ */
+
+#define _GNU_SOURCE
+
+#include "orconfig.h"
+#include <stdlib.h>
+#include "compat.h"
+#include "compat_threads.h"
+
+#include "util.h"
+#include "torlog.h"
+
+#ifdef HAVE_SYS_EVENTFD_H
+#include <sys/eventfd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/** Return a newly allocated, ready-for-use mutex. */
+tor_mutex_t *
+tor_mutex_new(void)
+{
+  tor_mutex_t *m = tor_malloc_zero(sizeof(tor_mutex_t));
+  tor_mutex_init(m);
+  return m;
+}
+/** Return a newly allocated, ready-for-use mutex.  This one might be
+ * non-recursive, if that's faster. */
+tor_mutex_t *
+tor_mutex_new_nonrecursive(void)
+{
+  tor_mutex_t *m = tor_malloc_zero(sizeof(tor_mutex_t));
+  tor_mutex_init_nonrecursive(m);
+  return m;
+}
+/** Release all storage and system resources held by <b>m</b>. */
+void
+tor_mutex_free(tor_mutex_t *m)
+{
+  if (!m)
+    return;
+  tor_mutex_uninit(m);
+  tor_free(m);
+}
+
+/** Allocate and return a new condition variable. */
+tor_cond_t *
+tor_cond_new(void)
+{
+  tor_cond_t *cond = tor_malloc(sizeof(tor_cond_t));
+  if (tor_cond_init(cond)<0)
+    tor_free(cond);
+  return cond;
+}
+
+/** Free all storage held in <b>c</b>. */
+void
+tor_cond_free(tor_cond_t *c)
+{
+  if (!c)
+    return;
+  tor_cond_uninit(c);
+  tor_free(c);
+}
+
+/** Identity of the "main" thread */
+static unsigned long main_thread_id = -1;
+
+/** Start considering the current thread to be the 'main thread'.  This has
+ * no effect on anything besides in_main_thread(). */
+void
+set_main_thread(void)
+{
+  main_thread_id = tor_get_thread_id();
+}
+/** Return true iff called from the main thread. */
+int
+in_main_thread(void)
+{
+  return main_thread_id == tor_get_thread_id();
+}
+
+#if defined(HAVE_EVENTFD) || defined(HAVE_PIPE)
+/* As write(), but retry on EINTR */
+static int
+write_ni(int fd, const void *buf, size_t n)
+{
+  int r;
+ again:
+  r = (int) write(fd, buf, n);
+  if (r < 0 && errno == EINTR)
+    goto again;
+  return r;
+}
+/* As read(), but retry on EINTR */
+static int
+read_ni(int fd, void *buf, size_t n)
+{
+  int r;
+ again:
+  r = (int) read(fd, buf, n);
+  if (r < 0 && errno == EINTR)
+    goto again;
+  return r;
+}
+#endif
+
+/** As send(), but retry on EINTR. */
+static int
+send_ni(int fd, const void *buf, size_t n, int flags)
+{
+  int r;
+ again:
+  r = (int) send(fd, buf, n, flags);
+  if (r < 0 && ERRNO_IS_EINTR(tor_socket_errno(fd)))
+    goto again;
+  return r;
+}
+
+/** As recv(), but retry on EINTR. */
+static int
+recv_ni(int fd, void *buf, size_t n, int flags)
+{
+  int r;
+ again:
+  r = (int) recv(fd, buf, n, flags);
+  if (r < 0 && ERRNO_IS_EINTR(tor_socket_errno(fd)))
+    goto again;
+  return r;
+}
+
+#ifdef HAVE_EVENTFD
+/* Increment the event count on an eventfd <b>fd</b> */
+static int
+eventfd_alert(int fd)
+{
+  uint64_t u = 1;
+  int r = write_ni(fd, (void*)&u, sizeof(u));
+  if (r < 0 && errno != EAGAIN)
+    return -1;
+  return 0;
+}
+
+/* Drain all events from an eventfd <b>fd</b>. */
+static int
+eventfd_drain(int fd)
+{
+  uint64_t u = 0;
+  int r = read_ni(fd, (void*)&u, sizeof(u));
+  if (r < 0 && errno != EAGAIN)
+    return -1;
+  return 0;
+}
+#endif
+
+#ifdef HAVE_PIPE
+/** Send a byte over a pipe. Return 0 on success or EAGAIN; -1 on error */
+static int
+pipe_alert(int fd)
+{
+  ssize_t r = write_ni(fd, "x", 1);
+  if (r < 0 && errno != EAGAIN)
+    return -1;
+  return 0;
+}
+
+/** Drain all input from a pipe <b>fd</b> and ignore it.  Return 0 on
+ * success, -1 on error. */
+static int
+pipe_drain(int fd)
+{
+  char buf[32];
+  ssize_t r;
+  do {
+    r = read_ni(fd, buf, sizeof(buf));
+  } while (r > 0);
+  if (r < 0 && errno != EAGAIN)
+    return -1;
+  /* A value of r = 0 means EOF on the fd so successfully drained. */
+  return 0;
+}
+#endif
+
+/** Send a byte on socket <b>fd</b>t.  Return 0 on success or EAGAIN,
+ * -1 on error. */
+static int
+sock_alert(tor_socket_t fd)
+{
+  ssize_t r = send_ni(fd, "x", 1, 0);
+  if (r < 0 && !ERRNO_IS_EAGAIN(tor_socket_errno(fd)))
+    return -1;
+  return 0;
+}
+
+/** Drain all the input from a socket <b>fd</b>, and ignore it.  Return 0 on
+ * success, -1 on error. */
+static int
+sock_drain(tor_socket_t fd)
+{
+  char buf[32];
+  ssize_t r;
+  do {
+    r = recv_ni(fd, buf, sizeof(buf), 0);
+  } while (r > 0);
+  if (r < 0 && !ERRNO_IS_EAGAIN(tor_socket_errno(fd)))
+    return -1;
+  /* A value of r = 0 means EOF on the fd so successfully drained. */
+  return 0;
+}
+
+/** Allocate a new set of alert sockets, and set the appropriate function
+ * pointers, in <b>socks_out</b>. */
+int
+alert_sockets_create(alert_sockets_t *socks_out, uint32_t flags)
+{
+  tor_socket_t socks[2] = { TOR_INVALID_SOCKET, TOR_INVALID_SOCKET };
+
+#ifdef HAVE_EVENTFD
+  /* First, we try the Linux eventfd() syscall.  This gives a 64-bit counter
+   * associated with a single file descriptor. */
+#if defined(EFD_CLOEXEC) && defined(EFD_NONBLOCK)
+  if (!(flags & ASOCKS_NOEVENTFD2))
+    socks[0] = eventfd(0, EFD_CLOEXEC|EFD_NONBLOCK);
+#endif
+  if (socks[0] < 0 && !(flags & ASOCKS_NOEVENTFD)) {
+    socks[0] = eventfd(0,0);
+    if (socks[0] >= 0) {
+      if (fcntl(socks[0], F_SETFD, FD_CLOEXEC) < 0 ||
+          set_socket_nonblocking(socks[0]) < 0) {
+        close(socks[0]);
+        return -1;
+      }
+    }
+  }
+  if (socks[0] >= 0) {
+    socks_out->read_fd = socks_out->write_fd = socks[0];
+    socks_out->alert_fn = eventfd_alert;
+    socks_out->drain_fn = eventfd_drain;
+    return 0;
+  }
+#endif
+
+#ifdef HAVE_PIPE2
+  /* Now we're going to try pipes. First type the pipe2() syscall, if we
+   * have it, so we can save some calls... */
+  if (!(flags & ASOCKS_NOPIPE2) &&
+      pipe2(socks, O_NONBLOCK|O_CLOEXEC) == 0) {
+    socks_out->read_fd = socks[0];
+    socks_out->write_fd = socks[1];
+    socks_out->alert_fn = pipe_alert;
+    socks_out->drain_fn = pipe_drain;
+    return 0;
+  }
+#endif
+
+#ifdef HAVE_PIPE
+  /* Now try the regular pipe() syscall.  Pipes have a bit lower overhead than
+   * socketpairs, fwict. */
+  if (!(flags & ASOCKS_NOPIPE) &&
+      pipe(socks) == 0) {
+    if (fcntl(socks[0], F_SETFD, FD_CLOEXEC) < 0 ||
+        fcntl(socks[1], F_SETFD, FD_CLOEXEC) < 0 ||
+        set_socket_nonblocking(socks[0]) < 0 ||
+        set_socket_nonblocking(socks[1]) < 0) {
+      close(socks[0]);
+      close(socks[1]);
+      return -1;
+    }
+    socks_out->read_fd = socks[0];
+    socks_out->write_fd = socks[1];
+    socks_out->alert_fn = pipe_alert;
+    socks_out->drain_fn = pipe_drain;
+    return 0;
+  }
+#endif
+
+  /* If nothing else worked, fall back on socketpair(). */
+  if (!(flags & ASOCKS_NOSOCKETPAIR) &&
+      tor_socketpair(AF_UNIX, SOCK_STREAM, 0, socks) == 0) {
+    if (set_socket_nonblocking(socks[0]) < 0 ||
+        set_socket_nonblocking(socks[1])) {
+      tor_close_socket(socks[0]);
+      tor_close_socket(socks[1]);
+      return -1;
+    }
+    socks_out->read_fd = socks[0];
+    socks_out->write_fd = socks[1];
+    socks_out->alert_fn = sock_alert;
+    socks_out->drain_fn = sock_drain;
+    return 0;
+  }
+  return -1;
+}
+
+/** Close the sockets in <b>socks</b>. */
+void
+alert_sockets_close(alert_sockets_t *socks)
+{
+  if (socks->alert_fn == sock_alert) {
+    /* they are sockets. */
+    tor_close_socket(socks->read_fd);
+    tor_close_socket(socks->write_fd);
+  } else {
+    close(socks->read_fd);
+    if (socks->write_fd != socks->read_fd)
+      close(socks->write_fd);
+  }
+  socks->read_fd = socks->write_fd = -1;
+}
+
diff --git a/src/common/compat_threads.h b/src/common/compat_threads.h
new file mode 100644
index 0000000000..171a9f93ff
--- /dev/null
+++ b/src/common/compat_threads.h
@@ -0,0 +1,151 @@
+/* Copyright (c) 2003-2004, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_COMPAT_THREADS_H
+#define TOR_COMPAT_THREADS_H
+
+#include "orconfig.h"
+#include "torint.h"
+#include "testsupport.h"
+
+#if defined(HAVE_PTHREAD_H) && !defined(_WIN32)
+#include <pthread.h>
+#endif
+
+#if defined(_WIN32)
+#define USE_WIN32_THREADS
+#elif defined(HAVE_PTHREAD_H) && defined(HAVE_PTHREAD_CREATE)
+#define USE_PTHREADS
+#else
+#error "No threading system was found"
+#endif
+
+int spawn_func(void (*func)(void *), void *data);
+void spawn_exit(void) ATTR_NORETURN;
+
+/* Because we use threads instead of processes on most platforms (Windows,
+ * Linux, etc), we need locking for them.  On platforms with poor thread
+ * support or broken gethostbyname_r, these functions are no-ops. */
+
+/** A generic lock structure for multithreaded builds. */
+typedef struct tor_mutex_t {
+#if defined(USE_WIN32_THREADS)
+  /** Windows-only: on windows, we implement locks with CRITICAL_SECTIONS. */
+  CRITICAL_SECTION mutex;
+#elif defined(USE_PTHREADS)
+  /** Pthreads-only: with pthreads, we implement locks with
+   * pthread_mutex_t. */
+  pthread_mutex_t mutex;
+#else
+  /** No-threads only: Dummy variable so that tor_mutex_t takes up space. */
+  int _unused;
+#endif
+} tor_mutex_t;
+
+tor_mutex_t *tor_mutex_new(void);
+tor_mutex_t *tor_mutex_new_nonrecursive(void);
+void tor_mutex_init(tor_mutex_t *m);
+void tor_mutex_init_nonrecursive(tor_mutex_t *m);
+void tor_mutex_acquire(tor_mutex_t *m);
+void tor_mutex_release(tor_mutex_t *m);
+void tor_mutex_free(tor_mutex_t *m);
+void tor_mutex_uninit(tor_mutex_t *m);
+unsigned long tor_get_thread_id(void);
+void tor_threads_init(void);
+
+/** Conditions need nonrecursive mutexes with pthreads. */
+#define tor_mutex_init_for_cond(m) tor_mutex_init_nonrecursive(m)
+
+void set_main_thread(void);
+int in_main_thread(void);
+
+typedef struct tor_cond_t {
+#ifdef USE_PTHREADS
+  pthread_cond_t cond;
+#elif defined(USE_WIN32_THREADS)
+  HANDLE event;
+
+  CRITICAL_SECTION lock;
+  int n_waiting;
+  int n_to_wake;
+  int generation;
+#else
+#error no known condition implementation.
+#endif
+} tor_cond_t;
+
+tor_cond_t *tor_cond_new(void);
+void tor_cond_free(tor_cond_t *cond);
+int tor_cond_init(tor_cond_t *cond);
+void tor_cond_uninit(tor_cond_t *cond);
+int tor_cond_wait(tor_cond_t *cond, tor_mutex_t *mutex,
+                  const struct timeval *tv);
+void tor_cond_signal_one(tor_cond_t *cond);
+void tor_cond_signal_all(tor_cond_t *cond);
+
+/** Helper type used to manage waking up the main thread while it's in
+ * the libevent main loop.  Used by the work queue code. */
+typedef struct alert_sockets_s {
+  /* XXXX This structure needs a better name. */
+  /** Socket that the main thread should listen for EV_READ events on.
+   * Note that this socket may be a regular fd on a non-Windows platform.
+   */
+  tor_socket_t read_fd;
+  /** Socket to use when alerting the main thread. */
+  tor_socket_t write_fd;
+  /** Function to alert the main thread */
+  int (*alert_fn)(tor_socket_t write_fd);
+  /** Function to make the main thread no longer alerted. */
+  int (*drain_fn)(tor_socket_t read_fd);
+} alert_sockets_t;
+
+/* Flags to disable one or more alert_sockets backends. */
+#define ASOCKS_NOEVENTFD2   (1u<<0)
+#define ASOCKS_NOEVENTFD    (1u<<1)
+#define ASOCKS_NOPIPE2      (1u<<2)
+#define ASOCKS_NOPIPE       (1u<<3)
+#define ASOCKS_NOSOCKETPAIR (1u<<4)
+
+int alert_sockets_create(alert_sockets_t *socks_out, uint32_t flags);
+void alert_sockets_close(alert_sockets_t *socks);
+
+typedef struct tor_threadlocal_s {
+#ifdef _WIN32
+  DWORD index;
+#else
+  pthread_key_t key;
+#endif
+} tor_threadlocal_t;
+
+/** Initialize a thread-local variable.
+ *
+ * After you call this function on a tor_threadlocal_t, you can call
+ * tor_threadlocal_set to change the current value of this variable for the
+ * current thread, and tor_threadlocal_get to retrieve the current value for
+ * the current thread.  Each thread has its own value.
+ **/
+int tor_threadlocal_init(tor_threadlocal_t *threadlocal);
+/**
+ * Release all resource associated with a thread-local variable.
+ */
+void tor_threadlocal_destroy(tor_threadlocal_t *threadlocal);
+/**
+ * Return the current value of a thread-local variable for this thread.
+ *
+ * It's undefined behavior to use this function if the threadlocal hasn't
+ * been initialized, or has been destroyed.
+ */
+void *tor_threadlocal_get(tor_threadlocal_t *threadlocal);
+/**
+ * Change the current value of a thread-local variable for this thread to
+ * <b>value</b>.
+ *
+ * It's undefined behavior to use this function if the threadlocal hasn't
+ * been initialized, or has been destroyed.
+ */
+void tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value);
+
+#endif
+
diff --git a/src/common/compat_winthreads.c b/src/common/compat_winthreads.c
new file mode 100644
index 0000000000..735be4ad17
--- /dev/null
+++ b/src/common/compat_winthreads.c
@@ -0,0 +1,250 @@
+/* Copyright (c) 2003-2004, Roger Dingledine
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file compat_winthreads.c
+ *
+ * \brief Implementation for the windows-based multithreading backend
+ * functions.
+ */
+
+#ifdef _WIN32
+
+#include "compat.h"
+#include <windows.h>
+#include <process.h>
+#include "util.h"
+#include "container.h"
+#include "torlog.h"
+#include <process.h>
+
+/* This value is more or less total cargo-cult */
+#define SPIN_COUNT 2000
+
+/** Minimalist interface to run a void function in the background.  On
+ * Unix calls fork, on win32 calls beginthread.  Returns -1 on failure.
+ * func should not return, but rather should call spawn_exit.
+ *
+ * NOTE: if <b>data</b> is used, it should not be allocated on the stack,
+ * since in a multithreaded environment, there is no way to be sure that
+ * the caller's stack will still be around when the called function is
+ * running.
+ */
+int
+spawn_func(void (*func)(void *), void *data)
+{
+  int rv;
+  rv = (int)_beginthread(func, 0, data);
+  if (rv == (int)-1)
+    return -1;
+  return 0;
+}
+
+/** End the current thread/process.
+ */
+void
+spawn_exit(void)
+{
+  _endthread();
+  //we should never get here. my compiler thinks that _endthread returns, this
+  //is an attempt to fool it.
+  tor_assert(0);
+  _exit(0);
+}
+
+void
+tor_mutex_init(tor_mutex_t *m)
+{
+  InitializeCriticalSection(&m->mutex);
+}
+void
+tor_mutex_init_nonrecursive(tor_mutex_t *m)
+{
+  InitializeCriticalSection(&m->mutex);
+}
+
+void
+tor_mutex_uninit(tor_mutex_t *m)
+{
+  DeleteCriticalSection(&m->mutex);
+}
+void
+tor_mutex_acquire(tor_mutex_t *m)
+{
+  tor_assert(m);
+  EnterCriticalSection(&m->mutex);
+}
+void
+tor_mutex_release(tor_mutex_t *m)
+{
+  LeaveCriticalSection(&m->mutex);
+}
+unsigned long
+tor_get_thread_id(void)
+{
+  return (unsigned long)GetCurrentThreadId();
+}
+
+int
+tor_cond_init(tor_cond_t *cond)
+{
+  memset(cond, 0, sizeof(tor_cond_t));
+  if (InitializeCriticalSectionAndSpinCount(&cond->lock, SPIN_COUNT)==0) {
+    return -1;
+  }
+  if ((cond->event = CreateEvent(NULL,TRUE,FALSE,NULL)) == NULL) {
+    DeleteCriticalSection(&cond->lock);
+    return -1;
+  }
+  cond->n_waiting = cond->n_to_wake = cond->generation = 0;
+  return 0;
+}
+void
+tor_cond_uninit(tor_cond_t *cond)
+{
+  DeleteCriticalSection(&cond->lock);
+  CloseHandle(cond->event);
+}
+
+static void
+tor_cond_signal_impl(tor_cond_t *cond, int broadcast)
+{
+  EnterCriticalSection(&cond->lock);
+  if (broadcast)
+    cond->n_to_wake = cond->n_waiting;
+  else
+    ++cond->n_to_wake;
+  cond->generation++;
+  SetEvent(cond->event);
+  LeaveCriticalSection(&cond->lock);
+}
+void
+tor_cond_signal_one(tor_cond_t *cond)
+{
+  tor_cond_signal_impl(cond, 0);
+}
+void
+tor_cond_signal_all(tor_cond_t *cond)
+{
+  tor_cond_signal_impl(cond, 1);
+}
+
+int
+tor_threadlocal_init(tor_threadlocal_t *threadlocal)
+{
+  threadlocal->index = TlsAlloc();
+  return (threadlocal->index == TLS_OUT_OF_INDEXES) ? -1 : 0;
+}
+
+void
+tor_threadlocal_destroy(tor_threadlocal_t *threadlocal)
+{
+  TlsFree(threadlocal->index);
+  memset(threadlocal, 0, sizeof(tor_threadlocal_t));
+}
+
+void *
+tor_threadlocal_get(tor_threadlocal_t *threadlocal)
+{
+  void *value = TlsGetValue(threadlocal->index);
+  if (value == NULL) {
+    DWORD err = GetLastError();
+    if (err != ERROR_SUCCESS) {
+      char *msg = format_win32_error(err);
+      log_err(LD_GENERAL, "Error retrieving thread-local value: %s", msg);
+      tor_free(msg);
+      tor_assert(err == ERROR_SUCCESS);
+    }
+  }
+  return value;
+}
+
+void
+tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value)
+{
+  BOOL ok = TlsSetValue(threadlocal->index, value);
+  if (!ok) {
+    DWORD err = GetLastError();
+    char *msg = format_win32_error(err);
+    log_err(LD_GENERAL, "Error adjusting thread-local value: %s", msg);
+    tor_free(msg);
+    tor_assert(ok);
+  }
+}
+
+int
+tor_cond_wait(tor_cond_t *cond, tor_mutex_t *lock_, const struct timeval *tv)
+{
+  CRITICAL_SECTION *lock = &lock_->mutex;
+  int generation_at_start;
+  int waiting = 1;
+  int result = -1;
+  DWORD ms = INFINITE, ms_orig = INFINITE, startTime, endTime;
+  if (tv)
+    ms_orig = ms = tv->tv_sec*1000 + (tv->tv_usec+999)/1000;
+
+  EnterCriticalSection(&cond->lock);
+  ++cond->n_waiting;
+  generation_at_start = cond->generation;
+  LeaveCriticalSection(&cond->lock);
+
+  LeaveCriticalSection(lock);
+
+  startTime = GetTickCount();
+  do {
+    DWORD res;
+    res = WaitForSingleObject(cond->event, ms);
+    EnterCriticalSection(&cond->lock);
+    if (cond->n_to_wake &&
+        cond->generation != generation_at_start) {
+      --cond->n_to_wake;
+      --cond->n_waiting;
+      result = 0;
+      waiting = 0;
+      goto out;
+    } else if (res != WAIT_OBJECT_0) {
+      result = (res==WAIT_TIMEOUT) ? 1 : -1;
+      --cond->n_waiting;
+      waiting = 0;
+      goto out;
+    } else if (ms != INFINITE) {
+      endTime = GetTickCount();
+      if (startTime + ms_orig <= endTime) {
+        result = 1; /* Timeout */
+        --cond->n_waiting;
+        waiting = 0;
+        goto out;
+      } else {
+        ms = startTime + ms_orig - endTime;
+      }
+    }
+    /* If we make it here, we are still waiting. */
+    if (cond->n_to_wake == 0) {
+      /* There is nobody else who should wake up; reset
+       * the event. */
+      ResetEvent(cond->event);
+    }
+  out:
+    LeaveCriticalSection(&cond->lock);
+  } while (waiting);
+
+  EnterCriticalSection(lock);
+
+  EnterCriticalSection(&cond->lock);
+  if (!cond->n_waiting)
+    ResetEvent(cond->event);
+  LeaveCriticalSection(&cond->lock);
+
+  return result;
+}
+
+void
+tor_threads_init(void)
+{
+  set_main_thread();
+}
+
+#endif
+
diff --git a/src/common/container.c b/src/common/container.c
index c668068e9e..ddf3bafa91 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -28,21 +28,21 @@
 
 /** Allocate and return an empty smartlist.
  */
-smartlist_t *
-smartlist_new(void)
+MOCK_IMPL(smartlist_t *,
+smartlist_new,(void))
 {
   smartlist_t *sl = tor_malloc(sizeof(smartlist_t));
   sl->num_used = 0;
   sl->capacity = SMARTLIST_DEFAULT_CAPACITY;
-  sl->list = tor_malloc(sizeof(void *) * sl->capacity);
+  sl->list = tor_calloc(sizeof(void *), sl->capacity);
   return sl;
 }
 
 /** Deallocate a smartlist.  Does not release storage associated with the
  * list's elements.
  */
-void
-smartlist_free(smartlist_t *sl)
+MOCK_IMPL(void,
+smartlist_free,(smartlist_t *sl))
 {
   if (!sl)
     return;
@@ -55,6 +55,7 @@ smartlist_free(smartlist_t *sl)
 void
 smartlist_clear(smartlist_t *sl)
 {
+  memset(sl->list, 0, sizeof(void *) * sl->num_used);
   sl->num_used = 0;
 }
 
@@ -63,7 +64,7 @@ smartlist_clear(smartlist_t *sl)
 #endif
 
 /** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */
-static INLINE void
+static inline void
 smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
   /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
@@ -72,21 +73,25 @@ smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*))))
 #endif
+
   tor_assert(size <= MAX_CAPACITY);
 
   if (size > (size_t) sl->capacity) {
     size_t higher = (size_t) sl->capacity;
     if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
-      tor_assert(size <= MAX_CAPACITY);
       higher = MAX_CAPACITY;
     } else {
       while (size > higher)
         higher *= 2;
     }
-    tor_assert(higher <= INT_MAX); /* Redundant */
+    sl->list = tor_reallocarray(sl->list, sizeof(void *),
+                                ((size_t)higher));
+    memset(sl->list + sl->capacity, 0,
+           sizeof(void *) * (higher - sl->capacity));
     sl->capacity = (int) higher;
-    sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
+#undef ASSERT_CAPACITY
+#undef MAX_CAPACITY
 }
 
 /** Append element to the end of the list. */
@@ -123,6 +128,7 @@ smartlist_remove(smartlist_t *sl, const void *element)
     if (sl->list[i] == element) {
       sl->list[i] = sl->list[--sl->num_used]; /* swap with the end */
       i--; /* so we process the new i'th element */
+      sl->list[sl->num_used] = NULL;
     }
 }
 
@@ -132,9 +138,11 @@ void *
 smartlist_pop_last(smartlist_t *sl)
 {
   tor_assert(sl);
-  if (sl->num_used)
-    return sl->list[--sl->num_used];
-  else
+  if (sl->num_used) {
+    void *tmp = sl->list[--sl->num_used];
+    sl->list[sl->num_used] = NULL;
+    return tmp;
+  } else
     return NULL;
 }
 
@@ -165,6 +173,7 @@ smartlist_string_remove(smartlist_t *sl, const char *element)
       tor_free(sl->list[i]);
       sl->list[i] = sl->list[--sl->num_used]; /* swap with the end */
       i--; /* so we process the new i'th element */
+      sl->list[sl->num_used] = NULL;
     }
   }
 }
@@ -208,6 +217,19 @@ smartlist_string_pos(const smartlist_t *sl, const char *element)
   return -1;
 }
 
+/** If <b>element</b> is the same pointer as an element of <b>sl</b>, return
+ * that element's index.  Otherwise, return -1. */
+int
+smartlist_pos(const smartlist_t *sl, const void *element)
+{
+  int i;
+  if (!sl) return -1;
+  for (i=0; i < sl->num_used; i++)
+    if (element == sl->list[i])
+      return i;
+  return -1;
+}
+
 /** Return true iff <b>sl</b> has some element E such that
  * !strcasecmp(E,<b>element</b>)
  */
@@ -308,6 +330,7 @@ smartlist_intersect(smartlist_t *sl1, const smartlist_t *sl2)
     if (!smartlist_contains(sl2, sl1->list[i])) {
       sl1->list[i] = sl1->list[--sl1->num_used]; /* swap with the end */
       i--; /* so we process the new i'th element */
+      sl1->list[sl1->num_used] = NULL;
     }
 }
 
@@ -332,6 +355,7 @@ smartlist_del(smartlist_t *sl, int idx)
   tor_assert(idx>=0);
   tor_assert(idx < sl->num_used);
   sl->list[idx] = sl->list[--sl->num_used];
+  sl->list[sl->num_used] = NULL;
 }
 
 /** Remove the <b>idx</b>th element of sl; if idx is not the last element,
@@ -347,6 +371,7 @@ smartlist_del_keeporder(smartlist_t *sl, int idx)
   --sl->num_used;
   if (idx < sl->num_used)
     memmove(sl->list+idx, sl->list+idx+1, sizeof(void*)*(sl->num_used-idx));
+  sl->list[sl->num_used] = NULL;
 }
 
 /** Insert the value <b>val</b> as the new <b>idx</b>th element of
@@ -518,11 +543,13 @@ smartlist_sort(smartlist_t *sl, int (*compare)(const void **a, const void **b))
 
 /** Given a smartlist <b>sl</b> sorted with the function <b>compare</b>,
  * return the most frequent member in the list.  Break ties in favor of
- * later elements.  If the list is empty, return NULL.
+ * later elements.  If the list is empty, return NULL.  If count_out is
+ * non-null, set it to the most frequent member.
  */
 void *
-smartlist_get_most_frequent(const smartlist_t *sl,
-                            int (*compare)(const void **a, const void **b))
+smartlist_get_most_frequent_(const smartlist_t *sl,
+                             int (*compare)(const void **a, const void **b),
+                             int *count_out)
 {
   const void *most_frequent = NULL;
   int most_frequent_count = 0;
@@ -530,8 +557,11 @@ smartlist_get_most_frequent(const smartlist_t *sl,
   const void *cur = NULL;
   int i, count=0;
 
-  if (!sl->num_used)
+  if (!sl->num_used) {
+    if (count_out)
+      *count_out = 0;
     return NULL;
+  }
   for (i = 0; i < sl->num_used; ++i) {
     const void *item = sl->list[i];
     if (cur && 0 == compare(&cur, &item)) {
@@ -549,6 +579,8 @@ smartlist_get_most_frequent(const smartlist_t *sl,
     most_frequent = cur;
     most_frequent_count = count;
   }
+  if (count_out)
+    *count_out = most_frequent_count;
   return (void*)most_frequent;
 }
 
@@ -722,12 +754,22 @@ smartlist_sort_strings(smartlist_t *sl)
 }
 
 /** Return the most frequent string in the sorted list <b>sl</b> */
-char *
+const char *
 smartlist_get_most_frequent_string(smartlist_t *sl)
 {
   return smartlist_get_most_frequent(sl, compare_string_ptrs_);
 }
 
+/** Return the most frequent string in the sorted list <b>sl</b>.
+ * If <b>count_out</b> is provided, set <b>count_out</b> to the
+ * number of times that string appears.
+ */
+const char *
+smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out)
+{
+  return smartlist_get_most_frequent_(sl, compare_string_ptrs_, count_out);
+}
+
 /** Remove duplicate strings from a sorted list, and free them with tor_free().
  */
 void
@@ -798,9 +840,17 @@ smartlist_sort_pointers(smartlist_t *sl)
  *
  * For a 1-indexed array, we would use LEFT_CHILD[x] = 2*x and RIGHT_CHILD[x]
  *   = 2*x + 1.  But this is C, so we have to adjust a little. */
-//#define LEFT_CHILD(i)  ( ((i)+1)*2 - 1)
-//#define RIGHT_CHILD(i) ( ((i)+1)*2 )
-//#define PARENT(i)      ( ((i)+1)/2 - 1)
+
+/* MAX_PARENT_IDX is the largest IDX in the smartlist which might have
+ * children whose indices fit inside an int.
+ * LEFT_CHILD(MAX_PARENT_IDX) == INT_MAX-2;
+ * RIGHT_CHILD(MAX_PARENT_IDX) == INT_MAX-1;
+ * LEFT_CHILD(MAX_PARENT_IDX + 1) == INT_MAX // impossible, see max list size.
+ */
+#define MAX_PARENT_IDX ((INT_MAX - 2) / 2)
+/* If this is true, then i is small enough to potentially have children
+ * in the smartlist, and it is save to use LEFT_CHILD/RIGHT_CHILD on it. */
+#define IDX_MAY_HAVE_CHILDREN(i) ((i) <= MAX_PARENT_IDX)
 #define LEFT_CHILD(i)  ( 2*(i) + 1 )
 #define RIGHT_CHILD(i) ( 2*(i) + 2 )
 #define PARENT(i)      ( ((i)-1) / 2 )
@@ -827,13 +877,21 @@ smartlist_sort_pointers(smartlist_t *sl)
 /** Helper. <b>sl</b> may have at most one violation of the heap property:
  * the item at <b>idx</b> may be greater than one or both of its children.
  * Restore the heap property. */
-static INLINE void
+static inline void
 smartlist_heapify(smartlist_t *sl,
                   int (*compare)(const void *a, const void *b),
                   int idx_field_offset,
                   int idx)
 {
   while (1) {
+    if (! IDX_MAY_HAVE_CHILDREN(idx)) {
+      /* idx is so large that it cannot have any children, since doing so
+       * would mean the smartlist was over-capacity. Therefore it cannot
+       * violate the heap property by being greater than a child (since it
+       * doesn't have any). */
+      return;
+    }
+
     int left_idx = LEFT_CHILD(idx);
     int best_idx;
 
@@ -907,9 +965,11 @@ smartlist_pqueue_pop(smartlist_t *sl,
   *IDXP(top)=-1;
   if (--sl->num_used) {
     sl->list[0] = sl->list[sl->num_used];
+    sl->list[sl->num_used] = NULL;
     UPDATE_IDX(0);
     smartlist_heapify(sl, compare, idx_field_offset, 0);
   }
+  sl->list[sl->num_used] = NULL;
   return top;
 }
 
@@ -929,9 +989,11 @@ smartlist_pqueue_remove(smartlist_t *sl,
   --sl->num_used;
   *IDXP(item) = -1;
   if (idx == sl->num_used) {
+    sl->list[sl->num_used] = NULL;
     return;
   } else {
     sl->list[idx] = sl->list[sl->num_used];
+    sl->list[sl->num_used] = NULL;
     UPDATE_IDX(idx);
     smartlist_heapify(sl, compare, idx_field_offset, idx);
   }
@@ -990,7 +1052,7 @@ smartlist_sort_digests256(smartlist_t *sl)
 
 /** Return the most frequent member of the sorted list of DIGEST256_LEN
  * digests in <b>sl</b> */
-char *
+const uint8_t *
 smartlist_get_most_frequent_digest256(smartlist_t *sl)
 {
   return smartlist_get_most_frequent(sl, compare_digests256_);
@@ -1021,233 +1083,333 @@ smartlist_uniq_digests256(smartlist_t *sl)
 
 DEFINE_MAP_STRUCTS(strmap_t, char *key, strmap_);
 DEFINE_MAP_STRUCTS(digestmap_t, char key[DIGEST_LEN], digestmap_);
+DEFINE_MAP_STRUCTS(digest256map_t, uint8_t key[DIGEST256_LEN], digest256map_);
 
 /** Helper: compare strmap_entry_t objects by key value. */
-static INLINE int
+static inline int
 strmap_entries_eq(const strmap_entry_t *a, const strmap_entry_t *b)
 {
   return !strcmp(a->key, b->key);
 }
 
 /** Helper: return a hash value for a strmap_entry_t. */
-static INLINE unsigned int
+static inline unsigned int
 strmap_entry_hash(const strmap_entry_t *a)
 {
   return (unsigned) siphash24g(a->key, strlen(a->key));
 }
 
 /** Helper: compare digestmap_entry_t objects by key value. */
-static INLINE int
+static inline int
 digestmap_entries_eq(const digestmap_entry_t *a, const digestmap_entry_t *b)
 {
   return tor_memeq(a->key, b->key, DIGEST_LEN);
 }
 
 /** Helper: return a hash value for a digest_map_t. */
-static INLINE unsigned int
+static inline unsigned int
 digestmap_entry_hash(const digestmap_entry_t *a)
 {
   return (unsigned) siphash24g(a->key, DIGEST_LEN);
 }
 
+/** Helper: compare digestmap_entry_t objects by key value. */
+static inline int
+digest256map_entries_eq(const digest256map_entry_t *a,
+                        const digest256map_entry_t *b)
+{
+  return tor_memeq(a->key, b->key, DIGEST256_LEN);
+}
+
+/** Helper: return a hash value for a digest_map_t. */
+static inline unsigned int
+digest256map_entry_hash(const digest256map_entry_t *a)
+{
+  return (unsigned) siphash24g(a->key, DIGEST256_LEN);
+}
+
 HT_PROTOTYPE(strmap_impl, strmap_entry_t, node, strmap_entry_hash,
              strmap_entries_eq)
-HT_GENERATE(strmap_impl, strmap_entry_t, node, strmap_entry_hash,
-            strmap_entries_eq, 0.6, malloc, realloc, free)
+HT_GENERATE2(strmap_impl, strmap_entry_t, node, strmap_entry_hash,
+             strmap_entries_eq, 0.6, tor_reallocarray_, tor_free_)
 
 HT_PROTOTYPE(digestmap_impl, digestmap_entry_t, node, digestmap_entry_hash,
              digestmap_entries_eq)
-HT_GENERATE(digestmap_impl, digestmap_entry_t, node, digestmap_entry_hash,
-            digestmap_entries_eq, 0.6, malloc, realloc, free)
+HT_GENERATE2(digestmap_impl, digestmap_entry_t, node, digestmap_entry_hash,
+             digestmap_entries_eq, 0.6, tor_reallocarray_, tor_free_)
 
-/** Constructor to create a new empty map from strings to void*'s.
- */
-strmap_t *
-strmap_new(void)
+HT_PROTOTYPE(digest256map_impl, digest256map_entry_t, node,
+             digest256map_entry_hash,
+             digest256map_entries_eq)
+HT_GENERATE2(digest256map_impl, digest256map_entry_t, node,
+             digest256map_entry_hash,
+             digest256map_entries_eq, 0.6, tor_reallocarray_, tor_free_)
+
+static inline void
+strmap_entry_free(strmap_entry_t *ent)
 {
-  strmap_t *result;
-  result = tor_malloc(sizeof(strmap_t));
-  HT_INIT(strmap_impl, &result->head);
-  return result;
+  tor_free(ent->key);
+  tor_free(ent);
 }
-
-/** Constructor to create a new empty map from digests to void*'s.
- */
-digestmap_t *
-digestmap_new(void)
+static inline void
+digestmap_entry_free(digestmap_entry_t *ent)
 {
-  digestmap_t *result;
-  result = tor_malloc(sizeof(digestmap_t));
-  HT_INIT(digestmap_impl, &result->head);
-  return result;
+  tor_free(ent);
 }
-
-/** Set the current value for <b>key</b> to <b>val</b>.  Returns the previous
- * value for <b>key</b> if one was set, or NULL if one was not.
- *
- * This function makes a copy of <b>key</b> if necessary, but not of
- * <b>val</b>.
- */
-void *
-strmap_set(strmap_t *map, const char *key, void *val)
-{
-  strmap_entry_t *resolve;
-  strmap_entry_t search;
-  void *oldval;
-  tor_assert(map);
-  tor_assert(key);
-  tor_assert(val);
-  search.key = (char*)key;
-  resolve = HT_FIND(strmap_impl, &map->head, &search);
-  if (resolve) {
-    oldval = resolve->val;
-    resolve->val = val;
-    return oldval;
-  } else {
-    resolve = tor_malloc_zero(sizeof(strmap_entry_t));
-    resolve->key = tor_strdup(key);
-    resolve->val = val;
-    tor_assert(!HT_FIND(strmap_impl, &map->head, resolve));
-    HT_INSERT(strmap_impl, &map->head, resolve);
-    return NULL;
-  }
+static inline void
+digest256map_entry_free(digest256map_entry_t *ent)
+{
+  tor_free(ent);
 }
 
-#define OPTIMIZED_DIGESTMAP_SET
-
-/** Like strmap_set() above but for digestmaps. */
-void *
-digestmap_set(digestmap_t *map, const char *key, void *val)
+static inline void
+strmap_assign_tmp_key(strmap_entry_t *ent, const char *key)
 {
-#ifndef OPTIMIZED_DIGESTMAP_SET
-  digestmap_entry_t *resolve;
-#endif
-  digestmap_entry_t search;
-  void *oldval;
-  tor_assert(map);
-  tor_assert(key);
-  tor_assert(val);
-  memcpy(&search.key, key, DIGEST_LEN);
-#ifndef OPTIMIZED_DIGESTMAP_SET
-  resolve = HT_FIND(digestmap_impl, &map->head, &search);
-  if (resolve) {
-    oldval = resolve->val;
-    resolve->val = val;
-    return oldval;
-  } else {
-    resolve = tor_malloc_zero(sizeof(digestmap_entry_t));
-    memcpy(resolve->key, key, DIGEST_LEN);
-    resolve->val = val;
-    HT_INSERT(digestmap_impl, &map->head, resolve);
-    return NULL;
-  }
-#else
-  /* We spend up to 5% of our time in this function, so the code below is
-   * meant to optimize the check/alloc/set cycle by avoiding the two trips to
-   * the hash table that we do in the unoptimized code above.  (Each of
-   * HT_INSERT and HT_FIND calls HT_SET_HASH and HT_FIND_P.)
-   */
-  HT_FIND_OR_INSERT_(digestmap_impl, node, digestmap_entry_hash, &(map->head),
-         digestmap_entry_t, &search, ptr,
-         {
-            /* we found an entry. */
-            oldval = (*ptr)->val;
-            (*ptr)->val = val;
-            return oldval;
-         },
-         {
-           /* We didn't find the entry. */
-           digestmap_entry_t *newent =
-             tor_malloc_zero(sizeof(digestmap_entry_t));
-           memcpy(newent->key, key, DIGEST_LEN);
-           newent->val = val;
-           HT_FOI_INSERT_(node, &(map->head), &search, newent, ptr);
-           return NULL;
-         });
-#endif
+  ent->key = (char*)key;
 }
-
-/** Return the current value associated with <b>key</b>, or NULL if no
- * value is set.
- */
-void *
-strmap_get(const strmap_t *map, const char *key)
-{
-  strmap_entry_t *resolve;
-  strmap_entry_t search;
-  tor_assert(map);
-  tor_assert(key);
-  search.key = (char*)key;
-  resolve = HT_FIND(strmap_impl, &map->head, &search);
-  if (resolve) {
-    return resolve->val;
-  } else {
-    return NULL;
-  }
+static inline void
+digestmap_assign_tmp_key(digestmap_entry_t *ent, const char *key)
+{
+  memcpy(ent->key, key, DIGEST_LEN);
 }
-
-/** Like strmap_get() above but for digestmaps. */
-void *
-digestmap_get(const digestmap_t *map, const char *key)
-{
-  digestmap_entry_t *resolve;
-  digestmap_entry_t search;
-  tor_assert(map);
-  tor_assert(key);
-  memcpy(&search.key, key, DIGEST_LEN);
-  resolve = HT_FIND(digestmap_impl, &map->head, &search);
-  if (resolve) {
-    return resolve->val;
-  } else {
-    return NULL;
-  }
+static inline void
+digest256map_assign_tmp_key(digest256map_entry_t *ent, const uint8_t *key)
+{
+  memcpy(ent->key, key, DIGEST256_LEN);
+}
+static inline void
+strmap_assign_key(strmap_entry_t *ent, const char *key)
+{
+  ent->key = tor_strdup(key);
+}
+static inline void
+digestmap_assign_key(digestmap_entry_t *ent, const char *key)
+{
+  memcpy(ent->key, key, DIGEST_LEN);
+}
+static inline void
+digest256map_assign_key(digest256map_entry_t *ent, const uint8_t *key)
+{
+  memcpy(ent->key, key, DIGEST256_LEN);
 }
 
-/** Remove the value currently associated with <b>key</b> from the map.
- * Return the value if one was set, or NULL if there was no entry for
- * <b>key</b>.
- *
- * Note: you must free any storage associated with the returned value.
+/**
+ * Macro: implement all the functions for a map that are declared in
+ * container.h by the DECLARE_MAP_FNS() macro.  You must additionally define a
+ * prefix_entry_free_() function to free entries (and their keys), a
+ * prefix_assign_tmp_key() function to temporarily set a stack-allocated
+ * entry to hold a key, and a prefix_assign_key() function to set a
+ * heap-allocated entry to hold a key.
  */
-void *
-strmap_remove(strmap_t *map, const char *key)
-{
-  strmap_entry_t *resolve;
-  strmap_entry_t search;
-  void *oldval;
-  tor_assert(map);
-  tor_assert(key);
-  search.key = (char*)key;
-  resolve = HT_REMOVE(strmap_impl, &map->head, &search);
-  if (resolve) {
-    oldval = resolve->val;
-    tor_free(resolve->key);
-    tor_free(resolve);
-    return oldval;
-  } else {
-    return NULL;
+#define IMPLEMENT_MAP_FNS(maptype, keytype, prefix)                     \
+  /** Create and return a new empty map. */                             \
+  MOCK_IMPL(maptype *,                                                  \
+  prefix##_new,(void))                                                  \
+  {                                                                     \
+    maptype *result;                                                    \
+    result = tor_malloc(sizeof(maptype));                               \
+    HT_INIT(prefix##_impl, &result->head);                              \
+    return result;                                                      \
+  }                                                                     \
+                                                                        \
+  /** Return the item from <b>map</b> whose key matches <b>key</b>, or  \
+   * NULL if no such value exists. */                                   \
+  void *                                                                \
+  prefix##_get(const maptype *map, const keytype key)                   \
+  {                                                                     \
+    prefix ##_entry_t *resolve;                                         \
+    prefix ##_entry_t search;                                           \
+    tor_assert(map);                                                    \
+    tor_assert(key);                                                    \
+    prefix ##_assign_tmp_key(&search, key);                             \
+    resolve = HT_FIND(prefix ##_impl, &map->head, &search);             \
+    if (resolve) {                                                      \
+      return resolve->val;                                              \
+    } else {                                                            \
+      return NULL;                                                      \
+    }                                                                   \
+  }                                                                     \
+                                                                        \
+  /** Add an entry to <b>map</b> mapping <b>key</b> to <b>val</b>;      \
+   * return the previous value, or NULL if no such value existed. */     \
+  void *                                                                \
+  prefix##_set(maptype *map, const keytype key, void *val)              \
+  {                                                                     \
+    prefix##_entry_t search;                                            \
+    void *oldval;                                                       \
+    tor_assert(map);                                                    \
+    tor_assert(key);                                                    \
+    tor_assert(val);                                                    \
+    prefix##_assign_tmp_key(&search, key);                              \
+    /* We a lot of our time in this function, so the code below is */   \
+    /* meant to optimize the check/alloc/set cycle by avoiding the two */\
+    /* trips to the hash table that we would do in the unoptimized */   \
+    /* version of this code. (Each of HT_INSERT and HT_FIND calls */     \
+    /* HT_SET_HASH and HT_FIND_P.) */                                   \
+    HT_FIND_OR_INSERT_(prefix##_impl, node, prefix##_entry_hash,        \
+                       &(map->head),                                    \
+                       prefix##_entry_t, &search, ptr,                  \
+                       {                                                \
+                         /* we found an entry. */                       \
+                         oldval = (*ptr)->val;                          \
+                         (*ptr)->val = val;                             \
+                         return oldval;                                 \
+                       },                                               \
+                       {                                                \
+                         /* We didn't find the entry. */                \
+                         prefix##_entry_t *newent =                     \
+                           tor_malloc_zero(sizeof(prefix##_entry_t));   \
+                         prefix##_assign_key(newent, key);              \
+                         newent->val = val;                             \
+                         HT_FOI_INSERT_(node, &(map->head),             \
+                            &search, newent, ptr);                      \
+                         return NULL;                                   \
+    });                                                                 \
+  }                                                                     \
+                                                                        \
+  /** Remove the value currently associated with <b>key</b> from the map. \
+   * Return the value if one was set, or NULL if there was no entry for \
+   * <b>key</b>.                                                        \
+   *                                                                    \
+   * Note: you must free any storage associated with the returned value. \
+   */                                                                   \
+  void *                                                                \
+  prefix##_remove(maptype *map, const keytype key)                      \
+  {                                                                     \
+    prefix##_entry_t *resolve;                                          \
+    prefix##_entry_t search;                                            \
+    void *oldval;                                                       \
+    tor_assert(map);                                                    \
+    tor_assert(key);                                                    \
+    prefix##_assign_tmp_key(&search, key);                              \
+    resolve = HT_REMOVE(prefix##_impl, &map->head, &search);            \
+    if (resolve) {                                                      \
+      oldval = resolve->val;                                            \
+      prefix##_entry_free(resolve);                                     \
+      return oldval;                                                    \
+    } else {                                                            \
+      return NULL;                                                      \
+    }                                                                   \
+  }                                                                     \
+                                                                        \
+  /** Return the number of elements in <b>map</b>. */                   \
+  int                                                                   \
+  prefix##_size(const maptype *map)                                     \
+  {                                                                     \
+    return HT_SIZE(&map->head);                                         \
+  }                                                                     \
+                                                                        \
+  /** Return true iff <b>map</b> has no entries. */                     \
+  int                                                                   \
+  prefix##_isempty(const maptype *map)                                  \
+  {                                                                     \
+    return HT_EMPTY(&map->head);                                        \
+  }                                                                     \
+                                                                        \
+  /** Assert that <b>map</b> is not corrupt. */                         \
+  void                                                                  \
+  prefix##_assert_ok(const maptype *map)                                \
+  {                                                                     \
+    tor_assert(!prefix##_impl_HT_REP_IS_BAD_(&map->head));              \
+  }                                                                     \
+                                                                        \
+  /** Remove all entries from <b>map</b>, and deallocate storage for    \
+   * those entries.  If free_val is provided, invoked it every value in \
+   * <b>map</b>. */                                                     \
+  MOCK_IMPL(void,                                                       \
+  prefix##_free, (maptype *map, void (*free_val)(void*)))               \
+  {                                                                     \
+    prefix##_entry_t **ent, **next, *this;                              \
+    if (!map)                                                           \
+      return;                                                           \
+    for (ent = HT_START(prefix##_impl, &map->head); ent != NULL;        \
+         ent = next) {                                                  \
+      this = *ent;                                                      \
+      next = HT_NEXT_RMV(prefix##_impl, &map->head, ent);               \
+      if (free_val)                                                     \
+        free_val(this->val);                                            \
+      prefix##_entry_free(this);                                        \
+    }                                                                   \
+    tor_assert(HT_EMPTY(&map->head));                                   \
+    HT_CLEAR(prefix##_impl, &map->head);                                \
+    tor_free(map);                                                      \
+  }                                                                     \
+                                                                        \
+  /** return an <b>iterator</b> pointer to the front of a map.          \
+   *                                                                    \
+   * Iterator example:                                                  \
+   *                                                                    \
+   * \code                                                              \
+   * // uppercase values in "map", removing empty values.               \
+   *                                                                    \
+   * strmap_iter_t *iter;                                               \
+   * const char *key;                                                   \
+   * void *val;                                                         \
+   * char *cp;                                                          \
+   *                                                                    \
+   * for (iter = strmap_iter_init(map); !strmap_iter_done(iter); ) {    \
+   *    strmap_iter_get(iter, &key, &val);                              \
+   *    cp = (char*)val;                                                \
+   *    if (!*cp) {                                                     \
+   *       iter = strmap_iter_next_rmv(map,iter);                       \
+   *       free(val);                                                   \
+   *    } else {                                                        \
+   *       for (;*cp;cp++) *cp = TOR_TOUPPER(*cp);                      \
+   */                                                                   \
+  prefix##_iter_t *                                                     \
+  prefix##_iter_init(maptype *map)                                      \
+  {                                                                     \
+    tor_assert(map);                                                    \
+    return HT_START(prefix##_impl, &map->head);                         \
+  }                                                                     \
+                                                                        \
+  /** Advance <b>iter</b> a single step to the next entry, and return   \
+   * its new value. */                                                  \
+  prefix##_iter_t *                                                     \
+  prefix##_iter_next(maptype *map, prefix##_iter_t *iter)               \
+  {                                                                     \
+    tor_assert(map);                                                    \
+    tor_assert(iter);                                                   \
+    return HT_NEXT(prefix##_impl, &map->head, iter);                    \
+  }                                                                     \
+  /** Advance <b>iter</b> a single step to the next entry, removing the \
+   * current entry, and return its new value. */                        \
+  prefix##_iter_t *                                                     \
+  prefix##_iter_next_rmv(maptype *map, prefix##_iter_t *iter)           \
+  {                                                                     \
+    prefix##_entry_t *rmv;                                              \
+    tor_assert(map);                                                    \
+    tor_assert(iter);                                                   \
+    tor_assert(*iter);                                                  \
+    rmv = *iter;                                                        \
+    iter = HT_NEXT_RMV(prefix##_impl, &map->head, iter);                \
+    prefix##_entry_free(rmv);                                           \
+    return iter;                                                        \
+  }                                                                     \
+  /** Set *<b>keyp</b> and *<b>valp</b> to the current entry pointed    \
+   * to by iter. */                                                     \
+  void                                                                  \
+  prefix##_iter_get(prefix##_iter_t *iter, const keytype *keyp,         \
+                    void **valp)                                        \
+  {                                                                     \
+    tor_assert(iter);                                                   \
+    tor_assert(*iter);                                                  \
+    tor_assert(keyp);                                                   \
+    tor_assert(valp);                                                   \
+    *keyp = (*iter)->key;                                               \
+    *valp = (*iter)->val;                                               \
+  }                                                                     \
+  /** Return true iff <b>iter</b> has advanced past the last entry of   \
+   * <b>map</b>. */                                                     \
+  int                                                                   \
+  prefix##_iter_done(prefix##_iter_t *iter)                             \
+  {                                                                     \
+    return iter == NULL;                                                \
   }
-}
 
-/** Like strmap_remove() above but for digestmaps. */
-void *
-digestmap_remove(digestmap_t *map, const char *key)
-{
-  digestmap_entry_t *resolve;
-  digestmap_entry_t search;
-  void *oldval;
-  tor_assert(map);
-  tor_assert(key);
-  memcpy(&search.key, key, DIGEST_LEN);
-  resolve = HT_REMOVE(digestmap_impl, &map->head, &search);
-  if (resolve) {
-    oldval = resolve->val;
-    tor_free(resolve);
-    return oldval;
-  } else {
-    return NULL;
-  }
-}
+IMPLEMENT_MAP_FNS(strmap_t, char *, strmap)
+IMPLEMENT_MAP_FNS(digestmap_t, char *, digestmap)
+IMPLEMENT_MAP_FNS(digest256map_t, uint8_t *, digest256map)
 
 /** Same as strmap_set, but first converts <b>key</b> to lowercase. */
 void *
@@ -1287,231 +1449,6 @@ strmap_remove_lc(strmap_t *map, const char *key)
   return v;
 }
 
-/** return an <b>iterator</b> pointer to the front of a map.
- *
- * Iterator example:
- *
- * \code
- * // uppercase values in "map", removing empty values.
- *
- * strmap_iter_t *iter;
- * const char *key;
- * void *val;
- * char *cp;
- *
- * for (iter = strmap_iter_init(map); !strmap_iter_done(iter); ) {
- *    strmap_iter_get(iter, &key, &val);
- *    cp = (char*)val;
- *    if (!*cp) {
- *       iter = strmap_iter_next_rmv(map,iter);
- *       free(val);
- *    } else {
- *       for (;*cp;cp++) *cp = TOR_TOUPPER(*cp);
- *       iter = strmap_iter_next(map,iter);
- *    }
- * }
- * \endcode
- *
- */
-strmap_iter_t *
-strmap_iter_init(strmap_t *map)
-{
-  tor_assert(map);
-  return HT_START(strmap_impl, &map->head);
-}
-
-/** Start iterating through <b>map</b>.  See strmap_iter_init() for example. */
-digestmap_iter_t *
-digestmap_iter_init(digestmap_t *map)
-{
-  tor_assert(map);
-  return HT_START(digestmap_impl, &map->head);
-}
-
-/** Advance the iterator <b>iter</b> for <b>map</b> a single step to the next
- * entry, and return its new value. */
-strmap_iter_t *
-strmap_iter_next(strmap_t *map, strmap_iter_t *iter)
-{
-  tor_assert(map);
-  tor_assert(iter);
-  return HT_NEXT(strmap_impl, &map->head, iter);
-}
-
-/** Advance the iterator <b>iter</b> for map a single step to the next entry,
- * and return its new value. */
-digestmap_iter_t *
-digestmap_iter_next(digestmap_t *map, digestmap_iter_t *iter)
-{
-  tor_assert(map);
-  tor_assert(iter);
-  return HT_NEXT(digestmap_impl, &map->head, iter);
-}
-
-/** Advance the iterator <b>iter</b> a single step to the next entry, removing
- * the current entry, and return its new value.
- */
-strmap_iter_t *
-strmap_iter_next_rmv(strmap_t *map, strmap_iter_t *iter)
-{
-  strmap_entry_t *rmv;
-  tor_assert(map);
-  tor_assert(iter);
-  tor_assert(*iter);
-  rmv = *iter;
-  iter = HT_NEXT_RMV(strmap_impl, &map->head, iter);
-  tor_free(rmv->key);
-  tor_free(rmv);
-  return iter;
-}
-
-/** Advance the iterator <b>iter</b> a single step to the next entry, removing
- * the current entry, and return its new value.
- */
-digestmap_iter_t *
-digestmap_iter_next_rmv(digestmap_t *map, digestmap_iter_t *iter)
-{
-  digestmap_entry_t *rmv;
-  tor_assert(map);
-  tor_assert(iter);
-  tor_assert(*iter);
-  rmv = *iter;
-  iter = HT_NEXT_RMV(digestmap_impl, &map->head, iter);
-  tor_free(rmv);
-  return iter;
-}
-
-/** Set *<b>keyp</b> and *<b>valp</b> to the current entry pointed to by
- * iter. */
-void
-strmap_iter_get(strmap_iter_t *iter, const char **keyp, void **valp)
-{
-  tor_assert(iter);
-  tor_assert(*iter);
-  tor_assert(keyp);
-  tor_assert(valp);
-  *keyp = (*iter)->key;
-  *valp = (*iter)->val;
-}
-
-/** Set *<b>keyp</b> and *<b>valp</b> to the current entry pointed to by
- * iter. */
-void
-digestmap_iter_get(digestmap_iter_t *iter, const char **keyp, void **valp)
-{
-  tor_assert(iter);
-  tor_assert(*iter);
-  tor_assert(keyp);
-  tor_assert(valp);
-  *keyp = (*iter)->key;
-  *valp = (*iter)->val;
-}
-
-/** Return true iff <b>iter</b> has advanced past the last entry of
- * <b>map</b>. */
-int
-strmap_iter_done(strmap_iter_t *iter)
-{
-  return iter == NULL;
-}
-
-/** Return true iff <b>iter</b> has advanced past the last entry of
- * <b>map</b>. */
-int
-digestmap_iter_done(digestmap_iter_t *iter)
-{
-  return iter == NULL;
-}
-
-/** Remove all entries from <b>map</b>, and deallocate storage for those
- * entries.  If free_val is provided, it is invoked on every value in
- * <b>map</b>.
- */
-void
-strmap_free(strmap_t *map, void (*free_val)(void*))
-{
-  strmap_entry_t **ent, **next, *this;
-  if (!map)
-    return;
-
-  for (ent = HT_START(strmap_impl, &map->head); ent != NULL; ent = next) {
-    this = *ent;
-    next = HT_NEXT_RMV(strmap_impl, &map->head, ent);
-    tor_free(this->key);
-    if (free_val)
-      free_val(this->val);
-    tor_free(this);
-  }
-  tor_assert(HT_EMPTY(&map->head));
-  HT_CLEAR(strmap_impl, &map->head);
-  tor_free(map);
-}
-
-/** Remove all entries from <b>map</b>, and deallocate storage for those
- * entries.  If free_val is provided, it is invoked on every value in
- * <b>map</b>.
- */
-void
-digestmap_free(digestmap_t *map, void (*free_val)(void*))
-{
-  digestmap_entry_t **ent, **next, *this;
-  if (!map)
-    return;
-  for (ent = HT_START(digestmap_impl, &map->head); ent != NULL; ent = next) {
-    this = *ent;
-    next = HT_NEXT_RMV(digestmap_impl, &map->head, ent);
-    if (free_val)
-      free_val(this->val);
-    tor_free(this);
-  }
-  tor_assert(HT_EMPTY(&map->head));
-  HT_CLEAR(digestmap_impl, &map->head);
-  tor_free(map);
-}
-
-/** Fail with an assertion error if anything has gone wrong with the internal
- * representation of <b>map</b>. */
-void
-strmap_assert_ok(const strmap_t *map)
-{
-  tor_assert(!strmap_impl_HT_REP_IS_BAD_(&map->head));
-}
-/** Fail with an assertion error if anything has gone wrong with the internal
- * representation of <b>map</b>. */
-void
-digestmap_assert_ok(const digestmap_t *map)
-{
-  tor_assert(!digestmap_impl_HT_REP_IS_BAD_(&map->head));
-}
-
-/** Return true iff <b>map</b> has no entries. */
-int
-strmap_isempty(const strmap_t *map)
-{
-  return HT_EMPTY(&map->head);
-}
-
-/** Return true iff <b>map</b> has no entries. */
-int
-digestmap_isempty(const digestmap_t *map)
-{
-  return HT_EMPTY(&map->head);
-}
-
-/** Return the number of items in <b>map</b>. */
-int
-strmap_size(const strmap_t *map)
-{
-  return HT_SIZE(&map->head);
-}
-
-/** Return the number of items in <b>map</b>. */
-int
-digestmap_size(const digestmap_t *map)
-{
-  return HT_SIZE(&map->head);
-}
-
 /** Declare a function called <b>funcname</b> that acts as a find_nth_FOO
  * function for an array of type <b>elt_t</b>*.
  *
diff --git a/src/common/container.h b/src/common/container.h
index 0d31f2093b..92ad3f5ec7 100644
--- a/src/common/container.h
+++ b/src/common/container.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CONTAINER_H
@@ -27,8 +27,8 @@ typedef struct smartlist_t {
   /** @} */
 } smartlist_t;
 
-smartlist_t *smartlist_new(void);
-void smartlist_free(smartlist_t *sl);
+MOCK_DECL(smartlist_t *, smartlist_new, (void));
+MOCK_DECL(void, smartlist_free, (smartlist_t *sl));
 void smartlist_clear(smartlist_t *sl);
 void smartlist_add(smartlist_t *sl, void *element);
 void smartlist_add_all(smartlist_t *sl, const smartlist_t *s2);
@@ -38,6 +38,7 @@ void smartlist_reverse(smartlist_t *sl);
 void smartlist_string_remove(smartlist_t *sl, const char *element);
 int smartlist_contains(const smartlist_t *sl, const void *element);
 int smartlist_contains_string(const smartlist_t *sl, const char *element);
+int smartlist_pos(const smartlist_t *sl, const void *element);
 int smartlist_string_pos(const smartlist_t *, const char *elt);
 int smartlist_contains_string_case(const smartlist_t *sl, const char *element);
 int smartlist_contains_int_as_string(const smartlist_t *sl, int num);
@@ -52,21 +53,21 @@ void smartlist_subtract(smartlist_t *sl1, const smartlist_t *sl2);
 #ifdef DEBUG_SMARTLIST
 /** Return the number of items in sl.
  */
-static INLINE int smartlist_len(const smartlist_t *sl);
-static INLINE int smartlist_len(const smartlist_t *sl) {
+static inline int smartlist_len(const smartlist_t *sl);
+static inline int smartlist_len(const smartlist_t *sl) {
   tor_assert(sl);
   return (sl)->num_used;
 }
 /** Return the <b>idx</b>th element of sl.
  */
-static INLINE void *smartlist_get(const smartlist_t *sl, int idx);
-static INLINE void *smartlist_get(const smartlist_t *sl, int idx) {
+static inline void *smartlist_get(const smartlist_t *sl, int idx);
+static inline void *smartlist_get(const smartlist_t *sl, int idx) {
   tor_assert(sl);
   tor_assert(idx>=0);
   tor_assert(sl->num_used > idx);
   return sl->list[idx];
 }
-static INLINE void smartlist_set(smartlist_t *sl, int idx, void *val) {
+static inline void smartlist_set(smartlist_t *sl, int idx, void *val) {
   tor_assert(sl);
   tor_assert(idx>=0);
   tor_assert(sl->num_used > idx);
@@ -80,7 +81,7 @@ static INLINE void smartlist_set(smartlist_t *sl, int idx, void *val) {
 
 /** Exchange the elements at indices <b>idx1</b> and <b>idx2</b> of the
  * smartlist <b>sl</b>. */
-static INLINE void smartlist_swap(smartlist_t *sl, int idx1, int idx2)
+static inline void smartlist_swap(smartlist_t *sl, int idx1, int idx2)
 {
   if (idx1 != idx2) {
     void *elt = smartlist_get(sl, idx1);
@@ -94,8 +95,11 @@ void smartlist_del_keeporder(smartlist_t *sl, int idx);
 void smartlist_insert(smartlist_t *sl, int idx, void *val);
 void smartlist_sort(smartlist_t *sl,
                     int (*compare)(const void **a, const void **b));
-void *smartlist_get_most_frequent(const smartlist_t *sl,
-                    int (*compare)(const void **a, const void **b));
+void *smartlist_get_most_frequent_(const smartlist_t *sl,
+                    int (*compare)(const void **a, const void **b),
+                    int *count_out);
+#define smartlist_get_most_frequent(sl, compare) \
+  smartlist_get_most_frequent_((sl), (compare), NULL)
 void smartlist_uniq(smartlist_t *sl,
                     int (*compare)(const void **a, const void **b),
                     void (*free_fn)(void *elt));
@@ -105,8 +109,10 @@ void smartlist_sort_digests(smartlist_t *sl);
 void smartlist_sort_digests256(smartlist_t *sl);
 void smartlist_sort_pointers(smartlist_t *sl);
 
-char *smartlist_get_most_frequent_string(smartlist_t *sl);
-char *smartlist_get_most_frequent_digest256(smartlist_t *sl);
+const char *smartlist_get_most_frequent_string(smartlist_t *sl);
+const char *smartlist_get_most_frequent_string_(smartlist_t *sl,
+                                                int *count_out);
+const uint8_t *smartlist_get_most_frequent_digest256(smartlist_t *sl);
 
 void smartlist_uniq_strings(smartlist_t *sl);
 void smartlist_uniq_digests(smartlist_t *sl);
@@ -243,6 +249,16 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join,
   STMT_END
 
 /** Helper: While in a SMARTLIST_FOREACH loop over the list <b>sl</b> indexed
+ * with the variable <b>var</b>, remove the current element in a way that
+ * won't confuse the loop. */
+#define SMARTLIST_DEL_CURRENT_KEEPORDER(sl, var)          \
+  STMT_BEGIN                                              \
+     smartlist_del_keeporder(sl, var ## _sl_idx);         \
+     --var ## _sl_idx;                                    \
+     --var ## _sl_len;                                    \
+  STMT_END
+
+/** Helper: While in a SMARTLIST_FOREACH loop over the list <b>sl</b> indexed
  * with the variable <b>var</b>, replace the current element with <b>val</b>.
  * Does not deallocate the current value of <b>var</b>.
  */
@@ -328,11 +344,11 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join,
 #define DECLARE_MAP_FNS(maptype, keytype, prefix)                       \
   typedef struct maptype maptype;                                       \
   typedef struct prefix##entry_t *prefix##iter_t;                       \
-  maptype* prefix##new(void);                                           \
+  MOCK_DECL(maptype*, prefix##new, (void));                             \
   void* prefix##set(maptype *map, keytype key, void *val);              \
   void* prefix##get(const maptype *map, keytype key);                   \
   void* prefix##remove(maptype *map, keytype key);                      \
-  void prefix##free(maptype *map, void (*free_val)(void*));             \
+  MOCK_DECL(void, prefix##free, (maptype *map, void (*free_val)(void*))); \
   int prefix##isempty(const maptype *map);                              \
   int prefix##size(const maptype *map);                                 \
   prefix##iter_t *prefix##iter_init(maptype *map);                      \
@@ -346,6 +362,9 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join,
 DECLARE_MAP_FNS(strmap_t, const char *, strmap_);
 /* Map from const char[DIGEST_LEN] to void *. Implemented with a hash table. */
 DECLARE_MAP_FNS(digestmap_t, const char *, digestmap_);
+/* Map from const uint8_t[DIGEST256_LEN] to void *. Implemented with a hash
+ * table. */
+DECLARE_MAP_FNS(digest256map_t, const uint8_t *, digest256map_);
 
 #undef DECLARE_MAP_FNS
 
@@ -461,6 +480,13 @@ DECLARE_MAP_FNS(digestmap_t, const char *, digestmap_);
 /** Used to end a DIGESTMAP_FOREACH() block. */
 #define DIGESTMAP_FOREACH_END MAP_FOREACH_END
 
+#define DIGEST256MAP_FOREACH(map, keyvar, valtype, valvar)               \
+  MAP_FOREACH(digest256map_, map, const uint8_t *, keyvar, valtype, valvar)
+#define DIGEST256MAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)       \
+  MAP_FOREACH_MODIFY(digest256map_, map, const uint8_t *,               \
+                     keyvar, valtype, valvar)
+#define DIGEST256MAP_FOREACH_END MAP_FOREACH_END
+
 #define STRMAP_FOREACH(map, keyvar, valtype, valvar)                 \
   MAP_FOREACH(strmap_, map, const char *, keyvar, valtype, valvar)
 #define STRMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)          \
@@ -473,65 +499,65 @@ void* strmap_remove_lc(strmap_t *map, const char *key);
 
 #define DECLARE_TYPED_DIGESTMAP_FNS(prefix, maptype, valtype)           \
   typedef struct maptype maptype;                                       \
-  typedef struct prefix##iter_t prefix##iter_t;                         \
-  ATTR_UNUSED static INLINE maptype*                                    \
+  typedef struct prefix##iter_t *prefix##iter_t;                        \
+  ATTR_UNUSED static inline maptype*                                    \
   prefix##new(void)                                                     \
   {                                                                     \
     return (maptype*)digestmap_new();                                   \
   }                                                                     \
-  ATTR_UNUSED static INLINE digestmap_t*                                \
+  ATTR_UNUSED static inline digestmap_t*                                \
   prefix##to_digestmap(maptype *map)                                    \
   {                                                                     \
     return (digestmap_t*)map;                                           \
   }                                                                     \
-  ATTR_UNUSED static INLINE valtype*                                    \
+  ATTR_UNUSED static inline valtype*                                    \
   prefix##get(maptype *map, const char *key)     \
   {                                                                     \
     return (valtype*)digestmap_get((digestmap_t*)map, key);             \
   }                                                                     \
-  ATTR_UNUSED static INLINE valtype*                                    \
+  ATTR_UNUSED static inline valtype*                                    \
   prefix##set(maptype *map, const char *key, valtype *val)              \
   {                                                                     \
     return (valtype*)digestmap_set((digestmap_t*)map, key, val);        \
   }                                                                     \
-  ATTR_UNUSED static INLINE valtype*                                    \
+  ATTR_UNUSED static inline valtype*                                    \
   prefix##remove(maptype *map, const char *key)                         \
   {                                                                     \
     return (valtype*)digestmap_remove((digestmap_t*)map, key);          \
   }                                                                     \
-  ATTR_UNUSED static INLINE void                                        \
+  ATTR_UNUSED static inline void                                        \
   prefix##free(maptype *map, void (*free_val)(void*))                   \
   {                                                                     \
     digestmap_free((digestmap_t*)map, free_val);                        \
   }                                                                     \
-  ATTR_UNUSED static INLINE int                                         \
+  ATTR_UNUSED static inline int                                         \
   prefix##isempty(maptype *map)                                         \
   {                                                                     \
     return digestmap_isempty((digestmap_t*)map);                        \
   }                                                                     \
-  ATTR_UNUSED static INLINE int                                         \
+  ATTR_UNUSED static inline int                                         \
   prefix##size(maptype *map)                                            \
   {                                                                     \
     return digestmap_size((digestmap_t*)map);                           \
   }                                                                     \
-  ATTR_UNUSED static INLINE                                             \
+  ATTR_UNUSED static inline                                             \
   prefix##iter_t *prefix##iter_init(maptype *map)                       \
   {                                                                     \
     return (prefix##iter_t*) digestmap_iter_init((digestmap_t*)map);    \
   }                                                                     \
-  ATTR_UNUSED static INLINE                                             \
+  ATTR_UNUSED static inline                                             \
   prefix##iter_t *prefix##iter_next(maptype *map, prefix##iter_t *iter) \
   {                                                                     \
     return (prefix##iter_t*) digestmap_iter_next(                       \
                        (digestmap_t*)map, (digestmap_iter_t*)iter);     \
   }                                                                     \
-  ATTR_UNUSED static INLINE prefix##iter_t*                             \
+  ATTR_UNUSED static inline prefix##iter_t*                             \
   prefix##iter_next_rmv(maptype *map, prefix##iter_t *iter)             \
   {                                                                     \
     return (prefix##iter_t*) digestmap_iter_next_rmv(                   \
                        (digestmap_t*)map, (digestmap_iter_t*)iter);     \
   }                                                                     \
-  ATTR_UNUSED static INLINE void                                        \
+  ATTR_UNUSED static inline void                                        \
   prefix##iter_get(prefix##iter_t *iter,                                \
                    const char **keyp,                                   \
                    valtype **valp)                                      \
@@ -540,7 +566,7 @@ void* strmap_remove_lc(strmap_t *map, const char *key);
     digestmap_iter_get((digestmap_iter_t*) iter, keyp, &v);             \
     *valp = v;                                                          \
   }                                                                     \
-  ATTR_UNUSED static INLINE int                                         \
+  ATTR_UNUSED static inline int                                         \
   prefix##iter_done(prefix##iter_t *iter)                               \
   {                                                                     \
     return digestmap_iter_done((digestmap_iter_t*)iter);                \
@@ -558,17 +584,17 @@ void* strmap_remove_lc(strmap_t *map, const char *key);
 /** A random-access array of one-bit-wide elements. */
 typedef unsigned int bitarray_t;
 /** Create a new bit array that can hold <b>n_bits</b> bits. */
-static INLINE bitarray_t *
+static inline bitarray_t *
 bitarray_init_zero(unsigned int n_bits)
 {
   /* round up to the next int. */
   size_t sz = (n_bits+BITARRAY_MASK) >> BITARRAY_SHIFT;
-  return tor_malloc_zero(sz*sizeof(unsigned int));
+  return tor_calloc(sz, sizeof(unsigned int));
 }
 /** Expand <b>ba</b> from holding <b>n_bits_old</b> to <b>n_bits_new</b>,
  * clearing all new bits.  Returns a possibly changed pointer to the
  * bitarray. */
-static INLINE bitarray_t *
+static inline bitarray_t *
 bitarray_expand(bitarray_t *ba,
                 unsigned int n_bits_old, unsigned int n_bits_new)
 {
@@ -577,7 +603,7 @@ bitarray_expand(bitarray_t *ba,
   char *ptr;
   if (sz_new <= sz_old)
     return ba;
-  ptr = tor_realloc(ba, sz_new*sizeof(unsigned int));
+  ptr = tor_reallocarray(ba, sz_new, sizeof(unsigned int));
   /* This memset does nothing to the older excess bytes.  But they were
    * already set to 0 by bitarry_init_zero. */
   memset(ptr+sz_old*sizeof(unsigned int), 0,
@@ -585,26 +611,26 @@ bitarray_expand(bitarray_t *ba,
   return (bitarray_t*) ptr;
 }
 /** Free the bit array <b>ba</b>. */
-static INLINE void
+static inline void
 bitarray_free(bitarray_t *ba)
 {
   tor_free(ba);
 }
 /** Set the <b>bit</b>th bit in <b>b</b> to 1. */
-static INLINE void
+static inline void
 bitarray_set(bitarray_t *b, int bit)
 {
   b[bit >> BITARRAY_SHIFT] |= (1u << (bit & BITARRAY_MASK));
 }
 /** Set the <b>bit</b>th bit in <b>b</b> to 0. */
-static INLINE void
+static inline void
 bitarray_clear(bitarray_t *b, int bit)
 {
   b[bit >> BITARRAY_SHIFT] &= ~ (1u << (bit & BITARRAY_MASK));
 }
 /** Return true iff <b>bit</b>th bit in <b>b</b> is nonzero.  NOTE: does
  * not necessarily return 1 on true. */
-static INLINE unsigned int
+static inline unsigned int
 bitarray_is_set(bitarray_t *b, int bit)
 {
   return b[bit >> BITARRAY_SHIFT] & (1u << (bit & BITARRAY_MASK));
@@ -619,7 +645,7 @@ typedef struct {
 
 #define BIT(n) ((n) & set->mask)
 /** Add the digest <b>digest</b> to <b>set</b>. */
-static INLINE void
+static inline void
 digestset_add(digestset_t *set, const char *digest)
 {
   const uint64_t x = siphash24g(digest, 20);
@@ -635,7 +661,7 @@ digestset_add(digestset_t *set, const char *digest)
 
 /** If <b>digest</b> is in <b>set</b>, return nonzero.  Otherwise,
  * <em>probably</em> return zero. */
-static INLINE int
+static inline int
 digestset_contains(const digestset_t *set, const char *digest)
 {
   const uint64_t x = siphash24g(digest, 20);
@@ -663,31 +689,37 @@ double find_nth_double(double *array, int n_elements, int nth);
 int32_t find_nth_int32(int32_t *array, int n_elements, int nth);
 uint32_t find_nth_uint32(uint32_t *array, int n_elements, int nth);
 long find_nth_long(long *array, int n_elements, int nth);
-static INLINE int
+static inline int
 median_int(int *array, int n_elements)
 {
   return find_nth_int(array, n_elements, (n_elements-1)/2);
 }
-static INLINE time_t
+static inline time_t
 median_time(time_t *array, int n_elements)
 {
   return find_nth_time(array, n_elements, (n_elements-1)/2);
 }
-static INLINE double
+static inline double
 median_double(double *array, int n_elements)
 {
   return find_nth_double(array, n_elements, (n_elements-1)/2);
 }
-static INLINE uint32_t
+static inline uint32_t
 median_uint32(uint32_t *array, int n_elements)
 {
   return find_nth_uint32(array, n_elements, (n_elements-1)/2);
 }
-static INLINE int32_t
+static inline int32_t
 median_int32(int32_t *array, int n_elements)
 {
   return find_nth_int32(array, n_elements, (n_elements-1)/2);
 }
 
+static inline uint32_t
+third_quartile_uint32(uint32_t *array, int n_elements)
+{
+  return find_nth_uint32(array, n_elements, (n_elements*3)/4);
+}
+
 #endif
 
diff --git a/src/common/crypto.c b/src/common/crypto.c
index f7362765d2..f7bb8ff1f9 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1,22 +1,20 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file crypto.c
  * \brief Wrapper functions to present a consistent interface to
- * public-key and symmetric cryptography operations from OpenSSL.
+ * public-key and symmetric cryptography operations from OpenSSL and
+ * other places.
  **/
 
 #include "orconfig.h"
 
 #ifdef _WIN32
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
-#endif
-#define WIN32_LEAN_AND_MEAN
+#include <winsock2.h>
 #include <windows.h>
 #include <wincrypt.h>
 /* Windows defines this; so does OpenSSL 0.9.8h and later. We don't actually
@@ -24,22 +22,50 @@
 #undef OCSP_RESPONSE
 #endif
 
+#define CRYPTO_PRIVATE
+#include "crypto.h"
+#include "compat_openssl.h"
+#include "crypto_curve25519.h"
+#include "crypto_ed25519.h"
+#include "crypto_format.h"
+
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice.
+ * Suppress the GCC warning so we can build with -Wredundant-decl. */
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 #include <openssl/rand.h>
-#include <openssl/opensslv.h>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/conf.h>
 #include <openssl/hmac.h>
 
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
+#endif
+
 #ifdef HAVE_CTYPE_H
 #include <ctype.h>
 #endif
 #ifdef HAVE_UNISTD_H
+#define _GNU_SOURCE
 #include <unistd.h>
 #endif
 #ifdef HAVE_FCNTL_H
@@ -48,18 +74,27 @@
 #ifdef HAVE_SYS_FCNTL_H
 #include <sys/fcntl.h>
 #endif
+#ifdef HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#endif
 
-#define CRYPTO_PRIVATE
-#include "crypto.h"
-#include "../common/torlog.h"
+#include "torlog.h"
 #include "aes.h"
-#include "../common/util.h"
+#include "util.h"
 #include "container.h"
 #include "compat.h"
 #include "sandbox.h"
+#include "util_format.h"
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
-#error "We require OpenSSL >= 0.9.8"
+#include "keccak-tiny/keccak-tiny.h"
+
+#ifdef __APPLE__
+/* Apple messed up their getentropy definitions in Sierra.  It's not insecure
+ * or anything (as far as I know) but it makes compatible builds hard.  0.2.9
+ * contains the necessary tricks to do it right: in 0.2.8, we're just using
+ * this blunt instrument.
+ */
+#undef HAVE_GETENTROPY
 #endif
 
 #ifdef ANDROID
@@ -67,15 +102,29 @@
 #define DISABLE_ENGINES
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
+  !defined(LIBRESSL_VERSION_NUMBER)
+/* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
+ * seting up various callbacks.
+ *
+ * OpenSSL 1.1.0pre4 has a messed up `ERR_remove_thread_state()` prototype,
+ * while the previous one was restored in pre5, and the function made a no-op
+ * (along with a deprecated annotation, which produces a compiler warning).
+ *
+ * While it is possible to support all three versions of the thread API,
+ * a version that existed only for one snapshot pre-release is kind of
+ * pointless, so let's not.
+ */
+#define NEW_THREAD_API
+#endif
+
 /** Longest recognized */
 #define MAX_DNS_LABEL_SIZE 63
 
-/** Macro: is k a valid RSA public or private key? */
-#define PUBLIC_KEY_OK(k) ((k) && (k)->key && (k)->key->n)
-/** Macro: is k a valid RSA private key? */
-#define PRIVATE_KEY_OK(k) ((k) && (k)->key && (k)->key->p)
+/** Largest strong entropy request */
+#define MAX_STRONGEST_RAND_SIZE 256
 
-#ifdef TOR_IS_MULTITHREADED
+#ifndef NEW_THREAD_API
 /** A number of preallocated mutexes for use by OpenSSL. */
 static tor_mutex_t **openssl_mutexes_ = NULL;
 /** How many mutexes have we allocated for use by OpenSSL? */
@@ -105,11 +154,11 @@ struct crypto_dh_t {
 };
 
 static int setup_openssl_threading(void);
-static int tor_check_dh_key(int severity, BIGNUM *bn);
+static int tor_check_dh_key(int severity, const BIGNUM *bn);
 
 /** Return the number of bytes added by padding method <b>padding</b>.
  */
-static INLINE int
+static inline int
 crypto_get_rsa_padding_overhead(int padding)
 {
   switch (padding)
@@ -121,7 +170,7 @@ crypto_get_rsa_padding_overhead(int padding)
 
 /** Given a padding method <b>padding</b>, return the correct OpenSSL constant.
  */
-static INLINE int
+static inline int
 crypto_get_rsa_padding(int padding)
 {
   switch (padding)
@@ -226,7 +275,7 @@ const char *
 crypto_openssl_get_version_str(void)
 {
   if (crypto_openssl_version_str == NULL) {
-    const char *raw_version = SSLeay_version(SSLEAY_VERSION);
+    const char *raw_version = OpenSSL_version(OPENSSL_VERSION);
     crypto_openssl_version_str = parse_openssl_version_str(raw_version);
   }
   return crypto_openssl_version_str;
@@ -247,14 +296,16 @@ crypto_openssl_get_header_version_str(void)
 
 /** Make sure that openssl is using its default PRNG. Return 1 if we had to
  * adjust it; 0 otherwise. */
-static int
+STATIC int
 crypto_force_rand_ssleay(void)
 {
-  if (RAND_get_rand_method() != RAND_SSLeay()) {
+  RAND_METHOD *default_method;
+  default_method = RAND_OpenSSL();
+  if (RAND_get_rand_method() != default_method) {
     log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
                "a replacement the OpenSSL RNG. Resetting it to the default "
                "implementation.");
-    RAND_set_rand_method(RAND_SSLeay());
+    RAND_set_rand_method(default_method);
     return 1;
   }
   return 0;
@@ -269,8 +320,7 @@ crypto_init_siphash_key(void)
   if (have_seeded_siphash)
     return 0;
 
-  if (crypto_rand((char*) &key, sizeof(key)) < 0)
-    return -1;
+  crypto_rand((char*) &key, sizeof(key));
   siphash_set_global_key(&key);
   have_seeded_siphash = 1;
   return 0;
@@ -290,31 +340,29 @@ crypto_early_init(void)
 
     setup_openssl_threading();
 
-    if (SSLeay() == OPENSSL_VERSION_NUMBER &&
-        !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) {
+    unsigned long version_num = OpenSSL_version_num();
+    const char *version_str = OpenSSL_version(OPENSSL_VERSION);
+    if (version_num == OPENSSL_VERSION_NUMBER &&
+        !strcmp(version_str, OPENSSL_VERSION_TEXT)) {
       log_info(LD_CRYPTO, "OpenSSL version matches version from headers "
-                 "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION));
+                 "(%lx: %s).", version_num, version_str);
     } else {
       log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the "
                "version we're running with. If you get weird crashes, that "
                "might be why. (Compiled with %lx: %s; running with %lx: %s).",
                (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
-               SSLeay(), SSLeay_version(SSLEAY_VERSION));
-    }
-
-    if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
-      log_notice(LD_CRYPTO,
-                 "Your OpenSSL version seems to be %s. We recommend 1.0.0 "
-                 "or later.",
-                 crypto_openssl_get_version_str());
+               version_num, version_str);
     }
 
     crypto_force_rand_ssleay();
 
-    if (crypto_seed_rng(1) < 0)
+    if (crypto_seed_rng() < 0)
       return -1;
     if (crypto_init_siphash_key() < 0)
       return -1;
+
+    curve25519_init();
+    ed25519_init();
   }
   return 0;
 }
@@ -325,7 +373,8 @@ int
 crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 {
   if (!crypto_global_initialized_) {
-    crypto_early_init();
+    if (crypto_early_init() < 0)
+      return -1;
 
     crypto_global_initialized_ = 1;
 
@@ -368,8 +417,12 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
          used by Tor and the set of algorithms available in the engine */
       log_engine("RSA", ENGINE_get_default_RSA());
       log_engine("DH", ENGINE_get_default_DH());
+#ifdef OPENSSL_1_1_API
+      log_engine("EC", ENGINE_get_default_EC());
+#else
       log_engine("ECDH", ENGINE_get_default_ECDH());
       log_engine("ECDSA", ENGINE_get_default_ECDSA());
+#endif
       log_engine("RAND", ENGINE_get_default_RAND());
       log_engine("RAND (which we will not use)", ENGINE_get_default_RAND());
       log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
@@ -393,7 +446,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
     }
 
     if (crypto_force_rand_ssleay()) {
-      if (crypto_seed_rng(1) < 0)
+      if (crypto_seed_rng() < 0)
         return -1;
     }
 
@@ -407,7 +460,27 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 void
 crypto_thread_cleanup(void)
 {
-  ERR_remove_state(0);
+#ifndef NEW_THREAD_API
+  ERR_remove_thread_state(NULL);
+#endif
+}
+
+/** used internally: quicly validate a crypto_pk_t object as a private key.
+ * Return 1 iff the public key is valid, 0 if obviously invalid.
+ */
+static int
+crypto_pk_private_ok(const crypto_pk_t *k)
+{
+#ifdef OPENSSL_1_1_API
+  if (!k || !k->key)
+    return 0;
+
+  const BIGNUM *p, *q;
+  RSA_get0_factors(k->key, &p, &q);
+  return p != NULL; /* XXX/yawning: Should we check q? */
+#else
+  return k && k->key && k->key->p;
+#endif
 }
 
 /** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -431,9 +504,10 @@ crypto_pk_get_rsa_(crypto_pk_t *env)
 }
 
 /** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t.  Iff
- * private is set, include the private-key portion of the key. */
-EVP_PKEY *
-crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
+ * private is set, include the private-key portion of the key. Return a valid
+ * pointer on success, and NULL on failure. */
+MOCK_IMPL(EVP_PKEY *,
+          crypto_pk_get_evp_pkey_,(crypto_pk_t *env, int private))
 {
   RSA *key = NULL;
   EVP_PKEY *pkey = NULL;
@@ -469,8 +543,8 @@ crypto_dh_get_dh_(crypto_dh_t *dh)
 /** Allocate and return storage for a public key.  The key itself will not yet
  * be set.
  */
-crypto_pk_t *
-crypto_pk_new(void)
+MOCK_IMPL(crypto_pk_t *,
+          crypto_pk_new,(void))
 {
   RSA *rsa;
 
@@ -552,8 +626,8 @@ crypto_cipher_free(crypto_cipher_t *env)
 /** Generate a <b>bits</b>-bit new public/private keypair in <b>env</b>.
  * Return 0 on success, -1 on failure.
  */
-int
-crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
+MOCK_IMPL(int,
+          crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits))
 {
   tor_assert(env);
 
@@ -657,7 +731,8 @@ crypto_pk_read_private_key_from_filename(crypto_pk_t *env,
   return 0;
 }
 
-/** Helper function to implement crypto_pk_write_*_key_to_string. */
+/** Helper function to implement crypto_pk_write_*_key_to_string. Return 0 on
+ * success, -1 on failure. */
 static int
 crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
                                    size_t *len, int is_public)
@@ -689,14 +764,13 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
   }
 
   BIO_get_mem_ptr(b, &buf);
-  (void)BIO_set_close(b, BIO_NOCLOSE); /* so BIO_free doesn't free buf */
-  BIO_free(b);
 
   *dest = tor_malloc(buf->length+1);
   memcpy(*dest, buf->data, buf->length);
   (*dest)[buf->length] = 0; /* nul terminate it */
   *len = buf->length;
-  BUF_MEM_free(buf);
+
+  BIO_free(b);
 
   return 0;
 }
@@ -770,7 +844,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
   char *s;
   int r;
 
-  tor_assert(PRIVATE_KEY_OK(env));
+  tor_assert(crypto_pk_private_ok(env));
 
   if (!(bio = BIO_new(BIO_s_mem())))
     return -1;
@@ -812,7 +886,7 @@ int
 crypto_pk_key_is_private(const crypto_pk_t *key)
 {
   tor_assert(key);
-  return PRIVATE_KEY_OK(key);
+  return crypto_pk_private_ok(key);
 }
 
 /** Return true iff <b>env</b> contains a public key whose public exponent
@@ -824,7 +898,15 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
   tor_assert(env);
   tor_assert(env->key);
 
-  return BN_is_word(env->key->e, 65537);
+  const BIGNUM *e;
+
+#ifdef OPENSSL_1_1_API
+  const BIGNUM *n, *d;
+  RSA_get0_key(env->key, &n, &e, &d);
+#else
+  e = env->key->e;
+#endif
+  return BN_is_word(e, 65537);
 }
 
 /** Compare the public-key components of a and b.  Return less than 0
@@ -834,7 +916,7 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
  * Note that this may leak information about the keys through timing.
  */
 int
-crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
+crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b)
 {
   int result;
   char a_is_non_null = (a != NULL) && (a->key != NULL);
@@ -845,12 +927,27 @@ crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
   if (an_argument_is_null)
     return result;
 
-  tor_assert(PUBLIC_KEY_OK(a));
-  tor_assert(PUBLIC_KEY_OK(b));
-  result = BN_cmp((a->key)->n, (b->key)->n);
+  const BIGNUM *a_n, *a_e;
+  const BIGNUM *b_n, *b_e;
+
+#ifdef OPENSSL_1_1_API
+  const BIGNUM *a_d, *b_d;
+  RSA_get0_key(a->key, &a_n, &a_e, &a_d);
+  RSA_get0_key(b->key, &b_n, &b_e, &b_d);
+#else
+  a_n = a->key->n;
+  a_e = a->key->e;
+  b_n = b->key->n;
+  b_e = b->key->e;
+#endif
+
+  tor_assert(a_n != NULL && a_e != NULL);
+  tor_assert(b_n != NULL && b_e != NULL);
+
+  result = BN_cmp(a_n, b_n);
   if (result)
     return result;
-  return BN_cmp((a->key)->e, (b->key)->e);
+  return BN_cmp(a_e, b_e);
 }
 
 /** Compare the public-key components of a and b.  Return non-zero iff
@@ -860,19 +957,19 @@ crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
  *  Note that this may leak information about the keys through timing.
  */
 int
-crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b)
+crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b)
 {
   return (crypto_pk_cmp_keys(a, b) == 0);
 }
 
 /** Return the size of the public key modulus in <b>env</b>, in bytes. */
 size_t
-crypto_pk_keysize(crypto_pk_t *env)
+crypto_pk_keysize(const crypto_pk_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
 
-  return (size_t) RSA_size(env->key);
+  return (size_t) RSA_size((RSA*)env->key);
 }
 
 /** Return the size of the public key modulus of <b>env</b>, in bits. */
@@ -881,9 +978,20 @@ crypto_pk_num_bits(crypto_pk_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
-  tor_assert(env->key->n);
 
+#ifdef OPENSSL_1_1_API
+  /* It's so stupid that there's no other way to check that n is valid
+   * before calling RSA_bits().
+   */
+  const BIGNUM *n, *e, *d;
+  RSA_get0_key(env->key, &n, &e, &d);
+  tor_assert(n != NULL);
+
+  return RSA_bits(env->key);
+#else
+  tor_assert(env->key->n);
   return BN_num_bits(env->key->n);
+#endif
 }
 
 /** Increase the reference count of <b>env</b>, and return it.
@@ -898,7 +1006,8 @@ crypto_pk_dup_key(crypto_pk_t *env)
   return env;
 }
 
-/** Make a real honest-to-goodness copy of <b>env</b>, and return it. */
+/** Make a real honest-to-goodness copy of <b>env</b>, and return it.
+ * Returns NULL on failure. */
 crypto_pk_t *
 crypto_pk_copy_full(crypto_pk_t *env)
 {
@@ -907,7 +1016,7 @@ crypto_pk_copy_full(crypto_pk_t *env)
   tor_assert(env);
   tor_assert(env->key);
 
-  if (PRIVATE_KEY_OK(env)) {
+  if (crypto_pk_private_ok(env)) {
     new_key = RSAPrivateKey_dup(env->key);
     privatekey = 1;
   } else {
@@ -976,7 +1085,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
   tor_assert(env->key);
   tor_assert(fromlen<INT_MAX);
   tor_assert(tolen >= crypto_pk_keysize(env));
-  if (!env->key->p)
+  if (!crypto_pk_key_is_private(env))
     /* Not a private key */
     return -1;
 
@@ -1001,7 +1110,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_public_checksig(crypto_pk_t *env, char *to,
+crypto_pk_public_checksig(const crypto_pk_t *env, char *to,
                           size_t tolen,
                           const char *from, size_t fromlen)
 {
@@ -1016,7 +1125,7 @@ crypto_pk_public_checksig(crypto_pk_t *env, char *to,
                          env->key, RSA_PKCS1_PADDING);
 
   if (r<0) {
-    crypto_log_errors(LOG_WARN, "checking RSA signature");
+    crypto_log_errors(LOG_INFO, "checking RSA signature");
     return -1;
   }
   return r;
@@ -1073,7 +1182,7 @@ crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
+crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
                        const char *from, size_t fromlen)
 {
   int r;
@@ -1082,13 +1191,13 @@ crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
   tor_assert(to);
   tor_assert(fromlen < INT_MAX);
   tor_assert(tolen >= crypto_pk_keysize(env));
-  if (!env->key->p)
+  if (!crypto_pk_key_is_private(env))
     /* Not a private key */
     return -1;
 
   r = RSA_private_encrypt((int)fromlen,
                           (unsigned char*)from, (unsigned char*)to,
-                          env->key, RSA_PKCS1_PADDING);
+                          (RSA*)env->key, RSA_PKCS1_PADDING);
   if (r<0) {
     crypto_log_errors(LOG_WARN, "generating RSA signature");
     return -1;
@@ -1190,7 +1299,8 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
   return -1;
 }
 
-/** Invert crypto_pk_public_hybrid_encrypt. */
+/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes
+ * written on success, -1 on failure. */
 int
 crypto_pk_private_hybrid_decrypt(crypto_pk_t *env,
                                  char *to,
@@ -1297,12 +1407,12 @@ crypto_pk_asn1_decode(const char *str, size_t len)
  * Return 0 on success, -1 on failure.
  */
 int
-crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out)
+crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
 {
   unsigned char *buf = NULL;
   int len;
 
-  len = i2d_RSAPublicKey(pk->key, &buf);
+  len = i2d_RSAPublicKey((RSA*)pk->key, &buf);
   if (len < 0 || buf == NULL)
     return -1;
   if (crypto_digest(digest_out, (char*)buf, len) < 0) {
@@ -1316,7 +1426,7 @@ crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out)
 /** Compute all digests of the DER encoding of <b>pk</b>, and store them
  * in <b>digests_out</b>.  Return 0 on success, -1 on failure. */
 int
-crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out)
+crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
 {
   unsigned char *buf = NULL;
   int len;
@@ -1324,7 +1434,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out)
   len = i2d_RSAPublicKey(pk->key, &buf);
   if (len < 0 || buf == NULL)
     return -1;
-  if (crypto_digest_all(digests_out, (char*)buf, len) < 0) {
+  if (crypto_common_digests(digests_out, (char*)buf, len) < 0) {
     OPENSSL_free(buf);
     return -1;
   }
@@ -1333,7 +1443,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out)
 }
 
 /** Copy <b>in</b> to the <b>outlen</b>-byte buffer <b>out</b>, adding spaces
- * every four spaces. */
+ * every four characters. */
 void
 crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in)
 {
@@ -1401,6 +1511,78 @@ crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out)
   return 0;
 }
 
+/** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
+ * Base64 encoding of the DER representation of the private key as a NUL
+ * terminated string, and return it via <b>priv_out</b>.  Return 0 on
+ * sucess, -1 on failure.
+ *
+ * It is the caller's responsibility to sanitize and free the resulting buffer.
+ */
+int
+crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
+{
+  unsigned char *der = NULL;
+  int der_len;
+  int ret = -1;
+
+  *priv_out = NULL;
+
+  der_len = i2d_RSAPrivateKey(pk->key, &der);
+  if (der_len < 0 || der == NULL)
+    return ret;
+
+  size_t priv_len = base64_encode_size(der_len, 0) + 1;
+  char *priv = tor_malloc_zero(priv_len);
+  if (base64_encode(priv, priv_len, (char *)der, der_len, 0) >= 0) {
+    *priv_out = priv;
+    ret = 0;
+  } else {
+    tor_free(priv);
+  }
+
+  memwipe(der, 0, der_len);
+  OPENSSL_free(der);
+  return ret;
+}
+
+/** Given a string containing the Base64 encoded DER representation of the
+ * private key <b>str</b>, decode and return the result on success, or NULL
+ * on failure.
+ */
+crypto_pk_t *
+crypto_pk_base64_decode(const char *str, size_t len)
+{
+  crypto_pk_t *pk = NULL;
+
+  char *der = tor_malloc_zero(len + 1);
+  int der_len = base64_decode(der, len, str, len);
+  if (der_len <= 0) {
+    log_warn(LD_CRYPTO, "Stored RSA private key seems corrupted (base64).");
+    goto out;
+  }
+
+  const unsigned char *dp = (unsigned char*)der; /* Shut the compiler up. */
+  RSA *rsa = d2i_RSAPrivateKey(NULL, &dp, der_len);
+  if (!rsa) {
+    crypto_log_errors(LOG_WARN, "decoding private key");
+    goto out;
+  }
+
+  pk = crypto_new_pk_from_rsa_(rsa);
+
+  /* Make sure it's valid. */
+  if (crypto_pk_check_key(pk) <= 0) {
+    crypto_pk_free(pk);
+    pk = NULL;
+    goto out;
+  }
+
+ out:
+  memwipe(der, 0, len + 1);
+  tor_free(der);
+  return pk;
+}
+
 /* symmetric crypto */
 
 /** Return a pointer to the key set for the cipher in <b>env</b>.
@@ -1413,7 +1595,7 @@ crypto_cipher_get_key(crypto_cipher_t *env)
 
 /** Encrypt <b>fromlen</b> bytes from <b>from</b> using the cipher
  * <b>env</b>; on success, store the result to <b>to</b> and return 0.
- * On failure, return -1.
+ * Does not check for failure.
  */
 int
 crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
@@ -1426,13 +1608,14 @@ crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
   tor_assert(to);
   tor_assert(fromlen < SIZE_T_CEILING);
 
-  aes_crypt(env->cipher, from, fromlen, to);
+  memcpy(to, from, fromlen);
+  aes_crypt_inplace(env->cipher, to, fromlen);
   return 0;
 }
 
 /** Decrypt <b>fromlen</b> bytes from <b>from</b> using the cipher
  * <b>env</b>; on success, store the result to <b>to</b> and return 0.
- * On failure, return -1.
+ * Does not check for failure.
  */
 int
 crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
@@ -1443,19 +1626,19 @@ crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
   tor_assert(to);
   tor_assert(fromlen < SIZE_T_CEILING);
 
-  aes_crypt(env->cipher, from, fromlen, to);
+  memcpy(to, from, fromlen);
+  aes_crypt_inplace(env->cipher, to, fromlen);
   return 0;
 }
 
 /** Encrypt <b>len</b> bytes on <b>from</b> using the cipher in <b>env</b>;
- * on success, return 0.  On failure, return -1.
+ * on success. Does not check for failure.
  */
-int
+void
 crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *buf, size_t len)
 {
   tor_assert(len < SIZE_T_CEILING);
   aes_crypt_inplace(env->cipher, buf, len);
-  return 0;
 }
 
 /** Encrypt <b>fromlen</b> bytes (at least 1) from <b>from</b> with the key in
@@ -1520,7 +1703,7 @@ crypto_cipher_decrypt_with_iv(const char *key,
 
 /** Compute the SHA1 digest of the <b>len</b> bytes on data stored in
  * <b>m</b>.  Write the DIGEST_LEN byte result into <b>digest</b>.
- * Return 0 on success, -1 on failure.
+ * Return 0 on success, 1 on failure.
  */
 int
 crypto_digest(char *digest, const char *m, size_t len)
@@ -1532,32 +1715,52 @@ crypto_digest(char *digest, const char *m, size_t len)
 
 /** Compute a 256-bit digest of <b>len</b> bytes in data stored in <b>m</b>,
  * using the algorithm <b>algorithm</b>.  Write the DIGEST_LEN256-byte result
- * into <b>digest</b>.  Return 0 on success, -1 on failure. */
+ * into <b>digest</b>.  Return 0 on success, 1 on failure. */
 int
 crypto_digest256(char *digest, const char *m, size_t len,
                  digest_algorithm_t algorithm)
 {
   tor_assert(m);
   tor_assert(digest);
-  tor_assert(algorithm == DIGEST_SHA256);
-  return (SHA256((const unsigned char*)m,len,(unsigned char*)digest) == NULL);
+  tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
+  if (algorithm == DIGEST_SHA256)
+    return (SHA256((const uint8_t*)m,len,(uint8_t*)digest) == NULL);
+  else
+    return (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len)
+            == -1);
+}
+
+/** Compute a 512-bit digest of <b>len</b> bytes in data stored in <b>m</b>,
+ * using the algorithm <b>algorithm</b>.  Write the DIGEST_LEN512-byte result
+ * into <b>digest</b>.  Return 0 on success, 1 on failure. */
+int
+crypto_digest512(char *digest, const char *m, size_t len,
+                 digest_algorithm_t algorithm)
+{
+  tor_assert(m);
+  tor_assert(digest);
+  tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
+  if (algorithm == DIGEST_SHA512)
+    return (SHA512((const unsigned char*)m,len,(unsigned char*)digest)
+            == NULL);
+  else
+    return (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len)
+            == -1);
 }
 
-/** Set the digests_t in <b>ds_out</b> to contain every digest on the
+/** Set the common_digests_t in <b>ds_out</b> to contain every digest on the
  * <b>len</b> bytes in <b>m</b> that we know how to compute.  Return 0 on
  * success, -1 on failure. */
 int
-crypto_digest_all(digests_t *ds_out, const char *m, size_t len)
+crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
 {
-  int i;
   tor_assert(ds_out);
   memset(ds_out, 0, sizeof(*ds_out));
   if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
     return -1;
-  for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) {
-    if (crypto_digest256(ds_out->d[i], m, len, i) < 0)
-      return -1;
-  }
+  if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0)
+    return -1;
+
   return 0;
 }
 
@@ -1570,6 +1773,12 @@ crypto_digest_algorithm_get_name(digest_algorithm_t alg)
       return "sha1";
     case DIGEST_SHA256:
       return "sha256";
+    case DIGEST_SHA512:
+      return "sha512";
+    case DIGEST_SHA3_256:
+      return "sha3-256";
+    case DIGEST_SHA3_512:
+      return "sha3-512";
     default:
       tor_fragile_assert();
       return "??unknown_digest??";
@@ -1585,27 +1794,90 @@ crypto_digest_algorithm_parse_name(const char *name)
     return DIGEST_SHA1;
   else if (!strcmp(name, "sha256"))
     return DIGEST_SHA256;
+  else if (!strcmp(name, "sha512"))
+    return DIGEST_SHA512;
+  else if (!strcmp(name, "sha3-256"))
+    return DIGEST_SHA3_256;
+  else if (!strcmp(name, "sha3-512"))
+    return DIGEST_SHA3_512;
   else
     return -1;
 }
 
+/** Given an algorithm, return the digest length in bytes. */
+static inline size_t
+crypto_digest_algorithm_get_length(digest_algorithm_t alg)
+{
+  switch (alg) {
+    case DIGEST_SHA1:
+      return DIGEST_LEN;
+    case DIGEST_SHA256:
+      return DIGEST256_LEN;
+    case DIGEST_SHA512:
+      return DIGEST512_LEN;
+    case DIGEST_SHA3_256:
+      return DIGEST256_LEN;
+    case DIGEST_SHA3_512:
+      return DIGEST512_LEN;
+    default:
+      tor_assert(0);
+      return 0; /* Unreachable */
+  }
+}
+
 /** Intermediate information about the digest of a stream of data. */
 struct crypto_digest_t {
+  digest_algorithm_t algorithm; /**< Which algorithm is in use? */
+   /** State for the digest we're using.  Only one member of the
+    * union is usable, depending on the value of <b>algorithm</b>. Note also
+    * that space for other members might not even be allocated!
+    */
   union {
     SHA_CTX sha1; /**< state for SHA1 */
     SHA256_CTX sha2; /**< state for SHA256 */
-  } d; /**< State for the digest we're using.  Only one member of the
-        * union is usable, depending on the value of <b>algorithm</b>. */
-  digest_algorithm_bitfield_t algorithm : 8; /**< Which algorithm is in use? */
+    SHA512_CTX sha512; /**< state for SHA512 */
+    keccak_state sha3; /**< state for SHA3-[256,512] */
+  } d;
 };
 
+/**
+ * Return the number of bytes we need to malloc in order to get a
+ * crypto_digest_t for <b>alg</b>, or the number of bytes we need to wipe
+ * when we free one.
+ */
+static size_t
+crypto_digest_alloc_bytes(digest_algorithm_t alg)
+{
+  /* Helper: returns the number of bytes in the 'f' field of 'st' */
+#define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f ))
+  /* Gives the length of crypto_digest_t through the end of the field 'd' */
+#define END_OF_FIELD(f) (STRUCT_OFFSET(crypto_digest_t, f) + \
+                         STRUCT_FIELD_SIZE(crypto_digest_t, f))
+  switch (alg) {
+    case DIGEST_SHA1:
+      return END_OF_FIELD(d.sha1);
+    case DIGEST_SHA256:
+      return END_OF_FIELD(d.sha2);
+    case DIGEST_SHA512:
+      return END_OF_FIELD(d.sha512);
+    case DIGEST_SHA3_256:
+    case DIGEST_SHA3_512:
+      return END_OF_FIELD(d.sha3);
+    default:
+      tor_assert(0);
+      return 0;
+  }
+#undef END_OF_FIELD
+#undef STRUCT_FIELD_SIZE
+}
+
 /** Allocate and return a new digest object to compute SHA1 digests.
  */
 crypto_digest_t *
 crypto_digest_new(void)
 {
   crypto_digest_t *r;
-  r = tor_malloc(sizeof(crypto_digest_t));
+  r = tor_malloc(crypto_digest_alloc_bytes(DIGEST_SHA1));
   SHA1_Init(&r->d.sha1);
   r->algorithm = DIGEST_SHA1;
   return r;
@@ -1617,9 +1889,28 @@ crypto_digest_t *
 crypto_digest256_new(digest_algorithm_t algorithm)
 {
   crypto_digest_t *r;
-  tor_assert(algorithm == DIGEST_SHA256);
-  r = tor_malloc(sizeof(crypto_digest_t));
-  SHA256_Init(&r->d.sha2);
+  tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
+  r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
+  if (algorithm == DIGEST_SHA256)
+    SHA256_Init(&r->d.sha2);
+  else
+    keccak_digest_init(&r->d.sha3, 256);
+  r->algorithm = algorithm;
+  return r;
+}
+
+/** Allocate and return a new digest object to compute 512-bit digests
+ * using <b>algorithm</b>. */
+crypto_digest_t *
+crypto_digest512_new(digest_algorithm_t algorithm)
+{
+  crypto_digest_t *r;
+  tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
+  r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
+  if (algorithm == DIGEST_SHA512)
+    SHA512_Init(&r->d.sha512);
+  else
+    keccak_digest_init(&r->d.sha3, 512);
   r->algorithm = algorithm;
   return r;
 }
@@ -1631,7 +1922,8 @@ crypto_digest_free(crypto_digest_t *digest)
 {
   if (!digest)
     return;
-  memwipe(digest, 0, sizeof(crypto_digest_t));
+  size_t bytes = crypto_digest_alloc_bytes(digest->algorithm);
+  memwipe(digest, 0, bytes);
   tor_free(digest);
 }
 
@@ -1655,6 +1947,13 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
     case DIGEST_SHA256:
       SHA256_Update(&digest->d.sha2, (void*)data, len);
       break;
+    case DIGEST_SHA512:
+      SHA512_Update(&digest->d.sha512, (void*)data, len);
+      break;
+    case DIGEST_SHA3_256: /* FALLSTHROUGH */
+    case DIGEST_SHA3_512:
+      keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len);
+      break;
     default:
       tor_fragile_assert();
       break;
@@ -1663,33 +1962,45 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
 
 /** Compute the hash of the data that has been passed to the digest
  * object; write the first out_len bytes of the result to <b>out</b>.
- * <b>out_len</b> must be \<= DIGEST256_LEN.
+ * <b>out_len</b> must be \<= DIGEST512_LEN.
  */
 void
 crypto_digest_get_digest(crypto_digest_t *digest,
                          char *out, size_t out_len)
 {
-  unsigned char r[DIGEST256_LEN];
+  unsigned char r[DIGEST512_LEN];
   crypto_digest_t tmpenv;
   tor_assert(digest);
   tor_assert(out);
+  tor_assert(out_len <= crypto_digest_algorithm_get_length(digest->algorithm));
+
+  /* The SHA-3 code handles copying into a temporary ctx, and also can handle
+   * short output buffers by truncating appropriately. */
+  if (digest->algorithm == DIGEST_SHA3_256 ||
+      digest->algorithm == DIGEST_SHA3_512) {
+    keccak_digest_sum(&digest->d.sha3, (uint8_t *)out, out_len);
+    return;
+  }
+
+  const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
   /* memcpy into a temporary ctx, since SHA*_Final clears the context */
-  memcpy(&tmpenv, digest, sizeof(crypto_digest_t));
+  memcpy(&tmpenv, digest, alloc_bytes);
   switch (digest->algorithm) {
     case DIGEST_SHA1:
-      tor_assert(out_len <= DIGEST_LEN);
       SHA1_Final(r, &tmpenv.d.sha1);
       break;
     case DIGEST_SHA256:
-      tor_assert(out_len <= DIGEST256_LEN);
       SHA256_Final(r, &tmpenv.d.sha2);
       break;
+    case DIGEST_SHA512:
+      SHA512_Final(r, &tmpenv.d.sha512);
+      break;
+    case DIGEST_SHA3_256: /* FALLSTHROUGH */
+    case DIGEST_SHA3_512:
+      log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm);
+      tor_assert(0); /* This is fatal, because it should never happen. */
     default:
-      log_warn(LD_BUG, "Called with unknown algorithm %d", digest->algorithm);
-      /* If fragile_assert is not enabled, then we should at least not
-       * leak anything. */
-      memset(r, 0xff, sizeof(r));
-      tor_fragile_assert();
+      tor_assert(0); /* Unreachable. */
       break;
   }
   memcpy(out, r, out_len);
@@ -1702,15 +2013,14 @@ crypto_digest_get_digest(crypto_digest_t *digest,
 crypto_digest_t *
 crypto_digest_dup(const crypto_digest_t *digest)
 {
-  crypto_digest_t *r;
   tor_assert(digest);
-  r = tor_malloc(sizeof(crypto_digest_t));
-  memcpy(r,digest,sizeof(crypto_digest_t));
-  return r;
+  const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
+  return tor_memdup(digest, alloc_bytes);
 }
 
 /** Replace the state of the digest object <b>into</b> with the state
- * of the digest object <b>from</b>.
+ * of the digest object <b>from</b>.  Requires that 'into' and 'from'
+ * have the same digest type.
  */
 void
 crypto_digest_assign(crypto_digest_t *into,
@@ -1718,46 +2028,138 @@ crypto_digest_assign(crypto_digest_t *into,
 {
   tor_assert(into);
   tor_assert(from);
-  memcpy(into,from,sizeof(crypto_digest_t));
+  tor_assert(into->algorithm == from->algorithm);
+  const size_t alloc_bytes = crypto_digest_alloc_bytes(from->algorithm);
+  memcpy(into,from,alloc_bytes);
 }
 
 /** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
  * at <b>digest_out</b> to the hash of the concatenation of those strings,
  * plus the optional string <b>append</b>, computed with the algorithm
  * <b>alg</b>.
- * <b>out_len</b> must be \<= DIGEST256_LEN. */
+ * <b>out_len</b> must be \<= DIGEST512_LEN. */
 void
 crypto_digest_smartlist(char *digest_out, size_t len_out,
-                        const smartlist_t *lst, const char *append,
+                        const smartlist_t *lst,
+                        const char *append,
                         digest_algorithm_t alg)
 {
-  crypto_digest_t *d;
-  if (alg == DIGEST_SHA1)
-    d = crypto_digest_new();
-  else
-    d = crypto_digest256_new(alg);
+  crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg);
+}
+
+/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
+ * at <b>digest_out</b> to the hash of the concatenation of: the
+ * optional string <b>prepend</b>, those strings,
+ * and the optional string <b>append</b>, computed with the algorithm
+ * <b>alg</b>.
+ * <b>len_out</b> must be \<= DIGEST512_LEN. */
+void
+crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
+                        const char *prepend,
+                        const smartlist_t *lst,
+                        const char *append,
+                        digest_algorithm_t alg)
+{
+  crypto_digest_t *d = NULL;
+  switch (alg) {
+    case DIGEST_SHA1:
+      d = crypto_digest_new();
+      break;
+    case DIGEST_SHA256: /* FALLSTHROUGH */
+    case DIGEST_SHA3_256:
+      d = crypto_digest256_new(alg);
+      break;
+    case DIGEST_SHA512: /* FALLSTHROUGH */
+    case DIGEST_SHA3_512:
+      d = crypto_digest512_new(alg);
+      break;
+    default:
+      log_warn(LD_BUG, "Called with unknown algorithm %d", alg);
+      /* If fragile_assert is not enabled, wipe output and return
+       * without running any calculations */
+      memwipe(digest_out, 0xff, len_out);
+      tor_fragile_assert();
+      goto free;
+  }
+  if (prepend)
+    crypto_digest_add_bytes(d, prepend, strlen(prepend));
   SMARTLIST_FOREACH(lst, const char *, cp,
                     crypto_digest_add_bytes(d, cp, strlen(cp)));
   if (append)
     crypto_digest_add_bytes(d, append, strlen(append));
   crypto_digest_get_digest(d, digest_out, len_out);
+
+ free:
   crypto_digest_free(d);
 }
 
 /** Compute the HMAC-SHA-256 of the <b>msg_len</b> bytes in <b>msg</b>, using
  * the <b>key</b> of length <b>key_len</b>.  Store the DIGEST256_LEN-byte
- * result in <b>hmac_out</b>.
+ * result in <b>hmac_out</b>. Asserts on failure.
  */
 void
 crypto_hmac_sha256(char *hmac_out,
                    const char *key, size_t key_len,
                    const char *msg, size_t msg_len)
 {
+  unsigned char *rv = NULL;
   /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
   tor_assert(key_len < INT_MAX);
   tor_assert(msg_len < INT_MAX);
-  HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
-       (unsigned char*)hmac_out, NULL);
+  tor_assert(hmac_out);
+  rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
+            (unsigned char*)hmac_out, NULL);
+  tor_assert(rv);
+}
+
+/** Internal state for a eXtendable-Output Function (XOF). */
+struct crypto_xof_t {
+  keccak_state s;
+};
+
+/** Allocate a new XOF object backed by SHAKE-256.  The security level
+ * provided is a function of the length of the output used.  Read and
+ * understand FIPS-202 A.2 "Additional Consideration for Extendable-Output
+ * Functions" before using this construct.
+ */
+crypto_xof_t *
+crypto_xof_new(void)
+{
+  crypto_xof_t *xof;
+  xof = tor_malloc(sizeof(crypto_xof_t));
+  keccak_xof_init(&xof->s, 256);
+  return xof;
+}
+
+/** Absorb bytes into a XOF object.  Must not be called after a call to
+ * crypto_xof_squeeze_bytes() for the same instance, and will assert
+ * if attempted.
+ */
+void
+crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len)
+{
+  int i = keccak_xof_absorb(&xof->s, data, len);
+  tor_assert(i == 0);
+}
+
+/** Squeeze bytes out of a XOF object.  Calling this routine will render
+ * the XOF instance ineligible to absorb further data.
+ */
+void
+crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len)
+{
+  int i = keccak_xof_squeeze(&xof->s, out, len);
+  tor_assert(i == 0);
+}
+
+/** Cleanse and deallocate a XOF object. */
+void
+crypto_xof_free(crypto_xof_t *xof)
+{
+  if (!xof)
+    return;
+  memwipe(xof, 0, sizeof(crypto_xof_t));
+  tor_free(xof);
 }
 
 /* DH */
@@ -1772,231 +2174,87 @@ static BIGNUM *dh_param_p_tls = NULL;
 /** Shared G parameter for our DH key exchanges. */
 static BIGNUM *dh_param_g = NULL;
 
-/** Generate and return a reasonable and safe DH parameter p. */
-static BIGNUM *
-crypto_generate_dynamic_dh_modulus(void)
-{
-  BIGNUM *dynamic_dh_modulus;
-  DH *dh_parameters;
-  int r, dh_codes;
-  char *s;
-
-  dynamic_dh_modulus = BN_new();
-  tor_assert(dynamic_dh_modulus);
-
-  dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL);
-  tor_assert(dh_parameters);
-
-  r = DH_check(dh_parameters, &dh_codes);
-  tor_assert(r && !dh_codes);
-
-  BN_copy(dynamic_dh_modulus, dh_parameters->p);
-  tor_assert(dynamic_dh_modulus);
-
-  DH_free(dh_parameters);
-
-  { /* log the dynamic DH modulus: */
-    s = BN_bn2hex(dynamic_dh_modulus);
-    tor_assert(s);
-    log_info(LD_OR, "Dynamic DH modulus generated: [%s]", s);
-    OPENSSL_free(s);
-  }
-
-  return dynamic_dh_modulus;
-}
-
-/** Store our dynamic DH modulus (and its group parameters) to
-    <b>fname</b> for future use. */
+/** Validate a given set of Diffie-Hellman parameters.  This is moderately
+ * computationally expensive (milliseconds), so should only be called when
+ * the DH parameters change. Returns 0 on success, * -1 on failure.
+ */
 static int
-crypto_store_dynamic_dh_modulus(const char *fname)
+crypto_validate_dh_params(const BIGNUM *p, const BIGNUM *g)
 {
-  int len, new_len;
   DH *dh = NULL;
-  unsigned char *dh_string_repr = NULL;
-  char *base64_encoded_dh = NULL;
-  char *file_string = NULL;
-  int retval = -1;
-  static const char file_header[] = "# This file contains stored Diffie-"
-    "Hellman parameters for future use.\n# You *do not* need to edit this "
-    "file.\n\n";
-
-  tor_assert(fname);
-
-  if (!dh_param_p_tls) {
-    log_info(LD_CRYPTO, "Tried to store a DH modulus that does not exist.");
-    goto done;
-  }
+  int ret = -1;
 
+  /* Copy into a temporary DH object, just so that DH_check() can be called. */
   if (!(dh = DH_new()))
-    goto done;
-  if (!(dh->p = BN_dup(dh_param_p_tls)))
-    goto done;
-  if (!(dh->g = BN_new()))
-    goto done;
-  if (!BN_set_word(dh->g, DH_GENERATOR))
-    goto done;
-
-  len = i2d_DHparams(dh, &dh_string_repr);
-  if ((len < 0) || (dh_string_repr == NULL)) {
-    log_warn(LD_CRYPTO, "Error occured while DER encoding DH modulus (2).");
-    goto done;
-  }
-
-  base64_encoded_dh = tor_malloc_zero(len * 2); /* should be enough */
-  new_len = base64_encode(base64_encoded_dh, len * 2,
-                          (char *)dh_string_repr, len);
-  if (new_len < 0) {
-    log_warn(LD_CRYPTO, "Error occured while base64-encoding DH modulus.");
-    goto done;
-  }
-
-  /* concatenate file header and the dh parameters blob */
-  new_len = tor_asprintf(&file_string, "%s%s", file_header, base64_encoded_dh);
+      goto out;
+#ifdef OPENSSL_1_1_API
+  BIGNUM *dh_p, *dh_g;
+  if (!(dh_p = BN_dup(p)))
+    goto out;
+  if (!(dh_g = BN_dup(g)))
+    goto out;
+  if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
+    goto out;
+#else
+  if (!(dh->p = BN_dup(p)))
+    goto out;
+  if (!(dh->g = BN_dup(g)))
+    goto out;
+#endif
 
-  /* write to file */
-  if (write_bytes_to_new_file(fname, file_string, new_len, 0) < 0) {
-    log_info(LD_CRYPTO, "'%s' was already occupied.", fname);
-    goto done;
+  /* Perform the validation. */
+  int codes = 0;
+  if (!DH_check(dh, &codes))
+    goto out;
+  if (BN_is_word(g, DH_GENERATOR_2)) {
+    /* Per https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
+     *
+     * OpenSSL checks the prime is congruent to 11 when g = 2; while the
+     * IETF's primes are congruent to 23 when g = 2.
+     */
+    BN_ULONG residue = BN_mod_word(p, 24);
+    if (residue == 11 || residue == 23)
+      codes &= ~DH_NOT_SUITABLE_GENERATOR;
   }
+  if (codes != 0) /* Specifics on why the params suck is irrelevant. */
+    goto out;
 
-  retval = 0;
+  /* Things are probably not evil. */
+  ret = 0;
 
- done:
+ out:
   if (dh)
     DH_free(dh);
-  if (dh_string_repr)
-    OPENSSL_free(dh_string_repr);
-  tor_free(base64_encoded_dh);
-  tor_free(file_string);
-
-  return retval;
+  return ret;
 }
 
-/** Return the dynamic DH modulus stored in <b>fname</b>. If there is no
-    dynamic DH modulus stored in <b>fname</b>, return NULL. */
-static BIGNUM *
-crypto_get_stored_dynamic_dh_modulus(const char *fname)
+/** Set the global Diffie-Hellman generator, used for both TLS and internal
+ * DH stuff.
+ */
+static void
+crypto_set_dh_generator(void)
 {
-  int retval;
-  char *contents = NULL;
-  const char *contents_tmp = NULL;
-  int dh_codes;
-  DH *stored_dh = NULL;
-  BIGNUM *dynamic_dh_modulus = NULL;
-  int length = 0;
-  unsigned char *base64_decoded_dh = NULL;
-  const unsigned char *cp = NULL;
-
-  tor_assert(fname);
-
-  contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
-  if (!contents) {
-    log_info(LD_CRYPTO, "Could not open file '%s'", fname);
-    goto done; /*usually means that ENOENT. don't try to move file to broken.*/
-  }
-
-  /* skip the file header */
-  contents_tmp = eat_whitespace(contents);
-  if (!*contents_tmp) {
-    log_warn(LD_CRYPTO, "Stored dynamic DH modulus file "
-             "seems corrupted (eat_whitespace).");
-    goto err;
-  }
-
-  /* 'fname' contains the DH parameters stored in base64-ed DER
-   *  format. We are only interested in the DH modulus.
-   *  NOTE: We allocate more storage here than we need. Since we're already
-   *  doing that, we can also add 1 byte extra to appease Coverity's
-   *  scanner. */
-
-  cp = base64_decoded_dh = tor_malloc_zero(strlen(contents_tmp) + 1);
-  length = base64_decode((char *)base64_decoded_dh, strlen(contents_tmp),
-                         contents_tmp, strlen(contents_tmp));
-  if (length < 0) {
-    log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (base64).");
-    goto err;
-  }
-
-  stored_dh = d2i_DHparams(NULL, &cp, length);
-  if ((!stored_dh) || (cp - base64_decoded_dh != length)) {
-    log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (d2i).");
-    goto err;
-  }
-
-  { /* check the cryptographic qualities of the stored dynamic DH modulus: */
-    retval = DH_check(stored_dh, &dh_codes);
-    if (!retval || dh_codes) {
-      log_warn(LD_CRYPTO, "Stored dynamic DH modulus is not a safe prime.");
-      goto err;
-    }
-
-    retval = DH_size(stored_dh);
-    if (retval < DH_BYTES) {
-      log_warn(LD_CRYPTO, "Stored dynamic DH modulus is smaller "
-               "than '%d' bits.", DH_BYTES*8);
-      goto err;
-    }
-
-    if (!BN_is_word(stored_dh->g, 2)) {
-      log_warn(LD_CRYPTO, "Stored dynamic DH parameters do not use '2' "
-               "as the group generator.");
-      goto err;
-    }
-  }
-
-  { /* log the dynamic DH modulus: */
-    char *s = BN_bn2hex(stored_dh->p);
-    tor_assert(s);
-    log_info(LD_OR, "Found stored dynamic DH modulus: [%s]", s);
-    OPENSSL_free(s);
-  }
-
-  goto done;
-
- err:
-
-  {
-    /* move broken prime to $filename.broken */
-    char *fname_new=NULL;
-    tor_asprintf(&fname_new, "%s.broken", fname);
-
-    log_warn(LD_CRYPTO, "Moving broken dynamic DH prime to '%s'.", fname_new);
-
-    if (replace_file(fname, fname_new))
-      log_notice(LD_CRYPTO, "Error while moving '%s' to '%s'.",
-                 fname, fname_new);
-
-    tor_free(fname_new);
-  }
+  BIGNUM *generator;
+  int r;
 
-  if (stored_dh) {
-    DH_free(stored_dh);
-    stored_dh = NULL;
-  }
+  if (dh_param_g)
+    return;
 
- done:
-  tor_free(contents);
-  tor_free(base64_decoded_dh);
+  generator = BN_new();
+  tor_assert(generator);
 
-  if (stored_dh) {
-    dynamic_dh_modulus = BN_dup(stored_dh->p);
-    DH_free(stored_dh);
-  }
+  r = BN_set_word(generator, DH_GENERATOR);
+  tor_assert(r);
 
-  return dynamic_dh_modulus;
+  dh_param_g = generator;
 }
 
-/** Set the global TLS Diffie-Hellman modulus.
- * If <b>dynamic_dh_modulus_fname</b> is set, try to read a dynamic DH modulus
- * off it and use it as the DH modulus. If that's not possible,
- * generate a new dynamic DH modulus.
- * If <b>dynamic_dh_modulus_fname</b> is NULL, use the Apache mod_ssl DH
+/** Set the global TLS Diffie-Hellman modulus.  Use the Apache mod_ssl DH
  * modulus. */
 void
-crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
+crypto_set_tls_dh_prime(void)
 {
   BIGNUM *tls_prime = NULL;
-  int store_dh_prime_afterwards = 0;
   int r;
 
   /* If the space is occupied, free the previous TLS DH prime */
@@ -2005,44 +2263,26 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
     dh_param_p_tls = NULL;
   }
 
-  if (dynamic_dh_modulus_fname) { /* use dynamic DH modulus: */
-    log_info(LD_OR, "Using stored dynamic DH modulus.");
-    tls_prime = crypto_get_stored_dynamic_dh_modulus(dynamic_dh_modulus_fname);
-
-    if (!tls_prime) {
-      log_notice(LD_OR, "Generating fresh dynamic DH modulus. "
-                 "This might take a while...");
-      tls_prime = crypto_generate_dynamic_dh_modulus();
-
-      store_dh_prime_afterwards++;
-    }
-  } else { /* use the static DH prime modulus used by Apache in mod_ssl: */
-    tls_prime = BN_new();
-    tor_assert(tls_prime);
+  tls_prime = BN_new();
+  tor_assert(tls_prime);
 
-    /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
-     * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
-     * prime.
-     */
-    r =BN_hex2bn(&tls_prime,
-                 "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
-                 "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
-                 "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
-                 "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
-                 "B0E7393E0F24218EB3");
-    tor_assert(r);
-  }
+  /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
+   * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
+   * prime.
+   */
+  r = BN_hex2bn(&tls_prime,
+               "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
+               "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
+               "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
+               "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
+               "B0E7393E0F24218EB3");
+  tor_assert(r);
 
   tor_assert(tls_prime);
 
   dh_param_p_tls = tls_prime;
-
-  if (store_dh_prime_afterwards)
-    /* save the new dynamic DH modulus to disk. */
-    if (crypto_store_dynamic_dh_modulus(dynamic_dh_modulus_fname)) {
-      log_notice(LD_CRYPTO, "Failed while storing dynamic DH modulus. "
-                 "Make sure your data directory is sane.");
-    }
+  crypto_set_dh_generator();
+  tor_assert(0 == crypto_validate_dh_params(dh_param_p_tls, dh_param_g));
 }
 
 /** Initialize dh_param_p and dh_param_g if they are not already
@@ -2050,18 +2290,13 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
 static void
 init_dh_param(void)
 {
-  BIGNUM *circuit_dh_prime, *generator;
+  BIGNUM *circuit_dh_prime;
   int r;
   if (dh_param_p && dh_param_g)
     return;
 
   circuit_dh_prime = BN_new();
-  generator = BN_new();
-  tor_assert(circuit_dh_prime && generator);
-
-  /* Set our generator for all DH parameters */
-  r = BN_set_word(generator, DH_GENERATOR);
-  tor_assert(r);
+  tor_assert(circuit_dh_prime);
 
   /* This is from rfc2409, section 6.2.  It's a safe prime, and
      supposedly it equals:
@@ -2077,12 +2312,11 @@ init_dh_param(void)
 
   /* Set the new values as the global DH parameters. */
   dh_param_p = circuit_dh_prime;
-  dh_param_g = generator;
+  crypto_set_dh_generator();
+  tor_assert(0 == crypto_validate_dh_params(dh_param_p, dh_param_g));
 
-  /* Ensure that we have TLS DH parameters set up, too, even if we're
-     going to change them soon. */
   if (!dh_param_p_tls) {
-    crypto_set_tls_dh_prime(NULL);
+    crypto_set_tls_dh_prime();
   }
 }
 
@@ -2092,7 +2326,8 @@ init_dh_param(void)
  */
 #define DH_PRIVATE_KEY_BITS 320
 
-/** Allocate and return a new DH object for a key exchange.
+/** Allocate and return a new DH object for a key exchange. Returns NULL on
+ * failure.
  */
 crypto_dh_t *
 crypto_dh_new(int dh_type)
@@ -2108,6 +2343,30 @@ crypto_dh_new(int dh_type)
   if (!(res->dh = DH_new()))
     goto err;
 
+#ifdef OPENSSL_1_1_API
+  BIGNUM *dh_p = NULL, *dh_g = NULL;
+
+  if (dh_type == DH_TYPE_TLS) {
+    dh_p = BN_dup(dh_param_p_tls);
+  } else {
+    dh_p = BN_dup(dh_param_p);
+  }
+  if (!dh_p)
+    goto err;
+
+  dh_g = BN_dup(dh_param_g);
+  if (!dh_g) {
+    BN_free(dh_p);
+    goto err;
+  }
+
+  if (!DH_set0_pqg(res->dh, dh_p, NULL, dh_g)) {
+    goto err;
+  }
+
+  if (!DH_set_length(res->dh, DH_PRIVATE_KEY_BITS))
+    goto err;
+#else
   if (dh_type == DH_TYPE_TLS) {
     if (!(res->dh->p = BN_dup(dh_param_p_tls)))
       goto err;
@@ -2120,6 +2379,7 @@ crypto_dh_new(int dh_type)
     goto err;
 
   res->dh->length = DH_PRIVATE_KEY_BITS;
+#endif
 
   return res;
  err:
@@ -2134,6 +2394,8 @@ crypto_dh_t *
 crypto_dh_dup(const crypto_dh_t *dh)
 {
   crypto_dh_t *dh_new = tor_malloc_zero(sizeof(crypto_dh_t));
+  tor_assert(dh);
+  tor_assert(dh->dh);
   dh_new->dh = dh->dh;
   DH_up_ref(dh->dh);
   return dh_new;
@@ -2154,11 +2416,26 @@ crypto_dh_get_bytes(crypto_dh_t *dh)
 int
 crypto_dh_generate_public(crypto_dh_t *dh)
 {
+#ifndef OPENSSL_1_1_API
  again:
+#endif
   if (!DH_generate_key(dh->dh)) {
     crypto_log_errors(LOG_WARN, "generating DH key");
     return -1;
   }
+#ifdef OPENSSL_1_1_API
+  /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without
+   * recreating the DH object.  I have no idea what sort of aliasing madness
+   * can occur here, so do the check, and just bail on failure.
+   */
+  const BIGNUM *pub_key, *priv_key;
+  DH_get0_key(dh->dh, &pub_key, &priv_key);
+  if (tor_check_dh_key(LOG_WARN, pub_key)<0) {
+    log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid.  I guess once-in-"
+             "the-universe chances really do happen.  Treating as a failure.");
+    return -1;
+  }
+#else
   if (tor_check_dh_key(LOG_WARN, dh->dh->pub_key)<0) {
     log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid.  I guess once-in-"
              "the-universe chances really do happen.  Trying again.");
@@ -2168,6 +2445,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
     dh->dh->pub_key = dh->dh->priv_key = NULL;
     goto again;
   }
+#endif
   return 0;
 }
 
@@ -2180,13 +2458,30 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
 {
   int bytes;
   tor_assert(dh);
-  if (!dh->dh->pub_key) {
+
+  const BIGNUM *dh_pub;
+
+#ifdef OPENSSL_1_1_API
+  const BIGNUM *dh_priv;
+  DH_get0_key(dh->dh, &dh_pub, &dh_priv);
+#else
+  dh_pub = dh->dh->pub_key;
+#endif
+
+  if (!dh_pub) {
     if (crypto_dh_generate_public(dh)<0)
       return -1;
+    else {
+#ifdef OPENSSL_1_1_API
+      DH_get0_key(dh->dh, &dh_pub, &dh_priv);
+#else
+      dh_pub = dh->dh->pub_key;
+#endif
+    }
   }
 
-  tor_assert(dh->dh->pub_key);
-  bytes = BN_num_bytes(dh->dh->pub_key);
+  tor_assert(dh_pub);
+  bytes = BN_num_bytes(dh_pub);
   tor_assert(bytes >= 0);
   if (pubkey_len < (size_t)bytes) {
     log_warn(LD_CRYPTO,
@@ -2196,7 +2491,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
   }
 
   memset(pubkey, 0, pubkey_len);
-  BN_bn2bin(dh->dh->pub_key, (unsigned char*)(pubkey+(pubkey_len-bytes)));
+  BN_bn2bin(dh_pub, (unsigned char*)(pubkey+(pubkey_len-bytes)));
 
   return 0;
 }
@@ -2206,7 +2501,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
  * See http://www.cl.cam.ac.uk/ftp/users/rja14/psandqs.ps.gz for some tips.
  */
 static int
-tor_check_dh_key(int severity, BIGNUM *bn)
+tor_check_dh_key(int severity, const BIGNUM *bn)
 {
   BIGNUM *x;
   char *s;
@@ -2313,7 +2608,7 @@ int
 crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len,
                                uint8_t *key_out, size_t key_out_len)
 {
-  int i;
+  int i, r = -1;
   uint8_t *cp, *tmp = tor_malloc(key_in_len+1);
   uint8_t digest[DIGEST_LEN];
 
@@ -2325,19 +2620,16 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len,
        ++i, cp += DIGEST_LEN) {
     tmp[key_in_len] = i;
     if (crypto_digest((char*)digest, (const char *)tmp, key_in_len+1))
-      goto err;
+      goto exit;
     memcpy(cp, digest, MIN(DIGEST_LEN, key_out_len-(cp-key_out)));
   }
-  memwipe(tmp, 0, key_in_len+1);
-  tor_free(tmp);
-  memwipe(digest, 0, sizeof(digest));
-  return 0;
 
- err:
+  r = 0;
+ exit:
   memwipe(tmp, 0, key_in_len+1);
   tor_free(tmp);
   memwipe(digest, 0, sizeof(digest));
-  return -1;
+  return r;
 }
 
 /** Expand some secret key material according to RFC5869, using SHA256 as the
@@ -2345,7 +2637,7 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len,
  * secret key material; the <b>salt_in_len</b> bytes at <b>salt_in</b> and the
  * <b>info_in_len</b> bytes in <b>info_in_len</b> are the algorithm's "salt"
  * and "info" parameters respectively.  On success, write <b>key_out_len</b>
- * bytes to <b>key_out</b> and return 0.  On failure, return -1.
+ * bytes to <b>key_out</b> and return 0.  Assert on failure.
  */
 int
 crypto_expand_key_material_rfc5869_sha256(
@@ -2419,15 +2711,6 @@ crypto_dh_free(crypto_dh_t *dh)
  * work for us too. */
 #define ADD_ENTROPY 32
 
-/** True iff it's safe to use RAND_poll after setup.
- *
- * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
- * would allocate an fd_set on the stack, open a new file, and try to FD_SET
- * that fd without checking whether it fit in the fd_set.  Thus, if the
- * system has not just been started up, it is unsafe to call */
-#define RAND_POLL_IS_SAFE                       \
-  (OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c'))
-
 /** Set the seed of the weak RNG to a random value. */
 void
 crypto_seed_weak_rng(tor_weak_rng_t *rng)
@@ -2438,30 +2721,23 @@ crypto_seed_weak_rng(tor_weak_rng_t *rng)
 }
 
 /** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
- * storing it into <b>out</b>.
+ * via system calls, storing it into <b>out</b>. Return 0 on success, -1 on
+ * failure.  A maximum request size of 256 bytes is imposed.
  */
-int
-crypto_strongest_rand(uint8_t *out, size_t out_len)
+static int
+crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
 {
-#ifdef _WIN32
+  tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
+
+#if defined(_WIN32)
   static int provider_set = 0;
   static HCRYPTPROV provider;
-#else
-  static const char *filenames[] = {
-    "/dev/srandom", "/dev/urandom", "/dev/random", NULL
-  };
-  int fd, i;
-  size_t n;
-#endif
 
-#ifdef _WIN32
   if (!provider_set) {
     if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
                              CRYPT_VERIFYCONTEXT)) {
-      if ((unsigned long)GetLastError() != (unsigned long)NTE_BAD_KEYSET) {
-        log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]");
-        return -1;
-      }
+      log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]");
+      return -1;
     }
     provider_set = 1;
   }
@@ -2471,7 +2747,84 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
   }
 
   return 0;
+#elif defined(__linux__) && defined(SYS_getrandom)
+  static int getrandom_works = 1; /* Be optimitic about our chances... */
+
+  /* getrandom() isn't as straight foward as getentropy(), and has
+   * no glibc wrapper.
+   *
+   * As far as I can tell from getrandom(2) and the source code, the
+   * requests we issue will always succeed (though it will block on the
+   * call if /dev/urandom isn't seeded yet), since we are NOT specifying
+   * GRND_NONBLOCK and the request is <= 256 bytes.
+   *
+   * The manpage is unclear on what happens if a signal interrupts the call
+   * while the request is blocked due to lack of entropy....
+   *
+   * We optimistically assume that getrandom() is available and functional
+   * because it is the way of the future, and 2 branch mispredicts pale in
+   * comparision to the overheads involved with failing to open
+   * /dev/srandom followed by opening and reading from /dev/urandom.
+   */
+  if (PREDICT_LIKELY(getrandom_works)) {
+    long ret;
+    /* A flag of '0' here means to read from '/dev/urandom', and to
+     * block if insufficient entropy is available to service the
+     * request.
+     */
+    const unsigned int flags = 0;
+    do {
+      ret = syscall(SYS_getrandom, out, out_len, flags);
+    } while (ret == -1 && ((errno == EINTR) ||(errno == EAGAIN)));
+
+    if (PREDICT_UNLIKELY(ret == -1)) {
+      tor_assert(errno != EAGAIN);
+      tor_assert(errno != EINTR);
+
+      /* Probably ENOSYS. */
+      log_warn(LD_CRYPTO, "Can't get entropy from getrandom().");
+      getrandom_works = 0; /* Don't bother trying again. */
+      return -1;
+    }
+
+    tor_assert(ret == (long)out_len);
+    return 0;
+  }
+
+  return -1; /* getrandom() previously failed unexpectedly. */
+#elif defined(HAVE_GETENTROPY)
+  /* getentropy() is what Linux's getrandom() wants to be when it grows up.
+   * the only gotcha is that requests are limited to 256 bytes.
+   */
+  return getentropy(out, out_len);
+#else
+  (void) out;
+#endif
+
+  /* This platform doesn't have a supported syscall based random. */
+  return -1;
+}
+
+/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * via the per-platform fallback mechanism, storing it into <b>out</b>.
+ * Return 0 on success, -1 on failure.  A maximum request size of 256 bytes
+ * is imposed.
+ */
+static int
+crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
+{
+#ifdef _WIN32
+  /* Windows exclusively uses crypto_strongest_rand_syscall(). */
+  (void)out;
+  (void)out_len;
+  return -1;
 #else
+  static const char *filenames[] = {
+    "/dev/srandom", "/dev/urandom", "/dev/random", NULL
+  };
+  int fd, i;
+  size_t n;
+
   for (i = 0; filenames[i]; ++i) {
     log_debug(LD_FS, "Opening %s for entropy", filenames[i]);
     fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0);
@@ -2489,17 +2842,98 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
     return 0;
   }
 
-  log_warn(LD_CRYPTO, "Cannot get strong entropy: no entropy source found.");
   return -1;
 #endif
 }
 
+/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * storing it into <b>out</b>. Return 0 on success, -1 on failure.  A maximum
+ * request size of 256 bytes is imposed.
+ */
+static int
+crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
+{
+  static const size_t sanity_min_size = 16;
+  static const int max_attempts = 3;
+  tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
+
+  /* For buffers >= 16 bytes (128 bits), we sanity check the output by
+   * zero filling the buffer and ensuring that it actually was at least
+   * partially modified.
+   *
+   * Checking that any individual byte is non-zero seems like it would
+   * fail too often (p = out_len * 1/256) for comfort, but this is an
+   * "adjust according to taste" sort of check.
+   */
+  memwipe(out, 0, out_len);
+  for (int i = 0; i < max_attempts; i++) {
+    /* Try to use the syscall/OS favored mechanism to get strong entropy. */
+    if (crypto_strongest_rand_syscall(out, out_len) != 0) {
+      /* Try to use the less-favored mechanism to get strong entropy. */
+      if (crypto_strongest_rand_fallback(out, out_len) != 0) {
+        /* Welp, we tried.  Hopefully the calling code terminates the process
+         * since we're basically boned without good entropy.
+         */
+        log_warn(LD_CRYPTO,
+                 "Cannot get strong entropy: no entropy source found.");
+        return -1;
+      }
+    }
+
+    if ((out_len < sanity_min_size) || !tor_mem_is_zero((char*)out, out_len))
+      return 0;
+  }
+
+  /* We tried max_attempts times to fill a buffer >= 128 bits long,
+   * and each time it returned all '0's.  Either the system entropy
+   * source is busted, or the user should go out and buy a ticket to
+   * every lottery on the planet.
+   */
+  log_warn(LD_CRYPTO, "Strong OS entropy returned all zero buffer.");
+  return -1;
+}
+
+/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * storing it into <b>out</b>.
+ */
+void
+crypto_strongest_rand(uint8_t *out, size_t out_len)
+{
+#define DLEN SHA512_DIGEST_LENGTH
+  /* We're going to hash DLEN bytes from the system RNG together with some
+   * bytes from the openssl PRNG, in order to yield DLEN bytes.
+   */
+  uint8_t inp[DLEN*2];
+  uint8_t tmp[DLEN];
+  tor_assert(out);
+  while (out_len) {
+    crypto_rand((char*) inp, DLEN);
+    if (crypto_strongest_rand_raw(inp+DLEN, DLEN) < 0) {
+      log_err(LD_CRYPTO, "Failed to load strong entropy when generating an "
+              "important key. Exiting.");
+      /* Die with an assertion so we get a stack trace. */
+      tor_assert(0);
+    }
+    if (out_len >= DLEN) {
+      SHA512(inp, sizeof(inp), out);
+      out += DLEN;
+      out_len -= DLEN;
+    } else {
+      SHA512(inp, sizeof(inp), tmp);
+      memcpy(out, tmp, out_len);
+      break;
+    }
+  }
+  memwipe(tmp, 0, sizeof(tmp));
+  memwipe(inp, 0, sizeof(inp));
+#undef DLEN
+}
+
 /** Seed OpenSSL's random number generator with bytes from the operating
- * system.  <b>startup</b> should be true iff we have just started Tor and
- * have not yet allocated a bunch of fds.  Return 0 on success, -1 on failure.
+ * system.  Return 0 on success, -1 on failure.
  */
 int
-crypto_seed_rng(int startup)
+crypto_seed_rng(void)
 {
   int rand_poll_ok = 0, load_entropy_ok = 0;
   uint8_t buf[ADD_ENTROPY];
@@ -2507,38 +2941,55 @@ crypto_seed_rng(int startup)
   /* OpenSSL has a RAND_poll function that knows about more kinds of
    * entropy than we do.  We'll try calling that, *and* calling our own entropy
    * functions.  If one succeeds, we'll accept the RNG as seeded. */
-  if (startup || RAND_POLL_IS_SAFE) {
-    rand_poll_ok = RAND_poll();
-    if (rand_poll_ok == 0)
-      log_warn(LD_CRYPTO, "RAND_poll() failed.");
-  }
+  rand_poll_ok = RAND_poll();
+  if (rand_poll_ok == 0)
+    log_warn(LD_CRYPTO, "RAND_poll() failed.");
 
-  load_entropy_ok = !crypto_strongest_rand(buf, sizeof(buf));
+  load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf));
   if (load_entropy_ok) {
     RAND_seed(buf, sizeof(buf));
   }
 
   memwipe(buf, 0, sizeof(buf));
 
-  if (rand_poll_ok || load_entropy_ok)
+  if ((rand_poll_ok || load_entropy_ok) && RAND_status() == 1)
     return 0;
   else
     return -1;
 }
 
-/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on
- * success, -1 on failure.
+/** Write <b>n</b> bytes of strong random data to <b>to</b>. Supports mocking
+ * for unit tests.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
  */
-MOCK_IMPL(int,
+MOCK_IMPL(void,
 crypto_rand, (char *to, size_t n))
 {
+  crypto_rand_unmocked(to, n);
+}
+
+/** Write <b>n</b> bytes of strong random data to <b>to</b>.  Most callers
+ * will want crypto_rand instead.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
+ */
+void
+crypto_rand_unmocked(char *to, size_t n)
+{
   int r;
+  if (n == 0)
+    return;
+
   tor_assert(n < INT_MAX);
   tor_assert(to);
   r = RAND_bytes((unsigned char*)to, (int)n);
-  if (r == 0)
-    crypto_log_errors(LOG_WARN, "generating random data");
-  return (r == 1) ? 0 : -1;
+  /* We consider a PRNG failure non-survivable. Let's assert so that we get a
+   * stack trace about where it happened.
+   */
+  tor_assert(r >= 0);
 }
 
 /** Return a pseudorandom integer, chosen uniformly from the values
@@ -2564,8 +3015,41 @@ crypto_rand_int(unsigned int max)
   }
 }
 
+/** Return a pseudorandom integer, chosen uniformly from the values i such
+ * that min <= i < max.
+ *
+ * <b>min</b> MUST be in range [0, <b>max</b>).
+ * <b>max</b> MUST be in range (min, INT_MAX].
+ */
+int
+crypto_rand_int_range(unsigned int min, unsigned int max)
+{
+  tor_assert(min < max);
+  tor_assert(max <= INT_MAX);
+
+  /* The overflow is avoided here because crypto_rand_int() returns a value
+   * between 0 and (max - min) inclusive. */
+  return min + crypto_rand_int(max - min);
+}
+
+/** As crypto_rand_int_range, but supports uint64_t. */
+uint64_t
+crypto_rand_uint64_range(uint64_t min, uint64_t max)
+{
+  tor_assert(min < max);
+  return min + crypto_rand_uint64(max - min);
+}
+
+/** As crypto_rand_int_range, but supports time_t. */
+time_t
+crypto_rand_time_range(time_t min, time_t max)
+{
+  tor_assert(min < max);
+  return min + (time_t)crypto_rand_uint64(max - min);
+}
+
 /** Return a pseudorandom 64-bit integer, chosen uniformly from the values
- * between 0 and <b>max</b>-1. */
+ * between 0 and <b>max</b>-1 inclusive. */
 uint64_t
 crypto_rand_uint64(uint64_t max)
 {
@@ -2609,7 +3093,7 @@ crypto_rand_double(void)
 /** Generate and return a new random hostname starting with <b>prefix</b>,
  * ending with <b>suffix</b>, and containing no fewer than
  * <b>min_rand_len</b> and no more than <b>max_rand_len</b> random base32
- * characters between.
+ * characters. Does not check for failure.
  *
  * Clip <b>max_rand_len</b> to MAX_DNS_LABEL_SIZE.
  **/
@@ -2626,7 +3110,7 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
   if (min_rand_len > max_rand_len)
     min_rand_len = max_rand_len;
 
-  randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1);
+  randlen = crypto_rand_int_range(min_rand_len, max_rand_len+1);
 
   prefixlen = strlen(prefix);
   resultlen = prefixlen + strlen(suffix) + randlen + 16;
@@ -2673,388 +3157,6 @@ smartlist_shuffle(smartlist_t *sl)
   }
 }
 
-/** Base64 encode <b>srclen</b> bytes of data from <b>src</b>.  Write
- * the result into <b>dest</b>, if it will fit within <b>destlen</b>
- * bytes.  Return the number of bytes written on success; -1 if
- * destlen is too short, or other failure.
- */
-int
-base64_encode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-  /* FFFF we might want to rewrite this along the lines of base64_decode, if
-   * it ever shows up in the profile. */
-  EVP_ENCODE_CTX ctx;
-  int len, ret;
-  tor_assert(srclen < INT_MAX);
-
-  /* 48 bytes of input -> 64 bytes of output plus newline.
-     Plus one more byte, in case I'm wrong.
-  */
-  if (destlen < ((srclen/48)+1)*66)
-    return -1;
-  if (destlen > SIZE_T_CEILING)
-    return -1;
-
-  EVP_EncodeInit(&ctx);
-  EVP_EncodeUpdate(&ctx, (unsigned char*)dest, &len,
-                   (unsigned char*)src, (int)srclen);
-  EVP_EncodeFinal(&ctx, (unsigned char*)(dest+len), &ret);
-  ret += len;
-  return ret;
-}
-
-/** @{ */
-/** Special values used for the base64_decode_table */
-#define X 255
-#define SP 64
-#define PAD 65
-/** @} */
-/** Internal table mapping byte values to what they represent in base64.
- * Numbers 0..63 are 6-bit integers.  SPs are spaces, and should be
- * skipped.  Xs are invalid and must not appear in base64. PAD indicates
- * end-of-string. */
-static const uint8_t base64_decode_table[256] = {
-  X, X, X, X, X, X, X, X, X, SP, SP, SP, X, SP, X, X, /* */
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  SP, X, X, X, X, X, X, X, X, X, X, 62, X, X, X, 63,
-  52, 53, 54, 55, 56, 57, 58, 59, 60, 61, X, X, X, PAD, X, X,
-  X, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
-  15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, X, X, X, X, X,
-  X, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
-  41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-};
-
-/** Base64 decode <b>srclen</b> bytes of data from <b>src</b>.  Write
- * the result into <b>dest</b>, if it will fit within <b>destlen</b>
- * bytes.  Return the number of bytes written on success; -1 if
- * destlen is too short, or other failure.
- *
- * NOTE 1: destlen is checked conservatively, as though srclen contained no
- * spaces or padding.
- *
- * NOTE 2: This implementation does not check for the correct number of
- * padding "=" characters at the end of the string, and does not check
- * for internal padding characters.
- */
-int
-base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-#ifdef USE_OPENSSL_BASE64
-  EVP_ENCODE_CTX ctx;
-  int len, ret;
-  /* 64 bytes of input -> *up to* 48 bytes of output.
-     Plus one more byte, in case I'm wrong.
-  */
-  if (destlen < ((srclen/64)+1)*49)
-    return -1;
-  if (destlen > SIZE_T_CEILING)
-    return -1;
-
-  memset(dest, 0, destlen);
-
-  EVP_DecodeInit(&ctx);
-  EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
-                   (unsigned char*)src, srclen);
-  EVP_DecodeFinal(&ctx, (unsigned char*)dest, &ret);
-  ret += len;
-  return ret;
-#else
-  const char *eos = src+srclen;
-  uint32_t n=0;
-  int n_idx=0;
-  char *dest_orig = dest;
-
-  /* Max number of bits == srclen*6.
-   * Number of bytes required to hold all bits == (srclen*6)/8.
-   * Yes, we want to round down: anything that hangs over the end of a
-   * byte is padding. */
-  if (destlen < (srclen*3)/4)
-    return -1;
-  if (destlen > SIZE_T_CEILING)
-    return -1;
-
-  memset(dest, 0, destlen);
-
-  /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the
-   * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have
-   * 24 bits, batch them into 3 bytes and flush those bytes to dest.
-   */
-  for ( ; src < eos; ++src) {
-    unsigned char c = (unsigned char) *src;
-    uint8_t v = base64_decode_table[c];
-    switch (v) {
-      case X:
-        /* This character isn't allowed in base64. */
-        return -1;
-      case SP:
-        /* This character is whitespace, and has no effect. */
-        continue;
-      case PAD:
-        /* We've hit an = character: the data is over. */
-        goto end_of_loop;
-      default:
-        /* We have an actual 6-bit value.  Append it to the bits in n. */
-        n = (n<<6) | v;
-        if ((++n_idx) == 4) {
-          /* We've accumulated 24 bits in n. Flush them. */
-          *dest++ = (n>>16);
-          *dest++ = (n>>8) & 0xff;
-          *dest++ = (n) & 0xff;
-          n_idx = 0;
-          n = 0;
-        }
-    }
-  }
- end_of_loop:
-  /* If we have leftover bits, we need to cope. */
-  switch (n_idx) {
-    case 0:
-    default:
-      /* No leftover bits.  We win. */
-      break;
-    case 1:
-      /* 6 leftover bits. That's invalid; we can't form a byte out of that. */
-      return -1;
-    case 2:
-      /* 12 leftover bits: The last 4 are padding and the first 8 are data. */
-      *dest++ = n >> 4;
-      break;
-    case 3:
-      /* 18 leftover bits: The last 2 are padding and the first 16 are data. */
-      *dest++ = n >> 10;
-      *dest++ = n >> 2;
-  }
-
-  tor_assert((dest-dest_orig) <= (ssize_t)destlen);
-  tor_assert((dest-dest_orig) <= INT_MAX);
-
-  return (int)(dest-dest_orig);
-#endif
-}
-#undef X
-#undef SP
-#undef PAD
-
-/** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
- * and newline characters, and store the nul-terminated result in the first
- * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>.  */
-int
-digest_to_base64(char *d64, const char *digest)
-{
-  char buf[256];
-  base64_encode(buf, sizeof(buf), digest, DIGEST_LEN);
-  buf[BASE64_DIGEST_LEN] = '\0';
-  memcpy(d64, buf, BASE64_DIGEST_LEN+1);
-  return 0;
-}
-
-/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
- * trailing newline or = characters), decode it and store the result in the
- * first DIGEST_LEN bytes at <b>digest</b>. */
-int
-digest_from_base64(char *digest, const char *d64)
-{
-#ifdef USE_OPENSSL_BASE64
-  char buf_in[BASE64_DIGEST_LEN+3];
-  char buf[256];
-  if (strlen(d64) != BASE64_DIGEST_LEN)
-    return -1;
-  memcpy(buf_in, d64, BASE64_DIGEST_LEN);
-  memcpy(buf_in+BASE64_DIGEST_LEN, "=\n\0", 3);
-  if (base64_decode(buf, sizeof(buf), buf_in, strlen(buf_in)) != DIGEST_LEN)
-    return -1;
-  memcpy(digest, buf, DIGEST_LEN);
-  return 0;
-#else
-  if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
-    return 0;
-  else
-    return -1;
-#endif
-}
-
-/** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
- * trailing = and newline characters, and store the nul-terminated result in
- * the first BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>.  */
-int
-digest256_to_base64(char *d64, const char *digest)
-{
-  char buf[256];
-  base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN);
-  buf[BASE64_DIGEST256_LEN] = '\0';
-  memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
-  return 0;
-}
-
-/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
- * trailing newline or = characters), decode it and store the result in the
- * first DIGEST256_LEN bytes at <b>digest</b>. */
-int
-digest256_from_base64(char *digest, const char *d64)
-{
-#ifdef USE_OPENSSL_BASE64
-  char buf_in[BASE64_DIGEST256_LEN+3];
-  char buf[256];
-  if (strlen(d64) != BASE64_DIGEST256_LEN)
-    return -1;
-  memcpy(buf_in, d64, BASE64_DIGEST256_LEN);
-  memcpy(buf_in+BASE64_DIGEST256_LEN, "=\n\0", 3);
-  if (base64_decode(buf, sizeof(buf), buf_in, strlen(buf_in)) != DIGEST256_LEN)
-    return -1;
-  memcpy(digest, buf, DIGEST256_LEN);
-  return 0;
-#else
-  if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
-    return 0;
-  else
-    return -1;
-#endif
-}
-
-/** Implements base32 encoding as in RFC 4648.  Limitation: Requires
- * that srclen*8 is a multiple of 5.
- */
-void
-base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-  unsigned int i, v, u;
-  size_t nbits = srclen * 8, bit;
-
-  tor_assert(srclen < SIZE_T_CEILING/8);
-  tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
-  tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
-  tor_assert(destlen < SIZE_T_CEILING);
-
-  for (i=0,bit=0; bit < nbits; ++i, bit+=5) {
-    /* set v to the 16-bit value starting at src[bits/8], 0-padded. */
-    v = ((uint8_t)src[bit/8]) << 8;
-    if (bit+5<nbits) v += (uint8_t)src[(bit/8)+1];
-    /* set u to the 5-bit value at the bit'th bit of src. */
-    u = (v >> (11-(bit%8))) & 0x1F;
-    dest[i] = BASE32_CHARS[u];
-  }
-  dest[i] = '\0';
-}
-
-/** Implements base32 decoding as in RFC 4648.  Limitation: Requires
- * that srclen*5 is a multiple of 8. Returns 0 if successful, -1 otherwise.
- */
-int
-base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-  /* XXXX we might want to rewrite this along the lines of base64_decode, if
-   * it ever shows up in the profile. */
-  unsigned int i;
-  size_t nbits, j, bit;
-  char *tmp;
-  nbits = srclen * 5;
-
-  tor_assert(srclen < SIZE_T_CEILING / 5);
-  tor_assert((nbits%8) == 0); /* We need an even multiple of 8 bits. */
-  tor_assert((nbits/8) <= destlen); /* We need enough space. */
-  tor_assert(destlen < SIZE_T_CEILING);
-
-  memset(dest, 0, destlen);
-
-  /* Convert base32 encoded chars to the 5-bit values that they represent. */
-  tmp = tor_malloc_zero(srclen);
-  for (j = 0; j < srclen; ++j) {
-    if (src[j] > 0x60 && src[j] < 0x7B) tmp[j] = src[j] - 0x61;
-    else if (src[j] > 0x31 && src[j] < 0x38) tmp[j] = src[j] - 0x18;
-    else if (src[j] > 0x40 && src[j] < 0x5B) tmp[j] = src[j] - 0x41;
-    else {
-      log_warn(LD_BUG, "illegal character in base32 encoded string");
-      tor_free(tmp);
-      return -1;
-    }
-  }
-
-  /* Assemble result byte-wise by applying five possible cases. */
-  for (i = 0, bit = 0; bit < nbits; ++i, bit += 8) {
-    switch (bit % 40) {
-    case 0:
-      dest[i] = (((uint8_t)tmp[(bit/5)]) << 3) +
-                (((uint8_t)tmp[(bit/5)+1]) >> 2);
-      break;
-    case 8:
-      dest[i] = (((uint8_t)tmp[(bit/5)]) << 6) +
-                (((uint8_t)tmp[(bit/5)+1]) << 1) +
-                (((uint8_t)tmp[(bit/5)+2]) >> 4);
-      break;
-    case 16:
-      dest[i] = (((uint8_t)tmp[(bit/5)]) << 4) +
-                (((uint8_t)tmp[(bit/5)+1]) >> 1);
-      break;
-    case 24:
-      dest[i] = (((uint8_t)tmp[(bit/5)]) << 7) +
-                (((uint8_t)tmp[(bit/5)+1]) << 2) +
-                (((uint8_t)tmp[(bit/5)+2]) >> 3);
-      break;
-    case 32:
-      dest[i] = (((uint8_t)tmp[(bit/5)]) << 5) +
-                ((uint8_t)tmp[(bit/5)+1]);
-      break;
-    }
-  }
-
-  memwipe(tmp, 0, srclen);
-  tor_free(tmp);
-  tmp = NULL;
-  return 0;
-}
-
-/** Implement RFC2440-style iterated-salted S2K conversion: convert the
- * <b>secret_len</b>-byte <b>secret</b> into a <b>key_out_len</b> byte
- * <b>key_out</b>.  As in RFC2440, the first 8 bytes of s2k_specifier
- * are a salt; the 9th byte describes how much iteration to do.
- * Does not support <b>key_out_len</b> &gt; DIGEST_LEN.
- */
-void
-secret_to_key(char *key_out, size_t key_out_len, const char *secret,
-              size_t secret_len, const char *s2k_specifier)
-{
-  crypto_digest_t *d;
-  uint8_t c;
-  size_t count, tmplen;
-  char *tmp;
-  tor_assert(key_out_len < SIZE_T_CEILING);
-
-#define EXPBIAS 6
-  c = s2k_specifier[8];
-  count = ((uint32_t)16 + (c & 15)) << ((c >> 4) + EXPBIAS);
-#undef EXPBIAS
-
-  tor_assert(key_out_len <= DIGEST_LEN);
-
-  d = crypto_digest_new();
-  tmplen = 8+secret_len;
-  tmp = tor_malloc(tmplen);
-  memcpy(tmp,s2k_specifier,8);
-  memcpy(tmp+8,secret,secret_len);
-  secret_len += 8;
-  while (count) {
-    if (count >= secret_len) {
-      crypto_digest_add_bytes(d, tmp, secret_len);
-      count -= secret_len;
-    } else {
-      crypto_digest_add_bytes(d, tmp, count);
-      count = 0;
-    }
-  }
-  crypto_digest_get_digest(d, key_out, key_out_len);
-  memwipe(tmp, 0, tmplen);
-  tor_free(tmp);
-  crypto_digest_free(d);
-}
-
 /**
  * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
  * the value <b>byte</b>.
@@ -3089,13 +3191,32 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    * have this function call "memset".  A smart compiler could inline it, then
    * eliminate dead memsets, and declare itself to be clever. */
 
+#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
+  /* Here's what you do on windows. */
+  SecureZeroMemory(mem,sz);
+#elif defined(HAVE_RTLSECUREZEROMEMORY)
+  RtlSecureZeroMemory(mem,sz);
+#elif defined(HAVE_EXPLICIT_BZERO)
+  /* The BSDs provide this. */
+  explicit_bzero(mem, sz);
+#elif defined(HAVE_MEMSET_S)
+  /* This is in the C99 standard. */
+  memset_s(mem, sz, 0, sz);
+#else
   /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
    * based on the pointer value, then uses that junk to update a global
    * variable.  It's an elaborate ruse to trick the compiler into not
    * optimizing out the "wipe this memory" code.  Read it if you like zany
    * programming tricks! In later versions of Tor, we should look for better
-   * not-optimized-out memory wiping stuff. */
+   * not-optimized-out memory wiping stuff...
+   *
+   * ...or maybe not.  In practice, there are pure-asm implementations of
+   * OPENSSL_cleanse() on most platforms, which ought to do the job.
+   **/
+
   OPENSSL_cleanse(mem, sz);
+#endif
+
   /* Just in case some caller of memwipe() is relying on getting a buffer
    * filled with a particular value, fill the buffer.
    *
@@ -3108,13 +3229,12 @@ memwipe(void *mem, uint8_t byte, size_t sz)
   memset(mem, byte, sz);
 }
 
-#ifdef TOR_IS_MULTITHREADED
-
 #ifndef OPENSSL_THREADS
 #error OpenSSL has been built without thread support. Tor requires an \
  OpenSSL library with thread support enabled.
 #endif
 
+#ifndef NEW_THREAD_API
 /** Helper: OpenSSL uses this callback to manipulate mutexes. */
 static void
 openssl_locking_cb_(int mode, int n, const char *file, int line)
@@ -3132,6 +3252,17 @@ openssl_locking_cb_(int mode, int n, const char *file, int line)
     tor_mutex_release(openssl_mutexes_[n]);
 }
 
+static void
+tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
+{
+  CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
+}
+#endif
+
+#if 0
+/* This code is disabled, because OpenSSL never actually uses these callbacks.
+ */
+
 /** OpenSSL helper type: wraps a Tor mutex so that OpenSSL can use it
  * as a lock. */
 struct CRYPTO_dynlock_value {
@@ -3176,41 +3307,42 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
   tor_mutex_free(v->lock);
   tor_free(v);
 }
+#endif
 
 /** @{ */
 /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
- * multithreaded. */
+ * multithreaded. Returns 0. */
 static int
 setup_openssl_threading(void)
 {
+#ifndef NEW_THREAD_API
   int i;
   int n = CRYPTO_num_locks();
   n_openssl_mutexes_ = n;
-  openssl_mutexes_ = tor_malloc(n*sizeof(tor_mutex_t *));
+  openssl_mutexes_ = tor_calloc(n, sizeof(tor_mutex_t *));
   for (i=0; i < n; ++i)
     openssl_mutexes_[i] = tor_mutex_new();
   CRYPTO_set_locking_callback(openssl_locking_cb_);
-  CRYPTO_set_id_callback(tor_get_thread_id);
+  CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
+#endif
+#if 0
   CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
   CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
   CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_);
+#endif
   return 0;
 }
-#else
-static int
-setup_openssl_threading(void)
-{
-  return 0;
-}
-#endif
 
-/** Uninitialize the crypto library. Return 0 on success, -1 on failure.
+/** Uninitialize the crypto library. Return 0 on success. Does not detect
+ * failure.
  */
 int
 crypto_global_cleanup(void)
 {
   EVP_cleanup();
-  ERR_remove_state(0);
+#ifndef NEW_THREAD_API
+  ERR_remove_thread_state(NULL);
+#endif
   ERR_free_strings();
 
   if (dh_param_p)
@@ -3226,7 +3358,8 @@ crypto_global_cleanup(void)
 
   CONF_modules_unload(1);
   CRYPTO_cleanup_all_ex_data();
-#ifdef TOR_IS_MULTITHREADED
+
+#ifndef NEW_THREAD_API
   if (n_openssl_mutexes_) {
     int n = n_openssl_mutexes_;
     tor_mutex_t **ms = openssl_mutexes_;
@@ -3239,6 +3372,7 @@ crypto_global_cleanup(void)
     tor_free(ms);
   }
 #endif
+
   tor_free(crypto_openssl_version_str);
   tor_free(crypto_openssl_header_version_str);
   return 0;
diff --git a/src/common/crypto.h b/src/common/crypto.h
index aa4271aa33..682c4e3253 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -16,6 +16,7 @@
 #include <stdio.h>
 #include "torint.h"
 #include "testsupport.h"
+#include "compat.h"
 
 /*
   Macro to create an arbitrary OpenSSL version number as used by
@@ -54,6 +55,8 @@
 /** Length of the output of our second (improved) message digests.  (For now
  * this is just sha256, but it could be any other 256-bit digest.) */
 #define DIGEST256_LEN 32
+/** Length of the output of our 64-bit optimized message digests (SHA512). */
+#define DIGEST512_LEN 64
 /** Length of our symmetric cipher's keys. */
 #define CIPHER_KEY_LEN 16
 /** Length of our symmetric cipher's IV. */
@@ -69,6 +72,9 @@
 /** Length of a sha256 message digest when encoded in base64 with trailing =
  * signs removed. */
 #define BASE64_DIGEST256_LEN 43
+/** Length of a sha512 message digest when encoded in base64 with trailing =
+ * signs removed. */
+#define BASE64_DIGEST512_LEN 86
 
 /** Constant used to indicate OAEP padding for public-key encryption */
 #define PK_PKCS1_OAEP_PADDING 60002
@@ -83,53 +89,58 @@
 #define HEX_DIGEST_LEN 40
 /** Length of hex encoding of SHA256 digest, not including final NUL. */
 #define HEX_DIGEST256_LEN 64
+/** Length of hex encoding of SHA512 digest, not including final NUL. */
+#define HEX_DIGEST512_LEN 128
 
 typedef enum {
   DIGEST_SHA1 = 0,
   DIGEST_SHA256 = 1,
+  DIGEST_SHA512 = 2,
+  DIGEST_SHA3_256 = 3,
+  DIGEST_SHA3_512 = 4,
 } digest_algorithm_t;
-#define  N_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
-#define digest_algorithm_bitfield_t ENUM_BF(digest_algorithm_t)
+#define  N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1)
+#define  N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
 
-/** A set of all the digests we know how to compute, taken on a single
- * string.  Any digests that are shorter than 256 bits are right-padded
+/** A set of all the digests we commonly compute, taken on a single
+ * string.  Any digests that are shorter than 512 bits are right-padded
  * with 0 bits.
  *
- * Note that this representation wastes 12 bytes for the SHA1 case, so
+ * Note that this representation wastes 44 bytes for the SHA1 case, so
  * don't use it for anything where we need to allocate a whole bunch at
  * once.
  **/
 typedef struct {
-  char d[N_DIGEST_ALGORITHMS][DIGEST256_LEN];
-} digests_t;
+  char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN];
+} common_digests_t;
 
 typedef struct crypto_pk_t crypto_pk_t;
 typedef struct crypto_cipher_t crypto_cipher_t;
 typedef struct crypto_digest_t crypto_digest_t;
+typedef struct crypto_xof_t crypto_xof_t;
 typedef struct crypto_dh_t crypto_dh_t;
 
 /* global state */
 const char * crypto_openssl_get_version_str(void);
 const char * crypto_openssl_get_header_version_str(void);
-int crypto_early_init(void);
+int crypto_early_init(void) ATTR_WUR;
 int crypto_global_init(int hardwareAccel,
                        const char *accelName,
-                       const char *accelPath);
+                       const char *accelPath) ATTR_WUR;
 void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 
 /* environment setup */
-crypto_pk_t *crypto_pk_new(void);
+MOCK_DECL(crypto_pk_t *,crypto_pk_new,(void));
 void crypto_pk_free(crypto_pk_t *env);
 
-void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
-
+void crypto_set_tls_dh_prime(void);
 crypto_cipher_t *crypto_cipher_new(const char *key);
 crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv);
 void crypto_cipher_free(crypto_cipher_t *env);
 
 /* public key crypto */
-int crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits);
+MOCK_DECL(int, crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits));
 #define crypto_pk_generate_key(env)                     \
   crypto_pk_generate_key_with_bits((env), (PK_BYTES*8))
 
@@ -147,9 +158,9 @@ int crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
                                             const char *fname);
 
 int crypto_pk_check_key(crypto_pk_t *env);
-int crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b);
-int crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b);
-size_t crypto_pk_keysize(crypto_pk_t *env);
+int crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b);
+int crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b);
+size_t crypto_pk_keysize(const crypto_pk_t *env);
 int crypto_pk_num_bits(crypto_pk_t *env);
 crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig);
 crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig);
@@ -161,11 +172,11 @@ int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
 int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen,
                               const char *from, size_t fromlen,
                               int padding, int warnOnFailure);
-int crypto_pk_public_checksig(crypto_pk_t *env, char *to, size_t tolen,
+int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen,
                               const char *from, size_t fromlen);
 int crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
                                size_t datalen, const char *sig, size_t siglen);
-int crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
+int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
                            const char *from, size_t fromlen);
 int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
                                   const char *from, size_t fromlen);
@@ -180,11 +191,15 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
 
 int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
 crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
-int crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out);
-int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
+int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
+int crypto_pk_get_common_digests(crypto_pk_t *pk,
+                                 common_digests_t *digests_out);
 int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
 int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
 
+int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
+crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
+
 /* symmetric crypto */
 const char *crypto_cipher_get_key(crypto_cipher_t *env);
 
@@ -192,7 +207,7 @@ int crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
                           const char *from, size_t fromlen);
 int crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
                           const char *from, size_t fromlen);
-int crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len);
+void crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len);
 
 int crypto_cipher_encrypt_with_iv(const char *key,
                                   char *to, size_t tolen,
@@ -205,8 +220,15 @@ int crypto_cipher_decrypt_with_iv(const char *key,
 int crypto_digest(char *digest, const char *m, size_t len);
 int crypto_digest256(char *digest, const char *m, size_t len,
                      digest_algorithm_t algorithm);
-int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
+int crypto_digest512(char *digest, const char *m, size_t len,
+                     digest_algorithm_t algorithm);
+int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len);
 struct smartlist_t;
+void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
+                                    const char *prepend,
+                                    const struct smartlist_t *lst,
+                                    const char *append,
+                                    digest_algorithm_t alg);
 void crypto_digest_smartlist(char *digest_out, size_t len_out,
                              const struct smartlist_t *lst, const char *append,
                              digest_algorithm_t alg);
@@ -214,6 +236,7 @@ const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg);
 int crypto_digest_algorithm_parse_name(const char *name);
 crypto_digest_t *crypto_digest_new(void);
 crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm);
+crypto_digest_t *crypto_digest512_new(digest_algorithm_t algorithm);
 void crypto_digest_free(crypto_digest_t *digest);
 void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
                              size_t len);
@@ -225,6 +248,10 @@ void crypto_digest_assign(crypto_digest_t *into,
 void crypto_hmac_sha256(char *hmac_out,
                         const char *key, size_t key_len,
                         const char *msg, size_t msg_len);
+crypto_xof_t *crypto_xof_new(void);
+void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len);
+void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len);
+void crypto_xof_free(crypto_xof_t *xof);
 
 /* Key negotiation */
 #define DH_TYPE_CIRCUIT 1
@@ -251,10 +278,14 @@ int crypto_expand_key_material_rfc5869_sha256(
                                     uint8_t *key_out, size_t key_out_len);
 
 /* random numbers */
-int crypto_seed_rng(int startup);
-MOCK_DECL(int,crypto_rand,(char *to, size_t n));
-int crypto_strongest_rand(uint8_t *out, size_t out_len);
+int crypto_seed_rng(void) ATTR_WUR;
+MOCK_DECL(void,crypto_rand,(char *to, size_t n));
+void crypto_rand_unmocked(char *to, size_t n);
+void crypto_strongest_rand(uint8_t *out, size_t out_len);
 int crypto_rand_int(unsigned int max);
+int crypto_rand_int_range(unsigned int min, unsigned int max);
+uint64_t crypto_rand_uint64_range(uint64_t min, uint64_t max);
+time_t crypto_rand_time_range(time_t min, time_t max);
 uint64_t crypto_rand_uint64(uint64_t max);
 double crypto_rand_double(void);
 struct tor_weak_rng_t;
@@ -268,24 +299,6 @@ struct smartlist_t;
 void *smartlist_choose(const struct smartlist_t *sl);
 void smartlist_shuffle(struct smartlist_t *sl);
 
-int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen);
-int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-/** Characters that can appear (case-insensitively) in a base32 encoding. */
-#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
-void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);
-int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-
-int digest_to_base64(char *d64, const char *digest);
-int digest_from_base64(char *digest, const char *d64);
-int digest256_to_base64(char *d64, const char *digest);
-int digest256_from_base64(char *digest, const char *d64);
-
-/** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the
- * 9th describes how much iteration to do. */
-#define S2K_SPECIFIER_LEN 9
-void secret_to_key(char *key_out, size_t key_out_len, const char *secret,
-                   size_t secret_len, const char *s2k_specifier);
-
 /** OpenSSL-based utility functions. */
 void memwipe(void *mem, uint8_t byte, size_t sz);
 
@@ -296,11 +309,15 @@ struct evp_pkey_st;
 struct dh_st;
 struct rsa_st *crypto_pk_get_rsa_(crypto_pk_t *env);
 crypto_pk_t *crypto_new_pk_from_rsa_(struct rsa_st *rsa);
-struct evp_pkey_st *crypto_pk_get_evp_pkey_(crypto_pk_t *env,
-                                                int private);
+MOCK_DECL(struct evp_pkey_st *, crypto_pk_get_evp_pkey_,(crypto_pk_t *env,
+                                                         int private));
 struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
 
 void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
 
+#ifdef CRYPTO_PRIVATE
+STATIC int crypto_force_rand_ssleay(void);
+#endif
+
 #endif
 
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index 9e83440e16..57c878b79a 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -1,18 +1,26 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
-/* Wrapper code for a curve25519 implementation. */
+/**
+ * \file crypto_curve25519.c
+ *
+ * \brief Wrapper code for a curve25519 implementation.
+ */
 
 #define CRYPTO_CURVE25519_PRIVATE
 #include "orconfig.h"
 #ifdef HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
+#include "container.h"
 #include "crypto.h"
 #include "crypto_curve25519.h"
+#include "crypto_format.h"
 #include "util.h"
 #include "torlog.h"
 
+#include "ed25519/donna/ed25519_donna_tor.h"
+
 /* ==============================
    Part 1: wrap a suitable curve25519 implementation as curve25519_impl
    ============================== */
@@ -29,6 +37,10 @@ int curve25519_donna(uint8_t *mypublic,
 #endif
 #endif
 
+static void pick_curve25519_basepoint_impl(void);
+
+static int curve25519_use_ed = -1;
+
 STATIC int
 curve25519_impl(uint8_t *output, const uint8_t *secret,
                 const uint8_t *basepoint)
@@ -49,6 +61,34 @@ curve25519_impl(uint8_t *output, const uint8_t *secret,
   return r;
 }
 
+STATIC int
+curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret)
+{
+  int r = 0;
+  if (PREDICT_UNLIKELY(curve25519_use_ed == -1)) {
+    pick_curve25519_basepoint_impl();
+  }
+
+  /* TODO: Someone should benchmark curved25519_scalarmult_basepoint versus
+   * an optimized NaCl build to see which should be used when compiled with
+   * NaCl available.  I suspected that the ed25519 optimization always wins.
+   */
+  if (PREDICT_LIKELY(curve25519_use_ed == 1)) {
+    curved25519_scalarmult_basepoint_donna(output, secret);
+    r = 0;
+  } else {
+    static const uint8_t basepoint[32] = {9};
+    r = curve25519_impl(output, secret, basepoint);
+  }
+  return r;
+}
+
+void
+curve25519_set_impl_params(int use_ed)
+{
+  curve25519_use_ed = use_ed;
+}
+
 /* ==============================
    Part 2: Wrap curve25519_impl with some convenience types and functions.
    ============================== */
@@ -63,6 +103,26 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key)
   return !safe_mem_is_zero(key->public_key, CURVE25519_PUBKEY_LEN);
 }
 
+/**
+ * Generate CURVE25519_SECKEY_LEN random bytes in <b>out</b>. If
+ * <b>extra_strong</b> is true, this key is possibly going to get used more
+ * than once, so use a better-than-usual RNG. Return 0 on success, -1 on
+ * failure.
+ *
+ * This function does not adjust the output of the RNG at all; the will caller
+ * will need to clear or set the appropriate bits to make curve25519 work.
+ */
+int
+curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong)
+{
+  if (extra_strong)
+    crypto_strongest_rand(out, CURVE25519_SECKEY_LEN);
+  else
+    crypto_rand((char*)out, CURVE25519_SECKEY_LEN);
+
+  return 0;
+}
+
 /** Generate a new keypair and return the secret key.  If <b>extra_strong</b>
  * is true, this key is possibly going to get used more than once, so
  * use a better-than-usual RNG. Return 0 on success, -1 on failure. */
@@ -70,19 +130,9 @@ int
 curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
                                int extra_strong)
 {
-  uint8_t k_tmp[CURVE25519_SECKEY_LEN];
-
-  if (crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN) < 0)
+  if (curve25519_rand_seckey_bytes(key_out->secret_key, extra_strong) < 0)
     return -1;
-  if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) {
-    /* If they asked for extra-strong entropy and we have some, use it as an
-     * HMAC key to improve not-so-good entropy rather than using it directly,
-     * just in case the extra-strong entropy is less amazing than we hoped. */
-    crypto_hmac_sha256((char *)key_out->secret_key,
-                    (const char *)k_tmp, sizeof(k_tmp),
-                    (const char *)key_out->secret_key, CURVE25519_SECKEY_LEN);
-  }
-  memwipe(k_tmp, 0, sizeof(k_tmp));
+
   key_out->secret_key[0] &= 248;
   key_out->secret_key[31] &= 127;
   key_out->secret_key[31] |= 64;
@@ -94,9 +144,7 @@ void
 curve25519_public_key_generate(curve25519_public_key_t *key_out,
                                const curve25519_secret_key_t *seckey)
 {
-  static const uint8_t basepoint[32] = {9};
-
-  curve25519_impl(key_out->public_key, seckey->secret_key, basepoint);
+  curve25519_basepoint_impl(key_out->public_key, seckey->secret_key);
 }
 
 int
@@ -109,69 +157,55 @@ curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
   return 0;
 }
 
+/* DOCDOC */
 int
 curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair,
                                  const char *fname,
                                  const char *tag)
 {
-  char contents[32 + CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN];
+  uint8_t contents[CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN];
   int r;
 
-  memset(contents, 0, sizeof(contents));
-  tor_snprintf(contents, sizeof(contents), "== c25519v1: %s ==", tag);
-  tor_assert(strlen(contents) <= 32);
-  memcpy(contents+32, keypair->seckey.secret_key, CURVE25519_SECKEY_LEN);
-  memcpy(contents+32+CURVE25519_SECKEY_LEN,
+  memcpy(contents, keypair->seckey.secret_key, CURVE25519_SECKEY_LEN);
+  memcpy(contents+CURVE25519_SECKEY_LEN,
          keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN);
 
-  r = write_bytes_to_file(fname, contents, sizeof(contents), 1);
+  r = crypto_write_tagged_contents_to_file(fname,
+                                           "c25519v1",
+                                           tag,
+                                           contents,
+                                           sizeof(contents));
 
   memwipe(contents, 0, sizeof(contents));
   return r;
 }
 
+/* DOCDOC */
 int
 curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out,
                                   char **tag_out,
                                   const char *fname)
 {
-  char prefix[33];
-  char *content;
-  struct stat st;
+  uint8_t content[CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN];
+  ssize_t len;
   int r = -1;
 
-  *tag_out = NULL;
-
-  st.st_size = 0;
-  content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
-  if (! content)
-    goto end;
-  if (st.st_size != 32 + CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN)
+  len = crypto_read_tagged_contents_from_file(fname, "c25519v1", tag_out,
+                                              content, sizeof(content));
+  if (len != sizeof(content))
     goto end;
 
-  memcpy(prefix, content, 32);
-  prefix[32] = '\0';
-  if (strcmpstart(prefix, "== c25519v1: ") ||
-      strcmpend(prefix, " =="))
-    goto end;
-
-  *tag_out = tor_strndup(prefix+strlen("== c25519v1: "),
-                         strlen(prefix) - strlen("== c25519v1:  =="));
-
-  memcpy(keypair_out->seckey.secret_key, content+32, CURVE25519_SECKEY_LEN);
+  memcpy(keypair_out->seckey.secret_key, content, CURVE25519_SECKEY_LEN);
   curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey);
   if (tor_memneq(keypair_out->pubkey.public_key,
-                 content + 32 + CURVE25519_SECKEY_LEN,
+                 content + CURVE25519_SECKEY_LEN,
                  CURVE25519_PUBKEY_LEN))
     goto end;
 
   r = 0;
 
  end:
-  if (content) {
-    memwipe(content, 0, (size_t) st.st_size);
-    tor_free(content);
-  }
+  memwipe(content, 0, sizeof(content));
   if (r != 0) {
     memset(keypair_out, 0, sizeof(*keypair_out));
     tor_free(*tag_out);
@@ -189,3 +223,84 @@ curve25519_handshake(uint8_t *output,
   curve25519_impl(output, skey->secret_key, pkey->public_key);
 }
 
+/** Check whether the ed25519-based curve25519 basepoint optimization seems to
+ * be working. If so, return 0; otherwise return -1. */
+static int
+curve25519_basepoint_spot_check(void)
+{
+  static const uint8_t alicesk[32] = {
+    0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d,
+    0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45,
+    0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a,
+    0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+  };
+  static const uint8_t alicepk[32] = {
+    0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54,
+    0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a,
+    0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4,
+    0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+  };
+  const int loop_max=200;
+  int save_use_ed = curve25519_use_ed;
+  unsigned char e1[32] = { 5 };
+  unsigned char e2[32] = { 5 };
+  unsigned char x[32],y[32];
+  int i;
+  int r=0;
+
+  /* Check the most basic possible sanity via the test secret/public key pair
+   * used in "Cryptography in NaCl - 2. Secret keys and public keys".  This
+   * may catch catastrophic failures on systems where Curve25519 is expensive,
+   * without requiring a ton of key generation.
+   */
+  curve25519_use_ed = 1;
+  r |= curve25519_basepoint_impl(x, alicesk);
+  if (fast_memneq(x, alicepk, 32))
+    goto fail;
+
+  /* Ok, the optimization appears to produce passable results, try a few more
+   * values, maybe there's something subtle wrong.
+   */
+  for (i = 0; i < loop_max; ++i) {
+    curve25519_use_ed = 0;
+    r |= curve25519_basepoint_impl(x, e1);
+    curve25519_use_ed = 1;
+    r |= curve25519_basepoint_impl(y, e2);
+    if (fast_memneq(x,y,32))
+      goto fail;
+    memcpy(e1, x, 32);
+    memcpy(e2, x, 32);
+  }
+
+  goto end;
+ fail:
+  r = -1;
+ end:
+  curve25519_use_ed = save_use_ed;
+  return r;
+}
+
+/** Choose whether to use the ed25519-based curve25519-basepoint
+ * implementation. */
+static void
+pick_curve25519_basepoint_impl(void)
+{
+  curve25519_use_ed = 1;
+
+  if (curve25519_basepoint_spot_check() == 0)
+    return;
+
+  log_warn(LD_CRYPTO, "The ed25519-based curve25519 basepoint "
+           "multiplication seems broken; using the curve25519 "
+           "implementation.");
+  curve25519_use_ed = 0;
+}
+
+/** Initialize the curve25519 implementations. This is necessary if you're
+ * going to use them in a multithreaded setting, and not otherwise. */
+void
+curve25519_init(void)
+{
+  pick_curve25519_basepoint_impl();
+}
+
diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h
index 57018ac2f5..547e393567 100644
--- a/src/common/crypto_curve25519.h
+++ b/src/common/crypto_curve25519.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CRYPTO_CURVE25519_H
@@ -30,7 +30,6 @@ typedef struct curve25519_keypair_t {
   curve25519_secret_key_t seckey;
 } curve25519_keypair_t;
 
-#ifdef CURVE25519_ENABLED
 /* These functions require that we actually know how to use curve25519 keys.
  * The other data structures and functions in this header let us parse them,
  * store them, and move them around.
@@ -57,10 +56,13 @@ int curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out,
                                       char **tag_out,
                                       const char *fname);
 
+int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong);
+
 #ifdef CRYPTO_CURVE25519_PRIVATE
 STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
                            const uint8_t *basepoint);
-#endif
+
+STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret);
 #endif
 
 #define CURVE25519_BASE64_PADDED_LEN 44
@@ -70,5 +72,8 @@ int curve25519_public_from_base64(curve25519_public_key_t *pkey,
 int curve25519_public_to_base64(char *output,
                                 const curve25519_public_key_t *pkey);
 
+void curve25519_set_impl_params(int use_ed);
+void curve25519_init(void);
+
 #endif
 
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
new file mode 100644
index 0000000000..ea2d8e3892
--- /dev/null
+++ b/src/common/crypto_ed25519.c
@@ -0,0 +1,609 @@
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_ed25519.c
+ *
+ * \brief Wrapper code for an ed25519 implementation.
+ */
+
+#include "orconfig.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include "crypto.h"
+
+#include "crypto_curve25519.h"
+#include "crypto_ed25519.h"
+#include "crypto_format.h"
+#include "torlog.h"
+#include "util.h"
+
+#include "ed25519/ref10/ed25519_ref10.h"
+#include "ed25519/donna/ed25519_donna_tor.h"
+
+#include <openssl/sha.h>
+
+static void pick_ed25519_impl(void);
+static int ed25519_impl_spot_check(void);
+
+/** An Ed25519 implementation */
+typedef struct {
+  int (*selftest)(void);
+
+  int (*seckey)(unsigned char *);
+  int (*seckey_expand)(unsigned char *, const unsigned char *);
+  int (*pubkey)(unsigned char *, const unsigned char *);
+  int (*keygen)(unsigned char *, unsigned char *);
+
+  int (*open)(const unsigned char *, const unsigned char *, size_t, const
+              unsigned char *);
+  int (*sign)(unsigned char *, const unsigned char *, size_t,
+              const unsigned char *, const unsigned char *);
+  int (*open_batch)(const unsigned char **, size_t *, const unsigned char **,
+                    const unsigned char **, size_t, int *);
+
+  int (*blind_secret_key)(unsigned char *, const unsigned char *,
+                          const unsigned char *);
+  int (*blind_public_key)(unsigned char *, const unsigned char *,
+                          const unsigned char *);
+
+  int (*pubkey_from_curve25519_pubkey)(unsigned char *, const unsigned char *,
+                                       int);
+} ed25519_impl_t;
+
+static const ed25519_impl_t impl_ref10 = {
+  NULL,
+
+  ed25519_ref10_seckey,
+  ed25519_ref10_seckey_expand,
+  ed25519_ref10_pubkey,
+  ed25519_ref10_keygen,
+
+  ed25519_ref10_open,
+  ed25519_ref10_sign,
+  NULL,
+
+  ed25519_ref10_blind_secret_key,
+  ed25519_ref10_blind_public_key,
+
+  ed25519_ref10_pubkey_from_curve25519_pubkey,
+};
+
+static const ed25519_impl_t impl_donna = {
+  ed25519_donna_selftest,
+
+  ed25519_donna_seckey,
+  ed25519_donna_seckey_expand,
+  ed25519_donna_pubkey,
+  ed25519_donna_keygen,
+
+  ed25519_donna_open,
+  ed25519_donna_sign,
+  ed25519_sign_open_batch_donna,
+
+  ed25519_donna_blind_secret_key,
+  ed25519_donna_blind_public_key,
+
+  ed25519_donna_pubkey_from_curve25519_pubkey,
+};
+
+static const ed25519_impl_t *ed25519_impl = NULL;
+
+static inline const ed25519_impl_t *
+get_ed_impl(void)
+{
+  if (PREDICT_UNLIKELY(ed25519_impl == NULL)) {
+    pick_ed25519_impl();
+  }
+  return ed25519_impl;
+}
+
+#ifdef TOR_UNIT_TESTS
+static const ed25519_impl_t *saved_ed25519_impl = NULL;
+void
+crypto_ed25519_testing_force_impl(const char *name)
+{
+  tor_assert(saved_ed25519_impl == NULL);
+  saved_ed25519_impl = ed25519_impl;
+  if (! strcmp(name, "donna")) {
+    ed25519_impl = &impl_donna;
+  } else {
+    tor_assert(!strcmp(name, "ref10"));
+    ed25519_impl = &impl_ref10;
+  }
+}
+void
+crypto_ed25519_testing_restore_impl(void)
+{
+  ed25519_impl = saved_ed25519_impl;
+  saved_ed25519_impl = NULL;
+}
+#endif
+
+/**
+ * Initialize a new ed25519 secret key in <b>seckey_out</b>.  If
+ * <b>extra_strong</b>, take the RNG inputs directly from the operating
+ * system.  Return 0 on success, -1 on failure.
+ */
+int
+ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
+                        int extra_strong)
+{
+  int r;
+  uint8_t seed[32];
+  if (extra_strong)
+    crypto_strongest_rand(seed, sizeof(seed));
+ else
+    crypto_rand((char*)seed, sizeof(seed));
+
+  r = get_ed_impl()->seckey_expand(seckey_out->seckey, seed);
+  memwipe(seed, 0, sizeof(seed));
+
+  return r < 0 ? -1 : 0;
+}
+
+/**
+ * Given a 32-byte random seed in <b>seed</b>, expand it into an ed25519
+ * secret key in <b>seckey_out</b>.  Return 0 on success, -1 on failure.
+ */
+int
+ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
+                             const uint8_t *seed)
+{
+  if (get_ed_impl()->seckey_expand(seckey_out->seckey, seed) < 0)
+     return -1;
+  return 0;
+}
+
+/**
+ * Given a secret key in <b>seckey</b>, expand it into an
+ * ed25519 public key.  Return 0 on success, -1 on failure.
+ */
+int
+ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
+                        const ed25519_secret_key_t *seckey)
+{
+  if (get_ed_impl()->pubkey(pubkey_out->pubkey, seckey->seckey) < 0)
+    return -1;
+  return 0;
+}
+
+/** Generate a new ed25519 keypair in <b>keypair_out</b>.  If
+ * <b>extra_strong</b> is set, try to mix some system entropy into the key
+ * generation process. Return 0 on success, -1 on failure. */
+int
+ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
+{
+  if (ed25519_secret_key_generate(&keypair_out->seckey, extra_strong) < 0)
+    return -1;
+  if (ed25519_public_key_generate(&keypair_out->pubkey,
+                                  &keypair_out->seckey)<0)
+    return -1;
+  return 0;
+}
+
+/**
+ * Set <b>signature_out</b> to a signature of the <b>len</b>-byte message
+ * <b>msg</b>, using the secret and public key in <b>keypair</b>.
+ */
+int
+ed25519_sign(ed25519_signature_t *signature_out,
+             const uint8_t *msg, size_t len,
+             const ed25519_keypair_t *keypair)
+{
+  if (get_ed_impl()->sign(signature_out->sig, msg, len,
+                          keypair->seckey.seckey,
+                          keypair->pubkey.pubkey) < 0) {
+    return -1;
+  }
+
+  return 0;
+}
+
+/**
+ * Check whether if <b>signature</b> is a valid signature for the
+ * <b>len</b>-byte message in <b>msg</b> made with the key <b>pubkey</b>.
+ *
+ * Return 0 if the signature is valid; -1 if it isn't.
+ */
+int
+ed25519_checksig(const ed25519_signature_t *signature,
+                 const uint8_t *msg, size_t len,
+                 const ed25519_public_key_t *pubkey)
+{
+  return
+    get_ed_impl()->open(signature->sig, msg, len, pubkey->pubkey) < 0 ? -1 : 0;
+}
+
+/** Validate every signature among those in <b>checkable</b>, which contains
+ * exactly <b>n_checkable</b> elements.  If <b>okay_out</b> is non-NULL, set
+ * the i'th element of <b>okay_out</b> to 1 if the i'th element of
+ * <b>checkable</b> is valid, and to 0 otherwise.  Return 0 if every signature
+ * was valid. Otherwise return -N, where N is the number of invalid
+ * signatures.
+ */
+int
+ed25519_checksig_batch(int *okay_out,
+                       const ed25519_checkable_t *checkable,
+                       int n_checkable)
+{
+  int i, res;
+  const ed25519_impl_t *impl = get_ed_impl();
+
+  if (impl->open_batch == NULL) {
+    /* No batch verification implementation available, fake it by checking the
+     * each signature individually.
+     */
+    res = 0;
+    for (i = 0; i < n_checkable; ++i) {
+      const ed25519_checkable_t *ch = &checkable[i];
+      int r = ed25519_checksig(&ch->signature, ch->msg, ch->len, ch->pubkey);
+      if (r < 0)
+        --res;
+      if (okay_out)
+        okay_out[i] = (r == 0);
+    }
+  } else {
+    /* ed25519-donna style batch verification available.
+     *
+     * Theoretically, this should only be called if n_checkable >= 3, since
+     * that's the threshold where the batch verification actually kicks in,
+     * but the only difference is a few mallocs/frees.
+     */
+    const uint8_t **ms;
+    size_t *lens;
+    const uint8_t **pks;
+    const uint8_t **sigs;
+    int *oks;
+    int all_ok;
+
+    ms = tor_malloc(sizeof(uint8_t*)*n_checkable);
+    lens = tor_malloc(sizeof(size_t)*n_checkable);
+    pks = tor_malloc(sizeof(uint8_t*)*n_checkable);
+    sigs = tor_malloc(sizeof(uint8_t*)*n_checkable);
+    oks = okay_out ? okay_out : tor_malloc(sizeof(int)*n_checkable);
+
+    for (i = 0; i < n_checkable; ++i) {
+      ms[i] = checkable[i].msg;
+      lens[i] = checkable[i].len;
+      pks[i] = checkable[i].pubkey->pubkey;
+      sigs[i] = checkable[i].signature.sig;
+      oks[i] = 0;
+    }
+
+    res = 0;
+    all_ok = impl->open_batch(ms, lens, pks, sigs, n_checkable, oks);
+    for (i = 0; i < n_checkable; ++i) {
+      if (!oks[i])
+        --res;
+    }
+    /* XXX: For now sanity check oks with the return value.  Once we have
+     * more confidence in the code, if `all_ok == 0` we can skip iterating
+     * over oks since all the signatures were found to be valid.
+     */
+    tor_assert(((res == 0) && !all_ok) || ((res < 0) && all_ok));
+
+    tor_free(ms);
+    tor_free(lens);
+    tor_free(pks);
+    tor_free(sigs);
+    if (! okay_out)
+      tor_free(oks);
+  }
+
+  return res;
+}
+
+/**
+ * Given a curve25519 keypair in <b>inp</b>, generate a corresponding
+ * ed25519 keypair in <b>out</b>, and set <b>signbit_out</b> to the
+ * sign bit of the X coordinate of the ed25519 key.
+ *
+ * NOTE THAT IT IS PROBABLY NOT SAFE TO USE THE GENERATED KEY FOR ANYTHING
+ * OUTSIDE OF WHAT'S PRESENTED IN PROPOSAL 228.  In particular, it's probably
+ * not a great idea to use it to sign attacker-supplied anything.
+ */
+int
+ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out,
+                                        int *signbit_out,
+                                        const curve25519_keypair_t *inp)
+{
+  const char string[] = "Derive high part of ed25519 key from curve25519 key";
+  ed25519_public_key_t pubkey_check;
+  SHA512_CTX ctx;
+  uint8_t sha512_output[64];
+
+  memcpy(out->seckey.seckey, inp->seckey.secret_key, 32);
+  SHA512_Init(&ctx);
+  SHA512_Update(&ctx, out->seckey.seckey, 32);
+  SHA512_Update(&ctx, string, sizeof(string));
+  SHA512_Final(sha512_output, &ctx);
+  memcpy(out->seckey.seckey + 32, sha512_output, 32);
+
+  ed25519_public_key_generate(&out->pubkey, &out->seckey);
+
+  *signbit_out = out->pubkey.pubkey[31] >> 7;
+
+  ed25519_public_key_from_curve25519_public_key(&pubkey_check, &inp->pubkey,
+                                                *signbit_out);
+
+  tor_assert(fast_memeq(pubkey_check.pubkey, out->pubkey.pubkey, 32));
+
+  memwipe(&pubkey_check, 0, sizeof(pubkey_check));
+  memwipe(&ctx, 0, sizeof(ctx));
+  memwipe(sha512_output, 0, sizeof(sha512_output));
+
+  return 0;
+}
+
+/**
+ * Given a curve25519 public key and sign bit of X coordinate of the ed25519
+ * public key, generate the corresponding ed25519 public key.
+ */
+int
+ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey,
+                                     const curve25519_public_key_t *pubkey_in,
+                                     int signbit)
+{
+  return get_ed_impl()->pubkey_from_curve25519_pubkey(pubkey->pubkey,
+                                                      pubkey_in->public_key,
+                                                      signbit);
+}
+
+/**
+ * Given an ed25519 keypair in <b>inp</b>, generate a corresponding
+ * ed25519 keypair in <b>out</b>, blinded by the corresponding 32-byte input
+ * in 'param'.
+ *
+ * Tor uses key blinding for the "next-generation" hidden services design:
+ * service descriptors are encrypted with a key derived from the service's
+ * long-term public key, and then signed with (and stored at a position
+ * indexed by) a short-term key derived by blinding the long-term keys.
+ */
+int
+ed25519_keypair_blind(ed25519_keypair_t *out,
+                      const ed25519_keypair_t *inp,
+                      const uint8_t *param)
+{
+  ed25519_public_key_t pubkey_check;
+
+  get_ed_impl()->blind_secret_key(out->seckey.seckey,
+                                  inp->seckey.seckey, param);
+
+  ed25519_public_blind(&pubkey_check, &inp->pubkey, param);
+  ed25519_public_key_generate(&out->pubkey, &out->seckey);
+
+  tor_assert(fast_memeq(pubkey_check.pubkey, out->pubkey.pubkey, 32));
+
+  memwipe(&pubkey_check, 0, sizeof(pubkey_check));
+
+  return 0;
+}
+
+/**
+ * Given an ed25519 public key in <b>inp</b>, generate a corresponding blinded
+ * public key in <b>out</b>, blinded with the 32-byte parameter in
+ * <b>param</b>.  Return 0 on sucess, -1 on railure.
+ */
+int
+ed25519_public_blind(ed25519_public_key_t *out,
+                     const ed25519_public_key_t *inp,
+                     const uint8_t *param)
+{
+  get_ed_impl()->blind_public_key(out->pubkey, inp->pubkey, param);
+  return 0;
+}
+
+/**
+ * Store seckey unencrypted to <b>filename</b>, marking it with <b>tag</b>.
+ * Return 0 on success, -1 on failure.
+ */
+int
+ed25519_seckey_write_to_file(const ed25519_secret_key_t *seckey,
+                             const char *filename,
+                             const char *tag)
+{
+  return crypto_write_tagged_contents_to_file(filename,
+                                              "ed25519v1-secret",
+                                              tag,
+                                              seckey->seckey,
+                                              sizeof(seckey->seckey));
+}
+
+/**
+ * Read seckey unencrypted from <b>filename</b>, storing it into
+ * <b>seckey_out</b>.  Set *<b>tag_out</b> to the tag it was marked with.
+ * Return 0 on success, -1 on failure.
+ */
+int
+ed25519_seckey_read_from_file(ed25519_secret_key_t *seckey_out,
+                              char **tag_out,
+                              const char *filename)
+{
+  ssize_t len;
+
+  len = crypto_read_tagged_contents_from_file(filename, "ed25519v1-secret",
+                                              tag_out, seckey_out->seckey,
+                                              sizeof(seckey_out->seckey));
+  if (len == sizeof(seckey_out->seckey)) {
+    return 0;
+  } else if (len >= 0) {
+    errno = EINVAL;
+  }
+
+  return -1;
+}
+
+/**
+ * Store pubkey unencrypted to <b>filename</b>, marking it with <b>tag</b>.
+ * Return 0 on success, -1 on failure.
+ */
+int
+ed25519_pubkey_write_to_file(const ed25519_public_key_t *pubkey,
+                             const char *filename,
+                             const char *tag)
+{
+  return crypto_write_tagged_contents_to_file(filename,
+                                              "ed25519v1-public",
+                                              tag,
+                                              pubkey->pubkey,
+                                              sizeof(pubkey->pubkey));
+}
+
+/**
+ * Store pubkey unencrypted to <b>filename</b>, marking it with <b>tag</b>.
+ * Return 0 on success, -1 on failure.
+ */
+int
+ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
+                              char **tag_out,
+                              const char *filename)
+{
+  ssize_t len;
+
+  len = crypto_read_tagged_contents_from_file(filename, "ed25519v1-public",
+                                              tag_out, pubkey_out->pubkey,
+                                              sizeof(pubkey_out->pubkey));
+  if (len == sizeof(pubkey_out->pubkey)) {
+    return 0;
+  } else if (len >= 0) {
+    errno = EINVAL;
+  }
+
+  return -1;
+}
+
+/** Release all storage held for <b>kp</b>. */
+void
+ed25519_keypair_free(ed25519_keypair_t *kp)
+{
+  if (! kp)
+    return;
+
+  memwipe(kp, 0, sizeof(*kp));
+  tor_free(kp);
+}
+
+/** Return true iff <b>key1</b> and <b>key2</b> are the same public key. */
+int
+ed25519_pubkey_eq(const ed25519_public_key_t *key1,
+                  const ed25519_public_key_t *key2)
+{
+  tor_assert(key1);
+  tor_assert(key2);
+  return tor_memeq(key1->pubkey, key2->pubkey, ED25519_PUBKEY_LEN);
+}
+
+/** Check whether the given Ed25519 implementation seems to be working.
+ * If so, return 0; otherwise return -1. */
+static int
+ed25519_impl_spot_check(void)
+{
+  static const uint8_t alicesk[32] = {
+    0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
+    0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
+    0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
+    0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
+  };
+  static const uint8_t alicepk[32] = {
+    0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
+    0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
+    0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
+    0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
+  };
+  static const uint8_t alicemsg[2] = { 0xaf, 0x82 };
+  static const uint8_t alicesig[64] = {
+    0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
+    0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
+    0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
+    0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
+    0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
+    0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
+    0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
+    0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
+  };
+  const ed25519_impl_t *impl = get_ed_impl();
+  uint8_t sk[ED25519_SECKEY_LEN];
+  uint8_t pk[ED25519_PUBKEY_LEN];
+  uint8_t sig[ED25519_SIG_LEN];
+  int r = 0;
+
+  /* Some implementations (eg: The modified Ed25519-donna) have handy self-test
+   * code that sanity-checks the internals.  If present, use that to screen out
+   * catastrophic errors like massive compiler failure.
+   */
+  if (impl->selftest && impl->selftest() != 0)
+    goto fail;
+
+  /* Validate results versus known answer tests.  People really should be
+   * running "make test" instead of relying on this, but it's better than
+   * nothing.
+   *
+   * Test vectors taken from "EdDSA & Ed25519 - 6. Test Vectors for Ed25519
+   * (TEST3)" (draft-josefsson-eddsa-ed25519-03).
+   */
+
+  /* Key expansion, public key derivation. */
+  if (impl->seckey_expand(sk, alicesk) < 0)
+    goto fail;
+  if (impl->pubkey(pk, sk) < 0)
+    goto fail;
+  if (fast_memneq(pk, alicepk, ED25519_PUBKEY_LEN))
+    goto fail;
+
+  /* Signing, verification. */
+  if (impl->sign(sig, alicemsg, sizeof(alicemsg), sk, pk) < 0)
+    return -1;
+  if (fast_memneq(sig, alicesig, ED25519_SIG_LEN))
+    return -1;
+  if (impl->open(sig, alicemsg, sizeof(alicemsg), pk) < 0)
+    return -1;
+
+  /* XXX/yawning: Someone that's more paranoid than I am, can write "Assume
+   * ref0 is cannonical, and fuzz impl against it" if they want, but I doubt
+   * that will catch anything that the known answer tests won't.
+   */
+  goto end;
+
+ fail:
+  r = -1;
+ end:
+  return r;
+}
+
+/** Force the Ed25519 implementation to a given one, without sanity checking
+ * the output.  Used for testing.
+ */
+void
+ed25519_set_impl_params(int use_donna)
+{
+  if (use_donna)
+    ed25519_impl = &impl_donna;
+  else
+    ed25519_impl = &impl_ref10;
+}
+
+/** Choose whether to use the Ed25519-donna implementation. */
+static void
+pick_ed25519_impl(void)
+{
+  ed25519_impl = &impl_donna;
+
+  if (ed25519_impl_spot_check() == 0)
+    return;
+
+  log_warn(LD_CRYPTO, "The Ed25519-donna implementation seems broken; using "
+           "the ref10 implementation.");
+  ed25519_impl = &impl_ref10;
+}
+
+/* Initialize the Ed25519 implementation. This is neccessary if you're
+ * going to use them in a multithreaded setting, and not otherwise. */
+void
+ed25519_init(void)
+{
+  pick_ed25519_impl();
+}
+
diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h
new file mode 100644
index 0000000000..44c2ad9775
--- /dev/null
+++ b/src/common/crypto_ed25519.h
@@ -0,0 +1,120 @@
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_CRYPTO_ED25519_H
+#define TOR_CRYPTO_ED25519_H
+
+#include "testsupport.h"
+#include "torint.h"
+#include "crypto_curve25519.h"
+
+#define ED25519_PUBKEY_LEN 32
+#define ED25519_SECKEY_LEN 64
+#define ED25519_SECKEY_SEED_LEN 32
+#define ED25519_SIG_LEN 64
+
+/** An Ed25519 signature. */
+typedef struct {
+  uint8_t sig[ED25519_SIG_LEN];
+} ed25519_signature_t;
+
+/** An Ed25519 public key */
+typedef struct {
+  uint8_t pubkey[ED25519_PUBKEY_LEN];
+} ed25519_public_key_t;
+
+/** An Ed25519 secret key */
+typedef struct {
+  /** Note that we store secret keys in an expanded format that doesn't match
+   * the format from standard ed25519.  Ed25519 stores a 32-byte value k and
+   * expands it into a 64-byte H(k), using the first 32 bytes for a multiplier
+   * of the base point, and second 32 bytes as an input to a hash function
+   * for deriving r.  But because we implement key blinding, we need to store
+   * keys in the 64-byte expanded form. */
+  uint8_t seckey[ED25519_SECKEY_LEN];
+} ed25519_secret_key_t;
+
+/** An Ed25519 keypair. */
+typedef struct {
+  ed25519_public_key_t pubkey;
+  ed25519_secret_key_t seckey;
+} ed25519_keypair_t;
+
+int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
+                            int extra_strong);
+int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
+                                 const uint8_t *seed);
+
+int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
+                            const ed25519_secret_key_t *seckey);
+int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong);
+int ed25519_sign(ed25519_signature_t *signature_out,
+                 const uint8_t *msg, size_t len,
+                 const ed25519_keypair_t *key);
+int ed25519_checksig(const ed25519_signature_t *signature,
+                     const uint8_t *msg, size_t len,
+                     const ed25519_public_key_t *pubkey);
+
+/**
+ * A collection of information necessary to check an Ed25519 signature. Used
+ * for batch verification.
+ */
+typedef struct {
+  /** The public key that supposedly generated the signature. */
+  const ed25519_public_key_t *pubkey;
+  /** The signature to check. */
+  ed25519_signature_t signature;
+  /** The message that the signature is supposed to have been applied to. */
+  const uint8_t *msg;
+  /** The length of the message. */
+  size_t len;
+} ed25519_checkable_t;
+
+int ed25519_checksig_batch(int *okay_out,
+                           const ed25519_checkable_t *checkable,
+                           int n_checkable);
+
+int ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out,
+                                            int *signbit_out,
+                                            const curve25519_keypair_t *inp);
+
+int ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey,
+                                     const curve25519_public_key_t *pubkey_in,
+                                     int signbit);
+int ed25519_keypair_blind(ed25519_keypair_t *out,
+                          const ed25519_keypair_t *inp,
+                          const uint8_t *param);
+int ed25519_public_blind(ed25519_public_key_t *out,
+                         const ed25519_public_key_t *inp,
+                         const uint8_t *param);
+
+/* XXXX read encrypted, write encrypted. */
+
+int ed25519_seckey_write_to_file(const ed25519_secret_key_t *seckey,
+                                 const char *filename,
+                                 const char *tag);
+int ed25519_seckey_read_from_file(ed25519_secret_key_t *seckey_out,
+                                  char **tag_out,
+                                  const char *filename);
+int ed25519_pubkey_write_to_file(const ed25519_public_key_t *pubkey,
+                                 const char *filename,
+                                 const char *tag);
+int ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
+                                  char **tag_out,
+                                  const char *filename);
+
+void ed25519_keypair_free(ed25519_keypair_t *kp);
+
+int ed25519_pubkey_eq(const ed25519_public_key_t *key1,
+                      const ed25519_public_key_t *key2);
+
+void ed25519_set_impl_params(int use_donna);
+void ed25519_init(void);
+
+#ifdef TOR_UNIT_TESTS
+void crypto_ed25519_testing_force_impl(const char *name);
+void crypto_ed25519_testing_restore_impl(void);
+#endif
+
+#endif
+
diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c
index be669c8d2b..bdf9bfd613 100644
--- a/src/common/crypto_format.c
+++ b/src/common/crypto_format.c
@@ -1,24 +1,135 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
-/* Formatting and parsing code for crypto-related data structures. */
+/**
+ * \file crypto_format.c
+ *
+ * \brief Formatting and parsing code for crypto-related data structures.
+ */
 
 #include "orconfig.h"
 #ifdef HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
+#include "container.h"
 #include "crypto.h"
 #include "crypto_curve25519.h"
+#include "crypto_ed25519.h"
+#include "crypto_format.h"
 #include "util.h"
+#include "util_format.h"
 #include "torlog.h"
 
+/** Write the <b>datalen</b> bytes from <b>data</b> to the file named
+ * <b>fname</b> in the tagged-data format.  This format contains a
+ * 32-byte header, followed by the data itself.  The header is the
+ * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==".  The length
+ * of <b>typestring</b> and <b>tag</b> must therefore be no more than
+ * 24.
+ **/
+int
+crypto_write_tagged_contents_to_file(const char *fname,
+                                     const char *typestring,
+                                     const char *tag,
+                                     const uint8_t *data,
+                                     size_t datalen)
+{
+  char header[32];
+  smartlist_t *chunks = smartlist_new();
+  sized_chunk_t ch0, ch1;
+  int r = -1;
+
+  memset(header, 0, sizeof(header));
+  if (tor_snprintf(header, sizeof(header),
+                   "== %s: %s ==", typestring, tag) < 0)
+    goto end;
+  ch0.bytes = header;
+  ch0.len = 32;
+  ch1.bytes = (const char*) data;
+  ch1.len = datalen;
+  smartlist_add(chunks, &ch0);
+  smartlist_add(chunks, &ch1);
+
+  r = write_chunks_to_file(fname, chunks, 1, 0);
+
+ end:
+  smartlist_free(chunks);
+  return r;
+}
+
+/** Read a tagged-data file from <b>fname</b> into the
+ * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
+ * typestring matches <b>typestring</b>; store the tag into a newly allocated
+ * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
+ * data on success.  Preserves the errno from reading the file. */
+ssize_t
+crypto_read_tagged_contents_from_file(const char *fname,
+                                      const char *typestring,
+                                      char **tag_out,
+                                      uint8_t *data_out,
+                                      ssize_t data_out_len)
+{
+  char prefix[33];
+  char *content = NULL;
+  struct stat st;
+  ssize_t r = -1;
+  size_t st_size = 0;
+  int saved_errno = 0;
+
+  *tag_out = NULL;
+  st.st_size = 0;
+  content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
+  if (! content) {
+    saved_errno = errno;
+    goto end;
+  }
+  if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
+    saved_errno = EINVAL;
+    goto end;
+  }
+  st_size = (size_t)st.st_size;
+
+  memcpy(prefix, content, 32);
+  prefix[32] = 0;
+  /* Check type, extract tag. */
+  if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
+      ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
+    saved_errno = EINVAL;
+    goto end;
+  }
+
+  if (strcmpstart(prefix+3, typestring) ||
+      3+strlen(typestring) >= 32 ||
+      strcmpstart(prefix+3+strlen(typestring), ": ")) {
+    saved_errno = EINVAL;
+    goto end;
+  }
+
+  *tag_out = tor_strndup(prefix+5+strlen(typestring),
+                         strlen(prefix)-8-strlen(typestring));
+
+  memcpy(data_out, content+32, st_size-32);
+  r = st_size - 32;
+
+ end:
+  if (content)
+    memwipe(content, 0, st_size);
+  tor_free(content);
+  if (saved_errno)
+    errno = saved_errno;
+  return r;
+}
+
 int
 curve25519_public_to_base64(char *output,
                             const curve25519_public_key_t *pkey)
 {
   char buf[128];
   base64_encode(buf, sizeof(buf),
-                (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN);
+                (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN, 0);
   buf[CURVE25519_BASE64_PADDED_LEN] = '\0';
   memcpy(output, buf, CURVE25519_BASE64_PADDED_LEN+1);
   return 0;
@@ -43,3 +154,117 @@ curve25519_public_from_base64(curve25519_public_key_t *pkey,
   }
 }
 
+/** Try to decode the string <b>input</b> into an ed25519 public key. On
+ * success, store the value in <b>pkey</b> and return 0. Otherwise return
+ * -1. */
+int
+ed25519_public_from_base64(ed25519_public_key_t *pkey,
+                           const char *input)
+{
+  return digest256_from_base64((char*)pkey->pubkey, input);
+}
+
+/** Encode the public key <b>pkey</b> into the buffer at <b>output</b>,
+ * which must have space for ED25519_BASE64_LEN bytes of encoded key,
+ * plus one byte for a terminating NUL.  Return 0 on success, -1 on failure.
+ */
+int
+ed25519_public_to_base64(char *output,
+                         const ed25519_public_key_t *pkey)
+{
+  return digest256_to_base64(output, (const char *)pkey->pubkey);
+}
+
+/** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
+ * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
+ * plus one byte for a terminating NUL.  Return 0 on success, -1 on failure.
+ */
+int
+ed25519_signature_to_base64(char *output,
+                            const ed25519_signature_t *sig)
+{
+  char buf[256];
+  int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
+  tor_assert(n == ED25519_SIG_BASE64_LEN);
+  memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
+  return 0;
+}
+
+/** Try to decode the string <b>input</b> into an ed25519 signature. On
+ * success, store the value in <b>sig</b> and return 0. Otherwise return
+ * -1. */
+int
+ed25519_signature_from_base64(ed25519_signature_t *sig,
+                              const char *input)
+{
+
+  if (strlen(input) != ED25519_SIG_BASE64_LEN)
+    return -1;
+  char buf[ED25519_SIG_BASE64_LEN+3];
+  memcpy(buf, input, ED25519_SIG_BASE64_LEN);
+  buf[ED25519_SIG_BASE64_LEN+0] = '=';
+  buf[ED25519_SIG_BASE64_LEN+1] = '=';
+  buf[ED25519_SIG_BASE64_LEN+2] = 0;
+  char decoded[128];
+  int n = base64_decode(decoded, sizeof(decoded), buf, strlen(buf));
+  if (n < 0 || n != ED25519_SIG_LEN)
+    return -1;
+  memcpy(sig->sig, decoded, ED25519_SIG_LEN);
+
+  return 0;
+}
+
+/** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
+ * characters, and store the nul-terminated result in the first
+ * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>.  */
+/* XXXX unify with crypto_format.c code */
+int
+digest_to_base64(char *d64, const char *digest)
+{
+  char buf[256];
+  base64_encode(buf, sizeof(buf), digest, DIGEST_LEN, 0);
+  buf[BASE64_DIGEST_LEN] = '\0';
+  memcpy(d64, buf, BASE64_DIGEST_LEN+1);
+  return 0;
+}
+
+/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
+ * trailing newline or = characters), decode it and store the result in the
+ * first DIGEST_LEN bytes at <b>digest</b>. */
+/* XXXX unify with crypto_format.c code */
+int
+digest_from_base64(char *digest, const char *d64)
+{
+  if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
+    return 0;
+  else
+    return -1;
+}
+
+/** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
+ * trailing = characters, and store the nul-terminated result in the first
+ * BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
+ /* XXXX unify with crypto_format.c code */
+int
+digest256_to_base64(char *d64, const char *digest)
+{
+  char buf[256];
+  base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN, 0);
+  buf[BASE64_DIGEST256_LEN] = '\0';
+  memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
+  return 0;
+}
+
+/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
+ * trailing newline or = characters), decode it and store the result in the
+ * first DIGEST256_LEN bytes at <b>digest</b>. */
+/* XXXX unify with crypto_format.c code */
+int
+digest256_from_base64(char *digest, const char *d64)
+{
+  if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
+    return 0;
+  else
+    return -1;
+}
+
diff --git a/src/common/crypto_format.h b/src/common/crypto_format.h
new file mode 100644
index 0000000000..012e228cc4
--- /dev/null
+++ b/src/common/crypto_format.h
@@ -0,0 +1,46 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_CRYPTO_FORMAT_H
+#define TOR_CRYPTO_FORMAT_H
+
+#include "testsupport.h"
+#include "torint.h"
+#include "crypto_ed25519.h"
+
+int crypto_write_tagged_contents_to_file(const char *fname,
+                                         const char *typestring,
+                                         const char *tag,
+                                         const uint8_t *data,
+                                         size_t datalen);
+
+ssize_t crypto_read_tagged_contents_from_file(const char *fname,
+                                              const char *typestring,
+                                              char **tag_out,
+                                              uint8_t *data_out,
+                                              ssize_t data_out_len);
+
+#define ED25519_BASE64_LEN 43
+int ed25519_public_from_base64(ed25519_public_key_t *pkey,
+                               const char *input);
+int ed25519_public_to_base64(char *output,
+                             const ed25519_public_key_t *pkey);
+
+/* XXXX move these to crypto_format.h */
+#define ED25519_SIG_BASE64_LEN 86
+
+int ed25519_signature_from_base64(ed25519_signature_t *sig,
+                                  const char *input);
+int ed25519_signature_to_base64(char *output,
+                                const ed25519_signature_t *sig);
+
+int digest_to_base64(char *d64, const char *digest);
+int digest_from_base64(char *digest, const char *d64);
+int digest256_to_base64(char *d64, const char *digest);
+int digest256_from_base64(char *digest, const char *d64);
+
+#endif
+
diff --git a/src/common/crypto_pwbox.c b/src/common/crypto_pwbox.c
new file mode 100644
index 0000000000..819dc0c39d
--- /dev/null
+++ b/src/common/crypto_pwbox.c
@@ -0,0 +1,196 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_pwbox.c
+ *
+ * \brief Code for encrypting secrets in a password-protected form and saving
+ * them to disk.
+ */
+
+#include "crypto.h"
+#include "crypto_s2k.h"
+#include "crypto_pwbox.h"
+#include "di_ops.h"
+#include "util.h"
+#include "pwbox.h"
+
+/* 8 bytes "TORBOX00"
+   1 byte: header len (H)
+   H bytes: header, denoting secret key algorithm.
+   16 bytes: IV
+   Round up to multiple of 128 bytes, then encrypt:
+      4 bytes: data len
+      data
+      zeros
+   32 bytes: HMAC-SHA256 of all previous bytes.
+*/
+
+#define MAX_OVERHEAD (S2K_MAXLEN + 8 + 1 + 32 + CIPHER_IV_LEN)
+
+/**
+ * Make an authenticated passphrase-encrypted blob to encode the
+ * <b>input_len</b> bytes in <b>input</b> using the passphrase
+ * <b>secret</b> of <b>secret_len</b> bytes.  Allocate a new chunk of memory
+ * to hold the encrypted data, and store a pointer to that memory in
+ * *<b>out</b>, and its size in <b>outlen_out</b>.  Use <b>s2k_flags</b> as an
+ * argument to the passphrase-hashing function.
+ */
+int
+crypto_pwbox(uint8_t **out, size_t *outlen_out,
+             const uint8_t *input, size_t input_len,
+             const char *secret, size_t secret_len,
+             unsigned s2k_flags)
+{
+  uint8_t *result = NULL, *encrypted_portion;
+  size_t encrypted_len = 128 * CEIL_DIV(input_len+4, 128);
+  ssize_t result_len;
+  int spec_len;
+  uint8_t keys[CIPHER_KEY_LEN + DIGEST256_LEN];
+  pwbox_encoded_t *enc = NULL;
+  ssize_t enc_len;
+
+  crypto_cipher_t *cipher;
+  int rv;
+
+  enc = pwbox_encoded_new();
+
+  pwbox_encoded_setlen_skey_header(enc, S2K_MAXLEN);
+
+  spec_len = secret_to_key_make_specifier(
+                                      pwbox_encoded_getarray_skey_header(enc),
+                                      S2K_MAXLEN,
+                                      s2k_flags);
+  if (spec_len < 0 || spec_len > S2K_MAXLEN)
+    goto err;
+  pwbox_encoded_setlen_skey_header(enc, spec_len);
+  enc->header_len = spec_len;
+
+  crypto_rand((char*)enc->iv, sizeof(enc->iv));
+
+  pwbox_encoded_setlen_data(enc, encrypted_len);
+  encrypted_portion = pwbox_encoded_getarray_data(enc);
+
+  set_uint32(encrypted_portion, htonl((uint32_t)input_len));
+  memcpy(encrypted_portion+4, input, input_len);
+
+  /* Now that all the data is in position, derive some keys, encrypt, and
+   * digest */
+  if (secret_to_key_derivekey(keys, sizeof(keys),
+                              pwbox_encoded_getarray_skey_header(enc),
+                              spec_len,
+                              secret, secret_len) < 0)
+    goto err;
+
+  cipher = crypto_cipher_new_with_iv((char*)keys, (char*)enc->iv);
+  crypto_cipher_crypt_inplace(cipher, (char*)encrypted_portion, encrypted_len);
+  crypto_cipher_free(cipher);
+
+  result_len = pwbox_encoded_encoded_len(enc);
+  if (result_len < 0)
+    goto err;
+  result = tor_malloc(result_len);
+  enc_len = pwbox_encoded_encode(result, result_len, enc);
+  if (enc_len < 0)
+    goto err;
+  tor_assert(enc_len == result_len);
+
+  crypto_hmac_sha256((char*) result + result_len - 32,
+                     (const char*)keys + CIPHER_KEY_LEN,
+                     DIGEST256_LEN,
+                     (const char*)result,
+                     result_len - 32);
+
+  *out = result;
+  *outlen_out = result_len;
+  rv = 0;
+  goto out;
+
+ err:
+  tor_free(result);
+  rv = -1;
+
+ out:
+  pwbox_encoded_free(enc);
+  memwipe(keys, 0, sizeof(keys));
+  return rv;
+}
+
+/**
+ * Try to decrypt the passphrase-encrypted blob of <b>input_len</b> bytes in
+ * <b>input</b> using the passphrase <b>secret</b> of <b>secret_len</b> bytes.
+ * On success, return 0 and allocate a new chunk of memory to hold the
+ * decrypted data, and store a pointer to that memory in *<b>out</b>, and its
+ * size in <b>outlen_out</b>.  On failure, return UNPWBOX_BAD_SECRET if
+ * the passphrase might have been wrong, and UNPWBOX_CORRUPT if the object is
+ * definitely corrupt.
+ */
+int
+crypto_unpwbox(uint8_t **out, size_t *outlen_out,
+               const uint8_t *inp, size_t input_len,
+               const char *secret, size_t secret_len)
+{
+  uint8_t *result = NULL;
+  const uint8_t *encrypted;
+  uint8_t keys[CIPHER_KEY_LEN + DIGEST256_LEN];
+  uint8_t hmac[DIGEST256_LEN];
+  uint32_t result_len;
+  size_t encrypted_len;
+  crypto_cipher_t *cipher = NULL;
+  int rv = UNPWBOX_CORRUPTED;
+  ssize_t got_len;
+
+  pwbox_encoded_t *enc = NULL;
+
+  got_len = pwbox_encoded_parse(&enc, inp, input_len);
+  if (got_len < 0 || (size_t)got_len != input_len)
+    goto err;
+
+  /* Now derive the keys and check the hmac. */
+  if (secret_to_key_derivekey(keys, sizeof(keys),
+                              pwbox_encoded_getarray_skey_header(enc),
+                              pwbox_encoded_getlen_skey_header(enc),
+                              secret, secret_len) < 0)
+    goto err;
+
+  crypto_hmac_sha256((char *)hmac,
+                     (const char*)keys + CIPHER_KEY_LEN, DIGEST256_LEN,
+                     (const char*)inp, input_len - DIGEST256_LEN);
+
+  if (tor_memneq(hmac, enc->hmac, DIGEST256_LEN)) {
+    rv = UNPWBOX_BAD_SECRET;
+    goto err;
+  }
+
+  /* How long is the plaintext? */
+  encrypted = pwbox_encoded_getarray_data(enc);
+  encrypted_len = pwbox_encoded_getlen_data(enc);
+  if (encrypted_len < 4)
+    goto err;
+
+  cipher = crypto_cipher_new_with_iv((char*)keys, (char*)enc->iv);
+  crypto_cipher_decrypt(cipher, (char*)&result_len, (char*)encrypted, 4);
+  result_len = ntohl(result_len);
+  if (encrypted_len < result_len + 4)
+    goto err;
+
+  /* Allocate a buffer and decrypt */
+  result = tor_malloc_zero(result_len);
+  crypto_cipher_decrypt(cipher, (char*)result, (char*)encrypted+4, result_len);
+
+  *out = result;
+  *outlen_out = result_len;
+
+  rv = UNPWBOX_OKAY;
+  goto out;
+
+ err:
+  tor_free(result);
+
+ out:
+  crypto_cipher_free(cipher);
+  pwbox_encoded_free(enc);
+  memwipe(keys, 0, sizeof(keys));
+  return rv;
+}
+
diff --git a/src/common/crypto_pwbox.h b/src/common/crypto_pwbox.h
new file mode 100644
index 0000000000..aadd477078
--- /dev/null
+++ b/src/common/crypto_pwbox.h
@@ -0,0 +1,20 @@
+#ifndef CRYPTO_PWBOX_H_INCLUDED_
+#define CRYPTO_PWBOX_H_INCLUDED_
+
+#include "torint.h"
+
+#define UNPWBOX_OKAY 0
+#define UNPWBOX_BAD_SECRET -1
+#define UNPWBOX_CORRUPTED -2
+
+int crypto_pwbox(uint8_t **out, size_t *outlen_out,
+                 const uint8_t *inp, size_t input_len,
+                 const char *secret, size_t secret_len,
+                 unsigned s2k_flags);
+
+int crypto_unpwbox(uint8_t **out, size_t *outlen_out,
+                   const uint8_t *inp, size_t input_len,
+                   const char *secret, size_t secret_len);
+
+#endif
+
diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c
new file mode 100644
index 0000000000..3bc05f1cf9
--- /dev/null
+++ b/src/common/crypto_s2k.c
@@ -0,0 +1,466 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_s2k.c
+ *
+ * \brief Functions for deriving keys from human-readable passphrases.
+ */
+
+#define CRYPTO_S2K_PRIVATE
+
+#include "crypto.h"
+#include "util.h"
+#include "compat.h"
+#include "crypto_s2k.h"
+
+#include <openssl/evp.h>
+
+#if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
+#define HAVE_SCRYPT
+#include <libscrypt.h>
+#endif
+
+/* Encoded secrets take the form:
+
+     u8 type;
+     u8 salt_and_parameters[depends on type];
+     u8 key[depends on type];
+
+   As a special case, if the encoded secret is exactly 29 bytes long,
+   type 0 is understood.
+
+   Recognized types are:
+       00 -- RFC2440. salt_and_parameters is 9 bytes. key is 20 bytes.
+                salt_and_parameters is 8 bytes random salt,
+                1 byte iteration info.
+       01 -- PKBDF2_SHA1. salt_and_parameters is 17 bytes. key is 20 bytes.
+                salt_and_parameters is 16 bytes random salt,
+                1 byte iteration info.
+       02 -- SCRYPT_SALSA208_SHA256. salt_and_parameters is 18 bytes. key is
+             32 bytes.
+                salt_and_parameters is 18 bytes random salt, 2 bytes iteration
+                info.
+*/
+
+#define S2K_TYPE_RFC2440 0
+#define S2K_TYPE_PBKDF2  1
+#define S2K_TYPE_SCRYPT  2
+
+#define PBKDF2_SPEC_LEN 17
+#define PBKDF2_KEY_LEN 20
+
+#define SCRYPT_SPEC_LEN 18
+#define SCRYPT_KEY_LEN 32
+
+/** Given an algorithm ID (one of S2K_TYPE_*), return the length of the
+ * specifier part of it, without the prefix type byte. */
+static int
+secret_to_key_spec_len(uint8_t type)
+{
+  switch (type) {
+    case S2K_TYPE_RFC2440:
+      return S2K_RFC2440_SPECIFIER_LEN;
+    case S2K_TYPE_PBKDF2:
+      return PBKDF2_SPEC_LEN;
+    case S2K_TYPE_SCRYPT:
+      return SCRYPT_SPEC_LEN;
+    default:
+      return -1;
+  }
+}
+
+/** Given an algorithm ID (one of S2K_TYPE_*), return the length of the
+ * its preferred output. */
+static int
+secret_to_key_key_len(uint8_t type)
+{
+  switch (type) {
+    case S2K_TYPE_RFC2440:
+      return DIGEST_LEN;
+    case S2K_TYPE_PBKDF2:
+      return DIGEST_LEN;
+    case S2K_TYPE_SCRYPT:
+      return DIGEST256_LEN;
+    default:
+      return -1;
+  }
+}
+
+/** Given a specifier in <b>spec_and_key</b> of length
+ * <b>spec_and_key_len</b>, along with its prefix algorithm ID byte, and along
+ * with a key if <b>key_included</b> is true, check whether the whole
+ * specifier-and-key is of valid length, and return the algorithm type if it
+ * is.  Set *<b>legacy_out</b> to 1 iff this is a legacy password hash or
+ * legacy specifier.  Return an error code on failure.
+ */
+static int
+secret_to_key_get_type(const uint8_t *spec_and_key, size_t spec_and_key_len,
+                       int key_included, int *legacy_out)
+{
+  size_t legacy_len = S2K_RFC2440_SPECIFIER_LEN;
+  uint8_t type;
+  int total_len;
+
+  if (key_included)
+    legacy_len += DIGEST_LEN;
+
+  if (spec_and_key_len == legacy_len) {
+    *legacy_out = 1;
+    return S2K_TYPE_RFC2440;
+  }
+
+  *legacy_out = 0;
+  if (spec_and_key_len == 0)
+    return S2K_BAD_LEN;
+
+  type = spec_and_key[0];
+  total_len = secret_to_key_spec_len(type);
+  if (total_len < 0)
+    return S2K_BAD_ALGORITHM;
+  if (key_included) {
+    int keylen = secret_to_key_key_len(type);
+    if (keylen < 0)
+      return S2K_BAD_ALGORITHM;
+    total_len += keylen;
+  }
+
+  if ((size_t)total_len + 1 == spec_and_key_len)
+    return type;
+  else
+    return S2K_BAD_LEN;
+}
+
+/**
+ * Write a new random s2k specifier of type <b>type</b>, without prefixing
+ * type byte, to <b>spec_out</b>, which must have enough room.  May adjust
+ * parameter choice based on <b>flags</b>.
+ */
+static int
+make_specifier(uint8_t *spec_out, uint8_t type, unsigned flags)
+{
+  int speclen = secret_to_key_spec_len(type);
+  if (speclen < 0)
+      return S2K_BAD_ALGORITHM;
+
+  crypto_rand((char*)spec_out, speclen);
+  switch (type) {
+    case S2K_TYPE_RFC2440:
+      /* Hash 64 k of data. */
+      spec_out[S2K_RFC2440_SPECIFIER_LEN-1] = 96;
+      break;
+    case S2K_TYPE_PBKDF2:
+      /* 131 K iterations */
+      spec_out[PBKDF2_SPEC_LEN-1] = 17;
+      break;
+    case S2K_TYPE_SCRYPT:
+      if (flags & S2K_FLAG_LOW_MEM) {
+        /* N = 1<<12 */
+        spec_out[SCRYPT_SPEC_LEN-2] = 12;
+      } else {
+        /* N = 1<<15 */
+        spec_out[SCRYPT_SPEC_LEN-2] = 15;
+      }
+      /* r = 8; p = 2. */
+      spec_out[SCRYPT_SPEC_LEN-1] = (3u << 4) | (1u << 0);
+      break;
+    default:
+      tor_fragile_assert();
+      return S2K_BAD_ALGORITHM;
+  }
+
+  return speclen;
+}
+
+/** Implement RFC2440-style iterated-salted S2K conversion: convert the
+ * <b>secret_len</b>-byte <b>secret</b> into a <b>key_out_len</b> byte
+ * <b>key_out</b>.  As in RFC2440, the first 8 bytes of s2k_specifier
+ * are a salt; the 9th byte describes how much iteration to do.
+ * If <b>key_out_len</b> &gt; DIGEST_LEN, use HDKF to expand the result.
+ */
+void
+secret_to_key_rfc2440(char *key_out, size_t key_out_len, const char *secret,
+              size_t secret_len, const char *s2k_specifier)
+{
+  crypto_digest_t *d;
+  uint8_t c;
+  size_t count, tmplen;
+  char *tmp;
+  uint8_t buf[DIGEST_LEN];
+  tor_assert(key_out_len < SIZE_T_CEILING);
+
+#define EXPBIAS 6
+  c = s2k_specifier[8];
+  count = ((uint32_t)16 + (c & 15)) << ((c >> 4) + EXPBIAS);
+#undef EXPBIAS
+
+  d = crypto_digest_new();
+  tmplen = 8+secret_len;
+  tmp = tor_malloc(tmplen);
+  memcpy(tmp,s2k_specifier,8);
+  memcpy(tmp+8,secret,secret_len);
+  secret_len += 8;
+  while (count) {
+    if (count >= secret_len) {
+      crypto_digest_add_bytes(d, tmp, secret_len);
+      count -= secret_len;
+    } else {
+      crypto_digest_add_bytes(d, tmp, count);
+      count = 0;
+    }
+  }
+  crypto_digest_get_digest(d, (char*)buf, sizeof(buf));
+
+  if (key_out_len <= sizeof(buf)) {
+    memcpy(key_out, buf, key_out_len);
+  } else {
+    crypto_expand_key_material_rfc5869_sha256(buf, DIGEST_LEN,
+                                           (const uint8_t*)s2k_specifier, 8,
+                                           (const uint8_t*)"EXPAND", 6,
+                                           (uint8_t*)key_out, key_out_len);
+  }
+  memwipe(tmp, 0, tmplen);
+  memwipe(buf, 0, sizeof(buf));
+  tor_free(tmp);
+  crypto_digest_free(d);
+}
+
+/**
+ * Helper: given a valid specifier without prefix type byte in <b>spec</b>,
+ * whose length must be correct, and given a secret passphrase <b>secret</b>
+ * of length <b>secret_len</b>, compute the key and store it into
+ * <b>key_out</b>, which must have enough room for secret_to_key_key_len(type)
+ * bytes.  Return the number of bytes written on success and an error code
+ * on failure.
+ */
+STATIC int
+secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len,
+                          const uint8_t *spec, size_t spec_len,
+                          const char *secret, size_t secret_len,
+                          int type)
+{
+  int rv;
+  if (key_out_len > INT_MAX)
+    return S2K_BAD_LEN;
+
+  switch (type) {
+    case S2K_TYPE_RFC2440:
+      secret_to_key_rfc2440((char*)key_out, key_out_len, secret, secret_len,
+                            (const char*)spec);
+      return (int)key_out_len;
+
+    case S2K_TYPE_PBKDF2: {
+      uint8_t log_iters;
+      if (spec_len < 1 || secret_len > INT_MAX || spec_len > INT_MAX)
+        return S2K_BAD_LEN;
+      log_iters = spec[spec_len-1];
+      if (log_iters > 31)
+        return S2K_BAD_PARAMS;
+      rv = PKCS5_PBKDF2_HMAC_SHA1(secret, (int)secret_len,
+                                  spec, (int)spec_len-1,
+                                  (1<<log_iters),
+                                  (int)key_out_len, key_out);
+      if (rv < 0)
+        return S2K_FAILED;
+      return (int)key_out_len;
+    }
+
+    case S2K_TYPE_SCRYPT: {
+#ifdef HAVE_SCRYPT
+      uint8_t log_N, log_r, log_p;
+      uint64_t N;
+      uint32_t r, p;
+      if (spec_len < 2)
+        return S2K_BAD_LEN;
+      log_N = spec[spec_len-2];
+      log_r = (spec[spec_len-1]) >> 4;
+      log_p = (spec[spec_len-1]) & 15;
+      if (log_N > 63)
+        return S2K_BAD_PARAMS;
+      N = ((uint64_t)1) << log_N;
+      r = 1u << log_r;
+      p = 1u << log_p;
+      rv = libscrypt_scrypt((const uint8_t*)secret, secret_len,
+                            spec, spec_len-2, N, r, p, key_out, key_out_len);
+      if (rv != 0)
+        return S2K_FAILED;
+      return (int)key_out_len;
+#else
+      return S2K_NO_SCRYPT_SUPPORT;
+#endif
+    }
+    default:
+      return S2K_BAD_ALGORITHM;
+  }
+}
+
+/**
+ * Given a specifier previously constructed with secret_to_key_make_specifier
+ * in <b>spec</b> of length <b>spec_len</b>, and a secret password in
+ * <b>secret</b> of length <b>secret_len</b>, generate <b>key_out_len</b>
+ * bytes of cryptographic material in <b>key_out</b>.  The native output of
+ * the secret-to-key function will be truncated if key_out_len is short, and
+ * expanded with HKDF if key_out_len is long.  Returns S2K_OKAY on success,
+ * and an error code on failure.
+ */
+int
+secret_to_key_derivekey(uint8_t *key_out, size_t key_out_len,
+                        const uint8_t *spec, size_t spec_len,
+                        const char *secret, size_t secret_len)
+{
+  int legacy_format = 0;
+  int type = secret_to_key_get_type(spec, spec_len, 0, &legacy_format);
+  int r;
+
+  if (type < 0)
+    return type;
+#ifndef HAVE_SCRYPT
+  if (type == S2K_TYPE_SCRYPT)
+    return S2K_NO_SCRYPT_SUPPORT;
+ #endif
+
+  if (! legacy_format) {
+    ++spec;
+    --spec_len;
+  }
+
+  r = secret_to_key_compute_key(key_out, key_out_len, spec, spec_len,
+                                secret, secret_len, type);
+  if (r < 0)
+    return r;
+  else
+    return S2K_OKAY;
+}
+
+/**
+ * Construct a new s2k algorithm specifier and salt in <b>buf</b>, according
+ * to the bitwise-or of some S2K_FLAG_* options in <b>flags</b>.  Up to
+ * <b>buf_len</b> bytes of storage may be used in <b>buf</b>.  Return the
+ * number of bytes used on success and an error code on failure.
+ */
+int
+secret_to_key_make_specifier(uint8_t *buf, size_t buf_len, unsigned flags)
+{
+  int rv;
+  int spec_len;
+#ifdef HAVE_SCRYPT
+  uint8_t type = S2K_TYPE_SCRYPT;
+#else
+  uint8_t type = S2K_TYPE_RFC2440;
+#endif
+
+  if (flags & S2K_FLAG_NO_SCRYPT)
+    type = S2K_TYPE_RFC2440;
+  if (flags & S2K_FLAG_USE_PBKDF2)
+    type = S2K_TYPE_PBKDF2;
+
+  spec_len = secret_to_key_spec_len(type);
+
+  if ((int)buf_len < spec_len + 1)
+    return S2K_TRUNCATED;
+
+  buf[0] = type;
+  rv = make_specifier(buf+1, type, flags);
+  if (rv < 0)
+    return rv;
+  else
+    return rv + 1;
+}
+
+/**
+ * Hash a passphrase from <b>secret</b> of length <b>secret_len</b>, according
+ * to the bitwise-or of some S2K_FLAG_* options in <b>flags</b>, and store the
+ * hash along with salt and hashing parameters into <b>buf</b>.  Up to
+ * <b>buf_len</b> bytes of storage may be used in <b>buf</b>.  Set
+ * *<b>len_out</b> to the number of bytes used and return S2K_OKAY on success;
+ * and return an error code on failure.
+ */
+int
+secret_to_key_new(uint8_t *buf,
+                  size_t buf_len,
+                  size_t *len_out,
+                  const char *secret, size_t secret_len,
+                  unsigned flags)
+{
+  int key_len;
+  int spec_len;
+  int type;
+  int rv;
+
+  spec_len = secret_to_key_make_specifier(buf, buf_len, flags);
+
+  if (spec_len < 0)
+    return spec_len;
+
+  type = buf[0];
+  key_len = secret_to_key_key_len(type);
+
+  if (key_len < 0)
+    return key_len;
+
+  if ((int)buf_len < key_len + spec_len)
+    return S2K_TRUNCATED;
+
+  rv = secret_to_key_compute_key(buf + spec_len, key_len,
+                                 buf + 1, spec_len-1,
+                                 secret, secret_len, type);
+  if (rv < 0)
+    return rv;
+
+  *len_out = spec_len + key_len;
+
+  return S2K_OKAY;
+}
+
+/**
+ * Given a hashed passphrase in <b>spec_and_key</b> of length
+ * <b>spec_and_key_len</b> as generated by secret_to_key_new(), verify whether
+ * it is a hash of the passphrase <b>secret</b> of length <b>secret_len</b>.
+ * Return S2K_OKAY on a match, S2K_BAD_SECRET on a well-formed hash that
+ * doesn't match this secret, and another error code on other errors.
+ */
+int
+secret_to_key_check(const uint8_t *spec_and_key, size_t spec_and_key_len,
+                    const char *secret, size_t secret_len)
+{
+  int is_legacy = 0;
+  int type = secret_to_key_get_type(spec_and_key, spec_and_key_len,
+                                    1, &is_legacy);
+  uint8_t buf[32];
+  int spec_len;
+  int key_len;
+  int rv;
+
+  if (type < 0)
+    return type;
+
+  if (! is_legacy) {
+    spec_and_key++;
+    spec_and_key_len--;
+  }
+
+  spec_len = secret_to_key_spec_len(type);
+  key_len = secret_to_key_key_len(type);
+  tor_assert(spec_len > 0);
+  tor_assert(key_len > 0);
+  tor_assert(key_len <= (int) sizeof(buf));
+  tor_assert((int)spec_and_key_len == spec_len + key_len);
+  rv = secret_to_key_compute_key(buf, key_len,
+                                 spec_and_key, spec_len,
+                                 secret, secret_len, type);
+  if (rv < 0)
+    goto done;
+
+  if (tor_memeq(buf, spec_and_key + spec_len, key_len))
+    rv = S2K_OKAY;
+  else
+    rv = S2K_BAD_SECRET;
+
+ done:
+  memwipe(buf, 0, sizeof(buf));
+  return rv;
+}
+
diff --git a/src/common/crypto_s2k.h b/src/common/crypto_s2k.h
new file mode 100644
index 0000000000..9b186450b1
--- /dev/null
+++ b/src/common/crypto_s2k.h
@@ -0,0 +1,73 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_CRYPTO_S2K_H_INCLUDED
+#define TOR_CRYPTO_S2K_H_INCLUDED
+
+#include <stdio.h>
+#include "torint.h"
+
+/** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the
+ * 9th describes how much iteration to do. */
+#define S2K_RFC2440_SPECIFIER_LEN 9
+void secret_to_key_rfc2440(
+                   char *key_out, size_t key_out_len, const char *secret,
+                   size_t secret_len, const char *s2k_specifier);
+
+/** Flag for secret-to-key function: do not use scrypt. */
+#define S2K_FLAG_NO_SCRYPT  (1u<<0)
+/** Flag for secret-to-key functions: if using a memory-tuned s2k function,
+ * assume that we have limited memory. */
+#define S2K_FLAG_LOW_MEM    (1u<<1)
+/** Flag for secret-to-key functions: force use of pbkdf2.  Without this, we
+ * default to scrypt, then RFC2440. */
+#define S2K_FLAG_USE_PBKDF2 (1u<<2)
+
+/** Maximum possible output length from secret_to_key_new. */
+#define S2K_MAXLEN 64
+
+/** Error code from secret-to-key functions: all is well */
+#define S2K_OKAY 0
+/** Error code from secret-to-key functions: generic failure */
+#define S2K_FAILED -1
+/** Error code from secret-to-key functions: provided secret didn't match */
+#define S2K_BAD_SECRET -2
+/** Error code from secret-to-key functions: didn't recognize the algorithm */
+#define S2K_BAD_ALGORITHM -3
+/** Error code from secret-to-key functions: specifier wasn't valid */
+#define S2K_BAD_PARAMS -4
+/** Error code from secret-to-key functions: compiled without scrypt */
+#define S2K_NO_SCRYPT_SUPPORT -5
+/** Error code from secret-to-key functions: not enough space to write output.
+ */
+#define S2K_TRUNCATED -6
+/** Error code from secret-to-key functions: Wrong length for specifier. */
+#define S2K_BAD_LEN -7
+
+int secret_to_key_new(uint8_t *buf,
+                      size_t buf_len,
+                      size_t *len_out,
+                      const char *secret, size_t secret_len,
+                      unsigned flags);
+
+int secret_to_key_make_specifier(uint8_t *buf, size_t buf_len, unsigned flags);
+
+int secret_to_key_check(const uint8_t *spec_and_key, size_t spec_and_key_len,
+                          const char *secret, size_t secret_len);
+
+int secret_to_key_derivekey(uint8_t *key_out, size_t key_out_len,
+                            const uint8_t *spec, size_t spec_len,
+                            const char *secret, size_t secret_len);
+
+#ifdef CRYPTO_S2K_PRIVATE
+STATIC int secret_to_key_compute_key(uint8_t *key_out, size_t key_out_len,
+                                     const uint8_t *spec, size_t spec_len,
+                                     const char *secret, size_t secret_len,
+                                     int type);
+#endif
+
+#endif
+
diff --git a/src/common/di_ops.c b/src/common/di_ops.c
index 14a1443400..5dfe828066 100644
--- a/src/common/di_ops.c
+++ b/src/common/di_ops.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2013, The Tor Project, Inc. */
+/* Copyright (c) 2011-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -25,6 +25,9 @@
 int
 tor_memcmp(const void *a, const void *b, size_t len)
 {
+#ifdef HAVE_TIMINGSAFE_MEMCMP
+  return timingsafe_memcmp(a, b, len);
+#else
   const uint8_t *x = a;
   const uint8_t *y = b;
   size_t i = len;
@@ -83,6 +86,7 @@ tor_memcmp(const void *a, const void *b, size_t len)
   }
 
   return retval;
+#endif /* timingsafe_memcmp */
 }
 
 /**
@@ -130,6 +134,7 @@ tor_memeq(const void *a, const void *b, size_t sz)
    *            1 & ((any_difference - 1) >> 8) == 0
    */
 
+  /*coverity[overflow]*/
   return 1 & ((any_difference - 1) >> 8);
 }
 
@@ -217,6 +222,7 @@ safe_mem_is_zero(const void *mem, size_t sz)
     total |= *ptr++;
   }
 
+  /*coverity[overflow]*/
   return 1 & ((total - 1) >> 8);
 }
 
diff --git a/src/common/di_ops.h b/src/common/di_ops.h
index d93534b69b..6e77b5cfd7 100644
--- a/src/common/di_ops.h
+++ b/src/common/di_ops.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/common/include.am b/src/common/include.am
index 68e0110c26..5afb30da6a 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -11,12 +11,10 @@ noinst_LIBRARIES += \
 	src/common/libor-event-testing.a
 endif
 
-EXTRA_DIST+= \
-  src/common/common_sha1.i	\
-  src/common/Makefile.nmake
+EXTRA_DIST += src/common/Makefile.nmake
 
 #CFLAGS  = -Wall -Wpointer-arith -O2
-AM_CPPFLAGS += -I$(srcdir)/src/common -Isrc/common
+AM_CPPFLAGS += -I$(srcdir)/src/common -Isrc/common -I$(srcdir)/src/ext/trunnel -I$(srcdir)/src/trunnel
 
 if USE_OPENBSD_MALLOC
 libor_extra_source=src/ext/OpenBSD_malloc_Linux.c
@@ -24,14 +22,6 @@ else
 libor_extra_source=
 endif
 
-if USE_MEMPOOLS
-libor_mempool_source=src/common/mempool.c
-libor_mempool_header=src/common/mempool.h
-else
-libor_mempool_source=
-libor_mempool_header=
-endif
-
 src_common_libcurve25519_donna_a_CFLAGS=
 
 if BUILD_CURVE25519_DONNA
@@ -52,33 +42,56 @@ LIBDONNA=
 endif
 endif
 
-if CURVE25519_ENABLED
-libcrypto_extra_source=src/common/crypto_curve25519.c
+LIBDONNA += $(LIBED25519_REF10)
+LIBDONNA += $(LIBED25519_DONNA)
+
+if THREADS_PTHREADS
+threads_impl_source=src/common/compat_pthreads.c
+endif
+if THREADS_WIN32
+threads_impl_source=src/common/compat_winthreads.c
+endif
+
+if BUILD_READPASSPHRASE_C
+readpassphrase_source=src/ext/readpassphrase.c
+else
+readpassphrase_source=
 endif
 
 LIBOR_A_SOURCES = \
   src/common/address.c					\
   src/common/backtrace.c				\
   src/common/compat.c					\
+  src/common/compat_threads.c				\
   src/common/container.c				\
   src/common/di_ops.c					\
   src/common/log.c					\
   src/common/memarea.c					\
   src/common/util.c					\
-  src/common/util_codedigest.c				\
+  src/common/util_format.c				\
   src/common/util_process.c				\
   src/common/sandbox.c					\
+  src/common/workqueue.c				\
   src/ext/csiphash.c					\
+  src/ext/trunnel/trunnel.c				\
   $(libor_extra_source)					\
-  $(libor_mempool_source)
+  $(threads_impl_source)				\
+  $(readpassphrase_source)
+
+src/common/src_common_libor_testing_a-log.$(OBJEXT) \
+  src/common/log.$(OBJEXT): micro-revision.i
 
 LIBOR_CRYPTO_A_SOURCES = \
   src/common/aes.c		\
   src/common/crypto.c		\
+  src/common/crypto_pwbox.c     \
+  src/common/crypto_s2k.c	\
   src/common/crypto_format.c	\
   src/common/torgzip.c		\
   src/common/tortls.c		\
-  $(libcrypto_extra_source)
+  src/trunnel/pwbox.c		\
+  src/common/crypto_curve25519.c \
+  src/common/crypto_ed25519.c
 
 LIBOR_EVENT_A_SOURCES = \
 	src/common/compat_libevent.c \
@@ -92,14 +105,13 @@ src_common_libor_testing_a_SOURCES = $(LIBOR_A_SOURCES)
 src_common_libor_crypto_testing_a_SOURCES = $(LIBOR_CRYPTO_A_SOURCES)
 src_common_libor_event_testing_a_SOURCES = $(LIBOR_EVENT_A_SOURCES)
 
-src_common_libor_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
-src_common_libor_crypto_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
-src_common_libor_event_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_common_libor_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_common_libor_crypto_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_common_libor_event_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
 src_common_libor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 src_common_libor_crypto_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 src_common_libor_event_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 
-
 COMMONHEADERS = \
   src/common/address.h				\
   src/common/backtrace.h			\
@@ -107,9 +119,15 @@ COMMONHEADERS = \
   src/common/ciphers.inc			\
   src/common/compat.h				\
   src/common/compat_libevent.h			\
+  src/common/compat_openssl.h			\
+  src/common/compat_threads.h			\
   src/common/container.h			\
   src/common/crypto.h				\
   src/common/crypto_curve25519.h		\
+  src/common/crypto_ed25519.h			\
+  src/common/crypto_format.h			\
+  src/common/crypto_pwbox.h			\
+  src/common/crypto_s2k.h			\
   src/common/di_ops.h				\
   src/common/memarea.h				\
   src/common/linux_syscalls.inc			\
@@ -121,22 +139,9 @@ COMMONHEADERS = \
   src/common/torlog.h				\
   src/common/tortls.h				\
   src/common/util.h				\
+  src/common/util_format.h			\
   src/common/util_process.h			\
-  $(libor_mempool_header)
+  src/common/workqueue.h
 
 noinst_HEADERS+= $(COMMONHEADERS)
 
-DISTCLEANFILES+= src/common/common_sha1.i
-
-src/common/common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(COMMONHEADERS)
-	$(AM_V_GEN)if test "@SHA1SUM@" != none; then \
-	  (cd "$(srcdir)" && "@SHA1SUM@" $(src_common_libor_SOURCES) $(src_common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > $@; \
-	elif test "@OPENSSL@" != none; then \
-	  (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_common_libor_SOURCES) $(src_Common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2  \1\\n"/p' > $@; \
-	else \
-	  rm $@; \
-	  touch $@; \
-	fi
-
-src/common/util_codedigest.o: src/common/common_sha1.i
-
diff --git a/src/common/log.c b/src/common/log.c
index 517fa4faaa..6c387c6244 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -64,7 +64,7 @@ typedef struct logfile_t {
 static void log_free(logfile_t *victim);
 
 /** Helper: map a log severity to descriptive string. */
-static INLINE const char *
+static inline const char *
 sev_to_string(int severity)
 {
   switch (severity) {
@@ -80,7 +80,7 @@ sev_to_string(int severity)
 }
 
 /** Helper: decide whether to include the function name in the log message. */
-static INLINE int
+static inline int
 should_log_function_name(log_domain_mask_t domain, int severity)
 {
   switch (severity) {
@@ -117,21 +117,46 @@ static int syslog_count = 0;
 
 /** Represents a log message that we are going to send to callback-driven
  * loggers once we can do so in a non-reentrant way. */
-typedef struct pending_cb_message_t {
+typedef struct pending_log_message_t {
   int severity; /**< The severity of the message */
   log_domain_mask_t domain; /**< The domain of the message */
+  char *fullmsg; /**< The message, with all decorations */
   char *msg; /**< The content of the message */
-} pending_cb_message_t;
+} pending_log_message_t;
 
 /** Log messages waiting to be replayed onto callback-based logs */
 static smartlist_t *pending_cb_messages = NULL;
 
+/** Log messages waiting to be replayed once the logging system is initialized.
+ */
+static smartlist_t *pending_startup_messages = NULL;
+
+/** Number of bytes of messages queued in pending_startup_messages.  (This is
+ * the length of the messages, not the number of bytes used to store
+ * them.) */
+static size_t pending_startup_messages_len;
+
+/** True iff we should store messages while waiting for the logs to get
+ * configured. */
+static int queue_startup_messages = 1;
+
+/** True iff __PRETTY_FUNCTION__ includes parenthesized arguments. */
+static int pretty_fn_has_parens = 0;
+
+/** Don't store more than this many bytes of messages while waiting for the
+ * logs to get configured. */
+#define MAX_STARTUP_MSG_LEN (1<<16)
+
 /** Lock the log_mutex to prevent others from changing the logfile_t list */
 #define LOCK_LOGS() STMT_BEGIN                                          \
+  tor_assert(log_mutex_initialized);                                    \
   tor_mutex_acquire(&log_mutex);                                        \
   STMT_END
 /** Unlock the log_mutex */
-#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END
+#define UNLOCK_LOGS() STMT_BEGIN                                        \
+  tor_assert(log_mutex_initialized);                                    \
+  tor_mutex_release(&log_mutex);                                        \
+  STMT_END
 
 /** What's the lowest log level anybody cares about?  Checking this lets us
  * bail out early from log_debug if we aren't debugging.  */
@@ -142,7 +167,7 @@ static void close_log(logfile_t *victim);
 
 static char *domain_to_string(log_domain_mask_t domain,
                              char *buf, size_t buflen);
-static INLINE char *format_msg(char *buf, size_t buf_len,
+static inline char *format_msg(char *buf, size_t buf_len,
            log_domain_mask_t domain, int severity, const char *funcname,
            const char *suffix,
            const char *format, va_list ap, size_t *msg_len_out)
@@ -178,7 +203,7 @@ set_log_time_granularity(int granularity_msec)
 /** Helper: Write the standard prefix for log lines to a
  * <b>buf_len</b> character buffer in <b>buf</b>.
  */
-static INLINE size_t
+static inline size_t
 log_prefix_(char *buf, size_t buf_len, int severity)
 {
   time_t t;
@@ -245,12 +270,19 @@ log_tor_version(logfile_t *lf, int reset)
   return 0;
 }
 
+const char bug_suffix[] = " (on Tor " VERSION
+#ifndef _MSC_VER
+  " "
+#include "micro-revision.i"
+#endif
+  ")";
+
 /** Helper: Format a log message into a fixed-sized buffer. (This is
  * factored out of <b>logv</b> so that we never format a message more
  * than once.)  Return a pointer to the first character of the message
  * portion of the formatted string.
  */
-static INLINE char *
+static inline char *
 format_msg(char *buf, size_t buf_len,
            log_domain_mask_t domain, int severity, const char *funcname,
            const char *suffix,
@@ -288,7 +320,9 @@ format_msg(char *buf, size_t buf_len,
   }
 
   if (funcname && should_log_function_name(domain, severity)) {
-    r = tor_snprintf(buf+n, buf_len-n, "%s(): ", funcname);
+    r = tor_snprintf(buf+n, buf_len-n,
+                     pretty_fn_has_parens ? "%s: " : "%s(): ",
+                     funcname);
     if (r<0)
       n = strlen(buf);
     else
@@ -323,12 +357,115 @@ format_msg(char *buf, size_t buf_len,
       }
     }
   }
+
+  if (domain == LD_BUG &&
+      buf_len - n > strlen(bug_suffix)+1) {
+    memcpy(buf+n, bug_suffix, strlen(bug_suffix));
+    n += strlen(bug_suffix);
+  }
+
   buf[n]='\n';
   buf[n+1]='\0';
   *msg_len_out = n+1;
   return end_of_prefix;
 }
 
+/* Create a new pending_log_message_t with appropriate values */
+static pending_log_message_t *
+pending_log_message_new(int severity, log_domain_mask_t domain,
+                        const char *fullmsg, const char *shortmsg)
+{
+  pending_log_message_t *m = tor_malloc(sizeof(pending_log_message_t));
+  m->severity = severity;
+  m->domain = domain;
+  m->fullmsg = fullmsg ? tor_strdup(fullmsg) : NULL;
+  m->msg = tor_strdup(shortmsg);
+  return m;
+}
+
+/** Release all storage held by <b>msg</b>. */
+static void
+pending_log_message_free(pending_log_message_t *msg)
+{
+  if (!msg)
+    return;
+  tor_free(msg->msg);
+  tor_free(msg->fullmsg);
+  tor_free(msg);
+}
+
+/** Return true iff <b>lf</b> would like to receive a message with the
+ * specified <b>severity</b> in the specified <b>domain</b>.
+ */
+static inline int
+logfile_wants_message(const logfile_t *lf, int severity,
+                      log_domain_mask_t domain)
+{
+  if (! (lf->severities->masks[SEVERITY_MASK_IDX(severity)] & domain)) {
+    return 0;
+  }
+  if (! (lf->fd >= 0 || lf->is_syslog || lf->callback)) {
+    return 0;
+  }
+  if (lf->seems_dead) {
+    return 0;
+  }
+
+  return 1;
+}
+
+/** Send a message to <b>lf</b>.  The full message, with time prefix and
+ * severity, is in <b>buf</b>.  The message itself is in
+ * <b>msg_after_prefix</b>.  If <b>callbacks_deferred</b> points to true, then
+ * we already deferred this message for pending callbacks and don't need to do
+ * it again.  Otherwise, if we need to do it, do it, and set
+ * <b>callbacks_deferred</b> to 1. */
+static inline void
+logfile_deliver(logfile_t *lf, const char *buf, size_t msg_len,
+                const char *msg_after_prefix, log_domain_mask_t domain,
+                int severity, int *callbacks_deferred)
+{
+
+  if (lf->is_syslog) {
+#ifdef HAVE_SYSLOG_H
+#ifdef MAXLINE
+    /* Some syslog implementations have limits on the length of what you can
+     * pass them, and some very old ones do not detect overflow so well.
+     * Regrettably, they call their maximum line length MAXLINE. */
+#if MAXLINE < 64
+#warn "MAXLINE is a very low number; it might not be from syslog.h after all"
+#endif
+    char *m = msg_after_prefix;
+    if (msg_len >= MAXLINE)
+      m = tor_strndup(msg_after_prefix, MAXLINE-1);
+    syslog(severity, "%s", m);
+    if (m != msg_after_prefix) {
+      tor_free(m);
+    }
+#else
+    /* We have syslog but not MAXLINE.  That's promising! */
+    syslog(severity, "%s", msg_after_prefix);
+#endif
+#endif
+  } else if (lf->callback) {
+    if (domain & LD_NOCB) {
+      if (!*callbacks_deferred && pending_cb_messages) {
+        smartlist_add(pending_cb_messages,
+            pending_log_message_new(severity,domain,NULL,msg_after_prefix));
+        *callbacks_deferred = 1;
+      }
+    } else {
+      lf->callback(severity, domain, msg_after_prefix);
+    }
+  } else {
+    if (write_all(lf->fd, buf, msg_len, 0) < 0) { /* error */
+      /* don't log the error! mark this log entry to be blown away, and
+       * continue. */
+      lf->seems_dead = 1;
+    }
+  }
+}
+
 /** Helper: sends a message to the appropriate logfiles, at loglevel
  * <b>severity</b>.  If provided, <b>funcname</b> is prepended to the
  * message.  The actual message is derived as from tor_snprintf(format,ap).
@@ -337,7 +474,7 @@ MOCK_IMPL(STATIC void,
 logv,(int severity, log_domain_mask_t domain, const char *funcname,
      const char *suffix, const char *format, va_list ap))
 {
-  char buf[10024];
+  char buf[10240];
   size_t msg_len = 0;
   int formatted = 0;
   logfile_t *lf;
@@ -349,25 +486,29 @@ logv,(int severity, log_domain_mask_t domain, const char *funcname,
   /* check that severity is sane.  Overrunning the masks array leads to
    * interesting and hard to diagnose effects */
   assert(severity >= LOG_ERR && severity <= LOG_DEBUG);
+  /* check that we've initialised the log mutex before we try to lock it */
+  assert(log_mutex_initialized);
   LOCK_LOGS();
 
-  if ((! (domain & LD_NOCB)) && smartlist_len(pending_cb_messages))
+  if ((! (domain & LD_NOCB)) && pending_cb_messages
+      && smartlist_len(pending_cb_messages))
     flush_pending_log_callbacks();
 
-  lf = logfiles;
-  while (lf) {
-    if (! (lf->severities->masks[SEVERITY_MASK_IDX(severity)] & domain)) {
-      lf = lf->next;
-      continue;
-    }
-    if (! (lf->fd >= 0 || lf->is_syslog || lf->callback)) {
-      lf = lf->next;
-      continue;
-    }
-    if (lf->seems_dead) {
-      lf = lf->next;
+  if (queue_startup_messages &&
+      pending_startup_messages_len < MAX_STARTUP_MSG_LEN) {
+    end_of_prefix =
+      format_msg(buf, sizeof(buf), domain, severity, funcname, suffix,
+      format, ap, &msg_len);
+    formatted = 1;
+
+    smartlist_add(pending_startup_messages,
+      pending_log_message_new(severity,domain,buf,end_of_prefix));
+    pending_startup_messages_len += msg_len;
+  }
+
+  for (lf = logfiles; lf; lf = lf->next) {
+    if (! logfile_wants_message(lf, severity, domain))
       continue;
-    }
 
     if (!formatted) {
       end_of_prefix =
@@ -376,51 +517,8 @@ logv,(int severity, log_domain_mask_t domain, const char *funcname,
       formatted = 1;
     }
 
-    if (lf->is_syslog) {
-#ifdef HAVE_SYSLOG_H
-      char *m = end_of_prefix;
-#ifdef MAXLINE
-      /* Some syslog implementations have limits on the length of what you can
-       * pass them, and some very old ones do not detect overflow so well.
-       * Regrettably, they call their maximum line length MAXLINE. */
-#if MAXLINE < 64
-#warn "MAXLINE is a very low number; it might not be from syslog.h after all"
-#endif
-      if (msg_len >= MAXLINE)
-        m = tor_strndup(end_of_prefix, MAXLINE-1);
-#endif
-      syslog(severity, "%s", m);
-#ifdef MAXLINE
-      if (m != end_of_prefix) {
-        tor_free(m);
-      }
-#endif
-#endif
-      lf = lf->next;
-      continue;
-    } else if (lf->callback) {
-      if (domain & LD_NOCB) {
-        if (!callbacks_deferred && pending_cb_messages) {
-          pending_cb_message_t *msg = tor_malloc(sizeof(pending_cb_message_t));
-          msg->severity = severity;
-          msg->domain = domain;
-          msg->msg = tor_strdup(end_of_prefix);
-          smartlist_add(pending_cb_messages, msg);
-
-          callbacks_deferred = 1;
-        }
-      } else {
-        lf->callback(severity, domain, end_of_prefix);
-      }
-      lf = lf->next;
-      continue;
-    }
-    if (write_all(lf->fd, buf, msg_len, 0) < 0) { /* error */
-      /* don't log the error! mark this log entry to be blown away, and
-       * continue. */
-      lf->seems_dead = 1;
-    }
-    lf = lf->next;
+    logfile_deliver(lf, buf, msg_len, end_of_prefix, domain, severity,
+      &callbacks_deferred);
   }
   UNLOCK_LOGS();
 }
@@ -583,9 +681,7 @@ tor_log_get_logfile_names(smartlist_t *out)
   UNLOCK_LOGS();
 }
 
-/** Output a message to the log, prefixed with a function name <b>fn</b>. */
-#ifdef __GNUC__
-/** GCC-based implementation of the log_fn backend, used when we have
+/** Implementation of the log_fn backend, used when we have
  * variadic macros. All arguments are as for log_fn, except for
  * <b>fn</b>, which is the name of the calling functions. */
 void
@@ -615,98 +711,6 @@ log_fn_ratelim_(ratelim_t *ratelim, int severity, log_domain_mask_t domain,
   va_end(ap);
   tor_free(m);
 }
-#else
-/** @{ */
-/** Variant implementation of log_fn, log_debug, log_info,... for C compilers
- * without variadic macros.  In this case, the calling function sets
- * log_fn_function_name_ to the name of the function, then invokes the
- * appropriate log_fn_, log_debug_, etc. */
-const char *log_fn_function_name_=NULL;
-void
-log_fn_(int severity, log_domain_mask_t domain, const char *format, ...)
-{
-  va_list ap;
-  if (severity > log_global_min_severity_)
-    return;
-  va_start(ap,format);
-  logv(severity, domain, log_fn_function_name_, NULL, format, ap);
-  va_end(ap);
-  log_fn_function_name_ = NULL;
-}
-void
-log_fn_ratelim_(ratelim_t *ratelim, int severity, log_domain_mask_t domain,
-                const char *format, ...)
-{
-  va_list ap;
-  char *m;
-  if (severity > log_global_min_severity_)
-    return;
-  m = rate_limit_log(ratelim, approx_time());
-  if (m == NULL)
-      return;
-  va_start(ap, format);
-  logv(severity, domain, log_fn_function_name_, m, format, ap);
-  va_end(ap);
-  tor_free(m);
-}
-void
-log_debug_(log_domain_mask_t domain, const char *format, ...)
-{
-  va_list ap;
-  /* For GCC we do this check in the macro. */
-  if (PREDICT_LIKELY(LOG_DEBUG > log_global_min_severity_))
-    return;
-  va_start(ap,format);
-  logv(LOG_DEBUG, domain, log_fn_function_name_, NULL, format, ap);
-  va_end(ap);
-  log_fn_function_name_ = NULL;
-}
-void
-log_info_(log_domain_mask_t domain, const char *format, ...)
-{
-  va_list ap;
-  if (LOG_INFO > log_global_min_severity_)
-    return;
-  va_start(ap,format);
-  logv(LOG_INFO, domain, log_fn_function_name_, NULL, format, ap);
-  va_end(ap);
-  log_fn_function_name_ = NULL;
-}
-void
-log_notice_(log_domain_mask_t domain, const char *format, ...)
-{
-  va_list ap;
-  if (LOG_NOTICE > log_global_min_severity_)
-    return;
-  va_start(ap,format);
-  logv(LOG_NOTICE, domain, log_fn_function_name_, NULL, format, ap);
-  va_end(ap);
-  log_fn_function_name_ = NULL;
-}
-void
-log_warn_(log_domain_mask_t domain, const char *format, ...)
-{
-  va_list ap;
-  if (LOG_WARN > log_global_min_severity_)
-    return;
-  va_start(ap,format);
-  logv(LOG_WARN, domain, log_fn_function_name_, NULL, format, ap);
-  va_end(ap);
-  log_fn_function_name_ = NULL;
-}
-void
-log_err_(log_domain_mask_t domain, const char *format, ...)
-{
-  va_list ap;
-  if (LOG_ERR > log_global_min_severity_)
-    return;
-  va_start(ap,format);
-  logv(LOG_ERR, domain, log_fn_function_name_, NULL, format, ap);
-  va_end(ap);
-  log_fn_function_name_ = NULL;
-}
-/** @} */
-#endif
 
 /** Free all storage held by <b>victim</b>. */
 static void
@@ -724,12 +728,14 @@ void
 logs_free_all(void)
 {
   logfile_t *victim, *next;
-  smartlist_t *messages;
+  smartlist_t *messages, *messages2;
   LOCK_LOGS();
   next = logfiles;
   logfiles = NULL;
   messages = pending_cb_messages;
   pending_cb_messages = NULL;
+  messages2 = pending_startup_messages;
+  pending_startup_messages = NULL;
   UNLOCK_LOGS();
   while (next) {
     victim = next;
@@ -739,12 +745,18 @@ logs_free_all(void)
   }
   tor_free(appname);
 
-  SMARTLIST_FOREACH(messages, pending_cb_message_t *, msg, {
-      tor_free(msg->msg);
-      tor_free(msg);
+  SMARTLIST_FOREACH(messages, pending_log_message_t *, msg, {
+      pending_log_message_free(msg);
     });
   smartlist_free(messages);
 
+  if (messages2) {
+    SMARTLIST_FOREACH(messages2, pending_log_message_t *, msg, {
+        pending_log_message_free(msg);
+      });
+    smartlist_free(messages2);
+  }
+
   /* We _could_ destroy the log mutex here, but that would screw up any logs
    * that happened between here and the end of execution. */
 }
@@ -839,14 +851,24 @@ add_stream_log(const log_severity_list_t *severity, const char *name, int fd)
 
 /** Initialize the global logging facility */
 void
-init_logging(void)
+init_logging(int disable_startup_queue)
 {
   if (!log_mutex_initialized) {
     tor_mutex_init(&log_mutex);
     log_mutex_initialized = 1;
   }
+#ifdef __GNUC__
+  if (strchr(__PRETTY_FUNCTION__, '(')) {
+    pretty_fn_has_parens = 1;
+  }
+#endif
   if (pending_cb_messages == NULL)
     pending_cb_messages = smartlist_new();
+  if (disable_startup_queue)
+    queue_startup_messages = 0;
+  if (pending_startup_messages == NULL && queue_startup_messages) {
+    pending_startup_messages = smartlist_new();
+  }
 }
 
 /** Set whether we report logging domains as a part of our log messages.
@@ -924,7 +946,7 @@ flush_pending_log_callbacks(void)
   smartlist_t *messages, *messages_tmp;
 
   LOCK_LOGS();
-  if (0 == smartlist_len(pending_cb_messages)) {
+  if (!pending_cb_messages || 0 == smartlist_len(pending_cb_messages)) {
     UNLOCK_LOGS();
     return;
   }
@@ -932,7 +954,7 @@ flush_pending_log_callbacks(void)
   messages = pending_cb_messages;
   pending_cb_messages = smartlist_new();
   do {
-    SMARTLIST_FOREACH_BEGIN(messages, pending_cb_message_t *, msg) {
+    SMARTLIST_FOREACH_BEGIN(messages, pending_log_message_t *, msg) {
       const int severity = msg->severity;
       const int domain = msg->domain;
       for (lf = logfiles; lf; lf = lf->next) {
@@ -942,8 +964,7 @@ flush_pending_log_callbacks(void)
         }
         lf->callback(severity, domain, msg->msg);
       }
-      tor_free(msg->msg);
-      tor_free(msg);
+      pending_log_message_free(msg);
     } SMARTLIST_FOREACH_END(msg);
     smartlist_clear(messages);
 
@@ -957,6 +978,45 @@ flush_pending_log_callbacks(void)
   UNLOCK_LOGS();
 }
 
+/** Flush all the messages we stored from startup while waiting for log
+ * initialization.
+ */
+void
+flush_log_messages_from_startup(void)
+{
+  logfile_t *lf;
+
+  LOCK_LOGS();
+  queue_startup_messages = 0;
+  pending_startup_messages_len = 0;
+  if (! pending_startup_messages)
+    goto out;
+
+  SMARTLIST_FOREACH_BEGIN(pending_startup_messages, pending_log_message_t *,
+                          msg) {
+    int callbacks_deferred = 0;
+    for (lf = logfiles; lf; lf = lf->next) {
+      if (! logfile_wants_message(lf, msg->severity, msg->domain))
+        continue;
+
+      /* We configure a temporary startup log that goes to stdout, so we
+       * shouldn't replay to stdout/stderr*/
+      if (lf->fd == STDOUT_FILENO || lf->fd == STDERR_FILENO) {
+        continue;
+      }
+
+      logfile_deliver(lf, msg->fullmsg, strlen(msg->fullmsg), msg->msg,
+                      msg->domain, msg->severity, &callbacks_deferred);
+    }
+    pending_log_message_free(msg);
+  } SMARTLIST_FOREACH_END(msg);
+  smartlist_free(pending_startup_messages);
+  pending_startup_messages = NULL;
+
+ out:
+  UNLOCK_LOGS();
+}
+
 /** Close any log handlers added by add_temp_log() or marked by
  * mark_logs_temp(). */
 void
@@ -1010,12 +1070,16 @@ mark_logs_temp(void)
  * logfile fails, -1 is returned and errno is set appropriately (by open(2)).
  */
 int
-add_file_log(const log_severity_list_t *severity, const char *filename)
+add_file_log(const log_severity_list_t *severity, const char *filename,
+             const int truncate)
 {
   int fd;
   logfile_t *lf;
 
-  fd = tor_open_cloexec(filename, O_WRONLY|O_CREAT|O_APPEND, 0644);
+  int open_flags = O_WRONLY|O_CREAT;
+  open_flags |= truncate ? O_TRUNC : O_APPEND;
+
+  fd = tor_open_cloexec(filename, open_flags, 0644);
   if (fd<0)
     return -1;
   if (tor_fd_seekend(fd)<0) {
@@ -1040,14 +1104,25 @@ add_file_log(const log_severity_list_t *severity, const char *filename)
 #ifdef HAVE_SYSLOG_H
 /**
  * Add a log handler to send messages to they system log facility.
+ *
+ * If this is the first log handler, opens syslog with ident Tor or
+ * Tor-<syslog_identity_tag> if that is not NULL.
  */
 int
-add_syslog_log(const log_severity_list_t *severity)
+add_syslog_log(const log_severity_list_t *severity,
+               const char* syslog_identity_tag)
 {
   logfile_t *lf;
-  if (syslog_count++ == 0)
+  if (syslog_count++ == 0) {
     /* This is the first syslog. */
-    openlog("Tor", LOG_PID | LOG_NDELAY, LOGFACILITY);
+    static char buf[256];
+    if (syslog_identity_tag) {
+      tor_snprintf(buf, sizeof(buf), "Tor-%s", syslog_identity_tag);
+    } else {
+      tor_snprintf(buf, sizeof(buf), "Tor");
+    }
+    openlog(buf, LOG_PID | LOG_NDELAY, LOGFACILITY);
+  }
 
   lf = tor_malloc_zero(sizeof(logfile_t));
   lf->fd = -1;
@@ -1094,7 +1169,8 @@ log_level_to_string(int level)
 static const char *domain_list[] = {
   "GENERAL", "CRYPTO", "NET", "CONFIG", "FS", "PROTOCOL", "MM",
   "HTTP", "APP", "CONTROL", "CIRC", "REND", "BUG", "DIR", "DIRSERV",
-  "OR", "EDGE", "ACCT", "HIST", "HANDSHAKE", "HEARTBEAT", "CHANNEL", NULL
+  "OR", "EDGE", "ACCT", "HIST", "HANDSHAKE", "HEARTBEAT", "CHANNEL",
+  "SCHED", NULL
 };
 
 /** Return a bitmask for the log domain for which <b>domain</b> is the name,
@@ -1124,7 +1200,8 @@ domain_to_string(log_domain_mask_t domain, char *buf, size_t buflen)
     const char *d;
     int bit = tor_log2(domain);
     size_t n;
-    if (bit >= N_LOGGING_DOMAINS) {
+    if ((unsigned)bit >= ARRAY_LENGTH(domain_list)-1 ||
+        bit >= N_LOGGING_DOMAINS) {
       tor_snprintf(buf, buflen, "<BUG:Unknown domain %lx>", (long)domain);
       return buf+strlen(buf);
     }
@@ -1297,3 +1374,15 @@ switch_logs_debug(void)
   UNLOCK_LOGS();
 }
 
+/** Truncate all the log files. */
+void
+truncate_logs(void)
+{
+  logfile_t *lf;
+  for (lf = logfiles; lf; lf = lf->next) {
+    if (lf->fd >= 0) {
+      tor_ftruncate(lf->fd);
+    }
+  }
+}
+
diff --git a/src/common/memarea.c b/src/common/memarea.c
index bcaea0949e..173ed4e1cb 100644
--- a/src/common/memarea.c
+++ b/src/common/memarea.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008-2013, The Tor Project, Inc. */
+/* Copyright (c) 2008-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /** \file memarea.c
@@ -21,16 +21,19 @@
  * value. */
 #define MEMAREA_ALIGN SIZEOF_VOID_P
 
+/** A value which, when masked out of a pointer, produces a maximally aligned
+ * pointer. */
 #if MEMAREA_ALIGN == 4
-#define MEMAREA_ALIGN_MASK 3lu
+#define MEMAREA_ALIGN_MASK ((uintptr_t)3)
 #elif MEMAREA_ALIGN == 8
-#define MEMAREA_ALIGN_MASK 7lu
+#define MEMAREA_ALIGN_MASK ((uintptr_t)7)
 #else
 #error "void* is neither 4 nor 8 bytes long. I don't know how to align stuff."
 #endif
 
 #if defined(__GNUC__) && defined(FLEXIBLE_ARRAY_MEMBER)
 #define USE_ALIGNED_ATTRIBUTE
+/** Name for the 'memory' member of a memory chunk. */
 #define U_MEM mem
 #else
 #define U_MEM u.mem
@@ -61,7 +64,7 @@
 #endif
 
 /** Increment <b>ptr</b> until it is aligned to MEMAREA_ALIGN. */
-static INLINE void *
+static inline void *
 realign_pointer(void *ptr)
 {
   uintptr_t x = (uintptr_t)ptr;
@@ -80,15 +83,16 @@ typedef struct memarea_chunk_t {
   struct memarea_chunk_t *next_chunk;
   size_t mem_size; /**< How much RAM is available in mem, total? */
   char *next_mem; /**< Next position in mem to allocate data at.  If it's
-                   * greater than or equal to mem+mem_size, this chunk is
-                   * full. */
+                   * equal to mem+mem_size, this chunk is full. */
 #ifdef USE_ALIGNED_ATTRIBUTE
+  /** Actual content of the memory chunk. */
   char mem[FLEXIBLE_ARRAY_MEMBER] __attribute__((aligned(MEMAREA_ALIGN)));
 #else
   union {
     char mem[1]; /**< Memory space in this chunk.  */
     void *void_for_alignment_; /**< Dummy; used to make sure mem is aligned. */
-  } u;
+  } u; /**< Union used to enforce alignment when we don't have support for
+        * doing it right. */
 #endif
 } memarea_chunk_t;
 
@@ -105,56 +109,32 @@ struct memarea_t {
   memarea_chunk_t *first; /**< Top of the chunk stack: never NULL. */
 };
 
-/** How many chunks will we put into the freelist before freeing them? */
-#define MAX_FREELIST_LEN 4
-/** The number of memarea chunks currently in our freelist. */
-static int freelist_len=0;
-/** A linked list of unused memory area chunks.  Used to prevent us from
- * spinning in malloc/free loops. */
-static memarea_chunk_t *freelist = NULL;
-
 /** Helper: allocate a new memarea chunk of around <b>chunk_size</b> bytes. */
 static memarea_chunk_t *
-alloc_chunk(size_t sz, int freelist_ok)
+alloc_chunk(size_t sz)
 {
   tor_assert(sz < SIZE_T_CEILING);
-  if (freelist && freelist_ok) {
-    memarea_chunk_t *res = freelist;
-    freelist = res->next_chunk;
-    res->next_chunk = NULL;
-    --freelist_len;
-    CHECK_SENTINEL(res);
-    return res;
-  } else {
-    size_t chunk_size = freelist_ok ? CHUNK_SIZE : sz;
-    memarea_chunk_t *res;
-    chunk_size += SENTINEL_LEN;
-    res = tor_malloc(chunk_size);
-    res->next_chunk = NULL;
-    res->mem_size = chunk_size - CHUNK_HEADER_SIZE - SENTINEL_LEN;
-    res->next_mem = res->U_MEM;
-    tor_assert(res->next_mem+res->mem_size+SENTINEL_LEN ==
-               ((char*)res)+chunk_size);
-    tor_assert(realign_pointer(res->next_mem) == res->next_mem);
-    SET_SENTINEL(res);
-    return res;
-  }
+
+  size_t chunk_size = sz < CHUNK_SIZE ? CHUNK_SIZE : sz;
+  memarea_chunk_t *res;
+  chunk_size += SENTINEL_LEN;
+  res = tor_malloc(chunk_size);
+  res->next_chunk = NULL;
+  res->mem_size = chunk_size - CHUNK_HEADER_SIZE - SENTINEL_LEN;
+  res->next_mem = res->U_MEM;
+  tor_assert(res->next_mem+res->mem_size+SENTINEL_LEN ==
+             ((char*)res)+chunk_size);
+  tor_assert(realign_pointer(res->next_mem) == res->next_mem);
+  SET_SENTINEL(res);
+  return res;
 }
 
-/** Release <b>chunk</b> from a memarea, either by adding it to the freelist
- * or by freeing it if the freelist is already too big. */
+/** Release <b>chunk</b> from a memarea. */
 static void
 chunk_free_unchecked(memarea_chunk_t *chunk)
 {
   CHECK_SENTINEL(chunk);
-  if (freelist_len < MAX_FREELIST_LEN) {
-    ++freelist_len;
-    chunk->next_chunk = freelist;
-    freelist = chunk;
-    chunk->next_mem = chunk->U_MEM;
-  } else {
-    tor_free(chunk);
-  }
+  tor_free(chunk);
 }
 
 /** Allocate and return new memarea. */
@@ -162,7 +142,7 @@ memarea_t *
 memarea_new(void)
 {
   memarea_t *head = tor_malloc(sizeof(memarea_t));
-  head->first = alloc_chunk(CHUNK_SIZE, 1);
+  head->first = alloc_chunk(CHUNK_SIZE);
   return head;
 }
 
@@ -197,19 +177,6 @@ memarea_clear(memarea_t *area)
   area->first->next_mem = area->first->U_MEM;
 }
 
-/** Remove all unused memarea chunks from the internal freelist. */
-void
-memarea_clear_freelist(void)
-{
-  memarea_chunk_t *chunk, *next;
-  freelist_len = 0;
-  for (chunk = freelist; chunk; chunk = next) {
-    next = chunk->next_chunk;
-    tor_free(chunk);
-  }
-  freelist = NULL;
-}
-
 /** Return true iff <b>p</b> is in a range that has been returned by an
  * allocation from <b>area</b>. */
 int
@@ -237,16 +204,19 @@ memarea_alloc(memarea_t *area, size_t sz)
   tor_assert(sz < SIZE_T_CEILING);
   if (sz == 0)
     sz = 1;
-  if (chunk->next_mem+sz > chunk->U_MEM+chunk->mem_size) {
+  tor_assert(chunk->next_mem <= chunk->U_MEM + chunk->mem_size);
+  const size_t space_remaining =
+    (chunk->U_MEM + chunk->mem_size) - chunk->next_mem;
+  if (sz > space_remaining) {
     if (sz+CHUNK_HEADER_SIZE >= CHUNK_SIZE) {
       /* This allocation is too big.  Stick it in a special chunk, and put
        * that chunk second in the list. */
-      memarea_chunk_t *new_chunk = alloc_chunk(sz+CHUNK_HEADER_SIZE, 0);
+      memarea_chunk_t *new_chunk = alloc_chunk(sz+CHUNK_HEADER_SIZE);
       new_chunk->next_chunk = chunk->next_chunk;
       chunk->next_chunk = new_chunk;
       chunk = new_chunk;
     } else {
-      memarea_chunk_t *new_chunk = alloc_chunk(CHUNK_SIZE, 1);
+      memarea_chunk_t *new_chunk = alloc_chunk(CHUNK_SIZE);
       new_chunk->next_chunk = chunk;
       area->first = chunk = new_chunk;
     }
diff --git a/src/common/memarea.h b/src/common/memarea.h
index 8b88585d35..85bca51ad3 100644
--- a/src/common/memarea.h
+++ b/src/common/memarea.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008-2013, The Tor Project, Inc. */
+/* Copyright (c) 2008-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 /* Tor dependencies */
 
@@ -18,7 +18,6 @@ char *memarea_strdup(memarea_t *area, const char *s);
 char *memarea_strndup(memarea_t *area, const char *s, size_t n);
 void memarea_get_stats(memarea_t *area,
                        size_t *allocated_out, size_t *used_out);
-void memarea_clear_freelist(void);
 void memarea_assert_ok(memarea_t *area);
 
 #endif
diff --git a/src/common/mempool.c b/src/common/mempool.c
deleted file mode 100644
index 4389888760..0000000000
--- a/src/common/mempool.c
+++ /dev/null
@@ -1,628 +0,0 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-#if 1
-/* Tor dependencies */
-#include "orconfig.h"
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include "torint.h"
-#include "crypto.h"
-#define MEMPOOL_PRIVATE
-#include "mempool.h"
-
-/* OVERVIEW:
- *
- *     This is an implementation of memory pools for Tor cells.  It may be
- *     useful for you too.
- *
- *     Generally, a memory pool is an allocation strategy optimized for large
- *     numbers of identically-sized objects.  Rather than the elaborate arena
- *     and coalescing strategies you need to get good performance for a
- *     general-purpose malloc(), pools use a series of large memory "chunks",
- *     each of which is carved into a bunch of smaller "items" or
- *     "allocations".
- *
- *     To get decent performance, you need to:
- *        - Minimize the number of times you hit the underlying allocator.
- *        - Try to keep accesses as local in memory as possible.
- *        - Try to keep the common case fast.
- *
- *     Our implementation uses three lists of chunks per pool.  Each chunk can
- *     be either "full" (no more room for items); "empty" (no items); or
- *     "used" (not full, not empty).  There are independent doubly-linked
- *     lists for each state.
- *
- * CREDIT:
- *
- *     I wrote this after looking at 3 or 4 other pooling allocators, but
- *     without copying.  The strategy this most resembles (which is funny,
- *     since that's the one I looked at longest ago) is the pool allocator
- *     underlying Python's obmalloc code.  Major differences from obmalloc's
- *     pools are:
- *       - We don't even try to be threadsafe.
- *       - We only handle objects of one size.
- *       - Our list of empty chunks is doubly-linked, not singly-linked.
- *         (This could change pretty easily; it's only doubly-linked for
- *         consistency.)
- *       - We keep a list of full chunks (so we can have a "nuke everything"
- *         function).  Obmalloc's pools leave full chunks to float unanchored.
- *
- * LIMITATIONS:
- *   - Not even slightly threadsafe.
- *   - Likes to have lots of items per chunks.
- *   - One pointer overhead per allocated thing.  (The alternative is
- *     something like glib's use of an RB-tree to keep track of what
- *     chunk any given piece of memory is in.)
- *   - Only aligns allocated things to void* level: redefine ALIGNMENT_TYPE
- *     if you need doubles.
- *   - Could probably be optimized a bit; the representation contains
- *     a bit more info than it really needs to have.
- */
-
-#if 1
-/* Tor dependencies */
-#include "util.h"
-#include "compat.h"
-#include "torlog.h"
-#define ALLOC(x) tor_malloc(x)
-#define FREE(x) tor_free(x)
-#define ASSERT(x) tor_assert(x)
-#undef ALLOC_CAN_RETURN_NULL
-#define TOR
-/* End Tor dependencies */
-#else
-/* If you're not building this as part of Tor, you'll want to define the
- * following macros.  For now, these should do as defaults.
- */
-#include <assert.h>
-#define PREDICT_UNLIKELY(x) (x)
-#define PREDICT_LIKELY(x) (x)
-#define ALLOC(x) malloc(x)
-#define FREE(x) free(x)
-#define STRUCT_OFFSET(tp, member)                       \
-  ((off_t) (((char*)&((tp*)0)->member)-(char*)0))
-#define ASSERT(x) assert(x)
-#define ALLOC_CAN_RETURN_NULL
-#endif
-
-/* Tuning parameters */
-/** Largest type that we need to ensure returned memory items are aligned to.
- * Change this to "double" if we need to be safe for structs with doubles. */
-#define ALIGNMENT_TYPE void *
-/** Increment that we need to align allocated. */
-#define ALIGNMENT sizeof(ALIGNMENT_TYPE)
-/** Largest memory chunk that we should allocate. */
-#define MAX_CHUNK (8*(1L<<20))
-/** Smallest memory chunk size that we should allocate. */
-#define MIN_CHUNK 4096
-
-typedef struct mp_allocated_t mp_allocated_t;
-typedef struct mp_chunk_t mp_chunk_t;
-
-/** Holds a single allocated item, allocated as part of a chunk. */
-struct mp_allocated_t {
-  /** The chunk that this item is allocated in.  This adds overhead to each
-   * allocated item, thus making this implementation inappropriate for
-   * very small items. */
-  mp_chunk_t *in_chunk;
-  union {
-    /** If this item is free, the next item on the free list. */
-    mp_allocated_t *next_free;
-    /** If this item is not free, the actual memory contents of this item.
-     * (Not actual size.) */
-    char mem[1];
-    /** An extra element to the union to insure correct alignment. */
-    ALIGNMENT_TYPE dummy_;
-  } u;
-};
-
-/** 'Magic' value used to detect memory corruption. */
-#define MP_CHUNK_MAGIC 0x09870123
-
-/** A chunk of memory.  Chunks come from malloc; we use them  */
-struct mp_chunk_t {
-  unsigned long magic; /**< Must be MP_CHUNK_MAGIC if this chunk is valid. */
-  mp_chunk_t *next; /**< The next free, used, or full chunk in sequence. */
-  mp_chunk_t *prev; /**< The previous free, used, or full chunk in sequence. */
-  mp_pool_t *pool; /**< The pool that this chunk is part of. */
-  /** First free item in the freelist for this chunk.  Note that this may be
-   * NULL even if this chunk is not at capacity: if so, the free memory at
-   * next_mem has not yet been carved into items.
-   */
-  mp_allocated_t *first_free;
-  int n_allocated; /**< Number of currently allocated items in this chunk. */
-  int capacity; /**< Number of items that can be fit into this chunk. */
-  size_t mem_size; /**< Number of usable bytes in mem. */
-  char *next_mem; /**< Pointer into part of <b>mem</b> not yet carved up. */
-  char mem[FLEXIBLE_ARRAY_MEMBER]; /**< Storage for this chunk. */
-};
-
-/** Number of extra bytes needed beyond mem_size to allocate a chunk. */
-#define CHUNK_OVERHEAD STRUCT_OFFSET(mp_chunk_t, mem[0])
-
-/** Given a pointer to a mp_allocated_t, return a pointer to the memory
- * item it holds. */
-#define A2M(a) (&(a)->u.mem)
-/** Given a pointer to a memory_item_t, return a pointer to its enclosing
- * mp_allocated_t. */
-#define M2A(p) ( ((char*)p) - STRUCT_OFFSET(mp_allocated_t, u.mem) )
-
-#ifdef ALLOC_CAN_RETURN_NULL
-/** If our ALLOC() macro can return NULL, check whether <b>x</b> is NULL,
- * and if so, return NULL. */
-#define CHECK_ALLOC(x)                           \
-  if (PREDICT_UNLIKELY(!x)) { return NULL; }
-#else
-/** If our ALLOC() macro can't return NULL, do nothing. */
-#define CHECK_ALLOC(x)
-#endif
-
-/** Helper: Allocate and return a new memory chunk for <b>pool</b>.  Does not
- * link the chunk into any list. */
-static mp_chunk_t *
-mp_chunk_new(mp_pool_t *pool)
-{
-  size_t sz = pool->new_chunk_capacity * pool->item_alloc_size;
-  mp_chunk_t *chunk = ALLOC(CHUNK_OVERHEAD + sz);
-
-#ifdef MEMPOOL_STATS
-  ++pool->total_chunks_allocated;
-#endif
-  CHECK_ALLOC(chunk);
-  memset(chunk, 0, sizeof(mp_chunk_t)); /* Doesn't clear the whole thing. */
-  chunk->magic = MP_CHUNK_MAGIC;
-  chunk->capacity = pool->new_chunk_capacity;
-  chunk->mem_size = sz;
-  chunk->next_mem = chunk->mem;
-  chunk->pool = pool;
-  return chunk;
-}
-
-/** Take a <b>chunk</b> that has just been allocated or removed from
- * <b>pool</b>'s empty chunk list, and add it to the head of the used chunk
- * list. */
-static INLINE void
-add_newly_used_chunk_to_used_list(mp_pool_t *pool, mp_chunk_t *chunk)
-{
-  chunk->next = pool->used_chunks;
-  if (chunk->next)
-    chunk->next->prev = chunk;
-  pool->used_chunks = chunk;
-  ASSERT(!chunk->prev);
-}
-
-/** Return a newly allocated item from <b>pool</b>. */
-void *
-mp_pool_get(mp_pool_t *pool)
-{
-  mp_chunk_t *chunk;
-  mp_allocated_t *allocated;
-
-  if (PREDICT_LIKELY(pool->used_chunks != NULL)) {
-    /* Common case: there is some chunk that is neither full nor empty.  Use
-     * that one. (We can't use the full ones, obviously, and we should fill
-     * up the used ones before we start on any empty ones. */
-    chunk = pool->used_chunks;
-
-  } else if (pool->empty_chunks) {
-    /* We have no used chunks, but we have an empty chunk that we haven't
-     * freed yet: use that.  (We pull from the front of the list, which should
-     * get us the most recently emptied chunk.) */
-    chunk = pool->empty_chunks;
-
-    /* Remove the chunk from the empty list. */
-    pool->empty_chunks = chunk->next;
-    if (chunk->next)
-      chunk->next->prev = NULL;
-
-    /* Put the chunk on the 'used' list*/
-    add_newly_used_chunk_to_used_list(pool, chunk);
-
-    ASSERT(!chunk->prev);
-    --pool->n_empty_chunks;
-    if (pool->n_empty_chunks < pool->min_empty_chunks)
-      pool->min_empty_chunks = pool->n_empty_chunks;
-  } else {
-    /* We have no used or empty chunks: allocate a new chunk. */
-    chunk = mp_chunk_new(pool);
-    CHECK_ALLOC(chunk);
-
-    /* Add the new chunk to the used list. */
-    add_newly_used_chunk_to_used_list(pool, chunk);
-  }
-
-  ASSERT(chunk->n_allocated < chunk->capacity);
-
-  if (chunk->first_free) {
-    /* If there's anything on the chunk's freelist, unlink it and use it. */
-    allocated = chunk->first_free;
-    chunk->first_free = allocated->u.next_free;
-    allocated->u.next_free = NULL; /* For debugging; not really needed. */
-    ASSERT(allocated->in_chunk == chunk);
-  } else {
-    /* Otherwise, the chunk had better have some free space left on it. */
-    ASSERT(chunk->next_mem + pool->item_alloc_size <=
-           chunk->mem + chunk->mem_size);
-
-    /* Good, it did.  Let's carve off a bit of that free space, and use
-     * that. */
-    allocated = (void*)chunk->next_mem;
-    chunk->next_mem += pool->item_alloc_size;
-    allocated->in_chunk = chunk;
-    allocated->u.next_free = NULL; /* For debugging; not really needed. */
-  }
-
-  ++chunk->n_allocated;
-#ifdef MEMPOOL_STATS
-  ++pool->total_items_allocated;
-#endif
-
-  if (PREDICT_UNLIKELY(chunk->n_allocated == chunk->capacity)) {
-    /* This chunk just became full. */
-    ASSERT(chunk == pool->used_chunks);
-    ASSERT(chunk->prev == NULL);
-
-    /* Take it off the used list. */
-    pool->used_chunks = chunk->next;
-    if (chunk->next)
-      chunk->next->prev = NULL;
-
-    /* Put it on the full list. */
-    chunk->next = pool->full_chunks;
-    if (chunk->next)
-      chunk->next->prev = chunk;
-    pool->full_chunks = chunk;
-  }
-  /* And return the memory portion of the mp_allocated_t. */
-  return A2M(allocated);
-}
-
-/** Return an allocated memory item to its memory pool. */
-void
-mp_pool_release(void *item)
-{
-  mp_allocated_t *allocated = (void*) M2A(item);
-  mp_chunk_t *chunk = allocated->in_chunk;
-
-  ASSERT(chunk);
-  ASSERT(chunk->magic == MP_CHUNK_MAGIC);
-  ASSERT(chunk->n_allocated > 0);
-
-  allocated->u.next_free = chunk->first_free;
-  chunk->first_free = allocated;
-
-  if (PREDICT_UNLIKELY(chunk->n_allocated == chunk->capacity)) {
-    /* This chunk was full and is about to be used. */
-    mp_pool_t *pool = chunk->pool;
-    /* unlink from the full list  */
-    if (chunk->prev)
-      chunk->prev->next = chunk->next;
-    if (chunk->next)
-      chunk->next->prev = chunk->prev;
-    if (chunk == pool->full_chunks)
-      pool->full_chunks = chunk->next;
-
-    /* link to the used list. */
-    chunk->next = pool->used_chunks;
-    chunk->prev = NULL;
-    if (chunk->next)
-      chunk->next->prev = chunk;
-    pool->used_chunks = chunk;
-  } else if (PREDICT_UNLIKELY(chunk->n_allocated == 1)) {
-    /* This was used and is about to be empty. */
-    mp_pool_t *pool = chunk->pool;
-
-    /* Unlink from the used list */
-    if (chunk->prev)
-      chunk->prev->next = chunk->next;
-    if (chunk->next)
-      chunk->next->prev = chunk->prev;
-    if (chunk == pool->used_chunks)
-      pool->used_chunks = chunk->next;
-
-    /* Link to the empty list */
-    chunk->next = pool->empty_chunks;
-    chunk->prev = NULL;
-    if (chunk->next)
-      chunk->next->prev = chunk;
-    pool->empty_chunks = chunk;
-
-    /* Reset the guts of this chunk to defragment it, in case it gets
-     * used again. */
-    chunk->first_free = NULL;
-    chunk->next_mem = chunk->mem;
-
-    ++pool->n_empty_chunks;
-  }
-  --chunk->n_allocated;
-}
-
-/** Allocate a new memory pool to hold items of size <b>item_size</b>. We'll
- * try to fit about <b>chunk_capacity</b> bytes in each chunk. */
-mp_pool_t *
-mp_pool_new(size_t item_size, size_t chunk_capacity)
-{
-  mp_pool_t *pool;
-  size_t alloc_size, new_chunk_cap;
-
-  tor_assert(item_size < SIZE_T_CEILING);
-  tor_assert(chunk_capacity < SIZE_T_CEILING);
-  tor_assert(SIZE_T_CEILING / item_size > chunk_capacity);
-
-  pool = ALLOC(sizeof(mp_pool_t));
-  CHECK_ALLOC(pool);
-  memset(pool, 0, sizeof(mp_pool_t));
-
-  /* First, we figure out how much space to allow per item.  We'll want to
-   * use make sure we have enough for the overhead plus the item size. */
-  alloc_size = (size_t)(STRUCT_OFFSET(mp_allocated_t, u.mem) + item_size);
-  /* If the item_size is less than sizeof(next_free), we need to make
-   * the allocation bigger. */
-  if (alloc_size < sizeof(mp_allocated_t))
-    alloc_size = sizeof(mp_allocated_t);
-
-  /* If we're not an even multiple of ALIGNMENT, round up. */
-  if (alloc_size % ALIGNMENT) {
-    alloc_size = alloc_size + ALIGNMENT - (alloc_size % ALIGNMENT);
-  }
-  if (alloc_size < ALIGNMENT)
-    alloc_size = ALIGNMENT;
-  ASSERT((alloc_size % ALIGNMENT) == 0);
-
-  /* Now we figure out how many items fit in each chunk.  We need to fit at
-   * least 2 items per chunk. No chunk can be more than MAX_CHUNK bytes long,
-   * or less than MIN_CHUNK. */
-  if (chunk_capacity > MAX_CHUNK)
-    chunk_capacity = MAX_CHUNK;
-  /* Try to be around a power of 2 in size, since that's what allocators like
-   * handing out. 512K-1 byte is a lot better than 512K+1 byte. */
-  chunk_capacity = (size_t) round_to_power_of_2(chunk_capacity);
-  while (chunk_capacity < alloc_size * 2 + CHUNK_OVERHEAD)
-    chunk_capacity *= 2;
-  if (chunk_capacity < MIN_CHUNK)
-    chunk_capacity = MIN_CHUNK;
-
-  new_chunk_cap = (chunk_capacity-CHUNK_OVERHEAD) / alloc_size;
-  tor_assert(new_chunk_cap < INT_MAX);
-  pool->new_chunk_capacity = (int)new_chunk_cap;
-
-  pool->item_alloc_size = alloc_size;
-
-  log_debug(LD_MM, "Capacity is %lu, item size is %lu, alloc size is %lu",
-            (unsigned long)pool->new_chunk_capacity,
-            (unsigned long)pool->item_alloc_size,
-            (unsigned long)(pool->new_chunk_capacity*pool->item_alloc_size));
-
-  return pool;
-}
-
-/** Helper function for qsort: used to sort pointers to mp_chunk_t into
- * descending order of fullness. */
-static int
-mp_pool_sort_used_chunks_helper(const void *_a, const void *_b)
-{
-  mp_chunk_t *a = *(mp_chunk_t**)_a;
-  mp_chunk_t *b = *(mp_chunk_t**)_b;
-  return b->n_allocated - a->n_allocated;
-}
-
-/** Sort the used chunks in <b>pool</b> into descending order of fullness,
- * so that we preferentially fill up mostly full chunks before we make
- * nearly empty chunks less nearly empty. */
-static void
-mp_pool_sort_used_chunks(mp_pool_t *pool)
-{
-  int i, n=0, inverted=0;
-  mp_chunk_t **chunks, *chunk;
-  for (chunk = pool->used_chunks; chunk; chunk = chunk->next) {
-    ++n;
-    if (chunk->next && chunk->next->n_allocated > chunk->n_allocated)
-      ++inverted;
-  }
-  if (!inverted)
-    return;
-  //printf("Sort %d/%d\n",inverted,n);
-  chunks = ALLOC(sizeof(mp_chunk_t *)*n);
-#ifdef ALLOC_CAN_RETURN_NULL
-  if (PREDICT_UNLIKELY(!chunks)) return;
-#endif
-  for (i=0,chunk = pool->used_chunks; chunk; chunk = chunk->next)
-    chunks[i++] = chunk;
-  qsort(chunks, n, sizeof(mp_chunk_t *), mp_pool_sort_used_chunks_helper);
-  pool->used_chunks = chunks[0];
-  chunks[0]->prev = NULL;
-  for (i=1;i<n;++i) {
-    chunks[i-1]->next = chunks[i];
-    chunks[i]->prev = chunks[i-1];
-  }
-  chunks[n-1]->next = NULL;
-  FREE(chunks);
-  mp_pool_assert_ok(pool);
-}
-
-/** If there are more than <b>n</b> empty chunks in <b>pool</b>, free the
- * excess ones that have been empty for the longest. If
- * <b>keep_recently_used</b> is true, do not free chunks unless they have been
- * empty since the last call to this function.
- **/
-void
-mp_pool_clean(mp_pool_t *pool, int n_to_keep, int keep_recently_used)
-{
-  mp_chunk_t *chunk, **first_to_free;
-
-  mp_pool_sort_used_chunks(pool);
-  ASSERT(n_to_keep >= 0);
-
-  if (keep_recently_used) {
-    int n_recently_used = pool->n_empty_chunks - pool->min_empty_chunks;
-    if (n_to_keep < n_recently_used)
-      n_to_keep = n_recently_used;
-  }
-
-  ASSERT(n_to_keep >= 0);
-
-  first_to_free = &pool->empty_chunks;
-  while (*first_to_free && n_to_keep > 0) {
-    first_to_free = &(*first_to_free)->next;
-    --n_to_keep;
-  }
-  if (!*first_to_free) {
-    pool->min_empty_chunks = pool->n_empty_chunks;
-    return;
-  }
-
-  chunk = *first_to_free;
-  while (chunk) {
-    mp_chunk_t *next = chunk->next;
-    chunk->magic = 0xdeadbeef;
-    FREE(chunk);
-#ifdef MEMPOOL_STATS
-    ++pool->total_chunks_freed;
-#endif
-    --pool->n_empty_chunks;
-    chunk = next;
-  }
-
-  pool->min_empty_chunks = pool->n_empty_chunks;
-  *first_to_free = NULL;
-}
-
-/** Helper: Given a list of chunks, free all the chunks in the list. */
-static void
-destroy_chunks(mp_chunk_t *chunk)
-{
-  mp_chunk_t *next;
-  while (chunk) {
-    chunk->magic = 0xd3adb33f;
-    next = chunk->next;
-    FREE(chunk);
-    chunk = next;
-  }
-}
-
-/** Free all space held in <b>pool</b>  This makes all pointers returned from
- * mp_pool_get(<b>pool</b>) invalid. */
-void
-mp_pool_destroy(mp_pool_t *pool)
-{
-  destroy_chunks(pool->empty_chunks);
-  destroy_chunks(pool->used_chunks);
-  destroy_chunks(pool->full_chunks);
-  memwipe(pool, 0xe0, sizeof(mp_pool_t));
-  FREE(pool);
-}
-
-/** Helper: make sure that a given chunk list is not corrupt. */
-static int
-assert_chunks_ok(mp_pool_t *pool, mp_chunk_t *chunk, int empty, int full)
-{
-  mp_allocated_t *allocated;
-  int n = 0;
-  if (chunk)
-    ASSERT(chunk->prev == NULL);
-
-  while (chunk) {
-    n++;
-    ASSERT(chunk->magic == MP_CHUNK_MAGIC);
-    ASSERT(chunk->pool == pool);
-    for (allocated = chunk->first_free; allocated;
-         allocated = allocated->u.next_free) {
-      ASSERT(allocated->in_chunk == chunk);
-    }
-    if (empty)
-      ASSERT(chunk->n_allocated == 0);
-    else if (full)
-      ASSERT(chunk->n_allocated == chunk->capacity);
-    else
-      ASSERT(chunk->n_allocated > 0 && chunk->n_allocated < chunk->capacity);
-
-    ASSERT(chunk->capacity == pool->new_chunk_capacity);
-
-    ASSERT(chunk->mem_size ==
-           pool->new_chunk_capacity * pool->item_alloc_size);
-
-    ASSERT(chunk->next_mem >= chunk->mem &&
-           chunk->next_mem <= chunk->mem + chunk->mem_size);
-
-    if (chunk->next)
-      ASSERT(chunk->next->prev == chunk);
-
-    chunk = chunk->next;
-  }
-  return n;
-}
-
-/** Fail with an assertion if <b>pool</b> is not internally consistent. */
-void
-mp_pool_assert_ok(mp_pool_t *pool)
-{
-  int n_empty;
-
-  n_empty = assert_chunks_ok(pool, pool->empty_chunks, 1, 0);
-  assert_chunks_ok(pool, pool->full_chunks, 0, 1);
-  assert_chunks_ok(pool, pool->used_chunks, 0, 0);
-
-  ASSERT(pool->n_empty_chunks == n_empty);
-}
-
-#ifdef TOR
-/** Dump information about <b>pool</b>'s memory usage to the Tor log at level
- * <b>severity</b>. */
-/*FFFF uses Tor logging functions. */
-void
-mp_pool_log_status(mp_pool_t *pool, int severity)
-{
-  uint64_t bytes_used = 0;
-  uint64_t bytes_allocated = 0;
-  uint64_t bu = 0, ba = 0;
-  mp_chunk_t *chunk;
-  int n_full = 0, n_used = 0;
-
-  ASSERT(pool);
-
-  for (chunk = pool->empty_chunks; chunk; chunk = chunk->next) {
-    bytes_allocated += chunk->mem_size;
-  }
-  log_fn(severity, LD_MM, U64_FORMAT" bytes in %d empty chunks",
-         U64_PRINTF_ARG(bytes_allocated), pool->n_empty_chunks);
-  for (chunk = pool->used_chunks; chunk; chunk = chunk->next) {
-    ++n_used;
-    bu += chunk->n_allocated * pool->item_alloc_size;
-    ba += chunk->mem_size;
-    log_fn(severity, LD_MM, "   used chunk: %d items allocated",
-           chunk->n_allocated);
-  }
-  log_fn(severity, LD_MM, U64_FORMAT"/"U64_FORMAT
-         " bytes in %d partially full chunks",
-         U64_PRINTF_ARG(bu), U64_PRINTF_ARG(ba), n_used);
-  bytes_used += bu;
-  bytes_allocated += ba;
-  bu = ba = 0;
-  for (chunk = pool->full_chunks; chunk; chunk = chunk->next) {
-    ++n_full;
-    bu += chunk->n_allocated * pool->item_alloc_size;
-    ba += chunk->mem_size;
-  }
-  log_fn(severity, LD_MM, U64_FORMAT"/"U64_FORMAT
-         " bytes in %d full chunks",
-         U64_PRINTF_ARG(bu), U64_PRINTF_ARG(ba), n_full);
-  bytes_used += bu;
-  bytes_allocated += ba;
-
-  log_fn(severity, LD_MM, "Total: "U64_FORMAT"/"U64_FORMAT" bytes allocated "
-         "for cell pools are full.",
-         U64_PRINTF_ARG(bytes_used), U64_PRINTF_ARG(bytes_allocated));
-
-#ifdef MEMPOOL_STATS
-  log_fn(severity, LD_MM, U64_FORMAT" cell allocations ever; "
-         U64_FORMAT" chunk allocations ever; "
-         U64_FORMAT" chunk frees ever.",
-         U64_PRINTF_ARG(pool->total_items_allocated),
-         U64_PRINTF_ARG(pool->total_chunks_allocated),
-         U64_PRINTF_ARG(pool->total_chunks_freed));
-#endif
-}
-#endif
-
diff --git a/src/common/mempool.h b/src/common/mempool.h
deleted file mode 100644
index 0fc1e4c676..0000000000
--- a/src/common/mempool.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file mempool.h
- * \brief Headers for mempool.c
- **/
-
-#ifndef TOR_MEMPOOL_H
-#define TOR_MEMPOOL_H
-
-/** A memory pool is a context in which a large number of fixed-sized
-* objects can be allocated efficiently.  See mempool.c for implementation
-* details. */
-typedef struct mp_pool_t mp_pool_t;
-
-void *mp_pool_get(mp_pool_t *pool);
-void mp_pool_release(void *item);
-mp_pool_t *mp_pool_new(size_t item_size, size_t chunk_capacity);
-void mp_pool_clean(mp_pool_t *pool, int n_to_keep, int keep_recently_used);
-void mp_pool_destroy(mp_pool_t *pool);
-void mp_pool_assert_ok(mp_pool_t *pool);
-void mp_pool_log_status(mp_pool_t *pool, int severity);
-
-#define MP_POOL_ITEM_OVERHEAD (sizeof(void*))
-
-#define MEMPOOL_STATS
-
-#ifdef MEMPOOL_PRIVATE
-/* These declarations are only used by mempool.c and test.c */
-
-struct mp_pool_t {
-  /** Doubly-linked list of chunks in which no items have been allocated.
-   * The front of the list is the most recently emptied chunk. */
-  struct mp_chunk_t *empty_chunks;
-  /** Doubly-linked list of chunks in which some items have been allocated,
-   * but which are not yet full. The front of the list is the chunk that has
-   * most recently been modified. */
-  struct mp_chunk_t *used_chunks;
-  /** Doubly-linked list of chunks in which no more items can be allocated.
-   * The front of the list is the chunk that has most recently become full. */
-  struct mp_chunk_t *full_chunks;
-  /** Length of <b>empty_chunks</b>. */
-  int n_empty_chunks;
-  /** Lowest value of <b>empty_chunks</b> since last call to
-   * mp_pool_clean(-1). */
-  int min_empty_chunks;
-  /** Size of each chunk (in items). */
-  int new_chunk_capacity;
-  /** Size to allocate for each item, including overhead and alignment
-   * padding. */
-  size_t item_alloc_size;
-#ifdef MEMPOOL_STATS
-  /** Total number of items allocated ever. */
-  uint64_t total_items_allocated;
-  /** Total number of chunks allocated ever. */
-  uint64_t total_chunks_allocated;
-  /** Total number of chunks freed ever. */
-  uint64_t total_chunks_freed;
-#endif
-};
-#endif
-
-#endif
-
diff --git a/src/common/procmon.c b/src/common/procmon.c
index 7c9b7c3c88..12d53fcd41 100644
--- a/src/common/procmon.c
+++ b/src/common/procmon.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2013, The Tor Project, Inc. */
+/* Copyright (c) 2011-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -192,7 +192,8 @@ tor_process_monitor_new(struct event_base *base,
                         tor_procmon_callback_t cb, void *cb_arg,
                         const char **msg)
 {
-  tor_process_monitor_t *procmon = tor_malloc(sizeof(tor_process_monitor_t));
+  tor_process_monitor_t *procmon = tor_malloc_zero(
+                                       sizeof(tor_process_monitor_t));
   struct parsed_process_specifier_t ppspec;
 
   tor_assert(msg != NULL);
diff --git a/src/common/procmon.h b/src/common/procmon.h
index b9388e2e90..49ead24092 100644
--- a/src/common/procmon.h
+++ b/src/common/procmon.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2013, The Tor Project, Inc. */
+/* Copyright (c) 2011-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index e43b64b913..74187e5d63 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1,7 +1,7 @@
-/* Copyright (c) 2001 Matej Pfajfar.
+ /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -48,7 +48,7 @@
 #include <sys/epoll.h>
 #include <sys/prctl.h>
 #include <linux/futex.h>
-#include <bits/signum.h>
+#include <sys/file.h>
 
 #include <stdarg.h>
 #include <seccomp.h>
@@ -58,6 +58,16 @@
 #include <time.h>
 #include <poll.h>
 
+#ifdef HAVE_LINUX_NETFILTER_IPV4_H
+#include <linux/netfilter_ipv4.h>
+#endif
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif
+#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#endif
+
 #if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
   defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
 #define USE_BACKTRACE
@@ -98,6 +108,8 @@ static sandbox_cfg_t *filter_dynamic = NULL;
 
 #undef SCMP_CMP
 #define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0})
+#define SCMP_CMP_STR(a,b,c) \
+  ((struct scmp_arg_cmp) {(a),(b),(intptr_t)(void*)(c),0})
 #define SCMP_CMP4(a,b,c,d) ((struct scmp_arg_cmp){(a),(b),(c),(d)})
 /* We use a wrapper here because these masked comparisons seem to be pretty
  * verbose. Also, it's important to cast to scmp_datum_t before negating the
@@ -117,11 +129,21 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clone),
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
+#ifdef HAVE_EVENTFD
+    SCMP_SYS(eventfd2),
+#endif
+#ifdef HAVE_PIPE2
+    SCMP_SYS(pipe2),
+#endif
+#ifdef HAVE_PIPE
+    SCMP_SYS(pipe),
+#endif
     SCMP_SYS(fcntl),
     SCMP_SYS(fstat),
 #ifdef __NR_fstat64
     SCMP_SYS(fstat64),
 #endif
+    SCMP_SYS(futex),
     SCMP_SYS(getdents64),
     SCMP_SYS(getegid),
 #ifdef __NR_getegid32
@@ -155,10 +177,20 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(mmap),
 #endif
     SCMP_SYS(munmap),
+#ifdef __NR_prlimit
+    SCMP_SYS(prlimit),
+#endif
+#ifdef __NR_prlimit64
+    SCMP_SYS(prlimit64),
+#endif
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
     SCMP_SYS(sched_getaffinity),
+    SCMP_SYS(sendmsg),
     SCMP_SYS(set_robust_list),
+#ifdef __NR_setrlimit
+    SCMP_SYS(setrlimit),
+#endif
 #ifdef __NR_sigreturn
     SCMP_SYS(sigreturn),
 #endif
@@ -176,6 +208,14 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(stat64),
 #endif
 
+#ifdef __NR_getrandom
+    SCMP_SYS(getrandom),
+#endif
+
+#ifdef __NR_sysinfo
+    // qsort uses this..
+    SCMP_SYS(sysinfo),
+#endif
     /*
      * These socket syscalls are not required on x86_64 and not supported with
      * some libseccomp versions (eg: 1.0.1)
@@ -253,7 +293,7 @@ sb_execve(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     if (param != NULL && param->prot == 1 && param->syscall
         == SCMP_SYS(execve)) {
       rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve),
-          SCMP_CMP(0, SCMP_CMP_EQ, param->value));
+               SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
       if (rc != 0) {
         log_err(LD_BUG,"(Sandbox) failed to add execve syscall, received "
             "libseccomp error %d", rc);
@@ -390,7 +430,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     if (param != NULL && param->prot == 1 && param->syscall
         == SCMP_SYS(open)) {
       rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
-            SCMP_CMP(0, SCMP_CMP_EQ, param->value));
+            SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
       if (rc != 0) {
         log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
             "libseccomp error %d", rc);
@@ -400,7 +440,8 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   }
 
   rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open),
-                SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY, O_RDONLY));
+                SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+                                O_RDONLY));
   if (rc != 0) {
     log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "
         "error %d", rc);
@@ -411,6 +452,56 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 
 static int
+sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  int rc;
+  sandbox_cfg_t *elem = NULL;
+
+  // for each dynamic parameter filters
+  for (elem = filter; elem != NULL; elem = elem->next) {
+    smp_param_t *param = elem->param;
+
+    if (param != NULL && param->prot == 1 && param->syscall
+        == SCMP_SYS(chmod)) {
+      rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chmod),
+            SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
+      if (rc != 0) {
+        log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
+            "libseccomp error %d", rc);
+        return rc;
+      }
+    }
+  }
+
+  return 0;
+}
+
+static int
+sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  int rc;
+  sandbox_cfg_t *elem = NULL;
+
+  // for each dynamic parameter filters
+  for (elem = filter; elem != NULL; elem = elem->next) {
+    smp_param_t *param = elem->param;
+
+    if (param != NULL && param->prot == 1 && param->syscall
+        == SCMP_SYS(chown)) {
+      rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chown),
+            SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
+      if (rc != 0) {
+        log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
+            "libseccomp error %d", rc);
+        return rc;
+      }
+    }
+  }
+
+  return 0;
+}
+
+static int
 sb__sysctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc;
@@ -445,8 +536,8 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
         param->syscall == SCMP_SYS(rename)) {
 
       rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rename),
-            SCMP_CMP(0, SCMP_CMP_EQ, param->value),
-            SCMP_CMP(1, SCMP_CMP_EQ, param->value2));
+            SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value),
+            SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value2));
       if (rc != 0) {
         log_err(LD_BUG,"(Sandbox) failed to add rename syscall, received "
             "libseccomp error %d", rc);
@@ -476,7 +567,7 @@ sb_openat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
         == SCMP_SYS(openat)) {
       rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
           SCMP_CMP(0, SCMP_CMP_EQ, AT_FDCWD),
-          SCMP_CMP(1, SCMP_CMP_EQ, param->value),
+          SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
           SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|
               O_CLOEXEC));
       if (rc != 0) {
@@ -498,7 +589,7 @@ static int
 sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
-  int i;
+  int i, j;
   (void) filter;
 
 #ifdef __i386__
@@ -515,21 +606,34 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   for (i = 0; i < 2; ++i) {
     const int pf = i ? PF_INET : PF_INET6;
+    for (j=0; j < 3; ++j) {
+      const int type     = (j == 0) ? SOCK_STREAM :
+                                      SOCK_DGRAM;
+      const int protocol = (j == 0) ? IPPROTO_TCP :
+                           (j == 1) ? IPPROTO_IP :
+                                      IPPROTO_UDP;
+      rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+        SCMP_CMP(0, SCMP_CMP_EQ, pf),
+        SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, type),
+        SCMP_CMP(2, SCMP_CMP_EQ, protocol));
+      if (rc)
+        return rc;
+    }
+  }
 
-    rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
-      SCMP_CMP(0, SCMP_CMP_EQ, pf),
+  rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+      SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
       SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
-      SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_TCP));
-    if (rc)
-      return rc;
+      SCMP_CMP(2, SCMP_CMP_EQ, 0));
+  if (rc)
+    return rc;
 
-    rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
-      SCMP_CMP(0, SCMP_CMP_EQ, pf),
+  rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+      SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
       SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
-      SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP));
-    if (rc)
-      return rc;
-  }
+      SCMP_CMP(2, SCMP_CMP_EQ, 0));
+  if (rc)
+    return rc;
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
       SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
@@ -600,6 +704,14 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   if (rc)
     return rc;
 
+#ifdef HAVE_SYSTEMD
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_SNDBUFFORCE));
+  if (rc)
+    return rc;
+#endif
+
 #ifdef IP_TRANSPARENT
   rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
       SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
@@ -633,6 +745,30 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   if (rc)
     return rc;
 
+#ifdef HAVE_SYSTEMD
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_SNDBUF));
+  if (rc)
+    return rc;
+#endif
+
+#ifdef HAVE_LINUX_NETFILTER_IPV4_H
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_ORIGINAL_DST));
+  if (rc)
+    return rc;
+#endif
+
+#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_IPV6),
+      SCMP_CMP(2, SCMP_CMP_EQ, IP6T_SO_ORIGINAL_DST));
+  if (rc)
+    return rc;
+#endif
+
   return 0;
 }
 
@@ -885,7 +1021,7 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     if (param != NULL && param->prot == 1 && (param->syscall == SCMP_SYS(open)
         || param->syscall == SCMP_SYS(stat64))) {
       rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat64),
-          SCMP_CMP(0, SCMP_CMP_EQ, param->value));
+          SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
       if (rc != 0) {
         log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
             "libseccomp  error %d", rc);
@@ -913,6 +1049,8 @@ static sandbox_filter_func_t filter_func[] = {
 #ifdef __NR_mmap2
     sb_mmap2,
 #endif
+    sb_chown,
+    sb_chmod,
     sb_open,
     sb_openat,
     sb__sysctl,
@@ -963,12 +1101,12 @@ sandbox_intern_string(const char *str)
   return str;
 }
 
-/** DOCDOC */
+/* DOCDOC */
 static int
 prot_strings_helper(strmap_t *locations,
                     char **pr_mem_next_p,
                     size_t *pr_mem_left_p,
-                    intptr_t *value_p)
+                    char **value_p)
 {
   char *param_val;
   size_t param_size;
@@ -984,7 +1122,7 @@ prot_strings_helper(strmap_t *locations,
   if (location) {
     // We already interned this string.
     tor_free(param_val);
-    *value_p = (intptr_t) location;
+    *value_p = location;
     return 0;
   } else if (*pr_mem_left_p >= param_size) {
     // copy to protected
@@ -993,7 +1131,7 @@ prot_strings_helper(strmap_t *locations,
 
     // re-point el parameter to protected
     tor_free(param_val);
-    *value_p = (intptr_t) location;
+    *value_p = location;
 
     strmap_set(locations, location, location); /* good real estate advice */
 
@@ -1075,7 +1213,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
       SCMP_CMP(0, SCMP_CMP_EQ, (intptr_t) pr_mem_base));
   if (ret) {
     log_err(LD_BUG,"(Sandbox) mremap protected memory filter fail!");
-    return ret;
+    goto out;
   }
 
   // no munmap of the protected base address
@@ -1083,7 +1221,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
         SCMP_CMP(0, SCMP_CMP_EQ, (intptr_t) pr_mem_base));
   if (ret) {
     log_err(LD_BUG,"(Sandbox) munmap protected memory filter fail!");
-    return ret;
+    goto out;
   }
 
   /*
@@ -1102,7 +1240,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
       SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE));
   if (ret) {
     log_err(LD_BUG,"(Sandbox) mprotect protected memory filter fail (LT)!");
-    return ret;
+    goto out;
   }
 
   ret = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect),
@@ -1112,7 +1250,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
       SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE));
   if (ret) {
     log_err(LD_BUG,"(Sandbox) mprotect protected memory filter fail (GT)!");
-    return ret;
+    goto out;
   }
 
  out:
@@ -1127,7 +1265,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
  * point.
  */
 static sandbox_cfg_t*
-new_element2(int syscall, intptr_t value, intptr_t value2)
+new_element2(int syscall, char *value, char *value2)
 {
   smp_param_t *param = NULL;
 
@@ -1143,9 +1281,9 @@ new_element2(int syscall, intptr_t value, intptr_t value2)
 }
 
 static sandbox_cfg_t*
-new_element(int syscall, intptr_t value)
+new_element(int syscall, char *value)
 {
-  return new_element2(syscall, value, 0);
+  return new_element2(syscall, value, NULL);
 }
 
 #ifdef __NR_stat64
@@ -1159,7 +1297,7 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element(SCMP_stat, (intptr_t)(void*) file);
+  elem = new_element(SCMP_stat, file);
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1172,33 +1310,28 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
 }
 
 int
-sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...)
+sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
 {
-  int rc = 0;
-  char *fn = NULL;
-
-  va_list ap;
-  va_start(ap, cfg);
+  sandbox_cfg_t *elem = NULL;
 
-  while ((fn = va_arg(ap, char*)) != NULL) {
-    rc = sandbox_cfg_allow_stat_filename(cfg, fn);
-    if (rc) {
-      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_stat_filename_array fail");
-      goto end;
-    }
+  elem = new_element(SCMP_SYS(open), file);
+  if (!elem) {
+    log_err(LD_BUG,"(Sandbox) failed to register parameter!");
+    return -1;
   }
 
- end:
-  va_end(ap);
+  elem->next = *cfg;
+  *cfg = elem;
+
   return 0;
 }
 
 int
-sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
+sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element(SCMP_SYS(open), (intptr_t)(void *) file);
+  elem = new_element(SCMP_SYS(chmod), file);
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1211,14 +1344,11 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
 }
 
 int
-sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
+sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element2(SCMP_SYS(rename),
-                      (intptr_t)(void *) file1,
-                      (intptr_t)(void *) file2);
-
+  elem = new_element(SCMP_SYS(chown), file);
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1231,24 +1361,20 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
 }
 
 int
-sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
+sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
 {
-  int rc = 0;
-  char *fn = NULL;
+  sandbox_cfg_t *elem = NULL;
 
-  va_list ap;
-  va_start(ap, cfg);
+  elem = new_element2(SCMP_SYS(rename), file1, file2);
 
-  while ((fn = va_arg(ap, char*)) != NULL) {
-    rc = sandbox_cfg_allow_open_filename(cfg, fn);
-    if (rc) {
-      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_open_filename_array fail");
-      goto end;
-    }
+  if (!elem) {
+    log_err(LD_BUG,"(Sandbox) failed to register parameter!");
+    return -1;
   }
 
- end:
-  va_end(ap);
+  elem->next = *cfg;
+  *cfg = elem;
+
   return 0;
 }
 
@@ -1257,7 +1383,7 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element(SCMP_SYS(openat), (intptr_t)(void *) file);
+  elem = new_element(SCMP_SYS(openat), file);
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1269,35 +1395,13 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
   return 0;
 }
 
-int
-sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
-{
-  int rc = 0;
-  char *fn = NULL;
-
-  va_list ap;
-  va_start(ap, cfg);
-
-  while ((fn = va_arg(ap, char*)) != NULL) {
-    rc = sandbox_cfg_allow_openat_filename(cfg, fn);
-    if (rc) {
-      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_openat_filename_array fail");
-      goto end;
-    }
-  }
-
- end:
-  va_end(ap);
-  return 0;
-}
-
 #if 0
 int
 sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element(SCMP_SYS(execve), (intptr_t)(void *) com);
+  elem = new_element(SCMP_SYS(execve), com);
   if (!elem) {
     log_err(LD_BUG,"(Sandbox) failed to register parameter!");
     return -1;
@@ -1309,28 +1413,6 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
   return 0;
 }
 
-int
-sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
-{
-  int rc = 0;
-  char *fn = NULL;
-
-  va_list ap;
-  va_start(ap, cfg);
-
-  while ((fn = va_arg(ap, char*)) != NULL) {
-
-    rc = sandbox_cfg_allow_execve(cfg, fn);
-    if (rc) {
-      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_execve_array failed");
-      goto end;
-    }
-  }
-
- end:
-  va_end(ap);
-  return 0;
-}
 #endif
 
 /** Cache entry for getaddrinfo results; used when sandboxing is implemented
@@ -1381,10 +1463,10 @@ static HT_HEAD(getaddrinfo_cache, cached_getaddrinfo_item_t)
 HT_PROTOTYPE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
              cached_getaddrinfo_item_hash,
              cached_getaddrinfo_items_eq);
-HT_GENERATE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
-            cached_getaddrinfo_item_hash,
-            cached_getaddrinfo_items_eq,
-            0.6, tor_malloc_, tor_realloc_, tor_free_);
+HT_GENERATE2(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
+             cached_getaddrinfo_item_hash,
+             cached_getaddrinfo_items_eq,
+             0.6, tor_reallocarray_, tor_free_)
 
 /** If true, don't try to cache getaddrinfo results. */
 static int sandbox_getaddrinfo_cache_disabled = 0;
@@ -1398,6 +1480,13 @@ sandbox_disable_getaddrinfo_cache(void)
   sandbox_getaddrinfo_cache_disabled = 1;
 }
 
+void
+sandbox_freeaddrinfo(struct addrinfo *ai)
+{
+  if (sandbox_getaddrinfo_cache_disabled)
+    freeaddrinfo(ai);
+}
+
 int
 sandbox_getaddrinfo(const char *name, const char *servname,
                     const struct addrinfo *hints,
@@ -1628,7 +1717,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
   const char *syscall_name;
   int syscall;
 #ifdef USE_BACKTRACE
-  int depth;
+  size_t depth;
   int n_fds, i;
   const int *fds = NULL;
 #endif
@@ -1660,7 +1749,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
 #ifdef USE_BACKTRACE
   n_fds = tor_log_get_sigsafe_err_fds(&fds);
   for (i=0; i < n_fds; ++i)
-    backtrace_symbols_fd(syscall_cb_buf, depth, fds[i]);
+    backtrace_symbols_fd(syscall_cb_buf, (int)depth, fds[i]);
 #endif
 
 #if defined(DEBUGGING_CLOSE)
@@ -1732,6 +1821,9 @@ register_cfg(sandbox_cfg_t* cfg)
 static int
 initialise_libseccomp_sandbox(sandbox_cfg_t* cfg)
 {
+  /* Prevent glibc from trying to open /dev/tty on fatal error */
+  setenv("LIBC_FATAL_STDERR_", "1", 1);
+
   if (install_sigsys_debugging())
     return -1;
 
@@ -1789,26 +1881,12 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
 }
 
 int
-sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
-{
-  (void)cfg;
-  return 0;
-}
-
-int
 sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
 {
   (void)cfg; (void)file;
   return 0;
 }
 
-int
-sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
-{
-  (void)cfg;
-  return 0;
-}
-
 #if 0
 int
 sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
@@ -1816,26 +1894,26 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
   (void)cfg; (void)com;
   return 0;
 }
+#endif
 
 int
-sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
+sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
 {
-  (void)cfg;
+  (void)cfg; (void)file;
   return 0;
 }
-#endif
 
 int
-sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)
+sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file)
 {
   (void)cfg; (void)file;
   return 0;
 }
 
 int
-sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...)
+sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file)
 {
-  (void)cfg;
+  (void)cfg; (void)file;
   return 0;
 }
 
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index 35d87772fd..2defd8bbd4 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -42,6 +42,9 @@ typedef struct sandbox_cfg_elem sandbox_cfg_t;
 #ifndef __USE_GNU
 #define __USE_GNU
 #endif
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
 #include <sys/ucontext.h>
 #include <seccomp.h>
 #include <netdb.h>
@@ -66,9 +69,9 @@ typedef struct smp_param {
   int syscall;
 
   /** parameter value. */
-  intptr_t value;
+  char *value;
   /** parameter value, second argument. */
-  intptr_t value2;
+  char *value2;
 
   /**  parameter flag (0 = not protected, 1 = protected). */
   int prot;
@@ -115,7 +118,7 @@ struct addrinfo;
 int sandbox_getaddrinfo(const char *name, const char *servname,
                         const struct addrinfo *hints,
                         struct addrinfo **res);
-#define sandbox_freeaddrinfo(addrinfo) ((void)0)
+void sandbox_freeaddrinfo(struct addrinfo *addrinfo);
 void sandbox_free_getaddrinfo_cache(void);
 #else
 #define sandbox_getaddrinfo(name, servname, hints, res)  \
@@ -146,16 +149,11 @@ sandbox_cfg_t * sandbox_cfg_new(void);
  */
 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
 
-/**DOCDOC*/
-int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
+int sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file);
+int sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file);
 
-/** Function used to add a series of open allowed filenames to a supplied
- * configuration.
- *  @param cfg  sandbox configuration.
- *  @param ... a list of stealable pointers to permitted files.  The last
- *  one must be NULL.
-*/
-int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...);
+/* DOCDOC */
+int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
 
 /**
  * Function used to add a openat allowed filename to a supplied configuration.
@@ -164,28 +162,12 @@ int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...);
  */
 int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
 
-/** Function used to add a series of openat allowed filenames to a supplied
- * configuration.
- *  @param cfg  sandbox configuration.
- *  @param ... a list of stealable pointers to permitted files.  The last
- *  one must be NULL.
- */
-int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...);
-
 #if 0
 /**
  * Function used to add a execve allowed filename to a supplied configuration.
  * The (char*) specifies the path to the allowed file; that pointer is stolen.
  */
 int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com);
-
-/** Function used to add a series of execve allowed filenames to a supplied
- * configuration.
- *  @param cfg  sandbox configuration.
- *  @param ... an array of stealable pointers to permitted files.  The last
- *  one must be NULL.
- */
-int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...);
 #endif
 
 /**
@@ -194,14 +176,6 @@ int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...);
  */
 int sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file);
 
-/** Function used to add a series of stat64 allowed filenames to a supplied
- * configuration.
- *  @param cfg  sandbox configuration.
- *  @param ... an array of stealable pointers to permitted files.  The last
- *  one must be NULL.
- */
-int sandbox_cfg_allow_stat_filename_array(sandbox_cfg_t **cfg, ...);
-
 /** Function used to initialise a sandbox configuration.*/
 int sandbox_init(sandbox_cfg_t* cfg);
 
diff --git a/src/common/testsupport.h b/src/common/testsupport.h
index 4a4f50b69b..3bb11a7e41 100644
--- a/src/common/testsupport.h
+++ b/src/common/testsupport.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_TESTSUPPORT_H
@@ -20,8 +20,8 @@
  *
  * and implement it as:
  *
- *     MOCK_IMPL(void
- *     writebuf,(size_t n, char *buf)
+ *     MOCK_IMPL(void,
+ *     writebuf,(size_t n, char *buf))
  *     {
  *          ...
  *     }
diff --git a/src/common/torgzip.c b/src/common/torgzip.c
index 15451ee30d..71e55f8723 100644
--- a/src/common/torgzip.c
+++ b/src/common/torgzip.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -46,6 +46,12 @@
 
 #include <zlib.h>
 
+static size_t tor_zlib_state_size_precalc(int inflate,
+                                          int windowbits, int memlevel);
+
+/** Total number of bytes allocated for zlib state */
+static size_t total_zlib_allocation = 0;
+
 /** Set to 1 if zlib is a version that supports gzip; set to 0 if it doesn't;
  * set to -1 if we haven't checked yet. */
 static int gzip_is_supported = -1;
@@ -85,11 +91,28 @@ tor_zlib_get_header_version_str(void)
 }
 
 /** Return the 'bits' value to tell zlib to use <b>method</b>.*/
-static INLINE int
-method_bits(compress_method_t method)
+static inline int
+method_bits(compress_method_t method, zlib_compression_level_t level)
 {
   /* Bits+16 means "use gzip" in zlib >= 1.2 */
-  return method == GZIP_METHOD ? 15+16 : 15;
+  const int flag = method == GZIP_METHOD ? 16 : 0;
+  switch (level) {
+    default:
+    case HIGH_COMPRESSION: return flag + 15;
+    case MEDIUM_COMPRESSION: return flag + 13;
+    case LOW_COMPRESSION: return flag + 11;
+  }
+}
+
+static inline int
+get_memlevel(zlib_compression_level_t level)
+{
+  switch (level) {
+    default:
+    case HIGH_COMPRESSION: return 8;
+    case MEDIUM_COMPRESSION: return 7;
+    case LOW_COMPRESSION: return 6;
+  }
 }
 
 /** @{ */
@@ -156,8 +179,9 @@ tor_gzip_compress(char **out, size_t *out_len,
   stream->avail_in = (unsigned int)in_len;
 
   if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED,
-                   method_bits(method),
-                   8, Z_DEFAULT_STRATEGY) != Z_OK) {
+                   method_bits(method, HIGH_COMPRESSION),
+                   get_memlevel(HIGH_COMPRESSION),
+                   Z_DEFAULT_STRATEGY) != Z_OK) {
     log_warn(LD_GENERAL, "Error from deflateInit2: %s",
              stream->msg?stream->msg:"<no message>");
     goto err;
@@ -283,7 +307,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
   stream->avail_in = (unsigned int)in_len;
 
   if (inflateInit2(stream,
-                   method_bits(method)) != Z_OK) {
+                   method_bits(method, HIGH_COMPRESSION)) != Z_OK) {
     log_warn(LD_GENERAL, "Error from inflateInit2: %s",
              stream->msg?stream->msg:"<no message>");
     goto err;
@@ -309,7 +333,8 @@ tor_gzip_uncompress(char **out, size_t *out_len,
           log_warn(LD_BUG, "Error freeing gzip structures");
           goto err;
         }
-        if (inflateInit2(stream, method_bits(method)) != Z_OK) {
+        if (inflateInit2(stream,
+                         method_bits(method,HIGH_COMPRESSION)) != Z_OK) {
           log_warn(LD_GENERAL, "Error from second inflateInit2: %s",
                    stream->msg?stream->msg:"<no message>");
           goto err;
@@ -411,15 +436,20 @@ struct tor_zlib_state_t {
   size_t input_so_far;
   /** Number of bytes written so far.  Used to detect zlib bombs. */
   size_t output_so_far;
+
+  /** Approximate number of bytes allocated for this object. */
+  size_t allocation;
 };
 
 /** Construct and return a tor_zlib_state_t object using <b>method</b>.  If
  * <b>compress</b>, it's for compression; otherwise it's for
  * decompression. */
 tor_zlib_state_t *
-tor_zlib_new(int compress, compress_method_t method)
+tor_zlib_new(int compress, compress_method_t method,
+             zlib_compression_level_t compression_level)
 {
   tor_zlib_state_t *out;
+  int bits, memlevel;
 
   if (method == GZIP_METHOD && !is_gzip_supported()) {
     /* Old zlib version don't support gzip in inflateInit2 */
@@ -427,19 +457,32 @@ tor_zlib_new(int compress, compress_method_t method)
     return NULL;
  }
 
+ if (! compress) {
+   /* use this setting for decompression, since we might have the
+    * max number of window bits */
+   compression_level = HIGH_COMPRESSION;
+ }
+
  out = tor_malloc_zero(sizeof(tor_zlib_state_t));
  out->stream.zalloc = Z_NULL;
  out->stream.zfree = Z_NULL;
  out->stream.opaque = NULL;
  out->compress = compress;
+ bits = method_bits(method, compression_level);
+ memlevel = get_memlevel(compression_level);
  if (compress) {
    if (deflateInit2(&out->stream, Z_BEST_COMPRESSION, Z_DEFLATED,
-                    method_bits(method), 8, Z_DEFAULT_STRATEGY) != Z_OK)
+                    bits, memlevel,
+                    Z_DEFAULT_STRATEGY) != Z_OK)
      goto err;
  } else {
-   if (inflateInit2(&out->stream, method_bits(method)) != Z_OK)
+   if (inflateInit2(&out->stream, bits) != Z_OK)
      goto err;
  }
+ out->allocation = tor_zlib_state_size_precalc(!compress, bits, memlevel);
+
+ total_zlib_allocation += out->allocation;
+
  return out;
 
  err:
@@ -472,7 +515,7 @@ tor_zlib_process(tor_zlib_state_t *state,
   state->stream.avail_out = (unsigned int)*out_len;
 
   if (state->compress) {
-    err = deflate(&state->stream, finish ? Z_FINISH : Z_SYNC_FLUSH);
+    err = deflate(&state->stream, finish ? Z_FINISH : Z_NO_FLUSH);
   } else {
     err = inflate(&state->stream, finish ? Z_FINISH : Z_SYNC_FLUSH);
   }
@@ -496,7 +539,7 @@ tor_zlib_process(tor_zlib_state_t *state,
     case Z_STREAM_END:
       return TOR_ZLIB_DONE;
     case Z_BUF_ERROR:
-      if (state->stream.avail_in == 0)
+      if (state->stream.avail_in == 0 && !finish)
         return TOR_ZLIB_OK;
       return TOR_ZLIB_BUF_FULL;
     case Z_OK:
@@ -517,6 +560,8 @@ tor_zlib_free(tor_zlib_state_t *state)
   if (!state)
     return;
 
+ total_zlib_allocation -= state->allocation;
+
   if (state->compress)
     deflateEnd(&state->stream);
   else
@@ -525,3 +570,48 @@ tor_zlib_free(tor_zlib_state_t *state)
   tor_free(state);
 }
 
+/** Return an approximate number of bytes used in RAM to hold a state with
+ * window bits <b>windowBits</b> and compression level 'memlevel' */
+static size_t
+tor_zlib_state_size_precalc(int inflate, int windowbits, int memlevel)
+{
+  windowbits &= 15;
+
+#define A_FEW_KILOBYTES 2048
+
+  if (inflate) {
+    /* From zconf.h:
+
+       "The memory requirements for inflate are (in bytes) 1 << windowBits
+       that is, 32K for windowBits=15 (default value) plus a few kilobytes
+       for small objects."
+    */
+    return sizeof(tor_zlib_state_t) + sizeof(struct z_stream_s) +
+      (1 << 15) + A_FEW_KILOBYTES;
+  } else {
+    /* Also from zconf.h:
+
+       "The memory requirements for deflate are (in bytes):
+            (1 << (windowBits+2)) +  (1 << (memLevel+9))
+        ... plus a few kilobytes for small objects."
+    */
+    return sizeof(tor_zlib_state_t) + sizeof(struct z_stream_s) +
+      (1 << (windowbits + 2)) + (1 << (memlevel + 9)) + A_FEW_KILOBYTES;
+  }
+#undef A_FEW_KILOBYTES
+}
+
+/** Return the approximate number of bytes allocated for <b>state</b>. */
+size_t
+tor_zlib_state_size(const tor_zlib_state_t *state)
+{
+  return state->allocation;
+}
+
+/** Return the approximate number of bytes allocated for all zlib states. */
+size_t
+tor_zlib_get_total_allocation(void)
+{
+  return total_zlib_allocation;
+}
+
diff --git a/src/common/torgzip.h b/src/common/torgzip.h
index 5db03fe6e0..00f62dcb45 100644
--- a/src/common/torgzip.h
+++ b/src/common/torgzip.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -19,6 +19,15 @@ typedef enum {
   NO_METHOD=0, GZIP_METHOD=1, ZLIB_METHOD=2, UNKNOWN_METHOD=3
 } compress_method_t;
 
+/**
+ * Enumeration to define tradeoffs between memory usage and compression level.
+ * HIGH_COMPRESSION saves the most bandwidth; LOW_COMPRESSION saves the most
+ * memory.
+ **/
+typedef enum {
+  HIGH_COMPRESSION, MEDIUM_COMPRESSION, LOW_COMPRESSION
+} zlib_compression_level_t;
+
 int
 tor_gzip_compress(char **out, size_t *out_len,
                   const char *in, size_t in_len,
@@ -47,7 +56,8 @@ typedef enum {
 } tor_zlib_output_t;
 /** Internal state for an incremental zlib compression/decompression. */
 typedef struct tor_zlib_state_t tor_zlib_state_t;
-tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method);
+tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method,
+                               zlib_compression_level_t level);
 
 tor_zlib_output_t tor_zlib_process(tor_zlib_state_t *state,
                                    char **out, size_t *out_len,
@@ -55,5 +65,8 @@ tor_zlib_output_t tor_zlib_process(tor_zlib_state_t *state,
                                    int finish);
 void tor_zlib_free(tor_zlib_state_t *state);
 
+size_t tor_zlib_state_size(const tor_zlib_state_t *state);
+size_t tor_zlib_get_total_allocation(void);
+
 #endif
 
diff --git a/src/common/torint.h b/src/common/torint.h
index a993d7649a..58c30f41a8 100644
--- a/src/common/torint.h
+++ b/src/common/torint.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -191,6 +191,10 @@ typedef unsigned __int64 uint64_t;
 #endif
 #endif
 
+#ifndef INT64_MIN
+#define INT64_MIN ((- INT64_MAX) - 1)
+#endif
+
 #ifndef SIZE_MAX
 #if SIZEOF_SIZE_T == 8
 #define SIZE_MAX UINT64_MAX
@@ -308,8 +312,6 @@ typedef uint32_t uintptr_t;
 
 #ifndef TIME_MAX
 
-#ifdef TIME_T_IS_SIGNED
-
 #if (SIZEOF_TIME_T == SIZEOF_INT)
 #define TIME_MAX ((time_t)INT_MAX)
 #elif (SIZEOF_TIME_T == SIZEOF_LONG)
@@ -317,45 +319,49 @@ typedef uint32_t uintptr_t;
 #elif (SIZEOF_TIME_T == 8)
 #define TIME_MAX ((time_t)INT64_MAX)
 #else
-#error "Can't define (signed) TIME_MAX"
+#error "Can't define TIME_MAX"
 #endif
 
-#else
-/* Unsigned case */
-#if (SIZEOF_TIME_T == 4)
-#define TIME_MAX ((time_t)UINT32_MAX)
+#endif /* ifndef(TIME_MAX) */
+
+#ifndef TIME_MIN
+
+#if (SIZEOF_TIME_T == SIZEOF_INT)
+#define TIME_MIN ((time_t)INT_MIN)
+#elif (SIZEOF_TIME_T == SIZEOF_LONG)
+#define TIME_MIN ((time_t)LONG_MIN)
 #elif (SIZEOF_TIME_T == 8)
-#define TIME_MAX ((time_t)UINT64_MAX)
+#define TIME_MIN ((time_t)INT64_MIN)
 #else
-#error "Can't define (unsigned) TIME_MAX"
+#error "Can't define TIME_MIN"
 #endif
-#endif /* time_t_is_signed */
-#endif /* ifndef(TIME_MAX) */
 
-#ifndef SIZE_T_MAX
+#endif /* ifndef(TIME_MIN) */
+
+#ifndef SIZE_MAX
 #if (SIZEOF_SIZE_T == 4)
-#define SIZE_T_MAX UINT32_MAX
+#define SIZE_MAX UINT32_MAX
 #elif (SIZEOF_SIZE_T == 8)
-#define SIZE_T_MAX UINT64_MAX
+#define SIZE_MAX UINT64_MAX
 #else
-#error "Can't define SIZE_T_MAX"
+#error "Can't define SIZE_MAX"
 #endif
 #endif
 
-#ifndef SSIZE_T_MAX
+#ifndef SSIZE_MAX
 #if (SIZEOF_SIZE_T == 4)
-#define SSIZE_T_MAX INT32_MAX
+#define SSIZE_MAX INT32_MAX
 #elif (SIZEOF_SIZE_T == 8)
-#define SSIZE_T_MAX INT64_MAX
+#define SSIZE_MAX INT64_MAX
 #else
-#error "Can't define SSIZE_T_MAX"
+#error "Can't define SSIZE_MAX"
 #endif
 #endif
 
 /** Any ssize_t larger than this amount is likely to be an underflow. */
-#define SSIZE_T_CEILING ((ssize_t)(SSIZE_T_MAX-16))
+#define SSIZE_T_CEILING ((ssize_t)(SSIZE_MAX-16))
 /** Any size_t larger than this amount is likely to be an underflow. */
-#define SIZE_T_CEILING  ((size_t)(SSIZE_T_MAX-16))
+#define SIZE_T_CEILING  ((size_t)(SSIZE_MAX-16))
 
 #endif /* __TORINT_H */
 
diff --git a/src/common/torlog.h b/src/common/torlog.h
index 34f70f3c00..578af7caea 100644
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -97,8 +97,10 @@
 #define LD_HEARTBEAT (1u<<20)
 /** Abstract channel_t code */
 #define LD_CHANNEL   (1u<<21)
+/** Scheduler */
+#define LD_SCHED     (1u<<22)
 /** Number of logging domains in the code. */
-#define N_LOGGING_DOMAINS 22
+#define N_LOGGING_DOMAINS 23
 
 /** This log message is not safe to send to a callback-based logger
  * immediately.  Used as a flag, not a log domain. */
@@ -121,7 +123,7 @@ typedef struct log_severity_list_t {
 /** Callback type used for add_callback_log. */
 typedef void (*log_callback)(int severity, uint32_t domain, const char *msg);
 
-void init_logging(void);
+void init_logging(int disable_startup_queue);
 int parse_log_level(const char *level);
 const char *log_level_to_string(int level);
 int parse_log_severity_config(const char **cfg,
@@ -130,9 +132,11 @@ void set_log_severity_config(int minSeverity, int maxSeverity,
                              log_severity_list_t *severity_out);
 void add_stream_log(const log_severity_list_t *severity, const char *name,
                     int fd);
-int add_file_log(const log_severity_list_t *severity, const char *filename);
+int add_file_log(const log_severity_list_t *severity, const char *filename,
+                 const int truncate);
 #ifdef HAVE_SYSLOG_H
-int add_syslog_log(const log_severity_list_t *severity);
+int add_syslog_log(const log_severity_list_t *severity,
+                   const char* syslog_identity_tag);
 #endif
 int add_callback_log(const log_severity_list_t *severity, log_callback cb);
 void logs_set_domain_logging(int enabled);
@@ -146,8 +150,10 @@ void mark_logs_temp(void);
 void change_callback_log_severity(int loglevelMin, int loglevelMax,
                                   log_callback cb);
 void flush_pending_log_callbacks(void);
+void flush_log_messages_from_startup(void);
 void log_set_application_name(const char *name);
 void set_log_time_granularity(int granularity_msec);
+void truncate_logs(void);
 
 void tor_log(int severity, log_domain_mask_t domain, const char *format, ...)
   CHECK_PRINTF(3,4);
@@ -161,7 +167,6 @@ void tor_log_get_logfile_names(struct smartlist_t *out);
 
 extern int log_global_min_severity_;
 
-#if defined(__GNUC__) || defined(RUNNING_DOXYGEN)
 void log_fn_(int severity, log_domain_mask_t domain,
              const char *funcname, const char *format, ...)
   CHECK_PRINTF(4,5);
@@ -170,67 +175,63 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
                      log_domain_mask_t domain, const char *funcname,
                      const char *format, ...)
   CHECK_PRINTF(5,6);
+
+#if defined(__GNUC__)
+
+/* These are the GCC varidaic macros, so that older versions of GCC don't
+ * break. */
+
 /** Log a message at level <b>severity</b>, using a pretty-printed version
  * of the current function name. */
 #define log_fn(severity, domain, args...)               \
-  log_fn_(severity, domain, __PRETTY_FUNCTION__, args)
+  log_fn_(severity, domain, __FUNCTION__, args)
 /** As log_fn, but use <b>ratelim</b> (an instance of ratelim_t) to control
  * the frequency at which messages can appear.
  */
 #define log_fn_ratelim(ratelim, severity, domain, args...)      \
-  log_fn_ratelim_(ratelim, severity, domain, __PRETTY_FUNCTION__, args)
+  log_fn_ratelim_(ratelim, severity, domain, __FUNCTION__, args)
 #define log_debug(domain, args...)                                      \
   STMT_BEGIN                                                            \
     if (PREDICT_UNLIKELY(log_global_min_severity_ == LOG_DEBUG))        \
-      log_fn_(LOG_DEBUG, domain, __PRETTY_FUNCTION__, args);            \
+      log_fn_(LOG_DEBUG, domain, __FUNCTION__, args);            \
   STMT_END
 #define log_info(domain, args...)                           \
-  log_fn_(LOG_INFO, domain, __PRETTY_FUNCTION__, args)
+  log_fn_(LOG_INFO, domain, __FUNCTION__, args)
 #define log_notice(domain, args...)                         \
-  log_fn_(LOG_NOTICE, domain, __PRETTY_FUNCTION__, args)
+  log_fn_(LOG_NOTICE, domain, __FUNCTION__, args)
 #define log_warn(domain, args...)                           \
-  log_fn_(LOG_WARN, domain, __PRETTY_FUNCTION__, args)
+  log_fn_(LOG_WARN, domain, __FUNCTION__, args)
 #define log_err(domain, args...)                            \
-  log_fn_(LOG_ERR, domain, __PRETTY_FUNCTION__, args)
+  log_fn_(LOG_ERR, domain, __FUNCTION__, args)
 
 #else /* ! defined(__GNUC__) */
 
-void log_fn_(int severity, log_domain_mask_t domain, const char *format, ...);
-struct ratelim_t;
-void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
-             log_domain_mask_t domain, const char *format, ...);
-void log_debug_(log_domain_mask_t domain, const char *format, ...);
-void log_info_(log_domain_mask_t domain, const char *format, ...);
-void log_notice_(log_domain_mask_t domain, const char *format, ...);
-void log_warn_(log_domain_mask_t domain, const char *format, ...);
-void log_err_(log_domain_mask_t domain, const char *format, ...);
-
-#if defined(_MSC_VER) && _MSC_VER < 1300
-/* MSVC 6 and earlier don't have __func__, or even __LINE__. */
-#define log_fn log_fn_
-#define log_fn_ratelim log_fn_ratelim_
-#define log_debug log_debug_
-#define log_info log_info_
-#define log_notice log_notice_
-#define log_warn log_warn_
-#define log_err log_err_
-#else
-/* We don't have GCC's varargs macros, so use a global variable to pass the
- * function name to log_fn */
-extern const char *log_fn_function_name_;
-/* We abuse the comma operator here, since we can't use the standard
- * do {...} while (0) trick to wrap this macro, since the macro can't take
- * arguments. */
-#define log_fn (log_fn_function_name_=__func__),log_fn_
-#define log_fn_ratelim (log_fn_function_name_=__func__),log_fn_ratelim_
-#define log_debug (log_fn_function_name_=__func__),log_debug_
-#define log_info (log_fn_function_name_=__func__),log_info_
-#define log_notice (log_fn_function_name_=__func__),log_notice_
-#define log_warn (log_fn_function_name_=__func__),log_warn_
-#define log_err (log_fn_function_name_=__func__),log_err_
-#endif
+/* Here are the c99 variadic macros, to work with non-GCC compilers */
 
-#endif /* !GNUC */
+#define log_debug(domain, args, ...)                                        \
+  STMT_BEGIN                                                                \
+    if (PREDICT_UNLIKELY(log_global_min_severity_ == LOG_DEBUG))            \
+      log_fn_(LOG_DEBUG, domain, __FUNCTION__, args, ##__VA_ARGS__); \
+  STMT_END
+#define log_info(domain, args,...)                                      \
+  log_fn_(LOG_INFO, domain, __FUNCTION__, args, ##__VA_ARGS__)
+#define log_notice(domain, args,...)                                    \
+  log_fn_(LOG_NOTICE, domain, __FUNCTION__, args, ##__VA_ARGS__)
+#define log_warn(domain, args,...)                                      \
+  log_fn_(LOG_WARN, domain, __FUNCTION__, args, ##__VA_ARGS__)
+#define log_err(domain, args,...)                                       \
+  log_fn_(LOG_ERR, domain, __FUNCTION__, args, ##__VA_ARGS__)
+/** Log a message at level <b>severity</b>, using a pretty-printed version
+ * of the current function name. */
+#define log_fn(severity, domain, args,...)                              \
+  log_fn_(severity, domain, __FUNCTION__, args, ##__VA_ARGS__)
+/** As log_fn, but use <b>ratelim</b> (an instance of ratelim_t) to control
+ * the frequency at which messages can appear.
+ */
+#define log_fn_ratelim(ratelim, severity, domain, args,...)      \
+  log_fn_ratelim_(ratelim, severity, domain, __FUNCTION__, \
+                  args, ##__VA_ARGS__)
+#endif
 
 #ifdef LOG_PRIVATE
 MOCK_DECL(STATIC void, logv, (int severity, log_domain_mask_t domain,
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 221b47e009..89ad6af939 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -16,22 +16,12 @@
 
 #include "orconfig.h"
 
-#if defined (WINCE)
-#include <WinSock2.h>
-#endif
+#define TORTLS_PRIVATE
 
 #include <assert.h>
 #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
- #ifndef _WIN32_WINNT
- #define _WIN32_WINNT 0x0501
- #endif
- #define WIN32_LEAN_AND_MEAN
- #if defined(_MSC_VER) && (_MSC_VER < 1300)
-    #include <winsock.h>
- #else
-    #include <winsock2.h>
-    #include <ws2tcpip.h>
- #endif
+  #include <winsock2.h>
+  #include <ws2tcpip.h>
 #endif
 
 #ifdef __GNUC__
@@ -47,13 +37,21 @@
 #pragma GCC diagnostic ignored "-Wredundant-decls"
 #endif
 
+#include <openssl/opensslv.h>
+#include "crypto.h"
+
+#ifdef OPENSSL_NO_EC
+#error "We require OpenSSL with ECC support"
+#endif
+
 #include <openssl/ssl.h>
 #include <openssl/ssl3.h>
 #include <openssl/err.h>
 #include <openssl/tls1.h>
 #include <openssl/asn1.h>
 #include <openssl/bio.h>
-#include <openssl/opensslv.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
 
 #if __GNUC__ && GCC_VERSION >= 402
 #if GCC_VERSION >= 406
@@ -70,21 +68,17 @@
 #include "compat_libevent.h"
 #endif
 
-#include "crypto.h"
+#define TORTLS_PRIVATE
 #include "tortls.h"
 #include "util.h"
 #include "torlog.h"
 #include "container.h"
 #include <string.h>
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
-#error "We require OpenSSL >= 0.9.8"
-#endif
-
-/* Enable the "v2" TLS handshake.
- */
-#define V2_HANDSHAKE_SERVER
-#define V2_HANDSHAKE_CLIENT
+#define X509_get_notBefore_const(cert) \
+  ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
+#define X509_get_notAfter_const(cert) \
+  ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
 
 /* Copied from or.h */
 #define LEGAL_NICKNAME_CHARACTERS \
@@ -95,10 +89,8 @@
 
 #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
 
-#if (OPENSSL_VERSION_NUMBER  <  OPENSSL_V(0,9,8,'s') ||         \
-     (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) &&      \
-      OPENSSL_VERSION_NUMBER <  OPENSSL_V(1,0,0,'f')))
-/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
+#if OPENSSL_VERSION_NUMBER <  OPENSSL_V(1,0,0,'f')
+/* This is a version of OpenSSL before 1.0.0f. It does not have
  * the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
  * SSL3 safely at the same time.
  */
@@ -116,36 +108,6 @@
 #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
 #endif
 
-/** Does the run-time openssl version look like we need
- * SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
-static int use_unsafe_renegotiation_op = 0;
-/** Does the run-time openssl version look like we need
- * SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
-static int use_unsafe_renegotiation_flag = 0;
-
-/** Structure that we use for a single certificate. */
-struct tor_cert_t {
-  X509 *cert;
-  uint8_t *encoded;
-  size_t encoded_len;
-  unsigned pkey_digests_set : 1;
-  digests_t cert_digests;
-  digests_t pkey_digests;
-};
-
-/** Holds a SSL_CTX object and related state used to configure TLS
- * connections.
- */
-typedef struct tor_tls_context_t {
-  int refcnt;
-  SSL_CTX *ctx;
-  tor_cert_t *my_link_cert;
-  tor_cert_t *my_id_cert;
-  tor_cert_t *my_auth_cert;
-  crypto_pk_t *link_key;
-  crypto_pk_t *auth_key;
-} tor_tls_context_t;
-
 /** Return values for tor_tls_classify_client_ciphers.
  *
  * @{
@@ -164,70 +126,12 @@ typedef struct tor_tls_context_t {
 #define CIPHERS_UNRESTRICTED 3
 /** @} */
 
-#define TOR_TLS_MAGIC 0x71571571
-
-typedef enum {
-    TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE,
-    TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE,
-    TOR_TLS_ST_BUFFEREVENT
-} tor_tls_state_t;
-#define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
-
-/** Holds a SSL object and its associated data.  Members are only
- * accessed from within tortls.c.
- */
-struct tor_tls_t {
-  uint32_t magic;
-  tor_tls_context_t *context; /** A link to the context object for this tls. */
-  SSL *ssl; /**< An OpenSSL SSL object. */
-  int socket; /**< The underlying file descriptor for this TLS connection. */
-  char *address; /**< An address to log when describing this connection. */
-  tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
-                                       * depending on which operations
-                                       * have completed successfully. */
-  unsigned int isServer:1; /**< True iff this is a server-side connection */
-  unsigned int wasV2Handshake:1; /**< True iff the original handshake for
-                                  * this connection used the updated version
-                                  * of the connection protocol (client sends
-                                  * different cipher list, server sends only
-                                  * one certificate). */
-  /** True iff we should call negotiated_callback when we're done reading. */
-  unsigned int got_renegotiate:1;
-  /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't
-   * called that function yet. */
-  int8_t client_cipher_list_type;
-  /** Incremented every time we start the server side of a handshake. */
-  uint8_t server_handshake_count;
-  size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last
-                       * time. */
-  /** Last values retrieved from BIO_number_read()/write(); see
-   * tor_tls_get_n_raw_bytes() for usage.
-   */
-  unsigned long last_write_count;
-  unsigned long last_read_count;
-  /** If set, a callback to invoke whenever the client tries to renegotiate
-   * the handshake. */
-  void (*negotiated_callback)(tor_tls_t *tls, void *arg);
-  /** Argument to pass to negotiated_callback. */
-  void *callback_arg;
-};
-
-#ifdef V2_HANDSHAKE_CLIENT
-/** An array of fake SSL_CIPHER objects that we use in order to trick OpenSSL
- * in client mode into advertising the ciphers we want.  See
- * rectify_client_ciphers() for details. */
-static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL;
-/** A stack of SSL_CIPHER objects, some real, some fake.
- * See rectify_client_ciphers() for details. */
-static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL;
-#endif
-
 /** The ex_data index in which we store a pointer to an SSL object's
  * corresponding tor_tls_t object. */
-static int tor_tls_object_ex_data_index = -1;
+STATIC int tor_tls_object_ex_data_index = -1;
 
 /** Helper: Allocate tor_tls_object_ex_data_index. */
-static void
+STATIC void
 tor_tls_allocate_tor_tls_object_ex_data_index(void)
 {
   if (tor_tls_object_ex_data_index == -1) {
@@ -239,7 +143,7 @@ tor_tls_allocate_tor_tls_object_ex_data_index(void)
 
 /** Helper: given a SSL* pointer, return the tor_tls_t object using that
  * pointer. */
-static INLINE tor_tls_t *
+STATIC tor_tls_t *
 tor_tls_get_by_ssl(const SSL *ssl)
 {
   tor_tls_t *result = SSL_get_ex_data(ssl, tor_tls_object_ex_data_index);
@@ -250,21 +154,7 @@ tor_tls_get_by_ssl(const SSL *ssl)
 
 static void tor_tls_context_decref(tor_tls_context_t *ctx);
 static void tor_tls_context_incref(tor_tls_context_t *ctx);
-static X509* tor_tls_create_certificate(crypto_pk_t *rsa,
-                                        crypto_pk_t *rsa_sign,
-                                        const char *cname,
-                                        const char *cname_sign,
-                                        unsigned int cert_lifetime);
-
-static int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
-                                    crypto_pk_t *identity,
-                                    unsigned int key_lifetime,
-                                    unsigned int flags,
-                                    int is_client);
-static tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
-                                              unsigned int key_lifetime,
-                                              unsigned int flags,
-                                              int is_client);
+
 static int check_cert_lifetime_internal(int severity, const X509 *cert,
                                    int past_tolerance, int future_tolerance);
 
@@ -272,8 +162,8 @@ static int check_cert_lifetime_internal(int severity, const X509 *cert,
  * to touch them.
  *
  * @{ */
-static tor_tls_context_t *server_tls_context = NULL;
-static tor_tls_context_t *client_tls_context = NULL;
+STATIC tor_tls_context_t *server_tls_context = NULL;
+STATIC tor_tls_context_t *client_tls_context = NULL;
 /**@}*/
 
 /** True iff tor_tls_init() has been called. */
@@ -338,7 +228,9 @@ tor_tls_log_one_error(tor_tls_t *tls, unsigned long err,
     case SSL_R_HTTP_REQUEST:
     case SSL_R_HTTPS_PROXY_REQUEST:
     case SSL_R_RECORD_LENGTH_MISMATCH:
+#ifndef OPENSSL_1_1_API
     case SSL_R_RECORD_TOO_LARGE:
+#endif
     case SSL_R_UNKNOWN_PROTOCOL:
     case SSL_R_UNSUPPORTED_PROTOCOL:
       severity = LOG_INFO;
@@ -367,7 +259,7 @@ tor_tls_log_one_error(tor_tls_t *tls, unsigned long err,
 /** Log all pending tls errors at level <b>severity</b> in log domain
  * <b>domain</b>.  Use <b>doing</b> to describe our current activities.
  */
-static void
+STATIC void
 tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
 {
   unsigned long err;
@@ -379,7 +271,7 @@ tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
 
 /** Convert an errno (or a WSAerrno on windows) into a TOR_TLS_* error
  * code. */
-static int
+STATIC int
 tor_errno_to_tls_error(int e)
 {
   switch (e) {
@@ -430,7 +322,7 @@ tor_tls_err_to_string(int err)
  * If an error has occurred, log it at level <b>severity</b> and describe the
  * current action as <b>doing</b>.
  */
-static int
+STATIC int
 tor_tls_get_error(tor_tls_t *tls, int r, int extra,
                   const char *doing, int severity, int domain)
 {
@@ -478,66 +370,17 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra,
 static void
 tor_tls_init(void)
 {
+  check_no_tls_errors();
+
   if (!tls_library_is_initialized) {
-    long version;
     SSL_library_init();
     SSL_load_error_strings();
 
-    version = SSLeay();
-
-    /* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-     * here, but without thinking too hard about it: it turns out that the
-     * flag in question needed to be set at the last minute, and that it
-     * conflicted with an existing flag number that had already been added
-     * in the OpenSSL 1.0.0 betas.  OpenSSL 0.9.8m thoughtfully replaced
-     * the flag with an option and (it seems) broke anything that used
-     * SSL3_FLAGS_* for the purpose.  So we need to know how to do both,
-     * and we mustn't use the SSL3_FLAGS option with anything besides
-     * OpenSSL 0.9.8l.
-     *
-     * No, we can't just set flag 0x0010 everywhere.  It breaks Tor with
-     * OpenSSL 1.0.0beta3 and later.  On the other hand, we might be able to
-     * set option 0x00040000L everywhere.
-     *
-     * No, we can't simply detect whether the flag or the option is present
-     * in the headers at build-time: some vendors (notably Apple) like to
-     * leave their headers out of sync with their libraries.
-     *
-     * Yes, it _is_ almost as if the OpenSSL developers decided that no
-     * program should be allowed to use renegotiation unless it first passed
-     * a test of intelligence and determination.
-     */
-    if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
-      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
-                 "some vendors have backported renegotiation code from "
-                 "0.9.8m without updating the version number. "
-                 "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
-                 SSLeay_version(SSLEAY_VERSION));
-      use_unsafe_renegotiation_flag = 1;
-      use_unsafe_renegotiation_op = 1;
-    } else if (version > OPENSSL_V(0,9,8,'l')) {
-      log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
-                 "I will try SSL_OP to enable renegotiation",
-                 SSLeay_version(SSLEAY_VERSION));
-      use_unsafe_renegotiation_op = 1;
-    } else if (version <= OPENSSL_V(0,9,8,'k')) {
-      log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
-                 "0.9.8l, but some vendors have backported 0.9.8l's "
-                 "renegotiation code to earlier versions, and some have "
-                 "backported the code from 0.9.8m or 0.9.8n.  I'll set both "
-                 "SSL3_FLAGS and SSL_OP just to be safe.",
-                 SSLeay_version(SSLEAY_VERSION), version);
-      use_unsafe_renegotiation_flag = 1;
-      use_unsafe_renegotiation_op = 1;
-    } else {
-      /* this is dead code, yes? */
-      log_info(LD_GENERAL, "OpenSSL %s has version %lx",
-               SSLeay_version(SSLEAY_VERSION), version);
-    }
-
 #if (SIZEOF_VOID_P >= 8 &&                              \
-     !defined(OPENSSL_NO_EC) &&                         \
      OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
+    long version = OpenSSL_version_num();
+
+    /* LCOV_EXCL_START : we can't test these lines on the same machine */
     if (version >= OPENSSL_V_SERIES(1,0,1)) {
       /* Warn if we could *almost* be running with much faster ECDH.
          If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
@@ -564,6 +407,7 @@ tor_tls_init(void)
                    "support (using the enable-ec_nistp_64_gcc_128 option "
                    "when configuring it) would make ECDH much faster.");
     }
+    /* LCOV_EXCL_STOP */
 #endif
 
     tor_tls_allocate_tor_tls_object_ex_data_index();
@@ -576,6 +420,8 @@ tor_tls_init(void)
 void
 tor_tls_free_all(void)
 {
+  check_no_tls_errors();
+
   if (server_tls_context) {
     tor_tls_context_t *ctx = server_tls_context;
     server_tls_context = NULL;
@@ -586,19 +432,13 @@ tor_tls_free_all(void)
     client_tls_context = NULL;
     tor_tls_context_decref(ctx);
   }
-#ifdef V2_HANDSHAKE_CLIENT
-  if (CLIENT_CIPHER_DUMMIES)
-    tor_free(CLIENT_CIPHER_DUMMIES);
-  if (CLIENT_CIPHER_STACK)
-    sk_SSL_CIPHER_free(CLIENT_CIPHER_STACK);
-#endif
 }
 
 /** We need to give OpenSSL a callback to verify certificates. This is
  * it: We always accept peer certs and complete the handshake.  We
  * don't validate them until later.
  */
-static int
+STATIC int
 always_accept_verify_cb(int preverify_ok,
                         X509_STORE_CTX *x509_ctx)
 {
@@ -613,16 +453,20 @@ tor_x509_name_new(const char *cname)
 {
   int nid;
   X509_NAME *name;
+  /* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */
   if (!(name = X509_NAME_new()))
     return NULL;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
                                    (unsigned char*)cname, -1, -1, 0)))
     goto error;
+  /* LCOV_EXCL_BR_STOP */
   return name;
  error:
+  /* LCOV_EXCL_START : these lines will only execute on out of memory errors*/
   X509_NAME_free(name);
   return NULL;
+  /* LCOV_EXCL_STOP */
 }
 
 /** Generate and sign an X509 certificate with the public key <b>rsa</b>,
@@ -633,12 +477,12 @@ tor_x509_name_new(const char *cname)
  *
  * Return a certificate on success, NULL on failure.
  */
-static X509 *
-tor_tls_create_certificate(crypto_pk_t *rsa,
-                           crypto_pk_t *rsa_sign,
-                           const char *cname,
-                           const char *cname_sign,
-                           unsigned int cert_lifetime)
+MOCK_IMPL(STATIC X509 *,
+          tor_tls_create_certificate,(crypto_pk_t *rsa,
+                                      crypto_pk_t *rsa_sign,
+                                      const char *cname,
+                                      const char *cname_sign,
+                                      unsigned int cert_lifetime))
 {
   /* OpenSSL generates self-signed certificates with random 64-bit serial
    * numbers, so let's do that too. */
@@ -657,7 +501,8 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
    * than having it start right now. Don't choose quite uniformly, since
    * then we might pick a time where we're about to expire. Lastly, be
    * sure to start on a day boundary. */
-  start_time = time(NULL) - crypto_rand_int(cert_lifetime) + 2*24*3600;
+  time_t now = time(NULL);
+  start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600;
   start_time -= start_time % (24*3600);
 
   tor_assert(rsa);
@@ -674,8 +519,7 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
     goto error;
 
   { /* our serial number is 8 random bytes. */
-    if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
-      goto error;
+    crypto_rand((char *)serial_tmp, sizeof(serial_tmp));
     if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
       goto error;
     if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
@@ -781,13 +625,12 @@ const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
  * (SSL3_TXT_RSA_NULL_SHA).  If you do this, you won't be able to communicate
  * with any of the "real" Tors, though. */
 
-#ifdef V2_HANDSHAKE_CLIENT
 #define CIPHER(id, name) name ":"
 #define XCIPHER(id, name)
 /** List of ciphers that clients should advertise, omitting items that
  * our OpenSSL doesn't know about. */
 static const char CLIENT_CIPHER_LIST[] =
-#include "./ciphers.inc"
+#include "ciphers.inc"
   /* Tell it not to use SSLv2 ciphers, so that it can select an SSLv3 version
    * of any cipher we say. */
   "!SSLv2"
@@ -795,32 +638,9 @@ static const char CLIENT_CIPHER_LIST[] =
 #undef CIPHER
 #undef XCIPHER
 
-/** Holds a cipher that we want to advertise, and its 2-byte ID. */
-typedef struct cipher_info_t { unsigned id; const char *name; } cipher_info_t;
-/** A list of all the ciphers that clients should advertise, including items
- * that OpenSSL might not know about. */
-static const cipher_info_t CLIENT_CIPHER_INFO_LIST[] = {
-#define CIPHER(id, name) { id, name },
-#define XCIPHER(id, name) { id, #name },
-#include "./ciphers.inc"
-#undef CIPHER
-#undef XCIPHER
-};
-
-/** The length of CLIENT_CIPHER_INFO_LIST and CLIENT_CIPHER_DUMMIES. */
-static const int N_CLIENT_CIPHERS =
-  sizeof(CLIENT_CIPHER_INFO_LIST)/sizeof(CLIENT_CIPHER_INFO_LIST[0]);
-#endif
-
-#ifndef V2_HANDSHAKE_CLIENT
-#undef CLIENT_CIPHER_LIST
-#define CLIENT_CIPHER_LIST  (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":"      \
-                             SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
-#endif
-
 /** Free all storage held in <b>cert</b> */
 void
-tor_cert_free(tor_cert_t *cert)
+tor_x509_cert_free(tor_x509_cert_t *cert)
 {
   if (! cert)
     return;
@@ -828,18 +648,20 @@ tor_cert_free(tor_cert_t *cert)
     X509_free(cert->cert);
   tor_free(cert->encoded);
   memwipe(cert, 0x03, sizeof(*cert));
+  /* LCOV_EXCL_BR_START since cert will never be NULL here */
   tor_free(cert);
+  /* LCOV_EXCL_BR_STOP */
 }
 
 /**
- * Allocate a new tor_cert_t to hold the certificate "x509_cert".
+ * Allocate a new tor_x509_cert_t to hold the certificate "x509_cert".
  *
  * Steals a reference to x509_cert.
  */
-static tor_cert_t *
-tor_cert_new(X509 *x509_cert)
+MOCK_IMPL(STATIC tor_x509_cert_t *,
+          tor_x509_cert_new,(X509 *x509_cert))
 {
-  tor_cert_t *cert;
+  tor_x509_cert_t *cert;
   EVP_PKEY *pkey;
   RSA *rsa;
   int length;
@@ -849,12 +671,14 @@ tor_cert_new(X509 *x509_cert)
     return NULL;
 
   length = i2d_X509(x509_cert, &buf);
-  cert = tor_malloc_zero(sizeof(tor_cert_t));
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
   if (length <= 0 || buf == NULL) {
+    /* LCOV_EXCL_START for the same reason as the exclusion above */
     tor_free(cert);
     log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
     X509_free(x509_cert);
     return NULL;
+    /* LCOV_EXCL_STOP */
   }
   cert->encoded_len = (size_t) length;
   cert->encoded = tor_malloc(length);
@@ -863,13 +687,13 @@ tor_cert_new(X509 *x509_cert)
 
   cert->cert = x509_cert;
 
-  crypto_digest_all(&cert->cert_digests,
+  crypto_common_digests(&cert->cert_digests,
                     (char*)cert->encoded, cert->encoded_len);
 
   if ((pkey = X509_get_pubkey(x509_cert)) &&
       (rsa = EVP_PKEY_get1_RSA(pkey))) {
     crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa);
-    crypto_pk_get_all_digests(pk, &cert->pkey_digests);
+    crypto_pk_get_common_digests(pk, &cert->pkey_digests);
     cert->pkey_digests_set = 1;
     crypto_pk_free(pk);
     EVP_PKEY_free(pkey);
@@ -879,44 +703,48 @@ tor_cert_new(X509 *x509_cert)
 }
 
 /** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>,
- * from a <b>certificate</b>.  Return a newly allocated tor_cert_t on success
- * and NULL on failure. */
-tor_cert_t *
-tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
+ * from a <b>certificate</b>.  Return a newly allocated tor_x509_cert_t on
+ * success and NULL on failure. */
+tor_x509_cert_t *
+tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
 {
   X509 *x509;
   const unsigned char *cp = (const unsigned char *)certificate;
-  tor_cert_t *newcert;
+  tor_x509_cert_t *newcert;
   tor_assert(certificate);
+  check_no_tls_errors();
 
   if (certificate_len > INT_MAX)
-    return NULL;
+    goto err;
 
   x509 = d2i_X509(NULL, &cp, (int)certificate_len);
 
   if (!x509)
-    return NULL; /* Couldn't decode */
+    goto err; /* Couldn't decode */
   if (cp - certificate != (int)certificate_len) {
     X509_free(x509);
-    return NULL; /* Didn't use all the bytes */
+    goto err; /* Didn't use all the bytes */
   }
-  newcert = tor_cert_new(x509);
+  newcert = tor_x509_cert_new(x509);
   if (!newcert) {
-    return NULL;
+    goto err;
   }
   if (newcert->encoded_len != certificate_len ||
       fast_memneq(newcert->encoded, certificate, certificate_len)) {
     /* Cert wasn't in DER */
-    tor_cert_free(newcert);
-    return NULL;
+    tor_x509_cert_free(newcert);
+    goto err;
   }
   return newcert;
+ err:
+  tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "decoding a certificate");
+  return NULL;
 }
 
 /** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
  * representation and length, respectively. */
 void
-tor_cert_get_der(const tor_cert_t *cert,
+tor_x509_cert_get_der(const tor_x509_cert_t *cert,
                  const uint8_t **encoded_out, size_t *size_out)
 {
   tor_assert(cert);
@@ -928,8 +756,8 @@ tor_cert_get_der(const tor_cert_t *cert,
 
 /** Return a set of digests for the public key in <b>cert</b>, or NULL if this
  * cert's public key is not one we know how to take the digest of. */
-const digests_t *
-tor_cert_get_id_digests(const tor_cert_t *cert)
+const common_digests_t *
+tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
 {
   if (cert->pkey_digests_set)
     return &cert->pkey_digests;
@@ -938,8 +766,8 @@ tor_cert_get_id_digests(const tor_cert_t *cert)
 }
 
 /** Return a set of digests for the public key in <b>cert</b>. */
-const digests_t *
-tor_cert_get_cert_digests(const tor_cert_t *cert)
+const common_digests_t *
+tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
 {
   return &cert->cert_digests;
 }
@@ -952,12 +780,14 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
   tor_assert(ctx);
   if (--ctx->refcnt == 0) {
     SSL_CTX_free(ctx->ctx);
-    tor_cert_free(ctx->my_link_cert);
-    tor_cert_free(ctx->my_id_cert);
-    tor_cert_free(ctx->my_auth_cert);
+    tor_x509_cert_free(ctx->my_link_cert);
+    tor_x509_cert_free(ctx->my_id_cert);
+    tor_x509_cert_free(ctx->my_auth_cert);
     crypto_pk_free(ctx->link_key);
     crypto_pk_free(ctx->auth_key);
+    /* LCOV_EXCL_BR_START since ctx will never be NULL here */
     tor_free(ctx);
+    /* LCOV_EXCL_BR_STOP */
   }
 }
 
@@ -968,8 +798,8 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
  * client mode. */
 int
 tor_tls_get_my_certs(int server,
-                     const tor_cert_t **link_cert_out,
-                     const tor_cert_t **id_cert_out)
+                     const tor_x509_cert_t **link_cert_out,
+                     const tor_x509_cert_t **id_cert_out)
 {
   tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context;
   if (! ctx)
@@ -998,7 +828,7 @@ tor_tls_get_my_client_auth_key(void)
  * certifies.  Return NULL if the cert's key is not RSA.
  */
 crypto_pk_t *
-tor_tls_cert_get_key(tor_cert_t *cert)
+tor_tls_cert_get_key(tor_x509_cert_t *cert)
 {
   crypto_pk_t *result = NULL;
   EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
@@ -1018,8 +848,8 @@ tor_tls_cert_get_key(tor_cert_t *cert)
 /** Return true iff the other side of <b>tls</b> has authenticated to us, and
  * the key certified in <b>cert</b> is the same as the key they used to do it.
  */
-int
-tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
+MOCK_IMPL(int,
+tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
 {
   X509 *peercert = SSL_get_peer_certificate(tls->ssl);
   EVP_PKEY *link_key = NULL, *cert_key = NULL;
@@ -1048,37 +878,46 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
  * we couldn't check it. */
 int
 tor_tls_cert_is_valid(int severity,
-                      const tor_cert_t *cert,
-                      const tor_cert_t *signing_cert,
+                      const tor_x509_cert_t *cert,
+                      const tor_x509_cert_t *signing_cert,
                       int check_rsa_1024)
 {
+  check_no_tls_errors();
   EVP_PKEY *cert_key;
-  EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert);
   int r, key_ok = 0;
+
+  if (!signing_cert || !cert)
+    goto bad;
+
+  EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert);
   if (!signing_key)
-    return 0;
+    goto bad;
   r = X509_verify(cert->cert, signing_key);
   EVP_PKEY_free(signing_key);
   if (r <= 0)
-    return 0;
+    goto bad;
 
   /* okay, the signature checked out right.  Now let's check the check the
    * lifetime. */
   if (check_cert_lifetime_internal(severity, cert->cert,
                                    48*60*60, 30*24*60*60) < 0)
-    return 0;
+    goto bad;
 
   cert_key = X509_get_pubkey(cert->cert);
   if (check_rsa_1024 && cert_key) {
     RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
+#ifdef OPENSSL_1_1_API
+    if (rsa && RSA_bits(rsa) == 1024)
+#else
     if (rsa && BN_num_bits(rsa->n) == 1024)
+#endif
       key_ok = 1;
     if (rsa)
       RSA_free(rsa);
   } else if (cert_key) {
     int min_bits = 1024;
 #ifdef EVP_PKEY_EC
-    if (EVP_PKEY_type(cert_key->type) == EVP_PKEY_EC)
+    if (EVP_PKEY_base_id(cert_key) == EVP_PKEY_EC)
       min_bits = 128;
 #endif
     if (EVP_PKEY_bits(cert_key) >= min_bits)
@@ -1086,11 +925,14 @@ tor_tls_cert_is_valid(int severity,
   }
   EVP_PKEY_free(cert_key);
   if (!key_ok)
-    return 0;
+    goto bad;
 
   /* XXXX compare DNs or anything? */
 
   return 1;
+ bad:
+  tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "checking a certificate");
+  return 0;
 }
 
 /** Increase the reference count of <b>ctx</b>. */
@@ -1117,6 +959,7 @@ tor_tls_context_init(unsigned flags,
   int rv1 = 0;
   int rv2 = 0;
   const int is_public_server = flags & TOR_TLS_CTX_IS_PUBLIC_SERVER;
+  check_no_tls_errors();
 
   if (is_public_server) {
     tor_tls_context_t *new_ctx;
@@ -1161,6 +1004,7 @@ tor_tls_context_init(unsigned flags,
                                    1);
   }
 
+  tls_log_errors(NULL, LOG_WARN, LD_CRYPTO, "constructing a TLS context");
   return MIN(rv1, rv2);
 }
 
@@ -1170,7 +1014,7 @@ tor_tls_context_init(unsigned flags,
  * it generates new certificates; all new connections will use
  * the new SSL context.
  */
-static int
+STATIC int
 tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                          crypto_pk_t *identity,
                          unsigned int key_lifetime,
@@ -1197,11 +1041,14 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
   return ((new_ctx != NULL) ? 0 : -1);
 }
 
+/** The group we should use for ecdhe when none was selected. */
+#define  NID_tor_default_ecdhe_group NID_X9_62_prime256v1
+
 /** Create a new TLS context for use with Tor TLS handshakes.
  * <b>identity</b> should be set to the identity key used to sign the
  * certificate.
  */
-static tor_tls_context_t *
+STATIC tor_tls_context_t *
 tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
                     unsigned flags, int is_client)
 {
@@ -1249,9 +1096,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   result = tor_malloc_zero(sizeof(tor_tls_context_t));
   result->refcnt = 1;
   if (!is_client) {
-    result->my_link_cert = tor_cert_new(X509_dup(cert));
-    result->my_id_cert = tor_cert_new(X509_dup(idcert));
-    result->my_auth_cert = tor_cert_new(X509_dup(authcert));
+    result->my_link_cert = tor_x509_cert_new(X509_dup(cert));
+    result->my_id_cert = tor_x509_cert_new(X509_dup(idcert));
+    result->my_auth_cert = tor_x509_cert_new(X509_dup(authcert));
     if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
       goto error;
     result->link_key = crypto_pk_dup_key(rsa);
@@ -1268,8 +1115,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 #endif
 
   /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
+#ifdef HAVE_TLS_METHOD
+  if (!(result->ctx = SSL_CTX_new(TLS_method())))
+    goto error;
+#else
   if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
     goto error;
+#endif
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
 
@@ -1277,23 +1129,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   * historically been chosen for fingerprinting resistance. */
   SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 
-  /* Disable TLS1.1 and TLS1.2 if they exist.  We need to do this to
-   * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1
-   * June 2012), wherein renegotiating while using one of these TLS
-   * protocols will cause the client to send a TLS 1.0 ServerHello
-   * rather than a ServerHello written with the appropriate protocol
-   * version.  Once some version of OpenSSL does TLS1.1 and TLS1.2
-   * renegotiation properly, we can turn them back on when built with
-   * that version. */
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e')
-#ifdef SSL_OP_NO_TLSv1_2
-  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
-#endif
-#ifdef SSL_OP_NO_TLSv1_1
-  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
-#endif
-#endif
-
   /* Disable TLS tickets if they're supported.  We never want to use them;
    * using them can make our perfect forward secrecy a little worse, *and*
    * create an opportunity to fingerprint us (since it's unusual to use them
@@ -1310,24 +1145,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   }
 #endif
 
-  /* XXX This block is now obsolete. */
-  if (
-#ifdef DISABLE_SSL3_HANDSHAKE
-      1 ||
-#endif
-      SSLeay()  <  OPENSSL_V(0,9,8,'s') ||
-      (SSLeay() >= OPENSSL_V_SERIES(0,9,9) &&
-       SSLeay() <  OPENSSL_V(1,0,0,'f'))) {
-    /* And not SSL3 if it's subject to CVE-2011-4576. */
-    log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
-             "might otherwise be vulnerable to CVE-2011-4576 "
-             "(compile-time version %08lx (%s); "
-             "runtime version %08lx (%s))",
-             (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
-             (unsigned long)SSLeay(), SSLeay_version(SSLEAY_VERSION));
-    SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
-  }
-
   SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
   SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_ECDH_USE);
 
@@ -1338,16 +1155,21 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   /* Yes, we know what we are doing here.  No, we do not treat a renegotiation
    * as authenticating any earlier-received data.
    */
-  if (use_unsafe_renegotiation_op) {
+  {
     SSL_CTX_set_options(result->ctx,
                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
   }
+#ifdef SSL_OP_NO_COMPRESSION
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
+#endif
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
 #ifndef OPENSSL_NO_COMP
   /* Don't actually allow compression; it uses ram and time, but the data
    * we transmit is all encrypted anyway. */
   if (result->ctx->comp_methods)
     result->ctx->comp_methods = NULL;
 #endif
+#endif
 #ifdef SSL_MODE_RELEASE_BUFFERS
   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif
@@ -1382,8 +1204,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh));
     crypto_dh_free(dh);
   }
-#if (!defined(OPENSSL_NO_EC) &&                         \
-     OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0))
   if (! is_client) {
     int nid;
     EC_KEY *ec_key;
@@ -1392,16 +1212,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
       nid = NID_X9_62_prime256v1;
     else
-      nid = NID_X9_62_prime256v1;
+      nid = NID_tor_default_ecdhe_group;
     /* Use P-256 for ECDHE. */
     ec_key = EC_KEY_new_by_curve_name(nid);
     if (ec_key != NULL) /*XXXX Handle errors? */
       SSL_CTX_set_tmp_ecdh(result->ctx, ec_key);
     EC_KEY_free(ec_key);
   }
-#else
-  (void)flags;
-#endif
   SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
                      always_accept_verify_cb);
   /* let us realloc bufs that we're writing from */
@@ -1438,11 +1255,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 }
 
 /** Invoked when a TLS state changes: log the change at severity 'debug' */
-static void
+STATIC void
 tor_tls_debug_state_callback(const SSL *ssl, int type, int val)
 {
+  /* LCOV_EXCL_START since this depends on whether debug is captured or not */
   log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].",
             ssl, SSL_state_string_long(ssl), type, val);
+  /* LCOV_EXCL_STOP */
 }
 
 /* Return the name of the negotiated ciphersuite in use on <b>tls</b> */
@@ -1452,13 +1271,11 @@ tor_tls_get_ciphersuite_name(tor_tls_t *tls)
   return SSL_get_cipher(tls->ssl);
 }
 
-#ifdef V2_HANDSHAKE_SERVER
-
 /* Here's the old V2 cipher list we sent from 0.2.1.1-alpha up to
  * 0.2.3.17-beta. If a client is using this list, we can't believe the ciphers
  * that it claims to support.  We'll prune this list to remove the ciphers
  * *we* don't recognize. */
-static uint16_t v2_cipher_list[] = {
+STATIC uint16_t v2_cipher_list[] = {
   0xc00a, /* TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
   0xc014, /* TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA */
   0x0039, /* TLS1_TXT_DHE_RSA_WITH_AES_256_SHA */
@@ -1494,11 +1311,27 @@ static int v2_cipher_list_pruned = 0;
 
 /** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
  * return 1 if it does support it, or if we have no way to tell. */
-static int
-find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
+STATIC int
+find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
 {
   const SSL_CIPHER *c;
-#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
+#ifdef HAVE_SSL_CIPHER_FIND
+  (void) m;
+  {
+    unsigned char cipherid[3];
+    tor_assert(ssl);
+    set_uint16(cipherid, htons(cipher));
+    cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
+                      * with a two-byte 'cipherid', it may look for a v2
+                      * cipher with the appropriate 3 bytes. */
+    c = SSL_CIPHER_find((SSL*)ssl, cipherid);
+    if (c)
+      tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher);
+    return c != NULL;
+  }
+#else
+
+# if defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
   if (m && m->get_cipher_by_char) {
     unsigned char cipherid[3];
     set_uint16(cipherid, htons(cipher));
@@ -1509,8 +1342,9 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
     if (c)
       tor_assert((c->id & 0xffff) == cipher);
     return c != NULL;
-  } else
-#endif
+  }
+# endif
+# ifndef OPENSSL_1_1_API
   if (m && m->get_cipher && m->num_ciphers) {
     /* It would seem that some of the "let's-clean-up-openssl" forks have
      * removed the get_cipher_by_char function.  Okay, so now you get a
@@ -1524,23 +1358,31 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
       }
     }
     return 0;
-  } else {
-    return 1; /* No way to search */
   }
+# endif
+  (void) ssl;
+  (void) m;
+  (void) cipher;
+  return 1; /* No way to search */
+#endif
 }
 
 /** Remove from v2_cipher_list every cipher that we don't support, so that
  * comparing v2_cipher_list to a client's cipher list will give a sensible
  * result. */
 static void
-prune_v2_cipher_list(void)
+prune_v2_cipher_list(const SSL *ssl)
 {
   uint16_t *inp, *outp;
+#ifdef HAVE_TLS_METHOD
+  const SSL_METHOD *m = TLS_method();
+#else
   const SSL_METHOD *m = SSLv23_method();
+#endif
 
   inp = outp = v2_cipher_list;
   while (*inp) {
-    if (find_cipher_by_id(m, *inp)) {
+    if (find_cipher_by_id(ssl, m, *inp)) {
       *outp++ = *inp++;
     } else {
       inp++;
@@ -1555,14 +1397,14 @@ prune_v2_cipher_list(void)
  * client it is.  Return one of CIPHERS_ERR, CIPHERS_V1, CIPHERS_V2,
  * CIPHERS_UNRESTRICTED.
  **/
-static int
+STATIC int
 tor_tls_classify_client_ciphers(const SSL *ssl,
                                 STACK_OF(SSL_CIPHER) *peer_ciphers)
 {
   int i, res;
   tor_tls_t *tor_tls;
   if (PREDICT_UNLIKELY(!v2_cipher_list_pruned))
-    prune_v2_cipher_list();
+    prune_v2_cipher_list(ssl);
 
   tor_tls = tor_tls_get_by_ssl(ssl);
   if (tor_tls && tor_tls->client_cipher_list_type)
@@ -1578,7 +1420,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
   /* Now we need to see if there are any ciphers whose presence means we're
    * dealing with an updated Tor. */
   for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) {
-    SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
+    const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
     const char *ciphername = SSL_CIPHER_get_name(cipher);
     if (strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) &&
         strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) &&
@@ -1595,8 +1437,8 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
   {
     const uint16_t *v2_cipher = v2_cipher_list;
     for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) {
-      SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
-      uint16_t id = cipher->id & 0xffff;
+      const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
+      uint16_t id = SSL_CIPHER_get_id(cipher) & 0xffff;
       if (id == 0x00ff) /* extended renegotiation indicator. */
         continue;
       if (!id || id != *v2_cipher) {
@@ -1617,7 +1459,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
     smartlist_t *elts = smartlist_new();
     char *s;
     for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) {
-      SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
+      const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
       const char *ciphername = SSL_CIPHER_get_name(cipher);
       smartlist_add(elts, (char*)ciphername);
     }
@@ -1637,16 +1479,22 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
 /** Return true iff the cipher list suggested by the client for <b>ssl</b> is
  * a list that indicates that the client knows how to do the v2 TLS connection
  * handshake. */
-static int
+STATIC int
 tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
 {
+  STACK_OF(SSL_CIPHER) *ciphers;
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+  ciphers = SSL_get_client_ciphers(ssl);
+#else
   SSL_SESSION *session;
   if (!(session = SSL_get_session((SSL *)ssl))) {
     log_info(LD_NET, "No session on TLS?");
     return CIPHERS_ERR;
   }
+  ciphers = session->ciphers;
+#endif
 
-  return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
+  return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
 }
 
 /** Invoked when we're accepting a connection on <b>ssl</b>, and the connection
@@ -1655,7 +1503,7 @@ tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
  *         do not send or request extra certificates in v2 handshakes.</li>
  * <li>To detect renegotiation</li></ul>
  */
-static void
+STATIC void
 tor_tls_server_info_callback(const SSL *ssl, int type, int val)
 {
   tor_tls_t *tls;
@@ -1665,10 +1513,10 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
 
   if (type != SSL_CB_ACCEPT_LOOP)
     return;
-  if ((ssl->state != SSL3_ST_SW_SRVR_HELLO_A) &&
-      (ssl->state != SSL3_ST_SW_SRVR_HELLO_B))
-    return;
 
+  OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl);
+  if (! STATE_IS_SW_SERVER_HELLO(ssl_state))
+    return;
   tls = tor_tls_get_by_ssl(ssl);
   if (tls) {
     /* Check whether we're watching for renegotiates.  If so, this is one! */
@@ -1697,18 +1545,14 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
 
     if (tls) {
       tls->wasV2Handshake = 1;
-#ifdef USE_BUFFEREVENTS
-      if (use_unsafe_renegotiation_flag)
-        tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-#endif
     } else {
+      /* LCOV_EXCL_START this line is not reachable */
       log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!");
+      /* LCOV_EXCL_STOP */
     }
   }
 }
-#endif
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
 /** Callback to get invoked on a server after we've read the list of ciphers
  * the client supports, but before we pick our own ciphersuite.
  *
@@ -1721,10 +1565,11 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
  * authentication on the fly.  But as long as we return 0, we won't actually be
  * setting up a shared secret, and all will be fine.
  */
-static int
+STATIC int
 tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len,
                           STACK_OF(SSL_CIPHER) *peer_ciphers,
-                          SSL_CIPHER **cipher, void *arg)
+                          CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher,
+                          void *arg)
 {
   (void) secret;
   (void) secret_len;
@@ -1746,128 +1591,6 @@ tor_tls_setup_session_secret_cb(tor_tls_t *tls)
 {
   SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
 }
-#else
-#define tor_tls_setup_session_secret_cb(tls) STMT_NIL
-#endif
-
-/** Explain which ciphers we're missing. */
-static void
-log_unsupported_ciphers(smartlist_t *unsupported)
-{
-  char *joined;
-
-  log_notice(LD_NET, "We weren't able to find support for all of the "
-             "TLS ciphersuites that we wanted to advertise. This won't "
-             "hurt security, but it might make your Tor (if run as a client) "
-             "more easy for censors to block.");
-
-  if (SSLeay() < 0x10000000L) {
-    log_notice(LD_NET, "To correct this, use a more recent OpenSSL, "
-               "built without disabling any secure ciphers or features.");
-  } else {
-    log_notice(LD_NET, "To correct this, use a version of OpenSSL "
-               "built with none of its ciphers disabled.");
-  }
-
-  joined = smartlist_join_strings(unsupported, ":", 0, NULL);
-  log_info(LD_NET, "The unsupported ciphers were: %s", joined);
-  tor_free(joined);
-}
-
-/** Replace *<b>ciphers</b> with a new list of SSL ciphersuites: specifically,
- * a list designed to mimic a common web browser.  We might not be able to do
- * that if OpenSSL doesn't support all the ciphers we want.  Some of the
- * ciphers in the list won't actually be implemented by OpenSSL: that's okay
- * so long as the server doesn't select them.
- *
- * [If the server <b>does</b> select a bogus cipher, we won't crash or
- * anything; we'll just fail later when we try to look up the cipher in
- * ssl->cipher_list_by_id.]
- */
-static void
-rectify_client_ciphers(STACK_OF(SSL_CIPHER) **ciphers)
-{
-#ifdef V2_HANDSHAKE_CLIENT
-  if (PREDICT_UNLIKELY(!CLIENT_CIPHER_STACK)) {
-    /* We need to set CLIENT_CIPHER_STACK to an array of the ciphers
-     * we want to use/advertise. */
-    int i = 0, j = 0;
-    smartlist_t *unsupported = smartlist_new();
-
-    /* First, create a dummy SSL_CIPHER for every cipher. */
-    CLIENT_CIPHER_DUMMIES =
-      tor_malloc_zero(sizeof(SSL_CIPHER)*N_CLIENT_CIPHERS);
-    for (i=0; i < N_CLIENT_CIPHERS; ++i) {
-      CLIENT_CIPHER_DUMMIES[i].valid = 1;
-      /* The "3<<24" here signifies that the cipher is supposed to work with
-       * SSL3 and TLS1. */
-      CLIENT_CIPHER_DUMMIES[i].id = CLIENT_CIPHER_INFO_LIST[i].id | (3<<24);
-      CLIENT_CIPHER_DUMMIES[i].name = CLIENT_CIPHER_INFO_LIST[i].name;
-    }
-
-    CLIENT_CIPHER_STACK = sk_SSL_CIPHER_new_null();
-    tor_assert(CLIENT_CIPHER_STACK);
-
-    log_debug(LD_NET, "List was: %s", CLIENT_CIPHER_LIST);
-    for (j = 0; j < sk_SSL_CIPHER_num(*ciphers); ++j) {
-      SSL_CIPHER *cipher = sk_SSL_CIPHER_value(*ciphers, j);
-      log_debug(LD_NET, "Cipher %d: %lx %s", j, cipher->id, cipher->name);
-    }
-
-    /* Then copy as many ciphers as we can from the good list, inserting
-     * dummies as needed. Let j be an index into list of ciphers we have
-     * (*ciphers) and let i be an index into the ciphers we want
-     * (CLIENT_INFO_CIPHER_LIST).  We are building a list of ciphers in
-     * CLIENT_CIPHER_STACK.
-     */
-    for (i = j = 0; i < N_CLIENT_CIPHERS; ) {
-      SSL_CIPHER *cipher = NULL;
-      if (j < sk_SSL_CIPHER_num(*ciphers))
-        cipher = sk_SSL_CIPHER_value(*ciphers, j);
-      if (cipher && ((cipher->id >> 24) & 0xff) != 3) {
-        /* Skip over non-v3 ciphers entirely.  (This should no longer be
-         * needed, thanks to saying !SSLv2 above.) */
-        log_debug(LD_NET, "Skipping v%d cipher %s",
-                  (int)((cipher->id>>24) & 0xff),
-                  cipher->name);
-        ++j;
-      } else if (cipher &&
-                 (cipher->id & 0xffff) == CLIENT_CIPHER_INFO_LIST[i].id) {
-        /* "cipher" is the cipher we expect. Put it on the list. */
-        log_debug(LD_NET, "Found cipher %s", cipher->name);
-        sk_SSL_CIPHER_push(CLIENT_CIPHER_STACK, cipher);
-        ++j;
-        ++i;
-      } else if (!strcmp(CLIENT_CIPHER_DUMMIES[i].name,
-                         "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA")) {
-        /* We found bogus cipher 0xfeff, which OpenSSL doesn't support and
-         * never has.  For this one, we need a dummy. */
-        log_debug(LD_NET, "Inserting fake %s", CLIENT_CIPHER_DUMMIES[i].name);
-        sk_SSL_CIPHER_push(CLIENT_CIPHER_STACK, &CLIENT_CIPHER_DUMMIES[i]);
-        ++i;
-      } else {
-        /* OpenSSL doesn't have this one. */
-        log_debug(LD_NET, "Completely omitting unsupported cipher %s",
-                  CLIENT_CIPHER_INFO_LIST[i].name);
-        smartlist_add(unsupported, (char*) CLIENT_CIPHER_INFO_LIST[i].name);
-        ++i;
-      }
-    }
-
-    if (smartlist_len(unsupported))
-      log_unsupported_ciphers(unsupported);
-
-    smartlist_free(unsupported);
-  }
-
-  sk_SSL_CIPHER_free(*ciphers);
-  *ciphers = sk_SSL_CIPHER_dup(CLIENT_CIPHER_STACK);
-  tor_assert(*ciphers);
-
-#else
-    (void)ciphers;
-#endif
-}
 
 /** Create a new TLS object from a file descriptor, and a flag to
  * determine whether it is functioning as a server.
@@ -1881,11 +1604,12 @@ tor_tls_new(int sock, int isServer)
     client_tls_context;
   result->magic = TOR_TLS_MAGIC;
 
+  check_no_tls_errors();
   tor_assert(context); /* make sure somebody made it first */
   if (!(result->ssl = SSL_new(context->ctx))) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object");
     tor_free(result);
-    return NULL;
+    goto err;
   }
 
 #ifdef SSL_set_tlsext_host_name
@@ -1905,10 +1629,8 @@ tor_tls_new(int sock, int isServer)
 #endif
     SSL_free(result->ssl);
     tor_free(result);
-    return NULL;
+    goto err;
   }
-  if (!isServer)
-    rectify_client_ciphers(&result->ssl->cipher_list);
   result->socket = sock;
   bio = BIO_new_socket(sock, BIO_NOCLOSE);
   if (! bio) {
@@ -1918,7 +1640,7 @@ tor_tls_new(int sock, int isServer)
 #endif
     SSL_free(result->ssl);
     tor_free(result);
-    return NULL;
+    goto err;
   }
   {
     int set_worked =
@@ -1934,24 +1656,25 @@ tor_tls_new(int sock, int isServer)
   result->state = TOR_TLS_ST_HANDSHAKE;
   result->isServer = isServer;
   result->wantwrite_n = 0;
-  result->last_write_count = BIO_number_written(bio);
-  result->last_read_count = BIO_number_read(bio);
+  result->last_write_count = (unsigned long) BIO_number_written(bio);
+  result->last_read_count = (unsigned long) BIO_number_read(bio);
   if (result->last_write_count || result->last_read_count) {
     log_warn(LD_NET, "Newly created BIO has read count %lu, write count %lu",
              result->last_read_count, result->last_write_count);
   }
-#ifdef V2_HANDSHAKE_SERVER
   if (isServer) {
     SSL_set_info_callback(result->ssl, tor_tls_server_info_callback);
-  } else
-#endif
-  {
+  } else {
     SSL_set_info_callback(result->ssl, tor_tls_debug_state_callback);
   }
 
   if (isServer)
     tor_tls_setup_session_secret_cb(result);
 
+  goto done;
+ err:
+  result = NULL;
+ done:
   /* Not expected to get called. */
   tls_log_errors(NULL, LOG_WARN, LD_NET, "creating tor_tls_t object");
   return result;
@@ -1980,13 +1703,11 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls,
   tls->negotiated_callback = cb;
   tls->callback_arg = arg;
   tls->got_renegotiate = 0;
-#ifdef V2_HANDSHAKE_SERVER
   if (cb) {
     SSL_set_info_callback(tls->ssl, tor_tls_server_info_callback);
   } else {
     SSL_set_info_callback(tls->ssl, tor_tls_debug_state_callback);
   }
-#endif
 }
 
 /** If this version of openssl requires it, turn on renegotiation on
@@ -1997,13 +1718,8 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls)
 {
   /* Yes, we know what we are doing here.  No, we do not treat a renegotiation
    * as authenticating any earlier-received data. */
-  if (use_unsafe_renegotiation_flag) {
-    tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-  }
-  if (use_unsafe_renegotiation_op) {
-    SSL_set_options(tls->ssl,
-                    SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
-  }
+  SSL_set_options(tls->ssl,
+                  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
 }
 
 /** If this version of openssl supports it, turn off renegotiation on
@@ -2013,21 +1729,24 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls)
 void
 tor_tls_block_renegotiation(tor_tls_t *tls)
 {
+#ifdef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
   tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+#else
+  (void) tls;
+#endif
 }
 
 /** Assert that the flags that allow legacy renegotiation are still set */
 void
 tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
 {
-  if (use_unsafe_renegotiation_flag) {
-    tor_assert(0 != (tls->ssl->s3->flags &
-                     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
-  }
-  if (use_unsafe_renegotiation_op) {
-    long options = SSL_get_options(tls->ssl);
-    tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
-  }
+#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \
+  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0
+  long options = SSL_get_options(tls->ssl);
+  tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
+#else
+  (void) tls;
+#endif
 }
 
 /** Return whether this tls initiated the connect (client) or
@@ -2070,8 +1789,8 @@ tor_tls_free(tor_tls_t *tls)
  * number of characters read.  On failure, returns TOR_TLS_ERROR,
  * TOR_TLS_CLOSE, TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
  */
-int
-tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
+MOCK_IMPL(int,
+tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
 {
   int r, err;
   tor_assert(tls);
@@ -2080,7 +1799,6 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
   tor_assert(len<INT_MAX);
   r = SSL_read(tls->ssl, cp, (int)len);
   if (r > 0) {
-#ifdef V2_HANDSHAKE_SERVER
     if (tls->got_renegotiate) {
       /* Renegotiation happened! */
       log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
@@ -2088,7 +1806,6 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
         tls->negotiated_callback(tls, tls->callback_arg);
       tls->got_renegotiate = 0;
     }
-#endif
     return r;
   }
   err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
@@ -2105,10 +1822,10 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
 
 /** Total number of bytes that we've used TLS to send.  Used to track TLS
  * overhead. */
-static uint64_t total_bytes_written_over_tls = 0;
+STATIC uint64_t total_bytes_written_over_tls = 0;
 /** Total number of bytes that TLS has put on the network for us. Used to
  * track TLS overhead. */
-static uint64_t total_bytes_written_by_tls = 0;
+STATIC uint64_t total_bytes_written_by_tls = 0;
 
 /** Underlying function for TLS writing.  Write up to <b>n</b>
  * characters from <b>cp</b> onto <b>tls</b>.  On success, returns the
@@ -2153,12 +1870,14 @@ int
 tor_tls_handshake(tor_tls_t *tls)
 {
   int r;
-  int oldstate;
   tor_assert(tls);
   tor_assert(tls->ssl);
   tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
+
   check_no_tls_errors();
-  oldstate = tls->ssl->state;
+
+  OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl);
+
   if (tls->isServer) {
     log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
               SSL_state_string_long(tls->ssl));
@@ -2168,7 +1887,10 @@ tor_tls_handshake(tor_tls_t *tls)
               SSL_state_string_long(tls->ssl));
     r = SSL_connect(tls->ssl);
   }
-  if (oldstate != tls->ssl->state)
+
+  OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl);
+
+  if (oldstate != newstate)
     log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
               tls, SSL_state_string_long(tls->ssl));
   /* We need to call this here and not earlier, since OpenSSL has a penchant
@@ -2199,12 +1921,11 @@ int
 tor_tls_finish_handshake(tor_tls_t *tls)
 {
   int r = TOR_TLS_DONE;
+  check_no_tls_errors();
   if (tls->isServer) {
     SSL_set_info_callback(tls->ssl, NULL);
     SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
-    /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
-    tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
-#ifdef V2_HANDSHAKE_SERVER
+    SSL_clear_mode(tls->ssl, SSL_MODE_NO_AUTO_CHAIN);
     if (tor_tls_client_is_using_v2_ciphers(tls->ssl)) {
       /* This check is redundant, but back when we did it in the callback,
        * we might have not been able to look up the tor_tls_t if the code
@@ -2219,78 +1940,19 @@ tor_tls_finish_handshake(tor_tls_t *tls)
     } else {
       tls->wasV2Handshake = 0;
     }
-#endif
   } else {
-#ifdef V2_HANDSHAKE_CLIENT
-    /* If we got no ID cert, we're a v2 handshake. */
-    X509 *cert = SSL_get_peer_certificate(tls->ssl);
-    STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
-    int n_certs = sk_X509_num(chain);
-    if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
-      log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
-                "looks like a v1 handshake on %p", tls);
-      tls->wasV2Handshake = 0;
-    } else {
-      log_debug(LD_HANDSHAKE,
-                "Server sent back a single certificate; looks like "
-                "a v2 handshake on %p.", tls);
-      tls->wasV2Handshake = 1;
-    }
-    if (cert)
-      X509_free(cert);
-#endif
+    /* Client-side */
+    tls->wasV2Handshake = 1;
+    /* XXXX this can move, probably? -NM */
     if (SSL_set_cipher_list(tls->ssl, SERVER_CIPHER_LIST) == 0) {
       tls_log_errors(NULL, LOG_WARN, LD_HANDSHAKE, "re-setting ciphers");
       r = TOR_TLS_ERROR_MISC;
     }
   }
+  tls_log_errors(NULL, LOG_WARN, LD_NET, "finishing the handshake");
   return r;
 }
 
-#ifdef USE_BUFFEREVENTS
-/** Put <b>tls</b>, which must be a client connection, into renegotiation
- * mode. */
-int
-tor_tls_start_renegotiating(tor_tls_t *tls)
-{
-  int r = SSL_renegotiate(tls->ssl);
-  if (r <= 0) {
-    return tor_tls_get_error(tls, r, 0, "renegotiating", LOG_WARN,
-                             LD_HANDSHAKE);
-  }
-  return 0;
-}
-#endif
-
-/** Client only: Renegotiate a TLS session.  When finished, returns
- * TOR_TLS_DONE.  On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, or
- * TOR_TLS_WANTWRITE.
- */
-int
-tor_tls_renegotiate(tor_tls_t *tls)
-{
-  int r;
-  tor_assert(tls);
-  /* We could do server-initiated renegotiation too, but that would be tricky.
-   * Instead of "SSL_renegotiate, then SSL_do_handshake until done" */
-  tor_assert(!tls->isServer);
-  if (tls->state != TOR_TLS_ST_RENEGOTIATE) {
-    int r = SSL_renegotiate(tls->ssl);
-    if (r <= 0) {
-      return tor_tls_get_error(tls, r, 0, "renegotiating", LOG_WARN,
-                               LD_HANDSHAKE);
-    }
-    tls->state = TOR_TLS_ST_RENEGOTIATE;
-  }
-  r = SSL_do_handshake(tls->ssl);
-  if (r == 1) {
-    tls->state = TOR_TLS_ST_OPEN;
-    return TOR_TLS_DONE;
-  } else
-    return tor_tls_get_error(tls, r, 0, "renegotiating handshake", LOG_INFO,
-                             LD_HANDSHAKE);
-}
-
 /** Shut down an open tls connection <b>tls</b>.  When finished, returns
  * TOR_TLS_DONE.  On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
  * or TOR_TLS_WANTWRITE.
@@ -2302,6 +1964,7 @@ tor_tls_shutdown(tor_tls_t *tls)
   char buf[128];
   tor_assert(tls);
   tor_assert(tls->ssl);
+  check_no_tls_errors();
 
   while (1) {
     if (tls->state == TOR_TLS_ST_SENTCLOSE) {
@@ -2368,15 +2031,15 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
 }
 
 /** Return the peer certificate, or NULL if there isn't one. */
-tor_cert_t *
-tor_tls_get_peer_cert(tor_tls_t *tls)
+MOCK_IMPL(tor_x509_cert_t *,
+tor_tls_get_peer_cert,(tor_tls_t *tls))
 {
   X509 *cert;
   cert = SSL_get_peer_certificate(tls->ssl);
   tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate");
   if (!cert)
     return NULL;
-  return tor_cert_new(cert);
+  return tor_x509_cert_new(cert);
 }
 
 /** Warn that a certificate lifetime extends through a certain range. */
@@ -2400,7 +2063,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
   if (!(bio = BIO_new(BIO_s_mem()))) {
     log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end;
   }
-  if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) {
+  if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
     goto end;
   }
@@ -2408,7 +2071,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
   s1 = tor_strndup(buf->data, buf->length);
 
   (void)BIO_reset(bio);
-  if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) {
+  if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
     goto end;
   }
@@ -2443,15 +2106,14 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
  *
  * Note that a reference is added to cert_out, so it needs to be
  * freed. id_cert_out doesn't. */
-static void
-try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
-                              X509 **cert_out, X509 **id_cert_out)
+MOCK_IMPL(STATIC void,
+try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls,
+                               X509 **cert_out, X509 **id_cert_out))
 {
   X509 *cert = NULL, *id_cert = NULL;
   STACK_OF(X509) *chain = NULL;
   int num_in_chain, i;
   *cert_out = *id_cert_out = NULL;
-
   if (!(cert = SSL_get_peer_certificate(tls->ssl)))
     return;
   *cert_out = cert;
@@ -2489,6 +2151,7 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity_key)
   RSA *rsa;
   int r = -1;
 
+  check_no_tls_errors();
   *identity_key = NULL;
 
   try_to_extract_certs_from_tls(severity, tls, &cert, &id_cert);
@@ -2570,12 +2233,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert,
   now = time(NULL);
 
   t = now + future_tolerance;
-  if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
+  if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) {
     log_cert_lifetime(severity, cert, "not yet valid");
     return -1;
   }
   t = now - past_tolerance;
-  if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
+  if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) {
     log_cert_lifetime(severity, cert, "already expired");
     return -1;
   }
@@ -2608,7 +2271,7 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
 {
   BIO *wbio, *tmpbio;
   unsigned long r, w;
-  r = BIO_number_read(SSL_get_rbio(tls->ssl));
+  r = (unsigned long) BIO_number_read(SSL_get_rbio(tls->ssl));
   /* We want the number of bytes actually for real written.  Unfortunately,
    * sometimes OpenSSL replaces the wbio on tls->ssl with a buffering bio,
    * which makes the answer turn out wrong.  Let's cope with that.  Note
@@ -2617,9 +2280,19 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
    * save the original BIO for  tls->ssl in the tor_tls_t structure, but
    * that would be tempting fate. */
   wbio = SSL_get_wbio(tls->ssl);
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
+  /* BIO structure is opaque as of OpenSSL 1.1.0-pre5-dev.  Again, not
+   * supposed to use this form of the version macro, but the OpenSSL developers
+   * introduced major API changes in the pre-release stage.
+   */
+  if (BIO_method_type(wbio) == BIO_TYPE_BUFFER &&
+        (tmpbio = BIO_next(wbio)) != NULL)
+    wbio = tmpbio;
+#else
   if (wbio->method == BIO_f_buffer() && (tmpbio = BIO_next(wbio)) != NULL)
     wbio = tmpbio;
-  w = BIO_number_written(wbio);
+#endif
+  w = (unsigned long) BIO_number_written(wbio);
 
   /* We are ok with letting these unsigned ints go "negative" here:
    * If we wrapped around, this should still give us the right answer, unless
@@ -2667,106 +2340,7 @@ check_no_tls_errors_(const char *fname, int line)
 int
 tor_tls_used_v1_handshake(tor_tls_t *tls)
 {
-  if (tls->isServer) {
-#ifdef V2_HANDSHAKE_SERVER
-    return ! tls->wasV2Handshake;
-#endif
-  } else {
-#ifdef V2_HANDSHAKE_CLIENT
-    return ! tls->wasV2Handshake;
-#endif
-  }
-  return 1;
-}
-
-/** Return true iff <b>name</b> is a DN of a kind that could only
- * occur in a v3-handshake-indicating certificate */
-static int
-dn_indicates_v3_cert(X509_NAME *name)
-{
-#ifdef DISABLE_V3_LINKPROTO_CLIENTSIDE
-  (void)name;
-  return 0;
-#else
-  X509_NAME_ENTRY *entry;
-  int n_entries;
-  ASN1_OBJECT *obj;
-  ASN1_STRING *str;
-  unsigned char *s;
-  int len, r;
-
-  n_entries = X509_NAME_entry_count(name);
-  if (n_entries != 1)
-    return 1; /* More than one entry in the DN. */
-  entry = X509_NAME_get_entry(name, 0);
-
-  obj = X509_NAME_ENTRY_get_object(entry);
-  if (OBJ_obj2nid(obj) != OBJ_txt2nid("commonName"))
-    return 1; /* The entry isn't a commonName. */
-
-  str = X509_NAME_ENTRY_get_data(entry);
-  len = ASN1_STRING_to_UTF8(&s, str);
-  if (len < 0)
-    return 0;
-  if (len < 4) {
-    OPENSSL_free(s);
-    return 1;
-  }
-  r = fast_memneq(s + len - 4, ".net", 4);
-  OPENSSL_free(s);
-  return r;
-#endif
-}
-
-/** Return true iff the peer certificate we're received on <b>tls</b>
- * indicates that this connection should use the v3 (in-protocol)
- * authentication handshake.
- *
- * Only the connection initiator should use this, and only once the initial
- * handshake is done; the responder detects a v1 handshake by cipher types,
- * and a v3/v2 handshake by Versions cell vs renegotiation.
- */
-int
-tor_tls_received_v3_certificate(tor_tls_t *tls)
-{
-  X509 *cert = SSL_get_peer_certificate(tls->ssl);
-  EVP_PKEY *key = NULL;
-  X509_NAME *issuer_name, *subject_name;
-  int is_v3 = 0;
-
-  if (!cert) {
-    log_warn(LD_BUG, "Called on a connection with no peer certificate");
-    goto done;
-  }
-
-  subject_name = X509_get_subject_name(cert);
-  issuer_name = X509_get_issuer_name(cert);
-
-  if (X509_name_cmp(subject_name, issuer_name) == 0) {
-    is_v3 = 1; /* purportedly self signed */
-    goto done;
-  }
-
-  if (dn_indicates_v3_cert(subject_name) ||
-      dn_indicates_v3_cert(issuer_name)) {
-    is_v3 = 1; /* DN is fancy */
-    goto done;
-  }
-
-  key = X509_get_pubkey(cert);
-  if (EVP_PKEY_bits(key) != 1024 ||
-      EVP_PKEY_type(key->type) != EVP_PKEY_RSA) {
-    is_v3 = 1; /* Key is fancy */
-    goto done;
-  }
-
- done:
-  if (key)
-    EVP_PKEY_free(key);
-  if (cert)
-    X509_free(cert);
-
-  return is_v3;
+  return ! tls->wasV2Handshake;
 }
 
 /** Return the number of server handshakes that we've noticed doing on
@@ -2785,33 +2359,108 @@ tor_tls_server_got_renegotiate(tor_tls_t *tls)
   return tls->got_renegotiate;
 }
 
+#ifndef HAVE_SSL_GET_CLIENT_RANDOM
+static size_t
+SSL_get_client_random(SSL *s, uint8_t *out, size_t len)
+{
+  if (len == 0)
+    return SSL3_RANDOM_SIZE;
+  tor_assert(len == SSL3_RANDOM_SIZE);
+  tor_assert(s->s3);
+  memcpy(out, s->s3->client_random, len);
+  return len;
+}
+#endif
+
+#ifndef HAVE_SSL_GET_SERVER_RANDOM
+static size_t
+SSL_get_server_random(SSL *s, uint8_t *out, size_t len)
+{
+  if (len == 0)
+    return SSL3_RANDOM_SIZE;
+  tor_assert(len == SSL3_RANDOM_SIZE);
+  tor_assert(s->s3);
+  memcpy(out, s->s3->server_random, len);
+  return len;
+}
+#endif
+
+#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+STATIC size_t
+SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len)
+{
+  tor_assert(s);
+  if (len == 0)
+    return s->master_key_length;
+  tor_assert(len == (size_t)s->master_key_length);
+  tor_assert(out);
+  memcpy(out, s->master_key, len);
+  return len;
+}
+#endif
+
 /** Set the DIGEST256_LEN buffer at <b>secrets_out</b> to the value used in
  * the v3 handshake to prove that the client knows the TLS secrets for the
  * connection <b>tls</b>.  Return 0 on success, -1 on failure.
  */
-int
-tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
+MOCK_IMPL(int,
+tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
 {
 #define TLSSECRET_MAGIC "Tor V3 handshake TLS cross-certification"
-  char buf[128];
+  uint8_t buf[128];
   size_t len;
   tor_assert(tls);
-  tor_assert(tls->ssl);
-  tor_assert(tls->ssl->s3);
-  tor_assert(tls->ssl->session);
+
+  SSL *const ssl = tls->ssl;
+  SSL_SESSION *const session = SSL_get_session(ssl);
+
+  tor_assert(ssl);
+  tor_assert(session);
+
+  const size_t server_random_len = SSL_get_server_random(ssl, NULL, 0);
+  const size_t client_random_len = SSL_get_client_random(ssl, NULL, 0);
+  const size_t master_key_len = SSL_SESSION_get_master_key(session, NULL, 0);
+
+  tor_assert(server_random_len);
+  tor_assert(client_random_len);
+  tor_assert(master_key_len);
+
+  len = client_random_len + server_random_len + strlen(TLSSECRET_MAGIC) + 1;
+  tor_assert(len <= sizeof(buf));
+
+  {
+    size_t r = SSL_get_client_random(ssl, buf, client_random_len);
+    tor_assert(r == client_random_len);
+  }
+
+  {
+    size_t r = SSL_get_server_random(ssl,
+                                     buf+client_random_len,
+                                     server_random_len);
+    tor_assert(r == server_random_len);
+  }
+
+  uint8_t *master_key = tor_malloc_zero(master_key_len);
+  {
+    size_t r = SSL_SESSION_get_master_key(session, master_key, master_key_len);
+    tor_assert(r == master_key_len);
+  }
+
+  uint8_t *nextbuf = buf + client_random_len + server_random_len;
+  memcpy(nextbuf, TLSSECRET_MAGIC, strlen(TLSSECRET_MAGIC) + 1);
+
   /*
     The value is an HMAC, using the TLS master key as the HMAC key, of
     client_random | server_random | TLSSECRET_MAGIC
   */
-  memcpy(buf +  0, tls->ssl->s3->client_random, 32);
-  memcpy(buf + 32, tls->ssl->s3->server_random, 32);
-  memcpy(buf + 64, TLSSECRET_MAGIC, strlen(TLSSECRET_MAGIC) + 1);
-  len = 64 + strlen(TLSSECRET_MAGIC) + 1;
   crypto_hmac_sha256((char*)secrets_out,
-                     (char*)tls->ssl->session->master_key,
-                     tls->ssl->session->master_key_length,
-                     buf, len);
+                     (char*)master_key,
+                     master_key_len,
+                     (char*)buf, len);
   memwipe(buf, 0, sizeof(buf));
+  memwipe(master_key, 0, master_key_len);
+  tor_free(master_key);
+
   return 0;
 }
 
@@ -2819,12 +2468,23 @@ tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
  * Set *<b>rbuf_capacity</b> to the amount of storage allocated for the read
  * buffer and *<b>rbuf_bytes</b> to the amount actually used.
  * Set *<b>wbuf_capacity</b> to the amount of storage allocated for the write
- * buffer and *<b>wbuf_bytes</b> to the amount actually used. */
-void
+ * buffer and *<b>wbuf_bytes</b> to the amount actually used.
+ *
+ * Return 0 on success, -1 on failure.*/
+int
 tor_tls_get_buffer_sizes(tor_tls_t *tls,
                          size_t *rbuf_capacity, size_t *rbuf_bytes,
                          size_t *wbuf_capacity, size_t *wbuf_bytes)
 {
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  (void)tls;
+  (void)rbuf_capacity;
+  (void)rbuf_bytes;
+  (void)wbuf_capacity;
+  (void)wbuf_bytes;
+
+  return -1;
+#else
   if (tls->ssl->s3->rbuf.buf)
     *rbuf_capacity = tls->ssl->s3->rbuf.len;
   else
@@ -2835,6 +2495,8 @@ tor_tls_get_buffer_sizes(tor_tls_t *tls,
     *wbuf_capacity = 0;
   *rbuf_bytes = tls->ssl->s3->rbuf.left;
   *wbuf_bytes = tls->ssl->s3->wbuf.left;
+  return 0;
+#endif
 }
 
 #ifdef USE_BUFFEREVENTS
@@ -2909,3 +2571,29 @@ tor_tls_init_bufferevent(tor_tls_t *tls, struct bufferevent *bufev_in,
 }
 #endif
 
+/** Check whether the ECC group requested is supported by the current OpenSSL
+ * library instance.  Return 1 if the group is supported, and 0 if not.
+ */
+int
+evaluate_ecgroup_for_tls(const char *ecgroup)
+{
+  EC_KEY *ec_key;
+  int nid;
+  int ret;
+
+  if (!ecgroup)
+    nid = NID_tor_default_ecdhe_group;
+  else if (!strcasecmp(ecgroup, "P256"))
+    nid = NID_X9_62_prime256v1;
+  else if (!strcasecmp(ecgroup, "P224"))
+    nid = NID_secp224r1;
+  else
+    return 0;
+
+  ec_key = EC_KEY_new_by_curve_name(nid);
+  ret = (ec_key != NULL);
+  EC_KEY_free(ec_key);
+
+  return ret;
+}
+
diff --git a/src/common/tortls.h b/src/common/tortls.h
index a76ba3bc7a..1a59c67df3 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_TORTLS_H
@@ -12,6 +12,7 @@
  **/
 
 #include "crypto.h"
+#include "compat_openssl.h"
 #include "compat.h"
 #include "testsupport.h"
 
@@ -19,7 +20,7 @@
 typedef struct tor_tls_t tor_tls_t;
 
 /* Opaque structure to hold an X509 certificate. */
-typedef struct tor_cert_t tor_cert_t;
+typedef struct tor_x509_cert_t tor_x509_cert_t;
 
 /* Possible return values for most tor_tls_* functions. */
 #define MIN_TOR_TLS_ERROR_VAL_     -9
@@ -51,6 +52,120 @@ typedef struct tor_cert_t tor_cert_t;
   case TOR_TLS_ERROR_IO
 
 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
+
+#ifdef TORTLS_PRIVATE
+#define TOR_TLS_MAGIC 0x71571571
+
+typedef enum {
+    TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE,
+    TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE,
+    TOR_TLS_ST_BUFFEREVENT
+} tor_tls_state_t;
+#define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
+
+/** Holds a SSL_CTX object and related state used to configure TLS
+ * connections.
+ */
+typedef struct tor_tls_context_t {
+  int refcnt;
+  SSL_CTX *ctx;
+  tor_x509_cert_t *my_link_cert;
+  tor_x509_cert_t *my_id_cert;
+  tor_x509_cert_t *my_auth_cert;
+  crypto_pk_t *link_key;
+  crypto_pk_t *auth_key;
+} tor_tls_context_t;
+
+/** Structure that we use for a single certificate. */
+struct tor_x509_cert_t {
+  X509 *cert;
+  uint8_t *encoded;
+  size_t encoded_len;
+  unsigned pkey_digests_set : 1;
+  common_digests_t cert_digests;
+  common_digests_t pkey_digests;
+};
+
+/** Holds a SSL object and its associated data.  Members are only
+ * accessed from within tortls.c.
+ */
+struct tor_tls_t {
+  uint32_t magic;
+  tor_tls_context_t *context; /** A link to the context object for this tls. */
+  SSL *ssl; /**< An OpenSSL SSL object. */
+  int socket; /**< The underlying file descriptor for this TLS connection. */
+  char *address; /**< An address to log when describing this connection. */
+  tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
+                                       * depending on which operations
+                                       * have completed successfully. */
+  unsigned int isServer:1; /**< True iff this is a server-side connection */
+  unsigned int wasV2Handshake:1; /**< True iff the original handshake for
+                                  * this connection used the updated version
+                                  * of the connection protocol (client sends
+                                  * different cipher list, server sends only
+                                  * one certificate). */
+  /** True iff we should call negotiated_callback when we're done reading. */
+  unsigned int got_renegotiate:1;
+  /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't
+   * called that function yet. */
+  int8_t client_cipher_list_type;
+  /** Incremented every time we start the server side of a handshake. */
+  uint8_t server_handshake_count;
+  size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last
+                       * time. */
+  /** Last values retrieved from BIO_number_read()/write(); see
+   * tor_tls_get_n_raw_bytes() for usage.
+   */
+  unsigned long last_write_count;
+  unsigned long last_read_count;
+  /** If set, a callback to invoke whenever the client tries to renegotiate
+   * the handshake. */
+  void (*negotiated_callback)(tor_tls_t *tls, void *arg);
+  /** Argument to pass to negotiated_callback. */
+  void *callback_arg;
+};
+
+STATIC int tor_errno_to_tls_error(int e);
+STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
+                  const char *doing, int severity, int domain);
+STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
+STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
+STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
+STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
+                                           STACK_OF(SSL_CIPHER) *peer_ciphers);
+STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
+MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
+          (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
+#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
+                                         size_t len);
+#endif
+STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
+STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
+STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
+                            int *secret_len,
+                            STACK_OF(SSL_CIPHER) *peer_ciphers,
+                            CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher,
+                            void *arg);
+STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
+                             uint16_t cipher);
+MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
+                                                    crypto_pk_t *rsa_sign,
+                                                    const char *cname,
+                                                    const char *cname_sign,
+                                                  unsigned int cert_lifetime));
+STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
+                   unsigned int key_lifetime, unsigned flags, int is_client);
+MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
+STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
+                                    crypto_pk_t *identity,
+                                    unsigned int key_lifetime,
+                                    unsigned int flags,
+                                    int is_client);
+STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain,
+                           const char *doing);
+#endif
+
 const char *tor_tls_err_to_string(int err);
 void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
 
@@ -72,16 +187,15 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
 int tor_tls_is_server(tor_tls_t *tls);
 void tor_tls_free(tor_tls_t *tls);
 int tor_tls_peer_has_cert(tor_tls_t *tls);
-tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
+MOCK_DECL(tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
 int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
 int tor_tls_check_lifetime(int severity,
                            tor_tls_t *tls, int past_tolerance,
                            int future_tolerance);
-int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
+MOCK_DECL(int, tor_tls_read, (tor_tls_t *tls, char *cp, size_t len));
 int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
 int tor_tls_handshake(tor_tls_t *tls);
 int tor_tls_finish_handshake(tor_tls_t *tls);
-int tor_tls_renegotiate(tor_tls_t *tls);
 void tor_tls_unblock_renegotiation(tor_tls_t *tls);
 void tor_tls_block_renegotiation(tor_tls_t *tls);
 void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
@@ -92,17 +206,16 @@ size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
 void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
                              size_t *n_read, size_t *n_written);
 
-void tor_tls_get_buffer_sizes(tor_tls_t *tls,
+int tor_tls_get_buffer_sizes(tor_tls_t *tls,
                               size_t *rbuf_capacity, size_t *rbuf_bytes,
                               size_t *wbuf_capacity, size_t *wbuf_bytes);
 
 MOCK_DECL(double, tls_get_write_overhead_ratio, (void));
 
 int tor_tls_used_v1_handshake(tor_tls_t *tls);
-int tor_tls_received_v3_certificate(tor_tls_t *tls);
 int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
 int tor_tls_server_got_renegotiate(tor_tls_t *tls);
-int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
+MOCK_DECL(int,tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out));
 
 /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
  */
@@ -120,24 +233,29 @@ struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls,
                                      int filter);
 #endif
 
-void tor_cert_free(tor_cert_t *cert);
-tor_cert_t *tor_cert_decode(const uint8_t *certificate,
+void tor_x509_cert_free(tor_x509_cert_t *cert);
+tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
                             size_t certificate_len);
-void tor_cert_get_der(const tor_cert_t *cert,
+void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
                       const uint8_t **encoded_out, size_t *size_out);
-const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert);
-const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
+const common_digests_t *tor_x509_cert_get_id_digests(
+                      const tor_x509_cert_t *cert);
+const common_digests_t *tor_x509_cert_get_cert_digests(
+                      const tor_x509_cert_t *cert);
 int tor_tls_get_my_certs(int server,
-                         const tor_cert_t **link_cert_out,
-                         const tor_cert_t **id_cert_out);
+                         const tor_x509_cert_t **link_cert_out,
+                         const tor_x509_cert_t **id_cert_out);
 crypto_pk_t *tor_tls_get_my_client_auth_key(void);
-crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
-int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
+crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
+MOCK_DECL(int,tor_tls_cert_matches_key,(const tor_tls_t *tls,
+                                        const tor_x509_cert_t *cert));
 int tor_tls_cert_is_valid(int severity,
-                          const tor_cert_t *cert,
-                          const tor_cert_t *signing_cert,
+                          const tor_x509_cert_t *cert,
+                          const tor_x509_cert_t *signing_cert,
                           int check_rsa_1024);
 const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
 
+int evaluate_ecgroup_for_tls(const char *ecgroup);
+
 #endif
 
diff --git a/src/common/util.c b/src/common/util.c
index 04cc6b12c6..f3effe0957 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -27,6 +27,7 @@
 #include "sandbox.h"
 #include "backtrace.h"
 #include "util_process.h"
+#include "util_format.h"
 
 #ifdef _WIN32
 #include <io.h>
@@ -95,6 +96,13 @@
 #ifdef HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
+#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+#include <sys/prctl.h>
+#endif
+
+#ifdef __clang_analyzer__
+#undef MALLOC_ZERO_WORKS
+#endif
 
 /* =====
  * Assertion helper.
@@ -191,33 +199,40 @@ tor_malloc_zero_(size_t size DMALLOC_PARAMS)
   return result;
 }
 
+/* The square root of SIZE_MAX + 1.  If a is less than this, and b is less
+ * than this, then a*b is less than SIZE_MAX.  (For example, if size_t is
+ * 32 bits, then SIZE_MAX is 0xffffffff and this value is 0x10000.  If a and
+ * b are less than this, then their product is at most (65535*65535) ==
+ * 0xfffe0001. */
+#define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4))
+
+/** Return non-zero if and only if the product of the arguments is exact. */
+static inline int
+size_mul_check(const size_t x, const size_t y)
+{
+  /* This first check is equivalent to
+     (x < SQRT_SIZE_MAX_P1 && y < SQRT_SIZE_MAX_P1)
+
+     Rationale: if either one of x or y is >= SQRT_SIZE_MAX_P1, then it
+     will have some bit set in its most significant half.
+   */
+  return ((x|y) < SQRT_SIZE_MAX_P1 ||
+          y == 0 ||
+          x <= SIZE_MAX / y);
+}
+
 /** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill
  * the memory with zero bytes, and return a pointer to the result.
  * Log and terminate the process on error.  (Same as
  * calloc(<b>nmemb</b>,<b>size</b>), but never returns NULL.)
- *
- * XXXX This implementation probably asserts in cases where it could
- * work, because it only tries dividing SIZE_MAX by size (according to
- * the calloc(3) man page, the size of an element of the nmemb-element
- * array to be allocated), not by nmemb (which could in theory be
- * smaller than size).  Don't do that then.
+ * The second argument (<b>size</b>) should preferably be non-zero
+ * and a compile-time constant.
  */
 void *
 tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS)
 {
-  /* You may ask yourself, "wouldn't it be smart to use calloc instead of
-   * malloc+memset?  Perhaps libc's calloc knows some nifty optimization trick
-   * we don't!"  Indeed it does, but its optimizations are only a big win when
-   * we're allocating something very big (it knows if it just got the memory
-   * from the OS in a pre-zeroed state).  We don't want to use tor_malloc_zero
-   * for big stuff, so we don't bother with calloc. */
-  void *result;
-  size_t max_nmemb = (size == 0) ? SIZE_MAX : SIZE_MAX/size;
-
-  tor_assert(nmemb < max_nmemb);
-
-  result = tor_malloc_zero_((nmemb * size) DMALLOC_FN_ARGS);
-  return result;
+  tor_assert(size_mul_check(nmemb, size));
+  return tor_malloc_zero_((nmemb * size) DMALLOC_FN_ARGS);
 }
 
 /** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
@@ -231,6 +246,13 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS)
 
   tor_assert(size < SIZE_T_CEILING);
 
+#ifndef MALLOC_ZERO_WORKS
+  /* Some libc mallocs don't work when size==0. Override them. */
+  if (size==0) {
+    size=1;
+  }
+#endif
+
 #ifdef USE_DMALLOC
   result = dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
 #else
@@ -244,6 +266,20 @@ tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS)
   return result;
 }
 
+/**
+ * Try to realloc <b>ptr</b> so that it takes up sz1 * sz2 bytes.  Check for
+ * overflow. Unlike other allocation functions, return NULL on overflow.
+ */
+void *
+tor_reallocarray_(void *ptr, size_t sz1, size_t sz2 DMALLOC_PARAMS)
+{
+  /* XXXX we can make this return 0, but we would need to check all the
+   * reallocarray users. */
+  tor_assert(size_mul_check(sz1, sz2));
+
+  return tor_realloc(ptr, (sz1 * sz2) DMALLOC_FN_ARGS);
+}
+
 /** Return a newly allocated copy of the NUL-terminated string s. On
  * error, log and terminate.  (Like strdup(s), but never returns
  * NULL.)
@@ -452,35 +488,117 @@ round_to_power_of_2(uint64_t u64)
 }
 
 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
- * <b>divisor</b> == 0. */
+ * <b>divisor</b> == 0.  If no such x can be expressed as an unsigned, return
+ * UINT_MAX */
 unsigned
 round_to_next_multiple_of(unsigned number, unsigned divisor)
 {
+  tor_assert(divisor > 0);
+  if (UINT_MAX - divisor + 1 < number)
+    return UINT_MAX;
   number += divisor - 1;
   number -= number % divisor;
   return number;
 }
 
 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
- * <b>divisor</b> == 0. */
+ * <b>divisor</b> == 0. If no such x can be expressed as a uint32_t, return
+ * UINT32_MAX */
 uint32_t
 round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor)
 {
+  tor_assert(divisor > 0);
+  if (UINT32_MAX - divisor + 1 < number)
+    return UINT32_MAX;
+
   number += divisor - 1;
   number -= number % divisor;
   return number;
 }
 
 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
- * <b>divisor</b> == 0. */
+ * <b>divisor</b> == 0. If no such x can be expressed as a uint64_t, return
+ * UINT64_MAX */
 uint64_t
 round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor)
 {
+  tor_assert(divisor > 0);
+  if (UINT64_MAX - divisor + 1 < number)
+    return UINT64_MAX;
   number += divisor - 1;
   number -= number % divisor;
   return number;
 }
 
+/** Return the lowest x in [INT64_MIN, INT64_MAX] such that x is at least
+ * <b>number</b>, and x modulo <b>divisor</b> == 0. If no such x can be
+ * expressed as an int64_t, return INT64_MAX */
+int64_t
+round_int64_to_next_multiple_of(int64_t number, int64_t divisor)
+{
+  tor_assert(divisor > 0);
+  if (INT64_MAX - divisor + 1 < number)
+    return INT64_MAX;
+  if (number >= 0)
+    number += divisor - 1;
+  number -= number % divisor;
+  return number;
+}
+
+/** Transform a random value <b>p</b> from the uniform distribution in
+ * [0.0, 1.0[ into a Laplace distributed value with location parameter
+ * <b>mu</b> and scale parameter <b>b</b>. Truncate the final result
+ * to be an integer in [INT64_MIN, INT64_MAX]. */
+int64_t
+sample_laplace_distribution(double mu, double b, double p)
+{
+  double result;
+  tor_assert(p >= 0.0 && p < 1.0);
+
+  /* This is the "inverse cumulative distribution function" from:
+   * http://en.wikipedia.org/wiki/Laplace_distribution */
+  if (p <= 0.0) {
+    /* Avoid taking log(0.0) == -INFINITY, as some processors or compiler
+     * options can cause the program to trap. */
+    return INT64_MIN;
+  }
+
+  result = mu - b * (p > 0.5 ? 1.0 : -1.0)
+                  * tor_mathlog(1.0 - 2.0 * fabs(p - 0.5));
+
+  return clamp_double_to_int64(result);
+}
+
+/** Add random noise between INT64_MIN and INT64_MAX coming from a Laplace
+ * distribution with mu = 0 and b = <b>delta_f</b>/<b>epsilon</b> to
+ * <b>signal</b> based on the provided <b>random</b> value in [0.0, 1.0[.
+ * The epsilon value must be between ]0.0, 1.0]. delta_f must be greater
+ * than 0. */
+int64_t
+add_laplace_noise(int64_t signal, double random, double delta_f,
+                  double epsilon)
+{
+  int64_t noise;
+
+  /* epsilon MUST be between ]0.0, 1.0] */
+  tor_assert(epsilon > 0.0 && epsilon <= 1.0);
+  /* delta_f MUST be greater than 0. */
+  tor_assert(delta_f > 0.0);
+
+  /* Just add noise, no further signal */
+  noise = sample_laplace_distribution(0.0,
+                                      delta_f / epsilon,
+                                      random);
+
+  /* Clip (signal + noise) to [INT64_MIN, INT64_MAX] */
+  if (noise > 0 && INT64_MAX - noise < signal)
+    return INT64_MAX;
+  else if (noise < 0 && INT64_MIN - noise > signal)
+    return INT64_MIN;
+  else
+    return signal + noise;
+}
+
 /** Return the number of bits set in <b>v</b>. */
 int
 n_bits_set_u8(uint8_t v)
@@ -684,16 +802,6 @@ fast_memcmpstart(const void *mem, size_t memlen,
   return fast_memcmp(mem, prefix, plen);
 }
 
-/** Given a nul-terminated string s, set every character before the nul
- * to zero. */
-void
-tor_strclear(char *s)
-{
-  while (*s) {
-    *s++ = '\0';
-  }
-}
-
 /** Return a pointer to the first char of s that is not whitespace and
  * not a comment, or to the terminating NUL if no such character exists.
  */
@@ -932,6 +1040,77 @@ string_is_key_value(int severity, const char *string)
   return 1;
 }
 
+/** Return true if <b>string</b> represents a valid IPv4 adddress in
+ * 'a.b.c.d' form.
+ */
+int
+string_is_valid_ipv4_address(const char *string)
+{
+  struct in_addr addr;
+
+  return (tor_inet_pton(AF_INET,string,&addr) == 1);
+}
+
+/** Return true if <b>string</b> represents a valid IPv6 address in
+ * a form that inet_pton() can parse.
+ */
+int
+string_is_valid_ipv6_address(const char *string)
+{
+  struct in6_addr addr;
+
+  return (tor_inet_pton(AF_INET6,string,&addr) == 1);
+}
+
+/** Return true iff <b>string</b> matches a pattern of DNS names
+ * that we allow Tor clients to connect to.
+ *
+ * Note: This allows certain technically invalid characters ('_') to cope
+ * with misconfigured zones that have been encountered in the wild.
+ */
+int
+string_is_valid_hostname(const char *string)
+{
+  int result = 1;
+  smartlist_t *components;
+
+  components = smartlist_new();
+
+  smartlist_split_string(components,string,".",0,0);
+
+  SMARTLIST_FOREACH_BEGIN(components, char *, c) {
+    if ((c[0] == '-') || (*c == '_')) {
+      result = 0;
+      break;
+    }
+
+    /* Allow a single terminating '.' used rarely to indicate domains
+     * are FQDNs rather than relative. */
+    if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) {
+      continue;
+    }
+
+    do {
+      if ((*c >= 'a' && *c <= 'z') ||
+          (*c >= 'A' && *c <= 'Z') ||
+          (*c >= '0' && *c <= '9') ||
+          (*c == '-') || (*c == '_'))
+        c++;
+      else
+        result = 0;
+    } while (result && *c);
+
+  } SMARTLIST_FOREACH_END(c);
+
+  SMARTLIST_FOREACH_BEGIN(components, char *, c) {
+    tor_free(c);
+  } SMARTLIST_FOREACH_END(c);
+
+  smartlist_free(components);
+
+  return result;
+}
+
 /** Return true iff the DIGEST256_LEN bytes in digest are all zero. */
 int
 tor_digest256_is_zero(const char *digest)
@@ -1060,91 +1239,6 @@ tor_parse_uint64(const char *s, int base, uint64_t min,
   CHECK_STRTOX_RESULT();
 }
 
-/** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
- * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
- * <b>dest</b>.
- */
-void
-base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-  const char *end;
-  char *cp;
-
-  tor_assert(destlen >= srclen*2+1);
-  tor_assert(destlen < SIZE_T_CEILING);
-
-  cp = dest;
-  end = src+srclen;
-  while (src<end) {
-    *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) >> 4 ];
-    *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) & 0xf ];
-    ++src;
-  }
-  *cp = '\0';
-}
-
-/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
-static INLINE int
-hex_decode_digit_(char c)
-{
-  switch (c) {
-    case '0': return 0;
-    case '1': return 1;
-    case '2': return 2;
-    case '3': return 3;
-    case '4': return 4;
-    case '5': return 5;
-    case '6': return 6;
-    case '7': return 7;
-    case '8': return 8;
-    case '9': return 9;
-    case 'A': case 'a': return 10;
-    case 'B': case 'b': return 11;
-    case 'C': case 'c': return 12;
-    case 'D': case 'd': return 13;
-    case 'E': case 'e': return 14;
-    case 'F': case 'f': return 15;
-    default:
-      return -1;
-  }
-}
-
-/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
-int
-hex_decode_digit(char c)
-{
-  return hex_decode_digit_(c);
-}
-
-/** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
- * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
- * Return 0 on success, -1 on failure. */
-int
-base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-  const char *end;
-
-  int v1,v2;
-  if ((srclen % 2) != 0)
-    return -1;
-  if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
-    return -1;
-
-  memset(dest, 0, destlen);
-
-  end = src+srclen;
-  while (src<end) {
-    v1 = hex_decode_digit_(*src);
-    v2 = hex_decode_digit_(*(src+1));
-    if (v1<0||v2<0)
-      return -1;
-    *(uint8_t*)dest = (v1<<4)|v2;
-    ++dest;
-    src+=2;
-  }
-  return 0;
-}
-
 /** Allocate and return a new string representing the contents of <b>s</b>,
  * surrounded by quotes and using standard C escapes.
  *
@@ -1186,9 +1280,14 @@ esc_for_log(const char *s)
     }
   }
 
+  tor_assert(len <= SSIZE_MAX);
+
   result = outp = tor_malloc(len);
   *outp++ = '\"';
   for (cp = s; *cp; ++cp) {
+    /* This assertion should always succeed, since we will write at least
+     * one char here, and two chars for closing quote and nul later */
+    tor_assert((outp-result) < (ssize_t)len-2);
     switch (*cp) {
       case '\\':
       case '\"':
@@ -1212,6 +1311,7 @@ esc_for_log(const char *s)
         if (TOR_ISPRINT(*cp) && ((uint8_t)*cp)<127) {
           *outp++ = *cp;
         } else {
+          tor_assert((outp-result) < (ssize_t)len-4);
           tor_snprintf(outp, 5, "\\%03o", (int)(uint8_t) *cp);
           outp += 4;
         }
@@ -1219,12 +1319,27 @@ esc_for_log(const char *s)
     }
   }
 
+  tor_assert((outp-result) <= (ssize_t)len-2);
   *outp++ = '\"';
   *outp++ = 0;
 
   return result;
 }
 
+/** Similar to esc_for_log. Allocate and return a new string representing
+ * the first n characters in <b>chars</b>, surround by quotes and using
+ * standard C escapes. If a NUL character is encountered in <b>chars</b>,
+ * the resulting string will be terminated there.
+ */
+char *
+esc_for_log_len(const char *chars, size_t n)
+{
+  char *string = tor_strndup(chars, n);
+  char *string_escaped = esc_for_log(string);
+  tor_free(string);
+  return string_escaped;
+}
+
 /** Allocate and return a new string representing the contents of <b>s</b>,
  * surrounded by quotes and using standard C escapes.
  *
@@ -1347,7 +1462,8 @@ n_leapdays(int y1, int y2)
   --y2;
   return (y2/4 - y1/4) - (y2/100 - y1/100) + (y2/400 - y1/400);
 }
-/** Number of days per month in non-leap year; used by tor_timegm. */
+/** Number of days per month in non-leap year; used by tor_timegm and
+ * parse_rfc1123_time. */
 static const int days_per_month[] =
   { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
 
@@ -1359,12 +1475,44 @@ tor_timegm(const struct tm *tm, time_t *time_out)
 {
   /* This is a pretty ironclad timegm implementation, snarfed from Python2.2.
    * It's way more brute-force than fiddling with tzset().
-   */
-  time_t year, days, hours, minutes, seconds;
-  int i;
-  year = tm->tm_year + 1900;
-  if (year < 1970 || tm->tm_mon < 0 || tm->tm_mon > 11 ||
-      tm->tm_year >= INT32_MAX-1900) {
+   *
+   * We use int64_t rather than time_t to avoid overflow on multiplication on
+   * platforms with 32-bit time_t. Since year is clipped to INT32_MAX, and
+   * since 365 * 24 * 60 * 60 is approximately 31 million, it's not possible
+   * for INT32_MAX years to overflow int64_t when converted to seconds. */
+  int64_t year, days, hours, minutes, seconds;
+  int i, invalid_year, dpm;
+
+  /* Initialize time_out to 0 for now, to avoid bad usage in case this function
+     fails and the caller ignores the return value. */
+  tor_assert(time_out);
+  *time_out = 0;
+
+  /* avoid int overflow on addition */
+  if (tm->tm_year < INT32_MAX-1900) {
+    year = tm->tm_year + 1900;
+  } else {
+    /* clamp year */
+    year = INT32_MAX;
+  }
+  invalid_year = (year < 1970 || tm->tm_year >= INT32_MAX-1900);
+
+  if (tm->tm_mon >= 0 && tm->tm_mon <= 11) {
+    dpm = days_per_month[tm->tm_mon];
+    if (tm->tm_mon == 1 && !invalid_year && IS_LEAPYEAR(tm->tm_year)) {
+      dpm = 29;
+    }
+  } else {
+    /* invalid month - default to 0 days per month */
+    dpm = 0;
+  }
+
+  if (invalid_year ||
+      tm->tm_mon < 0 || tm->tm_mon > 11 ||
+      tm->tm_mday < 1 || tm->tm_mday > dpm ||
+      tm->tm_hour < 0 || tm->tm_hour > 23 ||
+      tm->tm_min < 0 || tm->tm_min > 59 ||
+      tm->tm_sec < 0 || tm->tm_sec > 60) {
     log_warn(LD_BUG, "Out-of-range argument to tor_timegm");
     return -1;
   }
@@ -1378,7 +1526,17 @@ tor_timegm(const struct tm *tm, time_t *time_out)
 
   minutes = hours*60 + tm->tm_min;
   seconds = minutes*60 + tm->tm_sec;
-  *time_out = seconds;
+  /* Check that "seconds" will fit in a time_t. On platforms where time_t is
+   * 32-bit, this check will fail for dates in and after 2038.
+   *
+   * We already know that "seconds" can't be negative because "year" >= 1970 */
+#if SIZEOF_TIME_T < 8
+  if (seconds < TIME_MIN || seconds > TIME_MAX) {
+    log_warn(LD_BUG, "Result does not fit in tor_timegm");
+    return -1;
+  }
+#endif
+  *time_out = (time_t)seconds;
   return 0;
 }
 
@@ -1428,8 +1586,9 @@ parse_rfc1123_time(const char *buf, time_t *t)
   struct tm tm;
   char month[4];
   char weekday[4];
-  int i, m;
+  int i, m, invalid_year;
   unsigned tm_mday, tm_year, tm_hour, tm_min, tm_sec;
+  unsigned dpm;
 
   if (strlen(buf) != RFC1123_TIME_LEN)
     return -1;
@@ -1442,18 +1601,6 @@ parse_rfc1123_time(const char *buf, time_t *t)
     tor_free(esc);
     return -1;
   }
-  if (tm_mday < 1 || tm_mday > 31 || tm_hour > 23 || tm_min > 59 ||
-      tm_sec > 60 || tm_year >= INT32_MAX || tm_year < 1970) {
-    char *esc = esc_for_log(buf);
-    log_warn(LD_GENERAL, "Got invalid RFC1123 time %s", esc);
-    tor_free(esc);
-    return -1;
-  }
-  tm.tm_mday = (int)tm_mday;
-  tm.tm_year = (int)tm_year;
-  tm.tm_hour = (int)tm_hour;
-  tm.tm_min = (int)tm_min;
-  tm.tm_sec = (int)tm_sec;
 
   m = -1;
   for (i = 0; i < 12; ++i) {
@@ -1470,6 +1617,26 @@ parse_rfc1123_time(const char *buf, time_t *t)
   }
   tm.tm_mon = m;
 
+  invalid_year = (tm_year >= INT32_MAX || tm_year < 1970);
+  tor_assert(m >= 0 && m <= 11);
+  dpm = days_per_month[m];
+  if (m == 1 && !invalid_year && IS_LEAPYEAR(tm_year)) {
+    dpm = 29;
+  }
+
+  if (invalid_year || tm_mday < 1 || tm_mday > dpm ||
+      tm_hour > 23 || tm_min > 59 || tm_sec > 60) {
+    char *esc = esc_for_log(buf);
+    log_warn(LD_GENERAL, "Got invalid RFC1123 time %s", esc);
+    tor_free(esc);
+    return -1;
+  }
+  tm.tm_mday = (int)tm_mday;
+  tm.tm_year = (int)tm_year;
+  tm.tm_hour = (int)tm_hour;
+  tm.tm_min = (int)tm_min;
+  tm.tm_sec = (int)tm_sec;
+
   if (tm.tm_year < 1970) {
     char *esc = esc_for_log(buf);
     log_warn(LD_GENERAL,
@@ -1526,15 +1693,18 @@ format_iso_time_nospace_usec(char *buf, const struct timeval *tv)
 
 /** Given an ISO-formatted UTC time value (after the epoch) in <b>cp</b>,
  * parse it and store its value in *<b>t</b>.  Return 0 on success, -1 on
- * failure.  Ignore extraneous stuff in <b>cp</b> separated by whitespace from
- * the end of the time string. */
+ * failure.  Ignore extraneous stuff in <b>cp</b> after the end of the time
+ * string, unless <b>strict</b> is set. */
 int
-parse_iso_time(const char *cp, time_t *t)
+parse_iso_time_(const char *cp, time_t *t, int strict)
 {
   struct tm st_tm;
   unsigned int year=0, month=0, day=0, hour=0, minute=0, second=0;
-  if (tor_sscanf(cp, "%u-%2u-%2u %2u:%2u:%2u", &year, &month,
-                &day, &hour, &minute, &second) < 6) {
+  int n_fields;
+  char extra_char;
+  n_fields = tor_sscanf(cp, "%u-%2u-%2u %2u:%2u:%2u%c", &year, &month,
+                        &day, &hour, &minute, &second, &extra_char);
+  if (strict ? (n_fields != 6) : (n_fields < 6)) {
     char *esc = esc_for_log(cp);
     log_warn(LD_GENERAL, "ISO time %s was unparseable", esc);
     tor_free(esc);
@@ -1553,6 +1723,7 @@ parse_iso_time(const char *cp, time_t *t)
   st_tm.tm_hour = hour;
   st_tm.tm_min = minute;
   st_tm.tm_sec = second;
+  st_tm.tm_wday = 0; /* Should be ignored. */
 
   if (st_tm.tm_year < 70) {
     char *esc = esc_for_log(cp);
@@ -1563,6 +1734,16 @@ parse_iso_time(const char *cp, time_t *t)
   return tor_timegm(&st_tm, t);
 }
 
+/** Given an ISO-formatted UTC time value (after the epoch) in <b>cp</b>,
+ * parse it and store its value in *<b>t</b>.  Return 0 on success, -1 on
+ * failure. Reject the string if any characters are present after the time.
+ */
+int
+parse_iso_time(const char *cp, time_t *t)
+{
+  return parse_iso_time_(cp, t, 1);
+}
+
 /** Given a <b>date</b> in one of the three formats allowed by HTTP (ugh),
  * parse it into <b>tm</b>.  Return 0 on success, negative on failure. */
 int
@@ -1610,6 +1791,7 @@ parse_http_time(const char *date, struct tm *tm)
   tm->tm_hour = (int)tm_hour;
   tm->tm_min = (int)tm_min;
   tm->tm_sec = (int)tm_sec;
+  tm->tm_wday = 0; /* Leave this unset. */
 
   month[3] = '\0';
   /* Okay, now decode the month. */
@@ -1641,7 +1823,11 @@ format_time_interval(char *out, size_t out_len, long interval)
 {
   /* We only report seconds if there's no hours. */
   long sec = 0, min = 0, hour = 0, day = 0;
-  if (interval < 0)
+
+  /* -LONG_MIN is LONG_MAX + 1, which causes signed overflow */
+  if (interval < -LONG_MAX)
+    interval = LONG_MAX;
+  else if (interval < 0)
     interval = -interval;
 
   if (interval >= 86400) {
@@ -1757,7 +1943,7 @@ write_all(tor_socket_t fd, const char *buf, size_t count, int isSocket)
 {
   size_t written = 0;
   ssize_t result;
-  tor_assert(count < SSIZE_T_MAX);
+  tor_assert(count < SSIZE_MAX);
 
   while (written != count) {
     if (isSocket)
@@ -1782,8 +1968,10 @@ read_all(tor_socket_t fd, char *buf, size_t count, int isSocket)
   size_t numread = 0;
   ssize_t result;
 
-  if (count > SIZE_T_CEILING || count > SSIZE_T_MAX)
+  if (count > SIZE_T_CEILING || count > SSIZE_MAX) {
+    errno = EINVAL;
     return -1;
+  }
 
   while (numread != count) {
     if (isSocket)
@@ -1823,15 +2011,24 @@ clean_name_for_stat(char *name)
 #endif
 }
 
-/** Return FN_ERROR if filename can't be read, FN_NOENT if it doesn't
- * exist, FN_FILE if it is a regular file, or FN_DIR if it's a
- * directory.  On FN_ERROR, sets errno. */
+/** Return:
+ * FN_ERROR if filename can't be read, is NULL, or is zero-length,
+ * FN_NOENT if it doesn't exist,
+ * FN_FILE if it is a non-empty regular file, or a FIFO on unix-like systems,
+ * FN_EMPTY for zero-byte regular files,
+ * FN_DIR if it's a directory, and
+ * FN_ERROR for any other file type.
+ * On FN_ERROR and FN_NOENT, sets errno.  (errno is not set when FN_ERROR
+ * is returned due to an unhandled file type.) */
 file_status_t
 file_status(const char *fname)
 {
   struct stat st;
   char *f;
   int r;
+  if (!fname || strlen(fname) == 0) {
+    return FN_ERROR;
+  }
   f = tor_strdup(fname);
   clean_name_for_stat(f);
   log_debug(LD_FS, "stat()ing %s", f);
@@ -1843,16 +2040,23 @@ file_status(const char *fname)
     }
     return FN_ERROR;
   }
-  if (st.st_mode & S_IFDIR)
+  if (st.st_mode & S_IFDIR) {
     return FN_DIR;
-  else if (st.st_mode & S_IFREG)
-    return FN_FILE;
+  } else if (st.st_mode & S_IFREG) {
+    if (st.st_size > 0) {
+      return FN_FILE;
+    } else if (st.st_size == 0) {
+      return FN_EMPTY;
+    } else {
+      return FN_ERROR;
+    }
 #ifndef _WIN32
-  else if (st.st_mode & S_IFIFO)
+  } else if (st.st_mode & S_IFIFO) {
     return FN_FILE;
 #endif
-  else
+  } else {
     return FN_ERROR;
+  }
 }
 
 /** Check whether <b>dirname</b> exists and is private.  If yes return 0.  If
@@ -1861,8 +2065,12 @@ file_status(const char *fname)
  * <b>check</b>&CPD_CHECK, and we think we can create it, return 0.  Else
  * return -1.  If CPD_GROUP_OK is set, then it's okay if the directory
  * is group-readable, but in all cases we create the directory mode 0700.
- * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
- * if they are too permissive: we just return -1.
+ * If CPD_GROUP_READ is set, existing directory behaves as CPD_GROUP_OK and
+ * if the directory is created it will use mode 0750 with group read
+ * permission. Group read privileges also assume execute permission
+ * as norm for directories. If CPD_CHECK_MODE_ONLY is set, then we don't
+ * alter the directory permissions if they are too permissive:
+ * we just return -1.
  * When effective_user is not NULL, check permissions against the given user
  * and its primary group.
  */
@@ -1872,53 +2080,98 @@ check_private_dir(const char *dirname, cpd_check_t check,
 {
   int r;
   struct stat st;
-  char *f;
+
+  tor_assert(dirname);
+
 #ifndef _WIN32
-  int mask;
+  int fd;
   const struct passwd *pw = NULL;
   uid_t running_uid;
   gid_t running_gid;
-#else
-  (void)effective_user;
-#endif
 
-  tor_assert(dirname);
-  f = tor_strdup(dirname);
-  clean_name_for_stat(f);
-  log_debug(LD_FS, "stat()ing %s", f);
-  r = stat(sandbox_intern_string(f), &st);
-  tor_free(f);
-  if (r) {
+  /*
+   * Goal is to harden the implementation by removing any
+   * potential for race between stat() and chmod().
+   * chmod() accepts filename as argument. If an attacker can move
+   * the file between stat() and chmod(), a potential race exists.
+   *
+   * Several suggestions taken from:
+   * https://developer.apple.com/library/mac/documentation/
+   *     Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html
+   */
+
+  /* Open directory.
+   * O_NOFOLLOW to ensure that it does not follow symbolic links */
+  fd = open(sandbox_intern_string(dirname), O_NOFOLLOW);
+
+  /* Was there an error? Maybe the directory does not exist? */
+  if (fd == -1) {
+
     if (errno != ENOENT) {
+      /* Other directory error */
       log_warn(LD_FS, "Directory %s cannot be read: %s", dirname,
                strerror(errno));
       return -1;
     }
+
+    /* Received ENOENT: Directory does not exist */
+
+    /* Should we create the directory? */
     if (check & CPD_CREATE) {
       log_info(LD_GENERAL, "Creating directory %s", dirname);
-#if defined (_WIN32) && !defined (WINCE)
-      r = mkdir(dirname);
-#else
-      r = mkdir(dirname, 0700);
-#endif
+      if (check & CPD_GROUP_READ) {
+        r = mkdir(dirname, 0750);
+      } else {
+        r = mkdir(dirname, 0700);
+      }
+
+      /* check for mkdir() error */
       if (r) {
         log_warn(LD_FS, "Error creating directory %s: %s", dirname,
             strerror(errno));
         return -1;
       }
+
+      /* we just created the directory. try to open it again.
+       * permissions on the directory will be checked again below.*/
+      fd = open(sandbox_intern_string(dirname), O_NOFOLLOW);
+
+      if (fd == -1)
+        return -1;
+      else
+        close(fd);
+
     } else if (!(check & CPD_CHECK)) {
       log_warn(LD_FS, "Directory %s does not exist.", dirname);
       return -1;
     }
+
     /* XXXX In the case where check==CPD_CHECK, we should look at the
      * parent directory a little harder. */
     return 0;
   }
+
+  tor_assert(fd >= 0);
+
+  //f = tor_strdup(dirname);
+  //clean_name_for_stat(f);
+  log_debug(LD_FS, "stat()ing %s", dirname);
+  //r = stat(sandbox_intern_string(f), &st);
+  r = fstat(fd, &st);
+  if (r == -1) {
+      log_warn(LD_FS, "fstat() on directory %s failed.", dirname);
+      close(fd);
+      return -1;
+  }
+  //tor_free(f);
+
+  /* check that dirname is a directory */
   if (!(st.st_mode & S_IFDIR)) {
     log_warn(LD_FS, "%s is not a directory", dirname);
+    close(fd);
     return -1;
   }
-#ifndef _WIN32
+
   if (effective_user) {
     /* Look up the user and group information.
      * If we have a problem, bail out. */
@@ -1926,6 +2179,7 @@ check_private_dir(const char *dirname, cpd_check_t check,
     if (pw == NULL) {
       log_warn(LD_CONFIG, "Error setting configured user: %s not found",
                effective_user);
+      close(fd);
       return -1;
     }
     running_uid = pw->pw_uid;
@@ -1934,7 +2188,6 @@ check_private_dir(const char *dirname, cpd_check_t check,
     running_uid = getuid();
     running_gid = getgid();
   }
-
   if (st.st_uid != running_uid) {
     const struct passwd *pw = NULL;
     char *process_ownername = NULL;
@@ -1950,9 +2203,11 @@ check_private_dir(const char *dirname, cpd_check_t check,
                          pw ? pw->pw_name : "<unknown>", (int)st.st_uid);
 
     tor_free(process_ownername);
+    close(fd);
     return -1;
   }
-  if ((check & CPD_GROUP_OK) && st.st_gid != running_gid) {
+  if ( (check & (CPD_GROUP_OK|CPD_GROUP_READ))
+       && (st.st_gid != running_gid) && (st.st_gid != 0)) {
     struct group *gr;
     char *process_groupname = NULL;
     gr = getgrgid(running_gid);
@@ -1965,32 +2220,79 @@ check_private_dir(const char *dirname, cpd_check_t check,
              gr ?  gr->gr_name : "<unknown>", (int)st.st_gid);
 
     tor_free(process_groupname);
+    close(fd);
     return -1;
   }
-  if (check & CPD_GROUP_OK) {
-    mask = 0027;
+  unsigned unwanted_bits = 0;
+  if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) {
+    unwanted_bits = 0027;
   } else {
-    mask = 0077;
+    unwanted_bits = 0077;
   }
-  if (st.st_mode & mask) {
+  unsigned check_bits_filter = ~0;
+  if (check & CPD_RELAX_DIRMODE_CHECK) {
+    check_bits_filter = 0022;
+  }
+  if ((st.st_mode & unwanted_bits & check_bits_filter) != 0) {
     unsigned new_mode;
     if (check & CPD_CHECK_MODE_ONLY) {
       log_warn(LD_FS, "Permissions on directory %s are too permissive.",
                dirname);
+      close(fd);
       return -1;
     }
     log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
     new_mode = st.st_mode;
     new_mode |= 0700; /* Owner should have rwx */
-    new_mode &= ~mask; /* Clear the other bits that we didn't want set...*/
-    if (chmod(dirname, new_mode)) {
+    if (check & CPD_GROUP_READ) {
+      new_mode |= 0050; /* Group should have rx */
+    }
+    new_mode &= ~unwanted_bits; /* Clear the bits that we didn't want set...*/
+    if (fchmod(fd, new_mode)) {
       log_warn(LD_FS, "Could not chmod directory %s: %s", dirname,
-          strerror(errno));
+               strerror(errno));
+      close(fd);
       return -1;
     } else {
+      close(fd);
       return 0;
     }
   }
+  close(fd);
+#else
+  /* Win32 case: we can't open() a directory. */
+  (void)effective_user;
+
+  char *f = tor_strdup(dirname);
+  clean_name_for_stat(f);
+  log_debug(LD_FS, "stat()ing %s", f);
+  r = stat(sandbox_intern_string(f), &st);
+  tor_free(f);
+  if (r) {
+    if (errno != ENOENT) {
+      log_warn(LD_FS, "Directory %s cannot be read: %s", dirname,
+               strerror(errno));
+      return -1;
+    }
+    if (check & CPD_CREATE) {
+      log_info(LD_GENERAL, "Creating directory %s", dirname);
+      r = mkdir(dirname);
+      if (r) {
+        log_warn(LD_FS, "Error creating directory %s: %s", dirname,
+                 strerror(errno));
+        return -1;
+      }
+    } else if (!(check & CPD_CHECK)) {
+      log_warn(LD_FS, "Directory %s does not exist.", dirname);
+      return -1;
+    }
+    return 0;
+  }
+  if (!(st.st_mode & S_IFDIR)) {
+    log_warn(LD_FS, "%s is not a directory", dirname);
+    return -1;
+  }
+
 #endif
   return 0;
 }
@@ -2315,8 +2617,10 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out)
   char *string = NULL;
   size_t string_max = 0;
 
-  if (max_bytes_to_read+1 >= SIZE_T_CEILING)
+  if (max_bytes_to_read+1 >= SIZE_T_CEILING) {
+    errno = EINVAL;
     return NULL;
+  }
 
   do {
     /* XXXX This "add 1K" approach is a little goofy; if we care about
@@ -2328,13 +2632,16 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out)
     string = tor_realloc(string, string_max);
     r = read(fd, string + pos, string_max - pos - 1);
     if (r < 0) {
+      int save_errno = errno;
       tor_free(string);
+      errno = save_errno;
       return NULL;
     }
 
     pos += r;
   } while (r > 0 && pos < max_bytes_to_read);
 
+  tor_assert(pos < string_max);
   *sz_out = pos;
   string[pos] = '\0';
   return string;
@@ -2395,17 +2702,21 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
   if (S_ISFIFO(statbuf.st_mode)) {
     size_t sz = 0;
     string = read_file_to_str_until_eof(fd, FIFO_READ_MAX, &sz);
+    int save_errno = errno;
     if (string && stat_out) {
       statbuf.st_size = sz;
       memcpy(stat_out, &statbuf, sizeof(struct stat));
     }
     close(fd);
+    if (!string)
+      errno = save_errno;
     return string;
   }
 #endif
 
   if ((uint64_t)(statbuf.st_size)+1 >= SIZE_T_CEILING) {
     close(fd);
+    errno = EINVAL;
     return NULL;
   }
 
@@ -2575,38 +2886,9 @@ parse_config_line_from_str_verbose(const char *line, char **key_out,
                                    char **value_out,
                                    const char **err_out)
 {
-  /* I believe the file format here is supposed to be:
-     FILE = (EMPTYLINE | LINE)* (EMPTYLASTLINE | LASTLINE)?
-
-     EMPTYLASTLINE = SPACE* | COMMENT
-     EMPTYLINE = EMPTYLASTLINE NL
-     SPACE = ' ' | '\r' | '\t'
-     COMMENT = '#' NOT-NL*
-     NOT-NL = Any character except '\n'
-     NL = '\n'
-
-     LASTLINE = SPACE* KEY SPACE* VALUES
-     LINE = LASTLINE NL
-     KEY = KEYCHAR+
-     KEYCHAR = Any character except ' ', '\r', '\n', '\t', '#', "\"
-
-     VALUES = QUOTEDVALUE | NORMALVALUE
-     QUOTEDVALUE = QUOTE QVCHAR* QUOTE EOLSPACE?
-     QUOTE = '"'
-     QVCHAR = KEYCHAR | ESC ('n' | 't' | 'r' | '"' | ESC |'\'' | OCTAL | HEX)
-     ESC = "\\"
-     OCTAL = ODIGIT (ODIGIT ODIGIT?)?
-     HEX = ('x' | 'X') HEXDIGIT HEXDIGIT
-     ODIGIT = '0' .. '7'
-     HEXDIGIT = '0'..'9' | 'a' .. 'f' | 'A' .. 'F'
-     EOLSPACE = SPACE* COMMENT?
-
-     NORMALVALUE = (VALCHAR | ESC ESC_IGNORE | CONTINUATION)* EOLSPACE?
-     VALCHAR = Any character except ESC, '#', and '\n'
-     ESC_IGNORE = Any character except '#' or '\n'
-     CONTINUATION = ESC NL ( COMMENT NL )*
+  /*
+    See torrc_format.txt for a description of the (silly) format this parses.
    */
-
   const char *key, *val, *cp;
   int continuation = 0;
 
@@ -2726,6 +3008,10 @@ expand_filename(const char *filename)
 {
   tor_assert(filename);
 #ifdef _WIN32
+  /* Might consider using GetFullPathName() as described here:
+   * http://etutorials.org/Programming/secure+programming/
+   *     Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/
+   */
   return tor_strdup(filename);
 #else
   if (*filename == '~') {
@@ -2758,7 +3044,7 @@ expand_filename(const char *filename)
       tor_free(username);
       rest = slash ? (slash+1) : "";
 #else
-      log_warn(LD_CONFIG, "Couldn't expend homedir on system without pwd.h");
+      log_warn(LD_CONFIG, "Couldn't expand homedir on system without pwd.h");
       return tor_strdup(filename);
 #endif
     }
@@ -2807,10 +3093,14 @@ scan_unsigned(const char **bufp, unsigned long *out, int width, int base)
   while (**bufp && (hex?TOR_ISXDIGIT(**bufp):TOR_ISDIGIT(**bufp))
          && scanned_so_far < width) {
     int digit = hex?hex_decode_digit(*(*bufp)++):digit_to_num(*(*bufp)++);
-    unsigned long new_result = result * base + digit;
-    if (new_result < result)
-      return -1; /* over/underflow. */
-    result = new_result;
+    // Check for overflow beforehand, without actually causing any overflow
+    // This preserves functionality on compilers that don't wrap overflow
+    // (i.e. that trap or optimise away overflow)
+    // result * base + digit > ULONG_MAX
+    // result * base > ULONG_MAX - digit
+    if (result > (ULONG_MAX - digit)/base)
+      return -1; /* Processing this digit would overflow */
+    result = result * base + digit;
     ++scanned_so_far;
   }
 
@@ -2845,10 +3135,17 @@ scan_signed(const char **bufp, long *out, int width)
   if (scan_unsigned(bufp, &result, width, 10) < 0)
     return -1;
 
-  if (neg) {
+  if (neg && result > 0) {
     if (result > ((unsigned long)LONG_MAX) + 1)
       return -1; /* Underflow */
-    *out = -(long)result;
+    // Avoid overflow on the cast to signed long when result is LONG_MIN
+    // by subtracting 1 from the unsigned long positive value,
+    // then, after it has been cast to signed and negated,
+    // subtracting the original 1 (the double-subtraction is intentional).
+    // Otherwise, the cast to signed could cause a temporary long
+    // to equal LONG_MAX + 1, which is undefined.
+    // We avoid underflow on the subtraction by treating -0 as positive.
+    *out = (-(long)(result - 1)) - 1;
   } else {
     if (result > LONG_MAX)
       return -1; /* Overflow */
@@ -3303,7 +3600,7 @@ finish_daemon(const char *cp)
 /** Write the current process ID, followed by NL, into <b>filename</b>.
  */
 void
-write_pidfile(char *filename)
+write_pidfile(const char *filename)
 {
   FILE *pidfile;
 
@@ -3381,8 +3678,9 @@ format_win_cmdline_argument(const char *arg)
     smartlist_add(arg_chars, (void*)&backslash);
 
   /* Allocate space for argument, quotes (if needed), and terminator */
-  formatted_arg = tor_malloc(sizeof(char) *
-      (smartlist_len(arg_chars) + (need_quotes?2:0) + 1));
+  const size_t formatted_arg_len = smartlist_len(arg_chars) +
+    (need_quotes ? 2 : 0) + 1;
+  formatted_arg = tor_malloc_zero(formatted_arg_len);
 
   /* Add leading quote */
   i=0;
@@ -3547,7 +3845,13 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
 
   /* Convert errno to be unsigned for hex conversion */
   if (saved_errno < 0) {
-    unsigned_errno = (unsigned int) -saved_errno;
+    // Avoid overflow on the cast to unsigned int when result is INT_MIN
+    // by adding 1 to the signed int negative value,
+    // then, after it has been negated and cast to unsigned,
+    // adding the original 1 back (the double-addition is intentional).
+    // Otherwise, the cast to signed could cause a temporary int
+    // to equal INT_MAX + 1, which is undefined.
+    unsigned_errno = ((unsigned int) -(saved_errno + 1)) + 1;
   } else {
     unsigned_errno = (unsigned int) saved_errno;
   }
@@ -3626,8 +3930,13 @@ format_helper_exit_status(unsigned char child_state, int saved_errno,
 /* Maximum number of file descriptors, if we cannot get it via sysconf() */
 #define DEFAULT_MAX_FD 256
 
-/** Terminate the process of <b>process_handle</b>.
- *  Code borrowed from Python's os.kill. */
+/** Terminate the process of <b>process_handle</b>, if that process has not
+ * already exited.
+ *
+ * Return 0 if we succeeded in terminating the process (or if the process
+ * already exited), and -1 if we tried to kill the process but failed.
+ *
+ * Based on code originally borrowed from Python's os.kill. */
 int
 tor_terminate_process(process_handle_t *process_handle)
 {
@@ -3647,7 +3956,7 @@ tor_terminate_process(process_handle_t *process_handle)
   }
 #endif
 
-  return -1;
+  return 0; /* We didn't need to kill the process, so report success */
 }
 
 /** Return the Process ID of <b>process_handle</b>. */
@@ -3683,9 +3992,11 @@ process_handle_new(void)
   process_handle_t *out = tor_malloc_zero(sizeof(process_handle_t));
 
 #ifdef _WIN32
+  out->stdin_pipe = INVALID_HANDLE_VALUE;
   out->stdout_pipe = INVALID_HANDLE_VALUE;
   out->stderr_pipe = INVALID_HANDLE_VALUE;
 #else
+  out->stdin_pipe = -1;
   out->stdout_pipe = -1;
   out->stderr_pipe = -1;
 #endif
@@ -3725,7 +4036,7 @@ process_handle_waitpid_cb(int status, void *arg)
 #define CHILD_STATE_FORK 3
 #define CHILD_STATE_DUPOUT 4
 #define CHILD_STATE_DUPERR 5
-#define CHILD_STATE_REDIRECT 6
+#define CHILD_STATE_DUPIN 6
 #define CHILD_STATE_CLOSEFD 7
 #define CHILD_STATE_EXEC 8
 #define CHILD_STATE_FAILEXEC 9
@@ -3759,6 +4070,8 @@ tor_spawn_background(const char *const filename, const char **argv,
   HANDLE stdout_pipe_write = NULL;
   HANDLE stderr_pipe_read = NULL;
   HANDLE stderr_pipe_write = NULL;
+  HANDLE stdin_pipe_read = NULL;
+  HANDLE stdin_pipe_write = NULL;
   process_handle_t *process_handle;
   int status;
 
@@ -3804,6 +4117,20 @@ tor_spawn_background(const char *const filename, const char **argv,
     return status;
   }
 
+  /* Set up pipe for stdin */
+  if (!CreatePipe(&stdin_pipe_read, &stdin_pipe_write, &saAttr, 0)) {
+    log_warn(LD_GENERAL,
+      "Failed to create pipe for stdin communication with child process: %s",
+      format_win32_error(GetLastError()));
+    return status;
+  }
+  if (!SetHandleInformation(stdin_pipe_write, HANDLE_FLAG_INHERIT, 0)) {
+    log_warn(LD_GENERAL,
+      "Failed to configure pipe for stdin communication with child "
+      "process: %s", format_win32_error(GetLastError()));
+    return status;
+  }
+
   /* Create the child process */
 
   /* Windows expects argv to be a whitespace delimited string, so join argv up
@@ -3818,7 +4145,7 @@ tor_spawn_background(const char *const filename, const char **argv,
   siStartInfo.cb = sizeof(STARTUPINFO);
   siStartInfo.hStdError = stderr_pipe_write;
   siStartInfo.hStdOutput = stdout_pipe_write;
-  siStartInfo.hStdInput = NULL;
+  siStartInfo.hStdInput = stdin_pipe_read;
   siStartInfo.dwFlags |= STARTF_USESTDHANDLES;
 
   /* Create the child process */
@@ -3848,6 +4175,7 @@ tor_spawn_background(const char *const filename, const char **argv,
     /* TODO: Close hProcess and hThread in process_handle->pid? */
     process_handle->stdout_pipe = stdout_pipe_read;
     process_handle->stderr_pipe = stderr_pipe_read;
+    process_handle->stdin_pipe = stdin_pipe_write;
     status = process_handle->status = PROCESS_STATUS_RUNNING;
   }
 
@@ -3858,6 +4186,7 @@ tor_spawn_background(const char *const filename, const char **argv,
   pid_t pid;
   int stdout_pipe[2];
   int stderr_pipe[2];
+  int stdin_pipe[2];
   int fd, retval;
   ssize_t nbytes;
   process_handle_t *process_handle;
@@ -3882,7 +4211,7 @@ tor_spawn_background(const char *const filename, const char **argv,
 
   child_state = CHILD_STATE_PIPE;
 
-  /* Set up pipe for redirecting stdout and stderr of child */
+  /* Set up pipe for redirecting stdout, stderr, and stdin of child */
   retval = pipe(stdout_pipe);
   if (-1 == retval) {
     log_warn(LD_GENERAL,
@@ -3903,6 +4232,20 @@ tor_spawn_background(const char *const filename, const char **argv,
     return status;
   }
 
+  retval = pipe(stdin_pipe);
+  if (-1 == retval) {
+    log_warn(LD_GENERAL,
+      "Failed to set up pipe for stdin communication with child process: %s",
+       strerror(errno));
+
+    close(stdout_pipe[0]);
+    close(stdout_pipe[1]);
+    close(stderr_pipe[0]);
+    close(stderr_pipe[1]);
+
+    return status;
+  }
+
   child_state = CHILD_STATE_MAXFD;
 
 #ifdef _SC_OPEN_MAX
@@ -3924,6 +4267,15 @@ tor_spawn_background(const char *const filename, const char **argv,
   if (0 == pid) {
     /* In child */
 
+#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+    /* Attempt to have the kernel issue a SIGTERM if the parent
+     * goes away. Certain attributes of the binary being execve()ed
+     * will clear this during the execve() call, but it's better
+     * than nothing.
+     */
+    prctl(PR_SET_PDEATHSIG, SIGTERM);
+#endif
+
     child_state = CHILD_STATE_DUPOUT;
 
     /* Link child stdout to the write end of the pipe */
@@ -3938,13 +4290,11 @@ tor_spawn_background(const char *const filename, const char **argv,
     if (-1 == retval)
         goto error;
 
-    child_state = CHILD_STATE_REDIRECT;
+    child_state = CHILD_STATE_DUPIN;
 
-    /* Link stdin to /dev/null */
-    fd = open("/dev/null", O_RDONLY); /* NOT cloexec, obviously. */
-    if (fd != -1)
-      dup2(fd, STDIN_FILENO);
-    else
+    /* Link child stdin to the read end of the pipe */
+    retval = dup2(stdin_pipe[0], STDIN_FILENO);
+    if (-1 == retval)
       goto error;
 
     child_state = CHILD_STATE_CLOSEFD;
@@ -3953,7 +4303,8 @@ tor_spawn_background(const char *const filename, const char **argv,
     close(stderr_pipe[1]);
     close(stdout_pipe[0]);
     close(stdout_pipe[1]);
-    close(fd);
+    close(stdin_pipe[0]);
+    close(stdin_pipe[1]);
 
     /* Close all other fds, including the read end of the pipe */
     /* XXX: We should now be doing enough FD_CLOEXEC setting to make
@@ -3969,8 +4320,10 @@ tor_spawn_background(const char *const filename, const char **argv,
        does not modify the arguments */
     if (env)
       execve(filename, (char *const *) argv, env->unixoid_environment_block);
-    else
-      execvp(filename, (char *const *) argv);
+    else {
+      static char *new_env[] = { NULL };
+      execve(filename, (char *const *) argv, new_env);
+    }
 
     /* If we got here, the exec or open(/dev/null) failed */
 
@@ -4003,6 +4356,8 @@ tor_spawn_background(const char *const filename, const char **argv,
 
   if (-1 == pid) {
     log_warn(LD_GENERAL, "Failed to fork child process: %s", strerror(errno));
+    close(stdin_pipe[0]);
+    close(stdin_pipe[1]);
     close(stdout_pipe[0]);
     close(stdout_pipe[1]);
     close(stderr_pipe[0]);
@@ -4039,13 +4394,28 @@ tor_spawn_background(const char *const filename, const char **argv,
             strerror(errno));
   }
 
+  /* Return write end of the stdin pipe to caller, and close the read end */
+  process_handle->stdin_pipe = stdin_pipe[1];
+  retval = close(stdin_pipe[0]);
+
+  if (-1 == retval) {
+    log_warn(LD_GENERAL,
+            "Failed to close read end of stdin pipe in parent process: %s",
+            strerror(errno));
+  }
+
   status = process_handle->status = PROCESS_STATUS_RUNNING;
-  /* Set stdout/stderr pipes to be non-blocking */
-  fcntl(process_handle->stdout_pipe, F_SETFL, O_NONBLOCK);
-  fcntl(process_handle->stderr_pipe, F_SETFL, O_NONBLOCK);
+  /* Set stdin/stdout/stderr pipes to be non-blocking */
+  if (fcntl(process_handle->stdout_pipe, F_SETFL, O_NONBLOCK) < 0 ||
+      fcntl(process_handle->stderr_pipe, F_SETFL, O_NONBLOCK) < 0 ||
+      fcntl(process_handle->stdin_pipe, F_SETFL, O_NONBLOCK) < 0) {
+    log_warn(LD_GENERAL, "Failed to set stderror/stdout/stdin pipes "
+             "nonblocking in parent process: %s", strerror(errno));
+  }
   /* Open the buffered IO streams */
   process_handle->stdout_handle = fdopen(process_handle->stdout_pipe, "r");
   process_handle->stderr_handle = fdopen(process_handle->stderr_pipe, "r");
+  process_handle->stdin_handle = fdopen(process_handle->stdin_pipe, "r");
 
   *process_handle_out = process_handle;
   return process_handle->status;
@@ -4088,6 +4458,9 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
 
   if (process_handle->stderr_pipe)
     CloseHandle(process_handle->stderr_pipe);
+
+  if (process_handle->stdin_pipe)
+    CloseHandle(process_handle->stdin_pipe);
 #else
   if (process_handle->stdout_handle)
     fclose(process_handle->stdout_handle);
@@ -4095,6 +4468,9 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
   if (process_handle->stderr_handle)
     fclose(process_handle->stderr_handle);
 
+  if (process_handle->stdin_handle)
+    fclose(process_handle->stdin_handle);
+
   clear_waitpid_callback(process_handle->waitpid_cb);
 #endif
 
@@ -4192,7 +4568,7 @@ tor_get_exit_code(process_handle_t *process_handle,
 /** Helper: return the number of characters in <b>s</b> preceding the first
  * occurrence of <b>ch</b>. If <b>ch</b> does not occur in <b>s</b>, return
  * the length of <b>s</b>. Should be equivalent to strspn(s, "ch"). */
-static INLINE size_t
+static inline size_t
 str_num_before(const char *s, char ch)
 {
   const char *cp = strchr(s, ch);
@@ -4376,7 +4752,7 @@ tor_read_all_handle(HANDLE h, char *buf, size_t count,
   DWORD byte_count;
   BOOL process_exited = FALSE;
 
-  if (count > SIZE_T_CEILING || count > SSIZE_T_MAX)
+  if (count > SIZE_T_CEILING || count > SSIZE_MAX)
     return -1;
 
   while (numread != count) {
@@ -4442,7 +4818,7 @@ tor_read_all_handle(FILE *h, char *buf, size_t count,
   if (eof)
     *eof = 0;
 
-  if (count > SIZE_T_CEILING || count > SSIZE_T_MAX)
+  if (count > SIZE_T_CEILING || count > SSIZE_MAX)
     return -1;
 
   while (numread != count) {
@@ -5011,7 +5387,7 @@ tor_check_port_forwarding(const char *filename,
        for each smartlist element (one for "-p" and one for the
        ports), and one for the final NULL. */
     args_n = 1 + 2*smartlist_len(ports_to_forward) + 1;
-    argv = tor_malloc_zero(sizeof(char*)*args_n);
+    argv = tor_calloc(args_n, sizeof(char *));
 
     argv[argv_index++] = filename;
     SMARTLIST_FOREACH_BEGIN(ports_to_forward, const char *, port) {
@@ -5153,3 +5529,38 @@ tor_weak_random_range(tor_weak_rng_t *rng, int32_t top)
   return result;
 }
 
+/** Cast a given double value to a int64_t. Return 0 if number is NaN.
+ * Returns either INT64_MIN or INT64_MAX if number is outside of the int64_t
+ * range. */
+int64_t
+clamp_double_to_int64(double number)
+{
+  int exp;
+
+  /* NaN is a special case that can't be used with the logic below. */
+  if (isnan(number)) {
+    return 0;
+  }
+
+  /* Time to validate if result can overflows a int64_t value. Fun with
+   * float! Find that exponent exp such that
+   *    number == x * 2^exp
+   * for some x with abs(x) in [0.5, 1.0). Note that this implies that the
+   * magnitude of number is strictly less than 2^exp.
+   *
+   * If number is infinite, the call to frexp is legal but the contents of
+   * exp are unspecified. */
+  frexp(number, &exp);
+
+  /* If the magnitude of number is strictly less than 2^63, the truncated
+   * version of number is guaranteed to be representable. The only
+   * representable integer for which this is not the case is INT64_MIN, but
+   * it is covered by the logic below. */
+  if (isfinite(number) && exp <= 63) {
+    return number;
+  }
+
+  /* Handle infinities and finite numbers with magnitude >= 2^63. */
+  return signbit(number) ? INT64_MIN : INT64_MAX;
+}
+
diff --git a/src/common/util.h b/src/common/util.h
index 97367a9a7b..ebcf88b32d 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -29,6 +29,9 @@
 #ifndef O_TEXT
 #define O_TEXT 0
 #endif
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
+#endif
 
 /* Replace assert() with a variant that sends failures to the log before
  * calling assert() normally.
@@ -45,6 +48,14 @@
 #error "Sorry; we don't support building with NDEBUG."
 #endif
 
+/* Sometimes we don't want to use assertions during branch coverage tests; it
+ * leads to tons of unreached branches which in reality are only assertions we
+ * didn't hit. */
+#if defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS)
+#define tor_assert(a) STMT_BEGIN                                        \
+  (void)(a);                                                            \
+  STMT_END
+#else
 /** Like assert(3), but send assertion failures to the log as well as to
  * stderr. */
 #define tor_assert(expr) STMT_BEGIN                                     \
@@ -52,6 +63,7 @@
     tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr);     \
     abort();                                                            \
   } STMT_END
+#endif
 
 void tor_assertion_failed_(const char *fname, unsigned int line,
                            const char *func, const char *expr);
@@ -79,6 +91,7 @@ void *tor_malloc_(size_t size DMALLOC_PARAMS) ATTR_MALLOC;
 void *tor_malloc_zero_(size_t size DMALLOC_PARAMS) ATTR_MALLOC;
 void *tor_calloc_(size_t nmemb, size_t size DMALLOC_PARAMS) ATTR_MALLOC;
 void *tor_realloc_(void *ptr, size_t size DMALLOC_PARAMS);
+void *tor_reallocarray_(void *ptr, size_t size1, size_t size2 DMALLOC_PARAMS);
 char *tor_strdup_(const char *s DMALLOC_PARAMS) ATTR_MALLOC ATTR_NONNULL((1));
 char *tor_strndup_(const char *s, size_t n DMALLOC_PARAMS)
   ATTR_MALLOC ATTR_NONNULL((1));
@@ -116,6 +129,8 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
 #define tor_malloc_zero(size)  tor_malloc_zero_(size DMALLOC_ARGS)
 #define tor_calloc(nmemb,size) tor_calloc_(nmemb, size DMALLOC_ARGS)
 #define tor_realloc(ptr, size) tor_realloc_(ptr, size DMALLOC_ARGS)
+#define tor_reallocarray(ptr, sz1, sz2) \
+  tor_reallocarray_((ptr), (sz1), (sz2) DMALLOC_ARGS)
 #define tor_strdup(s)          tor_strdup_(s DMALLOC_ARGS)
 #define tor_strndup(s, n)      tor_strndup_(s, n DMALLOC_ARGS)
 #define tor_memdup(s, n)       tor_memdup_(s, n DMALLOC_ARGS)
@@ -169,7 +184,12 @@ uint64_t round_to_power_of_2(uint64_t u64);
 unsigned round_to_next_multiple_of(unsigned number, unsigned divisor);
 uint32_t round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor);
 uint64_t round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor);
+int64_t round_int64_to_next_multiple_of(int64_t number, int64_t divisor);
+int64_t sample_laplace_distribution(double mu, double b, double p);
+int64_t add_laplace_noise(int64_t signal, double random, double delta_f,
+                          double epsilon);
 int n_bits_set_u8(uint8_t v);
+int64_t clamp_double_to_int64(double number);
 
 /* Compute the CEIL of <b>a</b> divided by <b>b</b>, for nonnegative <b>a</b>
  * and positive <b>b</b>.  Works on integer types only. Not defined if a+b can
@@ -202,7 +222,6 @@ int strcasecmpstart(const char *s1, const char *s2) ATTR_NONNULL((1,2));
 int strcmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
 int strcasecmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
 int fast_memcmpstart(const void *mem, size_t memlen, const char *prefix);
-void tor_strclear(char *s);
 
 void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2));
 long tor_parse_long(const char *s, int base, long min,
@@ -224,11 +243,15 @@ const char *find_str_at_start_of_line(const char *haystack,
                                       const char *needle);
 int string_is_C_identifier(const char *string);
 int string_is_key_value(int severity, const char *string);
+int string_is_valid_hostname(const char *string);
+int string_is_valid_ipv4_address(const char *string);
+int string_is_valid_ipv6_address(const char *string);
 
 int tor_mem_is_zero(const char *mem, size_t len);
 int tor_digest_is_zero(const char *digest);
 int tor_digest256_is_zero(const char *digest);
 char *esc_for_log(const char *string) ATTR_MALLOC;
+char *esc_for_log_len(const char *chars, size_t n) ATTR_MALLOC;
 const char *escaped(const char *string);
 
 char *tor_escape_str_for_pt_args(const char *string,
@@ -246,10 +269,6 @@ void smartlist_add_vasprintf(struct smartlist_t *sl, const char *pattern,
                              va_list args)
   CHECK_PRINTF(2, 0);
 
-int hex_decode_digit(char c);
-void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen);
-int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-
 /* Time helpers */
 long tv_udiff(const struct timeval *start, const struct timeval *end);
 long tv_mdiff(const struct timeval *start, const struct timeval *end);
@@ -264,6 +283,7 @@ void format_local_iso_time(char *buf, time_t t);
 void format_iso_time(char *buf, time_t t);
 void format_iso_time_nospace(char *buf, time_t t);
 void format_iso_time_nospace_usec(char *buf, const struct timeval *tv);
+int parse_iso_time_(const char *cp, time_t *t, int strict);
 int parse_iso_time(const char *buf, time_t *t);
 int parse_http_time(const char *buf, struct tm *tm);
 int format_time_interval(char *out, size_t out_len, long interval);
@@ -331,19 +351,22 @@ enum stream_status get_string_from_pipe(FILE *stream, char *buf, size_t count);
 
 /** Return values from file_status(); see that function's documentation
  * for details. */
-typedef enum { FN_ERROR, FN_NOENT, FN_FILE, FN_DIR } file_status_t;
+typedef enum { FN_ERROR, FN_NOENT, FN_FILE, FN_DIR, FN_EMPTY } file_status_t;
 file_status_t file_status(const char *filename);
 
 /** Possible behaviors for check_private_dir() on encountering a nonexistent
  * directory; see that function's documentation for details. */
 typedef unsigned int cpd_check_t;
-#define CPD_NONE 0
-#define CPD_CREATE 1
-#define CPD_CHECK 2
-#define CPD_GROUP_OK 4
-#define CPD_CHECK_MODE_ONLY 8
+#define CPD_NONE                 0
+#define CPD_CREATE               (1u << 0)
+#define CPD_CHECK                (1u << 1)
+#define CPD_GROUP_OK             (1u << 2)
+#define CPD_GROUP_READ           (1u << 3)
+#define CPD_CHECK_MODE_ONLY      (1u << 4)
+#define CPD_RELAX_DIRMODE_CHECK  (1u << 5)
 int check_private_dir(const char *dirname, cpd_check_t check,
                       const char *effective_user);
+
 #define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC)
 #define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)
 #define OPEN_FLAGS_DONT_REPLACE (O_CREAT|O_EXCL|O_APPEND|O_WRONLY)
@@ -397,7 +420,7 @@ int path_is_relative(const char *filename);
 /* Process helpers */
 void start_daemon(void);
 void finish_daemon(const char *desired_cwd);
-void write_pidfile(char *filename);
+void write_pidfile(const char *filename);
 
 /* Port forwarding */
 void tor_check_port_forwarding(const char *filename,
@@ -453,12 +476,15 @@ struct process_handle_t {
   /** One of the PROCESS_STATUS_* values */
   int status;
 #ifdef _WIN32
+  HANDLE stdin_pipe;
   HANDLE stdout_pipe;
   HANDLE stderr_pipe;
   PROCESS_INFORMATION pid;
 #else
+  int stdin_pipe;
   int stdout_pipe;
   int stderr_pipe;
+  FILE *stdin_handle;
   FILE *stdout_handle;
   FILE *stderr_handle;
   pid_t pid;
@@ -549,9 +575,7 @@ STATIC int format_helper_exit_status(unsigned char child_state,
 
 #endif
 
-const char *libor_get_digests(void);
-
-#define ARRAY_LENGTH(x) (sizeof(x)) / sizeof(x[0])
+#define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0]))
 
 #endif
 
diff --git a/src/common/util_codedigest.c b/src/common/util_codedigest.c
deleted file mode 100644
index 7384f7dc1a..0000000000
--- a/src/common/util_codedigest.c
+++ /dev/null
@@ -1,13 +0,0 @@
-
-#include "util.h"
-
-/** Return a string describing the digest of the source files in src/common/
- */
-const char *
-libor_get_digests(void)
-{
-  return ""
-#include "common_sha1.i"
-    ;
-}
-
diff --git a/src/common/util_format.c b/src/common/util_format.c
new file mode 100644
index 0000000000..8aae9e8771
--- /dev/null
+++ b/src/common/util_format.c
@@ -0,0 +1,535 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file util_format.c
+ *
+ * \brief Miscellaneous functions for encoding and decoding various things
+ *   in base{16,32,64}.
+ */
+
+#include "orconfig.h"
+#include "torlog.h"
+#include "util.h"
+#include "util_format.h"
+#include "torint.h"
+
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+
+/** Implements base32 encoding as in RFC 4648.  Limitation: Requires
+ * that srclen*8 is a multiple of 5.
+ */
+void
+base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+  unsigned int i, v, u;
+  size_t nbits = srclen * 8, bit;
+
+  tor_assert(srclen < SIZE_T_CEILING/8);
+  tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
+  tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
+  tor_assert(destlen < SIZE_T_CEILING);
+
+  for (i=0,bit=0; bit < nbits; ++i, bit+=5) {
+    /* set v to the 16-bit value starting at src[bits/8], 0-padded. */
+    v = ((uint8_t)src[bit/8]) << 8;
+    if (bit+5<nbits) v += (uint8_t)src[(bit/8)+1];
+    /* set u to the 5-bit value at the bit'th bit of src. */
+    u = (v >> (11-(bit%8))) & 0x1F;
+    dest[i] = BASE32_CHARS[u];
+  }
+  dest[i] = '\0';
+}
+
+/** Implements base32 decoding as in RFC 4648.  Limitation: Requires
+ * that srclen*5 is a multiple of 8. Returns 0 if successful, -1 otherwise.
+ */
+int
+base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+  /* XXXX we might want to rewrite this along the lines of base64_decode, if
+   * it ever shows up in the profile. */
+  unsigned int i;
+  size_t nbits, j, bit;
+  char *tmp;
+  nbits = srclen * 5;
+
+  tor_assert(srclen < SIZE_T_CEILING / 5);
+  tor_assert((nbits%8) == 0); /* We need an even multiple of 8 bits. */
+  tor_assert((nbits/8) <= destlen); /* We need enough space. */
+  tor_assert(destlen < SIZE_T_CEILING);
+
+  memset(dest, 0, destlen);
+
+  /* Convert base32 encoded chars to the 5-bit values that they represent. */
+  tmp = tor_malloc_zero(srclen);
+  for (j = 0; j < srclen; ++j) {
+    if (src[j] > 0x60 && src[j] < 0x7B) tmp[j] = src[j] - 0x61;
+    else if (src[j] > 0x31 && src[j] < 0x38) tmp[j] = src[j] - 0x18;
+    else if (src[j] > 0x40 && src[j] < 0x5B) tmp[j] = src[j] - 0x41;
+    else {
+      log_warn(LD_BUG, "illegal character in base32 encoded string");
+      tor_free(tmp);
+      return -1;
+    }
+  }
+
+  /* Assemble result byte-wise by applying five possible cases. */
+  for (i = 0, bit = 0; bit < nbits; ++i, bit += 8) {
+    switch (bit % 40) {
+    case 0:
+      dest[i] = (((uint8_t)tmp[(bit/5)]) << 3) +
+                (((uint8_t)tmp[(bit/5)+1]) >> 2);
+      break;
+    case 8:
+      dest[i] = (((uint8_t)tmp[(bit/5)]) << 6) +
+                (((uint8_t)tmp[(bit/5)+1]) << 1) +
+                (((uint8_t)tmp[(bit/5)+2]) >> 4);
+      break;
+    case 16:
+      dest[i] = (((uint8_t)tmp[(bit/5)]) << 4) +
+                (((uint8_t)tmp[(bit/5)+1]) >> 1);
+      break;
+    case 24:
+      dest[i] = (((uint8_t)tmp[(bit/5)]) << 7) +
+                (((uint8_t)tmp[(bit/5)+1]) << 2) +
+                (((uint8_t)tmp[(bit/5)+2]) >> 3);
+      break;
+    case 32:
+      dest[i] = (((uint8_t)tmp[(bit/5)]) << 5) +
+                ((uint8_t)tmp[(bit/5)+1]);
+      break;
+    }
+  }
+
+  memset(tmp, 0, srclen); /* on the heap, this should be safe */
+  tor_free(tmp);
+  tmp = NULL;
+  return 0;
+}
+
+#define BASE64_OPENSSL_LINELEN 64
+
+/** Return the Base64 encoded size of <b>srclen</b> bytes of data in
+ * bytes.
+ *
+ * If <b>flags</b>&amp;BASE64_ENCODE_MULTILINE is true, return the size
+ * of the encoded output as multiline output (64 character, `\n' terminated
+ * lines).
+ */
+size_t
+base64_encode_size(size_t srclen, int flags)
+{
+  size_t enclen;
+  tor_assert(srclen < INT_MAX);
+
+  if (srclen == 0)
+    return 0;
+
+  enclen = ((srclen - 1) / 3) * 4 + 4;
+  if (flags & BASE64_ENCODE_MULTILINE) {
+    size_t remainder = enclen % BASE64_OPENSSL_LINELEN;
+    enclen += enclen / BASE64_OPENSSL_LINELEN;
+    if (remainder)
+      enclen++;
+  }
+  tor_assert(enclen < INT_MAX && enclen > srclen);
+  return enclen;
+}
+
+/** Internal table mapping 6 bit values to the Base64 alphabet. */
+static const char base64_encode_table[64] = {
+  'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+  'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+  'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+  'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+  'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+  'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+  'w', 'x', 'y', 'z', '0', '1', '2', '3',
+  '4', '5', '6', '7', '8', '9', '+', '/'
+};
+
+/** Base64 encode <b>srclen</b> bytes of data from <b>src</b>.  Write
+ * the result into <b>dest</b>, if it will fit within <b>destlen</b>
+ * bytes. Return the number of bytes written on success; -1 if
+ * destlen is too short, or other failure.
+ *
+ * If <b>flags</b>&amp;BASE64_ENCODE_MULTILINE is true, return encoded
+ * output in multiline format (64 character, `\n' terminated lines).
+ */
+int
+base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
+              int flags)
+{
+  const unsigned char *usrc = (unsigned char *)src;
+  const unsigned char *eous = usrc + srclen;
+  char *d = dest;
+  uint32_t n = 0;
+  size_t linelen = 0;
+  size_t enclen;
+  int n_idx = 0;
+
+  if (!src || !dest)
+    return -1;
+
+  /* Ensure that there is sufficient space, including the NUL. */
+  enclen = base64_encode_size(srclen, flags);
+  if (destlen < enclen + 1)
+    return -1;
+  if (destlen > SIZE_T_CEILING)
+    return -1;
+  if (enclen > INT_MAX)
+    return -1;
+
+  memset(dest, 0, enclen);
+
+  /* XXX/Yawning: If this ends up being too slow, this can be sped up
+   * by separating the multiline format case and the normal case, and
+   * processing 48 bytes of input at a time when newlines are desired.
+   */
+#define ENCODE_CHAR(ch) \
+  STMT_BEGIN                                                    \
+    *d++ = ch;                                                  \
+    if (flags & BASE64_ENCODE_MULTILINE) {                      \
+      if (++linelen % BASE64_OPENSSL_LINELEN == 0) {            \
+        linelen = 0;                                            \
+        *d++ = '\n';                                            \
+      }                                                         \
+    }                                                           \
+  STMT_END
+
+#define ENCODE_N(idx) \
+  ENCODE_CHAR(base64_encode_table[(n >> ((3 - idx) * 6)) & 0x3f])
+
+#define ENCODE_PAD() ENCODE_CHAR('=')
+
+  /* Iterate over all the bytes in src.  Each one will add 8 bits to the
+   * value we're encoding.  Accumulate bits in <b>n</b>, and whenever we
+   * have 24 bits, batch them into 4 bytes and flush those bytes to dest.
+   */
+  for ( ; usrc < eous; ++usrc) {
+    n = (n << 8) | *usrc;
+    if ((++n_idx) == 3) {
+      ENCODE_N(0);
+      ENCODE_N(1);
+      ENCODE_N(2);
+      ENCODE_N(3);
+      n_idx = 0;
+      n = 0;
+    }
+  }
+  switch (n_idx) {
+  case 0:
+    /* 0 leftover bits, no pading to add. */
+    break;
+  case 1:
+    /* 8 leftover bits, pad to 12 bits, write the 2 6-bit values followed
+     * by 2 padding characters.
+     */
+    n <<= 4;
+    ENCODE_N(2);
+    ENCODE_N(3);
+    ENCODE_PAD();
+    ENCODE_PAD();
+    break;
+  case 2:
+    /* 16 leftover bits, pad to 18 bits, write the 3 6-bit values followed
+     * by 1 padding character.
+     */
+    n <<= 2;
+    ENCODE_N(1);
+    ENCODE_N(2);
+    ENCODE_N(3);
+    ENCODE_PAD();
+    break;
+  default:
+    /* Something went catastrophically wrong. */
+    tor_fragile_assert();
+    return -1;
+  }
+
+#undef ENCODE_N
+#undef ENCODE_PAD
+#undef ENCODE_CHAR
+
+  /* Multiline output always includes at least one newline. */
+  if (flags & BASE64_ENCODE_MULTILINE && linelen != 0)
+    *d++ = '\n';
+
+  tor_assert(d - dest == (ptrdiff_t)enclen);
+
+  *d++ = '\0'; /* NUL terminate the output. */
+
+  return (int) enclen;
+}
+
+/** As base64_encode, but do not add any internal spaces or external padding
+ * to the output stream. */
+int
+base64_encode_nopad(char *dest, size_t destlen,
+                    const uint8_t *src, size_t srclen)
+{
+  int n = base64_encode(dest, destlen, (const char*) src, srclen, 0);
+  if (n <= 0)
+    return n;
+  tor_assert((size_t)n < destlen && dest[n] == 0);
+  char *in, *out;
+  in = out = dest;
+  while (*in) {
+    if (*in == '=' || *in == '\n') {
+      ++in;
+    } else {
+      *out++ = *in++;
+    }
+  }
+  *out = 0;
+
+  tor_assert(out - dest <= INT_MAX);
+
+  return (int)(out - dest);
+}
+
+/** As base64_decode, but do not require any padding on the input */
+int
+base64_decode_nopad(uint8_t *dest, size_t destlen,
+                    const char *src, size_t srclen)
+{
+  if (srclen > SIZE_T_CEILING - 4)
+    return -1;
+  char *buf = tor_malloc(srclen + 4);
+  memcpy(buf, src, srclen+1);
+  size_t buflen;
+  switch (srclen % 4)
+    {
+    case 0:
+    default:
+      buflen = srclen;
+      break;
+    case 1:
+      tor_free(buf);
+      return -1;
+    case 2:
+      memcpy(buf+srclen, "==", 3);
+      buflen = srclen + 2;
+      break;
+    case 3:
+      memcpy(buf+srclen, "=", 2);
+      buflen = srclen + 1;
+      break;
+  }
+  int n = base64_decode((char*)dest, destlen, buf, buflen);
+  tor_free(buf);
+  return n;
+}
+
+#undef BASE64_OPENSSL_LINELEN
+
+/** @{ */
+/** Special values used for the base64_decode_table */
+#define X 255
+#define SP 64
+#define PAD 65
+/** @} */
+/** Internal table mapping byte values to what they represent in base64.
+ * Numbers 0..63 are 6-bit integers.  SPs are spaces, and should be
+ * skipped.  Xs are invalid and must not appear in base64. PAD indicates
+ * end-of-string. */
+static const uint8_t base64_decode_table[256] = {
+  X, X, X, X, X, X, X, X, X, SP, SP, SP, X, SP, X, X, /* */
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  SP, X, X, X, X, X, X, X, X, X, X, 62, X, X, X, 63,
+  52, 53, 54, 55, 56, 57, 58, 59, 60, 61, X, X, X, PAD, X, X,
+  X, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+  15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, X, X, X, X, X,
+  X, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+  41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+  X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+};
+
+/** Base64 decode <b>srclen</b> bytes of data from <b>src</b>.  Write
+ * the result into <b>dest</b>, if it will fit within <b>destlen</b>
+ * bytes.  Return the number of bytes written on success; -1 if
+ * destlen is too short, or other failure.
+ *
+ * NOTE 1: destlen is checked conservatively, as though srclen contained no
+ * spaces or padding.
+ *
+ * NOTE 2: This implementation does not check for the correct number of
+ * padding "=" characters at the end of the string, and does not check
+ * for internal padding characters.
+ */
+int
+base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+  const char *eos = src+srclen;
+  uint32_t n=0;
+  int n_idx=0;
+  char *dest_orig = dest;
+
+  /* Max number of bits == srclen*6.
+   * Number of bytes required to hold all bits == (srclen*6)/8.
+   * Yes, we want to round down: anything that hangs over the end of a
+   * byte is padding. */
+  if (destlen < (srclen*3)/4)
+    return -1;
+  if (destlen > SIZE_T_CEILING)
+    return -1;
+
+  memset(dest, 0, destlen);
+
+  /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the
+   * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have
+   * 24 bits, batch them into 3 bytes and flush those bytes to dest.
+   */
+  for ( ; src < eos; ++src) {
+    unsigned char c = (unsigned char) *src;
+    uint8_t v = base64_decode_table[c];
+    switch (v) {
+      case X:
+        /* This character isn't allowed in base64. */
+        return -1;
+      case SP:
+        /* This character is whitespace, and has no effect. */
+        continue;
+      case PAD:
+        /* We've hit an = character: the data is over. */
+        goto end_of_loop;
+      default:
+        /* We have an actual 6-bit value.  Append it to the bits in n. */
+        n = (n<<6) | v;
+        if ((++n_idx) == 4) {
+          /* We've accumulated 24 bits in n. Flush them. */
+          *dest++ = (n>>16);
+          *dest++ = (n>>8) & 0xff;
+          *dest++ = (n) & 0xff;
+          n_idx = 0;
+          n = 0;
+        }
+    }
+  }
+ end_of_loop:
+  /* If we have leftover bits, we need to cope. */
+  switch (n_idx) {
+    case 0:
+    default:
+      /* No leftover bits.  We win. */
+      break;
+    case 1:
+      /* 6 leftover bits. That's invalid; we can't form a byte out of that. */
+      return -1;
+    case 2:
+      /* 12 leftover bits: The last 4 are padding and the first 8 are data. */
+      *dest++ = n >> 4;
+      break;
+    case 3:
+      /* 18 leftover bits: The last 2 are padding and the first 16 are data. */
+      *dest++ = n >> 10;
+      *dest++ = n >> 2;
+  }
+
+  tor_assert((dest-dest_orig) <= (ssize_t)destlen);
+  tor_assert((dest-dest_orig) <= INT_MAX);
+
+  return (int)(dest-dest_orig);
+}
+#undef X
+#undef SP
+#undef PAD
+
+/** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
+ * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
+ * <b>dest</b>.
+ */
+void
+base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+  const char *end;
+  char *cp;
+
+  tor_assert(destlen >= srclen*2+1);
+  tor_assert(destlen < SIZE_T_CEILING);
+
+  cp = dest;
+  end = src+srclen;
+  while (src<end) {
+    *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) >> 4 ];
+    *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) & 0xf ];
+    ++src;
+  }
+  *cp = '\0';
+}
+
+/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
+static inline int
+hex_decode_digit_(char c)
+{
+  switch (c) {
+    case '0': return 0;
+    case '1': return 1;
+    case '2': return 2;
+    case '3': return 3;
+    case '4': return 4;
+    case '5': return 5;
+    case '6': return 6;
+    case '7': return 7;
+    case '8': return 8;
+    case '9': return 9;
+    case 'A': case 'a': return 10;
+    case 'B': case 'b': return 11;
+    case 'C': case 'c': return 12;
+    case 'D': case 'd': return 13;
+    case 'E': case 'e': return 14;
+    case 'F': case 'f': return 15;
+    default:
+      return -1;
+  }
+}
+
+/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
+int
+hex_decode_digit(char c)
+{
+  return hex_decode_digit_(c);
+}
+
+/** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
+ * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
+ * Return 0 on success, -1 on failure. */
+int
+base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+  const char *end;
+
+  int v1,v2;
+  if ((srclen % 2) != 0)
+    return -1;
+  if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
+    return -1;
+
+  memset(dest, 0, destlen);
+
+  end = src+srclen;
+  while (src<end) {
+    v1 = hex_decode_digit_(*src);
+    v2 = hex_decode_digit_(*(src+1));
+    if (v1<0||v2<0)
+      return -1;
+    *(uint8_t*)dest = (v1<<4)|v2;
+    ++dest;
+    src+=2;
+  }
+  return 0;
+}
+
diff --git a/src/common/util_format.h b/src/common/util_format.h
new file mode 100644
index 0000000000..a748a4f3cf
--- /dev/null
+++ b/src/common/util_format.h
@@ -0,0 +1,33 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_UTIL_FORMAT_H
+#define TOR_UTIL_FORMAT_H
+
+#include "testsupport.h"
+#include "torint.h"
+
+#define BASE64_ENCODE_MULTILINE 1
+size_t base64_encode_size(size_t srclen, int flags);
+int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
+                  int flags);
+int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
+int base64_encode_nopad(char *dest, size_t destlen,
+                        const uint8_t *src, size_t srclen);
+int base64_decode_nopad(uint8_t *dest, size_t destlen,
+                        const char *src, size_t srclen);
+
+/** Characters that can appear (case-insensitively) in a base32 encoding. */
+#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
+void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);
+int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen);
+
+int hex_decode_digit(char c);
+void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen);
+int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen);
+
+#endif
+
diff --git a/src/common/util_process.c b/src/common/util_process.c
index d6ef590162..848b238318 100644
--- a/src/common/util_process.c
+++ b/src/common/util_process.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -45,13 +45,13 @@ struct waitpid_callback_t {
   unsigned running;
 };
 
-static INLINE unsigned int
+static inline unsigned int
 process_map_entry_hash_(const waitpid_callback_t *ent)
 {
   return (unsigned) ent->pid;
 }
 
-static INLINE unsigned int
+static inline unsigned int
 process_map_entries_eq_(const waitpid_callback_t *a,
                         const waitpid_callback_t *b)
 {
@@ -62,8 +62,8 @@ static HT_HEAD(process_map, waitpid_callback_t) process_map = HT_INITIALIZER();
 
 HT_PROTOTYPE(process_map, waitpid_callback_t, node, process_map_entry_hash_,
              process_map_entries_eq_);
-HT_GENERATE(process_map, waitpid_callback_t, node, process_map_entry_hash_,
-            process_map_entries_eq_, 0.6, malloc, realloc, free);
+HT_GENERATE2(process_map, waitpid_callback_t, node, process_map_entry_hash_,
+             process_map_entries_eq_, 0.6, tor_reallocarray_, tor_free_);
 
 /**
  * Begin monitoring the child pid <b>pid</b> to see if we get a SIGCHLD for
diff --git a/src/common/util_process.h b/src/common/util_process.h
index 0b268b85d3..d38301a354 100644
--- a/src/common/util_process.h
+++ b/src/common/util_process.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2013, The Tor Project, Inc. */
+/* Copyright (c) 2011-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/common/workqueue.c b/src/common/workqueue.c
new file mode 100644
index 0000000000..0a38550de0
--- /dev/null
+++ b/src/common/workqueue.c
@@ -0,0 +1,511 @@
+/* copyright (c) 2013-2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file workqueue.c
+ *
+ * \brief Implements worker threads, queues of work for them, and mechanisms
+ * for them to send answers back to the main thread.
+ */
+
+#include "orconfig.h"
+#include "compat.h"
+#include "compat_threads.h"
+#include "util.h"
+#include "workqueue.h"
+#include "tor_queue.h"
+#include "torlog.h"
+
+struct threadpool_s {
+  /** An array of pointers to workerthread_t: one for each running worker
+   * thread. */
+  struct workerthread_s **threads;
+
+  /** Condition variable that we wait on when we have no work, and which
+   * gets signaled when our queue becomes nonempty. */
+  tor_cond_t condition;
+  /** Queue of pending work that we have to do. */
+  TOR_TAILQ_HEAD(, workqueue_entry_s) work;
+
+  /** The current 'update generation' of the threadpool.  Any thread that is
+   * at an earlier generation needs to run the update function. */
+  unsigned generation;
+
+  /** Function that should be run for updates on each thread. */
+  workqueue_reply_t (*update_fn)(void *, void *);
+  /** Function to free update arguments if they can't be run. */
+  void (*free_update_arg_fn)(void *);
+  /** Array of n_threads update arguments. */
+  void **update_args;
+
+  /** Number of elements in threads. */
+  int n_threads;
+  /** Mutex to protect all the above fields. */
+  tor_mutex_t lock;
+
+  /** A reply queue to use when constructing new threads. */
+  replyqueue_t *reply_queue;
+
+  /** Functions used to allocate and free thread state. */
+  void *(*new_thread_state_fn)(void*);
+  void (*free_thread_state_fn)(void*);
+  void *new_thread_state_arg;
+};
+
+struct workqueue_entry_s {
+  /** The next workqueue_entry_t that's pending on the same thread or
+   * reply queue. */
+  TOR_TAILQ_ENTRY(workqueue_entry_s) next_work;
+  /** The threadpool to which this workqueue_entry_t was assigned. This field
+   * is set when the workqueue_entry_t is created, and won't be cleared until
+   * after it's handled in the main thread. */
+  struct threadpool_s *on_pool;
+  /** True iff this entry is waiting for a worker to start processing it. */
+  uint8_t pending;
+  /** Function to run in the worker thread. */
+  workqueue_reply_t (*fn)(void *state, void *arg);
+  /** Function to run while processing the reply queue. */
+  void (*reply_fn)(void *arg);
+  /** Argument for the above functions. */
+  void *arg;
+};
+
+struct replyqueue_s {
+  /** Mutex to protect the answers field */
+  tor_mutex_t lock;
+  /** Doubly-linked list of answers that the reply queue needs to handle. */
+  TOR_TAILQ_HEAD(, workqueue_entry_s) answers;
+
+  /** Mechanism to wake up the main thread when it is receiving answers. */
+  alert_sockets_t alert;
+};
+
+/** A worker thread represents a single thread in a thread pool.  To avoid
+ * contention, each gets its own queue. This breaks the guarantee that that
+ * queued work will get executed strictly in order. */
+typedef struct workerthread_s {
+  /** Which thread it this?  In range 0..in_pool->n_threads-1 */
+  int index;
+  /** The pool this thread is a part of. */
+  struct threadpool_s *in_pool;
+  /** User-supplied state field that we pass to the worker functions of each
+   * work item. */
+  void *state;
+  /** Reply queue to which we pass our results. */
+  replyqueue_t *reply_queue;
+  /** The current update generation of this thread */
+  unsigned generation;
+} workerthread_t;
+
+static void queue_reply(replyqueue_t *queue, workqueue_entry_t *work);
+
+/** Allocate and return a new workqueue_entry_t, set up to run the function
+ * <b>fn</b> in the worker thread, and <b>reply_fn</b> in the main
+ * thread. See threadpool_queue_work() for full documentation. */
+static workqueue_entry_t *
+workqueue_entry_new(workqueue_reply_t (*fn)(void*, void*),
+                    void (*reply_fn)(void*),
+                    void *arg)
+{
+  workqueue_entry_t *ent = tor_malloc_zero(sizeof(workqueue_entry_t));
+  ent->fn = fn;
+  ent->reply_fn = reply_fn;
+  ent->arg = arg;
+  return ent;
+}
+
+/**
+ * Release all storage held in <b>ent</b>. Call only when <b>ent</b> is not on
+ * any queue.
+ */
+static void
+workqueue_entry_free(workqueue_entry_t *ent)
+{
+  if (!ent)
+    return;
+  memset(ent, 0xf0, sizeof(*ent));
+  tor_free(ent);
+}
+
+/**
+ * Cancel a workqueue_entry_t that has been returned from
+ * threadpool_queue_work.
+ *
+ * You must not call this function on any work whose reply function has been
+ * executed in the main thread; that will cause undefined behavior (probably,
+ * a crash).
+ *
+ * If the work is cancelled, this function return the argument passed to the
+ * work function. It is the caller's responsibility to free this storage.
+ *
+ * This function will have no effect if the worker thread has already executed
+ * or begun to execute the work item.  In that case, it will return NULL.
+ */
+void *
+workqueue_entry_cancel(workqueue_entry_t *ent)
+{
+  int cancelled = 0;
+  void *result = NULL;
+  tor_mutex_acquire(&ent->on_pool->lock);
+  if (ent->pending) {
+    TOR_TAILQ_REMOVE(&ent->on_pool->work, ent, next_work);
+    cancelled = 1;
+    result = ent->arg;
+  }
+  tor_mutex_release(&ent->on_pool->lock);
+
+  if (cancelled) {
+    workqueue_entry_free(ent);
+  }
+  return result;
+}
+
+/**DOCDOC
+
+   must hold lock */
+static int
+worker_thread_has_work(workerthread_t *thread)
+{
+  return !TOR_TAILQ_EMPTY(&thread->in_pool->work) ||
+    thread->generation != thread->in_pool->generation;
+}
+
+/**
+ * Main function for the worker thread.
+ */
+static void
+worker_thread_main(void *thread_)
+{
+  workerthread_t *thread = thread_;
+  threadpool_t *pool = thread->in_pool;
+  workqueue_entry_t *work;
+  workqueue_reply_t result;
+
+  tor_mutex_acquire(&pool->lock);
+  while (1) {
+    /* lock must be held at this point. */
+    while (worker_thread_has_work(thread)) {
+      /* lock must be held at this point. */
+      if (thread->in_pool->generation != thread->generation) {
+        void *arg = thread->in_pool->update_args[thread->index];
+        thread->in_pool->update_args[thread->index] = NULL;
+        workqueue_reply_t (*update_fn)(void*,void*) =
+            thread->in_pool->update_fn;
+        thread->generation = thread->in_pool->generation;
+        tor_mutex_release(&pool->lock);
+
+        workqueue_reply_t r = update_fn(thread->state, arg);
+
+        if (r != WQ_RPL_REPLY) {
+          return;
+        }
+
+        tor_mutex_acquire(&pool->lock);
+        continue;
+      }
+      work = TOR_TAILQ_FIRST(&pool->work);
+      TOR_TAILQ_REMOVE(&pool->work, work, next_work);
+      work->pending = 0;
+      tor_mutex_release(&pool->lock);
+
+      /* We run the work function without holding the thread lock. This
+       * is the main thread's first opportunity to give us more work. */
+      result = work->fn(thread->state, work->arg);
+
+      /* Queue the reply for the main thread. */
+      queue_reply(thread->reply_queue, work);
+
+      /* We may need to exit the thread. */
+      if (result != WQ_RPL_REPLY) {
+        return;
+      }
+      tor_mutex_acquire(&pool->lock);
+    }
+    /* At this point the lock is held, and there is no work in this thread's
+     * queue. */
+
+    /* TODO: support an idle-function */
+
+    /* Okay. Now, wait till somebody has work for us. */
+    if (tor_cond_wait(&pool->condition, &pool->lock, NULL) < 0) {
+      log_warn(LD_GENERAL, "Fail tor_cond_wait.");
+    }
+  }
+}
+
+/** Put a reply on the reply queue.  The reply must not currently be on
+ * any thread's work queue. */
+static void
+queue_reply(replyqueue_t *queue, workqueue_entry_t *work)
+{
+  int was_empty;
+  tor_mutex_acquire(&queue->lock);
+  was_empty = TOR_TAILQ_EMPTY(&queue->answers);
+  TOR_TAILQ_INSERT_TAIL(&queue->answers, work, next_work);
+  tor_mutex_release(&queue->lock);
+
+  if (was_empty) {
+    if (queue->alert.alert_fn(queue->alert.write_fd) < 0) {
+      /* XXXX complain! */
+    }
+  }
+}
+
+/** Allocate and start a new worker thread to use state object <b>state</b>,
+ * and send responses to <b>replyqueue</b>. */
+static workerthread_t *
+workerthread_new(void *state, threadpool_t *pool, replyqueue_t *replyqueue)
+{
+  workerthread_t *thr = tor_malloc_zero(sizeof(workerthread_t));
+  thr->state = state;
+  thr->reply_queue = replyqueue;
+  thr->in_pool = pool;
+
+  if (spawn_func(worker_thread_main, thr) < 0) {
+    log_err(LD_GENERAL, "Can't launch worker thread.");
+    tor_free(thr);
+    return NULL;
+  }
+
+  return thr;
+}
+
+/**
+ * Queue an item of work for a thread in a thread pool.  The function
+ * <b>fn</b> will be run in a worker thread, and will receive as arguments the
+ * thread's state object, and the provided object <b>arg</b>. It must return
+ * one of WQ_RPL_REPLY, WQ_RPL_ERROR, or WQ_RPL_SHUTDOWN.
+ *
+ * Regardless of its return value, the function <b>reply_fn</b> will later be
+ * run in the main thread when it invokes replyqueue_process(), and will
+ * receive as its argument the same <b>arg</b> object.  It's the reply
+ * function's responsibility to free the work object.
+ *
+ * On success, return a workqueue_entry_t object that can be passed to
+ * workqueue_entry_cancel(). On failure, return NULL.
+ *
+ * Note that because each thread has its own work queue, work items may not
+ * be executed strictly in order.
+ */
+workqueue_entry_t *
+threadpool_queue_work(threadpool_t *pool,
+                      workqueue_reply_t (*fn)(void *, void *),
+                      void (*reply_fn)(void *),
+                      void *arg)
+{
+  workqueue_entry_t *ent = workqueue_entry_new(fn, reply_fn, arg);
+  ent->on_pool = pool;
+  ent->pending = 1;
+
+  tor_mutex_acquire(&pool->lock);
+
+  TOR_TAILQ_INSERT_TAIL(&pool->work, ent, next_work);
+
+  tor_cond_signal_one(&pool->condition);
+
+  tor_mutex_release(&pool->lock);
+
+  return ent;
+}
+
+/**
+ * Queue a copy of a work item for every thread in a pool.  This can be used,
+ * for example, to tell the threads to update some parameter in their states.
+ *
+ * Arguments are as for <b>threadpool_queue_work</b>, except that the
+ * <b>arg</b> value is passed to <b>dup_fn</b> once per each thread to
+ * make a copy of it.
+ *
+ * UPDATE FUNCTIONS MUST BE IDEMPOTENT.  We do not guarantee that every update
+ * will be run.  If a new update is scheduled before the old update finishes
+ * running, then the new will replace the old in any threads that haven't run
+ * it yet.
+ *
+ * Return 0 on success, -1 on failure.
+ */
+int
+threadpool_queue_update(threadpool_t *pool,
+                         void *(*dup_fn)(void *),
+                         workqueue_reply_t (*fn)(void *, void *),
+                         void (*free_fn)(void *),
+                         void *arg)
+{
+  int i, n_threads;
+  void (*old_args_free_fn)(void *arg);
+  void **old_args;
+  void **new_args;
+
+  tor_mutex_acquire(&pool->lock);
+  n_threads = pool->n_threads;
+  old_args = pool->update_args;
+  old_args_free_fn = pool->free_update_arg_fn;
+
+  new_args = tor_calloc(n_threads, sizeof(void*));
+  for (i = 0; i < n_threads; ++i) {
+    if (dup_fn)
+      new_args[i] = dup_fn(arg);
+    else
+      new_args[i] = arg;
+  }
+
+  pool->update_args = new_args;
+  pool->free_update_arg_fn = free_fn;
+  pool->update_fn = fn;
+  ++pool->generation;
+
+  tor_cond_signal_all(&pool->condition);
+
+  tor_mutex_release(&pool->lock);
+
+  if (old_args) {
+    for (i = 0; i < n_threads; ++i) {
+      if (old_args[i] && old_args_free_fn)
+        old_args_free_fn(old_args[i]);
+    }
+    tor_free(old_args);
+  }
+
+  return 0;
+}
+
+/** Don't have more than this many threads per pool. */
+#define MAX_THREADS 1024
+
+/** Launch threads until we have <b>n</b>. */
+static int
+threadpool_start_threads(threadpool_t *pool, int n)
+{
+  if (n < 0)
+    return -1;
+  if (n > MAX_THREADS)
+    n = MAX_THREADS;
+
+  tor_mutex_acquire(&pool->lock);
+
+  if (pool->n_threads < n)
+    pool->threads = tor_reallocarray(pool->threads,
+                                     sizeof(workerthread_t*), n);
+
+  while (pool->n_threads < n) {
+    void *state = pool->new_thread_state_fn(pool->new_thread_state_arg);
+    workerthread_t *thr = workerthread_new(state, pool, pool->reply_queue);
+
+    if (!thr) {
+      pool->free_thread_state_fn(state);
+      tor_mutex_release(&pool->lock);
+      return -1;
+    }
+    thr->index = pool->n_threads;
+    pool->threads[pool->n_threads++] = thr;
+  }
+  tor_mutex_release(&pool->lock);
+
+  return 0;
+}
+
+/**
+ * Construct a new thread pool with <b>n</b> worker threads, configured to
+ * send their output to <b>replyqueue</b>.  The threads' states will be
+ * constructed with the <b>new_thread_state_fn</b> call, receiving <b>arg</b>
+ * as its argument.  When the threads close, they will call
+ * <b>free_thread_state_fn</b> on their states.
+ */
+threadpool_t *
+threadpool_new(int n_threads,
+               replyqueue_t *replyqueue,
+               void *(*new_thread_state_fn)(void*),
+               void (*free_thread_state_fn)(void*),
+               void *arg)
+{
+  threadpool_t *pool;
+  pool = tor_malloc_zero(sizeof(threadpool_t));
+  tor_mutex_init_nonrecursive(&pool->lock);
+  tor_cond_init(&pool->condition);
+  TOR_TAILQ_INIT(&pool->work);
+
+  pool->new_thread_state_fn = new_thread_state_fn;
+  pool->new_thread_state_arg = arg;
+  pool->free_thread_state_fn = free_thread_state_fn;
+  pool->reply_queue = replyqueue;
+
+  if (threadpool_start_threads(pool, n_threads) < 0) {
+    tor_cond_uninit(&pool->condition);
+    tor_mutex_uninit(&pool->lock);
+    tor_free(pool);
+    return NULL;
+  }
+
+  return pool;
+}
+
+/** Return the reply queue associated with a given thread pool. */
+replyqueue_t *
+threadpool_get_replyqueue(threadpool_t *tp)
+{
+  return tp->reply_queue;
+}
+
+/** Allocate a new reply queue.  Reply queues are used to pass results from
+ * worker threads to the main thread.  Since the main thread is running an
+ * IO-centric event loop, it needs to get woken up with means other than a
+ * condition variable. */
+replyqueue_t *
+replyqueue_new(uint32_t alertsocks_flags)
+{
+  replyqueue_t *rq;
+
+  rq = tor_malloc_zero(sizeof(replyqueue_t));
+  if (alert_sockets_create(&rq->alert, alertsocks_flags) < 0) {
+    tor_free(rq);
+    return NULL;
+  }
+
+  tor_mutex_init(&rq->lock);
+  TOR_TAILQ_INIT(&rq->answers);
+
+  return rq;
+}
+
+/**
+ * Return the "read socket" for a given reply queue.  The main thread should
+ * listen for read events on this socket, and call replyqueue_process() every
+ * time it triggers.
+ */
+tor_socket_t
+replyqueue_get_socket(replyqueue_t *rq)
+{
+  return rq->alert.read_fd;
+}
+
+/**
+ * Process all pending replies on a reply queue. The main thread should call
+ * this function every time the socket returned by replyqueue_get_socket() is
+ * readable.
+ */
+void
+replyqueue_process(replyqueue_t *queue)
+{
+  if (queue->alert.drain_fn(queue->alert.read_fd) < 0) {
+    static ratelim_t warn_limit = RATELIM_INIT(7200);
+    log_fn_ratelim(&warn_limit, LOG_WARN, LD_GENERAL,
+                 "Failure from drain_fd: %s",
+                 tor_socket_strerror(tor_socket_errno(queue->alert.read_fd)));
+  }
+
+  tor_mutex_acquire(&queue->lock);
+  while (!TOR_TAILQ_EMPTY(&queue->answers)) {
+    /* lock must be held at this point.*/
+    workqueue_entry_t *work = TOR_TAILQ_FIRST(&queue->answers);
+    TOR_TAILQ_REMOVE(&queue->answers, work, next_work);
+    tor_mutex_release(&queue->lock);
+    work->on_pool = NULL;
+
+    work->reply_fn(work->arg);
+    workqueue_entry_free(work);
+
+    tor_mutex_acquire(&queue->lock);
+  }
+
+  tor_mutex_release(&queue->lock);
+}
+
diff --git a/src/common/workqueue.h b/src/common/workqueue.h
new file mode 100644
index 0000000000..89282e6f21
--- /dev/null
+++ b/src/common/workqueue.h
@@ -0,0 +1,49 @@
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_WORKQUEUE_H
+#define TOR_WORKQUEUE_H
+
+#include "compat.h"
+
+/** A replyqueue is used to tell the main thread about the outcome of
+ * work that we queued for the the workers. */
+typedef struct replyqueue_s replyqueue_t;
+/** A thread-pool manages starting threads and passing work to them. */
+typedef struct threadpool_s threadpool_t;
+/** A workqueue entry represents a request that has been passed to a thread
+ * pool. */
+typedef struct workqueue_entry_s workqueue_entry_t;
+
+/** Possible return value from a work function: */
+typedef enum {
+  WQ_RPL_REPLY = 0, /** indicates success */
+  WQ_RPL_ERROR = 1, /** indicates fatal error */
+  WQ_RPL_SHUTDOWN = 2, /** indicates thread is shutting down */
+} workqueue_reply_t;
+
+workqueue_entry_t *threadpool_queue_work(threadpool_t *pool,
+                                         workqueue_reply_t (*fn)(void *,
+                                                                 void *),
+                                         void (*reply_fn)(void *),
+                                         void *arg);
+
+int threadpool_queue_update(threadpool_t *pool,
+                            void *(*dup_fn)(void *),
+                            workqueue_reply_t (*fn)(void *, void *),
+                            void (*free_fn)(void *),
+                            void *arg);
+void *workqueue_entry_cancel(workqueue_entry_t *pending_work);
+threadpool_t *threadpool_new(int n_threads,
+                             replyqueue_t *replyqueue,
+                             void *(*new_thread_state_fn)(void*),
+                             void (*free_thread_state_fn)(void*),
+                             void *arg);
+replyqueue_t *threadpool_get_replyqueue(threadpool_t *tp);
+
+replyqueue_t *replyqueue_new(uint32_t alertsocks_flags);
+tor_socket_t replyqueue_get_socket(replyqueue_t *rq);
+void replyqueue_process(replyqueue_t *queue);
+
+#endif
+
diff --git a/src/config/README b/src/config/README
new file mode 100644
index 0000000000..cb2debb88f
--- /dev/null
+++ b/src/config/README
@@ -0,0 +1,35 @@
+This directory has configuration files that ship with Tor.  They include:
+
+geoip
+geoip6
+
+    Geoip files for IPv4 and IPv6
+
+torrc.minimal, torrc.sample:
+
+    generated from torrc.minimal.in and torrc.sample.in by autoconf.
+
+torrc.minimal.in:
+
+    A very small torrc, suitable for installation by default in
+    /etc/tor/torrc.
+
+    We try to change torrc.minimal.in as infrequently as possible,
+    since doing so makes the users of many packages have to re-build
+    their torrc files.
+
+
+torrc.minimal.in-staging
+
+    This is where we stage changes to torrc.minimal.in over time so
+    that when we have a change large enough to warrant a new
+    torrc.minimal.in, we can copy all the other changes over
+    wholesale.
+
+torrc.sample.in:
+
+    A verbose, discursive, batteries-included torrc.  Suitable for
+    letting people know how to set up various options, including those
+    most people shouldn't mess with.
+
+
diff --git a/src/config/include.am b/src/config/include.am
index 35961b829a..ee38934938 100644
--- a/src/config/include.am
+++ b/src/config/include.am
@@ -2,8 +2,12 @@ confdir = $(sysconfdir)/tor
 
 tordatadir = $(datadir)/tor
 
-EXTRA_DIST+= src/config/geoip src/config/geoip6
-# fallback-consensus
+EXTRA_DIST+= \
+	src/config/geoip \
+	src/config/geoip6 \
+	src/config/torrc.minimal.in \
+	src/config/torrc.sample.in \
+	src/config/README
 
 conf_DATA = src/config/torrc.sample
 
diff --git a/src/config/torrc.minimal.in b/src/config/torrc.minimal.in
new file mode 100644
index 0000000000..d842fbcaf5
--- /dev/null
+++ b/src/config/torrc.minimal.in
@@ -0,0 +1,192 @@
+## Configuration file for a typical Tor user
+## Last updated 9 October 2013 for Tor 0.2.5.2-alpha.
+## (may or may not work for much older or much newer versions of Tor.)
+##
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+##
+## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
+## for more options you can use in this file.
+##
+## Tor will look for this file in various places based on your platform:
+## https://www.torproject.org/docs/faq#torrc
+
+## Tor opens a socks proxy on port 9050 by default -- even if you don't
+## configure one below. Set "SocksPort 0" if you plan to run Tor only
+## as a relay, and not make any local application connections yourself.
+#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
+#SocksPort 192.168.0.1:9100 # Bind to this address:port too.
+
+## Entry policies to allow/deny SOCKS requests based on IP address.
+## First entry that matches wins. If no SocksPolicy is set, we accept
+## all (and only) requests that reach a SocksPort. Untrusted users who
+## can access your SocksPort may be able to learn about the connections
+## you make.
+#SocksPolicy accept 192.168.0.0/16
+#SocksPolicy reject *
+
+## Logs go to stdout at level "notice" unless redirected by something
+## else, like one of the below lines. You can have as many Log lines as
+## you want.
+##
+## We advise using "notice" in most cases, since anything more verbose
+## may provide sensitive information to an attacker who obtains the logs.
+##
+## Send all messages of level 'notice' or higher to @LOCALSTATEDIR@/log/tor/notices.log
+#Log notice file @LOCALSTATEDIR@/log/tor/notices.log
+## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
+#Log debug file @LOCALSTATEDIR@/log/tor/debug.log
+## Use the system log instead of Tor's logfiles
+#Log notice syslog
+## To send all messages to stderr:
+#Log debug stderr
+
+## Uncomment this to start the process in the background... or use
+## --runasdaemon 1 on the command line. This is ignored on Windows;
+## see the FAQ entry if you want Tor to run as an NT service.
+#RunAsDaemon 1
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+#DataDirectory @LOCALSTATEDIR@/lib/tor
+
+## The port on which Tor will listen for local connections from Tor
+## controller applications, as documented in control-spec.txt.
+#ControlPort 9051
+## If you enable the controlport, be sure to enable one of these
+## authentication methods, to prevent attackers from accessing it.
+#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
+#CookieAuthentication 1
+
+############### This section is just for location-hidden services ###
+
+## Once you have configured a hidden service, you can look at the
+## contents of the file ".../hidden_service/hostname" for the address
+## to tell people.
+##
+## HiddenServicePort x y:z says to redirect requests on port x to the
+## address y:z.
+
+#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+
+#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/other_hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+#HiddenServicePort 22 127.0.0.1:22
+
+################ This section is just for relays #####################
+#
+## See https://www.torproject.org/docs/tor-doc-relay for details.
+
+## Required: what port to advertise for incoming Tor connections.
+#ORPort 9001
+## If you want to listen on a port other than the one advertised in
+## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
+## follows.  You'll need to do ipchains or other port forwarding
+## yourself to make this work.
+#ORPort 443 NoListen
+#ORPort 127.0.0.1:9090 NoAdvertise
+
+## The IP address or full DNS name for incoming connections to your
+## relay. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## If you have multiple network interfaces, you can specify one for
+## outgoing traffic to use.
+# OutboundBindAddress 10.0.0.5
+
+## A handle for your relay, so people don't have to refer to it by key.
+#Nickname ididnteditheconfig
+
+## Define these to limit how much relayed traffic you will allow. Your
+## own traffic is still unthrottled. Note that RelayBandwidthRate must
+## be at least 20 KB.
+## Note that units for these config options are bytes per second, not bits
+## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
+#RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
+
+## Use these to restrict the maximum traffic per day, week, or month.
+## Note that this threshold applies separately to sent and received bytes,
+## not to their sum: setting "4 GB" may allow up to 8 GB total before
+## hibernating.
+##
+## Set a maximum of 4 gigabytes each way per period.
+#AccountingMax 4 GB
+## Each period starts daily at midnight (AccountingMax is per day)
+#AccountingStart day 00:00
+## Each period starts on the 3rd of the month at 15:00 (AccountingMax
+## is per month)
+#AccountingStart month 3 15:00
+
+## Administrative contact information for this relay or bridge. This line
+## can be used to contact you if your relay or bridge is misconfigured or
+## something else goes wrong. Note that we archive and publish all
+## descriptors containing these lines and that Google indexes them, so
+## spammers might also collect them. You may want to obscure the fact that
+## it's an email address and/or generate a new address for this purpose.
+#ContactInfo Random Person <nobody AT example dot com>
+## You might also include your PGP or GPG fingerprint if you have one:
+#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
+
+## Uncomment this to mirror directory information for others. Please do
+## if you have enough bandwidth.
+#DirPort 9030 # what port to advertise for directory connections
+## If you want to listen on a port other than the one advertised in
+## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
+## follows.  below too. You'll need to do ipchains or other port
+## forwarding yourself to make this work.
+#DirPort 80 NoListen
+#DirPort 127.0.0.1:9091 NoAdvertise
+## Uncomment to return an arbitrary blob of html on your DirPort. Now you
+## can explain what Tor is if anybody wonders why your IP address is
+## contacting them. See contrib/tor-exit-notice.html in Tor's source
+## distribution for a sample.
+#DirPortFrontPage @CONFDIR@/tor-exit-notice.html
+
+## Uncomment this if you run more than one Tor relay, and add the identity
+## key fingerprint of each Tor relay you control, even if they're on
+## different networks. You declare it here so Tor clients can avoid
+## using more than one of your relays in a single circuit. See
+## https://www.torproject.org/docs/faq#MultipleRelays
+## However, you should never include a bridge's fingerprint here, as it would
+## break its concealability and potentionally reveal its IP/TCP address.
+#MyFamily $keyid,$keyid,...
+
+## A comma-separated list of exit policies. They're considered first
+## to last, and the first match wins. If you want to _replace_
+## the default exit policy, end this with either a reject *:* or an
+## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
+## default exit policy. Leave commented to just use the default, which is
+## described in the man page or at
+## https://www.torproject.org/documentation.html
+##
+## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## for issues you might encounter if you use the default exit policy.
+##
+## If certain IPs and ports are blocked externally, e.g. by your firewall,
+## you should update your exit policy to reflect this -- otherwise Tor
+## users will be told that those destinations are down.
+##
+## For security, by default Tor rejects connections to private (local)
+## networks, including to your public IP address. See the man page entry
+## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
+##
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
+#ExitPolicy accept *:119 # accept nntp as well as default exit policy
+#ExitPolicy reject *:* # no exits allowed
+
+## Bridge relays (or "bridges") are Tor relays that aren't listed in the
+## main directory. Since there is no complete public list of them, even an
+## ISP that filters connections to all the known Tor relays probably
+## won't be able to block all the bridges. Also, websites won't treat you
+## differently because they won't know you're running Tor. If you can
+## be a real relay, please do; but if not, be a bridge!
+#BridgeRelay 1
+## By default, Tor will advertise your bridge to users through various
+## mechanisms like https://bridges.torproject.org/. If you want to run
+## a private bridge, for example because you'll give out your bridge
+## address manually to your friends, uncomment this line:
+#PublishServerDescriptor 0
+
diff --git a/src/config/torrc.minimal.in-staging b/src/config/torrc.minimal.in-staging
new file mode 100644
index 0000000000..248cb5cf02
--- /dev/null
+++ b/src/config/torrc.minimal.in-staging
@@ -0,0 +1,204 @@
+## Configuration file for a typical Tor user
+## Last updated 22 September 2015 for Tor 0.2.7.3-alpha.
+## (may or may not work for much older or much newer versions of Tor.)
+##
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+##
+## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
+## for more options you can use in this file.
+##
+## Tor will look for this file in various places based on your platform:
+## https://www.torproject.org/docs/faq#torrc
+
+## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
+## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
+## as a relay, and not make any local application connections yourself.
+#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
+#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too.
+
+## Entry policies to allow/deny SOCKS requests based on IP address.
+## First entry that matches wins. If no SOCKSPolicy is set, we accept
+## all (and only) requests that reach a SOCKSPort. Untrusted users who
+## can access your SOCKSPort may be able to learn about the connections
+## you make.
+#SOCKSPolicy accept 192.168.0.0/16
+#SOCKSPolicy accept6 FC00::/7
+#SOCKSPolicy reject *
+
+## Logs go to stdout at level "notice" unless redirected by something
+## else, like one of the below lines. You can have as many Log lines as
+## you want.
+##
+## We advise using "notice" in most cases, since anything more verbose
+## may provide sensitive information to an attacker who obtains the logs.
+##
+## Send all messages of level 'notice' or higher to @LOCALSTATEDIR@/log/tor/notices.log
+#Log notice file @LOCALSTATEDIR@/log/tor/notices.log
+## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
+#Log debug file @LOCALSTATEDIR@/log/tor/debug.log
+## Use the system log instead of Tor's logfiles
+#Log notice syslog
+## To send all messages to stderr:
+#Log debug stderr
+
+## Uncomment this to start the process in the background... or use
+## --runasdaemon 1 on the command line. This is ignored on Windows;
+## see the FAQ entry if you want Tor to run as an NT service.
+#RunAsDaemon 1
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+#DataDirectory @LOCALSTATEDIR@/lib/tor
+
+## The port on which Tor will listen for local connections from Tor
+## controller applications, as documented in control-spec.txt.
+#ControlPort 9051
+## If you enable the controlport, be sure to enable one of these
+## authentication methods, to prevent attackers from accessing it.
+#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
+#CookieAuthentication 1
+
+############### This section is just for location-hidden services ###
+
+## Once you have configured a hidden service, you can look at the
+## contents of the file ".../hidden_service/hostname" for the address
+## to tell people.
+##
+## HiddenServicePort x y:z says to redirect requests on port x to the
+## address y:z.
+
+#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+
+#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/other_hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+#HiddenServicePort 22 127.0.0.1:22
+
+################ This section is just for relays #####################
+#
+## See https://www.torproject.org/docs/tor-doc-relay for details.
+
+## Required: what port to advertise for incoming Tor connections.
+#ORPort 9001
+## If you want to listen on a port other than the one advertised in
+## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
+## follows.  You'll need to do ipchains or other port forwarding
+## yourself to make this work.
+#ORPort 443 NoListen
+#ORPort 127.0.0.1:9090 NoAdvertise
+
+## The IP address or full DNS name for incoming connections to your
+## relay. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## If you have multiple network interfaces, you can specify one for
+## outgoing traffic to use.
+# OutboundBindAddress 10.0.0.5
+
+## A handle for your relay, so people don't have to refer to it by key.
+#Nickname ididnteditheconfig
+
+## Define these to limit how much relayed traffic you will allow. Your
+## own traffic is still unthrottled. Note that RelayBandwidthRate must
+## be at least 20 kilobytes per second.
+## Note that units for these config options are bytes (per second), not
+## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
+## 2^20, etc.
+#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
+
+## Use these to restrict the maximum traffic per day, week, or month.
+## Note that this threshold applies separately to sent and received bytes,
+## not to their sum: setting "40 GB" may allow up to 80 GB total before
+## hibernating.
+##
+## Set a maximum of 40 gigabytes each way per period.
+#AccountingMax 40 GBytes
+## Each period starts daily at midnight (AccountingMax is per day)
+#AccountingStart day 00:00
+## Each period starts on the 3rd of the month at 15:00 (AccountingMax
+## is per month)
+#AccountingStart month 3 15:00
+
+## Administrative contact information for this relay or bridge. This line
+## can be used to contact you if your relay or bridge is misconfigured or
+## something else goes wrong. Note that we archive and publish all
+## descriptors containing these lines and that Google indexes them, so
+## spammers might also collect them. You may want to obscure the fact that
+## it's an email address and/or generate a new address for this purpose.
+#ContactInfo Random Person <nobody AT example dot com>
+## You might also include your PGP or GPG fingerprint if you have one:
+#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
+
+## Uncomment this to mirror directory information for others. Please do
+## if you have enough bandwidth.
+#DirPort 9030 # what port to advertise for directory connections
+## If you want to listen on a port other than the one advertised in
+## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
+## follows.  below too. You'll need to do ipchains or other port
+## forwarding yourself to make this work.
+#DirPort 80 NoListen
+#DirPort 127.0.0.1:9091 NoAdvertise
+## Uncomment to return an arbitrary blob of html on your DirPort. Now you
+## can explain what Tor is if anybody wonders why your IP address is
+## contacting them. See contrib/tor-exit-notice.html in Tor's source
+## distribution for a sample.
+#DirPortFrontPage @CONFDIR@/tor-exit-notice.html
+
+## Uncomment this if you run more than one Tor relay, and add the identity
+## key fingerprint of each Tor relay you control, even if they're on
+## different networks. You declare it here so Tor clients can avoid
+## using more than one of your relays in a single circuit. See
+## https://www.torproject.org/docs/faq#MultipleRelays
+## However, you should never include a bridge's fingerprint here, as it would
+## break its concealability and potentially reveal its IP/TCP address.
+#MyFamily $keyid,$keyid,...
+
+## A comma-separated list of exit policies. They're considered first
+## to last, and the first match wins.
+##
+## If you want to allow the same ports on IPv4 and IPv6, write your rules
+## using accept/reject *. If you want to allow different ports on IPv4 and
+## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules
+## using accept/reject *4.
+##
+## If you want to _replace_ the default exit policy, end this with either a
+## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
+## the default exit policy. Leave commented to just use the default, which is
+## described in the man page or at
+## https://www.torproject.org/documentation.html
+##
+## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## for issues you might encounter if you use the default exit policy.
+##
+## If certain IPs and ports are blocked externally, e.g. by your firewall,
+## you should update your exit policy to reflect this -- otherwise Tor
+## users will be told that those destinations are down.
+##
+## For security, by default Tor rejects connections to private (local)
+## networks, including to the configured primary public IPv4 and IPv6 addresses,
+## and any public IPv4 and IPv6 addresses on any interface on the relay.
+## See the man page entry for ExitPolicyRejectPrivate if you want to allow
+## "exit enclaving".
+##
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
+#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
+#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
+#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
+#ExitPolicy reject *:* # no exits allowed
+
+## Bridge relays (or "bridges") are Tor relays that aren't listed in the
+## main directory. Since there is no complete public list of them, even an
+## ISP that filters connections to all the known Tor relays probably
+## won't be able to block all the bridges. Also, websites won't treat you
+## differently because they won't know you're running Tor. If you can
+## be a real relay, please do; but if not, be a bridge!
+#BridgeRelay 1
+## By default, Tor will advertise your bridge to users through various
+## mechanisms like https://bridges.torproject.org/. If you want to run
+## a private bridge, for example because you'll give out your bridge
+## address manually to your friends, uncomment this line:
+#PublishServerDescriptor 0
+
diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in
index d842fbcaf5..248cb5cf02 100644
--- a/src/config/torrc.sample.in
+++ b/src/config/torrc.sample.in
@@ -1,5 +1,5 @@
 ## Configuration file for a typical Tor user
-## Last updated 9 October 2013 for Tor 0.2.5.2-alpha.
+## Last updated 22 September 2015 for Tor 0.2.7.3-alpha.
 ## (may or may not work for much older or much newer versions of Tor.)
 ##
 ## Lines that begin with "## " try to explain what's going on. Lines
@@ -12,19 +12,20 @@
 ## Tor will look for this file in various places based on your platform:
 ## https://www.torproject.org/docs/faq#torrc
 
-## Tor opens a socks proxy on port 9050 by default -- even if you don't
-## configure one below. Set "SocksPort 0" if you plan to run Tor only
+## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
+## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
 ## as a relay, and not make any local application connections yourself.
-#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
-#SocksPort 192.168.0.1:9100 # Bind to this address:port too.
+#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
+#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too.
 
 ## Entry policies to allow/deny SOCKS requests based on IP address.
-## First entry that matches wins. If no SocksPolicy is set, we accept
-## all (and only) requests that reach a SocksPort. Untrusted users who
-## can access your SocksPort may be able to learn about the connections
+## First entry that matches wins. If no SOCKSPolicy is set, we accept
+## all (and only) requests that reach a SOCKSPort. Untrusted users who
+## can access your SOCKSPort may be able to learn about the connections
 ## you make.
-#SocksPolicy accept 192.168.0.0/16
-#SocksPolicy reject *
+#SOCKSPolicy accept 192.168.0.0/16
+#SOCKSPolicy accept6 FC00::/7
+#SOCKSPolicy reject *
 
 ## Logs go to stdout at level "notice" unless redirected by something
 ## else, like one of the below lines. You can have as many Log lines as
@@ -101,19 +102,20 @@
 
 ## Define these to limit how much relayed traffic you will allow. Your
 ## own traffic is still unthrottled. Note that RelayBandwidthRate must
-## be at least 20 KB.
-## Note that units for these config options are bytes per second, not bits
-## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
-#RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
-#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
+## be at least 20 kilobytes per second.
+## Note that units for these config options are bytes (per second), not
+## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
+## 2^20, etc.
+#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
 
 ## Use these to restrict the maximum traffic per day, week, or month.
 ## Note that this threshold applies separately to sent and received bytes,
-## not to their sum: setting "4 GB" may allow up to 8 GB total before
+## not to their sum: setting "40 GB" may allow up to 80 GB total before
 ## hibernating.
 ##
-## Set a maximum of 4 gigabytes each way per period.
-#AccountingMax 4 GB
+## Set a maximum of 40 gigabytes each way per period.
+#AccountingMax 40 GBytes
 ## Each period starts daily at midnight (AccountingMax is per day)
 #AccountingStart day 00:00
 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
@@ -151,14 +153,20 @@
 ## using more than one of your relays in a single circuit. See
 ## https://www.torproject.org/docs/faq#MultipleRelays
 ## However, you should never include a bridge's fingerprint here, as it would
-## break its concealability and potentionally reveal its IP/TCP address.
+## break its concealability and potentially reveal its IP/TCP address.
 #MyFamily $keyid,$keyid,...
 
 ## A comma-separated list of exit policies. They're considered first
-## to last, and the first match wins. If you want to _replace_
-## the default exit policy, end this with either a reject *:* or an
-## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
-## default exit policy. Leave commented to just use the default, which is
+## to last, and the first match wins.
+##
+## If you want to allow the same ports on IPv4 and IPv6, write your rules
+## using accept/reject *. If you want to allow different ports on IPv4 and
+## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules
+## using accept/reject *4.
+##
+## If you want to _replace_ the default exit policy, end this with either a
+## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
+## the default exit policy. Leave commented to just use the default, which is
 ## described in the man page or at
 ## https://www.torproject.org/documentation.html
 ##
@@ -170,11 +178,15 @@
 ## users will be told that those destinations are down.
 ##
 ## For security, by default Tor rejects connections to private (local)
-## networks, including to your public IP address. See the man page entry
-## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
+## networks, including to the configured primary public IPv4 and IPv6 addresses,
+## and any public IPv4 and IPv6 addresses on any interface on the relay.
+## See the man page entry for ExitPolicyRejectPrivate if you want to allow
+## "exit enclaving".
 ##
-#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
-#ExitPolicy accept *:119 # accept nntp as well as default exit policy
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
+#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
+#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
+#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
 #ExitPolicy reject *:* # no exits allowed
 
 ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
diff --git a/src/ext/OpenBSD_malloc_Linux.c b/src/ext/OpenBSD_malloc_Linux.c
index da82729811..855c912310 100644
--- a/src/ext/OpenBSD_malloc_Linux.c
+++ b/src/ext/OpenBSD_malloc_Linux.c
@@ -58,7 +58,7 @@
 #include <limits.h>
 #include <errno.h>
 #include <err.h>
-/* For SIZE_T_MAX */
+/* For SIZE_MAX */
 #include "torint.h"
 
 //#include "thread_private.h"
@@ -1961,16 +1961,6 @@ realloc(void *ptr, size_t size)
 	return (r);
 }
 
-#ifndef SIZE_MAX
-//#if defined(__i386__)||defined(__arm__)||defined(__powerpc__)
-//#define SIZE_MAX 0xffffffff
-//#endif
-//#if defined(__x86_64__)
-//#define SIZE_MAX 0xffffffffffffffff
-//#endif
-#define SIZE_MAX SIZE_T_MAX
-#endif
-
 void *
 calloc(size_t num, size_t size)
 {
diff --git a/src/ext/README b/src/ext/README
index 5d5a6e1518..7ce1bc3b74 100644
--- a/src/ext/README
+++ b/src/ext/README
@@ -49,3 +49,27 @@ siphash.h
     Marek Majkowski's implementation of siphash 2-4, a secure keyed
     hash algorithm to avoid collision-based DoS attacks against hash
     tables.
+
+trunnel/*.[ch]
+
+    Headers and runtime code for Trunnel, a system for generating
+    code to encode and decode binary formats.
+
+ed25519/ref10/*
+
+    Daniel Bernsten's portable ref10 implementation of ed25519.
+    Public domain.
+
+ed25519/donna/*
+
+    Andrew Moon's semi-portable ed25519-donna implementation of
+    ed25519. Public domain.
+
+keccak-tiny/
+
+    David Leon Gil's portable Keccak implementation. CC0.
+
+readpassphrase.[ch]
+
+    Portable readpassphrase implementation from OpenSSH portable, version
+    6.8p1.
diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c
index c247886038..b60f73a7ff 100644
--- a/src/ext/csiphash.c
+++ b/src/ext/csiphash.c
@@ -1,5 +1,5 @@
 /* <MIT License>
- Copyright (c) 2013  Marek Majkowski <marek@popcount.org>
+ Copyright (c) 2013-2014  Marek Majkowski <marek@popcount.org>
 
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal
@@ -97,55 +97,48 @@
 #endif
 
 uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *key) {
+	const uint8_t *m = src;
 	uint64_t k0 = key->k0;
 	uint64_t k1 = key->k1;
-	uint64_t b = (uint64_t)src_sz << 56;
-	const uint64_t *in = (uint64_t*)src;
-
-        uint64_t t;
-        uint8_t *pt, *m;
+	uint64_t last7 = (uint64_t)(src_sz & 0xff) << 56;
+	size_t i, blocks;
 
 	uint64_t v0 = k0 ^ 0x736f6d6570736575ULL;
 	uint64_t v1 = k1 ^ 0x646f72616e646f6dULL;
 	uint64_t v2 = k0 ^ 0x6c7967656e657261ULL;
 	uint64_t v3 = k1 ^ 0x7465646279746573ULL;
 
-	while (src_sz >= 8) {
+	for (i = 0, blocks = (src_sz & ~7); i < blocks; i+= 8) {
 #ifdef UNALIGNED_OK
-		uint64_t mi = _le64toh(*in);
+		uint64_t mi = _le64toh(*(m + i));
 #else
 		uint64_t mi;
-		memcpy(&mi, in, 8);
+		memcpy(&mi, m + i, 8);
 		mi = _le64toh(mi);
 #endif
-		in += 1; src_sz -= 8;
 		v3 ^= mi;
 		DOUBLE_ROUND(v0,v1,v2,v3);
 		v0 ^= mi;
 	}
 
-	t = 0; pt = (uint8_t*)&t; m = (uint8_t*)in;
-	switch (src_sz) {
-	case 7: pt[6] = m[6];
-	case 6: pt[5] = m[5];
-	case 5: pt[4] = m[4];
-#ifdef UNALIGNED_OK
-	case 4: *((uint32_t*)&pt[0]) = *((uint32_t*)&m[0]); break;
-#else
-	case 4: pt[3] = m[3];
-#endif
-	case 3: pt[2] = m[2];
-	case 2: pt[1] = m[1];
-	case 1: pt[0] = m[0];
+	switch (src_sz - blocks) {
+		case 7: last7 |= (uint64_t)m[i + 6] << 48;
+		case 6: last7 |= (uint64_t)m[i + 5] << 40;
+		case 5: last7 |= (uint64_t)m[i + 4] << 32;
+		case 4: last7 |= (uint64_t)m[i + 3] << 24;
+		case 3: last7 |= (uint64_t)m[i + 2] << 16;
+		case 2: last7 |= (uint64_t)m[i + 1] <<  8;
+		case 1: last7 |= (uint64_t)m[i + 0]      ;
+		case 0:
+		default:;
 	}
-	b |= _le64toh(t);
-
-	v3 ^= b;
+	v3 ^= last7;
 	DOUBLE_ROUND(v0,v1,v2,v3);
-	v0 ^= b; v2 ^= 0xff;
+	v0 ^= last7;
+	v2 ^= 0xff;
 	DOUBLE_ROUND(v0,v1,v2,v3);
 	DOUBLE_ROUND(v0,v1,v2,v3);
-	return (v0 ^ v1) ^ (v2 ^ v3);
+	return v0 ^ v1 ^ v2 ^ v3;
 }
 
 
diff --git a/src/ext/ed25519/donna/README.md b/src/ext/ed25519/donna/README.md
new file mode 100644
index 0000000000..e09fc27e31
--- /dev/null
+++ b/src/ext/ed25519/donna/README.md
@@ -0,0 +1,183 @@
+[ed25519](http://ed25519.cr.yp.to/) is an 
+[Elliptic Curve Digital Signature Algortithm](http://en.wikipedia.org/wiki/Elliptic_Curve_DSA), 
+developed by [Dan Bernstein](http://cr.yp.to/djb.html), 
+[Niels Duif](http://www.nielsduif.nl/), 
+[Tanja Lange](http://hyperelliptic.org/tanja), 
+[Peter Schwabe](http://www.cryptojedi.org/users/peter/), 
+and [Bo-Yin Yang](http://www.iis.sinica.edu.tw/pages/byyang/).
+
+This project provides performant, portable 32-bit & 64-bit implementations. All implementations are 
+of course constant time in regard to secret data.
+
+#### Performance
+
+SSE2 code and benches have not been updated yet. I will do those next.
+
+Compilers versions are gcc 4.6.3, icc 13.1.1, clang 3.4-1~exp1.
+
+Batch verification time (in parentheses) is the average time per 1 verification in a batch of 64 signatures. Counts are in thousands of cycles.
+
+Note that SSE2 performance may be less impressive on AMD & older CPUs with slower SSE ops!
+
+Visual Studio performance for `ge25519_scalarmult_base_niels` will lag behind a bit until optimized assembler versions of `ge25519_scalarmult_base_choose_niels`
+are made.
+
+##### E5200 @ 2.5ghz, march=core2
+
+<table>
+<thead><tr><th>Implementation</th><th>Sign</th><th>gcc</th><th>icc</th><th>clang</th><th>Verify</th><th>gcc</th><th>icc</th><th>clang</th></tr></thead>
+<tbody>
+<tr><td>ed25519-donna 64bit     </td><td></td><td>100k</td><td>110k</td><td>137k</td><td></td><td>327k (144k) </td><td>342k (163k) </td><td>422k (194k) </td></tr>
+<tr><td>amd64-64-24k            </td><td></td><td>102k</td><td>    </td><td>    </td><td></td><td>355k (158k) </td><td>            </td><td>            </td></tr>
+<tr><td>ed25519-donna-sse2 64bit</td><td></td><td>108k</td><td>111k</td><td>116k</td><td></td><td>353k (155k) </td><td>345k (154k) </td><td>360k (161k) </td></tr>
+<tr><td>amd64-51-32k            </td><td></td><td>116k</td><td>    </td><td>    </td><td></td><td>380k (175k) </td><td>            </td><td>            </td></tr>
+<tr><td>ed25519-donna-sse2 32bit</td><td></td><td>147k</td><td>147k</td><td>156k</td><td></td><td>380k (178k) </td><td>381k (173k) </td><td>430k (192k) </td></tr>
+<tr><td>ed25519-donna 32bit     </td><td></td><td>597k</td><td>335k</td><td>380k</td><td></td><td>1693k (720k)</td><td>1052k (453k)</td><td>1141k (493k)</td></tr>
+</tbody>
+</table>
+
+##### E3-1270 @ 3.4ghz, march=corei7-avx
+
+<table>
+<thead><tr><th>Implementation</th><th>Sign</th><th>gcc</th><th>icc</th><th>clang</th><th>Verify</th><th>gcc</th><th>icc</th><th>clang</th></tr></thead>
+<tbody>
+<tr><td>amd64-64-24k            </td><td></td><td> 68k</td><td>    </td><td>    </td><td></td><td>225k (104k) </td><td>            </td><td>            </td></tr>
+<tr><td>ed25519-donna 64bit     </td><td></td><td> 71k</td><td> 75k</td><td> 90k</td><td></td><td>226k (105k) </td><td>226k (112k) </td><td>277k (125k) </td></tr>
+<tr><td>amd64-51-32k            </td><td></td><td> 72k</td><td>    </td><td>    </td><td></td><td>218k (107k) </td><td>            </td><td>            </td></tr>
+<tr><td>ed25519-donna-sse2 64bit</td><td></td><td> 79k</td><td> 82k</td><td> 92k</td><td></td><td>252k (122k) </td><td>259k (124k) </td><td>282k (131k) </td></tr>
+<tr><td>ed25519-donna-sse2 32bit</td><td></td><td> 94k</td><td> 95k</td><td>103k</td><td></td><td>296k (146k) </td><td>294k (137k) </td><td>306k (147k) </td></tr>
+<tr><td>ed25519-donna 32bit     </td><td></td><td>525k</td><td>299k</td><td>316k</td><td></td><td>1502k (645k)</td><td>959k (418k) </td><td>954k (416k) </td></tr>
+</tbody>
+</table>
+
+#### Compilation
+
+No configuration is needed **if you are compiling against OpenSSL**. 
+
+##### Hash Options
+
+If you are not compiling aginst OpenSSL, you will need a hash function.
+
+To use a simple/**slow** implementation of SHA-512, use `-DED25519_REFHASH` when compiling `ed25519.c`. 
+This should never be used except to verify the code works when OpenSSL is not available.
+
+To use a custom hash function, use `-DED25519_CUSTOMHASH` when compiling `ed25519.c` and put your 
+custom hash implementation in ed25519-hash-custom.h. The hash must have a 512bit digest and implement
+
+	struct ed25519_hash_context;
+
+	void ed25519_hash_init(ed25519_hash_context *ctx);
+	void ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen);
+	void ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash);
+	void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);
+
+##### Random Options
+
+If you are not compiling aginst OpenSSL, you will need a random function for batch verification.
+
+To use a custom random function, use `-DED25519_CUSTOMRANDOM` when compiling `ed25519.c` and put your 
+custom hash implementation in ed25519-randombytes-custom.h. The random function must implement:
+
+	void ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len);
+
+Use `-DED25519_TEST` when compiling `ed25519.c` to use a deterministically seeded, non-thread safe CSPRNG 
+variant of Bob Jenkins [ISAAC](http://en.wikipedia.org/wiki/ISAAC_%28cipher%29)
+
+##### Minor options
+
+Use `-DED25519_INLINE_ASM` to disable the use of custom assembler routines and instead rely on portable C.
+
+Use `-DED25519_FORCE_32BIT` to force the use of 32 bit routines even when compiling for 64 bit.
+
+##### 32-bit
+
+	gcc ed25519.c -m32 -O3 -c
+
+##### 64-bit
+
+	gcc ed25519.c -m64 -O3 -c
+
+##### SSE2
+
+	gcc ed25519.c -m32 -O3 -c -DED25519_SSE2 -msse2
+	gcc ed25519.c -m64 -O3 -c -DED25519_SSE2
+
+clang and icc are also supported
+
+
+#### Usage
+
+To use the code, link against `ed25519.o -mbits` and:
+
+	#include "ed25519.h"
+
+Add `-lssl -lcrypto` when using OpenSSL (Some systems don't need -lcrypto? It might be trial and error).
+
+To generate a private key, simply generate 32 bytes from a secure
+cryptographic source:
+
+	ed25519_secret_key sk;
+	randombytes(sk, sizeof(ed25519_secret_key));
+
+To generate a public key:
+
+	ed25519_public_key pk;
+	ed25519_publickey(sk, pk);
+
+To sign a message:
+
+	ed25519_signature sig;
+	ed25519_sign(message, message_len, sk, pk, signature);
+
+To verify a signature:
+
+	int valid = ed25519_sign_open(message, message_len, pk, signature) == 0;
+
+To batch verify signatures:
+
+	const unsigned char *mp[num] = {message1, message2..}
+	size_t ml[num] = {message_len1, message_len2..}
+	const unsigned char *pkp[num] = {pk1, pk2..}
+	const unsigned char *sigp[num] = {signature1, signature2..}
+	int valid[num]
+
+	/* valid[i] will be set to 1 if the individual signature was valid, 0 otherwise */
+	int all_valid = ed25519_sign_open_batch(mp, ml, pkp, sigp, num, valid) == 0;
+
+**Note**: Batch verification uses `ed25519_randombytes_unsafe`, implemented in 
+`ed25519-randombytes.h`, to generate random scalars for the verification code. 
+The default implementation now uses OpenSSLs `RAND_bytes`.
+
+Unlike the [SUPERCOP](http://bench.cr.yp.to/supercop.html) version, signatures are
+not appended to messages, and there is no need for padding in front of messages. 
+Additionally, the secret key does not contain a copy of the public key, so it is 
+32 bytes instead of 64 bytes, and the public key must be provided to the signing
+function.
+
+##### Curve25519
+
+Curve25519 public keys can be generated thanks to 
+[Adam Langley](http://www.imperialviolet.org/2013/05/10/fastercurve25519.html) 
+leveraging Ed25519's precomputed basepoint scalar multiplication.
+
+	curved25519_key sk, pk;
+	randombytes(sk, sizeof(curved25519_key));
+	curved25519_scalarmult_basepoint(pk, sk);
+
+Note the name is curved25519, a combination of curve and ed25519, to prevent 
+name clashes. Performance is slightly faster than short message ed25519
+signing due to both using the same code for the scalar multiply.
+
+#### Testing
+
+Fuzzing against reference implemenations is now available. See [fuzz/README](fuzz/README.md).
+
+Building `ed25519.c` with `-DED25519_TEST` and linking with `test.c` will run basic sanity tests
+and benchmark each function. `test-batch.c` has been incorporated in to `test.c`.
+
+`test-internals.c` is standalone and built the same way as `ed25519.c`. It tests the math primitives
+with extreme values to ensure they function correctly. SSE2 is now supported.
+
+#### Papers
+
+[Available on the Ed25519 website](http://ed25519.cr.yp.to/papers.html)
\ No newline at end of file
diff --git a/src/ext/ed25519/donna/README.tor b/src/ext/ed25519/donna/README.tor
new file mode 100644
index 0000000000..026d180c24
--- /dev/null
+++ b/src/ext/ed25519/donna/README.tor
@@ -0,0 +1,46 @@
+
+We've made the following changes to the stock ed25519-donna from
+as of 8757bd4cd209cb032853ece0ce413f122eef212c.
+
+ * Tor uses copies of `ed25519-donna.h` and `ed25519.c`, named
+   `ed25519_donna_tor.h` and `ed25591_tor.c`.
+
+   The main functional differences between the standard ed25519-donna
+   and the Tor specific version are:
+
+    * The external interface has been reworked to match that provided
+       by Tor's copy of the SUPERCOP `ref10` code.
+
+    * The secret (aka private) key is now stored/used in expanded form.
+
+    * The internal math tests from `test-internals.c` have been wrapped
+      in a function and the entire file is included to allow for
+      runtime validation.
+
+    * There's an implementation of multiplicative key blinding so we
+      can use it for next-gen hidden service descriptors.
+
+    * There's an implementation of 'convert a curve25519 key to an
+      ed25519 key' so we can do cross-certification with curve25519
+      keys.
+
+ * `ED25519_FN(ed25519_randombytes_unsafe)` is now static.
+
+ * `ed25519-randombytes-custom.h` has the appropriate code to call
+    Tor's `crypto_rand()` routine, instead of directly using OpenSSL's
+    CSPRNG.
+
+ * OSX pollutes the global namespace with an `ALIGN` macro, which is
+   undef-ed right before the donna `ALIGN` macro is defined.
+
+ * If building with Clang's AddressSanitizer, disable inline assembly
+   since the compilation will fail in `ge25519_scalarmult_base_choose_niels`
+   on x86_64 targets due to running out of registers.
+
+ * On non-x86 targets, GCC's Stack Protector dislikes variables that have
+   alignment constraints greater than that of other primitive types.
+   The `ALIGN` macro is thus no-oped for all non-SSE2 builds.
+
+ * On 32 bit x86 targets that the compiler thinks supports SSE2, always
+   enable SSE2 support by force defining ED25519_SSE2 (x86_64 would also
+   always support this, but that code path is slower).
diff --git a/src/ext/ed25519/donna/curve25519-donna-32bit.h b/src/ext/ed25519/donna/curve25519-donna-32bit.h
new file mode 100644
index 0000000000..b0861acf03
--- /dev/null
+++ b/src/ext/ed25519/donna/curve25519-donna-32bit.h
@@ -0,0 +1,579 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+	See: https://github.com/floodyberry/curve25519-donna
+
+	32 bit integer curve25519 implementation
+*/
+
+typedef uint32_t bignum25519[10];
+typedef uint32_t bignum25519align16[12];
+
+static const uint32_t reduce_mask_25 = (1 << 25) - 1;
+static const uint32_t reduce_mask_26 = (1 << 26) - 1;
+
+
+/* out = in */
+DONNA_INLINE static void
+curve25519_copy(bignum25519 out, const bignum25519 in) {
+	out[0] = in[0];
+	out[1] = in[1];
+	out[2] = in[2];
+	out[3] = in[3];
+	out[4] = in[4];
+	out[5] = in[5];
+	out[6] = in[6];
+	out[7] = in[7];
+	out[8] = in[8];
+	out[9] = in[9];
+}
+
+/* out = a + b */
+DONNA_INLINE static void
+curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	out[0] = a[0] + b[0];
+	out[1] = a[1] + b[1];
+	out[2] = a[2] + b[2];
+	out[3] = a[3] + b[3];
+	out[4] = a[4] + b[4];
+	out[5] = a[5] + b[5];
+	out[6] = a[6] + b[6];
+	out[7] = a[7] + b[7];
+	out[8] = a[8] + b[8];
+	out[9] = a[9] + b[9];
+}
+
+DONNA_INLINE static void 
+curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint32_t c;
+	out[0] = a[0] + b[0]    ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
+	out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
+	out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
+	out[3] = a[3] + b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25;
+	out[4] = a[4] + b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26;
+	out[5] = a[5] + b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25;
+	out[6] = a[6] + b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26;
+	out[7] = a[7] + b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25;
+	out[8] = a[8] + b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26;
+	out[9] = a[9] + b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25;
+	out[0] += 19 * c;
+}
+
+DONNA_INLINE static void
+curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint32_t c;
+	out[0] = a[0] + b[0]    ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
+	out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
+	out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
+	out[3] = a[3] + b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25;
+	out[4] = a[4] + b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26;
+	out[5] = a[5] + b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25;
+	out[6] = a[6] + b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26;
+	out[7] = a[7] + b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25;
+	out[8] = a[8] + b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26;
+	out[9] = a[9] + b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25;
+	out[0] += 19 * c;
+}
+
+/* multiples of p */
+static const uint32_t twoP0       = 0x07ffffda;
+static const uint32_t twoP13579   = 0x03fffffe;
+static const uint32_t twoP2468    = 0x07fffffe;
+static const uint32_t fourP0      = 0x0fffffb4;
+static const uint32_t fourP13579  = 0x07fffffc;
+static const uint32_t fourP2468   = 0x0ffffffc;
+
+/* out = a - b */
+DONNA_INLINE static void
+curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint32_t c;
+	out[0] = twoP0     + a[0] - b[0]    ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
+	out[1] = twoP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
+	out[2] = twoP2468  + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
+	out[3] = twoP13579 + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25;
+	out[4] = twoP2468  + a[4] - b[4] + c;
+	out[5] = twoP13579 + a[5] - b[5]    ;
+	out[6] = twoP2468  + a[6] - b[6]    ;
+	out[7] = twoP13579 + a[7] - b[7]    ;
+	out[8] = twoP2468  + a[8] - b[8]    ;
+	out[9] = twoP13579 + a[9] - b[9]    ;
+}
+
+/* out = a - b, where a is the result of a basic op (add,sub) */
+DONNA_INLINE static void
+curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint32_t c;
+	out[0] = fourP0     + a[0] - b[0]    ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
+	out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
+	out[2] = fourP2468  + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
+	out[3] = fourP13579 + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25;
+	out[4] = fourP2468  + a[4] - b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26;
+	out[5] = fourP13579 + a[5] - b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25;
+	out[6] = fourP2468  + a[6] - b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26;
+	out[7] = fourP13579 + a[7] - b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25;
+	out[8] = fourP2468  + a[8] - b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26;
+	out[9] = fourP13579 + a[9] - b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25;
+	out[0] += 19 * c;
+}
+
+DONNA_INLINE static void
+curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint32_t c;
+	out[0] = fourP0     + a[0] - b[0]    ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
+	out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
+	out[2] = fourP2468  + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
+	out[3] = fourP13579 + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25;
+	out[4] = fourP2468  + a[4] - b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26;
+	out[5] = fourP13579 + a[5] - b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25;
+	out[6] = fourP2468  + a[6] - b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26;
+	out[7] = fourP13579 + a[7] - b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25;
+	out[8] = fourP2468  + a[8] - b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26;
+	out[9] = fourP13579 + a[9] - b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25;
+	out[0] += 19 * c;
+}
+
+/* out = -a */
+DONNA_INLINE static void
+curve25519_neg(bignum25519 out, const bignum25519 a) {
+	uint32_t c;
+	out[0] = twoP0     - a[0]    ; c = (out[0] >> 26); out[0] &= reduce_mask_26;
+	out[1] = twoP13579 - a[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25;
+	out[2] = twoP2468  - a[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26;
+	out[3] = twoP13579 - a[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25;
+	out[4] = twoP2468  - a[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26;
+	out[5] = twoP13579 - a[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25;
+	out[6] = twoP2468  - a[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26;
+	out[7] = twoP13579 - a[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25;
+	out[8] = twoP2468  - a[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26;
+	out[9] = twoP13579 - a[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25;
+	out[0] += 19 * c;
+}
+
+/* out = a * b */
+#define curve25519_mul_noinline curve25519_mul
+static void
+curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
+	uint32_t s0,s1,s2,s3,s4,s5,s6,s7,s8,s9;
+	uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c;
+	uint32_t p;
+
+	r0 = b[0];
+	r1 = b[1];
+	r2 = b[2];
+	r3 = b[3];
+	r4 = b[4];
+	r5 = b[5];
+	r6 = b[6];
+	r7 = b[7];
+	r8 = b[8];
+	r9 = b[9];
+
+	s0 = a[0];
+	s1 = a[1];
+	s2 = a[2];
+	s3 = a[3];
+	s4 = a[4];
+	s5 = a[5];
+	s6 = a[6];
+	s7 = a[7];
+	s8 = a[8];
+	s9 = a[9];
+
+	m1 = mul32x32_64(r0, s1) + mul32x32_64(r1, s0);
+	m3 = mul32x32_64(r0, s3) + mul32x32_64(r1, s2) + mul32x32_64(r2, s1) + mul32x32_64(r3, s0);
+	m5 = mul32x32_64(r0, s5) + mul32x32_64(r1, s4) + mul32x32_64(r2, s3) + mul32x32_64(r3, s2) + mul32x32_64(r4, s1) + mul32x32_64(r5, s0);
+	m7 = mul32x32_64(r0, s7) + mul32x32_64(r1, s6) + mul32x32_64(r2, s5) + mul32x32_64(r3, s4) + mul32x32_64(r4, s3) + mul32x32_64(r5, s2) + mul32x32_64(r6, s1) + mul32x32_64(r7, s0);
+	m9 = mul32x32_64(r0, s9) + mul32x32_64(r1, s8) + mul32x32_64(r2, s7) + mul32x32_64(r3, s6) + mul32x32_64(r4, s5) + mul32x32_64(r5, s4) + mul32x32_64(r6, s3) + mul32x32_64(r7, s2) + mul32x32_64(r8, s1) + mul32x32_64(r9, s0);
+
+	r1 *= 2;
+	r3 *= 2;
+	r5 *= 2;
+	r7 *= 2;
+
+	m0 = mul32x32_64(r0, s0);
+	m2 = mul32x32_64(r0, s2) + mul32x32_64(r1, s1) + mul32x32_64(r2, s0);
+	m4 = mul32x32_64(r0, s4) + mul32x32_64(r1, s3) + mul32x32_64(r2, s2) + mul32x32_64(r3, s1) + mul32x32_64(r4, s0);
+	m6 = mul32x32_64(r0, s6) + mul32x32_64(r1, s5) + mul32x32_64(r2, s4) + mul32x32_64(r3, s3) + mul32x32_64(r4, s2) + mul32x32_64(r5, s1) + mul32x32_64(r6, s0);
+	m8 = mul32x32_64(r0, s8) + mul32x32_64(r1, s7) + mul32x32_64(r2, s6) + mul32x32_64(r3, s5) + mul32x32_64(r4, s4) + mul32x32_64(r5, s3) + mul32x32_64(r6, s2) + mul32x32_64(r7, s1) + mul32x32_64(r8, s0);
+
+	r1 *= 19;
+	r2 *= 19;
+	r3 = (r3 / 2) * 19;
+	r4 *= 19;
+	r5 = (r5 / 2) * 19;
+	r6 *= 19;
+	r7 = (r7 / 2) * 19;
+	r8 *= 19;
+	r9 *= 19;
+
+	m1 += (mul32x32_64(r9, s2) + mul32x32_64(r8, s3) + mul32x32_64(r7, s4) + mul32x32_64(r6, s5) + mul32x32_64(r5, s6) + mul32x32_64(r4, s7) + mul32x32_64(r3, s8) + mul32x32_64(r2, s9));
+	m3 += (mul32x32_64(r9, s4) + mul32x32_64(r8, s5) + mul32x32_64(r7, s6) + mul32x32_64(r6, s7) + mul32x32_64(r5, s8) + mul32x32_64(r4, s9));
+	m5 += (mul32x32_64(r9, s6) + mul32x32_64(r8, s7) + mul32x32_64(r7, s8) + mul32x32_64(r6, s9));
+	m7 += (mul32x32_64(r9, s8) + mul32x32_64(r8, s9));
+
+	r3 *= 2;
+	r5 *= 2;
+	r7 *= 2;
+	r9 *= 2;
+
+	m0 += (mul32x32_64(r9, s1) + mul32x32_64(r8, s2) + mul32x32_64(r7, s3) + mul32x32_64(r6, s4) + mul32x32_64(r5, s5) + mul32x32_64(r4, s6) + mul32x32_64(r3, s7) + mul32x32_64(r2, s8) + mul32x32_64(r1, s9));
+	m2 += (mul32x32_64(r9, s3) + mul32x32_64(r8, s4) + mul32x32_64(r7, s5) + mul32x32_64(r6, s6) + mul32x32_64(r5, s7) + mul32x32_64(r4, s8) + mul32x32_64(r3, s9));
+	m4 += (mul32x32_64(r9, s5) + mul32x32_64(r8, s6) + mul32x32_64(r7, s7) + mul32x32_64(r6, s8) + mul32x32_64(r5, s9));
+	m6 += (mul32x32_64(r9, s7) + mul32x32_64(r8, s8) + mul32x32_64(r7, s9));
+	m8 += (mul32x32_64(r9, s9));
+
+	                             r0 = (uint32_t)m0 & reduce_mask_26; c = (m0 >> 26);
+	m1 += c;                     r1 = (uint32_t)m1 & reduce_mask_25; c = (m1 >> 25);
+	m2 += c;                     r2 = (uint32_t)m2 & reduce_mask_26; c = (m2 >> 26);
+	m3 += c;                     r3 = (uint32_t)m3 & reduce_mask_25; c = (m3 >> 25);
+	m4 += c;                     r4 = (uint32_t)m4 & reduce_mask_26; c = (m4 >> 26);
+	m5 += c;                     r5 = (uint32_t)m5 & reduce_mask_25; c = (m5 >> 25);
+	m6 += c;                     r6 = (uint32_t)m6 & reduce_mask_26; c = (m6 >> 26);
+	m7 += c;                     r7 = (uint32_t)m7 & reduce_mask_25; c = (m7 >> 25);
+	m8 += c;                     r8 = (uint32_t)m8 & reduce_mask_26; c = (m8 >> 26);
+	m9 += c;                     r9 = (uint32_t)m9 & reduce_mask_25; p = (uint32_t)(m9 >> 25);
+	m0 = r0 + mul32x32_64(p,19); r0 = (uint32_t)m0 & reduce_mask_26; p = (uint32_t)(m0 >> 26);
+	r1 += p;
+
+	out[0] = r0;
+	out[1] = r1;
+	out[2] = r2;
+	out[3] = r3;
+	out[4] = r4;
+	out[5] = r5;
+	out[6] = r6;
+	out[7] = r7;
+	out[8] = r8;
+	out[9] = r9;
+}
+
+/* out = in*in */
+static void
+curve25519_square(bignum25519 out, const bignum25519 in) {
+	uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
+	uint32_t d6,d7,d8,d9;
+	uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c;
+	uint32_t p;
+
+	r0 = in[0];
+	r1 = in[1];
+	r2 = in[2];
+	r3 = in[3];
+	r4 = in[4];
+	r5 = in[5];
+	r6 = in[6];
+	r7 = in[7];
+	r8 = in[8];
+	r9 = in[9];
+
+	m0 = mul32x32_64(r0, r0);
+	r0 *= 2;
+	m1 = mul32x32_64(r0, r1);
+	m2 = mul32x32_64(r0, r2) + mul32x32_64(r1, r1 * 2);
+	r1 *= 2;
+	m3 = mul32x32_64(r0, r3) + mul32x32_64(r1, r2    );
+	m4 = mul32x32_64(r0, r4) + mul32x32_64(r1, r3 * 2) + mul32x32_64(r2, r2);
+	r2 *= 2;
+	m5 = mul32x32_64(r0, r5) + mul32x32_64(r1, r4    ) + mul32x32_64(r2, r3);
+	m6 = mul32x32_64(r0, r6) + mul32x32_64(r1, r5 * 2) + mul32x32_64(r2, r4) + mul32x32_64(r3, r3 * 2);
+	r3 *= 2;
+	m7 = mul32x32_64(r0, r7) + mul32x32_64(r1, r6    ) + mul32x32_64(r2, r5) + mul32x32_64(r3, r4    );
+	m8 = mul32x32_64(r0, r8) + mul32x32_64(r1, r7 * 2) + mul32x32_64(r2, r6) + mul32x32_64(r3, r5 * 2) + mul32x32_64(r4, r4    );
+	m9 = mul32x32_64(r0, r9) + mul32x32_64(r1, r8    ) + mul32x32_64(r2, r7) + mul32x32_64(r3, r6    ) + mul32x32_64(r4, r5 * 2);
+
+	d6 = r6 * 19;
+	d7 = r7 * 2 * 19;
+	d8 = r8 * 19;
+	d9 = r9 * 2 * 19;
+
+	m0 += (mul32x32_64(d9, r1    ) + mul32x32_64(d8, r2    ) + mul32x32_64(d7, r3    ) + mul32x32_64(d6, r4 * 2) + mul32x32_64(r5, r5 * 2 * 19));
+	m1 += (mul32x32_64(d9, r2 / 2) + mul32x32_64(d8, r3    ) + mul32x32_64(d7, r4    ) + mul32x32_64(d6, r5 * 2));
+	m2 += (mul32x32_64(d9, r3    ) + mul32x32_64(d8, r4 * 2) + mul32x32_64(d7, r5 * 2) + mul32x32_64(d6, r6    ));
+	m3 += (mul32x32_64(d9, r4    ) + mul32x32_64(d8, r5 * 2) + mul32x32_64(d7, r6    ));
+	m4 += (mul32x32_64(d9, r5 * 2) + mul32x32_64(d8, r6 * 2) + mul32x32_64(d7, r7    ));
+	m5 += (mul32x32_64(d9, r6    ) + mul32x32_64(d8, r7 * 2));
+	m6 += (mul32x32_64(d9, r7 * 2) + mul32x32_64(d8, r8    ));
+	m7 += (mul32x32_64(d9, r8    ));
+	m8 += (mul32x32_64(d9, r9    ));
+
+	                             r0 = (uint32_t)m0 & reduce_mask_26; c = (m0 >> 26);
+	m1 += c;                     r1 = (uint32_t)m1 & reduce_mask_25; c = (m1 >> 25);
+	m2 += c;                     r2 = (uint32_t)m2 & reduce_mask_26; c = (m2 >> 26);
+	m3 += c;                     r3 = (uint32_t)m3 & reduce_mask_25; c = (m3 >> 25);
+	m4 += c;                     r4 = (uint32_t)m4 & reduce_mask_26; c = (m4 >> 26);
+	m5 += c;                     r5 = (uint32_t)m5 & reduce_mask_25; c = (m5 >> 25);
+	m6 += c;                     r6 = (uint32_t)m6 & reduce_mask_26; c = (m6 >> 26);
+	m7 += c;                     r7 = (uint32_t)m7 & reduce_mask_25; c = (m7 >> 25);
+	m8 += c;                     r8 = (uint32_t)m8 & reduce_mask_26; c = (m8 >> 26);
+	m9 += c;                     r9 = (uint32_t)m9 & reduce_mask_25; p = (uint32_t)(m9 >> 25);
+	m0 = r0 + mul32x32_64(p,19); r0 = (uint32_t)m0 & reduce_mask_26; p = (uint32_t)(m0 >> 26);
+	r1 += p;
+
+	out[0] = r0;
+	out[1] = r1;
+	out[2] = r2;
+	out[3] = r3;
+	out[4] = r4;
+	out[5] = r5;
+	out[6] = r6;
+	out[7] = r7;
+	out[8] = r8;
+	out[9] = r9;
+}
+
+
+/* out = in ^ (2 * count) */
+static void
+curve25519_square_times(bignum25519 out, const bignum25519 in, int count) {
+	uint32_t r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
+	uint32_t d6,d7,d8,d9;
+	uint64_t m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c;
+	uint32_t p;
+
+	r0 = in[0];
+	r1 = in[1];
+	r2 = in[2];
+	r3 = in[3];
+	r4 = in[4];
+	r5 = in[5];
+	r6 = in[6];
+	r7 = in[7];
+	r8 = in[8];
+	r9 = in[9];
+
+	do {
+		m0 = mul32x32_64(r0, r0);
+		r0 *= 2;
+		m1 = mul32x32_64(r0, r1);
+		m2 = mul32x32_64(r0, r2) + mul32x32_64(r1, r1 * 2);
+		r1 *= 2;
+		m3 = mul32x32_64(r0, r3) + mul32x32_64(r1, r2    );
+		m4 = mul32x32_64(r0, r4) + mul32x32_64(r1, r3 * 2) + mul32x32_64(r2, r2);
+		r2 *= 2;
+		m5 = mul32x32_64(r0, r5) + mul32x32_64(r1, r4    ) + mul32x32_64(r2, r3);
+		m6 = mul32x32_64(r0, r6) + mul32x32_64(r1, r5 * 2) + mul32x32_64(r2, r4) + mul32x32_64(r3, r3 * 2);
+		r3 *= 2;
+		m7 = mul32x32_64(r0, r7) + mul32x32_64(r1, r6    ) + mul32x32_64(r2, r5) + mul32x32_64(r3, r4    );
+		m8 = mul32x32_64(r0, r8) + mul32x32_64(r1, r7 * 2) + mul32x32_64(r2, r6) + mul32x32_64(r3, r5 * 2) + mul32x32_64(r4, r4    );
+		m9 = mul32x32_64(r0, r9) + mul32x32_64(r1, r8    ) + mul32x32_64(r2, r7) + mul32x32_64(r3, r6    ) + mul32x32_64(r4, r5 * 2);
+
+		d6 = r6 * 19;
+		d7 = r7 * 2 * 19;
+		d8 = r8 * 19;
+		d9 = r9 * 2 * 19;
+
+		m0 += (mul32x32_64(d9, r1    ) + mul32x32_64(d8, r2    ) + mul32x32_64(d7, r3    ) + mul32x32_64(d6, r4 * 2) + mul32x32_64(r5, r5 * 2 * 19));
+		m1 += (mul32x32_64(d9, r2 / 2) + mul32x32_64(d8, r3    ) + mul32x32_64(d7, r4    ) + mul32x32_64(d6, r5 * 2));
+		m2 += (mul32x32_64(d9, r3    ) + mul32x32_64(d8, r4 * 2) + mul32x32_64(d7, r5 * 2) + mul32x32_64(d6, r6    ));
+		m3 += (mul32x32_64(d9, r4    ) + mul32x32_64(d8, r5 * 2) + mul32x32_64(d7, r6    ));
+		m4 += (mul32x32_64(d9, r5 * 2) + mul32x32_64(d8, r6 * 2) + mul32x32_64(d7, r7    ));
+		m5 += (mul32x32_64(d9, r6    ) + mul32x32_64(d8, r7 * 2));
+		m6 += (mul32x32_64(d9, r7 * 2) + mul32x32_64(d8, r8    ));
+		m7 += (mul32x32_64(d9, r8    ));
+		m8 += (mul32x32_64(d9, r9    ));
+
+		                             r0 = (uint32_t)m0 & reduce_mask_26; c = (m0 >> 26);
+		m1 += c;                     r1 = (uint32_t)m1 & reduce_mask_25; c = (m1 >> 25);
+		m2 += c;                     r2 = (uint32_t)m2 & reduce_mask_26; c = (m2 >> 26);
+		m3 += c;                     r3 = (uint32_t)m3 & reduce_mask_25; c = (m3 >> 25);
+		m4 += c;                     r4 = (uint32_t)m4 & reduce_mask_26; c = (m4 >> 26);
+		m5 += c;                     r5 = (uint32_t)m5 & reduce_mask_25; c = (m5 >> 25);
+		m6 += c;                     r6 = (uint32_t)m6 & reduce_mask_26; c = (m6 >> 26);
+		m7 += c;                     r7 = (uint32_t)m7 & reduce_mask_25; c = (m7 >> 25);
+		m8 += c;                     r8 = (uint32_t)m8 & reduce_mask_26; c = (m8 >> 26);
+		m9 += c;                     r9 = (uint32_t)m9 & reduce_mask_25; p = (uint32_t)(m9 >> 25);
+		m0 = r0 + mul32x32_64(p,19); r0 = (uint32_t)m0 & reduce_mask_26; p = (uint32_t)(m0 >> 26);
+		r1 += p;
+	} while (--count);
+
+	out[0] = r0;
+	out[1] = r1;
+	out[2] = r2;
+	out[3] = r3;
+	out[4] = r4;
+	out[5] = r5;
+	out[6] = r6;
+	out[7] = r7;
+	out[8] = r8;
+	out[9] = r9;
+}
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+static void
+curve25519_expand(bignum25519 out, const unsigned char in[32]) {
+	static const union { uint8_t b[2]; uint16_t s; } endian_check = {{1,0}};
+	uint32_t x0,x1,x2,x3,x4,x5,x6,x7;
+
+	if (endian_check.s == 1) {
+		x0 = *(uint32_t *)(in + 0);
+		x1 = *(uint32_t *)(in + 4);
+		x2 = *(uint32_t *)(in + 8);
+		x3 = *(uint32_t *)(in + 12);
+		x4 = *(uint32_t *)(in + 16);
+		x5 = *(uint32_t *)(in + 20);
+		x6 = *(uint32_t *)(in + 24);
+		x7 = *(uint32_t *)(in + 28);
+    } else {
+		#define F(s)                         \
+			((((uint32_t)in[s + 0])      ) | \
+			 (((uint32_t)in[s + 1]) <<  8) | \
+			 (((uint32_t)in[s + 2]) << 16) | \
+			 (((uint32_t)in[s + 3]) << 24))
+		x0 = F(0);
+		x1 = F(4);
+		x2 = F(8);
+		x3 = F(12);
+		x4 = F(16);
+		x5 = F(20);
+		x6 = F(24);
+		x7 = F(28);
+		#undef F
+	}
+
+	out[0] = (                        x0       ) & 0x3ffffff;
+	out[1] = ((((uint64_t)x1 << 32) | x0) >> 26) & 0x1ffffff;
+	out[2] = ((((uint64_t)x2 << 32) | x1) >> 19) & 0x3ffffff;
+	out[3] = ((((uint64_t)x3 << 32) | x2) >> 13) & 0x1ffffff;
+	out[4] = ((                       x3) >>  6) & 0x3ffffff;
+	out[5] = (                        x4       ) & 0x1ffffff;
+	out[6] = ((((uint64_t)x5 << 32) | x4) >> 25) & 0x3ffffff;
+	out[7] = ((((uint64_t)x6 << 32) | x5) >> 19) & 0x1ffffff;
+	out[8] = ((((uint64_t)x7 << 32) | x6) >> 12) & 0x3ffffff;
+	out[9] = ((                       x7) >>  6) & 0x1ffffff;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array
+ */
+static void
+curve25519_contract(unsigned char out[32], const bignum25519 in) {
+	bignum25519 f;
+	curve25519_copy(f, in);
+
+	#define carry_pass() \
+		f[1] += f[0] >> 26; f[0] &= reduce_mask_26; \
+		f[2] += f[1] >> 25; f[1] &= reduce_mask_25; \
+		f[3] += f[2] >> 26; f[2] &= reduce_mask_26; \
+		f[4] += f[3] >> 25; f[3] &= reduce_mask_25; \
+		f[5] += f[4] >> 26; f[4] &= reduce_mask_26; \
+		f[6] += f[5] >> 25; f[5] &= reduce_mask_25; \
+		f[7] += f[6] >> 26; f[6] &= reduce_mask_26; \
+		f[8] += f[7] >> 25; f[7] &= reduce_mask_25; \
+		f[9] += f[8] >> 26; f[8] &= reduce_mask_26;
+
+	#define carry_pass_full() \
+		carry_pass() \
+		f[0] += 19 * (f[9] >> 25); f[9] &= reduce_mask_25;
+
+	#define carry_pass_final() \
+		carry_pass() \
+		f[9] &= reduce_mask_25;
+
+	carry_pass_full()
+	carry_pass_full()
+
+	/* now t is between 0 and 2^255-1, properly carried. */
+	/* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+	f[0] += 19;
+	carry_pass_full()
+
+	/* now between 19 and 2^255-1 in both cases, and offset by 19. */
+	f[0] += (reduce_mask_26 + 1) - 19;
+	f[1] += (reduce_mask_25 + 1) - 1;
+	f[2] += (reduce_mask_26 + 1) - 1;
+	f[3] += (reduce_mask_25 + 1) - 1;
+	f[4] += (reduce_mask_26 + 1) - 1;
+	f[5] += (reduce_mask_25 + 1) - 1;
+	f[6] += (reduce_mask_26 + 1) - 1;
+	f[7] += (reduce_mask_25 + 1) - 1;
+	f[8] += (reduce_mask_26 + 1) - 1;
+	f[9] += (reduce_mask_25 + 1) - 1;
+
+	/* now between 2^255 and 2^256-20, and offset by 2^255. */
+	carry_pass_final()
+
+	#undef carry_pass
+	#undef carry_full
+	#undef carry_final
+
+	f[1] <<= 2;
+	f[2] <<= 3;
+	f[3] <<= 5;
+	f[4] <<= 6;
+	f[6] <<= 1;
+	f[7] <<= 3;
+	f[8] <<= 4;
+	f[9] <<= 6;
+
+	#define F(i, s) \
+		out[s+0] |= (unsigned char )(f[i] & 0xff); \
+		out[s+1] = (unsigned char )((f[i] >> 8) & 0xff); \
+		out[s+2] = (unsigned char )((f[i] >> 16) & 0xff); \
+		out[s+3] = (unsigned char )((f[i] >> 24) & 0xff);
+
+	out[0] = 0;
+	out[16] = 0;
+	F(0,0);
+	F(1,3);
+	F(2,6);
+	F(3,9);
+	F(4,12);
+	F(5,16);
+	F(6,19);
+	F(7,22);
+	F(8,25);
+	F(9,28);
+	#undef F
+}
+
+
+/* out = (flag) ? in : out */
+DONNA_INLINE static void
+curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint32_t flag) {
+	const uint32_t nb = flag - 1, b = ~nb;
+	const uint32_t *inl = (const uint32_t *)in;
+	uint32_t *outl = (uint32_t *)out;
+	outl[0] = (outl[0] & nb) | (inl[0] & b);
+	outl[1] = (outl[1] & nb) | (inl[1] & b);
+	outl[2] = (outl[2] & nb) | (inl[2] & b);
+	outl[3] = (outl[3] & nb) | (inl[3] & b);
+	outl[4] = (outl[4] & nb) | (inl[4] & b);
+	outl[5] = (outl[5] & nb) | (inl[5] & b);
+	outl[6] = (outl[6] & nb) | (inl[6] & b);
+	outl[7] = (outl[7] & nb) | (inl[7] & b);
+	outl[8] = (outl[8] & nb) | (inl[8] & b);
+	outl[9] = (outl[9] & nb) | (inl[9] & b);
+	outl[10] = (outl[10] & nb) | (inl[10] & b);
+	outl[11] = (outl[11] & nb) | (inl[11] & b);
+	outl[12] = (outl[12] & nb) | (inl[12] & b);
+	outl[13] = (outl[13] & nb) | (inl[13] & b);
+	outl[14] = (outl[14] & nb) | (inl[14] & b);
+	outl[15] = (outl[15] & nb) | (inl[15] & b);
+	outl[16] = (outl[16] & nb) | (inl[16] & b);
+	outl[17] = (outl[17] & nb) | (inl[17] & b);
+	outl[18] = (outl[18] & nb) | (inl[18] & b);
+	outl[19] = (outl[19] & nb) | (inl[19] & b);
+	outl[20] = (outl[20] & nb) | (inl[20] & b);
+	outl[21] = (outl[21] & nb) | (inl[21] & b);
+	outl[22] = (outl[22] & nb) | (inl[22] & b);
+	outl[23] = (outl[23] & nb) | (inl[23] & b);
+
+}
+
+/* if (iswap) swap(a, b) */
+DONNA_INLINE static void
+curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) {
+	const uint32_t swap = (uint32_t)(-(int32_t)iswap);
+	uint32_t x0,x1,x2,x3,x4,x5,x6,x7,x8,x9;
+
+	x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0;
+	x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1;
+	x2 = swap & (a[2] ^ b[2]); a[2] ^= x2; b[2] ^= x2;
+	x3 = swap & (a[3] ^ b[3]); a[3] ^= x3; b[3] ^= x3;
+	x4 = swap & (a[4] ^ b[4]); a[4] ^= x4; b[4] ^= x4;
+	x5 = swap & (a[5] ^ b[5]); a[5] ^= x5; b[5] ^= x5;
+	x6 = swap & (a[6] ^ b[6]); a[6] ^= x6; b[6] ^= x6;
+	x7 = swap & (a[7] ^ b[7]); a[7] ^= x7; b[7] ^= x7;
+	x8 = swap & (a[8] ^ b[8]); a[8] ^= x8; b[8] ^= x8;
+	x9 = swap & (a[9] ^ b[9]); a[9] ^= x9; b[9] ^= x9;
+}
diff --git a/src/ext/ed25519/donna/curve25519-donna-64bit.h b/src/ext/ed25519/donna/curve25519-donna-64bit.h
new file mode 100644
index 0000000000..2941d1bcdc
--- /dev/null
+++ b/src/ext/ed25519/donna/curve25519-donna-64bit.h
@@ -0,0 +1,413 @@
+/*
+	Public domain by Adam Langley <agl@imperialviolet.org> &
+	                 Andrew M. <liquidsun@gmail.com>
+	See: https://github.com/floodyberry/curve25519-donna
+
+	64bit integer curve25519 implementation
+*/
+
+typedef uint64_t bignum25519[5];
+
+static const uint64_t reduce_mask_40 = ((uint64_t)1 << 40) - 1;
+static const uint64_t reduce_mask_51 = ((uint64_t)1 << 51) - 1;
+static const uint64_t reduce_mask_56 = ((uint64_t)1 << 56) - 1;
+
+/* out = in */
+DONNA_INLINE static void
+curve25519_copy(bignum25519 out, const bignum25519 in) {
+	out[0] = in[0];
+	out[1] = in[1];
+	out[2] = in[2];
+	out[3] = in[3];
+	out[4] = in[4];
+}
+
+/* out = a + b */
+DONNA_INLINE static void
+curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	out[0] = a[0] + b[0];
+	out[1] = a[1] + b[1];
+	out[2] = a[2] + b[2];
+	out[3] = a[3] + b[3];
+	out[4] = a[4] + b[4];
+}
+
+/* out = a + b, where a and/or b are the result of a basic op (add,sub) */
+DONNA_INLINE static void
+curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	out[0] = a[0] + b[0];
+	out[1] = a[1] + b[1];
+	out[2] = a[2] + b[2];
+	out[3] = a[3] + b[3];
+	out[4] = a[4] + b[4];
+}
+
+DONNA_INLINE static void
+curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint64_t c;
+	out[0] = a[0] + b[0]    ; c = (out[0] >> 51); out[0] &= reduce_mask_51;
+	out[1] = a[1] + b[1] + c; c = (out[1] >> 51); out[1] &= reduce_mask_51;
+	out[2] = a[2] + b[2] + c; c = (out[2] >> 51); out[2] &= reduce_mask_51;
+	out[3] = a[3] + b[3] + c; c = (out[3] >> 51); out[3] &= reduce_mask_51;
+	out[4] = a[4] + b[4] + c; c = (out[4] >> 51); out[4] &= reduce_mask_51;
+	out[0] += c * 19;
+}
+
+/* multiples of p */
+static const uint64_t twoP0      = 0x0fffffffffffda;
+static const uint64_t twoP1234   = 0x0ffffffffffffe;
+static const uint64_t fourP0     = 0x1fffffffffffb4;
+static const uint64_t fourP1234  = 0x1ffffffffffffc;
+
+/* out = a - b */
+DONNA_INLINE static void
+curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	out[0] = a[0] + twoP0    - b[0];
+	out[1] = a[1] + twoP1234 - b[1];
+	out[2] = a[2] + twoP1234 - b[2];
+	out[3] = a[3] + twoP1234 - b[3];
+	out[4] = a[4] + twoP1234 - b[4];
+}
+
+/* out = a - b, where a and/or b are the result of a basic op (add,sub) */
+DONNA_INLINE static void
+curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	out[0] = a[0] + fourP0    - b[0];
+	out[1] = a[1] + fourP1234 - b[1];
+	out[2] = a[2] + fourP1234 - b[2];
+	out[3] = a[3] + fourP1234 - b[3];
+	out[4] = a[4] + fourP1234 - b[4];
+}
+
+DONNA_INLINE static void
+curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	uint64_t c;
+	out[0] = a[0] + fourP0    - b[0]    ; c = (out[0] >> 51); out[0] &= reduce_mask_51;
+	out[1] = a[1] + fourP1234 - b[1] + c; c = (out[1] >> 51); out[1] &= reduce_mask_51;
+	out[2] = a[2] + fourP1234 - b[2] + c; c = (out[2] >> 51); out[2] &= reduce_mask_51;
+	out[3] = a[3] + fourP1234 - b[3] + c; c = (out[3] >> 51); out[3] &= reduce_mask_51;
+	out[4] = a[4] + fourP1234 - b[4] + c; c = (out[4] >> 51); out[4] &= reduce_mask_51;
+	out[0] += c * 19;
+}
+
+/* out = -a */
+DONNA_INLINE static void
+curve25519_neg(bignum25519 out, const bignum25519 a) {
+	uint64_t c;
+	out[0] = twoP0    - a[0]    ; c = (out[0] >> 51); out[0] &= reduce_mask_51;
+	out[1] = twoP1234 - a[1] + c; c = (out[1] >> 51); out[1] &= reduce_mask_51;
+	out[2] = twoP1234 - a[2] + c; c = (out[2] >> 51); out[2] &= reduce_mask_51;
+	out[3] = twoP1234 - a[3] + c; c = (out[3] >> 51); out[3] &= reduce_mask_51;
+	out[4] = twoP1234 - a[4] + c; c = (out[4] >> 51); out[4] &= reduce_mask_51;
+	out[0] += c * 19;
+}
+
+/* out = a * b */
+DONNA_INLINE static void
+curve25519_mul(bignum25519 out, const bignum25519 in2, const bignum25519 in) {
+#if !defined(HAVE_NATIVE_UINT128)
+	uint128_t mul;
+#endif
+	uint128_t t[5];
+	uint64_t r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c;
+
+	r0 = in[0];
+	r1 = in[1];
+	r2 = in[2];
+	r3 = in[3];
+	r4 = in[4];
+
+	s0 = in2[0];
+	s1 = in2[1];
+	s2 = in2[2];
+	s3 = in2[3];
+	s4 = in2[4];
+
+#if defined(HAVE_NATIVE_UINT128)
+	t[0]  =  ((uint128_t) r0) * s0;
+	t[1]  =  ((uint128_t) r0) * s1 + ((uint128_t) r1) * s0;
+	t[2]  =  ((uint128_t) r0) * s2 + ((uint128_t) r2) * s0 + ((uint128_t) r1) * s1;
+	t[3]  =  ((uint128_t) r0) * s3 + ((uint128_t) r3) * s0 + ((uint128_t) r1) * s2 + ((uint128_t) r2) * s1;
+	t[4]  =  ((uint128_t) r0) * s4 + ((uint128_t) r4) * s0 + ((uint128_t) r3) * s1 + ((uint128_t) r1) * s3 + ((uint128_t) r2) * s2;
+#else
+	mul64x64_128(t[0], r0, s0)
+	mul64x64_128(t[1], r0, s1) mul64x64_128(mul, r1, s0) add128(t[1], mul)
+	mul64x64_128(t[2], r0, s2) mul64x64_128(mul, r2, s0) add128(t[2], mul) mul64x64_128(mul, r1, s1) add128(t[2], mul)
+	mul64x64_128(t[3], r0, s3) mul64x64_128(mul, r3, s0) add128(t[3], mul) mul64x64_128(mul, r1, s2) add128(t[3], mul) mul64x64_128(mul, r2, s1) add128(t[3], mul)
+	mul64x64_128(t[4], r0, s4) mul64x64_128(mul, r4, s0) add128(t[4], mul) mul64x64_128(mul, r3, s1) add128(t[4], mul) mul64x64_128(mul, r1, s3) add128(t[4], mul) mul64x64_128(mul, r2, s2) add128(t[4], mul)
+#endif
+
+	r1 *= 19;
+	r2 *= 19;
+	r3 *= 19;
+	r4 *= 19;
+
+#if defined(HAVE_NATIVE_UINT128)
+	t[0] += ((uint128_t) r4) * s1 + ((uint128_t) r1) * s4 + ((uint128_t) r2) * s3 + ((uint128_t) r3) * s2;
+	t[1] += ((uint128_t) r4) * s2 + ((uint128_t) r2) * s4 + ((uint128_t) r3) * s3;
+	t[2] += ((uint128_t) r4) * s3 + ((uint128_t) r3) * s4;
+	t[3] += ((uint128_t) r4) * s4;
+#else
+	mul64x64_128(mul, r4, s1) add128(t[0], mul) mul64x64_128(mul, r1, s4) add128(t[0], mul) mul64x64_128(mul, r2, s3) add128(t[0], mul) mul64x64_128(mul, r3, s2) add128(t[0], mul)
+	mul64x64_128(mul, r4, s2) add128(t[1], mul) mul64x64_128(mul, r2, s4) add128(t[1], mul) mul64x64_128(mul, r3, s3) add128(t[1], mul)
+	mul64x64_128(mul, r4, s3) add128(t[2], mul) mul64x64_128(mul, r3, s4) add128(t[2], mul)
+	mul64x64_128(mul, r4, s4) add128(t[3], mul)
+#endif
+
+
+	                     r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51);
+	add128_64(t[1], c)   r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51);
+	add128_64(t[2], c)   r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51);
+	add128_64(t[3], c)   r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51);
+	add128_64(t[4], c)   r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51);
+	r0 +=   c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51;
+	r1 +=   c;
+
+	out[0] = r0;
+	out[1] = r1;
+	out[2] = r2;
+	out[3] = r3;
+	out[4] = r4;
+}
+
+DONNA_NOINLINE static void
+curve25519_mul_noinline(bignum25519 out, const bignum25519 in2, const bignum25519 in) {
+	curve25519_mul(out, in2, in);
+}
+
+/* out = in^(2 * count) */
+DONNA_NOINLINE static void
+curve25519_square_times(bignum25519 out, const bignum25519 in, uint64_t count) {
+#if !defined(HAVE_NATIVE_UINT128)
+	uint128_t mul;
+#endif
+	uint128_t t[5];
+	uint64_t r0,r1,r2,r3,r4,c;
+	uint64_t d0,d1,d2,d4,d419;
+
+	r0 = in[0];
+	r1 = in[1];
+	r2 = in[2];
+	r3 = in[3];
+	r4 = in[4];
+
+	do {
+		d0 = r0 * 2;
+		d1 = r1 * 2;
+		d2 = r2 * 2 * 19;
+		d419 = r4 * 19;
+		d4 = d419 * 2;
+
+#if defined(HAVE_NATIVE_UINT128)
+		t[0] = ((uint128_t) r0) * r0 + ((uint128_t) d4) * r1 + (((uint128_t) d2) * (r3     ));
+		t[1] = ((uint128_t) d0) * r1 + ((uint128_t) d4) * r2 + (((uint128_t) r3) * (r3 * 19));
+		t[2] = ((uint128_t) d0) * r2 + ((uint128_t) r1) * r1 + (((uint128_t) d4) * (r3     ));
+		t[3] = ((uint128_t) d0) * r3 + ((uint128_t) d1) * r2 + (((uint128_t) r4) * (d419   ));
+		t[4] = ((uint128_t) d0) * r4 + ((uint128_t) d1) * r3 + (((uint128_t) r2) * (r2     ));
+#else
+		mul64x64_128(t[0], r0, r0) mul64x64_128(mul, d4, r1) add128(t[0], mul) mul64x64_128(mul, d2,      r3) add128(t[0], mul)
+		mul64x64_128(t[1], d0, r1) mul64x64_128(mul, d4, r2) add128(t[1], mul) mul64x64_128(mul, r3, r3 * 19) add128(t[1], mul)
+		mul64x64_128(t[2], d0, r2) mul64x64_128(mul, r1, r1) add128(t[2], mul) mul64x64_128(mul, d4,      r3) add128(t[2], mul)
+		mul64x64_128(t[3], d0, r3) mul64x64_128(mul, d1, r2) add128(t[3], mul) mul64x64_128(mul, r4,    d419) add128(t[3], mul)
+		mul64x64_128(t[4], d0, r4) mul64x64_128(mul, d1, r3) add128(t[4], mul) mul64x64_128(mul, r2,      r2) add128(t[4], mul)
+#endif
+
+		r0 = lo128(t[0]) & reduce_mask_51;
+		r1 = lo128(t[1]) & reduce_mask_51; shl128(c, t[0], 13); r1 += c;
+		r2 = lo128(t[2]) & reduce_mask_51; shl128(c, t[1], 13); r2 += c;
+		r3 = lo128(t[3]) & reduce_mask_51; shl128(c, t[2], 13); r3 += c;
+		r4 = lo128(t[4]) & reduce_mask_51; shl128(c, t[3], 13); r4 += c; 
+		                                   shl128(c, t[4], 13); r0 += c * 19;
+		               c = r0 >> 51; r0 &= reduce_mask_51;
+		r1 += c     ;  c = r1 >> 51; r1 &= reduce_mask_51;
+		r2 += c     ;  c = r2 >> 51; r2 &= reduce_mask_51;
+		r3 += c     ;  c = r3 >> 51; r3 &= reduce_mask_51;
+		r4 += c     ;  c = r4 >> 51; r4 &= reduce_mask_51;
+		r0 += c * 19;
+	} while(--count);
+
+	out[0] = r0;
+	out[1] = r1;
+	out[2] = r2;
+	out[3] = r3;
+	out[4] = r4;
+}
+
+DONNA_INLINE static void
+curve25519_square(bignum25519 out, const bignum25519 in) {
+#if !defined(HAVE_NATIVE_UINT128)
+	uint128_t mul;
+#endif
+	uint128_t t[5];
+	uint64_t r0,r1,r2,r3,r4,c;
+	uint64_t d0,d1,d2,d4,d419;
+
+	r0 = in[0];
+	r1 = in[1];
+	r2 = in[2];
+	r3 = in[3];
+	r4 = in[4];
+
+	d0 = r0 * 2;
+	d1 = r1 * 2;
+	d2 = r2 * 2 * 19;
+	d419 = r4 * 19;
+	d4 = d419 * 2;
+
+#if defined(HAVE_NATIVE_UINT128)
+	t[0] = ((uint128_t) r0) * r0 + ((uint128_t) d4) * r1 + (((uint128_t) d2) * (r3     ));
+	t[1] = ((uint128_t) d0) * r1 + ((uint128_t) d4) * r2 + (((uint128_t) r3) * (r3 * 19));
+	t[2] = ((uint128_t) d0) * r2 + ((uint128_t) r1) * r1 + (((uint128_t) d4) * (r3     ));
+	t[3] = ((uint128_t) d0) * r3 + ((uint128_t) d1) * r2 + (((uint128_t) r4) * (d419   ));
+	t[4] = ((uint128_t) d0) * r4 + ((uint128_t) d1) * r3 + (((uint128_t) r2) * (r2     ));
+#else
+	mul64x64_128(t[0], r0, r0) mul64x64_128(mul, d4, r1) add128(t[0], mul) mul64x64_128(mul, d2,      r3) add128(t[0], mul)
+	mul64x64_128(t[1], d0, r1) mul64x64_128(mul, d4, r2) add128(t[1], mul) mul64x64_128(mul, r3, r3 * 19) add128(t[1], mul)
+	mul64x64_128(t[2], d0, r2) mul64x64_128(mul, r1, r1) add128(t[2], mul) mul64x64_128(mul, d4,      r3) add128(t[2], mul)
+	mul64x64_128(t[3], d0, r3) mul64x64_128(mul, d1, r2) add128(t[3], mul) mul64x64_128(mul, r4,    d419) add128(t[3], mul)
+	mul64x64_128(t[4], d0, r4) mul64x64_128(mul, d1, r3) add128(t[4], mul) mul64x64_128(mul, r2,      r2) add128(t[4], mul)
+#endif
+
+	                     r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51);
+	add128_64(t[1], c)   r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51);
+	add128_64(t[2], c)   r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51);
+	add128_64(t[3], c)   r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51);
+	add128_64(t[4], c)   r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51);
+	r0 +=   c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51;
+	r1 +=   c;
+
+	out[0] = r0;
+	out[1] = r1;
+	out[2] = r2;
+	out[3] = r3;
+	out[4] = r4;
+}
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+DONNA_INLINE static void
+curve25519_expand(bignum25519 out, const unsigned char *in) {
+	static const union { uint8_t b[2]; uint16_t s; } endian_check = {{1,0}};
+	uint64_t x0,x1,x2,x3;
+
+	if (endian_check.s == 1) {
+		x0 = *(uint64_t *)(in + 0);
+		x1 = *(uint64_t *)(in + 8);
+		x2 = *(uint64_t *)(in + 16);
+		x3 = *(uint64_t *)(in + 24);
+	} else {
+		#define F(s)                         \
+			((((uint64_t)in[s + 0])      ) | \
+			 (((uint64_t)in[s + 1]) <<  8) | \
+			 (((uint64_t)in[s + 2]) << 16) | \
+			 (((uint64_t)in[s + 3]) << 24) | \
+			 (((uint64_t)in[s + 4]) << 32) | \
+			 (((uint64_t)in[s + 5]) << 40) | \
+			 (((uint64_t)in[s + 6]) << 48) | \
+			 (((uint64_t)in[s + 7]) << 56))
+
+		x0 = F(0);
+		x1 = F(8);
+		x2 = F(16);
+		x3 = F(24);
+	}
+
+	out[0] = x0 & reduce_mask_51; x0 = (x0 >> 51) | (x1 << 13);
+	out[1] = x0 & reduce_mask_51; x1 = (x1 >> 38) | (x2 << 26);
+	out[2] = x1 & reduce_mask_51; x2 = (x2 >> 25) | (x3 << 39);
+	out[3] = x2 & reduce_mask_51; x3 = (x3 >> 12);
+	out[4] = x3 & reduce_mask_51;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array
+ */
+DONNA_INLINE static void
+curve25519_contract(unsigned char *out, const bignum25519 input) {
+	uint64_t t[5];
+	uint64_t f, i;
+
+	t[0] = input[0];
+	t[1] = input[1];
+	t[2] = input[2];
+	t[3] = input[3];
+	t[4] = input[4];
+
+	#define curve25519_contract_carry() \
+		t[1] += t[0] >> 51; t[0] &= reduce_mask_51; \
+		t[2] += t[1] >> 51; t[1] &= reduce_mask_51; \
+		t[3] += t[2] >> 51; t[2] &= reduce_mask_51; \
+		t[4] += t[3] >> 51; t[3] &= reduce_mask_51;
+
+	#define curve25519_contract_carry_full() curve25519_contract_carry() \
+		t[0] += 19 * (t[4] >> 51); t[4] &= reduce_mask_51;
+
+	#define curve25519_contract_carry_final() curve25519_contract_carry() \
+		t[4] &= reduce_mask_51;
+
+	curve25519_contract_carry_full()
+	curve25519_contract_carry_full()
+
+	/* now t is between 0 and 2^255-1, properly carried. */
+	/* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+	t[0] += 19;
+	curve25519_contract_carry_full()
+
+	/* now between 19 and 2^255-1 in both cases, and offset by 19. */
+	t[0] += (reduce_mask_51 + 1) - 19;
+	t[1] += (reduce_mask_51 + 1) - 1;
+	t[2] += (reduce_mask_51 + 1) - 1;
+	t[3] += (reduce_mask_51 + 1) - 1;
+	t[4] += (reduce_mask_51 + 1) - 1;
+
+	/* now between 2^255 and 2^256-20, and offset by 2^255. */
+	curve25519_contract_carry_final()
+
+	#define write51full(n,shift) \
+		f = ((t[n] >> shift) | (t[n+1] << (51 - shift))); \
+		for (i = 0; i < 8; i++, f >>= 8) *out++ = (unsigned char)f;
+	#define write51(n) write51full(n,13*n)
+	write51(0)
+	write51(1)
+	write51(2)
+	write51(3)
+}
+
+#if !defined(ED25519_GCC_64BIT_CHOOSE)
+
+/* out = (flag) ? in : out */
+DONNA_INLINE static void
+curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint64_t flag) {
+	const uint64_t nb = flag - 1, b = ~nb;
+	const uint64_t *inq = (const uint64_t *)in;
+	uint64_t *outq = (uint64_t *)out;
+	outq[0] = (outq[0] & nb) | (inq[0] & b);
+	outq[1] = (outq[1] & nb) | (inq[1] & b);
+	outq[2] = (outq[2] & nb) | (inq[2] & b);
+	outq[3] = (outq[3] & nb) | (inq[3] & b);
+	outq[4] = (outq[4] & nb) | (inq[4] & b);
+	outq[5] = (outq[5] & nb) | (inq[5] & b);
+	outq[6] = (outq[6] & nb) | (inq[6] & b);
+	outq[7] = (outq[7] & nb) | (inq[7] & b);
+	outq[8] = (outq[8] & nb) | (inq[8] & b);
+	outq[9] = (outq[9] & nb) | (inq[9] & b);
+	outq[10] = (outq[10] & nb) | (inq[10] & b);
+	outq[11] = (outq[11] & nb) | (inq[11] & b);
+}
+
+/* if (iswap) swap(a, b) */
+DONNA_INLINE static void
+curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint64_t iswap) {
+	const uint64_t swap = (uint64_t)(-(int64_t)iswap);
+	uint64_t x0,x1,x2,x3,x4;
+
+	x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0;
+	x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1;
+	x2 = swap & (a[2] ^ b[2]); a[2] ^= x2; b[2] ^= x2;
+	x3 = swap & (a[3] ^ b[3]); a[3] ^= x3; b[3] ^= x3;
+	x4 = swap & (a[4] ^ b[4]); a[4] ^= x4; b[4] ^= x4;
+}
+
+#endif /* ED25519_GCC_64BIT_CHOOSE */
+
+#define ED25519_64BIT_TABLES
+
diff --git a/src/ext/ed25519/donna/curve25519-donna-helpers.h b/src/ext/ed25519/donna/curve25519-donna-helpers.h
new file mode 100644
index 0000000000..ca442fa24f
--- /dev/null
+++ b/src/ext/ed25519/donna/curve25519-donna-helpers.h
@@ -0,0 +1,84 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+	See: https://github.com/floodyberry/curve25519-donna
+
+	Curve25519 implementation agnostic helpers
+*/
+
+#ifdef __GNUC__
+#define ED_GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && ED_GCC_VERSION >= 401
+#if ED_GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of GCC (particularly on arm) give us bogus warnings here.
+ * Suppress the GCC warning so we can build Tor with -Wstack-protector. */
+#pragma GCC diagnostic ignored "-Wstack-protector"
+#endif
+
+/*
+ * In:  b =   2^5 - 2^0
+ * Out: b = 2^250 - 2^0
+ */
+static void
+curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
+	bignum25519 ALIGN(16) t0,c;
+
+	/* 2^5  - 2^0 */ /* b */
+	/* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5);
+	/* 2^10 - 2^0 */ curve25519_mul_noinline(b, t0, b);
+	/* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10);
+	/* 2^20 - 2^0 */ curve25519_mul_noinline(c, t0, b);
+	/* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20);
+	/* 2^40 - 2^0 */ curve25519_mul_noinline(t0, t0, c);
+	/* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10);
+	/* 2^50 - 2^0 */ curve25519_mul_noinline(b, t0, b);
+	/* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50);
+	/* 2^100 - 2^0 */ curve25519_mul_noinline(c, t0, b);
+	/* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100);
+	/* 2^200 - 2^0 */ curve25519_mul_noinline(t0, t0, c);
+	/* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50);
+	/* 2^250 - 2^0 */ curve25519_mul_noinline(b, t0, b);
+}
+
+/*
+ * z^(p - 2) = z(2^255 - 21)
+ */
+static void
+curve25519_recip(bignum25519 out, const bignum25519 z) {
+	bignum25519 ALIGN(16) a,t0,b;
+
+	/* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */
+	/* 8 */ curve25519_square_times(t0, a, 2);
+	/* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */
+	/* 11 */ curve25519_mul_noinline(a, b, a); /* a = 11 */
+	/* 22 */ curve25519_square_times(t0, a, 1);
+	/* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b);
+	/* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b);
+	/* 2^255 - 2^5 */ curve25519_square_times(b, b, 5);
+	/* 2^255 - 21 */ curve25519_mul_noinline(out, b, a);
+}
+
+/*
+ * z^((p-5)/8) = z^(2^252 - 3)
+ */
+static void
+curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) {
+	bignum25519 ALIGN(16) b,c,t0;
+
+	/* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */
+	/* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */
+	/* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */
+	/* 11 */ curve25519_mul_noinline(c, b, c); /* c = 11 */
+	/* 22 */ curve25519_square_times(t0, c, 1);
+	/* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b);
+	/* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b);
+	/* 2^252 - 2^2 */ curve25519_square_times(b, b, 2);
+	/* 2^252 - 3 */ curve25519_mul_noinline(two252m3, b, z);
+}
+
+#if __GNUC__ && ED_GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#endif
diff --git a/src/ext/ed25519/donna/curve25519-donna-sse2.h b/src/ext/ed25519/donna/curve25519-donna-sse2.h
new file mode 100644
index 0000000000..1dbfd44d8b
--- /dev/null
+++ b/src/ext/ed25519/donna/curve25519-donna-sse2.h
@@ -0,0 +1,1112 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+	See: https://github.com/floodyberry/curve25519-donna
+
+	SSE2 curve25519 implementation
+*/
+
+#include <emmintrin.h>
+typedef __m128i xmmi;
+
+typedef union packedelem8_t {
+	unsigned char u[16];
+	xmmi v;
+} packedelem8;
+
+typedef union packedelem32_t {
+	uint32_t u[4];
+	xmmi v;
+} packedelem32;
+
+typedef union packedelem64_t {
+	uint64_t u[2];
+	xmmi v;
+} packedelem64;
+
+/* 10 elements + an extra 2 to fit in 3 xmm registers */
+typedef uint32_t bignum25519[12];
+typedef packedelem32 packed32bignum25519[5];
+typedef packedelem64 packed64bignum25519[10];
+
+static const packedelem32 bot32bitmask = {{0xffffffff, 0x00000000, 0xffffffff, 0x00000000}};
+static const packedelem32 top32bitmask = {{0x00000000, 0xffffffff, 0x00000000, 0xffffffff}};
+static const packedelem32 top64bitmask = {{0x00000000, 0x00000000, 0xffffffff, 0xffffffff}};
+static const packedelem32 bot64bitmask = {{0xffffffff, 0xffffffff, 0x00000000, 0x00000000}};
+
+/* reduction masks */
+static const packedelem64 packedmask26 = {{0x03ffffff, 0x03ffffff}};
+static const packedelem64 packedmask25 = {{0x01ffffff, 0x01ffffff}};
+static const packedelem32 packedmask2625 = {{0x3ffffff,0,0x1ffffff,0}};
+static const packedelem32 packedmask26262626 = {{0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff}};
+static const packedelem32 packedmask25252525 = {{0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff}};
+
+/* multipliers */
+static const packedelem64 packednineteen = {{19, 19}};
+static const packedelem64 packednineteenone = {{19, 1}};
+static const packedelem64 packedthirtyeight = {{38, 38}};
+static const packedelem64 packed3819 = {{19*2,19}};
+static const packedelem64 packed9638 = {{19*4,19*2}};
+
+/* 121666,121665 */
+static const packedelem64 packed121666121665 = {{121666, 121665}};
+
+/* 2*(2^255 - 19) = 0 mod p */
+static const packedelem32 packed2p0 = {{0x7ffffda,0x3fffffe,0x7fffffe,0x3fffffe}};
+static const packedelem32 packed2p1 = {{0x7fffffe,0x3fffffe,0x7fffffe,0x3fffffe}};
+static const packedelem32 packed2p2 = {{0x7fffffe,0x3fffffe,0x0000000,0x0000000}};
+
+static const packedelem32 packed32packed2p0 = {{0x7ffffda,0x7ffffda,0x3fffffe,0x3fffffe}};
+static const packedelem32 packed32packed2p1 = {{0x7fffffe,0x7fffffe,0x3fffffe,0x3fffffe}};
+
+/* 4*(2^255 - 19) = 0 mod p */
+static const packedelem32 packed4p0 = {{0xfffffb4,0x7fffffc,0xffffffc,0x7fffffc}};
+static const packedelem32 packed4p1 = {{0xffffffc,0x7fffffc,0xffffffc,0x7fffffc}};
+static const packedelem32 packed4p2 = {{0xffffffc,0x7fffffc,0x0000000,0x0000000}};
+
+static const packedelem32 packed32packed4p0 = {{0xfffffb4,0xfffffb4,0x7fffffc,0x7fffffc}};
+static const packedelem32 packed32packed4p1 = {{0xffffffc,0xffffffc,0x7fffffc,0x7fffffc}};
+
+/* out = in */
+DONNA_INLINE static void
+curve25519_copy(bignum25519 out, const bignum25519 in) {
+	xmmi x0,x1,x2;
+	x0 = _mm_load_si128((xmmi*)in + 0);
+	x1 = _mm_load_si128((xmmi*)in + 1);
+	x2 = _mm_load_si128((xmmi*)in + 2);
+	_mm_store_si128((xmmi*)out + 0, x0);
+	_mm_store_si128((xmmi*)out + 1, x1);
+	_mm_store_si128((xmmi*)out + 2, x2);
+}
+
+/* out = a + b */
+DONNA_INLINE static void
+curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	xmmi a0,a1,a2,b0,b1,b2;
+	a0 = _mm_load_si128((xmmi*)a + 0);
+	a1 = _mm_load_si128((xmmi*)a + 1);
+	a2 = _mm_load_si128((xmmi*)a + 2);
+	b0 = _mm_load_si128((xmmi*)b + 0);
+	b1 = _mm_load_si128((xmmi*)b + 1);
+	b2 = _mm_load_si128((xmmi*)b + 2);
+	a0 = _mm_add_epi32(a0, b0);
+	a1 = _mm_add_epi32(a1, b1);
+	a2 = _mm_add_epi32(a2, b2);
+	_mm_store_si128((xmmi*)out + 0, a0);
+	_mm_store_si128((xmmi*)out + 1, a1);
+	_mm_store_si128((xmmi*)out + 2, a2);
+}
+
+#define curve25519_add_after_basic curve25519_add_reduce
+DONNA_INLINE static void
+curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	xmmi a0,a1,a2,b0,b1,b2;
+	xmmi c1,c2,c3;
+	xmmi r0,r1,r2,r3,r4,r5;
+
+	a0 = _mm_load_si128((xmmi*)a + 0);
+	a1 = _mm_load_si128((xmmi*)a + 1);
+	a2 = _mm_load_si128((xmmi*)a + 2);
+	b0 = _mm_load_si128((xmmi*)b + 0);
+	b1 = _mm_load_si128((xmmi*)b + 1);
+	b2 = _mm_load_si128((xmmi*)b + 2);
+	a0 = _mm_add_epi32(a0, b0);
+	a1 = _mm_add_epi32(a1, b1);
+	a2 = _mm_add_epi32(a2, b2);
+
+	r0 = _mm_and_si128(_mm_unpacklo_epi64(a0, a1), bot32bitmask.v);
+	r1 = _mm_srli_epi64(_mm_unpacklo_epi64(a0, a1), 32);
+	r2 = _mm_and_si128(_mm_unpackhi_epi64(a0, a1), bot32bitmask.v);
+	r3 = _mm_srli_epi64(_mm_unpackhi_epi64(a0, a1), 32);
+	r4 = _mm_and_si128(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), bot32bitmask.v);
+	r5 = _mm_srli_epi64(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), 32);
+
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+	c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8);
+	c1 = _mm_srli_epi64(r4, 26);                                                                      r4 = _mm_and_si128(r4, packedmask26.v);                             r5 = _mm_add_epi64(r5, c1); 
+	c1 = _mm_srli_epi64(r5, 25);                                                                      r5 = _mm_and_si128(r5, packedmask25.v);                             r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3));
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+
+	_mm_store_si128((xmmi*)out + 0, _mm_unpacklo_epi64(_mm_unpacklo_epi32(r0, r1), _mm_unpacklo_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 1, _mm_unpacklo_epi64(_mm_unpackhi_epi32(r0, r1), _mm_unpackhi_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 2, _mm_unpackhi_epi32(r4, r5));
+}
+
+DONNA_INLINE static void
+curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	xmmi a0,a1,a2,b0,b1,b2;
+	xmmi c1,c2;
+	xmmi r0,r1;
+
+	a0 = _mm_load_si128((xmmi*)a + 0);
+	a1 = _mm_load_si128((xmmi*)a + 1);
+	a2 = _mm_load_si128((xmmi*)a + 2);
+	a0 = _mm_add_epi32(a0, packed2p0.v);
+	a1 = _mm_add_epi32(a1, packed2p1.v);
+	a2 = _mm_add_epi32(a2, packed2p2.v);
+	b0 = _mm_load_si128((xmmi*)b + 0);
+	b1 = _mm_load_si128((xmmi*)b + 1);
+	b2 = _mm_load_si128((xmmi*)b + 2);
+	a0 = _mm_sub_epi32(a0, b0);
+	a1 = _mm_sub_epi32(a1, b1);
+	a2 = _mm_sub_epi32(a2, b2);
+
+	r0 = _mm_and_si128(_mm_shuffle_epi32(a0, _MM_SHUFFLE(2,2,0,0)), bot32bitmask.v);
+	r1 = _mm_and_si128(_mm_shuffle_epi32(a0, _MM_SHUFFLE(3,3,1,1)), bot32bitmask.v);
+
+	c1 = _mm_srli_epi32(r0, 26); 
+	c2 = _mm_srli_epi32(r1, 25); 
+	r0 = _mm_and_si128(r0, packedmask26.v); 
+	r1 = _mm_and_si128(r1, packedmask25.v); 
+	r0 = _mm_add_epi32(r0, _mm_slli_si128(c2, 8));
+	r1 = _mm_add_epi32(r1, c1);
+
+	a0 = _mm_unpacklo_epi64(_mm_unpacklo_epi32(r0, r1), _mm_unpackhi_epi32(r0, r1));
+	a1 = _mm_add_epi32(a1, _mm_srli_si128(c2, 8));
+
+	_mm_store_si128((xmmi*)out + 0, a0);
+	_mm_store_si128((xmmi*)out + 1, a1);
+	_mm_store_si128((xmmi*)out + 2, a2);
+}
+
+DONNA_INLINE static void
+curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	xmmi a0,a1,a2,b0,b1,b2;
+	xmmi c1,c2,c3;
+	xmmi r0,r1,r2,r3,r4,r5;
+
+	a0 = _mm_load_si128((xmmi*)a + 0);
+	a1 = _mm_load_si128((xmmi*)a + 1);
+	a2 = _mm_load_si128((xmmi*)a + 2);
+	a0 = _mm_add_epi32(a0, packed4p0.v);
+	a1 = _mm_add_epi32(a1, packed4p1.v);
+	a2 = _mm_add_epi32(a2, packed4p2.v);
+	b0 = _mm_load_si128((xmmi*)b + 0);
+	b1 = _mm_load_si128((xmmi*)b + 1);
+	b2 = _mm_load_si128((xmmi*)b + 2);
+	a0 = _mm_sub_epi32(a0, b0);
+	a1 = _mm_sub_epi32(a1, b1);
+	a2 = _mm_sub_epi32(a2, b2);
+
+	r0 = _mm_and_si128(_mm_unpacklo_epi64(a0, a1), bot32bitmask.v);
+	r1 = _mm_srli_epi64(_mm_unpacklo_epi64(a0, a1), 32);
+	r2 = _mm_and_si128(_mm_unpackhi_epi64(a0, a1), bot32bitmask.v);
+	r3 = _mm_srli_epi64(_mm_unpackhi_epi64(a0, a1), 32);
+	r4 = _mm_and_si128(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), bot32bitmask.v);
+	r5 = _mm_srli_epi64(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), 32);
+
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+	c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8);
+	c1 = _mm_srli_epi64(r4, 26);                                                                      r4 = _mm_and_si128(r4, packedmask26.v);                             r5 = _mm_add_epi64(r5, c1); 
+	c1 = _mm_srli_epi64(r5, 25);                                                                      r5 = _mm_and_si128(r5, packedmask25.v);                             r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3));
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+
+	_mm_store_si128((xmmi*)out + 0, _mm_unpacklo_epi64(_mm_unpacklo_epi32(r0, r1), _mm_unpacklo_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 1, _mm_unpacklo_epi64(_mm_unpackhi_epi32(r0, r1), _mm_unpackhi_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 2, _mm_unpackhi_epi32(r4, r5));
+}
+
+DONNA_INLINE static void
+curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) {
+	xmmi a0,a1,a2,b0,b1,b2;
+	xmmi c1,c2,c3;
+	xmmi r0,r1,r2,r3,r4,r5;
+
+	a0 = _mm_load_si128((xmmi*)a + 0);
+	a1 = _mm_load_si128((xmmi*)a + 1);
+	a2 = _mm_load_si128((xmmi*)a + 2);
+	a0 = _mm_add_epi32(a0, packed2p0.v);
+	a1 = _mm_add_epi32(a1, packed2p1.v);
+	a2 = _mm_add_epi32(a2, packed2p2.v);
+	b0 = _mm_load_si128((xmmi*)b + 0);
+	b1 = _mm_load_si128((xmmi*)b + 1);
+	b2 = _mm_load_si128((xmmi*)b + 2);
+	a0 = _mm_sub_epi32(a0, b0);
+	a1 = _mm_sub_epi32(a1, b1);
+	a2 = _mm_sub_epi32(a2, b2);
+
+	r0 = _mm_and_si128(_mm_unpacklo_epi64(a0, a1), bot32bitmask.v);
+	r1 = _mm_srli_epi64(_mm_unpacklo_epi64(a0, a1), 32);
+	r2 = _mm_and_si128(_mm_unpackhi_epi64(a0, a1), bot32bitmask.v);
+	r3 = _mm_srli_epi64(_mm_unpackhi_epi64(a0, a1), 32);
+	r4 = _mm_and_si128(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), bot32bitmask.v);
+	r5 = _mm_srli_epi64(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), 32);
+
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+	c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8);
+	c1 = _mm_srli_epi64(r4, 26);                                                                      r4 = _mm_and_si128(r4, packedmask26.v);                             r5 = _mm_add_epi64(r5, c1); 
+	c1 = _mm_srli_epi64(r5, 25);                                                                      r5 = _mm_and_si128(r5, packedmask25.v);                             r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3));
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+
+	_mm_store_si128((xmmi*)out + 0, _mm_unpacklo_epi64(_mm_unpacklo_epi32(r0, r1), _mm_unpacklo_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 1, _mm_unpacklo_epi64(_mm_unpackhi_epi32(r0, r1), _mm_unpackhi_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 2, _mm_unpackhi_epi32(r4, r5));
+}
+
+
+DONNA_INLINE static void
+curve25519_neg(bignum25519 out, const bignum25519 b) {
+	xmmi a0,a1,a2,b0,b1,b2;
+	xmmi c1,c2,c3;
+	xmmi r0,r1,r2,r3,r4,r5;
+
+	a0 = packed2p0.v;
+	a1 = packed2p1.v;
+	a2 = packed2p2.v;
+	b0 = _mm_load_si128((xmmi*)b + 0);
+	b1 = _mm_load_si128((xmmi*)b + 1);
+	b2 = _mm_load_si128((xmmi*)b + 2);
+	a0 = _mm_sub_epi32(a0, b0);
+	a1 = _mm_sub_epi32(a1, b1);
+	a2 = _mm_sub_epi32(a2, b2);
+
+	r0 = _mm_and_si128(_mm_unpacklo_epi64(a0, a1), bot32bitmask.v);
+	r1 = _mm_srli_epi64(_mm_unpacklo_epi64(a0, a1), 32);
+	r2 = _mm_and_si128(_mm_unpackhi_epi64(a0, a1), bot32bitmask.v);
+	r3 = _mm_srli_epi64(_mm_unpackhi_epi64(a0, a1), 32);
+	r4 = _mm_and_si128(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), bot32bitmask.v);
+	r5 = _mm_srli_epi64(_mm_unpacklo_epi64(_mm_setzero_si128(), a2), 32);
+
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+	c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8);
+	c1 = _mm_srli_epi64(r4, 26);                                                                      r4 = _mm_and_si128(r4, packedmask26.v);                             r5 = _mm_add_epi64(r5, c1); 
+	c1 = _mm_srli_epi64(r5, 25);                                                                      r5 = _mm_and_si128(r5, packedmask25.v);                             r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3));
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+
+	_mm_store_si128((xmmi*)out + 0, _mm_unpacklo_epi64(_mm_unpacklo_epi32(r0, r1), _mm_unpacklo_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 1, _mm_unpacklo_epi64(_mm_unpackhi_epi32(r0, r1), _mm_unpackhi_epi32(r2, r3)));
+	_mm_store_si128((xmmi*)out + 2, _mm_unpackhi_epi32(r4, r5));
+}
+
+
+/* Multiply two numbers: out = in2 * in */
+static void 
+curve25519_mul(bignum25519 out, const bignum25519 r, const bignum25519 s) {
+	xmmi m01,m23,m45,m67,m89;
+	xmmi m0123,m4567;
+	xmmi s0123,s4567;
+	xmmi s01,s23,s45,s67,s89;
+	xmmi s12,s34,s56,s78,s9;
+	xmmi r0,r2,r4,r6,r8;
+	xmmi r1,r3,r5,r7,r9;
+	xmmi r119,r219,r319,r419,r519,r619,r719,r819,r919;
+	xmmi c1,c2,c3;
+
+	s0123 = _mm_load_si128((xmmi*)s + 0);
+	s01 = _mm_shuffle_epi32(s0123,_MM_SHUFFLE(3,1,2,0));
+	s12 = _mm_shuffle_epi32(s0123, _MM_SHUFFLE(2,2,1,1));
+	s23 = _mm_shuffle_epi32(s0123,_MM_SHUFFLE(3,3,2,2));
+	s4567 = _mm_load_si128((xmmi*)s + 1);
+	s34 = _mm_unpacklo_epi64(_mm_srli_si128(s0123,12),s4567);
+	s45 = _mm_shuffle_epi32(s4567,_MM_SHUFFLE(3,1,2,0));
+	s56 = _mm_shuffle_epi32(s4567, _MM_SHUFFLE(2,2,1,1));
+	s67 = _mm_shuffle_epi32(s4567,_MM_SHUFFLE(3,3,2,2));
+	s89 = _mm_load_si128((xmmi*)s + 2);
+	s78 = _mm_unpacklo_epi64(_mm_srli_si128(s4567,12),s89);
+	s89 = _mm_shuffle_epi32(s89,_MM_SHUFFLE(3,1,2,0));
+	s9 = _mm_shuffle_epi32(s89, _MM_SHUFFLE(3,3,2,2));
+
+	r0 = _mm_load_si128((xmmi*)r + 0);
+	r1 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(1,1,1,1));
+	r1 = _mm_add_epi64(r1, _mm_and_si128(r1, top64bitmask.v));
+	r2 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(2,2,2,2));
+	r3 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(3,3,3,3));
+	r3 = _mm_add_epi64(r3, _mm_and_si128(r3, top64bitmask.v));
+	r0 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(0,0,0,0));
+	r4 = _mm_load_si128((xmmi*)r + 1);
+	r5 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(1,1,1,1));
+	r5 = _mm_add_epi64(r5, _mm_and_si128(r5, top64bitmask.v));
+	r6 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(2,2,2,2));
+	r7 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(3,3,3,3));
+	r7 = _mm_add_epi64(r7, _mm_and_si128(r7, top64bitmask.v));
+	r4 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(0,0,0,0));
+	r8 = _mm_load_si128((xmmi*)r + 2);
+	r9 = _mm_shuffle_epi32(r8, _MM_SHUFFLE(3,1,3,1));
+	r9 = _mm_add_epi64(r9, _mm_and_si128(r9, top64bitmask.v));
+	r8 = _mm_shuffle_epi32(r8, _MM_SHUFFLE(3,0,3,0));
+
+	m01 = _mm_mul_epu32(r1,s01);
+	m23 = _mm_mul_epu32(r1,s23);
+	m45 = _mm_mul_epu32(r1,s45);
+	m67 = _mm_mul_epu32(r1,s67);
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r3,s01));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r3,s23));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r3,s45));
+	m89 = _mm_mul_epu32(r1,s89);
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r5,s01));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r5,s23));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r3,s67));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r7,s01));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r5,s45));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r7,s23));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r9,s01));
+
+	/* shift up */
+	m89 = _mm_unpackhi_epi64(m67,_mm_slli_si128(m89,8));
+	m67 = _mm_unpackhi_epi64(m45,_mm_slli_si128(m67,8));
+	m45 = _mm_unpackhi_epi64(m23,_mm_slli_si128(m45,8));
+	m23 = _mm_unpackhi_epi64(m01,_mm_slli_si128(m23,8));
+	m01 = _mm_unpackhi_epi64(_mm_setzero_si128(),_mm_slli_si128(m01,8));
+
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r0,s01));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r0,s23));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r0,s45));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r0,s67));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r2,s01));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r2,s23));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r4,s23));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r0,s89));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r4,s01));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r2,s45));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r2,s67));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r6,s01));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r4,s45));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r6,s23));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r8,s01));
+
+	r219 = _mm_mul_epu32(r2, packednineteen.v);
+	r419 = _mm_mul_epu32(r4, packednineteen.v);
+	r619 = _mm_mul_epu32(r6, packednineteen.v);
+	r819 = _mm_mul_epu32(r8, packednineteen.v);
+	r119 = _mm_shuffle_epi32(r1,_MM_SHUFFLE(0,0,2,2)); r119 = _mm_mul_epu32(r119, packednineteen.v);
+	r319 = _mm_shuffle_epi32(r3,_MM_SHUFFLE(0,0,2,2)); r319 = _mm_mul_epu32(r319, packednineteen.v);
+	r519 = _mm_shuffle_epi32(r5,_MM_SHUFFLE(0,0,2,2)); r519 = _mm_mul_epu32(r519, packednineteen.v);
+	r719 = _mm_shuffle_epi32(r7,_MM_SHUFFLE(0,0,2,2)); r719 = _mm_mul_epu32(r719, packednineteen.v);
+	r919 = _mm_shuffle_epi32(r9,_MM_SHUFFLE(0,0,2,2)); r919 = _mm_mul_epu32(r919, packednineteen.v);
+
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r919,s12));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r919,s34));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r919,s56));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r919,s78));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r719,s34));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r719,s56));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r719,s78));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r719,s9));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r519,s56));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r519,s78));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r519,s9));
+	m67 = _mm_add_epi64(m67,_mm_mul_epu32(r819,s89));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r319,s78));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r319,s9));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r619,s89));
+	m89 = _mm_add_epi64(m89,_mm_mul_epu32(r919,s9));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r819,s23));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r819,s45));
+	m45 = _mm_add_epi64(m45,_mm_mul_epu32(r819,s67));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r619,s45));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r619,s67));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r419,s67));
+	m23 = _mm_add_epi64(m23,_mm_mul_epu32(r419,s89));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r219,s89));
+	m01 = _mm_add_epi64(m01,_mm_mul_epu32(r119,s9));
+
+	r0 = _mm_unpacklo_epi64(m01, m45);
+	r1 = _mm_unpackhi_epi64(m01, m45);
+	r2 = _mm_unpacklo_epi64(m23, m67);
+	r3 = _mm_unpackhi_epi64(m23, m67);
+	r4 = _mm_unpacklo_epi64(m89, m89);
+	r5 = _mm_unpackhi_epi64(m89, m89);
+
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+	c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8);
+	c1 = _mm_srli_epi64(r4, 26);                                                                      r4 = _mm_and_si128(r4, packedmask26.v);                             r5 = _mm_add_epi64(r5, c1); 
+	c1 = _mm_srli_epi64(r5, 25);                                                                      r5 = _mm_and_si128(r5, packedmask25.v);                             r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3));
+	c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+
+	m0123 = _mm_unpacklo_epi32(r0, r1);
+	m4567 = _mm_unpackhi_epi32(r0, r1);
+	m0123 = _mm_unpacklo_epi64(m0123, _mm_unpacklo_epi32(r2, r3));
+	m4567 = _mm_unpacklo_epi64(m4567, _mm_unpackhi_epi32(r2, r3));
+	m89 = _mm_unpackhi_epi32(r4, r5);
+
+	_mm_store_si128((xmmi*)out + 0, m0123);
+	_mm_store_si128((xmmi*)out + 1, m4567);
+	_mm_store_si128((xmmi*)out + 2, m89);
+}
+
+DONNA_NOINLINE static void
+curve25519_mul_noinline(bignum25519 out, const bignum25519 r, const bignum25519 s) {
+	curve25519_mul(out, r, s);
+}
+
+#define curve25519_square(r, n) curve25519_square_times(r, n, 1)
+static void
+curve25519_square_times(bignum25519 r, const bignum25519 in, int count) {
+	xmmi m01,m23,m45,m67,m89;
+	xmmi r0,r1,r2,r3,r4,r5,r6,r7,r8,r9;
+	xmmi r0a,r1a,r2a,r3a,r7a,r9a;
+	xmmi r0123,r4567;
+	xmmi r01,r23,r45,r67,r6x,r89,r8x;
+	xmmi r12,r34,r56,r78,r9x;
+	xmmi r5619;
+	xmmi c1,c2,c3;
+
+	r0123 = _mm_load_si128((xmmi*)in + 0);
+	r01 = _mm_shuffle_epi32(r0123,_MM_SHUFFLE(3,1,2,0));
+	r23 = _mm_shuffle_epi32(r0123,_MM_SHUFFLE(3,3,2,2));
+	r4567 = _mm_load_si128((xmmi*)in + 1);
+	r45 = _mm_shuffle_epi32(r4567,_MM_SHUFFLE(3,1,2,0));
+	r67 = _mm_shuffle_epi32(r4567,_MM_SHUFFLE(3,3,2,2));
+	r89 = _mm_load_si128((xmmi*)in + 2);
+	r89 = _mm_shuffle_epi32(r89,_MM_SHUFFLE(3,1,2,0));
+
+	do {
+		r12 = _mm_unpackhi_epi64(r01, _mm_slli_si128(r23, 8));
+		r0 = _mm_shuffle_epi32(r01, _MM_SHUFFLE(0,0,0,0));
+		r0 = _mm_add_epi64(r0, _mm_and_si128(r0, top64bitmask.v));
+		r0a = _mm_shuffle_epi32(r0,_MM_SHUFFLE(3,2,1,2));
+		r1 = _mm_shuffle_epi32(r01, _MM_SHUFFLE(2,2,2,2));
+		r2 = _mm_shuffle_epi32(r23, _MM_SHUFFLE(0,0,0,0));
+		r2 = _mm_add_epi64(r2, _mm_and_si128(r2, top64bitmask.v));
+		r2a = _mm_shuffle_epi32(r2,_MM_SHUFFLE(3,2,1,2));
+		r3 = _mm_shuffle_epi32(r23, _MM_SHUFFLE(2,2,2,2));
+		r34 = _mm_unpackhi_epi64(r23, _mm_slli_si128(r45, 8));
+		r4 = _mm_shuffle_epi32(r45, _MM_SHUFFLE(0,0,0,0));
+		r4 = _mm_add_epi64(r4, _mm_and_si128(r4, top64bitmask.v));
+		r56 = _mm_unpackhi_epi64(r45, _mm_slli_si128(r67, 8));
+		r5619 = _mm_mul_epu32(r56, packednineteen.v);
+		r5 = _mm_shuffle_epi32(r5619, _MM_SHUFFLE(1,1,1,0));
+		r6 = _mm_shuffle_epi32(r5619, _MM_SHUFFLE(3,2,3,2));		
+		r78 = _mm_unpackhi_epi64(r67, _mm_slli_si128(r89, 8));
+		r6x = _mm_unpacklo_epi64(r67, _mm_setzero_si128());
+		r7 = _mm_shuffle_epi32(r67, _MM_SHUFFLE(2,2,2,2));
+		r7 = _mm_mul_epu32(r7, packed3819.v);
+		r7a = _mm_shuffle_epi32(r7, _MM_SHUFFLE(3,3,3,2));
+		r8x = _mm_unpacklo_epi64(r89, _mm_setzero_si128());
+		r8 = _mm_shuffle_epi32(r89, _MM_SHUFFLE(0,0,0,0));
+		r8 = _mm_mul_epu32(r8, packednineteen.v);
+		r9  = _mm_shuffle_epi32(r89, _MM_SHUFFLE(2,2,2,2));
+		r9x  = _mm_slli_epi32(_mm_shuffle_epi32(r89, _MM_SHUFFLE(3,3,3,2)), 1);
+		r9 = _mm_mul_epu32(r9, packed3819.v);
+		r9a = _mm_shuffle_epi32(r9, _MM_SHUFFLE(2,2,2,2));
+
+		m01 = _mm_mul_epu32(r01, r0);
+		m23 = _mm_mul_epu32(r23, r0a);
+		m45 = _mm_mul_epu32(r45, r0a);
+		m45 = _mm_add_epi64(m45, _mm_mul_epu32(r23, r2));
+		r23 = _mm_slli_epi32(r23, 1);
+		m67 = _mm_mul_epu32(r67, r0a);
+		m67 = _mm_add_epi64(m67, _mm_mul_epu32(r45, r2a));
+		m89 = _mm_mul_epu32(r89, r0a);
+		m89 = _mm_add_epi64(m89, _mm_mul_epu32(r67, r2a));
+		r67 = _mm_slli_epi32(r67, 1);
+		m89 = _mm_add_epi64(m89, _mm_mul_epu32(r45, r4));
+		r45 = _mm_slli_epi32(r45, 1);
+
+		r1 = _mm_slli_epi32(r1, 1);
+		r3 = _mm_slli_epi32(r3, 1);
+		r1a = _mm_add_epi64(r1, _mm_and_si128(r1, bot64bitmask.v));
+		r3a = _mm_add_epi64(r3, _mm_and_si128(r3, bot64bitmask.v));
+
+		m23 = _mm_add_epi64(m23, _mm_mul_epu32(r12, r1));
+		m45 = _mm_add_epi64(m45, _mm_mul_epu32(r34, r1a));
+		m67 = _mm_add_epi64(m67, _mm_mul_epu32(r56, r1a));
+		m67 = _mm_add_epi64(m67, _mm_mul_epu32(r34, r3));
+		r34 = _mm_slli_epi32(r34, 1);
+		m89 = _mm_add_epi64(m89, _mm_mul_epu32(r78, r1a));
+		r78 = _mm_slli_epi32(r78, 1);
+		m89 = _mm_add_epi64(m89, _mm_mul_epu32(r56, r3a));
+		r56 = _mm_slli_epi32(r56, 1);
+
+		m01 = _mm_add_epi64(m01, _mm_mul_epu32(_mm_slli_epi32(r12, 1), r9));
+		m01 = _mm_add_epi64(m01, _mm_mul_epu32(r34, r7));
+		m23 = _mm_add_epi64(m23, _mm_mul_epu32(r34, r9));
+		m01 = _mm_add_epi64(m01, _mm_mul_epu32(r56, r5));
+		m23 = _mm_add_epi64(m23, _mm_mul_epu32(r56, r7));
+		m45 = _mm_add_epi64(m45, _mm_mul_epu32(r56, r9));
+		m01 = _mm_add_epi64(m01, _mm_mul_epu32(r23, r8));
+		m01 = _mm_add_epi64(m01, _mm_mul_epu32(r45, r6));
+		m23 = _mm_add_epi64(m23, _mm_mul_epu32(r45, r8));
+		m23 = _mm_add_epi64(m23, _mm_mul_epu32(r6x, r6));
+		m45 = _mm_add_epi64(m45, _mm_mul_epu32(r78, r7a));
+		m67 = _mm_add_epi64(m67, _mm_mul_epu32(r78, r9));
+		m45 = _mm_add_epi64(m45, _mm_mul_epu32(r67, r8));		
+		m67 = _mm_add_epi64(m67, _mm_mul_epu32(r8x, r8));
+		m89 = _mm_add_epi64(m89, _mm_mul_epu32(r9x, r9a));
+
+		r0 = _mm_unpacklo_epi64(m01, m45);
+		r1 = _mm_unpackhi_epi64(m01, m45);
+		r2 = _mm_unpacklo_epi64(m23, m67);
+		r3 = _mm_unpackhi_epi64(m23, m67);
+		r4 = _mm_unpacklo_epi64(m89, m89);
+		r5 = _mm_unpackhi_epi64(m89, m89);
+
+		c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+		c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8);
+		c1 = _mm_srli_epi64(r4, 26);                                                                      r4 = _mm_and_si128(r4, packedmask26.v);                             r5 = _mm_add_epi64(r5, c1); 
+		c1 = _mm_srli_epi64(r5, 25);                                                                      r5 = _mm_and_si128(r5, packedmask25.v);                             r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3));
+		c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2);
+
+		r01 = _mm_unpacklo_epi64(r0, r1);
+		r45 = _mm_unpackhi_epi64(r0, r1);
+		r23 = _mm_unpacklo_epi64(r2, r3);
+		r67 = _mm_unpackhi_epi64(r2, r3);
+		r89 = _mm_unpackhi_epi64(r4, r5);
+	} while (--count);
+
+	r0123 = _mm_shuffle_epi32(r23, _MM_SHUFFLE(2,0,3,3));
+	r4567 = _mm_shuffle_epi32(r67, _MM_SHUFFLE(2,0,3,3));
+	r0123 = _mm_or_si128(r0123, _mm_shuffle_epi32(r01, _MM_SHUFFLE(3,3,2,0)));
+	r4567 = _mm_or_si128(r4567, _mm_shuffle_epi32(r45, _MM_SHUFFLE(3,3,2,0)));
+	r89 = _mm_shuffle_epi32(r89, _MM_SHUFFLE(3,3,2,0));
+
+	_mm_store_si128((xmmi*)r + 0, r0123);
+	_mm_store_si128((xmmi*)r + 1, r4567);
+	_mm_store_si128((xmmi*)r + 2, r89);
+}
+
+DONNA_INLINE static void
+curve25519_tangle32(packedelem32 *out, const bignum25519 x, const bignum25519 z) {
+	xmmi x0,x1,x2,z0,z1,z2;
+
+	x0 = _mm_load_si128((xmmi *)(x + 0));
+	x1 = _mm_load_si128((xmmi *)(x + 4));
+	x2 = _mm_load_si128((xmmi *)(x + 8));
+	z0 = _mm_load_si128((xmmi *)(z + 0));
+	z1 = _mm_load_si128((xmmi *)(z + 4));
+	z2 = _mm_load_si128((xmmi *)(z + 8));
+
+	out[0].v = _mm_unpacklo_epi32(x0, z0);
+	out[1].v = _mm_unpackhi_epi32(x0, z0);
+	out[2].v = _mm_unpacklo_epi32(x1, z1);
+	out[3].v = _mm_unpackhi_epi32(x1, z1);
+	out[4].v = _mm_unpacklo_epi32(x2, z2);
+}
+
+DONNA_INLINE static void
+curve25519_untangle32(bignum25519 x, bignum25519 z, const packedelem32 *in) {
+	xmmi t0,t1,t2,t3,t4,zero;
+
+	t0 = _mm_shuffle_epi32(in[0].v, _MM_SHUFFLE(3,1,2,0));
+	t1 = _mm_shuffle_epi32(in[1].v, _MM_SHUFFLE(3,1,2,0));
+	t2 = _mm_shuffle_epi32(in[2].v, _MM_SHUFFLE(3,1,2,0));
+	t3 = _mm_shuffle_epi32(in[3].v, _MM_SHUFFLE(3,1,2,0));
+	t4 = _mm_shuffle_epi32(in[4].v, _MM_SHUFFLE(3,1,2,0));
+	zero = _mm_setzero_si128();
+	_mm_store_si128((xmmi *)x + 0, _mm_unpacklo_epi64(t0, t1));
+	_mm_store_si128((xmmi *)x + 1, _mm_unpacklo_epi64(t2, t3));
+	_mm_store_si128((xmmi *)x + 2, _mm_unpacklo_epi64(t4, zero));
+	_mm_store_si128((xmmi *)z + 0, _mm_unpackhi_epi64(t0, t1));
+	_mm_store_si128((xmmi *)z + 1, _mm_unpackhi_epi64(t2, t3));
+	_mm_store_si128((xmmi *)z + 2, _mm_unpackhi_epi64(t4, zero));
+}
+
+DONNA_INLINE static void
+curve25519_add_reduce_packed32(packedelem32 *out, const packedelem32 *r, const packedelem32 *s) {
+	xmmi r0,r1,r2,r3,r4;
+	xmmi s0,s1,s2,s3,s4,s5;
+	xmmi c1,c2;
+
+	r0 = _mm_add_epi32(r[0].v, s[0].v);
+	r1 = _mm_add_epi32(r[1].v, s[1].v);
+	r2 = _mm_add_epi32(r[2].v, s[2].v);
+	r3 = _mm_add_epi32(r[3].v, s[3].v);
+	r4 = _mm_add_epi32(r[4].v, s[4].v);
+
+	s0 = _mm_unpacklo_epi64(r0, r2); /* 00 44 */
+	s1 = _mm_unpackhi_epi64(r0, r2); /* 11 55 */
+	s2 = _mm_unpacklo_epi64(r1, r3); /* 22 66 */
+	s3 = _mm_unpackhi_epi64(r1, r3); /* 33 77 */
+	s4 = _mm_unpacklo_epi64(_mm_setzero_si128(), r4);  /* 00 88 */
+	s5 = _mm_unpackhi_epi64(_mm_setzero_si128(), r4);  /* 00 99 */
+
+	c1 = _mm_srli_epi32(s0, 26); c2 = _mm_srli_epi32(s2, 26); s0 = _mm_and_si128(s0, packedmask26262626.v); s2 = _mm_and_si128(s2, packedmask26262626.v); s1 = _mm_add_epi32(s1, c1); s3 = _mm_add_epi32(s3, c2);
+	c1 = _mm_srli_epi32(s1, 25); c2 = _mm_srli_epi32(s3, 25); s1 = _mm_and_si128(s1, packedmask25252525.v); s3 = _mm_and_si128(s3, packedmask25252525.v); s2 = _mm_add_epi32(s2, c1); s4 = _mm_add_epi32(s4, _mm_unpackhi_epi64(_mm_setzero_si128(), c2)); s0 = _mm_add_epi32(s0, _mm_unpacklo_epi64(_mm_setzero_si128(), c2));
+	c1 = _mm_srli_epi32(s2, 26); c2 = _mm_srli_epi32(s4, 26); s2 = _mm_and_si128(s2, packedmask26262626.v); s4 = _mm_and_si128(s4, packedmask26262626.v); s3 = _mm_add_epi32(s3, c1); s5 = _mm_add_epi32(s5, c2);
+	c1 = _mm_srli_epi32(s3, 25); c2 = _mm_srli_epi32(s5, 25); s3 = _mm_and_si128(s3, packedmask25252525.v); s5 = _mm_and_si128(s5, packedmask25252525.v); s4 = _mm_add_epi32(s4, c1); s0 = _mm_add_epi32(s0, _mm_or_si128(_mm_slli_si128(c1, 8), _mm_srli_si128(_mm_add_epi32(_mm_add_epi32(_mm_slli_epi32(c2, 4), _mm_slli_epi32(c2, 1)), c2), 8)));
+	c1 = _mm_srli_epi32(s0, 26); c2 = _mm_srli_epi32(s2, 26); s0 = _mm_and_si128(s0, packedmask26262626.v); s2 = _mm_and_si128(s2, packedmask26262626.v); s1 = _mm_add_epi32(s1, c1); s3 = _mm_add_epi32(s3, c2);
+
+	out[0].v = _mm_unpacklo_epi64(s0, s1); /* 00 11 */
+	out[1].v = _mm_unpacklo_epi64(s2, s3); /* 22 33 */
+	out[2].v = _mm_unpackhi_epi64(s0, s1); /* 44 55 */
+	out[3].v = _mm_unpackhi_epi64(s2, s3); /* 66 77 */
+	out[4].v = _mm_unpackhi_epi64(s4, s5); /* 88 99 */
+}
+
+DONNA_INLINE static void
+curve25519_add_packed32(packedelem32 *out, const packedelem32 *r, const packedelem32 *s) {
+	out[0].v = _mm_add_epi32(r[0].v, s[0].v);
+	out[1].v = _mm_add_epi32(r[1].v, s[1].v);
+	out[2].v = _mm_add_epi32(r[2].v, s[2].v);
+	out[3].v = _mm_add_epi32(r[3].v, s[3].v);
+	out[4].v = _mm_add_epi32(r[4].v, s[4].v);
+}
+
+DONNA_INLINE static void
+curve25519_sub_packed32(packedelem32 *out, const packedelem32 *r, const packedelem32 *s) {
+	xmmi r0,r1,r2,r3,r4;
+	xmmi s0,s1,s2,s3;
+	xmmi c1,c2;
+
+	r0 = _mm_add_epi32(r[0].v, packed32packed2p0.v);
+	r1 = _mm_add_epi32(r[1].v, packed32packed2p1.v);
+	r2 = _mm_add_epi32(r[2].v, packed32packed2p1.v);
+	r3 = _mm_add_epi32(r[3].v, packed32packed2p1.v);
+	r4 = _mm_add_epi32(r[4].v, packed32packed2p1.v);
+	r0 = _mm_sub_epi32(r0, s[0].v); /* 00 11 */
+	r1 = _mm_sub_epi32(r1, s[1].v); /* 22 33 */
+	r2 = _mm_sub_epi32(r2, s[2].v); /* 44 55 */
+	r3 = _mm_sub_epi32(r3, s[3].v); /* 66 77 */
+	r4 = _mm_sub_epi32(r4, s[4].v); /* 88 99 */
+
+	s0 = _mm_unpacklo_epi64(r0, r2); /* 00 44 */
+	s1 = _mm_unpackhi_epi64(r0, r2); /* 11 55 */
+	s2 = _mm_unpacklo_epi64(r1, r3); /* 22 66 */
+	s3 = _mm_unpackhi_epi64(r1, r3); /* 33 77 */
+
+	c1 = _mm_srli_epi32(s0, 26); c2 = _mm_srli_epi32(s2, 26); s0 = _mm_and_si128(s0, packedmask26262626.v); s2 = _mm_and_si128(s2, packedmask26262626.v); s1 = _mm_add_epi32(s1, c1); s3 = _mm_add_epi32(s3, c2);
+	c1 = _mm_srli_epi32(s1, 25); c2 = _mm_srli_epi32(s3, 25); s1 = _mm_and_si128(s1, packedmask25252525.v); s3 = _mm_and_si128(s3, packedmask25252525.v); s2 = _mm_add_epi32(s2, c1); r4 = _mm_add_epi32(r4, _mm_srli_si128(c2, 8)); s0 = _mm_add_epi32(s0,  _mm_slli_si128(c2, 8));
+
+	out[0].v = _mm_unpacklo_epi64(s0, s1); /* 00 11 */
+	out[1].v = _mm_unpacklo_epi64(s2, s3); /* 22 33 */
+	out[2].v = _mm_unpackhi_epi64(s0, s1); /* 44 55 */
+	out[3].v = _mm_unpackhi_epi64(s2, s3); /* 66 77 */
+	out[4].v = r4;
+}
+
+DONNA_INLINE static void
+curve25519_sub_after_basic_packed32(packedelem32 *out, const packedelem32 *r, const packedelem32 *s) {
+	xmmi r0,r1,r2,r3,r4;
+	xmmi s0,s1,s2,s3,s4,s5;
+	xmmi c1,c2;
+
+	r0 = _mm_add_epi32(r[0].v, packed32packed4p0.v);
+	r1 = _mm_add_epi32(r[1].v, packed32packed4p1.v);
+	r2 = _mm_add_epi32(r[2].v, packed32packed4p1.v);
+	r3 = _mm_add_epi32(r[3].v, packed32packed4p1.v);
+	r4 = _mm_add_epi32(r[4].v, packed32packed4p1.v);
+	r0 = _mm_sub_epi32(r0, s[0].v); /* 00 11 */
+	r1 = _mm_sub_epi32(r1, s[1].v); /* 22 33 */
+	r2 = _mm_sub_epi32(r2, s[2].v); /* 44 55 */
+	r3 = _mm_sub_epi32(r3, s[3].v); /* 66 77 */
+	r4 = _mm_sub_epi32(r4, s[4].v); /* 88 99 */
+
+	s0 = _mm_unpacklo_epi64(r0, r2); /* 00 44 */
+	s1 = _mm_unpackhi_epi64(r0, r2); /* 11 55 */
+	s2 = _mm_unpacklo_epi64(r1, r3); /* 22 66 */
+	s3 = _mm_unpackhi_epi64(r1, r3); /* 33 77 */
+	s4 = _mm_unpacklo_epi64(_mm_setzero_si128(), r4);  /* 00 88 */
+	s5 = _mm_unpackhi_epi64(_mm_setzero_si128(), r4);  /* 00 99 */
+
+	c1 = _mm_srli_epi32(s0, 26); c2 = _mm_srli_epi32(s2, 26); s0 = _mm_and_si128(s0, packedmask26262626.v); s2 = _mm_and_si128(s2, packedmask26262626.v); s1 = _mm_add_epi32(s1, c1); s3 = _mm_add_epi32(s3, c2);
+	c1 = _mm_srli_epi32(s1, 25); c2 = _mm_srli_epi32(s3, 25); s1 = _mm_and_si128(s1, packedmask25252525.v); s3 = _mm_and_si128(s3, packedmask25252525.v); s2 = _mm_add_epi32(s2, c1); s4 = _mm_add_epi32(s4, _mm_unpackhi_epi64(_mm_setzero_si128(), c2)); s0 = _mm_add_epi32(s0, _mm_unpacklo_epi64(_mm_setzero_si128(), c2));
+	c1 = _mm_srli_epi32(s2, 26); c2 = _mm_srli_epi32(s4, 26); s2 = _mm_and_si128(s2, packedmask26262626.v); s4 = _mm_and_si128(s4, packedmask26262626.v); s3 = _mm_add_epi32(s3, c1); s5 = _mm_add_epi32(s5, c2);
+	c1 = _mm_srli_epi32(s3, 25); c2 = _mm_srli_epi32(s5, 25); s3 = _mm_and_si128(s3, packedmask25252525.v); s5 = _mm_and_si128(s5, packedmask25252525.v); s4 = _mm_add_epi32(s4, c1); s0 = _mm_add_epi32(s0, _mm_or_si128(_mm_slli_si128(c1, 8), _mm_srli_si128(_mm_add_epi32(_mm_add_epi32(_mm_slli_epi32(c2, 4), _mm_slli_epi32(c2, 1)), c2), 8)));
+	c1 = _mm_srli_epi32(s0, 26); c2 = _mm_srli_epi32(s2, 26); s0 = _mm_and_si128(s0, packedmask26262626.v); s2 = _mm_and_si128(s2, packedmask26262626.v); s1 = _mm_add_epi32(s1, c1); s3 = _mm_add_epi32(s3, c2);
+
+	out[0].v = _mm_unpacklo_epi64(s0, s1); /* 00 11 */
+	out[1].v = _mm_unpacklo_epi64(s2, s3); /* 22 33 */
+	out[2].v = _mm_unpackhi_epi64(s0, s1); /* 44 55 */
+	out[3].v = _mm_unpackhi_epi64(s2, s3); /* 66 77 */
+	out[4].v = _mm_unpackhi_epi64(s4, s5); /* 88 99 */
+}
+
+DONNA_INLINE static void
+curve25519_tangle64_from32(packedelem64 *a, packedelem64 *b, const packedelem32 *c, const packedelem32 *d) {
+	xmmi c0,c1,c2,c3,c4,c5,t;
+	xmmi d0,d1,d2,d3,d4,d5;
+	xmmi t0,t1,t2,t3,t4,zero;
+
+	t0 = _mm_shuffle_epi32(c[0].v, _MM_SHUFFLE(3,1,2,0));
+	t1 = _mm_shuffle_epi32(c[1].v, _MM_SHUFFLE(3,1,2,0));
+	t2 = _mm_shuffle_epi32(d[0].v, _MM_SHUFFLE(3,1,2,0));
+	t3 = _mm_shuffle_epi32(d[1].v, _MM_SHUFFLE(3,1,2,0));
+	c0 = _mm_unpacklo_epi64(t0, t1);
+	c3 = _mm_unpackhi_epi64(t0, t1);
+	d0 = _mm_unpacklo_epi64(t2, t3);
+	d3 = _mm_unpackhi_epi64(t2, t3);
+	t = _mm_unpacklo_epi64(c0, d0); a[0].v = t; a[1].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpackhi_epi64(c0, d0); a[2].v = t; a[3].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpacklo_epi64(c3, d3); b[0].v = t; b[1].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpackhi_epi64(c3, d3); b[2].v = t; b[3].v = _mm_srli_epi64(t, 32);
+
+	t0 = _mm_shuffle_epi32(c[2].v, _MM_SHUFFLE(3,1,2,0));
+	t1 = _mm_shuffle_epi32(c[3].v, _MM_SHUFFLE(3,1,2,0));
+	t2 = _mm_shuffle_epi32(d[2].v, _MM_SHUFFLE(3,1,2,0));
+	t3 = _mm_shuffle_epi32(d[3].v, _MM_SHUFFLE(3,1,2,0));
+	c1 = _mm_unpacklo_epi64(t0, t1);
+	c4 = _mm_unpackhi_epi64(t0, t1);
+	d1 = _mm_unpacklo_epi64(t2, t3);
+	d4 = _mm_unpackhi_epi64(t2, t3);
+	t = _mm_unpacklo_epi64(c1, d1); a[4].v = t; a[5].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpackhi_epi64(c1, d1); a[6].v = t; a[7].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpacklo_epi64(c4, d4); b[4].v = t; b[5].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpackhi_epi64(c4, d4); b[6].v = t; b[7].v = _mm_srli_epi64(t, 32);
+
+	t4 = _mm_shuffle_epi32(c[4].v, _MM_SHUFFLE(3,1,2,0));
+	zero = _mm_setzero_si128();
+	c2 = _mm_unpacklo_epi64(t4, zero);
+	c5 = _mm_unpackhi_epi64(t4, zero);
+	t4 = _mm_shuffle_epi32(d[4].v, _MM_SHUFFLE(3,1,2,0));
+	d2 = _mm_unpacklo_epi64(t4, zero);
+	d5 = _mm_unpackhi_epi64(t4, zero);
+	t = _mm_unpacklo_epi64(c2, d2); a[8].v = t; a[9].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpacklo_epi64(c5, d5); b[8].v = t; b[9].v = _mm_srli_epi64(t, 32);
+}
+
+DONNA_INLINE static void
+curve25519_tangle64(packedelem64 *out, const bignum25519 x, const bignum25519 z) {
+	xmmi x0,x1,x2,z0,z1,z2,t;
+
+	x0 = _mm_load_si128((xmmi *)x + 0);
+	x1 = _mm_load_si128((xmmi *)x + 1);
+	x2 = _mm_load_si128((xmmi *)x + 2);
+	z0 = _mm_load_si128((xmmi *)z + 0);
+	z1 = _mm_load_si128((xmmi *)z + 1);
+	z2 = _mm_load_si128((xmmi *)z + 2);
+
+	t = _mm_unpacklo_epi64(x0, z0);	out[0].v = t; out[1].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpackhi_epi64(x0, z0);	out[2].v = t; out[3].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpacklo_epi64(x1, z1);	out[4].v = t; out[5].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpackhi_epi64(x1, z1);	out[6].v = t; out[7].v = _mm_srli_epi64(t, 32);
+	t = _mm_unpacklo_epi64(x2, z2);	out[8].v = t; out[9].v = _mm_srli_epi64(t, 32);
+}
+
+DONNA_INLINE static void
+curve25519_tangleone64(packedelem64 *out, const bignum25519 x) {
+	xmmi x0,x1,x2;
+
+	x0 = _mm_load_si128((xmmi *)(x + 0));
+	x1 = _mm_load_si128((xmmi *)(x + 4));
+	x2 = _mm_load_si128((xmmi *)(x + 8));
+
+	out[0].v = _mm_shuffle_epi32(x0, _MM_SHUFFLE(0,0,0,0));
+	out[1].v = _mm_shuffle_epi32(x0, _MM_SHUFFLE(1,1,1,1));
+	out[2].v = _mm_shuffle_epi32(x0, _MM_SHUFFLE(2,2,2,2));
+	out[3].v = _mm_shuffle_epi32(x0, _MM_SHUFFLE(3,3,3,3));
+	out[4].v = _mm_shuffle_epi32(x1, _MM_SHUFFLE(0,0,0,0));
+	out[5].v = _mm_shuffle_epi32(x1, _MM_SHUFFLE(1,1,1,1));
+	out[6].v = _mm_shuffle_epi32(x1, _MM_SHUFFLE(2,2,2,2));
+	out[7].v = _mm_shuffle_epi32(x1, _MM_SHUFFLE(3,3,3,3));
+	out[8].v = _mm_shuffle_epi32(x2, _MM_SHUFFLE(0,0,0,0));
+	out[9].v = _mm_shuffle_epi32(x2, _MM_SHUFFLE(1,1,1,1));
+}
+
+DONNA_INLINE static void
+curve25519_swap64(packedelem64 *out) {
+	out[0].v = _mm_shuffle_epi32(out[0].v, _MM_SHUFFLE(1,0,3,2));
+	out[1].v = _mm_shuffle_epi32(out[1].v, _MM_SHUFFLE(1,0,3,2));
+	out[2].v = _mm_shuffle_epi32(out[2].v, _MM_SHUFFLE(1,0,3,2));
+	out[3].v = _mm_shuffle_epi32(out[3].v, _MM_SHUFFLE(1,0,3,2));
+	out[4].v = _mm_shuffle_epi32(out[4].v, _MM_SHUFFLE(1,0,3,2));
+	out[5].v = _mm_shuffle_epi32(out[5].v, _MM_SHUFFLE(1,0,3,2));
+	out[6].v = _mm_shuffle_epi32(out[6].v, _MM_SHUFFLE(1,0,3,2));
+	out[7].v = _mm_shuffle_epi32(out[7].v, _MM_SHUFFLE(1,0,3,2));
+	out[8].v = _mm_shuffle_epi32(out[8].v, _MM_SHUFFLE(1,0,3,2));
+	out[9].v = _mm_shuffle_epi32(out[9].v, _MM_SHUFFLE(1,0,3,2));
+}
+
+DONNA_INLINE static void
+curve25519_untangle64(bignum25519 x, bignum25519 z, const packedelem64 *in) {
+	_mm_store_si128((xmmi *)(x + 0), _mm_unpacklo_epi64(_mm_unpacklo_epi32(in[0].v, in[1].v), _mm_unpacklo_epi32(in[2].v, in[3].v)));
+	_mm_store_si128((xmmi *)(x + 4), _mm_unpacklo_epi64(_mm_unpacklo_epi32(in[4].v, in[5].v), _mm_unpacklo_epi32(in[6].v, in[7].v)));
+	_mm_store_si128((xmmi *)(x + 8), _mm_unpacklo_epi32(in[8].v, in[9].v)                                                          );
+	_mm_store_si128((xmmi *)(z + 0), _mm_unpacklo_epi64(_mm_unpackhi_epi32(in[0].v, in[1].v), _mm_unpackhi_epi32(in[2].v, in[3].v)));
+	_mm_store_si128((xmmi *)(z + 4), _mm_unpacklo_epi64(_mm_unpackhi_epi32(in[4].v, in[5].v), _mm_unpackhi_epi32(in[6].v, in[7].v)));
+	_mm_store_si128((xmmi *)(z + 8), _mm_unpackhi_epi32(in[8].v, in[9].v)                                                          );
+}
+
+DONNA_INLINE static void
+curve25519_mul_packed64(packedelem64 *out, const packedelem64 *r, const packedelem64 *s) {
+	xmmi r1,r2,r3,r4,r5,r6,r7,r8,r9;
+	xmmi r1_2,r3_2,r5_2,r7_2,r9_2;
+	xmmi c1,c2;
+
+	out[0].v = _mm_mul_epu32(r[0].v, s[0].v);
+	out[1].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[1].v), _mm_mul_epu32(r[1].v, s[0].v));
+	r1_2 = _mm_slli_epi32(r[1].v, 1);
+	out[2].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r1_2  , s[1].v), _mm_mul_epu32(r[2].v, s[0].v)));
+	out[3].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[1].v), _mm_mul_epu32(r[3].v, s[0].v))));
+	r3_2 = _mm_slli_epi32(r[3].v, 1);
+	out[4].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r1_2  , s[3].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r3_2  , s[1].v), _mm_mul_epu32(r[4].v, s[0].v)))));
+	out[5].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[5].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[3].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[1].v), _mm_mul_epu32(r[5].v, s[0].v))))));
+	r5_2 = _mm_slli_epi32(r[5].v, 1);
+	out[6].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r1_2  , s[5].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r3_2  , s[3].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r5_2  , s[1].v), _mm_mul_epu32(r[6].v, s[0].v)))))));
+	out[7].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[7].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[5].v), _mm_add_epi64(_mm_mul_epu32(r[3].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[5].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[6].v, s[1].v), _mm_mul_epu32(r[7].v  , s[0].v))))))));
+	r7_2 = _mm_slli_epi32(r[7].v, 1);
+	out[8].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[8].v), _mm_add_epi64(_mm_mul_epu32(r1_2  , s[7].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r3_2  , s[5].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r5_2  , s[3].v), _mm_add_epi64(_mm_mul_epu32(r[6].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r7_2  , s[1].v), _mm_mul_epu32(r[8].v, s[0].v)))))))));
+	out[9].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[9].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[8].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[7].v), _mm_add_epi64(_mm_mul_epu32(r[3].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[5].v), _mm_add_epi64(_mm_mul_epu32(r[5].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r[6].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[7].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[8].v, s[1].v), _mm_mul_epu32(r[9].v, s[0].v))))))))));
+
+	r1 = _mm_mul_epu32(r[1].v, packednineteen.v);
+	r2 = _mm_mul_epu32(r[2].v, packednineteen.v);
+	r1_2 = _mm_slli_epi32(r1, 1);
+	r3 = _mm_mul_epu32(r[3].v, packednineteen.v);
+	r4 = _mm_mul_epu32(r[4].v, packednineteen.v);
+	r3_2 = _mm_slli_epi32(r3, 1);
+	r5 = _mm_mul_epu32(r[5].v, packednineteen.v);
+	r6 = _mm_mul_epu32(r[6].v, packednineteen.v);
+	r5_2 = _mm_slli_epi32(r5, 1);
+	r7 = _mm_mul_epu32(r[7].v, packednineteen.v);
+	r8 = _mm_mul_epu32(r[8].v, packednineteen.v);
+	r7_2 = _mm_slli_epi32(r7, 1);
+	r9 = _mm_mul_epu32(r[9].v, packednineteen.v);
+	r9_2 = _mm_slli_epi32(r9, 1);
+
+	out[0].v = _mm_add_epi64(out[0].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[1].v), _mm_add_epi64(_mm_mul_epu32(r8, s[2].v), _mm_add_epi64(_mm_mul_epu32(r7_2, s[3].v), _mm_add_epi64(_mm_mul_epu32(r6, s[4].v), _mm_add_epi64(_mm_mul_epu32(r5_2, s[5].v), _mm_add_epi64(_mm_mul_epu32(r4, s[6].v), _mm_add_epi64(_mm_mul_epu32(r3_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r2, s[8].v), _mm_mul_epu32(r1_2, s[9].v))))))))));
+	out[1].v = _mm_add_epi64(out[1].v, _mm_add_epi64(_mm_mul_epu32(r9  , s[2].v), _mm_add_epi64(_mm_mul_epu32(r8, s[3].v), _mm_add_epi64(_mm_mul_epu32(r7  , s[4].v), _mm_add_epi64(_mm_mul_epu32(r6, s[5].v), _mm_add_epi64(_mm_mul_epu32(r5  , s[6].v), _mm_add_epi64(_mm_mul_epu32(r4, s[7].v), _mm_add_epi64(_mm_mul_epu32(r3  , s[8].v), _mm_mul_epu32(r2, s[9].v)))))))));
+	out[2].v = _mm_add_epi64(out[2].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[3].v), _mm_add_epi64(_mm_mul_epu32(r8, s[4].v), _mm_add_epi64(_mm_mul_epu32(r7_2, s[5].v), _mm_add_epi64(_mm_mul_epu32(r6, s[6].v), _mm_add_epi64(_mm_mul_epu32(r5_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r4, s[8].v), _mm_mul_epu32(r3_2, s[9].v))))))));
+	out[3].v = _mm_add_epi64(out[3].v, _mm_add_epi64(_mm_mul_epu32(r9  , s[4].v), _mm_add_epi64(_mm_mul_epu32(r8, s[5].v), _mm_add_epi64(_mm_mul_epu32(r7  , s[6].v), _mm_add_epi64(_mm_mul_epu32(r6, s[7].v), _mm_add_epi64(_mm_mul_epu32(r5  , s[8].v), _mm_mul_epu32(r4, s[9].v)))))));
+	out[4].v = _mm_add_epi64(out[4].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[5].v), _mm_add_epi64(_mm_mul_epu32(r8, s[6].v), _mm_add_epi64(_mm_mul_epu32(r7_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r6, s[8].v), _mm_mul_epu32(r5_2, s[9].v))))));
+	out[5].v = _mm_add_epi64(out[5].v, _mm_add_epi64(_mm_mul_epu32(r9  , s[6].v), _mm_add_epi64(_mm_mul_epu32(r8, s[7].v), _mm_add_epi64(_mm_mul_epu32(r7  , s[8].v), _mm_mul_epu32(r6, s[9].v)))));
+	out[6].v = _mm_add_epi64(out[6].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r8, s[8].v), _mm_mul_epu32(r7_2, s[9].v))));
+	out[7].v = _mm_add_epi64(out[7].v, _mm_add_epi64(_mm_mul_epu32(r9  , s[8].v), _mm_mul_epu32(r8, s[9].v)));
+	out[8].v = _mm_add_epi64(out[8].v, _mm_mul_epu32(r9_2, s[9].v));
+
+	c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2);
+	c1 = _mm_srli_epi64(out[1].v, 25); c2 = _mm_srli_epi64(out[5].v, 25); out[1].v = _mm_and_si128(out[1].v, packedmask25.v); out[5].v = _mm_and_si128(out[5].v, packedmask25.v); out[2].v = _mm_add_epi64(out[2].v, c1); out[6].v = _mm_add_epi64(out[6].v, c2);
+	c1 = _mm_srli_epi64(out[2].v, 26); c2 = _mm_srli_epi64(out[6].v, 26); out[2].v = _mm_and_si128(out[2].v, packedmask26.v); out[6].v = _mm_and_si128(out[6].v, packedmask26.v); out[3].v = _mm_add_epi64(out[3].v, c1); out[7].v = _mm_add_epi64(out[7].v, c2);
+	c1 = _mm_srli_epi64(out[3].v, 25); c2 = _mm_srli_epi64(out[7].v, 25); out[3].v = _mm_and_si128(out[3].v, packedmask25.v); out[7].v = _mm_and_si128(out[7].v, packedmask25.v); out[4].v = _mm_add_epi64(out[4].v, c1); out[8].v = _mm_add_epi64(out[8].v, c2);
+	                                   c2 = _mm_srli_epi64(out[8].v, 26);                                                     out[8].v = _mm_and_si128(out[8].v, packedmask26.v);                                         out[9].v = _mm_add_epi64(out[9].v, c2);
+	                                   c2 = _mm_srli_epi64(out[9].v, 25);                                                     out[9].v = _mm_and_si128(out[9].v, packedmask25.v);                                         out[0].v = _mm_add_epi64(out[0].v, _mm_mul_epu32(c2, packednineteen.v));
+	c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2);
+}
+
+DONNA_INLINE static void
+curve25519_square_packed64(packedelem64 *out, const packedelem64 *r) {
+	xmmi r0,r1,r2,r3;
+	xmmi r1_2,r3_2,r4_2,r5_2,r6_2,r7_2;
+	xmmi d5,d6,d7,d8,d9;
+	xmmi c1,c2;
+
+	r0 = r[0].v;
+	r1 = r[1].v;
+	r2 = r[2].v;
+	r3 = r[3].v;
+
+	out[0].v = _mm_mul_epu32(r0, r0);
+	r0 = _mm_slli_epi32(r0, 1);
+	out[1].v = _mm_mul_epu32(r0, r1);
+	r1_2 = _mm_slli_epi32(r1, 1);
+	out[2].v = _mm_add_epi64(_mm_mul_epu32(r0, r2    ), _mm_mul_epu32(r1, r1_2));
+	r1 = r1_2;
+	out[3].v = _mm_add_epi64(_mm_mul_epu32(r0, r3    ), _mm_mul_epu32(r1, r2  ));
+	r3_2 = _mm_slli_epi32(r3, 1);
+	out[4].v = _mm_add_epi64(_mm_mul_epu32(r0, r[4].v), _mm_add_epi64(_mm_mul_epu32(r1, r3_2  ), _mm_mul_epu32(r2, r2)));
+	r2 = _mm_slli_epi32(r2, 1);
+	out[5].v = _mm_add_epi64(_mm_mul_epu32(r0, r[5].v), _mm_add_epi64(_mm_mul_epu32(r1, r[4].v), _mm_mul_epu32(r2, r3)));
+	r5_2 = _mm_slli_epi32(r[5].v, 1);
+	out[6].v = _mm_add_epi64(_mm_mul_epu32(r0, r[6].v), _mm_add_epi64(_mm_mul_epu32(r1, r5_2  ), _mm_add_epi64(_mm_mul_epu32(r2, r[4].v), _mm_mul_epu32(r3, r3_2  ))));
+	r3 = r3_2;
+	out[7].v = _mm_add_epi64(_mm_mul_epu32(r0, r[7].v), _mm_add_epi64(_mm_mul_epu32(r1, r[6].v), _mm_add_epi64(_mm_mul_epu32(r2, r[5].v), _mm_mul_epu32(r3, r[4].v))));
+	r7_2 = _mm_slli_epi32(r[7].v, 1);
+	out[8].v = _mm_add_epi64(_mm_mul_epu32(r0, r[8].v), _mm_add_epi64(_mm_mul_epu32(r1, r7_2  ), _mm_add_epi64(_mm_mul_epu32(r2, r[6].v), _mm_add_epi64(_mm_mul_epu32(r3, r5_2  ), _mm_mul_epu32(r[4].v, r[4].v)))));
+	out[9].v = _mm_add_epi64(_mm_mul_epu32(r0, r[9].v), _mm_add_epi64(_mm_mul_epu32(r1, r[8].v), _mm_add_epi64(_mm_mul_epu32(r2, r[7].v), _mm_add_epi64(_mm_mul_epu32(r3, r[6].v), _mm_mul_epu32(r[4].v, r5_2  )))));
+
+	d5 = _mm_mul_epu32(r[5].v, packedthirtyeight.v);
+	d6 = _mm_mul_epu32(r[6].v, packednineteen.v);
+	d7 = _mm_mul_epu32(r[7].v, packedthirtyeight.v);
+	d8 = _mm_mul_epu32(r[8].v, packednineteen.v);
+	d9 = _mm_mul_epu32(r[9].v, packedthirtyeight.v);
+
+	r4_2 = _mm_slli_epi32(r[4].v, 1);
+	r6_2 = _mm_slli_epi32(r[6].v, 1);
+	out[0].v = _mm_add_epi64(out[0].v, _mm_add_epi64(_mm_mul_epu32(d9, r1                   ), _mm_add_epi64(_mm_mul_epu32(d8, r2  ), _mm_add_epi64(_mm_mul_epu32(d7, r3    ), _mm_add_epi64(_mm_mul_epu32(d6, r4_2), _mm_mul_epu32(d5, r[5].v))))));
+	out[1].v = _mm_add_epi64(out[1].v, _mm_add_epi64(_mm_mul_epu32(d9, _mm_srli_epi32(r2, 1)), _mm_add_epi64(_mm_mul_epu32(d8, r3  ), _mm_add_epi64(_mm_mul_epu32(d7, r[4].v), _mm_mul_epu32(d6, r5_2  )))));
+	out[2].v = _mm_add_epi64(out[2].v, _mm_add_epi64(_mm_mul_epu32(d9, r3                   ), _mm_add_epi64(_mm_mul_epu32(d8, r4_2), _mm_add_epi64(_mm_mul_epu32(d7, r5_2  ), _mm_mul_epu32(d6, r[6].v)))));
+	out[3].v = _mm_add_epi64(out[3].v, _mm_add_epi64(_mm_mul_epu32(d9, r[4].v               ), _mm_add_epi64(_mm_mul_epu32(d8, r5_2), _mm_mul_epu32(d7, r[6].v))));
+	out[4].v = _mm_add_epi64(out[4].v, _mm_add_epi64(_mm_mul_epu32(d9, r5_2                 ), _mm_add_epi64(_mm_mul_epu32(d8, r6_2), _mm_mul_epu32(d7, r[7].v))));
+	out[5].v = _mm_add_epi64(out[5].v, _mm_add_epi64(_mm_mul_epu32(d9, r[6].v               ), _mm_mul_epu32(d8, r7_2  )));
+	out[6].v = _mm_add_epi64(out[6].v, _mm_add_epi64(_mm_mul_epu32(d9, r7_2                 ), _mm_mul_epu32(d8, r[8].v)));
+	out[7].v = _mm_add_epi64(out[7].v, _mm_mul_epu32(d9, r[8].v));
+	out[8].v = _mm_add_epi64(out[8].v, _mm_mul_epu32(d9, r[9].v));
+
+	c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2);
+	c1 = _mm_srli_epi64(out[1].v, 25); c2 = _mm_srli_epi64(out[5].v, 25); out[1].v = _mm_and_si128(out[1].v, packedmask25.v); out[5].v = _mm_and_si128(out[5].v, packedmask25.v); out[2].v = _mm_add_epi64(out[2].v, c1); out[6].v = _mm_add_epi64(out[6].v, c2);
+	c1 = _mm_srli_epi64(out[2].v, 26); c2 = _mm_srli_epi64(out[6].v, 26); out[2].v = _mm_and_si128(out[2].v, packedmask26.v); out[6].v = _mm_and_si128(out[6].v, packedmask26.v); out[3].v = _mm_add_epi64(out[3].v, c1); out[7].v = _mm_add_epi64(out[7].v, c2);
+	c1 = _mm_srli_epi64(out[3].v, 25); c2 = _mm_srli_epi64(out[7].v, 25); out[3].v = _mm_and_si128(out[3].v, packedmask25.v); out[7].v = _mm_and_si128(out[7].v, packedmask25.v); out[4].v = _mm_add_epi64(out[4].v, c1); out[8].v = _mm_add_epi64(out[8].v, c2);
+	                                   c2 = _mm_srli_epi64(out[8].v, 26);                                                     out[8].v = _mm_and_si128(out[8].v, packedmask26.v);                                         out[9].v = _mm_add_epi64(out[9].v, c2);
+	                                   c2 = _mm_srli_epi64(out[9].v, 25);                                                     out[9].v = _mm_and_si128(out[9].v, packedmask25.v);                                         out[0].v = _mm_add_epi64(out[0].v, _mm_mul_epu32(c2, packednineteen.v));
+	c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2);
+}
+
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+static void
+curve25519_expand(bignum25519 out, const unsigned char in[32]) {
+	uint32_t x0,x1,x2,x3,x4,x5,x6,x7;
+
+	x0 = *(uint32_t *)(in + 0);
+	x1 = *(uint32_t *)(in + 4);
+	x2 = *(uint32_t *)(in + 8);
+	x3 = *(uint32_t *)(in + 12);
+	x4 = *(uint32_t *)(in + 16);
+	x5 = *(uint32_t *)(in + 20);
+	x6 = *(uint32_t *)(in + 24);
+	x7 = *(uint32_t *)(in + 28);
+
+	out[0] = (                        x0       ) & 0x3ffffff;
+	out[1] = ((((uint64_t)x1 << 32) | x0) >> 26) & 0x1ffffff;
+	out[2] = ((((uint64_t)x2 << 32) | x1) >> 19) & 0x3ffffff;
+	out[3] = ((((uint64_t)x3 << 32) | x2) >> 13) & 0x1ffffff;
+	out[4] = ((                       x3) >>  6) & 0x3ffffff;
+	out[5] = (                        x4       ) & 0x1ffffff;
+	out[6] = ((((uint64_t)x5 << 32) | x4) >> 25) & 0x3ffffff;
+	out[7] = ((((uint64_t)x6 << 32) | x5) >> 19) & 0x1ffffff;
+	out[8] = ((((uint64_t)x7 << 32) | x6) >> 12) & 0x3ffffff;
+	out[9] = ((                       x7) >>  6) & 0x1ffffff;
+	out[10] = 0;
+	out[11] = 0;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array
+ */
+static void
+curve25519_contract(unsigned char out[32], const bignum25519 in) {
+	bignum25519 ALIGN(16) f;
+	curve25519_copy(f, in);
+
+	#define carry_pass() \
+		f[1] += f[0] >> 26; f[0] &= 0x3ffffff; \
+		f[2] += f[1] >> 25; f[1] &= 0x1ffffff; \
+		f[3] += f[2] >> 26; f[2] &= 0x3ffffff; \
+		f[4] += f[3] >> 25; f[3] &= 0x1ffffff; \
+		f[5] += f[4] >> 26; f[4] &= 0x3ffffff; \
+		f[6] += f[5] >> 25; f[5] &= 0x1ffffff; \
+		f[7] += f[6] >> 26; f[6] &= 0x3ffffff; \
+		f[8] += f[7] >> 25; f[7] &= 0x1ffffff; \
+		f[9] += f[8] >> 26; f[8] &= 0x3ffffff;
+
+	#define carry_pass_full() \
+		carry_pass() \
+		f[0] += 19 * (f[9] >> 25); f[9] &= 0x1ffffff;
+
+	#define carry_pass_final() \
+		carry_pass() \
+		f[9] &= 0x1ffffff;
+
+	carry_pass_full()
+	carry_pass_full()
+
+	/* now t is between 0 and 2^255-1, properly carried. */
+	/* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+	f[0] += 19;
+	carry_pass_full()
+
+	/* now between 19 and 2^255-1 in both cases, and offset by 19. */
+	f[0] += (1 << 26) - 19;
+	f[1] += (1 << 25) - 1;
+	f[2] += (1 << 26) - 1;
+	f[3] += (1 << 25) - 1;
+	f[4] += (1 << 26) - 1;
+	f[5] += (1 << 25) - 1;
+	f[6] += (1 << 26) - 1;
+	f[7] += (1 << 25) - 1;
+	f[8] += (1 << 26) - 1;
+	f[9] += (1 << 25) - 1;
+
+	/* now between 2^255 and 2^256-20, and offset by 2^255. */
+	carry_pass_final()
+
+	#undef carry_pass
+	#undef carry_full
+	#undef carry_final
+
+	f[1] <<= 2;
+	f[2] <<= 3;
+	f[3] <<= 5;
+	f[4] <<= 6;
+	f[6] <<= 1;
+	f[7] <<= 3;
+	f[8] <<= 4;
+	f[9] <<= 6;
+
+	#define F(i, s) \
+		out[s+0] |= (unsigned char )(f[i] & 0xff); \
+		out[s+1] = (unsigned char )((f[i] >> 8) & 0xff); \
+		out[s+2] = (unsigned char )((f[i] >> 16) & 0xff); \
+		out[s+3] = (unsigned char )((f[i] >> 24) & 0xff);
+
+	out[0] = 0;
+	out[16] = 0;
+	F(0,0);
+	F(1,3);
+	F(2,6);
+	F(3,9);
+	F(4,12);
+	F(5,16);
+	F(6,19);
+	F(7,22);
+	F(8,25);
+	F(9,28);
+	#undef F
+}
+
+/* if (iswap) swap(a, b) */
+DONNA_INLINE static void
+curve25519_swap_conditional(bignum25519 a, bignum25519 b, uint32_t iswap) {
+	const uint32_t swap = (uint32_t)(-(int32_t)iswap);
+	xmmi a0,a1,a2,b0,b1,b2,x0,x1,x2;
+	xmmi mask = _mm_cvtsi32_si128(swap);
+	mask = _mm_shuffle_epi32(mask, 0);
+	a0 = _mm_load_si128((xmmi *)a + 0);
+	a1 = _mm_load_si128((xmmi *)a + 1);
+	b0 = _mm_load_si128((xmmi *)b + 0);
+	b1 = _mm_load_si128((xmmi *)b + 1);
+	b0 = _mm_xor_si128(a0, b0);
+	b1 = _mm_xor_si128(a1, b1);
+	x0 = _mm_and_si128(b0, mask);
+	x1 = _mm_and_si128(b1, mask);
+	x0 = _mm_xor_si128(x0, a0);
+	x1 = _mm_xor_si128(x1, a1);
+	a0 = _mm_xor_si128(x0, b0);
+	a1 = _mm_xor_si128(x1, b1);
+	_mm_store_si128((xmmi *)a + 0, x0);
+	_mm_store_si128((xmmi *)a + 1, x1);	
+	_mm_store_si128((xmmi *)b + 0, a0);
+	_mm_store_si128((xmmi *)b + 1, a1);
+
+	a2 = _mm_load_si128((xmmi *)a + 2);
+	b2 = _mm_load_si128((xmmi *)b + 2);
+	b2 = _mm_xor_si128(a2, b2);
+	x2 = _mm_and_si128(b2, mask);
+	x2 = _mm_xor_si128(x2, a2);
+	a2 = _mm_xor_si128(x2, b2);	
+	_mm_store_si128((xmmi *)b + 2, a2);
+	_mm_store_si128((xmmi *)a + 2, x2);
+}
+
+/* out = (flag) ? out : in */
+DONNA_INLINE static void
+curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], uint32_t flag) {
+	xmmi a0,a1,a2,a3,a4,a5,b0,b1,b2,b3,b4,b5;
+	const uint32_t nb = flag - 1;
+	xmmi masknb = _mm_shuffle_epi32(_mm_cvtsi32_si128(nb),0);
+	a0 = _mm_load_si128((xmmi *)in + 0);
+	a1 = _mm_load_si128((xmmi *)in + 1);
+	a2 = _mm_load_si128((xmmi *)in + 2);
+	b0 = _mm_load_si128((xmmi *)out + 0);
+	b1 = _mm_load_si128((xmmi *)out + 1);
+	b2 = _mm_load_si128((xmmi *)out + 2);
+	a0 = _mm_andnot_si128(masknb, a0);
+	a1 = _mm_andnot_si128(masknb, a1);
+	a2 = _mm_andnot_si128(masknb, a2);
+	b0 = _mm_and_si128(masknb, b0);
+	b1 = _mm_and_si128(masknb, b1);
+	b2 = _mm_and_si128(masknb, b2);
+	a0 = _mm_or_si128(a0, b0);
+	a1 = _mm_or_si128(a1, b1);
+	a2 = _mm_or_si128(a2, b2);
+	_mm_store_si128((xmmi*)out + 0, a0);
+	_mm_store_si128((xmmi*)out + 1, a1);
+	_mm_store_si128((xmmi*)out + 2, a2);
+
+	a3 = _mm_load_si128((xmmi *)in + 3);
+	a4 = _mm_load_si128((xmmi *)in + 4);
+	a5 = _mm_load_si128((xmmi *)in + 5);
+	b3 = _mm_load_si128((xmmi *)out + 3);
+	b4 = _mm_load_si128((xmmi *)out + 4);
+	b5 = _mm_load_si128((xmmi *)out + 5);
+	a3 = _mm_andnot_si128(masknb, a3);
+	a4 = _mm_andnot_si128(masknb, a4);
+	a5 = _mm_andnot_si128(masknb, a5);
+	b3 = _mm_and_si128(masknb, b3);
+	b4 = _mm_and_si128(masknb, b4);
+	b5 = _mm_and_si128(masknb, b5);
+	a3 = _mm_or_si128(a3, b3);
+	a4 = _mm_or_si128(a4, b4);
+	a5 = _mm_or_si128(a5, b5);
+	_mm_store_si128((xmmi*)out + 3, a3);
+	_mm_store_si128((xmmi*)out + 4, a4);
+	_mm_store_si128((xmmi*)out + 5, a5);
+}
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-32bit-sse2.h b/src/ext/ed25519/donna/ed25519-donna-32bit-sse2.h
new file mode 100644
index 0000000000..db04a13d3f
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-32bit-sse2.h
@@ -0,0 +1,513 @@
+#if defined(ED25519_GCC_32BIT_SSE_CHOOSE)
+
+#define HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS
+
+DONNA_NOINLINE static void
+ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
+	int32_t breg = (int32_t)b;
+	uint32_t sign = (uint32_t)breg >> 31;
+	uint32_t mask = ~(sign - 1);
+	uint32_t u = (breg + mask) ^ mask;
+
+	__asm__ __volatile__ (
+		/* ysubx+xaddy */
+		"movl %0, %%eax                  ;\n"
+		"movd %%eax, %%xmm6              ;\n"
+		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
+		"pxor %%xmm0, %%xmm0             ;\n"
+		"pxor %%xmm1, %%xmm1             ;\n"
+		"pxor %%xmm2, %%xmm2             ;\n"
+		"pxor %%xmm3, %%xmm3             ;\n"
+
+		/* 0 */
+		"movl $0, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movl $1, %%ecx                  ;\n"
+		"movd %%ecx, %%xmm4              ;\n"
+		"pxor %%xmm5, %%xmm5             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 1 */
+		"movl $1, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 0(%1), %%xmm4            ;\n"
+		"movdqa 16(%1), %%xmm5           ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 32(%1), %%xmm4           ;\n"
+		"movdqa 48(%1), %%xmm5           ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 2 */
+		"movl $2, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 96(%1), %%xmm4           ;\n"
+		"movdqa 112(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 128(%1), %%xmm4          ;\n"
+		"movdqa 144(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 3 */
+		"movl $3, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 192(%1), %%xmm4          ;\n"
+		"movdqa 208(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 224(%1), %%xmm4          ;\n"
+		"movdqa 240(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 4 */
+		"movl $4, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 288(%1), %%xmm4          ;\n"
+		"movdqa 304(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 320(%1), %%xmm4          ;\n"
+		"movdqa 336(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 5 */
+		"movl $5, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 384(%1), %%xmm4          ;\n"
+		"movdqa 400(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 416(%1), %%xmm4          ;\n"
+		"movdqa 432(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 6 */
+		"movl $6, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 480(%1), %%xmm4          ;\n"
+		"movdqa 496(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 512(%1), %%xmm4          ;\n"
+		"movdqa 528(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 7 */
+		"movl $7, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 576(%1), %%xmm4          ;\n"
+		"movdqa 592(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 608(%1), %%xmm4          ;\n"
+		"movdqa 624(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* 8 */
+		"movl $8, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 672(%1), %%xmm4          ;\n"
+		"movdqa 688(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm0              ;\n"
+		"por %%xmm5, %%xmm1              ;\n"
+		"movdqa 704(%1), %%xmm4          ;\n"
+		"movdqa 720(%1), %%xmm5          ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"por %%xmm4, %%xmm2              ;\n"
+		"por %%xmm5, %%xmm3              ;\n"
+
+		/* conditional swap based on sign */
+		"movl %3, %%ecx                  ;\n"
+		"movl %2, %%eax                  ;\n"
+		"xorl $1, %%ecx                  ;\n"
+		"movd %%ecx, %%xmm6              ;\n"
+		"pxor %%xmm7, %%xmm7             ;\n"
+		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa %%xmm2, %%xmm4           ;\n"
+		"movdqa %%xmm3, %%xmm5           ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"pand %%xmm7, %%xmm5             ;\n"
+		"pxor %%xmm4, %%xmm0             ;\n"
+		"pxor %%xmm5, %%xmm1             ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+
+		/* store ysubx */
+		"movd %%xmm0, %%ecx              ;\n"
+		"movl %%ecx, %%edx               ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 0(%%eax)            ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"shrdl $26, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 4(%%eax)            ;\n"
+		"movd %%xmm0, %%edx              ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"shrdl $19, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 8(%%eax)            ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"shrdl $13, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 12(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrl $6, %%ecx                  ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 16(%%eax)           ;\n"
+		"movl %%edx, %%ecx               ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 20(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrdl $25, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 24(%%eax)           ;\n"
+		"movd %%xmm1, %%ecx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrdl $19, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 28(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"shrdl $12, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 32(%%eax)           ;\n"
+		"shrl $6, %%edx                  ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"xorl %%ecx, %%ecx               ;\n"
+		"movl %%edx, 36(%%eax)           ;\n"
+		"movl %%ecx, 40(%%eax)           ;\n"
+		"movl %%ecx, 44(%%eax)           ;\n"
+
+		/* store xaddy */
+		"addl $48, %%eax                 ;\n"
+		"movdqa %%xmm2, %%xmm0           ;\n"
+		"movdqa %%xmm3, %%xmm1           ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"movl %%ecx, %%edx               ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 0(%%eax)            ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"shrdl $26, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 4(%%eax)            ;\n"
+		"movd %%xmm0, %%edx              ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"shrdl $19, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 8(%%eax)            ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"shrdl $13, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 12(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrl $6, %%ecx                  ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 16(%%eax)           ;\n"
+		"movl %%edx, %%ecx               ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 20(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrdl $25, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 24(%%eax)           ;\n"
+		"movd %%xmm1, %%ecx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrdl $19, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 28(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"shrdl $12, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 32(%%eax)           ;\n"
+		"shrl $6, %%edx                  ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"xorl %%ecx, %%ecx               ;\n"
+		"movl %%edx, 36(%%eax)           ;\n"
+		"movl %%ecx, 40(%%eax)           ;\n"
+		"movl %%ecx, 44(%%eax)           ;\n"
+
+		/* t2d */
+		"movl %0, %%eax                  ;\n"
+		"movd %%eax, %%xmm6              ;\n"
+		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
+		"pxor %%xmm0, %%xmm0             ;\n"
+		"pxor %%xmm1, %%xmm1             ;\n"
+
+		/* 0 */
+		"movl $0, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"pxor %%xmm0, %%xmm0             ;\n"
+		"pxor %%xmm1, %%xmm1             ;\n"
+
+		/* 1 */
+		"movl $1, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 64(%1), %%xmm3           ;\n"
+		"movdqa 80(%1), %%xmm4           ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 2 */
+		"movl $2, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 160(%1), %%xmm3          ;\n"
+		"movdqa 176(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 3 */
+		"movl $3, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 256(%1), %%xmm3          ;\n"
+		"movdqa 272(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 4 */
+		"movl $4, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 352(%1), %%xmm3          ;\n"
+		"movdqa 368(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 5 */
+		"movl $5, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 448(%1), %%xmm3          ;\n"
+		"movdqa 464(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 6 */
+		"movl $6, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 544(%1), %%xmm3          ;\n"
+		"movdqa 560(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 7 */
+		"movl $7, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 640(%1), %%xmm3          ;\n"
+		"movdqa 656(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* 8 */
+		"movl $8, %%eax                  ;\n"
+		"movd %%eax, %%xmm7              ;\n"
+		"pshufd $0x00, %%xmm7, %%xmm7    ;\n"
+		"pcmpeqd %%xmm6, %%xmm7          ;\n"
+		"movdqa 736(%1), %%xmm3          ;\n"
+		"movdqa 752(%1), %%xmm4          ;\n"
+		"pand %%xmm7, %%xmm3             ;\n"
+		"pand %%xmm7, %%xmm4             ;\n"
+		"por %%xmm3, %%xmm0              ;\n"
+		"por %%xmm4, %%xmm1              ;\n"
+
+		/* store t2d */
+		"movl %2, %%eax                  ;\n"
+		"addl $96, %%eax                 ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"movl %%ecx, %%edx               ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 0(%%eax)            ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"shrdl $26, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 4(%%eax)            ;\n"
+		"movd %%xmm0, %%edx              ;\n"
+		"pshufd $0x39, %%xmm0, %%xmm0    ;\n"
+		"shrdl $19, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 8(%%eax)            ;\n"
+		"movd %%xmm0, %%ecx              ;\n"
+		"shrdl $13, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 12(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrl $6, %%ecx                  ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 16(%%eax)           ;\n"
+		"movl %%edx, %%ecx               ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 20(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrdl $25, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 24(%%eax)           ;\n"
+		"movd %%xmm1, %%ecx              ;\n"
+		"pshufd $0x39, %%xmm1, %%xmm1    ;\n"
+		"shrdl $19, %%ecx, %%edx         ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"movl %%edx, 28(%%eax)           ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"movd %%xmm1, %%edx              ;\n"
+		"shrdl $12, %%edx, %%ecx         ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"movl %%ecx, 32(%%eax)           ;\n"
+		"shrl $6, %%edx                  ;\n"
+		"andl $0x1ffffff, %%edx          ;\n"
+		"xorl %%ecx, %%ecx               ;\n"
+		"movl %%edx, 36(%%eax)           ;\n"
+		"movl %%ecx, 40(%%eax)           ;\n"
+		"movl %%ecx, 44(%%eax)           ;\n"
+		"movdqa 0(%%eax), %%xmm0         ;\n"
+		"movdqa 16(%%eax), %%xmm1        ;\n"
+		"movdqa 32(%%eax), %%xmm2        ;\n"
+
+		/* conditionally negate t2d */
+
+		/* set up 2p in to 3/4 */
+		"movl $0x7ffffda, %%ecx          ;\n"
+		"movl $0x3fffffe, %%edx          ;\n"
+		"movd %%ecx, %%xmm3              ;\n"
+		"movd %%edx, %%xmm5              ;\n"
+		"movl $0x7fffffe, %%ecx          ;\n"
+		"movd %%ecx, %%xmm4              ;\n"
+		"punpckldq %%xmm5, %%xmm3        ;\n"
+		"punpckldq %%xmm5, %%xmm4        ;\n"
+		"punpcklqdq %%xmm4, %%xmm3       ;\n"
+		"movdqa %%xmm4, %%xmm5           ;\n"
+		"punpcklqdq %%xmm4, %%xmm4       ;\n"
+
+		/* subtract and conditionally move */
+		"movl %3, %%ecx                  ;\n"
+		"sub $1, %%ecx                   ;\n"
+		"movd %%ecx, %%xmm6              ;\n"
+		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
+		"movdqa %%xmm6, %%xmm7           ;\n"
+		"psubd %%xmm0, %%xmm3            ;\n"
+		"psubd %%xmm1, %%xmm4            ;\n"
+		"psubd %%xmm2, %%xmm5            ;\n"
+		"pand %%xmm6, %%xmm0             ;\n"
+		"pand %%xmm6, %%xmm1             ;\n"
+		"pand %%xmm6, %%xmm2             ;\n"
+		"pandn %%xmm3, %%xmm6            ;\n"
+		"movdqa %%xmm7, %%xmm3           ;\n"
+		"pandn %%xmm4, %%xmm7            ;\n"
+		"pandn %%xmm5, %%xmm3            ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm3, %%xmm2              ;\n"
+
+		/* store */
+		"movdqa %%xmm0, 0(%%eax)         ;\n"
+		"movdqa %%xmm1, 16(%%eax)        ;\n"
+		"movdqa %%xmm2, 32(%%eax)        ;\n"
+		:
+		: "m"(u), "r"(&table[pos * 8]), "m"(t), "m"(sign) /* %0 = u, %1 = table, %2 = t, %3 = sign */
+		: "%eax", "%ecx", "%edx", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "cc", "memory"
+	);
+}
+
+#endif /* defined(ED25519_GCC_32BIT_SSE_CHOOSE) */
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-32bit-tables.h b/src/ext/ed25519/donna/ed25519-donna-32bit-tables.h
new file mode 100644
index 0000000000..c977c26ebc
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-32bit-tables.h
@@ -0,0 +1,61 @@
+static const ge25519 ALIGN(16) ge25519_basepoint = {
+	{0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db},
+	{0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999},
+	{0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000},
+	{0x01b7dda3,0x01a2ace9,0x025eadbb,0x0003ba8a,0x0083c27e,0x00abe37d,0x01274732,0x00ccacdd,0x00fd78b7,0x019e1d7c}
+};
+
+/*
+	d
+*/
+
+static const bignum25519 ALIGN(16) ge25519_ecd = {
+	0x035978a3,0x00d37284,0x03156ebd,0x006a0a0e,0x0001c029,0x0179e898,0x03a03cbb,0x01ce7198,0x02e2b6ff,0x01480db3
+};
+
+static const bignum25519 ALIGN(16) ge25519_ec2d = {
+	0x02b2f159,0x01a6e509,0x022add7a,0x00d4141d,0x00038052,0x00f3d130,0x03407977,0x019ce331,0x01c56dff,0x00901b67
+};
+
+/*
+	sqrt(-1)
+*/
+
+static const bignum25519 ALIGN(16) ge25519_sqrtneg1 = {
+	0x020ea0b0,0x0186c9d2,0x008f189d,0x0035697f,0x00bd0c60,0x01fbd7a7,0x02804c9e,0x01e16569,0x0004fc1d,0x00ae0c92
+};
+
+static const ge25519_niels ALIGN(16) ge25519_niels_sliding_multiples[32] = {
+	{{0x0340913e,0x000e4175,0x03d673a2,0x002e8a05,0x03f4e67c,0x008f8a09,0x00c21a34,0x004cf4b8,0x01298f81,0x0113f4be},{0x018c3b85,0x0124f1bd,0x01c325f7,0x0037dc60,0x033e4cb7,0x003d42c2,0x01a44c32,0x014ca4e1,0x03a33d4b,0x001f3e74},{0x037aaa68,0x00448161,0x0093d579,0x011e6556,0x009b67a0,0x0143598c,0x01bee5ee,0x00b50b43,0x0289f0c6,0x01bc45ed}},
+	{{0x00fcd265,0x0047fa29,0x034faacc,0x01ef2e0d,0x00ef4d4f,0x014bd6bd,0x00f98d10,0x014c5026,0x007555bd,0x00aae456},{0x00ee9730,0x016c2a13,0x017155e4,0x01874432,0x00096a10,0x01016732,0x01a8014f,0x011e9823,0x01b9a80f,0x01e85938},{0x01d0d889,0x01a4cfc3,0x034c4295,0x0110e1ae,0x0162508c,0x00f2db4c,0x0072a2c6,0x0098da2e,0x02f12b9b,0x0168a09a}},
+	{{0x0047d6ba,0x0060b0e9,0x0136eff2,0x008a5939,0x03540053,0x0064a087,0x02788e5c,0x00be7c67,0x033eb1b5,0x005529f9},{0x00a5bb33,0x00af1102,0x01a05442,0x001e3af7,0x02354123,0x00bfec44,0x01f5862d,0x00dd7ba3,0x03146e20,0x00a51733},{0x012a8285,0x00f6fc60,0x023f9797,0x003e85ee,0x009c3820,0x01bda72d,0x01b3858d,0x00d35683,0x0296b3bb,0x010eaaf9}},
+	{{0x023221b1,0x01cb26aa,0x0074f74d,0x0099ddd1,0x01b28085,0x00192c3a,0x013b27c9,0x00fc13bd,0x01d2e531,0x0075bb75},{0x004ea3bf,0x00973425,0x001a4d63,0x01d59cee,0x01d1c0d4,0x00542e49,0x01294114,0x004fce36,0x029283c9,0x01186fa9},{0x01b8b3a2,0x00db7200,0x00935e30,0x003829f5,0x02cc0d7d,0x0077adf3,0x0220dd2c,0x0014ea53,0x01c6a0f9,0x01ea7eec}},
+	{{0x039d8064,0x01885f80,0x00337e6d,0x01b7a902,0x02628206,0x015eb044,0x01e30473,0x0191f2d9,0x011fadc9,0x01270169},{0x02a8632f,0x0199e2a9,0x00d8b365,0x017a8de2,0x02994279,0x0086f5b5,0x0119e4e3,0x01eb39d6,0x0338add7,0x00d2e7b4},{0x0045af1b,0x013a2fe4,0x0245e0d6,0x014538ce,0x038bfe0f,0x01d4cf16,0x037e14c9,0x0160d55e,0x0021b008,0x01cf05c8}},
+	{{0x01864348,0x01d6c092,0x0070262b,0x014bb844,0x00fb5acd,0x008deb95,0x003aaab5,0x00eff474,0x00029d5c,0x0062ad66},{0x02802ade,0x01c02122,0x01c4e5f7,0x00781181,0x039767fb,0x01703406,0x0342388b,0x01f5e227,0x022546d8,0x0109d6ab},{0x016089e9,0x00cb317f,0x00949b05,0x01099417,0x000c7ad2,0x011a8622,0x0088ccda,0x01290886,0x022b53df,0x00f71954}},
+	{{0x027fbf93,0x01c04ecc,0x01ed6a0d,0x004cdbbb,0x02bbf3af,0x00ad5968,0x01591955,0x0094f3a2,0x02d17602,0x00099e20},{0x02007f6d,0x003088a8,0x03db77ee,0x00d5ade6,0x02fe12ce,0x0107ba07,0x0107097d,0x00482a6f,0x02ec346f,0x008d3f5f},{0x032ea378,0x0028465c,0x028e2a6c,0x018efc6e,0x0090df9a,0x01a7e533,0x039bfc48,0x010c745d,0x03daa097,0x0125ee9b}},
+	{{0x028ccf0b,0x00f36191,0x021ac081,0x012154c8,0x034e0a6e,0x01b25192,0x00180403,0x01d7eea1,0x00218d05,0x010ed735},{0x03cfeaa0,0x01b300c4,0x008da499,0x0068c4e1,0x0219230a,0x01f2d4d0,0x02defd60,0x00e565b7,0x017f12de,0x018788a4},{0x03d0b516,0x009d8be6,0x03ddcbb3,0x0071b9fe,0x03ace2bd,0x01d64270,0x032d3ec9,0x01084065,0x0210ae4d,0x01447584}},
+	{{0x0020de87,0x00e19211,0x01b68102,0x00b5ac97,0x022873c0,0x01942d25,0x01271394,0x0102073f,0x02fe2482,0x01c69ff9},{0x010e9d81,0x019dbbe5,0x0089f258,0x006e06b8,0x02951883,0x018f1248,0x019b3237,0x00bc7553,0x024ddb85,0x01b4c964},{0x01c8c854,0x0060ae29,0x01406d8e,0x01cff2f9,0x00cff451,0x01778d0c,0x03ac8c41,0x01552e59,0x036559ee,0x011d1b12}},
+	{{0x00741147,0x0151b219,0x01092690,0x00e877e6,0x01f4d6bb,0x0072a332,0x01cd3b03,0x00dadff2,0x0097db5e,0x0086598d},{0x01c69a2b,0x01decf1b,0x02c2fa6e,0x013b7c4f,0x037beac8,0x013a16b5,0x028e7bda,0x01f6e8ac,0x01e34fe9,0x01726947},{0x01f10e67,0x003c73de,0x022b7ea2,0x010f32c2,0x03ff776a,0x00142277,0x01d38b88,0x00776138,0x03c60822,0x01201140}},
+	{{0x0236d175,0x0008748e,0x03c6476d,0x013f4cdc,0x02eed02a,0x00838a47,0x032e7210,0x018bcbb3,0x00858de4,0x01dc7826},{0x00a37fc7,0x0127b40b,0x01957884,0x011d30ad,0x02816683,0x016e0e23,0x00b76be4,0x012db115,0x02516506,0x0154ce62},{0x00451edf,0x00bd749e,0x03997342,0x01cc2c4c,0x00eb6975,0x01a59508,0x03a516cf,0x00c228ef,0x0168ff5a,0x01697b47}},
+	{{0x00527359,0x01783156,0x03afd75c,0x00ce56dc,0x00e4b970,0x001cabe9,0x029e0f6d,0x0188850c,0x0135fefd,0x00066d80},{0x02150e83,0x01448abf,0x02bb0232,0x012bf259,0x033c8268,0x00711e20,0x03fc148f,0x005e0e70,0x017d8bf9,0x0112b2e2},{0x02134b83,0x001a0517,0x0182c3cc,0x00792182,0x0313d799,0x001a3ed7,0x0344547e,0x01f24a0d,0x03de6ad2,0x00543127}},
+	{{0x00dca868,0x00618f27,0x015a1709,0x00ddc38a,0x0320fd13,0x0036168d,0x0371ab06,0x01783fc7,0x0391e05f,0x01e29b5d},{0x01471138,0x00fca542,0x00ca31cf,0x01ca7bad,0x0175bfbc,0x01a708ad,0x03bce212,0x01244215,0x0075bb99,0x01acad68},{0x03a0b976,0x01dc12d1,0x011aab17,0x00aba0ba,0x029806cd,0x0142f590,0x018fd8ea,0x01a01545,0x03c4ad55,0x01c971ff}},
+	{{0x00d098c0,0x000afdc7,0x006cd230,0x01276af3,0x03f905b2,0x0102994c,0x002eb8a4,0x015cfbeb,0x025f855f,0x01335518},{0x01cf99b2,0x0099c574,0x01a69c88,0x00881510,0x01cd4b54,0x0112109f,0x008abdc5,0x0074647a,0x0277cb1f,0x01e53324},{0x02ac5053,0x01b109b0,0x024b095e,0x016997b3,0x02f26bb6,0x00311021,0x00197885,0x01d0a55a,0x03b6fcc8,0x01c020d5}},
+	{{0x02584a34,0x00e7eee0,0x03257a03,0x011e95a3,0x011ead91,0x00536202,0x00b1ce24,0x008516c6,0x03669d6d,0x004ea4a8},{0x00773f01,0x0019c9ce,0x019f6171,0x01d4afde,0x02e33323,0x01ad29b6,0x02ead1dc,0x01ed51a5,0x01851ad0,0x001bbdfa},{0x00577de5,0x00ddc730,0x038b9952,0x00f281ae,0x01d50390,0x0002e071,0x000780ec,0x010d448d,0x01f8a2af,0x00f0a5b7}},
+	{{0x031f2541,0x00d34bae,0x0323ff9d,0x003a056d,0x02e25443,0x00a1ad05,0x00d1bee8,0x002f7f8e,0x03007477,0x002a24b1},{0x0114a713,0x01457e76,0x032255d5,0x01cc647f,0x02a4bdef,0x0153d730,0x00118bcf,0x00f755ff,0x013490c7,0x01ea674e},{0x02bda3e8,0x00bb490d,0x00f291ea,0x000abf40,0x01dea321,0x002f9ce0,0x00b2b193,0x00fa54b5,0x0128302f,0x00a19d8b}},
+	{{0x022ef5bd,0x01638af3,0x038c6f8a,0x01a33a3d,0x039261b2,0x01bb89b8,0x010bcf9d,0x00cf42a9,0x023d6f17,0x01da1bca},{0x00e35b25,0x000d824f,0x0152e9cf,0x00ed935d,0x020b8460,0x01c7b83f,0x00c969e5,0x01a74198,0x0046a9d9,0x00cbc768},{0x01597c6a,0x0144a99b,0x00a57551,0x0018269c,0x023c464c,0x0009b022,0x00ee39e1,0x0114c7f2,0x038a9ad2,0x01584c17}},
+	{{0x03b0c0d5,0x00b30a39,0x038a6ce4,0x01ded83a,0x01c277a6,0x01010a61,0x0346d3eb,0x018d995e,0x02f2c57c,0x000c286b},{0x0092aed1,0x0125e37b,0x027ca201,0x001a6b6b,0x03290f55,0x0047ba48,0x018d916c,0x01a59062,0x013e35d4,0x0002abb1},{0x003ad2aa,0x007ddcc0,0x00c10f76,0x0001590b,0x002cfca6,0x000ed23e,0x00ee4329,0x00900f04,0x01c24065,0x0082fa70}},
+	{{0x02025e60,0x003912b8,0x0327041c,0x017e5ee5,0x02c0ecec,0x015a0d1c,0x02b1ce7c,0x0062220b,0x0145067e,0x01a5d931},{0x009673a6,0x00e1f609,0x00927c2a,0x016faa37,0x01650ef0,0x016f63b5,0x03cd40e1,0x003bc38f,0x0361f0ac,0x01d42acc},{0x02f81037,0x008ca0e8,0x017e23d1,0x011debfe,0x01bcbb68,0x002e2563,0x03e8add6,0x000816e5,0x03fb7075,0x0153e5ac}},
+	{{0x02b11ecd,0x016bf185,0x008f22ef,0x00e7d2bb,0x0225d92e,0x00ece785,0x00508873,0x017e16f5,0x01fbe85d,0x01e39a0e},{0x01669279,0x017c810a,0x024941f5,0x0023ebeb,0x00eb7688,0x005760f1,0x02ca4146,0x0073cde7,0x0052bb75,0x00f5ffa7},{0x03b8856b,0x00cb7dcd,0x02f14e06,0x001820d0,0x01d74175,0x00e59e22,0x03fba550,0x00484641,0x03350088,0x01c3c9a3}},
+	{{0x00dcf355,0x0104481c,0x0022e464,0x01f73fe7,0x00e03325,0x0152b698,0x02ef769a,0x00973663,0x00039b8c,0x0101395b},{0x01805f47,0x019160ec,0x03832cd0,0x008b06eb,0x03d4d717,0x004cb006,0x03a75b8f,0x013b3d30,0x01cfad88,0x01f034d1},{0x0078338a,0x01c7d2e3,0x02bc2b23,0x018b3f05,0x0280d9aa,0x005f3d44,0x0220a95a,0x00eeeb97,0x0362aaec,0x00835d51}},
+	{{0x01b9f543,0x013fac4d,0x02ad93ae,0x018ef464,0x0212cdf7,0x01138ba9,0x011583ab,0x019c3d26,0x028790b4,0x00e2e2b6},{0x033bb758,0x01f0dbf1,0x03734bd1,0x0129b1e5,0x02b3950e,0x003bc922,0x01a53ec8,0x018c5532,0x006f3cee,0x00ae3c79},{0x0351f95d,0x0012a737,0x03d596b8,0x017658fe,0x00ace54a,0x008b66da,0x0036c599,0x012a63a2,0x032ceba1,0x00126bac}},
+	{{0x03dcfe7e,0x019f4f18,0x01c81aee,0x0044bc2b,0x00827165,0x014f7c13,0x03b430f0,0x00bf96cc,0x020c8d62,0x01471997},{0x01fc7931,0x001f42dd,0x00ba754a,0x005bd339,0x003fbe49,0x016b3930,0x012a159c,0x009f83b0,0x03530f67,0x01e57b85},{0x02ecbd81,0x0096c294,0x01fce4a9,0x017701a5,0x0175047d,0x00ee4a31,0x012686e5,0x008efcd4,0x0349dc54,0x01b3466f}},
+	{{0x02179ca3,0x01d86414,0x03f0afd0,0x00305964,0x015c7428,0x0099711e,0x015d5442,0x00c71014,0x01b40b2e,0x01d483cf},{0x01afc386,0x01984859,0x036203ff,0x0045c6a8,0x0020a8aa,0x00990baa,0x03313f10,0x007ceede,0x027429e4,0x017806ce},{0x039357a1,0x0142f8f4,0x0294a7b6,0x00eaccf4,0x0259edb3,0x01311e6e,0x004d326f,0x0130c346,0x01ccef3c,0x01c424b2}},
+	{{0x0364918c,0x00148fc0,0x01638a7b,0x01a1fd5b,0x028ad013,0x0081e5a4,0x01a54f33,0x0174e101,0x003d0257,0x003a856c},{0x00051dcf,0x00f62b1d,0x0143d0ad,0x0042adbd,0x000fda90,0x01743ceb,0x0173e5e4,0x017bc749,0x03b7137a,0x0105ce96},{0x00f9218a,0x015b8c7c,0x00e102f8,0x0158d7e2,0x0169a5b8,0x00b2f176,0x018b347a,0x014cfef2,0x0214a4e3,0x017f1595}},
+	{{0x006d7ae5,0x0195c371,0x0391e26d,0x0062a7c6,0x003f42ab,0x010dad86,0x024f8198,0x01542b2a,0x0014c454,0x0189c471},{0x0390988e,0x00b8799d,0x02e44912,0x0078e2e6,0x00075654,0x01923eed,0x0040cd72,0x00a37c76,0x0009d466,0x00c8531d},{0x02651770,0x00609d01,0x0286c265,0x0134513c,0x00ee9281,0x005d223c,0x035c760c,0x00679b36,0x0073ecb8,0x016faa50}},
+	{{0x02c89be4,0x016fc244,0x02f38c83,0x018beb72,0x02b3ce2c,0x0097b065,0x034f017b,0x01dd957f,0x00148f61,0x00eab357},{0x0343d2f8,0x003398fc,0x011e368e,0x00782a1f,0x00019eea,0x00117b6f,0x0128d0d1,0x01a5e6bb,0x01944f1b,0x012b41e1},{0x03318301,0x018ecd30,0x0104d0b1,0x0038398b,0x03726701,0x019da88c,0x002d9769,0x00a7a681,0x031d9028,0x00ebfc32}},
+	{{0x0220405e,0x0171face,0x02d930f8,0x017f6d6a,0x023b8c47,0x0129d5f9,0x02972456,0x00a3a524,0x006f4cd2,0x004439fa},{0x00c53505,0x0190c2fd,0x00507244,0x009930f9,0x01a39270,0x01d327c6,0x0399bc47,0x01cfe13d,0x0332bd99,0x00b33e7d},{0x0203f5e4,0x003627b5,0x00018af8,0x01478581,0x004a2218,0x002e3bb7,0x039384d0,0x0146ea62,0x020b9693,0x0017155f}},
+	{{0x03c97e6f,0x00738c47,0x03b5db1f,0x01808fcf,0x01e8fc98,0x01ed25dd,0x01bf5045,0x00eb5c2b,0x0178fe98,0x01b85530},{0x01c20eb0,0x01aeec22,0x030b9eee,0x01b7d07e,0x0187e16f,0x014421fb,0x009fa731,0x0040b6d7,0x00841861,0x00a27fbc},{0x02d69abf,0x0058cdbf,0x0129f9ec,0x013c19ae,0x026c5b93,0x013a7fe7,0x004bb2ba,0x0063226f,0x002a95ca,0x01abefd9}},
+	{{0x02f5d2c1,0x00378318,0x03734fb5,0x01258073,0x0263f0f6,0x01ad70e0,0x01b56d06,0x01188fbd,0x011b9503,0x0036d2e1},{0x0113a8cc,0x01541c3e,0x02ac2bbc,0x01d95867,0x01f47459,0x00ead489,0x00ab5b48,0x01db3b45,0x00edb801,0x004b024f},{0x00b8190f,0x011fe4c2,0x00621f82,0x010508d7,0x001a5a76,0x00c7d7fd,0x03aab96d,0x019cd9dc,0x019c6635,0x00ceaa1e}},
+	{{0x01085cf2,0x01fd47af,0x03e3f5e1,0x004b3e99,0x01e3d46a,0x0060033c,0x015ff0a8,0x0150cdd8,0x029e8e21,0x008cf1bc},{0x00156cb1,0x003d623f,0x01a4f069,0x00d8d053,0x01b68aea,0x01ca5ab6,0x0316ae43,0x0134dc44,0x001c8d58,0x0084b343},{0x0318c781,0x0135441f,0x03a51a5e,0x019293f4,0x0048bb37,0x013d3341,0x0143151e,0x019c74e1,0x00911914,0x0076ddde}},
+	{{0x006bc26f,0x00d48e5f,0x00227bbe,0x00629ea8,0x01ea5f8b,0x0179a330,0x027a1d5f,0x01bf8f8e,0x02d26e2a,0x00c6b65e},{0x01701ab6,0x0051da77,0x01b4b667,0x00a0ce7c,0x038ae37b,0x012ac852,0x03a0b0fe,0x0097c2bb,0x00a017d2,0x01eb8b2a},{0x0120b962,0x0005fb42,0x0353b6fd,0x0061f8ce,0x007a1463,0x01560a64,0x00e0a792,0x01907c92,0x013a6622,0x007b47f1}}
+};
diff --git a/src/ext/ed25519/donna/ed25519-donna-64bit-sse2.h b/src/ext/ed25519/donna/ed25519-donna-64bit-sse2.h
new file mode 100644
index 0000000000..ca08651d67
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-64bit-sse2.h
@@ -0,0 +1,436 @@
+#if defined(ED25519_GCC_64BIT_SSE_CHOOSE)
+
+#define HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS
+
+DONNA_NOINLINE static void
+ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
+	int64_t breg = (int64_t)b;
+	uint64_t sign = (uint64_t)breg >> 63;
+	uint64_t mask = ~(sign - 1);
+	uint64_t u = (breg + mask) ^ mask;
+
+	__asm__ __volatile__ (
+		/* ysubx+xaddy+t2d */
+		"movq %0, %%rax                  ;\n"
+		"movd %%rax, %%xmm14             ;\n"
+		"pshufd $0x00, %%xmm14, %%xmm14  ;\n"
+		"pxor %%xmm0, %%xmm0             ;\n"
+		"pxor %%xmm1, %%xmm1             ;\n"
+		"pxor %%xmm2, %%xmm2             ;\n"
+		"pxor %%xmm3, %%xmm3             ;\n"
+		"pxor %%xmm4, %%xmm4             ;\n"
+		"pxor %%xmm5, %%xmm5             ;\n"
+
+		/* 0 */
+		"movq $0, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm6              ;\n"
+		"pxor %%xmm7, %%xmm7             ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm6, %%xmm2              ;\n"
+		"por %%xmm7, %%xmm3              ;\n"
+
+		/* 1 */
+		"movq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 0(%1), %%xmm6            ;\n"
+		"movdqa 16(%1), %%xmm7           ;\n"
+		"movdqa 32(%1), %%xmm8           ;\n"
+		"movdqa 48(%1), %%xmm9           ;\n"
+		"movdqa 64(%1), %%xmm10          ;\n"
+		"movdqa 80(%1), %%xmm11          ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 2 */
+		"movq $2, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 96(%1), %%xmm6           ;\n"
+		"movdqa 112(%1), %%xmm7          ;\n"
+		"movdqa 128(%1), %%xmm8          ;\n"
+		"movdqa 144(%1), %%xmm9          ;\n"
+		"movdqa 160(%1), %%xmm10         ;\n"
+		"movdqa 176(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 3 */
+		"movq $3, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 192(%1), %%xmm6          ;\n"
+		"movdqa 208(%1), %%xmm7          ;\n"
+		"movdqa 224(%1), %%xmm8          ;\n"
+		"movdqa 240(%1), %%xmm9          ;\n"
+		"movdqa 256(%1), %%xmm10         ;\n"
+		"movdqa 272(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 4 */
+		"movq $4, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 288(%1), %%xmm6          ;\n"
+		"movdqa 304(%1), %%xmm7          ;\n"
+		"movdqa 320(%1), %%xmm8          ;\n"
+		"movdqa 336(%1), %%xmm9          ;\n"
+		"movdqa 352(%1), %%xmm10         ;\n"
+		"movdqa 368(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 5 */
+		"movq $5, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 384(%1), %%xmm6          ;\n"
+		"movdqa 400(%1), %%xmm7          ;\n"
+		"movdqa 416(%1), %%xmm8          ;\n"
+		"movdqa 432(%1), %%xmm9          ;\n"
+		"movdqa 448(%1), %%xmm10         ;\n"
+		"movdqa 464(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 6 */
+		"movq $6, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 480(%1), %%xmm6          ;\n"
+		"movdqa 496(%1), %%xmm7          ;\n"
+		"movdqa 512(%1), %%xmm8          ;\n"
+		"movdqa 528(%1), %%xmm9          ;\n"
+		"movdqa 544(%1), %%xmm10         ;\n"
+		"movdqa 560(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 7 */
+		"movq $7, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 576(%1), %%xmm6          ;\n"
+		"movdqa 592(%1), %%xmm7          ;\n"
+		"movdqa 608(%1), %%xmm8          ;\n"
+		"movdqa 624(%1), %%xmm9          ;\n"
+		"movdqa 640(%1), %%xmm10         ;\n"
+		"movdqa 656(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 8 */
+		"movq $8, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 672(%1), %%xmm6          ;\n"
+		"movdqa 688(%1), %%xmm7          ;\n"
+		"movdqa 704(%1), %%xmm8          ;\n"
+		"movdqa 720(%1), %%xmm9          ;\n"
+		"movdqa 736(%1), %%xmm10         ;\n"
+		"movdqa 752(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* conditionally swap ysubx and xaddy */
+		"movq %3, %%rax                  ;\n"
+		"xorq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm14             ;\n"
+		"pxor %%xmm15, %%xmm15           ;\n"
+		"pshufd $0x00, %%xmm14, %%xmm14  ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa %%xmm2, %%xmm6           ;\n"
+		"movdqa %%xmm3, %%xmm7           ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pxor %%xmm6, %%xmm0             ;\n"
+		"pxor %%xmm7, %%xmm1             ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+
+		/* store ysubx */
+		"xorq %%rax, %%rax               ;\n"
+		"movd %%xmm0, %%rcx              ;\n"
+		"movd %%xmm0, %%r8               ;\n"
+		"movd %%xmm1, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm0, %%xmm0    ;\n"
+		"pshufd $0xee, %%xmm1, %%xmm1    ;\n"
+		"movd %%xmm0, %%rdx              ;\n"
+		"movd %%xmm1, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"movq %%rcx, %%r9                ;\n"
+		"movq %%r8, %%r10                ;\n"
+		"movq %%rdx, %%r11               ;\n"
+		"movq %%rsi, %%r12               ;\n"
+		"movq %%rdi, %%r13               ;\n"
+		"shrq $26, %%r9                  ;\n"
+		"shrq $26, %%r10                 ;\n"
+		"shrq $26, %%r11                 ;\n"
+		"shrq $26, %%r12                 ;\n"
+		"shrq $26, %%r13                 ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"andl $0x1ffffff, %%r9d          ;\n"
+		"andl $0x3ffffff, %%r8d          ;\n"
+		"andl $0x1ffffff, %%r10d         ;\n"
+		"andl $0x3ffffff, %%edx          ;\n"
+		"andl $0x1ffffff, %%r11d         ;\n"
+		"andl $0x3ffffff, %%esi          ;\n"
+		"andl $0x1ffffff, %%r12d         ;\n"
+		"andl $0x3ffffff, %%edi          ;\n"
+		"andl $0x1ffffff, %%r13d         ;\n"
+		"movl %%ecx, 0(%2)               ;\n"
+		"movl %%r9d, 4(%2)               ;\n"
+		"movl %%r8d, 8(%2)               ;\n"
+		"movl %%r10d, 12(%2)             ;\n"
+		"movl %%edx, 16(%2)              ;\n"
+		"movl %%r11d, 20(%2)             ;\n"
+		"movl %%esi, 24(%2)              ;\n"
+		"movl %%r12d, 28(%2)             ;\n"
+		"movl %%edi, 32(%2)              ;\n"
+		"movl %%r13d, 36(%2)             ;\n"
+		"movq %%rax, 40(%2)              ;\n"
+
+		/* store xaddy */
+		"movd %%xmm2, %%rcx              ;\n"
+		"movd %%xmm2, %%r8               ;\n"
+		"movd %%xmm3, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm2, %%xmm2    ;\n"
+		"pshufd $0xee, %%xmm3, %%xmm3    ;\n"
+		"movd %%xmm2, %%rdx              ;\n"
+		"movd %%xmm3, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"movq %%rcx, %%r9                ;\n"
+		"movq %%r8, %%r10                ;\n"
+		"movq %%rdx, %%r11               ;\n"
+		"movq %%rsi, %%r12               ;\n"
+		"movq %%rdi, %%r13               ;\n"
+		"shrq $26, %%r9                  ;\n"
+		"shrq $26, %%r10                 ;\n"
+		"shrq $26, %%r11                 ;\n"
+		"shrq $26, %%r12                 ;\n"
+		"shrq $26, %%r13                 ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"andl $0x1ffffff, %%r9d          ;\n"
+		"andl $0x3ffffff, %%r8d          ;\n"
+		"andl $0x1ffffff, %%r10d         ;\n"
+		"andl $0x3ffffff, %%edx          ;\n"
+		"andl $0x1ffffff, %%r11d         ;\n"
+		"andl $0x3ffffff, %%esi          ;\n"
+		"andl $0x1ffffff, %%r12d         ;\n"
+		"andl $0x3ffffff, %%edi          ;\n"
+		"andl $0x1ffffff, %%r13d         ;\n"
+		"movl %%ecx, 48(%2)              ;\n"
+		"movl %%r9d, 52(%2)              ;\n"
+		"movl %%r8d, 56(%2)              ;\n"
+		"movl %%r10d, 60(%2)             ;\n"
+		"movl %%edx, 64(%2)              ;\n"
+		"movl %%r11d, 68(%2)             ;\n"
+		"movl %%esi, 72(%2)              ;\n"
+		"movl %%r12d, 76(%2)             ;\n"
+		"movl %%edi, 80(%2)              ;\n"
+		"movl %%r13d, 84(%2)             ;\n"
+		"movq %%rax, 88(%2)              ;\n"
+
+		/* extract t2d */
+		"xorq %%rax, %%rax               ;\n"
+		"movd %%xmm4, %%rcx              ;\n"
+		"movd %%xmm4, %%r8               ;\n"
+		"movd %%xmm5, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm4, %%xmm4    ;\n"
+		"pshufd $0xee, %%xmm5, %%xmm5    ;\n"
+		"movd %%xmm4, %%rdx              ;\n"
+		"movd %%xmm5, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"movq %%rcx, %%r9                ;\n"
+		"movq %%r8, %%r10                ;\n"
+		"movq %%rdx, %%r11               ;\n"
+		"movq %%rsi, %%r12               ;\n"
+		"movq %%rdi, %%r13               ;\n"
+		"shrq $26, %%r9                  ;\n"
+		"shrq $26, %%r10                 ;\n"
+		"shrq $26, %%r11                 ;\n"
+		"shrq $26, %%r12                 ;\n"
+		"shrq $26, %%r13                 ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"andl $0x1ffffff, %%r9d          ;\n"
+		"andl $0x3ffffff, %%r8d          ;\n"
+		"andl $0x1ffffff, %%r10d         ;\n"
+		"andl $0x3ffffff, %%edx          ;\n"
+		"andl $0x1ffffff, %%r11d         ;\n"
+		"andl $0x3ffffff, %%esi          ;\n"
+		"andl $0x1ffffff, %%r12d         ;\n"
+		"andl $0x3ffffff, %%edi          ;\n"
+		"andl $0x1ffffff, %%r13d         ;\n"
+		"movd %%ecx, %%xmm0              ;\n"
+		"movd %%r9d, %%xmm4              ;\n"
+		"movd %%r8d, %%xmm8              ;\n"
+		"movd %%r10d, %%xmm3             ;\n"
+		"movd %%edx, %%xmm1              ;\n"
+		"movd %%r11d, %%xmm5             ;\n"
+		"movd %%esi, %%xmm6              ;\n"
+		"movd %%r12d, %%xmm7             ;\n"
+		"movd %%edi, %%xmm2              ;\n"
+		"movd %%r13d, %%xmm9             ;\n"
+		"punpckldq %%xmm4, %%xmm0        ;\n"
+		"punpckldq %%xmm3, %%xmm8        ;\n"
+		"punpckldq %%xmm5, %%xmm1        ;\n"
+		"punpckldq %%xmm7, %%xmm6        ;\n"
+		"punpckldq %%xmm9, %%xmm2        ;\n"
+		"punpcklqdq %%xmm8, %%xmm0       ;\n"
+		"punpcklqdq %%xmm6, %%xmm1       ;\n"
+
+		/* set up 2p in to 3/4 */
+		"movl $0x7ffffda, %%ecx          ;\n"
+		"movl $0x3fffffe, %%edx          ;\n"
+		"movl $0x7fffffe, %%eax          ;\n"
+		"movd %%ecx, %%xmm3              ;\n"
+		"movd %%edx, %%xmm5              ;\n"
+		"movd %%eax, %%xmm4              ;\n"
+		"punpckldq %%xmm5, %%xmm3        ;\n"
+		"punpckldq %%xmm5, %%xmm4        ;\n"
+		"punpcklqdq %%xmm4, %%xmm3       ;\n"
+		"movdqa %%xmm4, %%xmm5           ;\n"
+		"punpcklqdq %%xmm4, %%xmm4       ;\n"
+
+		/* subtract and conditionally move */
+		"movl %3, %%ecx                  ;\n"
+		"sub $1, %%ecx                   ;\n"
+		"movd %%ecx, %%xmm6              ;\n"
+		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
+		"movdqa %%xmm6, %%xmm7           ;\n"
+		"psubd %%xmm0, %%xmm3            ;\n"
+		"psubd %%xmm1, %%xmm4            ;\n"
+		"psubd %%xmm2, %%xmm5            ;\n"
+		"pand %%xmm6, %%xmm0             ;\n"
+		"pand %%xmm6, %%xmm1             ;\n"
+		"pand %%xmm6, %%xmm2             ;\n"
+		"pandn %%xmm3, %%xmm6            ;\n"
+		"movdqa %%xmm7, %%xmm3           ;\n"
+		"pandn %%xmm4, %%xmm7            ;\n"
+		"pandn %%xmm5, %%xmm3            ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm3, %%xmm2              ;\n"
+
+		/* store t2d */
+		"movdqa %%xmm0, 96(%2)           ;\n"
+		"movdqa %%xmm1, 112(%2)          ;\n"
+		"movdqa %%xmm2, 128(%2)          ;\n"
+		:
+		: "m"(u), "r"(&table[pos * 8]), "r"(t), "m"(sign) /* %0 = u, %1 = table, %2 = t, %3 = sign */
+		:
+			"%rax", "%rcx", "%rdx", "%rdi", "%rsi", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", 
+			"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "%xmm8", "%xmm9", "%xmm10", "%xmm11", "%xmm14", "%xmm14",
+			"cc", "memory"
+	);
+}
+
+#endif /* defined(ED25519_GCC_64BIT_SSE_CHOOSE) */
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-64bit-tables.h b/src/ext/ed25519/donna/ed25519-donna-64bit-tables.h
new file mode 100644
index 0000000000..4a6ff9edae
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-64bit-tables.h
@@ -0,0 +1,53 @@
+static const ge25519 ge25519_basepoint = {
+	{0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5},
+	{0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666},
+	{0x0000000000000001,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000},
+	{0x00068ab3a5b7dda3,0x00000eea2a5eadbb,0x0002af8df483c27e,0x000332b375274732,0x00067875f0fd78b7}
+};
+
+static const bignum25519 ge25519_ecd = {
+	0x00034dca135978a3,0x0001a8283b156ebd,0x0005e7a26001c029,0x000739c663a03cbb,0x00052036cee2b6ff
+};
+
+static const bignum25519 ge25519_ec2d = {
+	0x00069b9426b2f159,0x00035050762add7a,0x0003cf44c0038052,0x0006738cc7407977,0x0002406d9dc56dff
+};
+
+static const bignum25519 ge25519_sqrtneg1 = {
+	0x00061b274a0ea0b0,0x0000d5a5fc8f189d,0x0007ef5e9cbd0c60,0x00078595a6804c9e,0x0002b8324804fc1d
+};
+
+static const ge25519_niels ge25519_niels_sliding_multiples[32] = {
+	{{0x00003905d740913e,0x0000ba2817d673a2,0x00023e2827f4e67c,0x000133d2e0c21a34,0x00044fd2f9298f81},{0x000493c6f58c3b85,0x0000df7181c325f7,0x0000f50b0b3e4cb7,0x0005329385a44c32,0x00007cf9d3a33d4b},{0x00011205877aaa68,0x000479955893d579,0x00050d66309b67a0,0x0002d42d0dbee5ee,0x0006f117b689f0c6}},
+	{{0x00011fe8a4fcd265,0x0007bcb8374faacc,0x00052f5af4ef4d4f,0x0005314098f98d10,0x0002ab91587555bd},{0x0005b0a84cee9730,0x00061d10c97155e4,0x0004059cc8096a10,0x00047a608da8014f,0x0007a164e1b9a80f},{0x0006933f0dd0d889,0x00044386bb4c4295,0x0003cb6d3162508c,0x00026368b872a2c6,0x0005a2826af12b9b}},
+	{{0x000182c3a447d6ba,0x00022964e536eff2,0x000192821f540053,0x0002f9f19e788e5c,0x000154a7e73eb1b5},{0x0002bc4408a5bb33,0x000078ebdda05442,0x0002ffb112354123,0x000375ee8df5862d,0x0002945ccf146e20},{0x0003dbf1812a8285,0x0000fa17ba3f9797,0x0006f69cb49c3820,0x00034d5a0db3858d,0x00043aabe696b3bb}},
+	{{0x00072c9aaa3221b1,0x000267774474f74d,0x000064b0e9b28085,0x0003f04ef53b27c9,0x0001d6edd5d2e531},{0x00025cd0944ea3bf,0x00075673b81a4d63,0x000150b925d1c0d4,0x00013f38d9294114,0x000461bea69283c9},{0x00036dc801b8b3a2,0x0000e0a7d4935e30,0x0001deb7cecc0d7d,0x000053a94e20dd2c,0x0007a9fbb1c6a0f9}},
+	{{0x0006217e039d8064,0x0006dea408337e6d,0x00057ac112628206,0x000647cb65e30473,0x00049c05a51fadc9},{0x0006678aa6a8632f,0x0005ea3788d8b365,0x00021bd6d6994279,0x0007ace75919e4e3,0x00034b9ed338add7},{0x0004e8bf9045af1b,0x000514e33a45e0d6,0x0007533c5b8bfe0f,0x000583557b7e14c9,0x00073c172021b008}},
+	{{0x00075b0249864348,0x00052ee11070262b,0x000237ae54fb5acd,0x0003bfd1d03aaab5,0x00018ab598029d5c},{0x000700848a802ade,0x0001e04605c4e5f7,0x0005c0d01b9767fb,0x0007d7889f42388b,0x0004275aae2546d8},{0x00032cc5fd6089e9,0x000426505c949b05,0x00046a18880c7ad2,0x0004a4221888ccda,0x0003dc65522b53df}},
+	{{0x0007013b327fbf93,0x0001336eeded6a0d,0x0002b565a2bbf3af,0x000253ce89591955,0x0000267882d17602},{0x0000c222a2007f6d,0x000356b79bdb77ee,0x00041ee81efe12ce,0x000120a9bd07097d,0x000234fd7eec346f},{0x0000a119732ea378,0x00063bf1ba8e2a6c,0x00069f94cc90df9a,0x000431d1779bfc48,0x000497ba6fdaa097}},
+	{{0x0003cd86468ccf0b,0x00048553221ac081,0x0006c9464b4e0a6e,0x00075fba84180403,0x00043b5cd4218d05},{0x0006cc0313cfeaa0,0x0001a313848da499,0x0007cb534219230a,0x00039596dedefd60,0x00061e22917f12de},{0x0002762f9bd0b516,0x0001c6e7fbddcbb3,0x00075909c3ace2bd,0x00042101972d3ec9,0x000511d61210ae4d}},
+	{{0x000386484420de87,0x0002d6b25db68102,0x000650b4962873c0,0x0004081cfd271394,0x00071a7fe6fe2482},{0x000676ef950e9d81,0x0001b81ae089f258,0x00063c4922951883,0x0002f1d54d9b3237,0x0006d325924ddb85},{0x000182b8a5c8c854,0x00073fcbe5406d8e,0x0005de3430cff451,0x000554b967ac8c41,0x0004746c4b6559ee}},
+	{{0x000546c864741147,0x0003a1df99092690,0x0001ca8cc9f4d6bb,0x00036b7fc9cd3b03,0x000219663497db5e},{0x00077b3c6dc69a2b,0x0004edf13ec2fa6e,0x0004e85ad77beac8,0x0007dba2b28e7bda,0x0005c9a51de34fe9},{0x0000f1cf79f10e67,0x00043ccb0a2b7ea2,0x00005089dfff776a,0x0001dd84e1d38b88,0x0004804503c60822}},
+	{{0x000021d23a36d175,0x0004fd3373c6476d,0x00020e291eeed02a,0x00062f2ecf2e7210,0x000771e098858de4},{0x00049ed02ca37fc7,0x000474c2b5957884,0x0005b8388e816683,0x0004b6c454b76be4,0x000553398a516506},{0x0002f5d278451edf,0x000730b133997342,0x0006965420eb6975,0x000308a3bfa516cf,0x0005a5ed1d68ff5a}},
+	{{0x0005e0c558527359,0x0003395b73afd75c,0x000072afa4e4b970,0x00062214329e0f6d,0x000019b60135fefd},{0x0005122afe150e83,0x0004afc966bb0232,0x0001c478833c8268,0x00017839c3fc148f,0x00044acb897d8bf9},{0x000068145e134b83,0x0001e4860982c3cc,0x000068fb5f13d799,0x0007c9283744547e,0x000150c49fde6ad2}},
+	{{0x0001863c9cdca868,0x0003770e295a1709,0x0000d85a3720fd13,0x0005e0ff1f71ab06,0x00078a6d7791e05f},{0x0003f29509471138,0x000729eeb4ca31cf,0x00069c22b575bfbc,0x0004910857bce212,0x0006b2b5a075bb99},{0x0007704b47a0b976,0x0002ae82e91aab17,0x00050bd6429806cd,0x00068055158fd8ea,0x000725c7ffc4ad55}},
+	{{0x00002bf71cd098c0,0x00049dabcc6cd230,0x00040a6533f905b2,0x000573efac2eb8a4,0x0004cd54625f855f},{0x00026715d1cf99b2,0x0002205441a69c88,0x000448427dcd4b54,0x0001d191e88abdc5,0x000794cc9277cb1f},{0x0006c426c2ac5053,0x0005a65ece4b095e,0x0000c44086f26bb6,0x0007429568197885,0x0007008357b6fcc8}},
+	{{0x00039fbb82584a34,0x00047a568f257a03,0x00014d88091ead91,0x0002145b18b1ce24,0x00013a92a3669d6d},{0x0000672738773f01,0x000752bf799f6171,0x0006b4a6dae33323,0x0007b54696ead1dc,0x00006ef7e9851ad0},{0x0003771cc0577de5,0x0003ca06bb8b9952,0x00000b81c5d50390,0x00043512340780ec,0x0003c296ddf8a2af}},
+	{{0x00034d2ebb1f2541,0x0000e815b723ff9d,0x000286b416e25443,0x0000bdfe38d1bee8,0x0000a892c7007477},{0x000515f9d914a713,0x00073191ff2255d5,0x00054f5cc2a4bdef,0x0003dd57fc118bcf,0x0007a99d393490c7},{0x0002ed2436bda3e8,0x00002afd00f291ea,0x0000be7381dea321,0x0003e952d4b2b193,0x000286762d28302f}},
+	{{0x00058e2bce2ef5bd,0x00068ce8f78c6f8a,0x0006ee26e39261b2,0x00033d0aa50bcf9d,0x0007686f2a3d6f17},{0x000036093ce35b25,0x0003b64d7552e9cf,0x00071ee0fe0b8460,0x00069d0660c969e5,0x00032f1da046a9d9},{0x000512a66d597c6a,0x0000609a70a57551,0x000026c08a3c464c,0x0004531fc8ee39e1,0x000561305f8a9ad2}},
+	{{0x0002cc28e7b0c0d5,0x00077b60eb8a6ce4,0x0004042985c277a6,0x000636657b46d3eb,0x000030a1aef2c57c},{0x0004978dec92aed1,0x000069adae7ca201,0x00011ee923290f55,0x00069641898d916c,0x00000aaec53e35d4},{0x0001f773003ad2aa,0x000005642cc10f76,0x00003b48f82cfca6,0x0002403c10ee4329,0x00020be9c1c24065}},
+	{{0x0000e44ae2025e60,0x0005f97b9727041c,0x0005683472c0ecec,0x000188882eb1ce7c,0x00069764c545067e},{0x000387d8249673a6,0x0005bea8dc927c2a,0x0005bd8ed5650ef0,0x0000ef0e3fcd40e1,0x000750ab3361f0ac},{0x00023283a2f81037,0x000477aff97e23d1,0x0000b8958dbcbb68,0x0000205b97e8add6,0x00054f96b3fb7075}},
+	{{0x0005afc616b11ecd,0x00039f4aec8f22ef,0x0003b39e1625d92e,0x0005f85bd4508873,0x00078e6839fbe85d},{0x0005f20429669279,0x00008fafae4941f5,0x00015d83c4eb7688,0x0001cf379eca4146,0x0003d7fe9c52bb75},{0x00032df737b8856b,0x0000608342f14e06,0x0003967889d74175,0x0001211907fba550,0x00070f268f350088}},
+	{{0x0004112070dcf355,0x0007dcff9c22e464,0x00054ada60e03325,0x00025cd98eef769a,0x000404e56c039b8c},{0x00064583b1805f47,0x00022c1baf832cd0,0x000132c01bd4d717,0x0004ecf4c3a75b8f,0x0007c0d345cfad88},{0x00071f4b8c78338a,0x00062cfc16bc2b23,0x00017cf51280d9aa,0x0003bbae5e20a95a,0x00020d754762aaec}},
+	{{0x0004feb135b9f543,0x00063bd192ad93ae,0x00044e2ea612cdf7,0x000670f4991583ab,0x00038b8ada8790b4},{0x0007c36fc73bb758,0x0004a6c797734bd1,0x0000ef248ab3950e,0x00063154c9a53ec8,0x0002b8f1e46f3cee},{0x00004a9cdf51f95d,0x0005d963fbd596b8,0x00022d9b68ace54a,0x0004a98e8836c599,0x000049aeb32ceba1}},
+	{{0x00067d3c63dcfe7e,0x000112f0adc81aee,0x00053df04c827165,0x0002fe5b33b430f0,0x00051c665e0c8d62},{0x00007d0b75fc7931,0x00016f4ce4ba754a,0x0005ace4c03fbe49,0x00027e0ec12a159c,0x000795ee17530f67},{0x00025b0a52ecbd81,0x0005dc0695fce4a9,0x0003b928c575047d,0x00023bf3512686e5,0x0006cd19bf49dc54}},
+	{{0x0007619052179ca3,0x0000c16593f0afd0,0x000265c4795c7428,0x00031c40515d5442,0x0007520f3db40b2e},{0x0006612165afc386,0x0001171aa36203ff,0x0002642ea820a8aa,0x0001f3bb7b313f10,0x0005e01b3a7429e4},{0x00050be3d39357a1,0x0003ab33d294a7b6,0x0004c479ba59edb3,0x0004c30d184d326f,0x00071092c9ccef3c}},
+	{{0x0000523f0364918c,0x000687f56d638a7b,0x00020796928ad013,0x0005d38405a54f33,0x0000ea15b03d0257},{0x0003d8ac74051dcf,0x00010ab6f543d0ad,0x0005d0f3ac0fda90,0x0005ef1d2573e5e4,0x0004173a5bb7137a},{0x00056e31f0f9218a,0x0005635f88e102f8,0x0002cbc5d969a5b8,0x000533fbc98b347a,0x0005fc565614a4e3}},
+	{{0x0006570dc46d7ae5,0x00018a9f1b91e26d,0x000436b6183f42ab,0x000550acaa4f8198,0x00062711c414c454},{0x0002e1e67790988e,0x0001e38b9ae44912,0x000648fbb4075654,0x00028df1d840cd72,0x0003214c7409d466},{0x0001827406651770,0x0004d144f286c265,0x00017488f0ee9281,0x00019e6cdb5c760c,0x0005bea94073ecb8}},
+	{{0x0005bf0912c89be4,0x00062fadcaf38c83,0x00025ec196b3ce2c,0x00077655ff4f017b,0x0003aacd5c148f61},{0x0000ce63f343d2f8,0x0001e0a87d1e368e,0x000045edbc019eea,0x0006979aed28d0d1,0x0004ad0785944f1b},{0x00063b34c3318301,0x0000e0e62d04d0b1,0x000676a233726701,0x00029e9a042d9769,0x0003aff0cb1d9028}},
+	{{0x0005c7eb3a20405e,0x0005fdb5aad930f8,0x0004a757e63b8c47,0x00028e9492972456,0x000110e7e86f4cd2},{0x0006430bf4c53505,0x000264c3e4507244,0x00074c9f19a39270,0x00073f84f799bc47,0x0002ccf9f732bd99},{0x0000d89ed603f5e4,0x00051e1604018af8,0x0000b8eedc4a2218,0x00051ba98b9384d0,0x00005c557e0b9693}},
+	{{0x0001ce311fc97e6f,0x0006023f3fb5db1f,0x0007b49775e8fc98,0x0003ad70adbf5045,0x0006e154c178fe98},{0x0006bbb089c20eb0,0x0006df41fb0b9eee,0x00051087ed87e16f,0x000102db5c9fa731,0x000289fef0841861},{0x00016336fed69abf,0x0004f066b929f9ec,0x0004e9ff9e6c5b93,0x00018c89bc4bb2ba,0x0006afbf642a95ca}},
+	{{0x0000de0c62f5d2c1,0x00049601cf734fb5,0x0006b5c38263f0f6,0x0004623ef5b56d06,0x0000db4b851b9503},{0x00055070f913a8cc,0x000765619eac2bbc,0x0003ab5225f47459,0x00076ced14ab5b48,0x00012c093cedb801},{0x00047f9308b8190f,0x000414235c621f82,0x00031f5ff41a5a76,0x0006736773aab96d,0x00033aa8799c6635}},
+	{{0x0007f51ebd085cf2,0x00012cfa67e3f5e1,0x0001800cf1e3d46a,0x00054337615ff0a8,0x000233c6f29e8e21},{0x0000f588fc156cb1,0x000363414da4f069,0x0007296ad9b68aea,0x0004d3711316ae43,0x000212cd0c1c8d58},{0x0004d5107f18c781,0x00064a4fd3a51a5e,0x0004f4cd0448bb37,0x000671d38543151e,0x0001db7778911914}},
+	{{0x000352397c6bc26f,0x00018a7aa0227bbe,0x0005e68cc1ea5f8b,0x0006fe3e3a7a1d5f,0x00031ad97ad26e2a},{0x00014769dd701ab6,0x00028339f1b4b667,0x0004ab214b8ae37b,0x00025f0aefa0b0fe,0x0007ae2ca8a017d2},{0x000017ed0920b962,0x000187e33b53b6fd,0x00055829907a1463,0x000641f248e0a792,0x0001ed1fc53a6622}}
+};
diff --git a/src/ext/ed25519/donna/ed25519-donna-64bit-x86-32bit.h b/src/ext/ed25519/donna/ed25519-donna-64bit-x86-32bit.h
new file mode 100644
index 0000000000..1ce109c5b7
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-64bit-x86-32bit.h
@@ -0,0 +1,435 @@
+#if defined(ED25519_GCC_64BIT_32BIT_CHOOSE)
+
+#define HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS
+
+DONNA_NOINLINE static void
+ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
+	int64_t breg = (int64_t)b;
+	uint64_t sign = (uint64_t)breg >> 63;
+	uint64_t mask = ~(sign - 1);
+	uint64_t u = (breg + mask) ^ mask;
+
+	__asm__ __volatile__ (
+		/* ysubx+xaddy+t2d */
+		"movq %0, %%rax                  ;\n"
+		"movd %%rax, %%xmm14             ;\n"
+		"pshufd $0x00, %%xmm14, %%xmm14  ;\n"
+		"pxor %%xmm0, %%xmm0             ;\n"
+		"pxor %%xmm1, %%xmm1             ;\n"
+		"pxor %%xmm2, %%xmm2             ;\n"
+		"pxor %%xmm3, %%xmm3             ;\n"
+		"pxor %%xmm4, %%xmm4             ;\n"
+		"pxor %%xmm5, %%xmm5             ;\n"
+
+		/* 0 */
+		"movq $0, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm6              ;\n"
+		"pxor %%xmm7, %%xmm7             ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm6, %%xmm2              ;\n"
+		"por %%xmm7, %%xmm3              ;\n"
+
+		/* 1 */
+		"movq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 0(%1), %%xmm6            ;\n"
+		"movdqa 16(%1), %%xmm7           ;\n"
+		"movdqa 32(%1), %%xmm8           ;\n"
+		"movdqa 48(%1), %%xmm9           ;\n"
+		"movdqa 64(%1), %%xmm10          ;\n"
+		"movdqa 80(%1), %%xmm11          ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 2 */
+		"movq $2, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 96(%1), %%xmm6           ;\n"
+		"movdqa 112(%1), %%xmm7          ;\n"
+		"movdqa 128(%1), %%xmm8          ;\n"
+		"movdqa 144(%1), %%xmm9          ;\n"
+		"movdqa 160(%1), %%xmm10         ;\n"
+		"movdqa 176(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 3 */
+		"movq $3, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 192(%1), %%xmm6          ;\n"
+		"movdqa 208(%1), %%xmm7          ;\n"
+		"movdqa 224(%1), %%xmm8          ;\n"
+		"movdqa 240(%1), %%xmm9          ;\n"
+		"movdqa 256(%1), %%xmm10         ;\n"
+		"movdqa 272(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 4 */
+		"movq $4, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 288(%1), %%xmm6          ;\n"
+		"movdqa 304(%1), %%xmm7          ;\n"
+		"movdqa 320(%1), %%xmm8          ;\n"
+		"movdqa 336(%1), %%xmm9          ;\n"
+		"movdqa 352(%1), %%xmm10         ;\n"
+		"movdqa 368(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 5 */
+		"movq $5, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 384(%1), %%xmm6          ;\n"
+		"movdqa 400(%1), %%xmm7          ;\n"
+		"movdqa 416(%1), %%xmm8          ;\n"
+		"movdqa 432(%1), %%xmm9          ;\n"
+		"movdqa 448(%1), %%xmm10         ;\n"
+		"movdqa 464(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 6 */
+		"movq $6, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 480(%1), %%xmm6          ;\n"
+		"movdqa 496(%1), %%xmm7          ;\n"
+		"movdqa 512(%1), %%xmm8          ;\n"
+		"movdqa 528(%1), %%xmm9          ;\n"
+		"movdqa 544(%1), %%xmm10         ;\n"
+		"movdqa 560(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 7 */
+		"movq $7, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 576(%1), %%xmm6          ;\n"
+		"movdqa 592(%1), %%xmm7          ;\n"
+		"movdqa 608(%1), %%xmm8          ;\n"
+		"movdqa 624(%1), %%xmm9          ;\n"
+		"movdqa 640(%1), %%xmm10         ;\n"
+		"movdqa 656(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 8 */
+		"movq $8, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 672(%1), %%xmm6          ;\n"
+		"movdqa 688(%1), %%xmm7          ;\n"
+		"movdqa 704(%1), %%xmm8          ;\n"
+		"movdqa 720(%1), %%xmm9          ;\n"
+		"movdqa 736(%1), %%xmm10         ;\n"
+		"movdqa 752(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* conditionally swap ysubx and xaddy */
+		"movq %3, %%rax                  ;\n"
+		"xorq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm14             ;\n"
+		"pxor %%xmm15, %%xmm15           ;\n"
+		"pshufd $0x00, %%xmm14, %%xmm14  ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa %%xmm2, %%xmm6           ;\n"
+		"movdqa %%xmm3, %%xmm7           ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pxor %%xmm6, %%xmm0             ;\n"
+		"pxor %%xmm7, %%xmm1             ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+
+		/* store ysubx */
+		"xorq %%rax, %%rax               ;\n"
+		"movd %%xmm0, %%rcx              ;\n"
+		"movd %%xmm0, %%r8               ;\n"
+		"movd %%xmm1, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm0, %%xmm0    ;\n"
+		"pshufd $0xee, %%xmm1, %%xmm1    ;\n"
+		"movd %%xmm0, %%rdx              ;\n"
+		"movd %%xmm1, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"movq %%rcx, %%r9                ;\n"
+		"movq %%r8, %%r10                ;\n"
+		"movq %%rdx, %%r11               ;\n"
+		"movq %%rsi, %%r12               ;\n"
+		"movq %%rdi, %%r13               ;\n"
+		"shrq $26, %%r9                  ;\n"
+		"shrq $26, %%r10                 ;\n"
+		"shrq $26, %%r11                 ;\n"
+		"shrq $26, %%r12                 ;\n"
+		"shrq $26, %%r13                 ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"andl $0x1ffffff, %%r9d          ;\n"
+		"andl $0x3ffffff, %%r8d          ;\n"
+		"andl $0x1ffffff, %%r10d         ;\n"
+		"andl $0x3ffffff, %%edx          ;\n"
+		"andl $0x1ffffff, %%r11d         ;\n"
+		"andl $0x3ffffff, %%esi          ;\n"
+		"andl $0x1ffffff, %%r12d         ;\n"
+		"andl $0x3ffffff, %%edi          ;\n"
+		"andl $0x1ffffff, %%r13d         ;\n"
+		"movl %%ecx, 0(%2)               ;\n"
+		"movl %%r9d, 4(%2)               ;\n"
+		"movl %%r8d, 8(%2)               ;\n"
+		"movl %%r10d, 12(%2)             ;\n"
+		"movl %%edx, 16(%2)              ;\n"
+		"movl %%r11d, 20(%2)             ;\n"
+		"movl %%esi, 24(%2)              ;\n"
+		"movl %%r12d, 28(%2)             ;\n"
+		"movl %%edi, 32(%2)              ;\n"
+		"movl %%r13d, 36(%2)             ;\n"
+
+		/* store xaddy */
+		"movd %%xmm2, %%rcx              ;\n"
+		"movd %%xmm2, %%r8               ;\n"
+		"movd %%xmm3, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm2, %%xmm2    ;\n"
+		"pshufd $0xee, %%xmm3, %%xmm3    ;\n"
+		"movd %%xmm2, %%rdx              ;\n"
+		"movd %%xmm3, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"movq %%rcx, %%r9                ;\n"
+		"movq %%r8, %%r10                ;\n"
+		"movq %%rdx, %%r11               ;\n"
+		"movq %%rsi, %%r12               ;\n"
+		"movq %%rdi, %%r13               ;\n"
+		"shrq $26, %%r9                  ;\n"
+		"shrq $26, %%r10                 ;\n"
+		"shrq $26, %%r11                 ;\n"
+		"shrq $26, %%r12                 ;\n"
+		"shrq $26, %%r13                 ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"andl $0x1ffffff, %%r9d          ;\n"
+		"andl $0x3ffffff, %%r8d          ;\n"
+		"andl $0x1ffffff, %%r10d         ;\n"
+		"andl $0x3ffffff, %%edx          ;\n"
+		"andl $0x1ffffff, %%r11d         ;\n"
+		"andl $0x3ffffff, %%esi          ;\n"
+		"andl $0x1ffffff, %%r12d         ;\n"
+		"andl $0x3ffffff, %%edi          ;\n"
+		"andl $0x1ffffff, %%r13d         ;\n"
+		"movl %%ecx, 40(%2)              ;\n"
+		"movl %%r9d, 44(%2)              ;\n"
+		"movl %%r8d, 48(%2)              ;\n"
+		"movl %%r10d, 52(%2)             ;\n"
+		"movl %%edx, 56(%2)              ;\n"
+		"movl %%r11d, 60(%2)             ;\n"
+		"movl %%esi, 64(%2)              ;\n"
+		"movl %%r12d, 68(%2)             ;\n"
+		"movl %%edi, 72(%2)              ;\n"
+		"movl %%r13d, 76(%2)             ;\n"
+
+		/* extract t2d */
+		"xorq %%rax, %%rax               ;\n"
+		"movd %%xmm4, %%rcx              ;\n"
+		"movd %%xmm4, %%r8               ;\n"
+		"movd %%xmm5, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm4, %%xmm4    ;\n"
+		"pshufd $0xee, %%xmm5, %%xmm5    ;\n"
+		"movd %%xmm4, %%rdx              ;\n"
+		"movd %%xmm5, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"movq %%rcx, %%r9                ;\n"
+		"movq %%r8, %%r10                ;\n"
+		"movq %%rdx, %%r11               ;\n"
+		"movq %%rsi, %%r12               ;\n"
+		"movq %%rdi, %%r13               ;\n"
+		"shrq $26, %%r9                  ;\n"
+		"shrq $26, %%r10                 ;\n"
+		"shrq $26, %%r11                 ;\n"
+		"shrq $26, %%r12                 ;\n"
+		"shrq $26, %%r13                 ;\n"
+		"andl $0x3ffffff, %%ecx          ;\n"
+		"andl $0x1ffffff, %%r9d          ;\n"
+		"andl $0x3ffffff, %%r8d          ;\n"
+		"andl $0x1ffffff, %%r10d         ;\n"
+		"andl $0x3ffffff, %%edx          ;\n"
+		"andl $0x1ffffff, %%r11d         ;\n"
+		"andl $0x3ffffff, %%esi          ;\n"
+		"andl $0x1ffffff, %%r12d         ;\n"
+		"andl $0x3ffffff, %%edi          ;\n"
+		"andl $0x1ffffff, %%r13d         ;\n"
+		"movd %%ecx, %%xmm0              ;\n"
+		"movd %%r9d, %%xmm4              ;\n"
+		"movd %%r8d, %%xmm8              ;\n"
+		"movd %%r10d, %%xmm3             ;\n"
+		"movd %%edx, %%xmm1              ;\n"
+		"movd %%r11d, %%xmm5             ;\n"
+		"movd %%esi, %%xmm6              ;\n"
+		"movd %%r12d, %%xmm7             ;\n"
+		"movd %%edi, %%xmm2              ;\n"
+		"movd %%r13d, %%xmm9             ;\n"
+		"punpckldq %%xmm4, %%xmm0        ;\n"
+		"punpckldq %%xmm3, %%xmm8        ;\n"
+		"punpckldq %%xmm5, %%xmm1        ;\n"
+		"punpckldq %%xmm7, %%xmm6        ;\n"
+		"punpckldq %%xmm9, %%xmm2        ;\n"
+		"punpcklqdq %%xmm8, %%xmm0       ;\n"
+		"punpcklqdq %%xmm6, %%xmm1       ;\n"
+
+		/* set up 2p in to 3/4 */
+		"movl $0x7ffffda, %%ecx          ;\n"
+		"movl $0x3fffffe, %%edx          ;\n"
+		"movl $0x7fffffe, %%eax          ;\n"
+		"movd %%ecx, %%xmm3              ;\n"
+		"movd %%edx, %%xmm5              ;\n"
+		"movd %%eax, %%xmm4              ;\n"
+		"punpckldq %%xmm5, %%xmm3        ;\n"
+		"punpckldq %%xmm5, %%xmm4        ;\n"
+		"punpcklqdq %%xmm4, %%xmm3       ;\n"
+		"movdqa %%xmm4, %%xmm5           ;\n"
+		"punpcklqdq %%xmm4, %%xmm4       ;\n"
+
+		/* subtract and conditionally move */
+		"movl %3, %%ecx                  ;\n"
+		"sub $1, %%ecx                   ;\n"
+		"movd %%ecx, %%xmm6              ;\n"
+		"pshufd $0x00, %%xmm6, %%xmm6    ;\n"
+		"movdqa %%xmm6, %%xmm7           ;\n"
+		"psubd %%xmm0, %%xmm3            ;\n"
+		"psubd %%xmm1, %%xmm4            ;\n"
+		"psubd %%xmm2, %%xmm5            ;\n"
+		"pand %%xmm6, %%xmm0             ;\n"
+		"pand %%xmm6, %%xmm1             ;\n"
+		"pand %%xmm6, %%xmm2             ;\n"
+		"pandn %%xmm3, %%xmm6            ;\n"
+		"movdqa %%xmm7, %%xmm3           ;\n"
+		"pandn %%xmm4, %%xmm7            ;\n"
+		"pandn %%xmm5, %%xmm3            ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm3, %%xmm2              ;\n"
+
+		/* store t2d */
+		"movdqa %%xmm0, 80(%2)           ;\n"
+		"movdqa %%xmm1, 96(%2)          ;\n"
+		"movd %%xmm2, %%rax              ;\n"
+		"movq %%rax, 112(%2)             ;\n"
+		:
+		: "m"(u), "r"(&table[pos * 8]), "r"(t), "m"(sign) /* %0 = u, %1 = table, %2 = t, %3 = sign */
+		:
+			"%rax", "%rcx", "%rdx", "%rdi", "%rsi", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", 
+			"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "%xmm8", "%xmm9", "%xmm10", "%xmm11", "%xmm14", "%xmm14",
+			"cc", "memory"
+	);
+}
+
+#endif /* defined(ED25519_GCC_64BIT_32BIT_CHOOSE) */
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-64bit-x86.h b/src/ext/ed25519/donna/ed25519-donna-64bit-x86.h
new file mode 100644
index 0000000000..30bd472762
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-64bit-x86.h
@@ -0,0 +1,351 @@
+#if defined(ED25519_GCC_64BIT_X86_CHOOSE)
+
+#define HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS
+
+DONNA_NOINLINE static void
+ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
+	int64_t breg = (int64_t)b;
+	uint64_t sign = (uint64_t)breg >> 63;
+	uint64_t mask = ~(sign - 1);
+	uint64_t u = (breg + mask) ^ mask;
+
+	__asm__ __volatile__ (
+		/* ysubx+xaddy+t2d */
+		"movq %0, %%rax                  ;\n"
+		"movd %%rax, %%xmm14             ;\n"
+		"pshufd $0x00, %%xmm14, %%xmm14  ;\n"
+		"pxor %%xmm0, %%xmm0             ;\n"
+		"pxor %%xmm1, %%xmm1             ;\n"
+		"pxor %%xmm2, %%xmm2             ;\n"
+		"pxor %%xmm3, %%xmm3             ;\n"
+		"pxor %%xmm4, %%xmm4             ;\n"
+		"pxor %%xmm5, %%xmm5             ;\n"
+
+		/* 0 */
+		"movq $0, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm6              ;\n"
+		"pxor %%xmm7, %%xmm7             ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm6, %%xmm2              ;\n"
+		"por %%xmm7, %%xmm3              ;\n"
+
+		/* 1 */
+		"movq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 0(%1), %%xmm6            ;\n"
+		"movdqa 16(%1), %%xmm7           ;\n"
+		"movdqa 32(%1), %%xmm8           ;\n"
+		"movdqa 48(%1), %%xmm9           ;\n"
+		"movdqa 64(%1), %%xmm10          ;\n"
+		"movdqa 80(%1), %%xmm11          ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 2 */
+		"movq $2, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 96(%1), %%xmm6           ;\n"
+		"movdqa 112(%1), %%xmm7          ;\n"
+		"movdqa 128(%1), %%xmm8          ;\n"
+		"movdqa 144(%1), %%xmm9          ;\n"
+		"movdqa 160(%1), %%xmm10         ;\n"
+		"movdqa 176(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 3 */
+		"movq $3, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 192(%1), %%xmm6          ;\n"
+		"movdqa 208(%1), %%xmm7          ;\n"
+		"movdqa 224(%1), %%xmm8          ;\n"
+		"movdqa 240(%1), %%xmm9          ;\n"
+		"movdqa 256(%1), %%xmm10         ;\n"
+		"movdqa 272(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 4 */
+		"movq $4, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 288(%1), %%xmm6          ;\n"
+		"movdqa 304(%1), %%xmm7          ;\n"
+		"movdqa 320(%1), %%xmm8          ;\n"
+		"movdqa 336(%1), %%xmm9          ;\n"
+		"movdqa 352(%1), %%xmm10         ;\n"
+		"movdqa 368(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 5 */
+		"movq $5, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 384(%1), %%xmm6          ;\n"
+		"movdqa 400(%1), %%xmm7          ;\n"
+		"movdqa 416(%1), %%xmm8          ;\n"
+		"movdqa 432(%1), %%xmm9          ;\n"
+		"movdqa 448(%1), %%xmm10         ;\n"
+		"movdqa 464(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 6 */
+		"movq $6, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 480(%1), %%xmm6          ;\n"
+		"movdqa 496(%1), %%xmm7          ;\n"
+		"movdqa 512(%1), %%xmm8          ;\n"
+		"movdqa 528(%1), %%xmm9          ;\n"
+		"movdqa 544(%1), %%xmm10         ;\n"
+		"movdqa 560(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 7 */
+		"movq $7, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 576(%1), %%xmm6          ;\n"
+		"movdqa 592(%1), %%xmm7          ;\n"
+		"movdqa 608(%1), %%xmm8          ;\n"
+		"movdqa 624(%1), %%xmm9          ;\n"
+		"movdqa 640(%1), %%xmm10         ;\n"
+		"movdqa 656(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* 8 */
+		"movq $8, %%rax                  ;\n"
+		"movd %%rax, %%xmm15             ;\n"
+		"pshufd $0x00, %%xmm15, %%xmm15  ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa 672(%1), %%xmm6          ;\n"
+		"movdqa 688(%1), %%xmm7          ;\n"
+		"movdqa 704(%1), %%xmm8          ;\n"
+		"movdqa 720(%1), %%xmm9          ;\n"
+		"movdqa 736(%1), %%xmm10         ;\n"
+		"movdqa 752(%1), %%xmm11         ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pand %%xmm15, %%xmm8            ;\n"
+		"pand %%xmm15, %%xmm9            ;\n"
+		"pand %%xmm15, %%xmm10           ;\n"
+		"pand %%xmm15, %%xmm11           ;\n"
+		"por %%xmm6, %%xmm0              ;\n"
+		"por %%xmm7, %%xmm1              ;\n"
+		"por %%xmm8, %%xmm2              ;\n"
+		"por %%xmm9, %%xmm3              ;\n"
+		"por %%xmm10, %%xmm4             ;\n"
+		"por %%xmm11, %%xmm5             ;\n"
+
+		/* conditionally swap ysubx and xaddy */
+		"movq %3, %%rax                  ;\n"
+		"xorq $1, %%rax                  ;\n"
+		"movd %%rax, %%xmm14             ;\n"
+		"pxor %%xmm15, %%xmm15           ;\n"
+		"pshufd $0x00, %%xmm14, %%xmm14  ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+		"pcmpeqd %%xmm14, %%xmm15        ;\n"
+		"movdqa %%xmm2, %%xmm6           ;\n"
+		"movdqa %%xmm3, %%xmm7           ;\n"
+		"pand %%xmm15, %%xmm6            ;\n"
+		"pand %%xmm15, %%xmm7            ;\n"
+		"pxor %%xmm6, %%xmm0             ;\n"
+		"pxor %%xmm7, %%xmm1             ;\n"
+		"pxor %%xmm0, %%xmm2             ;\n"
+		"pxor %%xmm1, %%xmm3             ;\n"
+
+		/* store ysubx */
+		"movq $0x7ffffffffffff, %%rax    ;\n"
+		"movd %%xmm0, %%rcx              ;\n"
+		"movd %%xmm0, %%r8               ;\n"
+		"movd %%xmm1, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm0, %%xmm0    ;\n"
+		"pshufd $0xee, %%xmm1, %%xmm1    ;\n"
+		"movd %%xmm0, %%rdx              ;\n"
+		"movd %%xmm1, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"andq %%rax, %%rcx               ;\n"
+		"andq %%rax, %%r8                ;\n"
+		"andq %%rax, %%rdx               ;\n"
+		"andq %%rax, %%rsi               ;\n"
+		"andq %%rax, %%rdi               ;\n"
+		"movq %%rcx, 0(%2)               ;\n"
+		"movq %%r8, 8(%2)                ;\n"
+		"movq %%rdx, 16(%2)              ;\n"
+		"movq %%rsi, 24(%2)              ;\n"
+		"movq %%rdi, 32(%2)              ;\n"
+
+		/* store xaddy */
+		"movq $0x7ffffffffffff, %%rax    ;\n"
+		"movd %%xmm2, %%rcx              ;\n"
+		"movd %%xmm2, %%r8               ;\n"
+		"movd %%xmm3, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm2, %%xmm2    ;\n"
+		"pshufd $0xee, %%xmm3, %%xmm3    ;\n"
+		"movd %%xmm2, %%rdx              ;\n"
+		"movd %%xmm3, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"andq %%rax, %%rcx               ;\n"
+		"andq %%rax, %%r8                ;\n"
+		"andq %%rax, %%rdx               ;\n"
+		"andq %%rax, %%rsi               ;\n"
+		"andq %%rax, %%rdi               ;\n"
+		"movq %%rcx, 40(%2)              ;\n"
+		"movq %%r8, 48(%2)               ;\n"
+		"movq %%rdx, 56(%2)              ;\n"
+		"movq %%rsi, 64(%2)              ;\n"
+		"movq %%rdi, 72(%2)              ;\n"
+
+		/* extract t2d */
+		"movq $0x7ffffffffffff, %%rax    ;\n"
+		"movd %%xmm4, %%rcx              ;\n"
+		"movd %%xmm4, %%r8               ;\n"
+		"movd %%xmm5, %%rsi              ;\n"
+		"pshufd $0xee, %%xmm4, %%xmm4    ;\n"
+		"pshufd $0xee, %%xmm5, %%xmm5    ;\n"
+		"movd %%xmm4, %%rdx              ;\n"
+		"movd %%xmm5, %%rdi              ;\n"
+		"shrdq $51, %%rdx, %%r8          ;\n"
+		"shrdq $38, %%rsi, %%rdx         ;\n"
+		"shrdq $25, %%rdi, %%rsi         ;\n"
+		"shrq $12, %%rdi                 ;\n"
+		"andq %%rax, %%rcx               ;\n"
+		"andq %%rax, %%r8                ;\n"
+		"andq %%rax, %%rdx               ;\n"
+		"andq %%rax, %%rsi               ;\n"
+		"andq %%rax, %%rdi               ;\n"
+
+		/* conditionally negate t2d */
+		"movq %3, %%rax                  ;\n"
+		"movq $0xfffffffffffda, %%r9     ;\n"
+		"movq $0xffffffffffffe, %%r10    ;\n"
+		"movq %%r10, %%r11               ;\n"
+		"movq %%r10, %%r12               ;\n"
+		"movq %%r10, %%r13               ;\n"
+		"subq %%rcx, %%r9                ;\n"
+		"subq %%r8, %%r10                ;\n"
+		"subq %%rdx, %%r11               ;\n"
+		"subq %%rsi, %%r12               ;\n"
+		"subq %%rdi, %%r13               ;\n"
+		"cmpq $1, %%rax                  ;\n"
+		"cmove %%r9, %%rcx               ;\n"
+		"cmove %%r10, %%r8               ;\n"
+		"cmove %%r11, %%rdx              ;\n"
+		"cmove %%r12, %%rsi              ;\n"
+		"cmove %%r13, %%rdi              ;\n"
+
+		/* store t2d */
+		"movq %%rcx, 80(%2)              ;\n"
+		"movq %%r8, 88(%2)               ;\n"
+		"movq %%rdx, 96(%2)              ;\n"
+		"movq %%rsi, 104(%2)             ;\n"
+		"movq %%rdi, 112(%2)             ;\n"
+		:
+		: "m"(u), "r"(&table[pos * 8]), "r"(t), "m"(sign) /* %0 = u, %1 = table, %2 = t, %3 = sign */
+		:
+			"%rax", "%rcx", "%rdx", "%rdi", "%rsi", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", 
+			"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7", "%xmm8", "%xmm9", "%xmm10", "%xmm11", "%xmm14", "%xmm14",
+			"cc", "memory"
+	);
+}
+
+#endif /* defined(ED25519_GCC_64BIT_X86_CHOOSE) */
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-basepoint-table.h b/src/ext/ed25519/donna/ed25519-donna-basepoint-table.h
new file mode 100644
index 0000000000..41dcd526a2
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-basepoint-table.h
@@ -0,0 +1,259 @@
+/* multiples of the base point in packed {ysubx, xaddy, t2d} form */
+static const uint8_t ALIGN(16) ge25519_niels_base_multiples[256][96] = {
+	{0x3e,0x91,0x40,0xd7,0x05,0x39,0x10,0x9d,0xb3,0xbe,0x40,0xd1,0x05,0x9f,0x39,0xfd,0x09,0x8a,0x8f,0x68,0x34,0x84,0xc1,0xa5,0x67,0x12,0xf8,0x98,0x92,0x2f,0xfd,0x44,0x85,0x3b,0x8c,0xf5,0xc6,0x93,0xbc,0x2f,0x19,0x0e,0x8c,0xfb,0xc6,0x2d,0x93,0xcf,0xc2,0x42,0x3d,0x64,0x98,0x48,0x0b,0x27,0x65,0xba,0xd4,0x33,0x3a,0x9d,0xcf,0x07,0x59,0xbb,0x6f,0x4b,0x67,0x15,0xbd,0xdb,0xea,0xa5,0xa2,0xee,0x00,0x3f,0xe1,0x41,0xfa,0xc6,0x57,0xc9,0x1c,0x9d,0xd4,0xcd,0xca,0xec,0x16,0xaf,0x1f,0xbe,0x0e,0x4f},
+	{0xa8,0xd5,0xb4,0x42,0x60,0xa5,0x99,0x8a,0xf6,0xac,0x60,0x4e,0x0c,0x81,0x2b,0x8f,0xaa,0x37,0x6e,0xb1,0x6b,0x23,0x9e,0xe0,0x55,0x25,0xc9,0x69,0xa6,0x95,0xb5,0x6b,0xd7,0x71,0x3c,0x93,0xfc,0xe7,0x24,0x92,0xb5,0xf5,0x0f,0x7a,0x96,0x9d,0x46,0x9f,0x02,0x07,0xd6,0xe1,0x65,0x9a,0xa6,0x5a,0x2e,0x2e,0x7d,0xa8,0x3f,0x06,0x0c,0x59,0x02,0x68,0xd3,0xda,0xaa,0x7e,0x34,0x6e,0x05,0x48,0xee,0x83,0x93,0x59,0xf3,0xba,0x26,0x68,0x07,0xe6,0x10,0xbe,0xca,0x3b,0xb8,0xd1,0x5e,0x16,0x0a,0x4f,0x31,0x49},
+	{0x65,0xd2,0xfc,0xa4,0xe8,0x1f,0x61,0x56,0x7d,0xba,0xc1,0xe5,0xfd,0x53,0xd3,0x3b,0xbd,0xd6,0x4b,0x21,0x1a,0xf3,0x31,0x81,0x62,0xda,0x5b,0x55,0x87,0x15,0xb9,0x2a,0x30,0x97,0xee,0x4c,0xa8,0xb0,0x25,0xaf,0x8a,0x4b,0x86,0xe8,0x30,0x84,0x5a,0x02,0x32,0x67,0x01,0x9f,0x02,0x50,0x1b,0xc1,0xf4,0xf8,0x80,0x9a,0x1b,0x4e,0x16,0x7a,0x34,0x48,0x67,0xf1,0xf4,0x11,0xf2,0x9b,0x95,0xf8,0x2d,0xf6,0x17,0x6b,0x4e,0xb8,0x4e,0x2a,0x72,0x5b,0x07,0x6f,0xde,0xd7,0x21,0x2a,0xbb,0x63,0xb9,0x04,0x9a,0x54},
+	{0xbf,0x18,0x68,0x05,0x0a,0x05,0xfe,0x95,0xa9,0xfa,0x60,0x56,0x71,0x89,0x7e,0x32,0x73,0x50,0xa0,0x06,0xcd,0xe3,0xe8,0xc3,0x9a,0xa4,0x45,0x74,0x4c,0x3f,0x93,0x27,0x9f,0x09,0xfc,0x8e,0xb9,0x51,0x73,0x28,0x38,0x25,0xfd,0x7d,0xf4,0xc6,0x65,0x67,0x65,0x92,0x0a,0xfb,0x3d,0x8d,0x34,0xca,0x27,0x87,0xe5,0x21,0x03,0x91,0x0e,0x68,0xb0,0x26,0x14,0xe5,0xec,0x45,0x1e,0xbf,0x94,0x0f,0xba,0x6d,0x3d,0xc6,0x2b,0xe3,0xc0,0x52,0xf8,0x8c,0xd5,0x74,0x29,0xe4,0x18,0x4c,0xe6,0xb0,0xb1,0x79,0xf0,0x44},
+	{0xba,0xd6,0x47,0xa4,0xc3,0x82,0x91,0x7f,0xb7,0x29,0x27,0x4b,0xd1,0x14,0x00,0xd5,0x87,0xa0,0x64,0xb8,0x1c,0xf1,0x3c,0xe3,0xf3,0x55,0x1b,0xeb,0x73,0x7e,0x4a,0x15,0x33,0xbb,0xa5,0x08,0x44,0xbc,0x12,0xa2,0x02,0xed,0x5e,0xc7,0xc3,0x48,0x50,0x8d,0x44,0xec,0xbf,0x5a,0x0c,0xeb,0x1b,0xdd,0xeb,0x06,0xe2,0x46,0xf1,0xcc,0x45,0x29,0xb3,0x03,0xd0,0xe7,0x79,0xa1,0x32,0xc8,0x7e,0x4d,0x12,0x00,0x0a,0x9d,0x72,0x5f,0xf3,0x8f,0x6d,0x0e,0xa1,0xd4,0xc1,0x62,0x98,0x7a,0xb2,0x38,0x59,0xac,0xb8,0x68},
+	{0xa4,0x8c,0x7d,0x7b,0xb6,0x06,0x98,0x49,0x39,0x27,0xd2,0x27,0x84,0xe2,0x5b,0x57,0xb9,0x53,0x45,0x20,0xe7,0x5c,0x08,0xbb,0x84,0x78,0x41,0xae,0x41,0x4c,0xb6,0x38,0x31,0x71,0x15,0x77,0xeb,0xee,0x0c,0x3a,0x88,0xaf,0xc8,0x00,0x89,0x15,0x27,0x9b,0x36,0xa7,0x59,0xda,0x68,0xb6,0x65,0x80,0xbd,0x38,0xcc,0xa2,0xb6,0x7b,0xe5,0x51,0xa4,0xe3,0x9d,0x68,0x91,0xad,0x9d,0x8f,0x37,0x91,0xfb,0xf8,0x28,0x24,0x5f,0x17,0x88,0xb9,0xcf,0x9f,0x32,0xb5,0x0a,0x05,0x9f,0xc0,0x54,0x13,0xa2,0xdf,0x65,0x78},
+	{0xb1,0x21,0x32,0xaa,0x9a,0x2c,0x6f,0xba,0xa7,0x23,0xba,0x3b,0x53,0x21,0xa0,0x6c,0x3a,0x2c,0x19,0x92,0x4f,0x76,0xea,0x9d,0xe0,0x17,0x53,0x2e,0x5d,0xdd,0x6e,0x1d,0xbf,0xa3,0x4e,0x94,0xd0,0x5c,0x1a,0x6b,0xd2,0xc0,0x9d,0xb3,0x3a,0x35,0x70,0x74,0x49,0x2e,0x54,0x28,0x82,0x52,0xb2,0x71,0x7e,0x92,0x3c,0x28,0x69,0xea,0x1b,0x46,0x36,0xda,0x0f,0xab,0xac,0x8a,0x7a,0x21,0xc8,0x49,0x35,0x3d,0x54,0xc6,0x28,0xa5,0x68,0x75,0xab,0x13,0x8b,0x5b,0xd0,0x37,0x37,0xbc,0x2c,0x3a,0x62,0xef,0x3c,0x23},
+	{0xd9,0x34,0x92,0xf3,0xed,0x5d,0xa7,0xe2,0xf9,0x58,0xb5,0xe1,0x80,0x76,0x3d,0x96,0xfb,0x23,0x3c,0x6e,0xac,0x41,0x27,0x2c,0xc3,0x01,0x0e,0x32,0xa1,0x24,0x90,0x3a,0x8f,0x3e,0xdd,0x04,0x66,0x59,0xb7,0x59,0x2c,0x70,0x88,0xe2,0x77,0x03,0xb3,0x6c,0x23,0xc3,0xd9,0x5e,0x66,0x9c,0x33,0xb1,0x2f,0xe5,0xbc,0x61,0x60,0xe7,0x15,0x09,0x7e,0xa3,0x34,0xa8,0x35,0xe8,0x7d,0xdf,0xea,0x57,0x98,0x68,0xda,0x9c,0xe1,0x8b,0x26,0xb3,0x67,0x71,0x36,0x85,0x11,0x2c,0xc2,0xd5,0xef,0xdb,0xd9,0xb3,0x9e,0x58},
+	{0x5e,0x51,0xaa,0x49,0x54,0x63,0x5b,0xed,0x3a,0x82,0xc6,0x0b,0x9f,0xc4,0x65,0xa8,0xc4,0xd1,0x42,0x5b,0xe9,0x1f,0x0c,0x85,0xb9,0x15,0xd3,0x03,0x6f,0x6d,0xd7,0x30,0x1d,0x9c,0x2f,0x63,0x0e,0xdd,0xcc,0x2e,0x15,0x31,0x89,0x76,0x96,0xb6,0xd0,0x51,0x58,0x7a,0x63,0xa8,0x6b,0xb7,0xdf,0x52,0x39,0xef,0x0e,0xa0,0x49,0x7d,0xd3,0x6d,0xc7,0xe4,0x06,0x21,0x17,0x44,0x44,0x6c,0x69,0x7f,0x8d,0x92,0x80,0xd6,0x53,0xfb,0x26,0x3f,0x4d,0x69,0xa4,0x9e,0x73,0xb4,0xb0,0x4b,0x86,0x2e,0x11,0x97,0xc6,0x10},
+	{0xde,0x5f,0xbe,0x7d,0x27,0xc4,0x93,0x64,0xa2,0x7e,0xad,0x19,0xad,0x4f,0x5d,0x26,0x90,0x45,0x30,0x46,0xc8,0xdf,0x00,0x0e,0x09,0xfe,0x66,0xed,0xab,0x1c,0xe6,0x25,0x05,0xc8,0x58,0x83,0xa0,0x2a,0xa6,0x0c,0x47,0x42,0x20,0x7a,0xe3,0x4a,0x3d,0x6a,0xdc,0xed,0x11,0x3b,0xa6,0xd3,0x64,0x74,0xef,0x06,0x08,0x55,0xaf,0x9b,0xbf,0x03,0x04,0x66,0x58,0xcc,0x28,0xe1,0x13,0x3f,0x7e,0x74,0x59,0xb4,0xec,0x73,0x58,0x6f,0xf5,0x68,0x12,0xcc,0xed,0x3d,0xb6,0xa0,0x2c,0xe2,0x86,0x45,0x63,0x78,0x6d,0x56},
+	{0x34,0x08,0xc1,0x9c,0x9f,0xa4,0x37,0x16,0x51,0xc4,0x9b,0xa8,0xd5,0x56,0x8e,0xbc,0xdb,0xd2,0x7f,0x7f,0x0f,0xec,0xb5,0x1c,0xd9,0x35,0xcc,0x5e,0xca,0x5b,0x97,0x33,0xd0,0x2f,0x5a,0xc6,0x85,0x42,0x05,0xa1,0xc3,0x67,0x16,0xf3,0x2a,0x11,0x64,0x6c,0x58,0xee,0x1a,0x73,0x40,0xe2,0x0a,0x68,0x2a,0xb2,0x93,0x47,0xf3,0xa5,0xfb,0x14,0xd4,0xf7,0x85,0x69,0x16,0x46,0xd7,0x3c,0x57,0x00,0xc8,0xc9,0x84,0x5e,0x3e,0x59,0x1e,0x13,0x61,0x7b,0xb6,0xf2,0xc3,0x2f,0x6c,0x52,0xfc,0x83,0xea,0x9c,0x82,0x14},
+	{0xc2,0x95,0xdd,0x97,0x84,0x7b,0x43,0xff,0xa7,0xb5,0x4e,0xaa,0x30,0x4e,0x74,0x6c,0x8b,0xe8,0x85,0x3c,0x61,0x5d,0x0c,0x9e,0x73,0x81,0x75,0x5f,0x1e,0xc7,0xd9,0x2f,0xb8,0xec,0x71,0x4e,0x2f,0x0b,0xe7,0x21,0xe3,0x77,0xa4,0x40,0xb9,0xdd,0x56,0xe6,0x80,0x4f,0x1d,0xce,0xce,0x56,0x65,0xbf,0x7e,0x7b,0x5d,0x53,0xc4,0x3b,0xfc,0x05,0xdd,0xde,0xaf,0x52,0xae,0xb3,0xb8,0x24,0xcf,0x30,0x3b,0xed,0x8c,0x63,0x95,0x34,0x95,0x81,0xbe,0xa9,0x83,0xbc,0xa4,0x33,0x04,0x1f,0x65,0x5c,0x47,0x67,0x37,0x37},
+	{0xd9,0xad,0xd1,0x40,0xfd,0x99,0xba,0x2f,0x27,0xd0,0xf4,0x96,0x6f,0x16,0x07,0xb3,0xae,0x3b,0xf0,0x15,0x52,0xf0,0x63,0x43,0x99,0xf9,0x18,0x3b,0x6c,0xa5,0xbe,0x1f,0x90,0x65,0x24,0x14,0xcb,0x95,0x40,0x63,0x35,0x55,0xc1,0x16,0x40,0x14,0x12,0xef,0x60,0xbc,0x10,0x89,0x0c,0x14,0x38,0x9e,0x8c,0x7c,0x90,0x30,0x57,0x90,0xf5,0x6b,0x8a,0x5b,0x41,0xe1,0xf1,0x78,0xa7,0x0f,0x7e,0xa7,0xc3,0xba,0xf7,0x9f,0x40,0x06,0x50,0x9a,0xa2,0x9a,0xb8,0xd7,0x52,0x6f,0x56,0x5a,0x63,0x7a,0xf6,0x1c,0x52,0x02},
+	{0x94,0x52,0x9d,0x0a,0x0b,0xee,0x3f,0x51,0x66,0x5a,0xdf,0x0f,0x5c,0xe7,0x98,0x8f,0xce,0x07,0xe1,0xbf,0x88,0x86,0x61,0xd4,0xed,0x2c,0x38,0x71,0x7e,0x0a,0xa0,0x3f,0xe4,0x5e,0x2f,0x77,0x20,0x67,0x14,0xb1,0xce,0x9a,0x07,0x96,0xb1,0x94,0xf8,0xe8,0x4a,0x82,0xac,0x00,0x4d,0x22,0xf8,0x4a,0xc4,0x6c,0xcd,0xf7,0xd9,0x53,0x17,0x00,0x34,0xdb,0x3d,0x96,0x2d,0x23,0x69,0x3c,0x58,0x38,0x97,0xb4,0xda,0x87,0xde,0x1d,0x85,0xf2,0x91,0xa0,0xf9,0xd1,0xd7,0xaa,0xb6,0xed,0x48,0xa0,0x2f,0xfe,0xb5,0x12},
+	{0x4d,0xe3,0xfc,0x96,0xc4,0xfb,0xf0,0x71,0xed,0x5b,0xf3,0xad,0x6b,0x82,0xb9,0x73,0x61,0xc5,0x28,0xff,0x61,0x72,0x04,0xd2,0x6f,0x20,0xb1,0x6f,0xf9,0x76,0x9b,0x74,0x92,0x1e,0x6f,0xad,0x26,0x7c,0x2b,0xdf,0x13,0x89,0x4b,0x50,0x23,0xd3,0x66,0x4b,0xc3,0x8b,0x1c,0x75,0xc0,0x9d,0x40,0x8c,0xb8,0xc7,0x96,0x07,0xc2,0x93,0x7e,0x6f,0x05,0xae,0xa6,0xae,0x04,0xf6,0x5a,0x1f,0x99,0x9c,0xe4,0xbe,0xf1,0x51,0x23,0xc1,0x66,0x6b,0xff,0xee,0xb5,0x08,0xa8,0x61,0x51,0x21,0xe0,0x01,0x0f,0xc1,0xce,0x0f},
+	{0x44,0x1e,0xfe,0x49,0xa6,0x58,0x4d,0x64,0x7e,0x77,0xad,0x31,0xa2,0xae,0xfc,0x21,0xd2,0xd0,0x7f,0x88,0x5a,0x1c,0x44,0x02,0xf3,0x11,0xc5,0x83,0x71,0xaa,0x01,0x49,0x45,0x4e,0x24,0xc4,0x9d,0xd2,0xf2,0x3d,0x0a,0xde,0xd8,0x93,0x74,0x0e,0x02,0x2b,0x4d,0x21,0x0c,0x82,0x7e,0x06,0xc8,0x6c,0x0a,0xb9,0xea,0x6f,0x16,0x79,0x37,0x41,0xf0,0xf8,0x1a,0x8c,0x54,0xb7,0xb1,0x08,0xb4,0x99,0x62,0x24,0x7c,0x7a,0x0f,0xce,0x39,0xd9,0x06,0x1e,0xf9,0xb0,0x60,0xf7,0x13,0x12,0x6d,0x72,0x7b,0x88,0xbb,0x41},
+	{0xbe,0x46,0x43,0x74,0x44,0x7d,0xe8,0x40,0x25,0x2b,0xb5,0x15,0xd4,0xda,0x48,0x1d,0x3e,0x60,0x3b,0xa1,0x18,0x8a,0x3a,0x7c,0xf7,0xbd,0xcd,0x2f,0xc1,0x28,0xb7,0x4e,0xae,0x91,0x66,0x7c,0x59,0x4c,0x23,0x7e,0xc8,0xb4,0x85,0x0a,0x3d,0x9d,0x88,0x64,0xe7,0xfa,0x4a,0x35,0x0c,0xc9,0xe2,0xda,0x1d,0x9e,0x6a,0x0c,0x07,0x1e,0x87,0x0a,0x89,0x89,0xbc,0x4b,0x99,0xb5,0x01,0x33,0x60,0x42,0xdd,0x5b,0x3a,0xae,0x6b,0x73,0x3c,0x9e,0xd5,0x19,0xe2,0xad,0x61,0x0d,0x64,0xd4,0x85,0x26,0x0f,0x30,0xe7,0x3e},
+	{0xb7,0xd6,0x7d,0x9e,0xe4,0x55,0xd2,0xf5,0xac,0x1e,0x0b,0x61,0x5c,0x11,0x16,0x80,0xca,0x87,0xe1,0x92,0x5d,0x97,0x99,0x3c,0xc2,0x25,0x91,0x97,0x62,0x57,0x81,0x13,0x18,0x75,0x1e,0x84,0x47,0x79,0xfa,0x43,0xd7,0x46,0x9c,0x63,0x59,0xfa,0xc6,0xe5,0x74,0x2b,0x05,0xe3,0x1d,0x5e,0x06,0xa1,0x30,0x90,0xb8,0xcf,0xa2,0xc6,0x47,0x7d,0xe0,0xd6,0xf0,0x8e,0x14,0xd0,0xda,0x3f,0x3c,0x6f,0x54,0x91,0x9a,0x74,0x3e,0x9d,0x57,0x81,0xbb,0x26,0x10,0x62,0xec,0x71,0x80,0xec,0xc9,0x34,0x8d,0xf5,0x8c,0x14},
+	{0x27,0xf0,0x34,0x79,0xf6,0x92,0xa4,0x46,0xa9,0x0a,0x84,0xf6,0xbe,0x84,0x99,0x46,0x54,0x18,0x61,0x89,0x2a,0xbc,0xa1,0x5c,0xd4,0xbb,0x5d,0xbd,0x1e,0xfa,0xf2,0x3f,0x6d,0x75,0xe4,0x9a,0x7d,0x2f,0x57,0xe2,0x7f,0x48,0xf3,0x88,0xbb,0x45,0xc3,0x56,0x8d,0xa8,0x60,0x69,0x6d,0x0b,0xd1,0x9f,0xb9,0xa1,0xae,0x4e,0xad,0xeb,0x8f,0x27,0x66,0x39,0x93,0x8c,0x1f,0x68,0xaa,0xb1,0x98,0x0c,0x29,0x20,0x9c,0x94,0x21,0x8c,0x52,0x3c,0x9d,0x21,0x91,0x52,0x11,0x39,0x7b,0x67,0x9c,0xfe,0x02,0xdd,0x04,0x41},
+	{0x2a,0x42,0x24,0x11,0x5e,0xbf,0xb2,0x72,0xb5,0x3a,0xa3,0x98,0x33,0x0c,0xfa,0xa1,0x66,0xb6,0x52,0xfa,0x01,0x61,0xcb,0x94,0xd5,0x53,0xaf,0xaf,0x00,0x3b,0x86,0x2c,0xb8,0x6a,0x09,0xdb,0x06,0x4e,0x21,0x81,0x35,0x4f,0xe4,0x0c,0xc9,0xb6,0xa8,0x21,0xf5,0x2a,0x9e,0x40,0x2a,0xc1,0x24,0x65,0x81,0xa4,0xfc,0x8e,0xa4,0xb5,0x65,0x01,0x76,0x6a,0x84,0xa0,0x74,0xa4,0x90,0xf1,0xc0,0x7c,0x2f,0xcd,0x84,0xf9,0xef,0x12,0x8f,0x2b,0xaa,0x58,0x06,0x29,0x5e,0x69,0xb8,0xc8,0xfe,0xbf,0xd9,0x67,0x1b,0x59},
+	{0xfa,0x9b,0xb4,0x80,0x1c,0x0d,0x2f,0x31,0x8a,0xec,0xf3,0xab,0x5e,0x51,0x79,0x59,0x88,0x1c,0xf0,0x9e,0xc0,0x33,0x70,0x72,0xcb,0x7b,0x8f,0xca,0xc7,0x2e,0xe0,0x3d,0x5d,0xb5,0x18,0x9f,0x71,0xb3,0xb9,0x99,0x1e,0x64,0x8c,0xa1,0xfa,0xe5,0x65,0xe4,0xed,0x05,0x9f,0xc2,0x36,0x11,0x08,0x61,0x8b,0x12,0x30,0x70,0x86,0x4f,0x9b,0x48,0xef,0x92,0xeb,0x3a,0x2d,0x10,0x32,0xd2,0x61,0xa8,0x16,0x61,0xb4,0x53,0x62,0xe1,0x24,0xaa,0x0b,0x19,0xe7,0xab,0x7e,0x3d,0xbf,0xbe,0x6c,0x49,0xba,0xfb,0xf5,0x49},
+	{0xd4,0xcf,0x5b,0x8a,0x10,0x9a,0x94,0x30,0xeb,0x73,0x64,0xbc,0x70,0xdd,0x40,0xdc,0x1c,0x0d,0x7c,0x30,0xc1,0x94,0xc2,0x92,0x74,0x6e,0xfa,0xcb,0x6d,0xa8,0x04,0x56,0x2e,0x57,0x9c,0x1e,0x8c,0x62,0x5d,0x15,0x41,0x47,0x88,0xc5,0xac,0x86,0x4d,0x8a,0xeb,0x63,0x57,0x51,0xf6,0x52,0xa3,0x91,0x5b,0x51,0x67,0x88,0xc2,0xa6,0xa1,0x06,0xb6,0x64,0x17,0x7c,0xd4,0xd1,0x88,0x72,0x51,0x8b,0x41,0xe0,0x40,0x11,0x54,0x72,0xd1,0xf6,0xac,0x18,0x60,0x1a,0x03,0x9f,0xc6,0x42,0x27,0xfe,0x89,0x9e,0x98,0x20},
+	{0x7f,0xcc,0x2d,0x3a,0xfd,0x77,0x97,0x49,0x92,0xd8,0x4f,0xa5,0x2c,0x7c,0x85,0x32,0xa0,0xe3,0x07,0xd2,0x64,0xd8,0x79,0xa2,0x29,0x7e,0xa6,0x0c,0x1d,0xed,0x03,0x04,0x2e,0xec,0xea,0x85,0x8b,0x27,0x74,0x16,0xdf,0x2b,0xcb,0x7a,0x07,0xdc,0x21,0x56,0x5a,0xf4,0xcb,0x61,0x16,0x4c,0x0a,0x64,0xd3,0x95,0x05,0xf7,0x50,0x99,0x0b,0x73,0x52,0xc5,0x4e,0x87,0x35,0x2d,0x4b,0xc9,0x8d,0x6f,0x24,0x98,0xcf,0xc8,0xe6,0xc5,0xce,0x35,0xc0,0x16,0xfa,0x46,0xcb,0xf7,0xcc,0x3d,0x30,0x08,0x43,0x45,0xd7,0x5b},
+	{0xc2,0x4c,0xb2,0x28,0x95,0xd1,0x9a,0x7f,0x81,0xc1,0x35,0x63,0x65,0x54,0x6b,0x7f,0x36,0x72,0xc0,0x4f,0x6e,0xb6,0xb8,0x66,0x83,0xad,0x80,0x73,0x00,0x78,0x3a,0x13,0x2a,0x79,0xe7,0x15,0x21,0x93,0xc4,0x85,0xc9,0xdd,0xcd,0xbd,0xa2,0x89,0x4c,0xc6,0x62,0xd7,0xa3,0xad,0xa8,0x3d,0x1e,0x9d,0x2c,0xf8,0x67,0x30,0x12,0xdb,0xb7,0x5b,0xbe,0x62,0xca,0xc6,0x67,0xf4,0x61,0x09,0xee,0x52,0x19,0x21,0xd6,0x21,0xec,0x04,0x70,0x47,0xd5,0x9b,0x77,0x60,0x23,0x18,0xd2,0xe0,0xf0,0x58,0x6d,0xca,0x0d,0x74},
+	{0x4e,0xce,0xcf,0x52,0x07,0xee,0x48,0xdf,0xb7,0x08,0xec,0x06,0xf3,0xfa,0xff,0xc3,0xc4,0x59,0x54,0xb9,0x2a,0x0b,0x71,0x05,0x8d,0xa3,0x3e,0x96,0xfa,0x25,0x1d,0x16,0x3c,0x43,0x78,0x04,0x57,0x8c,0x1a,0x23,0x9d,0x43,0x81,0xc2,0x0e,0x27,0xb5,0xb7,0x9f,0x07,0xd9,0xe3,0xea,0x99,0xaa,0xdb,0xd9,0x03,0x2b,0x6c,0x25,0xf5,0x03,0x2c,0x7d,0xa4,0x53,0x7b,0x75,0x18,0x0f,0x79,0x79,0x58,0x0c,0xcf,0x30,0x01,0x7b,0x30,0xf9,0xf7,0x7e,0x25,0x77,0x3d,0x90,0x31,0xaf,0xbb,0x96,0xbd,0xbd,0x68,0x94,0x69},
+	{0xcf,0xfe,0xda,0xf4,0x46,0x2f,0x1f,0xbd,0xf7,0xd6,0x7f,0xa4,0x14,0x01,0xef,0x7c,0x7f,0xb3,0x47,0x4a,0xda,0xfd,0x1f,0xd3,0x85,0x57,0x90,0x73,0xa4,0x19,0x52,0x52,0x48,0x19,0xa9,0x6a,0xe6,0x3d,0xdd,0xd8,0xcc,0xd2,0xc0,0x2f,0xc2,0x64,0x50,0x48,0x2f,0xea,0xfd,0x34,0x66,0x24,0x48,0x9b,0x3a,0x2e,0x4a,0x6c,0x4e,0x1c,0x3e,0x29,0xe1,0x12,0x51,0x92,0x4b,0x13,0x6e,0x37,0xa0,0x5d,0xa1,0xdc,0xb5,0x78,0x37,0x70,0x11,0x31,0x1c,0x46,0xaf,0x89,0x45,0xb0,0x23,0x28,0x03,0x7f,0x44,0x5c,0x60,0x5b},
+	{0x89,0x7c,0xc4,0x20,0x59,0x80,0x65,0xb9,0xcc,0x8f,0x3b,0x92,0x0c,0x10,0xf0,0xe7,0x77,0xef,0xe2,0x02,0x65,0x25,0x01,0x00,0xee,0xb3,0xae,0xa8,0xce,0x6d,0xa7,0x24,0x4c,0xf0,0xe7,0xf0,0xc6,0xfe,0xe9,0x3b,0x62,0x49,0xe3,0x75,0x9e,0x57,0x6a,0x86,0x1a,0xe6,0x1d,0x1e,0x16,0xef,0x42,0x55,0xd5,0xbd,0x5a,0xcc,0xf4,0xfe,0x12,0x2f,0x40,0xc7,0xc0,0xdf,0xb2,0x22,0x45,0x0a,0x07,0xa4,0xc9,0x40,0x7f,0x6e,0xd0,0x10,0x68,0xf6,0xcf,0x78,0x41,0x14,0xcf,0xc6,0x90,0x37,0xa4,0x18,0x25,0x7b,0x60,0x5e},
+	{0x18,0x18,0xdf,0x6c,0x8f,0x1d,0xb3,0x58,0xa2,0x58,0x62,0xc3,0x4f,0xa7,0xcf,0x35,0x6e,0x1d,0xe6,0x66,0x4f,0xff,0xb3,0xe1,0xf7,0xd5,0xcd,0x6c,0xab,0xac,0x67,0x50,0x14,0xcf,0x96,0xa5,0x1c,0x43,0x2c,0xa0,0x00,0xe4,0xd3,0xae,0x40,0x2d,0xc4,0xe3,0xdb,0x26,0x0f,0x2e,0x80,0x26,0x45,0xd2,0x68,0x70,0x45,0x9e,0x13,0x33,0x1f,0x20,0x51,0x9d,0x03,0x08,0x6b,0x7f,0x52,0xfd,0x06,0x00,0x7c,0x01,0x64,0x49,0xb1,0x18,0xa8,0xa4,0x25,0x2e,0xb0,0x0e,0x22,0xd5,0x75,0x03,0x46,0x62,0x88,0xba,0x7c,0x39},
+	{0xb2,0x59,0x59,0xf0,0x93,0x30,0xc1,0x30,0x76,0x79,0xa9,0xe9,0x8d,0xa1,0x3a,0xe2,0x26,0x5e,0x1d,0x72,0x91,0xd4,0x2f,0x22,0x3a,0x6c,0x6e,0x76,0x20,0xd3,0x39,0x23,0xe7,0x79,0x13,0xc8,0xfb,0xc3,0x15,0x78,0xf1,0x2a,0xe1,0xdd,0x20,0x94,0x61,0xa6,0xd5,0xfd,0xa8,0x85,0xf8,0xc0,0xa9,0xff,0x52,0xc2,0xe1,0xc1,0x22,0x40,0x1b,0x77,0xa7,0x2f,0x3a,0x51,0x86,0xd9,0x7d,0xd8,0x08,0xcf,0xd4,0xf9,0x71,0x9b,0xac,0xf5,0xb3,0x83,0xa2,0x1e,0x1b,0xc3,0x6b,0xd0,0x76,0x1a,0x97,0x19,0x92,0x18,0x1a,0x33},
+	{0xc6,0x80,0x4f,0xfb,0x45,0x6f,0x16,0xf5,0xcf,0x75,0xc7,0x61,0xde,0xc7,0x36,0x9c,0x1c,0xd9,0x41,0x90,0x1b,0xe8,0xd4,0xe3,0x21,0xfe,0xbd,0x83,0x6b,0x7c,0x16,0x31,0xaf,0x72,0x75,0x9d,0x3a,0x2f,0x51,0x26,0x9e,0x4a,0x07,0x68,0x88,0xe2,0xcb,0x5b,0xc4,0xf7,0x80,0x11,0xc1,0xc1,0xed,0x84,0x7b,0xa6,0x49,0xf6,0x9f,0x61,0xc9,0x1a,0x68,0x10,0x4b,0x52,0x42,0x38,0x2b,0xf2,0x87,0xe9,0x9c,0xee,0x3b,0x34,0x68,0x50,0xc8,0x50,0x62,0x4a,0x84,0x71,0x9d,0xfc,0x11,0xb1,0x08,0x1f,0x34,0x36,0x24,0x61},
+	{0x8d,0x89,0x4e,0x87,0xdb,0x41,0x9d,0xd9,0x20,0xdc,0x07,0x6c,0xf1,0xa5,0xfe,0x09,0xbc,0x9b,0x0f,0xd0,0x67,0x2c,0x3d,0x79,0x40,0xff,0x5e,0x9e,0x30,0xe2,0xeb,0x46,0x38,0x26,0x2d,0x1a,0xe3,0x49,0x63,0x8b,0x35,0xfd,0xd3,0x9b,0x00,0xb7,0xdf,0x9d,0xa4,0x6b,0xa0,0xa3,0xb8,0xf1,0x8b,0x7f,0x45,0x04,0xd9,0x78,0x31,0xaa,0x22,0x15,0x38,0x49,0x61,0x69,0x53,0x2f,0x38,0x2c,0x10,0x6d,0x2d,0xb7,0x9a,0x40,0xfe,0xda,0x27,0xf2,0x46,0xb6,0x91,0x33,0xc8,0xe8,0x6c,0x30,0x24,0x05,0xf5,0x70,0xfe,0x45},
+	{0x8c,0x0b,0x0c,0x96,0xa6,0x75,0x48,0xda,0x20,0x2f,0x0e,0xef,0x76,0xd0,0x68,0x5b,0xd4,0x8f,0x0b,0x3d,0xcf,0x51,0xfb,0x07,0xd4,0x92,0xe3,0xa0,0x23,0x16,0x8d,0x42,0x91,0x14,0x95,0xc8,0x20,0x49,0xf2,0x62,0xa2,0x0c,0x63,0x3f,0xc8,0x07,0xf0,0x05,0xb8,0xd4,0xc9,0xf5,0xd2,0x45,0xbb,0x6f,0x45,0x22,0x7a,0xb5,0x6d,0x9f,0x61,0x16,0xfd,0x08,0xa3,0x01,0x44,0x4a,0x4f,0x08,0xac,0xca,0xa5,0x76,0xc3,0x19,0x22,0xa8,0x7d,0xbc,0xd1,0x43,0x46,0xde,0xb8,0xde,0xc6,0x38,0xbd,0x60,0x2d,0x59,0x81,0x1d},
+	{0x5f,0xac,0x0d,0xa6,0x56,0x87,0x36,0x61,0x57,0xdc,0xab,0xeb,0x6a,0x2f,0xe0,0x17,0x7d,0x0f,0xce,0x4c,0x2d,0x3f,0x19,0x7f,0xf0,0xdc,0xec,0x89,0x77,0x4a,0x23,0x20,0xe8,0xc5,0x85,0x7b,0x9f,0xb6,0x65,0x87,0xb2,0xba,0x68,0xd1,0x8b,0x67,0xf0,0x6f,0x9b,0x0f,0x33,0x1d,0x7c,0xe7,0x70,0x3a,0x7c,0x8e,0xaf,0xb0,0x51,0x6d,0x5f,0x3a,0x52,0xb2,0x78,0x71,0xb6,0x0d,0xd2,0x76,0x60,0xd1,0x1e,0xd5,0xf9,0x34,0x1c,0x07,0x70,0x11,0xe4,0xb3,0x20,0x4a,0x2a,0xf6,0x66,0xe3,0xff,0x3c,0x35,0x82,0xd6,0x7c},
+	{0xb6,0xfa,0x87,0xd8,0x5b,0xa4,0xe1,0x0b,0x6e,0x3b,0x40,0xba,0x32,0x6a,0x84,0x2a,0x00,0x60,0x6e,0xe9,0x12,0x10,0x92,0xd9,0x43,0x09,0xdc,0x3b,0x86,0xc8,0x38,0x28,0xf3,0xf4,0xac,0x68,0x60,0xcd,0x65,0xa6,0xd3,0xe3,0xd7,0x3c,0x18,0x2d,0xd9,0x42,0xd9,0x25,0x60,0x33,0x9d,0x38,0x59,0x57,0xff,0xd8,0x2c,0x2b,0x3b,0x25,0xf0,0x3e,0x30,0x50,0x46,0x4a,0xcf,0xb0,0x6b,0xd1,0xab,0x77,0xc5,0x15,0x41,0x6b,0x49,0xfa,0x9d,0x41,0xab,0xf4,0x8a,0xae,0xcf,0x82,0x12,0x28,0xa8,0x06,0xa6,0xb8,0xdc,0x21},
+	{0xc8,0x9f,0x9d,0x8c,0x46,0x04,0x60,0x5c,0xcb,0xa3,0x2a,0xd4,0x6e,0x09,0x40,0x25,0x9c,0x2f,0xee,0x12,0x4c,0x4d,0x5b,0x12,0xab,0x1d,0xa3,0x94,0x81,0xd0,0xc3,0x0b,0xba,0x31,0x77,0xbe,0xfa,0x00,0x8d,0x9a,0x89,0x18,0x9e,0x62,0x7e,0x60,0x03,0x82,0x7f,0xd9,0xf3,0x43,0x37,0x02,0xcc,0xb2,0x8b,0x67,0x6f,0x6c,0xbf,0x0d,0x84,0x5d,0x8b,0xe1,0x9f,0x30,0x0d,0x38,0x6e,0x70,0xc7,0x65,0xe1,0xb9,0xa6,0x2d,0xb0,0x6e,0xab,0x20,0xae,0x7d,0x99,0xba,0xbb,0x57,0xdd,0x96,0xc1,0x2a,0x23,0x76,0x42,0x3a},
+	{0xfa,0x84,0x70,0x8a,0x2c,0x43,0x42,0x4b,0x45,0xe5,0xb9,0xdf,0xe3,0x19,0x8a,0x89,0x5d,0xe4,0x58,0x9c,0x21,0x00,0x9f,0xbe,0xd1,0xeb,0x6d,0xa1,0xce,0x77,0xf1,0x1f,0xcb,0x7e,0x44,0xdb,0x72,0xc1,0xf8,0x3b,0xbd,0x2d,0x28,0xc6,0x1f,0xc4,0xcf,0x5f,0xfe,0x15,0xaa,0x75,0xc0,0xff,0xac,0x80,0xf9,0xa9,0xe1,0x24,0xe8,0xc9,0x70,0x07,0xfd,0xb5,0xb5,0x45,0x9a,0xd9,0x61,0xcf,0x24,0x79,0x3a,0x1b,0xe9,0x84,0x09,0x86,0x89,0x3e,0x3e,0x30,0x19,0x09,0x30,0xe7,0x1e,0x0b,0x50,0x41,0xfd,0x64,0xf2,0x39},
+	{0x9c,0xe2,0xe7,0xdb,0x17,0x34,0xad,0xa7,0x9c,0x13,0x9c,0x2b,0x6a,0x37,0x94,0xbd,0xa9,0x7b,0x59,0x93,0x8e,0x1b,0xe9,0xa0,0x40,0x98,0x88,0x68,0x34,0xd7,0x12,0x17,0xe1,0x7b,0x09,0xfe,0xab,0x4a,0x9b,0xd1,0x29,0x19,0xe0,0xdf,0xe1,0xfc,0x6d,0xa4,0xff,0xf1,0xa6,0x2c,0x94,0x08,0xc9,0xc3,0x4e,0xf1,0x35,0x2c,0x27,0x21,0xc6,0x65,0xdd,0x93,0x31,0xce,0xf8,0x89,0x2b,0xe7,0xbb,0xc0,0x25,0xa1,0x56,0x33,0x10,0x4d,0x83,0xfe,0x1c,0x2e,0x3d,0xa9,0x19,0x04,0x72,0xe2,0x9c,0xb1,0x0a,0x80,0xf9,0x22},
+	{0xcb,0xf8,0x9e,0x3e,0x8a,0x36,0x5a,0x60,0x15,0x47,0x50,0xa5,0x22,0xc0,0xe9,0xe3,0x8f,0x24,0x24,0x5f,0xb0,0x48,0x3d,0x55,0xe5,0x26,0x76,0x64,0xcd,0x16,0xf4,0x13,0xac,0xfd,0x6e,0x9a,0xdd,0x9f,0x02,0x42,0x41,0x49,0xa5,0x34,0xbe,0xce,0x12,0xb9,0x7b,0xf3,0xbd,0x87,0xb9,0x64,0x0f,0x64,0xb4,0xca,0x98,0x85,0xd3,0xa4,0x71,0x41,0x8c,0x4c,0xc9,0x99,0xaa,0x58,0x27,0xfa,0x07,0xb8,0x00,0xb0,0x6f,0x6f,0x00,0x23,0x92,0x53,0xda,0xad,0xdd,0x91,0xd2,0xfb,0xab,0xd1,0x4b,0x57,0xfa,0x14,0x82,0x50},
+	{0x4b,0xfe,0xd6,0x3e,0x15,0x69,0x02,0xc2,0xc4,0x77,0x1d,0x51,0x39,0x67,0x5a,0xa6,0x94,0xaf,0x14,0x2c,0x46,0x26,0xde,0xcb,0x4b,0xa7,0xab,0x6f,0xec,0x60,0xf9,0x22,0xd6,0x03,0xd0,0x53,0xbb,0x15,0x1a,0x46,0x65,0xc9,0xf3,0xbc,0x88,0x28,0x10,0xb2,0x5a,0x3a,0x68,0x6c,0x75,0x76,0xc5,0x27,0x47,0xb4,0x6c,0xc8,0xa4,0x58,0x77,0x3a,0x76,0x50,0xae,0x93,0xf6,0x11,0x81,0x54,0xa6,0x54,0xfd,0x1d,0xdf,0x21,0xae,0x1d,0x65,0x5e,0x11,0xf3,0x90,0x8c,0x24,0x12,0x94,0xf4,0xe7,0x8d,0x5f,0xd1,0x9f,0x5d},
+	{0x7f,0x72,0x63,0x6d,0xd3,0x08,0x14,0x03,0x33,0xb5,0xc7,0xd7,0xef,0x9a,0x37,0x6a,0x4b,0xe2,0xae,0xcc,0xc5,0x8f,0xe1,0xa9,0xd3,0xbe,0x8f,0x4f,0x91,0x35,0x2f,0x33,0x1e,0x52,0xd7,0xee,0x2a,0x4d,0x24,0x3f,0x15,0x96,0x2e,0x43,0x28,0x90,0x3a,0x8e,0xd4,0x16,0x9c,0x2e,0x77,0xba,0x64,0xe1,0xd8,0x98,0xeb,0x47,0xfa,0x87,0xc1,0x3b,0x0c,0xc2,0x86,0xea,0x15,0x01,0x47,0x6d,0x25,0xd1,0x46,0x6c,0xcb,0xb7,0x8a,0x99,0x88,0x01,0x66,0x3a,0xb5,0x32,0x78,0xd7,0x03,0xba,0x6f,0x90,0xce,0x81,0x0d,0x45},
+	{0x75,0x52,0x20,0xa6,0xa1,0xb6,0x7b,0x6e,0x83,0x8e,0x3c,0x41,0xd7,0x21,0x4f,0xaa,0xb2,0x5c,0x8f,0xe8,0x55,0xd1,0x56,0x6f,0xe1,0x5b,0x34,0xa6,0x4b,0x5d,0xe2,0x2d,0x3f,0x74,0xae,0x1c,0x96,0xd8,0x74,0xd0,0xed,0x63,0x1c,0xee,0xf5,0x18,0x6d,0xf8,0x29,0xed,0xf4,0xe7,0x5b,0xc5,0xbd,0x97,0x08,0xb1,0x3a,0x66,0x79,0xd2,0xba,0x4c,0xcd,0x1f,0xd7,0xa0,0x24,0x90,0xd1,0x80,0xf8,0x8a,0x28,0xfb,0x0a,0xc2,0x25,0xc5,0x19,0x64,0x3a,0x5f,0x4b,0x97,0xa3,0xb1,0x33,0x72,0x00,0xe2,0xef,0xbc,0x7f,0x7d},
+	{0x01,0x28,0x6b,0x26,0x6a,0x1e,0xef,0xfa,0x16,0x9f,0x73,0xd5,0xc4,0x68,0x6c,0x86,0x2c,0x76,0x03,0x1b,0xbc,0x2f,0x8a,0xf6,0x8d,0x5a,0xb7,0x87,0x5e,0x43,0x75,0x59,0x94,0x90,0xc2,0xf3,0xc5,0x5d,0x7c,0xcd,0xab,0x05,0x91,0x2a,0x9a,0xa2,0x81,0xc7,0x58,0x30,0x1c,0x42,0x36,0x1d,0xc6,0x80,0xd7,0xd4,0xd8,0xdc,0x96,0xd1,0x9c,0x4f,0x68,0x37,0x7b,0x6a,0xd8,0x97,0x92,0x19,0x63,0x7a,0xd1,0x1a,0x24,0x58,0xd0,0xd0,0x17,0x0c,0x1c,0x5c,0xad,0x9c,0x02,0xba,0x07,0x03,0x7a,0x38,0x84,0xd0,0xcd,0x7c},
+	{0x17,0x04,0x26,0x6d,0x2c,0x42,0xa6,0xdc,0xbd,0x40,0x82,0x94,0x50,0x3d,0x15,0xae,0x77,0xc6,0x68,0xfb,0xb4,0xc1,0xc0,0xa9,0x53,0xcf,0xd0,0x61,0xed,0xd0,0x8b,0x42,0x93,0xcc,0x60,0x67,0x18,0x84,0x0c,0x9b,0x99,0x2a,0xb3,0x1a,0x7a,0x00,0xae,0xcd,0x18,0xda,0x0b,0x62,0x86,0xec,0x8d,0xa8,0x44,0xca,0x90,0x81,0x84,0xca,0x93,0x35,0xa7,0x9a,0x84,0x5e,0x9a,0x18,0x13,0x92,0xcd,0xfa,0xd8,0x65,0x35,0xc3,0xd8,0xd4,0xd1,0xbb,0xfd,0x53,0x5b,0x54,0x52,0x8c,0xe6,0x63,0x2d,0xda,0x08,0x83,0x39,0x27},
+	{0x13,0xd4,0x5e,0x43,0x28,0x8d,0xc3,0x42,0xc9,0xcc,0x78,0x32,0x60,0xf3,0x50,0xbd,0xef,0x03,0xda,0x79,0x1a,0xab,0x07,0xbb,0x55,0x33,0x8c,0xbe,0xae,0x97,0x95,0x26,0x53,0x24,0x70,0x0a,0x4c,0x0e,0xa1,0xb9,0xde,0x1b,0x7d,0xd5,0x66,0x58,0xa2,0x0f,0xf7,0xda,0x27,0xcd,0xb5,0xd9,0xb9,0xff,0xfd,0x33,0x2c,0x49,0x45,0x29,0x2c,0x57,0xbe,0x30,0xcd,0xd6,0x45,0xc7,0x7f,0xc7,0xfb,0xae,0xba,0xe3,0xd3,0xe8,0xdf,0xe4,0x0c,0xda,0x5d,0xaa,0x30,0x88,0x2c,0xa2,0x80,0xca,0x5b,0xc0,0x98,0x54,0x98,0x7f},
+	{0x17,0xe1,0x0b,0x9f,0x88,0xce,0x49,0x38,0x88,0xa2,0x54,0x7b,0x1b,0xad,0x05,0x80,0x1c,0x92,0xfc,0x23,0x9f,0xc3,0xa3,0x3d,0x04,0xf3,0x31,0x0a,0x47,0xec,0xc2,0x76,0x63,0x63,0xbf,0x0f,0x52,0x15,0x56,0xd3,0xa6,0xfb,0x4d,0xcf,0x45,0x5a,0x04,0x08,0xc2,0xa0,0x3f,0x87,0xbc,0x4f,0xc2,0xee,0xe7,0x12,0x9b,0xd6,0x3c,0x65,0xf2,0x30,0x85,0x0c,0xc1,0xaa,0x38,0xc9,0x08,0x8a,0xcb,0x6b,0x27,0xdb,0x60,0x9b,0x17,0x46,0x70,0xac,0x6f,0x0e,0x1e,0xc0,0x20,0xa9,0xda,0x73,0x64,0x59,0xf1,0x73,0x12,0x2f},
+	{0x11,0x1e,0xe0,0x8a,0x7c,0xfc,0x39,0x47,0x9f,0xab,0x6a,0x4a,0x90,0x74,0x52,0xfd,0x2e,0x8f,0x72,0x87,0x82,0x8a,0xd9,0x41,0xf2,0x69,0x5b,0xd8,0x2a,0x57,0x9e,0x5d,0xc0,0x0b,0xa7,0x55,0xd7,0x8b,0x48,0x30,0xe7,0x42,0xd4,0xf1,0xa4,0xb5,0xd6,0x06,0x62,0x61,0x59,0xbc,0x9e,0xa6,0xd1,0xea,0x84,0xf7,0xc5,0xed,0x97,0x19,0xac,0x38,0x3b,0xb1,0x51,0xa7,0x17,0xb5,0x66,0x06,0x8c,0x85,0x9b,0x7e,0x86,0x06,0x7d,0x74,0x49,0xde,0x4d,0x45,0x11,0xc0,0xac,0xac,0x9c,0xe6,0xe9,0xbf,0x9c,0xcd,0xdf,0x22},
+	{0xd9,0x0c,0x0d,0xc3,0xe0,0xd2,0xdb,0x8d,0x33,0x43,0xbb,0xac,0x5f,0x66,0x8e,0xad,0x1f,0x96,0x2a,0x32,0x8c,0x25,0x6b,0x8f,0xc7,0xc1,0x48,0x54,0xc0,0x16,0x29,0x6b,0xa1,0xe0,0x3b,0x10,0xb4,0x59,0xec,0x56,0x69,0xf9,0x59,0xd2,0xec,0xba,0xe3,0x2e,0x32,0xcd,0xf5,0x13,0x94,0xb2,0x7c,0x79,0x72,0xe4,0xcd,0x24,0x78,0x87,0xe9,0x0f,0x3b,0x91,0xba,0x0a,0xd1,0x34,0xdb,0x7e,0x0e,0xac,0x6d,0x2e,0x82,0xcd,0xa3,0x4e,0x15,0xf8,0x78,0x65,0xff,0x3d,0x08,0x66,0x17,0x0a,0xf0,0x7f,0x30,0x3f,0x30,0x4c},
+	{0x85,0x8c,0xb2,0x17,0xd6,0x3b,0x0a,0xd3,0xea,0x3b,0x77,0x39,0xb7,0x77,0xd3,0xc5,0xbf,0x5c,0x6a,0x1e,0x8c,0xe7,0xc6,0xc6,0xc4,0xb7,0x2a,0x8b,0xf7,0xb8,0x61,0x0d,0x00,0x45,0xd9,0x0d,0x58,0x03,0xfc,0x29,0x93,0xec,0xbb,0x6f,0xa4,0x7a,0xd2,0xec,0xf8,0xa7,0xe2,0xc2,0x5f,0x15,0x0a,0x13,0xd5,0xa1,0x06,0xb7,0x1a,0x15,0x6b,0x41,0xb0,0x36,0xc1,0xe9,0xef,0xd7,0xa8,0x56,0x20,0x4b,0xe4,0x58,0xcd,0xe5,0x07,0xbd,0xab,0xe0,0x57,0x1b,0xda,0x2f,0xe6,0xaf,0xd2,0xe8,0x77,0x42,0xf7,0x2a,0x1a,0x19},
+	{0x31,0x14,0x3c,0xc5,0x4b,0xf7,0x16,0xce,0xde,0xed,0x72,0x20,0xce,0x25,0x97,0x2b,0xe7,0x3e,0xb2,0xb5,0x6f,0xc3,0xb9,0xb8,0x08,0xc9,0x5c,0x0b,0x45,0x0e,0x2e,0x7e,0xfb,0x0e,0x46,0x4f,0x43,0x2b,0xe6,0x9f,0xd6,0x07,0x36,0xa6,0xd4,0x03,0xd3,0xde,0x24,0xda,0xa0,0xb7,0x0e,0x21,0x52,0xf0,0x93,0x5b,0x54,0x00,0xbe,0x7d,0x7e,0x23,0x30,0xb4,0x01,0x67,0xed,0x75,0x35,0x01,0x10,0xfd,0x0b,0x9f,0xe6,0x94,0x10,0x23,0x22,0x7f,0xe4,0x83,0x15,0x0f,0x32,0x75,0xe3,0x55,0x11,0xb1,0x99,0xa6,0xaf,0x71},
+	{0x1d,0xb6,0x53,0x39,0x9b,0x6f,0xce,0x65,0xe6,0x41,0xa1,0xaf,0xea,0x39,0x58,0xc6,0xfe,0x59,0xf7,0xa9,0xfd,0x5f,0x43,0x0f,0x8e,0xc2,0xb1,0xc2,0xe9,0x42,0x11,0x02,0xd6,0x50,0x3b,0x47,0x1c,0x3c,0x42,0xea,0x10,0xef,0x38,0x3b,0x1f,0x7a,0xe8,0x51,0x95,0xbe,0xc9,0xb2,0x5f,0xbf,0x84,0x9b,0x1c,0x9a,0xf8,0x78,0xbc,0x1f,0x73,0x00,0x80,0x18,0xf8,0x48,0x18,0xc7,0x30,0xe4,0x19,0xc1,0xce,0x5e,0x22,0x0c,0x96,0xbf,0xe3,0x15,0xba,0x6b,0x83,0xe0,0xda,0xb6,0x08,0x58,0xe1,0x47,0x33,0x6f,0x4d,0x4c},
+	{0xc9,0x1f,0x7d,0xc1,0xcf,0xec,0xf7,0x18,0x14,0x3c,0x40,0x51,0xa6,0xf5,0x75,0x6c,0xdf,0x0c,0xee,0xf7,0x2b,0x71,0xde,0xdb,0x22,0x7a,0xe4,0xa7,0xaa,0xdd,0x3f,0x19,0x70,0x19,0x8f,0x98,0xfc,0xdd,0x0c,0x2f,0x1b,0xf5,0xb9,0xb0,0x27,0x62,0x91,0x6b,0xbe,0x76,0x91,0x77,0xc4,0xb6,0xc7,0x6e,0xa8,0x9f,0x8f,0xa8,0x00,0x95,0xbf,0x38,0x6f,0x87,0xe8,0x37,0x3c,0xc9,0xd2,0x1f,0x2c,0x46,0xd1,0x18,0x5a,0x1e,0xf6,0xa2,0x76,0x12,0x24,0x39,0x82,0xf5,0x80,0x50,0x69,0x49,0x0d,0xbf,0x9e,0xb9,0x6f,0x6a},
+	{0xeb,0x55,0x08,0x56,0xbb,0xc1,0x46,0x6a,0x9d,0xf0,0x93,0xf8,0x38,0xbb,0x16,0x24,0xc1,0xac,0x71,0x8f,0x37,0x11,0x1d,0xd7,0xea,0x96,0x18,0xa3,0x14,0x69,0xf7,0x75,0xc6,0x23,0xe4,0xb6,0xb5,0x22,0xb1,0xee,0x8e,0xff,0x86,0xf2,0x10,0x70,0x9d,0x93,0x8c,0x5d,0xcf,0x1d,0x83,0x2a,0xa9,0x90,0x10,0xeb,0xc5,0x42,0x9f,0xda,0x6f,0x13,0xd1,0xbd,0x05,0xa3,0xb1,0xdf,0x4c,0xf9,0x08,0x2c,0xf8,0x9f,0x9d,0x4b,0x36,0x0f,0x8a,0x58,0xbb,0xc3,0xa5,0xd8,0x87,0x2a,0xba,0xdc,0xe8,0x0b,0x51,0x83,0x21,0x02},
+	{0x14,0x2d,0xad,0x5e,0x38,0x66,0xf7,0x4a,0x30,0x58,0x7c,0xca,0x80,0xd8,0x8e,0xa0,0x3d,0x1e,0x21,0x10,0xe6,0xa6,0x13,0x0d,0x03,0x6c,0x80,0x7b,0xe1,0x1c,0x07,0x6a,0x7f,0x7a,0x30,0x43,0x01,0x71,0x5a,0x9d,0x5f,0xa4,0x7d,0xc4,0x9e,0xde,0x63,0xb0,0xd3,0x7a,0x92,0xbe,0x52,0xfe,0xbb,0x22,0x6c,0x42,0x40,0xfd,0x41,0xc4,0x87,0x13,0xf8,0x8a,0x97,0x87,0xd1,0xc3,0xd3,0xb5,0x13,0x44,0x0e,0x7f,0x3d,0x5a,0x2b,0x72,0xa0,0x7c,0x47,0xbb,0x48,0x48,0x7b,0x0d,0x92,0xdc,0x1e,0xaf,0x6a,0xb2,0x71,0x31},
+	{0xa8,0x4c,0x56,0x97,0x90,0x31,0x2f,0xa9,0x19,0xe1,0x75,0x22,0x4c,0xb8,0x7b,0xff,0x50,0x51,0x87,0xa4,0x37,0xfe,0x55,0x4f,0x5a,0x83,0xf0,0x3c,0x87,0xd4,0x1f,0x22,0xd1,0x47,0x8a,0xb2,0xd8,0xb7,0x0d,0xa6,0xf1,0xa4,0x70,0x17,0xd6,0x14,0xbf,0xa6,0x58,0xbd,0xdd,0x53,0x93,0xf8,0xa1,0xd4,0xe9,0x43,0x42,0x34,0x63,0x4a,0x51,0x6c,0x41,0x63,0x15,0x3a,0x4f,0x20,0x22,0x23,0x2d,0x03,0x0a,0xba,0xe9,0xe0,0x73,0xfb,0x0e,0x03,0x0f,0x41,0x4c,0xdd,0xe0,0xfc,0xaa,0x4a,0x92,0xfb,0x96,0xa5,0xda,0x48},
+	{0xc7,0x9c,0xa5,0x5c,0x66,0x8e,0xca,0x6e,0xa0,0xac,0x38,0x2e,0x4b,0x25,0x47,0xa8,0xce,0x17,0x1e,0xd2,0x08,0xc7,0xaf,0x31,0xf7,0x4a,0xd8,0xca,0xfc,0xd6,0x6d,0x67,0x93,0x97,0x4c,0xc8,0x5d,0x1d,0xf6,0x14,0x06,0x82,0x41,0xef,0xe3,0xf9,0x41,0x99,0xac,0x77,0x62,0x34,0x8f,0xb8,0xf5,0xcd,0xa9,0x79,0x8a,0x0e,0xfa,0x37,0xc8,0x58,0x58,0x90,0xfc,0x96,0x85,0x68,0xf9,0x0c,0x1b,0xa0,0x56,0x7b,0xf3,0xbb,0xdc,0x1d,0x6a,0xd6,0x35,0x49,0x7d,0xe7,0xc2,0xdc,0x0a,0x7f,0xa5,0xc6,0xf2,0x73,0x4f,0x1c},
+	{0xbb,0xa0,0x5f,0x30,0xbd,0x4f,0x7a,0x0e,0xad,0x63,0xc6,0x54,0xe0,0x4c,0x9d,0x82,0x48,0x38,0xe3,0x2f,0x83,0xc3,0x21,0xf4,0x42,0x4c,0xf6,0x1b,0x0d,0xc8,0x5a,0x79,0x84,0x34,0x7c,0xfc,0x6e,0x70,0x6e,0xb3,0x61,0xcf,0xc1,0xc3,0xb4,0xc9,0xdf,0x73,0xe5,0xc7,0x1c,0x78,0xc9,0x79,0x1d,0xeb,0x5c,0x67,0xaf,0x7d,0xdb,0x9a,0x45,0x70,0xb3,0x2b,0xb4,0x91,0x49,0xdb,0x91,0x1b,0xca,0xdc,0x02,0x4b,0x23,0x96,0x26,0x57,0xdc,0x78,0x8c,0x1f,0xe5,0x9e,0xdf,0x9f,0xd3,0x1f,0xe2,0x8c,0x84,0x62,0xe1,0x5f},
+	{0x1a,0x96,0x94,0xe1,0x4f,0x21,0x59,0x4e,0x4f,0xcd,0x71,0x0d,0xc7,0x7d,0xbe,0x49,0x2d,0xf2,0x50,0x3b,0xd2,0xcf,0x00,0x93,0x32,0x72,0x91,0xfc,0x46,0xd4,0x89,0x47,0x08,0xb2,0x7c,0x5d,0x2d,0x85,0x79,0x28,0xe7,0xf2,0x7d,0x68,0x70,0xdd,0xde,0xb8,0x91,0x78,0x68,0x21,0xab,0xff,0x0b,0xdc,0x35,0xaa,0x7d,0x67,0x43,0xc0,0x44,0x2b,0x8e,0xb7,0x4e,0x07,0xab,0x87,0x1c,0x1a,0x67,0xf4,0xda,0x99,0x8e,0xd1,0xc6,0xfa,0x67,0x90,0x4f,0x48,0xcd,0xbb,0xac,0x3e,0xe4,0xa4,0xb9,0x2b,0xef,0x2e,0xc5,0x60},
+	{0xf1,0x8b,0xfd,0x3b,0xbc,0x89,0x5d,0x0b,0x1a,0x55,0xf3,0xc9,0x37,0x92,0x6b,0xb0,0xf5,0x28,0x30,0xd5,0xb0,0x16,0x4c,0x0e,0xab,0xca,0xcf,0x2c,0x31,0x9c,0xbc,0x10,0x11,0x6d,0xae,0x7c,0xc2,0xc5,0x2b,0x70,0xab,0x8c,0xa4,0x54,0x9b,0x69,0xc7,0x44,0xb2,0x2e,0x49,0xba,0x56,0x40,0xbc,0xef,0x6d,0x67,0xb6,0xd9,0x48,0x72,0xd7,0x70,0x5b,0xa0,0xc2,0x3e,0x4b,0xe8,0x8a,0xaa,0xe0,0x81,0x17,0xed,0xf4,0x9e,0x69,0x98,0xd1,0x85,0x8e,0x70,0xe4,0x13,0x45,0x79,0x13,0xf4,0x76,0xa9,0xd3,0x5b,0x75,0x63},
+	{0x53,0x08,0xd1,0x2a,0x3e,0xa0,0x5f,0xb5,0x69,0x35,0xe6,0x9e,0x90,0x75,0x6f,0x35,0x90,0xb8,0x69,0xbe,0xfd,0xf1,0xf9,0x9f,0x84,0x6f,0xc1,0x8b,0xc4,0xc1,0x8c,0x0d,0xb7,0xac,0xf1,0x97,0x18,0x10,0xc7,0x3d,0xd8,0xbb,0x65,0xc1,0x5e,0x7d,0xda,0x5d,0x0f,0x02,0xa1,0x0f,0x9c,0x5b,0x8e,0x50,0x56,0x2a,0xc5,0x37,0x17,0x75,0x63,0x27,0xa9,0x19,0xb4,0x6e,0xd3,0x02,0x94,0x02,0xa5,0x60,0xb4,0x77,0x7e,0x4e,0xb4,0xf0,0x56,0x49,0x3c,0xd4,0x30,0x62,0xa8,0xcf,0xe7,0x66,0xd1,0x7a,0x8a,0xdd,0xc2,0x70},
+	{0x0e,0xec,0x6f,0x9f,0x50,0x94,0x61,0x65,0x8d,0x51,0xc6,0x46,0xa9,0x7e,0x2e,0xee,0x5c,0x9b,0xe0,0x67,0xf3,0xc1,0x33,0x97,0x95,0x84,0x94,0x63,0x63,0xac,0x0f,0x2e,0x13,0x7e,0xed,0xb8,0x7d,0x96,0xd4,0x91,0x7a,0x81,0x76,0xd7,0x0a,0x2f,0x25,0x74,0x64,0x25,0x85,0x0d,0xe0,0x82,0x09,0xe4,0xe5,0x3c,0xa5,0x16,0x38,0x61,0xb8,0x32,0x64,0xcd,0x48,0xe4,0xbe,0xf7,0xe7,0x79,0xd0,0x86,0x78,0x08,0x67,0x3a,0xc8,0x6a,0x2e,0xdb,0xe4,0xa0,0xd9,0xd4,0x9f,0xf8,0x41,0x4f,0x5a,0x73,0x5c,0x21,0x79,0x41},
+	{0x2a,0xed,0xdc,0xd7,0xe7,0x94,0x70,0x8c,0x70,0x9c,0xd3,0x47,0xc3,0x8a,0xfb,0x97,0x02,0xd9,0x06,0xa9,0x33,0xe0,0x3b,0xe1,0x76,0x9d,0xd9,0x0c,0xa3,0x44,0x03,0x70,0x34,0xcd,0x6b,0x28,0xb9,0x33,0xae,0xe4,0xdc,0xd6,0x9d,0x55,0xb6,0x7e,0xef,0xb7,0x1f,0x8e,0xd3,0xb3,0x1f,0x14,0x8b,0x27,0x86,0xc2,0x41,0x22,0x66,0x85,0xfa,0x31,0xf4,0x22,0x36,0x2e,0x42,0x6c,0x82,0xaf,0x2d,0x50,0x33,0x98,0x87,0x29,0x20,0xc1,0x23,0x91,0x38,0x2b,0xe1,0xb7,0xc1,0x9b,0x89,0x24,0x95,0xa9,0x12,0x23,0xbb,0x24},
+	{0xc3,0x67,0xde,0x32,0x17,0xed,0xa8,0xb1,0x48,0x49,0x1b,0x46,0x18,0x94,0xb4,0x3c,0xd2,0xbc,0xcf,0x76,0x43,0x43,0xbd,0x8e,0x08,0x80,0x18,0x1e,0x87,0x3e,0xee,0x0f,0x6b,0x5c,0xf8,0xf5,0x2a,0x0c,0xf8,0x41,0x94,0x67,0xfa,0x04,0xc3,0x84,0x72,0x68,0xad,0x1b,0xba,0xa3,0x99,0xdf,0x45,0x89,0x16,0x5d,0xeb,0xff,0xf9,0x2a,0x1d,0x0d,0xdf,0x1e,0x62,0x32,0xa1,0x8a,0xda,0xa9,0x79,0x65,0x22,0x59,0xa1,0x22,0xb8,0x30,0x93,0xc1,0x9a,0xa7,0x7b,0x19,0x04,0x40,0x76,0x1d,0x53,0x18,0x97,0xd7,0xac,0x16},
+	{0x3d,0x1d,0x9b,0x2d,0xaf,0x72,0xdf,0x72,0x5a,0x24,0x32,0xa4,0x36,0x2a,0x46,0x63,0x37,0x96,0xb3,0x16,0x79,0xa0,0xce,0x3e,0x09,0x23,0x30,0xb9,0xf6,0x0e,0x3e,0x12,0xad,0xb6,0x87,0x78,0xc5,0xc6,0x59,0xc9,0xba,0xfe,0x90,0x5f,0xad,0x9e,0xe1,0x94,0x04,0xf5,0x42,0xa3,0x62,0x4e,0xe2,0x16,0x00,0x17,0x16,0x18,0x4b,0xd3,0x4e,0x16,0x9a,0xe6,0x2f,0x19,0x4c,0xd9,0x7e,0x48,0x13,0x15,0x91,0x3a,0xea,0x2c,0xae,0x61,0x27,0xde,0xa4,0xb9,0xd3,0xf6,0x7b,0x87,0xeb,0xf3,0x73,0x10,0xc6,0x0f,0xda,0x78},
+	{0x6a,0xc6,0x2b,0xe5,0x28,0x5d,0xf1,0x5b,0x8e,0x1a,0xf0,0x70,0x18,0xe3,0x47,0x2c,0xdd,0x8b,0xc2,0x06,0xbc,0xaf,0x19,0x24,0x3a,0x17,0x6b,0x25,0xeb,0xde,0x25,0x2d,0x94,0x3a,0x0c,0x68,0xf1,0x80,0x9f,0xa2,0xe6,0xe7,0xe9,0x1a,0x15,0x7e,0xf7,0x71,0x73,0x79,0x01,0x48,0x58,0xf1,0x00,0x11,0xdd,0x8d,0xb3,0x16,0xb3,0xa4,0x4a,0x05,0xb8,0x7c,0x26,0x19,0x8d,0x46,0xc8,0xdf,0xaf,0x4d,0xe5,0x66,0x9c,0x78,0x28,0x0b,0x17,0xec,0x6e,0x66,0x2a,0x1d,0xeb,0x2a,0x60,0xa7,0x7d,0xab,0xa6,0x10,0x46,0x13},
+	{0xfe,0xb0,0xf6,0x8d,0xc7,0x8e,0x13,0x51,0x1b,0xf5,0x75,0xe5,0x89,0xda,0x97,0x53,0xb9,0xf1,0x7a,0x71,0x1d,0x7a,0x20,0x09,0x50,0xd6,0x20,0x2b,0xba,0xfd,0x02,0x21,0x15,0xf5,0xd1,0x77,0xe7,0x65,0x2a,0xcd,0xf1,0x60,0xaa,0x8f,0x87,0x91,0x89,0x54,0xe5,0x06,0xbc,0xda,0xbc,0x3b,0xb7,0xb1,0xfb,0xc9,0x7c,0xa9,0xcb,0x78,0x48,0x65,0xa1,0xe6,0x5c,0x05,0x05,0xe4,0x9e,0x96,0x29,0xad,0x51,0x12,0x68,0xa7,0xbc,0x36,0x15,0xa4,0x7d,0xaa,0x17,0xf5,0x1a,0x3a,0xba,0xb2,0xec,0x29,0xdb,0x25,0xd7,0x0a},
+	{0x57,0x24,0x4e,0x83,0xb1,0x67,0x42,0xdc,0xc5,0x1b,0xce,0x70,0xb5,0x44,0x75,0xb6,0xd7,0x5e,0xd1,0xf7,0x0b,0x7a,0xf0,0x1a,0x50,0x36,0xa0,0x71,0xfb,0xcf,0xef,0x4a,0x85,0x6f,0x05,0x9b,0x0c,0xbc,0xc7,0xfe,0xd7,0xff,0xf5,0xe7,0x68,0x52,0x7d,0x53,0xfa,0xae,0x12,0x43,0x62,0xc6,0xaf,0x77,0xd9,0x9f,0x39,0x02,0x53,0x5f,0x67,0x4f,0x1e,0x17,0x15,0x04,0x36,0x36,0x2d,0xc3,0x3b,0x48,0x98,0x89,0x11,0xef,0x2b,0xcd,0x10,0x51,0x94,0xd0,0xad,0x6e,0x0a,0x87,0x61,0x65,0xa8,0xa2,0x72,0xbb,0xcc,0x0b},
+	{0xc8,0xa9,0xb1,0xea,0x2f,0x96,0x5e,0x18,0xcd,0x7d,0x14,0x65,0x35,0xe6,0xe7,0x86,0xf2,0x6d,0x5b,0xbb,0x31,0xe0,0x92,0xb0,0x3e,0xb7,0xd6,0x59,0xab,0xf0,0x24,0x40,0x96,0x12,0xfe,0x50,0x4c,0x5e,0x6d,0x18,0x7e,0x9f,0xe8,0xfe,0x82,0x7b,0x39,0xe0,0xb0,0x31,0x70,0x50,0xc5,0xf6,0xc7,0x3b,0xc2,0x37,0x8f,0x10,0x69,0xfd,0x78,0x66,0xc2,0x63,0x68,0x63,0x31,0xfa,0x86,0x15,0xf2,0x33,0x2d,0x57,0x48,0x8c,0xf6,0x07,0xfc,0xae,0x9e,0x78,0x9f,0xcc,0x73,0x4f,0x01,0x47,0xad,0x8e,0x10,0xe2,0x42,0x2d},
+	{0x9b,0xd2,0xdf,0x94,0x15,0x13,0xf5,0x97,0x6a,0x4c,0x3f,0x31,0x5d,0x98,0x55,0x61,0x10,0x50,0x45,0x08,0x07,0x3f,0xa1,0xeb,0x22,0xd3,0xd2,0xb8,0x08,0x26,0x6b,0x67,0x93,0x75,0x53,0x0f,0x0d,0x7b,0x71,0x21,0x4c,0x06,0x1e,0x13,0x0b,0x69,0x4e,0x91,0x9f,0xe0,0x2a,0x75,0xae,0x87,0xb6,0x1b,0x6e,0x3c,0x42,0x9b,0xa7,0xf3,0x0b,0x42,0x47,0x2b,0x5b,0x1c,0x65,0xba,0x38,0x81,0x80,0x1b,0x1b,0x31,0xec,0xb6,0x71,0x86,0xb0,0x35,0x31,0xbc,0xb1,0x0c,0xff,0x7b,0xe0,0xf1,0x0c,0x9c,0xfa,0x2f,0x5d,0x74},
+	{0xbd,0xc8,0xc9,0x2b,0x1e,0x5a,0x52,0xbf,0x81,0x9d,0x47,0x26,0x08,0x26,0x5b,0xea,0xdb,0x55,0x01,0xdf,0x0e,0xc7,0x11,0xd5,0xd0,0xf5,0x0c,0x96,0xeb,0x3c,0xe2,0x1a,0x6a,0x4e,0xd3,0x21,0x57,0xdf,0x36,0x60,0xd0,0xb3,0x7b,0x99,0x27,0x88,0xdb,0xb1,0xfa,0x6a,0x75,0xc8,0xc3,0x09,0xc2,0xd3,0x39,0xc8,0x1d,0x4c,0xe5,0x5b,0xe1,0x06,0x4a,0x99,0x32,0x19,0x87,0x5d,0x72,0x5b,0xb0,0xda,0xb1,0xce,0xb5,0x1c,0x35,0x32,0x05,0xca,0xb7,0xda,0x49,0x15,0xc4,0x7d,0xf7,0xc1,0x8e,0x27,0x61,0xd8,0xde,0x58},
+	{0x5c,0xc5,0x66,0xf2,0x93,0x37,0x17,0xd8,0x49,0x4e,0x45,0xcc,0xc5,0x76,0xc9,0xc8,0xa8,0xc3,0x26,0xbc,0xf8,0x82,0xe3,0x5c,0xf9,0xf6,0x85,0x54,0xe8,0x9d,0xf3,0x2f,0xa8,0xc9,0xc2,0xb6,0xa8,0x5b,0xfb,0x2d,0x8c,0x59,0x2c,0xf5,0x8e,0xef,0xee,0x48,0x73,0x15,0x2d,0xf1,0x07,0x91,0x80,0x33,0xd8,0x5b,0x1d,0x53,0x6b,0x69,0xba,0x08,0x7a,0xc5,0xef,0xc3,0xee,0x3e,0xed,0x77,0x11,0x48,0xff,0xd4,0x17,0x55,0xe0,0x04,0xcb,0x71,0xa6,0xf1,0x3f,0x7a,0x3d,0xea,0x54,0xfe,0x7c,0x94,0xb4,0x33,0x06,0x12},
+	{0x42,0x00,0x61,0x91,0x78,0x98,0x94,0x0b,0xe8,0xfa,0xeb,0xec,0x3c,0xb1,0xe7,0x4e,0xc0,0xa4,0xf0,0x94,0x95,0x73,0xbe,0x70,0x85,0x91,0xd5,0xb4,0x99,0x0a,0xd3,0x35,0x0a,0x10,0x12,0x49,0x47,0x31,0xbd,0x82,0x06,0xbe,0x6f,0x7e,0x6d,0x7b,0x23,0xde,0xc6,0x79,0xea,0x11,0x19,0x76,0x1e,0xe1,0xde,0x3b,0x39,0xcb,0xe3,0x3b,0x43,0x07,0xf4,0x97,0xe9,0x5c,0xc0,0x44,0x79,0xff,0xa3,0x51,0x5c,0xb0,0xe4,0x3d,0x5d,0x57,0x7c,0x84,0x76,0x5a,0xfd,0x81,0x33,0x58,0x9f,0xda,0xf6,0x7a,0xde,0x3e,0x87,0x2d},
+	{0x09,0x34,0x37,0x43,0x64,0x31,0x7a,0x15,0xd9,0x81,0xaa,0xf4,0xee,0xb7,0xb8,0xfa,0x06,0x48,0xa6,0xf5,0xe6,0xfe,0x93,0xb0,0xb6,0xa7,0x7f,0x70,0x54,0x36,0x77,0x2e,0x81,0xf9,0x5d,0x4e,0xe1,0x02,0x62,0xaa,0xf5,0xe1,0x15,0x50,0x17,0x59,0x0d,0xa2,0x6c,0x1d,0xe2,0xba,0xd3,0x75,0xa2,0x18,0x53,0x02,0x60,0x01,0x8a,0x61,0x43,0x05,0xc1,0x23,0x4c,0x97,0xf4,0xbd,0xea,0x0d,0x93,0x46,0xce,0x9d,0x25,0x0a,0x6f,0xaa,0x2c,0xba,0x9a,0xa2,0xb8,0x2c,0x20,0x04,0x0d,0x96,0x07,0x2d,0x36,0x43,0x14,0x4b},
+	{0x7a,0x1f,0x6e,0xb6,0xc7,0xb7,0xc4,0xcc,0x7e,0x2f,0x0c,0xf5,0x25,0x7e,0x15,0x44,0x1c,0xaf,0x3e,0x71,0xfc,0x6d,0xf0,0x3e,0xf7,0x63,0xda,0x52,0x67,0x44,0x2f,0x58,0xcb,0x9c,0x52,0x1c,0xe9,0x54,0x7c,0x96,0xfb,0x35,0xc6,0x64,0x92,0x26,0xf6,0x30,0x65,0x19,0x12,0x78,0xf4,0xaf,0x47,0x27,0x5c,0x6f,0xf6,0xea,0x18,0x84,0x03,0x17,0xe4,0x4c,0x32,0x20,0xd3,0x7b,0x31,0xc6,0xc4,0x8b,0x48,0xa4,0xe8,0x42,0x10,0xa8,0x64,0x13,0x5a,0x4e,0x8b,0xf1,0x1e,0xb2,0xc9,0x8d,0xa2,0xcd,0x4b,0x1c,0x2a,0x0c},
+	{0x47,0x04,0x1f,0x6f,0xd0,0xc7,0x4d,0xd2,0x59,0xc0,0x87,0xdb,0x3e,0x9e,0x26,0xb2,0x8f,0xd2,0xb2,0xfb,0x72,0x02,0x5b,0xd1,0x77,0x48,0xf6,0xc6,0xd1,0x8b,0x55,0x7c,0x45,0x69,0xbd,0x69,0x48,0x81,0xc4,0xed,0x22,0x8d,0x1c,0xbe,0x7d,0x90,0x6d,0x0d,0xab,0xc5,0x5c,0xd5,0x12,0xd2,0x3b,0xc6,0x83,0xdc,0x14,0xa3,0x30,0x9b,0x6a,0x5a,0x3d,0x46,0x96,0xd3,0x24,0x15,0xec,0xd0,0xf0,0x24,0x5a,0xc3,0x8a,0x62,0xbb,0x12,0xa4,0x5f,0xbc,0x1c,0x79,0x3a,0x0c,0xa5,0xc3,0xaf,0xfb,0x0a,0xca,0xa5,0x04,0x04},
+	{0xd6,0x43,0xa7,0x0a,0x07,0x40,0x1f,0x8c,0xe8,0x5e,0x26,0x5b,0xcb,0xd0,0xba,0xcc,0xde,0xd2,0x8f,0x66,0x6b,0x04,0x4b,0x57,0x33,0x96,0xdd,0xca,0xfd,0x5b,0x39,0x46,0xd1,0x6f,0x41,0x2a,0x1b,0x9e,0xbc,0x62,0x8b,0x59,0x50,0xe3,0x28,0xf7,0xc6,0xb5,0x67,0x69,0x5d,0x3d,0xd8,0x3f,0x34,0x04,0x98,0xee,0xf8,0xe7,0x16,0x75,0x52,0x39,0x9c,0x9a,0x5d,0x1a,0x2d,0xdb,0x7f,0x11,0x2a,0x5c,0x00,0xd1,0xbc,0x45,0x77,0x9c,0xea,0x6f,0xd5,0x54,0xf1,0xbe,0xd4,0xef,0x16,0xd0,0x22,0xe8,0x29,0x9a,0x57,0x76},
+	{0x17,0x2a,0xc0,0x49,0x7e,0x8e,0xb6,0x45,0x7f,0xa3,0xa9,0xbc,0xa2,0x51,0xcd,0x23,0x1b,0x4c,0x22,0xec,0x11,0x5f,0xd6,0x3e,0xb1,0xbd,0x05,0x9e,0xdc,0x84,0xa3,0x43,0xf2,0x34,0xb4,0x52,0x13,0xb5,0x3c,0x33,0xe1,0x80,0xde,0x93,0x49,0x28,0x32,0xd8,0xce,0x35,0x0d,0x75,0x87,0x28,0x51,0xb5,0xc1,0x77,0x27,0x2a,0xbb,0x14,0xc5,0x02,0x45,0xb6,0xf1,0x8b,0xda,0xd5,0x4b,0x68,0x53,0x4b,0xb5,0xf6,0x7e,0xd3,0x8b,0xfb,0x53,0xd2,0xb0,0xa9,0xd7,0x16,0x39,0x31,0x59,0x80,0x54,0x61,0x09,0x92,0x60,0x11},
+	{0xaa,0xcf,0xda,0x29,0x69,0x16,0x4d,0xb4,0x8f,0x59,0x13,0x84,0x4c,0x9f,0x52,0xda,0x59,0x55,0x3d,0x45,0xca,0x63,0xef,0xe9,0x0b,0x8e,0x69,0xc5,0x5b,0x12,0x1e,0x35,0xcd,0x4d,0x9b,0x36,0x16,0x56,0x38,0x7a,0x63,0x35,0x5c,0x65,0xa7,0x2c,0xc0,0x75,0x21,0x80,0xf1,0xd4,0xf9,0x1b,0xc2,0x7d,0x42,0xe0,0xe6,0x91,0x74,0x7d,0x63,0x2f,0xbe,0x7b,0xf6,0x1a,0x46,0x9b,0xb4,0xd4,0x61,0x89,0xab,0xc8,0x7a,0x03,0x03,0xd6,0xfb,0x99,0xa6,0xf9,0x9f,0xe1,0xde,0x71,0x9a,0x2a,0xce,0xe7,0x06,0x2d,0x18,0x7f},
+	{0xec,0x68,0x01,0xab,0x64,0x8e,0x7c,0x7a,0x43,0xc5,0xed,0x15,0x55,0x4a,0x5a,0xcb,0xda,0x0e,0xcd,0x47,0xd3,0x19,0x55,0x09,0xb0,0x93,0x3e,0x34,0x8c,0xac,0xd4,0x67,0x22,0x75,0x21,0x8e,0x72,0x4b,0x45,0x09,0xd8,0xb8,0x84,0xd4,0xf4,0xe8,0x58,0xaa,0x3c,0x90,0x46,0x7f,0x4d,0x25,0x58,0xd3,0x17,0x52,0x1c,0x24,0x43,0xc0,0xac,0x44,0x77,0x57,0x7a,0x4f,0xbb,0x6b,0x7d,0x1c,0xe1,0x13,0x83,0x91,0xd4,0xfe,0x35,0x8b,0x84,0x46,0x6b,0xc9,0xc6,0xa1,0xdc,0x4a,0xbd,0x71,0xad,0x12,0x83,0x1c,0x6d,0x55},
+	{0x82,0x39,0x8d,0x0c,0xe3,0x40,0xef,0x17,0x34,0xfa,0xa3,0x15,0x3e,0x07,0xf7,0x31,0x6e,0x64,0x73,0x07,0xcb,0xf3,0x21,0x4f,0xff,0x4e,0x82,0x1d,0x6d,0x6c,0x6c,0x74,0x21,0xe8,0x1b,0xb1,0x56,0x67,0xf0,0x81,0xdd,0xf3,0xa3,0x10,0x23,0xf8,0xaf,0x0f,0x5d,0x46,0x99,0x6a,0x55,0xd0,0xb2,0xf8,0x05,0x7f,0x8c,0xcc,0x38,0xbe,0x7a,0x09,0xa4,0x2d,0xa5,0x7e,0x87,0xc9,0x49,0x0c,0x43,0x1d,0xdc,0x9b,0x55,0x69,0x43,0x4c,0xd2,0xeb,0xcc,0xf7,0x09,0x38,0x2c,0x02,0xbd,0x84,0xee,0x4b,0xa3,0x14,0x7e,0x57},
+	{0x0a,0x3b,0xa7,0x61,0xac,0x68,0xe2,0xf0,0xf5,0xa5,0x91,0x37,0x10,0xfa,0xfa,0xf2,0xe9,0x00,0x6d,0x6b,0x82,0x3e,0xe1,0xc1,0x42,0x8f,0xd7,0x6f,0xe9,0x7e,0xfa,0x60,0x2b,0xd7,0x4d,0xbd,0xbe,0xce,0xfe,0x94,0x11,0x22,0x0f,0x06,0xda,0x4f,0x6a,0xf4,0xff,0xd1,0xc8,0xc0,0x77,0x59,0x4a,0x12,0x95,0x92,0x00,0xfb,0xb8,0x04,0x53,0x70,0xc6,0x6e,0x29,0x4d,0x35,0x1d,0x3d,0xb6,0xd8,0x31,0xad,0x5f,0x3e,0x05,0xc3,0xf3,0xec,0x42,0xbd,0xb4,0x8c,0x95,0x0b,0x67,0xfd,0x53,0x63,0xa1,0x0c,0x8e,0x39,0x21},
+	{0xf3,0x33,0x2b,0x38,0x8a,0x05,0xf5,0x89,0xb4,0xc0,0x48,0xad,0x0b,0xba,0xe2,0x5a,0x6e,0xb3,0x3d,0xa5,0x03,0xb5,0x93,0x8f,0xe6,0x32,0xa2,0x95,0x9d,0xed,0xa3,0x5a,0x01,0x56,0xb7,0xb4,0xf9,0xaa,0x98,0x27,0x72,0xad,0x8d,0x5c,0x13,0x72,0xac,0x5e,0x23,0xa0,0xb7,0x61,0x61,0xaa,0xce,0xd2,0x4e,0x7d,0x8f,0xe9,0x84,0xb2,0xbf,0x1b,0x61,0x65,0xd9,0xc7,0xe9,0x77,0x67,0x65,0x36,0x80,0xc7,0x72,0x54,0x12,0x2b,0xcb,0xee,0x6e,0x50,0xd9,0x99,0x32,0x05,0x65,0xcc,0x57,0x89,0x5e,0x4e,0xe1,0x07,0x4a},
+	{0x99,0xf9,0x0d,0x98,0xcb,0x12,0xe4,0x4e,0x71,0xc7,0x6e,0x3c,0x6f,0xd7,0x15,0xa3,0xfd,0x77,0x5c,0x92,0xde,0xed,0xa5,0xbb,0x02,0x34,0x31,0x1d,0x39,0xac,0x0b,0x3f,0x9b,0xa4,0x77,0xc4,0xcd,0x58,0x0b,0x24,0x17,0xf0,0x47,0x64,0xde,0xda,0x38,0xfd,0xad,0x6a,0xc8,0xa7,0x32,0x8d,0x92,0x19,0x81,0xa0,0xaf,0x84,0xed,0x7a,0xaf,0x50,0xe5,0x5b,0xf6,0x15,0x01,0xde,0x4f,0x6e,0xb2,0x09,0x61,0x21,0x21,0x26,0x98,0x29,0xd9,0xd6,0xad,0x0b,0x81,0x05,0x02,0x78,0x06,0xd0,0xeb,0xba,0x16,0xa3,0x21,0x19},
+	{0xfc,0x70,0xb8,0xdf,0x7e,0x2f,0x42,0x89,0xbd,0xb3,0x76,0x4f,0xeb,0x6b,0x29,0x2c,0xf7,0x4d,0xc2,0x36,0xd4,0xf1,0x38,0x07,0xb0,0xae,0x73,0xe2,0x41,0xdf,0x58,0x64,0x8b,0xc1,0xf3,0xd9,0x9a,0xad,0x5a,0xd7,0x9c,0xc1,0xb1,0x60,0xef,0x0e,0x6a,0x56,0xd9,0x0e,0x5c,0x25,0xac,0x0b,0x9a,0x3e,0xf5,0xc7,0x62,0xa0,0xec,0x9d,0x04,0x7b,0x83,0x44,0x44,0x35,0x7a,0xe3,0xcb,0xdc,0x93,0xbe,0xed,0x0f,0x33,0x79,0x88,0x75,0x87,0xdd,0xc5,0x12,0xc3,0x04,0x60,0x78,0x64,0x0e,0x95,0xc2,0xcb,0xdc,0x93,0x60},
+	{0x6d,0x70,0xe0,0x85,0x85,0x9a,0xf3,0x1f,0x33,0x39,0xe7,0xb3,0xd8,0xa5,0xd0,0x36,0x3b,0x45,0x8f,0x71,0xe1,0xf2,0xb9,0x43,0x7c,0xa9,0x27,0x48,0x08,0xea,0xd1,0x57,0x4b,0x03,0x84,0x60,0xbe,0xee,0xde,0x6b,0x54,0xb8,0x0f,0x78,0xb6,0xc2,0x99,0x31,0x95,0x06,0x2d,0xb6,0xab,0x76,0x33,0x97,0x90,0x7d,0x64,0x8b,0xc9,0x80,0x31,0x6e,0x71,0xb0,0x28,0xa1,0xe7,0xb6,0x7a,0xee,0xaa,0x8b,0xa8,0x93,0x6d,0x59,0xc1,0xa4,0x30,0x61,0x21,0xb2,0x82,0xde,0xb4,0xf7,0x18,0xbd,0x97,0xdd,0x9d,0x99,0x3e,0x36},
+	{0xc4,0x1f,0xee,0x35,0xc1,0x43,0xa8,0x96,0xcf,0xc8,0xe4,0x08,0x55,0xb3,0x6e,0x97,0x30,0xd3,0x8c,0xb5,0x01,0x68,0x2f,0xb4,0x2b,0x05,0x3a,0x69,0x78,0x9b,0xee,0x48,0xc6,0xae,0x4b,0xe2,0xdc,0x48,0x18,0x2f,0x60,0xaf,0xbc,0xba,0x55,0x72,0x9b,0x76,0x31,0xe9,0xef,0x3c,0x6e,0x3c,0xcb,0x90,0x55,0xb3,0xf9,0xc6,0x9b,0x97,0x1f,0x23,0xc6,0xf3,0x2a,0xcc,0x4b,0xde,0x31,0x5c,0x1f,0x8d,0x20,0xfe,0x30,0xb0,0x4b,0xb0,0x66,0xb4,0x4f,0xc1,0x09,0x70,0x8d,0xb7,0x13,0x24,0x79,0x08,0x9b,0xfa,0x9b,0x07},
+	{0xf4,0x0d,0x30,0xda,0x51,0x3a,0x90,0xe3,0xb0,0x5a,0xa9,0x3d,0x23,0x64,0x39,0x84,0x80,0x64,0x35,0x0b,0x2d,0xf1,0x3c,0xed,0x94,0x71,0x81,0x84,0xf6,0x77,0x8c,0x03,0x45,0x42,0xd5,0xa2,0x80,0xed,0xc9,0xf3,0x52,0x39,0xf6,0x77,0x78,0x8b,0xa0,0x0a,0x75,0x54,0x08,0xd1,0x63,0xac,0x6d,0xd7,0x6b,0x63,0x70,0x94,0x15,0xfb,0xf4,0x1e,0xec,0x7b,0x16,0x5b,0xe6,0x5e,0x4e,0x85,0xc2,0xcd,0xd0,0x96,0x42,0x0a,0x59,0x59,0x99,0x21,0x10,0x98,0x34,0xdf,0xb2,0x72,0x56,0xff,0x0b,0x4a,0x2a,0xe9,0x5e,0x57},
+	{0xcf,0x2f,0x18,0x8a,0x90,0x80,0xc0,0xd4,0xbd,0x9d,0x48,0x99,0xc2,0x70,0xe1,0x30,0xde,0x33,0xf7,0x52,0x57,0xbd,0xba,0x05,0x00,0xfd,0xd3,0x2c,0x11,0xe7,0xd4,0x43,0x01,0xd8,0xa4,0x0a,0x45,0xbc,0x46,0x5d,0xd8,0xb9,0x33,0xa5,0x27,0x12,0xaf,0xc3,0xc2,0x06,0x89,0x2b,0x26,0x3b,0x9e,0x38,0x1b,0x58,0x2f,0x38,0x7e,0x1e,0x0a,0x20,0xc5,0x3a,0xf9,0xea,0x67,0xb9,0x8d,0x51,0xc0,0x52,0x66,0x05,0x9b,0x98,0xbc,0x71,0xf5,0x97,0x71,0x56,0xd9,0x85,0x2b,0xfe,0x38,0x4e,0x1e,0x65,0x52,0xca,0x0e,0x05},
+	{0x9c,0x0c,0x3f,0x45,0xde,0x1a,0x43,0xc3,0x9b,0x3b,0x70,0xff,0x5e,0x04,0xf5,0xe9,0x3d,0x7b,0x84,0xed,0xc9,0x7a,0xd9,0xfc,0xc6,0xf4,0x58,0x1c,0xc2,0xe6,0x0e,0x4b,0xea,0x68,0xe6,0x60,0x76,0x39,0xac,0x97,0x97,0xb4,0x3a,0x15,0xfe,0xbb,0x19,0x9b,0x9f,0xa7,0xec,0x34,0xb5,0x79,0xb1,0x4c,0x57,0xae,0x31,0xa1,0x9f,0xc0,0x51,0x61,0x96,0x5d,0xf0,0xfd,0x0d,0x5c,0xf5,0x3a,0x7a,0xee,0xb4,0x2a,0xe0,0x2e,0x26,0xdd,0x09,0x17,0x17,0x12,0x87,0xbb,0xb2,0x11,0x0b,0x03,0x0f,0x80,0xfa,0x24,0xef,0x1f},
+	{0x96,0x31,0xa7,0x1a,0xfb,0x53,0xd6,0x37,0x18,0x64,0xd7,0x3f,0x30,0x95,0x94,0x0f,0xb2,0x17,0x3a,0xfb,0x09,0x0b,0x20,0xad,0x3e,0x61,0xc8,0x2f,0x29,0x49,0x4d,0x54,0x86,0x6b,0x97,0x30,0xf5,0xaf,0xd2,0x22,0x04,0x46,0xd2,0xc2,0x06,0xb8,0x90,0x8d,0xe5,0xba,0xe5,0x4d,0x6c,0x89,0xa1,0xdc,0x17,0x0c,0x34,0xc8,0xe6,0x5f,0x00,0x28,0x88,0x86,0x52,0x34,0x9f,0xba,0xef,0x6a,0xa1,0x7d,0x10,0x25,0x94,0xff,0x1b,0x5c,0x36,0x4b,0xd9,0x66,0xcd,0xbb,0x5b,0xf7,0xfa,0x6d,0x31,0x0f,0x93,0x72,0xe4,0x72},
+	{0x4f,0x08,0x81,0x97,0x8c,0x20,0x95,0x26,0xe1,0x0e,0x45,0x23,0x0b,0x2a,0x50,0xb1,0x02,0xde,0xef,0x03,0xa6,0xae,0x9d,0xfd,0x4c,0xa3,0x33,0x27,0x8c,0x2e,0x9d,0x5a,0x27,0x76,0x2a,0xd3,0x35,0xf6,0xf3,0x07,0xf0,0x66,0x65,0x5f,0x86,0x4d,0xaa,0x7a,0x50,0x44,0xd0,0x28,0x97,0xe7,0x85,0x3c,0x38,0x64,0xe0,0x0f,0x00,0x7f,0xee,0x1f,0xe5,0xf7,0xdb,0x03,0xda,0x05,0x53,0x76,0xbd,0xcd,0x34,0x14,0x49,0xf2,0xda,0xa4,0xec,0x88,0x4a,0xd2,0xcd,0xd5,0x4a,0x7b,0x43,0x05,0x04,0xee,0x51,0x40,0xf9,0x00},
+	{0xb2,0x30,0xd3,0xc3,0x23,0x6b,0x35,0x8d,0x06,0x1b,0x47,0xb0,0x9b,0x8b,0x1c,0xf2,0x3c,0xb8,0x42,0x6e,0x6c,0x31,0x6c,0xb3,0x0d,0xb1,0xea,0x8b,0x7e,0x9c,0xd7,0x07,0x53,0x97,0xaf,0x07,0xbb,0x93,0xef,0xd7,0xa7,0x66,0xb7,0x3d,0xcf,0xd0,0x3e,0x58,0xc5,0x1e,0x0b,0x6e,0xbf,0x98,0x69,0xce,0x52,0x04,0xd4,0x5d,0xd2,0xff,0xb7,0x47,0x12,0xdd,0x08,0xbc,0x9c,0xfb,0xfb,0x87,0x9b,0xc2,0xee,0xe1,0x3a,0x6b,0x06,0x8a,0xbf,0xc1,0x1f,0xdb,0x2b,0x24,0x57,0x0d,0xb6,0x4b,0xa6,0x5e,0xa3,0x20,0x35,0x1c},
+	{0x4a,0xa3,0xcb,0xbc,0xa6,0x53,0xd2,0x80,0x9b,0x21,0x38,0x38,0xa1,0xc3,0x61,0x3e,0x96,0xe3,0x82,0x98,0x01,0xb6,0xc3,0x90,0x6f,0xe6,0x0e,0x5d,0x77,0x05,0x3d,0x1c,0x59,0xc0,0x6b,0x21,0x40,0x6f,0xa8,0xcd,0x7e,0xd8,0xbc,0x12,0x1d,0x23,0xbb,0x1f,0x90,0x09,0xc7,0x17,0x9e,0x6a,0x95,0xb4,0x55,0x2e,0xd1,0x66,0x3b,0x0c,0x75,0x38,0x1a,0xe5,0x22,0x94,0x40,0xf1,0x2e,0x69,0x71,0xf6,0x5d,0x2b,0x3c,0xc7,0xc0,0xcb,0x29,0xe0,0x4c,0x74,0xe7,0x4f,0x01,0x21,0x7c,0x48,0x30,0xd3,0xc7,0xe2,0x21,0x06},
+	{0x8d,0x83,0x59,0x82,0xcc,0x60,0x98,0xaf,0xdc,0x9a,0x9f,0xc6,0xc1,0x48,0xea,0x90,0x30,0x1e,0x58,0x65,0x37,0x48,0x26,0x65,0xbc,0xa5,0xd3,0x7b,0x09,0xd6,0x07,0x00,0xf3,0xf0,0xdb,0xb0,0x96,0x17,0xae,0xb7,0x96,0xe1,0x7c,0xe1,0xb9,0xaf,0xdf,0x54,0xb4,0xa3,0xaa,0xe9,0x71,0x30,0x92,0x25,0x9d,0x2e,0x00,0xa1,0x9c,0x58,0x8e,0x5d,0x4b,0xa9,0x42,0x08,0x95,0x1d,0xbf,0xc0,0x3e,0x2e,0x8f,0x58,0x63,0xc3,0xd3,0xb2,0xef,0xe2,0x51,0xbb,0x38,0x14,0x96,0x0a,0x86,0xbf,0x1c,0x3c,0x78,0xd7,0x83,0x15},
+	{0xe1,0x7a,0xa2,0x5d,0xef,0xa2,0xee,0xec,0x74,0x01,0x67,0x55,0x14,0x3a,0x7c,0x59,0x7a,0x16,0x09,0x66,0x12,0x2a,0xa6,0xc9,0x70,0x8f,0xed,0x81,0x2e,0x5f,0x2a,0x25,0xc7,0x28,0x9d,0xcc,0x04,0x47,0x03,0x90,0x8f,0xc5,0x2c,0xf7,0x9e,0x67,0x1b,0x1d,0x26,0x87,0x5b,0xbe,0x5f,0x2b,0xe1,0x16,0x0a,0x58,0xc5,0x83,0x4e,0x06,0x58,0x49,0x0d,0xe8,0x66,0x50,0x26,0x94,0x28,0x0d,0x6b,0x8c,0x7c,0x30,0x85,0xf7,0xc3,0xfc,0xfd,0x12,0x11,0x0c,0x78,0xda,0x53,0x1b,0x88,0xb3,0x43,0xd8,0x0b,0x17,0x9c,0x07},
+	{0xff,0x6f,0xfa,0x64,0xe4,0xec,0x06,0x05,0x23,0xe5,0x05,0x62,0x1e,0x43,0xe3,0xbe,0x42,0xea,0xb8,0x51,0x24,0x42,0x79,0x35,0x00,0xfb,0xc9,0x4a,0xe3,0x05,0xec,0x6d,0x56,0xd0,0xd5,0xc0,0x50,0xcd,0xd6,0xcd,0x3b,0x57,0x03,0xbb,0x6d,0x68,0xf7,0x9a,0x48,0xef,0xc3,0xf3,0x3f,0x72,0xa6,0x3c,0xcc,0x8a,0x7b,0x31,0xd7,0xc0,0x68,0x67,0xb3,0xc1,0x55,0xf1,0xe5,0x25,0xb6,0x94,0x91,0x7b,0x7b,0x99,0xa7,0xf3,0x7b,0x41,0x00,0x26,0x6b,0x6d,0xdc,0xbd,0x2c,0xc2,0xf4,0x52,0xcd,0xdd,0x14,0x5e,0x44,0x51},
+	{0x51,0x49,0x14,0x3b,0x4b,0x2b,0x50,0x57,0xb3,0xbc,0x4b,0x44,0x6b,0xff,0x67,0x8e,0xdb,0x85,0x63,0x16,0x27,0x69,0xbd,0xb8,0xc8,0x95,0x92,0xe3,0x31,0x6f,0x18,0x13,0x55,0xa4,0xbe,0x2b,0xab,0x47,0x31,0x89,0x29,0x91,0x07,0x92,0x4f,0xa2,0x53,0x8c,0xa7,0xf7,0x30,0xbe,0x48,0xf9,0x49,0x4b,0x3d,0xd4,0x4f,0x6e,0x08,0x90,0xe9,0x12,0x2e,0xbb,0xdf,0x7f,0xb3,0x96,0x0c,0xf1,0xf9,0xea,0x1c,0x12,0x5e,0x93,0x9a,0x9f,0x3f,0x98,0x5b,0x3a,0xc4,0x36,0x11,0xdf,0xaf,0x99,0x3e,0x5d,0xf0,0xe3,0xb2,0x77},
+	{0xde,0xc4,0x2e,0x9c,0xc5,0xa9,0x6f,0x29,0xcb,0xf3,0x84,0x4f,0xbf,0x61,0x8b,0xbc,0x08,0xf9,0xa8,0x17,0xd9,0x06,0x77,0x1c,0x5d,0x25,0xd3,0x7a,0xfc,0x95,0xb7,0x63,0xa4,0xb0,0xdd,0x12,0x9c,0x63,0x98,0xd5,0x6b,0x86,0x24,0xc0,0x30,0x9f,0xd1,0xa5,0x60,0xe4,0xfc,0x58,0x03,0x2f,0x7c,0xd1,0x8a,0x5e,0x09,0x2e,0x15,0x95,0xa1,0x07,0xc8,0x5f,0x9e,0x38,0x02,0x8f,0x36,0xa8,0x3b,0xe4,0x8d,0xcf,0x02,0x3b,0x43,0x90,0x43,0x26,0x41,0xc5,0x5d,0xfd,0xa1,0xaf,0x37,0x01,0x2f,0x03,0x3d,0xe8,0x8f,0x3e},
+	{0x94,0xa2,0x70,0x05,0xb9,0x15,0x8b,0x2f,0x49,0x45,0x08,0x67,0x70,0x42,0xf2,0x94,0x84,0xfd,0xbb,0x61,0xe1,0x5a,0x1c,0xde,0x07,0x40,0xac,0x7f,0x79,0x3b,0xba,0x75,0x3c,0xd1,0xef,0xe8,0x8d,0x4c,0x70,0x08,0x31,0x37,0xe0,0x33,0x8e,0x1a,0xc5,0xdf,0xe3,0xcd,0x60,0x12,0xa5,0x5d,0x9d,0xa5,0x86,0x8c,0x25,0xa6,0x99,0x08,0xd6,0x22,0x96,0xd1,0xcd,0x70,0xc0,0xdb,0x39,0x62,0x9a,0x8a,0x7d,0x6c,0x8b,0x8a,0xfe,0x60,0x60,0x12,0x40,0xeb,0xbc,0x47,0x88,0xb3,0x5e,0x9e,0x77,0x87,0x7b,0xd0,0x04,0x09},
+	{0x9c,0x91,0xba,0xdd,0xd4,0x1f,0xce,0xb4,0xaa,0x8d,0x4c,0xc7,0x3e,0xdb,0x31,0xcf,0x51,0xcc,0x86,0xad,0x63,0xcc,0x63,0x2c,0x07,0xde,0x1d,0xbc,0x3f,0x14,0xe2,0x43,0xb9,0x40,0xf9,0x48,0x66,0x2d,0x32,0xf4,0x39,0x0c,0x2d,0xbd,0x0c,0x2f,0x95,0x06,0x31,0xf9,0x81,0xa0,0xad,0x97,0x76,0x16,0x6c,0x2a,0xf7,0xba,0xce,0xaa,0x40,0x62,0xa0,0x95,0xa2,0x5b,0x9c,0x74,0x34,0xf8,0x5a,0xd2,0x37,0xca,0x5b,0x7c,0x94,0xd6,0x6a,0x31,0xc9,0xe7,0xa7,0x3b,0xf1,0x66,0xac,0x0c,0xb4,0x8d,0x23,0xaf,0xbd,0x56},
+	{0xeb,0x33,0x35,0xf5,0xe3,0xb9,0x2a,0x36,0x40,0x3d,0xb9,0x6e,0xd5,0x68,0x85,0x33,0x72,0x55,0x5a,0x1d,0x52,0x14,0x0e,0x9e,0x18,0x13,0x74,0x83,0x6d,0xa8,0x24,0x1d,0xb2,0x3b,0x9d,0xc1,0x6c,0xd3,0x10,0x13,0xb9,0x86,0x23,0x62,0xb7,0x6b,0x2a,0x06,0x5c,0x4f,0xa1,0xd7,0x91,0x85,0x9b,0x7c,0x54,0x57,0x1e,0x7e,0x50,0x31,0xaa,0x03,0x1f,0xce,0xd4,0xff,0x48,0x76,0xec,0xf4,0x1c,0x8c,0xac,0x54,0xf0,0xea,0x45,0xe0,0x7c,0x35,0x09,0x1d,0x82,0x25,0xd2,0x88,0x59,0x48,0xeb,0x9a,0xdc,0x61,0xb2,0x43},
+	{0xbb,0x79,0xbb,0x88,0x19,0x1e,0x5b,0xe5,0x9d,0x35,0x7a,0xc1,0x7d,0xd0,0x9e,0xa0,0x33,0xea,0x3d,0x60,0xe2,0x2e,0x2c,0xb0,0xc2,0x6b,0x27,0x5b,0xcf,0x55,0x60,0x32,0x64,0x13,0x95,0x6c,0x8b,0x3d,0x51,0x19,0x7b,0xf4,0x0b,0x00,0x26,0x71,0xfe,0x94,0x67,0x95,0x4f,0xd5,0xdd,0x10,0x8d,0x02,0x64,0x09,0x94,0x42,0xe2,0xd5,0xb4,0x02,0xf2,0x8d,0xd1,0x28,0xcb,0x55,0xa1,0xb4,0x08,0xe5,0x6c,0x18,0x46,0x46,0xcc,0xea,0x89,0x43,0x82,0x6c,0x93,0xf4,0x9c,0xc4,0x10,0x34,0x5d,0xae,0x09,0xc8,0xa6,0x27},
+	{0x88,0xb1,0x0d,0x1f,0xcd,0xeb,0xa6,0x8b,0xe8,0x5b,0x5a,0x67,0x3a,0xd7,0xd3,0x37,0x5a,0x58,0xf5,0x15,0xa3,0xdf,0x2e,0xf2,0x7e,0xa1,0x60,0xff,0x74,0x71,0xb6,0x2c,0x54,0x69,0x3d,0xc4,0x0a,0x27,0x2c,0xcd,0xb2,0xca,0x66,0x6a,0x57,0x3e,0x4a,0xdd,0x6c,0x03,0xd7,0x69,0x24,0x59,0xfa,0x79,0x99,0x25,0x8c,0x3d,0x60,0x03,0x15,0x22,0xd0,0xe1,0x0b,0x39,0xf9,0xcd,0xee,0x59,0xf1,0xe3,0x8c,0x72,0x44,0x20,0x42,0xa9,0xf4,0xf0,0x94,0x7a,0x66,0x1c,0x89,0x82,0x36,0xf4,0x90,0x38,0xb7,0xf4,0x1d,0x7b},
+	{0x24,0xa2,0xb2,0xb3,0xe0,0xf2,0x92,0xe4,0x60,0x11,0x55,0x2b,0x06,0x9e,0x6c,0x7c,0x0e,0x7b,0x7f,0x0d,0xe2,0x8f,0xeb,0x15,0x92,0x59,0xfc,0x58,0x26,0xef,0xfc,0x61,0x8c,0xf5,0xf8,0x07,0x18,0x22,0x2e,0x5f,0xd4,0x09,0x94,0xd4,0x9f,0x5c,0x55,0xe3,0x30,0xa6,0xb6,0x1f,0x8d,0xa8,0xaa,0xb2,0x3d,0xe0,0x52,0xd3,0x45,0x82,0x69,0x68,0x7a,0x18,0x18,0x2a,0x85,0x5d,0xb1,0xdb,0xd7,0xac,0xdd,0x86,0xd3,0xaa,0xe4,0xf3,0x82,0xc4,0xf6,0x0f,0x81,0xe2,0xba,0x44,0xcf,0x01,0xaf,0x3d,0x47,0x4c,0xcf,0x46},
+	{0xf9,0xe5,0xc4,0x9e,0xed,0x25,0x65,0x42,0x03,0x33,0x90,0x16,0x01,0xda,0x5e,0x0e,0xdc,0xca,0xe5,0xcb,0xf2,0xa7,0xb1,0x72,0x40,0x5f,0xeb,0x14,0xcd,0x7b,0x38,0x29,0x40,0x81,0x49,0xf1,0xa7,0x6e,0x3c,0x21,0x54,0x48,0x2b,0x39,0xf8,0x7e,0x1e,0x7c,0xba,0xce,0x29,0x56,0x8c,0xc3,0x88,0x24,0xbb,0xc5,0x8c,0x0d,0xe5,0xaa,0x65,0x10,0x57,0x0d,0x20,0xdf,0x25,0x45,0x2c,0x1c,0x4a,0x67,0xca,0xbf,0xd6,0x2d,0x3b,0x5c,0x30,0x40,0x83,0xe1,0xb1,0xe7,0x07,0x0a,0x16,0xe7,0x1c,0x4f,0xe6,0x98,0xa1,0x69},
+	{0xbc,0x78,0x1a,0xd9,0xe0,0xb2,0x62,0x90,0x67,0x96,0x50,0xc8,0x9c,0x88,0xc9,0x47,0xb8,0x70,0x50,0x40,0x66,0x4a,0xf5,0x9d,0xbf,0xa1,0x93,0x24,0xa9,0xe6,0x69,0x73,0xed,0xca,0xc5,0xdc,0x34,0x44,0x01,0xe1,0x33,0xfb,0x84,0x3c,0x96,0x5d,0xed,0x47,0xe7,0xa0,0x86,0xed,0x76,0x95,0x01,0x70,0xe4,0xf9,0x67,0xd2,0x7b,0x69,0xb2,0x25,0x64,0x68,0x98,0x13,0xfb,0x3f,0x67,0x9d,0xb8,0xc7,0x5d,0x41,0xd9,0xfb,0xa5,0x3c,0x5e,0x3b,0x27,0xdf,0x3b,0xcc,0x4e,0xe0,0xd2,0x4c,0x4e,0xb5,0x3d,0x68,0x20,0x14},
+	{0x97,0xd1,0x9d,0x24,0x1e,0xbd,0x78,0xb4,0x02,0xc1,0x58,0x5e,0x00,0x35,0x0c,0x62,0x5c,0xac,0xba,0xcc,0x2f,0xd3,0x02,0xfb,0x2d,0xa7,0x08,0xf5,0xeb,0x3b,0xb6,0x60,0xd0,0x5a,0xcc,0xc1,0x6f,0xbb,0xee,0x34,0x8b,0xac,0x46,0x96,0xe9,0x0c,0x1b,0x6a,0x53,0xde,0x6b,0xa6,0x49,0xda,0xb0,0xd3,0xc1,0x81,0xd0,0x61,0x41,0x3b,0xe8,0x31,0x4f,0x2b,0x06,0x9e,0x12,0xc7,0xe8,0x97,0xd8,0x0a,0x32,0x29,0x4f,0x8f,0xe4,0x49,0x3f,0x68,0x18,0x6f,0x4b,0xe1,0xec,0x5b,0x17,0x03,0x55,0x2d,0xb6,0x1e,0xcf,0x55},
+	{0x58,0x3d,0xc2,0x65,0x10,0x10,0x79,0x58,0x9c,0x81,0x94,0x50,0x6d,0x08,0x9d,0x8b,0xa7,0x5f,0xc5,0x12,0xa9,0x2f,0x40,0xe2,0xd4,0x91,0x08,0x57,0x64,0x65,0x9a,0x66,0x52,0x8c,0xf5,0x7d,0xe3,0xb5,0x76,0x30,0x36,0xcc,0x99,0xe7,0xdd,0xb9,0x3a,0xd7,0x20,0xee,0x13,0x49,0xe3,0x1c,0x83,0xbd,0x33,0x01,0xba,0x62,0xaa,0xfb,0x56,0x1a,0xec,0xc9,0x9d,0x5c,0x50,0x6b,0x3e,0x94,0x1a,0x37,0x7c,0xa7,0xbb,0x57,0x25,0x30,0x51,0x76,0x34,0x41,0x56,0xae,0x73,0x98,0x5c,0x8a,0xc5,0x99,0x67,0x83,0xc4,0x13},
+	{0xb9,0xe1,0xb3,0x5a,0x46,0x5d,0x3a,0x42,0x61,0x3f,0xf1,0xc7,0x87,0xc1,0x13,0xfc,0xb6,0xb9,0xb5,0xec,0x64,0x36,0xf8,0x19,0x07,0xb6,0x37,0xa6,0x93,0x0c,0xf8,0x66,0x80,0xd0,0x8b,0x5d,0x6a,0xfb,0xdc,0xc4,0x42,0x48,0x1a,0x57,0xec,0xc4,0xeb,0xde,0x65,0x53,0xe5,0xb8,0x83,0xe8,0xb2,0xd4,0x27,0xb8,0xe5,0xc8,0x7d,0xc8,0xbd,0x50,0x11,0xe1,0xdf,0x6e,0x83,0x37,0x6d,0x60,0xd9,0xab,0x11,0xf0,0x15,0x3e,0x35,0x32,0x96,0x3b,0xb7,0x25,0xc3,0x3a,0xb0,0x64,0xae,0xd5,0x5f,0x72,0x44,0x64,0xd5,0x1d},
+	{0x7d,0x12,0x62,0x33,0xf8,0x7f,0xa4,0x8f,0x15,0x7c,0xcd,0x71,0xc4,0x6a,0x9f,0xbc,0x8b,0x0c,0x22,0x49,0x43,0x45,0x71,0x6e,0x2e,0x73,0x9f,0x21,0x12,0x59,0x64,0x0e,0x9a,0xc8,0xba,0x08,0x00,0xe6,0x97,0xc2,0xe0,0xc3,0xe1,0xea,0x11,0xea,0x4c,0x7d,0x7c,0x97,0xe7,0x9f,0xe1,0x8b,0xe3,0xf3,0xcd,0x05,0xa3,0x63,0x0f,0x45,0x3a,0x3a,0x27,0x46,0x39,0xd8,0x31,0x2f,0x8f,0x07,0x10,0xa5,0x94,0xde,0x83,0x31,0x9d,0x38,0x80,0x6f,0x99,0x17,0x6d,0x6c,0xe3,0xd1,0x7b,0xa8,0xa9,0x93,0x93,0x8d,0x8c,0x31},
+	{0x19,0xfe,0xff,0x2a,0x03,0x5d,0x74,0xf2,0x66,0xdb,0x24,0x7f,0x49,0x3c,0x9f,0x0c,0xef,0x98,0x85,0xba,0xe3,0xd3,0x98,0xbc,0x14,0x53,0x1d,0x9a,0x67,0x7c,0x4c,0x22,0x98,0xd3,0x1d,0xab,0x29,0x9e,0x66,0x5d,0x3b,0x9e,0x2d,0x34,0x58,0x16,0x92,0xfc,0xcd,0x73,0x59,0xf3,0xfd,0x1d,0x85,0x55,0xf6,0x0a,0x95,0x25,0xc3,0x41,0x9a,0x50,0xe9,0x25,0xf9,0xa6,0xdc,0x6e,0xc0,0xbd,0x33,0x1f,0x1b,0x64,0xf4,0xf3,0x3e,0x79,0x89,0x3e,0x83,0x9d,0x80,0x12,0xec,0x82,0x89,0x13,0xa1,0x28,0x23,0xf0,0xbf,0x05},
+	{0x0b,0xe0,0xca,0x23,0x70,0x13,0x32,0x36,0x59,0xcf,0xac,0xd1,0x0a,0xcf,0x4a,0x54,0x88,0x1c,0x1a,0xd2,0x49,0x10,0x74,0x96,0xa7,0x44,0x2a,0xfa,0xc3,0x8c,0x0b,0x78,0xe4,0x12,0xc5,0x0d,0xdd,0xa0,0x81,0x68,0xfe,0xfa,0xa5,0x44,0xc8,0x0d,0xe7,0x4f,0x40,0x52,0x4a,0x8f,0x6b,0x8e,0x74,0x1f,0xea,0xa3,0x01,0xee,0xcd,0x77,0x62,0x57,0x5f,0x30,0x4f,0x23,0xbc,0x8a,0xf3,0x1e,0x08,0xde,0x05,0x14,0xbd,0x7f,0x57,0x9a,0x0d,0x2a,0xe6,0x34,0x14,0xa5,0x82,0x5e,0xa1,0xb7,0x71,0x62,0x72,0x18,0xf4,0x5f},
+	{0x9d,0xdb,0x89,0x17,0x0c,0x08,0x8e,0x39,0xf5,0x78,0xe7,0xf3,0x25,0x20,0x60,0xa7,0x5d,0x03,0xbd,0x06,0x4c,0x89,0x98,0xfa,0xbe,0x66,0xa9,0x25,0xdc,0x03,0x6a,0x10,0x40,0x95,0xb6,0x13,0xe8,0x47,0xdb,0xe5,0xe1,0x10,0x26,0x43,0x3b,0x2a,0x5d,0xf3,0x76,0x12,0x78,0x38,0xe9,0x26,0x1f,0xac,0x69,0xcb,0xa0,0xa0,0x8c,0xdb,0xd4,0x29,0xd0,0x53,0x33,0x33,0xaf,0x0a,0xad,0xd9,0xe5,0x09,0xd3,0xac,0xa5,0x9d,0x66,0x38,0xf0,0xf7,0x88,0xc8,0x8a,0x65,0x57,0x3c,0xfa,0xbe,0x2c,0x05,0x51,0x8a,0xb3,0x4a},
+	{0x93,0xd5,0x68,0x67,0x25,0x2b,0x7c,0xda,0x13,0xca,0x22,0x44,0x57,0xc0,0xc1,0x98,0x1d,0xce,0x0a,0xca,0xd5,0x0b,0xa8,0xf1,0x90,0xa6,0x88,0xc0,0xad,0xd1,0xcd,0x29,0x9c,0xc0,0xdd,0x5f,0xef,0xd1,0xcf,0xd6,0xce,0x5d,0x57,0xf7,0xfd,0x3e,0x2b,0xe8,0xc2,0x34,0x16,0x20,0x5d,0x6b,0xd5,0x25,0x9b,0x2b,0xed,0x04,0xbb,0xc6,0x41,0x30,0x48,0xe1,0x56,0xd9,0xf9,0xf2,0xf2,0x0f,0x2e,0x6b,0x35,0x9f,0x75,0x97,0xe7,0xad,0x5c,0x02,0x6c,0x5f,0xbb,0x98,0x46,0x1a,0x7b,0x9a,0x04,0x14,0x68,0xbd,0x4b,0x10},
+	{0x67,0xed,0xf1,0x68,0x31,0xfd,0xf0,0x51,0xc2,0x3b,0x6f,0xd8,0xcd,0x1d,0x81,0x2c,0xde,0xf2,0xd2,0x04,0x43,0x5c,0xdc,0x44,0x49,0x71,0x2a,0x09,0x57,0xcc,0xe8,0x5b,0x63,0xf1,0x7f,0xd6,0x5f,0x9a,0x5d,0xa9,0x81,0x56,0xc7,0x4c,0x9d,0xe6,0x2b,0xe9,0x57,0xf2,0x20,0xde,0x4c,0x02,0xf8,0xb7,0xf5,0x2d,0x07,0xfb,0x20,0x2a,0x4f,0x20,0x79,0xb0,0xeb,0x30,0x3d,0x3b,0x14,0xc8,0x30,0x2e,0x65,0xbd,0x5a,0x15,0x89,0x75,0x31,0x5c,0x6d,0x8f,0x31,0x3c,0x3c,0x65,0x1f,0x16,0x79,0xc2,0x17,0xfb,0x70,0x25},
+	{0x75,0x15,0xb6,0x2c,0x7f,0x36,0xfa,0x3e,0x6c,0x02,0xd6,0x1c,0x76,0x6f,0xf9,0xf5,0x62,0x25,0xb5,0x65,0x2a,0x14,0xc7,0xe8,0xcd,0x0a,0x03,0x53,0xea,0x65,0xcb,0x3d,0x5a,0x24,0xb8,0x0b,0x55,0xa9,0x2e,0x19,0xd1,0x50,0x90,0x8f,0xa8,0xfb,0xe6,0xc8,0x35,0xc9,0xa4,0x88,0x2d,0xea,0x86,0x79,0x68,0x86,0x01,0xde,0x91,0x5f,0x1c,0x24,0xaa,0x6c,0xde,0x40,0x29,0x17,0xd8,0x28,0x3a,0x73,0xd9,0x22,0xf0,0x2c,0xbf,0x8f,0xd1,0x01,0x5b,0x23,0xdd,0xfc,0xd7,0x16,0xe5,0xf0,0xcd,0x5f,0xdd,0x0e,0x42,0x08},
+	{0x4a,0xfa,0x62,0x83,0xab,0x20,0xff,0xcd,0x6e,0x3e,0x1a,0xe2,0xd4,0x18,0xe1,0x57,0x2b,0xe6,0x39,0xfc,0x17,0x96,0x17,0xe3,0xfd,0x69,0x17,0xbc,0xef,0x53,0x9a,0x0d,0xce,0x10,0xf4,0x04,0x4e,0xc3,0x58,0x03,0x85,0x06,0x6e,0x27,0x5a,0x5b,0x13,0xb6,0x21,0x15,0xb9,0xeb,0xc7,0x70,0x96,0x5d,0x9c,0x88,0xdb,0x21,0xf3,0x54,0xd6,0x04,0xd5,0xb5,0xbd,0xdd,0x16,0xc1,0x7d,0x5e,0x2d,0xdd,0xa5,0x8d,0xb6,0xde,0x54,0x29,0x92,0xa2,0x34,0x33,0x17,0x08,0xb6,0x1c,0xd7,0x1a,0x99,0x18,0x26,0x4f,0x7a,0x4a},
+	{0x95,0x5f,0xb1,0x5f,0x02,0x18,0xa7,0xf4,0x8f,0x1b,0x5c,0x6b,0x34,0x5f,0xf6,0x3d,0x12,0x11,0xe0,0x00,0x85,0xf0,0xfc,0xcd,0x48,0x18,0xd3,0xdd,0x4c,0x0c,0xb5,0x11,0x4b,0x2a,0x37,0xaf,0x91,0xb2,0xc3,0x24,0xf2,0x47,0x81,0x71,0x70,0x82,0xda,0x93,0xf2,0x9e,0x89,0x86,0x64,0x85,0x84,0xdd,0x33,0xee,0xe0,0x23,0x42,0x31,0x96,0x4a,0xd6,0xff,0xa4,0x08,0x44,0x27,0xe8,0xa6,0xd9,0x76,0x15,0x9c,0x7e,0x17,0x8e,0x73,0xf2,0xb3,0x02,0x3d,0xb6,0x48,0x33,0x77,0x51,0xcc,0x6b,0xce,0x4d,0xce,0x4b,0x4f},
+	{0x84,0x25,0x24,0xe2,0x5a,0xce,0x1f,0xa7,0x9e,0x8a,0xf5,0x92,0x56,0x72,0xea,0x26,0xf4,0x3c,0xea,0x1c,0xd7,0x09,0x1a,0xd2,0xe6,0x01,0x1c,0xb7,0x14,0xdd,0xfc,0x73,0x6f,0x0b,0x9d,0xc4,0x6e,0x61,0xe2,0x30,0x17,0x23,0xec,0xca,0x8f,0x71,0x56,0xe4,0xa6,0x4f,0x6b,0xf2,0x9b,0x40,0xeb,0x48,0x37,0x5f,0x59,0x61,0xe5,0xce,0x42,0x30,0x41,0xac,0x9b,0x44,0x79,0x70,0x7e,0x42,0x0a,0x31,0xe2,0xbc,0x6d,0xe3,0x5a,0x85,0x7c,0x1a,0x84,0x5f,0x21,0x76,0xae,0x4c,0xd6,0xe1,0x9c,0x9a,0x0c,0x74,0x9e,0x38},
+	{0xce,0xb9,0xdc,0x34,0xae,0xb3,0xfc,0x64,0xad,0xd0,0x48,0xe3,0x23,0x03,0x50,0x97,0x1b,0x38,0xc6,0x62,0x7d,0xf0,0xb3,0x45,0x88,0x67,0x5a,0x46,0x79,0x53,0x54,0x61,0x28,0xac,0x0e,0x57,0xf6,0x78,0xbd,0xc9,0xe1,0x9c,0x91,0x27,0x32,0x0b,0x5b,0xe5,0xed,0x91,0x9b,0xa1,0xab,0x3e,0xfc,0x65,0x90,0x36,0x26,0xd6,0xe5,0x25,0xc4,0x25,0x6e,0xde,0xd7,0xf1,0xa6,0x06,0x3e,0x3f,0x08,0x23,0x06,0x8e,0x27,0x76,0xf9,0x3e,0x77,0x6c,0x8a,0x4e,0x26,0xf6,0x14,0x8c,0x59,0x47,0x48,0x15,0x89,0xa0,0x39,0x65},
+	{0x73,0xf7,0xd2,0xc3,0x74,0x1f,0xd2,0xe9,0x45,0x68,0xc4,0x25,0x41,0x54,0x50,0xc1,0x33,0x9e,0xb9,0xf9,0xe8,0x5c,0x4e,0x62,0x6c,0x18,0xcd,0xc5,0xaa,0xe4,0xc5,0x11,0x19,0x4a,0xbb,0x14,0xd4,0xdb,0xc4,0xdd,0x8e,0x4f,0x42,0x98,0x3c,0xbc,0xb2,0x19,0x69,0x71,0xca,0x36,0xd7,0x9f,0xa8,0x48,0x90,0xbd,0x19,0xf0,0x0e,0x32,0x65,0x0f,0xc6,0xe0,0xfd,0xca,0xb1,0xd1,0x86,0xd4,0x81,0x51,0x3b,0x16,0xe3,0xe6,0x3f,0x4f,0x9a,0x93,0xf2,0xfa,0x0d,0xaf,0xa8,0x59,0x2a,0x07,0x33,0xec,0xbd,0xc7,0xab,0x4c},
+	{0x2e,0x0a,0x9c,0x08,0x24,0x96,0x9e,0x23,0x38,0x47,0xfe,0x3a,0xc0,0xc4,0x48,0xc7,0x2a,0xa1,0x4f,0x76,0x2a,0xed,0xdb,0x17,0x82,0x85,0x1c,0x32,0xf0,0x93,0x9b,0x63,0x89,0xd2,0x78,0x3f,0x8f,0x78,0x8f,0xc0,0x9f,0x4d,0x40,0xa1,0x2c,0xa7,0x30,0xfe,0x9d,0xcc,0x65,0xcf,0xfc,0x8b,0x77,0xf2,0x21,0x20,0xcb,0x5a,0x16,0x98,0xe4,0x7e,0xc3,0xa1,0x11,0x91,0xe3,0x08,0xd5,0x7b,0x89,0x74,0x90,0x80,0xd4,0x90,0x2b,0x2b,0x19,0xfd,0x72,0xae,0xc2,0xae,0xd2,0xe7,0xa6,0x02,0xb6,0x85,0x3c,0x49,0xdf,0x0e},
+	{0x68,0x5a,0x9b,0x59,0x58,0x81,0xcc,0xae,0x0e,0xe2,0xad,0xeb,0x0f,0x4f,0x57,0xea,0x07,0x7f,0xb6,0x22,0x74,0x1d,0xe4,0x4f,0xb4,0x4f,0x9d,0x01,0xe3,0x92,0x3b,0x40,0x13,0x41,0x76,0x84,0xd2,0xc4,0x67,0x67,0x35,0xf8,0xf5,0xf7,0x3f,0x40,0x90,0xa0,0xde,0xbe,0xe6,0xca,0xfa,0xcf,0x8f,0x1c,0x69,0xa3,0xdf,0xd1,0x54,0x0c,0xc0,0x04,0xf8,0x5c,0x46,0x8b,0x81,0x2f,0xc2,0x4d,0xf8,0xef,0x80,0x14,0x5a,0xf3,0xa0,0x71,0x57,0xd6,0xc7,0x04,0xad,0xbf,0xe8,0xae,0xf4,0x76,0x61,0xb2,0x2a,0xb1,0x5b,0x35},
+	{0xf4,0xbb,0x93,0x74,0xcc,0x64,0x1e,0xa7,0xc3,0xb0,0xa3,0xec,0xd9,0x84,0xbd,0xe5,0x85,0xe7,0x05,0xfa,0x0c,0xc5,0x6b,0x0a,0x12,0xc3,0x2e,0x18,0x32,0x81,0x9b,0x0f,0x18,0x73,0x8c,0x5a,0xc7,0xda,0x01,0xa3,0x11,0xaa,0xce,0xb3,0x9d,0x03,0x90,0xed,0x2d,0x3f,0xae,0x3b,0xbf,0x7c,0x07,0x6f,0x8e,0xad,0x52,0xe0,0xf8,0xea,0x18,0x75,0x32,0x6c,0x7f,0x1b,0xc4,0x59,0x88,0xa4,0x98,0x32,0x38,0xf4,0xbc,0x60,0x2d,0x0f,0xd9,0xd1,0xb1,0xc9,0x29,0xa9,0x15,0x18,0xc4,0x55,0x17,0xbb,0x1b,0x87,0xc3,0x47},
+	{0x48,0x4f,0xec,0x71,0x97,0x53,0x44,0x51,0x6e,0x5d,0x8c,0xc9,0x7d,0xb1,0x05,0xf8,0x6b,0xc6,0xc3,0x47,0x1a,0xc1,0x62,0xf7,0xdc,0x99,0x46,0x76,0x85,0x9b,0xb8,0x00,0xb0,0x66,0x50,0xc8,0x50,0x5d,0xe6,0xfb,0xb0,0x99,0xa2,0xb3,0xb0,0xc4,0xec,0x62,0xe0,0xe8,0x1a,0x44,0xea,0x54,0x37,0xe5,0x5f,0x8d,0xd4,0xe8,0x2c,0xa0,0xfe,0x08,0xd0,0xea,0xde,0x68,0x76,0xdd,0x4d,0x82,0x23,0x5d,0x68,0x4b,0x20,0x45,0x64,0xc8,0x65,0xd6,0x89,0x5d,0xcd,0xcf,0x14,0xb5,0x37,0xd5,0x75,0x4f,0xa7,0x29,0x38,0x47},
+	{0x18,0xc4,0x79,0x46,0x75,0xda,0xd2,0x82,0xf0,0x8d,0x61,0xb2,0xd8,0xd7,0x3b,0xe6,0x0a,0xeb,0x47,0xac,0x24,0xef,0x5e,0x35,0xb4,0xc6,0x33,0x48,0x4c,0x68,0x78,0x20,0xc9,0x02,0x39,0xad,0x3a,0x53,0xd9,0x23,0x8f,0x58,0x03,0xef,0xce,0xdd,0xc2,0x64,0xb4,0x2f,0xe1,0xcf,0x90,0x73,0x25,0x15,0x90,0xd3,0xe4,0x44,0x4d,0x8b,0x66,0x6c,0x0c,0x82,0x78,0x7a,0x21,0xcf,0x48,0x3b,0x97,0x3e,0x27,0x81,0xb2,0x0a,0x6a,0xf7,0x7b,0xed,0x8e,0x8c,0xa7,0x65,0x6c,0xa9,0x3f,0x43,0x8a,0x4f,0x05,0xa6,0x11,0x74},
+	{0x6d,0xc8,0x9d,0xb9,0x32,0x9d,0x65,0x4d,0x15,0xf1,0x3a,0x60,0x75,0xdc,0x4c,0x04,0x88,0xe4,0xc2,0xdc,0x2c,0x71,0x4c,0xb3,0xff,0x34,0x81,0xfb,0x74,0x65,0x13,0x7c,0xb4,0x75,0xb1,0x18,0x3d,0xe5,0x9a,0x57,0x02,0xa1,0x92,0xf3,0x59,0x31,0x71,0x68,0xf5,0x35,0xef,0x1e,0xba,0xec,0x55,0x84,0x8f,0x39,0x8c,0x45,0x72,0xa8,0xc9,0x1e,0x9b,0x50,0xa2,0x00,0xd4,0xa4,0xe6,0xb8,0xb4,0x82,0xc8,0x0b,0x02,0xd7,0x81,0x9b,0x61,0x75,0x95,0xf1,0x9b,0xcc,0xe7,0x57,0x60,0x64,0xcd,0xc7,0xa5,0x88,0xdd,0x3a},
+	{0xf2,0xdc,0x35,0xb6,0x70,0x57,0x89,0xab,0xbc,0x1f,0x6c,0xf6,0x6c,0xef,0xdf,0x02,0x87,0xd1,0xb6,0xbe,0x68,0x02,0x53,0x85,0x74,0x9e,0x87,0xcc,0xfc,0x29,0x99,0x24,0x46,0x30,0x39,0x59,0xd4,0x98,0xc2,0x85,0xec,0x59,0xf6,0x5f,0x98,0x35,0x7e,0x8f,0x3a,0x6e,0xf6,0xf2,0x2a,0xa2,0x2c,0x1d,0x20,0xa7,0x06,0xa4,0x31,0x11,0xba,0x61,0x29,0x90,0x95,0x16,0xf1,0xa0,0xd0,0xa3,0x89,0xbd,0x7e,0xba,0x6c,0x6b,0x3b,0x02,0x07,0x33,0x78,0x26,0x3e,0x5a,0xf1,0x7b,0xe7,0xec,0xd8,0xbb,0x0c,0x31,0x20,0x56},
+	{0x43,0xd6,0x34,0x49,0x43,0x93,0x89,0x52,0xf5,0x22,0x12,0xa5,0x06,0xf8,0xdb,0xb9,0x22,0x1c,0xf4,0xc3,0x8f,0x87,0x6d,0x8f,0x30,0x97,0x9d,0x4d,0x2a,0x6a,0x67,0x37,0xd6,0x85,0xe2,0x77,0xf4,0xb5,0x46,0x66,0x93,0x61,0x8f,0x6c,0x67,0xff,0xe8,0x40,0xdd,0x94,0xb5,0xab,0x11,0x73,0xec,0xa6,0x4d,0xec,0x8c,0x65,0xf3,0x46,0xc8,0x7e,0xc7,0x2e,0xa2,0x1d,0x3f,0x8f,0x5e,0x9b,0x13,0xcd,0x01,0x6c,0x77,0x1d,0x0f,0x13,0xb8,0x9f,0x98,0xa2,0xcf,0x8f,0x4c,0x21,0xd5,0x9d,0x9b,0x39,0x23,0xf7,0xaa,0x6d},
+	{0x47,0xbe,0x3d,0xeb,0x62,0x75,0x3a,0x5f,0xb8,0xa0,0xbd,0x8e,0x54,0x38,0xea,0xf7,0x99,0x72,0x74,0x45,0x31,0xe5,0xc3,0x00,0x51,0xd5,0x27,0x16,0xe7,0xe9,0x04,0x13,0xa2,0x8e,0xad,0xac,0xbf,0x04,0x3b,0x58,0x84,0xe8,0x8b,0x14,0xe8,0x43,0xb7,0x29,0xdb,0xc5,0x10,0x08,0x3b,0x58,0x1e,0x2b,0xaa,0xbb,0xb3,0x8e,0xe5,0x49,0x54,0x2b,0xfe,0x9c,0xdc,0x6a,0xd2,0x14,0x98,0x78,0x0b,0xdd,0x48,0x8b,0x3f,0xab,0x1b,0x3c,0x0a,0xc6,0x79,0xf9,0xff,0xe1,0x0f,0xda,0x93,0xd6,0x2d,0x7c,0x2d,0xde,0x68,0x44},
+	{0x9e,0x46,0x19,0x94,0x5e,0x35,0xbb,0x51,0x54,0xc7,0xdd,0x23,0x4c,0xdc,0xe6,0x33,0x62,0x99,0x7f,0x44,0xd6,0xb6,0xa5,0x93,0x63,0xbd,0x44,0xfb,0x6f,0x7c,0xce,0x6c,0xce,0x07,0x63,0xf8,0xc6,0xd8,0x9a,0x4b,0x28,0x0c,0x5d,0x43,0x31,0x35,0x11,0x21,0x2c,0x77,0x7a,0x65,0xc5,0x66,0xa8,0xd4,0x52,0x73,0x24,0x63,0x7e,0x42,0xa6,0x5d,0xca,0x22,0xac,0xde,0x88,0xc6,0x94,0x1a,0xf8,0x1f,0xae,0xbb,0xf7,0x6e,0x06,0xb9,0x0f,0x58,0x59,0x8d,0x38,0x8c,0xad,0x88,0xa8,0x2c,0x9f,0xe7,0xbf,0x9a,0xf2,0x58},
+	{0x68,0x3e,0xe7,0x8d,0xab,0xcf,0x0e,0xe9,0xa5,0x76,0x7e,0x37,0x9f,0x6f,0x03,0x54,0x82,0x59,0x01,0xbe,0x0b,0x5b,0x49,0xf0,0x36,0x1e,0xf4,0xa7,0xc4,0x29,0x76,0x57,0xf6,0xcd,0x0e,0x71,0xbf,0x64,0x5a,0x4b,0x3c,0x29,0x2c,0x46,0x38,0xe5,0x4c,0xb1,0xb9,0x3a,0x0b,0xd5,0x56,0xd0,0x43,0x36,0x70,0x48,0x5b,0x18,0x24,0x37,0xf9,0x6a,0x88,0xa8,0xc6,0x09,0x45,0x02,0x20,0x32,0x73,0x89,0x55,0x4b,0x13,0x36,0xe0,0xd2,0x9f,0x28,0x33,0x3c,0x23,0x36,0xe2,0x83,0x8f,0xc1,0xae,0x0c,0xbb,0x25,0x1f,0x70},
+	{0xed,0x6c,0x61,0xe4,0xf8,0xb0,0xa8,0xc3,0x7d,0xa8,0x25,0x9e,0x0e,0x66,0x00,0xf7,0x9c,0xa5,0xbc,0xf4,0x1f,0x06,0xe3,0x61,0xe9,0x0b,0xc4,0xbd,0xbf,0x92,0x0c,0x2e,0x13,0xc1,0xbe,0x7c,0xd9,0xf6,0x18,0x9d,0xe4,0xdb,0xbf,0x74,0xe6,0x06,0x4a,0x84,0xd6,0x60,0x4e,0xac,0x22,0xb5,0xf5,0x20,0x51,0x5e,0x95,0x50,0xc0,0x5b,0x0a,0x72,0x35,0x5a,0x80,0x9b,0x43,0x09,0x3f,0x0c,0xfc,0xab,0x42,0x62,0x37,0x8b,0x4e,0xe8,0x46,0x93,0x22,0x5c,0xf3,0x17,0x14,0x69,0xec,0xf0,0x4e,0x14,0xbb,0x9c,0x9b,0x0e},
+	{0xad,0x20,0x57,0xfb,0x8f,0xd4,0xba,0xfb,0x0e,0x0d,0xf9,0xdb,0x6b,0x91,0x81,0xee,0xbf,0x43,0x55,0x63,0x52,0x31,0x81,0xd4,0xd8,0x7b,0x33,0x3f,0xeb,0x04,0x11,0x22,0xee,0xbe,0xb1,0x5d,0xd5,0x9b,0xee,0x8d,0xb9,0x3f,0x72,0x0a,0x37,0xab,0xc3,0xc9,0x91,0xd7,0x68,0x1c,0xbf,0xf1,0xa8,0x44,0xde,0x3c,0xfd,0x1c,0x19,0x44,0x6d,0x36,0x14,0x8c,0xbc,0xf2,0x43,0x17,0x3c,0x9e,0x3b,0x6c,0x85,0xb5,0xfc,0x26,0xda,0x2e,0x97,0xfb,0xa7,0x68,0x0e,0x2f,0xb8,0xcc,0x44,0x32,0x59,0xbc,0xe6,0xa4,0x67,0x41},
+	{0x00,0x27,0xf6,0x76,0x28,0x9d,0x3b,0x64,0xeb,0x68,0x76,0x0e,0x40,0x9d,0x1d,0x5d,0x84,0x06,0xfc,0x21,0x03,0x43,0x4b,0x1b,0x6a,0x24,0x55,0x22,0x7e,0xbb,0x38,0x79,0xee,0x8f,0xce,0xf8,0x65,0x26,0xbe,0xc2,0x2c,0xd6,0x80,0xe8,0x14,0xff,0x67,0xe9,0xee,0x4e,0x36,0x2f,0x7e,0x6e,0x2e,0xf1,0xf6,0xd2,0x7e,0xcb,0x70,0x33,0xb3,0x34,0xcc,0xd6,0x81,0x86,0xee,0x91,0xc5,0xcd,0x53,0xa7,0x85,0xed,0x9c,0x10,0x02,0xce,0x83,0x88,0x80,0x58,0xc1,0x85,0x74,0xed,0xe4,0x65,0xfe,0x2d,0x6e,0xfc,0x76,0x11},
+	{0x9b,0x61,0x9c,0x5b,0xd0,0x6c,0xaf,0xb4,0x80,0x84,0xa5,0xb2,0xf4,0xc9,0xdf,0x2d,0xc4,0x4d,0xe9,0xeb,0x02,0xa5,0x4f,0x3d,0x34,0x5f,0x7d,0x67,0x4c,0x3a,0xfc,0x08,0xb8,0x0e,0x77,0x49,0x89,0xe2,0x90,0xdb,0xa3,0x40,0xf4,0xac,0x2a,0xcc,0xfb,0x98,0x9b,0x87,0xd7,0xde,0xfe,0x4f,0x35,0x21,0xb6,0x06,0x69,0xf2,0x54,0x3e,0x6a,0x1f,0xea,0x34,0x07,0xd3,0x99,0xc1,0xa4,0x60,0xd6,0x5c,0x16,0x31,0xb6,0x85,0xc0,0x40,0x95,0x82,0x59,0xf7,0x23,0x3e,0x33,0xe2,0xd1,0x00,0xb9,0x16,0x01,0xad,0x2f,0x4f},
+	{0x54,0x4e,0xae,0x94,0x41,0xb2,0xbe,0x44,0x6c,0xef,0x57,0x18,0x51,0x1c,0x54,0x5f,0x98,0x04,0x8d,0x36,0x2d,0x6b,0x1e,0xa6,0xab,0xf7,0x2e,0x97,0xa4,0x84,0x54,0x44,0x38,0xb6,0x3b,0xb7,0x1d,0xd9,0x2c,0x96,0x08,0x9c,0x12,0xfc,0xaa,0x77,0x05,0xe6,0x89,0x16,0xb6,0xf3,0x39,0x9b,0x61,0x6f,0x81,0xee,0x44,0x29,0x5f,0x99,0x51,0x34,0x7c,0x7d,0xea,0x9f,0xd0,0xfc,0x52,0x91,0xf6,0x5c,0x93,0xb0,0x94,0x6c,0x81,0x4a,0x40,0x5c,0x28,0x47,0xaa,0x9a,0x8e,0x25,0xb7,0x93,0x28,0x04,0xa6,0x9c,0xb8,0x10},
+	{0x9c,0x28,0x18,0x97,0x49,0x47,0x59,0x3d,0x26,0x3f,0x53,0x24,0xc5,0xf8,0xeb,0x12,0x15,0xef,0xc3,0x14,0xcb,0xbf,0x62,0x02,0x8e,0x51,0xb7,0x77,0xd5,0x78,0xb8,0x20,0x6e,0xf0,0x45,0x5a,0xbe,0x41,0x39,0x75,0x65,0x5f,0x9c,0x6d,0xed,0xae,0x7c,0xd0,0xb6,0x51,0xff,0x72,0x9c,0x6b,0x77,0x11,0xa9,0x4d,0x0d,0xef,0xd9,0xd1,0xd2,0x17,0x6a,0x3e,0x3f,0x07,0x18,0xaf,0xf2,0x27,0x69,0x10,0x52,0xd7,0x19,0xe5,0x3f,0xfd,0x22,0x00,0xa6,0x3c,0x2c,0xb7,0xe3,0x22,0xa7,0xc6,0x65,0xcc,0x63,0x4f,0x21,0x72},
+	{0x93,0xa6,0x07,0x53,0x40,0x7f,0xe3,0xb4,0x95,0x67,0x33,0x2f,0xd7,0x14,0xa7,0xab,0x99,0x10,0x76,0x73,0xa7,0xd0,0xfb,0xd6,0xc9,0xcb,0x71,0x81,0xc5,0x48,0xdf,0x5f,0xc9,0x29,0x3b,0xf4,0xb9,0xb7,0x9d,0x1d,0x75,0x8f,0x51,0x4f,0x4a,0x82,0x05,0xd6,0xc4,0x9d,0x2f,0x31,0xbd,0x72,0xc0,0xf2,0xb0,0x45,0x15,0x5a,0x85,0xac,0x24,0x1f,0xaa,0x05,0x95,0x8e,0x32,0x08,0xd6,0x24,0xee,0x20,0x14,0x0c,0xd1,0xc1,0x48,0x47,0xa2,0x25,0xfb,0x06,0x5c,0xe4,0xff,0xc7,0xe6,0x95,0xe3,0x2a,0x9e,0x73,0xba,0x00},
+	{0xd6,0x90,0x87,0x5c,0xde,0x98,0x2e,0x59,0xdf,0xa2,0xc2,0x45,0xd3,0xb7,0xbf,0xe5,0x22,0x99,0xb4,0xf9,0x60,0x3b,0x5a,0x11,0xf3,0x78,0xad,0x67,0x3e,0x3a,0x28,0x03,0x26,0xbb,0x88,0xea,0xf5,0x26,0x44,0xae,0xfb,0x3b,0x97,0x84,0xd9,0x79,0x06,0x36,0x50,0x4e,0x69,0x26,0x0c,0x03,0x9f,0x5c,0x26,0xd2,0x18,0xd5,0xe7,0x7d,0x29,0x72,0x39,0xb9,0x0c,0xbe,0xc7,0x1d,0x24,0x48,0x80,0x30,0x63,0x8b,0x4d,0x9b,0xf1,0x32,0x08,0x93,0x28,0x02,0x0d,0xc9,0xdf,0xd3,0x45,0x19,0x27,0x46,0x68,0x29,0xe1,0x05},
+	{0x5a,0x49,0x9c,0x2d,0xb3,0xee,0x82,0xba,0x7c,0xb9,0x2b,0xf1,0xfc,0xc8,0xef,0xce,0xe0,0xd1,0xb5,0x93,0xae,0xab,0x2d,0xb0,0x9b,0x8d,0x69,0x13,0x9c,0x0c,0xc0,0x39,0x50,0x45,0x2c,0x24,0xc8,0xbb,0xbf,0xad,0xd9,0x81,0x30,0xd0,0xec,0x0c,0xc8,0xbc,0x92,0xdf,0xc8,0xf5,0xa6,0x66,0x35,0x84,0x4c,0xce,0x58,0x82,0xd3,0x25,0xcf,0x78,0x68,0x9d,0x48,0x31,0x8e,0x6b,0xae,0x15,0x87,0xf0,0x2b,0x9c,0xab,0x1c,0x85,0xaa,0x05,0xfa,0x4e,0xf0,0x97,0x5a,0xa7,0xc9,0x32,0xf8,0x3f,0x6b,0x07,0x52,0x6b,0x00},
+	{0x1c,0x78,0x95,0x9d,0xe1,0xcf,0xe0,0x29,0xe2,0x10,0x63,0x96,0x18,0xdf,0x81,0xb6,0x39,0x6b,0x51,0x70,0xd3,0x39,0xdf,0x57,0x22,0x61,0xc7,0x3b,0x44,0xe3,0x57,0x4d,0x2d,0x08,0xce,0xb9,0x16,0x7e,0xcb,0xf5,0x29,0xbc,0x7a,0x41,0x4c,0xf1,0x07,0x34,0xab,0xa7,0xf4,0x2b,0xce,0x6b,0xb3,0xd4,0xce,0x75,0x9f,0x1a,0x56,0xe9,0xe2,0x7d,0xcb,0x5e,0xa5,0xb6,0xf4,0xd4,0x70,0xde,0x99,0xdb,0x85,0x5d,0x7f,0x52,0x01,0x48,0x81,0x9a,0xee,0xd3,0x40,0xc4,0xc9,0xdb,0xed,0x29,0x60,0x1a,0xaf,0x90,0x2a,0x6b},
+	{0x97,0x1e,0xe6,0x9a,0xfc,0xf4,0x23,0x69,0xd1,0x5f,0x3f,0xe0,0x1d,0x28,0x35,0x57,0x2d,0xd1,0xed,0xe6,0x43,0xae,0x64,0xa7,0x4a,0x3e,0x2d,0xd1,0xe9,0xf4,0xd8,0x5f,0x0a,0xd8,0xb2,0x5b,0x24,0xf3,0xeb,0x77,0x9b,0x07,0xb9,0x2f,0x47,0x1b,0x30,0xd8,0x33,0x73,0xee,0x4c,0xf2,0xe6,0x47,0xc6,0x09,0x21,0x6c,0x27,0xc8,0x12,0x58,0x46,0xd9,0x62,0x10,0x2a,0xb2,0xbe,0x43,0x4d,0x16,0xdc,0x31,0x38,0x75,0xfb,0x65,0x70,0xd7,0x68,0x29,0xde,0x7b,0x4a,0x0d,0x18,0x90,0x67,0xb1,0x1c,0x2b,0x2c,0xb3,0x05},
+	{0xfd,0xa8,0x4d,0xd2,0xcc,0x5e,0xc0,0xc8,0x83,0xef,0xdf,0x05,0xac,0x1a,0xcf,0xa1,0x61,0xcd,0xf9,0x7d,0xf2,0xef,0xbe,0xdb,0x99,0x1e,0x47,0x7b,0xa3,0x56,0x55,0x3b,0x95,0x81,0xd5,0x7a,0x2c,0xa4,0xfc,0xf7,0xcc,0xf3,0x33,0x43,0x6e,0x28,0x14,0x32,0x9d,0x97,0x0b,0x34,0x0d,0x9d,0xc2,0xb6,0xe1,0x07,0x73,0x56,0x48,0x1a,0x77,0x31,0x82,0xd4,0x4d,0xe1,0x24,0xc5,0xb0,0x32,0xb6,0xa4,0x2b,0x1a,0x54,0x51,0xb3,0xed,0xf3,0x5a,0x2b,0x28,0x48,0x60,0xd1,0xa3,0xeb,0x36,0x73,0x7a,0xd2,0x79,0xc0,0x4f},
+	{0x7f,0x2f,0xbf,0x89,0xb0,0x38,0xc9,0x51,0xa7,0xe9,0xdf,0x02,0x65,0xbd,0x97,0x24,0x53,0xe4,0x80,0x78,0x9c,0xc0,0xff,0xff,0x92,0x8e,0xf9,0xca,0xce,0x67,0x45,0x12,0x0d,0xc5,0x86,0x0c,0x44,0x8b,0x34,0xdc,0x51,0xe6,0x94,0xcc,0xc9,0xcb,0x37,0x13,0xb9,0x3c,0x3e,0x64,0x4d,0xf7,0x22,0x64,0x08,0xcd,0xe3,0xba,0xc2,0x70,0x11,0x24,0xb4,0x73,0xc4,0x0a,0x86,0xab,0xf9,0x3f,0x35,0xe4,0x13,0x01,0xee,0x1d,0x91,0xf0,0xaf,0xc4,0xc6,0xeb,0x60,0x50,0xe7,0x4a,0x0d,0x00,0x87,0x6c,0x96,0x12,0x86,0x3f},
+	{0xde,0x0d,0x2a,0x78,0xc9,0x0c,0x9a,0x55,0x85,0x83,0x71,0xea,0xb2,0xcd,0x1d,0x55,0x8c,0x23,0xef,0x31,0x5b,0x86,0x62,0x7f,0x3d,0x61,0x73,0x79,0x76,0xa7,0x4a,0x50,0x13,0x8d,0x04,0x36,0xfa,0xfc,0x18,0x9c,0xdd,0x9d,0x89,0x73,0xb3,0x9d,0x15,0x29,0xaa,0xd0,0x92,0x9f,0x0b,0x35,0x9f,0xdc,0xd4,0x19,0x8a,0x87,0xee,0x7e,0xf5,0x26,0xb1,0xef,0x87,0x56,0xd5,0x2c,0xab,0x0c,0x7b,0xf1,0x7a,0x24,0x62,0xd1,0x80,0x51,0x67,0x24,0x5a,0x4f,0x34,0x5a,0xc1,0x85,0x69,0x30,0xba,0x9d,0x3d,0x94,0x41,0x40},
+	{0x96,0xcc,0xeb,0x43,0xba,0xee,0xc0,0xc3,0xaf,0x9c,0xea,0x26,0x9c,0x9c,0x74,0x8d,0xc6,0xcc,0x77,0x1c,0xee,0x95,0xfa,0xd9,0x0f,0x34,0x84,0x76,0xd9,0xa1,0x20,0x14,0xdd,0xaa,0x6c,0xa2,0x43,0x77,0x21,0x4b,0xce,0xb7,0x8a,0x64,0x24,0xb4,0xa6,0x47,0xe3,0xc9,0xfb,0x03,0x7a,0x4f,0x1d,0xcb,0x19,0xd0,0x00,0x98,0x42,0x31,0xd9,0x12,0x4f,0x59,0x37,0xd3,0x99,0x77,0xc6,0x00,0x7b,0xa4,0x3a,0xb2,0x40,0x51,0x3c,0x5e,0x95,0xf3,0x5f,0xe3,0x54,0x28,0x18,0x44,0x12,0xa0,0x59,0x43,0x31,0x92,0x4f,0x1b},
+	{0x51,0x09,0x15,0x89,0x9d,0x10,0x5c,0x3e,0x6a,0x69,0xe9,0x2d,0x91,0xfa,0xce,0x39,0x20,0x30,0x5f,0x97,0x3f,0xe4,0xea,0x20,0xae,0x2d,0x13,0x7f,0x2a,0x57,0x9b,0x23,0xb1,0x66,0x98,0xa4,0x30,0x30,0xcf,0x33,0x59,0x48,0x5f,0x21,0xd2,0x73,0x1f,0x25,0xf6,0xf4,0xde,0x51,0x40,0xaa,0x82,0xab,0xf6,0x23,0x9a,0x6f,0xd5,0x91,0xf1,0x5f,0x68,0x90,0x2d,0xac,0x33,0xd4,0x9e,0x81,0x23,0x85,0xc9,0x5f,0x79,0xab,0x83,0x28,0x3d,0xeb,0x93,0x55,0x80,0x72,0x45,0xef,0xcb,0x36,0x8f,0x75,0x6a,0x52,0x0c,0x02},
+	{0xbc,0xdb,0xd8,0x9e,0xf8,0x34,0x98,0x77,0x6c,0xa4,0x7c,0xdc,0xf9,0xaa,0xf2,0xc8,0x74,0xb0,0xe1,0xa3,0xdc,0x4c,0x52,0xa9,0x77,0x38,0x31,0x15,0x46,0xcc,0xaa,0x02,0x89,0xcc,0x42,0xf0,0x59,0xef,0x31,0xe9,0xb6,0x4b,0x12,0x8e,0x9d,0x9c,0x58,0x2c,0x97,0x59,0xc7,0xae,0x8a,0xe1,0xc8,0xad,0x0c,0xc5,0x02,0x56,0x0a,0xfe,0x2c,0x45,0xdf,0x77,0x78,0x64,0xa0,0xf7,0xa0,0x86,0x9f,0x7c,0x60,0x0e,0x27,0x64,0xc4,0xbb,0xc9,0x11,0xfb,0xf1,0x25,0xea,0x17,0xab,0x7b,0x87,0x4b,0x30,0x7b,0x7d,0xfb,0x4c},
+	{0xfe,0x75,0x9b,0xb8,0x6c,0x3d,0xb4,0x72,0x80,0xdc,0x6a,0x9c,0xd9,0x94,0xc6,0x54,0x9f,0x4c,0xe3,0x3e,0x37,0xaa,0xc3,0xb8,0x64,0x53,0x07,0x39,0x2b,0x62,0xb4,0x14,0x12,0xef,0x89,0x97,0xc2,0x99,0x86,0xe2,0x0d,0x19,0x57,0xdf,0x71,0xcd,0x6e,0x2b,0xd0,0x70,0xc9,0xec,0x57,0xc8,0x43,0xc3,0xc5,0x3a,0x4d,0x43,0xbc,0x4c,0x1d,0x5b,0x26,0x9f,0x0a,0xcc,0x15,0x26,0xfb,0xb6,0xe5,0xcc,0x8d,0xb8,0x2b,0x0e,0x4f,0x3a,0x05,0xa7,0x69,0x33,0x8b,0x49,0x01,0x13,0xd1,0x2d,0x59,0x58,0x12,0xf7,0x98,0x2f},
+	{0x56,0x9e,0x0f,0xb5,0x4c,0xa7,0x94,0x0c,0x20,0x13,0x8e,0x8e,0xa9,0xf4,0x1f,0x5b,0x67,0x0f,0x30,0x82,0x21,0xcc,0x2a,0x9a,0xf9,0xaa,0x06,0xd8,0x49,0xe2,0x6a,0x3a,0x01,0xa7,0x54,0x4f,0x44,0xae,0x12,0x2e,0xde,0xd7,0xcb,0xa9,0xf0,0x3e,0xfe,0xfc,0xe0,0x5d,0x83,0x75,0x0d,0x89,0xbf,0xce,0x54,0x45,0x61,0xe7,0xe9,0x62,0x80,0x1d,0x5a,0x7c,0x90,0xa9,0x85,0xda,0x7a,0x65,0x62,0x0f,0xb9,0x91,0xb5,0xa8,0x0e,0x1a,0xe9,0xb4,0x34,0xdf,0xfb,0x1d,0x0e,0x8d,0xf3,0x5f,0xf2,0xae,0xe8,0x8c,0x8b,0x29},
+	{0xb2,0x0c,0xf7,0xef,0x53,0x79,0x92,0x2a,0x76,0x70,0x15,0x79,0x2a,0xc9,0x89,0x4b,0x6a,0xcf,0xa7,0x30,0x7a,0x45,0x18,0x94,0x85,0xe4,0x5c,0x4d,0x40,0xa8,0xb8,0x34,0xde,0x65,0x21,0x0a,0xea,0x72,0x7a,0x83,0xf6,0x79,0xcf,0x0b,0xb4,0x07,0xab,0x3f,0x70,0xae,0x38,0x77,0xc7,0x36,0x16,0x52,0xdc,0xd7,0xa7,0x03,0x18,0x27,0xa6,0x6b,0x35,0x33,0x69,0x83,0xb5,0xec,0x6e,0xc2,0xfd,0xfe,0xb5,0x63,0xdf,0x13,0xa8,0xd5,0x73,0x25,0xb2,0xa4,0x9a,0xaa,0x93,0xa2,0x6a,0x1c,0x5e,0x46,0xdd,0x2b,0xd6,0x71},
+	{0x80,0xdf,0x78,0xd3,0x28,0xcc,0x33,0x65,0xb4,0xa4,0x0f,0x0a,0x79,0x43,0xdb,0xf6,0x5a,0xda,0x01,0xf7,0xf9,0x5f,0x64,0xe3,0xa4,0x2b,0x17,0xf3,0x17,0xf3,0xd5,0x74,0xf5,0x5e,0xf7,0xb1,0xda,0xb5,0x2d,0xcd,0xf5,0x65,0xb0,0x16,0xcf,0x95,0x7f,0xd7,0x85,0xf0,0x49,0x3f,0xea,0x1f,0x57,0x14,0x3d,0x2b,0x2b,0x26,0x21,0x36,0x33,0x1c,0x81,0xca,0xd9,0x67,0x54,0xe5,0x6f,0xa8,0x37,0x8c,0x29,0x2b,0x75,0x7c,0x8b,0x39,0x3b,0x62,0xac,0xe3,0x92,0x08,0x6d,0xda,0x8c,0xd9,0xe9,0x47,0x45,0xcc,0xeb,0x4a},
+	{0xc9,0x01,0x6d,0x27,0x1b,0x07,0xf0,0x12,0x70,0x8c,0xc4,0x86,0xc5,0xba,0xb8,0xe7,0xa9,0xfb,0xd6,0x71,0x9b,0x12,0x08,0x53,0x92,0xb7,0x3d,0x5a,0xf9,0xfb,0x88,0x5d,0x10,0xb6,0x54,0x73,0x9e,0x8d,0x40,0x0b,0x6e,0x5b,0xa8,0x5b,0x53,0x32,0x6b,0x80,0x07,0xa2,0x58,0x4a,0x03,0x3a,0xe6,0xdb,0x2c,0xdf,0xa1,0xc9,0xdd,0xd9,0x3b,0x17,0xdf,0x72,0x58,0xfe,0x1e,0x0f,0x50,0x2b,0xc1,0x18,0x39,0xd4,0x2e,0x58,0xd6,0x58,0xe0,0x3a,0x67,0xc9,0x8e,0x27,0xed,0xe6,0x19,0xa3,0x9e,0xb1,0x13,0xcd,0xe1,0x06},
+	{0x23,0x6f,0x16,0x6f,0x51,0xad,0xd0,0x40,0xbe,0x6a,0xab,0x1f,0x93,0x32,0x8e,0x11,0x8e,0x08,0x4d,0xa0,0x14,0x5e,0xe3,0x3f,0x66,0x62,0xe1,0x26,0x35,0x60,0x80,0x30,0x53,0x03,0x5b,0x9e,0x62,0xaf,0x2b,0x47,0x47,0x04,0x8d,0x27,0x90,0x0b,0xaa,0x3b,0x27,0xbf,0x43,0x96,0x46,0x5f,0x78,0x0c,0x13,0x7b,0x83,0x8d,0x1a,0x6a,0x3a,0x7f,0x0b,0x80,0x3d,0x5d,0x39,0x44,0xe6,0xf7,0xf6,0xed,0x01,0xc9,0x55,0xd5,0xa8,0x95,0x39,0x63,0x2c,0x59,0x30,0x78,0xcd,0x68,0x7e,0x30,0x51,0x2e,0xed,0xfd,0xd0,0x30},
+	{0xb3,0x33,0x12,0xf2,0x1a,0x4d,0x59,0xe0,0x9c,0x4d,0xcc,0xf0,0x8e,0xe7,0xdb,0x1b,0x77,0x9a,0x49,0x8f,0x7f,0x18,0x65,0x69,0x68,0x98,0x09,0x2c,0x20,0x14,0x92,0x0a,0x50,0x47,0xb8,0x68,0x1e,0x97,0xb4,0x9c,0xcf,0xbb,0x64,0x66,0x29,0x72,0x95,0xa0,0x2b,0x41,0xfa,0x72,0x26,0xe7,0x8d,0x5c,0xd9,0x89,0xc5,0x51,0x43,0x08,0x15,0x46,0x2e,0xa0,0xb9,0xae,0xc0,0x19,0x90,0xbc,0xae,0x4c,0x03,0x16,0x0d,0x11,0xc7,0x55,0xec,0x32,0x99,0x65,0x01,0xf5,0x6d,0x0e,0xfe,0x5d,0xca,0x95,0x28,0x0d,0xca,0x3b},
+	{0xa4,0x62,0x5d,0x3c,0xbc,0x31,0xf0,0x40,0x60,0x7a,0xf0,0xcf,0x3e,0x8b,0xfc,0x19,0x45,0xb5,0x0f,0x13,0xa2,0x3d,0x18,0x98,0xcd,0x13,0x8f,0xae,0xdd,0xde,0x31,0x56,0xbf,0x01,0xcc,0x9e,0xb6,0x8e,0x68,0x9c,0x6f,0x89,0x44,0xa6,0xad,0x83,0xbc,0xf0,0xe2,0x9f,0x7a,0x5f,0x5f,0x95,0x2d,0xca,0x41,0x82,0xf2,0x8d,0x03,0xb4,0xa8,0x4e,0x02,0xd2,0xca,0xf1,0x0a,0x46,0xed,0x2a,0x83,0xee,0x8c,0xa4,0x05,0x53,0x30,0x46,0x5f,0x1a,0xf1,0x49,0x45,0x77,0x21,0x91,0x63,0xa4,0x2c,0x54,0x30,0x09,0xce,0x24},
+	{0x06,0xc1,0x06,0xfd,0xf5,0x90,0xe8,0x1f,0xf2,0x10,0x88,0x5d,0x35,0x68,0xc4,0xb5,0x3e,0xaf,0x8c,0x6e,0xfe,0x08,0x78,0x82,0x4b,0xd7,0x06,0x8a,0xc2,0xe3,0xd4,0x41,0x85,0x0b,0xf3,0xfd,0x55,0xa1,0xcf,0x3f,0xa4,0x2e,0x37,0x36,0x8e,0x16,0xf7,0xd2,0x44,0xf8,0x92,0x64,0xde,0x64,0xe0,0xb2,0x80,0x42,0x4f,0x32,0xa7,0x28,0x99,0x54,0x2e,0x1a,0xee,0x63,0xa7,0x32,0x6e,0xf2,0xea,0xfd,0x5f,0xd2,0xb7,0xe4,0x91,0xae,0x69,0x4d,0x7f,0xd1,0x3b,0xd3,0x3b,0xbc,0x6a,0xff,0xdc,0xc0,0xde,0x66,0x1b,0x49},
+	{0xa7,0x32,0xea,0xc7,0x3d,0xb1,0xf5,0x98,0x98,0xdb,0x16,0x7e,0xcc,0xf8,0xd5,0xe3,0x47,0xd9,0xf8,0xcb,0x52,0xbf,0x0a,0xac,0xac,0xe4,0x5e,0xc8,0xd0,0x38,0xf3,0x08,0xa1,0x64,0xda,0xd0,0x8e,0x4a,0xf0,0x75,0x4b,0x28,0xe2,0x67,0xaf,0x2c,0x22,0xed,0xa4,0x7b,0x7b,0x1f,0x79,0xa3,0x34,0x82,0x67,0x8b,0x01,0xb7,0xb0,0xb8,0xf6,0x4c,0xbd,0x73,0x1a,0x99,0x21,0xa8,0x83,0xc3,0x7a,0x0c,0x32,0xdf,0x01,0xbc,0x27,0xab,0x63,0x70,0x77,0x84,0x1b,0x33,0x3d,0xc1,0x99,0x8a,0x07,0xeb,0x82,0x4a,0x0d,0x53},
+	{0x25,0x48,0xf9,0xe1,0x30,0x36,0x4c,0x00,0x5a,0x53,0xab,0x8c,0x26,0x78,0x2d,0x7e,0x8b,0xff,0x84,0xcc,0x23,0x23,0x48,0xc7,0xb9,0x70,0x17,0x10,0x3f,0x75,0xea,0x65,0x9e,0xbf,0x9a,0x6c,0x45,0x73,0x69,0x6d,0x80,0xa8,0x00,0x49,0xfc,0xb2,0x7f,0x25,0x50,0xb8,0xcf,0xc8,0x12,0xf4,0xac,0x2b,0x5b,0xbd,0xbf,0x0c,0xe0,0xe7,0xb3,0x0d,0x63,0x63,0x09,0xe2,0x3e,0xfc,0x66,0x3d,0x6b,0xcb,0xb5,0x61,0x7f,0x2c,0xd6,0x81,0x1a,0x3b,0x44,0x13,0x42,0x04,0xbe,0x0f,0xdb,0xa1,0xe1,0x21,0x19,0xec,0xa4,0x02},
+	{0xa2,0xb8,0x24,0x3b,0x9a,0x25,0xe6,0x5c,0xb8,0xa0,0xaf,0x45,0xcc,0x7a,0x57,0xb8,0x37,0x70,0xa0,0x8b,0xe8,0xe6,0xcb,0xcc,0xbf,0x09,0x78,0x12,0x51,0x3c,0x14,0x3d,0x5f,0x79,0xcf,0xf1,0x62,0x61,0xc8,0xf5,0xf2,0x57,0xee,0x26,0x19,0x86,0x8c,0x11,0x78,0x35,0x06,0x1c,0x85,0x24,0x21,0x17,0xcf,0x7f,0x06,0xec,0x5d,0x2b,0xd1,0x36,0x57,0x45,0x15,0x79,0x91,0x27,0x6d,0x12,0x0a,0x3a,0x78,0xfc,0x5c,0x8f,0xe4,0xd5,0xac,0x9b,0x17,0xdf,0xe8,0xb6,0xbd,0x36,0x59,0x28,0xa8,0x5b,0x88,0x17,0xf5,0x2e},
+	{0xdc,0xae,0x58,0x8c,0x4e,0x97,0x37,0x46,0xa4,0x41,0xf0,0xab,0xfb,0x22,0xef,0xb9,0x8a,0x71,0x80,0xe9,0x56,0xd9,0x85,0xe1,0xa6,0xa8,0x43,0xb1,0xfa,0x78,0x1b,0x2f,0x51,0x2f,0x5b,0x30,0xfb,0xbf,0xee,0x96,0xb8,0x96,0x95,0x88,0xad,0x38,0xf9,0xd3,0x25,0xdd,0xd5,0x46,0xc7,0x2d,0xf5,0xf0,0x95,0x00,0x3a,0xbb,0x90,0x82,0x96,0x57,0x01,0xe1,0x20,0x0a,0x43,0xb8,0x1a,0xf7,0x47,0xec,0xf0,0x24,0x8d,0x65,0x93,0xf3,0xd1,0xee,0xe2,0x6e,0xa8,0x09,0x75,0xcf,0xe1,0xa3,0x2a,0xdc,0x35,0x3e,0xc4,0x7d},
+	{0xc3,0xd9,0x7d,0x88,0x65,0x66,0x96,0x85,0x55,0x53,0xb0,0x4b,0x31,0x9b,0x0f,0xc9,0xb1,0x79,0x20,0xef,0xf8,0x8d,0xe0,0xc6,0x2f,0xc1,0x8c,0x75,0x16,0x20,0xf7,0x7e,0x18,0x97,0x3e,0x27,0x5c,0x2a,0x78,0x5a,0x94,0xfd,0x4e,0x5e,0x99,0xc6,0x76,0x35,0x3e,0x7d,0x23,0x1f,0x05,0xd8,0x2e,0x0f,0x99,0x0a,0xd5,0x82,0x1d,0xb8,0x4f,0x04,0xd9,0xe3,0x07,0xa9,0xc5,0x18,0xdf,0xc1,0x59,0x63,0x4c,0xce,0x1d,0x37,0xb3,0x57,0x49,0xbb,0x01,0xb2,0x34,0x45,0x70,0xca,0x2e,0xdd,0x30,0x9c,0x3f,0x82,0x79,0x7f},
+	{0xe8,0x13,0xb5,0xa3,0x39,0xd2,0x34,0x83,0xd8,0xa8,0x1f,0xb9,0xd4,0x70,0x36,0xc1,0x33,0xbd,0x90,0xf5,0x36,0x41,0xb5,0x12,0xb4,0xd9,0x84,0xd7,0x73,0x03,0x4e,0x0a,0xba,0x87,0xf5,0x68,0xf0,0x1f,0x9c,0x6a,0xde,0xc8,0x50,0x00,0x4e,0x89,0x27,0x08,0xe7,0x5b,0xed,0x7d,0x55,0x99,0xbf,0x3c,0xf0,0xd6,0x06,0x1c,0x43,0xb0,0xa9,0x64,0x19,0x29,0x7d,0x5b,0xa1,0xd6,0xb3,0x2e,0x35,0x82,0x3a,0xd5,0xa0,0xf6,0xb4,0xb0,0x47,0x5d,0xa4,0x89,0x43,0xce,0x56,0x71,0x6c,0x34,0x18,0xce,0x0a,0x7d,0x1a,0x07},
+	{0x0b,0xba,0x87,0xc8,0xaa,0x2d,0x07,0xd3,0xee,0x62,0xa5,0xbf,0x05,0x29,0x26,0x01,0x8b,0x76,0xef,0xc0,0x02,0x30,0x54,0xcf,0x9c,0x7e,0xea,0x46,0x71,0xcc,0x3b,0x2c,0x31,0x44,0xe1,0x20,0x52,0x35,0x0c,0xcc,0x41,0x51,0xb1,0x09,0x07,0x95,0x65,0x0d,0x36,0x5f,0x9d,0x20,0x1b,0x62,0xf5,0x9a,0xd3,0x55,0x77,0x61,0xf7,0xbc,0x69,0x7c,0x5f,0x29,0xe8,0x04,0xeb,0xd7,0xf0,0x07,0x7d,0xf3,0x50,0x2f,0x25,0x18,0xdb,0x10,0xd7,0x98,0x17,0x17,0xa3,0xa9,0x51,0xe9,0x1d,0xa5,0xac,0x22,0x73,0x9a,0x5a,0x6f},
+	{0xc5,0xc6,0x41,0x2f,0x0c,0x00,0xa1,0x8b,0x9b,0xfb,0xfe,0x0c,0xc1,0x79,0x9f,0xc4,0x9f,0x1c,0xc5,0x3c,0x70,0x47,0xfa,0x4e,0xca,0xaf,0x47,0xe1,0xa2,0x21,0x4e,0x49,0xbe,0x44,0xd9,0xa3,0xeb,0xd4,0x29,0xe7,0x9e,0xaf,0x78,0x80,0x40,0x09,0x9e,0x8d,0x03,0x9c,0x86,0x47,0x7a,0x56,0x25,0x45,0x24,0x3b,0x8d,0xee,0x80,0x96,0xab,0x02,0x9a,0x0d,0xe5,0xdd,0x85,0x8a,0xa4,0xef,0x49,0xa2,0xb9,0x0f,0x4e,0x22,0x9a,0x21,0xd9,0xf6,0x1e,0xd9,0x1d,0x1f,0x09,0xfa,0x34,0xbb,0x46,0xea,0xcb,0x76,0x5d,0x6b},
+	{0x94,0xd9,0x0c,0xec,0x6c,0x55,0x57,0x88,0xba,0x1d,0xd0,0x5c,0x6f,0xdc,0x72,0x64,0x77,0xb4,0x42,0x8f,0x14,0x69,0x01,0xaf,0x54,0x73,0x27,0x85,0xf6,0x33,0xe3,0x0a,0x22,0x25,0x78,0x1e,0x17,0x41,0xf9,0xe0,0xd3,0x36,0x69,0x03,0x74,0xae,0xe6,0xf1,0x46,0xc7,0xfc,0xd0,0xa2,0x3e,0x8b,0x40,0x3e,0x31,0xdd,0x03,0x9c,0x86,0xfb,0x16,0x62,0x09,0xb6,0x33,0x97,0x19,0x8e,0x28,0x33,0xe1,0xab,0xd8,0xb4,0x72,0xfc,0x24,0x3e,0xd0,0x91,0x09,0xed,0xf7,0x11,0x48,0x75,0xd0,0x70,0x8f,0x8b,0xe3,0x81,0x3f},
+	{0xfe,0xaf,0xd9,0x7e,0xcc,0x0f,0x91,0x7f,0x4b,0x87,0x65,0x24,0xa1,0xb8,0x5c,0x54,0x04,0x47,0x0c,0x4b,0xd2,0x7e,0x39,0xa8,0x93,0x09,0xf5,0x04,0xc1,0x0f,0x51,0x50,0x24,0xc8,0x17,0x5f,0x35,0x7f,0xdb,0x0a,0xa4,0x99,0x42,0xd7,0xc3,0x23,0xb9,0x74,0xf7,0xea,0xf8,0xcb,0x8b,0x3e,0x7c,0xd5,0x3d,0xdc,0xde,0x4c,0xd3,0xe2,0xd3,0x0a,0x9d,0x24,0x6e,0x33,0xc5,0x0f,0x0c,0x6f,0xd9,0xcf,0x31,0xc3,0x19,0xde,0x5e,0x74,0x1c,0xfe,0xee,0x09,0x00,0xfd,0xd6,0xf2,0xbe,0x1e,0xfa,0xf0,0x8b,0x15,0x7c,0x12},
+	{0xa2,0x79,0x98,0x2e,0x42,0x7c,0x19,0xf6,0x47,0x36,0xca,0x52,0xd4,0xdd,0x4a,0xa4,0xcb,0xac,0x4e,0x4b,0xc1,0x3f,0x41,0x9b,0x68,0x4f,0xef,0x07,0x7d,0xf8,0x4e,0x35,0x74,0xb9,0x51,0xae,0xc4,0x8f,0xa2,0xde,0x96,0xfe,0x4d,0x74,0xd3,0x73,0x99,0x1d,0xa8,0x48,0x38,0x87,0x0b,0x68,0x40,0x62,0x95,0xdf,0x67,0xd1,0x79,0x24,0xd8,0x4e,0x75,0xd9,0xc5,0x60,0x22,0xb5,0xe3,0xfe,0xb8,0xb0,0x41,0xeb,0xfc,0x2e,0x35,0x50,0x3c,0x65,0xf6,0xa9,0x30,0xac,0x08,0x88,0x6d,0x23,0x39,0x05,0xd2,0x92,0x2d,0x30},
+	{0x3d,0x28,0xa4,0xbc,0xa2,0xc1,0x13,0x78,0xd9,0x3d,0x86,0xa1,0x91,0xf0,0x62,0xed,0x86,0xfa,0x68,0xc2,0xb8,0xbc,0xc7,0xae,0x4c,0xae,0x1c,0x6f,0xb7,0xd3,0xe5,0x10,0x77,0xf1,0xe0,0xe4,0xb6,0x6f,0xbc,0x2d,0x93,0x6a,0xbd,0xa4,0x29,0xbf,0xe1,0x04,0xe8,0xf6,0x7a,0x78,0xd4,0x66,0x19,0x5e,0x60,0xd0,0x26,0xb4,0x5e,0x5f,0xdc,0x0e,0x67,0x8e,0xda,0x53,0xd6,0xbf,0x53,0x54,0x41,0xf6,0xa9,0x24,0xec,0x1e,0xdc,0xe9,0x23,0x8a,0x57,0x03,0x3b,0x26,0x87,0xbf,0x72,0xba,0x1c,0x36,0x51,0x6c,0xb4,0x45},
+	{0xa1,0x7f,0x4f,0x31,0xbf,0x2a,0x40,0xa9,0x50,0xf4,0x8c,0x8e,0xdc,0xf1,0x57,0xe2,0x84,0xbe,0xa8,0x23,0x4b,0xd5,0xbb,0x1d,0x3b,0x71,0xcb,0x6d,0xa3,0xbf,0x77,0x21,0xe4,0xe3,0x7f,0x8a,0xdd,0x4d,0x9d,0xce,0x30,0x0e,0x62,0x76,0x56,0x64,0x13,0xab,0x58,0x99,0x0e,0xb3,0x7b,0x4f,0x59,0x4b,0xdf,0x29,0x12,0x32,0xef,0x0a,0x1c,0x5c,0x8f,0xdb,0x79,0xfa,0xbc,0x1b,0x08,0x37,0xb3,0x59,0x5f,0xc2,0x1e,0x81,0x48,0x60,0x87,0x24,0x83,0x9c,0x65,0x76,0x7a,0x08,0xbb,0xb5,0x8a,0x7d,0x38,0x19,0xe6,0x4a},
+	{0x2e,0xa3,0x44,0x53,0xaa,0xf6,0xdb,0x8d,0x78,0x40,0x1b,0xb4,0xb4,0xea,0x88,0x7d,0x60,0x0d,0x13,0x4a,0x97,0xeb,0xb0,0x5e,0x03,0x3e,0xbf,0x17,0x1b,0xd9,0x00,0x1a,0x83,0xfb,0x5b,0x98,0x44,0x7e,0x11,0x61,0x36,0x31,0x96,0x71,0x2a,0x46,0xe0,0xfc,0x4b,0x90,0x25,0xd4,0x48,0x34,0xac,0x83,0x64,0x3d,0xa4,0x5b,0xbe,0x5a,0x68,0x75,0xb2,0xf2,0x61,0xeb,0x33,0x09,0x96,0x6e,0x52,0x49,0xff,0xc9,0xa8,0x0f,0x3d,0x54,0x69,0x65,0xf6,0x7a,0x10,0x75,0x72,0xdf,0xaa,0xe6,0xb0,0x23,0xb6,0x29,0x55,0x13},
+	{0x18,0xd5,0xd1,0xad,0xd7,0xdb,0xf0,0x18,0x11,0x1f,0xc1,0xcf,0x88,0x78,0x9f,0x97,0x9b,0x75,0x14,0x71,0xf0,0xe1,0x32,0x87,0x01,0x3a,0xca,0x65,0x1a,0xb8,0xb5,0x79,0xfe,0x83,0x2e,0xe2,0xbc,0x16,0xc7,0xf5,0xc1,0x85,0x09,0xe8,0x19,0xeb,0x2b,0xb4,0xae,0x4a,0x25,0x14,0x37,0xa6,0x9d,0xec,0x13,0xa6,0x90,0x15,0x05,0xea,0x72,0x59,0x11,0x78,0x8f,0xdc,0x20,0xac,0xd4,0x0f,0xa8,0x4f,0x4d,0xac,0x94,0xd2,0x9a,0x9a,0x34,0x04,0x36,0xb3,0x64,0x2d,0x1b,0xc0,0xdb,0x3b,0x5f,0x90,0x95,0x9c,0x7e,0x4f},
+	{0x2e,0x30,0x81,0x57,0xbc,0x4b,0x67,0x62,0x0f,0xdc,0xad,0x89,0x39,0x0f,0x52,0xd8,0xc6,0xd9,0xfb,0x53,0xae,0x99,0x29,0x8c,0x4c,0x8e,0x63,0x2e,0xd9,0x3a,0x99,0x31,0xfe,0x99,0x52,0x35,0x3d,0x44,0xc8,0x71,0xd7,0xea,0xeb,0xdb,0x1c,0x3b,0xcd,0x8b,0x66,0x94,0xa4,0xf1,0x9e,0x49,0x92,0x80,0xc8,0xad,0x44,0xa1,0xc4,0xee,0x42,0x19,0x92,0x49,0x23,0xae,0x19,0x53,0xac,0x7d,0x92,0x3e,0xea,0x0c,0x91,0x3d,0x1b,0x2c,0x22,0x11,0x3c,0x25,0x94,0xe4,0x3c,0x55,0x75,0xca,0xf9,0x4e,0x31,0x65,0x0a,0x2a},
+	{0xc2,0x27,0xf9,0xf7,0x7f,0x93,0xb7,0x2d,0x35,0xa6,0xd0,0x17,0x06,0x1f,0x74,0xdb,0x76,0xaf,0x55,0x11,0xa2,0xf3,0x82,0x59,0xed,0x2d,0x7c,0x64,0x18,0xe2,0xf6,0x4c,0x3a,0x79,0x1c,0x3c,0xcd,0x1a,0x36,0xcf,0x3b,0xbc,0x35,0x5a,0xac,0xbc,0x9e,0x2f,0xab,0xa6,0xcd,0xa8,0xe9,0x60,0xe8,0x60,0x13,0x1a,0xea,0x6d,0x9b,0xc3,0x5d,0x05,0xb6,0x5b,0x8d,0xc2,0x7c,0x22,0x19,0xb1,0xab,0xff,0x4d,0x77,0xbc,0x4e,0xe2,0x07,0x89,0x2c,0xa3,0xe4,0xce,0x78,0x3c,0xa8,0xb6,0x24,0xaa,0x10,0x77,0x30,0x1a,0x12},
+	{0x97,0x4a,0x03,0x9f,0x5e,0x5d,0xdb,0xe4,0x2d,0xbc,0x34,0x30,0x09,0xfc,0x53,0xe1,0xb1,0xd3,0x51,0x95,0x91,0x46,0x05,0x46,0x2d,0xe5,0x40,0x7a,0x6c,0xc7,0x3f,0x33,0xc9,0x83,0x74,0xc7,0x3e,0x71,0x59,0xd6,0xaf,0x96,0x2b,0xb8,0x77,0xe0,0xbf,0x88,0xd3,0xbc,0x97,0x10,0x23,0x28,0x9e,0x28,0x9b,0x3a,0xed,0x6c,0x4a,0xb9,0x7b,0x52,0x2e,0x48,0x5b,0x99,0x2a,0x99,0x3d,0x56,0x01,0x38,0x38,0x6e,0x7c,0xd0,0x05,0x34,0xe5,0xd8,0x64,0x2f,0xde,0x35,0x50,0x48,0xf7,0xa9,0xa7,0x20,0x9b,0x06,0x89,0x6b},
+	{0x0d,0x22,0x70,0x62,0x41,0xa0,0x2a,0x81,0x4e,0x5b,0x24,0xf9,0xfa,0x89,0x5a,0x99,0x05,0xef,0x72,0x50,0xce,0xc4,0xad,0xff,0x73,0xeb,0x73,0xaa,0x03,0x21,0xbc,0x23,0x77,0xdb,0xc7,0xb5,0x8c,0xfa,0x82,0x40,0x55,0xc1,0x34,0xc7,0xf8,0x86,0x86,0x06,0x7e,0xa5,0xe7,0xf6,0xd9,0xc8,0xe6,0x29,0xcf,0x9b,0x63,0xa7,0x08,0xd3,0x73,0x04,0x05,0x9e,0x58,0x03,0x26,0x79,0xee,0xca,0x92,0xc4,0xdc,0x46,0x12,0x42,0x4b,0x2b,0x4f,0xa9,0x01,0xe6,0x74,0xef,0xa1,0x02,0x1a,0x34,0x04,0xde,0xbf,0x73,0x2f,0x10},
+	{0xc6,0x45,0x57,0x7f,0xab,0xb9,0x18,0xeb,0x90,0xc6,0x87,0x57,0xee,0x8a,0x3a,0x02,0xa9,0xaf,0xf7,0x2d,0xda,0x12,0x27,0xb7,0x3d,0x01,0x5c,0xea,0x25,0x7d,0x59,0x36,0x9a,0x1c,0x51,0xb5,0xe0,0xda,0xb4,0xa2,0x06,0xff,0xff,0x2b,0x29,0x60,0xc8,0x7a,0x34,0x42,0x50,0xf5,0x5d,0x37,0x1f,0x98,0x2d,0xa1,0x4e,0xda,0x25,0xd7,0x6b,0x3f,0xac,0x58,0x60,0x10,0x7b,0x8d,0x4d,0x73,0x5f,0x90,0xc6,0x6f,0x9e,0x57,0x40,0xd9,0x2d,0x93,0x02,0x92,0xf9,0xf8,0x66,0x64,0xd0,0xd6,0x60,0xda,0x19,0xcc,0x7e,0x7b},
+	{0x0d,0x69,0x5c,0x69,0x3c,0x37,0xc2,0x78,0x6e,0x90,0x42,0x06,0x66,0x2e,0x25,0xdd,0xd2,0x2b,0xe1,0x4a,0x44,0x44,0x1d,0x95,0x56,0x39,0x74,0x01,0x76,0xad,0x35,0x42,0x9b,0xfa,0x7c,0xa7,0x51,0x4a,0xae,0x6d,0x50,0x86,0xa3,0xe7,0x54,0x36,0x26,0x82,0xdb,0x82,0x2d,0x8f,0xcd,0xff,0xbb,0x09,0xba,0xca,0xf5,0x1b,0x66,0xdc,0xbe,0x03,0xf5,0x75,0x89,0x07,0x0d,0xcb,0x58,0x62,0x98,0xf2,0x89,0x91,0x54,0x42,0x29,0x49,0xe4,0x6e,0xe3,0xe2,0x23,0xb4,0xca,0xa0,0xa1,0x66,0xf0,0xcd,0xb0,0xe2,0x7c,0x0e},
+	{0xa3,0x85,0x8c,0xc4,0x3a,0x64,0x94,0xc4,0xad,0x39,0x61,0x3c,0xf4,0x1d,0x36,0xfd,0x48,0x4d,0xe9,0x3a,0xdd,0x17,0xdb,0x09,0x4a,0x67,0xb4,0x8f,0x5d,0x0a,0x6e,0x66,0xf9,0x70,0x4b,0xd9,0xdf,0xfe,0xa6,0xfe,0x2d,0xba,0xfc,0xc1,0x51,0xc0,0x30,0xf1,0x89,0xab,0x2f,0x7f,0x7e,0xd4,0x82,0x48,0xb5,0xee,0xec,0x8a,0x13,0x56,0x52,0x61,0x0d,0xcb,0x70,0x48,0x4e,0xf6,0xbb,0x2a,0x6b,0x8b,0x45,0xaa,0xf0,0xbc,0x65,0xcd,0x5d,0x98,0xe8,0x75,0xba,0x4e,0xbe,0x9a,0xe4,0xde,0x14,0xd5,0x10,0xc8,0x0b,0x7f},
+	{0x6f,0x13,0xf4,0x26,0xa4,0x6b,0x00,0xb9,0x35,0x30,0xe0,0x57,0x9e,0x36,0x67,0x8d,0x28,0x3c,0x46,0x4f,0xd9,0xdf,0xc8,0xcb,0xf5,0xdb,0xee,0xf8,0xbc,0x8d,0x1f,0x0d,0xa0,0x13,0x72,0x73,0xad,0x9d,0xac,0x83,0x98,0x2e,0xf7,0x2e,0xba,0xf8,0xf6,0x9f,0x57,0x69,0xec,0x43,0xdd,0x2e,0x1e,0x31,0x75,0xab,0xc5,0xde,0x7d,0x90,0x3a,0x1d,0xdc,0x81,0xd0,0x3e,0x31,0x93,0x16,0xba,0x80,0x34,0x1b,0x85,0xad,0x9f,0x32,0x29,0xcb,0x21,0x03,0x03,0x3c,0x01,0x28,0x01,0xe3,0xfd,0x1b,0xa3,0x44,0x1b,0x01,0x00},
+	{0x0c,0x6c,0xc6,0x3f,0x6c,0xa0,0xdf,0x3f,0xd2,0x0d,0xd6,0x4d,0x8e,0xe3,0x40,0x5d,0x71,0x4d,0x8e,0x26,0x38,0x8b,0xe3,0x7a,0xe1,0x57,0x83,0x6e,0x91,0x8d,0xc4,0x3a,0x5c,0xa7,0x0a,0x6a,0x69,0x1f,0x56,0x16,0x6a,0xbd,0x52,0x58,0x5c,0x72,0xbf,0xc1,0xad,0x66,0x79,0x9a,0x7f,0xdd,0xa8,0x11,0x26,0x10,0x85,0xd2,0xa2,0x88,0xd9,0x63,0x2e,0x23,0xbd,0xaf,0x53,0x07,0x12,0x00,0x83,0xf6,0xd8,0xfd,0xb8,0xce,0x2b,0xe9,0x91,0x2b,0xe7,0x84,0xb3,0x69,0x16,0xf8,0x66,0xa0,0x68,0x23,0x2b,0xd5,0xfa,0x33},
+	{0x16,0x1e,0xe4,0xc5,0xc6,0x49,0x06,0x54,0x35,0x77,0x3f,0x33,0x30,0x64,0xf8,0x0a,0x46,0xe7,0x05,0xf3,0xd2,0xfc,0xac,0xb2,0xa7,0xdc,0x56,0xa2,0x29,0xf4,0xc0,0x16,0xe8,0xcf,0x22,0xc4,0xd0,0xc8,0x2c,0x8d,0xcb,0x3a,0xa1,0x05,0x7b,0x4f,0x2b,0x07,0x6f,0xa5,0xf6,0xec,0xe6,0xb6,0xfe,0xa3,0xe2,0x71,0x0a,0xb9,0xcc,0x55,0xc3,0x3c,0x31,0x91,0x3e,0x90,0x43,0x94,0xb6,0xe9,0xce,0x37,0x56,0x7a,0xcb,0x94,0xa4,0xb8,0x44,0x92,0xba,0xba,0xa4,0xd1,0x7c,0xc8,0x68,0x75,0xae,0x6b,0x42,0xaf,0x1e,0x63},
+	{0x9f,0xfe,0x66,0xda,0x10,0x04,0xe9,0xb3,0xa6,0xe5,0x16,0x6c,0x52,0x4b,0xdd,0x85,0x83,0xbf,0xf9,0x1e,0x61,0x97,0x3d,0xbc,0xb5,0x19,0xa9,0x1e,0x8b,0x64,0x99,0x55,0xe8,0x0d,0x70,0xa3,0xb9,0x75,0xd9,0x47,0x52,0x05,0xf8,0xe2,0xfb,0xc5,0x80,0x72,0xe1,0x5d,0xe4,0x32,0x27,0x8f,0x65,0x53,0xb5,0x80,0x5f,0x66,0x7f,0x2c,0x1f,0x43,0x19,0x7b,0x8f,0x85,0x44,0x63,0x02,0xd6,0x4a,0x51,0xea,0xa1,0x2f,0x35,0xab,0x14,0xd7,0xa9,0x90,0x20,0x1a,0x44,0x00,0x89,0x26,0x3b,0x25,0x91,0x5f,0x71,0x04,0x7b},
+	{0x43,0xae,0xf6,0xac,0x28,0xbd,0xed,0x83,0xb4,0x7a,0x5c,0x7d,0x8b,0x7c,0x35,0x86,0x44,0x2c,0xeb,0xb7,0x69,0x47,0x40,0xc0,0x3f,0x58,0xf6,0xc2,0xf5,0x7b,0xb3,0x59,0xc6,0xba,0xe6,0xc4,0x80,0xc2,0x76,0xb3,0x0b,0x9b,0x1d,0x6d,0xdd,0xd3,0x0e,0x97,0x44,0xf9,0x0b,0x45,0x58,0x95,0x9a,0xb0,0x23,0xe2,0xcd,0x57,0xfa,0xac,0xd0,0x48,0x71,0xe6,0xab,0x7d,0xe4,0x26,0x0f,0xb6,0x37,0x3a,0x2f,0x62,0x97,0xa1,0xd1,0xf1,0x94,0x03,0x96,0xe9,0x7e,0xce,0x08,0x42,0xdb,0x3b,0x6d,0x33,0x91,0x41,0x23,0x16},
+	{0xf6,0x7f,0x26,0xf6,0xde,0x99,0xe4,0xb9,0x43,0x08,0x2c,0x74,0x7b,0xca,0x72,0x77,0xb1,0xf2,0xa4,0xe9,0x3f,0x15,0xa0,0x23,0x06,0x50,0xd0,0xd5,0xec,0xdf,0xdf,0x2c,0x40,0x86,0xf3,0x1f,0xd6,0x9c,0x49,0xdd,0xa0,0x25,0x36,0x06,0xc3,0x9b,0xcd,0x29,0xc3,0x3d,0xd7,0x3d,0x02,0xd8,0xe2,0x51,0x31,0x92,0x3b,0x20,0x7a,0x70,0x25,0x4a,0x6a,0xed,0xf6,0x53,0x8a,0x66,0xb7,0x2a,0xa1,0x70,0xd1,0x1d,0x58,0x42,0x42,0x30,0x61,0x01,0xe2,0x3a,0x4c,0x14,0x00,0x40,0xfc,0x49,0x8e,0x24,0x6d,0x89,0x21,0x57},
+	{0xae,0x1b,0x18,0xfd,0x17,0x55,0x6e,0x0b,0xb4,0x63,0xb9,0x2b,0x9f,0x62,0x22,0x90,0x25,0x46,0x06,0x32,0xe9,0xbc,0x09,0x55,0xda,0x13,0x3c,0xf6,0x74,0xdd,0x8e,0x57,0x4e,0xda,0xd0,0xa1,0x91,0x50,0x5d,0x28,0x08,0x3e,0xfe,0xb5,0xa7,0x6f,0xaa,0x4b,0xb3,0x93,0x93,0xe1,0x7c,0x17,0xe5,0x63,0xfd,0x30,0xb0,0xc4,0xaf,0x35,0xc9,0x03,0x3d,0x0c,0x2b,0x49,0xc6,0x76,0x72,0x99,0xfc,0x05,0xe2,0xdf,0xc4,0xc2,0xcc,0x47,0x3c,0x3a,0x62,0xdd,0x84,0x9b,0xd2,0xdc,0xa2,0xc7,0x88,0x02,0x59,0xab,0xc2,0x3e},
+	{0xb9,0x7b,0xd8,0xe4,0x7b,0xd2,0xa0,0xa1,0xed,0x1a,0x39,0x61,0xeb,0x4d,0x8b,0xa9,0x83,0x9b,0xcb,0x73,0xd0,0xdd,0xa0,0x99,0xce,0xca,0x0f,0x20,0x5a,0xc2,0xd5,0x2d,0xcb,0xd1,0x32,0xae,0x09,0x3a,0x21,0xa7,0xd5,0xc2,0xf5,0x40,0xdf,0x87,0x2b,0x0f,0x29,0xab,0x1e,0xe8,0xc6,0xa4,0xae,0x0b,0x5e,0xac,0xdb,0x6a,0x6c,0xf6,0x1b,0x0e,0x7e,0x88,0x2c,0x79,0xe9,0xd5,0xab,0xe2,0x5d,0x6d,0x92,0xcb,0x18,0x00,0x02,0x1a,0x1e,0x5f,0xae,0xba,0xcd,0x69,0xba,0xbf,0x5f,0x8f,0xe8,0x5a,0xb3,0x48,0x05,0x73},
+	{0xee,0xb8,0xa8,0xcb,0xa3,0x51,0x35,0xc4,0x16,0x5f,0x11,0xb2,0x1d,0x6f,0xa2,0x65,0x50,0x38,0x8c,0xab,0x52,0x4f,0x0f,0x76,0xca,0xb8,0x1d,0x41,0x3b,0x44,0x43,0x30,0x34,0xe3,0xd6,0xa1,0x4b,0x09,0x5b,0x80,0x19,0x3f,0x35,0x09,0x77,0xf1,0x3e,0xbf,0x2b,0x70,0x22,0x06,0xcb,0x06,0x3f,0x42,0xdd,0x45,0x78,0xd8,0x77,0x22,0x5a,0x58,0x62,0x89,0xd4,0x33,0x82,0x5f,0x8a,0xa1,0x7f,0x25,0x78,0xec,0xb5,0xc4,0x98,0x66,0xff,0x41,0x3e,0x37,0xa5,0x6f,0x8e,0xa7,0x1f,0x98,0xef,0x50,0x89,0x27,0x56,0x76},
+	{0xc0,0xc8,0x1f,0xd5,0x59,0xcf,0xc3,0x38,0xf2,0xb6,0x06,0x05,0xfd,0xd2,0xed,0x9b,0x8f,0x0e,0x57,0xab,0x9f,0x10,0xbf,0x26,0xa6,0x46,0xb8,0xc1,0xa8,0x60,0x41,0x3f,0x9d,0xcf,0x86,0xea,0xa3,0x73,0x70,0xe1,0xdc,0x5f,0x15,0x07,0xb7,0xfb,0x8c,0x3a,0x8e,0x8a,0x83,0x31,0xfc,0xe7,0x53,0x48,0x16,0xf6,0x13,0xb6,0x84,0xf4,0xbb,0x28,0x7c,0x6c,0x13,0x6f,0x5c,0x2f,0x61,0xf2,0xbe,0x11,0xdd,0xf6,0x07,0xd1,0xea,0xaf,0x33,0x6f,0xde,0x13,0xd2,0x9a,0x7e,0x52,0x5d,0xf7,0x88,0x81,0x35,0xcb,0x79,0x1e},
+	{0xf1,0xe3,0xf7,0xee,0xc3,0x36,0x34,0x01,0xf8,0x10,0x9e,0xfe,0x7f,0x6a,0x8b,0x82,0xfc,0xde,0xf9,0xbc,0xe5,0x08,0xf9,0x7f,0x31,0x38,0x3b,0x3a,0x1b,0x95,0xd7,0x65,0x81,0x81,0xe0,0xf5,0xd8,0x53,0xe9,0x77,0xd9,0xde,0x9d,0x29,0x44,0x0c,0xa5,0x84,0xe5,0x25,0x45,0x86,0x0c,0x2d,0x6c,0xdc,0xf4,0xf2,0xd1,0x39,0x2d,0xb5,0x8a,0x47,0x59,0xd1,0x52,0x92,0xd3,0xa4,0xa6,0x66,0x07,0xc8,0x1a,0x87,0xbc,0xe1,0xdd,0xe5,0x6f,0xc9,0xc1,0xa6,0x40,0x6b,0x2c,0xb8,0x14,0x22,0x21,0x1a,0x41,0x7a,0xd8,0x16},
+	{0x15,0x62,0x06,0x42,0x5a,0x7e,0xbd,0xb3,0xc1,0x24,0x5a,0x0c,0xcd,0xe3,0x9b,0x87,0xb7,0x94,0xf9,0xd6,0xb1,0x5d,0xc0,0x57,0xa6,0x8c,0xf3,0x65,0x81,0x7c,0xf8,0x28,0x83,0x05,0x4e,0xd5,0xe2,0xd5,0xa4,0xfb,0xfa,0x99,0xbd,0x2e,0xd7,0xaf,0x1f,0xe2,0x8f,0x77,0xe9,0x6e,0x73,0xc2,0x7a,0x49,0xde,0x6d,0x5a,0x7a,0x57,0x0b,0x99,0x1f,0xd6,0xf7,0xe8,0x1b,0xad,0x4e,0x34,0xa3,0x8f,0x79,0xea,0xac,0xeb,0x50,0x1e,0x7d,0x52,0xe0,0x0d,0x52,0x9e,0x56,0xc6,0x77,0x3e,0x6d,0x4d,0x53,0xe1,0x2f,0x88,0x45},
+	{0xd6,0x83,0x79,0x75,0x5d,0x34,0x69,0x66,0xa6,0x11,0xaa,0x17,0x11,0xed,0xb6,0x62,0x8f,0x12,0x5e,0x98,0x57,0x18,0xdd,0x7d,0xdd,0xf6,0x26,0xf6,0xb8,0xe5,0x8f,0x68,0xe4,0x6f,0x3c,0x94,0x29,0x99,0xac,0xd8,0xa2,0x92,0x83,0xa3,0x61,0xf1,0xf9,0xb5,0xf3,0x9a,0xc8,0xbe,0x13,0xdb,0x99,0x26,0x74,0xf0,0x05,0xe4,0x3c,0x84,0xcf,0x7d,0xc0,0x32,0x47,0x4a,0x48,0xd6,0x90,0x6c,0x99,0x32,0x56,0xca,0xfd,0x43,0x21,0xd5,0xe1,0xc6,0x5d,0x91,0xc3,0x28,0xbe,0xb3,0x1b,0x19,0x27,0x73,0x7e,0x68,0x39,0x67},
+	{0xa6,0x75,0x56,0x38,0x14,0x20,0x78,0xef,0xe8,0xa9,0xfd,0xaa,0x30,0x9f,0x64,0xa2,0xcb,0xa8,0xdf,0x5c,0x50,0xeb,0xd1,0x4c,0xb3,0xc0,0x4d,0x1d,0xba,0x5a,0x11,0x46,0xc0,0x1a,0x0c,0xc8,0x9d,0xcc,0x6d,0xa6,0x36,0xa4,0x38,0x1b,0xf4,0x5c,0xa0,0x97,0xc6,0xd7,0xdb,0x95,0xbe,0xf3,0xeb,0xa7,0xab,0x7d,0x7e,0x8d,0xf6,0xb8,0xa0,0x7d,0x76,0xda,0xb5,0xc3,0x53,0x19,0x0f,0xd4,0x9b,0x9e,0x11,0x21,0x73,0x6f,0xac,0x1d,0x60,0x59,0xb2,0xfe,0x21,0x60,0xcc,0x03,0x4b,0x4b,0x67,0x83,0x7e,0x88,0x5f,0x5a},
+	{0x11,0x3d,0xa1,0x70,0xcf,0x01,0x63,0x8f,0xc4,0xd0,0x0d,0x35,0x15,0xb8,0xce,0xcf,0x7e,0xa4,0xbc,0xa4,0xd4,0x97,0x02,0xf7,0x34,0x14,0x4d,0xe4,0x56,0xb6,0x69,0x36,0xb9,0x43,0xa6,0xa0,0xd3,0x28,0x96,0x9e,0x64,0x20,0xc3,0xe6,0x00,0xcb,0xc3,0xb5,0x32,0xec,0x2d,0x7c,0x89,0x02,0x53,0x9b,0x0c,0xc7,0xd1,0xd5,0xe2,0x7a,0xe3,0x43,0x33,0xe1,0xa6,0xed,0x06,0x3f,0x7e,0x38,0xc0,0x3a,0xa1,0x99,0x51,0x1d,0x30,0x67,0x11,0x38,0x26,0x36,0xf8,0xd8,0x5a,0xbd,0xbe,0xe9,0xd5,0x4f,0xcd,0xe6,0x21,0x6a},
+	{0x5f,0xe6,0x46,0x30,0x0a,0x17,0xc6,0xf1,0x24,0x35,0xd2,0x00,0x2a,0x2a,0x71,0x58,0x55,0xb7,0x82,0x8c,0x3c,0xbd,0xdb,0x69,0x57,0xff,0x95,0xa1,0xf1,0xf9,0x6b,0x58,0xe3,0xb2,0x99,0x66,0x12,0x29,0x41,0xef,0x01,0x13,0x8d,0x70,0x47,0x08,0xd3,0x71,0xbd,0xb0,0x82,0x11,0xd0,0x32,0x54,0x32,0x36,0x8b,0x1e,0x00,0x07,0x1b,0x37,0x45,0x0b,0x79,0xf8,0x5e,0x8d,0x08,0xdb,0xa6,0xe5,0x37,0x09,0x61,0xdc,0xf0,0x78,0x52,0xb8,0x6e,0xa1,0x61,0xd2,0x49,0x03,0xac,0x79,0x21,0xe5,0x90,0x37,0xb0,0xaf,0x0e},
+	{0x2f,0x04,0x48,0x37,0xc1,0x55,0x05,0x96,0x11,0xaa,0x0b,0x82,0xe6,0x41,0x9a,0x21,0x0c,0x6d,0x48,0x73,0x38,0xf7,0x81,0x1c,0x61,0xc6,0x02,0x5a,0x67,0xcc,0x9a,0x30,0x1d,0xae,0x75,0x0f,0x5e,0x80,0x40,0x51,0x30,0xcc,0x62,0x26,0xe3,0xfb,0x02,0xec,0x6d,0x39,0x92,0xea,0x1e,0xdf,0xeb,0x2c,0xb3,0x5b,0x43,0xc5,0x44,0x33,0xae,0x44,0xee,0x43,0xa5,0xbb,0xb9,0x89,0xf2,0x9c,0x42,0x71,0xc9,0x5a,0x9d,0x0e,0x76,0xf3,0xaa,0x60,0x93,0x4f,0xc6,0xe5,0x82,0x1d,0x8f,0x67,0x94,0x7f,0x1b,0x22,0xd5,0x62},
+	{0x6d,0x93,0xd0,0x18,0x9c,0x29,0x4c,0x52,0x0c,0x1a,0x0c,0x8a,0x6c,0xb5,0x6b,0xc8,0x31,0x86,0x4a,0xdb,0x2e,0x05,0x75,0xa3,0x62,0x45,0x75,0xbc,0xe4,0xfd,0x0e,0x5c,0x3c,0x7a,0xf7,0x3a,0x26,0xd4,0x85,0x75,0x4d,0x14,0xe9,0xfe,0x11,0x7b,0xae,0xdf,0x3d,0x19,0xf7,0x59,0x80,0x70,0x06,0xa5,0x37,0x20,0x92,0x83,0x53,0x9a,0xf2,0x14,0xf5,0xd7,0xb2,0x25,0xdc,0x7e,0x71,0xdf,0x40,0x30,0xb5,0x99,0xdb,0x70,0xf9,0x21,0x62,0x4c,0xed,0xc3,0xb7,0x34,0x92,0xda,0x3e,0x09,0xee,0x7b,0x5c,0x36,0x72,0x5e},
+	{0x7f,0x21,0x71,0x45,0x07,0xfc,0x5b,0x57,0x5b,0xd9,0x94,0x06,0x5d,0x67,0x79,0x37,0x33,0x1e,0x19,0xf4,0xbb,0x37,0x0a,0x9a,0xbc,0xea,0xb4,0x47,0x4c,0x10,0xf1,0x77,0x3e,0xb3,0x08,0x2f,0x06,0x39,0x93,0x7d,0xbe,0x32,0x9f,0xdf,0xe5,0x59,0x96,0x5b,0xfd,0xbd,0x9e,0x1f,0xad,0x3d,0xff,0xac,0xb7,0x49,0x73,0xcb,0x55,0x05,0xb2,0x70,0x4c,0x2c,0x11,0x55,0xc5,0x13,0x51,0xbe,0xcd,0x1f,0x88,0x9a,0x3a,0x42,0x88,0x66,0x47,0x3b,0x50,0x5e,0x85,0x77,0x66,0x44,0x4a,0x40,0x06,0x4a,0x8f,0x39,0x34,0x0e},
+	{0xe8,0xbd,0xce,0x3e,0xd9,0x22,0x7d,0xb6,0x07,0x2f,0x82,0x27,0x41,0xe8,0xb3,0x09,0x8d,0x6d,0x5b,0xb0,0x1f,0xa6,0x3f,0x74,0x72,0x23,0x36,0x8a,0x36,0x05,0x54,0x5e,0x28,0x19,0x4b,0x3e,0x09,0x0b,0x93,0x18,0x40,0xf6,0xf3,0x73,0x0e,0xe1,0xe3,0x7d,0x6f,0x5d,0x39,0x73,0xda,0x17,0x32,0xf4,0x3e,0x9c,0x37,0xca,0xd6,0xde,0x8a,0x6f,0x9a,0xb2,0xb7,0xfd,0x3d,0x12,0x40,0xe3,0x91,0xb2,0x1a,0xa2,0xe1,0x97,0x7b,0x48,0x9e,0x94,0xe6,0xfd,0x02,0x7d,0x96,0xf9,0x97,0xde,0xd3,0xc8,0x2e,0xe7,0x0d,0x78},
+	{0xbc,0xe7,0x9a,0x08,0x45,0x85,0xe2,0x0a,0x06,0x4d,0x7f,0x1c,0xcf,0xde,0x8d,0x38,0xb8,0x11,0x48,0x0a,0x51,0x15,0xac,0x38,0xe4,0x8c,0x92,0x71,0xf6,0x8b,0xb2,0x0e,0x72,0x27,0xf4,0x00,0xf3,0xea,0x1f,0x67,0xaa,0x41,0x8c,0x2a,0x2a,0xeb,0x72,0x8f,0x92,0x32,0x37,0x97,0xd7,0x7f,0xa1,0x29,0xa6,0x87,0xb5,0x32,0xad,0xc6,0xef,0x1d,0xa7,0x95,0x51,0xef,0x1a,0xbe,0x5b,0xaf,0xed,0x15,0x7b,0x91,0x77,0x12,0x8c,0x14,0x2e,0xda,0xe5,0x7a,0xfb,0xf7,0x91,0x29,0x67,0x28,0xdd,0xf8,0x1b,0x20,0x7d,0x46},
+	{0xad,0x4f,0xef,0x74,0x9a,0x91,0xfe,0x95,0xa2,0x08,0xa3,0xf6,0xec,0x7b,0x82,0x3a,0x01,0x7b,0xa4,0x09,0xd3,0x01,0x4e,0x96,0x97,0xc7,0xa3,0x5b,0x4f,0x3c,0xc4,0x71,0xa9,0xe7,0x7a,0x56,0xbd,0xf4,0x1e,0xbc,0xbd,0x98,0x44,0xd6,0xb2,0x4c,0x62,0x3f,0xc8,0x4e,0x1f,0x2c,0xd2,0x64,0x10,0xe4,0x01,0x40,0x38,0xba,0xa5,0xc5,0xf9,0x2e,0xcd,0x74,0x9e,0xfa,0xf6,0x6d,0xfd,0xb6,0x7a,0x26,0xaf,0xe4,0xbc,0x78,0x82,0xf1,0x0e,0x99,0xef,0xf1,0xd0,0xb3,0x55,0x82,0x93,0xf2,0xc5,0x90,0xa3,0x8c,0x75,0x5a},
+	{0x95,0x24,0x46,0xd9,0x10,0x27,0xb7,0xa2,0x03,0x50,0x7d,0xd5,0xd2,0xc6,0xa8,0x3a,0xca,0x87,0xb4,0xa0,0xbf,0x00,0xd4,0xe3,0xec,0x72,0xeb,0xb3,0x44,0xe2,0xba,0x2d,0x94,0xdc,0x61,0x1d,0x8b,0x91,0xe0,0x8c,0x66,0x30,0x81,0x9a,0x46,0x36,0xed,0x8d,0xd3,0xaa,0xe8,0xaf,0x29,0xa8,0xe6,0xd4,0x3f,0xd4,0x39,0xf6,0x27,0x80,0x73,0x0a,0xcc,0xe1,0xff,0x57,0x2f,0x4a,0x0f,0x98,0x43,0x98,0x83,0xe1,0x0d,0x0d,0x67,0x00,0xfd,0x15,0xfb,0x49,0x4a,0x3f,0x5c,0x10,0x9c,0xa6,0x26,0x51,0x63,0xca,0x98,0x26},
+	{0x78,0xba,0xb0,0x32,0x88,0x31,0x65,0xe7,0x8b,0xff,0x5c,0x92,0xf7,0x31,0x18,0x38,0xcc,0x1f,0x29,0xa0,0x91,0x1b,0xa8,0x08,0x07,0xeb,0xca,0x49,0xcc,0x3d,0xb4,0x1f,0x0e,0xd9,0x3d,0x5e,0x2f,0x70,0x3d,0x2e,0x86,0x53,0xd2,0xe4,0x18,0x09,0x3f,0x9e,0x6a,0xa9,0x4d,0x02,0xf6,0x3e,0x77,0x5e,0x32,0x33,0xfa,0x4a,0x0c,0x4b,0x00,0x3c,0x2b,0xb8,0xf4,0x06,0xac,0x46,0xa9,0x9a,0xf3,0xc4,0x06,0xa8,0xa5,0x84,0xa2,0x1c,0x87,0x47,0xcd,0xc6,0x5f,0x26,0xd3,0x3e,0x17,0xd2,0x1f,0xcd,0x01,0xfd,0x43,0x6b},
+	{0x44,0xc5,0x97,0x46,0x4b,0x5d,0xa7,0xc7,0xbf,0xff,0x0f,0xdf,0x48,0xf8,0xfd,0x15,0x5a,0x78,0x46,0xaa,0xeb,0xb9,0x68,0x28,0x14,0xf7,0x52,0x5b,0x10,0xd7,0x68,0x5a,0xf3,0x0e,0x76,0x3e,0x58,0x42,0xc7,0xb5,0x90,0xb9,0x0a,0xee,0xb9,0x52,0xdc,0x75,0x3f,0x92,0x2b,0x07,0xc2,0x27,0x14,0xbf,0xf0,0xd9,0xf0,0x6f,0x2d,0x0b,0x42,0x73,0x06,0x1e,0x85,0x9e,0xcb,0xf6,0x2c,0xaf,0xc4,0x38,0x22,0xc6,0x13,0x39,0x59,0x8f,0x73,0xf3,0xfb,0x99,0x96,0xb8,0x8a,0xda,0x9e,0xbc,0x34,0xea,0x2f,0x63,0xb5,0x3d},
+	{0xd8,0xd9,0x5d,0xf7,0x2b,0xee,0x6e,0xf4,0xa5,0x59,0x67,0x39,0xf6,0xb1,0x17,0x0d,0x73,0x72,0x9e,0x49,0x31,0xd1,0xf2,0x1b,0x13,0x5f,0xd7,0x49,0xdf,0x1a,0x32,0x04,0xd5,0x25,0x98,0x82,0xb1,0x90,0x49,0x2e,0x91,0x89,0x9a,0x3e,0x87,0xeb,0xea,0xed,0xf8,0x4a,0x70,0x4c,0x39,0x3d,0xf0,0xee,0x0e,0x2b,0xdf,0x95,0xa4,0x7e,0x19,0x59,0xae,0x5a,0xe5,0xe4,0x19,0x60,0xe1,0x04,0xe9,0x92,0x2f,0x7e,0x7a,0x43,0x7b,0xe7,0xa4,0x9a,0x15,0x6f,0xc1,0x2d,0xce,0xc7,0xc0,0x0c,0xd7,0xf4,0xc1,0xfd,0xea,0x45},
+	{0x2b,0xd7,0x45,0x80,0x85,0x01,0x84,0x69,0x51,0x06,0x2f,0xcf,0xa2,0xfa,0x22,0x4c,0xc6,0x2d,0x22,0x6b,0x65,0x36,0x1a,0x94,0xde,0xda,0x62,0x03,0xc8,0xeb,0x5e,0x5a,0xed,0xb1,0xcc,0xcf,0x24,0x46,0x0e,0xb6,0x95,0x03,0x5c,0xbd,0x92,0xc2,0xdb,0x59,0xc9,0x81,0x04,0xdc,0x1d,0x9d,0xa0,0x31,0x40,0xd9,0x56,0x5d,0xea,0xce,0x73,0x3f,0xc6,0x8d,0x4e,0x0a,0xd1,0xbf,0xa7,0xb7,0x39,0xb3,0xc9,0x44,0x7e,0x00,0x57,0xbe,0xfa,0xae,0x57,0x15,0x7f,0x20,0xc1,0x60,0xdb,0x18,0x62,0x26,0x91,0x88,0x05,0x26},
+	{0x04,0xff,0x60,0x83,0xa6,0x04,0xf7,0x59,0xf4,0xe6,0x61,0x76,0xde,0x3f,0xd9,0xc3,0x51,0x35,0x87,0x12,0x73,0x2a,0x1b,0x83,0x57,0x5d,0x61,0x4e,0x2e,0x0c,0xad,0x54,0x42,0xe5,0x76,0xc6,0x3c,0x8e,0x81,0x4c,0xad,0xcc,0xce,0x03,0x93,0x2c,0x42,0x5e,0x08,0x9f,0x12,0xb4,0xca,0xcc,0x07,0xec,0xb8,0x43,0x44,0xb2,0x10,0xfa,0xed,0x0d,0x2a,0x52,0x2b,0xb8,0xd5,0x67,0x3b,0xee,0xeb,0xc1,0xa5,0x9f,0x46,0x63,0xf1,0x36,0xd3,0x9f,0xc1,0x6e,0xf2,0xd2,0xb4,0xa5,0x08,0x94,0x7a,0xa7,0xba,0xb2,0xec,0x62},
+	{0x3d,0x2b,0x15,0x61,0x52,0x79,0xed,0xe5,0xd1,0xd7,0xdd,0x0e,0x7d,0x35,0x62,0x49,0x71,0x4c,0x6b,0xb9,0xd0,0xc8,0x82,0x74,0xbe,0xd8,0x66,0xa9,0x19,0xf9,0x59,0x2e,0x74,0x28,0xb6,0xaf,0x36,0x28,0x07,0x92,0xa5,0x04,0xe1,0x79,0x85,0x5e,0xcd,0x5f,0x4a,0xa1,0x30,0xc6,0xad,0x01,0xad,0x5a,0x98,0x3f,0x66,0x75,0x50,0x3d,0x91,0x61,0xda,0x31,0x32,0x1a,0x36,0x2d,0xc6,0x0d,0x70,0x02,0x20,0x94,0x32,0x58,0x47,0xfa,0xce,0x94,0x95,0x3f,0x51,0x01,0xd8,0x02,0x5c,0x5d,0xc0,0x31,0xa1,0xc2,0xdb,0x3d},
+	{0x4b,0xc5,0x5e,0xce,0xf9,0x0f,0xdc,0x9a,0x0d,0x13,0x2f,0x8c,0x6b,0x2a,0x9c,0x03,0x15,0x95,0xf8,0xf0,0xc7,0x07,0x80,0x02,0x6b,0xb3,0x04,0xac,0x14,0x83,0x96,0x78,0x14,0xbb,0x96,0x27,0xa2,0x57,0xaa,0xf3,0x21,0xda,0x07,0x9b,0xb7,0xba,0x3a,0x88,0x1c,0x39,0xa0,0x31,0x18,0xe2,0x4b,0xe5,0xf9,0x05,0x32,0xd8,0x38,0xfb,0xe7,0x5e,0x8e,0x6a,0x44,0x41,0xcb,0xfd,0x8d,0x53,0xf9,0x37,0x49,0x43,0xa9,0xfd,0xac,0xa5,0x78,0x8c,0x3c,0x26,0x8d,0x90,0xaf,0x46,0x09,0x0d,0xca,0x9b,0x3c,0x63,0xd0,0x61},
+	{0x66,0x25,0xdb,0xff,0x35,0x49,0x74,0x63,0xbb,0x68,0x0b,0x78,0x89,0x6b,0xbd,0xc5,0x03,0xec,0x3e,0x55,0x80,0x32,0x1b,0x6f,0xf5,0xd7,0xae,0x47,0xd8,0x5f,0x96,0x6e,0xdf,0x73,0xfc,0xf8,0xbc,0x28,0xa3,0xad,0xfc,0x37,0xf0,0xa6,0x5d,0x69,0x84,0xee,0x09,0xa9,0xc2,0x38,0xdb,0xb4,0x7f,0x63,0xdc,0x7b,0x06,0xf8,0x2d,0xac,0x23,0x5b,0x7b,0x52,0x80,0xee,0x53,0xb9,0xd2,0x9a,0x8d,0x6d,0xde,0xfa,0xaa,0x19,0x8f,0xe8,0xcf,0x82,0x0e,0x15,0x04,0x17,0x71,0x0e,0xdc,0xde,0x95,0xdd,0xb9,0xbb,0xb9,0x79},
+	{0xc2,0x26,0x31,0x6a,0x40,0x55,0xb3,0xeb,0x93,0xc3,0xc8,0x68,0xa8,0x83,0x63,0xd2,0x82,0x7a,0xb9,0xe5,0x29,0x64,0x0c,0x6c,0x47,0x21,0xfd,0xc9,0x58,0xf1,0x65,0x50,0x74,0x73,0x9f,0x8e,0xae,0x7d,0x99,0xd1,0x16,0x08,0xbb,0xcf,0xf8,0xa2,0x32,0xa0,0x0a,0x5f,0x44,0x6d,0x12,0xba,0x6c,0xcd,0x34,0xb8,0xcc,0x0a,0x46,0x11,0xa8,0x1b,0x54,0x99,0x42,0x0c,0xfb,0x69,0x81,0x70,0x67,0xcf,0x6e,0xd7,0xac,0x00,0x46,0xe1,0xba,0x45,0xe6,0x70,0x8a,0xb9,0xaa,0x2e,0xf2,0xfa,0xa4,0x58,0x9e,0xf3,0x81,0x39},
+	{0x93,0x0a,0x23,0x59,0x75,0x8a,0xfb,0x18,0x5d,0xf4,0xe6,0x60,0x69,0x8f,0x16,0x1d,0xb5,0x3c,0xa9,0x14,0x45,0xa9,0x85,0x3a,0xfd,0xd0,0xac,0x05,0x37,0x08,0xdc,0x38,0xde,0x6f,0xe6,0x6d,0xa5,0xdf,0x45,0xc8,0x3a,0x48,0x40,0x2c,0x00,0xa5,0x52,0xe1,0x32,0xf6,0xb4,0xc7,0x63,0xe1,0xd2,0xe9,0x65,0x1b,0xbc,0xdc,0x2e,0x45,0xf4,0x30,0x40,0x97,0x75,0xc5,0x82,0x27,0x6d,0x85,0xcc,0xbe,0x9c,0xf9,0x69,0x45,0x13,0xfa,0x71,0x4e,0xea,0xc0,0x73,0xfc,0x44,0x88,0x69,0x24,0x3f,0x59,0x1a,0x9a,0x2d,0x63},
+	{0xa6,0xcb,0x07,0xb8,0x15,0x6b,0xbb,0xf6,0xd7,0xf0,0x54,0xbc,0xdf,0xc7,0x23,0x18,0x0b,0x67,0x29,0x6e,0x03,0x97,0x1d,0xbb,0x57,0x4a,0xed,0x47,0x88,0xf4,0x24,0x0b,0xa7,0x84,0x0c,0xed,0x11,0xfd,0x09,0xbf,0x3a,0x69,0x9f,0x0d,0x81,0x71,0xf0,0x63,0x79,0x87,0xcf,0x57,0x2d,0x8c,0x90,0x21,0xa2,0x4b,0xf6,0x8a,0xf2,0x7d,0x5a,0x3a,0xc7,0xea,0x1b,0x51,0xbe,0xd4,0xda,0xdc,0xf2,0xcc,0x26,0xed,0x75,0x80,0x53,0xa4,0x65,0x9a,0x5f,0x00,0x9f,0xff,0x9c,0xe1,0x63,0x1f,0x48,0x75,0x44,0xf7,0xfc,0x34},
+	{0xca,0x67,0x97,0x78,0x4c,0xe0,0x97,0xc1,0x7d,0x46,0xd9,0x38,0xcb,0x4d,0x71,0xb8,0xa8,0x5f,0xf9,0x83,0x82,0x88,0xde,0x55,0xf7,0x63,0xfa,0x4d,0x16,0xdc,0x3b,0x3d,0x98,0xaa,0xcf,0x78,0xab,0x1d,0xbb,0xa5,0xf2,0x72,0x0b,0x19,0x67,0xa2,0xed,0x5c,0x8e,0x60,0x92,0x0a,0x11,0xc9,0x09,0x93,0xb0,0x74,0xb3,0x2f,0x04,0xa3,0x19,0x01,0x7d,0x17,0xc2,0xe8,0x9c,0xd8,0xa2,0x67,0xc1,0xd0,0x95,0x68,0xf6,0xa5,0x9d,0x66,0xb0,0xa2,0x82,0xb2,0xe5,0x98,0x65,0xf5,0x73,0x0a,0xe2,0xed,0xf1,0x88,0xc0,0x56},
+	{0x17,0x6e,0xa8,0x10,0x11,0x3d,0x6d,0x33,0xfa,0xb2,0x75,0x0b,0x32,0x88,0xf3,0xd7,0x88,0x29,0x07,0x25,0x76,0x33,0x15,0xf9,0x87,0x8b,0x10,0x99,0x6b,0x4c,0x67,0x09,0x02,0x8f,0xf3,0x24,0xac,0x5f,0x1b,0x58,0xbd,0x0c,0xe3,0xba,0xfe,0xe9,0x0b,0xa9,0xf0,0x92,0xcf,0x8a,0x02,0x69,0x21,0x9a,0x8f,0x03,0x59,0x83,0xa4,0x7e,0x8b,0x03,0xf8,0x6f,0x31,0x99,0x21,0xf8,0x4e,0x9f,0x4f,0x8d,0xa7,0xea,0x82,0xd2,0x49,0x2f,0x74,0x31,0xef,0x5a,0xab,0xa5,0x71,0x09,0x65,0xeb,0x69,0x59,0x02,0x31,0x5e,0x6e},
+	{0xfb,0x93,0xe5,0x87,0xf5,0x62,0x6c,0xb1,0x71,0x3e,0x5d,0xca,0xde,0xed,0x99,0x49,0x6d,0x3e,0xcc,0x14,0xe0,0xc1,0x91,0xb4,0xa8,0xdb,0xa8,0x89,0x47,0x11,0xf5,0x08,0x22,0x62,0x06,0x63,0x0e,0xfb,0x04,0x33,0x3f,0xba,0xac,0x87,0x89,0x06,0x35,0xfb,0xa3,0x61,0x10,0x8c,0x77,0x24,0x19,0xbd,0x20,0x86,0x83,0xd1,0x43,0xad,0x58,0x30,0xd0,0x63,0x76,0xe5,0xfd,0x0f,0x3c,0x32,0x10,0xa6,0x2e,0xa2,0x38,0xdf,0xc3,0x05,0x9a,0x4f,0x99,0xac,0xbd,0x8a,0xc7,0xbd,0x99,0xdc,0xe3,0xef,0xa4,0x9f,0x54,0x26},
+	{0xd6,0xf9,0x6b,0x1e,0x46,0x5a,0x1d,0x74,0x81,0xa5,0x77,0x77,0xfc,0xb3,0x05,0x23,0xd9,0xd3,0x74,0x64,0xa2,0x74,0x55,0xd4,0xff,0xe0,0x01,0x64,0xdc,0xe1,0x26,0x19,0x6e,0x66,0x3f,0xaf,0x49,0x85,0x46,0xdb,0xa5,0x0e,0x4a,0xf1,0x04,0xcf,0x7f,0xd7,0x47,0x0c,0xba,0xa4,0xf7,0x3f,0xf2,0x3d,0x85,0x3c,0xce,0x32,0xe1,0xdf,0x10,0x3a,0xa0,0xce,0x17,0xea,0x8a,0x4e,0x7f,0xe0,0xfd,0xc1,0x1f,0x3a,0x46,0x15,0xd5,0x2f,0xf1,0xc0,0xf2,0x31,0xfd,0x22,0x53,0x17,0x15,0x5d,0x1e,0x86,0x1d,0xd0,0xa1,0x1f},
+	{0x32,0x98,0x59,0x7d,0x94,0x55,0x80,0xcc,0x20,0x55,0xf1,0x37,0xda,0x56,0x46,0x1e,0x20,0x93,0x05,0x4e,0x74,0xf7,0xf6,0x99,0x33,0xcf,0x75,0x6a,0xbc,0x63,0x35,0x77,0xab,0x94,0xdf,0xd1,0x00,0xac,0xdc,0x38,0xe9,0x0d,0x08,0xd1,0xdd,0x2b,0x71,0x2e,0x62,0xe2,0xd5,0xfd,0x3e,0xe9,0x13,0x7f,0xe5,0x01,0x9a,0xee,0x18,0xed,0xfc,0x73,0xb3,0x9c,0x13,0x63,0x08,0xe9,0xb1,0x06,0xcd,0x3e,0xa0,0xc5,0x67,0xda,0x93,0xa4,0x32,0x89,0x63,0xad,0xc8,0xce,0x77,0x8d,0x44,0x4f,0x86,0x1b,0x70,0x6b,0x42,0x1f},
+	{0x01,0x1c,0x91,0x41,0x4c,0x26,0xc9,0xef,0x25,0x2c,0xa2,0x17,0xb8,0xb7,0xa3,0xf1,0x47,0x14,0x0f,0xf3,0x6b,0xda,0x75,0x58,0x90,0xb0,0x31,0x1d,0x27,0xf5,0x1a,0x4e,0x52,0x25,0xa1,0x91,0xc8,0x35,0x7e,0xf1,0x76,0x9c,0x5e,0x57,0x53,0x81,0x6b,0xb7,0x3e,0x72,0x9b,0x0d,0x6f,0x40,0x83,0xfa,0x38,0xe4,0xa7,0x3f,0x1b,0xbb,0x76,0x0b,0x9b,0x93,0x92,0x7f,0xf9,0xc1,0xb8,0x08,0x6e,0xab,0x44,0xd4,0xcb,0x71,0x67,0xbe,0x17,0x80,0xbb,0x99,0x63,0x64,0xe5,0x22,0x55,0xa9,0x72,0xb7,0x1e,0xd6,0x6d,0x7b},
+	{0x92,0x3d,0xf3,0x50,0xe8,0xc1,0xad,0xb7,0xcf,0xd5,0x8c,0x60,0x4f,0xfa,0x98,0x79,0xdb,0x5b,0xfc,0x8d,0xbd,0x2d,0x96,0xad,0x4f,0x2f,0x1d,0xaf,0xce,0x9b,0x3e,0x70,0xc7,0xd2,0x01,0xab,0xf9,0xab,0x30,0x57,0x18,0x3b,0x14,0x40,0xdc,0x76,0xfb,0x16,0x81,0xb2,0xcb,0xa0,0x65,0xbe,0x6c,0x86,0xfe,0x6a,0xff,0x9b,0x65,0x9b,0xfa,0x53,0x55,0x54,0x88,0x94,0xe9,0xc8,0x14,0x6c,0xe5,0xd4,0xae,0x65,0x66,0x5d,0x3a,0x84,0xf1,0x5a,0xd6,0xbc,0x3e,0xb7,0x1b,0x18,0x50,0x1f,0xc6,0xc4,0xe5,0x93,0x8d,0x39},
+	{0xf3,0x48,0xe2,0x33,0x67,0xd1,0x4b,0x1c,0x5f,0x0a,0xbf,0x15,0x87,0x12,0x9e,0xbd,0x76,0x03,0x0b,0xa1,0xf0,0x8c,0x3f,0xd4,0x13,0x1b,0x19,0xdf,0x5d,0x9b,0xb0,0x53,0xf2,0xe3,0xe7,0xd2,0x60,0x7c,0x87,0xc3,0xb1,0x8b,0x82,0x30,0xa0,0xaa,0x34,0x3b,0x38,0xf1,0x9e,0x73,0xe7,0x26,0x3e,0x28,0x77,0x05,0xc3,0x02,0x90,0x9c,0x9c,0x69,0xcc,0xf1,0x46,0x59,0x23,0xa7,0x06,0xf3,0x7d,0xd9,0xe5,0xcc,0xb5,0x18,0x17,0x92,0x75,0xe9,0xb4,0x81,0x47,0xd2,0xcd,0x28,0x07,0xd9,0xcd,0x6f,0x0c,0xf3,0xca,0x51},
+	{0x0a,0xe0,0x74,0x76,0x42,0xa7,0x0b,0xa6,0xf3,0x7b,0x7a,0xa1,0x70,0x85,0x0e,0x63,0xcc,0x24,0x33,0xcf,0x3d,0x56,0x58,0x37,0xaa,0xfd,0x83,0x23,0x29,0xaa,0x04,0x55,0xc7,0x54,0xac,0x18,0x9a,0xf9,0x7a,0x73,0x0f,0xb3,0x1c,0xc5,0xdc,0x78,0x33,0x90,0xc7,0x0c,0xe1,0x4c,0x33,0xbc,0x89,0x2b,0x9a,0xe9,0xf8,0x89,0xc1,0x29,0xae,0x12,0xcf,0x01,0x0d,0x1f,0xcb,0xc0,0x9e,0xa9,0xae,0xf7,0x34,0x3a,0xcc,0xef,0xd1,0x0d,0x22,0x4e,0x9c,0xd0,0x21,0x75,0xca,0x55,0xea,0xa5,0xeb,0x58,0xe9,0x4f,0xd1,0x5f},
+	{0x2c,0xab,0x45,0x28,0xdf,0x2d,0xdc,0xb5,0x93,0xe9,0x7f,0x0a,0xb1,0x91,0x94,0x06,0x46,0xe3,0x02,0x40,0xd6,0xf3,0xaa,0x4d,0xd1,0x74,0x64,0x58,0x6e,0xf2,0x3f,0x09,0x8e,0xcb,0x93,0xbf,0x5e,0xfe,0x42,0x3c,0x5f,0x56,0xd4,0x36,0x51,0xa8,0xdf,0xbe,0xe8,0x20,0x42,0x88,0x9e,0x85,0xf0,0xe0,0x28,0xd1,0x25,0x07,0x96,0x3f,0xd7,0x7d,0x29,0x98,0x05,0x68,0xfe,0x24,0x0d,0xb1,0xe5,0x23,0xaf,0xdb,0x72,0x06,0x73,0x75,0x29,0xac,0x57,0xb4,0x3a,0x25,0x67,0x13,0xa4,0x70,0xb4,0x86,0xbc,0xbc,0x59,0x2f},
+	{0x5f,0x13,0x17,0x99,0x42,0x7d,0x84,0x83,0xd7,0x03,0x7d,0x56,0x1f,0x91,0x1b,0xad,0xd1,0xaa,0x77,0xbe,0xd9,0x48,0x77,0x7e,0x4a,0xaf,0x51,0x2e,0x2e,0xb4,0x58,0x54,0x01,0xc3,0x91,0xb6,0x60,0xd5,0x41,0x70,0x1e,0xe7,0xd7,0xad,0x3f,0x1b,0x20,0x85,0x85,0x55,0x33,0x11,0x63,0xe1,0xc2,0x16,0xb1,0x28,0x08,0x01,0x3d,0x5e,0xa5,0x2a,0x4f,0x44,0x07,0x0c,0xe6,0x92,0x51,0xed,0x10,0x1d,0x42,0x74,0x2d,0x4e,0xc5,0x42,0x64,0xc8,0xb5,0xfd,0x82,0x4c,0x2b,0x35,0x64,0x86,0x76,0x8a,0x4a,0x00,0xe9,0x13},
+	{0xdb,0xce,0x2f,0x83,0x45,0x88,0x9d,0x73,0x63,0xf8,0x6b,0xae,0xc9,0xd6,0x38,0xfa,0xf7,0xfe,0x4f,0xb7,0xca,0x0d,0xbc,0x32,0x5e,0xe4,0xbc,0x14,0x88,0x7e,0x93,0x73,0x7f,0x87,0x3b,0x19,0xc9,0x00,0x2e,0xbb,0x6b,0x50,0xdc,0xe0,0x90,0xa8,0xe3,0xec,0x9f,0x64,0xde,0x36,0xc0,0xb7,0xf3,0xec,0x1a,0x9e,0xde,0x98,0x08,0x04,0x46,0x5f,0x8d,0xf4,0x7b,0x29,0x16,0x71,0x03,0xb9,0x34,0x68,0xf0,0xd4,0x22,0x3b,0xd1,0xa9,0xc6,0xbd,0x96,0x46,0x57,0x15,0x97,0xe1,0x35,0xe8,0xd5,0x91,0xe8,0xa4,0xf8,0x2c},
+	{0x67,0x0f,0x11,0x07,0x87,0xfd,0x93,0x6d,0x49,0xb5,0x38,0x7c,0xd3,0x09,0x4c,0xdd,0x86,0x6a,0x73,0xc2,0x4c,0x6a,0xb1,0x7c,0x09,0x2a,0x25,0x58,0x6e,0xbd,0x49,0x20,0xa2,0x6b,0xd0,0x17,0x7e,0x48,0xb5,0x2c,0x6b,0x19,0x50,0x39,0x1c,0x38,0xd2,0x24,0x30,0x8a,0x97,0x85,0x81,0x9c,0x65,0xd7,0xf6,0xa4,0xd6,0x91,0x28,0x7f,0x6f,0x7a,0x49,0xef,0x9a,0x6a,0x8d,0xfd,0x09,0x7d,0x0b,0xb9,0x3d,0x5b,0xbe,0x60,0xee,0xf0,0xd4,0xbf,0x9e,0x51,0x2c,0xb5,0x21,0x4c,0x1d,0x94,0x45,0xc5,0xdf,0xaa,0x11,0x60},
+	{0x3c,0xf8,0x95,0xcf,0x6d,0x92,0x67,0x5f,0x71,0x90,0x28,0x71,0x61,0x85,0x7e,0x7c,0x5b,0x7a,0x8f,0x99,0xf3,0xe7,0xa1,0xd6,0xe0,0xf9,0x62,0x0b,0x1b,0xcc,0xc5,0x6f,0x90,0xf8,0xcb,0x02,0xc8,0xd0,0xde,0x63,0xaa,0x6a,0xff,0x0d,0xca,0x98,0xd0,0xfb,0x99,0xed,0xb6,0xb9,0xfd,0x0a,0x4d,0x62,0x1e,0x0b,0x34,0x79,0xb7,0x18,0xce,0x69,0xcb,0x79,0x98,0xb2,0x28,0x55,0xef,0xd1,0x92,0x90,0x7e,0xd4,0x3c,0xae,0x1a,0xdd,0x52,0x23,0x9f,0x18,0x42,0x04,0x7e,0x12,0xf1,0x01,0x71,0xe5,0x3a,0x6b,0x59,0x15},
+	{0xa2,0x79,0x91,0x3f,0xd2,0x39,0x27,0x46,0xcf,0xdd,0xd6,0x97,0x31,0x12,0x83,0xff,0x8a,0x14,0xf2,0x53,0xb5,0xde,0x07,0x13,0xda,0x4d,0x5f,0x7b,0x68,0x37,0x22,0x0d,0xca,0x24,0x51,0x7e,0x16,0x31,0xff,0x09,0xdf,0x45,0xc7,0xd9,0x8b,0x15,0xe4,0x0b,0xe5,0x56,0xf5,0x7e,0x22,0x7d,0x2b,0x29,0x38,0xd1,0xb6,0xaf,0x41,0xe2,0xa4,0x3a,0xf5,0x05,0x33,0x2a,0xbf,0x38,0xc1,0x2c,0xc3,0x26,0xe9,0xa2,0x8f,0x3f,0x58,0x48,0xeb,0xd2,0x49,0x55,0xa2,0xb1,0x3a,0x08,0x6c,0xa3,0x87,0x46,0x6e,0xaa,0xfc,0x32},
+	{0xf5,0x9a,0x7d,0xc5,0x8d,0x6e,0xc5,0x7b,0xf2,0xbd,0xf0,0x9d,0xed,0xd2,0x0b,0x3e,0xa3,0xe4,0xef,0x22,0xde,0x14,0xc0,0xaa,0x5c,0x6a,0xbd,0xfe,0xce,0xe9,0x27,0x46,0xdf,0xcc,0x87,0x27,0x73,0xa4,0x07,0x32,0xf8,0xe3,0x13,0xf2,0x08,0x19,0xe3,0x17,0x4e,0x96,0x0d,0xf6,0xd7,0xec,0xb2,0xd5,0xe9,0x0b,0x60,0xc2,0x36,0x63,0x6f,0x74,0x1c,0x97,0x6c,0xab,0x45,0xf3,0x4a,0x3f,0x1f,0x73,0x43,0x99,0x72,0xeb,0x88,0xe2,0x6d,0x18,0x44,0x03,0x8a,0x6a,0x59,0x33,0x93,0x62,0xd6,0x7e,0x00,0x17,0x49,0x7b},
+	{0x64,0xb0,0x84,0xab,0x5c,0xfb,0x85,0x2d,0x14,0xbc,0xf3,0x89,0xd2,0x10,0x78,0x49,0x0c,0xce,0x15,0x7b,0x44,0xdc,0x6a,0x47,0x7b,0xfd,0x44,0xf8,0x76,0xa3,0x2b,0x12,0xdd,0xa2,0x53,0xdd,0x28,0x1b,0x34,0x54,0x3f,0xfc,0x42,0xdf,0x5b,0x90,0x17,0xaa,0xf4,0xf8,0xd2,0x4d,0xd9,0x92,0xf5,0x0f,0x7d,0xd3,0x8c,0xe0,0x0f,0x62,0x03,0x1d,0x54,0xe5,0xb4,0xa2,0xcd,0x32,0x02,0xc2,0x7f,0x18,0x5d,0x11,0x42,0xfd,0xd0,0x9e,0xd9,0x79,0xd4,0x7d,0xbe,0xb4,0xab,0x2e,0x4c,0xec,0x68,0x2b,0xf5,0x0b,0xc7,0x02},
+	{0xbb,0x2f,0x0b,0x5d,0x4b,0xec,0x87,0xa2,0xca,0x82,0x48,0x07,0x90,0x57,0x5c,0x41,0x5c,0x81,0xd0,0xc1,0x1e,0xa6,0x44,0xe0,0xe0,0xf5,0x9e,0x40,0x0a,0x4f,0x33,0x26,0xe1,0x72,0x8d,0x45,0xbf,0x32,0xe5,0xac,0xb5,0x3c,0xb7,0x7c,0xe0,0x68,0xe7,0x5b,0xe7,0xbd,0x8b,0xee,0x94,0x7d,0xcf,0x56,0x03,0x3a,0xb4,0xfe,0xe3,0x97,0x06,0x6b,0xc0,0xa3,0x62,0xdf,0x4a,0xf0,0xc8,0xb6,0x5d,0xa4,0x6d,0x07,0xef,0x00,0xf0,0x3e,0xa9,0xd2,0xf0,0x49,0x58,0xb9,0x9c,0x9c,0xae,0x2f,0x1b,0x44,0x43,0x7f,0xc3,0x1c},
+	{0x4f,0x32,0xc7,0x5c,0x5a,0x56,0x8f,0x50,0x22,0xa9,0x06,0xe5,0xc0,0xc4,0x61,0xd0,0x19,0xac,0x45,0x5c,0xdb,0xab,0x18,0xfb,0x4a,0x31,0x80,0x03,0xc1,0x09,0x68,0x6c,0xb9,0xae,0xce,0xc9,0xf1,0x56,0x66,0xd7,0x6a,0x65,0xe5,0x18,0xf8,0x15,0x5b,0x1c,0x34,0x23,0x4c,0x84,0x32,0x28,0xe7,0x26,0x38,0x68,0x19,0x2f,0x77,0x6f,0x34,0x3a,0xc8,0x6a,0xda,0xe2,0x12,0x51,0xd5,0xd2,0xed,0x51,0xe8,0xb1,0x31,0x03,0xbd,0xe9,0x62,0x72,0xc6,0x8e,0xdd,0x46,0x07,0x96,0xd0,0xc5,0xf7,0x6e,0x9f,0x1b,0x91,0x05},
+	{0xbb,0x0e,0xdf,0xf5,0x83,0x99,0x33,0xc1,0xac,0x4c,0x2c,0x51,0x8f,0x75,0xf3,0xc0,0xe1,0x98,0xb3,0x0b,0x0a,0x13,0xf1,0x2c,0x62,0x0c,0x27,0xaa,0xf9,0xec,0x3c,0x6b,0xef,0xea,0x2e,0x51,0xf3,0xac,0x49,0x53,0x49,0xcb,0xc1,0x1c,0xd3,0x41,0xc1,0x20,0x8d,0x68,0x9a,0xa9,0x07,0x0c,0x18,0x24,0x17,0x2d,0x4b,0xc6,0xd1,0xf9,0x5e,0x55,0x08,0xbd,0x73,0x3b,0xba,0x70,0xa7,0x36,0x0c,0xbf,0xaf,0xa3,0x08,0xef,0x4a,0x62,0xf2,0x46,0x09,0xb4,0x98,0xff,0x37,0x57,0x9d,0x74,0x81,0x33,0xe1,0x4d,0x5f,0x67},
+	{0xfc,0x82,0x17,0x6b,0x03,0x52,0x2c,0x0e,0xb4,0x83,0xad,0x6c,0x81,0x6c,0x81,0x64,0x3e,0x07,0x64,0x69,0xd9,0xbd,0xdc,0xd0,0x20,0xc5,0x64,0x01,0xf7,0x9d,0xd9,0x13,0x1d,0xb3,0xda,0x3b,0xd9,0xf6,0x2f,0xa1,0xfe,0x2d,0x65,0x9d,0x0f,0xd8,0x25,0x07,0x87,0x94,0xbe,0x9a,0xf3,0x4f,0x9c,0x01,0x43,0x3c,0xcd,0x82,0xb8,0x50,0xf4,0x60,0xca,0xc0,0xe5,0x21,0xc3,0x5e,0x4b,0x01,0xa2,0xbf,0x19,0xd7,0xc9,0x69,0xcb,0x4f,0xa0,0x23,0x00,0x75,0x18,0x1c,0x5f,0x4e,0x80,0xac,0xed,0x55,0x9e,0xde,0x06,0x1c},
+	{0xe2,0xc4,0x3e,0xa3,0xd6,0x7a,0x0f,0x99,0x8e,0xe0,0x2e,0xbe,0x38,0xf9,0x08,0x66,0x15,0x45,0x28,0x63,0xc5,0x43,0xa1,0x9c,0x0d,0xb6,0x2d,0xec,0x1f,0x8a,0xf3,0x4c,0xaa,0x69,0x6d,0xff,0x40,0x2b,0xd5,0xff,0xbb,0x49,0x40,0xdc,0x18,0x0b,0x53,0x34,0x97,0x98,0x4d,0xa3,0x2f,0x5c,0x4a,0x5e,0x2d,0xba,0x32,0x7d,0x8e,0x6f,0x09,0x78,0xe7,0x5c,0xfa,0x0d,0x65,0xaa,0xaa,0xa0,0x8c,0x47,0xb5,0x48,0x2a,0x9e,0xc4,0xf9,0x5b,0x72,0x03,0x70,0x7d,0xcc,0x09,0x4f,0xbe,0x1a,0x09,0x26,0x3a,0xad,0x3c,0x37},
+	{0x7c,0xf5,0xc9,0x82,0x4d,0x63,0x94,0xb2,0x36,0x45,0x93,0x24,0xe1,0xfd,0xcb,0x1f,0x5a,0xdb,0x8c,0x41,0xb3,0x4d,0x9c,0x9e,0xfc,0x19,0x44,0x45,0xd9,0xf3,0x40,0x00,0xad,0xbb,0xdd,0x89,0xfb,0xa8,0xbe,0xf1,0xcb,0xae,0xae,0x61,0xbc,0x2c,0xcb,0x3b,0x9d,0x8d,0x9b,0x1f,0xbb,0xa7,0x58,0x8f,0x86,0xa6,0x12,0x51,0xda,0x7e,0x54,0x21,0xd3,0x86,0x59,0xfd,0x39,0xe9,0xfd,0xde,0x0c,0x38,0x0a,0x51,0x89,0x2c,0x27,0xf4,0xb9,0x19,0x31,0xbb,0x07,0xa4,0x2b,0xb7,0xf4,0x4d,0x25,0x4a,0x33,0x0a,0x55,0x63},
+	{0x37,0xcf,0x69,0xb5,0xed,0xd6,0x07,0x65,0xe1,0x2e,0xa5,0x0c,0xb0,0x29,0x84,0x17,0x5d,0xd6,0x6b,0xeb,0x90,0x00,0x7c,0xea,0x51,0x8f,0xf7,0xda,0xc7,0x62,0xea,0x3e,0x49,0x7b,0x54,0x72,0x45,0x58,0xba,0x9b,0xe0,0x08,0xc4,0xe2,0xfa,0xc6,0x05,0xf3,0x8d,0xf1,0x34,0xc7,0x69,0xfa,0xe8,0x60,0x7a,0x76,0x7d,0xaa,0xaf,0x2b,0xa9,0x39,0x4e,0x27,0x93,0xe6,0x13,0xc7,0x24,0x9d,0x75,0xd3,0xdb,0x68,0x77,0x85,0x63,0x5f,0x9a,0xb3,0x8a,0xeb,0x60,0x55,0x52,0x70,0xcd,0xc4,0xc9,0x65,0x06,0x6a,0x43,0x68},
+	{0x27,0x3f,0x2f,0x20,0xe8,0x35,0x02,0xbc,0xb0,0x75,0xf9,0x64,0xe2,0x00,0x5c,0xc7,0x16,0x24,0x8c,0xa3,0xd5,0xe9,0xa4,0x91,0xf9,0x89,0xb7,0x8a,0xf6,0xe7,0xb6,0x17,0x7c,0x10,0x20,0xe8,0x17,0xd3,0x56,0x1e,0x65,0xe9,0x0a,0x84,0x44,0x68,0x26,0xc5,0x7a,0xfc,0x0f,0x32,0xc6,0xa1,0xe0,0xc1,0x72,0x14,0x61,0x91,0x9c,0x66,0x73,0x53,0x57,0x52,0x0e,0x9a,0xab,0x14,0x28,0x5d,0xfc,0xb3,0xca,0xc9,0x84,0x20,0x8f,0x90,0xca,0x1e,0x2d,0x5b,0x88,0xf5,0xca,0xaf,0x11,0x7d,0xf8,0x78,0xa6,0xb5,0xb4,0x1c},
+	{0x6c,0xfc,0x4a,0x39,0x6b,0xc0,0x64,0xb6,0xb1,0x5f,0xda,0x98,0x24,0xde,0x88,0x0c,0x34,0xd8,0xca,0x4b,0x16,0x03,0x8d,0x4f,0xa2,0x34,0x74,0xde,0x78,0xca,0x0b,0x33,0xe7,0x07,0xa0,0xa2,0x62,0xaa,0x74,0x6b,0xb1,0xc7,0x71,0xf0,0xb0,0xe0,0x11,0xf3,0x23,0xe2,0x0b,0x00,0x38,0xe4,0x07,0x57,0xac,0x6e,0xef,0x82,0x2d,0xfd,0xc0,0x2d,0x4e,0x74,0x19,0x11,0x84,0xff,0x2e,0x98,0x24,0x47,0x07,0x2b,0x96,0x5e,0x69,0xf9,0xfb,0x53,0xc9,0xbf,0x4f,0xc1,0x8a,0xc5,0xf5,0x1c,0x9f,0x36,0x1b,0xbe,0x31,0x3c},
+	{0xee,0x8a,0x94,0x08,0x4d,0x86,0xf4,0xb0,0x6f,0x1c,0xba,0x91,0xee,0x19,0xdc,0x07,0x58,0xa1,0xac,0xa6,0xae,0xcd,0x75,0x79,0xbb,0xd4,0x62,0x42,0x13,0x61,0x0b,0x33,0x72,0x42,0xcb,0xf9,0x93,0xbc,0x68,0xc1,0x98,0xdb,0xce,0xc7,0x1f,0x71,0xb8,0xae,0x7a,0x8d,0xac,0x34,0xaa,0x52,0x0e,0x7f,0xbb,0x55,0x7d,0x7e,0x09,0xc1,0xce,0x41,0x8a,0x80,0x6d,0xa2,0xd7,0x19,0x96,0xf7,0x6d,0x15,0x9e,0x1d,0x9e,0xd4,0x1f,0xbb,0x27,0xdf,0xa1,0xdb,0x6c,0xc3,0xd7,0x73,0x7d,0x77,0x28,0x1f,0xd9,0x4c,0xb4,0x26},
+	{0x75,0x74,0x38,0x8f,0x47,0x48,0xf0,0x51,0x3c,0xcb,0xbe,0x9c,0xf4,0xbc,0x5d,0xb2,0x55,0x20,0x9f,0xd9,0x44,0x12,0xab,0x9a,0xd6,0xa5,0x10,0x1c,0x6c,0x9e,0x70,0x2c,0x83,0x03,0x73,0x62,0x93,0xf2,0xb7,0xe1,0x2c,0x8a,0xca,0xeb,0xff,0x79,0x52,0x4b,0x14,0x13,0xd4,0xbf,0x8a,0x77,0xfc,0xda,0x0f,0x61,0x72,0x9c,0x14,0x10,0xeb,0x7d,0x7a,0xee,0x66,0x87,0x6a,0xaf,0x62,0xcb,0x0e,0xcd,0x53,0x55,0x04,0xec,0xcb,0x66,0xb5,0xe4,0x0b,0x0f,0x38,0x01,0x80,0x58,0xea,0xe2,0x2c,0xf6,0x9f,0x8e,0xe6,0x08},
+	{0xad,0x30,0xc1,0x4b,0x0a,0x50,0xad,0x34,0x9c,0xd4,0x0b,0x3d,0x49,0xdb,0x38,0x8d,0xbe,0x89,0x0a,0x50,0x98,0x3d,0x5c,0xa2,0x09,0x3b,0xba,0xee,0x87,0x3f,0x1f,0x2f,0xf9,0xf2,0xb8,0x0a,0xd5,0x09,0x2d,0x2f,0xdf,0x23,0x59,0xc5,0x8d,0x21,0xb9,0xac,0xb9,0x6c,0x76,0x73,0x26,0x34,0x8f,0x4a,0xf5,0x19,0xf7,0x38,0xd7,0x3b,0xb1,0x4c,0x4a,0xb6,0x15,0xe5,0x75,0x8c,0x84,0xf7,0x38,0x90,0x4a,0xdb,0xba,0x01,0x95,0xa5,0x50,0x1b,0x75,0x3f,0x3f,0x31,0x0d,0xc2,0xe8,0x2e,0xae,0xc0,0x53,0xe3,0xa1,0x19},
+	{0xc3,0x05,0xfa,0xba,0x60,0x75,0x1c,0x7d,0x61,0x5e,0xe5,0xc6,0xa0,0xa0,0xe1,0xb3,0x73,0x64,0xd6,0xc0,0x18,0x97,0x52,0xe3,0x86,0x34,0x0c,0xc2,0x11,0x6b,0x54,0x41,0xbd,0xbd,0x96,0xd5,0xcd,0x72,0x21,0xb4,0x40,0xfc,0xee,0x98,0x43,0x45,0xe0,0x93,0xb5,0x09,0x41,0xb4,0x47,0x53,0xb1,0x9f,0x34,0xae,0x66,0x02,0x99,0xd3,0x6b,0x73,0xb4,0xb3,0x34,0x93,0x50,0x2d,0x53,0x85,0x73,0x65,0x81,0x60,0x4b,0x11,0xfd,0x46,0x75,0x83,0x5c,0x42,0x30,0x5f,0x5f,0xcc,0x5c,0xab,0x7f,0xb8,0xa2,0x95,0x22,0x41},
+	{0xe9,0xd6,0x7e,0xf5,0x88,0x9b,0xc9,0x19,0x25,0xc8,0xf8,0x6d,0x26,0xcb,0x93,0x53,0x73,0xd2,0x0a,0xb3,0x13,0x32,0xee,0x5c,0x34,0x2e,0x2d,0xb5,0xeb,0x53,0xe1,0x14,0xc6,0xea,0x93,0xe2,0x61,0x52,0x65,0x2e,0xdb,0xac,0x33,0x21,0x03,0x92,0x5a,0x84,0x6b,0x99,0x00,0x79,0xcb,0x75,0x09,0x46,0x80,0xdd,0x5a,0x19,0x8d,0xbb,0x60,0x07,0x8a,0x81,0xe6,0xcd,0x17,0x1a,0x3e,0x41,0x84,0xa0,0x69,0xed,0xa9,0x6d,0x15,0x57,0xb1,0xcc,0xca,0x46,0x8f,0x26,0xbf,0x2c,0xf2,0xc5,0x3a,0xc3,0x9b,0xbe,0x34,0x6b},
+	{0xb2,0xc0,0x78,0x3a,0x64,0x2f,0xdf,0xf3,0x7c,0x02,0x2e,0xf2,0x1e,0x97,0x3e,0x4c,0xa3,0xb5,0xc1,0x49,0x5e,0x1c,0x7d,0xec,0x2d,0xdd,0x22,0x09,0x8f,0xc1,0x12,0x20,0xd3,0xf2,0x71,0x65,0x65,0x69,0xfc,0x11,0x7a,0x73,0x0e,0x53,0x45,0xe8,0xc9,0xc6,0x35,0x50,0xfe,0xd4,0xa2,0xe7,0x3a,0xe3,0x0b,0xd3,0x6d,0x2e,0xb6,0xc7,0xb9,0x01,0x29,0x9d,0xc8,0x5a,0xe5,0x55,0x0b,0x88,0x63,0xa7,0xa0,0x45,0x1f,0x24,0x83,0x14,0x1f,0x6c,0xe7,0xc2,0xdf,0xef,0x36,0x3d,0xe8,0xad,0x4b,0x4e,0x78,0x5b,0xaf,0x08},
+	{0x33,0x25,0x1f,0x88,0xdc,0x99,0x34,0x28,0xb6,0x23,0x93,0x77,0xda,0x25,0x05,0x9d,0xf4,0x41,0x34,0x67,0xfb,0xdd,0x7a,0x89,0x8d,0x16,0x3a,0x16,0x71,0x9d,0xb7,0x32,0x4b,0x2c,0xcc,0x89,0xd2,0x14,0x73,0xe2,0x8d,0x17,0x87,0xa2,0x11,0xbd,0xe4,0x4b,0xce,0x64,0x33,0xfa,0xd6,0x28,0xd5,0x18,0x6e,0x82,0xd9,0xaf,0xd5,0xc1,0x23,0x64,0x6a,0xb3,0xfc,0xed,0xd9,0xf8,0x85,0xcc,0xf9,0xe5,0x46,0x37,0x8f,0xc2,0xbc,0x22,0xcd,0xd3,0xe5,0xf9,0x38,0xe3,0x9d,0xe4,0xcc,0x2d,0x3e,0xc1,0xfb,0x5e,0x0a,0x48},
+	{0x71,0x20,0x62,0x01,0x0b,0xe7,0x51,0x0b,0xc5,0xaf,0x1d,0x8b,0xcf,0x05,0xb5,0x06,0xcd,0xab,0x5a,0xef,0x61,0xb0,0x6b,0x2c,0x31,0xbf,0xb7,0x0c,0x60,0x27,0xaa,0x47,0x1f,0x22,0xce,0x42,0xe4,0x4c,0x61,0xb6,0x28,0x39,0x05,0x4c,0xcc,0x9d,0x19,0x6e,0x03,0xbe,0x1c,0xdc,0xa4,0xb4,0x3f,0x66,0x06,0x8e,0x1c,0x69,0x47,0x1d,0xb3,0x24,0xc3,0xf8,0x15,0xc0,0xed,0x1e,0x54,0x2a,0x7c,0x3f,0x69,0x7c,0x7e,0xfe,0xa4,0x11,0xd6,0x78,0xa2,0x4e,0x13,0x66,0xaf,0xf0,0x94,0xa0,0xdd,0x14,0x5d,0x58,0x5b,0x54},
+	{0x0f,0x3a,0xd4,0xa0,0x5e,0x27,0xbf,0x67,0xbe,0xee,0x9b,0x08,0x34,0x8e,0xe6,0xad,0x2e,0xe7,0x79,0xd4,0x4c,0x13,0x89,0x42,0x54,0x54,0xba,0x32,0xc3,0xf9,0x62,0x0f,0xe1,0x21,0xb3,0xe3,0xd0,0xe4,0x04,0x62,0x95,0x1e,0xff,0x28,0x7a,0x63,0xaa,0x3b,0x9e,0xbd,0x99,0x5b,0xfd,0xcf,0x0c,0x0b,0x71,0xd0,0xc8,0x64,0x3e,0xdc,0x22,0x4d,0x39,0x5f,0x3b,0xd6,0x89,0x65,0xb4,0xfc,0x61,0xcf,0xcb,0x57,0x3f,0x6a,0xae,0x5c,0x05,0xfa,0x3a,0x95,0xd2,0xc2,0xba,0xfe,0x36,0x14,0x37,0x36,0x1a,0xa0,0x0f,0x1c},
+	{0xff,0x3d,0x94,0x22,0xb6,0x04,0xc6,0xd2,0xa0,0xb3,0xcf,0x44,0xce,0xbe,0x8c,0xbc,0x78,0x86,0x80,0x97,0xf3,0x4f,0x25,0x5d,0xbf,0xa6,0x1c,0x3b,0x4f,0x61,0xa3,0x0f,0x50,0x6a,0x93,0x8c,0x0e,0x2b,0x08,0x69,0xb6,0xc5,0xda,0xc1,0x35,0xa0,0xc9,0xf9,0x34,0xb6,0xdf,0xc4,0x54,0x3e,0xb7,0x6f,0x40,0xc1,0x2b,0x1d,0x9b,0x41,0x05,0x40,0xf0,0x82,0xbe,0xb9,0xbd,0xfe,0x03,0xa0,0x90,0xac,0x44,0x3a,0xaf,0xc1,0x89,0x20,0x8e,0xfa,0x54,0x19,0x91,0x9f,0x49,0xf8,0x42,0xab,0x40,0xef,0x8a,0x21,0xba,0x1f},
+	{0x3e,0xf5,0xc8,0xfa,0x48,0x94,0x54,0xab,0x41,0x37,0xa6,0x7b,0x9a,0xe8,0xf6,0x81,0x01,0x5e,0x2b,0x6c,0x7d,0x6c,0xfd,0x74,0x42,0x6e,0xc8,0xa8,0xca,0x3a,0x2e,0x39,0x94,0x01,0x7b,0x3e,0x04,0x57,0x3e,0x4f,0x7f,0xaf,0xda,0x08,0xee,0x3e,0x1d,0xa8,0xf1,0xde,0xdc,0x99,0xab,0xc6,0x39,0xc8,0xd5,0x61,0x77,0xff,0x13,0x5d,0x53,0x6c,0xaf,0x35,0x8a,0x3e,0xe9,0x34,0xbd,0x4c,0x16,0xe8,0x87,0x58,0x44,0x81,0x07,0x2e,0xab,0xb0,0x9a,0xf2,0x76,0x9c,0x31,0x19,0x3b,0xc1,0x0a,0xd5,0xe4,0x7f,0xe1,0x25},
+	{0x76,0xf6,0x04,0x1e,0xd7,0x9b,0x28,0x0a,0x95,0x0f,0x42,0xd6,0x52,0x1c,0x8e,0x20,0xab,0x1f,0x69,0x34,0xb0,0xd8,0x86,0x51,0x51,0xb3,0x9f,0x2a,0x44,0x51,0x57,0x25,0xa7,0x21,0xf1,0x76,0xf5,0x7f,0x5f,0x91,0xe3,0x87,0xcd,0x2f,0x27,0x32,0x4a,0xc3,0x26,0xe5,0x1b,0x4d,0xde,0x2f,0xba,0xcc,0x9b,0x89,0x69,0x89,0x8f,0x82,0xba,0x6b,0x01,0x39,0xfe,0x90,0x66,0xbc,0xd1,0xe2,0xd5,0x7a,0x99,0xa0,0x18,0x4a,0xb5,0x4c,0xd4,0x60,0x84,0xaf,0x14,0x69,0x1d,0x97,0xe4,0x7b,0x6b,0x7f,0x4f,0x50,0x9d,0x55},
+	{0xd5,0x54,0xeb,0xb3,0x78,0x83,0x73,0xa7,0x7c,0x3c,0x55,0xa5,0x66,0xd3,0x69,0x1d,0xba,0x00,0x28,0xf9,0x62,0xcf,0x26,0x0a,0x17,0x32,0x7e,0x80,0xd5,0x12,0xab,0x01,0xfd,0x66,0xd2,0xf6,0xe7,0x91,0x48,0x9c,0x1b,0x78,0x07,0x03,0x9b,0xa1,0x44,0x07,0x3b,0xe2,0x61,0x60,0x1d,0x8f,0x38,0x88,0x0e,0xd5,0x4b,0x35,0xa3,0xa6,0x3e,0x12,0x96,0x2d,0xe3,0x41,0x90,0x18,0x8d,0x11,0x48,0x58,0x31,0xd8,0xc2,0xe3,0xed,0xb9,0xd9,0x45,0x32,0xd8,0x71,0x42,0xab,0x1e,0x54,0xa1,0x18,0xc9,0xe2,0x61,0x39,0x4a},
+	{0xa0,0xbb,0xe6,0xf8,0xe0,0x3b,0xdc,0x71,0x0a,0xe3,0xff,0x7e,0x34,0xf8,0xce,0xd6,0x6a,0x47,0x3a,0xe1,0x5f,0x42,0x92,0xa9,0x63,0xb7,0x1d,0xfb,0xe3,0xbc,0xd6,0x2c,0x1e,0x3f,0x23,0xf3,0x44,0xd6,0x27,0x03,0x16,0xf0,0xfc,0x34,0x0e,0x26,0x9a,0x49,0x79,0xb9,0xda,0xf2,0x16,0xa7,0xb5,0x83,0x1f,0x11,0xd4,0x9b,0xad,0xee,0xac,0x68,0x10,0xc2,0xd7,0xf3,0x0e,0xc9,0xb4,0x38,0x0c,0x04,0xad,0xb7,0x24,0x6e,0x8e,0x30,0x23,0x3e,0xe7,0xb7,0xf1,0xd9,0x60,0x38,0x97,0xf5,0x08,0xb5,0xd5,0x60,0x57,0x59},
+	{0x97,0x63,0xaa,0x04,0xe1,0xbf,0x29,0x61,0xcb,0xfc,0xa7,0xa4,0x08,0x00,0x96,0x8f,0x58,0x94,0x90,0x7d,0x89,0xc0,0x8b,0x3f,0xa9,0x91,0xb2,0xdc,0x3e,0xa4,0x9f,0x70,0x90,0x27,0x02,0xfd,0xeb,0xcb,0x2a,0x88,0x60,0x57,0x11,0xc4,0x05,0x33,0xaf,0x89,0xf4,0x73,0x34,0x7d,0xe3,0x92,0xf4,0x65,0x2b,0x5a,0x51,0x54,0xdf,0xc5,0xb2,0x2c,0xca,0x2a,0xfd,0x63,0x8c,0x5d,0x0a,0xeb,0xff,0x4e,0x69,0x2e,0x66,0xc1,0x2b,0xd2,0x3a,0xb0,0xcb,0xf8,0x6e,0xf3,0x23,0x27,0x1f,0x13,0xc8,0xf0,0xec,0x29,0xf0,0x70},
+	{0x33,0x3e,0xed,0x2e,0xb3,0x07,0x13,0x46,0xe7,0x81,0x55,0xa4,0x33,0x2f,0x04,0xae,0x66,0x03,0x5f,0x19,0xd3,0x49,0x44,0xc9,0x58,0x48,0x31,0x6c,0x8a,0x5d,0x7d,0x0b,0xb9,0xb0,0x10,0x5e,0xaa,0xaf,0x6a,0x2a,0xa9,0x1a,0x04,0xef,0x70,0xa3,0xf0,0x78,0x1f,0xd6,0x3a,0xaa,0x77,0xfb,0x3e,0x77,0xe1,0xd9,0x4b,0xa7,0xa2,0xa5,0xec,0x44,0x43,0xd5,0x95,0x7b,0x32,0x48,0xd4,0x25,0x1d,0x0f,0x34,0xa3,0x00,0x83,0xd3,0x70,0x2b,0xc5,0xe1,0x60,0x1c,0x53,0x1c,0xde,0xe4,0xe9,0x7d,0x2c,0x51,0x24,0x22,0x27},
+	{0x2e,0x34,0xc5,0x49,0xaf,0x92,0xbc,0x1a,0xd0,0xfa,0xe6,0xb2,0x11,0xd8,0xee,0xff,0x29,0x4e,0xc8,0xfc,0x8d,0x8c,0xa2,0xef,0x43,0xc5,0x4c,0xa4,0x18,0xdf,0xb5,0x11,0xfc,0x75,0xa9,0x42,0x8a,0xbb,0x7b,0xbf,0x58,0xa3,0xad,0x96,0x77,0x39,0x5c,0x8c,0x48,0xaa,0xed,0xcd,0x6f,0xc7,0x7f,0xe2,0xa6,0x20,0xbc,0xf6,0xd7,0x5f,0x73,0x19,0x66,0x42,0xc8,0x42,0xd0,0x90,0xab,0xe3,0x7e,0x54,0x19,0x7f,0x0f,0x8e,0x84,0xeb,0xb9,0x97,0xa4,0x65,0xd0,0xa1,0x03,0x25,0x5f,0x89,0xdf,0x91,0x11,0x91,0xef,0x0f}
+};
diff --git a/src/ext/ed25519/donna/ed25519-donna-batchverify.h b/src/ext/ed25519/donna/ed25519-donna-batchverify.h
new file mode 100644
index 0000000000..43c4923b3e
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-batchverify.h
@@ -0,0 +1,275 @@
+/*
+	Ed25519 batch verification
+*/
+
+#define max_batch_size 64
+#define heap_batch_size ((max_batch_size * 2) + 1)
+
+/* which limb is the 128th bit in? */
+static const size_t limb128bits = (128 + bignum256modm_bits_per_limb - 1) / bignum256modm_bits_per_limb;
+
+typedef size_t heap_index_t;
+
+typedef struct batch_heap_t {
+	unsigned char r[heap_batch_size][16]; /* 128 bit random values */
+	ge25519 points[heap_batch_size];
+	bignum256modm scalars[heap_batch_size];
+	heap_index_t heap[heap_batch_size];
+	size_t size;
+} batch_heap;
+
+/* swap two values in the heap */
+static void
+heap_swap(heap_index_t *heap, size_t a, size_t b) {
+	heap_index_t temp;
+	temp = heap[a];
+	heap[a] = heap[b];
+	heap[b] = temp;
+}
+
+/* add the scalar at the end of the list to the heap */
+static void
+heap_insert_next(batch_heap *heap) {
+	size_t node = heap->size, parent;
+	heap_index_t *pheap = heap->heap;
+	bignum256modm *scalars = heap->scalars;
+
+	/* insert at the bottom */
+	pheap[node] = (heap_index_t)node;
+
+	/* sift node up to its sorted spot */
+	parent = (node - 1) / 2;
+	while (node && lt256_modm_batch(scalars[pheap[parent]], scalars[pheap[node]], bignum256modm_limb_size - 1)) {
+		heap_swap(pheap, parent, node);
+		node = parent;
+		parent = (node - 1) / 2;
+	}
+	heap->size++;
+}
+
+/* update the heap when the root element is updated */
+static void
+heap_updated_root(batch_heap *heap, size_t limbsize) {
+	size_t node, parent, childr, childl;
+	heap_index_t *pheap = heap->heap;
+	bignum256modm *scalars = heap->scalars;
+
+	/* sift root to the bottom */
+	parent = 0;
+	node = 1;
+	childl = 1;
+	childr = 2;
+	while ((childr < heap->size)) {
+		node = lt256_modm_batch(scalars[pheap[childl]], scalars[pheap[childr]], limbsize) ? childr : childl;
+		heap_swap(pheap, parent, node);
+		parent = node;
+		childl = (parent * 2) + 1;
+		childr = childl + 1;
+	}
+
+	/* sift root back up to its sorted spot */
+	parent = (node - 1) / 2;
+	while (node && lte256_modm_batch(scalars[pheap[parent]], scalars[pheap[node]], limbsize)) {
+		heap_swap(pheap, parent, node);
+		node = parent;
+		parent = (node - 1) / 2;
+	}
+}
+
+/* build the heap with count elements, count must be >= 3 */
+static void
+heap_build(batch_heap *heap, size_t count) {
+	heap->heap[0] = 0;
+	heap->size = 0;
+	while (heap->size < count)
+		heap_insert_next(heap);
+}
+
+/* extend the heap to contain new_count elements */
+static void
+heap_extend(batch_heap *heap, size_t new_count) {
+	while (heap->size < new_count)
+		heap_insert_next(heap);
+}
+
+/* get the top 2 elements of the heap */
+static void
+heap_get_top2(batch_heap *heap, heap_index_t *max1, heap_index_t *max2, size_t limbsize) {
+	heap_index_t h0 = heap->heap[0], h1 = heap->heap[1], h2 = heap->heap[2];
+	if (lt256_modm_batch(heap->scalars[h1], heap->scalars[h2], limbsize))
+		h1 = h2;
+	*max1 = h0;
+	*max2 = h1;
+}
+
+/* */
+static void
+ge25519_multi_scalarmult_vartime_final(ge25519 *r, ge25519 *point, bignum256modm scalar) {
+	const bignum256modm_element_t topbit = ((bignum256modm_element_t)1 << (bignum256modm_bits_per_limb - 1));
+	size_t limb = limb128bits;
+	bignum256modm_element_t flag;
+
+	if (isone256_modm_batch(scalar)) {
+		/* this will happen most of the time after bos-carter */
+		*r = *point;
+		return;
+	} else if (iszero256_modm_batch(scalar)) {
+		/* this will only happen if all scalars == 0 */
+		memset(r, 0, sizeof(*r));
+		r->y[0] = 1;
+		r->z[0] = 1;
+		return;
+	}
+
+	*r = *point;
+
+	/* find the limb where first bit is set */
+	while (!scalar[limb])
+		limb--;
+
+	/* find the first bit */
+	flag = topbit;
+	while ((scalar[limb] & flag) == 0)
+		flag >>= 1;
+
+	/* exponentiate */
+	for (;;) {
+		ge25519_double(r, r);
+		if (scalar[limb] & flag)
+			ge25519_add(r, r, point);
+
+		flag >>= 1;
+		if (!flag) {
+			if (!limb--)
+				break;
+			flag = topbit;
+		}
+	}
+}
+
+/* count must be >= 5 */
+static void
+ge25519_multi_scalarmult_vartime(ge25519 *r, batch_heap *heap, size_t count) {
+	heap_index_t max1, max2;
+
+	/* start with the full limb size */
+	size_t limbsize = bignum256modm_limb_size - 1;
+
+	/* whether the heap has been extended to include the 128 bit scalars */
+	int extended = 0;
+
+	/* grab an odd number of scalars to build the heap, unknown limb sizes */
+	heap_build(heap, ((count + 1) / 2) | 1);
+
+	for (;;) {
+		heap_get_top2(heap, &max1, &max2, limbsize);
+
+		/* only one scalar remaining, we're done */
+		if (iszero256_modm_batch(heap->scalars[max2]))
+			break;
+
+		/* exhausted another limb? */
+		if (!heap->scalars[max1][limbsize])
+			limbsize -= 1;
+
+		/* can we extend to the 128 bit scalars? */
+		if (!extended && isatmost128bits256_modm_batch(heap->scalars[max1])) {
+			heap_extend(heap, count);
+			heap_get_top2(heap, &max1, &max2, limbsize);
+			extended = 1;
+		}
+
+		sub256_modm_batch(heap->scalars[max1], heap->scalars[max1], heap->scalars[max2], limbsize);
+		ge25519_add(&heap->points[max2], &heap->points[max2], &heap->points[max1]);
+		heap_updated_root(heap, limbsize);
+	}
+
+	ge25519_multi_scalarmult_vartime_final(r, &heap->points[max1], heap->scalars[max1]);
+}
+
+/* not actually used for anything other than testing */
+unsigned char batch_point_buffer[3][32];
+
+static int
+ge25519_is_neutral_vartime(const ge25519 *p) {
+	static const unsigned char zero[32] = {0};
+	unsigned char point_buffer[3][32];
+	curve25519_contract(point_buffer[0], p->x);
+	curve25519_contract(point_buffer[1], p->y);
+	curve25519_contract(point_buffer[2], p->z);
+	memcpy(batch_point_buffer[1], point_buffer[1], 32);
+	return (memcmp(point_buffer[0], zero, 32) == 0) && (memcmp(point_buffer[1], point_buffer[2], 32) == 0);
+}
+
+int
+ED25519_FN(ed25519_sign_open_batch) (const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid) {
+	batch_heap ALIGN(16) batch;
+	ge25519 ALIGN(16) p;
+	bignum256modm *r_scalars;
+	size_t i, batchsize;
+	unsigned char hram[64];
+	int ret = 0;
+
+	for (i = 0; i < num; i++)
+		valid[i] = 1;
+
+	while (num > 3) {
+		batchsize = (num > max_batch_size) ? max_batch_size : num;
+
+		/* generate r (scalars[batchsize+1]..scalars[2*batchsize] */
+		ED25519_FN(ed25519_randombytes_unsafe) (batch.r, batchsize * 16);
+		r_scalars = &batch.scalars[batchsize + 1];
+		for (i = 0; i < batchsize; i++)
+			expand256_modm(r_scalars[i], batch.r[i], 16);
+
+		/* compute scalars[0] = ((r1s1 + r2s2 + ...)) */
+		for (i = 0; i < batchsize; i++) {
+			expand256_modm(batch.scalars[i], RS[i] + 32, 32);
+			mul256_modm(batch.scalars[i], batch.scalars[i], r_scalars[i]);
+		}
+		for (i = 1; i < batchsize; i++)
+			add256_modm(batch.scalars[0], batch.scalars[0], batch.scalars[i]);
+
+		/* compute scalars[1]..scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
+		for (i = 0; i < batchsize; i++) {
+			ed25519_hram(hram, RS[i], pk[i], m[i], mlen[i]);
+			expand256_modm(batch.scalars[i+1], hram, 64);
+			mul256_modm(batch.scalars[i+1], batch.scalars[i+1], r_scalars[i]);
+		}
+
+		/* compute points */
+		batch.points[0] = ge25519_basepoint;
+		for (i = 0; i < batchsize; i++)
+			if (!ge25519_unpack_negative_vartime(&batch.points[i+1], pk[i]))
+				goto fallback;
+		for (i = 0; i < batchsize; i++)
+			if (!ge25519_unpack_negative_vartime(&batch.points[batchsize+i+1], RS[i]))
+				goto fallback;
+
+		ge25519_multi_scalarmult_vartime(&p, &batch, (batchsize * 2) + 1);
+		if (!ge25519_is_neutral_vartime(&p)) {
+			ret |= 2;
+
+			fallback:
+			for (i = 0; i < batchsize; i++) {
+				valid[i] = ED25519_FN(ed25519_sign_open) (m[i], mlen[i], pk[i], RS[i]) ? 0 : 1;
+				ret |= (valid[i] ^ 1);
+			}
+		}
+
+		m += batchsize;
+		mlen += batchsize;
+		pk += batchsize;
+		RS += batchsize;
+		num -= batchsize;
+		valid += batchsize;
+	}
+
+	for (i = 0; i < num; i++) {
+		valid[i] = ED25519_FN(ed25519_sign_open) (m[i], mlen[i], pk[i], RS[i]) ? 0 : 1;
+		ret |= (valid[i] ^ 1);
+	}
+
+	return ret;
+}
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-impl-base.h b/src/ext/ed25519/donna/ed25519-donna-impl-base.h
new file mode 100644
index 0000000000..48913edcb4
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-impl-base.h
@@ -0,0 +1,364 @@
+/*
+	conversions
+*/
+
+DONNA_INLINE static void
+ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) {
+	curve25519_mul(r->x, p->x, p->t);
+	curve25519_mul(r->y, p->y, p->z);
+	curve25519_mul(r->z, p->z, p->t); 
+}
+
+DONNA_INLINE static void
+ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) {
+	curve25519_mul(r->x, p->x, p->t);
+	curve25519_mul(r->y, p->y, p->z);
+	curve25519_mul(r->z, p->z, p->t); 
+	curve25519_mul(r->t, p->x, p->y); 
+}
+
+static void
+ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) {
+	curve25519_sub(p->ysubx, r->y, r->x);
+	curve25519_add(p->xaddy, r->y, r->x);
+	curve25519_copy(p->z, r->z);
+	curve25519_mul(p->t2d, r->t, ge25519_ec2d);
+}
+
+/*
+	adding & doubling
+*/
+
+static void
+ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) {
+	bignum25519 a,b,c,d,t,u;
+
+	curve25519_sub(a, p->y, p->x);
+	curve25519_add(b, p->y, p->x);
+	curve25519_sub(t, q->y, q->x);
+	curve25519_add(u, q->y, q->x);
+	curve25519_mul(a, a, t);
+	curve25519_mul(b, b, u);
+	curve25519_mul(c, p->t, q->t);
+	curve25519_mul(c, c, ge25519_ec2d);
+	curve25519_mul(d, p->z, q->z);
+	curve25519_add(d, d, d);
+	curve25519_sub(r->x, b, a);
+	curve25519_add(r->y, b, a);
+	curve25519_add_after_basic(r->z, d, c);
+	curve25519_sub_after_basic(r->t, d, c);
+}
+
+
+static void
+ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
+	bignum25519 a,b,c;
+
+	curve25519_square(a, p->x);
+	curve25519_square(b, p->y);
+	curve25519_square(c, p->z);
+	curve25519_add_reduce(c, c, c);
+	curve25519_add(r->x, p->x, p->y);
+	curve25519_square(r->x, r->x);
+	curve25519_add(r->y, b, a);
+	curve25519_sub(r->z, b, a);
+	curve25519_sub_after_basic(r->x, r->x, r->y);
+	curve25519_sub_after_basic(r->t, c, r->z);
+}
+
+static void
+ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
+	const bignum25519 *qb = (const bignum25519 *)q;
+	bignum25519 *rb = (bignum25519 *)r;
+	bignum25519 a,b,c;
+
+	curve25519_sub(a, p->y, p->x);
+	curve25519_add(b, p->y, p->x);
+	curve25519_mul(a, a, qb[signbit]); /* x for +, y for - */
+	curve25519_mul(r->x, b, qb[signbit^1]); /* y for +, x for - */
+	curve25519_add(r->y, r->x, a);
+	curve25519_sub(r->x, r->x, a);
+	curve25519_mul(c, p->t, q->t2d);
+	curve25519_add_reduce(r->t, p->z, p->z);
+	curve25519_copy(r->z, r->t);
+	curve25519_add(rb[2+signbit], rb[2+signbit], c); /* z for +, t for - */
+	curve25519_sub(rb[2+(signbit^1)], rb[2+(signbit^1)], c); /* t for +, z for - */
+}
+
+static void
+ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
+	const bignum25519 *qb = (const bignum25519 *)q;
+	bignum25519 *rb = (bignum25519 *)r;
+	bignum25519 a,b,c;
+
+	curve25519_sub(a, p->y, p->x);
+	curve25519_add(b, p->y, p->x);
+	curve25519_mul(a, a, qb[signbit]); /* ysubx for +, xaddy for - */
+	curve25519_mul(r->x, b, qb[signbit^1]); /* xaddy for +, ysubx for - */
+	curve25519_add(r->y, r->x, a);
+	curve25519_sub(r->x, r->x, a);
+	curve25519_mul(c, p->t, q->t2d);
+	curve25519_mul(r->t, p->z, q->z);
+	curve25519_add_reduce(r->t, r->t, r->t);
+	curve25519_copy(r->z, r->t);
+	curve25519_add(rb[2+signbit], rb[2+signbit], c); /* z for +, t for - */
+	curve25519_sub(rb[2+(signbit^1)], rb[2+(signbit^1)], c); /* t for +, z for - */
+}
+
+static void
+ge25519_double_partial(ge25519 *r, const ge25519 *p) {
+	ge25519_p1p1 t;
+	ge25519_double_p1p1(&t, p);
+	ge25519_p1p1_to_partial(r, &t);
+}
+
+static void
+ge25519_double(ge25519 *r, const ge25519 *p) {
+	ge25519_p1p1 t;
+	ge25519_double_p1p1(&t, p);
+	ge25519_p1p1_to_full(r, &t);
+}
+
+static void
+ge25519_add(ge25519 *r, const ge25519 *p,  const ge25519 *q) {
+	ge25519_p1p1 t;
+	ge25519_add_p1p1(&t, p, q);
+	ge25519_p1p1_to_full(r, &t);
+}
+
+static void
+ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
+	bignum25519 a,b,c,e,f,g,h;
+
+	curve25519_sub(a, r->y, r->x);
+	curve25519_add(b, r->y, r->x);
+	curve25519_mul(a, a, q->ysubx);
+	curve25519_mul(e, b, q->xaddy);
+	curve25519_add(h, e, a);
+	curve25519_sub(e, e, a);
+	curve25519_mul(c, r->t, q->t2d);
+	curve25519_add(f, r->z, r->z);
+	curve25519_add_after_basic(g, f, c);
+	curve25519_sub_after_basic(f, f, c);
+	curve25519_mul(r->x, e, f);
+	curve25519_mul(r->y, h, g);
+	curve25519_mul(r->z, g, f);
+	curve25519_mul(r->t, e, h);
+}
+
+static void
+ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
+	bignum25519 a,b,c,x,y,z,t;
+
+	curve25519_sub(a, p->y, p->x);
+	curve25519_add(b, p->y, p->x);
+	curve25519_mul(a, a, q->ysubx);
+	curve25519_mul(x, b, q->xaddy);
+	curve25519_add(y, x, a);
+	curve25519_sub(x, x, a);
+	curve25519_mul(c, p->t, q->t2d);
+	curve25519_mul(t, p->z, q->z);
+	curve25519_add(t, t, t);
+	curve25519_add_after_basic(z, t, c);
+	curve25519_sub_after_basic(t, t, c);
+	curve25519_mul(r->xaddy, x, t);
+	curve25519_mul(r->ysubx, y, z);
+	curve25519_mul(r->z, z, t);
+	curve25519_mul(r->t2d, x, y);
+	curve25519_copy(y, r->ysubx);
+	curve25519_sub(r->ysubx, r->ysubx, r->xaddy);
+	curve25519_add(r->xaddy, r->xaddy, y);
+	curve25519_mul(r->t2d, r->t2d, ge25519_ec2d);
+}
+
+
+/*
+	pack & unpack
+*/
+
+static void
+ge25519_pack(unsigned char r[32], const ge25519 *p) {
+	bignum25519 tx, ty, zi;
+	unsigned char parity[32];
+	curve25519_recip(zi, p->z);
+	curve25519_mul(tx, p->x, zi);
+	curve25519_mul(ty, p->y, zi);
+	curve25519_contract(r, ty);
+	curve25519_contract(parity, tx);
+	r[31] ^= ((parity[0] & 1) << 7);
+}
+
+static int
+ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
+	static const unsigned char zero[32] = {0};
+	static const bignum25519 one = {1};
+	unsigned char parity = p[31] >> 7;
+	unsigned char check[32];
+	bignum25519 t, root, num, den, d3;
+
+	curve25519_expand(r->y, p);
+	curve25519_copy(r->z, one);
+	curve25519_square(num, r->y); /* x = y^2 */
+	curve25519_mul(den, num, ge25519_ecd); /* den = dy^2 */
+	curve25519_sub_reduce(num, num, r->z); /* x = y^1 - 1 */
+	curve25519_add(den, den, r->z); /* den = dy^2 + 1 */
+
+	/* Computation of sqrt(num/den) */
+	/* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */
+	curve25519_square(t, den);
+	curve25519_mul(d3, t, den);
+	curve25519_square(r->x, d3);
+	curve25519_mul(r->x, r->x, den);
+	curve25519_mul(r->x, r->x, num);
+	curve25519_pow_two252m3(r->x, r->x);
+
+	/* 2. computation of r->x = num * den^3 * (num*den^7)^((p-5)/8) */
+	curve25519_mul(r->x, r->x, d3);
+	curve25519_mul(r->x, r->x, num);
+
+	/* 3. Check if either of the roots works: */
+	curve25519_square(t, r->x);
+	curve25519_mul(t, t, den);
+	curve25519_sub_reduce(root, t, num);
+	curve25519_contract(check, root);
+	if (!ed25519_verify(check, zero, 32)) {
+		curve25519_add_reduce(t, t, num);
+		curve25519_contract(check, t);
+		if (!ed25519_verify(check, zero, 32))
+			return 0;
+		curve25519_mul(r->x, r->x, ge25519_sqrtneg1);
+	}
+
+	curve25519_contract(check, r->x);
+	if ((check[0] & 1) == parity) {
+		curve25519_copy(t, r->x);
+		curve25519_neg(r->x, t);
+	}
+	curve25519_mul(r->t, r->x, r->y);
+	return 1;
+}
+
+
+/*
+	scalarmults
+*/
+
+#define S1_SWINDOWSIZE 5
+#define S1_TABLE_SIZE (1<<(S1_SWINDOWSIZE-2))
+#define S2_SWINDOWSIZE 7
+#define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2))
+
+/* computes [s1]p1 + [s2]basepoint */
+static void 
+ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
+	signed char slide1[256], slide2[256];
+	ge25519_pniels pre1[S1_TABLE_SIZE];
+	ge25519 d1;
+	ge25519_p1p1 t;
+	int32_t i;
+
+	contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
+	contract256_slidingwindow_modm(slide2, s2, S2_SWINDOWSIZE);
+
+	ge25519_double(&d1, p1);
+	ge25519_full_to_pniels(pre1, p1);
+	for (i = 0; i < S1_TABLE_SIZE - 1; i++)
+		ge25519_pnielsadd(&pre1[i+1], &d1, &pre1[i]);
+
+	/* set neutral */
+	memset(r, 0, sizeof(ge25519));
+	r->y[0] = 1;
+	r->z[0] = 1;
+
+	i = 255;
+	while ((i >= 0) && !(slide1[i] | slide2[i]))
+		i--;
+
+	for (; i >= 0; i--) {
+		ge25519_double_p1p1(&t, r);
+
+		if (slide1[i]) {
+			ge25519_p1p1_to_full(r, &t);
+			ge25519_pnielsadd_p1p1(&t, r, &pre1[abs(slide1[i]) / 2], (unsigned char)slide1[i] >> 7);
+		}
+
+		if (slide2[i]) {
+			ge25519_p1p1_to_full(r, &t);
+			ge25519_nielsadd2_p1p1(&t, r, &ge25519_niels_sliding_multiples[abs(slide2[i]) / 2], (unsigned char)slide2[i] >> 7);
+		}
+
+		ge25519_p1p1_to_partial(r, &t);
+	}
+}
+
+
+
+#if !defined(HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS)
+
+static uint32_t
+ge25519_windowb_equal(uint32_t b, uint32_t c) {
+	return ((b ^ c) - 1) >> 31;
+}
+
+static void
+ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
+	bignum25519 neg;
+	uint32_t sign = (uint32_t)((unsigned char)b >> 7);
+	uint32_t mask = ~(sign - 1);
+	uint32_t u = (b + mask) ^ mask;
+	uint32_t i;
+
+	/* ysubx, xaddy, t2d in packed form. initialize to ysubx = 1, xaddy = 1, t2d = 0 */
+	uint8_t packed[96] = {0};
+	packed[0] = 1;
+	packed[32] = 1;
+
+	for (i = 0; i < 8; i++)
+		curve25519_move_conditional_bytes(packed, table[(pos * 8) + i], ge25519_windowb_equal(u, i + 1));
+
+	/* expand in to t */
+	curve25519_expand(t->ysubx, packed +  0);
+	curve25519_expand(t->xaddy, packed + 32);
+	curve25519_expand(t->t2d  , packed + 64);
+
+	/* adjust for sign */
+	curve25519_swap_conditional(t->ysubx, t->xaddy, sign);
+	curve25519_neg(neg, t->t2d);
+	curve25519_swap_conditional(t->t2d, neg, sign);
+}
+
+#endif /* HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS */
+
+
+/* computes [s]basepoint */
+static void
+ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) {
+	signed char b[64];
+	uint32_t i;
+	ge25519_niels t;
+
+	contract256_window4_modm(b, s);
+
+	ge25519_scalarmult_base_choose_niels(&t, basepoint_table, 0, b[1]);
+	curve25519_sub_reduce(r->x, t.xaddy, t.ysubx);
+	curve25519_add_reduce(r->y, t.xaddy, t.ysubx);
+	memset(r->z, 0, sizeof(bignum25519));
+	curve25519_copy(r->t, t.t2d);
+	r->z[0] = 2;	
+	for (i = 3; i < 64; i += 2) {
+		ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]);
+		ge25519_nielsadd2(r, &t);
+	}
+	ge25519_double_partial(r, r);
+	ge25519_double_partial(r, r);
+	ge25519_double_partial(r, r);
+	ge25519_double(r, r);
+	ge25519_scalarmult_base_choose_niels(&t, basepoint_table, 0, b[0]);
+	curve25519_mul(t.t2d, t.t2d, ge25519_ecd);
+	ge25519_nielsadd2(r, &t);
+	for(i = 2; i < 64; i += 2) {
+		ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]);
+		ge25519_nielsadd2(r, &t);
+	}
+}
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-impl-sse2.h b/src/ext/ed25519/donna/ed25519-donna-impl-sse2.h
new file mode 100644
index 0000000000..5fe3416381
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-impl-sse2.h
@@ -0,0 +1,390 @@
+/*
+	conversions
+*/
+
+static void
+ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) {
+	packed64bignum25519 ALIGN(16) xz, tt, xzout;
+	curve25519_mul(r->y, p->y, p->z);
+	curve25519_tangle64(xz, p->x, p->z);
+	curve25519_tangleone64(tt, p->t);
+	curve25519_mul_packed64(xzout, xz, tt);
+	curve25519_untangle64(r->x, r->z, xzout);
+}
+
+static void 
+ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) {
+	packed64bignum25519 ALIGN(16) zy, xt, xx, zz, ty;
+	curve25519_tangle64(ty, p->t, p->y);
+	curve25519_tangleone64(xx, p->x);
+	curve25519_mul_packed64(xt, xx, ty);
+	curve25519_untangle64(r->x, r->t, xt);
+	curve25519_tangleone64(zz, p->z);
+	curve25519_mul_packed64(zy, zz, ty);
+	curve25519_untangle64(r->z, r->y, zy);
+}
+
+static void
+ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) {
+	curve25519_sub(p->ysubx, r->y, r->x);
+	curve25519_add(p->xaddy, r->x, r->y);
+	curve25519_copy(p->z, r->z);
+	curve25519_mul(p->t2d, r->t, ge25519_ec2d);
+}
+
+/*
+	adding & doubling
+*/
+
+static void
+ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) {
+	bignum25519 ALIGN(16) a,b,c,d;
+	packed32bignum25519 ALIGN(16) xx, yy, yypxx, yymxx, bd, ac, bdmac, bdpac;
+	packed64bignum25519 ALIGN(16) at, bu, atbu, ptz, qtz, cd;
+
+	curve25519_tangle32(yy, p->y, q->y);
+	curve25519_tangle32(xx, p->x, q->x);
+	curve25519_add_packed32(yypxx, yy, xx);
+	curve25519_sub_packed32(yymxx, yy, xx);
+	curve25519_tangle64_from32(at, bu, yymxx, yypxx);
+	curve25519_mul_packed64(atbu, at, bu);
+	curve25519_untangle64(a, b, atbu);
+	curve25519_tangle64(ptz, p->t, p->z);
+	curve25519_tangle64(qtz, q->t, q->z);
+	curve25519_mul_packed64(cd, ptz, qtz);
+	curve25519_untangle64(c, d, cd);
+	curve25519_mul(c, c, ge25519_ec2d);
+	curve25519_add_reduce(d, d, d);
+	/* reduce, so no after_basic is needed later */
+	curve25519_tangle32(bd, b, d);
+	curve25519_tangle32(ac, a, c);
+	curve25519_sub_packed32(bdmac, bd, ac);
+	curve25519_add_packed32(bdpac, bd, ac);
+	curve25519_untangle32(r->x, r->t, bdmac);
+	curve25519_untangle32(r->y, r->z, bdpac);
+}
+
+
+static void
+ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) {
+	bignum25519 ALIGN(16) a,b,c,x;
+	packed64bignum25519 ALIGN(16) xy, zx, ab, cx;
+	packed32bignum25519 ALIGN(16) xc, yz, xt, yc, ac, bc;
+
+	curve25519_add(x, p->x, p->y);
+	curve25519_tangle64(xy, p->x, p->y);
+	curve25519_square_packed64(ab, xy);
+	curve25519_untangle64(a, b, ab);
+	curve25519_tangle64(zx, p->z, x);
+	curve25519_square_packed64(cx, zx);
+	curve25519_untangle64(c, x, cx);
+	curve25519_tangle32(bc, b, c);
+	curve25519_tangle32(ac, a, c);
+	curve25519_add_reduce_packed32(yc, bc, ac);
+	curve25519_untangle32(r->y, c, yc);
+	curve25519_sub(r->z, b, a);
+	curve25519_tangle32(yz, r->y, r->z);
+	curve25519_tangle32(xc, x, c);
+	curve25519_sub_after_basic_packed32(xt, xc, yz);
+	curve25519_untangle32(r->x, r->t, xt);
+}
+
+static void
+ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, unsigned char signbit) {
+	const bignum25519 *qb = (const bignum25519 *)q;
+	bignum25519 *rb = (bignum25519 *)r;
+	bignum25519 ALIGN(16) a,b,c;
+	packed64bignum25519 ALIGN(16) ab, yx, aybx;
+	packed32bignum25519 ALIGN(16) bd, ac, bdac;
+
+	curve25519_sub(a, p->y, p->x);
+	curve25519_add(b, p->y, p->x);
+	curve25519_tangle64(ab, a, b);
+	curve25519_tangle64(yx, qb[signbit], qb[signbit^1]);
+	curve25519_mul_packed64(aybx, ab, yx);
+	curve25519_untangle64(a, b, aybx);
+	curve25519_add(r->y, b, a);
+	curve25519_add_reduce(r->t, p->z, p->z);
+	curve25519_mul(c, p->t, q->t2d);
+	curve25519_copy(r->z, r->t);
+	curve25519_add(rb[2+signbit], rb[2+signbit], c);
+	curve25519_tangle32(bd, b, rb[2+(signbit^1)]);
+	curve25519_tangle32(ac, a, c);
+	curve25519_sub_packed32(bdac, bd, ac);
+	curve25519_untangle32(r->x, rb[2+(signbit^1)], bdac);
+}
+
+static void
+ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, unsigned char signbit) {
+	const bignum25519 *qb = (const bignum25519 *)q;
+	bignum25519 *rb = (bignum25519 *)r;
+	bignum25519 ALIGN(16) a,b,c;
+	packed64bignum25519 ALIGN(16) ab, yx, aybx, zt, zt2d, tc;
+	packed32bignum25519 ALIGN(16) bd, ac, bdac;
+
+	curve25519_sub(a, p->y, p->x);
+	curve25519_add(b, p->y, p->x);
+	curve25519_tangle64(ab, a, b);
+	curve25519_tangle64(yx, qb[signbit], qb[signbit^1]);
+	curve25519_mul_packed64(aybx, ab, yx);
+	curve25519_untangle64(a, b, aybx);
+	curve25519_add(r->y, b, a);
+	curve25519_tangle64(zt, p->z, p->t);
+	curve25519_tangle64(zt2d, q->z, q->t2d);
+	curve25519_mul_packed64(tc, zt, zt2d);
+	curve25519_untangle64(r->t, c, tc);
+	curve25519_add_reduce(r->t, r->t, r->t);
+	curve25519_copy(r->z, r->t);
+	curve25519_add(rb[2+signbit], rb[2+signbit], c);
+	curve25519_tangle32(bd, b, rb[2+(signbit^1)]);
+	curve25519_tangle32(ac, a, c);
+	curve25519_sub_packed32(bdac, bd, ac);
+	curve25519_untangle32(r->x, rb[2+(signbit^1)], bdac);
+}
+
+static void
+ge25519_double(ge25519 *r, const ge25519 *p) {
+	ge25519_p1p1 ALIGN(16) t;
+	ge25519_double_p1p1(&t, p);
+	ge25519_p1p1_to_full(r, &t);
+}
+
+static void
+ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q) {
+	ge25519_p1p1 ALIGN(16) t;
+	ge25519_add_p1p1(&t, p, q);
+	ge25519_p1p1_to_full(r, &t);
+}
+
+static void
+ge25519_double_partial(ge25519 *r, const ge25519 *p) {
+	ge25519_p1p1 ALIGN(16) t;
+	ge25519_double_p1p1(&t, p);
+	ge25519_p1p1_to_partial(r, &t);
+}
+
+static void
+ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) {
+	packed64bignum25519 ALIGN(16) ab, yx, aybx, eg, ff, hh, xz, ty;
+	packed32bignum25519 ALIGN(16) bd, ac, bdac;
+	bignum25519 ALIGN(16) a,b,c,d,e,f,g,h;
+
+	curve25519_sub(a, r->y, r->x);
+	curve25519_add(b, r->y, r->x);
+	curve25519_tangle64(ab, a, b);
+	curve25519_tangle64(yx, q->ysubx, q->xaddy);
+	curve25519_mul_packed64(aybx, ab, yx);
+	curve25519_untangle64(a, b, aybx);
+	curve25519_add(h, b, a);
+	curve25519_add_reduce(d, r->z, r->z);
+	curve25519_mul(c, r->t, q->t2d);
+	curve25519_add(g, d, c); /* d is reduced, so no need for after_basic */
+	curve25519_tangle32(bd, b, d);
+	curve25519_tangle32(ac, a, c);
+	curve25519_sub_packed32(bdac, bd, ac); /* d is reduced, so no need for after_basic */
+	curve25519_untangle32(e, f, bdac);
+	curve25519_tangle64(eg, e, g);
+	curve25519_tangleone64(ff, f);
+	curve25519_mul_packed64(xz, eg, ff);
+	curve25519_untangle64(r->x, r->z, xz);
+	curve25519_tangleone64(hh, h);
+	curve25519_mul_packed64(ty, eg, hh);
+	curve25519_untangle64(r->t, r->y, ty);
+}
+
+static void
+ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) {
+	ge25519_p1p1 ALIGN(16) t;
+	ge25519 ALIGN(16) f;
+	ge25519_pnielsadd_p1p1(&t, p, q, 0);
+	ge25519_p1p1_to_full(&f, &t);
+	ge25519_full_to_pniels(r, &f);
+}
+
+/*
+	pack & unpack
+*/
+
+static void
+ge25519_pack(unsigned char r[32], const ge25519 *p) {
+	bignum25519 ALIGN(16) tx, ty, zi;
+	unsigned char parity[32];
+	curve25519_recip(zi, p->z);
+	curve25519_mul(tx, p->x, zi);
+	curve25519_mul(ty, p->y, zi);
+	curve25519_contract(r, ty);
+	curve25519_contract(parity, tx);
+	r[31] ^= ((parity[0] & 1) << 7);
+}
+
+
+static int
+ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) {
+	static const bignum25519 ALIGN(16) one = {1};
+	static const unsigned char zero[32] = {0};
+	unsigned char parity = p[31] >> 7;
+	unsigned char check[32];
+	bignum25519 ALIGN(16) t, root, num, den, d3;
+
+	curve25519_expand(r->y, p);
+	curve25519_copy(r->z, one);
+	curve25519_square_times(num, r->y, 1); /* x = y^2 */
+	curve25519_mul(den, num, ge25519_ecd); /* den = dy^2 */
+	curve25519_sub_reduce(num,  num, r->z); /* x = y^2 - 1 */
+	curve25519_add(den, den, r->z); /* den = dy^2 + 1 */
+
+	/* Computation of sqrt(num/den) */
+	/* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */
+	curve25519_square_times(t, den, 1);
+	curve25519_mul(d3, t, den);
+	curve25519_square_times(r->x, d3, 1);
+	curve25519_mul(r->x, r->x, den);
+	curve25519_mul(r->x, r->x, num);
+	curve25519_pow_two252m3(r->x, r->x);
+
+	/* 2. computation of r->x = t * num * den^3 */
+	curve25519_mul(r->x, r->x, d3);
+	curve25519_mul(r->x, r->x, num);
+
+	/* 3. Check if either of the roots works: */
+	curve25519_square_times(t, r->x, 1);
+	curve25519_mul(t, t, den);
+	curve25519_copy(root, t);
+	curve25519_sub_reduce(root,  root, num);
+	curve25519_contract(check, root);
+	if (!ed25519_verify(check, zero, 32)) {
+		curve25519_add_reduce(t, t, num);
+		curve25519_contract(check, t);
+		if (!ed25519_verify(check, zero, 32))
+			return 0;
+		curve25519_mul(r->x, r->x, ge25519_sqrtneg1);
+	}
+
+	curve25519_contract(check, r->x);
+	if ((check[0] & 1) == parity) {
+		curve25519_copy(t, r->x);
+		curve25519_neg(r->x, t);
+	}
+	curve25519_mul(r->t, r->x, r->y);
+	return 1;
+}
+
+
+
+/*
+	scalarmults
+*/
+
+#define S1_SWINDOWSIZE 5
+#define S1_TABLE_SIZE (1<<(S1_SWINDOWSIZE-2))
+#define S2_SWINDOWSIZE 7
+#define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2))
+
+static void
+ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) {
+	signed char slide1[256], slide2[256];
+	ge25519_pniels ALIGN(16) pre1[S1_TABLE_SIZE];
+	ge25519 ALIGN(16) d1;
+	ge25519_p1p1 ALIGN(16) t;
+	int32_t i;
+
+	contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE);
+	contract256_slidingwindow_modm(slide2, s2, S2_SWINDOWSIZE);
+
+	ge25519_double(&d1, p1);
+	ge25519_full_to_pniels(pre1, p1);
+	for (i = 0; i < S1_TABLE_SIZE - 1; i++)
+		ge25519_pnielsadd(&pre1[i+1], &d1, &pre1[i]);
+
+	/* set neutral */
+	memset(r, 0, sizeof(ge25519));
+	r->y[0] = 1;
+	r->z[0] = 1;
+
+	i = 255;
+	while ((i >= 0) && !(slide1[i] | slide2[i]))
+		i--;
+
+	for (; i >= 0; i--) {
+		ge25519_double_p1p1(&t, r);
+
+		if (slide1[i]) {
+			ge25519_p1p1_to_full(r, &t);
+			ge25519_pnielsadd_p1p1(&t, r, &pre1[abs(slide1[i]) / 2], (unsigned char)slide1[i] >> 7);
+		}
+
+		if (slide2[i]) {
+			ge25519_p1p1_to_full(r, &t);
+			ge25519_nielsadd2_p1p1(&t, r, &ge25519_niels_sliding_multiples[abs(slide2[i]) / 2], (unsigned char)slide2[i] >> 7);
+		}
+
+		ge25519_p1p1_to_partial(r, &t);
+	}
+}
+
+#if !defined(HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS)
+
+static uint32_t
+ge25519_windowb_equal(uint32_t b, uint32_t c) {
+	return ((b ^ c) - 1) >> 31;
+}
+
+static void
+ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], uint32_t pos, signed char b) {
+	bignum25519 ALIGN(16) neg;
+	uint32_t sign = (uint32_t)((unsigned char)b >> 7);
+	uint32_t mask = ~(sign - 1);
+	uint32_t u = (b + mask) ^ mask;
+	uint32_t i;
+
+	/* ysubx, xaddy, t2d in packed form. initialize to ysubx = 1, xaddy = 1, t2d = 0 */
+	uint8_t ALIGN(16) packed[96] = {0};
+	packed[0] = 1;
+	packed[32] = 1;
+
+	for (i = 0; i < 8; i++)
+		curve25519_move_conditional_bytes(packed, table[(pos * 8) + i], ge25519_windowb_equal(u, i + 1));
+
+	/* expand in to t */
+	curve25519_expand(t->ysubx, packed +  0);
+	curve25519_expand(t->xaddy, packed + 32);
+	curve25519_expand(t->t2d  , packed + 64);
+
+	/* adjust for sign */
+	curve25519_swap_conditional(t->ysubx, t->xaddy, sign);
+	curve25519_neg(neg, t->t2d);
+	curve25519_swap_conditional(t->t2d, neg, sign);
+}
+
+#endif /* HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS */
+
+static void
+ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t table[256][96], const bignum256modm s) {
+	signed char b[64];
+	uint32_t i;
+	ge25519_niels ALIGN(16) t;
+
+	contract256_window4_modm(b, s);
+
+	ge25519_scalarmult_base_choose_niels(&t, table, 0, b[1]);
+	curve25519_sub_reduce(r->x, t.xaddy, t.ysubx);
+	curve25519_add_reduce(r->y, t.xaddy, t.ysubx);
+	memset(r->z, 0, sizeof(bignum25519)); 
+	r->z[0] = 2;
+	curve25519_copy(r->t, t.t2d);
+	for (i = 3; i < 64; i += 2) {
+		ge25519_scalarmult_base_choose_niels(&t, table, i / 2, b[i]);
+		ge25519_nielsadd2(r, &t);
+	}
+	ge25519_double_partial(r, r);
+	ge25519_double_partial(r, r);
+	ge25519_double_partial(r, r);
+	ge25519_double(r, r);
+	ge25519_scalarmult_base_choose_niels(&t, table, 0, b[0]);
+	curve25519_mul(t.t2d, t.t2d, ge25519_ecd);
+	ge25519_nielsadd2(r, &t);
+	for(i = 2; i < 64; i += 2) {
+		ge25519_scalarmult_base_choose_niels(&t, table, i / 2, b[i]);
+		ge25519_nielsadd2(r, &t);
+	}
+}
diff --git a/src/ext/ed25519/donna/ed25519-donna-portable-identify.h b/src/ext/ed25519/donna/ed25519-donna-portable-identify.h
new file mode 100644
index 0000000000..26a264cf9e
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-portable-identify.h
@@ -0,0 +1,103 @@
+/* os */
+#if defined(_WIN32)	|| defined(_WIN64) || defined(__TOS_WIN__) || defined(__WINDOWS__)
+	#define OS_WINDOWS
+#elif defined(sun) || defined(__sun) || defined(__SVR4) || defined(__svr4__)
+	#define OS_SOLARIS
+#else
+	#include <sys/param.h> /* need this to define BSD */
+	#define OS_NIX
+	#if defined(__linux__)
+		#define OS_LINUX
+	#elif defined(BSD)
+		#define OS_BSD
+		#if defined(MACOS_X) || (defined(__APPLE__) & defined(__MACH__))
+			#define OS_OSX
+		#elif defined(macintosh) || defined(Macintosh)
+			#define OS_MAC
+		#elif defined(__OpenBSD__)
+			#define OS_OPENBSD
+		#endif
+	#endif
+#endif
+
+
+/* compiler */
+#if defined(_MSC_VER)
+	#define COMPILER_MSVC
+#endif
+#if defined(__ICC)
+	#define COMPILER_INTEL
+#endif
+#if defined(__GNUC__)
+	#if (__GNUC__ >= 3)
+		#define COMPILER_GCC ((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + (__GNUC_PATCHLEVEL__))
+	#else
+		#define COMPILER_GCC ((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100)                        )
+	#endif
+#endif
+#if defined(__PATHCC__)
+	#define COMPILER_PATHCC
+#endif
+#if defined(__clang__)
+	#define COMPILER_CLANG ((__clang_major__ * 10000) + (__clang_minor__ * 100) + (__clang_patchlevel__))
+#endif
+
+
+
+/* cpu */
+#if defined(__amd64__) || defined(__amd64) || defined(__x86_64__ ) || defined(_M_X64)
+	#define CPU_X86_64
+#elif defined(__i586__) || defined(__i686__) || (defined(_M_IX86) && (_M_IX86 >= 500))
+	#define CPU_X86 500
+#elif defined(__i486__) || (defined(_M_IX86) && (_M_IX86 >= 400))
+	#define CPU_X86 400
+#elif defined(__i386__) || (defined(_M_IX86) && (_M_IX86 >= 300)) || defined(__X86__) || defined(_X86_) || defined(__I86__)
+	#define CPU_X86 300
+#elif defined(__ia64__) || defined(_IA64) || defined(__IA64__) || defined(_M_IA64) || defined(__ia64)
+	#define CPU_IA64
+#endif
+
+#if defined(__sparc__) || defined(__sparc) || defined(__sparcv9)
+	#define CPU_SPARC
+	#if defined(__sparcv9)
+		#define CPU_SPARC64
+	#endif
+#endif
+
+#if defined(powerpc) || defined(__PPC__) || defined(__ppc__) || defined(_ARCH_PPC) || defined(__powerpc__) || defined(__powerpc) || defined(POWERPC) || defined(_M_PPC)
+	#define CPU_PPC
+	#if defined(_ARCH_PWR7)
+		#define CPU_POWER7
+	#elif defined(__64BIT__)
+		#define CPU_PPC64
+	#else
+		#define CPU_PPC32
+	#endif
+#endif
+
+#if defined(__hppa__) || defined(__hppa)
+	#define CPU_HPPA
+#endif
+
+#if defined(__alpha__) || defined(__alpha) || defined(_M_ALPHA)
+	#define CPU_ALPHA
+#endif
+
+/* 64 bit cpu */
+#if defined(CPU_X86_64) || defined(CPU_IA64) || defined(CPU_SPARC64) || defined(__64BIT__) || defined(__LP64__) || defined(_LP64) || (defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64))
+	#define CPU_64BITS
+#endif
+
+#if defined(COMPILER_MSVC)
+	typedef signed char int8_t;
+	typedef unsigned char uint8_t;
+	typedef signed short int16_t;
+	typedef unsigned short uint16_t;
+	typedef signed int int32_t;
+	typedef unsigned int uint32_t;
+	typedef signed __int64 int64_t;
+	typedef unsigned __int64 uint64_t;
+#else
+	#include <stdint.h>
+#endif
+
diff --git a/src/ext/ed25519/donna/ed25519-donna-portable.h b/src/ext/ed25519/donna/ed25519-donna-portable.h
new file mode 100644
index 0000000000..75a53a570f
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna-portable.h
@@ -0,0 +1,174 @@
+#include "ed25519-donna-portable-identify.h"
+
+#define mul32x32_64(a,b) (((uint64_t)(a))*(b))
+
+/* platform */
+#if defined(COMPILER_MSVC)
+	#include <intrin.h>
+	#if !defined(_DEBUG)
+		#undef mul32x32_64		
+		#define mul32x32_64(a,b) __emulu(a,b)
+	#endif
+	#undef inline
+	#define inline __forceinline
+	#define DONNA_INLINE __forceinline
+	#define DONNA_NOINLINE __declspec(noinline)
+	#define ALIGN(x) __declspec(align(x))
+	#define ROTL32(a,b) _rotl(a,b)
+	#define ROTR32(a,b) _rotr(a,b)
+#else
+	#include <sys/param.h>
+	#define DONNA_INLINE inline __attribute__((always_inline))
+	#define DONNA_NOINLINE __attribute__((noinline))
+	/* Tor: OSX pollutes the global namespace with an ALIGN macro. */
+	#undef ALIGN
+	#define ALIGN(x) __attribute__((aligned(x)))
+	#define ROTL32(a,b) (((a) << (b)) | ((a) >> (32 - b)))
+	#define ROTR32(a,b) (((a) >> (b)) | ((a) << (32 - b)))
+#endif
+
+/* uint128_t */
+#if defined(CPU_64BITS) && !defined(ED25519_FORCE_32BIT)
+	#if defined(COMPILER_CLANG) && (COMPILER_CLANG >= 30100)
+		#define HAVE_NATIVE_UINT128
+		typedef unsigned __int128 uint128_t;
+	#elif defined(COMPILER_MSVC)
+		#define HAVE_UINT128
+		typedef struct uint128_t {
+			uint64_t lo, hi;
+		} uint128_t;
+		#define mul64x64_128(out,a,b) out.lo = _umul128(a,b,&out.hi);
+		#define shr128_pair(out,hi,lo,shift) out = __shiftright128(lo, hi, shift);
+		#define shl128_pair(out,hi,lo,shift) out = __shiftleft128(lo, hi, shift);
+		#define shr128(out,in,shift) shr128_pair(out, in.hi, in.lo, shift)
+		#define shl128(out,in,shift) shl128_pair(out, in.hi, in.lo, shift)
+		#define add128(a,b) { uint64_t p = a.lo; a.lo += b.lo; a.hi += b.hi + (a.lo < p); }
+		#define add128_64(a,b) { uint64_t p = a.lo; a.lo += b; a.hi += (a.lo < p); }
+		#define lo128(a) (a.lo)
+		#define hi128(a) (a.hi)
+	#elif defined(COMPILER_GCC) && !defined(HAVE_NATIVE_UINT128)
+		#if defined(__SIZEOF_INT128__)
+			#define HAVE_NATIVE_UINT128
+			typedef unsigned __int128 uint128_t;
+		#elif (COMPILER_GCC >= 40400)
+			#define HAVE_NATIVE_UINT128
+			typedef unsigned uint128_t __attribute__((mode(TI)));
+		#elif defined(CPU_X86_64)
+			#define HAVE_UINT128
+			typedef struct uint128_t {
+				uint64_t lo, hi;
+			} uint128_t;
+			#define mul64x64_128(out,a,b) __asm__ ("mulq %3" : "=a" (out.lo), "=d" (out.hi) : "a" (a), "rm" (b));
+			#define shr128_pair(out,hi,lo,shift) __asm__ ("shrdq %2,%1,%0" : "+r" (lo) : "r" (hi), "J" (shift)); out = lo;
+			#define shl128_pair(out,hi,lo,shift) __asm__ ("shldq %2,%1,%0" : "+r" (hi) : "r" (lo), "J" (shift)); out = hi;
+			#define shr128(out,in,shift) shr128_pair(out,in.hi, in.lo, shift)
+			#define shl128(out,in,shift) shl128_pair(out,in.hi, in.lo, shift)
+			#define add128(a,b) __asm__ ("addq %4,%2; adcq %5,%3" : "=r" (a.hi), "=r" (a.lo) : "1" (a.lo), "0" (a.hi), "rm" (b.lo), "rm" (b.hi) : "cc");
+			#define add128_64(a,b) __asm__ ("addq %4,%2; adcq $0,%3" : "=r" (a.hi), "=r" (a.lo) : "1" (a.lo), "0" (a.hi), "rm" (b) : "cc");
+			#define lo128(a) (a.lo)
+			#define hi128(a) (a.hi)
+		#endif
+	#endif
+
+	#if defined(HAVE_NATIVE_UINT128)
+		#define HAVE_UINT128
+		#define mul64x64_128(out,a,b) out = (uint128_t)a * b;
+		#define shr128_pair(out,hi,lo,shift) out = (uint64_t)((((uint128_t)hi << 64) | lo) >> (shift));
+		#define shl128_pair(out,hi,lo,shift) out = (uint64_t)(((((uint128_t)hi << 64) | lo) << (shift)) >> 64);
+		#define shr128(out,in,shift) out = (uint64_t)(in >> (shift));
+		#define shl128(out,in,shift) out = (uint64_t)((in << shift) >> 64);
+		#define add128(a,b) a += b;
+		#define add128_64(a,b) a += (uint64_t)b;
+		#define lo128(a) ((uint64_t)a)
+		#define hi128(a) ((uint64_t)(a >> 64))
+	#endif
+
+	#if !defined(HAVE_UINT128)
+		#error Need a uint128_t implementation!
+	#endif
+#endif
+
+/* endian */
+#if !defined(ED25519_OPENSSLRNG)
+static inline void U32TO8_LE(unsigned char *p, const uint32_t v) {
+	p[0] = (unsigned char)(v      );
+	p[1] = (unsigned char)(v >>  8);
+	p[2] = (unsigned char)(v >> 16);
+	p[3] = (unsigned char)(v >> 24);
+}
+#endif
+
+#if !defined(HAVE_UINT128)
+static inline uint32_t U8TO32_LE(const unsigned char *p) {
+	return
+	(((uint32_t)(p[0])      ) | 
+	 ((uint32_t)(p[1]) <<  8) |
+	 ((uint32_t)(p[2]) << 16) |
+	 ((uint32_t)(p[3]) << 24));
+}
+#else
+static inline uint64_t U8TO64_LE(const unsigned char *p) {
+	return
+	(((uint64_t)(p[0])      ) |
+	 ((uint64_t)(p[1]) <<  8) |
+	 ((uint64_t)(p[2]) << 16) |
+	 ((uint64_t)(p[3]) << 24) |
+	 ((uint64_t)(p[4]) << 32) |
+	 ((uint64_t)(p[5]) << 40) |
+	 ((uint64_t)(p[6]) << 48) |
+	 ((uint64_t)(p[7]) << 56));
+}
+
+static inline void U64TO8_LE(unsigned char *p, const uint64_t v) {
+	p[0] = (unsigned char)(v      );
+	p[1] = (unsigned char)(v >>  8);
+	p[2] = (unsigned char)(v >> 16);
+	p[3] = (unsigned char)(v >> 24);
+	p[4] = (unsigned char)(v >> 32);
+	p[5] = (unsigned char)(v >> 40);
+	p[6] = (unsigned char)(v >> 48);
+	p[7] = (unsigned char)(v >> 56);
+}
+#endif
+
+/* Tor: Detect and disable inline assembly when clang's AddressSanitizer
+ * is present, due to compilation failing because it runs out of registers.
+ *
+ * The alternative is to annotate `ge25519_scalarmult_base_choose_niels`
+ * and selectively disable AddressSanitizer insturmentation, however doing
+ * things this way results in a "more sanitized" binary.
+ */
+#if defined(__has_feature)
+	#if __has_feature(address_sanitizer)
+		#define ED25519_NO_INLINE_ASM
+	#endif
+#endif
+
+/* Tor: Force enable SSE2 on 32 bit x86 systems if the compile target
+ * architecture supports it.  This is not done on x86-64 as the non-SSE2
+ * code benchmarks better, at least on Haswell.
+ */
+#if defined(__SSE2__) && !defined(CPU_X86_64)
+	/* undef in case it's manually specified... */
+	#undef ED25519_SSE2
+	#define ED25519_SSE2
+#endif
+
+/* Tor: GCC's Stack Protector freaks out and produces variable length
+ * buffer warnings when alignment is requested that is greater than
+ * STACK_BOUNDARY (x86 has special code to deal with this for SSE2).
+ *
+ * Since the only reason things are 16 byte aligned in the first place
+ * is for SSE2, only request variable alignment for SSE2 builds.
+ *
+ * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=59674
+ */
+#if !defined(ED25519_SSE2)
+	#undef ALIGN
+	#define ALIGN(x)
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+
diff --git a/src/ext/ed25519/donna/ed25519-donna.h b/src/ext/ed25519/donna/ed25519-donna.h
new file mode 100644
index 0000000000..64561d3288
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-donna.h
@@ -0,0 +1,116 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+	Modified from the amd64-51-30k implementation by
+		Daniel J. Bernstein
+		Niels Duif
+		Tanja Lange
+		Peter Schwabe
+		Bo-Yin Yang
+*/
+
+
+#include "ed25519-donna-portable.h"
+
+#if defined(ED25519_SSE2)
+#else
+	#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT)
+		#define ED25519_64BIT
+	#else
+		#define ED25519_32BIT
+	#endif
+#endif
+
+#if !defined(ED25519_NO_INLINE_ASM)
+	/* detect extra features first so un-needed functions can be disabled throughout */
+	#if defined(ED25519_SSE2)
+		#if defined(COMPILER_GCC) && defined(CPU_X86)
+			#define ED25519_GCC_32BIT_SSE_CHOOSE
+		#elif defined(COMPILER_GCC) && defined(CPU_X86_64)
+			#define ED25519_GCC_64BIT_SSE_CHOOSE
+		#endif
+	#else
+		#if defined(CPU_X86_64)
+			#if defined(COMPILER_GCC) 
+				#if defined(ED25519_64BIT)
+					#define ED25519_GCC_64BIT_X86_CHOOSE
+				#else
+					#define ED25519_GCC_64BIT_32BIT_CHOOSE
+				#endif
+			#endif
+		#endif
+	#endif
+#endif
+
+#if defined(ED25519_SSE2)
+	#include "curve25519-donna-sse2.h"
+#elif defined(ED25519_64BIT)
+	#include "curve25519-donna-64bit.h"
+#else
+	#include "curve25519-donna-32bit.h"
+#endif
+
+#include "curve25519-donna-helpers.h"
+
+/* separate uint128 check for 64 bit sse2 */
+#if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT)
+	#include "modm-donna-64bit.h"
+#else
+	#include "modm-donna-32bit.h"
+#endif
+
+typedef unsigned char hash_512bits[64];
+
+/*
+	Timing safe memory compare
+*/
+static int
+ed25519_verify(const unsigned char *x, const unsigned char *y, size_t len) {
+	size_t differentbits = 0;
+	while (len--)
+		differentbits |= (*x++ ^ *y++);
+        /*coverity[overflow]*/
+	return (int) (1 & ((differentbits - 1) >> 8));
+}
+
+
+/*
+ * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2
+ * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
+ * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960);
+ */
+
+typedef struct ge25519_t {
+	bignum25519 x, y, z, t;
+} ge25519;
+
+typedef struct ge25519_p1p1_t {
+	bignum25519 x, y, z, t;
+} ge25519_p1p1;
+
+typedef struct ge25519_niels_t {
+	bignum25519 ysubx, xaddy, t2d;
+} ge25519_niels;
+
+typedef struct ge25519_pniels_t {
+	bignum25519 ysubx, xaddy, z, t2d;
+} ge25519_pniels;
+
+#include "ed25519-donna-basepoint-table.h"
+
+#if defined(ED25519_64BIT)
+	#include "ed25519-donna-64bit-tables.h"
+	#include "ed25519-donna-64bit-x86.h"
+#else
+	#include "ed25519-donna-32bit-tables.h"
+	#include "ed25519-donna-64bit-x86-32bit.h"
+#endif
+
+
+#if defined(ED25519_SSE2)
+	#include "ed25519-donna-32bit-sse2.h"
+	#include "ed25519-donna-64bit-sse2.h"
+	#include "ed25519-donna-impl-sse2.h"
+#else
+	#include "ed25519-donna-impl-base.h"
+#endif
+
diff --git a/src/ext/ed25519/donna/ed25519-hash-custom.h b/src/ext/ed25519/donna/ed25519-hash-custom.h
new file mode 100644
index 0000000000..7dc249129d
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-hash-custom.h
@@ -0,0 +1,11 @@
+/*
+	a custom hash must have a 512bit digest and implement:
+
+	struct ed25519_hash_context;
+
+	void ed25519_hash_init(ed25519_hash_context *ctx);
+	void ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen);
+	void ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash);
+	void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);
+*/
+
diff --git a/src/ext/ed25519/donna/ed25519-hash.h b/src/ext/ed25519/donna/ed25519-hash.h
new file mode 100644
index 0000000000..6ba8f52383
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-hash.h
@@ -0,0 +1,219 @@
+#if defined(ED25519_REFHASH)
+
+/* reference/slow SHA-512. really, do not use this */
+
+#define HASH_BLOCK_SIZE 128
+#define HASH_DIGEST_SIZE 64
+
+typedef struct sha512_state_t {
+	uint64_t H[8];
+	uint64_t T[2];
+	uint32_t leftover;
+	uint8_t buffer[HASH_BLOCK_SIZE];
+} sha512_state;
+
+typedef sha512_state ed25519_hash_context;
+
+static const uint64_t sha512_constants[80] = {
+	0x428a2f98d728ae22ull, 0x7137449123ef65cdull, 0xb5c0fbcfec4d3b2full, 0xe9b5dba58189dbbcull,
+	0x3956c25bf348b538ull, 0x59f111f1b605d019ull, 0x923f82a4af194f9bull, 0xab1c5ed5da6d8118ull,
+	0xd807aa98a3030242ull, 0x12835b0145706fbeull, 0x243185be4ee4b28cull, 0x550c7dc3d5ffb4e2ull,
+	0x72be5d74f27b896full, 0x80deb1fe3b1696b1ull, 0x9bdc06a725c71235ull, 0xc19bf174cf692694ull,
+	0xe49b69c19ef14ad2ull, 0xefbe4786384f25e3ull, 0x0fc19dc68b8cd5b5ull, 0x240ca1cc77ac9c65ull,
+	0x2de92c6f592b0275ull, 0x4a7484aa6ea6e483ull, 0x5cb0a9dcbd41fbd4ull, 0x76f988da831153b5ull,
+	0x983e5152ee66dfabull, 0xa831c66d2db43210ull, 0xb00327c898fb213full, 0xbf597fc7beef0ee4ull,
+	0xc6e00bf33da88fc2ull, 0xd5a79147930aa725ull, 0x06ca6351e003826full, 0x142929670a0e6e70ull,
+	0x27b70a8546d22ffcull, 0x2e1b21385c26c926ull, 0x4d2c6dfc5ac42aedull, 0x53380d139d95b3dfull,
+	0x650a73548baf63deull, 0x766a0abb3c77b2a8ull, 0x81c2c92e47edaee6ull, 0x92722c851482353bull,
+	0xa2bfe8a14cf10364ull, 0xa81a664bbc423001ull, 0xc24b8b70d0f89791ull, 0xc76c51a30654be30ull,
+	0xd192e819d6ef5218ull, 0xd69906245565a910ull, 0xf40e35855771202aull, 0x106aa07032bbd1b8ull,
+	0x19a4c116b8d2d0c8ull, 0x1e376c085141ab53ull, 0x2748774cdf8eeb99ull, 0x34b0bcb5e19b48a8ull,
+	0x391c0cb3c5c95a63ull, 0x4ed8aa4ae3418acbull, 0x5b9cca4f7763e373ull, 0x682e6ff3d6b2b8a3ull,
+	0x748f82ee5defb2fcull, 0x78a5636f43172f60ull, 0x84c87814a1f0ab72ull, 0x8cc702081a6439ecull,
+	0x90befffa23631e28ull, 0xa4506cebde82bde9ull, 0xbef9a3f7b2c67915ull, 0xc67178f2e372532bull,
+	0xca273eceea26619cull, 0xd186b8c721c0c207ull, 0xeada7dd6cde0eb1eull, 0xf57d4f7fee6ed178ull,
+	0x06f067aa72176fbaull, 0x0a637dc5a2c898a6ull, 0x113f9804bef90daeull, 0x1b710b35131c471bull,
+	0x28db77f523047d84ull, 0x32caab7b40c72493ull, 0x3c9ebe0a15c9bebcull, 0x431d67c49c100d4cull,
+	0x4cc5d4becb3e42b6ull, 0x597f299cfc657e2aull, 0x5fcb6fab3ad6faecull, 0x6c44198c4a475817ull
+};
+
+static uint64_t
+sha512_ROTR64(uint64_t x, int k) {
+	return (x >> k) | (x << (64 - k));
+}
+
+static uint64_t
+sha512_LOAD64_BE(const uint8_t *p) {
+	return 
+		((uint64_t)p[0] << 56) |
+		((uint64_t)p[1] << 48) |
+		((uint64_t)p[2] << 40) |
+		((uint64_t)p[3] << 32) |
+		((uint64_t)p[4] << 24) |
+		((uint64_t)p[5] << 16) |
+		((uint64_t)p[6] <<  8) |
+		((uint64_t)p[7]      );
+}
+
+static void
+sha512_STORE64_BE(uint8_t *p, uint64_t v) {
+	p[0] = (uint8_t)(v >> 56);
+	p[1] = (uint8_t)(v >> 48);
+	p[2] = (uint8_t)(v >> 40);
+	p[3] = (uint8_t)(v >> 32);
+	p[4] = (uint8_t)(v >> 24);
+	p[5] = (uint8_t)(v >> 16);
+	p[6] = (uint8_t)(v >>  8);
+	p[7] = (uint8_t)(v      );
+}
+
+#define Ch(x,y,z)  (z ^ (x & (y ^ z)))
+#define Maj(x,y,z) (((x | y) & z) | (x & y))
+#define S0(x)      (sha512_ROTR64(x, 28) ^ sha512_ROTR64(x, 34) ^ sha512_ROTR64(x, 39))
+#define S1(x)      (sha512_ROTR64(x, 14) ^ sha512_ROTR64(x, 18) ^ sha512_ROTR64(x, 41))
+#define G0(x)      (sha512_ROTR64(x,  1) ^ sha512_ROTR64(x,  8) ^ (x >>  7))
+#define G1(x)      (sha512_ROTR64(x, 19) ^ sha512_ROTR64(x, 61) ^ (x >>  6))
+#define W0(in,i)   (sha512_LOAD64_BE(&in[i * 8]))
+#define W1(i)      (G1(w[i - 2]) + w[i - 7] + G0(w[i - 15]) + w[i - 16])
+#define STEP(i) \
+	t1 = S0(r[0]) + Maj(r[0], r[1], r[2]); \
+	t0 = r[7] + S1(r[4]) + Ch(r[4], r[5], r[6]) + sha512_constants[i] + w[i]; \
+	r[7] = r[6]; \
+	r[6] = r[5]; \
+	r[5] = r[4]; \
+	r[4] = r[3] + t0; \
+	r[3] = r[2]; \
+	r[2] = r[1]; \
+	r[1] = r[0]; \
+	r[0] = t0 + t1;
+
+static void
+sha512_blocks(sha512_state *S, const uint8_t *in, size_t blocks) {
+	uint64_t r[8], w[80], t0, t1;
+	size_t i;
+
+	for (i = 0; i < 8; i++) r[i] = S->H[i];
+
+	while (blocks--) {
+		for (i =  0; i < 16; i++) { w[i] = W0(in, i); }
+		for (i = 16; i < 80; i++) { w[i] = W1(i); }
+		for (i =  0; i < 80; i++) { STEP(i); }
+		for (i =  0; i <  8; i++) { r[i] += S->H[i]; S->H[i] = r[i]; }
+		S->T[0] += HASH_BLOCK_SIZE * 8;
+		S->T[1] += (!S->T[0]) ? 1 : 0;
+		in += HASH_BLOCK_SIZE;
+	}
+}
+
+static void
+ed25519_hash_init(sha512_state *S) {
+	S->H[0] = 0x6a09e667f3bcc908ull;
+	S->H[1] = 0xbb67ae8584caa73bull;
+	S->H[2] = 0x3c6ef372fe94f82bull;
+	S->H[3] = 0xa54ff53a5f1d36f1ull;
+	S->H[4] = 0x510e527fade682d1ull;
+	S->H[5] = 0x9b05688c2b3e6c1full;
+	S->H[6] = 0x1f83d9abfb41bd6bull;
+	S->H[7] = 0x5be0cd19137e2179ull;
+	S->T[0] = 0;
+	S->T[1] = 0;
+	S->leftover = 0;
+}
+
+static void
+ed25519_hash_update(sha512_state *S, const uint8_t *in, size_t inlen) {
+	size_t blocks, want;
+
+	/* handle the previous data */
+	if (S->leftover) {
+		want = (HASH_BLOCK_SIZE - S->leftover);
+		want = (want < inlen) ? want : inlen;
+		memcpy(S->buffer + S->leftover, in, want);
+		S->leftover += (uint32_t)want;
+		if (S->leftover < HASH_BLOCK_SIZE)
+			return;
+		in += want;
+		inlen -= want;
+		sha512_blocks(S, S->buffer, 1);
+	}
+
+	/* handle the current data */
+	blocks = (inlen & ~(HASH_BLOCK_SIZE - 1));
+	S->leftover = (uint32_t)(inlen - blocks);
+	if (blocks) {
+		sha512_blocks(S, in, blocks / HASH_BLOCK_SIZE);
+		in += blocks;
+	}
+
+	/* handle leftover data */
+	if (S->leftover)
+		memcpy(S->buffer, in, S->leftover);
+}
+
+static void
+ed25519_hash_final(sha512_state *S, uint8_t *hash) {
+	uint64_t t0 = S->T[0] + (S->leftover * 8), t1 = S->T[1];
+
+	S->buffer[S->leftover] = 0x80;
+	if (S->leftover <= 111) {
+		memset(S->buffer + S->leftover + 1, 0, 111 - S->leftover);
+	} else {
+		memset(S->buffer + S->leftover + 1, 0, 127 - S->leftover);
+		sha512_blocks(S, S->buffer, 1);
+		memset(S->buffer, 0, 112);
+	}
+
+	sha512_STORE64_BE(S->buffer + 112, t1);
+	sha512_STORE64_BE(S->buffer + 120, t0);
+	sha512_blocks(S, S->buffer, 1);
+
+	sha512_STORE64_BE(&hash[ 0], S->H[0]);
+	sha512_STORE64_BE(&hash[ 8], S->H[1]);
+	sha512_STORE64_BE(&hash[16], S->H[2]);
+	sha512_STORE64_BE(&hash[24], S->H[3]);
+	sha512_STORE64_BE(&hash[32], S->H[4]);
+	sha512_STORE64_BE(&hash[40], S->H[5]);
+	sha512_STORE64_BE(&hash[48], S->H[6]);
+	sha512_STORE64_BE(&hash[56], S->H[7]);
+}
+
+static void
+ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen) {
+	ed25519_hash_context ctx;
+	ed25519_hash_init(&ctx);
+	ed25519_hash_update(&ctx, in, inlen);
+	ed25519_hash_final(&ctx, hash);
+}
+
+#elif defined(ED25519_CUSTOMHASH)
+
+#include "ed25519-hash-custom.h"
+
+#else
+
+#include <openssl/sha.h>
+
+typedef SHA512_CTX ed25519_hash_context;
+
+static void
+ed25519_hash_init(ed25519_hash_context *ctx) {
+	SHA512_Init(ctx);
+}
+
+static void
+ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen) {
+	SHA512_Update(ctx, in, inlen);
+}
+
+static void
+ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash) {
+	SHA512_Final(hash, ctx);
+}
+
+static void
+ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen) {
+	SHA512(in, inlen, hash);
+}
+
+#endif
+
diff --git a/src/ext/ed25519/donna/ed25519-randombytes-custom.h b/src/ext/ed25519/donna/ed25519-randombytes-custom.h
new file mode 100644
index 0000000000..3fb0959fc4
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-randombytes-custom.h
@@ -0,0 +1,17 @@
+/*
+	a custom randombytes must implement:
+
+	void ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len);
+
+	ed25519_randombytes_unsafe is used by the batch verification function
+	to create random scalars
+*/
+
+/* Tor: Instead of calling OpenSSL's CSPRNG directly, call the wrapper. */
+#include "crypto.h"
+
+static void
+ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len)
+{
+  crypto_rand_unmocked(p, len);
+}
diff --git a/src/ext/ed25519/donna/ed25519-randombytes.h b/src/ext/ed25519/donna/ed25519-randombytes.h
new file mode 100644
index 0000000000..1dc629028e
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519-randombytes.h
@@ -0,0 +1,91 @@
+#if defined(ED25519_TEST)
+/*
+	ISAAC+ "variant", the paper is not clear on operator precedence and other
+	things. This is the "first in, first out" option!
+
+	Not threadsafe or securely initialized, only for deterministic testing
+*/
+typedef struct isaacp_state_t {
+	uint32_t state[256];
+	unsigned char buffer[1024];
+	uint32_t a, b, c;
+	size_t left;
+} isaacp_state;
+
+#define isaacp_step(offset, mix) \
+	x = mm[i + offset]; \
+	a = (a ^ (mix)) + (mm[(i + offset + 128) & 0xff]); \
+	y = (a ^ b) + mm[(x >> 2) & 0xff]; \
+	mm[i + offset] = y; \
+	b = (x + a) ^ mm[(y >> 10) & 0xff]; \
+	U32TO8_LE(out + (i + offset) * 4, b);
+
+static void
+isaacp_mix(isaacp_state *st) {
+	uint32_t i, x, y;
+	uint32_t a = st->a, b = st->b, c = st->c;
+	uint32_t *mm = st->state;
+	unsigned char *out = st->buffer;
+
+	c = c + 1;
+	b = b + c;
+
+	for (i = 0; i < 256; i += 4) {
+		isaacp_step(0, ROTL32(a,13))
+		isaacp_step(1, ROTR32(a, 6))
+		isaacp_step(2, ROTL32(a, 2))
+		isaacp_step(3, ROTR32(a,16))
+	}
+
+	st->a = a;
+	st->b = b;
+	st->c = c;
+	st->left = 1024;
+}
+
+static void
+isaacp_random(isaacp_state *st, void *p, size_t len) {
+	size_t use;
+	unsigned char *c = (unsigned char *)p;
+	while (len) {
+		use = (len > st->left) ? st->left : len;
+		memcpy(c, st->buffer + (sizeof(st->buffer) - st->left), use);
+
+		st->left -= use;
+		c += use;
+		len -= use;
+
+		if (!st->left)
+			isaacp_mix(st);
+	}
+}
+
+void
+ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) {
+	static int initialized = 0;
+	static isaacp_state rng;
+
+	if (!initialized) {
+		memset(&rng, 0, sizeof(rng));
+		isaacp_mix(&rng);
+		isaacp_mix(&rng);
+		initialized = 1;
+	}
+
+	isaacp_random(&rng, p, len);
+}
+#elif defined(ED25519_CUSTOMRANDOM)
+
+#include "ed25519-randombytes-custom.h"
+
+#else
+
+#include <openssl/rand.h>
+
+void
+ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) {
+
+  RAND_bytes(p, (int) len);
+
+}
+#endif
diff --git a/src/ext/ed25519/donna/ed25519.c b/src/ext/ed25519/donna/ed25519.c
new file mode 100644
index 0000000000..58a755b8d3
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519.c
@@ -0,0 +1,150 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+
+	Ed25519 reference implementation using Ed25519-donna
+*/
+
+
+/* define ED25519_SUFFIX to have it appended to the end of each public function */
+#if !defined(ED25519_SUFFIX)
+#define ED25519_SUFFIX 
+#endif
+
+#define ED25519_FN3(fn,suffix) fn##suffix
+#define ED25519_FN2(fn,suffix) ED25519_FN3(fn,suffix)
+#define ED25519_FN(fn)         ED25519_FN2(fn,ED25519_SUFFIX)
+
+#include "ed25519-donna.h"
+#include "ed25519.h"
+#include "ed25519-randombytes.h"
+#include "ed25519-hash.h"
+
+/*
+	Generates a (extsk[0..31]) and aExt (extsk[32..63])
+*/
+
+DONNA_INLINE static void
+ed25519_extsk(hash_512bits extsk, const ed25519_secret_key sk) {
+	ed25519_hash(extsk, sk, 32);
+	extsk[0] &= 248;
+	extsk[31] &= 127;
+	extsk[31] |= 64;
+}
+
+static void
+ed25519_hram(hash_512bits hram, const ed25519_signature RS, const ed25519_public_key pk, const unsigned char *m, size_t mlen) {
+	ed25519_hash_context ctx;
+	ed25519_hash_init(&ctx);
+	ed25519_hash_update(&ctx, RS, 32);
+	ed25519_hash_update(&ctx, pk, 32);
+	ed25519_hash_update(&ctx, m, mlen);
+	ed25519_hash_final(&ctx, hram);
+}
+
+void
+ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
+	bignum256modm a;
+	ge25519 ALIGN(16) A;
+	hash_512bits extsk;
+
+	/* A = aB */
+	ed25519_extsk(extsk, sk);
+	expand256_modm(a, extsk, 32);
+	ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
+	ge25519_pack(pk, &A);
+}
+
+
+void
+ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS) {
+	ed25519_hash_context ctx;
+	bignum256modm r, S, a;
+	ge25519 ALIGN(16) R;
+	hash_512bits extsk, hashr, hram;
+
+	ed25519_extsk(extsk, sk);
+
+	/* r = H(aExt[32..64], m) */
+	ed25519_hash_init(&ctx);
+	ed25519_hash_update(&ctx, extsk + 32, 32);
+	ed25519_hash_update(&ctx, m, mlen);
+	ed25519_hash_final(&ctx, hashr);
+	expand256_modm(r, hashr, 64);
+
+	/* R = rB */
+	ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r);
+	ge25519_pack(RS, &R);
+
+	/* S = H(R,A,m).. */
+	ed25519_hram(hram, RS, pk, m, mlen);
+	expand256_modm(S, hram, 64);
+
+	/* S = H(R,A,m)a */
+	expand256_modm(a, extsk, 32);
+	mul256_modm(S, S, a);
+
+	/* S = (r + H(R,A,m)a) */
+	add256_modm(S, S, r);
+
+	/* S = (r + H(R,A,m)a) mod L */	
+	contract256_modm(RS + 32, S);
+}
+
+int
+ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
+	ge25519 ALIGN(16) R, A;
+	hash_512bits hash;
+	bignum256modm hram, S;
+	unsigned char checkR[32];
+
+	if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk))
+		return -1;
+
+	/* hram = H(R,A,m) */
+	ed25519_hram(hash, RS, pk, m, mlen);
+	expand256_modm(hram, hash, 64);
+
+	/* S */
+	expand256_modm(S, RS + 32, 32);
+
+	/* SB - H(R,A,m)A */
+	ge25519_double_scalarmult_vartime(&R, &A, hram, S);
+	ge25519_pack(checkR, &R);
+
+	/* check that R = SB - H(R,A,m)A */
+	return ed25519_verify(RS, checkR, 32) ? 0 : -1;
+}
+
+#include "ed25519-donna-batchverify.h"
+
+/*
+	Fast Curve25519 basepoint scalar multiplication
+*/
+
+void
+ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25519_key e) {
+	curved25519_key ec;
+	bignum256modm s;
+	bignum25519 ALIGN(16) yplusz, zminusy;
+	ge25519 ALIGN(16) p;
+	size_t i;
+
+	/* clamp */
+	for (i = 0; i < 32; i++) ec[i] = e[i];
+	ec[0] &= 248;
+	ec[31] &= 127;
+	ec[31] |= 64;
+
+	expand_raw256_modm(s, ec);
+
+	/* scalar * basepoint */
+	ge25519_scalarmult_base_niels(&p, ge25519_niels_base_multiples, s);
+
+	/* u = (y + z) / (z - y) */
+	curve25519_add(yplusz, p.y, p.z);
+	curve25519_sub(zminusy, p.z, p.y);
+	curve25519_recip(zminusy, zminusy);
+	curve25519_mul(yplusz, yplusz, zminusy);
+	curve25519_contract(pk, yplusz);
+}
+
diff --git a/src/ext/ed25519/donna/ed25519.h b/src/ext/ed25519/donna/ed25519.h
new file mode 100644
index 0000000000..dc86675cd1
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519.h
@@ -0,0 +1,30 @@
+#ifndef ED25519_H
+#define ED25519_H
+
+#include <stdlib.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+typedef unsigned char ed25519_signature[64];
+typedef unsigned char ed25519_public_key[32];
+typedef unsigned char ed25519_secret_key[32];
+
+typedef unsigned char curved25519_key[32];
+
+void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
+int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
+void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
+
+int ed25519_sign_open_batch(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid);
+
+void ed25519_randombytes_unsafe(void *out, size_t count);
+
+void curved25519_scalarmult_basepoint(curved25519_key pk, const curved25519_key e);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif // ED25519_H
diff --git a/src/ext/ed25519/donna/ed25519_donna_tor.h b/src/ext/ed25519/donna/ed25519_donna_tor.h
new file mode 100644
index 0000000000..d225407b1c
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519_donna_tor.h
@@ -0,0 +1,33 @@
+/* Added for Tor. */
+#ifndef SRC_EXT_ED25519_DONNA_H_INCLUDED_
+#define SRC_EXT_ED25519_DONNA_H_INCLUDED_
+#include <torint.h>
+
+typedef unsigned char curved25519_key[32];
+
+int ed25519_sign_open_batch_donna(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid);
+void curved25519_scalarmult_basepoint_donna(curved25519_key pk, const curved25519_key e);
+
+/* Tor specific interface to match the `ref10` glue code. */
+int ed25519_donna_selftest(void);
+int ed25519_donna_seckey(unsigned char *sk);
+int ed25519_donna_seckey_expand(unsigned char *sk, const unsigned char *sk_seed);
+int ed25519_donna_pubkey(unsigned char *pk, const unsigned char *sk);
+int ed25519_donna_keygen(unsigned char *pk, unsigned char *sk);
+
+int ed25519_donna_open(const unsigned char *signature, const unsigned char *m,
+  size_t mlen, const unsigned char *pk);
+
+int ed25519_donna_sign(unsigned char *sig, const unsigned char *m, size_t mlen,
+  const unsigned char *sk, const unsigned char *pk);
+
+int ed25519_donna_blind_secret_key(unsigned char *out, const unsigned char *inp,
+  const unsigned char *param);
+
+int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
+  const unsigned char *param);
+
+int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
+  const unsigned char *inp, int signbit);
+
+#endif
diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c
new file mode 100644
index 0000000000..52b259dfe1
--- /dev/null
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@@ -0,0 +1,343 @@
+/*
+  Public domain by Andrew M. <liquidsun@gmail.com>
+
+  Ed25519 reference implementation using Ed25519-donna
+*/
+
+/*
+  Tor specific notes:
+
+  This file is used by Tor instead of `ed25519.c` as the number of
+  changes/additions is non-trivial.
+
+  Tor modifications to `ed25519.c`:
+   * 'Tab` -> '  '.
+   * Include `ed25519_donna_tor.h` instead of `ed25519.h`.
+
+   * The external interface has been reworked to match that provided
+     by Tor's copy of the SUPERCOP `ref10` code.
+
+   * The secret (aka private) key is now stored/used in expanded form.
+
+   * The internal math tests from `test-internals.c` have been wrapped
+     in a function and the entire file is included to allow for
+     runtime validation.
+ */
+
+
+/* define ED25519_SUFFIX to have it appended to the end of each public function */
+#if !defined(ED25519_SUFFIX)
+#define ED25519_SUFFIX
+#endif
+
+#define ED25519_FN3(fn,suffix) fn##suffix
+#define ED25519_FN2(fn,suffix) ED25519_FN3(fn,suffix)
+#define ED25519_FN(fn)         ED25519_FN2(fn,ED25519_SUFFIX)
+
+
+#include "ed25519-donna.h"
+#include "ed25519_donna_tor.h"
+#include "ed25519-randombytes.h"
+#include "ed25519-hash.h"
+
+typedef unsigned char ed25519_signature[64];
+typedef unsigned char ed25519_public_key[32];
+typedef unsigned char ed25519_secret_key[32];
+
+static void gettweak(unsigned char *out, const unsigned char *param);
+
+static int ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen,
+  const ed25519_public_key pk, const ed25519_signature RS);
+
+
+/*
+  Generates a (extsk[0..31]) and aExt (extsk[32..63])
+*/
+
+DONNA_INLINE static void
+ed25519_extsk(hash_512bits extsk, const ed25519_secret_key sk) {
+  ed25519_hash(extsk, sk, 32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+}
+
+static void
+ed25519_hram(hash_512bits hram, const ed25519_signature RS, const ed25519_public_key pk, const unsigned char *m, size_t mlen) {
+  ed25519_hash_context ctx;
+  ed25519_hash_init(&ctx);
+  ed25519_hash_update(&ctx, RS, 32);
+  ed25519_hash_update(&ctx, pk, 32);
+  ed25519_hash_update(&ctx, m, mlen);
+  ed25519_hash_final(&ctx, hram);
+}
+
+static int
+ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
+  ge25519 ALIGN(16) R, A;
+  hash_512bits hash;
+  bignum256modm hram, S;
+  unsigned char checkR[32];
+
+  if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk))
+    return -1;
+
+  /* hram = H(R,A,m) */
+  ed25519_hram(hash, RS, pk, m, mlen);
+  expand256_modm(hram, hash, 64);
+
+  /* S */
+  expand256_modm(S, RS + 32, 32);
+
+  /* SB - H(R,A,m)A */
+  ge25519_double_scalarmult_vartime(&R, &A, hram, S);
+  ge25519_pack(checkR, &R);
+
+  /* check that R = SB - H(R,A,m)A */
+  return ed25519_verify(RS, checkR, 32) ? 0 : -1;
+}
+
+#include "ed25519-donna-batchverify.h"
+
+/*
+  Fast Curve25519 basepoint scalar multiplication
+*/
+
+void
+ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25519_key e) {
+  curved25519_key ec;
+  bignum256modm s;
+  bignum25519 ALIGN(16) yplusz, zminusy;
+  ge25519 ALIGN(16) p;
+  size_t i;
+
+  /* clamp */
+  for (i = 0; i < 32; i++) ec[i] = e[i];
+  ec[0] &= 248;
+  ec[31] &= 127;
+  ec[31] |= 64;
+
+  expand_raw256_modm(s, ec);
+
+  /* scalar * basepoint */
+  ge25519_scalarmult_base_niels(&p, ge25519_niels_base_multiples, s);
+
+  /* u = (y + z) / (z - y) */
+  curve25519_add(yplusz, p.y, p.z);
+  curve25519_sub(zminusy, p.z, p.y);
+  curve25519_recip(zminusy, zminusy);
+  curve25519_mul(yplusz, yplusz, zminusy);
+  curve25519_contract(pk, yplusz);
+}
+
+/*
+   Tor has a specific idea of how an Ed25519 implementaion should behave.
+   Implement such a beast using the ed25519-donna primitives/internals.
+
+    * Private key generation using Tor's CSPRNG.
+
+    * Routines that deal with the private key now use the expanded form.
+
+    * Support for multiplicative key blinding has been added.
+
+    * Support for converting a Curve25519 key to an Ed25519 key has been added.
+ */
+
+int
+ed25519_donna_seckey(unsigned char *sk)
+{
+  ed25519_secret_key seed;
+
+  crypto_strongest_rand(seed, 32);
+
+  ed25519_extsk(sk, seed);
+
+  memwipe(seed, 0, sizeof(seed));
+
+  return 0;
+}
+
+int
+ed25519_donna_seckey_expand(unsigned char *sk, const unsigned char *skseed)
+{
+  ed25519_extsk(sk, skseed);
+
+  return 0;
+}
+
+int
+ed25519_donna_pubkey(unsigned char *pk, const unsigned char *sk)
+{
+  bignum256modm a = {0};
+  ge25519 ALIGN(16) A = {{0}, {0}, {0}, {0}};
+
+  /* A = aB */
+  expand256_modm(a, sk, 32);
+  ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
+  ge25519_pack(pk, &A);
+
+  return 0;
+}
+
+int
+ed25519_donna_keygen(unsigned char *pk, unsigned char *sk)
+{
+  int ok;
+  ok = ed25519_donna_seckey(sk);
+  ed25519_donna_pubkey(pk, sk);
+
+  return ok;
+}
+
+int
+ed25519_donna_open(const unsigned char *signature, const unsigned char *m,
+  size_t mlen, const unsigned char *pk)
+{
+  /* Wrap the ed25519-donna routine, since it is also used by the batch
+   * verification code.
+   */
+  return ED25519_FN(ed25519_sign_open)(m, mlen, pk, signature);
+}
+
+int
+ed25519_donna_sign(unsigned char *sig, const unsigned char *m, size_t mlen,
+  const unsigned char *sk, const unsigned char *pk)
+{
+  ed25519_hash_context ctx;
+  bignum256modm r = {0}, S, a;
+  ge25519 ALIGN(16) R = {{0}, {0}, {0}, {0}};
+  hash_512bits hashr, hram;
+
+  /* This is equivalent to the removed `ED25519_FN(ed25519_sign)` routine,
+   * except that the key expansion step is omitted as sk already is in expanded
+   * form.
+   */
+
+  /* r = H(aExt[32..64], m) */
+  ed25519_hash_init(&ctx);
+  ed25519_hash_update(&ctx, sk + 32, 32);
+  ed25519_hash_update(&ctx, m, mlen);
+  ed25519_hash_final(&ctx, hashr);
+  expand256_modm(r, hashr, 64);
+
+  /* R = rB */
+  ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r);
+  ge25519_pack(sig, &R);
+
+  /* S = H(R,A,m).. */
+  ed25519_hram(hram, sig, pk, m, mlen);
+  expand256_modm(S, hram, 64);
+
+  /* S = H(R,A,m)a */
+  expand256_modm(a, sk, 32);
+  mul256_modm(S, S, a);
+
+  /* S = (r + H(R,A,m)a) */
+  add256_modm(S, S, r);
+
+  /* S = (r + H(R,A,m)a) mod L */
+  contract256_modm(sig + 32, S);
+
+  return 0;
+}
+
+static void
+gettweak(unsigned char *out, const unsigned char *param)
+{
+  static const char str[] = "Derive temporary signing key";
+  ed25519_hash_context ctx;
+
+  ed25519_hash_init(&ctx);
+  ed25519_hash_update(&ctx, (const unsigned char*)str, strlen(str));
+  ed25519_hash_update(&ctx, param, 32);
+  ed25519_hash_final(&ctx, out);
+
+  out[0] &= 248;  /* Is this necessary ? */
+  out[31] &= 63;
+  out[31] |= 64;
+}
+
+int
+ed25519_donna_blind_secret_key(unsigned char *out, const unsigned char *inp,
+  const unsigned char *param)
+{
+  static const char str[] = "Derive temporary signing key hash input";
+  unsigned char tweak[64];
+  ed25519_hash_context ctx;
+  bignum256modm ALIGN(16) sk, t;
+
+  gettweak(tweak, param);
+  expand256_modm(t, tweak, 32);
+
+  expand256_modm(sk, inp, 32);
+  mul256_modm(sk, sk, t);
+  contract256_modm(out, sk);
+
+  ed25519_hash_init(&ctx);
+  ed25519_hash_update(&ctx, (const unsigned char*)str, strlen(str));
+  ed25519_hash_update(&ctx, inp + 32, 32);
+  ed25519_hash_final(&ctx, tweak);
+
+  memcpy(out + 32, tweak, 32);
+
+  memwipe(sk, 0, sizeof(sk));
+  memwipe(t, 0, sizeof(t));
+  memwipe(tweak, 0, sizeof(tweak));
+
+  return 0;
+}
+
+int
+ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
+  const unsigned char *param)
+{
+  static const bignum256modm zero = { 0 };
+  unsigned char tweak[64];
+  unsigned char pkcopy[32];
+  ge25519 ALIGN(16) A, Aprime;
+  bignum256modm ALIGN(16) t;
+
+  gettweak(tweak, param);
+  expand256_modm(t, tweak, 32);
+
+  /* No "ge25519_unpack", negate the public key. */
+  memcpy(pkcopy, inp, 32);
+  pkcopy[31] ^= (1<<7);
+  ge25519_unpack_negative_vartime(&A, pkcopy);
+
+  /* A' = [tweak] * A + [0] * basepoint. */
+  ge25519_double_scalarmult_vartime(&Aprime, &A, t, zero);
+  ge25519_pack(out, &Aprime);
+
+  memwipe(tweak, 0, sizeof(tweak));
+  memwipe(pkcopy, 0, sizeof(pkcopy));
+  memwipe(&A, 0, sizeof(A));
+  memwipe(&Aprime, 0, sizeof(Aprime));
+  memwipe(t, 0, sizeof(t));
+
+  return 0;
+}
+
+int
+ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
+  const unsigned char *inp, int signbit)
+{
+  static const bignum25519 ALIGN(16) one = { 1 };
+  bignum25519 ALIGN(16) u, uminus1, uplus1, inv_uplus1, y;
+
+  /* Prop228: y = (u-1)/(u+1) */
+  curve25519_expand(u, inp);
+  curve25519_sub(uminus1, u, one);
+  curve25519_add(uplus1, u, one);
+  curve25519_recip(inv_uplus1, uplus1);
+  curve25519_mul(y, uminus1, inv_uplus1);
+  curve25519_contract(out, y);
+
+  /* Propagate sign. */
+  out[31] |= (!!signbit) << 7;
+
+  return 0;
+}
+
+#include "test-internals.c"
+
diff --git a/src/ext/ed25519/donna/fuzz/README.md b/src/ext/ed25519/donna/fuzz/README.md
new file mode 100644
index 0000000000..306ddfe08c
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/README.md
@@ -0,0 +1,173 @@
+This code fuzzes ed25519-donna (and optionally ed25519-donna-sse2) against the ref10 implementations of
+[curve25519](https://github.com/floodyberry/supercop/tree/master/crypto_scalarmult/curve25519/ref10) and 
+[ed25519](https://github.com/floodyberry/supercop/tree/master/crypto_sign/ed25519/ref10).
+
+Curve25519 tests that generating a public key from a secret key
+
+# Building
+
+## *nix + PHP
+
+`php build-nix.php (required parameters) (optional parameters)`
+
+Required parameters:
+
+* `--function=[curve25519,ed25519]`
+* `--bits=[32,64]`
+
+Optional parameters:
+
+* `--with-sse2`
+
+    Also fuzz against ed25519-donna-sse2
+* `--with-openssl`
+
+    Build with OpenSSL's SHA-512.
+
+    Default: Reference SHA-512 implementation (slow!)
+
+* `--compiler=[gcc,clang,icc]`
+
+    Default: gcc
+
+* `--no-asm`
+
+    Do not use platform specific assembler
+
+
+example:
+    
+    php build-nix.php --bits=64 --function=ed25519 --with-sse2 --compiler=icc 
+
+## Windows
+
+Create a project with access to the ed25519 files.
+
+If you are not using OpenSSL, add the `ED25519_REFHASH` define to the projects 
+"Properties/Preprocessor/Preprocessor Definitions" option
+
+Add the following files to the project:
+
+* `fuzz/curve25519-ref10.c`
+* `fuzz/ed25519-ref10.c`
+* `fuzz/ed25519-donna.c`
+* `fuzz/ed25519-donna-sse2.c` (optional)
+* `fuzz-[curve25519/ed25519].c` (depending on which you want to fuzz)
+
+If you are also fuzzing against ed25519-donna-sse2, add the `ED25519_SSE2` define for `fuzz-[curve25519/ed25519].c` under 
+its "Properties/Preprocessor/Preprocessor Definitions" option.
+
+# Running
+
+If everything agrees, the program will only output occasional status dots (every 0x1000 passes) 
+and a 64bit progress count (every 0x20000 passes):
+
+    fuzzing:  ref10 curved25519 curved25519-sse2
+    
+    ................................ [0000000000020000]
+    ................................ [0000000000040000]
+    ................................ [0000000000060000]
+    ................................ [0000000000080000]
+    ................................ [00000000000a0000]
+    ................................ [00000000000c0000]
+ 
+If any of the implementations do not agree with the ref10 implementation, the program will dump
+the random data that was used, the data generated by the ref10 implementation, and diffs of the 
+ed25519-donna data against the ref10 data.
+
+## Example errors
+
+These are example error dumps (with intentionally introduced errors).
+
+### Ed25519
+
+Random data:
+
+* sk, or Secret Key
+* m, or Message
+
+Generated data:
+
+* pk, or Public Key
+* sig, or Signature
+* valid, or if the signature of the message is valid with the public key
+
+Dump:
+
+    sk:
+    0x3b,0xb7,0x17,0x7a,0x66,0xdc,0xb7,0x9a,0x90,0x25,0x07,0x99,0x96,0xf3,0x92,0xef,
+    0x78,0xf8,0xad,0x6c,0x35,0x87,0x81,0x67,0x03,0xe6,0x95,0xba,0x06,0x18,0x7c,0x9c,
+    
+    m:
+    0x7c,0x8d,0x3d,0xe1,0x92,0xee,0x7a,0xb8,0x4d,0xc9,0xfb,0x02,0x34,0x1e,0x5a,0x91,
+    0xee,0x01,0xa6,0xb8,0xab,0x37,0x3f,0x3d,0x6d,0xa2,0x47,0xe3,0x27,0x93,0x7c,0xb7,
+    0x77,0x07,0xb6,0x88,0x41,0x22,0xf3,0x3f,0xce,0xcb,0x6b,0x3e,0x2b,0x23,0x68,0x7f,
+    0x5b,0xb9,0xda,0x04,0xbb,0xae,0x42,0x50,0xf5,0xe9,0xc5,0x11,0xbd,0x52,0x76,0x98,
+    0xf1,0x87,0x09,0xb9,0x89,0x0a,0x52,0x69,0x01,0xce,0xe0,0x4a,0xa6,0x46,0x5a,0xe1,
+    0x63,0x14,0xe0,0x81,0x52,0xec,0xcd,0xcf,0x70,0x54,0x7d,0xa3,0x49,0x8b,0xf0,0x89,
+    0x70,0x07,0x12,0x2a,0xd9,0xaa,0x16,0x01,0xb2,0x16,0x3a,0xbb,0xfc,0xfa,0x13,0x5b,
+    0x69,0x83,0x92,0x70,0x95,0x76,0xa0,0x8e,0x16,0x79,0xcc,0xaa,0xb5,0x7c,0xf8,0x7a,
+    
+    ref10:
+    pk:
+    0x71,0xb0,0x5e,0x62,0x1b,0xe3,0xe7,0x36,0x91,0x8b,0xc0,0x13,0x36,0x0c,0xc9,0x04,
+    0x16,0xf5,0xff,0x48,0x0c,0x83,0x6b,0x88,0x53,0xa2,0xc6,0x0f,0xf7,0xac,0x42,0x04,
+    
+    sig:
+    0x3e,0x05,0xc5,0x37,0x16,0x0b,0x29,0x30,0x89,0xa3,0xe7,0x83,0x08,0x16,0xdd,0x96,
+    0x02,0xfa,0x0d,0x44,0x2c,0x43,0xaa,0x80,0x93,0x04,0x58,0x22,0x09,0xbf,0x11,0xa5,
+    0xcc,0xa5,0x3c,0x9f,0xa0,0xa4,0x64,0x5a,0x4a,0xdb,0x20,0xfb,0xc7,0x9b,0xfd,0x3f,
+    0x08,0xae,0xc4,0x3c,0x1e,0xd8,0xb6,0xb4,0xd2,0x6d,0x80,0x92,0xcb,0x71,0xf3,0x02,
+    
+    valid: yes
+    
+    ed25519-donna:
+    pk diff:
+    ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,
+    ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,
+    
+    sig diff:
+    0x2c,0xb9,0x25,0x14,0xd0,0x94,0xeb,0xfe,0x46,0x02,0xc2,0xe8,0xa3,0xeb,0xbf,0xb5,
+    0x72,0x84,0xbf,0xc1,0x8a,0x32,0x30,0x99,0xf7,0x58,0xfe,0x06,0xa8,0xdc,0xdc,0xab,
+    0xb5,0x57,0x03,0x33,0x87,0xce,0x54,0x55,0x6a,0x69,0x8a,0xc4,0xb7,0x2a,0xed,0x97,
+    0xb4,0x68,0xe7,0x52,0x7a,0x07,0x55,0x3b,0xa2,0x94,0xd6,0x5e,0xa1,0x61,0x80,0x08,
+    
+    valid: no
+
+In this case, the generated public key matches, but the generated signature is completely 
+different and does not validate.
+
+### Curve25519
+
+Random data:
+
+* sk, or Secret Key
+
+Generated data:
+
+* pk, or Public Key
+
+Dump:
+
+    sk:
+    0x44,0xec,0x0b,0x0e,0xa2,0x0e,0x9c,0x5b,0x8c,0xce,0x7b,0x1d,0x68,0xae,0x0f,0x9e,
+    0x81,0xe2,0x04,0x76,0xda,0x87,0xa4,0x9e,0xc9,0x4f,0x3b,0xf9,0xc3,0x89,0x63,0x70,
+    
+    
+    ref10:
+    0x24,0x55,0x55,0xc0,0xf9,0x80,0xaf,0x02,0x43,0xee,0x8c,0x7f,0xc1,0xad,0x90,0x95,
+    0x57,0x91,0x14,0x2e,0xf2,0x14,0x22,0x80,0xdd,0x4e,0x3c,0x85,0x71,0x84,0x8c,0x62,
+    
+    
+    curved25519 diff:
+    0x12,0xd1,0x61,0x2b,0x16,0xb3,0xd8,0x29,0xf8,0xa3,0xba,0x70,0x4e,0x49,0x4f,0x43,
+    0xa1,0x3c,0x6b,0x42,0x11,0x61,0xcc,0x30,0x87,0x73,0x46,0xfb,0x85,0xc7,0x9a,0x35,
+    
+    
+    curved25519-sse2 diff:
+    ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,
+    ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,
+
+
+In this case, curved25519 is totally wrong, while curved25519-sse2 matches the reference 
+implementation.
\ No newline at end of file
diff --git a/src/ext/ed25519/donna/fuzz/build-nix.php b/src/ext/ed25519/donna/fuzz/build-nix.php
new file mode 100644
index 0000000000..c69144ebc9
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/build-nix.php
@@ -0,0 +1,134 @@
+<?php
+	function echoln($str) {
+		echo $str;
+		echo "\n";
+	}
+
+	function usage($reason) {
+		echoln("Usage: php build-nix.php [flags]");
+		echoln("Flags in parantheses are optional");
+		echoln("");
+		echoln("  --bits=[32,64]");
+		echoln("  --function=[curve25519,ed25519]");
+		echoln(" (--compiler=[*gcc,clang,icc])        which compiler to use, gcc is default");
+		echoln(" (--with-openssl)                     use openssl for SHA512");
+		echoln(" (--with-sse2)                        additionally fuzz against SSE2");
+		echoln(" (--no-asm)                           don't use platform specific asm");
+		echoln("");
+		if ($reason)
+			echoln($reason);
+	}
+
+	function cleanup() {
+		system("rm -f *.o");
+	}
+
+	function runcmd($desc, $cmd) {
+		echoln($desc);
+
+		$ret = 0;
+		system($cmd, $ret);
+		if ($ret) {
+			cleanup();
+			exit;
+		}
+	}
+
+	class argument {
+		var $set, $value;
+	}
+
+	class multiargument extends argument {
+		function multiargument($flag, $legal_values) {
+			global $argc, $argv;
+
+			$this->set = false;
+
+			$map = array();
+			foreach($legal_values as $value)
+				$map[$value] = true;
+
+			for ($i = 1; $i < $argc; $i++) {
+				if (!preg_match("!--".$flag."=(.*)!", $argv[$i], $m))
+					continue;
+				if (isset($map[$m[1]])) {
+					$this->value = $m[1];
+					$this->set = true;
+					return;
+				} else {
+					usage("{$m[1]} is not a valid parameter to --{$flag}!");
+					exit(1);
+				}
+			}
+		}
+	}
+
+	class flag extends argument {
+		function flag($flag) {
+			global $argc, $argv;
+
+			$this->set = false;
+
+			$flag = "--{$flag}";
+			for ($i = 1; $i < $argc; $i++) {
+				if ($argv[$i] !== $flag)
+					continue;
+				$this->value = true;
+				$this->set = true;
+				return;
+			}
+		}
+	}
+
+	$bits = new multiargument("bits", array("32", "64"));
+	$function = new multiargument("function", array("curve25519", "ed25519"));
+	$compiler = new multiargument("compiler", array("gcc", "clang", "icc"));
+	$with_sse2 = new flag("with-sse2");
+	$with_openssl = new flag("with-openssl");
+	$no_asm = new flag("no-asm");
+
+	$err = "";
+	if (!$bits->set)
+		$err .= "--bits not set\n";
+	if (!$function->set)
+		$err .= "--function not set\n";
+
+	if ($err !== "") {
+		usage($err);
+		exit;
+	}
+
+	$compile = ($compiler->set) ? $compiler->value : "gcc";
+	$link = "";
+	$flags = "-O3 -m{$bits->value}";
+	$ret = 0;
+
+	if ($with_openssl->set) $link .= " -lssl -lcrypto";
+	if (!$with_openssl->set) $flags .= " -DED25519_REFHASH -DED25519_TEST";
+	if ($no_asm->set) $flags .= " -DED25519_NO_INLINE_ASM";
+
+	if ($function->value === "curve25519") {
+		runcmd("building ref10..", "{$compile} {$flags} curve25519-ref10.c -c -o curve25519-ref10.o");
+		runcmd("building ed25519..", "{$compile} {$flags} ed25519-donna.c -c -o ed25519.o");
+		if ($with_sse2->set) {
+			runcmd("building ed25519-sse2..", "{$compile} {$flags} ed25519-donna-sse2.c -c -o ed25519-sse2.o -msse2");
+			$flags .= " -DED25519_SSE2";
+			$link .= " ed25519-sse2.o";
+		}
+		runcmd("linking..", "{$compile} {$flags} {$link} fuzz-curve25519.c ed25519.o curve25519-ref10.o -o fuzz-curve25519");
+		echoln("fuzz-curve25519 built.");
+	} else 	if ($function->value === "ed25519") {
+		runcmd("building ref10..", "{$compile} {$flags} ed25519-ref10.c -c -o ed25519-ref10.o");
+		runcmd("building ed25519..", "{$compile} {$flags} ed25519-donna.c -c -o ed25519.o");
+		if ($with_sse2->set) {
+			runcmd("building ed25519-sse2..", "{$compile} {$flags} ed25519-donna-sse2.c -c -o ed25519-sse2.o -msse2");
+			$flags .= " -DED25519_SSE2";
+			$link .= " ed25519-sse2.o";
+		}
+		runcmd("linking..", "{$compile} {$flags} {$link} fuzz-ed25519.c ed25519.o ed25519-ref10.o -o fuzz-ed25519");
+		echoln("fuzz-ed25519 built.");
+	}
+
+
+	cleanup();
+?>
diff --git a/src/ext/ed25519/donna/fuzz/curve25519-ref10.c b/src/ext/ed25519/donna/fuzz/curve25519-ref10.c
new file mode 100644
index 0000000000..efefce6fde
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/curve25519-ref10.c
@@ -0,0 +1,1272 @@
+#include <stdint.h>
+
+typedef int32_t crypto_int32;
+typedef int64_t crypto_int64;
+typedef uint64_t crypto_uint64;
+
+typedef crypto_int32 fe[10];
+
+/*
+h = 0
+*/
+
+void fe_0(fe h)
+{
+  h[0] = 0;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
+
+/*
+h = 1
+*/
+
+void fe_1(fe h)
+{
+  h[0] = 1;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
+
+/*
+h = f + g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+void fe_add(fe h,fe f,fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 + g0;
+  crypto_int32 h1 = f1 + g1;
+  crypto_int32 h2 = f2 + g2;
+  crypto_int32 h3 = f3 + g3;
+  crypto_int32 h4 = f4 + g4;
+  crypto_int32 h5 = f5 + g5;
+  crypto_int32 h6 = f6 + g6;
+  crypto_int32 h7 = f7 + g7;
+  crypto_int32 h8 = f8 + g8;
+  crypto_int32 h9 = f9 + g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+h = f
+*/
+
+void fe_copy(fe h,fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  h[0] = f0;
+  h[1] = f1;
+  h[2] = f2;
+  h[3] = f3;
+  h[4] = f4;
+  h[5] = f5;
+  h[6] = f6;
+  h[7] = f7;
+  h[8] = f8;
+  h[9] = f9;
+}
+
+
+/*
+Replace (f,g) with (g,f) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+
+Preconditions: b in {0,1}.
+*/
+
+void fe_cswap(fe f,fe g,unsigned int b)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 x0 = f0 ^ g0;
+  crypto_int32 x1 = f1 ^ g1;
+  crypto_int32 x2 = f2 ^ g2;
+  crypto_int32 x3 = f3 ^ g3;
+  crypto_int32 x4 = f4 ^ g4;
+  crypto_int32 x5 = f5 ^ g5;
+  crypto_int32 x6 = f6 ^ g6;
+  crypto_int32 x7 = f7 ^ g7;
+  crypto_int32 x8 = f8 ^ g8;
+  crypto_int32 x9 = f9 ^ g9;
+  b = -b;
+  x0 &= b;
+  x1 &= b;
+  x2 &= b;
+  x3 &= b;
+  x4 &= b;
+  x5 &= b;
+  x6 &= b;
+  x7 &= b;
+  x8 &= b;
+  x9 &= b;
+  f[0] = f0 ^ x0;
+  f[1] = f1 ^ x1;
+  f[2] = f2 ^ x2;
+  f[3] = f3 ^ x3;
+  f[4] = f4 ^ x4;
+  f[5] = f5 ^ x5;
+  f[6] = f6 ^ x6;
+  f[7] = f7 ^ x7;
+  f[8] = f8 ^ x8;
+  f[9] = f9 ^ x9;
+  g[0] = g0 ^ x0;
+  g[1] = g1 ^ x1;
+  g[2] = g2 ^ x2;
+  g[3] = g3 ^ x3;
+  g[4] = g4 ^ x4;
+  g[5] = g5 ^ x5;
+  g[6] = g6 ^ x6;
+  g[7] = g7 ^ x7;
+  g[8] = g8 ^ x8;
+  g[9] = g9 ^ x9;
+}
+
+static crypto_uint64 load_3(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  return result;
+}
+
+static crypto_uint64 load_4(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  result |= ((crypto_uint64) in[3]) << 24;
+  return result;
+}
+
+void fe_frombytes(fe h,const unsigned char *s)
+{
+  crypto_int64 h0 = load_4(s);
+  crypto_int64 h1 = load_3(s + 4) << 6;
+  crypto_int64 h2 = load_3(s + 7) << 5;
+  crypto_int64 h3 = load_3(s + 10) << 3;
+  crypto_int64 h4 = load_3(s + 13) << 2;
+  crypto_int64 h5 = load_4(s + 16);
+  crypto_int64 h6 = load_3(s + 20) << 7;
+  crypto_int64 h7 = load_3(s + 23) << 5;
+  crypto_int64 h8 = load_3(s + 26) << 4;
+  crypto_int64 h9 = load_3(s + 29) << 2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+
+/*
+h = f * g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+   |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+*/
+
+/*
+Notes on implementation strategy:
+
+Using schoolbook multiplication.
+Karatsuba would save a little in some cost models.
+
+Most multiplications by 2 and 19 are 32-bit precomputations;
+cheaper than 64-bit postcomputations.
+
+There is one remaining multiplication by 19 in the carry chain;
+one *19 precomputation can be merged into this,
+but the resulting data flow is considerably less clean.
+
+There are 12 carries below.
+10 of them are 2-way parallelizable and vectorizable.
+Can get away with 11 carries, but then data flow is much deeper.
+
+With tighter constraints on inputs can squeeze carries into int32.
+*/
+
+void fe_mul(fe h,fe f,fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 g1_19 = 19 * g1; /* 1.4*2^29 */
+  crypto_int32 g2_19 = 19 * g2; /* 1.4*2^30; still ok */
+  crypto_int32 g3_19 = 19 * g3;
+  crypto_int32 g4_19 = 19 * g4;
+  crypto_int32 g5_19 = 19 * g5;
+  crypto_int32 g6_19 = 19 * g6;
+  crypto_int32 g7_19 = 19 * g7;
+  crypto_int32 g8_19 = 19 * g8;
+  crypto_int32 g9_19 = 19 * g9;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f9_2 = 2 * f9;
+  crypto_int64 f0g0    = f0   * (crypto_int64) g0;
+  crypto_int64 f0g1    = f0   * (crypto_int64) g1;
+  crypto_int64 f0g2    = f0   * (crypto_int64) g2;
+  crypto_int64 f0g3    = f0   * (crypto_int64) g3;
+  crypto_int64 f0g4    = f0   * (crypto_int64) g4;
+  crypto_int64 f0g5    = f0   * (crypto_int64) g5;
+  crypto_int64 f0g6    = f0   * (crypto_int64) g6;
+  crypto_int64 f0g7    = f0   * (crypto_int64) g7;
+  crypto_int64 f0g8    = f0   * (crypto_int64) g8;
+  crypto_int64 f0g9    = f0   * (crypto_int64) g9;
+  crypto_int64 f1g0    = f1   * (crypto_int64) g0;
+  crypto_int64 f1g1_2  = f1_2 * (crypto_int64) g1;
+  crypto_int64 f1g2    = f1   * (crypto_int64) g2;
+  crypto_int64 f1g3_2  = f1_2 * (crypto_int64) g3;
+  crypto_int64 f1g4    = f1   * (crypto_int64) g4;
+  crypto_int64 f1g5_2  = f1_2 * (crypto_int64) g5;
+  crypto_int64 f1g6    = f1   * (crypto_int64) g6;
+  crypto_int64 f1g7_2  = f1_2 * (crypto_int64) g7;
+  crypto_int64 f1g8    = f1   * (crypto_int64) g8;
+  crypto_int64 f1g9_38 = f1_2 * (crypto_int64) g9_19;
+  crypto_int64 f2g0    = f2   * (crypto_int64) g0;
+  crypto_int64 f2g1    = f2   * (crypto_int64) g1;
+  crypto_int64 f2g2    = f2   * (crypto_int64) g2;
+  crypto_int64 f2g3    = f2   * (crypto_int64) g3;
+  crypto_int64 f2g4    = f2   * (crypto_int64) g4;
+  crypto_int64 f2g5    = f2   * (crypto_int64) g5;
+  crypto_int64 f2g6    = f2   * (crypto_int64) g6;
+  crypto_int64 f2g7    = f2   * (crypto_int64) g7;
+  crypto_int64 f2g8_19 = f2   * (crypto_int64) g8_19;
+  crypto_int64 f2g9_19 = f2   * (crypto_int64) g9_19;
+  crypto_int64 f3g0    = f3   * (crypto_int64) g0;
+  crypto_int64 f3g1_2  = f3_2 * (crypto_int64) g1;
+  crypto_int64 f3g2    = f3   * (crypto_int64) g2;
+  crypto_int64 f3g3_2  = f3_2 * (crypto_int64) g3;
+  crypto_int64 f3g4    = f3   * (crypto_int64) g4;
+  crypto_int64 f3g5_2  = f3_2 * (crypto_int64) g5;
+  crypto_int64 f3g6    = f3   * (crypto_int64) g6;
+  crypto_int64 f3g7_38 = f3_2 * (crypto_int64) g7_19;
+  crypto_int64 f3g8_19 = f3   * (crypto_int64) g8_19;
+  crypto_int64 f3g9_38 = f3_2 * (crypto_int64) g9_19;
+  crypto_int64 f4g0    = f4   * (crypto_int64) g0;
+  crypto_int64 f4g1    = f4   * (crypto_int64) g1;
+  crypto_int64 f4g2    = f4   * (crypto_int64) g2;
+  crypto_int64 f4g3    = f4   * (crypto_int64) g3;
+  crypto_int64 f4g4    = f4   * (crypto_int64) g4;
+  crypto_int64 f4g5    = f4   * (crypto_int64) g5;
+  crypto_int64 f4g6_19 = f4   * (crypto_int64) g6_19;
+  crypto_int64 f4g7_19 = f4   * (crypto_int64) g7_19;
+  crypto_int64 f4g8_19 = f4   * (crypto_int64) g8_19;
+  crypto_int64 f4g9_19 = f4   * (crypto_int64) g9_19;
+  crypto_int64 f5g0    = f5   * (crypto_int64) g0;
+  crypto_int64 f5g1_2  = f5_2 * (crypto_int64) g1;
+  crypto_int64 f5g2    = f5   * (crypto_int64) g2;
+  crypto_int64 f5g3_2  = f5_2 * (crypto_int64) g3;
+  crypto_int64 f5g4    = f5   * (crypto_int64) g4;
+  crypto_int64 f5g5_38 = f5_2 * (crypto_int64) g5_19;
+  crypto_int64 f5g6_19 = f5   * (crypto_int64) g6_19;
+  crypto_int64 f5g7_38 = f5_2 * (crypto_int64) g7_19;
+  crypto_int64 f5g8_19 = f5   * (crypto_int64) g8_19;
+  crypto_int64 f5g9_38 = f5_2 * (crypto_int64) g9_19;
+  crypto_int64 f6g0    = f6   * (crypto_int64) g0;
+  crypto_int64 f6g1    = f6   * (crypto_int64) g1;
+  crypto_int64 f6g2    = f6   * (crypto_int64) g2;
+  crypto_int64 f6g3    = f6   * (crypto_int64) g3;
+  crypto_int64 f6g4_19 = f6   * (crypto_int64) g4_19;
+  crypto_int64 f6g5_19 = f6   * (crypto_int64) g5_19;
+  crypto_int64 f6g6_19 = f6   * (crypto_int64) g6_19;
+  crypto_int64 f6g7_19 = f6   * (crypto_int64) g7_19;
+  crypto_int64 f6g8_19 = f6   * (crypto_int64) g8_19;
+  crypto_int64 f6g9_19 = f6   * (crypto_int64) g9_19;
+  crypto_int64 f7g0    = f7   * (crypto_int64) g0;
+  crypto_int64 f7g1_2  = f7_2 * (crypto_int64) g1;
+  crypto_int64 f7g2    = f7   * (crypto_int64) g2;
+  crypto_int64 f7g3_38 = f7_2 * (crypto_int64) g3_19;
+  crypto_int64 f7g4_19 = f7   * (crypto_int64) g4_19;
+  crypto_int64 f7g5_38 = f7_2 * (crypto_int64) g5_19;
+  crypto_int64 f7g6_19 = f7   * (crypto_int64) g6_19;
+  crypto_int64 f7g7_38 = f7_2 * (crypto_int64) g7_19;
+  crypto_int64 f7g8_19 = f7   * (crypto_int64) g8_19;
+  crypto_int64 f7g9_38 = f7_2 * (crypto_int64) g9_19;
+  crypto_int64 f8g0    = f8   * (crypto_int64) g0;
+  crypto_int64 f8g1    = f8   * (crypto_int64) g1;
+  crypto_int64 f8g2_19 = f8   * (crypto_int64) g2_19;
+  crypto_int64 f8g3_19 = f8   * (crypto_int64) g3_19;
+  crypto_int64 f8g4_19 = f8   * (crypto_int64) g4_19;
+  crypto_int64 f8g5_19 = f8   * (crypto_int64) g5_19;
+  crypto_int64 f8g6_19 = f8   * (crypto_int64) g6_19;
+  crypto_int64 f8g7_19 = f8   * (crypto_int64) g7_19;
+  crypto_int64 f8g8_19 = f8   * (crypto_int64) g8_19;
+  crypto_int64 f8g9_19 = f8   * (crypto_int64) g9_19;
+  crypto_int64 f9g0    = f9   * (crypto_int64) g0;
+  crypto_int64 f9g1_38 = f9_2 * (crypto_int64) g1_19;
+  crypto_int64 f9g2_19 = f9   * (crypto_int64) g2_19;
+  crypto_int64 f9g3_38 = f9_2 * (crypto_int64) g3_19;
+  crypto_int64 f9g4_19 = f9   * (crypto_int64) g4_19;
+  crypto_int64 f9g5_38 = f9_2 * (crypto_int64) g5_19;
+  crypto_int64 f9g6_19 = f9   * (crypto_int64) g6_19;
+  crypto_int64 f9g7_38 = f9_2 * (crypto_int64) g7_19;
+  crypto_int64 f9g8_19 = f9   * (crypto_int64) g8_19;
+  crypto_int64 f9g9_38 = f9_2 * (crypto_int64) g9_19;
+  crypto_int64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
+  crypto_int64 h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
+  crypto_int64 h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
+  crypto_int64 h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
+  crypto_int64 h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
+  crypto_int64 h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
+  crypto_int64 h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
+  crypto_int64 h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
+  crypto_int64 h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
+  crypto_int64 h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  /*
+  |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
+    i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
+  |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
+    i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
+  */
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  /* |h0| <= 2^25 */
+  /* |h4| <= 2^25 */
+  /* |h1| <= 1.51*2^58 */
+  /* |h5| <= 1.51*2^58 */
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  /* |h1| <= 2^24; from now on fits into int32 */
+  /* |h5| <= 2^24; from now on fits into int32 */
+  /* |h2| <= 1.21*2^59 */
+  /* |h6| <= 1.21*2^59 */
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  /* |h2| <= 2^25; from now on fits into int32 unchanged */
+  /* |h6| <= 2^25; from now on fits into int32 unchanged */
+  /* |h3| <= 1.51*2^58 */
+  /* |h7| <= 1.51*2^58 */
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+  /* |h3| <= 2^24; from now on fits into int32 unchanged */
+  /* |h7| <= 2^24; from now on fits into int32 unchanged */
+  /* |h4| <= 1.52*2^33 */
+  /* |h8| <= 1.52*2^33 */
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+  /* |h4| <= 2^25; from now on fits into int32 unchanged */
+  /* |h8| <= 2^25; from now on fits into int32 unchanged */
+  /* |h5| <= 1.01*2^24 */
+  /* |h9| <= 1.51*2^58 */
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  /* |h9| <= 2^24; from now on fits into int32 unchanged */
+  /* |h0| <= 1.8*2^37 */
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  /* |h0| <= 2^25; from now on fits into int32 unchanged */
+  /* |h1| <= 1.01*2^24 */
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+h = f * 121666
+Can overlap h with f.
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+*/
+
+void fe_mul121666(fe h,fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int64 h0 = f0 * (crypto_int64) 121666;
+  crypto_int64 h1 = f1 * (crypto_int64) 121666;
+  crypto_int64 h2 = f2 * (crypto_int64) 121666;
+  crypto_int64 h3 = f3 * (crypto_int64) 121666;
+  crypto_int64 h4 = f4 * (crypto_int64) 121666;
+  crypto_int64 h5 = f5 * (crypto_int64) 121666;
+  crypto_int64 h6 = f6 * (crypto_int64) 121666;
+  crypto_int64 h7 = f7 * (crypto_int64) 121666;
+  crypto_int64 h8 = f8 * (crypto_int64) 121666;
+  crypto_int64 h9 = f9 * (crypto_int64) 121666;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+h = f * f
+Can overlap h with f.
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+*/
+
+/*
+See fe_mul.c for discussion of implementation strategy.
+*/
+
+void fe_sq(fe h,fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 f0_2 = 2 * f0;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f2_2 = 2 * f2;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f4_2 = 2 * f4;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f6_2 = 2 * f6;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f5_38 = 38 * f5; /* 1.31*2^30 */
+  crypto_int32 f6_19 = 19 * f6; /* 1.31*2^30 */
+  crypto_int32 f7_38 = 38 * f7; /* 1.31*2^30 */
+  crypto_int32 f8_19 = 19 * f8; /* 1.31*2^30 */
+  crypto_int32 f9_38 = 38 * f9; /* 1.31*2^30 */
+  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
+  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
+  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
+  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
+  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
+  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
+  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
+  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
+  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
+  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
+  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
+  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
+  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
+  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
+  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
+  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
+  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
+  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
+  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
+  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
+  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
+  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
+  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
+  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
+  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
+  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
+  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
+  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
+  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
+  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
+  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
+  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
+  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
+  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
+  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
+  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
+  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
+  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
+  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
+  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
+  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
+  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
+  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
+  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
+  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
+  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
+  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
+  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
+  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
+  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
+  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
+  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
+  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
+  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
+  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
+  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+h = f - g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+void fe_sub(fe h,fe f,fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 - g0;
+  crypto_int32 h1 = f1 - g1;
+  crypto_int32 h2 = f2 - g2;
+  crypto_int32 h3 = f3 - g3;
+  crypto_int32 h4 = f4 - g4;
+  crypto_int32 h5 = f5 - g5;
+  crypto_int32 h6 = f6 - g6;
+  crypto_int32 h7 = f7 - g7;
+  crypto_int32 h8 = f8 - g8;
+  crypto_int32 h9 = f9 - g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+Preconditions:
+  |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Write p=2^255-19; q=floor(h/p).
+Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+
+Proof:
+  Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+  Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
+
+  Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+  Then 0<y<1.
+
+  Write r=h-pq.
+  Have 0<=r<=p-1=2^255-20.
+  Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+
+  Write x=r+19(2^-255)r+y.
+  Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+
+  Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+  so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+*/
+
+void fe_tobytes(unsigned char *s,fe h)
+{
+  crypto_int32 h0 = h[0];
+  crypto_int32 h1 = h[1];
+  crypto_int32 h2 = h[2];
+  crypto_int32 h3 = h[3];
+  crypto_int32 h4 = h[4];
+  crypto_int32 h5 = h[5];
+  crypto_int32 h6 = h[6];
+  crypto_int32 h7 = h[7];
+  crypto_int32 h8 = h[8];
+  crypto_int32 h9 = h[9];
+  crypto_int32 q;
+  crypto_int32 carry0;
+  crypto_int32 carry1;
+  crypto_int32 carry2;
+  crypto_int32 carry3;
+  crypto_int32 carry4;
+  crypto_int32 carry5;
+  crypto_int32 carry6;
+  crypto_int32 carry7;
+  crypto_int32 carry8;
+  crypto_int32 carry9;
+
+  q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
+  q = (h0 + q) >> 26;
+  q = (h1 + q) >> 25;
+  q = (h2 + q) >> 26;
+  q = (h3 + q) >> 25;
+  q = (h4 + q) >> 26;
+  q = (h5 + q) >> 25;
+  q = (h6 + q) >> 26;
+  q = (h7 + q) >> 25;
+  q = (h8 + q) >> 26;
+  q = (h9 + q) >> 25;
+
+  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+  h0 += 19 * q;
+  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+  carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
+  carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
+  carry9 = h9 >> 25;               h9 -= carry9 << 25;
+                  /* h10 = carry9 */
+
+  /*
+  Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+  Have h0+...+2^230 h9 between 0 and 2^255-1;
+  evidently 2^255 h10-2^255 q = 0.
+  Goal: Output h0+...+2^230 h9.
+  */
+
+  s[0] = h0 >> 0;
+  s[1] = h0 >> 8;
+  s[2] = h0 >> 16;
+  s[3] = (h0 >> 24) | (h1 << 2);
+  s[4] = h1 >> 6;
+  s[5] = h1 >> 14;
+  s[6] = (h1 >> 22) | (h2 << 3);
+  s[7] = h2 >> 5;
+  s[8] = h2 >> 13;
+  s[9] = (h2 >> 21) | (h3 << 5);
+  s[10] = h3 >> 3;
+  s[11] = h3 >> 11;
+  s[12] = (h3 >> 19) | (h4 << 6);
+  s[13] = h4 >> 2;
+  s[14] = h4 >> 10;
+  s[15] = h4 >> 18;
+  s[16] = h5 >> 0;
+  s[17] = h5 >> 8;
+  s[18] = h5 >> 16;
+  s[19] = (h5 >> 24) | (h6 << 1);
+  s[20] = h6 >> 7;
+  s[21] = h6 >> 15;
+  s[22] = (h6 >> 23) | (h7 << 3);
+  s[23] = h7 >> 5;
+  s[24] = h7 >> 13;
+  s[25] = (h7 >> 21) | (h8 << 4);
+  s[26] = h8 >> 4;
+  s[27] = h8 >> 12;
+  s[28] = (h8 >> 20) | (h9 << 6);
+  s[29] = h9 >> 2;
+  s[30] = h9 >> 10;
+  s[31] = h9 >> 18;
+}
+
+void fe_invert(fe out,fe z)
+{
+  fe t0;
+  fe t1;
+  fe t2;
+  fe t3;
+  int i;
+
+
+/* qhasm: fe z1 */
+
+/* qhasm: fe z2 */
+
+/* qhasm: fe z8 */
+
+/* qhasm: fe z9 */
+
+/* qhasm: fe z11 */
+
+/* qhasm: fe z22 */
+
+/* qhasm: fe z_5_0 */
+
+/* qhasm: fe z_10_5 */
+
+/* qhasm: fe z_10_0 */
+
+/* qhasm: fe z_20_10 */
+
+/* qhasm: fe z_20_0 */
+
+/* qhasm: fe z_40_20 */
+
+/* qhasm: fe z_40_0 */
+
+/* qhasm: fe z_50_10 */
+
+/* qhasm: fe z_50_0 */
+
+/* qhasm: fe z_100_50 */
+
+/* qhasm: fe z_100_0 */
+
+/* qhasm: fe z_200_100 */
+
+/* qhasm: fe z_200_0 */
+
+/* qhasm: fe z_250_50 */
+
+/* qhasm: fe z_250_0 */
+
+/* qhasm: fe z_255_5 */
+
+/* qhasm: fe z_255_21 */
+
+/* qhasm: enter pow225521 */
+
+/* qhasm: z2 = z1^2^1 */
+/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
+/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
+fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+
+/* qhasm: z8 = z2^2^2 */
+/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
+/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
+fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
+
+/* qhasm: z9 = z1*z8 */
+/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
+/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
+fe_mul(t1,z,t1);
+
+/* qhasm: z11 = z2*z9 */
+/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
+/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
+fe_mul(t0,t0,t1);
+
+/* qhasm: z22 = z11^2^1 */
+/* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
+/* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
+fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
+
+/* qhasm: z_5_0 = z9*z22 */
+/* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
+/* asm 2: fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
+fe_mul(t1,t1,t2);
+
+/* qhasm: z_10_5 = z_5_0^2^5 */
+/* asm 1: fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
+/* asm 2: fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t2,>z_10_5=t2); */
+fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
+
+/* qhasm: z_10_0 = z_10_5*z_5_0 */
+/* asm 1: fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
+/* asm 2: fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_20_10 = z_10_0^2^10 */
+/* asm 1: fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
+/* asm 2: fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t2,>z_20_10=t2); */
+fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
+
+/* qhasm: z_20_0 = z_20_10*z_10_0 */
+/* asm 1: fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
+/* asm 2: fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
+fe_mul(t2,t2,t1);
+
+/* qhasm: z_40_20 = z_20_0^2^20 */
+/* asm 1: fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
+/* asm 2: fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t3,>z_40_20=t3); */
+fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
+
+/* qhasm: z_40_0 = z_40_20*z_20_0 */
+/* asm 1: fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
+/* asm 2: fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
+fe_mul(t2,t3,t2);
+
+/* qhasm: z_50_10 = z_40_0^2^10 */
+/* asm 1: fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
+/* asm 2: fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t2,>z_50_10=t2); */
+fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
+
+/* qhasm: z_50_0 = z_50_10*z_10_0 */
+/* asm 1: fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
+/* asm 2: fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_100_50 = z_50_0^2^50 */
+/* asm 1: fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
+/* asm 2: fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t2,>z_100_50=t2); */
+fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
+
+/* qhasm: z_100_0 = z_100_50*z_50_0 */
+/* asm 1: fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
+/* asm 2: fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
+fe_mul(t2,t2,t1);
+
+/* qhasm: z_200_100 = z_100_0^2^100 */
+/* asm 1: fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
+/* asm 2: fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t3,>z_200_100=t3); */
+fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
+
+/* qhasm: z_200_0 = z_200_100*z_100_0 */
+/* asm 1: fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
+/* asm 2: fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
+fe_mul(t2,t3,t2);
+
+/* qhasm: z_250_50 = z_200_0^2^50 */
+/* asm 1: fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
+/* asm 2: fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t2,>z_250_50=t2); */
+fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
+
+/* qhasm: z_250_0 = z_250_50*z_50_0 */
+/* asm 1: fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
+/* asm 2: fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_255_5 = z_250_0^2^5 */
+/* asm 1: fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
+/* asm 2: fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_255_5=t1,>z_255_5=t1); */
+fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
+
+/* qhasm: z_255_21 = z_255_5*z11 */
+/* asm 1: fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
+/* asm 2: fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
+fe_mul(out,t1,t0);
+
+/* qhasm: return */
+
+  return;
+}
+
+
+int crypto_scalarmult_ref10(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  unsigned char e[32];
+  unsigned int i;
+  fe x1;
+  fe x2;
+  fe z2;
+  fe x3;
+  fe z3;
+  fe tmp0;
+  fe tmp1;
+  int pos;
+  unsigned int swap;
+  unsigned int b;
+
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  fe_frombytes(x1,p);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3,x1);
+  fe_1(z3);
+
+  swap = 0;
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    swap ^= b;
+    fe_cswap(x2,x3,swap);
+    fe_cswap(z2,z3,swap);
+    swap = b;
+/* qhasm: fe X2 */
+
+/* qhasm: fe Z2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe X4 */
+
+/* qhasm: fe Z4 */
+
+/* qhasm: fe X5 */
+
+/* qhasm: fe Z5 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: fe E */
+
+/* qhasm: fe AA */
+
+/* qhasm: fe BB */
+
+/* qhasm: fe DA */
+
+/* qhasm: fe CB */
+
+/* qhasm: fe t0 */
+
+/* qhasm: fe t1 */
+
+/* qhasm: fe t2 */
+
+/* qhasm: fe t3 */
+
+/* qhasm: fe t4 */
+
+/* qhasm: enter ladder */
+
+/* qhasm: D = X3-Z3 */
+/* asm 1: fe_sub(>D=fe#5,<X3=fe#3,<Z3=fe#4); */
+/* asm 2: fe_sub(>D=tmp0,<X3=x3,<Z3=z3); */
+fe_sub(tmp0,x3,z3);
+
+/* qhasm: B = X2-Z2 */
+/* asm 1: fe_sub(>B=fe#6,<X2=fe#1,<Z2=fe#2); */
+/* asm 2: fe_sub(>B=tmp1,<X2=x2,<Z2=z2); */
+fe_sub(tmp1,x2,z2);
+
+/* qhasm: A = X2+Z2 */
+/* asm 1: fe_add(>A=fe#1,<X2=fe#1,<Z2=fe#2); */
+/* asm 2: fe_add(>A=x2,<X2=x2,<Z2=z2); */
+fe_add(x2,x2,z2);
+
+/* qhasm: C = X3+Z3 */
+/* asm 1: fe_add(>C=fe#2,<X3=fe#3,<Z3=fe#4); */
+/* asm 2: fe_add(>C=z2,<X3=x3,<Z3=z3); */
+fe_add(z2,x3,z3);
+
+/* qhasm: DA = D*A */
+/* asm 1: fe_mul(>DA=fe#4,<D=fe#5,<A=fe#1); */
+/* asm 2: fe_mul(>DA=z3,<D=tmp0,<A=x2); */
+fe_mul(z3,tmp0,x2);
+
+/* qhasm: CB = C*B */
+/* asm 1: fe_mul(>CB=fe#2,<C=fe#2,<B=fe#6); */
+/* asm 2: fe_mul(>CB=z2,<C=z2,<B=tmp1); */
+fe_mul(z2,z2,tmp1);
+
+/* qhasm: BB = B^2 */
+/* asm 1: fe_sq(>BB=fe#5,<B=fe#6); */
+/* asm 2: fe_sq(>BB=tmp0,<B=tmp1); */
+fe_sq(tmp0,tmp1);
+
+/* qhasm: AA = A^2 */
+/* asm 1: fe_sq(>AA=fe#6,<A=fe#1); */
+/* asm 2: fe_sq(>AA=tmp1,<A=x2); */
+fe_sq(tmp1,x2);
+
+/* qhasm: t0 = DA+CB */
+/* asm 1: fe_add(>t0=fe#3,<DA=fe#4,<CB=fe#2); */
+/* asm 2: fe_add(>t0=x3,<DA=z3,<CB=z2); */
+fe_add(x3,z3,z2);
+
+/* qhasm: assign x3 to t0 */
+
+/* qhasm: t1 = DA-CB */
+/* asm 1: fe_sub(>t1=fe#2,<DA=fe#4,<CB=fe#2); */
+/* asm 2: fe_sub(>t1=z2,<DA=z3,<CB=z2); */
+fe_sub(z2,z3,z2);
+
+/* qhasm: X4 = AA*BB */
+/* asm 1: fe_mul(>X4=fe#1,<AA=fe#6,<BB=fe#5); */
+/* asm 2: fe_mul(>X4=x2,<AA=tmp1,<BB=tmp0); */
+fe_mul(x2,tmp1,tmp0);
+
+/* qhasm: E = AA-BB */
+/* asm 1: fe_sub(>E=fe#6,<AA=fe#6,<BB=fe#5); */
+/* asm 2: fe_sub(>E=tmp1,<AA=tmp1,<BB=tmp0); */
+fe_sub(tmp1,tmp1,tmp0);
+
+/* qhasm: t2 = t1^2 */
+/* asm 1: fe_sq(>t2=fe#2,<t1=fe#2); */
+/* asm 2: fe_sq(>t2=z2,<t1=z2); */
+fe_sq(z2,z2);
+
+/* qhasm: t3 = a24*E */
+/* asm 1: fe_mul121666(>t3=fe#4,<E=fe#6); */
+/* asm 2: fe_mul121666(>t3=z3,<E=tmp1); */
+fe_mul121666(z3,tmp1);
+
+/* qhasm: X5 = t0^2 */
+/* asm 1: fe_sq(>X5=fe#3,<t0=fe#3); */
+/* asm 2: fe_sq(>X5=x3,<t0=x3); */
+fe_sq(x3,x3);
+
+/* qhasm: t4 = BB+t3 */
+/* asm 1: fe_add(>t4=fe#5,<BB=fe#5,<t3=fe#4); */
+/* asm 2: fe_add(>t4=tmp0,<BB=tmp0,<t3=z3); */
+fe_add(tmp0,tmp0,z3);
+
+/* qhasm: Z5 = X1*t2 */
+/* asm 1: fe_mul(>Z5=fe#4,x1,<t2=fe#2); */
+/* asm 2: fe_mul(>Z5=z3,x1,<t2=z2); */
+fe_mul(z3,x1,z2);
+
+/* qhasm: Z4 = E*t4 */
+/* asm 1: fe_mul(>Z4=fe#2,<E=fe#6,<t4=fe#5); */
+/* asm 2: fe_mul(>Z4=z2,<E=tmp1,<t4=tmp0); */
+fe_mul(z2,tmp1,tmp0);
+
+/* qhasm: return */
+  }
+  fe_cswap(x2,x3,swap);
+  fe_cswap(z2,z3,swap);
+
+  fe_invert(z2,z2);
+  fe_mul(x2,x2,z2);
+  fe_tobytes(q,x2);
+  return 0;
+}
+
+static const unsigned char basepoint[32] = {9};
+
+int crypto_scalarmult_base_ref10(unsigned char *q,const unsigned char *n)
+{
+  return crypto_scalarmult_ref10(q,n,basepoint);
+}
+
diff --git a/src/ext/ed25519/donna/fuzz/curve25519-ref10.h b/src/ext/ed25519/donna/fuzz/curve25519-ref10.h
new file mode 100644
index 0000000000..fc005b509b
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/curve25519-ref10.h
@@ -0,0 +1,8 @@
+#ifndef CURVE25519_REF10_H
+#define CURVE25519_REF10_H
+
+int crypto_scalarmult_base_ref10(unsigned char *q,const unsigned char *n);
+int crypto_scalarmult_ref10(unsigned char *q, const unsigned char *n, const unsigned char *p);
+
+#endif /* CURVE25519_REF10_H */
+
diff --git a/src/ext/ed25519/donna/fuzz/ed25519-donna-sse2.c b/src/ext/ed25519/donna/fuzz/ed25519-donna-sse2.c
new file mode 100644
index 0000000000..ba47b1eb15
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/ed25519-donna-sse2.c
@@ -0,0 +1,3 @@
+#define ED25519_SUFFIX _sse2
+#define ED25519_SSE2
+#include "../ed25519.c"
diff --git a/src/ext/ed25519/donna/fuzz/ed25519-donna.c b/src/ext/ed25519/donna/fuzz/ed25519-donna.c
new file mode 100644
index 0000000000..45d03b65f5
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/ed25519-donna.c
@@ -0,0 +1 @@
+#include "../ed25519.c"
diff --git a/src/ext/ed25519/donna/fuzz/ed25519-donna.h b/src/ext/ed25519/donna/fuzz/ed25519-donna.h
new file mode 100644
index 0000000000..7cd72e3a26
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/ed25519-donna.h
@@ -0,0 +1,34 @@
+#ifndef ED25519_H
+#define ED25519_H
+
+#include <stdlib.h>
+
+typedef unsigned char ed25519_signature[64];
+typedef unsigned char ed25519_public_key[32];
+typedef unsigned char ed25519_secret_key[32];
+
+typedef unsigned char curved25519_key[32];
+
+void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
+int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
+void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
+
+int ed25519_sign_open_batch(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid);
+
+void ed25519_randombytes_unsafe(void *out, size_t count);
+
+void curved25519_scalarmult_basepoint(curved25519_key pk, const curved25519_key e);
+
+#if defined(ED25519_SSE2)
+void ed25519_publickey_sse2(const ed25519_secret_key sk, ed25519_public_key pk);
+int ed25519_sign_open_sse2(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
+void ed25519_sign_sse2(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
+
+int ed25519_sign_open_batch_sse2(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid);
+
+void ed25519_randombytes_unsafe_sse2(void *out, size_t count);
+
+void curved25519_scalarmult_basepoint_sse2(curved25519_key pk, const curved25519_key e);
+#endif
+
+#endif // ED25519_H
diff --git a/src/ext/ed25519/donna/fuzz/ed25519-ref10.c b/src/ext/ed25519/donna/fuzz/ed25519-ref10.c
new file mode 100644
index 0000000000..a8e802df29
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/ed25519-ref10.c
@@ -0,0 +1,4647 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+
+static int crypto_verify_32(const unsigned char *x,const unsigned char *y)
+{
+  unsigned int differentbits = 0;
+#define F(i) differentbits |= x[i] ^ y[i];
+  F(0)
+  F(1)
+  F(2)
+  F(3)
+  F(4)
+  F(5)
+  F(6)
+  F(7)
+  F(8)
+  F(9)
+  F(10)
+  F(11)
+  F(12)
+  F(13)
+  F(14)
+  F(15)
+  F(16)
+  F(17)
+  F(18)
+  F(19)
+  F(20)
+  F(21)
+  F(22)
+  F(23)
+  F(24)
+  F(25)
+  F(26)
+  F(27)
+  F(28)
+  F(29)
+  F(30)
+  F(31)
+  return (1 & ((differentbits - 1) >> 8)) - 1;
+}
+
+#if defined(ED25519_REFHASH)
+
+/* reference/slow SHA-512. really, do not use this */
+
+#define HASH_BLOCK_SIZE 128
+#define HASH_DIGEST_SIZE 64
+
+typedef struct sha512_state_t {
+	uint64_t H[8];
+	uint64_t T[2];
+	uint32_t leftover;
+	uint8_t buffer[HASH_BLOCK_SIZE];
+} sha512_state;
+
+typedef sha512_state ed25519_hash_context;
+
+static const uint64_t sha512_constants[80] = {
+	0x428a2f98d728ae22ull, 0x7137449123ef65cdull, 0xb5c0fbcfec4d3b2full, 0xe9b5dba58189dbbcull,
+	0x3956c25bf348b538ull, 0x59f111f1b605d019ull, 0x923f82a4af194f9bull, 0xab1c5ed5da6d8118ull,
+	0xd807aa98a3030242ull, 0x12835b0145706fbeull, 0x243185be4ee4b28cull, 0x550c7dc3d5ffb4e2ull,
+	0x72be5d74f27b896full, 0x80deb1fe3b1696b1ull, 0x9bdc06a725c71235ull, 0xc19bf174cf692694ull,
+	0xe49b69c19ef14ad2ull, 0xefbe4786384f25e3ull, 0x0fc19dc68b8cd5b5ull, 0x240ca1cc77ac9c65ull,
+	0x2de92c6f592b0275ull, 0x4a7484aa6ea6e483ull, 0x5cb0a9dcbd41fbd4ull, 0x76f988da831153b5ull,
+	0x983e5152ee66dfabull, 0xa831c66d2db43210ull, 0xb00327c898fb213full, 0xbf597fc7beef0ee4ull,
+	0xc6e00bf33da88fc2ull, 0xd5a79147930aa725ull, 0x06ca6351e003826full, 0x142929670a0e6e70ull,
+	0x27b70a8546d22ffcull, 0x2e1b21385c26c926ull, 0x4d2c6dfc5ac42aedull, 0x53380d139d95b3dfull,
+	0x650a73548baf63deull, 0x766a0abb3c77b2a8ull, 0x81c2c92e47edaee6ull, 0x92722c851482353bull,
+	0xa2bfe8a14cf10364ull, 0xa81a664bbc423001ull, 0xc24b8b70d0f89791ull, 0xc76c51a30654be30ull,
+	0xd192e819d6ef5218ull, 0xd69906245565a910ull, 0xf40e35855771202aull, 0x106aa07032bbd1b8ull,
+	0x19a4c116b8d2d0c8ull, 0x1e376c085141ab53ull, 0x2748774cdf8eeb99ull, 0x34b0bcb5e19b48a8ull,
+	0x391c0cb3c5c95a63ull, 0x4ed8aa4ae3418acbull, 0x5b9cca4f7763e373ull, 0x682e6ff3d6b2b8a3ull,
+	0x748f82ee5defb2fcull, 0x78a5636f43172f60ull, 0x84c87814a1f0ab72ull, 0x8cc702081a6439ecull,
+	0x90befffa23631e28ull, 0xa4506cebde82bde9ull, 0xbef9a3f7b2c67915ull, 0xc67178f2e372532bull,
+	0xca273eceea26619cull, 0xd186b8c721c0c207ull, 0xeada7dd6cde0eb1eull, 0xf57d4f7fee6ed178ull,
+	0x06f067aa72176fbaull, 0x0a637dc5a2c898a6ull, 0x113f9804bef90daeull, 0x1b710b35131c471bull,
+	0x28db77f523047d84ull, 0x32caab7b40c72493ull, 0x3c9ebe0a15c9bebcull, 0x431d67c49c100d4cull,
+	0x4cc5d4becb3e42b6ull, 0x597f299cfc657e2aull, 0x5fcb6fab3ad6faecull, 0x6c44198c4a475817ull
+};
+
+static uint64_t
+sha512_ROTR64(uint64_t x, int k) {
+	return (x >> k) | (x << (64 - k));
+}
+
+static uint64_t
+sha512_LOAD64_BE(const uint8_t *p) {
+	return 
+		((uint64_t)p[0] << 56) |
+		((uint64_t)p[1] << 48) |
+		((uint64_t)p[2] << 40) |
+		((uint64_t)p[3] << 32) |
+		((uint64_t)p[4] << 24) |
+		((uint64_t)p[5] << 16) |
+		((uint64_t)p[6] <<  8) |
+		((uint64_t)p[7]      );
+}
+
+static void
+sha512_STORE64_BE(uint8_t *p, uint64_t v) {
+	p[0] = (uint8_t)(v >> 56);
+	p[1] = (uint8_t)(v >> 48);
+	p[2] = (uint8_t)(v >> 40);
+	p[3] = (uint8_t)(v >> 32);
+	p[4] = (uint8_t)(v >> 24);
+	p[5] = (uint8_t)(v >> 16);
+	p[6] = (uint8_t)(v >>  8);
+	p[7] = (uint8_t)(v      );
+}
+
+#define Ch(x,y,z)  (z ^ (x & (y ^ z)))
+#define Maj(x,y,z) (((x | y) & z) | (x & y))
+#define S0(x)      (sha512_ROTR64(x, 28) ^ sha512_ROTR64(x, 34) ^ sha512_ROTR64(x, 39))
+#define S1(x)      (sha512_ROTR64(x, 14) ^ sha512_ROTR64(x, 18) ^ sha512_ROTR64(x, 41))
+#define G0(x)      (sha512_ROTR64(x,  1) ^ sha512_ROTR64(x,  8) ^ (x >>  7))
+#define G1(x)      (sha512_ROTR64(x, 19) ^ sha512_ROTR64(x, 61) ^ (x >>  6))
+#define W0(in,i)   (sha512_LOAD64_BE(&in[i * 8]))
+#define W1(i)      (G1(w[i - 2]) + w[i - 7] + G0(w[i - 15]) + w[i - 16])
+#define STEP(i) \
+	t1 = S0(r[0]) + Maj(r[0], r[1], r[2]); \
+	t0 = r[7] + S1(r[4]) + Ch(r[4], r[5], r[6]) + sha512_constants[i] + w[i]; \
+	r[7] = r[6]; \
+	r[6] = r[5]; \
+	r[5] = r[4]; \
+	r[4] = r[3] + t0; \
+	r[3] = r[2]; \
+	r[2] = r[1]; \
+	r[1] = r[0]; \
+	r[0] = t0 + t1;
+
+static void
+sha512_blocks(sha512_state *S, const uint8_t *in, size_t blocks) {
+	uint64_t r[8], w[80], t0, t1;
+	size_t i;
+
+	for (i = 0; i < 8; i++) r[i] = S->H[i];
+
+	while (blocks--) {
+		for (i =  0; i < 16; i++) { w[i] = W0(in, i); }
+		for (i = 16; i < 80; i++) { w[i] = W1(i); }
+		for (i =  0; i < 80; i++) { STEP(i); }
+		for (i =  0; i <  8; i++) { r[i] += S->H[i]; S->H[i] = r[i]; }
+		S->T[0] += HASH_BLOCK_SIZE * 8;
+		S->T[1] += (!S->T[0]) ? 1 : 0;
+		in += HASH_BLOCK_SIZE;
+	}
+}
+
+static void
+ed25519_hash_init(sha512_state *S) {
+	S->H[0] = 0x6a09e667f3bcc908ull;
+	S->H[1] = 0xbb67ae8584caa73bull;
+	S->H[2] = 0x3c6ef372fe94f82bull;
+	S->H[3] = 0xa54ff53a5f1d36f1ull;
+	S->H[4] = 0x510e527fade682d1ull;
+	S->H[5] = 0x9b05688c2b3e6c1full;
+	S->H[6] = 0x1f83d9abfb41bd6bull;
+	S->H[7] = 0x5be0cd19137e2179ull;
+	S->T[0] = 0;
+	S->T[1] = 0;
+	S->leftover = 0;
+}
+
+static void
+ed25519_hash_update(sha512_state *S, const uint8_t *in, size_t inlen) {
+	size_t blocks, want;
+
+	/* handle the previous data */
+	if (S->leftover) {
+		want = (HASH_BLOCK_SIZE - S->leftover);
+		want = (want < inlen) ? want : inlen;
+		memcpy(S->buffer + S->leftover, in, want);
+		S->leftover += (uint32_t)want;
+		if (S->leftover < HASH_BLOCK_SIZE)
+			return;
+		in += want;
+		inlen -= want;
+		sha512_blocks(S, S->buffer, 1);
+	}
+
+	/* handle the current data */
+	blocks = (inlen & ~(HASH_BLOCK_SIZE - 1));
+	S->leftover = (uint32_t)(inlen - blocks);
+	if (blocks) {
+		sha512_blocks(S, in, blocks / HASH_BLOCK_SIZE);
+		in += blocks;
+	}
+
+	/* handle leftover data */
+	if (S->leftover)
+		memcpy(S->buffer, in, S->leftover);
+}
+
+static void
+ed25519_hash_final(sha512_state *S, uint8_t *hash) {
+	uint64_t t0 = S->T[0] + (S->leftover * 8), t1 = S->T[1];
+
+	S->buffer[S->leftover] = 0x80;
+	if (S->leftover <= 111) {
+		memset(S->buffer + S->leftover + 1, 0, 111 - S->leftover);
+	} else {
+		memset(S->buffer + S->leftover + 1, 0, 127 - S->leftover);
+		sha512_blocks(S, S->buffer, 1);
+		memset(S->buffer, 0, 112);
+	}
+
+	sha512_STORE64_BE(S->buffer + 112, t1);
+	sha512_STORE64_BE(S->buffer + 120, t0);
+	sha512_blocks(S, S->buffer, 1);
+
+	sha512_STORE64_BE(&hash[ 0], S->H[0]);
+	sha512_STORE64_BE(&hash[ 8], S->H[1]);
+	sha512_STORE64_BE(&hash[16], S->H[2]);
+	sha512_STORE64_BE(&hash[24], S->H[3]);
+	sha512_STORE64_BE(&hash[32], S->H[4]);
+	sha512_STORE64_BE(&hash[40], S->H[5]);
+	sha512_STORE64_BE(&hash[48], S->H[6]);
+	sha512_STORE64_BE(&hash[56], S->H[7]);
+}
+
+static void
+crypto_hash_sha512(unsigned char *hash, const unsigned char *in, size_t inlen) {
+	ed25519_hash_context ctx;
+	ed25519_hash_init(&ctx);
+	ed25519_hash_update(&ctx, in, inlen);
+	ed25519_hash_final(&ctx, hash);
+}
+
+#else
+
+#include <openssl/sha.h>
+
+static void
+crypto_hash_sha512(unsigned char *hash, const unsigned char *in, size_t inlen) {
+	SHA512(in, inlen, hash);
+}
+
+#endif
+
+
+
+
+typedef int32_t crypto_int32;
+typedef uint32_t crypto_uint32;
+typedef int64_t crypto_int64;
+typedef uint64_t crypto_uint64;
+
+typedef crypto_int32 fe[10];
+
+/*
+h = 0
+*/
+
+static void fe_0(fe h)
+{
+  h[0] = 0;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
+
+/*
+h = 1
+*/
+
+static void fe_1(fe h)
+{
+  h[0] = 1;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
+
+/*
+h = f + g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+static void fe_add(fe h,const fe f,const fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 + g0;
+  crypto_int32 h1 = f1 + g1;
+  crypto_int32 h2 = f2 + g2;
+  crypto_int32 h3 = f3 + g3;
+  crypto_int32 h4 = f4 + g4;
+  crypto_int32 h5 = f5 + g5;
+  crypto_int32 h6 = f6 + g6;
+  crypto_int32 h7 = f7 + g7;
+  crypto_int32 h8 = f8 + g8;
+  crypto_int32 h9 = f9 + g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+
+/*
+Replace (f,g) with (g,g) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+
+Preconditions: b in {0,1}.
+*/
+
+static void fe_cmov(fe f,const fe g,unsigned int b)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 x0 = f0 ^ g0;
+  crypto_int32 x1 = f1 ^ g1;
+  crypto_int32 x2 = f2 ^ g2;
+  crypto_int32 x3 = f3 ^ g3;
+  crypto_int32 x4 = f4 ^ g4;
+  crypto_int32 x5 = f5 ^ g5;
+  crypto_int32 x6 = f6 ^ g6;
+  crypto_int32 x7 = f7 ^ g7;
+  crypto_int32 x8 = f8 ^ g8;
+  crypto_int32 x9 = f9 ^ g9;
+  b = -b;
+  x0 &= b;
+  x1 &= b;
+  x2 &= b;
+  x3 &= b;
+  x4 &= b;
+  x5 &= b;
+  x6 &= b;
+  x7 &= b;
+  x8 &= b;
+  x9 &= b;
+  f[0] = f0 ^ x0;
+  f[1] = f1 ^ x1;
+  f[2] = f2 ^ x2;
+  f[3] = f3 ^ x3;
+  f[4] = f4 ^ x4;
+  f[5] = f5 ^ x5;
+  f[6] = f6 ^ x6;
+  f[7] = f7 ^ x7;
+  f[8] = f8 ^ x8;
+  f[9] = f9 ^ x9;
+}
+
+
+/*
+h = f
+*/
+
+static void fe_copy(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  h[0] = f0;
+  h[1] = f1;
+  h[2] = f2;
+  h[3] = f3;
+  h[4] = f4;
+  h[5] = f5;
+  h[6] = f6;
+  h[7] = f7;
+  h[8] = f8;
+  h[9] = f9;
+}
+
+
+static crypto_uint64 load_3(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  return result;
+}
+
+static crypto_uint64 load_4(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  result |= ((crypto_uint64) in[3]) << 24;
+  return result;
+}
+
+/*
+Ignores top bit of h.
+*/
+
+static void fe_frombytes(fe h,const unsigned char *s)
+{
+  crypto_int64 h0 = load_4(s);
+  crypto_int64 h1 = load_3(s + 4) << 6;
+  crypto_int64 h2 = load_3(s + 7) << 5;
+  crypto_int64 h3 = load_3(s + 10) << 3;
+  crypto_int64 h4 = load_3(s + 13) << 2;
+  crypto_int64 h5 = load_4(s + 16);
+  crypto_int64 h6 = load_3(s + 20) << 7;
+  crypto_int64 h7 = load_3(s + 23) << 5;
+  crypto_int64 h8 = load_3(s + 26) << 4;
+  crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+Preconditions:
+  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+
+Write p=2^255-19; q=floor(h/p).
+Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+
+Proof:
+  Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+  Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
+
+  Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+  Then 0<y<1.
+
+  Write r=h-pq.
+  Have 0<=r<=p-1=2^255-20.
+  Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+
+  Write x=r+19(2^-255)r+y.
+  Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+
+  Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+  so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+*/
+
+static void fe_tobytes(unsigned char *s,const fe h)
+{
+  crypto_int32 h0 = h[0];
+  crypto_int32 h1 = h[1];
+  crypto_int32 h2 = h[2];
+  crypto_int32 h3 = h[3];
+  crypto_int32 h4 = h[4];
+  crypto_int32 h5 = h[5];
+  crypto_int32 h6 = h[6];
+  crypto_int32 h7 = h[7];
+  crypto_int32 h8 = h[8];
+  crypto_int32 h9 = h[9];
+  crypto_int32 q;
+  crypto_int32 carry0;
+  crypto_int32 carry1;
+  crypto_int32 carry2;
+  crypto_int32 carry3;
+  crypto_int32 carry4;
+  crypto_int32 carry5;
+  crypto_int32 carry6;
+  crypto_int32 carry7;
+  crypto_int32 carry8;
+  crypto_int32 carry9;
+
+  q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
+  q = (h0 + q) >> 26;
+  q = (h1 + q) >> 25;
+  q = (h2 + q) >> 26;
+  q = (h3 + q) >> 25;
+  q = (h4 + q) >> 26;
+  q = (h5 + q) >> 25;
+  q = (h6 + q) >> 26;
+  q = (h7 + q) >> 25;
+  q = (h8 + q) >> 26;
+  q = (h9 + q) >> 25;
+
+  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+  h0 += 19 * q;
+  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+  carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
+  carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
+  carry9 = h9 >> 25;               h9 -= carry9 << 25;
+                  /* h10 = carry9 */
+
+  /*
+  Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+  Have h0+...+2^230 h9 between 0 and 2^255-1;
+  evidently 2^255 h10-2^255 q = 0.
+  Goal: Output h0+...+2^230 h9.
+  */
+
+  s[0] = h0 >> 0;
+  s[1] = h0 >> 8;
+  s[2] = h0 >> 16;
+  s[3] = (h0 >> 24) | (h1 << 2);
+  s[4] = h1 >> 6;
+  s[5] = h1 >> 14;
+  s[6] = (h1 >> 22) | (h2 << 3);
+  s[7] = h2 >> 5;
+  s[8] = h2 >> 13;
+  s[9] = (h2 >> 21) | (h3 << 5);
+  s[10] = h3 >> 3;
+  s[11] = h3 >> 11;
+  s[12] = (h3 >> 19) | (h4 << 6);
+  s[13] = h4 >> 2;
+  s[14] = h4 >> 10;
+  s[15] = h4 >> 18;
+  s[16] = h5 >> 0;
+  s[17] = h5 >> 8;
+  s[18] = h5 >> 16;
+  s[19] = (h5 >> 24) | (h6 << 1);
+  s[20] = h6 >> 7;
+  s[21] = h6 >> 15;
+  s[22] = (h6 >> 23) | (h7 << 3);
+  s[23] = h7 >> 5;
+  s[24] = h7 >> 13;
+  s[25] = (h7 >> 21) | (h8 << 4);
+  s[26] = h8 >> 4;
+  s[27] = h8 >> 12;
+  s[28] = (h8 >> 20) | (h9 << 6);
+  s[29] = h9 >> 2;
+  s[30] = h9 >> 10;
+  s[31] = h9 >> 18;
+}
+
+
+/*
+h = f - g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+static void fe_sub(fe h,const fe f,const fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 - g0;
+  crypto_int32 h1 = f1 - g1;
+  crypto_int32 h2 = f2 - g2;
+  crypto_int32 h3 = f3 - g3;
+  crypto_int32 h4 = f4 - g4;
+  crypto_int32 h5 = f5 - g5;
+  crypto_int32 h6 = f6 - g6;
+  crypto_int32 h7 = f7 - g7;
+  crypto_int32 h8 = f8 - g8;
+  crypto_int32 h9 = f9 - g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+
+/*
+h = f * f
+Can overlap h with f.
+
+Preconditions:
+   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+*/
+
+/*
+See fe_mul.c for discussion of implementation strategy.
+*/
+
+static void fe_sq(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 f0_2 = 2 * f0;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f2_2 = 2 * f2;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f4_2 = 2 * f4;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f6_2 = 2 * f6;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
+  crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
+  crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
+  crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
+  crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
+  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
+  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
+  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
+  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
+  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
+  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
+  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
+  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
+  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
+  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
+  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
+  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
+  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
+  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
+  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
+  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
+  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
+  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
+  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
+  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
+  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
+  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
+  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
+  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
+  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
+  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
+  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
+  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
+  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
+  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
+  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
+  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
+  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
+  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
+  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
+  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
+  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
+  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
+  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
+  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
+  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
+  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
+  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
+  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
+  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
+  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
+  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
+  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
+  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
+  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
+  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
+  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
+  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
+  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
+  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
+  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+h = 2 * f * f
+Can overlap h with f.
+
+Preconditions:
+   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+*/
+
+/*
+See fe_mul.c for discussion of implementation strategy.
+*/
+
+static void fe_sq2(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 f0_2 = 2 * f0;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f2_2 = 2 * f2;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f4_2 = 2 * f4;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f6_2 = 2 * f6;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
+  crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
+  crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
+  crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
+  crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
+  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
+  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
+  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
+  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
+  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
+  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
+  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
+  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
+  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
+  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
+  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
+  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
+  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
+  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
+  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
+  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
+  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
+  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
+  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
+  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
+  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
+  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
+  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
+  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
+  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
+  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
+  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
+  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
+  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
+  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
+  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
+  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
+  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
+  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
+  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
+  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
+  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
+  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
+  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
+  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
+  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
+  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
+  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
+  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
+  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
+  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
+  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
+  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
+  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
+  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
+  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
+  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
+  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
+  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
+  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
+  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  h0 += h0;
+  h1 += h1;
+  h2 += h2;
+  h3 += h3;
+  h4 += h4;
+  h5 += h5;
+  h6 += h6;
+  h7 += h7;
+  h8 += h8;
+  h9 += h9;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+/*
+h = f * g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+   |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+*/
+
+/*
+Notes on implementation strategy:
+
+Using schoolbook multiplication.
+Karatsuba would save a little in some cost models.
+
+Most multiplications by 2 and 19 are 32-bit precomputations;
+cheaper than 64-bit postcomputations.
+
+There is one remaining multiplication by 19 in the carry chain;
+one *19 precomputation can be merged into this,
+but the resulting data flow is considerably less clean.
+
+There are 12 carries below.
+10 of them are 2-way parallelizable and vectorizable.
+Can get away with 11 carries, but then data flow is much deeper.
+
+With tighter constraints on inputs can squeeze carries into int32.
+*/
+
+static void fe_mul(fe h,const fe f,const fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 g1_19 = 19 * g1; /* 1.959375*2^29 */
+  crypto_int32 g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+  crypto_int32 g3_19 = 19 * g3;
+  crypto_int32 g4_19 = 19 * g4;
+  crypto_int32 g5_19 = 19 * g5;
+  crypto_int32 g6_19 = 19 * g6;
+  crypto_int32 g7_19 = 19 * g7;
+  crypto_int32 g8_19 = 19 * g8;
+  crypto_int32 g9_19 = 19 * g9;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f9_2 = 2 * f9;
+  crypto_int64 f0g0    = f0   * (crypto_int64) g0;
+  crypto_int64 f0g1    = f0   * (crypto_int64) g1;
+  crypto_int64 f0g2    = f0   * (crypto_int64) g2;
+  crypto_int64 f0g3    = f0   * (crypto_int64) g3;
+  crypto_int64 f0g4    = f0   * (crypto_int64) g4;
+  crypto_int64 f0g5    = f0   * (crypto_int64) g5;
+  crypto_int64 f0g6    = f0   * (crypto_int64) g6;
+  crypto_int64 f0g7    = f0   * (crypto_int64) g7;
+  crypto_int64 f0g8    = f0   * (crypto_int64) g8;
+  crypto_int64 f0g9    = f0   * (crypto_int64) g9;
+  crypto_int64 f1g0    = f1   * (crypto_int64) g0;
+  crypto_int64 f1g1_2  = f1_2 * (crypto_int64) g1;
+  crypto_int64 f1g2    = f1   * (crypto_int64) g2;
+  crypto_int64 f1g3_2  = f1_2 * (crypto_int64) g3;
+  crypto_int64 f1g4    = f1   * (crypto_int64) g4;
+  crypto_int64 f1g5_2  = f1_2 * (crypto_int64) g5;
+  crypto_int64 f1g6    = f1   * (crypto_int64) g6;
+  crypto_int64 f1g7_2  = f1_2 * (crypto_int64) g7;
+  crypto_int64 f1g8    = f1   * (crypto_int64) g8;
+  crypto_int64 f1g9_38 = f1_2 * (crypto_int64) g9_19;
+  crypto_int64 f2g0    = f2   * (crypto_int64) g0;
+  crypto_int64 f2g1    = f2   * (crypto_int64) g1;
+  crypto_int64 f2g2    = f2   * (crypto_int64) g2;
+  crypto_int64 f2g3    = f2   * (crypto_int64) g3;
+  crypto_int64 f2g4    = f2   * (crypto_int64) g4;
+  crypto_int64 f2g5    = f2   * (crypto_int64) g5;
+  crypto_int64 f2g6    = f2   * (crypto_int64) g6;
+  crypto_int64 f2g7    = f2   * (crypto_int64) g7;
+  crypto_int64 f2g8_19 = f2   * (crypto_int64) g8_19;
+  crypto_int64 f2g9_19 = f2   * (crypto_int64) g9_19;
+  crypto_int64 f3g0    = f3   * (crypto_int64) g0;
+  crypto_int64 f3g1_2  = f3_2 * (crypto_int64) g1;
+  crypto_int64 f3g2    = f3   * (crypto_int64) g2;
+  crypto_int64 f3g3_2  = f3_2 * (crypto_int64) g3;
+  crypto_int64 f3g4    = f3   * (crypto_int64) g4;
+  crypto_int64 f3g5_2  = f3_2 * (crypto_int64) g5;
+  crypto_int64 f3g6    = f3   * (crypto_int64) g6;
+  crypto_int64 f3g7_38 = f3_2 * (crypto_int64) g7_19;
+  crypto_int64 f3g8_19 = f3   * (crypto_int64) g8_19;
+  crypto_int64 f3g9_38 = f3_2 * (crypto_int64) g9_19;
+  crypto_int64 f4g0    = f4   * (crypto_int64) g0;
+  crypto_int64 f4g1    = f4   * (crypto_int64) g1;
+  crypto_int64 f4g2    = f4   * (crypto_int64) g2;
+  crypto_int64 f4g3    = f4   * (crypto_int64) g3;
+  crypto_int64 f4g4    = f4   * (crypto_int64) g4;
+  crypto_int64 f4g5    = f4   * (crypto_int64) g5;
+  crypto_int64 f4g6_19 = f4   * (crypto_int64) g6_19;
+  crypto_int64 f4g7_19 = f4   * (crypto_int64) g7_19;
+  crypto_int64 f4g8_19 = f4   * (crypto_int64) g8_19;
+  crypto_int64 f4g9_19 = f4   * (crypto_int64) g9_19;
+  crypto_int64 f5g0    = f5   * (crypto_int64) g0;
+  crypto_int64 f5g1_2  = f5_2 * (crypto_int64) g1;
+  crypto_int64 f5g2    = f5   * (crypto_int64) g2;
+  crypto_int64 f5g3_2  = f5_2 * (crypto_int64) g3;
+  crypto_int64 f5g4    = f5   * (crypto_int64) g4;
+  crypto_int64 f5g5_38 = f5_2 * (crypto_int64) g5_19;
+  crypto_int64 f5g6_19 = f5   * (crypto_int64) g6_19;
+  crypto_int64 f5g7_38 = f5_2 * (crypto_int64) g7_19;
+  crypto_int64 f5g8_19 = f5   * (crypto_int64) g8_19;
+  crypto_int64 f5g9_38 = f5_2 * (crypto_int64) g9_19;
+  crypto_int64 f6g0    = f6   * (crypto_int64) g0;
+  crypto_int64 f6g1    = f6   * (crypto_int64) g1;
+  crypto_int64 f6g2    = f6   * (crypto_int64) g2;
+  crypto_int64 f6g3    = f6   * (crypto_int64) g3;
+  crypto_int64 f6g4_19 = f6   * (crypto_int64) g4_19;
+  crypto_int64 f6g5_19 = f6   * (crypto_int64) g5_19;
+  crypto_int64 f6g6_19 = f6   * (crypto_int64) g6_19;
+  crypto_int64 f6g7_19 = f6   * (crypto_int64) g7_19;
+  crypto_int64 f6g8_19 = f6   * (crypto_int64) g8_19;
+  crypto_int64 f6g9_19 = f6   * (crypto_int64) g9_19;
+  crypto_int64 f7g0    = f7   * (crypto_int64) g0;
+  crypto_int64 f7g1_2  = f7_2 * (crypto_int64) g1;
+  crypto_int64 f7g2    = f7   * (crypto_int64) g2;
+  crypto_int64 f7g3_38 = f7_2 * (crypto_int64) g3_19;
+  crypto_int64 f7g4_19 = f7   * (crypto_int64) g4_19;
+  crypto_int64 f7g5_38 = f7_2 * (crypto_int64) g5_19;
+  crypto_int64 f7g6_19 = f7   * (crypto_int64) g6_19;
+  crypto_int64 f7g7_38 = f7_2 * (crypto_int64) g7_19;
+  crypto_int64 f7g8_19 = f7   * (crypto_int64) g8_19;
+  crypto_int64 f7g9_38 = f7_2 * (crypto_int64) g9_19;
+  crypto_int64 f8g0    = f8   * (crypto_int64) g0;
+  crypto_int64 f8g1    = f8   * (crypto_int64) g1;
+  crypto_int64 f8g2_19 = f8   * (crypto_int64) g2_19;
+  crypto_int64 f8g3_19 = f8   * (crypto_int64) g3_19;
+  crypto_int64 f8g4_19 = f8   * (crypto_int64) g4_19;
+  crypto_int64 f8g5_19 = f8   * (crypto_int64) g5_19;
+  crypto_int64 f8g6_19 = f8   * (crypto_int64) g6_19;
+  crypto_int64 f8g7_19 = f8   * (crypto_int64) g7_19;
+  crypto_int64 f8g8_19 = f8   * (crypto_int64) g8_19;
+  crypto_int64 f8g9_19 = f8   * (crypto_int64) g9_19;
+  crypto_int64 f9g0    = f9   * (crypto_int64) g0;
+  crypto_int64 f9g1_38 = f9_2 * (crypto_int64) g1_19;
+  crypto_int64 f9g2_19 = f9   * (crypto_int64) g2_19;
+  crypto_int64 f9g3_38 = f9_2 * (crypto_int64) g3_19;
+  crypto_int64 f9g4_19 = f9   * (crypto_int64) g4_19;
+  crypto_int64 f9g5_38 = f9_2 * (crypto_int64) g5_19;
+  crypto_int64 f9g6_19 = f9   * (crypto_int64) g6_19;
+  crypto_int64 f9g7_38 = f9_2 * (crypto_int64) g7_19;
+  crypto_int64 f9g8_19 = f9   * (crypto_int64) g8_19;
+  crypto_int64 f9g9_38 = f9_2 * (crypto_int64) g9_19;
+  crypto_int64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
+  crypto_int64 h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
+  crypto_int64 h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
+  crypto_int64 h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
+  crypto_int64 h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
+  crypto_int64 h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
+  crypto_int64 h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
+  crypto_int64 h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
+  crypto_int64 h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
+  crypto_int64 h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  /*
+  |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+    i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+  |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+    i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
+  */
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  /* |h0| <= 2^25 */
+  /* |h4| <= 2^25 */
+  /* |h1| <= 1.71*2^59 */
+  /* |h5| <= 1.71*2^59 */
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  /* |h1| <= 2^24; from now on fits into int32 */
+  /* |h5| <= 2^24; from now on fits into int32 */
+  /* |h2| <= 1.41*2^60 */
+  /* |h6| <= 1.41*2^60 */
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  /* |h2| <= 2^25; from now on fits into int32 unchanged */
+  /* |h6| <= 2^25; from now on fits into int32 unchanged */
+  /* |h3| <= 1.71*2^59 */
+  /* |h7| <= 1.71*2^59 */
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+  /* |h3| <= 2^24; from now on fits into int32 unchanged */
+  /* |h7| <= 2^24; from now on fits into int32 unchanged */
+  /* |h4| <= 1.72*2^34 */
+  /* |h8| <= 1.41*2^60 */
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+  /* |h4| <= 2^25; from now on fits into int32 unchanged */
+  /* |h8| <= 2^25; from now on fits into int32 unchanged */
+  /* |h5| <= 1.01*2^24 */
+  /* |h9| <= 1.71*2^59 */
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  /* |h9| <= 2^24; from now on fits into int32 unchanged */
+  /* |h0| <= 1.1*2^39 */
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  /* |h0| <= 2^25; from now on fits into int32 unchanged */
+  /* |h1| <= 1.01*2^24 */
+
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+
+/*
+return 1 if f is in {1,3,5,...,q-2}
+return 0 if f is in {0,2,4,...,q-1}
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+static int fe_isnegative(const fe f)
+{
+  unsigned char s[32];
+  fe_tobytes(s,f);
+  return s[0] & 1;
+}
+
+
+/*
+return 1 if f == 0
+return 0 if f != 0
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+static const unsigned char zero[32] = {0};
+
+static int fe_isnonzero(const fe f)
+{
+  unsigned char s[32];
+  fe_tobytes(s,f);
+  return crypto_verify_32(s,zero);
+}
+
+/*
+h = -f
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+*/
+
+static void fe_neg(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 h0 = -f0;
+  crypto_int32 h1 = -f1;
+  crypto_int32 h2 = -f2;
+  crypto_int32 h3 = -f3;
+  crypto_int32 h4 = -f4;
+  crypto_int32 h5 = -f5;
+  crypto_int32 h6 = -f6;
+  crypto_int32 h7 = -f7;
+  crypto_int32 h8 = -f8;
+  crypto_int32 h9 = -f9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+static void fe_invert(fe out,const fe z)
+{
+  fe t0;
+  fe t1;
+  fe t2;
+  fe t3;
+  int i;
+
+
+/* qhasm: fe z1 */
+
+/* qhasm: fe z2 */
+
+/* qhasm: fe z8 */
+
+/* qhasm: fe z9 */
+
+/* qhasm: fe z11 */
+
+/* qhasm: fe z22 */
+
+/* qhasm: fe z_5_0 */
+
+/* qhasm: fe z_10_5 */
+
+/* qhasm: fe z_10_0 */
+
+/* qhasm: fe z_20_10 */
+
+/* qhasm: fe z_20_0 */
+
+/* qhasm: fe z_40_20 */
+
+/* qhasm: fe z_40_0 */
+
+/* qhasm: fe z_50_10 */
+
+/* qhasm: fe z_50_0 */
+
+/* qhasm: fe z_100_50 */
+
+/* qhasm: fe z_100_0 */
+
+/* qhasm: fe z_200_100 */
+
+/* qhasm: fe z_200_0 */
+
+/* qhasm: fe z_250_50 */
+
+/* qhasm: fe z_250_0 */
+
+/* qhasm: fe z_255_5 */
+
+/* qhasm: fe z_255_21 */
+
+/* qhasm: enter pow225521 */
+
+/* qhasm: z2 = z1^2^1 */
+/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
+/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
+fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+
+/* qhasm: z8 = z2^2^2 */
+/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
+/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
+fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
+
+/* qhasm: z9 = z1*z8 */
+/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
+/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
+fe_mul(t1,z,t1);
+
+/* qhasm: z11 = z2*z9 */
+/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
+/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
+fe_mul(t0,t0,t1);
+
+/* qhasm: z22 = z11^2^1 */
+/* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
+/* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
+fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
+
+/* qhasm: z_5_0 = z9*z22 */
+/* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
+/* asm 2: fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
+fe_mul(t1,t1,t2);
+
+/* qhasm: z_10_5 = z_5_0^2^5 */
+/* asm 1: fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
+/* asm 2: fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t2,>z_10_5=t2); */
+fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
+
+/* qhasm: z_10_0 = z_10_5*z_5_0 */
+/* asm 1: fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
+/* asm 2: fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_20_10 = z_10_0^2^10 */
+/* asm 1: fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
+/* asm 2: fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t2,>z_20_10=t2); */
+fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
+
+/* qhasm: z_20_0 = z_20_10*z_10_0 */
+/* asm 1: fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
+/* asm 2: fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
+fe_mul(t2,t2,t1);
+
+/* qhasm: z_40_20 = z_20_0^2^20 */
+/* asm 1: fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
+/* asm 2: fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t3,>z_40_20=t3); */
+fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
+
+/* qhasm: z_40_0 = z_40_20*z_20_0 */
+/* asm 1: fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
+/* asm 2: fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
+fe_mul(t2,t3,t2);
+
+/* qhasm: z_50_10 = z_40_0^2^10 */
+/* asm 1: fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
+/* asm 2: fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t2,>z_50_10=t2); */
+fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
+
+/* qhasm: z_50_0 = z_50_10*z_10_0 */
+/* asm 1: fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
+/* asm 2: fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_100_50 = z_50_0^2^50 */
+/* asm 1: fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
+/* asm 2: fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t2,>z_100_50=t2); */
+fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
+
+/* qhasm: z_100_0 = z_100_50*z_50_0 */
+/* asm 1: fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
+/* asm 2: fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
+fe_mul(t2,t2,t1);
+
+/* qhasm: z_200_100 = z_100_0^2^100 */
+/* asm 1: fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
+/* asm 2: fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t3,>z_200_100=t3); */
+fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
+
+/* qhasm: z_200_0 = z_200_100*z_100_0 */
+/* asm 1: fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
+/* asm 2: fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
+fe_mul(t2,t3,t2);
+
+/* qhasm: z_250_50 = z_200_0^2^50 */
+/* asm 1: fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
+/* asm 2: fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t2,>z_250_50=t2); */
+fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
+
+/* qhasm: z_250_0 = z_250_50*z_50_0 */
+/* asm 1: fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
+/* asm 2: fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_255_5 = z_250_0^2^5 */
+/* asm 1: fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
+/* asm 2: fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_255_5=t1,>z_255_5=t1); */
+fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
+
+/* qhasm: z_255_21 = z_255_5*z11 */
+/* asm 1: fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
+/* asm 2: fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
+fe_mul(out,t1,t0);
+
+/* qhasm: return */
+
+  return;
+}
+
+
+static void fe_pow22523(fe out,const fe z)
+{
+  fe t0;
+  fe t1;
+  fe t2;
+  int i;
+
+
+/* qhasm: fe z1 */
+
+/* qhasm: fe z2 */
+
+/* qhasm: fe z8 */
+
+/* qhasm: fe z9 */
+
+/* qhasm: fe z11 */
+
+/* qhasm: fe z22 */
+
+/* qhasm: fe z_5_0 */
+
+/* qhasm: fe z_10_5 */
+
+/* qhasm: fe z_10_0 */
+
+/* qhasm: fe z_20_10 */
+
+/* qhasm: fe z_20_0 */
+
+/* qhasm: fe z_40_20 */
+
+/* qhasm: fe z_40_0 */
+
+/* qhasm: fe z_50_10 */
+
+/* qhasm: fe z_50_0 */
+
+/* qhasm: fe z_100_50 */
+
+/* qhasm: fe z_100_0 */
+
+/* qhasm: fe z_200_100 */
+
+/* qhasm: fe z_200_0 */
+
+/* qhasm: fe z_250_50 */
+
+/* qhasm: fe z_250_0 */
+
+/* qhasm: fe z_252_2 */
+
+/* qhasm: fe z_252_3 */
+
+/* qhasm: enter pow22523 */
+
+/* qhasm: z2 = z1^2^1 */
+/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
+/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
+fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+
+/* qhasm: z8 = z2^2^2 */
+/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
+/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
+fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
+
+/* qhasm: z9 = z1*z8 */
+/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
+/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
+fe_mul(t1,z,t1);
+
+/* qhasm: z11 = z2*z9 */
+/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
+/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
+fe_mul(t0,t0,t1);
+
+/* qhasm: z22 = z11^2^1 */
+/* asm 1: fe_sq(>z22=fe#1,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#1,>z22=fe#1); */
+/* asm 2: fe_sq(>z22=t0,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t0,>z22=t0); */
+fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+
+/* qhasm: z_5_0 = z9*z22 */
+/* asm 1: fe_mul(>z_5_0=fe#1,<z9=fe#2,<z22=fe#1); */
+/* asm 2: fe_mul(>z_5_0=t0,<z9=t1,<z22=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_10_5 = z_5_0^2^5 */
+/* asm 1: fe_sq(>z_10_5=fe#2,<z_5_0=fe#1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#2,>z_10_5=fe#2); */
+/* asm 2: fe_sq(>z_10_5=t1,<z_5_0=t0); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t1,>z_10_5=t1); */
+fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
+
+/* qhasm: z_10_0 = z_10_5*z_5_0 */
+/* asm 1: fe_mul(>z_10_0=fe#1,<z_10_5=fe#2,<z_5_0=fe#1); */
+/* asm 2: fe_mul(>z_10_0=t0,<z_10_5=t1,<z_5_0=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_20_10 = z_10_0^2^10 */
+/* asm 1: fe_sq(>z_20_10=fe#2,<z_10_0=fe#1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#2,>z_20_10=fe#2); */
+/* asm 2: fe_sq(>z_20_10=t1,<z_10_0=t0); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t1,>z_20_10=t1); */
+fe_sq(t1,t0); for (i = 1;i < 10;++i) fe_sq(t1,t1);
+
+/* qhasm: z_20_0 = z_20_10*z_10_0 */
+/* asm 1: fe_mul(>z_20_0=fe#2,<z_20_10=fe#2,<z_10_0=fe#1); */
+/* asm 2: fe_mul(>z_20_0=t1,<z_20_10=t1,<z_10_0=t0); */
+fe_mul(t1,t1,t0);
+
+/* qhasm: z_40_20 = z_20_0^2^20 */
+/* asm 1: fe_sq(>z_40_20=fe#3,<z_20_0=fe#2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#3,>z_40_20=fe#3); */
+/* asm 2: fe_sq(>z_40_20=t2,<z_20_0=t1); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t2,>z_40_20=t2); */
+fe_sq(t2,t1); for (i = 1;i < 20;++i) fe_sq(t2,t2);
+
+/* qhasm: z_40_0 = z_40_20*z_20_0 */
+/* asm 1: fe_mul(>z_40_0=fe#2,<z_40_20=fe#3,<z_20_0=fe#2); */
+/* asm 2: fe_mul(>z_40_0=t1,<z_40_20=t2,<z_20_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_50_10 = z_40_0^2^10 */
+/* asm 1: fe_sq(>z_50_10=fe#2,<z_40_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#2,>z_50_10=fe#2); */
+/* asm 2: fe_sq(>z_50_10=t1,<z_40_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t1,>z_50_10=t1); */
+fe_sq(t1,t1); for (i = 1;i < 10;++i) fe_sq(t1,t1);
+
+/* qhasm: z_50_0 = z_50_10*z_10_0 */
+/* asm 1: fe_mul(>z_50_0=fe#1,<z_50_10=fe#2,<z_10_0=fe#1); */
+/* asm 2: fe_mul(>z_50_0=t0,<z_50_10=t1,<z_10_0=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_100_50 = z_50_0^2^50 */
+/* asm 1: fe_sq(>z_100_50=fe#2,<z_50_0=fe#1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#2,>z_100_50=fe#2); */
+/* asm 2: fe_sq(>z_100_50=t1,<z_50_0=t0); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t1,>z_100_50=t1); */
+fe_sq(t1,t0); for (i = 1;i < 50;++i) fe_sq(t1,t1);
+
+/* qhasm: z_100_0 = z_100_50*z_50_0 */
+/* asm 1: fe_mul(>z_100_0=fe#2,<z_100_50=fe#2,<z_50_0=fe#1); */
+/* asm 2: fe_mul(>z_100_0=t1,<z_100_50=t1,<z_50_0=t0); */
+fe_mul(t1,t1,t0);
+
+/* qhasm: z_200_100 = z_100_0^2^100 */
+/* asm 1: fe_sq(>z_200_100=fe#3,<z_100_0=fe#2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#3,>z_200_100=fe#3); */
+/* asm 2: fe_sq(>z_200_100=t2,<z_100_0=t1); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t2,>z_200_100=t2); */
+fe_sq(t2,t1); for (i = 1;i < 100;++i) fe_sq(t2,t2);
+
+/* qhasm: z_200_0 = z_200_100*z_100_0 */
+/* asm 1: fe_mul(>z_200_0=fe#2,<z_200_100=fe#3,<z_100_0=fe#2); */
+/* asm 2: fe_mul(>z_200_0=t1,<z_200_100=t2,<z_100_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_250_50 = z_200_0^2^50 */
+/* asm 1: fe_sq(>z_250_50=fe#2,<z_200_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#2,>z_250_50=fe#2); */
+/* asm 2: fe_sq(>z_250_50=t1,<z_200_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t1,>z_250_50=t1); */
+fe_sq(t1,t1); for (i = 1;i < 50;++i) fe_sq(t1,t1);
+
+/* qhasm: z_250_0 = z_250_50*z_50_0 */
+/* asm 1: fe_mul(>z_250_0=fe#1,<z_250_50=fe#2,<z_50_0=fe#1); */
+/* asm 2: fe_mul(>z_250_0=t0,<z_250_50=t1,<z_50_0=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_252_2 = z_250_0^2^2 */
+/* asm 1: fe_sq(>z_252_2=fe#1,<z_250_0=fe#1); for (i = 1;i < 2;++i) fe_sq(>z_252_2=fe#1,>z_252_2=fe#1); */
+/* asm 2: fe_sq(>z_252_2=t0,<z_250_0=t0); for (i = 1;i < 2;++i) fe_sq(>z_252_2=t0,>z_252_2=t0); */
+fe_sq(t0,t0); for (i = 1;i < 2;++i) fe_sq(t0,t0);
+
+/* qhasm: z_252_3 = z_252_2*z1 */
+/* asm 1: fe_mul(>z_252_3=fe#12,<z_252_2=fe#1,<z1=fe#11); */
+/* asm 2: fe_mul(>z_252_3=out,<z_252_2=t0,<z1=z); */
+fe_mul(out,t0,z);
+
+/* qhasm: return */
+
+
+  return;
+}
+
+
+/*
+ge means group element.
+
+Here the group is the set of pairs (x,y) of field elements (see fe.h)
+satisfying -x^2 + y^2 = 1 + d x^2y^2
+where d = -121665/121666.
+
+Representations:
+  ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+  ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+  ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+  ge_precomp (Duif): (y+x,y-x,2dxy)
+*/
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+} ge_p2;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p3;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p1p1;
+
+typedef struct {
+  fe yplusx;
+  fe yminusx;
+  fe xy2d;
+} ge_precomp;
+
+typedef struct {
+  fe YplusX;
+  fe YminusX;
+  fe Z;
+  fe T2d;
+} ge_cached;
+
+static const fe d = {
+-10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
+} ;
+
+static const fe sqrtm1 = {
+-32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
+} ;
+
+static const fe d2 = {
+-21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
+} ;
+
+static ge_precomp Bi[8] = {
+ {
+  { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
+  { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
+  { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
+ },
+ {
+  { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
+  { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
+  { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
+ },
+ {
+  { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
+  { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
+  { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
+ },
+ {
+  { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
+  { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
+  { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
+ },
+ {
+  { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
+  { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
+  { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
+ },
+ {
+  { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
+  { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
+  { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
+ },
+ {
+  { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
+  { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
+  { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
+ },
+ {
+  { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
+  { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
+  { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
+ },
+} ;
+
+
+/* base[i][j] = (j+1)*256^i*B */
+static ge_precomp base[32][8] = {
+{
+ {
+  { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
+  { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
+  { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
+ },
+ {
+  { -12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303 },
+  { -21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081 },
+  { 26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697 },
+ },
+ {
+  { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
+  { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
+  { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
+ },
+ {
+  { -17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540 },
+  { 23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397 },
+  { 7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325 },
+ },
+ {
+  { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
+  { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
+  { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
+ },
+ {
+  { -15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777 },
+  { -8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737 },
+  { -18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652 },
+ },
+ {
+  { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
+  { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
+  { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
+ },
+ {
+  { 14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726 },
+  { -7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955 },
+  { 27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425 },
+ },
+},
+{
+ {
+  { -13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171 },
+  { 27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510 },
+  { 17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660 },
+ },
+ {
+  { -10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639 },
+  { 29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963 },
+  { 5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950 },
+ },
+ {
+  { -27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568 },
+  { 12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335 },
+  { 25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628 },
+ },
+ {
+  { -26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007 },
+  { -2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772 },
+  { -22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653 },
+ },
+ {
+  { 2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567 },
+  { 13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686 },
+  { 21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372 },
+ },
+ {
+  { -13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887 },
+  { -23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954 },
+  { -29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953 },
+ },
+ {
+  { 24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833 },
+  { -16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532 },
+  { -22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876 },
+ },
+ {
+  { 2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268 },
+  { 33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214 },
+  { 1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038 },
+ },
+},
+{
+ {
+  { 6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800 },
+  { 4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645 },
+  { -4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664 },
+ },
+ {
+  { 1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933 },
+  { -25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182 },
+  { -17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222 },
+ },
+ {
+  { -18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991 },
+  { 20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880 },
+  { 9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092 },
+ },
+ {
+  { -16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295 },
+  { 19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788 },
+  { 8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553 },
+ },
+ {
+  { -15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026 },
+  { 11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347 },
+  { -18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033 },
+ },
+ {
+  { -23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395 },
+  { -27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278 },
+  { 1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890 },
+ },
+ {
+  { 32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995 },
+  { -30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596 },
+  { -11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891 },
+ },
+ {
+  { 31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060 },
+  { 11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608 },
+  { -20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606 },
+ },
+},
+{
+ {
+  { 7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389 },
+  { -19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016 },
+  { -11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341 },
+ },
+ {
+  { -22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505 },
+  { 14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553 },
+  { -28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655 },
+ },
+ {
+  { 15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220 },
+  { 12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631 },
+  { -4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099 },
+ },
+ {
+  { 26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556 },
+  { 14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749 },
+  { 236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930 },
+ },
+ {
+  { 1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391 },
+  { 5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253 },
+  { 20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066 },
+ },
+ {
+  { 24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958 },
+  { -11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082 },
+  { -28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383 },
+ },
+ {
+  { -30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521 },
+  { -11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807 },
+  { 23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948 },
+ },
+ {
+  { 9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134 },
+  { -32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455 },
+  { 27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629 },
+ },
+},
+{
+ {
+  { -8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069 },
+  { -32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746 },
+  { 24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919 },
+ },
+ {
+  { 11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837 },
+  { 8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906 },
+  { -28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771 },
+ },
+ {
+  { -25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817 },
+  { 10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098 },
+  { 10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409 },
+ },
+ {
+  { -12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504 },
+  { -26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727 },
+  { 28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420 },
+ },
+ {
+  { -32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003 },
+  { -1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605 },
+  { -30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384 },
+ },
+ {
+  { -26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701 },
+  { -23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683 },
+  { 29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708 },
+ },
+ {
+  { -3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563 },
+  { -19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260 },
+  { -5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387 },
+ },
+ {
+  { -19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672 },
+  { 23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686 },
+  { -24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665 },
+ },
+},
+{
+ {
+  { 11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182 },
+  { -31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277 },
+  { 14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628 },
+ },
+ {
+  { -4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474 },
+  { -26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539 },
+  { -25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822 },
+ },
+ {
+  { -10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970 },
+  { 19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756 },
+  { -24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508 },
+ },
+ {
+  { -26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683 },
+  { -10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655 },
+  { -20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158 },
+ },
+ {
+  { -4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125 },
+  { -15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839 },
+  { -20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664 },
+ },
+ {
+  { 27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294 },
+  { -18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899 },
+  { -11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070 },
+ },
+ {
+  { 3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294 },
+  { -15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949 },
+  { -21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083 },
+ },
+ {
+  { 31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420 },
+  { -5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940 },
+  { 29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396 },
+ },
+},
+{
+ {
+  { -12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567 },
+  { 20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127 },
+  { -16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294 },
+ },
+ {
+  { -12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887 },
+  { 22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964 },
+  { 16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195 },
+ },
+ {
+  { 9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244 },
+  { 24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999 },
+  { -1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762 },
+ },
+ {
+  { -18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274 },
+  { -33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236 },
+  { -16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605 },
+ },
+ {
+  { -13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761 },
+  { -22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884 },
+  { -6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482 },
+ },
+ {
+  { -24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638 },
+  { -11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490 },
+  { -32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170 },
+ },
+ {
+  { 5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736 },
+  { 10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124 },
+  { -17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392 },
+ },
+ {
+  { 8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029 },
+  { 6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048 },
+  { 28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958 },
+ },
+},
+{
+ {
+  { 24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593 },
+  { 26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071 },
+  { -11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692 },
+ },
+ {
+  { 11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687 },
+  { -160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441 },
+  { -20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001 },
+ },
+ {
+  { -938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460 },
+  { -19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007 },
+  { -21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762 },
+ },
+ {
+  { 15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005 },
+  { -9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674 },
+  { 4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035 },
+ },
+ {
+  { 7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590 },
+  { -2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957 },
+  { -30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812 },
+ },
+ {
+  { 33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740 },
+  { -18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122 },
+  { -27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158 },
+ },
+ {
+  { 8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885 },
+  { 26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140 },
+  { 19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857 },
+ },
+ {
+  { 801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155 },
+  { 19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260 },
+  { 19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483 },
+ },
+},
+{
+ {
+  { -3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677 },
+  { 32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815 },
+  { 22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751 },
+ },
+ {
+  { -16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203 },
+  { -11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208 },
+  { 1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230 },
+ },
+ {
+  { 16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850 },
+  { -21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389 },
+  { -9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968 },
+ },
+ {
+  { -11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689 },
+  { 14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880 },
+  { 5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304 },
+ },
+ {
+  { 30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632 },
+  { -3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412 },
+  { 20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566 },
+ },
+ {
+  { -20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038 },
+  { -26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232 },
+  { -1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943 },
+ },
+ {
+  { 17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856 },
+  { 23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738 },
+  { 15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971 },
+ },
+ {
+  { -27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718 },
+  { -13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697 },
+  { -11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883 },
+ },
+},
+{
+ {
+  { 5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912 },
+  { -26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358 },
+  { 3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849 },
+ },
+ {
+  { 29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307 },
+  { -14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977 },
+  { -6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335 },
+ },
+ {
+  { -29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644 },
+  { -22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616 },
+  { -27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735 },
+ },
+ {
+  { -21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099 },
+  { 29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341 },
+  { -936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336 },
+ },
+ {
+  { -23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646 },
+  { 31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425 },
+  { -17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388 },
+ },
+ {
+  { -31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743 },
+  { -16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822 },
+  { -8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462 },
+ },
+ {
+  { 18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985 },
+  { 9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702 },
+  { -22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797 },
+ },
+ {
+  { 21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293 },
+  { 27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100 },
+  { 19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688 },
+ },
+},
+{
+ {
+  { 12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186 },
+  { 2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610 },
+  { -2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707 },
+ },
+ {
+  { 7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220 },
+  { 915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025 },
+  { 32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044 },
+ },
+ {
+  { 32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992 },
+  { -4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027 },
+  { 21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197 },
+ },
+ {
+  { 8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901 },
+  { 31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952 },
+  { 19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878 },
+ },
+ {
+  { -28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390 },
+  { 32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730 },
+  { 2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730 },
+ },
+ {
+  { -19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180 },
+  { -30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272 },
+  { -15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715 },
+ },
+ {
+  { -22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970 },
+  { -31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772 },
+  { -17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865 },
+ },
+ {
+  { 15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750 },
+  { 20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373 },
+  { 32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348 },
+ },
+},
+{
+ {
+  { 9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144 },
+  { -22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195 },
+  { 5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086 },
+ },
+ {
+  { -13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684 },
+  { -8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518 },
+  { -2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233 },
+ },
+ {
+  { -5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793 },
+  { -2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794 },
+  { 580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435 },
+ },
+ {
+  { 23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921 },
+  { 13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518 },
+  { 2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563 },
+ },
+ {
+  { 14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278 },
+  { -27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024 },
+  { 4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030 },
+ },
+ {
+  { 10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783 },
+  { 27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717 },
+  { 6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844 },
+ },
+ {
+  { 14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333 },
+  { 16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048 },
+  { 22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760 },
+ },
+ {
+  { -4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760 },
+  { -15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757 },
+  { -2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112 },
+ },
+},
+{
+ {
+  { -19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468 },
+  { 3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184 },
+  { 10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289 },
+ },
+ {
+  { 15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066 },
+  { 24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882 },
+  { 13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226 },
+ },
+ {
+  { 16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101 },
+  { 29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279 },
+  { -6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811 },
+ },
+ {
+  { 27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709 },
+  { 20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714 },
+  { -2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121 },
+ },
+ {
+  { 9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464 },
+  { 12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847 },
+  { 13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400 },
+ },
+ {
+  { 4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414 },
+  { -15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158 },
+  { 17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045 },
+ },
+ {
+  { -461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415 },
+  { -5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459 },
+  { -31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079 },
+ },
+ {
+  { 21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412 },
+  { -20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743 },
+  { -14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836 },
+ },
+},
+{
+ {
+  { 12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022 },
+  { 18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429 },
+  { -6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065 },
+ },
+ {
+  { 30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861 },
+  { 10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000 },
+  { -33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101 },
+ },
+ {
+  { 32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815 },
+  { 29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642 },
+  { 10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966 },
+ },
+ {
+  { 25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574 },
+  { -21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742 },
+  { -18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689 },
+ },
+ {
+  { 12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020 },
+  { -10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772 },
+  { 3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982 },
+ },
+ {
+  { -14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953 },
+  { -16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218 },
+  { -17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265 },
+ },
+ {
+  { 29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073 },
+  { -3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325 },
+  { -11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798 },
+ },
+ {
+  { -4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870 },
+  { -7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863 },
+  { -13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927 },
+ },
+},
+{
+ {
+  { -2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267 },
+  { -9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663 },
+  { 22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862 },
+ },
+ {
+  { -25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673 },
+  { 15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943 },
+  { 15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020 },
+ },
+ {
+  { -4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238 },
+  { 11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064 },
+  { 14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795 },
+ },
+ {
+  { 15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052 },
+  { -10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904 },
+  { 29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531 },
+ },
+ {
+  { -13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979 },
+  { -5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841 },
+  { 10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431 },
+ },
+ {
+  { 10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324 },
+  { -31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940 },
+  { 10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320 },
+ },
+ {
+  { -15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184 },
+  { 14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114 },
+  { 30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878 },
+ },
+ {
+  { 12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784 },
+  { -2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091 },
+  { -16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585 },
+ },
+},
+{
+ {
+  { -8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208 },
+  { 10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864 },
+  { 17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661 },
+ },
+ {
+  { 7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233 },
+  { 26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212 },
+  { -12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525 },
+ },
+ {
+  { -24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068 },
+  { 9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397 },
+  { -8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988 },
+ },
+ {
+  { 5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889 },
+  { 32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038 },
+  { 14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697 },
+ },
+ {
+  { 20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875 },
+  { -25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905 },
+  { -25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656 },
+ },
+ {
+  { 11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818 },
+  { 27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714 },
+  { 10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203 },
+ },
+ {
+  { 20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931 },
+  { -30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024 },
+  { -23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084 },
+ },
+ {
+  { -1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204 },
+  { 20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817 },
+  { 27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667 },
+ },
+},
+{
+ {
+  { 11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504 },
+  { -12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768 },
+  { -19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255 },
+ },
+ {
+  { 6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790 },
+  { 1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438 },
+  { -22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333 },
+ },
+ {
+  { 17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971 },
+  { 31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905 },
+  { 29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409 },
+ },
+ {
+  { 12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409 },
+  { 6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499 },
+  { -8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363 },
+ },
+ {
+  { 28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664 },
+  { -11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324 },
+  { -21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940 },
+ },
+ {
+  { 13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990 },
+  { -17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914 },
+  { -25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290 },
+ },
+ {
+  { 24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257 },
+  { -6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433 },
+  { -16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236 },
+ },
+ {
+  { -12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045 },
+  { 11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093 },
+  { -1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347 },
+ },
+},
+{
+ {
+  { -28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191 },
+  { -15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507 },
+  { -12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906 },
+ },
+ {
+  { 3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018 },
+  { -16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109 },
+  { -23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926 },
+ },
+ {
+  { -24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528 },
+  { 8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625 },
+  { -32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286 },
+ },
+ {
+  { 2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033 },
+  { 27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866 },
+  { 21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896 },
+ },
+ {
+  { 30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075 },
+  { 26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347 },
+  { -22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437 },
+ },
+ {
+  { -5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165 },
+  { -18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588 },
+  { -32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193 },
+ },
+ {
+  { -19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017 },
+  { -28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883 },
+  { 21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961 },
+ },
+ {
+  { 8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043 },
+  { 29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663 },
+  { -20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362 },
+ },
+},
+{
+ {
+  { -33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860 },
+  { 2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466 },
+  { -24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063 },
+ },
+ {
+  { -26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997 },
+  { -1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295 },
+  { -13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369 },
+ },
+ {
+  { 9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385 },
+  { 18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109 },
+  { 2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906 },
+ },
+ {
+  { 4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424 },
+  { -19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185 },
+  { 7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962 },
+ },
+ {
+  { -7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325 },
+  { 10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593 },
+  { 696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404 },
+ },
+ {
+  { -11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644 },
+  { 17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801 },
+  { 26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804 },
+ },
+ {
+  { -31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884 },
+  { -586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577 },
+  { -9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849 },
+ },
+ {
+  { 32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473 },
+  { -8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644 },
+  { -2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319 },
+ },
+},
+{
+ {
+  { -11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599 },
+  { -9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768 },
+  { -27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084 },
+ },
+ {
+  { -27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328 },
+  { -15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369 },
+  { 20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920 },
+ },
+ {
+  { 12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815 },
+  { -32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025 },
+  { -21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397 },
+ },
+ {
+  { -20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448 },
+  { 6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981 },
+  { 30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165 },
+ },
+ {
+  { 32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501 },
+  { 17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073 },
+  { -1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861 },
+ },
+ {
+  { 14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845 },
+  { -1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211 },
+  { 18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870 },
+ },
+ {
+  { 10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096 },
+  { 33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803 },
+  { -32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168 },
+ },
+ {
+  { 30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965 },
+  { -14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505 },
+  { 18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598 },
+ },
+},
+{
+ {
+  { 5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782 },
+  { 5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900 },
+  { -31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479 },
+ },
+ {
+  { -12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208 },
+  { 8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232 },
+  { 17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719 },
+ },
+ {
+  { 16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271 },
+  { -4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326 },
+  { -8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132 },
+ },
+ {
+  { 14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300 },
+  { 8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570 },
+  { 15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670 },
+ },
+ {
+  { -2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994 },
+  { -12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913 },
+  { 31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317 },
+ },
+ {
+  { -25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730 },
+  { 842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096 },
+  { -4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078 },
+ },
+ {
+  { -15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411 },
+  { -19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905 },
+  { -9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654 },
+ },
+ {
+  { -28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870 },
+  { -23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498 },
+  { 12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579 },
+ },
+},
+{
+ {
+  { 14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677 },
+  { 10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647 },
+  { -2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743 },
+ },
+ {
+  { -25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468 },
+  { 21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375 },
+  { -25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155 },
+ },
+ {
+  { 6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725 },
+  { -12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612 },
+  { -10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943 },
+ },
+ {
+  { -30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944 },
+  { 30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928 },
+  { 9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406 },
+ },
+ {
+  { 22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139 },
+  { -8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963 },
+  { -31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693 },
+ },
+ {
+  { 1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734 },
+  { -448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680 },
+  { -24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410 },
+ },
+ {
+  { -9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931 },
+  { -16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654 },
+  { 22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710 },
+ },
+ {
+  { 29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180 },
+  { -26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684 },
+  { -10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895 },
+ },
+},
+{
+ {
+  { 22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501 },
+  { -11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413 },
+  { 6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880 },
+ },
+ {
+  { -8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874 },
+  { 22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962 },
+  { -7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899 },
+ },
+ {
+  { 21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152 },
+  { 9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063 },
+  { 7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080 },
+ },
+ {
+  { -9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146 },
+  { -17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183 },
+  { -19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133 },
+ },
+ {
+  { -32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421 },
+  { -3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622 },
+  { -4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197 },
+ },
+ {
+  { 2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663 },
+  { 31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753 },
+  { 4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755 },
+ },
+ {
+  { -9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862 },
+  { -26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118 },
+  { 26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171 },
+ },
+ {
+  { 15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380 },
+  { 16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824 },
+  { 28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270 },
+ },
+},
+{
+ {
+  { -817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438 },
+  { -31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584 },
+  { -594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562 },
+ },
+ {
+  { 30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471 },
+  { 18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610 },
+  { 19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269 },
+ },
+ {
+  { -30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650 },
+  { 14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369 },
+  { 19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461 },
+ },
+ {
+  { 30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462 },
+  { -5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793 },
+  { -2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218 },
+ },
+ {
+  { -24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226 },
+  { 18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019 },
+  { -15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037 },
+ },
+ {
+  { 31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171 },
+  { -17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132 },
+  { -28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841 },
+ },
+ {
+  { 21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181 },
+  { -33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210 },
+  { -1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040 },
+ },
+ {
+  { 3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935 },
+  { 24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105 },
+  { -28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814 },
+ },
+},
+{
+ {
+  { 793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852 },
+  { 5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581 },
+  { -4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646 },
+ },
+ {
+  { 10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844 },
+  { 10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025 },
+  { 27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453 },
+ },
+ {
+  { -23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068 },
+  { 4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192 },
+  { -17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921 },
+ },
+ {
+  { -9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259 },
+  { -12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426 },
+  { -5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072 },
+ },
+ {
+  { -17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305 },
+  { 13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832 },
+  { 28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943 },
+ },
+ {
+  { -16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011 },
+  { 24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447 },
+  { 17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494 },
+ },
+ {
+  { -28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245 },
+  { -20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859 },
+  { 28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915 },
+ },
+ {
+  { 16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707 },
+  { 10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848 },
+  { -11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224 },
+ },
+},
+{
+ {
+  { -25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391 },
+  { 15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215 },
+  { -23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101 },
+ },
+ {
+  { 23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713 },
+  { 21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849 },
+  { -7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930 },
+ },
+ {
+  { -29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940 },
+  { -21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031 },
+  { -17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404 },
+ },
+ {
+  { -25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243 },
+  { -23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116 },
+  { -24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525 },
+ },
+ {
+  { -23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509 },
+  { -10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883 },
+  { 15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865 },
+ },
+ {
+  { -3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660 },
+  { 4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273 },
+  { -28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138 },
+ },
+ {
+  { -25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560 },
+  { -10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135 },
+  { 2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941 },
+ },
+ {
+  { -4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739 },
+  { 18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756 },
+  { -30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819 },
+ },
+},
+{
+ {
+  { -6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347 },
+  { -27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028 },
+  { 21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075 },
+ },
+ {
+  { 16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799 },
+  { -2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609 },
+  { -25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817 },
+ },
+ {
+  { -23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989 },
+  { -30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523 },
+  { 4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278 },
+ },
+ {
+  { 31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045 },
+  { 19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377 },
+  { 24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480 },
+ },
+ {
+  { 17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016 },
+  { 510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426 },
+  { 18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525 },
+ },
+ {
+  { 13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396 },
+  { 9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080 },
+  { 12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892 },
+ },
+ {
+  { 15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275 },
+  { 11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074 },
+  { 20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140 },
+ },
+ {
+  { -16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717 },
+  { -1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101 },
+  { 24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127 },
+ },
+},
+{
+ {
+  { -12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632 },
+  { -26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415 },
+  { -31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160 },
+ },
+ {
+  { 31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876 },
+  { 22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625 },
+  { -15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478 },
+ },
+ {
+  { 27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164 },
+  { 26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595 },
+  { -7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248 },
+ },
+ {
+  { -16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858 },
+  { 15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193 },
+  { 8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184 },
+ },
+ {
+  { -18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942 },
+  { -1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635 },
+  { 21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948 },
+ },
+ {
+  { 11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935 },
+  { -25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415 },
+  { -15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416 },
+ },
+ {
+  { -7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018 },
+  { 4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778 },
+  { 366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659 },
+ },
+ {
+  { -24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385 },
+  { 18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503 },
+  { 476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329 },
+ },
+},
+{
+ {
+  { 20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056 },
+  { -13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838 },
+  { 24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948 },
+ },
+ {
+  { -3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691 },
+  { -15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118 },
+  { -23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517 },
+ },
+ {
+  { -20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269 },
+  { -6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904 },
+  { -23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589 },
+ },
+ {
+  { -28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193 },
+  { -7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910 },
+  { -30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930 },
+ },
+ {
+  { -7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667 },
+  { 25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481 },
+  { -9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876 },
+ },
+ {
+  { 22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640 },
+  { -8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278 },
+  { -21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112 },
+ },
+ {
+  { 26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272 },
+  { 17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012 },
+  { -10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221 },
+ },
+ {
+  { 30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046 },
+  { 13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345 },
+  { -19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310 },
+ },
+},
+{
+ {
+  { 19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937 },
+  { 31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636 },
+  { -9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008 },
+ },
+ {
+  { -2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429 },
+  { -15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576 },
+  { 31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066 },
+ },
+ {
+  { -9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490 },
+  { -12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104 },
+  { 33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053 },
+ },
+ {
+  { 31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275 },
+  { -20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511 },
+  { 22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095 },
+ },
+ {
+  { -28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439 },
+  { 23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939 },
+  { -23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424 },
+ },
+ {
+  { 2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310 },
+  { 3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608 },
+  { -32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079 },
+ },
+ {
+  { -23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101 },
+  { 21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418 },
+  { 18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576 },
+ },
+ {
+  { 30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356 },
+  { 9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996 },
+  { -26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099 },
+ },
+},
+{
+ {
+  { -26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728 },
+  { -13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658 },
+  { -10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242 },
+ },
+ {
+  { -21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001 },
+  { -4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766 },
+  { 18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373 },
+ },
+ {
+  { 26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458 },
+  { -17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628 },
+  { -13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657 },
+ },
+ {
+  { -23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062 },
+  { 25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616 },
+  { 31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014 },
+ },
+ {
+  { 24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383 },
+  { -25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814 },
+  { -20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718 },
+ },
+ {
+  { 30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417 },
+  { 2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222 },
+  { 33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444 },
+ },
+ {
+  { -20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597 },
+  { 23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970 },
+  { 1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799 },
+ },
+ {
+  { -5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647 },
+  { 13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511 },
+  { -29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032 },
+ },
+},
+{
+ {
+  { 9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834 },
+  { -23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461 },
+  { 29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062 },
+ },
+ {
+  { -25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516 },
+  { -20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547 },
+  { -24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240 },
+ },
+ {
+  { -17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038 },
+  { -33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741 },
+  { 16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103 },
+ },
+ {
+  { -19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747 },
+  { -1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323 },
+  { 31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016 },
+ },
+ {
+  { -14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373 },
+  { 15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228 },
+  { -2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141 },
+ },
+ {
+  { 16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399 },
+  { 11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831 },
+  { -185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376 },
+ },
+ {
+  { -32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313 },
+  { -18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958 },
+  { -6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577 },
+ },
+ {
+  { -22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743 },
+  { 29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684 },
+  { -20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476 },
+ },
+},
+} ;
+
+static void ge_p2_0(ge_p2 *h)
+{
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+}
+
+static void ge_p3_0(ge_p3 *h)
+{
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+  fe_0(h->T);
+}
+
+static void ge_precomp_0(ge_precomp *h)
+{
+  fe_1(h->yplusx);
+  fe_1(h->yminusx);
+  fe_0(h->xy2d);
+}
+
+/*
+r = p
+*/
+
+static void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
+{
+  fe_mul(r->X,p->X,p->T);
+  fe_mul(r->Y,p->Y,p->Z);
+  fe_mul(r->Z,p->Z,p->T);
+}
+
+/*
+r = p
+*/
+
+static void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
+{
+  fe_mul(r->X,p->X,p->T);
+  fe_mul(r->Y,p->Y,p->Z);
+  fe_mul(r->Z,p->Z,p->T);
+  fe_mul(r->T,p->X,p->Y);
+}
+
+/*
+r = p
+*/
+
+static void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
+{
+  fe_copy(r->X,p->X);
+  fe_copy(r->Y,p->Y);
+  fe_copy(r->Z,p->Z);
+}
+
+
+/*
+r = 2 * p
+*/
+
+static void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
+{
+  fe t0;
+/* qhasm: enter ge_p2_dbl */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe AA */
+
+/* qhasm: fe XX */
+
+/* qhasm: fe YY */
+
+/* qhasm: fe B */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: XX=X1^2 */
+/* asm 1: fe_sq(>XX=fe#1,<X1=fe#11); */
+/* asm 2: fe_sq(>XX=r->X,<X1=p->X); */
+fe_sq(r->X,p->X);
+
+/* qhasm: YY=Y1^2 */
+/* asm 1: fe_sq(>YY=fe#3,<Y1=fe#12); */
+/* asm 2: fe_sq(>YY=r->Z,<Y1=p->Y); */
+fe_sq(r->Z,p->Y);
+
+/* qhasm: B=2*Z1^2 */
+/* asm 1: fe_sq2(>B=fe#4,<Z1=fe#13); */
+/* asm 2: fe_sq2(>B=r->T,<Z1=p->Z); */
+fe_sq2(r->T,p->Z);
+
+/* qhasm: A=X1+Y1 */
+/* asm 1: fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */
+/* asm 2: fe_add(>A=r->Y,<X1=p->X,<Y1=p->Y); */
+fe_add(r->Y,p->X,p->Y);
+
+/* qhasm: AA=A^2 */
+/* asm 1: fe_sq(>AA=fe#5,<A=fe#2); */
+/* asm 2: fe_sq(>AA=t0,<A=r->Y); */
+fe_sq(t0,r->Y);
+
+/* qhasm: Y3=YY+XX */
+/* asm 1: fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */
+/* asm 2: fe_add(>Y3=r->Y,<YY=r->Z,<XX=r->X); */
+fe_add(r->Y,r->Z,r->X);
+
+/* qhasm: Z3=YY-XX */
+/* asm 1: fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */
+/* asm 2: fe_sub(>Z3=r->Z,<YY=r->Z,<XX=r->X); */
+fe_sub(r->Z,r->Z,r->X);
+
+/* qhasm: X3=AA-Y3 */
+/* asm 1: fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<AA=t0,<Y3=r->Y); */
+fe_sub(r->X,t0,r->Y);
+
+/* qhasm: T3=B-Z3 */
+/* asm 1: fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */
+/* asm 2: fe_sub(>T3=r->T,<B=r->T,<Z3=r->Z); */
+fe_sub(r->T,r->T,r->Z);
+
+/* qhasm: return */
+}
+
+
+/*
+r = 2 * p
+*/
+
+static void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
+{
+  ge_p2 q;
+  ge_p3_to_p2(&q,p);
+  ge_p2_dbl(r,&q);
+}
+
+
+/*
+r = p
+*/
+
+static void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
+{
+  fe_add(r->YplusX,p->Y,p->X);
+  fe_sub(r->YminusX,p->Y,p->X);
+  fe_copy(r->Z,p->Z);
+  fe_mul(r->T2d,p->T,d2);
+}
+
+/*
+r = p + q
+*/
+
+static void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
+{
+  fe t0;
+/* qhasm: enter ge_add */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe Z2 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ZZ */
+
+/* qhasm: fe YpX2 */
+
+/* qhasm: fe YmX2 */
+
+/* qhasm: fe T2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*YpX2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YpX2=fe#15); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YpX2=q->YplusX); */
+fe_mul(r->Z,r->X,q->YplusX);
+
+/* qhasm: B = YmX1*YmX2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YmX2=fe#16); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YmX2=q->YminusX); */
+fe_mul(r->Y,r->Y,q->YminusX);
+
+/* qhasm: C = T2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
+fe_mul(r->T,q->T2d,p->T);
+
+/* qhasm: ZZ = Z1*Z2 */
+/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
+/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
+fe_mul(r->X,p->Z,q->Z);
+
+/* qhasm: D = 2*ZZ */
+/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
+/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
+fe_add(t0,r->X,r->X);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D+C */
+/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_add(r->Z,t0,r->T);
+
+/* qhasm: T3 = D-C */
+/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
+fe_sub(r->T,t0,r->T);
+
+/* qhasm: return */
+}
+
+
+/*
+r = p - q
+*/
+
+static void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
+{
+  fe t0;
+/* qhasm: enter ge_sub */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe Z2 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ZZ */
+
+/* qhasm: fe YpX2 */
+
+/* qhasm: fe YmX2 */
+
+/* qhasm: fe T2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*YmX2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YmX2=fe#16); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YmX2=q->YminusX); */
+fe_mul(r->Z,r->X,q->YminusX);
+
+/* qhasm: B = YmX1*YpX2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YpX2=fe#15); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YpX2=q->YplusX); */
+fe_mul(r->Y,r->Y,q->YplusX);
+
+/* qhasm: C = T2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
+fe_mul(r->T,q->T2d,p->T);
+
+/* qhasm: ZZ = Z1*Z2 */
+/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
+/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
+fe_mul(r->X,p->Z,q->Z);
+
+/* qhasm: D = 2*ZZ */
+/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
+/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
+fe_add(t0,r->X,r->X);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D-C */
+/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_sub(r->Z,t0,r->T);
+
+/* qhasm: T3 = D+C */
+/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
+fe_add(r->T,t0,r->T);
+
+/* qhasm: return */
+}
+
+
+/*
+r = p + q
+*/
+
+static void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
+{
+  fe t0;
+/* qhasm: enter ge_madd */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ypx2 */
+
+/* qhasm: fe ymx2 */
+
+/* qhasm: fe xy2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*ypx2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ypx2=fe#15); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ypx2=q->yplusx); */
+fe_mul(r->Z,r->X,q->yplusx);
+
+/* qhasm: B = YmX1*ymx2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ymx2=fe#16); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ymx2=q->yminusx); */
+fe_mul(r->Y,r->Y,q->yminusx);
+
+/* qhasm: C = xy2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
+fe_mul(r->T,q->xy2d,p->T);
+
+/* qhasm: D = 2*Z1 */
+/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
+/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
+fe_add(t0,p->Z,p->Z);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D+C */
+/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_add(r->Z,t0,r->T);
+
+/* qhasm: T3 = D-C */
+/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
+fe_sub(r->T,t0,r->T);
+
+/* qhasm: return */
+}
+
+
+/*
+r = p - q
+*/
+
+static void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
+{
+  fe t0;
+/* qhasm: enter ge_msub */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ypx2 */
+
+/* qhasm: fe ymx2 */
+
+/* qhasm: fe xy2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*ymx2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ymx2=fe#16); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ymx2=q->yminusx); */
+fe_mul(r->Z,r->X,q->yminusx);
+
+/* qhasm: B = YmX1*ypx2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ypx2=fe#15); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ypx2=q->yplusx); */
+fe_mul(r->Y,r->Y,q->yplusx);
+
+/* qhasm: C = xy2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
+fe_mul(r->T,q->xy2d,p->T);
+
+/* qhasm: D = 2*Z1 */
+/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
+/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
+fe_add(t0,p->Z,p->Z);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D-C */
+/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_sub(r->Z,t0,r->T);
+
+/* qhasm: T3 = D+C */
+/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
+fe_add(r->T,t0,r->T);
+
+/* qhasm: return */
+}
+
+
+static void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
+{
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip,h->Z);
+  fe_mul(x,h->X,recip);
+  fe_mul(y,h->Y,recip);
+  fe_tobytes(s,y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
+
+static void ge_tobytes(unsigned char *s,const ge_p2 *h)
+{
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip,h->Z);
+  fe_mul(x,h->X,recip);
+  fe_mul(y,h->Y,recip);
+  fe_tobytes(s,y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
+
+static int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
+{
+  fe u;
+  fe v;
+  fe v3;
+  fe vxx;
+  fe check;
+
+  fe_frombytes(h->Y,s);
+  fe_1(h->Z);
+  fe_sq(u,h->Y);
+  fe_mul(v,u,d);
+  fe_sub(u,u,h->Z);       /* u = y^2-1 */
+  fe_add(v,v,h->Z);       /* v = dy^2+1 */
+
+  fe_sq(v3,v);
+  fe_mul(v3,v3,v);        /* v3 = v^3 */
+  fe_sq(h->X,v3);
+  fe_mul(h->X,h->X,v);
+  fe_mul(h->X,h->X,u);    /* x = uv^7 */
+
+  fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
+  fe_mul(h->X,h->X,v3);
+  fe_mul(h->X,h->X,u);    /* x = uv^3(uv^7)^((q-5)/8) */
+
+  fe_sq(vxx,h->X);
+  fe_mul(vxx,vxx,v);
+  fe_sub(check,vxx,u);    /* vx^2-u */
+  if (fe_isnonzero(check)) {
+    fe_add(check,vxx,u);  /* vx^2+u */
+    if (fe_isnonzero(check)) return -1;
+    fe_mul(h->X,h->X,sqrtm1);
+  }
+
+  if (fe_isnegative(h->X) == (s[31] >> 7))
+    fe_neg(h->X,h->X);
+
+  fe_mul(h->T,h->X,h->Y);
+  return 0;
+}
+
+
+static void slide(signed char *r,const unsigned char *a)
+{
+  int i;
+  int b;
+  int k;
+
+  for (i = 0;i < 256;++i)
+    r[i] = 1 & (a[i >> 3] >> (i & 7));
+
+  for (i = 0;i < 256;++i)
+    if (r[i]) {
+      for (b = 1;b <= 6 && i + b < 256;++b) {
+        if (r[i + b]) {
+          if (r[i] + (r[i + b] << b) <= 15) {
+            r[i] += r[i + b] << b; r[i + b] = 0;
+          } else if (r[i] - (r[i + b] << b) >= -15) {
+            r[i] -= r[i + b] << b;
+            for (k = i + b;k < 256;++k) {
+              if (!r[k]) {
+                r[k] = 1;
+                break;
+              }
+              r[k] = 0;
+            }
+          } else
+            break;
+        }
+      }
+    }
+
+}
+
+
+/*
+r = a * A + b * B
+where a = a[0]+256*a[1]+...+256^31 a[31].
+and b = b[0]+256*b[1]+...+256^31 b[31].
+B is the Ed25519 base point (x,4/5) with x positive.
+*/
+
+static void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
+{
+  signed char aslide[256];
+  signed char bslide[256];
+  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+  ge_p1p1 t;
+  ge_p3 u;
+  ge_p3 A2;
+  int i;
+
+  slide(aslide,a);
+  slide(bslide,b);
+
+  ge_p3_to_cached(&Ai[0],A);
+  ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
+  ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
+  ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
+  ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
+  ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
+  ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
+  ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
+  ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
+
+  ge_p2_0(r);
+
+  for (i = 255;i >= 0;--i) {
+    if (aslide[i] || bslide[i]) break;
+  }
+
+  for (;i >= 0;--i) {
+    ge_p2_dbl(&t,r);
+
+    if (aslide[i] > 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_add(&t,&u,&Ai[aslide[i]/2]);
+    } else if (aslide[i] < 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
+    }
+
+    if (bslide[i] > 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_madd(&t,&u,&Bi[bslide[i]/2]);
+    } else if (bslide[i] < 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
+    }
+
+    ge_p1p1_to_p2(r,&t);
+  }
+}
+
+static unsigned char equal(signed char b,signed char c)
+{
+  unsigned char ub = b;
+  unsigned char uc = c;
+  unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
+  crypto_uint32 y = x; /* 0: yes; 1..255: no */
+  y -= 1; /* 4294967295: yes; 0..254: no */
+  y >>= 31; /* 1: yes; 0: no */
+  return y;
+}
+
+static unsigned char negative(signed char b)
+{
+  unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+  x >>= 63; /* 1: yes; 0: no */
+  return x;
+}
+
+static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b)
+{
+  fe_cmov(t->yplusx,u->yplusx,b);
+  fe_cmov(t->yminusx,u->yminusx,b);
+  fe_cmov(t->xy2d,u->xy2d,b);
+}
+
+
+
+static void select(ge_precomp *t,int pos,signed char b)
+{
+  ge_precomp minust;
+  unsigned char bnegative = negative(b);
+  unsigned char babs = b - (((-bnegative) & b) << 1);
+
+  ge_precomp_0(t);
+  cmov(t,&base[pos][0],equal(babs,1));
+  cmov(t,&base[pos][1],equal(babs,2));
+  cmov(t,&base[pos][2],equal(babs,3));
+  cmov(t,&base[pos][3],equal(babs,4));
+  cmov(t,&base[pos][4],equal(babs,5));
+  cmov(t,&base[pos][5],equal(babs,6));
+  cmov(t,&base[pos][6],equal(babs,7));
+  cmov(t,&base[pos][7],equal(babs,8));
+  fe_copy(minust.yplusx,t->yminusx);
+  fe_copy(minust.yminusx,t->yplusx);
+  fe_neg(minust.xy2d,t->xy2d);
+  cmov(t,&minust,bnegative);
+}
+
+/*
+h = a * B
+where a = a[0]+256*a[1]+...+256^31 a[31]
+B is the Ed25519 base point (x,4/5) with x positive.
+
+Preconditions:
+  a[31] <= 127
+*/
+
+static void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
+{
+  signed char e[64];
+  signed char carry;
+  ge_p1p1 r;
+  ge_p2 s;
+  ge_precomp t;
+  int i;
+
+  for (i = 0;i < 32;++i) {
+    e[2 * i + 0] = (a[i] >> 0) & 15;
+    e[2 * i + 1] = (a[i] >> 4) & 15;
+  }
+  /* each e[i] is between 0 and 15 */
+  /* e[63] is between 0 and 7 */
+
+  carry = 0;
+  for (i = 0;i < 63;++i) {
+    e[i] += carry;
+    carry = e[i] + 8;
+    carry >>= 4;
+    e[i] -= carry << 4;
+  }
+  e[63] += carry;
+  /* each e[i] is between -8 and 8 */
+
+  ge_p3_0(h);
+  for (i = 1;i < 64;i += 2) {
+    select(&t,i / 2,e[i]);
+    ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
+  }
+
+  ge_p3_dbl(&r,h);  ge_p1p1_to_p2(&s,&r);
+  ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
+  ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
+  ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
+
+  for (i = 0;i < 64;i += 2) {
+    select(&t,i / 2,e[i]);
+    ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
+  }
+}
+
+/*
+Input:
+  s[0]+256*s[1]+...+256^63*s[63] = s
+
+Output:
+  s[0]+256*s[1]+...+256^31*s[31] = s mod l
+  where l = 2^252 + 27742317777372353535851937790883648493.
+  Overwrites s in place.
+*/
+
+static void sc_reduce(unsigned char *s)
+{
+  crypto_int64 s0 = 2097151 & load_3(s);
+  crypto_int64 s1 = 2097151 & (load_4(s + 2) >> 5);
+  crypto_int64 s2 = 2097151 & (load_3(s + 5) >> 2);
+  crypto_int64 s3 = 2097151 & (load_4(s + 7) >> 7);
+  crypto_int64 s4 = 2097151 & (load_4(s + 10) >> 4);
+  crypto_int64 s5 = 2097151 & (load_3(s + 13) >> 1);
+  crypto_int64 s6 = 2097151 & (load_4(s + 15) >> 6);
+  crypto_int64 s7 = 2097151 & (load_3(s + 18) >> 3);
+  crypto_int64 s8 = 2097151 & load_3(s + 21);
+  crypto_int64 s9 = 2097151 & (load_4(s + 23) >> 5);
+  crypto_int64 s10 = 2097151 & (load_3(s + 26) >> 2);
+  crypto_int64 s11 = 2097151 & (load_4(s + 28) >> 7);
+  crypto_int64 s12 = 2097151 & (load_4(s + 31) >> 4);
+  crypto_int64 s13 = 2097151 & (load_3(s + 34) >> 1);
+  crypto_int64 s14 = 2097151 & (load_4(s + 36) >> 6);
+  crypto_int64 s15 = 2097151 & (load_3(s + 39) >> 3);
+  crypto_int64 s16 = 2097151 & load_3(s + 42);
+  crypto_int64 s17 = 2097151 & (load_4(s + 44) >> 5);
+  crypto_int64 s18 = 2097151 & (load_3(s + 47) >> 2);
+  crypto_int64 s19 = 2097151 & (load_4(s + 49) >> 7);
+  crypto_int64 s20 = 2097151 & (load_4(s + 52) >> 4);
+  crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
+  crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
+  crypto_int64 s23 = (load_4(s + 60) >> 3);
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+  crypto_int64 carry10;
+  crypto_int64 carry11;
+  crypto_int64 carry12;
+  crypto_int64 carry13;
+  crypto_int64 carry14;
+  crypto_int64 carry15;
+  crypto_int64 carry16;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | (s1 << 5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | (s2 << 2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | (s3 << 7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | (s4 << 4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | (s5 << 1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | (s6 << 6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | (s7 << 3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | (s9 << 5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | (s10 << 2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | (s11 << 7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+}
+
+/*
+Input:
+  a[0]+256*a[1]+...+256^31*a[31] = a
+  b[0]+256*b[1]+...+256^31*b[31] = b
+  c[0]+256*c[1]+...+256^31*c[31] = c
+
+Output:
+  s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+  where l = 2^252 + 27742317777372353535851937790883648493.
+*/
+
+static void sc_muladd(unsigned char *s,const unsigned char *a,const unsigned char *b,const unsigned char *c)
+{
+  crypto_int64 a0 = 2097151 & load_3(a);
+  crypto_int64 a1 = 2097151 & (load_4(a + 2) >> 5);
+  crypto_int64 a2 = 2097151 & (load_3(a + 5) >> 2);
+  crypto_int64 a3 = 2097151 & (load_4(a + 7) >> 7);
+  crypto_int64 a4 = 2097151 & (load_4(a + 10) >> 4);
+  crypto_int64 a5 = 2097151 & (load_3(a + 13) >> 1);
+  crypto_int64 a6 = 2097151 & (load_4(a + 15) >> 6);
+  crypto_int64 a7 = 2097151 & (load_3(a + 18) >> 3);
+  crypto_int64 a8 = 2097151 & load_3(a + 21);
+  crypto_int64 a9 = 2097151 & (load_4(a + 23) >> 5);
+  crypto_int64 a10 = 2097151 & (load_3(a + 26) >> 2);
+  crypto_int64 a11 = (load_4(a + 28) >> 7);
+  crypto_int64 b0 = 2097151 & load_3(b);
+  crypto_int64 b1 = 2097151 & (load_4(b + 2) >> 5);
+  crypto_int64 b2 = 2097151 & (load_3(b + 5) >> 2);
+  crypto_int64 b3 = 2097151 & (load_4(b + 7) >> 7);
+  crypto_int64 b4 = 2097151 & (load_4(b + 10) >> 4);
+  crypto_int64 b5 = 2097151 & (load_3(b + 13) >> 1);
+  crypto_int64 b6 = 2097151 & (load_4(b + 15) >> 6);
+  crypto_int64 b7 = 2097151 & (load_3(b + 18) >> 3);
+  crypto_int64 b8 = 2097151 & load_3(b + 21);
+  crypto_int64 b9 = 2097151 & (load_4(b + 23) >> 5);
+  crypto_int64 b10 = 2097151 & (load_3(b + 26) >> 2);
+  crypto_int64 b11 = (load_4(b + 28) >> 7);
+  crypto_int64 c0 = 2097151 & load_3(c);
+  crypto_int64 c1 = 2097151 & (load_4(c + 2) >> 5);
+  crypto_int64 c2 = 2097151 & (load_3(c + 5) >> 2);
+  crypto_int64 c3 = 2097151 & (load_4(c + 7) >> 7);
+  crypto_int64 c4 = 2097151 & (load_4(c + 10) >> 4);
+  crypto_int64 c5 = 2097151 & (load_3(c + 13) >> 1);
+  crypto_int64 c6 = 2097151 & (load_4(c + 15) >> 6);
+  crypto_int64 c7 = 2097151 & (load_3(c + 18) >> 3);
+  crypto_int64 c8 = 2097151 & load_3(c + 21);
+  crypto_int64 c9 = 2097151 & (load_4(c + 23) >> 5);
+  crypto_int64 c10 = 2097151 & (load_3(c + 26) >> 2);
+  crypto_int64 c11 = (load_4(c + 28) >> 7);
+  crypto_int64 s0;
+  crypto_int64 s1;
+  crypto_int64 s2;
+  crypto_int64 s3;
+  crypto_int64 s4;
+  crypto_int64 s5;
+  crypto_int64 s6;
+  crypto_int64 s7;
+  crypto_int64 s8;
+  crypto_int64 s9;
+  crypto_int64 s10;
+  crypto_int64 s11;
+  crypto_int64 s12;
+  crypto_int64 s13;
+  crypto_int64 s14;
+  crypto_int64 s15;
+  crypto_int64 s16;
+  crypto_int64 s17;
+  crypto_int64 s18;
+  crypto_int64 s19;
+  crypto_int64 s20;
+  crypto_int64 s21;
+  crypto_int64 s22;
+  crypto_int64 s23;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+  crypto_int64 carry10;
+  crypto_int64 carry11;
+  crypto_int64 carry12;
+  crypto_int64 carry13;
+  crypto_int64 carry14;
+  crypto_int64 carry15;
+  crypto_int64 carry16;
+  crypto_int64 carry17;
+  crypto_int64 carry18;
+  crypto_int64 carry19;
+  crypto_int64 carry20;
+  crypto_int64 carry21;
+  crypto_int64 carry22;
+
+  s0 = c0 + a0*b0;
+  s1 = c1 + a0*b1 + a1*b0;
+  s2 = c2 + a0*b2 + a1*b1 + a2*b0;
+  s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
+  s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
+  s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
+  s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
+  s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
+  s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
+  s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
+  s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
+  s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
+  s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
+  s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
+  s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
+  s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
+  s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
+  s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
+  s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
+  s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
+  s20 = a9*b11 + a10*b10 + a11*b9;
+  s21 = a10*b11 + a11*b10;
+  s22 = a11*b11;
+  s23 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+  carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
+  carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
+  carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+  carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
+  carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
+  carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | (s1 << 5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | (s2 << 2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | (s3 << 7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | (s4 << 4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | (s5 << 1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | (s6 << 6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | (s7 << 3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | (s9 << 5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | (s10 << 2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | (s11 << 7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+}
+
+/*
+int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
+{
+  unsigned char h[64];
+  ge_p3 A;
+  int i;
+
+  randombytes(sk,32);
+  crypto_hash_sha512(h,sk,32);
+  h[0] &= 248;
+  h[31] &= 63;
+  h[31] |= 64;
+
+  ge_scalarmult_base(&A,h);
+  ge_p3_tobytes(pk,&A);
+
+  for (i = 0;i < 32;++i) sk[32 + i] = pk[i];
+  return 0;
+}
+*/
+
+int crypto_sign_pk_ref10(unsigned char *pk,unsigned char *sk)
+{
+  unsigned char h[64];
+  ge_p3 A;
+  int i;
+
+  crypto_hash_sha512(h,sk,32);
+  h[0] &= 248;
+  h[31] &= 63;
+  h[31] |= 64;
+
+  ge_scalarmult_base(&A,h);
+  ge_p3_tobytes(pk,&A);
+
+  for (i = 0;i < 32;++i) sk[32 + i] = pk[i];
+  return 0;
+}
+
+int crypto_sign_ref10(
+  unsigned char *sm,unsigned long long *smlen,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *sk
+)
+{
+  unsigned char az[64];
+  unsigned char r[64];
+  unsigned char hram[64];
+  ge_p3 R;
+  unsigned long long i;
+
+  crypto_hash_sha512(az,sk,32);
+  az[0] &= 248;
+  az[31] &= 63;
+  az[31] |= 64;
+
+  *smlen = mlen + 64;
+  for (i = 0;i < mlen;++i) sm[64 + i] = m[i];
+  for (i = 0;i < 32;++i) sm[32 + i] = az[32 + i];
+  crypto_hash_sha512(r,sm + 32,mlen + 32);
+  for (i = 0;i < 32;++i) sm[32 + i] = sk[32 + i];
+
+  sc_reduce(r);
+  ge_scalarmult_base(&R,r);
+  ge_p3_tobytes(sm,&R);
+
+  crypto_hash_sha512(hram,sm,mlen + 64);
+  sc_reduce(hram);
+  sc_muladd(sm + 32,hram,az,r);
+
+  return 0;
+}
+
+int crypto_sign_open_ref10(
+  unsigned char *m,unsigned long long *mlen,
+  const unsigned char *sm,unsigned long long smlen,
+  const unsigned char *pk
+)
+{
+  unsigned char h[64];
+  unsigned char checkr[32];
+  ge_p3 A;
+  ge_p2 R;
+  unsigned long long i;
+
+  *mlen = -1;
+  if (smlen < 64) return -1;
+  if (sm[63] & 224) return -1;
+  if (ge_frombytes_negate_vartime(&A,pk) != 0) return -1;
+
+  for (i = 0;i < smlen;++i) m[i] = sm[i];
+  for (i = 0;i < 32;++i) m[32 + i] = pk[i];
+  crypto_hash_sha512(h,m,smlen);
+  sc_reduce(h);
+
+  ge_double_scalarmult_vartime(&R,h,&A,sm + 32);
+  ge_tobytes(checkr,&R);
+  if (crypto_verify_32(checkr,sm) != 0) {
+    for (i = 0;i < smlen;++i) m[i] = 0;
+    return -1;
+  }
+
+  for (i = 0;i < smlen - 64;++i) m[i] = sm[64 + i];
+  for (i = smlen - 64;i < smlen;++i) m[i] = 0;
+  *mlen = smlen - 64;
+  return 0;
+}
+
diff --git a/src/ext/ed25519/donna/fuzz/ed25519-ref10.h b/src/ext/ed25519/donna/fuzz/ed25519-ref10.h
new file mode 100644
index 0000000000..c8a0f69b65
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/ed25519-ref10.h
@@ -0,0 +1,9 @@
+#ifndef ED25519_REF10_H
+#define ED25519_REF10_H
+
+int crypto_sign_pk_ref10(unsigned char *pk,unsigned char *sk);
+int crypto_sign_ref10(unsigned char *sm,unsigned long long *smlen,const unsigned char *m,unsigned long long mlen,const unsigned char *sk);
+int crypto_sign_open_ref10(unsigned char *m,unsigned long long *mlen,const unsigned char *sm,unsigned long long smlen,const unsigned char *pk);
+
+#endif /* ED25519_REF10_H */
+
diff --git a/src/ext/ed25519/donna/fuzz/fuzz-curve25519.c b/src/ext/ed25519/donna/fuzz/fuzz-curve25519.c
new file mode 100644
index 0000000000..43017014c2
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/fuzz-curve25519.c
@@ -0,0 +1,172 @@
+#if defined(_WIN32)
+	#include <windows.h>
+	#include <wincrypt.h>
+	typedef unsigned int uint32_t;
+	typedef unsigned __int64 uint64_t;
+#else
+	#include <stdint.h>
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "ed25519-donna.h"
+#include "curve25519-ref10.h"
+
+static void
+print_diff(const char *desc, const unsigned char *a, const unsigned char *b, size_t len) {
+	size_t p = 0;
+	unsigned char diff;
+	printf("%s diff:\n", desc);
+	while (len--) {
+		diff = *a++ ^ *b++;
+		if (!diff)
+			printf("____,");
+		else
+			printf("0x%02x,", diff);
+		if ((++p & 15) == 0)
+			printf("\n");
+	}
+	printf("\n\n");
+}
+
+static void
+print_bytes(const char *desc, const unsigned char *bytes, size_t len) {
+	size_t p = 0;
+	printf("%s:\n", desc);
+	while (len--) {
+		printf("0x%02x,", *bytes++);
+		if ((++p & 15) == 0)
+			printf("\n");
+	}
+	printf("\n\n");
+}
+
+
+/* chacha20/12 prng */
+void
+prng(unsigned char *out, size_t bytes) {
+	static uint32_t state[16];
+	static int init = 0;
+	uint32_t x[16], t;
+	size_t i;
+
+	if (!init) {
+	#if defined(_WIN32)
+		HCRYPTPROV csp;
+		if (!CryptAcquireContext(&csp, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+			printf("CryptAcquireContext failed\n");
+			exit(1);
+		}
+		if (!CryptGenRandom(csp, (DWORD)sizeof(state), (BYTE*)state)) {
+			printf("CryptGenRandom failed\n");
+			exit(1);
+		}
+		CryptReleaseContext(csp, 0);
+	#else
+		FILE *f = NULL;
+		f = fopen("/dev/urandom", "rb");
+		if (!f) {
+			printf("failed to open /dev/urandom\n");
+			exit(1);
+		}
+		if (fread(state, sizeof(state), 1, f) != 1) {
+			printf("read error on /dev/urandom\n");
+			exit(1);
+		}
+	#endif
+		init = 1;
+	}
+
+	while (bytes) {
+		for (i = 0; i < 16; i++) x[i] = state[i];
+
+		#define rotl32(x,k) ((x << k) | (x >> (32 - k)))
+		#define quarter(a,b,c,d) \
+			x[a] += x[b]; t = x[d]^x[a]; x[d] = rotl32(t,16); \
+			x[c] += x[d]; t = x[b]^x[c]; x[b] = rotl32(t,12); \
+			x[a] += x[b]; t = x[d]^x[a]; x[d] = rotl32(t, 8); \
+			x[c] += x[d]; t = x[b]^x[c]; x[b] = rotl32(t, 7);
+
+		for (i = 0; i < 12; i += 2) {
+			quarter( 0, 4, 8,12)
+			quarter( 1, 5, 9,13)
+			quarter( 2, 6,10,14)
+			quarter( 3, 7,11,15)
+			quarter( 0, 5,10,15)
+			quarter( 1, 6,11,12)
+			quarter( 2, 7, 8,13)
+			quarter( 3, 4, 9,14)
+		};
+
+		if (bytes <= 64) {
+			memcpy(out, x, bytes);
+			bytes = 0;
+		} else {
+			memcpy(out, x, 64);
+			bytes -= 64;
+			out += 64;
+		}
+
+		/* don't need a nonce, so last 4 words are the counter. 2^136 bytes can be generated */
+		if (!++state[12]) if (!++state[13]) if (!++state[14]) ++state[15];
+	}
+}
+
+
+
+int main() {
+	const size_t skmax = 1024;
+	static unsigned char sk[1024][32];
+	unsigned char pk[3][32];
+	unsigned char *skp;
+	size_t ski, pki, i;
+	uint64_t ctr;
+
+	printf("fuzzing: ");
+	printf(" ref10");
+	printf(" curved25519");
+#if defined(ED25519_SSE2)
+	printf(" curved25519-sse2");
+#endif
+	printf("\n\n");
+
+	for (ctr = 0, ski = skmax;;ctr++) {
+		if (ski == skmax) {
+			prng((unsigned char *)sk, sizeof(sk));
+			ski = 0;
+		}
+		skp = sk[ski++];
+
+		pki = 0;
+		crypto_scalarmult_base_ref10(pk[pki++], skp);
+		curved25519_scalarmult_basepoint(pk[pki++],  skp);
+		#if defined(ED25519_SSE2)
+			curved25519_scalarmult_basepoint_sse2(pk[pki++], skp);
+		#endif
+
+		for (i = 1; i < pki; i++) {
+			if (memcmp(pk[0], pk[i], 32) != 0) {
+				printf("\n\n");
+				print_bytes("sk",  skp, 32);
+				print_bytes("ref10", pk[0], 32);
+				print_diff("curved25519", pk[0], pk[1], 32);
+				#if defined(ED25519_SSE2)
+					print_diff("curved25519-sse2", pk[0], pk[2], 32);
+				#endif
+				exit(1);
+			}
+		}
+
+		if (ctr && (ctr % 0x1000 == 0)) {
+			printf(".");
+			if ((ctr % 0x20000) == 0) {
+				printf(" [");
+				for (i = 0; i < 8; i++)
+					printf("%02x", (unsigned char)(ctr >> ((7 - i) * 8)));
+				printf("]\n");
+			}
+		}
+	}
+}
+
diff --git a/src/ext/ed25519/donna/fuzz/fuzz-ed25519.c b/src/ext/ed25519/donna/fuzz/fuzz-ed25519.c
new file mode 100644
index 0000000000..b242e8e5da
--- /dev/null
+++ b/src/ext/ed25519/donna/fuzz/fuzz-ed25519.c
@@ -0,0 +1,219 @@
+#if defined(_WIN32)
+	#include <windows.h>
+	#include <wincrypt.h>
+	typedef unsigned int uint32_t;
+#else
+	#include <stdint.h>
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "ed25519-donna.h"
+#include "ed25519-ref10.h"
+
+static void
+print_diff(const char *desc, const unsigned char *a, const unsigned char *b, size_t len) {
+	size_t p = 0;
+	unsigned char diff;
+	printf("%s diff:\n", desc);
+	while (len--) {
+		diff = *a++ ^ *b++;
+		if (!diff)
+			printf("____,");
+		else
+			printf("0x%02x,", diff);
+		if ((++p & 15) == 0)
+			printf("\n");
+	}
+	printf("\n");
+}
+
+static void
+print_bytes(const char *desc, const unsigned char *bytes, size_t len) {
+	size_t p = 0;
+	printf("%s:\n", desc);
+	while (len--) {
+		printf("0x%02x,", *bytes++);
+		if ((++p & 15) == 0)
+			printf("\n");
+	}
+	printf("\n");
+}
+
+
+/* chacha20/12 prng */
+void
+prng(unsigned char *out, size_t bytes) {
+	static uint32_t state[16];
+	static int init = 0;
+	uint32_t x[16], t;
+	size_t i;
+
+	if (!init) {
+	#if defined(_WIN32)
+		HCRYPTPROV csp = NULL;
+		if (!CryptAcquireContext(&csp, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+			printf("CryptAcquireContext failed\n");
+			exit(1);
+		}
+		if (!CryptGenRandom(csp, (DWORD)sizeof(state), (BYTE*)state)) {
+			printf("CryptGenRandom failed\n");
+			exit(1);
+		}
+		CryptReleaseContext(csp, 0);
+	#else
+		FILE *f = NULL;
+		f = fopen("/dev/urandom", "rb");
+		if (!f) {
+			printf("failed to open /dev/urandom\n");
+			exit(1);
+		}
+		if (fread(state, sizeof(state), 1, f) != 1) {
+			printf("read error on /dev/urandom\n");
+			exit(1);
+		}
+	#endif
+		init = 1;
+	}
+
+	while (bytes) {
+		for (i = 0; i < 16; i++) x[i] = state[i];
+
+		#define rotl32(x,k) ((x << k) | (x >> (32 - k)))
+		#define quarter(a,b,c,d) \
+			x[a] += x[b]; t = x[d]^x[a]; x[d] = rotl32(t,16); \
+			x[c] += x[d]; t = x[b]^x[c]; x[b] = rotl32(t,12); \
+			x[a] += x[b]; t = x[d]^x[a]; x[d] = rotl32(t, 8); \
+			x[c] += x[d]; t = x[b]^x[c]; x[b] = rotl32(t, 7);
+
+		for (i = 0; i < 12; i += 2) {
+			quarter( 0, 4, 8,12)
+			quarter( 1, 5, 9,13)
+			quarter( 2, 6,10,14)
+			quarter( 3, 7,11,15)
+			quarter( 0, 5,10,15)
+			quarter( 1, 6,11,12)
+			quarter( 2, 7, 8,13)
+			quarter( 3, 4, 9,14)
+		};
+
+		if (bytes <= 64) {
+			memcpy(out, x, bytes);
+			bytes = 0;
+		} else {
+			memcpy(out, x, 64);
+			bytes -= 64;
+			out += 64;
+		}
+
+		/* don't need a nonce, so last 4 words are the counter. 2^136 bytes can be generated */
+		if (!++state[12]) if (!++state[13]) if (!++state[14]) ++state[15];
+	}
+}
+
+typedef struct random_data_t {
+	unsigned char sk[32];
+	unsigned char m[128];
+} random_data;
+
+typedef struct generated_data_t {
+	unsigned char pk[32];
+	unsigned char sig[64];
+	int valid;
+} generated_data;
+
+static void
+print_generated(const char *desc, generated_data *g) {
+	printf("%s:\n", desc);
+	print_bytes("pk", g->pk, 32);
+	print_bytes("sig", g->sig, 64);
+	printf("valid: %s\n\n", g->valid ? "no" : "yes");
+}
+
+static void
+print_generated_diff(const char *desc, const generated_data *base, generated_data *g) {
+	printf("%s:\n", desc);
+	print_diff("pk", base->pk, g->pk, 32);
+	print_diff("sig", base->sig, g->sig, 64);
+	printf("valid: %s\n\n", (base->valid == g->valid) ? "___" : (g->valid ? "no" : "yes"));
+}
+
+int main() {
+	const size_t rndmax = 128;
+	static random_data rnd[128];
+	static generated_data gen[3];
+	random_data *r;
+	generated_data *g;
+	unsigned long long dummylen;
+	unsigned char dummysk[64];
+	unsigned char dummymsg[2][128+64];
+	size_t rndi, geni, i, j;
+	uint64_t ctr;
+
+	printf("fuzzing: ");
+	printf(" ref10");
+	printf(" ed25519-donna");
+#if defined(ED25519_SSE2)
+	printf(" ed25519-donna-sse2");
+#endif
+	printf("\n\n");
+
+	for (ctr = 0, rndi = rndmax;;ctr++) {
+		if (rndi == rndmax) {
+			prng((unsigned char *)rnd, sizeof(rnd));
+			rndi = 0;
+		}
+		r = &rnd[rndi++];
+
+		/* ref10, lots of horrible gymnastics to work around the wonky api */
+		geni = 0;
+		g = &gen[geni++];
+		memcpy(dummysk, r->sk, 32); /* pk is appended to the sk, need to copy the sk to a larger buffer */
+		crypto_sign_pk_ref10(dummysk + 32, dummysk);
+		memcpy(g->pk, dummysk + 32, 32); 
+		crypto_sign_ref10(dummymsg[0], &dummylen, r->m, 128, dummysk);
+		memcpy(g->sig, dummymsg[0], 64); /* sig is placed in front of the signed message */
+		g->valid = crypto_sign_open_ref10(dummymsg[1], &dummylen, dummymsg[0], 128 + 64, g->pk);
+
+		/* ed25519-donna */
+		g = &gen[geni++];
+		ed25519_publickey(r->sk, g->pk);
+		ed25519_sign(r->m, 128, r->sk, g->pk, g->sig);
+		g->valid = ed25519_sign_open(r->m, 128, g->pk, g->sig);
+
+		#if defined(ED25519_SSE2)
+			/* ed25519-donna-sse2 */
+			g = &gen[geni++];
+			ed25519_publickey_sse2(r->sk, g->pk);
+			ed25519_sign_sse2(r->m, 128, r->sk, g->pk, g->sig);
+			g->valid = ed25519_sign_open_sse2(r->m, 128, g->pk, g->sig);
+		#endif
+
+		/* compare implementations 1..geni against the reference */
+		for (i = 1; i < geni; i++) {
+			if (memcmp(&gen[0], &gen[i], sizeof(generated_data)) != 0) {
+				printf("\n\n");
+				print_bytes("sk", r->sk, 32);
+				print_bytes("m", r->m, 128);
+				print_generated("ref10", &gen[0]);
+				print_generated_diff("ed25519-donna", &gen[0], &gen[1]);
+				#if defined(ED25519_SSE2)
+					print_generated_diff("ed25519-donna-sse2", &gen[0], &gen[2]);
+				#endif
+				exit(1);
+			}
+		}
+
+		/* print out status */
+		if (ctr && (ctr % 0x1000 == 0)) {
+			printf(".");
+			if ((ctr % 0x20000) == 0) {
+				printf(" [");
+				for (i = 0; i < 8; i++)
+					printf("%02x", (unsigned char)(ctr >> ((7 - i) * 8)));
+				printf("]\n");
+			}
+		}
+	}
+}
\ No newline at end of file
diff --git a/src/ext/ed25519/donna/modm-donna-32bit.h b/src/ext/ed25519/donna/modm-donna-32bit.h
new file mode 100644
index 0000000000..5f36df655d
--- /dev/null
+++ b/src/ext/ed25519/donna/modm-donna-32bit.h
@@ -0,0 +1,470 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+*/
+
+
+/*
+	Arithmetic modulo the group order n = 2^252 +  27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989
+
+	k = 32
+	b = 1 << 8 = 256
+	m = 2^252 + 27742317777372353535851937790883648493 = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed
+	mu = floor( b^(k*2) / m ) = 0xfffffffffffffffffffffffffffffffeb2106215d086329a7ed9ce5a30a2c131b
+*/
+
+#define bignum256modm_bits_per_limb 30
+#define bignum256modm_limb_size 9
+
+typedef uint32_t bignum256modm_element_t;
+typedef bignum256modm_element_t bignum256modm[9];
+
+static const bignum256modm modm_m = {
+	0x1cf5d3ed, 0x20498c69, 0x2f79cd65, 0x37be77a8,
+	0x00000014,	0x00000000, 0x00000000,	0x00000000,
+	0x00001000
+};
+
+static const bignum256modm modm_mu = {
+	0x0a2c131b, 0x3673968c, 0x06329a7e, 0x01885742,
+	0x3fffeb21, 0x3fffffff, 0x3fffffff, 0x3fffffff,
+	0x000fffff
+};
+
+static bignum256modm_element_t
+lt_modm(bignum256modm_element_t a, bignum256modm_element_t b) {
+	return (a - b) >> 31;
+}
+
+/* see HAC, Alg. 14.42 Step 4 */
+static void
+reduce256_modm(bignum256modm r) {
+	bignum256modm t;
+	bignum256modm_element_t b = 0, pb, mask;
+
+	/* t = r - m */
+	pb = 0;
+	pb += modm_m[0]; b = lt_modm(r[0], pb); t[0] = (r[0] - pb + (b << 30)); pb = b;
+	pb += modm_m[1]; b = lt_modm(r[1], pb); t[1] = (r[1] - pb + (b << 30)); pb = b;
+	pb += modm_m[2]; b = lt_modm(r[2], pb); t[2] = (r[2] - pb + (b << 30)); pb = b;
+	pb += modm_m[3]; b = lt_modm(r[3], pb); t[3] = (r[3] - pb + (b << 30)); pb = b;
+	pb += modm_m[4]; b = lt_modm(r[4], pb); t[4] = (r[4] - pb + (b << 30)); pb = b;
+	pb += modm_m[5]; b = lt_modm(r[5], pb); t[5] = (r[5] - pb + (b << 30)); pb = b;
+	pb += modm_m[6]; b = lt_modm(r[6], pb); t[6] = (r[6] - pb + (b << 30)); pb = b;
+	pb += modm_m[7]; b = lt_modm(r[7], pb); t[7] = (r[7] - pb + (b << 30)); pb = b;
+	pb += modm_m[8]; b = lt_modm(r[8], pb); t[8] = (r[8] - pb + (b << 16));
+
+	/* keep r if r was smaller than m */
+	mask = b - 1;
+	r[0] ^= mask & (r[0] ^ t[0]);
+	r[1] ^= mask & (r[1] ^ t[1]);
+	r[2] ^= mask & (r[2] ^ t[2]);
+	r[3] ^= mask & (r[3] ^ t[3]);
+	r[4] ^= mask & (r[4] ^ t[4]);
+	r[5] ^= mask & (r[5] ^ t[5]);
+	r[6] ^= mask & (r[6] ^ t[6]);
+	r[7] ^= mask & (r[7] ^ t[7]);
+	r[8] ^= mask & (r[8] ^ t[8]);
+}
+
+/*
+	Barrett reduction,  see HAC, Alg. 14.42
+
+	Instead of passing in x, pre-process in to q1 and r1 for efficiency
+*/
+static void
+barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) {
+	bignum256modm q3, r2;
+	uint64_t c;
+	bignum256modm_element_t f, b, pb;
+
+	/* q1 = x >> 248 = 264 bits = 9 30 bit elements
+	   q2 = mu * q1
+	   q3 = (q2 / 256(32+1)) = q2 / (2^8)^(32+1) = q2 >> 264 */
+	c  = mul32x32_64(modm_mu[0], q1[7]) + mul32x32_64(modm_mu[1], q1[6]) + mul32x32_64(modm_mu[2], q1[5]) + mul32x32_64(modm_mu[3], q1[4]) + mul32x32_64(modm_mu[4], q1[3]) + mul32x32_64(modm_mu[5], q1[2]) + mul32x32_64(modm_mu[6], q1[1]) + mul32x32_64(modm_mu[7], q1[0]); 
+	c >>= 30;
+	c += mul32x32_64(modm_mu[0], q1[8]) + mul32x32_64(modm_mu[1], q1[7]) + mul32x32_64(modm_mu[2], q1[6]) + mul32x32_64(modm_mu[3], q1[5]) + mul32x32_64(modm_mu[4], q1[4]) + mul32x32_64(modm_mu[5], q1[3]) + mul32x32_64(modm_mu[6], q1[2]) + mul32x32_64(modm_mu[7], q1[1]) + mul32x32_64(modm_mu[8], q1[0]);
+	f = (bignum256modm_element_t)c; q3[0] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[1], q1[8]) + mul32x32_64(modm_mu[2], q1[7]) + mul32x32_64(modm_mu[3], q1[6]) + mul32x32_64(modm_mu[4], q1[5]) + mul32x32_64(modm_mu[5], q1[4]) + mul32x32_64(modm_mu[6], q1[3]) + mul32x32_64(modm_mu[7], q1[2]) + mul32x32_64(modm_mu[8], q1[1]);
+	f = (bignum256modm_element_t)c; q3[0] |= (f << 6) & 0x3fffffff; q3[1] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[2], q1[8]) + mul32x32_64(modm_mu[3], q1[7]) + mul32x32_64(modm_mu[4], q1[6]) + mul32x32_64(modm_mu[5], q1[5]) + mul32x32_64(modm_mu[6], q1[4]) + mul32x32_64(modm_mu[7], q1[3]) + mul32x32_64(modm_mu[8], q1[2]);
+	f = (bignum256modm_element_t)c; q3[1] |= (f << 6) & 0x3fffffff; q3[2] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[3], q1[8]) + mul32x32_64(modm_mu[4], q1[7]) + mul32x32_64(modm_mu[5], q1[6]) + mul32x32_64(modm_mu[6], q1[5]) + mul32x32_64(modm_mu[7], q1[4]) + mul32x32_64(modm_mu[8], q1[3]);
+	f = (bignum256modm_element_t)c; q3[2] |= (f << 6) & 0x3fffffff; q3[3] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[4], q1[8]) + mul32x32_64(modm_mu[5], q1[7]) + mul32x32_64(modm_mu[6], q1[6]) + mul32x32_64(modm_mu[7], q1[5]) + mul32x32_64(modm_mu[8], q1[4]);
+	f = (bignum256modm_element_t)c; q3[3] |= (f << 6) & 0x3fffffff; q3[4] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[5], q1[8]) + mul32x32_64(modm_mu[6], q1[7]) + mul32x32_64(modm_mu[7], q1[6]) + mul32x32_64(modm_mu[8], q1[5]);
+	f = (bignum256modm_element_t)c; q3[4] |= (f << 6) & 0x3fffffff; q3[5] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[6], q1[8]) + mul32x32_64(modm_mu[7], q1[7]) + mul32x32_64(modm_mu[8], q1[6]);
+	f = (bignum256modm_element_t)c; q3[5] |= (f << 6) & 0x3fffffff; q3[6] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[7], q1[8]) + mul32x32_64(modm_mu[8], q1[7]);
+	f = (bignum256modm_element_t)c; q3[6] |= (f << 6) & 0x3fffffff; q3[7] = (f >> 24) & 0x3f; c >>= 30;
+	c += mul32x32_64(modm_mu[8], q1[8]);
+	f = (bignum256modm_element_t)c; q3[7] |= (f << 6) & 0x3fffffff; q3[8] = (bignum256modm_element_t)(c >> 24);
+
+	/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1)
+	   r2 = (q3 * m) mod (256^(32+1)) = (q3 * m) & ((1 << 264) - 1) */
+	c = mul32x32_64(modm_m[0], q3[0]);
+	r2[0] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[1]) + mul32x32_64(modm_m[1], q3[0]);
+	r2[1] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[2]) + mul32x32_64(modm_m[1], q3[1]) + mul32x32_64(modm_m[2], q3[0]);
+	r2[2] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[3]) + mul32x32_64(modm_m[1], q3[2]) + mul32x32_64(modm_m[2], q3[1]) + mul32x32_64(modm_m[3], q3[0]);
+	r2[3] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[4]) + mul32x32_64(modm_m[1], q3[3]) + mul32x32_64(modm_m[2], q3[2]) + mul32x32_64(modm_m[3], q3[1]) + mul32x32_64(modm_m[4], q3[0]);
+	r2[4] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[5]) + mul32x32_64(modm_m[1], q3[4]) + mul32x32_64(modm_m[2], q3[3]) + mul32x32_64(modm_m[3], q3[2]) + mul32x32_64(modm_m[4], q3[1]) + mul32x32_64(modm_m[5], q3[0]);
+	r2[5] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[6]) + mul32x32_64(modm_m[1], q3[5]) + mul32x32_64(modm_m[2], q3[4]) + mul32x32_64(modm_m[3], q3[3]) + mul32x32_64(modm_m[4], q3[2]) + mul32x32_64(modm_m[5], q3[1]) + mul32x32_64(modm_m[6], q3[0]);
+	r2[6] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[7]) + mul32x32_64(modm_m[1], q3[6]) + mul32x32_64(modm_m[2], q3[5]) + mul32x32_64(modm_m[3], q3[4]) + mul32x32_64(modm_m[4], q3[3]) + mul32x32_64(modm_m[5], q3[2]) + mul32x32_64(modm_m[6], q3[1]) + mul32x32_64(modm_m[7], q3[0]);
+	r2[7] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(modm_m[0], q3[8]) + mul32x32_64(modm_m[1], q3[7]) + mul32x32_64(modm_m[2], q3[6]) + mul32x32_64(modm_m[3], q3[5]) + mul32x32_64(modm_m[4], q3[4]) + mul32x32_64(modm_m[5], q3[3]) + mul32x32_64(modm_m[6], q3[2]) + mul32x32_64(modm_m[7], q3[1]) + mul32x32_64(modm_m[8], q3[0]);
+	r2[8] = (bignum256modm_element_t)(c & 0xffffff);
+
+	/* r = r1 - r2
+	   if (r < 0) r += (1 << 264) */
+	pb = 0;
+	pb += r2[0]; b = lt_modm(r1[0], pb); r[0] = (r1[0] - pb + (b << 30)); pb = b;
+	pb += r2[1]; b = lt_modm(r1[1], pb); r[1] = (r1[1] - pb + (b << 30)); pb = b;
+	pb += r2[2]; b = lt_modm(r1[2], pb); r[2] = (r1[2] - pb + (b << 30)); pb = b;
+	pb += r2[3]; b = lt_modm(r1[3], pb); r[3] = (r1[3] - pb + (b << 30)); pb = b;
+	pb += r2[4]; b = lt_modm(r1[4], pb); r[4] = (r1[4] - pb + (b << 30)); pb = b;
+	pb += r2[5]; b = lt_modm(r1[5], pb); r[5] = (r1[5] - pb + (b << 30)); pb = b;
+	pb += r2[6]; b = lt_modm(r1[6], pb); r[6] = (r1[6] - pb + (b << 30)); pb = b;
+	pb += r2[7]; b = lt_modm(r1[7], pb); r[7] = (r1[7] - pb + (b << 30)); pb = b;
+	pb += r2[8]; b = lt_modm(r1[8], pb); r[8] = (r1[8] - pb + (b << 24));
+
+	reduce256_modm(r);
+	reduce256_modm(r);
+}
+
+/* addition modulo m */
+static void
+add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+	bignum256modm_element_t c;
+
+	c  = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30;
+	c += x[1] + y[1]; r[1] = c & 0x3fffffff; c >>= 30;
+	c += x[2] + y[2]; r[2] = c & 0x3fffffff; c >>= 30;
+	c += x[3] + y[3]; r[3] = c & 0x3fffffff; c >>= 30;
+	c += x[4] + y[4]; r[4] = c & 0x3fffffff; c >>= 30;
+	c += x[5] + y[5]; r[5] = c & 0x3fffffff; c >>= 30;
+	c += x[6] + y[6]; r[6] = c & 0x3fffffff; c >>= 30;
+	c += x[7] + y[7]; r[7] = c & 0x3fffffff; c >>= 30;
+	c += x[8] + y[8]; r[8] = c;
+
+	reduce256_modm(r);
+}
+
+/* multiplication modulo m */
+static void 
+mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+	bignum256modm r1, q1;
+	uint64_t c;
+	bignum256modm_element_t f;
+
+	/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1)
+	   q1 = x >> 248 = 264 bits = 9 30 bit elements */
+	c = mul32x32_64(x[0], y[0]);
+	f = (bignum256modm_element_t)c; r1[0] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[1]) + mul32x32_64(x[1], y[0]);
+	f = (bignum256modm_element_t)c; r1[1] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[2]) + mul32x32_64(x[1], y[1]) + mul32x32_64(x[2], y[0]);
+	f = (bignum256modm_element_t)c; r1[2] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[3]) + mul32x32_64(x[1], y[2]) + mul32x32_64(x[2], y[1]) + mul32x32_64(x[3], y[0]);
+	f = (bignum256modm_element_t)c; r1[3] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[4]) + mul32x32_64(x[1], y[3]) + mul32x32_64(x[2], y[2]) + mul32x32_64(x[3], y[1]) + mul32x32_64(x[4], y[0]);
+	f = (bignum256modm_element_t)c; r1[4] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[5]) + mul32x32_64(x[1], y[4]) + mul32x32_64(x[2], y[3]) + mul32x32_64(x[3], y[2]) + mul32x32_64(x[4], y[1]) + mul32x32_64(x[5], y[0]);
+	f = (bignum256modm_element_t)c; r1[5] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[6]) + mul32x32_64(x[1], y[5]) + mul32x32_64(x[2], y[4]) + mul32x32_64(x[3], y[3]) + mul32x32_64(x[4], y[2]) + mul32x32_64(x[5], y[1]) + mul32x32_64(x[6], y[0]);
+	f = (bignum256modm_element_t)c; r1[6] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[7]) + mul32x32_64(x[1], y[6]) + mul32x32_64(x[2], y[5]) + mul32x32_64(x[3], y[4]) + mul32x32_64(x[4], y[3]) + mul32x32_64(x[5], y[2]) + mul32x32_64(x[6], y[1]) + mul32x32_64(x[7], y[0]);
+	f = (bignum256modm_element_t)c; r1[7] = (f & 0x3fffffff); c >>= 30;
+	c += mul32x32_64(x[0], y[8]) + mul32x32_64(x[1], y[7]) + mul32x32_64(x[2], y[6]) + mul32x32_64(x[3], y[5]) + mul32x32_64(x[4], y[4]) + mul32x32_64(x[5], y[3]) + mul32x32_64(x[6], y[2]) + mul32x32_64(x[7], y[1]) + mul32x32_64(x[8], y[0]);
+	f = (bignum256modm_element_t)c; r1[8] = (f & 0x00ffffff); q1[0] = (f >> 8) & 0x3fffff; c >>= 30;
+	c += mul32x32_64(x[1], y[8]) + mul32x32_64(x[2], y[7]) + mul32x32_64(x[3], y[6]) + mul32x32_64(x[4], y[5]) + mul32x32_64(x[5], y[4]) + mul32x32_64(x[6], y[3]) + mul32x32_64(x[7], y[2]) + mul32x32_64(x[8], y[1]);
+	f = (bignum256modm_element_t)c; q1[0] = (q1[0] | (f << 22)) & 0x3fffffff; q1[1] = (f >> 8) & 0x3fffff; c >>= 30;	
+	c += mul32x32_64(x[2], y[8]) + mul32x32_64(x[3], y[7]) + mul32x32_64(x[4], y[6]) + mul32x32_64(x[5], y[5]) + mul32x32_64(x[6], y[4]) + mul32x32_64(x[7], y[3]) + mul32x32_64(x[8], y[2]);
+	f = (bignum256modm_element_t)c; q1[1] = (q1[1] | (f << 22)) & 0x3fffffff; q1[2] = (f >> 8) & 0x3fffff; c >>= 30;	
+	c += mul32x32_64(x[3], y[8]) + mul32x32_64(x[4], y[7]) + mul32x32_64(x[5], y[6]) + mul32x32_64(x[6], y[5]) + mul32x32_64(x[7], y[4]) + mul32x32_64(x[8], y[3]);
+	f = (bignum256modm_element_t)c; q1[2] = (q1[2] | (f << 22)) & 0x3fffffff; q1[3] = (f >> 8) & 0x3fffff; c >>= 30;	
+	c += mul32x32_64(x[4], y[8]) + mul32x32_64(x[5], y[7]) + mul32x32_64(x[6], y[6]) + mul32x32_64(x[7], y[5]) + mul32x32_64(x[8], y[4]);
+	f = (bignum256modm_element_t)c; q1[3] = (q1[3] | (f << 22)) & 0x3fffffff; q1[4] = (f >> 8) & 0x3fffff; c >>= 30;	
+	c += mul32x32_64(x[5], y[8]) + mul32x32_64(x[6], y[7]) + mul32x32_64(x[7], y[6]) + mul32x32_64(x[8], y[5]);
+	f = (bignum256modm_element_t)c; q1[4] = (q1[4] | (f << 22)) & 0x3fffffff; q1[5] = (f >> 8) & 0x3fffff; c >>= 30;
+	c += mul32x32_64(x[6], y[8]) + mul32x32_64(x[7], y[7]) + mul32x32_64(x[8], y[6]);
+	f = (bignum256modm_element_t)c; q1[5] = (q1[5] | (f << 22)) & 0x3fffffff; q1[6] = (f >> 8) & 0x3fffff; c >>= 30;
+	c += mul32x32_64(x[7], y[8]) + mul32x32_64(x[8], y[7]);
+	f = (bignum256modm_element_t)c; q1[6] = (q1[6] | (f << 22)) & 0x3fffffff; q1[7] = (f >> 8) & 0x3fffff; c >>= 30;
+	c += mul32x32_64(x[8], y[8]);
+	f = (bignum256modm_element_t)c; q1[7] = (q1[7] | (f << 22)) & 0x3fffffff; q1[8] = (f >> 8) & 0x3fffff;
+
+	barrett_reduce256_modm(r, q1, r1);
+}
+
+static void
+expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
+	unsigned char work[64] = {0};
+	bignum256modm_element_t x[16];
+	bignum256modm q1;
+
+	memcpy(work, in, len);
+	x[0] = U8TO32_LE(work +  0);
+	x[1] = U8TO32_LE(work +  4);
+	x[2] = U8TO32_LE(work +  8);
+	x[3] = U8TO32_LE(work + 12);
+	x[4] = U8TO32_LE(work + 16);
+	x[5] = U8TO32_LE(work + 20);
+	x[6] = U8TO32_LE(work + 24);
+	x[7] = U8TO32_LE(work + 28);
+	x[8] = U8TO32_LE(work + 32);
+	x[9] = U8TO32_LE(work + 36);
+	x[10] = U8TO32_LE(work + 40);
+	x[11] = U8TO32_LE(work + 44);
+	x[12] = U8TO32_LE(work + 48);
+	x[13] = U8TO32_LE(work + 52);
+	x[14] = U8TO32_LE(work + 56);
+	x[15] = U8TO32_LE(work + 60);
+
+	/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1) */
+	out[0] = (                         x[0]) & 0x3fffffff;
+	out[1] = ((x[ 0] >> 30) | (x[ 1] <<  2)) & 0x3fffffff;
+	out[2] = ((x[ 1] >> 28) | (x[ 2] <<  4)) & 0x3fffffff;
+	out[3] = ((x[ 2] >> 26) | (x[ 3] <<  6)) & 0x3fffffff;
+	out[4] = ((x[ 3] >> 24) | (x[ 4] <<  8)) & 0x3fffffff;
+	out[5] = ((x[ 4] >> 22) | (x[ 5] << 10)) & 0x3fffffff;
+	out[6] = ((x[ 5] >> 20) | (x[ 6] << 12)) & 0x3fffffff;
+	out[7] = ((x[ 6] >> 18) | (x[ 7] << 14)) & 0x3fffffff;
+	out[8] = ((x[ 7] >> 16) | (x[ 8] << 16)) & 0x00ffffff;
+
+	/* 8*31 = 248 bits, no need to reduce */
+	if (len < 32)
+		return;
+
+	/* q1 = x >> 248 = 264 bits = 9 30 bit elements */
+	q1[0] = ((x[ 7] >> 24) | (x[ 8] <<  8)) & 0x3fffffff;
+	q1[1] = ((x[ 8] >> 22) | (x[ 9] << 10)) & 0x3fffffff;
+	q1[2] = ((x[ 9] >> 20) | (x[10] << 12)) & 0x3fffffff;
+	q1[3] = ((x[10] >> 18) | (x[11] << 14)) & 0x3fffffff;
+	q1[4] = ((x[11] >> 16) | (x[12] << 16)) & 0x3fffffff;
+	q1[5] = ((x[12] >> 14) | (x[13] << 18)) & 0x3fffffff;
+	q1[6] = ((x[13] >> 12) | (x[14] << 20)) & 0x3fffffff;
+	q1[7] = ((x[14] >> 10) | (x[15] << 22)) & 0x3fffffff;
+	q1[8] = ((x[15] >>  8)                );	
+
+	barrett_reduce256_modm(out, q1, out);
+}
+
+static void
+expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
+	bignum256modm_element_t x[8];
+
+	x[0] = U8TO32_LE(in +  0);
+	x[1] = U8TO32_LE(in +  4);
+	x[2] = U8TO32_LE(in +  8);
+	x[3] = U8TO32_LE(in + 12);
+	x[4] = U8TO32_LE(in + 16);
+	x[5] = U8TO32_LE(in + 20);
+	x[6] = U8TO32_LE(in + 24);
+	x[7] = U8TO32_LE(in + 28);
+
+	out[0] = (                         x[0]) & 0x3fffffff;
+	out[1] = ((x[ 0] >> 30) | (x[ 1] <<  2)) & 0x3fffffff;
+	out[2] = ((x[ 1] >> 28) | (x[ 2] <<  4)) & 0x3fffffff;
+	out[3] = ((x[ 2] >> 26) | (x[ 3] <<  6)) & 0x3fffffff;
+	out[4] = ((x[ 3] >> 24) | (x[ 4] <<  8)) & 0x3fffffff;
+	out[5] = ((x[ 4] >> 22) | (x[ 5] << 10)) & 0x3fffffff;
+	out[6] = ((x[ 5] >> 20) | (x[ 6] << 12)) & 0x3fffffff;
+	out[7] = ((x[ 6] >> 18) | (x[ 7] << 14)) & 0x3fffffff;
+	out[8] = ((x[ 7] >> 16)                ) & 0x0000ffff;
+}
+
+static void
+contract256_modm(unsigned char out[32], const bignum256modm in) {
+	U32TO8_LE(out +  0, (in[0]      ) | (in[1] << 30));
+	U32TO8_LE(out +  4, (in[1] >>  2) | (in[2] << 28));
+	U32TO8_LE(out +  8, (in[2] >>  4) | (in[3] << 26));
+	U32TO8_LE(out + 12, (in[3] >>  6) | (in[4] << 24));
+	U32TO8_LE(out + 16, (in[4] >>  8) | (in[5] << 22));
+	U32TO8_LE(out + 20, (in[5] >> 10) | (in[6] << 20));
+	U32TO8_LE(out + 24, (in[6] >> 12) | (in[7] << 18));
+	U32TO8_LE(out + 28, (in[7] >> 14) | (in[8] << 16));
+}
+
+
+
+static void
+contract256_window4_modm(signed char r[64], const bignum256modm in) {
+	char carry;
+	signed char *quads = r;
+	bignum256modm_element_t i, j, v;
+
+	for (i = 0; i < 8; i += 2) {
+		v = in[i];
+		for (j = 0; j < 7; j++) {
+			*quads++ = (v & 15);
+			v >>= 4;
+		}
+		v |= (in[i+1] << 2);
+		for (j = 0; j < 8; j++) {
+			*quads++ = (v & 15);
+			v >>= 4;
+		}
+	}
+	v = in[8];
+	*quads++ = (v & 15); v >>= 4;
+	*quads++ = (v & 15); v >>= 4;
+	*quads++ = (v & 15); v >>= 4;
+	*quads++ = (v & 15); v >>= 4;
+
+	/* making it signed */
+	carry = 0;
+	for(i = 0; i < 63; i++) {
+		r[i] += carry;
+		r[i+1] += (r[i] >> 4);
+		r[i] &= 15;
+		carry = (r[i] >> 3);
+		r[i] -= (carry << 4);
+	}
+	r[63] += carry;
+}
+
+static void
+contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
+	int i,j,k,b;
+	int m = (1 << (windowsize - 1)) - 1;
+        const int soplen = 256;
+	signed char *bits = r;
+	bignum256modm_element_t v;
+
+	/* first put the binary expansion into r  */
+	for (i = 0; i < 8; i++) {
+		v = s[i];
+		for (j = 0; j < 30; j++, v >>= 1)
+			*bits++ = (v & 1);
+	}
+	v = s[8];
+	for (j = 0; j < 16; j++, v >>= 1)
+		*bits++ = (v & 1);
+
+	/* Making it sliding window */
+	for (j = 0; j < soplen; j++) {
+		if (!r[j])
+			continue;
+
+		for (b = 1; (b < (soplen - j)) && (b <= 6); b++) {
+			if ((r[j] + (r[j + b] << b)) <= m) {
+				r[j] += r[j + b] << b;
+				r[j + b] = 0;
+			} else if ((r[j] - (r[j + b] << b)) >= -m) {
+				r[j] -= r[j + b] << b;
+				for (k = j + b; k < soplen; k++) {
+					if (!r[k]) {
+						r[k] = 1;
+						break;
+					}
+					r[k] = 0;
+				}
+			} else if (r[j + b]) {
+				break;
+			}
+		}
+	}
+}
+
+
+/*
+	helpers for batch verifcation, are allowed to be vartime
+*/
+
+/* out = a - b, a must be larger than b */
+static void
+sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm b, size_t limbsize) {
+	size_t i = 0;
+	bignum256modm_element_t carry = 0;
+	switch (limbsize) {
+		case 8: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 7: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 6: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 5: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 4: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 31); out[i] &= 0x3fffffff; i++;
+		case 0: 
+		default: out[i] = (a[i] - b[i]) - carry;
+	}
+}
+
+
+/* is a < b */
+static int
+lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) {
+	switch (limbsize) {
+		case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1;
+		case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1;
+		case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1;
+		case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1;
+		case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1;
+		case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1;
+		case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1;
+		case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1;
+		case 0: if (a[0] > b[0]) return 0; if (a[0] < b[0]) return 1;
+	}
+	return 0;
+}
+
+/* is a <= b */
+static int
+lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) {
+	switch (limbsize) {
+		case 8: if (a[8] > b[8]) return 0; if (a[8] < b[8]) return 1;
+		case 7: if (a[7] > b[7]) return 0; if (a[7] < b[7]) return 1;
+		case 6: if (a[6] > b[6]) return 0; if (a[6] < b[6]) return 1;
+		case 5: if (a[5] > b[5]) return 0; if (a[5] < b[5]) return 1;
+		case 4: if (a[4] > b[4]) return 0; if (a[4] < b[4]) return 1;
+		case 3: if (a[3] > b[3]) return 0; if (a[3] < b[3]) return 1;
+		case 2: if (a[2] > b[2]) return 0; if (a[2] < b[2]) return 1;
+		case 1: if (a[1] > b[1]) return 0; if (a[1] < b[1]) return 1;
+		case 0: if (a[0] > b[0]) return 0; if (a[0] < b[0]) return 1;
+	}
+	return 1;
+}
+
+
+/* is a == 0 */
+static int
+iszero256_modm_batch(const bignum256modm a) {
+	size_t i;
+	for (i = 0; i < 9; i++)
+		if (a[i])
+			return 0;
+	return 1;
+}
+
+/* is a == 1 */
+static int
+isone256_modm_batch(const bignum256modm a) {
+	size_t i;
+	if (a[0] != 1)
+		return 0;
+	for (i = 1; i < 9; i++)
+		if (a[i])
+			return 0;
+	return 1;
+}
+
+/* can a fit in to (at most) 128 bits */
+static int
+isatmost128bits256_modm_batch(const bignum256modm a) {
+	uint32_t mask =
+		((a[8]             )  | /*  16 */
+		 (a[7]             )  | /*  46 */
+		 (a[6]             )  | /*  76 */
+		 (a[5]             )  | /* 106 */
+		 (a[4] & 0x3fffff00));  /* 128 */
+
+	return (mask == 0);
+}
diff --git a/src/ext/ed25519/donna/modm-donna-64bit.h b/src/ext/ed25519/donna/modm-donna-64bit.h
new file mode 100644
index 0000000000..012ea9ea08
--- /dev/null
+++ b/src/ext/ed25519/donna/modm-donna-64bit.h
@@ -0,0 +1,366 @@
+/*
+	Public domain by Andrew M. <liquidsun@gmail.com>
+*/
+
+
+/*
+	Arithmetic modulo the group order n = 2^252 +  27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989
+
+	k = 32
+	b = 1 << 8 = 256
+	m = 2^252 + 27742317777372353535851937790883648493 = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed
+	mu = floor( b^(k*2) / m ) = 0xfffffffffffffffffffffffffffffffeb2106215d086329a7ed9ce5a30a2c131b
+*/
+
+#define bignum256modm_bits_per_limb 56
+#define bignum256modm_limb_size 5
+
+typedef uint64_t bignum256modm_element_t;
+typedef bignum256modm_element_t bignum256modm[5];
+
+static const bignum256modm modm_m = {
+	0x12631a5cf5d3ed, 
+	0xf9dea2f79cd658, 
+	0x000000000014de, 
+	0x00000000000000, 
+	0x00000010000000
+};
+
+static const bignum256modm modm_mu = {
+	0x9ce5a30a2c131b,
+	0x215d086329a7ed,
+	0xffffffffeb2106,
+	0xffffffffffffff,
+	0x00000fffffffff
+};
+
+static bignum256modm_element_t
+lt_modm(bignum256modm_element_t a, bignum256modm_element_t b) {
+	return (a - b) >> 63;
+}
+
+static void
+reduce256_modm(bignum256modm r) {
+	bignum256modm t;
+	bignum256modm_element_t b = 0, pb, mask;
+
+	/* t = r - m */
+	pb = 0;
+	pb += modm_m[0]; b = lt_modm(r[0], pb); t[0] = (r[0] - pb + (b << 56)); pb = b;
+	pb += modm_m[1]; b = lt_modm(r[1], pb); t[1] = (r[1] - pb + (b << 56)); pb = b;
+	pb += modm_m[2]; b = lt_modm(r[2], pb); t[2] = (r[2] - pb + (b << 56)); pb = b;
+	pb += modm_m[3]; b = lt_modm(r[3], pb); t[3] = (r[3] - pb + (b << 56)); pb = b;
+	pb += modm_m[4]; b = lt_modm(r[4], pb); t[4] = (r[4] - pb + (b << 32)); 
+
+	/* keep r if r was smaller than m */
+	mask = b - 1;
+
+	r[0] ^= mask & (r[0] ^ t[0]);
+	r[1] ^= mask & (r[1] ^ t[1]);
+	r[2] ^= mask & (r[2] ^ t[2]);
+	r[3] ^= mask & (r[3] ^ t[3]);
+	r[4] ^= mask & (r[4] ^ t[4]);
+}
+
+static void
+barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) {
+	bignum256modm q3, r2;
+	uint128_t c, mul;
+	bignum256modm_element_t f, b, pb;
+
+	/* q1 = x >> 248 = 264 bits = 5 56 bit elements
+	   q2 = mu * q1
+	   q3 = (q2 / 256(32+1)) = q2 / (2^8)^(32+1) = q2 >> 264 */
+	mul64x64_128(c, modm_mu[0], q1[3])                 mul64x64_128(mul, modm_mu[3], q1[0]) add128(c, mul) mul64x64_128(mul, modm_mu[1], q1[2]) add128(c, mul) mul64x64_128(mul, modm_mu[2], q1[1]) add128(c, mul) shr128(f, c, 56);
+	mul64x64_128(c, modm_mu[0], q1[4]) add128_64(c, f) mul64x64_128(mul, modm_mu[4], q1[0]) add128(c, mul) mul64x64_128(mul, modm_mu[3], q1[1]) add128(c, mul) mul64x64_128(mul, modm_mu[1], q1[3]) add128(c, mul) mul64x64_128(mul, modm_mu[2], q1[2]) add128(c, mul)
+	f = lo128(c); q3[0] = (f >> 40) & 0xffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_mu[4], q1[1]) add128_64(c, f) mul64x64_128(mul, modm_mu[1], q1[4]) add128(c, mul) mul64x64_128(mul, modm_mu[2], q1[3]) add128(c, mul) mul64x64_128(mul, modm_mu[3], q1[2]) add128(c, mul)
+	f = lo128(c); q3[0] |= (f << 16) & 0xffffffffffffff; q3[1] = (f >> 40) & 0xffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_mu[4], q1[2]) add128_64(c, f) mul64x64_128(mul, modm_mu[2], q1[4]) add128(c, mul) mul64x64_128(mul, modm_mu[3], q1[3]) add128(c, mul)
+	f = lo128(c); q3[1] |= (f << 16) & 0xffffffffffffff; q3[2] = (f >> 40) & 0xffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_mu[4], q1[3]) add128_64(c, f) mul64x64_128(mul, modm_mu[3], q1[4]) add128(c, mul)
+	f = lo128(c); q3[2] |= (f << 16) & 0xffffffffffffff; q3[3] = (f >> 40) & 0xffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_mu[4], q1[4]) add128_64(c, f)
+	f = lo128(c); q3[3] |= (f << 16) & 0xffffffffffffff; q3[4] = (f >> 40) & 0xffff; shr128(f, c, 56);
+	q3[4] |= (f << 16);
+
+	mul64x64_128(c, modm_m[0], q3[0]) 
+	r2[0] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_m[0], q3[1]) add128_64(c, f) mul64x64_128(mul, modm_m[1], q3[0]) add128(c, mul)
+	r2[1] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_m[0], q3[2]) add128_64(c, f) mul64x64_128(mul, modm_m[2], q3[0]) add128(c, mul) mul64x64_128(mul, modm_m[1], q3[1]) add128(c, mul)
+	r2[2] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_m[0], q3[3]) add128_64(c, f) mul64x64_128(mul, modm_m[3], q3[0]) add128(c, mul) mul64x64_128(mul, modm_m[1], q3[2]) add128(c, mul) mul64x64_128(mul, modm_m[2], q3[1]) add128(c, mul)
+	r2[3] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, modm_m[0], q3[4]) add128_64(c, f) mul64x64_128(mul, modm_m[4], q3[0]) add128(c, mul) mul64x64_128(mul, modm_m[3], q3[1]) add128(c, mul) mul64x64_128(mul, modm_m[1], q3[3]) add128(c, mul) mul64x64_128(mul, modm_m[2], q3[2]) add128(c, mul)
+	r2[4] = lo128(c) & 0x0000ffffffffff;
+
+	pb = 0;
+	pb += r2[0]; b = lt_modm(r1[0], pb); r[0] = (r1[0] - pb + (b << 56)); pb = b;
+	pb += r2[1]; b = lt_modm(r1[1], pb); r[1] = (r1[1] - pb + (b << 56)); pb = b;
+	pb += r2[2]; b = lt_modm(r1[2], pb); r[2] = (r1[2] - pb + (b << 56)); pb = b;
+	pb += r2[3]; b = lt_modm(r1[3], pb); r[3] = (r1[3] - pb + (b << 56)); pb = b;
+	pb += r2[4]; b = lt_modm(r1[4], pb); r[4] = (r1[4] - pb + (b << 40)); 
+
+	reduce256_modm(r);
+	reduce256_modm(r);
+}
+
+
+static void
+add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+	bignum256modm_element_t c;
+
+	c  = x[0] + y[0]; r[0] = c & 0xffffffffffffff; c >>= 56;
+	c += x[1] + y[1]; r[1] = c & 0xffffffffffffff; c >>= 56;
+	c += x[2] + y[2]; r[2] = c & 0xffffffffffffff; c >>= 56;
+	c += x[3] + y[3]; r[3] = c & 0xffffffffffffff; c >>= 56;
+	c += x[4] + y[4]; r[4] = c;
+
+	reduce256_modm(r);
+}
+
+static void
+mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
+	bignum256modm q1, r1;
+	uint128_t c, mul;
+	bignum256modm_element_t f;
+
+	mul64x64_128(c, x[0], y[0])
+	f = lo128(c); r1[0] = f & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[0], y[1]) add128_64(c, f) mul64x64_128(mul, x[1], y[0]) add128(c, mul) 
+	f = lo128(c); r1[1] = f & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[0], y[2]) add128_64(c, f) mul64x64_128(mul, x[2], y[0]) add128(c, mul) mul64x64_128(mul, x[1], y[1]) add128(c, mul) 
+	f = lo128(c); r1[2] = f & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[0], y[3]) add128_64(c, f) mul64x64_128(mul, x[3], y[0]) add128(c, mul) mul64x64_128(mul, x[1], y[2]) add128(c, mul) mul64x64_128(mul, x[2], y[1]) add128(c, mul) 
+	f = lo128(c); r1[3] = f & 0xffffffffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[0], y[4]) add128_64(c, f) mul64x64_128(mul, x[4], y[0]) add128(c, mul) mul64x64_128(mul, x[3], y[1]) add128(c, mul) mul64x64_128(mul, x[1], y[3]) add128(c, mul) mul64x64_128(mul, x[2], y[2]) add128(c, mul) 
+	f = lo128(c); r1[4] = f & 0x0000ffffffffff; q1[0] = (f >> 24) & 0xffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[4], y[1]) add128_64(c, f) mul64x64_128(mul, x[1], y[4]) add128(c, mul) mul64x64_128(mul, x[2], y[3]) add128(c, mul) mul64x64_128(mul, x[3], y[2]) add128(c, mul) 
+	f = lo128(c); q1[0] |= (f << 32) & 0xffffffffffffff; q1[1] = (f >> 24) & 0xffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[4], y[2]) add128_64(c, f) mul64x64_128(mul, x[2], y[4]) add128(c, mul) mul64x64_128(mul, x[3], y[3]) add128(c, mul) 
+	f = lo128(c); q1[1] |= (f << 32) & 0xffffffffffffff; q1[2] = (f >> 24) & 0xffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[4], y[3]) add128_64(c, f) mul64x64_128(mul, x[3], y[4]) add128(c, mul) 
+	f = lo128(c); q1[2] |= (f << 32) & 0xffffffffffffff; q1[3] = (f >> 24) & 0xffffffff; shr128(f, c, 56);
+	mul64x64_128(c, x[4], y[4]) add128_64(c, f)
+	f = lo128(c); q1[3] |= (f << 32) & 0xffffffffffffff; q1[4] = (f >> 24) & 0xffffffff; shr128(f, c, 56);
+	q1[4] |= (f << 32);
+
+	barrett_reduce256_modm(r, q1, r1);
+}
+
+static void
+expand256_modm(bignum256modm out, const unsigned char *in, size_t len) {
+	unsigned char work[64] = {0};
+	bignum256modm_element_t x[16];
+	bignum256modm q1;
+
+	memcpy(work, in, len);
+	x[0] = U8TO64_LE(work +  0);
+	x[1] = U8TO64_LE(work +  8);
+	x[2] = U8TO64_LE(work + 16);
+	x[3] = U8TO64_LE(work + 24);
+	x[4] = U8TO64_LE(work + 32);
+	x[5] = U8TO64_LE(work + 40);
+	x[6] = U8TO64_LE(work + 48);
+	x[7] = U8TO64_LE(work + 56);
+
+	/* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1) */
+	out[0] = (                         x[0]) & 0xffffffffffffff;
+	out[1] = ((x[ 0] >> 56) | (x[ 1] <<  8)) & 0xffffffffffffff;
+	out[2] = ((x[ 1] >> 48) | (x[ 2] << 16)) & 0xffffffffffffff;
+	out[3] = ((x[ 2] >> 40) | (x[ 3] << 24)) & 0xffffffffffffff;
+	out[4] = ((x[ 3] >> 32) | (x[ 4] << 32)) & 0x0000ffffffffff;
+
+	/* under 252 bits, no need to reduce */
+	if (len < 32)
+		return;
+
+	/* q1 = x >> 248 = 264 bits */
+	q1[0] = ((x[ 3] >> 56) | (x[ 4] <<  8)) & 0xffffffffffffff;
+	q1[1] = ((x[ 4] >> 48) | (x[ 5] << 16)) & 0xffffffffffffff;
+	q1[2] = ((x[ 5] >> 40) | (x[ 6] << 24)) & 0xffffffffffffff;
+	q1[3] = ((x[ 6] >> 32) | (x[ 7] << 32)) & 0xffffffffffffff;
+	q1[4] = ((x[ 7] >> 24)                );
+
+	barrett_reduce256_modm(out, q1, out);
+}
+
+static void
+expand_raw256_modm(bignum256modm out, const unsigned char in[32]) {
+	bignum256modm_element_t x[4];
+
+	x[0] = U8TO64_LE(in +  0);
+	x[1] = U8TO64_LE(in +  8);
+	x[2] = U8TO64_LE(in + 16);
+	x[3] = U8TO64_LE(in + 24);
+
+	out[0] = (                         x[0]) & 0xffffffffffffff;
+	out[1] = ((x[ 0] >> 56) | (x[ 1] <<  8)) & 0xffffffffffffff;
+	out[2] = ((x[ 1] >> 48) | (x[ 2] << 16)) & 0xffffffffffffff;
+	out[3] = ((x[ 2] >> 40) | (x[ 3] << 24)) & 0xffffffffffffff;
+	out[4] = ((x[ 3] >> 32)                ) & 0x000000ffffffff;
+}
+
+static void
+contract256_modm(unsigned char out[32], const bignum256modm in) {
+	U64TO8_LE(out +  0, (in[0]      ) | (in[1] << 56));
+	U64TO8_LE(out +  8, (in[1] >>  8) | (in[2] << 48));
+	U64TO8_LE(out + 16, (in[2] >> 16) | (in[3] << 40));
+	U64TO8_LE(out + 24, (in[3] >> 24) | (in[4] << 32));
+}
+
+static void
+contract256_window4_modm(signed char r[64], const bignum256modm in) {
+	char carry;
+	signed char *quads = r;
+	bignum256modm_element_t i, j, v, m;
+
+	for (i = 0; i < 5; i++) {
+		v = in[i];
+		m = (i == 4) ? 8 : 14;
+		for (j = 0; j < m; j++) {
+			*quads++ = (v & 15);
+			v >>= 4;
+		}
+	}
+
+	/* making it signed */
+	carry = 0;
+	for(i = 0; i < 63; i++) {
+		r[i] += carry;
+		r[i+1] += (r[i] >> 4);
+		r[i] &= 15;
+		carry = (r[i] >> 3);
+		r[i] -= (carry << 4);
+	}
+	r[63] += carry;
+}
+
+static void
+contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) {
+	int i,j,k,b;
+	int m = (1 << (windowsize - 1)) - 1;
+        const int soplen = 256;
+	signed char *bits = r;
+	bignum256modm_element_t v;
+
+	/* first put the binary expansion into r  */
+	for (i = 0; i < 4; i++) {
+		v = s[i];
+		for (j = 0; j < 56; j++, v >>= 1)
+			*bits++ = (v & 1);
+	}
+	v = s[4];
+	for (j = 0; j < 32; j++, v >>= 1)
+		*bits++ = (v & 1);
+
+	/* Making it sliding window */
+	for (j = 0; j < soplen; j++) {
+		if (!r[j])
+			continue;
+
+		for (b = 1; (b < (soplen - j)) && (b <= 6); b++) {
+			/* XXX Tor: coverity scan says that r[j+b] can
+			 * overflow, but that's not possible: b < (soplen-j)
+			 * guarantees that b + j < soplen, so b+j < 256,
+			 * so the index doesn't overflow. */
+			if ((r[j] + (r[j + b] << b)) <= m) {
+				r[j] += r[j + b] << b;
+				r[j + b] = 0;
+			} else if ((r[j] - (r[j + b] << b)) >= -m) {
+				r[j] -= r[j + b] << b;
+				for (k = j + b; k < soplen; k++) {
+					if (!r[k]) {
+						r[k] = 1;
+						break;
+					}
+					r[k] = 0;
+				}
+			} else if (r[j + b]) {
+				break;
+			}
+		}
+	}
+}
+
+/*
+	helpers for batch verifcation, are allowed to be vartime
+*/
+
+/* out = a - b, a must be larger than b */
+static void
+sub256_modm_batch(bignum256modm out, const bignum256modm a, const bignum256modm b, size_t limbsize) {
+	size_t i = 0;
+	bignum256modm_element_t carry = 0;
+	switch (limbsize) {
+		case 4: out[i] = (a[i] - b[i])        ; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++;
+		case 3: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++;
+		case 2: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++;
+		case 1: out[i] = (a[i] - b[i]) - carry; carry = (out[i] >> 63); out[i] &= 0xffffffffffffff; i++;
+		case 0: 
+		default: out[i] = (a[i] - b[i]) - carry;
+	}
+}
+
+
+/* is a < b */
+static int
+lt256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) {
+	size_t i = 0;
+	bignum256modm_element_t t, carry = 0;
+	switch (limbsize) {
+		case 4: t = (a[i] - b[i])        ; carry = (t >> 63); i++;
+		case 3: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++;
+		case 2: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++;
+		case 1: t = (a[i] - b[i]) - carry; carry = (t >> 63); i++;
+		case 0: t = (a[i] - b[i]) - carry; carry = (t >> 63);
+	}
+	return (int)carry;
+}
+
+/* is a <= b */
+static int
+lte256_modm_batch(const bignum256modm a, const bignum256modm b, size_t limbsize) {
+	size_t i = 0;
+	bignum256modm_element_t t, carry = 0;
+	switch (limbsize) {
+		case 4: t = (b[i] - a[i])        ; carry = (t >> 63); i++;
+		case 3: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++;
+		case 2: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++;
+		case 1: t = (b[i] - a[i]) - carry; carry = (t >> 63); i++;
+		case 0: t = (b[i] - a[i]) - carry; carry = (t >> 63);
+	}
+	return (int)!carry;
+}
+
+/* is a == 0 */
+static int
+iszero256_modm_batch(const bignum256modm a) {
+	size_t i;
+	for (i = 0; i < 5; i++)
+		if (a[i])
+			return 0;
+	return 1;
+}
+
+/* is a == 1 */
+static int
+isone256_modm_batch(const bignum256modm a) {
+	size_t i;
+	for (i = 0; i < 5; i++)
+		if (a[i] != ((i) ? 0 : 1))
+			return 0;
+	return 1;
+}
+
+/* can a fit in to (at most) 128 bits */
+static int
+isatmost128bits256_modm_batch(const bignum256modm a) {
+	uint64_t mask =
+		((a[4]                   )  | /*  32 */
+		 (a[3]                   )  | /*  88 */
+		 (a[2] & 0xffffffffff0000));
+
+	return (mask == 0);
+}
diff --git a/src/ext/ed25519/donna/regression.h b/src/ext/ed25519/donna/regression.h
new file mode 100644
index 0000000000..b4c2e62c0a
--- /dev/null
+++ b/src/ext/ed25519/donna/regression.h
@@ -0,0 +1,1024 @@
+{{0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,},{0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a,},{0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b,},""},
+{{0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb,},{0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c,},{0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00,},"\x72"},
+{{0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7,},{0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25,},{0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a,},"\xaf\x82"},
+{{0x0d,0x4a,0x05,0xb0,0x73,0x52,0xa5,0x43,0x6e,0x18,0x03,0x56,0xda,0x0a,0xe6,0xef,0xa0,0x34,0x5f,0xf7,0xfb,0x15,0x72,0x57,0x57,0x72,0xe8,0x00,0x5e,0xd9,0x78,0xe9,},{0xe6,0x1a,0x18,0x5b,0xce,0xf2,0x61,0x3a,0x6c,0x7c,0xb7,0x97,0x63,0xce,0x94,0x5d,0x3b,0x24,0x5d,0x76,0x11,0x4d,0xd4,0x40,0xbc,0xf5,0xf2,0xdc,0x1a,0xa5,0x70,0x57,},{0xd9,0x86,0x8d,0x52,0xc2,0xbe,0xbc,0xe5,0xf3,0xfa,0x5a,0x79,0x89,0x19,0x70,0xf3,0x09,0xcb,0x65,0x91,0xe3,0xe1,0x70,0x2a,0x70,0x27,0x6f,0xa9,0x7c,0x24,0xb3,0xa8,0xe5,0x86,0x06,0xc3,0x8c,0x97,0x58,0x52,0x9d,0xa5,0x0e,0xe3,0x1b,0x82,0x19,0xcb,0xa4,0x52,0x71,0xc6,0x89,0xaf,0xa6,0x0b,0x0e,0xa2,0x6c,0x99,0xdb,0x19,0xb0,0x0c,},"\xcb\xc7\x7b"},
+{{0x6d,0xf9,0x34,0x0c,0x13,0x8c,0xc1,0x88,0xb5,0xfe,0x44,0x64,0xeb,0xaa,0x3f,0x7f,0xc2,0x06,0xa2,0xd5,0x5c,0x34,0x34,0x70,0x7e,0x74,0xc9,0xfc,0x04,0xe2,0x0e,0xbb,},{0xc0,0xda,0xc1,0x02,0xc4,0x53,0x31,0x86,0xe2,0x5d,0xc4,0x31,0x28,0x47,0x23,0x53,0xea,0xab,0xdb,0x87,0x8b,0x15,0x2a,0xeb,0x8e,0x00,0x1f,0x92,0xd9,0x02,0x33,0xa7,},{0x12,0x4f,0x6f,0xc6,0xb0,0xd1,0x00,0x84,0x27,0x69,0xe7,0x1b,0xd5,0x30,0x66,0x4d,0x88,0x8d,0xf8,0x50,0x7d,0xf6,0xc5,0x6d,0xed,0xfd,0xb5,0x09,0xae,0xb9,0x34,0x16,0xe2,0x6b,0x91,0x8d,0x38,0xaa,0x06,0x30,0x5d,0xf3,0x09,0x56,0x97,0xc1,0x8b,0x2a,0xa8,0x32,0xea,0xa5,0x2e,0xdc,0x0a,0xe4,0x9f,0xba,0xe5,0xa8,0x5e,0x15,0x0c,0x07,},"\x5f\x4c\x89\x89"},
+{{0xb7,0x80,0x38,0x1a,0x65,0xed,0xf8,0xb7,0x8f,0x69,0x45,0xe8,0xdb,0xec,0x79,0x41,0xac,0x04,0x9f,0xd4,0xc6,0x10,0x40,0xcf,0x0c,0x32,0x43,0x57,0x97,0x5a,0x29,0x3c,},{0xe2,0x53,0xaf,0x07,0x66,0x80,0x4b,0x86,0x9b,0xb1,0x59,0x5b,0xe9,0x76,0x5b,0x53,0x48,0x86,0xbb,0xaa,0xb8,0x30,0x5b,0xf5,0x0d,0xbc,0x7f,0x89,0x9b,0xfb,0x5f,0x01,},{0xb2,0xfc,0x46,0xad,0x47,0xaf,0x46,0x44,0x78,0xc1,0x99,0xe1,0xf8,0xbe,0x16,0x9f,0x1b,0xe6,0x32,0x7c,0x7f,0x9a,0x0a,0x66,0x89,0x37,0x1c,0xa9,0x4c,0xaf,0x04,0x06,0x4a,0x01,0xb2,0x2a,0xff,0x15,0x20,0xab,0xd5,0x89,0x51,0x34,0x16,0x03,0xfa,0xed,0x76,0x8c,0xf7,0x8c,0xe9,0x7a,0xe7,0xb0,0x38,0xab,0xfe,0x45,0x6a,0xa1,0x7c,0x09,},"\x18\xb6\xbe\xc0\x97"},
+{{0x78,0xae,0x9e,0xff,0xe6,0xf2,0x45,0xe9,0x24,0xa7,0xbe,0x63,0x04,0x11,0x46,0xeb,0xc6,0x70,0xdb,0xd3,0x06,0x0c,0xba,0x67,0xfb,0xc6,0x21,0x6f,0xeb,0xc4,0x45,0x46,},{0xfb,0xcf,0xbf,0xa4,0x05,0x05,0xd7,0xf2,0xbe,0x44,0x4a,0x33,0xd1,0x85,0xcc,0x54,0xe1,0x6d,0x61,0x52,0x60,0xe1,0x64,0x0b,0x2b,0x50,0x87,0xb8,0x3e,0xe3,0x64,0x3d,},{0x6e,0xd6,0x29,0xfc,0x1d,0x9c,0xe9,0xe1,0x46,0x87,0x55,0xff,0x63,0x6d,0x5a,0x3f,0x40,0xa5,0xd9,0xc9,0x1a,0xfd,0x93,0xb7,0x9d,0x24,0x18,0x30,0xf7,0xe5,0xfa,0x29,0x85,0x4b,0x8f,0x20,0xcc,0x6e,0xec,0xbb,0x24,0x8d,0xbd,0x8d,0x16,0xd1,0x4e,0x99,0x75,0x21,0x94,0xe4,0x90,0x4d,0x09,0xc7,0x4d,0x63,0x95,0x18,0x83,0x9d,0x23,0x00,},"\x89\x01\x0d\x85\x59\x72"},
+{{0x69,0x18,0x65,0xbf,0xc8,0x2a,0x1e,0x4b,0x57,0x4e,0xec,0xde,0x4c,0x75,0x19,0x09,0x3f,0xaf,0x0c,0xf8,0x67,0x38,0x02,0x34,0xe3,0x66,0x46,0x45,0xc6,0x1c,0x5f,0x79,},{0x98,0xa5,0xe3,0xa3,0x6e,0x67,0xaa,0xba,0x89,0x88,0x8b,0xf0,0x93,0xde,0x1a,0xd9,0x63,0xe7,0x74,0x01,0x3b,0x39,0x02,0xbf,0xab,0x35,0x6d,0x8b,0x90,0x17,0x8a,0x63,},{0x6e,0x0a,0xf2,0xfe,0x55,0xae,0x37,0x7a,0x6b,0x7a,0x72,0x78,0xed,0xfb,0x41,0x9b,0xd3,0x21,0xe0,0x6d,0x0d,0xf5,0xe2,0x70,0x37,0xdb,0x88,0x12,0xe7,0xe3,0x52,0x98,0x10,0xfa,0x55,0x52,0xf6,0xc0,0x02,0x09,0x85,0xca,0x17,0xa0,0xe0,0x2e,0x03,0x6d,0x7b,0x22,0x2a,0x24,0xf9,0x9b,0x77,0xb7,0x5f,0xdd,0x16,0xcb,0x05,0x56,0x81,0x07,},"\xb4\xa8\xf3\x81\xe7\x0e\x7a"},
+{{0x3b,0x26,0x51,0x6f,0xb3,0xdc,0x88,0xeb,0x18,0x1b,0x9e,0xd7,0x3f,0x0b,0xcd,0x52,0xbc,0xd6,0xb4,0xc7,0x88,0xe4,0xbc,0xaf,0x46,0x05,0x7f,0xd0,0x78,0xbe,0xe0,0x73,},{0xf8,0x1f,0xb5,0x4a,0x82,0x5f,0xce,0xd9,0x5e,0xb0,0x33,0xaf,0xcd,0x64,0x31,0x40,0x75,0xab,0xfb,0x0a,0xbd,0x20,0xa9,0x70,0x89,0x25,0x03,0x43,0x6f,0x34,0xb8,0x63,},{0xd6,0xad,0xde,0xc5,0xaf,0xb0,0x52,0x8a,0xc1,0x7b,0xb1,0x78,0xd3,0xe7,0xf2,0x88,0x7f,0x9a,0xdb,0xb1,0xad,0x16,0xe1,0x10,0x54,0x5e,0xf3,0xbc,0x57,0xf9,0xde,0x23,0x14,0xa5,0xc8,0x38,0x8f,0x72,0x3b,0x89,0x07,0xbe,0x0f,0x3a,0xc9,0x0c,0x62,0x59,0xbb,0xe8,0x85,0xec,0xc1,0x76,0x45,0xdf,0x3d,0xb7,0xd4,0x88,0xf8,0x05,0xfa,0x08,},"\x42\x84\xab\xc5\x1b\xb6\x72\x35"},
+{{0xed,0xc6,0xf5,0xfb,0xdd,0x1c,0xee,0x4d,0x10,0x1c,0x06,0x35,0x30,0xa3,0x04,0x90,0xb2,0x21,0xbe,0x68,0xc0,0x36,0xf5,0xb0,0x7d,0x0f,0x95,0x3b,0x74,0x5d,0xf1,0x92,},{0xc1,0xa4,0x9c,0x66,0xe6,0x17,0xf9,0xef,0x5e,0xc6,0x6b,0xc4,0xc6,0x56,0x4c,0xa3,0x3d,0xe2,0xa5,0xfb,0x5e,0x14,0x64,0x06,0x2e,0x6d,0x6c,0x62,0x19,0x15,0x5e,0xfd,},{0x2c,0x76,0xa0,0x4a,0xf2,0x39,0x1c,0x14,0x70,0x82,0xe3,0x3f,0xaa,0xcd,0xbe,0x56,0x64,0x2a,0x1e,0x13,0x4b,0xd3,0x88,0x62,0x0b,0x85,0x2b,0x90,0x1a,0x6b,0xc1,0x6f,0xf6,0xc9,0xcc,0x94,0x04,0xc4,0x1d,0xea,0x12,0xed,0x28,0x1d,0xa0,0x67,0xa1,0x51,0x38,0x66,0xf9,0xd9,0x64,0xf8,0xbd,0xd2,0x49,0x53,0x85,0x6c,0x50,0x04,0x29,0x01,},"\x67\x2b\xf8\x96\x5d\x04\xbc\x51\x46"},
+{{0x4e,0x7d,0x21,0xfb,0x3b,0x18,0x97,0x57,0x1a,0x44,0x58,0x33,0xbe,0x0f,0x9f,0xd4,0x1c,0xd6,0x2b,0xe3,0xaa,0x04,0x04,0x0f,0x89,0x34,0xe1,0xfc,0xbd,0xca,0xcd,0x45,},{0x31,0xb2,0x52,0x4b,0x83,0x48,0xf7,0xab,0x1d,0xfa,0xfa,0x67,0x5c,0xc5,0x38,0xe9,0xa8,0x4e,0x3f,0xe5,0x81,0x9e,0x27,0xc1,0x2a,0xd8,0xbb,0xc1,0xa3,0x6e,0x4d,0xff,},{0x28,0xe4,0x59,0x8c,0x41,0x5a,0xe9,0xde,0x01,0xf0,0x3f,0x9f,0x3f,0xab,0x4e,0x91,0x9e,0x8b,0xf5,0x37,0xdd,0x2b,0x0c,0xdf,0x6e,0x79,0xb9,0xe6,0x55,0x9c,0x94,0x09,0xd9,0x15,0x1a,0x4c,0x40,0xf0,0x83,0x19,0x39,0x37,0x62,0x7c,0x36,0x94,0x88,0x25,0x9e,0x99,0xda,0x5a,0x9f,0x0a,0x87,0x49,0x7f,0xa6,0x69,0x6a,0x5d,0xd6,0xce,0x08,},"\x33\xd7\xa7\x86\xad\xed\x8c\x1b\xf6\x91"},
+{{0xa9,0x80,0xf8,0x92,0xdb,0x13,0xc9,0x9a,0x3e,0x89,0x71,0xe9,0x65,0xb2,0xff,0x3d,0x41,0xea,0xfd,0x54,0x09,0x3b,0xc9,0xf3,0x4d,0x1f,0xd2,0x2d,0x84,0x11,0x5b,0xb6,},{0x44,0xb5,0x7e,0xe3,0x0c,0xdb,0x55,0x82,0x9d,0x0a,0x5d,0x4f,0x04,0x6b,0xae,0xf0,0x78,0xf1,0xe9,0x7a,0x7f,0x21,0xb6,0x2d,0x75,0xf8,0xe9,0x6e,0xa1,0x39,0xc3,0x5f,},{0x77,0xd3,0x89,0xe5,0x99,0x63,0x0d,0x93,0x40,0x76,0x32,0x95,0x83,0xcd,0x41,0x05,0xa6,0x49,0xa9,0x29,0x2a,0xbc,0x44,0xcd,0x28,0xc4,0x00,0x00,0xc8,0xe2,0xf5,0xac,0x76,0x60,0xa8,0x1c,0x85,0xb7,0x2a,0xf8,0x45,0x2d,0x7d,0x25,0xc0,0x70,0x86,0x1d,0xae,0x91,0x60,0x1c,0x78,0x03,0xd6,0x56,0x53,0x16,0x50,0xdd,0x4e,0x5c,0x41,0x00,},"\x34\x86\xf6\x88\x48\xa6\x5a\x0e\xb5\x50\x7d"},
+{{0x5b,0x5a,0x61,0x9f,0x8c,0xe1,0xc6,0x6d,0x7c,0xe2,0x6e,0x5a,0x2a,0xe7,0xb0,0xc0,0x4f,0xeb,0xcd,0x34,0x6d,0x28,0x6c,0x92,0x9e,0x19,0xd0,0xd5,0x97,0x3b,0xfe,0xf9,},{0x6f,0xe8,0x36,0x93,0xd0,0x11,0xd1,0x11,0x13,0x1c,0x4f,0x3f,0xba,0xaa,0x40,0xa9,0xd3,0xd7,0x6b,0x30,0x01,0x2f,0xf7,0x3b,0xb0,0xe3,0x9e,0xc2,0x7a,0xb1,0x82,0x57,},{0x0f,0x9a,0xd9,0x79,0x30,0x33,0xa2,0xfa,0x06,0x61,0x4b,0x27,0x7d,0x37,0x38,0x1e,0x6d,0x94,0xf6,0x5a,0xc2,0xa5,0xa9,0x45,0x58,0xd0,0x9e,0xd6,0xce,0x92,0x22,0x58,0xc1,0xa5,0x67,0x95,0x2e,0x86,0x3a,0xc9,0x42,0x97,0xae,0xc3,0xc0,0xd0,0xc8,0xdd,0xf7,0x10,0x84,0xe5,0x04,0x86,0x0b,0xb6,0xba,0x27,0x44,0x9b,0x55,0xad,0xc4,0x0e,},"\x5a\x8d\x9d\x0a\x22\x35\x7e\x66\x55\xf9\xc7\x85"},
+{{0x94,0x0c,0x89,0xfe,0x40,0xa8,0x1d,0xaf,0xbd,0xb2,0x41,0x6d,0x14,0xae,0x46,0x91,0x19,0x86,0x97,0x44,0x41,0x0c,0x33,0x03,0xbf,0xaa,0x02,0x41,0xda,0xc5,0x78,0x00,},{0xa2,0xeb,0x8c,0x05,0x01,0xe3,0x0b,0xae,0x0c,0xf8,0x42,0xd2,0xbd,0xe8,0xde,0xc7,0x38,0x6f,0x6b,0x7f,0xc3,0x98,0x1b,0x8c,0x57,0xc9,0x79,0x2b,0xb9,0x4c,0xf2,0xdd,},{0xd8,0xbb,0x64,0xaa,0xd8,0xc9,0x95,0x5a,0x11,0x5a,0x79,0x3a,0xdd,0xd2,0x4f,0x7f,0x2b,0x07,0x76,0x48,0x71,0x4f,0x49,0xc4,0x69,0x4e,0xc9,0x95,0xb3,0x30,0xd0,0x9d,0x64,0x0d,0xf3,0x10,0xf4,0x47,0xfd,0x7b,0x6c,0xb5,0xc1,0x4f,0x9f,0xe9,0xf4,0x90,0xbc,0xf8,0xcf,0xad,0xbf,0xd2,0x16,0x9c,0x8a,0xc2,0x0d,0x3b,0x8a,0xf4,0x9a,0x0c,},"\xb8\x7d\x38\x13\xe0\x3f\x58\xcf\x19\xfd\x0b\x63\x95"},
+{{0x9a,0xca,0xd9,0x59,0xd2,0x16,0x21,0x2d,0x78,0x9a,0x11,0x92,0x52,0xeb,0xfe,0x0c,0x96,0x51,0x2a,0x23,0xc7,0x3b,0xd9,0xf3,0xb2,0x02,0x29,0x2d,0x69,0x16,0xa7,0x38,},{0xcf,0x3a,0xf8,0x98,0x46,0x7a,0x5b,0x7a,0x52,0xd3,0x3d,0x53,0xbc,0x03,0x7e,0x26,0x42,0xa8,0xda,0x99,0x69,0x03,0xfc,0x25,0x22,0x17,0xe9,0xc0,0x33,0xe2,0xf2,0x91,},{0x6e,0xe3,0xfe,0x81,0xe2,0x3c,0x60,0xeb,0x23,0x12,0xb2,0x00,0x6b,0x3b,0x25,0xe6,0x83,0x8e,0x02,0x10,0x66,0x23,0xf8,0x44,0xc4,0x4e,0xdb,0x8d,0xaf,0xd6,0x6a,0xb0,0x67,0x10,0x87,0xfd,0x19,0x5d,0xf5,0xb8,0xf5,0x8a,0x1d,0x6e,0x52,0xaf,0x42,0x90,0x80,0x53,0xd5,0x5c,0x73,0x21,0x01,0x00,0x92,0x74,0x87,0x95,0xef,0x94,0xcf,0x06,},"\x55\xc7\xfa\x43\x4f\x5e\xd8\xcd\xec\x2b\x7a\xea\xc1\x73"},
+{{0xd5,0xae,0xee,0x41,0xee,0xb0,0xe9,0xd1,0xbf,0x83,0x37,0xf9,0x39,0x58,0x7e,0xbe,0x29,0x61,0x61,0xe6,0xbf,0x52,0x09,0xf5,0x91,0xec,0x93,0x9e,0x14,0x40,0xc3,0x00,},{0xfd,0x2a,0x56,0x57,0x23,0x16,0x3e,0x29,0xf5,0x3c,0x9d,0xe3,0xd5,0xe8,0xfb,0xe3,0x6a,0x7a,0xb6,0x6e,0x14,0x39,0xec,0x4e,0xae,0x9c,0x0a,0x60,0x4a,0xf2,0x91,0xa5,},{0xf6,0x8d,0x04,0x84,0x7e,0x5b,0x24,0x97,0x37,0x89,0x9c,0x01,0x4d,0x31,0xc8,0x05,0xc5,0x00,0x7a,0x62,0xc0,0xa1,0x0d,0x50,0xbb,0x15,0x38,0xc5,0xf3,0x55,0x03,0x95,0x1f,0xbc,0x1e,0x08,0x68,0x2f,0x2c,0xc0,0xc9,0x2e,0xfe,0x8f,0x49,0x85,0xde,0xc6,0x1d,0xcb,0xd5,0x4d,0x4b,0x94,0xa2,0x25,0x47,0xd2,0x44,0x51,0x27,0x1c,0x8b,0x00,},"\x0a\x68\x8e\x79\xbe\x24\xf8\x66\x28\x6d\x46\x46\xb5\xd8\x1c"},
+{{0x0a,0x47,0xd1,0x04,0x52,0xae,0x2f,0xeb,0xec,0x51,0x8a,0x1c,0x7c,0x36,0x28,0x90,0xc3,0xfc,0x1a,0x49,0xd3,0x4b,0x03,0xb6,0x46,0x7d,0x35,0xc9,0x04,0xa8,0x36,0x2d,},{0x34,0xe5,0xa8,0x50,0x8c,0x47,0x43,0x74,0x69,0x62,0xc0,0x66,0xe4,0xba,0xde,0xa2,0x20,0x1b,0x8a,0xb4,0x84,0xde,0x5c,0x4f,0x94,0x47,0x6c,0xcd,0x21,0x43,0x95,0x5b,},{0x2a,0x3d,0x27,0xdc,0x40,0xd0,0xa8,0x12,0x79,0x49,0xa3,0xb7,0xf9,0x08,0xb3,0x68,0x8f,0x63,0xb7,0xf1,0x4f,0x65,0x1a,0xac,0xd7,0x15,0x94,0x0b,0xdb,0xe2,0x7a,0x08,0x09,0xaa,0xc1,0x42,0xf4,0x7a,0xb0,0xe1,0xe4,0x4f,0xa4,0x90,0xba,0x87,0xce,0x53,0x92,0xf3,0x3a,0x89,0x15,0x39,0xca,0xf1,0xef,0x4c,0x36,0x7c,0xae,0x54,0x50,0x0c,},"\xc9\x42\xfa\x7a\xc6\xb2\x3a\xb7\xff\x61\x2f\xdc\x8e\x68\xef\x39"},
+{{0xf8,0x14,0x8f,0x75,0x06,0xb7,0x75,0xef,0x46,0xfd,0xc8,0xe8,0xc7,0x56,0x51,0x68,0x12,0xd4,0x7d,0x6c,0xfb,0xfa,0x31,0x8c,0x27,0xc9,0xa2,0x26,0x41,0xe5,0x6f,0x17,},{0x04,0x45,0xe4,0x56,0xda,0xcc,0x7d,0x5b,0x0b,0xbe,0xd2,0x3c,0x82,0x00,0xcd,0xb7,0x4b,0xdc,0xb0,0x3e,0x4c,0x7b,0x73,0xf0,0xa2,0xb9,0xb4,0x6e,0xac,0x5d,0x43,0x72,},{0x36,0x53,0xcc,0xb2,0x12,0x19,0x20,0x2b,0x84,0x36,0xfb,0x41,0xa3,0x2b,0xa2,0x61,0x8c,0x4a,0x13,0x34,0x31,0xe6,0xe6,0x34,0x63,0xce,0xb3,0xb6,0x10,0x6c,0x4d,0x56,0xe1,0xd2,0xba,0x16,0x5b,0xa7,0x6e,0xaa,0xd3,0xdc,0x39,0xbf,0xfb,0x13,0x0f,0x1d,0xe3,0xd8,0xe6,0x42,0x7d,0xb5,0xb7,0x19,0x38,0xdb,0x4e,0x27,0x2b,0xc3,0xe2,0x0b,},"\x73\x68\x72\x4a\x5b\x0e\xfb\x57\xd2\x8d\x97\x62\x2d\xbd\xe7\x25\xaf"},
+{{0x77,0xf8,0x86,0x91,0xc4,0xef,0xf2,0x3e,0xbb,0x73,0x64,0x94,0x70,0x92,0x95,0x1a,0x5f,0xf3,0xf1,0x07,0x85,0xb4,0x17,0xe9,0x18,0x82,0x3a,0x55,0x2d,0xab,0x7c,0x75,},{0x74,0xd2,0x91,0x27,0xf1,0x99,0xd8,0x6a,0x86,0x76,0xae,0xc3,0x3b,0x4c,0xe3,0xf2,0x25,0xcc,0xb1,0x91,0xf5,0x2c,0x19,0x1c,0xcd,0x1e,0x8c,0xca,0x65,0x21,0x3a,0x6b,},{0xfb,0xe9,0x29,0xd7,0x43,0xa0,0x3c,0x17,0x91,0x05,0x75,0x49,0x2f,0x30,0x92,0xee,0x2a,0x2b,0xf1,0x4a,0x60,0xa3,0xfc,0xac,0xec,0x74,0xa5,0x8c,0x73,0x34,0x51,0x0f,0xc2,0x62,0xdb,0x58,0x27,0x91,0x32,0x2d,0x6c,0x8c,0x41,0xf1,0x70,0x0a,0xdb,0x80,0x02,0x7e,0xca,0xbc,0x14,0x27,0x0b,0x70,0x34,0x44,0xae,0x3e,0xe7,0x62,0x3e,0x0a,},"\xbd\x8e\x05\x03\x3f\x3a\x8b\xcd\xcb\xf4\xbe\xce\xb7\x09\x01\xc8\x2e\x31"},
+{{0xab,0x6f,0x7a,0xee,0x6a,0x08,0x37,0xb3,0x34,0xba,0x5e,0xb1,0xb2,0xad,0x7f,0xce,0xcf,0xab,0x7e,0x32,0x3c,0xab,0x18,0x7f,0xe2,0xe0,0xa9,0x5d,0x80,0xef,0xf1,0x32,},{0x5b,0x96,0xdc,0xa4,0x97,0x87,0x5b,0xf9,0x66,0x4c,0x5e,0x75,0xfa,0xcf,0x3f,0x9b,0xc5,0x4b,0xae,0x91,0x3d,0x66,0xca,0x15,0xee,0x85,0xf1,0x49,0x1c,0xa2,0x4d,0x2c,},{0x73,0xbc,0xa6,0x4e,0x9d,0xd0,0xdb,0x88,0x13,0x8e,0xed,0xfa,0xfc,0xea,0x8f,0x54,0x36,0xcf,0xb7,0x4b,0xfb,0x0e,0x77,0x33,0xcf,0x34,0x9b,0xaa,0x0c,0x49,0x77,0x5c,0x56,0xd5,0x93,0x4e,0x1d,0x38,0xe3,0x6f,0x39,0xb7,0xc5,0xbe,0xb0,0xa8,0x36,0x51,0x0c,0x45,0x12,0x6f,0x8e,0xc4,0xb6,0x81,0x05,0x19,0x90,0x5b,0x0c,0xa0,0x7c,0x09,},"\x81\x71\x45\x6f\x8b\x90\x71\x89\xb1\xd7\x79\xe2\x6b\xc5\xaf\xbb\x08\xc6\x7a"},
+{{0x8d,0x13,0x5d,0xe7,0xc8,0x41,0x1b,0xbd,0xbd,0x1b,0x31,0xe5,0xdc,0x67,0x8f,0x2a,0xc7,0x10,0x9e,0x79,0x2b,0x60,0xf3,0x8c,0xd2,0x49,0x36,0xe8,0xa8,0x98,0xc3,0x2d,},{0x1c,0xa2,0x81,0x93,0x85,0x29,0x89,0x65,0x35,0xa7,0x71,0x4e,0x35,0x84,0x08,0x5b,0x86,0xef,0x9f,0xec,0x72,0x3f,0x42,0x81,0x9f,0xc8,0xdd,0x5d,0x8c,0x00,0x81,0x7f,},{0xa1,0xad,0xc2,0xbc,0x6a,0x2d,0x98,0x06,0x62,0x67,0x7e,0x7f,0xdf,0xf6,0x42,0x4d,0xe7,0xdb,0xa5,0x0f,0x57,0x95,0xca,0x90,0xfd,0xf3,0xe9,0x6e,0x25,0x6f,0x32,0x85,0xca,0xc7,0x1d,0x33,0x60,0x48,0x2e,0x99,0x3d,0x02,0x94,0xba,0x4e,0xc7,0x44,0x0c,0x61,0xaf,0xfd,0xf3,0x5f,0xe8,0x3e,0x6e,0x04,0x26,0x39,0x37,0xdb,0x93,0xf1,0x05,},"\x8b\xa6\xa4\xc9\xa1\x5a\x24\x4a\x9c\x26\xbb\x2a\x59\xb1\x02\x6f\x21\x34\x8b\x49"},
+{{0x0e,0x76,0x5d,0x72,0x0e,0x70,0x5f,0x93,0x66,0xc1,0xab,0x8c,0x3f,0xa8,0x4c,0x9a,0x44,0x37,0x0c,0x06,0x96,0x9f,0x80,0x32,0x96,0x88,0x4b,0x28,0x46,0xa6,0x52,0xa4,},{0x7f,0xae,0x45,0xdd,0x0a,0x05,0x97,0x10,0x26,0xd4,0x10,0xbc,0x49,0x7a,0xf5,0xbe,0x7d,0x08,0x27,0xa8,0x2a,0x14,0x5c,0x20,0x3f,0x62,0x5d,0xfc,0xb8,0xb0,0x3b,0xa8,},{0xbb,0x61,0xcf,0x84,0xde,0x61,0x86,0x22,0x07,0xc6,0xa4,0x55,0x25,0x8b,0xc4,0xdb,0x4e,0x15,0xee,0xa0,0x31,0x7f,0xf8,0x87,0x18,0xb8,0x82,0xa0,0x6b,0x5c,0xf6,0xec,0x6f,0xd2,0x0c,0x5a,0x26,0x9e,0x5d,0x5c,0x80,0x5b,0xaf,0xbc,0xc5,0x79,0xe2,0x59,0x0a,0xf4,0x14,0xc7,0xc2,0x27,0x27,0x3c,0x10,0x2a,0x10,0x07,0x0c,0xdf,0xe8,0x0f,},"\x1d\x56\x6a\x62\x32\xbb\xaa\xb3\xe6\xd8\x80\x4b\xb5\x18\xa4\x98\xed\x0f\x90\x49\x86"},
+{{0xdb,0x36,0xe3,0x26,0xd6,0x76,0xc2,0xd1,0x9c,0xc8,0xfe,0x0c,0x14,0xb7,0x09,0x20,0x2e,0xcf,0xc7,0x61,0xd2,0x70,0x89,0xeb,0x6e,0xa4,0xb1,0xbb,0x02,0x1e,0xcf,0xa7,},{0x48,0x35,0x9b,0x85,0x0d,0x23,0xf0,0x71,0x5d,0x94,0xbb,0x8b,0xb7,0x5e,0x7e,0x14,0x32,0x2e,0xaf,0x14,0xf0,0x6f,0x28,0xa8,0x05,0x40,0x3f,0xbd,0xa0,0x02,0xfc,0x85,},{0xb6,0xdc,0xd0,0x99,0x89,0xdf,0xba,0xc5,0x43,0x22,0xa3,0xce,0x87,0x87,0x6e,0x1d,0x62,0x13,0x4d,0xa9,0x98,0xc7,0x9d,0x24,0xb5,0x0b,0xd7,0xa6,0xa7,0x97,0xd8,0x6a,0x0e,0x14,0xdc,0x9d,0x74,0x91,0xd6,0xc1,0x4a,0x67,0x3c,0x65,0x2c,0xfb,0xec,0x9f,0x96,0x2a,0x38,0xc9,0x45,0xda,0x3b,0x2f,0x08,0x79,0xd0,0xb6,0x8a,0x92,0x13,0x00,},"\x1b\x0a\xfb\x0a\xc4\xba\x9a\xb7\xb7\x17\x2c\xdd\xc9\xeb\x42\xbb\xa1\xa6\x4b\xce\x47\xd4"},
+{{0xc8,0x99,0x55,0xe0,0xf7,0x74,0x1d,0x90,0x5d,0xf0,0x73,0x0b,0x3d,0xc2,0xb0,0xce,0x1a,0x13,0x13,0x4e,0x44,0xfe,0xf3,0xd4,0x0d,0x60,0xc0,0x20,0xef,0x19,0xdf,0x77,},{0xfd,0xb3,0x06,0x73,0x40,0x2f,0xaf,0x1c,0x80,0x33,0x71,0x4f,0x35,0x17,0xe4,0x7c,0xc0,0xf9,0x1f,0xe7,0x0c,0xf3,0x83,0x6d,0x6c,0x23,0x63,0x6e,0x3f,0xd2,0x28,0x7c,},{0x7e,0xf6,0x6e,0x5e,0x86,0xf2,0x36,0x08,0x48,0xe0,0x01,0x4e,0x94,0x88,0x0a,0xe2,0x92,0x0a,0xd8,0xa3,0x18,0x5a,0x46,0xb3,0x5d,0x1e,0x07,0xde,0xa8,0xfa,0x8a,0xe4,0xf6,0xb8,0x43,0xba,0x17,0x4d,0x99,0xfa,0x79,0x86,0x65,0x4a,0x08,0x91,0xc1,0x2a,0x79,0x44,0x55,0x66,0x93,0x75,0xbf,0x92,0xaf,0x4c,0xc2,0x77,0x0b,0x57,0x9e,0x0c,},"\x50\x7c\x94\xc8\x82\x0d\x2a\x57\x93\xcb\xf3\x44\x2b\x3d\x71\x93\x6f\x35\xfe\x3a\xfe\xf3\x16"},
+{{0x4e,0x62,0x62,0x7f,0xc2,0x21,0x14,0x24,0x78,0xae,0xe7,0xf0,0x07,0x81,0xf8,0x17,0xf6,0x62,0xe3,0xb7,0x5d,0xb2,0x9b,0xb1,0x4a,0xb4,0x7c,0xf8,0xe8,0x41,0x04,0xd6,},{0xb1,0xd3,0x98,0x01,0x89,0x20,0x27,0xd5,0x8a,0x8c,0x64,0x33,0x51,0x63,0x19,0x58,0x93,0xbf,0xc1,0xb6,0x1d,0xbe,0xca,0x32,0x60,0x49,0x7e,0x1f,0x30,0x37,0x11,0x07,},{0x83,0x6a,0xfa,0x76,0x4d,0x9c,0x48,0xaa,0x47,0x70,0xa4,0x38,0x8b,0x65,0x4e,0x97,0xb3,0xc1,0x6f,0x08,0x29,0x67,0xfe,0xbc,0xa2,0x7f,0x2f,0xc4,0x7d,0xdf,0xd9,0x24,0x4b,0x03,0xcf,0xc7,0x29,0x69,0x8a,0xcf,0x51,0x09,0x70,0x43,0x46,0xb6,0x0b,0x23,0x0f,0x25,0x54,0x30,0x08,0x9d,0xdc,0x56,0x91,0x23,0x99,0xd1,0x12,0x2d,0xe7,0x0a,},"\xd3\xd6\x15\xa8\x47\x2d\x99\x62\xbb\x70\xc5\xb5\x46\x6a\x3d\x98\x3a\x48\x11\x04\x6e\x2a\x0e\xf5"},
+{{0x6b,0x83,0xd7,0xda,0x89,0x08,0xc3,0xe7,0x20,0x5b,0x39,0x86,0x4b,0x56,0xe5,0xf3,0xe1,0x71,0x96,0xa3,0xfc,0x9c,0x2f,0x58,0x05,0xaa,0xd0,0xf5,0x55,0x4c,0x14,0x2d,},{0xd0,0xc8,0x46,0xf9,0x7f,0xe2,0x85,0x85,0xc0,0xee,0x15,0x90,0x15,0xd6,0x4c,0x56,0x31,0x1c,0x88,0x6e,0xdd,0xcc,0x18,0x5d,0x29,0x6d,0xbb,0x16,0x5d,0x26,0x25,0xd6,},{0x16,0xe4,0x62,0xa2,0x9a,0x6d,0xd4,0x98,0x68,0x5a,0x37,0x18,0xb3,0xee,0xd0,0x0c,0xc1,0x59,0x86,0x01,0xee,0x47,0x82,0x04,0x86,0x03,0x2d,0x6b,0x9a,0xcc,0x9b,0xf8,0x9f,0x57,0x68,0x4e,0x08,0xd8,0xc0,0xf0,0x55,0x89,0xcd,0xa2,0x88,0x2a,0x05,0xdc,0x4c,0x63,0xf9,0xd0,0x43,0x1d,0x65,0x52,0x71,0x08,0x12,0x43,0x30,0x03,0xbc,0x08,},"\x6a\xda\x80\xb6\xfa\x84\xf7\x03\x49\x20\x78\x9e\x85\x36\xb8\x2d\x5e\x46\x78\x05\x9a\xed\x27\xf7\x1c"},
+{{0x19,0xa9,0x1f,0xe2,0x3a,0x4e,0x9e,0x33,0xec,0xc4,0x74,0x87,0x8f,0x57,0xc6,0x4c,0xf1,0x54,0xb3,0x94,0x20,0x34,0x87,0xa7,0x03,0x5e,0x1a,0xd9,0xcd,0x69,0x7b,0x0d,},{0x2b,0xf3,0x2b,0xa1,0x42,0xba,0x46,0x22,0xd8,0xf3,0xe2,0x9e,0xcd,0x85,0xee,0xa0,0x7b,0x9c,0x47,0xbe,0x9d,0x64,0x41,0x2c,0x9b,0x51,0x0b,0x27,0xdd,0x21,0x8b,0x23,},{0x88,0x1f,0x5b,0x8c,0x5a,0x03,0x0d,0xf0,0xf7,0x5b,0x66,0x34,0xb0,0x70,0xdd,0x27,0xbd,0x1e,0xe3,0xc0,0x87,0x38,0xae,0x34,0x93,0x38,0xb3,0xee,0x64,0x69,0xbb,0xf9,0x76,0x0b,0x13,0x57,0x8a,0x23,0x7d,0x51,0x82,0x53,0x5e,0xde,0x12,0x12,0x83,0x02,0x7a,0x90,0xb5,0xf8,0x65,0xd6,0x3a,0x65,0x37,0xdc,0xa0,0x7b,0x44,0x04,0x9a,0x0f,},"\x82\xcb\x53\xc4\xd5\xa0\x13\xba\xe5\x07\x07\x59\xec\x06\xc3\xc6\x95\x5a\xb7\xa4\x05\x09\x58\xec\x32\x8c"},
+{{0x1d,0x5b,0x8c,0xb6,0x21,0x5c,0x18,0x14,0x16,0x66,0xba,0xee,0xfc,0xf5,0xd6,0x9d,0xad,0x5b,0xea,0x9a,0x34,0x93,0xdd,0xda,0xa3,0x57,0xa4,0x39,0x7a,0x13,0xd4,0xde,},{0x94,0xd2,0x3d,0x97,0x7c,0x33,0xe4,0x9e,0x5e,0x49,0x92,0xc6,0x8f,0x25,0xec,0x99,0xa2,0x7c,0x41,0xce,0x6b,0x91,0xf2,0xbf,0xa0,0xcd,0x82,0x92,0xfe,0x96,0x28,0x35,},{0x3a,0xcd,0x39,0xbe,0xc8,0xc3,0xcd,0x2b,0x44,0x29,0x97,0x22,0xb5,0x85,0x0a,0x04,0x00,0xc1,0x44,0x35,0x90,0xfd,0x48,0x61,0xd5,0x9a,0xae,0x74,0x96,0xac,0xb3,0xdf,0x73,0xfc,0x3f,0xdf,0x79,0x69,0xae,0x5f,0x50,0xba,0x47,0xdd,0xdc,0x43,0x52,0x46,0xe5,0xfd,0x37,0x6f,0x6b,0x89,0x1c,0xd4,0xc2,0xca,0xf5,0xd6,0x14,0xb6,0x17,0x0c,},"\xa9\xa8\xcb\xb0\xad\x58\x51\x24\xe5\x22\xab\xbf\xb4\x05\x33\xbd\xd6\xf4\x93\x47\xb5\x5b\x18\xe8\x55\x8c\xb0"},
+{{0x6a,0x91,0xb3,0x22,0x7c,0x47,0x22,0x99,0x08,0x9b,0xdc,0xe9,0x35,0x6e,0x72,0x6a,0x40,0xef,0xd8,0x40,0xf1,0x10,0x02,0x70,0x8b,0x7e,0xe5,0x5b,0x64,0x10,0x5a,0xc2,},{0x9d,0x08,0x4a,0xa8,0xb9,0x7a,0x6b,0x9b,0xaf,0xa4,0x96,0xdb,0xc6,0xf7,0x6f,0x33,0x06,0xa1,0x16,0xc9,0xd9,0x17,0xe6,0x81,0x52,0x0a,0x0f,0x91,0x43,0x69,0x42,0x7e,},{0xf5,0x87,0x54,0x23,0x78,0x1b,0x66,0x21,0x6c,0xb5,0xe8,0x99,0x8d,0xe5,0xd9,0xff,0xc2,0x9d,0x1d,0x67,0x10,0x70,0x54,0xac,0xe3,0x37,0x45,0x03,0xa9,0xc3,0xef,0x81,0x15,0x77,0xf2,0x69,0xde,0x81,0x29,0x67,0x44,0xbd,0x70,0x6f,0x1a,0xc4,0x78,0xca,0xf0,0x9b,0x54,0xcd,0xf8,0x71,0xb3,0xf8,0x02,0xbd,0x57,0xf9,0xa6,0xcb,0x91,0x01,},"\x5c\xb6\xf9\xaa\x59\xb8\x0e\xca\x14\xf6\xa6\x8f\xb4\x0c\xf0\x7b\x79\x4e\x75\x17\x1f\xba\x96\x26\x2c\x1c\x6a\xdc"},
+{{0x93,0xea,0xa8,0x54,0xd7,0x91,0xf0,0x53,0x72,0xce,0x72,0xb9,0x4f,0xc6,0x50,0x3b,0x2f,0xf8,0xae,0x68,0x19,0xe6,0xa2,0x1a,0xfe,0x82,0x5e,0x27,0xad,0xa9,0xe4,0xfb,},{0x16,0xce,0xe8,0xa3,0xf2,0x63,0x18,0x34,0xc8,0x8b,0x67,0x08,0x97,0xff,0x0b,0x08,0xce,0x90,0xcc,0x14,0x7b,0x45,0x93,0xb3,0xf1,0xf4,0x03,0x72,0x7f,0x7e,0x7a,0xd5,},{0xd8,0x34,0x19,0x7c,0x1a,0x30,0x80,0x61,0x4e,0x0a,0x5f,0xa0,0xaa,0xaa,0x80,0x88,0x24,0xf2,0x1c,0x38,0xd6,0x92,0xe6,0xff,0xbd,0x20,0x0f,0x7d,0xfb,0x3c,0x8f,0x44,0x40,0x2a,0x73,0x82,0x18,0x0b,0x98,0xad,0x0a,0xfc,0x8e,0xec,0x1a,0x02,0xac,0xec,0xf3,0xcb,0x7f,0xde,0x62,0x7b,0x9f,0x18,0x11,0x1f,0x26,0x0a,0xb1,0xdb,0x9a,0x07,},"\x32\xfe\x27\x99\x41\x24\x20\x21\x53\xb5\xc7\x0d\x38\x13\xfd\xee\x9c\x2a\xa6\xe7\xdc\x74\x3d\x4d\x53\x5f\x18\x40\xa5"},
+{{0x94,0x1c,0xac,0x69,0xfb,0x7b,0x18,0x15,0xc5,0x7b,0xb9,0x87,0xc4,0xd6,0xc2,0xad,0x2c,0x35,0xd5,0xf9,0xa3,0x18,0x2a,0x79,0xd4,0xba,0x13,0xea,0xb2,0x53,0xa8,0xad,},{0x23,0xbe,0x32,0x3c,0x56,0x2d,0xfd,0x71,0xce,0x65,0xf5,0xbb,0xa5,0x6a,0x74,0xa3,0xa6,0xdf,0xc3,0x6b,0x57,0x3d,0x2f,0x94,0xf6,0x35,0xc7,0xf9,0xb4,0xfd,0x5a,0x5b,},{0x0f,0x8f,0xad,0x1e,0x6b,0xde,0x77,0x1b,0x4f,0x54,0x20,0xea,0xc7,0x5c,0x37,0x8b,0xae,0x6d,0xb5,0xac,0x66,0x50,0xcd,0x2b,0xc2,0x10,0xc1,0x82,0x3b,0x43,0x2b,0x48,0xe0,0x16,0xb1,0x05,0x95,0x45,0x8f,0xfa,0xb9,0x2f,0x7a,0x89,0x89,0xb2,0x93,0xce,0xb8,0xdf,0xed,0x6c,0x24,0x3a,0x20,0x38,0xfc,0x06,0x65,0x2a,0xaa,0xf1,0x6f,0x02,},"\xbb\x31\x72\x79\x57\x10\xfe\x00\x05\x4d\x3b\x5d\xfe\xf8\xa1\x16\x23\x58\x2d\xa6\x8b\xf8\xe4\x6d\x72\xd2\x7c\xec\xe2\xaa"},
+{{0x1a,0xcd,0xbb,0x79,0x3b,0x03,0x84,0x93,0x46,0x27,0x47,0x0d,0x79,0x5c,0x3d,0x1d,0xd4,0xd7,0x9c,0xea,0x59,0xef,0x98,0x3f,0x29,0x5b,0x9b,0x59,0x17,0x9c,0xbb,0x28,},{0x3f,0x60,0xc7,0x54,0x1a,0xfa,0x76,0xc0,0x19,0xcf,0x5a,0xa8,0x2d,0xcd,0xb0,0x88,0xed,0x9e,0x4e,0xd9,0x78,0x05,0x14,0xae,0xfb,0x37,0x9d,0xab,0xc8,0x44,0xf3,0x1a,},{0xbe,0x71,0xef,0x48,0x06,0xcb,0x04,0x1d,0x88,0x5e,0xff,0xd9,0xe6,0xb0,0xfb,0xb7,0x3d,0x65,0xd7,0xcd,0xec,0x47,0xa8,0x9c,0x8a,0x99,0x48,0x92,0xf4,0xe5,0x5a,0x56,0x8c,0x4c,0xc7,0x8d,0x61,0xf9,0x01,0xe8,0x0d,0xbb,0x62,0x8b,0x86,0xa2,0x3c,0xcd,0x59,0x4e,0x71,0x2b,0x57,0xfa,0x94,0xc2,0xd6,0x7e,0xc2,0x66,0x34,0x87,0x85,0x07,},"\x7c\xf3\x4f\x75\xc3\xda\xc9\xa8\x04\xd0\xfc\xd0\x9e\xba\x9b\x29\xc9\x48\x4e\x8a\x01\x8f\xa9\xe0\x73\x04\x2d\xf8\x8e\x3c\x56"},
+{{0x8e,0xd7,0xa7,0x97,0xb9,0xce,0xa8,0xa8,0x37,0x0d,0x41,0x91,0x36,0xbc,0xdf,0x68,0x3b,0x75,0x9d,0x2e,0x3c,0x69,0x47,0xf1,0x7e,0x13,0xe2,0x48,0x5a,0xa9,0xd4,0x20,},{0xb4,0x9f,0x3a,0x78,0xb1,0xc6,0xa7,0xfc,0xa8,0xf3,0x46,0x6f,0x33,0xbc,0x0e,0x92,0x9f,0x01,0xfb,0xa0,0x43,0x06,0xc2,0xa7,0x46,0x5f,0x46,0xc3,0x75,0x93,0x16,0xd9,},{0x04,0x26,0x6c,0x03,0x3b,0x91,0xc1,0x32,0x2c,0xeb,0x34,0x46,0xc9,0x01,0xff,0xcf,0x3c,0xc4,0x0c,0x40,0x34,0xe8,0x87,0xc9,0x59,0x7c,0xa1,0x89,0x3b,0xa7,0x33,0x0b,0xec,0xbb,0xd8,0xb4,0x81,0x42,0xef,0x35,0xc0,0x12,0xc6,0xba,0x51,0xa6,0x6d,0xf9,0x30,0x8c,0xb6,0x26,0x8a,0xd6,0xb1,0xe4,0xb0,0x3e,0x70,0x10,0x24,0x95,0x79,0x0b,},"\xa7\x50\xc2\x32\x93\x3d\xc1\x4b\x11\x84\xd8\x6d\x8b\x4c\xe7\x2e\x16\xd6\x97\x44\xba\x69\x81\x8b\x6a\xc3\x3b\x1d\x82\x3b\xb2\xc3"},
+{{0xf2,0xab,0x39,0x6f,0xe8,0x90,0x6e,0x3e,0x56,0x33,0xe9,0x9c,0xab,0xcd,0x5b,0x09,0xdf,0x08,0x59,0xb5,0x16,0x23,0x0b,0x1e,0x04,0x50,0xb5,0x80,0xb6,0x5f,0x61,0x6c,},{0x8e,0xa0,0x74,0x24,0x51,0x59,0xa1,0x16,0xaa,0x71,0x22,0xa2,0x5e,0xc1,0x6b,0x89,0x1d,0x62,0x5a,0x68,0xf3,0x36,0x60,0x42,0x39,0x08,0xf6,0xbd,0xc4,0x4f,0x8c,0x1b,},{0xa0,0x6a,0x23,0xd9,0x82,0xd8,0x1a,0xb8,0x83,0xaa,0xe2,0x30,0xad,0xbc,0x36,0x8a,0x6a,0x99,0x77,0xf0,0x03,0xce,0xbb,0x00,0xd4,0xc2,0xe4,0x01,0x84,0x90,0x19,0x1a,0x84,0xd3,0xa2,0x82,0xfd,0xbf,0xb2,0xfc,0x88,0x04,0x6e,0x62,0xde,0x43,0xe1,0x5f,0xb5,0x75,0x33,0x6b,0x3c,0x8b,0x77,0xd1,0x9c,0xe6,0xa0,0x09,0xce,0x51,0xf5,0x0c,},"\x5a\x44\xe3\x4b\x74\x6c\x5f\xd1\x89\x8d\x55\x2a\xb3\x54\xd2\x8f\xb4\x71\x38\x56\xd7\x69\x7d\xd6\x3e\xb9\xbd\x6b\x99\xc2\x80\xe1\x87"},
+{{0x55,0x0a,0x41,0xc0,0x13,0xf7,0x9b,0xab,0x8f,0x06,0xe4,0x3a,0xd1,0x83,0x6d,0x51,0x31,0x27,0x36,0xa9,0x71,0x38,0x06,0xfa,0xfe,0x66,0x45,0x21,0x9e,0xaa,0x1f,0x9d,},{0xaf,0x6b,0x71,0x45,0x47,0x4d,0xc9,0x95,0x4b,0x9a,0xf9,0x3a,0x9c,0xdb,0x34,0x44,0x9d,0x5b,0x7c,0x65,0x1c,0x82,0x4d,0x24,0xe2,0x30,0xb9,0x00,0x33,0xce,0x59,0xc0,},{0x16,0xdc,0x1e,0x2b,0x9f,0xa9,0x09,0xee,0xfd,0xc2,0x77,0xba,0x16,0xeb,0xe2,0x07,0xb8,0xda,0x5e,0x91,0x14,0x3c,0xde,0x78,0xc5,0x04,0x7a,0x89,0xf6,0x81,0xc3,0x3c,0x4e,0x4e,0x34,0x28,0xd5,0xc9,0x28,0x09,0x59,0x03,0xa8,0x11,0xec,0x00,0x2d,0x52,0xa3,0x9e,0xd7,0xf8,0xb3,0xfe,0x19,0x27,0x20,0x0c,0x6d,0xd0,0xb9,0xab,0x3e,0x04,},"\x8b\xc4\x18\x5e\x50\xe5\x7d\x5f\x87\xf4\x75\x15\xfe\x2b\x18\x37\xd5\x85\xf0\xaa\xe9\xe1\xca\x38\x3b\x3e\xc9\x08\x88\x4b\xb9\x00\xff\x27"},
+{{0x19,0xac,0x3e,0x27,0x24,0x38,0xc7,0x2d,0xdf,0x7b,0x88,0x19,0x64,0x86,0x7c,0xb3,0xb3,0x1f,0xf4,0xc7,0x93,0xbb,0x7e,0xa1,0x54,0x61,0x3c,0x1d,0xb0,0x68,0xcb,0x7e,},{0xf8,0x5b,0x80,0xe0,0x50,0xa1,0xb9,0x62,0x0d,0xb1,0x38,0xbf,0xc9,0xe1,0x00,0x32,0x7e,0x25,0xc2,0x57,0xc5,0x92,0x17,0xb6,0x01,0xf1,0xf6,0xac,0x9a,0x41,0x3d,0x3f,},{0xea,0x85,0x5d,0x78,0x1c,0xbe,0xa4,0x68,0x2e,0x35,0x01,0x73,0xcb,0x89,0xe8,0x61,0x9c,0xcf,0xdd,0xb9,0x7c,0xdc,0xe1,0x6f,0x9a,0x2f,0x6f,0x68,0x92,0xf4,0x6d,0xbe,0x68,0xe0,0x4b,0x12,0xb8,0xd8,0x86,0x89,0xa7,0xa3,0x16,0x70,0xcd,0xff,0x40,0x9a,0xf9,0x8a,0x93,0xb4,0x9a,0x34,0x53,0x7b,0x6a,0xa0,0x09,0xd2,0xeb,0x8b,0x47,0x01,},"\x95\x87\x2d\x5f\x78\x9f\x95\x48\x4e\x30\xcb\xb0\xe1\x14\x02\x89\x53\xb1\x6f\x5c\x6a\x8d\x9f\x65\xc0\x03\xa8\x35\x43\xbe\xaa\x46\xb3\x86\x45"},
+{{0xca,0x26,0x7d,0xe9,0x6c,0x93,0xc2,0x38,0xfa,0xfb,0x12,0x79,0x81,0x20,0x59,0xab,0x93,0xac,0x03,0x05,0x96,0x57,0xfd,0x99,0x4f,0x8f,0xa5,0xa0,0x92,0x39,0xc8,0x21,},{0x01,0x73,0x70,0xc8,0x79,0x09,0x0a,0x81,0xc7,0xf2,0x72,0xc2,0xfc,0x80,0xe3,0xaa,0xc2,0xbc,0x60,0x3f,0xcb,0x37,0x9a,0xfc,0x98,0x69,0x11,0x60,0xab,0x74,0x5b,0x26,},{0xac,0x95,0x7f,0x82,0x33,0x5a,0xa7,0x14,0x1e,0x96,0xb5,0x9d,0x63,0xe3,0xcc,0xee,0x95,0xc3,0xa2,0xc4,0x7d,0x02,0x65,0x40,0xc2,0xaf,0x42,0xdc,0x95,0x33,0xd5,0xfd,0x81,0x82,0x7d,0x16,0x79,0xad,0x18,0x7a,0xea,0xf3,0x78,0x34,0x91,0x5e,0x75,0xb1,0x47,0xa9,0x28,0x68,0x06,0xc8,0x01,0x75,0x16,0xba,0x43,0xdd,0x05,0x1a,0x5e,0x0c,},"\xe0\x5f\x71\xe4\xe4\x9a\x72\xec\x55\x0c\x44\xa3\xb8\x5a\xca\x8f\x20\xff\x26\xc3\xee\x94\xa8\x0f\x1b\x43\x1c\x7d\x15\x4e\xc9\x60\x3e\xe0\x25\x31"},
+{{0x3d,0xff,0x5e,0x89,0x94,0x75,0xe7,0xe9,0x1d,0xd2,0x61,0x32,0x2f,0xab,0x09,0x98,0x0c,0x52,0x97,0x0d,0xe1,0xda,0x6e,0x2e,0x20,0x16,0x60,0xcc,0x4f,0xce,0x70,0x32,},{0xf3,0x01,0x62,0xba,0xc9,0x84,0x47,0xc4,0x04,0x2f,0xac,0x05,0xda,0x44,0x80,0x34,0x62,0x9b,0xe2,0xc6,0xa5,0x8d,0x30,0xdf,0xd5,0x78,0xba,0x9f,0xb5,0xe3,0x93,0x0b,},{0x5e,0xfe,0x7a,0x92,0xff,0x96,0x23,0x08,0x9b,0x3e,0x3b,0x78,0xf3,0x52,0x11,0x53,0x66,0xe2,0x6b,0xa3,0xfb,0x1a,0x41,0x62,0x09,0xbc,0x02,0x9e,0x9c,0xad,0xcc,0xd9,0xf4,0xaf,0xfa,0x33,0x35,0x55,0xa8,0xf3,0xa3,0x5a,0x9d,0x0f,0x7c,0x34,0xb2,0x92,0xca,0xe7,0x7e,0xc9,0x6f,0xa3,0xad,0xfc,0xaa,0xde,0xe2,0xd9,0xce,0xd8,0xf8,0x05,},"\x93\x8f\x0e\x77\x62\x1b\xf3\xea\x52\xc7\xc4\x91\x1c\x51\x57\xc2\xd8\xa2\xa8\x58\x09\x3e\xf1\x6a\xa9\xb1\x07\xe6\x9d\x98\x03\x7b\xa1\x39\xa3\xc3\x82"},
+{{0x9a,0x6b,0x84,0x78,0x64,0xe7,0x0c,0xfe,0x8b,0xa6,0xab,0x22,0xfa,0x0c,0xa3,0x08,0xc0,0xcc,0x8b,0xec,0x71,0x41,0xfb,0xca,0xa3,0xb8,0x1f,0x5d,0x1e,0x1c,0xfc,0xfc,},{0x34,0xad,0x0f,0xbd,0xb2,0x56,0x65,0x07,0xa8,0x1c,0x2b,0x1f,0x8a,0xa8,0xf5,0x3d,0xcc,0xaa,0x64,0xcc,0x87,0xad,0xa9,0x1b,0x90,0x3e,0x90,0x0d,0x07,0xee,0xe9,0x30,},{0x2a,0xb2,0x55,0x16,0x9c,0x48,0x9c,0x54,0xc7,0x32,0x23,0x2e,0x37,0xc8,0x73,0x49,0xd4,0x86,0xb1,0xeb,0xa2,0x05,0x09,0xdb,0xab,0xe7,0xfe,0xd3,0x29,0xef,0x08,0xfd,0x75,0xba,0x1c,0xd1,0x45,0xe6,0x7b,0x2e,0xa2,0x6c,0xb5,0xcc,0x51,0xca,0xb3,0x43,0xee,0xb0,0x85,0xfe,0x1f,0xd7,0xb0,0xec,0x4c,0x6a,0xfc,0xd9,0xb9,0x79,0xf9,0x05,},"\x83\x83\x67\x47\x11\x83\xc7\x1f\x7e\x71\x77\x24\xf8\x9d\x40\x1c\x3a\xd9\x86\x3f\xd9\xcc\x7a\xa3\xcf\x33\xd3\xc5\x29\x86\x0c\xb5\x81\xf3\x09\x3d\x87\xda"},
+{{0x57,0x5b,0xe0,0x7a,0xfc,0xa5,0xd0,0x63,0xc2,0x38,0xcd,0x9b,0x80,0x28,0x77,0x2c,0xc4,0x9c,0xda,0x34,0x47,0x14,0x32,0xa2,0xe1,0x66,0xe0,0x96,0xe2,0x21,0x9e,0xfc,},{0x94,0xe5,0xeb,0x4d,0x50,0x24,0xf4,0x9d,0x7e,0xbf,0x79,0x81,0x7c,0x8d,0xe1,0x14,0x97,0xdc,0x2b,0x55,0x62,0x2a,0x51,0xae,0x12,0x3f,0xfc,0x74,0x9d,0xbb,0x16,0xe0,},{0x58,0x27,0x1d,0x44,0x23,0x6f,0x3b,0x98,0xc5,0x8f,0xd7,0xae,0x0d,0x2f,0x49,0xef,0x2b,0x6e,0x3a,0xff,0xdb,0x22,0x5a,0xa3,0xba,0x55,0x5f,0x0e,0x11,0xcc,0x53,0xc2,0x3a,0xd1,0x9b,0xaf,0x24,0x34,0x65,0x90,0xd0,0x5d,0x7d,0x53,0x90,0x58,0x20,0x82,0xcf,0x94,0xd3,0x9c,0xad,0x65,0x30,0xab,0x93,0xd1,0x3e,0xfb,0x39,0x27,0x95,0x06,},"\x33\xe5\x91\x8b\x66\xd3\x3d\x55\xfe\x71\x7c\xa3\x43\x83\xea\xe7\x8f\x0a\xf8\x28\x89\xca\xf6\x69\x6e\x1a\xc9\xd9\x5d\x1f\xfb\x32\xcb\xa7\x55\xf9\xe3\x50\x3e"},
+{{0x15,0xff,0xb4,0x55,0x14,0xd4,0x34,0x44,0xd6,0x1f,0xcb,0x10,0x5e,0x30,0xe1,0x35,0xfd,0x26,0x85,0x23,0xdd,0xa2,0x0b,0x82,0x75,0x8b,0x17,0x94,0x23,0x11,0x04,0x41,},{0x17,0x72,0xc5,0xab,0xc2,0xd2,0x3f,0xd2,0xf9,0xd1,0xc3,0x25,0x7b,0xe7,0xbc,0x3c,0x1c,0xd7,0x9c,0xee,0x40,0x84,0x4b,0x74,0x9b,0x3a,0x77,0x43,0xd2,0xf9,0x64,0xb8,},{0x68,0x28,0xcd,0x76,0x24,0xe7,0x93,0xb8,0xa4,0xce,0xb9,0x6d,0x3c,0x2a,0x97,0x5b,0xf7,0x73,0xe5,0xff,0x66,0x45,0xf3,0x53,0x61,0x40,0x58,0x62,0x1e,0x58,0x83,0x52,0x89,0xe7,0xf3,0x1f,0x42,0xdf,0xe6,0xaf,0x6d,0x73,0x6f,0x26,0x44,0x51,0x1e,0x32,0x0c,0x0f,0xa6,0x98,0x58,0x2a,0x79,0x77,0x8d,0x18,0x73,0x0e,0xd3,0xe8,0xcb,0x08,},"\xda\x9c\x55\x59\xd0\xea\x51\xd2\x55\xb6\xbd\x9d\x76\x38\xb8\x76\x47\x2f\x94\x2b\x33\x0f\xc0\xe2\xb3\x0a\xea\x68\xd7\x73\x68\xfc\xe4\x94\x82\x72\x99\x1d\x25\x7e"},
+{{0xfe,0x05,0x68,0x64,0x29,0x43,0xb2,0xe1,0xaf,0xbf,0xd1,0xf1,0x0f,0xe8,0xdf,0x87,0xa4,0x23,0x6b,0xea,0x40,0xdc,0xe7,0x42,0x07,0x2c,0xb2,0x18,0x86,0xee,0xc1,0xfa,},{0x29,0x9e,0xbd,0x1f,0x13,0x17,0x7d,0xbd,0xb6,0x6a,0x91,0x2b,0xbf,0x71,0x20,0x38,0xfd,0xf7,0x3b,0x06,0xc3,0xac,0x02,0x0c,0x7b,0x19,0x12,0x67,0x55,0xd4,0x7f,0x61,},{0xd5,0x9e,0x6d,0xfc,0xc6,0xd7,0xe3,0xe2,0xc5,0x8d,0xec,0x81,0xe9,0x85,0xd2,0x45,0xe6,0x81,0xac,0xf6,0x59,0x4a,0x23,0xc5,0x92,0x14,0xf7,0xbe,0xd8,0x01,0x5d,0x81,0x3c,0x76,0x82,0xb6,0x0b,0x35,0x83,0x44,0x03,0x11,0xe7,0x2a,0x86,0x65,0xba,0x2c,0x96,0xde,0xc2,0x3c,0xe8,0x26,0xe1,0x60,0x12,0x7e,0x18,0x13,0x2b,0x03,0x04,0x04,},"\xc5\x9d\x08\x62\xec\x1c\x97\x46\xab\xcc\x3c\xf8\x3c\x9e\xeb\xa2\xc7\x08\x2a\x03\x6a\x8c\xb5\x7c\xe4\x87\xe7\x63\x49\x27\x96\xd4\x7e\x6e\x06\x3a\x0c\x1f\xec\xcc\x2d"},
+{{0x5e,0xcb,0x16,0xc2,0xdf,0x27,0xc8,0xcf,0x58,0xe4,0x36,0xa9,0xd3,0xaf,0xfb,0xd5,0x8e,0x95,0x38,0xa9,0x26,0x59,0xa0,0xf9,0x7c,0x4c,0x4f,0x99,0x46,0x35,0xa8,0xca,},{0xda,0x76,0x8b,0x20,0xc4,0x37,0xdd,0x3a,0xa5,0xf8,0x4b,0xb6,0xa0,0x77,0xff,0xa3,0x4a,0xb6,0x85,0x01,0xc5,0x35,0x2b,0x5c,0xc3,0xfd,0xce,0x7f,0xe6,0xc2,0x39,0x8d,},{0x1c,0x72,0x3a,0x20,0xc6,0x77,0x24,0x26,0xa6,0x70,0xe4,0xd5,0xc4,0xa9,0x7c,0x6e,0xbe,0x91,0x47,0xf7,0x1b,0xb0,0xa4,0x15,0x63,0x1e,0x44,0x40,0x6e,0x29,0x03,0x22,0xe4,0xca,0x97,0x7d,0x34,0x8f,0xe7,0x85,0x6a,0x8e,0xdc,0x23,0x5d,0x0f,0xe9,0x5f,0x7e,0xd9,0x1a,0xef,0xdd,0xf2,0x8a,0x77,0xe2,0xc7,0xdb,0xfd,0x8f,0x55,0x2f,0x0a,},"\x56\xf1\x32\x9d\x9a\x6b\xe2\x5a\x61\x59\xc7\x2f\x12\x68\x8d\xc8\x31\x4e\x85\xdd\x9e\x7e\x4d\xc0\x5b\xbe\xcb\x77\x29\xe0\x23\xc8\x6f\x8e\x09\x37\x35\x3f\x27\xc7\xed\xe9"},
+{{0xd5,0x99,0xd6,0x37,0xb3,0xc3,0x0a,0x82,0xa9,0x98,0x4e,0x2f,0x75,0x84,0x97,0xd1,0x44,0xde,0x6f,0x06,0xb9,0xfb,0xa0,0x4d,0xd4,0x0f,0xd9,0x49,0x03,0x9d,0x7c,0x84,},{0x67,0x91,0xd8,0xce,0x50,0xa4,0x46,0x89,0xfc,0x17,0x87,0x27,0xc5,0xc3,0xa1,0xc9,0x59,0xfb,0xee,0xd7,0x4e,0xf7,0xd8,0xe7,0xbd,0x3c,0x1a,0xb4,0xda,0x31,0xc5,0x1f,},{0xeb,0xf1,0x0d,0x9a,0xc7,0xc9,0x61,0x08,0x14,0x0e,0x7d,0xef,0x6f,0xe9,0x53,0x3d,0x72,0x76,0x46,0xff,0x5b,0x3a,0xf2,0x73,0xc1,0xdf,0x95,0x76,0x2a,0x66,0xf3,0x2b,0x65,0xa0,0x96,0x34,0xd0,0x13,0xf5,0x4b,0x5d,0xd6,0x01,0x1f,0x91,0xbc,0x33,0x6c,0xa8,0xb3,0x55,0xce,0x33,0xf8,0xcf,0xbe,0xc2,0x53,0x5a,0x4c,0x42,0x7f,0x82,0x05,},"\xa7\xc0\x4e\x8b\xa7\x5d\x0a\x03\xd8\xb1\x66\xad\x7a\x1d\x77\xe1\xb9\x1c\x7a\xaf\x7b\xef\xdd\x99\x31\x1f\xc3\xc5\x4a\x68\x4d\xdd\x97\x1d\x5b\x32\x11\xc3\xee\xaf\xf1\xe5\x4e"},
+{{0x30,0xab,0x82,0x32,0xfa,0x70,0x18,0xf0,0xce,0x6c,0x39,0xbd,0x8f,0x78,0x2f,0xe2,0xe1,0x59,0x75,0x8b,0xb0,0xf2,0xf4,0x38,0x6c,0x7f,0x28,0xcf,0xd2,0xc8,0x58,0x98,},{0xec,0xfb,0x6a,0x2b,0xd4,0x2f,0x31,0xb6,0x12,0x50,0xba,0x5d,0xe7,0xe4,0x6b,0x47,0x19,0xaf,0xdf,0xbc,0x66,0x0d,0xb7,0x1a,0x7b,0xd1,0xdf,0x7b,0x0a,0x3a,0xbe,0x37,},{0x9a,0xf8,0x85,0x34,0x4c,0xc7,0x23,0x94,0x98,0xf7,0x12,0xdf,0x80,0xbc,0x01,0xb8,0x06,0x38,0x29,0x1e,0xd4,0xa1,0xd2,0x8b,0xaa,0x55,0x45,0x01,0x7a,0x72,0xe2,0xf6,0x56,0x49,0xcc,0xf9,0x60,0x3d,0xa6,0xeb,0x5b,0xfa,0xb9,0xf5,0x54,0x3a,0x6c,0xa4,0xa7,0xaf,0x38,0x66,0x15,0x3c,0x76,0xbf,0x66,0xbf,0x95,0xde,0xf6,0x15,0xb0,0x0c,},"\x63\xb8\x0b\x79\x56\xac\xbe\xcf\x0c\x35\xe9\xab\x06\xb9\x14\xb0\xc7\x01\x4f\xe1\xa4\xbb\xc0\x21\x72\x40\xc1\xa3\x30\x95\xd7\x07\x95\x3e\xd7\x7b\x15\xd2\x11\xad\xaf\x9b\x97\xdc"},
+{{0x0d,0xdc,0xdc,0x87,0x2c,0x7b,0x74,0x8d,0x40,0xef,0xe9,0x6c,0x28,0x81,0xae,0x18,0x9d,0x87,0xf5,0x61,0x48,0xed,0x8a,0xf3,0xeb,0xbb,0xc8,0x03,0x24,0xe3,0x8b,0xdd,},{0x58,0x8d,0xda,0xdc,0xbc,0xed,0xf4,0x0d,0xf0,0xe9,0x69,0x7d,0x8b,0xb2,0x77,0xc7,0xbb,0x14,0x98,0xfa,0x1d,0x26,0xce,0x0a,0x83,0x5a,0x76,0x0b,0x92,0xca,0x7c,0x85,},{0xc1,0x79,0xc0,0x94,0x56,0xe2,0x35,0xfe,0x24,0x10,0x5a,0xfa,0x6e,0x8e,0xc0,0x46,0x37,0xf8,0xf9,0x43,0x81,0x7c,0xd0,0x98,0xba,0x95,0x38,0x7f,0x96,0x53,0xb2,0xad,0xd1,0x81,0xa3,0x14,0x47,0xd9,0x2d,0x1a,0x1d,0xdf,0x1c,0xeb,0x0d,0xb6,0x21,0x18,0xde,0x9d,0xff,0xb7,0xdc,0xd2,0x42,0x40,0x57,0xcb,0xdf,0xf5,0xd4,0x1d,0x04,0x03,},"\x65\x64\x1c\xd4\x02\xad\xd8\xbf\x3d\x1d\x67\xdb\xeb\x6d\x41\xde\xbf\xbe\xf6\x7e\x43\x17\xc3\x5b\x0a\x6d\x5b\xbb\xae\x0e\x03\x4d\xe7\xd6\x70\xba\x14\x13\xd0\x56\xf2\xd6\xf1\xde\x12"},
+{{0x89,0xf0,0xd6,0x82,0x99,0xba,0x0a,0x5a,0x83,0xf2,0x48,0xae,0x0c,0x16,0x9f,0x8e,0x38,0x49,0xa9,0xb4,0x7b,0xd4,0x54,0x98,0x84,0x30,0x5c,0x99,0x12,0xb4,0x66,0x03,},{0xab,0xa3,0xe7,0x95,0xaa,0xb2,0x01,0x2a,0xcc,0xea,0xdd,0x7b,0x3b,0xd9,0xda,0xee,0xed,0x6f,0xf5,0x25,0x8b,0xdc,0xd7,0xc9,0x36,0x99,0xc2,0xa3,0x83,0x6e,0x38,0x32,},{0x2c,0x69,0x1f,0xa8,0xd4,0x87,0xce,0x20,0xd5,0xd2,0xfa,0x41,0x55,0x91,0x16,0xe0,0xbb,0xf4,0x39,0x7c,0xf5,0x24,0x0e,0x15,0x25,0x56,0x18,0x35,0x41,0xd6,0x6c,0xf7,0x53,0x58,0x24,0x01,0xa4,0x38,0x8d,0x39,0x03,0x39,0xdb,0xef,0x4d,0x38,0x47,0x43,0xca,0xa3,0x46,0xf5,0x5f,0x8d,0xab,0xa6,0x8b,0xa7,0xb9,0x13,0x1a,0x8a,0x6e,0x0b,},"\x4f\x18\x46\xdd\x7a\xd5\x0e\x54\x5d\x4c\xfb\xff\xbb\x1d\xc2\xff\x14\x5d\xc1\x23\x75\x4d\x08\xaf\x4e\x44\xec\xc0\xbc\x8c\x91\x41\x13\x88\xbc\x76\x53\xe2\xd8\x93\xd1\xea\xc2\x10\x7d\x05"},
+{{0x0a,0x3c,0x18,0x44,0xe2,0xdb,0x07,0x0f,0xb2,0x4e,0x3c,0x95,0xcb,0x1c,0xc6,0x71,0x4e,0xf8,0x4e,0x2c,0xcd,0x2b,0x9d,0xd2,0xf1,0x46,0x0e,0xbf,0x7e,0xcf,0x13,0xb1,},{0x72,0xe4,0x09,0x93,0x7e,0x06,0x10,0xeb,0x5c,0x20,0xb3,0x26,0xdc,0x6e,0xa1,0xbb,0xbc,0x04,0x06,0x70,0x1c,0x5c,0xd6,0x7d,0x1f,0xbd,0xe0,0x91,0x92,0xb0,0x7c,0x01,},{0x87,0xf7,0xfd,0xf4,0x60,0x95,0x20,0x1e,0x87,0x7a,0x58,0x8f,0xe3,0xe5,0xaa,0xf4,0x76,0xbd,0x63,0x13,0x8d,0x8a,0x87,0x8b,0x89,0xd6,0xac,0x60,0x63,0x1b,0x34,0x58,0xb9,0xd4,0x1a,0x3c,0x61,0xa5,0x88,0xe1,0xdb,0x8d,0x29,0xa5,0x96,0x89,0x81,0xb0,0x18,0x77,0x6c,0x58,0x87,0x80,0x92,0x2f,0x5a,0xa7,0x32,0xba,0x63,0x79,0xdd,0x05,},"\x4c\x82\x74\xd0\xed\x1f\x74\xe2\xc8\x6c\x08\xd9\x55\xbd\xe5\x5b\x2d\x54\x32\x7e\x82\x06\x2a\x1f\x71\xf7\x0d\x53\x6f\xdc\x87\x22\xcd\xea\xd7\xd2\x2a\xae\xad\x2b\xfa\xa1\xad\x00\xb8\x29\x57"},
+{{0xc8,0xd7,0xa8,0x81,0x8b,0x98,0xdf,0xdb,0x20,0x83,0x9c,0x87,0x1c,0xb5,0xc4,0x8e,0x9e,0x94,0x70,0xca,0x3a,0xd3,0x5b,0xa2,0x61,0x3a,0x5d,0x31,0x99,0xc8,0xab,0x23,},{0x90,0xd2,0xef,0xbb,0xa4,0xd4,0x3e,0x6b,0x2b,0x99,0x2c,0xa1,0x60,0x83,0xdb,0xcf,0xa2,0xb3,0x22,0x38,0x39,0x07,0xb0,0xee,0x75,0xf3,0xe9,0x58,0x45,0xd3,0xc4,0x7f,},{0xfa,0x2e,0x99,0x44,0x21,0xae,0xf1,0xd5,0x85,0x66,0x74,0x81,0x3d,0x05,0xcb,0xd2,0xcf,0x84,0xef,0x5e,0xb4,0x24,0xaf,0x6e,0xcd,0x0d,0xc6,0xfd,0xbd,0xc2,0xfe,0x60,0x5f,0xe9,0x85,0x88,0x33,0x12,0xec,0xf3,0x4f,0x59,0xbf,0xb2,0xf1,0xc9,0x14,0x9e,0x5b,0x9c,0xc9,0xec,0xda,0x05,0xb2,0x73,0x11,0x30,0xf3,0xed,0x28,0xdd,0xae,0x0b,},"\x78\x3e\x33\xc3\xac\xbd\xbb\x36\xe8\x19\xf5\x44\xa7\x78\x1d\x83\xfc\x28\x3d\x33\x09\xf5\xd3\xd1\x2c\x8d\xcd\x6b\x0b\x3d\x0e\x89\xe3\x8c\xfd\x3b\x4d\x08\x85\x66\x1c\xa5\x47\xfb\x97\x64\xab\xff"},
+{{0xb4,0x82,0x70,0x36,0x12,0xd0,0xc5,0x86,0xf7,0x6c,0xfc,0xb2,0x1c,0xfd,0x21,0x03,0xc9,0x57,0x25,0x15,0x04,0xa8,0xc0,0xac,0x4c,0x86,0xc9,0xc6,0xf3,0xe4,0x29,0xff,},{0xfd,0x71,0x1d,0xc7,0xdd,0x3b,0x1d,0xfb,0x9d,0xf9,0x70,0x4b,0xe3,0xe6,0xb2,0x6f,0x58,0x7f,0xe7,0xdd,0x7b,0xa4,0x56,0xa9,0x1b,0xa4,0x3f,0xe5,0x1a,0xec,0x09,0xad,},{0x58,0x83,0x2b,0xde,0xb2,0x6f,0xea,0xfc,0x31,0xb4,0x62,0x77,0xcf,0x3f,0xb5,0xd7,0xa1,0x7d,0xfb,0x7c,0xcd,0x9b,0x1f,0x58,0xec,0xbe,0x6f,0xeb,0x97,0x96,0x66,0x82,0x8f,0x23,0x9b,0xa4,0xd7,0x52,0x19,0x26,0x0e,0xca,0xc0,0xac,0xf4,0x0f,0x0e,0x5e,0x25,0x90,0xf4,0xca,0xa1,0x6b,0xbb,0xcd,0x8a,0x15,0x5d,0x34,0x79,0x67,0xa6,0x07,},"\x29\xd7\x7a\xcf\xd9\x9c\x7a\x00\x70\xa8\x8f\xeb\x62\x47\xa2\xbc\xe9\x98\x4f\xe3\xe6\xfb\xf1\x9d\x40\x45\x04\x2a\x21\xab\x26\xcb\xd7\x71\xe1\x84\xa9\xa7\x5f\x31\x6b\x64\x8c\x69\x20\xdb\x92\xb8\x7b"},
+{{0x84,0xe5,0x0d,0xd9,0xa0,0xf1,0x97,0xe3,0x89,0x3c,0x38,0xdb,0xd9,0x1f,0xaf,0xc3,0x44,0xc1,0x77,0x6d,0x3a,0x40,0x0e,0x2f,0x0f,0x0e,0xe7,0xaa,0x82,0x9e,0xb8,0xa2,},{0x2c,0x50,0xf8,0x70,0xee,0x48,0xb3,0x6b,0x0a,0xc2,0xf8,0xa5,0xf3,0x36,0xfb,0x09,0x0b,0x11,0x30,0x50,0xdb,0xcc,0x25,0xe0,0x78,0x20,0x0a,0x6e,0x16,0x15,0x3e,0xea,},{0x69,0xe6,0xa4,0x49,0x1a,0x63,0x83,0x73,0x16,0xe8,0x6a,0x5f,0x4b,0xa7,0xcd,0x0d,0x73,0x1e,0xcc,0x58,0xf1,0xd0,0xa2,0x64,0xc6,0x7c,0x89,0xbe,0xfd,0xd8,0xd3,0x82,0x9d,0x8d,0xe1,0x3b,0x33,0xcc,0x0b,0xf5,0x13,0x93,0x17,0x15,0xc7,0x80,0x96,0x57,0xe2,0xbf,0xb9,0x60,0xe5,0xc7,0x64,0xc9,0x71,0xd7,0x33,0x74,0x60,0x93,0xe5,0x00,},"\xf3\x99\x2c\xde\x64\x93\xe6\x71\xf1\xe1\x29\xdd\xca\x80\x38\xb0\xab\xdb\x77\xbb\x90\x35\xf9\xf8\xbe\x54\xbd\x5d\x68\xc1\xae\xff\x72\x4f\xf4\x7d\x29\x34\x43\x91\xdc\x53\x61\x66\xb8\x67\x1c\xbb\xf1\x23"},
+{{0xb3,0x22,0xd4,0x65,0x77,0xa2,0xa9,0x91,0xa4,0xd1,0x69,0x82,0x87,0x83,0x2a,0x39,0xc4,0x87,0xef,0x77,0x6b,0x4b,0xff,0x03,0x7a,0x05,0xc7,0xf1,0x81,0x2b,0xde,0xec,},{0xeb,0x2b,0xca,0xdf,0xd3,0xee,0xc2,0x98,0x6b,0xaf,0xf3,0x2b,0x98,0xe7,0xc4,0xdb,0xf0,0x3f,0xf9,0x5d,0x8a,0xd5,0xff,0x9a,0xa9,0x50,0x6e,0x54,0x72,0xff,0x84,0x5f,},{0xc7,0xb5,0x51,0x37,0x31,0x7c,0xa2,0x1e,0x33,0x48,0x9f,0xf6,0xa9,0xbf,0xab,0x97,0xc8,0x55,0xdc,0x6f,0x85,0x68,0x4a,0x70,0xa9,0x12,0x5a,0x26,0x1b,0x56,0xd5,0xe6,0xf1,0x49,0xc5,0x77,0x4d,0x73,0x4f,0x2d,0x8d,0xeb,0xfc,0x77,0xb7,0x21,0x89,0x6a,0x82,0x67,0xc2,0x37,0x68,0xe9,0xba,0xdb,0x91,0x0e,0xef,0x83,0xec,0x25,0x88,0x02,},"\x19\xf1\xbf\x5d\xcf\x17\x50\xc6\x11\xf1\xc4\xa2\x86\x52\x00\x50\x4d\x82\x29\x8e\xdd\x72\x67\x1f\x62\xa7\xb1\x47\x1a\xc3\xd4\xa3\x0f\x7d\xe9\xe5\xda\x41\x08\xc5\x2a\x4c\xe7\x0a\x3e\x11\x4a\x52\xa3\xb3\xc5"},
+{{0x96,0x0c,0xab,0x50,0x34,0xb9,0x83,0x8d,0x09,0x8d,0x2d,0xcb,0xf4,0x36,0x4b,0xec,0x16,0xd3,0x88,0xf6,0x37,0x6d,0x73,0xa6,0x27,0x3b,0x70,0xf8,0x2b,0xbc,0x98,0xc0,},{0x5e,0x3c,0x19,0xf2,0x41,0x5a,0xcf,0x72,0x9f,0x82,0x9a,0x4e,0xbd,0x5c,0x40,0xe1,0xa6,0xbc,0x9f,0xbc,0xa9,0x57,0x03,0xa9,0x37,0x60,0x87,0xed,0x09,0x37,0xe5,0x1a,},{0x27,0xd4,0xc3,0xa1,0x81,0x1e,0xf9,0xd4,0x36,0x0b,0x3b,0xdd,0x13,0x3c,0x2c,0xcc,0x30,0xd0,0x2c,0x2f,0x24,0x82,0x15,0x77,0x6c,0xb0,0x7e,0xe4,0x17,0x7f,0x9b,0x13,0xfc,0x42,0xdd,0x70,0xa6,0xc2,0xfe,0xd8,0xf2,0x25,0xc7,0x66,0x3c,0x7f,0x18,0x2e,0x7e,0xe8,0xec,0xcf,0xf2,0x0d,0xc7,0xb0,0xe1,0xd5,0x83,0x4e,0xc5,0xb1,0xea,0x01,},"\xf8\xb2\x19\x62\x44\x7b\x0a\x8f\x2e\x42\x79\xde\x41\x1b\xea\x12\x8e\x0b\xe4\x4b\x69\x15\xe6\xcd\xa8\x83\x41\xa6\x8a\x0d\x81\x83\x57\xdb\x93\x8e\xac\x73\xe0\xaf\x6d\x31\x20\x6b\x39\x48\xf8\xc4\x8a\x44\x73\x08"},
+{{0xeb,0x77,0xb2,0x63,0x8f,0x23,0xee,0xbc,0x82,0xef,0xe4,0x5e,0xe9,0xe5,0xa0,0x32,0x66,0x37,0x40,0x1e,0x66,0x3e,0xd0,0x29,0x69,0x9b,0x21,0xe6,0x44,0x3f,0xb4,0x8e,},{0x9e,0xf2,0x76,0x08,0x96,0x1a,0xc7,0x11,0xde,0x71,0xa6,0xe2,0xd4,0xd4,0x66,0x3e,0xa3,0xec,0xd4,0x2f,0xb7,0xe4,0xe8,0x62,0x7c,0x39,0x62,0x2d,0xf4,0xaf,0x0b,0xbc,},{0x18,0xdc,0x56,0xd7,0xbd,0x9a,0xcd,0x4f,0x4d,0xaa,0x78,0x54,0x0b,0x4a,0xc8,0xff,0x7a,0xa9,0x81,0x5f,0x45,0xa0,0xbb,0xa3,0x70,0x73,0x1a,0x14,0xea,0xab,0xe9,0x6d,0xf8,0xb5,0xf3,0x7d,0xbf,0x8e,0xae,0x4c,0xb1,0x5a,0x64,0xb2,0x44,0x65,0x1e,0x59,0xd6,0xa3,0xd6,0x76,0x1d,0x9e,0x3c,0x50,0xf2,0xd0,0xcb,0xb0,0x9c,0x05,0xec,0x06,},"\x99\xe3\xd0\x09\x34\x00\x3e\xba\xfc\x3e\x9f\xdb\x68\x7b\x0f\x5f\xf9\xd5\x78\x2a\x4b\x1f\x56\xb9\x70\x00\x46\xc0\x77\x91\x56\x02\xc3\x13\x4e\x22\xfc\x90\xed\x7e\x69\x0f\xdd\xd4\x43\x3e\x20\x34\xdc\xb2\xdc\x99\xab"},
+{{0xb6,0x25,0xaa,0x89,0xd3,0xf7,0x30,0x87,0x15,0x42,0x7b,0x6c,0x39,0xbb,0xac,0x58,0xef,0xfd,0x3a,0x0f,0xb7,0x31,0x6f,0x7a,0x22,0xb9,0x9e,0xe5,0x92,0x2f,0x2d,0xc9,},{0x65,0xa9,0x9c,0x3e,0x16,0xfe,0xa8,0x94,0xec,0x33,0xc6,0xb2,0x0d,0x91,0x05,0xe2,0xa0,0x4e,0x27,0x64,0xa4,0x76,0x9d,0x9b,0xbd,0x4d,0x8b,0xac,0xfe,0xab,0x4a,0x2e,},{0x01,0xbb,0x90,0x1d,0x83,0xb8,0xb6,0x82,0xd3,0x61,0x4a,0xf4,0x6a,0x80,0x7b,0xa2,0x69,0x13,0x58,0xfe,0xb7,0x75,0x32,0x5d,0x34,0x23,0xf5,0x49,0xff,0x0a,0xa5,0x75,0x7e,0x4e,0x1a,0x74,0xe9,0xc7,0x0f,0x97,0x21,0xd8,0xf3,0x54,0xb3,0x19,0xd4,0xf4,0xa1,0xd9,0x14,0x45,0xc8,0x70,0xfd,0x0f,0xfb,0x94,0xfe,0xd6,0x46,0x64,0x73,0x0d,},"\xe0\x72\x41\xdb\xd3\xad\xbe\x61\x0b\xbe\x4d\x00\x5d\xd4\x67\x32\xa4\xc2\x50\x86\xec\xb8\xec\x29\xcd\x7b\xca\x11\x6e\x1b\xf9\xf5\x3b\xfb\xf3\xe1\x1f\xa4\x90\x18\xd3\x9f\xf1\x15\x4a\x06\x66\x8e\xf7\xdf\x5c\x67\x8e\x6a"},
+{{0xb1,0xc9,0xf8,0xbd,0x03,0xfe,0x82,0xe7,0x8f,0x5c,0x0f,0xb0,0x64,0x50,0xf2,0x7d,0xac,0xdf,0x71,0x64,0x34,0xdb,0x26,0x82,0x75,0xdf,0x3e,0x1d,0xc1,0x77,0xaf,0x42,},{0x7f,0xc8,0x8b,0x1f,0x7b,0x3f,0x11,0xc6,0x29,0xbe,0x67,0x1c,0x21,0x62,0x1f,0x5c,0x10,0x67,0x2f,0xaf,0xc8,0x49,0x2d,0xa8,0x85,0x74,0x20,0x59,0xee,0x67,0x74,0xcf,},{0x4b,0x22,0x99,0x51,0xef,0x26,0x2f,0x16,0x97,0x8f,0x79,0x14,0xbc,0x67,0x2e,0x72,0x26,0xc5,0xf8,0x37,0x9d,0x27,0x78,0xc5,0xa2,0xdc,0x0a,0x26,0x50,0x86,0x9f,0x7a,0xcf,0xbd,0x0b,0xcd,0x30,0xfd,0xb0,0x61,0x9b,0xb4,0x4f,0xc1,0xae,0x59,0x39,0xb8,0x7c,0xc3,0x18,0x13,0x30,0x09,0xc2,0x03,0x95,0xb6,0xc7,0xeb,0x98,0x10,0x77,0x01,},"\x33\x1d\xa7\xa9\xc1\xf8\x7b\x2a\xc9\x1e\xe3\xb8\x6d\x06\xc2\x91\x63\xc0\x5e\xd6\xf8\xd8\xa9\x72\x5b\x47\x1b\x7d\xb0\xd6\xac\xec\x7f\x0f\x70\x24\x87\x16\x3f\x5e\xda\x02\x0c\xa5\xb4\x93\xf3\x99\xe1\xc8\xd3\x08\xc3\xc0\xc2"},
+{{0x6d,0x8c,0xdb,0x2e,0x07,0x5f,0x3a,0x2f,0x86,0x13,0x72,0x14,0xcb,0x23,0x6c,0xeb,0x89,0xa6,0x72,0x8b,0xb4,0xa2,0x00,0x80,0x6b,0xf3,0x55,0x7f,0xb7,0x8f,0xac,0x69,},{0x57,0xa0,0x4c,0x7a,0x51,0x13,0xcd,0xdf,0xe4,0x9a,0x4c,0x12,0x46,0x91,0xd4,0x6c,0x1f,0x9c,0xdc,0x8f,0x34,0x3f,0x9d,0xcb,0x72,0xa1,0x33,0x0a,0xec,0xa7,0x1f,0xda,},{0xa6,0xcb,0xc9,0x47,0xf9,0xc8,0x7d,0x14,0x55,0xcf,0x1a,0x70,0x85,0x28,0xc0,0x90,0xf1,0x1e,0xce,0xe4,0x85,0x5d,0x1d,0xba,0xad,0xf4,0x74,0x54,0xa4,0xde,0x55,0xfa,0x4c,0xe8,0x4b,0x36,0xd7,0x3a,0x5b,0x5f,0x8f,0x59,0x29,0x8c,0xcf,0x21,0x99,0x2d,0xf4,0x92,0xef,0x34,0x16,0x3d,0x87,0x75,0x3b,0x7e,0x9d,0x32,0xf2,0xc3,0x66,0x0b,},"\x7f\x31\x8d\xbd\x12\x1c\x08\xbf\xdd\xfe\xff\x4f\x6a\xff\x4e\x45\x79\x32\x51\xf8\xab\xf6\x58\x40\x33\x58\x23\x89\x84\x36\x00\x54\xf2\xa8\x62\xc5\xbb\x83\xed\x89\x02\x5d\x20\x14\xa7\xa0\xce\xe5\x0d\xa3\xcb\x0e\x76\xbb\xb6\xbf"},
+{{0x47,0xad,0xc6,0xd6,0xbf,0x57,0x1e,0xe9,0x57,0x0c,0xa0,0xf7,0x5b,0x60,0x4a,0xc4,0x3e,0x30,0x3e,0x4a,0xb3,0x39,0xca,0x9b,0x53,0xca,0xcc,0x5b,0xe4,0x5b,0x2c,0xcb,},{0xa3,0xf5,0x27,0xa1,0xc1,0xf1,0x7d,0xfe,0xed,0x92,0x27,0x73,0x47,0xc9,0xf9,0x8a,0xb4,0x75,0xde,0x17,0x55,0xb0,0xab,0x54,0x6b,0x8a,0x15,0xd0,0x1b,0x9b,0xd0,0xbe,},{0x4e,0x8c,0x31,0x83,0x43,0xc3,0x06,0xad,0xbb,0xa6,0x0c,0x92,0xb7,0x5c,0xb0,0x56,0x9b,0x92,0x19,0xd8,0xa8,0x6e,0x5d,0x57,0x75,0x2e,0xd2,0x35,0xfc,0x10,0x9a,0x43,0xc2,0xcf,0x4e,0x94,0x2c,0xac,0xf2,0x97,0x27,0x9f,0xbb,0x28,0x67,0x53,0x47,0xe0,0x80,0x27,0x72,0x2a,0x4e,0xb7,0x39,0x5e,0x00,0xa1,0x74,0x95,0xd3,0x2e,0xdf,0x0b,},"\xce\x49\x7c\x5f\xf5\xa7\x79\x90\xb7\xd8\xf8\x69\x9e\xb1\xf5\xd8\xc0\x58\x2f\x70\xcb\x7a\xc5\xc5\x4d\x9d\x92\x49\x13\x27\x8b\xc6\x54\xd3\x7e\xa2\x27\x59\x0e\x15\x20\x22\x17\xfc\x98\xda\xc4\xc0\xf3\xbe\x21\x83\xd1\x33\x31\x57\x39"},
+{{0x3c,0x19,0xb5,0x0b,0x0f,0xe4,0x79,0x61,0x71,0x9c,0x38,0x1d,0x0d,0x8d,0xa9,0xb9,0x86,0x9d,0x31,0x2f,0x13,0xe3,0x29,0x8b,0x97,0xfb,0x22,0xf0,0xaf,0x29,0xcb,0xbe,},{0x0f,0x7e,0xda,0x09,0x14,0x99,0x62,0x5e,0x2b,0xae,0x85,0x36,0xea,0x35,0xcd,0xa5,0x48,0x3b,0xd1,0x6a,0x9c,0x7e,0x41,0x6b,0x34,0x1d,0x6f,0x2c,0x83,0x34,0x36,0x12,},{0xef,0xbd,0x41,0xf2,0x6a,0x5d,0x62,0x68,0x55,0x16,0xf8,0x82,0xb6,0xec,0x74,0xe0,0xd5,0xa7,0x18,0x30,0xd2,0x03,0xc2,0x31,0x24,0x8f,0x26,0xe9,0x9a,0x9c,0x65,0x78,0xec,0x90,0x0d,0x68,0xcd,0xb8,0xfa,0x72,0x16,0xad,0x0d,0x24,0xf9,0xec,0xbc,0x9f,0xfa,0x65,0x53,0x51,0x66,0x65,0x82,0xf6,0x26,0x64,0x53,0x95,0xa3,0x1f,0xa7,0x04,},"\x8d\xdc\xd6\x30\x43\xf5\x5e\xc3\xbf\xc8\x3d\xce\xae\x69\xd8\xf8\xb3\x2f\x4c\xdb\x6e\x2a\xeb\xd9\x4b\x43\x14\xf8\xfe\x72\x87\xdc\xb6\x27\x32\xc9\x05\x2e\x75\x57\xfe\x63\x53\x43\x38\xef\xb5\xb6\x25\x4c\x5d\x41\xd2\x69\x0c\xf5\x14\x4f"},
+{{0x34,0xe1,0xe9,0xd5,0x39,0x10,0x7e,0xb8,0x6b,0x39,0x3a,0x5c,0xce,0xa1,0x49,0x6d,0x35,0xbc,0x7d,0x5e,0x9a,0x8c,0x51,0x59,0xd9,0x57,0xe4,0xe5,0x85,0x2b,0x3e,0xb0,},{0x0e,0xcb,0x26,0x01,0xd5,0xf7,0x04,0x74,0x28,0xe9,0xf9,0x09,0x88,0x3a,0x12,0x42,0x00,0x85,0xf0,0x4e,0xe2,0xa8,0x8b,0x6d,0x95,0xd3,0xd7,0xf2,0xc9,0x32,0xbd,0x76,},{0x32,0xd2,0x29,0x04,0xd3,0xe7,0x01,0x2d,0x6f,0x5a,0x44,0x1b,0x0b,0x42,0x28,0x06,0x4a,0x5c,0xf9,0x5b,0x72,0x3a,0x66,0xb0,0x48,0xa0,0x87,0xec,0xd5,0x59,0x20,0xc3,0x1c,0x20,0x4c,0x3f,0x20,0x06,0x89,0x1a,0x85,0xdd,0x19,0x32,0xe3,0xf1,0xd6,0x14,0xcf,0xd6,0x33,0xb5,0xe6,0x32,0x91,0xc6,0xd8,0x16,0x6f,0x30,0x11,0x43,0x1e,0x09,},"\xa6\xd4\xd0\x54\x2c\xfe\x0d\x24\x0a\x90\x50\x7d\xeb\xac\xab\xce\x7c\xbb\xd4\x87\x32\x35\x3f\x4f\xad\x82\xc7\xbb\x7d\xbd\x9d\xf8\xe7\xd9\xa1\x69\x80\xa4\x51\x86\xd8\x78\x6c\x5e\xf6\x54\x45\xbc\xc5\xb2\xad\x5f\x66\x0f\xfc\x7c\x8e\xaa\xc0"},
+{{0x49,0xdd,0x47,0x3e,0xde,0x6a,0xa3,0xc8,0x66,0x82,0x4a,0x40,0xad,0xa4,0x99,0x6c,0x23,0x9a,0x20,0xd8,0x4c,0x93,0x65,0xe4,0xf0,0xa4,0x55,0x4f,0x80,0x31,0xb9,0xcf,},{0x78,0x8d,0xe5,0x40,0x54,0x4d,0x3f,0xeb,0x0c,0x91,0x92,0x40,0xb3,0x90,0x72,0x9b,0xe4,0x87,0xe9,0x4b,0x64,0xad,0x97,0x3e,0xb6,0x5b,0x46,0x69,0xec,0xf2,0x35,0x01,},{0xd2,0xfd,0xe0,0x27,0x91,0xe7,0x20,0x85,0x25,0x07,0xfa,0xa7,0xc3,0x78,0x90,0x40,0xd9,0xef,0x86,0x64,0x63,0x21,0xf3,0x13,0xac,0x55,0x7f,0x40,0x02,0x49,0x15,0x42,0xdd,0x67,0xd0,0x5c,0x69,0x90,0xcd,0xb0,0xd4,0x95,0x50,0x1f,0xbc,0x5d,0x51,0x88,0xbf,0xbb,0x84,0xdc,0x1b,0xf6,0x09,0x8b,0xee,0x06,0x03,0xa4,0x7f,0xc2,0x69,0x0f,},"\x3a\x53\x59\x4f\x3f\xba\x03\x02\x93\x18\xf5\x12\xb0\x84\xa0\x71\xeb\xd6\x0b\xae\xc7\xf5\x5b\x02\x8d\xc7\x3b\xfc\x9c\x74\xe0\xca\x49\x6b\xf8\x19\xdd\x92\xab\x61\xcd\x8b\x74\xbe\x3c\x0d\x6d\xcd\x12\x8e\xfc\x5e\xd3\x34\x2c\xba\x12\x4f\x72\x6c"},
+{{0x33,0x1c,0x64,0xda,0x48,0x2b,0x6b,0x55,0x13,0x73,0xc3,0x64,0x81,0xa0,0x2d,0x81,0x36,0xec,0xad,0xbb,0x01,0xab,0x11,0x4b,0x44,0x70,0xbf,0x41,0x60,0x7a,0xc5,0x71,},{0x52,0xa0,0x0d,0x96,0xa3,0x14,0x8b,0x47,0x26,0x69,0x2d,0x9e,0xff,0x89,0x16,0x0e,0xa9,0xf9,0x9a,0x5c,0xc4,0x38,0x9f,0x36,0x1f,0xed,0x0b,0xb1,0x6a,0x42,0xd5,0x21,},{0x22,0xc9,0x9a,0xa9,0x46,0xea,0xd3,0x9a,0xc7,0x99,0x75,0x62,0x81,0x0c,0x01,0xc2,0x0b,0x46,0xbd,0x61,0x06,0x45,0xbd,0x2d,0x56,0xdc,0xdc,0xba,0xac,0xc5,0x45,0x2c,0x74,0xfb,0xf4,0xb8,0xb1,0x81,0x3b,0x0e,0x94,0xc3,0x0d,0x80,0x8c,0xe5,0x49,0x8e,0x61,0xd4,0xf7,0xcc,0xbb,0x4c,0xc5,0xf0,0x4d,0xfc,0x61,0x40,0x82,0x5a,0x96,0x00,},"\x20\xe1\xd0\x5a\x0d\x5b\x32\xcc\x81\x50\xb8\x11\x6c\xef\x39\x65\x9d\xd5\xfb\x44\x3a\xb1\x56\x00\xf7\x8e\x5b\x49\xc4\x53\x26\xd9\x32\x3f\x28\x50\xa6\x3c\x38\x08\x85\x94\x95\xae\x27\x3f\x58\xa5\x1e\x9d\xe9\xa1\x45\xd7\x74\xb4\x0b\xa9\xd7\x53\xd3"},
+{{0x5c,0x0b,0x96,0xf2,0xaf,0x87,0x12,0x12,0x2c,0xf7,0x43,0xc8,0xf8,0xdc,0x77,0xb6,0xcd,0x55,0x70,0xa7,0xde,0x13,0x29,0x7b,0xb3,0xdd,0xe1,0x88,0x62,0x13,0xcc,0xe2,},{0x05,0x10,0xea,0xf5,0x7d,0x73,0x01,0xb0,0xe1,0xd5,0x27,0x03,0x9b,0xf4,0xc6,0xe2,0x92,0x30,0x0a,0x3a,0x61,0xb4,0x76,0x54,0x34,0xf3,0x20,0x3c,0x10,0x03,0x51,0xb1,},{0x06,0xe5,0xd8,0x43,0x6a,0xc7,0x70,0x5b,0x3a,0x90,0xf1,0x63,0x1c,0xdd,0x38,0xec,0x1a,0x3f,0xa4,0x97,0x78,0xa9,0xb9,0xf2,0xfa,0x5e,0xbe,0xa4,0xe7,0xd5,0x60,0xad,0xa7,0xdd,0x26,0xff,0x42,0xfa,0xfa,0x8b,0xa4,0x20,0x32,0x37,0x42,0x76,0x1a,0xca,0x69,0x04,0x94,0x0d,0xc2,0x1b,0xbe,0xf6,0x3f,0xf7,0x2d,0xaa,0xb4,0x5d,0x43,0x0b,},"\x54\xe0\xca\xa8\xe6\x39\x19\xca\x61\x4b\x2b\xfd\x30\x8c\xcf\xe5\x0c\x9e\xa8\x88\xe1\xee\x44\x46\xd6\x82\xcb\x50\x34\x62\x7f\x97\xb0\x53\x92\xc0\x4e\x83\x55\x56\xc3\x1c\x52\x81\x6a\x48\xe4\xfb\x19\x66\x93\x20\x6b\x8a\xfb\x44\x08\x66\x2b\x3c\xb5\x75"},
+{{0xde,0x84,0xf2,0x43,0x5f,0x78,0xde,0xdb,0x87,0xda,0x18,0x19,0x4f,0xf6,0xa3,0x36,0xf0,0x81,0x11,0x15,0x0d,0xef,0x90,0x1c,0x1a,0xc4,0x18,0x14,0x6e,0xb7,0xb5,0x4a,},{0xd3,0xa9,0x2b,0xba,0xa4,0xd6,0x3a,0xf7,0x9c,0x22,0x26,0xa7,0x23,0x6e,0x64,0x27,0x42,0x8d,0xf8,0xb3,0x62,0x42,0x7f,0x87,0x30,0x23,0xb2,0x2d,0x2f,0x5e,0x03,0xf2,},{0x47,0x1e,0xbc,0x97,0x3c,0xfd,0xac,0xee,0xc0,0x72,0x79,0x30,0x73,0x68,0xb7,0x3b,0xe3,0x5b,0xc6,0xf8,0xd8,0x31,0x2b,0x70,0x15,0x05,0x67,0x36,0x90,0x96,0x70,0x6d,0xc4,0x71,0x12,0x6c,0x35,0x76,0xf9,0xf0,0xeb,0x55,0x0d,0xf5,0xac,0x6a,0x52,0x51,0x81,0x11,0x00,0x29,0xdd,0x1f,0xc1,0x11,0x74,0xd1,0xaa,0xce,0xd4,0x8d,0x63,0x0f,},"\x20\x51\x35\xec\x7f\x41\x7c\x85\x80\x72\xd5\x23\x3f\xb3\x64\x82\xd4\x90\x6a\xbd\x60\xa7\x4a\x49\x8c\x34\x7f\xf2\x48\xdf\xa2\x72\x2c\xa7\x4e\x87\x9d\xe3\x31\x69\xfa\xdc\x7c\xd4\x4d\x6c\x94\xa1\x7d\x16\xe1\xe6\x30\x82\x4b\xa3\xe0\xdf\x22\xed\x68\xea\xab"},
+{{0xba,0x4d,0x6e,0x67,0xb2,0xce,0x67,0xa1,0xe4,0x43,0x26,0x49,0x40,0x44,0xf3,0x7a,0x44,0x2f,0x3b,0x81,0x72,0x5b,0xc1,0xf9,0x34,0x14,0x62,0x71,0x8b,0x55,0xee,0x20,},{0xf7,0x3f,0xa0,0x76,0xf8,0x4b,0x6d,0xb6,0x75,0xa5,0xfd,0xa5,0xad,0x67,0xe3,0x51,0xa4,0x1e,0x8e,0x7f,0x29,0xad,0xd1,0x68,0x09,0xca,0x01,0x03,0x87,0xe9,0xc6,0xcc,},{0x57,0xb9,0xd2,0xa7,0x11,0x20,0x7f,0x83,0x74,0x21,0xba,0xe7,0xdd,0x48,0xea,0xa1,0x8e,0xab,0x1a,0x9a,0x70,0xa0,0xf1,0x30,0x58,0x06,0xfe,0xe1,0x7b,0x45,0x8f,0x3a,0x09,0x64,0xb3,0x02,0xd1,0x83,0x4d,0x3e,0x0a,0xc9,0xe8,0x49,0x6f,0x00,0x0b,0x77,0xf0,0x08,0x3b,0x41,0xf8,0xa9,0x57,0xe6,0x32,0xfb,0xc7,0x84,0x0e,0xee,0x6a,0x06,},"\x4b\xaf\xda\xc9\x09\x9d\x40\x57\xed\x6d\xd0\x8b\xca\xee\x87\x56\xe9\xa4\x0f\x2c\xb9\x59\x80\x20\xeb\x95\x01\x95\x28\x40\x9b\xbe\xa3\x8b\x38\x4a\x59\xf1\x19\xf5\x72\x97\xbf\xb2\xfa\x14\x2f\xc7\xbb\x1d\x90\xdb\xdd\xde\x77\x2b\xcd\xe4\x8c\x56\x70\xd5\xfa\x13"},
+{{0x0d,0x13,0x1c,0x45,0xae,0xa6,0xf3,0xa4,0xe1,0xb9,0xa2,0xcf,0x60,0xc5,0x51,0x04,0x58,0x7e,0xfa,0xa8,0x46,0xb2,0x22,0xbf,0x0a,0x7b,0x74,0xce,0x7a,0x3f,0x63,0xb6,},{0x3c,0x67,0x29,0xdb,0xe9,0x3b,0x49,0x9c,0x4e,0x61,0x4a,0x2f,0x21,0xbe,0xb7,0x29,0x43,0x8d,0x49,0x8e,0x1a,0xc8,0xd1,0x4c,0xba,0xd9,0x71,0x7a,0x5d,0xbd,0x97,0xcd,},{0xa9,0xc5,0xee,0x86,0xfb,0x06,0xd9,0xe4,0x6b,0x37,0x9c,0x32,0xdd,0xa7,0xc9,0x2c,0x9c,0x13,0xdb,0x27,0x4d,0xc2,0x41,0x16,0xfb,0xdd,0x87,0x86,0x96,0x04,0x54,0x88,0xcc,0x75,0xa5,0x2f,0xff,0x67,0xd1,0xa5,0x11,0x3d,0x06,0xe3,0x33,0xac,0x67,0xff,0x66,0x4b,0x3f,0x2a,0x40,0x5f,0xa1,0xd1,0x4d,0xd5,0xbb,0xb9,0x74,0x09,0xb6,0x06,},"\xb4\x29\x1d\x08\xb8\x8f\xb2\xf7\xb8\xf9\x9d\x0d\xce\x40\x07\x9f\xcb\xab\x71\x8b\xbd\x8f\x4e\x8e\xab\xc3\xc1\x42\x8b\x6a\x07\x1f\xb2\xa3\xc8\xeb\xa1\xca\xcc\xcf\xa8\x71\xb3\x65\xc7\x08\xbe\xf2\x68\x5b\xc1\x3e\x6b\x80\xbc\x14\xa5\xf2\x49\x17\x0f\xfc\x56\xd0\x14"},
+{{0xa7,0x5e,0x3b,0x6b,0x41,0x70,0xe4,0x44,0x78,0x1b,0xe4,0xee,0xac,0x3e,0x0f,0xda,0xa4,0xb4,0x35,0x6f,0x70,0x54,0x86,0xbc,0xb0,0x71,0xa3,0x25,0xae,0x07,0x1f,0xba,},{0x99,0x3d,0x38,0xa7,0xd7,0x2f,0x0a,0xee,0x15,0xff,0x6f,0x4f,0xdc,0x37,0xca,0x77,0x24,0xfd,0x13,0x73,0xa3,0x76,0x6b,0x27,0x5d,0xbc,0x77,0xe6,0x47,0x98,0x0e,0x0a,},{0xa5,0xdb,0x4d,0x3d,0x33,0x29,0xab,0xe3,0x69,0x79,0x59,0xe6,0xb5,0x94,0x7e,0xa8,0x60,0x1b,0x03,0xef,0x8e,0x1d,0x6f,0xe2,0x02,0x14,0x49,0x31,0x27,0x2c,0xa0,0xa0,0x9b,0x5e,0xb0,0xf3,0x90,0x57,0x2e,0xa7,0xef,0x03,0xc6,0x13,0x1e,0x9d,0xe5,0xf1,0x6b,0xf0,0xb0,0x34,0x24,0x4f,0x7e,0x10,0x4f,0xf5,0x31,0x1b,0xbf,0x66,0x3a,0x0d,},"\x40\x37\x86\x6f\x65\x48\xb0\x1c\xc6\xbc\xf3\xa9\x40\xe3\x94\x5a\xa2\xd1\x88\xb4\xb7\xf1\x82\xaa\x77\xec\x4d\x6b\x04\x28\xab\x5b\x84\xd8\x5d\xf1\x92\xa5\xa3\x8a\xda\x08\x9d\x76\xfa\x26\xbf\x67\x73\x6a\x70\x41\xa5\xeb\x8f\x0c\x57\x19\xeb\x39\x66\x93\xc4\x51\x60\xf8"},
+{{0xbc,0xbc,0xf5,0x61,0xec,0xc0,0x5a,0x41,0xc7,0xd7,0xe5,0x5e,0x69,0x6d,0x32,0xce,0x39,0xb4,0xd0,0x3c,0x1f,0x5f,0x3f,0x3a,0x89,0x27,0xfe,0x5e,0x62,0xe8,0x44,0xb2,},{0x4d,0xdf,0x53,0xfa,0xd6,0xa7,0xa9,0xed,0x30,0xf3,0xaf,0xec,0xca,0x13,0x6f,0xd7,0x84,0x3b,0x72,0xc2,0x43,0x09,0x08,0x91,0xae,0x40,0x21,0xa3,0x2c,0xad,0xff,0x1a,},{0x9f,0xf1,0x51,0x15,0xf6,0x66,0x1f,0x32,0x11,0xd7,0xa4,0x07,0x64,0x96,0x76,0x29,0xba,0x6a,0x52,0x63,0x95,0x1b,0xdc,0x3c,0x6a,0x4c,0x90,0xd0,0x70,0xf7,0xbe,0x00,0x02,0x4b,0x80,0xd8,0x3b,0x6b,0xc2,0x75,0x87,0xfc,0xff,0x5f,0x5c,0xcc,0x0e,0xb3,0xcd,0xe1,0x49,0x7c,0xf5,0x68,0x95,0x14,0x7a,0x06,0x3f,0x61,0xf0,0x8a,0xdf,0x0b,},"\x6f\x67\x16\xb6\x78\x47\x40\x98\x0a\xeb\xc3\x24\x88\x07\xe3\x1c\x12\x86\xac\x7b\x68\x1c\x00\xb6\x6c\x88\xff\x7a\x33\x6d\x44\x1f\xa5\xc3\xeb\x25\x6d\x20\xcf\x6d\x1a\xc9\x2c\xcf\xe4\xbe\x6d\xcc\x41\xb1\xaf\xf8\x46\xd3\x60\xc2\x43\x00\x1c\xab\xdf\xbf\x1a\x9b\x24\x04\x55"},
+{{0x21,0x05,0x32,0x80,0x5f,0xa9,0xcc,0x9b,0xe9,0x16,0xd2,0x13,0xca,0xc3,0x74,0xe3,0xcd,0x6f,0xc2,0x60,0x2a,0x54,0x4d,0x0c,0x1c,0xe2,0x9d,0x30,0x10,0x5d,0x69,0xab,},{0x10,0x69,0x9e,0x49,0x9b,0xe9,0x9e,0x2b,0x11,0xb9,0x8f,0x6f,0x86,0xb6,0x7c,0xdc,0x4c,0xcf,0x69,0xf3,0xc5,0x3c,0xe0,0x94,0x87,0x56,0x47,0xd2,0xd0,0xd0,0xec,0xc5,},{0x4c,0x2d,0x31,0xd5,0xbb,0xc4,0x2e,0x02,0x6d,0xc1,0xe0,0x79,0xec,0xc4,0xdd,0x07,0x2c,0x5d,0x2c,0xce,0x65,0xe3,0xdb,0x8d,0x8a,0x1d,0xd9,0x05,0x7f,0xaa,0x03,0x71,0x72,0x7f,0x72,0x72,0x31,0xa0,0xf0,0x60,0xfa,0x27,0x09,0x75,0x33,0xb6,0xdb,0x3b,0x8f,0x62,0x52,0xf2,0x79,0x3d,0x75,0x66,0x2c,0xaa,0xdf,0x5f,0x0f,0xcc,0x71,0x0e,},"\x9f\xc4\xd2\x8c\xfd\x25\xe6\xc0\xc5\xe7\x24\xe1\x9c\xa3\x9d\x71\xe5\x3b\xf4\xaa\x27\x96\xc5\x4c\x33\x51\xf1\x08\xfc\x70\xf2\x61\x1a\x62\xe0\xab\x90\xaf\x6a\xde\x52\x16\x78\x8e\x9e\xb2\xa8\x73\x05\x9b\x1e\x79\xd7\xd5\x9d\xeb\xd6\x8f\x2d\x4d\x80\xff\xe3\x1b\xf7\x4b\x92\x8c"},
+{{0x18,0x5d,0x64,0xb6,0x94,0x79,0xe0,0xba,0x0a,0x58,0x44,0xa1,0x0a,0xd8,0x41,0x25,0xba,0x11,0xc4,0xb4,0x0d,0x63,0xed,0xa2,0xc5,0x7a,0xfc,0x7e,0x01,0x9c,0x8e,0x0c,},{0xa5,0x76,0x4f,0x63,0x98,0xa5,0xae,0x22,0x66,0xa3,0x8f,0x97,0x14,0x53,0x3c,0x4b,0xbd,0x8d,0x07,0x82,0x6f,0x63,0xe2,0x04,0xcb,0xac,0x37,0x4b,0x0a,0xce,0xf1,0xbd,},{0x43,0xe0,0x38,0x7d,0xa5,0xba,0x09,0xa1,0x90,0xf6,0xe7,0xb2,0x68,0x05,0x78,0xd8,0x89,0x76,0x9b,0xcc,0x44,0x5e,0x5e,0xf5,0x71,0xb4,0x92,0x87,0x1c,0x15,0x5c,0x5b,0x9f,0x62,0x0b,0xfa,0xcf,0xbf,0x2d,0xf1,0xfd,0x87,0x44,0x46,0x04,0xb7,0x1b,0x2e,0x23,0x7b,0xaa,0xa7,0xee,0x20,0x93,0xed,0xe4,0xa6,0x01,0xed,0xf8,0x83,0xe3,0x07,},"\x4a\x08\x24\xfe\x70\xd4\x31\x54\x13\xd0\xa0\xca\xfb\xf4\xf5\xfe\x11\x7d\x5e\x07\xe1\xc3\xa4\xef\xfb\x9d\x0a\xe9\x14\x90\x23\x48\x78\xcc\xf6\x79\x2a\x91\xf6\x8c\x6a\x52\x0d\xe1\x60\x71\xf0\x8a\xbe\x35\xdc\x5e\xa4\x28\xf1\x95\x7b\x66\x33\x71\xce\x24\xc6\x09\xdd\x55\xb8\xf4\x93"},
+{{0xcf,0xa9,0xd9,0x16,0x4b,0x3c,0x4f,0x6f,0x72,0x26,0x35,0xd2,0x06,0x6c,0xd7,0xea,0x5e,0x55,0x33,0xd2,0xc7,0x4f,0x8a,0xdd,0x66,0x9c,0x37,0x1f,0xaa,0x47,0x64,0x26,},{0x41,0x16,0x9a,0x66,0xf9,0xa6,0x3f,0x28,0x57,0x82,0xa6,0xc2,0xdb,0x81,0xcc,0x3f,0x70,0xb3,0xad,0xa2,0x1a,0x68,0xc8,0x47,0x45,0xc8,0x8a,0x74,0xc3,0xb0,0xa2,0xde,},{0x01,0xd7,0xc9,0xb5,0x70,0x1a,0xf7,0x1e,0x2f,0x48,0x77,0xff,0xc9,0xb7,0xb5,0x30,0x5f,0x52,0x81,0x6d,0x44,0x58,0xe3,0x7e,0x41,0xc7,0x71,0x9f,0xac,0x1d,0x76,0xa0,0x1f,0xff,0x3f,0x50,0xfe,0x1a,0x58,0x75,0xcc,0xc3,0xfb,0x70,0x00,0x1c,0x94,0x7a,0x33,0xfc,0x8b,0x20,0x7d,0xe1,0x35,0x72,0xcc,0xdb,0x8b,0xa9,0x89,0x33,0xab,0x01,},"\x75\x76\x21\xb1\x67\x5d\xb7\xca\xce\xf7\xf2\x78\x25\x87\xff\x3a\xf5\x1a\x3e\xf2\xf4\xbc\xf9\x27\x9c\x4c\xe9\x40\x02\xe1\xf0\x04\x24\xbf\x0e\xb6\x21\x98\x2c\xc8\x5c\xb4\xd1\x71\xe5\x64\xa0\xc2\xf6\xe3\x56\x7a\x1a\xae\x2c\xdd\xb7\xe9\xb2\x5f\x47\xdc\x20\xa5\x10\x50\x54\x29\x69\xca"},
+{{0x1a,0xcb,0x4a,0x25,0x6c,0x2f,0x89,0x93,0xca,0x24,0xde,0x1e,0x00,0x14,0x60,0x6d,0x66,0x8b,0x5e,0x75,0x60,0x32,0xd2,0x69,0xf1,0xd2,0x4d,0x35,0x1c,0x8e,0xea,0x4a,},{0xcb,0xbd,0xcd,0x8c,0xbc,0x88,0x5a,0xb4,0x3a,0x05,0x7e,0x5f,0x95,0x79,0xf1,0x16,0x19,0x54,0x15,0x9e,0x7b,0x56,0x2e,0xa2,0x6c,0xd9,0xa4,0x3c,0x88,0xd3,0xf9,0x6d,},{0x05,0xaa,0x76,0xf7,0xfe,0x51,0x89,0x23,0x03,0xd7,0x89,0x14,0x71,0x59,0x95,0xe7,0xd7,0x68,0xff,0x77,0x14,0xce,0x27,0x0f,0x17,0x5e,0x56,0xaf,0x17,0xae,0x01,0x8d,0x3f,0xa9,0x39,0xf5,0xf6,0x20,0xde,0x82,0xbc,0xd1,0x54,0x96,0x87,0xb2,0x05,0xc7,0x87,0x12,0x03,0xe6,0x24,0x23,0x8c,0x4e,0x30,0x9f,0xab,0x7f,0x92,0xfb,0xaa,0x05,},"\xc4\x6a\x6d\x61\xaa\x0a\xed\x1c\x1d\x85\x47\xa7\x0b\x89\xb7\x19\x64\x75\xd5\xa4\x87\x08\x81\xb1\xec\xd0\xf0\xcb\x9c\x74\x5f\x8a\x2a\xdc\x80\x24\xe2\xdc\x55\xb5\x3a\xa5\xd3\x83\xa8\x1a\xab\xc1\xa4\x7e\x8d\x07\xd0\x0b\x7f\x0b\x56\xce\xdd\xbf\xb1\xf4\x24\xbb\x5c\x02\x18\x46\x78\xa6\x66"},
+{{0xac,0xe3,0xc4,0x64,0x24,0x82,0x36,0x22,0x97,0x9f,0xc3,0xa8,0x4a,0x7d,0xa6,0x9c,0x1d,0x52,0x7d,0x83,0x12,0xe8,0xfb,0x01,0x83,0x75,0xbd,0x3a,0x96,0xc2,0x9c,0x18,},{0x93,0x7c,0xf3,0x41,0x36,0xd9,0xe1,0xcc,0xe0,0xde,0x11,0xb1,0x2c,0x70,0xcb,0xfb,0x74,0x55,0x44,0x84,0x21,0xe9,0x2c,0x82,0xe7,0xc4,0x09,0x34,0xbf,0xf8,0xc6,0x76,},{0xfe,0xb8,0x89,0x6d,0xd3,0xfe,0x60,0x01,0xff,0xea,0x17,0x1b,0x37,0xb7,0x88,0xa6,0x9f,0x7f,0x85,0x01,0x93,0xa6,0x34,0x06,0xf5,0x63,0x76,0xdd,0x26,0x3d,0x09,0x9a,0xef,0x80,0xec,0xe6,0x7e,0x2c,0x43,0xf4,0x0e,0xca,0x46,0x2c,0x6b,0x71,0xe7,0x94,0x06,0xb1,0x8d,0xb7,0x4a,0xe5,0xd4,0x98,0x44,0xe3,0xb1,0x32,0xbc,0x2a,0x13,0x07,},"\xa9\xf1\x37\xbc\x90\x21\xbf\x10\x5a\xee\x25\xbe\x21\xcd\x9e\xe5\xb3\x54\x7c\xf1\x0c\xc5\xf9\x84\x76\xfb\x58\x8b\xd7\x0e\x2d\x6d\x6b\x08\x34\xe8\x42\xe4\xee\x94\x30\x3c\xf9\x6b\x09\xc1\x71\x53\x81\xb3\x6e\x14\xa4\x91\xb8\x0f\x89\x5e\xa4\x21\xb8\xec\x2b\x1d\x3c\x18\x7e\x02\x93\x5c\x55\x26"},
+{{0x88,0xf6,0x81,0x93,0x4e,0x33,0xc3,0x5c,0x07,0xdc,0x6e,0x5a,0x83,0x29,0x42,0xae,0x3d,0x59,0x90,0x3c,0xcd,0xe2,0xf7,0x6c,0xcb,0x75,0x87,0xce,0xa7,0xec,0x41,0xb6,},{0x6a,0x4e,0x8a,0xa5,0xad,0xb6,0x3d,0x22,0xfd,0x7b,0x14,0xa2,0x6f,0xdb,0x03,0xb7,0xc8,0xaa,0x6c,0xcd,0x5a,0x19,0x6f,0x2c,0x54,0xb0,0x46,0x5a,0xdb,0x50,0x92,0xe1,},{0x45,0xb2,0x7b,0xf1,0xb9,0xea,0xc0,0x6b,0x62,0xb6,0x86,0xf6,0xd5,0x46,0x56,0x3b,0x2d,0xfe,0x5b,0x17,0x5d,0xbe,0xf3,0x2b,0xf7,0x8c,0x35,0xa1,0x6c,0x95,0x8a,0x9d,0x4f,0x26,0xd2,0x91,0xde,0x9b,0xb2,0x06,0x6c,0x0a,0x28,0x61,0x13,0xcc,0x09,0x17,0x2d,0x40,0xa3,0x6d,0x4c,0xbd,0x95,0x17,0x08,0x86,0x02,0x26,0xeb,0x30,0xcd,0x05,},"\x6e\x8b\xac\x1f\x85\x3b\x81\xfe\xf9\x47\x07\xe1\x8c\xc6\x1c\x6f\x0a\x9c\xbc\x2a\x41\xd0\x78\xdc\xc8\x3f\xc0\x22\x9c\x7f\x8d\xbe\x6d\xbd\xd9\x08\x54\xb1\xf1\xae\x2b\x9f\x2b\x12\x0b\x86\xa8\x78\x6b\x4e\x78\xce\x23\xab\x86\xba\xaf\x88\x75\x4a\xf0\xf3\xd8\x88\x81\xda\xe0\xbc\x52\x61\xbf\xd0\x38"},
+{{0x48,0x05,0x0a,0x6e,0x01,0x58,0xf6,0xad,0x25,0x34,0x12,0xe4,0x49,0x7c,0xff,0x62,0xd5,0xee,0x55,0x5e,0xdf,0xfe,0x59,0xe4,0xdc,0x40,0x15,0x22,0x81,0x32,0x95,0xce,},{0x97,0x5e,0x01,0x0a,0xbb,0x9a,0x3e,0x56,0x65,0x91,0x37,0xb0,0x50,0x60,0x57,0xf2,0x83,0x98,0x2f,0x88,0x6c,0xa1,0x72,0xc7,0xbc,0x2c,0x50,0x0e,0xd9,0xbd,0x26,0xc1,},{0x72,0x16,0xab,0x60,0xc3,0x51,0x68,0x18,0x7d,0x0f,0xce,0x47,0x53,0xc8,0x6e,0x80,0x05,0x8d,0x54,0x0b,0x76,0xbf,0x95,0x84,0x3a,0x58,0x98,0x84,0x10,0x60,0xa9,0x9a,0x44,0xde,0x6f,0x43,0x96,0x25,0xa3,0xf6,0x36,0x5f,0x59,0xc3,0x77,0xbf,0x45,0x90,0x9b,0xbf,0xef,0x5c,0x50,0xb2,0x5f,0x31,0x94,0xe5,0xfb,0xd3,0x4e,0xa5,0xe7,0x06,},"\xed\x6e\xec\x29\xfb\x70\x49\xdf\xf7\x07\xf0\xa4\x42\x6e\xbc\x8f\x5b\x35\x0e\x95\x87\x0b\x9d\x61\x98\xc8\x13\x9e\x9c\x3e\x1e\x40\x99\x37\xd1\xa8\x58\xa0\xde\xa4\x82\xa5\xcb\x1a\x85\x4e\xd3\xb5\xa9\x39\x7a\xcb\x63\xbf\xf6\xb6\x40\x39\xef\x2e\xb1\x15\x9e\x99\x85\x83\x10\xbb\xbd\x86\x12\x5c\x3e\x0e"},
+{{0x18,0xd1,0x3d,0x0c,0x00,0xe8,0xe3,0x38,0x6a,0x5c,0xfb,0x30,0xa9,0xe7,0x9f,0xe8,0x8b,0x18,0x61,0xed,0x2d,0x12,0x01,0xeb,0x17,0x00,0x38,0xe1,0x94,0x77,0x04,0x03,},{0xa4,0xaf,0xc8,0x33,0x40,0x18,0x76,0x09,0x0d,0x9b,0x88,0x0c,0x41,0x26,0x7d,0x68,0xcb,0xbe,0xea,0xa3,0x8a,0xfb,0x20,0x88,0x4e,0x27,0x32,0x8f,0x3b,0x7f,0x53,0x5e,},{0x03,0x39,0x88,0x15,0x4c,0x5d,0x79,0xd2,0x51,0x0b,0xe8,0x3e,0x77,0x80,0x15,0xdf,0xe2,0xfb,0x85,0xb8,0x11,0x1f,0x7e,0xc1,0x39,0x91,0x8b,0x54,0x00,0xe3,0xd6,0x56,0xee,0x80,0xa9,0xf5,0xc9,0x07,0x2b,0x5b,0x46,0x7a,0x5c,0xc5,0xa5,0x7c,0xc8,0xad,0x10,0x62,0xb5,0xbf,0xf1,0x08,0x62,0xd9,0xd3,0x69,0xdd,0xe2,0xcc,0x96,0x67,0x01,},"\x91\x0f\x6c\x27\x2d\xd9\x79\x31\xac\x47\x31\x0d\x24\x4c\xad\xb4\x32\x51\x36\x5e\x02\xba\x9f\x6a\x5b\x3c\x32\x26\xbe\x9d\x7d\x3a\x74\xa2\xba\x49\x06\xe8\xe7\x1a\x4b\xf3\xd3\x55\x6e\xbd\xfc\x66\x6c\xd6\xb1\x2f\x20\xc4\xa0\x08\x34\xb8\x8f\xbb\x24\x45\x75\x19\x92\x86\xb0\xb9\x34\x4c\xf3\x34\xaf\xf0\x07"},
+{{0x4a,0xdc,0x8c,0x28,0x64,0x6a,0x93,0xa8,0x17,0x29,0x3a,0x14,0xd2,0x9b,0x48,0xe2,0xc6,0xd7,0x12,0xa6,0x89,0x93,0x54,0x7a,0x5c,0x5e,0x4d,0x14,0x52,0xac,0xbc,0x3a,},{0x7f,0x40,0x47,0x36,0x28,0xf2,0x3f,0xc0,0xdf,0xf0,0x02,0x1a,0xfd,0x48,0x77,0x40,0xd4,0x91,0x6a,0x91,0x22,0xe6,0xc9,0x7d,0x36,0x43,0x3e,0x5e,0xbf,0x04,0xf8,0x8c,},{0x6d,0x3b,0x4e,0x90,0xec,0x40,0x83,0x11,0xf9,0xb1,0x5b,0x92,0x53,0xd3,0xd9,0x5c,0x5d,0x15,0x26,0x20,0xc2,0x60,0xd5,0x63,0x02,0x55,0x5a,0x88,0x04,0xa5,0x10,0x4b,0xa5,0xe8,0xd2,0x9e,0xe1,0x08,0xe7,0x64,0xa6,0x42,0x19,0x29,0x72,0x98,0xab,0x76,0x74,0xbb,0xca,0x78,0x4d,0xee,0x28,0x77,0x3b,0x34,0xe1,0x85,0xa3,0x86,0xc2,0x08,},"\x09\xfb\x55\x01\xf1\x68\x8f\x80\xa0\xab\x9e\x22\xd7\x78\xae\x13\x0a\xca\xf7\x4d\x7f\x51\x85\xb4\xda\x19\x8c\x6b\x9e\xda\xc4\x30\x2e\x2b\x75\x3e\x57\x87\x66\xe1\x7d\x40\x56\xdc\x40\xd9\x5c\xf4\xca\x8b\xcc\x65\x65\x79\x5e\x97\xd6\x8b\xcd\xa7\x9f\xa7\x7c\x49\x33\x97\x71\x63\x56\x16\x4c\xaa\xb5\xd1\x9c\xfd"},
+{{0xf2,0x6e,0x1c,0x84,0x69,0x7a,0x49,0x08,0x15,0x1b,0x44,0x7d,0xcf,0x6c,0x7c,0x7a,0x38,0xb0,0x40,0x81,0xdb,0x9e,0x7c,0x77,0x38,0xe6,0xfe,0xc9,0x00,0xbe,0xd0,0xc1,},{0xa8,0x6e,0x14,0x22,0xc1,0x23,0x5f,0xf8,0xe1,0xaa,0x08,0x34,0x70,0xd5,0xe4,0x22,0x88,0xcb,0x00,0x7a,0xb5,0x0e,0x79,0x5d,0xd0,0xb4,0xff,0x87,0x39,0x49,0x66,0xc4,},{0x44,0xf3,0x34,0x4b,0x95,0x66,0xc9,0xdf,0xd2,0x2d,0x61,0x98,0xe1,0xcb,0xf9,0x5d,0x9e,0x28,0xf2,0x98,0x2f,0xc7,0xf1,0x66,0xab,0x25,0xdd,0xa3,0x0c,0x46,0xf7,0x68,0xc5,0x58,0xe0,0x39,0x4f,0xb9,0xab,0x3e,0x1d,0x4d,0xb4,0xcf,0x48,0x7c,0x17,0x64,0x1a,0x13,0xf3,0xf4,0x89,0x39,0xe0,0xc6,0x48,0x27,0xa7,0x51,0x03,0xc5,0x74,0x06,},"\x54\xed\x47\x60\x6a\x14\x87\xc2\xf9\x00\xce\xfb\x6e\x89\x9d\xba\xf6\xc3\x1c\xc8\x8e\xbe\x35\x58\xb8\x3b\x93\xf6\xd4\x22\xc3\x1e\x88\x8e\x48\xe5\x20\xee\xae\xdd\x7e\x55\x4a\x9c\xd4\x0c\x2c\x51\x9d\x53\x3b\x61\x44\xce\xe4\x84\xc3\x89\xe9\x76\xb1\xe4\x02\x2b\x50\xe7\xdb\xb8\x7e\xad\x7e\x54\x1a\x20\x04\xda\xf7"},
+{{0xcc,0x0c,0x33,0xf3,0xa8,0x6f,0x5a,0x17,0xd3,0x0c,0x18,0x6c,0xe0,0xf3,0xb7,0x40,0xba,0xfa,0x5f,0xe3,0xc7,0x09,0x0f,0x14,0x35,0x41,0xe2,0xb2,0xc1,0xe5,0x34,0xbc,},{0x96,0x7a,0x71,0xc7,0xcf,0x9b,0x82,0xcc,0x78,0xcb,0xe1,0x09,0x10,0x4d,0x8b,0x43,0x8a,0x8d,0x1f,0xd7,0x1d,0x26,0x0d,0x02,0x90,0x46,0xa9,0xa4,0x52,0x68,0x66,0xff,},{0xe2,0x77,0xb3,0xdd,0x65,0x5c,0x33,0xff,0x75,0xfa,0x92,0x0a,0xf1,0xfc,0xc8,0x59,0x40,0x1e,0x6c,0x7a,0x6e,0xf4,0xc6,0xbf,0xbf,0xac,0x50,0x69,0x63,0x8f,0x19,0xca,0x11,0x5b,0xaf,0x13,0xc0,0x9c,0x82,0xaf,0x79,0x3f,0xac,0xb6,0xab,0xd0,0xcd,0x58,0xe8,0x48,0x1b,0x08,0xc1,0xb6,0x8a,0xd7,0xa2,0x66,0x5c,0x4a,0x61,0x4a,0x28,0x06,},"\x19\x44\xe5\xe1\x55\xd7\x5e\x0d\x0b\xe9\x2e\x1b\xe1\x4c\xec\x37\x0a\xd1\x37\x91\xf2\xbf\xd4\x0f\x27\x12\x14\xe9\x4f\xcf\x21\x3c\x71\xbc\x20\xd7\xce\x0c\x75\x84\x42\x1a\xc4\xef\xc4\x51\x88\x3c\xc3\xf4\x95\x6f\x21\xf7\x3a\x42\x16\x72\x04\x38\xbc\x38\xff\x2c\xfd\xf3\x70\x99\x05\xa5\x0a\x9d\x94\xb1\xd9\xe7\x93\x2b"},
+{{0xf0,0xbc,0x97,0x93,0x75,0xa7,0x07,0x30,0x68,0xdb,0xa7,0xf6,0xc0,0x94,0xdb,0x65,0x98,0xb4,0xe4,0x5d,0xf7,0xd5,0x49,0x58,0x3c,0x22,0xfd,0xed,0x80,0x48,0xfa,0x2e,},{0xb4,0x2b,0x6c,0x57,0xa7,0x8f,0x1d,0x90,0x09,0x0a,0x71,0x81,0xab,0x2a,0xe0,0x9f,0x42,0x6c,0xbc,0x2b,0xe9,0x6e,0xb2,0xcf,0x27,0xab,0xc7,0x0d,0x7d,0x32,0xa4,0xb3,},{0x19,0xdb,0xc3,0x02,0x7f,0x9f,0xae,0x70,0x7d,0xeb,0x76,0xf5,0x88,0xf9,0xfd,0x07,0xaa,0x8e,0xae,0x29,0xbd,0x4e,0x1d,0x04,0xc2,0xc9,0x84,0x38,0x82,0x86,0xb3,0xb1,0x22,0x24,0x8a,0x6c,0x03,0xed,0x67,0xec,0xa3,0x5d,0xf4,0xdb,0x3d,0xc1,0xe4,0x23,0x7f,0x26,0x78,0x92,0x51,0x84,0x97,0xd9,0x55,0x2a,0x21,0xde,0x19,0xb5,0x14,0x0f,},"\x27\xab\x30\x49\xb5\xc6\x35\x1f\x6c\xfe\x38\xb1\x3a\x05\x9f\x50\x37\x25\x7e\xe3\xd6\x5d\x60\x79\x65\x68\x56\xed\xc8\x76\xea\x08\x1f\xd8\xa9\x48\x04\x66\xf8\x83\x94\x78\x08\x84\x66\xf5\x1e\xcb\xfa\xf2\xd6\x5d\xef\x25\xf0\xc4\xdd\x8d\x08\x58\x82\x02\x81\x22\x32\xf5\x79\x45\xdf\x8a\x6f\xa1\x61\xed\x8c\x03\x43\xb5\x83"},
+{{0x30,0x22,0x97,0x5f,0x29,0x8c,0x0a,0xd5,0xdd,0xbe,0x90,0x95,0x4f,0x20,0xe6,0x3a,0xe0,0xc0,0xd2,0x70,0x4c,0xf1,0x3c,0x22,0x1f,0x5b,0x37,0x20,0xaf,0x4d,0xba,0x32,},{0xb8,0x45,0xbc,0xe3,0x8e,0x26,0xab,0x02,0x7b,0x82,0x47,0x46,0x3d,0x43,0x7a,0x71,0xbb,0xdd,0xca,0x2a,0x23,0x81,0xd8,0x1f,0xad,0x4c,0x29,0x7d,0xf9,0x14,0x0b,0xd5,},{0xae,0x14,0xa8,0x60,0xfa,0xd0,0x05,0x1b,0x3e,0xb7,0x2b,0x37,0x21,0xa8,0x2f,0x7b,0x95,0x46,0xb2,0x86,0x72,0x61,0xe2,0xb7,0xb6,0x38,0x97,0x9e,0x25,0x61,0xbd,0xeb,0x89,0xb6,0x00,0x76,0x8f,0x82,0x45,0x0a,0x66,0xc8,0xb0,0x48,0x12,0x83,0xfa,0x21,0xcb,0x6c,0x53,0xbd,0xe3,0x50,0xef,0xfb,0x68,0xa7,0xd1,0x11,0x4b,0xfd,0xb2,0x03,},"\x9a\xa1\x9a\x59\x5d\x98\x93\x78\xcd\xc0\x68\x91\x88\x7e\xf5\xf9\xc2\x46\xe5\xf8\x3c\x0b\x65\x87\x10\x67\x3e\x4e\x7d\xb7\x60\xc7\x63\x54\xc4\xf5\xd1\xe9\x0d\xb0\x4a\x23\xb4\xfb\x43\x4c\x69\x38\x45\x93\xd0\x10\xe3\x12\xb1\x1d\x29\x9c\x9f\x97\x48\x2d\xe8\x87\xce\xcf\xe8\x2e\xa7\x23\xbc\xa7\x9a\x1b\xd6\x4d\x03\xef\x19\xee"},
+{{0x0f,0x71,0x0b,0x6c,0x48,0x1f,0x71,0x44,0x95,0x89,0x75,0x33,0x12,0xef,0x64,0x93,0x2b,0x46,0x52,0xeb,0xe0,0xe0,0x75,0x97,0xf7,0xda,0x1c,0x4f,0x3d,0xcf,0xfb,0x80,},{0x69,0x73,0xff,0x29,0x32,0xcc,0xdd,0xfc,0x1d,0x16,0xc4,0xc0,0xda,0x50,0xc8,0xb2,0x9f,0xe6,0x45,0x2d,0x1e,0xe8,0x4d,0x52,0x06,0x4e,0xbf,0x3d,0x62,0x8d,0x40,0x3e,},{0x02,0xa8,0xd2,0x6a,0xee,0x11,0x42,0x0f,0xb4,0xf0,0x9d,0x11,0x63,0xe1,0x4b,0x86,0x7d,0xf7,0xc6,0xf6,0xc8,0xf8,0xdc,0x7a,0x78,0x03,0x46,0x59,0xf0,0x40,0x1c,0xad,0x0a,0xa9,0x03,0x97,0xef,0xdd,0x07,0x04,0xb7,0x98,0xdb,0x19,0x36,0x50,0x30,0x26,0xe2,0xa1,0xad,0xc2,0x97,0xe2,0x79,0x74,0xd4,0xbe,0x31,0x2a,0x37,0x53,0xf8,0x04,},"\x85\xd8\x57\x44\xad\x55\xe9\xef\x9a\x65\xca\x91\xe8\x5c\x8a\x4f\x80\xe4\xc5\x8f\x8e\x4e\x93\x54\xe8\x33\x98\x60\x98\xb7\xd9\xfe\x9f\xdc\x0d\xed\xb0\xd7\x5d\x25\x39\xfb\xa0\x00\x34\xfc\x0c\x2e\x84\x34\x4d\x1e\xda\xa0\x9d\x4f\x63\xd5\x54\x6d\x67\x80\x3d\xd6\xb5\x4d\xdc\xc0\xb1\xd3\xf2\x58\x2d\xd7\x52\x89\xe3\x1d\xe4\x2e\x69"},
+{{0x7a,0x05,0xf1,0x21,0xf6,0x01,0x12,0xdd,0x16,0xfe,0xe8,0xc9,0x1b,0xc2,0xa1,0x14,0x79,0xf4,0xb6,0x7e,0xe3,0x34,0x56,0x04,0x2c,0x8d,0xe1,0x67,0xfc,0x58,0x80,0x17,},{0xb3,0xb0,0x5b,0xe9,0x89,0xce,0xa7,0x19,0x75,0x05,0xd4,0xb5,0x43,0x35,0xe5,0xe1,0xd7,0x7a,0x4b,0x52,0xba,0x72,0x82,0x60,0x4b,0xbc,0x1c,0xf6,0xc4,0xe8,0x7a,0x6c,},{0xd3,0x0c,0xe8,0xa3,0x22,0xb4,0x50,0xa2,0xfb,0x1a,0xfd,0x32,0x9c,0xec,0x85,0x59,0xcc,0xf1,0x12,0xbd,0x83,0x96,0x5f,0x9e,0xc4,0x73,0x62,0x70,0xa0,0x91,0x4e,0x06,0x11,0x96,0xbf,0x52,0x09,0x77,0x8c,0x9f,0x8c,0xcf,0x39,0xc4,0x66,0x8b,0xbf,0x0e,0x13,0x63,0xf8,0x1a,0xfe,0x45,0xdd,0x74,0xe8,0x0d,0x58,0x75,0xdd,0xbf,0x6f,0x01,},"\xd9\xc5\x9e\x8c\xc4\xed\xe5\x37\xbe\x21\x22\xab\x49\x2a\x5b\x91\x5a\x9b\x0a\x11\x4b\x2a\xde\x35\x6f\xc0\x45\x7e\xf9\x87\x22\xd5\xf5\x67\xb8\x62\x11\xe2\x83\x69\xd1\x41\x68\xec\x4a\x3c\x80\x40\x76\xe1\x54\xad\xc7\x0a\x66\x8c\xf6\x4a\x20\xd1\x3c\xf1\x90\xd1\x15\xcd\x68\x8d\x03\x6e\x46\x93\x82\x51\xdf\x49\x64\xdc\x35\x17\xb1\x0c"},
+{{0xbf,0x38,0x1f,0x8d,0xfb,0x5d,0x0c,0x6d,0x64,0xe4,0x16,0xac,0x23,0xe0,0xd0,0xfc,0xb8,0x6e,0xbb,0x89,0x9b,0x1d,0x14,0x6a,0xbd,0x91,0x1b,0x92,0xa7,0x80,0x8e,0xb6,},{0x86,0x3f,0xad,0x8d,0x1f,0x1b,0xc6,0x30,0xa1,0x5f,0x6f,0xe8,0xec,0xef,0xe6,0xb4,0x49,0x7b,0x60,0xb2,0x1a,0xe8,0x83,0x0d,0xa4,0x67,0x42,0x04,0x5f,0xef,0x15,0x6f,},{0x99,0xb7,0x53,0x78,0x73,0x8f,0xca,0xc8,0x06,0x76,0x69,0xe8,0x50,0x9b,0x5d,0x26,0x07,0xe1,0xef,0x76,0xaf,0x90,0x04,0xe1,0x3f,0xe5,0xd3,0x93,0x2d,0xf6,0x0b,0x16,0x82,0x16,0xf5,0x85,0x65,0x34,0x0f,0xa4,0xd6,0x38,0x05,0x5a,0x89,0x04,0x4e,0xe7,0xd4,0x5e,0x2b,0xd0,0x82,0xa5,0x33,0x82,0x28,0x9a,0x34,0x70,0x06,0x48,0x98,0x0e,},"\x86\x54\xf2\xf5\xc6\xdc\xd2\xcf\xcb\xb6\xed\x8d\x2b\xc5\xfb\x5f\xec\x53\xe3\xef\xfb\x0d\xe6\x5a\xac\x50\x7f\xa5\x6c\x89\x77\x32\x39\x5a\xa0\x99\x46\xd3\xb6\x58\x6a\x92\xed\xd6\xdc\x99\x31\x5e\x1b\xa7\x4c\x6a\x02\x47\xc4\xba\x77\x60\xb9\x48\xeb\x3c\x09\x32\xd9\xfe\x1f\x0e\x9f\xea\x6e\xb6\x1a\x54\x8a\x9a\xb4\x8f\xfd\xf1\x54\x73\x29"},
+{{0x36,0x98,0x32,0x41,0xa0,0xa8,0xe6,0x0c,0xe0,0x2a,0x61,0xb3,0xfa,0xfa,0xb1,0x5a,0x73,0x13,0xa5,0xa2,0x70,0xd0,0x15,0xb9,0xc9,0xec,0x07,0x0d,0xc4,0x2d,0xee,0xda,},{0x66,0x47,0x98,0x4d,0x42,0xb9,0xa5,0xb3,0xb1,0xaf,0xa3,0xb7,0xf8,0xf4,0x9d,0x4c,0x2b,0x05,0xe3,0x89,0x84,0xe9,0x9c,0xea,0x8f,0xd6,0x82,0x35,0xd2,0xae,0x46,0x27,},{0xee,0x37,0xdf,0x8a,0xf4,0x22,0xf9,0x1f,0x85,0xdf,0xe4,0x3e,0xfe,0x79,0xf6,0x23,0x78,0x06,0x8c,0xcd,0xba,0xf3,0x91,0x6e,0xec,0xbc,0x3a,0xdf,0xed,0x05,0x08,0xbd,0xeb,0xaf,0x5c,0xe0,0x6b,0x3b,0xc2,0x79,0xf7,0x80,0x87,0xf0,0xdb,0x8d,0xb3,0xc6,0x82,0x3e,0xdf,0xb3,0x2c,0x12,0x21,0x78,0x30,0xbe,0x72,0x3d,0x88,0x72,0xb3,0x0c,},"\xce\xbb\x9e\x40\x44\x51\x81\x82\x53\xc0\x39\x2a\x45\x54\xee\x73\x23\xc5\xd5\xb8\xb2\x26\x77\x57\x00\xb8\x06\xed\x5b\x91\x33\x79\x16\xea\x7e\xcb\xc3\xd4\x10\x3f\xc6\x5e\x53\x72\xae\x7e\x5f\x9b\xa2\xd8\xf5\xae\xe2\x4c\xcf\x6e\x63\x1a\xe2\x0c\x4a\xf9\xb5\xf7\x28\xcd\xf8\x9e\x81\x89\xde\xf1\xa5\xb3\xd3\x53\x47\xaa\x20\x35\x25\xea\x1d\x2e"},
+{{0xd0,0x68,0x99,0xf9,0x3a,0x40,0x8d,0xac,0xb4,0x1c,0x96,0x97,0x18,0x34,0x6f,0x1e,0x28,0x9b,0xb5,0xea,0x65,0xe2,0x83,0xff,0x79,0xc7,0x05,0xa0,0x74,0x51,0x7c,0x35,},{0x46,0xbf,0x2a,0x08,0xa0,0x76,0xc4,0x7d,0x7f,0x11,0xb7,0x33,0xf8,0x14,0x1c,0x35,0x53,0x63,0xed,0x85,0xd7,0xde,0xf2,0x6b,0xa6,0xa0,0xce,0x15,0xac,0x5f,0x2b,0xe8,},{0x6f,0x89,0xde,0x92,0xa6,0x6b,0xc5,0xf4,0x14,0x43,0x39,0x12,0x49,0x50,0xbd,0xf5,0x88,0x14,0x4c,0xb3,0x72,0xf6,0x73,0x62,0x45,0x35,0x1c,0x94,0x76,0xbe,0xcc,0x59,0xa2,0x58,0xf9,0xa9,0x33,0xff,0xff,0x2b,0xef,0x4b,0x46,0xcd,0x10,0x57,0x39,0x52,0x25,0x79,0x9f,0xd0,0x9d,0xed,0xe6,0x82,0x3d,0xb0,0xe3,0x25,0xdb,0xc8,0x14,0x0d,},"\x08\x64\xc3\x9a\xc4\xfd\xa8\xeb\x90\x48\x59\x7b\xd4\x0b\xe0\x40\x10\x21\xfd\x2d\xd3\xa3\x39\x0a\x8f\xac\xce\x98\x4b\x26\x0a\x13\xfa\x2c\x7c\xfc\x00\xd1\x92\xfa\xdf\x13\x4a\x0a\xd5\xa1\x81\xee\x89\xef\xf0\xc7\x95\xea\xa0\xfb\xfe\x2f\x3b\x26\x11\x5d\x07\x16\x8d\xb4\x2e\xd2\x1a\x51\x30\x3b\x19\x58\xe4\xa4\x2d\xc0\x65\xb2\x2c\xe4\x8f\x17\xa6"},
+{{0xee,0xbc,0xa7,0x96,0x69,0x70,0xee,0x9f,0x2c,0xc4,0xd7,0x4c,0x6f,0x1d,0x8e,0x0e,0xbf,0xf7,0xc4,0x5a,0xeb,0xad,0x34,0x9f,0xb9,0xf8,0x6d,0xf6,0x28,0xdf,0xff,0x0e,},{0x89,0x10,0x1e,0x03,0x09,0xf7,0x67,0xe6,0x4a,0xe9,0xc9,0x8c,0x4a,0x5d,0x8d,0x23,0x28,0xfb,0x3e,0xf2,0x62,0xd0,0x82,0xf4,0x9b,0x64,0xca,0x20,0x9e,0x19,0x90,0xf6,},{0x7d,0x44,0x7e,0xe5,0x32,0x8c,0x9f,0xe7,0xf1,0x19,0x36,0xcc,0x42,0x99,0x87,0x54,0xa5,0x6c,0xd1,0xd2,0xa6,0x95,0x1a,0xf4,0xfe,0xe7,0xc4,0xa8,0xeb,0x31,0x9d,0x49,0x23,0x70,0x7c,0x79,0x3c,0x55,0xd7,0x90,0x67,0xf8,0x22,0xd5,0xb1,0x6b,0xb5,0x77,0x6e,0x38,0xdf,0xfa,0xbc,0x67,0x23,0x7a,0x91,0x6a,0x81,0xa6,0x33,0x39,0xb0,0x03,},"\x0f\xac\x79\x0a\xdb\x9f\x59\xe5\xcb\x0d\xdc\xb2\xb6\x67\x17\x2f\x2a\x21\x03\x4d\x93\xbc\xad\xdf\x18\x86\x06\xfa\x9e\x77\x6d\xb3\x3a\x8f\xcc\x6b\xd7\xf5\x56\x78\x83\xfc\x0d\xe3\x51\xaa\x9a\xfa\xa3\x6d\x20\x75\xb1\xba\x85\x3b\xad\xa8\x49\xb8\x66\x1d\x5c\x81\x54\xe7\xb0\xaf\xea\x65\x6d\xd1\x5e\x01\xa9\xc5\xba\x21\x58\x9b\x02\xf8\xfc\x54\x81\xc2"},
+{{0x38,0x20,0xb6,0xb1,0x59,0x39,0xd0,0xaf,0xe1,0x8c,0x9c,0xb3,0xd9,0xa2,0xa0,0x8f,0x16,0x7d,0xd4,0x58,0xeb,0x6c,0x7e,0x3f,0x15,0x58,0xb0,0xc6,0xdb,0x4c,0x68,0x90,},{0x80,0xb8,0x5c,0x65,0x59,0xfe,0xa8,0xb4,0x00,0xe1,0x99,0x9c,0xc5,0xbf,0xed,0x50,0x7a,0xd7,0xfc,0x29,0x4c,0xd9,0xba,0x0c,0xe2,0xdd,0x25,0x84,0xa9,0x10,0x89,0xb0,},{0x82,0x3e,0xe2,0xc0,0xc8,0xd8,0x7f,0xaa,0x0e,0xc0,0x14,0x1e,0x9c,0xe0,0x8b,0x51,0xe5,0x7c,0x83,0x97,0x92,0xd1,0xfb,0xd9,0x7a,0x96,0x72,0x07,0xfd,0x41,0x58,0x49,0xeb,0xfb,0x5d,0xad,0xb5,0xa1,0xdc,0x2c,0x0a,0x8b,0x7f,0xc6,0x3f,0xc3,0x54,0x85,0x7b,0x8c,0x90,0xc4,0x47,0x20,0xe1,0x3f,0x45,0xcd,0x01,0xe7,0xaa,0x23,0x14,0x0c,},"\x3e\x5a\xd9\x2d\x44\xb4\x0e\x86\x14\xd8\x08\x7c\x9c\x74\x3d\xe0\xc0\x86\x1a\x07\xf1\xf5\x14\x6d\x71\xca\xc2\xf3\x74\x00\x24\xe8\x41\xcc\x2d\x46\x02\x7c\xf5\xd2\x61\xd3\xee\x7c\x18\x75\xb3\x95\x51\x01\x7b\x5f\xb1\x46\x81\x14\xfc\x3e\x09\x8a\x89\x9c\xdb\xd5\x58\xb3\x9f\x09\x8e\x15\x6b\x6e\x98\x01\xeb\xcd\xd6\x5f\xed\x56\xdb\xfc\xaf\x2c\x8c\x78\x7b"},
+{{0x0d,0x20,0xfa,0x4a,0x37,0xff,0x30,0xc4,0xdc,0xc3,0xe4,0x4e,0xa7,0xac,0x50,0x11,0x37,0xe5,0x80,0x7e,0x97,0x81,0x33,0x0a,0xc3,0x10,0x98,0x2c,0xc3,0xd3,0x9d,0xbd,},{0x67,0xbb,0x0a,0x01,0xbc,0x86,0x17,0xb4,0x91,0xef,0xf1,0xa3,0x26,0xc1,0xc7,0x0f,0x7d,0x0c,0x5b,0x95,0xa5,0xad,0x48,0x24,0x1a,0xed,0xce,0x1c,0x6f,0x08,0x83,0xcf,},{0xde,0xab,0x12,0xed,0x82,0xba,0x94,0xb4,0x69,0xca,0x98,0xb6,0x6f,0xa2,0x04,0x44,0xb4,0xb7,0x88,0x1c,0x4f,0x0f,0x85,0x34,0x09,0xc9,0xa1,0x50,0x4a,0x5b,0x2b,0x6d,0x78,0x60,0xf2,0x6a,0xda,0x6b,0xf7,0x34,0x59,0xb9,0xcd,0xb5,0x73,0xc8,0x01,0x71,0x21,0x33,0x8e,0xfa,0x60,0xf4,0x14,0x80,0x86,0xd7,0xa3,0xa8,0xed,0x59,0xbb,0x07,},"\x35\xe0\xf4\xb4\xa5\x17\xf9\xc7\xaa\x45\x14\xf0\x3e\x6d\x65\xf1\x9b\x27\xc6\x2c\xc0\x69\xf6\xbf\x07\xdd\x63\x78\xbd\x6a\xfe\x2b\x76\x65\x60\x00\x6c\xbd\x57\x30\xa0\x09\x19\xed\x11\x19\x1f\xb0\xc8\xda\xc5\x6e\x15\x3f\xc1\xce\xa4\xbd\xce\x50\x46\xcc\xcb\x71\x77\x59\xa4\x08\x3e\x1c\x16\xf7\x40\x76\x32\x64\xcc\x80\x4d\xe0\xd0\xe1\xa4\xb5\xa2\x30\x67\xaf"},
+{{0xbe,0xe1,0x61,0x88,0x1d,0x81,0x9b,0x37,0x0d,0x24,0x0d,0x50,0x9b,0xa4,0x6b,0x06,0xfb,0x82,0x8e,0x20,0x31,0x0d,0x9f,0x6b,0x30,0x97,0x80,0x70,0x3e,0x98,0x92,0x7b,},{0x10,0x85,0x43,0x80,0xde,0x89,0x16,0x2b,0xfb,0x9f,0x78,0x35,0xa2,0x71,0x6a,0x3a,0x6e,0x02,0x65,0x67,0x1b,0x25,0x0b,0x38,0x9d,0x01,0xc3,0xbc,0xc0,0x37,0x36,0xb8,},{0xb0,0x7d,0x07,0x2e,0xb3,0x83,0x1f,0xae,0x8a,0x06,0xef,0xfa,0x92,0x01,0x79,0x74,0x96,0xdc,0xe1,0x26,0xb8,0xe1,0x1f,0xef,0x2f,0xa0,0x7f,0x66,0x4d,0xc5,0xcf,0x3d,0x4b,0xf9,0xc3,0x8a,0x8b,0x3c,0x09,0xfb,0x5f,0x14,0xfa,0x2d,0xeb,0x21,0x9e,0x7d,0x85,0x2f,0xdd,0x27,0xc7,0xba,0x32,0xd3,0x09,0x94,0x2f,0x27,0x46,0xdf,0xe4,0x04,},"\x5a\x6f\xe5\x99\xb6\xb0\x9b\x05\xc0\xba\x6a\x62\x2d\xf3\xa9\x2b\x3d\x37\x6d\x24\xd0\x4e\xa8\x5e\xbe\x76\x7b\xc2\xec\x4d\x14\xe8\x3e\x69\x37\xdc\x0b\x91\x4b\x48\x09\xfd\xb6\x07\x90\x68\x41\xa6\xfd\x1d\xcd\xf6\x1a\xae\xa8\xf9\xbb\x81\xb2\xcc\xaa\x32\xdf\x41\x29\x89\xae\x53\x64\x66\x80\xa7\x1a\x21\x1c\x84\x40\xea\xb0\xf1\xae\xc5\xe4\xfc\x00\xe6\xa2\xc9\x6d"},
+{{0x70,0x15,0x0e,0x95,0x16,0x16,0x4a,0x3d,0x7b,0x7e,0x8b,0x6f,0x25,0x5b,0x65,0xca,0xc9,0xf0,0x74,0x59,0xb3,0x2d,0x11,0xbb,0x94,0xb3,0xd2,0x77,0x20,0x8a,0xbc,0x99,},{0x23,0x28,0xbe,0xc8,0xe4,0x03,0x51,0x04,0x78,0x82,0xe8,0xb4,0x3b,0xc1,0xab,0x08,0x53,0x86,0xfa,0x47,0x98,0x7e,0x46,0xea,0x87,0x60,0x88,0x14,0xc5,0xda,0x71,0x3c,},{0xed,0xa3,0xf5,0x03,0x3e,0xa7,0x95,0x3a,0x0d,0x58,0x3c,0x64,0x57,0x52,0x2e,0x84,0xad,0x78,0x44,0x53,0x04,0xd4,0x8e,0x57,0x7d,0x4d,0x69,0xe8,0x64,0x1f,0xeb,0xe1,0x52,0x48,0xd8,0xd9,0x0c,0xe0,0x94,0x4a,0x8f,0x80,0x1d,0x39,0x09,0x9b,0xc7,0x74,0x94,0xba,0xc4,0xce,0x2a,0x20,0xb3,0x83,0x69,0xc6,0xad,0xfb,0x71,0xe0,0x3d,0x0f,},"\x77\xbe\x8e\xce\xaa\xb4\x31\xa1\x3c\x2a\x28\xd0\xd1\x55\x64\x89\xd8\xc3\x92\xfd\x7a\xe4\x11\x57\xf7\xca\xf0\x82\xcb\x54\xe4\x5f\x08\x62\x6b\xe0\x07\x6b\xe8\x44\xd3\x8f\xde\x90\x1a\x5e\xab\x0e\x88\x32\xd6\x9d\xac\x22\xfb\x85\x07\xfb\x8e\xc4\xfa\xf7\xc8\x8f\xd2\x6d\xa3\x08\x46\x1a\xfe\x38\x59\x87\x97\x2b\x5e\x76\x0a\x34\xa5\xe1\x8b\x9a\x82\xb4\xaa\xa5\x29\xb7"},
+{{0x3f,0x87,0xfc,0xfd,0xb4,0x21,0x42,0x2a,0x9c,0x5f,0xb9,0x82,0x68,0x31,0x3c,0x15,0x12,0x8c,0x78,0x84,0x4e,0xf9,0xeb,0x3b,0x37,0x13,0xfa,0x77,0xb6,0x71,0x89,0x03,},{0x53,0x3e,0xc5,0x92,0x28,0x37,0x4b,0xd0,0x3a,0x46,0x99,0xe3,0xa8,0x89,0x6b,0x86,0x18,0x2f,0xcf,0x8f,0xc3,0x08,0x5f,0xdb,0x8f,0x5c,0x46,0x71,0x52,0x4d,0x6f,0xe0,},{0xf6,0x51,0x9d,0x7e,0xdb,0x61,0x34,0x11,0x19,0x74,0x03,0x3f,0x03,0xb8,0xd8,0x9e,0x9c,0x76,0xca,0xec,0x89,0x65,0xa8,0xe1,0x7c,0xd4,0x5f,0xff,0x19,0xde,0x26,0x15,0xd7,0x3e,0xcc,0xdb,0x4a,0x66,0x64,0xa8,0xf0,0xe2,0x3a,0xdf,0x98,0x98,0x8e,0x96,0x25,0x1b,0xf2,0x6e,0xb7,0xa4,0xcc,0xaa,0xc1,0x07,0x9f,0x0a,0x77,0x2f,0x9b,0x05,},"\xc0\x0f\xed\x2d\x68\x94\x68\xbc\xba\xcc\xcd\x44\x6e\x8d\x8f\x29\x9e\x2a\x86\x92\x5e\x62\xe5\x97\x09\xaf\xaf\x48\x57\x46\x9f\xf1\xe0\x06\xd0\x0f\xa3\xe1\x8a\x36\x15\xf8\xf0\x6b\x6e\xbd\xff\x78\x5d\xde\x58\x85\x1d\x2c\x23\x90\x38\xa0\xc3\x44\xdc\xe9\x85\xbd\x1f\xc8\xde\xb4\x77\x9a\xe5\xf8\x93\x2e\x2f\x9e\xd5\x99\x0b\x64\x72\xdb\xe4\xe6\xfe\xf6\x91\x76\x57\xe0\xb5"},
+{{0x44,0xce,0xef,0x04,0x4f,0xf9,0x98,0xd4,0xab,0xea,0xaf,0x37,0x4e,0xb4,0x1d,0x08,0x67,0x18,0xb6,0x30,0x97,0xb1,0xe3,0x5f,0x89,0x63,0x4c,0x14,0x89,0x71,0x32,0xea,},{0xe8,0x3c,0x86,0x67,0x7d,0x03,0xed,0x3a,0x5e,0x8c,0x95,0xf4,0x1f,0x0b,0x32,0x5f,0xf4,0x33,0x37,0x02,0xf2,0xff,0x69,0x36,0xf5,0x7f,0xf3,0x0a,0xa3,0x14,0x85,0xc7,},{0x55,0x45,0x52,0xd6,0xb7,0x90,0xd4,0x21,0xd0,0x6b,0x0a,0x67,0xf8,0xe0,0x02,0xad,0x7a,0x1e,0xd0,0x1c,0x06,0xcf,0x00,0xcb,0xea,0xec,0x2a,0x26,0x8b,0xda,0x29,0xf1,0x18,0x3f,0x0c,0xea,0xfc,0x62,0x5f,0xa5,0xfd,0xb8,0x47,0xdc,0x86,0xfa,0xe1,0xa2,0x04,0x06,0xe4,0x59,0xd4,0xa0,0x17,0x7c,0xb5,0x15,0x22,0x0a,0x56,0x8e,0x08,0x00,},"\x8d\x3e\x2d\xec\x46\x44\xc7\xb5\x16\x33\xb1\x3e\x63\x75\xca\x42\xff\x91\x38\x46\x5f\x43\xd7\x80\x0c\x73\x13\x19\x9f\x67\xc9\xcf\x1b\x52\x0b\x18\x20\xbd\x63\x0e\xcf\x1c\x99\x2e\x27\x67\xb3\x8e\xb5\xbb\xc4\x41\xa4\xab\x8d\x31\x7d\xb4\x41\xdb\x35\xa0\xfe\x3a\xbe\x7a\x9e\x45\x41\x88\x1c\x2d\x7b\x1a\x26\x12\x30\x69\x59\x81\x5d\x1d\xa4\x12\x67\xd9\x64\x9d\xd4\x49\x4a\xce"},
+{{0x98,0xef,0x2a,0x44,0xd4,0xc8,0x47,0x6d,0xff,0x05,0xaa,0x78,0xdc,0xf9,0xc6,0xdc,0x08,0x6c,0xb2,0xf6,0x22,0xa0,0x67,0x45,0xd6,0x0c,0xbf,0x22,0x3f,0xaa,0xba,0x66,},{0x42,0xfd,0xb1,0xda,0xa3,0x9f,0x01,0x59,0x11,0x9b,0xee,0xc1,0xbe,0xdf,0x6f,0x03,0x94,0xb2,0x6a,0x2a,0x29,0xbd,0x1f,0xde,0x08,0x1e,0xcc,0xda,0xde,0xcc,0x22,0x6a,},{0xab,0x5e,0x87,0x24,0xa3,0xe6,0xff,0x76,0x05,0x8c,0xfb,0x21,0x4d,0x57,0x4e,0x04,0xd0,0x55,0x74,0xec,0xdd,0x4f,0xfe,0x8c,0x07,0xc7,0xaf,0x39,0x6e,0x88,0x26,0x87,0xc5,0xd7,0x9e,0xf1,0xe6,0x2f,0xbb,0x4c,0x5f,0x1b,0xd0,0x6b,0x9b,0xd8,0x97,0x82,0x6e,0xdd,0xe0,0xd1,0x11,0xd9,0x18,0xe8,0xef,0x96,0x1f,0xf2,0xa0,0x0d,0x77,0x00,},"\xc8\xb5\xfc\xfc\x3c\x18\xc7\xd9\x59\x57\xb6\x68\xe9\x1c\x73\x1d\x50\xc7\xfc\xea\x4f\x95\x75\xbb\xf7\x84\x62\x58\x70\xe2\x38\xdf\x54\x6e\x2c\xb1\xa1\x9d\x28\x08\xdd\x5b\x23\x0d\x38\x71\xfd\xec\x16\x10\x0e\xe1\xfb\xf9\xb7\x22\xfa\x37\x44\xa7\x50\xa3\xb3\x96\xb0\x5f\x9c\x21\xb8\xc0\xf6\x1e\xad\x57\xa7\x8c\x5e\xcf\x72\xb5\x79\xcf\xe8\x8a\x3f\x40\x4c\x8a\xcf\x52\x4f\x9a\xb9"},
+{{0x93,0xa8,0xc7,0x92,0xa2,0x39,0xc9,0x31,0x91,0x7c,0x11,0x48,0x24,0xa0,0x17,0x4f,0x8b,0xc4,0xeb,0xbf,0x98,0xaf,0x8c,0x7e,0x32,0x1e,0x0f,0x5b,0xea,0x40,0x15,0xec,},{0x9b,0x2e,0xaa,0x8a,0x9c,0x2c,0x25,0xff,0x4f,0x6e,0x13,0xbb,0x12,0xba,0xe5,0xd0,0x6f,0xda,0x0e,0xb1,0x10,0x5f,0xaf,0xae,0x58,0x80,0xff,0x16,0x87,0x40,0xbb,0x74,},{0xcf,0xe3,0x2c,0x44,0x35,0xd9,0x11,0xd7,0x72,0xdc,0x07,0x27,0xe7,0x8d,0x68,0x9d,0x01,0x64,0xc5,0x06,0x95,0x97,0xcb,0x44,0x1b,0x22,0xc1,0xd2,0x62,0x36,0x47,0x9f,0x1a,0xfd,0x70,0x89,0x12,0x1b,0x9a,0xb4,0xf6,0x1b,0xbb,0x1f,0xae,0x1a,0xb4,0x2f,0x76,0x35,0xa9,0x2a,0x53,0x78,0x4d,0x71,0x70,0x91,0x6b,0x70,0x3a,0xa5,0xcc,0x09,},"\x90\x1b\xf4\xe0\x41\xca\xf1\x6e\x04\xf2\xff\xde\x8d\x6f\xe9\x7e\x93\xd0\x90\x0f\x6b\xc0\xfc\x09\xa9\xa0\x17\x9d\x13\x7b\x4b\x77\x88\xe5\x7e\xb9\x27\x66\xa9\xc6\x34\xf3\x5a\xdb\x5c\x29\x88\xaf\x1e\x86\x20\x8f\x46\x19\x98\xf5\x9c\xfe\xc9\x92\x04\xb4\x84\xfb\xca\xd3\x95\x1e\x7e\xe4\x40\x55\x23\x70\x5d\x97\x39\xb4\x43\x07\xdb\x03\xf7\x13\xfd\xa7\x8d\xb4\x21\xef\x31\x21\xb3\xba"},
+{{0x70,0x01,0xfa,0x0c,0x44,0x04,0xc2,0x8a,0xa5,0xb5,0xfc,0xff,0x30,0xa9,0x61,0xf2,0x1a,0x22,0xf5,0xb8,0x5a,0x9e,0x38,0x2e,0x07,0xae,0xa8,0xa8,0x92,0x4d,0x0e,0xc1,},{0xda,0xeb,0xb6,0x3c,0x4d,0x8f,0x40,0xce,0xba,0x8e,0xc3,0x5e,0x3d,0xd9,0x46,0xa6,0xb7,0x5b,0xc7,0x4f,0xcb,0x29,0xad,0xe7,0xb5,0x5e,0xee,0x3c,0xc3,0xae,0xa5,0xca,},{0x64,0xea,0xc9,0xce,0x87,0x46,0x06,0x18,0x63,0x6b,0x41,0xfd,0x2d,0xec,0xc1,0x67,0x3b,0xfc,0x48,0xc5,0xf4,0x79,0xdf,0xac,0xb5,0x1e,0x86,0x68,0x64,0x07,0x37,0x4b,0x1d,0x10,0xbf,0x65,0xd6,0xd7,0x47,0x42,0x14,0xd7,0x77,0x0c,0x9e,0x5c,0x7f,0x80,0x6c,0x80,0xd5,0x3d,0x48,0xb7,0x20,0x87,0x0e,0x5e,0x78,0xf3,0x2e,0x3a,0x7e,0x05,},"\x44\xf4\x8c\xfb\x02\xf0\x87\x77\xa5\x78\x73\x85\x5f\x96\xbe\x4c\x02\x91\x32\x3f\x27\x39\xb2\x75\xd9\x07\x57\xa1\x54\x72\xe5\x75\x04\x36\xe0\x10\x74\x08\xfe\x30\x26\xc0\x06\x25\x68\x99\x83\xf9\x90\xeb\xa9\xbe\xcb\xfc\xe4\x03\xcc\xd5\x63\x56\xad\x27\x41\xfd\x21\x44\x5d\xfb\x23\xd7\x61\x12\xe5\x78\xb3\x39\x5c\xf9\xd9\x60\x95\x5f\x1d\xa8\xf3\x99\xca\x28\x6f\x21\x39\x0e\x25\xa5\x9a"},
+{{0x3a,0xdc,0xe3,0xa3,0xd3,0xfb,0xc9,0x77,0xdd,0x4b,0x30,0x0a,0x74,0x74,0x9f,0x13,0xa3,0xb0,0x4a,0x5d,0x73,0xa2,0xcd,0x75,0xa9,0x94,0xe3,0x19,0x5e,0xfe,0xbd,0xac,},{0x6f,0xf1,0x9b,0x1f,0x18,0xd6,0x48,0x51,0xd5,0xc7,0x48,0x45,0xc6,0x40,0x7f,0x0b,0xf5,0x96,0xa5,0x2e,0x38,0x5e,0x02,0x01,0x27,0xe8,0x3e,0x54,0xcf,0xf5,0xac,0x19,},{0x7d,0xda,0x89,0xf8,0x5b,0x40,0x53,0x9f,0x5a,0xd8,0xc6,0xde,0x49,0x53,0xf7,0x09,0x4a,0x71,0x5b,0x63,0xdd,0xa3,0x0e,0xc7,0xcf,0x65,0xa7,0x85,0xce,0xae,0x5f,0xc6,0x88,0x70,0x7e,0xe0,0x0b,0xe6,0x82,0xce,0xcb,0xe7,0xee,0x37,0xd8,0xfc,0x39,0xee,0x6d,0x83,0xc6,0x44,0x09,0x68,0x17,0x08,0xa0,0x89,0x8a,0x18,0x3b,0x28,0x8a,0x06,},"\xfe\x6c\x1a\x31\x06\x8e\x33\x2d\x12\xaa\xb3\x7d\x99\x40\x65\x68\xde\xaa\x36\xbd\xb2\x77\xce\xe5\x53\x04\x63\x3b\xd0\xa2\x67\xa8\x50\xe2\x03\xbb\x3f\xab\xe5\x11\x0b\xcc\x1c\xa4\x31\x66\x98\xab\x1c\xf0\x0f\x0b\x0f\x1d\x97\xef\x21\x80\x88\x7f\x0e\xc0\x99\x1e\x8c\x11\x11\xf0\xc0\xe1\xd2\xb7\x12\x43\x3a\xd2\xb3\x07\x1b\xd6\x6e\x1d\x81\xf7\xfa\x47\xbb\x4b\xb3\x1a\xc0\xf0\x59\xbb\x3c\xb8"},
+{{0x14,0x80,0x3c,0x1f,0x23,0xa4,0x7f,0xcd,0xd3,0x5e,0x5d,0x14,0x6e,0x20,0xca,0x63,0x0c,0xd7,0x12,0xc0,0x47,0xd5,0x33,0x0b,0x65,0x2e,0x31,0x85,0x7a,0xcb,0xc9,0xe8,},{0x36,0xf2,0xd5,0xbd,0x6d,0x83,0x24,0xfa,0x6e,0x9d,0xb7,0xf7,0xd8,0x54,0xeb,0xe4,0x8c,0x0e,0x62,0x99,0x99,0x81,0x22,0xe9,0xd4,0x4b,0x8a,0xdb,0xef,0x54,0xf0,0x93,},{0x07,0xa7,0xde,0x6c,0xe9,0x76,0x64,0xb3,0xea,0x09,0x28,0xe1,0x38,0x5c,0x33,0x09,0xbe,0x08,0xa4,0x7c,0xbf,0x4d,0xaa,0x91,0x86,0xa1,0xb9,0x48,0xc8,0x6f,0xbb,0xa3,0x9c,0x4e,0xfc,0xfc,0xb7,0xa0,0xa3,0x86,0x6b,0xc9,0x4c,0x67,0x88,0xff,0xe6,0xbe,0x0d,0x49,0x72,0xe5,0x6d,0x0c,0x32,0x92,0xd1,0xcc,0x6e,0x25,0x44,0x7b,0x99,0x04,},"\x55\x59\x83\x67\x9d\x02\x6e\x53\x54\xb4\xcc\x05\x5a\xe1\xbc\x14\x65\x3c\x72\x81\xec\x72\x23\x72\xf3\xfe\xb7\x78\xe8\x41\xda\x82\x1b\x3d\x0b\x8e\xe7\xa9\xa9\x12\x9e\xa0\x68\x24\xbe\x83\x79\xfb\xbd\xcb\x07\x48\xf4\x23\x72\x1c\xcb\x17\x2a\x1b\xaf\xa1\xd5\xae\x9f\xc1\xc5\x1e\x93\xd4\x1d\xd5\x51\xc3\x08\x60\x79\xb6\x20\x28\x6c\x1c\x40\xc1\x22\x3b\xbc\xbb\x76\x72\x2e\x92\xca\x21\xd8\x41\x0a"},
+{{0x1a,0x61,0x15,0x4d,0x34,0x72,0xcd,0x96,0xb3,0x28,0xee,0x67,0x4b,0xeb,0x4f,0xc8,0x67,0x63,0xa9,0x69,0xfb,0x41,0x04,0x94,0xe0,0x67,0x84,0x14,0xe3,0x1a,0x46,0xa6,},{0x75,0x76,0xd9,0x3a,0xc8,0x5d,0x0f,0xc6,0x1f,0x25,0x8c,0x55,0xcf,0x90,0xbd,0x87,0xa6,0x35,0x09,0x9c,0x0e,0x81,0x0e,0xd0,0xb9,0x37,0x25,0x8d,0x13,0xb4,0x25,0x59,},{0xad,0xa1,0x66,0x6c,0x9c,0x3b,0x82,0x84,0xb8,0xa2,0x1c,0x4f,0x26,0x18,0xef,0x08,0x08,0xa6,0x46,0xf3,0xf1,0x09,0x41,0xe4,0x70,0xf7,0x38,0xe1,0x78,0x5e,0x2d,0xe9,0xfd,0xd9,0xc8,0xcb,0x52,0x6f,0x94,0x5c,0x7a,0x8c,0x69,0x94,0xf1,0x51,0xb7,0xd0,0x66,0x58,0x1b,0x1d,0x75,0x53,0x07,0x94,0x7c,0x62,0xbe,0xfc,0x8a,0xb7,0x07,0x0f,},"\x64\xc5\x65\xef\xbc\xb8\xb9\x52\x8e\xd4\x72\x53\xf3\xc6\xa4\x03\x5d\xb7\x81\xd6\xf0\x97\x6b\x5e\x5b\xa8\x44\x7d\x4e\xd5\x4b\x04\x10\x52\x93\xef\x4c\x00\x0d\x8b\x2e\x1b\x5b\x75\xe7\x27\xe5\xd2\xa0\x77\x74\x3b\x50\xd1\x83\xb4\x91\x76\x48\x01\xa2\x50\x4d\x16\xee\x6d\x7d\x8a\xc4\xfe\x40\xe6\xbf\xc2\xa8\x12\x9c\x72\x85\xa5\xac\x69\x1c\x35\xe6\x42\xed\x16\x2c\xf7\xfb\xc6\x45\x16\x73\x3a\x23\xb3"},
+{{0xf2,0x15,0xd3,0x4f,0xe2,0xd7,0x57,0xcf,0xf9,0xcf,0x5c,0x05,0x43,0x09,0x94,0xde,0x58,0x79,0x87,0xce,0x45,0xcb,0x04,0x59,0xf6,0x1e,0xc6,0xc8,0x25,0xc6,0x22,0x59,},{0x1e,0xd5,0x06,0x48,0x5b,0x09,0xa6,0x45,0x0b,0xe7,0xc9,0x33,0x7d,0x9f,0xe8,0x7e,0xf9,0x9c,0x96,0xf8,0xbd,0x11,0xcd,0x63,0x1c,0xa1,0x60,0xd0,0xfd,0x73,0x06,0x7e,},{0xcb,0xef,0x65,0xb6,0xf3,0xfd,0x58,0x09,0x69,0xfc,0x33,0x40,0xcf,0xae,0x4f,0x7c,0x99,0xdf,0x13,0x40,0xcc,0xe5,0x46,0x26,0x18,0x31,0x44,0xef,0x46,0x88,0x71,0x63,0x4b,0x0a,0x5c,0x00,0x33,0x53,0x41,0x08,0xe1,0xc6,0x7c,0x0d,0xc9,0x9d,0x30,0x14,0xf0,0x10,0x84,0xe9,0x8c,0x95,0xe1,0x01,0x4b,0x30,0x9b,0x1d,0xbb,0x2e,0x67,0x04,},"\xfb\xed\x2a\x7d\xf4\x18\xec\x0e\x80\x36\x31\x2e\xc2\x39\xfc\xee\x6e\xf9\x7d\xc8\xc2\xdf\x1f\x2e\x14\xad\xee\x28\x78\x08\xb7\x88\xa6\x07\x21\x43\xb8\x51\xd9\x75\xc8\xe8\xa0\x29\x9d\xf8\x46\xb1\x91\x13\xe3\x8c\xee\x83\xda\x71\xea\x8e\x9b\xd6\xf5\x7b\xdc\xd3\x55\x75\x23\xf4\xfe\xb6\x16\xca\xa5\x95\xae\xa0\x1e\xb0\xb3\xd4\x90\xb9\x9b\x52\x5e\xa4\xfb\xb9\x25\x8b\xc7\xfb\xb0\xde\xea\x8f\x56\x8c\xb2"},
+{{0x8c,0x9f,0x95,0x08,0x30,0x75,0xa4,0x3f,0xe4,0x26,0xd1,0x9f,0x1e,0x87,0x71,0x9b,0x40,0x04,0x3d,0xe8,0x8e,0xb0,0xee,0x97,0x1f,0x70,0xe1,0x0c,0x76,0x94,0xce,0x4e,},{0xe9,0x1d,0x16,0x7a,0xa3,0xeb,0xc2,0x3e,0x70,0xaa,0xb4,0x5d,0xab,0xe9,0x05,0xe4,0x16,0x26,0x2f,0x91,0x0e,0x2a,0x95,0x5d,0xd8,0x61,0x9e,0xfc,0x74,0xc2,0x4e,0x85,},{0xca,0xc5,0x55,0x22,0x2d,0xaf,0xec,0x76,0xa0,0xb4,0x7b,0x9d,0x2c,0x58,0x6b,0x3b,0x3b,0x9b,0x3b,0x9c,0x83,0x64,0xbe,0xb3,0xca,0xe1,0xe8,0xdd,0x7f,0x1a,0xe9,0xdd,0x74,0xf2,0x2b,0x8d,0xd4,0xad,0x2b,0x29,0x0f,0x81,0x35,0x1a,0x41,0x5a,0x99,0xf0,0x30,0xf1,0x07,0x78,0xbe,0x4c,0xda,0x85,0xd1,0xd3,0x53,0x33,0x1e,0x70,0xf1,0x09,},"\xb6\x9d\x70\xe8\x60\xf5\x5c\x42\x7e\xf2\xa7\x1d\xf3\x6e\x05\xbb\xc4\x3b\xb2\xe0\x64\x63\xaa\x5d\xe3\x44\x19\xc6\xa6\x14\xee\xa6\x69\x53\x35\xa8\x75\x26\xc1\x22\x64\x88\xd8\x42\x89\x1d\x05\x74\xdf\x34\x3c\x9c\x1e\x17\xae\xd6\x95\x8e\xce\xe8\x74\x74\x22\x1e\xb7\x7a\x59\x9e\xcb\x05\x93\x44\xc0\xd0\x52\xc0\x00\x2a\x66\xe5\xa6\x01\x31\x85\xaf\x69\xa0\x1b\xa5\xdb\xc6\x60\xd3\x6c\xae\x23\x5f\x67\xfe\x0e"},
+{{0xd7,0xeb,0x1f,0xba,0x42,0x4f,0xee,0xd1,0x00,0x77,0x7e,0xed,0xb4,0x87,0x4b,0xf2,0x08,0x10,0xad,0x68,0x6b,0x67,0xe3,0x1d,0x27,0xec,0xf6,0x10,0x60,0x9a,0x33,0xf5,},{0xa2,0x5a,0xcb,0x11,0xa6,0xc8,0x25,0x71,0x3a,0x08,0x5f,0xa7,0x54,0x69,0x28,0x86,0xa8,0x7d,0x07,0xfb,0x9b,0xe1,0xa5,0x3e,0xb9,0x61,0x72,0x8b,0xb6,0x6c,0x90,0x60,},{0x2b,0xf7,0x19,0x68,0x2b,0x07,0xcc,0x5e,0xcc,0x04,0x80,0xf3,0x7e,0x9d,0x12,0x3f,0xf6,0xf4,0x4c,0x26,0xe6,0x95,0x8e,0x59,0xf0,0x80,0x46,0x6f,0x9c,0xd3,0x73,0xa1,0x65,0x00,0xda,0xf1,0x23,0xdc,0x3f,0x13,0x34,0x77,0x4b,0xfc,0x9f,0xa8,0x45,0x03,0xb1,0x6d,0xbf,0x21,0xa8,0x15,0xc1,0xad,0xa6,0xeb,0xef,0x49,0x20,0x46,0x17,0x02,},"\xa1\xd0\xf8\x1e\x3d\x59\x08\x9c\xc2\xb1\x9e\x07\xd2\xfc\xe4\x3d\xb4\xcf\x17\x1f\xaa\x64\x2f\x3b\x0b\xbd\xe7\x7a\xe3\xd5\x3a\xf5\xc0\x2b\xf8\xfc\x12\xff\xb4\xe5\x7f\x7c\x8a\x01\x5d\x6c\x2d\x17\x89\x44\xfa\xe9\xf7\xc8\xfc\x96\x9d\x4b\x77\xbe\xa5\x18\x76\xae\x99\xd5\x9e\x94\xad\x24\x56\xe0\xed\x72\xc5\x2c\xf4\xe5\x34\x0d\xa1\x7c\x44\xdb\xff\x86\x45\x7a\x51\x9b\x6f\xff\xe2\x69\x06\x62\x90\xd6\x29\xfe\x69"},
+{{0x4f,0x6a,0xeb,0x35,0xfc,0xe1,0x4f,0xbc,0xbb,0x9a,0xa8,0xa4,0xf6,0x45,0x1b,0xf9,0x5b,0x98,0xdf,0x04,0x7f,0xa8,0xc4,0x3f,0x1e,0xad,0x3b,0x40,0x4d,0x3f,0x92,0x8f,},{0xbf,0x66,0xa9,0xed,0xd0,0x94,0x81,0xdb,0x84,0x44,0xa1,0x76,0xc8,0xce,0x05,0x78,0xd2,0x93,0x4f,0x0c,0xdc,0x97,0x34,0xe8,0x6f,0xca,0xac,0x05,0xbf,0x33,0x30,0xf1,},{0x6a,0xdb,0x07,0xe3,0x64,0xf2,0xa4,0x55,0xcb,0x05,0x86,0x7a,0xbc,0x51,0x1a,0xcd,0x9d,0x65,0x89,0x77,0xf0,0xca,0xca,0xfc,0x92,0x82,0x8e,0x7b,0x72,0x4f,0x6b,0xbf,0x98,0xbf,0x0b,0xfb,0x29,0xf4,0xe5,0xe6,0xc7,0x47,0x38,0xd4,0xfd,0xd8,0x16,0xd9,0x25,0x24,0x07,0xae,0x4f,0x3a,0xfc,0x57,0x4c,0x4f,0x00,0x61,0x48,0x24,0xe2,0x03,},"\x2d\xfb\xb3\xf5\x9e\x19\xea\x17\xd4\x4a\x5b\xde\x4a\xd2\x27\xa1\xa3\x51\xdd\xa1\x7a\xf8\x40\xee\x0a\x75\xda\x21\xa5\xcc\xa8\x9b\x6d\x1c\x56\x7c\x33\x3e\x9c\xc9\x10\xe2\x15\x7e\x05\xe8\x6a\xd5\xd9\x31\x14\x50\x64\x59\x4c\x47\xba\xee\xa8\x66\x3a\x34\x64\x9c\x43\xe9\x0e\xb9\x5c\xa1\x0f\x7d\x51\x59\x7b\x37\x8a\x72\x2f\x1f\x70\x4a\xdf\x9f\x22\xe9\xf8\x85\xb8\x9d\x1f\x93\x80\x06\xa2\xef\xcd\xb4\x2a\xaf\xf5\xe3"},
+{{0xef,0x4a,0x67,0x62,0xb4,0x00,0x97,0x52,0x04,0xcc,0xc1,0x3a,0xbb,0x47,0x34,0x40,0x15,0x45,0x49,0x06,0x85,0x0f,0xf1,0x49,0x40,0xcb,0xb8,0x3a,0xa2,0x24,0x14,0xae,},{0xea,0xca,0x45,0x09,0x96,0xf5,0x0c,0xfa,0xf2,0xbd,0x7f,0x9d,0x7f,0xa7,0x08,0x7f,0x09,0xad,0x49,0x66,0x42,0x06,0xa8,0x0b,0xc2,0xe5,0xbb,0xbb,0x85,0xbb,0x66,0x8e,},{0x02,0x69,0x7d,0x44,0xca,0xd8,0x62,0xf1,0xda,0xf5,0x70,0x82,0x05,0xf4,0x50,0xd4,0x08,0x52,0x5b,0x10,0xc0,0x1f,0xfd,0x06,0xcf,0xee,0x80,0x37,0x4f,0x3d,0xb1,0x6f,0xa9,0xa4,0x9c,0x19,0xa9,0x84,0x4b,0x34,0x5f,0x2f,0x95,0x59,0xea,0x74,0xaa,0xb1,0x73,0xba,0xa0,0x78,0xc5,0x43,0x70,0xa5,0x16,0x67,0x00,0xc6,0xda,0xfb,0x78,0x0a,},"\xa4\xb6\x3e\xae\xd5\xa6\x4a\x94\xf2\xca\xd2\x12\xce\x2a\xe7\x10\x92\xfd\x3e\xa7\x44\xf5\xbd\x89\x56\x2b\x2f\xc2\xa6\xc9\xe4\xd7\xaa\x27\xad\xd5\x62\x64\xa5\xa5\x50\x16\x61\x0b\xe6\xc1\x9f\xf7\xd4\x98\x9e\x95\x04\x74\x08\x53\x01\x27\x15\xa7\x9e\xce\x9e\x12\xc3\x01\xb3\x31\x7c\x7d\x9b\x67\x30\xdb\x86\x2a\x4a\x1d\x28\x05\x8e\x0f\x8b\x5d\xdd\x97\x38\xc7\xc6\x2e\xa5\x72\xcf\xe5\x9e\xae\x08\xe2\xb8\xb6\x59\x3b\x58"},
+{{0x55,0x01,0x7e,0x5f,0x61,0xf0,0xc5,0xba,0xfb,0xcd,0xe6,0xf8,0x49,0xf4,0x2a,0x31,0xe5,0xe7,0xa8,0x78,0xc1,0xd3,0xf9,0x12,0x6f,0xc5,0x69,0xfd,0x41,0x7e,0xa9,0xf2,},{0x66,0x91,0x4f,0x74,0xed,0x93,0x2f,0xc8,0x81,0xff,0x01,0x66,0x68,0x3f,0x67,0x5a,0x7c,0x28,0xa9,0x26,0xfd,0xdd,0x64,0x69,0xcd,0xb3,0xf2,0x8e,0x6d,0xec,0x42,0xcc,},{0xb1,0xa5,0xe7,0xc4,0x9b,0x8f,0xc6,0xb4,0x33,0x1e,0x04,0x16,0xce,0x7e,0x4e,0xd5,0x9e,0xdd,0x56,0x30,0x0b,0x80,0x2e,0x0d,0x72,0xab,0xca,0x4a,0x6f,0xcb,0x87,0x6c,0x03,0xbf,0x33,0x15,0x79,0x12,0x4a,0xe0,0xd3,0xfe,0x43,0xf7,0x89,0x8b,0xc8,0x7e,0x93,0xfc,0x2d,0xa3,0x97,0x0f,0xc8,0x63,0x89,0x57,0xd1,0x8c,0x66,0x13,0xc8,0x08,},"\x2f\xc8\x4a\x09\x98\xfa\x6e\x16\x8a\x86\x64\x10\xbb\x68\x10\x5d\xf2\x49\xa2\x8c\xfc\x76\x60\x4b\xe9\x4f\xd7\xdf\xff\xf2\xfc\x1d\xed\xd2\x20\x19\x94\x65\x57\x5e\x8d\xf8\x60\x19\x0f\x16\xac\xa4\x08\x41\x69\xbe\x16\xc6\xba\x32\xeb\x67\x04\x2f\xfd\x4f\x23\x03\x16\xa2\x6b\x26\x24\xa4\x2f\x8f\x90\xad\x57\xf6\x91\x64\x86\xfa\x91\xfd\x94\xed\x68\xad\xed\x4e\x63\x24\x30\xef\x71\x94\x46\x97\x9b\xfa\xf3\x45\x40\x9c\x38\x7f"},
+{{0x05,0x53,0xfb,0xa8,0x66,0x94,0x23,0x41,0x21,0x7c,0xf2,0x78,0xac,0x57,0xcb,0x21,0xac,0xd0,0x9d,0x99,0x16,0xcc,0x6a,0xf0,0xac,0x46,0x94,0x1e,0xa1,0x39,0xd5,0x45,},{0x84,0x0c,0x66,0xe5,0x7c,0x2d,0x4f,0x52,0xa4,0xa2,0x79,0x6d,0x2a,0x53,0xc5,0x70,0x9b,0x96,0xa6,0x28,0xc2,0xe0,0x63,0xfe,0x6e,0xfd,0x47,0xf2,0x83,0xef,0x5e,0x82,},{0xbc,0x33,0x64,0xc1,0x52,0xee,0x5c,0x80,0x8a,0xc3,0x40,0xf4,0x9e,0xa2,0xcc,0x40,0x4e,0x93,0x51,0x71,0x21,0x22,0x0c,0xce,0x6f,0x7c,0x30,0xa2,0x25,0x00,0xe4,0x1b,0xcd,0xb6,0xe8,0x20,0x48,0x0f,0x8f,0xcc,0xdd,0x22,0xff,0x9a,0xd9,0x6d,0xa5,0x32,0x80,0x2f,0x43,0x1e,0x94,0x24,0x0f,0xb8,0x3d,0x4b,0xce,0xaa,0x09,0xb9,0x2b,0x0d,},"\xc1\xfa\xe6\x26\x2a\x0e\x98\xa6\xb1\x23\x5f\xcb\x62\x28\x3b\x7f\x0a\x09\x7f\x9d\x00\x24\x16\xd3\x18\xfe\xfc\x60\xc5\xa1\x58\x4f\x90\x0a\xd0\xab\x26\xcc\xfa\xe0\xd6\xd8\x4a\xa9\xaa\x2d\xf1\x6d\x4c\x11\x7e\xa2\x72\x46\x76\xcb\x86\x6d\x48\x70\xa8\x72\xfc\x82\x9a\x7c\x2a\x5d\x21\xba\x83\x34\x0a\xdb\x33\x9a\x34\xc5\x18\x4c\x7f\x5e\xad\x0f\x07\x72\x89\xb3\x36\x77\xed\x6a\x1b\xa3\x4b\xe1\x99\x4e\x25\x76\x3b\xd1\xd9\xfa\xec"},
+{{0x7a,0x5a,0xc6,0x02,0xde,0x19,0xf3,0xc2,0x10,0x40,0xbc,0xdd,0xbf,0xf4,0x2f,0x6a,0xee,0x6f,0x95,0xc1,0xb0,0x93,0x86,0x8f,0x48,0xe5,0x04,0x82,0xdb,0xf4,0xf9,0xc7,},{0xfb,0xb6,0xc7,0x53,0x1c,0xda,0x21,0xe7,0xd1,0x7e,0xa9,0x03,0xc4,0xd1,0x4b,0xe6,0xc6,0x8b,0x4c,0xa8,0x03,0xa1,0x6b,0xd8,0x71,0x20,0xf5,0xaa,0xf7,0xdc,0xe1,0xd4,},{0x84,0x10,0x1d,0xd4,0xb5,0xe8,0xca,0x3e,0xd9,0x8c,0x1e,0x8a,0x06,0xe1,0x1d,0x7e,0x42,0x4b,0x0d,0x12,0xca,0x71,0x4e,0xe7,0x37,0x4b,0x64,0xc2,0x9d,0x51,0xa2,0x02,0x1c,0xc7,0x7a,0xc7,0x53,0x89,0xd9,0xb0,0xa6,0x46,0xa4,0x47,0x62,0x3d,0x7d,0x04,0xd1,0x24,0x18,0x66,0xb0,0xca,0x6e,0xdd,0x1b,0x7a,0xc0,0x15,0x66,0x6b,0x70,0x0d,},"\xbd\x16\x85\x41\x92\x79\xeb\x81\xe4\xcf\x3c\x90\x90\x31\xf0\xf0\x9c\x5f\xfa\xe7\xe2\xce\x6b\xa9\xd9\x6c\x2b\xce\x87\xb8\xba\x0d\xd7\x63\x23\x10\x01\xe5\x32\xc7\xdd\xd6\x21\x03\xab\xf7\x01\x28\x8e\x19\xdd\x8f\x53\x02\xe8\xf5\xd3\x1b\x64\xcc\x33\x9b\xd8\xb7\xa9\x55\x50\xc8\xa1\x16\xfd\x48\x69\x48\x77\x2b\xd5\xaf\x8d\xfd\x46\x00\x1c\x59\x76\x7b\x0d\x6b\xdc\xe3\x83\xa7\x07\x89\x92\xd1\x02\x2f\xbc\xaf\x90\x71\x06\x87\xb9\xaa"},
+{{0x50,0x41,0x4c,0xf5,0x49,0xbc,0xc5,0x5b,0x5b,0x6b,0x75,0xea,0x37,0x82,0xb2,0xea,0x7c,0x08,0x7b,0x6a,0x01,0x06,0x17,0x5e,0x46,0x9c,0xa2,0xcc,0x76,0x4a,0xeb,0x01,},{0xd0,0xf3,0x0c,0x12,0xe9,0x97,0xf9,0x6e,0x7a,0xee,0xcd,0x1b,0xff,0x6a,0x01,0x2e,0xc3,0x88,0xeb,0xf8,0xf3,0xf4,0xaf,0x66,0x48,0x04,0xd1,0x63,0x8e,0x4c,0x34,0x6a,},{0xb3,0x09,0x80,0x01,0x60,0xde,0x43,0xa6,0x3a,0x89,0xa0,0xac,0xb8,0xa6,0x05,0x00,0x59,0x58,0x9b,0x3e,0xae,0xca,0xc2,0x0b,0x25,0x6f,0xec,0xe4,0x38,0x04,0x2f,0x69,0x41,0x5d,0x8a,0x56,0x88,0x3e,0xe3,0x83,0x6d,0x31,0x34,0xa7,0xfc,0x1d,0xe6,0x4f,0xa8,0xc8,0xce,0xcc,0x3c,0xe2,0x75,0x89,0xf6,0x06,0x05,0x88,0x20,0x85,0x7a,0x0c,},"\x75\xad\x77\xe8\xc5\x4b\x0b\x05\xfb\x2d\x16\x2e\x7c\xad\xb8\xa7\x52\x80\x81\xb8\x63\xf7\x6a\x44\x1b\x37\x44\x69\x41\x3e\x57\x14\xed\xf5\x4f\x80\x04\x96\xaf\x01\x57\xc1\x7e\x42\x55\x83\x41\x4d\x43\x61\xf2\x13\x41\x71\xc0\xb8\x7c\x22\xce\x68\x20\xa4\x85\x0a\xb4\x9d\x99\xa9\xba\xdc\xe9\xe3\x61\x10\xe7\xf3\x06\x01\x18\xb3\x59\x0f\x82\xb4\x37\x71\xe9\xfb\xb0\x81\xaf\xe6\x22\x27\xe0\x24\xd9\x8d\xe6\xcd\xec\x02\x8d\x7c\x49\x49\x0d"},
+{{0x93,0xcb,0x00,0xd8,0xfe,0x9c,0x97,0x77,0xa6,0x83,0x63,0x1f,0x39,0xba,0x0f,0x48,0x76,0x14,0x82,0xcf,0x1c,0x36,0x6b,0xd8,0x63,0xcf,0x71,0x51,0x01,0x53,0x25,0x55,},{0x87,0xe9,0x4a,0x1e,0xa5,0x25,0x8d,0x61,0x18,0x0c,0xb8,0x28,0x59,0x0f,0xf1,0x41,0x8a,0x87,0xd0,0x1e,0x70,0x26,0x86,0xba,0x8a,0xbc,0x26,0x92,0xc8,0xdc,0x3c,0x91,},{0x09,0x82,0x4f,0xa2,0xdf,0xbc,0x4d,0x6e,0xf7,0x6a,0x9e,0x41,0x45,0x96,0x11,0x16,0x76,0x91,0x30,0x55,0x3b,0x3e,0xdf,0xfa,0x50,0xd0,0x4f,0x39,0xb8,0xb7,0x9f,0xac,0xbd,0x23,0x7a,0xcf,0x71,0x35,0x4a,0x53,0xa6,0xe5,0xfe,0xe7,0x54,0xe8,0x23,0xb0,0xb2,0x90,0xf9,0x61,0x93,0x20,0xa1,0x3d,0x56,0x12,0x69,0xa2,0x21,0x63,0x9f,0x03,},"\x88\xd8\x53\x8d\x31\x86\x78\x13\xd8\x8f\xef\x72\x28\xd4\x9a\x7e\x95\x0d\x73\x83\x96\xf1\x16\xdd\xa1\x02\x5f\x79\x13\x54\x7c\x5d\x1d\xc5\x67\x7a\x6d\xe4\xb4\xa5\x88\x05\x07\xb3\x61\x78\x0b\x61\xb4\x3f\x77\x95\x26\x3d\xb2\x2f\xf3\x41\x64\x5f\x2f\x59\x14\xfd\x60\x88\xc2\x81\x12\x11\xed\x47\x56\xac\x01\x9a\x60\x35\xd6\x6e\x31\x70\xc1\xd8\x2b\xfa\xa3\x05\x96\xb3\x96\xb3\x26\x0c\xc1\xd1\x0d\x41\x3d\xd4\x7e\xbe\x6d\xaa\x0c\x30\xdc\x42"},
+{{0x2b,0x4c,0xae,0x38,0x0e,0x95,0xce,0x69,0x4c,0x26,0xac,0x79,0x57,0x44,0x73,0x47,0xf9,0x8e,0x31,0xb4,0xbf,0x02,0xd7,0x44,0xe1,0x31,0x52,0x90,0x71,0xe2,0x30,0x1d,},{0xe6,0xfc,0x70,0x5a,0x79,0xc9,0x8e,0x11,0x5b,0x4e,0x28,0xd3,0xaa,0x15,0x06,0xb7,0x4e,0xe7,0x42,0x76,0xc5,0xfc,0x11,0x09,0xa7,0xf4,0xd8,0x9c,0x6f,0xaf,0xb8,0x89,},{0x55,0x5e,0x45,0x65,0x6b,0xa9,0xcf,0xbf,0x51,0x55,0xd0,0xe5,0x25,0x76,0xe5,0x19,0x7a,0xbb,0xbc,0x9d,0xd2,0x33,0x99,0x3e,0xec,0x2a,0x1e,0xe7,0xf6,0xa8,0x64,0x09,0xc0,0xb7,0x1b,0x0a,0x66,0x19,0x78,0xff,0x5e,0x0a,0xcd,0xc9,0x46,0x3d,0xc4,0x49,0x90,0x6f,0x47,0x4f,0x8e,0x79,0xbb,0x86,0x16,0x8b,0xf7,0x07,0x41,0xe3,0x4b,0x02,},"\xe0\xb8\x25\x0e\x27\xb7\xc0\x29\x1d\xbc\x47\xa6\xda\x6f\x12\x68\x98\x7a\xfd\xf0\xa1\xe9\x0b\xe6\x9b\xcb\xc4\x37\x08\x65\x21\x78\x30\xd5\x20\x86\x93\xbe\x7b\x70\x45\x09\x9a\x22\xea\x27\xf9\x52\xeb\x3f\x79\xa9\xa0\xf1\xb5\xa8\x7b\x19\x36\x77\x90\x78\x8d\x34\xc2\x19\xc2\xe2\xa6\xb8\x34\x02\x0f\xb4\xfd\x14\x9d\xc5\x6b\x54\x4f\xdd\xbb\x42\x07\x1a\x16\x2f\xc7\xcb\x33\xc1\x46\xca\xc0\x5a\x31\xb1\x83\xe9\xda\xad\xc6\x16\xf3\xaf\x44\x9b\x17"},
+{{0xb5,0x64,0x91,0xe5,0x49,0x99,0xbb,0x5a,0x17,0x15,0xeb,0xfa,0x2f,0xeb,0x14,0xa5,0x45,0xa3,0xa4,0x3c,0x2f,0xdf,0xd4,0xbe,0x0c,0x95,0xfc,0x11,0x81,0x9a,0xd6,0x95,},{0xcd,0x42,0xbf,0x41,0x4f,0x9b,0xfc,0x72,0xec,0x06,0x98,0x82,0xa8,0x00,0x55,0x7c,0xdf,0x31,0xbc,0x34,0x64,0xfb,0x10,0x2c,0x31,0x0e,0x6d,0xbd,0x3a,0xe2,0x08,0x63,},{0xe3,0xbe,0x3e,0x71,0xa8,0x98,0x52,0xdf,0x3c,0xff,0xd7,0x2d,0x68,0x20,0x78,0x69,0xdd,0x3e,0xce,0xb4,0x9b,0x1f,0x02,0x94,0x93,0xec,0xcb,0xb9,0x32,0x44,0x4e,0xbe,0x8c,0x8c,0x6d,0xb5,0xf0,0xa5,0xa6,0x7e,0x21,0x94,0x40,0x8d,0xf9,0x84,0x19,0x13,0xa5,0xac,0x1a,0x60,0x68,0x96,0x41,0x9a,0x66,0x8f,0x4f,0x47,0xc5,0x6c,0x2b,0x08,},"\xeb\x44\x18\xba\x30\x68\x3e\xc7\x95\x9b\xdb\x1e\xc7\xb2\x63\xf8\x3e\x81\xf0\x54\xdd\xcd\xbe\x0a\x67\x38\xca\x77\x63\xe2\x46\x93\x5b\xac\x41\x90\x26\xc2\x2b\xfb\xdd\x12\x36\x33\x6c\xc1\x61\x07\xc5\x35\x13\xe3\xdd\xf3\x4e\x12\x08\x46\x96\x2c\x3b\xdd\x54\xf5\xad\x57\x49\x59\x72\x08\xf1\x5a\x8b\xb5\x66\x67\xba\xa8\x95\xf0\x83\x40\xdb\x89\xb8\x5c\x43\x5e\x77\x09\x31\x92\x8d\x8a\xbc\x99\x26\x2f\x83\x9a\xed\xd9\xbe\x2a\xa1\x38\xc9\x25\x9a\xdf"},
+{{0x65,0x79,0xc2,0x47,0xdd,0x2c,0xd0,0x2b,0xa2,0xf7,0xd7,0xa9,0x50,0xa3,0x30,0x75,0x26,0x81,0xe9,0x2c,0x0d,0xc6,0x29,0x84,0xbb,0xea,0x27,0x9e,0xa5,0x21,0xc3,0x81,},{0x0b,0x08,0x7b,0xea,0x1a,0x1b,0x3d,0x15,0x80,0x5c,0xb6,0x04,0xf4,0xbb,0x8d,0x68,0xed,0xde,0x27,0x4f,0xaf,0x52,0x1f,0xe6,0xdf,0x50,0xc5,0x5f,0x8a,0xd4,0xa7,0x0d,},{0xec,0xca,0xf8,0x01,0xae,0x0a,0x91,0x2e,0x21,0xc6,0xb8,0x3a,0x5f,0x0e,0x4e,0x88,0xd4,0xb2,0x71,0x34,0x59,0xff,0x93,0x44,0x9f,0xc0,0xb2,0x1a,0x9f,0x41,0x60,0x50,0x11,0x3c,0xba,0xe4,0xe8,0x14,0xd2,0x0c,0x0a,0x79,0x8f,0x76,0xd2,0xf9,0xd3,0x26,0xed,0x83,0x95,0x9e,0xa0,0x2a,0xbd,0xc1,0xab,0x35,0x0a,0x46,0x71,0x23,0xf7,0x09,},"\xdf\x7c\x55\x2f\xfc\x89\x37\x4b\x95\x71\xa6\x02\x4a\x8d\x04\x71\xd7\xeb\x6b\xe8\xdf\xca\x6f\x41\x66\xb5\x81\xb6\x54\x79\x01\x5a\x05\x68\x12\x90\x74\xcc\x04\xd6\x34\x2c\x75\x8c\xa1\x8f\x79\x87\xde\xc5\x36\xb7\x03\x3d\x5f\x96\x81\x50\x43\x40\xe2\x09\x86\xf0\x27\xb8\xcf\x1f\x26\x3b\xe7\x6d\xb3\x52\x5d\x17\x34\x22\x95\x0e\xa8\xdc\xed\xdc\x58\x56\x40\x91\x8a\xa9\xd2\x5c\xa8\x9c\xba\x70\x1c\x20\x20\x15\x38\x73\xf4\x61\x08\xc7\x72\xcb\x38\x8d\x55"},
+{{0x18,0xfb,0xa6,0x0c,0x50,0x26,0xf3,0xc9,0xdd,0x7a,0xed,0xc0,0x42,0x09,0xd5,0x26,0x03,0x61,0xde,0x40,0x0e,0x19,0x0a,0xeb,0x60,0x16,0x9e,0x05,0xa3,0x36,0x7c,0x9f,},{0xdf,0xff,0x34,0x7f,0x3d,0xd2,0x55,0x53,0x0b,0xf7,0xfb,0x34,0xd0,0x2b,0xa4,0x86,0xd1,0x12,0xbb,0x46,0xe9,0x50,0xe2,0xef,0x80,0xe5,0x17,0x01,0x4c,0xc9,0x57,0x34,},{0x4b,0xc0,0x11,0xe4,0x0f,0x0f,0x59,0xc6,0x18,0xf6,0xbb,0xe2,0x30,0xb6,0xf7,0xbc,0x2f,0x50,0xe3,0x61,0x7c,0x7f,0xaa,0xb7,0xf4,0xc2,0x1c,0xb8,0x4f,0x77,0xeb,0xa9,0x94,0xcb,0x7c,0x2a,0x1b,0xf1,0x0b,0x01,0xbb,0x20,0x08,0x44,0x97,0xfd,0xf0,0xa6,0xab,0x5d,0x9b,0xcd,0x22,0xc4,0xa2,0xc5,0xa7,0x8f,0x79,0x92,0x68,0x25,0x94,0x0f,},"\x34\xf0\x8a\x80\x4d\x78\x29\xcc\x39\x14\xf0\x00\xce\x1a\x32\x88\xac\xce\x21\x49\xc8\xa0\x20\x86\xb9\xf6\x7a\xfc\xcd\x83\xa1\x78\xb0\xbc\xfd\x49\x70\xc0\x56\x99\x7d\xa7\xdc\x3d\x47\x56\x2f\x16\x66\x3c\xed\xc5\x2f\x82\xd7\x10\x85\x0c\xf4\x05\x03\x79\xef\xda\xc2\x3b\xee\x17\xc3\x30\xa3\x83\xad\x13\x7f\x78\x84\x73\xb2\xb0\x72\x36\x03\xb6\xde\xb1\xfd\xbf\x6c\x52\x3f\xc9\x48\xa0\xcc\xc4\xff\x10\x0f\xb9\x46\xd8\x74\xc1\xf9\x90\x43\x6a\xe8\xc4\xf3\xb2"},
+{{0x07,0x3c,0xc1,0x5b,0x05,0x36,0x28,0x59,0x33,0xb2,0xbe,0x39,0x25,0x3c,0xf4,0xfd,0x69,0x6b,0x81,0x61,0x0f,0x5d,0xd3,0xad,0xac,0x2e,0x9c,0xbf,0x33,0x8e,0xf2,0xf6,},{0x00,0xb5,0x51,0xd3,0x71,0x54,0x43,0x75,0xda,0xc5,0xc4,0xe9,0x6c,0xd1,0xf0,0x21,0x52,0x07,0xe8,0xe1,0x66,0xa1,0xfe,0x49,0xd5,0xb0,0xa5,0x1a,0xc1,0x84,0x43,0xec,},{0x3a,0xa5,0x2a,0x83,0x06,0x2a,0x8f,0x28,0xa5,0xd6,0xb7,0x60,0x7f,0x48,0x4b,0x66,0xcc,0x37,0x48,0x96,0xb7,0x66,0x12,0x31,0x26,0x33,0x3c,0x57,0x95,0x81,0x31,0x6c,0x74,0x28,0x06,0xf6,0x27,0xb5,0xbc,0x55,0xca,0xd7,0x05,0xcc,0x1d,0x47,0x82,0xb0,0x44,0x08,0x0c,0x8a,0xc8,0x40,0xf3,0x8c,0x0c,0x50,0xd3,0x5e,0x34,0x5c,0x78,0x03,},"\xc2\x85\x36\x2b\xc8\xef\x62\x8f\x7a\xed\xf6\x54\x23\x1e\xe5\x1a\xcd\xf2\xcf\x69\xa8\x86\xb9\x42\xbb\x9b\xfe\xd8\x15\x51\x05\xd9\x20\x9d\xed\x2a\xf2\x4f\x16\x9a\xd5\xfc\xd4\x51\x37\x0f\x58\x27\xa8\x51\x11\xc7\xa5\x2e\x03\x2c\x50\x38\x61\x7c\x0c\x01\x70\xe2\xa6\xc2\x31\xdc\x40\x1d\x12\x06\x2e\xdb\x18\x60\x36\x11\x4e\x38\x79\x3b\x79\x08\x90\x77\x58\x1b\x97\x83\xf4\x00\x07\x10\x3e\xf1\x74\x72\x49\x1c\x00\xe7\x13\x8a\xec\xc5\x08\x4d\x3c\x85\x01\x04\x70"},
+{{0xfd,0x89,0x4a,0x1e,0x82,0x32,0x20,0x3b,0x28,0x95,0x05,0xd5,0xc6,0x8c,0x68,0x79,0x1f,0xfc,0x0e,0x54,0xf2,0xa8,0x75,0x30,0xfb,0xba,0x5b,0x3a,0x3f,0x2c,0xaf,0x00,},{0xe9,0x5a,0xb5,0x65,0x94,0x5c,0x7a,0xe5,0xd5,0x33,0xdf,0x5d,0x0c,0xcc,0xc7,0xe9,0xab,0xbc,0x83,0x8e,0x20,0xa0,0xb6,0x1c,0x93,0x0f,0x5d,0x41,0xd8,0x1a,0x6f,0xe7,},{0xf5,0x11,0x02,0x21,0x9e,0x88,0x04,0xbe,0x71,0x3e,0x55,0x6d,0xf4,0xe4,0xaf,0xa2,0xf8,0x86,0x6f,0xe8,0x65,0x41,0xa1,0xc2,0xa0,0x93,0x4d,0x24,0xc3,0xc9,0xbe,0xb2,0x80,0xa7,0x0d,0xd8,0xd5,0x27,0xfe,0x8b,0x7e,0x0b,0x94,0x82,0x14,0xd5,0xf2,0xf9,0x63,0x86,0x19,0x91,0x4b,0x72,0xd5,0x5d,0xc1,0x98,0xb0,0x22,0x9a,0x84,0x87,0x08,},"\x26\x69\x62\x4a\x94\xf2\xc4\x4a\x05\xb7\xdc\x3e\xbf\x93\xe5\x8a\x4b\xf3\xa0\x1c\x27\x36\x57\xe7\xe7\x87\x89\x76\xf6\xb6\xea\x73\x7f\xa3\xf2\x2c\xc8\x36\x5b\x8b\x22\x0c\x00\x7d\x5b\x64\x27\x26\xa4\x08\xfe\x2f\xab\x69\xeb\xb3\xbd\x07\x2b\x34\x9f\x4d\xc3\x37\x7e\xe7\xcc\x75\x29\x34\x25\x42\x15\xd2\x39\x89\xbd\x3c\xd0\x2c\xe9\x99\xad\xec\x97\x84\x99\x3f\x4c\x19\x94\x08\x15\xf3\x9c\x9e\x22\x92\x47\xf5\x20\x5c\x36\xcb\xa4\x4e\x71\x42\x66\x36\x92\x89\xb4\xa7"},
+{{0x18,0xef,0x46,0x4e,0x28,0xf8,0x7f,0xfc,0xfa,0x4d,0x3a,0x9c,0x09,0xa2,0x29,0x10,0x95,0x1b,0x8c,0x71,0x9f,0xda,0xcd,0xb5,0x6d,0xe6,0x2c,0x4b,0x40,0x6d,0xf0,0x0c,},{0xc5,0x06,0x4c,0x9d,0x43,0xee,0x2d,0xa7,0x5b,0x06,0xbb,0x09,0xc7,0x72,0x67,0xdb,0xd0,0xd3,0x91,0x28,0xf1,0xcd,0xc6,0xbf,0xa4,0x51,0xa0,0x3e,0x93,0xaf,0x4a,0x70,},{0xd1,0xe7,0xf1,0x6e,0x8e,0x59,0x7d,0x42,0x8a,0xde,0xa6,0x55,0x91,0xd5,0x51,0xb5,0x4b,0x66,0x7a,0xff,0x20,0x20,0xc4,0x64,0xf7,0xf4,0xe5,0x3c,0x47,0x73,0xf7,0x04,0x33,0x24,0x9a,0x3c,0x71,0xb4,0xd1,0x1c,0x89,0xc3,0xfa,0xa8,0x92,0x80,0x92,0x27,0xb9,0xf2,0x9e,0xf4,0xf7,0xf5,0xd0,0x20,0xd4,0x67,0x4d,0x40,0x21,0x35,0x94,0x05,},"\x9c\x82\x57\x07\xd9\x35\x83\x65\xab\x9d\x38\xf7\xe7\x28\xd6\x28\xaa\x72\x2a\x4f\x1a\x20\xa3\x8e\x47\xc9\x99\xff\xf8\xfc\x32\x41\x7f\xbe\x07\x2f\x96\xeb\x6a\x0e\x11\xe4\xda\x9b\x6d\xe9\x61\x54\x45\x28\x0e\x93\xc7\x7a\x36\x34\xd3\xd2\xc6\x87\x98\x56\xc2\x48\xf9\x80\x0f\x60\xa0\xd3\x8d\xc1\xce\xa8\xb7\xf3\x1f\x28\x6c\xb0\x37\x48\x27\xb4\xc6\xba\x14\x4a\x66\x94\xf2\xb9\x08\xea\xd6\x8d\x18\x34\x01\x24\xcb\x59\xcf\x17\x01\x86\x3b\xd4\xf3\xef\xc7\x09\xf3\x62\x7a"},
+{{0xc9,0x11,0xbd,0xf2,0xf9,0xe7,0xcc,0x5f,0xff,0x35,0xc9,0x6e,0x15,0xcc,0x12,0xea,0xfd,0x05,0xab,0x0d,0xb3,0x1f,0x64,0x9f,0x74,0x08,0xac,0xd0,0xca,0xda,0x76,0xe0,},{0xde,0x44,0x69,0x6c,0xd6,0xbd,0x2c,0xbe,0x9b,0x11,0xa0,0xef,0x18,0xb8,0x81,0x64,0x80,0x1a,0x96,0x9d,0x5e,0x06,0xed,0x45,0x3e,0xb4,0x00,0x8c,0xce,0x9a,0x57,0x25,},{0xd5,0x84,0xb5,0xda,0x37,0x1a,0xe4,0xf5,0xc9,0x85,0x9b,0x25,0xf7,0x0d,0xc5,0x6c,0x1b,0x7b,0x4e,0x02,0xd1,0xae,0x66,0x36,0x28,0x3b,0x1b,0x7b,0x11,0x21,0x7a,0xfd,0xcd,0xf6,0x5d,0x1b,0x49,0xca,0x2c,0x8e,0xf1,0x79,0x66,0xe9,0xbc,0x65,0xf1,0x0c,0x31,0x0b,0x77,0xbb,0x5d,0xf7,0xaf,0xf5,0xec,0x1b,0x37,0x9a,0x2c,0xe5,0x5d,0x0d,},"\x76\xc4\x71\x24\x1d\x17\x19\x29\x84\xb0\x03\x62\x69\x6e\x4d\x9d\x4d\x2b\x7f\x83\x9c\x20\x64\x11\x7e\x50\xa1\x59\x8f\x3a\x11\x72\xb1\x6c\x55\xe5\x39\x68\x66\x08\x47\x52\x02\x4f\x3a\x7e\xb6\x8b\xb3\xff\xdb\x80\x97\x9a\x0a\xf6\xd0\xf6\xaf\x26\xb6\xf0\xbc\x0c\x03\x84\x43\x3b\xcf\xd4\x4c\x75\xeb\x65\x4a\x8a\x82\x25\xcb\x9c\x4a\x7f\xb3\xc8\x24\xc3\xaf\x61\x25\xfd\x46\xdb\x28\x7e\x70\x49\x2d\x15\x46\x32\xcb\x8f\x62\x43\x26\x59\xd9\x58\xd6\x28\x1d\x04\xa5\x4f\x5f\x5f"},
+{{0xd3,0x70,0x32,0x99,0xc4,0x1d,0xb3,0x6d,0x77,0xdd,0x3a,0x49,0x54,0x1f,0x3f,0xb2,0x1d,0x0b,0x2b,0xad,0x1f,0x6e,0x07,0x4a,0xff,0xd9,0x6f,0x1c,0x40,0xd0,0xf9,0x27,},{0x86,0x2c,0x5e,0xf6,0x16,0xa5,0xf0,0x66,0xfd,0x87,0x75,0x8a,0x56,0xab,0x45,0x05,0x6f,0xea,0x4b,0xd3,0x3f,0x00,0x8b,0xe2,0x4f,0x7b,0x54,0x0e,0x09,0x5e,0x14,0x8e,},{0xdf,0x28,0x27,0x71,0x21,0xea,0xc4,0x46,0x30,0x08,0x4c,0xce,0x75,0x91,0x7a,0xe9,0xf6,0xbe,0xc6,0x5a,0xf5,0x57,0x2d,0xc3,0x07,0x19,0xbd,0xe6,0x61,0xcf,0x69,0x6b,0x85,0xb8,0x67,0x2d,0xd4,0x98,0x3c,0xab,0x30,0xbd,0x05,0xcc,0x3a,0x11,0x9d,0x7d,0xb9,0xba,0xbd,0x52,0x2d,0x7b,0x3a,0x6b,0xcf,0x38,0x86,0xec,0xd2,0x5e,0x08,0x0f,},"\xac\x92\xed\xbe\x22\x25\x7b\xb0\x6d\x94\xaa\x95\x0e\x62\xd1\x8c\xa2\xac\x0a\x8f\xc1\x06\x00\x0d\x22\x31\xf8\xa1\x3b\x8d\x7a\x20\x9c\xcd\x8c\xc4\x9a\x6c\xd6\x8a\x7f\x36\xc0\x2f\xb8\xf7\x28\xd1\x55\x95\x16\x7f\x0b\xa8\xcf\xe9\x5c\x8a\x1e\x43\x5f\x32\x75\x13\x01\x4a\xc4\x28\xb7\x5d\x4f\x72\xe7\xc8\x34\xdd\x70\xe1\xa4\x48\xf1\x84\x7d\x34\x98\x47\x5f\x74\xe3\xd9\x33\x4d\xc7\xdc\xc4\xfe\xd7\x2b\xf6\xc7\xfe\x3b\x1d\x4f\x53\xd4\x29\x61\x6f\x1d\xf4\x4f\x19\x73\x31\x58\xb6"},
+{{0xd4,0x11,0xcd,0x33,0x57,0x6d,0x0e,0xfe,0x9e,0xc4,0x13,0xcc,0xda,0xab,0xd4,0xfc,0xba,0xfe,0xc0,0x1a,0x3a,0xf4,0xb3,0xcb,0xe3,0x4f,0x8b,0x05,0xef,0x8b,0x59,0xba,},{0xe8,0x70,0x34,0x4d,0xf9,0x8d,0xd3,0xa8,0x70,0x2c,0x45,0x19,0xbf,0x9e,0x8b,0x35,0xa9,0xd1,0x89,0xe7,0x46,0xf7,0x20,0x3d,0xbb,0xf9,0xbb,0xfa,0xb2,0x2d,0x6f,0x63,},{0x83,0x46,0x0d,0x15,0x46,0x1d,0x67,0x17,0x71,0x0b,0xaf,0xd6,0xa4,0x7a,0x1e,0xaa,0x90,0x0a,0x80,0xf2,0xbf,0x8b,0x8a,0xae,0x24,0x68,0x77,0x36,0x14,0xee,0x84,0xbd,0x62,0x8c,0x97,0x17,0x47,0x63,0x68,0xef,0x36,0x40,0xcf,0x76,0x0a,0xca,0xc8,0x3a,0xd6,0x02,0x32,0xa7,0x69,0x63,0xb7,0xd5,0x25,0x88,0xb1,0x1d,0xc0,0x04,0xd7,0x0d,},"\x11\xd2\xc2\xa7\xf0\x19\x09\x88\x12\x66\x96\x43\x1b\x4b\xbc\xd9\x0a\xb7\xb5\x6a\x32\xda\x64\x04\xae\x44\x6a\xa7\x62\xa4\xdd\xc6\x60\x94\x97\x15\x38\xee\xb8\x5b\xde\x04\x70\xa5\x10\xbe\x0d\x6d\x85\x78\x0e\xe7\x30\xa9\x85\x41\x38\x72\x8a\xe6\x81\x61\x62\x26\x8d\xa8\x52\x85\x8e\xae\xd4\xec\x74\xc7\xac\x62\xe6\xe7\x09\x6d\xc0\x02\xdf\x0b\xdf\x5f\xa4\x0d\xa5\x65\xb4\x1d\x18\x1a\x3f\x0a\xd0\xc5\xe0\xb9\x76\x74\x3e\x31\x5d\x9d\xb8\xed\x41\x60\xab\xe6\x9c\x13\xa2\xb3\xf0\x9a"},
+{{0xe1,0x0a,0x2f,0x13,0x80,0xc3,0xe4,0x72,0x0e,0x8a,0x87,0x07,0xa9,0xbc,0xb2,0x5a,0x0f,0x58,0x27,0x0d,0x70,0x59,0xcd,0x76,0x26,0xc7,0x15,0x34,0x47,0xed,0xfb,0x87,},{0xa3,0xc7,0x17,0xac,0xab,0x36,0x6a,0x40,0xb5,0x11,0x87,0xbb,0xf3,0x5b,0x2d,0x15,0xe9,0x7c,0xfe,0xac,0xd7,0x34,0x9c,0x06,0xef,0x1c,0x91,0xac,0x93,0xe9,0x06,0x56,},{0x09,0x4b,0xf6,0xf9,0x53,0xca,0x0e,0xb7,0x7d,0xf4,0x51,0x29,0xb7,0xbf,0x10,0xd1,0x92,0xcf,0x6d,0xde,0xae,0x94,0xad,0x62,0x02,0xb8,0xea,0xcf,0xbe,0xc1,0x19,0xe5,0x29,0x15,0x78,0xfe,0x64,0xa0,0x84,0xae,0x60,0x0f,0xe0,0x7e,0xfd,0xb8,0xa7,0x82,0x61,0x0d,0xbd,0xb0,0xb4,0x9e,0xb5,0xf2,0xa4,0x6c,0x43,0x23,0x55,0x55,0x2f,0x01,},"\x13\x52\x12\xa9\xcf\x00\xd0\xa0\x52\x20\xbe\x73\x23\xbf\xa4\xa5\xba\x7f\xc5\x46\x55\x14\x00\x77\x02\x12\x1a\x9c\x92\xe4\x6b\xd4\x73\x06\x2f\x00\x84\x1a\xf8\x3c\xb7\xbc\x4b\x2c\xd5\x8d\xc4\xd5\xb1\x51\x24\x4c\xc8\x29\x3e\x79\x57\x96\x83\x5e\xd3\x68\x22\xc6\xe0\x98\x93\xec\x99\x1b\x38\xad\xa4\xb2\x1a\x06\xe6\x91\xaf\xa8\x87\xdb\x4e\x9d\x7b\x1d\x2a\xfc\x65\xba\x8d\x2f\x5e\x69\x26\xff\x53\xd2\xd4\x4d\x55\xfa\x09\x5f\x3f\xad\x62\x54\x5c\x71\x4f\x0f\x3f\x59\xe4\xbf\xe9\x1a\xf8"},
+{{0xb2,0xe6,0x97,0xb3,0xd3,0xef,0xec,0x97,0x6e,0xf3,0x36,0x95,0x30,0xc7,0x92,0x71,0x7b,0xdb,0xb4,0x28,0xd9,0xed,0x0c,0x11,0xec,0x0e,0xa9,0xb2,0xe5,0xf3,0x9f,0x82,},{0xc4,0xd2,0xe4,0xb3,0xc2,0x36,0xd6,0xc9,0xb8,0xc7,0x4f,0xa3,0x84,0x61,0x2c,0x47,0x10,0xd8,0x3a,0xa1,0x6a,0xd7,0xef,0x01,0xfb,0xb7,0x42,0x1d,0x4f,0xb3,0xf0,0xf6,},{0x50,0x47,0xfa,0x38,0x19,0x7b,0x83,0x28,0xe7,0x8d,0xd8,0xa1,0x0e,0x96,0x6a,0xfb,0x7b,0xd3,0xd4,0x36,0x08,0x28,0x0f,0x1c,0x25,0x7d,0x25,0xca,0x43,0xbc,0x1c,0x06,0xe9,0x4a,0x57,0x47,0xab,0x62,0x15,0xec,0xe5,0x4c,0xde,0xff,0x8c,0x56,0x56,0x7d,0x70,0xd2,0xf9,0x1f,0x9e,0xc8,0xc2,0x60,0xaa,0x10,0x80,0xa6,0xab,0x5a,0x7a,0x02,},"\x7b\x43\x62\x32\xac\x21\x11\xa8\x40\x59\x51\x0c\x48\x36\x25\x88\xfc\xb7\x38\x34\x26\xbe\x5e\x6f\x62\xf3\x72\xe4\xf7\xcc\xa8\x3c\x81\xc2\x35\x7f\x9b\x54\xf4\xa1\x52\x91\x06\x5b\x6d\x41\xaa\xd1\xea\x93\xcf\xfa\x77\x6b\x9a\xca\xa5\x8a\xfe\x2b\x51\x64\x4b\x97\xaf\x9a\x3e\x53\xf8\x4e\x40\xaa\x6d\x86\x05\x1e\x69\x14\xcd\x03\x9d\x41\x70\xa9\xa5\x26\xdd\x69\x95\x5f\xf5\x07\xc3\x3f\x74\xe2\x17\x65\x91\xfb\x0b\x3c\xd7\xf0\x0e\xe4\x18\xf2\xc2\x58\xa9\x98\x1c\xcc\xee\x72\xf0\x1c\x84\x30"},
+{{0x19,0xa6,0x79,0xa7,0xa9,0x05,0xa1,0xe2,0xb3,0x03,0x8e,0x6e,0x41,0x8b,0x3d,0xa9,0x7c,0x30,0x89,0xc7,0xcd,0x35,0x1e,0xa0,0x7b,0xc8,0xd1,0xaf,0x64,0xea,0xcc,0x46,},{0x19,0xf0,0x83,0x61,0xf4,0x69,0xb4,0xae,0x1e,0x0c,0xeb,0x94,0xf4,0x7a,0x7d,0xe7,0x31,0x74,0x10,0xa9,0x2d,0xd0,0x13,0xb1,0x6a,0xe0,0xd0,0x53,0x2f,0xa4,0xb3,0xef,},{0x43,0x47,0xb7,0xb4,0xf7,0xc3,0xc4,0xdd,0x31,0x5b,0x83,0x84,0xa0,0xb0,0xca,0xee,0xd8,0x4b,0xda,0xbe,0x24,0xb2,0x91,0x5f,0x12,0x51,0x2d,0xfd,0x04,0x77,0x0f,0xc9,0x96,0xa1,0xbf,0xb7,0x29,0xaf,0xef,0x9e,0xdd,0x61,0x14,0x47,0x08,0x1a,0x53,0x30,0x61,0x7e,0xae,0xa1,0xc1,0xda,0xb1,0xbf,0x13,0xce,0xa8,0x99,0x72,0x04,0x91,0x0c,},"\x98\x0c\x7b\x4d\x29\x39\x06\x1a\xc7\xb9\xba\x44\x11\x17\xa1\x94\x85\x66\x17\x81\xa4\x08\x30\x67\xc5\x5a\xcf\x93\x02\x6c\x08\x2a\x93\xcc\x12\x4f\x09\x5e\x1b\x4f\x2c\x3f\x6c\x13\x54\x12\xa5\x09\x62\x28\xe8\xa0\x71\xe8\xb4\xb6\x68\xba\x9d\x96\x44\xea\x9f\x4d\xab\xfc\x54\xa9\x85\x6c\x3e\x96\x5e\x63\x63\x39\x5a\xb7\x09\x03\x7d\xda\x22\x9b\xaf\x92\x7c\xd0\x1f\x9a\xf5\xe0\x39\xaf\xc4\x2f\x3c\xec\x63\x4f\x5d\x83\x2d\x2a\xb7\xc7\xca\xd3\xad\x7b\x8c\xf2\x7e\xbd\xac\x69\x84\x31\xad\x82\x36"},
+{{0xf0,0x3b,0x83,0x63,0xee,0x5b,0x0e,0xef,0x70,0x18,0xa4,0x9b,0xc0,0x2a,0xdf,0x73,0x1d,0xa5,0x4e,0xe5,0x0a,0x7f,0x03,0xb8,0x8a,0x29,0xa2,0x08,0x2b,0x18,0x9c,0x43,},{0x31,0x28,0x7e,0xf5,0xa2,0xe6,0x41,0x04,0xab,0x77,0x90,0xb3,0x12,0xf3,0x5c,0x7a,0xd4,0xaf,0x6b,0xeb,0x0d,0x7c,0xeb,0x8a,0x58,0xf3,0x6a,0x54,0xce,0x27,0x2c,0x3e,},{0xe8,0xfa,0x96,0x7e,0x6a,0xfa,0xdf,0x6a,0x87,0x7d,0x87,0xe5,0xf5,0xc5,0x2b,0xb6,0x34,0xb7,0x5a,0x78,0x04,0x19,0x9a,0x2b,0xc9,0xd0,0x27,0xb6,0x3a,0x35,0x65,0x4d,0x9d,0xdd,0x06,0x83,0x04,0x55,0x64,0x1d,0xbf,0xb4,0x9e,0xdc,0xe4,0x2e,0x20,0xe7,0xd4,0x10,0x4a,0x07,0x1c,0x2c,0xbb,0xec,0x23,0x01,0x8c,0x29,0x7c,0xed,0x99,0x08,},"\x24\x19\x1b\x54\x64\xb3\x5a\xc7\xbc\xf4\xa3\x75\xf0\x33\xef\xba\x89\x43\xb0\x9b\x9f\xf0\xfc\x40\x3c\xa7\xaa\xe7\x02\xa3\xcb\xf3\x96\xc5\x13\x1b\xc0\x08\x13\x2c\xf5\xf1\x29\x10\xd5\x86\xdc\x1d\xb9\xc0\x84\x57\x4a\x96\xba\xbe\xe9\x56\x42\xf9\x22\x37\x1c\x03\x82\xec\x04\x02\xa2\x6f\xeb\x14\x2e\x41\x46\xbb\xd3\x36\x0c\x2b\x36\x83\x4f\xe4\x5a\xf5\xe2\x86\x8d\x4d\x56\xfd\xd5\x04\xce\xbf\x0c\x2d\x7f\x57\x91\xb4\x42\x94\x17\xc8\xb6\x5a\x98\xe0\xb1\x5c\x46\x6c\x13\x7f\x41\x05\x24\xfc\xe7\x37"},
+{{0x11,0x08,0x6b,0x0d,0x11,0xe4,0x15,0xab,0x1c,0xe0,0x2a,0xaf,0x8f,0x06,0x21,0xb5,0x44,0x30,0xf6,0xfb,0x13,0x5c,0x74,0xf4,0x0d,0x38,0xe8,0xc6,0x47,0x37,0x06,0x4b,},{0x71,0x66,0xdf,0xbc,0x69,0x1e,0xb8,0xc2,0x01,0x11,0x4b,0xa0,0xd1,0xa2,0xc7,0xb8,0x7f,0x7a,0x1f,0xd8,0xd0,0xb3,0x60,0x58,0xb0,0xd7,0xdc,0xab,0xe1,0xae,0x30,0xda,},{0xe9,0x07,0x45,0x9d,0x5a,0xdc,0xd0,0xd0,0xc3,0x64,0x18,0x58,0x1f,0x19,0xd0,0xee,0xbd,0xa7,0x13,0x8e,0xbd,0x9f,0xaa,0x0b,0x26,0x22,0x01,0xf4,0x58,0xc8,0x56,0x31,0x0b,0xb7,0x7f,0x4c,0x7d,0xe9,0x22,0x49,0x5d,0xcf,0xe8,0xb2,0x48,0xed,0xa2,0xad,0x0d,0xf6,0xa7,0x3f,0x47,0xbb,0xfb,0x89,0x4b,0xaa,0x7d,0x88,0x69,0x87,0x58,0x02,},"\x4b\x5b\x29\x36\xc5\xe3\x60\xa3\x84\x55\x50\x37\x21\x07\x8f\x8a\xdb\x40\x4a\x7e\xe7\xec\xc1\x48\x01\xdc\x87\xa6\x7a\x15\x2b\x76\x95\x69\xfb\xea\xc0\xaf\xa2\x5a\x20\x70\xa1\x68\x6b\x90\x0a\xc1\x63\x3d\x49\x98\x08\xcd\xb2\xe8\x1c\xe3\x91\x6d\x5a\x3c\x04\xd1\x9c\x5b\xb2\x69\x9a\x66\x2b\x8a\xba\x4a\xf9\x4d\x39\x0b\xac\x7c\xcc\x8e\xc9\x10\xed\x2a\xcd\xf8\x6e\xbb\x71\xad\xb6\x01\x87\x78\x85\xee\xf3\xc9\x16\x62\xfc\x30\x73\x8e\x35\x2c\xc7\x43\x53\xcc\xf8\xd8\xed\xee\xfa\xcc\x04\x2c\x10\xa0\xe5"},
+{{0xef,0xce,0x76,0x67,0xa8,0xef,0x91,0x22,0x8c,0xae,0xd1,0x4e,0xb4,0x77,0xa3,0x45,0xe5,0xe8,0x23,0x92,0x34,0x08,0x08,0x48,0x76,0x0e,0xd0,0x97,0x07,0x13,0xfa,0x86,},{0x91,0x93,0x05,0x5a,0x84,0xdf,0x1e,0xac,0xca,0x28,0xce,0x2a,0x08,0xc2,0xa0,0x7a,0x50,0xf0,0x4c,0x02,0x4e,0xcf,0x1f,0xe4,0xa4,0x7d,0x2e,0xfb,0xaf,0x63,0xed,0x58,},{0xe5,0xa6,0x31,0x24,0xdb,0x16,0x96,0xb6,0x41,0x40,0xb6,0xe9,0x61,0x2f,0xa9,0x58,0x7b,0x3e,0xef,0x71,0x01,0x09,0x39,0x8d,0x44,0xba,0x0c,0xa6,0x3c,0x0e,0xba,0xd0,0x6f,0x0a,0x6c,0x89,0x94,0xea,0x34,0xb3,0xa2,0xaf,0x91,0xa8,0x9b,0xf4,0x1a,0xe6,0x14,0xd7,0x72,0x7d,0x71,0x6f,0xd4,0x2f,0x8b,0x92,0xe1,0xac,0x64,0xfd,0xbf,0x03,},"\xaa\x1b\xc8\x0d\x7b\xcc\x1d\x94\xa2\x3a\x57\xce\xdf\x50\x27\x48\x24\x77\xdc\x46\xb8\x68\x90\xbc\x0e\x5a\xc2\x9a\xe6\xc9\x1b\xbc\x43\x13\x03\x48\x79\x73\x05\xf7\x55\x43\x58\x0a\x8a\x06\x9b\x34\x8a\x7b\xd8\xfc\x3e\x01\x52\x30\xb7\xc1\x94\x0c\x7f\x80\xa8\x2b\x12\x90\x09\x10\xdb\xcf\x06\x30\xda\x03\xf0\x81\xd4\x4c\x7f\x95\x5d\x4a\x11\x72\xf5\x6e\xcc\x7c\x5a\xc6\x46\x69\x6b\xff\xdf\x4e\xb6\xd8\x8b\xdd\x9c\xc3\x84\x35\x28\xb7\x25\x83\xab\xb3\xba\xd0\x2e\x56\xef\x76\x46\xee\xd5\x13\x95\x51\xcd\xeb"},
+{{0x88,0xfc,0xca,0xa9,0x6a,0xd8,0x84,0xd1,0x16,0x5b,0xe7,0x1d,0xd0,0xc4,0xf5,0xf8,0xf4,0x42,0x1c,0x60,0xfb,0xfa,0x49,0x8b,0xfe,0xe9,0xb9,0x67,0x46,0x24,0x43,0xbd,},{0xc7,0x5c,0xb0,0xe0,0x23,0x7b,0x45,0xb8,0x65,0x6e,0xea,0x9f,0x3d,0x1a,0x9d,0x4a,0xcd,0x01,0xa1,0x03,0xaa,0x26,0x9b,0xb2,0x4f,0xd5,0x41,0x22,0xfd,0x81,0xf2,0xac,},{0x27,0xd3,0xa1,0x97,0xcc,0x99,0x94,0x21,0x20,0x63,0xbc,0xe8,0xd7,0x99,0xe7,0x7b,0x68,0x53,0xb7,0x35,0x5e,0xbe,0x36,0x9b,0xcf,0x18,0x89,0xa4,0x18,0xa8,0x2c,0xaa,0x3a,0x79,0x87,0xa6,0x63,0xf6,0x21,0xde,0xfe,0x86,0xb3,0xac,0x4a,0xd4,0x4f,0xae,0xed,0x16,0xc9,0x11,0x6a,0xce,0x28,0xfc,0xcf,0x91,0x55,0x57,0xfa,0x77,0x99,0x03,},"\x9d\x0e\xac\x98\x55\x6b\xfa\x86\x72\xc3\x57\x05\xd1\xd6\x1a\xc4\xd0\xfc\xa1\x9d\xc0\xd9\x93\x01\x58\x77\x85\x7d\x27\xfd\x80\xf7\x4a\xca\xce\x66\x6c\x56\x34\x85\xd8\x1e\x53\x60\x3a\x6a\xef\x40\x87\x5f\xa5\x51\xcc\x10\x5f\x2c\xc1\x0b\x39\x69\x46\x79\xcd\xf4\xa6\xb0\x73\xbc\x88\x64\x5f\xc5\x1a\x36\xda\x17\x9d\x3d\x1e\x3c\x77\x22\x45\x4c\x5e\x73\x57\x7c\x61\xaa\x7d\x14\x8c\x4b\xa5\x0e\xa4\x6c\x56\xa1\xc3\xb3\xb3\xc4\x70\xf9\x31\x00\x49\x4e\x08\xbc\x55\x14\xac\x76\x3a\x85\x48\x3c\x42\xc7\xcd\xc2\x7c"},
+{{0x67,0x0b,0x30,0x62,0x6f,0xe3,0x67,0xd8,0xb4,0x5f,0x43,0x73,0x3d,0x6f,0x25,0xb3,0x7e,0xcc,0xbc,0xb5,0x51,0x96,0x3f,0x0a,0xc8,0xb6,0x66,0xb4,0x80,0x41,0xc7,0x2d,},{0x65,0xaa,0x4c,0x6d,0x4b,0xa0,0xab,0x34,0xbc,0x75,0xb3,0x9f,0x09,0x52,0x7c,0xa6,0xf2,0x42,0x5f,0x52,0x41,0x5c,0xdf,0xfd,0xf2,0xdf,0xf2,0x73,0xf8,0xea,0x61,0x2c,},{0x1b,0x6b,0x43,0x77,0xd2,0xb9,0x8e,0x0f,0x9d,0x24,0xae,0x8d,0xfe,0x30,0xe2,0x39,0x6e,0x20,0x04,0x38,0x0d,0x34,0x31,0x48,0x8e,0x58,0x43,0xcf,0x8d,0x2d,0x7a,0x00,0x70,0xab,0x21,0xf8,0xa3,0xb5,0x1c,0xe8,0x4d,0x2f,0x4b,0xa2,0x09,0xf7,0x39,0xf9,0x22,0xbe,0xbf,0x79,0x80,0x96,0x69,0x3f,0x56,0x22,0x87,0x3d,0x79,0xae,0x6f,0x04,},"\xd0\x0b\xcc\xa7\xe1\x84\xd1\x0e\x1f\x1f\xe4\x20\xb5\x06\x39\xe1\xd5\xde\xba\x52\xa7\x51\x23\x6e\x68\xc5\x9b\xb4\xbf\xf9\x80\x2f\x5f\xc1\x65\xed\x42\xfd\x6d\x53\x46\x70\xa7\xc6\xfb\x60\xe4\x30\x7d\x94\x79\x15\xa2\x48\xbf\x2f\x93\x46\x5c\x2c\xb4\x4d\x8f\x45\x3d\x2c\x01\x5a\xfb\xc8\xed\x58\x81\x8e\xa5\x17\x26\xa2\x51\x77\x93\x0e\x9e\xa1\x92\xef\x45\x14\xf4\xbb\x0e\xb4\xe0\xf5\xd4\xae\x3c\x46\xe3\x57\xc8\x11\x87\xf7\xed\x17\x47\x33\xff\xf9\x59\xc3\xf9\xfa\xe6\x48\x6c\xfa\x13\x56\xa9\x56\x99\x21\x1d\xe5"},
+{{0x81,0x3c,0x4d,0xae,0xd6,0x7a,0x19,0x0d,0x68,0xbb,0x63,0x5d,0x73,0xaf,0x6d,0xa7,0x4f,0x32,0xfd,0xf7,0xc4,0x8c,0xca,0x6e,0x59,0x26,0x29,0x46,0xb8,0xe8,0xc7,0x1f,},{0xa2,0x09,0x54,0x57,0xd7,0x69,0x70,0x20,0xe2,0xb8,0x84,0xd9,0x5a,0x96,0x57,0x8c,0x2a,0x90,0x0a,0x76,0x66,0xac,0x0d,0xc7,0xbd,0x38,0xf1,0x93,0x1d,0x79,0x45,0xd8,},{0xb4,0x46,0x57,0x4f,0xf6,0xa4,0xbd,0x2b,0x57,0x2e,0x48,0x7c,0x4a,0xb4,0x43,0xca,0x64,0x10,0x75,0x16,0x8a,0xa4,0xe1,0x09,0x2f,0x71,0xf3,0x0b,0xdb,0x06,0x8c,0xe4,0x6a,0x39,0x5e,0xfe,0xe1,0xee,0x66,0x0b,0x9f,0xac,0x26,0xd5,0x41,0x09,0x72,0x2c,0x15,0xcd,0xb7,0x91,0xbf,0xb8,0x7f,0xff,0x63,0xc6,0x59,0x6a,0xd4,0xf2,0x27,0x0c,},"\xce\x54\xcb\x04\x50\xe6\x89\xa0\xdb\xef\x78\x53\x08\xb3\x17\x74\x72\xfc\xd6\xd3\x82\x03\xe5\x8a\x05\x90\xb3\x1f\xa2\x53\xf9\xea\x59\x0b\xe5\x36\x8a\x92\x2d\xe8\x8b\x63\x45\x01\x02\x68\x44\x43\xfb\x81\x89\xe6\x01\x28\x20\x03\x32\x3b\x89\xc8\x1e\x92\xea\xef\x2b\x5d\xdc\x4a\x55\xc5\x3f\xa3\xcf\xad\x41\x60\x24\x8b\x3c\x28\x6f\xf8\x0d\x31\xd1\x61\xb7\xb8\xde\xe7\x13\x55\x2b\x56\xf1\x50\x7f\xb7\x2e\xad\xfa\x89\x05\x4e\x9d\x16\x00\xac\x87\x4c\x4b\x0a\x96\x10\x04\xeb\x6d\x0d\x4b\xfd\x2e\xcb\x9c\x73\x4f\x00\xba"},
+{{0x84,0x00,0x96,0x2b,0xb7,0x69,0xf6,0x38,0x68,0xca,0xe5,0xa3,0xfe,0xc8,0xdb,0x6a,0x9c,0x8d,0x3f,0x1c,0x84,0x6c,0x8d,0xce,0xeb,0x64,0x2b,0x69,0x46,0xef,0xa8,0xe3,},{0x98,0xbe,0x21,0x00,0x19,0x93,0xa7,0xeb,0x1a,0x12,0x77,0xff,0x74,0xc1,0x55,0x04,0x18,0x3d,0x25,0xfd,0xfc,0xc0,0x5f,0x0d,0x4d,0xea,0x89,0x2f,0x6e,0x30,0x18,0x90,},{0x0a,0xd7,0x1b,0x00,0x25,0xf3,0xd9,0xa5,0x0d,0xb3,0x38,0x41,0x4d,0x6d,0x67,0x0e,0x77,0x99,0xb7,0x27,0x0a,0x84,0x44,0xf6,0xae,0x7f,0x12,0xae,0x7e,0xb7,0x1b,0xd0,0x3f,0xfd,0x3c,0x4f,0x36,0x63,0x1f,0x69,0xfd,0xcc,0x40,0x61,0x46,0x8f,0xf5,0x82,0xed,0xe4,0x95,0x24,0x3e,0xf1,0x36,0x1a,0x3b,0x32,0x95,0xfa,0x81,0x3b,0xa2,0x05,},"\xf7\xe6\x7d\x98\x2a\x2f\xf9\x3e\xcd\xa4\x08\x71\x52\xb4\x86\x4c\x94\x3b\x1b\xa7\x02\x1f\x54\x07\x04\x3c\xcb\x42\x53\xd3\x48\xc2\x7b\x92\x83\xac\xb2\x6c\x19\x4f\xd1\xcb\xb7\x9e\x6a\xfc\x32\xff\x68\x6b\x55\xb0\xb3\x61\x72\x18\xdc\xf3\x93\x16\xb4\xb6\x6b\x3c\x8c\x0d\x67\x26\x7a\x86\xdb\x8a\xdf\x37\x50\x80\x1b\xcf\x93\x27\xd4\xc2\x54\x41\xb9\x61\x97\x83\x2b\x4c\xde\x0e\xac\x3f\xf2\x28\x92\xa2\xf0\xbc\x17\xc2\xc2\x13\xc0\x23\x77\xa3\x33\xe3\x08\xed\x27\x16\x58\x04\x93\x83\xb7\xe2\xe5\x7b\x6b\x8b\x12\x55\x12\xe0"},
+{{0x62,0x88,0x72,0x20,0x35,0xd1,0xea,0x69,0x9b,0xc7,0xcf,0xdf,0x18,0xd8,0x96,0x25,0x42,0x31,0x80,0xb6,0x83,0xfa,0x74,0x63,0x9f,0x4f,0x30,0xf1,0x53,0x59,0xcc,0x85,},{0xe1,0x7f,0xaa,0x01,0x95,0x72,0x86,0x1a,0x06,0x4e,0x1b,0xc5,0x71,0x25,0x6d,0xea,0x14,0x68,0xf3,0xa4,0x85,0x90,0xa8,0x91,0x38,0xaa,0xa8,0x59,0x25,0x08,0x0c,0xd7,},{0x9d,0xec,0x92,0xb6,0xe8,0x9a,0xdb,0xe8,0xf4,0xe1,0xb5,0xe9,0x3a,0xc4,0xfc,0xf9,0x57,0xde,0x7d,0x19,0x70,0xa2,0x26,0x77,0x0e,0xc4,0xed,0xa6,0x47,0xc8,0xe3,0xb3,0xdf,0xfb,0x27,0x31,0xa3,0x9e,0x16,0xe4,0xa0,0x11,0x9d,0x36,0x62,0xa9,0x37,0xe5,0x60,0x52,0x24,0x91,0xec,0x7a,0x16,0x96,0xbe,0x04,0xc0,0x76,0xb1,0x2e,0x35,0x01,},"\x8b\x6c\xaa\xca\xc5\x1d\x89\x49\xfb\x86\xac\xbc\xb1\xb9\x9d\x85\x9f\xf6\x7c\x64\x14\x7b\xc1\x21\x69\x09\xdc\xab\x07\xee\x6e\xf0\x9f\x40\x38\x63\x32\x73\x94\x68\x9d\xc3\x4a\xbc\x77\x8f\xcb\x5c\x1f\x50\x91\xac\xf5\xa0\x8f\x9d\x84\x22\x11\xd1\xae\x2e\xb4\x0b\xe9\xbb\x8d\x66\x79\x07\x74\x71\x54\x7a\x6c\x71\xff\x77\xb5\x19\xd4\xb7\x10\x8e\x32\xbc\x46\x25\x1c\x60\xde\xe8\xe3\x32\xb6\x22\x93\x16\xe6\xd5\x7c\x22\xab\x82\x6f\xf1\xbc\x33\xf2\xb0\x21\x38\x07\xc1\x92\x80\xaf\x11\x0f\xd2\x6e\xe2\x74\x68\x20\x1c\xff\x49\xcb"},
+{{0x13,0x03,0x8a,0x3a,0x65,0xef,0x32,0x75,0x9a,0x9c,0xd9,0x03,0xac,0xb5,0x54,0xb2,0x52,0xde,0x00,0xe7,0xcd,0xb7,0x7b,0xbe,0xd1,0x97,0x0b,0x20,0x68,0x0e,0xe1,0x7b,},{0xb6,0xa3,0x08,0xe6,0x7f,0x9b,0x46,0xc6,0x64,0x99,0x45,0x6a,0xb5,0xcd,0x13,0x5c,0xb2,0xfe,0x84,0xa3,0x2e,0xb0,0x45,0x35,0x86,0x26,0x60,0x4d,0xa4,0x12,0x2c,0x8f,},{0x52,0x61,0x55,0x8e,0xcc,0x3c,0x98,0xff,0x36,0x35,0x1f,0x42,0xf5,0x04,0xca,0xd4,0xa3,0x2f,0xfd,0xa5,0xa7,0x44,0x56,0x09,0x60,0xb4,0xc1,0x06,0xe4,0x49,0x2f,0x02,0xe2,0x04,0x78,0x88,0x7a,0xfe,0xe4,0xf7,0x70,0xf0,0x55,0x97,0xa7,0xe3,0x88,0xca,0xce,0xae,0x80,0x5a,0xe3,0x51,0xe0,0xe4,0x5e,0x8e,0x57,0x8e,0x6a,0x6f,0xf2,0x0c,},"\xdd\xf0\x0b\x40\x33\xa2\xa0\x88\x02\x2d\xab\xe9\x33\x56\x43\x2f\x50\xdd\xc6\xc6\xe1\xa6\x59\xdc\x1a\x93\x12\x4a\x4c\x2f\xff\xfd\x18\x27\x65\xa2\xf5\x6c\x43\xea\x0b\xfd\x8d\xe8\x01\x50\x60\x88\x9a\xe6\x94\x1c\x3f\x3e\x25\x5d\x44\x21\xa1\xc3\x62\x01\xbe\x84\x6a\x27\x38\xa7\x1f\x12\x0c\xad\x59\x8c\xa8\x52\x7d\x70\xff\x8d\x5a\x09\x93\xb5\x5c\xb5\x15\x35\x17\x11\x0a\x41\x96\x2d\xaf\xf4\x22\x50\x15\x8f\x20\x96\xd1\xdd\xaf\x71\x86\xe5\x02\x98\xcb\xe5\x1f\xcb\x42\x9c\xbe\xa4\x11\x29\x3f\x8a\x7b\xd9\xcf\x06\x9f\xa2\x37\xe4"},
+{{0xb9,0xde,0x5b,0x06,0x3d,0x3c,0xa3,0xa7,0x73,0xf1,0x14,0x94,0x1b,0x2e,0x42,0x27,0xc0,0x75,0x11,0xc0,0xf5,0xc0,0x60,0x17,0xb9,0xc8,0x84,0x50,0x18,0xf2,0x34,0x32,},{0x52,0x95,0x24,0x3c,0x86,0x46,0xe0,0x96,0x67,0x4d,0xda,0x15,0x97,0x9b,0x32,0x2b,0x9d,0xd0,0xfa,0xf2,0x7d,0x02,0x4a,0x0e,0xd5,0x77,0x13,0x34,0xe1,0x17,0x9e,0xd2,},{0x92,0xba,0x76,0x0d,0x14,0xd1,0x41,0x5c,0xfa,0xf2,0x18,0xca,0x84,0x70,0x14,0x08,0x8a,0xe5,0x1a,0xd8,0x21,0x11,0x3a,0x6f,0x86,0x30,0x35,0x6f,0x7b,0xa8,0x5c,0x00,0x5e,0x23,0x30,0xf1,0x06,0x6d,0x0d,0xf4,0x64,0x80,0x60,0x52,0xa4,0x17,0x46,0x10,0x05,0x04,0x62,0xf3,0xe0,0x13,0xd7,0x02,0xe7,0xc7,0x71,0x85,0xa0,0x32,0x58,0x0b,},"\x94\x93\xcc\x23\x89\x6b\x84\x09\x60\x46\xae\x10\x53\xaf\xe3\x94\x99\xe9\x42\x42\x54\xb3\x66\xfe\x14\x3f\x4d\xa3\x21\xe2\xdc\x9e\x47\x84\x20\x8e\x12\xa5\x42\xd8\x99\x82\x8d\xde\x7e\xff\x62\x5a\x7f\x12\x41\x69\x90\xc2\x84\x1f\xfb\x09\x5b\xf9\x4c\x0c\x61\x0e\x5a\x66\x39\x18\xb6\x89\x03\x1c\xcd\x6b\x51\x93\x49\xd0\x4d\xe1\xc2\x12\xca\x2a\x9d\x7a\xbf\x52\xe1\xb4\xfd\x46\x7b\xb6\x65\xb6\x91\x9e\xf8\xf9\x16\x17\xe2\x05\x56\x5b\xf5\x66\x47\xe5\xf8\xd5\x08\xea\x20\x0a\x84\x46\x7f\x8f\xa1\x22\xe7\x4b\xc3\xb9\x97\x9f\x11\x74\xe5"},
+{{0x8f,0xf0,0x29,0x7c,0xc0,0x88,0x42,0xb5,0xe6,0x75,0x52,0xec,0x28,0x43,0xe0,0x43,0x53,0xa3,0x4d,0x74,0xef,0x89,0xb8,0x56,0x5d,0x97,0x20,0x5b,0x74,0xca,0x13,0x3a,},{0x0f,0x7e,0xf9,0x8c,0x5b,0xa4,0xaf,0x98,0x4d,0xfb,0x77,0xbc,0x4e,0x53,0x7b,0x2b,0x39,0xe6,0x27,0x3b,0xb3,0xe7,0xb9,0x5f,0xe1,0xb7,0xe6,0x78,0x19,0x52,0xbd,0x4a,},{0x07,0x83,0x73,0x7f,0x70,0x6e,0x6f,0xf3,0x66,0x14,0xf8,0x50,0x07,0x4f,0xca,0x1f,0x48,0x5f,0x24,0xfc,0xde,0x2a,0x28,0xaf,0x54,0x4f,0x37,0xab,0xd6,0x9b,0x7a,0x58,0x1d,0xef,0xd8,0xc7,0x71,0xb0,0x31,0xe1,0x08,0xd1,0x9d,0x78,0x8c,0x74,0xc5,0xf2,0x0b,0xb3,0xf1,0xc2,0x1c,0xd9,0x2b,0xe3,0x17,0xba,0xcd,0x8f,0x65,0x0b,0x49,0x05,},"\x2b\xdc\x3a\x48\x6c\x5e\x4e\xa6\x2d\xcf\xec\x8a\x9d\x4f\xcf\x9e\xa9\x49\x0d\xbc\xc7\x15\x61\x5d\x58\x49\x0a\x72\xce\x83\x3f\xa2\x23\x87\xca\x50\xa0\x05\x25\x08\xcf\x0a\xff\x1c\xa7\x27\xf0\xfe\xd4\x6f\xfa\x7d\x3c\x8e\x23\xc5\xbb\x01\xd4\x7e\x90\xff\x06\xd3\x85\x8a\x55\x7d\x99\x26\x48\x15\x79\xda\xf4\x38\x4a\xea\x50\xe9\x6e\xc6\x15\xd2\xa3\xbf\x3c\x11\x22\xf1\xf2\x4d\xd6\xed\x98\xa5\xde\x42\x18\x83\x58\x9c\x21\x39\x98\xca\x54\x32\x37\x3e\x68\xbb\xbe\x89\x42\x8c\xa9\x88\x5d\x05\x93\xd5\xe6\x21\x51\x16\xb8\x26\x63\x86\x45\x2b"},
+{{0x05,0x0d,0x55,0x3d,0x28,0x2d,0xca,0x32,0x69,0xc8,0x3c,0x18,0x17,0x68,0xec,0x06,0x7b,0x81,0xc9,0xfe,0x0c,0x94,0xf2,0xa0,0xeb,0xbb,0x0c,0x94,0x2d,0x0f,0xcd,0x7c,},{0x63,0xe2,0x30,0xb0,0x03,0xc5,0x3a,0x56,0x72,0xe8,0x32,0xff,0x7f,0x24,0x43,0x0b,0xe2,0x23,0xe4,0x97,0xde,0x84,0x02,0x33,0xf5,0x95,0xa3,0xe2,0x00,0xc7,0x12,0x7e,},{0x3f,0x0e,0x83,0x76,0x5b,0x31,0xbb,0xe8,0xe1,0xfb,0x92,0xe9,0x67,0x8d,0x6c,0xde,0x57,0x1a,0x03,0xba,0x7f,0x1d,0xcc,0x11,0x28,0x46,0x1f,0x70,0x85,0x25,0x45,0x7f,0x4e,0x0e,0x23,0x53,0xaa,0x2b,0x59,0x8c,0x06,0x3f,0xf1,0xbf,0xfd,0xac,0x91,0x6b,0x5a,0x22,0x00,0x65,0x51,0x56,0x90,0x4b,0x05,0x85,0x57,0x7a,0x16,0x28,0x56,0x0d,},"\x15\xe1\x3b\x8c\x01\x00\x4f\x6a\xa5\xb2\x36\xdb\xb2\x81\x67\x7f\x74\x6d\x81\xe5\x48\xe0\xaa\x80\xf0\xe4\x14\x52\x15\x21\xd8\x56\xcd\x69\x4e\x7c\x91\x52\xbb\x5e\x43\x77\x6b\x60\xf6\xb5\x60\xed\x1a\xd3\xe4\xb3\x90\xdb\xf3\xe4\x6e\xf9\x25\x74\x43\xf3\x9c\x14\x9e\x02\x40\xa0\x2d\x02\x1e\x1e\x3d\x7d\x04\x6b\x26\xfd\x00\x4e\xee\x7c\xa1\x6a\x80\x59\xe1\x26\xc7\x4c\xb3\xf2\x19\x4d\xb4\x7b\xf6\x04\x65\xec\xef\x5c\x70\x4d\x2e\x2c\x75\xe2\xe5\x00\x60\xea\x2a\x31\xcb\x72\xb7\xb3\xc6\xb1\xb5\xec\x72\xab\x38\x00\x40\x85\x28\x1a\x22\xfe\x86"},
+{{0x69,0x49,0x7c,0xd7,0xb4,0xe8,0x68,0xcf,0xa0,0x32,0x8d,0x92,0xbd,0x60,0x52,0xd7,0x72,0xb2,0x76,0x73,0x95,0xc1,0x45,0x95,0xb2,0x79,0x85,0x1a,0x9c,0xdd,0x31,0xaa,},{0x5d,0x27,0x6d,0x62,0x6e,0x23,0x0d,0x18,0xe7,0xbc,0xd6,0x11,0x41,0xcb,0x93,0xc9,0x0e,0xf0,0xf7,0x9e,0x01,0x32,0x12,0x12,0xd8,0x38,0xec,0x71,0x45,0x7b,0x1a,0xac,},{0xbe,0xaf,0xa5,0x83,0x40,0x96,0x09,0x08,0xe8,0xd8,0x6e,0x40,0x32,0x9e,0x3a,0x45,0x23,0xfc,0x7b,0xe7,0x70,0xad,0xdb,0x86,0xe3,0x4c,0x37,0x72,0xf8,0x4c,0xd9,0xfb,0x33,0x8d,0x1f,0x3b,0x65,0xbf,0xcd,0xb0,0x9f,0x35,0xc6,0xda,0x36,0xd1,0xa3,0xad,0xf8,0xf9,0x1f,0x1f,0xfd,0x57,0x82,0xcc,0x83,0x02,0x06,0x43,0x3a,0x08,0x41,0x0d,},"\x53\xcd\x08\x0a\x0c\x61\xf1\xa0\x93\xd3\xb3\xa7\x45\x71\xc2\x96\x30\x3f\x36\x3b\x41\x07\xed\xbe\x88\x0b\x7a\xa9\xdf\xe4\x4a\xb5\xd5\xdc\x5f\x74\xbe\x9c\x8d\x87\x6f\x04\xd7\x54\x65\x34\x91\xab\x51\xb1\x35\xfc\x95\x3f\x71\x28\x7b\x62\xff\x41\xb6\x7c\x74\x2b\xd3\x44\x56\x71\xa9\xd4\xf2\xdc\x17\x4c\xa1\xb0\x33\x5f\x78\x62\x7a\x0d\xd4\xb3\x06\x50\x50\x41\x78\x03\x9e\x73\x93\x63\x85\x10\xff\xe8\x40\x91\xb5\x72\x98\xd3\xac\x90\x01\xc3\x67\xc1\x45\x2f\xbc\xb3\x3d\xc5\x4a\x5d\xc3\x16\xfb\x2a\x52\x70\x76\x4a\x2a\xc8\x20\xa0\xb6\x3f\xbd\xc6"},
+{{0x21,0x65,0xa4,0x86,0xb6,0x12,0xbb,0xff,0x52,0x9c,0xd0,0x03,0x46,0x96,0x4a,0x3c,0xb8,0xcd,0xcf,0xfa,0x51,0xdc,0x3d,0x52,0x4d,0xd5,0xad,0xc5,0xac,0x93,0x6d,0x68,},{0x7e,0xbc,0x83,0x9a,0x46,0x5e,0x14,0xf5,0x89,0x24,0x76,0xe4,0xa1,0x3b,0x39,0x88,0xf8,0x3b,0x3c,0xd2,0x7e,0xf7,0x9e,0x19,0x3f,0x86,0xfa,0x16,0xf3,0x4a,0x1c,0xe1,},{0x7e,0xc6,0xfb,0xa5,0x6b,0xa5,0x24,0x60,0xa1,0xb4,0xf2,0x73,0x86,0x89,0xc1,0x88,0x3d,0xda,0x9a,0xaf,0xfc,0x8b,0xde,0x17,0xcb,0x60,0x29,0xbd,0xce,0x3a,0x0e,0xbe,0x2f,0xff,0xda,0x55,0x93,0x9b,0x70,0xbb,0xd0,0x7f,0xdb,0xf6,0xfc,0x5c,0xda,0x87,0xfe,0xd8,0xba,0x58,0x57,0x5f,0x89,0x4a,0x36,0x6e,0x45,0xe5,0x70,0x5e,0xea,0x09,},"\xb7\x28\xda\x7a\x36\x16\x7c\x60\x85\xbd\x2d\x96\x2c\xf6\x39\x59\xfa\xcd\x95\xc9\xad\x45\x42\x02\x8a\xfb\xa9\x0e\xc9\xc6\xc0\x76\x0b\xda\xe9\x35\x42\x9c\x3f\xeb\x39\x33\xe2\xf0\x00\x42\xc6\x72\xad\x2c\xd7\x34\x8d\x92\xbc\x33\xf8\x17\x51\xe2\x94\xae\x91\x71\xb9\x45\xb1\x93\x14\x4e\xf8\xac\xb9\xa1\xbd\x9a\xbf\x04\x75\xce\x0d\x0a\xc7\x89\xb2\x00\xc3\x2e\x9c\x9a\x27\x36\xb1\x68\x36\x9c\xe5\xf9\x7b\x1e\x8d\x2e\x79\x00\xe1\xa7\x59\x17\x84\x41\xf1\xfc\x43\x05\x64\xae\x12\x9b\xae\x78\x57\x74\x05\x11\xa6\x68\xf3\x2c\x0a\x3b\x07\x7a\x9d\x8b\x19"},
+{{0x1c,0x64,0xad,0x63,0xdd,0x14,0x70,0x34,0x59,0x8e,0x12,0x8f,0x74,0x06,0xec,0x05,0x30,0x74,0x6e,0xa1,0xc5,0xb7,0x2e,0xcf,0x79,0xe8,0x88,0x06,0x54,0x86,0xfa,0x1b,},{0xba,0xa6,0xbc,0xc1,0xc3,0xd8,0xd3,0xb1,0x1f,0xfc,0x15,0x87,0xad,0xdd,0xc5,0x8b,0xfd,0x96,0xc2,0xb9,0x92,0xb6,0xc6,0xf5,0x9f,0xcc,0x50,0xcc,0xbc,0xdd,0x0e,0xb9,},{0x74,0x77,0xe5,0x41,0x58,0xf1,0x3b,0x71,0x28,0xc0,0xa1,0x10,0xca,0x6b,0x65,0xf4,0x25,0x14,0xfb,0x70,0xcd,0x5c,0xf2,0x8a,0x8b,0x1c,0xc6,0x11,0x0e,0xa0,0x6f,0xcf,0x94,0x29,0x0d,0xa1,0x3f,0x85,0xa1,0x1c,0x23,0x51,0xd3,0xbb,0xcc,0xbb,0x4c,0x64,0xe0,0x21,0x5d,0x6d,0x0f,0x00,0x99,0xe7,0xf2,0x7b,0xc9,0x4e,0x94,0x9b,0x15,0x0b,},"\x9e\xbd\x8e\x33\x78\x93\xbb\x05\x3e\xf2\xb9\xe3\x26\x9d\xf5\x48\x48\x49\x4f\x03\xcd\x63\x57\x6b\x33\xe6\x4b\x10\x80\xbe\x4b\xe0\x15\x26\x4a\x40\x3f\xb9\x60\x2b\xbf\x90\xca\x19\xb2\x41\xa9\xb6\x68\x63\x90\x9b\x90\x08\xce\x1b\x2f\xfc\xf2\x36\xef\xa4\xc2\x66\x8f\x0f\x47\xdb\x9f\xf5\xfa\x15\x7d\x9c\xb6\x05\x41\x2b\xe7\xdd\x8b\x07\xea\x87\x8c\xcc\xae\x6b\xf5\x0f\x93\x5b\x86\xd1\x9e\x1b\x64\x8b\x69\xe5\x28\x55\x3a\x56\xd8\xaf\xb7\x82\x21\xad\x53\x30\x7b\x7a\x4e\xc8\xd2\xfd\x48\x61\xb5\x5d\xc5\xda\xe8\xe9\x3e\xf3\x87\xfb\xbe\x0b\x4c\xe7\xf7\x88"},
+{{0x55,0xab,0xbc,0x5d,0xac,0x41,0x28,0x13,0x4d,0xc8,0xc6,0x01,0x8a,0x21,0x3e,0xd4,0xb6,0x0f,0xcc,0x8e,0x90,0xcb,0xd4,0x1d,0xb2,0xd2,0x1e,0xda,0x53,0x73,0xe9,0x36,},{0x25,0x1a,0xfa,0xa2,0x64,0x69,0x26,0xb2,0xa3,0x71,0xf2,0xa0,0x9d,0x58,0x65,0xb9,0x8c,0x9a,0x5e,0xb6,0xca,0x04,0x7c,0xd0,0xd8,0xee,0x36,0xe5,0xe0,0x41,0x69,0x74,},{0xf6,0xa6,0x1c,0x2e,0x66,0x1a,0x9e,0xb7,0xbd,0xe1,0x82,0xe3,0x8e,0xc9,0x9a,0xf9,0x85,0xf6,0x16,0x98,0xa5,0xd7,0xfa,0x43,0x0d,0x16,0xe3,0xf1,0xa9,0x37,0x09,0xb7,0x55,0x22,0x32,0x0d,0xe4,0x8a,0xfc,0xc5,0x95,0xab,0x20,0x91,0x22,0xae,0x0c,0xe1,0x32,0xcd,0xf4,0xb0,0x39,0x17,0x46,0xe7,0xff,0x34,0x11,0x77,0x57,0x0c,0x81,0x08,},"\x47\x01\x0e\x13\x98\xad\x55\xfa\xbe\x37\x1d\xd8\x64\x8f\x76\x8d\x90\xdf\x4b\x96\x5a\x3b\x39\x61\x00\xb3\x03\xb4\x0a\x17\x51\x8b\xed\x6d\x86\xb0\x9f\x73\x4a\xb7\xc1\x0b\x5f\x3a\x01\xb5\x3d\xee\xc5\xf8\x53\x4b\x70\xc7\x9f\x3f\x29\xb2\x84\xfd\xec\x48\x6f\x22\xf4\x4c\x22\xcc\xd5\xc6\x46\x35\x94\x41\x52\x67\xba\xa6\x11\xf7\x0b\x1b\x31\x6c\xaa\x1b\x68\xb5\xe0\xe9\x9b\x31\xc5\xbb\x0c\xe1\x36\x79\xa2\x3c\x31\xa6\x39\x99\x69\x81\x64\xcb\xf3\x7d\x10\x3b\xa9\x24\x90\x18\x8b\xe5\x99\x37\xf1\x23\x04\x3e\xc7\x86\xef\xe3\xd4\x11\xf9\xb0\x62\x3a\x6a\xd9\x72"},
+{{0xf2,0xdc,0xf4,0xa1,0xa0,0xd4,0x6d,0xdb,0x2d,0x72,0xf8,0xfd,0xd8,0x0b,0xbe,0xc5,0xb7,0xde,0xa5,0x91,0x3d,0xa4,0x96,0x6c,0x2f,0x4d,0x12,0xc2,0x61,0xf0,0xbf,0x98,},{0xd3,0x95,0x70,0xa2,0x5c,0xa5,0x9f,0x22,0x57,0xf9,0x3f,0x96,0x60,0x0d,0xf4,0xf6,0x3e,0x68,0x4b,0xf6,0x3a,0xe8,0xdf,0xfd,0x91,0x4e,0x46,0x29,0xc3,0xd5,0x09,0x5f,},{0x42,0x88,0x2a,0x81,0x1d,0xad,0x2d,0x85,0x18,0x85,0xe4,0xcb,0xe9,0x04,0x47,0x08,0xd9,0x1a,0x86,0xf1,0x5d,0xfa,0x1d,0x66,0xc3,0xeb,0x30,0x43,0x14,0x53,0x1f,0x30,0x15,0x20,0x8c,0x71,0x1b,0x9b,0xdb,0xc5,0xfb,0x23,0x39,0x51,0xe5,0x69,0xb5,0x9d,0x34,0xe4,0x15,0xee,0xc4,0xb3,0x7f,0xfd,0x37,0x4d,0x41,0x2c,0x9a,0x36,0x0d,0x0c,},"\x3b\x00\xe8\x08\xfc\xa4\xc1\x16\x51\xd8\x53\xd6\xb9\x0f\x95\x2c\xcf\x56\x47\xe1\x02\xd4\xee\x0a\xd7\xa5\xd1\x81\xd5\xb4\x25\x8c\x52\x3c\xd3\x9e\x3d\x98\x25\x29\x8d\x84\xc8\xcb\xa0\x9f\x43\xdb\xba\x11\x99\x88\x22\x2c\x76\x05\x9c\xaf\x17\xb4\xbf\x99\x31\xc4\x5e\x61\x74\x48\xae\xad\xe1\x51\x18\x14\x97\xb2\x45\x52\x36\x7e\x52\xbc\x45\xac\x79\x08\x88\x06\xd3\x36\x82\x07\xaa\xfe\xfd\x30\x57\x84\x5d\xce\x81\x9d\x5a\xaa\xa7\x7b\x21\x8e\x2a\xed\x3d\xa7\x6d\x40\xc1\xf0\x76\x99\xf8\x17\x2e\x4a\x5c\x80\x3f\x7a\x2a\xce\xb9\xa4\x7a\x89\x52\xe1\xb2\xf0\x53\xf2"},
+{{0x22,0x46,0xbf,0xb0,0x61,0x55,0x85,0x9e,0x10,0xa7,0x48,0xff,0x8f,0x59,0x19,0xad,0x5d,0x1d,0xaa,0xb7,0x56,0xf0,0x10,0x57,0xb7,0x90,0xd0,0x74,0x74,0x77,0x5f,0x4f,},{0xfa,0x63,0x49,0xb6,0x2d,0xc8,0xc6,0xa2,0xfe,0xee,0xf6,0xff,0xc3,0x3a,0xe0,0x85,0xc6,0x49,0x79,0x5c,0x1c,0x9d,0x98,0x98,0xe7,0x5c,0x13,0xae,0x16,0x25,0xdb,0x34,},{0x2b,0xe4,0x91,0x5a,0x35,0x2f,0x77,0x85,0x48,0x30,0x46,0xd8,0xae,0x96,0x25,0xb8,0xb6,0x32,0x57,0xaf,0x57,0xc0,0x73,0x69,0x12,0x56,0xee,0x07,0x6d,0x6e,0x1b,0x97,0x2a,0x10,0x1f,0x55,0x1c,0x70,0x5d,0x3f,0x96,0x15,0x7c,0x33,0xb5,0x6e,0xa0,0x49,0xbe,0x4a,0xf4,0xdc,0x56,0x1c,0xbe,0x3c,0x1e,0xc5,0x07,0x2d,0x7f,0x13,0x4e,0x07,},"\x63\xee\x1c\x7b\xbb\x15\xce\xbe\x1c\x22\x53\x2d\x48\x16\x82\x75\x4b\xda\xf5\x8b\x8b\xc9\x97\xae\x30\xa3\x4c\x9d\x23\xc3\x3f\x16\x90\xc3\x46\xab\x0a\x73\x65\xff\x62\x45\x74\x24\xb6\x10\x5f\x84\x21\xec\xa0\xce\x3c\x63\x0a\xcf\xeb\x9a\x1c\xc4\x16\x39\x0e\xdf\x49\x20\xe2\x2b\x23\x67\xe9\xfb\x5d\x2a\xb2\x5b\xee\x56\xda\x03\xea\x55\xe3\xf5\x78\x82\xd4\x8b\x89\x22\x93\x14\xd7\x34\xcb\x83\xc7\x9f\x4e\x17\xee\x64\xba\xe6\xf7\xad\xdb\xe9\xb5\x25\xfc\xd0\x3a\x91\x40\x9a\x2d\xde\x90\x77\x51\xdb\x8c\xc9\x7e\x08\xd0\xea\x89\xc4\xd1\x87\x18\xd2\x6d\x0b\x89\x7b\x64"},
+{{0xc0,0x88,0xa3,0xdd,0x2c,0xb8,0xbd,0x5d,0x68,0x4d,0xb8,0x53,0x8d,0xc2,0x24,0x73,0xb6,0xf0,0x14,0xf6,0x4f,0xe8,0x6a,0xf1,0x68,0xb4,0xbb,0x01,0xb9,0x0a,0x1d,0xd0,},{0xaa,0xd6,0x15,0xa9,0xc2,0x87,0x59,0xf0,0x3d,0x37,0x3a,0xbe,0x66,0x66,0x91,0xde,0xad,0x8b,0x84,0xf9,0xb8,0xb5,0x0a,0x67,0xf8,0xf0,0xaa,0x4a,0x70,0x15,0x80,0xd1,},{0x3b,0xb4,0x59,0xd1,0xac,0x57,0x5a,0x18,0x0c,0x17,0x28,0xd8,0xb8,0x92,0x49,0x70,0x49,0x2a,0x0c,0x8d,0x2a,0x37,0x8c,0x29,0xd1,0xd4,0x17,0x85,0xc8,0x37,0x9a,0x58,0xe2,0xba,0x36,0x06,0x78,0x5e,0x1c,0x5d,0xa2,0x9e,0x55,0x27,0x55,0x2b,0xc6,0xdc,0x89,0xa2,0xb6,0x9c,0x27,0xfe,0x51,0xed,0x25,0x3a,0x9f,0x3b,0x56,0x5b,0x27,0x00,},"\x74\x90\x6a\xe0\x5a\x5a\xf8\xe9\x96\x8b\x6f\xeb\x49\x85\x69\xd6\x34\x5a\x24\xf9\x71\x1b\xef\xb1\x36\xe6\xc3\xb5\xed\x49\x33\x9e\x59\xa7\x93\x8b\x4b\xa1\xa1\x18\xf1\x69\xb9\xac\xe0\xf7\x84\x2a\x26\xa6\x45\xf1\x4c\x0a\xd2\x2e\xbb\xcd\xa9\x3e\x67\xe4\xc3\x48\xef\xc3\xd9\xec\xbb\x14\x19\xe6\x26\x2d\x04\x36\xa5\x8e\xa8\x2c\x22\x02\x38\x90\x65\xcc\xf6\x7c\x4f\x55\x0e\x45\xb5\xf6\xa1\x2a\x6c\x01\x1b\x2e\x0a\x30\x10\x1d\x5c\x62\x32\x8b\xbf\x99\xc8\xc9\x55\x63\xa6\xe3\x3b\xdd\x9c\xce\x72\xb1\xf7\x20\x13\x9c\x2f\xd3\xe0\x49\x13\x14\x6a\xe5\xba\xc5\x28\x8e\x0e\x3e"},
+{{0x45,0x66,0x7d,0x1e,0x7b,0x59,0x10,0x97,0x9c,0x4a,0x32,0x83,0x17,0x96,0x83,0x71,0xc8,0x64,0xd5,0x64,0xa6,0x61,0xc5,0xcc,0xe5,0x57,0xc9,0xec,0xc6,0x1b,0xab,0x9e,},{0xed,0xcd,0xf5,0xe1,0xa1,0x70,0xe0,0x0c,0x8c,0x68,0x7e,0x7e,0x9c,0x18,0xf9,0x89,0x3b,0x5f,0xe4,0x95,0xcd,0x29,0x77,0xce,0xb7,0xf4,0x46,0xc0,0x14,0x9a,0xa9,0xd3,},{0x6d,0xe6,0x68,0xf1,0xca,0x6f,0x29,0x28,0x14,0x62,0x52,0x89,0xa0,0x80,0x80,0x20,0xc8,0x7c,0x89,0xac,0x94,0xf5,0xb0,0x50,0x8e,0x55,0x7b,0xdf,0x80,0x00,0xa5,0xca,0x80,0x8f,0x02,0x1c,0x96,0x79,0xb5,0x0e,0xe2,0xf3,0x20,0x06,0x4c,0x95,0xa4,0x64,0xa8,0x43,0x93,0x79,0x82,0x8c,0x3b,0x76,0xcf,0xa7,0x66,0x45,0x5e,0x12,0x8c,0x0b,},"\xcd\x66\xce\xc4\x76\xc8\x7c\x8d\xbf\x47\xec\x91\xda\xc4\x8f\xb5\xb4\x2d\xb1\x28\x2a\x57\x3e\x0a\x5c\xf0\xb9\x17\x68\x98\x66\x08\xe1\xd7\xeb\xd0\x5f\x52\x51\xbc\xf8\xb4\x7a\x17\x09\x32\x29\xac\xef\xbd\x44\xbe\xb2\x1c\x0c\x0c\x92\x8d\xd3\xcd\x3f\x89\x66\xec\xce\x69\x10\x33\x1c\x50\x8e\xa7\x6b\xaf\x90\x4d\x8c\x21\xf6\xc1\x7c\x2c\x58\xd0\x0a\xfd\x32\x59\xb8\xbf\x79\x4c\x14\x6b\x12\xb9\x95\xcd\xdd\x1c\x42\x89\xc5\xbe\x31\x68\xeb\xd6\x16\xb3\x84\xc2\x81\xce\x1b\x38\xa1\x0e\x18\x07\x80\x88\x53\xc6\x81\xa6\x40\xa0\x09\xb4\xd2\xac\xd7\x93\x4f\x8c\x6d\x07\x57\x81\x61"},
+{{0x24,0x89,0x74,0x28,0xae,0x65,0x46,0xd8,0x5b,0x31,0x90,0xeb,0xe3,0xf1,0xf7,0xbf,0x7c,0x71,0x25,0x28,0xac,0x85,0x1a,0x58,0x8b,0x07,0xd5,0xc8,0xf9,0x4e,0xec,0xd1,},{0x5f,0x34,0x8f,0xe3,0xea,0x5b,0x2c,0x02,0x3d,0x0a,0xf7,0xed,0xe6,0x0e,0x55,0xf9,0x1a,0xa5,0x51,0x99,0x69,0x9d,0xa1,0x5a,0x11,0xc3,0x79,0x1d,0x68,0xd7,0x10,0xbd,},{0x1b,0x5e,0x75,0xde,0xf4,0x9f,0x51,0xd6,0xb2,0xde,0x00,0x8c,0x71,0xfc,0x1a,0x90,0x9b,0xd4,0x2c,0xa8,0x13,0x29,0x8d,0xce,0x4e,0xee,0xf7,0x17,0x81,0x5d,0x7a,0x6c,0x07,0x8c,0x2f,0x3d,0x9a,0x3f,0xce,0x1a,0xb5,0xb3,0xad,0x8e,0xf8,0xd4,0x5c,0xdf,0x2e,0xb4,0x90,0x1c,0x32,0xee,0xa2,0xd5,0xe0,0x18,0xdc,0xf2,0x83,0x3c,0xad,0x0c,},"\x52\x01\xd9\x72\x5f\x1d\xff\xa1\x86\x3f\xa4\xd8\x4c\x30\x18\x61\x14\x1a\xcd\xfb\x64\xbe\x1f\xbf\xdd\x5b\x93\x86\xdb\x20\xef\x39\x40\x99\xee\xbc\xfd\xfe\xcc\x62\xc6\x26\x86\x07\xa8\x4d\x55\xc5\x5c\xd0\xef\xdc\x37\x2e\xcf\x30\x67\x34\x3e\x7b\x07\x31\xc2\x68\x54\x61\xe2\x4b\x95\x3f\x99\x94\x9e\x59\xba\x3e\x67\xed\x0f\x08\x48\x31\x37\x93\x96\x2a\x29\x2c\x45\x98\x14\xc5\xe2\x86\x90\xec\x1f\x45\x17\x1f\x1a\xba\xb8\x6f\xdd\x14\x56\x8b\x00\xca\xf4\x85\x81\x11\x5e\xe5\xea\x83\xb0\x00\x28\x2f\xbb\xf0\xc0\xb2\xa1\x11\x60\x39\xa3\x5c\xfa\x3f\x20\x14\x22\x20\x7a\x3d\x49\x48"},
+{{0x7b,0x04,0xac,0xa7,0xcf,0x92,0x62,0x16,0xcb,0x96,0x0a,0x38,0x90,0x78,0x63,0x39,0xd0,0xa6,0x15,0x96,0x76,0x80,0x19,0x01,0x23,0xfd,0xa3,0xb6,0x0c,0x6a,0xeb,0x11,},{0xcd,0xbc,0x3e,0x70,0xe4,0xe8,0xfd,0x13,0xd0,0xcc,0xe2,0x85,0x2a,0x3b,0x93,0x72,0xc3,0xa6,0x16,0x0c,0xd6,0xde,0xab,0xa9,0x0f,0x9b,0x30,0x22,0xf7,0x0c,0x91,0xf9,},{0x25,0xd2,0xd3,0x61,0x75,0x1d,0x52,0xb4,0xfe,0x66,0xea,0x18,0xe4,0xb9,0x86,0x6b,0xde,0x3d,0x12,0x1a,0x73,0x12,0xfd,0x9e,0x28,0xa1,0xe2,0x95,0xe0,0x87,0xe3,0x17,0x6c,0x94,0xc8,0x74,0xa2,0xe8,0x16,0x00,0xf2,0x4c,0x46,0x54,0xf4,0x3d,0x1b,0x67,0xd4,0x7b,0x64,0x82,0x26,0x48,0x59,0x0c,0xe5,0xce,0x44,0xf3,0xb5,0xdd,0xc5,0x02,},"\x1c\xb0\x96\x24\xb1\xf1\x4a\x02\x60\xc7\xf5\x6d\x8c\x60\xb5\xfe\x45\x83\x71\x14\x23\x25\x51\xef\x59\x66\x38\x6e\x0c\x2b\x44\x1b\x75\xcf\xdb\x8d\xf2\x18\x57\x85\xd2\x2c\xf5\x26\xfa\x9d\xf7\xfd\x45\xd9\xd8\x38\x81\xb6\x6c\x1f\xee\xe0\x91\x3e\x23\x81\x21\xee\xdb\xb7\xab\x50\x4d\xa0\xbe\xe8\x99\x80\x16\x68\x45\x35\x03\x19\x91\xf1\x1b\xfc\xd9\xb9\x56\x90\xaa\xd2\xd1\x9b\xd6\xa9\xde\x18\x44\xed\x13\x62\x30\x2d\xf4\x21\x72\x30\xb2\x5c\x05\x52\xce\x27\x75\x34\xc6\x50\xca\xe5\x26\x57\x7f\x25\xd8\xb1\xfe\x9f\x9f\xeb\xca\x2c\x81\x46\x70\xd4\x80\x5b\x21\xad\xef\x85\x2d\xaf\x94"},
+{{0xea,0x73,0xbf,0x64,0xa1,0xa9,0x78,0x77,0xc3,0xc3,0xe7,0xca,0x46,0x44,0xb7,0x1a,0xaa,0x66,0x31,0x4c,0x8f,0x1b,0x66,0xba,0xfa,0xeb,0xd5,0xed,0xfb,0x88,0x8b,0xcd,},{0xca,0xac,0x93,0x90,0x2e,0x57,0x64,0xad,0xe4,0x72,0x94,0xed,0xd5,0x1f,0xaa,0x14,0x62,0x09,0x40,0xc6,0x68,0xb5,0xc1,0xc3,0x92,0xa6,0x92,0x83,0x25,0xd4,0xc3,0xfd,},{0xbd,0x86,0xcb,0x9c,0x70,0xa0,0x55,0x27,0x9a,0x86,0xa9,0xe6,0x48,0x70,0x98,0x8b,0x8a,0x73,0x45,0xc3,0xcd,0x29,0x48,0xa0,0xfa,0xbc,0xfb,0x38,0xab,0xce,0x3c,0x42,0x0b,0x4d,0x55,0x21,0x61,0x8e,0x11,0xd2,0xde,0x82,0x7d,0x9d,0xe5,0x69,0xf6,0xbc,0x3b,0xe6,0x6a,0xad,0x40,0x63,0x6c,0xda,0xa6,0x47,0x60,0xde,0xd3,0xb7,0xc2,0x09,},"\x36\x2e\xec\x68\xb9\x12\x85\x27\x86\xbb\x4f\x9a\xff\xf9\xec\xf7\xcb\x28\xc9\xde\x6b\x18\x42\x2a\x8c\xa9\x40\xb0\xd7\xe6\xdc\xb8\x3a\xa4\x4b\xe0\xaf\xb5\xf1\x80\x6d\x43\xf0\xe3\x1d\x71\xf9\x22\xf8\x53\x61\x5a\x26\xe2\x87\xa2\x7f\x08\xa0\x4f\xbc\xe3\xd4\x5a\x0c\x6c\x31\x1d\x4b\x7c\xb1\x7e\x42\x5b\xbe\xb0\xa6\xb4\x10\xb5\xd6\xdb\xb7\xac\x11\xdf\x98\x50\xa1\x31\xa6\x91\xe3\xb6\x0b\x0b\x21\x4e\xbe\x04\x41\x06\xe9\x82\x43\x32\x87\x59\x52\x67\xb0\x31\xb5\xd4\xa0\x92\x62\xde\xd8\x93\x4f\xdf\xdf\x96\x4d\x86\x8e\xf9\xa2\xc8\x42\xf8\x04\xea\xfd\xde\xfc\xb7\x1d\x9f\x16\xa5\x9b\xf8"},
+{{0xb8,0x12,0x3c,0x11,0x6b,0x33,0xba,0xd0,0xdc,0xbc,0x2c,0x4d,0xc0,0x6a,0x3d,0x66,0x85,0x0d,0xab,0x36,0x0c,0xdb,0x5a,0x03,0x3c,0x14,0x89,0x5c,0x4e,0xe3,0x1b,0xfb,},{0xbd,0xca,0x15,0x1b,0xa3,0x2c,0x6b,0xb3,0x15,0x31,0xb0,0x5f,0xdf,0x86,0xc6,0xd7,0x8c,0x8c,0xd1,0x93,0x56,0x11,0xd5,0xff,0x11,0x1a,0x0f,0x00,0x63,0x5b,0x18,0x85,},{0x9c,0xf1,0x3e,0xba,0x3d,0xcc,0x37,0xb8,0xfc,0x70,0xcc,0xb2,0x32,0x74,0x36,0xb9,0xf0,0x88,0x55,0xe7,0x26,0xaa,0x7e,0xd8,0x2b,0xd5,0xcb,0x7d,0xf4,0x5f,0xdf,0x9e,0xc1,0xf9,0x6a,0xfa,0xd1,0x93,0xf4,0x75,0x72,0xd7,0x70,0x44,0x4b,0x65,0xb7,0x4a,0x37,0xcc,0x03,0x4f,0xc5,0x14,0xcb,0x3f,0x91,0xb2,0xd8,0xad,0xa5,0xb0,0x20,0x06,},"\x79\x70\xf6\x66\x66\x34\x54\x8c\x84\x8b\xb5\x23\x38\x81\x7b\x26\xa4\xd0\xca\x68\xdf\x3d\x28\xaf\xff\x20\x7c\x2d\x02\x80\x67\xa1\x8e\x4c\x95\x43\x02\x5f\x5b\x02\x28\xaa\x69\x1e\x50\x88\x51\x31\x51\xa9\x44\x94\xe1\x5d\x1f\x54\x21\x03\x28\xe0\xdf\x15\x9b\x35\x2c\x30\xaa\xa7\xa8\x44\xf1\x8a\x9f\x4c\x39\x5d\xcb\xb3\xfb\x9f\xcf\xbe\xd1\x10\x3e\x07\x06\xfb\xf9\xc3\x5f\xe2\x66\x68\x48\xfa\x35\xdc\x2c\xf5\x22\x7e\xbe\xe8\x9e\x7d\x3b\xcf\xae\x27\x21\xb2\x5f\xde\xc3\xd3\x17\x4e\xa7\xce\x26\x7a\x55\xdd\x61\xd5\x82\x01\xe9\x6b\xda\x30\x3c\xf4\x18\xed\xf6\xe3\x2f\xb9\x2f\x5d\xc1\xa0\xb1"},
+{{0xb1,0x8e,0x1d,0x00,0x45,0x99,0x5e,0xc3,0xd0,0x10,0xc3,0x87,0xcc,0xfe,0xb9,0x84,0xd7,0x83,0xaf,0x8f,0xbb,0x0f,0x40,0xfa,0x7d,0xb1,0x26,0xd8,0x89,0xf6,0xda,0xdd,},{0x77,0xf4,0x8b,0x59,0xca,0xed,0xa7,0x77,0x51,0xed,0x13,0x8b,0x0e,0xc6,0x67,0xff,0x50,0xf8,0x76,0x8c,0x25,0xd4,0x83,0x09,0xa8,0xf3,0x86,0xa2,0xba,0xd1,0x87,0xfb,},{0x6b,0xd7,0x10,0xa3,0x68,0xc1,0x24,0x99,0x23,0xfc,0x7a,0x16,0x10,0x74,0x74,0x03,0x04,0x0f,0x0c,0xc3,0x08,0x15,0xa0,0x0f,0x9f,0xf5,0x48,0xa8,0x96,0xbb,0xda,0x0b,0x4e,0xb2,0xca,0x19,0xeb,0xcf,0x91,0x7f,0x0f,0x34,0x20,0x0a,0x9e,0xdb,0xad,0x39,0x01,0xb6,0x4a,0xb0,0x9c,0xc5,0xef,0x7b,0x9b,0xcc,0x3c,0x40,0xc0,0xff,0x75,0x09,},"\x91\x6c\x7d\x1d\x26\x8f\xc0\xe7\x7c\x1b\xef\x23\x84\x32\x57\x3c\x39\xbe\x57\x7b\xbe\xa0\x99\x89\x36\xad\xd2\xb5\x0a\x65\x31\x71\xce\x18\xa5\x42\xb0\xb7\xf9\x6c\x16\x91\xa3\xbe\x60\x31\x52\x28\x94\xa8\x63\x41\x83\xed\xa3\x87\x98\xa0\xc5\xd5\xd7\x9f\xbd\x01\xdd\x04\xa8\x64\x6d\x71\x87\x3b\x77\xb2\x21\x99\x8a\x81\x92\x2d\x81\x05\xf8\x92\x31\x63\x69\xd5\x22\x4c\x99\x83\x37\x2d\x23\x13\xc6\xb1\xf4\x55\x6e\xa2\x6b\xa4\x9d\x46\xe8\xb5\x61\xe0\xfc\x76\x63\x3a\xc9\x76\x6e\x68\xe2\x1f\xba\x7e\xdc\xa9\x3c\x4c\x74\x60\x37\x6d\x7f\x3a\xc2\x2f\xf3\x72\xc1\x8f\x61\x3f\x2a\xe2\xe8\x56\xaf\x40"},
+{{0x93,0x64,0x9c,0x63,0x91,0x0b,0x35,0x71,0x8e,0x48,0xc5,0x90,0xd2,0x61,0xc4,0x8e,0x4e,0xf8,0x33,0x66,0x13,0xf6,0xaa,0x07,0x7b,0x46,0x26,0x76,0xb3,0xba,0x88,0x29,},{0x06,0xa6,0x85,0x89,0x8b,0x85,0x52,0x12,0xeb,0xc2,0x89,0x91,0x5d,0x10,0x5a,0x43,0x20,0xd6,0x20,0xd8,0x57,0x71,0xb8,0xc6,0xb1,0x5b,0xf1,0x0a,0x1b,0xe6,0xe9,0xb8,},{0x62,0x74,0xf2,0xd4,0xf4,0x31,0xd5,0xaf,0xfe,0xfa,0x35,0xe7,0xcf,0x58,0x4a,0x59,0x90,0x17,0x19,0x3d,0xa9,0x90,0x94,0xca,0x90,0x8b,0x75,0xac,0xb6,0x08,0xd1,0xbf,0x98,0x18,0x57,0xbe,0x93,0xa7,0xda,0xfb,0x0f,0xad,0xb3,0xff,0x09,0x06,0xf4,0x8a,0x5e,0xe9,0x50,0x45,0x6f,0x78,0x2c,0x2d,0x60,0x5b,0x14,0x09,0x5b,0xa0,0xff,0x0f,},"\x2c\xd1\xa9\x51\x05\x6c\x9e\xba\xe1\x39\x9b\x6b\xd2\xd8\x2c\x0a\xe2\x77\x85\x62\x90\xd0\x69\x20\xac\x56\xca\xc8\xfb\x42\x43\x51\x01\xc7\x2a\xa9\xc0\x8d\xd2\xd1\x24\x26\x32\x55\x62\xc2\xf0\xa4\x9c\xd8\x21\xb1\x1b\x93\x9a\xaf\xa5\x93\xb4\x09\x5c\x02\x1b\xcb\x48\x27\xb1\x07\xb9\x66\x4d\x68\x28\x28\x88\xbc\x4a\x44\xaf\x3e\x3b\xdc\x86\x1b\xe6\xaf\x30\x90\x44\xc3\xda\xab\x57\xb7\x70\x23\xdc\x90\x2d\x47\xeb\xc3\x26\xf9\xbd\xd0\x2d\xbc\x02\xcd\x54\x0f\xf8\x1b\x2d\xdf\x7c\xf6\x79\xa4\x11\x93\xdf\xe5\xf8\xc8\xca\x1a\xae\xfc\x41\xef\x74\x02\x80\xd9\x82\x3e\x30\xa3\x54\x71\x7c\x84\x31\xf5\xd8"},
+{{0x1c,0x15,0xcb,0xeb,0x89,0x36,0x2d,0x69,0x47,0x6a,0x2a,0xa4,0xa5,0xf3,0xef,0x20,0x89,0xcf,0x87,0x28,0x63,0x49,0xe0,0xdf,0xe0,0xe7,0x2d,0x9e,0x3e,0x5a,0x66,0xc7,},{0x13,0xa8,0x82,0xa1,0x06,0x41,0x82,0x58,0x2c,0x21,0x18,0x47,0xe1,0x9b,0x4d,0xac,0x59,0x72,0x2c,0x9f,0xfd,0x34,0x82,0x6d,0x96,0xf3,0x31,0x13,0x40,0x0f,0xac,0x7a,},{0x59,0x98,0xb2,0x80,0x8a,0xdf,0xde,0xea,0xeb,0xe2,0xc3,0xea,0xc0,0x26,0xd3,0xf8,0x25,0xf9,0xc7,0xf2,0xaf,0x97,0xca,0x32,0x4f,0xbd,0x57,0xaa,0xc1,0xbe,0xdf,0xf7,0x8a,0x8e,0xe6,0x21,0xd0,0x37,0xee,0x3a,0xd2,0xa7,0x12,0xe9,0xa0,0x09,0xc5,0x8e,0xa3,0xe6,0xf2,0xa8,0x28,0xf7,0x4b,0x86,0xda,0x27,0x5a,0x44,0xa4,0xb1,0xe5,0x0b,},"\x09\x1c\x9b\x9b\x11\x6a\xe8\x3d\x23\xd0\x1a\x62\x95\x21\x17\x85\xd4\x46\xb6\x22\x8d\xd6\x87\xdd\xf7\x9b\xd0\xd5\xa4\xda\xa8\xc7\x9d\x2c\xbf\xc3\x73\x65\xf1\xf2\x85\xe3\x61\x73\x81\x23\xe3\x4e\x2b\xcb\xfc\x66\x4c\xe1\x25\x3a\x11\xd9\xe4\xa7\x98\x2e\x58\xcf\x94\x68\xe1\x01\x7e\xa1\x4d\x2c\xc6\xd0\x86\x5d\x40\xfd\xe8\xcb\x56\x02\x41\xe9\x6a\xc1\x61\x7c\x79\x1f\x0c\xa7\xc6\x41\x0c\xad\xf3\x28\x61\x1b\x18\xae\xf3\x33\xd8\x35\x0a\xc4\x97\xf0\xa4\xae\x2d\x03\xfd\xf0\xe2\x3e\x42\x6d\x34\xf4\x51\x47\x80\xd1\x47\x4e\x11\x35\x83\x54\x1f\x3c\x04\x36\x72\x05\x71\x72\x61\x8c\xb2\x05\x9e\xaa\xed\x56"},
+{{0x11,0x24,0x1f,0xfd,0xf3,0x4a,0xe8,0xab,0x87,0x54,0x75,0xe9,0x4c,0x6c,0xc3,0x29,0x1f,0x0b,0x88,0x20,0xdc,0x85,0xe2,0x0f,0x32,0xfc,0x53,0xb2,0x4a,0xe6,0x89,0x78,},{0x09,0xc0,0x45,0xe4,0xbd,0x51,0x37,0x31,0x4c,0x0e,0xc1,0xd0,0x31,0xfa,0xf9,0x14,0x91,0x0c,0x45,0xa4,0x67,0x6f,0x5a,0x3c,0xd8,0xf5,0x81,0xbc,0xcc,0xb0,0x3c,0x97,},{0x72,0xce,0x9f,0x91,0xbe,0x2e,0x66,0xcf,0xc9,0x0f,0x95,0x25,0x95,0x94,0x6f,0xfc,0x90,0xbf,0xce,0x53,0x08,0x7d,0x49,0xe5,0xdd,0x7c,0x08,0x7f,0x3f,0xaa,0x8f,0x18,0xf2,0x35,0x6d,0xe9,0x71,0xe4,0x42,0x9d,0x98,0x5a,0x99,0x19,0x4b,0x4f,0x92,0xce,0xd3,0xef,0x47,0xcd,0x71,0x14,0x37,0x9e,0x0b,0x32,0x67,0xa9,0xf8,0xb1,0xe7,0x06,},"\x3b\x89\xde\xcc\xb7\x02\x3e\x4b\x2b\x7a\xff\x2c\x39\x51\x87\x0a\xf4\x13\xa9\xb0\x4d\xd8\x6a\xc7\x8b\x7c\x8f\xd8\x87\x49\x2d\x8d\xde\x49\xd8\xfd\xa1\x49\xed\xd5\x47\x81\xae\x2b\x50\x80\x30\xd1\x44\x16\xa9\xa3\x8b\xed\x2b\x9a\xeb\xbb\xb2\x02\x50\xb3\xc9\x31\xac\xd4\xe3\x2f\xbe\xee\xc5\xa2\x65\x01\xbe\xab\x72\x68\xd1\x44\xfc\xe8\x95\x1a\x10\x1c\x4b\x51\x78\x16\x6f\xbb\x59\x27\xb1\xdf\xb1\xe1\xce\x90\xd1\xd1\x23\x06\x8e\x3f\x47\x2c\x88\x8f\xdb\x01\xfd\xf7\x0e\x7f\x8d\xe9\xb0\xad\xb2\x84\xb7\x11\x9f\x55\x35\x43\x16\xf8\x4e\xd0\x90\x03\x0f\x9c\x26\x62\x06\x1c\xa4\x84\x47\xcc\x0a\xef\x96\x41\x26"},
+{{0x3b,0xdb,0x16,0x24,0x65,0xea,0xce,0xff,0x98,0xd6,0x9c,0x86,0xf7,0x00,0x39,0xc5,0x17,0xd1,0x68,0xae,0xfe,0x6b,0xb1,0x01,0xb4,0xf7,0x69,0xa8,0x6b,0x17,0xc9,0x72,},{0xd7,0x6c,0xb7,0xbe,0x74,0x32,0x82,0x89,0xfd,0x1c,0x64,0xbe,0x74,0x7c,0xca,0x5b,0xb3,0x02,0x95,0xdf,0xac,0xcd,0x0f,0x2e,0x43,0xf5,0x17,0x03,0xfd,0x5d,0x36,0x83,},{0x6f,0x13,0x62,0xa4,0x02,0x06,0x37,0x91,0xf9,0x50,0x98,0x4f,0x54,0x49,0x28,0xe6,0x16,0xa4,0xef,0x79,0xbb,0xeb,0x68,0x54,0xe9,0x61,0x5a,0xab,0x9c,0xdb,0xae,0xc4,0x83,0xfb,0x9a,0x04,0xbf,0x22,0xde,0x5d,0x97,0xa1,0x5b,0xda,0x2d,0x39,0x04,0x83,0xc7,0xf6,0x1d,0xbe,0xe0,0x7b,0xb5,0x14,0x1f,0xc1,0x73,0xb1,0xaa,0x47,0x65,0x0d,},"\xfb\xf3\x68\xfe\xae\xba\x87\x91\x8b\x1b\x8c\x7b\x8a\x26\x83\x2b\xe6\xe7\xfc\x1c\xbd\xb8\x90\x25\x19\x28\x1a\x06\x54\xec\x73\xde\x0b\xb0\x71\x01\xa9\xd6\x03\xf7\x45\xd4\xec\x23\x57\xae\xe9\x87\x0c\xb1\x9a\x56\xcb\x44\xfb\xd9\xc9\x1f\xc3\x47\x52\x61\x2f\xbd\x83\xd6\xfc\x1a\x16\xbf\x8a\x85\xa2\x15\xd0\x14\x8e\x4a\xf3\x7d\x29\x84\x67\xe5\xcc\x48\x6b\x13\x13\x52\xce\x09\x21\x82\xce\x82\x84\x15\x9a\x38\x12\xb3\x0b\xac\xbf\xf5\x95\x86\x38\x11\xbf\x9a\x30\xa9\xda\x49\x45\x65\xc3\xac\x18\x14\x43\x00\x18\xea\x0e\xee\xd3\x9c\xdb\xca\x27\xf9\x31\x40\xe4\x69\x49\xdb\x57\x0b\xfa\x2e\xd4\xf4\x07\x3f\x88\x33"},
+{{0xd5,0xef,0xe5,0x1d,0x5c,0xd8,0xe1,0x08,0xbd,0x92,0x2f,0xc0,0xea,0x12,0x61,0x90,0xa9,0x46,0x28,0xff,0xa5,0x3c,0x43,0x3a,0x51,0x80,0x22,0x79,0x2d,0xdc,0x78,0xef,},{0x42,0x6b,0x01,0xcc,0x61,0xff,0x5e,0x0e,0x72,0x4d,0xa1,0xd3,0xb2,0x97,0xf5,0x32,0x5c,0x18,0xc6,0x2f,0x64,0xd5,0xeb,0x48,0xd4,0xa5,0x21,0x6a,0x8e,0x9a,0x40,0x73,},{0x23,0x06,0xf5,0x8f,0xcd,0x4c,0xff,0x22,0x22,0xd8,0x1b,0x05,0xa4,0x75,0x53,0x2b,0x8b,0x19,0xdc,0x67,0xe6,0xd7,0x8d,0xdb,0x42,0x05,0xa3,0xb7,0x62,0x1c,0xc5,0xae,0xf0,0xb3,0x93,0xd5,0xd2,0x4d,0xd9,0x6c,0x88,0xcc,0xbc,0x53,0xa3,0x20,0x8d,0xa3,0x23,0xbe,0x45,0x87,0xd5,0xec,0x06,0x7c,0x82,0x0f,0x07,0x23,0xaa,0x44,0xe9,0x0e,},"\x9d\x17\xbc\xfe\x2d\xfc\x74\x2f\x41\x1c\xb5\x3a\x94\xf3\x59\xc0\x01\xab\xf0\x96\xc7\x41\xf3\x4a\xf4\x86\x79\xf2\x81\xe7\xce\x6b\xbd\x9e\x87\x70\x9f\xc0\x72\x8a\x56\x3d\xb2\xb9\xcf\x8e\xa4\xfb\xdc\xc3\x44\xc1\x84\x8e\x65\x3c\xe9\x70\xc6\xce\x29\xde\x2c\xcd\x52\x03\x00\x64\x9a\xdc\xdd\xfc\x75\x39\x71\xf8\x46\xaa\xc1\xba\x42\xae\x45\x28\x95\x2d\x94\x98\x0a\xa7\xc6\xcf\xa2\x14\x29\x07\x64\x7f\x89\x4a\xe9\x74\xa7\x4d\x59\x03\x5a\x73\xef\x56\xa1\x0b\x66\x12\x62\x48\x09\x52\x01\x90\xac\xe6\x61\xc3\xa4\x70\x95\xe0\x32\x2e\xfd\x78\x1d\x50\xd1\x16\x35\x98\xf2\xda\x32\xf3\x1b\xc9\xc4\xf9\x13\xd1\xb1\x48\x61"},
+{{0x18,0xaf,0x89,0x02,0x5e,0xbf,0xa7,0x6b,0xd5,0x57,0xcf,0xb2,0xdf,0xf1,0x48,0x24,0x52,0x14,0x64,0x1f,0xd5,0xbd,0xa1,0x59,0xf7,0x3d,0xa0,0x4b,0x08,0xe8,0x7c,0x88,},{0x0c,0x58,0x44,0x59,0xb9,0xeb,0xcc,0xca,0xd5,0x87,0xb2,0x72,0x16,0x0b,0xc6,0x0b,0x27,0xf4,0xf7,0x72,0xb4,0x32,0x1d,0xe7,0x72,0x3a,0xfe,0xf5,0x77,0xed,0xc7,0xb4,},{0x26,0xbb,0x08,0x82,0x29,0x7c,0x2c,0x08,0xa7,0x52,0xd3,0x98,0x11,0x45,0xdc,0xde,0x55,0x89,0x3a,0x11,0xdf,0x77,0xf8,0xaa,0x4c,0x19,0xd0,0xb9,0xed,0x6e,0x52,0x20,0xed,0x12,0xe9,0xfa,0xc3,0xaf,0x13,0xd0,0xf0,0xc7,0x15,0x68,0xf4,0xa5,0x47,0xd3,0x01,0x14,0xa6,0x59,0x9a,0x23,0x68,0x06,0xc4,0xbe,0xee,0x67,0x65,0x28,0x44,0x08,},"\xe8\x2f\x46\x65\x2a\xb9\x14\xaf\x53\x5d\x8f\xb7\x20\xb5\x57\xac\x95\x01\x8d\x9f\x2a\x3f\xcc\xe8\x57\x71\xbb\x40\xab\x14\xcb\x9a\x98\x6e\x09\x6f\x3a\xfe\x5b\xee\x82\x9d\xfd\x8b\x97\x33\x5c\x53\x6a\xc9\x71\xa2\x16\x55\xaf\x16\xa2\xf8\xfd\xba\x18\x3a\x4e\x18\x56\x4c\x21\x49\x29\x56\x53\x7a\x41\x9a\xbb\xbb\xb0\x2a\x4b\xbd\xc0\x14\x81\xf5\xc6\xe6\x58\xec\xf3\xc3\x4f\x01\x1a\xd8\x46\xf5\xed\xcd\x49\x39\x19\x5d\xf8\x5e\x41\x30\x3f\xb9\xa8\x8f\xdf\xbd\x70\x43\x96\xf7\x55\x9a\x32\x73\x18\xb9\x52\xb3\xe6\x0c\xe8\xdd\xde\x56\x37\x85\x79\x23\x2f\xaf\x95\x0c\x78\xe7\xf0\xb1\x7c\x3b\x8d\xec\xe3\x6b\x78\x8a\x84\x73"},
+{{0x0c,0x93,0xd9,0x98,0x15,0xff,0xf8,0xfe,0x22,0xb9,0xe4,0x5a,0xa0,0x2b,0x3e,0x64,0x45,0xce,0x1d,0x6b,0xf5,0xa6,0x5d,0xce,0x3d,0xa1,0x07,0xaa,0x10,0x55,0x94,0x0e,},{0x4d,0x27,0xa4,0x7b,0x0f,0xc8,0x08,0x00,0xd8,0x4d,0x24,0x4e,0xeb,0xb1,0xde,0xb4,0x43,0x6d,0x97,0x63,0x3a,0x83,0xe6,0x71,0x25,0xad,0x52,0xea,0x01,0x68,0x50,0x57,},{0x7d,0xc4,0x46,0x7a,0xbc,0xf6,0x43,0x1a,0xdb,0x7c,0xcf,0xe8,0x68,0xea,0xc8,0xcd,0x8a,0x61,0x5a,0x0f,0xf6,0x5f,0x6a,0x9e,0x33,0x83,0x75,0xb1,0xaa,0xe3,0xc4,0x9a,0x12,0x6c,0x9e,0xba,0x79,0x42,0x6d,0x16,0x41,0xc6,0xb9,0x7c,0x3e,0x92,0xc1,0x94,0xe5,0xee,0x44,0x31,0xef,0xa2,0x43,0x9f,0xd4,0x50,0xf2,0xcd,0x01,0x8c,0x87,0x00,},"\x11\xe8\x77\xde\x58\xc1\x34\xea\xf4\xc9\xf1\xb5\x3c\x3d\xc4\x51\xd3\xc0\x55\xf1\x6b\x09\x62\x27\x25\xb2\x79\x76\x85\x12\xfe\x10\xa7\xad\xb0\x76\x5b\x68\x9e\xc2\x1d\x5b\x6e\xfa\xa1\x9f\x1b\x9d\x36\x25\x4d\xf0\xa9\x36\x7f\x44\x1b\x26\xbd\xb9\x0b\x28\xcb\xc4\x03\xe5\x07\x40\x82\xfa\x1f\xed\x58\xe1\x40\xda\xc9\x7a\xea\xf4\x83\xe2\xc1\x3f\x3c\xc5\x60\xab\xff\xab\xa0\x5b\x76\x3f\xee\xdb\x51\xe6\x06\x98\x15\x1c\xf5\x6e\xfd\xf1\xd3\x7d\x6c\xe0\x56\x44\x86\x21\x0f\x05\x2e\x93\x7f\x2e\xa2\x6f\x63\xef\xa5\xd2\x47\xff\x18\x83\x29\xbb\x1a\xa8\x3c\xe3\xf4\xf3\x5a\x3d\x7d\xec\x14\x59\x9e\x5f\xeb\x7b\x6d\x5f\xe4\x29\x6a"},
+{{0x98,0x9e,0x99,0x94,0x56,0x35,0x19,0x2c,0x02,0x3c,0xc5,0x18,0x6f,0xc2,0x5b,0xba,0xef,0x47,0x24,0x07,0x75,0xd1,0x5a,0x56,0x19,0x5d,0x88,0xcd,0x07,0xc3,0x74,0x8e,},{0xca,0x0b,0xea,0xfd,0xf7,0x31,0xd8,0x93,0x01,0xf7,0x72,0x3c,0x5b,0xb7,0xe5,0xa1,0xc3,0xff,0x3e,0xab,0x27,0xc9,0x7d,0x71,0x1b,0xcd,0x76,0xe4,0x20,0x54,0xbe,0xe4,},{0xae,0xf7,0x56,0xbf,0xb8,0xa7,0x26,0x6e,0x17,0xd1,0x5f,0x3f,0x11,0xee,0x50,0xed,0x25,0xbe,0x42,0x0e,0x95,0xa0,0x74,0x22,0x71,0xeb,0xd1,0x22,0x94,0xe2,0xcb,0x96,0xea,0xd0,0x83,0xb8,0xff,0x0b,0x82,0x9d,0x2e,0xde,0xb1,0x4d,0xa8,0x6e,0x40,0x2e,0xf2,0x5e,0x6d,0x4a,0x5a,0x79,0x58,0xc1,0x84,0xed,0x10,0xc1,0x76,0xcb,0x57,0x0b,},"\xc4\x84\x14\xf5\xc7\x57\xd0\x3c\x52\x3e\xf3\xf3\xb8\x51\x07\x71\xb0\xff\x3b\x4b\x97\xde\x27\x96\x25\xd3\x49\xec\x18\x5a\x29\x92\x7a\x66\xb9\x59\x3b\xa1\x93\x38\xc2\xf5\xe4\x13\x1f\x1a\xc0\x7e\xa4\x6d\x2c\x1b\x6e\x4a\xb5\x22\x92\x80\xb2\xe2\xbb\x9d\x14\x0d\x1e\xf7\xaf\x7b\x16\x92\xbf\x2d\x09\x7b\x80\xf8\x11\xad\xcf\xa9\x5d\x5c\xbf\x9e\xee\x92\xa1\x64\x1c\x55\x2b\x4b\xe4\xa0\xd7\x34\xf0\xaf\xd4\x70\xb9\xd7\xf4\xe4\x57\x78\x95\x1e\x21\xfc\x53\x4f\x20\x0a\x12\x8b\x96\xad\xb8\x37\x3f\x10\xce\xce\xc2\xda\xc2\x99\x6a\x06\x2f\xb3\xc2\x94\x31\x59\x65\xa9\xd5\xd7\xb0\x77\xc4\xb0\x13\xc6\x4a\x38\x42\x97\x69\xd2\x3e\xab"},
+{{0x6b,0xdb,0xbe,0x06,0xd9,0xf4,0x21,0x9e,0xea,0x64,0x03,0xa3,0x57,0xb2,0x5e,0x56,0x19,0x92,0xfa,0xe0,0xf0,0xf6,0x14,0x56,0x1d,0xd8,0x6d,0x23,0xde,0x41,0x5a,0x43,},{0xed,0x52,0xdd,0x1c,0xce,0x32,0xd9,0xb4,0x85,0xe0,0x94,0x07,0x46,0x42,0x1d,0x36,0xb9,0xfd,0xe6,0xcd,0xf0,0x21,0x15,0x45,0xb6,0x34,0x04,0x4d,0x4b,0x3c,0xb8,0xf1,},{0x95,0x02,0x06,0x60,0x5b,0x0f,0x41,0x7c,0x90,0x84,0x3e,0x2c,0x8d,0x8e,0x66,0xc8,0x28,0xbb,0x10,0xb9,0x9b,0x36,0xee,0xee,0xe8,0xca,0xf2,0xe0,0xe5,0x48,0x4d,0x93,0xfe,0x02,0xbf,0x53,0x34,0x05,0xf4,0xbb,0x74,0xa5,0x0e,0x55,0x85,0xfa,0x0d,0xae,0xf4,0x82,0x1f,0x03,0x01,0xd0,0x1b,0x46,0x32,0x1b,0xaa,0x31,0xe1,0xf0,0x8d,0x03,},"\x58\x2a\xda\x13\xd6\x92\x93\xe4\x9b\xbd\x46\x10\x32\xdf\xea\x1c\xa2\x02\x5b\x52\xe0\x13\xa3\x3a\x03\x87\xfc\xfc\x5f\x7c\x0b\x8e\xc9\x55\x98\x26\x07\xfc\x90\x1e\x1b\x7f\x63\x6a\x9d\x37\x1e\x1f\x91\xfe\x47\x6b\xdd\x44\x85\x6e\x27\x5d\x67\xef\xa1\x42\x38\x16\x43\x54\xc2\x31\x12\x4c\x84\xde\x8f\x5b\x89\xd5\xa5\x8e\xa6\x74\x4b\x4d\x3b\x3d\x79\x06\x90\x52\x33\xcc\xe6\x94\xa6\x4d\x69\x6f\x5a\x70\x24\xfc\x90\x33\xb1\xce\x39\x08\x99\xa3\xb4\x41\xa4\x8e\x53\xc7\xc9\xb3\x0b\xa1\x2e\x7d\x61\xf3\x5f\x15\xe6\x58\xc7\xcc\x44\x07\xe2\xf6\x89\xea\x8a\x55\xd0\x1b\xf5\xdb\xac\xb1\x19\x54\x75\x4f\x92\x0f\x09\xdb\xd4\x84\x09\xbb\xb5"},
+{{0xd7,0x61,0xc8,0xc5,0xa9,0x60,0x1b,0x91,0x45,0xb7,0xd0,0x51,0x24,0x9b,0x00,0x41,0x07,0xe4,0x52,0xe5,0x63,0x10,0x0c,0x6c,0x78,0x80,0x38,0xc9,0xee,0x8a,0xda,0xd7,},{0xe6,0x48,0x87,0x75,0xd6,0x40,0x7e,0xfc,0x7b,0x2b,0xca,0x89,0x0a,0x7f,0xc6,0x22,0x66,0xfc,0x54,0xcd,0xac,0x89,0x33,0x43,0xb4,0xf5,0x9a,0x19,0x6d,0x94,0x88,0x98,},{0x7a,0xb7,0x8b,0x64,0xe6,0xdb,0x35,0x9a,0x2d,0xc8,0x30,0x2e,0x10,0x92,0xed,0x66,0xfa,0x73,0x6b,0x53,0x62,0x53,0xa1,0xcd,0x90,0xfd,0xb8,0xc1,0x0e,0xfd,0x78,0x30,0x02,0x25,0xe1,0x91,0x96,0x35,0x99,0xba,0x54,0x9c,0xc8,0x59,0x20,0x9d,0xf0,0xff,0x61,0xcd,0x06,0x9b,0x03,0xd2,0x54,0xe6,0xe7,0xd7,0x6c,0x79,0x84,0x40,0xf9,0x07,},"\x84\xea\xd5\xea\xbd\x2f\xd4\xb7\xc7\x9a\x9a\x92\x8a\xb8\xee\x0a\x16\xa5\xfd\x66\x7a\x05\x7f\x8a\x25\x46\x63\xd5\x6d\xaa\xe1\x56\xd1\xa4\x9a\xff\xb2\x99\x61\x37\xb9\xd8\xb3\x40\xe6\x35\x73\x2f\x9d\x2b\x4c\x60\x21\x84\x42\x54\x1e\x72\xd2\xb0\x0e\x1e\xe7\xa7\x3c\x3f\x67\xca\xa4\x99\xfa\x9d\x07\x0b\x57\xd0\x76\xdc\xde\x96\xb0\x76\x47\x23\xc3\xc6\x59\xc7\xa0\x0c\x1b\x78\xb1\x5c\xcc\x22\x23\x89\x0b\x51\x06\x7f\xc8\x1e\x23\xe9\x45\x8a\xb0\x68\x3b\xa6\x26\xa5\x3d\x0c\x37\x93\xa5\x8a\x98\x57\xbb\x44\xb3\xbd\x85\xbb\x6c\xe5\x3a\x85\x69\x4e\x7f\x53\xcc\x1b\xd4\x6d\x50\xed\xa3\x7d\x81\xf5\x38\x1b\x51\x3d\x1f\x38\x33\x9d\x29\x1b"},
+{{0xc5,0xe0,0xc7,0xa7,0xbb,0x8b,0x7c,0xa0,0x7b,0xf0,0xa0,0x5e,0xa6,0x7e,0xff,0x6d,0xee,0xbf,0xe3,0x71,0x4e,0xe3,0xe1,0xa2,0x27,0xf4,0xdc,0x8e,0x24,0x2a,0x2f,0xa0,},{0x51,0x35,0xef,0xcd,0x90,0x52,0xbe,0xc5,0x7a,0x44,0x31,0xca,0xab,0xe8,0x26,0x80,0xee,0xc0,0xa3,0x3a,0xfd,0x59,0xb3,0x02,0x03,0xb2,0x80,0xba,0x12,0xbe,0x48,0x5c,},{0x2e,0x7f,0xde,0xb3,0x48,0x4d,0x0a,0x5e,0x8d,0xce,0x94,0x44,0x89,0x79,0x49,0x6b,0x06,0x42,0xca,0xbc,0x37,0x33,0xa5,0x1f,0x8c,0x3c,0x5c,0x51,0xc1,0x9a,0xe3,0x19,0x01,0x8d,0xa9,0x10,0x91,0xc2,0x38,0x5f,0x2f,0x4e,0x9a,0x59,0xed,0xbc,0xa2,0xab,0xd0,0xd0,0x85,0xee,0x40,0xd3,0xf0,0xd4,0x20,0x61,0xa5,0xa9,0x83,0x2a,0x37,0x0c,},"\x37\x70\xa6\x78\x66\x52\xc4\xb7\x8a\x04\x3e\xdc\xe0\x7f\x3e\x20\x4d\x81\x99\x7c\x42\xaf\xc2\x23\x31\xf7\x5a\x54\x94\xa8\x26\xd7\xcb\x69\xab\x43\x14\xa4\x73\x72\x10\x58\xa1\x83\x99\x81\xd5\xb7\x02\x2d\x0c\xd8\x67\x03\x77\xda\xf3\x32\x04\x76\xd2\x5b\x9f\x55\x95\x61\xd6\x6e\xe0\xa7\x09\xfe\x17\x36\x1e\x2a\x52\x89\x8f\x57\x53\xc4\xfb\x43\xbd\x0c\x98\xb3\x68\xf5\x12\xad\xc0\x9c\xd9\x27\xc6\x62\x26\x76\x92\x6d\x8c\x2d\x91\xa1\x4a\xca\x32\xf2\x26\xf7\x00\x36\xc1\xc8\x58\xbc\xff\xc2\xb5\x9f\x54\xc1\xc3\x7b\xf8\x1e\xb5\x2e\xcb\x3f\x00\xda\x60\x2c\x94\x36\x1b\x52\xa5\xaf\xdd\xbf\xd7\xe0\x50\x36\xe3\x77\x50\x30\x50\x33\x3b\xe5\x12"},
+{{0x11,0xbb,0x47,0x48,0xd2,0x54,0x7e,0x61,0x96,0xbe,0x82,0x3c,0x9b,0xe7,0xaa,0x18,0x15,0x0c,0x20,0x4b,0x12,0xca,0x8d,0x73,0xc1,0xbd,0x46,0xb1,0x1a,0x54,0xb4,0x75,},{0xef,0xeb,0x42,0xda,0x28,0xd7,0x64,0x96,0x64,0x03,0xdd,0x30,0x0d,0x9f,0x94,0x51,0xb2,0x58,0xab,0x1c,0x80,0xdf,0x06,0xfe,0x59,0x43,0x15,0x3f,0x53,0x01,0xcc,0xcb,},{0x44,0xc5,0x8d,0xa4,0x9d,0x23,0x65,0xd2,0x70,0x29,0xd1,0xee,0xbb,0x3b,0xeb,0xf7,0xc0,0x32,0xd8,0x58,0xaa,0x07,0xe0,0x75,0x6b,0x1c,0x26,0xa5,0x41,0x2d,0x22,0x69,0x11,0x76,0x03,0x13,0x41,0xad,0x37,0xd7,0xbb,0x78,0x43,0x28,0x9e,0xb3,0x9d,0xb4,0x91,0x58,0x4c,0x1b,0x2a,0x1d,0xa2,0xe4,0xa2,0x64,0x9c,0x22,0x93,0x82,0x66,0x06,},"\xf4\xb7\x65\xb2\x58\xba\x35\xb4\x27\x52\x5c\x7f\x10\xa4\x6f\x0b\xcc\xd3\x57\xec\x1a\xd5\x2a\x5b\x13\x94\x17\xa9\xd3\x89\x4c\x51\x2d\x89\xeb\x88\xe6\x81\xb1\xf3\x0a\xac\x4c\x11\x5c\xcf\x36\x54\x5e\x83\xf3\x78\x34\xc8\x2e\x83\x00\xcc\x1e\xb2\x89\xaf\x43\x75\x96\x8c\x29\xc0\xff\xef\xb4\x0e\x15\x6c\x20\xc0\x43\x26\x69\xac\x8d\xc0\xa8\x3c\x13\xb1\xe8\x55\xa8\x4a\xd0\x13\x3c\x40\xc8\x2c\x87\xee\x1e\x7d\xd4\x08\x4d\x74\x1c\x80\xde\x8a\x7a\x9f\x77\x59\xe8\x43\xa5\x62\x09\x9c\x4d\x7d\xf8\x75\x35\x20\x39\xff\x4d\x38\x24\x65\x13\x86\xc9\x77\x59\xff\x7d\xba\x52\x06\x4e\x6d\x31\x12\xe0\x80\x81\x9a\xee\x8c\xe7\x23\xa1\xa2\xaa\x46\x4d\x8a"},
+{{0x74,0x52,0xa0,0x01,0x56,0xd7,0x94,0xed,0xeb,0xff,0x4a,0xdb,0x1f,0x7a,0x7e,0xec,0x26,0x21,0x7f,0xef,0x67,0xc3,0xd2,0x68,0x35,0x2b,0x2b,0x54,0x60,0xa7,0xdc,0x25,},{0x5f,0x4d,0xc3,0x38,0xcf,0xbd,0x38,0x4b,0x5f,0x1c,0x14,0xc2,0x26,0x70,0x14,0x46,0xb5,0x2b,0x1e,0x3e,0x2a,0x3c,0xba,0x1a,0x40,0xee,0x28,0x25,0x08,0x0d,0x1d,0xe6,},{0xa8,0xf9,0xfa,0x24,0xa3,0xde,0xa1,0x02,0x2e,0x73,0xf0,0xd8,0x8b,0x1c,0x37,0xd0,0x6d,0x0f,0x0b,0x20,0xbb,0xff,0x0e,0xcd,0xb4,0xa4,0x0c,0x86,0xd7,0xe4,0x75,0x61,0x7c,0x03,0x57,0x0a,0x74,0x19,0xd7,0x4b,0xa0,0xf1,0x32,0x70,0x96,0xbf,0x19,0xf0,0xd0,0xcf,0x9f,0x51,0xd4,0x83,0x11,0x2f,0x26,0x92,0x23,0x78,0x68,0x2f,0x48,0x07,},"\x8c\x4e\xe2\x86\x76\x56\xe3\x3f\x52\x69\x41\x4d\x77\xb4\x2d\x8e\x47\x50\xdb\xa9\x3c\x41\x8b\xac\xca\x10\x93\x8c\xc3\xb5\x70\xc6\x60\x3d\x52\xc2\x34\x44\x88\x60\x7b\x2f\x93\x4f\x6d\x26\x9f\xcb\x2a\xd9\x66\x21\x9b\x1a\xb1\x14\x72\xf4\x2c\x67\x2c\xe2\x05\x92\x49\x0e\xc5\xba\xf6\xa2\xd2\xfc\x8a\x3e\xe3\x53\x74\xb1\x90\x2f\xde\xfc\x78\x70\xb1\xb6\x26\xfa\x46\xb1\x2b\x6c\xee\x24\x1f\x60\x1a\x9b\x3f\xe4\xc5\x08\x12\xe5\x73\xe6\x75\x2c\xe2\xc7\x64\x4e\x33\x67\xa6\xa6\xb7\x77\x58\xd8\xe4\x93\x4b\x58\xaf\x23\xab\xae\x8f\xec\xac\x25\xed\xd7\x34\x03\x0e\xe7\xcf\x39\x90\x7e\x3e\xed\x81\x86\xa1\x9a\x80\x71\x03\xa9\xfc\x49\xd3\x8f\x4c\x84\x60"},
+{{0x88,0x0e,0xf1,0x06,0x73,0x3f,0x04,0xe7,0x61,0x95,0xeb,0xa2,0x80,0xb3,0xfa,0xdd,0xa0,0xf2,0x5d,0xcf,0x96,0xa6,0xa9,0x9c,0x8c,0xcf,0x84,0x2c,0x68,0xaf,0xda,0xe5,},{0x70,0xce,0xe3,0x3d,0x41,0xc7,0x28,0xce,0x7b,0x14,0x19,0x31,0xe6,0xe8,0x52,0x45,0x67,0xd7,0x60,0x1e,0xb7,0x9f,0x67,0xfd,0xcd,0x07,0xb9,0xd6,0x82,0xc6,0x50,0xf0,},{0xff,0x6c,0xae,0xdd,0x8a,0x46,0x8a,0xa0,0x7d,0x4c,0x6e,0x71,0x31,0xbb,0xda,0x76,0x18,0x2b,0xa9,0x58,0x64,0x93,0x76,0xe7,0x11,0xf4,0x4c,0x7b,0xba,0xcb,0xa6,0x07,0x7b,0xea,0x87,0x8b,0xa5,0x94,0x9c,0xde,0xee,0xf0,0x5c,0xfd,0x49,0x83,0xb0,0x05,0x7d,0x27,0x5e,0xa3,0xe1,0x8c,0x32,0x65,0x94,0x68,0xc3,0x0c,0x47,0xac,0x8f,0x0b,},"\xf4\xf3\x8d\x07\x7f\x2b\x03\xda\x82\x1b\xd3\x6f\xde\x67\x3d\x66\x6e\x52\xf4\x83\x2e\x1c\x0d\xcf\xee\xf0\x49\x32\x8a\xcb\x7b\xd7\x1a\xd2\xbf\xc4\x9c\x12\x35\x16\xe1\x96\xc4\x70\xdf\x08\x47\xb3\x84\x8a\x45\xa2\xc6\x9b\xea\x03\xe2\xaf\xa7\xe5\x82\x05\xb6\x3b\x52\x38\x14\xfc\x8e\x24\x2f\x05\x9c\x69\xff\x7e\x40\xf9\x7b\xe8\x12\x5b\x70\xa5\x4f\xda\xf3\x5a\xea\xfa\xc7\x91\x14\xa7\xb4\x19\xe6\xbb\x9e\x70\xbf\x07\xad\xb5\x59\x81\x96\x00\xdc\x25\xe5\x1b\x4b\x70\x0d\x27\xca\x54\x72\xa0\xe7\xcb\xbf\xd1\x4e\x09\x9f\xaa\x3a\x72\x00\x2d\xa5\x38\xcb\xe4\x5d\x62\x1e\xf0\xd5\x25\x2b\xa2\x9d\x83\xf8\xb3\xec\x83\x89\xc9\xce\xb6\xc6\xb2\xe8\xd8\xa2\x0f"},
+{{0xa2,0xd8,0x8f,0x37,0xec,0xc2,0xb2,0xc0,0x5d,0xd6,0xcb,0x31,0x59,0x96,0x2c,0x5f,0x64,0x6a,0x98,0x15,0xb2,0xfb,0x37,0x79,0x1f,0xc7,0xb6,0x06,0xe2,0x91,0x3e,0xd5,},{0x58,0xdd,0x67,0xd7,0xa1,0x5d,0x4c,0xa0,0x34,0x1a,0x4c,0x86,0x95,0x66,0xca,0xd8,0xc4,0xee,0x16,0xe5,0x83,0xa1,0x0b,0x48,0x24,0x17,0x3b,0x08,0x29,0x0d,0x92,0xd1,},{0xcc,0xf2,0x40,0x0c,0xd6,0x73,0xe1,0xef,0xfd,0x20,0x16,0x1d,0x7b,0x68,0xa5,0xfb,0x87,0xc1,0xe9,0x9d,0x36,0x35,0xd7,0x8c,0x2d,0xa1,0xb5,0x09,0xfa,0xc3,0x33,0x46,0xc0,0x69,0x16,0x3a,0x6c,0x46,0xc7,0x82,0x6a,0x48,0xbb,0xbd,0x03,0xb0,0x5e,0x6e,0x23,0x51,0xfa,0x62,0xbf,0x89,0xbf,0x7c,0xcf,0x9a,0x90,0x24,0xbd,0x15,0x7d,0x07,},"\xd1\xb8\x7e\x9e\x88\x6d\xfb\xbd\xc8\xca\x8a\xb9\x01\x0e\xcf\x9b\xba\xf2\x3f\x72\xab\x3c\xbe\x76\x9d\xb1\xd4\x3c\x2a\x47\x4a\x81\x65\x1c\x46\x4e\x9f\xb9\x27\x34\x63\x46\x41\xc9\x48\x5a\x02\x39\xb3\x11\x07\x71\xe7\xf7\x5e\x05\x25\x2e\x4d\x8f\x4c\x0a\xa1\xba\x08\x62\x6d\x7e\x96\x31\x7c\x20\xac\xde\x2a\xd9\x9b\x23\xbd\xad\xfd\x6f\x17\x46\x8e\xb4\x02\xec\x5e\xef\xa5\x7b\x47\xca\xf9\x72\xb3\xdd\x21\xd8\x9f\x0e\x29\x89\xff\x87\xd5\x1e\xd2\xe2\xd6\x39\xc1\x64\x4e\x69\x8c\xbe\x02\x21\xb8\xe1\x79\xf3\xcf\xb0\x4a\x20\xcb\x24\x70\x21\x6a\x68\x82\xfb\x4f\xf7\x99\xe1\x15\x36\xcf\x64\x21\x9f\x0c\x07\x51\x76\xbc\x7c\xf0\xf6\xc5\xb7\x92\x5f\xcd\x61\x55"},
+{{0x42,0xaa,0xfd,0x0a,0xe2,0x6d,0xf1,0xe7,0xaa,0x02,0x76,0x86,0x0d,0x75,0x27,0x83,0xaf,0x97,0x28,0x04,0x39,0xbb,0x23,0xea,0xe4,0x6e,0x3f,0x84,0xca,0xac,0x78,0xde,},{0xda,0xa2,0x35,0x0a,0xdb,0x55,0xdb,0xa9,0xdf,0x7d,0x7a,0xf5,0x10,0x19,0x98,0xfe,0x51,0x5d,0x31,0x1c,0x3c,0xba,0x3e,0xea,0xb9,0x13,0x82,0x33,0x19,0x0c,0x3b,0x4e,},{0x11,0x61,0x43,0x65,0x0b,0x6c,0x13,0x3d,0x61,0x78,0x59,0xdb,0x24,0x29,0xc2,0x91,0x35,0x79,0x79,0x0b,0x21,0x97,0xd7,0xb7,0xb1,0xb4,0x96,0x2b,0x32,0x87,0x21,0x03,0x2c,0xee,0xca,0x58,0xb2,0xd5,0x64,0x39,0xe2,0x33,0xbb,0x84,0xdc,0x52,0x5e,0x28,0x4f,0xf8,0xdf,0x2b,0xde,0x1d,0xb4,0x98,0x6f,0xaf,0xd2,0x1b,0x3d,0x7d,0x6a,0x0a,},"\x72\x13\x1b\x80\xad\x59\x9b\x6f\x5f\xf6\x98\x54\x7d\x16\xe7\x49\x9d\x71\x27\x5e\x4e\x9b\x30\x52\x6a\x5a\xac\x0b\x0c\x8b\x14\xfa\x4a\x54\x0c\xfb\x11\x45\xfc\x00\x44\x18\xbc\xd3\x18\xc1\xa7\x0e\x62\x69\xa3\xfb\x69\xba\xed\x86\xf3\x63\xf5\xb8\xf9\x7f\x56\x9c\x20\xd4\xf4\x99\x0e\x7b\xb4\xd0\xc3\x99\x21\x26\x8d\x63\x6e\xd0\x55\x4b\xd6\x2a\xcf\xca\xcd\x3b\x8e\x03\x02\x17\xaa\xfa\xc3\x04\x4c\x03\x7e\x0f\x94\xda\x18\xc6\xb9\xa0\x93\x2c\x3c\x58\x75\xd3\xa9\x3f\xbd\xad\xcf\x67\x96\x4e\xec\x9e\xc2\xbe\x69\xb4\x8f\x02\x0f\x6c\x98\x74\xde\x5f\x8a\x51\x67\xb5\xee\x02\x4a\x2c\x2e\xfd\x0c\xdc\xd2\xac\xd8\xc1\xf7\x87\x81\x41\x41\xe3\x0b\x38\xb1\x63\x17\x5b"},
+{{0xb6,0x9c,0x33,0xb1,0x1b,0xa6,0x78,0x41,0xc3,0xd4,0xe6,0xf9,0x23,0x4e,0x35,0x37,0x0a,0x28,0xb4,0x76,0x62,0xac,0x56,0x0b,0x27,0xc0,0x78,0xb6,0x6a,0xb1,0xb0,0x21,},{0x9d,0xf6,0x8e,0x9a,0xcf,0x67,0x37,0x92,0x61,0x74,0x4d,0xb5,0xd1,0xe3,0x77,0x89,0x2f,0x2b,0x69,0x2e,0xd5,0xa3,0x8b,0x37,0x07,0x3c,0x04,0xde,0x5d,0x22,0x67,0x37,},{0x24,0x36,0x8f,0xee,0x5b,0xd8,0x48,0xb4,0xc6,0x61,0xa3,0xbe,0x4f,0x31,0x0c,0xfc,0x43,0x6e,0x79,0xec,0x4a,0x78,0x50,0x1b,0x81,0x09,0x5f,0xe5,0x16,0x14,0x23,0x1b,0x6c,0xa1,0xab,0x12,0x69,0x99,0x6a,0xd2,0xe9,0x8e,0x29,0x97,0x81,0xaf,0x8e,0x29,0x80,0x4b,0x24,0xfe,0x56,0x79,0xca,0x3b,0xa6,0x50,0xc5,0xc4,0xcc,0x58,0xce,0x01,},"\xf9\xea\x12\x6d\x3a\xb2\x19\x61\xaa\x24\x33\x90\x0a\x39\x82\xb8\x3e\x0e\xf8\x6d\x52\xd1\x34\x40\xaf\xa4\x81\x7f\x9b\x82\x2f\xb5\x82\xcc\x39\x32\xbf\x45\x0d\x46\x77\xc9\x18\x81\x81\xfe\x75\x26\xad\x6f\xe5\xab\xc6\x1d\x0a\xe7\x59\xf2\x15\x01\x3c\x0b\x2b\x41\x06\x4c\xb6\x27\x8b\xa7\xe3\x9e\x2f\x4c\x10\xd6\xcc\x96\x05\xb3\x86\x9e\x16\x9d\x7d\xa4\x2e\x88\xeb\x85\x78\x70\xfe\x61\x18\xbb\x02\xbc\x08\xc8\x05\x5f\x0c\x18\x9b\x62\xf7\x9f\xb1\x46\xb4\xc5\x43\xaa\x30\xcc\x0c\xd5\x7f\x03\x7e\x9e\xf7\xa6\x37\x11\xf6\x6e\x6f\x28\x78\x93\x17\x02\x20\x27\x02\x61\x42\x77\xd5\x13\xf0\x85\x0b\x75\x85\x49\x33\x6b\x30\xcf\x40\xab\x8b\xd4\x60\xe6\x0e\x12\xde\xed\x04"},
+{{0x7b,0x63,0x61,0x3f,0x6d,0xae,0x01,0xcd,0xcd,0x5e,0x6b,0x37,0x68,0x69,0x71,0xcd,0x8d,0x8a,0x99,0x54,0x2f,0x63,0x29,0xa1,0x28,0x54,0xa9,0xd8,0xff,0x81,0x05,0xac,},{0x72,0xec,0x43,0xfa,0xf3,0x4d,0x87,0x30,0x17,0x7d,0x1f,0x07,0x43,0xc7,0x4c,0x20,0xbf,0x72,0xc2,0x39,0x4b,0x8a,0x7d,0x47,0x1f,0xfe,0x2a,0x04,0xab,0x00,0x81,0x1c,},{0x76,0xf5,0x0b,0x2b,0x9c,0x2a,0xd9,0x7b,0xfb,0x94,0x99,0xee,0x41,0x92,0x8a,0xc0,0x72,0xda,0x5e,0x8b,0xc7,0x1d,0x02,0x12,0x55,0x09,0x42,0x33,0x2b,0x62,0xe7,0x0c,0x8b,0xfe,0x1c,0x72,0x25,0x42,0x39,0x46,0x88,0xde,0xcd,0x91,0x7a,0xec,0x8f,0x95,0x35,0x3e,0x1d,0x72,0x62,0x4b,0x70,0xeb,0xed,0x5d,0x17,0xf6,0xc5,0x49,0x77,0x02,},"\x18\x16\x48\x8f\x1f\xc8\x3e\x1e\xd5\x91\x16\x37\xdd\x42\xba\x20\x77\x65\x7d\xfe\x1a\xe4\x22\xad\x0a\xee\x59\xdf\x9d\xd5\x6a\x27\x63\xc2\xdd\x0e\xf6\x1a\x12\xbb\x82\x5b\x0d\xac\x1e\xda\x5f\xbb\x69\x1c\x5e\xd5\x8f\x3f\xb3\x25\x05\x0b\x45\x63\xa4\x04\x20\x99\x98\x2f\xff\xa5\xd6\xed\x74\x2d\x95\x82\x3d\xa8\xe1\x78\x7c\xf7\x46\xef\x63\xb3\xfb\xb0\xe8\x8a\x6c\x0b\xea\xe4\xf7\x31\x83\x66\x93\x6b\x49\x17\xf5\x07\x33\x60\x68\xb1\x94\x68\x09\x00\xa7\xbf\x4a\x6f\xb6\x9a\x5c\x38\x7b\x97\xe3\x1b\xc7\xf9\xbe\x53\xc2\xa8\x9e\x36\x51\xce\x1d\xe4\x1b\x10\xe9\x21\xb2\x06\xeb\xf3\x2e\x56\x21\xef\x80\x81\x61\x6d\xcd\x7a\x20\x59\x43\x7e\xfa\xd0\x14\xbb\x8e\x2c\x82\x21"},
+{{0x35,0x58,0xd3,0xa7,0x43,0x95,0xbd,0xcb,0xa5,0x60,0xe2,0xc4,0x5a,0x91,0x96,0x0c,0xec,0x6c,0xb3,0xed,0xbc,0xd3,0x0e,0x72,0x2f,0x7f,0x05,0x52,0x10,0xf3,0x7b,0x51,},{0x53,0x4f,0x43,0xeb,0xa4,0x03,0xa8,0x4f,0x25,0x96,0x7c,0x15,0x2d,0x93,0xa0,0x17,0x5e,0xc8,0x29,0x3e,0x6f,0x43,0x75,0x31,0x9e,0xad,0xf9,0x57,0x40,0x1f,0xbb,0xd2,},{0xb3,0x65,0xb5,0x56,0x1a,0x13,0xa5,0x45,0x17,0xcf,0x90,0xd8,0x8b,0x35,0xeb,0x09,0x67,0xd6,0xd5,0x84,0x14,0xb8,0xc1,0x54,0x7e,0x69,0x31,0x59,0xe0,0x13,0x78,0x56,0x36,0x54,0xc5,0x0f,0xb4,0x23,0x23,0xf0,0x9d,0xd7,0x8f,0xfe,0x28,0x05,0x6d,0xdf,0xa5,0x4f,0xeb,0xf4,0x48,0x91,0xe8,0xa7,0x41,0xb6,0xa1,0x68,0x7d,0x72,0x86,0x05,},"\xbe\x75\x44\x4f\x9c\xe6\xbe\x1d\x83\xaf\x62\x2a\x8c\x47\x8d\x51\x01\x27\xdb\x56\xf1\xde\x6e\xb8\xa5\x12\x65\x22\xb0\x9f\xdc\x6c\xa0\x86\x2c\xec\x0b\x8b\x2a\xaf\xa3\x1c\x17\xa2\xcc\x47\x7d\xa5\x33\xd2\x76\xa1\xae\x4f\x8e\x07\x59\xd6\xaf\xa0\xb1\x74\x11\xb5\x17\x0b\x52\xf2\x05\x47\xc7\x2f\x3e\x88\xd4\x8c\xb4\x56\xfe\x62\x5b\x62\xfe\xb0\xf8\x13\x17\xed\xf1\xec\x09\xec\xe5\x34\xb9\xf5\x00\xd4\xe1\xb1\xbd\xa2\xdb\x21\x98\x2a\xa9\x50\x94\x22\x6e\xe9\xf5\xb0\xa6\x5d\xa8\x3f\x91\x12\x1c\x96\xb3\xb4\x01\x0a\xe7\x82\x6c\x9e\x80\x63\x6c\xba\x00\xf7\x0c\x3c\x8a\x27\x9b\x01\xb9\x52\x94\xcb\x85\x0f\x91\x70\x9f\x43\x76\x66\x2a\x58\x0b\x15\xac\x29\x81\xaf\xe9\xf8\x54"},
+{{0xa3,0x5b,0x92,0xf2,0x44,0x06,0x3a,0x19,0xbb,0x5e,0x3e,0xd4,0xd6,0x99,0xed,0x20,0x69,0x60,0x71,0x16,0xd2,0xbd,0x08,0x11,0x3f,0x0d,0x83,0x73,0x61,0x3f,0x35,0xb7,},{0x7e,0xc9,0x36,0x01,0x86,0x4e,0xe4,0x99,0x5a,0x4f,0x7a,0xbc,0xd3,0xdf,0xc1,0x01,0xe9,0xe7,0xf3,0x69,0xe6,0x3d,0xe1,0xae,0x68,0xa0,0x7a,0xa7,0xf0,0x75,0xb3,0x29,},{0xa2,0x3d,0xbe,0x37,0x57,0xe4,0x78,0xdb,0xc8,0x4d,0x3d,0xb3,0xa9,0x33,0xb0,0x42,0x8c,0xed,0xb6,0xb0,0x1b,0x86,0xd8,0xd7,0x3f,0x39,0x59,0x87,0x8d,0xae,0x6f,0x05,0x88,0xf5,0x05,0xcd,0x4d,0x39,0xf2,0xab,0x46,0x77,0xb6,0x48,0x05,0xd6,0x29,0x65,0x2a,0x22,0x52,0x98,0x25,0xc3,0xa9,0x1d,0x04,0x37,0x49,0xfc,0x71,0xf0,0x37,0x06,},"\x65\xcd\x36\xda\xe0\x16\x8d\x69\x97\x4f\x95\xf0\x9d\xd9\xa5\x9d\xb7\x99\xf9\x11\xe1\xa1\x5b\x85\xa0\x08\x93\xb8\xc9\xa3\xd4\x8a\x2f\x58\xac\x12\x6b\xfa\xa0\xa6\x06\xc0\x5d\x94\x70\x1d\x27\x3a\xbf\x7d\x68\x81\x7f\x2c\x71\xb1\xc5\x41\x79\x5c\x4f\x60\x95\xe2\x6c\x9d\xff\x80\x3f\x03\x2f\x75\x66\x3f\xd1\x69\x8e\xdd\x97\xff\x3a\x0e\x72\xe1\xb7\xc9\x94\x8b\x08\xba\xcb\x5f\x7d\xe5\x02\xb2\xfe\xa6\x7c\xa2\xfe\xf1\x90\xd6\x0e\xae\x92\xd1\x51\x58\xda\x44\x4a\x49\xd2\xe9\xd5\xa5\x73\xe8\xe1\x77\xe8\xbb\xf7\xe6\xc4\x9f\x90\x71\x36\xe7\x1d\x2a\x66\xcb\x07\x63\x6d\x48\x76\x8f\xf4\x17\xc8\xbe\xcc\xf4\x32\x31\x81\xfe\xfb\x31\x24\xe4\x34\x04\x9e\xa4\x5d\xd5\x01\x9e\x40\xb4"},
+{{0x72,0xd4,0xa5,0x64,0xca,0x15,0x49,0x9b,0x5e,0x4e,0x75,0xd8,0xac,0x0f,0x28,0x21,0x7d,0x32,0x11,0x4a,0x0c,0x64,0x9a,0x7c,0x8e,0xaa,0xdd,0x0c,0xc7,0x8c,0x52,0x0b,},{0xc7,0x66,0xbd,0x73,0x83,0x7c,0x4f,0xaa,0x52,0x15,0x50,0x2f,0x1e,0xfc,0x90,0xc0,0x03,0xf7,0x11,0xbb,0xef,0x55,0x17,0x00,0x91,0x02,0x8a,0x34,0x49,0x34,0x08,0xa9,},{0x8f,0xc4,0xf1,0x79,0x33,0x0b,0x64,0x2d,0xd8,0x6c,0xa9,0x36,0x26,0x51,0xb8,0x3b,0x00,0x6d,0x83,0x75,0xcc,0xef,0x81,0x1d,0x3c,0x67,0x06,0xf9,0x15,0x94,0x65,0x1d,0xf2,0x76,0x99,0x53,0x72,0x30,0x46,0xcc,0xb9,0xbf,0xe6,0x6a,0x66,0x7e,0x0d,0x11,0xfc,0x3e,0xa2,0xd8,0x22,0x62,0x34,0xfd,0xd5,0x16,0x47,0x65,0x26,0x0f,0x7b,0x05,},"\x6c\x7e\x7b\x62\xeb\x24\x4a\x45\xd7\x84\x36\xe2\x97\x0d\xcd\x6c\x0f\x7d\xb8\x22\x97\xa8\x61\x40\xea\x58\xdd\x22\xc2\x19\x5a\xdb\xc9\x56\xd4\xc4\xec\x05\x35\x4b\x21\xef\xe2\x4c\xfc\xfe\x10\xe1\x76\x22\x36\x88\x48\x18\x0d\x2c\x46\x80\xcc\x21\x5e\x8c\xee\xa6\xcc\xe2\x22\x16\x1f\x1e\x09\x22\x39\x25\x3b\x97\x46\xf7\x88\x7d\xf2\x42\x5a\xb5\xa8\x80\xbd\xba\x98\x15\x3b\xe7\x86\xdc\x83\x8c\xbe\xca\x01\x6b\x1d\x06\x52\x4b\xd6\xbf\xba\x80\x9a\x8b\xb3\x7a\xda\xb1\x5d\x42\x41\x5f\x86\xec\x03\x58\x36\x5e\xa8\x7b\x81\x50\xb0\x54\x41\xd9\xd4\x98\x46\x87\x14\x85\xca\xae\x6d\xe3\x59\x73\x6c\x27\x18\x97\x36\xd8\xf1\x76\x5f\x3e\x5c\x5f\x6b\x92\x16\x83\x96\x39\x0b\xee\x94\xcf\xbd"},
+{{0x2e,0x5a,0xaa,0xb2,0x98,0xe6,0x6c,0x2d,0xc1,0xd7,0x7e,0xa7,0x42,0x1f,0xf8,0x95,0x25,0x5f,0x9d,0x90,0x0d,0xb0,0x45,0x0d,0x63,0xf9,0xf7,0x9c,0x1a,0x70,0x13,0xcf,},{0x03,0x81,0xf3,0xf1,0x90,0x45,0x71,0x9b,0x9e,0x8c,0xeb,0x56,0x2f,0x0e,0x96,0x5d,0xc0,0x7b,0x09,0xf3,0x71,0xa9,0x63,0xa2,0x81,0xc7,0x49,0xc2,0x53,0x2f,0x65,0x4a,},{0x7c,0x74,0x30,0x30,0x5b,0x36,0x1a,0x9e,0x35,0xb2,0x78,0x0c,0x4d,0x44,0x08,0x07,0x1b,0x21,0x30,0x93,0x1d,0x39,0x83,0x0e,0xc8,0xd3,0x13,0xaa,0xfb,0xc8,0x3a,0x65,0xda,0xe1,0x9c,0xb7,0x47,0xd9,0xd1,0xc4,0xce,0x3f,0x35,0x9c,0xc8,0x24,0xea,0x8c,0x92,0xf6,0x6a,0x42,0xb8,0x61,0x4e,0x78,0x48,0xb8,0x84,0xac,0x8a,0xa4,0xae,0x02,},"\x3d\xf0\xe5\x4c\x71\x1e\x31\x32\xd7\xae\x95\x3d\xeb\x7b\x66\x86\x9e\xe5\x31\xee\x40\xb6\x3c\xe6\x93\x20\x6c\xdb\x2f\x4b\xda\x0a\x25\x69\xe9\x13\xac\x3e\x65\x32\xc5\xd9\x64\x8e\xfd\x46\x27\x78\x0f\xb8\xa3\x1d\x10\x7e\x03\x3f\x05\x4d\x19\xed\x8b\x7c\x49\xdc\x40\x7d\x2e\x94\x9d\xe2\x5f\x99\x30\x72\x21\xd3\x58\x43\xf6\xd5\xeb\x7d\xe5\xcd\xf4\x1b\x91\xdb\xbf\x34\xcb\x6c\x9c\x53\x00\x21\x01\x4b\x56\xab\xc4\x4a\xc2\x30\x03\x13\x61\x56\x08\xa7\xb4\xa2\x35\xe9\x9c\x14\xce\xf8\x05\x08\x87\x03\x22\x09\x48\x8b\x9e\xae\xaa\x82\xc0\x94\x05\xfc\x75\xbe\xc9\x4d\xd4\x2d\x6f\xf1\xb5\x99\xa6\x3e\xe5\x74\x2f\x33\x64\x09\x3a\xc9\x2c\xab\xab\x30\x35\x82\x2a\xa8\x67\xae\x56\xdc\xc9\x9d"},
+{{0xb6,0x36,0xa0,0x24,0x48,0x00,0x35,0x43,0xdb,0x86,0x4b,0x40,0xb5,0xd8,0xd6,0xdd,0x9a,0xd6,0x11,0x62,0x4c,0x9b,0x0f,0xc6,0x89,0x0c,0x51,0xea,0x55,0x92,0xc7,0x90,},{0x1e,0xf3,0x60,0x49,0x59,0x68,0xe5,0x6e,0x6d,0x3f,0xe7,0x40,0xb1,0xc8,0x4c,0x4e,0x44,0x90,0xed,0x68,0x2d,0xeb,0x43,0x05,0xaf,0xd5,0x96,0xef,0xb2,0x80,0x22,0x3b,},{0xd4,0xba,0x80,0x30,0x0d,0x5c,0xb5,0x13,0x53,0xc0,0x3f,0x28,0xc4,0x4f,0xd0,0xa4,0x24,0xff,0xe1,0xe4,0x0d,0x78,0xed,0x7b,0xb1,0x13,0x3e,0x8f,0xe4,0xe1,0x87,0x50,0x52,0x93,0xb2,0x0a,0x39,0x1d,0xa9,0x62,0xc6,0xa8,0xac,0x0a,0xce,0xc9,0xc6,0x72,0x26,0xaf,0x3b,0x61,0x95,0xda,0xbe,0x39,0xb3,0x66,0x22,0x94,0xda,0x3e,0x0e,0x09,},"\x4a\xa8\x5a\xac\x25\x03\x4f\x61\x4e\xd4\x4f\x7a\xdc\xdb\xee\xec\x25\xfc\xc2\xa9\xee\xa3\x2a\xb6\xa8\x69\x95\x06\xf7\xa1\xca\xd3\xbc\x89\x2e\x9d\xce\x93\x4e\x75\xb0\xa8\xcd\x14\x64\x2b\x77\x85\x99\x28\x6c\xfd\x8f\x50\xa9\xe4\xf2\xed\xf9\xf9\xd6\x29\x1a\x2e\x29\x79\xcf\x18\x06\xb9\x3e\xd8\xc9\xa7\x8f\xae\x19\x9b\x28\x54\xa0\x3e\xc4\x06\xab\x3f\x72\x08\x35\xee\x26\x3f\xbb\xc9\x1c\xb4\xef\x07\x58\xd7\x75\xfc\x78\x4c\x7d\x5b\x25\x1a\xc8\x93\x79\x19\xa9\xe6\x7b\xe8\x8c\x9e\x44\xcf\x2e\xc7\xf5\x60\x26\x9a\xa0\xf1\x11\x3d\x91\xb8\x44\x01\xdb\x15\xa3\xc4\x8c\x7d\xac\xff\x49\x39\xee\x01\xba\xbb\x98\x2f\xb9\x56\x25\xc6\xc3\xad\x78\x74\x90\x60\x55\x1b\xfd\xe8\xcc\xe4\xfb\x8a\x29"},
+{{0x5c,0xa0,0x54,0x3c,0x71,0xf5,0x68,0xa0,0x0e,0xed,0xf5,0x0a,0x95,0x20,0xf4,0xc1,0x5b,0x52,0x6e,0x3f,0xb0,0xda,0x81,0x6c,0x29,0xea,0x3d,0x50,0xb2,0xf6,0x2a,0x12,},{0xd4,0xa2,0x93,0x3c,0xe1,0x94,0x54,0xe3,0x31,0xb5,0x28,0x01,0x00,0x20,0x9a,0x6c,0xe8,0xe5,0x69,0xf9,0x93,0xc2,0xac,0xab,0x51,0xdb,0xe8,0x64,0xc5,0xcb,0x25,0x63,},{0x43,0x68,0x23,0xee,0xff,0x3e,0xdc,0xe5,0xd8,0x58,0x7d,0x68,0xe5,0x47,0x3e,0xf3,0xd8,0xdc,0x94,0x65,0xb5,0x58,0xb6,0xe8,0xe7,0xcd,0x31,0x37,0xec,0xcc,0x80,0xb4,0xc4,0xe8,0x06,0xed,0xf1,0x36,0x19,0xd8,0xe7,0x17,0xe6,0x9f,0x48,0xd7,0x06,0x1b,0x68,0xde,0x02,0xc8,0x20,0x9b,0xe1,0xf7,0xac,0x26,0xba,0x8e,0xdf,0x60,0x6d,0x02,},"\x4e\xf8\x49\x69\x78\xd2\x8c\x10\xab\xd5\x4a\x26\x35\x6e\xe5\x59\x21\xce\xb3\x50\xdd\x4b\x74\x2c\x41\x61\xfb\xeb\xa8\xa1\x60\x1f\x8a\xd0\x48\x4b\x21\xa8\xcf\x5a\x29\x4f\xac\x00\xec\x8a\x6f\x59\xe3\x36\x2e\x47\xbf\xae\x1e\x28\xa2\xe6\xd0\x17\xc5\xca\xa7\x5f\xb0\xf4\x84\x82\x80\x80\x37\xca\x21\x47\x69\x54\xd7\x78\xff\x1a\x05\x86\xda\x3e\xf6\x9d\x6c\xef\x6d\x2d\x8d\xf4\xae\x7a\x85\x44\x2a\x1e\x46\xc9\x98\xcf\x40\x7a\x6a\xd4\xc5\x46\x3a\x43\xc2\x48\xf3\xb6\x93\x7f\xdb\xc8\x45\xb6\x0c\x6d\x85\xe0\x56\x3c\xc1\x6b\xa9\x67\x5d\x36\x4f\x52\x5f\x66\x9a\xaa\xc9\x5f\x42\x8b\xb5\x82\x05\x09\x9f\x9e\x4a\x6d\xbb\xd0\x15\x1f\xb6\x5b\xab\xe1\x23\xe5\x39\x3a\xd6\x40\x26\x93\x5c\xb4\x88\xaa"},
+{{0x5f,0x87,0x11,0x7d,0xa9,0xbb,0xb6,0x09,0x1c,0x94,0xda,0x6b,0x23,0x0b,0x7d,0x8f,0x6d,0xe0,0xed,0x2a,0x07,0x64,0x13,0xb9,0x2e,0xac,0xdc,0x43,0xab,0xbc,0x68,0x97,},{0xaa,0x78,0x6a,0x14,0x62,0x26,0x83,0x2a,0xa7,0x3c,0x43,0x4b,0x0e,0xdc,0x2d,0x41,0xd2,0x55,0x8f,0x82,0x0a,0xb8,0xf8,0x7e,0x09,0xe6,0xcd,0xa9,0x10,0x72,0xb9,0xb6,},{0x0f,0x19,0xe6,0xea,0x0c,0x05,0xf3,0x81,0x85,0xc0,0x1c,0x2d,0x64,0x77,0x99,0x5d,0xaf,0x50,0x65,0xba,0x9d,0x80,0x17,0x3f,0xa6,0xbb,0x23,0xa7,0x74,0xdc,0x88,0xb3,0xaa,0xe8,0x79,0xd8,0xa6,0x24,0x71,0xd2,0xd3,0x04,0xcc,0x3d,0xc6,0x62,0x78,0xa7,0xab,0xcb,0x0b,0xb0,0x77,0x1c,0xd2,0x78,0xe1,0x1e,0x7b,0x93,0x2e,0x9f,0x9b,0x0f,},"\x22\x97\xc4\x0a\x2e\x83\x65\xba\xe4\xc5\xf0\x63\x0c\x50\xb1\x3b\xdd\x9a\xd9\x77\x0a\x5d\x9a\x94\x51\xd0\x08\x74\xb0\x23\xd2\x5e\xcd\x46\x8b\x96\x57\x1b\x2f\x16\xdc\xb1\xb0\xd3\xd7\x56\xc1\xf0\x44\xfc\xdd\xd1\xc5\x1f\x27\x72\x7a\x03\x69\xc9\xcf\x25\xbd\x6a\xa5\x95\x51\xb5\xb0\x7c\xf8\xf8\x07\xd9\x2b\x15\x91\x98\x63\x97\x04\x74\x0f\xe6\xed\xa0\xf2\x6d\xba\x7e\x75\xd4\x53\x0b\x28\x00\xf0\x3f\xb6\xaa\x67\x7d\x84\xdf\x75\xd6\x8d\x4f\xbb\x64\xad\x21\x00\x1e\x3f\xc8\x7b\x60\x9b\x9c\x25\x1e\x8c\xcb\x12\xbb\xca\x92\x74\x47\xe2\x05\x4e\x07\x68\x8e\xb8\xa2\x05\x21\xa5\x22\x49\xe7\xb9\x43\xbe\xd6\x0e\x6a\x93\xc0\x1e\x3e\xb6\x21\xf0\x46\x0c\x18\xa6\x90\xb6\xf6\xb6\x6e\xdc\x6e\x87\x43\xa6"},
+{{0xb5,0x3a,0x64,0x4c,0x92,0xba,0x2d,0xc7,0x10,0x8b,0x16,0x83,0x3f,0x09,0xad,0x59,0x17,0x84,0x64,0x37,0x22,0x5a,0x77,0x3d,0x32,0xd7,0x9c,0x97,0x73,0x3c,0x0a,0x58,},{0x51,0x58,0x18,0xc6,0x9c,0x0e,0x0a,0x17,0x06,0xb0,0x41,0x43,0x84,0x2f,0x3e,0x9e,0x27,0x14,0x48,0xfb,0xaf,0x3a,0x89,0x91,0x19,0xc3,0x2f,0x42,0x56,0x6f,0xfd,0x33,},{0x13,0xd2,0xcb,0xac,0x79,0x76,0xad,0x27,0xf0,0xbf,0x66,0x9a,0xd5,0x88,0xef,0xb2,0xc9,0x1b,0xab,0x85,0x07,0xd5,0x7f,0xb1,0x6b,0xfe,0xa9,0xca,0xff,0x2b,0x09,0x64,0xe7,0x56,0x25,0xc4,0xd8,0x08,0xd7,0xbb,0xb7,0x8c,0x5b,0x46,0x4e,0xdf,0xfe,0x49,0x49,0xec,0xfb,0xc8,0xb9,0x5f,0xf6,0xfd,0xb1,0xbd,0xca,0x27,0x42,0x06,0x81,0x00,},"\x13\x03\x6d\xaa\xee\x45\xfc\xfd\xe0\xc5\x3e\x06\xd0\x5a\xa9\xc0\x1e\xa9\x4a\x67\xe8\x6c\x6c\x53\x8c\xcb\x28\x3b\x36\x8d\xaf\x70\x78\xd3\xfb\xab\x58\x0c\x76\xec\xf8\x2b\x4e\x96\x60\xf0\x68\xdc\xbb\x50\x0b\x80\x59\x50\x17\xc5\xbe\x3c\x44\x8f\xbd\x8a\x17\xd9\x7c\x56\x43\x19\x78\x90\xe1\x67\xb3\x53\x45\xbf\x65\xe7\x5b\x82\xc8\xd6\x52\x29\xf2\xf6\x0a\xae\x27\x72\x58\x1b\xc9\x9c\x49\xd4\x16\xbc\x3d\x78\x74\x6e\xf8\x30\xf1\xaf\x94\x4f\x4a\x67\x15\xab\x4f\xfb\x01\x59\x1b\xac\x28\x57\xf1\xa9\xc9\xd1\x70\x08\x88\x78\x00\x06\xa3\x16\x07\x33\x8f\x7a\xf7\xbe\xdf\x6e\xfe\x0b\x57\x29\x9a\xc9\x15\x52\x6f\xe5\xe1\xe1\x01\x29\x87\x08\xc6\xe6\x1b\x84\x22\x0a\xfe\x95\xb5\x3f\x89\x59\x87\x45\x61\x52"},
+{{0xd2,0x7c,0x9e,0xaf,0xcf,0x88,0x15,0x19,0x90,0xbb,0x5b,0x2f,0xa8,0x44,0x3e,0x70,0x9b,0x5f,0xd8,0xd7,0x8d,0x23,0x38,0x03,0x32,0x2d,0xc8,0x6d,0x93,0xd9,0x32,0x95,},{0x08,0xe0,0xef,0xf5,0x29,0x77,0x67,0x14,0x68,0x61,0x96,0xd8,0x17,0xfd,0xf7,0x1e,0xb5,0xb6,0xe8,0x32,0x65,0x16,0xef,0x48,0x9b,0xfe,0x18,0x6a,0xc5,0xc5,0xbf,0x6d,},{0xc2,0x54,0xe3,0x71,0x44,0x56,0x33,0x13,0x74,0x42,0xee,0xfe,0x40,0xad,0x4a,0x82,0xe6,0x9b,0x1e,0xbf,0x48,0xa6,0x85,0xa2,0xbc,0x6f,0xfb,0xac,0x12,0x6d,0x22,0x84,0x87,0xb2,0xe3,0x53,0x7c,0x97,0xef,0x74,0x10,0x34,0x20,0x91,0x96,0x2e,0x50,0xc0,0xcb,0x85,0xde,0x7b,0x39,0xce,0xb4,0x1a,0xc4,0x07,0x8d,0x40,0xf3,0x40,0x71,0x06,},"\x77\xc3\x5b\xda\x32\xa5\x96\x7d\x8b\x30\x2f\xa7\xa4\x75\x83\xce\xab\x89\xc9\xa6\x09\xa6\x67\xb7\x53\x15\x5f\xa6\x99\x6f\x86\x31\xd0\xeb\xed\xfe\x0a\xc3\x64\xc7\x7e\x85\xba\x37\x31\x1f\x0d\xe5\x7a\x0d\xc2\xc1\xe9\xe4\x00\xd5\x8b\x42\x4a\x32\x2e\x1d\x57\x71\xe0\xa9\xfd\x95\x02\xad\x02\x32\xce\x54\x4f\x07\xd8\xc6\x6e\x7c\x31\x47\xf8\x60\x7a\xc6\x18\x9b\xb6\x90\x66\xf2\xfa\xd6\x31\x18\x5f\x45\x7f\x46\x7e\xba\x33\x22\x8e\xcc\x40\xe8\x94\xa7\x7b\x57\x16\x98\xa9\xbf\xac\x84\x1a\x54\xea\xc5\x21\x9d\xa9\x9c\x6a\x91\x25\xc4\x69\xa2\x2f\xe8\x1f\x3b\x95\x14\x33\x89\x6f\x19\xce\x39\xb3\x73\xfd\x7e\x5c\x7b\x65\x0a\x5e\xf2\x36\x5a\xe7\x51\x0b\x0d\xa5\xe4\x9d\x7c\x07\x07\x3c\xf1\x66\xa9\x83\x87\xe8"},
+{{0x70,0x21,0x3d,0x3a,0x79,0xc6,0x5d,0x6d,0xbb,0xa5,0x42,0xa3,0x67,0x96,0x35,0x00,0x3a,0x68,0x2a,0xf5,0xfa,0x58,0xde,0x6b,0x0d,0x65,0xbf,0xa2,0x41,0x84,0x90,0x1c,},{0x44,0x02,0xfb,0x92,0xcc,0x12,0x49,0xdd,0x1a,0xe1,0x69,0x0f,0x03,0xb3,0xec,0x4f,0x1e,0x9b,0xda,0xb0,0xde,0x5b,0xfd,0x28,0x9f,0x10,0x29,0x68,0x30,0xfd,0x40,0x3e,},{0x5b,0x6c,0xe2,0x77,0x4d,0x40,0x0e,0xce,0xa8,0xa8,0x08,0xf5,0xfd,0x0a,0x79,0x7f,0xfc,0x61,0x16,0x75,0x23,0x76,0xcd,0x7b,0xfa,0x3b,0x2c,0xca,0x3a,0x84,0xd5,0x59,0x3f,0x5c,0x03,0xad,0x3e,0xec,0x1d,0x89,0x53,0x22,0x75,0xc4,0x7b,0x7c,0xe2,0xa0,0xe9,0xc5,0x9c,0xc4,0x02,0x8a,0x8a,0x65,0xe5,0xbb,0x90,0x97,0xea,0x71,0xc2,0x08,},"\xcd\x6e\x1c\xd9\xc9\x0f\x56\x6d\xe0\x43\xd7\x5d\x72\x44\xec\xfd\xb3\x8e\x8b\xde\x2f\x9a\x6c\xd5\xa4\xfd\xac\x72\xb5\xed\xe6\xaf\x62\xd9\x81\x91\x8c\x5e\x61\x0a\x38\x78\x92\x74\xfa\x10\xe5\x27\xf8\x5f\xad\x20\x9b\x76\xca\x1c\x28\x1a\xd5\x89\x0f\x9c\x96\xd3\x5d\xe5\x22\xf1\xdd\xcc\xb5\x39\xb8\x79\x8a\x00\x67\xac\xdd\x45\xb6\xe3\x44\xa5\xd9\xa9\x77\x31\xf5\x45\xff\xa4\xb1\x7b\x87\x5c\x67\xb4\x8e\x9d\x4c\x4b\xa7\x2c\x98\xa4\x50\x55\x83\xfd\xbf\x1e\x12\xf2\x2b\x5a\x7a\x49\x47\x46\xcc\x9b\x6c\x1b\x57\x19\x06\xc6\x7f\xcc\x88\x3a\x9c\x15\xa3\x80\x68\x75\xb6\x59\xe5\x81\x6b\x42\x76\xc3\x19\x0e\x25\xcc\x1a\xc3\xde\x47\xbf\x99\xc4\x99\x65\x38\x8f\x54\xf3\xef\x8e\xb5\x69\x90\x6c\x60\x08\xe5\xfb\xbd"},
+{{0x5d,0x54,0x0b,0x3b,0x14,0xf0,0xc0,0x17,0x5c,0x04,0x7e,0xaf,0x02,0x6c,0x90,0x70,0x65,0x9e,0xf1,0x3e,0x9d,0x28,0xe0,0xc5,0xc5,0x16,0xa4,0x28,0x26,0x9b,0x14,0xeb,},{0x1d,0x2d,0x4d,0x55,0x1a,0x57,0xc6,0xfb,0x2b,0x04,0x18,0x10,0x49,0xd4,0x03,0x9d,0x57,0x5c,0xf8,0x0c,0x0b,0xc6,0xec,0x70,0x33,0x06,0x7f,0x27,0x30,0x93,0x44,0xde,},{0x32,0x52,0x7d,0xa7,0x55,0x31,0x28,0x89,0x93,0x5d,0xd5,0xee,0x91,0xb1,0xbb,0x11,0x7a,0x5d,0x37,0x7d,0xd2,0x3e,0xf5,0xb7,0xe1,0x5b,0xaf,0xfa,0xe9,0xa5,0x43,0x91,0xa3,0xfd,0x23,0x4b,0xdc,0xe0,0x73,0xe0,0x98,0xc5,0x8d,0x05,0xbf,0x19,0x5b,0x4c,0x3c,0xc6,0x39,0x72,0x38,0x3b,0xa4,0xb5,0x10,0x72,0x97,0x1a,0xeb,0xcb,0x62,0x0d,},"\xe4\xc9\xe8\x70\x68\x98\xca\xd4\xac\x68\xd7\x3c\x13\x0e\xfa\x04\xa5\x4f\x8c\xa2\x59\x19\xea\x6b\xfa\xa5\x4c\x8c\x72\x0c\xed\x85\x4c\x5e\x95\x09\x10\x2c\x7b\x88\x5a\xed\xdf\xfb\xd1\xb7\xf2\xc5\x92\x25\x83\x67\x7a\xc9\xee\xa9\xa1\x08\xc7\xe8\x3e\x88\x71\xae\xd5\xa0\x84\xf5\x44\x0b\x0f\x39\x1a\xd7\xff\xc6\xba\xb4\x57\x4a\xf1\xb9\x67\x70\xf4\x37\x0e\x8e\x98\x8e\x85\xec\xb1\xa8\xd6\x03\x4f\xc3\xd7\xf4\x9f\x74\x22\x02\x3b\x9d\xab\x5d\x0c\x16\xbe\xab\x5f\x5d\x37\xb0\xa4\xd7\xde\x19\x7a\xd8\x7c\xd4\xff\x8c\xe7\x8e\xb1\x2e\x1d\xaf\x73\x9d\x8b\x47\xab\x38\x0a\xbe\x90\x93\x35\x6d\xb5\xb5\x97\x17\x75\x1a\x49\xe1\x94\x84\x72\xfd\xac\xc2\x59\xff\xff\xc8\xc1\xdb\xae\x59\x26\x07\xd4\xec\x71\xcc\x6a\x8f\x6b"},
+{{0xca,0x41,0x76,0x9c,0xaf,0x17,0x17,0xb4,0xe4,0x5c,0x93,0xc1,0x21,0xdc,0x82,0xa5,0x34,0xfb,0xc6,0xec,0x09,0x86,0x66,0x2c,0x32,0x22,0xd7,0x14,0x92,0xbd,0x11,0x76,},{0xaf,0x3f,0x89,0xf6,0x18,0x7d,0xbc,0xf9,0x21,0x77,0x50,0xc6,0x7e,0xf8,0x9e,0xd4,0x7b,0x03,0x9f,0x9e,0xb0,0x62,0xff,0xec,0x9d,0xf6,0x4a,0xb5,0x2b,0x0b,0x45,0xcb,},{0x5c,0xda,0x87,0x2f,0x7e,0xd6,0xd7,0xc9,0x02,0x18,0xac,0x10,0xbe,0xe8,0xe2,0x14,0xf3,0xb3,0x4d,0x15,0xd2,0x5c,0x39,0x25,0x5e,0xc9,0xe6,0xb0,0x17,0x7a,0xa3,0xcb,0x73,0x68,0xd1,0x1c,0xb8,0xed,0x6f,0xf5,0xcf,0x0c,0x04,0x28,0x1d,0x06,0xbc,0x42,0x72,0xb8,0xbc,0x09,0xc2,0x3f,0x6f,0x4c,0xd5,0xa8,0x10,0xdd,0xc7,0xb9,0xc1,0x03,},"\x9d\xe8\x47\x6c\x58\x13\x84\x8a\xb1\x45\x15\x37\x84\x1c\xc1\x78\x00\x21\x81\xa2\x18\x2a\xf3\x05\xb1\x2e\x5f\x7c\x3b\x1d\x56\xb2\x2c\xf4\x6a\xe6\x27\x6d\x18\x26\xec\x0a\x8c\x9a\x7d\x9f\x68\x08\x3b\x72\x25\xbb\xfa\xef\xce\x82\xb3\xb6\x45\x94\x05\x2a\x77\x00\xf3\x09\x23\x3a\x79\xff\xfd\xfc\xcc\x5c\x21\x40\x0c\x91\xcc\x0e\x41\x8d\x51\x41\xd4\x86\xb5\x21\x99\x01\xd6\xdd\x24\x47\xc1\xf7\xb7\xcf\x5a\x08\x79\xe7\x0e\x1d\xd6\x58\xd0\xf2\xec\xf3\x1e\xbe\xee\x11\xa5\xc7\x44\x40\xc6\x3b\x9d\x8b\x45\x31\x8c\x34\x65\xd7\xff\x03\x36\x5e\xdd\x03\x85\xed\xf8\x0d\x4f\xde\xd5\x1f\x0f\x75\x33\xee\x40\x99\xf1\x9e\x93\xbc\x9d\x08\xda\xdc\xd1\x34\x85\xdb\x23\x95\x22\xff\xc8\x1e\x2c\x05\x1f\x87\x96\xd6\x2e\x97\x9f\xcf"},
+{{0xfe,0xdd,0x63,0xff,0xd4,0xcf,0xbf,0x61,0x88,0x94,0x96,0x2e,0x12,0x1a,0x90,0x25,0xee,0xa3,0x18,0xa8,0x0a,0x1a,0xdf,0x16,0x9d,0x64,0x90,0x44,0x5d,0x2e,0x02,0xa0,},{0x54,0x2f,0x22,0x44,0xbd,0xb7,0xd8,0x4b,0x87,0xe6,0x28,0xa8,0xe6,0xa1,0x2f,0x17,0xbf,0x74,0xa9,0xa6,0xd0,0xea,0x46,0xc5,0x95,0xdb,0xfd,0xc6,0x80,0xc0,0x4b,0x26,},{0xed,0x59,0xd9,0xe2,0x3d,0xec,0x34,0x94,0xb0,0xfb,0xc5,0xd1,0x0c,0xd0,0x2b,0xab,0x86,0xb3,0xeb,0x35,0xab,0xbf,0x9e,0x4d,0x4a,0x92,0x64,0x79,0xf1,0x34,0x58,0x3a,0x44,0xce,0x72,0xdc,0x41,0x22,0xac,0xa3,0x77,0xa4,0x07,0x2b,0x71,0x56,0x46,0x2b,0x74,0xe8,0xdf,0x46,0xb6,0x86,0x69,0x86,0x36,0x83,0x6e,0xf2,0x03,0x17,0x9c,0x07,},"\x2e\x2a\xe5\x84\x64\x1b\xe0\x3d\xd4\x8f\x9c\x61\x80\x77\xae\xaa\x18\x21\x2a\x42\x41\xf0\xc0\x19\x4e\xd2\x3e\x37\x0d\x74\x1a\x3a\xe1\x1a\x5f\xec\x3b\x04\x0c\x16\xea\xfa\x4a\xc8\xd1\x8a\xba\xa7\xce\x8f\x28\x69\x67\x33\x71\x89\xf0\x49\x5f\xfd\xd6\x19\x95\xcd\xe3\x1d\xd8\xdf\xc3\xdf\x57\x00\xb5\x7a\x7a\x29\x98\x0e\x9c\x82\x3f\xee\x85\xd6\x14\x51\x17\x67\x29\xe7\x27\x87\xc6\x10\x9b\x47\x35\x9b\x93\xdf\xd6\x2e\x1e\x5a\x2d\x64\x2c\x05\x72\x42\xda\xe5\x00\xa9\x4c\xa1\xa9\x3b\xc5\x7b\xe1\xad\xe7\x6f\xe4\x50\x1c\x0f\x63\x77\xed\x0e\x92\x46\x17\x9a\xec\xdd\x99\x46\xb6\x71\xe8\x19\x0e\x1e\xd2\x3f\x96\x6e\x96\x40\x9b\x94\x82\x22\xd8\xea\x58\x39\xde\x90\x4f\xc5\x13\x48\x07\x3b\x8f\x40\xed\xbd\x9b\x4a\x4b\x22\x75"},
+{{0x38,0xf2,0x18,0x4e,0xaa,0x55,0x36,0x56,0xee,0x29,0x02,0x70,0x6b,0xce,0xc4,0xac,0xb5,0xaf,0x25,0x15,0x7c,0xa0,0xf6,0xa2,0xd4,0x8d,0xe8,0x52,0x85,0xfa,0x3b,0xc0,},{0x7f,0xf0,0x3f,0xb4,0xc8,0x2e,0x9c,0x15,0xd6,0x59,0xdf,0x42,0x4b,0x3e,0x73,0xed,0x1d,0x78,0x00,0x6f,0x3e,0x0b,0x79,0xeb,0x64,0xd9,0x8c,0x13,0xae,0xc6,0xba,0x37,},{0x4a,0x64,0x13,0xc2,0xc8,0x7f,0x2b,0x38,0x56,0xa8,0xde,0xcb,0xce,0x49,0x3a,0xde,0xae,0x0c,0x69,0xc9,0x41,0x34,0x70,0x7f,0xb0,0xf1,0x8f,0x30,0x49,0xfd,0x3e,0x3d,0x05,0x1a,0xbd,0xb9,0xd4,0xbe,0xe2,0x53,0xc6,0x10,0x7c,0x02,0xd5,0x7a,0xd7,0xcc,0x9f,0x31,0x01,0xdb,0x66,0x0a,0xfa,0xc2,0xb7,0x98,0x19,0x38,0xe9,0x56,0x4f,0x01,},"\xc2\xdf\x77\xc9\xe4\x79\xf6\x19\x83\xb6\xc7\x48\x3e\xf9\x3f\xb8\x5a\x10\x3b\x21\x39\x23\x92\x65\x23\x06\x5e\xbf\xf2\x25\x7e\x85\x42\x7e\x05\xcd\xc2\x75\x82\xef\x6c\x16\xbe\x35\x3a\x3b\x25\x03\x72\xd6\x37\x0e\xec\xb6\xc8\x96\x29\x17\xeb\x65\x6f\x26\x41\x69\x01\x89\xd1\x72\xa1\x11\x05\x15\x57\xab\xc2\x49\x4e\x32\xca\xb6\x5e\xd0\x63\x3a\xff\xe9\x24\x08\xb5\x5c\x4e\xd8\xaf\x65\xe2\xc5\xe7\xaa\xb8\x87\xa3\xcc\x8d\x28\xc5\x2e\x9e\x13\x36\xd0\xb7\xbb\x3f\xe2\xcd\x84\x3e\x7f\xa1\x68\x03\x42\xf8\xa4\xaa\xfa\x02\xc4\xab\x25\x2f\x08\xc3\xd4\x6d\x5f\x00\xfd\x01\x48\x42\x63\xee\x63\x52\x84\xf6\xdb\x26\xd6\x29\x8d\xe5\xb0\xdd\x23\x8d\xa4\x0a\x8d\x2a\x93\x37\x6d\xa0\x30\x27\x83\xa0\xe3\xbe\x23\xd9\xe7\xf9\x90\xd2\x5b"},
+{{0x8b,0xfc,0xa4,0x84,0x62,0xd2,0x53,0x6f,0x74,0xb8,0x4f,0x6a,0xf5,0x9f,0x5d,0x85,0x82,0xff,0x8f,0x7e,0xc2,0x87,0x45,0xd6,0x72,0xe7,0x2e,0xb7,0x2e,0x79,0xd3,0xe9,},{0x9d,0x10,0xd2,0x75,0xc3,0xd3,0xfe,0x45,0x9f,0x7f,0xe2,0x90,0x1b,0xce,0x38,0x91,0x91,0xcc,0x84,0x83,0xc0,0xf5,0x11,0x40,0xd9,0xc6,0x2b,0x08,0xfa,0xde,0x81,0xbb,},{0x44,0xd7,0x7e,0x43,0x9e,0xf6,0xca,0x5e,0xb9,0x40,0xc6,0x0f,0xf8,0x73,0x2d,0xdc,0x16,0x26,0x9e,0xa0,0x23,0xbb,0x26,0x13,0xbd,0x44,0x7e,0xba,0x7f,0xd6,0x98,0x51,0x22,0x6c,0x48,0x19,0xce,0x8d,0x44,0x98,0x5a,0x49,0xf3,0xf4,0x1a,0xc7,0xaf,0x33,0xc4,0x7f,0xfe,0x5f,0x89,0x30,0x4a,0x32,0x56,0xe4,0x45,0xf8,0xd6,0x86,0xe3,0x07,},"\x81\xee\x4c\xb9\xc4\x5d\xa6\x91\xda\xcd\x7d\xd0\x9a\xff\x59\x73\x72\x67\xbb\x55\xc3\xad\xe1\xba\x32\xc1\x7b\x7d\x0d\x2d\x0c\x60\x79\xc3\x9d\x5f\xd5\xb2\x9b\xa5\xf9\xc1\x76\x20\x97\x70\x98\x43\xee\xe5\x61\x2b\xd2\x0b\xc8\x18\x5b\xf6\x4d\x5c\x93\x41\x84\xe1\x36\x24\xe6\xf8\x77\xa2\xa5\xdd\xa1\x5c\x0d\xf6\x2a\xfb\xb9\x70\x57\xcc\x91\xca\xc9\xa1\x84\x06\xa0\xe0\x10\x9c\xc3\x9b\x2e\x3f\x81\x2e\x22\x7a\x40\x62\xd5\xef\x81\xc9\x2c\x22\xa7\xdc\x79\x7c\x84\x5d\x71\xeb\x6e\xa9\xe4\x2e\xc8\x41\x7f\xba\x90\xa9\x6d\x2b\xb1\x43\x94\x18\x33\x0b\x4b\xb2\xf9\x9c\x6d\x63\xd3\x04\xa0\xe5\x06\xdc\xa9\x65\x3e\x5d\xe0\xdd\x56\xe3\x09\xdb\x1a\x76\xa0\xfa\xab\xab\x16\x37\x74\xf0\x00\x08\x8c\xef\x3d\x1b\x7a\x6c\xf6\x61\xd2\xe1\xd9"},
+{{0xd7,0x48,0x0d,0x42,0x72,0xbc,0xb1,0x55,0x7b,0x1b,0xbe,0xe0,0x49,0x15,0xc1,0x26,0xa5,0x2c,0xa6,0xd6,0xa8,0xbb,0x53,0x14,0xa0,0xe1,0xa5,0x2b,0x59,0xbf,0xc9,0x9c,},{0x99,0xc8,0x39,0xd3,0x6d,0x8f,0x5b,0x86,0x52,0x61,0x8e,0xd7,0xb0,0xfe,0x9e,0xc3,0xd9,0x4e,0xff,0xf4,0xc4,0x53,0xc5,0x40,0x63,0x14,0x76,0xa5,0x97,0x9b,0xbb,0xe0,},{0xe0,0x4d,0xc8,0x44,0x2d,0x35,0x21,0x73,0xe9,0x31,0x81,0x8e,0x29,0x08,0x58,0xde,0x85,0x68,0x8a,0x46,0x49,0xea,0x3e,0x3c,0x3a,0xe7,0x4e,0xda,0xa5,0x4a,0xd0,0x1b,0x64,0x62,0x2a,0xd8,0xa0,0x90,0xb6,0xad,0x60,0xad,0xfd,0x01,0x88,0x18,0x82,0x82,0x8d,0x39,0x07,0x8b,0xb5,0xb2,0x71,0x4f,0xd3,0xea,0x83,0x97,0xa3,0x42,0xfd,0x04,},"\x61\x5c\xc1\x9f\x94\x20\x17\x36\x5b\xa8\xbf\xa2\x56\xce\xcc\xc8\x5e\xe2\x89\xa1\xc3\x4b\xb1\x44\x2a\xcc\x07\x16\xc7\xfc\x2c\xae\xb7\x6a\x9d\xe1\x9a\xde\xc1\x06\x37\x1e\x47\xa3\x0d\x2e\x12\x39\xce\x1f\x7d\xca\x25\x52\x6d\x60\x4b\xdd\x64\x76\x59\xd9\x42\xbc\xba\xc3\x68\x91\x13\x49\xc3\xb9\x46\xa9\x7d\xa1\x0a\x42\xdb\xcf\x3c\x73\x41\x6d\x2e\x6b\xa2\x2b\xd2\x9d\x9f\x70\x56\x72\xe9\xe3\x38\x94\x4c\xef\x01\xad\x21\xf0\x09\x74\x2e\x07\xbc\xd8\x88\xca\x31\xe1\xee\x95\x3e\x8c\x1b\x1f\xd9\x54\xb7\xdc\xf1\xa0\xb1\xd5\xa0\x69\x06\x5a\x66\xcb\x72\x1a\xdc\x02\x0f\x4e\xfe\x1a\xbd\xd1\x67\x42\x74\x69\x39\x28\x57\x80\xd7\x53\x13\x7a\xe0\x14\x0b\xb4\x10\xfb\x6c\xe3\x36\x76\xc2\x7a\xee\xc5\x93\xa8\x8c\xbc\x73\xaf\xd9\xf4\x05\x11"},
+{{0x3c,0x2d,0x36,0x50,0x73,0x5b,0x41,0xef,0x90,0x06,0xbb,0x45,0xe4,0xbe,0x2e,0x0a,0xa5,0xcd,0xe8,0x51,0xae,0xac,0x42,0x1e,0xe9,0xc1,0xb4,0x92,0xd8,0x7a,0xa1,0x8a,},{0x3e,0x46,0xdd,0xce,0x29,0x88,0x44,0xfc,0xaf,0xa0,0x0a,0x1b,0x47,0xea,0xf3,0xde,0x70,0x59,0x6d,0xf1,0xbb,0xee,0x3c,0x80,0x9d,0x1b,0xe7,0xdd,0x94,0x08,0x0e,0x34,},{0x3f,0x2a,0xf0,0x1a,0xd5,0x37,0x7a,0xc3,0x90,0x40,0xd4,0x1a,0x41,0xe3,0x6e,0x7b,0x93,0xfa,0x72,0x35,0xb8,0x41,0x79,0x1f,0x43,0x2e,0xcd,0x7f,0x91,0xa3,0xb2,0x1a,0xb7,0x19,0x6c,0x88,0x3a,0xd5,0xa7,0xdb,0x44,0x6f,0x6c,0x06,0x67,0x24,0x60,0xf3,0xf6,0x3e,0xf8,0x63,0xd9,0x43,0x2b,0xe9,0xca,0xea,0xbb,0x79,0xe8,0x7e,0x22,0x08,},"\x14\x25\xd8\xd2\x18\xda\x1a\x10\xa8\x0b\x6a\x9c\x3c\x27\x50\xef\xe4\x16\x57\x98\x4a\xbd\x51\x00\xf4\x51\xba\x94\x9d\xb0\x10\x46\xb7\x12\x6b\xe8\x40\x23\x34\xed\x57\x52\x8b\xac\x05\x62\x25\x53\xa8\x6b\x72\x67\x22\x69\x5a\x8f\xb3\x31\xd8\x56\x54\x17\xc4\xff\x0f\x25\x1a\x32\x0a\xd0\x6d\xed\xbb\x75\x0d\xef\x35\xd5\x21\xc3\xc4\xcd\x57\x1a\x45\xad\xa8\x45\x06\x53\xd5\xe8\x1f\xe0\xbe\xb5\x3a\xaa\xe7\x87\xb3\xeb\x65\x3c\x23\x81\xed\x55\xaa\xf2\x59\x0e\xe5\xed\x8b\x66\x26\xf1\xc4\xb0\x43\x0a\x54\xf3\x96\x58\x62\x4e\x66\x35\xfe\xfc\x98\xfe\xe8\xfc\x3e\x1c\xc7\xff\x3d\xd4\x20\xde\x9d\xa1\x1a\x62\xfc\xae\x0e\x0c\xb4\x54\xfc\x6f\x7d\xf0\x39\x54\x29\x1d\x26\x20\x2f\x1b\x18\x8b\x65\x7b\x3b\xae\x07\x38\x94\x49\xb7\x5e\x67\x42\x2f"},
+{{0x74,0x96,0x59,0x96,0x26,0x8c,0xdc,0x4c,0x09,0x22,0x0b,0xd3,0x1c,0xe0,0x7b,0x21,0x7a,0x03,0x82,0x6e,0xe9,0x81,0xfa,0x89,0xf3,0xa2,0x35,0x9c,0xed,0x09,0x5e,0xf1,},{0x40,0x96,0xd0,0x27,0xc1,0xc5,0xee,0x4c,0xbf,0xc0,0x4b,0x9d,0x53,0x41,0x74,0x02,0x9f,0xdb,0x50,0xcf,0x56,0x10,0xd3,0x02,0x1e,0xf9,0x33,0xb4,0xca,0xf3,0x39,0x85,},{0x8c,0x66,0x28,0x34,0x43,0x17,0xa6,0x3a,0xca,0x6f,0x78,0xcf,0xae,0xa9,0x65,0xb3,0xaa,0x55,0x22,0xce,0x91,0x41,0x95,0x14,0x1c,0x08,0x87,0x0a,0x1b,0x8d,0xac,0xf3,0x4b,0x79,0xc7,0xab,0xc6,0x93,0xcd,0x9e,0x5e,0xbe,0x1a,0x2e,0x86,0xf0,0x33,0x2d,0x20,0x48,0xdb,0x3c,0xbd,0xef,0x01,0x68,0x79,0x62,0xd6,0xdf,0x24,0x9e,0x38,0x00,},"\x45\xb2\xf0\x64\x61\x5b\xf7\x74\xfc\xe9\x7f\x51\xc4\x64\x68\x5d\x7b\x3e\x4f\xef\xff\x92\x31\x24\x0a\x71\x9b\x3b\x06\x21\xcd\x4a\xd8\x33\x05\x67\x5c\xd6\xea\xae\xbf\xf7\x91\x00\x0b\x0b\x1f\xa3\x1d\x82\xd8\x18\x1b\x7f\xe5\x7c\x5e\x00\xce\xc5\x6f\xf9\x02\x2e\x9c\xe8\xdb\x66\x35\x6e\x40\x8e\x3e\xe2\x62\xfe\x62\x77\x89\xe6\x55\x35\xef\x1a\x63\xe8\xfe\xc9\x33\xbe\x3d\xee\x34\xd2\xfa\xcd\xb8\x92\x8c\xc4\x56\xab\xf2\xf3\xe8\xca\xb4\x7e\xff\x1c\xa4\x2e\x8b\x0e\x48\xd2\xc7\x3e\x7b\xcc\x5d\xe3\xf1\x05\x6f\xc5\x23\xdf\xef\x6b\x00\x23\xf3\x28\x89\xed\x39\x4e\xed\xa0\x32\xab\xf6\xbc\xaa\xda\xa7\xf3\xee\x74\x11\x87\x60\xab\x6d\x91\xdf\x52\x8b\xdc\x58\x07\x97\x2c\x85\xfa\x7c\xb5\x6e\x38\x7d\x73\x32\xe7\x79\xe5\x2d\x0d\xd7\xdb\x0c\xfb"},
+{{0x0a,0xbf,0x06,0x9c,0x08,0xb2,0x69,0x1c,0x3a,0x26,0xf7,0x9d,0xc8,0xed,0x05,0xcb,0x71,0xd2,0x20,0xff,0x78,0xf3,0xa5,0xc5,0x78,0x0a,0xe9,0xda,0x18,0xe4,0x56,0x43,},{0x9e,0xf3,0xb5,0xcc,0x01,0x6c,0xc8,0x2d,0xbd,0xda,0x70,0x57,0x66,0xaa,0x44,0x8b,0xd6,0x1f,0xa1,0xaa,0xf1,0x17,0x0e,0xfe,0x91,0x49,0xda,0xa9,0xfe,0x64,0xa1,0xae,},{0xc7,0x56,0x6f,0xb3,0xb4,0xd8,0xde,0xf6,0x67,0xe0,0x40,0xf2,0x76,0xd3,0xed,0x98,0xd3,0x6d,0xff,0x46,0x01,0x26,0xa7,0x5b,0x4c,0xc2,0x10,0x03,0x86,0xbb,0x01,0xc6,0x42,0xf6,0xd8,0xde,0x7e,0x64,0x9b,0xe6,0xe0,0x81,0x8b,0x08,0xd7,0x7c,0xe6,0x0f,0x4e,0xe5,0xe7,0x71,0x7a,0x50,0x88,0x4b,0xde,0xe0,0x20,0x34,0xec,0xf1,0xcd,0x0c,},"\x0d\x05\x52\x91\xb2\xe8\x61\xea\xe1\x9e\xa0\xfb\x20\x69\xd8\xc9\xee\xf4\xf1\x34\x7f\x35\x76\xd7\x84\x11\xae\x7c\x0b\x1c\x1c\xaf\x31\xfd\xe7\x36\xdc\x8a\xcc\xac\xb6\x62\xdf\x76\xb6\x20\xb6\x2c\xe9\x0b\x9f\x92\xc8\x33\x09\x12\x86\x21\xd0\x57\xcf\x84\x58\x05\x94\x90\x88\xe9\x38\xdd\xbc\x3d\x41\xc5\xe5\x54\x1f\xec\x82\x98\x68\x7a\xd2\xf7\x9a\xcd\xa0\x1a\xa2\x15\xd2\x58\x21\x43\x6e\xac\x9d\x26\x87\x16\xd4\xcd\x60\x50\x26\x0c\xb4\xef\x6a\xad\xa4\x83\x5e\x07\x3a\x84\x58\x21\xff\x21\x1a\xe2\xba\xad\xce\xb6\xe5\x7f\x06\xf8\x83\x45\xed\xbf\x93\xbf\xdf\x54\xfb\x74\x12\x3b\x57\xc0\xfb\x4a\x79\x60\x8d\x8d\xb6\x74\x08\x89\xe1\x57\x33\x50\x77\x99\xf7\xa1\xfd\x30\x17\xbc\xd7\x7b\x28\xa2\xbb\x6c\x91\xec\xd1\x54\xe9\xc5\xa5\xff\xa0\xeb\x62"},
+{{0xf3,0xfd,0x5e,0xc5,0xe2,0x30,0xb6,0xda,0xd1,0xac,0x3d,0x3a,0xeb,0xad,0xc7,0x86,0x3f,0xf8,0x9d,0xe2,0xa1,0x31,0x7f,0x42,0x4d,0x15,0x98,0x9a,0x3e,0xfb,0x0a,0xfd,},{0xf9,0x9e,0x5d,0x5e,0xee,0xae,0xd1,0x20,0x5c,0xfb,0x5c,0x2c,0xc4,0xe5,0xe9,0xf6,0xb4,0xe7,0xf6,0x41,0x29,0xf8,0x60,0x10,0x4c,0xa6,0x24,0x4e,0xb9,0xfe,0xb5,0x64,},{0x44,0xb0,0x12,0x46,0x63,0xad,0xb0,0xc7,0x3a,0xed,0x49,0xf7,0x34,0x03,0x46,0x1f,0xcb,0x19,0x11,0x1b,0x0b,0xa1,0x7a,0xa9,0x96,0x56,0x6f,0x47,0x7e,0x37,0xd5,0x24,0xb0,0xe1,0xf1,0x07,0x61,0x2f,0xc5,0x2a,0x7c,0x76,0x7b,0x18,0x1f,0xbf,0x4d,0x62,0x9b,0xdd,0xc0,0x8f,0x30,0x58,0x4d,0xec,0x61,0x24,0xc5,0xd3,0x9d,0x42,0x31,0x02,},"\x71\xf2\x89\x73\xed\x3d\xf0\x59\x45\xfa\x0b\xdb\x23\xe9\xbe\xca\x65\x1d\x3e\xe6\xbf\x9f\xa4\x5f\xfd\xc6\x06\x1e\x42\xfa\x2e\x8d\x76\x23\x5f\x0e\x9e\x2d\xaa\x65\xe5\x26\x31\xfc\x3b\xea\xd3\x3d\xa0\x55\xbb\x49\x2e\x47\x58\xe5\x98\xa0\x30\xa3\x3b\x3c\x40\xb3\x43\x71\x45\x9b\x23\x3c\xcc\x04\x3c\xcc\xc3\xa3\xcb\xce\x54\x9e\x20\xe0\xb2\xb4\x33\x05\xb6\x4a\xec\x66\x1a\xad\xba\x65\x56\xb1\x7d\x76\xe3\xbb\xed\x62\xc4\xa4\xea\xc4\xf8\x86\x03\x99\x67\x52\xd2\x36\x3c\x8d\x4a\x27\x89\xd1\x28\xf6\xe9\x59\x94\x5c\x68\xc3\x01\x46\xd1\x94\xcc\xb6\x83\x9e\xc6\x53\x44\x60\x16\x52\xc1\x8b\x00\x74\xe2\xbc\x76\x68\x31\x16\x97\xd9\x60\xc7\x06\x65\x97\x92\x4d\x70\x4d\x02\xa0\x19\x3f\xaf\xbf\xdf\x57\x1e\xe0\xdf\xe4\x14\xdc\x2f\x52\x89\x69\x12\xbc\x32"},
+{{0x73,0x8f,0x13,0x10,0xa4,0xe0,0x8f,0x91,0x7a,0x0a,0x5c,0x1f,0xba,0xf4,0xef,0x72,0xf9,0x5e,0xe6,0x2f,0xcd,0xed,0x50,0x86,0x8a,0x3d,0xaf,0x98,0x85,0x6a,0x44,0x8d,},{0x42,0x27,0x2c,0x2c,0x8b,0x08,0x47,0x0e,0xe5,0xdd,0x8a,0xf8,0x84,0x9c,0x01,0xb7,0x50,0x8d,0x3a,0x3c,0x65,0xb0,0x33,0x0e,0x69,0x5c,0x84,0x1d,0x5d,0xcc,0xb2,0xf5,},{0xce,0x1e,0x35,0x77,0xb6,0xa2,0x10,0x16,0xb9,0xdd,0x0b,0x51,0x7b,0xaa,0x0c,0xcb,0x10,0x7b,0xc1,0x99,0xb8,0xbb,0xae,0xf6,0x8f,0x95,0x0c,0x8e,0xd5,0x80,0x13,0xc8,0x53,0xb4,0xd3,0x38,0xee,0xdc,0x67,0x50,0x79,0xab,0x13,0x90,0x46,0x2f,0xfe,0xfa,0x6a,0x95,0x9b,0x04,0x3f,0x8b,0x56,0x51,0xc6,0xca,0x37,0x5c,0xe0,0xb4,0xa4,0x03,},"\xf0\xe7\xef\x67\x82\xd0\x4c\x69\x43\xb1\x9e\xb6\x6f\xf6\x22\x6b\x73\x6e\x3b\x09\x40\xc0\x9b\xb1\x26\xbf\xc4\xc4\xca\x7a\x5e\x70\x16\xc2\x86\xb7\xbf\xd7\x3a\xa6\xa7\x9a\x96\x03\x1b\xc8\x1c\xb5\xda\x68\xce\xc7\x1a\x6a\x0d\x39\x78\x0c\xbe\x6a\x0c\xd4\x77\x4d\x3a\xa0\x6a\x88\x16\x10\x44\x4a\x8c\x9d\x19\x10\x22\x94\xe5\xf6\x35\x18\x7a\xa6\xf4\x8d\x11\x91\x2c\x70\x94\xb3\x88\x33\x02\x8d\x57\x0c\xb1\x10\xdb\x60\x62\x5b\xb1\xbd\xc3\x7a\xff\xa2\x5e\xa3\xc8\xf8\xdb\xfc\x25\x14\xf4\x36\x5c\x62\xb2\x98\x9a\x66\xd2\x7c\x80\x38\x4e\x74\xae\x5f\xba\x8c\x1c\x2a\xf9\xc7\x2c\x49\x71\xe6\x4f\xa6\xa1\xdc\x25\x17\xb3\x1e\xa5\x7c\xcb\x08\x15\xa7\xfe\x2d\xa0\xf1\x46\xca\xa0\x84\x31\xd2\x5d\x15\x16\x62\xd9\xd2\x6e\x95\x22\x9d\x0c\x62\x82\x36\x64\x12\x3c"},
+{{0x88,0x41,0xd2,0x2a,0xde,0xd6,0x9c,0x13,0x1e,0xf5,0xee,0x0a,0x10,0xab,0x0a,0x9b,0x77,0xcb,0x75,0x4e,0xde,0x8d,0x25,0x7a,0x53,0x72,0x72,0x6e,0x2b,0x49,0x9c,0x6e,},{0x71,0x5e,0xcc,0xa6,0x36,0x81,0xbc,0x6e,0x9e,0x31,0xd1,0x88,0x48,0x90,0x2f,0x4d,0x96,0xfe,0xaf,0x43,0xb9,0x5d,0x00,0x86,0x42,0x90,0x3b,0x17,0x63,0xbc,0x9f,0xb8,},{0xbb,0x2b,0xab,0x70,0x03,0xf1,0x31,0x1b,0xe9,0xb8,0xc8,0x83,0xfc,0x4f,0xd5,0x28,0xad,0xfd,0x51,0xa9,0xc9,0x9d,0xb3,0xdc,0xa8,0xda,0x0f,0xca,0x95,0x8d,0xa1,0x9a,0x10,0xeb,0x22,0x33,0x26,0x67,0xb1,0xa0,0x06,0x5d,0x3d,0xbc,0x0d,0x06,0x26,0x9a,0x12,0x59,0xb6,0xa8,0x90,0x48,0x4a,0xa2,0x14,0x3a,0x52,0x69,0x5f,0x14,0x5b,0x0a,},"\x08\x7c\xa6\xbe\x2a\x95\x0c\x02\x4b\x3e\x74\x67\xfe\x00\xa7\xd3\x64\x55\x5d\x5d\xc6\x77\x0f\x5e\xbd\x26\x06\x42\x52\x5b\xd3\xc0\xf9\x65\xdb\x36\xd7\xb2\x29\xa5\x74\x21\xee\xc6\x4e\x4d\x99\x1c\xdd\xe5\x91\x23\x03\x44\x70\x55\x3f\x4e\xb0\xbe\x81\xad\x29\x36\xc8\xca\x26\xbc\xab\x4e\x5d\x79\x04\x0e\x29\x79\x87\x28\x60\x16\x84\xa4\x68\x32\x3c\xf3\xba\xae\x4d\x94\x8d\x0a\x1f\xd9\x05\xef\xfe\x16\xdc\x44\x64\x20\x88\xdf\x53\xf6\x38\x8b\xc4\x80\xed\xf4\xaa\x20\x7d\x0e\xd1\x61\xed\xa3\x45\x71\x2b\x4c\x00\xcb\x05\xfc\xf6\x35\xec\x25\x88\x78\x5b\xfb\x8a\x27\xcd\xc2\x89\x96\xa1\xdb\x3e\x67\x87\x02\x33\x93\xc0\x75\xd8\x3c\x90\x38\xfe\xd7\x89\x9c\x55\xfe\xc3\x07\xde\x32\x49\xc1\x4b\xda\x49\xe8\xb8\x95\x86\x09\x42\xc3\x6d\x64\x0b\xb8\x93\x77\x91\x42"},
+{{0xc0,0x21,0x35,0xe7,0xb6,0x5a,0xac,0x72,0xf6,0x3c,0x32,0xbf,0x5b,0xef,0x5b,0x68,0xc7,0xf3,0xb8,0xed,0x56,0x20,0x8e,0x59,0xe4,0x75,0x20,0x70,0xe9,0xd0,0x70,0x95,},{0xdc,0xf6,0x00,0xf2,0x44,0x03,0x7a,0x75,0x20,0x3a,0xe1,0x1a,0xc3,0x16,0xe8,0xdb,0xe9,0x98,0x6f,0x0d,0xce,0x23,0x47,0x39,0x39,0x33,0x4b,0xf5,0xce,0xa4,0x8b,0x0d,},{0xdd,0x5c,0xba,0xe4,0x79,0xeb,0x5e,0x22,0x95,0x74,0xc2,0x1e,0xc3,0xbe,0xd9,0x11,0x11,0x3a,0x57,0xa1,0x91,0x6d,0x33,0x13,0x45,0x75,0x15,0xd5,0x5c,0xc5,0xb6,0xe6,0xeb,0xc5,0x2c,0x93,0xf8,0x21,0xd1,0x39,0x88,0xdb,0xba,0x8d,0xf5,0x09,0x6d,0x55,0xff,0x9c,0x39,0xe7,0xf9,0xd5,0x61,0xcb,0x58,0x93,0x0c,0x96,0xa7,0xa5,0xd6,0x0b,},"\x86\xd9\x49\x13\x50\xd2\x56\x6e\x70\x8e\xd3\x56\x18\x5d\x61\x0c\x73\x46\x5b\x2a\x5c\x70\x12\x91\x99\x58\xaf\x2c\xf7\x6a\xf9\x95\x23\x0d\x36\x0d\xe4\x00\xb7\x13\x71\x70\xdd\x08\x35\xf1\x0f\xcb\xec\x22\x4e\xe4\xe4\x2c\x7d\x1c\xeb\xb7\xf5\x80\xfe\xa8\xed\x62\x23\x16\x3b\xac\xdd\x19\x23\xa5\x72\xcb\xb6\xdc\x26\xca\x8b\x17\xad\xe6\x8c\x6d\x28\x08\xc4\xca\x1e\xca\x28\xea\xe9\xa1\x45\xf6\x8d\x40\x79\xd8\xd5\x9d\x14\x0e\x95\x82\x28\xe7\xe9\x95\x20\xe3\x42\xdb\xd7\x45\x7a\x91\x59\x74\x0f\x48\xbd\xc2\x7b\x93\xbd\xab\xeb\xa4\x65\xcb\xf0\xc8\xdf\x5e\xf2\xc0\xf9\x38\x6e\xeb\xe6\x56\xf5\xd7\x49\xd5\xf9\x14\x7f\x52\x52\x66\x91\x0d\x7b\x80\x39\x6a\x90\xbe\x5c\xc1\x88\xa9\xa9\x45\xf9\x3e\x75\x3f\xc9\x9b\xaf\xa1\x8e\xe0\xa6\xdf\xf7\x9b\xf8\x48\x48\x98\xef"},
+{{0x15,0x4a,0x47,0xeb,0xa1,0xb8,0xc3,0x83,0x62,0xea,0x61,0xfa,0xeb,0x0c,0x0a,0xd7,0xe6,0x1e,0x41,0x2a,0x3c,0xba,0x46,0x88,0xaf,0x0d,0xb2,0xa4,0x87,0x20,0x8b,0x1c,},{0x16,0xde,0x2c,0x89,0x4a,0x50,0xcb,0xd4,0xca,0x90,0x41,0x9a,0x4c,0xa6,0x49,0x42,0xcb,0x14,0xbd,0x33,0x5c,0x5d,0x3f,0x4a,0x53,0xe2,0x39,0xc2,0x80,0xbd,0xa7,0x25,},{0xf4,0xb6,0xeb,0x1a,0x8d,0x95,0x0e,0x88,0x7f,0xd2,0xf3,0x0f,0x70,0xa2,0x3b,0x41,0x87,0x14,0x95,0xbf,0xa5,0xb8,0xa4,0xad,0x39,0x96,0xcd,0x9b,0xf5,0x1e,0xb7,0x42,0xe0,0x7f,0x4c,0x4d,0x2d,0xa4,0xb0,0x1a,0xb0,0x87,0x36,0x7a,0x50,0xe2,0xb6,0x5b,0x3c,0xef,0x51,0x4e,0x40,0xd8,0x37,0x54,0x0b,0x8c,0x89,0x96,0x64,0x85,0x91,0x0f,},"\xbf\x60\x7e\x8b\x6e\x14\xd9\xc8\xac\xd9\x68\x15\xaf\x0c\x03\x5a\xc7\x3c\x41\x04\xc9\x37\x86\xcc\xc1\xc9\xf8\x59\x39\x5d\xd7\x81\x90\x03\x20\xeb\xf3\x56\xaa\x99\x1c\xdc\x9f\x50\x3f\xce\xe9\xf8\x36\x75\x88\x8a\x7d\x59\x20\x02\xd2\xa5\x4a\x57\x3a\x96\x99\x4b\x3f\xa8\x65\x53\x8c\x61\x7e\xd8\xad\x1f\xf6\x20\x18\x28\x8a\x67\x4f\x44\x9b\xe0\xaa\xb5\x22\x2f\x74\xc4\xfd\x47\x5e\xd6\xa8\xdf\xb2\x7f\x45\x28\x7b\x22\xb2\xb6\xc3\xbd\x15\x17\x9f\x26\x7d\x15\x7d\x7d\x8a\x41\x59\x67\x9b\xe8\x5b\x25\xc2\xbb\x2b\xa8\x50\xaa\xed\x9a\xe3\xae\x57\x1b\xe4\xf7\x58\x36\x32\x9c\xf3\x6f\x41\x2c\x1c\x80\xf1\x41\x3b\x76\x61\xea\xb4\xa8\xe1\x1b\x60\x24\x24\x4f\xc6\x23\x23\xff\x02\xe3\x8a\xce\xb1\x73\x7b\xd4\x74\xbf\x1e\x98\x01\x5d\xbc\x78\x8b\x02\x7b\xbe\x21\x7c\xf4\xe7"},
+{{0xd3,0x02,0x84,0x31,0xce,0x2e,0xef,0x73,0xbd,0x94,0x0a,0xb8,0x4c,0xa2,0x9f,0x13,0xfb,0x26,0x43,0x6a,0xa2,0x5e,0x1b,0x7b,0xf2,0x6c,0xb3,0x3f,0x17,0xfd,0xf8,0x17,},{0x63,0xdf,0x20,0x3e,0x28,0x60,0xba,0xc4,0xd3,0x52,0xe7,0x22,0xc1,0xc9,0x1f,0xe3,0x77,0x6e,0x1c,0xbc,0xae,0x85,0x53,0xa4,0xf1,0x98,0x90,0x26,0x0b,0xf0,0xe4,0x57,},{0xce,0x97,0x29,0xa9,0x6c,0x3e,0xd2,0x89,0x43,0xb2,0x78,0x39,0xc7,0x33,0x82,0xec,0xd5,0x72,0x96,0x0c,0x1f,0x9e,0x90,0xc5,0xef,0xf9,0xdd,0x49,0x9f,0xf4,0x8f,0x17,0xd2,0x5e,0xdd,0x12,0x68,0xef,0xfe,0x41,0xee,0x6a,0x81,0xce,0x48,0xd8,0x4d,0xe5,0x13,0xdf,0x9c,0x41,0x44,0x26,0x21,0xb2,0xf5,0x49,0x1e,0x34,0x6b,0xe1,0x8c,0x04,},"\x08\x63\x35\xd6\x12\x75\xd1\x68\xea\xac\x05\x40\x47\x7f\x50\xd4\xb1\x5f\x9e\x50\xb9\xbe\x69\x39\x21\xed\x54\xa9\x94\x1b\xc4\x06\x43\xcd\xa6\x2e\x1d\x80\x5d\x02\x50\xa8\x11\x46\xbd\x5f\xe2\xd3\x9e\x81\x44\x4d\x21\xe2\xb2\x1b\x03\x1c\x11\x13\x06\xca\xcb\xf5\x27\x17\xf6\xfb\x4c\xd3\x41\x6f\x12\x15\xf8\xdd\xdc\xed\xd2\xf0\x09\x6b\x0f\xcf\xa0\xa6\xcc\x2c\xde\x7a\x2b\xab\x7f\x1e\x32\x79\x0b\x53\x61\xdf\x36\x71\x42\x4c\xc7\x22\xf2\x31\xbf\x71\x89\x5b\xcd\xcb\x7b\x22\xee\x07\x4e\x8f\xb4\xa9\x67\x85\x04\xe7\x35\x36\x6c\x17\x2f\x07\x63\x7b\x7a\x93\x14\x9b\xb2\x1f\x38\x88\x33\x78\xa1\xdb\x27\x3f\xc2\x32\x39\xe3\x53\x37\xf9\xce\x56\x6d\x8d\xdf\x3b\x31\x33\xca\xd7\xf2\xce\x81\xed\xb5\x03\xce\x1d\x27\xc5\xa6\x57\x16\x0b\x78\xdc\xa9\xae\xae\xa3\x79\xbe\x9c\x85"},
+{{0xee,0x89,0x85,0xdc,0x27,0x50,0x44,0x40,0xa8,0x75,0x8d,0x4c,0x53,0xe4,0x22,0x52,0x15,0x79,0x7a,0x00,0xcd,0x86,0x31,0xd5,0x9b,0xd9,0x3b,0xc6,0x6f,0x37,0x3d,0x5e,},{0xcd,0x64,0x7b,0xb0,0x65,0x69,0x3d,0x48,0x65,0x89,0x15,0x6a,0x9f,0xa2,0x61,0x43,0x75,0x34,0xdc,0x86,0xf4,0x6f,0x72,0xd0,0xa8,0x00,0x39,0x9a,0x7a,0xf0,0x10,0xf7,},{0x5b,0xd6,0x0a,0xd5,0xe9,0xba,0xd9,0x93,0x2c,0xa9,0xc7,0x5f,0x23,0x1a,0x76,0x88,0x9a,0xe7,0xa8,0xb8,0x64,0xb9,0x1d,0x1f,0xcb,0xa5,0xc5,0xd4,0xbf,0xa1,0xd9,0x28,0x38,0xad,0xb9,0x74,0x84,0x2a,0x07,0x10,0x77,0x9b,0x3e,0x30,0x94,0x04,0x49,0x09,0xe9,0x2c,0x7c,0xf0,0x46,0xce,0x51,0x9f,0x4c,0x68,0xe8,0xf1,0x9e,0xc0,0x3c,0x02,},"\xf2\x22\x04\x85\xad\xdf\xeb\xce\x02\xa8\x33\xac\xa3\x33\x81\xd1\xdf\x91\x7e\xd6\x09\x95\x0e\xd2\x4f\x85\xe3\xb0\x2b\x2b\x99\x4b\x4d\x93\x97\x84\xe3\x32\xf4\x10\x64\xc8\xb4\xa2\x63\x0a\xb3\x69\x61\x74\x2a\xa1\xcf\xfd\xcb\x08\xc1\x44\xee\xae\xde\xaf\xd4\x8b\x5d\xbe\x96\xbf\x24\x35\x0e\x14\xfd\x68\x28\x6b\xc0\x8e\xea\xef\x8b\xc6\xad\x9e\x19\x5d\x14\x84\xaf\xcd\x30\xaf\xa8\xce\xd4\x84\x81\x26\xd5\x6c\x81\xb4\x3c\x27\xa5\xdb\xbd\xec\x1a\x50\xc1\x10\x62\xce\x21\xc6\x1d\x86\x0c\x25\xa8\x62\xfb\xb7\x5c\x3b\xd5\x1c\x8d\xc0\x76\x36\x66\x86\x69\xbb\xf7\x51\xea\xca\xcc\xb3\xb5\x1d\x2c\x0d\x41\x40\x31\x6c\xfc\xe2\xeb\x18\xd2\x90\x8c\xec\xd5\xa1\x88\x67\x9b\xc5\xf5\xde\x29\x0f\x54\x8e\x7e\xbc\x57\xd4\x1b\x58\x9a\x24\xce\x88\xee\x48\xd9\x7e\x8d\x0c\x7c\x76\x99\x60"},
+{{0x80,0xdf,0xe2,0xbf,0x73,0x87,0xba,0xd4,0x65,0x4e,0xb0,0x76,0xf8,0xda,0xe9,0x59,0x51,0x63,0xe4,0x01,0x27,0xf5,0xdf,0x49,0x2d,0xad,0x7d,0xf0,0x4c,0x72,0x21,0xc4,},{0xd1,0x78,0x3c,0xee,0xb9,0xcf,0x8e,0x4d,0x07,0x76,0x4c,0x47,0x3f,0xa4,0x06,0x1b,0x82,0x74,0x39,0x71,0x03,0xf2,0x07,0x6d,0x70,0x32,0x49,0xd7,0x58,0xb8,0xfb,0xd5,},{0x27,0x27,0x9e,0x3c,0xdc,0xb0,0x3e,0xf5,0x57,0xa5,0xde,0xfc,0x2f,0x6c,0x58,0x12,0x8a,0x6d,0xc3,0xf8,0xb0,0x38,0x59,0x58,0x01,0x4e,0x70,0x9c,0x1f,0x61,0xb0,0xae,0x6b,0x40,0x35,0x76,0xf0,0xe4,0x54,0xd5,0xe4,0xc6,0x4c,0x17,0x31,0x38,0xee,0x4b,0xbd,0x5f,0xe7,0xb6,0x0d,0x06,0xc5,0xab,0xe2,0x3f,0xe9,0x9e,0xe3,0xb4,0x6a,0x00,},"\xaa\x09\xd7\x84\xbb\x09\xdc\x99\x99\x31\xeb\xb4\xc0\x0e\x42\x4c\xef\xec\xa1\x04\x81\x8d\x8e\xaf\x06\x61\xf0\x97\x28\xad\x02\x5e\xf4\x73\x93\x21\x05\x71\xf1\x74\x04\xe9\xaa\x6d\x8c\xbd\x5f\xd8\x8c\xd7\xdf\xb8\xe2\xe8\xa1\x08\xc0\x5d\xe2\x06\xf3\x40\x82\x34\xa3\xb4\x63\xdb\xe7\x1a\x07\xd0\x55\x87\x32\x45\x24\xb7\x32\x6e\xe7\x9d\x33\x48\xdd\xbe\xd7\x87\x1b\x86\xfc\xb4\x88\x03\x1d\xc9\xea\x93\xf6\xb8\xd7\xfd\xa6\x23\x93\x48\xa5\x62\x44\x4f\xaf\x1e\x72\xd3\x1a\xf3\x54\x43\xe9\xdf\x53\xe7\x62\xf3\xe5\x6b\x48\x66\x8f\x97\x84\xb3\x36\x8a\xb2\x78\xa4\x8e\xf4\x54\x6a\x26\xcf\xad\x0d\x0a\x51\x61\x69\x8f\x26\xee\x8d\x34\xfc\x2b\x3d\x6d\xfb\x93\xb0\x09\xac\x29\x6f\x6a\xfe\x48\x7e\xe3\x35\xea\xc9\xf0\x2c\xfc\xae\x5f\xcb\xd1\xa1\x6b\xa4\xe7\x1b\xe1\xb1\x12\x56\x2f\xc2"},
+{{0xda,0x1f,0x86,0x85,0x42,0xcd,0x7c,0xce,0x7a,0x5c,0xa3,0xfa,0x3c,0x24,0x08,0x1b,0x4d,0x23,0x44,0xb2,0x1a,0x15,0x7f,0x02,0x64,0xa3,0x47,0x13,0x2d,0x19,0x65,0x9d,},{0xcb,0x3a,0x25,0xa5,0x3f,0x27,0x2e,0xa8,0x13,0x80,0x44,0x68,0xd6,0x50,0x0e,0x96,0xa1,0xea,0xf8,0x22,0x70,0x5b,0x77,0x90,0xa8,0xac,0x3e,0x98,0xcc,0x4e,0x52,0x4b,},{0x75,0xc5,0x17,0xad,0xe4,0xf0,0x8d,0x77,0x46,0x30,0x57,0x43,0xd1,0xa7,0x76,0xc3,0xc5,0x5e,0xb5,0xee,0xdf,0xdf,0xcb,0x5e,0xb1,0xd5,0x63,0x4a,0x1b,0xda,0xf7,0xa4,0xb8,0xd2,0x41,0x87,0xd6,0xc8,0x85,0x0e,0x3c,0xed,0x65,0x67,0xa0,0x3c,0x4c,0x59,0x38,0x9a,0x4c,0xf4,0x71,0x14,0xce,0x54,0x73,0x16,0x0f,0x23,0x05,0x46,0xe6,0x0d,},"\xc6\x98\x7e\xf3\x80\xd5\xd0\xe7\x41\x96\x44\x3a\xaa\x3a\x32\x35\x6c\xbc\x02\x63\x6c\x5a\x4b\x6d\x62\xa8\x11\x4b\x21\x11\xbc\x1a\xbd\xdd\x9e\x44\xb3\x67\x2c\x18\xb5\x8d\x4e\xf5\x91\xaf\x45\x62\xe0\x20\x04\x9f\x8e\x12\x74\x68\x8e\x1f\x8e\x52\x96\xd2\xf9\x25\x2e\x7f\xc8\x4c\xd1\xd0\xc5\x8e\x98\xf0\xf1\x60\x53\x0a\xa2\x2c\x87\x1e\xef\x65\x2e\x71\x97\x4c\xe9\x1b\x4a\x65\xfc\x25\xfd\x09\xfa\x1b\x6c\x32\x08\x6e\x98\xec\x70\x8d\x9a\xbc\xb1\xd9\xcc\x8e\x1a\x08\x9e\xd8\xdb\x22\x06\xee\x95\x70\x23\x6a\xd6\x9b\x3d\xe6\x82\x18\x62\xfd\x2c\x70\xcd\x83\xa3\x2a\x68\xb0\x48\x62\x29\x55\x3d\x92\x8d\xe4\x8d\x03\xa1\x04\xe8\x73\x81\x96\x4a\xbe\xa7\x66\x83\x97\x6d\x52\x7c\x84\x16\x3a\x12\xee\xe0\xa5\x59\x86\xcf\x14\x31\xe9\xc8\x6c\xba\x81\x82\xca\x94\x68\x9b\xac\xd1\x65\xfb\xce"},
+{{0xf1,0x3d,0xae,0xc0,0xef,0x33,0xdd,0xd1,0x33,0xc7,0xd2,0x44,0xd1,0x0f,0xd2,0x7d,0xdb,0x23,0x70,0x52,0x80,0xff,0x5f,0x18,0x15,0xf0,0xf6,0x56,0xd8,0x36,0xfe,0x84,},{0x2d,0xc7,0xf1,0x36,0x7d,0xe6,0x72,0xc5,0x1e,0x00,0x5c,0x74,0xf8,0x76,0xf9,0x82,0x59,0x39,0x96,0x87,0x3a,0xcb,0xa0,0x79,0x29,0x27,0x34,0xc2,0x09,0xc2,0xb1,0x11,},{0xdb,0x77,0x18,0x33,0xf7,0xfd,0xba,0xcd,0xab,0x2b,0x5c,0xc8,0x0e,0xed,0x50,0xaf,0xdf,0x13,0x78,0x3b,0x7f,0xe5,0xe9,0x03,0xd5,0xdb,0xb4,0xc2,0xe5,0x35,0x31,0x6a,0x6e,0xef,0x4c,0x34,0xf0,0x04,0xd2,0xb9,0xa4,0xe2,0x70,0x0b,0xd6,0xe2,0xac,0xdd,0x56,0x4c,0x3c,0x80,0xcc,0x68,0xa3,0x03,0xf5,0xfb,0x09,0x1c,0xb4,0x34,0x0f,0x0a,},"\xec\x02\xff\x18\x04\xb2\xb3\x09\xaf\x31\x58\xb6\x62\x72\xa1\x4a\x3a\xad\x83\xc4\x1a\x71\x98\x46\xf7\x08\x8c\xa9\x79\x2a\xf5\x75\xc7\x89\x13\xc4\x32\x75\x9f\x0b\x9a\x74\x8b\xdc\x55\x68\x49\x6e\x41\x65\x8c\xc1\xcd\xb8\xda\x6c\x91\xd0\x7c\x3e\xc2\xf4\xaf\x50\x42\x49\xb9\x96\xaa\x00\xc0\x07\x1c\xdf\xa7\x93\xf8\x2d\x0e\xc5\xd2\x67\x26\x2f\x51\x8f\xc0\x29\xb8\x8e\x20\xb6\x20\x1f\xb9\xe0\x5a\xbd\x3f\x95\x24\xc5\xda\x2f\xa8\x97\x8f\xf2\xef\xd4\x81\x20\xcf\x00\x82\x2d\x1b\xee\x90\xdf\x81\x61\x25\xd8\xed\xc0\xcf\xb5\xde\x66\xd1\x6b\xe6\x38\x96\xa4\x12\xa6\x2b\x03\x1b\x71\x18\xac\x13\xfe\x2c\x9f\xaa\x6b\x1a\x33\x42\xf9\xcc\xf7\x88\x41\x66\xcf\x48\x9a\x84\xde\x26\xb5\xce\x5b\x21\x85\x6a\x3a\xf2\x89\xbc\x66\x22\xc0\xaa\xb9\xf2\x14\x2d\x39\x3f\x5d\x4b\x23\x67\x79\xdb\xb0\x66"},
+{{0x42,0xdc,0x16,0xc5,0x7f,0xb6,0xf1,0x28,0x94,0x5f,0xa1,0x01,0xe0,0x5b,0xbf,0x54,0x8e,0xf7,0xd9,0x77,0x26,0xb6,0x92,0xfe,0x40,0x40,0x69,0xcc,0x57,0xcc,0xef,0xa0,},{0x0a,0x1b,0xa5,0xdf,0x52,0x39,0x96,0xf9,0x54,0xb3,0x4d,0xdc,0xfa,0xba,0xd3,0xf3,0xde,0xe2,0x1a,0x5f,0xa7,0xa4,0xce,0x32,0x2d,0x21,0x6b,0xd8,0xcc,0xaf,0x43,0x8c,},{0xc7,0x59,0x77,0xe8,0x3b,0xcf,0xe9,0xdf,0x72,0x92,0xa8,0x60,0xed,0x97,0x25,0x55,0xb5,0xc2,0x44,0x16,0xfd,0x4b,0x7e,0xe3,0x28,0x53,0x88,0xfa,0x5b,0x14,0x47,0x60,0x8e,0x4a,0x34,0x78,0x13,0xcf,0xe0,0x93,0x51,0x2a,0x76,0x51,0xe4,0x22,0xe9,0x86,0x7d,0xb7,0xb9,0x7c,0x0b,0x08,0x67,0xf0,0xb8,0xc7,0xb7,0xf4,0xf0,0x2c,0x31,0x0d,},"\xf2\x71\x4c\x23\xa3\xa6\xfc\x11\xad\x15\xc9\x80\xb7\x35\x0f\xc8\x42\x17\x87\x76\x61\x18\x80\x55\xff\x75\x0d\x82\xc4\x9c\x5f\xef\x7b\xc8\xe6\xaa\xc5\x74\xa1\xb7\x9a\x3f\x26\xd1\x69\x69\xc0\xf4\x06\xee\xab\x3e\x9e\x12\x85\x0a\x55\x70\x97\x45\xe3\x0d\xff\xa6\x2a\x69\xdf\xb2\xb6\x4b\x3c\x1b\xd2\xbc\x35\x86\xe2\x6d\x4e\xea\x71\x4d\x2a\x7b\x71\xcf\x79\xfb\x8f\xfb\xf2\xaa\xad\x00\xca\x3e\x4f\x2b\x6f\x50\x3c\xc1\xfe\xf2\xea\xb3\x65\x6f\xb4\x4f\x8d\x62\xa8\xdb\x8a\xb5\x8f\x39\x46\x93\x94\x9e\xea\x57\xfa\xfe\xcf\x00\x5f\x6e\xbf\x12\x87\xdb\xa4\xd2\xd6\x23\xc0\x2e\xa1\x71\xf5\x67\xe5\x26\xad\xd2\x07\x09\xeb\xca\xb9\x62\xf8\x3d\x98\xef\x66\x8e\xbd\x01\xef\x20\x48\x8b\x36\x65\xe3\xa4\x46\xfb\xfb\x13\xd3\x40\x50\x94\x2c\x74\x9b\xb2\xdf\xfc\x76\x63\x67\xfd\x45\x2e\x68\xe5\xb0\xc6"},
+{{0x90,0xb4,0x55,0xc6,0xbb,0x9c,0xec,0x83,0xe1,0x37,0x35,0x70,0x65,0x33,0x9d,0x03,0x05,0x25,0xd0,0xea,0x7f,0x5b,0x92,0x3a,0x2d,0x59,0x72,0xc3,0xc1,0x2a,0xa3,0x7b,},{0x5c,0xef,0x03,0x8c,0x16,0xbf,0xa4,0xb4,0xc9,0x23,0xa0,0xfe,0x70,0xcd,0x7f,0x25,0xc8,0xbc,0x83,0x7f,0xdf,0x5a,0x7e,0xfb,0x9d,0x95,0xf2,0x1b,0x96,0xbe,0x92,0x5a,},{0xc9,0x34,0x5e,0xec,0x2c,0x4a,0x0a,0xec,0x73,0x23,0x86,0x49,0x4a,0x69,0xa3,0xfc,0xe8,0xb8,0xa1,0xbe,0x36,0x6b,0xbe,0xd1,0x65,0x9f,0x13,0x1f,0xe9,0x7c,0xc0,0x37,0xfb,0x1b,0x7c,0x1b,0x68,0xb0,0xf3,0x02,0x39,0x45,0xd2,0x00,0x90,0xa0,0xcd,0x2c,0x15,0x53,0xa4,0x7f,0xae,0xc4,0xd6,0x6f,0xd8,0x16,0xce,0x12,0x11,0x68,0xf3,0x09,},"\xc6\x2c\xfd\xb9\xd2\x1e\xee\x6b\xe4\x7f\x30\x72\x7a\xae\xe5\x1f\x07\x03\x78\x9a\x43\x1d\x32\x22\x85\x33\x35\x02\x17\xa9\x3a\x18\x90\x06\x69\xc9\x59\x56\xf3\xf2\xae\x90\xdc\x74\x5a\x71\xe1\x83\x40\xd0\x58\xd1\x6b\x4c\x6f\xe3\x3b\x64\xaf\x8d\xad\x97\x3f\xe5\xdc\x02\xe8\x52\x07\x05\xc7\xa8\xbb\x3c\xcb\xe1\x83\x8c\x6c\x24\x93\x37\xf9\xb6\xa4\xc0\xe1\xf8\xa4\xe5\xd1\x03\x19\x6f\xa7\x99\x98\x92\x3d\x04\x22\xe9\xd0\x79\xa7\x2c\xc2\xa8\xf8\x6d\x65\x90\x31\xa6\x07\xd4\xcc\xa0\xb9\x47\xb3\xab\xee\xee\xf6\x4c\x28\xda\x42\x0d\x05\xde\x66\x5a\x55\x10\xfe\x55\xf7\x75\x98\xec\xad\x7f\xaa\x0a\xc2\x84\x80\x0b\x53\x82\x93\x94\xc4\xae\x90\xbe\x66\x67\x8f\xf0\x4a\xb4\x6d\xa2\x65\xae\x06\x40\x2d\x8c\x83\xca\xd8\x4d\x61\xa0\x51\xde\x02\x60\x55\x98\x88\xe7\x79\xf7\x4b\x72\xa5\xd7\x1c\x13\x2f"},
+{{0xdc,0x18,0x5c,0x2b,0xa0,0xb3,0x78,0xdf,0xe5,0xdd,0xa5,0x10,0xc3,0x2f,0xef,0xf5,0x35,0xca,0x2e,0x8a,0x02,0x43,0x4b,0x32,0x6e,0x01,0x58,0xbc,0x87,0x8e,0x88,0x48,},{0x33,0xd6,0xcc,0x05,0xa4,0x34,0xe4,0x19,0x28,0x0d,0x58,0x64,0xa1,0xaf,0x20,0x9a,0x2c,0x67,0x68,0x14,0xb7,0x0f,0x72,0xf8,0x14,0x1a,0xc7,0xe0,0x57,0x3e,0xe6,0x3e,},{0xf1,0xe4,0x45,0x14,0xd2,0xec,0xbc,0xc8,0xd1,0xa7,0xe8,0x4b,0xf5,0x84,0xce,0x73,0x18,0x35,0xe9,0x89,0x4f,0x88,0x97,0x4f,0x09,0x8d,0x45,0x6b,0x60,0x71,0x8f,0x57,0x5e,0xf4,0xd8,0x06,0x2f,0x21,0x82,0x50,0x42,0x50,0xcf,0x83,0xbb,0x2a,0xf2,0xa7,0x9b,0x1f,0x58,0xa6,0xa9,0x7b,0xd9,0x8d,0xa4,0x67,0x13,0x2d,0x7b,0xec,0x2f,0x05,},"\xe2\x76\xb1\x19\x12\xcc\xa5\xa8\x4b\xba\x65\x0c\x17\x2a\xef\x3a\x4d\x5f\x91\xac\x72\x29\x13\xbb\x89\x1a\x3a\xb0\x42\x4a\xb0\x7e\xa7\x09\xcb\x8b\xba\x3a\x3d\x11\xf8\x2f\x51\xc2\xaf\x01\x62\xa8\x2f\x72\x19\xce\x27\xb3\x5a\x30\x50\x7d\x53\x6a\x93\x08\x17\xe4\x0f\x85\xa2\x2a\x5a\x43\x2b\x94\xd1\x92\xc3\xc8\x91\x17\x77\xcf\xdb\x7f\xe9\x37\xa6\x75\x02\x77\x0d\x6d\x75\x75\x3d\x3a\xe8\x82\x29\xe0\x8f\x1e\xd2\x3b\x43\x28\xd8\x62\xac\x61\x86\x3c\x06\x3e\xa9\x84\x8f\x8a\xb9\x6a\x02\x13\xd7\xb9\x36\xc4\x8f\xe7\x54\x83\x6c\x98\x48\x78\x59\xd1\x99\xb3\xd9\x40\x39\x27\x16\xa1\xd5\x69\xe6\xc0\xcb\x1b\xa9\x18\x93\x2c\xf8\x85\x25\xe2\x56\xc8\xab\xb1\x1a\xaf\x0b\x45\x46\x55\xd5\xdb\x55\x71\x3c\xeb\xba\x28\x7a\xe2\x02\x65\x1a\xc8\x72\xbf\xc8\x0f\xea\xa7\xe0\x0d\x47\xc0\xbe\x38\xe6\x58\xf7\xc5"},
+{{0x90,0x72,0x1c,0x43,0xbc,0x36,0x6f,0x24,0xbf,0x4e,0x8c,0x99,0x3e,0x13,0x80,0x24,0x68,0x2f,0x10,0x29,0xdb,0xa3,0x5a,0xbe,0xb0,0xd6,0x0c,0x7f,0xa7,0x10,0x02,0x1c,},{0x7c,0x63,0xa2,0xf1,0x3b,0x7b,0x22,0x0a,0x0b,0xb7,0x52,0xe3,0x80,0x07,0x53,0xb8,0xb6,0xb3,0x26,0x69,0x37,0x8c,0xe1,0x31,0xbb,0x77,0xa9,0xa8,0xd2,0x30,0xe9,0xae,},{0xd2,0x06,0x4a,0x6d,0x6c,0x99,0xc6,0xc3,0xf1,0x52,0xd2,0xd4,0x35,0xf2,0x4e,0x34,0xb5,0x45,0x9b,0x08,0x2e,0xf1,0x1e,0x94,0x4a,0x77,0xff,0x54,0xdd,0xf9,0x86,0x27,0x37,0xec,0xb2,0xac,0x8d,0x54,0x20,0x7d,0x36,0xc5,0x1a,0xd4,0x1f,0x36,0x49,0x0a,0x11,0x1b,0xa8,0x0e,0x12,0x6b,0xfe,0xcb,0x09,0xde,0xf6,0xac,0xcb,0xdf,0x88,0x0e,},"\x65\x1c\x96\x17\xca\xc9\x58\xc7\xed\xd4\xa5\xf3\xfe\xdf\xb8\x3d\xc9\x71\xab\xfb\xb6\x9a\x31\xe8\x98\xcc\xa8\x47\x2e\xf0\x68\x03\x4a\x6d\x23\x76\xee\x0e\x72\xd0\xa9\xbf\xee\x27\x57\x96\xc3\x79\x5a\xda\xc8\xeb\xe1\xd1\x2b\x66\xec\x26\x8f\x6b\x75\xfa\x39\x41\x15\x4f\x99\xe2\x23\xfa\xf2\xcb\xab\x5b\x92\xe2\xb3\xba\x7b\x79\xbe\x77\x00\xef\x9d\xba\x69\x25\x3c\xce\x53\x56\xb0\xc4\xe7\x47\x03\xcf\xca\xfd\xb5\x54\x68\x50\xb4\x62\x32\x67\x5c\x90\xc0\x2d\x5e\x42\x6d\x33\xd6\x0c\xeb\xf0\xc7\x93\x01\x82\x37\x9d\xbb\x00\x7f\x53\x61\x63\xc8\xdd\xbb\xd3\x15\x7b\xb2\xda\x62\x34\x01\x33\xf0\x0a\xe2\x68\x2e\xc6\xba\xa6\x41\x6b\x5a\x01\x52\x1c\xc1\x0e\x04\x69\x52\x95\xf2\xe5\xb9\x4c\x05\xf0\x03\x83\xff\xe9\x54\x83\x07\x97\xf6\xdf\x82\x31\x72\x53\x2f\x98\x16\x5f\xe3\x14\xab\x32\x59\x29\xaf\x83\x85"},
+{{0x9c,0xec,0x24,0x67,0x58,0xe4,0x12,0xe7,0x37,0x8b,0x45,0x79,0xea,0xfe,0x9f,0xac,0x5a,0x25,0xd5,0x40,0x5f,0x92,0x70,0xb5,0xd7,0xe5,0x43,0x41,0x4e,0xc3,0xd5,0xda,},{0x97,0x5a,0x9e,0x6a,0x15,0x2c,0xae,0xbb,0x2f,0x9d,0xd0,0xde,0xb7,0x6d,0xd9,0x22,0xb6,0xdc,0x77,0x05,0x5d,0xda,0x03,0xfb,0xae,0x9e,0x7c,0x68,0x5d,0x07,0x3a,0xa1,},{0x9b,0xad,0x1e,0x3b,0x12,0x79,0xef,0x65,0x8f,0x4d,0x07,0x16,0x44,0xc6,0x3a,0xe2,0xb7,0xa7,0x80,0x35,0x7e,0x9d,0xc4,0x26,0xf1,0x65,0x0e,0xc0,0x63,0x4d,0xfc,0x52,0x0f,0x8e,0xda,0x9d,0xc8,0xf1,0x0a,0xa7,0x32,0x4c,0x59,0x42,0xd2,0x34,0x7f,0xf8,0x80,0x2b,0xd9,0x0e,0x95,0xfc,0xec,0x31,0x33,0x52,0xcd,0xae,0x64,0xf3,0x2a,0x04,},"\x17\xec\x9b\xd4\x7a\xdd\x6c\xcf\xbd\x78\x7a\xf0\xd9\x01\x3e\x9c\xc9\x79\xaa\xf8\x50\xe0\x94\x26\xd3\xb2\x8e\xdf\xd7\x12\x96\xeb\x31\xff\x8b\x21\xc5\xfe\x7b\xe0\x50\xf5\x36\x32\x4c\x3e\xc4\x88\x50\xe0\xb5\x08\xa3\x6b\xb4\xcb\x7e\x75\x4b\x32\x71\x83\xa1\xb3\x94\xd8\x8a\x79\x41\xd1\xce\x8d\xac\x62\xa5\xd8\x29\x18\x74\xd7\x84\x85\xe5\x1f\x29\xed\x05\x86\x5a\x20\x6e\x52\xec\xb1\x2c\x5d\x10\x7d\x4f\xf9\x6f\x25\xd3\xc5\xd1\x81\xd2\xc4\xba\x64\x63\x60\x0d\xb1\xcc\xa3\x28\x57\xfc\xf5\x97\xcb\xdf\xb2\xfd\xa2\x70\x8a\x8a\xba\x28\x1b\x43\xc3\xd2\x8c\x4a\x4e\x79\x83\x36\x15\x09\xf6\x1a\x10\x74\xe6\xf0\xad\x61\x01\xc7\xb5\x67\xee\x40\x78\xe9\x83\x9c\x47\xf4\x65\x31\xb7\x29\xff\x0e\xfe\xef\x7c\x9d\x1a\x8d\x83\x3d\x9c\x0f\x42\x81\x2a\x34\x18\x7c\x3a\x77\x8c\x16\x5c\x09\xd6\x45\x9c\x9c\x7c\xea\xa2"},
+{{0xd1,0x40,0x3f,0x63,0x20,0x2e,0x08,0x05,0x25,0x84,0x3b,0xde,0x25,0x5e,0xeb,0x6b,0x67,0x83,0xc1,0xca,0xae,0x9d,0x6e,0xd0,0x0b,0xa6,0x08,0x05,0xbe,0xd1,0x94,0x1f,},{0x23,0x8a,0xea,0x3a,0xd6,0xd6,0xf2,0x77,0x83,0xe7,0x05,0x16,0xbb,0xfc,0xca,0x47,0x70,0x36,0x6b,0x50,0xed,0x0f,0xe6,0xa4,0xe9,0x66,0xb5,0x3a,0xf1,0x21,0xa7,0x21,},{0x8e,0x60,0xe7,0x3c,0x06,0x38,0x16,0x79,0x5e,0x29,0xf5,0xd6,0x4e,0xce,0x11,0x59,0xf1,0xb5,0xd5,0x02,0x1a,0x6f,0x8f,0x65,0x5e,0x26,0x1a,0x4d,0x00,0x26,0xf5,0xb9,0x4f,0xf2,0x92,0x32,0x50,0x49,0x9d,0x99,0x52,0x98,0x48,0x05,0x12,0xe4,0x12,0x62,0x76,0xaa,0x4a,0x22,0x6d,0x01,0x5a,0x95,0x82,0x7b,0x3c,0xe6,0x92,0xe2,0x33,0x02,},"\xc4\xf1\x7d\x44\x2f\xba\x4c\xa0\xdf\x8d\xc1\xd0\x62\x8d\x7d\x7f\x36\xb6\x0b\x57\x58\xd7\xc1\x3b\x80\xb8\xf9\x7a\x62\x12\x4d\x96\xa2\x3b\x27\x95\x65\x49\x5a\x8a\xcc\xab\x59\x97\x11\x5b\x13\xa4\xba\x22\x0a\x73\x95\x7e\xb7\x93\x05\x20\xac\xbb\xfb\x6f\x54\xcf\x68\x72\x6b\x64\x50\xc6\xff\xa9\x47\x0b\x05\x5e\xa2\x62\x91\x4e\x2b\xc6\x12\x63\x3f\x1a\xc3\xd0\x61\x8a\x23\xdf\xf1\x88\xa7\x33\xd7\x6b\xcb\xcc\x46\x0f\x52\xab\x61\xe1\x99\x38\xf9\xc8\xca\xaa\x79\x2c\x20\x8d\x1f\x6c\x75\x47\x28\x90\x5f\xda\x51\xd8\x81\xa3\x47\xa5\x3d\xa7\x44\xd3\xba\xad\xc0\xa7\x6c\x47\x4c\x55\x86\x80\x26\x90\x95\xf9\x08\x4a\x74\x47\x1d\x5c\x09\xff\xc2\x91\x41\xb5\xbf\xaf\x49\x54\xdf\xac\xbc\xa6\x63\xd0\x37\xb1\x7e\xbf\x95\x59\x88\x22\x33\xe5\xca\x5a\x8b\xf7\x5c\xca\x4f\xc9\xc5\xa4\x10\x9f\x32\xe1\x45\xf3\x85\x3b\x17"},
+{{0xbd,0xf6,0xbd,0xc3,0x1a,0xb0,0xb5,0x31,0x37,0x84,0x48,0x3a,0xbe,0xca,0x6e,0xa5,0xe9,0xcd,0xc6,0x8f,0x81,0xb2,0x1f,0x35,0x0d,0x09,0xc3,0x90,0x7b,0xb9,0xb6,0xa1,},{0x03,0x62,0x77,0x12,0xb7,0x55,0xe5,0x06,0x9f,0xb9,0xab,0x8f,0x9e,0x89,0x97,0x24,0x02,0x9a,0x7f,0x26,0x8a,0xf9,0x39,0x88,0x21,0xee,0xec,0x93,0x60,0xc9,0x28,0x5b,},{0x38,0xfa,0xc6,0x03,0xed,0x24,0x6f,0x83,0x3f,0x1c,0x0f,0xd4,0x58,0x56,0x98,0xb0,0xa7,0x13,0x05,0xef,0xf0,0xd1,0x4a,0x00,0x49,0xb3,0xce,0xf0,0x73,0xbd,0x03,0x6d,0xd4,0x51,0xb3,0xda,0xba,0xda,0xae,0xae,0xa2,0xae,0xaf,0x83,0xd3,0x95,0x74,0x6f,0x4e,0x86,0x86,0x6a,0xda,0x97,0x1c,0xbe,0x48,0x2e,0xdb,0x04,0x19,0x33,0x2f,0x0e,},"\x90\xa6\x6a\xaf\xa5\x64\x2a\x98\xe7\x9f\x0d\x88\x14\x70\x80\x16\x7b\x11\xe4\x46\x65\x18\xf1\x95\xcd\xdd\x89\x40\xd1\x2e\xe4\x91\x8d\x31\xa6\xd4\xcb\x77\xd0\xbf\x5a\xf2\x99\x83\xbb\xe5\x08\x56\x10\xa7\x9d\xaf\x0c\x75\xa7\x8c\xcb\xcf\xfb\xbd\xab\x21\x89\xc3\x94\xae\x24\xe2\x65\xbd\x8c\x55\xfd\x3f\x40\x98\xe1\xb1\x75\x57\x75\x49\x51\x8e\x7a\x4d\xcf\x74\x52\x08\x6d\xd1\x27\x8d\xd5\x8e\xa4\xc0\xaa\x69\x0e\x91\x79\x51\xef\x39\xfc\xff\x60\xcb\xfa\x1e\x90\x91\x0b\xab\x53\x74\x92\x8d\x47\x22\xf7\x02\xbf\x5a\xd6\x02\x8f\xfd\xa6\x54\x1f\xa5\xba\x1a\x37\x79\xec\x78\xb0\xa9\x5f\xe3\x85\x0c\x74\x8b\x6c\x8f\x42\xf3\x30\xec\x79\x54\x1a\x52\xa1\xcf\x57\xdb\x72\xdf\x4f\x92\xce\x7f\x74\x8a\xee\xf1\xaf\x33\xbc\x5a\xe0\xa8\x2c\x89\xdf\xf2\x16\xf2\x3a\xec\x16\x8a\x7d\xbb\x51\x0a\xa6\x32\xda\xab\xcc\x97\x1b\x3f"},
+{{0x57,0xb3,0xb1,0x4a,0xce,0x1c,0xd0,0xcd,0x60,0x3e,0x63,0x28,0xbd,0x21,0x9e,0xe7,0xd9,0xd0,0x94,0x48,0x7f,0xa6,0x68,0xf2,0x8a,0xee,0xc0,0x2b,0x43,0xc9,0x09,0xa7,},{0x24,0xe6,0xb6,0x39,0x5f,0x97,0xea,0x0e,0x23,0x71,0x86,0xd4,0x69,0xb7,0x19,0x23,0xd2,0x11,0x3a,0xdf,0x40,0x3b,0xee,0xeb,0x4a,0x2d,0x27,0x90,0x9a,0xaf,0x3e,0xda,},{0xfc,0x79,0xfd,0xc6,0xd0,0x90,0x88,0x7a,0x61,0xe4,0x3c,0x6b,0x91,0x87,0xb6,0x57,0xd2,0xe4,0xd9,0xcb,0xaf,0xd6,0xe7,0xca,0xeb,0x7e,0xbd,0xea,0x84,0x28,0x25,0xb7,0x8f,0xb9,0x49,0xd2,0xc4,0x9a,0x0c,0xf3,0x8b,0x6c,0x73,0x29,0x6d,0x82,0xc8,0xdd,0xeb,0x1f,0xe2,0xd4,0x0a,0xad,0xdd,0x79,0x64,0xda,0x68,0xac,0xf8,0xc6,0x6f,0x0e,},"\xb2\xe0\xde\xdd\x80\x2e\xed\x99\x6d\xbd\x58\x36\xbf\x86\x88\xb0\xd1\x20\x1b\xf5\x44\x2f\xf9\xbb\xd3\x51\xae\xef\xe1\xa0\xc2\x1f\xea\x2b\x5c\x9f\xe5\xed\xee\x47\xe9\x21\x09\x9b\x05\xae\xda\xa8\x03\x67\xc1\xce\x08\x82\x1d\x78\x3a\x5b\x64\xcf\x05\x9c\x0f\x43\x35\x08\x39\x86\xa5\xa6\xec\xff\x8c\x84\xfd\x40\xe0\xba\x5d\xd5\xe5\xd2\xf0\x11\x12\xa8\x4c\xe5\xcf\x8e\x0d\xb7\x8b\xeb\x18\x2d\x91\x39\xc0\xb0\xf3\xe0\x06\x0a\x3f\xa7\x38\x69\xe9\x64\x23\xf1\x70\xdf\x9a\xf1\xcb\x9c\x35\x56\x6d\x87\xdf\xf5\x42\x22\x3f\x6d\x43\x9b\xdb\x54\x72\x9d\x36\x6a\xff\x63\x7b\x0f\x36\xa5\xd1\x4b\x15\xd6\x12\xbd\x03\x07\x6c\xc4\xd0\x4c\x1f\x25\xb3\xba\x84\xe0\xd1\xfe\x47\x4e\x57\x18\xd1\xa1\x7d\x5a\x48\x84\x65\x66\x2e\xe4\xc3\xf6\x64\xb4\xc9\x27\x4b\x64\x9d\x78\xce\xa4\xe8\x52\x43\xf3\x71\x32\x39\x04\x8a\x90\x8c\xe3\xe1"},
+{{0x01,0x8a,0x2c,0x3d,0xee,0xa5,0x0a,0xb5,0x06,0x75,0x1f,0x9c,0x2a,0xda,0xad,0xfd,0x9e,0x21,0x92,0x12,0x16,0x09,0x93,0x16,0x84,0xeb,0x26,0x5e,0x19,0x3e,0x7f,0x89,},{0xaf,0x41,0x0b,0xdd,0xde,0xfc,0x64,0x4e,0xf1,0x2c,0x98,0x99,0xff,0x71,0xb9,0xe1,0xd0,0xdf,0xa3,0xd6,0x9d,0x8c,0x2c,0xd6,0x76,0xc1,0x91,0x6b,0x34,0x59,0x1c,0xfd,},{0x7a,0x44,0xe6,0xa3,0x19,0x32,0xde,0xe6,0xdc,0x2d,0x83,0x94,0xe2,0x9a,0x65,0x51,0xd1,0x3e,0x6c,0x6f,0xfd,0xfa,0x21,0x8f,0xa5,0xb9,0x98,0x66,0x8d,0x84,0x39,0xdb,0x5e,0x05,0x37,0x9f,0xbf,0xa0,0xda,0x5b,0x56,0x3e,0xd9,0x66,0x43,0x5a,0xe2,0xc5,0x4e,0x3a,0xd1,0x6e,0x1a,0x9f,0xca,0x1f,0x5a,0x15,0x7a,0x08,0x07,0x04,0xab,0x03,},"\xcf\x78\x13\xef\xac\x12\xad\x1c\x7c\x73\x22\xcc\xbe\x54\xaa\x0e\x9a\x8b\xa4\xfd\x43\x45\xb0\x6e\x4c\xe7\xa3\x5c\x8b\x1c\xd5\xe3\xf7\xf0\x68\x85\x33\x84\x9b\xa2\xcf\x4c\x75\xb6\xf2\x09\x26\xa1\x19\x4a\x72\xdf\x0e\x1b\x1b\x34\x45\x6a\x21\x33\x11\x2d\x00\x67\x22\xfe\x81\x1d\x5e\x40\xc4\x12\x11\x59\xde\xd8\x89\x90\xc0\xac\x2b\xfd\x34\xf3\x5a\xf4\xf0\x7c\xc4\x02\xe9\xa3\x81\xa6\x75\xd0\x3f\xec\x7e\xc4\x38\xc4\xad\x9d\x92\x9a\xec\x8f\x24\x2d\xef\x02\x3c\x99\x3c\x9e\x8b\xa1\x8c\x74\x28\xe8\x8f\xde\x68\xa4\x71\x1e\x50\x6d\x79\x69\xf6\x3c\x8e\x0b\xc8\x3f\xf0\xde\x4e\x13\x36\x10\x6c\x05\xe0\x9d\x59\x22\x40\x0e\x8a\x81\xbf\x54\x88\x56\x67\x89\x97\x85\x88\x2b\x70\xf2\x0d\xd8\xfb\x1e\x75\xf5\x85\x5b\x76\x5a\x25\x6d\xa4\x34\x1b\xf2\x3e\xa0\xff\xa1\x8a\xad\xda\x38\x18\x16\x94\x60\x01\x04\x56\x69\xc8\xd0\x4d\xf0"},
+{{0xbe,0xa4,0x45,0xe9,0xb6,0xd3,0xf2,0x12,0x35,0x91,0x2c,0xd6,0xc4,0x2e,0xc0,0x57,0x72,0x97,0xca,0x20,0xa1,0x03,0x57,0x88,0x0c,0x2b,0x84,0x6d,0xd8,0xe2,0xcc,0x77,},{0x02,0x41,0x74,0x96,0x62,0x21,0x69,0x9e,0xa4,0xb0,0xa3,0x7e,0x51,0x7f,0xf9,0xb1,0x65,0x98,0xae,0x4d,0x4e,0x83,0xbf,0xa3,0xca,0x50,0xbc,0x61,0x68,0x41,0xf5,0x95,},{0x69,0x64,0xb9,0xc5,0x90,0x3e,0x74,0xe9,0x93,0x28,0xac,0xef,0x03,0x65,0x58,0xee,0xcd,0x33,0x69,0x15,0x0a,0x52,0xe2,0xcb,0xad,0x4b,0xbb,0x97,0xd4,0x61,0xb3,0xdf,0xc6,0xb3,0xe8,0x45,0x58,0x13,0xa4,0xf4,0xbd,0xca,0x46,0x30,0x2e,0x02,0xe6,0x83,0xec,0xea,0x18,0x20,0x17,0x1c,0x53,0x8e,0x54,0xc3,0xde,0x6c,0x95,0x4a,0xa4,0x07,},"\x47\x43\xc7\xc0\x99\xab\x81\x59\x27\xb3\x67\x4d\x00\x54\xb6\xde\x59\xaf\x28\x11\xab\xc2\xcf\x7f\xde\x08\xf6\x29\x29\x18\x5a\xdc\x23\x8f\xad\xd5\xe7\x5a\xe3\xba\x00\x36\xff\x56\x5a\x79\x40\x5b\x42\x4f\x65\x52\x33\x1e\x27\x89\xd9\x70\x9a\xc1\xec\xbd\x83\x9a\xa1\xe9\x1c\x85\x48\x17\x59\x79\x58\xcc\x4b\xd9\x1d\x07\x37\x75\x07\xc2\xc8\xd3\xc0\x06\xcf\xeb\x6c\x0a\x6c\x5a\x50\xee\xe1\x15\xe2\x11\x53\xdd\x19\x8e\xa0\xa3\xaf\xf6\x2b\x70\x75\xd5\xa4\x61\x78\x87\x83\xf0\x50\xe6\x59\xc5\x72\x96\x3d\x7a\x59\xe5\xaf\xaa\x2b\x9c\x50\x1f\x43\xc6\xac\x08\xab\x47\x97\xc4\x56\x6d\x22\xb9\x3c\xdf\x65\xa9\x9a\x2a\x1d\x63\x8e\x79\xf7\x2b\x5f\x46\x31\xfe\x5e\x9e\x5f\x96\x8f\x6d\xb7\xa1\x88\x0d\xf5\x1d\x8f\xeb\xc1\x49\x42\x67\x2f\x8e\xa6\xfc\x3a\x72\x81\x4a\x44\xd6\x6d\x14\x84\x20\xa6\x90\x00\xf6\x8c\x33\x0d\xe5\xb8\x0f\xc6"},
+{{0x64,0x47,0x54,0x0e,0xd7,0xbe,0x0a,0x11,0xc2,0xa8,0xde,0x79,0x3d,0x83,0xc6,0xe2,0x44,0x98,0x3d,0xb1,0x8d,0x78,0xec,0x9d,0x75,0xf1,0x72,0x9c,0x92,0xe0,0xfd,0xf1,},{0x39,0x12,0x12,0xc8,0xed,0xc4,0xd3,0x34,0xa5,0xbe,0xc8,0x60,0xef,0x0f,0x5e,0xbb,0x5e,0xc4,0x4e,0x8b,0xb5,0x1c,0x0f,0x67,0x41,0x99,0x89,0x59,0xb2,0xb3,0x79,0xfc,},{0x3a,0xb5,0xf8,0x8e,0x2f,0x72,0x76,0xb5,0xb6,0x58,0x3d,0xff,0xba,0x56,0x39,0x99,0x3a,0x90,0x5d,0xbf,0x9b,0x88,0xce,0xea,0xaa,0xae,0x33,0x35,0x80,0x0e,0x4a,0x5f,0x10,0xf8,0x3d,0xa6,0xd6,0x22,0x5a,0x8d,0xbe,0x99,0xae,0x80,0x07,0x50,0x09,0xdd,0x50,0x87,0x86,0xb3,0x97,0x51,0x13,0xdb,0x47,0x8e,0x14,0xba,0x10,0x1b,0xee,0x0f,},"\xa4\x38\x1c\x76\x38\xc4\x87\x99\xe9\xb5\xc4\x3f\x67\xfc\x3a\xa3\xcb\xb5\xec\x42\x34\xf3\x7e\x70\xcc\xcc\xce\xd1\x62\x7a\x57\x68\x3d\x1e\x53\xf4\xe0\x88\x3d\x8b\x46\x2b\xf8\x3f\x13\x08\x63\x03\x68\xc8\x9b\x49\x15\x33\xdd\xb8\xc9\xa5\xb9\xe8\x15\x50\x02\xfd\xd5\x81\xa9\xa5\xbe\x0e\x43\x0b\x90\x86\xa6\xbe\xac\x47\x20\x21\x0f\x87\xb1\x4e\x86\x2d\x97\xe5\xcc\x69\x28\x67\x86\xa7\x58\x67\x23\xf2\x31\xef\x0e\x3e\x1b\x93\x2d\xbb\xa3\xa1\x8a\x0c\xb2\x21\xcb\x07\xf8\x0e\x6a\x8e\x13\x00\x05\x6c\x13\xe7\x02\xb2\x3b\xfb\x32\x50\xec\x7c\xc8\x64\xd5\xc7\xec\x57\x86\x24\x07\x09\xc5\x60\x24\xea\x6b\xe5\xf7\xb1\x5a\x4f\xa5\x55\x5e\x39\xa7\x44\xa1\xdc\x55\x7d\xf5\xb9\x48\xdb\x22\x0b\x3d\x57\x45\x74\x66\x91\xda\xcb\x44\x21\x64\x1c\xdc\xc1\x2e\x7e\xc0\x45\x02\x93\xf1\x9e\xc5\x7b\x09\xcf\xf1\x35\x84\x7a\xab\xe4\x46\xa6\x13\x32"},
+{{0x0c,0x58,0x7a,0x81,0x1a,0xdd,0x88,0xb9,0x94,0x45,0x8c,0x3c,0x80,0x8a,0xc4,0xe3,0xa8,0x3a,0xfa,0xb2,0x6d,0x4c,0xff,0x5c,0x96,0x1b,0x9d,0xf0,0xb5,0xc8,0x33,0x44,},{0x06,0x78,0x3b,0x0c,0xdc,0xc5,0x02,0x8c,0x56,0x38,0xbd,0x74,0x8f,0x0b,0xc7,0x6f,0x7e,0x94,0xd1,0xaa,0x20,0x15,0xca,0x94,0x87,0x38,0xa3,0x50,0x04,0x60,0xac,0xa0,},{0x33,0xb4,0xf4,0x27,0x4f,0x20,0x00,0x8a,0x72,0x1d,0x1e,0x8d,0x05,0x4a,0x2b,0x4e,0x95,0x32,0x7e,0x38,0xbb,0x07,0xb3,0x3c,0x4b,0xee,0x7e,0x1c,0xe0,0x20,0xa4,0x42,0xfb,0x26,0x27,0xed,0xa3,0xb7,0xac,0x93,0xcd,0x3a,0xb0,0xb1,0x2b,0x99,0x93,0x5a,0x1a,0x92,0x33,0x11,0x16,0x04,0xda,0x4a,0xcf,0xfb,0x53,0x15,0xb9,0x07,0x12,0x0b,},"\xf5\x6d\xc6\xb7\x60\x76\x32\x5b\x21\x26\xed\x11\xd1\xf0\x9d\xec\xef\x9d\x15\xc3\x1d\x0e\x90\xcd\xb1\xa2\x7e\x08\x9c\xc5\x63\x29\xf6\xec\x3f\x66\x5e\xb6\x73\x9e\xc5\x67\x8b\x3f\x37\xee\x1f\xb3\x7d\xeb\x9e\x24\x00\x92\xb7\xa8\x8f\xd2\x55\x25\xac\xd5\x5e\x29\x4e\xb1\x04\x6f\x9b\x1b\x69\xa8\x47\xeb\x9c\xeb\x7b\x15\x93\xb9\xf6\x97\x8e\xf6\x18\xc1\x5d\xe4\xe0\x59\xec\xc3\xbf\xda\x32\x97\xa1\x9c\x2d\xf2\x02\xad\xf7\x21\x55\xcf\x21\xea\xbd\x03\x94\x8d\xf1\x51\x98\xe8\xa6\x8b\x08\x84\xf9\x3a\xd5\xe3\x6e\xb0\x98\x3c\xca\x30\xe4\x5a\x8b\x4b\x5f\xb8\x13\x6f\xde\xa8\xa3\x34\x1d\xd7\x87\x75\x40\xa5\x57\xde\xbf\x75\x30\xcc\x33\xae\xee\xf6\x27\x1c\x3f\x0a\xf6\xd0\x97\x87\xe8\x15\xf2\xf1\xdd\x25\xce\x4d\x2f\xd0\x9f\xfa\x9f\x53\x08\x1b\x46\x9c\x50\x0d\xa4\xd4\x41\x80\xc0\x4e\xb1\x86\x93\x29\xcb\xf2\xd8\x23\x18\x7e\x83\x1c\x24"},
+{{0x66,0xcf,0x40,0x1a,0x21,0x42,0xfc,0xf4,0xa8,0x01,0x80,0x46,0xcf,0x41,0x40,0xbc,0xa1,0x8d,0x76,0xef,0x62,0x66,0xe7,0xa0,0x24,0x75,0x7d,0xf1,0x72,0xa5,0xd6,0x53,},{0x67,0xd4,0x8d,0xfd,0x23,0x74,0x3c,0xc2,0xca,0x40,0xe4,0xdf,0xd6,0xb8,0xcc,0x5d,0x84,0xbe,0x82,0xdd,0x2b,0x11,0x20,0xcc,0x47,0x6e,0x6a,0xf6,0xf2,0x5e,0xcc,0x98,},{0xd6,0xb0,0xe8,0x0e,0x60,0xbc,0x1b,0x29,0xab,0x8f,0x74,0x80,0x8f,0xc4,0x60,0x84,0x77,0x95,0xcc,0xb8,0x87,0xba,0xc0,0xec,0xaa,0x8e,0x13,0x52,0x97,0xa8,0x50,0x97,0x71,0x2b,0x24,0xb0,0xa1,0xfb,0xaf,0x7a,0x67,0xc5,0xd5,0x30,0xa4,0x7d,0x06,0x43,0xfc,0x87,0x02,0xc0,0x59,0xd2,0x15,0xfb,0x11,0x2d,0xbe,0x47,0x5e,0x5b,0xca,0x0d,},"\xda\xa8\xef\xb3\xfd\x41\xf1\x2f\xbc\x55\xbd\x60\x46\x41\x57\xa2\x6d\x71\x86\x32\xd8\x82\xae\xdb\x6b\xf9\x8e\x47\xdd\x23\x37\x87\x9e\x0b\x46\x45\x2e\x06\x2e\x6d\xfb\xff\x3e\x7b\xca\x72\x89\xe4\xef\x6b\x3f\x41\xd4\xb0\x3b\xdc\x2c\x84\x2a\xfe\x97\xf3\x02\x98\x83\xed\x45\xf6\x05\x4d\xde\x96\x90\x64\x9a\xbb\x2b\x8d\xc2\x8f\x5f\xe8\xce\xcf\x80\xfc\x1e\xa4\x11\xbf\xc4\x0b\xbf\x4f\xd2\x0b\x21\x8c\xf4\x7e\xa8\xee\x11\x8d\x4d\x5a\xef\xa5\xc1\xbf\xa0\x8a\x8f\xb1\xb3\x0d\x6d\xe0\x97\x7c\xd1\x5e\x50\x29\x2c\x50\x1f\x2e\x71\xce\x27\x40\xff\x82\x8b\x84\x32\xda\x5a\x59\x4b\xab\x52\x23\x76\x0b\x64\x79\x2e\xd3\xa6\x9d\xd7\x5e\x28\x29\x23\x49\x43\x65\x65\x13\xdf\x1a\x17\xa2\xa0\x67\xa9\xa8\xea\xa6\x4e\x19\x56\x9f\x46\x93\x9d\x34\xb9\x92\x71\xae\x50\xa4\x7d\x7d\xbc\xa3\x62\x0c\x81\x25\x5b\x0e\x1f\xd1\xf3\xce\xc8\x51\xf1\xb1\x1b\x35"},
+{{0x5d,0xbf,0x88,0x5a,0xa5,0x98,0xe8,0x95,0x57,0x1f,0x5f,0x65,0x09,0x0b,0x72,0x32,0x3e,0x9d,0x70,0xb0,0xf5,0x81,0x10,0x68,0x7a,0xfb,0xbc,0x38,0x3a,0xfe,0xdc,0xac,},{0xfa,0x17,0xeb,0xa7,0x6e,0x3b,0xc3,0xea,0x6d,0xab,0x3a,0x5b,0x12,0x0d,0xc5,0xec,0xb9,0xae,0x6f,0x00,0x13,0x8f,0x7d,0x36,0xdd,0xa9,0x26,0x8b,0xc4,0x72,0x21,0x74,},{0xe1,0x42,0x9d,0xab,0x2e,0x42,0xcd,0x03,0x5b,0x7f,0xc6,0x02,0xef,0xd6,0xba,0xf9,0x47,0x06,0xf1,0x6e,0xaf,0x2f,0x8b,0x5f,0xed,0x32,0x92,0x39,0xe8,0x75,0x60,0x5f,0xb1,0x72,0xf5,0xdd,0x9a,0xe2,0xbc,0x2e,0xb4,0x2e,0xb4,0x74,0x56,0x7e,0x29,0x2f,0x52,0x06,0xe8,0x2e,0x69,0x4b,0xca,0x0d,0x6d,0x43,0x3b,0x86,0x76,0x34,0xcb,0x0d,},"\x1e\x0b\x6c\xf1\x5c\xe0\x33\x37\x17\x9c\x02\xd6\x54\x08\xdf\x5b\xe9\x20\x0c\x37\x82\xb6\x00\x4a\xf9\x4e\xa4\xde\xcb\x25\x79\x99\xd6\xfd\xff\x30\x1d\x11\xd0\x0c\x98\xc3\x72\xfa\xc0\xd0\x26\xcb\x56\xdf\xef\xe3\xde\xf7\xeb\x99\xac\x68\xd6\x96\x8e\x17\x12\x4d\x84\x46\xf5\x3e\x8d\x2d\x3d\xd8\x90\xd3\x7a\x23\xc7\xe0\xb8\x3a\x48\x4b\x3c\x93\xbd\xdf\x6c\x11\x8e\x02\x81\x95\x9d\x27\xbd\x87\xd3\x7e\x84\x3d\x57\x85\xf4\xa4\x07\x71\x39\x84\x94\xe6\xc4\x32\x2f\xbb\x67\x5c\x1d\x47\x93\x21\x03\x21\x48\xf7\xfe\x52\x56\x4d\xdf\x7a\xe7\xac\x26\x9d\x0c\xd2\xe5\x52\xfe\xc5\x89\xae\xae\x0f\xb9\x3f\xe3\xee\xae\xf0\x85\x60\x96\xcf\x4f\x6b\x34\x97\xe7\x23\x5c\xc8\x49\x4d\x81\x0a\x0b\x46\xc5\xea\xc8\x7f\x18\x7e\x50\x5b\xb7\x76\x4f\x80\x45\xc9\x54\x19\x83\xf7\xb0\x25\x69\x80\x09\xa2\x3d\x9d\xf0\xbd\x1a\x47\x3c\xbe\xe4\xcf\x5e\x94\x88\xec\xbc"},
+{{0x84,0xb3,0xae,0xdd,0x47,0x97,0xa5,0x65,0xc3,0x51,0xde,0x7d,0xfa,0x07,0x00,0xb9,0xff,0x7c,0x4d,0x72,0x91,0xc8,0x80,0x8d,0x8a,0x8a,0xe5,0x05,0xcd,0xd2,0x25,0x90,},{0xd7,0xad,0x72,0xca,0xa7,0xc2,0x22,0x09,0xec,0x46,0x78,0xd1,0x1d,0x55,0x90,0xa6,0xcb,0x28,0xa0,0x71,0x17,0xfe,0x5a,0xef,0x57,0xb5,0x07,0x51,0x58,0x32,0x01,0xa5,},{0x92,0x20,0xf0,0xed,0xaa,0xae,0xe1,0xb8,0x76,0x35,0x0d,0xbe,0x92,0x66,0x06,0x17,0x67,0xb8,0x62,0x96,0xc3,0x51,0xd4,0xca,0xc9,0x9d,0x07,0xcd,0x61,0x2c,0x6e,0xfb,0x24,0xf8,0xf9,0xb0,0xb9,0x75,0xf9,0x5c,0x42,0xc5,0xb6,0xaf,0xed,0xc8,0x92,0xf8,0x7e,0xfe,0xdd,0x39,0xd5,0x16,0x02,0x94,0xc2,0x76,0x58,0xbd,0xcf,0x42,0x85,0x0b,},"\x53\x25\x67\xff\xa5\x3b\x5c\x0f\xcd\x29\xc3\x94\x99\xd2\xe7\x8e\xcd\x20\xe6\x31\x23\x49\x92\x40\xe7\x75\x08\x8b\x39\x4d\xc6\x5c\x8b\xaa\xa0\xfe\x8f\x6a\xa7\xe7\x01\x81\xf9\xe1\x0a\xdd\x8b\x4a\x8b\xeb\x0b\x2e\xc3\x8a\x43\x30\x9f\x10\x0c\xd4\xbe\x91\xc6\xf4\x8e\x79\xdc\x0a\xee\x93\xa1\x5c\x94\x03\x77\x3b\x35\x4a\x8d\x42\xed\x48\xd8\xf2\x76\x23\x0f\xa6\xde\x5a\xda\x50\x1e\xe0\xa6\x53\xb4\x45\x8f\x0e\xcf\x6d\x5b\x3c\x33\xe2\x14\x1c\x66\x2f\x6e\xa0\x55\xf7\x41\xe5\x45\x86\x91\x7d\x2e\x0c\x4e\xb2\xb5\x66\x21\xf9\x66\x5f\xef\x32\x46\xf0\xbd\x80\x0b\x53\x3e\x3b\xc6\x15\xc4\x02\x1f\x8d\x0e\x2a\xd2\x33\xa1\x1e\x77\x36\xc4\x93\xac\xc3\x1f\xae\xe7\x6a\x09\x7d\xc4\x0d\xb9\xef\xc2\x24\x46\xea\xcf\x1c\xc1\x8f\x51\xfd\x10\x23\x6a\x2f\x94\x2d\x0a\x53\xc3\xce\x20\x91\x08\xb5\x93\x8c\x0a\x9e\x53\x6b\x89\xef\x0a\xd6\xb4\x05\xa1\x0f\x22\xc3"},
+{{0x69,0x50,0xbf,0xcf,0x48,0x0b,0x98,0xea,0x18,0xa2,0xd5,0xae,0x5b,0xa6,0xe7,0x66,0x8f,0x4c,0x28,0x3f,0xf2,0x71,0x13,0x57,0x74,0x0f,0xfe,0x32,0xcf,0x25,0x81,0x9a,},{0x8e,0x4c,0x6f,0x23,0x3f,0x7b,0x86,0x32,0x1c,0x9d,0x67,0x99,0xba,0xc2,0x8a,0xaf,0xcd,0x25,0x03,0xd7,0xaa,0x0a,0x7b,0xde,0xd8,0x72,0x27,0x27,0xfb,0xbc,0xae,0xb8,},{0x94,0xde,0x5d,0xf7,0xa2,0x5e,0xcd,0x70,0x20,0x5d,0x40,0xbc,0x94,0x99,0xfc,0x7c,0xd7,0x13,0x65,0x68,0x06,0x0a,0x41,0x9a,0x93,0xbe,0x6e,0x31,0x86,0x64,0xbb,0x6d,0xfc,0xe6,0x0e,0x2d,0x4e,0x63,0x3f,0x7e,0xc1,0x48,0xfe,0x4f,0x83,0x4e,0xd2,0x77,0xc1,0xfe,0xc4,0xc4,0xe2,0xa8,0x6f,0x44,0xc4,0x58,0x9c,0x81,0x78,0x88,0xdb,0x00,},"\xa4\x01\xb9\x22\xab\xa5\x7e\xe0\xc6\xac\x1c\x8f\x1b\x48\x29\x6a\x85\x62\xee\xf1\x37\x52\x68\x93\x88\x6a\x08\x30\x6e\x22\x03\x66\x77\x88\x61\x8b\x93\x98\x64\x46\x7a\x31\xf1\x6e\xdc\xe1\x52\xa4\x2c\x25\x54\x6b\x64\x0e\xa8\xbe\xd1\x89\xa4\xf8\x98\x86\xa3\x7f\x10\x69\x11\xea\xe1\xf5\x00\x81\xbf\x79\x5e\x70\xc6\x50\x44\x37\xd2\xa8\x0c\xb8\x39\x47\x9e\xcb\xb8\x7c\x12\x9b\xcc\x5f\xe3\x1d\x71\x6e\xf9\x78\xc2\x06\xd7\xf0\x8a\x79\x34\x66\x59\x4f\x4d\x75\xe2\x15\xbb\x63\x74\x59\x6f\x8e\x7d\x00\xee\xa7\x24\x78\x09\x43\xe8\x9b\xd3\x86\x3c\x95\x1b\xbd\x24\xef\xee\x23\xc9\x7c\x2c\x79\x7c\x7f\xaf\xbf\x8f\x2c\x8b\x43\xf3\x7a\x5f\x88\x11\x29\xa0\x95\x73\xfa\x7a\x03\x4a\x28\x5e\x80\xdc\x4b\xa4\xbc\x95\x64\xa4\xdc\xed\xeb\x33\x16\x7e\x0b\x30\xc5\xa0\x0b\x9a\x10\x9a\x22\x31\xcf\xa0\x01\x2b\x29\xb2\xb3\x45\x0b\x89\x2e\xcc\xef\x08\x08\xe5\x03\xf8"},
+{{0x61,0xb2,0x60,0xf5,0xb8,0x48,0xb2,0x71,0xef,0x48,0xe5,0xa5,0x6d,0x29,0x74,0x32,0xd8,0x9f,0x2a,0xb8,0x5b,0xd5,0x38,0xfa,0x66,0x88,0x70,0xd0,0x56,0x02,0x20,0xe5,},{0x60,0x86,0xfe,0x87,0x35,0xf3,0x99,0xf1,0xaf,0x2e,0x39,0x5e,0x0f,0xdf,0xb5,0x62,0x9e,0xbc,0xb0,0x4b,0x6e,0xd4,0xa5,0x4a,0x9e,0x47,0x05,0x2c,0x6e,0x81,0x91,0xd4,},{0x98,0x28,0xfe,0xc8,0xff,0x5c,0xf8,0x5a,0x98,0xf4,0x50,0x77,0x0b,0x5b,0xdb,0x4b,0x80,0xda,0xca,0x44,0x37,0x9d,0x8f,0x53,0xc9,0x1c,0x34,0x8e,0x22,0xdf,0x64,0xac,0x48,0xf2,0xb6,0xe2,0xa7,0xb3,0xb6,0x42,0xbc,0x81,0x93,0xa1,0x94,0x31,0x62,0x29,0xe6,0x94,0x47,0xed,0x24,0x1c,0xd4,0x23,0xd8,0x3b,0x6f,0xe7,0xb2,0xd4,0x4b,0x00,},"\x28\x26\x29\x5d\x79\x94\x5f\x67\x54\x76\xbc\x4d\x45\xef\x80\x0d\x80\xb1\xf0\x39\x8e\x4b\xe6\x0e\x3d\xe4\x57\x1e\xd1\x08\xdf\x98\x9f\x03\x2d\xe6\xc2\x34\x5d\x99\x48\xd6\x77\x92\x7e\xa0\xb8\xcf\x1a\x5c\xa3\x6f\xd5\xf2\x3c\x25\xdc\x0d\x2a\xb5\xbd\x56\x5a\x54\xaf\x46\xfd\x97\xd3\x38\xd7\x70\xe3\xa7\xb4\x7e\xfb\x54\xc0\x7a\x16\x64\x70\x77\x71\xeb\x4e\x37\xd9\xd7\x0b\xa7\x79\x25\x1d\xcd\xcd\x3b\xf6\xd1\x24\x8a\xde\xc5\x3f\x78\x72\x59\xc4\xd5\x94\xd5\xfd\x4c\xed\x8e\x3d\xb7\x62\x1d\x49\x65\xd4\x82\x98\x17\x81\x24\x93\x1a\x3d\x0c\xd2\x69\xb2\xd5\x3b\x7c\xd2\x61\xb9\x6d\x37\x0c\x5d\x96\x93\xc8\xad\x13\x3e\xd5\x89\x45\xee\x35\x40\xe1\x06\x25\xd9\x24\xae\xba\x9b\xda\xfc\x65\x61\x00\xaa\xb2\x76\xfa\x99\x6b\x1d\xb4\x77\xbf\x85\xea\x55\x90\x81\xd5\xb4\xc7\x30\x7d\xc1\x59\x56\x54\xac\xa8\x2f\x7b\x6d\x2d\xda\xf7\x35\x7c\x15\xa4\xd7\xd8\xb9\x08"},
+{{0x93,0x6d,0xc1,0xce,0xf6,0xa3,0x10,0x74,0x7f,0x35,0x00,0x88,0x05,0x5a,0x39,0xaa,0x76,0x2d,0x9a,0x4b,0x52,0xc8,0xc8,0xe4,0xc6,0x82,0x79,0x43,0x80,0xc2,0x72,0x5c,},{0x03,0xb3,0x18,0x00,0x41,0x2d,0xf4,0xd5,0x6f,0x15,0x32,0xc0,0x58,0x28,0xc0,0xb7,0x25,0x28,0xa6,0x7a,0x78,0x1b,0xef,0x4c,0x06,0xc1,0xfb,0x6f,0xf2,0xce,0x32,0x4b,},{0x3f,0x99,0x4b,0x8e,0xf5,0x28,0xf6,0x42,0x1c,0x6a,0x6a,0x22,0xe9,0x77,0xad,0xe5,0xce,0xe8,0x87,0x26,0x3d,0xe3,0x8b,0x71,0x9a,0xcd,0x12,0xd4,0x69,0xbf,0xd8,0xc3,0xf6,0x8e,0x7a,0xc0,0x7d,0x2f,0xae,0x80,0xa2,0x09,0x27,0x78,0xdf,0x0b,0x46,0x35,0x37,0xad,0x3a,0x05,0x51,0x99,0x7a,0x3d,0x5b,0x51,0xf8,0x32,0xd9,0xc8,0x23,0x0b,},"\xeb\x58\xfe\x86\xc4\xef\x34\x9c\x29\xae\x6f\xb0\x4f\x10\x85\x0e\x38\xc6\x82\x3d\xbe\x64\xa0\x9a\x5b\xf1\xe0\xce\x60\x0d\x39\x4e\xfa\x6f\xb9\x6e\xd6\xa8\xf2\xc9\xd4\xbe\xc0\x5e\x6a\x5e\xbd\x5a\x1b\xf4\xd0\xc5\x1d\xb9\x34\xe5\x7b\x79\xe5\xc6\xa8\x79\xd9\x75\x19\x7d\xbb\x10\x47\x5f\x65\xc7\xf8\xa8\xc6\xa7\x7a\x42\x03\x84\xb5\x06\x2a\x27\x40\xf1\x40\x17\x40\xee\x0f\x5e\x04\x3a\xad\x7a\x2a\x2b\x42\x60\xc5\xd9\x07\xf7\x05\xed\xaf\x65\xb0\xe3\x75\xdf\xc7\xb0\x0b\xd6\x60\xdb\x61\x47\xf2\xeb\xe8\x70\xa0\xee\x18\xdc\x2b\xa3\xc9\x2b\x0b\x76\xfa\xe2\xb9\x09\x32\xcd\xb6\xc1\x49\xe4\x6f\x3f\xee\xcf\x4c\x26\xf0\x44\x1f\x3a\x9e\x00\x66\x78\xae\xcf\xf8\xcc\xae\xca\xed\xa7\x3a\x18\xa6\x8a\xc9\x88\xb6\x2e\x83\xa9\xbb\x51\x88\xae\xde\x38\xdf\x77\xa9\xa1\x64\xab\xbd\xd9\xd5\x8e\x52\xa6\xca\xf7\x22\x23\x89\xf1\x98\xe8\x5f\xbf\x96\x62\x36\xdc\xdb\xd4\xc1"},
+{{0xf8,0x9e,0xed,0x09,0xde,0xc5,0x51,0x36,0x1f,0xa4,0x6f,0x37,0x59,0x73,0xd4,0xfb,0xfa,0x5c,0x5c,0x12,0xf1,0xb5,0xe5,0xab,0xf4,0x5c,0xfa,0x05,0xff,0x31,0xa3,0x40,},{0x3e,0x0e,0xfd,0xca,0x39,0x19,0xfa,0x10,0xd4,0xa8,0x49,0xce,0xf1,0xde,0x42,0x88,0x51,0xbd,0x08,0xef,0xd2,0x48,0x59,0x4f,0xd8,0x9c,0xde,0xb9,0xde,0xee,0x43,0xb0,},{0x89,0x7e,0x6f,0x27,0x97,0xc3,0xf3,0x26,0xd2,0xcd,0xb1,0xd2,0x67,0x3d,0x36,0x06,0x31,0xf0,0x63,0x30,0x45,0x80,0xff,0x5b,0x4e,0xb4,0x3d,0x39,0xad,0x68,0x51,0x83,0x4c,0x9c,0xf8,0x91,0xd9,0xf0,0x90,0x5b,0xf8,0xde,0x07,0x5f,0x76,0x35,0xdf,0xca,0x60,0x1a,0xdc,0x0f,0x14,0xe7,0xb2,0xc7,0x6f,0x75,0x71,0xbf,0xa4,0x68,0xed,0x0c,},"\x4c\xf9\x77\x3d\xa0\x5f\xd3\x22\xfc\x14\x7b\xe9\x00\xef\x5c\xf2\x56\xc8\x8a\xfd\xad\x4b\x08\xc2\x30\xdf\xc8\x98\x1f\xb6\x9f\x47\x6f\x7d\x45\xef\x7c\x90\x06\xbc\x10\x03\x2b\xa5\x34\x36\xac\x22\x84\x3e\x0d\x76\x28\x9c\xf6\x8f\x98\x18\xfa\x64\x03\x1d\x4b\x40\x95\x50\x59\xaa\x69\x11\x09\x15\x88\x9f\x5e\x22\x73\x2a\x13\x43\x91\x25\x81\xab\x3b\x11\xa3\xba\xe7\xa4\x71\x35\x95\x08\x59\x65\x75\xf8\x88\x16\x0b\xee\xf9\x66\xe5\x70\x8f\x0e\x31\x47\xea\xcf\xce\xc1\xca\xa3\xef\x24\x0c\x5e\x0a\x14\xc1\x86\x54\x6c\x8e\xeb\x64\x65\x83\x50\xb1\xaf\xfc\x0c\xfd\x2a\xc2\x13\xaf\x67\x0a\xfc\xa7\xbb\xc9\xdd\xdd\x28\xa4\x65\xb5\x86\xe6\x9c\x38\x8c\xd7\x34\x78\xd6\x8e\xfb\x32\x2b\xdf\x86\xd9\x21\x30\x11\xe7\x11\xb2\xb9\x5f\xef\xa7\xbb\x9b\x59\x39\x76\x17\x06\xaa\x71\x21\x02\x49\x06\x42\x0b\xdd\xf1\xd8\x80\x0a\x43\x38\xd9\x38\xfa\x13\x7c\xf2\x7e\x9f\xfc\x51\xc6"},
+{{0x40,0x07,0x96,0xef,0x60,0xc5,0xcf,0x40,0x84,0xde,0xe1,0x80,0x1c,0x4a,0x19,0x75,0xe4,0x82,0xe7,0x0a,0xef,0x96,0x1c,0xd4,0x2e,0x2f,0xd5,0xa3,0xfa,0x1a,0x0f,0xbe,},{0xf4,0x7d,0xa3,0x81,0x28,0xf2,0xd0,0x12,0xcc,0x57,0x97,0x57,0x1d,0x47,0x9c,0x83,0xe7,0xd8,0xa3,0x40,0x98,0x02,0xf9,0xa7,0xd9,0x76,0xc2,0x70,0x67,0xcb,0xbe,0x43,},{0x84,0xd3,0xaa,0x3f,0x36,0x18,0x44,0x39,0x67,0x54,0xd8,0x0d,0x9f,0xa0,0x5b,0x8b,0x2f,0xa4,0xab,0xf3,0xa0,0xf3,0x6b,0x63,0x9b,0xee,0x9c,0xfb,0x5c,0x85,0x30,0xa3,0xa9,0xcc,0x34,0x67,0x7f,0x92,0xa9,0x13,0xc4,0x1e,0x80,0x0f,0x2e,0x80,0x41,0xf7,0x66,0x6d,0x07,0xed,0x85,0xf1,0x6a,0x57,0xd8,0x17,0xb1,0x24,0x1f,0xc5,0xee,0x04,},"\xc4\x73\x32\x5e\x78\x5b\x27\xdf\x44\x71\xee\xfb\x9e\xbe\xbd\x64\x61\xd5\x70\x80\x01\x81\x10\x0f\xf3\x6c\xaf\x3c\x38\xf6\x7c\x19\x21\xb1\x57\xec\x8e\x61\x26\xf9\x55\xae\xbd\x90\xea\x3f\xe5\x38\x5f\x80\x42\xcd\x70\x4b\x27\xcc\x1d\x69\x78\xc0\xe2\xa2\x96\x69\x5f\x5e\xf9\x7b\x7c\x2e\x16\xae\x4f\xf4\xd0\x63\xc6\x88\xd7\xf4\x6e\x96\x4e\x1f\x0a\x00\x50\x3f\x35\x73\x45\x97\x76\x83\xd6\xe4\xc3\x42\x3d\x56\xbd\xb6\xce\x86\x4b\x69\x87\xe0\x85\xe8\x3e\x70\xc7\xc1\xa1\x4e\x0e\x41\x3f\x59\x2a\x72\xa7\x1e\x01\x7d\x50\x5b\x64\xc2\x4f\x1a\x1a\x6b\x81\x3e\x06\x4e\x6e\x0c\xf8\xbd\x45\x71\xd0\xff\x2f\x26\x7a\x6a\x13\xe0\xcd\x43\x04\x63\xb6\xca\x3b\x88\xf0\xcd\x40\xb0\xfb\x83\xd5\xbe\xdf\x6f\x7d\x47\xe1\x70\xe8\x7d\x0a\x75\x00\x93\x69\x3e\xda\x23\x2a\x6d\xaf\x98\x12\x57\x27\xb9\x58\x8e\xcb\x89\x4a\xe3\x73\xba\xe3\xa4\x45\xa1\x06\x30\x64\x69\xa4\xc2\xcd\x77\xff"},
+{{0x67,0x03,0xa6,0x23,0x2c,0x5e,0x2e,0x65,0xe0,0xab,0x3b,0x92,0xe2,0xaa,0xf9,0xf5,0xfb,0xd3,0x3f,0xb4,0x69,0x88,0x04,0x7d,0x6f,0x4d,0x0f,0xf5,0x38,0x7f,0xa0,0x29,},{0x04,0x7c,0xff,0xca,0x8b,0x7b,0x11,0xac,0x6e,0xac,0xc0,0xea,0xa0,0xc5,0xb7,0x3c,0x75,0xb9,0xc6,0x37,0x95,0x69,0x73,0xaf,0x9d,0x97,0xb2,0xdd,0x5b,0x60,0x5d,0x6f,},{0xca,0xe9,0x68,0x79,0xe5,0xb6,0x03,0xbe,0x86,0x66,0x09,0xd4,0xa0,0x53,0xbf,0xa1,0x2a,0x51,0x37,0x8e,0x99,0xb2,0xa2,0x81,0x2e,0x47,0x89,0x26,0x7d,0x8f,0x32,0xf4,0x73,0x24,0x3f,0x8a,0xf7,0x4b,0x9b,0xe7,0x3f,0x47,0xde,0xa5,0x0f,0x0d,0x16,0x5e,0xbf,0x49,0x45,0x8b,0x73,0xe5,0x3d,0x88,0x58,0x0c,0x19,0x1a,0x18,0x2d,0x19,0x04,},"\xa2\x6b\x30\xa7\x69\x19\x79\x32\xa3\xa6\x28\x54\x96\x8d\x76\x01\x51\x61\x23\x66\x77\x8d\xc9\x94\x57\x6a\x2e\x0e\x03\x55\x49\x6b\x46\x20\x0e\x50\x69\x48\xa0\xd1\x02\xb6\x65\x1b\x2e\x73\x34\xca\x6c\x6e\xae\xf8\xbc\xa4\x4b\x42\x59\x70\xa0\xb3\x7d\x6b\xde\x0d\xa9\xd3\xc1\xb9\xf5\x1c\xbb\x25\xbc\x33\x5c\xd6\xfa\x92\x8a\x74\xf2\xc0\xdc\x2c\x6e\x99\xd3\x7a\x12\x86\x3a\x47\x4d\x4d\xf4\x3a\xad\x35\x41\x5f\xfc\xaa\x24\xd8\xc2\x9f\x91\x45\x72\xab\x2a\xbe\xc3\x89\x2d\xb4\x9e\x67\x9c\x5e\xa2\x20\xc2\xf5\x19\xa7\xd0\x33\xac\x1a\x2c\x5a\x46\x78\x69\xe3\x0e\xda\x3d\x26\x35\xca\x86\x34\x31\x47\x3f\x95\x8d\x55\x2b\xdc\x55\x82\x35\x2c\x29\x0d\x0c\xe4\xfa\x9c\xfd\x0a\xd4\x27\x99\xc2\x27\xec\x90\xb7\xc9\xe5\xdb\x9f\x5a\x7b\x6d\x56\x92\x12\xee\xd9\x4d\x32\x33\x26\x80\x5f\x2b\x3a\x00\x10\xd6\xc1\x1e\xb4\x10\x7c\x82\x83\x03\x76\x52\xf5\x0d\xc0\x67\xb6\xdc\x81\xf4\xdb"},
+{{0xe0,0xe7,0x2f,0x8f,0x17,0x86,0x33,0x62,0x67,0x33,0xbc,0xbd,0xa2,0xad,0x2a,0x50,0xe6,0x53,0x89,0x0f,0x15,0x35,0x9b,0x6c,0x22,0xfc,0x73,0x45,0xad,0x33,0x31,0x09,},{0xd1,0x3c,0xee,0x54,0x0d,0x84,0xb5,0x66,0x7d,0x51,0x6f,0xe7,0xec,0x72,0x39,0xbf,0x8d,0xa9,0x15,0x46,0xee,0x79,0x1f,0x84,0xed,0xd8,0xff,0xcf,0x3a,0x08,0x3e,0x76,},{0x14,0x55,0x21,0x71,0xb9,0x52,0x45,0xac,0x0f,0x0e,0x5a,0x6e,0x7a,0x2f,0x54,0x17,0x21,0x06,0x8d,0xb6,0x50,0xc6,0xda,0xda,0x04,0xc2,0x8c,0xab,0x7c,0x49,0x19,0x5f,0x64,0x36,0x71,0x21,0x44,0xcb,0x31,0x91,0x3c,0x56,0x2e,0x30,0xc3,0x9d,0x8a,0x85,0x49,0xfb,0x64,0xff,0xea,0x81,0xc7,0x44,0x51,0x43,0xb5,0xf2,0x32,0x86,0xda,0x05,},"\x79\x1f\xd6\x13\xc1\x09\x52\x92\xc8\xa4\xa2\xc8\x6b\x47\xae\x02\x61\x55\xb8\x46\x5b\x60\x7d\xbb\x41\x64\x77\xef\x79\xa2\x97\xc9\xd7\x75\x8c\xe3\x4a\xf9\xdc\xbf\x1c\x68\x47\x4f\x30\x90\x9f\xbe\x74\xb7\xba\x42\x96\x32\xf2\x40\x3a\xad\x83\x2b\x48\x6b\x72\xc2\x30\x54\xad\x42\xf7\x65\x3a\x9d\xdb\x45\x6c\xc7\x91\xf3\x48\x88\x6a\x7a\xe5\xdc\xec\x7c\x0b\xa8\x15\xf7\xa9\x3a\x10\xfe\x33\x1e\x90\x3b\x97\x0f\x7b\x50\x28\xbe\x49\xd1\x4b\xc5\x62\x0d\x63\x79\x26\x72\xb9\x8b\x94\x88\xc6\x7a\xe1\x66\x46\x69\x3e\x11\x20\x47\xf0\xac\x89\x21\xff\x56\x1c\x92\xdd\x05\x96\xd3\x2d\xf0\xa6\xe5\x07\xac\x1b\x07\xde\x51\x6c\x98\x42\x8d\x57\x0a\x37\xdb\x9b\xcd\x7c\x7e\x61\xc6\x94\x8a\xb3\xfe\x91\x25\x0d\xd1\xd5\xbd\x67\x12\x75\xdf\x9a\x97\x2f\x22\xc2\xba\x36\x80\x47\x47\xae\xc1\xea\x24\x16\xc1\xf4\x1a\xb8\x7b\xef\xde\x31\x62\x9b\x2d\x43\x31\x7c\xe4\x1c\xda\x03\x62\x62\x86\xc0"},
+{{0x54,0x4d,0xaf,0xd9,0x96,0x0d,0x82,0x97,0x56,0xc6,0xd4,0xb3,0xea,0xdd,0x44,0x37,0x5f,0xe7,0x80,0x51,0x87,0x6b,0xf9,0x78,0xa3,0x81,0xb0,0xde,0xca,0xaa,0x80,0x96,},{0xae,0x4f,0x64,0x25,0xc1,0xb6,0x7c,0xcb,0x77,0xf9,0xaa,0xcf,0xea,0x28,0xea,0xef,0x76,0x9c,0x8c,0xac,0xee,0x03,0x52,0x05,0xcd,0xcd,0x78,0x7e,0x8d,0x07,0x62,0x9d,},{0xa2,0xae,0x11,0x7c,0x8d,0xe4,0xca,0x6d,0x6f,0xe7,0x5e,0x46,0x60,0x23,0xbd,0x55,0x0c,0x26,0xfe,0xdd,0x3e,0x74,0xca,0x13,0xad,0xb6,0x25,0xf2,0x72,0xe1,0x75,0xf1,0x4d,0x5d,0xf5,0x50,0xac,0xe7,0xd8,0x22,0x88,0xef,0xef,0xab,0xf9,0x63,0x11,0xa1,0x23,0xbe,0xe2,0x38,0x89,0xad,0x37,0x11,0xbf,0xf2,0xb8,0x08,0x79,0x46,0xbf,0x0e,},"\x44\x7f\xe7\x34\x4c\xad\x1f\xae\x09\xd6\xa7\xd0\x5f\x09\xd5\x03\xc1\xb3\xd3\xd5\xdf\xa5\x84\x81\x0c\x35\xbc\x41\xe4\x95\x56\x93\x70\x61\x54\xe2\xd7\x51\xb2\xf1\xb5\x25\xe1\xa1\x45\x47\xba\x7f\x8b\x23\x20\x88\xa6\xfc\x92\x27\x02\xd9\x3a\x11\xcd\x82\x94\x9c\x27\xbe\xd6\x45\xdc\x35\x1f\xb4\xc1\x24\x2c\xf4\x1d\x01\x57\x54\x12\xe7\x92\xae\xd2\x14\x53\x1d\x94\xfd\x66\xe0\x3d\xd3\x2e\x97\x2f\xd7\x7f\x69\x47\xa3\x53\xe1\xae\x5e\x00\xf5\xa6\xca\x77\x99\x24\x72\xf0\x96\xb6\xe7\x47\x5f\xe5\x34\xe9\x13\xa7\x7b\xcb\x0d\x68\x1f\xdf\xb3\xa7\xa0\xdc\xb5\x6d\x27\x4d\xf4\xaa\x10\x9d\x4a\x8a\x37\x79\x4a\x92\x76\xf5\x00\x06\x69\x6f\xf1\x2c\xa4\xd0\x25\x40\x39\xdf\x0f\xb3\xf7\x2a\x96\x0d\xa0\x5c\x98\x72\xf2\xe3\x3e\xe8\x1d\x1c\xf7\xa6\xf4\x8b\xbc\xe0\xaa\x18\xc7\xc0\xf0\x6b\xa5\x5e\x67\x68\x9e\x0a\xf5\x87\xb5\x00\xea\xb7\x9c\xc7\xf9\x64\x0b\xca\x10\x4b\x7f\xbf\x31\xf0\x8e"},
+{{0xbf,0xbc,0xd8,0x67,0x02,0x7a,0x19,0x99,0x78,0xd5,0x3e,0x35,0x9d,0x70,0x31,0x8f,0xc7,0x8c,0x7c,0xc7,0xbb,0x5c,0x79,0x96,0xba,0x79,0x7c,0x85,0x54,0xf3,0xf0,0xf0,},{0x7c,0x5a,0xe3,0xba,0xb9,0x20,0x11,0x99,0xdf,0xbe,0x74,0xb7,0xd1,0xec,0x15,0x71,0x25,0xbd,0xba,0xa4,0x52,0x0f,0x50,0x1d,0xa3,0xf2,0x48,0x57,0x9d,0xc6,0xc2,0x2d,},{0xe4,0x86,0x15,0xb6,0x56,0x33,0xe6,0x19,0x93,0xb0,0xaa,0xa1,0xfa,0xfb,0x74,0xb9,0x62,0x9c,0x38,0x4f,0xd5,0x92,0xbd,0x73,0x5f,0xa1,0xf6,0x2c,0x5c,0xad,0x11,0x29,0x1f,0xcd,0x8c,0x2e,0x91,0xa5,0x0b,0xfe,0x0b,0x03,0xb4,0x35,0x02,0xff,0xf3,0xa5,0xc3,0x82,0xb9,0xc2,0x82,0x19,0x07,0xef,0xc3,0x4d,0xa5,0xba,0x05,0x4a,0xf0,0x0e,},"\x11\x7f\xae\x13\xe7\x87\x77\xb6\x21\x9f\x02\x02\x14\xc1\xb8\x7c\x57\x04\x6d\x1c\x09\xce\x82\xee\x2b\x56\x29\x89\x8d\x9b\x0d\xe7\x4a\x15\xcf\xe9\x9f\x80\x54\x8b\xa9\x13\xd7\x03\x6c\x56\x28\x5a\x4c\xba\x49\x3b\x52\xd2\xcb\x70\xd6\x36\x5a\xce\x3d\xa1\x2b\x1f\x34\xa2\x77\x8a\xf3\x6e\xf5\x2a\xb8\x2e\xde\x04\xca\xca\xf2\x79\x3f\x5f\x89\x83\x1e\x3b\x20\x5a\x9e\xe4\xc1\xd6\xfb\xda\xb4\xba\x4d\x9f\xae\x65\xdd\x79\xa5\xfe\x76\xb4\xb3\x9a\x30\x92\xcc\x71\x48\xd2\x11\xe8\x5e\xe8\x2a\xb4\x63\xd3\x4d\xce\xe9\x06\x1d\x9c\x21\xde\xd2\x05\x1b\xbd\x50\xb4\x13\xf0\xe2\x1a\x0e\x48\xd1\xff\xa8\xdc\xae\x24\x0b\x34\x95\xbe\x25\xd9\x31\x51\xb5\x7a\xa2\x71\xab\x99\xaa\x70\x8c\xa2\x80\x80\xca\xb4\x80\x4f\xce\xfa\x92\x9f\x5f\x1e\xf3\xf4\xc6\xc0\xfb\xfb\x40\xbe\xf7\xea\x1b\x50\x9b\x36\xba\x12\x60\x32\x35\x12\x37\x9d\x7b\xc3\xfd\xbb\x5d\x3f\xaa\xc9\xb0\x0e\x21\xf1\x2e\xa1\xca\x2e\x29"},
+{{0xdf,0x2d,0xf8,0xa9,0xd6,0x6d,0x56,0x38,0xcd,0xee,0x09,0x32,0x4e,0x7b,0x10,0xf8,0xed,0x29,0xab,0x91,0x38,0x7e,0x31,0x47,0xb7,0xdc,0x03,0xf7,0xcd,0x80,0x05,0x08,},{0x5c,0x04,0x2e,0x15,0x7f,0xb7,0xfb,0x12,0xd4,0xd4,0xfe,0xf2,0x84,0x71,0x41,0xec,0xfb,0x57,0xc1,0x25,0x3e,0x14,0xea,0xf3,0x00,0x4d,0x65,0x13,0xf5,0x2f,0xe6,0x25,},{0x9a,0x10,0x74,0x53,0x1e,0xd4,0x3d,0x07,0xbf,0xfc,0x7f,0x2b,0x6c,0x13,0xb8,0x83,0x8f,0xc7,0x5c,0xba,0x02,0xc7,0xd1,0xec,0x7b,0xa3,0x8b,0xca,0x3c,0xef,0x20,0xdc,0x9b,0xad,0xf3,0xa3,0x06,0x4a,0x2c,0x93,0xb1,0x84,0x24,0x41,0x42,0x0b,0x6a,0x8d,0x42,0x1a,0x96,0x0d,0x70,0xdf,0xb7,0xc7,0x0e,0xec,0x29,0x5f,0x21,0xf8,0x3f,0x0a,},"\x21\x57\x66\x15\xc9\x34\x6a\x63\xdc\xcf\x0c\x50\xec\xbd\x7c\x6d\x72\xad\x45\x2c\xfe\xd4\x3e\xa7\x32\x02\xcc\x7a\x98\x57\x60\x56\xb9\x66\x4b\x54\x62\x29\x05\xa1\xe7\x22\x17\x20\x73\x0a\xc6\x85\xd3\xbd\x39\x77\xec\x39\x59\xd4\x46\xbf\xa9\x41\xe7\x25\xb6\xfe\x16\xaf\xe5\x43\x2c\x4b\x4b\xde\xe7\xaa\x0f\xd8\x03\x09\x48\xed\x6f\xcb\xa7\xc0\xbd\xb4\x0c\x2e\x51\x7d\xa9\x74\x56\xe7\x4e\x1f\x93\xd5\xed\x67\x6d\xe0\xf4\xa8\xb0\xae\xa4\x49\x40\x4b\xd1\x5b\x6d\xa7\x9d\xc1\xb8\x13\x96\x5f\xe5\x57\x24\x10\xd7\x6f\x5b\x5e\xac\x66\x30\x50\x57\x03\x11\xdc\x98\x42\xb6\xfb\xf8\x80\x6a\xec\x03\x15\x17\x15\xca\xcf\x7f\x21\x80\x2e\x8b\xf5\xe9\x8a\x89\xc0\xd7\xd0\xd0\x98\xb7\x3c\x6e\xfc\x09\x96\x2e\x36\xb4\xe0\x30\xc1\xa6\x4b\x5d\x34\x9f\x5f\x20\x42\xc7\x44\x28\x67\x1e\x4a\x2c\x7f\xea\x0c\xae\xe2\x42\x2d\x85\xc4\xfc\xdd\xfe\xd3\x22\x13\x85\x9a\x69\x95\x5d\x4e\x3e\xbb\x7e\x1b\x20\x22"},
+{{0xe8,0xee,0x06,0x5f,0x99,0x07,0xf1,0xef,0xa2,0xda,0xec,0xb2,0x3a,0x04,0x25,0xf3,0x53,0x09,0x4d,0xa0,0x2b,0xc2,0xc9,0x31,0xf0,0xa5,0x87,0xef,0xc0,0xd1,0x3d,0xe1,},{0xc7,0x26,0x51,0xb7,0xfb,0x7a,0xc0,0x33,0x7a,0x17,0x29,0x77,0x49,0x6f,0xd7,0xf2,0xa7,0x2a,0xea,0x88,0x93,0x85,0x83,0x5e,0x56,0x3c,0x6b,0x60,0x53,0xa3,0x2d,0xc1,},{0xa5,0x10,0xdf,0xf4,0x2d,0x45,0x59,0xa1,0x9a,0x7b,0xf0,0xfe,0x0b,0xea,0x53,0xd3,0xe1,0xf2,0x2d,0xfa,0x6b,0xe5,0x50,0x39,0x89,0x5e,0x12,0xa5,0xd0,0x7d,0xa5,0xf2,0xe3,0x77,0x13,0xcc,0xb2,0xeb,0x21,0x60,0x11,0x62,0x8f,0x69,0x83,0xf8,0x71,0xfe,0xe2,0x86,0xe6,0x6f,0xff,0x4b,0xe7,0x58,0x2c,0x96,0x1a,0x1e,0xd7,0x56,0x84,0x04,},"\xa2\xf0\xc1\x37\x34\x73\xa3\x05\xd8\xf1\xd9\x91\x38\xb0\x6b\x9a\x96\x94\xff\xaa\x8a\x88\x22\x2d\xe9\xf7\x29\xbe\xe1\x30\x51\x75\xdf\xb1\x70\x01\xcc\x77\xf6\x7b\x6d\x40\xc9\x0c\x1a\x28\xfb\x22\x6c\x11\x28\x6d\xb4\xa1\x3e\x45\xe6\x92\x11\x24\x2b\xcd\xd0\x1c\xb6\xe2\xc4\x54\xe7\x6c\x0c\xab\x88\x1b\x4d\x2d\x9d\x3a\xb1\x00\xa5\xd6\x1d\x17\x25\xd8\x66\xe4\xfd\xb6\x6d\x93\xd7\x7f\x5b\x30\x86\x93\xb9\xb5\xa3\x33\xe5\x7f\xa2\x5d\x1e\x5d\x2e\x38\xdf\x6e\x4e\x9e\xc8\x41\x59\xbb\xee\x1f\xfe\xa9\x26\x83\x6a\x01\x01\xc9\x14\x83\xbd\x5b\xc8\x8a\x6f\x1c\xc4\xd4\xe7\xf0\x08\xad\x08\x45\x3a\x01\x23\x42\x9d\xd3\x35\x78\x1c\x7c\xbf\x8d\x68\x5a\x89\x99\xed\x11\x77\x60\x70\x04\xa1\x3c\x4c\xb5\xea\x49\x08\xc5\x42\x60\x7d\x3f\x2c\xd6\x69\x0c\xf1\xf2\xa7\x45\x5b\xbd\x38\xf5\x38\xf0\x7a\x10\x39\x64\x31\x7e\xfb\xce\xe3\x7e\xb4\x69\x31\xc0\x27\xcf\x15\x3e\xf8\x6e\x43\xd7\x82\x81\xeb\xd7\x10"},
+{{0xc7,0x2e,0x67,0xd8,0xc3,0xfe,0xc0,0x04,0xff,0x61,0x87,0x18,0xa9,0x09,0x9e,0xb8,0xad,0x7b,0x06,0xff,0x3b,0x8c,0x54,0x2a,0x7e,0x8b,0x98,0x47,0x31,0x34,0x75,0xe1,},{0x4e,0xb0,0x02,0xd3,0xcc,0xeb,0x18,0x8c,0x66,0x58,0xfe,0xc5,0x1c,0xb4,0x79,0xa6,0x52,0x64,0xac,0x55,0x5c,0x75,0xcd,0xc2,0x24,0x9c,0xf1,0xce,0x3d,0xef,0xc1,0x6d,},{0x2d,0x7b,0xab,0x8e,0xbd,0xa7,0xfc,0xa5,0xbb,0x3c,0x25,0xf5,0x1d,0xc5,0x1b,0x73,0xe6,0xff,0x6a,0x3b,0xb1,0xb5,0x2a,0xcc,0x78,0x11,0xa7,0xd2,0x59,0x5c,0xd6,0xfd,0xaf,0x73,0x04,0x94,0x41,0x8e,0x2f,0x57,0xef,0xdc,0x56,0x17,0xb0,0x66,0xfd,0x7b,0x62,0x07,0x68,0x0d,0x94,0xfb,0x8c,0x43,0xd3,0xd4,0x74,0x0b,0x41,0xcb,0x69,0x01,},"\xa8\xf3\x41\x35\xc0\x13\x2e\xc9\x5b\x64\xb0\xcb\xf5\x1d\x66\x90\x01\x43\x37\x04\x06\x79\x1f\xbb\x55\xf2\xb8\xca\x95\x3c\xc7\x4a\x46\xe0\x8b\x00\x2f\xa2\xda\x21\xb9\x51\xb8\x87\x1f\x7a\x29\xbc\x6d\x38\x79\x0a\xfc\x66\xa3\x29\xc3\x97\xd9\xf9\x25\x0b\xae\x0e\x30\xae\x34\x26\xe0\x8d\x8e\xad\x01\x79\xa3\xb3\x13\xc9\x08\x83\x91\x92\xf2\x89\xa3\xf3\xb6\xe9\x60\xb4\xc5\xce\xbe\xf0\xa0\x9d\xaa\x9c\x7a\x15\xc1\x9d\x4e\xbc\x6f\xc2\xac\x3c\xd0\x22\x32\xe8\x32\xb2\x34\xed\xd7\x96\x5d\x68\x7b\xfe\xb7\x58\xf7\x0f\xa7\x96\x38\x41\xb7\x85\x9b\xb9\x7c\x97\x1b\xd5\x57\xbc\x87\x69\x52\x4a\xc4\xc6\xee\xb3\x57\x97\x93\x33\x4b\x52\x2d\x17\x6b\xc6\x2f\x86\xb4\xd5\xc0\xd4\x01\x70\x36\xd2\xb6\xbd\x4e\x43\x84\x41\x6e\xf8\x26\x31\x39\x69\x1a\x86\x06\x17\x0d\x73\xc9\x3d\x64\x17\xdc\xc1\xa0\x8a\x53\x7c\x9e\xd4\x40\x04\x71\xa4\x6f\x52\x90\x7b\x46\xb1\x0a\x8b\x68\x89\xdb\xb4\x64\x7a\x8b\xbc\x71\x49"},
+{{0x69,0x64,0x50,0xb5,0x57,0xec,0x3c,0x94,0xcf,0x1a,0xf1,0x32,0x64,0x75,0x63,0x4a,0xa8,0x1d,0xef,0x38,0x14,0xff,0x30,0xa0,0x2b,0xa7,0xf2,0x04,0x4b,0x59,0xc0,0xfe,},{0x85,0x84,0x77,0x3c,0x56,0x6b,0x0e,0xed,0x3f,0x43,0x28,0x17,0x05,0xb5,0x75,0xa4,0x34,0xe4,0x7d,0x6c,0xf6,0xb2,0x51,0xb8,0x98,0x03,0xfe,0xf5,0x35,0x34,0xcb,0x29,},{0xce,0x8b,0x0a,0x57,0x79,0xf4,0xf5,0xf4,0x01,0xe8,0x4d,0x65,0x92,0x7a,0x0c,0x28,0xdf,0x82,0x9e,0x95,0xd0,0x9b,0xfa,0x97,0x11,0x1b,0x87,0x00,0x07,0x8f,0xf8,0x94,0xcf,0x72,0x77,0xe3,0x4a,0x71,0x61,0x44,0xd5,0x53,0x06,0xfc,0x9e,0x2f,0x64,0xcd,0x28,0x75,0x83,0xcc,0x80,0x03,0xbe,0x0e,0x8f,0xaf,0x26,0xaf,0x76,0x40,0x14,0x0e,},"\xcc\x25\x78\x29\xf3\x0a\x5f\x90\xdf\xdb\xc2\x47\xd4\x2e\x38\x87\x38\xb7\x6c\x41\xef\x8a\x82\xa5\xe0\x22\x5d\xdf\x1e\x38\x6d\x77\x08\x0b\x3b\x9d\xf8\x6c\x54\xb8\x5c\xdf\x2c\x32\xf3\x67\xab\xa0\xc3\xb6\xbf\x88\x8a\x5a\x69\x03\x52\x9b\x6a\xeb\x4d\x54\x07\xa1\x01\x80\x14\x91\x14\x13\x02\x28\xfc\x43\x56\xcc\xf3\x66\xb7\x7b\xe8\x97\x96\xa9\xe7\x1a\x0c\x69\x3f\x31\xe5\x84\xa4\xf1\x43\x09\x7b\xa3\x70\x36\x3b\x67\xb2\xf2\xe2\xfd\x8d\x6f\xe8\xb4\xe8\xdb\xf0\xd7\xdc\xc1\xa8\x36\x00\x41\x15\x8a\xa2\xaf\xf7\xe2\xa3\x25\xb8\xe5\x18\xf1\x93\xa2\x8b\xae\x05\xe3\xd5\x2b\x26\x62\x1a\xf4\x02\x02\x6d\x7f\x25\x0e\x86\xdc\xee\x30\x1a\x58\xb6\x31\xea\xdf\x45\x27\xe9\x58\xf0\x2a\x61\x58\x7f\x0b\xb5\x16\xce\xfa\xc0\x09\xfe\x51\x05\x2f\xff\x53\x33\x6d\xbd\x94\xe7\x26\x6d\x3b\x43\xca\xba\x8a\x1b\x38\xe5\xd8\x71\xc2\xa2\x4a\x4c\x41\x2f\xff\x3f\x7a\x9a\x52\xa8\xab\x23\xba\xc9\x79\x1b\x2b\x5a\x66\x9a"},
+{{0xa8,0xdd,0x35,0xf0,0x54,0xfb,0x6f,0xf6,0xf0,0xab,0x09,0x4a,0x0d,0x3d,0x1c,0x26,0x28,0x32,0x18,0x1d,0xf3,0x5c,0xcd,0x51,0x92,0x54,0x5e,0xbd,0x6a,0x9c,0xf5,0x29,},{0xca,0x41,0x23,0x38,0xd3,0x81,0x4b,0x88,0x6d,0x96,0x4b,0x71,0x92,0x5e,0x1a,0xab,0xb3,0xff,0xd0,0x78,0x34,0xdb,0xe7,0xdc,0x51,0x25,0x68,0x88,0x2b,0x53,0xe4,0xa3,},{0xfa,0x70,0x9f,0xbc,0x83,0x82,0xaf,0x83,0xd1,0x18,0x12,0x61,0x8d,0xfa,0xca,0x45,0x2e,0xab,0x83,0xe4,0xc5,0x3f,0xe9,0xe5,0x85,0x84,0x67,0xd0,0x7b,0x67,0x67,0xe1,0x79,0x75,0xc1,0xe0,0x63,0x93,0xd6,0xdd,0xe1,0x5a,0x34,0xd9,0x47,0x3d,0x1c,0xf4,0xd6,0xd8,0xc2,0xd5,0x73,0x94,0x52,0x00,0x80,0xfa,0xc4,0xe4,0x34,0x48,0xbe,0x07,},"\x55\xa7\xad\x91\x32\xd6\x3a\xc1\x61\xe7\xad\xb1\x32\xb9\x18\x9f\xdd\x84\xc3\x61\xc1\xe4\xf5\x41\x9a\x6d\xf7\x3d\xf4\xd7\xae\xb2\x9a\x8d\xc4\xbf\x01\x49\x0d\x4f\x48\x4e\x2d\x12\x07\x75\x17\xf5\xfc\x7a\xd0\xbd\xed\xa2\x0a\x6c\xb0\x22\x79\x42\x29\x0b\x08\xc3\xfe\x33\xab\x9b\x21\x35\xbc\x38\xa6\x57\x9a\x54\xbd\x98\x2f\x7d\x14\x17\xce\x86\x71\x17\xae\xa9\x18\xdb\xd3\xdd\x47\x6e\x7e\xb5\xb5\xd3\xc3\xe4\x8a\x86\x4a\x2f\x94\x2a\x31\x50\x1a\xa2\xb2\x9b\x53\xb8\x05\x13\xc9\x5d\x6a\x41\x18\x44\xf0\xde\xdf\x16\xa2\x9a\xc2\x67\xd3\x31\xe5\x3b\xdc\x25\x39\xbf\xcf\x32\xdc\x9b\x5d\x64\x0f\x12\x31\xe2\xca\xfb\x0a\xe9\x4b\xb5\x18\x94\x26\x86\x33\x64\x26\x2e\xfb\x47\xb5\xb5\xcc\xdb\xbc\x93\x32\x42\x16\xa7\x99\xb6\xf5\x0d\x37\x04\xf1\x5e\xd5\x9a\xf6\xcc\x7d\x91\x0c\xf0\x62\xd1\xbe\x63\x2d\xca\x5d\xf2\x13\xd4\x87\xd8\x56\x4f\x2b\x2b\xd7\xd8\x18\xbb\xa2\x7c\x36\x40\x13\xd9\x2d\x7f\x72\x62\x54\x62"},
+{{0xae,0x1d,0x2c,0x6b,0x17,0x1b,0xe2,0x4c,0x2e,0x41,0x3d,0x36,0x4d,0xcd,0xa9,0x7f,0xa4,0x76,0xaa,0xf9,0x12,0x3d,0x33,0x66,0xb0,0xbe,0x03,0xa1,0x42,0xfe,0x6e,0x7d,},{0xd4,0x37,0xf5,0x75,0x42,0xc6,0x81,0xdd,0x54,0x34,0x87,0x40,0x8e,0xc7,0xa4,0x4b,0xd4,0x2a,0x5f,0xd5,0x45,0xce,0x2f,0x4c,0x82,0x97,0xd6,0x7b,0xb0,0xb3,0xaa,0x7b,},{0x90,0x90,0x08,0xf3,0xfc,0xff,0xf4,0x39,0x88,0xae,0xe1,0x31,0x4b,0x15,0xb1,0x82,0x2c,0xaa,0xa8,0xda,0xb1,0x20,0xbd,0x45,0x2a,0xf4,0x94,0xe0,0x83,0x35,0xb4,0x4a,0x94,0xc3,0x13,0xc4,0xb1,0x45,0xea,0xdd,0x51,0x66,0xea,0xac,0x03,0x4e,0x29,0xb7,0xe6,0xac,0x79,0x41,0xd5,0x96,0x1f,0xc4,0x9d,0x26,0x0e,0x1c,0x48,0x20,0xb0,0x0e,},"\x9e\x6c\x2f\xc7\x6e\x30\xf1\x7c\xd8\xb4\x98\x84\x5d\xa4\x4f\x22\xd5\x5b\xec\x15\x0c\x61\x30\xb4\x11\xc6\x33\x9d\x14\xb3\x99\x69\xab\x10\x33\xbe\x68\x75\x69\xa9\x91\xa0\x6f\x70\xb2\xa8\xa6\x93\x1a\x77\x7b\x0e\x4b\xe6\x72\x3c\xd7\x5e\x5a\xa7\x53\x28\x13\xef\x50\xb3\xd3\x72\x71\x64\x0f\xa2\xfb\x28\x7c\x03\x55\x25\x76\x41\xea\x93\x5c\x85\x1c\x0b\x6a\xc6\x8b\xe7\x2c\x88\xdf\xc5\x85\x6f\xb5\x35\x43\xfb\x37\x7b\x0d\xbf\x64\x80\x8a\xfc\xc4\x27\x4a\xa4\x56\x85\x5a\xd2\x8f\x61\x26\x7a\x41\x9b\xc7\x21\x66\xb9\xca\x73\xcd\x3b\xb7\x9b\xf7\xdd\x25\x9b\xaa\x75\x91\x14\x40\x97\x4b\x68\xe8\xba\x95\xa7\x8c\xbb\xe1\xcb\x6a\xd8\x07\xa3\x3a\x1c\xce\x2f\x40\x6f\xf7\xbc\xbd\x05\x8b\x44\xa3\x11\xb3\x8a\xb4\xd4\xe6\x14\x16\xc4\xa7\x4d\x88\x3d\x6a\x6a\x79\x4a\xbd\x9c\xf1\xc0\x39\x02\x8b\xf1\xb2\x0e\x3d\x49\x90\xaa\xe8\x6f\x32\xbf\x06\xcd\x83\x49\xa7\xa8\x84\xcc\xe0\x16\x5e\x36\xa0\x64\x0e\x98\x7b\x9d\x51"},
+{{0x02,0x65,0xa7,0x94,0x4b,0xac,0xcf,0xeb,0xf4,0x17,0xb8,0x7a,0xe1,0xe6,0xdf,0x2f,0xf2,0xa5,0x44,0xff,0xb5,0x82,0x25,0xa0,0x8e,0x09,0x2b,0xe0,0x3f,0x02,0x60,0x97,},{0x63,0xd3,0x27,0x61,0x5e,0xa0,0x13,0x9b,0xe0,0x74,0x0b,0x61,0x8a,0xff,0x1a,0xcf,0xa8,0x18,0xd4,0xb0,0xc2,0xcf,0xea,0xf0,0xda,0x93,0xcd,0xd5,0x24,0x5f,0xb5,0xa9,},{0xb6,0xc4,0x45,0xb7,0xed,0xdc,0xa5,0x93,0x5c,0x61,0x70,0x8d,0x44,0xea,0x59,0x06,0xbd,0x19,0xcc,0x54,0x22,0x4e,0xae,0x3c,0x8e,0x46,0xce,0x99,0xf5,0xcb,0xbd,0x34,0x1f,0x26,0x62,0x39,0x38,0xf5,0xfe,0x04,0x07,0x0b,0x1b,0x02,0xe7,0x1f,0xbb,0x7c,0x78,0xa9,0x0c,0x0d,0xda,0x66,0xcb,0x14,0x3f,0xab,0x02,0xe6,0xa0,0xba,0xe3,0x06,},"\x87\x4e\xd7\x12\xa2\xc4\x1c\x26\xa2\xd9\x52\x7c\x55\x23\x3f\xde\x0a\x4f\xfb\x86\xaf\x8e\x8a\x1d\xd0\xa8\x20\x50\x2c\x5a\x26\x93\x2b\xf8\x7e\xe0\xde\x72\xa8\x87\x4e\xf2\xee\xbf\x83\x38\x4d\x44\x3f\x7a\x5f\x46\xa1\x23\x3b\x4f\xb5\x14\xa2\x46\x99\x81\x82\x48\x94\xf3\x25\xbf\x86\xaa\x0f\xe1\x21\x71\x53\xd4\x0f\x35\x56\xc4\x3a\x8e\xa9\x26\x94\x44\xe1\x49\xfb\x70\xe9\x41\x5a\xe0\x76\x6c\x56\x5d\x93\xd1\xd6\x36\x8f\x9a\x23\xa0\xad\x76\xf9\xa0\x9d\xbf\x79\x63\x4a\xa9\x71\x78\x67\x77\x34\xd0\x4e\xf1\xa5\xb3\xf8\x7c\xe1\xee\x9f\xc5\xa9\xac\x4e\x7a\x72\xc9\xd7\xd3\x1e\xc8\x9e\x28\xa8\x45\xd2\xe1\x10\x3c\x15\xd6\x41\x0c\xe3\xc7\x23\xb0\xcc\x22\x09\xf6\x98\xaa\x9f\xa2\x88\xbb\xbe\xcf\xd9\xe5\xf8\x9c\xdc\xb0\x9d\x3c\x21\x5f\xeb\x47\xa5\x8b\x71\xea\x70\xe2\xab\xea\xd6\x7f\x1b\x08\xea\x6f\x56\x1f\xb9\x3e\xf0\x52\x32\xee\xda\xbf\xc1\xc7\x70\x2a\xb0\x39\xbc\x46\x5c\xf5\x7e\x20\x7f\x10\x93\xfc\x82\x08"},
+{{0x6b,0xce,0x4d,0xfd,0x53,0xbf,0xa5,0x50,0x6f,0x2f,0x55,0x4d,0x2d,0x99,0x4a,0x0d,0xc4,0x0c,0xaf,0xcd,0xec,0x7e,0x1b,0xe0,0x50,0x00,0x6e,0x5c,0x5a,0x4b,0x38,0xa1,},{0xc8,0x90,0x02,0x37,0x28,0xd8,0x39,0x70,0x70,0x29,0x17,0x71,0xe6,0x5e,0x03,0x4d,0x34,0xd4,0xaa,0xe5,0xe2,0x47,0x65,0x3e,0x4f,0xf4,0xc0,0x74,0x59,0x1d,0xa7,0x02,},{0x99,0xae,0x67,0x82,0xff,0x27,0x64,0x6c,0x27,0xf6,0x1e,0x23,0x63,0x6a,0xe1,0x88,0x15,0x21,0xcf,0xa5,0xed,0x25,0x6f,0x70,0xbc,0xe7,0xce,0x00,0xb6,0x82,0x80,0xce,0x8e,0x0c,0x82,0xaa,0x76,0x5a,0xfb,0x8b,0x5a,0x1f,0xf2,0xfe,0x42,0xc5,0x74,0x41,0xe4,0x58,0xe4,0x43,0xdc,0x8b,0x12,0x34,0x77,0xae,0x33,0xd8,0x84,0x88,0x8c,0x0b,},"\x32\x39\x19\x07\x47\xee\x33\xd4\x0b\xf8\x70\xac\x9a\xd4\x9d\x88\xee\x32\x0f\x63\xc0\x52\x57\xe8\xab\x2c\x60\x30\x65\x97\xce\x76\xd1\xf1\xe7\x92\xab\x6a\x65\xca\xa5\x44\xfb\xec\x20\x89\x2f\xd4\x96\x05\x94\xf3\x1b\x37\x63\xef\x07\xd4\x98\x2e\xae\x4a\x2d\xbf\x33\x77\xdc\xc1\xe3\xf9\x5e\x46\xed\x39\xb7\xf0\x22\x2f\x04\xbb\x5c\x3b\x43\x4c\x8f\x9f\x31\x0d\xe9\xf1\x22\xa2\x9f\x82\x41\xe8\x1e\x20\x65\x49\xae\x62\x8d\x2b\x8a\xd7\x68\x97\x2c\x98\x84\x7c\x11\x88\xad\x04\xc8\x35\x35\x63\x78\xbe\xf7\x9c\xd1\x26\x86\x94\x05\xb1\x29\xfd\xbd\xc3\xbc\x48\x9c\xbd\x13\x99\x50\x5d\xad\xef\x76\x17\xb5\xbe\x5d\xa1\x73\xd3\xe8\x0e\x58\x38\xc9\x9e\x34\x92\x76\x24\x27\x29\xe0\x21\x9b\xd7\x47\x6a\xe5\xc4\xf8\x1a\x12\x87\x8f\xb4\x83\xa6\xc0\xe9\xb0\xdf\x29\x62\xeb\x0b\xf0\x01\x57\x78\x2c\xf7\x68\xa1\xb7\x1c\x01\x01\x69\xee\x85\x22\xde\xf0\x02\x4a\xd7\xe4\x57\x75\xa2\x90\x63\x9c\x53\xaa\xf4\x81\x98\xc4\x2d\xe7\x5c"},
+{{0x17,0x86,0x1a,0x8d,0x41,0x54,0xac,0xd4,0xfa,0x9c,0x8f,0xc9,0x47,0xc1,0x88,0x6c,0x11,0x29,0x0b,0xe2,0x22,0x87,0x2f,0xf4,0xf8,0xcd,0x25,0x93,0x9e,0x4d,0x13,0x61,},{0x43,0x77,0x3f,0x44,0x49,0x06,0x5e,0xae,0xba,0xf8,0x93,0x7b,0xaf,0x75,0x85,0x60,0xb0,0xc4,0xd2,0xde,0x46,0x97,0x78,0x39,0xb3,0xb8,0x73,0xd5,0xd7,0xd5,0xfd,0x8f,},{0xa5,0xee,0x02,0x4c,0xcd,0xbd,0xd4,0xc2,0x1a,0x24,0x70,0x9e,0xc5,0x3d,0xcc,0xb7,0xee,0x17,0x62,0x6d,0xd0,0x0a,0x09,0x3d,0x08,0x84,0xf5,0xb4,0x5c,0x4c,0x9d,0x16,0x91,0x84,0x01,0x51,0xc3,0x3c,0x8a,0xa0,0x7b,0x69,0xb3,0x4e,0x16,0xf6,0x16,0x47,0xeb,0xe7,0x93,0xae,0x4d,0xaa,0x70,0xcf,0xf4,0x8e,0x6a,0xb4,0x2f,0xfd,0xbc,0x00,},"\x18\x4d\xf5\xea\x32\x15\xeb\xe1\x80\x39\x0b\x0f\xf0\x42\xba\x23\x81\x15\x5a\x03\x8d\xc7\x32\xf7\x6a\x01\xc7\xe7\x0f\x82\xd1\xcc\xc9\xde\x9a\x05\x96\xb3\xfe\xe4\x47\x20\x9c\x99\x26\x84\xf6\x43\xdf\x21\xf4\xcf\x9d\x17\x92\x62\x79\x0e\x86\x23\xe4\x24\x72\xdc\x35\x19\x97\xe6\xda\x18\x9c\x07\xe1\xe8\x88\x2c\x07\xf8\x6c\x63\x37\xec\x01\x13\x91\x2c\xf9\x22\x15\xc8\xde\x19\x82\xb8\xfc\x57\xbf\xab\xc5\x5a\x3e\x87\x36\xf7\x36\x10\x42\x9d\x97\xfe\xb5\x1d\x79\x4f\x50\x5d\x0c\x5a\x0b\x3a\xbd\x48\xef\x7f\x55\xa6\x28\xf9\x0b\x85\x67\xa1\xc1\x5e\xa9\xd1\x90\xd7\xbf\x4e\xc2\xbc\x93\x34\xad\xa6\xcb\x92\x80\x8d\xfc\x20\x64\x83\x6f\xcf\xa4\x6b\x96\xfd\x7a\x5d\x6f\x4b\x05\x4d\xab\x09\xb7\x35\x95\xfe\xb8\x9e\xd0\x05\xb9\xec\x9d\x31\x88\x12\x1d\xe6\x96\x96\xd6\x4e\x7c\x7b\xbd\xfc\x1c\x46\x9f\xaf\x14\x8c\x38\xa7\x78\x59\x70\xaf\xe1\xac\xd0\x6a\x92\xc9\x94\x78\xfe\x44\x97\x4e\x3b\xb2\x09\x5e\x44\x67\xe9\xb2\xe9\x96"},
+{{0x0a,0x84,0xba,0xa5,0x4f,0x11,0xcf,0x17,0x09,0x0f,0xec,0x61,0xf3,0xf9,0x40,0x15,0x08,0xa3,0xa0,0x38,0x87,0xac,0xa1,0xa7,0x93,0x93,0x94,0xb1,0xee,0x40,0xa9,0x25,},{0x30,0x9a,0x73,0xc6,0x2d,0x23,0xd7,0x40,0xf2,0xe9,0x3c,0x18,0x58,0x7a,0xc1,0x5e,0x7e,0xc4,0x80,0xd2,0x5a,0xc0,0x79,0x4e,0x10,0xf8,0xcd,0x46,0x1c,0xc2,0xb1,0x30,},{0x4d,0x87,0x0b,0xd5,0x3a,0xf8,0xf1,0x3f,0x21,0x4d,0x99,0x34,0xec,0x90,0x3a,0xc4,0x82,0x84,0x09,0x2c,0xd9,0xb1,0x62,0xa4,0x4c,0xce,0xc8,0x51,0xfa,0x94,0x2d,0xe7,0x15,0xcc,0xda,0x07,0xb7,0x99,0x1d,0x71,0x27,0x23,0xe7,0xa4,0xd5,0xb4,0xf0,0x37,0x4a,0xb8,0x5a,0xc3,0x86,0x7e,0x0b,0x53,0xeb,0xc4,0x6b,0x53,0x0f,0x9f,0xed,0x05,},"\xfe\x70\x01\x7b\x14\x67\x8b\x0d\x3a\xd0\x3e\x18\x3d\x6f\x53\x31\x43\x78\x37\x9a\xb3\xda\x65\xb3\x51\x12\x57\xb3\xd5\x40\x86\xe8\x6f\x20\x31\x13\x90\x21\x39\x1a\xf9\xd7\x20\x85\xff\x7c\x3d\xc8\xc1\xe2\xd9\x1e\x53\x33\x38\x55\x42\x3d\x0f\x78\x5e\x2c\xc5\xf8\xb7\x79\x9f\xcf\x1b\x70\xe6\xbe\xcb\x78\x8e\x53\xe9\x02\x0f\x29\x95\xdd\xb0\xc3\x83\xa1\xf8\x10\x38\xfc\x3d\x54\x3c\xe0\xa3\x8c\x9c\x28\x8a\x9b\xc4\x07\x7f\x42\x77\xdc\xc6\xc5\x64\x22\x63\xfc\xfe\x19\x68\x80\x05\xa6\x03\xf5\x76\x75\xd2\x43\x4f\x3e\xd1\xf4\x6d\x32\xf1\x4e\xae\xb0\x73\xe8\x3e\xe7\x08\x6d\xa2\xfb\x67\x65\x9d\x3f\xb6\x8c\x62\x32\x0b\x77\x27\xb3\xb8\xea\x00\x65\x76\xbc\x2c\x7e\x6b\x5f\x1e\xce\xfa\x8b\x92\xe7\x0c\x92\xc8\x89\x51\xd0\xc1\x2d\x91\xde\x80\x1c\x38\xb7\xca\x5a\x0a\x04\xb4\xc3\x42\x9a\xba\x86\x38\x6e\x96\xe0\x6a\xfd\x20\xd4\xc5\xc2\xfe\x2b\x9b\x42\x73\xeb\x05\x20\x1a\x79\x27\x3a\xbd\xbe\xb3\x7e\xd1\x83\x0d\x22\x6b\x6b\xdb"},
+{{0x38,0x37,0x94,0x23,0xda,0xfd,0xbf,0x25,0xe1,0x9d,0x72,0x31,0xbd,0xdd,0x80,0xb4,0xce,0xfc,0xfe,0x2a,0xed,0x93,0x25,0x84,0xdf,0xa0,0xcc,0x3c,0x9f,0x92,0x32,0xde,},{0x59,0x7e,0x81,0xdc,0xee,0x94,0x48,0xb7,0x7d,0xe6,0x82,0x9e,0x79,0x21,0xc8,0xa3,0x90,0x53,0x5d,0x89,0xa0,0x84,0x94,0x30,0xae,0xd6,0x63,0x64,0xee,0x14,0x0d,0x8b,},{0xd8,0xb5,0x0a,0x88,0xae,0xd6,0xf2,0xa9,0x6d,0x08,0x22,0x13,0xad,0xf8,0xb2,0x51,0x9f,0x6a,0x0b,0xbd,0x30,0xdd,0x3c,0xb0,0xf3,0xfd,0x3c,0xe1,0xc6,0x43,0xfc,0x02,0x99,0x46,0xcd,0x43,0x46,0x2e,0xd2,0x25,0x13,0xf1,0xd6,0x5f,0xca,0x24,0xbd,0xe3,0x81,0x81,0x66,0xba,0xa8,0x6d,0xaa,0x79,0x87,0x92,0xaf,0xaf,0xe0,0xc1,0xa1,0x0a,},"\x36\x12\x5c\xa6\x66\x68\x80\x29\x06\x23\x7e\x63\xa2\xfe\x5a\xe6\x10\xf1\x1a\x7c\xf9\x25\x20\xd1\x9e\x66\x90\xa3\xad\xfa\xfd\x5d\x07\xa7\x84\xbc\x1a\x0e\x18\x52\x73\xd1\x1d\x34\x0d\x5e\xff\x90\x15\x97\xde\xdf\x45\x0c\x46\x99\xd4\x3f\x3f\xb1\x68\xd5\x57\xf6\xc9\xc0\x30\x77\xc3\xcd\xc3\x70\xd3\x48\x32\xcc\xdf\x2a\x8e\x3d\x75\x79\x64\x90\xed\x02\x42\x89\x9d\x25\xdd\xf4\x4b\xfc\x66\xf3\x29\xcf\x4c\x45\x16\x87\x03\xc3\x1b\xc9\x20\x2d\x89\x0f\x39\x69\xff\xd3\xac\x35\xa1\x28\x18\xdc\xa7\x51\xce\xb8\x80\x8f\xe8\x1e\xfa\x26\xa5\xe0\xd2\x00\xc5\xec\x1d\x94\xa5\x09\x7e\xa7\x4b\x64\x98\xfe\x28\x8f\x30\xc4\x8d\x72\x7e\x9d\x3d\x35\xc8\xe1\x2d\x85\x42\x07\x02\x55\x6f\x28\x61\x48\x4f\xfd\x09\xb4\xf1\x22\x65\xcc\x9a\xba\xfe\xb8\x2c\xf5\x90\x02\x88\x95\xa7\xd0\x50\xff\x57\xcc\xf5\xf2\x80\x22\xd0\x16\xab\x40\x94\xb0\x62\xe4\x8b\x66\xfd\x36\xd1\xe1\x96\x26\xe5\x21\x5e\xfa\x40\xfb\x7e\x3b\x70\x62\xf8\x1e\x95\x48\x30\xc9"},
+{{0xf9,0x25,0xd2,0x74,0xaa,0xf1,0xfe,0x1a,0x21,0x65,0x62,0x37,0x38,0x5e,0x97,0xf7,0x78,0x3e,0x78,0x09,0x0c,0x5d,0x42,0x17,0xfe,0xce,0x70,0x57,0xc8,0x0f,0x42,0x6d,},{0x3b,0x0f,0xc3,0x70,0xbe,0x3a,0x4b,0x19,0xa8,0x8a,0xb9,0x98,0xc5,0x95,0x04,0xff,0xb5,0x9a,0x87,0x60,0x63,0x38,0xe6,0x73,0xdf,0x5b,0x3f,0xab,0x4d,0x9b,0xfb,0x8d,},{0x79,0x54,0x9a,0x31,0x7d,0x10,0xa0,0xbe,0x32,0x2a,0x94,0xa1,0x51,0xad,0x11,0xe7,0x7e,0xfc,0x48,0x36,0xcc,0x80,0x06,0xa8,0x50,0x81,0x27,0x3d,0x76,0x02,0xa6,0x38,0x96,0x3a,0x9c,0xaf,0x19,0xc3,0xed,0xf1,0xe2,0x5f,0xad,0x1e,0x9d,0x68,0x70,0x1a,0x71,0xde,0xa7,0x27,0xda,0x6a,0x5c,0x5b,0xca,0xc9,0x33,0x95,0x89,0x22,0x4b,0x05,},"\x14\x3c\xaa\xfa\x5f\x62\xb1\x3e\x43\xdf\xfa\x49\xd4\x20\xfa\x99\xf7\x71\xb1\x92\x6d\x40\xd6\xcb\x2b\xbb\x42\x7f\x27\xb6\xc2\x66\xeb\x3d\xeb\x2d\x8b\xbb\xd4\x7b\x82\x14\xad\x40\x25\x1c\xb1\x90\x7a\xd6\x5e\xb9\x41\x93\xe5\x4a\xd8\x5c\x67\x00\xb4\x18\x9e\x80\xf1\xcc\x01\x54\xc6\x3e\xd1\x51\xa8\xbb\xbd\x30\xe0\x16\x37\xca\x58\xe7\x0a\xa3\xee\x52\xef\x75\xd0\x87\x30\x78\xa4\x05\x01\x4f\x78\x6e\xb2\xd7\x7b\x7f\x44\x22\xf9\x27\x82\x3e\x47\x5e\x05\xb2\x42\x45\xf9\x06\x8a\x67\xf1\x4f\x4f\x3c\xfb\x1e\xb3\x0b\xfe\xde\x7b\x32\x62\x23\x0c\xed\x9e\x31\x36\x1d\xb1\x96\x36\xb2\xc1\x2f\xdf\x1b\x9c\x14\x51\x0a\xcd\x5b\xc1\x8c\x0d\xdf\x76\x35\xe0\x03\x50\x3e\x6f\x71\xe1\xc3\x65\xcd\xfb\x4c\x65\xee\x75\xb4\xde\x06\x94\xaf\x87\x07\x63\x74\xd6\x31\xe6\xc4\xb8\xe2\x40\xfa\x51\xda\xb5\xe1\xf8\x0c\xa2\xa0\x6c\x49\xf4\x2e\xa0\x9e\x04\x75\xde\xfb\x18\x4d\x9c\xde\x9f\x58\xf9\x59\xe6\x40\x92\xaa\xc8\xf2\x02\x7e\x46\x81\x26\xf2\xfb"},
+{{0x97,0x1f,0x80,0x6b,0xe6,0xf0,0x7d,0x41,0xbe,0x88,0x30,0xff,0x8d,0xae,0x70,0x4b,0x08,0x63,0x8a,0xd6,0xcf,0xf7,0x22,0xd8,0x43,0x25,0x38,0x12,0x7b,0x76,0x96,0x25,},{0xaf,0x6a,0xc9,0x8d,0xce,0x20,0x78,0xa6,0xc7,0x3f,0x60,0x97,0xba,0xb6,0x3f,0x20,0x5c,0xaf,0x69,0x53,0xaf,0xa2,0x84,0xd0,0x42,0xbd,0x50,0xa4,0xfc,0xe9,0x6c,0xb4,},{0x20,0x37,0xa0,0xa7,0x67,0x4b,0x84,0xff,0x27,0xd0,0xb2,0x2f,0x62,0xb4,0xba,0xc6,0x5e,0x2d,0xc0,0xf5,0xfd,0xc8,0x99,0xfe,0xb7,0x80,0x0f,0x25,0xc2,0x99,0x81,0xde,0xe6,0x41,0xc5,0xa5,0x0f,0x8b,0x94,0x10,0x97,0x0b,0x49,0xd2,0xd5,0x36,0x58,0xc8,0x9e,0xe1,0x69,0x61,0xdc,0xcf,0x53,0x91,0xa6,0x91,0x8f,0x2a,0x84,0xea,0xda,0x0b,},"\x01\x34\x55\xd0\x49\xaa\x54\xed\x99\x5f\xbd\x94\xe6\x36\x99\x55\x49\x53\x95\xe4\x43\x88\x22\x25\x9b\x10\x60\xe9\xa3\x47\x79\x04\x2a\x1a\x69\x21\x1f\x6e\xa2\x07\x73\x99\xdd\x23\x48\x06\xba\x0b\x35\x3c\xd7\x9a\x57\xe1\xc4\x9b\x25\x0a\xb2\x71\x06\xdc\xde\x57\x6e\xcf\xa1\x15\xea\xe4\x61\xfe\xbb\x12\xd2\xda\x25\xff\xcf\x17\xb7\x15\xf8\xd9\x5c\x2f\x0c\x42\x5d\x5a\x81\xf7\x00\x11\x5b\x70\xd4\x9e\x1c\xfe\x49\xfc\xaa\x14\xfa\x20\x5e\x28\xec\x85\x24\x7f\x1a\x6e\x71\x28\xbf\x3b\xb3\x06\x0d\xc0\x84\x64\xbd\xa6\x53\x85\x40\xd0\xac\x47\x20\x93\xe5\xa0\x72\x0f\xde\x2f\x3d\xc4\x78\x8e\x0e\x9b\x0d\xbf\xe2\xa2\xb5\xf1\xa0\xf3\xf8\x0d\xe9\x84\x02\x5b\x15\xc6\x5a\xf7\x7f\x67\x1e\x1c\x5e\x28\x40\x44\x4d\xe5\xc7\xed\xa0\x25\xe6\xdc\x1a\x3f\xf1\x6e\x26\xcc\x54\xcd\xee\xd5\x6b\xe7\x3f\x9b\x01\xab\x2b\x1b\xc1\x6c\x8e\xf5\x8a\x5b\x76\xdd\x47\x28\x78\x07\xe5\xc5\x0f\x0d\x7c\x0a\x5b\x81\x20\xdf\xde\x64\x5a\x01\x2c\x5c\xf1\x14\x91\xbc"},
+{{0x2b,0xb0,0x65,0x2f,0x8f,0xff,0x69,0x01,0x99,0x11,0x48,0xc6,0x8a,0x32,0x67,0x87,0x72,0x71,0x00,0x6a,0xe9,0x58,0x91,0x49,0xbb,0x20,0x68,0x50,0xcd,0xf5,0x2f,0xb0,},{0xc0,0x3b,0x77,0xbe,0x98,0x3e,0x74,0xa2,0x34,0xc1,0x98,0x64,0x96,0xb2,0x92,0xe1,0x39,0x99,0x2e,0xb7,0x52,0x9e,0x70,0xb3,0xaf,0xad,0x7a,0xe4,0xfd,0xcf,0x8a,0x66,},{0x4e,0x15,0x8d,0xea,0xae,0xc3,0xd8,0x89,0x41,0x29,0x6a,0xf2,0xd2,0x73,0x41,0x01,0x2b,0x02,0x41,0xd4,0xe0,0xf4,0x6e,0x43,0x5e,0x37,0x5c,0x98,0x75,0xe8,0x9f,0x5e,0x32,0xc0,0x57,0xb5,0x27,0xbc,0x34,0x11,0xaf,0x09,0x6a,0x77,0xbf,0xce,0xb4,0x5b,0x98,0x3e,0xfe,0x45,0x5e,0x3f,0x03,0x15,0x5d,0x6b,0xc7,0xb0,0xac,0xc8,0xe6,0x0c,},"\xb9\x23\xca\x67\xe3\x96\xd8\x65\x6f\xa3\xdb\xce\x82\x89\xa3\x8b\xd3\xc1\x28\xce\xfb\x30\xef\xc1\x86\x2b\xb9\x44\xb4\x50\x78\x05\x41\x98\x24\xce\x2b\x83\xd6\x90\xef\x4c\xf1\x07\x49\x28\x17\x14\x3b\xf6\x4c\x02\x49\x89\xaf\x1a\x7d\x2e\x1f\x5a\xc9\x78\x74\xf8\x6b\xb0\xd3\x77\x3f\xf8\x40\xf5\x14\xd9\xa1\x39\x4a\x39\x59\xb0\x11\xd3\xa6\xb8\x16\xa3\xfa\xe5\xde\x17\xb2\xa9\xff\x34\x98\x63\xd2\x7f\xbb\xb5\x0c\xca\x73\x41\x08\x75\x10\x00\xd6\x35\x8c\xa0\x64\x7a\x93\xeb\x49\xe2\xe7\xaf\x06\x28\x7d\x48\xf2\xc0\x9d\x5c\x1c\x73\xe4\xd8\xf7\x7e\xa2\xbc\xaa\x73\x56\x79\x5b\x26\x72\x87\x19\xbe\xd5\xff\xdb\x82\x15\x78\xbd\x5d\x66\xbf\x92\xed\xaf\x8b\x23\x8b\x2b\xbd\x7d\x1e\x2c\x30\xa7\x87\xf9\x01\xa3\x3d\x0a\x76\x66\x9a\x9c\x3c\x7f\x2b\x55\x2c\xcb\x83\x49\xc7\xde\xd5\xe1\xa4\x61\x70\xcf\x28\xe3\x59\xe2\xfd\xd5\x4b\x05\xa5\x62\xf5\x28\xc6\x8a\x56\x97\x4d\xf8\x2d\x46\x66\x37\xc8\xe5\x32\x46\xa7\x21\x7e\x43\x86\x80\x1e\x0e\x32\x66"},
+{{0xdb,0x9b,0x81,0x2c,0xb3,0xc7,0xc0,0x3b,0x97,0x7f,0x48,0x7d,0x3d,0x65,0xcc,0xd9,0xcd,0x2f,0x3d,0xee,0x11,0x60,0x20,0x67,0xdb,0xfb,0x72,0xb5,0x89,0xff,0x3f,0x79,},{0xff,0xa0,0x38,0xad,0x8c,0x3b,0x37,0x8c,0xe7,0x5d,0x65,0x84,0x4d,0x08,0xe3,0xd6,0xa9,0x2d,0x19,0x4a,0x1b,0x78,0x62,0xe9,0xd9,0x72,0x0d,0x20,0x67,0x9b,0x29,0x44,},{0xa6,0x28,0xa7,0x74,0x21,0xb2,0xab,0xab,0x57,0x6e,0xed,0x35,0xd2,0xee,0x3d,0x14,0x56,0x1b,0x21,0xfa,0x14,0xa6,0xe2,0xfa,0xc2,0x63,0xc3,0xea,0xdd,0x79,0xf2,0xfc,0x06,0x69,0xf9,0x42,0x9b,0x91,0x0b,0x84,0x22,0xb4,0xb2,0x9a,0xc0,0x26,0xa4,0x2e,0x98,0xd1,0x81,0xbe,0x35,0x07,0xc5,0xed,0x7c,0x74,0x8a,0x1f,0xdc,0xf1,0xd8,0x07,},"\xa7\x00\x92\xc7\x69\x7c\xd4\xa2\x09\x56\x7c\x38\xba\x7f\xb7\x1a\xa8\xf1\x5e\x58\x27\xa2\x08\x76\x92\x39\x43\xfd\x6a\xdc\x65\x9c\x98\x67\xac\x6f\x58\xa6\x1d\xc7\xce\xc3\xd3\x62\x41\x16\x82\x00\x0c\x1a\x9a\xd1\x29\x5e\xb8\xb7\x0f\x24\x2d\x86\xb5\x86\x5e\xb7\x6b\x87\xe3\xf2\xc6\x94\x1d\x26\x12\xee\x3b\xcd\xe8\xf1\x97\x65\x56\x67\x33\x15\x2e\xf5\x4e\x95\x69\x09\x43\x28\x5f\x78\xb3\x75\xf4\x03\x65\x85\xd4\x73\x9d\xee\xde\xef\x6d\x94\x6d\xb6\x1c\xa4\x58\xef\x4f\x65\x0d\xa9\x63\xc3\x85\xe2\x9d\xfd\xee\x41\x5f\xe4\x95\x84\x5f\x55\x19\x7a\x87\x0f\x8c\xde\xb5\xa0\x10\xba\x6b\xbb\x32\xbf\x1a\x58\x8c\xc7\x74\xd4\x89\x01\x84\xc4\xb2\x92\x4a\x5b\x80\x73\x31\x3b\xce\x22\x65\x85\xf1\xad\xfc\x22\x9c\x90\xbc\x6c\xc9\xd2\x12\xe6\x2f\x05\xd3\x3b\xed\xac\x96\x1d\x77\xcf\x8c\x26\x20\xe4\x51\xde\x81\x7f\x8c\x1b\xb1\x6a\x2c\x59\xff\x80\x4b\x63\x5a\x73\xa8\xcf\x8c\x18\x1b\x3f\x94\x01\xc3\xb6\x43\xd1\x8a\x2f\x70\x6e\xa9\xca\xe4\x70\x71\xa6"},
+{{0xce,0x37,0x9b,0xbe,0x2f,0xa8,0xab,0xcb,0xa5,0x1c,0x7a,0x75,0x43,0xde,0x5b,0x71,0x80,0x77,0x1b,0x3c,0x44,0xbc,0x6b,0x41,0x89,0x2e,0x7b,0x88,0x97,0x9b,0xab,0x90,},{0x7f,0x3c,0xff,0x89,0xf4,0x1b,0xab,0xf4,0xfa,0x64,0xcb,0xa3,0x3a,0x5b,0xb1,0x7f,0x41,0x3b,0xbf,0x2a,0x1e,0x11,0x2b,0x50,0xa8,0xe9,0xb1,0xf8,0x21,0xd8,0x49,0xbf,},{0xda,0x98,0xdf,0xb1,0x89,0x38,0x5b,0x2c,0x85,0x3b,0x6c,0xf3,0x75,0x73,0x80,0x46,0xa8,0xf2,0x7e,0xf2,0x79,0x74,0xab,0xce,0xce,0xa1,0xdb,0x02,0x98,0x9b,0x95,0x1f,0xe4,0x33,0xa6,0xce,0x1e,0x22,0x5b,0x3f,0xa8,0x20,0x32,0xfe,0x06,0x0a,0x7d,0x3f,0x6c,0x18,0x3f,0xd1,0x15,0x7f,0x79,0x1a,0x06,0x4b,0x40,0x76,0x50,0x57,0x16,0x00,},"\x00\x1a\x74\xf0\x95\xc8\x14\xd3\xbe\xed\x67\xa8\xd1\x5f\xc1\x8e\xfe\x23\x5d\xc3\xf6\x45\x78\x12\xa4\x03\x9b\x7a\x46\xfe\x9a\x0e\x9d\xe8\x1a\x7a\x4e\x5f\xba\xb5\xeb\xe9\xe1\xe4\x80\x1b\xd1\x1b\x45\xc9\xf7\xad\x06\x36\xa0\x9b\xff\x42\x16\x4b\xe5\x74\x9a\x04\xc0\x2f\x0a\xb6\x1f\x0e\xcf\xdf\xef\x79\x9b\x82\x7d\xa6\xa2\x74\xc8\xd3\xb3\x9f\x2e\x38\x05\xa6\x79\x12\x87\xee\xdb\x23\x14\xd3\xf8\x42\xb5\x58\xb9\xb4\x89\xaf\xe1\xed\x37\xbb\xbc\xfc\x5e\x60\xa4\x31\xd5\xac\x60\xb3\x9e\x94\x6d\x90\x3d\x6b\xf6\xb1\x40\xe1\x2c\x7e\x07\xf9\xed\x7a\xc4\x6a\x39\x99\xc6\x24\x5c\x8a\xb1\xbd\xb2\x18\x79\xa3\x17\xa3\xdc\xd2\x57\xa5\xc4\xf3\x49\xb7\xf5\x9e\x4e\x43\xd6\x2d\x9f\x1c\xd1\x6f\x51\x8f\x1c\xa6\xca\xd3\x7e\x2c\xb2\x0f\x25\x98\xc4\x13\x42\x91\xc6\xb8\xa9\x8a\xae\x52\x47\xe2\x6e\xef\xb7\x6a\xa3\x8c\x9c\x82\x31\xc1\x7e\x9d\xbf\x27\x1c\xec\x80\xfb\xa5\xb4\xa8\x34\xbd\x9b\xe8\x1e\xa8\x41\x63\x7a\xa9\xcd\xd4\xc4\xbf\x26\xd7\xad\x24\xca\x3c"},
+{{0x2b,0x2e,0xe8,0x09,0xd6,0x47,0x02,0x3e,0x7b,0x77,0xfc,0x54,0x1f,0x44,0x87,0x5a,0x35,0xfa,0x94,0x1d,0x37,0xf7,0xc5,0xb2,0x1f,0xd3,0x49,0x34,0xd2,0x39,0x19,0x35,},{0x2c,0x29,0xd5,0x3e,0x1b,0xf2,0xc7,0x87,0x9d,0x73,0xd2,0x0b,0xa8,0x8c,0xa0,0x7a,0x0b,0x21,0x6d,0x7f,0x6d,0x05,0xd9,0x36,0x63,0xa6,0x5c,0x3d,0x9e,0x10,0x63,0x3a,},{0x12,0xd9,0x06,0x85,0x77,0x55,0x72,0xc9,0xea,0xbc,0x9b,0xe2,0x57,0x4c,0xa9,0xae,0x66,0xf0,0xe6,0x52,0xe5,0x78,0xb2,0x17,0x36,0xcd,0x6e,0x65,0x4f,0x7c,0x6b,0x15,0x45,0x88,0x3d,0x56,0xbf,0x76,0x0c,0xcf,0xc3,0xcf,0x87,0x54,0x4e,0x00,0x04,0xc7,0x98,0x06,0x12,0x57,0xe1,0x30,0x03,0x0c,0xb9,0x97,0xa7,0x88,0x36,0x9a,0x9a,0x05,},"\xc4\x14\x7d\x64\xeb\xfd\xa4\x1a\x1b\xe5\x97\x72\x62\x95\x81\x04\xe9\x40\xc3\x87\x6b\xcd\x5b\x69\x56\xac\xfd\xec\x32\xc6\x60\x91\x4d\x62\x62\x3c\x21\x06\x63\xcb\x2c\xbe\x62\x49\xd7\xf5\x27\x49\x91\xc6\x0e\x95\x0e\x8e\x28\x09\x04\x99\x53\xc6\x95\x81\xd2\x46\x9f\x4f\xe9\x82\xc7\x43\x4f\xed\xd9\xd4\xe0\x0a\xe0\x88\x96\xd6\x2c\xc1\xfb\x98\x4d\xd2\x33\x15\x0c\xc2\x48\x3e\x15\x9c\xff\x40\x97\xdf\x8c\x03\x6b\xb6\x33\x00\x3a\xbb\xfb\xe1\x8c\x8f\xa7\x9b\x5a\x22\x27\x08\x38\x12\x3f\xc9\xbe\x39\xb8\x89\x2c\x80\x38\x4a\x38\x50\x28\xc1\xa8\x1e\xc5\x8c\x8f\x21\x06\x0e\x78\xaf\xd2\xc0\x4b\xfd\x2d\x30\xca\x39\x77\xc6\xed\xad\x51\x8c\xc1\xe2\x00\x4c\xdc\x14\xbf\x3d\x15\xf5\xf5\x28\xe5\xaf\x27\x7f\xa1\x82\x27\x58\x70\xe5\xc0\x12\xf5\xf8\x2f\xb1\xaf\xd0\x4e\xdd\xe4\x57\x8d\xdd\x21\x60\xa1\xa3\xdb\xc0\x50\xe8\x0b\xdd\x81\x1b\xc8\x8e\xad\x79\xbf\x93\xf0\x10\xcd\x0f\xd4\x43\x3d\x0b\xc3\x48\xda\xcf\xd0\x94\x7c\xce\xda\x62\xbf\xa4\x97\x11\xd0\x13"},
+{{0x4e,0xa1,0x8d,0x6b,0x4a,0xf8,0x05,0x3b,0x88,0x5e,0xc1,0x88,0xbe,0x48,0xde,0xb8,0x6f,0xfb,0x2a,0x69,0xa4,0xce,0xc8,0x66,0x37,0xbb,0xd7,0xb4,0x1b,0x80,0x7c,0x46,},{0xe5,0x98,0x60,0x59,0x97,0x62,0x33,0xed,0x77,0x38,0x2c,0x3d,0x99,0x59,0xf3,0x4e,0x31,0x79,0x62,0x69,0x65,0x53,0xe8,0x6e,0xd1,0xe5,0x90,0x2c,0x4b,0xed,0xd1,0x67,},{0x27,0x57,0x0c,0x00,0x2a,0x48,0x7d,0x00,0x0c,0xa3,0x92,0x8b,0x83,0xcb,0x43,0x19,0x72,0x2c,0x46,0xdf,0xb4,0xcc,0xa2,0x60,0xde,0x79,0x0e,0xc0,0xe3,0xc1,0x93,0x26,0x88,0xf8,0x73,0x62,0x95,0x28,0x18,0xb5,0x4f,0x51,0xbc,0x7a,0xee,0xb2,0x63,0xf9,0x60,0xbc,0x0d,0xa8,0x96,0x4b,0xf3,0x12,0xef,0x93,0xe8,0x1f,0x06,0xc8,0x0b,0x04,},"\xe9\xc8\x9a\x1a\x11\x19\x37\x32\x06\xce\x40\xed\xe3\xb8\x9a\x82\xf8\x94\x62\xa1\xde\xe9\xe7\x89\xe9\x84\x5e\xec\x21\xf5\x71\xc0\xfa\xef\xd4\x30\xad\x33\x8e\x4a\x72\xc0\x47\xa3\x9a\x42\x59\x58\x03\x87\xfb\x9a\xac\xad\xdc\x36\xa2\xb5\x1e\x7b\x60\xa8\x7c\xa1\x32\x1f\xf8\x06\x79\x4c\xd6\xdd\x45\x49\xa4\xdf\x45\xc2\xda\xe3\xe5\x39\xc4\xd7\xd0\x6b\x6e\x6e\x9f\x46\x6f\xfc\xa2\xfa\x49\x78\xce\x3d\xc7\x92\xe4\x4a\x62\x83\x88\x0c\xd1\x38\xa7\x5a\x22\x6f\x98\x5d\xa4\x1f\xfd\xc0\xe3\x2a\x5a\x85\xc8\x5f\xe9\xa4\x3a\xe7\x8f\xcf\xe5\x7f\x4d\xd7\x54\x0a\x6d\xd3\x92\x4a\x49\xab\x39\xeb\x69\x95\x0d\x42\x11\x51\xd9\x6b\x1e\x4f\xd3\x93\x58\x90\xf6\x34\xcd\x52\xa7\x3a\x75\x5f\x5c\x2f\xb7\x2f\x9c\xd5\xa2\xe6\x7e\xa9\x30\x91\x5e\x13\x3b\x47\xcf\x6b\x7c\x10\xa9\xd8\x89\xc6\xaf\x6b\x5f\x1f\x4f\x51\x09\x4d\x27\xfb\xba\x22\x8a\xc2\x26\x8b\x34\x40\x27\xfd\x49\xe4\x26\x34\x3c\xc0\x13\x43\x99\xb4\xb5\x10\xaa\xea\x50\x23\x4d\xf4\x2c\x37\xfa\x1c\x4f\x4d\x0e"},
+{{0xfc,0x1b,0x75,0xd1,0x7d,0x38,0x07,0x21,0x73,0x51,0xd2,0xaa,0x40,0xd9,0xb0,0x4f,0x52,0x5b,0x89,0xed,0x3f,0x5f,0xcd,0xb3,0x11,0xbe,0xc2,0xae,0xc5,0xcb,0x7e,0xce,},{0x55,0xe4,0x84,0xe7,0x74,0xa4,0x39,0x2a,0x9d,0x6e,0xef,0xf8,0x35,0xa8,0xfb,0xb2,0x32,0xcf,0x62,0x76,0xa8,0x9c,0x74,0xfc,0x0d,0x1b,0xb2,0x04,0x5a,0x8b,0x21,0xbe,},{0x9a,0x68,0xd1,0x51,0xfe,0xa3,0x90,0x98,0x93,0x35,0x9e,0x60,0xb9,0x6b,0x68,0xb2,0xa3,0xe2,0x94,0x6f,0x2b,0x47,0xb8,0x75,0x39,0x8a,0x1e,0x39,0xeb,0x01,0x46,0x3d,0x35,0xea,0xe7,0xd9,0x76,0xf8,0x33,0xa7,0x62,0xb5,0x1f,0x27,0x26,0xee,0x0d,0xcc,0xad,0x5c,0xe3,0x60,0x05,0x64,0xfd,0x9d,0xd5,0x8c,0x23,0x80,0x7f,0xdf,0xfd,0x05,},"\xd0\x31\xbd\x11\xda\x30\x80\x97\xe3\xbe\xb6\xff\xdb\x26\x00\xee\x6a\x19\x3c\xa6\xd8\x32\x45\x01\xc9\x72\xb1\xa2\x51\x66\xfa\x7a\x36\x9f\x5b\xc8\x82\xea\x45\x61\x2c\xf0\x25\x80\x25\x4d\x21\xb4\x0b\x03\x63\x23\x7e\x83\x5d\xae\x26\x56\xc1\xb7\xf4\x73\x6e\x88\xbe\x53\xd6\xb1\x19\xc0\x7f\x57\x29\xbb\xd8\x2f\x67\xde\x03\x58\x83\x22\x87\x92\x43\xc5\x99\x0a\x7e\x61\xf5\x69\x07\xb2\x41\x71\xa5\x7c\xbb\x0b\xbe\xfb\xa2\x31\x62\x77\xaf\x93\x26\xf9\xcb\xf3\x53\x8b\xcb\xf6\x78\x0b\xe4\x18\x25\xa2\xca\x77\x4b\x41\xbd\xb1\xcd\x5c\x60\x88\x51\xec\x23\x39\xeb\x2f\x4f\xee\xdd\xaa\x89\x1a\x63\x26\xb2\x9d\x97\xd7\xfb\xf3\x11\xe3\xbb\x74\x9c\x5d\x4c\x05\x8d\xcc\x14\xf4\x52\xf9\x33\x49\x91\xe2\x71\xc1\x6d\x65\x08\xc8\x18\x63\x39\x27\xf4\x29\x80\x4c\xa7\xa3\x81\x70\xf1\xb9\xf6\xbd\x73\xed\x67\x5e\x11\xe8\xc0\xd3\x21\xfa\xc9\x12\x73\x0b\x4b\xa2\xf7\xc4\x28\x53\x4a\xdc\xaa\x4d\xad\x31\x4c\x55\x80\x7e\x6c\x64\x2d\x49\x4c\x6b\x2f\x0e\x8c\xd1\x29\x77\x5c\xc0"},
+{{0x0d,0x0b,0xf4,0xd4,0x2e,0xf8,0x10,0xb1,0x79,0xeb,0x84,0x17,0x71,0xde,0x6d,0xbd,0xe7,0x63,0x61,0xca,0xf8,0x94,0xe4,0x2a,0x14,0xb1,0xe0,0x97,0x87,0xea,0x3e,0x06,},{0x71,0x71,0x51,0x0b,0x43,0xfc,0x17,0xef,0xa8,0x0b,0x15,0xe3,0x20,0xb1,0xb0,0xa4,0x08,0x33,0x25,0x42,0xe0,0xd3,0x6e,0x4a,0xb9,0xa6,0x49,0xcd,0x94,0x1b,0x5a,0xed,},{0x24,0x44,0x6b,0xdf,0x03,0x41,0x6a,0x4d,0x08,0x61,0x44,0x66,0xfb,0x85,0x1d,0xb5,0x0e,0x91,0xa6,0x23,0xca,0xcd,0x1b,0x0b,0x35,0x66,0x0f,0x3c,0xf9,0x33,0x20,0x0e,0x15,0x30,0x87,0x08,0xda,0x34,0x99,0xa5,0xad,0x25,0xf0,0xf0,0x30,0x6b,0x79,0x42,0x76,0x2e,0x20,0xa7,0x65,0xb7,0xca,0x9b,0x90,0x1c,0x75,0x0b,0x3a,0x95,0x32,0x0a,},"\x8e\x21\x79\x97\x5d\x0a\x8e\x5a\x69\xfe\x87\x5a\x3c\xb1\xe7\x9a\xec\x49\xc3\x85\x3e\x30\xdd\x03\x20\xfe\x3e\xbf\xb6\x38\xb8\x2f\x89\xad\x16\x43\x03\x6b\x37\xe5\x6e\x0b\x55\xe0\xa9\xe2\x2a\x4e\x28\x3d\x7a\x27\x48\x5c\xe9\x10\x2d\xb6\x78\x7d\x66\x28\xb7\x79\x13\xe1\x08\x96\x77\x4e\x49\x5c\x26\xe8\xba\xb2\x6e\x7f\x9a\x94\xd2\x9a\xaa\x36\xae\xc9\xc2\x6a\xd3\xf5\x0e\x5d\x8c\x0b\x76\x98\xbb\x5f\x01\xb8\x76\xd0\xd6\x5f\xcf\x5e\x9e\x32\xcd\x7b\x89\x82\x9e\xd0\x5b\x0b\x8f\x63\xa9\x38\x58\x98\x5b\xc9\x56\x9f\xce\x42\x9f\xd3\x7a\x21\x1a\xbe\xd6\x50\xf5\x85\xc3\xb5\x59\x00\x44\x3b\x6c\x5d\x6e\x8a\x48\xba\x67\xde\xee\xd0\x7b\x76\xe9\x69\xfc\x88\x43\x0f\xce\x27\x09\xc0\xbb\x5c\xe9\x26\xab\x7f\x44\xe0\xcd\x79\xf4\xec\x35\x9e\xf7\x67\x48\x88\x3f\xcc\x3d\x02\x6e\xdd\x06\xc8\xb9\xcb\xa5\x4b\x99\x0d\x30\xaa\x41\xf1\x44\x8a\x10\x89\x3f\xb0\x53\x92\x80\xc5\x99\xd4\x23\x61\x43\x3a\x34\xcd\xaf\xd8\xeb\xdd\x92\xef\xb9\xc3\x8a\x36\xda\xf4\xc7\x40\x60\xc6\x96"},
+{{0x57,0xb5,0x19,0x4d,0x26,0xab,0xe4,0xab,0x21,0x16,0xc0,0xf0,0x3d,0x23,0xdb,0xe1,0x16,0xd4,0x88,0x25,0xa2,0x5e,0x77,0xd6,0x46,0x48,0xb4,0x36,0x92,0xae,0x25,0xbf,},{0x49,0x9c,0x02,0xdb,0xad,0x2a,0x4e,0xab,0x3b,0x6f,0xf1,0xab,0xa3,0x94,0x4b,0x91,0xc3,0xf2,0x73,0xa3,0x82,0xc5,0x48,0xa6,0xf3,0xa1,0x9c,0x83,0xf0,0xa8,0x67,0x24,},{0x4c,0x73,0x45,0x96,0x0c,0x8f,0xd4,0x8a,0x7d,0xea,0xd7,0x1d,0xbd,0x61,0x90,0x84,0x68,0xef,0xa8,0x65,0xa1,0x35,0x56,0x8c,0x8f,0x9c,0xa0,0x05,0x54,0x83,0x46,0x86,0x17,0xa7,0xe3,0x35,0x84,0x0f,0x57,0xc6,0xcd,0x8f,0x2c,0x98,0x05,0xcd,0x47,0xa9,0xd7,0xcd,0xfd,0xe5,0x3d,0xa8,0xef,0x4f,0x1a,0xdb,0xb6,0xf6,0x98,0xaa,0xf1,0x00,},"\xb4\x81\x3c\x9d\x13\x21\x5f\xe9\xf6\x3a\x78\xff\x7a\xc9\x51\x73\xeb\x81\x0b\x46\x13\xf0\xf4\x8d\x68\x76\xb2\xbd\x3b\x2c\x72\xbc\x7d\x98\xcb\x1a\xc3\x2b\xc4\x1c\xa4\x7f\x09\x89\x6f\x79\x20\x4e\xcf\xb8\x26\x4c\xe8\xf3\xc3\xe7\x6d\xc1\x24\xda\x8d\xdc\x6e\x0d\xfc\x1e\x13\xb5\xa5\x29\xf2\x0c\x82\x61\x3f\xb9\xa8\x2e\x5f\x5d\x77\x32\x6a\x86\x1f\xae\xda\xbc\x73\x25\xc5\x9a\xf3\x3d\xae\x67\x44\x02\x5e\x64\x97\x74\xfc\x4f\x79\x13\x4b\xf9\xf6\xe3\xd5\x87\x5d\xd9\x1b\xc8\xa1\x4c\xc3\x6a\x66\x28\x3d\x01\xd8\xd1\x08\xc1\x33\x27\xec\xa5\x30\x57\xba\x50\xbf\x21\x0c\x19\xf1\x39\xde\x64\x94\x98\x26\x46\x19\x8a\x12\x46\xc2\x71\xb0\xa3\x68\xc1\x0a\xab\x95\xcd\x89\x61\x23\x5d\x74\x2d\xf4\x54\x5b\xe6\x8b\xd0\x10\xdc\x0d\xb2\x3b\x67\x3e\x62\x36\x09\xe4\x20\xee\x76\xb1\x05\x6c\x52\x0f\x9c\xe8\xfb\xe8\xee\x18\x63\xdf\x97\xd1\x7b\x71\x74\x63\x6c\x3a\x2b\x61\x22\x95\x09\x19\x48\x81\x0d\x1d\x4b\x8a\x58\x43\x76\x0a\x28\x87\xdc\x55\xef\x51\x2a\xf0\x41\xec\x54\xfa\xd3"},
+{{0x06,0x8d,0x27,0xb2,0x1e,0x2a,0xcf,0xcc,0x19,0xc3,0xe9,0x67,0x3d,0xd4,0x41,0x42,0xd9,0x8a,0xac,0xae,0x89,0x49,0x30,0xe2,0x0c,0xa0,0x67,0x43,0x9e,0x74,0x9a,0x79,},{0xe2,0x2d,0xdd,0x39,0x6f,0x95,0x5b,0xb9,0x0e,0x28,0x47,0x76,0xaa,0x76,0xe9,0x21,0xe5,0x06,0x99,0xd0,0xca,0x89,0x14,0xa9,0xb7,0xb8,0x41,0xeb,0x5f,0xf4,0x7d,0x6d,},{0x0c,0x17,0x3c,0x48,0x8a,0xd0,0x01,0xcb,0xb9,0xc4,0x3d,0x7b,0x30,0xa7,0xc0,0x71,0xa2,0xfd,0xb0,0x8c,0xf7,0xf3,0x7d,0xaf,0x71,0xd7,0xae,0x71,0x28,0xdc,0x0d,0x43,0xf0,0xf0,0x95,0xb2,0x92,0x9c,0x54,0xb7,0x73,0xed,0x4a,0x1f,0x0b,0xf0,0xdc,0x4f,0x36,0x4f,0x06,0x01,0xe8,0xd5,0xae,0x06,0x2f,0x5b,0x78,0xc0,0x5b,0xfb,0xc7,0x02,},"\x1c\x68\x15\x42\x3d\x1a\x2c\x5e\xbe\x88\x28\xd1\x64\x65\x27\xc1\x7b\x20\x06\xe5\x47\xf0\x16\xb5\x35\x0f\x01\x0d\x79\xb1\x3d\xf4\xfb\x8c\x6e\xd5\x7b\xa9\xc2\x6c\x3c\xb0\xe0\xa6\x41\x78\xb6\x50\xa3\xea\x54\x44\xa4\xfa\xd5\xb2\x0a\x3e\xb8\xca\xa7\x02\x63\x40\x11\xcf\x78\x92\xa0\x72\x7b\x6e\x81\x50\xb0\x77\x04\x29\xa3\x7a\x8a\x0b\xb3\xa7\xed\xb8\x91\xa7\xc9\x02\x40\xbc\x03\x60\xb1\x4e\x6d\xd7\x70\xa9\x90\xb3\x1b\x31\xf3\x3d\xdb\xf6\x53\x98\x8f\x82\x74\x2e\x5e\xec\x31\xb2\x73\x68\xeb\x0e\x4f\x1e\xcf\x4d\x67\x6f\x49\x21\x4a\x52\x0d\x1e\x5b\x2b\xbb\x59\xac\x2e\x13\x26\x7e\x07\xa0\xcb\xac\xbe\xd9\xf9\x4d\x74\x73\xed\x69\x78\x28\xb0\x92\x8f\xcc\x61\x6e\xe0\x2e\x51\xfc\xd8\xdb\x4d\x8f\x75\x33\xb7\xb1\x39\xa0\x5e\x06\xf9\xe0\xea\xe3\x29\x93\xe3\x02\x5a\xef\x05\x90\xb3\xfb\xb4\x29\x2a\x3a\xc4\x07\x65\xe8\x58\x4e\xad\x00\x26\x6a\xcd\xcb\xdd\xe1\x45\x7a\x03\xb7\xd5\x7b\xd5\xc9\xe6\x4f\xb0\x6b\x64\xa5\x0f\x35\xf0\xa1\xec\x34\xb6\xdd\xbd\xe7\x67\xb9\x6f\xfd"},
+{{0xa3,0x4d,0x52,0x56,0x31,0x59,0xe0,0x72,0x3e,0x9f,0x3f,0xd1,0x33,0xbd,0x96,0xe2,0x0a,0xda,0xe6,0x23,0xf8,0xc7,0x98,0x01,0x3b,0xc3,0x6b,0x44,0x14,0x89,0xbd,0xc2,},{0x1f,0xb6,0x58,0xe6,0x45,0xde,0x6d,0x3e,0xfd,0xb0,0x83,0xa7,0x3f,0xbd,0x59,0x2f,0xcd,0x4b,0x80,0x0e,0x03,0xc7,0xbd,0x68,0x1a,0xea,0xe6,0x57,0x6b,0xfb,0xbe,0x2f,},{0x5f,0xab,0x5a,0x71,0x40,0xd4,0x78,0x73,0x68,0x43,0x05,0xaa,0x63,0x53,0xd3,0x86,0x2f,0x5f,0xc1,0x3e,0x54,0xa4,0x0c,0x95,0x63,0xcc,0xea,0xc8,0xf7,0x40,0x08,0xc6,0xc4,0x45,0x63,0x1f,0xa8,0x64,0xe0,0xf1,0xc3,0x45,0xb5,0x95,0x4f,0x80,0x05,0x6a,0xeb,0xa2,0x56,0x62,0xb7,0x88,0x27,0xb5,0xe8,0xe3,0xa9,0x43,0x78,0x13,0x72,0x0f,},"\x1d\x21\x5f\x85\xc0\x89\xf3\x5f\x30\x7a\x74\x6c\x66\xc7\xc1\xe4\x1d\x6b\xa3\x77\x30\xd7\x59\xe6\xe5\x62\x2d\x6c\x6a\x19\x8e\x40\xf6\x3d\x37\x87\x3b\x71\x5d\xf7\x51\x8b\x3c\x6b\xb5\xe9\x5a\x46\x77\x26\xb9\x7c\x9a\x0f\x8f\x5d\xfc\xdb\xfd\x1e\x0d\xe3\x57\x66\x1d\xde\xab\x55\x50\x42\xb9\x45\xfd\x89\x9f\xad\x6d\x38\x2d\x79\x17\xda\x9e\x12\xdf\xbd\xa0\xd6\x99\x00\xb3\x97\x51\x65\xa7\x3d\x0a\xc9\xde\x01\xfd\x30\x48\xb8\xfe\x5f\x0b\x90\xbe\x67\xe0\x3d\xc2\x2f\x65\x3a\x0a\x13\xeb\x4b\x0b\x75\x3f\x3f\x3b\xbf\x78\x73\x69\xeb\xd8\xbf\x5e\x00\xeb\x78\xbf\x0b\x35\x15\xa9\x1e\x68\xb1\xd5\xfc\x69\x20\xbf\x4f\x42\x59\xf8\xa7\x30\xef\xc7\xf1\x01\x6d\x50\x1e\xf6\xfb\x7c\xb8\x36\x6f\xc8\xe7\x16\xcf\xa5\x0e\xa8\xb2\x03\xcc\xa1\xa3\x16\x70\x7e\x0b\x0f\xc5\x7e\xaf\xce\x82\xd6\x2f\x7f\xf3\xae\x04\xac\x8f\xd0\x41\xb5\x5b\x19\xa3\x52\xa6\x9e\x6d\x4b\x79\xd0\xe6\x50\x17\x51\x68\xe3\x4f\xa3\x35\x8e\xac\x81\x6c\xec\xf2\xc8\xdd\x1b\xf2\xa5\x89\x11\x3e\x91\xbb\x81\x8f\x91\xf8"},
+{{0x58,0xdf,0xe7,0x68,0xbf,0x52,0x11,0x84,0x94,0xb2,0x99,0x75,0x15,0x4c,0xf4,0x52,0xbd,0x97,0x46,0xdc,0x7d,0xe1,0xd6,0xbc,0xd1,0x8e,0xe6,0xa0,0x5a,0xcf,0xd8,0x58,},{0x0f,0x14,0x76,0xc6,0xcc,0x2a,0x1b,0x47,0x64,0xaf,0x75,0x80,0x5e,0x77,0x34,0x1f,0x14,0xa0,0xd8,0xb0,0x9c,0x6a,0x5b,0x2e,0xa2,0x87,0xfd,0x51,0x7c,0x3f,0xa6,0xb9,},{0x97,0x71,0x37,0xa3,0x8a,0xf4,0x4f,0x4b,0x26,0x2a,0xbf,0xf7,0xe0,0x72,0x82,0x43,0x3c,0x58,0x92,0x6d,0x56,0x2f,0xbc,0x61,0x80,0xbd,0xe6,0xcd,0x94,0x97,0x86,0x1f,0xb6,0xd9,0x55,0xcf,0x38,0x3d,0x99,0x9f,0xa1,0x03,0x7b,0x8b,0x17,0x54,0xce,0x88,0x8c,0x9f,0xfc,0x15,0x60,0xa4,0x51,0xd0,0xe9,0xdb,0x8d,0x74,0xd2,0x94,0x06,0x04,},"\x60\x97\x94\x20\x1c\x4f\x6f\xaf\x48\x87\x90\xd6\x1d\xbf\xf3\xf4\x1b\x32\x8c\x5b\x06\x95\xcb\xe9\xaa\x8a\x13\x6d\x72\xb4\x97\x7b\x21\xb5\x00\xf2\x16\xe9\xf3\x21\x68\xad\xa8\xc1\x3b\xff\x25\x32\x76\x47\xe3\x0d\x8a\x24\x4d\x74\xd8\x83\x03\xab\xc9\x0b\x7f\x71\xaa\x07\xca\x04\xd1\x7b\xc8\xa0\x16\x7d\x6e\x63\xfb\x88\xba\xa1\xda\xb8\x1d\x50\xf1\xe9\x1f\x46\xf5\xaf\x77\xf2\xe8\x40\x8b\x82\x63\x36\xa3\x50\x52\xef\xff\xdf\x4a\xf7\x95\x96\xaf\x1b\xb2\x25\x9f\x83\xc1\xbc\x10\x9c\xfd\xc3\xdd\x50\xfd\x96\xd3\x10\xf2\x7e\xa4\xc6\xc7\x69\x0f\x21\x81\x5e\xa9\x2b\xd7\x93\x89\x68\x0c\xfe\x3e\xd4\x0c\x80\x18\x11\x90\x68\x8d\x24\x22\x2d\x9a\x1e\xd5\x2c\xe6\xa1\x6b\x41\xdb\xd9\x10\x7e\xb6\xd2\xe3\x59\x4e\x44\x94\xd7\x5d\xd7\xc0\x89\xe3\xb2\x6f\xfd\x00\xd1\x00\x3c\x92\xc4\xc3\x9a\xe5\x38\x2e\xf9\x29\x14\x91\xa8\x80\xca\x4e\xc3\xac\x2b\x86\xe6\x67\x19\xb9\x2b\x6f\x7c\xea\x2c\xb0\xbb\xb1\xcf\x62\x4d\x0d\x1a\xbe\xae\x55\x6e\x5f\x73\x90\x9d\xd5\x46\x27\x70\x37\xec\x97\x2f\xd4"},
+{{0x5a,0x63,0xef,0x9b,0xd7,0xdb,0xf0,0xe8,0x9f,0xef,0x15,0x59,0x83,0x65,0x9e,0x8a,0x0a,0x6c,0xa0,0x02,0xbc,0x42,0xfa,0xd5,0xa4,0x5a,0xf8,0xe0,0x28,0x19,0x23,0xf4,},{0xe6,0x32,0xf4,0xdc,0x99,0x42,0x31,0xcc,0x17,0x90,0xc2,0x1a,0xfa,0xda,0xa9,0x77,0xa5,0x89,0xb0,0xeb,0x0d,0xa1,0x9f,0xcb,0x27,0x92,0x91,0x1b,0x15,0xec,0xf8,0xaf,},{0x75,0x46,0x1f,0x99,0x65,0x0c,0x03,0x68,0x05,0x81,0x13,0xa1,0x5b,0xa1,0x6b,0xd2,0x33,0x7b,0x2e,0x63,0x3d,0xa3,0x81,0x12,0x87,0x8c,0x48,0x34,0xfa,0xc9,0xba,0x2e,0x30,0x7c,0x86,0x6c,0x02,0xaf,0x79,0xbe,0xa3,0x36,0x59,0x61,0x4c,0xbb,0x44,0x65,0xc5,0x7e,0xc3,0xef,0xfd,0x4c,0x47,0x8a,0xe3,0x8a,0x34,0xa0,0x5c,0xf1,0xed,0x07,},"\x79\x6b\xc8\x36\x1c\x6e\x8e\xec\x39\x83\x8b\x24\xf5\x39\x71\xe8\x20\xf8\x23\x61\xe0\x51\x0e\xb4\xde\xf1\xdb\x25\x12\x38\x7d\x6b\xf3\x5b\xbd\xfa\x31\x88\x79\x20\x94\x35\xd6\x88\x7b\x14\x10\xb3\xeb\xc1\x45\x5f\x91\xf9\x85\xe0\xfa\xb1\xce\x1c\x50\x5c\x45\x55\x76\xbc\xa0\x35\x39\xd0\x48\xad\x3a\x0e\xd1\xf1\x1c\x73\xba\xc6\x80\x9e\x2e\xa1\x47\x97\x5b\xee\x27\xc6\x52\x61\xac\xa1\x17\xdf\x0f\xae\x70\x08\xe2\xc3\xc1\x30\xbe\xc5\x53\x3a\xb8\x93\x51\xc2\x14\x0c\x9d\x1a\x62\xbd\xf6\x88\x62\x97\x87\xf9\x54\xe1\xc6\x10\xcb\xb7\x5e\xdb\x86\x20\x9d\x7c\x35\x7c\xd0\x6e\xf4\x19\x31\xdd\x5d\xfd\x1c\x7d\x40\x7f\xa4\xee\x1e\xf2\x93\x93\xbe\xab\x57\x13\x17\x38\x02\xcc\xe2\xd5\x62\x29\xcf\xa7\x6b\x60\x16\x62\xc4\xd9\xa8\x4a\x49\x36\xc5\x2a\xbb\x19\x81\x37\x8b\x71\x7e\xb5\x5c\xb6\x04\xa6\x8d\x34\xf0\x3b\x21\x9f\x32\x22\x6c\xa0\xe6\x69\x34\x8a\x2d\x8d\x24\x53\x93\x0e\xb6\xe9\xc2\xbf\x66\xfa\x4e\x92\xc7\x51\x36\xe1\x48\xcd\xb0\x34\x13\x0d\x3f\x64\x63\x82\xe1\xc7\x15\x79\xac\x70"},
+{{0x8b,0x2f,0x06,0x14,0x1e,0x40,0x11,0x63,0xf9,0x0f,0x67,0x4b,0x04,0xdc,0x90,0xdc,0xb6,0xdd,0x33,0x86,0x41,0x93,0x39,0x66,0x2e,0xcb,0x0d,0xff,0xad,0xf2,0x50,0x0b,},{0x54,0xda,0x93,0x4a,0x65,0x91,0x19,0x19,0x85,0x53,0xfd,0x45,0x66,0xb6,0x60,0xd8,0xd6,0x10,0xad,0xc3,0x29,0x0c,0xb8,0x48,0x29,0xc8,0x94,0x14,0x8c,0xf3,0xf6,0x7e,},{0xd6,0x8e,0x37,0x50,0xdc,0x56,0x43,0x23,0x97,0x40,0x1c,0x98,0xff,0x15,0x29,0xdb,0x9e,0xd4,0x8f,0xea,0x24,0x6d,0xd4,0xed,0x38,0x3e,0xc7,0x4c,0x1a,0x46,0x3a,0xeb,0x78,0x4c,0x87,0xb1,0xfd,0xa8,0xbb,0xce,0x97,0x0f,0xc9,0x7a,0xa9,0x80,0x7d,0xdb,0xe9,0x5d,0x41,0xfb,0x02,0x2e,0xa6,0x8c,0x1e,0x31,0x16,0x54,0xfa,0x1d,0xa2,0x07,},"\x1d\xeb\x25\xd4\x34\x58\x69\x03\x23\xa7\xd2\x6a\x26\x69\x50\x90\x99\x34\x74\xf4\x67\xc6\xfd\xe5\xdd\xb3\x4d\xa9\x45\xbe\x3c\xea\x2f\x6b\x75\x65\x2a\xe2\x1c\xbc\x4f\xd2\x27\x63\xa1\xb4\x55\x83\xe1\xc3\xe8\x8b\xbb\x5f\xea\x20\x49\xb7\x33\x6c\x91\x15\x99\x88\xc0\x15\x26\x82\x4c\xa3\xbe\xf1\x6b\x36\x2b\x92\x02\xb8\xb9\x75\x41\x85\xbd\x61\xbe\xa8\xf5\x39\xaa\xdf\x4a\x1a\xb1\x35\xfb\xc3\x1d\x2a\x8e\x33\x17\x80\x73\x10\x6c\xbb\xc0\x2d\x4c\xd0\xd3\xc8\xfe\xaa\x8e\xb7\x33\x08\x43\x56\x25\x17\x95\xaf\xbd\x78\xac\x3c\x4f\x8a\x3b\xa1\x9a\xed\x75\x5c\x64\x6f\x35\x56\x9c\x7a\x6c\x67\x5b\x6d\x69\x18\xe8\x34\x96\x9a\xca\x03\xf7\x1a\x2e\x72\xcc\xb1\x70\x03\xbb\x75\xb6\x2e\x85\x2a\xaf\x58\xb3\xba\xea\x89\xbc\xd6\x4a\x32\xeb\x14\xa6\xb9\xe1\x0d\xe4\x89\x71\xe5\x3d\x0e\x9a\xc9\x9a\x78\xf4\x2d\xe0\x38\x2e\xf0\xe8\x0e\xd3\xcf\xa3\x43\xf3\x5e\x4a\x99\x83\xb9\xae\xed\x98\x6d\x3a\x57\xf4\x7e\x5e\x46\xd4\x0e\x9d\x67\x73\x02\x80\x9a\x2d\x37\xe4\xec\x01\x1f\x05\x1b\x4d\x03\x1e\xd6\x00"},
+{{0xdc,0x64,0x9f,0xbb,0x1b,0xee,0x0a,0x44,0x81,0x4d,0x6d,0x9e,0x90,0x80,0xd5,0xd9,0x0c,0x1f,0xc1,0x73,0xab,0x5f,0xef,0xed,0x82,0x6a,0x74,0x72,0x3a,0x77,0x4e,0x0a,},{0x02,0x14,0xc8,0x9f,0x38,0x67,0xad,0x2e,0x88,0x70,0xe5,0x0f,0x8c,0x2a,0x62,0x54,0x98,0x6d,0x9c,0x22,0x0e,0x33,0x38,0x41,0x13,0x00,0xcd,0x9c,0x64,0x04,0xd4,0xb1,},{0x0e,0x0c,0x5e,0x4e,0x18,0x43,0x75,0xda,0x4e,0xf7,0xe2,0xa2,0xe4,0x88,0x80,0x50,0xcd,0x84,0xe2,0xfe,0x21,0xd0,0x8e,0x84,0xa8,0x52,0xdb,0x2b,0xe3,0xfb,0xc3,0x72,0xc4,0x72,0xde,0x09,0x54,0xdc,0xd1,0xdc,0x11,0xae,0xc4,0x93,0xc5,0x69,0xf4,0x0f,0xc6,0xf7,0x7f,0x03,0xee,0x52,0x4f,0xb0,0x6e,0xc4,0x0f,0xaa,0x1d,0x6c,0xc1,0x0f,},"\x32\x87\x00\xa8\xae\x58\x1c\x1e\xdc\x4e\x2c\x00\xc7\x8b\xf4\x60\x60\x97\xf9\xbd\x75\xaa\xde\x20\x5a\x24\x3c\x5f\xd7\x43\x4d\x62\x22\xda\x93\x7e\x28\x81\xa2\xe3\xc5\x74\x35\x6d\x4d\x56\x79\x30\x1d\xa9\x9e\x11\xcf\x74\x9c\x27\x92\x1c\x8c\xaa\x2a\xb2\xa5\x64\xd8\x7c\x5d\xf8\xec\xf1\xa7\x2b\x68\x01\x84\x82\x4f\x69\x86\x02\x2e\x3f\xc9\x8b\xd2\xa2\x1c\x34\x55\xab\xf1\x15\x49\x54\xfb\x30\xc8\x98\x82\x94\x7b\x02\xf3\x5a\xf7\xb1\xbf\xad\x05\x23\x7d\x24\x2e\x2b\x74\x83\x2f\xc5\x36\x19\x6f\x2e\x59\xd1\xac\xd0\xc1\xdb\x6f\x19\x43\xd0\xf6\x04\x3b\xbd\x6a\x76\x90\x83\xed\x66\xba\x0e\x05\xa5\x0f\xeb\x0a\xcf\x72\xb6\xc1\x6b\xa9\xaf\x03\x9a\xfb\x7f\xe2\xa4\xaa\xeb\x4d\x06\x18\x1c\x5a\x18\x78\x68\x9e\x67\xa3\xf5\xd0\xad\x39\xe7\x94\xd6\x23\x9a\x7e\x0a\x12\xce\x82\x0c\x5b\xe6\x0f\xd5\xf1\xdd\x79\x70\x2f\x49\xd0\x2b\x79\x75\x5f\xe8\x73\xf5\x78\x5c\x72\xf7\x46\x25\xcd\x7e\x24\x28\x26\x25\x97\xd3\x14\x82\xc2\xc0\x50\x88\x01\xfd\x96\x31\x9d\x61\xb9\x1b\xa2\x53\xa5\xe7\x22\xf4\x14\xcf"},
+{{0x39,0xb8,0x06,0x2d,0xa4,0x3e,0x64,0xe1,0x67,0x67,0x65,0xd6,0x2c,0x7f,0xb8,0xe0,0xa9,0x9c,0x4f,0xd4,0x17,0xd6,0xf7,0xe3,0x31,0x9b,0xb1,0x30,0x44,0x20,0x5f,0x3b,},{0x62,0x27,0xce,0xfe,0x88,0xea,0x4f,0xb2,0x7b,0x37,0xb5,0xf7,0x97,0x77,0x8b,0xd7,0x2f,0xda,0xfe,0xad,0xcc,0xd9,0xae,0xb6,0x7a,0xd4,0x37,0xce,0x08,0xfb,0xa6,0xa8,},{0xc5,0xf6,0x26,0x49,0x0c,0x0e,0xf4,0xe1,0xef,0xc3,0xed,0xeb,0x0c,0xbc,0x3f,0x7d,0xe2,0x67,0x05,0x7f,0xb7,0xb6,0xeb,0x8f,0x0c,0x81,0x35,0x84,0x96,0x5b,0xc5,0xc4,0x21,0xfe,0xed,0xf5,0x42,0x41,0xca,0xe0,0x01,0xec,0x6d,0x5e,0x25,0xc9,0xb1,0xfb,0xa0,0x38,0x5e,0x5d,0xbd,0x95,0xa0,0x6e,0xc1,0xd8,0xae,0x51,0x91,0x44,0x96,0x0d,},"\x74\x0a\xf6\x79\xe3\x06\x9f\xad\x05\x9f\xa4\x82\x5f\xa4\x1c\x59\xfb\xd4\x84\xaa\x64\x93\x03\xc2\x7c\x4f\x7a\x94\x71\x1c\x5b\x71\x3b\x2a\x6b\x89\x87\x85\x9e\x22\x71\xa6\xa7\x1e\xb0\xb4\xa1\x5a\xbd\xe4\xf5\x16\x8f\x6c\xb9\xdb\xdc\x6a\x27\xa2\xa1\x3d\x52\xc9\x72\x08\x96\xa1\xf4\xce\x3a\x53\x45\xee\x79\x3b\x6c\xc3\xad\x80\xd7\xd5\x81\x63\xd5\x45\x5b\x9c\xbd\x07\x3e\x2b\x7a\xdb\xff\x95\x59\x0c\x71\x72\x27\x1b\xd9\x1f\xef\xdb\xd0\x16\x57\xee\x17\x50\x65\x10\x36\xcd\xc3\x56\x0b\x44\x4c\xa2\x18\x4b\xf4\xf3\xea\x89\xfc\x97\x3a\xab\x6f\xb4\xa8\xee\x57\x04\xbb\xe5\xa7\x1c\x99\xfa\x3b\x5e\xf0\xd0\x39\x62\x49\x75\x82\x97\x69\x9a\xe2\x02\xb8\x19\x69\x0d\xc7\xac\x46\x92\x77\x03\x46\x90\x78\x45\xe2\x21\x0d\x53\x63\xad\xee\xc0\x3f\x0f\xc7\x76\x1b\x7e\x0e\xc0\xfe\xa1\xbc\xf6\xb0\x4f\xc5\x4b\x3e\x4c\x40\xd1\x9b\x8f\xa6\x49\xac\x84\x79\xe8\xf8\x07\x30\xc0\xc9\x4e\x9f\x4a\x1a\xd5\x06\xf2\xbc\xab\x0c\x49\x54\x0f\x6d\xec\xaa\x77\xb3\xd6\x57\xdc\x38\xa0\x2b\x28\xa9\x77\xec\xe4\x82\x54\x5a"},
+{{0x52,0xf4,0x67,0x5d,0x8c,0xcd,0x0e,0xb9,0x09,0xdf,0x0a,0x51,0x66,0x48,0xdb,0x26,0xfa,0x03,0x3b,0xa4,0x1d,0x43,0xfc,0x38,0x45,0x89,0x6d,0x45,0x6e,0x14,0x26,0x5f,},{0xf3,0x9e,0x7d,0xaf,0xc9,0x7b,0x0a,0x84,0xdc,0xbf,0x7f,0xa1,0x4a,0x94,0x03,0xee,0x1f,0xa9,0x2b,0x85,0xe5,0xa7,0xe5,0xd0,0x5f,0x03,0x1b,0x44,0xdd,0xf1,0xf7,0x94,},{0x4b,0xf6,0x68,0x82,0x7a,0x72,0x0a,0xf6,0x88,0x98,0xa0,0x6e,0xa7,0xb4,0x45,0x45,0xa3,0x4c,0xa8,0x96,0xec,0xf3,0x11,0xfe,0xea,0x47,0xe0,0x68,0x6d,0x91,0x1f,0xad,0xaa,0x03,0x11,0x89,0x97,0x15,0x3c,0x65,0x36,0x1f,0xea,0x15,0xde,0x9b,0xb8,0x91,0xb8,0x90,0x98,0x72,0x04,0x55,0x08,0xff,0xad,0x0c,0xd9,0xea,0xb2,0x1a,0x97,0x02,},"\x74\x42\x71\x10\x85\x7c\xb4\xaf\x0a\x33\x42\xc2\xb5\x29\x97\xbc\xe1\xa0\xdb\x64\x05\xc7\x4e\x96\x51\xc5\xb8\x59\x79\xac\xb0\x71\xe5\x67\xfe\x70\x41\x2c\x4e\x0d\x8c\x9f\xa4\x21\x91\x4f\x6a\x62\xf2\xae\x42\x0b\x7b\x2f\x4c\xf8\x0c\x90\x57\x42\x21\x22\x22\x88\xb6\x58\x67\xea\xa6\x6e\x7e\x0a\x05\x57\xa2\x6c\x54\x9f\x9a\x7a\x4e\x70\x83\x8b\xa4\x07\x4b\x4c\xd7\xa9\xd7\x58\xb3\x78\xb8\x8d\xd4\x94\x41\xdf\x80\x2a\x44\x4d\xcb\xc3\x06\x24\x93\x3b\x59\x92\x2f\x33\xc2\x0f\x01\x9f\xe7\x8e\xe2\x4b\x8f\xba\x79\xa6\x82\xf3\x88\x50\x5a\xc9\xc9\x7f\x4e\xb8\x7c\x61\x18\x80\x02\x6b\x4c\x23\x30\x6b\x86\x51\x73\xf5\xd7\x16\xab\xc6\xcd\x9a\x99\x06\xdb\x34\x30\x13\x6f\x75\x41\x29\xc4\x43\xb2\x0c\x42\xbe\x2f\xbc\xbc\xd4\x40\x34\xd7\x14\xf5\x8a\x4b\xa8\xe7\x56\x60\x7a\x02\xb6\x08\xef\x49\x64\x8f\x2a\xd0\xce\xa9\x9e\x7a\xb3\x0a\x8d\xd7\x81\x40\x04\xf7\x25\xf4\x93\x01\xd7\xb3\x04\xdc\xda\x62\x5c\x29\x6d\x92\x8c\xb5\x81\x73\x6a\xb7\x39\xc8\x6b\x46\x92\x41\xa8\x25\x93\x51\xfd\x37\xb4\x78\x0a\x99\x93"},
+{{0xba,0xd7,0x3c,0x9f,0xda,0x4c,0xeb,0x9d,0xa6,0xc7,0x01,0xc2,0xa6,0xe2,0xef,0xc0,0x46,0x7a,0xfa,0x0a,0x74,0xf8,0x75,0x0c,0x52,0xcf,0x1f,0xd4,0xc8,0xe7,0x48,0x9a,},{0xbb,0x0f,0x02,0x7a,0x90,0x35,0x37,0x6e,0x1a,0xa3,0x20,0x6c,0x3d,0x77,0x44,0x75,0xe3,0x51,0xf5,0x76,0x7e,0xf8,0x6e,0xf4,0x8a,0x72,0xc0,0x37,0xc2,0x4c,0xce,0x62,},{0x19,0x7d,0x6b,0x6c,0xc8,0x8a,0x98,0xc0,0x6d,0xfc,0xa0,0xc0,0x12,0x25,0xed,0xfe,0x38,0xa0,0xb2,0x28,0x9f,0x29,0xf8,0xa4,0x4e,0xc0,0x81,0x6a,0x95,0x2d,0x58,0x5e,0x2d,0x59,0xb5,0xb0,0x8d,0xe1,0x00,0xc0,0x60,0x62,0x96,0xcc,0xf5,0xe9,0x2a,0x99,0xe0,0x93,0x62,0x31,0x44,0xb8,0xb2,0x2d,0xb8,0x7d,0x92,0x92,0x25,0x54,0x60,0x05,},"\x74\xb9\x66\xcb\x78\x07\x71\xae\xe6\x3d\x73\x4d\xf3\x75\x67\x02\xd1\xd5\xfd\xed\xdf\x32\x13\x6c\x63\x58\xb8\x36\x31\x8a\x4f\x98\x4f\xe7\x1e\x77\x16\xad\xdd\xbd\x64\x9e\xba\x44\xcd\x42\x82\xe0\x05\x5d\x8c\x1e\xd2\xd3\x51\x23\xd6\x6e\x5a\x98\xf1\xc0\x83\x8d\xed\x56\x3b\x9a\x20\xeb\x80\x07\x53\x8f\xc7\xb0\x71\x3e\x7e\x48\x5e\x3c\x28\xf6\xeb\xc4\x21\xa2\x9d\xce\x25\x24\xdb\x7f\x29\x20\x57\x61\x03\x6a\xda\x62\xe5\xb0\xb7\xd5\xb7\xf2\x94\xff\x17\xf3\x38\x23\x2f\xa5\xfd\x42\xb6\xf7\x25\x33\x04\x09\x2d\x84\x8f\x50\x73\x52\x48\x59\x5d\xa0\xf7\xef\x28\xe5\x68\xe9\x91\x6b\xfc\x56\xd7\xed\x0d\x81\x1b\x59\xd5\xd8\x91\xae\x43\xe1\xb1\x98\x07\x13\x06\xbf\x52\x5c\x67\x8c\x63\x43\x99\x80\x05\xfb\xb7\x86\x9d\x1c\x40\xf8\xca\xc8\x07\xfe\x2e\xf0\x3f\x3d\x5b\x93\x3f\x58\x97\x8e\xf2\x90\x6f\xcc\xf7\x44\x4a\x29\x36\xe6\x3d\x92\x8c\x69\x09\x26\xc9\xc9\x94\xed\x3d\x66\x62\x63\xe9\x56\xfd\xfe\xa2\x77\x64\xbc\x5f\x74\x12\x5b\xc4\x6b\xc1\x02\xdd\x3e\x5f\xf9\x3b\x5e\x12\x3e\x4b\x38\xbd\xef\x69\x7e\x15"},
+{{0x70,0x73,0x27,0xa4,0x31,0xdb,0xa7,0x76,0x39,0xb3,0x96,0x6b,0x2b,0xc0,0x95,0xf8,0xee,0xdf,0x57,0xf7,0xa2,0x00,0xe3,0xb0,0x07,0x7c,0xe4,0x20,0x38,0x9c,0x92,0xfe,},{0xee,0x24,0x96,0x91,0x08,0x64,0x18,0x9f,0xda,0xa3,0xc7,0x75,0x7e,0xb3,0xcd,0xa9,0xab,0x1e,0x70,0xfc,0x9e,0x7f,0x71,0xa3,0x8a,0x0b,0xfc,0x84,0x59,0x31,0xc9,0x5a,},{0xfb,0x99,0x02,0x9f,0xec,0xa3,0x87,0xa5,0xd7,0x65,0x96,0x1e,0x36,0x1d,0x71,0x72,0xb9,0x8b,0x7e,0x0f,0x11,0x29,0x0b,0xb1,0xe5,0xb5,0x7b,0x51,0xbc,0x21,0x23,0xd0,0xbc,0xe2,0x90,0x20,0x39,0x2a,0x4f,0xec,0x9a,0xe6,0xa7,0x2c,0x4c,0x38,0x6c,0xea,0x18,0x57,0xcb,0x8f,0x9c,0x50,0xaa,0x9a,0x76,0xd7,0xf1,0x68,0x7f,0xcf,0x29,0x00,},"\x32\xef\x31\xb6\x4e\xee\x70\x0f\xca\x2a\xb2\x1a\x26\x7f\x8d\x9d\x3b\xdc\x68\x9c\x75\x38\xfe\x95\x9b\xf7\x13\xfa\x99\x5d\xb2\xc0\xad\x36\xdd\xe4\x30\xa8\x41\x7d\x43\x7b\x72\xc7\x4e\x26\xdb\xe3\x1d\x93\x70\x1d\x46\x17\xfe\x51\x82\x5c\xff\x7a\x54\x4f\xc9\xf4\x4e\x43\x45\xe1\x4b\x4b\x11\xe1\x5f\x26\xff\xc2\xaf\x80\x35\xf3\xf9\x70\xe4\xdd\xa4\x4c\x0e\xbc\x03\x63\xc2\xb5\x6f\xde\x21\x86\x63\xbf\x78\x83\x90\x92\x53\x8f\xc2\xf3\x91\x53\xd4\xeb\x29\xda\x0c\x1a\x08\xaa\x96\x66\x01\xcc\x68\xca\x96\xe9\x93\xb0\x1b\x17\x3a\x26\x1b\x2e\xf3\x27\x65\x03\x82\xf5\x68\xfe\x94\x48\x55\xb0\xf4\xfd\x9d\x15\xe7\x52\xac\x74\xdc\xfd\x37\xb3\x78\x6f\xff\xce\xf2\x33\x39\xc2\x1e\x92\x70\xdc\xe8\x89\x1d\xd5\xee\xeb\xa9\x60\x8f\xdc\x7b\x6f\xbc\xc9\x9f\xa1\xb5\x90\x3d\xaa\x09\x68\xe1\xb6\x91\xd1\x9d\x06\xf2\x15\xde\xd0\x47\xef\x9d\x76\x61\x0f\x5d\xe2\x20\xf5\x04\x1b\x31\x3f\xaf\x9e\x96\xc9\xfd\x7d\xb5\x4b\x52\x25\x72\x6a\xf4\x35\xf9\xcb\xd9\xfd\x87\xab\x40\xce\x8f\x2c\x69\x40\xb5\x5f\x0f\xaa\xe8\x78\x50\xca"},
+{{0x6a,0xa5,0xc9,0xf0,0x08,0xf9,0x90,0x47,0x3b,0xa4,0xa6,0x28,0x6a,0x41,0x66,0x14,0x02,0x66,0x61,0xf1,0x1e,0x1a,0x24,0xef,0xa8,0x1a,0xc3,0x58,0x52,0xd1,0xd0,0x70,},{0x60,0x5a,0xc9,0xb4,0xdb,0xdd,0x50,0x33,0xd6,0xc8,0x28,0xbf,0xaf,0xa9,0x3c,0x00,0x39,0x44,0x0a,0xa1,0x1c,0xa7,0x24,0xae,0x83,0x40,0x43,0xe0,0x7b,0xd0,0x32,0xd5,},{0x97,0x56,0x30,0x3b,0x90,0x65,0x5e,0x93,0x52,0x51,0x03,0x2a,0xb1,0x9c,0xfc,0x95,0xca,0x1c,0x2a,0x2c,0x3e,0xa2,0x8b,0x03,0x3b,0xd4,0x70,0x66,0xcb,0xd4,0xc7,0xd8,0x98,0x2a,0x8b,0x98,0x86,0xf1,0xb9,0xcd,0x02,0xe8,0x8a,0x65,0x56,0x4d,0xa8,0xdc,0xc3,0x4f,0x30,0x8b,0xa9,0xf1,0x01,0x44,0xba,0x46,0x9c,0x2e,0xfa,0x49,0xe0,0x04,},"\xb5\x16\x5d\x39\x63\xf6\xe6\xf9\xea\x56\x57\xe9\xf0\x7f\xf3\xa3\x21\xeb\x33\x8f\x9a\x8c\x3d\x3c\x42\x30\x6b\x2b\x27\x89\x78\xb3\x1c\x62\x3a\x63\x1b\xe3\xb0\x4c\x41\xed\xfd\xed\xdf\x53\x8e\x1b\x76\x5b\xc8\x78\x54\x01\xc1\xaf\x29\xd0\x46\x7a\x64\x41\x1c\x49\x73\x95\xd7\x55\xdc\xa0\x3a\xe3\x27\x2f\x4b\xc1\xfb\x19\x18\xdc\xc1\xed\x6f\x04\xd6\x49\x84\x04\xa8\xce\x14\x09\xd4\x47\xf5\x70\xa4\x35\x95\x22\xcc\x54\x62\x92\x02\xeb\xe5\x07\xab\x69\x38\x43\x14\x1b\xd5\xea\x05\x73\xb2\x0f\x32\x1a\x48\x3f\xf3\x83\xa4\x68\x97\xf5\x92\x6f\xe0\xb8\xaf\xc2\x55\x72\x70\x7b\x63\xee\xed\x28\x35\x32\x92\x8a\x41\x44\x19\x64\x97\x94\x2c\x57\x2a\xc5\x47\x60\x51\x39\x25\x6b\x0a\xa0\xea\xf0\x4d\xb1\xa2\x56\x01\x2e\xd4\x53\xb1\x73\xee\x19\xad\x6e\x9b\x1a\xf3\xf4\x5f\xf3\x04\x4a\x64\x1f\x8c\x8e\xb0\xac\x7b\xb4\x5a\xbb\xde\xd4\x72\x86\xb2\xa0\x69\xd3\x90\x86\x94\xee\x06\xf2\xfb\xd0\xef\x60\x5a\x79\x11\x02\x6e\xa9\xea\x3c\x49\x13\xf3\x8c\x04\xd8\xb6\x95\x65\xa7\x02\x78\x67\xab\x30\x92\xd0\x5f\x4c\xfb\x18\xfc\x7c"},
+{{0x8e,0xfb,0x8b,0x79,0x74,0x2b,0xe2,0x1e,0x6d,0x31,0xde,0x67,0x8b,0xc8,0x14,0x50,0xba,0x86,0x21,0x08,0x2c,0xd6,0xf0,0x00,0x3e,0x22,0x86,0x1e,0x22,0x91,0xc4,0x81,},{0x33,0x38,0x1e,0x35,0x6c,0x4f,0xd3,0x86,0xa3,0xf7,0xb9,0x69,0xaf,0xd9,0xf5,0xc0,0x0d,0x20,0x67,0xb6,0x98,0xb3,0xf1,0xf0,0x0f,0x37,0x84,0x20,0x2d,0x30,0x84,0xcf,},{0x92,0x30,0x05,0xcb,0x48,0x48,0x40,0x2a,0xa8,0xf9,0xd5,0xda,0x74,0x03,0x0b,0x00,0x94,0x44,0x92,0x4c,0x21,0x4a,0xd6,0x00,0xdd,0xba,0xb4,0xc1,0x53,0xa6,0xff,0x02,0x2b,0x53,0xcf,0x63,0x64,0xcd,0x7e,0xe9,0x9b,0xef,0x34,0xfe,0x14,0x4d,0xa9,0x64,0xed,0xfc,0x38,0xa0,0xba,0x63,0x33,0x12,0x65,0x0e,0xbf,0x0e,0x55,0xa0,0x60,0x09,},"\x6b\x75\x03\x25\xd3\xa0\xf0\x8a\x14\x77\x00\xb5\x1a\x9b\x37\x25\x57\x10\x94\x81\x8e\xd6\x9d\x1f\x76\x10\x13\xeb\x86\xf3\x23\xf7\x3c\x49\xf5\xe4\x39\x87\x7c\x27\x83\xb3\x36\xd1\xf1\xa6\x74\xef\x3e\x43\x1f\xc1\xae\x01\x80\x08\x2d\xf5\xfc\xa6\x9f\x84\x81\x39\xfe\x6a\xb6\x73\x9a\x05\x92\xeb\xd6\xd4\x70\x5c\x7f\x01\x36\xb2\x21\x89\xa1\x1d\x60\xd4\xd3\xc9\xbc\x80\xfe\x7d\x7c\x00\x95\x2d\x57\x42\xf9\xc0\xc2\x12\x1f\xe7\x92\xdf\x13\x3f\x22\x1d\xb9\x91\xfc\x96\x0e\xe6\x4b\x9d\x32\xe0\x17\x8e\x54\x2b\xce\x8e\xfa\x8d\x03\xac\x80\x26\xcd\x77\xba\x8b\xf0\xb2\x42\x15\xb9\xfa\xed\x2e\xae\xc9\x20\xe9\x25\xd5\xec\x46\xff\xf6\xbd\xe7\x25\xe9\x1c\x82\x80\xe4\xad\xa2\x32\xa5\x43\x3a\xe9\x68\x0e\xbb\x53\xeb\x55\x55\x31\x47\xc9\x33\x70\x57\x48\x54\x89\x61\x54\x51\x42\x99\xc0\x93\x21\x9a\x11\x1d\xca\x4e\x63\x7a\xd5\x00\x13\x38\xc6\xd4\xd5\xee\x90\x98\xc6\x58\x32\xf7\xaf\x83\x5b\xcb\x62\x21\x28\x42\x30\x36\xc7\x9a\x57\x37\x73\x8a\x75\x39\xf8\xd4\xa6\xb8\xb2\x21\xb5\x6d\x14\x01\xae\xb7\x4d\x45\x71\xbc\x00\x9d"},
+{{0xed,0x04,0x6d,0x68,0x8b,0x2b,0x0a,0x1b,0xc3,0xda,0xf2,0x11,0x9d,0xd3,0x21,0xa6,0x07,0xb1,0x6d,0x2a,0x2d,0x1d,0x96,0x3a,0xdd,0x12,0x09,0xc6,0x65,0xb5,0xcc,0xba,},{0x87,0x34,0xf1,0xff,0xcb,0xd7,0x1c,0xfd,0xe2,0x90,0x01,0x7e,0xa6,0x25,0x3e,0x58,0x0d,0x59,0xe6,0x5b,0x54,0x1b,0x46,0x52,0x1f,0x5e,0x5e,0xc1,0x45,0x1e,0xae,0xc6,},{0x72,0x1b,0xfd,0x47,0x76,0xcf,0xba,0x13,0x33,0x0f,0xd3,0x72,0x69,0xe9,0x79,0xc1,0xd7,0xb6,0xce,0x54,0xa5,0x1b,0x82,0xf4,0x56,0xe1,0x37,0x37,0x8e,0x58,0x2f,0x19,0x2a,0x12,0x08,0x9d,0xa5,0xab,0xa7,0x6a,0x7b,0x16,0x18,0x13,0xdc,0xe5,0x6b,0x72,0x89,0x2a,0x35,0x33,0x0c,0x94,0xf7,0xff,0x21,0xd0,0x9c,0xf0,0x9e,0x55,0x35,0x04,},"\xb9\xcc\x90\xfd\x8d\xe2\xa1\x41\xf9\x51\x16\xdb\x3b\x04\xbe\x83\xe9\x85\x22\x59\x7e\xc2\x17\x49\x64\x24\x51\x80\xb9\xa4\x73\x76\x7d\x6d\x47\x0a\x21\x7d\xb5\xff\x5a\x1a\xb7\x77\xe1\xe2\x8a\x0b\x16\x97\x5e\x2b\xac\xb8\x73\x02\x04\x44\xb4\x7e\xd8\x32\x64\x21\xb9\x0e\xbb\x50\x36\x88\xf0\x90\xc1\x1b\x3b\x13\x61\x7c\x5c\x50\x52\xc2\x97\xa4\x1e\x28\x93\x77\x5e\x34\xd5\x9a\xda\x49\xd9\x94\xc0\xe4\xa9\xf5\x22\x0e\x9f\x03\x15\xa6\x77\x05\xa3\xec\x08\xaf\x0d\xc7\x24\xb5\xcf\x67\xff\x34\xfa\xda\x8b\xa7\x10\x9e\xd2\xb5\xa8\x90\x7b\xb4\x03\xfb\x1a\x83\x8b\x4b\x05\x9f\x18\xc7\x92\xd7\xbf\xec\x05\xde\xe0\xc9\xcb\xbf\x17\x53\x40\x9d\x7d\xb3\xac\xea\xf4\x7b\x4c\x61\x39\x84\x97\xb0\xec\xa6\xc1\xf8\xac\x08\xa7\xea\x1e\xb9\xc4\x0b\xc4\xe9\x2e\x88\x82\x12\xf7\xd9\xee\x14\xfd\xb7\x31\x58\x16\x09\x44\xff\x9b\xcd\xfe\xf1\xa7\x46\x9c\xc7\x0f\x94\x74\xe5\xf2\x4d\xff\xfe\xa5\x85\xf0\x9e\xaa\xab\x4b\xe2\xaf\xeb\xbe\x8e\x6c\xf8\x6d\x35\x68\x0d\xc5\xd1\xb9\x29\x13\xe8\x48\x25\x6e\xc7\x36\x31\x6f\xd0\xa2\x14\x20\x63\xb0"},
+{{0x76,0xac,0x8e,0x57,0x0a,0x39,0xb3,0xa0,0x23,0x2c,0x45,0x49,0x75,0x37,0xfb,0x21,0x55,0xac,0xec,0x36,0x17,0x86,0x5e,0xd1,0xdf,0x21,0x0f,0x00,0xb4,0x9d,0x1b,0x8d,},{0x31,0x2a,0x3a,0xd8,0x99,0xae,0x6a,0x25,0x50,0x7a,0xe6,0xe4,0x52,0x4e,0x10,0xb6,0x3a,0x6e,0x7a,0xe5,0x3d,0x9c,0xff,0xd3,0x9c,0xf2,0x85,0x21,0xd9,0x35,0x33,0xd6,},{0xcf,0x03,0xf5,0x25,0x91,0x3c,0x44,0x30,0x3b,0x2f,0x80,0x07,0x93,0x93,0xc2,0x1c,0x11,0x58,0x14,0x6e,0xcf,0x99,0x63,0x6f,0x5d,0x97,0xad,0xfd,0xd9,0xf3,0x58,0x39,0x80,0x4c,0x23,0x80,0x4c,0xbf,0x1e,0x55,0x3c,0xfd,0x4b,0x73,0xf6,0x89,0xa9,0x14,0x3a,0xec,0x29,0x8f,0x82,0x76,0xe1,0xe4,0xee,0x08,0x91,0xf1,0xba,0x75,0xde,0x04,},"\x53\xce\xd9\xdb\x2b\x47\x9e\x59\xd3\xed\x64\x3f\x7c\xc3\x78\x4c\x24\xb8\xbd\x4c\x63\x20\x6c\x72\xe2\x3f\xa8\x50\x02\x88\x99\xa4\x1c\xe1\xa8\xbd\xc0\x03\xf1\x2b\x7c\x29\x97\x2c\x9a\x08\xbc\xd2\x31\xfe\x0e\x1a\x0f\xef\x0b\xaf\xbf\xa4\xe0\xe0\x27\xd7\x20\x04\x07\x5b\xa3\x7d\x49\x0e\xb9\x96\x4e\x78\x3b\xb9\x8f\x9e\x50\x3e\x9c\x1f\xd3\xd2\x3f\xb0\x01\x7c\xc7\xc7\xa9\xf8\x6d\x17\x1f\x04\x1e\x23\x55\xd8\xc5\xe6\x22\x9d\x34\xc7\xee\xac\xb6\x35\x8c\xf3\x06\x0d\x5d\x26\x5b\xae\x20\x04\xa5\x58\x87\x86\x59\xa3\x0d\xfe\xd5\xf2\xec\x78\x8b\x4e\x14\x39\x7b\x5d\x00\xc2\x9d\xb5\xd4\xeb\xf1\x66\x39\xa8\xdf\x29\x2a\x3d\x24\xf6\x98\x3c\xbc\xa7\x60\xd9\x03\xe9\x76\xf5\xb6\x98\x64\x2b\xa1\xfe\xd4\x9e\x79\xc3\x8f\x4b\xb3\x94\x6e\xfc\xcc\x9d\x6a\xef\xad\x33\x6d\x55\x8f\x78\xe4\xf2\x05\x42\x2e\x10\x38\x4a\x4e\x53\x1e\x75\x80\x7e\xfb\x38\x9d\x2a\xf4\xca\xb4\x38\x25\xfb\x87\xf1\x96\xa9\x08\x07\x69\xfe\x75\x85\x78\x29\x70\xa6\x91\x8a\xff\xe1\x0d\x20\xd6\x29\xb7\x05\x84\x55\x97\x41\x8d\x69\x9d\xe3\xf1\xde\x85\x4f\x94\xbd"},
+{{0xf6,0x4a,0x66,0xba,0x0f,0x08,0x19,0xf3,0x00,0x14,0x16,0xc2,0x20,0xbf,0x52,0xd8,0x60,0x13,0x0a,0x19,0x76,0x4a,0xa8,0xab,0x38,0xd1,0x5b,0x2a,0xa7,0x5a,0xc0,0x22,},{0x81,0x25,0x25,0x3c,0xd3,0x37,0xe0,0x0d,0x45,0xb4,0x50,0x79,0xb5,0x85,0x34,0x95,0x61,0xe5,0xf5,0x42,0xa8,0x1f,0x6d,0x2f,0xcf,0xd9,0x85,0xc1,0x0f,0xea,0xb2,0xaf,},{0x4d,0xe6,0xf5,0x25,0x08,0x22,0xd7,0xc9,0xd5,0xbb,0x98,0x58,0x25,0x00,0xb5,0xc0,0x85,0xf5,0x41,0xeb,0xdc,0x45,0x0e,0xd1,0xac,0xaf,0x83,0x68,0x48,0x27,0xed,0x1d,0xc7,0x71,0x47,0xaa,0xe4,0xb1,0x9e,0x14,0xa7,0xdc,0x5b,0xbe,0x1f,0x1e,0x4f,0x57,0x71,0xd8,0xa6,0xe4,0xf2,0x35,0x17,0x39,0xaf,0xb0,0x8c,0x80,0x6d,0x55,0x87,0x01,},"\x80\x72\x86\x2e\xd0\xab\x35\x92\x1d\xb5\xec\x2c\xba\x8e\x6a\xed\xb0\x44\x1f\xdf\x47\x49\x10\x06\xc0\x1e\x64\x56\xad\x70\xfa\xe3\xc4\x15\x2d\xcf\xbf\xdb\xb8\xf0\xfd\xde\xc5\xe9\x6b\x12\xbf\x67\x98\x9b\xa9\x67\x93\xf4\x86\x1a\x11\xb6\x39\x09\xce\x8d\x19\xb8\xca\x64\xa5\x44\xb3\x1c\xe0\x51\xfb\xc8\x8e\x06\x28\x06\xd9\x96\x5c\xbd\x29\x67\xb0\x16\x14\xe8\x6b\x53\x2f\xbf\x59\x84\x32\x18\xdc\x9c\x19\xc8\x03\x15\xf0\x44\x73\x17\x19\x37\x10\x92\xa3\xda\x38\x87\x8b\xc4\xcf\x77\xde\x97\x2e\x86\x04\x66\xb8\xfc\x45\xe4\x65\xdc\x3d\x0e\xbf\x94\xbd\xea\x60\xef\x0b\x98\x91\xce\xd4\x1b\x99\x7b\x11\xb3\x1e\xe4\x16\x7d\xb6\x0c\x9c\xfc\x8b\x85\xbe\xac\xfe\x22\x3c\xc1\x82\x92\x13\x77\x40\x85\xd7\xc0\x6d\x2b\x2e\x63\x2c\xc2\x1c\xd9\x66\x0d\xf4\x7c\x4f\xa9\x18\xbd\xd5\x96\xdd\xf6\x22\xdc\xb6\x52\x64\x2b\x67\x52\x7b\xa8\xed\x15\xa8\x19\xa8\xe2\x1f\x48\xd7\xee\x70\x24\x7f\x52\x00\xe3\x7c\x25\x9d\xff\xd1\x7e\xec\x8c\x23\x2f\x97\x0c\xb0\x31\x82\xfe\x39\x64\x13\x29\x93\xf6\xec\xb7\xc4\xdb\x18\xcc\xef\x39\x0c\x9e\xb3\x63\x9e"},
+{{0x84,0x39,0xb1,0xd6,0x0a,0xa4,0x84,0x60,0x13,0x5e,0xb1,0x00,0x2c,0xc1,0x12,0x79,0x29,0x95,0x07,0x9a,0x77,0xe6,0xe8,0xab,0x02,0x0b,0x9a,0xba,0xca,0x89,0x20,0xb4,},{0xea,0xdc,0x3e,0x0c,0x5b,0xdd,0xbc,0x30,0x52,0xc3,0xb2,0xf8,0xb0,0xa9,0x45,0x66,0xc2,0xb2,0xc8,0x79,0xed,0x17,0x03,0x4a,0xc0,0xe6,0xa4,0x5f,0x2b,0x3e,0x32,0xd2,},{0x62,0xda,0x81,0xe1,0x64,0x40,0x82,0x1b,0x59,0x3b,0x6e,0xe6,0x54,0x0e,0x15,0xd1,0xae,0xa7,0x5d,0x23,0xe0,0xa1,0xbb,0xfe,0xdc,0x80,0x8c,0x95,0x48,0xf8,0x7e,0x8b,0xbf,0x36,0x91,0x5a,0x39,0xa7,0x47,0x16,0xf6,0x45,0xcc,0xa5,0x71,0x4d,0x17,0x0a,0xf9,0x07,0x57,0x6d,0x4f,0x37,0x05,0xe5,0x43,0xd2,0xad,0xdd,0xc5,0xff,0x23,0x03,},"\x54\x19\xf6\xd2\x4e\xb4\x66\x35\xd4\xa7\xf8\xea\xb8\x03\xcf\xd0\xd0\x4d\xe0\x92\xaf\xbd\x86\xf2\xa6\x96\x1a\x8d\x1e\xb8\xc0\xd1\x97\xba\x55\xee\x08\xc9\x91\x82\x2a\x5a\xa7\x02\xba\xe0\x33\x7a\xbd\x5c\xa7\xfa\xa1\x5e\x1f\x1a\xe3\x69\x94\x6e\x9b\x81\x21\x6c\x0f\x5f\xc2\x2b\xbd\x44\x33\xc3\xde\x93\xc5\xca\xa2\x74\x16\x83\xbb\xd0\xe1\xa7\x8d\xf2\x8d\xda\x19\x17\x41\x01\x87\x63\x34\xd4\x03\x39\x65\x9f\x02\x1a\xe7\x66\x16\x2c\x6c\xc5\x42\x1b\x79\xcf\x9d\x5c\x09\x0e\xd4\xaf\x07\xec\x84\x49\x30\x35\xbd\x0b\x24\x21\xb5\x33\x68\x42\x95\xbb\xe7\x6a\x70\xfe\xc5\x96\xef\x8c\x89\xc5\xc9\xdd\xa3\xc3\x3b\x77\x35\xd2\xd2\xf2\x0b\x28\xf1\xa5\x40\x2e\x72\xd0\x4b\xa2\x91\xdd\x59\xf1\x4a\xf0\x8a\xdf\x56\xee\xb0\x86\xd7\x69\xc6\xbe\xc3\x45\x18\x91\x37\x23\x45\xfd\x6b\xd0\x2d\xcf\x95\xe8\x03\xaf\x03\x53\x15\x0e\x18\x2e\x32\x3a\xaf\x68\x3e\x03\x6d\x9a\x13\x5d\x2e\x6f\x98\xcb\x4d\x32\x7e\x2c\xe7\xd5\x42\x47\xf3\x59\x2e\xd0\x67\xb4\xce\x76\x27\x17\x4f\x99\x6f\x28\x16\x5c\x9c\x11\xf0\x7e\x5e\xe9\xce\xe6\x38\x51\xc6\xb6\x8e\xa2"},
+{{0x3a,0x04,0x63,0x97,0xf0,0xaf,0xc0,0x72,0xbc,0x7f,0x90,0x7c,0x74,0xd3,0x8f,0xd1,0xb9,0xaf,0xdf,0x27,0xe1,0x4a,0x35,0x34,0x76,0x8b,0x0d,0xd2,0xdf,0x3a,0x1c,0x22,},{0x99,0xcd,0x70,0xef,0x3b,0xe3,0x42,0x49,0x33,0x93,0x87,0x2f,0x54,0xc4,0x7d,0xea,0xa0,0x81,0x02,0x18,0x92,0xd1,0x1a,0x32,0x68,0xf3,0x14,0x5e,0xd4,0xf3,0xab,0xe5,},{0x50,0x24,0xce,0x60,0x25,0x79,0x65,0x68,0x70,0x80,0xc5,0xb1,0xfc,0x7d,0x13,0x01,0xc3,0x2a,0xa6,0xfc,0xc8,0x35,0x49,0x7d,0x9c,0xb2,0x3a,0x74,0xa6,0xca,0x27,0x24,0xf5,0x53,0x53,0xc1,0xb7,0x57,0x82,0x7c,0xa5,0x44,0x0c,0x9e,0xf8,0xf8,0xc1,0x05,0x09,0x13,0xe2,0x0a,0xab,0xec,0x35,0xc4,0x97,0xb5,0x60,0x41,0xb5,0xde,0xb2,0x09,},"\xf0\x8d\xde\xf4\x6c\xc6\xc3\x41\x79\x82\x0c\x98\x61\x37\x51\x72\xfd\xdf\x77\x4f\x8d\xc3\xf7\xd6\x4a\xa4\x32\xda\x8e\x5f\xae\x64\x4c\x0a\x8a\x9e\x69\x08\x51\x7d\x50\x5d\xeb\xd6\x12\x86\x8a\xc6\xda\xf9\x5c\xd7\xe1\x69\x97\x50\x02\x2c\xcd\x4b\x88\xdb\xae\x2b\xbf\x73\x54\x6e\xe4\xb8\x35\xd3\x19\xa8\x42\xda\xe8\xb9\xed\x68\x33\x23\xf3\x1e\x5c\xc5\x79\x19\xbc\x9d\xbe\x3b\xcf\xff\xb2\xad\xa4\x80\x72\x69\x7f\xf4\xa7\xd3\x10\xc9\x1a\xdb\xca\x81\xfa\xf2\x6a\x0e\xb7\xbb\x0c\x40\x4a\xc9\xd8\xdf\xec\x63\xe9\xc6\x4e\x2f\x42\x0c\x07\xd3\x23\xb7\xc0\xdc\x3b\x73\x50\x72\x83\xae\xb1\xce\xe5\x1d\xb4\xe1\xa8\x3a\x69\x2c\x7c\x1e\xa3\x98\xf6\xf3\x09\x40\xfa\xb8\x5e\x21\x38\xd4\xb8\x5a\xa4\xe2\x31\xe5\x42\x4f\x5b\x06\x4e\xd0\x26\xf0\xcc\xb9\x9d\x1c\x85\xa9\xeb\x15\xf5\x93\x4a\x11\x35\x9d\x41\x1c\xf9\x4a\xe8\xff\xa3\x36\x1a\x22\x4f\x46\xba\xb8\x52\xd1\x84\xa2\x48\xb4\xc3\x1f\xe3\xa7\xe7\xf5\x13\x4c\x05\x10\x31\xa9\xf3\x28\xa7\xbe\x4a\x7c\xbb\xb1\xd8\xd8\x63\xa4\x00\xfd\x2d\x58\xda\xa4\x4f\x1b\x9d\x8e\x9d\xdf\x96\x1c\xe6\x32\x2f"},
+{{0x12,0x4f,0x74,0x16,0xa8,0x04,0x53,0xe4,0xcf,0x1c,0xd7,0xb5,0xe0,0x50,0xa9,0x76,0x14,0x18,0x25,0x8b,0xf7,0xd2,0x7b,0xeb,0x7f,0x23,0x23,0x8c,0x45,0x40,0xbe,0x2d,},{0x0d,0xa3,0x4a,0xb1,0x73,0x99,0x01,0x50,0xdf,0x73,0x99,0xb6,0xbc,0xdd,0xba,0x93,0xc6,0xdb,0xcb,0xf4,0xd1,0x76,0x94,0x1c,0xb5,0x07,0x1e,0x87,0x34,0xc5,0xdc,0x92,},{0xb0,0x57,0x21,0x04,0xaa,0x69,0xe5,0x29,0xe3,0x46,0x5a,0x6f,0xd2,0x8f,0x40,0x4a,0x4e,0xc2,0x02,0x76,0xa9,0x93,0xb1,0x72,0x5e,0xb8,0xc5,0xf6,0x50,0xb4,0xa2,0x16,0xf1,0x87,0x1b,0x24,0xe3,0x68,0xcc,0x46,0xcd,0x1e,0xe0,0x17,0x4c,0xda,0x1b,0x5e,0x4a,0xe2,0x20,0x0a,0xa9,0xfc,0x44,0x52,0x2d,0x97,0x5a,0x9c,0x51,0x81,0x49,0x08,},"\x9d\xcb\x98\x73\xff\x05\x4d\xb1\x1d\x0a\x9b\x19\xde\x68\x85\xff\xba\x7f\x0e\x68\x1c\xf7\xfb\x8f\x6c\xd9\x50\xc4\x83\x28\xd1\xf9\x19\xca\x46\x05\x4e\xee\xe6\xc9\xe5\x78\x43\xeb\xdd\xa7\xb2\x4b\xc3\x50\x3c\x4d\x61\x2a\xbb\x1a\x31\x4f\x39\xf5\x82\x21\xd2\xb5\x4d\xc7\x55\xac\xca\x79\x69\x74\x0e\x7f\xa8\xb1\xa9\x52\x3b\x8c\x73\x79\xfd\x39\x52\x53\xf4\xe6\xcd\x05\x4e\xe2\x4b\x75\x61\x3c\x35\x81\xd4\x9e\x19\x24\x6a\x7b\x3b\xe1\xce\xcb\x33\x4b\xe4\x4f\x3d\x62\x6f\xe3\xb7\xb2\x69\xe6\x28\xd4\x45\x80\xc2\x06\x36\xeb\xa2\x64\x2f\x27\x44\xb9\x59\xe6\x57\x57\xd0\xee\x60\x18\x43\xf1\x88\xe9\x5d\x17\x25\x3f\xef\x56\x70\x68\xa5\x40\x5a\x3a\x9e\x67\x7f\xea\x3d\x7d\x55\xf7\xea\xd1\x9a\x3f\x30\xc5\xf9\x85\x67\x1b\x55\xfa\x12\x0c\xb9\xd0\x5f\x47\x1b\x6e\x1e\x8d\x77\x9a\x2c\x80\x3a\x19\xe6\xd0\xd7\xcd\x50\x78\x87\xed\x64\x7c\x2a\x95\x48\x3f\x93\x39\x91\xed\x45\xae\x30\x1a\x2b\x0e\x95\x4a\x57\x03\xd2\x48\xc7\x88\x10\xaa\x0b\x19\x9c\xc2\xbe\xbb\x2f\x1d\x71\xcc\x40\x48\x7d\xbd\x42\xee\xe0\xf7\x45\xf7\xd2\x85\x68\x5b\x1f\xb3\x1b\x15"},
+{{0x25,0xd1,0x3b,0x38,0x37,0x60,0x1b,0x07,0xa9,0x75,0x69,0x3e,0x5a,0x33,0xd5,0x33,0x7c,0x34,0xc1,0x12,0x7f,0xe4,0xc2,0x74,0x90,0x61,0x2a,0xaf,0x7f,0x64,0x2e,0x9a,},{0x3a,0x07,0xcd,0x68,0xee,0x26,0x92,0xd5,0x1c,0xfa,0xd1,0xa8,0x0e,0x77,0x63,0xb1,0x8a,0x04,0x3c,0x74,0xf4,0xe1,0xb0,0x1e,0xdc,0x55,0xba,0x9a,0x9e,0x07,0x79,0x5a,},{0x20,0xcb,0xf0,0x83,0x92,0xfe,0xa6,0xa9,0x9c,0xf4,0x46,0xa9,0x5c,0x19,0x9c,0xaa,0x0c,0x0f,0x98,0x13,0xcc,0x21,0x7b,0x8d,0x22,0x8e,0x2e,0xd9,0x0b,0xab,0x95,0xea,0x92,0xcd,0x73,0xac,0x95,0x83,0x47,0x64,0xd3,0x3e,0x42,0x24,0x3c,0x80,0xa7,0x60,0x34,0x91,0xc8,0xd3,0xe4,0x9a,0xc7,0x15,0xfd,0x8a,0x5b,0x9e,0x47,0x89,0xbb,0x03,},"\x11\x5b\x32\x20\xb4\x5c\xa8\xf3\x6c\x7f\xf5\xb5\x38\x87\xd4\x7e\x66\x9b\x78\xda\xc1\x3b\x98\xcc\x7a\xac\xa5\xc2\xe1\x9f\xce\x81\xec\x86\x17\xca\x41\x0e\x11\xc9\xa9\x11\x8a\x66\x84\x53\xb3\x29\xff\xb7\x18\xea\xec\x73\x91\x72\xf0\xa8\x49\xa0\x84\x81\x92\xa5\xbd\xea\x18\xab\x4f\x60\xd8\xd1\xa0\xd3\x38\x95\x2d\x77\xb2\xcc\x13\xef\xe8\x3c\x76\xe8\xdd\x58\x80\x3b\x1d\x8b\x3c\x97\x29\xef\x10\x2b\x20\x83\x5b\x7d\xe8\x72\xbe\xf3\x01\x0f\x15\xa4\xca\xdd\xf0\x7c\xf7\xbd\xd2\x22\xd8\x4b\x17\x4b\xc2\x15\x27\xcf\xfb\x1b\x7f\xfd\xe8\x1e\x28\x1d\x30\xcb\x7b\xce\x25\xea\x3d\xff\xb6\xea\x1f\xbb\x06\xcb\x70\x56\x9a\x95\xed\x1a\x07\xe9\x7c\xa4\x2d\xe7\x0a\xa2\x18\x15\x9e\xfd\x60\x8f\xa9\xb0\x89\x6e\x0b\x58\x51\x8a\x32\x2f\x25\x1d\x13\x3e\x58\xc8\xfc\x14\x28\xab\x0a\x17\x0e\xd8\x45\xc7\x5f\xb4\x03\xf1\xff\xb9\x7d\x2d\x2a\x6d\x4f\x27\x79\x11\xd3\x26\xc1\xca\xbb\xb8\x51\x6c\xbc\x17\x90\x8a\xb8\x1f\xf8\xd7\x9a\xf4\x46\x11\xea\x1d\x05\x87\x9c\x1e\xc8\x1d\x06\x93\x6e\x0f\x4a\x0a\xef\x6d\x57\x48\xe1\x81\xd3\x0e\xc2\x52\x36\x59\x7a\x97\x3d"},
+{{0x7b,0x3a,0x76,0xde,0xca,0xea,0x60,0xc4,0x1e,0x95,0xb0,0x58,0x77,0xa7,0xda,0x82,0x06,0x4c,0x27,0x27,0x8c,0x8d,0x7d,0xf5,0xf0,0xbb,0x95,0xf0,0xad,0x2d,0x04,0x35,},{0xf8,0x0d,0xb5,0xc2,0x87,0x21,0xb1,0xc6,0x11,0xbd,0x87,0xeb,0x14,0x5a,0x98,0xbb,0xf3,0x83,0xb0,0x68,0x04,0x5d,0xf2,0x45,0x8d,0x1a,0x6f,0xda,0x09,0x9f,0x7f,0xc2,},{0x2c,0xd2,0x6f,0xb3,0xc4,0xf7,0x44,0x0a,0x72,0xaf,0xfe,0x93,0x56,0x4f,0x6f,0x65,0x59,0xad,0xb1,0x5c,0xc7,0xa2,0xba,0x10,0x87,0x9f,0xb7,0xd6,0x7e,0x47,0xd4,0xeb,0xd0,0x2f,0xe4,0x82,0x36,0x98,0xa5,0xfb,0xd4,0xa9,0x07,0xfd,0x69,0x18,0x4c,0x25,0x5a,0x17,0x0e,0x5f,0x17,0x47,0xfc,0xe9,0x68,0x10,0x2d,0xc2,0x19,0xb5,0x0d,0x02,},"\x37\x5f\xad\xae\xdd\x9c\xac\x49\xb6\x4e\x15\x74\x02\x80\x46\x06\x9f\x4c\x83\x65\x4c\x8a\x70\x11\xab\xdb\x64\xdb\x16\xb4\x7f\xa3\x11\x79\x81\x72\xf9\x07\x22\x17\xb0\xa6\xa4\x3e\x5d\xf6\xff\xcc\x11\x54\xbc\xec\x1c\x68\xe1\xd3\x5e\xc0\x58\x80\xd0\x12\xce\x76\xe4\xce\xbf\x30\x1b\xb2\xec\x98\x3d\x00\xb4\xa0\x54\x0c\x93\x7f\xf1\xc6\xdf\x94\x41\xc6\x1b\xdb\x3b\xe8\xe0\xc7\xc1\x1a\x35\xd4\x9b\x6f\x55\xc3\x81\x26\x9a\x0e\x76\x8e\xfb\xd4\x53\x44\x7f\xe4\x8b\x75\xac\x39\x64\x6c\xa8\x2e\xca\x7d\x14\x93\x04\x42\x34\x91\x87\x1c\x10\xdb\xcf\xc5\x97\x3a\x57\xfa\xb8\x37\x1c\x30\xcb\xc4\xe9\x0b\xec\xc0\xb6\x71\x52\x22\x6e\xe1\x77\xb4\xff\x36\x8e\xc8\x79\xb3\x91\xeb\x95\xe3\x6d\xcb\xb0\x7b\x2c\x16\xba\x39\x55\x45\xd4\x52\x9f\x72\x7b\x1a\x11\xef\x65\xd1\x20\x97\x6b\x7c\xcc\x86\xaf\x4b\xd2\x04\xcb\x94\x89\xc9\x21\xe4\x3b\xa5\xe8\x50\xcf\xe5\x98\x99\xf1\xc1\xec\x4a\xa5\xc9\x2b\x6d\xac\x69\x14\xb1\x95\x2b\x53\xdc\xb5\x40\xb4\x09\x23\x13\x81\x56\x89\x87\xbb\x22\x36\xbc\x40\x89\x5d\xf3\xf1\x7e\xab\x7c\x02\x74\xf2\x24\x4f\x95\x86\x12\xe8\x8e"},
+{{0x5f,0xf8,0xd4,0x05,0x26,0x08,0xeb,0x03,0x3a,0x5e,0x94,0xb6,0x03,0xce,0x38,0x4d,0x84,0x52,0xf6,0x0a,0x26,0x49,0x8b,0x91,0x12,0x56,0x7f,0x34,0x10,0xc1,0x86,0x66,},{0xc4,0x90,0x0d,0xe2,0x4d,0x9a,0xf2,0x48,0x27,0x63,0x10,0x99,0x26,0xaf,0x7c,0x48,0x13,0x80,0xfa,0xbc,0xda,0x94,0x40,0xc1,0xa5,0x3e,0xa1,0xcd,0xc2,0x7e,0x65,0x68,},{0xb7,0x37,0xd4,0xe5,0xbe,0x27,0xde,0xb6,0xd8,0x77,0x29,0xc6,0x36,0xdf,0xf7,0xa4,0x06,0xc0,0x13,0xf3,0x13,0xc3,0x8c,0xf6,0x83,0xfe,0x14,0xf7,0x5a,0x3b,0x30,0x05,0xd9,0x53,0x5d,0x7e,0x58,0x15,0xc8,0xf8,0xb3,0x7c,0x51,0xd6,0x92,0x71,0x11,0xc9,0x79,0xf7,0xd9,0xd8,0x1a,0x34,0x7a,0xa9,0xcc,0x09,0xed,0x4e,0x6c,0x18,0xe9,0x0f,},"\x13\x8c\x60\x55\x7c\x2e\x90\x08\xaf\xc0\x3d\x45\xbe\xc7\x1f\x96\x11\x49\xa0\x83\x59\x26\x75\x1c\x8f\xf3\x93\x5c\x7d\x65\x2d\x83\xe1\xb0\xb1\xda\x7d\x5b\xbe\x0b\x8e\x17\x1a\x4e\x49\xaa\xe0\x6f\xd8\xa9\xde\xff\x78\xdc\xde\x4d\x25\xb1\xaa\x89\x99\x98\xa0\xf9\x9e\x1d\xf6\xf9\x33\x7a\x3e\xa2\xf2\x4b\x76\xc3\x17\xa7\x01\x4d\xb4\xe5\x28\x31\x91\x79\x5a\x70\xd8\x82\x1d\x21\x78\x46\x49\x0f\x95\x87\x01\xd3\x9d\xc2\xc8\xce\x47\xd9\x28\x93\x88\x74\xd8\x7b\x35\x58\x98\x9b\xc7\x7a\xf8\x20\x97\x9a\x35\x1e\xef\x95\x94\xaa\x5b\x94\xf3\x34\x1e\xde\xd4\xea\x20\xb0\x8c\x3e\x7c\x56\x10\xd4\x32\x67\x81\x8d\xfa\xc0\xa8\x7d\xdf\x52\x7f\xbc\xe8\x51\x2b\xbf\x85\xb6\x6c\x9b\xb5\xd6\x2f\x0f\xe8\x40\x48\xf2\x3b\x19\x60\x4a\x5c\x8d\x82\xb1\xf2\x5a\x8d\xa0\x27\x31\xfe\xb2\xec\xae\x48\x9b\x84\x75\xf7\xbd\x32\x6d\xdf\x1a\x08\x18\x9e\x46\xc0\x8c\xf5\x05\x38\xc2\xa3\x63\xe2\xf4\xeb\x2c\x01\xa2\x04\xc7\xff\xbc\x0b\x98\x1a\xdc\x0f\xd9\x97\xaa\xfd\xf2\xa2\x22\xee\x84\xc3\x09\xf6\xe9\x5e\xc7\xde\x4f\xa8\x5d\x47\x68\xd5\xc0\x03\x16\x50\x28\x22\x5e\x22\xe0\x9e"},
+{{0xee,0xde,0xfc,0x17,0x57,0xe3,0xa7,0xe5,0xed,0x39,0x46,0xdb,0xed,0xc3,0x96,0xa3,0x62,0xf6,0x83,0xd2,0xc5,0x1b,0x0b,0x9f,0x60,0x76,0x5d,0x4b,0xfc,0x51,0x34,0xde,},{0xa9,0x87,0x2b,0xc2,0x19,0x2f,0xc0,0x2b,0x18,0x9c,0xee,0xd4,0x03,0xab,0x9f,0x27,0x0a,0x03,0x2a,0x83,0x5f,0xde,0xbf,0xaf,0x1c,0x9d,0x69,0x34,0xed,0x83,0x04,0xbc,},{0xd5,0xbe,0xa8,0xea,0x9a,0x5f,0xe9,0xed,0x6d,0x2b,0xf8,0x39,0x93,0x0c,0x0c,0x6c,0xd5,0x03,0x9e,0x98,0x8f,0x55,0x1f,0xde,0xdb,0x54,0x37,0xe1,0xc1,0xaf,0x0e,0xd7,0xb3,0x89,0x7c,0x03,0x57,0x11,0xc3,0xc5,0x19,0x26,0xbe,0x8d,0x1b,0x32,0x02,0x4d,0x5c,0xd5,0x82,0xf5,0xf8,0x36,0x9a,0xd8,0x4d,0x18,0xb1,0x25,0x02,0x65,0x2f,0x07,},"\xb1\x94\xdb\x73\xf9\x94\xcb\xdc\x3c\xbe\x63\x0b\xa7\x2c\x47\xc2\x24\x9b\xc0\x59\x2a\xb5\x47\x94\x2b\x1d\x1b\x88\x2b\x44\xf5\xb3\x85\x5e\x56\x8b\xdd\xdf\x92\xef\x05\x02\x2d\x88\xfc\xfc\x29\x4e\x76\xb6\x4a\x00\xe9\xc7\x43\x55\x37\x37\x63\xe4\x9a\x4e\xbc\x47\x24\x3d\x48\xa9\xad\x58\x89\x94\xa5\x18\xf8\x0f\x86\x15\xc2\xb3\x1d\xa5\x87\xa5\x3e\x52\x9d\x43\x5a\x86\x97\x35\x0d\xfc\xde\x02\xd2\x0c\xce\x7d\x5e\xee\xfe\x3f\x5a\xb2\xaa\xc6\x01\x25\x9c\xda\x38\x53\x8a\x1b\x83\x01\xf9\x83\x2e\x75\xab\x90\xf8\xa9\x32\xf2\x67\xea\xc1\x81\x00\x39\x65\xd5\x26\x6f\x20\x61\x80\xc6\xc3\x80\xec\xe8\x03\x57\x7c\xcb\x46\x17\x6b\xf6\x07\x15\x94\x86\xf2\x42\x59\x74\x7e\x2c\xa6\xfb\x19\x12\xdb\x7b\x78\xa9\x73\xb2\x84\x63\x87\xc1\x20\x80\x30\xee\x1f\x40\x0d\x0c\x5b\x5e\x8b\xde\x96\x35\xae\x55\x63\x8b\xa1\x7c\x73\x4d\xe8\x63\x8b\xb8\x5d\xfc\xd7\x66\x29\xa7\xf9\xf4\x0d\x6a\xb9\x54\xd5\x5b\xf8\x57\x5f\xc9\xc9\xa5\x95\x09\x7e\x08\x93\xdb\x5a\x7b\x8a\x6c\x45\x5e\xcb\xd3\xd2\x2d\x72\x5e\x19\xde\x29\x41\xf4\x67\xf9\xeb\x93\xd6\x6a\x0e\x2b\xbd\xbf\x92\xed\x1c"},
+{{0x09,0xd2,0x2b,0xba,0xa5,0x95,0x6c,0xfa,0xcb,0xbf,0x9f,0xd5,0x51,0x09,0x75,0x12,0x86,0x86,0xc4,0x0c,0x6e,0xa9,0x6b,0x89,0xef,0x4c,0x0f,0x0c,0x64,0x9b,0xcd,0x7f,},{0xe5,0x59,0xea,0x8a,0xcb,0xdc,0x61,0xb6,0x70,0x9a,0x7d,0x83,0xae,0x15,0x84,0x9a,0x6c,0x78,0xb2,0x03,0x92,0x3d,0xd0,0xa2,0x99,0x23,0x9e,0xe4,0x88,0x69,0x30,0xba,},{0xe6,0x52,0x75,0xc4,0x32,0x8a,0x70,0xad,0x62,0x40,0x8e,0xd7,0xfb,0x17,0x28,0xbe,0x87,0xa7,0x3a,0x81,0x4f,0xee,0x8e,0xbd,0x94,0xf2,0x66,0x5c,0x71,0xbc,0x66,0xab,0x0c,0x1b,0x07,0xa6,0x00,0xb3,0x0b,0xc0,0x81,0xa7,0x4c,0x53,0x68,0x57,0xc2,0x06,0x10,0x38,0x4b,0xe2,0x68,0xd9,0xaf,0x3e,0x3e,0xcd,0xdd,0x3e,0xb0,0xc1,0x4c,0x0c,},"\x1c\x26\xa0\xf3\xa1\xa5\xb2\xd7\xd5\xb2\x97\xaf\x8a\x6a\x68\x9d\x7c\x62\xa2\x52\x67\xe1\x97\xd2\x3b\xec\xd2\xf2\xb8\x16\xc4\xde\x92\xfb\xda\xff\xb9\x41\xc3\xfc\x8d\xb7\xa8\x43\x35\xa8\x4c\xfb\xc9\x2c\xb3\xac\x80\x6e\xd5\x8d\xf1\x6b\x6b\x8e\x11\x9a\x48\xdf\x4f\x27\xc7\x1e\x93\x1a\x59\x38\xe7\xd0\x02\x73\x48\x85\xe1\x3a\x25\x8a\x15\xb6\xe1\x13\x6e\xfb\xa7\x2f\x1d\x09\x6b\x68\x9f\x76\x18\xf4\x9c\x96\x80\x63\xe8\xf9\x91\xfa\x0b\x55\x60\x1e\x43\x0e\xee\x13\x49\x2a\x1b\x09\x41\x3e\xb2\x38\x13\x59\x1a\x7a\x9f\x07\x0c\xc3\x96\xca\x9d\x1f\xac\xdd\x4f\x4c\xe3\x7c\x40\xf7\x24\x5f\x55\x03\x5e\x10\xfa\xd6\xb8\x5b\x5f\x01\xa1\xda\xac\xc0\xdf\x94\x06\x9f\x7d\xe8\xf6\x46\x7f\x96\xd1\xfb\x98\x64\x8e\x8a\x05\x20\xa8\xcd\x72\x3c\x98\xe9\xdc\x2d\xd4\xb2\x93\x4d\x82\x28\xf0\xae\x1a\x41\x5b\xd3\xa7\xcd\xa3\x8d\x7a\x99\x83\xce\x1a\xf6\xf8\xc9\x70\xa2\xa5\x91\x63\x5f\xe1\x2b\x91\x75\x36\xef\x81\x5e\xaf\x1a\x31\x38\xd7\x0c\xe7\x0a\x79\x42\x64\xd7\xc9\x86\xd9\xee\x32\x90\x44\x5f\x15\xa9\x24\x8f\x27\x65\x27\x1e\x5a\x99\x21\x96\xae\x33\x1a\xbd\x41\x64\xbf"},
+{{0x77,0x82,0x6e,0xd3,0x51,0xa3,0xf0,0x92,0x54,0xae,0x56,0x92,0x88,0x5d,0x77,0x4c,0xb3,0xf2,0x44,0x10,0xa4,0x80,0x9f,0xd9,0x0f,0x8a,0x00,0xda,0x9a,0xee,0x99,0x03,},{0x3e,0xac,0x8f,0x41,0xee,0x73,0xe6,0xef,0x13,0x68,0x21,0xf7,0x95,0x7a,0x1c,0x27,0xe1,0x56,0x38,0xd0,0xe3,0x91,0x6e,0x6c,0xaa,0xc6,0xfb,0x7b,0xeb,0x7b,0xcf,0xb0,},{0x97,0x7a,0xdc,0xcd,0xb8,0x29,0xb4,0x0b,0xbd,0x8e,0x53,0x85,0x6a,0x78,0x3d,0xb3,0x46,0xa3,0x9d,0xff,0x62,0x04,0x1a,0x29,0x72,0xd2,0x90,0x09,0xf1,0xc9,0xff,0x81,0xb8,0xad,0x54,0xcb,0x90,0x1e,0x49,0x7c,0x1d,0x30,0x21,0xb5,0x0b,0x6c,0x69,0xee,0x73,0x55,0x8f,0xd7,0xbe,0x05,0xd6,0x25,0xf5,0x72,0x7f,0x9a,0xf2,0xce,0x87,0x02,},"\x1f\xf0\x6c\x0b\x39\x99\xce\xcb\x19\x00\xa4\x7d\x26\x7b\xea\xfb\xb3\x5d\x93\xd1\x4c\xb2\xc8\x92\x5e\x3e\x3f\xe5\xd9\x67\x58\x69\x25\xee\x4b\xaa\x41\x99\x8e\xdd\x01\x03\x20\x58\x10\xaa\xd5\xc0\xbb\xdc\x77\x87\x44\x76\x81\x02\x46\xd1\x30\x89\xa6\x4d\xb5\x76\x42\x4f\xae\x0b\xed\x96\x64\xa4\x2a\x49\x11\x47\xd1\xee\x3b\x9c\x3b\x1b\xa4\x87\x5b\xe1\x54\x62\x39\x25\x40\xf9\x97\x8d\x9a\x46\x30\xba\x4c\x52\x54\x99\x75\x1a\x45\xef\xc2\x99\xec\x7d\x73\xb1\x7f\x9a\xd2\x75\xee\x71\xa6\x87\xe7\x26\x90\xd7\x32\x02\x42\xd2\xdc\x2b\xd4\xd5\xc5\xcf\x0f\x17\xa4\x65\x18\x5d\xcf\x60\xf8\xef\xff\x53\x90\x3f\x20\xb0\xc2\xab\x21\x92\xd4\x43\x68\xf2\xf2\xfb\x36\x04\x8a\xf0\x71\xf7\xaa\x85\x7b\x14\xad\x1d\x11\x46\x12\x05\xbe\xbe\x17\xe0\x2b\xe2\xe3\xcc\xb6\x09\x28\x21\x88\x5c\x4e\x0d\x48\x11\xbe\x3f\x45\xb1\xfe\xa0\x88\x45\x3e\x02\x24\x32\xf5\x62\x56\x2b\x43\xa3\x55\xcb\x56\x27\x0c\xed\xb6\xc2\xc4\x2d\xbf\x9b\xe8\x50\xe7\x71\x92\xfd\xc6\x5c\xfd\x36\x83\x4b\xe9\x88\xdb\xe9\xa9\x3e\x25\x18\xc1\x38\xb0\x90\xfb\x9d\xa8\x27\xcb\x1c\x91\xc8\xfe\x52\xfe\x7c\x57\xf7"},
+{{0x99,0xa9,0x95,0x31,0xc3,0xcd,0x6e,0x3e,0x9c,0x90,0x0a,0x9e,0xeb,0x26,0x26,0x7e,0x72,0xf0,0x9d,0x11,0xb6,0x51,0xa8,0x97,0xeb,0xb7,0x9b,0xe0,0x16,0xf6,0x4c,0x6e,},{0x9b,0xf9,0xf8,0xb4,0x8a,0x27,0x28,0xe0,0x26,0x08,0xfc,0x19,0x89,0x9d,0x21,0x96,0x56,0x83,0x9d,0x1c,0xc1,0xe9,0xa8,0x98,0x4d,0xf6,0x74,0xec,0x26,0x66,0x2f,0x41,},{0x0e,0x89,0xda,0x5d,0x94,0x9c,0xf2,0xbf,0x40,0xc7,0xe1,0x7c,0x2d,0x0f,0x9c,0xea,0xbc,0x88,0xa0,0x92,0xeb,0x4d,0x49,0xcf,0xbf,0xea,0xb7,0xc8,0xbf,0xf4,0x32,0x45,0xc6,0x7b,0x9e,0x2e,0x92,0xf9,0xbc,0xb9,0xb3,0x4b,0x3f,0xcf,0x8b,0x01,0xfa,0x2e,0xa7,0xa9,0x64,0x9f,0x81,0x4c,0x3a,0xa9,0x8b,0x3d,0xd0,0x45,0x40,0xc3,0x1d,0x09,},"\x7a\x89\xc0\xc1\x95\x2f\xdc\x42\x98\xdc\xae\xa8\x54\xef\xc1\x34\x65\x6b\xe1\x47\xe9\xe8\xe8\x2f\xc9\xa4\x49\x05\x9d\x80\x57\x0f\x75\x67\x6b\x81\xc4\xa9\x4f\x76\xa9\x68\x20\x0c\xde\xb0\x98\x8c\x73\xf5\x9a\xfc\x72\xad\x4c\x31\x03\xe1\x9f\xe6\x3b\x7e\x95\xe1\x40\xb5\xcb\x2e\xfc\x7b\x97\xa6\xff\xbb\x6c\x29\x8d\xda\xce\x3b\xe6\xd2\xed\x3d\x59\x8b\x8b\xdf\x0c\x2f\xe6\xc9\x76\x02\x14\x2a\x76\xe9\x78\x51\x4c\x19\x6c\x1b\x9a\x88\xef\xdc\x19\x25\xfc\x50\x61\x55\xcf\xf9\xa2\xf2\x1a\xb6\x34\xe2\xb9\x3e\x96\x92\x8a\x5d\x8f\x7c\xe4\xcb\x73\x26\xd9\x68\x94\x69\x24\x2b\xa9\xc6\xa0\x1b\x77\x49\x6b\xad\xef\x87\x57\x8f\x5a\x17\x28\x4e\x90\x0a\x72\xdf\x14\x1c\x61\x99\xb0\xe7\x1a\xb5\xda\x43\x75\x03\x76\x17\xec\x61\x96\xd4\xf4\xe2\x3a\xe2\x91\x6a\x72\xd0\xfc\xe7\x96\x02\x23\x05\xac\x9f\xbb\xbb\xe4\x70\x5b\x34\x0e\x42\xb7\x8e\x1c\x02\xbb\x10\x01\x86\x0c\xdc\xaf\x71\xed\x89\x25\x5d\xd5\x6c\xc0\xb3\x1c\x59\xd4\x59\x6d\xce\xf8\x4e\x22\x23\x4b\xe5\x62\xbd\x80\x1e\x94\x11\x1d\x83\xa7\x80\x64\xc9\x0f\x9d\x82\xfc\xe9\x1f\x68\xab\xb0\x3c\x73\xb6\xbd\x8d\x7e\x02\xd4"},
+{{0xaa,0x58,0x40,0x3e,0x76,0x3b,0xac,0x40,0x5d,0xb0,0x65,0xeb,0x11,0xeb,0x6b,0xe3,0xe3,0xb6,0xcf,0x00,0xec,0x4a,0x22,0x2b,0x52,0xbf,0xf4,0xb6,0xe3,0xd1,0x56,0xac,},{0x16,0x7f,0x9b,0x9a,0x46,0x65,0xf9,0x3f,0x5d,0x7d,0x30,0x16,0xac,0xe6,0xfb,0xd1,0x34,0x20,0xb2,0xe5,0x1e,0x72,0xbd,0xe5,0x9e,0xed,0xf2,0x69,0x93,0xb6,0x6c,0xae,},{0x64,0xb5,0x98,0xca,0x5b,0x8f,0x9a,0xe7,0x42,0xe4,0x6e,0xe0,0xd8,0xc1,0xaa,0xf3,0x14,0x58,0xb5,0x0c,0x25,0xd2,0x67,0xa6,0x77,0xe4,0x4b,0xe5,0xb7,0x55,0xf1,0x4d,0x51,0x80,0x1a,0x30,0x39,0x9b,0xfc,0xc3,0x8d,0x14,0x07,0x1a,0xa0,0xae,0x93,0xda,0x82,0x5a,0x58,0x1a,0xb6,0xc2,0x07,0x25,0xa0,0xa9,0x10,0xb4,0x73,0x5d,0xfa,0x0b,},"\x3b\xaa\x09\x98\xff\x02\xb3\x2b\x90\xb5\x1f\x9a\x84\x0c\x7b\x5c\x58\x70\xcf\xb1\x81\x0a\x9b\x0f\x77\xb5\x59\x09\xd4\x7a\xd3\x35\x14\x7a\x99\x1c\x29\xfb\xeb\xfc\x59\x2e\x93\x07\x17\x5c\x19\x64\x12\x9a\x2d\x5e\xfc\x62\x15\x80\x74\x53\xbc\xd7\x26\x96\x97\x81\x22\x2b\xca\xd1\xc9\x9a\x49\x74\x8b\x9e\xe6\x67\xc4\xd0\xc8\x28\x89\xe2\xf5\x00\x64\xc1\x15\xdb\xd8\xfb\x48\x3d\x72\xab\x0c\xca\xdf\x76\xbd\xdb\x2d\xc7\x27\xdb\xc3\xfa\x5c\x46\x24\xc2\x83\xd8\x92\x1c\x8a\xa4\x42\x51\x10\xdc\xdd\x69\xc0\x5e\x5e\xd5\x9b\x35\x96\x25\xee\xaa\xec\x1e\x27\xea\xfe\x9d\x9a\x5c\xe7\x36\xc3\xf9\xc5\x27\xea\x54\x78\x18\xb9\xbc\xa6\x81\x1b\xe4\xcc\x15\x05\x8a\x6f\x5b\x68\x33\x03\xb8\x0c\x90\xc9\x4a\x83\xb8\xb1\x58\x69\x71\x3a\x66\xb1\xe0\xf6\x56\x33\x1b\x28\x6d\x1e\xf7\x69\x88\x34\xab\x3e\x13\x84\x17\xaa\xd6\xbb\x3a\xb3\xbd\x9f\xc7\x87\x61\xa4\x82\xdf\xc6\x54\xf3\xf8\x62\x8c\x8d\x9f\xc1\x60\x18\x89\x8f\x16\x41\xe8\x62\x2b\xd2\x72\xe3\x8d\x41\x70\x6c\xb9\xce\xbe\x6e\xe5\xe1\x73\x57\x6b\xf6\x1b\xb1\x18\x8c\xf2\xf3\x9c\x62\x22\x0b\xba\x88\xfc\xb4\xde\x48\x98\xb2\x5b\x04"},
+{{0x10,0x44,0xee,0x37,0x08,0xc0,0xb0,0xe9,0x09,0xa8,0xcb,0x2b,0xa2,0xcd,0x0a,0xf8,0xd2,0x8a,0x5d,0xe0,0x1d,0x96,0x2e,0x82,0x60,0x87,0xfb,0x23,0x2d,0xf7,0xb2,0xd2,},{0x46,0xd2,0x41,0xea,0x0c,0x70,0x2c,0x18,0x89,0xd4,0x46,0x55,0x82,0x46,0x29,0xb6,0x72,0x84,0xd4,0xe6,0x44,0xa4,0x8f,0xa4,0x54,0x55,0xd2,0x7a,0xc5,0xf6,0x25,0x29,},{0x7d,0x6b,0xed,0x7f,0x87,0xd0,0x90,0xab,0xe0,0x13,0xc3,0x1e,0x12,0x03,0x90,0x3b,0xac,0x9c,0x93,0x44,0x5d,0x06,0xc7,0xb5,0x3d,0x31,0xd1,0x5f,0x97,0x0d,0x88,0x64,0x7a,0x7e,0xd2,0xc3,0xa6,0x30,0x50,0xba,0x19,0xd6,0x80,0x43,0xaa,0xdd,0x18,0xbd,0x86,0x1d,0xe1,0xac,0x47,0x15,0xb8,0xe8,0x28,0xb2,0xb1,0x6f,0x8a,0x92,0xb0,0x01,},"\xb8\xa4\x45\x45\x5f\xb6\x6e\x17\xe3\x14\x3d\x35\x20\x4c\x9e\xa9\x34\x74\xee\xbe\xef\x93\x96\x3e\xe5\xc1\xd3\x77\xca\x21\x7a\xcd\x4c\xa6\x3e\x57\x55\xda\x08\xfb\xff\xdb\xd4\x35\x2b\xf1\x65\x19\x38\x96\xc8\xd6\xf7\x6b\xb4\xcd\x3b\xc2\xd3\xa4\x76\xa4\xe3\x20\x82\x4a\x12\x10\xce\x74\xd0\x01\x4d\x74\x7f\x11\x1e\xec\x31\x0c\x5c\x89\xed\x4d\x08\x50\xe8\x11\xf8\x0a\x8b\xb2\x8d\xca\xf6\xf4\x11\xdf\x83\xe2\xc1\xdf\xd9\x0c\x4a\xd2\x35\x61\x45\x4e\xb5\xd7\x56\xb6\x3b\x4e\xa7\xf3\x7d\xc5\xd4\x66\xc1\x6e\xf7\x0d\x11\x19\x0c\x4f\x53\x16\xfe\x2a\xa8\x59\x74\x40\xe8\x8b\xbe\xba\xeb\x35\xea\x5f\x04\xf0\x7b\x03\x39\x26\x41\x58\xef\x90\x9a\xd5\x16\x3b\xfc\x24\x8c\xd7\x24\x13\x3e\x27\x4f\x81\x26\x95\xf2\x90\xe5\x71\x76\xa9\x6b\x93\x93\xd0\x7b\xb3\x10\x29\x9f\x5d\x2a\x6b\x6d\xd1\xda\xbc\xb5\x1b\xf2\x9c\x5a\xfa\x7e\xbb\x07\x01\xc6\xc8\x47\x67\xac\x13\x77\x93\x09\x1f\xe0\xed\x6e\x47\xd7\x80\x62\x8a\x32\xc8\x4f\x83\xe0\x0e\x9c\x16\x74\x2a\x52\x3e\xcb\x63\xc2\x4f\x4a\x33\x8e\xd2\x99\xa0\x61\x94\x92\x4f\x44\xc5\xa5\xd3\xc9\x37\xff\x9b\x09\x45\x98\x2a\xd2\x4a\x2d\x1c\x79"},
+{{0x95,0xdd,0x1a,0x5e,0x65,0x8f,0xa6,0xc8,0xd4,0x25,0x07,0xb3,0xe5,0xb8,0xed,0xb5,0xba,0xec,0xa6,0x2d,0xeb,0x00,0xfc,0x5d,0x4d,0xca,0x8e,0x1a,0xb5,0x83,0x5e,0x59,},{0x3a,0x53,0x23,0xdd,0x1e,0x07,0xf3,0x23,0xbb,0x6d,0x83,0xe9,0xc2,0xdb,0x92,0xa2,0x9f,0x62,0xe2,0xe0,0x03,0xee,0x0d,0xea,0xcd,0x7e,0x2e,0x4e,0x03,0x0d,0x8d,0x27,},{0xd0,0x2a,0x75,0x23,0xdc,0xbd,0x29,0x57,0x6b,0xa8,0x09,0xb5,0x31,0x03,0x77,0x74,0xdf,0x41,0x73,0x4a,0x41,0x17,0x58,0x13,0x11,0x9c,0x6a,0x6a,0x78,0x8c,0xd9,0xb8,0xad,0x78,0x08,0x65,0x67,0x86,0x67,0x69,0x9a,0xe6,0x6d,0x01,0x09,0x19,0xa9,0x66,0xa0,0x51,0xc0,0x81,0x63,0xdf,0x67,0xa9,0x77,0xee,0x6e,0x22,0x0d,0x0d,0xc3,0x0f,},"\x9b\x7a\xfd\x48\xc4\x74\x60\x4c\x26\x36\x75\x31\x55\x68\x40\xc3\x88\x66\x8b\x0f\x38\x40\x06\x3d\xfc\x98\x69\xad\x5b\x90\x12\x74\xb9\x31\x29\x3d\x04\xf3\xc8\xe8\xf7\xf8\xea\xb8\x15\xa6\x41\xd7\xc3\x51\x28\x4e\x8b\xb0\x43\x7a\xc5\x51\xbb\x29\x43\x89\x64\xe6\xa7\xc7\xba\x77\x23\x44\xb3\x33\xf9\xed\xa5\xa7\x75\x68\xc8\x93\x1d\xdc\xaf\x21\xe3\x2e\x07\xb1\x0b\xf4\x82\x0f\xb8\x59\xbc\xf8\x7b\x81\xc4\xbf\xf4\x26\xf2\x4a\x4d\x46\x8f\x2e\x9a\xed\xa8\xf1\x7d\x93\x97\x09\x97\x0d\xb1\x1d\xf7\x62\x47\xe9\x8a\x39\xeb\x8b\x38\xf5\x94\x9f\x34\x9f\x2a\xe0\x5a\xb4\x8c\x01\x85\x17\xc4\x8f\xa0\x20\x5d\xc7\xf1\x56\x64\x53\xe1\x05\xe4\x8c\x52\xeb\x45\x5c\x0c\x40\x80\x2f\x79\x7b\x3e\xef\xb1\xe2\xf3\xb1\xf8\x43\x15\xae\xd5\xb0\x71\x1c\x64\x99\xa6\x91\xb7\x4b\x91\xf1\x2e\xf7\x0f\x76\xc4\xc0\x5c\x1a\xa1\xa9\x93\xe2\xf3\xe5\x28\xab\x34\x3d\xd2\x36\x81\x62\xf4\x03\x6a\x61\xa1\x3a\x88\x04\x5d\xcd\xef\xa8\x5d\x68\x53\x22\x75\xbc\xf5\xb8\xf5\xf0\x0e\xfd\xea\x99\x9a\x95\x78\x31\x75\xd9\xee\x95\xa9\x25\xd4\x8a\x54\x49\x34\xd8\xc6\xb2\x62\x22\x5b\x6e\xbe\xa3\x54\x15\xdd\x44\xdf\x1f"},
+{{0x1a,0xbc,0x0b,0x9a,0xa0,0x1d,0xc5,0x7c,0xa5,0x3e,0xfe,0x73,0x80,0x96,0x2b,0x1a,0x88,0xd5,0x0a,0x96,0x4f,0x5c,0xd9,0x86,0x40,0x98,0x2c,0x74,0x39,0x3f,0x29,0x26,},{0x8d,0x4f,0xd1,0x43,0x94,0xd7,0xc1,0x40,0x57,0x00,0x30,0x69,0x83,0xfb,0xf7,0x6e,0xa9,0xf1,0x71,0xb1,0x5a,0x6b,0x56,0x61,0x2a,0x1f,0xeb,0x1c,0xbd,0xae,0x5d,0xd5,},{0xf7,0x38,0xaf,0x2d,0x3e,0x29,0x0b,0x3d,0x23,0xd9,0xaf,0xf7,0x41,0x4b,0xfc,0x5f,0xfa,0x47,0x23,0x5d,0xc0,0x53,0x68,0x7a,0x8b,0xa5,0xc8,0x54,0x1b,0x85,0x11,0xf7,0x81,0x56,0x6c,0xda,0xa1,0x30,0xe0,0x67,0x7d,0xb5,0x5f,0xa8,0xbe,0x9d,0x81,0xa0,0x92,0xcb,0x58,0x92,0x3a,0x86,0x28,0x49,0x4d,0x2f,0x62,0xd9,0x5c,0x16,0x71,0x00,},"\xda\x2d\xd9\x40\xd5\xe1\xdb\x6e\x80\xbf\x7e\x2b\x78\x2e\x7e\x74\x5c\xd4\xfd\x25\x2e\x98\x15\x17\x97\x58\x87\xdd\x05\xac\x77\xed\x83\x7d\x08\x29\x61\x57\x5e\xfe\xdf\x30\x1f\xdf\x24\xb7\x07\x18\xb9\x91\xb8\xd9\x2b\xdd\x2e\x6b\xee\x17\xc8\xaa\x4b\xc6\x94\xa7\x27\xbc\xfc\x78\xfd\x85\x19\x5c\x42\xca\xf8\x83\xa2\xc3\x8d\x16\x1c\xad\xd7\x9c\xfd\xa9\xa3\x91\x10\xe1\x26\x4d\x30\xbd\x4c\x5c\x4a\x58\x76\x77\x7f\x23\x3b\x07\x1b\x1b\x0b\x40\x89\x35\xf0\x46\x89\x54\xcc\x74\x4a\xf8\x06\x3b\x00\x4e\xde\x56\xcd\x98\x1c\x4d\xd5\x60\x8a\xbf\xfe\xae\xc9\xe5\x8f\x3f\xaf\xaa\x67\x14\x67\x80\x4b\x7f\xa2\x55\x8f\x4f\x95\x17\x42\x01\xf1\x83\xd8\x0a\x59\x14\x06\x5f\xed\x53\x11\x5b\x41\xeb\xc3\x38\xf7\x8d\xf0\x50\x05\x3b\x8a\x4e\x75\xea\x7c\x6f\xdc\x35\x4d\xad\x27\xbf\xd8\xa2\xe6\x6f\xcd\x7a\xe2\xf5\x87\xd2\x4b\xe0\xd4\xa3\x3d\xa3\x0a\x22\x0e\x51\xbc\x05\xfa\x4e\x41\x2b\x95\x9f\xd9\x5d\x89\xea\x6e\xc0\x16\x25\x16\xc0\x96\xa9\x43\x3a\x9e\x7c\xf5\x99\xc9\x28\xbd\x53\x05\xc2\x17\x3b\xf7\x49\x3e\xd0\xc1\xc6\x03\xcd\x03\xf0\x82\xcc\xe4\x42\x37\xa7\x9f\xfd\x8b\xe9\xa6\x72\xc2\xeb\xaa"},
+{{0xcb,0xff,0xce,0x2c,0x9b,0xd3,0xe2,0x3e,0x40,0x6e,0x5f,0x66,0xe6,0x32,0xdc,0xfa,0x72,0x66,0x54,0xd2,0x9a,0x95,0x5c,0xec,0x98,0x31,0x73,0x23,0x5f,0xa3,0x59,0xd0,},{0x49,0x65,0x3e,0xdd,0x64,0xa5,0x5f,0x7c,0xd4,0x0e,0xaf,0x3f,0x8e,0x72,0xeb,0x96,0xdb,0xcd,0xee,0x39,0x8f,0x34,0x81,0x7f,0x2c,0x95,0x86,0x79,0x49,0x71,0x0b,0x14,},{0xe7,0xce,0xd4,0xfa,0x2a,0x7d,0xff,0x73,0xf1,0x06,0x8b,0xba,0xd0,0xec,0x9a,0x11,0x09,0x04,0x3c,0x97,0xa6,0x2e,0xff,0xa1,0x48,0x87,0x6f,0x09,0x69,0xed,0x4d,0xc6,0x08,0xe2,0x8b,0xce,0x79,0x7a,0xf3,0xb8,0x25,0x32,0xc9,0x4d,0xec,0x4d,0x68,0x11,0xb7,0xf5,0x63,0x67,0x91,0x29,0xfa,0xcf,0x17,0xbb,0x73,0xd6,0x93,0x75,0xeb,0x05,},"\x1f\xfd\xe6\x82\x6e\x4f\x0c\x24\xa7\x96\x1f\x19\x1e\x74\xcc\x0b\xbc\x92\x8e\x3f\x1a\xec\x3e\xfa\xb3\x27\x65\xc2\x50\x1c\xbc\x16\x20\xe7\xee\x6f\x61\xfc\xcf\xb0\x0c\xfc\xa9\xfb\x98\x14\x3b\x52\x9b\xcc\x8c\x3d\x0f\xdf\x89\xee\x7c\x34\x2f\x10\x18\x15\xfa\xbf\x7d\xea\xf9\xf3\x02\xa2\x88\xfe\x17\x58\x26\xd5\x90\xd9\x9e\xe6\xfd\x92\xda\x74\xf9\x59\x6b\x78\x3c\x0e\x7d\x47\xd7\x11\xa3\x2f\x39\xea\x41\x65\xe5\x21\x24\x31\x44\x1b\x49\x8c\x6b\x70\xdb\x3b\x09\xd1\xf4\xe4\xa1\x4a\x6b\xae\x39\xda\x50\x88\xbb\x85\xb3\x28\x5c\xe9\xdf\x2f\x90\x68\x1a\xf2\xc7\x4d\xec\xe4\x39\xae\xb9\x1e\x1c\x1b\x07\x12\xed\xdb\xee\x8d\x72\x56\x98\x28\xf3\x7c\xb7\x20\xc5\x09\xd0\x2a\xec\x47\x60\x70\x48\x4e\x9b\x16\xec\x71\x79\x94\x7a\xc9\x6c\xaf\x0e\x1b\xe8\xb6\xb7\x4f\x37\x2d\x72\x35\xfe\x6e\x39\x99\xdf\x73\x3b\xcc\xd4\x82\xdf\xe2\xe6\x31\xf5\x6b\x58\x26\x67\xdc\xe5\xe3\x12\x17\x63\xad\xfa\xcf\x3b\x18\xcf\x20\x95\xf7\x39\x4d\xee\x49\x27\xfc\x2b\xea\x6b\x58\x24\xd9\x0c\xd5\x9e\x85\x4e\xc5\x87\x2b\x45\x51\xb0\x2e\xfa\xba\x5a\xd5\x4a\x9b\x7a\x8f\x6d\xe5\xd7\xcd\xa5\x82\x5b\x32\x5b\x07\x6d\xed"},
+{{0x9f,0x91,0x23,0x14,0x97,0x48,0x4c,0xab,0x39,0xb9,0xe2,0x0f,0x86,0x11,0x81,0xd3,0x97,0x90,0x85,0x77,0xbb,0xb2,0x96,0x82,0x42,0xd0,0x71,0xbc,0xa4,0x81,0x3f,0xfb,},{0x88,0x24,0xbc,0x6c,0xd6,0xa6,0xf1,0x5a,0x5f,0x41,0x66,0x8f,0x2b,0x3b,0xae,0x8f,0xc4,0x96,0x73,0x83,0x07,0x8d,0x08,0xb5,0x1d,0x6d,0x1b,0x2b,0x93,0xa1,0x07,0x1f,},{0x0a,0x1c,0x70,0x6d,0xd8,0xa1,0x30,0x77,0xab,0x18,0x38,0x6c,0x65,0xfa,0x97,0xcf,0x9d,0xfc,0x43,0x54,0x2d,0x18,0x46,0xec,0xbd,0xde,0xb7,0xb3,0xc9,0x3f,0x3c,0x66,0xf3,0xcc,0xd0,0x44,0x7a,0xac,0xdd,0x4d,0xad,0x8f,0xbf,0x73,0x6c,0x4f,0xf9,0xdb,0xdb,0x62,0xbf,0xc1,0x4d,0x88,0x83,0xe3,0x85,0xbc,0xe9,0xba,0xc5,0x6a,0x35,0x0c,},"\x21\xd4\xfb\xc9\x81\x63\xc3\xfb\x6e\x09\xf7\x75\xc2\xab\x7b\x18\xb1\x87\x92\x34\x0b\xaf\xed\xac\xb4\x96\x05\x62\x2e\x3c\x08\xaa\x3b\x2b\x8d\x0e\x09\x02\xf3\x61\xaa\x1c\x0f\x65\x2e\x27\x32\xb1\x0a\x0c\x5c\x6a\x05\x09\x89\x96\xb5\x88\x26\x7c\xc8\x95\x1a\x78\xb5\xd4\x31\xe7\x22\x2b\xbb\x50\x8e\xee\xf1\xb5\xe8\xb8\xd0\x1d\x39\x91\xe1\x8d\xdd\xc6\xca\x8d\x22\x2e\xf1\x77\xce\x62\x93\x8d\x18\x10\xee\xcf\x06\xf4\x73\x8b\x28\xf4\x40\x94\x6c\xca\xd2\xa1\x2e\x39\xd3\x86\x11\xbe\xd3\xa3\x9f\x93\x41\x9a\x17\x9e\xc2\xb1\xb5\x2d\x5f\xe5\xc8\x0c\x23\xb8\x4d\x88\x03\x75\x5f\x51\x46\x09\x2c\xc1\x99\xb4\xbd\xce\xa5\xbc\xf2\x03\x7b\xd5\x3f\xf6\x34\x66\x94\x15\x5f\x02\x7d\x8c\xe2\xba\xff\xe3\x0a\x56\x66\x59\x6c\x00\x78\x3a\xae\xad\xe9\xc7\x7f\xc8\x63\x79\x42\xec\xe0\x17\xd6\x48\x4c\x28\x99\xb1\x91\x8d\x3a\x48\x0b\xd5\x15\x76\x78\xd4\x77\x2d\x27\x1f\x9b\x99\x76\x8e\xe1\xbc\xc4\x6b\x24\x89\xae\x87\xcd\x03\x0f\x47\xd1\x33\x3c\x76\x72\xcb\x90\x2c\xb4\xf5\xfe\x74\x6e\x85\x3d\xe5\x79\x40\xba\x22\x64\xd3\xe6\x29\x64\x4d\x65\x3a\x5b\x7a\xf7\x8c\xe6\x4a\x99\x3f\x36\x25\x0f\x8c\xb7\xcb\x45"},
+{{0x1e,0x2b,0xd5,0x48,0x7c,0x5f,0x5c,0xed,0x46,0x1f,0x60,0x4d,0xcc,0xb4,0xe7,0x8e,0xb9,0x16,0x08,0xf0,0xb8,0x21,0xf5,0xaf,0xc4,0xe3,0xe5,0x34,0xf7,0x96,0x03,0x92,},{0xef,0x82,0x54,0x75,0xcf,0x20,0x51,0xa2,0x01,0x7a,0xe5,0x32,0xf0,0x77,0xd9,0x67,0x74,0x34,0x7d,0x27,0x67,0xea,0x7b,0x45,0xf9,0xc1,0xb8,0x60,0xab,0x99,0x35,0x06,},{0x4d,0x33,0xc9,0x6a,0x2e,0x3a,0x5d,0xb7,0x39,0x1a,0xdf,0x65,0xc1,0xcc,0x35,0x65,0xfe,0x76,0xee,0xaf,0xd0,0xb5,0xc7,0xab,0xb0,0xb4,0x92,0xa0,0xb5,0x1e,0x1f,0xa3,0x36,0x39,0x94,0x6a,0x24,0x3b,0x2d,0xde,0xf3,0x57,0x55,0x22,0x98,0xce,0x0a,0xa9,0x5e,0xac,0x6f,0xbf,0xe6,0x60,0x98,0x82,0x71,0x87,0x7e,0xb2,0xa7,0xda,0x18,0x06,},"\x1d\xbb\xbb\x13\xcd\xad\x88\x85\x4b\x80\x9c\xed\xed\x27\x33\x43\xd3\x06\xa8\xde\xab\xf3\xff\x02\xc9\xce\xc6\xf0\x02\xb8\xe9\xe1\x0e\xf5\xd1\xb0\xf5\x71\x1f\x33\x26\x7a\xa9\x1c\x17\x1b\x61\xe9\x60\xf7\x40\x45\x7b\x81\xd7\x51\xa4\x73\xf4\x4f\x75\x0a\x08\x0c\xab\x80\xaf\x7c\xcc\xa7\xdf\xfc\xfa\xc9\xee\x4c\x39\xdc\x85\xcb\xdf\x51\x25\x9c\xcd\x34\x70\xd9\xba\xd3\xad\x30\xf4\xee\x5d\xbd\x4f\xac\x6b\xd5\xc6\xc4\xdf\x73\x11\xa4\x70\x04\x46\x95\xa7\xe1\xa7\xe1\x85\x72\x20\x75\x88\xaf\xa5\x7e\xeb\xcd\x4d\x57\x5b\x6d\x42\x44\x57\xee\x92\x46\x5c\xe1\x86\x3e\x3c\x67\x7c\xf8\x75\xfd\xb9\x8d\x40\x78\xeb\xe7\x14\x42\x60\x80\x70\x52\x57\x71\x44\xcb\x8e\x03\x59\xaa\x42\xad\x15\x5d\x79\xda\xe3\xde\xb9\x9c\x46\x32\xc1\x91\xc7\x99\xcb\xfe\x58\x7d\x95\x47\x87\x06\x8d\x66\x3b\xdf\xc0\xfa\xb1\x33\x4f\x18\x76\xbf\x49\x8c\x4d\xb5\xc5\x3d\xb7\xb0\x20\x4e\xd5\xa5\x21\xc6\x2f\x09\xea\xca\x8d\x01\x89\xf3\xb3\x94\x14\x3f\x29\xc4\x21\xcb\x5c\x8d\x07\xbd\x75\x1b\xaf\x4c\xbe\x3b\xf4\xbe\x17\x01\xdf\x4b\x22\x07\xdf\xb2\x90\x4d\x84\xf4\xdb\xda\x51\xcb\xa5\x76\xd5\xa5\xbb\x16\xef\xe6\x98\xed\xd6\x08"},
+{{0xf7,0x8d,0xb1,0x4d,0x6d,0x1a,0x64,0x3d,0xd7,0x73,0x5b,0xaf,0x26,0x35,0x32,0x12,0x44,0xe7,0xec,0x8c,0xa7,0x2c,0x5c,0x38,0xc9,0x8c,0x80,0x9d,0xb9,0xcb,0x5a,0x55,},{0x54,0x14,0xf7,0x5f,0x52,0xf3,0x86,0x4a,0xfb,0x0c,0x79,0xc2,0xc5,0xc1,0xd0,0x6b,0x4b,0xce,0x40,0x0f,0xbd,0xdf,0x17,0xfe,0x9c,0xfb,0x2a,0x8b,0xac,0x47,0xa0,0xdd,},{0xd7,0xcb,0xd4,0x18,0x1f,0x67,0x71,0x20,0x07,0xb7,0xf0,0xe1,0x84,0x52,0xe0,0xa0,0x24,0x46,0x4d,0x9d,0xc9,0xb5,0xff,0x9c,0xf6,0x69,0xd1,0xb9,0x11,0x69,0xd7,0x57,0x32,0x62,0xf8,0x33,0x36,0xb9,0x7c,0x86,0x1b,0xfa,0xb3,0xfc,0xf6,0x69,0x22,0x3c,0xe8,0xca,0xf3,0x19,0xf2,0x1d,0x23,0xf1,0xfa,0x33,0x1a,0x2d,0x89,0xb6,0xca,0x0b,},"\x05\xca\xf1\xb8\xed\xc3\xb1\x73\xfb\xc1\xed\x29\xb9\x5e\x2b\xf0\x6d\x81\x4b\xa2\x40\x7d\x4b\x31\xc7\x28\xd0\x4e\xc2\x73\xd2\x53\x94\x42\x3a\xc7\xd4\xff\xf2\xca\x36\xee\x90\x27\x30\x93\xc7\x56\xe2\xbd\x13\xc9\x6d\x4a\x3d\xc7\xf5\xbe\x17\x59\xfc\xd3\x28\xeb\x66\xc5\x88\x2b\x58\xfa\x45\x88\xe5\xb2\xa3\x71\x3a\x41\x54\xa2\x34\x0d\x0b\x06\xad\x01\x96\x01\xb0\xe0\x28\xe4\x97\xf8\x98\x25\x6b\x02\x8a\xf9\x5c\xd8\x16\x8d\xf5\xe5\x8a\x57\xcd\x1e\xbf\xc0\xa0\xc9\x1c\xed\x61\xdb\xb4\x80\xac\xa7\xdf\x8d\xca\x91\xeb\x16\xe9\x80\x07\xcd\x2c\xd1\xa2\x04\x5b\x0e\x44\x77\xd1\x2d\x5a\x40\x72\xf3\x65\x42\x65\x67\xc9\xd6\x15\x77\xf3\x48\x5c\x8f\x46\x60\x5e\x7f\x47\x5e\xf0\x4a\x39\x48\xf6\x0d\xba\x8c\x55\x08\xd1\x4b\xfd\xdb\x9b\x11\xdd\x04\x4e\xf2\xd8\x4c\x16\xb9\xa9\x03\x8d\x8e\x78\xed\xa4\x3b\x91\x29\x7d\xf3\x5f\x43\x61\xa3\x83\xb4\x1d\x49\x67\x7a\x68\x7d\x5b\x34\x4a\xd1\xab\x0f\xc7\x30\x17\xb3\xbe\xbf\x32\x30\x6f\xb3\xfd\x7b\x3d\x50\x71\xf3\xab\x5f\x6e\x49\xaa\x15\x54\x0c\xad\x65\x03\xbe\xa7\x78\x4c\xf9\x42\x18\x01\xce\x13\x85\x83\x98\x93\x36\x2a\x97\xfa\xe1\x21\x30\x0d\x67\x83\xaf\x0f"},
+{{0x7d,0xfa,0x32,0x8e,0x90,0xa1,0xb8,0x49,0xc2,0x19,0xe3,0xda,0x83,0x2d,0xf9,0xed,0x77,0x44,0x82,0x34,0xf0,0xd8,0x9e,0xa5,0xd1,0x7a,0x3d,0x64,0xe7,0x88,0x3d,0xaf,},{0xe3,0x0c,0xe6,0xfd,0x5f,0x58,0x00,0x38,0x9a,0x70,0xcd,0x11,0x73,0x64,0xf5,0x99,0x45,0xaf,0xb1,0x80,0xf2,0x29,0x92,0x73,0x60,0xb0,0x6b,0x48,0x35,0xf8,0xdc,0x91,},{0x1c,0x61,0xd5,0x3b,0x87,0x2f,0x8c,0xde,0x59,0x86,0x09,0x68,0x2c,0x79,0xf6,0xc5,0xdf,0x00,0x7c,0x51,0x3a,0x71,0xcf,0xb3,0xa0,0x6d,0xcb,0x82,0xd8,0x5c,0x4b,0x00,0xcc,0xc4,0x0b,0x00,0xe5,0x9f,0x59,0x53,0x93,0x08,0x8b,0x4c,0xd0,0x43,0x28,0x55,0xc6,0x7a,0x20,0x7d,0xa7,0x1f,0x87,0xe7,0x2c,0x40,0x9b,0x3e,0x50,0x27,0x95,0x07,},"\xe5\xe4\x95\xd6\x63\xf4\x72\x36\x71\x45\x32\x68\x7a\x24\x30\x8f\x94\x2c\xa9\xc3\x3e\x08\x8f\x7f\x10\x6a\x5a\x72\x35\x18\xca\xcb\xbe\xf4\xa6\x8c\x93\x9a\x69\x50\xb2\xdc\x25\x89\xf8\x2d\x35\x4e\x57\x52\x72\xd4\x2b\x13\x83\xd3\x15\xab\x8a\x20\xaa\x0c\xdc\x9d\x4d\xf6\x78\xab\x3b\x26\x61\x2b\x5d\xca\x66\xe7\x1f\x9f\x3f\xa7\xd9\xe7\x31\xdc\x48\x1e\x2b\xc7\x12\x7c\xea\x3b\x62\x03\xca\x6c\xd8\x16\x2e\x90\x88\x6a\x73\xdc\x46\xc8\x3d\xde\xfc\x4b\x9e\x2d\x53\xd2\x9d\xd3\x87\xc6\x24\xe0\x8b\xd8\xd5\x3b\xe9\x28\xa4\x0a\x9a\xa8\xae\x8b\x1c\x8d\x0f\xb6\xa7\xbd\x6d\xce\x5f\x62\x31\x5b\x7a\x21\x81\xf6\x27\xf2\x56\xbb\xe7\xe2\xa9\x5b\xf4\x64\xe6\x13\x22\x04\xc1\x74\x20\x96\x29\x84\x02\x35\xb2\xc3\x99\x13\x30\x1a\x4b\x40\x32\x5d\x11\x8d\x38\x4b\xc7\xac\x02\x8c\xd4\xf1\x27\x02\xe1\x61\x19\x1b\x14\x9e\x42\x09\x05\x8a\x55\x12\x2b\xbb\x8b\x22\xb2\x46\x83\xba\x4f\x8e\x2e\x6c\xcf\xc0\x8d\xc8\xc8\xb1\xbc\xfb\x6d\x60\xbd\x8f\x06\x21\x96\x93\x3d\xf3\x19\xab\x16\x90\x6d\x08\x57\x30\xeb\xa1\x72\x0d\x4b\x02\xc6\x7d\xaf\x38\xcc\xe6\xab\xa3\x8e\x25\xd6\x8e\xf9\x5b\x2f\x52\x19\x13\xa1\xd7\x7d\x5e\xb6\x50"},
+{{0x6c,0xe1,0x3d,0x3c,0x2e,0xc7,0x1f,0xed,0x83,0x13,0x1a,0x69,0xd5,0xd0,0x30,0x31,0x4a,0xb4,0x9e,0x65,0x65,0xef,0x68,0x16,0x3f,0xff,0x09,0xac,0x5d,0x9b,0x47,0xe7,},{0x9c,0x7b,0x11,0x18,0xfa,0xb9,0x1e,0x0e,0x7b,0x19,0x2a,0x23,0xd9,0x5f,0xb8,0x77,0xcb,0x79,0x36,0xcc,0x6c,0x8a,0x33,0x05,0x92,0xf4,0x8e,0x67,0x84,0xed,0xc2,0x92,},{0x60,0x8b,0x2b,0xf6,0xf6,0xda,0x05,0xc2,0xac,0x5b,0xbf,0xd7,0x95,0xa2,0xac,0x32,0xc7,0x9c,0x74,0x15,0x3f,0x94,0x31,0xde,0xa5,0x97,0x68,0xff,0x4c,0x22,0x5e,0x3b,0x69,0x3b,0x64,0x5a,0x50,0x67,0x66,0xb8,0x60,0x85,0x0e,0xe9,0x7e,0xa4,0x30,0x32,0xb0,0x5b,0x69,0xe5,0x67,0x67,0xe8,0xeb,0x9d,0x19,0x18,0xdf,0x9a,0xfb,0xa8,0x05,},"\x10\xbb\xc3\x11\xeb\x2a\x76\x5e\x01\x67\xff\x37\x61\x8f\xf7\x0e\x13\xf0\x2d\x7b\x06\x17\xae\x4a\xc0\x6b\xef\xbb\xe1\x49\xc9\x72\xa9\x94\xf6\x80\xca\x4d\xc9\xa9\x2e\xc7\xef\xa5\x39\x97\xfa\xd3\x56\xb9\xff\x4e\xbd\xee\x62\x95\x41\xd1\xf4\xde\xa6\x2e\xd0\xd2\x49\x4f\x9c\xcf\xdf\x07\xa9\x31\x04\x91\xf6\x1c\x4b\x3e\x27\x00\xb4\xa3\xc6\x68\xd6\x78\x32\x9a\x38\xc2\xef\xf9\xd8\xcb\xa4\x31\xfb\x95\x9e\x7f\x76\x55\xbd\x0f\xbd\x77\xd5\x3b\xbb\xc2\xeb\x8d\xc5\x1d\xd7\x18\xed\x98\x72\x8a\x18\x16\x86\xbe\x12\x2b\x84\x4d\x3d\xa3\x31\xe3\x29\xd3\x95\x9b\x59\x23\xf7\x73\x43\x25\xa0\x21\x02\x6e\x27\x54\xe1\x7a\x15\x10\x8b\xe8\x01\x46\x5a\xd9\x58\xdb\xcf\x21\xdf\x89\x0c\xfe\x5d\x5b\x88\x3c\xa4\x3c\x61\xce\xdc\xcb\xdb\x58\xb8\x49\xea\x75\x37\x4f\x1e\x91\x8e\x80\x3e\x57\x7a\x5d\xc7\xa1\xc1\x79\x36\xec\xcf\xcd\x34\x81\xbd\x2b\x1e\xb0\x75\xb8\x32\x37\xca\x6f\x3c\x07\xc1\x9e\x9a\xf9\x73\x12\x67\xbe\x82\xd4\x89\x8e\xee\x96\xeb\xc9\x00\xd4\x8b\x05\x9d\x51\xb0\xdd\x41\x5b\x1c\x89\x06\x60\xa8\x8d\x25\xf5\xc5\xf3\x5d\x8e\x45\xe5\x23\xe0\xce\x33\x36\x92\x3a\xb4\x36\x70\xe3\x5c\x50\x57\xd5\x6c\x75\x88\x76"},
+{{0xd4,0x5e,0xe6,0x9a,0x5f,0x1a,0x7c,0xfd,0xd0,0x34,0x3f,0x87,0x70,0xd1,0xc6,0xbc,0x02,0x6f,0x06,0x7a,0x70,0xdb,0xe8,0x39,0xa8,0x6f,0x2a,0xa0,0x68,0xc3,0x3f,0x81,},{0xfc,0x8d,0x9f,0xb0,0xe4,0xf3,0x47,0x93,0x09,0x07,0x55,0xe0,0x32,0x80,0x96,0xe0,0x1e,0x28,0x1e,0xa3,0x51,0xb8,0xd9,0x5c,0xd9,0x11,0x6e,0x13,0x1a,0x5c,0xa5,0x4e,},{0x15,0x6c,0x51,0xc5,0xf9,0x15,0xd8,0x9b,0x8d,0x14,0x00,0x35,0x0f,0x8f,0x21,0x7a,0x5c,0x02,0xe2,0x62,0x9e,0xde,0x9f,0x4a,0x30,0xb6,0xe7,0x1d,0x1e,0xa7,0xa9,0x53,0xcc,0x6d,0xb3,0x1b,0xa5,0xc7,0x78,0xc2,0x69,0x92,0x0b,0x64,0x9f,0xb4,0x22,0x1c,0x6d,0x38,0xcf,0x2c,0xea,0x2a,0x7d,0xe3,0xad,0x42,0x3e,0x04,0xfa,0xaa,0x06,0x07,},"\xeb\x5e\xd8\xab\x79\xcb\xfe\x61\xc2\x59\x81\xb9\xd1\xd6\xb7\x0f\x10\xb6\x01\x94\xb4\x16\x1f\xe1\x7d\x11\xaf\xf1\x76\x79\x94\xaa\x08\x13\xe9\xec\xe2\xf4\xc5\xd5\x31\xb9\x9e\x8a\xdf\x18\x88\xc3\x0a\x63\x89\x3e\xb4\x51\xaa\xf5\x5a\xcd\x5a\x52\xad\x8c\x40\x1f\xaa\x88\xd6\xea\xcf\x3e\x49\x47\x05\x66\x11\x4f\xd0\xc6\xa2\x74\xe9\x54\x48\x46\xb0\xae\x9b\xfa\x12\x4d\x79\x51\xeb\x26\x71\x5e\x19\x25\x3f\xf7\xed\xc8\xa7\x09\x65\x77\x6f\x23\xce\x46\x03\x1e\x03\x4a\x20\x07\x23\xba\x3d\x11\xe1\x1d\x35\x3d\x7e\x7c\xd8\x4a\xed\xe2\x67\xff\x64\xbe\xd4\x18\xcb\x9f\x28\xc6\x1c\xd0\xf6\x3b\x6c\xe2\xec\xae\x14\xb2\x0b\xc6\xbd\xae\xd8\xc4\x28\xba\xd1\x8b\xe4\xb7\xd6\x63\x38\x36\x4a\xcd\x80\x42\xa8\x25\x6f\x25\x8a\x69\x96\x9b\x8d\x3c\xa2\xea\xb3\xae\xa3\x70\x6e\x5f\x21\xc3\xb1\xef\xcc\x25\x4a\x82\x4b\xb4\xe7\xea\x7a\xba\x88\x27\xc8\xeb\x82\x78\x6c\x66\x5a\xa9\x73\x82\x19\x31\xff\x99\x0a\x63\xfd\x34\xa7\x4a\x6d\x8c\x22\xa8\x82\xb0\xb9\x35\x15\x2c\xcb\x36\xfc\xc7\x6f\x4e\xca\x65\xd6\x7c\x86\x80\x94\x2f\x75\xdf\xad\x07\x34\x39\xc0\x91\x60\x65\xe8\x38\x77\xf7\xba\x20\x93\x03\xf3\x35\x48\xd9\xe4\x0d\x4a\x6b"},
+{{0x8a,0x76,0xea,0xab,0x3a,0x21,0xec,0x5a,0x97,0x5c,0x8b,0x9e,0x19,0x7a,0x98,0x9e,0x8e,0x03,0x08,0x99,0xeb,0x45,0xd7,0x89,0x68,0xd0,0xfb,0x69,0x7b,0x92,0xe4,0x6d,},{0x2d,0x9c,0x81,0x3d,0x2d,0x81,0xe2,0x73,0x0b,0x0d,0x17,0xd8,0x51,0x2b,0xb8,0xb5,0xd3,0x3f,0x43,0x6c,0xab,0xaa,0x13,0xe1,0x41,0xca,0x1c,0xb7,0x85,0x01,0x43,0x44,},{0xfc,0xee,0xcc,0xa4,0xb0,0x14,0xfe,0xcd,0x90,0xb9,0x21,0xb0,0xfa,0x3b,0x15,0xae,0xaa,0x4e,0x62,0xca,0xa1,0xfb,0x22,0x72,0x9c,0x70,0x26,0x92,0x32,0xc3,0x3c,0xef,0x0d,0x0a,0xee,0xa6,0x64,0x32,0xc1,0x28,0xaf,0xb9,0xa3,0x64,0x6b,0xc7,0xf0,0x3a,0x12,0x77,0x4d,0xa8,0x75,0x83,0x98,0xc2,0xa0,0xdc,0xce,0x0b,0xbb,0xf6,0x74,0x0a,},"\xc6\xc7\x8f\x2e\x20\x80\x46\x1a\xed\x9f\x12\xb4\xf7\x7c\x98\x9b\x19\x71\x67\x80\xfa\xb6\x0e\x6e\xcb\x97\x93\xb4\xbc\x7e\xd6\x9e\x5f\x70\xfa\x6b\xdb\xa1\x6e\x9b\xd3\x19\x49\x69\xee\xa6\x66\x5a\xbf\xd6\x30\xde\xee\xfa\x3d\x71\x7b\x6d\x25\x4d\xd2\x4b\xc9\x7d\xde\x21\xf0\xf2\x9f\x9e\xd3\x4b\x8b\xd7\xa0\x13\x38\x0f\x4f\x82\xc9\x84\xfd\xbd\x95\xaf\x98\x05\xb7\x44\xbc\xd9\x52\xc5\xa7\x1f\xbb\x57\xd1\x1f\x41\x1c\x18\xcc\x30\xbc\x35\x94\xf7\xad\x82\x28\xcb\x60\x99\x39\x4a\x1b\x6b\x0a\x81\x85\x81\xbd\xf9\x3c\xce\x58\xf3\xa4\xa2\x3e\x55\xdb\x3e\x69\xca\x9d\x60\xcf\xb3\xa9\x07\xfb\x68\x32\x9e\x2f\xfb\x6c\x65\xf1\xe8\x28\xd2\x81\x27\x10\x9c\x9e\x9f\xb7\x01\x60\xf2\xef\x82\xa2\xee\x9f\x9b\xd1\x70\xc5\x1e\x13\xfd\x3f\xc1\x86\x6b\x22\xc7\x9f\xe6\xd5\x10\x12\x17\x97\x9d\xbe\x27\x24\xdc\xad\x8a\x9b\xc6\x9a\xcc\x42\xc1\x12\xdc\x69\x7b\xd2\x71\xee\xa5\x50\xe9\xe5\x04\x06\xbf\xd2\x82\x45\xb8\x3b\x8f\x01\x2d\x34\xdb\x6d\xbd\xd5\x5a\xe6\xe5\x75\x74\x5c\x15\x3d\x6e\x75\x34\x90\x10\x27\xea\xdc\x2f\xcc\x33\xa5\x28\x7d\xdb\xca\x6d\x3a\xea\xb8\x97\x22\x94\xdc\x6c\x71\x2b\x99\x42\x54\x72\x77\x34\x0e\x7a\xd1\x9e"},
+{{0x18,0xa8,0xf9,0x36,0x48,0xcd,0xcf,0x47,0x13,0x36,0x30,0xaf,0x1e,0x11,0xc0,0xce,0xea,0x3d,0xe0,0x73,0x27,0x31,0x4c,0x96,0x58,0x0d,0xf7,0x75,0x59,0x7d,0x7a,0x9c,},{0x29,0x12,0xf4,0x1a,0xb4,0xc8,0x7e,0x39,0x37,0xa0,0x33,0x31,0x80,0x2c,0xba,0x87,0x71,0x6b,0x4e,0xea,0x14,0xb9,0xfb,0xa6,0xf5,0x46,0xd0,0xac,0x2c,0x09,0x73,0xdf,},{0x3b,0x77,0x39,0x4c,0xd6,0x9f,0x8b,0x45,0xd0,0x0c,0xfe,0x3a,0x79,0xa7,0x90,0x06,0x28,0xa5,0x65,0x18,0xb3,0x79,0xed,0x8a,0x11,0x58,0x1f,0xc3,0xa3,0x76,0xe5,0xd6,0x68,0x07,0xdf,0x11,0xe7,0x09,0x04,0xf6,0x96,0xc7,0x41,0xd2,0x1d,0x13,0x93,0x10,0xfa,0x1b,0x89,0xa9,0x3b,0xdc,0x4d,0x2c,0x39,0x97,0x99,0x1f,0x52,0x20,0xee,0x00,},"\x59\x20\x93\xac\x7c\xd6\x71\xd6\x07\x0b\x00\x27\xed\xac\x1f\xb0\x15\xcc\x20\x5d\x78\xbb\x60\x3f\x37\x8e\xb9\xf8\xaa\x38\x8c\xa8\x30\xdb\x3c\xb2\x34\x20\xc7\xe8\x52\xdb\x0b\x55\x24\x1e\xb8\x8a\x02\xcc\x62\x7a\xa9\x41\x43\xbe\x43\x9a\xab\x4b\xf2\x63\x47\x57\x47\x04\x06\xe8\x42\xf2\x0e\xb1\x0f\x07\x00\xe3\xc2\xda\x36\x4f\x58\x8a\x80\x00\xf2\x38\x50\xc1\x2c\xe9\x76\xf3\x26\xd2\xdf\x1b\xac\x13\xe9\x50\x20\xb4\x12\xb1\x75\xbf\x74\xbd\x7e\xbb\xac\xf3\xae\x55\xc0\xda\xeb\xb5\xc0\x10\xbf\x80\x4f\xee\xe1\xd7\xd4\x9f\xae\x05\x0b\xea\x55\x99\x6f\x53\xcf\xe1\xf1\x5a\x0c\xf2\x07\x27\xdb\x4e\xe3\x11\xc2\x60\xba\xd9\x68\x2d\x7b\x96\x5e\x27\xa9\x49\x1f\x47\x1d\x4a\x47\x3a\xff\x64\x6c\x7d\x42\x4d\x5a\x0b\xdc\xbb\x8a\x02\x33\xf4\xb3\x06\x0d\xd0\x4c\x98\xec\x98\xdf\xd0\x5e\xc7\x24\x78\x84\xe2\xd8\xe1\x52\xd4\xae\x52\xb3\xd5\x86\x5d\x9e\xfd\x67\x06\xa6\x0e\x08\x8e\x1e\x7c\x9f\x62\x45\x10\xab\xc7\xa2\x04\x5a\x2c\x7a\x75\x88\xe2\x53\x5e\x73\x19\x1d\xd5\xcf\x05\x42\x15\x63\xf5\x56\xa1\x3e\x82\x36\x67\x03\x43\xcd\x5b\xa4\xd4\x66\xe2\x45\xc4\xee\x3b\x5a\x41\xe7\x0c\x9a\x0f\x5e\x6e\xa2\xc5\x59\xeb\xe6\x1b\xa8\x1e"},
+{{0x20,0x6c,0xd2,0xb8,0x11,0x4a,0xae,0x18,0x8d,0x81,0x86,0x2c,0xce,0xc4,0xcb,0x92,0xc4,0xef,0x5f,0xc7,0x8c,0x24,0x43,0x5a,0x19,0xf9,0xed,0x9b,0x8a,0x22,0xf4,0x7e,},{0x97,0xa6,0x7a,0xc2,0x81,0x1f,0x52,0x94,0x56,0xdf,0x53,0x27,0x37,0xd7,0x6b,0xed,0x7e,0x38,0x7d,0xa8,0x3b,0xd5,0x54,0x59,0x37,0x2f,0xdf,0xb2,0x7f,0xfa,0xcf,0xf3,},{0x73,0xa4,0x0d,0x9d,0xa0,0x8f,0xb9,0x8e,0xa2,0x5b,0x67,0xe7,0x21,0x55,0x7a,0x1a,0x51,0x22,0x52,0x94,0xd3,0x16,0xb5,0x31,0x49,0xaf,0x89,0x5f,0xa4,0xd6,0x3c,0xb4,0xa3,0xf5,0x6f,0x68,0x85,0x66,0xef,0x6d,0xa4,0x2f,0xd2,0x94,0x1d,0xff,0xa0,0x6d,0x49,0x7a,0xa9,0x02,0x16,0x5d,0x50,0x21,0x3a,0x62,0x14,0x11,0x62,0x99,0xa9,0x0c,},"\x48\x0c\x48\x00\xf6\x8c\x79\xf5\xdf\xc0\xc3\x66\x6c\x0a\xc4\x29\xb3\x0f\xe0\xc5\xfe\x84\x87\x50\xdb\x21\x71\x38\x0b\x80\xc8\xe9\xfe\xc0\xa0\x54\xb1\x6d\x08\x67\x4c\xef\xe2\xf6\x4e\xc2\x8b\xb6\xb0\x59\x6b\x35\x23\x55\x75\xf1\x89\xbe\xe2\x59\xac\xa7\x66\xc2\x22\xac\x0a\x46\xcf\x2a\xf7\x57\x74\xda\x4e\x34\xa0\xb5\x4f\xc2\xac\x49\xec\x8b\xed\xf4\x88\x7c\xd9\xb7\xbe\x4f\xdb\x7f\x68\x69\x02\xdd\xfa\xb0\x46\x27\xe2\x6e\xa2\xdc\x3d\x97\xd6\x2a\x4b\x15\x46\x18\x02\x18\xed\x8f\xa1\x13\x33\x48\x19\xb5\x27\x5c\xc5\x4a\xfd\xee\x44\x30\x90\x08\x59\x65\x07\x97\x16\x75\xe6\xd8\xb8\xa8\xed\xec\x47\x18\xf2\xd4\xbd\x73\x52\x13\xcb\xbd\x18\x79\x1f\xaa\x80\x54\x17\x49\x07\xa7\xac\x17\xd7\x14\x3a\x47\x57\xe4\x93\xbe\xee\xc4\x84\x9d\x0b\x83\x6f\x18\xbb\x2b\x3c\x90\x16\xf2\x5a\xf4\x7f\xb9\x61\x99\x25\x17\x20\x54\x9f\x15\xd1\x49\x50\x3d\x41\x09\x5e\x25\xf2\x62\x09\xda\xac\x39\x15\x44\x85\xc3\xde\xd7\xcb\x1a\x8c\x3e\x83\xa5\x2f\x5a\x06\xec\x09\xcf\x83\xdf\x00\x72\x6b\x79\x68\xf6\x4c\x0c\xba\xe2\x99\x51\x2f\xb4\x38\x56\x0f\x04\xb3\xb6\x44\x34\x6f\x93\x8a\xc8\xe9\x04\x86\x61\x4c\xd8\x44\xb5\x4e\xae\x07\x8b\xf6\x78\xb3"},
+{{0x59,0xb1,0x44,0xa7,0x08,0xab,0xec,0x97,0x27,0x29,0xa0,0x4a,0x6c,0x13,0xf0,0xea,0x02,0x0b,0x4e,0xd4,0xa4,0x82,0x98,0x02,0x3a,0x56,0x89,0x58,0xc2,0x12,0x15,0xec,},{0xc4,0xf4,0x72,0x00,0x92,0xed,0x61,0x79,0xa0,0x82,0xae,0x4d,0x61,0x45,0xdf,0x37,0x71,0x78,0x6e,0xfc,0xa9,0xbd,0x9b,0xb7,0x9c,0x9f,0x66,0x67,0xd2,0xcb,0x56,0xb3,},{0x1a,0x80,0x85,0x0f,0xcb,0xd6,0xe6,0x43,0xc6,0xba,0x8e,0xb6,0x84,0xdb,0xef,0x7d,0xf0,0x15,0x15,0x92,0x28,0xda,0xed,0xcf,0x06,0x04,0x70,0x91,0x86,0x05,0x4d,0xb1,0x85,0xaa,0x7b,0xaa,0xcb,0x09,0xd6,0xca,0xad,0x01,0x63,0x8e,0xff,0x8e,0x46,0x87,0x35,0xa6,0x01,0x24,0xde,0x0c,0x53,0x76,0xe9,0x43,0x40,0xe5,0x41,0xa9,0x80,0x07,},"\x38\x57\xbd\x26\x0b\x8a\xad\x9d\x07\x3f\x06\x76\x5d\x37\xfe\x89\x3a\x3f\x53\xe2\x3d\xe8\x66\xdd\xac\x33\x49\x5a\x39\xad\x33\xee\x9e\x9d\x5c\x22\x50\x2b\xc1\xc4\xb5\x47\x0d\x0e\x3f\x3a\x58\x52\x23\xfe\x4c\xb9\x3c\xc4\xad\x2b\x5b\xa6\xd7\x88\x26\xa5\x3f\xc0\x25\x3d\xc5\x80\xa2\x01\x8c\xc9\xff\x1c\xfe\xdb\xd3\xac\x0b\x53\x29\x2d\xee\xfb\xc1\x4e\x58\x9a\xcf\x49\x6c\xb5\xf7\x67\x01\x30\xfd\xbb\x6c\xf3\x8d\x20\x89\x53\xc0\x15\xa0\x47\x46\x75\xb7\x24\xbd\x10\x9f\x7c\xb8\x9c\x33\x01\x67\x51\xfe\x7a\xa7\x85\xd0\x99\xd0\x9a\xb2\x0d\xd5\x25\x8c\xd7\x64\xac\x8d\xaf\x34\x3c\xe4\x79\x0e\xad\x08\x63\xaf\x43\x12\x1a\xa5\x27\xa3\x7a\x11\x62\x8f\x47\x86\x96\x68\xf8\xea\xc0\x0d\x80\xb6\xbf\x99\x06\x66\x3d\x7a\x28\x99\xc1\xcb\x67\x8c\xd7\xb3\xeb\x3b\xc8\x02\x26\xb8\xb1\x3b\x6e\x46\x87\x7f\x38\xf0\x7c\x3d\x9c\x86\xd3\x36\x8b\xaa\xc4\xa6\xf6\xb9\x3c\xce\xbc\xec\x98\x11\x47\x4b\x6a\x6a\x4d\xa5\xc3\xa5\x96\x65\x71\xee\xd0\x5e\xdc\xc0\xe3\xfe\x7c\xd1\x59\x15\xc9\x1f\x44\xee\xe8\xc1\x49\xae\x45\x1f\x37\x55\x18\xa7\x9f\xb6\x00\xa9\x71\xa3\x9b\x94\x33\xdf\xa1\x9f\x91\x93\x1b\x19\x32\x27\x57\x47\xc2\x62\xee\xdc\xbd\x27\xf1"},
+{{0x8d,0x16,0x21,0xee,0xab,0x83,0x27,0x0d,0xe8,0x57,0x33,0x5c,0x66,0x5b,0xbf,0x57,0x26,0xe3,0x72,0x22,0x25,0xfd,0x01,0x6e,0x23,0xbf,0x90,0xab,0x47,0xae,0xec,0x3d,},{0xbe,0xcd,0xbc,0x02,0x4d,0xae,0x6a,0x94,0xed,0x4e,0x29,0xc8,0x0f,0x2a,0xff,0x79,0x6a,0xed,0x8f,0xeb,0x2c,0x1b,0x37,0x90,0xa8,0xc7,0x2d,0x7b,0x04,0x8a,0x2c,0x61,},{0xe0,0x8d,0x6c,0xaa,0x5f,0x39,0x32,0x7d,0x6e,0x66,0x52,0xed,0x74,0xdd,0x1a,0x37,0x84,0x4b,0x97,0x9f,0x5c,0xce,0x74,0x7a,0x60,0x6f,0x56,0x79,0xf4,0x89,0x8b,0xbb,0x76,0x43,0xdf,0x7e,0x93,0x1b,0x54,0xa2,0xb4,0x0e,0xbd,0xef,0xe8,0x30,0x03,0xf6,0x1c,0xa0,0xf1,0x11,0x12,0xf0,0x23,0xc6,0xa3,0xe8,0xcc,0x18,0xca,0xfe,0x5f,0x0d,},"\x97\xfa\xcd\xdc\x82\xcc\xcc\xcf\x78\x8c\x31\xb3\x30\x5e\x93\xeb\xa9\x56\xf8\x96\x13\xe6\xe5\x35\x42\xb0\x43\x26\x7f\xee\x54\x4c\x2b\x0a\x8a\xe8\x88\x6a\x31\xb9\xd3\x21\xa6\x3c\x27\x62\x3b\xae\xfe\xa8\x40\xb2\xa8\xaf\x5b\x23\x30\x19\x3f\xfb\x5b\xaf\x87\x3c\x33\x55\x28\xaf\xea\xe2\x16\x01\x63\xc8\x51\xc5\xa2\xe5\x81\x54\xa1\xb0\x56\x9c\x2d\x13\x66\xc0\x71\x04\x37\x62\x3b\x0e\x08\xc6\x86\xe5\x4f\xc2\x79\xed\x4c\x45\xf3\xe8\x56\x86\x83\x75\xf7\x82\x24\xc7\x77\xb1\x3d\x75\xde\x10\xd7\x91\x73\x55\x24\x25\xd1\x5a\x56\x19\x04\x15\x5f\x21\x17\xb2\xf1\x47\x13\xeb\x0b\x04\x64\x8a\x3b\xde\xb3\x30\x21\x67\xd1\x97\x3e\x78\x8a\x06\xcb\x00\xd4\x8c\xcb\x26\x9f\xa7\x1a\xf8\xba\x68\xea\xe5\x5d\xbb\xfd\x95\x94\xd5\xc2\xb4\xdc\x13\xae\x03\x21\x71\x85\x61\xac\xdf\x67\xdc\x8c\xfc\xc2\x5b\xc4\x6b\xb6\x6e\x09\x6a\x19\x41\xd9\x33\x52\x07\xd3\xf7\xd1\x1e\x89\x04\x90\x4f\xab\xe3\xa5\x0a\x38\x83\xe7\x07\x80\x47\xdf\x25\x2f\x38\xb6\x7c\xd2\x8a\x6a\xc4\x5c\x7d\x7a\x1d\x2a\x1d\xe8\xd4\x57\x47\xcf\x09\x30\x1e\x01\xcd\xaf\xd0\xcd\x99\xa6\xe9\x1b\x70\x4d\x50\x9f\xce\x69\x2f\xbd\xef\x2f\x71\xa5\xce\x0b\x35\xbc\x15\xc6\x5f\x87\x68\x24"},
+{{0xf2,0x73,0x5d,0x50,0xee,0x3a,0x9a,0x65,0xb5,0x8c,0x8a,0xcf,0x55,0x16,0x63,0xe9,0x88,0x09,0xec,0x40,0x6f,0x73,0xe3,0xe7,0xf4,0xe7,0x3b,0xc4,0xea,0x92,0x38,0x74,},{0xdf,0x48,0xa5,0xb9,0x4a,0x07,0xaf,0x3c,0x2c,0x99,0xb8,0x38,0x87,0x62,0x24,0x32,0x33,0xc8,0x50,0xdc,0x17,0x53,0x17,0xd6,0x02,0x63,0x8e,0x5b,0x86,0xab,0x49,0xed,},{0x69,0x42,0xa7,0x69,0x64,0x17,0xef,0xaa,0x59,0x1b,0x95,0xe1,0x1f,0x02,0xd7,0x63,0xbe,0xf5,0x27,0x9b,0x93,0x2a,0x8e,0x2a,0x7c,0xbb,0x9f,0x58,0x36,0x95,0xc1,0x4c,0xe5,0xcc,0x55,0x6b,0xec,0x66,0x79,0x9b,0x33,0xcb,0x59,0x2d,0xa4,0xdf,0x27,0x35,0xf9,0xee,0xf2,0xc3,0xce,0xca,0x43,0x62,0x16,0x4b,0x6c,0xc9,0x3d,0xa4,0xe1,0x05,},"\xae\x31\xe9\x4e\x71\x97\xe4\xe4\xd0\x23\x93\x48\x02\x5e\xd6\x68\x1e\x51\x3c\xe1\xa6\xe0\xaa\x0e\x5b\x97\x93\x73\x91\x21\x50\xef\x11\x3e\x50\xef\x05\x69\xc4\x83\xf7\x56\x8c\x4b\xbc\x47\x03\xc5\xda\xca\xa8\x0a\x0d\xe4\xe7\x38\x38\x3f\xa1\xf1\x0d\x6d\x40\x71\xa3\x1b\x99\xe6\x48\x51\x43\x97\x23\x16\xc8\x65\x22\xe3\x7c\x68\x87\xa1\xc3\x07\xb2\x9b\x0d\xd6\xf9\xf1\xb4\x38\x31\x0a\xf9\xd8\xd7\x34\x6f\xb4\x1f\x9b\x2d\xd2\xe8\x0b\x14\xc4\x5e\xb8\x7d\x4e\xd4\x8e\x37\xa5\x26\x0b\x52\x25\x7b\x3e\x99\x78\x7a\x13\xc5\x53\x92\xba\x93\x0c\x08\xe0\x24\x0e\x96\x0d\xef\x0c\x29\xb8\x55\x07\x45\xcf\x14\x9d\xee\x53\xa5\xd1\x74\xec\x06\x5d\x2d\x66\x77\xde\xe1\xfc\x42\x05\x70\x62\xc3\x4e\x27\xea\x5d\xbc\xdb\x86\x1b\x9f\x67\x0c\x60\x32\xc7\x84\x6c\xec\x8e\x87\xa7\xc9\x52\x0e\x27\x96\x7b\x01\x86\xee\x71\xb7\x7e\xd6\xd0\x29\xbb\xdd\x70\x94\x9c\xec\x4a\x70\x93\x29\xfa\x37\xfe\xe0\x02\x49\x0c\xc1\xbc\x4c\x2d\xf6\xf7\x63\xf9\x85\x8f\x33\xd7\x50\xc5\xb5\x05\xa6\x7e\x23\x70\x63\xc0\x48\x6f\x94\x56\xd3\xc6\x20\xd9\xac\x7c\x98\xf1\x38\x1d\xe0\xef\xfe\x41\xc1\x82\x59\x50\x4a\x15\x0d\x68\xa6\xa2\x8b\x0a\x3e\xea\x80\x3b\x85\x53\x15\xc9\xe0"},
+{{0xca,0xd9,0xd2,0x1a,0x01,0xc7,0xe1,0xd1,0x5d,0xf2,0xfb,0xd7,0x9c,0x51,0x6e,0xb8,0xc3,0x40,0x1e,0x9f,0xe2,0x84,0x67,0xcc,0x7b,0x21,0x67,0x9d,0x4e,0x33,0x1a,0x3d,},{0xa7,0xb5,0x5c,0x15,0xd6,0x79,0x0b,0x40,0x53,0x6f,0xca,0xe5,0xad,0x28,0x92,0xcd,0x66,0xb1,0x86,0x89,0xf4,0x99,0xc1,0xfd,0xee,0xa6,0x6d,0x4a,0x7d,0xf3,0x94,0x24,},{0x31,0x92,0x7d,0x01,0xdb,0x9f,0x24,0x72,0xf4,0xdf,0x6f,0x63,0xc1,0x8e,0xbd,0x83,0xc2,0xb1,0xaa,0xf8,0x8d,0x58,0x0e,0x84,0x88,0x54,0xdf,0x8c,0xba,0x63,0x95,0xd3,0xda,0x7b,0xd6,0xbb,0x9e,0xdc,0x1f,0xce,0x1c,0x7d,0x7e,0x13,0x60,0x55,0x8f,0xcd,0xdf,0xa9,0x39,0x15,0xbe,0x07,0x6e,0xfb,0x8e,0xa2,0xdc,0x5e,0xa7,0xb2,0x0d,0x0a,},"\x70\x70\x2b\xf1\x9c\x91\x9f\x98\x36\xde\xfd\x7b\x84\x6f\xd9\x99\x2d\x8b\x7e\xb2\xe1\x06\xae\xb7\x1e\x60\xa3\x1b\x4e\xa2\x5a\x41\xb2\x12\xdc\x7d\xe7\xc9\x1c\xbd\x61\x3d\x58\xd0\x59\x5d\xb8\x33\xcf\xe7\xe5\x05\x84\xf2\x55\x69\x60\x2c\x77\x44\xfa\x67\x5d\x15\x6d\x0f\x63\xcd\x2b\x7c\x08\x9c\x8a\x00\x68\x6a\x43\x71\x69\x82\x6a\x12\xdc\x48\x5b\x38\xc0\x68\xa8\x00\x71\x42\xe5\x16\x37\x47\x01\x1a\x07\xa4\x15\x68\x36\x22\xab\x1e\x23\xce\x57\x7c\x73\x2b\xa1\x4f\x40\x1f\xbc\x30\x43\xe0\x69\x3a\x92\x05\xc1\x9a\x92\x29\x8a\x3d\x9b\x08\xfb\x7a\xfa\xfa\xe0\xa9\xf0\x16\xbc\x75\x0e\xe6\x31\xa5\xf5\xda\x5d\xb6\xf9\xba\x26\x92\xc7\x4c\xaa\xae\xb4\xd0\x97\xe9\x0e\x3c\x02\xd2\xe3\xa7\xfb\x3a\xa0\x00\x04\x0b\x7c\x17\xb7\x45\x64\xe6\x46\xbe\xa1\x6b\xad\x61\x1e\xbc\x08\x59\xa3\x82\x88\x04\xab\x4f\x5c\xfb\xa4\x17\xd2\x54\x51\x5c\xa3\x62\x0a\x3a\xd6\x83\xc4\x6c\xa6\x26\x7b\xb4\x95\x39\xbb\x30\xe3\x69\x08\x7e\x67\x43\x8e\x94\x89\x56\x27\x50\xdc\xcb\xa3\xaa\x0b\x1b\x0a\x6c\x26\x70\x32\xd2\x0c\x2a\xdb\x75\xe6\x8d\xf1\x12\x3b\x52\x59\xbf\xe4\xea\xc6\xca\xdc\xa6\x77\x81\x38\xa3\x73\x18\xad\xb3\x0e\x8d\x66\x9f\x3b\xc9\x69\x2c\xc7\x4b\x68"},
+{{0xd9,0xbe,0x84,0x22,0x55,0xe9,0xa1,0x6b,0x0a,0x51,0xa8,0x67,0x42,0x18,0xce,0xe7,0xcd,0x9a,0x8b,0xdf,0x34,0x35,0x08,0x39,0x7f,0x4d,0xdb,0x05,0xf3,0xfa,0x00,0x82,},{0x79,0x31,0xbc,0x6d,0xfa,0x33,0x24,0x94,0x3a,0xab,0x18,0x3d,0x12,0x85,0x51,0x59,0x19,0x39,0x9f,0xfe,0x0b,0x71,0x06,0x77,0xf0,0x91,0x5d,0x3a,0x5b,0xe5,0x1e,0x92,},{0xc9,0x38,0x45,0x65,0x8c,0x95,0x60,0xd2,0xc0,0xe2,0x8f,0x28,0x2a,0xdb,0xd4,0x65,0x2b,0xaf,0xd3,0xbb,0x2e,0xde,0xc1,0x7c,0x94,0x87,0x8f,0x7b,0x94,0xd3,0xc7,0x7a,0xfe,0xc9,0x06,0xed,0x29,0x2a,0x8d,0xfb,0xf5,0xf8,0xe7,0xc1,0x18,0xe8,0xf2,0xca,0x33,0xdd,0xa7,0x90,0x9d,0x9b,0x69,0x5b,0x8f,0xf5,0xa1,0xc0,0xe9,0x7a,0xc8,0x07,},"\xac\x6c\x55\xb1\x34\x66\x3e\x41\xf0\x2a\x6d\xcb\x85\x49\xea\xa1\xc0\x13\xf5\x96\x58\xd8\x1d\x81\x2f\x95\xb7\x40\x09\x51\x37\x23\x67\x19\x45\xe1\x32\x4f\x90\xf8\xa3\xf9\x71\x36\x91\x81\xb5\x87\xba\xb4\x56\x65\xf7\x88\xd6\x63\xab\x78\x14\x0c\x5a\x22\xc1\xc1\x8d\x4a\xfe\xdc\x74\x48\xa7\x48\xaf\xe5\xbf\x23\x87\x00\x3c\x1d\x65\xab\x18\x48\x2e\xf9\x89\x22\xb4\x70\xda\x80\xad\x14\xc9\x44\x95\x1c\xe4\xae\xd3\x73\x90\xcc\xe7\x9a\x8e\x01\xb2\x4c\x7d\xfc\x11\x41\xc0\xec\xa2\xc7\xf7\x73\xed\x4b\x11\x80\x6a\x34\x61\x55\x13\x48\x6e\x4e\xe1\x1a\xf0\x80\x78\xa1\xb4\x05\x4c\xf9\x88\x02\x98\x60\x8d\xd9\xb3\xfa\xa1\xa2\x42\xa4\x52\xfe\x51\x16\x04\xb3\x10\x2c\x31\x3d\x14\xcc\x27\xc6\xf0\xf8\x47\x1d\x94\x55\x53\x17\xea\xa2\x64\xcd\xf5\x2c\x69\xe1\x8f\x46\x1e\x47\x90\x3d\x21\x29\x87\x16\xb1\x72\xee\x9c\xb1\x78\xf0\x8f\xf2\xd3\xc9\xc1\x62\x12\x1c\x2e\xd2\x1d\x87\x34\xb2\xf0\x63\x0d\x39\x91\x46\xcb\xf7\x6e\x02\x8a\x14\x3f\x2b\xf7\xbb\x50\xaf\x0f\x57\xb9\xba\x80\x21\xd2\x64\xb0\x0c\x66\x62\xf8\x4c\x86\xcb\x6d\x59\x52\xb3\xd2\x41\xf7\xdc\x3e\x70\x0c\x96\x61\x6c\xbc\xfb\x0d\x0e\x75\x3f\xfd\x5d\x21\xee\x32\x0e\x65\xe9\x7e\x25\xcb\x86\x09"},
+{{0xcf,0xc4,0x8c,0xc6,0xf6,0x58,0x11,0xfe,0x7d,0x7b,0xba,0x85,0xd1,0xcd,0x84,0x85,0x8f,0xd6,0xf7,0xed,0xd6,0x38,0xf4,0xf5,0x52,0x36,0x3e,0xe7,0x68,0x5f,0x69,0xca,},{0xd2,0x9c,0x10,0x69,0x4c,0x5e,0x8e,0x3f,0x34,0x47,0xed,0x78,0xd3,0x4d,0xbd,0x74,0xa2,0xb3,0x01,0x37,0x3b,0xa8,0x71,0xb5,0x85,0x0c,0x33,0x3d,0xff,0x7b,0xf8,0xd0,},{0x80,0xc5,0xd5,0x1e,0x96,0xd1,0xca,0xc8,0xef,0xd3,0x45,0x98,0x25,0xe7,0x9c,0x1e,0x9f,0x65,0xaf,0x70,0x1d,0x1d,0x29,0xe1,0xf9,0x5b,0x03,0x67,0x07,0x11,0x3b,0x77,0x98,0x4b,0x7b,0x33,0x50,0xf0,0x40,0x77,0x33,0x3c,0x95,0x7f,0x8f,0xbc,0x7d,0x9b,0x04,0x0c,0x36,0x26,0x51,0x41,0x7b,0x98,0x99,0x02,0x7c,0xd3,0x3e,0xdb,0x11,0x03,},"\x8e\x7d\xef\xb9\xd1\x6d\x03\x6b\xd6\x42\xcf\x22\x6e\x32\x77\x3e\x60\x53\x61\xc5\xec\x4b\x95\x12\x55\x78\x8d\xb0\xa0\x42\xc6\x3e\x5a\x43\x67\xd6\x15\x24\xf1\x0e\x62\x58\x99\x13\x25\xa3\x9a\xb6\xb0\x36\x12\x26\x0c\x3f\xe3\xdf\x20\xb3\x42\x02\xd3\x43\x95\xbd\x4e\xd4\x0b\xd6\x13\x73\xdf\x78\x1a\x4c\x8b\xcf\xbd\x15\x30\x10\x60\xf0\x74\x37\x73\x23\x33\xd8\xe4\x97\x36\x32\x2d\xee\x6b\x22\x43\x8e\x78\x7d\x88\x56\xb7\x0c\x26\xec\x57\xd6\xda\xde\x9c\x3c\x28\xe2\x72\x20\xc5\x67\x0e\x39\x35\x44\xed\x09\x59\x37\x29\x8d\xc3\xad\xc7\x38\x65\xf7\x77\xe9\x00\x37\xbd\xef\x83\x47\x16\x47\x6d\x78\xf4\xe6\xcb\x49\x61\xa4\xc6\x8a\x8a\x83\x63\x38\xa9\xf5\xda\x17\x9c\x4d\x5e\x93\xc3\xf7\x0d\xd3\x5e\xec\x70\x96\x53\xdd\x8d\xe3\x79\x96\xb1\x20\x56\xd4\xee\xfc\xb4\xb6\xb3\xc1\x3b\xa9\x84\xd8\x32\x27\x5c\x43\x86\xeb\xf4\xa8\xff\x7f\x07\x8b\xe3\xd4\x28\xc1\xe0\xd9\xb1\x62\x38\x1f\x06\xa5\xb7\xbb\x12\x70\x40\x03\xd9\x1f\x25\xd1\xd8\xfd\x43\x62\x6c\xe7\x0f\xff\x59\xd2\x92\x77\x68\xa7\x6b\xf7\xf9\xef\x76\xff\x95\x48\x9f\x38\xed\xcd\x1c\x9e\x9b\x8a\x8b\x0e\xf6\x6c\x32\x80\x57\x76\xd5\xae\x9f\xbd\x84\xa7\xaf\x4f\xa6\x56\x3e\xc7\x0a\xc5\x73\x3a\x44"},
+{{0x15,0xc9,0xf7,0xc4,0xd8,0x4a,0x5a,0x47,0x90,0x41,0x95,0x2e,0x6a,0x8c,0xac,0x24,0xe7,0x6f,0xd2,0xd2,0x75,0xc1,0x97,0xe6,0xb5,0x21,0x92,0x9b,0x43,0xba,0x6c,0x5d,},{0x86,0x33,0xc1,0x82,0x9d,0x29,0x09,0x1d,0xf7,0x1f,0xd5,0xc0,0xef,0x64,0x05,0x72,0xe4,0xb6,0x49,0x74,0xcd,0x09,0x7d,0xbe,0xbb,0xcd,0xde,0xba,0x04,0x16,0x47,0xc0,},{0x1e,0x36,0xbe,0xa5,0xa5,0x83,0x76,0x7e,0xbd,0x80,0x30,0x6c,0xab,0x23,0x31,0x55,0xb7,0xb4,0x28,0x14,0xb4,0x34,0x73,0xcf,0x45,0xcd,0xc5,0x03,0x9c,0x93,0x97,0x44,0xa9,0x69,0x4b,0x87,0x22,0x0d,0xaf,0x4c,0xcd,0x29,0xf2,0x5c,0xea,0x40,0x5e,0x7c,0x08,0xdb,0x2e,0xf1,0x7f,0x3f,0x03,0x4d,0xbb,0x49,0xcf,0xf6,0x02,0x83,0xe3,0x06,},"\x11\x73\x0d\xd4\x5d\xda\x80\xd8\x4d\x08\x0d\x92\xe9\xbd\xda\xee\xa6\x87\x8e\x4a\x0b\x3b\x51\x2d\x9e\xa7\x33\x80\x8e\x1c\xef\x51\xd4\x90\x48\xd6\xc7\x81\x16\xa4\xbd\xe3\xc6\x4a\xce\xaa\x52\xbe\xca\x86\xb3\x31\xab\x59\xe9\x18\x5c\x70\x28\x6a\x02\xbb\x5d\xd0\x4f\x5c\x7f\x4e\x9c\x7e\x44\x5e\x77\x45\x85\x65\xf1\x59\xc7\x83\xdf\xd4\xd9\x76\xa9\x10\xe9\x37\x78\x9d\x21\x41\xd4\x16\xed\x3a\x7f\x60\x8d\x26\x73\x7a\x86\xb2\x0b\x62\x4e\x3c\x36\xaf\x18\xd2\x5c\x7d\x59\xb8\xd7\x42\x7e\xc6\xc4\xd3\xd4\x38\xd7\xae\x09\x49\xdd\x7d\x74\x8c\x1f\xfd\x6f\x28\xe8\x28\x5d\x44\x04\x22\xd2\x2a\x37\x61\x20\x2e\x95\x84\xf5\xcd\xb3\x50\x45\x47\xaa\x4b\x68\x57\x30\xc9\x82\xcb\xa2\x13\xde\x08\x02\x0a\x5e\x4e\x46\xa9\x5f\xac\x4b\x48\x1b\xea\x0b\x63\x0a\xbd\x03\x0d\xdd\x33\x5a\x20\xfe\x2c\xf7\x09\x4a\xef\x48\x13\x95\x69\x91\x91\x3c\x68\x21\xf4\xb5\x41\x0d\xf4\xf1\x33\xfe\x63\xe2\x2c\x08\x09\x2a\x0a\x65\x97\x27\x22\xa2\x7a\xe4\x20\x11\xa8\x07\xc3\x27\xb4\x17\x23\x7c\x54\x01\x14\xee\xcb\x9f\x0e\x96\xcd\xa5\xdc\xf0\x24\x6f\x1d\x27\x17\xf4\x9b\x9c\xea\x9d\xc6\xa3\xda\x9b\x39\x6f\x02\x70\x52\x92\x26\xf5\xdc\xba\x64\x99\x91\x8a\x6c\x28\x9f\xe0\x55\xfe\xc8"},
+{{0x6d,0x2d,0x0d,0x82,0x3f,0x29,0x47,0x46,0xb9,0xa5,0x51,0x2e,0x14,0xe7,0x3c,0x1d,0x85,0x5b,0x5e,0x4b,0xca,0x65,0xfe,0x81,0x77,0x29,0x81,0x0c,0xc5,0xef,0x84,0x0d,},{0x1b,0x64,0x80,0xa6,0xa9,0x0d,0xfb,0x47,0x29,0x84,0x85,0x5c,0xef,0x6f,0x1a,0xb3,0x1e,0xb7,0xb3,0xf1,0x3c,0x8a,0xc0,0x0f,0xa5,0x56,0xd2,0x0b,0x53,0xe5,0xae,0x17,},{0xb5,0x15,0xf4,0x9e,0xb3,0x2a,0xd4,0x78,0x69,0x2d,0xf8,0x8f,0x07,0xb7,0x80,0x2c,0x6e,0x0e,0x53,0x27,0xaa,0x08,0xa6,0x36,0x6e,0x4c,0xb1,0xd1,0xe2,0x6f,0x9e,0x65,0xfc,0x81,0xab,0xeb,0xe2,0x21,0x5d,0x64,0x91,0x00,0xf2,0x75,0x98,0x27,0x3a,0x41,0x2b,0x62,0x4e,0x84,0x2d,0x81,0x30,0x40,0x37,0x97,0xe5,0x7d,0xec,0x97,0x5a,0x0a,},"\x87\x72\x72\x1f\x72\xea\xf7\xf7\x30\x40\xc0\x68\xa7\xc3\x75\x3b\xff\xca\x7d\xc2\xd0\x93\x0c\x65\x25\xf4\x25\xe6\x00\x5c\x25\xcd\x4c\x0f\xf5\x09\x5c\x9c\x61\xa5\xd8\xa1\x96\x7b\x8c\x86\x01\x0c\x88\x4e\x50\x9e\x6b\x16\x70\xf7\x90\x46\xe2\x29\x79\xeb\xd3\x54\x73\x40\x90\xd3\xad\xa2\x14\x35\xc1\xf8\x25\x4f\x7b\x52\x22\xcd\x55\x64\xf0\x64\xe9\x77\x64\x03\x66\x44\x9f\x4e\x50\x08\xf8\x70\xf9\xc4\x84\x05\x65\xbf\x4f\xb5\xf5\x74\xc9\x77\x4b\xa2\x56\x8e\x71\xa9\xcc\xd8\x2f\xfc\x59\xb6\x94\xf2\x6e\x7d\xe4\xce\x2e\x3f\xd8\x80\xa0\xee\xf3\x87\x93\x13\x33\xed\xe0\x0d\xcb\x06\x5e\x6d\x0f\x79\x59\x1a\x2a\xa9\x56\xdf\x19\x48\xa2\x65\xcb\x95\x75\x0d\x8a\x23\x3b\x15\xc2\x88\xa0\x54\x87\xc5\x15\x66\x3f\x93\xe7\x40\xfb\x15\x70\xfb\xe4\xbd\x80\xc6\x8e\x8d\x92\x97\x34\x5a\x8a\x01\xcd\xbd\x88\xf4\xa3\x9b\xed\x9c\x5e\xf0\x9f\x14\x4b\xce\x5d\xe5\x68\xbf\x37\x33\xbc\x53\xb2\x03\x9a\x29\xcb\x3e\x19\x45\x01\xad\xc1\xc1\x0e\x86\x38\x3a\xac\x8b\x0f\x85\xc6\x7a\x66\x89\xbb\xe1\x47\x0a\x39\x24\x76\x31\x34\x39\xca\x88\xd9\x8c\x02\x1c\x0e\xae\xc2\x5f\xb2\xf9\xa1\x60\xce\x5c\x78\x61\x70\xbe\x02\x38\xfb\x87\x85\xdd\x33\xbf\xa9\x05\x9a\x6c\x37\x02\xd0\xde\x05"},
+{{0xc0,0xcf,0x79,0x9a,0xf7,0x39,0x5b,0xf2,0x7b,0xaf,0xa3,0x6c,0xab,0x43,0x70,0x45,0xe3,0x9c,0x90,0x3b,0xf8,0x07,0x54,0x83,0x19,0xce,0x44,0xf2,0x87,0x49,0x4f,0xbb,},{0xaf,0xbf,0x55,0x0c,0xa2,0x90,0xc9,0x05,0xbd,0xd9,0x2f,0xc8,0x83,0x1e,0xbe,0x3d,0xfe,0xb6,0xda,0xae,0x4f,0x56,0x00,0x52,0x53,0xcc,0x50,0x95,0x1e,0x50,0xed,0xc2,},{0x5b,0xba,0x01,0xa4,0xc7,0xb2,0x55,0x42,0xd0,0x69,0x12,0xde,0x70,0xaa,0x1e,0x22,0x04,0x23,0xfd,0xf8,0x33,0x8a,0x9e,0x69,0x33,0x95,0xcb,0x6f,0x0d,0xc1,0xfb,0xfd,0x01,0x8e,0x3c,0x77,0xe5,0x0a,0xef,0x90,0xa9,0x08,0x0f,0x30,0xf1,0xf5,0x79,0x2b,0x24,0x31,0x07,0x8f,0xe6,0xe3,0xe0,0x04,0x64,0x24,0x5e,0x17,0xcd,0x8d,0xc1,0x07,},"\xdb\xe6\x57\x80\xe9\x68\xde\x9e\x40\xff\xb5\x7c\xf5\x9a\x60\xfd\x93\xb3\xf9\xa5\xe7\xd8\xed\x51\x80\xad\xbc\x57\x8c\xa1\xbc\x48\xbd\x9f\xb6\x0a\x13\x24\xc9\xc2\xc1\x14\x14\x79\xa0\xdc\xf0\xf1\xd0\x7e\x84\x93\x65\x26\xdf\x42\x33\x3c\x0d\x77\x3e\x3f\xed\x9e\x40\x38\xde\x5b\x95\xad\x90\x5c\x92\xcb\xe0\x40\x48\x7b\xf5\x5e\x10\xe1\xed\xb4\x29\xa0\xec\xc4\xe0\xe8\xd0\x0a\x98\x8a\x9c\xd5\x3e\x2e\xb3\x72\xf4\xfc\x4c\xd9\x53\x7b\x26\x9b\xa3\xa2\x3c\xef\xbc\x8d\xf6\x47\x6e\x75\x43\x4b\x81\xd9\x3e\x88\x91\xbf\x41\x7c\x82\xe3\x63\xf3\xe4\xab\xf8\x0a\x4f\x73\xac\xa8\x4a\xc7\xdf\x63\x37\xf5\x36\xd6\x3d\x93\x9d\x92\xcb\xa6\x4b\xe7\x42\x22\x11\x16\x06\x9e\xf2\x51\xab\xba\x0b\x00\xaf\x01\x71\x8b\xb5\x80\xdd\xbe\xb7\x99\x73\xef\x10\xa6\x8b\x4d\x0f\xa0\x23\xd6\xeb\xd3\x07\x9d\x6b\x32\xa1\xaa\x20\xa2\x1e\x92\x02\xf2\x75\x90\xc3\xf0\xc0\xcc\x25\x30\x73\xc3\xf8\x22\xaa\xc4\x59\xd3\x9f\x50\x75\x8b\x70\xc0\x07\x10\xa3\xc9\x84\x38\x41\x65\x08\x52\x2e\x51\x2a\xda\xa0\xaf\xd5\x03\xa7\xce\xb0\x4f\xb9\x4a\x4a\x93\x2c\xe8\x0c\xd5\xa7\xf1\x1b\xb8\x61\x26\x3f\x58\xe5\x74\x9d\x54\x2a\x11\x0d\xe7\xc7\x68\x9d\xfc\xb0\xc5\x1a\xfa\x9d\x54\xa5\x8f\xf8\x9f\x3f\x67"},
+{{0xcd,0xaa,0x50,0xe8,0x52,0x7d,0xc7,0xa5,0x0f,0xb3,0x7e,0x28,0xfa,0x8b,0x95,0x68,0xc3,0x7e,0x85,0x67,0xe0,0xb4,0x99,0x99,0x7b,0x9a,0xed,0x67,0x61,0x80,0xc3,0xb0,},{0x7c,0x56,0xe1,0x64,0x51,0x02,0x68,0xc1,0x82,0xb4,0x23,0x74,0x79,0x04,0xf1,0xd3,0xa5,0x80,0x93,0x30,0xf6,0xe1,0xb2,0x92,0x66,0xec,0x46,0xe7,0x3b,0xe1,0x55,0x0f,},{0x13,0x7b,0xd1,0x0a,0x50,0xef,0x60,0x93,0x84,0xfe,0x66,0x87,0x68,0xfb,0x87,0x1d,0xe7,0x41,0xca,0x0f,0x53,0xff,0x84,0x77,0xd7,0xeb,0xfa,0x90,0xaa,0xfd,0x5e,0x26,0x81,0xfd,0xf1,0xb8,0x92,0x50,0x46,0x3c,0x15,0xdb,0x8e,0x17,0xa5,0x88,0x25,0xfe,0x94,0x27,0xde,0x08,0x9c,0x34,0xde,0x13,0xcd,0x07,0xbb,0xa1,0x8d,0x4a,0xa4,0x0d,},"\x94\xfc\xfb\xaa\xa3\x03\xde\xce\x7b\x90\x8f\x87\x4c\xc5\xf0\x95\x06\x1f\x17\x54\xbb\x35\x78\x0d\xb6\x66\xb6\x3a\xb8\x29\x08\x11\xbf\x1c\x52\x1a\x7f\x8f\x78\x5e\xa2\x70\xdf\xb3\x9d\x0d\x6e\xd9\x5a\xb7\x19\x55\xa1\x1f\xfa\xea\xa2\x68\xe0\x81\xff\x3e\x4f\x24\x25\xb4\x18\x80\xa9\x87\x15\x1e\x67\x8e\x89\x11\x13\x50\x94\x2d\x82\x0c\x3e\xec\x36\x21\x24\x26\x66\x3b\xe1\x75\xe5\x28\x6b\x4a\xd1\xcc\x80\x4e\x3e\x3a\x03\xb9\xfa\x3e\x82\x83\x8e\xbb\xc2\x61\x5a\x64\x5f\x2c\xa1\x46\x8a\xc4\xa1\xcd\xbe\x52\x37\x61\xe8\x3f\x43\x81\xb0\xc8\x55\x0a\xe5\xe8\xc8\xcd\x1f\xda\x57\x19\x14\x36\xe2\x7c\xb8\x83\xbc\x64\xbe\x86\xa9\xdc\x61\x10\xef\x34\x01\xd8\x8a\x7d\xeb\xd1\xb7\x01\xd9\xc2\x57\xa6\x82\x6c\xf0\x1e\x9e\x29\x22\xe3\xae\x57\x7f\x28\x34\x27\x5f\xb0\xec\xda\x80\xed\x8c\xf1\x80\x1e\x0b\xc5\xe0\x1e\x26\xa7\x7c\x48\xbd\xf4\x6a\x5c\x48\x94\xd2\x2a\xb5\x3e\x74\x18\x27\xe2\x4b\xed\x5f\x07\x50\xff\xad\x05\xe5\x3f\x1d\x5e\x61\xdf\xd3\x16\xb1\x91\xd9\x79\x7e\xf7\x13\x13\x1a\x8b\x43\x0a\xbe\x3f\xac\x5f\x3c\x4a\x2c\xa0\x21\x87\x8b\x15\xad\xc8\xc5\xf5\x42\x11\x42\x60\xe6\x87\xa9\xd1\x99\xd2\x30\xc4\xe0\xd3\xfc\x69\x69\x93\xb5\x9c\xcf\xa3\xff\xa9\xd8\xd2\xfb"},
+{{0x0f,0xde,0xa9,0xbe,0xe6,0x28,0x8f,0x94,0x7e,0x0a,0xdb,0xdd,0xa4,0xdf,0xb2,0xba,0xa0,0x38,0x91,0xaf,0x25,0x02,0x4a,0x5e,0x13,0x8a,0xc7,0x79,0x84,0xd0,0x05,0x07,},{0x70,0xab,0xd8,0x64,0x30,0xd7,0xe8,0xd6,0x32,0x09,0xc8,0xb3,0x73,0xec,0x4e,0x4b,0x79,0xe9,0x89,0xe6,0x72,0x5f,0xac,0xef,0xba,0xde,0x3c,0x75,0x74,0xd2,0x3c,0xd0,},{0x80,0xc4,0x2d,0xd5,0xdf,0x03,0xb2,0x85,0xa8,0x6a,0xc9,0x5c,0xe6,0x66,0x9f,0x78,0x6a,0x97,0x8a,0x81,0x3a,0x9d,0x7b,0x8c,0x6a,0x23,0xde,0x76,0xfb,0xd0,0x9b,0xdb,0x66,0xc5,0xdd,0x1c,0xc9,0xf1,0xa1,0x76,0xcb,0xa3,0x88,0xd5,0x05,0x17,0x64,0xa3,0x2f,0xa2,0x7f,0x00,0x28,0xba,0x48,0x98,0x06,0x8b,0xd0,0x1a,0x3e,0xe1,0x72,0x08,},"\xcf\x72\xc1\xa1\x80\xa2\xbc\x37\xd8\x47\x8d\x9a\x7a\x39\xac\xf0\x3b\xf2\xa5\x07\x90\xf7\x90\x2f\x81\x12\x12\x22\xd3\x1d\x3e\xc9\x16\xf4\xf2\x4c\xef\x9d\x7c\x41\xdc\x02\x1b\x0e\x84\x87\xbb\x89\x2e\x47\x30\x5e\x54\x52\x03\x03\xe8\x9b\x30\xb2\x63\xda\xc4\xa9\xba\x37\x5d\x46\xc4\x0f\xcf\x40\x05\x35\xc9\x59\xd2\xb7\x46\xa7\xfc\x97\x0c\xf6\x5b\x47\x2e\x84\xb5\xf1\xd0\xeb\xad\xcf\xa1\xae\xd6\xfc\x47\xfa\xcc\xe1\x6a\x36\x6a\x3b\x1d\x6e\x51\x68\x13\xc1\x96\x09\x75\xf8\xf2\xb4\x30\x42\xfb\x4e\xea\xab\xe6\x3c\x6f\x65\xdb\x45\xdd\xb7\xdb\x88\x8a\x19\xa9\xd7\xba\x6c\xa4\x79\xfc\xd7\x0c\x5d\x1e\x97\x0f\x12\xc1\x4f\x4d\x24\xfb\x7e\x2f\x35\x7b\xd3\xa9\x4a\xa1\xb8\x68\xcc\xc0\x84\x7f\x2e\xef\x21\x85\x3e\x25\x3b\xaf\xbf\x07\xc4\xe6\x17\x6a\x1e\xf0\x77\x16\x78\x41\xeb\xbe\x56\x29\x33\x71\x57\xf3\x9f\x75\xc7\x1d\x21\xe7\xe9\x6c\x51\xa1\xb1\x6f\xa8\xdc\x60\xf0\xb1\x27\x9f\xcd\xa2\x64\x1f\xc8\x59\x1e\x3c\x49\x2f\x15\xbf\x83\xca\xf1\xd9\x5b\x2c\xd9\x13\x32\xf1\xb4\x20\x2f\xe7\x28\x62\xca\x2e\xa2\xef\x92\xc1\x1d\xb8\x31\xd8\x2f\x8f\xc3\xd4\x1f\xe2\x9a\x76\xc2\x11\xa7\x58\xe2\xf7\x1b\xd8\x9d\x2c\x66\x10\xf2\x01\x42\x9f\x34\x8d\x56\xe1\x0e\x3b\x7a\xf5\x3e\x27"},
+{{0x03,0xd5,0xe4,0x66,0xf8,0x29,0x8a,0xb5,0x43,0x8a,0x30,0x97,0x6d,0x13,0x22,0xa7,0x21,0x5a,0x64,0x2d,0xd5,0xfb,0x4c,0x3f,0x85,0x19,0x40,0x9a,0x75,0x22,0xf0,0x92,},{0x4b,0x3e,0xd4,0xdb,0x08,0x0e,0x2a,0x45,0x2e,0x16,0x91,0x2c,0x14,0x50,0x44,0x24,0x92,0x0a,0x60,0x97,0x56,0x04,0xe4,0xf3,0x79,0x25,0x8d,0x1c,0x8b,0x19,0x3d,0x6f,},{0x6d,0x7e,0x46,0x58,0xf2,0x6f,0x33,0x7c,0x98,0xe0,0x3f,0x13,0x54,0x2e,0x2f,0x39,0x44,0x0f,0xf7,0xbf,0x8d,0x88,0xf3,0xf6,0xdf,0xa4,0xd6,0x49,0x48,0xcd,0x96,0xb7,0x90,0x51,0x49,0x2f,0xc2,0x8f,0x65,0xf2,0xcc,0x0d,0x23,0xa0,0xc4,0xd5,0xe2,0x30,0x7b,0xb1,0xc4,0x7e,0x11,0xe5,0x3b,0x37,0x1f,0x09,0x1b,0x69,0xf8,0x0d,0xbd,0x05,},"\x1b\x47\xb7\x00\x13\xcb\x53\xe1\xf8\xf4\x97\x1e\x0f\x39\x56\x3c\xe8\x7e\xdb\xc2\xce\xdd\x99\xe5\xa3\x55\x85\xdf\x8b\x00\xa8\x52\xf7\xb9\xc9\x7c\x7e\x4a\x54\x65\xfc\x56\x05\xae\x8c\x5c\x36\x57\x0a\x99\x20\x1a\x7a\xd6\x03\x12\x87\xef\x0c\x7b\x2b\xa6\xe5\x7b\x05\x6d\x0f\xc8\xd6\xca\x43\xbf\x6c\xbd\xab\x09\x89\x34\xb4\x03\x19\x7b\x52\x5d\x22\xd4\x5e\x6b\x29\xc7\x8f\x8d\x61\x83\xe4\x1f\xfe\x19\x7d\xae\x25\xba\x22\xb0\x66\x69\xae\x05\xba\xdd\x7e\x1d\xa6\x93\x2a\x7d\x05\x4c\xba\xb3\xf5\x4e\x51\x46\x22\x3a\xd8\x67\x12\x31\xbc\x16\xfe\x62\x67\x9b\xd2\x81\x7a\x6b\x80\xe6\x53\x99\x8c\x49\x49\xf8\x1f\xf5\x3b\x61\x73\x16\x3e\x11\xda\x3e\x6d\x3c\x76\xd8\x4c\x71\x32\x25\xb4\x17\x3d\x6b\xf0\x6a\x85\xb6\x98\x8a\x48\xbe\x43\x59\xcb\x51\x55\x03\xca\x56\x3f\x43\x53\xf8\xe7\xd4\x5e\x4d\x94\x46\x2c\x89\xa0\x4a\x00\xf1\xb3\xb0\xca\x64\x22\xd5\xdb\x02\x9c\x50\x7d\x46\x48\x34\xa2\x0c\x78\xa7\x13\x66\x1d\x84\xed\xff\xc4\x96\xd6\x92\x82\x61\x98\x94\x43\x7b\x44\x87\x95\x4c\xbe\xa2\xaa\x72\x61\xe6\xa6\x2b\x68\x51\x15\x4a\x5d\x25\xfb\x6b\x4f\x09\xc5\x94\x73\xd3\x85\xce\x03\xe9\x1b\xa8\x65\xea\xb6\x6c\x58\xc0\xab\xb0\xb7\xa7\x8e\x4b\xe9\x27\xe5\x54\x60\xcc\xd7\x0d\x82"},
+{{0x76,0xcc,0x18,0xa1,0xda,0xff,0xfa,0x10,0x05,0x86,0xc0,0x6a,0x7b,0x40,0xf7,0x9c,0x35,0xfe,0x55,0x8c,0x33,0x9c,0x29,0x99,0xa5,0xf4,0x38,0x75,0xcf,0xad,0xe0,0x3e,},{0x4b,0x9d,0xa8,0xd2,0xf1,0x37,0xdc,0x6c,0x85,0x7a,0x99,0xa5,0x99,0x8d,0xd8,0x9d,0xd5,0xf0,0x59,0x71,0xa2,0x1e,0x8c,0x77,0x66,0x70,0xeb,0x47,0xbc,0x12,0x70,0xa5,},{0xdb,0x74,0x75,0x1c,0x66,0xe6,0xb1,0x86,0x60,0x44,0xdd,0x9a,0xe9,0x9f,0x19,0xe6,0x33,0x4f,0x17,0x9e,0x79,0xd8,0xb8,0xe0,0xc8,0xcd,0x71,0xd2,0x2c,0xef,0xb9,0xea,0xb7,0xe3,0xe7,0xa9,0xc2,0xda,0x22,0x5f,0x2a,0x9d,0x93,0xa3,0x13,0xd1,0xcb,0xf1,0xb7,0xfe,0x25,0x97,0xb8,0xd7,0x02,0xbf,0x30,0x17,0xa6,0xa6,0xbc,0x7b,0x7b,0x06,},"\x45\x22\xb1\xd8\x23\x73\xf7\xa3\x18\x22\x1e\x7e\x57\x61\x75\x03\xdd\xf4\x4f\xd5\x39\x97\x52\x2a\x1d\x96\x3c\x85\xb7\x08\xd0\xb2\x45\xde\x37\x2a\xd5\x2e\xc7\xf5\x4f\x62\x13\xd2\x71\xf7\xc9\x1d\x5a\x1d\x36\xd1\x34\xdb\x38\x9d\xf0\xb0\x81\xa0\x6b\xc0\xc7\xa4\x87\x5f\x72\x40\x92\x79\x31\x72\xc9\x11\x56\x41\xc6\xd0\x54\xf1\xd9\x92\xe0\xfa\xe4\xdf\x58\x69\x5f\x0e\xa3\x44\x9d\x7a\x4b\x3a\x88\x57\xe1\x98\x03\xfe\x49\xb6\xd5\x2c\x9f\xf3\x74\x6a\x57\x4a\x27\x56\x95\x65\x79\xf9\xfb\x80\x9a\x0e\xde\xc9\x2c\x55\xe9\x5f\xfe\xfa\x3d\x05\xf1\x65\x82\x2f\x46\x4a\x21\x99\x9f\x29\x69\x1f\x67\x44\xac\x5a\x3e\xe4\x90\x17\x88\x06\x45\xe8\x37\xed\xeb\xfd\x2e\x0f\x24\x99\x7f\x04\x11\x45\xa7\x2e\x23\x76\xad\xa2\x83\x18\x6c\xa2\xb8\x36\x36\x29\x77\x19\x5b\xae\xe3\x0a\x3a\xcc\x81\xb2\x43\xf3\xee\x37\x6a\x2c\x47\x64\xc7\x83\x66\x7a\x4b\x11\x77\xe7\x95\x1d\x3e\x3c\x7b\xe4\xf1\xbd\x7a\xe8\xc6\x0f\xd5\xfb\x0f\xd9\x1f\x0c\x1c\x14\xd0\xd2\x32\x7e\x8f\x20\xd9\x2c\x0d\xfc\xc5\x38\x70\xe9\xd9\x9f\xdb\xf9\xdd\x9a\x17\xe8\x82\x50\x9a\xe7\xba\xa8\x65\x3e\x39\xed\xc8\xee\x56\x90\x00\xd6\x24\xcb\x93\xa0\x75\x4a\x79\x8d\x1f\x81\x1f\x6a\x0e\xf5\x50\x1a\x17\xbc\xf2\x5f\xd0\xf9\x16\x26"},
+{{0x71,0xad,0x98,0x0d,0x58,0xad,0x8e,0x7d,0x33,0x30,0x66,0x89,0x35,0x89,0x36,0xa3,0x72,0xd5,0x19,0x0b,0x24,0xec,0x7f,0x9b,0xde,0x74,0x9c,0xb8,0x11,0x50,0xef,0xda,},{0xfd,0x35,0xa7,0x5f,0xe5,0xab,0xc2,0x01,0x04,0x69,0x1a,0x24,0xa4,0x65,0x94,0x40,0xb5,0x5a,0xea,0xea,0x90,0x2a,0xc3,0xbe,0x27,0x4a,0xf2,0x7a,0xa8,0x31,0x28,0x69,},{0x81,0x67,0x0b,0x10,0x29,0xe4,0x81,0xe9,0xff,0x3c,0x17,0x1f,0x05,0xc1,0x68,0x61,0xc8,0x46,0xee,0x79,0xcd,0xf2,0xe2,0x1e,0x3b,0xf9,0x52,0xbc,0xfa,0xc9,0x75,0x65,0xf2,0xb1,0xdc,0xed,0xf6,0x9d,0x2e,0x7e,0xb3,0x5c,0xaf,0x56,0x62,0xe8,0xbc,0x67,0x1f,0xbb,0x96,0x75,0x6a,0x63,0xa5,0x96,0x26,0x4d,0x1b,0x7f,0x4a,0xf9,0x7e,0x06,},"\xe8\x7a\xe0\x73\xff\x5d\xcc\x54\x85\xa1\x99\x40\xe4\xe3\xff\x26\x3a\x06\x18\xa9\x02\x5a\xd4\x03\x2d\xfb\x36\xd1\x71\xce\x88\x1f\x71\xc1\x8a\x49\x21\x0e\xb4\x58\x19\x80\x61\x42\xe2\xf0\x0d\xb3\x04\x18\x35\xbf\x2c\x3b\xcc\xf1\xdb\xa0\x2b\x8b\x5a\x5b\xda\xf8\xfe\xa3\x16\xc0\x62\x3d\xd4\x8a\x56\x4e\xc1\x66\xf0\x37\xd5\x87\xc8\xc0\x16\x84\xe5\xe5\xc0\xba\x9d\xba\x4d\x23\xb4\x9a\x03\x09\x24\x4e\x28\x2a\x51\x40\x86\x22\xed\xb0\x57\x04\x74\x7e\x0c\xde\xec\x97\x68\x93\x77\x70\x71\x09\x89\x72\xc1\x13\xa8\xab\x63\x9c\x31\xf1\x61\x32\x33\xee\x46\x0e\xea\x8a\x8c\x10\xe1\xe6\xe1\x52\x21\x45\x29\x87\x8c\xf1\xad\xae\xaf\x78\xcf\x19\xba\xc7\x13\x61\x81\x5b\xf5\x79\x55\x49\x8f\xab\x4f\x0f\x2b\x75\x86\xc8\x6f\x9f\x4c\x2d\xdf\x89\x72\xf9\xb9\xe0\xeb\x63\x6d\x84\xbc\xc1\x43\x85\xb2\xd0\x38\xbe\x55\xa9\x63\x70\x2e\xfe\x22\x5a\x50\xbd\xd0\xc4\xda\x92\xa2\xa6\xa0\x91\x00\xea\x04\xa2\x11\xd3\x96\x45\x8d\xce\xb4\x48\x71\x16\x83\x7d\x13\x9e\xb0\xf1\x22\x53\x8e\xd3\x98\x6a\xd0\xaf\x4d\xa2\xdf\xfc\x89\xf3\x26\x9c\xa8\x85\x38\x08\x6e\x69\x1e\x5b\xea\xe9\x58\x1e\x7c\x63\xd8\xe6\x12\xda\x2c\x47\xf7\x4d\xde\x1d\x94\x95\x1e\xad\xb0\xdf\x60\xc3\x89\x7d\x2a\x30\x95\xc5\x06\x09\x3b"},
+{{0x61,0x59,0x4e,0x24,0xe7,0x5f,0x99,0x6b,0x4f,0xb6,0xb3,0xe5,0x63,0xf6,0xa4,0xf9,0x91,0x5c,0xfa,0x65,0xdd,0xb1,0x99,0xb0,0x1f,0xed,0x7f,0x8e,0xd7,0x82,0x4e,0xcb,},{0x86,0x27,0xd2,0x14,0x15,0x79,0xcd,0x25,0x21,0xaa,0x07,0x68,0x00,0xac,0x35,0x4b,0x9e,0x3a,0x47,0xd7,0x1c,0xed,0xc8,0x54,0x74,0x34,0x26,0x82,0x25,0xe3,0x30,0x05,},{0x63,0x02,0xb3,0xff,0x27,0x10,0xbe,0x30,0x6c,0x92,0xb9,0xaa,0xe3,0x0d,0x23,0xc3,0xd4,0xbe,0xff,0x39,0x4e,0x63,0x20,0x1e,0x6a,0xd1,0x17,0x13,0x34,0x5c,0x4f,0xcb,0x5c,0xc8,0xd3,0xdd,0x10,0xad,0xfb,0x82,0xbb,0x11,0xa1,0x89,0xce,0x7e,0xc3,0xe4,0x22,0x27,0x27,0x62,0x4f,0xc1,0x78,0x81,0xc1,0x47,0x88,0xd2,0x71,0x0e,0x16,0x08,},"\xbc\x01\xb0\x8c\x7c\xaa\x23\x61\x00\xa0\x12\xa7\x26\x47\x7d\x0e\xc3\x89\xdb\xfa\xda\xc7\x3d\x51\x06\x42\x4c\x5d\x1f\x3d\x1c\xef\x16\x95\xcf\xd9\x3a\x70\x62\xec\x8b\xf1\x06\x70\x47\x85\x49\x20\x16\x2f\x65\x13\x57\xbe\xdf\x1c\xd5\xa9\x2e\xc2\x9b\xdb\x5d\xff\x71\x6e\x8f\x60\x25\x51\x5a\x95\x49\xba\x36\xcd\xc3\x5c\xed\x7c\x5c\x0c\x36\x8e\x6c\xd9\x2f\x2f\x10\xae\x14\x6a\x20\x72\x8c\x37\x4b\xba\x50\x96\x41\xce\x88\xcb\x42\xff\xf0\xce\xdf\xd9\xfd\x67\xf3\x10\xf9\xd0\x1a\x3f\x36\x90\xeb\x21\xdb\x17\xbc\xe6\x7a\xe3\x5c\x4c\xd2\x4c\x20\x9f\x09\xf0\x44\x75\x9d\x8d\x5a\x7d\x24\x8e\x2b\xd9\x66\x52\x4b\xa8\xc0\xc2\x89\x74\x72\x6b\x43\xbd\x05\xde\x84\x34\x33\xcc\x40\x05\x98\x92\x29\x74\x62\x3d\x9a\xcb\xfd\xc7\x61\xc4\xc0\x43\x75\xa9\x52\xce\x54\xca\xff\xaa\x96\xac\xff\x6d\x9d\xc2\x78\x74\x2a\xf4\x76\xe1\x86\x5c\xb8\xc2\x0d\x13\xd1\xc1\x90\x08\x63\xbc\xa2\x31\xe4\x4c\x6b\x0d\x47\xcb\x41\xd5\x10\xf7\x95\x8f\x48\xf3\x04\xd0\x3d\xa0\x33\x48\x4a\x3e\x1f\x27\x3f\xaf\x69\x83\x37\x5b\x7d\x3b\xe0\x3d\x8a\x0a\x00\x2d\xef\x63\x65\xbe\xb2\xfa\x8c\xcf\x1a\x94\x98\x7a\xdc\xd3\x3d\x0d\xa1\x17\x7f\xc5\x15\x9b\x6e\x56\xd0\x04\x30\x1e\x92\x1d\xbc\x12\xec\x0a\x73\xf4\x13\xcf\x2c\x48"},
+{{0x54,0xe6,0xbb,0xfb,0xf8,0xc0,0x6f,0xf2,0xc0,0x66,0x31,0x8c,0x2e,0xbf,0x03,0xd5,0x06,0x54,0x7b,0xf4,0x3c,0x2d,0x7a,0x5d,0x4d,0xf3,0x05,0xa3,0x03,0x2b,0x71,0x38,},{0x3b,0x71,0xaa,0x1d,0xef,0x66,0x6d,0x91,0x88,0xf4,0x03,0xf8,0x2e,0xd3,0x04,0x54,0xab,0xa5,0xbc,0x9f,0x47,0x0f,0x6e,0xb9,0x88,0xda,0x18,0x7c,0x92,0x52,0x32,0x84,},{0x3d,0xf4,0xd0,0x90,0x79,0xf8,0x30,0xe3,0xf9,0x82,0x28,0x36,0x81,0xba,0x37,0xb5,0x0f,0x3c,0x73,0xde,0x2c,0x5d,0x22,0xa2,0x91,0x35,0x8e,0xbb,0x1f,0xb8,0x54,0xe5,0x10,0xf6,0x3f,0x9a,0x48,0xe9,0xff,0xf7,0xfd,0x83,0x11,0x30,0x2e,0xa3,0xe9,0x69,0x39,0x4e,0x6d,0x49,0xc9,0xe3,0x18,0x20,0x54,0x94,0x2f,0x6a,0x74,0x4c,0xee,0x03,},"\x03\x18\xd7\xcb\x48\x05\xaf\x98\x21\xdd\x3f\x91\x4b\x0e\x07\x6f\xea\x04\xa7\xd2\xdb\x3a\x59\xa0\x0a\xff\xea\xd3\x32\x5a\x2b\xe4\x0c\x1f\x87\xf5\x32\x76\xa8\x55\x26\x04\xf2\x28\xb9\x76\xe2\x88\xb9\xbe\x90\x6a\x7b\xd2\x5b\x2f\xfa\xb8\xa8\xaf\x5d\x0f\x6e\x08\x78\x6f\xd0\x34\xe2\xfe\x1e\xb7\xee\x03\x39\x79\x86\x0d\xd1\xe5\x32\x72\x87\xe9\xe6\x15\xf5\xdc\x5a\x96\x0f\x17\x02\x6b\x56\x84\x2f\xc8\xd4\x4c\xad\x00\x2e\xdc\x85\x01\xcf\xb9\x56\x00\x15\x02\xe4\xdd\xc8\x1a\x77\x00\xd9\xc0\xbe\x88\xeb\x4a\xaa\x64\xa6\xcb\xc3\x9d\xe8\x2f\x13\xc1\x10\x86\xde\x1a\x42\x70\xd3\xaf\x97\x28\x4b\xac\x1c\xae\xf1\xd3\xed\xaa\x10\x71\x66\x6b\xd8\x3b\x2e\xde\x39\x62\xd9\x8b\x9d\x93\x49\x7d\xdf\xd8\xe9\x7d\xab\x30\x89\x95\x0c\xf3\x0e\xd1\x1d\xb7\x7a\xd1\x43\x7a\x0a\xf5\x88\x9d\x8e\xfc\x44\xe6\x12\x42\x0e\x39\x07\x26\x7d\xf3\xac\xff\x4b\xd3\xfb\x6e\x8c\xa5\xba\xdf\x8e\x72\xf9\xde\x39\x52\x86\x53\x05\x85\x24\x45\x6a\x81\xda\x5f\x84\x98\x2a\xfa\xc3\x4b\xef\x5f\x71\xe9\x1f\x8f\x90\x93\x8a\x6f\x5f\x1f\x28\x77\x16\xde\x56\xa0\x94\x6d\x26\x1e\x87\xbc\x77\x5c\xe1\x89\xe4\x1a\x77\xba\xed\xe7\x32\x0a\x3c\x60\x8f\xc9\x71\xe5\x5d\x0a\x77\x3c\x4d\x84\x8d\x42\x86\x37\xf1\x1b\x4e\x44\x60\x39\x0c"},
+{{0x68,0x62,0x06,0x1b,0xe0,0xde,0x9d,0xfd,0x99,0x81,0x18,0x20,0x4b,0x2b,0x98,0xdb,0x3c,0xe7,0xd7,0xe8,0x19,0xdb,0xc1,0x07,0x94,0xaf,0x0a,0xb2,0xb0,0x6e,0x84,0x34,},{0x9c,0x5f,0x7c,0x22,0x65,0xdd,0xe1,0xb2,0x5e,0x4f,0x27,0xec,0x71,0x58,0x0d,0x52,0xdc,0x89,0xf2,0xc3,0xa7,0x12,0xbc,0x1a,0xd5,0xd6,0xd6,0x9e,0x71,0x1e,0x08,0xd4,},{0x96,0x5e,0xdb,0x34,0xe8,0xab,0x8b,0xc3,0x20,0x4a,0x32,0x01,0xd2,0x21,0x86,0x37,0x2d,0xe4,0x24,0x26,0x00,0x29,0x7c,0xfd,0xb5,0x7a,0xa1,0xdf,0x07,0x4e,0xc5,0x0d,0xdf,0x10,0x10,0x5e,0x9d,0x4c,0x89,0xa2,0x66,0xc3,0x4d,0xb7,0x77,0x2a,0xa9,0x4c,0xba,0x94,0x64,0x29,0xe6,0x8b,0xa6,0x2b,0xf9,0xa0,0xac,0x90,0xf5,0xf0,0x5b,0x02,},"\x17\x40\xdd\xe8\x43\x4a\x0d\x68\x99\x25\x67\x9b\x0c\x18\x03\x00\xcd\xbd\x0c\xf6\xa8\x9a\xd8\xfd\xe3\x46\x53\x31\x6c\xee\x4c\x57\x1a\x41\x05\xc9\xe9\xe0\x28\x42\x38\xfe\xf2\xc3\x8a\x09\x15\x7c\x5d\xb9\x43\x40\x57\x1b\x39\x0a\xdf\xb6\x9f\xf4\xc0\xdc\x50\x53\x25\x3a\x67\x9d\x42\xcc\x1f\x1b\xf1\xff\x42\x92\x29\xea\x0a\x50\x44\xc6\xf7\x95\x64\xe0\xdd\x28\x7f\x53\xf0\x15\xb8\x31\x87\xd9\xad\x27\xd9\x10\x39\xaf\x06\x2c\x43\x7b\x15\x75\xa0\xea\xb6\xae\xb8\xaa\x0d\x27\xb2\x76\x65\xd6\xde\xa9\x04\x1f\xf9\x96\x3a\x31\x18\xb3\x29\x8a\x85\x44\xe3\xfd\x69\xac\x68\x77\xe3\xe4\x05\x2f\xe4\x42\x2b\xf0\x35\x60\xb2\xc5\x7e\xc5\x31\xee\x8b\x5f\xf5\x3c\x28\xdb\xde\x35\xbb\x45\xc3\x50\x77\x63\x6e\x6f\x84\x1b\x59\xd7\xeb\x77\xbc\x77\x91\xb6\x09\x38\x58\xa3\xa8\x0a\x3a\xa6\xd7\x78\xdb\xf5\x3d\xb9\xd0\x61\x19\xc5\x0b\x71\xc7\x91\xc0\x49\x5c\x57\x6d\x1b\x59\xd3\x96\x87\x3e\xd8\x71\x48\x53\x52\xc8\x29\x9a\x35\x9d\xa5\xee\x9d\x7f\x36\xed\x14\x55\xf8\x98\x51\xa3\x08\x51\xbe\xa7\x19\x68\x5a\xec\xd0\x8f\x25\x56\x26\x09\xdd\x10\x66\x30\x73\x52\x77\xe1\xd6\x51\x9b\xb1\x68\x7d\xe8\xb8\xc6\x8b\x96\x71\x45\x2e\xdb\xb3\x49\x1d\xa2\x64\xcd\xfa\x00\x17\xc5\x12\xd2\x76\x97\x59\xcb\x92\x5f\xb6\x64"},
+{{0xb2,0x25,0x0b,0xbc,0xb2,0x68,0xd2,0x47,0x7c,0x83,0x12,0xb1,0x90,0x0f,0xd9,0x99,0x82,0xba,0xa2,0x9a,0x68,0x97,0x4f,0xbf,0x87,0x78,0xa1,0x22,0x8d,0xc9,0x75,0x50,},{0x44,0xaa,0x8d,0xf1,0x18,0x16,0x74,0xb0,0x5a,0xde,0x98,0x0f,0x7e,0xdd,0xba,0xf3,0xbd,0x74,0x22,0xa9,0x20,0x28,0x7c,0xb2,0xd2,0xdb,0x59,0xa0,0x63,0xee,0xbf,0x74,},{0xf2,0xb8,0xd9,0x2e,0xd5,0x1e,0xbd,0x10,0x00,0xbf,0x9d,0xd3,0x41,0x1a,0x9f,0xa9,0xe7,0xae,0xe5,0x4c,0x4c,0x86,0xe2,0x4a,0xd0,0xf9,0xad,0x5c,0x55,0x64,0x3a,0x12,0xd6,0x80,0x01,0x9c,0xa0,0x3f,0x21,0x6b,0xd4,0xbd,0x32,0xc9,0xce,0x1c,0xd8,0xa5,0x28,0xc3,0xff,0xaa,0x5d,0x5b,0x1d,0xc9,0x1a,0x4b,0xe5,0x6f,0x0e,0x2c,0x5e,0x06,},"\x7e\xf0\xae\x13\x36\xa6\xfa\xb3\x7f\x99\xda\x5f\xa7\xd0\xde\xc7\x40\x9c\x07\x26\x23\xea\xd8\x4f\x24\x1d\x53\xd0\x59\x6b\x46\x17\x05\xfb\x1b\x3c\x53\x7d\x36\xb8\x9e\x89\x60\xfe\xbb\x4c\xdc\x0d\x42\x7c\xe2\xfc\x1b\xe5\x8d\xbb\xce\x15\x1e\x35\xac\xd8\xb6\xac\xe4\x0a\x19\x82\x29\x14\xa4\xbd\x8c\x4a\xf6\x32\xf1\x36\x41\x8a\xc4\x9b\x18\x4d\x55\x19\x3e\xbc\xc3\x2d\x0d\x79\x87\x09\xb1\xa8\xfe\x29\x4f\xba\x8a\x1f\xe7\x2d\x97\x6b\x44\x00\xd4\xa3\x93\x24\x23\x11\xb0\xf8\xcc\x99\x4e\x89\x47\x5b\x00\x38\xae\x5d\x89\x14\x93\x8e\x8f\x6e\x87\xc6\xf5\x0b\x9d\x65\x6c\x45\xd7\xb1\x42\x31\xef\xed\x97\xf3\xc9\x06\x68\x91\x36\x70\xbf\x5b\xe2\xef\xd5\xc2\x70\xc7\xcb\xaf\x01\xe8\x57\x2e\x98\x00\x97\x8d\xfe\x2e\x10\xa2\xfc\x04\x40\xb8\x55\x62\x9b\xf9\xcd\x40\x9e\xa9\x41\xcb\x69\x22\x6c\xac\x77\x1b\x15\xea\x77\xc0\x32\x68\x48\x80\x6f\xf8\xd2\xe2\x01\xe6\xe2\x6c\xd5\xf4\x54\x30\xda\xdc\xff\x8f\x59\xc3\x21\xc1\xc9\xc6\xa2\x9b\x94\x88\x29\x35\x44\x7d\x3e\x6c\x2e\x88\x04\xb1\x16\x15\x76\xbd\xf0\x32\x0f\xe5\x3c\x30\x7d\x9c\xde\x42\x60\x77\xa7\x67\x7c\xde\x3c\x1b\xc8\x3e\x18\xe6\x0a\x0c\x4e\xe6\xdc\xcd\x87\x7c\x21\x3a\x8e\x4c\xca\x64\x0e\xe0\x49\x29\x80\x45\x70\xae\x1f\x96\x15\x7c\x04\x35\x7a"},
+{{0xb8,0x09,0x36,0x1f,0x55,0xcf,0xe8,0x13,0x7f,0xbd,0xa8,0x80,0xfc,0x62,0xcb,0xe4,0x4c,0x21,0x6e,0x14,0x18,0x93,0x34,0x63,0x02,0xb3,0x36,0x04,0x5d,0xe2,0x18,0x78,},{0xfd,0x23,0xe4,0x2f,0xf0,0x66,0x44,0xea,0xd3,0x47,0xab,0xcc,0x1b,0x3e,0x03,0xb0,0xe8,0x85,0x93,0xb6,0x12,0x54,0x98,0x1d,0xd8,0xae,0x59,0x45,0x4e,0x61,0xb3,0xe0,},{0xb5,0xb5,0x95,0x0d,0x37,0x72,0xd2,0xee,0xf8,0x8e,0x1b,0x0f,0x5d,0xf5,0xff,0xae,0x2f,0x21,0x03,0x88,0x5e,0x71,0x44,0x6d,0x34,0x6f,0xbb,0x5d,0xae,0xf9,0x49,0x67,0xa6,0xb7,0xb6,0xe4,0xbe,0x88,0x51,0x10,0x06,0x58,0x76,0xc6,0x65,0xb7,0x81,0x2d,0xe4,0x6a,0xd3,0x1e,0xc3,0xbf,0xcb,0xea,0xee,0x13,0xed,0x0c,0x1e,0x0b,0x30,0x0e,},"\x17\xac\xe1\x97\xd0\x83\xaa\xf1\x72\x6f\x53\xe5\xef\x81\xb5\xa8\xc0\x92\x22\xf2\x60\xee\x5f\x1f\x54\x04\xab\x78\xd9\x00\xd4\x89\x68\x84\x49\xb8\x43\xba\xd3\xc4\x98\xaa\xc6\xd8\x0b\x46\x39\xb7\x6e\x6e\x81\xc5\x52\x76\xa6\xf9\xc7\xce\xcd\x70\xb7\x1a\xaa\xf2\x01\x8e\xf7\x6c\x0e\x30\x15\x4a\xae\x86\xa5\xc8\x6d\x4e\x8d\x0e\x4e\xc6\x8c\xc4\x27\x06\x0b\xd5\x65\x14\xf7\x23\x80\x86\xbb\xef\x5b\xfc\xa1\xf5\x67\x1b\x18\x04\x18\x38\xfd\x01\x35\x72\x44\x3d\xba\x48\xfb\xdd\x95\xca\x74\x0b\x0d\xaa\x43\x27\x16\x4a\x1e\x34\x67\x72\x49\x70\x8f\x77\xbd\x79\x3e\x7c\xaa\x66\x38\xb5\xdc\x9f\xbe\x6f\x0d\xfd\x41\x20\x20\x90\x97\x20\x9c\x93\xce\xdf\xaf\x21\xb6\xbf\x59\xca\x6e\x99\xe6\x20\x96\x39\x44\x4f\x0e\x82\x7b\xbc\xc0\xa6\x1c\x3a\x23\x7c\xa2\x2a\x28\x32\x13\x22\x3a\xb6\x58\xe7\x12\xc7\x55\x62\x38\xd3\xa5\xfe\x31\x72\x2d\x65\xf5\x70\x6e\xf6\xd6\x4d\x73\x23\x2d\x30\x43\x22\x0f\x14\xe5\xcf\xd3\xc2\xc8\x3a\x83\xd6\x8e\x20\x27\x4b\x6f\x96\xb2\x9d\xe0\x40\xce\xc8\x47\x50\x30\xb6\xa8\xa8\x7d\x29\x80\x8d\xd3\x81\x79\x5c\x3d\x22\xac\xf5\xdc\x19\x3b\x72\x0d\x95\xa7\x52\xd9\xf1\x23\xc2\x09\xff\xba\x00\x4e\x48\xdd\x06\xdd\x8c\x9e\x17\x2b\xc9\xe0\x87\xd8\x0b\xc5\x21\x6c\x0b\x0b\x6e\x77\x03\x12\x41"},
+{{0xee,0xef,0x80,0x74,0xc2,0xeb,0x9a,0x1c,0xee,0x2f,0x2d,0x3b,0xb0,0x53,0x25,0x54,0x6a,0x9f,0xb7,0xcb,0xe4,0x4b,0x59,0x94,0x61,0xfc,0x58,0x85,0xf5,0xfd,0x9c,0xac,},{0x9b,0x89,0x29,0x41,0xa0,0x57,0x3b,0x7a,0x16,0x73,0xef,0x48,0x0f,0x08,0x11,0x68,0xd9,0xb7,0x49,0x6a,0x81,0xf9,0x17,0x7d,0xc4,0x27,0xca,0x1f,0x84,0xcb,0xbf,0x7d,},{0x6f,0x71,0x01,0x98,0x4f,0xd6,0x89,0x2e,0x21,0x44,0xb7,0xd4,0x56,0x19,0x83,0x0c,0xae,0xb6,0x71,0x3b,0xfa,0xb4,0xee,0xbb,0xe2,0x17,0xc5,0xbe,0xcd,0x24,0x9b,0xd9,0xd7,0x52,0xeb,0x76,0xe9,0xfa,0x99,0x5e,0x7c,0x71,0xff,0x7d,0xf8,0x6b,0xb2,0x60,0xcd,0xda,0x17,0x3f,0xf5,0xde,0xec,0x6a,0xf2,0x04,0xb7,0xdd,0xe0,0x11,0xde,0x09,},"\x9a\xe3\x9f\xea\xde\x90\x5a\xff\xcb\xed\xd2\xe7\x2a\x6f\x24\x29\xb3\xd1\x10\x8e\x5b\xc1\xa9\xdb\xaf\x49\x0a\x62\x99\xbc\xcd\x94\xac\xc4\x13\xad\xac\xc9\x18\xb1\x4a\xfa\x85\xc7\x8b\xc1\x68\xcc\x00\x74\x0c\x3d\xa0\xe0\x81\x83\x91\x5f\x79\xb7\xfe\x38\x68\xce\x2a\x7e\x88\x6b\x32\xad\x45\x00\x98\x05\xbf\xb8\x1b\x8c\x07\xb3\xb1\x02\x24\x20\xc0\xf0\x09\xb8\x89\xd7\xfc\x22\xfd\x19\x97\xae\x34\x19\x84\x38\xca\x94\x77\x85\x75\x12\x2f\xca\xaf\x96\xe6\x50\x2c\x33\xa7\x5a\x12\x9a\x2d\x0d\xbb\x07\x3d\x93\x82\x0d\x9c\x96\x68\x3d\xb3\x18\x99\x0b\xe3\xfe\xf4\xca\xfc\x89\x0a\xfb\xd9\xb1\x50\x4c\x74\x39\xa0\x8a\x06\x5e\x78\x14\xee\x4f\x9b\x6f\x57\xee\x16\xba\xed\x3f\x0e\x3a\xa3\x5d\xd2\x3d\x35\x28\xa4\x58\x91\x9a\xd7\x70\x48\xb4\xe2\xe6\x17\x23\x46\xbe\x24\x9a\x50\xaf\x02\xbc\x6c\x85\x33\x04\xc2\x08\xae\x0b\xa0\x27\x71\x26\x2a\x0d\x8a\x46\x5f\x71\xfa\x06\x35\xe5\x3e\xb2\xef\x0a\x84\x7d\x56\xa0\xbc\xd7\xdd\x3f\xe0\x77\xc9\x2b\xcd\xca\x30\x69\xa4\xa6\x82\xa2\x85\x99\x28\x31\x5c\xe3\xeb\x44\x5c\x60\x72\xa7\x14\x92\xee\x82\xe1\x72\xa2\x0b\xe0\xb6\x48\xb7\x56\xe6\xc7\x75\x37\x6f\x0c\x7c\x3d\xf8\xe6\x42\x88\x08\x9c\x2f\x81\xce\x95\x93\xc6\xe0\x8b\xb1\xcc\x1b\x27\xfc\xbd\x39\x2f\xc7\x95\x2c\x55"},
+{{0x61,0xfa,0xeb,0x15,0xf8,0x57,0xf6,0x55,0x78,0x62,0xc8,0xb8,0xc7,0xef,0x41,0xf8,0x05,0x45,0x52,0x09,0x96,0xfc,0xc1,0x12,0x7b,0x8c,0x24,0x91,0x82,0x22,0x01,0xae,},{0x60,0xa2,0x90,0xc0,0xfc,0x42,0x5a,0x08,0x74,0x67,0x3d,0x94,0xf9,0xbb,0x14,0x00,0xf9,0xda,0xcd,0xe9,0x95,0x4f,0x9f,0x5b,0x05,0xdd,0x48,0xab,0x74,0x7a,0x39,0x50,},{0x31,0xf9,0x0f,0x50,0xb2,0xdc,0x70,0x5f,0x1d,0x92,0xf1,0x2c,0xa9,0x97,0x5d,0x76,0xf1,0xb2,0x82,0x6a,0xda,0x3c,0xc1,0x85,0xb0,0xed,0x6c,0x83,0x86,0x07,0x77,0xbd,0x8c,0x48,0x9b,0x59,0x85,0x5a,0x91,0xf6,0x48,0x39,0xd4,0x9b,0xa4,0x67,0x98,0x5a,0xbb,0x37,0x6c,0x47,0xa4,0x90,0x8b,0x27,0x1b,0x8f,0x77,0xc5,0x8d,0x01,0xfd,0x04,},"\x25\x3b\x56\x6e\xcc\xb5\x63\xbd\x6e\x48\x0c\x69\x73\x9b\x8e\x37\x25\x19\xa3\x43\x72\x54\xe0\xe5\x02\x9c\xac\x86\xc7\x16\x38\xf2\xdf\x2a\x6c\xf9\xe5\x6d\xb2\x56\x99\x34\xde\xba\x90\xdb\x75\x54\x7e\x36\x71\x74\x7d\xf6\x4d\x6f\x2a\xaf\x3c\x11\x0f\xa6\x7a\x70\x94\xcc\xbe\x4c\xc5\x35\x5f\x0d\x43\x23\x51\x36\xee\x26\xdb\xe3\x7f\x42\x25\xd3\xbb\xfe\x24\x55\x95\x28\x05\x85\xfb\x54\x8f\x89\x4e\x86\xc5\x16\x10\x25\x80\x29\x1f\xa7\xa0\x28\x59\x55\x7f\xb9\x8e\xb5\x88\x87\x08\x28\xb0\x99\x0a\xe9\xd7\x4f\x38\x31\xda\x58\x94\x6b\xc7\xa5\xce\x1b\xa4\x98\xb4\xe8\xbe\x89\x89\xa3\xb5\x0d\x7e\x87\x89\xf5\x6b\x8b\x4f\xec\xbc\x2a\x33\xbf\xa3\xef\x59\x1a\x0f\xbc\xd9\x32\xfa\x93\xe1\x9f\x3a\x81\x2a\xe5\xe4\xe3\xb4\xb2\x42\xbe\x77\x05\xa5\x87\x4a\xf7\x3b\xe3\x10\xb0\x05\x82\x66\xa3\x78\xf2\x3c\x13\x48\x52\x47\x15\xb0\xcc\xc1\x8d\x66\x34\xb2\x36\x36\xc3\x16\xba\x6a\x1d\xd2\xfd\x50\x92\xc0\x67\x16\xa7\x17\xb5\x4d\x0e\xb9\xfc\x7f\x63\x6f\x85\xbb\xf2\x25\xa2\xcf\x03\x5b\x4b\x7c\xfd\xdd\x75\x35\x16\x82\xc0\x57\x6c\x6b\x3b\xa5\xa1\xc0\xb2\x5e\xc5\x94\xe7\x70\x9d\xd0\x9a\x00\x79\x77\x2f\xf3\xac\xc6\x7f\xb6\xc1\xb3\x7b\xb3\x74\x2b\x72\x6e\x77\xe8\x05\x61\xd9\xab\x73\x16\x0b\x73\x36\x25\x81\xda\x5b\x9c\x7f"},
+{{0xe6,0xb9,0xcd,0x4d,0xa0,0x7c,0xb3,0x4f,0x30,0x39,0x1c,0xf6,0x8f,0x0d,0x87,0xc7,0xcf,0xcf,0x68,0xf8,0x10,0xff,0xa4,0x0f,0x97,0x39,0xc9,0x5d,0xeb,0x03,0x7f,0x71,},{0x56,0x9e,0xde,0x0f,0x04,0x63,0x0b,0x43,0xa0,0x4c,0x5a,0x66,0xb6,0xa5,0x63,0x6b,0x76,0x6c,0x75,0x96,0x59,0x84,0xa7,0x47,0x7e,0x15,0x49,0x19,0x60,0xfd,0xd8,0x64,},{0x1e,0x37,0x5c,0x94,0xbd,0x80,0x9c,0xa0,0xcd,0xd0,0x2f,0x89,0xec,0xec,0x4e,0x43,0x77,0x32,0xdd,0x20,0xa0,0xa8,0x4b,0x25,0x4e,0xae,0x88,0x9d,0x80,0x70,0xe6,0x82,0xd1,0x13,0xb0,0xbe,0x22,0xe4,0x1e,0x6c,0xdc,0x3b,0xe8,0x77,0x68,0x0e,0x7e,0xeb,0x7f,0x09,0x95,0xe6,0x62,0x2d,0xc0,0xb4,0x34,0xfb,0x09,0x49,0xdd,0x99,0x4b,0x0c,},"\x69\xde\xf0\x52\x3a\xfd\xa6\x96\xf8\x44\x8f\x9c\x11\x43\xab\xc2\x65\x33\xe6\x86\x95\xa0\x90\xdf\x0d\x9e\x43\xd0\xc0\xef\xf4\x35\x83\xe6\xf7\x09\xd2\x04\x3c\x81\x5f\xbb\x3f\x96\xba\x2b\x0d\xc3\xbe\x6f\xec\xad\x5d\xd3\x81\x48\x78\x8e\x4a\x03\x85\xa9\xfe\x7a\x92\x1f\xcb\x8c\xce\xe0\xe4\xd3\xae\xd4\xbc\x3d\x21\x6d\x84\xb4\x14\xf9\x58\x0b\x02\x82\x0c\x03\xd9\x2e\x67\x5e\x68\x5c\x4b\x58\x51\xf3\x63\xbb\x4d\xf9\x7b\x41\x7c\x3f\xd9\x00\x22\xee\xaf\xa2\x0d\xfb\xe8\x29\x64\xf2\xff\x07\x3d\x25\x57\x58\xfb\xe5\x67\xc7\x6b\x2c\x35\xe2\xb0\x9f\x8a\x8d\x7a\xfa\x32\xc6\xf5\xad\x01\xbc\x3e\xbf\x6e\x21\x06\x06\xdb\x03\x8e\xcb\x68\x20\xce\x1e\xa4\xdd\x52\x9f\xc1\xad\xfb\xc2\xa1\x38\x56\x5a\xc6\xd0\xf4\xa4\x10\x9b\xdd\x47\xb8\xaa\x6e\xf4\xb8\xbe\xde\x45\x46\x80\xd1\xdb\xdb\x75\xfe\x1e\xb2\xe5\x48\xd5\xde\x7c\xb6\xd7\x92\xfe\xf3\xaa\x0d\x84\x80\xa6\x03\x0b\x30\xf1\x04\xd7\xe7\x6b\x58\xe9\xf4\x76\xeb\xf2\xcc\x83\x29\x23\xb5\x0c\x50\xc1\x11\xc3\x51\x5f\xc5\x18\x85\x23\x23\x42\x6c\xa7\x78\xa5\x96\xd3\x19\x5d\xa8\x58\x5d\x8c\x3a\xa9\x20\x83\x31\x3a\x6e\x65\x85\xb7\x0c\x98\xb1\x85\xb4\x72\x79\x8a\x61\xcd\xe7\x7e\x62\xec\x27\x2f\x14\xb0\xd9\xeb\x4f\x22\xf9\xc7\xc0\x58\x17\xda\x6f\xde\xfe\x78\x79\xa5\x84"},
+{{0x4d,0x90,0x44,0xf1,0x7b,0x5a,0x09,0x77,0xdc,0x5a,0xa9,0x91,0x6a,0x92,0x43,0x00,0xa2,0x44,0xa1,0xef,0x7f,0x06,0x02,0x77,0xad,0x49,0x78,0x35,0x1e,0xa6,0x42,0x91,},{0xab,0x9c,0x06,0x92,0xa6,0x06,0xb2,0x56,0x7c,0x19,0xc3,0x0f,0x9f,0xaa,0x3b,0x4c,0xfe,0x72,0xfb,0x23,0x70,0x77,0x76,0x7b,0x76,0xd3,0xb2,0xae,0x14,0x90,0xa6,0xd4,},{0x6f,0xa4,0x8a,0xea,0x4d,0x5b,0x9a,0xf6,0x5a,0xf9,0x64,0xcd,0xb7,0x09,0x44,0x3a,0x11,0xfa,0x84,0xf7,0xd4,0x4a,0xcd,0xda,0xb1,0x6e,0x04,0xa6,0xfc,0xef,0xb2,0x7a,0xe3,0x3c,0x05,0xb3,0x6d,0xa1,0x3c,0x23,0xde,0x51,0x7d,0x6e,0x6a,0xc5,0x74,0xa0,0x3e,0xa6,0x30,0xba,0x4f,0xbb,0x95,0x81,0x31,0x12,0x9a,0xa7,0xf1,0x35,0x4c,0x01,},"\x7c\x8c\x71\x89\xaf\x67\x32\x7a\xf1\xc6\xdd\x2c\x30\xe9\x75\xf1\x90\xe3\xb3\x8d\x00\x8b\x45\x85\x16\x7e\x0d\x45\x07\x40\xd4\x67\x34\x58\x7f\x6d\x20\x87\x84\x24\x5c\xc5\xcb\x06\x2a\x2a\x27\x7f\x17\xeb\xb2\x74\x6f\x9b\xdf\x4a\x82\x37\xca\x47\x9a\xb0\xa4\x30\x17\x7e\x19\xed\x7d\xd3\x62\x25\x76\xb1\x4c\xdc\x08\x28\x22\x14\xfe\x5e\xe4\xd7\x6b\x43\xc1\x6a\xc9\x08\x64\xc5\x1b\xe8\xae\xd4\x5d\x7b\x98\x0d\xf7\x91\x7f\x29\x0f\xdf\x79\x58\x46\x46\x5f\x27\xfc\xb7\xe5\x73\x06\x37\x94\x4f\x05\x77\xc9\x2f\x32\x37\x5e\x99\x5b\xc0\xcd\xa9\xd7\x19\x6f\x2c\x0c\x1a\xc8\xb8\x0d\x12\xa0\x43\x99\x63\xeb\xd2\x25\x4c\x34\x77\x03\x57\x58\x16\xe7\x96\x4c\x13\xd4\x4d\x62\x92\x80\xc3\x12\xea\x26\x53\x44\xde\x38\xf3\xb1\x8d\x91\x50\xf8\xf9\x24\xaf\xb4\x4b\x6b\xfb\x9e\xda\x51\x3d\x59\xe6\x5e\x2e\xf1\x86\x66\xe6\xc2\xa2\x1c\x40\x18\x66\x5b\xef\xe9\x2c\xae\x58\x1d\x3c\xb1\x4e\x23\xe9\x7d\x83\x00\x02\xcb\x90\x93\x1a\xe0\x21\x00\x68\xaf\x39\x4e\xbe\x35\x1b\xe5\xb8\x17\xf3\x67\x4b\xfb\xf4\x00\x49\x03\x0e\x4f\xe5\x05\xd3\x4a\x1d\x50\x2a\x2c\x50\xd8\xe6\x38\xe9\x26\xc2\x30\x67\x6b\x7e\xde\xfb\x6b\xec\x77\xb1\xc0\xce\x60\x93\x25\x28\x7b\xa5\xfd\xd7\xa9\x97\x69\x87\xbd\x07\xfc\x6a\x43\x44\x95\x6e\xbf\x81\x8f\x08\x58\x6c"},
+{{0x75,0xad,0x76,0xbb,0x4c,0x0c,0x22,0x9a,0x5a,0xdc,0x79,0xe4,0x44,0xb1,0x3f,0x88,0xa9,0x64,0x59,0x86,0x2c,0x8c,0xf0,0xba,0x49,0x8d,0x0c,0x99,0x6a,0xf9,0x4a,0x7a,},{0xf0,0x74,0xdd,0x2b,0x9c,0x1c,0x30,0x91,0x05,0xec,0x95,0x1b,0xb5,0x81,0x2a,0x91,0xdd,0xb5,0x40,0x23,0xb3,0x80,0x9a,0xb3,0x79,0xc5,0x6a,0xf0,0x46,0x1a,0xf6,0x17,},{0x0c,0x46,0x43,0xa8,0xbe,0x6d,0xc2,0x2f,0x4b,0xeb,0x6b,0xcc,0x70,0xc6,0x17,0x2e,0xc7,0x60,0x83,0x78,0x65,0x3c,0xb4,0xe9,0x9f,0x3a,0xe7,0x95,0xea,0xdf,0x4e,0x98,0x2a,0x29,0x76,0x09,0xca,0x79,0x38,0xf5,0xdf,0x63,0x2b,0x09,0x56,0x28,0xcb,0x75,0x06,0x2d,0x3d,0x51,0xfc,0x0f,0x33,0x23,0xbf,0xa7,0xb2,0x2e,0xc4,0xd4,0x72,0x05,},"\x0c\xa8\xc1\xc7\x41\x28\xd7\x4e\x9d\x0a\x7b\xf8\x96\x42\x91\xd0\x74\x91\x7f\x2f\x99\x20\xef\xb9\x11\x52\x05\x67\x64\x2a\x50\xa6\x15\xab\xcb\xd0\x0a\xed\x4a\xbb\xfe\xf1\xa9\x83\xcc\xe3\x33\xe1\xd0\xdf\x3e\x64\x04\xfb\x90\x43\xc6\x80\x39\x14\xcd\x5f\xff\xbc\x66\xa0\x79\x0c\x78\x78\xa2\x40\x89\xa5\x71\xf8\x95\x66\x2a\x1d\x18\xbe\x3f\x01\xff\x97\xfb\x33\x23\x33\x4b\x6f\x5b\xaf\x96\x55\x14\x48\xe4\x09\x0d\x03\x3c\x46\x42\x94\xd0\x91\x33\xb1\x51\xd5\xb5\xc6\x32\x1b\x50\xe2\x24\x1d\xe0\xef\x6f\x88\x28\x89\xcc\xf4\xad\x35\x40\xd5\xa1\xe3\xf7\x54\x8f\xb1\x3b\xe7\x1c\x16\x51\x66\x06\xe7\x9d\x04\x49\xc2\xa0\x8e\x5d\xc2\x31\x48\x84\x3c\x84\xe9\x7e\xd2\x40\x69\x16\x1c\x8e\x75\x20\x8f\x33\xe9\x5b\x3e\x10\xd1\xd4\x9a\x2f\xae\xf9\xd9\x86\xab\x62\x80\x9f\x62\xad\x39\xc7\xcc\x87\x1f\x37\x5a\x4f\x5a\x6f\xaf\x10\x4d\x7e\x11\xb8\x90\xcf\xb0\x58\x99\x02\x68\x52\x16\xec\x07\xcb\x8e\x8e\x9e\x7a\x7c\x43\x63\x5e\x23\x21\x2b\x69\xca\x3b\x7e\xd5\x4f\x0b\x97\x94\x9e\x3d\x9a\x66\x62\xf8\xe4\xb3\xab\x09\xcd\x49\x52\x94\xc3\x31\xc0\x47\xd8\x6e\xe7\x85\xff\x65\x8b\xcd\x7f\xcf\x9c\x48\x06\x05\xce\x05\xe8\x10\x06\x8d\x60\xfc\x9b\x26\xb5\xf0\x63\xeb\x90\x00\xd2\x65\x7a\x50\x94\x28\x4a\xc8\x0f\x13\x75\xd0\xb6\x6d\x6f\x5f"},
+{{0xad,0xc6,0xe9,0xb2,0xe1,0x03,0xb6,0x2c,0x24,0xad,0x43,0x46,0x41,0x0e,0x83,0xa1,0xa0,0xbd,0x25,0x3e,0x4a,0xbf,0x77,0x91,0x18,0x50,0xc6,0xd9,0x66,0x6e,0x09,0xf9,},{0xfc,0xe3,0x16,0xe3,0x3c,0x91,0x08,0x21,0xbe,0xed,0xdd,0x63,0x4b,0xed,0xc5,0x8e,0xe5,0x79,0x99,0xa7,0x6e,0xce,0x38,0x46,0x05,0x28,0x3b,0x99,0xb5,0x43,0xb7,0x8b,},{0xcb,0x01,0x7d,0x6d,0x26,0x82,0xc9,0x85,0x43,0x66,0x25,0x9a,0xa3,0x5f,0x30,0xd4,0x91,0xcf,0xaa,0x93,0x09,0x98,0xc2,0x97,0xdb,0xdd,0xc6,0xad,0xed,0x5b,0x3d,0x40,0x1c,0xf7,0x6d,0x80,0xd8,0xa2,0x76,0x4d,0xe1,0x31,0x71,0x8b,0x6e,0x0c,0x48,0x1d,0x71,0x96,0xbc,0x72,0x57,0x97,0x16,0xb0,0xc0,0xf6,0xff,0x05,0x3e,0x68,0xc5,0x0c,},"\x8c\xcc\xd9\x8e\xbb\xf2\x43\x9f\xfd\xfa\xc4\x16\x87\x63\x8f\xaa\x44\x4e\x1c\xa4\xb6\x3d\x13\xe8\x98\xea\xa8\x35\x54\x92\xf2\x88\x13\xab\x81\x3f\xd0\x15\x10\xe1\x12\xbe\x10\x6b\x20\x45\xd3\x0f\x63\x33\x5d\x24\x89\x04\xd5\x21\xde\x18\x1a\xba\xc0\x3e\x3d\x2c\xb2\xd1\x6c\x44\xb3\xb0\x12\xa0\xc5\x1f\x99\x01\xae\xf9\x05\x6c\x72\x4d\x7a\x2c\x6b\x2a\xcb\x0a\x07\x55\x59\x40\xe4\xc6\xe2\x11\x54\x89\x06\x11\xad\xeb\x64\x89\xf4\x61\xd3\xe5\xec\xd1\xaf\x5a\x4d\x2b\x0a\xda\xf4\x17\x47\x43\x6e\xb4\x14\x75\x7a\x8f\xe4\x77\x56\x74\xe3\xc6\xe5\xde\x45\x69\xd6\xfc\x6c\x78\x8e\x10\x90\x5e\xba\x32\xc2\x70\xa3\x93\xe6\xf7\x21\xa7\x65\x29\x4e\x2a\xc9\x9a\x9b\x6e\x53\x4d\x3d\xf0\x8d\x1d\xb9\x7d\x60\x2a\xc3\x19\x5c\xb0\xb7\x7f\x5b\xd4\xac\xaf\x73\x7f\xad\xd6\x99\x1f\x06\x88\xab\xc7\x49\x18\x04\x75\x74\xea\xc2\x82\x89\x73\x9a\x66\x4e\x0e\x0e\x20\x57\x4a\x2c\x25\xfd\xe4\x9d\x14\x53\x9d\xb1\xce\xdd\x4a\x92\x04\xa7\x0a\xcf\xf0\xa6\x2c\x8f\x25\xcd\x76\x8f\xfa\xb1\x5c\x4d\xb3\x16\x84\x0a\x4d\x1b\xc9\x2e\x21\x26\x70\xbe\x07\xc5\xbd\xcf\x53\x75\x90\x60\x7d\xfb\xbb\xb4\xd9\xf9\x8b\x89\xda\x0b\x4d\xf7\xd8\x8f\x3e\xca\x48\x14\xd1\x6b\xfa\x20\xc8\xd2\xfa\x94\xf9\xf2\x59\xf2\xee\x2d\x3a\x83\xc9\xe4\x17\x1b\x1a\x26\x2c\x4b\x99"},
+{{0x37,0xfc,0x1b,0xed,0xa4,0x06,0x0b,0x6c,0x57,0x88,0x3d,0xdb,0xa0,0x77,0x6c,0x2b,0xcf,0x5a,0xc2,0x8a,0x65,0x13,0x26,0x02,0x1c,0xca,0x97,0x72,0x37,0x30,0xfb,0xb0,},{0x7b,0xd7,0xbf,0x1c,0x99,0xdc,0x82,0xe0,0x6f,0x08,0xbb,0x45,0x4d,0x8f,0xb2,0x88,0xa5,0x79,0x27,0xe0,0x7f,0xf1,0xb1,0x2a,0xf1,0x5e,0xe2,0xc1,0x2f,0xbb,0x6b,0x3d,},{0xa0,0x1d,0xd6,0x5f,0xad,0xa2,0x70,0x39,0xf1,0x68,0xb1,0x23,0x41,0x9d,0x8a,0xbf,0xbd,0xa4,0x8c,0x57,0x2e,0xce,0x24,0xfd,0xa0,0x6e,0x1a,0x5e,0xc3,0x1e,0x08,0x4f,0x4e,0xe1,0xcb,0xf9,0x96,0x1e,0x88,0xed,0x51,0xe1,0x89,0xfc,0xb7,0xf5,0xf2,0x35,0xde,0x1e,0x5b,0x28,0xd0,0x8f,0x2b,0xfc,0xa1,0x90,0xb0,0xf0,0x19,0xec,0xc2,0x07,},"\x3d\xfc\xac\x02\x65\xa0\x24\xa8\x3c\xb9\x32\x67\x44\x89\xa1\x63\xaa\xc3\x14\xbf\x3d\x96\x9f\x27\x59\x6e\x45\x17\x33\xb9\x9d\xeb\xa5\xee\xb7\x79\x21\x0b\xaf\x95\xbf\x54\x5a\x1a\xe6\xb8\xa9\x15\x86\x06\x93\xee\x89\x0f\x93\x93\x20\xe0\x6a\x84\x44\x83\xd1\x8c\x6a\x1b\xcd\x03\xc6\x38\xbb\x7d\x1f\xe2\xa8\x2e\xb4\x48\xa3\x11\xb1\x30\x2e\xa6\x42\x8f\x54\xa3\x9f\x45\xa4\xd5\x60\xbe\x15\x57\xa2\xb2\x54\xc4\x5c\x13\x7f\x45\xcc\x68\x35\x68\x36\xe2\x1b\xed\x0b\x7f\x73\xa5\x18\xce\x09\xdb\x0b\xe3\x93\x92\x7c\x33\x9b\xf2\xa4\xb5\x98\x75\x39\x40\x4c\xe6\x50\x28\x4d\xe1\x2e\x3b\x55\x3b\x26\x2e\xfe\x23\x84\x83\x32\xcc\xfd\xc3\x5e\x79\x1a\x0a\xb4\x3f\x13\x9c\x71\xed\x0f\xcb\x2d\x17\x3b\xb3\x77\xee\x46\xb1\xa9\xdc\xa9\x27\x7e\x77\xdf\x85\x5f\x28\x30\x25\x1e\x31\xe2\x6a\xcd\x86\x76\x3c\x8d\x7e\xac\x22\xc8\x82\xfc\x17\x4f\x2b\x5e\x75\xca\x6a\xd1\xad\xe0\x3f\x94\x2b\xb2\xa1\x3b\xf5\x41\x90\x61\x59\x15\x8c\x68\x36\x3c\x74\x80\xc5\xb2\x7a\x99\x32\x0f\x82\x83\xa2\x69\x9d\x43\x69\xc0\x71\xc5\x0d\xbd\x90\xb7\x79\x2e\x47\x72\xef\xbc\x0b\x19\x5b\xce\x84\xcc\x4d\xcf\xff\x70\x72\xa4\x89\x68\xdb\x69\xf9\xfe\xdd\xd0\xf9\xce\xd6\x59\xeb\x5d\xb7\x16\x7f\x35\xf9\x88\xce\xc1\x14\x88\x7d\xcb\xfd\xf2\x7d\x02\xd3\x00\xb3\xe1\xab\xec"},
+{{0x8d,0x42,0xf4,0xdd,0xd2,0xbb,0xd2,0xb8,0x27,0xb0,0xa0,0xd3,0x1d,0x8f,0x75,0x8e,0xbd,0x13,0xa1,0xb9,0xb3,0x71,0x22,0x28,0x94,0x8c,0xa6,0x10,0xbb,0x88,0x58,0xe5,},{0xb7,0x35,0x48,0x98,0x79,0x4f,0x9d,0xb0,0xa8,0xaf,0x6e,0xea,0xfc,0xdb,0xdf,0x01,0x1d,0x3f,0xbe,0xf0,0x21,0x2a,0xd9,0x38,0xa4,0xa4,0xad,0x27,0xab,0x16,0xeb,0xbf,},{0x70,0x76,0x4b,0xe3,0x9c,0x6d,0xca,0x0f,0x06,0x7a,0xbe,0x1e,0xca,0x49,0x0f,0xda,0x95,0x1f,0xd4,0xe9,0x49,0x96,0x95,0x26,0x6e,0x27,0x0b,0x9b,0x05,0xea,0xe7,0x06,0xca,0x8d,0x1c,0xa6,0xa9,0x2d,0x7c,0x48,0x8e,0xc6,0xad,0x8b,0xa1,0x14,0x57,0xa4,0x2a,0x5e,0x31,0x70,0x2a,0x9c,0x2b,0xce,0x89,0x2d,0xc4,0x05,0x35,0xc0,0x9f,0x01,},"\xe3\xa2\xbe\xbc\x04\x96\xd8\x97\x4a\x8f\x40\x61\x88\x03\x69\x31\x4e\xd9\xe4\x40\xc1\xb7\x7e\x26\xfe\x50\x71\xce\x69\x4f\xfd\x21\x36\xdb\x0c\x4d\x5e\x88\x0e\x60\x00\x08\x3a\x75\xc9\x0d\x3c\xf7\x2b\x9c\xf5\xa2\xb1\xa9\x00\x2c\x27\x01\xa2\xff\x59\xb0\x69\x9a\x8f\x42\xd7\x9d\xd8\xa5\xfb\x71\xa8\x12\x54\x53\xd9\x1f\xb8\x00\x80\xa3\xf0\xa1\x65\x84\x28\x2f\x17\xec\x7d\xfd\xc2\xe5\xc6\x9c\x4d\x9b\xdf\x48\x4d\x55\x94\x4d\xae\x27\x3f\x21\x1c\xfb\x76\xad\x37\xda\x45\x87\x13\x65\x43\x9a\xf3\x5e\xea\x1f\xbe\xcd\x4c\xa6\x79\xb5\x9b\x5e\x01\xba\xcf\x49\xc7\xf4\xe5\xef\xaa\x40\x6b\xa1\xda\xeb\x08\x54\x82\xaf\x5d\xed\x89\xdc\x68\x85\xff\xbe\x3d\x14\xd2\x93\x1b\x83\x89\x7e\x28\xad\x06\xe5\x56\x4e\x27\x89\xba\xea\x81\xbd\x93\x2a\xa2\x79\xfe\x8e\x32\x4b\x9a\x8e\xf1\x11\xc2\xab\xe2\xf1\x37\xd4\xbb\x50\xd8\xab\x76\xce\xbc\x0b\xd9\x82\xa2\x39\x19\x75\x1a\xd4\xd4\x9e\x88\xeb\x14\x17\x3d\x33\x10\x28\x9a\x87\x23\x17\xe4\xa4\x51\xe8\x8d\x54\x32\x08\x91\x87\x0f\x15\xb2\xd5\x33\x24\x43\x08\x77\xa9\xfb\x5b\x49\xbb\x92\x9f\x21\x1c\x5b\x89\x76\x4d\xd9\xc3\xa5\x95\xa1\x45\x1e\x9f\x85\xa2\x38\x54\x00\x02\x56\x6e\x53\xa9\x9e\xd1\xe6\xdd\xc9\xb4\x85\x3f\x45\x5e\xdb\x4c\xf1\x98\x0d\x56\xbb\xdc\x13\x13\xa3\x6e\x76\xea\x9c\xbb\x04\x8a"},
+{{0xb6,0x2d,0xe5,0xa1,0xac,0xfe,0x4c,0xa2,0xd1,0xf0,0xc1,0x32,0xaf,0xcb,0xda,0xe6,0x6f,0xb2,0x9a,0x02,0xf2,0x97,0xfb,0xc2,0x40,0x7f,0xad,0xbb,0xf2,0x45,0x42,0x00,},{0xb6,0x3b,0x2d,0x0b,0xf3,0x55,0xf7,0xb6,0xd0,0xba,0xc0,0x74,0x03,0x41,0x1c,0x40,0xaf,0xbb,0xb2,0xf7,0x07,0x50,0x3b,0x3f,0xc2,0xce,0xe8,0xa1,0xc7,0xd0,0xa8,0x38,},{0x5c,0xdb,0x00,0xe9,0x8d,0xe7,0x3e,0xab,0x48,0x0b,0xe4,0x2f,0x8a,0x8a,0x61,0x63,0x80,0x9a,0x0d,0x37,0x10,0x1b,0x6a,0x5a,0x4e,0xed,0x6a,0x0c,0x92,0x03,0x0d,0x09,0xa5,0x56,0x2c,0x72,0x90,0x80,0xce,0x6f,0x65,0x94,0xc8,0xfa,0xfb,0x1f,0x59,0x47,0x72,0xdb,0x7a,0x90,0xa9,0xe7,0xda,0x15,0x89,0x6e,0x82,0xf7,0x05,0x69,0x39,0x0d,},"\xe6\x59\xe5\x1d\x7b\x19\x3c\x4b\x8e\x2b\x3e\xd7\x3a\x9d\x75\x57\xed\x2b\xab\x61\x53\x88\x3a\xb7\x23\x59\x2f\x73\x0a\x91\x45\x67\x14\x2b\x3f\xa4\x35\xdb\x32\x19\xf8\x3a\x54\x2d\xc7\xa4\xbd\x80\x5a\xf6\x66\xea\x86\x5b\x85\x31\x46\xf8\xe3\xa9\xfe\x87\x07\x11\xf9\x0d\x12\xb0\x69\x34\x92\xaf\x2a\x1e\xdf\x99\xa1\x64\x58\xf7\x81\xf1\x26\x6e\xc4\x37\xa5\x29\x6a\x82\x2c\xa9\xd6\x9c\xe8\x44\xb5\xc5\x90\x97\xa2\xa5\x6f\x3e\xb8\xfd\x27\x3a\x63\x61\x16\xdb\x77\x43\x00\x92\x2d\x45\xb7\x44\x65\x7a\x69\x2f\x5e\x8b\xfb\xcb\x06\xd2\x42\x28\x18\xae\xb5\x1e\x7c\xda\x68\xac\xfb\xed\xa1\x6e\x7c\x79\x58\x0d\xcc\xcd\xe2\x4e\x8e\x3d\x60\x1b\x16\xe0\x63\xb4\x3a\x6d\x0d\x14\x07\x55\x2f\x75\x04\xf5\xbe\x19\x88\x2e\x4f\xfe\x32\x34\x4f\x5f\x47\x3e\x73\xa8\xf6\xed\x37\xb0\xd8\xd9\xe5\xe0\xa0\xdc\x98\x28\x39\x5b\xcb\xd8\xf3\xa4\xe3\x12\x48\x69\x24\x9d\x05\x8b\xe0\xe0\x45\xde\x0b\x1e\x12\xb1\xc8\x3b\xa0\xaa\x22\x7c\x95\xb8\x2b\xf7\x42\xc3\xea\xc0\x15\x2b\x33\xe6\xd1\x9b\xe8\xb3\x3a\x35\xbf\x70\x5d\xaa\xb1\x06\x22\xa9\x0a\xed\x02\x2e\xa6\xe4\x39\xed\x50\xa9\x30\x84\x37\x92\x99\x24\xba\x3a\xb1\x11\xad\x0c\xaa\x6f\xeb\x0a\x6e\xb1\x65\x82\x4e\xbd\xb0\x86\x65\x71\xef\xc0\x7e\x52\x22\xed\x86\x86\xb1\x4d\x92\x70\xbf\x76\xb9\x45\xd5\x20\x14"},
+{{0x97,0x32,0x05,0x9d,0x7b,0xf0,0x20,0x0f,0x5f,0x30,0x41,0x24,0x30,0x33,0x6b,0xe4,0xef,0x1e,0x3c,0xae,0x62,0x93,0x8a,0xd0,0x87,0x29,0xce,0x3b,0xa7,0x14,0xcf,0xd4,},{0x0d,0xe8,0x42,0x5f,0x5e,0x30,0xb2,0xb8,0xae,0xbb,0x80,0x72,0x00,0x9a,0x30,0xcf,0x04,0x11,0xc3,0xc8,0x23,0x8f,0x4e,0x42,0x08,0x76,0x0c,0x56,0xc3,0x3e,0x43,0x4f,},{0xfb,0xa1,0x74,0x9b,0x64,0x1d,0xd4,0xdf,0x34,0x66,0x4b,0xc4,0x3c,0x00,0x46,0x8c,0x7d,0x75,0xe8,0x4a,0xfa,0xd7,0x2d,0xe4,0x73,0xfd,0x1e,0x9c,0x87,0xda,0x15,0xea,0x60,0x4f,0xc2,0x54,0x9a,0x1a,0x86,0x7f,0xa8,0x08,0x50,0xe9,0xc2,0xa5,0x9c,0xd9,0x90,0x53,0x88,0x67,0x60,0xa8,0xd9,0x76,0x4b,0x84,0xdd,0x67,0x26,0x76,0x72,0x0d,},"\x1a\x13\xe7\xab\x60\x3b\x48\xeb\x89\x6f\xe1\x71\x73\xfb\x31\x95\x0b\x0d\xcd\x5a\x35\xff\xdb\xe1\x37\x1c\x7a\x5b\xfb\xa5\x93\x31\x75\x89\xd9\x65\x2d\x88\x79\x77\x29\x18\x0b\x8d\x0e\x51\x5a\xbf\xe6\x54\x8f\x16\x04\x21\xe5\x37\xd5\xc9\x4a\xef\x2b\x34\xc7\xeb\xb0\x97\x42\x00\x03\xbc\x0f\x36\x1b\x42\x3e\x7e\x14\x63\x0a\x80\x3c\x11\x82\x02\x54\x00\x49\xf6\x8c\x9c\xf4\x6f\xae\x03\x68\xd1\x62\xe4\x00\xd7\x7b\xb4\x52\x3c\xf6\xc7\x53\xb9\x75\xc2\x45\xbc\x99\xed\x2f\x41\x3a\x9d\x06\xc2\xda\x6c\xe0\xcc\x09\x87\xb6\x40\x6b\x80\x9e\x8e\xb3\x19\x03\x3d\x2d\xe9\x13\x1d\xee\x3b\x1b\x7b\x5c\x95\xd6\x53\xce\xd8\xfc\xcf\x99\x8d\xa1\x76\x85\x11\xec\xa4\xd3\xc5\xf7\x35\xad\xab\x96\x50\x3b\x35\x51\x80\x3e\x49\x22\x63\x50\x95\xef\x81\x1b\xe4\xc0\x8a\x6c\xba\xc9\x17\xcb\xe6\xcd\x91\xa4\xae\x5a\x33\x0c\xce\xc0\xe8\xe8\x15\x37\x12\x17\xa3\xde\x62\xf2\xd2\xd6\x14\x66\x21\x98\x33\xf3\x34\x47\x13\x2f\x4d\x43\x35\x0c\x58\xcb\xaf\x42\x24\x75\xed\xb1\x28\xc5\x6d\x80\xa4\x95\x72\x6b\x1f\xdb\xc5\x65\x51\xeb\x72\xd0\xf4\xfe\xc2\x6b\xa8\xbf\xf5\xee\xd6\x77\x4b\x85\x03\x9a\x52\x92\x83\x4b\x5d\x1c\xc1\xb0\x9b\xa0\xa3\x95\x4d\x29\x32\x36\x73\xf5\xe7\x12\x76\xa1\x2a\xc4\xc5\x79\x35\x5b\xf1\xec\xca\x48\xe6\xa7\x16\xb9\xfc\xec\xdc\x56\x5c\x51\xb9"},
+{{0x9c,0x7f,0x6f,0x37,0x9e,0x38,0x57,0x00,0x7e,0x2a,0xc6,0x32,0x4c,0xbb,0xce,0xd5,0x7a,0xc9,0xee,0xe4,0x47,0x78,0x13,0xf8,0x3a,0x81,0xfc,0x8c,0xef,0xa9,0x64,0xd5,},{0xa5,0x4b,0xa3,0x96,0xd6,0x87,0x63,0x4d,0x3e,0xcc,0xf4,0x1c,0x57,0x82,0x49,0x4f,0x5f,0x10,0xa5,0x21,0xa1,0xe5,0xd3,0x88,0x52,0x3d,0x80,0xee,0xba,0x5b,0x0b,0x2b,},{0x65,0x68,0x5f,0x9c,0xa5,0x98,0x2e,0x15,0xa2,0x2b,0xa3,0xc8,0x3a,0x03,0x48,0x34,0x84,0x82,0xdf,0xae,0x57,0xce,0xa1,0x78,0xf0,0x78,0x0c,0x05,0x7b,0xae,0xbe,0x4a,0xf6,0x32,0xf9,0x84,0x54,0x0a,0x26,0x01,0x9a,0x7f,0xb3,0x42,0x53,0xc9,0xec,0xe7,0xff,0x30,0x8a,0xda,0x23,0x3c,0xe0,0x68,0x63,0x47,0xab,0x5b,0x21,0xce,0x57,0x0b,},"\x3f\x2d\x30\x72\xfe\x73\x83\xe5\x41\x55\x1e\xa9\xab\xdb\xae\xae\x6a\x46\x4a\xe6\xb9\xf0\xba\x78\x6a\x44\x1b\x2d\x08\xda\x5b\xca\xda\x3c\x54\x24\xdc\x69\x31\xd6\xb3\x95\x23\xe2\xde\x0a\x0c\x2e\x4e\x6b\x5b\x8c\xda\x92\x5e\x5e\xac\x93\x84\x16\xa2\xc5\x1b\xf1\x3d\x49\x53\x1d\x7e\xc7\x11\x4b\x1c\x82\xfe\xaf\x90\xf3\xf8\x75\x91\xe3\x97\xd0\x27\x02\xf8\xec\x1b\x30\xd9\x9f\x5b\xe7\xd2\x20\x3e\x4f\xe4\xdb\x2e\xa4\x7e\x7b\x45\x89\xd8\xac\x50\x62\x48\xd7\x34\x74\x66\xed\xbc\x96\xea\x32\xbf\x3a\x6e\xa7\x50\x2d\xd6\x0c\x9e\x84\x90\x27\x15\xab\x2c\x6c\xa6\x8f\x5b\x00\xe1\xd9\x09\xd8\x3a\xa6\xab\x66\x2d\x8a\xea\x87\x0e\xcd\x86\x1f\xec\x69\xf2\xee\xc0\xae\x67\x7d\x29\x95\xb0\xed\x68\x8f\xaa\x8e\xf7\x82\x44\xe0\xd1\x19\x56\x97\xb0\x71\x22\xce\xaa\x11\xf5\xa6\xea\x58\xfb\xdf\xa2\xe2\xec\x2d\xf9\xd1\x86\x93\xae\x96\xd4\x71\x27\x55\x6e\x91\xf0\x86\x49\x82\xc1\x34\x19\xb0\x4a\x63\xf2\x08\xe7\x30\xd2\x69\x51\x88\x2a\xef\xe0\x01\xbc\xa3\x40\x8b\xd9\x86\x27\x48\xc6\xcc\x87\x6c\x28\xca\xc3\xbb\x2e\xb3\x39\x58\x18\xc2\x09\x1e\x0f\xbd\x7a\x0b\x44\x68\xc6\xb0\xd0\x0c\xd0\x08\xc1\x1c\x3c\x3a\xd0\x10\x80\xa1\xf5\xa4\x0a\xe2\xe4\xb0\xc3\xa0\x71\xef\xc8\xe1\xd1\xba\x6a\xce\x6d\x4d\xf0\xff\x19\x82\x9b\x0c\x68\x0b\x3a\xeb\x75\x91\x77\xed\x34"},
+{{0xa4,0x78,0xf3,0x5a,0xbb,0x73,0x72,0x7b,0x6b,0xe6,0xee,0x5e,0x56,0xee,0xc3,0x23,0xc9,0x51,0x78,0x82,0xfd,0x69,0x19,0x36,0x0e,0xbb,0xbf,0x5d,0x5c,0xb8,0xb8,0x3a,},{0x7a,0x6e,0x26,0x6a,0x54,0xd1,0x35,0xdd,0xa0,0x00,0x9c,0xcd,0xa8,0xa9,0x4a,0x47,0x12,0xae,0x5c,0xb1,0x47,0x61,0xe8,0x43,0x6e,0x97,0xc4,0xb7,0x81,0x4d,0x8e,0x8c,},{0x9d,0x16,0xfd,0x40,0xb9,0xf8,0xdd,0x9b,0x4a,0x1a,0x8c,0x6d,0x70,0x3b,0x9f,0xcc,0xbb,0x94,0x0b,0x1e,0x0a,0xe7,0x7a,0x59,0x70,0x37,0x4a,0xf0,0xcf,0x72,0x6f,0x44,0x79,0xfd,0x30,0xd7,0xdf,0xf5,0xcf,0x53,0x49,0x4d,0x9a,0x29,0x6a,0xb6,0xb9,0xe4,0x6e,0xa6,0xc1,0x36,0xb4,0xdb,0x2c,0x71,0xc2,0x1b,0x97,0xc1,0xc8,0x25,0x4d,0x0a,},"\x01\x73\xa3\x40\x50\xb4\x37\x48\x06\x1f\xf8\xf5\xa3\xd7\xc4\x3b\x63\x60\x84\x77\x86\xe8\xbb\x75\xe5\x36\xfb\x47\xb6\x45\xb2\x14\xf2\x21\xba\x24\xd8\x3d\x28\xbc\x02\x50\x24\x66\x3e\x53\x4f\x90\xf6\xe8\x3a\x93\xd8\xbd\xde\xda\x2c\xd8\x80\x81\x55\x65\x2a\x90\x8c\x43\x7c\x2d\xb6\xf3\xed\x49\x12\xf5\x7c\xa5\xb9\x79\x28\xa7\x3b\xe9\x64\xaf\x59\xdf\x44\x39\x85\x4b\xb0\x06\xfc\x29\x5a\x87\xb7\xb7\x22\x39\xc7\xfa\xdf\xec\x40\x71\x55\x09\xd9\x85\x79\xda\xad\xfb\x8d\x52\x4b\x4c\xec\x66\x20\x70\x5e\xfd\x41\x04\xc2\x97\x14\x4a\xea\x72\x29\x74\xe1\x2c\x5e\xce\xe5\x39\x1e\xf2\xd9\x3a\xc2\xb1\x24\xe4\xac\x49\x61\x47\xc8\xb7\x03\x63\x58\x5d\x70\x78\xcc\xc5\x3e\x2a\xe5\x93\x35\x0b\xc2\x55\x48\xa0\x54\x25\x26\xab\x00\xaf\xe4\x77\xa0\xf4\xb2\x73\x97\xc7\x2b\xc7\x4a\x8a\x8a\xb1\x56\xe6\x2b\x8b\xb4\x7c\x3f\xbb\x4b\x34\x91\x3e\x45\x96\x87\x47\x6b\xf3\x31\x42\xc6\x14\x70\x21\x07\xff\xe2\xcc\x01\xe2\x5f\xa3\x02\x75\xe1\xe2\xe6\x3c\xea\x91\x68\xe4\xa4\x7c\x02\xde\x09\x7d\x4d\x85\x3b\x27\x67\x5c\x5b\xb3\x30\xb9\x4a\x97\x4e\xad\x85\xe2\xbd\xee\x8e\xe1\x7c\xbb\x56\x53\x34\x66\x58\xdf\x2f\x91\xf6\xbd\x73\x94\x91\xdd\x71\x98\x8b\x3a\x97\x6a\x3e\x2e\x7a\x9d\x13\x74\x10\xf4\xac\xba\x9f\xeb\x5f\x11\x79\x8c\x9a\x43\xb6\xad\xce\x14\x36\x5a\x7c\x6d"},
+{{0xff,0xe8,0x25,0x14,0x8c,0x09,0x59,0xb3,0xa6,0x8d,0xe8,0x6a,0xd8,0xe8,0xaf,0x7f,0xa5,0xe0,0x78,0xf3,0x63,0xdc,0x12,0x42,0x13,0xc9,0x00,0x20,0xda,0x0c,0x90,0x89,},{0x13,0x91,0x52,0xa0,0xbd,0x22,0x96,0x2d,0xd9,0x19,0xae,0x3e,0x0b,0x16,0x20,0xe0,0x3c,0x03,0x3c,0x2a,0xd0,0xa3,0x97,0x9e,0xc6,0xbc,0xd1,0x70,0x5e,0x23,0xd5,0x98,},{0xfe,0x4e,0x89,0xee,0x31,0x78,0x6c,0x0a,0x3d,0x3d,0xe3,0x64,0x9b,0xb9,0x3f,0x0b,0x8a,0xef,0x1c,0xaf,0x5a,0x83,0x2e,0xc5,0xe4,0x06,0x78,0x10,0x70,0x5a,0xdd,0xdf,0x53,0x9b,0x8f,0x4e,0x05,0xad,0x08,0xcf,0x34,0x79,0xe4,0x5b,0x42,0xc9,0x65,0x28,0xf6,0xd5,0x9a,0x46,0x25,0x70,0x3d,0xdb,0xf1,0x5b,0x63,0x09,0x39,0x65,0xd8,0x0d,},"\xf1\x25\x78\x0d\x0c\xd0\x88\x53\x0f\x0c\x87\xb7\x0b\xd4\x2e\xba\xb5\x6a\xdb\x5a\xd4\x34\x5f\x92\x9a\xe5\xde\xae\x07\xfb\x55\x32\x21\x53\xa8\xf0\x23\xd3\x88\x43\xbf\x5d\x6a\x93\xfe\x99\x3e\xee\x71\xbc\x2e\xe5\x63\xb2\x5a\x50\x91\x8f\x03\xef\xdb\x5d\xbf\x72\x69\xad\xd6\x9d\xed\x3e\x66\x95\x38\x95\x62\x0d\x9b\x6c\xf4\x6b\xa2\x34\x8f\x8d\x66\xd7\xf0\x92\x23\x5e\x37\x8c\x1e\x3e\xdf\xeb\xeb\x78\x08\x4b\xc8\xde\xa0\x13\xf9\x93\x3a\xae\x14\xa0\x41\x94\x82\x76\xd0\x1f\x1c\xb5\x83\x4b\x0e\x59\x0e\x13\xd9\x31\xd1\x92\x92\xbb\x1d\x80\x41\xff\x2f\xe2\xe1\x17\x1a\x2e\x0b\x9a\x05\x98\x21\xd0\x92\x4d\xde\x7f\x3b\x1b\xb5\x98\x13\xf5\xe3\xc6\x35\x20\xaa\xfb\x88\x01\xba\x62\xc7\x09\x7d\x4d\x8c\xf4\x37\xa5\x68\xa7\xf0\x08\x7c\x6e\xa0\xfc\xe6\xe5\x68\xc4\x88\x3f\x1c\xd1\x2c\x74\x9d\x06\xa6\xfe\xb2\x78\xf1\x08\x6a\x8b\x04\x76\x99\x21\xf7\x8a\x99\x59\x06\x2a\xb0\x6f\x98\xee\x80\xc2\xc7\x85\x4f\xfa\x76\x0f\x86\xa8\x9e\xe1\xa5\x12\x66\x05\x3d\x19\x5e\x61\xbb\x1d\xbd\x18\xdd\x89\xff\x39\x4e\x40\x8a\xce\x0f\x64\x1a\x39\x5d\x56\x11\x8e\xa7\x2b\x7d\x8a\xdf\x78\xb1\x65\x5e\xce\xce\x7e\x82\x50\xe8\xa3\xa9\x1c\xb8\xfc\xa0\xd9\xce\x0b\xaf\x89\x80\xa3\x87\xc5\xed\x43\x18\x66\x32\x80\xe5\xb4\x53\x1f\x31\x87\xc4\x7e\xae\xa7\xc3\x29\x72\x8d\xdd\x0e\x40"},
+{{0x49,0xaf,0xf4,0x21,0xa7,0xcd,0x12,0x72,0x2a,0xa8,0x4c,0x48,0xc1,0xfb,0x1c,0x5f,0x8d,0x9e,0x27,0x7d,0x0a,0x99,0xec,0xbc,0x93,0x48,0xc3,0xaa,0xa7,0x4b,0xe4,0x22,},{0x88,0xd2,0xc2,0x62,0x66,0xf4,0x93,0xbc,0x67,0x57,0x8c,0xa0,0xb1,0xf5,0x11,0x60,0xcf,0x0f,0xdb,0x6a,0x09,0xa9,0x06,0xdb,0x9f,0xaa,0x68,0x6f,0x11,0xf8,0x20,0x8d,},{0x74,0x91,0x81,0x28,0x4d,0xf0,0x5d,0xbe,0x59,0x74,0xb9,0x17,0x82,0xa1,0xa7,0x6e,0xa0,0x86,0x42,0xcb,0x0f,0x0c,0x98,0xdb,0x58,0x6c,0x57,0x5c,0x21,0x0c,0xdc,0x8b,0x65,0x1b,0xd3,0x4b,0x75,0x7a,0xe3,0x8e,0x4b,0x6b,0xe9,0x46,0x52,0x35,0xbd,0x0e,0xca,0x43,0x0e,0x26,0xc3,0xee,0xde,0x56,0x1c,0x6e,0x82,0x4d,0xfa,0x20,0x0e,0x0a,},"\x70\xa1\xac\x14\x4b\x75\xfd\xa7\x55\x86\xa7\x9c\x36\xfd\x39\xcc\xe5\xf5\xca\xe2\xe6\x37\x58\x52\xd3\xb6\x2a\x96\x30\x33\x6a\x29\x3e\xa6\xd2\xac\x6e\x5b\x57\xda\x21\xef\x36\x4a\x59\x5b\xb0\x75\x0f\x5b\xf4\xd2\xb3\x20\x67\x64\x23\x87\x0e\x4b\x8e\x08\x69\x60\x1f\x16\x68\x06\x19\x04\x8c\x4e\xde\x27\x6d\xa6\x9f\x20\x5a\x70\x17\x6e\x25\xea\x04\xbd\x08\x97\x63\xe7\x09\xba\x34\x3f\xc8\x83\x1e\x52\x04\x4e\xab\xf9\x44\x1e\x69\x97\xf8\xba\x1a\xeb\x9e\xf0\xf4\x91\x17\x06\x67\xa7\xf5\xfc\x96\x27\xcb\xd0\x55\x1b\x76\xbe\x27\x28\x3a\x4b\x0c\x5f\x66\x78\x46\x68\x82\x26\xa1\x15\xee\x80\x20\xdf\x08\x04\x2b\x19\xb5\x9f\xe5\x51\x31\x6a\x6c\xb6\x91\x68\x60\xb9\xec\xd7\x41\x54\xb4\x05\x10\x38\xa1\x73\x52\x37\x2e\xc1\x4d\x3c\x95\x7d\x2e\xf5\x0f\xf7\x86\x18\x9a\x8a\xeb\x9c\x08\xf4\x5e\xeb\x5e\xb8\xb0\x40\x33\x99\x74\xaa\x97\x98\xc4\x25\xd7\xbe\xcb\x22\x8c\x44\x7a\x6d\x0b\x3c\xef\x27\x18\x93\xe0\xf7\x07\x6e\x22\x3a\x7e\x87\xc6\xa3\xd2\x70\xa0\x33\xbc\x97\xa4\x56\x5e\xdc\xe0\xaa\x91\xff\xc3\xf7\x80\x17\x75\xa6\xf2\x9b\x23\x02\x45\xbd\x71\xfa\x03\x43\x53\xde\x37\x23\x95\xd1\xbf\xcb\xde\xbb\xa0\x81\x33\x0f\x7c\x07\x6b\xe9\x9c\x2c\xf4\x86\x7f\x15\xb7\x8d\x52\xf4\x6f\xc7\x39\x1c\x9c\xb9\x5e\x5d\x64\x64\x3b\xaf\xfe\x72\xa8\xe3\xa6\x50\x66\x7f\xbb\x3e"},
+{{0x70,0x3a,0x6e,0x2b,0x62,0xd0,0x09,0x0c,0x61,0xd8,0x65,0x9b,0x6a,0x96,0x3e,0x03,0xc9,0xd6,0x2c,0x1b,0x38,0xf7,0xd7,0x0e,0x5f,0x9f,0xf0,0x55,0x90,0xcd,0x03,0x60,},{0x37,0x0c,0x21,0xde,0x6e,0xf2,0xfa,0xb5,0x34,0xad,0xa9,0x99,0x86,0x9c,0x90,0xbc,0x9b,0x92,0xcc,0xbf,0x24,0x9b,0x79,0xd3,0x9d,0x95,0x44,0x1d,0x1e,0xde,0x21,0x0a,},{0xe5,0xfd,0x64,0xda,0x02,0x88,0x00,0xc6,0xce,0xed,0x06,0x8a,0x5e,0x59,0x6f,0x16,0x21,0xc7,0x0a,0x8c,0xb1,0x38,0xb3,0x1b,0x32,0x64,0x7e,0xb4,0xb0,0x7b,0xd2,0xec,0xc5,0x94,0x2c,0x18,0x84,0x4f,0x36,0x70,0x33,0xf6,0x73,0x98,0xe3,0x14,0xba,0x2c,0x7c,0xcf,0x29,0x9c,0x06,0x97,0x87,0x77,0x70,0x25,0xd8,0x45,0xf2,0xaa,0xd6,0x0e,},"\xd4\x2a\x17\x56\xe8\x4d\xf4\xb4\xe9\x77\x3f\x86\xf7\x67\x4a\x2c\xd7\x8e\x71\xe4\x0a\xa8\xf6\x44\xe6\x70\x2d\xfb\xc2\xc2\xc5\xca\x90\xfc\x24\x2e\x9c\xb0\x09\x9c\xc8\xf2\xc2\xd3\x13\x6b\xaa\xfc\x0f\xf6\x95\x48\x2f\xda\xcd\xef\x9f\x56\x56\x10\xb6\xe1\x90\x07\x22\xf4\x35\xc6\x38\x5b\x35\xe9\xf6\xc4\x36\xca\x03\x7e\x03\xf6\x4e\x22\x33\xdf\xfa\x58\xdb\x3b\x91\xcc\x1d\xaa\x0b\xb0\xc5\x4c\x8a\x43\xe4\x69\xd2\xcf\xf7\xfa\x2b\xf8\xf5\xd1\xd8\x77\x93\x10\x89\xc8\x2e\xd8\x9a\xba\x42\xf2\xee\x2b\x86\xe4\x45\xcf\xd0\x9f\x4c\xd7\x8b\x35\x19\x1b\xf4\x67\xe7\x84\xee\xf7\x5d\xc9\x87\xe0\x46\xd3\x7d\x4d\x4e\x8e\x9b\xbe\x14\xaf\x80\xd0\x3a\x1f\x40\x89\x83\x84\xb9\xd3\x27\x9f\xac\x9c\x57\xfd\x9c\x7e\xec\xbe\x19\xa5\xac\xc1\x50\x33\xb8\x4e\x07\xfd\x0e\x40\x9b\xdb\xd5\xa5\x7f\x65\x64\x11\x83\xa6\xc0\xa8\xec\x42\x6d\x1f\x1d\x22\x31\x66\xff\x0a\x19\x00\xb2\xe9\x2b\x7d\x85\x83\x5d\x01\x9d\x17\x77\x5e\x50\x93\xcc\xd1\x26\xf9\x0f\x63\xcb\x7d\x15\xcb\xeb\x53\x13\x24\x21\x9c\xd6\x4d\xed\x67\x14\xb2\x1a\x65\x37\x1a\xf0\x72\x10\xdf\xdf\x0e\x4e\x58\xdd\xc7\xd5\x9f\x4c\xfa\x65\xc4\x21\xd8\x14\xee\x2c\x9b\xf6\xdb\xf6\x48\x73\xd5\x79\xb0\x9e\xe5\xdc\xed\xd7\x33\x06\x3e\x03\x9a\xc9\xa5\xf9\xca\x4c\x25\x25\xa4\xcc\x8e\x98\x4d\xa7\x18\x5e\x2d\x64\xfa\xd8\x1c\x8a"},
+{{0x76,0x84,0x9c,0x18,0x8e,0x3e,0xdd,0x0f,0xf5,0xf8,0xfb,0x87,0x4d,0xc0,0x45,0x66,0x45,0x51,0x84,0x45,0xe4,0x1a,0x7d,0x68,0x33,0xe6,0x16,0xc3,0xc4,0x8c,0x98,0x68,},{0xd6,0x70,0xe2,0xea,0x07,0xdb,0x60,0xc2,0x2a,0xb7,0x9a,0x93,0xeb,0xf4,0x9d,0x22,0xa6,0x24,0x5e,0xe3,0xaf,0x07,0xb3,0xbe,0x58,0x4e,0xda,0x69,0x4c,0x37,0x72,0x9e,},{0x71,0x41,0x39,0x9d,0x51,0xda,0xa6,0xeb,0x45,0x19,0xbf,0x3f,0x01,0xb2,0x33,0x92,0x0f,0xa9,0x08,0xfe,0xfa,0x61,0x2f,0x0c,0xd7,0xd5,0xaf,0x8a,0x9a,0x3c,0x44,0x19,0x0e,0x3f,0x63,0x84,0xa8,0xd1,0x4d,0x37,0xc9,0x70,0x30,0xef,0x50,0x18,0xcf,0x8a,0xee,0x8a,0xeb,0x15,0x69,0xa7,0x3d,0x84,0x86,0x2a,0x59,0xb7,0xdf,0x72,0xfe,0x09,},"\x1e\xcc\xb0\xbc\x8e\xca\x3a\xb5\xbe\xe6\x8c\x5f\x8c\xaa\x34\x53\x67\x66\xc7\x05\xf5\x08\x27\xdb\x7a\xc3\x75\xd4\xfe\x30\xb5\x8f\xfb\x7e\x2f\xe4\x90\xcc\x71\xa8\xff\x86\xc0\x06\xd6\x17\x4d\x05\x79\x3a\xb8\xa5\x5d\xd5\x1b\x06\xde\x41\x7b\xc0\xac\x45\x2c\xdc\x7c\xfb\x0b\xb0\x03\x62\xb6\x76\x5d\x20\xdb\x23\xeb\x18\x48\x02\x70\x64\xa1\xd9\x09\x1d\x3b\x10\xed\x77\x6f\x28\xb7\x67\x68\xbd\xfc\x08\xf0\xbc\x51\x1f\x76\xfa\xeb\xa7\x6c\xfc\x4c\xb5\xc8\x3d\xc9\xeb\xe8\xa8\xd7\x9e\xdc\xa9\x23\xec\xcd\x52\x40\x09\xca\xfe\xdc\x90\xe3\xad\x87\xd1\x39\x2e\x1f\xcc\xf4\xe6\x0c\xca\xb9\x5d\xc0\xab\x54\xbf\x44\x24\x5a\x00\x7a\x96\xd4\x66\x34\xb1\xb2\x96\x5b\x82\x9c\x3d\x7d\xaa\x76\x59\x72\xb5\x4a\x7b\x36\x5b\x6f\x34\xd7\x7d\x71\x76\xac\xd8\xd8\x94\xf6\xb4\x17\x09\x1b\x6c\x00\xed\xb7\xa4\xe8\x13\x79\x98\x8b\xfc\xec\xb6\x92\xe9\xc3\xc4\x31\x0a\x7e\x24\x0e\x5c\x10\x63\xcd\xe1\x13\xf2\x2a\x68\x4a\x50\xa1\x12\xff\x47\xd3\x89\x88\x12\xef\xb9\x26\x37\x07\x2b\x86\x16\x3a\xd8\x93\x16\xd2\x21\x19\x5a\xcb\xfa\xd0\xa0\x3a\x1f\xbc\x2d\x96\x7f\xe8\x3f\x84\xc8\x45\x9f\xcc\xd4\x90\xb9\xc5\xb3\xe5\x5d\x27\xe9\x48\x4e\x94\x3c\x41\x7f\x21\x28\xd7\x37\x01\xda\x28\xf4\x9f\xd3\x68\x3f\x33\xa3\x9c\xde\xe2\x34\xbd\x30\x5b\x94\x91\xe2\xf3\xeb\x62\x1b\xe3\xdd\x1d\xbb\xb3\x1b"},
+{{0x83,0xae,0x48,0xad,0x70,0xda,0x0b,0xb3,0xcd,0xf8,0x74,0x81,0xee,0x2c,0x0c,0x85,0x71,0xc2,0xca,0x98,0x67,0x12,0xf8,0xbc,0x23,0x29,0xe9,0xa3,0xe3,0x33,0x83,0xc5,},{0xb7,0x85,0x30,0x90,0x00,0xdf,0x95,0xf5,0xa0,0x4f,0x7d,0x89,0xc4,0x11,0x33,0x01,0x05,0x7a,0xda,0xee,0xb2,0x9b,0xcd,0x28,0xd9,0x93,0x71,0xb5,0x37,0xbb,0xa2,0xf6,},{0x43,0x33,0x23,0x51,0xd3,0xfb,0x7b,0x45,0xfc,0xf3,0x7c,0x60,0x7d,0x44,0x2e,0xa8,0x0d,0xbd,0xa2,0xcb,0x69,0xc2,0x88,0x4f,0x42,0x4e,0x65,0xea,0x3a,0x33,0x1e,0xd8,0x47,0x2d,0x43,0x68,0x40,0x5c,0xb7,0x36,0xb2,0xd6,0x68,0x5a,0xd7,0x82,0xe2,0x39,0xfe,0x83,0x3e,0xd7,0x89,0xa2,0x92,0x31,0x85,0x16,0x6f,0x60,0x83,0x42,0xee,0x05,},"\xb7\x52\x1d\x3f\x71\xc6\x79\xfa\x70\x37\xfe\x74\x88\xa6\x41\xf6\xb9\x7c\x49\x45\x4a\xcc\x8e\x36\xb9\x03\xd8\xf9\xeb\xb5\x4d\x89\xcb\x56\xef\xd1\x9e\x04\xba\x6a\x7c\x8f\x48\xa7\xd3\xec\x9d\xec\xd3\xf1\xcd\x0f\xaf\x6e\x97\x81\x18\xe6\xad\xce\x9c\x6c\x6b\xe6\x3c\x6a\x6a\x1a\xe2\x16\x51\x82\x84\x79\xa4\x6b\xc9\xa0\xf7\x94\x30\x40\xf9\x40\xa0\xd4\x70\xc8\xe5\x77\xc5\xd5\x75\xcb\x53\xc1\xbf\x3a\xb1\xfe\xb0\x50\xdc\xb6\xfe\xf0\xba\x44\x47\xf2\x99\xfd\xb9\xf2\x7e\xcb\x07\x14\xec\xfe\xfd\x74\xba\xd7\xb1\x22\xa4\x62\xc2\x4a\x20\x98\x48\xa0\x33\x89\x07\x45\x78\xc5\xbd\xc3\x63\x96\xd8\x09\xb0\xf1\x40\x18\xda\x64\x91\x7e\x6b\xf8\x7e\xf4\x05\xc8\xf3\xe3\x33\xff\x9c\x3b\xaf\x63\x39\x66\x76\x20\x79\x4b\xb4\x74\x3f\x05\x14\xb5\xde\x7d\x7f\xdd\x94\x7a\x7e\x35\x01\xee\x88\xef\xad\x15\x9e\x33\xa1\x07\x2f\xbb\x99\xc7\xc7\x1e\x9d\x13\xa5\x02\xd5\xa0\x7c\x4f\x81\x7e\xeb\x7f\x0c\x53\x19\xaa\x41\xa9\x6d\x5f\xf4\xf1\x5a\x73\xc2\x9b\x57\x1f\xe2\x11\x09\x0e\x17\x2c\x8d\xb5\x18\x62\x46\x12\xa5\xc3\x71\xa9\xd7\xce\xf6\xde\x35\xeb\xef\x96\xe8\x8e\x1a\x78\xaf\x3b\xd5\xdd\x35\x25\x1a\xb5\x4d\x73\x71\x8f\x3e\x70\xd2\xd5\x90\x21\x53\x1d\xc7\x31\x84\xf0\xfc\x69\xc2\xe9\x29\x65\x84\x4e\xc2\x7c\x1c\x02\xaf\x5e\x9a\x34\x69\xde\x35\x5d\xb2\x25\x6e\x0e\xc2\xa4\xeb\xa3\x0a"},
+{{0x39,0xe5,0x6a,0x65,0x62,0x3a,0x0a,0xeb,0xad,0xe0,0xda,0x12,0xce,0x1d,0xf3,0x78,0xbc,0x92,0x40,0x73,0xf7,0x3a,0x54,0x9e,0xff,0xae,0xbc,0x46,0x5d,0x1a,0x78,0xe2,},{0x83,0xda,0x8a,0xd5,0x0b,0xad,0x09,0xeb,0x3e,0x94,0xc7,0x25,0xdf,0x3c,0xc3,0xa1,0x19,0x73,0x6a,0xdc,0x85,0x9c,0xa1,0xa1,0x05,0x03,0xf4,0x8f,0xf2,0xfe,0xc5,0x96,},{0x39,0x8e,0x82,0x60,0x01,0x1f,0x57,0xd8,0xac,0x8c,0x58,0xd5,0x45,0x7b,0xc6,0x52,0xc7,0x41,0x4a,0xaf,0x6f,0xb2,0xf4,0x26,0xb7,0x89,0x90,0x56,0x60,0x5c,0x0a,0xfc,0x28,0x39,0x24,0x23,0xb2,0xb5,0x71,0xf5,0xe6,0xc3,0xc7,0xf6,0xd6,0x02,0x45,0xe5,0x3e,0xbd,0x03,0xbd,0xc5,0xad,0x3c,0x1a,0xd8,0x73,0x8c,0xb3,0x22,0x14,0xd0,0x0f,},"\xa9\x6d\xc2\xea\x3f\xa1\x35\x14\x92\xa4\x61\x9d\x91\x94\x68\x1f\x8e\xc4\x00\xa9\x71\x58\x24\x44\x82\x65\x38\x38\xcc\xb7\xe1\x56\xa8\x2d\x56\x43\x68\xf8\x3a\x6e\xe1\xbe\x46\xbc\x34\xb8\x17\x20\x0e\x84\x64\xc3\xd1\x2b\x5e\xf2\xc5\x0b\x19\x56\x5b\x88\x1c\x4c\x3d\x45\x63\xfb\x94\x7e\xb4\x7c\x3e\xe9\xc1\xee\x78\x53\x26\x98\x74\x45\x5b\xfa\xcb\xa3\x05\xf3\x07\xd1\xac\x53\x09\xee\xae\x5c\x07\xfa\x5c\x4d\x42\x8e\xdb\xc8\xb9\x52\x8c\x44\x15\x24\x3a\x9e\xf5\x80\xaf\xf8\xfc\xfb\x12\x00\x0a\x71\xfc\xee\xe8\x9d\xe9\x7f\x90\x27\x95\x29\xbc\xc8\x22\xed\x3c\xb3\x4c\x82\xba\x5f\xec\x15\xf4\x94\x56\x63\x63\x6d\x67\xb5\xfe\xce\xac\xc3\x1d\x25\xf9\x8a\xea\x07\xf7\x80\x0d\x5a\x10\x34\x25\x1c\xb9\x1d\xd0\x96\x3e\xc2\xc1\xa5\x47\x73\xa4\xd9\x6c\x18\x35\x7f\x8d\x10\x1d\xe5\x8e\x93\x2f\x8c\x6c\xdd\xe8\xe3\xcf\xce\xf5\xa7\x44\x3f\xdb\xa7\xb7\x83\x20\x40\x3c\x01\x96\x84\x47\x24\xa6\x12\x18\x3e\x34\xbd\xd8\x08\xce\x7b\x95\x88\x61\xca\x37\x11\x57\x30\xea\xed\xe1\xfd\x0b\xaa\xbe\x97\x6e\xfe\xfd\x03\x65\xfd\xf9\x26\x77\x6c\x53\x6f\x47\xff\x80\xde\x5c\x18\x29\x1b\xb7\xe9\xf1\xb9\x13\xff\xd1\xd9\x44\x68\xb7\x89\x75\x2f\xae\x6c\xa8\x97\xc0\xcc\xa5\x3e\xf1\xe7\x31\xd0\x0c\x8b\xdb\xe8\x92\x9e\xa6\xb1\xdc\xe1\xf3\x1a\x20\x68\x8d\x37\xb0\xf3\xa2\xb4\x15\x3b\x30\x6b\xdb\xa1"},
+{{0x4b,0x99,0x21,0x85,0x2f,0x40,0x9a,0x32,0x3a,0xe3,0x81,0x75,0xe8,0xd7,0x6a,0x21,0x1f,0xc4,0xd9,0xc6,0x54,0x17,0x8e,0xea,0x3b,0xaa,0x7a,0x76,0x7a,0x6f,0xda,0x06,},{0x4c,0x72,0x3e,0x43,0x6b,0x6b,0xd9,0x7f,0x44,0xaf,0x52,0x50,0x3b,0x21,0xcc,0x50,0xd5,0xf6,0xad,0x6c,0xfc,0x82,0x88,0x34,0x5d,0xde,0x80,0x54,0xe9,0x95,0x58,0x2e,},{0xcb,0xf1,0xf1,0x64,0x2d,0xf9,0x50,0xeb,0x71,0xfd,0x09,0x59,0x0d,0x34,0xc2,0x65,0x92,0x2c,0x58,0xbd,0x80,0x26,0xbb,0xa3,0xfc,0x0e,0x59,0x4a,0x6b,0xb1,0xf2,0xb9,0x0d,0xa3,0xdc,0x1d,0x5f,0x6b,0x6d,0x5b,0x40,0x5a,0x89,0x6d,0x1d,0xbb,0x71,0xb8,0x68,0x5c,0x4d,0xfc,0x44,0x4a,0xca,0xff,0xe6,0x5a,0xb8,0x33,0x17,0x89,0xf5,0x07,},"\x3f\x33\xd8\xfb\x83\xe6\x87\x41\x09\x0a\x37\xbe\xdd\x74\x5c\xf1\x41\xaa\xae\xd8\xc9\x2f\xfa\x74\x2a\x52\x56\x17\x77\x88\x58\x05\xac\xe1\x42\x46\xab\x98\xa8\xcb\x59\x8c\x9c\xe3\xde\x9b\x29\xba\xe5\xfa\x04\xb1\xcf\x82\x8d\xe1\x1a\xff\x80\xa7\xef\x8a\x3a\x38\xae\xde\x4f\x3c\x35\x63\xa2\x5d\x04\x9b\xad\xca\xd5\xed\x7e\x47\xfd\xbb\xa6\xe1\x11\x30\x7e\xeb\xe9\xef\x49\x06\xbc\x98\x97\x28\xb7\x6e\x84\xaf\xe8\x08\xe6\x65\x3b\x27\x1e\x21\x10\x4a\xa6\x65\xf1\x89\x8d\xd2\xaa\xb2\x30\x90\xe2\x2b\x4e\x34\x4a\x26\x16\xfb\xd8\xee\x4a\xd8\xed\x81\x08\x39\x5e\xba\x81\x7f\xbd\x14\xfe\xc5\xc1\x7d\xcf\x56\xb8\x22\x08\x56\xb2\xb8\x33\xe0\x91\x40\x7d\x50\x89\xb3\x5d\xdf\x34\xb8\x6f\xf7\xdc\x9f\xde\x52\xb2\x1e\xf1\x21\x76\xef\x33\x70\xb7\xf3\xa0\xa8\xcb\x1b\x05\x8a\x51\xae\xff\xf3\xd2\x79\xd8\x0f\x51\xa6\x8b\xfb\x59\x25\x87\xb4\x5c\x5c\x63\xa7\xe4\xd6\x25\xb8\x87\xde\x48\x6a\x11\x83\x16\xc3\xb6\xa2\x38\x57\x5f\x92\xac\x5b\x1c\x94\xc3\xf5\xdb\xbd\x96\x68\x60\x00\xd6\xd3\x9c\xcc\xd5\x58\xd4\x20\xe4\xd4\x47\xa8\xcb\xc4\xbc\x7b\x8c\x6a\x03\xaf\x0f\x00\x34\xfb\x35\x18\xd9\x38\x00\xf0\xf7\x13\xe4\xb1\x37\x32\xe1\x6a\xda\x51\x80\x1d\x7e\x55\x9c\xf8\x39\xd1\x05\x8f\x64\x95\x56\x98\x31\x13\x99\x34\x54\x16\x85\x0d\xdd\xcc\x56\x01\xa6\x84\xfd\x09\xe6\xaf\xd3\x94\x4f\x5e\x19"},
+{{0x1b,0xff,0x65,0x2a,0x2c,0x83,0x09,0xa3,0x93,0xac,0x11,0xda,0x3a,0xa9,0x7f,0xb0,0x78,0xbb,0x28,0x4e,0xd5,0xe1,0xb8,0xcc,0xc9,0x83,0x65,0x2e,0xf8,0x55,0x6c,0xd0,},{0xaa,0xab,0xdc,0x09,0x1f,0xc3,0x68,0x23,0x54,0x20,0x17,0x44,0xe9,0xb7,0x3f,0xd2,0xa6,0xcf,0xb2,0x81,0x91,0x4b,0xf2,0xc7,0x0e,0xc3,0xdc,0x1d,0xec,0x72,0x16,0xb0,},{0x93,0xc9,0xc3,0x34,0x93,0xfc,0x64,0x17,0x2d,0x51,0xe1,0x6a,0x0a,0x1c,0xd7,0x29,0xa0,0xd9,0x9e,0x3c,0xb8,0x64,0xe8,0x9a,0x42,0x98,0x7f,0x39,0xdd,0x8c,0xd2,0x65,0x45,0xfd,0xfe,0x37,0x58,0x19,0x11,0xe8,0x03,0x67,0x7d,0xa4,0xc5,0x5b,0x0a,0x68,0x3d,0xdf,0x62,0xb7,0x28,0xf8,0xf3,0x06,0x85,0xae,0x58,0xf6,0x28,0xeb,0xe6,0x09,},"\x48\xd0\x26\x98\xa9\x7b\xdc\xb3\xef\x07\x8d\xcf\xcf\x57\x50\x00\x5f\x17\x02\xd3\x00\xe7\xe8\x9b\xc4\x36\xe3\x81\x11\x34\x01\xf8\x52\xb8\xb4\xac\xff\x60\xff\xbd\x4a\xb4\x6d\x20\x21\x68\xd9\x8b\x87\x35\xe7\x9c\xb3\x50\xe3\x5b\x07\x0f\xf6\xbd\xca\xfd\x95\x4b\x55\x19\x69\xb6\xb1\xa7\x0c\x91\x31\xeb\xd4\x0d\x96\x14\x02\x91\xd8\xd2\xb0\x91\x54\x0a\x8b\x18\xd8\xe5\x46\x59\x15\xc2\x5d\xbc\x6b\x5c\x9a\x68\x79\x42\x53\x3c\x37\x2c\x8b\x4e\x95\xa9\x53\x67\x71\x69\xb9\x50\xed\xd3\x46\x43\x75\xcd\x43\x13\x2f\xf9\xbd\x54\x1e\xe2\x2b\xd4\x18\xce\x23\x19\x5f\x65\xd8\xb2\x89\xf6\x33\xec\x8d\x71\xe1\xa8\x01\xb0\x6c\x3c\x82\x7f\x62\x7e\x72\x3d\x21\x99\x10\x0c\xe7\x3e\x8e\x4a\x44\x40\xe7\x78\x31\x7a\x47\x49\x10\x79\x3b\x47\xb1\x0f\xfb\x55\xdb\x7f\x28\x1c\x7d\x7a\x03\x3b\xd8\x00\x48\xb8\x26\x73\xb8\x7c\xf9\x5e\x99\x42\x2b\xa6\x28\x68\x8f\x3c\x97\x18\x90\xca\x15\xd1\x2f\x57\x2f\xa1\x97\x7a\x17\x30\x70\x69\xda\x30\x4e\xad\x30\x26\xeb\x01\x04\x26\x68\x89\x0d\x17\x00\x8c\xd1\xe9\x2c\x46\xcb\xe9\xc8\x57\xe7\x19\x3d\xe3\xab\xa3\x91\x1e\x4f\x86\xfe\x0a\x16\x98\xab\x7c\xdb\x92\x51\xa8\x42\x4b\x28\x48\xb9\x6a\xd8\x1e\xa2\x39\xd3\x65\xfd\xea\x92\xea\x5c\x04\x73\xd0\xa6\xbb\x1e\x37\x13\x56\xbd\xfa\xd2\xd0\x35\x03\x36\xd3\xe1\x94\x7c\x93\x6f\xd0\xc2\x51\x95\x44\x50\x11\x73\x1b"},
+{{0x00,0x2f,0xdd,0x1f,0x76,0x41,0x79,0x3a,0xb0,0x64,0xbb,0x7a,0xa8,0x48,0xf7,0x62,0xe7,0xec,0x6e,0x33,0x2f,0xfc,0x26,0xee,0xac,0xda,0x14,0x1a,0xe3,0x3b,0x17,0x83,},{0x77,0xd1,0xd8,0xeb,0xac,0xd1,0x3f,0x4e,0x2f,0x8a,0x40,0xe2,0x8c,0x4a,0x63,0xbc,0x9c,0xe3,0xbf,0xb6,0x97,0x16,0x33,0x4b,0xcb,0x28,0xa3,0x3e,0xb1,0x34,0x08,0x6c,},{0x0d,0xf3,0xaa,0x0d,0x09,0x99,0xad,0x3d,0xc5,0x80,0x37,0x8f,0x52,0xd1,0x52,0x70,0x0d,0x5b,0x3b,0x05,0x7f,0x56,0xa6,0x6f,0x92,0x11,0x2e,0x44,0x1e,0x1c,0xb9,0x12,0x3c,0x66,0xf1,0x87,0x12,0xc8,0x7e,0xfe,0x22,0xd2,0x57,0x37,0x77,0x29,0x62,0x41,0x21,0x69,0x04,0xd7,0xcd,0xd7,0xd5,0xea,0x43,0x39,0x28,0xbd,0x28,0x72,0xfa,0x0c,},"\x5a\xc1\xdf\xc3\x24\xf4\x3e\x6c\xb7\x9a\x87\xab\x04\x70\xfa\x85\x7b\x51\xfb\x94\x49\x82\xe1\x90\x74\xca\x44\xb1\xe4\x00\x82\xc1\xd0\x7b\x92\xef\xa7\xea\x55\xad\x42\xb7\xc0\x27\xe0\xb9\xe3\x37\x56\xd9\x5a\x2c\x17\x96\xa7\xc2\x06\x68\x11\xdc\x41\x85\x83\x77\xd4\xb8\x35\xc1\x68\x8d\x63\x88\x84\xcd\x2a\xd8\x97\x0b\x74\xc1\xa5\x4a\xad\xd2\x70\x64\x16\x39\x28\xa7\x79\x88\xb2\x44\x03\xaa\x85\xaf\x82\xce\xab\x6b\x72\x8e\x55\x47\x61\xaf\x71\x75\xae\xb9\x92\x15\xb7\x42\x1e\x44\x74\xc0\x4d\x21\x3e\x01\xff\x03\xe3\x52\x9b\x11\x07\x7c\xdf\x28\x96\x4b\x8c\x49\xc5\x64\x9e\x3a\x46\xfa\x0a\x09\xdc\xd5\x9d\xca\xd5\x8b\x9b\x92\x2a\x83\x21\x0a\xcd\x5e\x65\x06\x55\x31\x40\x02\x34\xf5\xe4\x0c\xdd\xcf\x98\x04\x96\x8e\x3e\x9a\xc6\xf5\xc4\x4a\xf6\x50\x01\xe1\x58\x06\x7f\xc3\xa6\x60\x50\x2d\x13\xfa\x88\x74\xfa\x93\x33\x21\x38\xd9\x60\x6b\xc4\x1b\x4c\xee\x7e\xdc\x39\xd7\x53\xda\xe1\x2a\x87\x39\x41\xbb\x35\x7f\x7e\x92\xa4\x49\x88\x47\xd6\x60\x54\x56\xcb\x8c\x0b\x42\x5a\x47\xd7\xd3\xca\x37\xe5\x4e\x90\x3a\x41\xe6\x45\x0a\x35\xeb\xe5\x23\x7c\x6f\x0c\x1b\xbb\xc1\xfd\x71\xfb\x7c\xd8\x93\xd1\x89\x85\x02\x95\xc1\x99\xb7\xd8\x8a\xf2\x6b\xc8\x54\x89\x75\xfd\xa1\x09\x9f\xfe\xfe\xe4\x2a\x52\xf3\x42\x8d\xdf\xf3\x5e\x01\x73\xd3\x33\x95\x62\x50\x7a\xc5\xd2\xc4\x5b\xbd\x2c\x19\xcf\xe8\x9b"},
+{{0x25,0xb0,0xf0,0xbb,0x3d,0xcb,0x42,0x2a,0x6f,0x3c,0x6c,0x22,0x0e,0xaa,0xdb,0x11,0xdb,0xfe,0x48,0x9c,0x2d,0x45,0x5b,0x27,0x6c,0xef,0xe8,0xcb,0xa0,0x57,0xf9,0xf3,},{0xfe,0x03,0xc9,0xc4,0x39,0x4a,0xdc,0x74,0xb1,0x3f,0x47,0x65,0x4b,0xea,0xd8,0xbc,0x85,0x59,0x58,0xb4,0x19,0x4f,0xda,0xb2,0x09,0x7a,0xc1,0xb1,0x57,0x93,0x3c,0x05,},{0xda,0x50,0xd5,0x24,0x2b,0xf5,0x1c,0x39,0x51,0x78,0x0c,0xaf,0xd9,0x26,0xd6,0x7b,0xdf,0x56,0x40,0xd5,0xd3,0xbb,0x08,0x43,0x38,0x31,0xd5,0x6e,0x48,0xe2,0x59,0x2a,0x1c,0x37,0x59,0x68,0xbb,0x4d,0x2f,0xbe,0xa5,0x61,0x45,0xab,0xf2,0xd8,0x29,0x91,0x36,0x3b,0x15,0x65,0xfa,0x1e,0xff,0xe2,0x14,0x01,0x1a,0x68,0x6e,0x39,0x95,0x0e,},"\x54\xd9\x9f\x96\x9e\xfa\x88\x70\xfc\x20\xfa\x9a\x96\x2b\xb3\x72\x61\x9c\x32\x44\x39\x72\x8a\xf3\x13\x9c\x2a\x07\xe8\xc1\xb2\x9c\x1e\x4e\xed\xc2\xd4\x0b\xa7\x22\xf6\x3c\xe3\x76\x70\x36\x2a\xf6\xf5\x20\x2a\xdd\x66\x8c\x4f\xb4\xd6\x2f\xa8\xba\xcb\xc7\xd0\x7f\xf3\xbd\x38\xc1\x5a\x01\x06\x42\x59\xcc\x34\x13\x48\x61\x63\x29\x67\x46\x05\x41\xa9\x9b\x8d\x51\x82\xbf\x59\x34\x7b\x5a\x59\x87\x9a\xa3\xb0\x91\xa1\xf3\xe0\x41\x35\xbd\x63\x01\xbe\x52\x26\xd4\x89\x5e\x5e\x9c\x2b\x15\xe4\x8e\x5e\xcd\xf4\x41\x29\xe6\x12\x28\x53\xa6\x06\xfc\x11\x84\x66\xfa\x72\x0b\x5a\xb1\x65\x63\x5c\x3b\xde\x04\xd7\x42\x89\x27\x4f\xa0\x35\x47\xac\xcb\xde\x78\x0e\x1f\xa0\xbf\x2c\x56\xf8\x43\x6a\x53\xe7\x38\x78\xa4\x24\xa2\x9a\xa9\xde\x38\x5d\xba\x41\x9a\xe6\xa5\xd1\x2e\x00\x42\x76\x15\x2b\x58\xd3\x25\xb3\x02\x40\x0a\x55\x33\x3c\x38\xcd\xe4\x90\x8a\xe1\xd0\x12\x1c\xbe\xca\x95\x08\x09\xc5\x43\x31\x42\x77\xc1\x48\x5e\x68\xd9\xf9\xc0\xa9\x62\xd1\xb1\xe0\xdd\xa1\xd4\xa5\x2b\x56\xf8\x30\x8a\x80\xb9\x2a\xcc\x9f\x4e\xbc\x3e\xd4\x5d\x91\xa1\x29\xda\x86\x75\x62\x1a\xf6\x76\x70\x3d\xef\x3b\x84\x11\x31\x83\xb2\xe3\xa8\xc5\x61\x57\xf2\x43\xf1\x39\x80\xf3\xd1\x75\x6f\xea\x76\x68\xc9\x15\x03\xd3\x5c\x83\x9a\x21\x20\xc7\x9e\xc9\x54\xfb\x54\x6d\x7b\x54\x2f\x98\x72\x89\x53\x4f\xfd\xef\x62\xd4\x7f\xd5\xec"},
+{{0xbf,0x5b,0xa5,0xd6,0xa4,0x9d,0xd5,0xef,0x7b,0x4d,0x5d,0x7d,0x3e,0x4e,0xcc,0x50,0x5c,0x01,0xf6,0xcc,0xee,0x4c,0x54,0xb5,0xef,0x7b,0x40,0xaf,0x6a,0x45,0x41,0x40,},{0x1b,0xe0,0x34,0xf8,0x13,0x01,0x7b,0x90,0x0d,0x89,0x90,0xaf,0x45,0xfa,0xd5,0xb5,0x21,0x4b,0x57,0x3b,0xd3,0x03,0xef,0x7a,0x75,0xef,0x4b,0x8c,0x5c,0x5b,0x98,0x42,},{0x27,0x9c,0xac,0xe6,0xfd,0xaf,0x39,0x45,0xe3,0x83,0x7d,0xf4,0x74,0xb2,0x86,0x46,0x14,0x37,0x47,0x63,0x2b,0xed,0xe9,0x3e,0x7a,0x66,0xf5,0xca,0x29,0x1d,0x2c,0x24,0x97,0x85,0x12,0xca,0x0c,0xb8,0x82,0x7c,0x8c,0x32,0x26,0x85,0xbd,0x60,0x55,0x03,0xa5,0xec,0x94,0xdb,0xae,0x61,0xbb,0xdc,0xae,0x1e,0x49,0x65,0x06,0x02,0xbc,0x07,},"\x16\x15\x2c\x2e\x03\x7b\x1c\x0d\x32\x19\xce\xd8\xe0\x67\x4a\xee\x6b\x57\x83\x4b\x55\x10\x6c\x53\x44\x62\x53\x22\xda\x63\x8e\xce\xa2\xfc\x9a\x42\x4a\x05\xee\x95\x12\xd4\x8f\xcf\x75\xdd\x8b\xd4\x69\x1b\x3c\x10\xc2\x8e\xc9\x8e\xe1\xaf\xa5\xb8\x63\xd1\xc3\x67\x95\xed\x18\x10\x5d\xb3\xa9\xaa\xbd\x9d\x2b\x4c\x17\x47\xad\xba\xf1\xa5\x6f\xfc\xc0\xc5\x33\xc1\xc0\xfa\xef\x33\x1c\xdb\x79\xd9\x61\xfa\x39\xf8\x80\xa1\xb8\xb1\x16\x47\x41\x82\x2e\xfb\x15\xa7\x25\x9a\x46\x5b\xef\x21\x28\x55\x75\x1f\xab\x66\xa8\x97\xbf\xa2\x11\xab\xe0\xea\x2f\x2e\x1c\xd8\xa1\x1d\x80\xe1\x42\xcd\xe1\x26\x3e\xec\x26\x7a\x31\x38\xae\x1f\xcf\x40\x99\xdb\x0a\xb5\x3d\x64\xf3\x36\xf4\xbc\xd7\xa3\x63\xf6\xdb\x11\x2c\x0a\x24\x53\x05\x1a\x00\x06\xf8\x13\xaa\xf4\xae\x94\x8a\x20\x90\x61\x93\x74\xfa\x58\x05\x24\x09\xc2\x8e\xf7\x62\x25\x68\x7d\xf3\xcb\x2d\x1b\x0b\xfb\x43\xb0\x9f\x47\xf1\x23\x2f\x79\x0e\x6d\x8d\xea\x75\x9e\x57\x94\x20\x99\xf4\xc4\xbd\x33\x90\xf2\x8a\xfc\x20\x98\x24\x49\x61\x46\x5c\x64\x3f\xc8\xb2\x97\x66\xaf\x2b\xcb\xc5\x44\x0b\x86\xe8\x36\x08\xcf\xc9\x37\xbe\x98\xbb\x48\x27\xfd\x5e\x6b\x68\x9a\xdc\x2e\x26\x51\x3d\xb5\x31\x07\x6a\x65\x64\x39\x62\x55\xa0\x99\x75\xb7\x03\x4d\xac\x06\x46\x1b\x25\x56\x42\xe3\xa7\xed\x75\xfa\x9f\xc2\x65\x01\x1f\x5f\x62\x50\x38\x2a\x84\xac\x26\x8d\x63\xba\x64"},
+{{0x65,0xde,0x29,0x7b,0x70,0xcb,0xe8,0x09,0x80,0x50,0x0a,0xf0,0x56,0x1a,0x24,0xdb,0x50,0x00,0x10,0x00,0x12,0x5f,0x44,0x90,0x36,0x6d,0x83,0x00,0xd3,0x12,0x85,0x92,},{0xba,0x8e,0x2a,0xd9,0x29,0xbd,0xce,0xa5,0x38,0x74,0x10,0x42,0xb5,0x7f,0x20,0x67,0xd3,0x15,0x37,0x07,0xa4,0x53,0x77,0x0d,0xb9,0xf3,0xc4,0xca,0x75,0x50,0x4d,0x24,},{0x7a,0x9b,0x73,0x6b,0x01,0xcc,0x92,0xa3,0x34,0x9f,0x1a,0x3c,0x32,0xdb,0xd9,0x19,0x59,0x82,0x53,0x94,0xff,0x44,0x3c,0x56,0x74,0x05,0xe8,0x99,0xc8,0x18,0x5c,0xe8,0xfa,0xd9,0x50,0x0e,0x1f,0xce,0x89,0xd9,0x5a,0x62,0x53,0xc0,0x04,0x77,0x43,0x5a,0xcf,0x04,0xbf,0xf9,0x93,0xde,0x1b,0x00,0x49,0x5d,0xef,0x08,0x34,0xee,0x1f,0x07,},"\x13\x1d\x8f\x4c\x2c\x94\xb1\x53\x56\x5b\x86\x59\x2e\x77\x0c\x98\x7a\x44\x34\x61\xb3\x9a\xa2\x40\x8b\x29\xe2\x13\xab\x05\x7a\xff\xc5\x98\xb5\x83\x73\x9d\x66\x03\xa8\x3f\xef\x0a\xfc\x51\x47\x21\xdb\x0e\x76\xf9\xbd\x1b\x72\xb9\x8c\x56\x5c\xc8\x88\x1a\xf5\x74\x7c\x0b\xa6\xf5\x8c\x53\xdd\x23\x77\xda\x6c\x0d\x3a\xa8\x05\x62\x0c\xc4\xe7\x5d\x52\xaa\xbc\xba\x1f\x9b\x28\x49\xe0\x8b\xd1\xb6\xb9\x2e\x6f\x06\x61\x5b\x81\x45\x19\x60\x6a\x02\xdc\x65\xa8\x60\x9f\x5b\x29\xe9\xc2\xaf\x5a\x89\x4f\x71\x16\xef\x28\xcf\xd1\xe7\xb7\x6b\x64\x06\x17\x32\xf7\xa5\xa3\xf8\xaa\x4c\x2e\x56\x9e\x62\x7a\x3f\x97\x49\xaa\x59\x7b\xe4\x9d\x6b\x94\x43\x6c\x35\x2d\xd5\xfa\x7b\x83\xc9\x2d\x26\x10\xfa\xa3\x20\x95\xca\x30\x21\x52\xd9\x1a\x3c\x97\x76\x75\x0e\x75\x8e\xe8\xe9\xe4\x02\xc6\xf5\x38\x5e\xaa\x5d\xf2\x38\x50\xe5\x4b\xeb\x1b\xe4\x37\xa4\x16\xc7\x11\x5e\xd6\xaa\x6d\xe1\x3b\x55\x48\x25\x32\x78\x7e\x0b\xee\x34\xb8\x3f\x30\x84\x40\x67\x65\x63\x54\x97\xc9\x31\xb6\x2a\x05\x18\xf1\xfb\xc2\xb8\x91\xdc\x72\x62\xc7\xc6\xb6\x7e\xda\x59\x4f\xa5\x30\xd7\x4c\x93\x29\xba\xd5\xbe\x94\xc2\x87\xfb\xcd\xe5\x3a\xa8\x02\x72\xb8\x33\x22\x61\x3d\x93\x68\xe5\x90\x40\x76\xfd\xbc\xc8\x8b\x2c\x0e\x59\xc1\x0b\x02\xc4\x48\xe0\x0d\x1b\x3e\x7a\x9c\x96\x40\xfe\xff\xb9\x52\x3a\x8a\x60\xe1\xd8\x3f\x04\xa4\xb8\xdf\x69\x15\x3b"},
+{{0x08,0x26,0xe7,0x33,0x33,0x24,0xe7,0xec,0x8c,0x76,0x42,0x92,0xf6,0x01,0x5d,0x46,0x70,0xe9,0xb8,0xd7,0xc4,0xa8,0x9e,0x8d,0x90,0x9e,0x8e,0xf4,0x35,0xd1,0x8d,0x15,},{0xff,0xb2,0x34,0x8c,0xa8,0xa0,0x18,0x05,0x8b,0xe7,0x1d,0x15,0x12,0xf3,0x76,0xf9,0x1e,0x8b,0x0d,0x55,0x25,0x81,0x25,0x4e,0x10,0x76,0x02,0x21,0x73,0x95,0xe6,0x62,},{0x4b,0xac,0x7f,0xab,0xec,0x87,0x24,0xd8,0x1a,0xb0,0x9a,0xe1,0x30,0x87,0x4d,0x70,0xb5,0x21,0x34,0x92,0x10,0x43,0x72,0xf6,0x01,0xae,0x5a,0xbb,0x10,0x53,0x27,0x99,0x37,0x3c,0x4d,0xad,0x21,0x58,0x76,0x44,0x1f,0x47,0x4e,0x2c,0x00,0x6b,0xe3,0x7c,0x3c,0x8f,0x5f,0x6f,0x01,0x7d,0x08,0x70,0x41,0x4f,0xd2,0x76,0xa8,0xf4,0x28,0x08,},"\x7f\x9e\x3e\x2f\x03\xc9\xdf\x3d\x21\xb9\x90\xf5\xa4\xaf\x82\x95\x73\x4a\xfe\x78\x3a\xcc\xc3\x4f\xb1\xe9\xb8\xe9\x5a\x0f\xd8\x37\xaf\x7e\x05\xc1\x3c\xda\x0d\xe8\xfa\xda\xc9\x20\x52\x65\xa0\x79\x2b\x52\x56\x3b\xdc\x2f\xee\x76\x63\x48\xbe\xfc\xc5\x6b\x88\xbb\xb9\x5f\x15\x44\x14\xfb\x18\x6e\xc4\x36\xaa\x62\xea\x6f\xca\xbb\x11\xc0\x17\xa9\xd2\xd1\x5f\x67\xe5\x95\x98\x0e\x04\xc9\x31\x3b\xc9\x4f\xbc\x8c\x11\x34\xc2\xf4\x03\x32\xbc\x7e\x31\x1a\xc1\xce\x11\xb5\x05\xf8\x57\x2a\xda\x7f\xbe\x19\x6f\xba\x82\x2d\x9a\x91\x44\x92\xfa\x71\x85\xe9\xf3\xbe\xa4\x68\x72\x00\xa5\x24\xc6\x73\xa1\xcd\xf8\x7e\xb3\xa1\x40\xdc\xdb\x6a\x88\x75\x61\x34\x88\xa2\xb0\x0a\xdf\x71\x75\x34\x1c\x1c\x25\x76\x35\xfa\x1a\x53\xa3\xe2\x1d\x60\xc2\x28\x39\x9e\xea\x09\x91\xf1\x12\xc6\x0f\x65\x3d\x71\x48\xe2\xc5\xce\xb9\x8f\x94\x08\x31\xf0\x70\xdb\x10\x84\xd7\x91\x56\xcc\x82\xc4\x6b\xc9\xb8\xe8\x84\xf3\xfa\x81\xbe\x2d\xa4\xcd\xda\x46\xbc\xaa\x24\xcc\x46\x1f\x76\xee\x64\x7b\xb0\xf0\xf8\xc1\x5a\xc5\xda\xa7\x95\xb9\x45\xe6\xf8\x5b\xb3\x10\x36\x2e\x48\xd8\x09\x5c\x78\x2c\x61\xc5\x2b\x48\x1b\x4b\x00\x2a\xd0\x6e\xa7\x4b\x8d\x30\x6e\xff\x71\xab\xf2\x1d\xb7\x10\xa8\x91\x3c\xbe\x48\x33\x2b\xe0\xa0\xb3\xf3\x1e\x0c\x7a\x6e\xba\x85\xce\x33\xf3\x57\xc7\xae\xcc\xd3\x0b\xfb\x1a\x65\x74\x40\x8b\x66\xfe\x40\x4d\x31\xc3\xc5"},
+{{0x00,0xad,0x62,0x27,0x97,0x7b,0x5f,0x38,0xcc,0xda,0x99,0x4d,0x92,0x8b,0xba,0x90,0x86,0xd2,0xda,0xeb,0x01,0x3f,0x86,0x90,0xdb,0x98,0x66,0x48,0xb9,0x0c,0x1d,0x45,},{0x91,0xa4,0xea,0x00,0x57,0x52,0xb9,0x2c,0xbe,0xbf,0x99,0xa8,0xa5,0xcb,0xec,0xd2,0x40,0xae,0x3f,0x01,0x6c,0x44,0xad,0x14,0x1b,0x2e,0x57,0xdd,0xc7,0x73,0xdc,0x8e,},{0xdc,0x50,0x1d,0xb7,0x9f,0xd7,0x82,0xbc,0x88,0xca,0xe7,0x92,0x55,0x7d,0x5d,0x27,0x3f,0x9b,0xa5,0x60,0xc7,0xd9,0x00,0x37,0xfe,0x84,0xac,0x87,0x9d,0x68,0x4f,0x61,0x2a,0x77,0x45,0x2c,0x44,0x43,0xe9,0x5c,0x07,0xb8,0xbe,0x19,0x2c,0x35,0x76,0x9b,0x17,0xbb,0xdf,0xca,0x42,0x28,0x0d,0xe7,0x96,0xd9,0x21,0x19,0xd8,0x33,0x67,0x0d,},"\xcb\x5b\xc5\xb9\x8b\x2e\xfc\xe4\x35\x43\xe9\x1d\xf0\x41\xe0\xdb\xb5\x3e\xd8\xf6\x7b\xf0\xf1\x97\xc5\x2b\x22\x11\xe7\xa4\x5e\x2e\x1e\xc8\x18\xc1\xa8\x0e\x10\xab\xf6\xa4\x35\x35\xf5\xb7\x9d\x97\x4d\x8a\xe2\x8a\x22\x95\xc0\xa6\x52\x17\x63\xb6\x07\xd5\x10\x3c\x6a\xef\x3b\x27\x86\xbd\x5a\xfd\x75\x63\x69\x56\x60\x68\x43\x37\xbc\x30\x90\x73\x9f\xb1\xcd\x53\xa9\xd6\x44\x13\x9b\x6d\x4c\xae\xc7\x5b\xda\x7f\x25\x21\xfb\xfe\x67\x6a\xb4\x5b\x98\xcb\x31\x7a\xa7\xca\x79\xfc\x54\xa3\xd7\xc5\x78\x46\x6a\x6a\xa6\x4e\x43\x4e\x92\x34\x65\xa7\xf2\x11\xaa\x0c\x61\x68\x1b\xb8\x48\x6e\x90\x20\x6a\x25\x25\x0d\x3f\xda\xe6\xfb\x03\x29\x97\x21\xe9\x9e\x2a\x91\x49\x10\xd9\x17\x60\x08\x9b\x5d\x28\x1e\x13\x1e\x6c\x83\x6b\xc2\xde\x08\xf7\xe0\x2c\x48\xd3\x23\xc6\x47\xe9\x53\x6c\x00\xec\x10\x39\x20\x1c\x03\x62\x61\x8c\x7d\x47\xaa\x8e\x7b\x97\x15\xff\xc4\x39\x98\x7a\xe1\xd3\x11\x54\xa6\x19\x8c\x5a\xa1\x1c\x12\x8f\x40\x82\xf5\x56\xc9\x9b\xaf\x10\x3e\xca\xdc\x3b\x2f\x3b\x2e\xc5\xb4\x69\x62\x3b\xc0\x3a\x53\xca\xf3\x81\x4b\x16\x30\x0a\xed\xbd\xa5\x38\xd6\x76\xd1\xf6\x07\x10\x26\x39\xdb\x2a\x62\xc4\x46\x70\x7c\xe6\x46\x9b\xd8\x73\xa0\x46\x82\x25\xbe\x88\xb0\xae\xf5\xd4\x02\x04\x59\xb9\x4b\x32\xfe\x2b\x01\x33\xe9\x2e\x7b\xa5\x4d\xd2\xa5\x39\x7e\xd8\x5f\x96\x6a\xb3\x9e\xd0\x73\x0c\xca\x8e\x7d\xac\xb8\xa3\x36"},
+{{0x15,0x21,0xc6,0xdb,0xd6,0xf7,0x24,0xde,0x73,0xea,0xf7,0xb5,0x62,0x64,0xf0,0x10,0x35,0xc0,0x4e,0x01,0xc1,0xf3,0xeb,0x3c,0xbe,0x83,0xef,0xd2,0x6c,0x43,0x9a,0xda,},{0x2f,0x61,0xa2,0x6f,0xfb,0x68,0xba,0x4f,0x6e,0x14,0x15,0x29,0xdc,0x26,0x17,0xe8,0x53,0x1c,0x71,0x51,0x40,0x48,0x08,0x09,0x3b,0x4f,0xa7,0xfe,0xda,0xea,0x25,0x5d,},{0xa8,0x17,0xed,0x23,0xec,0x39,0x8a,0x12,0x86,0x01,0xc1,0x83,0x2d,0xc6,0xaf,0x76,0x43,0xbf,0x3a,0x5f,0x51,0x7b,0xcc,0x57,0x94,0x50,0xfd,0xb4,0x75,0x90,0x28,0xf4,0x96,0x61,0x64,0x12,0x5f,0x6e,0xbd,0x0d,0x6b,0xf8,0x6f,0xf2,0x98,0xa3,0x9c,0x76,0x6d,0x0c,0x21,0xfd,0xb0,0xcb,0xfd,0xf8,0x1c,0xd0,0xeb,0x1f,0x03,0xcd,0x8a,0x08,},"\x3e\x3c\x7c\x49\x07\x88\xe4\xb1\xd4\x2f\x5c\xbc\xae\x3a\x99\x30\xbf\x61\x7e\xbd\xff\x44\x7f\x7b\xe2\xac\x2b\xa7\xcd\x5b\xcf\xc0\x15\x76\x09\x63\xe6\xfe\x5b\x95\x6f\xb7\xcd\xb3\x5b\xd5\xa1\x7f\x54\x29\xca\x66\x4f\x43\x7f\x08\x75\x3a\x74\x1c\x2b\xc8\x69\x2b\x71\xa9\x11\x5c\x58\x2a\x25\xb2\xf7\x4d\x32\x98\x54\xd6\x0b\x78\x17\xc0\x79\xb3\x52\x3a\xaf\xf8\x79\x3c\x2f\x72\xff\xf8\xcd\x10\x59\x2c\x54\xe7\x38\xdf\x1d\x64\x52\xfb\x72\xda\x13\x1c\x67\x31\xea\x5c\x95\x3c\x62\xea\x17\x7a\xc1\xf4\x73\x5e\x51\x54\x47\x73\x87\x10\x9a\xfa\xe1\x5f\x3e\xd6\xee\xb0\x86\x06\xe2\x8c\x81\xd4\x38\x6f\x03\xb9\x37\x69\x24\xb6\xef\x8d\x22\x1e\xe2\x95\x47\xf8\x2a\x7e\xde\x48\xe1\xdc\x17\x72\x3e\x3d\x42\x17\x1e\xea\xf9\x6a\xc8\x4b\xed\xc2\xa0\x1d\xd8\x6f\x4d\x08\x57\x34\xfd\x69\xf9\x1b\x52\x63\xe4\x39\x08\x3f\xf0\x31\x85\x36\xad\xff\x41\x47\x30\x8e\x3a\xaf\xd1\xb5\x8b\xb7\x4f\x6f\xb0\x21\x4a\x46\xfd\xcd\x35\x24\xf1\x8d\xf5\xa7\x19\xce\x57\x31\x9e\x79\x1b\x4e\xa6\x06\xb4\x99\xbf\xa5\x7a\x60\xe7\x07\xf9\x4e\x18\xf1\xfe\xd2\x2f\x91\xbc\x79\xe6\x36\x4a\x84\x3f\x9c\xbf\x93\x82\x5c\x46\x5e\x9c\xae\x90\x72\xbc\x9d\x3e\xc4\x47\x1f\x21\xab\x2f\x7e\x99\xa6\x33\xf5\x87\xaa\xc3\xdb\x78\xae\x96\x66\xa8\x9a\x18\x00\x8d\xd6\x1d\x60\x21\x85\x54\x41\x1a\x65\x74\x0f\xfd\x1a\xe3\xad\xc0\x65\x95\xe3\xb7\x87\x64\x07\xb6"},
+{{0x17,0xe5,0xf0,0xa8,0xf3,0x47,0x51,0xba,0xbc,0x5c,0x72,0x3e,0xcf,0x33,0x93,0x06,0x99,0x2f,0x39,0xea,0x06,0x5a,0xc1,0x40,0xfc,0xbc,0x39,0x7d,0x2d,0xd3,0x2c,0x4b,},{0x4f,0x1e,0x23,0xcc,0x0f,0x2f,0x69,0xc8,0x8e,0xf9,0x16,0x2a,0xb5,0xf8,0xc5,0x9f,0xb3,0xb8,0xab,0x20,0x96,0xb7,0x7e,0x78,0x2c,0x63,0xc0,0x7c,0x8c,0x4f,0x2b,0x60,},{0xef,0xe2,0xcb,0x63,0xfe,0x7b,0x4f,0xc9,0x89,0x46,0xdc,0x82,0xfb,0x69,0x98,0xe7,0x41,0xed,0x9c,0xe6,0xb9,0xc1,0xa9,0x3b,0xb4,0x5b,0xc0,0xa7,0xd8,0x39,0x6d,0x74,0x05,0x28,0x2b,0x43,0xfe,0x36,0x3b,0xa5,0xb2,0x35,0x89,0xf8,0xe1,0xfa,0xe1,0x30,0xe1,0x57,0xce,0x88,0x8c,0xd7,0x2d,0x05,0x3d,0x0c,0xc1,0x9d,0x25,0x7a,0x43,0x00,},"\xc0\xfa\xd7\x90\x02\x40\x19\xbd\x6f\xc0\x8a\x7a\x92\xf5\xf2\xac\x35\xcf\x64\x32\xe2\xea\xa5\x3d\x48\x2f\x6e\x12\x04\x93\x53\x36\xcb\x3a\xe6\x5a\x63\xc2\x4d\x0e\xc6\x53\x9a\x10\xee\x18\x76\x0f\x2f\x52\x05\x37\x77\x4c\xde\xc6\xe9\x6b\x55\x53\x60\x11\xda\xa8\xf8\xbc\xb9\xcd\xaf\x6d\xf5\xb3\x46\x48\x44\x8a\xc7\xd7\xcb\x7c\x6b\xd8\x0d\x67\xfb\xf3\x30\xf8\x76\x52\x97\x76\x60\x46\xa9\x25\xab\x52\x41\x1d\x16\x04\xc3\xed\x6a\x85\x17\x30\x40\x12\x56\x58\xa3\x2c\xf4\xc8\x54\xef\x28\x13\xdf\x2b\xe6\xf3\x83\x0e\x5e\xee\x5a\x61\x63\xa8\x3c\xa8\x84\x9f\x61\x29\x91\xa3\x1e\x9f\x88\x02\x8e\x50\xbf\x85\x35\xe1\x17\x55\xfa\xd0\x29\xd9\x4c\xf2\x59\x59\xf6\x69\x5d\x09\xc1\xba\x43\x15\xd4\x0f\x7c\xf5\x1b\x3f\x81\x66\xd0\x2f\xab\xa7\x51\x1e\xcd\x8b\x1d\xde\xd5\xf1\x0c\xd6\x84\x34\x55\xcf\xf7\x07\xed\x22\x53\x96\xc6\x1d\x08\x20\xd2\x0a\xda\x70\xd0\xc3\x61\x9f\xf6\x79\x42\x20\x61\xc9\xf7\xc7\x6e\x97\xd5\xa3\x7a\xf6\x1f\xd6\x22\x12\xd2\xda\xfc\x64\x7e\xbb\xb9\x79\xe6\x1d\x90\x70\xec\x03\x60\x9a\x07\xf5\xfc\x57\xd1\x19\xae\x64\xb7\xa6\xef\x92\xa5\xaf\xae\x66\x0a\x30\xed\x48\xd7\x02\xcc\x31\x28\xc6\x33\xb4\xf1\x90\x60\xa0\x57\x81\x01\x72\x9e\xe9\x79\xf7\x90\xf4\x5b\xdb\xb5\xfe\x1a\x8a\x62\xf0\x1a\x61\xa3\x1d\x61\xaf\x07\x03\x04\x50\xfa\x04\x17\x32\x3e\x94\x07\xbc\x76\xe7\x31\x30\xe7\xc6\x9d\x62\xe6\xa7"},
+{{0x0c,0xd7,0xaa,0x7d,0x60,0x5e,0x44,0xd5,0xff,0xb9,0x79,0x66,0xb2,0xcb,0x93,0xc1,0x89,0xe4,0xc5,0xa8,0x5d,0xb8,0x7f,0xad,0x7a,0xb8,0xd6,0x24,0x63,0xc5,0x9b,0x59,},{0x48,0x89,0x85,0x5f,0xe4,0x11,0x6b,0x49,0x13,0x92,0x7f,0x47,0xf2,0x27,0x3b,0xf5,0x59,0xc3,0xb3,0x94,0xa9,0x83,0x63,0x1a,0x25,0xae,0x59,0x70,0x33,0x18,0x5e,0x46,},{0xbf,0x91,0x15,0xfd,0x3d,0x02,0x70,0x6e,0x39,0x8d,0x4b,0xf3,0xb0,0x2a,0x82,0x67,0x4f,0xf3,0x04,0x15,0x08,0xfd,0x39,0xd2,0x9f,0x86,0x7e,0x50,0x16,0x34,0xb9,0x26,0x1f,0x51,0x6a,0x79,0x4f,0x98,0x73,0x8d,0x7c,0x70,0x13,0xa3,0xf2,0xf8,0x58,0xff,0xdd,0x08,0x04,0x7f,0xb6,0xbf,0x3d,0xdd,0xfb,0x4b,0x4f,0x4c,0xbe,0xef,0x30,0x03,},"\x28\xa5\x5d\xda\x6c\xd0\x84\x4b\x65\x77\xc9\xd6\xda\x07\x3a\x4d\xc3\x5c\xbc\x98\xac\x15\x8a\xb5\x4c\xf8\x8f\xd2\x0c\xc8\x7e\x83\xc4\xbb\xa2\xd7\x4d\x82\xce\x0f\x48\x54\xec\x4d\xb5\x13\xde\x40\x04\x65\xaa\xa5\xee\xe7\x90\xbc\x84\xf1\x63\x37\x07\x2d\x3a\x91\xcd\xe4\x0d\x6e\x0d\xf1\xba\x0c\xc0\x64\x5f\x5d\x5c\xbb\xb6\x42\x38\x1d\x7b\x9e\x21\x1d\x25\x26\x7a\x8a\xcf\x77\xd1\xed\xb6\x9c\x3a\x63\x0f\x5b\x13\x3d\x24\xf0\x46\xa8\x1b\xf2\x2f\xf0\x3b\x31\xd8\x44\x7e\x12\xc3\xf7\xb7\x71\x14\xa7\x0c\xbd\x20\xbb\xd0\x8b\x0b\x38\x27\xa6\xbb\xcf\x90\x40\x9e\x34\x44\x47\xa7\xfb\xc5\x9b\xdd\x97\xd7\x29\x07\x1f\x8d\x71\xdc\xc3\x3e\x6e\xf2\xcb\xab\x1d\x41\x1e\xdf\x13\x73\x4d\xb1\xdd\x97\x03\x27\x6f\x5e\xb2\xd6\xaa\x2c\xb8\x95\x2d\xd6\x71\x2b\xfa\xe8\x09\xce\x08\xc3\xaa\x50\x2b\x81\x35\x71\x3f\xac\x0a\x9c\x25\xb1\xd4\x5b\x6a\x58\x31\xe0\x24\x21\xbb\xa6\x5b\x81\xa5\x96\xef\xa2\x4b\x05\x76\xbd\x1d\xc7\xfd\xfb\x49\xbe\x76\x28\x75\xe8\x1b\xd5\x40\x72\x2b\xc0\x61\x40\xb9\xaa\x2e\xf7\xb8\x4a\x80\x1e\x41\xde\xd6\x8d\x45\x46\xac\x48\x73\xd9\xe7\xce\xd6\x49\xb6\x4f\xad\xaf\x0b\x5c\x4b\x6e\xb8\xd0\x36\x31\x52\x33\xf4\x32\x6c\xa0\x1e\x03\x39\x30\x50\xcd\x02\x7c\x24\xf6\x73\x03\xfb\x84\x6b\xd2\xc6\xb3\xdb\xa0\x6b\xed\x0d\x59\xa3\x62\x89\xd2\x4b\xd6\x48\xf7\xdb\x0b\x3a\x81\x34\x66\x12\x59\x3e\x3d\xdd\x18\xc5\x57"},
+{{0x33,0x37,0x1d,0x9e,0x89,0x2f,0x98,0x75,0x05,0x2a,0xc8,0xe3,0x25,0xba,0x50,0x5e,0x74,0x77,0xc1,0xac,0xe2,0x4b,0xa7,0x82,0x26,0x43,0xd4,0x3d,0x0a,0xce,0xf3,0xde,},{0x35,0x92,0x9b,0xde,0xd2,0x7c,0x24,0x9c,0x87,0xd8,0xb8,0xd8,0x2f,0x59,0x26,0x0a,0x57,0x53,0x27,0xb5,0x46,0xc3,0xa1,0x67,0xc6,0x9f,0x59,0x92,0xd5,0xb8,0xe0,0x06,},{0x98,0x5c,0xa4,0x46,0xdd,0xc0,0x07,0x82,0x7c,0xc8,0xf2,0x85,0x2c,0xbd,0x81,0x15,0xef,0x8c,0x59,0x75,0xe9,0xd7,0xce,0x96,0xd7,0x4d,0xfe,0xd8,0x59,0xaa,0x14,0xa4,0xc1,0x52,0x54,0x00,0x6b,0xea,0x5e,0x08,0x35,0x9e,0xfe,0x26,0x25,0xd7,0x15,0xe0,0x89,0x7e,0xe5,0xa1,0x6f,0x15,0x12,0x03,0xbe,0x50,0x10,0x41,0x86,0x37,0xde,0x05,},"\x27\xa3\x2e\xfb\xa2\x82\x04\xbe\x59\xb7\xff\x5f\xe4\x88\xca\x15\x8a\x91\xd5\x98\x60\x91\xec\xc4\x45\x8b\x49\xe0\x90\xdd\x37\xcb\xfe\xde\x7c\x0f\x46\x18\x6f\xab\xcb\xdf\xf7\x8d\x28\x44\x15\x58\x08\xef\xff\xd8\x73\xed\x9c\x92\x61\x52\x6e\x04\xe4\xf7\x05\x0b\x8d\x7b\xd2\x67\xa0\xfe\x3d\x5a\x44\x93\x78\xd5\x4a\x4f\xeb\xbd\x2f\x26\x82\x43\x38\xe2\xaa\xaf\x35\xa3\x2f\xf0\xf6\x25\x04\xbd\xa5\xc2\xe4\x4a\xbc\x63\x15\x9f\x33\x6c\xf2\x5e\x6b\xb4\x0d\xdb\x7d\x88\x25\xdf\xf1\x8f\xd5\x1f\xc0\x19\x51\xea\xed\xcd\x33\x70\x70\x07\xe1\x20\x3c\xa5\x8b\x4f\x7d\x24\x2f\x81\x66\xa9\x07\xe0\x99\x93\x2c\x00\x1b\xfb\x1e\xc9\xa6\x1e\x0e\xf2\xda\x4e\x84\x46\xaf\x20\x82\x01\x31\x5d\x69\x68\x17\x10\xd4\x25\xd2\x40\x0c\x38\x7d\x7b\x9d\xf3\x21\xa4\xae\xc6\x02\xb9\xc6\x56\xc3\xe2\x31\x0b\xff\x87\x56\xd1\x8b\x80\x21\x34\xb1\x56\x04\xf4\xed\xc1\x11\x14\x9a\x98\x79\xe3\x12\x41\xdd\x34\xf7\x02\xf4\xc3\x49\x61\x7b\x13\x52\x97\x69\xa7\x72\xf5\xe5\x2a\x89\xc0\x98\xe0\xdc\xa5\x92\x06\x67\x89\x3a\x25\x00\x61\xb1\x79\x91\x62\x6e\xb9\x31\x92\x98\x68\x5b\xe4\x6b\x6a\x8b\x68\x42\x24\x44\xfa\x5a\x36\xbc\xf3\xa6\x87\xe2\xec\xcb\x93\x22\xc8\x7d\xc8\x01\x65\xda\x89\x89\x30\x85\x0b\x98\xfc\x86\x3c\xad\xa1\xaa\x99\xc6\xd6\x1c\x45\x1b\x9c\xcf\x48\x74\xc7\xf0\xe7\x5b\x0a\x0c\x60\x2f\x04\x48\x12\xc7\x17\x65\xad\xaf\x02\x02\x53\x95\xb0"},
+{{0xbe,0xed,0xb8,0x07,0x3d,0xf5,0x8f,0x8c,0x1b,0xff,0xbd,0xbd,0x77,0xec,0x7d,0xec,0xb2,0xc8,0x2a,0x9b,0xab,0xec,0xef,0xc0,0x33,0x15,0x07,0xbd,0xc2,0xc2,0xa7,0xe7,},{0xb2,0x7e,0x90,0x8b,0x80,0x5e,0x29,0x6f,0xc3,0x0d,0x2e,0x47,0x4b,0x06,0x0c,0xd5,0x0c,0x0f,0x6f,0x52,0x0b,0x36,0x71,0x71,0x21,0x83,0xbd,0x89,0xd4,0xe7,0x33,0xe9,},{0x8c,0x89,0x0c,0xcc,0xad,0xc7,0x76,0x0e,0x1e,0x82,0xe4,0x3c,0x44,0xb3,0xdc,0x0b,0x68,0x5a,0x48,0xb4,0x79,0xae,0x13,0xcc,0x0a,0x6b,0x05,0x57,0xd0,0xfb,0x1c,0xba,0xbb,0xa6,0x3d,0x2a,0x96,0x84,0x34,0x12,0xea,0x8d,0x36,0xc5,0x0a,0xcb,0xf5,0x2b,0x92,0xcf,0xb2,0xdc,0xe4,0x9d,0xc4,0x8a,0xf6,0xdd,0xcf,0x8e,0xe4,0x7a,0x86,0x08,},"\x35\xca\x57\xf0\xf9\x15\xe5\x20\x9d\x54\xea\x4b\x87\x1f\xfb\x58\x53\x54\xdf\x1b\x4a\x4a\x17\x96\xfb\xe4\xd6\x22\x7d\x3e\x1a\xba\x51\x71\xed\x03\x91\xa7\x9e\x83\xe2\x4d\x82\xfd\xaf\xd1\x5c\x17\xb2\x8b\xf6\xc9\x4d\x61\x8c\x74\xd6\x52\x64\xe5\x8f\xaa\xac\xd2\x90\x28\x72\xfd\xd0\xef\xa2\x2e\x8d\x2d\x7c\xe8\xe3\xb8\x19\x7f\x0c\x36\x15\xb0\xa3\x85\x23\x5f\xa9\xfd\x8e\x45\x64\xee\x6e\x6b\x16\x50\xb4\xcf\xb9\x4d\x87\x2c\x80\x5c\x32\xd4\xf3\xa1\x8f\x96\x64\x61\xd3\xad\xbb\x60\x5f\xa5\x25\x88\x4f\x8e\xb1\x97\x62\x73\x96\xba\x4d\x99\x5d\x78\xac\x02\x94\x8a\x0e\xaa\xbb\x58\x51\x9b\x9a\x8e\x2e\x79\x85\xcd\x1d\xe2\xc7\x1d\x89\x18\xd9\x6a\x01\x68\x66\x0c\xe1\x7c\xdd\xf3\x64\xe3\xec\x0d\x4b\xd9\x0f\x21\x04\x75\x1a\x19\x27\xee\x1d\x23\xf3\xe7\xa6\x98\x40\xed\x04\x0b\x00\xe5\xf6\xe4\x86\x6e\xc5\x88\x13\x14\x9c\xc3\x82\xae\xbf\x61\x62\x60\x8c\x79\x57\x4d\x55\x3f\x47\x23\x0e\x92\x4a\x0e\xf1\xeb\xf5\x5d\x8e\x1a\x52\xab\xb6\x2a\x2d\x7a\xc8\x60\x27\xc7\xc0\x3c\xc8\x3f\xa1\x94\x9d\xa2\x9e\x2f\x30\x37\xab\x98\x6f\xd2\xff\xfe\x65\x0e\x31\x49\xba\xba\xe5\xa5\x0b\x1e\xe9\x69\x6f\x3b\xab\xec\x72\xe2\x96\x97\xc8\x24\x22\x81\x4d\x27\x20\x85\x50\x0f\xd8\x37\xfe\x3c\x7a\x97\x3e\xf4\xc1\x69\xaf\x12\xdd\x7f\x02\x70\x06\x20\xbb\x04\x5b\xdb\xf8\x46\x23\xf3\x26\x35\x05\x70\xb3\xca\xdb\xc9\xae\xa4\x20\x0b\x28\x28\x7e\x17\xab"},
+{{0x91,0x84,0xef,0x61,0x88,0x16,0x83,0x25,0x92,0xbc,0x8e,0xb3,0x5f,0x4f,0xfd,0x4f,0xf9,0x8d,0xfb,0xf7,0x77,0x6c,0x90,0xf2,0xaa,0xd2,0x12,0xce,0x7e,0x03,0x35,0x1e,},{0x68,0x7b,0x77,0x26,0x01,0x0d,0x9b,0xde,0x2c,0x90,0xe5,0x73,0xcd,0x2a,0x2a,0x70,0x2f,0xf2,0x8c,0x4a,0x2a,0xf7,0x0a,0xfc,0x73,0x15,0xc9,0x4d,0x57,0x56,0x01,0xe5,},{0xb3,0xc2,0x4e,0x75,0x13,0x2c,0x56,0x34,0x75,0x42,0x2d,0x5e,0xa4,0x12,0xb5,0xc1,0xe8,0xe6,0xe5,0xea,0x1c,0x08,0xea,0xd1,0x39,0x3c,0x41,0x2d,0xa1,0x34,0xc9,0xa1,0x63,0x82,0x84,0xea,0x7e,0x2c,0xa0,0x32,0xfe,0x3d,0x3e,0x32,0xa9,0x06,0x6a,0x8c,0x88,0x39,0x90,0x3f,0x6e,0xf4,0x6e,0x96,0x6b,0xb5,0xe4,0x92,0xd8,0xc2,0xaa,0x00,},"\x72\x9e\xb7\xe5\x4a\x9d\x00\xc5\x86\x17\xaf\x18\xc3\x45\xb8\xdc\x6e\x5b\x4e\x0f\x57\xde\x2f\x3c\x02\xe5\x4a\x2e\xc8\xf1\x42\x5e\xc2\xe2\x40\x77\x5b\x5a\xb0\xc1\x0f\x84\xac\x8b\xaf\xda\x45\x84\xf7\xe2\x1c\x65\x5f\xae\xcd\x80\x30\xa9\x89\x06\xbd\x68\x39\x8f\x26\xb5\xd5\x8d\x92\xb6\xcf\x04\x5e\x9b\xd9\x74\x3c\x74\xc9\xa3\x42\xec\x61\xce\x57\xf3\x7b\x98\x1e\xac\x4d\x8b\xf0\x34\x60\x88\x66\xe9\x85\xbb\x68\x68\x6a\x68\xb4\xa2\xaf\x88\xb9\x92\xa2\xa6\xd2\xdc\x8c\xe8\x8b\xfb\x0a\x36\xcf\x28\xbb\xab\x70\x24\xab\xfa\x2b\xea\x53\x31\x3b\x66\xc9\x06\xf4\xf7\xcf\x66\x97\x0f\x54\x00\x95\xbd\x01\x04\xaa\x49\x24\xdd\x82\xe1\x54\x13\xc2\x26\x79\xf8\x47\xe4\x8c\xd0\xc7\xec\x1f\x67\x7e\x00\x5f\xec\x01\x77\xfb\xd5\xc5\x59\xfc\x39\xad\xd6\x13\x99\x1f\xba\xea\xe4\xd2\x4d\x39\xd3\x09\xef\x74\x64\x7f\x81\x92\xcc\x4c\x62\xd0\x64\x20\x28\xc7\x6a\x1b\x95\x1f\x6b\xc9\x63\x9d\xeb\x91\xec\xc0\x8b\xe6\x04\x3f\x21\x09\x70\x5a\x42\xc7\xea\xe7\x12\x64\x9d\x91\xd9\x6c\xcb\xbf\xb6\x3d\x8d\x0d\xd6\xdd\x11\x21\x60\xf6\x13\x61\xec\xdc\x67\x93\x92\x9c\xa9\xae\xf9\xab\x56\x94\x4a\x6f\xa4\xa7\xdf\x1e\x27\x9e\xaf\x58\xce\x83\x23\xa9\xcf\x62\xc9\x42\x79\xff\xf7\x44\x0f\xbc\x93\x6b\xaa\x61\x48\x9c\x99\x93\x30\xba\xdc\xb9\xfc\x0e\x18\x4b\xc5\x09\x3f\x33\x0c\xbb\x24\x2f\x71\xfb\x37\x87\x38\xfe\xa1\x05\x11\xdd\x43\x83\x64\xd7\xf7\x6b\xcc"},
+{{0x35,0x4e,0x13,0x15,0x2e,0xe1,0xfe,0x74,0x8a,0x12,0x52,0x20,0x4c,0x65,0x27,0xbd,0xc1,0xb1,0xeb,0x2e,0xb5,0x36,0x78,0x15,0x0e,0x63,0x59,0x92,0x47,0x08,0xd8,0x12,},{0xd4,0x5f,0xf6,0xc5,0xfb,0x83,0xe7,0xbb,0x96,0x69,0xaa,0x89,0x60,0xde,0xb7,0xdb,0xc6,0x65,0xc9,0x88,0x43,0x9b,0x6c,0x9e,0xf6,0x72,0xc6,0x81,0x1d,0xc8,0xbc,0xf6,},{0xde,0x2b,0x46,0xe6,0x5f,0x3d,0xec,0xef,0x34,0x33,0x2e,0x50,0x0f,0x2e,0x11,0x30,0x6f,0xbd,0xcf,0x1b,0xe8,0x5a,0x1c,0x1e,0xe6,0x8b,0xa3,0x04,0x5d,0xce,0xc2,0xc7,0xbe,0x60,0x8d,0x22,0x92,0x7d,0xa1,0xf4,0x4c,0x0e,0x20,0x83,0xae,0x62,0x2c,0xf3,0xc2,0x9d,0x89,0x38,0x87,0x99,0x4e,0xfc,0xfa,0x2c,0xa5,0x94,0xf5,0x05,0x1f,0x03,},"\x8e\x5f\xcc\xf6\x6b\x1b\xa6\x16\x9c\xb6\x85\x73\x3d\x9d\x0e\x01\x90\x36\x1c\x90\xbc\xab\x95\xc1\x63\x28\x5a\x97\xfe\x35\x6d\x2b\xdc\xde\x3c\x93\x80\x26\x88\x05\xa3\x84\xd0\x63\xda\x09\xcc\xd9\x96\x9c\xc3\xff\x74\x31\xe6\x0a\x8e\x9f\x86\x9c\xd6\x2f\xaa\x0e\x35\x61\x51\xb2\x80\xbc\x52\x6e\x57\x7c\x2c\x53\x8c\x9a\x72\x4d\xc4\x8b\xf8\x8b\x70\x32\x1d\x7e\x1e\xee\xdb\x3c\x4a\xf7\x06\x74\x8c\x94\x2e\x67\xbd\xab\xdb\x41\xbe\xc2\x97\x7b\x15\x23\x06\x9e\x31\xe2\x9b\x76\x30\x02\x88\xf8\x8a\x51\xb3\x84\xb8\x0c\xc2\x52\x6f\x16\x79\x34\x0d\xde\xc3\x88\x1f\x5c\xd2\x8b\x03\x78\xd9\xcd\x0a\x81\x2b\x68\xdd\x3f\x68\xf7\xa2\x3e\x1b\x54\xbe\xe7\x46\x6a\xc7\x65\xcf\x38\xdf\x04\xd6\x74\x41\xdf\xa4\x98\xc4\xbf\xfc\x52\x04\x5f\xa6\xd2\xdb\xcd\xbf\xa3\x3d\xfa\xa7\x76\x44\xff\xcc\xef\x0d\xec\xdb\x67\x90\xc7\x0a\x0d\x73\x4e\xc2\x87\xcc\x33\x8c\xb5\xa9\x09\xc0\x05\x51\x89\x30\x11\x69\xc4\xf7\x70\x2c\x05\xc0\x91\x1a\x27\xb1\x6e\xf9\xed\x93\x4f\xa6\xa0\xca\x7b\x13\xe4\x13\x52\x34\x22\x53\x56\x47\x96\x80\x30\xed\xc4\x0c\xd7\x3e\x7d\x6b\x34\x5b\x75\x81\xf4\x38\x31\x6d\x68\xe3\xcd\x29\x2b\x84\x6d\x3f\x4f\x7c\x48\x62\xbc\x7e\x6b\x3f\xb8\x9a\x27\xf6\xf6\x0c\xd7\xdb\x2e\x34\xec\x9a\xae\x10\x13\xfe\x37\xac\xff\x8a\xd8\x88\xcb\x9a\x59\x3e\xf5\xe6\x21\xea\xe5\x18\x6c\x58\xb3\x1d\xcf\xde\x22\x87\x0e\x33\x6d\x33\xf4\x40\xf6\xb8\xd4\x9a"},
+{{0x7f,0xf6,0x2d,0x4b,0x3c,0x4d,0x99,0xd3,0x42,0xd4,0xbb,0x40,0x1d,0x72,0x6b,0x21,0xe9,0x9f,0x4e,0xf5,0x92,0x14,0x9f,0xc3,0x11,0xb6,0x87,0x61,0xf5,0x56,0x7f,0xf6,},{0x7f,0xdf,0xdb,0x9e,0xca,0x29,0xd3,0xf0,0x1d,0x94,0x86,0xd7,0xe1,0x12,0xce,0x03,0xaa,0x37,0xb9,0x13,0x26,0xa4,0x28,0x3b,0x9c,0x03,0x99,0x9c,0x5e,0xda,0x09,0x9a,},{0x05,0x8f,0x79,0x92,0x7f,0xbf,0x61,0x78,0x72,0x48,0x15,0xc7,0xb1,0x1c,0x63,0xba,0xaa,0x90,0xbc,0xc1,0x5d,0x72,0x72,0xbe,0x08,0x2f,0x8a,0x91,0x41,0x86,0x1c,0x81,0x64,0x33,0x05,0x5f,0x6c,0xf6,0x49,0x14,0x24,0x85,0x3f,0x9e,0xc7,0x8b,0xb9,0x1a,0xce,0x91,0x3a,0x93,0x41,0x1b,0x4e,0x5e,0xd5,0x8b,0xc4,0xba,0x57,0x15,0xc6,0x0a,},"\x99\xc4\x4c\x79\x65\x72\xa4\x82\x3f\xc6\xc3\x80\x77\x30\x83\x91\x73\x77\x4c\x05\xdb\xfc\x14\x92\xed\x0d\x00\x50\x9a\x95\xa1\xde\x37\x27\x4b\x31\x35\xed\x04\x56\xa1\x71\x8e\x57\x65\x97\xdc\x13\xf2\xa2\xab\x37\xa4\x5c\x06\xcb\xb4\xa2\xd2\x2a\xfa\xd4\xd5\xf3\xd9\x0a\xb3\xd8\xda\x4d\xcd\xaa\x06\xd4\x4f\x22\x19\x08\x84\x01\xc5\xdc\xee\xe2\x60\x55\xc4\x78\x2f\x78\xd7\xd6\x3a\x38\x06\x08\xe1\xbe\xf8\x9e\xee\xf3\x38\xc2\xf0\x89\x7d\xa1\x06\xfa\xfc\xe2\xfb\x2e\xbc\x5d\xb6\x69\xc7\xc1\x72\xc9\xcf\xe7\x7d\x31\x09\xd2\x39\xfe\x5d\x00\x5c\x8e\xe7\x51\x51\x1b\x5a\x88\x31\x7c\x72\x9b\x0d\x8b\x70\xb5\x2f\x6b\xd3\xcd\xa2\xfe\x86\x5c\x77\xf3\x6e\x4f\x1b\x63\x5f\x33\x6e\x03\x6b\xd7\x18\xbe\xc9\x0e\xe7\x8a\x80\x28\x11\x51\x0c\x40\x58\xc1\xba\x36\x40\x17\x25\x3a\xa8\x42\x92\x2e\x1d\xd7\xd7\xa0\xf0\xfc\x9c\x69\xe4\x3f\xc4\xea\xef\xfa\xaf\x1a\xe5\xfa\x5d\x2d\x73\xb4\x30\x79\x61\x7b\xab\xa0\x30\x92\x3f\xe5\xb1\x3d\x2c\x1c\x4f\xe6\xfa\xc3\xf2\xdb\x74\xe2\x02\x0a\x73\x4b\x61\x21\xa0\x30\x2f\xce\x82\x0b\xa0\x58\x0c\xe6\x13\x53\x48\xfd\xf0\x63\x2e\x00\x08\xdf\x03\xee\x11\x21\x68\xf5\xcf\xa0\x03\x7a\x26\xa1\xf6\x9b\x1f\x13\x17\xed\xf2\xa3\xab\x36\x74\x55\xa7\x7e\x00\x69\x12\x15\xd7\xaa\x31\x33\xc2\x15\x9d\x3d\xa2\xb1\x34\xcf\x04\xf0\xde\xfb\xf0\x7a\x60\x64\x01\x1e\x64\xdd\x14\xd4\xf8\xf0\x64\x35\x66\x55\x42\x88\x04\xc2\x77\x1a"},
+{{0x6c,0xab,0xad,0xd0,0x3f,0x8a,0x2e,0x6e,0xba,0xb9,0x6a,0x74,0xf8,0x0e,0x18,0x16,0x4e,0x4d,0x1b,0x6b,0xaa,0x67,0x8f,0x5a,0x82,0xe2,0x56,0x04,0xaf,0x98,0x9a,0xaf,},{0x2a,0x4a,0x31,0x79,0x56,0x41,0x94,0xe0,0x01,0x00,0xc1,0x8b,0xc3,0x53,0x51,0xd8,0xb1,0x35,0xbb,0xae,0x5b,0x32,0xb2,0x8f,0xce,0x1d,0x7b,0x67,0x66,0xca,0x4b,0x32,},{0x4e,0x65,0xc6,0xc1,0xd4,0x93,0x04,0x5e,0x8a,0x92,0x50,0xe3,0x97,0xc1,0xd1,0xd3,0x0f,0xfe,0xd2,0x4d,0xb6,0x6a,0x89,0x61,0xaa,0x45,0x8f,0x8f,0x0f,0xcb,0x76,0x0c,0x39,0xfe,0x86,0x57,0xd7,0xab,0x8f,0x84,0x00,0x0b,0x96,0xd5,0x19,0x71,0x7c,0xff,0x71,0xf9,0x26,0x52,0x2c,0x1e,0xfe,0xc7,0xf8,0xb2,0x62,0x4e,0xae,0x55,0xf6,0x0c,},"\x27\x9f\x78\xcf\x3b\x9c\xcf\xc6\xe1\xb0\x1e\x1a\x82\xf5\x0e\xd1\x72\xe9\xa8\xe1\xe7\x02\xbb\x15\x66\x1d\xd7\xdc\x3a\x45\x6f\xf7\xa7\xa7\xfd\xfb\x08\x1d\xb3\x86\x70\x79\x63\x0c\x7f\x70\xfd\x75\x32\x92\xec\x60\xec\xbf\x50\x63\x2e\x9a\xa4\x5b\x99\x65\x05\xc6\x6e\x6d\xc3\xc6\xae\x89\x2e\x21\xb6\xa8\x70\x5e\x4b\xba\xe8\xf1\x6a\x33\x78\x55\x4b\x31\xfd\xb0\x13\x9d\xcd\x15\xc9\x6a\x8a\x7e\x4b\x88\x75\x6a\x86\xd1\x8d\xb5\xdc\x74\xfd\x76\x91\x19\x7d\xd8\x8e\x2c\x7d\x5d\xf5\x2b\x04\x93\x44\xcd\xc4\x77\xc9\xcd\x7e\x89\xed\xa9\x9c\xcf\xb1\xd0\x08\x14\xd0\x15\x2b\x96\x54\xdf\x32\x79\x37\x2c\xa5\xf1\x8b\x1c\x94\x6f\x28\x94\xa7\x6b\x07\x9d\xdb\x1c\x3c\xd6\x1f\xbb\x96\x9a\xee\xc9\x19\x3a\x6b\x88\xfb\x7d\x13\x6c\x07\xf9\x82\x1e\x5c\x10\x74\xb4\xe9\x3b\xca\xf6\xfa\x14\xd0\xd1\xd7\xe1\x70\x75\x89\xd7\x7e\xc1\x33\x72\x06\xe5\x3a\x1f\x06\xcc\x26\x67\x2f\xf9\x5c\x13\xd5\xff\x44\x47\x66\x93\x1b\xa3\x0a\x0a\xfd\xcd\xad\xd2\x09\x8e\x9c\x41\xfd\x87\xa3\xf2\x3c\xd1\x6d\xbb\x0e\xfb\xf8\x09\x2c\xe3\x3e\x32\x7f\x42\x61\x09\x90\xe1\xce\xe6\xcb\x8e\x54\x95\x1a\xa0\x81\xe6\x97\x65\xae\x40\x09\xae\xed\x75\x8e\x76\x8d\xe5\x0c\x23\xd9\xa2\x2b\x4a\x06\xdc\x4d\x19\xfc\x8c\xbd\x0c\xde\xf4\xc9\x83\x46\x17\x55\xd0\xa3\xb5\xd6\xa9\xc1\x22\x53\xe0\x95\x68\x33\x9f\xf7\xe5\xf7\x8c\x5f\xdf\x7e\xc8\x9f\x91\x86\xa6\x21\xa8\xc0\xee\xd1\x1b\x67\x02\x2e"},
+{{0x0f,0xa0,0xc3,0x2c,0x3a,0xe3,0x4b,0xe5,0x1b,0x92,0xf9,0x19,0x45,0x40,0x59,0x81,0xa8,0xe2,0x02,0x48,0x85,0x58,0xa8,0xe2,0x20,0xc2,0x88,0xc7,0xd6,0xa5,0x53,0x2d,},{0xd6,0xae,0xe6,0x2b,0xd9,0x1f,0xc9,0x45,0x36,0x35,0xff,0xcc,0x02,0xb2,0xf3,0x8d,0xca,0xb1,0x32,0x85,0x14,0x03,0x80,0x58,0x0c,0xcd,0xff,0x08,0x65,0xdf,0x04,0x92,},{0x7e,0x9a,0xb8,0x5e,0xe9,0x4f,0xe4,0xb3,0x5d,0xcb,0x54,0x53,0x29,0xa0,0xef,0x25,0x92,0x3d,0xe5,0xc9,0xdc,0x23,0xe7,0xdf,0x1a,0x7e,0x77,0xab,0x0d,0xcf,0xb8,0x9e,0x03,0xf4,0xe7,0x85,0xca,0x64,0x29,0xcb,0x2b,0x0d,0xf5,0x0d,0xa6,0x23,0x0f,0x73,0x3f,0x00,0xf3,0x3a,0x45,0xc4,0xe5,0x76,0xcd,0x40,0xbd,0xb8,0x4f,0x1a,0xe0,0x01,},"\x53\xf4\x4b\xe0\xe5\x99\x7f\xf0\x72\x64\xcb\x64\xba\x13\x59\xe2\x80\x1d\xef\x87\x55\xe6\x4a\x23\x62\xbd\xda\xf5\x97\xe6\x72\xd0\x21\xd3\x4f\xfa\xce\x6d\x97\xe0\xf2\xb1\xf6\xae\x62\x5f\xd3\x3d\x3c\x4f\x6e\x9f\xf7\xd0\xc7\x3f\x1d\xa8\xde\xfb\x23\xf3\x24\x97\x5e\x92\x1b\xb2\x47\x32\x58\x17\x7a\x16\x61\x25\x67\xed\xf7\xd5\x76\x0f\x3f\x3e\x3a\x6d\x26\xaa\xab\xc5\xfd\xe4\xe2\x04\x3f\x73\xfa\x70\xf1\x28\x02\x09\x33\xb1\xba\x3b\x6b\xd6\x94\x98\xe9\x50\x3e\xa6\x70\xf1\xed\x88\x0d\x36\x51\xf2\xe4\xc5\x9e\x79\xca\xbc\x86\xe9\xb7\x03\x39\x42\x94\x11\x2d\x5d\x8e\x21\x3c\x31\x74\x23\xb5\x25\xa6\xdf\x70\x10\x6a\x9d\x65\x8a\x26\x20\x28\xb5\xf4\x51\x00\xcb\x77\xd1\x15\x0d\x8f\xe4\x61\xee\xd4\x34\xf2\x41\x01\x5f\x32\x76\xad\x7b\x09\xa2\x91\xb4\xa7\xf3\x5e\x3c\x30\x05\x1c\xbf\x13\xb1\xd4\xa7\xfa\x0c\x81\xa5\x0f\x93\x9e\x7c\x49\x67\x3a\xfd\xc8\x78\x83\xc9\xe3\xe6\x1f\x5a\x1d\xf0\x37\x55\x47\x0f\xda\x74\xbf\x23\xea\x88\x67\x6b\x25\x8a\x97\xa2\x80\xd5\xf9\x0b\x52\xb7\x14\xb5\x96\x03\x5b\xae\x08\xc8\xd0\xfe\x6d\x94\xf8\x94\x95\x59\xb1\xf2\x7d\x71\x16\xcf\x59\xdd\x3c\xfb\xf1\x82\x02\xa0\x9c\x13\xf5\xc4\xfb\xc8\xd9\x72\x25\x49\x28\x87\xd3\x28\x70\xc2\x29\x7e\x34\xde\xbd\x98\x76\xd6\xd0\x1a\xc2\x7a\x16\xb0\x88\xb0\x79\x07\x9f\x2b\x20\xfe\xb0\x25\x37\xcd\xa3\x14\xc4\x3c\xb2\xdc\xa3\x71\xb9\xdf\x37\xed\x11\xec\x97\xe1\xa7\xa6\x99\x3a"},
+{{0x7b,0x06,0xf8,0x80,0x26,0xfa,0x86,0xf3,0x9f,0xce,0x24,0x26,0xf6,0x7c,0xc5,0x99,0x6b,0xed,0xd0,0xcf,0xc4,0xb5,0xeb,0xb1,0xb5,0xe3,0xed,0xbb,0x47,0xe0,0x80,0xaa,},{0x3f,0x14,0x69,0xee,0x6a,0x2e,0x78,0x67,0xe2,0xe9,0x01,0x2d,0x40,0x2c,0xf5,0xa4,0x86,0x14,0x97,0xc0,0x1d,0xf8,0x79,0xa1,0xde,0xb1,0xc5,0x39,0x83,0x0b,0x58,0xde,},{0x42,0xf1,0x33,0xe3,0x4e,0x3e,0xb7,0x03,0x2a,0x13,0x3e,0xd7,0x81,0x53,0x7e,0xc6,0x2e,0x44,0xa5,0xce,0x83,0x81,0xe5,0xe0,0xbf,0x9e,0x13,0xa9,0x14,0xa4,0xb2,0xc7,0x57,0x81,0x1d,0x6d,0x3b,0x1e,0x86,0x67,0x24,0x24,0xea,0x42,0x30,0xd1,0x0f,0x7c,0x61,0x0a,0xbb,0x70,0x69,0xe6,0x1e,0x31,0x9b,0x40,0x66,0xa2,0xbd,0x7b,0xc9,0x00,},"\x71\x17\x5d\x4e\x21\x72\x12\x97\xd9\x17\x6d\x81\x7f\x4e\x78\x5d\x96\x00\xd9\x23\xf9\x87\xfe\x0b\x26\xfd\x79\xd3\x3a\x5e\xa5\xd1\xe8\x18\xb7\x1f\x0f\x92\xb8\xc7\x3a\xfd\xda\xbd\xcc\x27\xf6\xd1\x6e\x26\xaa\xfa\x87\x4c\xfd\x77\xa0\x0e\x06\xc3\x6b\x04\x14\x87\x58\x2b\xb9\x33\x76\x0f\x88\xb4\x19\x12\x73\x45\x77\x6e\xa4\x18\xf8\x35\x22\x25\x4f\xed\x33\x81\x9b\xc5\xc9\x5f\x8f\x84\x04\xcc\x14\x4e\xbf\x14\x86\xc8\x85\x15\x40\x9d\x34\x33\xaa\xf5\x19\xd9\x92\x0f\x52\x56\xe6\x29\x41\x9e\x9a\x95\x58\x0a\x35\xb0\x69\xb8\xd2\x55\x33\xdf\xcb\xc9\x8a\xd3\x64\x04\xa9\x51\x80\x8e\x01\x37\x8c\x03\x26\x63\x26\xd1\x20\x04\x69\x75\xfd\xe0\x7d\xae\xf3\x26\x6c\xaa\xcd\x82\x1c\x14\x03\x49\x9d\x7f\xdf\x17\xc0\x33\xc8\xd8\xc3\xf2\x8f\x16\x2b\x5f\x09\xdf\xda\xca\x06\x28\x5f\x00\xc6\xcb\x98\x6d\xfd\xf5\x15\x1a\xa6\x63\x96\x08\xb5\xb1\x3e\x78\xd6\x5a\x43\x68\x58\x5b\x16\x13\x87\x54\xfb\xd1\x13\x83\x5a\x68\x6c\xd0\x66\xc2\xb8\x9b\xb0\x95\x3c\x24\xd5\x0e\x77\xbf\x0f\xc4\x57\xc1\xe0\xfc\xf5\xd4\x4d\xa8\xdb\x9a\x88\xf0\x62\xbe\x3b\x68\x8d\x5c\xdc\xff\x1d\x1c\x00\xe8\x1e\xc9\xd4\x13\x88\x22\x95\xb3\x41\xfe\xe8\xfa\x42\x7d\xc1\x09\xad\xeb\x5f\x28\x4e\xec\x20\x2f\x1b\xef\x11\x5b\xf9\x6b\x17\x82\xd3\xcc\xde\xb6\x82\xb6\x9b\xf9\x2d\x17\x0c\x00\x7d\x5d\xf8\x0e\x1e\xd9\x62\xf6\x77\xdc\x24\xa1\x45\xa1\xe4\xe8\x29\xe8\xde\xc0\x10\x4e\x5f\x78\x36\x59\x44"},
+{{0xc3,0xf5,0xe1,0x49,0x96,0x8a,0x24,0xf4,0xde,0x91,0x19,0x53,0x19,0x75,0xf4,0x43,0x01,0x5c,0xcc,0xa3,0x05,0xd7,0x11,0x9e,0xd4,0x74,0x9e,0x8b,0xf6,0xd9,0x4f,0xc7,},{0x39,0xaa,0xcc,0xdb,0x94,0x8a,0x40,0x38,0x53,0x8a,0x45,0x88,0x32,0x2f,0x80,0x6b,0xb1,0x29,0xb5,0x87,0x6c,0x4b,0xec,0x51,0x27,0x1a,0xfe,0x4f,0x49,0x69,0x00,0x45,},{0x5f,0xa2,0xb5,0x31,0x67,0x7b,0x00,0xb8,0x5b,0x0a,0x31,0x3c,0xbd,0x47,0x9f,0x55,0xf4,0xab,0x3e,0xc5,0xcf,0xce,0x5e,0x45,0x4d,0x2b,0x74,0x17,0x6c,0xcc,0x33,0x99,0xc8,0x99,0xf9,0xd6,0xb5,0x1e,0xd4,0xc1,0xe7,0x61,0x85,0xac,0x9f,0xe7,0x30,0xc4,0xb4,0x01,0x40,0x44,0xf7,0x04,0x11,0x85,0xbc,0x3c,0x85,0x72,0x2e,0xb2,0xea,0x02,},"\xc4\x63\x70\xe3\x7f\x2e\x0c\xad\xcf\x93\x40\x2f\x1f\x0c\xb0\x48\xf5\x28\x81\xba\x75\x0b\x7a\x43\xf5\x6a\xb1\x1c\xe3\x48\x73\x2f\xb5\x7e\x7f\x9a\xaf\x8d\xfc\xbe\x45\x5e\x14\xe9\x83\xc2\x48\xd0\x26\xa2\x7e\x7f\x14\x8d\x5d\xb5\xa5\x3f\x94\x63\x57\x02\xb8\x95\x12\x77\x71\x04\x7a\x87\x6d\x14\x10\x73\x86\xc5\xe0\xff\x89\x33\x34\x5b\xbd\x7a\x93\x6d\x99\x0d\x33\xef\xa2\x8c\x2e\xc4\xe4\x86\x4f\xfd\x2f\xf5\x76\xf7\xc8\x8f\x95\x4c\xfc\x1c\x45\x9e\x88\x3b\xb7\x12\xda\xe3\xcd\xf6\x63\x20\x66\xf1\xf4\xd1\x3a\x50\x96\x15\xb3\x36\x0c\xad\xc5\xa3\x07\xf2\x3e\x52\xa5\x1b\x40\xa6\xfe\xeb\xe0\xb1\x8d\x0e\x9e\xe4\xe3\x48\xf3\x3c\xd8\x1a\x8d\xef\x22\x2f\x6a\x59\xb1\x28\x61\xd3\x35\xbd\x9a\xf8\x5c\xc0\x04\xbe\x46\xf1\xd3\xa4\x24\xf4\x87\x0a\xe9\xdc\x58\x7e\x5a\x4a\xde\x13\x6b\x93\x70\x64\x93\x48\xc3\x3a\xc3\xbf\x1f\xeb\xee\xbf\xfe\xa3\x70\x85\xed\x59\xca\xc9\xd9\xe6\x96\x47\x0b\x23\x46\x09\xe9\xa1\x0a\x9d\x43\x1f\xf9\x1e\x69\xcb\x51\x35\xfd\x11\x7f\xf5\x8a\x36\x53\x97\x44\xeb\xe7\x0c\xea\x69\x73\xc0\x0c\x7a\x4d\x57\xb6\x2f\x4a\x71\x36\xd7\x31\xb8\xe4\x6f\xf1\x8e\xc0\xed\x69\x07\x00\x31\x90\x50\x75\xd8\x54\x1d\x56\x8c\xfc\xe6\xee\xb7\x62\x42\xb7\x81\x9a\x7b\x6a\x93\x55\x21\x11\xbb\x88\xf1\x65\x52\x7c\xfa\x69\x66\xd3\x9f\xcb\xe0\xa7\xde\xa0\x08\xe3\x9c\x7a\x3e\x57\x7a\xb3\x07\xcd\x1d\x0e\xa3\x26\x83\x3d\x52\x65\x4e\x17\x29\x55\xf3\xfc\xd4"},
+{{0x42,0x30,0x5c,0x93,0x02,0xf4,0x5e,0xa6,0xf8,0x7e,0x26,0xe2,0x20,0x8f,0xd9,0x4b,0x3c,0x4a,0xd0,0x37,0xb1,0xb6,0xc8,0x3c,0xf6,0x67,0x7a,0xa1,0x09,0x6a,0x01,0x3c,},{0x3b,0x97,0xb1,0xf1,0x1c,0xe4,0x5b,0xa4,0x6f,0xfb,0xb2,0x5b,0x76,0xbf,0xc5,0xad,0x7b,0x77,0xf9,0x0c,0xc6,0x9e,0xd7,0x61,0x15,0xde,0xa4,0x02,0x94,0x69,0xd5,0x87,},{0x18,0xd0,0x5e,0x5d,0x01,0x66,0x8e,0x83,0xf4,0x0f,0xa3,0xbb,0xee,0x28,0xb3,0x88,0xac,0xf3,0x18,0xd1,0xb0,0xb5,0xad,0x66,0x8c,0x67,0x2f,0x34,0x5c,0x8e,0xda,0x14,0xc2,0xf8,0x84,0xcd,0x2a,0x90,0x39,0x45,0x9c,0xe0,0x81,0x0b,0xc5,0xb5,0x80,0xfe,0x70,0xd3,0x96,0x4a,0x43,0xed,0xb4,0x9e,0x73,0xa6,0xff,0x91,0x4b,0xbf,0x04,0x0c,},"\xd1\x10\x82\x8d\x44\x91\x98\xd6\x75\xe7\x4e\x8e\x39\x43\x9f\xd1\x5e\x75\xbf\x2c\xc1\xf4\x30\xab\xfb\x24\x58\x36\x88\x5b\xaf\xc4\x20\xf7\x54\xb8\x9d\x2f\xbb\xf6\xdd\x34\x90\x79\x2e\x7a\x4f\x76\x60\x73\xcf\xe3\xb3\x02\xd0\x89\x83\x1a\xce\x86\x9e\x27\x30\xfd\xe4\x5c\x21\x21\xec\x3e\xf2\x17\xaa\x9c\x43\xfa\x7c\xc7\xe9\xed\x0a\x01\xad\x9f\x1d\x2f\xc3\x61\x36\x38\xca\x9f\xc1\x93\xc9\x8b\x37\x45\x5b\xf5\xdb\xf8\xf3\x8b\x64\x70\x8d\xfd\xca\x6c\x21\xf0\x97\x5f\x10\x17\xc5\xda\x5f\x64\x34\xbd\xa9\xf0\x33\xce\xc2\xa6\x31\xab\x50\x31\x8e\x01\x7b\x17\x0b\x24\x0b\xf0\x1e\xb8\xb3\x6c\x7e\x1c\xb5\x9e\x77\x36\xac\x34\x44\x42\x08\x13\x2a\x8f\x59\xe4\xf3\x13\xd6\x5d\x84\x9c\x6a\x4f\xdf\x13\xe2\x0e\xca\xee\x38\x23\xe5\x89\xa1\x71\xb3\x9b\x24\x89\x49\x7b\x06\xe6\xff\x58\xc2\xc9\xf1\xdc\x5d\x3a\xa3\xbd\x10\xe6\x44\x3e\x22\xd4\x2d\x07\xb7\x83\xf7\x9f\xd4\x3a\x46\xe1\xcd\xe3\x14\xb6\x63\xa9\x5f\x72\x46\xde\xa1\x31\xfc\xd4\x6d\x1d\xc3\x33\xc5\x45\x4f\x86\xb2\xc4\xe2\xe4\x24\xde\xa4\x05\xcc\x22\x30\xd4\xdc\xd3\x9a\x2e\xab\x2f\x92\x84\x5c\xf6\xa7\x99\x41\x92\x06\x3f\x12\x02\x74\x9e\xf5\x2d\xcb\x96\xf2\xb7\x9e\xd6\xa9\x81\x18\xca\x0b\x99\xba\x22\x85\x49\x08\x60\xeb\x4c\x61\xab\x78\xb9\xdd\xc6\xac\xc7\xad\x88\x3f\xa5\xe9\x6f\x9d\x02\x91\x71\x22\x3a\xbf\x75\x73\xe3\x62\x30\xe0\xa8\x1f\x6c\x13\x11\x15\x14\x73\xee\x26\x4f\x4b\x84\x2e\x92\x3d\xcb\x3b"},
+{{0xc5,0x7a,0x43,0xdc,0xd7,0xba,0xb8,0x51,0x60,0x09,0x54,0x69,0x18,0xd7,0x1a,0xd4,0x59,0xb7,0x34,0x5e,0xfd,0xca,0x8d,0x4f,0x19,0x92,0x98,0x75,0xc8,0x39,0xd7,0x22,},{0x20,0x83,0xb4,0x44,0x23,0x6b,0x9a,0xb3,0x1d,0x4e,0x00,0xc8,0x9d,0x55,0xc6,0x26,0x0f,0xee,0x71,0xac,0x1a,0x47,0xc4,0xb5,0xba,0x22,0x74,0x04,0xd3,0x82,0xb8,0x2d,},{0x1e,0xde,0xf9,0xbc,0x03,0x69,0x71,0xf1,0xfa,0x88,0xed,0xf4,0x53,0x93,0xc8,0x02,0xe6,0xc1,0xa1,0x63,0x1c,0x8a,0x06,0x87,0x1a,0x09,0xa3,0x20,0x82,0x1d,0xce,0x40,0xbe,0xca,0x97,0xe5,0x3a,0x03,0x61,0xa9,0x55,0xa4,0xc6,0xd6,0x0b,0x8c,0xa8,0xe4,0x00,0xc8,0x13,0x40,0x91,0x1c,0xcb,0x4f,0x56,0x28,0x40,0x41,0xcd,0xbb,0x18,0x04,},"\xa4\xf6\xd9\xc2\x81\xcf\x81\xa2\x8a\x0b\x9e\x77\x49\x9a\xa2\x4b\xde\x96\xcc\x12\x64\x37\x44\x91\xc0\x08\x29\x4e\xe0\xaf\x6f\x6e\x4b\xbb\x68\x63\x96\xf5\x90\x68\xd3\x58\xe3\x0f\xe9\x99\x2d\xb0\xc6\xf1\x66\x80\xa1\xc7\x1e\x27\xa4\xa9\x07\xac\x60\x7d\x39\xbd\xc3\x25\x8c\x79\x56\x48\x2f\xb3\x79\x96\xf4\xbe\xb3\xe5\x05\x1b\x81\x48\x01\x9a\x1c\x25\x6e\x2e\xe9\x99\xeb\xc8\xce\x64\xc5\x4e\x07\xfe\xdb\x4f\xbd\x89\x53\xeb\xd9\x3b\x7d\x69\xce\x5a\x00\x82\xed\xd6\x20\x9d\x12\xd3\x61\x9b\x4f\xd2\xea\xe9\x16\x46\x1f\x72\xa4\xce\x72\x71\x57\x25\x1a\x19\x20\x9b\xbf\xf9\xfb\xdb\xd2\x89\x43\x6f\x3f\xca\xcc\x6b\x4e\x13\x18\x52\x1a\x47\x83\x9c\xba\x4b\x14\xf7\xd7\xa2\x1e\x7b\x5d\x6b\x6a\x75\x3d\x58\x04\xaf\xcd\x2b\x1e\xb7\x77\x9b\x92\xab\xab\x8a\xfa\x8a\xa4\xfa\x51\xca\xec\x0b\x85\xdc\xd0\xfc\x2a\x06\x76\x03\x6d\x3f\x56\x63\x0a\x83\x1f\xfe\xb5\x02\x86\x1d\xd8\x91\x61\xc7\x08\xa9\xc0\x06\xc7\x3c\x93\x0c\xe5\xb9\x47\x56\x42\x6f\xf1\x8a\xa1\x12\xfb\x4e\xb9\xa6\x85\x00\xb4\x8d\x4e\xed\xbd\x41\x67\xb6\xff\xd0\xa1\x1d\x49\x44\x3a\x17\x3c\xe9\xd9\x49\x43\x67\x48\xfc\x06\x34\xf0\x6b\xb0\x8b\x8f\x34\x23\xf4\x46\x3d\xba\x7b\x4d\x19\x9b\x64\xdf\x57\x81\x17\xf0\xa2\x64\x5f\x0b\x2a\x1e\x2a\xda\x27\xd2\x86\xf7\x67\x33\xf2\x5b\x82\xed\x1d\x48\xa5\xc3\x89\x8d\x4a\xd6\x21\xe5\x0e\xd9\x06\x0d\xaa\xd4\x0a\x39\x53\x2e\x4d\x1b\xf1\x62\xce\x36\x80\x4d\x5d\x4e\x2d"},
+{{0x2d,0xdd,0xb6,0xb8,0xfd,0x04,0xfa,0x90,0xec,0xe1,0xa7,0x09,0xf8,0x41,0x8f,0x2e,0x5d,0x0c,0x9c,0x43,0xaf,0xe7,0xcf,0xce,0x19,0xe6,0xad,0x15,0xa7,0x34,0x76,0xf7,},{0x80,0x59,0xde,0x6a,0x7c,0x47,0x76,0x48,0x9e,0xcc,0x2e,0x7d,0x70,0x7f,0xfc,0xe3,0x02,0x85,0xbf,0x30,0xa2,0x3f,0x78,0xd7,0x2d,0xb4,0x9c,0xfd,0x6e,0xd0,0xd4,0x92,},{0xc6,0x34,0xea,0x7b,0xf7,0x2e,0x89,0x5a,0x2e,0x79,0x6e,0x28,0x34,0x20,0x14,0x15,0xb8,0xb4,0x5e,0x05,0xe0,0x45,0x55,0x92,0x84,0xeb,0x90,0x52,0xc0,0xe8,0x4f,0x62,0xa5,0xa9,0xf0,0xc9,0x76,0x4f,0x75,0x76,0x78,0x8c,0x72,0x28,0xb1,0x9e,0xf5,0x17,0xc1,0x95,0x49,0x73,0x25,0xa4,0x8a,0x93,0x44,0xb1,0x47,0xc1,0x2f,0xd7,0x55,0x09,},"\x47\x4b\xaa\x59\x0a\x4c\xd7\x2d\x54\x24\xe5\x1d\x82\x57\xb3\xd4\x43\x25\xbc\x4c\x50\x63\xa0\x03\x3c\x86\xeb\xbe\x99\xed\x72\x12\x18\x4c\x19\x94\x4d\x08\x2a\x11\x53\x79\xdd\x4c\xec\xe9\x73\xfa\xa0\xbc\xa6\x48\x5b\xd2\x5f\x37\x44\xa7\x19\xe7\x0a\xa0\x29\x1e\x1b\x5a\x96\xe6\x37\xc1\x40\x61\x6a\x98\x26\x33\x57\xc7\x6b\x6e\xb0\x08\x3f\xe5\x14\x14\xe3\x86\x87\x0d\x0f\xdc\x7d\xd9\xab\xe4\xff\x6f\xb5\xbb\xf1\xe7\xb1\x5d\xac\x3e\x08\xe2\x61\x5f\x65\x5c\x31\x04\xce\xb3\x2a\x4c\xc2\xc9\xe9\xc4\x3c\xf2\x82\xd3\x46\xac\x25\x3c\xcc\x46\xb6\x35\xae\x04\x09\x73\xb4\x97\x35\x72\x0f\xfb\x89\x04\x69\xa5\x67\xc5\x82\x4e\x0c\x00\xd7\xcc\xd5\x50\x9a\x71\x80\x92\xa9\x06\x46\x1c\x4d\x61\x63\xea\xf4\x22\x41\x8f\x5f\xc6\xe0\x09\xfc\x3f\x52\x9a\xc6\x1a\x2f\x89\xbb\x8e\x0e\xd4\x5d\x94\x0c\x4c\x23\x31\xff\x8d\x8e\x1d\x6d\x58\xd4\x17\xd8\xfc\x26\x56\xa0\x2e\x87\x01\xae\xe7\x5a\xed\x91\x87\x24\xee\xbe\x4a\x2c\xf4\x74\x4c\x5c\x40\x1e\x21\x70\x23\xdf\x68\xa6\xf6\xa0\x22\x8b\xd0\x5a\x67\x9a\x69\x7d\x8d\xe7\x03\x6b\x9e\xd2\x69\x09\x0d\x3c\x65\x48\x6a\xfb\x91\xe2\x79\x54\xeb\x15\xb9\x64\x66\x5e\xde\x7a\xd0\x08\xf1\x2f\xb3\xa9\xd0\xe6\x9c\x13\xb4\x25\x4f\x43\x81\x9e\x08\x18\xa4\x19\x5f\x68\xb8\xa3\x8a\xe8\x1f\x3f\xcb\x18\x79\xc9\x5a\xb4\xcd\x0f\xfc\x38\xe3\x81\x08\x92\x60\xcc\xa9\x67\xac\xe5\xa0\x85\xb4\x57\xab\x5e\xb3\x63\x85\x21\x01\x37\x75\x70\xf9\xac\x9e\x38"},
+{{0x55,0x47,0xf1,0x00,0x4b,0xae,0xdf,0xce,0x5c,0xfc,0x08,0x50,0xb0,0x53,0x02,0x37,0x4a,0xad,0x24,0xf6,0x16,0x39,0x94,0xec,0xd7,0x51,0xdf,0x3a,0xf3,0xc1,0x06,0x20,},{0x7c,0xe6,0x20,0x78,0x73,0x85,0xee,0x19,0x51,0xac,0x49,0xa7,0x73,0x52,0xee,0x0d,0x6f,0x8c,0x5c,0xd4,0x7d,0xf7,0x4e,0x9e,0x32,0x16,0xa6,0x32,0x4f,0xc7,0xcf,0x7f,},{0x29,0xdf,0x3a,0xd5,0x89,0x00,0x9c,0x66,0x7b,0xaa,0x5e,0x72,0xda,0xbb,0x4e,0x53,0xcb,0x78,0x76,0xde,0x4e,0x7e,0xfe,0x5c,0xc2,0x1e,0xad,0x7f,0xa8,0x78,0xdb,0x57,0xf9,0x7c,0x11,0x03,0xdd,0xb3,0x9a,0x86,0x1e,0xb8,0x86,0x53,0xc1,0xd4,0xec,0x3b,0x43,0x06,0xe4,0x58,0x4b,0x47,0xb8,0xbc,0x90,0x42,0x31,0x19,0xe7,0xe4,0xaf,0x00,},"\xa6\xc1\x7e\xeb\x5b\x80\x66\xc2\xcd\x9a\x89\x66\x73\x17\xa9\x45\xa0\xc7\xc9\x69\x96\xe7\x7a\xe8\x54\xc5\x09\xc6\xcd\x06\x31\xe9\x22\xad\x04\x50\x3a\xf8\x7a\x3c\x46\x28\xad\xaf\xed\x76\x00\xd0\x71\xc0\x78\xa2\x2e\x7f\x64\xbd\xa0\x8a\x36\x2b\x38\xb2\x6c\xa1\x50\x06\xd3\x8a\xcf\x53\x2d\x0d\xed\xea\x41\x77\xa2\xd3\x3f\x06\x95\x6d\x80\xe9\x63\x84\x8e\xc7\x91\xb2\x76\x2f\xa9\x94\x49\xb4\xf1\xa1\xed\x9b\x3f\x25\x80\xbe\x3a\xc7\xd7\xf5\x2f\xb1\x44\x21\xd6\x22\x2b\xa7\x6f\x80\x77\x50\xc6\xcb\xb0\xb1\x6f\x08\x95\xfc\x73\xd9\xdf\xc5\x87\xe1\xa9\xe5\xd1\xe5\x83\x75\xfb\xab\x70\x5b\x8f\x0c\x1f\xd7\xdf\x8b\x3a\xd4\x46\xf2\xf0\x84\x59\xe7\xed\x1a\xf5\x95\x56\xfb\xc9\x66\xdc\x24\x9c\x1c\xf6\x04\xf3\xe6\x77\xc8\xa0\x9d\x43\x63\x60\x87\x74\xbf\x38\x11\xbe\xf0\x64\x27\x48\xc5\x5c\x51\x6c\x7a\x58\x0f\xa3\x49\x90\x50\xac\xb3\x0e\xed\x87\x0d\x0d\x91\x17\x4c\xb6\x23\xe9\x8c\x3a\xd1\x21\xcf\x81\xf0\x4e\x57\xd4\x9b\x00\x84\x24\xa9\x8a\x31\xee\xaa\xf5\xf3\x8e\x00\x0f\x90\x3d\x48\xd2\x15\xed\x52\xf8\x62\xd6\x36\xa5\xa7\x36\x07\xde\x85\x76\x01\x67\x26\x7e\xfe\x30\xf8\xa2\x6e\xbc\x5a\xa0\xc0\x9f\x5b\x25\x8d\x33\x61\xca\x69\xd1\xd7\xee\x07\xb5\x96\x48\x17\x9a\xb2\x17\x0e\xc5\x0c\x07\xf6\x61\x6f\x21\x68\x72\x52\x94\x21\xa6\x33\x4a\x4a\x1e\xd3\xd2\x67\x1e\xf4\x7b\xc9\xa9\x2a\xfb\x58\x31\x4e\x83\x2d\xb8\xa9\x00\x34\x08\xa0\x48\x75\x03\xfe\x4f\x67\x77\x0d\xd4\xb6"},
+{{0x3d,0xd7,0x20,0x3c,0x23,0x7a,0xef,0xe9,0xe3,0x8a,0x20,0x1f,0xf3,0x41,0x49,0x01,0x79,0x90,0x5f,0x9f,0x10,0x08,0x28,0xda,0x18,0xfc,0xbe,0x58,0x76,0x8b,0x57,0x60,},{0xf0,0x67,0xd7,0xb2,0xff,0x3a,0x95,0x7e,0x83,0x73,0xa7,0xd4,0x2e,0xf0,0x83,0x2b,0xcd,0xa8,0x4e,0xbf,0x28,0x72,0x49,0xa1,0x84,0xa2,0x12,0xa9,0x4c,0x99,0xea,0x5b,},{0x4c,0x03,0x69,0x35,0xa9,0x6a,0xbc,0x0d,0x05,0x0d,0x90,0x7b,0xed,0xbe,0x99,0x46,0xfb,0x97,0x43,0x9f,0x03,0x9c,0x74,0x2e,0x05,0x1c,0xcf,0x09,0xad,0xd7,0xdf,0x44,0xd1,0x7d,0xa9,0x8c,0x2c,0xa0,0x1b,0xdc,0x24,0x24,0xda,0x1e,0x4d,0xeb,0xf3,0x47,0xf8,0xff,0xf4,0x8a,0xc8,0x03,0x0d,0x2c,0xc0,0x7f,0x95,0x75,0xc0,0x44,0xbe,0x04,},"\xdb\x28\xed\x31\xac\x04\xb0\xc2\xde\xce\xe7\xa6\xb2\x4f\xc9\xa0\x82\xcc\x26\x2c\xa7\xcc\xf2\xa2\x47\xd6\x37\x2e\xc3\xe9\x12\x0e\xce\xdb\x45\x42\xea\x59\x3f\xea\x30\x33\x5c\x5a\xb9\xdd\x31\x8a\x3b\x4f\xd5\x83\x42\x99\xcf\x3f\x53\xd9\xef\x46\x13\x7b\x27\x3c\x39\x0e\xc3\xc2\x6a\x0b\x44\x70\xd0\xd9\x4b\x77\xd8\x2c\xae\x4b\x24\x58\x78\x37\xb1\x67\xbb\x7f\x81\x66\x71\x0b\xae\xb3\xee\x70\xaf\x79\x73\x16\xcb\x7d\x05\xfa\x57\xe4\x68\xae\x3f\x0b\xd4\x49\x40\x4d\x85\x28\x80\x8b\x41\xfc\xca\x62\xf5\xe0\xa2\xaa\x5d\x8f\x3a\xca\xb0\x08\xcc\x5f\x6e\x5a\xb0\x27\x77\xbd\xcd\xe8\x7f\x0a\x10\xef\x06\xa4\xbb\x37\xfe\x02\xc9\x48\x15\xcf\x76\xbf\xb8\xf5\xcd\xd8\x65\xcc\x26\xdc\xb5\xcf\x49\x2e\xdf\xd5\x47\xb5\x35\xe2\xe6\xa6\xd8\x54\x09\x56\xdc\xba\x62\xcf\xea\x19\xa9\x47\x44\x06\xe9\x34\x33\x7e\x45\x42\x70\xe0\x10\x36\xac\x45\x79\x3b\x6b\x8a\xce\xda\x18\x7a\x08\xd5\x6a\x2c\xe4\xe9\x8f\x42\xea\x37\x5b\x10\x1a\x6b\x9f\xcb\x42\x31\xd1\x71\xaa\x46\x3e\xeb\x43\x58\x6a\x4b\x82\xa3\x87\xbc\xdd\xaf\x71\xa8\x0f\xd5\xc1\xf7\x29\x2e\xfc\x2b\xd8\xe7\x0c\x11\xea\xa8\x17\x10\x60\x61\xb6\xc4\x61\xc4\x88\x3d\x61\x3c\xc0\x6c\x7e\x2a\x03\xf7\x3d\x90\xfc\x55\xcd\xc0\x72\x65\xee\xfd\x36\xbe\x72\x27\x03\x83\xd6\xc6\x76\xca\xe3\x7c\x93\x69\x1f\x1a\xe3\xd9\x27\xb3\xa1\xcd\x96\x3e\x42\x29\x75\x7a\xe5\x23\x1e\xea\x73\xa9\xf7\x15\x15\x62\x83\x05\x41\x0a\xc2\x59\x3b\x32\x5c\xc6\x31"},
+{{0x28,0x27,0x75,0xdf,0x9e,0xbb,0xd7,0xc5,0xa6,0x5f,0x3a,0x2b,0x09,0x6e,0x36,0xee,0x64,0xa8,0xf8,0xea,0x71,0x9d,0xa7,0x77,0x58,0x73,0x9e,0x4e,0x74,0x76,0x11,0x1d,},{0xa2,0xb4,0x96,0x46,0x03,0x3a,0x13,0x93,0x7c,0xad,0x6b,0x0e,0x91,0x4e,0x3c,0xec,0x54,0x98,0x9c,0x25,0x2c,0xa5,0x64,0x3d,0x07,0x65,0x55,0xd8,0xc5,0x5e,0x56,0xe0,},{0x15,0x76,0x39,0x73,0x85,0x94,0x02,0x90,0x7d,0x8d,0xcb,0x86,0xad,0xc2,0x4a,0x2a,0x16,0x8b,0xa3,0xab,0xf2,0x24,0x61,0x73,0xd6,0x34,0x8a,0xfe,0xd5,0x1e,0xf6,0x0b,0x0c,0x0e,0xde,0xff,0x4e,0x10,0xbc,0xef,0x4c,0x6e,0x57,0x78,0xc8,0xbc,0x1f,0x5e,0x9e,0xe0,0x23,0x73,0x73,0x44,0x5b,0x45,0x51,0x55,0xd2,0x3d,0xe1,0x27,0xa2,0x02,},"\x14\xcc\x50\xc2\x97\x3e\xa9\xd0\x18\x7a\x73\xf7\x1c\xb9\xf1\xce\x07\xe7\x39\xe0\x49\xec\x2b\x27\xe6\x61\x3c\x10\xc2\x6b\x73\xa2\xa9\x66\xe0\x1a\xc3\xbe\x8b\x50\x5a\xea\xad\x14\x85\xc1\xc2\xa3\xc6\xc2\xb0\x0f\x81\xb9\xe5\xf9\x27\xb7\x3b\xfd\x49\x86\x01\xa7\x62\x2e\x85\x44\x83\x7a\xad\x02\xe7\x2b\xf7\x21\x96\xdc\x24\x69\x02\xe5\x8a\xf2\x53\xad\x7e\x02\x5e\x36\x66\xd3\xbf\xc4\x6b\x5b\x02\xf0\xeb\x4a\x37\xc9\x55\x49\x92\xab\xc8\x65\x1d\xe1\x2f\xd8\x13\x17\x73\x79\xbb\x0c\xe1\x72\xcd\x8a\xaf\x93\x7f\x97\x96\x42\xbc\x2e\xd7\xc7\xa4\x30\xcb\x14\xc3\xcd\x31\x01\xb9\xf6\xb9\x1e\xe3\xf5\x42\xac\xdf\x01\x7f\x8c\x21\x16\x29\x7f\x45\x64\x76\x8f\x4d\xb9\x5d\xad\x8a\x9b\xcd\xc8\xda\x4d\x8f\xb1\x3e\xf6\xe2\xda\x0b\x13\x16\xd3\xc8\xc2\xf3\xed\x83\x6b\x35\xfe\x2f\xd3\x3e\xff\xb4\x09\xe3\xbc\x1b\x0f\x85\x22\x5d\x2a\x1d\xe3\xbf\xc2\xd2\x05\x63\x94\x64\x75\xc4\xd7\xca\x9f\xdd\xba\xf5\x9a\xd8\xf8\x96\x1d\x28\x7a\xe7\xdd\x80\x3e\x7a\xf1\xfa\x61\x23\x29\xb1\xbd\xc0\x4e\x22\x56\x00\xae\x73\x1b\xc0\x1a\xe0\x92\x5a\xed\x62\xac\x50\xd4\x60\x86\xf3\x64\x6c\xf4\x7b\x07\x2f\x0d\x3b\x04\x4b\x36\xf8\x5c\xec\x72\x9a\x8b\xb2\xb9\x28\x83\xca\x4d\xfb\x34\xa8\xee\x8a\x02\x73\xb3\x1a\xf5\x09\x82\xbb\x61\x31\xbf\xa1\x1d\x55\x50\x4b\x1f\x6f\x1a\x0a\x00\x43\x8c\xa2\x6d\x8a\xb4\xf4\x8b\xcd\xdc\x9d\x5a\x38\x85\x1a\xbe\xde\x41\x51\xd5\xb7\x0d\x72\x07\x32\xa0\x0a\xbe\xa2\xc8\xb9\x79"},
+{{0x47,0x30,0xa5,0xcf,0x97,0x72,0xd7,0xd6,0x66,0x5b,0xa7,0x87,0xbe,0xa4,0xc9,0x52,0x52,0xe6,0xec,0xd6,0x3e,0xc6,0x23,0x90,0x54,0x7b,0xf1,0x00,0xc0,0xa4,0x63,0x75,},{0xf9,0xf0,0x94,0xf7,0xcc,0x1d,0x40,0xf1,0x92,0x6b,0x5b,0x22,0xdc,0xe4,0x65,0x78,0x44,0x68,0xb2,0x0a,0xb3,0x49,0xbc,0x6d,0x4f,0xdf,0x78,0xd0,0x04,0x2b,0xbc,0x5b,},{0x55,0x2c,0x73,0x47,0xbd,0xfe,0x13,0x16,0x46,0xce,0x09,0x32,0xd8,0x2a,0x36,0xd2,0xc1,0xb7,0x6d,0x7c,0x30,0xee,0x89,0x0e,0x05,0x92,0xe1,0x9f,0x9d,0x18,0xb9,0xa5,0x6f,0x48,0xd7,0xa9,0xb6,0x8c,0x01,0x7d,0xa6,0xb5,0x50,0xc9,0x43,0xaf,0x4a,0x90,0x7b,0xaf,0x31,0x7e,0x41,0x9f,0xbb,0xc9,0x6f,0x6c,0xf4,0xbf,0xad,0x42,0xde,0x00,},"\xe7\x47\x6d\x2e\x66\x84\x20\xe1\xb0\xfa\xdf\xba\xa5\x42\x86\xfa\x7f\xa8\x90\xa8\x7b\x82\x80\xe2\x60\x78\x15\x22\x95\xe1\xe6\xe5\x5d\x12\x41\x43\x5c\xc4\x30\xa8\x69\x3b\xb1\x0c\xde\x46\x43\xf5\x9c\xbf\xcc\x25\x6f\x45\xf5\x09\x0c\x90\x9a\x14\xc7\xfc\x49\xd3\x7b\xfc\x25\xaf\x11\xe8\xf4\xc8\x3f\x4c\x32\xd4\xaa\xbf\x43\xb2\x0f\xa3\x82\xbb\x66\x22\xa1\x84\x8f\x8f\xfc\x4d\xff\x34\x08\xbb\x4e\xc7\xc6\x7a\x35\xb4\xcd\xae\xe5\xe2\x79\xc0\xfc\x0a\x66\x09\x3a\x9f\x36\xa6\x0f\xdd\x65\xe6\x33\x4a\x80\x4e\x84\x5c\x85\x30\xb6\xfd\xa3\x63\xb5\x64\x03\x37\xd0\x27\x24\x3c\xcf\xb3\xc1\x77\xf4\x3e\x71\x78\x96\xe4\x6e\xad\x7f\x72\xca\x06\xaa\x0f\xf1\xe7\x72\x47\x12\x1b\xaf\x48\xbe\x9a\x44\x5f\x72\x9c\xa1\x39\x0f\xc4\x61\x51\xcb\xd3\x3f\xcb\xd7\x37\x3f\x27\xa6\xba\x55\xc9\x2c\xbf\x69\x45\xb0\x9b\x44\xb9\xa4\xe5\x80\x0d\x40\x30\x70\xae\x66\x04\x89\x97\xb2\x19\x7f\x02\x18\x1a\x09\x7e\x56\x3f\x9b\x9a\xcc\x84\x11\x39\x25\x8a\x25\x8b\xc6\x10\xd3\xbd\x89\x16\x37\x35\x6b\x2e\xdc\x8c\x18\x4c\x35\xc6\x5a\xf9\x1a\xaf\x7b\x1c\x16\xd7\x4a\x5f\x5f\x86\x25\x48\x13\x92\x54\xec\xf5\x50\x63\x1d\x5f\x88\x49\xaf\xdb\x5b\x64\xcf\x36\x6f\xf2\x63\x3a\x93\xf3\xa1\x8c\x39\xb5\x15\x02\x45\xfb\x5f\x33\xc9\xe4\xe2\xd9\x4a\xf6\x96\x3a\x70\xb8\x8f\x9e\x7e\x51\x9f\x8f\xa2\xa0\xf2\xe3\x74\x9d\xe8\x83\xd0\xe6\xf0\x52\xa9\x49\xd0\xfc\x71\x53\xa8\x69\x3f\x6d\x80\x1d\x73\x52\xeb\x2f\x7a\x46\x5c\x0e"},
+{{0x27,0x70,0xaa,0xdd,0x1d,0x12,0x3e,0x95,0x47,0x83,0x2d,0xfb,0x2a,0x83,0x7e,0xba,0x08,0x91,0x79,0xef,0x4f,0x23,0xab,0xc4,0xa5,0x3f,0x2a,0x71,0x4e,0x42,0x3e,0xe2,},{0x3c,0x5f,0xbb,0x07,0x53,0x0d,0xd3,0xa2,0x0f,0xf3,0x5a,0x50,0x0e,0x37,0x08,0x92,0x63,0x10,0xfe,0xd8,0xa8,0x99,0x69,0x02,0x32,0xb4,0x2c,0x15,0xbd,0x86,0xe5,0xdc,},{0xf2,0x67,0x71,0x5e,0x9a,0x84,0xc7,0x31,0x4f,0x2d,0x58,0x69,0xef,0x4a,0xb8,0xd2,0x14,0x9a,0x13,0xf7,0xe8,0xe1,0xc7,0x28,0xc4,0x23,0x90,0x62,0x93,0xb4,0x9c,0xe6,0x28,0x34,0x54,0xdd,0x1c,0x7b,0x04,0x74,0x1d,0xf2,0xea,0xbe,0xdc,0x4d,0x6a,0xb1,0x39,0x7d,0xc9,0x5a,0x67,0x9d,0xf0,0x4d,0x2c,0x17,0xd6,0x6c,0x79,0xbb,0x76,0x01,},"\xa5\xcc\x20\x55\xeb\xa3\xcf\x6f\x0c\x63\x32\xc1\xf2\xab\x58\x54\x87\x09\x13\xb0\x3f\xf7\x09\x3b\xc9\x4f\x33\x5a\xdd\x44\x33\x22\x31\xd9\x86\x9f\x02\x7d\x82\xef\xd5\xf1\x22\x71\x44\xab\x56\xe3\x22\x2d\xc3\xdd\xcc\xf0\x62\xd9\xc1\xb0\xc1\x02\x4d\x9b\x41\x6d\xfa\x3e\xe8\xa7\x02\x79\x23\x00\x34\x65\xe0\xff\xae\xfb\x75\xb9\xf2\x9d\xc6\xbc\xf2\x13\xad\xc5\xe3\x18\xfd\x8b\xa9\x3a\x7a\xa5\xbf\xb4\x95\xde\x9d\x7c\x5e\x1a\x19\x6c\xd3\xa2\xd7\x72\x1f\x8b\xa7\x85\xaa\x90\x52\xa1\x81\x1c\x7f\xcc\x8f\x93\x93\x27\x65\x05\x9c\xab\x9c\x9b\x71\x89\x45\x89\x5e\xf2\x6f\x3a\xc0\x48\xd4\xca\xbf\x91\xa9\xe6\xaa\x83\xac\x14\xd4\x31\x56\x82\x78\x37\x91\x4e\xb7\x63\xa2\x3c\xba\x53\xf6\x0f\x15\x0f\x4b\x70\x20\x3e\xc1\x83\x3f\xf1\x05\x84\x94\x57\xa8\xda\x73\x27\x66\x1f\xb2\x3a\x55\x41\x64\xe0\x5f\xcf\x01\x46\xb1\x06\x74\x96\x4b\xe6\xf6\xaa\x0a\xcc\x94\xc4\x1a\xd5\x71\x80\xe5\x18\x0d\x19\x9b\xd9\x10\x2f\x55\xd7\x40\xe8\x17\x89\xb1\x56\x71\xbb\xd0\x67\x0e\x6d\xe5\xd9\x7e\x1a\xe6\x26\xd8\xa0\xeb\xc3\x2c\x8f\xd9\xd2\x47\x37\x27\x4e\x47\xd2\xdd\x59\x41\xa2\x72\xe7\x2a\x59\x89\x28\xad\x10\x9c\xde\x93\x7b\xf2\x48\xd5\x7f\x5d\x29\x42\x98\x3c\x51\xe2\xa8\x9f\x8f\x05\x4d\x5c\x48\xdf\xad\x8f\xcf\x1f\xfa\x97\xf7\xde\x6a\x3a\x43\xca\x15\xfc\x67\x20\xef\xae\xc6\x9f\x08\x36\xd8\x42\x23\xf9\x77\x6d\x11\x1e\xc2\xbb\xc6\x9b\x2d\xfd\x58\xbe\x8c\xa1\x2c\x07\x21\x64\xb7\x18\xcd\x7c\x24\x6d\x64"},
+{{0x4f,0xda,0xb7,0xc1,0x60,0x0e,0x70,0x11,0x4b,0x11,0xf5,0x33,0x24,0x23,0x76,0xaf,0x76,0x14,0xb4,0xd5,0xda,0x04,0x6a,0xc4,0xbe,0xde,0xa2,0x1d,0x8a,0x36,0x15,0x98,},{0xa2,0x5c,0x9a,0x94,0xd6,0xe4,0xec,0xd9,0x5a,0x4b,0xd6,0x80,0x5f,0x76,0x2e,0xb1,0xc4,0x57,0xa8,0xd4,0x5d,0x24,0x32,0x38,0xb1,0x83,0x9c,0xbb,0xa8,0xf4,0x41,0xcc,},{0x50,0x75,0xc0,0x90,0xcf,0xbe,0xb6,0xb0,0x18,0x02,0xaf,0x7f,0x4d,0xa5,0xaa,0x4f,0x43,0x4d,0x5e,0xe2,0xf3,0x53,0x0e,0xeb,0xb7,0x5c,0x85,0xe0,0x86,0x21,0xf8,0x3e,0xdc,0x08,0xaa,0x96,0x69,0x38,0x94,0xa4,0x27,0x76,0x33,0xba,0x81,0xe1,0x9e,0x9e,0x55,0xaf,0x5c,0x49,0x5d,0xaa,0x5e,0x1a,0x6f,0x8c,0xbb,0x79,0xc0,0x1c,0x72,0x07,},"\xda\x40\x58\x90\xd1\x1a\x87\x2c\x11\x9d\xab\x5e\xfc\xbf\xf6\x1e\x93\x1f\x38\xec\xcc\xa4\x57\xed\xc6\x26\xd3\xea\x29\xed\x4f\xe3\x15\x4f\xaf\xec\x14\x44\xda\x74\x34\x3c\x06\xad\x90\xac\x9d\x17\xb5\x11\xbc\xb7\x3b\xb4\x9d\x90\xba\xfb\x7c\x7e\xa8\x00\xbd\x58\x41\x1d\xf1\x27\x5c\x3c\xae\x71\xb7\x00\xa5\xda\xb4\x91\xa4\x26\x16\x78\x58\x79\x56\xaa\x4a\x21\x9e\x1a\xc6\xdd\x3f\xb2\xcb\x8c\x46\x19\x72\x18\xe7\x26\xdc\x7e\xd2\x34\x52\x6a\x6b\x01\xc0\xd7\x2c\xb9\x3a\xb3\xf4\xf3\x8a\x08\xe5\x94\x0b\x3f\x61\xa7\x2a\xd2\x78\x9a\x05\x32\x00\x0f\xac\x1d\x2d\x2e\x3a\xd6\x32\xac\x8b\x62\xbb\x3f\xf5\xb9\x9d\x53\x59\x7b\xf4\xd4\x4b\x19\x67\x49\x24\xdf\x9b\x3d\xb3\xd0\x25\x3f\x74\x62\x7c\xca\xb3\x00\x31\xc8\x5e\x29\x1c\x58\xb5\xfa\x91\x67\x52\x2a\x46\x74\x6f\xc3\x07\x03\x67\x45\xd4\xf9\x81\x77\x86\xe5\xd3\x00\xe6\xc5\xd5\x03\x12\x5f\xea\x01\xde\xc3\xe3\xfe\xdb\xf3\x86\x1c\xa2\x62\x7a\x05\x18\xfb\x2b\x24\xe5\xa7\xa0\x14\x17\x87\x19\xe9\xb3\x45\xf7\xb2\x49\xce\x3a\x41\x32\x80\xc8\xde\xb6\x74\xf5\x9a\x25\xbe\x92\xa8\xab\x64\x00\xc7\xc5\x2b\x07\x28\xae\x34\xe2\x2b\x2e\xc2\x00\xc1\xcb\xab\xa2\xcc\xd8\xaf\x29\x24\x9d\x17\xaf\x60\xc3\x60\x07\xa7\x22\xfc\x80\x25\x8a\x7b\xeb\xab\x1c\xda\xad\x74\x62\xa8\xb7\x58\x8c\x2f\x7e\x27\xc6\xd0\x7a\xfc\xf6\x01\x17\xfe\xd1\x1b\xd6\x85\x9e\x75\xe3\xb4\xfc\xee\x39\x81\x88\x1e\x95\xdd\x11\x68\x27\xdd\x4b\x36\x9a\xf0\x69\xd3\xc8\xf2\x67\x6f\x8a"},
+{{0x26,0x45,0x04,0x60,0x4e,0x70,0xd7,0x2d,0xc4,0x47,0x4d,0xbb,0x34,0x91,0x3e,0x9c,0x0f,0x80,0x6d,0xfe,0x18,0xc7,0x87,0x9a,0x41,0x76,0x2a,0x9e,0x43,0x90,0xec,0x61,},{0xeb,0x2b,0x51,0x8c,0xe7,0xdc,0x71,0xc9,0x1f,0x36,0x65,0x58,0x16,0x51,0xfd,0x03,0xaf,0x84,0xc4,0x6b,0xf1,0xfe,0xd2,0x43,0x32,0x22,0x35,0x3b,0xc7,0xec,0x51,0x1d,},{0xee,0xa4,0x39,0xa0,0x0f,0x7e,0x45,0x9b,0x40,0x2b,0x83,0x51,0x50,0xa7,0x79,0xee,0xd1,0x71,0xab,0x97,0x1b,0xd1,0xb5,0x8d,0xcc,0x7f,0x93,0x86,0xda,0xdd,0x58,0x3d,0xe8,0xdc,0x69,0xe2,0x67,0x12,0x1d,0xde,0x41,0xf0,0xf9,0x49,0x3d,0x45,0x0b,0x16,0x21,0x9c,0xdf,0x3c,0x22,0xf0,0x94,0x82,0xce,0x40,0x2f,0xe1,0x7c,0xa4,0x9e,0x08,},"\x90\x1d\x70\xe6\x7e\xd2\x42\xf2\xec\x1d\xda\x81\x3d\x4c\x05\x2c\xfb\x31\xfd\x00\xcf\xe5\x44\x6b\xf3\xb9\x3f\xdb\x95\x0f\x95\x2d\x94\xef\x9c\x99\xd1\xc2\x64\xa6\xb1\x3c\x35\x54\xa2\x64\xbe\xb9\x7e\xd2\x0e\x6b\x5d\x66\xad\x84\xdb\x5d\x8f\x1d\xe3\x5c\x49\x6f\x94\x7a\x23\x27\x09\x54\x05\x1f\x8e\x4d\xbe\x0d\x3e\xf9\xab\x30\x03\xdd\x47\xb8\x59\x35\x6c\xec\xb8\x1c\x50\xaf\xfa\x68\xc1\x5d\xad\xb5\xf8\x64\xd5\xe1\xbb\x4d\x3b\xad\xa6\xf3\xab\xa1\xc8\x3c\x43\x8d\x79\xa9\x4b\xfb\x50\xb4\x38\x79\xe9\xce\xf0\x8a\x2b\xfb\x22\xfa\xd9\x43\xdb\xf7\x68\x37\x79\x74\x6e\x31\xc4\x86\xf0\x1f\xd6\x44\x90\x50\x48\xb1\x12\xee\x25\x80\x42\x15\x3f\x46\xd1\xc7\x77\x2a\x06\x24\xbc\xd6\x94\x1e\x90\x62\xcf\xda\x75\xdc\x87\x12\x53\x3f\x40\x57\x33\x5c\x29\x80\x38\xcb\xca\x29\xeb\xdb\x56\x0a\x29\x5a\x88\x33\x96\x92\x80\x8e\xb3\x48\x1f\xd9\x73\x5e\xa4\x14\xf6\x20\xc1\x43\xb2\x13\x3f\x57\xbb\x64\xe4\x47\x78\xa8\xca\x70\x91\x82\x02\xd1\x57\x42\x61\x02\xe1\xdf\xc0\xa8\xf7\xb1\xae\x48\x7b\x74\xf0\x27\x92\x63\x31\x54\xdf\xe7\x4c\xaa\x1b\x70\x88\xfd\xa2\x2f\xa8\xb9\xbc\x35\x4c\x58\x5f\x15\x67\x70\x6e\x29\x55\x49\x38\x70\xf5\x41\x69\xe0\xd7\x69\x11\x59\xdf\x43\x89\x79\x61\xd2\x4a\x85\x2e\xa9\x70\xc5\x14\x94\x8f\x3b\x48\xf7\x1e\xe5\x86\xe7\x2e\xc7\x8d\xb8\x20\xf2\x53\xe0\x8d\xb8\x4f\x6f\x31\x2c\x43\x33\xbd\x0b\x73\x2f\xe7\x58\x83\x50\x77\x83\xe9\xa1\xfd\x4f\xba\xb8\xe5\x87\x0f\x9b\xf7\xad\x58\xaa"},
+{{0x2c,0xa7,0x44,0x7a,0x36,0x68,0xb7,0x48,0xb1,0xfd,0x3d,0x52,0xd2,0x08,0x0d,0x30,0xe3,0x4d,0x39,0x7b,0xb2,0x84,0x6c,0xaf,0x8f,0x65,0x9a,0xc1,0x68,0x78,0x8c,0xa5,},{0xab,0x33,0x1c,0xd4,0x0a,0x31,0xd0,0x17,0x3c,0x0c,0x8c,0x1c,0x17,0x00,0x25,0x32,0x80,0x7b,0xf8,0x9e,0x3e,0xdb,0x6d,0x34,0xc2,0xdd,0x82,0x94,0x63,0x2b,0x9f,0xbc,},{0xf9,0x3a,0xda,0x15,0xae,0x9c,0xd2,0xb5,0x4f,0x26,0xf8,0x6f,0x0c,0x28,0x39,0x2a,0xed,0x5e,0xb6,0xb6,0xb4,0x4d,0x01,0xa4,0xe3,0x3a,0x54,0xe7,0xda,0x37,0xc3,0x8e,0x8d,0x53,0x36,0x6f,0x73,0xfd,0x85,0xbe,0x64,0x2e,0x4e,0xc8,0x12,0x36,0xd1,0x63,0xf0,0xd0,0x25,0xe7,0x6c,0x8b,0xbd,0xd6,0x5d,0x43,0xdf,0x49,0xf0,0x9c,0x1f,0x01,},"\xa8\x2b\xcd\x94\x24\xbf\xfd\xa0\xf2\xf5\xe9\xea\xe1\x78\x35\xdb\xe4\x68\xf6\x1b\x78\x5a\xab\x82\x93\x47\x37\xa9\x1c\x5f\x60\x2c\xb7\xc6\x17\xcd\xff\xe8\x7c\xad\x72\x6a\x49\x72\xe1\x5a\x7b\x8e\xe1\x47\xf0\x62\xd2\xa5\xa4\xd8\x97\x06\xb5\x71\xfa\x8a\xa2\xb9\x59\x81\xc7\x8a\xbe\xaa\xae\x86\x20\x3f\xa2\xc0\xe0\x72\x97\x40\x6e\xa8\xc2\x71\x11\xa8\x6d\xbe\x1d\x5a\x7c\x3b\x7a\xe9\x30\x90\x4d\x98\x90\xf6\xd4\xab\xeb\xd1\x41\x2a\x73\xad\x5f\xee\xa6\x4a\xcf\x06\x5d\x3e\x63\xb5\xcb\xe2\x0c\xf2\x0b\xbd\x2d\x8b\x94\xf9\x05\x3e\xd5\xf6\x66\x33\x48\x25\x30\x12\x44\x46\x60\x59\x18\xde\x66\x45\x5e\x8c\xf4\xb1\x01\xa1\x27\x23\x3c\x4e\x27\xd5\xd5\x5b\xf9\x5b\xd3\x19\x5d\x03\x40\xd4\x35\x31\xfc\x75\xfa\xf8\xdd\xed\x52\x75\xbf\x89\x75\x0d\xe8\x38\xfd\x10\xc3\x17\x45\xbe\x4c\xa4\x1f\xa8\x71\xcb\x0f\x9b\x01\x67\x06\xa1\xa7\xe3\xc4\x4b\xb9\x0a\xc7\xa8\xad\x51\xe2\x72\x38\x92\x92\xfd\x6c\x98\xad\x7a\x06\x9e\x76\xe3\xf5\xf3\xe0\xcc\x77\x0b\x9e\x9b\x35\xa7\x65\xd0\xd9\x37\x12\xd7\xcd\xab\xd1\x7e\x5d\x01\xdd\x81\x83\xaf\x4a\xd9\x36\x5d\xb0\xa0\xfa\x41\x38\x1f\xce\x60\xa0\x81\xdf\x1c\x5a\xb0\xf8\xc1\x8f\x95\xa7\xa8\xb5\x82\xdf\xff\x7f\x14\x9e\xa5\x79\xdf\x06\x23\xb3\x3b\x75\x08\xf0\xc6\x63\xf0\x1e\x3a\x2d\xcd\x9d\xfb\xee\x51\xcc\x61\x52\x20\xfd\xaf\xfd\xab\x51\xbd\xae\x42\xcb\x9f\x7f\xa9\xe3\xb7\xc6\x9c\xc8\xad\xa5\xcc\xd6\x42\x52\x9b\xa5\x14\xfd\xc5\x4f\xcf\x27\x20\xb8\xf5\xd0\x8b\x95"},
+{{0x49,0x4e,0xa9,0xbc,0xce,0x26,0x88,0x5b,0x7d,0x17,0xd1,0xfc,0x11,0x44,0x48,0xf2,0x39,0xf0,0xce,0x46,0xe5,0xf2,0x47,0xb4,0xc9,0x99,0xfa,0x86,0x29,0x69,0x24,0x72,},{0x69,0x01,0xe5,0xef,0xae,0x57,0x53,0x6b,0xa5,0xfd,0xd9,0x6b,0x59,0x65,0x73,0x59,0x06,0x5f,0x25,0xd3,0x91,0xa1,0xaa,0x8c,0xdc,0x0d,0x38,0xbb,0x5d,0x53,0xc1,0x39,},{0x54,0x8a,0x09,0x3a,0x68,0x03,0x61,0xb7,0xdc,0x56,0xf1,0x45,0x03,0xb5,0x5e,0xee,0xc3,0xb3,0xf4,0xfd,0x4c,0xa9,0x9d,0x6a,0xed,0xce,0x08,0x30,0xf7,0xf4,0xae,0x2f,0x73,0x28,0x53,0x9b,0x34,0xc4,0x8f,0xc9,0x76,0x09,0x22,0x33,0x3d,0xae,0x9c,0x7c,0x01,0x7e,0x7d,0xb7,0x3b,0x8f,0xaa,0x6c,0x06,0xbe,0x05,0xe3,0x47,0x99,0x2b,0x06,},"\x3b\xad\xbf\xa5\xf5\xa8\xaa\x2c\xce\x0a\x60\xe6\x86\xcd\xce\x65\x4d\x24\x45\x2f\x98\xfd\x54\x87\x2e\x73\x95\xb3\x94\x64\x38\x0a\x0e\x18\x55\x57\xea\x13\x4d\x09\x57\x30\x86\x4f\x42\x54\xd3\xdd\x94\x69\x70\xc1\x0c\x80\x4f\xcc\x08\x99\xdf\xa0\x24\x20\x5b\xe0\xf8\x0b\x1c\x75\x44\x95\x23\x32\x4f\xe6\xa0\x75\x1e\x47\xb4\xff\x48\x22\xb8\xc3\x3e\x9e\xaf\x1d\x1d\x96\xe0\xde\x3d\x4a\xcd\x89\x69\x6b\x7f\xcc\x03\xd4\x9f\x92\xf8\x2b\x97\x25\x70\x0b\x35\x0d\xb1\xa8\x76\x15\x36\x95\x45\x56\x1b\x85\x99\xf5\xea\x92\x0a\x31\x0a\x8b\xaf\xc0\xe8\xd7\x46\x8c\xbf\x6f\x38\x20\xe9\x43\x59\x4a\xfd\xd5\x16\x6e\x4e\x33\x09\xdd\xdd\x76\x94\xef\x67\xe6\x94\xf3\x4f\xc6\x27\x24\xff\x96\xac\x33\x64\x17\x6f\x34\xe8\xa0\x2b\x4c\xf5\x69\xdb\x5b\x8f\x77\xd5\x85\x12\xae\xda\xbf\x0b\xcd\x1c\x2d\xf1\x2d\xb3\xa9\x47\x3f\x94\x8c\x5c\x32\x43\x30\x9a\xae\x46\xc4\x9e\xfd\x08\x8b\x60\xf3\x1a\x8a\x72\xad\x7e\x5a\x35\xac\xc5\xd8\x9f\xa6\x68\x07\xeb\x5d\x3b\xa9\xcd\xf0\x8d\x47\x53\xcb\x85\x08\x9e\xe3\x6f\x5c\x96\xb4\x32\xb6\x92\x83\x52\xaf\xad\x58\x01\x22\x25\xd6\x15\x7f\x9e\x36\x11\x42\x6d\xf9\x21\xb6\xd1\xd8\x37\x46\x28\xa6\x30\x31\xe9\xff\xb9\x0e\x42\xff\xbb\xa0\x21\xf1\x74\xf6\x85\x03\x15\x54\x30\x15\x2c\x91\x55\xdc\x98\xff\xa2\x6c\x4f\xab\x06\x5e\x1f\x8e\x46\x22\xc2\xf2\x8a\x8c\xb0\x43\x11\x0b\x61\x74\x41\x14\x0f\x8e\x20\xad\xc1\x6f\x79\x9d\x1d\x50\x96\xb1\xf5\x05\x32\xbe\x50\x42\xd2\x1b\x81\xea\x46\xc7"},
+{{0x00,0xd7,0x35,0xeb,0xae,0xe7,0x5d,0xd5,0x79,0xa4,0x0d,0xfd,0x82,0x50,0x82,0x74,0xd0,0x1a,0x15,0x72,0xdf,0x99,0xb8,0x11,0xd5,0xb0,0x11,0x90,0xd8,0x21,0x92,0xe4,},{0xba,0x02,0x51,0x7c,0x0f,0xdd,0x3e,0x26,0x14,0xb3,0xf7,0xbf,0x99,0xed,0x9b,0x49,0x2b,0x80,0xed,0xf0,0x49,0x5d,0x23,0x0f,0x88,0x17,0x30,0xea,0x45,0xbc,0x17,0xc4,},{0xdc,0xdc,0x54,0x61,0x19,0x37,0xd2,0xbd,0x06,0xca,0xcd,0x98,0x18,0xb3,0xbe,0x15,0xce,0x74,0x25,0x42,0x7a,0x75,0xf5,0x0d,0x19,0x7a,0x33,0x7a,0x3b,0x8b,0xa6,0x71,0x4e,0xf4,0x88,0x66,0xf2,0x43,0xbd,0x5a,0xc7,0x41,0x5e,0x91,0x45,0x17,0xa2,0xc1,0xc5,0xa9,0x53,0xf4,0x32,0xb9,0x9d,0xb0,0xe6,0x20,0xd6,0x4f,0x74,0xeb,0x85,0x05,},"\x59\xc0\xb6\x9a\xf9\x5d\x07\x4c\x88\xfd\xc8\xf0\x63\xbf\xdc\x31\xb5\xf4\xa9\xbc\x9c\xec\xdf\xfa\x81\x28\xe0\x1e\x7c\x19\x37\xdd\xe5\xeb\x05\x70\xb5\x1b\x7b\x5d\x0a\x67\xa3\x55\x5b\x4c\xdc\xe2\xbc\xa7\xa3\x1a\x4f\xe8\xe1\xd0\x3a\xb3\x2b\x40\x35\xe6\xda\xdb\xf1\x53\x20\x59\xee\x01\xd3\xd9\xa7\x63\x3a\x0e\x70\x6a\x11\x54\xca\xb2\x2a\x07\xcd\x74\xc0\x6a\x3c\xb6\x01\x24\x4c\xf3\xcf\x35\xa3\x5c\x31\x00\xba\x47\xf3\x13\x72\xa2\xda\x65\xdc\xff\x0d\x7a\x80\xa1\x05\x5d\x8a\xa9\x92\x12\xe8\x99\xaa\xd7\xf0\x2e\x94\x9e\x6f\xee\x4d\x3c\x9c\xef\xa8\x50\x69\xea\xff\x1f\x6a\xd0\x6f\xc3\x00\xc8\x71\xab\x82\xb2\xbe\xdb\x93\x4d\x20\x87\x5c\x2a\x26\x32\x42\xcd\xb7\xf9\xbe\x19\x2a\x87\x10\xb2\x4c\x7e\xa9\x8d\x43\xda\xec\x8b\xaa\x55\x53\xc6\x78\xa3\x8f\x0e\x0a\xdf\x7d\x3f\xf2\xdc\xc7\x99\xa1\xdb\xad\x6e\xab\x1c\x3d\x94\x58\xa9\xdb\x92\x2f\x02\xe7\x5c\xfa\xb9\xd6\x5c\x73\x36\xda\xe7\x18\x95\xd5\xbb\x15\xca\xc2\x03\xf2\xb3\x8b\x99\x96\xc4\x10\xf8\x65\x5a\xd2\x2d\x3c\x09\x1c\x20\xb7\xf9\x26\xd4\x5e\x78\x01\x28\xf1\x97\x47\x46\x2a\xbc\x5c\x58\x93\x2f\xbb\x9e\x0b\xc6\x2d\x53\x86\x88\x02\xf1\xb0\x83\xf1\x83\xb8\xa1\xf9\x43\x49\x86\xd5\xcf\x97\xc0\x4e\x2f\x3e\x14\x57\x30\xcb\xa9\x87\x79\xc7\xfe\xd0\xca\xb1\xc0\x5d\x5e\x46\x53\xc6\xc3\xf6\x73\x62\x60\xbc\x78\xee\x43\x72\x86\x2f\xfe\x9e\x90\x37\x1d\x76\x2c\x74\x32\x78\x1f\x35\xce\xd8\x84\xa4\xba\xca\x05\x65\x3e\xf2\x5f\x25\xa6\xf3\xd5\x62\x83\x08"},
+{{0x8c,0x34,0xb9,0x05,0x44,0x0b,0x61,0x91,0x1d,0x1d,0x81,0x37,0xc5,0x3d,0x46,0xa1,0xa7,0x6d,0x46,0x09,0xaf,0x97,0x3e,0x18,0xeb,0x4c,0x57,0x09,0x29,0x56,0x27,0xbb,},{0xb6,0x9a,0x8b,0x2f,0xdf,0x5c,0x20,0xe7,0x34,0xc2,0xff,0xb2,0x94,0xbc,0x8a,0xe1,0x01,0x1d,0x66,0x4f,0x11,0xaf,0xe7,0xfb,0xc4,0x71,0x92,0x5c,0xf7,0x2f,0xa9,0x9d,},{0x3e,0x0b,0x72,0x07,0x3d,0xc9,0x37,0x5e,0xed,0xcc,0xa6,0xc4,0xfc,0x1c,0xd3,0x15,0x93,0x8a,0x05,0x0c,0x92,0x71,0x6b,0xd2,0x28,0x4f,0x46,0x29,0xa9,0x62,0xbe,0xec,0x0b,0x7d,0x7c,0xf1,0x6a,0xb9,0x23,0xd5,0x8f,0x5b,0x90,0xd3,0x90,0x1a,0x8e,0x5c,0x75,0xc8,0xf1,0x7d,0xab,0x99,0x98,0xe0,0x07,0xd8,0xc4,0x95,0x11,0x97,0x3d,0x0e,},"\x30\xb5\x7a\x38\x9b\x48\xa0\xbe\xb1\xa4\x84\x32\xbf\xf6\xb3\x14\xbd\xed\x79\xc4\xa1\x76\x3a\x5a\xcb\x57\xce\xa1\xbf\xb4\xc6\xd0\x16\xcf\x09\x0f\x5b\xd0\x5b\xbd\x11\x4e\x33\xae\x7c\x17\x78\x2d\xfa\x26\x4f\x46\xc4\x5f\x8c\x59\x9c\x60\x30\x16\xfe\x9f\xf0\x5b\x6b\x5a\x99\xe9\x2f\xe7\x13\xa4\xcd\x5c\x41\xb2\x92\xed\x2b\xb2\xe9\xcf\x33\xa4\x40\x54\x2e\x82\x1e\xc8\x2c\xbf\x66\x5c\x3f\x02\xe3\xdc\x33\x7d\x7f\xdb\x58\xe3\x1b\x27\xcb\x29\x54\x54\x14\x68\x81\x46\x98\x51\x0d\xf1\x8c\x85\xc8\x1f\xad\x12\xdb\x11\xec\x6b\x96\x6f\x49\x30\xda\x56\x46\xb9\x91\xdb\x97\x44\x50\x97\xda\x30\xda\xb6\x1c\xda\x53\xa4\x10\x83\xcb\x96\xad\xd1\x9d\xe6\xc5\xee\xc3\x23\xbc\xa9\xd3\x53\x0e\x38\xc0\x0b\x35\xaf\x73\x60\x07\x76\x01\xbe\x6a\xc9\x7f\x30\x30\xf9\x30\xa2\x7b\x90\xfe\x8b\x69\x11\xba\xe3\x89\x06\x5a\xdc\x15\xe1\x88\x23\x00\xe2\xa0\x03\x27\x4d\x23\x18\x2d\x5e\xfd\x5b\xa4\xb9\x13\x0c\x07\xbd\x5c\x65\xfe\xcb\x8b\x5c\xb7\xeb\x38\x83\x6b\x31\x8b\xef\xdf\xd7\x7d\xe4\xd6\xca\x01\x81\xf7\x7a\xe5\x74\x08\x91\x68\x32\x25\xf5\x49\xdd\x84\x26\x14\x5c\x97\xc5\x81\x8c\x31\x9f\x7a\xb2\xd8\x68\xe1\xa4\x1c\xea\xb6\x4c\x08\x51\x16\x06\x98\x97\xbf\x2c\xa3\x66\x76\x52\x40\x61\x55\xed\x06\x46\x43\x1b\x6d\xe1\xcc\xc0\x3b\x42\x79\xae\x4d\x32\x66\x79\x26\x5d\xce\x82\x04\x8e\x72\x98\xe1\xf8\x7f\xce\xc0\x76\x8a\xc0\xf5\xd8\xff\x84\xf7\x21\x0b\xe5\x4d\x41\x1a\xf8\xed\xea\x72\x17\xf4\xe5\x94\x13\x12\x1e\x14\x8c\x60\xda"},
+{{0x77,0xa8,0x3e,0x18,0xc9,0xf0,0x00,0xee,0xff,0x7d,0xee,0xac,0x95,0x9e,0xcb,0xa2,0x20,0x6c,0x0a,0xa3,0x9d,0x2f,0x0e,0x2a,0xed,0x57,0x29,0x48,0x2a,0x7a,0x02,0x29,},{0x62,0xb1,0xb3,0x16,0x13,0x55,0x96,0xbf,0xbc,0xa6,0x03,0x7e,0xd8,0x47,0xc6,0x1f,0xb7,0xf0,0x9f,0xa3,0x6c,0xe9,0x0a,0xbb,0x77,0x89,0xb8,0x6f,0x76,0x8b,0x59,0xdd,},{0x1e,0xaa,0xd8,0x42,0x0a,0xc1,0x2c,0x99,0xac,0x1f,0xf4,0x47,0x66,0x78,0xe3,0xcb,0xbe,0x94,0xda,0x6a,0x79,0x7f,0x17,0x46,0x64,0xd5,0xee,0x0f,0x64,0x14,0x33,0xfb,0x1e,0x7c,0xb2,0xf5,0x61,0x3e,0x10,0x80,0x5d,0xf8,0x65,0x4c,0xd8,0xe0,0xd4,0x5d,0x96,0x23,0x09,0x32,0xbc,0x7f,0x20,0xb0,0x4e,0xae,0x83,0x64,0x35,0x13,0x43,0x09,},"\xf3\xd5\xfa\x2a\xca\xef\xd8\x58\xf1\xdf\x26\xe0\x30\x59\xcd\xcb\xc2\x46\x8a\xd7\x4a\xfc\x99\x3d\x0d\xb9\xc4\xcd\xe4\x11\x3f\x8d\x55\xc7\xda\x71\xd3\x8b\xa0\x65\x20\x53\x1c\x61\xfd\xdb\x5f\x33\xd5\xf0\x35\x3b\xe2\x37\x6e\x58\x07\x11\xbe\x45\xc0\xa3\x0b\x1f\xa0\x1b\x55\xe2\x28\xc6\xfa\x35\xe3\xf9\x5b\x67\x90\x9f\xc7\xdf\x3f\xd4\x64\xd9\x3d\x66\x1a\x92\x6f\x9d\x11\xf7\x55\x0c\x17\xfb\xcc\x34\x96\x52\x6e\x8f\x10\xe0\xc8\x91\x66\x77\xb2\xbe\x5b\x31\x9b\x68\x8f\x21\xe8\x1a\xaa\x94\x82\xe5\xc9\x3e\x64\xce\x8c\x43\x7b\x9c\x1e\x14\xfe\xfe\xd7\x0a\x3f\xee\x56\x88\x11\xdc\x31\xca\xda\xb3\xd5\xb2\x20\x25\x44\x65\x33\x6d\xc4\xd9\x7a\x3b\xd0\x96\xb5\xe0\x65\xe0\xcf\xbe\x82\x84\x9e\x2c\x19\x05\xac\xa4\x86\x53\x3f\x0d\xa7\xa6\x1f\x1e\x9a\x55\xb8\xe2\xa8\x32\x62\xde\xeb\x59\xf2\xb1\x3d\x3a\x8a\xef\x57\x00\x84\x5b\x83\xb2\x5a\xe2\x18\x3c\x0d\xda\xc0\xce\x42\xf8\xd2\x56\x74\xcb\x0d\x0d\x22\x0a\x6d\xe7\xc1\x85\x8b\xb0\x7d\x59\xa3\x37\x23\x44\xd9\x44\x60\x2a\xa4\x51\xd2\xb9\x37\xdb\x0f\xe6\xfe\xca\x0b\xeb\xa8\x17\x21\xfc\x36\x1e\xa7\x50\x9e\x2b\x6d\x39\x7e\x1c\x19\x1b\x56\xf5\x4a\xb4\x36\xd0\xd2\x7a\xb4\xc0\x61\xbd\x66\x1a\xd1\xa4\x45\x23\x87\xe8\x73\x57\x54\xd0\x7f\xa7\xef\x4d\x45\x48\xb1\x72\x58\x24\x25\xb2\x99\x04\x6e\x63\x01\xb5\xba\x6b\x91\x44\x18\xf1\x49\xcf\x72\x2e\x10\xbd\xe2\xe0\xd4\x17\x00\xf1\x2c\x84\x29\xfc\x89\x7b\x78\x19\xda\x92\x29\x22\x40\xcd\x45\x56\x54\x58\xc9\xa7\xb2\x9c\x12"},
+{{0x73,0xb0,0x33,0x73,0xef,0x1f,0xd8,0x49,0x00,0x5e,0xcd,0x62,0x70,0xdd,0x99,0x06,0xf1,0x9f,0x44,0x39,0xe4,0x03,0x76,0xcd,0xbc,0x52,0x09,0x02,0xbc,0x97,0x68,0x12,},{0x66,0x37,0x19,0xe0,0x8b,0xa3,0xba,0x16,0x66,0xf6,0x06,0x9a,0x3f,0x54,0x99,0x18,0x66,0xb1,0x8c,0xc6,0xbe,0x41,0x99,0x1b,0x02,0xeb,0x30,0x26,0xff,0x9e,0x15,0x5f,},{0xa4,0x0a,0xbe,0x98,0xfc,0x69,0xda,0x8a,0x1f,0xf9,0xff,0x5c,0x2c,0xca,0x93,0x63,0x2e,0x97,0x59,0x80,0xee,0x8b,0x82,0xc3,0xc3,0x76,0x02,0x2d,0x65,0x24,0xab,0x73,0x6d,0x01,0xb0,0x72,0xf2,0xb6,0x81,0xb5,0xf1,0xcd,0x3e,0xa0,0x67,0x01,0x2e,0xd6,0xd0,0x74,0xe9,0x49,0xc4,0x23,0x27,0xa3,0x66,0xca,0xa9,0xe4,0x75,0x0a,0x3c,0x08,},"\xd5\xc2\xde\xab\xa7\x95\xc3\x0a\xba\x32\x1b\xc7\xde\x69\x96\xf0\xd9\x0e\x4d\x05\xc7\x47\xfb\x4d\xae\x8f\x34\x51\x89\x5d\xef\x6e\x16\xe7\x2f\x38\xea\xce\x75\x6f\x36\x63\x5f\x8f\xb0\xb7\x2a\x3a\x0c\x1f\x54\x66\x38\x17\xa9\x4d\x4f\xd3\x46\xf8\x35\xab\x0e\x65\x7f\x00\x1a\x6f\x2c\xec\xb8\x6d\x08\x25\xbd\x02\x63\x92\x54\xf7\xf7\xf3\x8c\xa9\x9d\xbb\x86\xc6\x4a\x63\x3f\x73\xba\xf9\x33\xaa\xe3\x56\x32\x81\xf4\x00\x5e\x2d\x0e\x7c\xec\x9f\xbd\xe8\xe5\x88\xa9\x57\xe2\x11\x06\x8b\xe6\x5b\x3d\x3d\x35\xbf\x4e\x8d\x5b\xb3\x47\x83\x33\xdf\x9c\xed\x9b\x2a\xba\xf4\x86\x97\x99\x4a\x14\x5e\x93\x21\x49\x9f\xc5\xee\x56\x0f\x4f\xbb\x68\x49\xe1\xae\x8e\xb3\xd1\xde\x00\x83\xa2\x1a\x03\xf6\xa6\xb2\x81\x76\xf0\x13\x0d\x38\x95\xe5\x0e\x75\xe3\xd7\xd0\x94\x7a\x7b\xc2\xc5\xb9\xff\x69\x89\x5d\x27\x79\x14\x42\xba\x8d\x0f\x21\x80\x71\x2b\x56\x7f\x71\x2e\xa9\x12\xf3\xb0\xd9\x2c\x19\x34\x2e\x01\x06\xff\x1d\x87\xb4\x6a\xd3\x3a\xf3\x00\xb9\x08\x55\xba\x97\x69\xd3\x66\xe7\x94\x25\xd9\x8e\x4d\xe1\x99\x05\xa0\x45\x77\x70\x7c\xbe\x62\x5b\x84\x69\x17\x81\xcd\x26\xbf\x62\x26\x0b\x4a\x8b\xd6\x05\xf7\x7a\xf6\xf9\x70\xe1\xb3\xa1\x12\xe8\x91\x83\x44\xbd\x0d\x8d\x2e\x41\xdf\xd2\xce\x98\x95\xb0\x24\x6e\x50\x88\x7a\xa3\xa5\x77\xff\x73\xbe\x4b\x6a\xe6\x0f\xeb\x0c\xa3\x6f\x6a\x5f\x81\x71\xed\x20\x9e\x5c\x56\x65\x29\xc0\x94\x0d\x9b\x4b\xd7\x44\xcc\xee\x56\xe5\x4a\x9a\x0c\x6e\x4d\xa5\x20\xdd\x31\x5c\x28\x72\xb0\x2d\xb5\x63\x70\x3e"},
+{{0xea,0xb1,0x79,0xe4,0x1e,0xd5,0xc8,0x89,0xff,0xe6,0xaa,0xbd,0xc0,0x54,0xfa,0xf1,0x30,0x7c,0x39,0x5e,0x46,0xe3,0x13,0xe1,0x7a,0x14,0xfe,0x01,0x02,0x3f,0xfa,0x30,},{0x86,0xf3,0x47,0x46,0xd3,0xf7,0xa0,0x1d,0xdb,0xe3,0x22,0xf1,0xac,0xa5,0x6d,0x22,0x85,0x6d,0x38,0x73,0x3a,0x3a,0x69,0x00,0xbb,0x08,0xe7,0x76,0x45,0x0e,0xc8,0x03,},{0x14,0x3c,0xb2,0x80,0x27,0xc2,0xf8,0x2e,0x37,0x5e,0x5f,0x34,0x0e,0x7f,0xe6,0xe6,0x0c,0xe7,0xbd,0x51,0x00,0x0b,0x49,0xc7,0x41,0x68,0xaf,0x85,0xe2,0x6e,0xd2,0xed,0x63,0x0e,0xd2,0x67,0x20,0x90,0x16,0x4c,0xc5,0x4b,0x05,0x2d,0xa6,0x94,0xeb,0xdd,0x21,0xa2,0x1b,0x30,0x53,0xf4,0xdc,0xfd,0x78,0x95,0xea,0x5f,0x6c,0x8a,0xa8,0x0d,},"\x97\x10\x95\xce\xbe\x50\x31\x53\x02\x24\x38\x7c\x5c\x31\x96\x6e\x38\x9b\x85\x66\x39\x00\x54\xcf\x45\x26\x4b\x44\xe1\x89\x64\xb7\xbe\x52\xc3\x3c\x4f\xfb\x25\x9a\xf1\x62\x83\x43\x8f\xa1\x5d\xd6\x6b\xc7\x79\x1b\x75\x33\xef\x10\xcb\x0b\xea\xb5\x24\xa6\x43\x76\x26\xf4\xcc\x74\x51\x28\x51\xad\xcc\x2f\xb1\x29\x05\x5a\x48\x2c\x61\x10\x73\x83\xfb\x7c\x52\x41\x83\x1d\x55\x51\x63\x4e\xef\x0d\xc0\xb8\xf9\x05\x3a\x00\x97\x1a\xa8\xfa\x1a\xe0\x89\x8e\x4b\x48\x1b\x67\x07\xe9\x7c\x0f\x94\x20\x40\xb3\x39\xd9\x2f\xc1\x7b\xba\xde\x74\x67\x5a\xf2\x43\xd8\xb2\xda\xfb\x15\xb1\xdb\x55\xd1\x24\x15\xb8\x5f\x30\x37\x29\x19\x30\xab\x61\x60\x0b\xa3\x43\x1f\x8e\xb4\x25\xbe\x44\x91\x61\x47\x28\xaf\x10\x1e\x81\xc0\x91\xf3\x48\xbc\x5f\xfd\x1b\xde\x6a\xe6\xca\xd5\xc1\x5b\x3a\xa7\x35\x80\x78\xcc\x4e\xff\xb5\x4a\x86\xe7\xf0\xe0\xc5\x5e\x4c\xfe\x0a\x54\x60\x5e\xd4\x43\xfd\xf2\xaa\xba\x01\x65\x85\xda\x61\x7e\x77\x34\x1d\x52\x88\x9d\x75\xdd\x54\x0d\x39\xfe\x8b\x79\x93\xed\x70\x5c\xfd\xde\xa0\xcb\x0d\x5a\x73\x1d\x6b\xfc\xdb\x81\x6a\xfa\xff\x47\xe9\x63\xee\xde\xbd\xf2\x41\xaf\x55\x93\x35\x3d\x6d\x40\x1a\x34\xf0\x29\xa8\xcd\xeb\x19\x04\xcc\x2c\xaa\x4f\x96\x35\xcc\x2b\xa6\xb7\xb1\xa2\x9d\xa6\x25\xff\xc3\x83\xbe\x2f\x5a\x8f\x1f\xa4\xf3\x9b\x2d\x4b\x4f\x4c\x2d\x88\x38\xce\x25\x8a\x04\xd4\xa1\x20\x49\x3f\xdf\x07\xf6\x8c\x0f\xfd\x1c\x16\xb7\x68\xa3\x5c\x55\xfe\xa2\xca\xc6\x96\xb5\xc2\x0e\xfc\x10\x86\x5c\xde\x8a\x64\x62\x7d\xcd"},
+{{0xfb,0xf1,0x46,0xeb,0xd5,0x10,0x75,0x57,0x0e,0xc5,0x1a,0xc4,0x10,0xae,0x9f,0x39,0x1d,0xb7,0x5b,0x61,0x0a,0xda,0x63,0x62,0xb4,0xdb,0xd9,0x49,0x65,0x6c,0xfb,0x66,},{0xbe,0x7c,0x2f,0x5b,0x21,0xd7,0x46,0xc8,0xea,0x32,0x45,0xce,0x6f,0x26,0x8e,0x9d,0xa7,0x4e,0x00,0xfa,0x85,0xc9,0xc4,0x75,0x26,0x0c,0x68,0xfa,0x1a,0xf6,0x36,0x1f,},{0x67,0x68,0x00,0x6f,0xe0,0xf2,0x01,0xb2,0x17,0xdd,0x10,0xeb,0x05,0xd4,0xb8,0x2a,0xdc,0xfe,0xb2,0xec,0xfc,0x83,0x73,0xc3,0x30,0x8f,0x41,0x50,0x39,0x48,0x11,0xeb,0x60,0x49,0x18,0x81,0xa2,0xe5,0x3d,0x12,0x89,0xd9,0x64,0x78,0xe1,0x8a,0x64,0xc3,0x4b,0x2a,0x19,0x83,0x2c,0xdc,0xcf,0xd9,0x6a,0x2e,0x4a,0x0c,0x46,0x9f,0xdc,0x0b,},"\xcd\x7a\xd4\xf1\x7f\xcf\xf7\x3a\xcc\x40\x2d\xc1\x02\xd0\x90\x79\xb2\x9a\xaf\x2a\x0f\x4b\x27\xcf\x6b\xee\xb1\xe2\xb2\x3d\x19\xab\x47\xde\xb3\xae\x1b\xec\xd6\x88\x61\xea\x27\x9c\x46\x69\x17\x38\xf4\xff\xf4\x7c\x43\x04\x7c\x4f\x8b\x56\xb6\xbb\xcc\x3f\xde\x07\x23\xd4\x41\x20\xdc\xd3\x07\xa6\x31\x0d\xc4\xf3\x66\xb8\xf3\xcd\x52\xdb\x19\xb8\x26\x6a\x48\x7f\x78\x72\x39\x1c\x45\xfe\x0d\x32\x48\xa7\xab\xf2\xc2\x00\x22\xd3\x76\x95\x47\xf6\x83\x06\x7d\xcc\x36\x3c\xd2\x2f\xd7\xcd\xa3\xca\xdc\x15\x80\x40\x56\xf0\xe2\xaa\x2b\x79\x50\x08\xc5\x98\xbe\x7a\x96\x18\x05\xe6\xdf\x29\x1b\xa3\x04\x1c\x47\xff\x56\x40\x27\x5f\x46\xe6\xae\x82\x09\x2d\x21\xab\xcb\xcf\xba\x11\xe7\x30\x21\x60\x08\x82\x2d\xe3\xce\x46\x24\x00\x59\x6d\xa7\x9f\x7a\xe5\xd1\xdf\x83\x89\x11\x2a\xd9\x88\x68\xfa\x94\xfb\x05\x46\xbf\xe6\xa6\x7a\xa8\xd2\x8c\x4d\x32\x07\x2d\x2e\xad\xd6\x25\x62\x55\xf1\x8c\x23\x82\xe6\x62\xdf\xa9\x22\xa6\x80\xe0\x6a\x43\x62\x2c\x48\x71\xd2\x7d\x18\x07\xf7\xb2\x70\x30\x70\xc8\x3d\xb8\xdd\x92\x9c\x06\x03\x8b\x21\x83\xcb\x8e\x2b\x9e\xc4\xc7\x78\xd7\xec\xf9\xe9\xff\xac\x77\xfa\x77\x37\xb0\x55\xfe\xac\x2e\x79\x82\xae\xee\xc0\xb7\x2f\x1b\xbc\xa2\x42\x4e\x1a\x84\x4b\xba\xc7\x9c\xb2\xe7\x40\x0f\x81\xdc\x44\x9d\x05\x60\xb5\x21\xa7\xc1\x6b\xb4\x16\x7e\x66\x96\x58\x60\x58\xa9\xb8\xed\x2e\x51\x16\x69\x0b\x77\xf2\xa1\x7e\x5c\x0b\x16\xa8\x3d\xcb\xd2\xe2\x45\x52\x29\x3e\x25\x8b\x32\xba\x7f\x84\x49\x44\x37\x93\x42\x69\x86\x27"},
+{{0xdf,0xf0,0xeb,0x6b,0x42,0x6d,0xea,0x2f,0xd3,0x3c,0x1d,0x3f,0xc2,0x4d,0xf9,0xb3,0x1b,0x48,0x6f,0xac,0xb7,0xed,0xb8,0x50,0x29,0x54,0xa3,0xe8,0xda,0x99,0xd9,0xfd,},{0xc2,0x45,0x08,0x5e,0xce,0x69,0xfb,0x9a,0xa5,0x60,0xd0,0xc2,0x7f,0xdb,0x63,0x4f,0x7a,0x84,0x0d,0x41,0xd8,0x46,0x36,0x60,0xfb,0xe8,0x24,0x83,0xb0,0xf3,0xcc,0x3a,},{0x6b,0x48,0xb1,0x0f,0x54,0x5d,0xdb,0x7a,0x89,0xcd,0x58,0x29,0xf4,0xe5,0xb2,0x01,0x46,0xcf,0x6b,0xc9,0x6e,0x55,0x0d,0x06,0xf6,0x5d,0xe8,0xbd,0xae,0x7c,0xcd,0xde,0xd2,0x6c,0xd6,0x30,0xf8,0x6c,0x92,0x66,0xbc,0xcf,0x88,0xe9,0x24,0x03,0x3e,0x04,0xf8,0x3a,0x54,0xf8,0x29,0x0d,0x7f,0x73,0x4c,0xf8,0x67,0x3c,0xca,0x8f,0x97,0x03,},"\xe7\xc9\xe3\x13\xd8\x61\x60\xf4\xc7\x4a\xa0\xae\x07\x36\x9e\xe2\x2b\x27\xf8\x1b\x3f\x69\x09\x7a\xff\xae\x28\xda\xe4\x84\x83\xfb\x52\xa5\xc0\x62\x30\x6b\x59\x61\x0f\x5c\xdb\xff\x63\x32\xb1\x96\x0c\xd6\xf2\xb8\xf7\xb4\x15\x78\xc2\x0f\x0b\xc9\x63\x7a\x0f\xdf\xc7\x39\xd6\x1f\x69\x9a\x57\x3f\x1c\x1a\x0b\x49\x29\x45\x06\xcf\x44\x87\x96\x5e\x5b\xb0\x7b\xbf\x81\x80\x3c\xb3\xd5\xcb\x38\x29\xc6\x6c\x4b\xee\x7f\xc8\x00\xed\xe2\x16\x15\x09\x34\xd2\x77\xde\xa5\x0e\xdb\x09\x7b\x99\x2f\x11\xbb\x66\x9f\xdf\x14\x0b\xf6\xae\x9f\xec\x46\xc3\xea\x32\xf8\x88\xfd\xe9\xd1\x54\xea\x84\xf0\x1c\x51\x26\x5a\x7d\x3f\xef\x6e\xef\xc1\xcc\xdb\xff\xd1\xe2\xc8\x97\xf0\x55\x46\xa3\xb1\xca\x11\xd9\x51\x7c\xd6\x67\xc6\x60\xec\x39\x60\xf7\xa8\xe5\xe8\x02\x02\xa7\x8d\x3a\x38\x8b\x92\xf5\xc1\xde\xe1\x4a\xe6\xac\xf8\xe1\x7c\x84\x1c\x95\x57\xc3\x5a\x2e\xec\xed\x6e\x6a\xf6\x37\x21\x48\xe4\x83\xcc\xd0\x6c\x8f\xe3\x44\x92\x4e\x10\x19\xfb\x91\xcb\xf7\x94\x1b\x9a\x17\x6a\x07\x34\x15\x86\x72\x10\x67\x04\x10\xc5\xdb\xd0\xac\x4a\x50\xe6\xc0\xa5\x09\xdd\xfd\xc5\x55\xf6\x0d\x69\x6d\x41\xc7\x7d\xb8\xe6\xc8\x4d\x51\x81\xf8\x72\x75\x5e\x64\xa7\x21\xb0\x61\xfc\xd6\x8c\x46\x3d\xb4\xd3\x2c\x9e\x01\xea\x50\x12\x67\xde\x22\x87\x9d\x7f\xc1\x2c\x8c\xa0\x37\x9e\xdb\x45\xab\xaa\x6e\x64\xdd\xa2\xaf\x6d\x40\xcc\xf2\x4f\xbe\xba\xd7\xb5\xa8\xd3\xe5\x20\x07\x94\x5e\xcd\x3d\xdc\x1e\x3e\xfe\xb5\x22\x58\x1a\xc8\x0e\x98\xc8\x63\xba\x0c\x59\x0a\x3e\xd9\x5c\xd1"},
+{{0x9f,0x32,0x95,0x8c,0x76,0x79,0xb9,0x0f,0xd5,0x03,0x60,0x56,0xa7,0x5e,0xc2,0xeb,0x2f,0x56,0xec,0x1e,0xff,0xc7,0xc0,0x12,0x46,0x1d,0xc8,0x9a,0x3a,0x16,0x74,0x20,},{0x1d,0x72,0x69,0xdc,0xb6,0xd1,0xf5,0x84,0xe6,0x62,0xd4,0xce,0x25,0x1d,0xe0,0xab,0xa2,0x90,0xef,0x78,0xb9,0x7d,0x44,0x8a,0xfb,0x1e,0x53,0x33,0xf1,0x97,0x6d,0x26,},{0x98,0x81,0xa5,0x76,0x3b,0xdb,0x25,0x9a,0x3f,0xef,0xbb,0xa3,0xd9,0x57,0x16,0x2d,0x6c,0x70,0xb8,0x04,0xfa,0x94,0xab,0x61,0x34,0x06,0xa6,0xec,0x42,0x50,0x5b,0x87,0x89,0x46,0x5c,0xa1,0xa9,0xa3,0x3e,0x18,0x95,0x98,0x88,0x42,0x27,0x0c,0x55,0xe5,0xbd,0xd5,0x48,0x3f,0x6b,0x17,0xb3,0x17,0x81,0xb5,0x93,0x50,0x7a,0x6c,0x18,0x08,},"\xa5\x6b\xa8\x6c\x71\x36\x05\x04\x08\x7e\x74\x5c\x41\x62\x70\x92\xad\x6b\x49\xa7\x1e\x9d\xaa\x56\x40\xe1\x04\x4b\xf0\x4d\x4f\x07\x1a\xd7\x28\x77\x9e\x95\xd1\xe2\x46\x05\x84\xe6\xf0\x77\x35\x45\xda\x82\xd4\x81\x4c\x91\x89\xa1\x20\xf1\x2f\x3e\x38\x19\x81\x3e\x5b\x24\x0d\x0f\x26\x43\x6f\x70\xee\x35\x3b\x4d\x20\xce\xa5\x4a\x14\x60\xb5\xb8\xf1\x00\x8d\x6f\x95\xf3\xaa\x2d\x8f\x1e\x90\x8f\xce\xd5\x0d\x62\x4e\x3a\x09\x69\x38\xb9\x35\x38\x54\xb9\x6d\xa4\x63\xa2\x79\x8a\x5a\x31\x2e\xc7\x90\x84\x2c\x10\xc4\x46\xe3\x35\x0c\x76\x4b\xf5\xc9\x72\x59\x3b\x99\x87\xbf\x23\x25\x6d\xaa\x88\x94\xd4\x7f\x22\xe8\x5b\x97\x60\x7e\x66\xfc\x08\xa1\x2c\x78\x9c\x47\x46\x08\x03\x68\xd3\x21\xbb\x90\x15\xa1\x15\x5b\x65\x52\x3a\xd8\xe9\x9b\xb9\x89\xb4\x4e\xac\x75\x6b\x07\x34\xac\xd7\xc6\x35\x7c\x70\xb5\x97\x43\x24\x6d\x16\x52\xd9\x1b\x0f\x98\x96\x96\x51\x41\x34\x5b\x99\x45\xcf\x34\x98\x04\x52\xf3\x50\x29\x74\xed\xb7\x6b\x9c\x78\x5f\xb0\xf4\x39\x52\x66\xb0\x55\xf3\xb5\xdb\x8a\xab\x68\xe9\xd7\x10\x2a\x1c\xd9\xee\x3d\x14\x25\x04\xf0\xe8\x8b\x28\x2e\x60\x3a\x73\x8e\x05\x1d\x98\xde\x05\xd1\xfc\xc6\x5b\x5f\x7e\x99\xc4\x11\x1c\xc0\xae\xc4\x89\xab\xd0\xec\xad\x31\x1b\xfc\x13\xe7\xd1\x65\x3b\x9c\x31\xe8\x1c\x99\x80\x37\xf9\x59\xd5\xcd\x98\x08\x35\xaa\x0e\x0b\x09\xbc\xbe\xd6\x34\x39\x11\x51\xda\x02\xbc\x01\xa3\x6c\x9a\x58\x00\xaf\xb9\x84\x16\x3a\x7b\xb8\x15\xed\xbc\x02\x26\xed\xa0\x59\x5c\x72\x4c\xa9\xb3\xf8\xa7\x11\x78\xf0\xd2\x0a\x5a"},
+{{0xf8,0x6d,0x6f,0x76,0x6f,0x88,0xb0,0x07,0x17,0xb7,0xd6,0x32,0x7e,0xb2,0x6c,0xf3,0xce,0xeb,0xa5,0x38,0x51,0x84,0x42,0x6f,0x9c,0xfd,0x82,0x95,0xe2,0x42,0x1f,0xf2,},{0xcb,0x1d,0x25,0x05,0x04,0x75,0x41,0x83,0x70,0x4d,0xbe,0x21,0xc3,0x23,0xd6,0x6f,0x9f,0x90,0x11,0x75,0x8f,0x6d,0x8d,0xab,0x6f,0x59,0x7b,0x19,0x96,0x62,0x14,0x5b,},{0xec,0x61,0xc0,0xb2,0x92,0x20,0x3a,0x8f,0x1d,0x87,0x23,0x5e,0xde,0x92,0xb7,0x47,0x23,0xc8,0xd2,0x34,0x08,0x42,0x37,0x73,0xae,0x50,0xb1,0xe9,0xbc,0x44,0x64,0xe0,0x3e,0x44,0x6d,0xa9,0xdc,0xe4,0xc3,0x9f,0x6d,0xd1,0x59,0xbe,0xa2,0x6c,0x00,0x9e,0xd0,0x01,0x20,0xbc,0x36,0xd4,0xa2,0x47,0xdc,0x0d,0x24,0xbc,0xef,0xcc,0x11,0x0c,},"\xda\x84\x23\xa6\xb7\xa1\x8f\x20\xaa\x1f\x90\xed\x23\x31\xb1\x7b\x24\x06\x7c\x40\x17\x5b\xc2\x5d\x81\x09\xe2\x1d\x87\xac\x00\x52\x8e\xb3\xb2\xf6\x6a\x2b\x52\xdc\x7e\xf2\xf8\xce\xcb\x75\xc7\x60\x99\xcf\xa2\x3d\xb8\xda\x89\x70\x43\xba\x1c\xce\x31\xe2\xdf\xea\x46\x07\x5f\x5e\x07\x32\x03\xea\xeb\x3d\x62\xc8\x4c\x10\x7b\x6d\xab\x33\xa1\x4e\xaf\x14\x9a\xa6\x18\x50\xc1\x5f\x5a\x58\xd8\x8a\x15\xab\xa9\x19\x6f\x9e\x49\x5e\x8d\xbe\xcb\xcf\x7e\x84\x44\xf5\xdd\x72\xa0\x8a\x09\x9d\x7f\x62\x09\x99\x0b\x56\x29\x74\xea\x82\x9e\xf1\x1d\x29\xa9\x20\xe3\xa7\x99\xd0\xd9\x2c\xb5\x0d\x50\xf8\x17\x63\x1a\xb0\x9d\xe9\x7c\x31\xe9\xa0\x5f\x4d\x78\xd6\x49\xfc\xd9\x3a\x83\x75\x20\x78\xab\x3b\xb0\xe1\x6c\x56\x4d\x4f\xb0\x7c\xa9\x23\xc0\x37\x4b\xa5\xbf\x1e\xea\x7e\x73\x66\x8e\x13\x50\x31\xfe\xaf\xcb\xb4\x7c\xbc\x2a\xe3\x0e\xc1\x6a\x39\xb9\xc3\x37\xe0\xa6\x2e\xec\xdd\x80\xc0\xb7\xa0\x49\x24\xac\x39\x72\xda\x4f\xa9\x29\x9c\x14\xb5\xa5\x3d\x37\xb0\x8b\xf0\x22\x68\xb3\xba\xc9\xea\x93\x55\x09\x0e\xeb\x04\xad\x87\xbe\xe0\x59\x3b\xa4\xe4\x44\x3d\xda\x38\xa9\x7a\xfb\xf2\xdb\x99\x52\xdf\x63\xf1\x78\xf3\xb4\xc5\x2b\xcc\x13\x2b\xe8\xd9\xe2\x68\x81\x21\x3a\xbd\xeb\x7e\x1c\x44\xc4\x06\x15\x48\x90\x9f\x05\x20\xf0\xdd\x75\x20\xfc\x40\x8e\xa2\x8c\x2c\xeb\xc0\xf5\x30\x63\xa2\xd3\x05\x70\xe0\x53\x50\xe5\x2b\x39\x0d\xd9\xb6\x76\x62\x98\x48\x47\xbe\x9a\xd9\xb4\xcd\x50\xb0\x69\xff\xd2\x9d\xd9\xc6\x2e\xf1\x47\x01\xf8\xd0\x12\xa4\xa7\x0c\x84\x31\xcc"},
+{{0xa5,0xb3,0x4c,0xef,0xab,0x94,0x79,0xdf,0x83,0x89,0xd7,0xe6,0xf6,0xc1,0x46,0xaa,0x8a,0xff,0xb0,0xbe,0xc8,0x37,0xf7,0x8a,0xf6,0x46,0x24,0xa1,0x45,0xcc,0x34,0x4e,},{0x7b,0x0f,0x4f,0x24,0xd9,0x97,0x2b,0xc6,0xfe,0x83,0x82,0x6c,0x52,0x71,0x6a,0xd1,0xe0,0xd7,0xd1,0x9f,0x12,0x38,0x58,0xcb,0x3e,0x99,0xfa,0x63,0x6a,0xc9,0x63,0x1a,},{0x2f,0xbd,0x89,0x9d,0x72,0xb6,0xd3,0x9e,0x4f,0x45,0xb8,0xb6,0x2c,0xbb,0xd5,0xf3,0xc0,0xac,0xb1,0xad,0x85,0x40,0x91,0x3f,0xa5,0x85,0x87,0x7e,0x91,0xcc,0xfe,0xf7,0xbe,0xe5,0x0a,0x4b,0x0f,0x9f,0xed,0xf5,0xcc,0x1e,0x0d,0x19,0x53,0xad,0x39,0x9c,0x83,0x89,0xa9,0x33,0x91,0xe1,0xb7,0xc9,0x29,0xaf,0x6d,0x6f,0x3b,0x79,0x6c,0x08,},"\xe2\x1e\x98\xaf\x6c\x2b\xac\x70\x55\x7e\xb0\xe8\x64\xda\x2c\x2b\x4d\x6c\x0a\x39\xa0\x59\xd3\x47\x72\x51\xf6\x17\x8a\x39\x67\x6f\x47\x49\xe7\xfb\xea\x62\x3f\x14\x8a\x43\xa8\xb0\xfe\x06\x10\x50\x6f\xa6\x58\xab\xd2\xf5\xfa\x39\x19\x8f\x26\x36\xb7\x24\xdb\x22\xd1\xae\xbc\x2a\xb0\x7b\x2b\x6d\xbf\xfd\xee\x8c\xec\xe8\x1e\x1a\xf1\x49\x3e\xc1\x96\x4e\x16\xbf\x86\xab\x25\x8c\xa0\xfe\xb7\x7e\x3c\x87\x17\xe4\x40\x38\xab\xe1\x52\xc1\x4b\xe1\x56\x60\xbf\x93\xb2\xd4\x8d\x92\xc4\xed\x70\x74\xd2\x49\x42\x10\x62\x1b\xcf\x20\x4f\xba\x88\xc6\x54\xd5\xff\xe0\x1e\x1a\x53\xd0\x8f\x70\xbb\x23\x70\x89\xdc\x80\x72\x16\xff\x6a\x85\xdb\xec\x31\x02\x23\x7d\x42\x59\x07\x78\xac\xf6\xc1\xdc\x56\x6d\x5a\x2b\xb9\xa6\x3b\xc2\x1c\x32\x9c\x27\x2e\x59\x65\xba\xee\xb0\xfe\x89\x1d\xe3\xcc\x8c\xbf\xa8\xe5\x41\xa8\x88\x1d\xf6\x89\x42\xe7\xff\x8d\xc6\x56\xbd\x08\x57\x5f\x6a\xaf\x92\x4a\x17\x6d\x66\x3b\x1a\x1f\x43\x57\x4d\x11\x76\x8c\x70\x1b\x26\x95\x61\xe5\x54\x38\xdb\xeb\xfd\x44\x3d\x21\x15\xcb\x93\x3d\x1c\xde\x4a\x91\x5b\x54\xc3\x25\xc2\x7f\x49\x9e\xf0\x2b\xd0\x12\xff\x1f\x9a\x36\x39\x09\x22\x88\x76\x00\xfe\x71\x2b\xcd\xc2\x3e\xb5\x97\x4a\x30\x53\x72\xad\x52\x95\x1f\x83\xf0\xe5\x8c\xc4\x9e\x28\x98\x41\x62\x19\x17\xf1\xfc\xb0\x23\x51\x47\x24\x0d\xae\x4c\xf3\xb9\x9b\x6a\xc6\xd8\xde\x94\xef\xe7\xc4\x43\x67\x14\x50\x8b\xcd\x01\x14\xc5\x60\x68\xff\x1b\x7c\x16\xd5\x1b\xd9\x06\x43\x78\x74\xd6\x54\x9a\xb5\xd8\x08\x78\x96\x87\x2e\xc8\xa0\x9d\x74\x12"},
+{{0xad,0x75,0xc9,0xce,0x29,0x9c,0x4d,0x59,0x39,0x33,0x67,0xd7,0x7a,0x4c,0x9f,0x8d,0xf8,0xdc,0xec,0x76,0x5c,0x6d,0xbd,0x25,0xb5,0x27,0xfb,0x76,0x69,0x91,0x36,0x04,},{0xb9,0x91,0x05,0x48,0xfe,0x63,0x12,0xa1,0x19,0xc9,0x99,0x3e,0xeb,0xcf,0xb9,0xdc,0x90,0x03,0x0f,0xfb,0x0e,0x4d,0xe2,0xb7,0xcc,0xd2,0x3c,0xbe,0xb4,0xfe,0xf7,0x1b,},{0x6b,0x7e,0xf2,0x7b,0xcf,0xbf,0x2b,0x71,0x49,0x85,0x03,0x37,0x64,0xfc,0xcf,0xf5,0x55,0xe3,0xf5,0xbc,0x44,0x61,0x0d,0x6c,0x8c,0x62,0x11,0x7c,0xb3,0x83,0x1a,0x07,0xf4,0xa8,0xbd,0xdb,0x0e,0xae,0xd1,0xd4,0x6b,0x02,0x89,0xb1,0x5d,0xe1,0xaa,0x4d,0xcc,0x17,0xd7,0x1b,0xe9,0x6a,0x09,0xe6,0x6b,0xa4,0xdc,0x46,0x27,0xc7,0x87,0x05,},"\x62\xfc\x5a\xb6\x7d\xeb\x1f\xee\x9a\xb6\xcc\xa3\xb8\x8a\x1d\xf1\xe5\x89\xf0\xfd\x4a\x88\xf4\xaa\x77\x38\x94\x87\x61\xfe\x84\x37\x2c\x5b\x18\xe4\x65\x52\x20\xc1\xd8\x4d\x52\xac\xad\x32\xe2\x29\xa5\xc7\x56\xc2\x0f\xc6\x2f\xe4\xb4\xb4\xe5\xfd\x70\x77\xae\x4e\xd5\x39\x7a\xa7\x96\xf2\x30\x7c\xee\xdb\x65\x05\xb3\x92\x97\x85\x6f\x4a\xeb\x5e\x70\x93\x8e\x36\xee\x24\xa0\xac\x7d\x98\x68\x30\x6f\x6b\x53\x91\x06\x23\xb7\xdc\x89\xa6\x67\x2a\xd7\x38\x57\x6e\xd5\xd8\x88\x31\xdd\x33\x83\x21\xc8\x90\x2b\xc2\x06\x1f\x65\xe9\x4d\x45\x2f\xdf\xa0\xdc\x66\x5c\xef\xb9\x23\x08\xe5\x23\x01\xbd\x46\x27\x00\x6b\x36\x3d\x06\xb7\x75\xa3\x95\x91\x4d\x8c\x86\x3e\x95\xa0\x0d\x68\x93\xf3\x37\x61\x34\xc4\x29\xf5\x64\x78\x14\x5e\x44\x56\xf7\xa1\x2d\x65\xbb\x2b\x89\x65\xd7\x28\xcb\x2d\xdb\xb7\x08\xf7\x12\x5c\x23\x70\x95\xa9\x21\x95\xd9\x2f\xa7\x27\xa3\x72\xf3\x54\x5a\xe7\x01\xf3\x80\x8f\xee\x80\x2c\x89\x67\xa7\x6e\x8a\x94\x0e\x55\xfb\x2d\x81\x0b\xfb\x47\xad\xa1\x56\xf0\xed\xa1\x82\x9b\x15\x9c\xf0\x5c\x7f\x36\xcf\x38\x47\xd7\xb2\x1d\xe8\x4c\x3d\xc0\xfe\x65\x83\x47\xf7\x93\x96\xa0\x11\x39\xa5\x08\xb6\x00\x22\xdb\x1c\x0e\x5a\xee\xf4\x7e\x44\x5e\x66\xf7\x83\xe6\x2c\x96\x59\x7b\xdb\x16\xf2\x09\xc0\x8a\x91\x32\xc7\x57\x31\x36\x17\x0e\xe3\xeb\xf2\x42\x61\x26\x5a\x89\xfb\x4f\x10\x33\x33\x75\xe2\x0b\x33\xab\x74\x03\x46\x4f\x52\x49\x46\x1c\x68\x53\xc5\xfd\xdb\x9f\x58\xaf\x81\x68\x92\x91\x03\x93\xa7\x07\x7b\x79\x9f\xdc\x34\x89\x72\x09\x98\xfe\xea\x86"},
+{{0x1c,0xed,0x57,0x45,0x29,0xb9,0xb4,0x16,0x97,0x7e,0x92,0xeb,0x39,0x44,0x8a,0x87,0x17,0xca,0xc2,0x93,0x4a,0x24,0x3a,0x5c,0x44,0xfb,0x44,0xb7,0x3c,0xcc,0x16,0xda,},{0x85,0xe1,0x67,0xd5,0xf0,0x62,0xfe,0xe8,0x20,0x14,0xf3,0xc8,0xb1,0xbe,0xae,0xd8,0xee,0xfb,0x2c,0x22,0xd8,0x64,0x9c,0x42,0x4b,0x86,0xb2,0x1b,0x11,0xeb,0x8b,0xda,},{0xe0,0x30,0x3a,0xef,0xe0,0x8a,0x77,0x73,0x8d,0xcc,0x65,0x7a,0xfb,0xb9,0xb8,0x35,0xed,0x27,0x96,0x13,0xa5,0x3c,0x73,0xfd,0xc5,0xdd,0xbf,0xb3,0x50,0xe5,0xcf,0xf4,0xd6,0xc9,0xbb,0x43,0xdc,0x07,0xc9,0x5b,0xf4,0xe2,0x3b,0x64,0xc4,0x0f,0x88,0x04,0xc7,0x16,0x99,0x52,0xe3,0xc8,0xd5,0x9a,0x71,0x97,0x24,0x1b,0xfe,0xd0,0x74,0x0f,},"\x1b\x3b\x95\x3c\xce\x6d\x15\x30\x3c\x61\xca\x70\x76\x09\xf7\x0e\x72\x50\xf6\xc0\xde\xba\x56\xa8\xce\x52\x2b\x59\x86\x68\x96\x51\xcd\xb8\x48\xb8\x42\xb2\x22\x96\x61\xb8\xee\xab\xfb\x85\x70\x74\x9e\xd6\xc2\xb1\x0a\x8f\xbf\x51\x50\x53\xb5\xea\x7d\x7a\x92\x28\x34\x9e\x46\x46\xf9\x50\x5e\x19\x80\x29\xfe\xc9\xce\x0f\x38\xe4\xe0\xca\x73\x62\x58\x42\xd6\x4c\xaf\x8c\xed\x07\x0a\x6e\x29\xc7\x43\x58\x6a\xa3\xdb\x6d\x82\x99\x3a\xc7\x1f\xd3\x8b\x78\x31\x62\xd8\xfe\x04\xff\xd0\xfa\x5c\xbc\x38\x1d\x0e\x21\x9c\x91\x93\x7d\xf6\xc9\x73\x91\x2f\xc0\x2f\xda\x53\x77\x31\x24\x68\x27\x4c\x4b\xee\x6d\xca\x7f\x79\xc8\xb5\x44\x86\x1e\xd5\xba\xbc\xf5\xc5\x0e\x14\x73\x49\x1b\xe0\x17\x08\xac\x7c\x9f\xf5\x8f\x1e\x40\xf8\x55\x49\x7c\xe9\xd7\xcc\x47\xb9\x41\x0f\x2e\xdd\x00\xf6\x49\x67\x40\x24\x3b\x8d\x03\xb2\xf5\xfa\x74\x2b\x9c\x63\x08\x67\xf7\x7a\xc4\x2f\x2b\x62\xc1\x4e\x5e\xbd\xdc\x7b\x64\x7a\x05\xff\xf4\x36\x70\x74\x5f\x28\x51\xef\xf4\x90\x9f\x5d\x27\xd5\x7a\xe8\x7f\x61\xe9\x65\xee\x60\xfd\xf9\x77\x24\xc5\x92\x67\xf2\x61\x0b\x7a\xd5\xde\x91\x98\x56\xd6\x4d\x7c\x21\x26\x59\xce\x86\x56\x14\x9b\x6a\x6d\x29\xd8\xf9\x2b\x31\x2b\xe5\x0b\x6e\x2a\x43\x1d\x36\xae\x02\x2b\x00\xa6\xfe\x36\x0e\x3a\xf6\x54\x32\x89\x9c\x43\xbe\x04\x27\xe3\x6d\x21\xcf\xec\x81\xf2\x1a\xa5\x3b\x33\xdb\x5e\xd2\xc3\x7d\xa8\xf9\x6a\xc3\xe7\xdc\x67\xa1\xde\x37\x54\x6c\xf7\xde\x10\x08\xc7\xe1\xad\xbe\x0f\x34\xfa\x7e\xb2\x43\x4d\x94\xe6\xa1\x3f\x4c\xf8\x6a\x98\xd4\x97\x62\x2f"},
+{{0xf0,0x79,0x0d,0x93,0xe2,0xd3,0xb8,0x4f,0x61,0xef,0x4c,0x80,0x71,0x47,0xab,0xa4,0x10,0xe4,0x15,0xe7,0x2b,0x71,0xb0,0xd6,0x1d,0x01,0x02,0x6f,0xed,0x99,0xda,0x3d,},{0xef,0xdf,0x64,0x9f,0xb0,0x33,0xcf,0x32,0x8e,0x0b,0x28,0x77,0x96,0xf8,0xa2,0x5e,0x9c,0x6e,0x2e,0x87,0x1b,0x33,0xc2,0xc2,0x1a,0x40,0x28,0xa8,0xa2,0x5a,0x4b,0x28,},{0x08,0x77,0x3a,0x6a,0x78,0x76,0x2c,0xbb,0x1e,0x25,0xfc,0xbb,0x29,0x13,0x99,0x41,0xbd,0xf1,0x6f,0x4e,0x09,0xa1,0xfa,0x08,0xfc,0x70,0x1f,0x32,0xf9,0x33,0xed,0xd7,0x4c,0x0a,0xe9,0x83,0xc1,0x2a,0x0a,0x5b,0x02,0x0b,0x6b,0xcf,0x44,0xbb,0x71,0x9d,0xde,0x8e,0xd0,0x78,0x1a,0x82,0x98,0x26,0x56,0x40,0xe1,0x60,0x8c,0x98,0xb3,0x01,},"\x79\x73\xe9\xf3\x2d\x74\x80\x59\x92\xeb\x65\xda\x0d\x63\x73\x35\xe5\x0e\xff\x0c\xe6\x8e\xa2\xd1\xf3\xa0\x2d\xe7\x04\x49\x2b\x9c\xfb\xe7\xe7\xba\x96\xfd\xb4\x2b\xb8\x21\xa5\x13\xd7\x3f\xc6\x04\x02\xe9\x2c\x85\x5d\xea\xed\x73\xff\xea\xf7\x09\x52\x02\x90\x62\xc8\x33\xe1\x4e\xc1\xb1\x4f\x14\x4e\x22\x07\xf6\xa0\xe7\x27\xe5\xa7\xe3\xcb\xab\x27\xd5\x97\x29\x70\xf6\x95\x18\xa1\x5b\x09\x3e\x74\x0c\xc0\xce\x11\xbf\x52\x48\xf0\x82\x6b\x8a\x98\xbd\xe8\xbf\x2c\x70\x82\xc9\x7a\xff\x15\x8d\x08\x37\x11\x18\xc8\x90\x21\xcc\x39\x74\xae\x8f\x76\xd8\x66\x73\xc3\xf8\x24\xb6\x2c\x79\xc4\xb4\x1f\x40\xea\xa8\x94\x37\x38\xf0\x33\x00\xf6\x8c\xbe\x17\x54\x68\xeb\x23\x5a\x9f\xf0\xe6\x53\x7f\x87\x14\xe9\x7e\x8f\x08\xca\x44\x4e\x41\x19\x10\x63\xb5\xfa\xbd\x15\x6e\x85\xdc\xf6\x66\x06\xb8\x1d\xad\x4a\x95\x06\x55\x84\xb3\xe0\x65\x8c\x20\xa7\x06\xea\xf4\xa0\x77\x7d\xa4\xd2\xe0\xcd\x2a\x0f\xca\x60\x10\x9c\x2b\x44\x03\xdb\x3f\x03\xcd\x47\x81\xc1\xfb\xb0\x27\x22\x02\xbc\xb1\x16\x87\x80\x8c\x50\xcb\x98\xf6\x4b\x7f\x3f\xd3\xd4\x33\x33\xbb\x5a\x06\x1b\x9e\x37\x70\x90\xab\xb1\xe0\xa8\x85\xcb\x26\xb7\x3c\x16\x3e\x63\xff\x64\x51\xff\x2f\x4e\xc8\x24\x9c\x7e\x15\x2b\xd0\x39\x73\xa1\xe9\x64\xe2\xb5\xb2\x35\x28\x1a\x93\x83\x99\xa1\x12\xa2\x45\x29\xe3\x83\xa5\x60\xdc\x50\xbb\x1b\x62\x2a\xd7\x4e\xf3\x56\x58\xdc\xb1\x0f\xfe\x02\x25\x68\xac\x3f\xfa\xe5\xb4\x65\xa8\xed\x76\x43\xe8\x56\x1b\x35\x2e\xe9\x94\x4a\x35\xd8\x82\xc7\x12\xb1\x87\x78\x8a\x0a\xba\xe5\xa2\x2f"},
+{{0x4c,0xb9,0xdf,0x7c,0xe6,0xfa,0xe9,0xd6,0x2b,0xa0,0x9e,0x8e,0xb7,0x0e,0x4c,0x96,0x9b,0xde,0xaf,0xcb,0x5e,0xc7,0xd7,0x02,0x43,0x26,0xe6,0x60,0x3b,0x06,0x21,0xbf,},{0x01,0x80,0x69,0xdd,0x0e,0xb4,0x40,0x55,0xa3,0x5c,0xd8,0xc7,0x7c,0x37,0xca,0x9f,0xb1,0xad,0x24,0x17,0x27,0x13,0x85,0xe1,0x34,0xb2,0xf4,0xe8,0x1f,0x52,0x03,0x3c,},{0xe3,0x3c,0x07,0x83,0x6c,0x53,0x7d,0x6b,0xfb,0xd0,0xf4,0x59,0x2d,0x6e,0x35,0xb1,0x63,0x49,0x9b,0xa7,0x8d,0xc7,0xff,0xce,0xc5,0x65,0xd0,0x4f,0x9a,0x7d,0xb7,0x81,0x94,0x3e,0x29,0xe6,0xce,0x76,0x76,0x3e,0x9b,0xad,0xdf,0x57,0x43,0x7f,0xd9,0xc6,0xb0,0x32,0x39,0xa6,0xe6,0x85,0x0e,0x45,0x02,0xa3,0x56,0xc2,0xe1,0x2c,0x37,0x05,},"\x14\x62\x7d\x6e\xa0\xe7\x89\x54\x60\x75\x94\x76\xdc\x74\xc4\x28\x00\xce\xef\x99\x43\x27\x51\x81\x51\x49\x0d\x9d\xf2\x30\x67\x91\x4e\x44\x78\x8a\x12\x76\x8c\xcb\x25\x47\x1b\x9c\x3b\xa9\xd1\x4f\xb4\x36\xdc\xba\x38\x42\x9b\x3a\x04\x56\x87\x77\x63\xc4\x91\x75\xd0\xe0\x82\x68\x3e\x07\xa9\x05\x8f\x36\x85\xc6\x27\x93\x07\xb2\x30\x3d\x12\x21\xb9\xc2\x97\x93\xd8\xa4\x87\x7f\x6d\xf5\x15\x87\x38\x4d\xad\xf7\x51\xc5\xf7\xbf\xbd\x20\x7d\x51\x96\x22\xc3\x7b\x51\xce\xee\xe2\xc2\x0d\x82\x69\xf8\xcb\x88\xd3\xfe\x43\xd6\xd4\x34\xd5\xbb\xd0\xe2\x03\xc1\x53\x2d\x97\xba\x55\x21\x47\x22\x74\x96\xc8\x7f\x67\xb5\x0b\xb7\x61\x93\xad\xd0\x14\x4d\xf1\xc1\x76\x65\x75\x85\x40\x83\x62\xca\x2e\xd0\x4a\xd6\x2a\xcf\x1c\x25\xe3\x41\xdf\xd1\x49\x8d\x85\xb4\xb1\x34\x9a\x8b\x0b\x9b\x02\xc4\x35\x23\xc5\x58\x53\x41\x9b\xfe\xd3\x7d\x5a\x2c\xdf\x17\xdf\xbf\x1a\x3b\xd7\x75\x9d\x6a\xe1\x80\xf9\xd2\x7d\xcd\x9a\x89\x33\xe2\x9a\x7c\x0a\x30\x77\x1e\xea\x7c\x2e\x0f\xa2\x42\x92\x5d\x23\x36\xdc\xe5\x85\x62\x90\x57\xd8\x44\x32\x39\x64\xf6\xd3\xd1\x1f\xf0\xb3\xf8\x29\xa3\xbe\x8c\x9f\x04\x68\xa6\x82\x3d\x8e\x70\xab\x5a\x2d\xa2\x1e\x15\xfa\x8b\x04\x1a\x29\x81\x22\x22\xe9\xc3\x0b\x2b\xd9\xa1\x2d\x1f\xde\xe6\xf8\x78\x76\xe8\xce\x81\x00\x96\x37\xa8\xbb\x22\x36\x12\x9a\x47\xca\x74\x28\x9e\xe4\xaa\xd4\x29\xff\xe2\x9f\x47\x43\x02\x41\xca\x8c\xc3\x84\x8b\x72\x00\xfd\x6e\x14\x70\x65\x1a\x9a\x0a\x6f\x72\xc9\x03\x3e\x83\x1d\xf0\x51\x40\x8a\x62\x60\xf6\x5c\xba\xf6\xe0\x12\xb1\x8e"},
+{{0xa1,0x36,0xe0,0x09,0xd5,0x3e,0x5e,0xf5,0x9d,0x09,0x46,0xbc,0x17,0x56,0x63,0xa8,0x6b,0xc0,0xfc,0xd2,0x9e,0xad,0xd9,0x5c,0xfc,0x9d,0x26,0x60,0x37,0xb1,0xe4,0xfb,},{0x9c,0x18,0x06,0xec,0x04,0x54,0xf5,0x83,0x14,0xeb,0x83,0x97,0xd6,0x42,0x87,0xde,0xe3,0x86,0x64,0x0d,0x84,0x91,0xab,0xa3,0x64,0x60,0x76,0x88,0x84,0x17,0x15,0xa0,},{0xbc,0x09,0x4b,0xa9,0x1c,0x11,0x5d,0xee,0x15,0xd7,0x53,0x36,0x1a,0x75,0xf3,0xf0,0x3d,0x6a,0xf4,0x5c,0x92,0x15,0x7e,0x95,0xdb,0xe8,0xd3,0x21,0x94,0xb6,0xc5,0xce,0x72,0xb9,0xdc,0x66,0xf7,0x3d,0xf1,0x2d,0xca,0x0b,0x63,0x9f,0x3e,0x79,0x1d,0x47,0x86,0x16,0xa1,0xf8,0xd7,0x35,0x9a,0x42,0xc8,0xea,0xe0,0xdd,0xa1,0x6b,0x16,0x06,},"\xa4\x9d\x1c\x3d\x49\xe1\x3c\x2e\xda\x56\x86\x8a\x88\x24\xaa\x9f\x8d\x2b\xf7\x2f\x21\x95\x5e\xba\xfd\x07\xb3\xbd\xc8\xe9\x24\xde\x20\x93\x6c\xee\x51\x3d\x8a\x64\xa4\x71\x73\xa3\xbd\x65\x9e\xff\x1a\xcc\xff\x82\x44\xb2\x6a\xae\x1a\x0c\x27\xfa\x89\x1b\xf4\xd8\x5e\x8f\xb1\xb7\x6a\x6c\xab\x1e\x7f\x74\xc8\x9e\xe0\x7b\xb4\x0d\x71\x43\x26\xf0\x9b\x3f\xd4\x06\x32\xfa\xd2\x08\xea\x81\x6f\x90\x72\x02\x8c\x14\xb5\xb5\x4e\xcc\x1c\x5b\x7f\xc8\x09\xe7\xe0\x78\x6e\x2f\x11\x49\x5e\x76\x01\x7e\xb6\x2a\xa4\x56\x3f\x3d\x00\xee\x84\x34\x8d\x98\x38\xcd\x17\x64\x9f\x69\x29\xa6\xd2\x06\xf6\x0e\x6f\xc8\x2e\x0c\x34\x64\xb2\x7e\x0e\x6a\xbd\x22\xf4\x46\x9b\xdf\xd4\xcb\x54\xf7\x7e\x32\x9b\x80\xf7\x1b\xf4\x21\x29\xec\x13\xc9\xdf\xe1\x92\xad\xfa\xa4\x2e\xe3\xdd\xee\xda\x38\x58\x16\xfb\xad\x5f\x41\x19\x38\xc6\x3b\x56\x0f\x4e\xcd\x94\x53\x4b\xe7\xd9\x87\x25\xcd\x94\xc9\x9c\xe4\x92\xf0\xf0\x69\xba\x0e\xc0\x8f\x87\x7a\x78\x12\xef\x27\xae\x19\xd7\xa7\x7b\xe6\x3f\x66\xbc\xf8\xd6\xcf\x3a\x1a\x61\xfc\x9c\xfe\xf1\x04\xc7\x46\x2a\x21\xca\x7f\x03\xaf\xb5\xbb\x1a\xc8\xc7\x51\x24\xb5\x54\xe8\xd0\x44\xb8\x10\xd9\x5f\xf8\xc9\xdd\x09\xa3\x44\x84\xd8\xc4\xb6\xc9\x5f\x95\xc3\xc2\x28\x23\xf5\x2c\xe8\x44\x29\x37\x24\xd5\x25\x91\x91\xf1\xba\x09\x29\xe2\xac\xdb\xb8\xb9\xa7\xa8\xad\xf0\xc5\x2e\x78\xac\xdf\xdf\x05\x7b\x09\x85\x88\x1a\xfb\xed\x4d\xbe\xbd\xeb\xbd\xae\x0a\x2b\x63\xbd\x4e\x90\xf9\x6a\xfd\xcb\xbd\x78\xf5\x06\x30\x9f\x9b\xdb\x65\x00\x13\xcb\x73\xfa\xed\x73\x90\x4e"},
+{{0xff,0x0f,0x1c,0x57,0xdd,0x88,0x4f,0xbe,0xea,0x6e,0x29,0x17,0x28,0x2b,0x79,0xba,0x67,0xf8,0xa6,0x85,0x12,0x67,0xb9,0xf4,0x63,0x6d,0xaf,0xda,0x33,0xbd,0x2b,0x5b,},{0xfe,0xf6,0x37,0x8a,0xd1,0x2a,0x7c,0x25,0x2f,0xa6,0xeb,0x74,0x2b,0x05,0x06,0x4b,0x41,0x53,0x0f,0xf0,0x19,0xdc,0x68,0x0a,0xb5,0x44,0xc0,0x27,0xea,0x28,0x36,0xe7,},{0xd5,0x00,0x84,0x86,0x72,0x6c,0xce,0x33,0x0a,0x29,0xdd,0x7e,0x4d,0x74,0x74,0xd7,0x35,0x79,0x82,0x01,0xaf,0xd1,0x20,0x6f,0xeb,0x86,0x9a,0x11,0x2e,0x5b,0x43,0x52,0x3c,0x06,0x97,0x67,0x61,0xbe,0x3c,0xf9,0xb2,0x71,0x63,0x78,0x27,0x3c,0x94,0xf9,0x35,0x72,0xa7,0xd2,0xb8,0x98,0x26,0x34,0xe0,0x75,0x5c,0x63,0x2b,0x44,0x90,0x08,},"\x52\x2a\x5e\x5e\xff\x5b\x5e\x98\xfa\xd6\x87\x8a\x9d\x72\xdf\x6e\xb3\x18\x62\x26\x10\xa1\xe1\xa4\x81\x83\xf5\x59\x0e\xce\xf5\xa6\xdf\x67\x1b\x28\xbe\x91\xc8\x8c\xdf\x7a\xe2\x88\x11\x47\xfe\x6c\x37\xc2\x8b\x43\xf6\x4c\xf9\x81\xc4\x55\xc5\x9e\x76\x5c\xe9\x4e\x1b\x64\x91\x63\x1d\xea\xee\xf6\xd1\xda\x9e\xbc\xa8\x86\x43\xc7\x7f\x83\xea\xe2\xcf\xdd\x2d\x97\xf6\x04\xfe\x45\x08\x1d\x1b\xe5\xc4\xae\x2d\x87\x59\x96\xb8\xb6\xfe\xcd\x70\x7d\x3f\xa2\x19\xa9\x3b\xa0\x48\x8e\x55\x24\x7b\x40\x5e\x33\x0c\xfb\x97\xd3\x1a\x13\x61\xc9\xb2\x08\x4b\xdb\x13\xfb\x0c\x05\x89\x25\xdb\x8c\x3c\x64\x9c\x9a\x3e\x93\x7b\x53\x3c\xc6\x31\x0f\xa3\xb1\x61\x26\xfb\x3c\xc9\xbb\x2b\x35\xc5\xc8\x30\x00\x15\x48\x8a\x30\xfa\xdc\xa3\xc8\x87\x1f\xa7\x0d\xfd\xc7\x05\x5b\xf8\xe6\x31\xf2\x0c\x9b\x25\x28\x31\x1e\x32\x4a\x7c\x4e\xdd\x54\x62\x07\x9f\x34\x41\xc9\xec\xf5\x5f\xa9\x99\xe7\x31\x37\x23\x44\xfd\xc0\xd4\x13\xe4\x17\xaa\xa0\x01\xa1\xb2\xd3\xd9\xbc\x00\x0f\xec\x1b\x02\xbd\x7a\x88\xa8\x12\xd9\xd8\xa6\x6f\x94\x64\x76\x4c\x07\x0c\x93\x04\x1e\xef\xb1\x7c\xe7\x4e\xff\x6d\x4a\xff\x75\xf0\xcb\xf6\xa7\x89\xa9\xec\xde\x74\xab\xe3\x31\x30\xfc\xa0\xda\x85\x3a\xa7\xc3\x31\x3a\xda\x3f\x0a\xe2\xf5\x95\xc6\x79\x6a\x93\x68\x5e\x72\x9d\xd1\x8a\x66\x9d\x63\x81\x82\x5a\xb3\xf3\x6a\x39\x1e\x75\x25\xb2\xa8\x07\xa5\x2f\xa5\xec\x2a\x03\x0a\x8c\xf3\xb7\x73\x37\xac\x41\xfc\xeb\x58\x0e\x84\x5e\xed\x65\x5a\x48\xb5\x47\x23\x8c\x2e\x81\x37\xc9\x2f\x8c\x27\xe5\x85\xca\xad\x31\x06\xee\xe3\x81\x4a"},
+{{0x0b,0xc6,0xaf,0x64,0xde,0x57,0x09,0xd3,0xdb,0xc2,0x8f,0x7e,0xf6,0xd3,0xfe,0x28,0xb6,0xde,0x52,0x9f,0x08,0xf5,0x85,0x7c,0xcb,0x91,0x06,0x95,0xde,0x45,0x4f,0x56,},{0xfb,0x49,0x1f,0xc9,0x00,0x23,0x7b,0xdc,0x7e,0x9a,0x11,0x9f,0x27,0x15,0x0c,0xd9,0x11,0x93,0x5c,0xd3,0x62,0x87,0x49,0xff,0x40,0xef,0x41,0xf3,0x95,0x5b,0xc8,0xac,},{0xdb,0xc7,0x13,0x4d,0x1c,0xd6,0xb0,0x81,0x3b,0x53,0x35,0x27,0x14,0xb6,0xdf,0x93,0x94,0x98,0xe9,0x1c,0xf3,0x7c,0x32,0x43,0x37,0xd9,0xc0,0x88,0xa1,0xb9,0x98,0x34,0x7d,0x26,0x18,0x5b,0x43,0x09,0x00,0x41,0x29,0x29,0xe4,0xf6,0x3e,0x91,0x03,0x79,0xfc,0x42,0xe3,0x55,0xa4,0xe9,0x8f,0x6f,0xee,0x27,0xda,0xfa,0xd1,0x95,0x72,0x06,},"\xac\x78\x86\xe4\xf4\x17\x2a\x22\xc9\x5e\x8e\xea\x37\x43\x7b\x37\x5d\x72\xac\xce\xdc\xee\x6c\xc6\xe8\x16\x76\x33\x01\xa2\xd8\xef\x4d\x6f\x31\xa2\xc1\xd6\x35\x81\x8b\x70\x26\xa3\x95\xce\x0d\xaf\xd7\x1c\x51\x80\x89\x3a\xf7\x6b\x7e\xa0\x56\xc9\x72\xd6\x80\xec\xa0\x1d\xcb\xdb\xae\x6b\x26\xf1\xc5\xf3\x3f\xc9\x88\xb8\x24\xfb\xbe\x00\xca\xcc\x31\x64\x69\xa3\xba\xe0\x7a\xa7\xc8\x88\x5a\xf7\xf6\x5f\x42\xe7\x5c\xef\x94\xdb\xb9\xaa\xb4\x82\x51\x43\xc8\x50\x70\xe7\x71\x6b\x76\x12\xf6\x4e\xf0\xb0\x16\x60\x11\xd2\x3e\xb5\x65\x4a\xa0\x98\xb0\x2d\x8d\x71\xe5\x7c\x8f\xa1\x7b\xff\x2f\xe9\x7d\xc8\x19\x31\x77\xea\xdc\x09\xfb\x19\x2d\x80\xaa\x92\xaf\xa9\x87\x20\xd4\x61\x48\x17\xff\x3c\x39\xd3\xac\xce\x18\x90\x6f\xa3\xde\x09\x61\x89\x31\xd0\xd7\xa6\x0c\x44\x29\xcb\xfa\x20\xcf\x16\x5c\x94\x79\x29\xac\x29\x3a\xe6\xc0\x6e\x7e\x8f\x25\xf1\x26\x42\x91\xe3\xe1\xc9\x8f\x5d\x93\xe6\xec\xc2\x38\x9b\xc6\x0d\xbb\xf4\xa6\x21\xb1\x32\xc5\x52\xa9\x9c\x95\xd2\x6d\x8d\x1a\xf6\x11\x38\xb5\x70\xa0\xde\x4b\x49\x7e\xbe\x80\x51\xc7\x27\x3a\x98\xe6\xe7\x87\x6d\x0b\x32\x75\x03\xaf\x3c\xb2\xcc\x40\x91\xce\x19\x25\xcb\x2f\x29\x57\xf4\xec\x56\xee\x90\xf8\xa0\x9d\xd5\x7d\x6e\x83\x06\x7a\x35\x6a\x4c\xfe\x65\xb1\xb7\xa4\x46\x5d\xa2\xab\x13\x3b\x0e\xfb\x5e\x7d\x4d\xbb\x81\x1b\xcb\xbd\xe7\x12\xaf\xbf\x0f\x7d\xd3\xf3\x26\x22\x22\x84\xb8\xc7\x4e\xac\x7a\xd6\x25\x7f\xa8\xc6\x32\xb7\xda\x25\x59\xa6\x26\x6e\x91\xe0\xef\x90\xdb\xb0\xaa\x96\x8f\x75\x37\x6b\x69\x3f\xca\xa5\xda\x34\x22\x21"},
+{{0x2f,0x5e,0x83,0xbd,0x5b,0x41,0x2e,0x71,0xae,0x3e,0x90,0x84,0xcd,0x36,0x9e,0xfc,0xc7,0x9b,0xf6,0x03,0x7c,0x4b,0x17,0x4d,0xfd,0x6a,0x11,0xfb,0x0f,0x5d,0xa2,0x18,},{0xa2,0x2a,0x6d,0xa2,0x9a,0x5e,0xf6,0x24,0x0c,0x49,0xd8,0x89,0x6e,0x3a,0x0f,0x1a,0x42,0x81,0xa2,0x66,0xc7,0x7d,0x38,0x3e,0xe6,0xf9,0xd2,0x5f,0xfa,0xcb,0xb8,0x72,},{0x9f,0x80,0x92,0x2b,0xc8,0xdb,0x32,0xd0,0xcc,0x43,0xf9,0x93,0x6a,0xff,0xeb,0xe7,0xb2,0xbc,0x35,0xa5,0xd8,0x22,0x77,0xcd,0x18,0x7b,0x5d,0x50,0xdc,0x7f,0xc4,0xc4,0x83,0x2f,0xff,0xa3,0x4e,0x95,0x43,0x80,0x6b,0x48,0x5c,0x04,0x54,0x8e,0x7c,0x75,0x42,0x94,0x25,0xe1,0x4d,0x55,0xd9,0x1f,0xc1,0x05,0x2e,0xfd,0x86,0x67,0x43,0x0b,},"\xb7\x66\x27\x3f\x06\x0e\xf3\xb2\xae\x33\x40\x45\x4a\x39\x1b\x42\x6b\xc2\xe9\x72\x64\xf8\x67\x45\x53\xeb\x00\xdd\x6e\xcf\xdd\x59\xb6\x11\xd8\xd6\x62\x92\x9f\xec\x71\x0d\x0e\x46\x20\x20\xe1\x2c\xdb\xf9\xc1\xec\x88\x58\xe8\x56\x71\xac\xf8\xb7\xb1\x44\x24\xce\x92\x07\x9d\x7d\x80\x1e\x2a\xd9\xac\xac\x03\x6b\xc8\xd2\xdf\xaa\x72\xaa\x83\x9b\xff\x30\xc0\xaa\x7e\x41\x4a\x88\x2c\x00\xb6\x45\xff\x9d\x31\xbc\xf5\xa5\x43\x82\xde\xf4\xd0\x14\x2e\xfa\x4f\x06\xe8\x23\x25\x7f\xf1\x32\xee\x96\x8c\xdc\x67\x38\xc5\x3f\x53\xb8\x4c\x8d\xf7\x6e\x9f\x78\xdd\x50\x56\xcf\x3d\x4d\x5a\x80\xa8\xf8\x4e\x3e\xde\xc4\x85\x20\xf2\xcb\x45\x83\xe7\x08\x53\x93\x55\xef\x7a\xa8\x6f\xb5\xa0\xe8\x7a\x94\xdc\xf1\x4f\x30\xa2\xcc\xa5\x68\xf1\x39\xd9\xce\x59\xea\xf4\x59\xa5\xc5\x91\x6c\xc8\xf2\x0b\x26\xaa\xf6\xc7\xc0\x29\x37\x9a\xed\xb0\x5a\x07\xfe\x58\x5c\xca\xc6\x03\x07\xc1\xf5\x8c\xa9\xf8\x59\x15\x7d\x06\xd0\x6b\xaa\x39\x4a\xac\xe7\x9d\x51\xb8\xcb\x38\xcf\xa2\x59\x81\x41\xe2\x45\x62\x4e\x5a\xb9\xb9\xd6\x87\x31\x17\x33\x48\x90\x53\x15\xbf\x1a\x5a\xd6\x1d\x1e\x8a\xda\xeb\x81\x0e\x4e\x8a\x86\xd7\xc1\x35\x37\xb0\xbe\x86\x0a\xb2\xed\x35\xb7\x33\x99\xb8\x80\x8a\xa9\x1d\x75\x0f\x77\x94\x3f\x8a\x8b\x7e\x89\xfd\xb5\x07\x28\xaa\x3d\xbb\xd8\xa4\x1a\x6e\x00\x75\x6f\x43\x8c\x9b\x9e\x9d\x55\x87\x2d\xf5\xa9\x06\x8a\xdd\x8a\x97\x2b\x7e\x43\xed\xad\x9c\xed\x22\x37\xca\x13\x67\xbe\x4b\x7c\xdb\x66\xa5\x4e\xa1\x2e\xef\x12\x94\x71\x15\x86\x10\xea\xf2\x8f\x99\xf7\xf6\x86\x55\x7d\xcd\xf6\x44\xea"},
+{{0x72,0x2a,0x2d,0xa5,0x0e,0x42,0xc1,0x1a,0x61,0xc9,0xaf,0xac,0x7b,0xe1,0xa2,0xfe,0xd2,0x26,0x7d,0x65,0x0f,0x8f,0x7d,0x8e,0x5b,0xc7,0x06,0xb8,0x07,0xc1,0xb9,0x1d,},{0xfd,0x0b,0x96,0x45,0x62,0xf8,0x23,0x72,0x1e,0x64,0x9c,0x3f,0xed,0xb4,0x32,0xa7,0x6f,0x91,0xe0,0xae,0xad,0x7c,0x61,0xd3,0x5f,0x95,0xed,0x77,0x26,0xd7,0x85,0x89,},{0xc2,0x69,0x5a,0x57,0x17,0x2a,0xaa,0x31,0xbd,0x08,0x90,0xf2,0x31,0xca,0x8e,0xee,0xc0,0x28,0x7a,0x87,0x17,0x26,0x69,0xa8,0x99,0xad,0x08,0x91,0xce,0xa4,0xc4,0x75,0x79,0xb5,0x04,0x20,0xe7,0x91,0xcd,0xec,0x8c,0x18,0x2c,0x8a,0x0e,0x8d,0xde,0x21,0xb2,0x48,0x0b,0x0c,0xfd,0x81,0x11,0xe2,0x8e,0x56,0x03,0x34,0x7a,0x35,0x2d,0x04,},"\x17\x3e\x8b\xb8\x85\xe1\xf9\x08\x14\x04\xac\xac\x99\x90\x41\xd2\xec\xfc\xb7\x3f\x94\x5e\x0d\xb3\x6e\x63\x1d\x7c\xd1\xab\x99\x9e\xb7\x17\xf3\x4b\xf0\x78\x74\xbf\x3d\x34\xe2\x53\x0e\xb6\x08\x5f\x4a\x9f\x88\xae\x1b\x0f\x7d\x80\xf2\x21\x45\x6a\x8e\x9a\x88\x90\xb9\x1a\x50\x19\x2d\xea\xaa\xcc\x0a\x1a\x61\x5a\x87\x84\x1e\x2c\x5a\x9e\x05\x79\x57\xaf\x6e\x48\xe7\x8c\xc8\x61\x98\xe3\x2e\x7a\xa2\x4d\xcf\x6c\xff\xa3\x29\xbc\x72\x60\x6d\x65\xb1\x16\x82\xc8\xba\x73\x6c\xce\x22\xa0\x57\x85\xdf\x11\x46\x33\x1e\x41\x60\x9c\xf9\xca\x71\x1c\xf4\x64\x95\x82\x97\x13\x8b\x58\xa9\x07\x3f\x3b\xbf\x06\xad\x8a\x85\xd1\x35\xde\x66\x65\x21\x04\xd8\x8b\x49\xd2\x7a\xd4\x1e\x59\xbc\xc4\x4c\x7f\xab\x68\xf5\x3f\x05\x02\xe2\x93\xff\xca\xba\xaf\x75\x59\x27\xdf\xdf\xfb\xfd\xe3\xb3\x5c\x08\x0b\x5d\xe4\xc8\xb7\x85\xf4\xda\x64\xef\x35\x7b\xc0\xd1\x46\x6a\x6a\x96\x56\x0c\x3c\x4f\x3e\x3c\x0b\x56\x3a\x00\x3f\x5f\x95\xf2\x37\x17\x1b\xce\x1a\x00\x17\x71\xa0\x4e\xde\x7c\xdd\x9b\x8c\xa7\x70\xfd\x36\xef\x90\xe9\xfe\x00\x00\xa8\xd7\x68\x5f\xd1\x53\xcc\x72\x82\xde\x95\x92\x0a\x8f\x8f\x08\x98\xd0\x0b\xf0\xc6\xc9\x33\xfe\x5b\xb9\x65\x3f\xf1\x46\xc4\xe2\xac\xd1\xa2\xe0\xc2\x3c\x12\x44\x84\x4d\xac\xf8\x65\x27\x16\x30\x2c\x20\x32\xf9\xc1\x14\x67\x9e\xd2\x6b\x3e\xe3\xab\x4a\x7b\x18\xbc\x4e\x30\x71\xf0\x97\x7d\xb5\x7c\xd0\xac\x68\xc0\x72\x7a\x09\xb4\xf1\x25\xfb\x64\xaf\x28\x50\xb2\x6c\x8a\x48\x42\x63\x33\x4e\x2d\xa9\x02\xd7\x44\x73\x70\x44\xe7\x9a\xb1\xcf\x5b\x2f\x93\xa0\x22\xb6\x3d\x40\xcd"},
+{{0x5f,0xe9,0xc3,0x96,0x0e,0xd5,0xbd,0x37,0x4c,0xc9,0x4d,0x42,0x35,0x7e,0x6a,0x24,0xdc,0x7e,0x30,0x60,0x78,0x8f,0x72,0x63,0x65,0xde,0xfa,0xcf,0x13,0xcd,0x12,0xda,},{0x0c,0xe7,0xb1,0x55,0xc8,0xb2,0x0e,0xbd,0xaa,0xcd,0xc2,0xaa,0x23,0x62,0x7e,0x34,0xb1,0xf9,0xac,0xe9,0x80,0x65,0x0a,0x25,0x30,0xc7,0x60,0x7d,0x04,0x81,0x4e,0xb4,},{0x37,0x9f,0x9c,0x54,0xc4,0x13,0xaf,0x0d,0x19,0x2e,0x9b,0xc7,0x36,0xb2,0x9d,0xa9,0xd5,0x21,0xe7,0xba,0x78,0x41,0xd3,0x09,0xf9,0xbc,0xc1,0xe7,0x42,0xec,0x43,0x08,0xfe,0x9f,0x7b,0xa5,0x1e,0x0b,0x22,0xae,0xd4,0x87,0xcb,0x4a,0xa3,0x91,0x3b,0x9b,0xeb,0xfb,0x3a,0xac,0xd3,0x8f,0x40,0x39,0xf9,0xbb,0xbe,0xbe,0x1a,0xd8,0x00,0x02,},"\xc9\x49\x0d\x83\xd9\xc3\xa9\x37\x0f\x06\xc9\x1a\xf0\x01\x68\x5a\x02\xfe\x49\xb5\xca\x66\x77\x33\xff\xf1\x89\xee\xe8\x53\xec\x16\x67\xa6\xc1\xb6\xc7\x87\xe9\x24\x48\x12\xd2\xd5\x32\x86\x6a\xb7\x4d\xfc\x87\x0d\x6f\x14\x03\x3b\x6b\xcd\x39\x85\x2a\x39\x00\xf8\xf0\x8c\xd9\x5a\x74\xcb\x8c\xbe\x02\xb8\xb8\xb5\x1e\x99\x3a\x06\xad\xfe\xbd\x7f\xc9\x85\x4a\xe5\xd2\x9f\x4d\xf9\x64\x28\x71\xd0\xc5\xe4\x70\xd9\x03\xcf\xbc\xbd\x5a\xdb\x32\x75\x62\x8f\x28\xa8\x0b\xf8\xc0\xf0\x37\x66\x87\xda\xe6\x73\xbf\x7a\x85\x47\xe8\x0d\x4a\x98\x55\xae\x25\x72\xfc\x2b\x20\x5d\xc8\xa1\x98\x01\x6d\xdc\x9b\x50\x99\x5f\x5b\x39\xf3\x68\xf5\x40\x50\x4a\x55\x18\x03\xd6\xdd\x5f\x87\x48\x28\xe5\x54\x1d\xed\x05\x28\x94\xd9\xe2\xdc\x5e\x6a\xa3\x51\x08\x7e\x79\x0c\x0d\xd5\xd9\xc4\xde\xcb\x21\x7e\x4d\xb8\x1c\x98\xa1\x84\xb2\x64\xe6\xda\xea\xc0\xf1\x1e\x07\x4c\xae\x2b\xfc\x89\x9f\x54\xb4\x19\xc6\x5d\xcc\x22\x66\x4a\x91\x5f\xbf\xff\xac\x35\xce\xe0\xf2\x86\xeb\x7b\x14\x49\x33\xdb\x93\x3e\x16\xc4\xbc\xb6\x50\xd5\x37\x72\x24\x89\xde\x23\x63\x73\xfd\x8d\x65\xfc\x86\x11\x8b\x6d\xef\x37\xca\x46\x08\xbc\x6c\xe9\x27\xb6\x54\x36\xff\xda\x7f\x02\xbf\xbf\x88\xb0\x45\xae\x7d\x2c\x2b\x45\xa0\xb3\x0c\x8f\x2a\x04\xdf\x95\x32\x21\x08\x8c\x55\x5f\xe9\xa5\xdf\x26\x09\x82\xa3\xd6\x4d\xf1\x94\xee\x95\x2f\xa9\xa9\x8c\x31\xb9\x64\x93\xdb\x61\x80\xd1\x3d\x67\xc3\x67\x16\xf9\x5f\x8c\x0b\xd7\xa0\x39\xad\x99\x06\x67\xca\x34\xa8\x3a\xc1\xa1\x8c\x37\xdd\x7c\x77\x36\xaa\x6b\x9b\x6f\xc2\xb1\xac\x0c\xe1\x19\xef\x77"},
+{{0xec,0x2f,0xa5,0x41,0xac,0x14,0xb4,0x14,0x14,0x9c,0x38,0x25,0xea,0xa7,0x00,0x1b,0x79,0x5a,0xa1,0x95,0x7d,0x40,0x40,0xdd,0xa9,0x25,0x73,0x90,0x4a,0xfa,0x7e,0xe4,},{0x71,0xb3,0x63,0xb2,0x40,0x84,0x04,0xd7,0xbe,0xec,0xde,0xf1,0xe1,0xf5,0x11,0xbb,0x60,0x84,0x65,0x8b,0x53,0x2f,0x7e,0xa6,0x3d,0x4e,0x3f,0x5f,0x01,0xc6,0x1d,0x31,},{0x84,0xd1,0x8d,0x56,0xf9,0x64,0xe3,0x77,0x67,0x59,0xbb,0xa9,0x2c,0x51,0x0c,0x2b,0x6d,0x57,0x45,0x55,0xc3,0xcd,0xda,0xde,0x21,0x2d,0xa9,0x03,0x74,0x55,0x49,0x91,0xe7,0xd7,0x7e,0x27,0x8d,0x63,0xe3,0x46,0x93,0xe1,0x95,0x80,0x78,0xcc,0x36,0x85,0xf8,0xc4,0x1c,0x1f,0x53,0x42,0xe3,0x51,0x89,0x96,0x38,0xef,0x61,0x21,0x14,0x01,},"\x27\x49\xfc\x7c\x4a\x72\x9e\x0e\x0a\xd7\x1b\x5b\x74\xeb\x9f\x9c\x53\x4e\xbd\x02\xff\xc9\xdf\x43\x74\xd8\x13\xbd\xd1\xae\x4e\xb8\x7f\x13\x50\xd5\xfd\xc5\x63\x93\x45\x15\x77\x17\x63\xe6\xc3\x3b\x50\xe6\x4e\x0c\xd1\x14\x57\x30\x31\xd2\x18\x6b\x6e\xca\x4f\xc8\x02\xcd\xdc\x7c\xc5\x1d\x92\xa6\x13\x45\xa1\x7f\x6a\xc3\x8c\xc7\x4d\x84\x70\x7a\x51\x56\xbe\x92\x02\xde\xe3\x44\x46\x52\xe7\x9b\xae\x7f\x0d\x31\xbd\x17\x56\x79\x61\xf6\x5d\xd0\x1a\x8e\x4b\xee\x38\x33\x19\x38\xce\x4b\x2b\x55\x06\x91\xb9\x9a\x4b\xc3\xc0\x72\xd1\x86\xdf\x4b\x33\x44\xa5\xc8\xfb\xfb\xb9\xfd\x2f\x35\x5f\x61\x07\xe4\x10\xc3\xd0\xc7\x98\xb6\x8d\x3f\xb9\xc6\xf7\xab\x5f\xe2\x7e\x70\x87\x1e\x86\x76\x76\x98\xfe\x35\xb7\x7e\xad\x4e\x43\x5a\x94\x02\xcc\x9e\xd6\xa2\x65\x7b\x05\x9b\xe0\xa2\x10\x03\xc0\x48\xbb\xf5\xe0\xeb\xd9\x3c\xbb\x2e\x71\xe9\x23\xcf\x5c\x72\x8d\x17\x58\xcd\x81\x7a\xd7\x4b\x45\x4a\x88\x71\x26\xd6\x53\xb9\x5a\x7f\x25\xe5\x29\x3b\x76\x8c\x9f\xc5\xa9\xc3\x5a\x23\x72\xe3\x74\x1b\xc9\x0f\xd6\x63\x01\x42\x7b\x10\x82\x4b\xb4\xb1\xe9\x11\x0b\xfb\xa8\x4c\x21\xa4\x0e\xb8\xfe\xd4\x49\x7e\x91\xdc\x3f\xfd\x04\x38\xc5\x14\xc0\xa8\xcb\x4c\xac\x6a\xd0\x25\x6b\xf1\x1d\x5a\xa7\xa9\xc7\xc0\x0b\x66\x9b\x01\x5b\x0b\xf8\x14\x25\xa2\x14\x13\xe2\xff\xb6\xed\xc0\xbd\x78\xe3\x85\xc4\x4f\xd7\x45\x58\xe5\x11\xc2\xc2\x5f\xee\x1f\xec\x18\xd3\x99\x0b\x86\x90\x30\x0f\xa7\x11\xe9\x3d\x98\x54\x66\x8f\x01\x87\x06\x5e\x76\xe7\x11\x3a\xe7\x63\xc3\x0d\xdd\x86\x72\x0b\x55\x46\xa6\xc3\xc6\xf1\xc4\x3b\xc6\x7b\x14"},
+{{0x61,0x32,0x69,0x2a,0x5e,0xf2,0x7b,0xf4,0x76,0xb1,0xe9,0x91,0xe6,0xc4,0x31,0xa8,0xc7,0x64,0xf1,0xae,0xbd,0x47,0x02,0x82,0xdb,0x33,0x21,0xbb,0x7c,0xb0,0x9c,0x20,},{0x7a,0x2d,0x16,0x61,0x84,0xf9,0xe5,0xf7,0x3b,0xea,0x45,0x44,0x86,0xb0,0x41,0xce,0xb5,0xfc,0x23,0x14,0xa7,0xbd,0x59,0xcb,0x71,0x8e,0x79,0xf0,0xec,0x98,0x9d,0x84,},{0xeb,0x67,0x7f,0x33,0x47,0xe1,0xa1,0xea,0x92,0x9e,0xfd,0xf6,0x2b,0xf9,0x10,0x5a,0x6c,0x8f,0x49,0x93,0x03,0x3b,0x4f,0x6d,0x03,0xcb,0x0d,0xbf,0x9c,0x74,0x2b,0x27,0x07,0x04,0xe3,0x83,0xab,0x7c,0x06,0x76,0xbd,0xb1,0xad,0x0c,0xe9,0xb1,0x66,0x73,0x08,0x3c,0x96,0x02,0xec,0x10,0xae,0x1d,0xd9,0x8e,0x87,0x48,0xb3,0x36,0x44,0x0b,},"\xa9\xc0\x86\x16\x65\xd8\xc2\xde\x06\xf9\x30\x1d\xa7\x0a\xfb\x27\xb3\x02\x4b\x74\x4c\x6b\x38\xb2\x42\x59\x29\x4c\x97\xb1\xd1\xcb\x4f\x0d\xcf\x75\x75\xa8\xed\x45\x4e\x2f\x09\x80\xf5\x03\x13\xa7\x73\x63\x41\x51\x83\xfe\x96\x77\xa9\xeb\x1e\x06\xcb\x6d\x34\xa4\x67\xcb\x7b\x07\x58\xd6\xf5\x5c\x56\x4b\x5b\xa1\x56\x03\xe2\x02\xb1\x88\x56\xd8\x9e\x72\xa2\x3a\xb0\x7d\x88\x53\xff\x77\xda\x7a\xff\x1c\xae\xbd\x79\x59\xf2\xc7\x10\xef\x31\xf5\x07\x8a\x9f\x2c\xda\xe9\x26\x41\xa1\xcc\x5f\x74\xd0\xc1\x43\xec\x42\xaf\xba\xa5\xf3\x78\xa9\xe1\x0d\x5b\xf7\x45\x87\xfa\x5f\x49\xc1\x56\x23\x32\x47\xda\xfd\x39\x29\xac\xde\x88\x8d\xc6\x84\x33\x7e\x40\xcd\xc5\x93\x2e\x7e\xb7\x3f\xfc\xc9\x0b\x85\xc0\xad\x46\x04\x16\x69\x1a\xef\xbd\x7e\xfd\x07\xb6\x57\xc3\x50\x94\x6a\x0e\x36\x6b\x37\xa6\xc8\x08\x9a\xba\x5c\x5f\xe3\xbb\xca\x06\x4a\xfb\xe9\xd4\x7f\xbc\x83\x91\x4a\xf1\xcb\x43\xc2\xb2\xef\xa9\x8e\x0a\x43\xbe\x32\xba\x82\x32\x02\x00\x1d\xef\x36\x81\x72\x51\xb6\x5f\x9b\x05\x06\xce\xf6\x68\x36\x42\xa4\x6e\xd6\x12\xf8\xca\x81\xee\x97\xbb\x04\xd3\x17\xb5\x17\x34\x3a\xde\x2b\x77\x12\x6d\x1f\x02\xa8\x7b\x76\x04\xc8\x65\x3b\x67\x48\xcf\x54\x88\xfa\x6d\x43\xdf\x80\x9f\xaa\x19\xe6\x92\x92\xd3\x8c\x5d\x39\x7d\xd8\xe2\x0c\x7a\xf7\xc5\x33\x4e\xc9\x77\xf5\x01\x0a\x0f\x7c\xb5\xb8\x94\x79\xca\x06\xdb\x4d\x12\x62\x7f\x06\x7d\x6c\x42\x18\x6a\x6b\x1f\x87\x42\xf3\x6a\xe7\x09\xba\x72\x0e\x3c\xd8\x98\x11\x66\x66\xd8\x1b\x19\x0b\x9b\x9d\x2a\x72\x20\x2c\xb6\x90\xa0\x3f\x33\x10\x42\x9a\x71\xdc\x04\x8c\xde"},
+{{0xf2,0x19,0xb2,0x10,0x11,0x64,0xaa,0x97,0x23,0xbd,0xe3,0xa7,0x34,0x6f,0x68,0xa3,0x50,0x61,0xc0,0x1f,0x97,0x82,0x07,0x25,0x80,0xba,0x32,0xdf,0x90,0x3b,0xa8,0x91,},{0xf6,0x6b,0x92,0x0d,0x5a,0xa1,0xa6,0x08,0x54,0x95,0xa1,0x48,0x05,0x39,0xbe,0xba,0x01,0xff,0xe6,0x0e,0x6a,0x63,0x88,0xd1,0xb2,0xe8,0xed,0xa2,0x33,0x55,0x81,0x0e,},{0x17,0xf0,0x12,0x7c,0xa3,0xba,0xfa,0x5f,0x4e,0xe9,0x59,0xcd,0x60,0xf7,0x72,0xbe,0x87,0xa0,0x03,0x49,0x61,0x51,0x7e,0x39,0xa0,0xa1,0xd0,0xf4,0xb9,0xe2,0x6d,0xb1,0x33,0x6e,0x60,0xc8,0x2b,0x35,0x2c,0x4c,0xba,0xcd,0xbb,0xd1,0x17,0x71,0xc3,0x77,0x4f,0x8c,0xc5,0xa1,0xa7,0x95,0xd6,0xe4,0xf4,0xeb,0xd5,0x1d,0xef,0x36,0x77,0x0b,},"\x01\x55\x77\xd3\xe4\xa0\xec\x1a\xb2\x59\x30\x10\x63\x43\xff\x35\xab\x4f\x1e\x0a\x8a\x2d\x84\x4a\xad\xbb\x70\xe5\xfc\x53\x48\xcc\xb6\x79\xc2\x29\x5c\x51\xd7\x02\xaa\xae\x7f\x62\x73\xce\x70\x29\x7b\x26\xcb\x7a\x25\x3a\x3d\xb9\x43\x32\xe8\x6a\x15\xb4\xa6\x44\x91\x23\x27\x91\xf7\xa8\xb0\x82\xee\x28\x34\xaf\x30\x40\x0e\x80\x46\x47\xa5\x32\xe9\xc4\x54\xd2\xa0\xa7\x32\x01\x30\xab\x6d\x4d\x86\x00\x73\xa3\x46\x67\xac\x25\xb7\xe5\xe2\x74\x7b\xa9\xf5\xc9\x45\x94\xfb\x68\x37\x7a\xe2\x60\x36\x9c\x40\x71\x3b\x4e\x32\xf2\x31\x95\xbf\x91\xd3\xd7\xf1\xa2\x71\x9b\xf4\x08\xaa\xd8\xd8\xa3\x47\xb1\x12\xe8\x4b\x11\x88\x17\xcb\x06\x51\x33\x44\x02\x17\x63\x03\x52\x72\xa7\xdb\x72\x8a\x0c\xcd\xaa\x94\x9c\x61\x71\x5d\x07\x64\x14\x0b\x3e\x8c\x01\xd2\x0f\xf1\x59\x3c\x7f\x2d\x55\xc4\xe8\x2a\x1c\x0c\xb1\xea\x58\x44\x2b\xf8\x0a\x74\x1b\xca\x91\xf5\x8a\xb0\x58\x1b\x49\x8e\xe9\xfe\x3c\x92\xca\x65\x41\x48\xef\x75\x31\x35\x43\xd1\xaf\xf3\x82\xbe\xfe\x1a\x93\xb0\x21\x90\xce\x01\x02\x17\x51\x58\xe2\x07\x1d\x02\xba\xca\xd8\xdb\xe9\xfb\x94\x0f\xcb\x61\x0c\x10\x5a\xd5\x2c\x80\xfe\xb1\xec\x4e\x52\x4f\x4c\x0e\xc7\x98\x3e\x9c\xe6\x96\xfa\x4f\xcf\x4b\xf0\x51\x4b\x8f\x04\x32\xb1\x7d\x54\x48\xfc\x42\x6f\xea\x2b\x01\xac\x7b\x26\xc2\xae\xd7\x69\x92\x75\x34\xda\x22\x57\x6f\xc1\xbb\xa7\x26\xe9\xd6\x5b\xe0\x1b\x59\xf6\x0a\x64\x8a\xce\x2f\xc3\xe5\xe2\x75\x78\x9f\xa6\x37\xcb\xbd\x84\xbe\x3d\x6a\xc2\x44\x57\xa6\x29\x2c\xd6\x56\xc7\xb5\x69\xa5\x2f\xfe\xa7\x91\x6b\x8d\x04\xb4\xf4\xa7\x5b\xe7\xac\x95\x14\x2f"},
+{{0xfc,0x18,0x00,0x35,0xae,0xc0,0xf5,0xed,0xe7,0xbd,0xa9,0x3b,0xf7,0x7a,0xde,0x7a,0x81,0xed,0x06,0xde,0x07,0xee,0x2e,0x3a,0xa8,0x57,0x6b,0xe8,0x16,0x08,0x61,0x0a,},{0x4f,0x21,0x5e,0x94,0x8c,0xae,0x24,0x3e,0xe3,0x14,0x3b,0x80,0x28,0x2a,0xd7,0x92,0xc7,0x80,0xd2,0xa6,0xb7,0x50,0x60,0xca,0x1d,0x29,0x0c,0xa1,0xa8,0xe3,0x15,0x1f,},{0xa4,0x3a,0x71,0xc3,0xa1,0x9c,0x35,0x66,0x0d,0xae,0x6f,0x31,0xa2,0x54,0xb8,0xc0,0xea,0x35,0x93,0xfc,0x8f,0xca,0x74,0xd1,0x36,0x40,0x01,0x2b,0x9e,0x94,0x73,0xd4,0xaf,0xe0,0x70,0xdb,0x01,0xe7,0xfb,0x39,0x9b,0xf4,0xca,0x60,0x70,0xe0,0x62,0x18,0x00,0x11,0x28,0x5a,0x67,0xdd,0x68,0x58,0xb7,0x61,0xe4,0x6c,0x6b,0xd3,0x20,0x04,},"\xb5\xe8\xb0\x16\x25\x66\x4b\x22\x23\x39\xe0\xf0\x5f\x93\xa9\x90\xba\x48\xb5\x6a\xe6\x54\x39\xa1\x75\x20\x93\x2d\xf0\x11\x72\x1e\x28\x4d\xbe\x36\xf9\x86\x31\xc0\x66\x51\x00\x98\xa6\x8d\x7b\x69\x2a\x38\x63\xe9\x9d\x58\xdb\x76\xca\x56\x67\xc8\x04\x3c\xb1\x0b\xd7\xab\xba\xf5\x06\x52\x9f\xbb\x23\xa5\x16\x6b\xe0\x38\xaf\xfd\xb9\xa2\x34\xc4\xf4\xfc\xf4\x3b\xdd\xd6\xb8\xd2\xce\x77\x2d\xd6\x53\xed\x11\x5c\x09\x5e\x23\x2b\x26\x9d\xd4\x88\x8d\x23\x68\xcb\x1c\x66\xbe\x29\xdd\x38\x3f\xca\x67\xf6\x67\x65\xb2\x96\x56\x4e\x37\x55\x5f\x0c\x0e\x48\x45\x04\xc5\x91\xf0\x06\xea\x85\x33\xa1\x25\x83\xad\x2e\x48\x31\x8f\xf6\xf3\x24\xec\xaf\x80\x4b\x1b\xae\x04\xaa\x89\x67\x43\xe6\x7e\xf6\x1c\xa3\x83\xd5\x8e\x42\xac\xfc\x64\x10\xde\x30\x77\x6e\x3b\xa2\x62\x37\x3b\x9e\x14\x41\x94\x39\x55\x10\x1a\x4e\x76\x82\x31\xad\x9c\x65\x29\xef\xf6\x11\x8d\xde\x5d\xf0\x2f\x94\xb8\xd6\xdf\x2d\x99\xf2\x78\x63\xb5\x17\x24\x3a\x57\x9e\x7a\xaf\xf3\x11\xea\x3a\x02\x82\xe4\x7c\xa8\x76\xfa\xbc\x22\x80\xfc\xe7\xad\xc9\x84\xdd\x0b\x30\x88\x5b\x16\x50\xf1\x47\x1d\xfc\xb0\x52\x2d\x49\xfe\xc7\xd0\x42\xf3\x2a\x93\xbc\x36\x8f\x07\x60\x06\xea\x01\xec\x1c\x74\x12\xbf\x66\xf6\x2d\xc8\x8d\xe2\xc0\xb7\x47\x01\xa5\x61\x4e\x85\x5e\x9f\xa7\x28\xfb\x1f\x11\x71\x38\x5f\x96\xaf\xbd\xe7\x0d\xea\x02\xe9\xaa\x94\xdc\x21\x84\x8c\x26\x30\x2b\x50\xae\x91\xf9\x69\x3a\x18\x64\xe4\xe0\x95\xae\x03\xcd\xc2\x2a\xd2\x8a\x0e\xb7\xdb\x59\x67\x79\x24\x67\x12\xfa\xb5\xf5\xda\x32\x7e\xfe\xc3\xe7\x96\x12\xde\x0a\x6c\xca\xa5\x36\x75\x9b\x8e"},
+{{0xa2,0x83,0x6a,0x65,0x42,0x79,0x12,0x12,0x2d,0x25,0xdc,0xdf,0xc9,0x9d,0x70,0x46,0xfe,0x9b,0x53,0xd5,0xc1,0xbb,0x23,0x61,0x7f,0x11,0x89,0x0e,0x94,0xca,0x93,0xed,},{0x8c,0x12,0xbd,0xa2,0x14,0xc8,0xab,0xb2,0x28,0x6a,0xcf,0xfb,0xf8,0x11,0x24,0x25,0x04,0x0a,0xab,0x9f,0x4d,0x8b,0xb7,0x87,0x0b,0x98,0xda,0x01,0x59,0xe8,0x82,0xf1,},{0xe6,0xa9,0xa6,0xb4,0x36,0x55,0x9a,0x43,0x20,0xc4,0x5c,0x0c,0x2c,0x4a,0x2a,0xed,0xec,0xb9,0x0d,0x41,0x6d,0x52,0xc8,0x26,0x80,0xac,0x73,0x30,0xd0,0x62,0xae,0xbe,0xf3,0xe9,0xac,0x9f,0x2c,0x5f,0xfa,0x45,0x5c,0x9b,0xe1,0x13,0x01,0x3a,0x2b,0x28,0x2e,0x56,0x00,0xfd,0x30,0x64,0x35,0xad,0xa8,0x3b,0x1e,0x48,0xba,0x2a,0x36,0x05,},"\x81\x3d\x60\x61\xc5\x6e\xae\x0f\xf5\x30\x41\xc0\x24\x4a\xa5\xe2\x9e\x13\xec\x0f\x3f\xb4\x28\xd4\xbe\xb8\xa9\x9e\x04\xbc\xa8\xc4\x1b\xdd\xb0\xdb\x94\x5f\x48\x7e\xfe\x38\xf2\xfc\x14\xa6\x28\xfa\xfa\x24\x62\xf8\x60\xe4\xe3\x42\x50\xeb\x4e\x93\xf1\x39\xab\x1b\x74\xa2\x61\x45\x19\xe4\x1e\xe2\x40\x3b\xe4\x27\x93\x0a\xb8\xbc\x82\xec\x89\xce\xaf\xb6\x09\x05\xbd\x4d\xdb\xbd\x13\xbd\xb1\x96\x54\x31\x4f\xc9\x23\x73\x14\x0b\x96\x2e\x22\x58\xe0\x38\xd7\x1b\x9e\xc6\x6b\x84\xef\x83\x19\xe0\x35\x51\xcb\x70\x7e\x74\x7f\x6c\x40\xad\x47\x6f\xbe\xfd\xce\x71\xf3\xa7\xb6\x7a\x1a\xf1\x86\x9b\xc6\x44\x06\x86\xe7\xe0\x85\x5e\x4f\x36\x9d\x1d\x88\xb8\x09\x9f\xba\x54\x71\x46\x78\x62\x7b\xba\x1a\xff\x41\xe7\x70\x7b\xc9\x7e\xdd\xf8\x90\xb0\xc0\x8d\xce\x3e\x98\x00\xd2\x4c\x6f\x61\x09\x2c\xe2\x8d\x48\x1b\x5d\xea\x5c\x09\x6c\x55\xd7\x2f\x89\x46\x00\x91\x31\xfb\x96\x8e\x2b\xc8\xa0\x54\xd8\x25\xad\xab\x76\x74\x0d\xcf\x0d\x75\x8c\x8b\xf5\x4f\xf3\x86\x59\xe7\x1b\x32\xbf\xe2\xe6\x15\xaa\xab\xb0\xf5\x29\x30\x85\x64\x9c\xf6\x0b\x98\x47\xbc\x62\x01\x1c\xe3\x87\x8a\xf6\x28\x98\x4a\x58\x40\xa4\xad\x5d\xae\x37\x02\xdb\x36\x7d\xa0\xf8\xa1\x65\xfe\xd0\x51\x7e\xb5\xc4\x42\xb0\x14\x53\x30\x24\x1b\x97\xee\xca\x73\x3b\xa6\x68\x8b\x9c\x12\x9a\x61\xcd\x12\x36\xaf\xf0\xe2\x7b\xcf\x98\xc2\x8b\x0f\xbe\xea\x55\xa3\xd7\xc7\x19\x3d\x64\x4b\x27\x49\xf9\x86\xbd\x46\xaf\x89\x38\xe8\xfa\xae\xaf\xbd\x9c\xec\x36\x12\xab\x00\x5b\xd7\xc3\xee\xaf\xe9\xa3\x12\x79\xca\x61\x02\x56\x06\x66\xba\x16\x13\x6f\xf1\x45\x2f\x85\x0a\xdb"},
+{{0xf0,0x51,0xaf,0x42,0x6d,0x0c,0x32,0x82,0xfa,0xfc,0x8b,0xf9,0x12,0xad,0xe1,0xc2,0x42,0x11,0xa9,0x5a,0xd2,0x00,0xe1,0xee,0xf5,0x49,0x32,0x0e,0x1c,0xb1,0xa2,0x52,},{0xfa,0x87,0x95,0x5e,0x0e,0xa1,0x3d,0xde,0x49,0xd8,0x3d,0xc2,0x2e,0x63,0xa2,0xbd,0xf1,0x07,0x67,0x25,0xc2,0xcc,0x7f,0x93,0xc7,0x65,0x11,0xf2,0x8e,0x79,0x44,0xf2,},{0xb8,0xf7,0x13,0x57,0x8a,0x64,0x46,0x67,0x19,0xac,0xeb,0x43,0x2f,0xce,0x30,0x2a,0x87,0xcf,0x06,0x6b,0xf3,0xe1,0x02,0xa3,0x50,0x61,0x69,0x21,0xa8,0x40,0x96,0x4b,0xfc,0x7e,0x68,0x5d,0x8f,0xd1,0x74,0x55,0xac,0x3e,0xb4,0x86,0x1e,0xdc,0xb8,0x97,0x9d,0x35,0xe3,0xa4,0xbd,0x82,0xa0,0x78,0xcd,0x70,0x77,0x21,0xd7,0x33,0x40,0x0e,},"\xb4\x8d\x9f\x84\x76\x2b\x3b\xcc\x66\xe9\x6d\x76\xa6\x16\xfa\x8f\xe8\xe0\x16\x95\x25\x1f\x47\xcf\xc1\xb7\xb1\x7d\x60\xdc\x9f\x90\xd5\x76\xef\x64\xee\x7d\x38\x85\x04\xe2\xc9\x07\x96\x38\x16\x5a\x88\x96\x96\x47\x1c\x98\x9a\x87\x6f\x8f\x13\xb6\x3b\x58\xd5\x31\xfe\xa4\xdd\x12\x29\xfc\x63\x16\x68\xa0\x47\xbf\xae\x2d\xa2\x81\xfe\xae\x1b\x6d\xe3\xeb\xe2\x80\xab\xe0\xa8\x2e\xe0\x0f\xbf\xdc\x22\xce\x2d\x10\xe0\x6a\x04\x92\xff\x14\x04\xdf\xc0\x94\xc4\x0b\x20\x3b\xf5\x57\x21\xdd\x78\x7e\xd4\xe9\x1d\x55\x17\xaa\xf5\x8d\x3b\xdd\x35\xd4\x4a\x65\xae\x6b\xa7\x56\x19\xb3\x39\xb6\x50\x51\x8c\xef\xcc\x17\x49\x3d\xe2\x7a\x3b\x5d\x41\x78\x8f\x87\xed\xbd\xe7\x26\x10\xf1\x81\xbf\x06\xe2\x08\xe0\xeb\x7c\xdf\xe8\x81\xd9\x1a\x2d\x6c\xc7\x7a\xa1\x9c\x0f\xcf\x33\x0f\xed\xb4\x46\x75\xd8\x00\xeb\x8c\xff\x95\x05\xd8\x88\x75\x44\xa5\x03\xcb\xe3\x73\xc4\x84\x7b\x19\xe8\xf3\x99\x57\x26\xef\xd6\x64\x98\x58\x59\x5c\x57\xcc\xaf\x0c\xbc\x9e\xb2\x5d\xe8\x3b\xa0\x46\xbc\x9f\x18\x38\xac\x7b\x89\x53\xdd\x81\xb8\x1a\xc0\xf6\x8d\x0e\x93\x38\xcb\x55\x40\x25\x52\xaf\xb6\xbc\x16\x94\x93\x51\xb9\x26\xd1\x51\xa8\x2e\xfc\x69\x5e\x8d\x7d\xa0\xdd\x55\x09\x93\x66\x78\x97\x18\xcc\xbf\x36\x03\x0b\xd2\xc3\xc1\x09\x39\x9b\xe2\x6c\xdb\x8b\x9e\x2a\x15\x5f\x3b\x2c\xb1\xbf\xa7\x1a\xb6\x9a\x23\x62\x5a\x4a\xc1\x18\xfe\x91\xcb\x2c\x19\x78\x8c\xf5\x2a\x71\xd7\x30\xd5\x76\xb4\x21\xd9\x69\x82\xa5\x1a\x29\x91\xda\xec\x44\x0c\xda\x7e\x6c\xc3\x28\x2b\x83\x12\x71\x42\x78\xb8\x19\xbf\xe2\x38\x7e\xb9\x6a\xa9\x1d\x40\x17\x30\x34\xf4\x28"},
+{{0xa1,0x03,0xe9,0x26,0x72,0xc6,0x5f,0x81,0xea,0x5d,0xa1,0xff,0xf1,0xa4,0x03,0x87,0x88,0x47,0x9e,0x94,0x1d,0x50,0x3a,0x75,0x6f,0x4a,0x75,0x52,0x01,0xa5,0x7c,0x1d,},{0xee,0x63,0xa5,0xb6,0x96,0x41,0x21,0x7a,0xcb,0xaf,0x33,0x39,0xda,0x82,0x9e,0xc0,0x71,0xb9,0x93,0x1e,0x59,0x87,0x15,0x35,0x14,0xd3,0x01,0x40,0x83,0x7a,0x7a,0xf4,},{0x2a,0xa2,0x03,0x5c,0x2c,0xe5,0xb5,0xe6,0xae,0x16,0x1e,0x16,0x8f,0x3a,0xd0,0xd6,0x59,0x2b,0xcf,0x2c,0x4a,0x04,0x9d,0x3e,0xd3,0x42,0xfc,0xeb,0x56,0xbe,0x9c,0x7c,0xb3,0x72,0x02,0x75,0x73,0xae,0x01,0x78,0xe8,0x87,0x8e,0xbe,0xfc,0xa7,0xb0,0x30,0x32,0x7b,0x8a,0xad,0x41,0x85,0x7d,0xe5,0x8c,0xb7,0x8e,0x1a,0x00,0xcb,0xac,0x05,},"\xb1\x98\x4e\x9e\xec\x08\x5d\x52\x4c\x1e\xb3\xb9\x5c\x89\xc8\x4a\xe0\x85\xbe\x5d\xc6\x5c\x32\x6e\x19\x02\x5e\x12\x10\xa1\xd5\x0e\xdb\xbb\xa5\xd1\x37\x0c\xf1\x5d\x68\xd6\x87\xeb\x11\x32\x33\xe0\xfb\xa5\x0f\x94\x33\xc7\xd3\x58\x77\x39\x50\xc6\x79\x31\xdb\x82\x96\xbb\xcb\xec\xec\x88\x8e\x87\xe7\x1a\x2f\x75\x79\xfa\xd2\xfa\x16\x2b\x85\xfb\x97\x47\x3c\x45\x6b\x9a\x5c\xe2\x95\x66\x76\x96\x9c\x7b\xf4\xc4\x56\x79\x08\x5b\x62\xf2\xc2\x24\xfc\x7f\x45\x87\x94\x27\x3f\x6d\x12\xc5\xf3\xe0\xd0\x69\x51\x82\x4d\x1c\xca\x3e\x2f\x90\x45\x59\xed\x28\xe2\x86\x8b\x36\x6d\x79\xd9\x4d\xc9\x86\x67\xb9\xb5\x92\x42\x68\xf3\xe3\x9b\x12\x91\xe5\xab\xe4\xa7\x58\xf7\x70\x19\xda\xcb\xb2\x2b\xd8\x19\x6e\x0a\x83\xa5\x67\x76\x58\x83\x6e\x96\xca\x56\x35\x05\x5a\x1e\x63\xd6\x5d\x03\x6a\x68\xd8\x7a\xc2\xfd\x28\x3f\xdd\xa3\x90\x31\x99\x09\xc5\xcc\x76\x80\x36\x88\x48\x87\x3d\x59\x7f\x29\x8e\x0c\x61\x72\x30\x80\x30\xff\xd4\x52\xbb\x13\x63\x61\x7b\x31\x6e\xd7\xcd\x94\x9a\x16\x5d\xc8\xab\xb5\x3f\x99\x1a\xef\x3f\x3e\x95\x02\xc5\xdf\xe4\x75\x6b\x7c\x6b\xfd\xfe\x89\xf5\xe0\x0f\xeb\xdd\x6a\xfb\x04\x02\x81\x8f\x11\xcf\x8d\x1d\x58\x64\xfe\x9d\xa1\xb8\x6e\x39\xaa\x93\x58\x31\x50\x6c\xf2\x40\x0e\xa7\xed\x75\xbd\x95\x33\xb2\x3e\x20\x2f\xe8\x75\xd7\xd9\x63\x8c\x89\xd1\x1c\xb2\xd6\xe6\x02\x1a\xe6\xbd\x27\xc7\x75\x48\x10\xd3\x5c\xd3\xa6\x14\x94\xf2\x7b\x16\xfc\x79\x4e\x2c\xd2\xf0\xd3\x45\x3a\xda\x93\x38\x65\xdb\x78\xc5\x79\x57\x1f\x8f\xc5\xc5\xc6\xbe\x8e\xaf\xfc\xe6\xa8\x52\xe5\xb3\xb1\xc5\x24\xc4\x93\x13\xd4\x27\xab\xcb"},
+{{0xd4,0x7c,0x1b,0x4b,0x9e,0x50,0xcb,0xb7,0x1f,0xd0,0x7d,0x09,0x6d,0x91,0xd8,0x72,0x13,0xd4,0x4b,0x02,0x43,0x73,0x04,0x47,0x61,0xc4,0x82,0x2f,0x9d,0x9d,0xf8,0x80,},{0xf4,0xe1,0xcb,0x86,0xc8,0xca,0x2c,0xfe,0xe4,0x3e,0x58,0x59,0x4a,0x87,0x78,0x43,0x6d,0x3e,0xa5,0x19,0x70,0x4e,0x00,0xc1,0xbb,0xe4,0x8b,0xbb,0x1c,0x94,0x54,0xf8,},{0x62,0x7e,0x7c,0xa7,0xe3,0x4e,0xd6,0x33,0x1d,0x62,0xb9,0x54,0x1c,0x1e,0xa9,0xa9,0x29,0x2b,0xe7,0xb0,0xa6,0x5d,0x80,0x5e,0x26,0x6b,0x51,0x22,0x27,0x2a,0x82,0xdb,0x7d,0x76,0x5a,0xcc,0x7e,0x2a,0x29,0x0d,0x68,0x58,0x04,0x92,0x2f,0x91,0xed,0x04,0xa3,0xc3,0x82,0xc0,0x3f,0xf2,0x1a,0x17,0x68,0xf5,0x84,0x41,0x3c,0x4e,0x5f,0x00,},"\x88\xd7\x00\x9d\x51\xde\x3d\x33\x7e\xef\x0f\x21\x5e\xa6\x6a\xb8\x30\xec\x5a\x9e\x68\x23\x76\x1c\x3b\x92\xad\x93\xea\x34\x1d\xb9\x2e\xce\x67\xf4\xef\x4c\xeb\x84\x19\x4a\xe6\x92\x6c\x3d\x01\x4b\x2d\x59\x78\x1f\x02\xe0\xb3\x2f\x9a\x61\x12\x22\xcb\x9a\x58\x50\xc6\x95\x7c\xb8\x07\x9a\xe6\x4e\x08\x32\xa1\xf0\x5e\x5d\x1a\x3c\x57\x2f\x9d\x08\xf1\x43\x7f\x76\xbb\x3b\x83\xb5\x29\x67\xc3\xd4\x8c\x35\x76\x84\x88\x91\xc9\x65\x8d\x49\x59\xeb\x80\x65\x6d\x26\xcd\xba\x08\x10\x03\x7c\x8a\x18\x31\x8f\xf1\x22\xf8\xaa\x89\x85\xc7\x73\xcb\x31\x7e\xfa\x2f\x55\x7f\x1c\x38\x96\xbc\xb1\x62\xdf\x5d\x87\x68\x1b\xb7\x87\xe7\x81\x3a\xa2\xde\xa3\xb0\xc5\x64\xd6\x46\xa9\x28\x61\xf4\x44\xca\x14\x07\xef\xba\xc3\xd1\x24\x32\xcb\xb7\x0a\x1d\x0e\xaf\xfb\x11\x74\x1d\x37\x18\xfe\xde\xe2\xb8\x30\x36\x18\x9a\x6f\xc4\x5a\x52\xf7\x4f\xa4\x87\xc1\x8f\xd2\x64\xa7\x94\x5f\x6c\x9e\x44\xb0\x11\xf5\xd8\x66\x13\xf1\x93\x9b\x19\xf4\xf4\xfd\xf5\x32\x34\x05\x7b\xe3\xf0\x05\xad\x64\xee\xbf\x3c\x8f\xfb\x58\xcb\x40\x95\x6c\x43\x36\xdf\x01\xd4\x42\x4b\x70\x6a\x0e\x56\x1d\x60\x17\x08\xd1\x24\x85\xe2\x1b\xcb\x6d\x79\x9d\x8d\x1d\x04\x4b\x40\x00\x64\xec\x09\x44\x50\x14\x06\xe7\x02\x53\x94\x70\x06\xca\xbb\xdb\x2d\xd6\xbd\x8c\xee\x44\x97\x65\x3d\x91\x13\xa4\x4d\x4d\xe9\xb6\x8d\x4c\x52\x6f\xca\x0b\x9b\x0c\x18\xfe\x50\xfb\x91\x7f\xdd\x9a\x91\x4f\xb8\x16\x10\x8a\x73\xa6\xb3\xff\xf9\xe6\x54\xe6\x9c\x9c\xfe\x02\xb0\x5c\x6c\x1b\x9d\x15\xc4\xe6\x5c\xf3\x10\x18\xb8\x10\x0d\x78\x46\x33\xee\x18\x88\xee\xe3\x57\x2a\xaf\xa6\xf1\x89\xea\x22\xd0"},
+{{0xfc,0x0c,0x32,0xc5,0xeb,0x6c,0x71,0xea,0x08,0xdc,0x2b,0x30,0x0c,0xbc,0xef,0x18,0xfd,0xde,0x3e,0xa2,0x0f,0x68,0xf2,0x17,0x33,0x23,0x7b,0x4d,0xda,0xab,0x90,0x0e,},{0x47,0xc3,0x7d,0x8a,0x08,0x08,0x57,0xeb,0x87,0x77,0xa6,0xc0,0xa9,0xa5,0xc9,0x27,0x30,0x3f,0xaf,0x5c,0x32,0x09,0x53,0xb5,0xde,0x48,0xe4,0x62,0xe1,0x2d,0x00,0x62,},{0x68,0x87,0xc6,0xe2,0xb9,0x8a,0x82,0xaf,0x5e,0xe3,0xdf,0xa7,0xca,0x2c,0xb2,0x5d,0x9c,0x10,0x74,0x56,0x20,0xa8,0x29,0x56,0xac,0xba,0x85,0xcb,0x57,0xc8,0xec,0x24,0x27,0x9f,0xa4,0x2f,0x09,0x23,0x59,0xa1,0xb6,0xbb,0xea,0xfb,0xa0,0x50,0xf1,0x4b,0x62,0x88,0x20,0x9e,0x6e,0xf7,0xbc,0x1e,0x0a,0x2b,0x87,0x2c,0x11,0x38,0xf3,0x05,},"\xa7\xb1\xe2\xdb\x6b\xdd\x96\xb3\xd5\x14\x75\x60\x35\x37\xa7\x6b\x42\xb0\x4d\x7e\xbd\x24\xfe\x51\x5a\x88\x76\x58\xe4\xa3\x52\xe2\x21\x09\x33\x56\x39\xa5\x9e\x25\x34\x81\x1f\x47\x53\xb7\x02\x09\xd0\xe4\x69\x8e\x9d\x92\x60\x88\x82\x6c\x14\x68\x96\x81\xea\x00\xfa\x3a\x2f\xca\xa0\x04\x7c\xed\x3e\xf2\x87\xe6\x17\x25\x02\xb2\x15\xe5\x64\x97\x61\x4d\x86\xb4\xcb\x26\xbc\xd7\x7a\x2e\x17\x25\x09\x36\x0e\xe5\x88\x93\xd0\x1c\x0d\x0f\xb4\xd4\xab\xfe\x4d\xbd\x8d\x2a\x2f\x54\x19\x0f\xa2\xf7\x31\xc1\xce\xac\x68\x29\xc3\xdd\xc9\xbf\xb2\xff\xd7\x0c\x57\xba\x0c\x2b\x22\xd2\x32\x6f\xbf\xe7\x39\x0d\xb8\x80\x9f\x73\x54\x7f\xf4\x7b\x86\xc3\x6f\x2b\xf7\x45\x4e\x67\x8c\x4f\x1c\x0f\xa8\x70\xbd\x0e\x30\xbb\xf3\x27\x8e\xc8\xd0\xc5\xe9\xb6\x4a\xff\x0a\xf6\x4b\xab\xc1\x9b\x70\xf4\xcf\x9a\x41\xcb\x8f\x95\xd3\xcd\xe2\x4f\x45\x6b\xa3\x57\x1c\x8f\x02\x1d\x38\xe5\x91\xde\xc0\x5c\xb5\xd1\xca\x7b\x48\xf9\xda\x4b\xd7\x34\xb0\x69\xa9\xfd\x10\x65\x00\xc1\xf4\x08\xab\x7f\xe8\xe4\xa6\xe6\xf3\xed\x64\xda\x0e\xd2\x4b\x01\xe3\x3d\xf8\x47\x5f\x95\xfa\x9e\xd7\x1d\x04\xdd\x30\xb3\xcd\x82\x37\x55\xa3\x40\x1b\xf5\xaf\xae\x10\xee\x7e\x18\xec\x6f\xe6\x37\xc3\x79\x3f\xd4\x34\xb4\x8d\x71\x45\x13\x04\x47\xe0\x02\x99\x10\x10\x52\x55\x8b\x50\x65\x54\xec\x9c\x39\x9f\x62\x94\x1c\x3f\x41\x4c\xbc\x35\x2c\xaa\x34\x5b\x93\x0a\xde\xcf\xad\xda\xc9\x1e\xe5\x3d\x14\x51\xa6\x5e\x06\x20\x10\x26\x32\x5d\xe0\x7c\x93\x1f\x69\xbb\xa8\x68\xa7\xc8\x7e\xe2\x3c\x60\x4e\xc6\x79\x43\x32\x91\x7d\xfe\x2c\x5b\x69\x66\x9b\x65\x97\x06\x91\x7f\x71\xed\xdf\x96"},
+{{0xa8,0xd7,0x3d,0x63,0x9a,0x23,0xcc,0x6a,0x96,0x7e,0xf3,0x1b,0xca,0xbb,0x5d,0x06,0x3e,0x53,0xe1,0xea,0xb8,0xfc,0xc7,0xca,0xb9,0xbc,0x3a,0x17,0xfd,0xe9,0xc2,0xf8,},{0x8d,0xaa,0x9f,0x4c,0x8b,0x1a,0x44,0x69,0x1b,0xf4,0x45,0x21,0xf2,0xf7,0xca,0x45,0xdc,0x7f,0xc6,0x1f,0x6a,0x4c,0xe6,0xf9,0x8f,0xaa,0x41,0xc2,0xa7,0x49,0x77,0xd1,},{0xc4,0xdc,0xef,0x1a,0x24,0x53,0x93,0x9b,0x36,0x4b,0x34,0x02,0x50,0xc3,0x12,0x94,0x31,0x43,0x1d,0x5b,0xa3,0xf4,0x76,0x70,0xab,0x07,0xce,0x68,0x0c,0x69,0xbf,0x28,0xb6,0x78,0x62,0x7c,0x76,0xa6,0x36,0x0f,0xc4,0x0d,0xc1,0x09,0xaa,0x7d,0xea,0x37,0x1b,0x82,0x5e,0x46,0x13,0x4f,0x62,0x45,0x72,0x18,0x2a,0xcf,0x39,0x57,0xe7,0x0f,},"\xfd\x1f\xac\x3d\x53\x31\x3b\x11\xac\xd2\x9f\x5a\x83\xac\x11\x89\x6d\xab\x25\x30\xfa\x47\x86\x5b\x22\x95\xc0\xd9\x9d\xd6\x7c\x36\xed\x8e\x5f\xa5\x49\x15\x0c\x79\x4c\x55\x49\xef\xb5\xc1\xd6\x91\x14\xd5\xd6\x07\xb2\x32\x85\xb7\x21\x2a\xfa\xab\x57\x84\x6a\x54\xae\x67\xb9\xe8\x80\xe0\x7b\x65\x86\x60\x7c\xec\xf6\xd4\xee\xd5\x16\xa3\xa7\x55\x11\xfe\x36\x7d\x88\xeb\x87\x1e\x6d\x71\xb7\xd6\xaa\x13\x67\xa0\x14\x21\xb1\x08\x8f\xc2\xd7\x5e\x44\x95\x4b\x73\x62\x5c\x52\xda\x8a\x3a\x18\x3c\x60\xbe\x9d\xa6\x05\x0f\x59\xa4\x53\xca\xa5\x35\x20\x59\x36\x71\x72\x8d\x43\x18\x77\xbf\xaa\xc9\x13\xa7\x65\xfb\x6a\x56\xb7\x52\x90\xb2\xa8\xaa\xac\x34\xaf\xb9\x21\x7b\xa1\xb0\xd5\x85\x0b\xa0\xfd\xab\xf8\x09\x69\xde\xf0\xfe\xee\x79\x4c\xeb\x60\x61\x4e\x33\x68\xe6\x3e\xf2\x0e\x4c\x32\xd3\x41\xec\x9b\x03\x28\xea\x9f\xe1\x39\x20\x7e\xd7\xa6\x26\xff\x08\x94\x3b\x41\x52\x33\xdb\x7c\xfc\xc8\x45\xc9\xb6\x31\x21\xd4\xed\x52\xec\x37\x48\xab\x6a\x1f\x36\xb2\x10\x3c\x7d\xc7\xe9\x30\x3a\xce\xa4\xba\x8a\xf7\xa3\xe0\x71\x84\xfb\x49\x1e\x89\x1e\xde\x84\xf0\xdc\x41\xca\xdc\x39\x73\x02\x8e\x87\x9a\xcd\x20\x31\xaf\xc2\x9a\x16\x09\x28\x68\xe2\xc7\xf5\x39\xfc\x1b\x79\x2e\xda\xb1\x95\xa2\x5a\xb9\x83\x06\x61\x34\x6b\x39\xef\x53\x91\x5d\xe4\xaf\x52\xc4\x21\xea\xf1\x72\xe9\xda\x76\xa0\x8c\x28\x3a\x52\xdf\x90\x7f\x70\x5d\x7e\x85\x99\xc5\xba\xae\x0c\x2a\xf3\x80\xc1\xbb\x46\xf9\x34\x84\xa0\x3f\x28\x37\x43\x24\xb2\x78\x99\x2b\x50\xb7\xaf\xa0\x25\x52\xca\xfa\x50\x3f\x03\x4f\x8d\x86\x6e\x9b\x72\x02\x71\xdd\x68\xcc\xb6\x85\xa8\x5f\xff\xd1"},
+{{0x79,0xc7,0xdc,0xb7,0xd5,0x9a,0x8d,0xf6,0xb2,0xb2,0xba,0x04,0x13,0x05,0x9d,0x89,0x68,0x09,0x95,0xc2,0x0e,0x91,0x6d,0xa0,0x1b,0x8f,0x06,0x7d,0xc6,0x0c,0xde,0xb4,},{0x29,0x87,0x43,0xc7,0x39,0x18,0xbd,0x55,0x6b,0x28,0xf8,0xd4,0x82,0x4a,0x09,0xb8,0x14,0x75,0x2a,0x7a,0xea,0xe7,0xee,0x04,0x87,0x5c,0x53,0xf4,0xd6,0xb1,0x08,0xd9,},{0x7b,0x7c,0xbe,0x44,0xc7,0x71,0xe4,0x37,0x1b,0xae,0x13,0xb0,0x72,0x2b,0xab,0xcc,0x10,0x64,0x15,0x57,0x32,0x96,0x2f,0x40,0x7c,0xba,0x2a,0xcd,0x35,0x38,0x1d,0x42,0x21,0x0b,0xec,0xe8,0x22,0xf4,0x68,0x11,0x21,0xfd,0x4d,0xab,0x74,0x5a,0x1f,0x30,0x77,0x92,0x2f,0xba,0x1a,0x78,0x04,0x5b,0x71,0x29,0x02,0xba,0xcc,0xac,0x66,0x0e,},"\x5f\xe2\x02\xf5\xb3\x3b\x77\x88\x81\x0d\x25\x08\xa1\x3b\x31\x14\xd6\x9b\x85\x96\xe6\xea\xcd\xa0\x5a\x04\xa2\xeb\x59\x7f\xa3\x27\x9c\x20\x8b\x5a\x5b\x65\xda\xac\xb6\x99\xf1\x44\xe1\xd6\x60\xe7\x8e\x13\x9b\x57\x83\x31\xab\xec\x5c\x3c\x35\x33\x44\x54\xf0\x3e\x83\x2c\x8d\x6e\x29\x84\xdf\x5d\x45\x0e\xcb\x5d\x33\x58\x2a\x78\x80\x8a\x9c\x78\xf2\x6e\xbc\xd1\x24\x4e\xf5\x2e\x3f\xa6\xdc\xa1\x15\xc1\xf0\xcb\x56\xe3\x8e\xae\x0e\x5b\x39\xf5\xfd\x86\x3d\xff\xd0\xb2\xfb\x5b\x95\x8f\x2d\x73\x9d\xb3\x12\xfc\x66\x7a\x17\xb0\x31\xc4\xc9\xf8\xc5\xa2\xad\x57\x79\x84\xcc\x41\x46\xc4\x37\x58\x0e\xfd\x21\x52\x17\x3f\xe0\xd5\x78\x2c\xc2\xae\x98\x31\xa8\xd9\xa0\x41\x77\x25\x60\x18\xff\x76\x31\xe0\xb0\xd8\xa9\x9c\xb2\x8f\x00\x8b\x32\x04\x21\xe2\x7a\x74\xc3\x13\x59\x18\x86\x63\x45\x6d\x85\xe0\x98\xc1\xeb\xd2\x81\x70\x10\x97\xb6\xae\x5a\x87\x1e\x5c\xcc\x02\x05\x8a\x50\x14\x16\xcb\x91\xc1\x2c\xef\x5b\xe6\xf1\x91\x43\x70\xe5\x63\xf1\xa1\xb2\xaa\x41\xf4\xb8\xee\x84\xcd\x32\xa1\xd5\x09\xe5\x29\x78\x7d\x14\xa4\x45\x43\x8d\x80\x7e\xcd\x62\x0e\x2f\xa2\x6d\xe0\xda\x64\x26\x86\x47\x84\xd4\xa2\x8f\x54\x10\x3e\x60\x92\x83\xb9\x9e\xe9\xb2\xb6\x99\xc9\x80\xbb\xb7\x88\x2c\x3e\xa6\x8d\xdc\x90\x80\x2a\xc2\x32\xf2\xc8\xe8\x42\x91\x98\x7b\xf3\xc5\x24\x09\x21\xb5\x9c\xfa\x21\x49\x69\x31\x76\x73\xd0\xbe\x7f\x34\xb1\xca\x0e\x15\xea\x73\xc7\x17\x54\x01\xce\x55\x0b\xe1\x06\xb4\x9e\x62\xf8\xdb\x68\x69\x5e\x74\x0e\x0f\x3a\x35\x56\xa1\x9f\x3c\x8e\x6b\x91\xac\x1c\xc2\x3e\x86\x3f\xcd\x0f\x0d\x9e\xb7\x04\x7a\xa6\x31\xe0\xd2\xeb\x9b\xcc\x6b"},
+{{0xb9,0xce,0xd0,0x41,0x25,0x93,0xfe,0xfe,0xd9,0x5e,0x94,0xac,0x96,0x5e,0x5b,0x23,0xff,0x9d,0x4b,0x0e,0x79,0x7d,0xb0,0x2b,0xf4,0x97,0x99,0x4d,0x3b,0x79,0x3e,0x60,},{0xc1,0x62,0x9a,0x72,0x31,0x89,0x95,0x93,0x37,0xf5,0x53,0x52,0x01,0xe5,0xd3,0x95,0xba,0x0a,0x03,0xea,0x8c,0x17,0x66,0x0d,0x0f,0x8b,0x6f,0x6e,0x64,0x04,0xbb,0x12,},{0xf1,0xb7,0x97,0xde,0xd8,0xa6,0x94,0x2b,0x12,0x62,0x68,0x48,0x34,0x0f,0xb7,0x19,0xfc,0xdd,0xaf,0xd9,0x8f,0x33,0xe2,0x99,0x2d,0x35,0x7b,0xfd,0xd3,0x59,0x33,0xc7,0xac,0x56,0x1e,0x5b,0x2f,0x93,0x94,0x64,0x33,0x8c,0x56,0x66,0x85,0x4c,0xa8,0x85,0xc4,0xd0,0x46,0xeb,0x2c,0x54,0xe4,0x8a,0x1b,0x5e,0xd2,0x66,0xad,0x34,0xde,0x05,},"\x55\x5b\xb3\x9c\x18\x99\xd5\x7c\xab\xe4\x28\x06\x4c\x2d\x92\x5f\x5f\xc4\xcf\x70\x59\xb9\x5f\xb8\x9a\x8e\x9e\x3a\x7e\x42\x6c\x6c\x92\x2d\x9e\x4d\x76\x98\x4e\xa2\x38\x3c\xab\xb4\xf2\xbe\xfd\x89\xc1\xf2\x0e\xaa\x8a\x00\xdb\xe7\x87\xcf\xa7\x0a\xe2\xae\x6a\xa9\x03\x31\xcb\xbe\x58\x0f\xa5\xa0\x21\x84\xed\x05\xe6\xc8\xe8\x9d\x57\x6a\xf2\x8a\xee\xaf\x7c\x4e\x25\x00\xf3\x58\xa0\x09\x71\xa0\xa7\x59\x20\xe8\x54\x84\x9b\xf3\x32\x14\x29\x75\x40\x4f\x59\x8c\x32\xe9\x69\x82\x04\x3d\x99\x2b\xcd\x1a\x4f\xe8\x19\xbb\x56\x34\xad\x03\x46\x7a\xfc\x4c\xe0\x50\x73\xf8\x8b\xa1\xba\x4a\xe8\x65\x3a\x04\x66\x5c\xf3\xf7\x16\x90\xfe\x13\x34\x38\x85\xbc\x5e\xbc\x0e\x5e\x62\xd8\x82\xf4\x3b\x7c\x68\x90\x0a\xc9\x43\x8b\xf4\xa8\x1c\xe9\x01\x69\xec\x12\x9e\xe6\x3e\x2c\x67\x5a\x1a\x5a\x67\xe2\x7c\xc7\x98\xc4\x8c\xc2\x3f\x51\x07\x8f\x46\x3b\x3b\x7c\xc1\x4e\x3b\xcf\xd2\xe9\xb8\x2c\x75\x24\x09\x34\xcb\xdc\x50\xc4\x30\x8f\x28\x2f\x19\x31\x22\x99\x56\x06\xf4\x01\x35\x10\x0a\x29\x1c\x55\xaf\xdf\x89\x34\xeb\x8b\x61\xd8\x14\x21\x67\x41\x24\xde\xc3\xb8\x8f\x9a\x73\x11\x0a\x9e\x61\x6f\x5b\x82\x6b\x9d\x34\x3f\x3a\xc0\xe9\xd7\xbd\xf4\xfd\x8b\x64\x8b\x40\xf0\x09\x8b\x38\x97\xa3\xa1\xcd\x65\xa6\x45\x70\x05\x9b\x8b\xc5\xc6\x74\x38\x83\x07\x4c\x88\x62\x3c\x1f\x5a\x88\xc5\x89\x69\xe2\x1c\x69\x2a\xca\x23\x68\x33\xd3\x47\x0b\x3e\xb0\x98\x15\xe1\x13\x8e\x9d\x06\x50\xc3\x90\xee\xe9\x77\x42\x21\x93\xb0\x09\x18\xbe\x8a\x97\xcc\x61\x99\xb4\x51\xb0\x5b\x57\x30\xd1\xd1\x33\x58\xcf\x74\x61\x06\x78\xf7\xac\x7f\x78\x95\xcc\x2e\xfc\x45\x6e\x03\x87\x3b"},
+{{0x81,0xda,0x16,0x8f,0x02,0xd4,0x6b,0xb8,0x7c,0xda,0x84,0x5d,0xa4,0x3f,0x8a,0x6c,0xba,0x2c,0x01,0x68,0x78,0xd6,0xf4,0x9c,0x6f,0x06,0x1a,0x60,0xf1,0x55,0xa0,0x4a,},{0xaf,0xf8,0x6e,0x98,0x09,0x3c,0xa4,0xc7,0x1b,0x1b,0x80,0x4c,0x5f,0xe4,0x51,0xcf,0xdf,0x86,0x82,0x50,0xde,0xa3,0x03,0x45,0xfa,0x4b,0x89,0xbb,0x09,0xb6,0xa5,0x3b,},{0x4a,0xac,0xa9,0x47,0xe3,0xf2,0x2c,0xc8,0xb8,0x58,0x8e,0xe0,0x30,0xac,0xe8,0xf6,0xb5,0xf5,0x71,0x1c,0x29,0x74,0xf2,0x0c,0xc1,0x8c,0x3b,0x65,0x5b,0x07,0xa5,0xbc,0x13,0x66,0xb5,0x9a,0x17,0x08,0x03,0x2d,0x12,0xca,0xe0,0x1a,0xb7,0x94,0xf8,0xcb,0xcc,0x1a,0x33,0x08,0x74,0xa7,0x50,0x35,0xdb,0x1d,0x69,0x42,0x2d,0x2f,0xc0,0x0c,},"\x6b\xc6\x72\x6a\x34\xa6\x4a\xae\x76\xab\x08\xc9\x2b\x17\x9e\x54\xff\x5d\x2e\x65\xeb\x2c\x6c\x65\x9a\xe8\x70\x3c\xc2\x45\xcb\xc2\xcf\x45\xa1\x2b\x22\xc4\x68\xae\x61\xfd\x9a\x66\x27\xad\x06\x26\xc9\xb1\xe5\xaf\x41\x2c\xb4\x83\xea\xee\x1d\xb1\x1b\x29\xf0\xa5\x10\xc1\x3e\x38\x02\x0e\x09\xae\x0e\xee\x76\x25\x37\xa3\xe9\xd1\xa0\xc7\xb0\x33\xd0\x97\xfd\xc1\xf4\xf8\x26\x29\xa9\xde\x9e\xf3\x8d\xa1\xcf\x96\xa9\x40\x35\x7d\x5f\x2e\x0e\x7e\x8d\xbc\x29\xdb\x72\x8a\x1e\x6a\xad\x87\x6e\x5e\x05\x31\x13\xd0\x64\x20\x27\x2b\x87\xcf\x0c\x40\xdf\xe0\x3a\x54\x4d\xe9\x6c\x7a\xea\x13\xba\x00\x29\xb5\x7b\x48\xd9\x9d\xcc\x6a\x65\x04\x92\xd7\x8c\x4c\xdd\x1b\x28\xe1\xa1\x15\xa7\xe3\xe7\xa7\xcb\x21\x33\x3d\x4f\xf8\x08\x58\xdf\xb6\x77\x82\xc1\x63\x54\xb8\x71\x65\x96\x56\x0d\x7d\x8e\x38\x9e\xb1\x5a\x05\x2a\x0b\xf5\xd1\x6e\xb5\x4f\xb3\xe4\x97\x3a\xd4\x98\x4e\x72\xa1\x87\xf5\x34\x7d\x5b\x26\x2c\x32\xb1\x64\x7e\x42\xb6\xa5\x38\x37\x09\x6c\xc7\x8c\x2a\x05\xce\x1c\x6e\x12\x49\x3a\x03\xf1\xa6\x67\x58\x4c\xb9\x7f\x4f\xcd\x57\xee\x94\x4c\x65\xb7\xee\xd2\x5f\x7a\xe0\xf3\xf6\xce\xde\x17\x3f\xdf\xac\xf5\xaf\x1d\xb1\x43\x73\x0d\x18\x09\x66\x64\x91\x4b\xa4\xcf\xc6\x96\x6f\x39\x20\x22\x78\x1c\x66\xa9\x41\x7c\xa2\x68\x0b\x51\xf6\x3e\x4f\xba\x42\x4e\xcf\xdb\xc6\xa2\xf0\x17\x87\xd0\xe7\x48\x4f\x8a\x8a\xb3\x90\xae\xaa\x6d\x1f\x7e\xd3\x25\xd8\x2f\xea\xa1\x69\x2a\x49\x84\xfa\xe4\x3d\xa8\x73\x29\xb0\x45\xda\x8f\x0a\x4f\x56\xb6\x95\xaa\x93\x5d\xe1\x52\xce\x03\x85\x15\x37\x20\x97\x9a\x2b\x70\x06\xd4\x05\xfc\xb0\xfb\xa0\x9e\x23\xb8\x5f\xd1\x9b"},
+{{0xaf,0x2e,0x60,0xda,0x0f,0x29,0xbb,0x16,0x14,0xfc,0x3f,0x19,0x3c,0xc3,0x53,0x33,0x19,0x86,0xb7,0x3f,0x3f,0x9a,0x0a,0xec,0x94,0x21,0xb9,0x47,0x3d,0x6a,0x4b,0x6a,},{0xc8,0xbf,0xe2,0x83,0x58,0x22,0x19,0x9c,0x61,0x27,0xb8,0x06,0xfa,0xbe,0xef,0x0c,0xb9,0xff,0x59,0xf3,0xc8,0x1f,0xf0,0xcb,0x89,0xc5,0x56,0xf5,0x51,0x06,0xaf,0x6a,},{0x50,0xf9,0xf9,0x41,0xa8,0xda,0x9f,0x62,0x40,0xf7,0x6d,0x2f,0xa3,0xb0,0x6d,0xd6,0xb2,0x29,0x2e,0xd3,0x2d,0x1c,0x05,0x21,0x80,0x97,0xd3,0x4d,0x8a,0x19,0xdf,0xe5,0x53,0xf7,0x6a,0xe3,0xc6,0xb4,0xa2,0xed,0x20,0x85,0x21,0x28,0x46,0x15,0x40,0xde,0xcf,0x41,0x8f,0x52,0xd3,0x8e,0x64,0x03,0x7e,0xec,0x77,0x71,0xbd,0x1a,0xfe,0x00,},"\x7d\xbb\x77\xb8\x8b\xda\x94\xf3\x44\x41\x6a\x06\xb0\x96\x56\x6c\x6e\x8b\x39\x39\x31\xa8\x24\x3a\x6c\xab\x75\xc3\x61\xfd\xe7\xdc\x53\x6a\xec\x40\xcd\xed\x83\x29\x6a\x89\xe8\xc3\xbe\xf7\xd7\x87\xcf\xc4\x94\x01\xa7\xb9\x18\x3f\x13\x8d\x50\x00\x61\x9f\xf0\x73\xc0\x5e\x2f\x84\x1d\x60\x08\x35\x8f\x10\xa2\xda\x7d\xcf\xac\x3d\x4d\x70\xc2\x0d\x2e\xc3\x4c\x7b\x6d\x5c\xd1\xa7\x34\xd6\xbb\xb1\x1c\x5f\xd8\xd2\xbc\xe3\x2a\xc8\x10\xef\x82\xb4\x18\x8a\xa8\xea\x3c\xfc\x30\x32\x23\x3d\xc0\xe2\x60\x0e\x9d\xb6\xe1\x8b\xc2\x2b\x10\x04\x4a\x31\xc1\x5b\xac\xea\xf5\x55\x4d\xe8\x9d\x2a\x34\x66\x80\x7f\x24\x44\x14\xd0\x80\xff\x29\x63\x95\x6c\x6e\x83\xc8\xe1\x44\xed\x00\x66\x08\x8b\x47\x6d\xdc\xb5\x64\x40\x34\x47\xd9\x15\x9f\x90\x89\xab\xa2\xb4\xd5\x57\x5c\x4d\x8a\xe6\x6f\xc8\x69\x0e\x73\x49\xed\x40\x83\x2e\x63\x69\xc0\x24\x56\x3e\xc4\x93\xbf\xcc\x0f\xc9\xac\x78\x7a\xc8\x41\x39\x7f\xe1\x33\x16\x72\x83\xd8\x0c\x42\xf0\x06\xa9\x9d\x39\xe8\x29\x79\xda\x3f\xa9\x33\x4b\xd9\xed\xe0\xd1\x4b\x41\xb7\x46\x6b\xce\xbb\xe8\x17\x1b\xc8\x04\xa6\x45\xd3\x72\x32\x74\xa1\xb9\x2b\xf8\x2f\xd9\x93\x35\x87\x44\xde\x92\x44\x19\x03\xd4\x36\xfd\x47\xf2\x3d\x40\x05\x2a\x38\x29\x36\x7f\x20\x2f\x05\x53\xb5\xe4\x9b\x76\xc5\xe0\x3f\xa6\xce\x7c\x3c\xf5\xee\xb2\x1d\xe9\x67\xbe\xc4\xdd\x35\x59\x25\x38\x4e\xbf\x96\x69\x7e\x82\x37\x62\xba\xc4\xd4\x3a\x76\x7c\x24\x1a\x4c\xef\x72\x4a\x97\x0d\x00\xff\x3a\x8a\xb3\xb8\x3e\xed\x84\x00\x75\xc7\x4e\x90\xf3\x06\xe3\x30\x01\x32\x60\x96\x21\x61\xe9\xd0\x91\x0d\xe1\x83\x62\x2c\xe9\xa6\xb8\xd5\x14\x42\x80\x55\x0f\xc7"},
+{{0x60,0x5f,0x90,0xb5,0x3d,0x8e,0x4a,0x3b,0x48,0xb9,0x7d,0x74,0x54,0x39,0xf2,0xa0,0x80,0x7d,0x83,0xb8,0x50,0x2e,0x8e,0x29,0x79,0xf0,0x3e,0x8d,0x37,0x6a,0xc9,0xfe,},{0xaa,0x3f,0xae,0x4c,0xfa,0x6f,0x6b,0xfd,0x14,0xba,0x0a,0xfa,0x36,0xdc,0xb1,0xa2,0x65,0x6f,0x36,0x54,0x1a,0xd6,0xb3,0xe6,0x7f,0x17,0x94,0xb0,0x63,0x60,0xa6,0x2f,},{0xdd,0x02,0x12,0xe6,0x32,0x88,0xcb,0xe1,0x4a,0x45,0x69,0xb4,0xd8,0x91,0xda,0x3c,0x7f,0x92,0x72,0x7c,0x5e,0x7f,0x9a,0x80,0x1c,0xf9,0xd6,0x82,0x70,0x85,0xe7,0x09,0x5b,0x66,0x9d,0x7d,0x45,0xf8,0x82,0xca,0x5f,0x07,0x45,0xdc,0xcd,0x24,0xd8,0x7a,0x57,0x18,0x13,0x20,0x19,0x1e,0x5b,0x7a,0x47,0xc3,0xf7,0xf2,0xdc,0xcb,0xd7,0x07,},"\x3b\xcd\xca\xc2\x92\xac\x95\x19\x02\x4a\xae\xce\xe2\xb3\xe9\x99\xff\x5d\x34\x45\xe9\xf1\xeb\x60\x94\x0f\x06\xb9\x12\x75\xb6\xc5\xdb\x27\x22\xed\x4d\x82\xfe\x89\x60\x52\x26\x53\x0f\x3e\x6b\x07\x37\xb3\x08\xcd\xe8\x95\x61\x84\x94\x4f\x38\x8a\x80\x04\x2f\x6c\xba\x27\x4c\x0f\x7d\x11\x92\xa0\xa9\x6b\x0d\xa6\xe2\xd6\xa6\x1b\x76\x51\x8f\xbe\xe5\x55\x77\x3a\x41\x45\x90\xa9\x28\xb4\xcd\x54\x5f\xcc\xf5\x81\x72\xf3\x58\x57\x12\x0e\xb9\x6e\x75\xc5\xc8\xac\x9a\xe3\xad\xd3\x67\xd5\x1d\x34\xac\x40\x34\x46\x36\x0e\xc1\x0f\x55\x3e\xa9\xf1\x4f\xb2\xb8\xb7\x8c\xba\x18\xc3\xe5\x06\xb2\xf0\x40\x97\x06\x3a\x43\xb2\xd3\x64\x31\xcc\xe0\x2c\xaf\x11\xc5\xa4\xdb\x8c\x82\x17\x52\xe5\x29\x85\xd5\xaf\x1b\xfb\xf4\xc6\x15\x72\xe3\xfa\xda\xe3\xad\x42\x4a\xcd\x81\x66\x2e\xa5\x83\x7a\x11\x43\xb9\x66\x93\x91\xd7\xb9\xcf\xe2\x30\xcf\xfb\x3a\x7b\xb0\x3f\x65\x91\xc2\x5a\x4f\x01\xc0\xd2\xd4\xac\xa3\xe7\x4d\xb1\x99\x7d\x37\x39\xc8\x51\xf0\x32\x7d\xb9\x19\xff\x6e\x77\xf6\xc8\xa2\x0f\xdd\x3e\x15\x94\xe9\x2d\x01\x90\x1a\xb9\xae\xf1\x94\xfc\x89\x3e\x70\xd7\x8c\x8a\xe0\xf4\x80\x00\x1a\x51\x5d\x4f\x99\x23\xae\x62\x78\xe8\x92\x72\x37\xd0\x5d\xb2\x3e\x98\x4c\x92\xa6\x83\x88\x2f\x57\xb1\xf1\x88\x2a\x74\xa1\x93\xab\x69\x12\xff\x24\x1b\x9f\xfa\x66\x2a\x0d\x47\xf2\x92\x05\xf0\x84\xdb\xde\x84\x5b\xaa\xeb\x5d\xd3\x6a\xe6\x43\x9a\x43\x76\x42\xfa\x76\x3b\x57\xe8\xdb\xe8\x4e\x55\x81\x3f\x01\x51\xe9\x7e\x5b\x9d\xe7\x68\xb2\x34\xb8\xdb\x15\xc4\x96\xd4\xbf\xcf\xa1\x38\x87\x88\x97\x2b\xb5\x0c\xe0\x30\xbc\x6e\x0c\xcf\x4f\xa7\xd0\x0d\x34\x37\x82\xf6\xba\x8d\xe0"},
+{{0x9e,0x2c,0x3d,0x18,0x98,0x38,0xf4,0xdd,0x52,0xef,0x08,0x32,0x88,0x68,0x74,0xc5,0xca,0x49,0x39,0x83,0xdd,0xad,0xc0,0x7c,0xbc,0x57,0x0a,0xf2,0xee,0x9d,0x62,0x09,},{0xf6,0x8d,0x3b,0x81,0xe7,0x35,0x57,0xee,0x1f,0x08,0xbd,0x2d,0x3f,0x46,0xa4,0x71,0x82,0x56,0xa0,0xf3,0xcd,0x8d,0x2e,0x03,0xeb,0x8f,0xe8,0x82,0xaa,0xb6,0x5c,0x69,},{0x38,0xa3,0x1b,0x6b,0x46,0x50,0x84,0x73,0x82,0x62,0xa2,0x6c,0x06,0x5f,0xe5,0xd9,0xe2,0x88,0x6b,0xf9,0xdd,0x35,0xcd,0xe0,0x5d,0xf9,0xba,0xd0,0xcc,0x7d,0xb4,0x01,0xc7,0x50,0xaa,0x19,0xe6,0x60,0x90,0xbc,0xe2,0x5a,0x3c,0x72,0x12,0x01,0xe6,0x05,0x02,0xc8,0xc1,0x04,0x54,0x34,0x66,0x48,0xaf,0x06,0x5e,0xab,0x0e,0xe7,0xd8,0x0f,},"\x19\x48\x5f\x52\x38\xba\x82\xea\xdf\x5e\xff\x14\xca\x75\xcd\x42\xe5\xd5\x6f\xea\x69\xd5\x71\x8c\xfb\x5b\x1d\x40\xd7\x60\x89\x9b\x45\x0e\x66\x88\x45\x58\xf3\xf2\x5b\x7c\x3d\xe9\xaf\xc4\x73\x8d\x7a\xc0\x9d\xa5\xdd\x46\x89\xbb\xfa\xc0\x78\x36\xf5\xe0\xbe\x43\x2b\x1d\xdc\xf1\xb1\xa0\x75\xbc\x98\x15\xd0\xde\xbc\x86\x5d\x90\xbd\x5a\x0c\x5f\x56\x04\xd9\xb4\x6a\xce\x81\x6c\x57\x69\x4e\xcc\x3d\x40\xd8\xf8\x4d\xf0\xed\xe2\xbc\x4d\x57\x77\x75\xa0\x27\xf7\x25\xde\x08\x16\xf5\x63\xfa\x88\xf8\x8e\x07\x77\x20\xeb\xb6\xac\x02\x57\x46\x04\x81\x98\x24\xdb\x74\x74\xd4\xd0\xb2\x2c\xd1\xbc\x05\x76\x8e\x0f\xb8\x67\xca\x1c\x1a\x7b\x90\xb3\x4a\xb7\xa4\x1a\xfc\x66\x95\x72\x66\xac\x0c\x91\x59\x34\xaa\xf3\x1c\x0c\xf6\x92\x7a\x4f\x03\xf2\x32\x85\xe6\xf2\x4a\xfd\x58\x13\x84\x9b\xb0\x8c\x20\x3a\xc2\xd0\x33\x6d\xcb\xf8\x0d\x77\xf6\xcf\x71\x20\xed\xfb\xcd\xf1\x81\xdb\x10\x7e\xc8\xe0\x0f\x32\x44\x9c\x1d\x3f\x5c\x04\x9a\x92\x69\x4b\x4e\xa2\xc6\xeb\xe5\xe2\xb0\xf6\x4b\x5a\xe5\x0a\xd3\x37\x4d\x24\x6b\x32\x70\x05\x7e\x72\x4a\x27\xcf\x26\x3b\x63\x3a\xb6\x5e\xcb\x7f\x5c\x26\x6b\x80\x07\x61\x8b\x10\xac\x9a\xc8\x3d\xb0\xfe\xbc\x04\xfd\x86\x3d\x96\x61\xab\x6e\x58\x49\x47\x66\xf7\x1b\x9a\x86\x7c\x5a\x7a\x45\x55\xf6\x67\xc1\xaf\x2e\x54\x58\x8f\x16\x2a\x41\xce\x75\x64\x07\xcc\x41\x61\xd6\x07\xb6\xe0\x68\x29\x80\x93\x4c\xaa\x1b\xef\x03\x6f\x73\x30\xd9\xee\xf0\x1e\xcc\x55\x35\x83\xfe\xe5\x99\x4e\x53\x3a\x46\xca\x91\x6f\x60\xf8\xb9\x61\xae\x01\xd2\x0f\x7a\xbf\x0d\xf6\x14\x1b\x60\x4d\xe7\x33\xc6\x36\xb4\x20\x18\xcd\x5f\x1d\x1e\xf4\xf8\x4c\xee\x40\xfc"},
+{{0x31,0x01,0x0d,0x1d,0x67,0xeb,0x61,0x63,0x48,0xe8,0x47,0x92,0xb9,0x2d,0x5d,0xc1,0x28,0x55,0x3c,0xb5,0x2f,0x63,0x68,0x15,0x9f,0xe7,0xb8,0x16,0xcd,0x0e,0x7c,0x37,},{0x26,0x65,0x43,0xd9,0x67,0x87,0xca,0x90,0x1f,0xcf,0xf0,0x6e,0x6e,0x43,0x44,0x91,0xae,0x09,0x70,0x88,0x0a,0x5a,0x18,0x7d,0x53,0x5e,0xdb,0x19,0xdb,0x5c,0xab,0xeb,},{0x7b,0x1e,0xb6,0x77,0xc3,0xe5,0xe6,0xa8,0xb4,0xba,0x69,0xfc,0xb7,0xf6,0xb1,0x87,0x0e,0x42,0xa8,0xd5,0x89,0x58,0xa3,0x5c,0x67,0x4e,0x2d,0xb8,0x21,0x07,0x48,0x1c,0x4c,0x7b,0x37,0xf0,0xf6,0x89,0xd3,0x9d,0x9f,0x51,0xe1,0x81,0xb1,0x7b,0x11,0x08,0xc1,0x5a,0x3e,0x27,0xb2,0x9d,0xf3,0xa4,0x31,0x5d,0xcc,0x4f,0xaf,0x12,0x22,0x05,},"\x39\xf8\x9a\x5e\x7a\xa5\x30\xb5\x46\x3d\x49\x8f\x80\x35\xb9\x90\x9d\x55\xda\x52\x7c\xdb\xd4\xde\x6d\x22\x83\x79\xf0\x89\xe6\x08\xa9\x20\x7a\x2c\x5b\x9c\x42\x05\x1a\x60\xc8\xca\x3f\xb9\x7a\x1c\x06\xcd\x74\x7d\x9d\x07\x39\x97\x0c\xeb\x88\xce\x52\x6f\x97\x11\x40\xea\x2e\xc2\x1f\x09\x0b\xa0\x75\xbf\x89\x75\xfa\xa5\x08\xb1\xcc\x10\xef\xa4\x94\xdc\x17\x2e\x6d\x3d\x3f\x3f\x75\xdc\x8e\x0e\x96\xf0\x5c\x0c\xcc\xb2\xf9\x6e\x91\x1c\xfa\x7a\x2c\x82\xc9\x84\x50\x18\xbb\x1f\x9d\x75\xf8\x2e\x3d\xfe\x11\x39\x34\x7b\x2a\xc0\x58\xb0\x14\xac\x93\x76\x0c\x90\xf5\x56\x7a\xb5\xc4\xeb\xa0\x4b\x49\xfb\x09\xdd\xad\xd3\x05\xbe\x51\x1d\xfe\x05\xc9\x6e\xbc\x86\xfd\x67\xb5\xd0\xab\x57\xd8\x5f\x4f\xe5\xe2\xf0\xfa\x9d\x88\xa6\x8f\x0f\x6b\x6b\xc8\xbb\x94\x4e\xb3\xc0\xb1\x75\x57\xe5\x5d\x5e\xa1\x87\xd9\x22\xa4\x28\x13\xe6\x90\x57\xc9\xb6\xa7\xf7\x5e\x49\x92\x1b\x70\x79\xe5\x8f\x8a\x63\x71\x9e\xe3\xe1\xad\x10\xcf\x0e\x8a\x70\xc4\xf1\x54\x02\x18\xb7\x04\x94\xbd\x02\x9e\xe0\x2f\xf9\x72\x7a\x7d\x85\xd3\x77\x91\x9e\xc4\x05\x14\x79\xb7\x0f\x7c\xd6\x76\x77\x23\xfe\x42\xc1\xc7\x89\x9c\x2b\x7c\x1f\x70\x2d\xd6\xb4\xd1\x3b\x67\x2d\x48\x8f\x34\xa0\xe9\x69\xdb\x79\xcc\x2c\xb2\x52\x4a\x94\x8a\x8d\xe4\xc5\xb6\x23\xec\xd9\x0d\x6e\x82\xd9\x70\x33\xc1\x25\x63\x7d\x1c\xd8\xc8\x48\x03\xd8\xfb\xc0\x12\x84\x6f\xfe\x48\x4f\x6c\x02\x14\x92\x58\xf9\x46\x2f\xa1\xe9\x9c\x30\x7d\xd0\x06\x2f\xe0\xb6\xf1\x1e\xee\x40\xc2\x62\x9e\xf7\xc0\xf6\xa5\x10\x72\x59\xea\x5b\x9f\xfb\x6f\x29\xf1\x2c\x32\xf7\xb5\x22\x8c\xab\xc9\x86\xab\x66\x45\x0a\xf9\xdc\xc3\xda\x09\xd0\xe0\xb9\xa4"},
+{{0x8f,0xf2,0x39,0x8c,0xd5,0x1f,0x51,0xd4,0xc2,0xc5,0x78,0x69,0xa2,0x21,0x8b,0x84,0x86,0x82,0x20,0x31,0xf4,0x00,0x72,0x9f,0x4a,0xc4,0xd5,0x90,0x9c,0x48,0xba,0xfe,},{0xa5,0xa8,0x87,0x04,0xb6,0x86,0x77,0xbe,0x3d,0x16,0xc3,0xdc,0x00,0x52,0xcf,0xee,0x6e,0x2b,0x30,0xe0,0x86,0x09,0x05,0x9d,0x4c,0xba,0x52,0xc6,0xd9,0x60,0x61,0xfb,},{0x41,0x7a,0x64,0x78,0x29,0xc9,0x28,0x98,0xe5,0x20,0xff,0x53,0x11,0xda,0xa0,0xa1,0x39,0xcd,0x8f,0xff,0xcb,0x25,0xa1,0x8e,0x6d,0x9b,0x50,0xcb,0x52,0xcb,0xc3,0x54,0x24,0xc3,0x9e,0xbb,0xb5,0xd5,0xac,0x6a,0x6d,0x63,0xf1,0xf5,0x3c,0x4d,0xf2,0x12,0xf7,0x02,0x5a,0x8a,0xae,0xf8,0xe3,0x64,0x93,0xc8,0x74,0xc3,0xce,0x34,0x1a,0x0e,},"\x99\x39\x53\xe4\x7a\x34\x11\x88\xbc\x59\x29\x42\xe1\x55\x7a\xf2\x95\x46\xe4\xe9\x36\x8e\x2f\x1a\x5e\xe9\x80\x6e\x2b\xaf\x66\xb6\x19\x01\x91\xfc\x5d\x2b\x7e\x47\xde\x37\xff\x05\x4f\xb2\xbb\xb1\xf0\x31\x68\x4a\xda\x5d\x60\x7a\xdd\xa3\xd6\x54\x33\x12\x2f\xa9\x04\xe0\x45\x6f\xaa\x84\x10\x9b\xbc\x51\x7f\x8a\xd3\x96\x60\x87\x63\x82\xad\xcf\xed\x0f\x76\x20\xcf\x11\x64\x62\x2e\xac\xd9\x1e\xb3\x7a\x85\x96\x46\x2e\xbe\x9e\xbe\x26\xbd\xc1\xe3\x2c\xc3\x4a\xd4\x6f\xb1\xce\xa4\x20\xe7\x3c\x31\x21\x54\x08\xe6\xd3\x54\x25\xf4\x4a\x82\x9b\x13\x2f\x63\x1a\x3f\x6d\xd4\xb8\x73\xa0\x00\x66\x7e\x19\xeb\x22\xff\xfd\x59\x03\xaa\xa7\xd4\xc8\xfd\xf2\x19\x53\xc3\xc6\x17\x8f\x5f\x8c\xb2\xaa\x6b\xff\x92\x89\x4e\xad\x83\x58\x88\xdf\x06\x0a\x3c\x90\x43\x02\x6e\x0e\x2c\xef\x27\x54\x97\xe7\xd1\x05\xdf\x3b\x64\x4a\x98\xf2\x6b\xf0\x01\x05\xc9\x94\x13\xee\x0a\xf8\x85\x19\x54\xd6\x5c\xeb\x8d\x79\xad\x30\x71\xb8\xbb\x87\xf0\xb1\x97\x43\xd2\x55\x6f\xfd\x98\x19\x83\x0b\x6e\xeb\xf7\xec\xc7\xe0\x45\x66\x1f\x43\x57\x0c\xe9\xfd\xbb\xe2\xd2\x52\x40\x6f\xa9\x0d\x04\x23\x6f\x22\x2c\x42\x9e\xc1\x6b\x12\x87\x22\x4a\xda\x1a\x53\x21\x61\xae\x8b\x48\x1b\xca\xb8\xd4\x7a\xfb\x3e\xd0\x44\x5b\x30\x60\xfd\x67\x59\x17\x98\x56\xf4\x08\x5c\x1e\x58\x5f\xd7\xc1\x40\x97\x99\xaf\x69\x3c\xf4\x27\xbd\x1d\x3d\xc1\x0b\x5a\xe3\x44\x7a\x8d\x2a\x18\xdc\x3a\x12\xa6\x86\x0b\x22\x17\x5d\xd5\xeb\x53\xa0\x95\x04\x32\xe2\xd7\xae\xfe\xce\x8a\xf0\xad\xe3\xd8\x56\x77\x43\xde\x43\x69\x0f\x2d\x25\x37\x23\xc5\xd7\xe4\x8b\xd3\x0d\x29\x37\x59\x37\x01\xce\xcd\xe9\x15\x4b\x76\x65\xcb\x61\x1d\x7d"},
+{{0xef,0x81,0x6c,0x8f,0x5e,0xc3,0x4e,0xf4,0x1f,0x68,0x83,0x1d,0x90,0xcd,0x29,0xe5,0x2d,0xe8,0x97,0x37,0x82,0xd0,0x03,0xee,0x4e,0xda,0xda,0x2a,0xda,0x26,0x91,0xd6,},{0x47,0xf9,0xb3,0x63,0xa8,0x8a,0x45,0x05,0x3a,0x05,0xbb,0x72,0x16,0x08,0x52,0xbf,0xe8,0xf7,0xdf,0xef,0xc2,0xf3,0x72,0x83,0xde,0x34,0x67,0x52,0xca,0xf0,0x92,0xcc,},{0x65,0xc5,0xd1,0x0e,0xa7,0xbf,0xdb,0xb3,0x8d,0x55,0x36,0x4a,0x99,0x68,0xf8,0x2b,0x54,0x82,0x24,0xdf,0xf3,0x36,0x3b,0x2d,0xdc,0xf5,0x85,0x16,0x3d,0xea,0x27,0xdc,0x63,0xb0,0x56,0x3e,0xb1,0xa8,0xdf,0xbe,0xe9,0x51,0xd3,0xc9,0xb3,0x3f,0xcd,0x6b,0xbf,0x09,0x21,0xc3,0xab,0xb2,0x17,0x86,0xb2,0x29,0x06,0x9b,0xd9,0xca,0x00,0x0a,},"\x95\x93\xc3\x5c\xde\xc5\x35\xbe\xbb\x69\x65\xda\x68\xea\xb0\xb6\x46\xbf\xfc\xfb\xd0\x48\x83\xbc\x4c\xef\x90\xd5\xd0\x1f\x01\x8c\x63\xc9\xb0\xdd\xfb\x3c\xef\x5e\x78\x62\x84\xd5\x21\x8c\xaa\xaf\x06\x0e\x92\x88\x95\x2f\x16\x30\x1e\xd8\xa4\xc1\xbc\xee\x25\x63\x56\xa0\xc8\xbd\xa3\x59\xfb\xaa\x27\x82\xb1\x0c\x86\xd1\x8e\x20\xf7\xa0\xec\x99\xb2\x7a\x0b\x4d\xbe\xfc\x0a\x26\x2a\x3b\xf6\x8f\xe8\x14\x44\xdc\xae\x5f\x69\x3e\xb0\xf1\x6e\x6e\xe0\x3f\x8f\xcb\xf3\xa3\x39\x81\x46\xd2\x0e\xc4\xd2\x65\x77\x61\xfd\x03\x20\xfe\xe7\xea\x70\x3c\x49\xa6\xa5\x43\xbc\x9b\xba\x91\x1e\x79\x25\x03\x87\x10\xe8\xc3\x65\x52\xd4\x76\xd6\x02\x7f\x58\xb2\xc5\x2b\xa5\x1a\xd6\x5e\xa4\xf0\x39\xc7\x8f\x96\xb8\x89\x10\x2b\xb4\xbd\xd6\x9b\x68\xe9\xc3\xd4\x5b\x51\x76\xa2\xd8\x2b\x0b\x95\xdc\x32\x10\x16\x37\x0d\xae\x30\xc3\x93\x65\x15\xdb\x04\x64\xc4\x17\x74\x30\x1c\x74\xe4\x2d\x89\xb8\xbf\x4b\x9c\x19\xed\x55\x4b\x12\xfe\xba\xc0\xf6\x0d\xdb\x32\x19\xcc\xc5\x60\x35\x31\xdb\xf2\xeb\x5f\x29\x34\x25\xd7\x2c\xce\xfa\x0c\x7f\x14\x4a\xba\x89\x34\x7b\x29\x6b\xe8\x7f\xf1\x89\x94\xb4\xa0\xc7\x0c\x93\x0f\x05\x93\x03\xb5\xdd\x4c\x8f\xe1\xe6\xbb\xc3\xcd\x68\xc6\xc0\xd8\x42\x46\xdc\x6e\x61\x40\xa2\xab\xd1\x78\x0b\x13\xf1\x59\x4a\x60\x19\xd1\x77\x8b\x7c\xbb\x3a\x3e\x3a\x34\xbf\xae\x72\x97\xf0\xb3\xed\xc3\x76\x94\x1c\x32\x35\x2a\x4b\xe3\x14\xb8\x4a\x9d\x8d\x6d\x7f\x1f\x38\xa0\xad\x37\x98\x02\x0a\xa2\xa3\x31\xa4\x02\xbe\x9c\x70\x44\x84\x74\x4a\x73\x0c\xbd\xed\xcb\x90\x4b\x6f\xde\x70\x8f\xbd\x14\xbf\xdc\x29\xef\xd4\x61\xd1\xd0\xb5\x82\x5d\xe0\xbc\x79\x42\x2b\x69\xa2\x72\x2f"},
+{{0x45,0xeb,0x0c,0x4d,0xfa,0xfa,0x2a,0x76,0x90,0xef,0x57,0x9c,0x09,0x54,0x56,0xce,0xed,0xcd,0x32,0xf0,0xb6,0x14,0x4d,0x0c,0x38,0x0f,0x87,0xfb,0x74,0x4a,0x0b,0x1f,},{0xfc,0x85,0x63,0x2c,0x98,0x38,0x4b,0x5f,0x96,0x82,0xae,0xd9,0xcd,0x66,0x4c,0xf1,0xf4,0x8e,0x58,0x8b,0xe2,0xd5,0x68,0xe5,0xc7,0x34,0x49,0x4d,0xf4,0xc7,0x12,0xb8,},{0x55,0x85,0x1d,0xe8,0xe1,0x09,0x2f,0x78,0x94,0x4f,0x6c,0x6d,0xd9,0x5b,0xf0,0x7e,0x2d,0xbc,0x8d,0xf7,0xf5,0x7a,0xd5,0x76,0x82,0x9b,0x97,0x8e,0x3a,0xf5,0x8a,0x7a,0x8e,0x94,0xed,0x4d,0xcc,0xbc,0x01,0x82,0x46,0x7e,0xdf,0x0b,0xad,0x4b,0xae,0x7c,0xa8,0x4a,0xa9,0xa0,0xc1,0x7c,0x61,0xa9,0xe0,0xdd,0xff,0x1d,0x75,0x25,0xd7,0x04,},"\x6f\x66\xd8\x47\x40\x5a\x03\xd7\xbd\x6f\x8d\x28\x97\xdb\xdf\x04\xe7\x6d\x7d\xf2\xd9\x47\x0a\x49\x96\xb7\xdd\x6d\xb8\x85\x00\xf8\xf4\xf8\x3e\x96\x0e\x21\x9a\x24\x86\xe2\x45\x45\xad\xd1\x36\x14\x55\x04\x14\xd8\x27\xc4\x1a\x9b\x08\x31\x8d\xaf\x01\xb1\x52\x14\xc6\x4a\x42\x66\xcb\xf8\xa5\x71\x7a\xda\x3e\x62\xc2\x67\x29\x07\x3e\x16\xdd\xbd\x66\xf2\xd5\x20\xe1\xe0\x99\x35\xde\x05\xe4\xdb\x11\xc3\x96\xd4\x77\x01\x0a\xec\x66\xaa\xfb\x76\x2e\x69\x23\x8d\x0b\x9e\x76\xb4\x52\x45\x4b\xf9\xe4\x51\xe7\x6a\xc7\x9e\x69\x90\xd4\x1b\x93\x2b\xc3\x29\x17\x09\x37\x83\xc9\x1b\xc9\xcf\x0b\xbe\x3b\x51\x40\x70\xa1\xe6\x92\xff\x34\xfd\x06\xb6\x6e\xa1\x1f\x39\xe1\x0a\xf9\x33\xee\x96\xd8\xe9\xb6\x77\xcb\x03\x73\x7e\x79\x64\xee\xaa\x72\x5f\x12\x12\x07\xf9\xc1\xb2\x6a\x96\xc6\x16\xdf\x7c\xb7\xca\xef\x47\xbd\xa9\x01\x36\x8f\xf2\xea\x58\x6e\x42\x2e\x65\xbf\x21\xa6\x91\xbd\xd2\xc1\x3e\x67\xff\xf5\x8c\xfb\xfe\xd8\x17\x82\x04\x9d\xaf\xa0\xf7\x27\xdf\x88\x62\x3f\x2f\x7e\x8f\x26\x2d\xaf\x93\x95\x42\xa1\x87\xb8\x72\x0a\x9b\x6b\x2b\x09\x89\x0e\x54\x87\x6b\x28\xa4\x38\x74\xab\xbe\x3b\xfa\x98\x1f\x81\x38\xb7\x72\xc5\xd5\x17\x36\x88\x5f\x86\xac\xac\x22\x15\xa0\xb0\x10\xdf\xc2\xc6\xb1\x50\x84\x5d\x4f\x82\x96\x25\x25\x86\xa3\xe1\x15\xf3\x03\xc3\xd8\xa5\x82\xe2\x0f\xd2\xd4\x3f\x6c\x44\x6e\x5d\x00\x28\x0e\xc1\x79\x82\x3b\x7f\xb4\xc1\xb0\xfe\xb9\x4e\xb4\xef\x17\x07\xf5\x18\x4e\x3b\x52\x46\x1a\x75\x62\xd1\xf3\x07\xcb\x75\x1c\xdb\xbf\x6e\xae\x49\xff\xae\x91\x86\x23\x58\xe7\x4e\x95\x48\x82\x2b\x8a\x04\x9f\xec\x6b\xf4\xc7\xa9\x9c\xab\xbe\x09\x20\x65\x77\xb6\x57\xe3\x1f"},
+{{0x70,0x9d,0x2e,0x19,0x90,0x06,0xf5,0x36,0x9a,0x7a,0x0b,0xdd,0x34,0xe7,0x4d,0xc7,0x84,0xbe,0x33,0x88,0x0e,0xa3,0xc5,0xdd,0x10,0xed,0x5c,0x94,0x45,0x1e,0x79,0x72,},{0x06,0xf9,0x89,0x20,0x2b,0xa2,0xcb,0xc9,0xc1,0x50,0xbe,0x61,0x12,0x62,0xac,0xa0,0x0c,0x45,0xf0,0x12,0xf8,0x9f,0xba,0xf8,0x9f,0x8c,0xec,0xcb,0xa0,0xb1,0x93,0x4a,},{0x62,0x9b,0xf9,0x7b,0x0c,0x78,0xee,0x6a,0x9c,0x87,0x59,0xfb,0xea,0x28,0x22,0x4e,0x27,0xab,0xbb,0x6c,0xbe,0x4d,0xea,0x5b,0xb7,0x97,0xe6,0xe0,0xfe,0x80,0xc9,0x13,0xf9,0x53,0xe3,0xa9,0xb6,0x23,0x35,0x2d,0x13,0xac,0xf4,0xce,0x62,0x50,0xfb,0x02,0x9a,0x1e,0x19,0x8d,0x72,0xbd,0x5e,0x74,0x02,0xe6,0x0e,0x9e,0x48,0xca,0x35,0x01,},"\x62\xf0\x03\x14\x0f\xa0\x9e\x03\x87\xd1\x87\xa0\xff\x96\xc4\x56\x3d\xf9\xf4\xe2\x8c\x22\x82\xc0\x18\x3a\xc3\xee\xde\x13\x12\x35\x49\x21\xf7\x80\xfc\xa5\x36\x1d\x30\x68\xd2\x99\x49\x63\x0b\x75\x30\xcd\x59\x14\xac\xe0\x46\x8d\x01\x4b\x6f\x53\xd8\x39\xb8\x2e\x38\x81\x7d\xbf\x2d\x83\x92\xc3\xce\x34\x24\xea\xb8\x6a\x24\xd8\x04\xc7\xac\xb1\xce\x7a\xcf\xe0\xa1\xcd\xa4\x39\x39\x24\x28\x31\x05\xda\x4a\x77\x41\x19\x6e\x02\x75\x50\x04\x7f\x85\xb7\xa0\xa0\x1d\x45\x41\x24\xef\xc0\xe2\x99\xf0\xef\x9a\xd1\x43\x50\x54\x30\x53\x48\x22\x61\x52\x8b\xaa\x56\xe6\x59\x99\xac\x80\x2c\x00\xa3\x36\x26\x7c\x63\x51\x06\xb2\x64\x03\xc1\x9f\x39\x1d\x53\xbd\x82\x86\x1d\x6d\x48\xa4\x38\x0b\x30\x43\xaa\x91\xd6\x49\x53\x68\x81\x20\x4e\xcc\xb0\xde\x20\xd4\x3e\x5a\x37\x55\xb7\xf6\x00\x91\x6e\xcc\xae\x42\xa0\xc9\x05\x3b\x46\x2d\x94\x17\xa1\x3d\x67\xd7\x78\x26\x4a\x89\x6e\x8e\xaf\x90\xba\xf6\x6d\x29\xe5\x43\x8a\x71\x67\x81\x12\x3a\x89\xfa\x9b\x8b\xee\xf9\x1d\x96\x5a\xf2\xf4\xa1\xa5\xbd\x5d\x2e\x2a\xaf\x46\xd5\xc9\x4b\x77\x09\xcd\xd3\x8d\x05\xfe\xee\x4b\xfb\x76\xa3\x59\x07\x7c\x16\xbc\x4b\xe9\x11\x6e\x69\x00\x12\x71\xcd\xa5\x65\xbc\x19\xbf\x47\xd4\xf9\x86\xbd\x9c\x0d\x18\x4c\xd8\xa3\x52\x0c\xa1\xbd\xb4\xb5\x05\xaa\xf7\xcb\x4e\xc9\xf9\x47\x89\x77\x9d\x30\x71\x4e\x79\x11\x6d\xd5\x01\x9d\x59\xb2\x8b\x17\xda\xd9\x6f\x4e\x21\x55\xad\x9c\x61\x27\x4a\xdd\xc6\xb6\x38\x10\x95\x04\xe9\xed\x19\xf4\xed\xa5\x37\x77\x62\x64\x8c\x40\x98\x22\x4e\x33\x91\x04\x3e\x4c\x2a\xd5\x91\x65\x4c\x9e\x7f\x97\x4e\xfd\xf0\xb0\x50\x4b\x6f\xa5\xf6\x46\xce\xcf\x44\xcd\x37\x24\x12\x37\x25\x05"},
+{{0x51,0x51,0x61,0x74,0x21,0xaa,0xdc,0x9c,0x95,0xa4,0x42,0xb4,0x5e,0x7f,0xf6,0xde,0x06,0xa2,0xc7,0x33,0xb8,0x5b,0xd7,0x89,0xfb,0xad,0x41,0x4e,0xe3,0xc9,0x1a,0xdd,},{0x14,0x94,0x1d,0x55,0x97,0x61,0xb3,0x0a,0xb0,0xa8,0x6d,0x47,0xe0,0xf7,0xd1,0x89,0x6b,0x33,0x78,0x45,0x27,0xc8,0x0a,0xf4,0x1c,0xb8,0x48,0x10,0xcb,0xff,0x9d,0xbf,},{0xfa,0xe4,0x77,0x3b,0x33,0x44,0x60,0xc7,0x7b,0xf0,0x1e,0xc6,0x36,0x6c,0x4f,0xe6,0x1c,0x0c,0xab,0x57,0xd8,0xa4,0xb0,0x39,0x09,0xc6,0x19,0xe1,0x1e,0xe3,0x46,0x1c,0x13,0xfa,0x21,0x57,0x6f,0x63,0x87,0x0e,0x42,0x3d,0xd0,0x41,0x81,0xe4,0xa7,0x01,0x3a,0x75,0x24,0xf2,0x46,0xfe,0x33,0x85,0x3c,0x67,0x41,0x62,0xa7,0x81,0x51,0x04,},"\x21\x6e\x9d\x40\xbc\xdc\x3b\x26\x50\x18\x8d\x12\x1c\x9f\x8e\xf2\x9e\x91\x4f\xac\xd0\x22\xfe\x01\xb9\x0e\xd1\x12\x25\xf2\xeb\x93\x53\x8e\x5f\xce\xe5\xab\x80\x45\xe9\x19\x9a\xa7\x6a\x16\xbd\xd0\x61\x68\x05\x66\x0e\x24\x7f\xec\xd7\xe2\x28\x21\xb6\x9b\x1f\x8e\x8a\x58\xac\x3f\xb8\x56\x91\xd7\x5d\x59\x57\xa1\xda\xf5\x3f\xf9\xee\x64\x76\xd7\xc4\xbc\x54\x1e\x6a\xd3\x8e\x3a\x34\xea\x90\xfc\x52\xa4\x8b\x93\x99\xf9\x2d\x17\xc9\xbb\x0d\x7f\xc3\x10\x4c\x55\xd0\xef\xb4\xea\x5b\x83\x1f\xf9\x49\x0b\x3f\x79\xf4\xd9\xd6\x99\x59\x4b\x74\x15\x66\xf2\xb5\x0a\x8f\xc7\x8c\xc4\x03\xfa\x40\xf5\xab\xb6\x63\x8a\x32\xf4\x49\xa8\xb3\xef\x02\x9c\x40\x2f\x46\x93\x1a\xd2\xbd\x3e\x8e\x68\x31\x08\x71\x4c\x98\x9a\xe2\x16\x89\xe9\xc4\x44\xb9\xf5\x5b\x81\x11\x9b\xb5\x03\x5b\xcf\x73\xe9\x7c\xe4\x3a\x22\x18\xc7\xbc\x3e\x43\x0d\x1e\x81\x4f\x34\xde\xe0\x57\x26\x5d\x31\x94\xb9\xf4\x38\x75\xd8\x38\x1f\x52\x5f\x78\x57\x6e\x64\xce\x69\x25\x84\xfa\xa3\x0f\xb7\x43\xa1\x2d\x1b\x77\x61\x4d\x2e\x10\xa6\xb8\x56\xb5\x2b\xe2\x7c\xdb\x63\x0b\xa1\xf0\xd3\xa6\xf8\xea\x98\x44\x54\x2e\x58\x4e\xa0\xa2\x77\x75\x27\xd0\xc5\x2a\xca\x94\x9a\xac\xda\x45\xad\x83\xd1\x6d\x5c\x83\xd6\x63\xad\xb7\x9c\xad\x6f\x3e\x39\xe9\x90\xfe\x28\x2a\x14\xc3\x53\xaa\x23\x79\xd7\xf0\x6a\xda\xb7\x4c\xea\x02\x1b\x89\x83\xa5\x7f\x1d\x0c\xf7\x03\x29\x2e\xb0\x5e\xce\x89\xc5\x3f\x3a\x12\x65\x61\x0e\x0c\x1e\xa8\xdd\xd4\x44\xd1\xff\xd6\xbc\x3d\x03\xf0\xa6\xe4\xd0\xdf\x5c\x5b\x8d\xc1\xf9\x5d\x9f\x55\x58\xb1\x18\xaf\xe6\xbe\xa0\xf6\xc2\x93\x13\x63\xf0\x3a\xb3\x4e\x75\x7d\x49\x36\x41\x74\xf6\x58\xef\xbb\xf3\x8d\xc1\x77"},
+{{0x38,0xbe,0xd4,0x45,0x55,0x6d,0xe7,0x44,0x82,0xbf,0x5f,0xec,0x05,0x06,0xf9,0xaf,0x33,0x0b,0x15,0x1e,0x50,0xd4,0x77,0x4d,0xfe,0x85,0x91,0xd7,0xb7,0xe0,0x27,0x6b,},{0x4c,0x0f,0x9c,0x49,0xa4,0x2f,0x40,0x47,0xbf,0xe6,0x88,0x55,0x51,0xc5,0xe4,0xb8,0x56,0xcf,0x77,0x1a,0x67,0xaf,0x3f,0x89,0xdb,0xf6,0x02,0xf9,0xdb,0x92,0x20,0xf3,},{0xf7,0x02,0xd0,0xd4,0x63,0x28,0x2f,0xc7,0xfd,0x5f,0x8f,0x90,0x29,0xb8,0x9c,0x62,0x6c,0xaf,0xd8,0x34,0x50,0xc3,0xbb,0x9d,0xd8,0xf6,0x58,0x9f,0x0c,0x4b,0x4b,0x71,0xf6,0x49,0xea,0x21,0x2e,0x5e,0x33,0x48,0x7c,0x59,0xc1,0x68,0xea,0x3a,0xd8,0x31,0x50,0xf1,0xfc,0xdf,0xe8,0xc5,0x3e,0xba,0x65,0xad,0xc2,0x02,0x3c,0x25,0x83,0x0f,},"\x0f\xf0\x03\x1d\xf0\xbe\xef\xf3\x71\x0c\x6b\x76\x3f\x9b\x8e\xc8\x17\x19\xbf\xa1\x52\x8c\xe4\x65\x19\xad\xf3\xd3\x41\x2d\x93\xfb\x18\x8f\xd4\x97\xd5\xd1\x70\x91\xc0\xf0\x34\x59\x60\xdd\x0e\xb0\xc0\x9f\xc4\x00\x51\x73\x66\x5d\x4d\x97\xf9\x5c\x13\x82\x8b\xc7\x6b\x34\x92\xb8\x7a\x4b\x64\x25\x3c\x8b\x5f\xa4\x7a\xa7\x5f\xa3\xb8\x6d\x5a\xbe\xea\x8d\xe5\x95\x9a\x60\x22\x89\x13\x6f\x60\xa6\x9b\x30\x9e\x77\x3b\x22\x55\xcd\xe1\x9e\xd2\xa2\xe1\x99\xc3\x3d\xb1\x1c\x16\xad\xe0\x8a\x31\x97\x50\xb8\x51\xd9\x2c\x69\x29\x24\xfc\x98\x59\xbe\x52\x34\x31\xcb\xe7\x8e\xc0\x92\xdb\x11\x29\x21\x0e\xbb\xea\xa7\xc2\xa2\xc0\x00\xee\xb1\x05\xca\x03\x01\xa4\x8f\x3e\x45\xfd\xfb\x15\xb2\x75\xcb\xab\x83\xca\x5c\x99\xd7\x37\xa5\x85\x32\x0e\x9e\x3b\x31\x71\x79\xbd\x86\x46\x7f\xa9\x69\x4f\xcd\xb2\xac\x6a\xd3\x6e\xd7\x14\x48\x43\xdb\xc3\x4e\x42\x3d\x35\xaf\xd7\xd8\x97\x2a\x1c\x43\xc1\x99\xa1\x91\xab\xd6\xce\xba\x49\x36\xd3\x95\xc9\x95\xa3\xeb\x13\xcb\x05\x7f\x88\xa9\xdc\x94\x90\xfe\x98\x84\x5e\xe5\xd2\x6a\x89\xfb\x64\x2a\x2a\x51\x6d\xc3\x05\x6c\x54\xd3\x63\x72\x13\x36\x3a\x86\x28\xa4\x2a\x39\x5d\x94\x2b\x95\x4a\x89\xe8\xef\x7a\x74\x4d\x8a\xe5\xad\xac\x88\xc6\x16\xef\xaa\x90\xe2\x07\x72\x05\xa6\x0b\xaf\xfe\xde\x5c\x87\xbb\x14\xde\xad\x30\x62\x29\x49\x5f\x69\x8f\x3e\x49\x06\x16\x96\x6b\x16\x36\x38\x7d\x0d\x86\x18\x3f\x94\x5b\x24\xa9\xdc\xfc\xcf\x4d\x36\x72\x2c\xd1\x2e\xbb\x6b\xd8\xe7\x83\x25\x75\x2a\xfa\x2b\x1a\xbd\x13\xc4\xbd\xbc\xad\xd1\x70\x86\x91\x36\x82\x62\x42\xac\xfb\x72\x1d\xe5\xff\x27\xba\x8a\xa0\xc0\x18\xb2\x25\xed\x34\x04\x80\x3c\xe9\xfa\x2d\x50\x8d\x89\x44"},
+{{0x05,0x54,0x60,0xb3,0x2d,0xd0,0x4d,0x7f,0x4b,0x23,0x11,0xa8,0x98,0x07,0xe0,0x73,0xfd,0x55,0x65,0x65,0xa4,0x77,0x18,0x57,0xd8,0x82,0x79,0x41,0x30,0xa2,0xfe,0x5d,},{0x26,0x0f,0x8f,0xed,0x4b,0xba,0x30,0xb9,0xe1,0x2a,0xd8,0x52,0x3f,0xbb,0x6f,0x57,0xf0,0xa7,0xa8,0x82,0x55,0x00,0x61,0xf1,0xda,0x46,0xfb,0xd8,0xea,0x44,0x22,0x21,},{0x23,0xf4,0xf1,0x62,0x7f,0xba,0xbd,0x78,0x91,0xd7,0xd8,0x48,0x96,0x31,0xc7,0x23,0x1d,0x22,0xde,0x71,0x86,0x4e,0x26,0x2a,0xb4,0xda,0x84,0xea,0x8a,0x13,0xa6,0x0f,0xea,0xc4,0xdc,0xfb,0x18,0x12,0xf1,0x20,0x04,0x44,0xb7,0x75,0xf1,0x21,0xd7,0x26,0x6d,0x75,0x5c,0xe9,0xb6,0xa9,0xad,0x79,0x65,0x59,0xc0,0xa2,0x6b,0x51,0x6d,0x02,},"\x74\x07\xf9\x6e\xe3\xe7\x9c\x69\xd3\x6c\xe1\xf6\x4e\x4f\x18\x86\x55\xea\x68\xb9\x47\xe7\xe2\xbe\x97\xb0\x5e\xbc\x6d\x44\x39\xe9\x50\x27\x6e\xf3\xf0\xe6\xa0\x3d\xd4\x8b\x24\xf6\x69\x29\xb4\x9c\x15\x80\xeb\x46\x88\x07\xe1\xe7\xa2\x5e\xb9\xb9\x4d\xa3\x40\xc5\x3f\x98\x4f\x8b\x81\x60\x3e\xfb\x61\x04\x7b\xf3\xf1\x4b\x68\x6d\x97\x98\x00\x3d\x2f\x68\x58\x9a\x79\xeb\xfa\xd5\x44\x09\xc7\x1c\x90\xff\x67\xc1\x1f\xbd\x76\xcc\x72\xc2\xd1\x45\xf4\x58\xe4\x2f\x88\xb7\x5d\x25\x0e\xad\xca\xfe\x66\xbf\x37\xff\xc8\x37\xb6\x2f\xf0\x06\x68\x5b\x7f\x85\xa9\xd8\x75\xfc\x07\x8c\x82\xe6\x1f\xe3\x5d\x19\x22\x52\x7a\x55\x1d\xab\x62\xf9\xe4\x77\x49\x91\x46\xba\xd9\x12\x20\x3e\x66\x4c\x41\x7c\x36\x79\xc0\x2d\x87\x2a\xba\xc0\x03\x2f\x8c\xc7\x7f\x77\xbf\xe5\x4d\x33\x26\xfd\xee\x92\x76\xa4\x8e\xa4\xeb\x25\x13\x50\x40\x68\x82\xd0\x8c\x83\x0e\x76\x49\xfe\x68\x54\x55\x8a\x75\x13\xab\x2d\x8d\x2a\xc3\xe5\xce\xd8\xa8\x08\xd2\xae\xe4\x54\x77\x9e\xda\xbd\x1a\xa6\x3b\xb1\x9f\x71\x8f\x47\x0b\xdc\x84\x51\xcd\x9b\x29\x49\x41\xe3\x49\x70\x63\xb1\xe3\x9b\x6c\xa1\x84\x56\x2f\xe8\x38\xcb\xfe\xee\x92\x2d\xe2\x4d\xdf\xcf\x98\x82\xc5\xe6\x15\xb1\x1b\xf9\x04\x81\x7f\xbd\x64\x71\x39\xdb\x80\xb4\xe8\xfe\xb3\x7f\x11\xe1\x85\x2d\x7e\x87\x6d\xb9\xcb\x63\xc9\x4d\x7e\xe3\x41\x92\xf7\x20\x0b\x5b\xc7\x7a\x03\x11\xae\x43\xb8\x06\xeb\xd4\xc2\x89\x6c\x53\xf5\x8f\x7e\xbc\x16\x25\xcb\x20\xd7\x10\x7e\xf9\xdb\x0d\xa2\x87\x88\x52\x3d\xe9\x91\xef\x6c\x58\x66\xb1\x8d\x8d\xe8\x3a\x95\x4d\x32\x81\xe0\x6d\xbf\x27\xc4\xf2\x38\x2e\x08\xcd\x0e\x0f\x6e\xba\xe3\xf9\x61\xb7\x7f\xce\x5a\x95\xa9\xb0\x62\x1b\x75\x6f"},
+{{0xe9,0xf6,0xd3,0x1b,0x93,0x69,0x42,0xc5,0x26,0xe0,0xf9,0xec,0x4f,0x5a,0x7a,0xc2,0x5f,0xa7,0x89,0xe0,0xc4,0x34,0xbc,0xd9,0x19,0x9d,0x72,0x0c,0x74,0x3c,0x84,0xc4,},{0x32,0x12,0x6d,0x26,0xe2,0x82,0x31,0xc5,0xb5,0x85,0xb1,0x3f,0x43,0xa0,0x1c,0x6f,0xe5,0x42,0x94,0x6b,0x07,0xd3,0xa9,0x1e,0x57,0xd2,0x81,0x52,0x3f,0x5c,0xb4,0x5c,},{0x7e,0x3b,0x1c,0x4c,0x71,0x6c,0x80,0x8e,0x90,0xb9,0x74,0x45,0x89,0x15,0xf3,0xb2,0x23,0x9c,0x42,0x07,0x71,0x19,0xfe,0x27,0x07,0x88,0xfa,0xe5,0x20,0x57,0x8b,0xd7,0xda,0x64,0x88,0x04,0x41,0x32,0xe1,0xbe,0xf2,0x3e,0x3b,0x23,0xc3,0x4d,0x9c,0x18,0x62,0x74,0x4f,0x28,0xfc,0xae,0xcd,0xa6,0xca,0xc0,0xfd,0x72,0xb9,0x3b,0x6a,0x0f,},"\xe8\x81\x33\xf3\xd1\x76\x42\xd5\xc2\x27\x79\xa8\x53\x16\xba\x0d\xf3\x4c\x79\x2b\x4e\xfe\xe4\x9e\xd7\xdd\x93\xca\x33\x22\xef\x47\xc7\x2e\x5b\x2e\x45\x95\xc7\x78\x00\x43\x4b\x60\x71\x9a\xdf\x54\xe4\xc1\xa3\x4c\x89\xfa\x1e\x27\xee\x8d\x35\xa0\x92\x1f\x97\x55\xac\x4a\x77\xa6\xc1\x68\x4e\xa0\xf5\xc8\xee\x5f\x75\x9c\xe5\x9b\xfe\x83\x15\x80\x0a\x67\xaa\x6c\x64\xdd\xfa\xac\x92\xea\xbe\x6c\x2c\x61\x37\x79\x78\x4b\x3a\xff\xaf\xcc\x62\x0f\x2a\x6d\xc5\xcb\x8d\x8d\xc7\xd7\x4a\xa4\xd7\x94\x94\x67\x84\x94\xe5\xe6\x39\x4c\x43\x3c\x14\x80\x9f\xf4\x0c\x9a\x59\x2d\x0d\x69\x4a\x81\x10\x3b\x44\x53\x1e\x1f\x48\xbc\x13\x96\x5d\x15\xaf\x8b\xf3\x34\x04\x88\xf8\xcd\x58\xf0\x9a\xe1\xa6\x61\x6b\xf8\x5a\xc9\xde\x7e\x0c\x66\x96\xaa\x2f\x1b\xec\x15\xe1\x7a\x44\xda\x4a\x84\xed\xb4\xec\x6d\x77\x24\x77\x88\xba\x0d\xe3\xae\x12\xa1\x55\xcb\xed\xc0\xda\x2f\x56\x8e\xef\x0b\x75\xa8\x77\xea\x5b\x0c\x2c\x0d\x4b\xf2\xc6\x1d\x46\x8a\x46\xfa\xad\xfa\xec\xe3\x5f\xc2\x63\xa9\xbe\x99\x87\xf4\xf7\xf7\x8f\x05\xc7\x07\x78\x43\x78\xc7\xb8\xf7\xda\xf9\xac\x3a\x12\x2a\xad\x39\xa1\x67\x79\x66\xda\x9e\xf2\x86\xc9\xe0\x62\xc4\xf4\x39\xad\x0b\xdd\xea\x26\xe5\x4b\x2f\x73\x88\xe2\x38\xb2\xa6\x49\x28\x45\x0d\x34\x56\x4c\x5a\x44\x7e\x7a\xfb\xbe\xdd\x10\x85\xf1\xf2\x4c\x11\xae\x08\x43\x22\xd1\xa3\x2c\xf8\xaa\x47\x39\x41\xf0\x0d\x56\xb1\x61\x82\x13\xca\xb3\x90\x0a\xa6\x06\x46\x3d\x9f\x80\x0e\x92\x6f\x9f\x42\xd4\xb0\x82\xd8\xc5\xec\x3a\x4a\x02\x5b\x45\xf9\xaa\xdc\x8b\xcb\xd1\x70\x91\xb3\xda\x49\xe9\x45\x3d\xc5\x5e\x89\xb5\xb5\xfe\x6b\x31\xf5\xed\xda\xd1\x0b\x66\x01\x57\x25\x68\xd8\xe2\x05\xd3\x25\x1a"},
+{{0x6b,0xf4,0xca,0xaa,0xbb,0x96,0x85,0x4a,0x38,0xa5,0x72,0xf4,0xce,0x6c,0x78,0x38,0xf7,0xe7,0x50,0x11,0x8c,0x73,0xf2,0x72,0x35,0x82,0x61,0x8e,0x23,0x07,0xf8,0x38,},{0x08,0x12,0x63,0x73,0xd0,0x56,0xf0,0x0e,0x54,0xb8,0xd4,0x3d,0x77,0xc3,0x5f,0x5f,0x91,0x98,0x33,0xe9,0x0d,0x8a,0xaf,0xd6,0xc8,0x24,0x6d,0x27,0x91,0x7a,0xd0,0x91,},{0xd2,0x11,0x3f,0x80,0xd6,0xcf,0x92,0x84,0x86,0xa2,0x50,0xa6,0x79,0xd6,0xe7,0x4b,0x35,0xea,0x9d,0x26,0x06,0x1f,0xa9,0x4d,0x76,0x9e,0x1a,0x8f,0xbf,0xa0,0xa7,0x34,0x22,0x7f,0x55,0x53,0x7e,0x4e,0xbf,0xf5,0x93,0x36,0xdb,0x14,0x1c,0xf5,0xd6,0xd4,0x82,0xa0,0x71,0x1f,0x1e,0x9f,0xc7,0x2f,0xf7,0x09,0x56,0xa1,0x1b,0x4f,0xb9,0x09,},"\x47\x76\xe9\xd6\x00\x85\x48\x1f\xa5\x37\xbf\x29\x5b\xda\xbd\x8b\x1c\xf6\x32\xa8\xcd\x40\xbc\xe6\xbd\x32\x5c\x12\x9f\x97\x70\x00\xe8\x84\x68\xeb\xf2\xdc\x15\x8a\xc0\xf2\x07\x21\x2d\xb0\x0f\xb6\x0b\x8e\xc8\xba\xe2\x29\x37\x2e\x9a\x6b\x01\x53\x0a\x7e\xd1\xbc\x9d\x38\x9e\xc8\x91\x3f\x59\x03\x0d\x5b\x54\xaf\x56\xae\x1c\xcc\x28\xf3\x7c\xc9\x6a\x8e\x53\x20\x4e\x92\xa6\x77\x76\x6a\xdf\xaa\xda\x99\xb0\x28\x1f\x86\x7f\x61\xac\x9f\xf7\xd9\x72\xee\x3e\xd4\x27\xd7\x2f\xaa\xe7\x5d\x4a\xec\x01\xb5\xff\xc3\x70\x61\xb6\xf0\xf7\xe5\x71\x4c\x4c\xf3\x0d\x5b\x73\x1b\x07\x46\x06\x5f\x19\xe4\xc8\x92\x2d\xde\x64\x2f\x80\xfe\x24\xa3\xc8\xdc\xb2\xe5\xf1\xc2\x66\xe2\xaf\x6c\x37\xde\xcf\x55\xa2\xba\xa5\x4f\x0d\x5c\xf0\x83\x93\x70\xc3\xe0\xb4\xe7\x7a\x4f\x36\xbb\xb3\x16\x20\x14\x93\x3a\x4a\x4e\xbc\xae\x8c\x60\x96\x1a\xc6\xdc\xf1\x34\xf3\x08\x28\xd3\x14\x02\xae\x74\xe7\xe8\x51\x3c\x9d\x2a\xd8\xee\x46\xb7\xa9\xd5\x3a\x1f\x87\xeb\xfc\xe0\x4f\x46\x1b\xde\xd1\x74\x9b\x6f\xc4\xc4\xf2\x57\x93\x52\x56\x92\xd7\xa0\xe4\x26\xc8\x4e\x06\x08\x2c\xc3\xe6\xab\xb5\x13\x68\x37\x0c\xbb\x10\x6c\x7a\x08\x97\xf6\x6d\x92\xc9\x73\x9c\xff\x9f\x27\x06\xd6\xa2\x98\x0e\xce\xa3\xac\x49\x45\xf0\xf4\x7e\x65\x6b\xd9\x63\x77\x77\xe8\x53\xd2\xa8\x39\x10\x43\x27\xdc\x04\x9e\xbc\x34\xf0\x49\xd6\xc2\xf8\x0e\xca\x99\xdb\x7b\x41\x84\x24\xac\xef\x75\x22\x60\xd2\xd4\x27\x94\x93\x23\x99\x7c\xd9\x61\x7e\xdf\x50\xd4\x41\xd0\x08\x8b\x1d\x47\x91\x2e\x35\xcf\x54\x23\x15\x26\x58\x29\xf3\x83\xf4\x58\x60\xd3\xb4\x5e\x73\x5b\xb2\xf8\x58\x6d\xcf\x58\xdb\x4f\x2a\xcf\xb4\xa6\x88\x53\xa9\x6e\xed\x7b\x89\x76\x9d\x36\x56\x13"},
+{{0x5d,0x95,0x85,0x73,0x6a,0xb2,0x09,0xb0,0xab,0xe8,0xbf,0x74,0xac,0xa4,0xee,0xa4,0xf6,0xd1,0x65,0x0b,0x53,0x25,0x50,0xa2,0x23,0xe0,0x44,0x58,0x0f,0x8e,0x20,0xde,},{0xe7,0x77,0x29,0xed,0xfd,0x21,0x44,0xb2,0xb1,0x20,0x78,0x76,0x54,0x17,0xfa,0x21,0xf1,0x59,0x4f,0x09,0xb2,0x69,0xe9,0xb6,0x70,0x68,0x02,0xb4,0xf3,0xbd,0xfe,0x85,},{0xe7,0xb0,0x8e,0x1d,0x58,0x09,0xfd,0xd8,0x52,0x94,0x43,0xd6,0x5a,0xda,0x5d,0xd6,0x55,0xea,0x55,0xb5,0x41,0x5a,0x01,0x13,0x93,0xbe,0x70,0x71,0x67,0x64,0x86,0xd3,0x58,0xe8,0xd2,0xa4,0x60,0xeb,0xe0,0x75,0xb0,0xe7,0x01,0xb2,0x4c,0x9e,0x3a,0xb5,0xf2,0xb0,0x33,0x59,0x2d,0x4d,0xe3,0xb7,0xf3,0x7f,0xd5,0x41,0xf6,0x92,0x09,0x09,},"\x08\x69\x35\x91\xe6\xc5\x8a\x5e\xad\x9c\x85\xfe\x8e\xc5\x85\x08\xf8\x1a\x34\x67\x63\x6c\x2d\x34\xfc\xc1\xf4\x66\xe5\xc6\xda\xfd\xc3\x7c\x35\xcb\xee\x35\x58\x9c\x69\x97\xe2\xb1\x54\x48\x13\x27\x44\xe5\xa1\xe1\x31\xbb\x49\xbf\x5c\x25\x63\xf8\x7e\xad\x3e\xfe\x01\xe8\x8c\xbf\x24\xcc\x17\x69\xc7\x8c\xdf\xc1\x67\xe3\x78\x21\x5b\x15\x85\x9c\x7a\x28\xec\xe7\x0e\x18\x8f\xa3\x30\x26\x7d\x3f\xc5\x7b\x4a\xce\x6c\x15\x20\xec\x67\x87\x50\x67\xfd\x33\xbe\x86\xf4\xa1\x96\x7a\xfb\x3e\xb1\x64\xc7\x97\xcf\x28\xd8\x07\x2a\xa6\x9d\x82\xaf\xa3\x83\x74\xf8\xe5\x79\x7c\x4c\x28\x47\x1b\x7d\x69\xf5\xb9\xc7\xb4\xac\xdb\xc1\x9f\x3c\x5c\x5d\x40\x08\x08\xa9\x82\xa4\x78\x37\xae\xd1\xb3\x84\x1d\x69\x89\x0e\xeb\x31\x49\x4e\x10\xe3\xe5\x13\xd1\x2d\x0c\xa6\x86\xc7\xce\x65\x17\x78\x09\x27\x03\xfe\xf0\xdc\xc0\x21\x40\x77\xdf\xb3\x61\x25\x1b\xde\xa4\x36\x4d\xd4\x1b\x97\xbc\xeb\x0f\xb1\x47\x5a\x50\xe4\x70\x8f\x47\xf7\x87\x8c\x74\x40\x1e\x97\x71\xcc\x3f\xce\xac\xe8\x91\x69\x98\x1a\xa7\x72\x50\x85\x00\x90\xd1\x81\xd8\x35\x8e\xbb\xa6\x5e\x29\x0a\xcb\x03\x52\xbe\xce\x8c\x57\x98\x32\xa6\x01\x55\x18\x16\xd1\xc0\x56\x21\xcc\xbb\xee\x0f\xbe\x39\xea\x2f\x19\x53\x93\x19\x9e\x69\xc2\x34\xc2\xfb\x1c\x37\xe4\x74\x84\x08\x60\xce\x60\x91\x61\xfc\xfc\xe2\x86\x95\x74\xbe\x0d\x38\xf9\x5e\x20\xf4\xf8\x72\x52\x47\xb9\x62\x7b\x46\xe8\x34\x90\x51\x01\xac\x12\xb9\x34\xcb\xf8\x7c\xb2\xd1\x90\xd2\xf5\x14\x90\xa8\x2c\x4e\x81\x0e\xdd\xb8\x1f\x95\x6a\x9f\x36\xbd\xa4\x97\xbc\xa5\x06\xa4\x9e\xe9\xcd\x47\xfd\xa5\xb7\xf2\xb8\x84\xa3\x64\x8c\xad\xd1\x2a\xb6\x18\x98\xad\xa4\x6e\xcc\x97\x0f\x81\xdc\x9f\x87\x68\x45\xdb"},
+{{0x60,0xb1,0x42,0xf1,0x65,0x11,0x41,0x43,0xca,0x30,0xa6,0x04,0xfe,0xf5,0x1c,0x68,0x64,0x36,0xaa,0x1b,0x9a,0xfd,0xb2,0x66,0xb3,0xe3,0x98,0xcc,0xb3,0xc4,0xd8,0x55,},{0xea,0xf6,0xc5,0xa7,0x6c,0xa9,0x9b,0xf7,0x30,0x64,0x98,0x88,0x8c,0x3b,0x7a,0x1f,0xea,0xe9,0x8b,0xf8,0x98,0x8d,0x7f,0x2e,0x15,0x47,0xf8,0xf5,0x3a,0x45,0x28,0xaa,},{0xa6,0x21,0xf0,0x84,0xea,0x1a,0x36,0xef,0x81,0x2a,0x97,0x55,0xc9,0xaf,0xbb,0x53,0xda,0xda,0xae,0x6b,0x3a,0x53,0xfa,0x83,0x44,0xca,0x40,0xd3,0x61,0x2a,0x26,0x8a,0x35,0xfe,0xd0,0xfd,0x39,0x8a,0xb7,0x5b,0xcd,0x63,0x9c,0x54,0x79,0x37,0xc9,0x41,0x55,0xab,0x1a,0x7a,0x34,0x67,0xdd,0x4b,0xfd,0xdf,0xac,0xab,0x16,0x55,0xe9,0x08,},"\x18\x15\xde\xe1\x17\x3b\x78\x26\x47\x20\xd3\x5b\x7c\xc2\x45\x4a\x00\x0a\x65\xff\xf2\x14\xe2\x47\x3e\x20\xbc\x83\xf3\xec\xde\x9c\x04\xc1\xe0\x69\x6c\xe6\xe5\x55\x19\xdd\x2a\x75\xce\x04\x64\xbf\x60\x1a\xdc\x38\x1e\x79\x3e\xcb\x9f\x8c\xe7\xab\x87\xb6\xca\x2a\x3e\x41\x0f\x63\x90\x69\x45\x19\x78\xd1\x48\x73\xd3\x39\x0f\xab\x86\x23\x96\x97\x13\xc3\xdf\xcd\x58\xd8\x6d\x12\x40\x73\x76\x1e\xe0\x9a\x65\x2a\x48\x76\x7f\x96\x46\xcb\x72\x6a\xc4\x54\xac\x9a\x1b\xc5\xfa\xed\x30\x26\xb7\x03\x98\x2b\xc2\xb1\xe0\x75\x82\x10\xe1\xd6\x25\x19\x23\x0e\xb2\xb2\xf4\xa4\x86\xbc\x55\x16\x85\x60\xc4\x36\x3d\xf5\xff\x5a\xdf\xda\x11\xac\x7e\xf5\x1b\x18\x19\x6c\x94\x33\x7c\x07\xae\xf1\x17\x99\x0f\x77\x0c\x0f\x1e\x8c\x0f\x88\xeb\x6f\xfc\x40\xe8\xed\x7c\x3a\x80\xa6\x32\xdb\x1e\x7f\x63\xb6\x30\x96\xe2\xac\x49\xe5\x77\x92\xb3\x11\x43\xe2\xf4\xfa\xab\xce\xae\x66\xb2\x74\x71\x68\x1c\x36\xfc\x11\x39\x00\x7f\x9b\x54\x8c\xdc\x6e\x3b\x8f\xbb\xda\xba\x7a\x8a\xdb\x84\x34\x31\x23\x8b\xb4\x61\xba\x24\xf6\xe0\x9f\x62\xc7\x2d\x63\x77\xb4\x04\x8c\xb0\x13\x4c\x25\xa5\x41\x1a\x20\xbf\xcf\xc1\x3e\x48\xd8\x0e\x36\xbf\xb0\xda\x7e\x01\x85\xd3\x3f\x19\x28\x63\x6e\x15\xde\xe0\xe5\xdf\x89\x92\xa1\x65\x72\xb1\x3e\xa8\xf7\xcf\x85\xca\xe3\x2d\x52\x9f\x66\xe8\xf6\xd2\xfb\x2a\xd0\xbb\xfe\x71\x99\x16\x9b\x25\x67\xba\x00\xc7\x81\xb2\x0a\x48\xe1\xd7\x0d\xf9\xfa\x31\x19\xcd\x7e\x5b\xbe\x58\x88\x4b\x0b\x51\x21\x89\x40\xfa\x81\x5f\x85\x62\x5f\xa2\x03\x47\x1c\xee\x80\x84\x78\x0e\xb0\xb9\x35\x6f\x9f\x3d\x4f\x6d\xf7\x40\x30\x1d\x70\x7e\xf1\xff\xb3\x51\x9e\x3f\x90\xb8\x06\x4b\x98\xe7\x0f\x37\x5d\x07\x14\x26\x88\x17\x18"},
+{{0x73,0x4b,0xa4,0x70,0x33,0xc6,0x14,0x02,0x32,0xdd,0x4a,0x7a,0x14,0xf1,0xa7,0x74,0x3e,0xef,0xe9,0x07,0x0b,0xad,0x96,0x62,0x49,0x16,0x30,0xcc,0x9d,0x28,0xc1,0xf3,},{0x2f,0xa5,0xdf,0x30,0x26,0xd6,0x07,0x42,0xe2,0xaf,0xf6,0xb5,0x78,0x42,0xc7,0x12,0x68,0x46,0xc8,0xa7,0xbb,0xe9,0x26,0x6e,0xfa,0x7b,0x3f,0x23,0x98,0xc3,0x57,0xea,},{0x9b,0xd0,0x74,0xd1,0xd0,0xbd,0x28,0x00,0x1b,0xaf,0x7d,0x2d,0x4e,0x82,0x43,0x5d,0xf0,0x8c,0x42,0x64,0xd8,0xcb,0xb1,0xc3,0x81,0x18,0x3c,0x2f,0x01,0x22,0x3f,0x79,0xf9,0x49,0x23,0xca,0x17,0x8c,0xac,0x75,0x56,0x4e,0x16,0xc7,0xf5,0x60,0x79,0x08,0x8f,0x7e,0xd8,0x85,0xde,0x4d,0x50,0x9f,0xbc,0x78,0xf4,0x38,0xfb,0xa3,0xf6,0x07,},"\x5d\x3c\x65\x98\x10\xc3\xfe\xa5\x2a\x6d\xf3\x86\x1e\x5c\xdc\x5b\x70\x3c\xc1\xce\xf4\x85\x58\xc6\x1d\x8c\x51\xd0\xed\xea\x5a\x14\x79\xcf\xe5\x06\x3d\x82\xde\xd9\xca\x68\x1e\x57\x48\x88\x7c\x40\xec\xfb\x9e\x1a\x9a\x8b\x7f\x85\x09\xd1\x07\x76\x46\x1c\x39\x23\x39\x96\x93\xa7\x81\x89\x08\x91\x78\xd5\xaa\xbd\x15\xf8\xc8\x46\x64\x2b\xe4\x7d\x6d\x4c\xaf\x13\x82\x4e\xdc\xef\xb8\x09\x86\x8f\xa7\x2d\xdf\x03\x5c\x4d\xe8\xef\x0a\x9c\x83\x22\x64\xf6\x6f\x01\x27\x61\xce\x69\x55\xbc\x3c\x41\x6e\x93\xe2\x91\x88\x02\x5e\xbb\xb1\x3a\x55\x32\x58\xc1\xd7\xc4\x99\xc9\xa4\xae\xb1\x0b\xb3\x6f\x61\xd1\xbb\x4c\xec\x5a\xe5\x5d\x17\x57\x22\xb9\xa9\x69\x6d\xf8\x81\x95\x1e\x35\x20\x0b\x96\x53\xcf\x6e\xd4\xb3\xd1\x5d\xe0\x87\xa9\xd1\xc3\x19\xfc\xe8\x58\x21\x56\xbe\xbf\x3f\xc9\x1e\x0e\x61\x0f\xf7\xa1\x53\x08\xfd\x1d\x2c\x60\x69\xfb\xbb\x29\x47\xd3\x11\x07\x31\xd2\x45\xae\x29\x63\x01\x4b\xd7\x6d\xea\x42\xdb\x12\x5c\xec\xc4\x93\xc8\xe9\x09\x1a\x76\x64\x65\x77\x72\x9a\xed\x49\x66\xfc\xe9\x69\x9f\xe1\x2e\x36\x7d\x66\x5d\xf9\xe9\x5a\x91\x93\xe1\x13\x3e\x14\x3a\xf9\x2f\x82\xb6\x6a\xc7\x76\x4e\x50\x33\x17\x86\x90\x52\x18\x09\xa7\x10\x7d\x8a\xe9\xb8\x8e\x0e\xd1\xf3\x5b\x17\x19\x90\x1b\x93\x0a\xd0\xe1\xcb\xce\x7f\xb3\x02\x67\xb1\x15\x52\x04\xf6\x05\xf5\x25\xe4\x9d\xe2\x98\x8e\xa7\xf7\x4b\xe8\x81\x51\x77\xfd\x97\x6a\x1b\xcc\x12\x6d\x9c\x9c\x13\x5c\x5b\x42\x76\xd3\x80\x19\xc3\x4a\xef\xb7\xa0\x22\x0f\x7f\x5a\xef\xf3\x80\xae\xd6\x27\xb0\x70\xc2\xc9\xe2\x15\x33\xbb\x35\xc0\x8e\x39\x4c\x85\xae\x25\xe6\x86\x29\x42\x59\x9c\x65\xdb\xae\x59\x77\xa5\x84\xa8\x81\x80\xe0\xc8\xc7\x1e\x5a\x84\x09\xe0\x4e\xf7"},
+{{0x45,0xe3,0x4d,0x0e,0xf4,0xc1,0x96,0xfa,0x6d,0x57,0x2b,0x6b,0x17,0x74,0xb5,0x21,0x8f,0x7c,0x32,0x91,0x30,0x4c,0x13,0x50,0x0d,0xf7,0x07,0x0d,0x90,0xe8,0x03,0x9e,},{0x13,0xa7,0x30,0x4d,0xff,0x42,0x33,0x59,0x17,0x7a,0xba,0xfa,0x5e,0x65,0x08,0xd2,0x67,0x69,0xca,0x99,0xcf,0x8a,0xf4,0x5c,0x38,0x3f,0x3f,0xf6,0x34,0x40,0x60,0x03,},{0xb4,0x2c,0x1f,0x92,0x5f,0x4b,0xac,0xcd,0x12,0x9e,0xfb,0x10,0x9d,0xb3,0x54,0xac,0xa3,0x1c,0x68,0x98,0xf4,0xf4,0x51,0x29,0x47,0x49,0xa2,0x6a,0x6d,0xa1,0x67,0x7b,0xd3,0xa5,0xc0,0x41,0x19,0xe3,0x5f,0x47,0x31,0x9f,0x20,0xcf,0xdf,0xc0,0x8b,0xb4,0x52,0x8b,0x21,0x00,0x9e,0x00,0xbd,0x41,0xeb,0xc0,0xf4,0x68,0x63,0xbe,0xd1,0x0b,},"\x3d\x9e\xd5\xc6\x4b\x75\xe1\x35\xdf\x2f\x5e\x85\x30\x0d\x90\xf2\x1b\x36\x39\x35\xe2\x81\x75\x56\xfc\x93\x11\x75\x1b\xa7\x53\x54\x77\xde\xc8\x35\x6e\xc3\x85\xef\xb8\x2b\x41\x40\x62\xf3\x5b\xb6\xd3\xed\xea\xfd\xe3\x05\xf9\x90\x0a\x25\xe9\x81\x3c\x9e\xe0\x23\x7d\x46\x40\x96\x50\xcd\xcd\xb5\xdf\xa2\x30\x1a\x8e\x26\x47\xf8\xd3\x81\x9d\x86\xf7\xb7\xe3\x07\x0d\x33\x44\x0f\x82\xc4\x05\x4b\x1a\xb5\xed\xeb\xeb\x27\xf9\x5b\x3c\x4c\x6f\xdd\x46\x8f\x21\x60\x0f\x03\xb3\x49\x4d\xa2\x00\xba\xb9\x29\x3c\x38\xd0\x2f\xc4\x40\x48\xe5\x2f\xf5\xfd\x0f\x72\x17\xa0\x4d\x4c\xe9\x12\xa1\x80\xd1\x62\x8f\x36\x82\x80\xb6\x89\x26\x72\xe8\xff\x98\xd4\x62\x9a\xc2\x8b\x60\xc0\x2a\x30\x1e\x6c\x60\x26\xc1\xb9\xe9\xef\x21\xcf\x03\x92\xdf\x22\x50\x08\xd5\xa0\xe0\x28\x4b\x28\x26\x31\xad\x17\x10\xf8\x11\x61\x56\x97\x06\x6c\x98\x29\x65\x19\x94\x8a\x7c\xfe\xd5\xae\xeb\x45\x4e\xe7\xa6\x1c\xc2\x71\xbd\x3d\x49\x9b\xe1\x7d\xf0\x9d\x3a\x0e\x79\x0e\xe6\xb9\xbd\x99\xe1\xb9\x19\xbe\xd4\xa0\x63\xb8\xd1\xa3\x4f\x1a\xfd\x2e\x95\x2b\x9d\xfe\xfd\x77\x09\x69\xc8\xb2\xfc\x37\x97\x7a\xbb\x0f\xee\x63\x17\x25\x3a\x23\xec\xc9\x75\x78\x16\x89\x73\x33\x4c\x8f\x91\x76\x3a\xb9\x7f\x29\xc4\x9b\xae\xee\x7b\x35\xf3\xae\x7f\x5c\xd3\xa4\xa6\xe6\x97\xef\x25\x5a\x3c\x2e\xc0\xc7\x52\xa3\x39\x6f\x69\xf6\x63\xca\x1f\xc2\xb3\x32\xdf\xe6\xc0\xfa\xf7\x8a\xfe\x9c\x68\xd9\x95\x71\xe8\xe8\x96\xc5\x09\x30\x85\xe9\x86\x3a\x27\x64\x8a\x9e\x58\xf3\xa9\xa8\x4c\xbb\xfe\x2b\x41\xca\x36\x33\xdd\x5c\xf6\xe8\x2c\xb7\x7c\xec\xac\xad\x8d\x78\xb3\x53\xf4\x8d\xb4\x2d\x99\xc3\x6b\xca\xd1\x70\xea\x9e\x98\xab\xb2\x78\x8c\x33\xa3\xc7\x06\x26\x8f\x36\x31"},
+{{0x88,0x8c,0xe2,0xec,0xce,0xda,0x9c,0xa2,0xb9,0x48,0xac,0x14,0x43,0xc2,0xae,0xdd,0x75,0x95,0xaa,0xcf,0x36,0xed,0xaf,0x27,0x25,0x5b,0xde,0x7a,0x69,0x91,0xdc,0xc0,},{0x01,0x6e,0x57,0x2b,0x4f,0x98,0x41,0x7c,0x6e,0xe2,0x97,0xab,0xd7,0x84,0xea,0x48,0x22,0x6f,0xf4,0xfb,0xf0,0x05,0x0a,0x5a,0xde,0x88,0x06,0xe7,0x04,0x6d,0x3b,0xa3,},{0x99,0xd8,0x3f,0x14,0x8a,0x23,0x6e,0xbb,0xef,0x1c,0xad,0x88,0xcb,0x3c,0x76,0x94,0xf4,0x98,0x6c,0x92,0x50,0xe2,0x1c,0x36,0x03,0xa0,0xd9,0x41,0xbf,0xf1,0x99,0xcf,0x77,0xd6,0xce,0x99,0xef,0xdb,0x20,0x53,0x31,0x88,0xd6,0x8a,0xd1,0x33,0xde,0x03,0x3a,0x1f,0xb3,0x46,0x8a,0xbb,0x70,0x6d,0x2b,0x8b,0x4f,0xba,0xc0,0x8d,0xfe,0x03,},"\x5c\x80\x1a\x8e\x66\x4e\x76\x60\x76\x0a\x25\xa5\xe1\x43\x1a\x62\x15\x9f\xc3\xf3\xaa\x71\x37\x80\xae\x7c\xbc\xe2\x3b\x85\x64\x78\x27\x99\xbf\x2b\xe4\x81\x7e\xe2\x92\x19\x65\xba\xb7\xe1\xd4\x48\x33\x82\x4c\x16\x28\xd4\x2d\xce\xe3\xe4\x6a\xe4\x2b\x28\x16\xd0\xa4\x32\xa1\xab\x0b\xd2\x1f\xcf\x30\xad\xb6\x3d\x8d\xd7\x65\x69\x54\x43\x43\xd0\x03\x5c\x76\x05\x22\xca\x68\xbe\xa7\x2c\x40\x4e\xdd\xa1\xe9\x09\x5e\xc9\x0f\x33\x25\x68\x1c\x6d\xe0\xf4\xc1\x2d\x1a\xfb\xcb\xa2\xc7\x87\x1a\x1b\x1e\x1f\x19\xc3\x5b\x0b\xed\x9e\xc2\xa8\x7c\x04\x3d\x36\xd8\x19\x39\x6b\xd5\xd0\x99\xe1\xaa\x09\x03\x91\x29\x7c\x73\x3f\x65\xa8\xc5\xd2\x12\x0c\x67\x63\x53\x16\xfa\xb2\x5b\x4d\x48\x47\xa4\x5f\xc3\xf7\x6f\x2e\x24\x26\xdb\xee\x46\x29\x97\x50\x62\xfc\xe1\x4e\x21\x89\xdb\xa2\x7f\xb1\xde\xd2\x45\x3f\x00\x1d\xeb\xfa\xa8\x99\xc1\x16\x60\x61\x2d\x2c\xe2\xad\x2f\x76\x2e\xa5\xde\xe7\xe7\x1e\x58\xad\xcd\xce\xfa\x79\xe8\xe8\xb2\x7f\xc4\xcc\xf8\x9a\xab\xf1\x76\xb5\xd3\x4f\x82\xdd\x15\xd8\x89\xf9\xf0\x87\xdc\x9a\xe8\xa4\x2a\x72\xf3\xb8\x35\x83\x61\x6e\x17\x06\x37\xcd\x1a\xdf\x38\xaa\x65\x51\xcb\xac\xca\x36\x02\xbd\xc7\xae\x21\x0c\x4a\x44\x6b\x3a\xf8\xdb\x27\x20\xe5\x49\xbb\xed\xb8\xbe\xd2\x15\xae\x00\xf1\x9d\xa2\x9d\x8f\xb0\xb6\x42\xd2\x7b\x2d\x88\x57\x5f\x0e\xe8\x4f\x3d\x12\x9e\xb7\x74\xd2\x0f\x53\x7a\x1c\x0f\xdc\xf7\x17\xbd\xeb\xcf\xe4\x7f\x83\x31\xa3\x41\x86\x43\x46\xfa\x6a\x1c\x6b\xbf\xd1\x78\x81\x9e\x38\x7a\x0d\x54\x99\xa6\x8e\x81\xcc\x9f\x82\xad\x39\xe3\x1e\x4d\xfe\x71\x95\x2d\x5e\xa5\xcc\x80\x52\xa3\xce\xed\x17\x51\xf5\x9d\xc7\xec\xc9\x74\x2f\xad\x14\x4e\x18\xdd\xa8\xd0\x58\x2e\x74\xe3\x9c\xa8\xc4"},
+{{0x61,0x73,0x90,0x85,0x7d,0xc1,0x0c,0xdf,0x82,0xb5,0xc9,0x42,0x61,0xf5,0x8c,0xe2,0xd4,0x4a,0xa2,0xf5,0x7d,0x29,0x8f,0x08,0xa2,0xd6,0xc7,0x4d,0x28,0x14,0x7d,0xaf,},{0x89,0xe0,0xc3,0xe0,0xa0,0xf1,0x30,0xd1,0x91,0x6e,0x0e,0x38,0x49,0xb7,0x28,0x6f,0xa2,0xe3,0xac,0x4c,0x17,0xbd,0x1f,0x71,0x6e,0xe5,0xa7,0x2f,0x02,0x57,0xfb,0x8d,},{0x63,0xe9,0x0a,0x6a,0xfb,0xbb,0xb0,0xee,0x69,0x6b,0xfb,0x56,0xef,0xd6,0x79,0xd6,0x8a,0x98,0x51,0xa8,0x94,0x76,0x40,0xa9,0x7f,0x41,0xf6,0x8e,0xdf,0xea,0xdd,0x21,0x6e,0xd8,0x69,0x8e,0x2e,0x43,0xc8,0x20,0xc9,0x04,0x4c,0xaa,0x7a,0xda,0xab,0x5b,0x76,0x76,0x2b,0x68,0x18,0x31,0xa9,0xf7,0x60,0x47,0x6a,0x84,0x43,0xc4,0x3c,0x06,},"\x1f\xd9\xe7\x45\x3e\xaf\xfd\x7c\x9b\x54\x05\x56\x22\xdd\xe1\x70\xdd\x58\xb7\x1c\xb9\x45\xde\x75\x35\x1d\x5f\xce\xb1\xf5\x36\xbd\xe2\x51\x58\xf0\x37\x86\x15\x5f\x95\x3d\xc2\x07\xa1\x70\x8f\x90\xd9\x5b\x15\xac\xa0\xae\xe3\x09\x7f\xdc\xaa\xe8\x5e\x4a\xb1\xc2\xcd\xb7\x05\xc5\x3e\x6c\x2e\xd2\x1a\x99\x4b\x30\x4a\x75\xca\xf2\xce\x4f\xc7\xd6\x1f\x56\x1e\x74\xe2\x97\x39\x7e\x2c\xde\x5c\xc6\x90\x56\x94\x03\x43\xaa\x81\x37\x5d\x0a\xf1\x8d\x17\xd2\xf3\x4c\x0a\x71\xdc\xf1\xde\x3c\x4f\xc4\x88\xa1\x4c\x5f\xa6\xb3\x33\x7a\x31\x74\xb1\xda\x79\x58\xfb\x00\xbd\x59\x55\x14\x82\x21\x42\x7c\x60\xdb\xa0\x41\x17\xc8\x0d\x24\x88\x65\x6d\xbd\x53\x43\xde\x89\x12\x87\xb5\x0e\xf4\xdf\x98\x25\xed\xa7\x6b\x49\x77\xf3\xac\xd4\xab\x6d\x31\x02\xfa\x56\x87\x83\x06\xcd\x76\x56\x14\x91\xbc\xfd\xaa\x1d\xa5\x67\xe6\x77\xf7\xf0\x3b\xae\x5d\xbf\x44\x26\xc3\xc4\xa6\xc3\xd0\x82\xf9\x17\x8b\x2e\xfd\xd2\xbd\x49\xee\xe9\x7e\xf4\xdc\xf3\xf0\xf5\x1b\xbd\xef\xfe\x5a\xe6\x60\x1e\x28\x01\x95\x18\xf8\x27\xf0\x2e\x51\xf6\x67\x9b\x87\x15\x97\x8b\xec\x3e\x69\xd5\x77\x15\x6d\xd7\x19\x95\x93\x71\xba\xf0\x34\x21\x9f\xbb\xd1\x7a\x23\x69\xa8\x54\x14\x90\xf6\xa0\x20\x13\xe3\x3e\x74\xf4\x76\x9b\xe3\x7a\xef\xa4\xde\xfb\x6b\xfb\x3f\x35\x1c\x2a\x26\x14\x82\xc2\xfb\xec\x49\xf8\x5f\x84\x45\x45\x6e\x8f\x5a\x47\x40\x30\xcd\x72\xd0\x95\xef\x6a\x62\x20\x30\xe1\xe4\x3a\x0c\x5d\xeb\xb0\x34\x73\x1d\x2f\x5e\x8e\x4b\xa3\x99\x0f\x07\x7d\x0c\x16\x26\x49\xd1\xfa\x3e\xa4\xfe\x1e\x81\xd7\x4a\xa8\x49\xe2\x1b\x05\x9d\x96\x6c\xba\xd4\xc4\x93\xca\x10\xba\xfe\x7a\x69\x24\x3e\x3c\x0a\x6e\xbf\xd1\x3d\x69\x79\x06\x30\x33\x92\xba\x65\xd4\xfe\x06\xb6\xa5"},
+{{0x87,0x7d,0x01,0x74,0x36,0x36,0x9e,0xc2,0x45,0x3f,0xed,0x46,0xe9,0x77,0xd6,0xac,0xc3,0xa7,0xbe,0x60,0xd3,0x13,0x95,0xad,0x6e,0x7e,0xa9,0xe0,0x74,0x80,0xe4,0xc9,},{0x4e,0x65,0x42,0x2f,0xed,0x33,0x4a,0x55,0xe8,0xb6,0x73,0x89,0x3e,0xba,0x7c,0x18,0x1d,0xd7,0x24,0xdd,0xa0,0x02,0x81,0x7b,0x0b,0xae,0x28,0xac,0xdc,0x3f,0x7f,0xc0,},{0x76,0x88,0xf3,0xf2,0x40,0x1e,0xac,0xaf,0x2d,0xd8,0x8e,0x17,0x0f,0xf1,0xc4,0xd7,0xe9,0x48,0x22,0xa7,0x7f,0x6b,0x55,0x0b,0x56,0x9e,0x82,0x15,0x2b,0xbb,0xb4,0x34,0x05,0x7e,0x01,0x23,0x0b,0x05,0xce,0x58,0xee,0x1d,0xee,0x52,0x26,0xb5,0xc7,0xcd,0xbe,0x5a,0x8a,0xde,0x3b,0x94,0x65,0xf5,0x9a,0xed,0x74,0x14,0x5d,0x14,0x33,0x0c,},"\x4e\xd3\xf5\xbd\xbd\x41\xd0\xe3\xb0\xa8\xa7\xfc\x37\x52\xee\xa4\x96\xd6\x14\x16\x78\xcb\xfe\x06\x75\x7f\x61\xe1\xa1\x68\xd7\x61\xb6\xda\x83\x05\x2f\x79\x94\x95\x0d\x24\x62\x6f\x00\x4f\xbe\x9b\x8c\x95\x62\xe0\xc9\x55\xfb\x3b\x5c\x08\xfd\x2d\x3d\x25\x83\x93\xa3\x49\x03\x0c\x8e\x15\x62\x05\xb4\x04\x83\x03\x8b\xe1\x95\x9f\x1c\xba\x49\x0a\x87\xfe\x13\x89\x9e\x4f\x37\x52\x06\x3b\x68\xfe\x3e\x1c\x50\x71\xf7\xdb\x00\x02\xf0\x14\x94\xb4\xa3\xee\x2e\x07\x99\x2b\xdd\x20\x0d\xb4\x31\x66\x29\xee\x8a\x95\xca\x34\x7f\x0b\x28\xd6\x40\x2a\x6d\xa8\xb5\x3e\x6b\x32\x58\x1c\x36\x91\xe1\x1a\xe9\xb6\xe0\xf0\x49\x48\x94\xe6\x49\xa9\x2d\x03\xeb\x49\xc4\xd6\x83\x3f\xa1\xf5\x4f\x8d\xcd\x91\xd0\x69\x36\xa6\xe6\x2d\x49\x1e\x2c\xea\x46\xdd\x07\xd9\xf0\x2d\x32\x54\xb8\x50\xbc\x97\x49\xf2\x58\xa6\x1a\xd3\xb9\xcc\x24\xb0\x32\x87\x33\x1b\x85\xa2\x41\x43\xaa\xf8\xfc\xcc\xac\x5f\x18\xbf\xc7\x2d\xec\x75\xc0\x23\x35\x16\xaa\x6e\x45\x89\xc7\x8c\x66\x5a\x18\x6e\xd9\x02\x09\x1d\xf9\x7b\x0d\x04\xe8\x3a\x2d\x74\xd7\x89\x89\x1a\xea\x2c\xac\xf8\x13\xff\xfb\x5e\xfa\xf7\x8d\xbc\xd7\xaf\x54\xef\x55\xc7\x7b\x1c\x4c\x8a\xce\x9e\x92\x78\xad\xc2\x3d\x76\xc7\x79\xd6\x4b\x3b\xbb\xd1\xfb\x33\xb0\x98\x36\xea\x64\xa7\x1e\x47\x11\xe8\x9e\x8d\xa0\xf7\x09\x21\x33\x42\x17\x6a\xe2\x2c\x6e\x78\x52\xc3\x97\x3b\x60\xd9\xf9\x88\x89\xb4\x42\xaa\x48\xd7\xbf\xdf\xde\xf6\x4c\x36\xc5\x86\xc4\xfb\x2a\xd2\xe2\x7e\xbe\x47\x9f\x6d\x72\x2f\x06\x9f\xd6\x10\x6b\x0d\x08\x97\x5d\x5f\x72\x15\x47\xc3\xb9\xc5\x2f\x9f\xc5\xf4\x5b\xb4\x5b\x5b\x63\x21\x88\xe8\x06\x26\x51\x8a\x79\x05\x6b\xdc\x4e\xe1\xd2\xbe\x6c\x65\x42\xa2\x1f\xad\xea\x92\xc6\xdf\xb7\x76"},
+{{0x4f,0x0b,0x36,0x07,0xd7,0x0b,0x0f,0x26,0x98,0x32,0x7e,0xf4,0xf1,0x98,0x2c,0x5b,0x4b,0x94,0xbe,0x78,0xf5,0x0c,0x76,0xf4,0x3b,0xd6,0x42,0xf1,0xf0,0xed,0xe3,0x9b,},{0x94,0x2b,0x43,0x08,0x9f,0xd0,0x31,0xce,0xc0,0xf9,0x9e,0x5e,0x55,0x0d,0x65,0x30,0x7f,0xb6,0xc3,0xe7,0x93,0x44,0x9f,0xb3,0x90,0xff,0x73,0x0f,0xff,0xd7,0xc7,0x4b,},{0xf3,0x96,0xa1,0x1f,0x2f,0x03,0xc6,0x14,0x39,0x68,0x4f,0x79,0x00,0x1b,0xd4,0xf3,0x46,0xa3,0x48,0xdc,0xf1,0xd3,0xbe,0xb2,0xd3,0xbf,0xe3,0x3e,0xa7,0x3a,0x5a,0xd4,0xeb,0x97,0x50,0x6a,0xcf,0xbf,0xfb,0x78,0x4e,0x77,0x54,0x81,0x89,0xcd,0x59,0x9f,0x8c,0xcf,0x17,0x35,0x5d,0xde,0x80,0xe7,0x50,0x24,0xef,0x2a,0x78,0xd5,0xfa,0x03,},"\x9f\x70\x0a\x1d\x25\x60\xf6\x9d\x9b\xc1\x05\xbc\x83\xbf\xf5\x39\xe4\x25\x8c\x02\x48\x60\x20\x13\xa9\x59\xb9\x78\xa1\x9c\xc2\x73\x28\x0d\x90\xc0\x17\x80\x89\x57\x8b\x50\x51\x8e\x06\xad\x1e\xab\x79\x0f\xfe\x71\x0c\x63\xd7\x88\x87\xa9\x55\x69\x14\x4f\x3e\x58\xa8\x83\x7f\x93\xdd\x51\x6f\xcd\xdd\x22\xbc\x97\xa7\xf1\x44\x11\xd4\x24\xb2\xe8\xe9\xaa\x7c\x28\x01\x19\xad\x94\xce\x92\x53\x3f\xc7\xfe\xa6\xc6\x62\x48\x64\x4a\xc3\xe1\xbe\xef\x25\x53\xa6\xf6\x1e\x91\xb9\x37\x9b\x0f\xe0\xc6\x8b\x40\x68\x14\x55\xb3\x11\xf4\x0d\xf0\xc9\x7f\x53\xfc\x95\x42\x42\xc3\x75\xe7\x70\x8d\x61\xba\xd9\xf5\x12\x96\x24\x72\x74\xfa\x01\xa7\x32\x8f\xa5\x00\x9d\x99\x95\xf5\x01\xae\x86\x83\x55\x2b\x11\xa4\x9d\x26\x38\x11\x67\x23\xb1\x31\x94\x50\xa9\x01\x38\xd2\x78\xcd\x95\x12\xb8\x0c\xa5\x79\x2e\xd1\x6c\x68\x3b\xef\x92\xec\x87\x88\x4c\x9f\x07\xf1\x37\xdc\x47\xa1\x31\x46\xe5\x11\x06\x5c\x2e\x1b\x4b\x80\xef\xde\x88\xae\x12\xe2\x94\x31\xbe\xb7\xae\xe3\x65\xc1\x6d\x80\x50\x6b\x99\xaf\xa6\xa1\x40\x6e\xdb\x06\x17\x66\x87\x58\x32\xdb\xa4\x73\xe5\x19\xdd\x70\x18\xf4\x02\xeb\x1b\xb3\x01\x4b\x7c\xee\x4f\x02\xe9\x80\xb1\xb1\x71\x27\xe7\xd2\x5d\xfe\x0c\x16\x8c\x53\x44\xf1\xc9\x00\x44\xf8\x27\x70\x7d\xca\x03\x07\x0e\x4c\x43\xcc\x46\x00\x47\xff\x62\x87\x0f\x07\x5f\x34\x59\x18\x16\xe4\xd0\x7e\xe3\x02\xe7\xb2\xc2\xca\x92\x55\xa3\x5e\x8a\xde\xc0\x35\x30\xe8\x6a\x13\xb1\xbd\xfa\x14\x98\x81\x30\x98\xf9\xba\x59\xf8\x18\x7a\xbc\xaf\xe2\x1b\xa0\x9d\x7c\x4a\xaa\x1a\xd1\x0a\x2f\x28\x33\x4a\xb5\x39\x96\x14\x7c\x24\x59\xc0\x1b\x6a\x10\x83\x9e\x03\x01\x12\x3d\x91\xa3\x5c\xed\x7a\xf8\x9a\xfb\xac\x7d\x9c\xf8\xac\x9a\x38\xce\xeb\xef\x83"},
+{{0xb8,0xa0,0x01,0x0c,0x78,0x4d,0x8d,0x00,0x2a,0x31,0xda,0x11,0xd0,0x22,0xd3,0x01,0x88,0xa4,0x19,0x7a,0x1d,0x5f,0x14,0xea,0x4c,0x0d,0xab,0x29,0xa2,0xe4,0x06,0x68,},{0x8b,0xdc,0x63,0xe5,0x0b,0xed,0xe1,0x3c,0x91,0xa4,0x1e,0x4b,0x4b,0x78,0x57,0xb9,0xe5,0x53,0xf4,0x84,0xe3,0xc1,0xec,0x16,0x7d,0xc0,0x4c,0x28,0x1e,0xa8,0x66,0x22,},{0xb3,0xf6,0xcf,0x4c,0x0e,0x0f,0x90,0x74,0xff,0x2c,0x2c,0x47,0xe1,0x63,0x20,0x2f,0x1e,0x9d,0x6e,0xe1,0x17,0xcf,0x75,0x76,0x33,0xe4,0xab,0xe7,0x44,0x23,0xaa,0x70,0x00,0x8a,0xda,0x15,0x09,0xec,0x1d,0xc1,0x17,0xc1,0xc2,0x30,0xe9,0xb2,0x37,0x86,0xf3,0xd0,0xf2,0x9b,0x73,0xaa,0x28,0x45,0x36,0xe9,0x58,0x01,0x06,0xa8,0xa7,0x0c,},"\x5c\x6c\xcb\x29\x8b\xe2\x16\x80\x8b\x81\x1e\x56\xd9\x72\xf4\x56\xb6\x9a\xd3\x95\x94\xee\xe3\x54\x70\x1c\xa6\xb3\xe3\x8d\x1f\x41\xa3\x59\xe5\x51\x2a\xf9\x8a\x3a\x08\x73\x26\x5f\xe5\x19\x1f\x4f\x2e\xca\xf6\x6b\xee\x75\xa3\xac\x0b\x71\xa4\xdd\xf2\xa7\x59\xeb\xdd\xdb\xd8\x8a\x6a\x1c\x6f\xd0\xfc\xf7\xd7\xcb\x92\xa8\x4e\x33\x07\xb4\xa4\xf9\x8c\x71\x0a\xbf\x4f\x55\x3d\xee\x74\xf6\x52\xd2\xac\x64\xbc\x30\xf7\x2b\xf4\x35\x4e\xf7\xe8\x06\xa1\x90\x71\xa0\x51\xbc\xfc\xfb\x27\xe3\x7f\xdd\xd4\x1e\xce\xae\xc1\x75\x8e\x94\x69\x5c\x67\x0e\xf4\xc5\xa5\x90\x21\x78\x32\x9d\xb9\x58\x5c\x65\xef\x0f\xa3\xcd\x62\x44\x9b\xb2\x0b\x1f\x13\xae\xcf\xdd\x1c\x6c\xf7\x8c\x51\xf5\x68\xce\x9f\xb8\x52\x59\xaa\xd0\x5b\x38\xc6\xb4\x85\xf6\xb8\x60\x76\x92\x8d\xdb\x4e\x20\x36\xf4\x5e\x7b\x9c\x6a\x7f\xf2\x4a\xe1\x77\x60\x30\xe2\x57\x68\x25\x01\x9a\xb4\x63\xeb\xf7\x10\x3a\x33\x07\x20\x33\xea\xcb\xb5\xb5\x03\xf5\x32\x66\xaf\xb8\x2f\x9b\x24\x54\xb8\xdc\x05\x7d\x84\xf3\x0d\x9d\x2c\xb7\xc3\xa3\x1a\x7d\xbd\xfb\xa5\xb8\xe4\x92\x31\xc2\x31\x39\x6c\x47\xca\x04\x2c\x8e\x48\xa1\xa5\xe3\xec\x9a\xfe\x40\x20\x59\x53\x90\xf9\x99\x0d\xfb\x87\x4e\x08\x25\xae\x9a\xe5\xe7\x52\xaf\x63\xaf\x6f\xd3\xe7\x87\xe7\x5e\x8d\x8d\xc4\xc6\x63\x02\x27\x7a\xc0\x1b\x30\xa1\x8a\x56\xcb\x82\xc8\xa7\xeb\xdc\x91\x5b\x71\x53\x25\x5a\x1f\xed\xc4\x92\xe4\x96\x60\x26\x2b\xb2\x49\x78\x0d\x17\x3e\x1f\xd2\x0d\x18\xc4\xf6\xb0\xb6\x9a\xa2\xec\xa0\x24\xbf\x3c\x80\xd7\xd5\x96\x2c\xc4\xa1\x29\xa7\x94\x3b\x27\xf3\x3c\xc7\x99\xa3\x60\x45\x54\x12\x75\xa2\xcd\xb9\x2a\x40\xe4\x85\xba\x8b\x73\x7a\x04\xb4\x3d\x29\xc3\xe2\x5f\x76\xcb\x3d\x93\xa6\xb9\x44\x61\xf8\x8f\x56\x96"},
+{{0xef,0xc8,0x6c,0xbe,0x40,0x36,0x3a,0xbf,0xbb,0x2a,0x4b,0x1f,0xcc,0xe5,0xfd,0x60,0x84,0xda,0x96,0xe7,0xe8,0x14,0xde,0x71,0xaa,0xdf,0x9a,0x61,0x8f,0x30,0x36,0x25,},{0x22,0xf2,0x95,0xce,0xe7,0x27,0xd2,0x8d,0x2b,0x93,0x17,0x15,0x3e,0x7d,0x94,0x12,0xda,0x10,0x65,0xc1,0xb1,0x6a,0xe2,0xa2,0x51,0xdd,0x1f,0xb4,0x31,0xc6,0x2b,0x01,},{0xf8,0x81,0x83,0x10,0x22,0x8c,0xa7,0x61,0x11,0x52,0x4c,0xe9,0x4b,0xfc,0xb0,0x24,0x6e,0xa6,0x35,0x08,0xce,0xe9,0x30,0x65,0x92,0xb2,0xf7,0x75,0x48,0xed,0xef,0xcf,0x76,0xbd,0x14,0x54,0x50,0x8e,0xa7,0x15,0x04,0x2c,0xec,0x16,0x9c,0xea,0x51,0x15,0xab,0x54,0x23,0x5c,0xb1,0x09,0x7b,0x10,0x70,0x2a,0xa3,0x83,0x78,0x02,0x8e,0x0c,},"\x9e\x4f\xa4\x5d\xc0\x26\x71\x0f\x6b\xef\x4e\xd0\xf0\x7c\x54\x4b\x0b\xb0\xd8\x8f\xa7\x9e\x71\x77\xd8\x44\x8b\xc2\x09\xd7\x1c\xfe\x97\x43\xc1\x0a\xf0\xc9\x93\x7d\x72\xe1\x81\x9e\x5b\x53\x1d\x66\x1c\x58\xc6\x31\x41\xce\x86\x62\xc8\x83\x9e\x66\x4d\xb7\x9e\x16\xc5\x4d\x11\x3a\xbb\x02\xa7\x5b\xdf\x11\xb3\x45\x3d\x07\x18\x25\xbc\x41\x57\x41\xe9\x94\x83\x54\x6b\x8e\x1e\x68\x19\xde\x53\x01\x70\x92\xe4\xef\x87\x1f\x1c\xa0\xd3\x50\x8f\x93\x78\x28\xa4\x66\x7d\xb1\x1f\xff\xf9\x41\x6e\xeb\xb9\x4b\xf9\xb8\x4d\x65\x46\x03\x09\x48\x34\xa9\x9c\xa7\x0b\x90\xf5\x62\xa8\x68\x23\x62\x4d\xfe\x9c\xb2\xf9\xe8\x8c\x17\x3f\x13\x46\x4d\x4c\xe2\x55\xf2\x22\xdb\x50\xdd\x63\xab\x42\x46\x57\x34\xe7\x52\x95\xc0\x64\xb6\x4c\xc3\xf1\x5e\x62\x37\xe3\x7f\x33\xd6\x15\xf7\xc2\x43\xe4\xba\x30\x89\x60\xcf\xd4\x39\x34\x02\x52\x55\x00\xbb\x79\x02\x97\x0b\x39\x31\xd4\x8b\x35\x66\x6a\x2d\x4d\x2a\xb0\x8f\xa1\x2a\xf3\x66\xa0\x04\x34\x6c\x9d\xd9\x3d\x39\xfb\x1b\x73\x40\xf1\x04\xe5\x1f\xed\xbb\x53\x36\x05\xb5\xff\x39\xcf\x6d\x59\x51\x3f\x12\x85\x6d\xcf\xa1\x98\xd7\x93\xb0\xfc\x87\x5c\xde\xa0\x74\x1f\x14\x55\x74\x6d\x8a\x19\xc3\xe9\xd9\x28\xf0\x02\x1b\x01\xc2\x51\x31\x81\x1e\x48\xc3\xc7\x5c\x6f\x41\x42\x2a\x88\x10\xc6\xc8\x1f\x35\xb4\x54\xee\xae\x8c\xd1\x7c\xf3\xf2\xe6\xf0\xbc\xd9\xf2\x90\x98\x4f\x49\x65\x78\x62\x3a\xb8\xe2\x73\x8d\x2d\x10\x84\x0e\xb9\x1d\x10\x1c\xb4\xa2\x37\x22\xb7\x2e\x3d\xd1\x85\x44\x0c\x3b\x9f\x44\xd4\x6a\x39\x3a\x34\xc1\x87\xa2\x0d\x61\x0b\xb6\x98\xc5\x05\x31\x74\x1e\xfe\x96\x32\x35\x12\x32\x98\x00\x77\x2a\x40\x80\x65\xa7\xef\x8e\x4e\x41\x05\xeb\x1f\x5b\xf6\xd3\xfd\x6b\x21\x7f\xd8\x36\xd8\x9f\x53\xb9\x6f\x45"},
+{{0x33,0x55,0x6c,0x60,0xde,0x2f,0x2c,0x9a,0x93,0x03,0xb9,0x9a,0xdd,0x37,0x85,0x92,0x06,0x05,0x05,0xf8,0xe4,0x98,0x61,0x08,0x5a,0x4b,0x15,0xf0,0x72,0xa7,0xef,0x28,},{0x23,0x1e,0xc8,0xcd,0x84,0x58,0x59,0xf6,0x99,0x61,0x27,0x51,0x19,0xdb,0xe4,0xf7,0x15,0xe5,0xec,0x5a,0xa9,0x8b,0xb8,0x74,0x16,0x75,0xb3,0xc2,0xd0,0xc8,0x9f,0xee,},{0xe0,0x6a,0x7a,0x41,0x44,0x57,0xbb,0xbe,0xf2,0xba,0xc3,0x77,0x5c,0xca,0xd0,0x87,0xda,0xcb,0x1f,0xa4,0xbf,0x93,0x88,0x94,0xe8,0xc9,0x29,0x11,0x8e,0x09,0xe6,0x78,0xdd,0x19,0x93,0x8b,0xc8,0x8f,0x43,0xed,0x0f,0x7d,0x31,0xcc,0x6a,0x0e,0x60,0x2c,0x4e,0x4d,0x1f,0xee,0x33,0xd4,0x1e,0x74,0xa1,0x19,0xfa,0x2d,0x1e,0x4e,0x34,0x0f,},"\x96\xaf\x54\x0e\xa2\xb1\x92\x3f\x5f\xd0\xaa\xd3\x21\xac\x03\x20\x70\xc2\xd6\x5b\xa1\x3d\x16\x4e\x75\xc3\x46\x97\x58\xfc\xf3\x1b\xb3\x16\x55\xcb\x3a\x72\x1f\x9c\xb3\x4b\xe2\xc9\x0c\x77\xeb\x65\xbe\x37\xf6\x06\xd3\x2a\x91\x7a\x4c\xb9\xa7\x09\xac\x07\x05\x22\x99\x30\xef\x6e\xb6\xfd\xb0\xfa\x3c\x0f\xd3\xa9\x0c\xe1\x71\x67\x4e\xe3\xed\x06\x35\x4b\xaf\xc3\xc7\x07\x54\x67\xa5\x74\x45\xb8\x03\x85\x64\x04\x47\x90\x2b\xe3\x92\x62\x89\x4b\x1f\x64\xfe\xa5\x82\x87\xdc\x32\x2d\x19\x87\x59\x72\xa7\xc8\xbe\x91\xd3\x1f\x02\x1c\x70\xeb\x68\x2f\xdf\x11\xa1\x0f\x8f\x58\x2a\x12\x6e\x06\x47\x94\x83\x8c\x69\xfd\xf6\x4f\x5b\x6e\x8b\xa5\x9d\x48\xb4\x38\x4f\x8e\x9f\xb5\xc0\x87\xcc\x77\x38\x29\x5c\xd3\x23\x44\xba\x3b\x69\x7e\xe6\xb6\xa8\xb7\x8e\xe7\xa9\x57\x5c\x97\x97\x2a\x4d\x1b\xb1\x84\x86\xf9\x03\x7a\x0f\x3c\x6f\x47\x1a\x90\xf8\x64\x98\xdb\xc0\xdf\x52\x32\xc0\x7e\x8c\x01\xb6\x90\xbe\xe7\x53\x02\x99\x2a\x7a\x36\xfb\x44\x37\xc2\x5a\x8b\xf5\xe3\x4c\xf7\xd5\xb5\x55\x72\xc7\x00\xa0\x79\x84\x8d\x38\x13\x64\xf9\x94\x6a\x91\xeb\x16\x03\xff\x3d\xe5\xeb\xdd\x52\x3b\xd9\x25\x64\x81\x8e\x23\x7a\x53\xe8\xf5\x22\xde\xaa\x2c\x29\xb8\x97\xe9\x61\x58\x6e\x10\x0e\xd0\xfc\x0a\xd7\x0d\x16\x09\x34\xe6\x94\x02\x7e\x5c\x95\x79\x20\xbc\x05\x46\xe9\x01\xbe\x39\xa8\x45\x35\x59\x7e\x1f\x28\x0c\x22\x22\x67\xab\xe9\x7f\x41\x20\x5d\x81\x71\x82\x0d\xd2\xfa\xaf\xc0\x69\x94\x19\x32\x1a\x91\x60\xf6\x9b\x99\xfd\x41\x18\x09\x45\xb6\x2d\x2d\xd1\x05\xcc\x7b\xbe\x82\x1d\x28\x60\x5e\x09\x8e\xdf\xa8\xb2\x30\x9a\xeb\x05\x34\xe7\x56\x37\x7f\x59\x93\x7c\x67\x46\x3f\xd8\x7c\x8b\x92\xab\x58\x11\x9c\xf4\xce\x6c\x66\x5a\xf5\x72\xfb\xae\x1d\xe4\xa2\xcc\x71"},
+{{0x7a,0x5c,0x74,0x31,0x4e,0x11,0x83,0x33,0x4a,0x4b,0x62,0x26,0xb9,0xa8,0x2d,0x70,0xfc,0x2a,0x12,0x4e,0x3f,0x87,0xdb,0x6a,0x22,0x83,0xee,0x05,0xb6,0x8e,0x34,0xe0,},{0xbe,0xae,0x7d,0x3d,0xd9,0x7c,0x67,0xf6,0x27,0x3b,0xfa,0xa0,0x66,0x13,0x1f,0xed,0x8a,0xce,0x7f,0x53,0x5f,0xe6,0x46,0x4e,0x65,0x79,0x1c,0x7e,0x53,0x98,0x57,0x6c,},{0xc2,0xab,0x1f,0x6f,0x51,0x14,0xa8,0x4f,0x21,0x85,0x02,0x58,0x2c,0x56,0x7b,0x37,0xa8,0xbd,0xbc,0xdf,0x63,0x40,0xfa,0x46,0x22,0x87,0x3b,0xe8,0x91,0x06,0xf0,0xa9,0x0b,0x48,0x29,0x50,0x5f,0x72,0x12,0x9d,0xf0,0xab,0x3d,0x85,0x13,0x26,0x87,0x74,0xa3,0x4d,0xf3,0xad,0x21,0xce,0x25,0x4b,0x46,0x44,0x88,0xad,0xdd,0x6c,0x9b,0x04,},"\x98\xba\xc6\x72\x47\x55\x91\x29\x92\xad\xc2\xa4\x8b\x54\x42\x37\x6f\x2d\x92\x79\x97\xa0\x40\xfb\x98\xef\xe5\x44\xeb\x0c\x8e\x18\x66\xb9\x61\x6e\x29\x8d\x33\x60\x31\x6e\xd9\x76\xbd\x94\x6a\x41\x1f\xdd\x3a\x6b\x62\x5c\x0c\x1a\x37\xaf\x0f\x41\xcf\x65\x69\xa7\x88\x4a\xb8\x46\x74\x91\xa9\x87\xdf\x3e\xa7\xa0\xb7\xeb\xc4\x69\x25\x69\xa3\x4c\xe3\xa2\xea\x35\x03\x49\x5b\x2c\x02\xd4\x9d\x7d\x7d\xb5\x79\xd1\x3a\x82\xcf\x0c\xf7\xa9\x54\x7a\x6e\xae\xbe\x68\xe7\x26\x7d\x45\xa6\x0b\x8d\x47\x72\x45\x52\x28\xcc\xa4\x03\x6e\x28\x2e\x1a\x12\x16\xf3\x4c\xef\x7e\xa6\x8f\x93\x82\x70\xbd\xb0\x42\x93\xc8\x85\xd0\x05\xf9\xf7\xe6\x38\xa8\xb4\xea\xd2\x62\x6c\x09\x45\x17\x4f\xf2\xa3\xe2\xd6\xe1\x5a\x4c\x03\x38\xc0\x9e\x12\x60\xf0\x92\x8c\xa9\xd3\x49\x98\x24\xf3\xfe\xdc\x47\x85\xda\x49\xc5\xc3\x4a\x56\x85\x5e\x24\x1f\xac\xc6\x34\x7a\x39\x9d\xdc\xac\x43\x99\xa8\xb1\x58\x19\x8c\x15\x14\x61\xa3\xb1\x89\xe5\x8e\xc1\xf7\xef\xcf\x2a\xb2\x03\x1f\xb1\x7b\x6f\x03\x5b\xa1\xf0\x92\xe9\xee\xe2\xe9\x2c\x2d\x6c\xc2\x03\x22\x87\xf8\x54\xb4\x1e\x70\xfc\x61\xc8\xd1\x1a\x2e\x4f\x07\x08\xf0\x2e\xeb\xd0\x2e\x8c\x7e\x8c\x7b\x38\xa5\x7b\xfa\x1a\x74\x5f\x3a\x86\xc2\x39\x09\xf6\xf8\x9a\xb1\x6c\xe7\xe1\x81\x3c\x1d\x20\x14\x7f\x31\xb4\xcf\x2a\xd0\xb6\x06\xfb\x17\xe5\xac\x1a\xb5\x1e\xf4\xa7\xd8\x09\x3c\xee\x9a\x65\x5f\x47\x1d\xc5\xb1\x46\xbd\x1b\x93\xe5\x40\xa3\xd3\xd3\xe2\xde\x81\x05\x91\x1c\x10\xd6\xab\x5f\xf7\x9c\x2d\x06\x02\x7f\x7a\x54\x56\x1f\x20\x71\x41\x4b\xd3\x30\xa8\x78\x54\x42\x25\x1c\x81\x0e\x23\x2f\x83\xc3\x67\xf0\xbe\x77\x99\xa9\x3f\x52\x38\xf7\xf1\x7b\x5b\xe8\x29\xfd\x89\x12\x3c\x04\x83\x3a\xf8\xb7\x7e\x5a\x43\x63\x04\x7c\xec\xa7"},
+{{0xda,0x80,0x06,0xad,0xc4,0x92,0xca,0x5d,0xc8,0x6c,0x29,0x59,0x43,0x7a,0x75,0xde,0xb6,0x12,0x0f,0xf7,0x87,0xd2,0xec,0xb9,0xc2,0x0c,0x30,0xb5,0x2c,0x26,0xbc,0x41,},{0xff,0x11,0x3b,0xf0,0xaa,0x58,0xd5,0x46,0xf2,0x38,0x5d,0x44,0x4e,0xcb,0x78,0x88,0xf8,0xca,0xba,0x43,0xa1,0x74,0xa8,0x9f,0xd6,0x06,0x5f,0x2b,0x7d,0xc1,0x7b,0xf0,},{0x1f,0x53,0x75,0xdc,0xb3,0xad,0x2b,0xaa,0xff,0x95,0x6d,0x85,0x54,0xec,0xb4,0x24,0x17,0x6b,0xe9,0xa6,0xeb,0x9e,0xa5,0x4e,0x81,0x4e,0x0a,0x73,0xdf,0x2a,0x5d,0x84,0x8a,0xda,0x26,0xba,0x8e,0x18,0x05,0xcd,0x51,0xc5,0xe1,0x69,0x50,0xc1,0xff,0x7d,0x4d,0x27,0x64,0xda,0xa6,0xf4,0xc7,0x50,0x2f,0xb8,0x65,0xcb,0xe5,0x5a,0xaf,0x0b,},"\x3e\xb4\x32\x4d\xbc\x01\x49\xd2\xe7\xd6\xdf\x63\x2b\xb0\xcb\xe9\xa9\xf6\xdf\xa8\x3e\x22\x7f\xc0\x7b\xde\x1b\x57\x7b\x36\x11\xfb\x92\x1c\x9f\x83\x13\xf0\x68\xe6\x29\x5d\x49\x13\xa8\x19\x6b\xe5\x30\xf6\xa0\x1f\x57\xc0\x9c\x02\x84\x91\x44\x4b\x78\x47\x20\xe9\x09\xea\x1f\xb6\x9c\x1c\x1d\xd6\x30\x44\x00\x32\x7b\x77\x31\xb3\x3c\xc4\x6d\xeb\x04\x6c\xda\xb6\xad\x1b\x53\xf1\x74\x9a\x0c\x65\xcb\x9a\x7e\x37\x6f\xfa\x02\x23\x0f\x53\x65\x84\xae\xa2\x43\xc6\x39\x10\x3a\xdb\xba\x76\x43\x21\x64\x9d\x7e\x01\x26\xf8\x2e\x0b\x4f\xd9\xdc\xb8\x6c\x73\x1c\xbc\xc5\x17\xf2\x01\x68\x41\xe9\x16\xbc\xd5\xfd\xe8\x71\xdc\x09\x8c\xd9\x13\xdc\x54\x62\x84\xd1\xb2\x16\x5c\x63\xe8\x8f\x32\xa2\x78\x9a\x50\x08\x56\x37\x1b\x50\xd2\x2f\xb8\xc8\x7d\x1a\x3c\xae\xdc\xdf\xd0\x1e\xe5\xf8\x70\xa5\x3c\x28\x41\x81\xd6\x32\xec\x66\xd4\x8b\x6b\xdd\x56\x46\xac\x39\xc9\xe7\x53\x38\xa5\x20\x21\x20\x62\xbc\x34\x66\xef\x5c\x58\x76\x55\x70\xb9\x05\xf6\x3a\x93\xd0\x7f\x8f\x1b\xaa\xc3\x52\x6b\x01\x6d\xa7\x99\xf3\xe9\xe0\x3a\x4f\x7f\x81\x35\x5e\x0f\x7a\x76\xf3\x0a\x42\xb8\x07\x32\x20\x51\xb7\x1c\x62\x6a\x7a\x29\x6d\x75\xb9\xd9\xd1\xa2\x3b\xcb\x13\xc9\xef\x48\xa9\x12\xdc\x05\x73\x25\xd3\xbc\xfb\x3f\x9f\xad\xaf\x0c\x24\x9b\x10\x2a\xeb\x85\x4a\xa3\x63\x1e\x34\xf6\x9a\xd9\x0c\x2a\xb2\xed\x33\xba\xcc\x40\xb9\xed\x10\x37\xfa\xe6\x7c\xdf\x79\x9d\x5a\x9b\x43\x78\x59\x61\x12\x7d\x62\xf8\xe0\xbc\x15\x89\xfd\x1a\x06\xfc\xa2\xae\xa7\xcf\xc0\x12\xcb\xf7\xb5\xb2\x07\xdd\xc4\xe6\x77\xd8\xae\x4a\xec\x10\x00\x45\xce\x36\xc0\x0b\x74\xd1\xd2\x82\x50\x79\x12\x36\xdc\x5d\xcc\x1e\xd3\x13\xc8\xc2\x46\x17\x26\x66\xf7\x52\x17\x43\x7c\x60\x34\xac\xd6\x41\x98\xcd\x96\xdf\x2a"},
+{{0xa2,0x84,0xe2,0x6b,0x97,0xe5,0x38,0x83,0x9c,0x80,0x8d,0x45,0xbd,0xe6,0xf0,0x12,0xa3,0x54,0x45,0x4a,0xef,0x81,0xca,0xa8,0xc5,0x59,0x14,0x62,0x4f,0x2b,0x7d,0x66,},{0x5a,0xe4,0x6e,0x34,0x69,0x5e,0xfa,0xf4,0x63,0xa4,0x20,0x8f,0xc4,0xe3,0x5b,0x81,0xf2,0xc6,0x35,0x93,0x23,0x8a,0x56,0xf2,0x44,0x4b,0x85,0x0f,0x05,0x8c,0x3c,0x5c,},{0xbf,0x11,0x0e,0x2e,0x9c,0xec,0xbc,0x31,0xfa,0x3e,0x0c,0x24,0x38,0xcd,0x1f,0x43,0x21,0xf9,0x2c,0xd2,0x87,0x00,0x5a,0x48,0x52,0x8a,0xdd,0xf7,0x6c,0xad,0x8d,0x88,0xbb,0x22,0x71,0x9e,0xf9,0x1b,0x13,0x95,0x62,0xa1,0x51,0x18,0x38,0x68,0x26,0x74,0xfa,0xa9,0xff,0x7e,0x7a,0xde,0x6c,0x9d,0x57,0x3f,0x84,0x50,0x36,0xd1,0x89,0x05,},"\x9e\xbf\xe9\x10\xb5\x0a\x5c\xb7\x19\xd9\x5b\x96\x1e\x59\x05\xf0\x0e\xc7\x94\x3b\x55\x46\x8a\xb5\x95\x66\x92\x01\x76\x45\xb3\x66\x07\x1f\x8f\xbb\x77\xeb\x49\xec\x73\xea\x7d\x64\x51\x14\x05\xb9\x0d\xe2\x2d\xb9\x8c\x3e\xae\x39\xc4\x03\x9c\x7a\x13\x34\x30\xe8\x01\x0b\xdd\x39\xa0\x0f\xd1\xa5\x28\xb1\x13\xda\xe1\x49\xcf\xad\x3a\xe3\x40\xda\x27\xdc\xc5\x07\x78\x2e\xcd\x89\x29\x23\x75\x17\xaf\xe7\x46\x3e\xca\x24\x73\xc7\xac\xf6\xf7\xaa\x04\xef\xc9\xf2\x66\xae\x7b\x6d\x63\xbb\x8c\xc2\xa4\x38\xb3\x44\x82\x7f\x07\x13\xd1\xf1\x73\x6f\x0c\xbb\x65\xb9\x93\x53\xf2\x03\x55\xfa\x02\x30\xd4\xfa\x70\x73\x28\xa8\x66\x26\x54\xe8\x3a\xd0\x53\x0a\x10\xf9\xa6\x9e\x17\xc0\x99\xe1\xe2\xb5\xdb\x18\xe5\xf6\xf1\xdc\xed\xa5\x88\x3e\x8c\xab\x79\x70\x1a\x5e\x90\x89\x56\x2e\xd1\x53\xad\x08\xc6\x74\xf0\x97\xc2\x8e\x4d\x16\x63\x3e\x09\x29\x69\xa8\xf0\xbd\xac\x54\x52\x7c\x0e\xe0\x3b\xc2\x00\xe5\xbe\x61\x2e\x3d\x1e\xab\xd8\x70\x91\x10\x1b\x49\x62\xaf\xa0\x7b\x31\x08\x06\x99\x2f\x37\x30\x76\xd7\x6a\x58\x18\x51\x18\x13\x7c\x9d\x26\xee\x2c\xd4\xc6\x18\xc1\x82\x83\xdd\x19\xf0\xe7\xa0\x89\xee\x37\x30\x5b\x6b\x95\x18\xa7\x8d\x80\x98\x43\x6e\xf6\x2b\xe7\xd6\x99\x80\x8a\xce\xcf\x67\x93\x9d\x61\xb3\xe0\x29\x37\xcd\x8c\x5f\x1e\x74\x6d\x42\x74\x33\x4b\xc9\xc3\x7f\xdc\xba\x23\x4c\x16\x6f\xd7\x12\x89\x3f\x3a\x04\x08\x32\xec\x54\x25\xe5\x7d\x80\xf1\x1e\xf9\xca\x5f\xbc\xd6\xc1\x47\xfb\xbf\x5e\x2f\xae\x74\x6e\x0d\xdb\x60\x58\x67\xe3\xbd\x05\x04\x83\xc3\xcd\x13\x29\xab\xe5\x7a\x60\xbf\x88\x89\x8d\xc7\xe8\x0e\xde\x0f\x45\x17\xde\x8f\xc8\x07\xe8\x88\xb6\x21\xa0\x0f\x66\x30\x84\xff\x94\xb9\x99\x96\x62\x8f\x3b\x11\x69\x0a\x60\xf0\x91\x8c\xb5\xc9\xa7\xef"},
+{{0xcc,0x97,0xa9,0x63,0x01,0xce,0xed,0x0f,0x92,0x27,0x31,0xb6,0x85,0xba,0xd8,0xad,0x4f,0x06,0x20,0x7b,0xe3,0x40,0xf5,0xa4,0x4f,0xd1,0x87,0xf2,0x99,0x03,0xec,0x20,},{0xeb,0x56,0x3a,0x7b,0xce,0x12,0xdb,0x97,0xf1,0x89,0x1d,0x0f,0x61,0x0b,0xeb,0xd5,0x51,0x01,0xa3,0x12,0x5c,0xa8,0xdb,0xb5,0x0b,0x25,0xa6,0xb5,0x05,0x0d,0x37,0x84,},{0xff,0xbd,0xd3,0x24,0x41,0x81,0xcd,0xf6,0x03,0x4f,0x4a,0x45,0x0f,0xdd,0x95,0xde,0xe4,0x97,0x1a,0x93,0x3f,0x8b,0xe0,0x22,0xbb,0x0a,0x41,0x06,0xae,0xf3,0x9a,0xf3,0x05,0x5b,0x72,0x18,0x81,0xc9,0xb5,0x4d,0x1e,0x99,0xb9,0x40,0x90,0x96,0xfb,0xe6,0xdc,0x2c,0x99,0x66,0xe3,0x67,0x99,0x64,0xbd,0x7e,0xf4,0xc8,0x08,0xca,0xbf,0x01,},"\xb9\xea\x3b\x3d\xf7\x18\x7e\xa4\x15\xa3\xc3\x35\xe0\x83\x4e\x10\xf4\x40\x91\x5b\x2a\xd4\x1c\x71\xf2\x55\xd6\x95\x0a\x4e\x91\x20\xe4\xd4\x94\xfd\x9e\x67\x2c\xe5\x32\x06\xfd\xc4\x17\xd8\x65\x89\x7b\x47\xac\x10\x54\xe1\xca\x10\x68\x19\x52\x32\xd4\x29\x74\x35\xe4\x4e\x12\x24\xe6\x6a\x91\x2d\x9d\x7d\x18\x29\x46\xff\x5a\x9f\x08\x5b\xb8\xba\x19\xc5\x4d\x16\xb5\x86\xa9\xb3\x04\x61\xb6\x77\x3b\x93\x95\x03\x11\xe1\x61\x98\x86\xf5\xa5\xb3\xf1\x11\xaa\xad\x09\x4b\xae\x31\xc4\x8f\x19\x41\x08\x09\x68\xbd\x02\x77\xbb\x6f\xa9\x2e\xeb\xf3\x24\xb1\x92\xdf\x5c\xc9\x69\x51\x6c\x78\xc7\xb2\xd1\x21\x59\xb4\xd1\xc8\xeb\x03\x16\x0c\x4c\xd1\x90\x7f\x62\xed\x4b\x85\x4c\x56\x9e\xcc\x48\x1c\x08\xe6\x36\xf4\x4e\xd7\xc3\x90\xe5\x8b\x59\x37\xd2\x90\x6b\x28\x17\xbc\x37\x69\xda\xd9\xda\x1b\x0f\x79\x39\x1b\x55\x94\x20\x63\x05\x5d\xa0\xd6\xf2\x49\xa3\xe4\x52\xba\xdd\xaa\x03\x29\x98\xd7\xf7\x33\x98\xcc\xd0\x15\x1b\xfc\x92\xc5\xe2\xfd\xfa\x9b\x14\x85\x5e\x6b\x0d\x37\x46\xdc\xe2\x48\xe2\x19\x67\x29\x87\x25\x2e\xc7\x47\xdf\x27\x47\xfd\x3f\xbd\x8b\x71\x4c\x88\x2d\x70\x7e\xe3\x02\xa9\x04\x95\x0c\x34\x75\x4f\x85\x35\x0e\x1a\xa3\xf8\xea\x62\x93\xcf\x01\xf7\x17\xce\xfb\x6b\x83\xa2\x21\x26\xdf\x5c\x4f\x56\x98\xaa\xfd\x06\xa2\x24\x4a\xd7\xd0\x1f\x34\x01\x7c\xa0\xec\xe6\xf2\x10\x40\x04\x8a\xba\x6c\xa4\xae\xb0\x43\x25\xb9\x40\x2b\xcd\x43\xab\x13\x0a\x10\x57\x88\xac\x3d\x7b\x7d\xa0\x1e\xa9\x42\x6d\xd0\xea\x19\x33\xa8\x18\x99\x33\xa6\xc0\xc6\xcd\x64\x8e\xa3\x16\xa7\x46\x9a\x5f\xdc\x6e\x7c\x93\x4d\x91\x86\x58\x60\x97\xb5\x5d\xd5\x1a\xc4\x87\xbb\x80\xed\x11\xd4\xdf\x8d\x33\x62\x6b\xbc\xe9\x5e\x4f\x13\xbd\x49\x92\x2f\x00\xc9\x20\x22\x3f\x4c\xbf\x93\xcb"},
+{{0x67,0x9e,0x3e,0x34,0x77,0x3a,0xbe,0x4a,0xe2,0x5c,0xae,0x7d,0x07,0xcc,0xd0,0xeb,0x3b,0x0e,0xc0,0xa3,0x5d,0x57,0x02,0x57,0xd6,0x25,0x70,0xde,0x58,0xea,0x25,0x16,},{0x18,0xac,0xff,0xce,0x25,0x3b,0x27,0x25,0x95,0x79,0xed,0x99,0x24,0xf4,0x79,0xca,0xe3,0x12,0x16,0x7b,0xcd,0x87,0x6e,0xdb,0xa8,0x8b,0x5d,0x1d,0x73,0xc4,0x3d,0xbe,},{0x1a,0x51,0x02,0x26,0x28,0xcc,0xbb,0x88,0xea,0xe9,0xb2,0x17,0x73,0xc3,0xf8,0x30,0xb7,0xb6,0xe5,0xbc,0x36,0xc9,0x90,0x3c,0xe7,0x0f,0xbc,0xf4,0x59,0xd6,0xa1,0xed,0x8a,0x1d,0xce,0xff,0x5b,0x19,0x26,0x9e,0xbf,0x5a,0x6f,0xd3,0xd8,0x95,0x88,0x60,0xf5,0x54,0x46,0x1f,0x0e,0x9f,0xc0,0xe2,0x9a,0xf9,0xb1,0xfb,0x17,0x44,0xa8,0x0b,},"\xfb\x2b\x64\x8e\xbb\x16\x68\x82\x44\xf7\x8b\x2e\xe9\xa2\x73\x59\x9d\x56\xb6\x19\x89\x00\xd4\x38\xa9\xe9\x9c\x19\x14\x25\xc7\x2b\xec\x4f\x23\x58\x47\xe1\x8e\x47\xf5\x7c\x3c\xb3\x96\x65\x5f\x77\x89\x21\xf9\x08\x58\x0e\x8e\x83\xc9\x6c\x10\x8b\x20\xdd\x41\x66\x78\x02\x1b\xca\x25\x9b\x98\x51\x8f\xab\xb2\xd3\x53\x2e\x48\x51\xd9\xd5\x2a\xdd\x25\x42\xc0\xcb\x3e\xfa\x38\x57\xa1\x7e\x51\x24\x38\xbc\x0e\xc4\x76\x2e\x2f\x9b\xab\xa4\x29\xc0\x3e\x99\xbe\xc4\x03\x8e\x6b\x0c\xa4\x2b\xff\x5b\x23\x3b\x24\xc3\x33\xb4\xca\xea\xd2\xde\x37\x4a\x87\xb2\xab\x5d\x80\xd6\xe4\x9e\x44\x56\x32\x9d\x51\xae\x97\x3b\xc8\x3d\x78\x62\xf3\xd3\x15\xe5\x14\x48\x1b\x12\x85\x4a\x9d\xfc\x09\xe7\xd1\x4f\x0d\x02\x2c\x0b\xa3\x02\x25\x78\xeb\xa8\xf8\x74\xde\xba\x4a\xa8\xc8\x33\xf2\xb1\x32\x86\x1d\x4d\x51\xe5\x0f\xe9\xaa\x4b\x78\x7b\xd2\xf0\x51\xaa\xc5\x0c\x37\x53\x90\xcb\xbc\xfb\xa2\x00\x2b\x80\xad\x00\xcd\xc1\x29\x80\xf8\xba\x8b\xcb\x70\x64\xaf\xc0\x4d\x5c\x46\x82\xc1\x02\x9b\x10\xa6\xd4\x5f\xe6\xec\xd7\x04\x24\x5f\xaf\x59\x8c\x46\x59\x59\x7c\x5d\x68\xa1\x92\xcc\x1c\xd4\xfa\x45\xe8\x4b\x54\x9e\x8e\x5e\x67\xda\xa8\x79\xae\x5a\x52\x0a\x6b\x55\x50\x51\x98\x76\xa5\x62\xac\x49\xc6\xdb\x0a\xa7\x6e\xc6\x9b\xb6\x4d\xd6\xb5\xe1\xa3\xaf\x2e\x13\x1e\x72\x2e\x7c\xdd\x05\xbe\x34\xb5\xfc\xc6\x25\x9a\xa1\x24\xcc\xf8\x14\xcf\x5b\x50\x0d\x17\x6b\xe2\x8e\xbc\x40\xbb\x21\xf0\x3e\x24\xcc\xc1\x31\xe0\xf4\x1d\xaa\x1c\xa0\x2e\x6b\x00\xc9\xc5\x3f\xad\x12\x48\x61\x4e\x94\x0d\x4b\x23\x77\x60\xab\x75\x69\xa7\x67\xb7\x51\x5d\xd2\xd6\x23\xe5\x7a\x28\x41\xb7\xd2\x44\x1c\xf4\x30\x49\xe4\x69\x8d\x2f\x9c\x9e\xae\x7b\x29\x10\xf6\xad\x65\xed\xf9\xcb\x2b\xdb\xd9\xb2\x9f\x60\x6e\x0d"},
+{{0x9b,0xfa,0x60,0x92,0x3a,0x43,0xed,0x0c,0x24,0xe2,0xf1,0x2f,0x5b,0x86,0xa0,0x71,0x63,0x29,0xf9,0x3d,0x4d,0x8d,0x3e,0x06,0x23,0x80,0x02,0x89,0x32,0x78,0xc1,0x9a,},{0xfb,0x1c,0x00,0x68,0x77,0x81,0xb5,0x5b,0x89,0x3d,0x6b,0x2f,0x4f,0x49,0xcf,0x5f,0x73,0xd2,0x90,0x3c,0x31,0x6d,0x1e,0xee,0x75,0x99,0x1d,0x98,0x3a,0x18,0x68,0xc0,},{0x55,0xf2,0x02,0xef,0xb2,0xa5,0x7b,0xe8,0xb4,0xe4,0xfd,0x89,0x4d,0xcc,0x11,0xa4,0xfc,0x5f,0x82,0x76,0x61,0x8e,0xf5,0xcd,0x34,0xa4,0x49,0x5a,0xdb,0x01,0x6a,0x29,0x8e,0x64,0x80,0xa3,0x5c,0xfc,0x53,0xed,0xb2,0x5f,0xf1,0x49,0x9f,0xc5,0x32,0xa3,0x30,0x61,0xcc,0x01,0xa2,0x50,0x45,0x8a,0xa5,0xe4,0xf7,0xf1,0x6f,0x51,0x44,0x0d,},"\xa9\x90\x28\xb0\xf4\xa3\xaa\x5e\x79\xab\xef\x6c\x0d\xf4\xa7\x83\xef\x47\x0f\x1a\x29\xba\x51\xeb\xa0\x0f\x62\x14\xe8\x40\xfe\x19\xe5\xb6\xdc\x60\x21\xab\x59\x9b\xb2\xee\x36\x99\x57\x60\x15\xd7\x9a\x79\x39\xaf\x82\x35\x35\xb6\x30\xe3\x93\x8c\x72\x3f\x6e\x0b\x92\x29\xd4\x6b\xb3\x37\x9a\xcd\xba\x58\x7c\x23\x85\x67\xe3\xd8\x9b\xc3\xbd\x35\x19\xb7\x27\xfc\x69\x4f\xff\x11\x18\xbf\x22\xc8\xbc\x8b\xc8\x2c\x4d\xf7\xf5\xad\x38\xde\x05\xfe\x9f\x76\x29\x99\xec\xaa\x79\x5f\x3a\xe6\x30\xa9\xa3\x16\xd2\x6d\xce\x9f\x15\x68\xff\xa3\xf2\x2b\x02\x95\x21\x40\x20\xb3\xd3\xf5\x33\x7c\x14\x95\x68\x19\x22\x18\x13\x2a\x90\x70\x92\x79\xc0\x1d\x23\xba\xef\xa6\x69\xe1\xc4\xe4\x20\x38\x17\x3f\x13\x19\xc2\x12\xda\x14\x4f\x1c\x4e\xa4\xc5\x2c\x00\x5c\xbc\x0b\x5b\xc2\x83\xe7\x44\x83\xa0\xdc\xa6\x92\x79\xde\xb1\x7a\xe5\xb2\x9c\xfa\xfa\x7d\x00\x63\xf4\xe1\xbc\x93\x53\x7e\xfd\x93\x7e\x58\xa8\xac\xa7\x37\x22\x8f\x93\x7f\xf2\xa7\x41\x89\x0e\x96\xc5\x72\x5d\xa1\x1b\x45\xc4\x13\xa9\xbb\xb4\x18\x0a\x41\x99\x87\xbb\xf0\x46\xbf\xd3\x46\x29\x5d\x62\xf0\x81\xc7\x6d\xaf\x2b\x0e\x1e\xb4\xf6\x71\x2f\xee\xbe\x6f\x0a\x92\xe3\x58\xe7\xdd\xb8\x58\x96\x50\x7c\x34\x0a\x01\xf6\x8d\x1b\x0f\x08\x57\x78\xb7\xc4\x4b\x01\x4a\xa6\x67\x3e\x50\x17\x96\x95\x9a\x17\xa6\x88\xdb\x09\x59\x05\x84\x88\xa7\x11\x25\x72\xf2\x3c\xf9\xcd\xb5\x3b\x5e\xb4\xb4\x5f\x59\x53\xba\x0c\x0c\x69\x0f\x86\xbd\x75\xe8\x9a\x04\x7b\xeb\xaf\x84\x7c\x1d\xfc\x34\x5a\x4f\x3c\x7d\x3b\xee\xc9\x8b\x84\xb0\x21\x90\x03\xe8\x19\xf5\xc2\xad\xb4\x5f\x87\x17\x90\x3d\x1f\x5b\xd5\xd7\x19\x14\xc5\x6f\xca\xbc\x7a\x29\x0f\x9c\x41\x69\x9c\x95\x58\x4d\x6a\x3a\x16\x34\x0c\xb1\x7b\xaa\x1f\xc5\xe5\x46\x7a\xf7\xac\x32\x21"},
+{{0x6e,0x3a,0xf4,0x5e,0x66,0xe2,0x28,0x90,0xc3,0xf3,0xc9,0x34,0xf5,0x23,0xa4,0xd6,0x94,0x27,0x97,0x6e,0x6e,0x52,0x62,0x5f,0x8b,0xad,0x55,0x89,0x93,0x96,0x32,0x19,},{0xe0,0x97,0x36,0x4e,0x76,0xff,0x9f,0x2e,0x1d,0x16,0x7f,0x6b,0x20,0xc1,0xbc,0x58,0x30,0x08,0x5e,0x7e,0xc9,0x93,0xc1,0x38,0xf8,0xb1,0xb2,0x17,0x56,0x37,0xe7,0x41,},{0x26,0xba,0x56,0x2e,0x8a,0x40,0x65,0x70,0x82,0x07,0xc2,0x5e,0x23,0x9b,0x78,0x0a,0xee,0x38,0x79,0x4c,0xf9,0x83,0xa3,0x7a,0xcb,0xb9,0xd5,0x57,0xa6,0x5c,0xee,0xd3,0xc0,0xda,0x47,0xd1,0x7f,0x3e,0x8b,0x8f,0x4e,0xeb,0x1b,0x65,0xa2,0xc1,0x82,0xea,0x6f,0x29,0x62,0x3b,0x63,0xbb,0x0f,0x1c,0x72,0x59,0x26,0x83,0xb1,0x26,0xb9,0x01,},"\x5c\xfc\x2f\x4b\x55\x9f\x82\x05\xb3\x91\x02\x08\x76\x17\xf4\xd8\x6c\x7c\xe6\xcb\x25\x1e\x5f\x89\x60\x1d\xfc\x88\xed\x28\xe8\xd7\xa6\x70\xec\x00\x87\xd2\xea\x5d\x89\x30\x21\xc7\x04\x4d\xa2\x89\x9a\x22\xd7\x76\xfe\x90\x17\x0e\x51\xc2\x03\x25\x06\x90\xd3\x7a\x29\x45\x55\xe7\x4a\xf9\x23\x4c\xbf\x1a\xd8\xf2\x2c\xee\x89\x74\x82\x8a\x0d\x09\xe9\x55\x4b\x71\xee\x3b\xcf\x88\x0a\xb9\x83\x25\xf7\x06\x27\x21\x94\xeb\x2e\x80\xc7\x01\xd4\x41\xb5\xf8\x66\x85\x61\xb8\x88\x49\xf8\x27\xaf\x70\x3a\xb0\x95\x41\x05\xfd\x3c\x54\xb3\xf6\xec\x54\x93\x59\x6d\x0e\x3b\xc6\x78\x18\x04\x83\x10\xc4\xa3\xe0\xc5\x56\xbc\x80\x67\x5f\x20\x1f\x9b\xb9\xc6\x53\x8a\x41\xd9\x9a\xa4\x0c\x88\x6f\xc4\x31\x46\x72\x18\xd8\x19\xc2\x3e\x78\x49\x8a\xed\x06\x13\xfa\x6f\x97\x3e\x22\x11\xdf\x9f\xb8\x7f\x44\x11\x6f\x3f\xe4\xc2\x6d\x6c\xb2\xfa\x33\x4c\x87\xf7\x8c\x08\xca\x8c\x9b\x90\x41\xd8\x3a\x12\x30\x67\x7e\x0a\xf7\x88\x59\x8a\x42\xe4\x4c\xfd\xf6\x96\x4a\x4e\xe8\x0e\x38\x40\x2b\xa6\x7c\x73\xa5\x81\xe5\x52\xba\xa2\x28\x24\x25\xcb\x2c\xa1\x7c\xa9\x2e\xdf\xbf\x98\x29\x91\x02\xfb\xa7\x61\xb9\xb7\x1a\x54\x52\x14\x1b\xb9\xc1\x8d\xd9\x5f\xeb\xc2\xa7\x82\xde\x9c\xee\xc0\x8b\xd2\xee\x3f\x7f\x0c\x1b\xd8\x94\x6d\xba\x99\xcf\x9e\xa0\x86\xab\xaf\xd3\x7c\x9c\xa6\x02\x13\xf0\xde\x17\xc6\x1f\xf9\xc3\x91\xc9\x81\x8e\xd5\xcd\x85\x71\x77\x8b\x7d\xcc\x13\x22\x49\x62\x38\x6f\xb8\xca\x14\xf8\x61\xe9\x9f\x3b\x18\xed\xac\x8a\x5f\x13\x0f\x7b\xfc\xd4\x5d\x04\x5d\x0f\xf3\x4c\x81\x57\x2a\x51\x23\x63\xd6\x53\x0f\x93\x81\x3e\x5f\xb1\x0e\x9c\xb8\x33\x8a\x7f\x93\x80\x04\x91\x00\x6f\x44\x63\xe8\x9f\x0e\xd4\x53\x0e\x5f\x12\xdf\x67\x4f\x59\x89\x04\x78\x0a\xd0\x81\x2b\x1e\x35\x21\xfc\xd0\xf8\x3e"},
+{{0x5f,0x1f,0x27,0x18,0x44,0xd9,0xed,0x5a,0x6a,0x6f,0x20,0x9a,0x21,0x40,0x8d,0xae,0xa4,0x70,0xf6,0xfd,0x53,0xba,0x64,0x79,0xd7,0x40,0x71,0x05,0xb7,0xde,0x4d,0x65,},{0x60,0x85,0xd7,0xfb,0x5a,0x9b,0x2e,0xd8,0x06,0xc1,0xfd,0x30,0xa2,0xaf,0xde,0x76,0x09,0x61,0xf7,0xa3,0x6b,0x48,0xf4,0x87,0x52,0x46,0xe6,0x15,0xa2,0xbd,0x99,0x28,},{0x31,0x9b,0xb4,0xde,0xb2,0x17,0x81,0x12,0x24,0x1b,0x3f,0xb8,0xf4,0x6e,0x10,0x5c,0x3b,0x8e,0x4e,0xf7,0x21,0xeb,0x20,0x0d,0x76,0x2e,0xf3,0x63,0xe2,0x71,0x6f,0x2a,0x89,0xf8,0x0b,0x5b,0x9e,0x89,0x97,0x08,0x90,0xa0,0x98,0x92,0xad,0x6a,0x58,0x80,0x8b,0x47,0x7e,0x94,0x3b,0x3c,0xfa,0x77,0x77,0x4a,0x36,0x45,0xbc,0x74,0x5f,0x03,},"\xee\xd6\xb4\x47\x5d\xc2\x63\xbd\x22\x07\xfe\x9d\x41\xd4\x82\x82\xb7\x13\xf6\x80\xf2\xe0\x37\x38\x4f\x18\xb4\xbf\x22\x43\x47\xf5\xe4\xc4\xb0\x60\xb8\x08\xd4\x12\xea\xab\xcf\x73\x3d\xc3\x9a\x40\xc6\xbd\xa0\x50\x5c\xe7\x1f\xa8\x23\xbd\x1b\x17\x94\x84\x76\x78\xdc\x03\x4e\x79\x99\xc1\x63\x69\x34\x0b\xc6\x0c\x64\xd0\x9b\xb9\x18\x7b\x2e\x32\x60\x55\xa0\x53\xf8\xe5\x05\xea\x41\x96\x86\x14\x71\x62\x2d\xb0\xe4\x6f\x0f\x89\x54\xd8\xa1\xf0\x73\x32\xda\x4d\x8a\xc5\x57\x12\x62\x60\x09\x91\x2f\x8a\x15\xa9\xcd\x63\xa7\x4a\x03\xc9\x2f\x24\x6c\xb6\x3c\xc7\x3f\x92\xe5\x1d\xad\x1b\xc9\x71\x5b\x1e\xd3\xfe\x5f\x2e\x1b\x29\x59\xb9\xb7\x1e\x0e\x37\x36\x0e\xb2\x95\x36\xcf\x79\x71\x47\xfa\xb1\x08\x64\xd6\x14\x6c\x36\xb8\x23\x35\xa0\xce\x93\x14\x08\x47\x9c\x7e\xde\x48\x4f\xf7\x3e\x2d\xbf\xff\xc6\xc9\x22\x7e\x16\xd7\xa2\x3f\x4d\x90\xf1\x55\x84\x51\x4c\x39\x59\x4e\x17\xbf\xbb\x29\x5d\xe9\xd6\x2a\xda\xdb\x58\x9d\xbb\xe0\xb0\x6d\xc8\xda\xc5\xb3\xbf\x51\x7b\x24\xc1\x83\x7b\x39\x47\x2a\x6d\xd3\x89\x31\xff\xbb\xff\x5b\x76\x36\x38\x80\x5b\x4e\x22\x32\x1f\x7a\xfe\x92\xcd\xf5\x02\xfb\x63\xd1\x09\xdd\xcd\x9e\x40\x51\xad\x6f\x45\x59\x85\x32\xbe\x17\x95\x23\x71\x08\x51\xd3\x93\x1e\x88\x7d\x02\xc3\x45\xc7\x9c\x48\x9f\xc1\x06\xa4\xae\x16\x2f\x7d\xf7\x1a\xb9\x0b\x75\x1d\xa7\x03\x8a\x6d\xf7\x61\x6c\xfc\x11\x88\x7e\x21\x06\x8f\xb9\xe3\x3b\xe5\x66\x40\x2b\xe5\x04\xf3\xfc\x27\x42\xb8\x81\x50\x9b\xd4\xfe\x6a\x0f\xc7\x22\x64\x98\x83\xf8\xcb\x65\x55\x98\xa1\x5a\x1d\x4c\x22\x9d\xd8\x6b\x5c\xae\xb7\x11\xa0\x28\xde\xfd\x43\x11\x54\xbb\xa4\x6b\x48\x17\x2a\x4d\x8c\xbd\x45\xbc\x90\xaa\xf8\x74\xb6\x08\x5f\xa2\x84\xf5\xfe\xd6\x55\xad\x6f\xa1\x7d\x67\xb3\xb9\xa7\x96\xfa\x3e"},
+{{0x04,0x8a,0xc9,0xec,0x3e,0xcb,0x30,0xa3,0xb1,0xbf,0xda,0x9b,0x3b,0x79,0xa4,0x8c,0x07,0x93,0xb4,0x90,0x87,0x9e,0x3c,0x8a,0x5e,0x23,0xee,0x2b,0xab,0xcd,0x9b,0x7c,},{0x94,0x6c,0x18,0x6f,0xea,0xfc,0x35,0x80,0xa5,0x8d,0xdd,0x52,0x6f,0xf2,0x29,0xc0,0x47,0x20,0x25,0x0f,0x4c,0xf6,0xbd,0xe0,0x27,0x1e,0xef,0x9b,0x12,0xb1,0xc3,0xf3,},{0x2e,0xcf,0x5b,0x8a,0x59,0xa8,0xe2,0x7d,0x25,0x89,0x0a,0x2a,0xa3,0x2f,0x4a,0x06,0x73,0x27,0x5d,0x53,0x9b,0x17,0x4a,0xfa,0x7b,0x2c,0xeb,0xf2,0xe7,0x62,0x80,0xdf,0xfc,0x33,0x8e,0xde,0x85,0xac,0x8f,0x61,0x40,0x39,0x56,0x0e,0x28,0x06,0xd9,0xe1,0xe3,0xcf,0x9c,0xce,0x2c,0xeb,0x78,0x74,0xff,0xe1,0xa7,0xe8,0x0c,0xde,0xf4,0x0b,},"\xd6\x8b\xe8\xef\x7b\x4c\x7a\x42\x89\xf2\xb1\x8b\x16\xad\xe9\x7f\x4e\x4f\xa1\x64\x52\x97\x6a\xfb\x58\x16\x93\x38\x0c\xc5\x4d\xe3\x8a\x07\x58\x7f\x32\xe2\xd4\x54\x9f\x26\x59\x5f\xee\x23\x93\xbd\x06\x2e\x9b\x00\xba\xe7\x24\x98\xe4\x14\x8c\x8b\x88\x2a\x88\x40\xe1\x5b\x58\x5c\x82\xb5\xc0\xde\xfb\x23\x35\x18\x40\x99\x16\x61\x5d\xeb\x3a\x55\xa5\xf8\x4e\x6b\x3a\xab\x93\x84\x4d\xe3\xb1\xe4\xd8\x6e\x09\xf8\x89\xac\x71\xc3\x24\xeb\x12\xd0\xfb\xd8\x61\xcc\x31\x22\x95\x40\xe8\x43\xa3\x4f\x8d\x5b\xe4\x7c\x0e\xc0\xd2\x3d\xf4\x3e\x06\x81\x3f\xca\x30\x94\x39\x90\x4c\x16\x7d\x10\x43\xc0\xdc\xd4\x44\xb0\x04\xbe\x1f\xf2\x7b\x78\x62\xb0\x0e\xba\x94\x33\xb9\x4b\x0f\xcd\xc6\x75\x21\xda\x0c\x1d\x53\x58\x63\x6c\x78\xf5\x30\x43\x11\x64\xdd\xe2\x0a\x1c\xf1\x64\xf5\x1e\x29\xb8\xe6\x3e\xac\xde\xcc\x86\x9b\x41\x39\x2c\x66\x76\x64\xd9\x16\x80\xd9\xac\x51\x6a\xf5\x48\xf0\x9e\x60\x56\x4e\x81\x4e\x36\xe0\xb5\x63\xdb\xae\x55\xc6\x27\xff\xc1\x41\x58\xa5\x6d\x8e\xb3\x60\x9e\x17\x43\x81\xb2\x1d\xe4\xba\x82\x34\x44\x66\xdd\x57\x7f\x4d\x11\x03\xc4\x3c\x27\xfb\x83\xcb\x83\x3d\x87\xaf\xdf\x74\x12\xb4\x09\x09\x09\xb1\xdd\xe2\x64\xda\xdd\xce\x96\x7f\x49\x6b\xf6\xf1\x71\x12\xbf\x35\x1e\x41\x7d\xb5\x95\x3b\x13\xb8\xf0\xfc\xcc\xbf\x30\xf5\xbc\xf3\x76\x86\x1c\x12\xef\x20\xee\xc8\x9e\xd2\x3c\xf3\x84\xee\x78\xdc\x6e\xb4\x0f\xd5\x81\x1a\x7b\x23\x92\x7c\x13\xe7\xdc\x5d\xa3\xa9\x21\xb8\x83\xa9\xb2\xb1\x15\x59\x70\xfb\x0d\xa7\xd2\x99\x3d\xcd\xfd\x43\x43\x64\x2a\x9d\x5a\x63\x47\xe4\x3c\x19\x3b\x57\x93\xe4\x45\x3a\xc1\x53\x7a\xa3\xd0\x4d\xc9\xf7\x74\xe8\x40\x93\x48\x81\xd7\x8a\x39\xba\x25\x04\x38\xc5\x07\x25\x0e\xed\x2f\x6e\x07\xcc\x95\x3f\x78\x3d\x6b\x72\xb1\xcc\x61\x99\x81"},
+{{0x2f,0x05,0x7d,0x20,0xb1,0x67,0x85,0x31,0x61,0x1f,0x48,0xf0,0x03,0xb7,0xd2,0x2e,0xba,0x5d,0xbb,0xd7,0xe2,0xdd,0x41,0xb7,0xc7,0x9d,0x09,0x07,0x1f,0x85,0xe9,0x93,},{0x62,0x0f,0xc4,0xea,0xa3,0x4d,0x78,0x7d,0xf6,0x75,0xcc,0xbf,0x7e,0x89,0x32,0x04,0x82,0x8d,0xb9,0x2e,0xad,0x17,0xa1,0x16,0x5a,0xc7,0xfa,0x1a,0xb4,0x27,0x19,0xd8,},{0x30,0xdf,0x7b,0x0b,0x1c,0x04,0xfb,0x1e,0xfa,0x35,0x17,0xe9,0x28,0xd6,0xd5,0x7c,0x2c,0xa0,0xd0,0x7f,0x4e,0x04,0xff,0xb1,0xf0,0x8b,0x47,0x92,0xc5,0x93,0x7d,0xd2,0x71,0xcc,0xab,0xdc,0x00,0xdc,0xe8,0x50,0xaf,0xe5,0x0a,0xf5,0x99,0x0f,0x22,0x4e,0x84,0x20,0xa6,0x81,0xd9,0x5f,0x9f,0x7f,0x51,0x5a,0xfe,0xc1,0x02,0xef,0xd1,0x0e,},"\x6e\x35\xf6\xea\xa2\xbf\xee\x06\xea\x6f\x2b\x2f\x7a\xb1\x5f\xa9\x7c\x51\x80\x95\x8a\xf2\xe9\x0a\xf9\x18\xad\xfb\x3d\xb8\x32\x3f\x44\x7c\x7b\xf2\x6d\xc5\x34\x99\x7c\x38\xb7\xfc\x97\x7f\x64\x2d\xe2\x88\xcd\xf2\x53\x07\x1c\xac\xf3\x56\x4e\x3b\x8e\xd6\xdc\xe5\x7d\xdf\xba\x9f\xf7\x83\xba\xd2\xe7\x6d\xf1\x24\x82\x8f\xc1\x03\x1a\xcf\xad\xf0\x1a\x44\xd4\x1b\x42\x16\x1a\xd9\x06\x03\x01\xc1\xaf\x19\x28\xb9\xe5\xb7\x3b\x9b\xd2\x1c\xac\x60\xa8\x42\xb5\x04\xdc\x3c\xc3\x11\xc5\x22\xe3\xbb\x04\x8b\xf2\x21\x44\x4f\x53\xce\xb0\x8e\x77\xe9\x48\x59\x0e\x94\xed\x98\xf1\xb6\x04\xcb\x9e\xad\xc9\x3b\xbe\x74\x31\xc1\x14\x9b\x23\x19\x3f\xf9\x3e\x85\x69\xf1\x13\xe1\x68\x4d\x89\x76\xec\xae\x6f\x09\xe0\x10\x36\x14\xbe\x41\x8a\x47\x2e\xf5\x5b\xb8\x89\x0d\x72\xb3\x41\xcd\xd7\x50\x5b\x50\xa4\x55\x22\xab\x63\xed\x79\x1c\xe8\xf8\x2f\xed\xdd\x7a\x62\x0a\x4f\x6f\xb1\xd2\xfb\x0e\xd0\xc4\x56\x0d\x78\x44\x6d\x83\xb3\xd1\xb1\xbb\x56\xb3\x66\xd1\x96\x02\x0d\x06\x24\xb1\xfb\xdb\x75\xce\x73\x5d\xd4\x3e\x8e\x8d\xf1\x63\xc4\x4e\x23\x69\x93\xdc\xa3\x41\xf5\x13\x2d\x82\x5d\x0a\x4e\x39\x3a\x19\xd3\x8f\x61\xe1\x1e\x0c\xf3\x92\xcb\x9b\x64\x6e\xa2\x3c\x58\x09\x98\x24\xdd\x8d\x9f\xbe\x26\xa4\x9e\x33\xb2\x3d\xf8\x06\x07\xab\xf1\x97\x15\x79\x9c\x19\xac\xc7\x22\xed\x9b\xcf\x94\xa0\xc2\x9a\xd2\x4b\x78\xb0\xb0\x35\xb3\x24\x1c\x64\xcd\x86\xed\xea\xc8\x10\xe6\x67\x45\x69\x4b\x5e\xb1\x62\x50\x60\xed\xf2\xd9\x49\xde\x0d\x34\xf5\x22\xdf\x2d\xc6\x0a\xe6\x94\xa1\x93\xf3\xb8\x2c\x1d\x6f\x83\xa0\xcb\xb8\x40\xf4\x6c\x49\xa3\xd7\xd1\xcf\x06\xde\xaf\x96\xc6\x4f\x8f\x9e\x17\xbd\x9a\xd5\x12\xae\x63\x09\xc4\x86\xd9\xe2\xa7\x8d\xce\xec\xa4\x73\xa0\x42\x1d\xd1\xb6\x43\xc7\x87\x54\x27\x1b\x53\xce"},
+{{0x3a,0x3d,0x27,0x97,0x0f,0xe2,0xac,0xb6,0x95,0x1e,0xdd,0x5c,0xa9,0x0d,0xda,0x0f,0xc6,0xdd,0x22,0x9c,0x0a,0x56,0xdf,0x6e,0xb1,0x1a,0x9c,0x54,0xd2,0x42,0xdb,0xbf,},{0x56,0x4f,0x0d,0xc3,0xdc,0x47,0x20,0xe6,0x8e,0x44,0xdd,0x16,0x71,0x1e,0x04,0x9e,0x61,0x12,0x00,0x00,0x98,0xfa,0x62,0xa1,0xb9,0x8c,0x28,0x80,0x42,0xf7,0xc3,0xbd,},{0x22,0xeb,0x8e,0xa0,0x50,0x73,0x49,0xb6,0xa0,0xac,0xe2,0x5c,0xf9,0x18,0x0c,0xb0,0x8e,0x03,0x57,0xb0,0x45,0x02,0x90,0x5f,0xbe,0x69,0xb4,0xe2,0x1b,0x2b,0xd9,0x4e,0x22,0xcf,0xbd,0xb8,0x51,0xae,0x71,0x6a,0x5c,0x25,0x3c,0x70,0xd5,0xe2,0xb2,0x4e,0xa7,0x8f,0x35,0xbc,0x21,0x32,0x92,0x54,0x3d,0x94,0xe1,0x41,0x10,0xb2,0x41,0x06,},"\x43\x74\xf6\x1c\x2c\xd8\x8a\x3b\x89\x72\x24\x9b\xfa\x79\xb3\x6a\xb6\x9e\x3e\xd4\x84\xcc\x60\xe5\xd9\x54\x1f\xa7\x68\x6c\xf4\xee\xd1\x21\x0c\x5d\x0d\xcf\x42\xdd\x25\x97\x25\x01\x90\x91\x93\xca\x76\xae\x6e\xb7\xf4\x71\xd8\xbd\x0d\x5f\xb5\xa6\xb4\x31\xbc\x3d\xe0\xe0\x31\x8d\x50\x51\x45\x24\xde\x87\xc4\xb8\x30\x05\xdf\xb4\x12\x45\xfb\x1a\xf7\x9b\x84\xa9\x7b\x83\xd3\xca\xc7\xad\x7a\x53\x36\x4e\x2e\x9b\x21\xc9\x7b\x76\x9b\xdc\x57\xf0\x70\x31\x16\x16\x83\x80\xf3\xcc\x88\x36\x89\xeb\x4a\x7f\xa3\xb2\x6d\xbe\x12\xbc\x28\xf8\xc4\x03\x81\xaf\x64\xdf\x4b\x53\x61\xd1\x74\xcf\x75\xac\xbd\x46\x42\x87\x40\xb0\xd1\x32\x2d\x32\xbb\xe9\x48\x45\x21\x59\x66\xae\x58\x87\x77\xa8\xc0\x53\x36\xe3\x52\x30\x6d\x49\x27\x8d\x32\x8e\x49\x6d\xb6\x5e\x9e\xcf\x6c\xe6\x40\x5e\xd1\xc8\x93\x49\x0b\xc4\x8c\x13\xa1\x34\xe1\xfb\x6e\x80\xde\xbe\x6d\x32\xfc\xe6\xef\x74\x78\x3c\x8d\x77\x98\x0a\x44\x1a\x26\xae\xb4\xfd\x83\xcc\x85\x53\x52\xce\xdc\x18\x8f\x52\x79\xce\x21\x1f\x74\x4a\x40\xb2\x3c\xe7\xff\x24\x43\x7a\x1d\xd3\x37\x3e\xc5\xb2\x90\xda\x1f\x94\xf4\x3a\x07\xa3\xff\xea\x5b\x5f\x67\xb5\x2c\x19\x61\x85\xbc\xe9\xe9\xa8\x58\x25\x7f\xcd\x7a\x8e\xba\xf9\x04\x0e\xd0\x91\xfa\xce\x5a\x15\x5a\xa4\x47\xfa\x15\xe1\x21\x22\xd2\x5e\x8f\xc3\x6e\xae\xe2\x13\x7c\x7b\x3a\xa3\x0b\x7e\x3f\xf6\xcc\x86\xb6\xdc\xb9\xea\xf4\x9c\x95\x76\xf0\xf4\x62\x00\x84\x39\xcb\x1a\x3a\xba\x01\x3e\x89\x7a\x0f\xaf\x99\x4c\xb7\xd5\x9e\xde\x57\x74\xbb\x14\x47\x74\xf7\x3c\xa3\x0e\x64\x14\xa7\xcc\x7c\x74\xb2\x0c\x51\xa1\x40\x4d\xdc\x41\x9e\xf7\x62\x45\x93\xe9\xbc\xfb\x37\xc0\xa7\x62\xea\xb6\x8f\xac\xa5\x86\x34\x43\xe1\x6e\xdb\x75\x9d\xbc\x87\x88\x73\x2b\x9e\x4f\x59\xc1\x11\x92\xc3\xfc\xc8\x72\xaf\x55\xf3\x2d"},
+{{0x06,0xd4,0x98,0x31,0x8d,0xa4,0x56,0x24,0x2b,0x9c,0x3b,0x9a,0xb6,0xd5,0x32,0xa1,0x28,0xfc,0xe0,0x44,0xf5,0x38,0x82,0x68,0x2e,0x92,0x62,0x14,0x9c,0x16,0x52,0x88,},{0x41,0x35,0x17,0xaa,0x63,0x20,0x0a,0x17,0x17,0x32,0x09,0xa4,0xb3,0xe7,0x8a,0xb9,0x38,0x3c,0xb4,0xe3,0x9e,0xfd,0x67,0x94,0xc4,0x6a,0x2d,0x13,0xfa,0xfa,0x99,0xc0,},{0x82,0x50,0xf7,0x6d,0xc5,0x99,0xc5,0x12,0x87,0x87,0xe4,0xf6,0xd3,0xda,0x23,0x17,0x33,0x30,0xce,0x33,0x20,0xdb,0xa9,0x59,0xbd,0x71,0x4c,0xc8,0xcc,0x07,0xc6,0x79,0x45,0xd6,0x3e,0x75,0x66,0x2c,0x07,0x5e,0x26,0x74,0x60,0xab,0x7b,0xf5,0x61,0xf2,0x4f,0xaa,0xe3,0xb4,0x1d,0xbf,0x67,0x68,0x99,0x19,0x1e,0x3b,0x02,0xb5,0xaf,0x0a,},"\x3f\xe3\x0e\xcd\x55\x07\x7a\x6e\x50\xdf\x54\xbb\x1b\xf1\x24\x8b\xea\x40\x63\xe3\xfa\x75\x5f\x65\xfc\xd1\x15\x9e\xe0\x46\xef\xd0\xeb\x5f\x2f\xbb\x38\xb5\xc0\x09\x47\xc9\x7d\xc8\x79\xb3\x6b\x9e\x53\x61\x92\x28\x60\x86\xd0\xdc\x12\x05\x36\x10\x38\x61\x74\xa7\xc5\x6f\x22\xa8\x5b\x73\xff\x20\x8c\x59\x44\xf3\x93\x23\x6c\x32\x41\x58\x09\xda\x03\x6e\x73\xca\xd8\xfc\x3c\x30\x37\x80\x64\xa7\x6a\xfa\x93\x0a\x3b\xaa\xe9\xaa\x35\x70\x61\xa8\xc5\xe8\xe7\x56\xa9\xce\xcf\x94\xb7\x2d\xf4\x3f\xac\xd8\x8f\xa4\x9c\xb4\x94\x8c\x63\x68\x31\x8a\x6b\x1e\x5c\xff\x52\xe5\x87\xec\xdf\xae\xfd\xb6\x90\x81\xf2\x8c\x2d\x13\xbf\x8e\xab\x81\xdb\xaa\x5e\x37\x28\xc4\x31\x7f\xb7\x93\xdd\x19\x6b\xca\x0f\xe5\x4a\x6c\x24\x2c\xf2\x6e\x2d\x12\x9b\xa0\xd8\x2a\x2c\x3a\x45\xbc\x8d\x1d\xfd\x6f\x54\xf8\xda\x4f\x51\x89\xc9\x1a\xc2\x14\xfd\xab\xf4\xc5\x97\x38\x1b\x2e\x5c\x40\xcc\x71\xfa\x70\x51\xcf\x2e\xa9\x39\x06\xa3\x7d\x57\xdf\x12\xd5\xc7\xe5\xcd\x77\xc9\x07\xe4\x42\x56\x63\x15\xba\xe5\x1a\x22\x22\xd6\x2e\x3f\x42\xd1\x76\x78\x82\x63\x7d\x66\xa1\xd5\x30\x5a\xb4\x01\x0a\x0e\x49\xc5\x7d\xef\x69\xdc\xea\x83\x9e\x1b\x76\xa4\x11\x35\xba\x95\x2c\xc4\x24\x95\x0e\x8d\x3a\xac\x19\xe1\xd9\x3d\xe7\x75\x7c\x15\xff\x99\x97\xb3\xd2\xa8\x61\x3c\xd9\xa1\x64\x78\x1d\x1b\xe3\x31\x79\x9f\xa6\x10\x9c\xef\x61\x43\x05\xa1\x95\x8f\x62\x90\x3c\x8c\x9e\xa0\xb2\x3b\xa7\x06\xd4\x9c\x54\xba\xcc\xc1\xe6\x3c\xb4\xbf\x14\x78\x5f\xc7\xb0\x62\xa9\x80\x03\x49\xbd\xb0\xbb\x92\x72\x60\xb6\x77\xb6\x0f\x10\xe6\x2c\x87\x80\xf3\xeb\xb5\xeb\x6f\xf0\x36\x02\x63\xd4\x57\xab\x52\xfd\x11\x25\xc9\xce\x04\x6a\x95\xd8\x9d\x28\x73\x50\xc8\x04\xcf\xd4\xff\x2b\x2d\xdd\x18\xa9\xe1\x35\x19\xf2\x0b\x4d\x1e\x05\x1a\xf6\x24\x64\x0f"},
+{{0x8e,0x8e,0x1d,0xb5,0xb1,0x10,0x2e,0x22,0xa9,0x5c,0x47,0xaf,0x36,0x61,0x46,0x9f,0x00,0x0a,0x33,0xf1,0x3b,0x8b,0x87,0xb1,0x15,0xd2,0x45,0x2a,0x41,0x1f,0x6f,0x39,},{0x56,0xd7,0xb3,0x16,0x9a,0x95,0xc2,0x29,0x98,0xec,0x93,0x79,0x25,0xbd,0x7c,0xad,0x13,0xcc,0x65,0x80,0x8c,0xd5,0xd3,0x4a,0x6c,0x4d,0xa8,0x70,0xea,0xf3,0x23,0x64,},{0xf6,0xee,0x5e,0x13,0xcf,0xaa,0x36,0x2c,0x89,0x71,0xd5,0xa4,0xa8,0x79,0xa7,0xe3,0x69,0x66,0x52,0x5c,0xcd,0x86,0xc5,0xa4,0x8c,0xba,0x08,0xd9,0x13,0xec,0xe1,0xa7,0x9c,0x4c,0xd1,0x46,0xb8,0xe9,0xc6,0x51,0x25,0xfb,0xad,0xf1,0x7b,0xac,0x1c,0xab,0xcd,0xe8,0xfd,0x17,0xcf,0xd6,0x8f,0xa1,0xf9,0xc4,0x4e,0xa6,0x1c,0x08,0xa4,0x05,},"\xb2\x46\x34\xfb\xdd\x1b\x76\x61\x31\x5d\x9d\xc1\x53\xba\x90\xd6\x6a\x88\x62\x2a\x41\x58\xf8\xbc\xff\x25\xba\x9c\x29\xe6\x5f\x29\x7f\x8e\x60\x31\x18\x00\xb7\x33\x1b\x69\xfc\x20\xc9\xf8\x5b\xb7\xc1\x84\xbd\x40\x86\xb3\xa9\xf9\xa2\x71\x02\xb6\x23\x62\xbd\xb4\xfa\x5b\x20\x15\x94\x25\x0f\xc6\x28\xfd\x2e\x0e\x0d\x1b\xe0\x3d\xcf\x81\x8c\x60\x94\xc4\xc2\x91\x21\xcb\x2b\xf6\xd9\x08\xed\x8a\xab\x42\x7c\x37\x71\xc0\xc9\x5f\x0a\xc1\x46\x9a\x08\x10\xb6\x03\xa4\x70\x28\x2e\x59\x80\xa6\x07\x29\x19\x7f\xe6\xc2\x0e\xf6\x81\xcd\x1b\x96\x93\x2d\x20\x58\xf8\x96\xea\x74\x16\x42\x2a\x7e\x54\x1f\x22\x4a\x5f\x04\x25\x30\x80\x74\x1c\x5d\x4e\x3e\xb0\x39\xdb\x6b\xa0\x51\xb4\xca\x54\x17\xce\x8a\xfd\xc7\x02\x14\xba\x4d\xcc\x85\xb6\x23\xd1\x1e\x68\x1c\x60\x09\xae\xe4\xe6\x13\x0a\x83\xed\xd0\xd2\xc9\x9f\xb0\x64\x7e\x11\xed\xe7\x30\x1a\xe5\x6b\x59\x90\x4e\xf7\x02\x57\x32\xcd\xe0\x38\x80\x1e\xc7\xe8\xd9\x0a\x9a\x1b\xba\x04\x7f\xe6\x28\x35\x1b\x3b\x89\xd0\xbc\x5a\xe6\x65\xa7\x00\x89\x1f\x09\xeb\xee\xc0\x55\x91\x84\x2a\xdf\xcc\x25\xad\xc3\xc7\x1c\x1e\xbc\x4a\x31\x2e\x54\x71\xbe\x67\x25\x3b\x0e\x94\x28\xb0\xca\xe3\x76\x45\xa0\xf7\xec\xb8\x9d\xd7\x9f\xbd\x9b\xe2\x87\x54\x33\x66\x7a\xe0\x7d\x74\xa7\x98\x3c\x4c\xea\x60\x1e\x72\xe9\x75\xc2\x1d\xf9\x93\xe7\xfa\x22\xa9\xfa\xbd\x45\x45\x5d\x45\xe3\x70\x31\x55\x8e\x13\xa7\xa4\xf5\xf4\x97\xea\x78\xfb\x73\x99\xf8\x83\x8c\x0f\xd5\xde\x4e\xbb\x66\xdb\x29\x0f\x43\xa4\x86\x7d\x50\x53\x09\xf1\xc1\xbc\x27\xe9\xfa\xbc\xbb\xa7\x13\x02\xfc\x12\x04\x71\x5c\xe3\xfc\xb0\x90\x5b\xfa\x41\x1c\x9d\x1c\x9a\xb4\xa3\x99\x54\xe5\x0b\x8e\x0c\xf7\x36\xc1\x02\x89\x56\x3b\xdf\xa9\x67\x55\x3c\x36\xcd\x9e\x55\x5b\xc8\xcc\x56\xbe\x59\x48\x47\xde\x9f\x26\xf9"},
+{{0x38,0x84,0xb8,0xb7,0x9a,0xbf,0xd3,0xbe,0x6c,0x13,0x98,0x5e,0xb8,0x59,0xab,0x74,0x3f,0x15,0x7c,0xd9,0xde,0xb8,0x1b,0x2f,0xe9,0x7e,0xa4,0xd6,0x17,0x3e,0x46,0xf5,},{0xbd,0x7f,0xd9,0xa8,0xde,0xf1,0x3a,0x54,0x2e,0xd2,0xf2,0xfb,0x04,0x88,0x86,0x88,0x5b,0xa9,0xb5,0xce,0x59,0xcb,0x70,0x19,0xfb,0x54,0x66,0x79,0x86,0xee,0xbc,0x26,},{0xf4,0x20,0x6f,0xcd,0x34,0x50,0x24,0x41,0xd5,0x4a,0x73,0x32,0x3f,0x33,0xa5,0xdb,0xb4,0xc9,0x85,0x57,0x31,0x9f,0x21,0x24,0x6f,0x26,0x0f,0xfb,0xbe,0x58,0x44,0x88,0x6d,0xb5,0x67,0xf4,0xb6,0x3c,0x47,0x94,0x3d,0xbb,0x78,0xfc,0x35,0x65,0x7d,0x7c,0x04,0xd4,0xfe,0xb0,0x42,0xff,0x85,0x36,0xf6,0x72,0x92,0x5c,0x31,0x9e,0xfb,0x09,},"\x12\xad\xaf\xe3\x0e\xaf\x2b\x9c\x72\x03\xca\x5d\x44\xb9\x7f\xfe\xd4\xbf\x65\x17\xa4\x99\x88\xe4\xe6\x76\xc8\xe3\x14\xad\xbd\xbe\x23\xd8\xf2\xd3\xe2\xb0\x81\xa7\x02\x4f\xa5\x25\xab\x5a\xae\x26\xe6\x00\x57\xc1\x01\xe8\xf3\x68\xd3\xad\xdb\x93\x76\xc4\x68\x2c\x1f\x42\x24\xd7\xf1\x49\xa8\x47\x4b\xb9\xa8\xf6\x63\xef\x21\x0e\x95\x72\xce\x82\x9d\xa3\x88\xd8\xaa\xe7\x2a\x46\x71\x41\xad\xc1\x53\x47\x3b\xe3\x65\x3b\xaa\xa6\x4b\x5b\x1e\x2e\x30\x68\x3f\x6f\x06\xda\xc2\x78\x4d\x5b\xbf\x0d\x08\x2a\xab\x47\x30\x5e\xd8\xa8\xef\xd0\x88\x6c\xe6\x3a\x17\x93\x15\x22\x5d\x1e\x4d\x4f\xfc\xf1\xf2\x4a\xc2\xf4\x64\xcf\x5e\xd3\xa8\xb6\xd3\x99\x84\x54\xf1\xc0\x2c\xdb\xf0\xa4\x44\xee\x2b\x59\xdd\xbe\x0a\x17\x4a\x0d\x93\x7f\xa6\x28\x65\x08\x8a\xc6\x47\x49\x99\x57\xd2\x81\xc6\x94\x98\x03\xa5\xfb\xdf\xdd\x0d\xd9\xe9\x1b\x69\x76\x86\x1f\x3c\x5f\x21\x26\xf3\x9a\xac\x93\x5b\xe0\x9f\x4b\x97\x15\xbd\x4f\x0d\x5c\x55\xdf\x73\xa6\xb9\xf2\xc0\xad\x26\xce\x49\xd8\x22\xbf\x85\xbf\xa2\x34\x6f\x31\x65\xb0\x38\x59\xa7\x1c\x3d\x2a\x7b\x86\xdb\x6e\x9f\x2e\x5d\x7b\x16\x9a\x91\x0e\xeb\x7e\xf3\x8f\xbd\xfb\xbe\xc4\x3a\x9a\x25\xf0\x4b\xc3\xac\xfd\x3b\x06\x91\x54\x2a\xb6\xde\x9d\xb6\xf0\x30\x58\xf9\x58\x40\x24\xf9\x91\x8e\xde\xcd\x90\xfb\xb8\x57\x35\xd6\xdc\xec\x5b\xd5\x93\xae\x63\xe2\xcc\x96\x55\x35\x99\xa3\x10\xf8\xf2\x00\x9b\xa9\x53\x71\x19\x6b\x4d\x5b\x80\xe7\x55\x96\x37\xf2\x29\x26\x77\x8b\xe5\xe1\xcc\xef\x51\x26\xe2\x44\x3f\xa9\x39\xc2\xa5\x3d\xdd\xb0\x49\x61\xee\xfd\x34\xe5\x38\xcd\x8d\x7f\x0b\xec\x2b\xff\x1e\xf0\xd3\xa4\xbd\xd3\x58\x31\x76\x37\xf4\x2d\x59\x55\x38\xc1\x12\x22\x51\xa9\x4e\x96\x3d\x1f\x81\xe7\xb9\xae\xb1\x64\xf9\x5d\xa9\xa4\xed\x75\x29\xb8\x45\xeb\xc9\x61\xb2\x7b\x5c\x19"},
+{{0xec,0xd5,0x19,0xf2,0x87,0xad,0x39,0x50,0x52,0xb0,0xb3,0x0d,0xea,0xc3,0x41,0xd2,0xa9,0xdf,0x13,0xd6,0x56,0x7c,0x89,0x1c,0x81,0x3a,0x0c,0x9c,0xa5,0x2e,0x87,0x1e,},{0x8e,0xe9,0x4c,0x58,0x8e,0x0b,0x34,0x35,0x85,0xfc,0x67,0x48,0xfd,0x1b,0x54,0xb5,0x77,0x0c,0x64,0xe9,0x93,0x7a,0x56,0x35,0x7a,0x48,0xd4,0x4a,0xe2,0xf5,0x18,0x24,},{0xe8,0xf5,0x1b,0xe7,0x3f,0xc4,0xe0,0x23,0x5a,0xa1,0x53,0xa2,0xe1,0xb3,0x54,0xe9,0xc5,0xd2,0xd3,0x3a,0x11,0xae,0x0e,0x33,0x34,0x78,0xde,0x1d,0x8e,0x6c,0x44,0x56,0xd2,0xe2,0x50,0x82,0x4c,0x32,0x46,0xca,0x0e,0x8d,0x6a,0xe3,0xe1,0x66,0x77,0xa9,0x73,0x44,0x14,0x41,0x08,0xc1,0x3b,0x95,0x9e,0x1d,0xaf,0x51,0xcf,0x0f,0xe5,0x01,},"\xaa\x71\xbe\x5f\x55\x7e\x10\xc9\xfb\x5f\x09\x1a\x3a\x27\x44\x53\x94\x7c\x07\xa0\xe2\x5b\x26\xf9\x50\x92\x24\x54\x1d\xff\x76\xf4\xd9\x6e\xff\xd0\xd5\xa4\x1d\x31\x9b\xc9\x32\x1a\x86\x66\x7d\x55\xcf\x49\x43\x2f\xb5\xc3\xe7\x15\x38\x8f\x3f\x10\x6c\x91\x74\xb1\x61\x0c\x8f\x30\x75\xd5\x93\x1c\x29\x00\x99\x38\x5c\xe9\x24\x9e\x23\x51\x28\xe9\x07\xc5\x33\x90\x03\x6f\xbf\x5d\xa9\x68\xf8\xd0\x12\x33\x69\x58\xde\x90\xc5\xe8\xe6\xb1\x01\x6a\xd4\x3f\xb5\x7c\x8e\x28\x8d\xaf\xe1\x4e\x90\xe6\x4b\x63\x79\x1e\x5c\xbe\x55\x7e\x02\xdf\x8a\xc9\x37\x06\x42\xa7\x1f\xaf\x85\x10\x75\xe5\x56\x5f\x6f\x9a\x26\x7f\x4f\x6b\x45\x4c\xe4\xc5\x47\x48\x10\xb8\x04\x84\x4d\xda\x38\x39\x29\x39\x71\x97\x93\x24\x6a\xa4\x74\x54\xb9\xb0\xe8\x2e\x98\x03\xc0\x99\x35\xd0\x02\x7f\x39\x95\xcc\xa9\x71\x30\x69\xbb\x31\x02\x7f\x7b\x2a\xf1\x2f\xe5\xfe\xec\x7e\xeb\x06\x84\x3d\x82\x96\xec\x56\x82\x26\x2a\x07\xda\xe7\x47\xed\x7b\xc8\x21\xec\x17\x01\x8d\x89\x9f\xd1\x67\xb3\x6a\x7e\x37\x73\xb4\x27\x49\x9d\x99\xdc\x58\x3b\xbe\x4b\x42\x9a\xfa\x6a\x26\x59\x39\x53\xf9\x43\xe4\x67\x3b\xdd\x0d\x2a\x84\x42\x56\x13\x16\x03\xcd\x09\x03\x25\x6f\x33\x4d\x4f\x8e\xc8\x2d\xe1\x15\xb6\xca\x53\x38\xc7\x5c\x8b\xaa\x44\xb4\xba\x96\x3c\x7c\x78\x51\x0d\x8d\xe9\xb2\xa5\x85\x2f\x42\xf3\x46\x3c\x68\x5f\xb3\xa6\xda\x61\xa8\xe0\x89\x26\x62\xd6\xa2\x50\xfc\xaa\x6f\xef\x74\xd4\x50\xfc\x45\x7b\x98\x71\xd0\x8b\xb5\xbe\x30\x11\x29\x4a\xc8\x88\xfc\xe2\x15\xd5\x35\xc3\xb1\xa4\x3b\xb4\x7e\xfe\x3a\xd2\x5d\xa1\x59\x19\x1a\xed\x55\x19\x54\x69\xc5\x90\x93\xff\xb2\x4f\x65\xd6\x0c\x40\x20\xbf\xbe\x64\x7f\xf5\xdb\x7a\xb8\xa0\x1d\x5e\x48\x7b\x0b\x1b\x64\xef\x25\xda\x15\x6d\xb1\x42\xe6\xad\x87\x2a\x4d\xc1\xee\x9b\xa6\x68\x46\x52\x65\x37\x9e"},
+{{0x19,0x3f,0x3c,0x63,0x0f,0x0c,0x85,0x5b,0x52,0x9f,0x34,0xa4,0x4e,0x94,0x49,0x70,0xf4,0xa6,0x97,0x2e,0x6c,0x38,0x59,0x35,0x9c,0x2e,0x0c,0x87,0x62,0xba,0x9e,0xaf,},{0x32,0x56,0xf2,0xc8,0x2e,0x7c,0x80,0x12,0x01,0x21,0x01,0x40,0x56,0x9f,0xaf,0x18,0x50,0x7e,0x60,0x33,0x8c,0x2c,0xc4,0x11,0x8b,0xb1,0xce,0x60,0x5b,0x0e,0xbe,0x61,},{0xb1,0x25,0x10,0xac,0x5f,0x2f,0x6d,0x33,0x36,0x0c,0xdd,0xc6,0x72,0x91,0xd6,0xc2,0x70,0xfd,0x9e,0xe6,0x2d,0xc0,0x86,0xb3,0x8d,0x93,0x2d,0x26,0x47,0x3f,0xe9,0xa2,0x4e,0xfb,0xd4,0x24,0x88,0x67,0xea,0x7e,0x91,0x5a,0x30,0xc5,0xbf,0xb3,0xb8,0xb1,0x9a,0xa0,0x1a,0xa2,0xfe,0xbf,0x0d,0xac,0x6c,0xfd,0x66,0x38,0xa2,0xba,0x7e,0x0c,},"\x98\x62\x3f\x65\x16\x98\x08\x5b\xde\x02\x76\x2e\x8c\x33\x21\xf1\x4d\xa1\x61\x9b\x5c\x3f\x7c\x1a\x56\x8e\x8c\x26\xff\x0c\x62\xfd\xcc\x41\x24\x75\x91\x2e\xb8\xe8\xc4\xb0\xd3\x09\x18\xb8\xff\xee\xf3\x50\x93\x15\xe5\x8d\xa3\x59\xcd\xc2\xf2\x6b\xeb\xfb\x57\x03\x95\x3b\xe1\x6b\x8f\x3b\xeb\x1e\x54\xa1\xab\xee\x0a\xeb\xe2\x4e\x64\xdb\xe8\x73\x40\x2e\x15\x6f\x37\xdf\xc1\x68\xea\xf8\xa1\x14\xce\x08\xa6\x79\x5d\x3f\x64\xf5\x15\x1e\x9a\x8b\x82\x75\xcc\x7b\x49\xa6\xb8\xd8\xa6\x6b\x6d\x4b\x76\x32\xef\x80\x74\x0d\xc1\xc1\xb0\xa3\x8d\x1a\x28\xf7\xc1\xb2\x9f\xa4\x45\x41\xc1\xaa\xd3\x54\xd4\x59\x0c\x23\x1d\xae\x68\x7a\x2a\x8f\xed\x09\xe8\xc1\xeb\xbf\xcc\x38\xf3\x47\xbf\x06\xd9\x45\x77\xe4\x9a\xd1\x39\xf7\x10\xed\x8b\xb1\xfd\x07\x66\x3c\x03\x20\x84\x6f\xbb\x45\x5a\xb8\x37\xef\x96\x4a\xe7\xd4\xec\xee\xa4\x5f\xd7\xbd\x8d\x50\x9f\x82\x1e\x6e\xb0\x27\x49\x4e\xfd\x8d\xd8\xe9\x92\xb8\x86\x98\xee\xc2\xeb\xc5\xe0\x30\x25\xbe\x78\x9c\x18\x01\x3f\x20\x1f\x77\xaa\x2d\x34\xf5\x68\x64\x60\xe4\x3f\xb4\x89\xe0\x87\x76\xf9\x8b\xcd\xe2\xce\xeb\x9d\x4f\xaf\xdf\xfe\x03\x75\x60\x43\x71\xec\x32\xf4\x6b\x81\xfe\xc4\x74\x38\x29\x08\xe9\xd2\x50\xa0\xba\x27\x80\xa7\xd6\xdf\x40\x7b\xd2\xb1\xeb\x12\x67\x48\xd7\x25\x11\xb9\xb0\x69\xeb\x1c\xd4\x42\x70\xf2\x9f\xe8\x4b\x9a\x71\x77\x51\x83\x1d\x04\xc2\x81\x8e\x40\x8f\x22\x78\x93\x76\xc6\x1c\x2c\xa4\x5e\x32\xe7\x88\xea\xd3\xa7\x53\x6b\xf0\x9d\xa8\xaf\x47\x03\x90\x2f\x55\x16\xa0\x20\xd8\x92\x63\xe9\x37\x01\xa2\x56\x5e\xef\x12\x70\x41\x89\x25\xf3\x5a\x28\x8e\x32\x7b\xab\x62\x8a\xc2\xf0\x24\x8c\xfb\xca\x34\x82\xe2\x65\xd1\x62\x1c\xc3\x43\xc3\x1f\x65\x49\x3f\x06\x4b\xad\x0d\x76\x02\x46\x07\x15\xfa\x48\x6f\x29\x42\x63\x46\xaf\x53\xe3\x33\xb7\x5f\x59\x05"},
+{{0xa8,0x8a,0xd0,0x04,0x8d,0x38,0xc4,0x4c,0xeb,0xe7,0x35,0xea,0x38,0x02,0xca,0x57,0x6e,0x37,0x12,0x1c,0x7d,0x4d,0x76,0x0d,0xfd,0x88,0xde,0x16,0x63,0x06,0x4a,0xbb,},{0x14,0xdd,0x8b,0xb3,0x06,0x80,0x3e,0x5a,0x75,0x8e,0xd6,0x8a,0xd2,0x1d,0x07,0xd8,0x81,0x61,0xd5,0x0f,0x1c,0x74,0x71,0x37,0x77,0xda,0x12,0x09,0xaf,0xba,0xea,0x0b,},{0x13,0x41,0xa1,0x48,0xda,0x45,0x93,0xc8,0x8e,0xbc,0x5a,0x58,0x82,0x1e,0xef,0x77,0xf9,0x21,0x86,0x39,0x0f,0xf6,0x33,0xe7,0x62,0x07,0x08,0x4e,0x78,0x74,0xcc,0xf0,0xeb,0x1f,0x9e,0xc7,0x0a,0x3a,0x3f,0x96,0xb5,0x89,0x34,0xbc,0xb0,0x61,0xff,0x92,0x01,0x24,0xf7,0xe5,0x80,0xfa,0x2b,0x0b,0x27,0x95,0x83,0xad,0xf9,0x23,0x2d,0x0c,},"\x2c\xe8\xbc\xa2\x61\x78\x91\x3b\x16\x76\xe9\x0f\xfe\xfd\x94\x5b\xc5\x61\x98\x26\x60\xe2\xa7\x5d\x48\x2f\xf3\x0a\xab\xa1\xba\x43\xf8\x2d\x2e\x6b\x90\x9e\xc1\x0f\xc0\x97\x89\xff\x5c\xf3\x2a\x51\x80\xb6\x01\xea\x80\xfa\xde\xce\x6d\x7e\x7b\xae\xef\x48\x1d\xc6\x97\x9e\x2f\x65\x8a\xe0\xf6\xd8\xe4\x16\xb9\x32\x98\xf7\xd3\x40\x31\xbb\x76\xf7\x16\xed\x99\x1a\x16\xd0\x9a\x58\x2e\x58\xba\x40\x03\xac\x17\xbe\x8b\x44\x69\xe1\xa8\x89\xb2\xfb\xb2\x28\x9e\x98\xaf\x1c\x6d\x5b\xbe\xe7\x77\x56\x71\x3c\x07\x78\xb0\xdc\x44\x6a\x1f\x6c\x48\xc4\xd4\x08\x18\xec\x79\x99\x05\xf0\x69\xbc\x95\x34\x16\x57\xca\x5d\x02\xb7\xa5\x39\xa1\x3a\x02\xcd\x03\x76\xa5\x0e\x83\x43\xc0\xdc\x20\x34\x6d\xe5\x27\x5b\x1d\xcd\x4a\xd7\xaf\x72\x51\x31\xac\x75\xe9\x54\x82\x5d\x30\xea\xa5\x7a\x68\xbb\x98\xdf\xc4\x1c\xaf\xe5\x71\x05\x56\x64\x7b\x38\x7d\x9b\x7f\xd4\xe4\x76\x51\xe5\x13\x80\x50\x79\x8f\x6d\x40\xf4\xee\x71\x20\xb5\x8f\x74\xda\x94\xd7\x3c\xac\xbf\xd3\x93\xd1\x34\x73\x88\xee\x00\xb7\x9b\x8d\xbf\xeb\x57\x81\x41\x21\xbd\xda\x60\xc6\x27\xdc\xe1\x47\xd4\xd5\x68\xd7\x90\x52\xe9\x7b\x9a\x5f\x3e\xb5\x40\x7c\xc4\x64\x61\xa5\x5e\x18\xa9\x60\xd8\x09\x4a\x5f\xea\x48\xb6\x93\x75\x29\xcc\x4e\xc9\x19\xcd\xbe\xdf\x91\x85\x45\x6d\xc0\x0e\x8d\x98\xad\x15\x37\xee\x10\xa0\x57\xf4\xee\xc4\xb8\x1d\xc6\x03\x92\xfc\x91\x88\xd3\xe5\x61\x78\x59\x65\x09\x2e\x44\x31\x7f\x2a\x48\xe3\x66\x05\xfc\x58\x3f\xc1\x73\xb0\x5d\xb9\xdc\xbc\x75\x57\xd0\x64\x87\x39\x0f\xbb\xba\x77\xaf\x3a\x01\x4e\x1a\xc3\x51\x39\xca\xa1\xc5\x3a\x8d\x17\x34\x7f\x17\x8e\x1c\x54\xd0\xf5\x2b\x40\xe9\x10\x42\xc9\x3e\x7e\x48\x1d\x79\x2e\x28\x8f\xc2\x7e\x4c\x2f\xcf\x11\x1f\xe9\x7d\x9e\x23\x37\xd2\xfc\x1c\x30\x98\xf0\x66\x84\xa3\x1d\x55\xeb\xf3\x62\xc0\x27"},
+{{0x3f,0x59,0xd6,0xa0,0x18,0xf5,0x0a,0x82,0x21,0x17,0xe5,0xb4,0x73,0x60,0x9e,0x30,0xcd,0x64,0x92,0x0c,0xa1,0xc2,0x75,0x0d,0xcb,0x09,0xea,0xab,0x80,0x7a,0x3e,0xac,},{0x45,0x7d,0x0e,0x59,0xc1,0x1f,0x34,0x8f,0x3b,0xfb,0xdd,0x3f,0x32,0x7d,0xe7,0x8c,0x0a,0x75,0x77,0xc0,0xae,0xef,0x42,0xd4,0xc1,0xe5,0x67,0x00,0xd1,0x08,0x80,0x8b,},{0xd7,0x42,0x5e,0xa1,0x94,0xa6,0x71,0x5c,0x45,0x2e,0xc4,0xf6,0xd6,0xc7,0x6e,0x6d,0xd3,0x74,0xd3,0xca,0x7a,0xe7,0xa1,0x19,0x95,0xd0,0x2b,0x94,0x2d,0x4a,0x31,0x87,0x0d,0xd7,0x34,0xc1,0x2f,0xca,0x89,0xa8,0xeb,0x02,0x13,0xeb,0x13,0x9c,0x14,0xa8,0x7a,0x6a,0x33,0xe8,0x18,0x60,0x3b,0x2e,0x31,0x30,0x23,0xfa,0x58,0x73,0x7d,0x0e,},"\x7d\x10\x3a\x6c\x6b\xa2\xd0\x90\x87\xee\xf2\x25\x4c\x1c\x90\x3f\x06\x76\x95\xa5\x4c\x45\x15\xe4\xd1\x3b\xc1\xfb\xfb\x54\xd6\xe7\xa1\x67\x34\x9c\x14\x80\x99\x76\xda\x04\xa7\xe5\x8d\x96\xb4\x0a\xac\x3b\x2b\xdd\x14\xb9\xb5\x03\x22\xbb\x11\x64\x5f\x05\xe5\xe9\x78\xbc\x7f\xbd\x02\x49\x2e\xf8\x8f\x87\xd6\x68\x28\x0f\xd7\x08\x37\x32\x07\xff\x67\x0f\xcd\xa9\x7d\xf8\x48\x5d\x5e\x46\xdc\x3b\xd0\x43\x47\xf4\xd7\x52\x7e\xab\x27\x18\xf7\xd9\x3d\x13\x2b\xa7\x75\x82\x18\x89\x4e\x75\xa7\xde\xab\xe6\x93\x33\x5b\xa0\xdc\x73\xbf\x26\xc2\x88\xbf\xe9\xbe\x8a\x73\x6d\x75\xe5\xe0\xea\xa7\xbb\xe8\xd0\xb7\x7a\xbd\xd5\x14\x6e\x0f\xc9\xb3\x0d\xb9\xf0\x7c\xf4\xbf\x36\x26\x0a\x1f\x41\x41\x03\x31\xf8\xb4\x7c\x6b\x38\x33\x8c\x6d\xc9\xe8\x01\xff\xe1\xd5\x85\xf9\xb7\xfc\x31\xe9\x77\x8b\xca\x30\x27\xc2\x32\xc0\x74\xcb\x18\xe5\xb7\x29\x97\x00\x5f\xfe\xee\x4b\xf3\x7c\x8f\x87\x4b\x1b\x24\x6a\x63\x45\x41\x5d\xac\xac\xa7\x07\x5a\x60\x44\x3a\xc3\x31\x92\x36\xe2\x3c\xf6\xb7\x54\x47\x40\x80\x70\x52\x11\x49\x84\xb8\xd8\xf7\xe8\x57\xdc\xc6\xfa\xec\x88\x69\xcf\x96\xb9\x97\xdf\xa9\xaf\x91\x84\xad\x62\x3f\x1d\x90\xb8\xca\x75\x9b\x44\x8e\xab\xfc\xe1\x8c\x17\xcf\xdf\x9a\x3e\x33\x12\xe6\x3e\x5f\x08\x4c\xea\x90\x4c\x1c\x90\x99\x13\xcc\x4b\x19\xd0\x44\xa3\x72\x00\x34\x97\x3c\x73\x84\x94\x9b\xd6\xf9\xba\x92\x56\xf9\x8c\xd3\x94\xc5\x66\xda\x83\xc3\x11\x80\x10\x9f\x16\xd1\x03\x47\xb7\xe3\xe9\xdd\x6b\xe3\xbd\x3c\x77\xff\x1a\x79\x96\xa0\x78\xdc\xf8\x9d\xcd\xce\x2d\x1b\x61\x56\x95\xf4\xcc\x9f\x8f\x4f\x2a\x08\x80\x46\x41\xbc\xa8\x26\x62\xce\x88\xfa\xa5\x31\x45\xb6\xa4\x59\x55\xae\xc8\xcc\x2a\xf8\x1c\xcc\xb5\xd7\xc6\x4f\x9e\xce\x1c\x99\x83\x32\x64\x84\xa1\xe5\xec\xe4\xce\x36\x54\x4d\x63\x73\x5f\x77\x76\xf2\x1a\x20"},
+{{0xa1,0x21,0x2b,0x34,0xdb,0xca,0x63,0xb7,0x09,0x36,0x12,0xd0,0x5d,0xab,0x7b,0x4c,0xc8,0xf7,0xb6,0x76,0xa9,0x34,0xad,0x01,0xf6,0x59,0x85,0x1b,0x3b,0xb4,0x4e,0x4e,},{0xba,0x2f,0xcc,0xea,0x9a,0x08,0x05,0x91,0xbe,0x71,0x26,0x8d,0x7e,0x95,0x1f,0x25,0x0d,0xed,0xc0,0x04,0x16,0xe5,0xf3,0xf9,0x08,0xdb,0x6c,0xc5,0x71,0x25,0x49,0x25,},{0xfa,0x93,0xed,0x65,0x95,0xbc,0x95,0x8d,0xc0,0x42,0xce,0x16,0x45,0x16,0x7b,0x79,0xe8,0xf6,0x73,0x4c,0x46,0xf8,0x0f,0x63,0x1f,0xd5,0x48,0x49,0x08,0xf5,0xe5,0x1a,0x22,0x42,0x7e,0xe6,0x86,0xf5,0x64,0xff,0x98,0x2f,0x6e,0xf4,0xd2,0xca,0x1f,0x0c,0xa5,0x62,0x49,0x10,0xcd,0xd6,0x3c,0x11,0xa3,0xc2,0xb1,0x6d,0x40,0x97,0x3c,0x07,},"\x07\xc3\x7c\x46\xbe\x3c\x68\xd0\x56\x89\x57\x7a\xa6\x4a\x93\x2b\x90\x64\x46\xb2\x9b\xaf\x12\xf6\x17\x4a\x6b\x42\xbb\xae\xfd\x1f\x1f\x37\x3e\x0b\xcc\xc4\x73\xdd\xfc\xee\x1a\x7f\x21\xb9\x6a\x62\x60\xef\x0a\xa1\xf2\xd8\xb2\x95\x9e\x71\xd1\x2c\x95\x33\x58\xa2\x77\x4c\xc5\xe6\xf3\x79\xa3\x13\xe4\x35\xed\x69\xdf\xd6\xd4\xa5\x9a\xde\xe3\xcc\x7e\xc4\xba\xcb\xdb\xb3\xfe\xe5\x43\x0b\x73\xf6\x05\x1a\x60\x96\xc6\x0e\x9b\xc9\x2c\xc8\xfa\x05\x9f\xac\x2a\x93\xef\x70\x07\xd6\x4f\xbe\x50\x06\x49\x64\xd5\xa0\xad\x60\x11\x75\xcd\x9c\xab\xa4\x53\xf9\x10\x3b\x25\x48\x55\x45\xd3\x01\xf0\x3c\x5f\x9f\x94\x78\xbd\xf9\xd4\x14\xbf\x1d\xca\x3b\x1c\x1d\x9d\xaa\x99\x71\xf9\xe6\x17\xfb\xfa\xf5\xb0\x2a\x7f\xbd\x5d\x4f\xb8\x94\xc0\x97\x5c\x54\x59\x2b\x49\xa0\xfc\x85\xdd\x08\x53\xf3\x0c\x51\x50\x2d\x98\xfc\x1a\xb8\x5a\x17\xcc\x58\x96\x1a\xae\x97\x64\x57\x0b\xa5\xcb\xdb\xc9\x6d\xfc\xeb\x8d\x11\xda\x53\x36\x4b\x40\x25\xfe\x0b\x8b\xa8\xa3\x53\xad\x23\x68\x67\x20\x16\x9f\xe9\x73\x43\x2f\xfe\x29\x1a\x4b\x11\xde\xdd\xa0\xaa\xc7\x9a\x5e\x42\x62\x0a\x64\x58\x7d\x20\x59\xe7\x87\x01\x3b\x40\xce\xec\x59\x92\x08\xf6\x6e\xd0\xca\x6e\x1b\xe9\x09\x2e\xc2\x7d\xb2\x16\xee\x6d\xad\xfe\xbc\x21\x70\x5b\xc4\xa8\x5a\xee\x57\x7e\x57\xd2\x39\xaf\x58\x6e\xfe\xec\x22\xcf\x38\xd1\xcf\xb3\xcd\x74\xdd\x0d\x9a\x33\x81\xaa\x81\xe6\xa2\x97\xe3\x9b\x81\x91\x37\xad\x27\xd4\x75\xe2\xbf\x54\xaa\x42\x6d\xc2\x9c\x4c\xa8\x17\x6d\xf3\x43\x13\x7a\x2d\x79\xd1\x2e\xf9\xaa\x7b\xe1\xcf\x67\x75\xe5\xd8\xa4\x43\x0a\x85\xc3\x3d\xb6\x1c\xd2\xf3\x51\x87\xb4\xf6\xea\x9e\xbd\xd7\x53\xd1\xc4\xef\x72\x47\x11\x59\xff\x07\xb7\x78\x70\x90\x64\x96\x24\x9d\x42\x78\xe3\xf3\xca\x6b\xcb\xf3\x7a\x26\x5b\x89\x65\x39\x19\x0f\x9a\x31\xf1\xe7\xb4\xb6\x5c\xd1"},
+{{0xd9,0x68,0x20,0x86,0xfe,0x7d,0xda,0x30,0xb8,0x71,0x11,0x06,0x01,0x93,0xd8,0x47,0x56,0x6a,0xb9,0x4c,0xfd,0x9c,0x97,0xab,0x6b,0x43,0xe7,0xa8,0xd3,0xf7,0x93,0x82,},{0x8b,0x0b,0x13,0x72,0xd8,0x87,0x33,0xef,0x72,0x33,0xf6,0x37,0x97,0x90,0xd1,0xe4,0x6e,0x1e,0x07,0xe9,0xd3,0xfb,0x8b,0x0b,0xe2,0x52,0xed,0x04,0xc5,0xfa,0x16,0x3d,},{0x17,0x93,0xe4,0x97,0xeb,0x52,0x1c,0xa7,0x4e,0x35,0xd1,0x4a,0x63,0x86,0x8c,0xbe,0x94,0x99,0xda,0x2f,0x21,0xb4,0xeb,0x52,0x60,0x34,0x0f,0xca,0x3c,0x1f,0xec,0xa7,0x8d,0xbe,0x5b,0x14,0xac,0x10,0xf3,0xfa,0x76,0xfa,0x2e,0x71,0xe4,0xc9,0x14,0x61,0xaa,0x75,0x97,0x7e,0x5e,0x70,0x79,0x26,0x70,0xef,0x7f,0xf0,0xe6,0xa2,0x87,0x08,},"\xe8\x81\x4b\xe1\x24\xbe\x3c\x63\xcc\x9a\xdb\x03\xaf\x49\x3d\x44\x2f\xf2\x0d\x8b\x20\x0b\x20\xcd\x24\x93\x67\xf4\x17\xf9\xa9\xd8\x93\xfb\xbb\xe8\x5a\x64\x2b\xe2\x70\x1d\x1d\x1b\x3c\xd4\x8a\x85\xcf\x58\xf1\x59\xa1\x97\x27\x31\x43\xa5\x78\xf4\x2e\x8b\xcc\x8b\x62\x40\xf9\x32\x71\x90\x05\x38\xff\xc1\x87\xc0\xaf\xc8\xdb\xcc\x49\x2b\xcd\x67\x9b\xaa\xef\x3a\xf5\x08\x84\x34\xa9\x45\x86\xf9\x4b\x49\x97\x0b\xba\x18\xf5\xea\x0e\xbf\x0d\x27\xee\x48\x2a\xa8\x3a\xd0\xdd\x0e\xe6\x09\xdf\x59\xd3\x7f\x81\x8b\x2c\x8d\x7c\x15\xf0\xf6\xf5\x44\xdd\x4c\x7e\x7c\xb3\xa1\x67\x24\x32\x4f\x77\xd5\x89\x48\xf8\x47\x5a\x60\xd5\x3e\x5b\xd5\x10\xc1\x71\x37\xc9\x9e\x1c\xfa\x51\x5a\xf9\xbc\x85\x56\x9d\x21\x2a\x21\x19\x07\x29\xf2\x81\x7d\xe8\xc4\x69\x15\xe0\x21\xdf\x70\xff\x6d\x60\x21\x5f\x61\x4f\xc2\x11\x39\x90\x4d\xf3\xb2\x92\xb7\x49\xdc\x4d\xea\x02\x51\x8b\x62\xd1\x58\x62\xc9\x2d\x2a\x4c\x99\x67\x01\xcd\xec\xae\xd8\x4a\xb6\x28\xee\x98\x4f\xc1\x11\xee\xcb\x59\xe4\x84\x44\xef\xc0\xd4\x56\xe2\xc8\x52\x51\x84\x41\xc3\xdb\x76\x30\xdd\xd5\x15\x62\x49\xa2\x87\x30\x98\x38\x38\xae\x59\xac\x4c\xc7\x11\x0f\xd6\xde\x68\x10\x1e\xa5\xb2\xff\x69\xfd\x36\x4e\x3c\x94\x48\xde\xfe\xfe\x17\x5b\xcb\xe1\x17\xcc\x11\xb4\xff\x75\x49\xc3\x3e\x10\x25\xb6\xb5\x92\x04\x8a\x8e\x31\x96\x9e\x81\x8d\xcc\x18\x8b\xb1\x9d\x7a\x24\x40\xa3\xba\xba\x4e\xb1\xb8\x1c\x45\x67\x9d\xb4\x6b\x31\xbc\xde\x77\x76\x75\x7d\x99\x31\xec\x20\x63\xfc\x6f\x1f\xcd\x76\x1e\xcc\x57\xa7\xd0\x30\xa8\x5e\xa2\x73\xef\x18\x25\xb0\x50\x92\xab\x96\x45\x35\x9a\x44\x4f\xf7\xd1\x66\xb5\x75\xfa\xc2\x98\x30\x8d\x9f\xaa\x68\x46\x3d\x1d\x0f\x7b\x7d\xf8\xa5\x1c\x68\x15\xd3\x71\x59\xad\xc0\xb5\x93\x22\x4a\x81\x83\x21\xd7\x21\x9f\x09\x68\x6c\xfc\x95\x22\x59\x71\x8d\xfc"},
+{{0xb5,0x2b,0x24,0x9a,0x7a,0xea,0xe0,0xfb,0xd9,0x4f,0xfc,0xf9,0xa9,0xfd,0xe1,0x0d,0xe6,0x1c,0x3f,0x4c,0xbd,0xa1,0x4b,0x28,0x9f,0xe0,0x1f,0x82,0x70,0x73,0x34,0xca,},{0x73,0x51,0x63,0xbf,0xcf,0xd5,0x4f,0x9d,0x35,0x2e,0x1c,0x2f,0x3c,0x01,0x70,0xc9,0x5c,0x18,0x42,0xcc,0xc7,0x42,0x16,0x23,0xae,0x04,0x96,0x98,0x0c,0xee,0x79,0x1c,},{0x6f,0x48,0xa9,0xf7,0xf0,0xfa,0x19,0x2b,0x66,0xd1,0x21,0x75,0xa3,0x33,0x61,0x23,0x03,0xe1,0x80,0xb9,0xfa,0xb1,0x8e,0xda,0xbe,0xbc,0xdf,0x66,0x74,0xfd,0xfc,0xc5,0x36,0x07,0x08,0x9b,0xf9,0x80,0xce,0x35,0x89,0x4c,0x2f,0x9b,0xab,0xdc,0x44,0x38,0x66,0x7a,0xb3,0x29,0x7a,0x62,0x48,0xec,0x02,0x69,0xfa,0xa9,0x9c,0x72,0x48,0x07,},"\x1d\x44\x5e\x8e\xe3\x6f\x6e\x10\x64\xee\x12\x81\xe6\xb4\xa4\xce\xc5\x0a\x91\xc2\xb6\x67\xc8\x30\x5d\x1e\x9a\x5f\x7b\x73\xa3\x44\x58\x82\x58\x1f\xb0\xc1\x1e\x64\xf6\xee\x92\xe8\x11\xf9\xf2\xd6\xc5\x9c\x63\x44\xbe\x76\x91\xd1\x16\xdd\xa4\x93\xca\xde\x51\xc0\xce\x77\x37\x2b\x61\xa7\xc4\xfb\xb6\x33\x40\x13\x33\xcb\xf7\x13\x72\xad\x2f\x04\x4e\x99\x2a\xc0\x35\xf5\x87\x9c\x05\x30\x04\xf8\x22\x3f\x23\x7a\x24\xa4\x09\xb7\x89\x4f\x6a\xd5\x18\xe0\x46\xb8\xa8\x4c\x3f\x4c\x62\x60\xe6\x16\x9f\xd9\x44\xd5\x7f\xbc\xf9\xba\x27\x75\xf2\xd6\x0e\xd7\x72\xc4\x6c\xcd\x63\xc8\x50\xb8\x0d\x58\x7c\x52\x08\xdf\xb1\xa2\x58\x78\xc0\x2d\xec\xe3\xe6\x02\xe9\x63\x2f\xc3\xc2\xc7\x9b\x25\xab\x41\x03\x4c\x6e\x26\xb8\x69\x25\x53\x57\xa6\x86\x78\x1d\xfe\x6e\x64\x4b\xeb\xa9\xb6\x27\xda\x1f\xcb\x5e\xc0\xbe\x49\x7c\xf1\x88\xe1\xef\x1a\xf0\x60\x1b\xf1\x6b\x29\x11\xfd\x9f\xf3\x4f\x0e\x97\xac\x95\xa7\xfe\x2c\xf9\x0e\xa6\xce\xd3\x3c\xcb\x0e\xd1\xef\x2d\x41\x60\xef\xb0\x7c\x59\x1a\x5c\xb1\x6c\x70\xca\x16\x94\xfb\x36\xf2\xca\x19\xeb\xa5\x2b\xe3\xd4\xad\x89\x5a\xbc\xad\xa4\xb3\x6f\x02\x61\xd6\x5f\x59\xe0\xcf\xd2\xa6\x14\x8a\x88\x92\xdd\xbb\x45\x81\x0d\xb3\xbf\x4a\x9e\x26\xe9\x2c\x15\xea\x26\x18\xcf\xee\xb4\x62\xd8\x62\x8f\x25\x4f\x54\xd2\xaf\x27\x11\x3b\xab\x4f\x9a\x7d\x06\x79\x18\x11\x94\x2b\xdc\x32\xf8\x45\x92\x2d\x7b\x2d\xdb\xa9\x59\x14\x09\x28\xf8\xc2\x8d\x98\xb4\x4e\x1d\x19\xb9\x7f\xd3\x9c\xc0\xf9\xa5\x23\x6d\x34\x9f\xc8\x35\xac\x49\x21\x92\x46\x2e\x40\xac\x62\x9b\xeb\xff\xd2\xeb\xa7\x2d\x27\x88\xb2\x44\xbb\x77\x7a\xd0\xf7\xb7\xf9\x6f\x23\x41\x23\x99\xfc\x1d\x87\xa1\xd0\x87\xba\x08\x90\x27\xea\xbb\xc0\x5e\xda\xfe\xe4\x33\x79\xe8\x93\x29\x13\x31\xb4\x60\xbf\xa7\x33\x2e\x08\x42\xec\x25\x73\x39\x3d\xe9\x53\x06"},
+{{0x78,0x2a,0x93,0xef,0xe0,0xef,0x06,0xcb,0x25,0x34,0x33,0x0e,0xfd,0x0e,0x96,0x84,0xe9,0x96,0x9b,0x52,0x58,0x12,0x3e,0x49,0x02,0x39,0xbf,0x24,0xbf,0x9f,0x65,0x23,},{0x94,0x2f,0xa1,0x40,0x6e,0xe2,0x68,0x3e,0x29,0x37,0x7e,0x49,0xf7,0xba,0x75,0x7c,0xf5,0x0e,0xf0,0x72,0x37,0x07,0xd4,0x40,0x3d,0x28,0x62,0x25,0x70,0x45,0xde,0x87,},{0x93,0xe7,0x40,0x5a,0x40,0x44,0x51,0x01,0x66,0xc8,0xac,0x26,0x4c,0xe3,0xb5,0xba,0x66,0x65,0xd6,0x8b,0xad,0x45,0x87,0x12,0xdc,0x93,0xc2,0xc3,0x90,0x56,0x8d,0x74,0x02,0xef,0x7d,0x57,0xf5,0x49,0xb8,0xa1,0x04,0x2f,0x7f,0x69,0xa6,0x79,0xaa,0x85,0x5f,0x34,0xf8,0x01,0xd5,0x7d,0x79,0x89,0x5d,0xeb,0x8d,0xea,0xdb,0x35,0x23,0x08,},"\x46\xa4\xe3\x19\xa6\x70\xac\x99\x39\x94\xa5\x33\x00\xc3\xf7\x91\x44\xc2\xf7\xfe\xc1\x11\x6e\xee\xb3\x62\x1c\x76\xac\x35\xda\x79\xdb\xff\x6e\x18\x9c\xa9\xdb\xfc\x9a\xbb\xda\x05\x48\x47\xb2\x97\x1b\x02\xfa\xce\xbb\xe9\x26\xd4\x69\xeb\x0a\x86\x03\x89\xac\x74\x41\x62\xbf\x6f\xb1\x3b\x42\xcb\x9b\xb8\xc9\xd7\x26\x07\x13\x8e\x78\x00\x12\x1e\xe0\xcd\x63\x3e\xd5\x35\xc7\xae\x5f\x40\x60\xbb\xdd\x27\x1c\x9d\x11\x0a\xbf\xf5\xe0\x60\xea\x6e\xe8\x38\x90\xb1\xe9\x2a\x92\x56\xd7\xb2\xba\x98\x2a\x31\x14\xbb\x6d\xef\xfe\xe2\x69\x6f\x0a\x2f\x9c\x21\xaa\xa5\xb2\xde\xfa\x11\xaa\xb7\x07\x6d\xe6\xe5\x7e\x86\xf2\x84\xbb\x67\xf5\xa4\x9e\xe6\x85\x92\x10\x32\xc9\x5b\x74\xe7\xe3\xea\xc7\x23\xf1\x75\xaf\x08\x2c\x85\x8e\x0d\xfa\x01\x72\x8c\x38\xfb\xbb\x4c\x83\x58\x1f\x81\xac\xe6\xc6\x3c\x6b\xda\xac\x56\x20\xeb\x9a\x56\x8e\x7e\xbb\x7b\x72\xb3\xd1\xa1\x64\xef\x52\x4e\x7b\x9f\x00\x79\x9a\xb0\x86\x71\x59\x76\xc1\x4d\x0d\xf6\x5f\x7b\x96\xbf\x9e\xbc\xda\x7f\xee\xef\x11\x34\x22\x00\x1a\x03\xa7\x63\x3d\xf5\xe4\x99\x39\xa1\x21\xdb\x89\x9d\x9b\x8a\xc2\xdb\x4f\xad\x0c\x30\xcf\x0b\x8b\xdb\xc9\xe9\x80\x2a\x79\x7c\x82\x38\xe4\x65\x11\xff\x24\x06\x8c\xad\xcf\xf2\x44\x8c\xc0\xbf\xf9\x27\x69\x22\x33\x48\xd4\x5d\x6b\x6f\x2c\x8f\x15\x93\x38\x8c\x0b\xbb\xf4\x4b\x6d\xdb\x50\xb9\x8c\xd7\xf0\x9c\x73\x0f\x7d\xe4\xd0\x08\x15\x6c\xb3\xcd\xe0\xca\xb3\xad\x0a\x58\xa8\x39\x54\xe2\x34\xa0\xa8\xa0\x4b\x57\x3c\x9a\x8e\x9b\x92\x9e\xd3\x8b\x8b\x22\x8b\xf5\x5a\x3c\x6e\x2c\x6b\x51\xf6\x82\x65\x2f\xbb\x70\x8e\x74\x64\x0e\x33\x13\xe1\x7b\x46\x94\xd7\xfd\xf0\x11\x1f\x90\x60\x8c\x1b\x5a\xf4\x22\xdc\xde\xca\xd9\xdd\xb7\xf5\x0d\x1b\xf5\xbc\x63\x78\xcc\xaf\xfc\x32\x01\xe6\xc7\x87\xb4\x8c\x44\x3b\xa2\x40\xd9\xd5\x0f\xf6\xc0\xe9\xdf\x7f\x1a\x5b"},
+{{0x6f,0xe7,0xbc,0xf7,0xa6,0x84,0x42,0x3d,0xe1,0x07,0x6f,0xd7,0x6d,0xa7,0x83,0x42,0x33,0x73,0xb3,0x81,0x32,0x9e,0xfd,0x61,0x57,0x42,0x4e,0xc4,0xb2,0x65,0x5a,0x94,},{0x77,0x40,0xe9,0x1a,0xfe,0x45,0x32,0x4f,0x8b,0xb9,0x90,0xca,0x2a,0x34,0x12,0x79,0xdd,0xaf,0x23,0x2c,0x3b,0xb4,0x15,0xf1,0x78,0xb6,0x09,0x2f,0xba,0x19,0x5f,0xec,},{0x99,0x14,0xcc,0x50,0xfe,0xf0,0x93,0x5e,0xfb,0x89,0xb3,0xd6,0x4e,0x3c,0x1c,0x34,0x12,0xae,0xd6,0x59,0xb9,0x01,0x66,0x22,0x2c,0x0d,0x13,0xec,0x1c,0xe3,0xa6,0x8a,0xe6,0x28,0x1b,0x7e,0xfd,0x9d,0x4e,0xc6,0x4b,0x82,0xe7,0x3e,0x14,0x47,0x9f,0x03,0xfb,0xac,0x8f,0xa3,0xab,0xdb,0x41,0xea,0x42,0x15,0xc4,0xa4,0xd4,0x94,0x9d,0x09,},"\x0b\xaf\x0a\xd4\x40\x61\x2b\x4c\x5a\x13\x6c\x3a\x42\xbe\x1c\xa2\xb7\xc3\x19\x86\x2a\x44\xa9\xfd\x50\xc4\xee\x73\x54\x1c\x5e\x64\x57\xef\xa8\x18\x25\xb6\xdd\x4a\x72\x19\x4a\x29\x68\x68\x8b\xd4\x9e\x5a\x8f\x4c\x04\xdb\xaf\xc2\xe7\x88\x4c\x0c\x70\xc2\x08\xd4\xe9\x54\xcd\x16\x75\xda\x8e\x74\xc6\x5c\x49\x7c\xf9\xdc\x69\x42\x49\x65\xbd\xcb\xa5\xde\x52\x93\x6f\x92\x5f\x62\xe2\x01\xf9\x95\x05\xd3\x77\x7b\xeb\x3c\x2e\x08\xb2\xec\x9a\x87\x3e\x5a\x9c\x21\xfb\x4a\x2f\x3e\x86\x1f\x3c\xf4\xd6\xb5\xdc\xd1\xc8\x8b\xcd\x91\x63\x53\x9a\xc6\x2c\xd0\x65\x9f\x4e\xf2\x32\xc2\xce\x57\xfc\x77\xf9\x02\x85\xeb\x35\x01\x69\xed\xc6\xa8\x06\xff\x50\xf6\x1c\x7e\x0b\xee\xeb\xec\xec\x63\xbf\xc9\xd3\x98\x3f\x5b\xb4\xb2\x61\xc7\x46\x47\x1f\xcb\xf2\x89\x2c\x61\x08\x97\x0b\x68\xdb\x5e\x43\xc4\x50\x4d\xda\xe2\xd0\xff\xff\xa2\x8b\x67\x59\xae\x11\x28\xe1\x6f\x66\xd4\x92\xad\x61\xe3\x72\x2c\x96\x0f\x88\x69\x2b\xe8\x1a\x9f\x41\x28\x90\xff\xa3\x46\xe7\x02\xc8\x67\xdf\xa2\x59\x70\x3b\x73\xf5\x25\x07\x4f\x32\x27\xc4\x9c\xec\x1b\x64\x5a\x10\x3b\xd4\x47\x1f\x33\xf9\xf1\xba\xc3\x27\xd7\x91\x78\x61\xd0\xad\x91\xab\xee\x60\x22\x2e\xa2\xa3\xc8\xca\xc0\x52\xae\x9a\x2c\xbd\x90\x85\x5d\x73\x3d\x53\x19\x13\x3f\x95\x41\xbd\x0b\x61\xf0\x99\x52\x68\x35\x1e\x28\x63\xc1\xca\x2c\xa5\x1e\x3c\x97\x63\x83\xf5\xc4\xc1\x1f\xf4\x10\x03\x6f\xd5\x1d\x5a\xc5\x6b\x02\x3c\xe9\x02\x9c\x62\x0f\x22\x55\x70\x19\xad\x9b\x42\x64\xed\x4d\x71\xb4\x34\xf4\xa4\xd1\x7a\x7d\x57\x69\xfa\x1e\x14\xa6\x9f\x7a\xe4\x19\xcc\xf5\x94\x7f\x8c\x76\x82\x69\x71\x16\xc2\x40\x5f\x5a\x19\x59\xc5\x4b\x48\xf0\x87\x2f\x59\x6e\xd4\x59\x64\x48\x8d\xde\xc1\x2b\xdb\x63\x6d\x0b\x34\x9e\x74\x9e\xb6\x60\x92\xff\x45\x11\xfb\xa5\x9b\x59\x62\xcb\x93\xcc\x85\x51\x5c\xc8\x6a\xb0\xc6\xb2"},
+{{0xdd,0xa4,0x8a,0x0d,0x15,0xa2,0x9e,0xba,0x9a,0x76,0x30,0x5d,0x36,0x0e,0x46,0x6e,0x72,0xd8,0x04,0x0e,0xfe,0x2e,0x89,0xc0,0x4b,0x64,0x61,0x31,0x5a,0x9b,0x8b,0xf4,},{0x4f,0x5c,0xc3,0x6a,0x80,0x94,0x16,0xb5,0x8e,0x15,0xd2,0x4c,0xc5,0x79,0x68,0xcb,0x57,0x3b,0x76,0xad,0x90,0x88,0x7a,0x8e,0xf3,0x6c,0xde,0x7e,0xca,0x40,0x0f,0xcc,},{0xce,0x71,0xbc,0x82,0xd5,0x31,0xd0,0xf9,0x3b,0x57,0xbf,0xdc,0x2f,0x73,0x16,0xcf,0x40,0x4e,0xe0,0x9a,0xf8,0x8f,0x33,0xbf,0x80,0x6c,0x7c,0xad,0x6b,0x8f,0xfa,0x36,0x62,0x36,0xba,0x74,0xe7,0x5c,0x15,0x09,0x6d,0xda,0xa6,0xe3,0xa6,0x2a,0x8f,0x5e,0xb1,0xc8,0xc3,0xf6,0xb6,0xc9,0x4a,0x6a,0x34,0x9f,0xc7,0xc0,0xcb,0xfb,0x19,0x0d,},"\xf5\xac\x19\xb8\x1f\x21\x11\xa0\xdb\x0a\xe3\x0d\x15\x13\xed\x34\x3e\x7f\x57\xf7\xf7\x7d\x65\xb8\xac\x7c\xe3\xa6\x01\x17\x4b\xae\xd9\xbf\xa1\x36\x03\x59\x76\xf5\x16\xd5\xa8\x70\xf4\x5d\xb1\x91\x9f\x1e\xb1\xcb\xec\xbe\x88\xec\x32\xd1\x91\xe9\x24\x88\x21\xa7\xe7\x68\x1f\xe3\xab\xec\x11\x58\x4b\xdb\x33\xde\x1b\x4c\xa9\x48\x91\xeb\x66\xdc\xb8\x53\x9a\xc4\x11\x63\x73\x6c\xcf\xd6\x9a\xbb\x83\x81\x4d\xd3\x8c\xd6\x03\x81\x31\x87\x28\x05\x2a\x25\xcb\x66\x54\x71\x05\x86\x50\xcc\xc7\x57\x56\xdb\xee\x68\x8a\xb8\x26\xec\xad\x4a\xd5\xa7\xdb\x57\xe8\xf6\x5f\x1b\x64\xab\xff\x82\xdd\x53\x33\x4b\x79\x7a\xc4\x02\x28\xdd\x81\x7f\x23\x9d\x3e\xe8\x04\xa1\x9a\xea\xc8\xcf\xe3\x3e\xb6\x57\xec\x9c\xe9\x23\xd6\xb3\x88\x91\x4c\xfb\xa2\xe7\x2b\xfc\x2b\xc3\xd6\xf9\x85\xc0\xd9\x75\x34\xdb\x95\x8e\xed\xe5\x7b\x16\x49\x1f\xfb\x75\x5c\x1a\x58\xd7\x8a\xb3\x77\xfa\xec\x0d\x31\x18\x18\xe8\x99\x26\x0e\x3e\xbd\x1c\xcd\x29\x24\x6f\xa8\x2d\x0b\x76\x62\x2b\x2c\x4b\xc5\x2f\x54\x9f\xee\x72\xa3\x0f\x55\x4f\x33\x1f\x36\xd2\xa7\x4d\x99\x9e\xc1\x0a\x08\x29\x4f\x00\x2b\x43\x61\xe5\x90\x27\x9c\x2f\xb1\xbd\xa4\x31\x2c\xcb\x24\xd7\x52\x82\xce\x7c\x06\x1a\x0c\xa5\x52\x0c\x74\xf6\xf6\x33\x3b\x18\xc4\xb5\x41\xcb\x6c\x51\xe0\x15\x75\xba\x80\x51\x2f\xfa\x7c\xe0\xac\xcd\x22\xd1\x40\x27\xc5\x3a\xba\x1f\x74\x37\x83\x5f\x11\x14\xd6\x8e\x3a\xcf\x3f\xf8\xde\x94\xc8\xe4\xef\x6d\x3a\xb3\x12\xc9\x1d\x02\x97\x01\x57\x50\x8f\x54\xa5\x81\x6f\x46\x7a\x21\x4e\x9b\x12\x84\x30\x02\x89\xe6\x5f\x36\x5a\x61\x0a\x8e\xa2\x84\x66\x6c\xfe\x55\x18\xe4\x35\xbc\xcd\x21\x62\x75\x01\xc7\x25\xf0\xb8\xeb\x57\x25\xe0\xe0\x6e\x0c\xef\x5d\xb2\x01\xb4\x8e\xc9\x1e\xbf\x87\x8d\xd5\x7c\xe8\xda\xc7\x33\x48\x48\xa1\xbc\x82\xc1\x8b\x06\x59\x55\xe4\xf5\x9b\xe3\x39\x85\x94\xdc"},
+{{0xec,0x57,0xb9,0x41,0xad,0xf3,0xca,0x13,0xe7,0x7a,0x78,0x05,0x77,0xcf,0xd0,0xdf,0x5b,0x49,0xed,0xc8,0x53,0x51,0x05,0x2d,0xa3,0x4e,0x99,0xf8,0xa9,0xbf,0x32,0x08,},{0x28,0x59,0xc0,0x71,0x97,0x8a,0x04,0xb7,0xf5,0x40,0x7b,0x6d,0x22,0x40,0x1a,0x78,0xef,0xd0,0x39,0x4b,0xb9,0x66,0xb9,0xa0,0x4d,0xa6,0xb5,0xef,0x81,0x9d,0xe3,0xfa,},{0x11,0x8e,0x14,0x62,0x12,0x6b,0x45,0xb8,0xc6,0x80,0x35,0x23,0x75,0x5c,0x56,0xdf,0xc4,0xe1,0x23,0xe4,0xac,0xbb,0x66,0xba,0x0b,0xa6,0xfe,0x3e,0x05,0x3d,0xa4,0x11,0x9f,0x57,0x19,0x29,0x5e,0x0c,0x82,0xac,0x64,0xd7,0xc5,0xcb,0x1a,0xc8,0x98,0xdf,0x26,0x3d,0xdf,0xd3,0x60,0xf3,0x00,0x8d,0x91,0x01,0x8b,0x26,0xf6,0xa1,0x73,0x0a,},"\xd2\xbc\xbd\x1b\xc3\x61\xab\x32\xc6\x6d\x72\xfd\x48\xa8\xe2\x27\xdc\x6b\x8d\x6b\x15\x08\x48\xba\x71\x5f\xf4\x7d\xd3\x5c\x8e\x49\x38\x1b\xb4\xe2\x93\x3f\x42\xcd\x26\xb7\x5b\x14\xd9\xc0\x03\x92\x82\xb6\x2b\x85\x56\xaa\xa1\x1c\xd6\x91\xe8\x28\x38\x2b\xe3\x06\x88\x9f\xc9\x20\x51\x37\xb1\x69\xd3\xbf\x17\xb7\xf3\x76\x93\xfc\xe2\x86\x03\x9f\x03\x80\x9d\x7d\x9d\x98\xc8\xfd\xe4\x6f\x11\x01\x94\x2a\x27\x9c\x51\x67\x06\xf5\x01\x91\xa9\x11\x2f\x6a\x24\x63\x0e\x1a\x26\xc3\x21\xe4\x6c\x9c\xcc\x85\xb6\xef\x94\x2f\x35\x3a\x64\x2b\x9e\x7e\xf9\x98\xc0\xfc\xe2\xd3\xa7\x5b\x99\x9e\xeb\x77\xf3\x1f\x9b\x08\x13\xa9\x7e\x30\x14\xc3\xa8\x6e\x25\x58\x73\x46\x21\xa3\x06\x6d\xae\x35\x84\x50\x31\xe3\x56\x65\xf1\x92\x29\x07\xdb\xb7\x39\x78\x6a\x8b\x76\x58\xab\x60\x27\x6f\x2d\x92\x1d\x1a\x51\x23\x0f\xc7\x4d\x19\xe8\x01\x84\xa4\xf1\x0e\x9e\x83\x4a\xbc\x9a\x36\xc4\x29\x72\x6b\xc0\x55\xdc\x8c\x06\x3f\x0e\xca\x9c\x61\xa8\xa9\x70\xbd\x4b\xb5\xf4\x24\xee\x4d\x04\xbf\xc2\x95\xe3\xbb\x1f\x34\xbe\xcb\xd9\x92\x0f\xe2\xe7\x7f\xcf\x36\x76\x3f\x32\xfc\x9c\xfd\x5e\x46\x59\x79\xc1\x67\xca\xbf\x5a\x12\x44\xb4\x91\xfc\x06\xb8\x94\x64\x19\x04\x6b\xa5\x16\xc5\xb2\x33\xc4\x14\xdd\xef\xb6\xda\x04\xf2\xe1\x3d\xaf\xf7\xa9\xa0\xc0\x2a\x51\x8e\xde\x57\xad\x95\x21\xde\x64\xed\xdf\x6f\x49\xa9\x67\x0f\x63\x2d\x3f\x7d\x42\x42\x52\x07\xd0\x53\x60\x4f\xe3\x9d\x13\xb9\xf5\x2c\x8b\xc2\x92\xb0\x07\x6e\xa4\x2a\x56\x00\x56\xdf\x25\xde\x51\xad\x35\x88\x1d\x08\x54\x32\x24\xd7\xfa\x5d\x70\xb8\x60\x3e\xf2\x3c\xe0\x63\x39\xd6\xcd\x09\xe2\x2a\x95\x74\x9e\x50\xdf\xbd\x3b\x8a\xd6\x9f\xd3\x04\x96\xb9\x84\xd1\xc0\xa1\x99\xc8\x59\x48\x05\xf3\x8b\xa4\x46\x31\xa2\xc5\x9e\xad\xc6\x55\x4d\x19\xf9\xbc\x98\x36\x6d\xfd\xec\x2a\x12\x1d\x0e\x48\x14\xd2\xcd\x3f\x58\x71"},
+{{0xcb,0xfd,0x91,0xd7,0x69,0x5c,0x1f,0x27,0x0f,0x69,0x24,0x6a,0xb3,0xdf,0x90,0xed,0xb2,0x14,0x01,0x10,0x1c,0xa7,0xf8,0xf2,0x6c,0x6d,0x00,0xf4,0xdc,0xb7,0x23,0x3e,},{0x51,0x38,0x79,0xcf,0x79,0xd2,0xf4,0x6d,0xf4,0xb8,0x5a,0x5c,0x09,0x49,0xeb,0x21,0x16,0xab,0xf9,0x81,0x73,0x5a,0x30,0x31,0x64,0xcb,0xd8,0x5a,0xdf,0x20,0xb7,0x52,},{0xf3,0x36,0x13,0x7d,0xfe,0x6f,0x42,0xa6,0x66,0x9b,0x55,0xf7,0x4b,0x80,0xb3,0x03,0x5a,0x04,0x03,0x67,0xf9,0x06,0x56,0xfc,0xef,0x0a,0x64,0x4c,0x52,0x27,0x2d,0xdc,0x39,0x27,0x3c,0xd7,0x72,0x60,0x10,0xeb,0xcd,0x8a,0x30,0xa0,0x52,0x01,0xab,0x70,0xb8,0xff,0x97,0xd0,0x28,0x8a,0x2c,0xb9,0x4c,0xbc,0x49,0x02,0x06,0x47,0x39,0x0b,},"\x26\x4a\x93\x3f\x7d\x0a\xec\xba\xc1\x3e\xef\x64\x4b\x0b\x53\xdd\x53\xa1\x28\x09\x04\x10\x0d\xbc\x1a\xb8\x7b\x51\x14\x89\x98\xf9\xda\x0b\x3a\x0a\x63\x37\xf5\xe3\x48\x6c\x2b\x7e\x54\x8d\x21\x12\x59\x39\x7a\xaa\x19\x4e\xe4\x69\x5b\xf9\x8c\x2d\x5f\x44\x87\x69\x9f\x73\x97\xe5\xd3\xa7\xe6\xd5\xf6\x28\xfb\xd0\x54\x97\xc5\x56\xa5\x0a\x4d\x05\xe2\xb7\x12\xcd\xbc\x35\x10\x68\xe4\x2a\xf1\x95\x38\x90\x1b\x88\x25\x31\x0e\x34\x3e\x1a\x17\xa1\x86\x7d\xde\x0e\xb4\x7d\xda\xb4\x56\xd3\x16\xf3\x52\x15\x54\x93\x7b\xf8\x08\xae\x4e\x4b\xc1\xc3\xc5\xb4\x75\x6e\x4a\x16\x5a\xd9\xe8\x82\x7f\x53\x16\xf7\x48\xca\xc6\x99\x8e\xd2\xd2\x10\x4f\x26\x84\x07\xc1\x35\xe6\x2f\x26\xa9\x22\x46\x0e\xab\x6d\x85\x16\x39\xa0\x0e\x5f\x08\xb3\x47\x65\xea\x02\x44\xf4\x75\xbb\xfe\xac\x18\x3e\x3b\x5b\xd1\xaa\xb7\x98\x52\x27\x98\xa0\x8e\xc6\xbf\x22\x57\xd4\x69\x2f\x5b\x03\xcd\xd0\xa2\x13\x3d\xe9\x70\x60\x3e\x32\x51\x47\x5a\xad\x8d\x93\x4a\xf6\xb2\xbf\xc7\xa6\x50\xb9\x1b\xde\xc1\x43\xf8\xad\x25\x4c\xfa\x50\x6b\xbf\xf2\x8a\x03\xbe\xb6\x59\xef\x5e\x5d\xdf\xfe\x76\xe2\x32\x30\xc4\xcc\xd4\x63\x10\xb3\x7d\xd9\x1f\xa6\xaa\x68\x16\x7f\x62\xa5\x5c\x8a\x69\xf9\xed\x1e\xc6\xcd\xb1\x44\xdd\x81\xab\x0b\xcb\xd6\x26\x43\x42\x0b\xca\xe6\x78\x69\xf6\x4c\x0b\x16\x9f\x3c\xdf\x3c\x90\x58\x95\xb7\xd3\x5b\x6f\xaf\xda\x25\xcc\xf2\x3c\x3d\x10\xde\x32\xe7\xf2\x71\xe3\x00\xd3\x95\x97\xda\x8f\x84\x37\x22\xef\x08\x36\x4a\x5f\x7a\x10\x5b\x96\x55\x17\x2d\xf7\xc8\x2d\x73\x74\xf9\x82\x64\xc9\xcd\xcc\xb4\x96\xf2\xe1\x0f\xd8\x26\x2f\xb1\xa9\xa9\x96\x5b\x0b\x84\x1a\xc0\xd0\xe9\xc1\xa3\xd9\x49\x3e\xa7\xaa\x60\x02\x05\xb8\xf9\x00\xbe\x0d\x7a\xbb\x4d\x98\xa0\x65\x83\xd2\x29\x5c\x27\x63\x18\xbe\x28\xd4\x21\x98\x2d\xed\xd5\xbf\xc3\x3b\x88\x65\xd9\x4e\xf7\x47\xd6\x26\xaf\x99"},
+{{0x51,0xa4,0x19,0x7a,0xb7,0x68,0x6f,0x82,0xf6,0x00,0x3a,0x0c,0x32,0xf3,0x9d,0x0f,0x2e,0x47,0x55,0x5f,0x4e,0x9f,0x8d,0xee,0xe7,0x5b,0xcb,0x1b,0xd1,0xef,0x69,0xe5,},{0x06,0x38,0x6d,0xf8,0x6b,0x61,0xf1,0xf8,0xf4,0xdc,0x45,0xb7,0x3e,0xda,0xa8,0x41,0x92,0x09,0x68,0xbb,0xd1,0x31,0xcc,0x5c,0xa1,0xc5,0x29,0x4e,0xee,0xd5,0xc8,0xba,},{0x2c,0x07,0x29,0x69,0xff,0x47,0x19,0x21,0x2a,0x12,0x19,0x38,0xb5,0x06,0xc6,0x02,0x99,0x5b,0x4d,0x02,0xa2,0x2e,0x61,0x98,0xd6,0xe8,0x7d,0xd6,0xae,0x07,0x62,0x25,0xac,0x70,0xbb,0x25,0xef,0x8c,0x0e,0xe8,0x1e,0xb6,0xfe,0x95,0x3d,0xf6,0xb1,0x81,0x59,0x49,0xe8,0xed,0x05,0x06,0xcb,0x01,0x2e,0x87,0x3c,0xd3,0x6c,0xd0,0x9b,0x0a,},"\x2a\xed\xb7\xe8\x2f\x1f\xe4\xce\x46\x9a\xda\x48\x34\x5d\x00\x6d\x1b\x3b\xff\x40\xeb\x21\x86\x7f\x51\xfc\xe9\x65\x64\x0c\x40\x9e\xc1\x3a\xd4\xd5\x2f\x89\x1b\xd7\x90\x66\xd6\xb4\xd9\x44\xca\x86\x8d\x89\x86\xd2\x42\xb5\x7e\xcc\xc4\xc4\xa4\x88\x29\x1b\x15\x9c\x8d\xe4\x39\x2b\xe4\xb8\x6f\xeb\xaa\x75\xea\xc5\xd2\x2d\x3c\x4f\x8d\x6b\xef\x79\xad\xb9\xb9\x2b\x49\x14\xd5\xea\x07\xc7\xf0\x21\xe2\xc2\x9f\x58\xd0\x7b\xe8\xa0\x84\x10\x0b\xc1\x52\xd5\x1c\xa8\x97\xd7\xc1\x31\x64\x4d\x08\x95\x32\x2e\x94\x40\xa8\x33\x9e\x1a\xa3\x90\xa7\xf4\xfc\xb5\x1d\xdf\xb6\xdf\x48\xaa\xf5\x67\x63\x37\xd8\x7d\xdd\x85\xb1\xd9\x25\xe1\xa9\xc2\x9f\xe0\x81\x8f\x51\x4e\xf7\x2f\x74\x7a\x67\x49\x46\x47\x69\x07\xa7\xca\x99\xe9\xdb\x8d\x20\x96\x41\x05\x7a\x7f\x44\xa3\x17\xb9\x09\x74\xbc\x86\xf9\x61\x7a\x96\x8a\x76\xa6\xb8\x38\x7c\xf5\x85\x3e\x60\x81\x90\xc1\xa7\x9f\x1e\x1d\x68\x6e\x0d\xe2\x2d\xb6\xcd\x9a\xeb\x85\x32\xc5\xc8\x5c\xc9\x0b\x5a\x01\x85\x79\xf2\x8e\x50\x2a\x77\x0a\x4e\xc6\x75\x26\x3d\x0d\xd7\x81\xb4\xfa\x53\xc9\xdb\xf8\x09\x8d\x57\xb3\x3a\xe2\xaf\xba\xeb\x3e\x68\x26\x6a\xd9\xaa\xb7\x17\x4b\xa6\x8c\x64\x79\x88\x39\x92\x67\x0c\xcf\x3e\x5a\xc6\xa1\x7e\x65\xe3\x1e\x1f\xdc\x85\xe2\x69\xc8\x09\x35\xef\x57\x4f\x20\xd2\x39\x56\x84\x86\xe7\xd9\x4a\x4f\x72\x4a\xb7\x00\x60\x98\xb2\x4f\x3f\x61\x58\x76\x91\x43\x5c\x7f\x29\xce\x4e\x5c\xa7\x1b\x2b\x18\x74\x55\x64\x33\xa3\x58\xc8\xc5\xef\x3c\x88\x08\x43\x03\x0c\x2d\x13\xd5\x1b\x78\xc9\xbf\x1a\x88\x24\xe6\x2e\x11\x18\x44\x39\x6f\x5a\xf2\xe2\x5c\x31\x26\xef\x36\x26\xe2\x6e\xfa\xfa\xcf\x99\x83\x0a\xa4\x12\x12\x33\x2f\x37\x8a\x16\x72\x33\xa0\xb4\x22\x13\xaf\xe3\x6d\x83\xdc\x45\x82\xa7\x96\x93\xb9\xd5\x71\xa5\x77\x12\xa0\x8b\x85\x66\xd3\x61\xac\x90\x26\x47\xaf\xc8\x86\x60\x3e\x24\x28\x3e\xfb"},
+{{0xb1,0x11,0x9c,0x36,0x11,0x8b,0x7a,0x06,0x5a,0x19,0x5b,0xfb,0x8b,0x79,0xa5,0xc2,0x87,0xe0,0x9b,0xd2,0x87,0xc2,0xda,0xac,0x5e,0x6b,0x01,0x16,0x4c,0x5d,0x73,0x7f,},{0x88,0xf2,0x18,0xec,0xba,0x99,0xe7,0x70,0xed,0x21,0x4a,0x8d,0x01,0xa9,0x2a,0x10,0x40,0x0a,0xca,0xf1,0xf6,0xee,0xd4,0x20,0x06,0x7e,0x13,0x6e,0xe2,0xc0,0xc6,0x70,},{0x24,0xec,0x1e,0x54,0xfc,0x7e,0x72,0x2d,0x37,0x55,0x1d,0x02,0xcf,0x13,0x5d,0x33,0xf5,0xd3,0xff,0x53,0x57,0x73,0xe0,0x29,0x91,0xee,0x85,0xff,0xd3,0xaa,0x29,0x99,0x7f,0x9c,0x46,0x44,0x70,0x19,0x7f,0xee,0x81,0xdc,0xe1,0x10,0x60,0x9f,0x87,0x0b,0x27,0xc1,0x8d,0xfb,0xcf,0xd9,0x32,0x05,0x48,0x52,0x5e,0x93,0x14,0x8e,0x22,0x05,},"\x88\x16\xb1\xeb\x20\x6d\x5f\x6d\xcc\x2e\x4c\xc3\x91\xd2\x32\x09\x00\x6d\xe9\x35\xe3\x18\x15\x2e\x93\xfc\x8c\x2c\xf0\x8e\x26\x43\x2b\xad\x9a\xdb\x32\x03\xd8\x98\xdf\x0a\x2e\x7f\x1f\x83\xdc\x2f\x3e\xd3\x20\x5b\xec\x8e\xfc\xfd\x31\xad\xc1\xac\xa5\x75\x5d\xb9\xbd\x4e\xfe\x54\xcc\x17\x07\x30\x77\xde\x4a\x3f\xdd\x11\x99\x6e\x84\xb6\xa0\x52\xf0\x34\xb4\x10\x99\x22\x6c\x9c\x27\x2e\xae\x12\x52\x8f\x16\x58\x1b\x91\xb8\x12\x85\x0c\x20\x71\x44\xdb\xff\x3e\x85\x0c\xca\x84\x8e\xc2\xb1\xdd\x16\x47\x44\xd7\xb5\x93\x37\xd7\xe3\xef\xef\x00\x81\x62\xe6\x80\xbd\x4a\x08\x99\xce\xd6\x0b\x17\x1f\x8c\xbe\xb4\x8c\x51\x58\xdf\x6c\xbf\xdb\x26\x24\x08\x81\xbd\x58\xeb\xb8\xb6\xa0\x79\x58\x72\x79\x67\x9c\xb5\xad\x82\xf3\x71\xb5\x3c\x80\x13\x80\x4c\x35\x59\x6c\x88\x7e\x43\x6d\x23\x92\x6f\x99\x4e\x09\xd9\x8f\xbb\x8c\xe2\x70\x41\x74\xef\x38\xb6\x82\x62\xa7\xf1\xa7\x12\xda\x0e\xf0\xde\xc6\x39\x60\x68\x14\xb3\xbd\xca\xf2\x53\xff\x31\xc4\x8e\x8a\x75\x2c\x11\x1b\xd7\x10\x10\x31\xcc\x3d\x38\xef\xb0\xc9\xc7\xf1\x9c\x59\x08\x15\x84\xa0\xe0\x15\xee\x7c\x75\xb1\x0a\x4c\x51\xff\x54\x3a\x30\xe5\x2d\x5f\x94\xd8\x18\x8c\x6b\x08\xe9\xdf\x1e\x84\xa4\xe2\xc8\x07\x17\x0a\xc1\x24\xa7\x71\xb9\x94\x65\xa0\xd3\x8b\x1f\x1c\x63\x30\x40\x3c\x82\x54\x35\x82\xc5\xbb\x61\xb2\x20\xde\x1b\x9e\x0e\xf6\x9b\xda\xe2\x60\x23\x18\x1b\xa4\xcc\x07\x7a\x5f\x0d\x42\x57\x32\xac\xe1\x32\xae\x0c\x6f\xf0\xbb\x18\xba\xea\x83\xe8\x87\x7a\xfb\xe6\x50\xfe\x0b\xd0\x20\x93\xf0\x0a\x7b\x53\x65\x72\x8d\xcb\x66\xfb\xb8\x81\xf5\x92\x94\x50\x58\xa5\xb3\x50\x66\x5a\xf9\x1c\x55\x7a\x54\x72\x50\xad\x29\x5e\x68\xb4\xfb\x72\x45\x7c\xfb\x9d\x5e\xa1\xa7\xb2\xa3\x9c\x9a\xb7\xd7\xac\xe0\xaf\x5d\x51\x66\x9c\xb6\xc2\xc4\xc0\x7b\x22\x56\xd1\x0e\x5f\xfc\x6b\x97\xc6\x60\x00\x63\x13\xc4\xeb\x8d"},
+{{0xcb,0xb5,0x87,0x51,0x4e,0x0a,0x34,0xff,0xc3,0x4c,0xbc,0x04,0xf2,0x8c,0x9b,0x4f,0x64,0x65,0xf1,0xeb,0x22,0x5c,0xca,0x19,0xb8,0x64,0x87,0x6d,0xae,0xf3,0x7d,0x7f,},{0x6b,0x70,0x5d,0x46,0x77,0xd2,0xd8,0x49,0xb6,0x74,0x4b,0x1e,0xbe,0xd1,0x67,0xdb,0xcb,0xf6,0x45,0x92,0x4b,0x1f,0xf2,0xe6,0x36,0x07,0x94,0xbd,0xd0,0xe0,0x97,0x88,},{0x12,0x74,0xd6,0xf3,0x56,0xeb,0x64,0x14,0x72,0xb6,0xb9,0xe5,0xb3,0xce,0x65,0xd2,0x65,0x4e,0x6c,0xb8,0x7d,0x3a,0x83,0xfb,0x49,0xd0,0xf7,0xda,0x9c,0x44,0xbe,0x2b,0x53,0x26,0x04,0x46,0x5f,0x60,0x89,0xd6,0x80,0xd2,0xd9,0x4b,0x0e,0xdd,0x2b,0x6b,0x2b,0x80,0x5c,0x5e,0x84,0xc3,0x79,0xef,0xc0,0x59,0x67,0x3d,0x31,0x00,0x7a,0x09,},"\xbd\xf7\xd1\x7c\x70\x67\x96\xef\xd3\x48\x95\x59\xb5\x27\xb1\xc0\x58\x4b\x90\x22\xc9\xcb\xda\x3a\xac\x51\x46\xda\x34\x0d\x9c\xea\x69\xf9\x16\x03\x7c\xd2\x1b\x3e\xb1\x10\x43\x48\x88\x0f\xd5\xc5\xb7\xc6\x5f\xf8\x20\xf7\x49\x93\x46\x01\x69\x51\xcb\x71\x5d\x8d\xf2\xb4\x1c\x88\xcd\x3c\x66\x10\x54\x58\xb7\xb5\x90\xc2\x1c\x1a\xe2\xf6\xea\x9d\xde\xa7\x47\x0f\x25\xe0\x20\x27\xd1\x71\xe0\xe5\x74\xa2\xbb\x21\x64\x2f\x8f\x9d\xa5\x08\xe2\x1d\x8e\x73\x35\xb5\xac\xe5\x93\x52\x99\x40\x7b\xd1\xb0\x1b\xdd\x14\x23\x13\x3e\xf0\x45\x23\x4e\x70\x1f\x55\x54\x94\x34\xad\xe9\x4a\x60\xbe\x1e\x14\x06\xca\x5c\x75\x8c\x36\x79\x9c\xe1\x70\x30\x84\x47\x6e\x48\x4f\xb1\x74\x05\x30\xae\xe8\x42\x66\xd0\x7a\xdf\xb4\xcc\x68\x9f\x32\x65\x13\x3a\x59\xcd\xf9\x92\xfb\xb9\xa4\xb1\x2d\xef\xbe\x24\x1d\xdb\xf6\x5d\x12\xb2\xfb\xdd\xfc\x05\xaf\x0f\xb8\xde\x42\x08\x07\x75\xba\xd2\x9c\x6b\x04\x59\x84\x1c\xbb\x64\x8a\x9a\x95\xe4\x8d\x6e\x36\xac\x51\x44\x80\xa3\xde\xb4\xb3\x65\x54\xd8\xda\x62\x08\x08\xae\x9d\x47\x32\x97\x10\xd2\x0a\xaa\x6e\x5d\x7f\x54\x7d\x81\xad\x30\xf8\x4c\x0e\x3d\x23\x9c\xde\x5b\x16\x9d\x9d\xdf\x29\x48\x32\xd6\x7a\x80\x60\xba\x32\x9c\x4e\xf3\x9b\xe9\x4a\xc4\x64\x34\xdd\x21\x85\x93\x1d\x12\x31\xf9\xb6\xdf\x87\x8a\x5a\xf0\x83\x1e\x0e\x9d\x8a\x08\xd0\x80\x69\xde\xd6\xa9\x61\xef\x7f\x39\xfa\xd5\x01\xff\xd1\x7d\x6d\x9b\x7c\x65\x46\x53\xc1\xf5\x8f\xce\xe1\xa6\xcd\x80\x3d\x2a\xef\x16\x6c\x78\xef\x55\x14\xa3\x27\x6d\x69\x98\xdc\x7c\x09\xa3\xfa\x98\x2e\x42\x7c\x78\x5a\xa6\xa9\xe2\x56\xf7\xba\x72\xd5\xa6\xba\x33\xeb\x46\xf1\xf9\xfe\x9b\xe2\xbf\xc1\x41\x09\xf6\x47\x73\xc0\x0c\x06\x3b\x4d\x5c\xb4\xf4\xf8\xa0\xbe\xca\x92\xa9\xa0\x16\xc4\xf5\x40\xfe\xea\x9c\x3a\x31\xe3\x13\xbb\xcb\xc2\xff\x5e\xca\x99\x67\x85\x7f\x5f\x8a\x90\x9a\x29\xd7\xf2\x0d"},
+{{0x8b,0xde,0x3f,0xf6,0x1a,0x16,0x99,0x5a,0xb9,0xd5,0x39,0xf6,0x05,0x32,0x19,0x08,0x1b,0xca,0xea,0x1d,0x45,0x8e,0xc3,0x36,0x84,0xfc,0x1c,0x01,0xfb,0x56,0x5b,0xfa,},{0xcd,0x9d,0x78,0x2a,0x35,0x6e,0x84,0x7b,0x7a,0x04,0xc8,0x85,0xa9,0xb0,0x90,0x7c,0xc3,0x3b,0xa9,0x7a,0xd5,0x39,0x0d,0x4e,0xa5,0xfe,0xe5,0xeb,0x19,0x8d,0x08,0xb3,},{0x74,0x64,0xdf,0x0b,0x67,0xeb,0x90,0xb4,0xb7,0x3f,0xf0,0x82,0xad,0x0d,0x60,0xeb,0xfe,0x06,0x60,0xda,0xe9,0x70,0x69,0xb5,0x2c,0x37,0x27,0x22,0x3b,0xf7,0x0e,0x29,0xe4,0x87,0x11,0xa2,0xbb,0xb4,0x38,0xf5,0xf8,0xd8,0xa3,0x3b,0xb9,0xc4,0x8f,0xe7,0xb6,0x28,0xfa,0x8a,0x54,0x2f,0xf0,0xb5,0xae,0x36,0x26,0x9d,0x40,0x07,0xa5,0x05,},"\xa1\xf4\x0e\xc5\x80\x7e\x7a\x27\x06\x9a\x43\xb1\xae\xbf\xf5\x83\xef\x03\x70\x28\xc0\x2c\x85\x95\x25\xeb\x8f\xa4\xc3\xba\x95\xa9\x01\xff\x3a\xed\x78\xc4\xf8\x77\x52\xfb\x79\x55\x22\xf5\xbf\x71\x5b\xe7\xe3\xde\xfa\xc1\x0f\xcf\x17\xe3\xfa\x5c\x54\xb2\x00\x89\xa4\x72\x33\x33\x27\x25\x2e\xc9\x45\x71\x8f\xb4\x55\xe3\xf2\x7c\xcf\xde\xf8\x23\xd1\x2d\x40\x6e\x62\xa4\xae\xba\x3c\xb9\xd1\xc6\x1b\x2b\x17\xe4\x9e\x20\x0a\x84\x18\xf9\x35\xf2\x6e\xeb\x57\x60\x2c\x7a\xa3\xb3\xa2\x4f\x7e\x62\x38\xd3\xe0\x8d\x2d\x60\x9f\x2e\xad\xa0\x33\x2b\xc8\xcb\x12\x91\x6c\xb0\x3b\x0d\x4f\x9c\xd6\x02\x00\x25\x86\xd3\xe4\xcc\x7e\x0e\x03\x81\xc0\x45\xad\x2e\x1e\xe2\x82\x98\xae\x7f\xcf\x0c\x10\xf2\x12\x80\x85\x65\x29\x6f\x15\x8d\x2c\x32\xe8\xcb\x28\x15\x65\x81\xaf\x52\xbf\xc3\x47\x0c\x3c\x95\x82\x13\x8d\x22\x55\xe8\x42\x6d\x64\x8c\xa2\x37\xd7\xaa\xd2\x85\x6f\x17\x16\x38\x55\x82\x41\xd8\xae\x3f\x62\xba\x92\xdb\x59\x65\x68\xed\xee\x3e\xc0\xef\x37\x0f\x83\x62\x6a\xa0\x44\x5a\xf0\x8f\x96\x78\x63\x66\x0e\x8f\xba\x5a\x41\xc8\xe8\xed\xe1\xc9\x60\x51\x4a\x14\x68\x7a\x4a\x81\xe7\x76\xae\x0e\x8e\x77\x7f\xb0\xf2\x50\xd5\x1a\x83\xb5\x5f\x8c\x1f\xfd\xd7\x8d\xf3\xbd\xc9\x7f\xf1\x77\xaf\xec\xa0\x46\xc7\x2d\x72\xaf\x92\x4a\xd0\xd0\xab\x2b\xfc\x11\xb7\xf4\xab\xde\xd5\x1c\x39\x87\xa8\xbb\x94\xd6\x40\xc8\x71\x0e\x5f\xc9\xa4\x19\x0e\x8a\x00\x83\x63\xd7\x41\x9c\xea\x17\xc4\x0d\xea\x20\xea\x51\x56\x02\x9f\x3d\xeb\xf0\x52\x41\x91\x8f\x54\xaf\x50\x39\xe2\xc4\xcf\x2c\xa2\xe1\x39\xf6\x0e\x45\xcc\x65\x59\x5c\xdf\x54\xa6\x7d\x92\xb6\xac\x66\xfc\x0c\x5a\x29\x04\x95\xca\x57\xb0\x7e\xf5\x75\x0d\x05\xf5\x7d\x87\xd0\xc2\x28\xf7\xe4\xe1\x5a\xd0\xba\x01\x78\x73\x0f\x95\x1c\x69\x75\x83\x48\x1c\x66\xcb\xfc\xd4\x80\x32\x54\x4a\xa8\xd5\x09\x08\x30\x4b\xd8\x19\x40\x30\x87\x06"},
+{{0xda,0x59,0xbb,0xc5,0x23,0x40,0x4f,0x07,0x64,0x6a,0xdd,0x79,0x08,0x29,0x49,0x77,0xe4,0x66,0x45,0xbc,0x8a,0x38,0xba,0xd2,0x80,0x96,0x41,0xa2,0x3d,0xe3,0xb1,0x5a,},{0xb2,0x2c,0x0f,0x21,0xaa,0x1c,0x2d,0x45,0xf4,0xb2,0xe5,0x6c,0xc9,0xb5,0xe0,0x2f,0x9e,0x31,0xa2,0xea,0xa3,0x67,0xec,0xb4,0x82,0xf8,0x74,0xcb,0xd8,0xe9,0xfe,0x34,},{0x14,0x72,0x45,0x9c,0xbb,0xae,0x2c,0xf2,0x1c,0xe4,0x4a,0x15,0xba,0xe9,0xfc,0x85,0xdc,0xa4,0x0b,0x81,0x82,0xda,0x7d,0x52,0xcb,0xf5,0x6e,0xd5,0x38,0xd1,0x8e,0x03,0x47,0x7c,0x14,0x0a,0x3d,0xdd,0x0e,0xfb,0xa4,0x3c,0x96,0xaa,0x92,0xf5,0xf9,0xbc,0xdf,0x34,0x81,0x28,0x6c,0xe7,0x62,0xa7,0xe2,0xbd,0x1e,0x77,0x9b,0xa9,0x9b,0x0d,},"\x09\x71\x06\xc3\x62\x4d\x77\x4d\xde\x25\x51\xe0\xc2\x7e\x19\x50\x4e\x65\x18\xcc\x86\x36\x9a\xb2\x6f\xf8\x10\x96\x9e\x7d\xe2\x4a\xbc\x68\xb4\xb5\x3f\x11\xd9\x45\xd4\x9e\xf0\x78\xeb\x4f\x6b\xa6\xbf\x25\x7f\xf7\xb6\x08\xaf\xdc\xb3\x0a\x5c\x59\xa7\x56\xfd\x77\xa6\xc1\x24\x7f\x6f\x2a\x41\x10\x0d\x99\xfc\x52\x06\xaf\x3b\xcc\x6d\xe1\xd3\xe4\x96\x8e\x28\xfb\xa0\x12\x3f\x60\x45\xa1\xb5\x4d\x69\x3a\x42\xbd\xfa\x07\x1b\x2b\x91\x4b\x3c\x3c\x0c\x29\xb2\x59\x3d\x07\xe8\xbd\xc8\x6c\xa4\x2a\xc5\x55\xb7\xdc\xd9\x43\x9d\xf9\xfb\xd4\xbb\xec\x73\x0d\x63\x27\xbf\xae\x4f\xc4\x1e\xd4\x98\xb4\xf0\x4a\x0e\xb1\x4c\xee\x60\x82\x83\xaa\xa6\xe6\xaa\x46\x67\x6b\xc8\x8a\xed\x5d\x99\x39\x03\x7a\xad\x49\x15\x66\x1a\xf9\x4b\xb5\xf6\xe6\x53\xa2\xca\xc1\x23\x28\x70\x73\x27\x0e\x0b\x13\xfd\xa1\xdd\x48\x71\xaf\x6a\x92\xf9\x92\xf5\x39\xdf\x88\x17\x12\xfe\xfb\x03\x85\x40\xd4\x11\x91\x12\x3b\x6b\x3b\x4b\x6f\xf8\x7f\xfc\x92\x9a\x6b\xe5\x3c\x6c\xef\x02\xf4\x8f\x2f\x0c\xf2\xfe\x64\xa4\x5f\xd6\x60\x25\xcc\x2d\x7e\xe5\x5e\xbe\x23\x16\xc0\x00\x85\x56\x61\x16\x5e\x2a\x5b\xa4\x1a\xfc\x20\x97\x95\x7b\x6f\xe4\xc5\x52\x21\x20\x4b\x6f\xc1\xf3\x17\xdd\x3b\xa1\x3c\xac\x39\x92\x40\x26\xbd\xb6\x6b\xe4\x54\x22\x68\x87\x56\x31\xd2\x77\xf2\x10\x10\x7a\x33\x76\x7f\x6d\x95\x96\xe2\x57\x42\xd7\xa9\x0e\xa7\x91\xea\x4b\xc9\xee\x84\xa6\x7f\xd3\x28\xb8\x0f\x79\x1e\xde\x96\xd8\x96\x63\xe9\x37\xf0\xb7\x55\xba\xa9\xd5\x2b\xda\x21\x0c\xee\x1d\xb3\x39\xff\x1d\x3c\x4b\x00\x0b\x65\x3b\x9b\xde\x33\x80\x49\xaf\x84\x36\x4e\x21\x77\xf8\x0d\xd5\x1e\x2a\x16\x72\xee\x55\x5d\x63\x17\x58\x9f\x6f\x1d\x5a\xbe\x6c\x28\x77\x35\x8b\xf9\x4b\x0b\x80\x8f\xf8\x57\x36\x3f\xbf\xbe\x32\xe9\x73\x37\xe4\xb8\xa8\xc2\x21\xa9\xe7\x59\x62\xa8\xdc\x9b\x5a\x3d\x7c\xa5\xf9\xc9\xb6\x1c\x73\xc1\x46\x9a\x72\xbd"},
+{{0x40,0xea,0x82,0xda,0x41,0xfd,0x15,0xb0,0x6f,0xfe,0xb9,0x9c,0xd6,0x16,0xdc,0x6b,0xc8,0xc1,0xb2,0x14,0x77,0xea,0x23,0x94,0x66,0x08,0x8e,0x28,0x49,0xbf,0x10,0x16,},{0x59,0x10,0xe5,0x80,0xbf,0x41,0x2c,0x31,0xa8,0x74,0x51,0xd9,0xdd,0xf3,0x2b,0x3a,0xb7,0x13,0xf9,0xe4,0xa2,0x2c,0x59,0x0c,0x64,0x1c,0x14,0xa5,0xdf,0xbb,0xe0,0xd7,},{0xd2,0x98,0xfc,0xc9,0xa8,0xec,0xb7,0x6a,0x98,0xd4,0xa7,0x1d,0xfb,0x01,0xd2,0x76,0xab,0x2d,0x96,0x70,0xa9,0x5b,0xab,0x34,0xcf,0x1d,0x83,0x64,0x51,0x6d,0x1e,0xbd,0xb2,0x39,0x03,0x46,0x02,0x15,0x30,0x71,0x25,0xaf,0xd0,0x9c,0x75,0x8e,0x98,0x1a,0x45,0x2d,0xa9,0x5c,0x0a,0xc2,0xc0,0xb9,0x58,0xc6,0x91,0x7e,0x68,0x74,0x19,0x0d,},"\xa0\x6c\x4e\x02\xb8\x3a\xb7\xe1\x91\xad\x81\x8c\xb8\x18\x7b\x52\xa8\xda\x00\x4f\xe8\x38\xdb\x33\x3c\x4e\x02\x54\x8d\xb6\xbd\xf7\x91\x44\x46\x42\xe5\x7f\xdb\xc8\x59\x4e\x59\xd7\x02\x32\x80\xbb\xae\x82\x98\x6f\x39\x98\x05\x43\x4b\xb0\x72\xc8\xa2\x7a\x2d\xcd\x5a\xa6\x2f\x06\x5b\xc5\x8b\x06\x21\xfc\xd3\x65\xf6\xcd\xbf\x4d\x57\xd5\x77\xd9\x11\x50\x30\x1f\xa4\x8f\x18\x2f\x87\xe8\xdc\xa7\xce\x45\xa7\xd6\x48\x45\xff\x43\x4d\x1b\xab\x05\x34\xcc\xc8\x3a\xa0\x97\x4e\x88\xb3\x8f\xc2\x50\x8c\xef\xcb\xbc\x82\x13\x5b\x73\xb3\x84\xc8\x0e\xcc\xb8\xa0\x9e\x28\x73\xcc\x07\x12\x90\x21\xd8\x1c\xe1\x29\xa9\xdf\x65\xe6\x13\x41\x0a\xf9\x50\x19\x7d\xbf\x9a\xfc\x28\xed\xc4\xe6\x5c\x3e\x84\xda\x40\xd2\xef\x84\x1b\x88\x6b\xc4\x47\x19\xa5\xd5\x9d\xb2\xc6\xdc\x77\x64\x01\xc8\x95\xe2\xb3\xc8\x37\x83\xd7\x81\x7b\xba\x68\xba\xff\x59\x47\x0d\x60\x15\xbb\xa8\xd9\x75\xf0\xeb\x71\x2f\x3b\x89\x02\x91\x28\x05\x52\x3a\xa7\x1c\x90\x49\x9d\xe6\x89\xd3\x1a\xe4\x4e\x21\x0b\x84\x46\xf2\x48\x47\x27\xcc\x49\x1b\x92\xa8\xe8\xb1\x99\xd6\x28\xe1\xdf\x79\xa2\x8c\x56\x1e\x5a\x7d\x88\x2e\x30\x78\x7d\x08\xfb\x2d\x51\x96\xba\x61\x19\x63\x09\xb3\xbf\x0c\x58\x24\xa3\x54\x8c\x70\x00\x03\xfe\x99\x13\xbe\xfe\x12\x22\x31\x50\x01\x26\x85\xe9\x07\x20\xe9\xec\x6b\xc4\xdb\x60\x74\x25\xae\xc5\x31\xc4\xfa\x36\x08\x6d\x3b\x9b\xe3\x91\xa3\xf0\x46\x35\xa8\x07\x7a\x44\x7a\x16\xa6\xfd\x89\xaf\xbb\x9a\x72\xd0\xd3\x55\xcb\x0b\x22\xd5\x62\xf4\x3f\x59\xd4\xe3\x71\x28\xb3\xe2\xd9\x06\xc8\xae\x23\xd0\xaa\x59\x9c\x70\xd3\x77\x8a\x07\x6c\x1a\x39\x72\x8f\x1d\x69\x37\xbd\x48\xb9\x78\x74\x08\x50\x56\x61\x38\xd3\x48\x52\xb6\x30\x75\xe8\x9a\x8e\x22\x80\xed\xba\x6f\x4e\xe8\xf6\x15\x11\xe9\xb7\x68\xe9\x5c\x78\xd1\x97\xb6\x93\xb1\x09\xe8\x88\x18\xb4\x86\xa9\xdf\xdb\x74\xb4\xc5\x55\x0a\xcd\xfb\xd5"},
+{{0x28,0xbb,0x81,0xa1,0x7d,0x45,0x84,0x75,0x4d,0x52,0x81,0x8c,0xd0,0xf1,0xf2,0x1b,0xaa,0x77,0x7e,0x69,0x58,0x44,0xa1,0x51,0x22,0xac,0x05,0x34,0x4d,0xdd,0xc0,0x27,},{0xd5,0xf6,0x1d,0x51,0x99,0x44,0xd1,0x3b,0x84,0xbf,0xa7,0xcd,0x67,0xcb,0x0b,0xea,0x4e,0xf2,0x28,0x1e,0xfa,0x46,0x1f,0x22,0xad,0xe4,0xba,0x88,0x2d,0x11,0xb2,0x52,},{0x9c,0xe4,0x5a,0x07,0xdb,0xd2,0x8d,0x3f,0x6f,0x1b,0x35,0x63,0x0a,0x3f,0xd5,0x6f,0x1d,0x54,0x8f,0x84,0xff,0xb1,0xc6,0xae,0x64,0xb2,0x14,0x98,0xae,0x38,0xe5,0x96,0x91,0x6e,0x77,0xf7,0x99,0x05,0xe6,0x09,0xfb,0x1a,0xe0,0xda,0x36,0x13,0x8a,0x80,0xf2,0x42,0x12,0x21,0x67,0x06,0x80,0x92,0xcc,0x60,0x57,0x96,0xc5,0x66,0x9e,0x06,},"\x92\xe8\x4c\x7a\x55\xb0\xbe\xa0\x3e\x17\xcf\xb6\x5f\x70\x85\xce\x3f\x44\x5b\x15\x42\xba\xe9\x97\xde\x5f\x09\x2a\x24\xff\x24\x33\x80\x28\x6d\x13\x70\x91\xa5\x98\xf3\x5e\x6d\xae\x1a\x1c\x64\x8f\x5a\x49\x4c\x81\x9d\xfb\x24\x06\x52\xff\x90\x83\x81\xf3\x2d\x70\xbc\x51\x31\x00\xac\xa1\x6f\xe7\x22\x02\x95\xb1\xc7\x18\x35\xf1\x6d\x93\x10\xa9\xd2\x7a\x04\xa9\x80\xac\xe2\x97\xd5\xaf\x3f\x7c\xb7\xc7\x8b\x24\x99\x7c\xcb\x41\xf5\x4e\xcb\xab\x50\x7e\xb7\x3e\xa6\xa3\xed\x47\x0e\x49\x59\x05\x09\xf5\xd1\xe6\x03\x2a\x26\x05\xdb\x87\xf4\xa9\xb9\xec\x91\x60\x25\x83\xf1\x4e\x2f\xe1\xbd\xb9\x00\xec\xb8\x97\x11\x96\xb5\x5c\x0d\x43\x34\x89\xf2\x6b\xe9\xca\x15\x7c\xbd\x56\x57\x28\x87\xba\x85\x9f\x39\x67\x4a\x8e\x0c\xa0\x8f\x2d\xbb\x0f\x27\x07\x35\x51\xd0\xb1\x99\x06\x85\x17\x8b\x1a\xe9\xe7\x88\x54\x99\x14\x3d\x9d\x72\xc8\x57\x1d\x11\xe0\xd8\x5b\xf5\x8d\xf9\x4e\x2a\x74\xd9\xb6\x84\x65\x57\xf9\x12\x5c\xa0\x94\x4c\xe5\x71\x8d\x2c\xba\xe1\x67\x2b\xa0\x2b\x84\x7c\x17\xa6\xf6\xb4\x45\x63\x4d\x2f\x01\x75\xa7\x5c\xf6\x88\x3c\x62\xe5\xb5\x21\xc5\x71\x41\xf2\x18\xb2\xfb\x09\x94\xb3\x72\xa7\x16\xc4\xa2\x17\x43\x4b\xea\xb7\x57\x40\xb8\xe9\x1c\x62\x21\x87\xd0\x3c\x85\xda\x00\x1e\x00\x24\x73\x12\xa4\x65\x22\x5f\x5d\x6a\xf2\x32\x06\x4a\x42\x7d\x30\x18\x70\x0d\xed\x77\x4b\x90\x26\x77\x7a\x52\x75\xfc\x04\x75\x46\x06\xc8\x66\x00\x29\x7b\xf7\xb7\x1a\xaf\xf8\xb9\xa7\x46\x67\x7a\x36\x62\xf3\x75\x0e\x81\xb5\x01\x66\xf6\x23\x70\x00\x05\x1f\xfa\x15\x86\x8d\xef\xdf\x09\x00\x57\x72\x2a\xe2\x29\x96\x4a\x4e\xa0\x85\xe0\xdb\xc0\x4c\xe1\x99\x77\x22\xc5\xbb\x65\xd2\xb4\x7e\xcb\x74\x6f\xd8\x3a\x9f\x6a\x69\xc8\x15\x45\xa9\xb5\x02\xf5\xe7\x6d\x31\x30\xc5\xaf\xcb\x1c\x9a\xf9\x9d\x91\x87\x40\x83\x7c\xe8\x9d\x7c\xd2\x13\xfe\xf2\xfd\x06\x2c\xe8\x85\x0f\x69\x65\x9e\x4a\xd3\x27"},
+{{0x24,0xbf,0xd4,0xfc,0x45,0xd5,0x09,0x35,0x85,0x67,0x81,0x01,0xcf,0x56,0x3a,0xb8,0x01,0x1f,0xd6,0x43,0x0d,0xe1,0x55,0xf2,0xa4,0x25,0xf0,0x63,0x3e,0xe3,0xb7,0xcd,},{0x9c,0xf5,0xc5,0xfc,0x0c,0xcf,0xae,0xb2,0x8a,0x08,0xba,0x67,0x70,0x7b,0x18,0xdc,0x84,0xea,0x06,0x98,0xff,0xbd,0xbc,0x16,0x9a,0x09,0xc2,0x81,0x23,0xe6,0xc2,0xac,},{0xdc,0x93,0x5b,0x60,0xfd,0xe4,0x43,0x59,0xaf,0x8f,0x50,0xed,0x7f,0x91,0x9f,0x48,0x3c,0xe3,0xf2,0x4e,0x23,0x20,0xc5,0x5b,0xa9,0x2f,0x3e,0x76,0x17,0xc1,0x9b,0xfb,0x54,0x70,0x19,0x03,0xff,0x18,0x3b,0x42,0xcb,0xed,0xfe,0xf0,0x87,0x5f,0x42,0xb1,0x28,0x75,0xd3,0x6a,0x0a,0xee,0xc7,0x3f,0xfd,0x09,0x50,0x9d,0x92,0xb2,0x8b,0x0d,},"\xba\x54\x12\x8f\x45\xbe\x20\x01\xdb\xb0\x60\xd5\xdc\xc4\x71\x44\x99\x74\x15\xd4\x29\x4f\x6e\xba\x8d\xce\xba\x4f\x6c\xf2\x23\x46\x83\xc4\x26\x5f\x88\x03\x22\x05\x29\x6e\x9b\x27\xd6\x85\x06\x23\x2d\x57\xb6\x88\x40\x76\x48\xf8\x7c\xeb\x34\x20\x52\xbd\xe9\xd0\x06\x55\x42\xff\x17\x15\xc9\x42\x02\x7e\x67\x48\x2a\xf4\xbc\x27\x8f\xf7\x19\x66\xfb\x3f\x62\xa2\xa5\x32\x3c\xb1\xb4\xba\xe1\xe7\xb8\xfe\xdc\xbc\x73\xea\x05\xb4\x07\x64\x21\xb0\xb4\xfa\xe8\xbc\x33\x37\x41\x6a\x17\xfe\x12\x4e\x7e\xe4\x65\xeb\xb3\x8d\x87\x92\x30\x64\x29\xd8\x27\x9a\x1b\xd5\x4c\x37\xbe\xe8\xf9\xc8\x5e\xeb\xe3\xaf\xd1\xf6\x44\x89\xd4\xe5\x3a\xc5\xf5\x06\x57\xbb\x6f\xfb\x97\x12\x07\x44\xb7\x5d\x47\xc6\x22\x6d\x5a\x9c\x9c\x26\x4e\xe3\xe6\xa6\xde\xd0\x50\x62\xca\x10\x06\x66\x91\x18\x45\x45\x50\x01\x09\x19\xc2\x63\x3c\xf0\x86\x95\x03\x45\xe5\x14\xaf\x38\x43\x14\x8e\x5c\x64\x35\x2e\x69\x03\x7d\xfe\x60\xd4\xa8\xea\xb3\xeb\x8c\xb5\x4b\xd3\x9a\xf2\xf3\x53\xd5\xde\xd2\xe2\xbc\x8b\x11\xc0\x9f\x61\x2e\x12\x8c\x6e\xfa\x41\xf6\xeb\x2c\x95\x80\x87\xbe\x34\xc6\x33\x5a\x43\x00\x5d\x11\xa9\xd3\xb5\xa5\x29\xc2\xd1\xb0\x64\x2f\x77\xaf\xdd\x8c\x6b\x1d\x6f\xb2\xa9\xdc\xb6\x5f\x42\xf4\xec\xa8\xea\x9a\x05\x40\x58\xbe\x86\x13\x66\x76\x10\xe3\xee\xd8\xd1\xdf\x07\x39\xec\xa1\x71\x95\x41\x17\x98\x9d\x1b\x12\x18\x9a\xb5\x79\x04\xaa\x96\x0b\x0c\xa8\x55\x41\x74\x63\x85\xef\xa9\x85\xbe\x9d\x97\xb5\xa9\x02\x99\x89\xa9\xc7\x14\x98\xdf\xab\xdb\x81\x36\x81\xf5\x7e\x27\x6b\x64\xdb\x49\x1b\x8f\x08\x2a\x88\x51\x45\x46\x9a\x53\x1b\x7f\x9f\x04\xca\x0a\x2c\x2f\x8d\xff\x20\xcc\xb9\x9c\x28\x61\xf5\x4e\x5e\xaf\xa9\x62\xcc\x53\xea\xf1\x8d\x3d\x5e\x50\xd3\x37\xaf\x48\x5f\x19\x97\x5f\x05\x93\x07\x00\xa8\xa7\x25\x3f\x11\xf1\x84\x13\x0d\x0a\xee\x70\x96\x9d\x96\xfe\x08\xf2\x16\x95\x1d\x9d\xce\xd5\x23\x88"},
+{{0x2f,0xc2,0xf9,0xb2,0x05,0x0a,0xd7,0xd1,0x39,0x27,0x3e,0x93,0xe2,0xa0,0x45,0x1c,0x7b,0x5c,0xce,0x57,0x59,0x9a,0xa6,0xb0,0x8d,0x3e,0xdc,0x5b,0xb0,0x75,0x90,0xc8,},{0xff,0xe5,0xa1,0x78,0x80,0xd7,0x18,0xcc,0x79,0x88,0xc2,0xfd,0x98,0x25,0xb0,0x3b,0x93,0x45,0x0a,0xc1,0xde,0xb8,0xfb,0xd1,0xf1,0xbf,0x3b,0x8f,0x87,0x80,0x59,0x54,},{0x7a,0xff,0x16,0x2a,0x3c,0x0d,0x28,0xdf,0xf4,0x17,0x15,0xa9,0x74,0xaf,0x07,0xec,0xac,0x21,0x32,0xfc,0x18,0xbc,0x43,0xa1,0x98,0xfe,0x66,0x46,0x59,0x05,0x0d,0xa1,0x9a,0xe2,0x27,0x58,0xd5,0x2c,0x9c,0xbb,0x94,0xf1,0x35,0x8b,0xb0,0x26,0x10,0xa8,0xa3,0x51,0xc2,0x11,0x62,0x79,0xe7,0x24,0x5a,0xdf,0x69,0x67,0x5d,0xfd,0x36,0x0a,},"\xdc\x12\x97\x99\x0c\xc0\x27\xd5\x6d\x1f\xee\x26\x5c\x09\xbc\xf2\x07\xa9\x58\x3e\x6b\xab\x8d\x32\x47\x82\x28\xe0\xbc\x30\x5b\x98\x18\x15\x4c\x33\x8c\xee\xc3\x4b\x04\xc4\xad\xe7\xac\x61\xdc\xb0\x9b\xfa\xc8\xad\xe0\x0d\x1f\x29\xde\x31\x70\x60\xb8\xa4\xda\xf1\x98\x7d\xe4\x09\xca\x2c\x3f\xe4\x38\x00\x88\x07\x3c\xcf\x48\x5e\x9a\x69\x51\x6b\x5b\xbb\x41\x30\xf2\x0b\xe6\x9b\x2d\xd6\xa9\xb4\x65\x15\x9c\xca\x1a\xc8\x8b\x32\x8b\x80\xc5\x1b\x66\xaf\x7f\x4c\x50\xf6\x22\x87\x72\xf2\x87\x34\x69\x3c\xe4\x80\x5a\x41\x63\xdf\xf1\x4b\x4d\x03\x98\x11\xee\x3f\xce\x65\x93\x54\x44\xa6\xea\x9a\x72\xd7\x8b\x91\x5c\x9c\x3b\x76\x6c\x60\xb7\xe0\x32\x9e\x43\xc9\xc5\x7e\xde\x94\xb9\x15\x25\xce\x5a\x07\x5a\x72\x97\x21\x97\x72\xef\x3c\x02\x96\x49\xb5\x86\xa9\x5a\x73\xbb\xdf\x16\xd8\xfc\x20\x36\x8d\xe4\xba\x44\xde\x10\x64\xbe\x58\x26\xb3\x76\xbe\x31\xa8\x6c\xa4\x78\xa5\x2e\xfb\x98\xf1\xfa\x33\x31\x57\x71\x9b\xd6\xe0\xda\x80\xed\x68\xd0\xef\xea\xfe\xe5\xa1\x3b\xcc\x3b\x45\x75\x25\x25\x8f\x1f\x7e\x03\x1f\x7b\x40\x3a\x46\x15\x06\x92\x7b\x1e\x6c\x7d\x4a\x0c\x8d\x84\xb5\xf3\xdd\x0e\xb8\xbd\xb1\x3e\xdc\x2b\x51\x4a\x81\xd0\x88\xeb\x07\x7a\x52\xc8\xa8\x31\x86\x1f\xee\xe8\x11\x0e\x41\xa3\x25\xdc\xe2\x06\xb2\xd6\x7d\x25\xf9\x0e\xf5\x7e\x0f\xde\x70\x9f\x3e\x5a\x39\xc0\x4e\xed\x31\xe5\x7c\x19\x3b\x28\x3e\x2d\xa7\x27\x9e\xe3\xf1\xee\xd4\x82\xb3\xbb\xcd\x37\x39\x02\xc1\xdf\x81\x1a\xc3\x3e\x1d\xe0\x64\x29\xe8\xf8\x44\x3f\x60\x20\x19\x65\x0b\xdc\x2e\xe8\xd7\xf6\x50\x03\x6a\x7a\x22\xb8\xfd\x88\x51\x75\x11\x22\x9c\x72\x9a\x32\x69\xb3\xa3\xe8\xfc\x72\xb0\x1b\x5a\x4b\x3e\x33\xf5\x27\x2f\x3a\xd2\x16\x29\xd0\x8b\x1f\x71\x79\x35\xe9\xe1\x04\xad\xd2\xf0\xf2\x03\x34\x32\xbe\xc8\x2e\x21\x21\xd9\x8c\x9c\x1a\x58\xe0\xda\xba\x25\x53\x6a\x1b\xe8\xe5\x08\x83\x47\xf4\xa1\x4e\x48\xd8\xe3"},
+{{0x8a,0xfe,0x33,0xa0,0xc0,0x8a,0xa3,0x48,0x7a,0x97,0xdf,0x9f,0x01,0xf0,0x5b,0x23,0x27,0x7d,0xf0,0xbb,0x7e,0x4c,0xe3,0x95,0x22,0xae,0xc3,0xd1,0x78,0x16,0xe4,0x67,},{0xd0,0x04,0x37,0x0e,0x6e,0xdc,0x34,0xb3,0xe8,0x81,0x86,0x67,0x21,0x6f,0x5b,0x22,0x6b,0x0f,0xf7,0x5a,0x58,0x48,0x4c,0x86,0x16,0xe1,0xa8,0x66,0x44,0x4c,0xab,0x57,},{0x63,0xa8,0xae,0xac,0x02,0x5f,0x2d,0xde,0x9a,0x73,0x28,0x6e,0x56,0xc2,0xd6,0x2d,0xcb,0x79,0xa2,0x41,0xba,0x0b,0x2e,0x2d,0xba,0xca,0x87,0x52,0xed,0x2f,0xc8,0xcc,0x7a,0xb8,0xe6,0x60,0x0b,0x67,0x64,0x5f,0xb5,0xe8,0x18,0xa4,0xe8,0x2c,0x29,0x18,0x0a,0x6b,0x2c,0x3f,0x58,0xd0,0x99,0xcb,0x63,0x5c,0xe5,0x2b,0xdc,0x15,0x70,0x04,},"\x86\xfb\x74\x1f\x1b\x97\x08\x92\x91\x95\x03\x1a\xa1\x64\x5f\xb7\x09\xa8\xae\x32\x3f\xff\x85\xe5\x47\x01\x94\x45\x2e\x11\xb7\xb1\x27\x91\x94\xb5\xe2\x42\x7c\xe2\x3e\x1d\x74\x9c\x3d\xdf\x91\x0b\x01\x7e\x4f\x2d\xff\x86\xdb\xe4\x82\xc9\x1b\xd9\x94\xe8\x49\x3f\x2e\x68\x24\xbb\xa3\xbc\x7d\x7a\x84\x5f\x21\x7a\xe9\x76\x0b\x3c\xd0\x02\x26\xd9\xff\x26\x16\xd4\x52\x75\x1a\x90\xc3\xd0\xd3\xc3\x6d\x4a\xb4\xb2\x52\x0f\x67\x28\x81\x71\xbd\x3a\x34\xb2\xea\xca\xe8\xd4\x4c\x1e\x15\x3d\xda\x1f\x90\xbc\xd3\x59\x5d\xad\x37\x71\x3b\x8d\x34\x01\x56\xea\x90\xa4\xe1\x35\x95\x1b\xa7\x16\x9a\xc1\x75\x57\x8b\x81\xe9\x7a\x54\x1a\xb9\xbf\xb7\x63\x28\x79\x8d\x7d\x63\x1c\x14\xdf\x2a\xd6\x13\xe9\xc6\xe1\x14\x7a\x0e\x84\x06\x2d\xdb\xa0\x35\x85\x9d\x46\xba\xde\x5f\xad\xd9\xb3\x2b\x43\xda\xd4\x83\xc6\xb8\x02\x3b\x32\x39\x1e\x51\xef\x15\x20\xc6\x8c\x61\x91\x32\x6c\x49\x44\x23\x08\x0c\x62\x3d\xc4\xad\x0a\xa0\x74\x74\x8d\x82\x6c\x29\x64\x4c\x38\x98\x6a\x77\x00\x2f\x0c\xab\x90\x68\xe6\xc9\xec\x73\xcc\x2e\x0c\x58\x4b\x80\xe0\xbc\x37\x57\x21\xf7\xa8\xfc\x35\x31\x7a\x5e\x24\x0e\x8c\x66\x09\x2f\xb6\x30\x5b\x01\x2c\x70\xe1\x7a\xea\xff\x13\x38\x6d\x5e\x28\xd0\x64\x30\xca\x58\x5b\x0c\x85\xb2\x74\xe7\xfc\xbb\x63\xe3\x42\x3a\x98\x25\x79\xe5\xa6\x4a\x02\x62\xc4\x19\x08\xe5\x5d\xbe\x43\xda\xc1\xe5\xcc\x1b\xb7\x29\x8b\xe4\x28\x72\x0a\x12\xe3\xb0\x72\x55\x9e\xc2\x67\x5d\x45\x7a\xaf\x8f\x13\x25\x2e\x28\xaa\xd6\x3c\x15\x13\xf5\xf2\x39\x56\x4d\x36\x3c\x85\x05\xff\xa4\xe5\x0f\x66\x48\xc1\xcb\x82\xbb\xa8\x52\xbf\xf0\xac\xb0\x30\xcb\xe7\x3f\x05\x9d\xd8\x7b\xbd\x73\x18\xc5\x58\x6e\x70\x86\x18\xa4\xf4\xc9\xf3\xbe\xc3\xf4\xf0\x7c\x60\x9e\xeb\xb2\x4b\xa8\x78\xc6\xbf\x1e\x4f\x2d\x0f\xd1\x45\x0a\xb9\x4e\x31\x75\x52\x17\x78\x6f\xb1\x51\x82\x76\x0f\xfb\xe5\xa2\x67\xcb\xe9\x98\xa4\xff\x90\xa2"},
+{{0x6d,0xc7,0xcc,0xf3,0x29,0x37,0x8e,0x81,0x31,0xb6,0xde,0xfc,0xd8,0x93,0x70,0x30,0x10,0x68,0x94,0x63,0x36,0xb0,0xb7,0x62,0xac,0x5e,0xa5,0x14,0x87,0xdb,0xd3,0x9e,},{0x04,0xe9,0x0d,0x27,0x5e,0x79,0xdf,0x5f,0x2b,0x6e,0xf4,0xa3,0x15,0x05,0xaa,0xc0,0x5a,0x69,0x45,0x9b,0xaf,0x2c,0x58,0x1b,0x3c,0xe3,0xdb,0x29,0xf0,0xf1,0xfc,0x14,},{0x04,0x50,0x9d,0xb0,0x03,0xa1,0xa6,0xed,0x3f,0xbc,0xec,0x21,0xac,0x44,0xec,0x10,0xcc,0x06,0xd7,0x9f,0x27,0x14,0x96,0x08,0x82,0x17,0x03,0x16,0x27,0x5d,0xf8,0x04,0x23,0xa1,0xc1,0xa1,0x12,0xd8,0x81,0xfc,0x24,0xd2,0x81,0x25,0x26,0x07,0x90,0x58,0xaa,0x8b,0x60,0x8b,0xfc,0x6b,0x5e,0x57,0x63,0x22,0x40,0xc6,0x36,0xd6,0xeb,0x00,},"\x20\xce\xbb\xe9\x84\x01\xac\x89\x34\xc3\xe6\x5a\x57\x38\xcb\x0e\xc0\xcd\xc7\x5f\xdb\x09\xdc\x96\x31\x28\x94\xb1\x87\xc0\xa4\x6d\x2c\x38\xf4\x85\x5b\xe3\xee\xcc\xdc\xdc\xc5\x6d\x92\x6a\x8c\x08\xce\x6e\x74\x8e\x2a\x85\x8f\x53\x53\x2e\x7e\x5f\xc5\xf7\x01\x4c\x8c\x6f\x86\x31\x0c\xc2\x6e\xfe\xf3\x0a\xe5\x25\xa5\x15\x79\x40\xab\x53\x5e\xd8\xe4\x03\x11\x2b\x08\xe3\x5e\x2b\xb3\xdd\x91\xa9\xae\x8f\x77\x2d\x2a\xff\x37\xd8\xc4\x0d\x2b\x5c\xc8\x87\xa6\xf1\x50\x50\xa0\xf5\xbc\xf0\x36\x0c\x3a\x9d\x12\xd5\x91\x86\x55\xed\xc3\xc1\x3c\x86\xba\x6f\x4a\x2f\xa3\xbf\xcd\x40\x5e\xd3\x8f\x87\x1c\xf7\xdf\xf0\xf7\x5d\xaf\x2c\x32\x10\x84\xee\x9f\xa8\x12\x11\xad\xb1\x05\xb2\x5c\x22\x88\xf0\xf2\xf7\xf9\x3e\xf6\x56\xb2\xde\x19\x01\x22\xe7\xa4\xbf\xd4\xa1\xbd\x98\x93\xa8\x48\x5b\x50\x9f\xf0\xbc\x46\xcc\x96\x10\x51\xc1\xdb\x5a\x12\x49\x0c\x7e\x74\x19\x22\xcc\xc0\xa6\x65\x49\x64\x70\x27\x6f\x69\xc7\xb7\x70\x98\xc1\xe6\x70\xaf\x6b\x9f\x85\x12\x52\x99\x68\x75\xeb\x80\x35\xa8\x17\xfa\x9b\xe0\x7f\x2b\xe0\xbb\xb1\x20\x25\xe0\x56\x54\x14\xc8\x17\xe9\x42\x1a\xc7\x00\x37\x38\x93\x86\x2f\x24\xcb\x16\x5f\x9a\x27\x1a\x64\xfd\x23\x05\xc6\x67\x2c\x46\x76\x7f\x8f\x07\x5b\xe5\xd2\xd4\x07\x9b\xfa\xdc\x39\x56\x28\x8b\x02\x15\x60\x53\x11\xb5\xbf\x32\xf0\x03\x7b\x7c\x5a\xd5\x02\x01\x3e\x82\xae\x34\x19\xd9\xd8\xf3\x9c\x54\x5b\x58\x88\xf4\x71\x06\xc9\x4d\x5f\xd6\x08\x4d\x26\x03\x4a\x99\xf5\xdc\xbf\x26\xa8\x4e\xb4\xee\x14\x9c\x62\xa0\x41\x0d\x8c\x70\x7b\x1a\x9b\x07\x1f\x74\xed\x23\x93\x25\x85\x07\x2c\xe6\xcb\xd3\x3d\x4d\x54\xee\x91\x79\x16\xf5\xdf\xc6\x4d\x26\xa4\x98\x01\x84\x38\xb4\x55\x73\x93\x45\xdd\x60\xae\x0f\x47\x50\x62\x59\x15\xcc\x82\x9a\xb6\x82\x2d\x6f\x05\xf6\xd2\xbd\xa0\xa7\xbf\x56\x01\xe9\xa2\xed\x6d\xe9\x60\x37\x1d\x17\xe6\xf4\x37\x09\xc9\x67\x8c\xa7\x43\xad\xfb\xdb\x45"},
+{{0xcc,0xae,0x07,0xd2,0xa0,0x21,0xfe,0x3e,0x6e,0xe2,0x38,0x36,0xa7,0x11,0xb9,0x7b,0x04,0xe0,0xa4,0x41,0xf1,0x69,0x60,0x75,0x72,0x73,0x1c,0xb0,0x8c,0x26,0x94,0x88,},{0xa3,0x22,0x65,0xe5,0x32,0x8a,0x4f,0x49,0xcf,0x06,0xb4,0x67,0xa9,0x8b,0x9f,0x9d,0x5b,0x99,0x7b,0x85,0xdf,0xb7,0x52,0x3c,0xa6,0xa0,0xa1,0xd6,0x27,0xd3,0x28,0x91,},{0x0e,0xec,0x75,0x41,0x05,0x44,0x7f,0x97,0xd4,0xa9,0xcd,0x24,0x6c,0x7e,0xed,0xe3,0xfd,0x06,0x90,0x18,0xf0,0xd0,0x1a,0x41,0xdf,0xab,0xca,0x3e,0x90,0xa7,0x41,0x83,0x5e,0xa4,0xa9,0xd6,0x82,0x34,0x22,0x67,0xb2,0x50,0xfc,0x1c,0x8c,0x54,0x7c,0x89,0x63,0x2d,0x9f,0x68,0x9a,0xf5,0x36,0xc7,0x92,0x90,0x04,0xde,0xd0,0xd9,0x6f,0x09,},"\xa4\xbf\x82\x97\xd0\xdc\x5e\x4c\x92\xbd\x00\xad\x5b\x9c\x09\xb1\x23\x8b\x50\x3d\x61\x91\x16\xef\x74\x26\x03\x78\x34\x9a\x92\x82\xb4\x1f\x3f\x46\x76\xa6\x21\x5e\x3c\xe6\xd0\x22\x38\x48\x0a\x96\x04\x3b\x29\x42\xb3\xfe\xed\x12\x62\x0b\x1f\xa9\x7f\x77\x03\xb3\xeb\x68\x3c\x16\x01\xbd\x2f\x51\x82\x5c\x45\x0d\xf4\xfd\x1f\x33\xb0\xbf\x9c\x23\xc0\x32\x23\x78\x9e\x06\xe2\x4c\xf1\x36\xd3\xb5\x57\x40\x3a\x66\x98\x1f\x4b\x77\x7d\xcf\xe8\x90\xd2\xba\x96\xda\x4a\x47\x42\xae\xed\xdd\x6a\x61\x1d\x05\xfc\x21\x56\x94\xa5\xd8\x9a\x5d\xe6\x76\x0b\x1d\x94\x15\x15\x50\x44\xc0\x49\xcb\x02\x29\x1a\x15\x14\xfa\xa2\xe7\x7d\x2a\xe3\x3d\x44\x58\x5b\xda\xc6\x36\x5b\xf4\x81\xd9\xc9\x78\x33\x93\x7e\xab\x63\x6e\xd6\x57\x42\xa0\xd5\x97\x3b\x24\xd5\x40\x89\xb2\xda\xf0\x84\xd5\x41\x47\x65\x10\x5e\x4e\xca\x14\xaa\xad\xd1\x05\x33\x38\xa8\x47\x05\x05\x23\x2e\x4a\xc6\x33\x34\x5c\x5c\xde\xe1\xe4\x65\x3d\x1d\x93\x58\x3a\xf1\x18\x54\xb1\xd9\xb6\x5f\xc2\x02\x81\x83\x8c\x56\xdf\x11\x48\xf3\x5c\xcf\x9b\xfe\x2f\x3f\x80\xab\x73\xf5\xb7\x91\xcb\xed\x2d\x92\x06\x44\xcf\x03\x16\xf0\xcb\x5d\x36\x62\xb9\x12\x06\x47\xda\x56\xaf\xbe\xb4\x7a\x95\x29\x53\xbc\x1a\x37\xde\x85\x7e\x4b\x39\xfd\x92\xb6\x32\xb8\x51\x59\xf4\x6c\xd0\x5b\x6a\xbc\x23\x38\xd4\x63\x2d\x48\xe9\xa1\x78\x86\x0d\xe8\xf6\x5d\x9b\xc2\x3f\x24\x50\x7b\x7c\x56\x29\xe0\xbd\xaa\xc0\x67\xc4\x76\xc9\xc3\x94\x1d\x86\xf7\x88\x94\x4d\x74\x48\x52\xa6\x1d\xa7\x16\xf9\x5f\x3b\x04\xf0\x78\x3a\x56\x29\x41\xbc\xdd\xa4\x39\x59\x0f\xd1\x86\xb2\xa8\xeb\xf1\x9a\x5a\x7e\x4f\x4a\x3a\xaa\xb7\xa8\x7a\x43\x45\x24\xfb\xc9\x79\x9c\x99\x31\xeb\x8c\xe4\xe3\x4e\x99\xb6\x08\xca\xc9\x4a\xb7\xe7\x44\x95\x66\x8d\xf1\x36\x18\x5f\x48\x7d\x9f\xbc\xb6\x60\x5a\xd7\x25\x34\x54\x03\xec\x57\xf3\xf6\xdb\x36\x4a\x87\xf3\x8f\xea\x4b\x4c\x27\x15\x52\xe9\xf2\xe4\xa1\xbe"},
+{{0xdb,0x5d,0x5f,0x41,0xfd,0xdd,0x67,0x68,0x70,0x97,0x47,0xab,0x82,0x39,0xbb,0x4f,0x42,0xa3,0x1d,0x34,0xb4,0xfa,0x88,0x82,0x4d,0x94,0xbf,0x78,0xd3,0x14,0x92,0x64,},{0x03,0x85,0x8c,0xe6,0xb2,0xd2,0x40,0x79,0xee,0xad,0x66,0xca,0x0d,0xfe,0x77,0x2e,0xcd,0xa9,0xaf,0x4d,0x46,0xbc,0x9b,0x5e,0xdf,0xdc,0x28,0x6b,0x95,0xfe,0x97,0x16,},{0x5b,0x3d,0x0d,0xa7,0x10,0x23,0x55,0x48,0x6b,0xe4,0xd6,0x9c,0xfd,0x65,0x88,0x6c,0x9d,0x9c,0x87,0x38,0xb2,0x93,0xca,0xfb,0x23,0xb2,0x10,0x4b,0xfd,0xac,0x8d,0x7d,0x01,0x29,0x8e,0xeb,0x18,0xfd,0xe3,0xde,0xd6,0x49,0x1d,0x41,0xb4,0x19,0xcc,0x66,0x37,0x52,0xc4,0xe6,0x7d,0xbe,0x89,0x86,0x83,0x3d,0x20,0xe4,0xef,0x34,0x18,0x0b,},"\x67\xee\x03\xde\x45\xc3\xe7\x03\x0d\xb5\x24\x6e\xe5\xb5\x1b\xf2\x98\xbb\xa3\xe4\xd0\x93\x49\x37\xfc\x12\xd9\xa6\x29\x60\x4c\x53\xc0\x70\xe3\x0d\x61\x19\x99\xa9\xcd\xda\xf2\xd9\xac\xda\x6a\x9f\x67\x20\x2b\x35\x23\x69\xd4\x82\x60\xee\xbc\xe0\xe7\x8e\x4d\x5a\xe5\x4f\x67\x75\x21\xf8\x4a\x7b\xe0\x01\x7f\xab\x27\x8b\x2b\x57\x27\x5e\xfc\x5f\xa5\x7c\x61\x71\x86\xfc\x1b\xa4\x9e\xdf\xbd\x33\x08\x63\x48\x78\xd8\x64\xf2\xda\x15\x83\xca\x8d\x56\xce\x9f\xae\x77\xc4\x62\x03\x9a\xbc\x32\xd0\x53\x9c\x0a\x60\xb7\xbb\xba\x50\x29\xe9\x32\x9d\x27\x56\x83\xd9\xc4\xce\x77\xd0\xb9\x08\xad\xe9\x8b\x0e\x32\xb4\x42\x0d\x9a\xee\x2c\xc1\x0e\x4b\xe9\x22\xf9\x57\x25\x82\xdd\x89\x67\x14\x1c\x1d\x40\x2e\x21\x5f\x20\xae\xe0\xa8\x90\xe2\x36\x8e\x40\x6d\xea\x11\xbd\x11\x17\x7f\x2e\x03\x8a\xa2\xf1\xa0\xdf\xf5\x1a\x12\x8d\x95\x5d\x5e\x5f\x8d\x5d\x00\x09\xaa\xa8\x24\x40\xa9\x68\x64\xd6\xc6\x97\xf9\x10\xd1\xdf\x23\x0f\x46\x7f\x0e\x02\xa2\xe0\x2b\xf9\xe4\x5d\xa9\x5f\x25\x54\x10\xcc\x5a\xab\x8d\x85\xf4\x49\xa5\xde\x99\xaa\xbd\x44\xfd\x76\x3e\xc1\x46\x29\xf3\xdb\xab\x1a\x24\x7b\xff\xb7\x17\x46\x48\xe4\x3b\x9f\xb1\xeb\x0d\xf5\xe4\x10\x9b\x7a\x88\xe0\x55\x12\xb2\x08\x65\xba\xd3\x9f\x9e\xa7\x9d\x52\xf5\x18\x8e\x7c\xa5\x19\x44\x05\xbf\xb1\xa0\x97\x27\x61\x7f\x3f\x6c\x88\x19\x20\x08\xed\xbc\x0c\x65\x85\xdb\xf2\x61\xf1\x49\xdf\xfb\x59\x3d\x42\x71\x6e\x5a\x57\x77\xf5\x46\x2b\xee\xb1\xe9\xa5\x6a\x2c\x76\xe6\xcb\x73\x51\x17\xcc\x11\x83\xa3\x8d\x1e\x00\xb3\x03\xd1\x74\xaa\x9c\xf5\xc7\x31\xb2\xc7\x0e\xdd\x79\xcc\x5d\xc9\x6f\x40\x18\xf1\xd7\x1d\x71\x98\xbb\xb7\xd1\x34\xcd\x2f\xf8\xc1\x5f\x9a\x04\x28\x0d\xb2\x6a\x8f\xa9\x99\x7e\xb8\x6b\x13\x3c\x02\x2e\xda\x15\xd8\xad\x5e\x77\xcc\x9f\x62\x61\x59\x60\xba\xc2\xf9\xbb\xc3\xeb\xbd\x19\x8f\x72\xc5\x72\xb9\x71\x56\xfa\x7f\xa2\x29\xa9\x80\x14\xe1\x70"},
+{{0x7f,0x04,0x8d,0xfc,0xc2,0x65,0x0c,0xda,0x59,0x49,0x1d,0x4c,0xe2,0xb2,0x53,0x3a,0xec,0xc8,0x9c,0xc4,0xb3,0x36,0x88,0x51,0x94,0xb7,0xad,0x91,0x7d,0xb5,0xcd,0x14,},{0x08,0x00,0x1b,0x5d,0x40,0x95,0x8b,0xcb,0x27,0x0b,0xee,0xa9,0xba,0xba,0x33,0x87,0xe3,0xa4,0xb9,0x00,0xfc,0x42,0x27,0x56,0x57,0xc6,0xc6,0x91,0xa2,0xe2,0x64,0xf2,},{0x58,0x33,0x70,0x97,0x1d,0x24,0x65,0x2a,0xd2,0x13,0xc4,0x26,0x15,0x91,0x19,0x38,0xfa,0x9a,0xa3,0xd9,0xb7,0x19,0x69,0x40,0xe6,0xeb,0x08,0x15,0x12,0x00,0xc7,0xb6,0x72,0x9d,0x1e,0xff,0x8f,0x4f,0x09,0x04,0x07,0x4d,0xab,0x3d,0xdd,0xa6,0xaf,0x1e,0x4e,0x56,0x2b,0x7d,0x62,0x20,0xc1,0xa5,0x62,0x68,0x3b,0xea,0xb2,0x68,0xf8,0x0e,},"\x91\x75\x19\xcd\xb3\x35\x19\x68\x0b\xca\xe0\x4f\xaa\x79\x07\x71\xce\x7d\x13\x97\xc3\x45\xf1\xb0\x3d\xd7\x62\x57\x76\xf3\xf1\x95\x80\x99\x32\x61\x8b\x1c\x64\xac\xd9\x3a\xd0\x00\xea\xd0\x96\x54\xa3\x3d\x14\xf7\x48\xb4\x6b\x67\xaa\xe0\xff\x12\xdf\x3c\xc1\x63\x28\x0f\x47\xce\xdc\x16\xa8\x57\x90\x34\xe4\x98\x84\x29\x67\x72\xec\xbd\xbb\x71\xca\x29\xc1\x66\x23\x35\x33\xc8\xde\x54\x01\x2b\x41\x2c\xa1\x3c\xc2\x58\xf7\xc5\x46\x5d\x83\x42\x2f\x52\x4e\x4c\x05\xf8\x06\x31\x34\x78\x31\x9f\xd1\x43\xcf\x50\x88\xe6\x98\x37\x69\x7d\x36\x15\xd8\x0a\x7f\xa7\xe7\x44\x3f\xca\x65\xe7\x53\xac\x1b\x11\xd8\xef\xf3\x47\x66\x36\xae\x02\xd7\xa2\x0f\x4b\x23\x88\xda\xd6\x84\x00\x2f\x5c\xe9\x57\xca\xdd\xd2\x05\x3d\x0e\xd5\x33\x13\x2a\x81\xca\x19\xbb\x08\x0b\xd4\x3b\xe9\x32\x02\x8c\xb5\xf6\xb9\x64\xf0\x08\xb5\xb1\xc1\xc5\x99\x3b\xc9\xb5\x48\x5b\x22\xbb\xef\x70\x1f\x0a\x26\xa3\xe6\x75\xea\x31\x12\x2b\xba\xe9\x1d\x86\x4b\x54\xd8\x95\xaf\xdc\x79\xca\x58\xd4\xfe\x44\x92\x13\x35\x3b\x14\x9f\x31\x43\xb5\x14\x4d\x74\x7c\x5b\x46\x97\x47\x9a\xe6\x85\x28\x48\x53\x84\x04\x4a\xa2\xc9\x9b\xa4\xb1\x7b\x18\x4e\x94\x98\x22\x69\xbd\xe2\xde\x0b\x17\x70\x5d\x0b\xfc\x46\xd6\x90\x6a\x90\xed\xef\xe8\x91\x95\xde\x6b\xb8\xf3\xfb\x6a\x37\x41\x86\xc7\xcd\x08\x6d\x13\xd1\xb3\x52\x5a\x39\x94\xdc\x80\x20\xe1\xa0\x05\x54\xac\x8a\x82\xd6\x04\x7c\x5b\xff\x5e\x7f\x12\x45\x0f\x48\x65\xda\x16\x1e\x1a\x02\x1f\xd9\xbe\x8b\xd3\x3a\x32\xbb\x54\xa4\xdd\xf8\x74\x51\x2e\x74\xb5\xcf\xd3\xfc\x3c\xd9\xac\x11\xed\xd8\x78\x43\x36\x68\xe3\xfc\xc7\x82\xb9\x7b\x6d\x90\x5a\xdb\x0e\xbe\xc4\x2c\x92\x54\xac\x90\xf3\x58\x22\xc0\x0f\x97\xff\x3f\x0c\x7c\x39\xed\x3c\x7c\xb3\x92\x0f\x56\x08\xbb\x45\x83\x8b\xb2\x42\xa5\x2a\x86\x37\xd7\xce\xcd\xcf\x48\x9f\xa1\x83\xb4\x54\x51\xc6\xc9\xfc\xbb\xbf\x91\x4f\x5f\x7e\x6b\x22\x3b\xcb\x46\x75"},
+{{0x9f,0xeb,0x3d,0xf8,0x8c,0x49,0x4a,0x99,0x84,0x9c,0x6f,0xca,0x19,0x42,0x01,0x47,0x7a,0x2f,0xa7,0x56,0x4e,0x29,0xfb,0x06,0xcb,0x44,0xc1,0x15,0x4e,0x8c,0xea,0x3a,},{0xc3,0x56,0x28,0xca,0x6e,0xe2,0x8e,0xc1,0xc2,0x39,0xdd,0xc5,0xbb,0xa2,0xa9,0xe0,0x9e,0x48,0x46,0x81,0x6b,0x14,0x3c,0x74,0xdf,0xa2,0xae,0xc1,0xf6,0x25,0x51,0xb6,},{0xa1,0xc2,0x60,0x78,0x35,0xbe,0xc1,0xa1,0xd8,0x78,0x72,0xfd,0x8e,0xe4,0x88,0xd0,0xae,0x9e,0xd2,0x3d,0x49,0xfd,0x67,0x86,0xfc,0x49,0x96,0x72,0x5e,0x49,0xb3,0x26,0x21,0x18,0xba,0xbb,0x48,0x34,0x87,0x7c,0x7f,0x78,0xfb,0xea,0xc0,0x2d,0xf4,0x0a,0xb0,0x91,0xb8,0xb4,0x20,0xdc,0x99,0x51,0x38,0x1e,0x3b,0xcd,0xa0,0x67,0x05,0x02,},"\x95\xfb\x75\x81\xbd\x25\xff\xd4\x42\xc3\xae\x38\xa1\x9b\xea\x73\x49\xc7\xb7\x68\x3b\xa6\x76\x7e\x14\x8f\x0a\xfc\x15\x37\x3f\x67\xc1\x6d\x47\x17\x81\x20\x2e\x6d\xa8\x05\x4e\xd7\xfb\x9e\xe2\x04\xcc\x0f\x63\xc2\x10\xa6\x70\xa5\xf9\xce\xd4\x29\x45\x88\x19\x63\x30\xd3\x1b\x8e\x83\x92\xbe\xf6\xb4\x8f\xe3\xc9\x20\x78\xfa\xe1\x12\x84\xb4\xc3\xba\x20\xd9\x37\xe2\x71\x9d\xe7\xbf\x67\xc0\x06\x69\xad\x23\xe6\x13\x84\xeb\xdf\x8c\x6e\x60\x73\x54\x28\xc0\x84\xfe\x21\x7f\xdb\x47\x09\xcc\xb6\x08\x3f\xc0\xae\x4a\x05\x27\x3e\xef\x73\x90\x23\xd3\x4b\xb7\x3f\x66\x2d\xac\xdf\x11\x0b\x6d\xbd\x3e\x74\xfc\x14\x91\xe8\xc9\x65\x96\x07\x5f\xae\x5c\x36\xaa\xbe\x2a\x0a\x53\x05\x2b\xf7\x7c\x44\x62\x43\x80\x63\xaa\x7b\xc0\xc5\x0a\xb9\x20\xc9\xeb\x28\x86\x71\x56\x0c\xa5\xba\x7a\xf4\x4a\x53\xdb\x2e\x2f\xf4\x3c\xa5\x60\x69\xea\x55\x17\xcb\x21\x4e\x76\xfa\xa5\x3d\xbd\xa1\x00\x00\x3c\x4f\x61\x75\x41\x40\x41\xbe\x74\xde\x22\xce\x15\x5d\x22\x81\xb6\xf4\x03\x5b\xe3\x98\x41\xaf\xdb\x96\xdd\x89\xaa\x80\x8e\x68\x65\xba\xe6\x2d\x6b\xed\xd9\x19\xd3\xe8\x65\x10\xb9\xfa\x5f\xed\xd1\x97\x7c\x41\x31\xb2\xb8\x6e\x0f\x48\xd7\x21\x5e\xb1\x3d\x54\x98\xca\x5d\x23\x68\xf8\x18\x95\xed\x85\x5a\x52\x71\x24\x65\x7e\xc9\x53\x9e\xfe\x3b\x24\x99\xa3\xb0\xb3\x38\x26\x2f\x26\x34\x0e\x22\x55\x4c\x79\xf4\xfa\xd2\xb4\xe4\x19\xc7\x0b\xc1\xa2\x10\x7d\x20\x64\x56\xb6\x36\x87\x81\xbe\x4b\x5e\x2c\x54\xda\x42\xd3\x36\x04\x0f\xb7\xba\x49\xc3\x2d\x75\x23\x21\xad\xcd\x92\x98\x6e\x78\xbe\xdb\x22\x6c\xea\xc5\x02\x92\x08\x9b\xb5\x79\x02\x7f\x70\x22\x17\x74\x5a\xfe\x06\xa5\xbe\x13\x6b\x39\x98\xa3\x60\x4c\x9f\xf2\xac\xd6\xfa\x3f\x3f\x71\x63\x3d\x31\x02\xfb\xf0\x30\x47\xc5\x48\x6f\x84\xc4\xdc\x24\x47\xd8\x63\x79\x63\x83\xd5\x5f\x08\xc9\x81\xfd\x4d\xd7\xdc\x1c\xb7\x2b\x8b\xa4\x43\x5a\xf6\xab\xdd\x74\xe6\xf6\xe6\x79\x8f\x1a\xe2"},
+{{0xbf,0xf6,0x89,0x55,0xdd,0x6a,0xe0,0xe8,0xba,0x85,0xab,0x0d,0x0c,0xda,0xf0,0x4a,0x9f,0x5b,0xef,0xd5,0xef,0x60,0x14,0xf4,0x99,0x94,0xa7,0x83,0x63,0xdc,0x17,0xf7,},{0x0a,0xd9,0x49,0x3a,0xf8,0x0b,0x15,0xf0,0x7a,0x52,0x1c,0xcd,0x67,0x4f,0xe9,0xe5,0x21,0x2a,0x4a,0x28,0xc1,0x7c,0x74,0xf6,0x60,0x5f,0xfe,0xf7,0x8a,0x4a,0xed,0x72,},{0x93,0x19,0xee,0xf7,0x40,0x63,0x3a,0xda,0x1a,0xf0,0xe1,0x37,0x64,0x4c,0x61,0xfb,0x3e,0x11,0xba,0x4b,0x01,0xd3,0xc6,0xf2,0x53,0x92,0xdc,0x93,0x67,0x87,0x2a,0x23,0xbe,0x56,0x31,0x0d,0x31,0x2e,0xfc,0xb9,0x1b,0xdb,0xab,0x78,0xa7,0x5e,0x57,0x6e,0xbe,0x90,0x81,0x97,0x24,0x15,0xf5,0x62,0xdb,0x41,0xba,0xf5,0xe2,0x33,0x8b,0x07,},"\xd8\xf5\x65\x0a\xa3\x58\x1c\x4d\x39\xbd\x1b\x8a\xfc\x96\xc1\xad\x7c\x4b\xf7\x23\x42\x6f\x9d\x7f\xab\xd1\xa5\xc8\xac\x1d\x2f\xe5\x4a\x97\x1f\xac\x76\x5e\x05\xaf\x6e\x40\x7d\x72\x69\xba\xb6\x61\xb3\x43\x22\x92\xa4\x84\xf9\x52\xc1\x10\x95\xbb\xd2\x0a\x15\xd7\x7c\x41\xf8\xf3\x73\x1a\x50\x4d\x51\x8e\xe1\x0c\xd0\x06\xc9\x6e\xe5\x73\x72\xde\x5b\xea\x34\x8e\xc8\xba\x15\x91\x62\x17\x0c\x63\xe9\x70\xf1\xc7\xa3\x46\x5a\x3d\x59\x2e\x1d\x56\xc6\x54\x0f\xbd\xb6\x02\x28\xe3\x40\x90\x96\x46\x32\x0c\x95\xf2\x56\x98\xcd\x48\x96\xbd\xff\x58\xe2\x56\x1e\x3b\x3d\x9a\x73\xb8\x97\x47\x91\x2a\x1c\xf4\x67\xd6\x3e\x41\x45\x5f\xda\x77\x47\x7f\x46\xfe\x69\x37\xbb\x0e\x79\xd9\x2c\xcd\x52\xe8\x2d\xba\x90\x8a\x05\xa5\x7c\x7e\xcf\x49\x55\x4a\xb4\x4c\x0b\x71\x8e\x3b\xdd\x5f\xc0\xbf\x70\x70\xd9\xc5\x8f\x86\x05\x91\xc1\x8b\xca\x8b\x3a\x9a\x14\x8a\x06\x54\x8e\x0f\x01\x60\x2b\x1e\x6f\x68\x60\x37\xc9\x4f\xf7\x32\xe1\x55\xd5\x2d\x5b\x0b\x44\x70\x3b\x3d\x11\x16\x3e\x3f\x56\xe3\xb9\xc1\xb8\x64\x76\xe4\xdc\xbf\xc5\x3f\xa0\x59\x84\xe8\xc7\x5d\xd2\x18\x43\xcf\x96\xf9\xe4\x94\xab\xba\xe7\x18\x4a\xa4\x27\x36\x63\x3e\x38\x11\xae\xff\x40\x2b\x2f\xcb\x7d\x7f\x70\x2e\x44\x72\x41\xe2\x2a\x58\x84\x2f\xd6\xd0\xc0\x3d\x33\xff\x5b\x8c\x79\x22\x00\xe1\x73\xda\xa7\xb2\x17\xe4\xb2\xf4\x43\x3e\x6c\x02\x0a\xcc\xe5\x01\xb9\x32\x3a\xa0\x24\x11\x44\x43\x4b\x08\xe9\xd2\x46\x91\x39\xff\x67\x34\x22\x08\x90\x05\x46\x20\x0f\xd9\x71\xa6\x5d\xbd\x6d\xb6\xc2\x1e\x3e\xf9\x17\x2a\xbb\xa1\xea\x9e\xa2\xa2\x49\xad\xdf\x1a\x1e\xaa\x3c\xe1\x19\x38\xb1\x3e\x30\x91\x3c\xd0\xda\xd4\x91\xfc\xbb\x32\x85\xea\x37\x8b\x8e\xf9\x22\x7f\x3f\xa8\x0b\x58\x6e\xcf\xea\xe1\x37\x06\x6f\x84\x48\xac\xdf\xb7\x8d\x6d\x3e\x9e\xf4\xa6\xb3\x62\xdf\x42\x41\xad\x9a\xe2\x53\xb8\xe1\x59\x7d\x65\x6e\x00\x0c\xea\x44\x7a\x02\xfa\x49\x33\x32\x86\x09\xbb\xa0"},
+{{0x1b,0xa9,0x19,0xc0,0x66,0xbb,0x56,0xe6,0x40,0xc3,0x33,0x59,0x68,0xe1,0xd1,0xb5,0xbc,0xc0,0x93,0x38,0x3e,0x2d,0x7c,0xf8,0xb5,0xff,0xf5,0xc6,0x1e,0xc4,0x7a,0x77,},{0x80,0x4c,0x90,0xbd,0xc2,0xb3,0x61,0x8b,0x01,0xf0,0x75,0xe0,0x41,0xfa,0x97,0x1b,0x83,0xc5,0xb6,0xcf,0xa3,0xb6,0xb3,0x97,0x4f,0x3f,0xa4,0x35,0x99,0xbe,0xac,0xab,},{0x50,0x3e,0xb7,0xed,0x6d,0xe1,0xb7,0x76,0xc9,0x52,0xf2,0x55,0xbb,0xd4,0xbc,0xfb,0x0e,0x48,0xbc,0x70,0xc2,0xcc,0x2f,0x1f,0x72,0xbf,0x68,0x81,0x47,0x90,0x40,0xc4,0x75,0x24,0xec,0x54,0x2a,0xe1,0x3f,0x60,0x05,0xca,0x50,0x16,0xb5,0x8b,0x73,0x6a,0x50,0x89,0x8d,0xd0,0x56,0x9d,0x4d,0x38,0xad,0x29,0x86,0x30,0xd6,0x8a,0xdb,0x0b,},"\x87\xc5\xc7\x5d\x8a\xd0\x7d\x52\xac\xd7\x81\xd1\xbb\x95\xf7\x8c\x70\xe2\x1c\x2d\xd6\x6f\x7a\xa4\x42\x34\x15\x2f\x98\x23\x4d\x12\x83\x58\xa8\xae\xe9\x8e\xa9\x03\xa7\x7b\x44\x1d\xb1\x44\x7a\xe6\xff\x34\x32\xdd\xd4\x57\x0f\x7f\x58\x03\x61\x22\xc1\xfd\xcc\x93\xcb\x21\x57\x37\x39\xc1\x9c\xca\xa4\x11\x50\x8e\x08\xde\x26\x06\xf3\xd8\xf2\xdb\x89\xdf\x6a\x44\xa4\x61\x33\xd5\x70\x18\x46\x26\x27\xe2\x2f\x57\xef\x36\xd1\xde\x02\x4d\xe3\xd4\xae\x41\xb7\x52\xdf\x48\x21\x15\x59\x34\xb4\x47\xb2\xef\xfe\x51\x24\x87\x52\x1b\xe0\x35\x68\x32\xa7\x4c\xe0\xe2\xd8\x30\x1b\x79\xf9\x31\x75\xe8\xb6\xb9\x61\xb1\xdf\x63\x7d\x8a\xca\xdc\x88\x45\x43\xc6\x86\x4f\x80\x25\xec\xec\xec\x7c\x6e\x4f\xe0\xfe\xcf\xc4\x0d\xcd\x95\xe8\xd6\xab\x93\xce\x25\x59\x53\x84\x43\x6b\x59\x8b\x73\xc7\x4b\x03\xd4\x9e\xd5\x00\x2c\x0f\x85\x8c\xfd\x9d\x0d\xf6\x1e\xde\x93\x7c\xc4\x16\x59\xd6\x70\x8b\x96\xfc\x5a\xaa\xde\xe1\x09\xe2\xa6\x88\x46\xba\xf2\xc2\x46\xdf\xcf\x3d\x27\xc2\x8b\xd1\x37\x1e\x35\xfc\x94\x12\x63\x14\x42\xee\x75\xf3\x8c\x6e\x49\x58\x07\x0a\x74\xf6\xe6\xa2\x20\xf7\x5c\x72\x80\xea\xb4\x73\x7d\x97\xe3\x78\x82\xf3\x62\x48\x11\x67\x5f\x16\xca\xf6\x0c\xb9\x44\xbc\xe9\x2e\x75\x88\x4c\x56\x48\x3c\x61\xf2\x6b\x63\x71\xb1\xb5\x12\x37\x62\x1a\x06\x54\x3e\xb4\xab\xea\x7b\xec\xc4\xfc\x31\xdb\xb5\x47\x5b\x3d\xeb\x9b\xb3\xc8\x99\x23\x87\x10\x48\x30\xc6\x07\x2a\xfe\x1a\xf2\x44\xbf\x68\x1a\x40\x32\x9c\x9b\x37\x77\x2b\x09\xc5\xe8\x8e\x78\xf7\xdf\xfb\xc0\x45\x49\xff\xa1\x3b\x41\x44\xdd\xfa\x53\x8f\xc4\xb3\x30\x05\x40\xad\x83\x02\x15\xe2\x5f\x11\x44\x6d\x28\x9f\x33\x12\x2c\x2c\x88\x0d\xe3\xda\x71\xc4\x53\xd7\xe8\x8f\x7c\xa4\xea\x3d\x12\x55\xe8\x2f\x4b\xc9\xe5\x53\x3d\xc4\x01\xc3\x30\x40\xe1\x69\x40\xb2\xcf\x9c\xf2\x1f\xea\xca\x1c\x2c\x6c\x33\x33\x7c\xf7\x5e\x18\x84\xb4\x83\xbf\x80\x15\x36\xd3\x04\x08\x91\x15\xa0"},
+{{0x9b,0x36,0x24,0x7c,0x17,0x71,0x0e,0x95,0x26,0x1a,0x7d,0x70,0x2f,0x57,0xfe,0x81,0xf2,0x97,0x11,0x17,0xa5,0x0c,0x87,0x92,0x01,0x93,0xb3,0x86,0xd4,0x94,0xca,0x97,},{0x29,0xae,0x39,0xf2,0x73,0xe3,0x5f,0xb3,0xf6,0x11,0xda,0x09,0x16,0x00,0x65,0x0e,0xfb,0xc4,0xfc,0x4d,0x1e,0x7b,0x4c,0x76,0xac,0xed,0x5a,0x83,0xf8,0x26,0x34,0xf3,},{0x03,0x59,0x70,0xa6,0x72,0xe9,0x3f,0x87,0xeb,0x42,0xcc,0x39,0x6f,0x6e,0xa7,0xe1,0xb3,0xdd,0x5c,0x59,0x51,0x57,0x28,0x26,0xd1,0x07,0x5a,0x15,0xc2,0xd7,0xe4,0x54,0xdf,0x19,0x5b,0x51,0xaa,0xe8,0xdc,0x61,0xef,0x7a,0xb8,0x95,0x48,0x5f,0x64,0xe5,0x98,0x95,0x73,0xd9,0x8a,0x06,0x2e,0x67,0xae,0x73,0x56,0xfe,0x5c,0x9e,0x3b,0x0f,},"\xe8\xd9\xd5\x3b\xa2\x7e\x98\xed\xd5\x5d\xf3\xc6\xb2\x45\xea\xcd\xdc\x8a\x40\xe3\xef\xb0\x07\xbc\x91\x8e\xc5\xa8\x69\x17\x8a\x17\x0b\xb4\xa6\x35\xb7\xf8\xf7\x42\xe3\x7a\xd4\x5d\x14\xa7\x43\x44\xa6\xb5\x22\x83\x0a\x52\x21\x06\xeb\x96\x0d\xaf\x19\x2d\xc1\xe0\xfd\x70\xf1\x61\x60\xe1\x22\x51\x68\x92\xd0\xe2\xab\xd0\xd4\xae\x0f\x0d\x2e\x5a\xdc\xc9\x9a\xd5\x53\x02\xe2\x51\xb3\xe7\xa4\xd0\xcb\x33\x77\x4a\x49\x70\x49\x90\x5c\x33\xde\x1f\xbb\xc1\xad\x2b\x6c\x64\x52\x95\xfe\x41\x6b\x4d\x12\xb2\x32\xef\xe0\xa3\x3c\xd2\xad\x87\x32\xeb\xa1\xc3\xcb\x0e\xae\xb0\xb2\xa5\x7f\xa0\x3e\xc5\x67\xca\x29\x21\x0b\xf6\xff\x95\x42\xa7\x66\xf4\x96\xfe\x68\x05\x8a\xa9\x83\x80\x6c\xbe\x7a\xb1\x0a\x47\x92\x0b\xac\x82\x48\x81\x8e\x54\xa4\x15\x51\xc9\xa0\x95\x9e\x89\x94\xca\xc6\x0f\xc8\x68\xad\x48\xb5\xa2\x4d\x5f\x24\xa7\xa5\xa3\xfd\x90\xb8\x47\xe8\x17\xad\x3d\xd5\xd0\xd6\xf8\xde\x2d\x20\x4f\x64\x24\x83\xbd\x53\x58\x5a\x92\xef\x92\x54\x15\xa9\xb3\x8f\xbb\xf0\x7f\xc0\xf3\x5e\x70\x75\x69\xcf\x48\x8b\x20\x54\x53\xce\x54\x33\xeb\xa6\xfd\xe8\x78\x1a\xf7\x2b\x52\xbf\xbc\xab\x85\xea\xd3\x85\xd9\xd3\x17\x5e\x21\xad\x33\x73\xad\x53\x5c\xf0\xe3\x57\xed\x6b\x53\x83\xef\x38\x29\xa9\xd5\x09\x5b\x87\xdc\x9a\xad\xbe\x0c\xa7\xab\xad\xf3\x3e\xc3\xb6\xff\xd6\xeb\x94\xaf\xdc\xc1\x2e\x8d\x66\xa6\xfc\x05\xac\xf9\x73\x68\xdb\x0f\x69\x56\x5d\xcd\x8f\xef\x4d\x1e\x49\xd7\xdd\x4a\xc0\x53\xc2\x18\xf5\x24\x0c\x81\x2d\x4e\xbb\xa4\x40\xdc\x54\xca\xcd\xdb\x1c\x39\x32\x9e\x5b\xd0\xc3\xc8\x0d\xc3\x25\x9a\x80\xf0\x59\xf9\x46\x79\xaa\x07\x94\xca\x01\x15\xcc\x62\xaf\x25\xe1\x24\xcb\x8a\x9d\x41\x60\xea\xce\x6d\x22\xc7\xb1\xc4\x45\x44\xf8\x11\x42\xa1\x9e\xbb\x02\xa9\xbd\xa6\x42\x9c\x50\xe7\x83\xdb\x4a\x07\xf0\x21\x9e\x85\x7c\x8d\x3c\x56\x55\xa5\x82\x83\x1c\x8e\xab\xc3\xf1\x9b\x59\xad\x8d\x2c\x71\x4a\xde\xaf\x40\x39\xd5\xcf\x70"},
+{{0x6f,0xed,0xe7,0x39,0x6c,0x46,0x20,0x33,0x18,0x9a,0xcd,0x23,0xd2,0xf9,0xd0,0x2b,0x68,0x89,0x8d,0x35,0xf3,0xa0,0x1a,0x79,0x8f,0xc2,0x4d,0x48,0x8d,0xe9,0x3a,0x78,},{0xb3,0x40,0x62,0x06,0x0b,0x2c,0x20,0x07,0x6a,0x98,0xfe,0xa9,0x39,0xb3,0xb3,0xa5,0x04,0x51,0xa5,0xf4,0x9f,0x83,0x51,0xc0,0xad,0x75,0x91,0xdb,0xbe,0xbb,0x13,0x0f,},{0x88,0xa8,0x3e,0x20,0x12,0xd2,0x09,0xca,0x03,0xb8,0xeb,0xf6,0xde,0x5b,0xb7,0xef,0x4c,0xcb,0x5e,0x3d,0xf5,0xca,0xc7,0x89,0x54,0xaa,0x69,0x49,0x30,0xe4,0xde,0x82,0x54,0x4e,0xf5,0x08,0x3c,0x48,0x92,0xdb,0x9f,0x05,0xd7,0x7b,0xf6,0x3f,0x4f,0xdf,0xce,0x15,0xa4,0xd1,0xc3,0xf8,0x5b,0xae,0x80,0x77,0x06,0x2b,0xec,0x0e,0x7b,0x07,},"\x5a\xbc\xc1\x4b\x9d\x85\x78\xde\x08\x32\x1d\xe0\xd4\x15\xe3\xd4\x0e\x9d\xe3\x1e\x18\x88\x13\x74\x75\xce\x62\xbc\x6f\xbe\xe8\xfd\xd0\x3b\x9d\x47\xc7\xb8\x8b\xbc\xeb\x80\x44\x44\x49\x0b\xf6\xa3\xcc\xb7\xa2\x73\x26\x1e\x24\x00\x4e\xa6\x7c\xef\xa3\xd5\xd1\x73\x57\x6d\x01\xe3\x8f\x76\xc1\xe0\xe5\x15\x08\x3c\x97\xe7\x99\x14\xac\xf2\xbe\x41\x60\xef\x93\x60\xbb\xe9\x86\xb3\x6e\x9f\xf9\x33\x46\xb0\xe7\x06\x91\xd9\x34\xe4\x7f\x8a\x50\x3f\xa9\x33\xab\x2a\x50\x42\x69\x47\xcd\xa8\xe8\x10\xc9\xeb\xe3\xb3\x69\x82\xf0\x9a\xee\x60\x92\x73\x9f\xa2\x35\x8b\x61\x3c\x7f\x12\x9d\xb0\xdc\xbe\x36\x8b\xee\x52\xf2\xf7\xf1\xdf\xe3\xd2\x43\x46\x05\xb5\xaf\xcf\x25\x60\x71\x71\x7d\x92\x4f\xd0\x80\x3b\xbd\x0d\xd1\xf9\x55\x5c\xe8\x34\xda\xc7\x81\xdf\x4c\xc7\xaa\x19\xe7\xf1\x1d\xa9\xfb\x99\xcb\x9e\x6b\x9e\x1e\x6f\xb4\xf7\xe8\xdc\xb2\x23\x6c\x28\xae\xb6\xcb\xc5\x5a\x13\x0e\x03\xc1\xb1\x7a\x99\x1c\xca\x1b\x79\x4e\x6c\x13\x73\x2d\x5b\x0a\x66\xf6\xeb\xa8\x60\xec\xb9\x85\x55\xaa\x4c\x21\x8d\x11\x2b\x11\x6b\xce\x23\x82\x95\xde\x14\x27\x41\xf6\x87\xbe\x0b\x24\x87\xf5\x8f\xfc\x5c\x12\xa0\xa5\x19\xf1\xe2\x37\x93\x24\x2e\xf8\x57\xed\x39\x8a\x20\x69\x9d\x43\x51\x45\x3f\xc2\xf0\x92\x76\x2a\xbd\xe3\x4f\x4d\xa2\xdb\xe0\xce\x2a\xab\xaf\x6b\xc4\xc0\x15\x9f\x3f\xe1\xae\xa1\x6a\x03\x6f\x7e\xae\xcd\x62\x95\x38\xf3\xe0\xee\xd8\x3c\x9a\x4d\xc1\xab\xc2\x38\xf9\x0d\xaa\xf4\x89\xfd\x61\xb3\x4d\x93\x7b\x6f\x46\x07\xa7\x88\xba\xa8\x20\x61\x94\x3d\xba\xb2\x6c\x1d\x38\x4d\x8d\x49\xf9\x93\x48\x80\x0b\xf3\x61\xf8\x71\xf5\xd6\xcd\xa1\x8f\x68\x99\x18\xce\xc3\x1a\xd1\x58\xf1\x86\x3d\x13\xff\xac\x54\x05\xc1\x62\xc3\x2d\xe0\x6e\x32\x99\x4c\xc4\x10\x6f\x95\xbb\x4f\xff\xdb\xef\xe7\xd6\x29\xec\x77\x97\x39\x46\x09\xfd\xbf\xea\xdb\x46\x92\x73\x70\xa1\x1f\xb3\x84\x71\x54\x0f\x95\x1b\x93\xc6\xeb\x23\x86\x68\xdc\x00\x6c\x21\x66\x0b\xa2"},
+{{0xd5,0x59,0x58,0x01,0x34,0xab,0x05,0x0a,0xca,0x44,0x6e,0xa7,0x75,0x0e,0xf6,0xb3,0x71,0xd9,0x2d,0x76,0x45,0xec,0x76,0x35,0xfe,0x78,0x51,0x10,0x0b,0xc4,0xe5,0x1e,},{0xde,0x50,0x20,0xcd,0x21,0xa8,0xb3,0x23,0x39,0xde,0xcb,0xed,0xff,0x24,0x66,0x4d,0x95,0x80,0x32,0x63,0x27,0xae,0xdf,0x09,0xc5,0xec,0x6b,0x3f,0xe5,0x40,0x52,0x26,},{0x6f,0xcb,0x1a,0xc9,0x29,0x0a,0xb7,0x67,0xd5,0x9b,0x59,0x8c,0x9a,0x24,0xec,0xdb,0x6c,0x05,0xbb,0x02,0x3e,0xc3,0x60,0x14,0xa4,0x0d,0x90,0x8e,0xf0,0xdc,0x37,0x8a,0x45,0x28,0xb3,0x76,0x0d,0x88,0x9a,0x79,0x17,0x4e,0x21,0xca,0xe3,0x5d,0xf4,0x5d,0x42,0x7b,0xa6,0xea,0x81,0x2b,0xdd,0xca,0x16,0xe3,0x5a,0x69,0xb5,0xe7,0x9f,0x0a,},"\x68\x42\xe3\x19\x0a\x11\x0e\xee\x96\xc5\x07\xd4\xbc\xb4\xc5\x48\xc3\xa0\xed\x7b\x1a\x8e\xd7\x7d\xd9\x3b\x38\x61\x3b\x23\xc7\x3e\x83\x0b\x20\x5e\x62\x65\x19\x21\xad\x82\x96\xb0\x8d\x1e\x10\x08\xad\x78\xf2\x99\x6e\x3c\x7f\x38\x03\x2e\x46\x7c\xff\xec\xd7\x7b\x85\x25\xe2\x43\xce\xc0\x21\xf8\x52\x96\xaf\xd5\x45\xd7\xbe\x1a\x62\x56\x8b\xb0\xcf\xcd\xb9\x0d\x61\x4e\xd7\x98\xbf\xb7\xef\xc6\x55\x32\x68\x16\xa6\x10\x82\x25\x1d\xf0\x16\x13\xaa\xc8\x8e\xfc\xea\x1e\x0e\xa2\x96\x1b\x8f\x92\x1e\xbe\x15\x58\xde\xe8\x33\x74\xa0\x11\x3a\x78\xc5\x58\x57\xce\x20\x55\xbb\x2c\x48\xba\xdb\xd3\xd8\xf4\xcb\x19\x73\x4d\x00\xd0\x60\x4b\x61\x90\x73\x02\x0d\x72\xa9\x9a\x19\x23\xe6\x16\x0a\x09\x94\x65\x67\xfd\x4b\xda\x66\x44\x2e\xf5\xa7\x36\x07\x86\xd1\x78\xda\xe4\x49\x22\xf3\x50\xce\x2e\xdc\x6a\xf7\x3d\x1b\xd8\x0d\xc0\x3e\xc3\xca\x70\x05\xf4\x10\x9d\x10\xc6\xd4\xf7\xd8\xfa\x61\x73\x51\x10\xf8\xdb\xae\xdf\x91\xa0\xba\xd7\xd7\xfb\x5c\x04\xd7\x06\x37\x3c\x15\xc6\x45\x06\x3f\xf4\xb4\xfb\xd2\xd5\x59\xb0\xaf\xad\x43\x2d\x4c\x49\x6c\xd8\xab\xfe\xa2\x86\xfa\x67\x5d\xc0\x76\x72\x6e\xc5\x22\xb3\xa3\xc2\xf4\x7a\xec\xc5\x39\xf4\x8a\x79\x21\x69\xc4\xcc\x8c\xd4\x1c\xd2\xcb\x6b\x63\xdd\xbc\x19\x37\x3a\xc9\x69\x1c\x2b\xc2\xf7\x8f\x22\x60\x3d\x55\x13\x71\x5a\x16\xd4\x57\x4e\x7a\xcc\x4b\xea\x6d\xcd\x8c\xa7\xf1\x98\x65\xa4\x9d\x36\x64\xa2\x10\xdf\xad\x29\x07\x74\xb1\x0b\x71\x88\xf2\x55\xb3\xbe\x4d\xc8\xfa\x86\xf8\xda\x3f\x73\xa4\xe7\xc9\x29\x95\x1d\xf3\x0f\xe6\x6a\x17\xc8\xce\xe2\x3e\x4f\x2e\xd2\x06\x3f\x0b\x02\xab\x40\x37\x2c\xbe\x54\xb9\xa7\x08\xdf\x7c\x48\xa0\x65\x66\xd3\x9b\x19\x43\x4c\x6c\x76\x69\x87\xb3\xeb\xb0\x06\x75\xf4\x4c\x4b\x3c\x1e\x9f\x45\x04\xe7\xa9\x27\x05\x89\xc0\xd0\xf4\xcb\x73\x42\x35\xa5\x8e\xf0\x74\xcf\x9d\xec\xf3\x60\x1a\xee\xca\x9f\x1d\x8e\x35\x6c\xb2\xdb\x5f\xce\x79\xcb\xc3\x61\x43\xf3\x4b"},
+{{0x9d,0x4c,0xe9,0x75,0x54,0x78,0x76,0x63,0x6f,0xea,0x25,0x43,0x7c,0x28,0x80,0xc9,0xaa,0x8e,0xe6,0xb2,0x70,0xd1,0xb2,0xda,0x19,0x7c,0x8d,0x7f,0x95,0xe7,0xdc,0xcc,},{0xbd,0xe4,0x99,0x3c,0x03,0x04,0x77,0xc3,0x58,0x90,0xaa,0xe8,0x2b,0xb5,0x08,0x7e,0x91,0x4e,0x64,0xb9,0x4f,0xfc,0x64,0xe2,0xd7,0xa5,0xa7,0xc9,0x19,0xe2,0xd9,0x02,},{0xbe,0x17,0x44,0x4c,0xd4,0x65,0xa8,0x7a,0x97,0x1d,0xf8,0x4e,0xb1,0x02,0xf9,0xc7,0xa6,0x26,0xa7,0xc4,0xff,0x7a,0xea,0x51,0xd3,0x2c,0x81,0x35,0x3d,0x5d,0xbc,0x07,0x39,0x3c,0xa0,0x3d,0xb8,0x97,0xd1,0xff,0x09,0x94,0x5c,0x4d,0x91,0xd9,0x8c,0x9d,0x91,0xac,0xbd,0xc7,0xcc,0x7f,0x34,0x14,0x4d,0x4d,0x69,0xeb,0x04,0xd8,0x1f,0x0c,},"\xea\x0f\xa3\x2a\x4a\x28\x88\x11\x30\x1b\x9e\xe5\x33\xfa\x35\x1f\xdf\xbf\x6b\xc1\xd0\x55\x5a\x74\x02\x76\x7a\x3a\x91\x98\x55\x8f\x74\xbb\xa7\x03\x18\x57\x99\x5b\x9f\x32\x62\x26\xf1\xdd\x5d\xf1\x07\xb0\x63\x42\x20\x3e\xb8\xd4\x0c\x5f\x1d\xc9\x5b\x4f\x3f\x88\x97\x5a\xa2\x4a\xf8\x76\x9e\x26\x70\xc4\x66\x71\xbe\xbb\x7a\x0f\x1b\x75\x68\x72\x9a\xee\x47\x7e\x89\x88\xaf\x9c\x74\x9f\x32\x02\x70\x81\x71\xfd\x94\xb3\x37\xae\x67\xed\x21\xa6\xc4\x41\x74\x01\x4b\x0b\x0e\xb5\xba\x71\xc2\x77\x97\x8d\x48\x8c\x24\xc4\xa7\x84\x13\x09\x84\x6b\x4e\x30\xa4\xfb\xbc\xfc\x45\x07\x8d\x7e\x14\x01\x41\x14\xb1\xac\x64\xf7\xc3\x3c\x9a\xc2\x5e\xa5\x62\x6c\x2c\x81\x9f\xba\xa2\xa4\xde\x8a\x2b\xf5\xf1\x36\x5d\x6b\x70\x40\x7e\x80\x94\xf9\x91\x97\xce\x1f\x0c\x35\xe1\x1a\x98\xfb\xe3\x72\x41\x4e\xa2\x06\x4a\x3a\x12\xd1\xcd\x5c\x8d\xf8\xfc\x0e\x79\xf5\xb7\x70\xb5\x8f\x47\x7f\x91\x97\x6c\xa0\x13\x98\x95\x12\x0e\x24\x6b\xaa\xb5\xa0\x26\xf2\xd3\x9c\x68\x7d\xc0\x78\x83\x34\xb5\xc6\x26\xd5\x2c\xde\xbe\x05\xea\xf3\x08\x64\xb4\x13\xee\xbd\xc5\x58\x1e\xf0\x0d\x43\x92\x76\xe5\x2f\x47\x9c\x9c\x05\xb1\x16\x39\x58\x26\xb6\x04\x90\xb3\xce\x70\x0c\xc0\x02\x7f\x61\xe4\x6c\xa2\xf6\xfb\xc2\xc9\xde\x2e\x80\x08\x06\x55\x0a\xfb\x06\xd4\xa0\x8e\xac\x7a\x75\x8e\x24\x58\x2a\x4d\x6d\x42\x8b\x43\x3d\x36\x5f\xc3\x1d\x44\x44\x60\x7a\xfb\x64\xf1\x5e\x37\x07\x94\x00\x5a\x3a\x22\x44\xe6\x66\xd5\xd4\xc3\x8a\xd2\x00\x9c\x76\x9a\x51\xcd\xbf\x73\x8d\x23\x59\x42\xf4\x12\xd0\x7f\xee\xb7\x3b\x36\x57\xd0\xb0\xc9\x1c\xb5\x94\x0b\xad\x6a\x70\x6e\x14\xed\xcd\xc3\x42\x25\xb1\xc1\xf3\x8b\x1a\xbe\xcb\x2a\xdc\xaf\x81\x91\x55\xa9\x4f\xe1\x90\xfd\x55\x68\x22\xd5\x59\xd9\xc4\x70\x85\x4d\x3a\x43\xbf\xb8\x68\xda\xdd\x6e\x44\x3d\x98\xee\x87\xe4\xd8\x28\x4f\x5c\xf3\xa6\xda\xfa\xf2\x95\xb9\x02\x83\x6c\x64\x05\x11\xe6\x10\xae\x7d\x0c\xb1\xb1\xd3\xd6\x07\x9f\xe6"},
+{{0x02,0x73,0x86,0x82,0x32,0xf5,0xbe,0x48,0x59,0x2c,0xfa,0x05,0x13,0x4e,0x8d,0x55,0x54,0xed,0x1f,0x9a,0x57,0xbc,0x7e,0x39,0x82,0xa3,0x30,0xc5,0x7e,0x5a,0x7f,0x3a,},{0xf1,0x72,0x20,0x87,0x82,0xdb,0x66,0xd4,0x66,0xcb,0xe4,0xf4,0x41,0x7f,0x6f,0xc4,0x77,0xb7,0x34,0x9f,0x2a,0x98,0xdb,0x56,0xc0,0x3a,0x47,0x22,0x75,0x46,0xbc,0x5a,},{0x15,0xe8,0xd8,0xdc,0x7d,0x5d,0x25,0x35,0x9d,0x6a,0x10,0xd0,0x4e,0xe4,0x19,0x18,0xa9,0xc9,0xdf,0x4c,0x87,0xbe,0x26,0x9f,0xa8,0x32,0x43,0x4d,0x53,0x01,0xdb,0x02,0x24,0x81,0xbf,0xa3,0x95,0xa3,0xe3,0x46,0x6f,0x95,0x54,0xce,0xee,0x05,0x32,0xa8,0x18,0x3a,0x0d,0x05,0x50,0xe7,0xd1,0xab,0xe9,0x9f,0xc6,0x94,0xc6,0xff,0x93,0x01,},"\xf7\xa1\xd4\x61\x4c\xc6\x4a\x3b\xc4\x8f\x00\xc6\x27\x63\x04\xf3\x4d\x4d\xfd\x15\xe0\x61\x7b\x93\xcc\xef\x12\x6c\x5c\x63\x8c\x9d\x99\x53\xaa\xbb\x7d\xf4\x2d\xf4\xe0\xaa\xa7\xea\xc9\x6a\x4b\x38\xc7\xba\x75\x8d\x86\x0c\x90\xd0\x5e\x3d\x14\xe4\x79\xe5\x45\xf3\x19\xb0\xe5\xa8\x5a\xd8\xf0\x99\x1b\x43\xd6\xe4\x9c\x24\xfa\x06\x0e\x3e\x5d\xf9\x5c\x98\xd9\x45\x1a\xb8\x33\xe1\x2a\xa9\x7f\x40\x46\x11\xbb\xa3\x59\x49\x62\x65\xa6\xdb\x11\x91\x7d\x0d\xa5\xc6\xa7\x02\xd0\xb1\x02\xde\x36\xdd\x0c\x98\xdf\x5b\x54\x80\x6c\xe6\x26\xbb\x96\x37\x44\x75\xf6\x8a\x60\x60\xeb\x35\x0a\x7d\x2a\xae\x32\x04\xb3\xdf\xdf\x9f\x1e\x31\xbe\x81\xf7\x17\x0f\x8a\x1b\x93\x85\x41\x3f\xf8\xf6\x88\x1e\x10\xc1\xe8\xda\x4c\x88\xaf\xb5\x06\x39\xab\x44\x88\x7a\xca\x2a\xbe\xec\xed\xf1\x10\xd2\x95\x8c\x13\xfd\x33\x90\xd1\xb9\x6a\x76\x2d\x16\xce\x19\x69\x20\xce\x85\xf6\xc4\x15\xbe\xd5\x45\xb1\x44\x53\x02\xa6\xf0\x01\xeb\x8d\x00\xe9\x7c\x75\x18\x87\x86\x8d\x48\x1a\x0b\x1e\x4d\xfa\x04\xb6\xf7\x61\x08\x6e\xe8\xe6\x97\xb0\x19\xe0\x17\x10\x4b\xaf\xb9\x8f\xca\x24\x2e\x33\x4c\x6f\x18\xf1\xdb\x5b\x6f\x29\x5f\x05\xc5\x59\x36\x1c\x68\x31\xda\xbc\x42\xc2\x11\x07\x03\xf9\xd1\xf6\x4e\x12\xdd\xf2\x6a\x86\x79\x85\x4e\x9f\x8e\xf8\x47\x9e\x1f\x12\xc3\x54\x47\xaa\xc0\x2e\xa7\xf2\x42\xe5\x86\x32\xcf\x2f\xd0\x63\xfe\x66\x50\x70\x44\x5b\x80\xf3\xdc\x6a\x33\x03\xbb\xa9\x6e\x05\xfa\x88\xee\xc2\x01\xc5\xc2\xd0\x0c\xa8\x1b\x8d\xa6\x96\x9d\x0a\x4d\xd0\x48\x3b\x34\x77\xd3\x25\xa7\x1f\xac\xd6\xfa\x22\x09\xb4\x8c\xb4\xf6\x52\x5d\xa7\x3c\x9c\x05\xb2\xd9\x78\x9b\x01\x44\x8e\x15\x27\xe5\x6a\x09\xa9\xbc\x61\x36\xd9\x83\x72\x43\xc2\x07\x7b\x92\x5b\xbb\x93\x3f\x8f\xb1\xda\xac\x96\x33\x98\xc5\x80\x2a\xed\xa3\xbb\xca\x8a\xe3\xb8\xf4\xa9\xa8\x71\xf7\xea\x8e\x2c\x0c\xe8\x98\xc5\x66\x21\x7b\x5c\x06\xff\x55\xff\x9f\x4f\xe7\x83\x98\xae\x79\x73\x64\x1e\xaf\xb5\x21"},
+{{0x33,0x6a,0x83,0xb5,0x5a,0xbf,0x4c,0x02,0xe2,0x5e,0x54,0x03,0x29,0xb5,0x27,0x58,0x43,0xc2,0xec,0xb8,0xdf,0x69,0x39,0x5b,0x5a,0x5e,0x24,0x1b,0xd0,0xd8,0xc1,0x0d,},{0xdd,0x60,0x56,0x98,0x44,0x57,0x0c,0x9f,0x0a,0x82,0x64,0x3f,0x44,0x64,0x78,0xb5,0xac,0x6f,0xc5,0x42,0x21,0x42,0x31,0xa7,0xca,0x65,0x6a,0x92,0xb5,0xfd,0xaa,0x54,},{0xd2,0x63,0xf5,0x6d,0x59,0xcb,0x9b,0x28,0x96,0xa9,0x47,0x26,0x7c,0x2e,0xd7,0x8a,0x94,0x5b,0xac,0x5a,0xbd,0xbf,0x3c,0x14,0xdc,0x3a,0xd0,0x92,0xb2,0x30,0x8c,0xb9,0x31,0x5c,0x46,0x49,0x42,0xa0,0xa2,0x0b,0x20,0x24,0x51,0x1d,0x76,0x6e,0x85,0xc9,0x36,0x49,0x9a,0x14,0x9c,0xd0,0xbb,0xb2,0x09,0x15,0x0a,0x16,0x43,0x26,0x52,0x00,},"\x9a\xfe\xe8\xab\x48\x20\x10\xe2\x92\x64\xb4\x06\xd9\xb4\x94\x53\xd1\xce\x6d\x55\x09\x39\x07\x21\x82\x86\x3e\x46\x65\x28\x4a\xb0\x5d\x86\x25\x8e\x06\x23\xb1\x87\x54\xc4\x78\x52\x38\xf6\x97\xf0\x75\xad\xfb\x9e\x1d\x31\xa4\x2e\x85\x93\x4e\xc0\x71\xdd\xdd\xec\xc2\xe6\xc2\xf6\x13\x34\xa7\x95\x26\x78\x8b\x49\x52\x19\x07\x16\x90\x6d\xde\x17\xfb\xa5\x56\xee\xa4\xc8\xb5\x97\x27\x51\x4f\x6f\x56\x15\xa1\x9c\xa3\x6d\xa3\x58\xfa\xe6\xa6\xc5\x4f\x7f\x4b\x7a\x92\x9e\x31\xba\x7c\xc7\x1b\xde\x78\x82\xfa\x9f\xfd\x87\x30\x01\x36\x40\x9c\xaf\x3c\xa6\x4e\xef\xea\x61\x6a\xed\x58\xda\x5d\xfb\xf2\x8b\x66\x8e\xc1\xcc\xcf\xfc\xef\x6e\x2e\x14\xf8\x10\x9e\x9c\xbf\x76\xcf\xa4\x14\xf9\x1a\xc0\x0f\x48\xe9\x3e\xad\xa3\x85\xdd\x3d\x5c\x16\xe1\xa3\x9e\xa3\xdd\x55\xc7\x61\xfc\xa3\x61\xb4\x28\xf5\x16\xc0\x5e\x69\x4f\xe5\xc3\xc3\x45\xcd\x94\x45\x71\x87\xa8\xe6\x04\xb2\x00\xa1\xa0\xf9\x37\xae\x89\xf4\xd6\xb5\x42\x1d\xff\xcf\x7c\xa1\x5f\x2e\x2c\x25\x37\x8a\x41\x13\x23\x3f\x76\x13\xf4\x57\x0a\xa4\xb9\x09\xa9\x13\x5e\xae\x4c\x7b\x9e\xad\x45\x80\x07\xae\x17\x12\x6a\x11\xd1\x45\x25\x8a\xf9\x56\x3d\xb2\xf7\xe8\x92\x54\x31\x87\x8b\x0e\xec\xa8\xaf\xfc\x01\xac\x59\x13\xbf\x5b\xac\x4f\xa3\xa8\x57\xc5\x4c\xc8\x90\x6d\x6a\xf7\x7d\xe6\xb9\x32\x6b\x65\x06\x15\x10\x99\xe8\x7e\x99\xb1\xe8\x19\xc6\xfb\xe0\x82\x68\x8f\x34\xb8\x03\xd5\x88\xe4\x16\xd8\x53\x16\x97\x65\xd6\x2f\x7e\x0b\xdf\x72\xc5\xcd\x66\x66\x9a\x03\x35\x56\x23\x36\x73\x5e\x7e\xfb\x73\x4a\x2f\xad\xa3\x27\xf8\x58\xbe\xc6\x02\xd0\xda\x08\xeb\xa4\x47\x9e\x7f\x6d\xc4\xde\xf6\xe4\xeb\xdb\xb7\x30\xee\x91\xa3\x34\x45\xca\xdc\x9d\xf5\x2c\x82\x5a\xd3\x61\x49\xce\xfb\xc5\x1a\xb1\x02\x03\x35\x30\x81\x4b\xaf\xa7\xe8\x79\x61\xb0\x63\x67\xff\x89\x6f\x08\xae\x33\x4a\x9b\x1a\xad\x70\x3d\xa6\x86\x70\x6c\x11\xa0\x49\x43\xea\x75\xe1\x29\x92\xdc\xf6\x10\x6e\x37\x20\x77\xcd\x03\x11\x02\x9f"},
+{{0x88,0x40,0x91,0x72,0x61,0x8b,0x49,0x03,0x93,0xdb,0x27,0xd9,0x60,0x17,0x1c,0xbc,0x18,0x7e,0xaf,0x4d,0xd8,0xb3,0x20,0xb3,0xd2,0xf8,0x24,0x98,0x00,0x43,0x71,0x8f,},{0xce,0x2e,0x7c,0x58,0x39,0xef,0x56,0x32,0xa1,0x23,0xdc,0x37,0x3d,0xc1,0x4b,0x1f,0x05,0x05,0x76,0x6e,0x96,0x75,0x40,0x76,0x04,0xca,0x7c,0xf5,0x4e,0x8d,0x44,0xb2,},{0x93,0xb6,0xe2,0x9d,0x63,0x94,0x5d,0x5c,0x42,0x73,0x87,0xd0,0x06,0xc7,0xf0,0xb0,0x19,0x56,0xa9,0x5f,0xc0,0x43,0x6e,0xd4,0x2b,0x46,0xd0,0xf1,0x7b,0x5b,0xb1,0x93,0xea,0x8c,0x0e,0xbb,0xf3,0xd6,0xd1,0x3b,0xb5,0x39,0xe3,0x5c,0x91,0xf3,0xf0,0xf9,0xfa,0x34,0x14,0xa0,0x22,0x3c,0x90,0x60,0xba,0xc8,0x36,0x53,0xc6,0xfc,0xd9,0x06,},"\xfb\x3e\x82\xf1\x1b\xc2\x86\x26\x7e\x12\x38\x17\xad\x88\x64\xe0\x77\xd9\xf7\xa8\xe7\xa1\x63\xac\x7e\xea\xf9\x3d\x55\xdd\x11\x1d\xe8\x08\x3b\x66\xb5\x3c\xe7\xbc\x77\x1f\xc5\x07\x1a\x2d\x7a\xc2\xf8\x5d\x6f\xc6\xad\xcf\xce\xc4\x46\xe1\x6a\xa1\x04\x6d\xf3\x72\x09\xad\x7a\x29\xcf\x96\x65\xb4\x39\xa5\x4d\x6f\x8d\x94\x2f\x89\xbd\xaa\x56\xf2\xf1\x12\x60\xcc\x95\x99\x30\x38\xb0\xe8\xfb\xdb\x32\x14\xf1\x42\xe6\xc9\x0b\x61\xa1\xd2\xb1\x42\x07\x62\x06\xaf\x30\xac\x35\x78\x4a\x6d\xc1\x5a\x1e\x79\x25\x1a\x8c\x77\x31\xa1\xc5\x39\x78\x03\x8f\x8d\x76\xd7\x0c\x6c\x1c\xdf\x52\x9f\xbd\xb8\x4d\x15\x07\xdc\xff\xdd\x42\x87\x3d\xfa\x6a\x8f\xe6\xbd\x6f\x7f\xd2\x9c\x80\xe4\xb2\xf9\x33\xd2\xb6\xc9\xe6\x2c\x94\x57\xe6\x65\x47\x26\x55\x05\x9b\x63\xb6\x18\xe2\xa9\xa8\xe5\xb9\xe4\x1c\x36\x46\x17\x3a\x89\x2b\x8e\x6d\x4b\xca\xd6\xa6\x2a\x6f\xcc\xd3\x45\x58\x90\xb5\x8e\xc2\x68\x1a\x95\xcc\x97\x76\xa9\xfc\xe8\x3c\x54\xa9\xef\x31\x2a\x33\x19\x59\xc7\xef\x3f\x79\xee\x57\x6e\xb7\xb7\x94\x69\xc9\x23\x4b\x1e\xae\xf6\x09\x88\x47\x08\xfe\x4b\xb0\xef\xac\x66\x2d\xa8\x71\xba\x61\xdd\xab\xb3\xfc\xbd\xeb\x8f\x63\x56\x57\xdd\x9a\x5d\x73\x11\xe6\x39\xa8\x24\x85\x8b\x9a\x98\x68\xd3\xf9\x38\x4d\xa6\x12\xc7\xf2\xe7\x71\xa4\x6b\xd2\x62\x4c\x99\xea\x2b\x6c\xcb\xca\x99\x6c\x1d\x9c\x37\x55\x54\xf2\xa5\x51\x61\x9c\xe6\xd5\xe6\xe4\xd6\xb8\x44\xa4\xdb\xea\x83\xba\x73\x23\x31\xfc\xf4\x65\x72\xc1\xfb\x0e\x25\x7c\xe1\x04\x1b\x26\x5d\xf0\x2e\x69\x0a\x92\x81\x4b\xbf\x3b\x5e\xca\xc6\x9e\xe9\x98\x76\x6a\x02\xb0\xd2\xf9\x08\xb3\xc1\x5f\x95\x26\x99\x61\x6f\x2c\x07\xd5\x89\x19\x89\x89\xe6\x05\x6c\x16\x31\x9a\xab\x6c\xf8\x77\x19\x02\xc0\x78\x04\x6a\x88\xb2\x57\x0c\x13\xbc\x5e\xde\xba\x2e\xd1\xe3\xba\x13\x1d\xaf\x94\xe6\x89\x18\x62\xbb\x3d\xe7\xd1\x06\x3f\xe4\x05\x30\x7a\x5c\xd9\x75\x69\x3e\x9d\x58\xe1\x7c\x69\x0e\xee\xf4\xa2\x60\x3c\xaf\xc6\x8c\x2b"},
+{{0xe5,0x71,0x18,0x9b,0x5c,0xd9,0xe7,0x88,0x30,0x2d,0xe3,0x91,0x9d,0x85,0x0c,0x22,0x7d,0xcb,0xb6,0x15,0x02,0x2e,0x56,0x8b,0xda,0xeb,0x37,0xac,0x5b,0x29,0x39,0xc5,},{0xed,0xda,0x89,0x0f,0x42,0xdd,0x5f,0xbc,0x73,0x16,0xa5,0xfa,0xdf,0xbe,0xc3,0x85,0x56,0xf2,0x3f,0x51,0xb8,0xef,0xd2,0x62,0x54,0x37,0xf6,0xb5,0x06,0x9f,0x1e,0xe5,},{0x7f,0x79,0x7a,0x31,0x71,0x5d,0x7c,0x35,0x6f,0x8f,0x1f,0x78,0x37,0x00,0xaa,0x99,0x74,0xbb,0x93,0x6d,0x66,0x16,0x61,0xad,0x96,0x8c,0x7c,0xde,0x1a,0xc9,0xe7,0x67,0xbe,0x56,0xa2,0xdd,0x49,0xb9,0x23,0x0e,0x90,0x11,0x0c,0x67,0xc0,0xed,0x18,0x7c,0xb7,0xe7,0x5c,0x30,0x53,0xec,0xe8,0x44,0x98,0x4d,0x29,0x6f,0x0d,0x85,0xcb,0x07,},"\xb6\x2c\x86\x7a\xd6\x22\x74\x35\xbf\xa6\xda\xb8\x30\x68\x4e\x38\xd1\x96\xe1\xf8\x61\xaa\xde\x0f\xd6\xa7\x69\x9b\x6d\x60\x90\x1f\xef\xb2\xd7\x99\xc3\x5c\x6f\x3d\x8b\xb9\x4d\xee\xe8\x34\x40\x39\x81\x86\x6b\xab\x84\x94\x6a\xe9\x47\x6c\x75\xe9\xf1\xd3\x60\x2b\x42\xcb\x2d\xb4\x37\xbf\xf3\x3a\x77\x58\x22\xf0\xd6\xa2\x57\xd4\xb7\x54\x00\xeb\xa5\xb8\xab\xb3\x14\xb7\x1f\xc6\xb4\x6f\x8a\x34\xe8\x61\xa9\xa6\x2a\xbf\x33\xde\x84\x82\xf6\x3f\x9d\x71\x69\xe7\x73\xa2\xdc\xeb\xee\x03\x70\x5d\xac\x11\x7f\xd1\x49\x9b\x68\xe7\x41\x4f\x51\xff\x94\x37\xf2\x53\xa1\xd9\x90\x1e\xc3\xb0\xbb\xa8\x69\x65\xa1\x93\x83\x65\x54\x87\xb5\x80\x10\xf8\x04\x90\x9d\xe1\xff\xb2\x21\x2c\x02\x52\xdd\xd9\xbf\x2a\x56\xac\x46\xbd\x59\xc0\xc3\x4d\xd5\x9e\x46\x59\x8b\x6b\xab\xd4\xe5\xf3\xff\xfd\xe5\x5e\x48\xda\xb0\x39\x8c\x22\xaf\x9e\x26\xba\xdd\xf7\x72\x75\xe5\xf0\x17\xb3\x5a\x9b\x8f\x84\x35\xf9\x63\x19\x36\xb3\x91\xcb\x95\xd7\xad\xf3\x5d\x1d\x85\x45\xa0\xfd\x06\x64\x12\xd5\x08\x96\x7b\xbe\x9a\x20\x24\x5a\x26\x9e\x3b\xe2\x77\x71\x17\xe7\x5f\xba\xc1\x70\xdb\xa3\x52\xbe\x69\xb2\x54\xd3\x53\xb3\xb2\xcb\x3b\x7e\x21\xb7\x21\xaa\x9f\xe0\x44\xf8\x91\x6b\x4b\x2a\x6f\x8c\x28\xf8\xab\xe6\x6a\xc9\x2b\x91\x32\x3a\xc7\x3a\xfd\x93\xdf\xbe\xea\xee\xf2\x6d\x19\xbd\x9f\x67\xe9\x9d\x48\xcd\x2a\xd2\xd3\xe5\x5e\x45\xd2\x4d\x54\xb5\x0f\x44\xa3\x9b\x90\xe2\x42\xeb\xe9\xb4\x2b\xeb\xdb\x23\x0c\x47\x0b\xdf\xde\x1b\xc7\x72\x1c\x31\x20\x00\x84\x77\x39\x3d\xcc\x2e\x15\xfd\x22\xb2\x51\xfe\xb0\xe1\x8b\x02\x88\x3c\x07\x8a\xee\x4f\xb7\x60\x65\x5a\x67\x1d\xc7\xb8\xaa\xdb\x9a\x56\x24\x20\xa3\xc2\xef\xa2\xd3\x42\xe1\xe0\x09\x9d\x95\x1b\x42\x24\x29\x84\xf5\x94\xe6\x91\x4f\xe2\x82\xb1\xee\x12\x87\x35\x98\x4e\xf9\x3a\x66\x9e\x6e\xcb\xa2\x6c\x9f\xcb\x9f\x09\xf0\x92\x56\x64\x56\x17\xf1\x39\x2d\x35\x90\x89\x17\xcb\x8d\x29\xe0\x89\x7c\x75\x03\xcd\xdd\x5d\xe1\x95\x96\x86"},
+{{0x37,0x17,0x44,0xab,0x63,0xc1,0x15,0x61,0x39,0x29,0xa3,0x43,0x70,0x9b,0xb0,0x19,0xb7,0x35,0x7d,0xff,0x72,0xd2,0xa1,0x49,0xf1,0xd0,0xf7,0x1d,0x3a,0x20,0x1e,0xfe,},{0xe5,0x8a,0xbf,0xad,0x4a,0x13,0x85,0x9f,0x0a,0xcb,0x05,0xd0,0xe4,0x7d,0x59,0x63,0x8f,0x7b,0x1b,0x49,0x36,0x10,0x0b,0x98,0x8d,0x61,0xe6,0xe7,0x0e,0x22,0x66,0x7d,},{0x5e,0xae,0x4a,0xc7,0x2a,0xf0,0x17,0x4a,0xb2,0x56,0x52,0x7b,0x7c,0xd3,0x37,0xa0,0xe5,0x48,0x2e,0x61,0x5a,0xf0,0x68,0xdb,0x21,0xda,0xe3,0x5a,0x64,0x64,0x07,0x42,0x60,0x4d,0xf7,0x3f,0xd4,0xca,0x02,0xed,0x95,0x15,0xa5,0x60,0x8d,0x73,0x19,0x52,0x30,0xfa,0xdc,0xa7,0xb4,0x26,0xf0,0x2a,0x2f,0xbf,0xd0,0x20,0x61,0xaf,0x36,0x00,},"\xc2\x19\xde\x1e\x8d\x7a\xd8\xdf\x08\xc4\x93\x77\x39\x6f\xe7\xc1\xf2\xd5\x7b\xd2\x17\x06\x33\xa0\x0d\x70\x8f\xaa\xde\xe1\x80\xce\xba\x92\x84\x9a\x77\x78\x50\x6c\xbb\x36\x68\x75\xbf\x91\x24\x70\x18\x94\xce\xcd\xb3\x38\x51\x47\xd0\x67\x18\x43\x92\x2a\x64\x9a\xff\x7c\x43\x5e\xb5\xa9\xc7\x49\x27\x50\x30\x72\xd0\x06\x79\x78\x71\x6d\xc8\x0b\xe1\x54\x5a\x2d\xbf\x5a\x1c\x38\x53\x6e\x12\xbd\x77\x20\xc1\x96\x5d\x38\x03\xa4\xe8\xaa\x55\x76\x51\x92\xa1\x3b\x70\x5c\xa1\x05\x9d\xed\x0e\x80\x63\x62\xfc\x5b\xbe\x6c\x76\xa1\xc9\x67\x4b\xb8\x53\x79\x0f\x7e\x90\xaf\x00\x75\x3e\x00\x43\x6d\xa4\x8c\xd0\x82\xea\xd6\x4f\xdd\xb6\x89\x89\x01\x62\x08\x2f\x84\x82\x92\x4f\x33\xac\xd6\x04\x64\x0f\x69\x92\x73\x52\xb4\x3f\x64\x40\x2d\x27\xa8\x83\xfa\x6b\x72\xaa\x70\xd2\x41\xdf\xfa\xa1\x70\x1a\x25\xcf\x10\x79\x35\x82\x60\x79\x38\x75\xf7\x6a\x29\x78\xe9\xf9\xf9\xd6\x86\x34\xeb\x3f\x5f\x01\xbd\xe1\xce\x49\xe5\x92\x12\x52\xf9\x49\xf0\x82\x79\x5e\x4e\xaf\xed\x7b\xe5\xb4\x9a\x9f\x95\xed\xbb\x4a\x13\x53\x2e\x3f\x3b\x3b\xe6\x2e\x26\x52\x23\x12\x53\xa2\x0c\x1d\x54\x77\xe8\xf4\xbc\x57\xed\x76\xfa\x19\xea\xf0\x3a\x11\xbb\xa4\x29\xb6\x49\x6c\xe7\x62\x46\x17\x0e\x04\x3b\xc1\x4f\x2d\x2f\x70\x3d\x96\x8f\x1d\xeb\x09\x38\x87\x15\xc3\x7c\xb4\x75\x2d\xa8\xd4\x64\xe3\x48\xe0\x31\x3c\x89\x93\xe2\x41\x33\xa7\xc5\x45\x28\x4e\x3c\x9c\x90\x7d\x01\xb2\x60\xc4\x88\x3f\x9c\xb3\xe3\xdc\x5b\x6f\x7f\xb6\xd7\x55\x36\x36\x5f\x21\x32\xea\xed\xda\xb5\x70\xe7\x27\x3a\xfa\xc0\xbf\xf5\xc9\xfc\x0b\x82\x0f\x20\x78\xe0\x33\x60\x52\xe1\xfe\x7b\xde\xc8\x66\x74\xd0\x99\x8e\xc7\x8d\xa1\xc3\xf3\x47\x51\xf8\x86\x72\x76\x95\xf3\x5e\xca\x13\x04\xb1\x47\x34\x76\x6a\xb0\x5c\x11\x86\x30\x6d\xed\x9d\xb3\xee\xf6\x5d\x3c\x04\x56\xcd\xae\x81\x81\xaf\xee\x04\xb2\x96\xc6\x72\x2a\x88\xc7\xef\x30\x88\xd2\x6f\x7f\xe7\x4b\xc8\x9c\xf5\x28\x5c\x68\x8f\x02\x7b\x7e\x68\x60\x04\x86\xaf"},
+{{0x49,0x8b,0x6e,0xe6,0x49,0x2d,0x53,0x23,0x1b,0x35,0x32,0xd1,0x93,0x57,0x8b,0xa7,0x5d,0x6a,0x89,0x4e,0x2e,0x53,0x00,0x34,0xe2,0x1a,0xb8,0xad,0x8d,0x2c,0x0d,0x1f,},{0xd1,0x24,0x66,0x5b,0x28,0xfa,0xcd,0x2d,0x17,0x94,0x6a,0x04,0xdf,0xe3,0xd1,0x29,0xa4,0x56,0x1a,0x2b,0x24,0xeb,0x32,0x6d,0x84,0xb6,0x2b,0x42,0x2e,0x44,0xdb,0xcf,},{0x11,0x2f,0x5c,0x6d,0x3b,0xcb,0x3d,0xd9,0x93,0x46,0xd3,0x2a,0xd6,0x9c,0xbf,0xac,0x3e,0x65,0x3b,0xef,0x29,0xc6,0x8a,0x33,0xf4,0x32,0x31,0xf6,0x6c,0xea,0x1d,0x0a,0x19,0x54,0x27,0xd6,0xe1,0x0c,0x0e,0x77,0xc5,0xd5,0x5f,0xe2,0x79,0x42,0x87,0xee,0x32,0xe5,0xe2,0x2b,0xaf,0xbb,0xd8,0x05,0x2a,0xd3,0x60,0x6b,0x90,0xf9,0x45,0x05,},"\x04\x98\xa5\x9b\x87\xcd\xae\x28\x69\x55\x47\xe1\x08\x63\xbc\xe8\x04\xd9\x7d\xe0\xac\x80\x08\xf3\xd5\xfb\x65\x2c\x17\x57\x41\x9f\xdc\x9e\x0f\x97\x36\xf4\xc5\x9a\x34\xf2\x1c\xfc\x74\x59\x9f\xa7\x88\xfc\xc1\x0c\x67\x30\xc7\xdf\x8c\x3d\x2c\x1b\x6a\x78\x6d\x12\x30\xb6\x55\x85\x71\x9d\x1c\xb5\xc4\x90\x35\x9b\x94\x43\x5d\x6d\xd6\x71\xf5\x4d\x6e\x9a\x19\xb9\xb5\xaa\xad\x7e\x0f\x23\x3f\x87\x97\xdf\x99\x78\x28\xd8\x8c\xd9\x2e\xf0\x89\xef\x7d\xbf\x1e\x95\x27\x78\x94\xa2\xf7\xc2\xfd\x0c\x8e\x4d\xfd\xfa\x6d\x3d\x14\x58\x9f\xf0\x19\x16\xdb\xf9\xdd\xd8\x11\xc2\xf5\xe0\x1e\x94\x29\x89\x90\xa1\x45\xa6\xcf\xc2\x68\x95\x61\x4c\x7c\x96\x3f\xef\x30\x8a\x4e\x38\x56\xc3\x2d\xd3\xe3\x59\xbc\x56\xd2\xcc\xa4\x96\xad\x19\x9f\xf1\xa5\x68\xd6\x43\x0a\xc5\xcd\x20\x8e\x0e\x2d\x07\x80\x3c\xa5\x23\xe0\xd8\x13\xad\x37\x33\xab\x50\xbd\xca\xdc\xb9\x88\xae\xe7\x58\xea\x50\x43\x9b\xf3\x8e\xe6\x49\x99\x76\x04\xf1\x51\xc6\x02\xc8\x29\x00\xa8\x20\x5d\x8f\x6f\x67\x0c\x86\x84\xbf\x5a\xbb\x5f\x75\xff\x29\xa3\x7e\xb9\xbf\x81\x05\x19\x9f\xbb\xfb\x47\x07\xe1\x62\xe6\x4c\x71\x52\x70\xf8\x53\xe6\x48\xb0\xaa\x26\xfe\xa0\xf6\xdb\x56\x28\x96\xbf\x42\x4a\x9f\xfc\xb2\x92\xfa\xe8\x5b\x76\xce\xfb\x8b\xd5\xa4\xb3\xce\x1f\xb3\x9b\xd2\xa5\x0d\x0c\x9e\x6d\x93\x3e\x16\x7f\xf6\x29\xb8\xa4\x94\xf2\xa9\xb7\x74\xeb\x30\x3c\x78\x1e\xa0\x2a\xff\x1a\x8a\xfa\xdc\x24\x65\xcc\x61\x69\x68\x01\x5e\xd6\xa5\xa3\x3c\x31\x20\xb9\x45\xed\x53\x51\x98\x1e\x32\xfb\x9f\xb9\x6b\x22\x12\xdc\xf8\xfe\x9a\xc5\x6e\x3c\xf4\x1d\xc5\x24\xf8\x00\x63\x10\x20\xb0\x25\x91\x91\x78\xce\x07\x4e\xef\x07\x8d\x68\x42\x01\x2a\x27\x6e\xfa\x62\x8d\xb5\x40\x58\xd1\xeb\x5b\x5b\x70\x5f\x1e\x18\x18\xd2\xdf\x51\x64\xba\xab\xb0\xc6\x19\x56\xec\xdb\x8c\x70\x6e\x56\x2f\xc4\xfd\x64\x05\x28\x70\x53\x0a\xe4\x25\xb2\x21\xf8\x9d\xd6\xf9\x0d\xab\x88\x2e\x76\x3e\x7a\x7f\xfa\x14\x1b\xba\xa8\xbf\x7a\x3f\x21\xb0"},
+{{0xce,0xfc,0xfc,0xd1,0xcf,0xf4,0xd8,0x91,0x07,0x49,0x27,0x91,0x31,0x83,0x0b,0x1d,0xa1,0x9d,0xfc,0x52,0x45,0xf7,0x8c,0xa6,0x8b,0x8c,0x3c,0x1b,0x62,0x2b,0x45,0x51,},{0x1d,0x39,0x4a,0xbd,0x1b,0x4e,0xd1,0xae,0xdf,0x96,0x6a,0x60,0xef,0xd3,0xff,0x88,0x21,0x40,0xa7,0xe5,0x6b,0x42,0x83,0x74,0xec,0xb4,0x43,0x28,0x9a,0x9c,0x7f,0x00,},{0x7d,0x83,0xff,0x66,0xec,0x79,0x30,0x7b,0x1c,0x0c,0x09,0x3f,0xda,0x39,0x68,0xa9,0x6c,0xf6,0x04,0x4f,0x5c,0x80,0x28,0x88,0x58,0x40,0x18,0x84,0x5e,0x7c,0xaf,0x2a,0x13,0x5a,0xc6,0xf1,0x67,0x7e,0x84,0xd2,0x2e,0x45,0x8e,0x22,0x7e,0x4f,0x93,0x02,0x09,0x91,0x9b,0xc1,0x1b,0x12,0xf7,0xaa,0xf2,0xb8,0xc9,0x43,0x02,0xd6,0x42,0x00,},"\x5e\xc9\x4e\xd0\x6f\xc1\x25\x7a\xe9\xc1\x83\xce\x56\x27\x12\x07\xac\xa3\x7a\x23\xfd\xb4\xb0\xe7\x4a\xc9\x30\x7a\x1b\xb1\x12\xe0\x5e\xd5\xa5\xd0\x47\xc9\x31\x09\xe2\xe5\x94\x77\xb0\x33\x78\x34\x64\x22\xde\x36\x71\x4c\x29\x61\xbb\x97\x36\xa5\x13\xca\x36\x71\xc6\x03\xa6\x8c\x2b\xe7\x31\x7b\x1b\x52\xa0\x76\xda\xe2\xaf\xf7\xbc\x88\xcd\x5e\xea\x0a\xa2\x68\xfa\xaa\xda\xe5\x39\xc9\x38\xbb\x4f\xd4\xb6\x06\x9b\x19\x45\xeb\x6a\xf0\xc9\xe6\xc8\xaa\x5e\xe4\xa4\xaf\x37\xe9\x0c\x67\xe2\x48\xe8\xd2\x7b\xd7\xf9\x58\x9c\x4d\x30\xe9\x05\x65\x1b\xaf\x45\x36\x4f\xa0\x49\x95\x7e\xa5\xd9\xb7\x14\x6c\xa6\x82\x04\xe5\xe9\x73\xd0\xf1\xc9\x1a\x1c\x4b\xde\xd6\x61\x15\x02\x8a\x71\x11\x4f\x0f\x4f\x85\x1b\xd1\x15\xfa\xeb\x95\x4e\x3f\x71\xa0\x14\x70\xb2\x48\x1a\x00\x98\xd9\x9f\x9d\x74\x89\x8c\x8b\xa0\x28\x7c\xc7\x83\x41\x55\x21\x41\x73\xd1\xfc\xba\xfc\xfe\x9b\x08\x25\x03\x84\x43\x94\x76\x05\x58\x83\x83\x38\x16\xc9\x52\x4c\xfd\x57\x44\xaa\xa2\x59\xdb\x7e\xbd\x3a\x6a\xa2\x0b\x5a\x65\x46\xda\xde\xfd\x14\x06\x68\xeb\x0e\xcc\xb5\xf6\x68\xdb\x9f\xc6\x29\x83\xdf\x98\x08\x50\xc9\xd1\x98\x82\xa1\x75\x50\xd5\xdc\xa3\x54\x2c\xd3\x60\x03\xa0\xd0\x3c\xff\xb0\x45\x75\xa3\xe8\xe1\xd0\x70\x15\xc7\xb3\x0e\xca\x91\x15\xcd\x2b\x72\xe4\x6d\xfd\xdf\x6a\x4d\xda\x1f\xaa\x2d\xbd\xc8\x90\x00\xd4\x33\xf6\xec\x9a\xdc\x46\x14\x6d\x93\x9f\x32\x12\x1b\x99\xb2\x89\x83\xd9\x8b\x9d\xde\x8c\x3f\x6e\x57\x79\xf2\xb0\x70\x0c\xb0\x23\xdb\x13\xde\x65\x6e\x0a\xed\x1d\xa2\xd5\xc6\xba\x26\x52\x34\x36\x48\xad\x42\x0f\x6a\xb9\xe5\x5a\x97\x48\x2a\x1a\x22\xb3\xbc\x2e\xe5\x98\x62\x9a\xba\xd9\x54\x7e\xdb\x5f\xf7\x90\x99\x05\x64\xbd\x87\x1f\x81\xb2\x4b\x12\xf2\xbf\x8d\xbd\xfe\x7a\x88\x37\x5f\xad\x9c\xcb\xd9\xfc\x0b\xa1\xd3\xbb\xa5\xe3\xc4\x81\x3c\x18\xa0\x34\x8a\xad\x83\xfb\x1b\x82\x68\x90\x54\xd9\x9b\x46\x00\xdd\x17\x60\xd0\xdc\xce\x44\x75\x74\x67\xbe\xc1\x94\x64\x06\xd5\x30"},
+{{0xd1,0x07,0xcf,0x26,0xf5,0x27,0xdb,0x71,0xa2,0x06,0xe4,0x1d,0x17,0x95,0x53,0x21,0x01,0x32,0x25,0xbb,0x20,0xf9,0x3e,0x12,0xdf,0x3d,0xc7,0x39,0x9e,0x72,0x0c,0xa3,},{0x18,0x6b,0xf4,0x53,0xc9,0x5d,0xc0,0xa2,0xfd,0x58,0x9a,0x78,0xe2,0xc8,0x00,0x40,0xb3,0xf6,0xdd,0xf9,0xa6,0xf8,0x68,0x1d,0x14,0x60,0x36,0xcf,0x21,0x46,0xe8,0xfc,},{0x80,0x71,0xd9,0x7f,0x32,0x4f,0x10,0x35,0x8f,0x13,0xac,0x8c,0x61,0xd4,0x24,0xb4,0xf3,0x00,0xdd,0x04,0x19,0x57,0x1c,0x39,0xe4,0x0d,0x99,0xae,0xa5,0xf0,0x31,0x40,0xe6,0x2a,0xb4,0xc9,0x71,0x27,0xab,0x33,0xe9,0x82,0x69,0x96,0x6a,0xe1,0xd4,0x55,0x7e,0x45,0x9b,0xf7,0xf5,0x97,0xb3,0x13,0xf3,0x51,0xa2,0x01,0x22,0xf0,0x66,0x0e,},"\x78\xeb\x9e\x13\x78\x99\x28\xa7\x4f\x36\x01\x41\x72\x8e\xde\x98\x38\x96\x85\xc8\x36\xb9\x1f\xaf\xbf\x1a\x7e\x8c\x19\xcf\xbe\x21\xbd\x3c\x3d\x6c\x6e\xd8\x3c\x40\x9e\xf6\x93\xf1\xd7\x35\xda\x3f\xa4\x66\x49\x7e\x19\xf3\x8e\x30\xfb\xa2\xa1\x02\x37\x85\x45\x90\x70\xe6\xe9\x2c\x1c\xb7\xc9\xbd\x0c\x9b\xa6\x12\x20\x15\x78\x66\xc3\xbe\xd2\xb0\x1e\x6e\x6b\x9b\x8d\xd3\xf0\xc4\x7c\x02\xf1\x81\x34\x6a\x0a\x9b\x9b\x5d\x3d\x7e\x18\xa9\x4d\x69\x56\x85\x5e\x16\xe8\xea\xaa\xab\x71\xb1\x03\x02\xf3\x5b\xd8\xfb\x1f\x9b\x58\x47\x30\x41\x60\x32\x49\x26\x64\x5b\x05\x82\xc2\xf2\xf1\x53\x3a\x24\x28\x14\x61\x51\x42\x41\xdb\x28\x50\xef\x31\xc5\x76\x3b\x2e\x3d\x4f\xb1\x8f\xc6\xd8\xc1\xd7\xe5\x2f\x7c\x13\x39\x2c\x17\xe2\x70\x19\xff\x60\x00\x8e\x43\x1f\x17\x14\x37\x0b\xc0\xef\xd9\x45\x2a\x61\xf5\xc5\x64\x88\xd9\x1a\x18\x50\x37\xf1\xf6\x47\xf7\x2f\xa7\x85\x01\x0d\x5d\x78\xf0\xa1\x15\x87\xcc\xf6\x6b\x80\x88\xe0\xe6\x35\xff\xf3\x77\x41\x93\xb2\xed\xef\xfd\x92\xd6\xe8\xa0\x32\x11\x28\xae\x64\xcd\xb8\x62\xe6\x31\xe2\xee\x5b\xa0\xda\x44\xbb\xd5\x89\xdc\x39\x2b\x5a\x11\x3b\x86\xa7\x27\xa8\xdd\xb6\x98\xa3\x34\xcc\x66\x8b\x39\xb1\xcd\xe1\x99\xb8\x88\x37\xca\x5f\x00\xf5\x53\xf8\x9c\x62\x28\x34\x27\x36\x41\xd3\x9b\xc1\x0c\x6a\x24\xe1\xeb\x42\x58\x75\x42\xf0\x3f\xc1\x62\x75\x24\xed\x6b\x74\x93\x91\xf1\x10\x28\x70\x6c\x42\x36\x44\x25\xb2\xca\xf2\x01\x80\xe1\xb8\x02\xc7\x44\xb4\x9b\x7b\xcd\x9b\xf7\xb1\x5c\x23\xa0\xbf\x1c\x69\x65\x96\x0d\x34\x15\x54\xe1\x96\x6b\x6e\xf8\x2f\xcf\xbb\xe4\x1d\x1e\x09\xd7\x41\xe3\x09\x25\x44\x46\x77\x7f\x13\xc2\x9a\x67\xb8\xbd\xeb\xc5\xf7\xf0\x4d\x16\x0d\x60\xe3\x32\xe3\xd0\x44\x1a\x0f\x2f\x7b\x19\x2c\x3e\x2b\xdf\x6d\xad\xec\x2a\x42\x4f\x88\x66\x98\x06\x23\x6e\xe0\x4d\xea\x69\x2b\xd8\xbb\x6f\x91\xca\x06\x82\xec\xe3\x49\x14\x25\x75\x35\x8b\x9b\x7b\xe7\x06\x00\xb3\xcb\x81\xe1\x45\x6b\xa0\x79\x9f\xdc\x01\xff\xd6\x86\x23"},
+{{0xaf,0x7e,0xa8,0xe4,0x1c,0x89,0x37,0xa4,0xec,0x47,0x5a,0xd8,0x13,0x71,0xa1,0x71,0xd3,0xd0,0xf9,0xfd,0x75,0x19,0xa0,0x4c,0x75,0x1e,0xd4,0xad,0x8f,0xf8,0xfe,0xf9,},{0x15,0xdf,0xc7,0x15,0x85,0xba,0xc7,0x1e,0xf2,0x0f,0x37,0x49,0x87,0xc5,0x55,0xa3,0xf2,0xf0,0x7d,0x6b,0x9c,0x78,0x70,0x66,0xc1,0x0d,0x63,0xcf,0x06,0xe0,0x2a,0xb0,},{0xc0,0xf1,0x73,0x91,0x67,0x27,0x4b,0xf9,0x18,0x31,0xc7,0x4b,0xeb,0x64,0x5a,0xf7,0x90,0x45,0x9b,0x28,0xbb,0x3f,0x21,0x32,0x53,0x65,0x13,0x0f,0x40,0x9a,0xcb,0x66,0xdf,0x1d,0x22,0x37,0x59,0xa9,0x75,0x8e,0x08,0xfd,0x72,0x53,0x73,0x74,0x84,0xe2,0x85,0xa6,0xfb,0x47,0x40,0x4a,0xbe,0x2e,0xba,0x5e,0xf2,0x49,0xfd,0x02,0x5c,0x0a,},"\x05\xf2\x26\x3f\x02\x45\xec\xb9\xfa\xeb\x14\xe5\x7a\xca\x43\x66\x68\x30\x8c\x81\x25\xdf\x31\x16\xc4\xee\x20\x50\x1d\x0c\xde\x70\x1b\x36\x6e\x2b\x50\xa1\xc5\xed\xf4\x84\x14\x4c\xe1\x6b\xfb\x1f\x7d\x26\xdc\x42\x75\xea\x97\x32\xe2\x64\xba\x4d\x4a\x36\x2b\x40\x27\x5b\xa4\x73\x77\xdb\xc3\x32\xcb\x65\xe2\xf4\xc8\x85\x38\x94\xaa\x87\x8a\x4c\x17\x5d\xc5\xb3\xb2\xa7\x57\xff\x3c\x8d\x7d\xe6\x60\x97\x3b\x89\xda\xdf\x07\x6e\x2e\x4f\xc7\x62\x39\xb7\xbc\x75\x2a\x22\x9d\x44\xe0\x00\xce\xb6\x67\x10\x4c\xb0\x74\x6b\xfc\xf5\x9d\x69\x60\x3a\xe7\xfc\x1b\xcf\x11\xd2\xe3\x3f\x61\xdc\x49\x7e\xc1\xb0\xbd\x5e\x4f\x1d\xbe\xf4\x35\xf2\xf2\x91\xf3\x0b\x00\xa8\x5e\x83\x39\x46\xc8\xb1\x04\x84\xe4\xab\xd7\xd6\x0b\xdb\xb1\xfe\x6d\xff\x58\x07\xa5\x3b\xb8\x93\x82\x15\x30\x13\xb7\x0c\xa0\x8e\xfc\x91\xb7\xe9\xfc\x5b\x5d\xbb\xb6\xaf\x12\x3b\x57\xbe\x2e\x14\x0f\xc4\x71\xa4\x5d\x89\xfa\x82\x84\xcc\x27\xe0\xa1\xfe\x77\x1f\x55\x59\x8b\xbd\xcf\x06\x8d\x50\x6d\xad\x0a\x59\x21\x79\xce\xca\x39\xee\x95\x26\xf9\xe4\xfe\x47\xbf\x2b\xb1\x4f\xb1\x48\x6a\x67\x7d\x4d\x7b\x99\xa5\x20\x54\x56\x76\xa0\xf1\xfa\x80\x90\x49\xaa\x24\x14\xae\x7b\x81\x7d\x9a\x03\x6e\x5c\x15\x78\x86\xe8\x34\x1d\x4e\x81\x9c\x09\x2a\x3b\x48\xb3\x60\x6b\x03\xac\xb7\x27\xc6\xc2\x21\x7d\x0a\xf3\x01\x21\x54\x6a\x94\xaf\x6b\x49\xca\xa2\xa8\xc9\xb1\x78\x6f\xa0\xc2\xa5\x24\xec\x7a\x02\x3e\x92\x4b\x5f\x8a\x89\xa5\x37\x80\xc7\xf8\x78\x1c\x5b\x8e\x86\x94\x30\xca\xa0\xe6\xd0\x43\x79\x67\xe3\xae\xd4\x4f\x45\xc9\x01\xcb\xcf\x10\x26\xfb\xbd\x4e\x3d\xd9\xa0\x91\xec\xf8\xb3\x4f\x7d\xd5\x03\x8e\x54\x3d\xc7\xeb\x6a\xd5\x49\x4e\xfb\x14\x5c\xf6\x3e\xc0\xd3\x55\xbb\x8e\x17\x2f\x45\x5d\x8a\x6b\x13\xda\xca\xad\xdb\xc5\x6e\x47\xde\x3c\xf7\x62\xa1\xa7\x38\xef\x09\x2f\x14\x36\x68\x04\x67\xb5\xcd\x82\xe9\xe3\x6e\x2d\x2b\x68\x42\xb3\xbd\x5d\xce\x77\x18\x0d\xda\xf0\xb6\x43\x37\x8e\x69\x85\x99\xdd\x47\xf5\xcd\xbb"},
+{{0x0c,0x57,0xcb,0xfc,0xeb,0xde,0x10,0xed,0xe0,0x2d,0x1c,0xb0,0x1d,0xf3,0x60,0xd4,0x1f,0x2e,0x66,0xa5,0x04,0x43,0xd5,0x8b,0x5d,0x4f,0x08,0x28,0xc9,0xa1,0x8b,0xb7,},{0xc4,0xd7,0x61,0xba,0x18,0x99,0x71,0xb9,0x46,0x2c,0x61,0xbf,0x46,0xa7,0x65,0xf8,0x8e,0x2e,0xca,0xa5,0xbf,0x22,0x11,0x22,0x0a,0xfb,0x00,0xac,0x65,0x7f,0x7c,0xe5,},{0x8a,0xf7,0xbb,0xe0,0x1b,0x8a,0xb9,0x39,0x51,0xd1,0x6f,0xca,0x05,0xa9,0xc9,0x67,0xd1,0xc5,0x2c,0x97,0x4b,0xea,0x15,0x1e,0xa7,0x2e,0x4c,0xeb,0xaa,0x20,0xcc,0x78,0x3b,0xb6,0x1d,0x8d,0x69,0x38,0x5c,0xac,0x5b,0xc6,0xd7,0x2d,0xbd,0x16,0x2b,0xee,0xf1,0xfc,0xb5,0xdd,0x0e,0x0a,0x08,0xb4,0x8c,0xa0,0xb9,0xf6,0xd9,0xa9,0x88,0x0c,},"\x33\x77\x03\x24\x3a\xb5\xb4\xe4\xd3\x48\x1e\xe8\xdd\x1f\x44\x94\x50\x71\x74\x41\x26\x58\xa9\x39\x88\xb5\xc3\x04\x03\xa7\xb7\xed\x85\x22\xce\xb4\x6f\xa1\xee\x02\x75\x3a\x87\x4e\xf0\x67\x5d\x39\x7c\x57\x5d\xa0\xb0\x8c\xaa\x8c\xee\x33\x93\x78\x4d\x0f\x0d\xb8\x45\x98\x37\xaf\x90\xb9\x05\x6d\xf4\xe3\x8e\x41\x7f\x3a\xd2\xeb\x1a\x10\x0e\xf2\x07\xce\x2c\xa6\xc6\x10\x01\x80\x21\x66\x1e\x30\x70\x99\xf2\xb7\xc4\xae\x87\x59\x91\x14\x0b\xdd\x3f\x0f\x99\xad\x2c\x5d\x55\xaa\xcb\x84\xcc\x1c\xdc\xd5\x79\xe0\x80\x72\xb6\x95\x1f\xd4\x5e\xd2\x89\xac\x9f\xf7\xf0\x98\x6a\xc8\x8a\x4f\xbb\x9d\xc9\x20\x3d\x9b\xaf\x18\x0c\x90\xed\xf9\x37\x25\x8c\x9d\x0a\x6d\x48\xe2\x20\xf7\x2d\x25\x0c\x7f\x2c\x77\x7e\xaa\x7f\xb9\xfa\x11\xd5\x0a\x57\x98\x77\x2f\x9f\xd9\x76\xb0\x05\x99\xf1\xf0\x27\x6f\x3a\x2e\x4d\x98\x8a\xe9\x21\x25\x46\x7a\x8d\xed\xb7\xa1\x6f\x9e\x3a\x56\xe8\xd0\x06\x62\xb3\xeb\x67\xa3\x5b\x9b\x60\xe7\x3b\xd9\x35\x07\x7e\xe2\x38\xdf\x8f\x6e\x83\x3b\x9a\x55\x23\x38\x68\x26\xc1\xf2\x91\x7b\x1c\x3e\xc9\x8e\x0a\x5f\xde\x89\xc4\x8b\x1d\x44\x6d\xa5\xd0\xc8\x85\xfe\xf0\xe3\x74\xbf\xf3\x0a\x99\x7c\x7b\xaf\xd5\xe7\x43\xc8\x5d\x0c\x6a\xaa\x6e\xf1\x0a\x06\x12\x11\xa2\x32\x7c\x6d\x84\xeb\x74\x7a\x56\xe9\xbf\x60\xfc\xd5\xb5\x53\xb7\x98\x83\x4d\x0c\x5c\xca\xdb\x9d\x4b\x54\xe7\x23\x7d\x12\xc6\x79\xc1\x93\xa2\x87\xbb\x2f\x51\x1c\xd4\xee\x2a\x2d\x85\x49\xb4\x4b\x21\xc1\x1f\xbe\x57\x23\x38\x1c\x6c\x5f\x78\x46\x87\xfd\x90\xce\xbc\x5b\x49\x5a\xf9\xe4\x14\xf2\x96\x1b\x06\xa1\xc8\x43\x3b\x9a\xa3\x29\x2b\xcf\xf4\x24\x1c\x22\x71\x67\xf8\xd1\xde\x05\x4b\xa3\x3a\xd8\x1d\xa3\xeb\x3e\xc6\xe4\x0a\x6e\x26\x85\x4a\xf3\x49\x54\x01\x71\xb7\x5d\x75\xfb\x9a\x8d\x12\x93\x78\x27\xfd\x59\x4d\x31\x7b\x7a\x8d\x9f\x1c\x2f\xca\xbd\xa5\x63\x75\x56\x8c\x3e\x9e\x51\x4c\x2e\xff\xfc\x38\x78\x36\x3d\xcf\xad\x9f\xd9\x54\x36\xb0\x22\xe8\x77\x2a\x88\xcb\x71\xe8\x03\xbf\x90\x38\x19\x62"},
+{{0xfe,0x71,0x72,0x27,0x83,0x64,0x19,0x4b,0xcf,0xef,0xb4,0x78,0x31,0x42,0xb7,0x9f,0x59,0xd5,0xfd,0x97,0x8b,0x1e,0x47,0xc3,0x14,0xd7,0x8d,0x4c,0xb3,0xf6,0x1c,0x8a,},{0x2e,0x82,0xcc,0xe4,0x79,0x10,0xc7,0xe2,0xa7,0x9b,0xc1,0xf4,0x19,0xdc,0x3c,0x3d,0xf5,0x4f,0x23,0x29,0x1f,0xc8,0x19,0x3e,0x82,0x58,0xcc,0xd2,0xfd,0x38,0xd5,0x48,},{0xf6,0xc2,0xa4,0x29,0x6b,0x9a,0x34,0x07,0xc6,0xd7,0xa5,0x67,0x9d,0xae,0x86,0x66,0xb5,0x03,0xd1,0xa1,0x7e,0xac,0xf7,0x1d,0xf4,0x93,0x79,0x1b,0x8f,0xf0,0xc0,0xaa,0x8e,0xed,0x36,0xb3,0x27,0xa2,0x9a,0xb7,0x82,0x8f,0x46,0xf2,0x2d,0xe8,0x68,0xb6,0x28,0xb1,0xcf,0xd5,0x01,0xe8,0x59,0x9f,0xa3,0x16,0x93,0xb1,0x5f,0x61,0x08,0x0f,},"\x23\x50\x94\x51\xa0\x59\x96\x9f\x2b\x4b\xdf\xce\xe5\x38\x89\x57\xe9\x45\x6d\x1f\xc0\xcd\x85\x7e\x4f\x4d\x3c\x25\xa4\x15\x5d\x5e\xe9\x1c\x20\x53\xd5\x58\x06\x2e\xea\x68\x27\x95\x0d\xe8\x63\xbc\x9c\x3d\xf9\x67\x2c\xde\x8b\xa7\x41\x74\x4e\xbb\xdd\xb4\x5e\xc1\xf4\x28\x45\x70\xfd\x0a\xac\xd0\x7e\xa5\x8c\x58\x1b\xe2\xaf\xc9\x5a\xe4\x44\xe6\x78\xed\xc2\xa0\x24\x39\xf3\x87\xce\xc9\x82\xea\x3a\x44\x81\x4a\x8a\x30\x2b\xb3\xbf\xe8\x22\x8d\x58\xde\x03\x9d\xeb\xdf\x7c\x2a\x7e\xdd\xb4\xe7\x1c\xa4\x74\xf9\x4f\x7e\x2b\xd8\x9d\xc6\x5b\x16\x10\x73\x3c\x91\xff\xf8\x9b\xd4\x99\xf4\x01\x54\xa6\x19\x8f\xdf\x5e\xc7\xad\x37\x22\xd9\x25\xb2\x92\x19\x6c\x42\x94\x99\x07\x5b\xe0\xc5\xb6\xda\x9c\x09\x0c\x07\x91\xa7\x01\x9e\xb5\xe7\x36\x6b\xe6\xce\x58\xab\x2f\x04\xfe\xcd\x91\x27\xc4\x27\x18\x04\x7b\xf4\x70\x30\x69\x15\x21\x31\x2c\x08\x77\xaa\x3f\x36\xcc\x5f\xbc\x9c\xaa\xe0\xfd\xe3\x94\x5d\x2a\x86\x8e\xe2\x50\x2a\x38\x33\x20\x8e\xb8\x50\xa1\x63\xcf\xcb\xf6\xda\x9e\xe6\xad\x9f\xe0\x67\xfe\x24\x19\x86\xfe\x44\x36\xd6\xae\x4e\xdc\x61\x56\x19\x38\xe2\xa3\x3f\x4a\x33\xdb\x63\xf6\x9d\x3f\x1a\x88\x50\xed\x40\x02\x88\x69\x16\x41\x03\x48\x8f\xb7\x95\xcd\x82\xca\x06\x7f\xe1\xb4\x89\x7c\xaa\x49\xa7\xca\x9a\x80\xf3\xa8\x15\x1f\xd1\x3b\xbb\x7f\xf3\x50\xe8\x57\x9f\x56\x5d\xc1\xc4\xa9\xca\x93\x8d\x27\xb1\x5b\x3f\x85\x8e\xf4\x5d\x3d\xd7\x8b\x2c\x35\x86\x35\x35\x63\x15\xf5\x5a\x97\x52\x8e\xcf\xec\x5d\x11\xa5\xb7\x21\x50\x31\x07\xfa\xa4\x06\xc1\x70\x34\xe6\x01\x47\x4b\x3b\x60\xcf\x48\x69\x2e\x26\x92\x61\x15\x8f\xc3\x53\xd4\xdf\x42\x74\x38\x13\x57\x79\x0b\x77\x56\x08\x7b\x00\xcc\x79\xe3\xb9\xd2\x8a\x3f\x24\x39\xfe\xbf\x19\x9e\x64\xa8\xb3\x7c\x91\xb5\xa4\x33\x4e\x33\x54\xe8\xfa\xf3\xa3\x61\xe8\x56\xc5\x4b\xda\xa4\x3b\xfd\xcd\x6e\xe6\xc9\xf9\x67\x95\x88\xf6\x06\x99\x50\x83\x23\x48\xaa\xcb\xa2\xbf\xee\xba\xca\xa2\x07\x1d\xdc\x7d\x77\x89\x8e\xf0\xf6\x87\x93\xcd\x25"},
+{{0xa9,0x51,0xe4,0xe6,0xba,0x9f,0x1f,0x0b,0x35,0x48,0x31,0xc9,0x86,0x94,0x24,0x48,0xfa,0xed,0xe3,0x7e,0x11,0xb0,0xf2,0x47,0xda,0x27,0x06,0xdc,0xee,0xf7,0x3a,0xc7,},{0x30,0x36,0x20,0x14,0x97,0x4b,0xf7,0x5c,0x84,0x95,0xc2,0xe2,0x71,0xe7,0x13,0xd5,0x73,0x84,0x38,0x4d,0x0a,0x5d,0xa8,0x8e,0xde,0xea,0x79,0x27,0x9c,0x0c,0x58,0xec,},{0x02,0x78,0xc8,0x6a,0x15,0x20,0x8d,0x9b,0xe5,0xb1,0xe1,0x57,0x47,0x61,0x86,0x1b,0x8a,0xf7,0x2a,0xe0,0x8d,0x40,0xcd,0xcb,0xec,0x35,0x4e,0x65,0xa9,0xc3,0xd0,0xa0,0x6b,0x5f,0xcb,0xb2,0x97,0xd0,0x9b,0xef,0x39,0x74,0x62,0x39,0x59,0x86,0xc3,0x09,0x3e,0xeb,0x22,0x64,0x4c,0x00,0x3c,0x30,0x78,0x17,0x8c,0xdf,0x67,0x4e,0x99,0x0a,},"\x20\x57\x7d\xca\xc8\x91\x74\x88\x5e\xed\xb0\x62\x48\x9c\xd5\x12\xfa\x72\x86\x3e\xc5\x43\x8e\x31\xe9\x58\x78\xb7\x5c\xe2\x77\x2a\xee\x62\x90\xa0\xba\x3c\x8f\x64\x2c\x1d\x0e\xf5\x5d\xa8\xd5\xbc\x14\x84\xf8\x3b\xb9\x87\x6c\x7a\x8c\x0b\x6b\x60\x9b\x94\xd1\x12\xa0\x6f\xc8\x3c\xe8\xd2\xc1\xe0\x8e\xd6\xc7\x35\xe5\x7b\x24\x4a\xad\x6e\xcf\x70\x75\x36\x3d\x56\x5b\xa4\x78\x65\x69\x5c\x84\x23\x51\x09\x09\xe0\xa3\xdb\x4b\x61\xed\x7a\xa6\x7a\x74\x71\x33\x1e\x83\xa0\xc5\x8b\x82\x20\xa6\x24\x5f\x65\x66\x15\x49\xc1\xa1\x2d\x4c\x0d\x50\xc3\x26\xfb\x94\x91\x7c\xbd\x07\xbe\x51\xe8\x3f\xe8\xbb\x3e\x46\xca\x01\xb0\xa2\x60\xda\xaf\x1d\x6a\xbe\x37\x03\xd6\xa9\x25\x11\x3b\xb4\xd5\x7e\xa1\xa4\x8b\x4c\x7d\xbd\xaa\x03\xee\xa8\x14\xa4\xb5\xf0\x2e\x1d\xfb\x54\x5c\xc6\x23\xfe\x17\xa3\xbb\x18\xe4\x37\x3f\x5f\x7e\xc2\xfb\x52\x17\xd2\x3e\x4f\xed\x54\xa7\x72\xe1\x13\x23\xe7\x30\xaa\xd7\xef\xca\x8c\x46\x44\x00\xe7\x67\x90\x55\xfc\xc1\x25\xa8\x76\xef\x7b\x8b\x9d\xe1\x86\xe2\x29\xa7\xab\xf1\x91\xd0\xc5\x6d\x91\x81\x5f\x67\x87\x2e\x95\x7b\xfb\xc7\x63\x4a\xac\x40\x35\x76\xa5\x8f\x42\x7b\xdb\xb3\x0e\x8c\x4b\x6f\xc6\xc4\x47\x74\x10\x24\xeb\xb5\x03\xa5\xa9\x02\x51\x24\xa4\x88\x7f\x82\x5a\x43\xee\x94\x0f\x21\x0a\x1b\xd5\xae\x4f\x67\x32\xd6\x0f\x95\xf2\xb8\x32\x01\xc4\xc6\xdf\xe2\x79\x41\x2d\x75\x02\xa5\x21\x1f\x8f\x48\xf8\x00\xdb\x30\xfc\x37\x76\xc4\xed\x3a\x38\xbb\x46\x34\x82\x2c\x98\xa6\xd6\xdd\x32\x33\xbe\x60\xe4\x2c\xca\x45\xa3\x16\x3c\xc8\x4e\x9e\x8d\xa6\x47\xc0\x71\x1b\xc4\xc6\xcc\xd6\x5a\xa1\xe9\x72\xc0\x74\x04\xd1\x03\xe7\x4b\xcc\x31\xa7\xe2\xc3\xee\xa5\xac\x92\x57\xab\x42\x89\x47\xab\x3d\xd3\xfb\x15\x3d\x90\x69\x4a\x40\x73\x37\x3c\x4d\xd9\xce\xb1\x31\x15\x4f\xe8\x77\x47\x3f\xd9\x96\xf4\x24\xf3\x3e\x31\x6e\x4e\xb0\x2b\x8c\x75\x13\xbe\x69\x98\xe5\x16\xcb\xba\x54\xd9\x4c\xd0\xa4\x35\xe0\xff\xcc\x2c\x0a\x8e\xf7\x2b\x63\x0e\xc2\x47\x81\x06\x6a\xa5\xef\xb9"},
+{{0x38,0xa9,0xb2,0xd4,0x9b,0xa8,0xb8,0x2f,0x30,0x1a,0x57,0x72,0xce,0xa0,0xef,0xc2,0x21,0x84,0x55,0xc8,0xb2,0x18,0xb2,0x2c,0xba,0xa2,0xaa,0xd2,0xd7,0xad,0x3b,0x35,},{0x9d,0xf5,0xea,0x1f,0x78,0xf8,0x10,0xa5,0x21,0x77,0x46,0x02,0xbb,0xba,0x49,0x42,0xf0,0x45,0x92,0x38,0x96,0x6c,0x8b,0xcd,0x21,0x90,0x0a,0xfb,0xf3,0xd8,0x42,0x93,},{0xe1,0x9e,0x62,0xac,0x53,0x9a,0x9c,0xa2,0x51,0xd1,0x2d,0x4c,0x71,0x05,0x5b,0x0a,0x3f,0x58,0x1d,0x19,0xf2,0x68,0x2e,0x67,0x24,0x04,0xc7,0x8a,0xc1,0xf1,0x2b,0xbe,0xfc,0x91,0x51,0x92,0x76,0xa5,0xcb,0xe1,0x6f,0x52,0x0c,0xf7,0xa7,0xf6,0x87,0xa2,0x40,0xf0,0x32,0x91,0x57,0xc5,0x9f,0x50,0x02,0x6a,0x58,0xdc,0xdc,0x50,0xfc,0x08,},"\x17\x78\x16\x7c\x49\xb3\xa4\x4d\x4a\x5b\xa8\x38\xb7\x38\x85\x53\xb1\xe1\x3d\x36\xea\x4f\x86\xd3\x02\x42\xe1\xa8\x22\xa3\xbb\xaf\xf5\xce\xa6\x3e\x2a\xe2\xa4\x63\x5b\xe2\x36\xfe\xf2\xb8\x13\x5d\x14\xfb\x62\x1c\x0b\xb7\x73\xc9\xc1\x77\x53\xf8\x09\x26\xeb\x55\xd0\xf1\x15\xbd\x09\xa8\x85\xd8\x44\xb8\x18\xc9\xf0\x44\x89\xa3\x31\xbb\x5e\x03\x2b\x8e\x58\xcd\xa3\x69\x49\xc5\xa8\xd0\x8b\x55\xbb\x8d\xe9\x65\xe1\xf9\x0d\x3b\x9c\xfe\xec\xfc\x6a\xd9\xa4\xee\x5c\xb4\x04\x7e\x94\x50\xac\xdc\x64\x64\x01\x66\xa8\xc0\x69\xea\x84\x9a\xeb\xdd\xac\x1a\xe4\xaf\xec\x91\xdd\xd1\x7f\xa5\x55\x3f\xa8\x7c\x56\xf7\xe5\x1e\xc1\xcd\x6b\x5c\xc2\x33\x51\xd0\x57\xa4\xce\x4a\x89\x23\xc8\xae\x6a\xc7\xa8\xaf\xdc\xc0\x88\x1c\x0e\x74\xeb\xb0\x24\xef\x72\x96\x16\x2c\xb9\x3c\x68\xe5\x0b\xbb\x07\x4e\x65\x1a\xc8\x7d\xac\x9e\xa5\x9d\x4c\x3f\xbf\x0f\xe3\x79\xf3\xe9\x7a\x24\x56\x6e\xca\xe5\x43\x03\xbc\xfb\x6f\x0c\xc9\xf1\x5f\x66\x39\x43\x0e\x66\xb1\x9a\x42\x78\x49\xfd\xff\xf8\x33\xdf\x02\x68\x9e\x9d\xe4\x40\x06\xc9\x03\xc5\x59\x18\x34\x59\xb9\xf4\xa9\x7f\x54\xa0\xf2\xa2\x8d\xf7\xb0\xe9\xde\xed\xa8\x23\x9d\x7b\x51\x69\x77\xf5\xe7\xd6\x97\x1b\x45\x02\xe9\x88\x5f\x75\x0a\xf8\xd1\xa6\x66\x9e\x25\xe7\x7d\x5f\x32\x7c\x77\xc8\x7a\x86\xe0\xa1\x87\x2b\xc9\x6a\x76\x06\x0f\x5f\x8a\x0c\x40\xcc\x97\x3b\xfc\x7f\xe6\xed\x9b\xca\x78\xf8\x84\xe6\xa2\x82\x8b\x94\xd4\x89\xd3\x2a\x0f\xd3\x37\xe6\x9d\xb8\x3f\xb8\x78\x9a\xfd\x4e\x8e\xf5\x4c\x22\xa7\x8c\x25\x87\x46\x8b\x9a\xe0\x71\xba\xe3\xb2\x02\xd3\x18\x3a\xd5\xf0\xf8\xe8\x42\xe5\xa8\xde\x85\xbf\xff\x49\xe0\x3c\x83\x81\xbc\xa7\xfd\x42\x78\xdd\xcc\xaf\x01\x34\xfb\x55\x93\xa3\x95\xa7\x7a\x5c\xbd\x43\x45\x93\xbc\x4a\xd0\xff\x4b\x84\x00\xec\x67\x4c\x4e\xca\xf1\xd5\x77\x54\xbe\x0c\xb2\xfa\x9a\x64\x41\xa9\xab\xad\x7b\x42\x19\x7a\xd8\x2e\x50\x82\x7e\x4a\x42\x45\x57\x3a\x8f\x0e\xf8\x7f\x58\x22\x8a\x28\x67\xf4\xb3\xb8\x34\xb6\x63\x50\x37\x94\x0a"},
+{{0x9a,0x17,0x17,0x87,0x36,0x89,0xa0,0x3c,0x11,0x2d,0xd6,0xb4,0xd7,0x6a,0xe7,0x3b,0x89,0xb4,0x16,0xa5,0x98,0xce,0xec,0x20,0x9e,0x27,0x96,0x1e,0x7b,0xb1,0xee,0x8a,},{0xee,0xca,0xd1,0xe0,0xe4,0xb8,0x63,0x29,0x18,0x81,0xa8,0xc2,0x41,0xdb,0x9c,0xcf,0xff,0xe4,0xe5,0x5d,0x8b,0x5a,0x42,0xf3,0x07,0xb4,0x43,0x6a,0xcd,0x06,0x49,0xa6,},{0x1a,0xf8,0xbe,0x09,0x55,0x38,0x96,0x58,0x00,0xd8,0xef,0xf6,0xd7,0x23,0xd0,0x28,0xd6,0x5d,0x0e,0x9c,0x6e,0xb5,0xe9,0xd1,0x25,0xbb,0x3b,0x17,0x83,0xf1,0x1e,0xf7,0x07,0x9a,0x49,0xa8,0x07,0xe2,0x7e,0xf1,0x26,0x0b,0xe2,0x6a,0x3b,0x23,0x1d,0x03,0xb2,0xae,0x15,0x1e,0x49,0xf6,0xf1,0x89,0xf1,0x5b,0x1c,0x83,0xea,0xb0,0x1c,0x02,},"\xe2\x65\x80\x47\x09\x01\xa0\x7a\xb0\x93\x1a\xa2\x38\x29\x80\x2c\xe0\x4d\xa5\x9f\xdc\x2f\x77\x3b\xc5\x67\xf1\xe6\x5b\x4f\x2e\x2d\x4a\x1a\x6a\xec\x1f\x54\x15\x8a\xdf\xce\x9b\x09\x97\x90\xb5\x03\xa1\x3d\x22\x09\x7a\xe2\x3e\xbc\xcf\x92\x3f\x3b\xb1\x98\x6d\x6e\x49\x11\x1a\x8c\xf0\xd4\xeb\x82\x36\xbf\xe0\xd7\xc9\xe9\x3a\x5e\xfc\x7f\xeb\x8e\x6a\x9c\xd1\xb8\xd9\x21\xef\xa2\x1e\x44\x9f\xf4\x9e\x06\xc1\xcc\xfe\xa3\x1f\x93\xe0\x33\xc3\xc2\xa5\x4d\xdb\x0f\x65\x3a\x09\xfb\xd1\x8a\x70\xb5\x63\x15\xf1\x93\xe7\xbe\x56\xe5\x16\x8f\x59\x56\x38\x21\xd4\xbc\x3b\xbb\x0e\xaa\x20\x48\x28\x6b\xbe\xee\x5a\xa3\xf3\xe7\x53\x6c\xf2\xb7\x50\xfd\x32\x26\x02\xbb\x38\x47\xce\xca\x39\xb7\x54\x74\x32\x2d\x76\xb1\xde\x80\xfa\x2e\xad\xba\x15\x2d\x6f\x8f\x02\x0d\x4d\x93\x1c\x53\xf0\xa2\x80\x12\x24\xd3\x5d\xeb\x6e\xc1\x3b\x01\x48\x73\xe6\x89\x90\x36\x07\xde\x96\xd9\xb7\xa7\x43\xa8\x87\xd2\xf4\x8d\xaf\x2e\xd2\xee\xfb\x20\x2a\xbf\x60\x82\x79\x69\x81\x12\x3b\x96\x6e\x93\x6d\xcf\x34\x83\xe2\xd2\x4d\x69\x4e\xcb\x86\x5f\xbe\xb6\x96\x9f\x34\x70\x27\xfb\x8b\x17\x5d\x24\xa4\xc0\x45\xc0\xbb\x4a\xb5\xe0\x2d\xdc\xbe\x77\xd4\x75\x6c\x46\xd1\x37\xb0\x94\x47\x3a\x02\x30\x7a\x10\x83\x40\xac\xad\x9d\x03\xba\xe8\x40\x3a\xf1\x99\xcb\x75\xca\xe3\x16\x2f\x38\x15\x81\x3c\xc6\x8b\xf2\xa5\xe4\x99\xe5\x94\x92\x11\x49\xf3\xbb\xd2\x14\xda\x51\x37\xe7\x56\x52\x15\x59\xdc\x80\xd9\xa4\xb7\x4a\x0f\x49\x43\x02\x2c\x7c\xd5\xfc\xa4\x23\x15\xe0\xbc\xee\xae\x90\x69\x61\x5c\xe6\x7a\x04\x38\x24\x12\x31\x3a\x31\xd6\x7b\x34\x6c\x32\x9a\xd8\x2e\x74\x2c\x0a\x6c\xe0\xa6\xa0\x24\x54\xc1\x13\xe5\x20\x22\xf3\xcc\x03\xfd\xa6\x91\xeb\xdf\xe1\x4c\x53\xc8\xce\x5c\xa9\xb9\x32\xca\x1a\x38\x6e\x3e\xb4\xe9\x0a\x4d\xc6\xe8\xad\x85\x33\xb5\xaf\x1a\xae\xf5\x00\x31\x28\x65\x5c\xa6\x4f\x67\xfc\xd9\x7c\x6a\xc8\x03\x00\x24\x04\x90\x0b\xc0\xfa\xe9\x84\x63\xbc\xc3\x14\x09\xf9\x98\x17\x48\x78\x9a\xde\x2d\x07\x78\x3b\xc3\x2b"},
+{{0x43,0xbd,0x92,0x4d,0xb8,0x15,0x60,0x08,0xc6,0xb3,0x99,0x4a,0x81,0x30,0xd4,0x27,0xd5,0x14,0xdb,0x8a,0x61,0x3b,0x84,0xdf,0xb0,0xb8,0xe0,0xde,0x6a,0xc3,0x06,0x76,},{0x1b,0x34,0x61,0xc2,0x69,0xd5,0xb0,0x06,0x2d,0x5d,0xf6,0xfa,0x65,0x4a,0x25,0x86,0xf6,0x47,0xa0,0x68,0x42,0x18,0xa0,0x6e,0x5e,0x2f,0x7b,0xad,0xfb,0x39,0x41,0x31,},{0xd2,0xa0,0x5d,0x88,0xd9,0xd5,0x43,0xd9,0x4d,0x57,0xec,0x88,0xae,0x55,0x68,0x17,0x50,0xf2,0x0b,0x9b,0xe9,0xc1,0xe9,0x18,0xcd,0xaf,0x45,0x77,0x67,0xf2,0x94,0x8d,0xd6,0x29,0xe9,0x4f,0x06,0x8e,0xdc,0xf3,0xd9,0x92,0x7e,0x33,0x02,0x34,0xba,0xdc,0x3a,0x02,0xfa,0x5a,0xd3,0xd9,0xd8,0x5e,0x94,0x8c,0xb0,0xb0,0xcb,0x3c,0xd7,0x0a,},"\x61\x84\xe6\x48\x0c\x42\xe9\x6c\xc8\x77\x26\x9b\x16\x37\x15\x45\xff\x95\x23\xc4\x5e\xa8\x8e\x76\xa1\x34\x8c\x68\xae\x7f\x31\x8b\x08\x8f\xe4\x61\x09\x28\x23\x91\x85\xb6\xb5\x5b\xfa\x0f\x43\x64\x4c\x4a\x4c\x97\xc5\x6e\xd7\x7d\x08\xb1\xf4\xaa\xd2\xf4\xaa\x06\x99\x94\xab\xec\xa9\x6b\x7b\xf8\x1b\x80\x64\xea\x43\x50\xd8\xa8\xb0\x22\x97\xa5\x13\x08\xb6\x1c\x57\xc8\xf1\x87\x3c\x6f\x97\x00\x7a\xca\x31\x80\x42\x9e\x73\x0a\x66\x43\xf2\x87\x33\x54\x7b\xcf\x7b\x9a\xdf\xe3\x27\xe8\x57\x36\xbd\x04\xaf\x7f\x1d\x9f\x4f\xb8\x4a\x7f\x3a\xff\xdf\x4e\x22\xb5\x74\xec\xb4\xbc\x88\x36\xb1\x0b\x84\x53\xae\xaa\x5c\x1b\xf1\x32\x24\x8b\x82\x6c\xc5\x23\x0f\x75\xe0\x75\xfa\xc9\xf0\x37\x56\x11\x36\xe0\x06\x43\xd0\x82\x53\xe7\xad\x65\x2f\x70\x2c\x0d\x15\xb6\xd7\xd4\x8a\xa6\xf8\xe9\xb5\xf5\xcc\x14\x6e\x3f\x15\x6f\xb2\x52\x27\x51\xc3\x71\x00\x41\xbd\x92\x2f\x37\xa5\x03\x77\xe0\x28\xb0\xc4\xe4\xbc\x34\x65\xd7\xc8\x4a\xf6\xa5\xfb\x42\x7a\xcb\x3b\x41\x37\x8b\x10\x2b\xda\x46\xd8\xf6\xf2\x03\xa5\xff\xcf\x39\x5d\x43\x5e\x93\x45\x8a\x0b\x0a\x4c\x2e\x77\x82\xfa\xfe\x11\x9f\x76\x9f\x67\x05\x8c\x66\x77\xf6\xd1\x0d\x9c\xf5\xcb\x87\x48\xe1\x80\x57\x98\xed\x23\x3f\x6f\x93\x0e\xee\x0e\x50\x75\xbc\x58\xb9\x7a\xf9\x17\x7f\xda\x75\xd5\x37\x08\xbe\xb0\x4d\xc4\xf1\x9a\x43\xe7\x68\x07\x46\x09\xf1\x40\x65\xf4\x8f\xda\xd5\x07\x7c\xe1\x09\xba\xcc\x35\x71\x74\xa6\xb7\x95\x6f\x6e\x7f\x32\xe3\x84\x15\xbe\x52\x63\x70\xfa\x58\xc3\xc0\xb3\x1f\x51\xe6\xcd\x4b\x2c\xf2\x7f\x8b\xcb\xc2\x12\x59\xd9\xe5\xc3\xb5\xc2\x94\x6a\x9f\xc1\xb0\x0d\x9d\x15\xc3\xb7\xd8\x0b\xfd\x9d\x05\xdb\x91\xd2\x49\xd3\xe4\x2d\x89\x56\x68\x20\x44\x54\x8d\x83\xbd\xa8\xd5\xcc\x92\x12\x44\x2f\x30\xb4\x5c\xf4\xae\xad\x80\xcc\xe9\xb3\x51\x2c\x39\xc5\xc7\x37\xd3\xf8\xd7\x47\xaf\xba\xb2\x65\xaf\x5e\xee\xf8\xca\x93\x62\xec\x76\xe9\x43\xb0\xa0\xd7\xa3\x9f\x3d\xb1\x1e\xca\x14\x45\x8a\x7b\x59\x2e\x5e\x4f\xf2\x27\x5d\xd4\x8b\x28\x53"},
+{{0x8f,0xb0,0x86,0x20,0x6d,0xd9,0x5a,0x26,0x21,0xf5,0x98,0x56,0x0c,0xcb,0x28,0x1f,0x82,0x73,0xc8,0xfc,0x72,0xe2,0x36,0x11,0x08,0x9b,0xaa,0xc8,0x9d,0x3c,0x3c,0x78,},{0x20,0x27,0x6e,0xf4,0x79,0xf4,0xd4,0x52,0x3a,0xb7,0x74,0x20,0xd4,0x24,0xe8,0x81,0x9c,0x33,0xc8,0x37,0x79,0xed,0x80,0xc7,0xf6,0x66,0xe8,0xf4,0x40,0x3f,0x94,0xd7,},{0xa9,0x30,0x5e,0x00,0x16,0x00,0xd5,0x97,0xd0,0x5e,0xf6,0x71,0x69,0x9b,0xf0,0x9f,0x0d,0xcc,0x0c,0x44,0x47,0x5d,0x3c,0xa3,0x1e,0x7f,0xf1,0xbf,0xfe,0xdc,0x0c,0x67,0xda,0xa1,0xf3,0xb7,0x6a,0x03,0x59,0x48,0xc5,0x9c,0xd8,0x7f,0x82,0x45,0x3a,0x40,0x95,0x0a,0x1c,0x97,0x03,0xc2,0xe7,0xd9,0x28,0x0e,0x73,0x03,0x96,0x6d,0xa3,0x01,},"\xf0\x29\x03\xed\x42\x66\xe8\x49\xa4\x48\x52\x05\x95\x4f\xff\xa8\xa1\x08\xc3\x23\xb7\xe3\xf8\x43\x31\x04\x35\x14\xe4\x85\x56\xab\x01\x94\x97\x23\x3a\x5a\x12\x7b\xff\x3c\xd7\xc9\x70\x86\xbe\xce\xf5\x38\xb3\xf3\x39\xd7\xd0\x6e\x53\x2d\xc7\x32\x5e\x59\x7a\xe3\x57\xf8\x16\xde\xa4\x2a\x6a\x22\xc7\x9d\x22\x07\x4a\x2e\x1a\xd8\x02\x3c\x42\x4b\x7e\x09\x6e\x5a\xd8\x89\x7b\x05\xef\x7d\x00\xd3\x0a\x04\xaa\xf2\x98\x1e\xdd\xff\x2b\x34\x7f\x1e\x27\xe2\x0a\xab\xbe\x7e\x7a\x95\x44\x97\x8e\x09\x2b\x00\xcc\xe4\x20\xab\xa0\x61\x87\x37\x4f\xfb\xb3\x7b\x4c\x22\xd7\x5f\x04\xe5\x75\x90\xf6\x10\xa2\x73\x47\x28\x6c\x29\x83\x12\xa6\xc9\xb1\xbd\xf2\x4f\xbd\xa8\x51\x3c\x4f\x83\x56\xcc\xf7\x57\x06\x8f\xfc\x11\xbc\x65\x11\x37\x83\xa5\xdd\xe7\x72\x2f\xaf\x4c\xeb\x19\xfb\xb6\x2f\x40\x70\x2e\x2c\x6e\x6a\x8b\xb4\x9e\xf4\x04\x46\x45\x0c\x4c\x59\xa2\x99\x09\x44\xda\x47\x44\xf6\xee\x77\x0b\x93\x0c\x24\x66\x69\x81\x3c\xe5\xa9\xf5\xa4\x7d\xd8\x03\x88\x98\x1b\xfc\xc3\xa5\x6b\x5b\xe2\xc4\xc7\xe6\x59\xa2\xe9\x18\x2d\xec\x0a\xaa\xfe\x90\x31\xaa\x39\x54\xd4\xfe\x7c\x43\x11\x96\xa5\x61\xa5\xb7\x8e\xab\xa6\x4f\x3d\xb1\xb5\x86\xc5\x3b\x16\xf6\x79\xa8\x49\x21\xa6\x42\xc2\x60\xe4\x65\x3a\x61\xde\x10\x8e\xbd\xe6\xf7\x05\x3a\xfa\x2c\xb3\xf3\x66\x8e\xde\x12\x10\x20\xdd\x1b\xac\xe8\x41\x8a\xeb\xac\x3a\x5b\xd5\x14\x2f\x10\x5a\xc2\x6f\xe4\x9e\x5f\xb1\x40\xc1\x9b\x22\xd5\x4a\x62\x91\xdf\xc9\x54\x67\x02\x47\x88\x16\x46\x87\x4d\xef\xad\x81\x49\x95\x51\x9f\x62\x60\xe9\x77\x4a\x8d\x18\x5c\x37\x88\x1b\x4f\x25\x43\xc4\xb6\x3f\xbf\x19\x85\x01\x6a\xb4\x1c\x4d\x72\x8c\xbc\x90\xb3\xab\x87\x62\x67\xbe\xd4\x1d\x0c\x09\x02\xf6\xb5\x0e\x8f\xa9\x06\xfc\x47\x88\xf7\xb8\x20\x46\x73\x06\xe0\xfe\x9e\x03\x6a\x0a\x00\xf8\x04\xf9\x1c\x3c\xa7\x18\xb9\x5f\xf6\xd9\xe2\x20\x4b\xc3\x16\x1b\xf7\x0f\xcc\x17\xb2\x96\x4b\x56\xbc\x61\x2e\x29\x40\x2d\x96\xf5\x09\x86\x51\x4b\xc7\xd8\x31\xd5\x8e\x42\x79\x37\x86\xd5\x80\x6f"},
+{{0xaf,0xa1,0xb8,0x46,0xc2,0x10,0xb5,0x23,0x00,0xe9,0x76,0x96,0xf8,0x1b,0x8e,0xa7,0x74,0xd1,0xdf,0x12,0xe6,0x12,0x52,0x7c,0x55,0x74,0x7f,0x29,0xc1,0x93,0x73,0x96,},{0xb6,0x09,0x56,0x6b,0xbd,0x19,0x47,0xbd,0x7a,0xfa,0xce,0xb1,0x43,0x89,0xe8,0x36,0x22,0x71,0x69,0x21,0x5f,0xab,0x66,0x85,0x1a,0xa5,0xd7,0x0d,0x6e,0x2e,0x3b,0x89,},{0x98,0xb0,0xc6,0x31,0x3c,0xec,0xaf,0x7c,0x82,0xcb,0xde,0xb3,0xd0,0x28,0x06,0x41,0xc6,0x1a,0x06,0x0f,0x65,0xe5,0x63,0xaa,0x93,0xce,0x18,0x30,0x0a,0x9b,0x58,0x27,0x2d,0xc8,0x68,0x0b,0x48,0x5e,0x8c,0xd1,0x1c,0xf8,0x0f,0xdc,0xa8,0x68,0xfa,0xb3,0x65,0x37,0x83,0x84,0xa1,0x42,0x72,0x7f,0x2f,0x84,0x4f,0x87,0xcf,0xdf,0x19,0x05,},"\x4c\xac\x1b\x1f\x4b\xd4\x82\x84\xdc\xc9\xaf\xc8\xb5\x95\x5b\x64\xb4\x36\xdb\x70\x4b\x03\x35\xd9\x75\x5c\xc1\xf9\x74\x77\xf8\xd3\x23\xcb\x64\x10\xef\x14\x6a\xb8\xa9\xef\xb9\x52\x6d\x8b\x62\xe3\xbb\xad\x1f\x72\x95\xf4\x7b\xa9\xf0\xde\x95\x8f\x8e\xc9\xb7\x7a\xb4\x22\x32\x43\x7e\xd9\x74\x85\x64\x44\xcd\x22\xe2\x0b\xe3\x5e\x91\x81\x3b\xff\x4b\x01\x6f\x81\x0d\x0f\x61\xd8\x9f\x6b\x61\x4d\xb3\x3f\x34\xbd\x09\x98\x5b\x59\x3f\xe3\xe0\x6e\x06\x5b\x7b\xc6\xcd\x39\xd5\x5c\x2c\xfb\xec\x7b\x6d\x59\xc0\xb3\x7d\xd1\xd0\xd3\x51\x35\xab\x1d\x1b\x04\xf2\xf3\x0c\x2f\x04\xf4\xba\x2b\x36\x58\x27\x38\x08\x1c\xf5\x91\x90\xf5\x28\x36\x3d\xb9\x44\xed\x61\x29\x31\xd1\xd5\x14\xc6\x21\x4f\x9a\xb9\x2a\xbb\x18\x33\x92\x61\x83\xac\x52\xfb\xa2\xa4\x55\x1e\x20\xe4\xc0\xac\x95\x9a\x49\xdd\xb1\x67\xa3\x81\xe0\x24\x1d\x40\xc0\x86\xe9\x0e\x52\xac\xa0\x17\x25\x89\x75\xdb\xab\x2b\xa4\x51\xee\x53\x9a\x71\x8f\x07\x6a\x58\x70\x9c\x66\x97\x41\x8d\x9c\x6f\x13\xe4\xd3\x91\x36\x8b\xf0\xe8\xbd\x8f\x29\x32\xdd\x95\xce\xaf\x7a\xac\xa1\x24\x11\x47\xd3\x41\xa3\xac\xd0\x8d\xc3\x29\x05\x48\x35\x72\xb8\x9a\x80\xcc\x47\x23\x14\x68\xab\x8d\xe3\x59\xdd\x52\x5a\x62\x57\xcf\x19\x6c\x2e\xcb\x82\xfa\x8a\x78\xaa\x3a\x85\x1c\x7c\x96\xca\x25\xbf\x7c\xa3\xdc\xf3\xca\x21\x45\x3d\x0d\xfd\x33\x23\xd5\xa4\x22\xde\xc8\x43\x16\x10\x2f\x68\x4c\x35\x9f\x22\x6b\xb5\x37\x79\xc0\xb9\x95\x09\x39\x28\x1e\xf7\x9a\x58\xc0\x11\x99\x3e\xac\xe0\x85\x49\x7a\xfa\x4d\xaf\x64\xc9\x68\x7b\x0a\x11\xaa\x11\x6c\xfa\x7b\x03\x93\x62\x41\xa5\x56\x7b\x64\x6e\x7e\x42\xe9\xfb\x59\x24\x05\xb8\xfa\x3c\x0a\x82\x1f\xc3\x12\x1b\x45\xb1\x75\x3c\xec\x9a\x83\x94\x7d\x21\x1a\x45\x49\x9b\xd6\x37\x90\xb8\x7f\x01\x47\x2f\xe5\x66\xd8\x76\x96\xef\xed\xbb\x74\xed\x00\x04\x8c\x38\x4b\xa7\xf0\x27\xb3\xaa\x42\x98\xdc\x41\x10\x34\x9f\xed\xf5\x2a\x96\xcd\x05\xd0\x8b\xd6\x35\x77\x1e\xd4\x51\x07\x38\xd8\xf0\x7a\x60\x21\x24\x4d\x19\x03\x57\x9a\x3e\xa7\x39"},
+{{0xc8,0x59,0x13,0xa6,0x87,0x78,0x77,0x13,0x10,0x01,0x62,0x3c,0xcd,0xa9,0xcd,0xc1,0x2b,0x9d,0x40,0x43,0xb8,0xa8,0x37,0x93,0xc4,0x46,0x96,0x63,0x2c,0xd6,0x42,0x1c,},{0x9c,0xc6,0x7c,0x69,0x48,0xf7,0xbf,0x6e,0x55,0x6d,0x08,0x49,0xd3,0xb8,0xd2,0x03,0x45,0x7a,0x7b,0x61,0x54,0x9b,0x36,0x68,0x1d,0x75,0x4f,0x1d,0xc0,0x84,0x1e,0x96,},{0x01,0xfc,0xcf,0xdb,0x1f,0xb6,0x88,0x8b,0x03,0x10,0xa9,0x13,0x17,0x0f,0x7e,0x36,0x68,0x16,0xda,0xeb,0xe7,0x65,0x0d,0x72,0x51,0x3d,0x95,0x06,0xe6,0x6f,0x7d,0x62,0x20,0x8a,0x49,0xec,0xe0,0xaf,0x18,0x71,0x49,0x7f,0x45,0x41,0xef,0x60,0x5b,0xde,0x71,0x1c,0x9e,0x0a,0x12,0x05,0xef,0x48,0xf2,0x6c,0x03,0xdc,0x1a,0xd4,0xaf,0x03,},"\x91\xb5\x00\x9e\x83\xd0\xf6\x10\x33\x99\xc2\xd3\xfe\xec\x00\x84\x97\x3a\x30\x5b\xf4\x17\x6e\xc7\x82\x53\x75\x60\x47\x2d\xb1\x87\xa1\x1b\x4d\xcb\x4b\x2f\xfb\x7f\x06\x44\xfe\xb3\x94\xb2\x8e\x5b\xfe\x97\x24\x7c\x4a\x4a\x23\x1c\xf6\xe9\x16\xbf\x99\x34\x4c\xcd\xa8\x8a\x7f\x5d\x83\x1d\x6d\xe3\xd5\x63\xdd\x10\x2e\xae\xb1\x08\xc5\xbd\xce\x44\xe0\x63\x2d\x17\xe6\xfa\x55\xb1\x80\x67\xdf\x2f\xa8\xd2\x00\xa9\x86\x9f\x6a\xff\x92\x0c\x51\xd4\x6a\x1c\xed\x2d\x90\x3b\x1d\x9b\x6b\x07\x5f\xac\xbf\x91\xcd\x05\xeb\x41\xad\x81\x1a\x8e\xf4\x0d\x91\x18\x26\x10\x12\xc7\x2b\x89\x79\xf1\x51\x53\xdb\xb8\x56\x12\x93\xda\x9f\x8b\x77\xc8\xff\x14\xf7\x53\x87\x53\x6f\x00\x36\xd1\x71\x3a\x72\xce\x8c\x35\xb1\x06\x2f\x2c\x67\x32\xae\xbf\x32\x93\x67\x99\xb5\x1c\x2c\xbc\xd6\x57\x24\x13\xe7\xdf\xaa\xb8\x64\x1a\x02\xc1\x50\x23\x73\x81\xcf\x7a\x14\xe2\x2c\x74\xc6\xc2\x00\x09\xde\x7d\x3b\x7e\x69\xcd\x1b\x45\x84\xac\x2c\x01\xba\xba\xf9\x73\xc5\x6b\x38\x14\xbb\x00\x89\x72\x0e\x41\x96\x81\x06\xcf\x26\x50\x9d\x4a\xa5\x46\xfc\xad\x55\x34\xaf\x30\x3f\xfc\xa4\x2b\x16\xae\x6c\x93\xee\x06\xbc\x3c\xac\xe1\x2e\x4e\xc7\x18\x84\x4b\xd3\x0d\x22\x24\xcc\x48\x6d\x10\x6d\x1c\x45\x6b\xfa\x16\x5e\xa0\x12\x0f\xab\x3d\xf2\xc5\xab\x3a\x52\x3b\xbf\xa7\x89\xde\xed\x44\x03\x2a\xb0\xbe\x86\xeb\x7c\xc0\x9c\xdb\x7c\x07\xaa\x94\x8d\xd5\x27\x7c\x3d\xf1\xd9\xd1\x84\x35\x67\xde\xc8\x4f\x92\x88\xe0\x85\xb0\x5a\xe4\xb8\xaf\x2c\xea\x5d\x9a\x18\x4d\x50\xbe\xf8\x55\x50\xc8\x36\x61\x3d\x5d\x3a\xf5\xf9\xc2\x92\x8e\x6a\x89\x66\x0f\xa6\x27\x19\xeb\xff\x77\x3e\x46\xb7\x7e\x34\xbc\x04\x70\xda\x4d\x2c\xdb\xc7\x07\x1d\xa7\x58\xc4\xd3\x9f\xe6\x52\x01\xc8\x8a\xaa\x8e\x66\x03\xd0\xbb\xe7\xc3\xe9\xb2\xd9\xe4\x1b\x63\x46\x82\x09\x2f\x14\x73\x41\xad\x6d\x66\x7f\x20\xc6\x4e\x81\xa6\x8d\x62\x94\x67\xa5\x4d\xd8\x6e\x1c\xe1\x2c\x56\x0a\x6f\x9b\x64\x51\x2d\x6f\x38\x86\xcb\xb9\xf3\x7c\x37\xeb\x39\x85\xc8\xac\x38\xdd\x66\x82\xf4\x8f\xe1"},
+{{0xfa,0x1e,0x11,0xdc,0x83,0x64,0x20,0x8d,0x8e,0x1c,0xb6,0x6a,0x36,0x1b,0xe7,0xe8,0x4c,0x5e,0x36,0x81,0x66,0x58,0x7d,0x4f,0xdb,0x06,0xac,0xed,0x7f,0x62,0xe1,0x7c,},{0x4d,0x8e,0x6f,0x4b,0x34,0x15,0xdf,0x6c,0xed,0xab,0xfb,0x29,0x5c,0x19,0x84,0xfd,0x41,0x99,0x23,0xc6,0xac,0x41,0x76,0x4e,0x32,0xd2,0x2d,0xaf,0x37,0x2c,0x50,0xfc,},{0xe8,0x57,0xdb,0x08,0x7e,0x28,0xd6,0x75,0x0b,0xf5,0x4e,0x53,0x79,0x72,0x51,0xd8,0x43,0x99,0x89,0x57,0x6c,0x12,0xda,0x2d,0x9c,0x81,0x1a,0x14,0x87,0x7c,0x3b,0xd4,0x6c,0x4e,0xfa,0xb8,0x61,0xa1,0x0e,0xeb,0xe7,0xda,0x04,0xc0,0xb0,0xb4,0x45,0xc7,0xa3,0x90,0xa5,0x0c,0x13,0xde,0x36,0xf3,0xa3,0xc7,0xae,0x01,0x57,0x02,0x2c,0x0e,},"\x29\x4e\x63\xba\xcc\xcb\x80\x1b\xbf\x04\xc1\xf1\x9d\x0a\xee\x16\xf5\x65\x0a\x6e\x8e\xea\x6f\xe4\x11\x10\x66\x3e\xc0\x15\x32\xbd\x49\x60\xa5\x27\xf1\x5e\xca\x4a\xf2\xf4\xe6\xb7\xb0\xfc\x34\x0c\xf9\x7a\xa2\x34\xe9\x2c\xf7\xd6\x9d\x50\xe4\x00\x9c\x24\x96\xe3\xed\x4d\x9a\xff\x00\x0f\x9e\x18\x52\x75\xb8\x17\xd2\x6a\x0b\xab\x69\xb7\xf7\xee\x1e\xa3\x0d\xae\xc8\xbc\xee\x38\x7a\xe4\x6b\x4b\x29\x9c\x27\xbd\xc0\x6e\xea\x63\xf2\x4d\xbe\xe9\x55\xa6\xc0\x96\x90\x37\xee\xf9\x1c\x34\x32\x1e\x3c\x5c\x97\x2f\xde\x99\x31\x83\xb7\xd2\x3f\x6e\x01\x9c\x3e\x0c\xac\x75\x89\xae\x4a\x15\x21\xaf\x87\xea\x42\xdf\x8c\x22\xc2\x27\x0e\xc2\x3d\x6d\x14\x0f\x9c\xf6\xd4\xd5\x2f\xac\x1b\x9d\x6c\x89\x39\xef\x81\x31\xcb\x62\xa0\x35\xc5\x26\x15\x38\xbc\xdf\xd6\xdb\x41\x9a\x55\xef\x9f\xe5\xd7\xa5\xac\x44\x57\x9d\xe7\x00\x85\x8d\x74\xa3\x43\x48\x44\xf2\x83\x42\xc5\x65\x89\x27\x22\xe2\x7f\x40\x7d\x7f\x17\xb7\x4a\x59\x34\xbe\x91\x5b\x20\xc2\x40\x06\x43\x23\x5f\x8a\xb5\x79\x5f\x32\x4e\x33\xc5\x06\x44\xa0\x40\x33\x54\x2c\xb3\x81\x6d\x77\x0f\xa8\x99\xe7\x31\x1c\x14\x30\x1c\x1b\xd0\xf5\xaa\x60\xa2\xeb\x31\x65\x68\x0c\x72\x0e\x1e\xfa\x80\x96\xfc\x25\xd2\x77\x92\x75\xf1\x84\x2b\x2d\xb5\x3b\x4d\xa0\xad\x3e\x59\xc0\x75\x40\xc2\x84\x60\xce\xc1\xfd\xd3\xcd\xb7\xa3\x47\x8b\x91\xa9\xca\xf9\xac\x89\x1c\xdf\x3a\xea\xee\xca\x9a\x96\x56\xac\x13\x07\x25\x99\x22\xfc\xa7\x4c\x5c\xc6\x9f\x7e\x25\xc6\xbf\x58\x79\x73\xa4\xb7\xd3\xe3\xac\x06\x35\xb0\xdb\x22\xa0\x09\x3a\x79\x07\x68\x81\xc7\x17\x36\xee\x1d\x4d\x45\xf8\xed\x2d\x29\xa0\x67\x1a\x64\xe6\xca\x2f\x7a\x5e\xf4\x04\xb1\xed\xeb\x84\x20\x34\xf5\x71\xb6\x99\xbc\x59\xe5\xa3\x7d\xf0\x20\x54\xe8\x48\x2b\xf1\xe7\xb7\x7d\x8e\x83\x97\xda\x15\xd8\x9d\x73\x55\xa5\xdc\xe8\x6b\x16\x83\xa9\xac\x4e\x40\x6c\x08\xa9\x4a\x6e\xb0\x0e\x5a\xe1\x6d\x96\x72\x29\x72\xe5\xc5\x0c\x7b\xee\x4a\x84\xd0\x69\x7b\xbe\x67\xce\xb7\xef\x29\x5f\x06\xaa\xea\x5a\xbb\xa4\x44\x66\xbe\x0f\x67"},
+{{0x24,0xa9,0x14,0xce,0xb4,0x99,0xe3,0x75,0xe5,0xc6,0x67,0x77,0xc1,0xed,0x20,0x43,0xbe,0x56,0x54,0x9d,0x5e,0x50,0x2a,0x84,0x47,0x10,0x36,0x40,0x42,0xba,0x9a,0xcb,},{0x20,0xd2,0x1e,0xe7,0x64,0xb1,0xf3,0x5f,0x94,0x56,0x82,0x00,0xd6,0x3b,0xd5,0x82,0x8a,0xca,0x8c,0x5d,0x3e,0x90,0x47,0xd2,0x3f,0x47,0x8b,0x92,0x52,0x95,0xfa,0x2e,},{0x3a,0xe0,0xcc,0x7b,0xca,0x8d,0x73,0xbe,0x83,0xa9,0xb8,0x09,0xb1,0x33,0x38,0xc1,0x27,0x06,0xaa,0xef,0x75,0xc4,0xd1,0xa4,0x78,0x17,0x8f,0x9d,0xc5,0x65,0x51,0x4c,0x75,0x29,0xe2,0x98,0x04,0x3e,0xa7,0x8d,0x21,0xa5,0xa0,0x9d,0xd0,0x4f,0x10,0xae,0x87,0x44,0x1e,0x56,0x86,0xa9,0x33,0xc9,0x2c,0x75,0x54,0x84,0x27,0xad,0x3a,0x03,},"\x3f\xf9\xf6\x6f\xa2\x64\x6e\xc6\x6a\x1b\xf9\x33\xc2\xb4\xcc\x0f\xbf\x91\x2b\x4d\x6d\xb5\x05\x34\x25\x7f\x97\xd0\x1e\x69\x8d\x05\x48\x57\x47\xde\x25\x44\xe9\xf5\xa4\xa4\xa0\x75\x38\x8c\xf4\x40\x0a\xb8\x9b\x03\x53\xce\x86\x19\x82\x02\xdb\x3a\x90\x37\x67\xb8\x79\xa2\xaf\x9d\xaa\x15\x58\x43\x11\x1a\xf1\x5a\x2b\xc3\x5e\xfe\x41\xbc\xc9\x2c\x82\x07\xe0\x01\x13\xb0\x4f\x13\x03\x00\x79\x49\xff\xb6\xce\x8d\xf4\xb0\xb3\x42\x48\xfe\xdf\x5d\x9c\xb2\xce\xe9\x4b\x81\x2e\xd5\x8e\xce\x2a\x0c\xe0\x45\x4c\xf1\x4c\x20\xe4\x9e\x09\xfe\x66\x4d\x6e\x25\x76\x2e\x87\x89\x59\x32\xcd\x5c\xd3\x2e\xb6\xa3\xab\xb3\x8e\xe1\x63\x07\x8c\x13\x3e\x93\x58\x87\x91\xdb\xf6\xaf\x49\x9a\x31\xea\x44\x53\xbb\xcc\x7a\x85\xe4\x06\xc9\x84\x8a\x66\x40\x52\xf1\x11\x13\xfb\xb4\xff\xa7\x60\xde\xe4\xc2\x61\xe3\x96\x94\x24\x91\x11\x9d\xa2\x9a\x33\x58\x2f\x82\x1d\x41\x25\xe0\xb4\x16\x2f\x28\xbe\xb0\x66\x03\x1a\x65\x2d\x05\x74\x9a\xa7\x24\x4d\xd4\xf3\xd3\xbb\x15\xd2\x68\x32\x8d\x6a\x02\xfc\xe2\x50\x18\x15\x25\x7f\x8a\xd5\xaf\x4e\xcb\xe7\xcb\x8a\xe9\x66\x1e\x34\x4f\x90\x72\x31\x87\x91\xf3\xe8\x59\x09\x11\x21\xe0\x8a\xef\xca\x89\x82\xea\xaf\x66\x25\x9d\x9d\xe4\xf4\x6a\x31\xe7\x16\xdc\x03\x3d\x0f\x95\xd1\xfa\x93\x6b\x6c\x60\x79\xb1\x37\xdd\x11\x58\xd1\xde\xf1\x13\x01\x8c\x73\xf8\xeb\xb9\x80\x7e\x0f\x74\x15\x40\x4e\xa9\xc7\x85\x44\xac\xe7\xce\x46\x3c\xd1\xd1\xc5\x7e\x31\xf4\x09\x1b\xc0\x91\x80\x4c\xbc\xdd\xad\x0e\x15\xa4\x0c\xa9\x1a\xcb\xe1\xc6\x22\x4e\xd1\x3c\xaf\xb4\xdf\x2c\x84\xac\x9f\x0c\x3c\x9b\x54\x60\x07\xd9\xdd\x6e\x52\x4c\x46\x70\x72\x56\x3d\x4a\xc0\xd7\x00\xcc\x1b\xf3\x0f\xeb\xb3\x34\x31\x3d\xae\x57\x61\x74\x5e\xc0\xa5\xe9\xe8\x81\x50\x25\x95\x8f\x00\xfa\x2e\x58\x06\x0d\x7e\x9a\x5f\x2b\x72\x7f\x48\x69\x9f\x92\x9c\x84\x59\x93\x08\x92\x57\x3f\x78\x4f\xef\x56\x92\x51\x8b\x5c\xa2\x68\xe2\xa7\x3e\xbe\xad\x6e\xbd\xeb\x7e\xc2\x4e\xac\x92\xaa\x7d\xcb\x41\xb5\x98\xbd\x6e\xff\x36\x32\xd0\x69\x72\x62\x91"},
+{{0x55,0x32,0xe0,0x9b,0x93,0x7f,0xfd,0x3d,0x5f,0x4c,0x1d,0x9f,0x1f,0xfc,0xde,0xd2,0x6e,0xe7,0x4d,0x4d,0xa0,0x75,0x26,0x48,0x44,0x69,0x0b,0xd9,0xc8,0x61,0x39,0x94,},{0x50,0x93,0x96,0x9f,0x37,0x7b,0xec,0x3e,0x35,0xf5,0x9e,0xfd,0xa0,0x1a,0xb4,0x18,0x6c,0x5d,0x2a,0x36,0x74,0x0c,0xf0,0x22,0x67,0x5e,0x01,0x09,0x6b,0x1a,0x3f,0x0a,},{0xd5,0x27,0xff,0x0d,0x4a,0x21,0x9d,0x61,0xf4,0x18,0x12,0x12,0x06,0xa5,0x4a,0xe4,0x98,0x58,0x54,0xa3,0x10,0x48,0x27,0x44,0x48,0x6e,0x4d,0x13,0x0a,0x7d,0xe9,0x7c,0x31,0x9d,0xf8,0x37,0x2c,0x82,0x82,0x8c,0x93,0x6e,0x6a,0x8a,0xfd,0x9c,0x5d,0xe1,0x82,0x85,0x73,0xd8,0x26,0x1a,0xe9,0x36,0x5b,0x8f,0x23,0x76,0x76,0x18,0x24,0x02,},"\xad\xd4\xd7\xa9\xce\x3f\x63\xd1\xf9\x46\xe8\x67\x90\x65\x54\x5d\x8c\x7b\xf0\xa2\xcc\x3a\x4c\x00\xb8\xf1\x42\xf0\x94\x5a\xe3\x62\xc4\xc9\x46\x2a\x75\x76\xa4\x05\x9d\x57\x86\x16\x62\x88\x4b\xd8\x0b\x96\xd9\x0d\x27\x9a\x95\x2e\xda\x95\x2d\x37\xd4\xf9\x5c\xf0\xd7\x0d\xa9\x8f\x4f\xba\xca\x39\xe1\x69\xf9\xd9\x45\xd4\x1f\x87\x23\x97\xbb\xdd\x57\x01\x45\x43\x03\xd7\x7d\x31\xe8\x63\x48\x27\x1d\xa4\x0a\x1b\x8f\x1e\x57\xc3\x6f\xcd\x80\x3e\x14\xfa\x17\x71\x6c\x56\x31\xef\xa0\x1d\x3a\x79\x5d\xc2\x0b\x2b\xde\x36\xab\x73\xff\x6a\x2d\x53\x3b\xc1\x5c\xce\x22\x32\x87\x13\xc3\xc9\xcc\xd0\x72\xc3\xe4\x50\xd7\xf2\x2c\x0c\x9f\x94\x91\x97\x52\xcb\xfe\x45\xee\x65\x5d\x1b\x53\x67\x65\x93\xcd\xb4\x48\x70\x41\x02\x63\x1c\xaa\xa9\x76\x95\x2e\xaa\x1f\x6c\x2e\x87\x65\x64\xe4\x20\xf0\xc6\x46\xa0\xf8\x83\x65\xf7\x64\x15\xb4\x08\x5f\x60\xa3\x38\xb2\x9c\x51\x63\x3e\x54\x0f\x0b\xf3\x2d\x40\x87\xe7\xd0\xfb\x68\x5b\xe8\x8c\x75\x95\xdc\x53\x1c\x99\xb4\x89\x58\x45\x60\xad\x82\x34\xb1\x8e\x39\xa1\x07\xcf\x5d\x84\x2d\xab\xd4\x21\xe7\x7d\x26\xea\x5e\x0f\x14\x05\xce\x35\xfe\x79\x27\x14\xeb\x4e\xe1\xa8\x01\x76\x48\xac\x1a\xe7\x39\xa3\x3d\x7b\x1e\x08\x91\x05\xd1\xe5\xad\xd2\x7a\x62\xce\x64\x15\x45\x70\x34\x0a\xf9\xeb\x14\xe7\xfd\xfc\x2f\x9a\x2c\x2f\xcf\xcd\xac\x3c\xc4\x22\x77\x63\xf4\xd6\x29\x49\x74\x79\xf8\x49\x21\x6e\x5d\x90\xec\x16\xdf\xa3\x6b\x72\x51\x7f\x7b\x54\x86\xba\xee\x7f\xda\x44\x50\xc3\x52\xcf\xfb\xba\xe7\x39\x26\xc8\x43\x22\x4f\x8c\xe4\x4b\x38\xda\xe5\x3f\x3e\xad\x21\x89\x0b\x52\xa7\x80\x10\x75\x29\x16\x84\xfd\x59\x10\xed\x86\xad\x33\xe8\xa0\x07\xf6\xc3\xf8\x5c\x16\xb2\x09\x29\x37\x40\x18\x4f\x58\x90\x87\x4d\x43\x1c\xd4\xe0\xea\x40\x87\xc4\x9c\x34\x71\xd7\x89\xc8\x13\xc6\xdc\x9a\x78\x69\x93\x63\xa1\xd8\x71\x97\xd3\xb9\x2c\x02\x86\x68\x93\x11\x82\x3f\x4d\xf2\x2c\xe8\x03\x5e\x75\x73\x2c\xde\xa7\xf5\x62\x1f\x67\xdb\x0e\x2a\x4c\xa6\x61\x61\x93\x22\x1c\x0a\xa3\xd6\xde\x50\xd8\x52\x82\xee"},
+{{0xeb,0x36,0x51,0x10,0x09,0xd3,0x7a,0x9c,0x46,0xc4,0xd1,0x37,0x4d,0x0b,0xbd,0x0d,0x99,0x81,0xe7,0x8c,0xee,0x7d,0x18,0x8c,0x5a,0xab,0x98,0x3e,0xc2,0x39,0xe1,0x0c,},{0xb1,0xcc,0x21,0x2b,0x45,0x21,0xbb,0xe7,0xb1,0x9a,0x76,0x93,0x87,0x8a,0x55,0x84,0x40,0xee,0xc3,0x62,0x05,0xd8,0x43,0x9d,0x04,0x0a,0x46,0xa9,0x90,0x2f,0xbf,0x55,},{0x9f,0x58,0x37,0x24,0xde,0x55,0x2e,0xae,0x82,0xf2,0x54,0xac,0x6e,0x2e,0xd4,0x83,0xec,0x1a,0x07,0x34,0x62,0x66,0x73,0x5c,0x49,0x09,0x20,0x69,0x0c,0x1e,0x3f,0xb2,0xa9,0xe9,0xa3,0x41,0x94,0xed,0x64,0x73,0x73,0x3b,0x30,0x0d,0x4f,0x23,0xc9,0xae,0xc0,0xda,0x5a,0x20,0x22,0x05,0x4c,0xa4,0x38,0x85,0xa1,0x5a,0x29,0x84,0x32,0x0e,},"\xba\x24\x66\xe5\x6c\x1d\xf7\x7f\x22\xb6\xf0\x24\x1f\xc7\x95\x2a\xe9\xbc\x24\x75\x64\x19\xa9\x44\x6d\xd2\xb4\x9e\x2c\xb9\xdf\x59\x4e\x5b\x6c\x77\xa9\x5a\xa5\xfb\xd9\xdc\x57\xfe\xc8\x39\x62\xc7\x75\x1e\xeb\xb4\xba\x21\x82\x53\xf9\x16\xa9\x22\xa5\x13\x96\x63\xe3\x20\x3e\x3b\xe4\x82\xbe\x37\x9c\xa1\x51\xc4\x63\xd9\xad\xa2\x14\x46\x13\x5f\x35\x69\x94\xfa\x54\x49\xf0\x84\x47\x8f\x5b\xb4\xf5\xba\x61\x45\xc5\x15\x8e\xb7\xb1\xc4\x3c\x32\xeb\xea\x25\xe0\x9c\x90\x0f\x01\xef\x91\xe9\x2f\x88\xc0\x3c\x76\x50\x4a\xce\x96\x46\x01\x6f\xfc\x27\x89\x55\x9d\x0f\x3c\xc9\xd0\x0f\xb6\x1b\xdc\x6a\xf7\xd3\x94\x0f\x30\x2e\x58\x8e\x04\xf7\x9f\x7b\x3d\x4b\x91\xa5\xd1\x93\xa4\xf8\x22\x2b\xfe\xb6\x9b\xf0\x34\x7d\x98\xad\x81\xef\x99\xd1\x30\xeb\xc7\xb3\x6b\x07\x83\x39\x4e\xea\x92\xa3\x8d\xdd\x5e\x74\x80\xd2\xad\xd4\xe4\xde\xf5\x3e\xb9\x9c\x44\x9b\xff\x94\xe4\x71\x8b\x09\xf2\xea\x9b\x1f\x2b\x88\x65\x94\xa9\x5c\x33\xa6\x9e\x03\x33\x15\x4e\x44\x0a\xb3\x4b\x7b\x6c\x11\x34\xd8\x17\x9b\x6f\x0c\x56\x25\x1a\x9a\xd8\xe1\xb6\xb0\xf9\xb8\xa5\xc9\x70\x81\xa7\xf8\xfd\x05\xd0\xb0\xaf\xfc\x82\xdb\xdd\xc8\xb0\xc0\xab\x7e\x83\x3f\x30\x06\x26\xd4\xb9\x73\xb3\xf6\x0f\xea\xc5\x55\x71\xe8\x9c\xda\x0f\x2b\x44\x1e\xd2\xfa\xa6\x69\xa7\x0d\x55\x6c\xb4\x8f\x9b\x1d\x1c\xbc\xe3\x2e\xde\x5d\x16\x6b\x11\x43\xe2\x64\xb1\x1e\xa3\x27\x68\x1c\xb5\x59\xed\xd1\x3c\x36\x4b\xd2\xba\xf1\xfd\x54\xbb\x78\x18\x07\xbd\x59\xc8\x68\xb0\xe4\x79\x5a\x77\x9e\x67\xf0\xbd\x0d\x14\xb5\xa6\xb9\xe4\x40\xb5\x7a\x58\x23\x32\x8b\x59\xaf\xfb\xd0\x27\xed\xa7\xdd\x78\x50\x79\xc5\xf0\x2b\x5e\x32\x89\x0b\x03\x87\x30\x98\x6a\x39\xa5\xa9\x83\x4a\x3f\xed\x86\x8b\x6f\x45\xcb\xdd\x28\xac\xb2\x70\x9a\xff\x55\x62\x63\x86\x4f\x9a\xe1\xe7\x57\xb3\x27\x8c\x28\x8d\xbe\x29\x32\x82\x57\x12\x77\x3e\x43\x1f\x7c\x29\x32\x98\x57\xfd\xae\xa7\x98\xed\x93\x92\x08\x93\x63\x14\x02\xe6\xb1\x3b\xab\x62\xb4\x85\x54\x61\xed\xb9\x46\x20\xf2\xd1\x75\x18\x65\xf4\x45\xc4\x66"},
+{{0x7d,0xbc,0x81,0x90,0x2e,0x4e,0xaa,0xb3,0x07,0x75,0x40,0xf5,0x59,0x99,0x5c,0x38,0x74,0x03,0xca,0xc3,0x06,0xd4,0x86,0xe9,0x59,0xc5,0xeb,0x59,0xe4,0x31,0xc0,0xa8,},{0xe0,0x30,0x66,0x13,0x90,0x82,0xf6,0x13,0x44,0x8b,0xdb,0xc2,0x7f,0xe5,0x3a,0xa3,0xf8,0x89,0x94,0xc3,0x1d,0xdc,0xe0,0x02,0xe3,0x6b,0xbb,0x29,0x63,0xdf,0x3e,0xc8,},{0x5b,0x7f,0x65,0x2f,0x08,0xf2,0x29,0xfd,0xa1,0xb0,0xbd,0x75,0x93,0x77,0xb3,0xfb,0x72,0x6c,0x1b,0x9c,0x9a,0x10,0xef,0x63,0x42,0x6d,0x35,0x2d,0xd0,0x86,0x9b,0xd5,0x4d,0x87,0x6c,0x30,0x92,0xf1,0xcd,0x41,0x1c,0x37,0x57,0xd3,0xc6,0xb6,0xea,0x94,0x2a,0xa7,0x0c,0x3a,0xae,0xb4,0x21,0x7a,0x4c,0x73,0x64,0xd1,0x8e,0x76,0xe5,0x0f,},"\xdf\xf7\x98\xb1\x55\x7b\x17\x08\x5a\x06\x34\x37\x1d\xed\x5d\xdf\x7a\x5a\xcb\x99\x6e\xf9\x03\x54\x75\xe6\x82\x63\x36\xf6\x4a\xd8\xb8\x4b\x88\x2e\x30\xba\xde\xc2\xb4\xa7\x11\x99\x87\x52\xf4\xa1\x57\x4b\xc1\xf8\x9d\x43\x25\xcf\x2b\x39\x86\x10\x44\xdd\x03\x69\x1e\x71\xd0\x77\x68\xb5\x93\x3a\x30\x52\xcc\x7c\x81\xd5\x71\xa9\xde\x06\x1d\xc1\x90\x26\xc2\xf1\xe7\x01\xf2\xdc\xf2\x6a\x88\xd3\x40\x1b\xc9\x9f\xb8\x15\x59\xdc\xa7\x6d\x8a\x31\xa9\x20\x44\xa2\x73\x58\x7d\x62\x2a\x08\xd1\xcc\xe6\x1c\x8f\x94\x8a\x34\xde\xd1\xac\xb3\x18\x88\x1c\x9b\x49\xf6\xf3\x7c\x30\xa6\x5d\x49\x5b\x02\xd5\x42\x9e\x7a\xb4\x04\x0d\x8b\xeb\xeb\x78\x79\x4f\xf7\x36\xd1\x51\x10\x31\xa6\xd6\x7a\x22\xcd\xf3\x41\xb9\x80\x81\x1c\x9d\x77\x5f\xb1\x9c\x64\x78\xf0\x5e\xd9\x84\x30\x10\x3e\xa2\x4c\x0f\x41\x4d\x4c\xc0\x7d\x86\x0b\x72\xdc\x54\x2f\xf2\x2d\x83\x84\x5a\x42\xf8\xba\x45\xca\x7f\xf3\xaa\xb0\xb1\xe7\xde\x2b\x10\x94\xde\xac\x08\xd1\x6e\xee\x01\x96\x9f\x91\xbc\x16\xfe\xc2\x9c\xcc\x06\x1c\x54\xdb\x53\x45\xba\x64\x84\x2d\xac\xc9\x9e\xe7\x72\x94\x68\xd8\x0a\x3f\x09\x55\x83\xd8\xe8\x01\x24\x08\x51\x9d\x58\x2c\xc3\xff\x9a\x2e\xb7\xae\xba\xa2\x2d\xb8\x1f\xfc\x78\xee\x90\xef\x4e\xc5\x89\xdc\xce\x87\x11\x8d\xab\x31\xa6\x32\x8e\x40\x9a\xd5\x05\x9a\x51\x32\xc8\x2d\xf3\xce\xfe\x2e\x40\x14\xe4\x76\xf0\x4c\x3a\x70\x18\xe4\x52\x67\xec\x50\x18\xec\xd7\xbf\xf1\xdd\xa9\x26\x7e\x90\x66\x6b\x6b\x14\x17\xe8\x9d\xda\xcb\x50\x85\x94\x3b\xef\xc7\xad\x2f\x4d\xf5\xf1\xee\x0a\xf9\x43\x1a\xee\xb6\xb2\x4a\x55\x15\xb9\x3d\xbc\xf6\x86\x40\xf7\xda\xf8\xc9\x61\xe5\x67\xd7\x53\x49\x00\x20\x5c\x3d\xf2\x18\x4b\x6a\xc2\xda\x96\x1c\x4c\x1d\x2b\xc4\x9b\x4e\xa9\x6b\x81\x54\xff\xd4\xef\xff\xdc\x5e\x55\xa7\x11\x9c\xb8\xaf\x42\x9e\x85\x10\x5d\xff\xd4\x1f\xe4\xa2\xeb\xba\x48\x16\x8a\xa0\x5f\xa7\xdf\x27\xc4\x29\x87\x35\xff\x86\x8f\x14\x96\xbe\xb4\xb2\xed\x0b\x89\x80\xc7\x5f\xfd\x93\x9d\xdd\x1a\x17\xe4\x4a\x44\xfe\x3b\x02\x79\x53\x39\xb0\x8c\x8d"},
+{{0x91,0xb0,0x95,0xc8,0xa9,0x99,0xe0,0x3f,0x3e,0xd7,0x49,0xcd,0x9f,0x2f,0xaa,0xcc,0x00,0x76,0xc3,0xb4,0x77,0xa8,0x7a,0xb5,0xcc,0xd6,0x63,0x17,0x38,0x76,0x74,0x46,},{0xda,0xd1,0x74,0xd3,0x59,0xda,0xec,0xca,0x9c,0x6b,0x38,0x9b,0xa0,0x96,0x45,0x2a,0xb5,0xca,0x91,0xe6,0x38,0x3c,0x6d,0x04,0x2a,0x28,0x4e,0xce,0x16,0xba,0x97,0xb6,},{0x64,0xee,0x9e,0xfd,0xb0,0xc2,0x60,0x1a,0x83,0x5f,0x41,0x85,0x20,0x64,0x1e,0x43,0x6c,0x7d,0xd4,0x7c,0x33,0x3d,0x9f,0xc3,0x0c,0xfb,0xb9,0xe3,0x90,0xfe,0x76,0x45,0x30,0x65,0x47,0x08,0xb4,0x0b,0x03,0x58,0x18,0x99,0xa9,0xac,0x87,0x0e,0xfd,0x76,0x6f,0xfb,0xb4,0x63,0x71,0x52,0xf8,0xff,0x27,0x79,0x64,0xfe,0x35,0x42,0x52,0x09,},"\x9b\x0d\x8b\x00\x29\x98\x52\xd6\x8b\xbf\x49\x7f\xe6\x03\x96\x1a\x48\x54\x66\xa9\x9a\x54\x84\x00\x5d\xb7\x3d\x4e\x4b\xad\x81\x4e\x85\x74\xef\xd5\x4d\x64\x8b\xd5\xc9\x1a\xe8\x48\x3c\x54\xb2\xf9\x98\xb0\x2e\x1a\xbd\x6f\x40\x1a\x25\x52\x68\x43\xa5\xf2\xa2\x3a\x97\xbd\x58\x9d\x1f\x7e\x1a\xb1\x49\x15\xb1\xe3\x59\xa3\x96\xd3\x52\xc3\x60\xae\x65\x84\x32\x5a\xe4\xbb\x7d\x62\x4f\x61\x25\x5c\x5c\x7b\xf0\xa6\x7a\xca\xb4\x6c\x3b\x57\xb3\x45\x34\xc0\xee\x84\x31\xd2\x60\x57\x66\x06\xcb\xd8\x4d\x8d\x18\x39\xe7\x3d\xa6\xfe\x4b\x0b\x8b\x78\xf0\xf9\x58\x82\x7c\x2f\x1d\x93\xba\x7a\x34\x6d\xcc\x75\xcb\x56\x3d\xff\xde\x26\xf9\x97\x59\x8e\x8b\x5c\x2f\x16\x17\xc6\xfe\xfc\x9b\xe4\xb2\x8b\x54\x01\xb0\x00\x64\x13\xa2\x51\x69\x0d\x12\x03\xaa\xae\x4f\x6d\x8a\x3f\xb2\x1f\x24\x00\x9a\xb3\xbf\xf1\x37\x37\xa8\xa7\xe6\x64\x6c\x02\x73\x2d\x9e\xc5\xa4\xa5\x10\x46\x9e\x2d\x29\x9e\x4c\xc1\xad\x64\x80\xa4\x82\xaa\x95\x6f\x89\xdd\xcc\xcc\x64\xa1\x36\xfb\x15\xb8\x76\xb6\xec\xd8\x8c\x7c\x86\xa4\xdf\xc6\x0e\x66\x62\x07\xc6\x04\x16\x7d\x16\x34\x40\xca\x9a\xb9\xcf\x87\xa5\xe0\xf7\xbb\xc5\x51\x7d\xe4\xde\xe8\x76\xc0\x37\xf8\xcc\x9d\x95\x9c\x8f\xf5\xdb\xe9\x44\xff\x54\xcd\x91\xa7\x71\xe2\x92\x31\xf8\xb5\xf1\x7d\x61\xde\x90\x4c\x95\x5f\xe2\x02\x5d\xc5\x2e\xd4\x80\xfb\x3c\xc9\x0f\x23\x24\x59\xc6\x07\xef\x7e\x2a\xdb\x52\xc7\x48\x2b\xec\xd6\x7a\xd2\x14\x9a\x41\x28\xf9\x84\x03\x8b\x58\xaa\x90\x17\x67\x82\x39\x36\x04\xaa\xc7\x4c\x18\x20\x9a\x3d\x6a\x78\x63\x0c\x01\x95\x5a\x7c\xec\xe5\xda\x83\x84\xda\x3b\xaf\x63\xaa\x2d\xdf\x59\x63\xfa\xe0\x5b\xa3\xb8\x1c\x6a\x03\xd8\x6a\x00\xef\x78\xed\xb4\x18\x4f\xdc\x89\xb1\xd6\xbf\xeb\x31\x0f\xd1\xb5\xfc\xce\x1e\x21\x95\x24\xa3\xcf\xb2\xe9\x72\x57\x7f\x06\xb1\xdd\xde\xba\x00\x86\x5d\xae\x49\x79\x00\x0c\x00\x8a\xd9\x9f\x3b\x63\x8c\xce\xb8\xe8\xc7\xa0\xf9\x98\xd3\x4d\x92\x14\x3d\x81\xc0\xe1\xc0\x96\xa9\x25\xce\xba\x65\xc4\x30\x03\xee\x18\xd4\x94\xd0\x03\xe9\xc6\x1f\x77\xd6\x57\x59"},
+{{0x8c,0x56,0x8b,0x31,0x0a,0xce,0x7d,0x1f,0x0e,0xde,0xce,0xfd,0x60,0x3a,0x88,0x40,0x00,0x54,0x4c,0x79,0x25,0x65,0xd4,0x81,0xc3,0xd3,0xe0,0x6e,0x2d,0x82,0xca,0x96,},{0x5f,0xa6,0xe2,0x67,0xc7,0x66,0x73,0x68,0x41,0x41,0x10,0x72,0xd1,0x98,0x3d,0x19,0x00,0xac,0xf0,0x1d,0x48,0xc3,0xce,0x11,0x77,0x0b,0x26,0xf7,0x8d,0xa9,0x79,0xf7,},{0xde,0xbd,0xd8,0xe5,0xd3,0x11,0x2f,0xd7,0x7b,0x39,0x4a,0xa0,0xe3,0x6e,0x94,0x26,0xba,0xc9,0x1d,0xf1,0x26,0xfa,0x9c,0x31,0x7c,0xea,0x7c,0x9d,0x45,0x95,0x7c,0xdd,0x96,0xa4,0x5a,0xe3,0xad,0x76,0x04,0x13,0xee,0x12,0x05,0xaf,0xd7,0x1a,0x29,0xf9,0xc3,0xcb,0x58,0x6c,0xd2,0xd7,0xcd,0x1e,0x93,0xbc,0x16,0x52,0xfc,0x34,0xdc,0x04,},"\xb5\x9f\x5f\xe9\xbb\x4e\xcf\xf9\x28\x95\x94\x72\x1f\x26\x47\x04\x7b\x0d\xa5\xe0\xe4\x94\x1b\xbe\x57\xc5\xb7\x22\xb4\x76\x72\x3f\x0a\xc5\x97\x0b\x41\x11\xf8\x93\xbc\xaa\x41\x1f\x28\xfc\xeb\x4f\x58\x5a\x2a\x71\x87\x01\x8a\x90\x4b\x70\xef\x8f\xe1\xf6\x56\x9a\x54\xd0\x0a\xda\x37\xb6\x9c\xb5\xe9\xc9\xd2\x6c\x16\xa9\x03\x51\x81\x48\xe0\x4a\x1b\x93\x6a\x32\x32\x9c\x94\xee\x1a\x8f\xb6\xb5\x91\x89\x2c\x3a\xff\x00\xbf\x6e\x44\xdd\x0a\x76\x2b\xab\xe8\x9d\x70\x60\xc1\x7b\x90\x39\x0d\x23\xbf\x9d\x36\x0a\x29\x3b\x83\x08\x38\x30\x86\x91\x6e\x11\x82\xb1\xba\x43\x36\xf0\x01\xb8\xd2\x0d\xea\xe9\xa0\x29\xf7\xe8\x53\x97\xa9\xae\x5c\xf3\xca\x10\xc7\xf3\x87\x55\x88\xb8\xff\xab\xb0\x63\xc0\x0c\xa2\x6f\x58\x0f\x69\xed\xc5\x27\xa1\xac\xcf\x4f\x41\x39\x7b\x33\x76\x6b\xcf\x6d\x55\xeb\x8d\xe0\x81\xa4\x8c\x98\x1d\x05\xc0\x66\x61\x7b\x80\xd8\xf6\xf5\xe6\x0e\x59\xdd\x9b\x93\x0b\xc4\xd0\x45\x86\x40\x3b\xb8\x68\xdf\x75\x93\x3b\xdd\x86\x23\x0e\x44\x70\x36\xc1\x75\xa1\x0d\xe9\xbb\x39\x95\x3d\xcb\x19\x66\xa1\xf1\x19\x12\x07\x8e\x35\x8f\x48\xc5\xb2\x09\xa6\x36\xc7\xf7\x83\xf4\xd3\x6a\x93\xad\x2c\xc2\xe3\x24\x45\x19\x07\x8e\x99\xde\x1d\x51\x58\xb3\x96\x1e\x0f\xc5\xa4\xf2\x60\xc2\x5f\x45\xf5\xe8\x58\x5e\x60\x1d\xb0\x8b\xa0\x58\xd2\x90\x9a\x1b\xf4\x99\x5f\x48\x13\x46\x0d\x36\x95\x03\xc6\x87\x36\x85\xeb\xcd\x33\x30\xa1\x30\xb7\x5f\x23\x65\xfb\x2a\x5a\x34\xea\x63\xd9\x58\xa2\xa8\x67\xe9\x05\x52\xd2\xce\xc8\xc3\x90\x08\x4b\xe0\xc1\x08\xb0\xfd\x2d\x83\xcb\x92\x84\xdb\x5b\x84\x2c\xbb\x5d\x0c\x3f\x6f\x1e\x26\x03\xc9\xc3\x0c\x0f\x6a\x9b\x11\x8e\x1a\x14\x3a\x15\xe3\x19\xfd\x1b\x60\x71\x52\xb7\xcc\x05\x47\x49\x79\x54\xc1\xf7\x29\x19\x9d\x0b\x23\xe5\x38\x65\x40\x3b\x0a\xd6\x80\xe9\xb4\x53\x69\xa6\xaa\x38\xd6\x68\x5a\xbd\x39\x7f\x07\xfb\xca\x40\x62\x7e\xca\xf8\xd8\xd3\x01\x33\xa6\xd9\xd5\xaf\x00\x91\x92\x75\x1c\x9c\x45\xf7\x7c\x0b\xc0\x11\x26\x88\x00\xbf\x55\x25\x12\x73\x0e\x69\x97\x3c\x5b\xf3\x62\xab\x16\x48\x94\xbf"},
+{{0x3d,0x09,0xaf,0xce,0xe3,0xc4,0x32,0xfd,0xfb,0x6b,0xdc,0xea,0xd5,0x4e,0x3d,0xa5,0xb1,0xb4,0x16,0x5c,0x50,0xd6,0xd3,0x10,0xb7,0xfa,0xd7,0x87,0xb4,0x44,0xd6,0x80,},{0xb0,0xd9,0x02,0x8c,0x4d,0x14,0x87,0xd2,0x93,0xed,0x58,0x5a,0x76,0xbc,0x94,0xff,0xfb,0xaf,0xe2,0xc6,0x5d,0x98,0x0c,0x49,0x4e,0x14,0x1e,0x48,0x10,0xa3,0x5c,0xb9,},{0x89,0x73,0x9f,0xe4,0x41,0xca,0x0c,0xed,0x08,0xa6,0xeb,0x57,0x96,0xe9,0xbd,0xda,0x0e,0x74,0xfb,0x47,0x35,0x28,0xfd,0x49,0x07,0xed,0xb6,0x59,0xaa,0xb4,0x4d,0x33,0x43,0x22,0x90,0x46,0x71,0x63,0x68,0xfa,0xf8,0x8e,0x85,0xc1,0x64,0x4a,0xf6,0x6f,0xf2,0xdc,0xaf,0x0b,0x17,0xac,0x93,0xca,0x13,0x81,0x9f,0x3f,0x24,0x1d,0xd3,0x00,},"\x76\x71\x65\xca\xae\x0e\x57\x8f\x16\x53\x7e\x17\x50\xbe\x7d\xe8\x7a\x78\x9a\x51\xff\x2d\xe1\x18\x38\xf5\x64\xe2\x58\x0b\x23\x91\x36\x2d\x28\x68\xa5\xa4\x70\x8a\xf1\x5d\x2e\x2d\xb7\xb9\xbe\x39\xc1\x6a\xdc\xc1\x20\x0b\x34\xe6\xb4\xd4\x02\x7d\xdf\xfc\x1a\x2a\x35\x95\xe2\x9e\x85\x5e\xc5\x26\x1b\x20\xbd\x55\xc4\x28\xb0\x13\x09\xba\xdb\x59\xe2\xca\x3e\xdb\x96\x7f\xc2\xf4\xba\xc0\x72\x9d\xdf\x54\xfb\x6c\x20\x05\x7b\xdd\xa9\xe7\xaf\x7c\xbf\xc0\x92\xfb\xa8\x65\xfd\x32\x75\xb9\xd3\xbc\xb0\xc3\x46\xb9\x51\xd1\x70\xac\x9a\xa6\x50\xa8\x6d\xf4\x98\x55\xd4\x8a\x1b\x37\xce\x56\xc9\xf2\x73\x89\xf5\xc8\xb1\x5f\x5c\x2c\x90\x0c\x4f\x10\x7c\x06\x4f\x60\x3e\x4f\x86\x7e\xf2\xe9\xc1\x0a\x1b\x74\x21\x0e\x6b\x89\xbb\x01\x17\x93\xaa\x85\xde\xd4\x3b\x51\xb7\x49\xba\x7f\x70\x28\x7b\x6b\xc1\xb8\x94\x34\xdb\x8b\x8c\x8b\x5d\x73\xb2\x14\xb4\x1e\x36\xb5\x28\x00\x5b\xfb\xfe\x00\x2e\x21\xb1\x00\x6f\xb9\xd2\x4b\xab\xd7\x21\x06\xd0\x93\xe3\xc7\x09\x3b\x31\x38\xae\xa7\x19\xd6\x94\x79\x08\x46\x47\x49\x8c\xd6\xc9\xbb\xb7\x44\x50\x9c\xd7\xda\x8d\xd6\x1a\x62\x71\x00\xf0\x3c\x21\xe7\x50\xac\xb3\xfc\xf4\x63\x1d\x7c\x0f\x61\x81\x54\xd2\xe5\xfa\x66\x56\xfb\x76\xf7\x4c\x24\x79\x50\x47\xbb\xce\x45\x79\xeb\x11\x06\x43\xfa\x98\xe1\xf7\x76\xca\x76\xd7\xa2\xb7\xb7\xb8\x67\x81\x73\xc7\x73\xf4\xbe\x7e\x18\x2f\xd2\x4d\xd7\x62\x91\xac\x67\xd9\xf2\x6a\x28\xc5\xe3\xcb\x02\x5c\x68\x13\xa3\x78\xb3\x83\x22\x46\x42\xb4\xae\xfa\xd0\xc7\x6a\x65\x79\x51\x7b\x8f\x36\x07\x97\xdd\x22\x61\x3e\xe6\x82\xb1\x79\x38\x19\x50\xfb\x71\x60\x9a\x5f\xb5\x49\x4d\x2d\x57\xdc\xb0\x0f\x26\xd1\xe7\x29\x56\xf4\xd6\x67\x28\x30\xe0\x5c\x01\xb3\x77\x96\x77\xc0\x7e\xa0\x09\x53\xc6\xb8\xf0\xdc\x20\x4c\x8d\xbd\xcc\xb3\x81\xbc\x01\xb8\x9c\x5c\x26\x1d\xb1\x89\xab\x1f\x54\xe4\x6b\xc3\xed\xc4\xde\x5a\xd4\xf0\xeb\x29\xc0\xa1\x20\xe4\x37\xcd\x8f\x37\xac\x67\xd4\x8c\x7f\x0e\x73\x02\x78\x70\x8f\x02\xb5\x4a\xee\x62\xb7\x29\x52\xbc\x1c\x0e\xb4\x37\xca\x8b\xd5\x65\x54\x37"},
+{{0x41,0xc1,0xa2,0xdf,0x93,0x69,0xcd,0xc9,0x27,0x16,0x4a,0xa5,0xad,0xf7,0x75,0x71,0x36,0xab,0xe5,0x13,0x95,0x60,0x42,0x66,0x33,0x4c,0xc5,0x46,0x0a,0xd5,0x68,0x3e,},{0x40,0x55,0x78,0x34,0xcc,0xe8,0xe0,0x43,0x58,0x0a,0x42,0x72,0xa8,0x80,0x4d,0x4f,0x92,0x6e,0x88,0xcb,0x10,0xd1,0xdf,0x0c,0x5e,0x28,0xb9,0xb6,0x7e,0x1b,0x63,0xda,},{0xb8,0xb2,0x75,0x2a,0x09,0x71,0x96,0xc2,0x89,0x84,0x9d,0x78,0xf8,0x11,0xd9,0xa6,0x2f,0xc7,0x67,0x27,0x8f,0x0c,0x46,0x62,0x8b,0x52,0x1f,0x62,0xed,0x27,0x59,0xd7,0x44,0x62,0xa1,0x75,0xda,0x22,0x40,0x3f,0x15,0x02,0x04,0x45,0xca,0xe0,0x6d,0xa3,0xed,0x61,0xcc,0xa6,0x20,0x3b,0x70,0x06,0x36,0x2a,0x0e,0x19,0x89,0x63,0xd2,0x0e,},"\xb6\x4b\x14\xba\x77\xd2\x39\xe6\xf8\x1a\xbe\x06\x0a\xcc\xef\x85\xf0\x44\x2b\x65\x0c\x44\x01\x5e\xfc\x43\xa0\xaa\x2b\xa1\x0b\xf4\x8d\x30\x18\xb1\x95\x3d\xdf\xff\xbc\xda\x5b\xf3\xbb\xe0\xb6\xb3\xe4\xb0\xd9\xa3\x2c\x6b\x72\x5b\xbb\x23\x1e\x0a\x27\x04\x47\x1e\xe8\xbc\x1d\x59\x4f\x5c\x54\x22\x6f\x5d\xd9\xdf\xa1\x63\xcf\xc1\x45\x2c\x61\xf9\x3e\x4f\x81\x39\xab\x4c\xe4\x47\x6f\x07\xec\x93\x36\x61\xea\xe9\x1b\x6d\x50\x0b\xf5\x08\xac\x63\xe4\xba\xaf\x1f\xfc\x8f\x00\x07\xd8\x02\xe0\x05\xf1\xb4\xfc\x1c\x88\xbe\xe4\xd5\xe9\xe7\x63\x84\xf5\xa7\x04\x3b\xd6\x60\xcc\xe7\x1f\x3b\x67\xf0\x1f\x6a\xb8\x44\x29\x85\x31\xaa\xc7\x3a\x39\xd0\x45\x37\x00\x88\x85\x50\x05\xa0\x9c\x6d\x04\x23\x8e\xa4\x78\xdf\xac\xad\x1e\x6b\x22\xb2\xbe\x4c\x46\xb0\xd5\x9b\x1e\xba\x1f\x06\x0b\xf7\xda\x5d\x15\x66\xcf\x1f\xdb\x5c\x54\x3a\x33\x92\x6a\xf6\x3f\x01\xa0\xdb\x86\xe1\xa6\x71\x1c\x47\x3d\xc7\x95\xab\x28\x3c\x8d\x93\xfa\xcf\xb5\x70\x1f\xa2\xf2\xf6\xbb\x99\xf9\xb7\xe3\x74\x9b\x07\x1d\x58\x60\x7b\xe4\x4a\x70\x89\xbc\xb5\x03\xec\x14\x95\xb5\xfe\xed\xb3\x99\x96\x1f\xd3\x67\x7d\x74\x93\xea\xa3\xb3\xe9\xcc\x5e\x36\x42\xf4\x0d\x47\xde\x9b\xfe\xe7\xc2\x0b\x0e\x51\x9c\x4e\xb4\xa4\x0f\x4d\xa4\x46\xed\x6a\xc7\xaa\xca\x05\x3e\x75\x9c\x97\xda\xbe\x0a\x8e\xc2\xf5\x8e\x7f\x2f\x9b\x20\x72\x76\x2f\x9f\x79\x4a\x6a\x4e\x36\x06\x0b\x88\x72\xbd\x2c\x18\xd0\x6a\x85\xc2\xc1\x41\xa7\x82\x93\x77\x3e\xe8\xcf\xbf\x15\x4b\x99\x30\xcd\x39\xda\x31\xb4\x97\xe7\x37\xa7\x75\x0c\x90\xa1\x3f\x5a\xaa\x14\x7c\xd0\xdc\x43\x11\xf2\xe3\x49\x41\x25\x2e\xf1\x98\xb0\xc1\xf5\x08\x27\xe5\x6c\x9f\x16\xf5\x95\xac\xed\x6d\x2a\x69\x34\x65\x31\x49\x5a\x64\x99\x77\x4d\x36\x07\x66\xca\x9b\xe5\xed\x88\x81\xc0\xdb\x26\xed\x7c\x5e\x6f\xf3\xa4\xf9\xb7\x3c\xd8\xb6\x54\x64\x0d\xc9\x6b\xf4\x3b\xd4\x26\xa0\xf2\x8c\x9b\x25\xfa\x70\x4d\x62\xff\x02\x88\xfc\xce\xff\xaa\xeb\xd3\xea\x30\x97\xbc\xbb\xd7\x78\x42\x0e\xbc\x52\x0a\x41\x77\x30\xa1\xb5\xb3\xb8\xc9\x6c\xda\x9f\x4e\x17\x7d"},
+{{0xa0,0x06,0x11,0x48,0x94,0x67,0x12,0x2c,0x4c,0x16,0x4b,0xfb,0x6a,0x61,0x6e,0x6a,0x61,0x9b,0x9f,0x83,0xc4,0x36,0x72,0x06,0xb8,0x5d,0x3f,0xbe,0xc3,0x8c,0xd6,0x2c,},{0x57,0xab,0x58,0xba,0xbb,0x41,0xdc,0x0d,0xa0,0xbc,0xd5,0x06,0x05,0x9a,0xac,0x9f,0x46,0xec,0xa9,0x1c,0xd3,0x5a,0x61,0xf1,0xba,0x04,0x9a,0x9a,0xc2,0x27,0xf3,0xd9,},{0xc7,0x71,0xba,0x0a,0x3d,0x3c,0x4a,0x7b,0x06,0x4b,0xd5,0x1a,0xd0,0x5c,0x9f,0xf2,0x7f,0xd3,0x26,0x61,0x0f,0xbf,0xa0,0x91,0x83,0x03,0x9e,0x5e,0xdf,0x35,0x47,0x2d,0xde,0xd8,0xfc,0x22,0x75,0xbb,0xcc,0x5d,0xf1,0xbf,0x12,0x98,0x60,0xc0,0x1a,0x2c,0x13,0x11,0xda,0x60,0x2f,0xba,0xff,0xc8,0xb7,0x9c,0x24,0x9c,0x9c,0xc9,0x55,0x02,},"\x34\xdb\x02\xed\x75\x12\xbf\x8c\x67\xd3\x59\xe7\x20\x3a\x2e\xa4\x41\xe2\x0e\x72\x97\x66\xc1\x5a\xa0\x0f\xa2\x49\xa3\x51\x8f\xc2\x9e\xf8\x90\x5a\xa5\xb4\x67\x09\x58\xc6\xa4\x60\xd7\x7b\x3a\x80\xef\xcb\x47\x38\x59\xbb\xaf\xf8\x62\x22\x3e\xee\x52\xfe\x58\xac\xfd\x33\x15\xf1\x50\xf3\xc6\xc2\x7f\xf4\x8f\xca\x76\x55\x2f\x98\xf6\x58\x5b\x5e\x79\x33\x08\xbf\x59\x76\xba\xd6\xee\x32\x7b\x4a\x7a\x31\x32\x14\xb9\xae\x04\xb9\x65\x1b\x63\xcd\x8d\x9f\x5b\x3b\xec\x68\x9e\x0f\xd0\x00\xdd\x50\x17\x70\xdd\x0e\x99\xb8\xf9\x9e\xaf\xa0\x9c\x39\x6a\x24\x5a\x4a\x96\xe5\x68\x96\xa2\x9b\x24\x19\x0b\x1e\xf1\x10\x63\xf3\x9b\x63\xee\x3a\x58\x6b\x07\x62\x7d\xd3\x50\x0c\x4e\x17\x0b\x83\x5d\xc0\xec\x23\x6f\xa5\xa3\x5c\x44\x18\x47\x07\x56\x5c\x4a\x50\x66\x2d\x8d\xbc\xcf\xff\x7f\x9a\x7a\x68\xd0\x21\xb4\xaf\x64\xd5\x32\xb7\xc3\xd2\x74\x74\x18\xc2\xd7\x17\xbb\x6a\xca\x6b\x58\x74\x7a\xe4\xdd\x56\x41\xd8\x26\xf7\x9a\x8a\x31\x5c\x38\x21\x1a\x53\x8a\x92\x9e\x5b\x45\x1f\x62\x3f\x4f\xcb\xbc\xac\xdb\x86\xc8\x75\x2e\xa1\x3a\x61\x7a\xb4\x14\xab\x65\x3e\xb2\xe6\x8d\x54\x20\xdf\x7c\x6d\xf9\x24\x38\x16\x8d\xcf\x9c\x06\x65\x81\xdf\xe7\xb2\xc4\x68\x19\x4a\x23\x70\x7d\xe4\x65\x9b\xd6\x7e\xb6\x34\xff\x02\x47\x41\xc5\xfc\x86\x98\xfd\x4d\xc4\x1f\xe5\xdf\xc6\x29\x9b\x7a\x08\xe6\xff\xca\x37\x10\x9c\x02\x10\xc8\xf9\x4e\xa2\xd3\xdd\xc9\x77\xff\xc0\xb3\x79\x4f\xe6\xba\x43\x37\xc7\xaa\xb4\x34\xa6\x8a\xc6\x65\x48\x4e\xa8\x24\x3a\x84\xb7\x9a\xa1\x81\xee\x6a\xb5\xaa\x37\xa3\x2d\x87\x97\x25\xed\xc0\x18\xf8\x55\x21\x81\x81\x6d\x7d\x27\x2c\xa8\x81\x8a\x7b\x92\xe6\xee\x44\x54\xd1\xf7\x82\x8d\xd8\xaf\xba\x1a\x79\x03\x64\xb4\xff\x28\xd8\x4e\x02\x85\x97\x35\x3e\xbb\xef\x24\x83\x7b\xc3\x19\xe1\xae\x8f\x2b\x0b\x6a\x85\x1b\x48\x9c\x3e\x17\x0e\xef\x53\xe0\x65\xf7\x03\x26\x53\xcd\x6b\x46\xd8\xe5\x7e\x4e\x11\x1b\x78\x9b\xa9\x50\xc4\x23\x0a\xba\x35\xe5\x69\xe0\x66\x15\x40\x34\x07\xbc\xe0\x36\x9a\xaa\xb4\xea\xfa\xef\x0c\xae\x10\x9a\xc4\xcb\x83\x8f\xb6\xc1"},
+{{0xde,0x16,0x34,0xf3,0x46,0x0e,0x02,0x89,0x8d,0xb5,0x32,0x98,0xd6,0xd3,0x82,0x1c,0x60,0x85,0x3a,0xde,0xe2,0xd7,0xf3,0xe8,0xed,0xd8,0xb0,0x23,0x9a,0x48,0xcf,0xaf,},{0x9d,0xc1,0x46,0x5b,0x33,0x83,0xf3,0x7d,0xe0,0x0e,0xa2,0xd3,0xc7,0x0f,0x2c,0x8f,0xac,0x81,0x5f,0x01,0x72,0x02,0x9c,0x3f,0x57,0x95,0x79,0xc9,0x84,0xa5,0x89,0x5e,},{0xd2,0x05,0x06,0xeb,0x84,0x69,0x23,0xa0,0xb1,0x6f,0xf8,0x2f,0xb2,0xc3,0x92,0x3b,0x00,0xc1,0xb3,0xbc,0xc6,0xe2,0xf6,0x48,0x2f,0xba,0x24,0x80,0x75,0x21,0xe8,0xe0,0x22,0x3f,0x69,0x2e,0x62,0xea,0xc9,0x93,0xf4,0x98,0xf6,0x71,0x02,0xa0,0x4f,0xd1,0xac,0xf9,0xc7,0xe3,0x88,0x8d,0x85,0x7c,0x9a,0x08,0x0b,0x8a,0xf6,0x36,0x10,0x06,},"\xd1\x0c\x3e\x4d\xe7\xfa\x29\x89\xdb\xa8\x75\x37\xe0\x05\x93\xd0\xee\xd4\xd7\x5e\xe6\x58\x46\xda\xb1\x49\x8b\x47\x49\xd6\x4f\x40\xe3\x4b\x59\x11\xc5\xce\x3b\x53\xa7\xe3\x7d\x2d\x02\xbb\x0d\xae\x38\xed\x96\x2a\x4e\xdc\x86\xc0\x02\x07\xbe\xe9\xa8\xe4\x56\xec\xca\xe8\xbd\xf4\xd8\x7a\x76\x74\x60\x14\x20\x1a\xf6\xca\xff\xe1\x05\x66\xf0\x8d\x10\xda\xaf\x07\x71\x60\xf0\x11\xfe\xac\xa2\x5b\x9c\x1f\x6e\xca\x9f\xc5\x33\x14\xa8\x05\x47\x95\x17\x54\x35\x55\x25\x25\x7d\x09\xa7\xfd\xad\x5b\xc3\x21\xb7\x2a\xa2\x8d\x1e\x02\xd8\x69\x6d\x4f\x9e\xb0\xad\x3b\x21\x96\xf8\xbc\xfa\xeb\x1d\x61\x48\x28\x7a\x3f\xae\xfe\xf9\x1a\x7a\x3e\x06\x09\xc2\x8c\xe5\x9d\x0c\xa1\x4d\x0b\x30\x50\xdd\x4f\x09\x6b\x7b\xc2\x51\x39\x88\xba\x21\x21\x28\xd5\x02\x6d\xaa\xa7\x18\x88\x46\xdb\x21\xc5\xc1\xd1\x79\xab\x94\x87\xc1\xa5\xbd\x34\x65\x88\x12\x7c\x20\x39\x8d\x36\x2d\x4c\x75\x9c\xfa\xb2\xa6\x77\x75\x0b\x9e\x45\x67\x6a\x1e\x7e\x09\x2e\xf0\x2e\xdb\xf2\x78\xfb\x19\xa5\x8e\x9b\xf6\xc9\xe9\x96\xe2\x4e\xda\xd7\x3f\x3c\xe3\x1f\xa0\x4b\x6d\x85\x33\x43\x6b\xf8\x0b\x4b\x2f\x80\x5e\xd9\x1e\x7f\xcd\xa3\xbc\x2b\xab\x3b\x2b\xb1\x57\x15\x8a\xf0\xea\x8e\x3f\x07\x31\xdf\xad\x45\x9d\x2e\x79\xb6\xd3\x71\x5f\xe7\xbf\x1e\xaf\xc5\x39\x75\x93\x20\x88\x57\xe5\x7b\x7f\xeb\x2f\x73\x87\x94\x3a\x8e\x09\x13\x47\x0c\x16\x1a\xef\x4f\xe2\x05\xd3\x63\x7f\x23\x17\x7f\xf2\x63\x04\xa4\xf6\x4e\xba\x3f\xe6\xf7\xf2\x72\xd2\x34\xa6\x72\x06\xa3\x88\xdd\xd0\x36\x6e\x89\x4e\xaa\x4b\xb0\x5d\x73\xa4\x75\xf1\xb3\x4c\xa2\x22\xbb\xce\x16\x85\xb1\xb5\x6e\x03\x4e\x43\xb3\xc4\x0e\x81\xff\xf7\x96\x82\xc1\x9f\x32\xaa\x3f\x2a\x89\x5c\x07\x09\xf9\xf7\x4a\x4d\x59\xd3\xa4\x90\x29\xec\xfc\xb2\x83\x08\x2b\x06\x7f\x1a\x0d\x95\x05\x75\x0f\xd8\x67\x32\x19\x99\x48\x42\x49\xef\xa7\x25\xf5\x2c\x94\xc7\x59\x62\x06\xa9\x11\xf3\xf5\x05\xd6\x3f\x03\x13\x25\x4b\xd4\x45\xf0\x5b\xe3\x99\x6b\x58\xfe\x18\x19\xaf\x87\x35\x2e\x7f\x0a\x2c\xa3\x20\xd9\xcc\x00\xa5\xfe\x77\xad\x41\x64\x0d\x50\xbe\x84\x36"},
+{{0xc7,0x38,0xef,0x5f,0x09,0x35,0x28,0x1b,0xa6,0x25,0xfa,0x40,0x14,0xd4,0xa4,0xd0,0xbe,0x7e,0x28,0xfe,0xd7,0x79,0xa9,0xcf,0x65,0x8e,0x21,0xdb,0xa4,0x3c,0xeb,0xc1,},{0x95,0x79,0x9f,0xaf,0x70,0x6d,0x19,0x5e,0x54,0x4c,0x76,0xca,0xfd,0xdf,0x09,0xd0,0x2d,0x1b,0xea,0xfc,0x42,0xc9,0xd6,0xc9,0xea,0xd4,0xc1,0x84,0x55,0x87,0xd3,0x9e,},{0xf4,0x43,0x71,0xe6,0xc3,0x39,0x16,0x39,0xd4,0x57,0xed,0x14,0x64,0x81,0x84,0x80,0x94,0x11,0xe8,0x0a,0x32,0x01,0xf8,0x81,0x16,0x70,0xe5,0x00,0xfc,0xad,0x92,0xf3,0x00,0xaa,0xbf,0x7f,0xc6,0x8e,0x44,0x01,0x91,0xe8,0x81,0xd6,0xc3,0x47,0x4e,0xfd,0x6d,0x28,0xf0,0x9d,0xc4,0x43,0x12,0xfc,0xfc,0xb8,0x27,0x01,0xba,0x3c,0x29,0x0a,},"\x16\x8d\x0b\xc5\x59\x8b\xe0\x2f\x54\x43\xbf\xe7\xdf\xb8\x82\x99\x85\xca\x5d\x28\x2a\xf9\xcf\x1b\x14\x82\x60\x2f\x24\x3d\x48\x6b\xd8\x2b\xa0\x39\xa0\x75\x09\x09\xe9\xb3\xc7\xd4\xd5\xf8\xb8\xba\xf4\x57\x18\xaf\x03\x11\x85\x4f\x4d\x1c\x78\x37\xf3\x1d\x8e\xe6\x8d\x35\x58\xe7\xe5\x1e\x0c\x64\x6a\x4a\x63\x75\x96\xee\x90\x05\x7b\x01\xed\x0a\x17\xda\xa3\x95\x0b\x81\xab\x47\xae\x8b\x94\xc1\x7d\x40\x74\x69\x13\xc4\x6b\xa1\x47\x8b\xfc\xa5\x1b\x16\x76\x28\xfc\x3e\xe1\xe2\x2f\x2f\x19\xd6\xd8\xda\xf9\x3d\xf6\x54\x0c\xed\xb7\xa8\x59\xd1\xa2\xba\x59\x11\xba\x71\x76\x6e\x8b\x7f\xce\x0c\x0e\x86\x63\x61\x6d\x01\x80\x69\x7d\x78\xce\x30\x40\xd4\x38\x13\x19\x82\xf3\xf8\x11\x2a\xcc\xa2\x9a\xe5\x3e\x53\x9f\xf8\xc9\xec\x41\x06\xd1\x32\xf4\x02\x01\x85\x18\x30\x84\x85\xf2\xaa\x6c\x9e\x8d\x1e\x62\xfe\xd6\x0c\xb2\x49\x45\x7d\xb3\x3c\x6f\xd1\xfe\x07\x44\x53\x61\xf0\x81\x94\xa2\xb5\xa0\x57\xcb\x03\xcc\x75\x4e\x5c\x7d\x4a\x7e\xea\x53\xa7\xf7\xd2\x07\xca\xcc\xa5\xe6\x8c\xaf\xa9\x69\xa3\x52\x1d\xbb\x81\x03\x99\xa1\x7f\x32\x8e\xe7\x67\xcf\x55\x92\x6b\x2b\xd5\xf0\x29\x54\x9d\x3b\x46\x45\x79\xc4\x26\x55\x26\x53\x98\x47\x2e\x1c\x77\xcc\x8d\xd9\xaf\xf1\x87\xf7\xac\x34\xdd\x45\x6a\xce\x99\x9a\x73\x6e\xcc\xa6\xd4\x05\xd4\x92\x2c\x77\x9c\x60\x0c\x47\xb8\x4c\x9c\x1d\xf5\xe5\xf8\xed\x3b\x28\x11\xd3\x51\x33\x91\x13\xf8\x45\x3c\xca\x4c\x44\x11\x68\x8c\xb0\x38\x82\x58\xeb\xbd\x18\x72\xb8\x36\x10\x04\x22\x49\x49\x4e\xd5\x60\xd4\xcd\xa6\xa6\x84\x55\xd9\x57\xe8\x06\xdd\x0b\xdd\x83\x00\x4c\x4c\xa8\x07\x74\xb8\xa0\xa1\x66\x58\x66\xf1\x70\x85\x01\x4e\xad\xb3\xea\xe7\x38\x2f\xa8\x70\xde\xb2\x9d\xd8\xc9\x31\xb5\x30\x19\x62\x57\x40\xe2\x83\x92\xf3\x85\x75\xc0\xe2\xa9\xe5\x04\xfc\x35\xbd\x95\xdf\x56\x43\x9a\x89\x82\x30\xa2\x39\x8c\xd2\x22\x5c\x76\x6e\xf3\x6f\x12\xae\x7e\x49\xb3\x0a\x9c\x0a\xad\x46\x9d\x58\x95\xbb\xf7\x21\xcc\x0f\xf5\x1d\x84\x0c\x80\x2d\x4a\x7e\xef\xba\x84\xfe\x52\x05\xa2\xc2\xf1\x40\x11\x92\x2d\xde\x56\x14\x56\xf7\x9e\x61\x61"},
+{{0x5f,0xea,0x38,0x73,0x9c,0x61,0xca,0x83,0xbf,0x7b,0x4a,0xd1,0x75,0xa2,0x11,0x76,0x27,0xb9,0x71,0xa6,0x34,0xa3,0x05,0xa8,0x4f,0xa5,0x7f,0xec,0xb8,0x03,0x56,0x24,},{0xdd,0xd1,0x4b,0x0f,0xc0,0x67,0x68,0xd5,0x10,0x4c,0x50,0x76,0x4b,0xfd,0x3b,0x95,0x23,0x52,0xa3,0x40,0x07,0xc5,0x0d,0x5d,0xdd,0x22,0x4f,0xf5,0x1a,0xfc,0xdf,0x9c,},{0xf4,0xe2,0x74,0x82,0x3f,0x2c,0x39,0x6f,0x3a,0x32,0x94,0x86,0xaa,0x64,0x10,0xc5,0xff,0x19,0x26,0x6f,0x07,0x70,0xfd,0x04,0xfb,0x14,0xa7,0x60,0x2d,0x2b,0x69,0xa4,0xa2,0xb0,0x09,0x28,0xe9,0xe1,0xd9,0x23,0x89,0xf8,0x03,0x33,0x59,0xed,0x6f,0xb2,0x14,0x64,0x67,0xaa,0x15,0x4c,0xba,0x59,0x7d,0xec,0x6a,0x84,0x17,0x3f,0x8d,0x07,},"\x10\x13\xc6\x0a\x73\x95\x35\x49\xe5\xed\x10\x5b\xde\xa1\x50\xb9\x1e\x60\xec\x39\x20\x0d\x43\x72\x13\x04\xbf\xc8\xec\x43\x9d\x39\x60\x96\x13\xc2\xd8\x78\x04\x4a\x9d\xa0\x1b\x26\xd8\x6d\x6d\x65\xdb\x93\xd9\x1a\x13\x7e\x9c\x48\x08\xa9\x7d\x4e\xf2\x86\xa9\x03\xf3\xf1\x38\x2c\xc6\xd1\x29\x42\x16\xb9\xfa\xfc\x01\x3c\x86\xb9\xff\x68\xb5\x5a\x50\xea\x37\x66\xe6\x1d\xc1\xce\x38\x34\x8e\x91\xd6\x2c\xe7\x32\xc1\x52\xd7\x66\xb9\x33\x5c\x68\xd6\xca\xd7\x7b\xe2\xb4\xa0\xcd\x50\xb9\xa1\xec\x63\x2b\xa5\x56\x48\xa6\xe7\xe1\x1a\x14\xc0\x68\x53\xc0\x2a\xec\x48\x09\xbd\x14\x7a\x5d\xdd\x9f\xbc\x3b\xe9\xf0\xc8\x15\x8d\x84\xab\x67\x95\xd7\x71\xb4\x2b\x18\x14\xa1\x7a\x3c\x7a\x6c\xa0\xf4\xa8\xf7\xb3\xa0\xdb\x1c\x73\xba\x13\xb1\x64\x00\xdf\xec\xbd\x03\xd2\x16\x65\x0e\x4d\x69\x70\x4a\x70\x72\x46\x44\x4d\x57\x91\xfa\x27\x37\x52\xf5\x9c\xb5\xae\x9f\xd4\x16\xa5\x18\x66\x13\xd6\x6a\xfd\xbd\x1c\xe6\x91\xa8\x7b\xd7\xd8\xb6\x71\x90\xe9\xac\x68\x70\x62\xa0\x80\xd2\xec\x39\xfe\x76\xed\x83\x35\x05\x82\x51\x87\x28\x39\xe8\x5e\xb6\x2f\x18\xec\xe1\x87\xca\xba\x55\xb5\xf7\xd5\xed\xca\xde\x01\xcd\xc5\x43\xcc\x67\x7e\x50\x23\x8b\x89\xc5\x63\x5a\xd5\xc8\xfc\x22\x0f\x5e\x0b\xe1\xbc\x66\x7d\x20\x98\x97\x53\xa6\xd6\x16\xfa\x69\xf8\xb1\x29\x40\xb8\xca\x9e\x2c\x48\x57\x71\x32\xd8\x69\x1b\x05\x37\x79\xa1\x52\xcb\xac\xff\x3b\x8b\x1b\xd7\xaf\x69\x2e\x56\xc7\x3b\xba\xe4\x63\x47\x76\xcf\xc2\x13\xc9\x9b\x9a\xe4\x58\xdf\x1b\xef\xc8\xc8\x77\x74\x26\x64\xb0\xa0\xbb\x1f\x69\x15\xc8\xda\xe3\xb3\xf5\x5d\xd7\x5a\xba\x6a\x3b\xcc\x41\x76\xb4\xe3\xba\x03\xd0\xc1\xc0\x4c\x3c\x64\x08\x77\x8b\x2b\x8e\x5a\x8a\x3e\xb5\x2e\xd3\x2a\x74\x28\xc0\x0a\x98\xa5\x89\xd8\xca\x93\x90\xa2\x10\xf4\xa7\xac\x00\x4f\xa1\xfe\x4c\x6d\xa6\x94\xf1\x22\x76\xe3\x20\xb4\x1b\x0b\x59\xf7\x5d\x26\x4a\x39\x6d\x45\x0b\x63\x1a\xb3\x53\xf1\x61\x27\x09\xe7\xa2\xe6\xa5\x0d\x01\xcb\x11\x0e\x53\x04\x05\x46\xdd\x3b\x1e\x11\xd2\x57\x32\x81\x3a\xa7\x6b\xe5\xe8\x1f\xcf\x7a\x57\x73\xf6\x81\x5b\xbd"},
+{{0x60,0xf9,0xa1,0x4c,0xce,0x5d,0x43,0xfd,0x9a,0xab,0x4e,0xe8,0xcc,0x83,0x79,0xd5,0x75,0x94,0x91,0x52,0x69,0x3b,0xf2,0x9a,0x67,0x90,0xb0,0x35,0xe4,0x2a,0x44,0xde,},{0xbd,0x4a,0x70,0x74,0x0d,0x5a,0xca,0xbe,0x49,0xf9,0xa2,0x15,0x20,0x82,0xfa,0x20,0x25,0x33,0x0e,0x64,0x40,0x43,0x7f,0x1d,0x04,0x7f,0x31,0x3d,0xe4,0x90,0xdc,0xa5,},{0x72,0xf5,0x4b,0xb8,0xbd,0xd1,0x7e,0x9e,0x42,0x2c,0xd3,0x39,0x63,0x1d,0xd3,0x9f,0x57,0x35,0x50,0x15,0xd4,0xcb,0xd1,0x5a,0xca,0xb7,0x54,0x2e,0xfd,0x78,0x4a,0x32,0x1c,0x1f,0x61,0x25,0x76,0x4c,0x0d,0x15,0x40,0x45,0xb3,0x2e,0x70,0xdc,0x2e,0x03,0xfb,0xfe,0x11,0x17,0x46,0x8a,0xc3,0xe7,0x31,0x27,0xb5,0xfa,0xc8,0xd4,0x21,0x02,},"\xdd\x7f\x44\xf9\xeb\x72\x8a\xb4\x8d\xe5\x4e\xcd\xe6\xb6\x18\x4b\xd5\xdd\xd8\x70\x75\x45\xa0\x12\x9f\x2e\x90\x59\x05\xb5\x5d\x3e\x7f\xd5\x7e\x28\x48\x5d\x25\x81\x48\xf6\x60\x5e\x23\x77\xd5\xb2\x67\xd2\xea\xf4\xcd\x4b\x46\xe4\x54\x96\x22\x19\x86\x82\x32\xb6\xf4\x1f\x88\xa7\x97\xf9\xcd\xd5\xc3\x9a\xda\x51\xa6\x41\x21\x4f\xb9\xdb\x2c\x2a\x9b\x5a\x5b\x16\xe3\x03\x57\x53\x18\xb6\x25\xcc\xa9\x70\xb7\x43\x48\x72\x79\x02\xa1\xcf\x26\x8b\xd1\x6e\x10\x71\x13\x16\x1c\x8c\xbc\x99\x30\x3c\x2b\x9f\x23\x55\x41\xa7\xb3\x1e\x43\x31\x20\xfe\xba\x14\xfe\xbe\x4b\xcb\x0f\x5b\x93\x6c\x7e\xdd\xdd\x0e\xcf\xc7\x2c\x8d\x38\xf6\x4c\xdb\x6c\xfc\x29\x10\xbc\x29\xa5\x21\xc5\x0a\x51\xab\xcb\xc2\xaa\xbf\x78\x9d\xe8\x22\xcb\x04\xf5\x72\x8f\xee\x15\x3d\xd5\x50\x1b\x2d\xb5\x9c\x59\xf5\x0c\xab\x17\xc2\x92\x16\xd6\x69\x51\x01\x9e\x14\x5b\x36\xfd\x7e\x84\x1b\xfb\xb0\xa3\x28\x55\x4b\x44\xdd\x7e\xf5\x14\x68\xc3\xd5\xb7\xd3\xa1\xf7\xb9\xde\xf5\x8d\x8c\xf9\xd9\xbc\xaf\xe9\x2c\x86\xcf\x6d\x61\x19\xe9\x8d\xba\x6f\x38\xea\x57\xe3\x22\xdd\xc9\xc2\x19\x8d\x4b\xbc\x3b\x94\xea\x13\x29\xdb\x0d\x45\x8e\x01\xc7\x08\x1b\x33\x92\x5a\x3e\x28\x7f\x59\x9a\x85\x8c\x50\xc3\xa8\xf1\x8c\xc2\xaa\x63\x4d\xf6\x3e\x7f\x10\xe4\x03\xad\xea\xb2\xf4\x1d\xb5\x57\x87\x90\xc3\xb4\xf0\x41\xa8\xb7\xa4\xf6\x9c\xd6\xe0\x62\x15\xdf\x82\x01\xae\x5b\x3e\x1d\x1d\x25\xa0\xa3\x9b\xfc\x3d\x04\x1a\x2f\x98\x21\x3e\xf4\x14\x12\x45\x79\x2a\x76\xf0\x6d\x4d\xe2\x5f\x64\x67\xa0\xe5\x6f\x2f\x5c\xf6\x94\x00\xd2\x21\x17\xde\x7b\x46\x14\x95\x54\xb7\x0c\x75\xb9\xf9\x94\x84\xa4\xf6\xf0\x35\xad\x3f\x10\xe3\x75\x3c\xb1\x4f\x4f\x39\x8d\xcf\x6a\x64\xd1\x0c\xf6\xc4\xfa\xc0\x7c\x91\x19\x3c\xc0\xf5\x4f\x0d\xe5\x8c\x63\x43\xe9\xca\xaa\x6b\x4f\x47\x5e\xf9\x1a\x59\xe0\x83\xf9\xf2\x11\xf5\xbc\x8e\x7e\x45\x16\xb4\x5c\xf0\x6b\xf5\x0b\xeb\x8f\xc4\xab\x57\x9d\x86\xd4\xa4\x19\x0e\xea\xc7\x48\xd0\x6e\x08\x52\xc4\xb9\xba\x8c\xfc\x50\xdd\x0a\x03\x7a\x7b\xad\x7f\xad\x55\xaf\x30\x9a\x5f\x13\xd4\xc9\x1e\xd3\xe0"},
+{{0xa3,0x90,0x53,0xc5,0xc5,0x8b,0xf3,0x1d,0x46,0x2b,0x27,0xa6,0x20,0xb0,0xb3,0x7b,0x80,0x52,0xc6,0xb1,0xc4,0x10,0x2b,0x61,0x45,0x66,0x3a,0xa1,0x5e,0x97,0x87,0x18,},{0x36,0x42,0xac,0x2a,0x32,0x80,0xdc,0xe5,0x2a,0xd8,0xdf,0xcf,0xd3,0x70,0x94,0x36,0xed,0xc4,0xe7,0xe4,0xae,0x1b,0x45,0x2d,0x9b,0x22,0x07,0x80,0xb0,0x86,0x79,0xfa,},{0xf7,0x38,0x3e,0x96,0x6c,0xb2,0x30,0x9d,0xee,0xdf,0x86,0x01,0x00,0x18,0x3a,0xae,0xfa,0xc6,0x72,0xca,0x16,0xd5,0x41,0x9c,0xd6,0x42,0x2c,0xa7,0x0e,0x16,0xb3,0x97,0x6f,0x5f,0x16,0x5a,0xfc,0x27,0x86,0x11,0x7c,0x86,0x82,0x34,0xba,0x11,0x09,0xed,0xe0,0x31,0xf8,0x97,0x9b,0x50,0xe5,0x67,0x35,0x8b,0xd4,0xf8,0xbd,0x95,0x82,0x02,},"\xf6\x55\x40\xd3\xab\xeb\x1e\xe5\xea\x98\x70\x62\xc1\xb5\x79\x51\x6d\x3c\x29\xc3\x9c\xbc\x6b\x09\xd6\x0e\x18\xfe\x27\x4c\x2b\xef\xe0\xf5\xfe\x7d\xbd\x57\xc2\xd5\x83\x52\x29\xbb\x75\x4e\xc4\x34\x13\x94\x76\x57\x76\xd6\xa9\x17\x8c\x4e\x6a\x31\x2c\xd7\x4b\xdb\xac\xa0\xe8\x82\x70\x62\x8c\xd8\x41\x00\xf4\x72\xb0\x75\xf9\x36\x92\x83\x01\x22\xf0\x0f\x9b\xd9\x1a\xc5\x82\x83\x6c\x8b\xfa\x71\x4a\xa4\x8e\x97\x70\x03\x55\x6e\x1b\x69\x6d\xf3\x28\xef\x58\x4f\x41\x3f\x8a\xb6\x14\x76\x06\x99\xc4\xd1\x47\xc3\xee\xa1\xda\x04\x35\x83\x5c\x9b\xf7\xad\x54\x60\x6f\x02\x13\xeb\x74\xa1\xb4\x76\x14\x15\x06\xae\x2c\xd1\x24\xcd\x51\xd6\x6e\x7e\x7e\x57\x95\x60\x57\x63\x05\xc5\xfb\xe8\x43\x0b\xe3\xeb\xeb\xaa\xcb\xa3\xf9\x98\x9d\xd7\xd1\x99\xf5\xa4\x55\xa5\x0c\xdb\x37\x55\x03\x7e\x1a\x70\x67\x4a\x4f\xef\x40\xb4\xa3\xaa\xf7\xbd\x3c\x95\xb1\xab\x41\xbb\x20\x62\x11\xc3\xa1\x27\x6d\x3e\x37\xd8\xa3\xa5\xc3\xd5\xd0\xf3\x6e\xf5\xb4\xf3\xde\x26\xb7\xf2\x0f\x6b\x29\x00\x71\x6d\xcc\x22\xab\x73\x4e\xba\xf1\xe8\xd0\x00\x20\xe5\xf0\x19\x55\x16\x53\xb9\xc2\xf7\x0a\x40\x38\xdf\xb2\xf1\x2d\x25\xd6\xd8\x4e\x79\x07\x3a\x65\x48\xfe\x15\xe4\x82\x8f\xe5\xde\x83\xac\x3d\x8d\x98\xb7\xda\xf9\x27\x10\x48\x2c\x37\xf7\xbd\x24\x31\xa8\x11\x4c\x61\x37\x65\x7b\xb1\x77\x88\x2d\x8a\x3c\x76\xba\xbf\x1c\x67\x1a\x70\x55\x36\x5f\xe9\x08\x66\x16\x7a\x2d\x1d\xbc\x87\x0b\xe8\x3b\x36\x01\xf0\x9d\x4a\x31\x7a\xe2\x54\xca\xc9\xf9\x8d\xcc\x7a\xea\xd9\x22\x4c\xd9\xc9\xd8\xa2\x00\xab\xc8\x0a\x2d\xd1\x08\xaf\x28\xfd\x46\xad\x70\x80\xae\x74\x1b\x50\x05\x4b\x9b\x9a\x92\x01\xef\xb7\x83\x8b\xc4\xc5\xc2\xcc\x3d\x76\xba\x0f\xcc\x49\xc4\x6e\x79\x2c\x26\x29\x2b\x7d\x03\x12\xaf\xf9\x55\xa9\xf8\xed\xf0\xc6\x96\xa7\x0a\x61\x4f\x35\x53\xad\x38\x69\xbf\xde\x48\xd2\x6a\x4d\x36\x7b\x6c\xec\x05\x7e\x62\xa4\xe5\x48\x55\x4b\x48\xb5\x3e\xcd\xa7\x90\xba\x7a\x0a\xb2\xe3\xde\x58\x7b\xdc\x22\xb0\x2f\x59\x47\x63\x4d\x73\x09\x9f\x54\x7d\xb2\x2e\xc1\xbb\xf8\x23\x43\xf9\xa2\xca\x38\xbc\xe4\xeb\x59\xbe"},
+{{0xe0,0xc2,0x9d,0xf4,0xde,0x45,0xc4,0x75,0x39,0xe0,0x89,0x6b,0x3a,0x59,0xbc,0x3d,0xe6,0xb8,0x02,0xfd,0x14,0xdb,0xdc,0x9f,0x25,0xe7,0x17,0xac,0x82,0xc3,0x28,0xf3,},{0xa6,0x90,0x02,0xb0,0xf5,0xef,0x35,0x4c,0xe3,0xb2,0xd6,0xb8,0xd8,0xba,0x70,0xab,0x77,0x84,0x32,0xb2,0x2f,0x14,0x4d,0xc9,0xc2,0xeb,0x92,0xd9,0x9d,0x99,0xdd,0x2a,},{0xbb,0x3b,0x8c,0x5c,0x27,0x59,0x1f,0xd8,0xb9,0xc5,0xba,0x48,0x9d,0x6b,0x6e,0xe5,0xb0,0xfb,0x4a,0x7b,0x0d,0xe5,0x1f,0x16,0x39,0xaf,0xc6,0x73,0xd0,0xe5,0xf7,0x5e,0x31,0x3a,0xa7,0xe1,0xd0,0x00,0x90,0x81,0xdb,0xca,0x74,0x35,0xb6,0x87,0xcc,0xd1,0x2f,0x64,0xf7,0x4a,0x38,0x6e,0x77,0x2b,0x9e,0x24,0x78,0x1b,0x92,0x5c,0x8c,0x0c,},"\x6a\x37\xcb\x4c\x74\x9c\x58\x35\x90\xc8\xd8\x49\xbc\xe3\xfa\x65\x7f\x10\x00\x91\x90\xca\xd9\xbe\x41\xed\xe1\x9b\xf2\xfd\xb3\xc5\x62\xa6\x10\x1f\x27\xbd\x37\xf2\x23\xca\xb1\x3c\xed\x24\x5a\x1c\xed\xf8\x52\xf5\x51\xf8\x57\xaa\xd9\x72\x7f\x62\xc9\x67\xc0\xa9\x21\xdf\x11\x6f\x48\xa8\x0a\x60\x40\xb3\xc7\x23\xab\x5c\xb5\x94\xc4\x50\x7a\x3d\x20\xcd\x60\x51\x4e\x22\x16\x4a\x82\xb7\x4f\x19\xdc\xfd\xd8\x3c\x57\xbc\x36\x52\x37\x55\x17\x41\x4a\xf5\xd1\x8e\x0a\x64\xcc\xab\x36\x69\x97\x68\xd0\x7c\xf4\x0b\x70\x63\xa8\x3e\x43\xd5\xf6\x07\x96\x4b\x1b\xf0\x84\x0a\x45\xad\x50\xab\xf8\x3d\xbc\x84\x9f\x40\xe5\xb4\xcf\xb6\xa3\x34\x7b\x29\xfe\xc5\x07\x74\x04\x6a\x4b\x50\x04\x10\x32\xaa\x4d\x56\x7e\x85\x64\xb3\xee\xd1\x64\x20\x40\x68\x2d\xd8\xae\x7d\x71\x79\x28\x6c\xf6\xe1\x85\x3d\xc8\x7d\x27\xc3\xe9\xe6\x0f\xa4\x7c\xf8\xcb\x2d\xa0\x18\x1d\x53\xee\xc4\x06\x14\xb0\x73\x31\xa4\xfb\x70\x28\x08\x6d\x0b\x1c\xe2\xe1\x11\x5b\x73\xa1\x62\xc5\x27\xbd\xd7\xca\xb5\x33\x5b\x86\x3d\x10\x8b\xe0\x47\xbd\xbc\xa1\x12\xcc\x6e\x77\x6b\xb4\x53\xc3\x17\x31\x43\x88\xbb\x96\x53\xef\xb4\x44\x4b\xf5\xcf\x1e\xc8\xda\x23\xb7\x11\xba\x71\x79\x6c\x0a\xe0\x2b\xa1\xdc\xc8\x38\x45\x50\x78\xc3\x89\x7f\x07\xe9\xe1\x3b\x76\xe4\x92\x74\xc2\xe2\x07\x50\x6b\x00\xa0\xb5\x58\x88\x3a\xa1\x22\xb6\x67\xdb\x9d\x67\x05\x08\x60\x6a\x3f\x54\x32\x06\x36\xcd\x19\xf9\x73\x91\x7f\xb1\x87\x5f\x43\x63\xe2\x20\xf1\xe1\x23\x98\xcc\x6a\xfd\x79\x09\x47\x43\x33\x84\x56\x81\x3a\x58\x26\xad\x3f\x1a\xba\x7c\xd7\xbe\xab\x1f\xe1\x83\x85\x9c\x0c\xc9\xef\x40\xa5\xea\xb9\x12\xca\xf5\x15\xa8\xd4\xc3\xb9\x3d\x64\x1b\x7a\xb3\xe7\x6b\x16\xc1\x29\x71\xac\xe8\x8f\xf3\x3e\x5a\x1e\xd9\xb4\x4e\x45\xdb\x8f\x30\x85\xdb\xf0\x70\xb2\x56\xb0\xd7\x51\x2e\xe1\x06\x94\x32\x60\x3d\x73\x09\x5d\xb8\x74\x9c\xa5\x47\x96\x3b\xd7\x1a\x8a\x68\x4a\xb8\x51\x6b\x14\x6c\x41\x87\x17\x63\x86\xaf\xdf\x6c\xb1\x36\x8a\x3d\xd8\xfc\xb2\xcf\xff\x77\x05\x6a\xaf\x78\x23\xf8\x00\xb2\x66\xac\xce\x72\xbf\x64\x3c\x6d\x0c\x28\xf0\xab"},
+{{0x19,0x8b,0x5f,0xd1,0xc0,0x38,0x27,0xe0,0x99,0x4a,0xd5,0xbf,0xee,0x9b,0x5b,0x7b,0xe9,0x96,0x6c,0x9c,0x3a,0x26,0x7e,0x4d,0x74,0x30,0x34,0x37,0x67,0x40,0x3c,0x67,},{0x66,0x82,0xc6,0xf1,0xa8,0x66,0xb4,0x9b,0x2f,0x8e,0xe9,0x7f,0x2e,0x53,0x2f,0xa9,0x16,0x66,0xbf,0x38,0xda,0x1b,0x4d,0xd6,0x55,0x43,0xa1,0x77,0x77,0x94,0xcb,0xee,},{0xf4,0x54,0xf3,0x5b,0x18,0x53,0x8f,0x87,0x7e,0x5d,0x61,0x4a,0x76,0xb5,0x27,0x6a,0x27,0xfc,0x0b,0x43,0x3f,0x21,0x5d,0xc4,0xe9,0x63,0xb3,0xf0,0x47,0x69,0x4c,0x78,0x0c,0x51,0x5c,0x6e,0xf6,0xfe,0x2d,0xb4,0xb0,0x09,0x00,0x9b,0xc2,0x73,0x3a,0xec,0x4f,0xd4,0x6e,0x61,0x53,0x57,0xcc,0x0b,0xcc,0x9f,0x1f,0x7f,0xc2,0x1e,0x3c,0x02,},"\x3f\xda\xa1\x5c\x46\xf2\x51\x43\xdb\x97\x20\x79\xd7\x01\x3c\x7f\x69\xa1\x36\xf4\x5f\x3f\x6b\xa2\xce\xd8\xb8\x28\x46\x8e\xb3\xda\xa6\xb5\x0b\x4f\x8d\x33\x80\xfe\xc6\x4a\x03\x43\xbe\x11\x6f\x6f\x83\xb6\xee\x64\xcc\x4c\x1b\x1d\x08\xd5\x4f\xd4\x20\x29\xe4\x28\x5c\xfc\x6c\x6d\xd5\xcd\x18\x1a\xb5\x33\xff\xcd\x41\x1f\x23\xa1\x00\x3d\xa9\x4e\xc9\x34\x0e\x2e\xc7\x11\x99\xd6\x78\x54\x0d\x51\x82\xe1\x39\xff\xcb\xc5\x05\xa1\x70\xb8\xf0\x7f\x4a\x7e\x69\x4c\xa9\x2f\x58\x32\x0c\x0a\x07\x85\x64\xce\x9d\xe9\x9b\x0f\xa8\xe6\x6b\x0d\x82\x2e\x46\x7a\x5a\xeb\x83\x56\x79\x96\xa4\x8b\x89\xdb\x25\xca\xde\x64\x57\x79\x4e\x54\x14\xd6\x7e\x9d\x4a\xb7\xcd\x6c\xc2\x05\x8b\xb7\xa5\x13\xab\xd7\x09\xf4\xca\xf2\x4b\xb6\x7c\xe1\xc0\x3a\xb6\x2d\xbd\xfe\x30\x9e\xc7\xdb\x0f\xa3\xea\x7a\xae\x82\x36\xf2\x59\xb9\x22\xd4\x53\x61\x15\xa6\x3b\xc8\x9a\xcb\x20\x51\xd0\x9e\x73\x1c\xbb\x0d\xf1\x57\xd9\xd3\x45\xbd\x91\x09\x97\x3c\x2b\x59\x4f\x14\x8e\xfc\x6f\x33\x77\xde\x51\x63\xb7\xf6\x98\x69\xff\xef\x85\x3e\xae\xfe\xb4\x02\xe2\x35\x29\x59\x4f\xbd\x65\xca\x05\xfe\x40\x62\xc5\x29\xd8\xe3\x21\xab\xc0\x52\x00\xca\xc1\xe8\x39\xe8\x7b\x1f\xd3\xfd\xf0\x21\xd6\x8c\xbb\x3a\x41\x42\xb6\x9c\xc3\xaf\x6f\x63\x2e\xdd\x65\xb8\x3f\x5a\xa4\xcb\x17\xda\x5b\x6b\xa3\xfc\x03\xed\xb1\x7c\x2a\x3c\xb5\xb0\x48\x36\xe7\x66\x0e\x63\xc8\xa0\x48\x3e\x24\x39\x83\x37\x1d\xfa\x98\x39\xf9\x16\x4a\xd4\xda\x0d\x59\x53\x65\x5e\x3a\x95\x18\xe1\x36\xda\x74\x57\x37\xc7\x92\x43\xc3\x55\xfc\x12\x5c\xbd\xcc\x76\xae\xc9\x22\x16\x84\x6c\x45\x74\xf4\xf7\xf2\x98\xbc\xde\x54\xfd\x24\x44\xad\x30\x25\x95\x5c\x10\x03\x15\xde\x5a\x4e\x27\xc3\x33\xa0\x02\x84\xb2\xf7\x02\xfd\xd3\xde\x22\xac\x6c\x24\x0d\xbc\x14\xbf\x71\xe6\x2d\x13\x1b\x62\xf2\xdb\x99\x24\x73\xf2\xf9\x13\xf6\x0c\x91\x6e\xcf\x57\xdf\x5f\x3f\x02\x1f\xb3\x30\x83\x43\x95\xb7\x94\x72\xca\xff\x19\xfc\xfa\x0a\x27\x17\x95\xc7\x6d\x69\xb4\xdb\x3f\x85\xb8\xd2\xe5\xc3\x44\x19\x65\x48\x4d\xcc\x39\xab\xa5\x9b\x70\x12\x74\xf7\xfc\x42\x52\x46\x85\x60\x69"},
+{{0x43,0x92,0xf7,0xd4,0xfb,0xd6,0x8f,0xe1,0x54,0xe4,0xba,0x38,0xad,0x52,0x07,0x61,0x2a,0x06,0x48,0x55,0x60,0x56,0xc3,0x9a,0xc1,0x16,0xad,0x46,0x8f,0x89,0xbd,0x2d,},{0xcb,0xea,0xef,0x41,0xac,0xac,0x02,0xbf,0x1f,0x78,0x0c,0xe9,0x34,0xaa,0xbd,0x63,0x13,0x64,0xb3,0x69,0x56,0x7b,0xe1,0xbe,0x28,0xe3,0x90,0x6f,0x9d,0xb1,0x20,0xfa,},{0x86,0xe7,0xcc,0xf0,0x6e,0x79,0x36,0x2d,0x40,0xcd,0xb7,0xfb,0x75,0xa9,0x89,0x78,0xbb,0xd3,0x34,0xa1,0xdb,0x75,0x90,0x36,0x7d,0x60,0x84,0x9b,0xd5,0x3e,0x2f,0xb1,0xa4,0xbd,0xae,0x59,0x0d,0x1f,0x47,0xb5,0x49,0x0d,0x87,0x02,0xe7,0xc1,0xa8,0x72,0x68,0xb8,0xee,0x9d,0xb6,0x12,0xde,0x7b,0xdc,0x2e,0x38,0xfa,0x6d,0xeb,0x7e,0x05,},"\xcf\x17\x09\xdc\x9a\x08\x67\xee\x90\x87\x21\xb1\x36\xcb\x93\xa8\x42\x29\xe8\x3b\x46\x20\x47\x77\xca\x81\x94\xd0\x8b\x7a\x3c\xa9\xc9\x12\xeb\x24\x3e\x5b\xda\xbf\xee\xd3\x52\x34\x9d\x20\xbe\x80\x1b\x72\x2a\xf0\x89\x22\x38\xe7\x2e\xdf\x19\x0e\x63\x61\xf5\x75\x72\x78\x1a\xd3\xc2\x59\x0b\x19\x73\x57\x64\x1c\x80\x53\x83\xba\xa1\xd4\x97\x2f\x76\xc6\x54\x48\x53\x2c\x11\x08\x34\xa0\xba\xa8\xf4\x88\x63\xe1\x66\xb7\x06\x65\x37\x08\xcd\x40\x57\xd3\xa4\xf9\xfc\xb2\xce\xb4\x12\x00\x01\x27\x7d\x38\xc4\x38\x47\xd8\x22\x82\x2b\x77\x7c\x2b\xb4\xda\x40\x15\xa1\xc2\x4d\x41\x6d\x50\x62\xa8\x71\x84\x91\xd8\x55\xaa\xa5\xdb\xf5\x57\x9c\x16\x4d\x8e\x52\x4a\x9f\x2f\xa3\xf2\x2e\xb0\x98\x61\xff\xe6\xad\x65\x9f\xe3\x6e\xb4\x04\x31\x22\x2c\x22\xd7\x13\x7a\x6c\xab\xca\x8d\xb7\x86\xe3\x9d\x81\xf6\x61\xaf\xde\x4e\x39\x58\x9b\x4d\xb4\xd3\xc5\x1c\xa5\x35\x90\xa1\x4e\x11\x5d\x0a\xfc\x3a\x87\x7b\x83\x9a\x96\x38\xbe\xce\x80\xc3\x2c\x19\xe5\x1b\x75\x32\x02\x48\x45\xf7\x6c\xfe\x9b\xfb\x2a\xc0\x51\x30\xf6\x75\x8b\xf7\xfe\x99\x3a\xa9\x3a\xa2\x72\xe4\xe6\xbd\x0c\x75\xc1\x40\x99\xd4\x3e\x65\x2a\x22\x3e\x5b\xcd\x64\xc3\x62\xd4\xb8\xf4\xb9\x5e\x01\x6f\x93\x50\xc7\xfa\x74\xe6\x53\x52\x5d\x08\x01\x15\x58\xb2\xc6\xe9\xbf\x4f\xdf\x9d\xbd\x5e\xf9\xb0\x9b\xbc\x84\x6a\xfc\x2b\xcb\xc8\x6c\x4c\xcc\x31\x5f\x6d\x1c\xcd\x48\x9b\x0c\xf8\xed\x0d\x93\xf2\xf5\x32\xa4\x26\x26\x5c\x59\x0b\xa3\xa5\x90\x23\x34\x7d\x81\x9d\x9b\x28\x1e\xf8\x53\x10\xb0\x53\x16\xd4\x6c\x8a\x8c\x03\x65\xd0\x68\xa8\x70\x86\x64\xea\x4d\x77\xac\x0c\xd1\x50\xa6\x5a\x56\x58\x6b\xab\xd3\x4b\x74\x36\x5b\xb8\xfe\x3e\x61\x87\x26\x22\x84\xd6\x44\x32\xe4\xc8\x1e\xa4\xc0\xe5\x7c\x1d\x71\xae\x98\x0c\x7f\x4d\x1d\x87\x10\x32\xe1\x88\xbb\xf9\xd1\x75\x8c\xdc\x1d\xff\x98\x9f\x2d\x12\x88\xfe\xf4\xe2\x05\xe9\x9e\x7c\xbf\x2c\xc3\x24\xb8\xc9\x30\x46\xf4\x76\xc5\x9d\x3d\x0a\x59\xdb\x6f\xe3\x73\x82\xdc\x79\xc5\xec\x16\x05\x6a\xb3\x93\x4a\x52\xf7\xd2\x88\x0d\x04\x71\xa3\x77\xb6\xa8\xae\x84\xd5\x6a\xc2\x2d\x1d\x54\x55\x1c"},
+{{0x0b,0xea,0x98,0xab,0xe7,0xd6,0x3f,0x15,0x83,0x90,0xee,0x66,0x8a,0xa0,0x50,0xe8,0x4a,0x25,0xd2,0x89,0x3e,0x49,0xfc,0x83,0xf0,0x79,0xf9,0xbb,0xa6,0xa5,0x5a,0x75,},{0x22,0x19,0x2e,0xc0,0xd3,0x2e,0xf9,0x83,0x56,0x65,0xa6,0x1b,0xc8,0x8b,0xcf,0x4e,0x16,0x04,0x63,0x79,0x21,0x15,0x2c,0x11,0x6a,0xf5,0x03,0x36,0x5b,0xf6,0xbe,0x42,},{0x7e,0xb3,0x13,0x9b,0x88,0x0f,0xdf,0x66,0x37,0x6a,0x20,0x90,0x81,0x88,0x40,0x04,0x97,0x67,0xc8,0x37,0xf3,0xad,0x00,0x36,0xb1,0x41,0x66,0x70,0x52,0xb3,0x36,0x09,0x81,0x7c,0xa5,0xe2,0x40,0xed,0x8c,0xdf,0x3c,0xcf,0x3a,0xee,0x29,0x27,0x45,0x34,0x59,0x4d,0xb0,0xb4,0xcc,0xc5,0xc6,0xe5,0xbb,0xa3,0x28,0x0b,0x87,0x3f,0x29,0x01,},"\xc1\x78\xe3\x8d\x4e\x83\xed\x2b\xe5\x7c\xe1\xc3\xab\x64\x25\x3a\x81\x71\xe6\x10\x00\x81\x81\xfb\xfc\x6d\x75\x22\x69\xf7\xf1\xc5\xa9\xec\x62\xcb\x27\xf1\x9a\xd9\x9c\xe1\xf5\x11\x6a\x36\x3d\x96\xfd\xc5\xa4\x2f\x35\x8b\x6d\xbe\x7c\xab\xdf\xc9\xf6\x07\x18\xe4\x01\x2c\x1b\xb1\xf8\x42\xc5\x56\x08\x11\xba\x83\x74\xa0\x63\x77\x47\xff\x92\xea\xc2\x1c\xa6\x5d\xde\xaf\x43\xe9\x98\x9b\x7d\xe2\xd4\x32\x52\x0a\xfe\xe3\x64\xec\xfb\xa4\xda\x66\x9a\xd4\x89\x3d\x0b\xf6\x9f\x9f\x81\xe7\xdf\x69\x65\x7b\xe2\x2b\x92\x06\x97\x45\xf2\x16\xc2\x42\xcc\xd4\x6d\x02\xd3\x56\x16\xe1\x6c\x75\x5e\x0e\x37\xf9\x61\xa6\xf3\x63\x77\x52\x53\x4f\x6d\xfa\xb8\x80\x5a\xb7\x59\xa0\x32\xa4\xe7\xe4\xc8\x19\x53\x32\x5a\x2f\x68\x6b\xb6\x9a\x02\x9c\xe4\xe0\x3b\xec\xb3\x60\x56\x37\xc5\xa6\x5b\x52\xe3\x31\xc2\x6c\x92\x6e\xd4\x71\x1a\x50\x4d\x37\x33\xbb\x53\xc9\x7b\x80\xea\xfe\x4e\x75\xdd\xd9\xf4\x15\x36\x28\x88\xc3\xd4\xd3\x7b\xae\x0e\x63\xfa\x11\xbf\x75\x56\x66\x43\x7d\x72\xf5\x8c\x91\xd7\xa2\xf8\xcb\x61\x9b\x76\x20\xa0\x70\xb2\x6b\x18\xb4\xd5\x01\x84\xc5\x81\x87\x12\x11\x0e\x36\xd3\xe2\x83\x0f\x6a\x85\x76\xba\x57\xf9\xcc\xcb\x8f\xff\x40\x28\xbf\x8e\xf9\xcb\x81\x48\x25\xbb\xca\x82\x7d\x64\x95\x47\xbf\x6f\x2b\xef\x93\x17\x04\xca\x7f\x6d\xf1\x5f\x78\x01\x55\xed\x46\xea\xa7\xca\x7d\x72\xe2\x24\x34\xca\x04\x83\xbf\xb2\xf7\x90\x2d\xc7\x87\xf6\x17\xeb\x9b\xd4\x1e\xd4\x52\x0a\xdf\xd4\x30\x94\x8c\x71\x08\x05\xa7\x3c\x1b\xa5\x49\x2e\x96\x48\x4c\x4b\xaa\x7d\xa2\x4c\x74\x35\xc4\x6a\x05\x2b\xf3\x51\x5d\x33\xe4\x2d\xce\xf5\x17\xca\xa4\x5f\x36\xc8\x79\x12\x10\x78\xc6\x88\xdd\x10\xd7\x66\x56\xa1\x19\x76\x2b\x6a\x83\x41\x36\xfa\x1f\x8a\x64\x32\x24\xb9\x22\x4c\x54\x3c\xf0\x47\x0b\x3f\x8e\xe0\x17\xd6\x20\xdb\xdc\xc8\x4d\x98\x51\x54\xe9\xd1\xae\x80\xe5\xf1\x43\x87\xb8\x8a\x0f\x6a\x5c\x35\x90\x5a\xa5\x7f\xb3\xab\xeb\x0e\xa6\xec\xcd\xdb\x00\x44\x74\x63\x3c\xc4\x83\xb5\x6b\x8a\x8e\x20\xe8\xf2\xe0\x9e\x97\x9a\xa0\x98\x93\x08\x78\x75\xc6\xb1\x17\xb5\xf1\x38\x47\xad\x8f\xc0\x56\x04\xc4"},
+{{0xc2,0x58,0x78,0xb0,0xd1,0xe0,0x92,0x5c,0x8f,0x5f,0x04,0xa1,0xe5,0x79,0x90,0x80,0x96,0x3c,0x41,0x3a,0x13,0x99,0xc1,0x18,0xaf,0xb1,0x68,0x7c,0x79,0x7f,0x48,0x39,},{0x13,0xac,0x2c,0xad,0x41,0x90,0x8c,0x25,0x5f,0x67,0x1f,0x93,0x93,0x4a,0xe5,0xd7,0xbe,0x32,0x53,0x46,0x72,0x5c,0x8b,0x40,0xdc,0x39,0xea,0x80,0xd7,0x0d,0xdf,0x34,},{0x06,0xf5,0x51,0x98,0xb4,0x19,0x19,0x14,0xb7,0x43,0x06,0xf3,0x8e,0x38,0x13,0x16,0xea,0xc4,0x0b,0x5b,0x5a,0xdb,0x8a,0x31,0x24,0x64,0xf6,0x71,0x75,0xec,0xf6,0x12,0xe0,0x14,0x7b,0x1c,0xef,0x46,0xc2,0x51,0x87,0x50,0xa5,0x60,0x6b,0xb0,0x3b,0xc6,0x46,0x7b,0xb9,0x32,0x15,0x14,0xf6,0x9d,0xcb,0xeb,0xce,0x8f,0x69,0x05,0x80,0x02,},"\x68\x56\xcc\x71\x44\xb6\xbd\xdc\xc4\xb5\x89\x54\xd1\xa2\xe7\x10\x1d\x65\x84\xb5\xd5\xe7\x19\xa0\xae\xa0\xfb\xbd\xf2\x21\xc2\xa2\xaa\xcb\xac\xdc\x40\x20\xc5\xc8\xce\x68\x1f\xf7\x38\x1a\xcd\x60\x7b\x0f\x52\x39\x69\x23\x35\x70\x06\x55\xbe\x2d\x94\xc5\x3d\x7b\x51\x48\xe9\x2a\x2b\xc1\x63\x38\xc2\xf4\xc1\xa7\xd1\xc5\x95\xaf\x62\x2c\x24\x0c\xe5\x79\xa5\xe0\xf5\xb6\x51\xbf\x56\x25\x18\xce\xc8\xaa\x2c\xe4\xb4\xaa\xdb\x1f\x2f\xda\x6c\xf6\x29\x5b\xc3\x78\x03\xb5\x37\x7d\xab\x65\xc9\xb9\xa2\x94\x9f\xdd\x49\xbf\x9d\xdc\x8f\x96\xd2\x60\xff\x95\x1b\xf8\xe8\xcc\xf9\x82\x7e\x68\x69\xc4\x4b\xfd\x97\x33\x58\xce\xfd\xb0\x10\xdb\x5e\x1f\xe5\xdb\xd9\xf5\xd2\xb2\xca\x39\x3c\x17\xd4\x46\xf6\x37\x05\x9e\x69\x2d\x7a\x91\xaa\xdc\xc7\x68\x9f\x5f\x9e\x1b\x30\x52\x17\x5d\x9b\x6b\x20\x8f\x90\x26\x78\x7f\xdb\x66\x78\x3f\x45\x37\x2a\x24\x94\x6b\x1b\xd1\x68\x7b\xf0\xcf\xcc\x81\x74\xeb\xe4\xd3\x2e\x43\x28\x4f\xc7\x8d\x78\x44\xde\x0f\xa2\x2e\x20\x65\xe0\x75\x28\xba\xab\xaf\x01\x5c\xb3\x4d\x62\x9c\x35\x96\xad\x04\x0d\xe3\x1c\x56\x20\xeb\x26\x6d\xef\xa7\x53\x3a\xc0\x40\x19\x98\xe5\x67\x3a\x75\x43\x65\x04\x7d\xeb\xfc\xf7\xe1\x37\xa2\x0d\x16\xcd\xd6\xa5\x52\x19\x82\xf4\x44\xcf\xc3\x42\x93\x97\xc6\x41\xbd\x7e\x74\xa7\x70\xbb\x11\xfc\xb2\x94\x83\xe3\x37\xba\xe5\x16\x9e\xe8\x2d\xa9\xa9\x1a\xdf\x3a\xf6\x7c\xd8\x14\xc2\x82\x5d\x29\x01\x8e\xf0\x35\xea\x86\xf8\xde\x4c\x75\x63\xaa\xf6\x6e\x0c\x75\xd1\x7c\xa6\x8f\x49\xf0\x75\x8e\xc2\xd9\xc5\x17\x9d\x01\xaa\xed\x7d\x45\x15\xe9\x1a\x22\x2b\x0b\x06\xfb\xde\x4f\x07\xa7\xd9\xdf\x2d\xe3\xbc\xae\x37\xca\x2c\x84\x60\xc2\xa6\xb3\x74\x9e\x9b\xda\x36\xd0\x8e\x66\xbc\xc3\x56\xb3\x90\x43\x4b\x4a\x18\xcf\xa4\x5a\xf5\x57\xdc\xa3\xd8\x57\xff\x3a\xd3\x47\xcf\xb0\x7e\x23\x58\xc2\xac\xfd\x5c\xd5\x3b\x3b\x0e\xa2\xa4\x1e\xe5\xc0\x80\x2f\xd4\x73\xdb\x5f\x30\x52\x63\x34\xda\x41\xeb\x4b\xc7\x51\x83\x83\x89\x8a\x0b\x75\x07\xad\x4c\xa2\x89\xd6\x6c\x5e\x2e\xb7\x5c\xf2\x55\xdf\xf3\x12\xcb\x1e\x04\xee\xbe\xb4\x7f\x29\x30\xb9\x0d\x5e\x00\x2e\xb0"},
+{{0x0b,0x2e,0xc6,0x27,0x63,0xf6,0x87,0x59,0x31,0x35,0xda,0x19,0x61,0xef,0x29,0xa2,0x88,0x08,0x96,0x96,0xd9,0x44,0xb2,0x65,0xa5,0xf9,0x68,0x93,0xcd,0x2d,0x82,0x25,},{0xc1,0xe2,0x34,0xfa,0x8b,0xc9,0x6d,0x26,0x8e,0x7a,0xad,0x02,0x8b,0x03,0xf0,0xa9,0x11,0xb6,0x97,0x71,0x5d,0xb3,0xa2,0x1c,0x2f,0xc7,0xdf,0x48,0xec,0xda,0x88,0x75,},{0xff,0x70,0x1f,0x34,0xb3,0x59,0x4d,0xe3,0xb8,0x00,0x45,0xf4,0x29,0xe5,0xe3,0x2d,0xd8,0x8d,0x60,0x51,0xd4,0x19,0x5f,0x16,0x85,0xbe,0x78,0x37,0x66,0xe8,0x01,0x19,0x36,0x8f,0x56,0xb3,0x74,0x97,0x25,0xb9,0x13,0xf1,0x22,0x3f,0x87,0xfb,0x0f,0xb2,0x4d,0x9d,0xfa,0x08,0x41,0xd6,0xa0,0xe2,0xeb,0x1f,0xdd,0xf7,0x75,0xc2,0xd2,0x05,},"\xa8\x34\x34\xc6\x86\x93\xd5\xfc\xed\x91\xbd\xa1\x02\x13\xfc\xd5\x0c\x48\x92\x0b\x90\xce\xe9\xb7\x3a\x9c\x61\x08\x1a\x09\x74\x93\x3f\x4f\xdb\x0a\x67\xe6\x71\xf8\x35\x1b\x0e\xd5\xec\x0f\xe7\xb5\xfb\x0c\x87\x58\x6f\xe5\x82\xff\xb1\xbf\xa2\xdb\x5f\xce\xdd\x33\x02\x42\x82\x34\xb2\xbb\x0e\x72\x6d\xed\xf4\x5b\x13\xa7\x0c\xd3\x5a\xb3\xe2\x99\xd1\x3f\x34\x50\x35\x08\x27\x8c\x44\x58\xee\xa5\xb7\x35\x1b\x05\x83\x6b\xda\xd5\xb0\x5f\x60\xe4\x45\xfc\x65\x73\x7a\xe2\x7d\x2e\x52\xdf\x9c\x39\xe5\xda\x02\x86\x39\x2d\x08\xff\xf7\xec\xb7\x06\x68\x20\xfc\x90\xfc\x8a\x44\xd5\x61\x65\x61\xc5\x0b\x52\x71\x47\x02\x30\x2b\xca\x58\x74\xde\x85\xdb\xa0\x45\x04\x5f\x9f\x0e\x60\x4e\xb8\x6d\x6d\x7f\xbd\x77\x5f\x72\xea\x49\x3b\x2c\x4e\xf7\xc3\xbe\x16\xdb\x2c\xa7\xe4\xd8\xbd\x79\xeb\x20\xcf\xb5\xf0\xf6\xf0\x53\x36\xb7\x5c\xc8\x6d\x21\x9f\x3b\x8f\x2e\x91\xba\x7d\x52\xb6\x4f\xdd\x6a\x66\x64\xf0\x4f\x2f\xba\xb7\x58\xcd\xf9\x84\x16\x86\x91\xc3\x2f\x53\xe8\x61\x6b\x49\xf7\x6a\xb7\xb1\x92\xb9\x00\x90\x30\x82\xcc\x89\x65\x6a\x97\x05\x80\x4c\xc9\xb9\x28\x8a\x3e\x42\x17\x09\x84\xf8\xdc\x45\x4e\x08\x64\xb9\x34\x16\x72\x68\x6a\x17\x8c\x06\x00\x50\x17\x8a\x36\xc6\xd9\x06\xb2\xce\x07\x0d\x8f\xaa\xac\xd9\xa5\x8c\x79\x4a\x5e\xa4\x10\x8b\x4a\x48\x5c\x65\x81\x1c\x2d\xca\x2e\xe7\xbb\x10\xbf\xff\xf7\x5d\x45\x86\xb9\x90\xf4\x37\x63\xa1\x6f\xbc\x0b\x48\xae\x1f\xaf\xb0\x8a\x9a\x36\xfa\x43\x26\x84\x5d\xba\x5b\xa2\xfb\xd3\x2b\xbf\x66\x50\x5c\x5e\x86\x57\xed\x01\x07\xe3\xe1\x61\x44\xef\x31\xfa\x6a\xae\x72\xe7\x74\x09\x74\x83\xf5\x48\x0a\xa4\x55\x40\x56\x8f\xd0\x8c\xba\x0d\x57\x77\x68\x00\x4f\x58\xae\x9b\x95\xbe\x37\x4e\xd7\xf0\x29\x9f\xe7\x21\x27\x5e\x47\x6e\x0b\x9a\xb7\x2d\xc0\x6e\xa3\x28\x38\x4e\x39\xbf\x3a\xc3\x31\xc6\x25\x48\x43\x12\xcd\x9b\x06\xb1\x5a\x29\x54\xd3\x3e\x7a\xab\xa6\xbe\x22\x61\x88\x6c\xa8\x11\xdb\x96\xb1\x14\x3d\x06\xdd\x6e\x0f\x3c\xba\x7a\x1a\xe9\xb9\x4e\xaf\x67\x77\x1b\xb2\xd2\x4e\x2f\x94\xde\x9c\x47\x0f\xcd\xe7\xbf\xdb\x32\xf4\x10\x19\x8b\x5a\xa9\x69\x8e\x32"},
+{{0x89,0x60,0xd7,0xbe,0xe8,0xc6,0xb3,0x9c,0xa5,0x93,0x4d,0x7c,0xdd,0xd1,0x6f,0x16,0xb3,0x66,0x3e,0x6e,0x03,0xe8,0x33,0xc0,0x57,0xe2,0x18,0x1e,0x45,0x97,0xcb,0x68,},{0x43,0x40,0x90,0x95,0xd4,0xf5,0x0f,0x5e,0xdd,0xbd,0x5c,0xd4,0xd2,0x01,0x22,0x98,0xcb,0x41,0xa4,0x0e,0x99,0x49,0x2d,0x5a,0x2d,0xb0,0x8b,0xe5,0x37,0x7e,0xa1,0x83,},{0x72,0x13,0xdd,0x4a,0x79,0xfd,0x54,0xde,0xc0,0xc5,0x48,0xef,0x42,0xe6,0xca,0xe0,0x15,0xbe,0x77,0x80,0x2b,0xf5,0x15,0xcd,0x25,0x82,0x76,0x8f,0x72,0xf5,0x63,0xeb,0xb2,0xda,0x36,0xaf,0x4a,0xae,0xac,0x56,0xbb,0xff,0xc9,0x93,0x2c,0x2e,0x24,0xec,0x95,0xda,0xff,0x00,0xa5,0xf7,0xa0,0xac,0xab,0x9c,0x8b,0xd3,0xc2,0x3b,0xb4,0x0c,},"\x30\x8d\x84\xc7\xa5\xf7\x86\xe5\x63\xe5\xc1\xea\x57\xaa\xb5\xe5\x55\xc0\x09\x97\x74\x9d\x15\xae\xe3\x54\x39\xef\xa6\x45\xda\x2c\x39\x67\x70\x31\x15\xc6\xc6\x3e\xd7\xf9\x47\x85\xc5\x47\x8f\x38\x46\x7b\x86\xe7\x62\x6e\x8f\xff\xa4\xd5\x1a\x2d\xc4\x5e\x6d\xf2\xa3\x5c\xec\x99\x55\x5e\xab\xc9\xf7\xa9\x3e\x2e\x2b\x68\x94\x59\xb4\xe0\xc9\x2b\x35\x15\x62\xc4\x17\xb1\x99\x71\x13\x75\x4e\xa5\x9e\x4a\x91\x51\x07\x28\xff\x30\x71\xa2\xbb\xd1\xf4\x65\xa6\x87\xf6\x7d\xae\x95\x56\x15\x03\x1a\x8a\xd5\x51\xfe\x73\x8a\x26\x0b\xbc\x44\x6b\x48\xdc\xa1\xd9\x79\x05\x1a\xb5\x84\x08\x32\xe1\x9d\x47\x3b\x66\x62\x17\xa9\x18\x39\x80\xd6\xb2\x7e\x3d\x3c\x76\xd9\x36\x65\xba\x23\x93\xe6\xab\x1a\x42\xc3\x90\x4d\x40\x25\x93\x2d\x60\x1a\x20\x2a\x59\xa4\xc4\x9f\xdb\x77\xf0\xe0\x28\x68\x24\x7d\xe5\xaf\xdf\xaa\x1b\x89\x42\x08\xac\x00\xd7\x7c\x6b\xb5\x4c\x6b\x2a\x73\xa4\x76\x57\xe4\x4c\x85\x13\x79\x63\xb5\x75\x21\xaf\x20\x97\x62\x48\xeb\x26\x14\x82\x14\x7c\xdf\x7a\x14\x5c\x36\x43\xe2\x9e\x05\x88\xbf\xda\xe6\xa0\x82\x90\x48\x53\xce\x5a\x10\xd2\x49\x70\xeb\xdf\xb7\xf5\x9d\x5e\xfd\xd6\xa5\xe7\xe0\xd2\x87\x97\x1c\x84\x6a\xcd\x54\xd8\x4d\xd4\x54\x68\xa4\x11\x0b\xab\x6e\xf8\xd9\xa5\xb4\xb2\x42\x67\x88\x90\x0b\x7e\x1a\xdf\xe0\x62\x43\x44\xf9\x8f\xe5\x9e\xf8\xa1\xe6\xc4\x05\xb3\x44\xeb\x97\xbb\x20\x47\x73\x74\x4b\x6a\x2d\x8c\x6e\x65\xd1\x7c\xea\x07\xde\x03\xb7\xf0\xfe\x49\xf1\xa5\x5c\x33\xd5\xf1\x5c\xe5\x5d\xf7\xc9\x56\x1b\x25\x1c\x6a\xc8\x07\xa9\x25\x53\xe1\xce\x91\x70\x12\xdc\xcf\xd6\x9e\x7d\xbd\x03\x8c\x7e\xee\xca\xe9\x86\x23\xf1\x8f\xbb\x65\x0e\x22\x18\xa0\xbc\x0f\xff\x43\xa7\x5a\x11\x64\x48\xbb\x73\x62\xf5\x27\xee\x6b\xc8\xe1\x07\x61\xcc\xcf\x9b\xcf\xc0\xd0\x00\xf2\x12\x7b\x4c\xc1\x92\x11\xd0\x95\xa0\xbd\xaa\x4e\x4b\xe4\x51\x9e\x6c\x84\x45\xea\xb9\xb3\x14\x4a\x45\xca\xb9\x99\x61\x35\xbf\x7f\x75\xa7\x8d\x22\x27\x59\x00\xf4\xce\x1f\x0a\x9e\xac\x13\x63\x64\x10\x30\x62\x89\x3d\xad\x43\x90\x42\x2b\x77\xe5\xf5\xd1\xd9\x4d\x70\x29\xc6\x09\x7b\x35\xca\x64\xa7\xa4\x76\xfc\xc7"},
+{{0xef,0x6b,0x9b,0x51,0xfd,0x4f,0x85,0x86,0xca,0x62,0x65,0x8e,0x04,0x2f,0xc0,0x9a,0x83,0xb9,0x43,0x03,0x35,0x26,0xff,0xc3,0x26,0xc6,0x5e,0xb3,0xa5,0xfb,0x59,0x4b,},{0x1d,0x6e,0xec,0xe8,0x05,0xe0,0x88,0x78,0x21,0x87,0x6b,0x7e,0xd6,0xed,0x5b,0x07,0x14,0xd6,0x46,0xfb,0xec,0xda,0x38,0x76,0x4f,0x94,0xc8,0x15,0x5e,0x61,0xd0,0x04,},{0x71,0xd1,0x71,0x07,0x1c,0xd0,0xfe,0xa1,0xc6,0xa9,0xcf,0xad,0x1f,0x7f,0xd8,0x35,0xe8,0x5f,0xf9,0x06,0x77,0x8b,0xc6,0x34,0x5a,0x4d,0xec,0x43,0x13,0xec,0xc2,0xbf,0xf7,0x55,0xa7,0x17,0xeb,0xd9,0x12,0xa5,0xe0,0x28,0x40,0xac,0x07,0x38,0x42,0xf9,0xbf,0xca,0xa5,0x89,0x13,0xe2,0x60,0xe3,0xc7,0x33,0x93,0xd3,0x66,0x85,0xc7,0x0e,},"\xa8\xf3\xf1\x96\x65\xde\x23\x90\xd5\xcc\x52\xb0\x64\xb4\x85\x12\x73\x67\x74\x86\xd8\xf5\x56\x3b\xb7\xc9\x5f\xa9\x4d\xb3\x35\x61\x61\xee\x62\x22\x21\xf1\x0c\xbb\x1f\xa1\x95\xaa\xc7\x23\x1e\xa7\x16\xd7\x4b\x46\xb3\x7b\xc8\x5a\x70\xdb\xa3\xdf\xaa\x16\x75\x21\x7b\x35\x11\x99\xe7\x4a\x97\x10\x28\xf7\x29\xb7\xae\x2b\x74\xae\x8c\x6b\x3a\x06\x79\xc3\xe3\x29\x68\x02\x84\x4a\xd5\xbb\xa3\x43\xf6\xf9\xf7\xc4\x66\x1b\x4a\x29\xb4\x4f\x17\xe8\x9e\x11\x4f\xb2\x20\xe9\x84\xcd\x98\x0e\x94\xc3\xd2\xbf\x98\x73\xe0\x60\x5c\x92\x30\x17\x44\xa3\x03\x5e\xf0\x46\xba\xd2\x66\x6b\x5c\x63\xeb\xec\xf9\x3c\xc1\x40\x29\x19\x46\xc0\xfa\x17\x03\x40\xce\x39\x50\x92\xde\xed\x79\x84\x13\x52\xfb\xfe\xe0\x3a\x92\x7e\xb4\x58\xf2\xa6\x33\xed\x32\x71\x65\x2f\x5b\x0f\x99\x60\xcd\xf9\x01\x5d\x56\xfd\xab\xd8\x9e\xe7\x1e\x25\x9a\xf6\xeb\x51\x4b\x4c\x1b\xd4\xa6\x66\xf5\xb5\xa3\x5c\x90\xf3\x5b\x14\x94\x57\xaf\x29\x44\xdd\x0a\xa8\xd9\xb5\x42\x28\x3a\x7e\x54\x12\xb7\x75\xe4\x21\xd2\x12\x6f\x89\xbe\xbc\x3c\xa3\x7f\x73\x07\x16\x21\xf1\x32\x1e\xee\x52\xe9\x69\x04\x86\xa3\x3c\xd7\xff\x9c\x99\x67\xfb\x65\xee\x4e\x90\x7b\x6b\x85\x22\x11\x47\x3d\x21\xe9\xd9\x1a\x93\x36\x2a\xc7\x61\x76\x0e\x8c\x7b\xbe\xa4\x86\xc3\xd6\x05\xf9\xe1\x1b\x86\x13\x68\x19\xa7\xab\x3f\x32\xf1\x3f\xfc\xa1\x68\x17\xfe\xd1\x97\xff\x88\x0b\x4d\x6d\x9a\x80\x8f\x7f\x87\x87\x63\xa0\x45\x72\x8d\xf7\x2f\xaa\xa9\x63\xe4\xcb\x1c\x09\xcc\x2b\x2d\xa9\x20\x28\x0c\x83\x66\xb7\xd1\x8b\xf8\x97\x2d\xf1\x6c\xc2\x34\x48\xfb\xe6\xb2\xe6\xe1\x6c\xbb\xf0\x74\x51\x29\x85\x40\x53\x18\x96\x37\xce\x11\x5d\x23\x98\x43\x3c\x15\xd6\xf1\x16\xa2\x05\x33\x48\x24\xaf\x28\x2f\xa7\x58\x49\x4c\x47\x86\x8e\xa8\xf4\xdf\xad\xc7\x05\xe8\x61\xaa\xd2\xeb\x8e\xf3\xdb\xbe\xd2\xa4\x56\x9e\x15\x83\x4a\x76\x0c\xce\x0c\xbb\xc8\x4b\x28\x9e\x77\x9b\x98\x83\x46\xb9\x06\x9c\x74\x4c\x97\xab\x2b\xf4\x2b\x08\x6d\x2f\xb0\xa4\x11\xf5\xce\x99\xf0\x81\x9a\x30\x86\xb4\xfe\x9d\x96\xc7\xc9\x90\x8d\xce\x28\xdf\x1d\xdd\x30\xf3\x50\x1d\xda\xf7\x81\x10\x73\x4f\x9d\xcd\xfe\xc3"},
+{{0xba,0xd4,0x7c,0xd4,0xbd,0x89,0x84,0x90,0x67,0xcc,0xe1,0xe6,0x3c,0x3d,0x91,0xe9,0xb7,0x87,0xae,0xa8,0x58,0x4e,0xdb,0x07,0xf3,0x45,0x1e,0xf6,0x7e,0x7b,0xd7,0x9b,},{0xab,0x0c,0xe9,0xba,0x1d,0x29,0xbd,0xfb,0x85,0xa0,0xe6,0x6b,0x76,0xb5,0xe2,0xe0,0x5f,0xf7,0x32,0x56,0x9e,0x43,0x75,0xcc,0xd7,0x50,0x98,0xe9,0xe7,0x1d,0x17,0xbf,},{0xe5,0x72,0x4a,0x1d,0xd4,0x63,0xa9,0x7d,0x12,0x22,0xc5,0x18,0xc4,0x92,0x5d,0x32,0x22,0x02,0xd1,0x0f,0x04,0xcd,0x07,0x8e,0x77,0x1e,0x0f,0xb3,0x95,0x1d,0xbc,0x14,0x93,0xa2,0x34,0x46,0x07,0x54,0xc3,0xaa,0xe3,0xdf,0x93,0x00,0x8d,0xbb,0xfb,0x31,0x0c,0x99,0x59,0x2b,0xed,0xe7,0x35,0xa4,0xae,0xab,0x03,0x23,0xa1,0x21,0x0d,0x0e,},"\xb5\xa6\x1e\x19\xe4\x86\x3e\x0b\xb5\xf3\xfa\xb6\xc4\x97\x0d\x87\x85\x96\x89\x55\x21\xfa\x1e\x7f\x67\x8c\xaf\xa2\xde\x53\x32\x2f\xd4\x58\xa9\x8a\xa6\xe3\x58\x05\x42\x9f\x65\x12\x91\xb9\x5b\xd9\x95\x0e\x15\x5f\x3a\xda\x0b\x60\x91\x59\xa4\xab\xda\x59\x90\xc0\x4b\xc2\xe7\x64\x42\x2f\xb4\x9e\xf4\x2f\x12\x52\x9f\xf6\xf6\xa8\x20\x29\xff\x01\x85\x66\x2e\x65\x8f\x83\xc5\x46\xee\xd0\x9f\x06\xb5\xa6\x8e\x85\x7c\xda\xd0\xeb\x9e\xc4\xee\xcb\xfd\x88\xf3\x4b\xc8\x09\x90\xf8\x64\x4a\x9b\xfd\xde\x1d\x9f\x3a\x90\xd5\x57\xa8\xb8\x28\xd5\xce\x06\xa6\x4e\x3b\x23\x85\x82\xbb\x4c\xbe\xba\x30\xed\xc4\x9e\x81\x22\xc5\x5e\x95\xba\xdc\xf5\x02\xcc\x56\x78\x69\xc0\x9e\x9f\x46\xc6\xff\x3f\x68\x78\x98\x6b\x1d\xe0\x0b\x72\xa1\x85\x80\x46\xfc\xd3\xa6\xe9\xcd\xaf\x5b\x07\x3c\x56\xf2\x02\x50\x63\xa2\xd1\x78\xbd\x4c\x1e\x8c\xbc\x1e\x6e\x67\x1a\xa9\x7f\xb2\xcb\x4c\xc8\xa6\x2c\x20\xbe\x41\xc7\x76\x37\x2c\x8e\x7b\xe6\x3b\x48\x2e\x6c\x63\xfa\x85\xd7\xcf\xfb\xc1\xb2\x82\x0b\xae\x1f\xc1\x28\x34\x3a\x1e\x20\xfc\xf1\xbc\x35\x02\xee\xe8\x13\x58\xcc\x9a\x74\xc7\x2a\xf6\x35\x30\xf9\x6a\x25\xa6\x04\x64\x8f\xf5\x70\xdf\x1e\xb8\x9d\x1f\xdd\xba\xb2\x86\x79\xba\x2e\x9b\x41\x97\x7e\x9a\x9c\x1c\xae\xcd\xbf\xc3\x61\xa1\xdd\x05\x5e\xc5\x16\x20\xa9\xbb\xdb\xba\xf7\x18\xc9\xcc\x13\x6d\x20\x07\x71\x03\x99\x53\x6d\x13\x33\x24\x85\xec\x38\x87\x97\x85\xe0\xc9\xce\x99\x15\xa8\x02\x51\x37\x39\x90\xa5\x9b\xce\x44\x03\x26\x03\x1a\xb1\xb4\x58\xbf\xa5\xb8\xa4\x79\x3d\xa4\xee\x11\xab\x7a\xf2\x0d\xe2\xa1\x18\xc9\xae\x52\x1a\x41\x7b\x68\x20\x7f\xc8\x85\xe1\x09\xd8\x46\x3e\x9f\x02\x27\x87\xcc\x73\x0d\xb0\xb1\xfa\xae\xd2\x57\xbe\xd9\x01\x71\x08\x85\xb7\x4e\x99\x4f\x54\xf6\xf2\xae\xb6\x4f\x0f\x60\xb5\x9e\xfb\xf2\xe3\xbb\x65\x15\x42\x46\x03\xa1\x13\xc0\xb8\xa3\x1b\xa3\xc1\xe9\xa9\xb8\x11\x8c\x87\xec\x69\x49\xb7\x5f\x49\x62\x7e\xa7\xb1\x32\x88\x89\x39\x11\x04\xd4\xf4\xa3\x89\x2c\xf0\x0f\x26\xa7\x3c\xda\x2a\x40\xf9\xb7\x15\x7a\xfc\x40\x66\x7f\x4a\x04\xf6\x47\xdb\xf9\x39\x06\xb8\x4c\x9a\x35\x16\x4e\x1b\xc9\x02"},
+{{0xca,0xba,0x8e,0x05,0x33,0x11,0x3a,0x4b,0xe1,0x73,0x40,0x8b,0xa8,0x3c,0x0d,0xb7,0x42,0x60,0x80,0x2f,0x91,0x86,0xc3,0x91,0x40,0x26,0x55,0xac,0xde,0x60,0x15,0xcb,},{0x2d,0x7b,0xef,0x61,0x64,0xc2,0x79,0xfa,0x10,0x28,0xa9,0x78,0x8e,0x3e,0x8e,0xe8,0xac,0x15,0xed,0xcf,0x92,0xa5,0x85,0x50,0x62,0x95,0x23,0x10,0xb4,0x68,0x45,0x47,},{0xec,0x35,0xec,0x32,0xc8,0xa4,0x00,0x88,0x27,0xe1,0x78,0x49,0x2b,0x3b,0x8b,0xee,0x22,0xa4,0x95,0x4f,0xc6,0xb2,0x5f,0x4f,0x22,0x5d,0xd7,0xed,0x23,0x69,0x89,0x00,0xde,0x81,0x56,0x75,0x6a,0x8e,0xdc,0x35,0xc5,0x1d,0x10,0xf8,0x2b,0x83,0x0a,0x2a,0x65,0x96,0x76,0xea,0xc9,0x11,0xf9,0x60,0x24,0x47,0x66,0xe0,0xc3,0xc6,0x07,0x05,},"\x24\x13\xa3\x2b\xca\x5c\xe6\xe2\x30\xe5\x65\xeb\x85\x84\x93\xd5\xd0\x4e\x6d\x2e\x2a\x7a\xb1\xf8\x9a\x3b\x42\x33\x11\x67\x6b\xfa\x93\xc6\x7d\xaa\xfd\x1c\xfc\x71\x09\xe0\x40\xba\xc5\x2c\xbf\xe0\x7c\x28\x28\x0b\xb6\xac\xf6\xe3\xa3\x10\x73\xda\xb2\x96\x53\x78\xdd\x77\xf6\x1f\xe9\x24\x71\x35\xc1\xa6\x31\xb7\x9a\xd6\x68\xc9\xea\x1c\xd4\x11\x2d\x8d\x3a\x06\x4c\xc2\x1d\xf3\x2a\xea\xc7\xdd\x71\x8b\x09\x1f\xb6\x91\x5b\x8b\xc0\x63\xbb\x58\x15\xc3\x76\xe0\x14\x76\x31\x2a\x2e\x54\x33\x41\x7a\x7a\x93\x15\xd6\x59\x99\xb0\x2f\xf4\x64\xa4\x74\xa5\x97\xe5\x39\x88\x77\x36\x70\xec\xa4\x6a\x6e\x26\xcf\x96\xe9\x48\x8e\x9e\x63\x44\xbc\x78\x3d\xdf\xb5\x35\xe7\x6b\xb3\xb9\xa6\x03\xff\x4c\x59\xc7\xdb\xe2\xd8\xb6\x19\x8d\x5b\x24\x49\x0b\x4e\xa9\x6c\x95\x95\x9f\xfb\xf3\xd8\x21\x8e\x76\x0d\xaf\x20\xe0\x1e\x2f\x36\xc8\x4b\xb0\x97\x11\x5a\xbd\xde\xe9\x2b\xed\x82\xd1\x6b\x15\xa9\xe1\x92\xe9\x89\x3a\xc6\x38\x46\x1d\xf5\x07\x20\x7b\x0c\xf5\x95\x88\x4d\x8a\x99\xfb\x9c\x70\x45\xf9\xbf\xf7\xb7\x3f\x00\xca\x3f\xd5\x95\xa5\xce\xc2\x92\xad\xb4\x58\xbd\x94\x63\xbe\x12\x04\xd0\x16\x78\xd2\xf4\x38\x9b\x87\x20\x11\x5f\xa5\x97\xc4\x02\xb4\xff\x69\x4b\x71\xce\x4f\x3d\x33\x0d\x5e\x2f\x3c\x3a\xd6\xd9\x6a\x9b\x34\x39\x23\x0f\xc5\x3a\x44\x79\x4c\xda\x59\x55\x57\xc4\x06\xca\x15\x89\xbc\x7b\xe8\x1e\x2d\x79\x63\x60\x33\x25\x3f\xa7\xbd\xd6\x00\xc6\x7f\xc5\x59\x36\xbd\x96\xce\x04\x28\xc3\xeb\x97\xba\xd1\xde\x0a\x5f\xbb\x9b\x67\x51\x57\xde\x5f\x18\xbc\x62\xa7\xc2\x2c\x94\x83\xe2\x80\x2e\x67\x9b\x5b\x8f\x89\xdb\x0f\xc3\x7f\x7c\x71\x50\xad\x5a\xc8\x72\x2c\xeb\x99\x9b\x24\x35\xe6\x99\x72\x17\x09\x23\x36\xef\x1c\x8a\x22\x92\xda\xb9\xa4\x6f\xf8\xa9\xe1\x0d\x33\x55\x76\x5c\xac\x9d\x65\x98\x77\x0f\x4f\x01\xea\x63\x91\x25\xfd\x03\x16\x09\xdd\x1a\x50\x7d\x96\x28\x0c\x7d\x01\xa3\xee\x98\x7e\x9b\x21\x0e\xc8\x74\x4c\xd4\x8c\x74\xf8\xaf\xee\x96\x1e\x8e\xf2\x21\xf8\x26\xa1\xfe\x6e\x7d\xf0\xcb\x15\xad\x7c\x7e\xf4\xa9\x1f\x9d\x0f\x4c\x2e\x1b\xde\xa6\x35\xd2\x75\xfa\xc8\xc4\xbc\x06\x01\xf4\x90\xdb\xdb\xc7\x34"},
+{{0x9b,0xf3,0xfb,0xc7,0x30,0x8b,0x46,0xf6,0x03,0x6b,0xad,0xe0,0xc3,0xca,0x19,0x9f,0xac,0x66,0x2b,0x07,0xf1,0x03,0xbf,0x75,0x18,0x1d,0x52,0xba,0x6a,0x58,0xbe,0x05,},{0x2f,0x6a,0xc6,0xfc,0x33,0xbc,0x06,0x0c,0x1d,0xc3,0xcb,0x9d,0x1a,0x2b,0x91,0x15,0x84,0x5a,0xdd,0xb1,0x6c,0x4b,0x84,0xbe,0x37,0xed,0x33,0xad,0xb3,0xb3,0xd3,0xa8,},{0x0c,0x31,0x36,0xe0,0x1f,0x9b,0xcd,0x99,0xe1,0x0d,0x3d,0x12,0x4b,0x0c,0xdb,0x07,0x72,0xbe,0xc1,0x8a,0x86,0x4b,0xe8,0x1b,0xd1,0xda,0xa4,0x4d,0x81,0x8c,0x3d,0x47,0x0d,0xfa,0xa8,0xab,0x6e,0x9a,0x76,0x1c,0xf0,0x3f,0x93,0xef,0x9c,0xc7,0x82,0x91,0x09,0x6e,0xd6,0xd1,0x0c,0x08,0xfa,0x2f,0xba,0x3b,0xac,0x04,0xdd,0xe2,0x0f,0x0c,},"\xd6\x5e\x36\xa6\xa3\x81\x95\xec\xb9\x1d\xe3\xc8\x48\xb5\x1f\x63\x92\x45\xfa\x2b\xab\xa8\xa6\xf8\x59\x47\x15\x9d\xec\x0e\xd3\xfa\xe8\x0c\x5a\x0f\x8c\x66\xff\x24\x79\x3c\x89\xc0\xc6\x87\x54\x3b\xc6\x33\x54\x7a\x1f\x37\xf7\x30\xd9\x70\x12\xeb\xbd\xc7\xac\x33\x9c\x48\x90\xc0\x85\x6b\xbf\xe2\xba\x29\xb2\x5a\x7a\xa6\xb0\x89\xc0\x33\xfe\xcb\x76\xdb\x62\xdd\x3c\x00\xf6\x42\x1b\x9e\x76\xdd\x0e\xa3\x66\xeb\x2d\x4a\x05\x2e\xe6\xcc\x73\x6e\x38\x19\x19\x1d\x5a\xd7\xa6\x6d\x2b\xe0\x42\xcc\x65\x39\xe5\xf3\x56\x52\xb1\x55\xa7\x27\xf3\x88\x8d\x93\xf9\x3a\x91\x02\x59\x8f\x75\x38\xa9\xab\x7c\x77\x7e\xec\x79\x42\x6a\x60\x75\xd6\xf3\x8d\x64\xc4\x85\x52\x0f\x64\x13\xff\x4d\x35\x8a\x8a\x9c\xbd\xab\x01\xad\xf4\xdb\x02\xad\xae\xa2\x64\x94\xd1\xf5\xd6\x17\x63\x7f\x27\x7f\x8b\x0e\x6e\x7e\x61\xe2\xee\xcc\xdd\x33\x7d\xe2\xba\xf0\xca\x26\x4c\x14\xc8\xcb\x83\x68\x00\x0b\x9c\x71\x43\x85\xf4\x13\x73\x7d\x68\x16\xe2\x12\xca\xe2\xae\xcf\xff\xc3\x2f\xd1\x6d\x46\xc3\xec\xee\x6a\xb0\x74\xc0\xd7\x68\xbd\xfe\x99\xb8\x6c\xbb\xc8\xdf\x9c\x47\xcd\x58\x6d\x46\x58\x71\x26\x8d\x4a\x9d\x1c\x87\x72\x36\xab\x78\xf8\x85\x9c\x11\x4e\x25\x1c\xab\xc4\xbe\x0f\x8b\xc2\x5d\x14\x8c\x5f\x54\x3e\x29\x07\x45\xd1\x18\x03\xe4\x9f\x5b\x53\x19\x3f\xe3\x99\x69\xc0\x39\xb3\xf2\x49\xb3\x2f\x2b\x85\x98\xb6\xac\xf4\xed\x64\xd5\x75\x2b\xb7\x72\xff\x4e\xe0\x0c\xe0\xf8\x5e\xcb\xb4\xcf\xc4\xce\x07\xda\xf2\x80\x98\x68\xc2\x90\x3b\x78\x1e\x12\xa2\x74\x10\x5f\x06\x18\x10\x29\xe4\x7f\x2b\xfb\x21\xf4\x94\x80\xaa\x1e\x44\x47\x15\xc0\xb9\xff\x07\xea\xd8\x89\x75\xd9\x35\x85\xd2\xff\x42\x48\x32\xa9\x78\x3d\x94\x90\x6a\x60\xf8\x77\xae\x1c\x85\xff\x15\x31\x7b\xad\xca\x1e\x61\x31\x74\x33\xc7\xce\x96\x27\x9b\x67\x8e\xc9\xd1\x74\xdd\x08\x70\x08\x0b\x23\x41\x54\xf6\x26\xa5\x34\x62\xcf\xd5\x47\x84\x2e\xab\x87\x05\x60\x5b\x8e\xe8\x85\x72\x9e\xe7\x8d\x18\x33\xaa\x43\xf5\x5a\xc2\x27\x31\x98\x9f\xde\xda\x7d\xc5\xfa\x9c\x01\x98\x5f\x26\x61\xe6\xc7\x32\x6d\x34\x6e\x6d\xb2\x7e\x6f\x92\x1f\xae\x7c\x93\xa2\x17\x0e\x10\xdd\x0c\x46\x0b\xdc"},
+{{0x64,0xe8,0x93,0x04,0xa3,0x35,0xe9,0x03,0xcb,0x36,0xc0,0xbd,0xf1,0xa6,0x41,0x2e,0xf3,0x68,0x46,0x80,0x06,0xb7,0x3d,0x3d,0x2d,0x61,0xcb,0x03,0x0c,0xc5,0xf8,0xd1,},{0xa1,0x80,0xef,0x3a,0x66,0x1c,0x3c,0x47,0x9d,0x5f,0x69,0x80,0x7c,0x90,0x27,0x48,0xe3,0x5e,0x7f,0x72,0x51,0x21,0xe3,0x7a,0x5d,0x91,0xb8,0xbe,0xc8,0x8d,0x83,0xa6,},{0x92,0xeb,0x44,0x54,0x81,0x40,0x01,0xec,0xfc,0x18,0x02,0x5d,0x64,0x21,0xf6,0x46,0x45,0xa5,0xbc,0xbb,0x5c,0xb8,0xfd,0x85,0xc1,0x4d,0x77,0x26,0x17,0xc5,0x03,0xe8,0xbe,0x7d,0x3b,0xcf,0x11,0x7f,0x5e,0x68,0x01,0xd1,0xc3,0xb9,0x6f,0x90,0x90,0xa6,0x6d,0xdc,0x67,0xf8,0xcf,0x8f,0xf0,0xf1,0xc1,0x25,0xb1,0x6b,0x15,0xe2,0xce,0x07,},"\x2f\x51\x07\x4d\x98\x1b\xda\xfa\xfb\x02\xa4\x0f\xe8\x26\xc4\x5f\x31\x71\xc1\xb3\x18\x4d\x8c\x26\x0b\x82\xb8\x41\x1f\xc6\x25\xcb\x02\xcc\xfe\x75\x5d\xc2\x9d\xc7\x89\x5b\xf7\x59\xe6\x1b\x24\x50\xda\x1a\x65\x6a\x38\xd4\xf7\x0d\x2e\xe7\x48\xc5\x18\xc6\x42\x03\x06\xe5\xf0\x1e\xc7\xa0\xff\xe0\xe9\xdc\xeb\x93\xf6\xc0\x77\xb1\x26\x62\x88\x15\x84\xf9\x8c\xe6\xab\x94\x5f\x87\xfc\x6d\x12\x3c\x45\xd6\xcd\xfd\x82\x37\xa1\xce\x36\x35\xb6\x23\xa7\x9d\x02\x0d\xf4\x4c\x74\xb8\x9a\xc1\x4a\x32\x1f\xbf\x33\xa8\xc0\xa2\x55\x9f\xea\x1c\x2b\x15\x60\x76\xb8\x13\x90\x8f\x84\x2e\xbe\x4c\x2b\x94\x90\x89\xe5\x2b\x1a\xe4\x0d\xc6\xe4\xb2\xab\xbc\x43\x9a\x0b\xf7\x23\x69\x67\x9a\xab\x6f\x4c\x00\x01\x8b\xe1\x47\xf7\xc0\xa6\x7b\x96\x79\xee\x88\xa5\x38\x19\xc4\x9f\x7b\x67\x5e\x30\xa8\xb5\xaf\x39\x66\x1e\xe8\xdb\x21\x01\x04\x11\x29\x49\x68\xf8\x8e\x5d\x60\x4d\x0d\x88\xd7\x6a\x7e\x48\x64\xfa\xd3\xa5\x6f\x5f\x62\x4b\xa1\xb3\x4e\xa9\xcb\x72\x08\x50\xaa\xd3\xbd\x4f\x0a\x88\x2a\x7d\x25\xfb\xec\x2b\xb7\xca\x86\xda\x61\x6d\xa9\x6c\x15\x62\xc6\xd6\xa1\xab\xcc\x64\x1e\x1b\x58\xb2\xc1\x78\xe1\xc3\xbc\x8a\x3b\x36\xec\x9e\x14\x4d\xd2\xe7\x5b\x0b\xc8\xc0\x8c\xcb\x0d\x6e\x34\x27\xb0\x32\x2b\x3d\x6a\xb9\x3f\x3f\x60\xb9\xcc\x5b\x61\xda\xd0\x23\x85\xa1\x49\x49\xf9\xb8\x7a\x8e\x3a\xf1\xe0\xe0\xfa\xb7\xa9\xa9\x28\xc7\x53\xfc\x61\x10\x44\x4a\xf7\xcc\xaf\x80\x27\xed\x64\x1b\x9e\xd8\x7f\xa5\xd8\xe1\xf7\x6c\xae\x46\x5d\x57\xa7\x0d\xad\x9e\xbf\xdd\x3c\xe7\x57\x6a\xc4\xde\x89\xd9\x8f\x42\xe2\x82\xad\x87\xad\x6a\x50\x42\x57\x7c\xbb\xbc\x4d\x95\x1e\x2a\x86\x76\xfe\xdc\x8c\xb1\xb1\xbd\xf7\x6c\x3a\x38\x84\x63\x85\xa8\x5a\xa2\x47\x06\xc2\x0a\x8b\x38\x46\x5f\xe2\xae\x0e\x41\xf7\x8e\x61\x4b\x8e\x96\x42\xfe\x24\x71\xa9\x01\x57\x47\xdb\x97\x6e\x0c\x78\x48\xc2\x3f\xf3\xf4\x17\xcb\x05\xa8\xd5\xef\x40\x13\x0a\xdf\x85\x5c\x99\x8a\x62\x10\x4d\x7e\x2f\xb7\xc0\xf9\xaa\x2a\x49\x60\x75\x62\x3c\xed\x2c\x0f\x7e\xec\x10\x14\x7f\xf9\x60\x8a\x8a\x04\x2e\xf9\x81\x17\x45\x9b\x93\x83\x7f\xd1\xb8\xd5\xef\x03\x97\x8e\xad\xa7\x4c\xac"},
+{{0x6f,0x63,0x43,0x87,0xca,0x2c,0x0c,0xb1,0x67,0xa7,0x40,0xd6,0xaf,0xd8,0x9e,0x2a,0x28,0xf5,0x30,0x71,0x84,0xe8,0x1c,0xba,0x3c,0x03,0x70,0x46,0xa5,0xed,0xe2,0x3c,},{0x01,0x1f,0x2a,0x9a,0x11,0x1c,0x38,0xf3,0x49,0x0c,0xad,0x16,0x85,0xbe,0x78,0xec,0xee,0xdc,0x6f,0xac,0x4a,0x32,0x21,0x30,0x1c,0x69,0xc8,0x4b,0x1e,0xc7,0xb3,0xa7,},{0xfd,0x17,0xc6,0x18,0xcd,0xbb,0x5d,0x45,0x9e,0xa2,0xac,0xa8,0x86,0xf0,0x51,0x2c,0x62,0x32,0x51,0x28,0x4a,0xae,0x3a,0x83,0xeb,0x5d,0x7f,0x60,0xda,0x1d,0x9b,0x2b,0xa0,0x83,0xc4,0x55,0xa5,0xe2,0x58,0x3a,0x3c,0xba,0x73,0x6e,0x7b,0x96,0x1b,0xa1,0x9c,0x1c,0xc8,0xdd,0x90,0x74,0x5d,0xa8,0x2a,0x15,0xdf,0xc6,0x62,0xe8,0xe1,0x0d,},"\x86\x5c\x20\xa9\x4a\xc3\xf2\xe3\xbd\x5c\xb8\x5b\xec\x9d\x33\x72\x66\x71\xfe\x01\xf9\xc5\x37\x01\x7d\x59\xc8\xd5\x10\x6e\x43\x36\x0b\xf7\x6f\xc0\x61\x86\x70\x59\x80\xc8\xa8\x7b\xa3\x63\x3a\x4a\x17\x04\x26\xec\xc0\xde\xfb\x6d\xb2\x67\x0f\x5f\x59\x25\x33\x77\x4c\xda\x50\x05\x2a\xe5\x97\xd4\x8d\xea\xcc\x26\x37\x06\x3b\xfd\x51\x9f\x2e\x79\xba\xc8\x17\x75\xbe\xcc\xb1\xab\x2f\x5b\x39\x71\x2e\x2e\x82\x94\x69\xb7\x5a\x2d\x2d\xbd\x08\xaa\x6d\x24\x72\x34\x04\xb2\x5e\xb9\x48\xa4\x83\x4c\x55\x24\x6c\x80\x79\xa8\x2e\xc6\x43\x54\xe8\xc2\x38\x8f\x8c\x5a\x61\x6b\x3c\xdc\x37\x1e\x62\x63\xfa\xbc\x9f\x60\x99\x21\x9e\x86\x15\x85\xfe\x82\xa6\x7d\x61\x0d\xd1\xeb\x5c\x81\xc9\x6b\x5c\xb3\x54\xa6\x89\xfd\x8a\xac\x8d\xb7\x6c\x43\x3f\x0c\xb0\xb3\x1c\xf1\xd8\x55\xb6\xa3\x0a\x3d\x2a\x21\x2e\x9b\x4f\x7d\x7a\xfe\x61\x99\x51\xf9\x8d\x2f\x1b\xa2\xc1\x01\x08\x5b\xa8\x1f\x49\xb3\x60\x37\xcd\x64\x57\xa7\xea\xa8\xf4\xf3\xbe\xdf\x68\xd0\x9f\xc9\xfa\x25\xa9\xd7\x54\xdb\x65\x36\x02\x85\x41\x2d\x1a\x6d\xa5\x37\x88\x90\x5f\xcf\x4e\xfa\x8a\x80\xcd\x86\xca\x48\xb8\x45\x63\x3d\x8c\x31\xc2\xae\x06\xf1\x6c\x4c\x6b\xbb\xe9\xcd\x1a\xfb\x59\xe1\x01\xbe\x50\xe0\x35\x35\xdd\x8a\x65\xe4\x5b\xba\x46\xd4\x5c\xb1\x4b\xad\xfc\x8e\x93\xab\x52\x67\xf4\xe4\x92\xab\x1f\x9a\x95\xe6\x1f\xca\xb8\x1c\xbf\x2b\xd8\x67\xa3\xec\x7b\x4b\xaa\x18\x9a\x0f\x08\x56\x70\x75\x59\x61\x29\xdc\xf9\xff\x1c\x50\x2d\x32\x79\xe8\xaa\x6c\xe5\x6e\xaf\x13\x45\x82\xa9\xe4\x30\xa5\xaa\x8c\xa1\x0c\x3d\xa8\xbc\x79\x3d\x02\x56\xad\x19\xae\xa7\x14\x9f\x0e\xa7\xea\x95\xfa\xcf\xac\x1c\x5c\xfd\x29\xd7\xa3\xfe\x1a\x41\x79\x75\x73\x9e\x14\xda\x8e\xdc\x81\x99\x00\x47\x2c\xa8\xc6\x97\x16\x32\x8e\x8a\x29\x9f\x97\x4e\xdf\xf7\x41\xaa\xbc\x1c\x07\x4a\x76\x1b\x3e\xc8\x76\x1d\xda\x2e\x7e\xed\x7a\xf3\x3e\xf0\x04\x09\x84\x9d\x41\x54\x97\xc5\xed\x5d\xfa\xa2\x25\x9a\x31\xd0\x76\x39\x81\x70\xb2\xd9\xd2\x10\x20\x8b\x4a\x4c\x7d\xb8\xc6\x26\xd1\xc5\x33\x56\x2a\x1f\x95\x48\x9f\x98\x19\xe4\x98\x5f\xc4\xe1\xd1\xa7\x07\xbe\x5e\x82\xb0\x05\x48\x1d\x86\x37\x7f\x42\x4e"},
+{{0x4b,0x2e,0x1a,0xe6,0x0f,0xa5,0xd3,0x83,0xba,0xba,0x54,0xed,0xc1,0x68,0xb9,0xb0,0x5e,0x0d,0x05,0xee,0x9c,0x18,0x13,0x21,0xdb,0xfd,0xdd,0x19,0x83,0x95,0x91,0x54,},{0x36,0xc0,0x20,0xb1,0x85,0x52,0x34,0x56,0x19,0xef,0x88,0x37,0xeb,0x8d,0x54,0x94,0x84,0x0e,0x85,0xf4,0x68,0x09,0x34,0x3b,0x4d,0x6f,0x40,0x61,0x25,0xda,0x55,0x7d,},{0x22,0x20,0x11,0x9e,0x83,0xd6,0x9a,0x6a,0x3e,0xed,0x95,0xfa,0x16,0x6d,0x1d,0x11,0x28,0xa3,0xf2,0x32,0xca,0x1b,0x78,0xbc,0x94,0xb4,0xd4,0x76,0xc4,0x77,0x94,0x43,0x61,0x4b,0x87,0x72,0xaa,0x22,0x32,0xcb,0x07,0x20,0xa0,0x55,0xeb,0x71,0xd8,0x40,0x7f,0x3a,0xb1,0x9b,0xaa,0x1d,0x96,0x2c,0x05,0x2c,0x84,0xc0,0xbd,0x58,0x96,0x08,},"\xfa\xb9\x8b\x2b\xbf\x86\xae\xb0\x50\x86\x81\x2a\x4b\x00\x49\xa1\x04\x2a\xbb\x76\xdf\x9c\xd2\x90\x87\x55\x70\x63\x03\xef\xed\xb1\xad\x21\xe8\xbc\x8d\x75\x62\x34\x9e\x1e\x98\xce\x0d\x75\x2f\x4b\x3d\x99\xe6\x77\x36\x8b\xd0\x8c\x78\xfe\x74\x25\xec\x3b\x56\x0e\x38\x3b\xd4\x2a\xf6\x49\x98\x86\xc3\x5a\xdd\x80\xa5\x82\x8b\x61\xd6\x64\x4d\x7d\xc4\x43\xba\x2c\x06\xf9\xba\xd2\xec\xcb\x98\x3d\x24\x45\x8f\x6a\xda\x1b\x10\xbb\x5b\x77\x17\x2c\x5c\xdd\x56\xd2\x73\xd1\xe4\x10\x10\xb2\x5c\xf4\x8a\x7d\x58\xd7\x25\x57\x02\xac\x12\xf2\xa6\xfe\x29\x18\x46\x63\x95\xf4\x60\xd1\x52\x36\xd0\x35\xae\x94\x10\xca\x86\xc4\x60\x51\x28\x29\x9f\xaa\xf0\x90\x15\xf1\xad\xee\x77\x68\xee\x1a\x8f\x8c\xa0\x6d\x10\xdd\x7f\x95\xc4\x6f\xa1\x02\x53\x06\x5f\x9d\x6f\x90\x29\x59\x08\x80\x9f\xd7\x79\x57\x1b\xe2\x9e\x0a\xe6\x6e\x0b\xcb\xde\xb7\x91\x3d\x2b\xbb\x76\xac\x30\x2f\x34\x52\xc5\x5e\xf1\x99\xa4\x8e\xce\xb0\xe3\x59\x6c\x7b\x4c\x03\x86\xda\xe7\x10\x1e\xa2\x44\xa3\x3c\x4c\xdc\x83\x06\x72\xdf\x83\x65\x5b\x35\x33\x80\x52\x30\x7b\x94\xd2\x23\xca\xb1\xaf\x69\xe0\x7f\x78\xe5\x8c\xbb\x0c\xb3\xc5\x35\x1e\x3a\x6b\x0c\x4a\x92\x7f\x75\x62\xc5\x98\xd2\xd3\xdf\x90\x56\x9f\x61\xdb\x1a\x3c\xb0\x14\x0b\x56\xea\x02\xcf\x77\x45\xfb\xee\xc2\x02\x86\x73\xd6\x7f\x1e\xc5\xf7\xda\xf9\x71\x5f\x75\x4a\x9d\x8e\xd4\x6a\x7a\x63\xef\x72\x2e\xe0\xd5\x89\x93\x31\xb6\x3c\x97\x4f\xa8\x80\x42\x94\x35\x76\x7f\x96\x25\x4e\xf4\x6c\x99\x68\xf3\xfe\xda\xaf\xea\xf3\xe8\xf4\x56\x34\xb5\x4f\x5e\x0a\x5f\xc2\xd2\x37\x3a\xb9\xe9\x8d\x9a\xcf\xe3\x69\x7e\x64\x2a\x18\xe0\xdf\xd9\xfb\xc2\xf0\x94\x86\x6d\x40\x1f\x0a\x4c\xa2\xa4\x56\xed\xf6\xa1\xa7\x7b\x9c\x29\x6c\x39\x22\x06\x7e\xb3\xd5\xa5\xca\x0a\x77\xf4\x30\xe4\xc8\x61\x1d\x8f\x05\xa1\xba\xac\x16\x35\xef\x7b\xa8\x3d\xfc\x69\xd3\x01\x94\x98\x56\xbe\x4d\x2c\x8a\xb6\x1d\xe2\x9c\xf3\x92\x50\xc5\x79\x4c\xbf\x57\x50\xcd\xa9\x5d\x04\x68\xaf\xa2\xb7\xf2\x3d\xba\x4e\xf5\xf5\x29\x5a\x3b\xf4\x14\x00\x18\xb7\xed\x06\x18\x84\x44\x4f\x5b\xb1\xb7\xd2\x39\x31\x2d\xd7\x39\x99\x95\x36\xc6\x84\x45\x6e\xa0\x6b"},
+{{0xb2,0x16,0xce,0xbf,0x87,0x80,0x24,0xc2,0x0d,0xfc,0x86,0xce,0x4b,0x37,0xbd,0xc4,0x7a,0xa2,0x8f,0x29,0x20,0x3b,0x5b,0x44,0x92,0x50,0x65,0xd9,0x93,0xa2,0x59,0xfe,},{0xc3,0x6e,0xdb,0xb6,0x25,0x4a,0x91,0x3f,0x08,0xfe,0x25,0x9e,0x23,0x87,0x80,0x63,0x8f,0x72,0xec,0x0b,0x30,0x07,0x26,0x4b,0xcc,0x60,0xa9,0xe8,0x1e,0xe9,0x29,0x8f,},{0xb7,0x38,0x9e,0xe7,0x8d,0xd9,0x76,0x3f,0x9d,0x28,0x92,0x91,0x2e,0xdc,0xbe,0x3e,0x8a,0x23,0x6b,0x8b,0xdc,0x25,0xf4,0x4b,0x9c,0xfd,0xc8,0xc4,0x7c,0xd5,0x81,0x68,0xab,0x56,0xeb,0x04,0x02,0xa5,0xbd,0x75,0x2a,0xc8,0xf4,0x97,0x8d,0x2e,0xa2,0xb6,0x5d,0x2f,0xa8,0x52,0x65,0x96,0x6b,0x9f,0x57,0x22,0x7e,0xf4,0xa5,0x9a,0xe0,0x09,},"\x9c\x87\x17\xcc\x86\xfe\x02\x48\x0b\xfd\x9e\x92\x2b\xd7\x6b\xff\xee\x21\x70\xc4\xcb\x1b\x13\xdf\x83\x4a\xc0\x1d\x45\x00\x60\x86\x29\x7f\x1b\x8a\x26\xf2\xba\x67\x4d\x33\xe1\xd1\x62\xf1\x93\x67\xfe\xba\x97\x35\x2b\x7d\xf2\xe7\x5b\x30\x9d\x4b\x6f\x8b\x07\xcc\x0e\xb6\x77\x7e\x81\xe2\x68\xe0\x2d\x07\xf2\xa0\x8f\x8f\x39\xd5\xa8\x32\x0b\xfc\x01\xfc\x8c\x92\x27\xd2\xcf\x05\xe1\x28\x91\xff\x4d\xe8\x85\xa1\xc9\x33\x71\xa0\x91\x0b\xa5\x33\x92\xaf\xf9\xba\x2e\xed\x9a\x20\x55\x97\x7e\xc4\x15\x7b\xd6\x5b\x34\xdf\x79\x37\x2f\x4d\x50\xed\xbc\x48\x92\x43\x53\xcf\xa1\x69\x23\x19\xd8\x8a\x7a\x5b\xb7\x26\x25\x4c\x20\x92\x91\xe9\xb1\xd2\xc1\xa6\xc8\x23\x63\x98\x10\x9c\x59\xed\x42\xa0\xac\x9e\x76\x33\xc5\x20\x73\x4e\xcc\xfe\xa4\xfe\xa9\x5a\x47\xa8\xf0\xa0\x68\xb4\x27\x50\x00\x43\x9c\xc9\x7c\x57\x87\x1e\x10\x5c\xc0\x79\x0e\x9d\xcc\x9c\x25\xd5\xaf\x70\x63\xff\xd0\x5c\x4f\x37\x80\xe7\xbc\xa4\xc4\x56\xd0\x17\x0d\xa7\x09\xfc\x6c\xb3\xfa\xa7\x2b\xdc\xf5\x62\x90\x8a\xe9\x34\x0a\xef\x4d\x0c\x8b\x91\xf0\xfb\xcc\xbc\xf1\xcd\x89\x8b\x1c\x71\x6f\x4f\x14\x74\xc3\xaa\x31\x62\x42\xab\xdf\x63\x68\xe5\x7a\x24\x7f\xf2\xfd\x5c\xe2\x3d\x18\x7f\x69\x4f\x11\xe3\x8d\xfb\xfb\xc3\xd9\xdb\x20\x90\x3b\x4e\xbb\x44\x9b\x90\x49\xee\x02\x0f\x6e\x2f\x50\x8e\x8b\x2b\x16\x5b\xad\x74\x64\xdb\xdd\x17\x8c\xbd\x42\x32\x33\x76\x5d\x37\x1e\x7a\xe1\xc3\xe8\x78\xcd\xb5\xb8\x24\xb2\x0c\xb3\x09\x86\x7c\x0e\x47\x3c\x06\x7e\x67\x44\x00\x85\x27\xb6\xbc\x07\x6d\x07\x7f\x48\x67\x62\x2a\xee\xd1\xc2\x53\xdb\xde\x7c\x6a\x76\xc7\x01\x59\x62\xfb\x73\x39\x16\x98\x60\x0b\xb3\x18\xff\xa7\xb0\x13\x6e\xe4\xcc\xb0\x7d\xaa\xf0\x1f\x40\xff\x9c\x19\x4f\x98\x68\x1f\x9f\xae\xf8\xb6\xf9\xe9\x9f\x95\xdf\x00\x80\xda\x89\x66\xa8\xba\x7a\x94\x74\xc5\x37\xb9\x2d\xf9\x79\x9e\x2f\xd1\x6f\x78\x8d\xad\x7a\x7b\xcc\x74\x52\x26\xe1\xe6\x37\x1f\x52\xeb\xcd\xbd\x14\x40\x44\xdd\xfe\x63\x2d\xfc\x0a\x43\xd3\xa4\x50\x92\x31\x70\xeb\xc7\xae\x21\x9e\x50\xe0\x78\xa5\x11\xbc\x12\xef\x14\xcd\x14\xb5\x30\x9f\x38\xab\xd6\x5d\xb2\xb2\xa7\xaf\x22\x43\xb2\x29\xc9\xfd\x2e"},
+{{0xaf,0xce,0xce,0xa9,0x24,0x39,0xe4,0x4a,0x43,0xed,0x61,0xb6,0x73,0x04,0x3d,0xcb,0xc4,0xe3,0x60,0xf2,0xf3,0x0c,0xd0,0x78,0x96,0xcd,0xa2,0x0c,0xb9,0x88,0xd4,0xe3,},{0xd2,0x31,0xf6,0x92,0x35,0xa2,0xe3,0xa1,0xdd,0x5f,0x6c,0x2a,0x9a,0xaf,0x20,0xc0,0x34,0x54,0xb9,0xa2,0x9f,0x4e,0x3a,0x29,0xab,0x94,0x68,0x9d,0x0d,0x72,0x3e,0x50,},{0xa6,0x55,0x45,0xcf,0x3d,0xf4,0x56,0xb2,0x8d,0x83,0xa6,0xd9,0x4c,0x03,0x6a,0x19,0xd0,0xd2,0x9f,0xb0,0x65,0xed,0xc2,0x7e,0x5e,0x93,0xa1,0xf4,0x02,0x79,0x89,0x7e,0x1c,0x6f,0x25,0x95,0x9a,0x72,0x5a,0xba,0xbc,0x87,0xcf,0x2a,0xe7,0x27,0xf3,0x46,0x7b,0x79,0x57,0x0e,0x90,0x27,0x11,0x91,0x71,0x91,0xd9,0xcb,0x0d,0x2d,0x66,0x0c,},"\x0b\x05\xf8\x9e\xbb\x33\x97\x94\x76\x87\xaf\xbe\xf0\xed\xe8\x7c\xf3\x81\x06\x76\x27\x70\x37\x52\x1d\x95\x2a\x3b\xbb\xbd\xc8\x56\x59\x88\xa0\x95\xd8\xd4\xf6\xf5\x9b\xe5\x72\xd3\xd8\x21\xdd\x78\x99\x77\xef\x77\xa2\xfd\x71\x10\xce\xee\xd9\xf3\x75\x6e\xd8\xe1\x88\x26\x7b\x97\xa3\x0e\xf8\x95\x7c\x78\xae\xa3\xa2\x96\x3d\xec\xa6\x18\x60\x54\x5e\x0c\x40\x82\x48\x81\xeb\xb1\xdb\x10\xf6\x07\xe1\x0d\xdb\xdd\xce\x40\x0e\xa2\x36\xba\x47\x45\xaa\x99\xa0\x56\x41\x97\x67\x66\x78\x9e\xd0\xda\x7d\xb5\x5f\xda\xb4\x59\xeb\xd4\xb4\x41\xa6\x28\x2f\x7c\xfd\x5a\x20\xea\x06\xef\xfa\x33\x59\x55\xe5\xfd\x29\x18\x16\x71\xbc\x92\xc0\x00\x52\xf7\xf7\x5c\x39\x27\x7c\x9a\x43\xb7\x87\xac\x9f\xb1\x51\x6e\x99\x62\x32\xa5\x09\x77\x4d\x1d\xc2\x1d\x8c\x05\x13\xf7\x84\x4b\x0a\x5b\x5f\x18\x95\x75\x81\xf9\x90\x44\xa1\x42\x23\xcc\xda\x8a\x28\x4d\xe1\x2f\xd4\x24\x26\x5f\xe5\x7b\x27\x02\x15\xf8\xfa\x9f\xf2\xbe\xa5\x17\x93\x4e\x48\x00\xa4\x7d\x34\x6f\xb6\xc3\x61\xcf\xba\xbe\xff\xab\xd9\xc4\x16\x4f\x45\x15\x6e\x24\x5c\x97\x7e\xdb\x47\x36\x42\xc3\x94\x0b\xe5\xad\x6f\xd1\xa7\x11\x9a\x7b\x18\xe9\x8d\x6d\xc8\x43\xe0\xd2\x54\xc9\x3d\x01\x46\xd1\x8e\x5c\x62\xed\xe1\x49\x0f\x89\xa6\x05\xeb\x45\x4f\x97\x47\x78\xcf\xae\x20\x93\x2e\x95\x47\x7b\xd0\x3b\xcd\xb9\x7d\x5b\xcb\x76\x33\x59\x42\xe9\x2e\xe6\x68\xf2\x31\xe6\x9c\x57\x0a\xc5\x44\x6d\x0f\x77\x40\x66\x73\x7f\xdf\x49\xf1\x0c\xeb\x1b\x52\xd6\xd8\xa4\x63\x98\x46\xa3\x37\x3a\x7c\x6f\x3b\x4b\x31\x59\xfe\x2e\x7a\xf7\xee\xe2\xf0\xdf\x17\x2d\x94\xd2\x55\xd0\x17\x65\x1d\xa3\x00\x90\x05\xe5\xea\xc3\x17\x6c\x09\x38\x9e\xe4\x0d\x70\x38\x3b\xd3\x71\x17\xec\xa0\x83\x59\x8a\x18\x01\xf5\x92\xd0\x57\x18\x6e\x56\x8e\x24\x7c\x25\x2b\xe4\xb1\x4f\x72\x3a\xb7\xdd\xb9\x7a\xe9\x76\x8c\x26\x82\xfd\x63\xac\xc3\x00\x77\x9f\xe0\x4e\x2b\x88\x87\x47\x51\x34\x6c\x9e\x0f\x97\xa2\xa2\x16\x77\x2f\xf9\x62\x5c\x33\xbd\x7e\x29\xfe\xd8\x00\x3a\x08\xdb\xd3\x3b\x5d\x17\x89\x9c\x94\x3c\x25\xe9\x5a\xd7\x54\xfb\x63\x2e\x04\x7c\x11\x2a\xf7\xf7\xce\xba\x72\x36\x2e\x1a\x3d\xdd\x29\x35\xaa\xf7\xf8\x18\xa2\x7c"},
+{{0xb8,0x34,0xc6,0xe0,0xfa,0xcb,0xff,0x58,0x0d,0xd3,0xb2,0x37,0x53,0x95,0x9a,0x4c,0x21,0x54,0xc2,0x19,0x52,0x1b,0x3d,0x27,0x03,0x5d,0x07,0x1f,0x65,0x99,0xbd,0x02,},{0xd1,0xc3,0x84,0x71,0x5e,0x3b,0x3d,0x02,0xc1,0x3e,0x09,0x06,0x05,0x53,0x4c,0x7d,0xb7,0x40,0xda,0x2a,0xa5,0x60,0xf5,0x32,0x00,0xa3,0xce,0xd8,0xbe,0xae,0x8c,0xf8,},{0x0f,0x19,0xb7,0x06,0x6d,0x57,0x92,0x32,0x8a,0x98,0x00,0xd9,0xd4,0xf8,0xf6,0x7d,0x5b,0x08,0x9b,0x54,0x12,0x26,0xa1,0x67,0xda,0xcd,0x43,0x9f,0xa4,0x85,0xb0,0x02,0x5a,0x5d,0xc7,0xf2,0xc7,0xe2,0x3f,0xc4,0xa5,0xc6,0x86,0x9e,0x76,0x19,0xd3,0x56,0x39,0x97,0x00,0xc9,0x36,0x50,0xe8,0x9c,0xd2,0x5b,0x90,0xfb,0x99,0x25,0xe3,0x04,},"\x6c\xf1\x47\xb1\x60\x55\x28\xa3\x6b\xe7\x57\x16\xa1\x4b\x42\x0b\xcf\x06\x7c\x03\xf1\xcf\xe9\xc4\x40\x2f\x14\x98\x7f\xbf\xc9\xd3\xec\xc3\xcc\xf4\xf8\xd2\xd0\x3a\x55\x90\x0b\x8d\xc7\x9a\xf3\xb6\xe7\x74\x36\xf6\x9b\x14\x17\xad\x4b\x68\xfd\x44\xe5\xe3\x33\xed\x90\xea\x79\x43\xfb\xd1\x12\x26\x09\xec\x8f\xf6\xbb\x25\xe4\x2e\x99\x14\xf5\x92\x0f\xc7\x2c\x4d\x01\x3b\x6a\x96\x85\xc9\x96\xfb\xd8\x35\x2a\xaf\xb1\x84\xc2\x2d\x9e\x47\x87\x1a\x52\x80\xe4\xab\x7d\xd6\xa5\xcf\xd1\x0a\x59\x94\xa2\x00\xf6\x70\xe0\xb6\x22\xa9\x39\x4d\x47\x93\xd0\xa4\x20\xe7\xd8\x80\x6c\xb1\x27\xc7\xac\x69\x0d\x45\xa2\xe9\x41\x66\xce\xa6\x72\xbc\xd9\x82\xb0\xe9\xba\xad\x56\x31\x2d\x25\x70\xdd\xde\x7e\x0b\x9e\x7f\x47\x13\x6f\x04\x81\xd0\x0f\x66\xa2\xaa\xca\x4d\x1b\x09\xd7\xce\x6c\x5a\x98\xa7\x6b\x68\xcd\x97\xd5\x79\x39\x68\xd6\x67\x07\x3f\x82\x17\xf9\x05\x47\x35\x34\x0f\x9b\x14\x9c\x0d\xce\x84\x5b\x09\x9e\x88\xd0\x70\x96\x80\xf0\xf7\x76\x03\xff\x0a\x23\x31\xc5\x58\xfc\x36\xd5\xf2\x4d\xa9\xa6\x2d\x69\xaf\x51\x90\xd2\x1b\x5c\x85\x7a\x1e\x08\xf0\x14\xc6\xd4\x56\x46\x86\x65\xa7\xf8\x45\xc6\x6f\x91\x11\xf9\xc0\x98\xc6\x89\x40\xef\xcd\x87\xb6\x57\x07\x0c\xb9\x16\x4b\xc9\x74\x3a\xce\xb7\x43\x9a\x0d\x01\xc0\x06\x2a\x11\xaf\x2e\x11\x34\x93\x97\xf5\xd1\x52\x87\x2b\x13\xc5\xab\x32\xf5\x1c\xc5\x8f\x14\x75\xec\x82\xac\x67\x15\x61\xdc\xbd\x34\x3c\xfb\x3c\x5f\x78\xd0\xfc\x73\x05\x3c\x60\x04\xb0\xa4\xca\x3f\x20\x43\xff\x4b\x0c\x54\x27\x5c\x4f\xcb\x9c\xad\xc6\xba\xab\xe5\x7b\x1d\x5a\xcd\x53\x1e\x97\x2e\xf9\x33\x51\x36\xcd\x1d\x65\x51\x2b\xa1\xf5\xb6\xcc\xc4\xb6\x6b\x42\x50\xaa\xfa\x29\x67\xdd\x42\x11\xa2\x74\x2e\x0f\x17\x7d\x8f\x40\x63\x89\x9f\x61\x81\x5c\xbe\x6d\x8f\xbf\xcd\xf7\x48\x12\xbd\x40\xcc\x10\x08\x4e\x46\xa9\x9a\xc1\x28\x05\x8e\xaf\x16\xa4\x9a\x24\xb6\xae\x22\x8e\xcf\x01\x09\xc5\x2d\xfc\x06\xe3\x7d\x6a\x33\x3b\xcb\x24\xab\xa3\x12\x16\x4c\x6c\x02\x90\x48\x5d\x25\x12\x80\x53\x8c\xe9\x54\x1c\x09\x16\x64\x0e\x36\xd6\x92\x9d\xcd\x95\x88\xeb\x99\x57\x7f\x5f\x6d\x82\xbc\xbb\x19\x88\x26\x26\x7e\x49\xf5\xda\xff\x2c\x0d"},
+{{0x22,0x69,0xa5,0xd8,0xf7,0xac,0x2c,0xd9,0x04,0x8f,0x5f,0x49,0xe3,0x49,0xe5,0xc4,0x35,0xa1,0x59,0xb3,0x19,0xfe,0x3b,0x30,0xbf,0xac,0x8d,0x0d,0x50,0x59,0x43,0xf4,},{0x1c,0x81,0x79,0x43,0xdc,0x39,0xc2,0x4b,0x01,0xda,0x38,0xa4,0x87,0xb1,0x75,0x48,0x24,0x60,0xc6,0x09,0xe4,0x72,0x63,0x49,0xa9,0xaa,0x7a,0xea,0x9b,0xc0,0xfb,0x34,},{0xbe,0x0f,0xb3,0x30,0x8a,0x07,0x6a,0x61,0xa4,0xa9,0x2a,0x97,0xf6,0xac,0x55,0x32,0x71,0x90,0xe1,0x34,0x1d,0x6d,0xd4,0x10,0xd8,0x6b,0x41,0xbd,0xaf,0x2d,0x33,0x74,0x09,0x3e,0xf7,0x20,0xbd,0xb7,0x7f,0xeb,0x70,0x14,0xe0,0xf7,0x7d,0x3b,0x80,0x96,0x23,0xc7,0xca,0x53,0xe2,0xae,0x4b,0x09,0x71,0x13,0xe9,0x6d,0xb7,0x7a,0x2d,0x08,},"\x71\x53\xd4\xd9\xe6\x41\xaa\x61\x92\x0d\xb0\xff\x4b\xd5\x37\xa6\xd6\x13\x0a\x39\x65\x54\xcc\x94\x53\x76\x98\xf9\xca\xd1\x6b\x99\xee\xbe\xfa\x5f\x27\x76\xf2\xfe\xaf\xf6\xbd\x9a\x69\x04\x12\x0c\x67\xe0\x88\x3f\x6b\x96\xbb\xbb\x19\x5e\x95\xae\xc7\x53\xb6\x99\xba\xb3\xd0\x39\x44\xc1\x3c\x72\xfc\x84\xe3\xf2\xcb\xf6\x29\x6f\x64\x55\x49\x11\x1c\x93\xfa\xe1\xa7\x59\xbf\xcd\x16\xfc\x09\xe6\x0b\xb9\x78\x55\x35\xad\x27\xda\x24\x4e\xf2\xf8\x57\xf2\xde\x99\xa6\xe9\x21\x88\x89\x0e\x45\x2c\x7f\x5b\x9e\x3a\x4b\x96\x8e\x11\x74\x3b\x6f\xc7\xfa\xf1\x27\x5e\x53\x60\xa5\x46\x89\x41\x79\x78\x94\xd7\x70\xfa\x7d\xa3\x64\xa3\x37\x30\x22\x39\xfe\x83\xae\x0b\x0d\x08\x4a\xa1\x2a\xcd\xc6\x34\x62\x52\x4e\x0e\xb1\x0f\xef\xe8\x1b\xa9\x6f\x71\xf2\x75\xf3\x44\x9a\x3f\x8d\xb2\x1d\x58\x74\x9a\x38\x85\x3d\x39\xb0\xad\x8e\x69\x89\x1b\xd2\x04\xdf\xca\x8f\x6c\x23\x9d\xc9\xa0\xac\x27\xf5\x4d\xb4\x23\x8d\x47\x06\xdf\x11\xd6\x07\x36\x9d\xc7\xf7\x04\xda\x1d\x39\xf2\xe8\x2a\xf8\xc2\x83\xd2\x20\xc1\x24\x31\xf5\x6d\x80\x30\x69\xb4\xac\xb7\x70\x81\xc0\x31\xae\x33\x19\xfc\x77\xfc\xa7\x84\x50\x97\xfd\x72\x7a\xd0\xd0\x80\x89\x5b\xba\x23\xe8\x73\xd2\xde\xf8\xcd\xc2\x16\xc3\xee\xd6\x1b\x08\x76\x1b\xb9\xeb\xce\x02\x82\xcf\x50\x2a\xaf\x6c\xe7\xe8\xc0\x58\x63\x79\x58\xc3\xea\x1b\x72\xfe\x6e\x8d\xf8\xd3\x7a\xc0\x55\xdb\x69\x92\x58\x7f\xab\xbd\xc4\x67\xf5\x24\x75\x64\x4f\x91\x88\x63\xaf\x62\x04\x92\xf3\x46\x80\xf2\x05\x6c\xbc\xab\x75\xe2\x32\x36\x26\xc0\x94\x75\x9c\x0e\x0e\x99\xef\x19\x75\x95\x27\x25\x06\x46\xad\x76\x01\x20\xba\x38\x66\x99\xd5\x39\x34\xf9\x56\xb8\xbb\xc7\x39\x5b\xb4\x96\xce\xb2\xdd\x22\x3c\x7b\x50\x1b\x92\xd3\x6a\x95\xf8\xf0\xa0\x2e\xb5\xba\x4d\xdd\xf1\x66\xb9\xb9\x5b\x4a\x59\xe7\x2a\x30\xc6\x3c\xf2\x1e\x60\x85\x75\x19\x23\xd5\x4b\x30\x28\x1e\x52\xa0\x96\x18\xe6\xf0\x23\xba\x0a\x21\x67\x5e\x7f\x98\x9b\x89\x91\x58\x8c\x96\xc2\xb5\x6a\x78\xf5\xd2\x94\x5a\x7b\xae\xb6\xa0\xc1\xbb\xd5\xd9\x5a\xf3\xee\x83\x0f\x58\x09\xc7\x94\xa1\x5a\xb4\xb5\xf8\x9d\xd2\xbe\x2d\xfd\xcd\x8f\xe0\x52\x0f\xda\x2b\x3f\x02\xa1\xac\x01\x55"},
+{{0xe9,0x65,0xb3,0xf2,0x57,0x35,0x66,0x85,0xc9,0x8b,0x42,0xb9,0x64,0xa2,0x53,0xfc,0x49,0x53,0x99,0xcc,0x94,0xb0,0x99,0xc2,0x44,0x5f,0xc8,0x1c,0x75,0x9c,0x68,0xe5,},{0x68,0x9f,0x54,0x10,0xc8,0xe0,0xf4,0xd3,0x7b,0xc0,0x7c,0x85,0xd7,0xcc,0xe6,0xc9,0xb6,0x36,0x01,0xf9,0xbd,0xaf,0xec,0xaa,0x44,0x8a,0x5e,0xed,0x64,0xaf,0xc8,0xc6,},{0x8d,0x2b,0xc4,0xe1,0xcd,0x25,0x6a,0xad,0x8a,0x15,0x1d,0xec,0x01,0x0d,0xc9,0x3a,0x5e,0x5c,0xca,0x58,0x29,0x8d,0xec,0x49,0xcb,0xc9,0xc4,0x71,0x7b,0x5c,0xfb,0x54,0x60,0xd4,0x30,0xbe,0x72,0x6b,0x0f,0x30,0x2c,0xbd,0x92,0x6b,0xee,0xa1,0x9a,0xa3,0xc9,0x3a,0xeb,0x45,0x2a,0x44,0xf6,0x00,0x7a,0xf4,0x9a,0xdf,0x2f,0x05,0xbb,0x04,},"\x6f\x20\xa9\xad\x27\xe3\x0d\xac\x76\xb3\x0d\x4c\x19\xa5\xbd\x6d\xfd\x6d\x04\x92\x13\xf4\xbe\xcd\xd9\x63\xd7\x2b\x8b\x2d\xad\x68\x7b\x00\x38\x08\x20\x1d\x50\xf7\xdd\x6e\x59\x9e\xf5\x8c\xeb\x60\x68\xc5\x45\xed\x99\xb9\xe7\x63\xf9\xb0\xec\x1d\xb5\xfc\xbd\x7d\x49\x0a\x12\x1e\xce\xc6\xbb\xa1\xeb\x5e\xdb\xd6\xde\x85\x36\x47\x07\xc5\x5e\x30\x0c\x8b\x16\xbb\x25\x30\xf7\x08\x98\x13\x66\x89\xc9\x88\x59\x1d\x53\x91\xd9\xcc\x34\x7d\x79\x31\x06\x1a\x9b\x76\x96\xe2\xc9\xf3\x5b\xc0\xd3\x04\xa8\x1c\x2c\xf9\x54\xd9\xc3\xa8\x8a\x22\xe1\xd6\x7b\xbe\x0a\x85\x30\x84\x77\xf6\x29\x18\xc2\x5d\xb5\x04\xe4\x76\x2f\x0e\x3b\x42\x46\x00\x79\x08\xac\x70\x17\x79\x00\x6b\x77\xd7\x25\x10\xed\xc6\x9e\x17\xd0\xf6\x39\x4c\x77\xe5\x55\x18\x75\xa4\x46\xf8\x12\x33\x41\x5d\x0a\x91\xa0\x46\x0b\x51\xc4\x13\xd6\x44\xe8\x50\xf8\x55\x72\x81\xc4\x66\x99\xe5\x3b\x22\xa7\xc7\x3b\x06\x8e\xa3\x86\x52\xcf\xf3\xb0\xa7\xb8\xba\x30\x97\x1e\xab\x18\xfd\xbb\xd8\x73\x9e\xe1\xee\x0c\xd5\xcb\xfb\x7d\x5d\x41\x75\x7b\x63\x31\x27\x1f\xb7\x80\x97\x51\xe2\x03\x51\x3c\x99\x70\xf6\x6d\x91\xbc\x0c\xe0\x62\xf4\xfc\xb2\x8b\xe0\xa6\x99\x86\x7b\x79\x59\x4c\x64\x58\xa0\xd3\x07\xac\xac\x91\xf4\x13\xc4\x61\x58\x77\xdc\x53\xe1\xb0\x18\xda\x5c\xfc\xe1\xb6\x3f\x40\xbe\x1e\x55\x27\x4c\x43\x74\xcd\xfc\x21\x52\x44\x99\xa6\x83\xa2\x31\xad\xef\x77\x9d\x19\x21\x44\x0e\x5d\x3f\xdb\xd5\x03\x3d\xc9\x83\xcf\xc9\x31\xab\xe6\x38\xc3\x5d\x5a\x95\x86\x9e\x9f\xe3\xd9\x3e\xb9\x0b\xd1\x86\x1f\x85\x5c\xe1\xf6\x08\xb7\xbc\xad\x6b\x5e\x1b\xd9\x7e\xdc\x95\xed\x5d\xdc\xbc\xb7\x15\xd9\x19\xf5\xff\x77\xdf\x2d\xa4\x38\xf7\xa3\xa9\x82\x86\xdb\xd5\xb6\xe0\x43\xfc\x73\x72\xf6\x97\x04\xf0\x9d\x86\x55\x30\xf4\xf0\xed\xd3\x30\x0f\x18\x5b\x6d\x73\xd8\x71\x6d\x32\xd3\x2b\x1c\x9a\xc2\xdd\xf4\xf9\x02\xd3\xf2\x16\xd3\x5a\x33\xf3\x68\x09\x5d\xed\x10\xbe\x94\xbb\x53\xd6\xf2\x56\x56\x0f\xac\x2f\x4a\xf0\xed\xf5\xc5\xc7\x02\x14\x37\x77\x12\x6e\x7d\xe3\x2d\x07\x49\x39\x32\x66\x21\x29\xba\x0e\x7f\xc7\xcf\xb3\x6f\xd2\xca\x53\x16\x46\xe8\xcd\x22\x11\x85\x4f\xc5\x10\xaf\x3b\x1e\x8c\xaf\xde\x7a"},
+{{0xbc,0x3b,0x1e,0x0b,0xf8,0xd6,0x9e,0xa5,0xb4,0xcb,0xbf,0x10,0xbb,0x33,0xfc,0x95,0x5a,0xdc,0xbe,0x13,0xfc,0x20,0xaf,0x8a,0x10,0x87,0x2c,0xe9,0xdf,0x39,0xd6,0xbd,},{0xac,0xcd,0x26,0x28,0x15,0x59,0x19,0xbb,0xc7,0xf9,0xd8,0x6f,0x91,0xda,0xfe,0xc3,0x5c,0x71,0x1a,0x78,0xc7,0x9a,0xd3,0x60,0xed,0xdb,0x88,0xfa,0x8a,0x18,0x0b,0x2d,},{0x6e,0xf7,0xf0,0xe9,0x1f,0x2c,0xc6,0x71,0x5f,0x8e,0x5a,0x98,0x57,0x4b,0x44,0x00,0xc2,0x61,0xa6,0x43,0xe0,0x54,0x5f,0xf2,0x67,0x47,0xf8,0xe1,0x73,0x98,0x99,0xd7,0x66,0x40,0xb6,0x45,0x1c,0x43,0xc1,0xd0,0x3a,0x47,0x75,0xb5,0x4f,0xcf,0x9b,0xce,0x18,0xed,0x3f,0xcc,0xad,0x33,0x8b,0x77,0x64,0x02,0x4f,0xdf,0xa2,0xde,0x82,0x01,},"\x4c\x73\xe0\x4a\xbe\x08\x19\xde\x1f\x84\xd7\x05\x41\xeb\x1b\xb6\x1c\x4f\x42\x92\x0e\x1f\x2d\x1d\x9e\x62\x81\xa8\xa2\xe8\xb3\xeb\x45\x53\x7d\x83\x96\x90\x27\xf9\x9e\xf0\xea\x27\xca\x08\x5b\x13\xf9\xdb\x48\x0f\x00\xc0\x2f\x3f\xd7\x42\x9d\xd5\x67\x70\x89\x53\xbb\xf3\xb9\xe8\xe2\xc6\xac\x4d\x32\x1f\xf8\xf9\xe4\xa3\x15\x47\x23\x08\x5a\x54\xe9\xc9\x57\x3c\xc7\x35\x0c\x09\xf8\x97\x3f\x94\x8b\x08\x73\x03\x73\x59\x7a\x5f\xd0\x34\x98\x21\xae\x0a\x3c\xd6\xc8\x49\x92\xb1\x89\x12\x8f\x34\x90\x98\x7e\x1e\x9a\xd4\xf6\x57\x4c\xa5\x38\xfd\xfd\x83\x28\x4c\x1e\xb0\x95\x3f\x24\xc0\x8f\x74\x93\x2d\x43\x64\xdb\xbe\xf9\x22\x54\x24\x40\xda\xe8\x04\x24\xa9\x2e\xae\xf2\x7c\x18\x89\xbd\x08\xc4\x4f\x9d\xf0\x3a\x3a\xf3\x0d\xff\xb4\x8f\xae\x44\x5e\x62\x5f\x4d\x92\x65\xcf\x38\x7a\x1d\xa3\x5f\xe4\xc2\x31\x50\x45\x35\xdb\x72\xea\x81\xa1\x86\x80\x5f\x85\x6e\xbe\x6a\x6a\x65\x24\x14\x32\x53\x0f\xe6\xc9\x60\xc5\xf9\xbe\x6c\x22\x95\x70\x60\x30\x4e\x9d\xd8\xef\xbc\x1e\x48\x2e\x7d\xdb\xd8\xaf\x03\xbf\x23\x82\x89\x9c\x98\x6d\x91\x66\x11\xe4\xf2\x7a\xe5\x2f\x81\x7e\xf0\x1b\x6a\x14\x1f\xe4\xf6\x85\xd9\x4d\xc8\xcd\x52\x83\x00\x43\x93\x45\x87\x70\x4c\x1e\x64\x2e\x8f\xe5\x6b\xe6\xd6\xb8\x5b\xf4\xa6\xfe\xb2\xb6\x85\x8f\x1f\x00\x7f\x99\xd3\x9e\xa0\x4c\x9f\xe5\xfa\x7e\xf1\xb9\x1f\x49\x5e\xd0\xe7\xfa\x42\x13\xdd\x68\xce\xa4\x2b\x67\x29\xf9\x50\x31\x90\x7e\x27\xc4\x40\x98\x09\x43\x86\xfa\xbf\xb0\x4a\xb9\xb4\xde\x3d\x68\x61\xde\x46\x23\x12\xc5\x9b\x27\xc7\x6f\x7b\x6a\x4f\xc7\x1e\xa0\xd5\xda\xf6\xb7\x32\x05\x21\xa6\x7e\x5c\xb3\x75\x04\x97\x6a\xd7\x3d\xae\x2d\x64\x9f\xeb\x75\xe2\xea\xdd\x34\x01\xa7\xf2\xf3\x6e\x16\xdf\xbf\xbd\xb2\xaf\x57\x16\xcb\xa1\xbc\xe2\x0c\xd4\x7c\xe1\xc1\xd7\xbe\x00\x69\x70\x01\xfb\xbe\xb4\x91\x5a\xa6\xe5\x39\x3b\x5a\xb2\x0e\x0f\x31\xf5\x11\x91\x49\xa2\xcb\x4c\x4d\x45\x2c\x81\x56\x11\x3a\xc7\x82\x4f\x84\xf0\x9a\xeb\x81\x20\x2e\x8d\xd3\xda\xc0\xaa\x89\x39\x9b\x5a\x38\xb1\xe2\x18\x30\x19\x60\xa3\x7d\x52\x63\x2e\xea\xef\xe3\x68\x74\x55\x46\x42\x88\xeb\x17\xd9\xe1\x9a\x3a\x72\xed\x9d\xe3\x2c\x17\xbe\x79\xa3\xb9"},
+{{0x10,0x71,0x8f,0xa6,0xe2,0xd7,0xf6,0xed,0x38,0xfd,0x66,0xcb,0x6d,0xbf,0xa0,0x87,0xe8,0xf1,0xe8,0xa8,0xa2,0x4f,0xab,0x58,0xd7,0x9d,0x79,0x54,0xb8,0x72,0x0c,0x3e,},{0x87,0x0d,0x4f,0x66,0x6d,0x06,0xfd,0xa9,0xf9,0x51,0x1b,0x58,0x60,0x2e,0xec,0x05,0x0d,0x75,0x4e,0xa6,0xd8,0xe7,0x9c,0xdd,0x19,0xf6,0x01,0xc4,0x77,0xdf,0x1a,0xa0,},{0xe1,0x65,0x91,0x86,0xf1,0xf7,0x6f,0xe4,0x3a,0xc8,0xa1,0x17,0x03,0x36,0x0f,0xbe,0xff,0x53,0xb5,0xe5,0x7b,0x59,0x74,0xaa,0xa0,0x8e,0x25,0x75,0x57,0x9c,0x27,0x08,0x4c,0xf6,0x80,0x2e,0x7c,0x20,0x63,0x47,0x31,0x44,0x75,0xb6,0x03,0x19,0x74,0x94,0xe7,0xd6,0x1f,0xe4,0xb1,0xee,0x7b,0x78,0xe1,0x8d,0x94,0x46,0x93,0x52,0xdf,0x0c,},"\x41\x25\x9b\x6e\xef\x13\xd6\xff\xe3\x3c\xdd\xe7\x99\xb9\x95\xc4\x0b\xe7\x82\xcf\x97\x84\x40\xb6\x6b\xe5\x1c\x44\x05\x82\xab\xd4\x2f\x52\x66\x96\xbb\x3c\xb9\x22\x65\xb1\xed\x0e\x4b\xba\x76\x4c\xae\x28\x39\x83\x0a\x25\x26\x35\xdc\x80\xce\x5f\x73\xd5\x21\xb3\xd6\xff\x03\xac\x30\xe1\x98\xad\x20\x56\x7e\x75\xa3\x4f\xa8\x25\xeb\xf9\x84\x15\x08\xda\x84\xcd\x67\x42\x36\xca\x7b\x43\xde\x35\x64\xc9\x4a\xb0\x79\x40\x8f\xd9\x41\x37\xce\x3f\x90\xa5\xdd\x5d\x3a\xc3\x9a\x05\xec\x86\x71\x5a\x8f\x02\x5e\x45\x39\xa7\x64\x0a\xb8\x88\x36\xf4\xef\xba\xbd\x5e\x16\x52\xc4\x9e\xa2\x16\x13\xac\xfe\x34\x3a\x88\x0e\xe5\xa4\x2f\x2f\x91\x34\xef\x4e\x37\x16\xb1\x6d\x13\x4a\x9c\x4c\x71\xc3\x9b\x3c\x1a\x85\x7d\x3c\x89\x43\x97\x83\xee\xf1\xed\xd7\x1b\xf4\x49\x2d\x05\xfd\x18\x67\x3a\x52\x42\xff\x41\x87\xb9\xde\x47\xad\x49\x68\xda\x49\xdb\xa5\xa6\x09\x2e\x95\xea\x27\xdd\xfc\x74\x48\xdc\xf5\x97\x2d\x9d\x22\x8d\x63\xe5\x29\x1b\xa6\xe6\xfb\xd0\x7e\x32\x41\xf9\x36\x6c\xa4\x97\x6b\xb0\x4b\x22\xd0\x1f\x0d\xba\xe7\x94\xfa\x9c\x1d\x90\x29\xf8\x8a\x83\x60\x2b\x0e\x0e\xc5\x5e\x22\xc3\x7b\x20\x11\x25\xca\xdb\x53\x41\xef\x73\xf6\xda\x1a\xbb\xe2\xb1\xc4\x75\xf0\x75\x03\x45\xb1\xbe\x42\x59\xd8\xc2\x85\x31\xff\xe7\x78\x86\x67\xc4\x10\xda\xc3\x39\x91\x8c\x86\x9b\x00\xab\x80\xf2\x0b\xf7\x99\x0d\x36\x6f\x9b\x3d\x5e\x8e\xb2\xf4\x8d\x7e\xd0\xe6\x4b\x85\xdc\x9f\xe3\xbb\x99\x8b\x1e\xec\xd1\x23\x1e\x90\x2d\x2d\x15\x2e\x09\xda\x2d\x25\x92\xbd\xb3\x2c\x8c\xd2\xe2\xc4\x89\x49\x6b\x29\x80\xc0\x3d\xbb\x09\xec\x7f\x8a\x4e\xa2\xc7\x02\x0f\x2a\x0f\xaa\x65\x7c\xd6\xce\xd4\x8d\x6d\xa2\x78\x64\xcf\x5e\x97\xee\xa9\xb3\xc2\xf0\xf3\x4a\xbf\x8d\x87\xbd\x2a\xde\xb6\x0c\x72\x72\xfc\x43\x06\xd9\x55\xbd\xc8\x02\x3d\x7d\x3d\xc2\xf3\xda\xfe\x9e\xbe\x8a\x8d\x13\x89\x65\xa7\xf6\xce\x93\x51\x7c\xd2\x09\x96\x63\xf6\x7c\x34\x55\x21\x76\xdd\xb5\x95\xac\x6e\xa5\x60\x9f\xeb\xcf\x24\xc7\xd6\x9d\x41\x27\x09\xe5\x78\x67\x0a\x21\xac\x8a\xfc\xcb\x8b\xf2\xb1\x8f\xf3\xaf\x7d\xe2\x1d\xc7\x1d\x50\xd6\x0d\x37\xb6\xed\x72\x9d\xb0\x4b\xef\xf7\xd3\x4b\x29\x20\xd8\x75\x51\xce\x15"},
+{{0xc1,0xd4,0x72,0x4c,0x6c,0xb1,0xbc,0x67,0x23,0xb2,0xb4,0x30,0x34,0x27,0x8b,0x3c,0x5b,0x48,0xfe,0xd7,0xf8,0xa3,0xcc,0x23,0x18,0x03,0x3e,0x75,0x52,0x04,0x73,0x51,},{0xc2,0x7e,0x39,0x2e,0x7c,0x36,0x64,0xb9,0x06,0x1e,0xa7,0x6d,0x25,0x75,0xdd,0x7c,0x41,0xea,0xf1,0xda,0x3a,0x65,0xf3,0xa9,0x86,0xe0,0xa5,0x7f,0x6c,0x40,0xc1,0x7e,},{0xd3,0x7a,0x6e,0xc8,0x2e,0xd4,0x5c,0xa9,0xb4,0x85,0x5d,0xe9,0xcb,0x94,0x25,0x64,0xe8,0x83,0xff,0x70,0xa7,0x9b,0x8e,0x71,0x2d,0x5f,0x60,0x4e,0xc8,0x97,0x4d,0xe5,0x36,0x3a,0xc8,0x49,0xcb,0xab,0x28,0xe7,0xae,0xef,0xf2,0x8e,0xd3,0xf2,0xd1,0x4b,0x60,0x8b,0x31,0x46,0xc2,0xef,0xe0,0x73,0x5a,0xd8,0x15,0xc7,0xd7,0x5a,0x1a,0x01,},"\xde\xee\x99\xd7\xa7\x7d\x43\x00\xc1\x7a\xec\x1a\xb3\x23\xc5\x71\xc6\xe9\xe7\x3a\x43\x49\x1a\x3c\x78\x88\xb7\x6f\xc0\x3e\xc4\x3d\x07\xaf\x42\xa0\x5a\x2a\xa3\x22\xd0\x0c\x85\x60\xac\xef\x31\x41\x06\xb1\x0b\x9b\xd1\x26\x54\x35\x7f\xfa\x26\xf2\x39\x00\x50\xda\x63\xd6\x68\xc9\xe2\xdf\x54\x8f\x87\x63\x9e\x09\x6a\x35\x85\x3f\x82\xe7\x61\xfd\x71\x1d\x2a\x26\x54\x38\xf5\xd4\xdb\x5e\x32\x77\x57\x08\x15\x0d\xa6\xcb\x68\x6a\x2b\x4c\xa2\x11\xd7\xf0\x0d\xc0\xab\xcb\x2c\xa1\x50\xe7\x91\x11\x6a\x10\xa5\xef\xcf\xf3\x51\x4d\xab\x8e\xd8\x0a\x70\x92\xc3\xa0\x15\x15\x2c\xb2\x5d\x9f\x86\xec\x0d\x1c\xa6\x7d\xda\xb4\x4d\x64\xee\xb1\xf9\x31\xbf\xab\x2a\xb1\x88\x95\x6c\x74\x3d\xb4\x81\x48\x08\xc5\xcd\xe1\xb0\x74\x5b\x3e\xdd\x34\x0e\xb0\x3f\xfc\xc8\x0a\x78\xf3\xdb\x31\x0f\x4f\x5c\x20\x00\x9f\xc0\x27\x9c\x2c\x1b\xcb\x3c\xed\xf9\x90\xbd\x0e\x20\xc6\xf9\xfb\x75\x15\xad\x6e\x93\x3b\x07\xe9\x9d\xa6\xac\x32\xb9\x71\x41\x18\x7e\xf6\x3b\xdb\x10\x62\xe3\x72\x20\xa4\xdc\xd4\x19\xd6\x24\x4c\xdc\xc3\x4e\xa4\x1d\x0b\xcb\xc3\x13\x8b\x1d\x54\xae\xfc\x01\x90\xe3\x0b\x18\x7d\xb0\x73\xaa\x7d\x6c\xfe\x04\xbd\x3f\xd2\xac\x00\x31\x3e\x3d\xdd\x64\xa1\x81\x93\x5c\xa4\xb8\xb2\xa8\x5d\x36\xbc\x27\xd9\x7b\x76\x26\x76\x7b\x93\xee\x38\xde\xf8\xb6\xb2\xc8\xda\x9b\x00\x26\x36\x14\x34\x2f\xaa\x9d\x3e\x73\x8d\x27\x13\xc4\x5f\xfb\xee\xf8\xc8\x4b\xcd\xbc\x8d\xa4\x30\x9c\x84\x45\x53\x0f\x5c\x61\x7d\xc8\x66\x25\x1f\x54\x89\x50\xa1\x4f\x07\x5a\xa3\x11\x7f\x96\xe4\x1f\x89\x9d\xbe\x73\x40\xb1\xd9\x0a\x13\x52\xd3\xb8\xfb\x41\xb7\x9f\x16\xa8\x2b\xc2\xe4\xa1\x93\xb8\xa7\x23\x24\x00\x99\x6b\x73\xb1\xfc\x00\xb2\xec\x1c\x66\x75\x77\xf8\x28\x24\xd3\x9f\xb7\xf6\xe7\x69\x2d\xcd\x97\xb1\xd8\xce\x94\x08\x3c\xa1\x97\xe9\xa5\xd4\x0f\xad\xff\x0b\x9a\xc5\x7e\x9d\xe7\x61\xc1\x56\xe6\xd3\x1d\x52\xc3\x32\xd5\x13\xe9\xf5\x86\x97\xdc\xbd\xd8\x0a\x5e\x42\xc5\x51\x70\x2c\x3d\xe7\xbe\xcc\xc3\xdb\x84\x5b\x1a\x04\xc8\xcb\xd4\x16\x95\xea\x74\x28\xab\xba\x89\xe0\xdc\xe3\xe3\xd9\xe7\x02\x30\xae\x91\x47\xc2\xb8\x85\x59\xdc\x69\x5d\x68\x09\xa5\x1c\xcb\xc1\xdd\x9e\x08\x9c\x58\x5f"},
+{{0x37,0xc0,0x70,0xd4,0xa5,0x3b,0x13,0xbe,0x76,0x06,0x35,0x11,0x0d,0x1b,0xd4,0xf0,0x19,0x20,0x22,0x5a,0xfa,0xbe,0xc5,0x76,0xfa,0xae,0xc9,0x10,0xf2,0x92,0x6d,0x1a,},{0x0a,0xa8,0x5f,0x2a,0xb1,0xdf,0xf8,0x95,0xd1,0xfa,0xd0,0xc1,0x19,0xf2,0xbf,0x57,0x12,0x6a,0xab,0x60,0x1c,0x52,0x8d,0x37,0x69,0x8e,0x97,0x70,0x2d,0x35,0xf5,0x25,},{0x9d,0xa6,0x0c,0xc4,0xa6,0x4d,0x07,0xde,0xe1,0x34,0x6b,0xd3,0xd3,0x01,0x09,0x95,0xce,0x27,0x38,0x20,0x8a,0xb3,0x5b,0x34,0xc2,0xa8,0xfd,0x17,0x87,0xae,0x3a,0x1e,0x20,0x7f,0xe7,0x84,0x52,0x51,0x54,0xfa,0xe4,0xf5,0x79,0x4c,0xd8,0x50,0x30,0x45,0xfe,0xa8,0x5c,0xf7,0x7f,0xd9,0x2f,0x6a,0x70,0xcd,0x0c,0x5a,0x52,0xc0,0x81,0x0e,},"\x10\xc6\x46\x44\x7f\x81\xad\x94\xd0\x15\xd8\x6d\x0d\x98\xb2\x45\x2d\xca\x60\xa4\x7a\xb3\x52\x64\x03\x5e\x33\xa0\x94\x2b\x95\x4e\x3e\x23\xb9\x1d\x81\x23\xb8\x59\x3c\x6a\xf7\xc8\xd3\xec\xd2\x90\xe0\xe5\xee\x36\xfd\x4e\x53\xb7\xbe\x63\x3a\x6c\xf0\x27\xa5\xac\x3f\x0f\x67\x9e\xb1\xbd\xd2\x10\xa3\x8e\xa6\xe4\x8b\x05\x58\xe3\x03\x01\x0a\xf4\x74\xe7\xf6\xdf\x2a\x4e\x45\x76\x99\xfc\x38\xe3\x69\x38\xb0\x5f\xfc\xaa\x1b\x69\x4e\x32\xf3\xd1\xb2\xcc\x5d\x00\xcf\x25\x6f\x12\x18\x4c\x87\x3e\x51\x90\x89\xec\x1d\xf1\x5b\x0d\xc7\x6e\x7b\xfe\x90\x78\x0d\xf5\x81\x36\xfe\x59\x7f\xce\x89\x4c\xa5\x63\xe0\x8e\xfa\x0f\x2d\x4d\x20\x8b\xed\xe9\xa8\x74\x88\x28\x73\xd2\x51\xba\xf0\x19\xfe\x46\xd1\xd6\x50\x4b\x3b\xcd\x24\x3b\x79\x53\x51\xf3\x4d\x2e\x76\x06\xaa\x97\x55\x28\xee\x50\xd5\x9e\xfb\x6e\xe6\x99\x2a\x89\xb2\x42\x69\x56\xc2\xca\x42\x47\xe0\xdf\x01\x29\x85\x29\x83\xe9\x76\x7a\x8e\xed\x1b\xc7\x33\x5f\xfc\xa8\xd0\x28\x9f\x04\x80\x7f\x67\xca\x7d\xa9\x71\xf5\x8d\xb8\xb9\xbc\x9f\xdb\xe4\xf8\x3c\xfe\x9a\x00\xf1\xca\x58\x47\x98\xbc\x71\xd8\x51\xff\x7c\xd6\xc5\x1b\x89\x90\xaa\xba\x4d\x38\xb4\x16\xb9\x22\x40\xdf\xb7\x0e\xe3\xc1\x2b\x5e\x73\x10\x57\x76\x2e\xf9\x08\x23\xfb\xf6\x83\xca\x06\xd0\x5c\x20\xd3\xae\x2b\x97\xa8\x3e\xbe\x70\xae\x17\xaf\xff\x9d\x16\x60\x9d\x54\x6d\x8d\x3c\x74\xbc\x28\x18\x84\x89\x4f\x3d\x49\xe0\x83\xf1\x0a\xe7\xc1\x1c\x1d\xca\x0e\xff\xef\xcf\xa6\xe0\xf1\x53\x50\x81\xfa\xc3\xa2\x81\x9f\xd2\xe3\x26\x55\x27\x18\x2a\xe9\xd3\x91\xb2\x32\xbb\x75\x42\xe6\x84\x55\xcd\x26\x77\x60\xdb\x65\x2d\x19\xe2\x2f\xb2\xed\x11\xcd\x13\x05\xba\x8d\x98\xc1\xeb\xf2\xd1\x96\x9b\x24\xd6\x4f\x3e\x31\x9a\xf7\x4e\x09\x20\x06\xd2\xa3\xff\x74\x48\x72\xa2\x0e\xbf\x18\xd1\x77\x48\xab\x71\x10\x80\x50\x96\xea\x13\x6b\xce\x2f\x96\x8b\x20\x5e\x65\x0b\x80\x3c\x53\x1d\x06\x77\x5a\xe5\xce\xea\x28\xbb\x92\xe9\xa0\xed\xec\x89\x51\xce\x20\x09\xa8\x8e\xe1\xb6\x4d\x9b\x9e\x89\xf6\x90\x51\x20\x33\x84\x21\x0a\x10\x2a\x44\xd2\xd6\x70\x31\x73\xb6\x85\x07\xdc\xea\xdd\x3b\xf6\x51\x0d\xf2\xa5\xce\xfd\x9c\x80\xe4\xf3\x85\xb2\xf9\xe6\x21\x58\x13\xed\x32"},
+{{0x11,0x26,0x49,0x6a,0x58,0x2c,0xe5,0x8d,0x3d,0x61,0x8d,0xd8,0xa3,0x93,0x35,0x47,0xaa,0x7a,0x8a,0x30,0xfb,0x54,0x06,0x3b,0x8d,0xfd,0xd3,0x16,0x71,0xc6,0xc7,0x3d,},{0xe1,0x02,0x29,0xc6,0x23,0xfa,0x8a,0xd8,0x98,0x2c,0x3e,0x4c,0x36,0xff,0x52,0xdf,0x0f,0x21,0x9b,0x57,0x91,0x5b,0x6e,0x98,0x0e,0x5f,0xe7,0x2e,0xa0,0x96,0x2e,0x22,},{0xb3,0x0e,0xb5,0x6c,0xa9,0xb1,0x20,0xbf,0x84,0x9a,0x3a,0x9d,0x56,0xaf,0x03,0x3d,0xe8,0xa5,0x90,0xc9,0xe1,0x24,0x0c,0x1e,0x36,0xdb,0xc6,0xcf,0x0a,0x71,0xb7,0x8a,0x11,0xec,0x14,0x3f,0xb9,0x95,0x9a,0x8f,0x25,0xb5,0x77,0x11,0xd6,0xa9,0x0a,0x67,0xe0,0x1b,0xe3,0xa4,0xda,0x2b,0x69,0x39,0x48,0x69,0xbb,0x8d,0x64,0xb8,0x7e,0x0f,},"\x6a\x4b\x52\xd7\x30\xdd\xab\x82\x9b\x2a\x17\x95\x90\xcb\xd4\xc3\x72\x49\x8e\x9f\x43\x99\x77\xc0\xa1\x0d\xc1\x3c\x0a\xe1\x73\x6e\xaa\xff\x06\x33\x71\x43\x4f\xd0\xda\x80\x36\x0e\xc5\x89\x06\x07\xd2\xfa\xe1\xc9\xa2\xe1\xab\x0b\x7f\x3d\x66\x7f\x5b\x1b\x9c\x41\x8f\x18\xb1\x0c\x9e\x6f\xd6\x69\xd3\xeb\xec\x16\x8e\xfe\xf4\x41\x63\xe5\x77\xa2\xeb\xd0\xf2\xcb\x76\x8f\x80\xc2\x31\x88\xe8\x60\x69\xe4\xd1\x0f\x41\x03\x06\xce\xdd\x7a\x34\x1a\x61\xe0\xf4\xf3\xbc\x25\x04\x1b\xc2\xf9\x22\xed\x07\x3e\x1e\x2f\x1b\x70\x9c\x57\x9d\x10\x63\x0f\x33\x07\x17\x54\xd7\x07\x89\x4a\x1c\x62\x19\x0d\xe1\x88\x82\xc5\x64\xdc\x4c\x01\xdc\x54\x5d\xd8\x96\x64\x04\xed\x78\xfa\x32\x67\xa9\x46\x9f\x63\xb6\x12\x0a\xbb\x65\xf9\xb3\xba\x3e\xee\x28\xd7\x9c\x2e\xb4\xe7\x02\x0c\xc6\x98\x7d\xfc\x5c\x29\x67\x2f\x8c\x0f\xa3\xe6\x90\xd5\x84\xfe\x00\x0c\x64\xf3\x52\x61\x01\x79\x62\x1b\xfd\x5f\xf3\xeb\x30\xd1\x8f\x1a\x02\x50\x41\x6d\xb9\x3b\x1c\x1e\x93\xcf\x8a\x36\x46\x51\x75\x60\xd1\xcc\x8f\xff\x82\x2b\x51\xef\x27\xb2\x00\xe9\x87\xb5\x92\x39\x07\x53\x45\x3e\xf1\x38\xbd\x3d\x29\xdb\x7c\xb1\xb5\xf4\x5e\x47\x95\xb8\x9c\x53\xf4\x97\x04\x19\x27\x52\x23\x7c\x6a\xb2\x74\x84\x9f\x95\x94\xee\x97\x77\xf6\xef\xe7\x04\x83\x12\x9d\x06\x7f\x97\x19\x9d\x9a\xe3\x60\x90\x70\x38\x64\xf7\xca\x47\x50\xa6\xf3\xb6\xff\x83\x82\x4c\x91\x04\x84\x39\x4d\x1e\x2e\xce\xba\x18\x44\x6f\xe4\xe9\x94\xce\x07\x43\x3a\x74\x0d\xdd\x05\xf0\xe3\x96\xd4\x82\x89\x4e\x6f\x14\xac\xf7\xb9\x7b\xae\x6c\x7e\xb8\x87\x03\x03\x9f\xa7\x85\xd6\x0a\x3a\xf7\x8b\x13\x24\x3a\x4f\x88\xdd\xe1\xd9\x98\x61\x7f\x2e\x3f\xa7\xea\xfc\x2f\x43\x5d\xd4\xac\x1e\xa9\xc2\x38\x40\x7a\xa0\x9b\x4e\xea\x8e\xd4\x34\x92\x7b\x40\x66\x74\xac\x27\x04\x58\xcf\xb3\xbf\x29\xc3\x47\xf9\x45\x59\x61\x31\x79\xb9\x50\x21\x92\x32\x1b\x88\xe9\xaf\x0a\x90\xe9\xa4\xab\x9e\xdd\xaa\xe3\x82\xe3\x73\x4d\x14\x15\xeb\xe3\x24\x99\xc3\x4e\x6f\xde\xaf\x15\xb0\xd9\x78\x79\x85\xe0\x8d\xfe\x49\x54\x60\xc5\x4f\x67\x43\xd8\x1f\xf1\x68\x81\xe5\xe3\x0c\x51\xf4\xb0\x92\x37\x37\x83\xf1\x24\x23\xc3\xe1\xae\x85\x91\x13\x0a\x26\x99\x80\xca\xa1\xcb\x5c"},
+{{0x9c,0x16,0x7a,0xff,0x3b,0x1b,0x78,0x8f,0x13,0x3d,0x42,0x2d,0xe8,0xca,0x9a,0x64,0x31,0x64,0x09,0xf9,0xe3,0x5b,0xfe,0x22,0x03,0x2e,0xc4,0x17,0xae,0x9a,0xbc,0x6d,},{0xef,0xb5,0x34,0xf0,0xd4,0x7c,0x06,0x8e,0x77,0xb2,0x8a,0x90,0x6d,0x95,0xad,0x8d,0x21,0x3a,0x4d,0x4f,0xc1,0xc7,0x05,0x42,0xf0,0x1e,0x59,0x6d,0x57,0xb5,0xf0,0x19,},{0xc9,0xae,0x67,0xfd,0x64,0x15,0xdc,0xba,0xb2,0x92,0xfa,0xb3,0x94,0xca,0x6c,0x3b,0x7d,0x90,0xca,0x24,0x4d,0xc6,0xa7,0x76,0x4e,0x74,0xfd,0x20,0x2b,0xf4,0xb2,0x90,0x5b,0xd2,0x03,0x0e,0x6b,0xeb,0x91,0x4c,0x3c,0x23,0x8d,0xb3,0x71,0xb1,0xcb,0xa6,0xd9,0x26,0x1a,0xa3,0x92,0xec,0x87,0x1a,0x4b,0x8b,0x12,0xfe,0x9c,0x1c,0x97,0x0e,},"\x68\xac\x0f\xc2\xb6\x07\xba\x38\xe3\x77\xfa\xe8\x45\xc8\x08\xc8\xf9\xfa\x61\x4e\xb1\xf3\x11\x58\xa9\x62\x0a\x93\x7d\x3e\x30\x1e\x85\xac\xaa\x69\x14\x4b\xc3\x49\xa3\x9d\xfb\x58\x20\x41\xc4\xa1\x97\xae\x99\xb4\xd4\xd5\x9b\x7a\x2c\xa3\xd1\x62\x28\xb5\x59\x1c\xbf\x57\xc1\x8a\x78\x1e\xfd\x19\x19\x3c\x47\xb1\x6c\x60\x23\xa3\xa8\xba\x3d\x66\x8f\x05\xa3\x7f\x1e\x83\xb0\xd7\xfe\xbd\xd1\x0f\x63\xe4\x8e\xf7\xa2\x0e\x01\x5b\x1c\x67\x25\xd4\xc3\x00\xa9\x86\xc6\x0e\x3a\x11\x54\x69\xc8\xe5\x2b\xa0\x5b\x51\xc0\x5d\x0a\xf4\x0d\x89\xfd\x9e\xd7\x6f\x36\x95\x0a\xee\x3c\x78\x19\x89\x8a\x90\x3c\xfe\x03\x61\xa9\x1c\x69\x10\x0b\x49\x51\x41\xe8\x6e\xe7\x9d\x63\xd1\x74\x03\xfb\x1a\x16\x29\xef\x63\xcb\x7e\x9d\x27\x20\xcb\xff\xf0\x00\x2b\x19\x0b\xcd\xc2\x67\x94\x12\x4d\xd3\x8d\x42\xbc\xaa\x71\x75\x40\x5e\xb0\xbb\xcf\x8e\x37\xd6\x5d\x05\xa3\x71\x95\xb4\x79\x37\x1f\xa2\xbb\xbb\x16\x7d\x91\xce\xe8\x82\x35\xdd\x72\xea\x88\xfc\x73\xce\x3c\xe4\x3d\x33\xb7\x15\xf2\x5f\x19\x2e\xc2\x15\xda\xc1\x24\x89\x9c\x5e\x75\x86\xe8\x63\x40\xd8\xcb\xe5\x37\x35\xde\xfb\xe0\x2e\x4c\xc9\xfd\xe6\x9f\xb9\x79\x4d\x1d\xb7\x2b\x98\xc0\xf1\x97\x66\xee\x51\x38\xbb\xfa\x78\x90\x9a\xa2\x99\xb4\x91\x3c\x49\x9d\xea\xf5\x4b\x48\x41\xd5\x04\x48\x29\x98\x49\x36\x70\x0d\xcf\x92\xf3\x65\x42\xb2\xfc\x7e\x86\x44\x1b\x99\x25\xf5\xd0\xb7\x8c\x17\xa8\x5c\xfc\xfc\xb2\x0b\x0f\xd7\x51\x34\x9c\x27\x46\x3a\xbd\xe4\xd2\x7d\xf7\x42\x65\x28\x87\x13\xf9\x6d\xea\x01\x3b\x94\x55\x21\x80\x8b\x49\x96\xb1\xb2\xdc\x03\x38\xb6\xd2\x36\xef\xd6\xd2\xb2\x7d\xaf\xda\x46\xec\x5f\xa3\x2b\x96\x5e\x8b\xb5\xe8\xbb\x61\xbd\x96\x6e\xde\xb7\x74\x68\x1e\x0e\xa8\xc1\x7b\x8c\x99\xfa\x7d\x66\x0f\x0f\x66\xc9\xbc\x6d\x95\xcb\xd7\xdc\x09\x47\x24\x09\x8e\xb0\x51\x91\xb5\x3a\x3d\xf6\x56\x6b\x9c\x90\xe0\xd7\xdf\xf2\x94\x38\x48\xb6\x1a\x20\xd4\x8c\x22\xb6\xd3\xc9\x58\xe2\x93\xd7\x09\xc8\xf4\x81\x10\x23\x0f\xf5\x19\x18\x56\x28\x77\xda\xf6\xd9\x20\xc8\x5a\x82\xe0\x7c\x45\x1f\xe7\xae\x97\x59\xc0\xa7\x7e\x97\xbb\x29\x8b\x5d\x05\x92\xa4\x1d\x08\xf6\x7a\x4e\xd5\xa1\xbb\x41\xe9\x37\xb6\xa6\x8a\xeb\x38\xfd\x5b\xe9"},
+{{0xe9,0x94,0x88,0x05,0xeb,0x34,0x1b,0x28,0x67,0x47,0x9c,0x66,0x8f,0xd3,0x53,0x2c,0x30,0x99,0x41,0xc0,0xad,0x4c,0xb2,0xe5,0x42,0x31,0x75,0x6e,0x6a,0x1b,0xde,0xcb,},{0x54,0x47,0xa8,0xe3,0x4d,0x6a,0x64,0x00,0x02,0xd8,0xd6,0x0b,0xcf,0x1d,0xdc,0x71,0x1e,0x4c,0x46,0x5c,0x94,0xc3,0x4b,0x50,0xbd,0xef,0x35,0x89,0x60,0xff,0x81,0xf1,},{0xd3,0xdc,0x62,0xd6,0xce,0x9c,0x76,0x6f,0x2a,0xba,0xf9,0xa7,0xfb,0xe0,0x9d,0x6b,0xdb,0x07,0xa4,0x74,0x7b,0x56,0x08,0x0d,0xb0,0x9b,0xeb,0x4a,0x4e,0x80,0x4a,0x70,0xd7,0xdd,0xf4,0x11,0x94,0x75,0xc7,0xbe,0x83,0x4f,0x31,0x95,0x6f,0x4a,0x71,0xda,0xd0,0x29,0xcd,0xf2,0x36,0x3d,0xd0,0x36,0x5c,0xe2,0x2d,0xc2,0x7f,0x07,0x80,0x03,},"\x91\xcf\xfd\x7e\xb1\xcf\x6b\xd4\x75\x6b\xce\x6a\x30\xaf\x9d\xfb\xa2\x6d\xdd\x1c\xce\x03\x94\xc1\x94\xa3\xe3\x9c\xc3\xd1\xcb\xc2\x21\xb7\xeb\x70\xbe\xa1\x8d\x29\xc2\x67\x45\x71\x76\xa3\xc9\xe5\x3c\x18\xe4\x7d\x10\xa6\x7c\x46\x45\x05\x19\x77\x02\xe6\xb2\x47\x0d\x38\x86\x9d\xb5\x17\x4b\x15\x8f\x99\x92\xe4\x43\x5d\x02\x24\x6f\x54\x02\x58\xde\xdd\x3c\xe3\x3d\xf5\x82\x55\x5a\x68\x1f\xb7\x6e\xca\xcc\xb1\xc2\x98\x9b\x17\x7e\x3b\x7e\x45\x4a\xaa\x52\x9d\xe5\x9b\xf5\xa0\x31\x23\xd5\x71\xdf\x2e\x7f\x7c\xb8\x30\x80\x5c\x58\xb7\x4a\x65\x3b\xac\x0e\x5a\x88\x8e\x08\xdc\x22\x36\xd6\xcd\x49\x6a\xa0\x6d\x0d\x67\xcf\x3b\x33\x5e\x21\x8c\x49\xde\xda\xd8\x2f\xc1\xbe\x9e\xf2\x0c\xac\x61\x90\x5c\x30\xeb\x13\x2d\x73\x9b\x16\xca\x8a\x8c\x90\x66\x19\xc0\xe0\xd8\xb3\x39\x85\x32\x7e\x36\xf3\xd4\xb8\xfd\xa3\x87\xc1\x86\xcc\x50\x44\x31\x04\xdb\x76\x1f\x7f\xf9\x30\x12\x70\x20\x4a\x71\x3e\x58\x90\x21\x01\xfa\xd0\x00\xce\x93\x16\x47\xc5\x77\xfd\xec\x14\x8d\xca\x95\xcd\xc0\x89\x18\xeb\xed\x03\x7c\x60\x33\x2f\xad\xf0\x88\xf0\x36\x08\x3e\xbc\x92\xe1\x73\xb7\xdd\xcc\x30\xc4\x93\xf2\x7e\x69\xcd\x17\xa2\x0d\x30\xb7\x8f\x83\xa7\x2e\x4f\x5a\x74\x7d\x86\xd9\x6c\x5e\x1b\xb7\xa4\x38\x16\x62\x04\x01\x3e\x21\x64\xd6\xaa\xbc\x0d\x56\x2f\x54\x01\x5c\x36\x5c\x80\x44\x56\x07\x14\x5e\x56\x92\xee\x34\xf6\x35\x30\x77\xfa\xb7\x45\x2d\x88\xce\x3e\xb0\x1d\x2b\x37\x97\xdc\x91\xb3\x41\xa3\xa7\x26\x30\x15\x16\xba\xae\x18\xe8\x51\xf7\x4d\xfb\xdf\x08\x66\xbb\x23\x76\x86\x7d\xe5\x52\x31\xe3\x62\xc4\x72\xc5\x21\x16\x54\x4c\xd4\xf8\x1e\x93\x57\x1c\x4e\xc8\x20\xe7\xe6\x53\xf4\xe2\x1b\xe0\xa9\x42\x57\x6c\x9d\xe9\x1e\x7d\x12\x51\x68\x3d\x85\x9d\xe4\x48\xf8\x22\xdc\xf3\xd2\xcf\x55\xed\xe2\xf9\xc7\x1b\x60\x63\xd1\x37\x30\x61\xf8\xf5\x93\x6b\x69\x8d\x13\x84\xe6\x54\x59\xea\x2b\xc2\x6e\xc9\x67\x75\xef\x42\x52\x07\x43\x2d\xda\x0a\xc1\xfe\x28\x52\x6c\x5e\x45\x59\x34\x9c\x3d\x8d\xf9\x91\x82\x30\xf4\x04\x46\x83\xcc\x2c\x1b\x85\x8d\x14\x1a\xb8\xd0\x80\x5b\xb9\x33\x60\x67\x52\x2a\xa8\x9c\x81\x0f\x3e\xaa\x7a\xc2\xd8\xdd\x28\xc3\x75\x12\x25\xa1\x9e\xce\xc8\xbc\xca\x52\x43\x99\x46"},
+{{0xb0,0x17,0x53,0xef,0xa7,0x3b,0xb3,0xde,0x7a,0xa7,0x78,0xbe,0x7a,0xfc,0xbf,0xf6,0x6a,0x5d,0x3e,0x2c,0x2f,0x8b,0x5a,0xa2,0xb0,0x48,0x84,0x40,0x50,0x99,0x69,0x65,},{0xd0,0xcc,0x6c,0xf1,0x09,0xc9,0x99,0xfb,0xf6,0xd1,0x6f,0x47,0x1f,0xaf,0xd0,0x23,0x2b,0x0a,0x68,0xd4,0xc4,0x64,0x06,0xec,0x75,0x45,0xdb,0xab,0xa8,0x19,0x41,0x58,},{0x16,0xb7,0x42,0x12,0x27,0xae,0x09,0x13,0x06,0x85,0xcb,0xb1,0xa0,0xc6,0x0a,0xa5,0x7a,0x5e,0x1a,0xfe,0x1b,0xbe,0x6b,0xac,0xea,0x0c,0x28,0x1b,0xcc,0x89,0x98,0xe6,0x82,0x4a,0x77,0x2c,0x32,0x08,0xa6,0xb6,0xb4,0xd2,0x36,0x69,0x55,0x05,0xc9,0xbe,0x82,0x70,0x0c,0xf9,0x3a,0x78,0x39,0x85,0xa3,0x9e,0x16,0xe3,0x77,0xa7,0x41,0x0e,},"\x68\x4e\x61\x2f\x27\xee\xad\x0d\x34\x84\x4c\xc8\x1b\xa9\x11\xc2\x8a\xaf\x6d\x66\xe7\x12\x29\xe8\xcc\x34\x62\xf7\xc7\xa0\x50\xda\xa3\x0c\xb7\x44\x71\x15\x0f\x07\xda\xd4\x59\xb5\xa9\x13\x58\x47\x6c\x05\x98\x25\x5d\x8a\x64\x2d\xd7\xc0\x80\x28\x11\xbd\x88\xe4\xca\xc5\x97\xef\xe4\x1e\xbd\x96\xcd\x0f\x3b\x5c\xe7\x2d\xb4\xbe\x1a\x3d\xbd\x6b\x84\xf5\x44\x6e\x3d\xa6\x00\xd3\xb1\xd2\xb4\x60\xa0\x09\xbd\x31\xca\xcd\x98\xa9\x15\x18\xce\x33\xe9\xa7\x03\xd4\x04\x28\x87\x36\xcc\xc4\x31\x03\xfc\x69\xe6\x79\x74\xf3\x16\x52\xfa\x3d\xad\xef\x33\x37\xf6\xc8\x97\xa3\xd2\x01\x30\x3c\x8f\x03\x59\x7b\x4a\x87\xc9\x8f\x29\x1c\xcd\x58\xa3\xf1\xe8\x98\x33\x2a\xa5\x99\x3b\x47\xfc\xb5\xdd\xaa\x1c\x08\x68\xb6\x43\x74\x2d\x0e\x4a\x4b\x9c\xd4\x27\x03\x8b\x3b\x74\x99\x9b\xc8\x9a\xc3\x48\x4c\x0c\xa1\x3f\x25\xaa\xe8\xe7\x8a\xe1\xcc\xee\x62\x18\xac\xca\xb8\x1a\x4f\x69\x4f\x53\x24\xa3\x47\x62\x9d\x49\xb5\x5e\x40\x37\x50\x4a\x9a\xcc\x8d\xf5\x8c\x68\x41\xdd\xdc\xd4\xfc\x43\x47\xf7\xb6\xf1\xfd\x9d\xe0\x56\x45\x77\xe6\xf3\x29\xed\x95\x1a\x0a\x6b\x91\x24\xff\x63\xe2\x2e\xb3\x6d\x3a\x88\x63\xbc\x1b\xf6\x9c\xea\x24\xc6\x05\x96\x7e\x7d\x89\x48\x95\x3f\x27\xd5\xc4\xc7\x5f\x08\x49\xf8\x72\xa3\xe3\xd1\x6d\x42\x2f\xa5\xa1\x1e\x1b\x9a\x74\xdf\x6f\x38\xb9\x0f\x27\x7d\x81\xfc\xe8\x43\x7a\x14\xd9\x9d\x2b\xef\x18\x9d\x7c\xac\x83\xdd\xc6\x13\x77\xed\x34\x8b\x3c\x4f\xc0\x9e\xc2\xb9\x00\x59\x25\xd0\x4a\x71\xe2\x6d\x64\x16\x67\xbd\xf5\x49\x29\x43\x31\xc6\xea\x01\xcd\x5c\x0b\xd1\xb6\xa7\xec\xfd\xa2\x0b\x0f\x19\x29\x58\x2b\x74\x69\x7c\xb2\x62\xc3\x92\x7d\x6b\x22\x3f\x4b\x5f\x30\x43\xaa\x6e\xb4\x57\x1a\x78\xe9\xda\x11\xc2\xb3\x6f\x64\x55\x25\x80\xca\xa7\xb5\xfa\x6b\x90\xf9\x29\xe0\x16\x2e\x60\x8d\x12\x40\xd7\x24\x2c\xd2\xf4\x70\x25\xc0\x3d\xeb\xe0\x59\xb1\xdc\x94\x77\x02\x32\xbc\x67\x65\x14\x84\x80\xbb\x1d\x9f\x50\xda\x1e\xe6\x44\x8c\xf9\xc8\x8b\x19\xdd\x45\x99\x32\xc0\x6e\xd8\x11\xc4\xa6\x4a\x12\xd5\x93\x8b\xd1\xc7\x57\xbc\xfa\xea\xee\x89\x33\xfe\x5f\xff\x21\x76\x3d\xe7\x40\x48\x2b\xcf\x1b\xa5\x9a\xfd\xc8\xfc\xf8\x73\xc3\xd5\x07\xbb\x39\x4e\x32\xe4\x5f\x73\x65\x19"},
+{{0x4f,0x4b,0x20,0xd8,0x99,0x36,0x6f,0x2f,0x23,0xee,0x62,0x8f,0x22,0x9b,0x23,0x6c,0xf8,0x0f,0x43,0xba,0x18,0x31,0x77,0xc9,0x7e,0xe3,0x48,0x29,0x54,0x6f,0x17,0x42,},{0xc9,0x45,0x76,0x64,0x1f,0x4a,0x89,0x3c,0xdf,0xce,0xe7,0xb3,0x9f,0xc2,0x19,0x29,0xb8,0x6b,0x34,0x99,0x76,0xd7,0xb0,0xa4,0x6d,0x39,0xa5,0x88,0xbc,0xfe,0x43,0x57,},{0x0f,0x80,0xff,0x5d,0x17,0x48,0x8f,0xe2,0x6f,0x93,0xc5,0x43,0xb0,0x4e,0xd9,0x59,0xb5,0xf0,0x64,0x3f,0xc6,0x1c,0x7f,0x2c,0x3b,0xc6,0x01,0x32,0xba,0x9c,0x62,0x10,0xc8,0xb2,0x50,0xea,0x5e,0x84,0xd0,0x7b,0x01,0xde,0x68,0xbc,0x17,0x44,0x14,0xee,0xeb,0x31,0xfd,0xc2,0xba,0x68,0x23,0xe2,0x31,0xe3,0x12,0xa9,0x1e,0xde,0xdd,0x02,},"\xdb\x8e\xf0\x2e\x30\x33\xe6\xb9\x6a\x56\xca\xb0\x50\x82\xfb\x46\x95\xf4\xa1\xc9\x16\x25\x0d\xd7\x51\x73\xf4\x30\xa1\x0c\x94\x68\x81\x77\x09\xd3\x76\x23\x34\x6a\xe8\x24\x5b\x42\xbd\xa0\xda\x6b\x60\x46\x2c\xcf\xdf\xc7\x5a\x9a\xb9\x94\xe6\x6c\x9a\xb9\xfe\xcd\xd8\x59\x96\x10\x91\x0a\xff\xe4\xf1\x02\x15\xcb\x28\x0b\xf8\xf9\xf2\x70\x0a\x44\x47\x96\xda\xe9\x3e\x06\xc6\xbe\xa7\xd8\xb4\xfe\x13\x01\xba\xa7\x9c\xce\xc7\x69\x36\x8f\xeb\x24\x42\xc7\xde\x84\xf0\x95\xe6\xb3\xbf\xf6\x3d\x38\x8c\xba\xfb\x2b\x98\x09\xdc\x38\xe9\xb1\x2e\xbd\x03\x9c\x0a\x57\xf4\xd5\x22\xe9\x1e\xc8\xd1\xf2\xb8\xd2\x3a\x4a\x0a\xe0\x59\xaf\x85\x39\x3b\xb0\xa1\x5f\x74\x91\x10\xf6\x77\x4a\x1f\xd7\x31\xa6\xec\x21\x3e\x4f\xf4\x35\xda\xab\x54\x6d\x31\xed\x9e\xc3\xb6\xd8\xcc\x2e\xda\xce\xbf\x4f\xac\xc5\x56\x65\x56\xee\xa9\x2e\x5b\x3f\x25\x42\x23\x9b\x25\xe2\x80\x12\xdd\x4e\xf4\x00\x72\xee\xbf\x83\xed\x2a\x25\x51\x81\xf3\xa4\x42\x18\x9d\x68\xc6\xc6\x09\xf4\xdf\xdf\x3d\xb7\xd6\x7d\x08\x7a\x2f\xcd\x6d\x2d\xc5\x0b\xbf\xed\x8b\xfb\xbf\xcb\x74\xd3\xc4\x1f\x02\xa8\x78\x65\xb1\x3b\x8e\xfc\xf5\xc3\x58\x12\x57\xbe\x0a\xa9\x13\xf6\x0c\x37\x05\x27\xbd\xe1\x1a\x47\x5c\x13\x6a\x17\xc5\xee\xfe\xb0\x3f\x5b\xff\x28\x69\x3e\xd8\x41\xe8\xed\x1f\x7c\x29\x10\x2f\x55\x99\xdd\x44\x40\x09\xbc\xea\x6a\x92\xd5\x57\x41\x52\x45\x8e\x0c\xaf\x8a\x36\xaa\x72\xb5\xdc\x49\x08\xa6\x46\x1c\x9b\x74\x14\x53\x00\x5c\x8f\xbc\xc6\x81\x13\xae\x18\x42\x08\xee\x14\xb8\x35\x48\x0c\x6e\xfa\xfe\xd1\x8a\x76\x00\x0b\x38\xe5\x85\x82\x90\xf4\xd5\x1f\x52\xf0\x96\xcb\xe4\x90\xe1\xeb\x5c\xac\xb2\x26\xec\x49\x5a\x55\xa7\xfa\x45\x78\x43\xd5\x7f\xab\x67\xf8\xbe\x7e\x20\x93\x34\x78\x5b\xdd\x66\x5d\x7b\x63\xe4\xda\xf5\x7b\x6e\x78\x92\x8b\x60\x3c\x8c\x0f\x9b\xc8\x54\x64\x73\x3b\x61\x27\x3e\xf9\xe2\xb8\xa0\xcd\x7c\x3b\xf8\xee\x0a\x68\x72\xe3\x4d\x5a\x27\xa6\x25\xe3\x5e\xaf\x7f\xf5\x44\x0b\x8b\x14\x1a\xf7\x04\xdf\x70\xc9\xc1\x86\x23\xbd\x11\x20\x95\x13\x19\x25\x05\x10\x5c\xd7\xbc\xfa\x5f\x0d\x91\x9d\xa7\x06\x94\x8f\xbe\x1f\x76\x1f\x31\x58\x46\xaa\x3b\x48\x13\xdd\x9b\xa3\xd8\x1b\x92\x04\xe5\x40\x9c\x03\x82\xb6\xeb"},
+{{0xd2,0xe0,0x1d,0x25,0x78,0xb6,0x25,0xa7,0x06,0x0a,0xab,0xc2,0x57,0x65,0xf1,0x68,0xc6,0x80,0xce,0xf7,0x67,0xaa,0x97,0xca,0x0e,0x5e,0xb3,0xd6,0x67,0x47,0x4b,0x2a,},{0x19,0x1a,0xc2,0x23,0x57,0x54,0x24,0xaa,0x35,0x4b,0x25,0x5b,0x81,0x2d,0xd3,0x02,0x5d,0x70,0xed,0x82,0x9e,0x08,0x26,0xc0,0x16,0x29,0xf9,0xdf,0x35,0x45,0x08,0x2b,},{0x87,0xa0,0x10,0x39,0x4a,0x9f,0x2c,0x90,0x4e,0xff,0xef,0xca,0x9f,0xb4,0xd5,0xce,0x13,0x79,0x33,0x01,0xa4,0x92,0x5b,0xa5,0x1d,0xb1,0x19,0x12,0x3a,0x4d,0x73,0x0a,0xbf,0x76,0x4c,0xe0,0x65,0xe4,0x8d,0x90,0xa7,0x9d,0x90,0x7d,0x72,0x54,0xc4,0x0c,0xc3,0x58,0x98,0x7a,0x46,0x94,0x9e,0x92,0x8b,0xbb,0x3c,0xd0,0x85,0xdf,0xab,0x06,},"\x20\xd5\xdd\x69\x9b\x28\x53\x30\x2a\x68\x17\x09\x4d\x5e\xa5\x12\xbd\xf8\x53\x45\x04\xcb\x28\x9c\x60\x24\x67\x41\x07\x40\xec\x7e\xb8\xea\x64\x42\xc8\x0f\x14\x59\x35\x06\x8f\x91\x22\xfd\xf4\xa3\x9f\x20\x10\xf3\x3d\xb5\x5b\x81\x4d\x97\xbf\x2e\x58\x72\x32\x9f\x11\x26\xd4\xeb\x95\xb8\x06\xca\x19\x73\x11\x31\x65\xb1\x16\xbe\x87\x16\x37\x1f\x81\x33\x17\x79\xdc\x79\xa5\xcb\x39\x42\x08\x1a\xb5\xf2\x07\xf6\xb5\x3d\xb0\xe0\x03\x81\x07\xd6\x3c\xa9\x77\x08\x18\x19\x82\xdc\xb5\xf3\xb9\x30\x10\xec\x6e\xdf\xb2\xcf\xd3\x1c\xab\x00\x09\x0b\x3c\x38\x51\x5f\x97\x81\x76\x96\x86\xcb\x17\xab\x81\xd5\x4a\x8b\x77\x57\x54\xd4\x2f\xba\xd0\x86\xb8\x0b\x28\xd6\x36\xf7\x8b\x7e\xb7\x7e\xd9\xca\x35\xb6\x84\x3a\x51\x0f\x0a\xd0\xac\x1b\x20\x26\x7a\x00\x03\x01\xb3\xc7\x07\xa2\x0f\x02\x14\xd5\x9b\x5b\x81\x99\xc2\xf9\xee\x25\xd3\x20\x60\xac\xe3\xe0\xf2\x59\x46\x50\x41\x6a\x00\x71\x6c\xd3\xf9\x86\x04\xa5\xe1\x04\xb3\x33\x10\xfd\xae\x94\xc3\x14\x01\x3c\xdc\xa5\xba\x24\x14\x40\x9e\xb7\xf1\x90\x13\x94\xf0\x07\xd6\xfa\x0a\x29\xdb\xe8\xec\x3d\xf9\x8c\x39\x3c\x8d\x72\x69\x58\x77\xcc\x9b\xaf\x49\x1e\xf3\x0e\xf7\xdb\x33\x71\x60\x8c\xa9\x7c\xc6\x21\x56\x25\x20\xee\x58\x1d\x5d\x1c\xdb\xc7\x82\x32\xd6\xc7\xe4\x39\x37\xb2\xcc\x85\x49\xe6\xf1\xe0\x8d\xf5\xf2\xea\xc8\x44\xfe\x0f\x82\x2b\x24\x83\xad\x0a\x5d\xe3\x3b\xe6\x40\x89\x49\x0e\x77\xd6\x98\x00\xfa\xe2\x58\x9e\xe5\x87\x12\xac\x15\xa3\xf1\x9e\x6f\xfd\xbc\xa4\x2f\xe1\x89\x4e\x88\x9b\x94\xc0\x4b\x04\x24\x0d\xaf\xb0\xb2\x73\x0c\x23\x6b\x8c\xce\xb2\xcb\x97\xaf\xd1\xd5\x15\xdc\x19\xd1\x06\x7f\xd4\xab\xa8\xce\x29\x7f\xd6\xd1\x10\xb3\x5a\x21\xbd\x3c\x07\x5c\x57\x7d\x93\xfe\x1d\xf7\x7d\x64\x8f\x71\x19\x49\x20\x99\xb0\x17\xaf\x44\xeb\xa0\x9c\x80\x7f\x11\xa4\xc3\xf4\xa1\x1a\x2f\xff\x30\x6a\x72\x8b\xa7\x89\x83\x32\x3c\x92\xa2\xfd\x5f\xcc\x80\xc1\x8d\x42\x34\x26\xf8\x23\xa7\x3f\xe0\x40\x94\x95\x52\x84\x29\x3f\x5f\x6b\x3c\xa4\xff\x10\x80\xdb\xb1\xe4\xc6\xf7\x4c\x1d\x93\x5e\xd2\x1e\x30\x09\x4c\x7d\xe3\x36\xb8\x2d\xd8\x20\x0b\x0d\x65\x95\x83\xc5\xbf\xd5\x47\x0f\x9d\xb3\x42\xe7\x0e\xc4\x00\x07\x42\xc5\x64\x0a\x21\x4e\x3c\x2e"},
+{{0x7c,0xd7,0xec,0x99,0xdd,0x03,0xae,0xde,0x1f,0xf1,0x07,0x3e,0xc2,0xca,0x70,0x10,0x27,0x6e,0x94,0x7e,0x2a,0xa9,0xb0,0xe6,0x5f,0x87,0x7e,0x4c,0xcf,0x1b,0x3a,0x14,},{0xe4,0xc3,0x9d,0xbe,0x94,0x93,0x17,0x6b,0x82,0x13,0xf1,0x42,0x2a,0x9d,0xe7,0xc7,0x4f,0xb6,0xa5,0x91,0x90,0xfc,0xdb,0xf6,0x37,0xc7,0xad,0x5e,0xe1,0x65,0xc0,0x4f,},{0x6f,0x99,0x20,0x27,0x70,0x96,0x45,0x35,0xe4,0x83,0xa0,0xee,0x01,0xa5,0x29,0x44,0x2e,0xb3,0x21,0x30,0x3f,0xa8,0x05,0xd4,0x75,0x60,0x4d,0x7f,0xc7,0x28,0xa9,0x10,0x3f,0xb7,0xb5,0x58,0xb9,0x55,0xf4,0xd0,0x37,0x19,0xee,0xfa,0xa3,0xb7,0xed,0x5b,0x0d,0xa7,0x57,0x10,0xbb,0x98,0x78,0x7f,0x5c,0x22,0x82,0xed,0x66,0xe9,0xf6,0x0c,},"\xa6\x03\x4a\xa3\xc2\x48\x49\x23\xe8\x0e\x90\xe5\xa8\xe1\x74\x83\x50\xb4\xf2\xc3\xc8\x31\x9f\xaf\x1a\x2e\x32\x95\x15\x0a\x68\xe1\xee\xca\x1b\xc8\x49\x54\xcc\x89\xd4\x73\x1a\x7f\x65\x12\xaf\x01\x46\x4f\xdb\xce\x5d\xf6\x8e\xe8\x06\x6a\xd9\xa2\xfd\x21\xc0\x83\x5a\x76\x55\x9c\xa1\xc7\x44\x9a\x93\x3b\xcb\x15\xaf\x90\x22\x3d\x92\x5f\xf6\x1c\xd8\x3e\xb9\x35\x69\x83\x47\xa5\x70\x72\x70\x9a\x86\xb4\xe5\xa7\xa6\x26\xe0\x7a\x3f\x2e\x7e\x34\x1c\x77\x83\xa5\x40\xf8\x4a\xa7\x3e\x91\x7e\x86\x7b\xb8\x0b\xac\xe6\x25\x47\x05\xa9\xd1\xa1\x18\x5d\xe5\x6e\x1a\x4e\x78\xaa\xf5\x39\xe7\x49\xb8\xf7\x65\xbd\x05\x2c\x4c\xd1\x5b\x63\x8b\xf8\xec\xf8\x7d\x98\x14\x60\x6f\xed\x5a\x69\xf4\xda\xe9\xda\x47\xf3\x80\x6d\xd9\x0b\xe6\x4f\xcc\xd3\x36\x5c\xbe\x9e\x01\xc5\x88\xfe\x65\xd6\xb6\x03\x28\x07\x40\x96\x2a\xa8\xdd\xb9\x5a\x3f\x4f\x67\x4c\x03\xbc\x40\x43\x09\x2c\x54\x45\x95\x56\x82\x70\xa2\xc2\xa8\xaa\x06\xe3\xf6\x7c\x31\x99\x8c\x50\xb9\xa5\x8a\xca\xd0\x06\x90\xd3\x84\x81\x14\xcb\x19\x32\x93\xc8\xac\x21\x01\x6f\xd9\x96\xf5\xc6\x42\x14\x06\x4f\x82\x16\x7b\x2c\x92\x0c\xd8\xa8\x39\x75\x58\x52\xac\x77\xc3\xd9\x05\x26\xdd\x3a\xdb\x96\x83\x7c\xf4\xe7\x26\xf3\x4b\xd0\x29\x55\xcb\xac\x5b\x82\xc9\x2c\xf4\xaa\x8b\x54\xbb\x6e\x43\x6d\xae\x9b\xf8\x93\xef\x05\x0c\x6f\x13\x5a\x7e\x62\xfc\xd8\x34\xda\xc1\xd2\xbe\x8b\x8e\x59\xd6\x96\x13\x18\x11\x70\x1c\x43\x18\xbb\x6e\x9b\x5a\x20\xbe\xc6\x56\xfd\x2b\xa1\x92\xe2\x73\x2f\x42\x29\x63\xbe\xd4\xa4\xfd\x1e\xc9\x32\x63\x98\xdc\xe2\x90\xe0\x84\x8c\x70\xea\x23\x6c\x04\xc7\xdb\xb3\xb6\x79\x21\x44\x0c\x98\xd7\x27\x53\xf6\xa3\x32\xea\xad\x59\xfd\x0f\x57\x74\x29\x23\xfb\x62\x5f\xef\x07\x0f\x34\x22\x5e\xa0\x6c\x23\x63\xd1\x23\x66\x6b\x99\xac\x7d\x5e\x55\x0d\xa1\xe4\x04\xe5\x26\xb5\xb2\x29\xcb\x13\x0b\x84\xb1\x90\x3e\x43\x1c\xdb\x15\xb3\x37\x70\xf5\x81\x1d\x49\xfb\xd5\x0d\x60\xa3\x47\x4c\x0c\x35\xfc\x02\x1d\x86\x81\x81\x9e\xc7\x94\xcc\x32\xa6\x34\xbc\x46\xa9\x55\xaa\x02\x46\xb4\xff\x11\x24\x62\x3c\xba\xfb\x3c\xb9\xd3\xb9\x2a\x90\xfd\xe6\x48\xe4\x14\x63\x61\x92\x95\x2a\x92\x29\x1e\x5f\x86\xef\xdd\xb8\x9c\xa0\x78\xae\xa7\x71\x7f\xc7"},
+{{0xe3,0xca,0x37,0x13,0xa2,0xfd,0x41,0x2a,0xd5,0x33,0x6b,0xc3,0x56,0xb7,0x7b,0xe0,0x27,0xd5,0xb7,0x08,0x15,0xb3,0xac,0x2a,0xec,0xd8,0x34,0x0e,0xf5,0xf8,0x89,0xb1,},{0x1d,0x51,0x6c,0xb8,0xbe,0xf1,0x16,0xa0,0xc1,0xb6,0x92,0x90,0x09,0x93,0x3f,0x6e,0xb6,0x2c,0x23,0x05,0x07,0x45,0xfe,0x7e,0x8d,0x3c,0x63,0x16,0x23,0x77,0x81,0x11,},{0xb3,0x85,0x7e,0xa6,0x1b,0xaa,0x9e,0x62,0x83,0x8c,0x4e,0x3a,0x99,0x65,0x02,0xd3,0x36,0x4f,0xe1,0xec,0x59,0x42,0x58,0x35,0x50,0x73,0xdd,0x10,0xe4,0x97,0xc6,0x00,0xbe,0xfb,0x1f,0x8f,0x23,0x3f,0xd6,0xe3,0xb2,0xc8,0x7f,0x10,0xdc,0xb7,0x26,0x1a,0xaf,0x34,0x81,0xbf,0xd0,0x90,0x26,0x05,0xac,0xcc,0x90,0x0f,0xef,0x84,0xd4,0x07,},"\xdd\x99\xba\xf2\x95\xe0\x13\xee\xd1\x07\xba\x8a\xf8\x11\x21\xaa\xf1\x83\x5a\x3c\xca\x24\xf8\xe4\x64\xb4\xcf\xca\xa3\xc7\xbf\xfe\x6f\x95\x36\x01\x6d\x1c\x8c\xf3\x75\x03\x8c\x93\x27\xe8\xe2\x1b\x00\x40\x66\xf5\xea\xc0\xf7\x6a\x3e\x8e\xdf\xb0\x7b\xe8\xbd\x2f\x6b\xc7\x9c\x3b\x45\x6d\xe8\x25\x95\xe2\xc2\x10\x5b\xb1\xb0\xaa\xba\x5e\xee\xe1\xad\xef\x75\x21\x67\xd6\x33\xb3\x22\xeb\xf8\xf7\xcd\x5f\xbf\x59\x50\x8f\xdb\xdb\xec\xf2\x5e\x65\x7a\x9c\x70\x50\xaf\x26\xa8\x0a\x08\x5b\x08\x17\xc6\x21\x7e\x39\xac\xd5\x4c\xb9\xfa\x09\x54\x0f\xc7\xbd\xc5\x22\x6d\x6a\x27\x6d\x49\x2c\xc8\xa3\xdf\xfc\x2a\xbc\x6d\x0b\x9f\xb0\x8c\xbc\xcd\xd9\x43\x2e\x44\x98\x21\xa5\xdc\x98\xcf\xb3\xa4\x18\xe5\x39\xc8\x90\xfe\x5a\x04\x46\xb9\xf8\x1d\x30\x67\x00\x92\x7a\xde\x61\xcf\xdc\xc0\x62\x4f\x13\xb5\x84\x07\x48\x77\x46\x04\x80\x57\x31\xd9\x2e\x77\xd5\xde\xf6\x6b\xe4\x4c\xc8\x17\x94\x6f\x1c\xd7\x58\x19\x6c\xf4\x80\xf9\x9e\x71\x17\x83\x5c\x4c\x87\xcb\xd6\x40\x77\xa5\x62\xa8\x0c\xf1\x1d\x8c\xa6\x5b\xe7\xa9\x4d\x92\xb9\xdd\xae\xa9\x97\xe9\x3f\x14\x48\x57\x7e\xd6\xd8\x43\x6b\x2f\x31\x44\x69\x2c\x1f\xd7\xd2\x8a\x03\xe9\x27\x4b\xc9\xe8\x66\x9d\x85\x75\xf5\xde\x20\xcf\xbd\xbc\xb0\x4e\x9f\x39\xf3\x45\x1d\x70\x48\x37\x5e\x26\x98\xe7\x22\x84\x6c\xb4\xf2\xd1\x9a\x81\x0c\x53\xd4\xc1\xa6\xc3\xb7\x70\xfb\x40\x2d\xf0\x53\x0e\x7b\x29\x07\x22\x3f\xd0\x89\x9e\x00\xcb\x18\x8c\xa8\x0c\x15\x31\xb4\xe3\x7f\xba\x17\x6c\x17\xa2\xb8\xf5\xa3\xdd\xc7\xa9\x18\x8d\x48\xff\xc2\xb2\x72\xc3\xda\x9c\x9b\x89\xdf\xe5\x3f\x2f\xe7\xe3\x67\x2f\x91\xd1\x18\x18\x49\x1a\xce\x14\x0a\xdc\xae\x98\x50\x2e\x11\x4f\x4b\x35\x2b\x90\xe2\xe7\xfb\xd3\x33\xb2\x45\x9e\x7f\x15\xdd\x07\x64\xc9\xc3\x4e\x4c\xb7\xcc\x09\x55\x00\xcd\xa0\x35\xe8\xe2\xe4\xe3\xc8\xfd\x5d\xf5\xf3\xaa\x57\x9a\x73\x5d\xd8\xa9\xf1\x9e\xf3\x36\xfa\x97\x11\x14\xe4\x66\x18\x73\x4a\x4c\x13\xd3\x0c\x81\x12\x8c\xa2\x1d\xef\x47\x33\x01\x03\xd2\x3d\x80\xff\xe6\x74\x21\xa6\xcc\xf9\xf3\x6a\x93\xf0\x56\x03\xc5\x99\xee\x10\xb0\x34\x51\xf3\x6b\x21\x33\xc1\x87\xa7\x9a\xd9\xe6\xfd\xfb\xb1\x25\x95\xab\x73\xbb\x3e\x2e\x2e\x43\x03\x0f\xd3\x7e\x59\x1c\xf5\x5d"},
+{{0x29,0xa6,0x3d,0xcd,0x48,0xa3,0x51,0x77,0x14,0x11,0xfd,0xdc,0xab,0x46,0xbb,0x07,0x1e,0x91,0x49,0x85,0x76,0xe8,0xd0,0x2f,0x8b,0x60,0x44,0xf5,0xbd,0xd3,0xed,0x90,},{0x39,0x23,0xfd,0xcc,0x2a,0x9f,0xe5,0xca,0xbf,0x6e,0x99,0x32,0xe4,0x6d,0xbd,0x2b,0x7f,0x36,0x32,0x50,0x0f,0x9d,0x95,0x55,0x2d,0xb2,0xb0,0x45,0xbc,0x41,0x16,0x6f,},{0x12,0xbf,0x62,0x95,0x93,0xe2,0xca,0xad,0xc9,0x10,0xec,0x40,0xbf,0xe2,0xb7,0xa6,0x25,0x14,0x12,0x6b,0x16,0xba,0x3a,0x43,0x8d,0x88,0xe2,0xd2,0x1f,0x59,0x5a,0xae,0xe8,0xab,0xfa,0x4a,0xf2,0xec,0x87,0x03,0x61,0xd0,0xea,0x04,0xdf,0xc8,0xc6,0xa3,0x30,0xfb,0x28,0x41,0xc2,0xd8,0x21,0x1a,0x64,0xfa,0x1e,0x7e,0x7d,0x27,0x38,0x00,},"\xff\x18\xca\x0c\x20\x4c\x83\x86\xa4\xaa\x74\xec\x45\x73\xc7\xb6\x92\x16\xb3\x14\x70\xda\xed\xd9\x6a\x4f\x23\x02\x11\x6c\x79\x55\xd7\x2d\xac\xc8\x8e\x37\x14\x55\x0c\x09\xe6\xf7\xb9\xa8\x58\x62\x60\xdc\x7e\x63\xda\x4c\x63\x3b\xae\x01\x62\xe1\x16\xe5\xc1\x79\x7b\x78\xd8\x7d\x47\xff\xee\xa3\xd7\x81\x9d\xf9\xc8\x52\xf0\xff\x30\x93\x6a\x10\x5d\x3a\xf5\x53\x1a\x8f\x89\x54\x97\x11\xc1\x4c\x2d\x3e\xe1\x15\x64\xe7\xc8\x52\x5b\xd5\x88\x64\x00\x97\x62\xa0\x55\x41\xd8\xe0\x7a\xd8\x41\xa5\x5a\x6a\x9a\x00\x7e\xf2\x09\xcc\xec\x4b\x56\x40\xba\xbe\x35\x65\x1b\x61\xdf\x42\xde\x4d\x91\x0e\xe7\x3a\x93\x3c\x0b\x74\xe9\x95\x75\x7e\x84\xa9\x9e\xb0\x34\xf4\x18\x07\x18\x3c\x90\xca\x4e\xa8\xd8\x4c\xdb\xa4\x78\x61\x3c\x8e\x58\x7c\xb5\xf8\xfb\x6a\x05\x50\x81\xda\x6e\x90\x22\x0d\x5d\x86\xe3\x4e\x5f\x91\xe4\x88\xbd\x12\xc7\xa1\xa6\xb3\xc9\xfc\xe5\x30\x5e\x85\x34\x66\x58\xef\xfa\x81\x0d\x0e\x8a\x2a\x03\x9d\xb4\xa4\xc9\x49\x65\xbe\x40\x11\xf9\xd5\xe5\xda\x26\x62\x33\xe6\xc4\xe1\x8e\xd4\xf8\xa2\x5a\x57\xe4\x0a\x59\x1c\x7e\xd5\x90\xc0\xf8\xb1\xa1\x19\xc7\xc9\x74\x7f\x69\x1b\x02\x19\x6c\xd1\x8e\x69\x45\x21\x3f\x1d\x4c\x8c\x95\x79\xc6\xe0\xa2\xac\x45\x92\x41\x28\xd6\xd9\x2c\x8e\x4c\x66\x06\x53\x20\x35\x3d\x48\xd1\xd5\xe1\x31\x94\xd9\x05\xf8\x37\x07\x8f\x8d\xac\x0b\x68\xcf\x96\xae\x9e\x70\x55\x4c\x14\xb2\xfa\x29\xb1\x96\x30\xe4\xb0\xf5\xd2\xa7\x67\xe1\x90\xef\xbc\x59\x92\xc7\x09\xdc\xc9\x9a\xa0\xb5\xaa\xf4\xc4\x9d\x55\x13\xe1\x74\xfd\x60\x42\x36\xb0\x5b\x48\xfc\xfb\x55\xc9\xaf\x10\x59\x69\x27\xbc\xfa\xd3\x0b\xac\xc9\x9b\x2e\x02\x61\xf9\x7c\xf2\x97\xc1\x77\xf1\x92\x9d\xa1\xf6\x8d\xb9\xf9\x9a\xc6\x2f\xf2\xde\x3b\xb4\x0b\x18\x6a\xa7\xe8\xc5\xd6\x12\x39\x80\xd7\x59\x92\x7a\x3a\x07\xaa\x20\x8b\xee\xb7\x36\x79\x5a\xe5\xb8\x49\xd5\xda\xe5\xe3\x57\x37\x10\xaa\xa2\x4e\x96\xd5\x79\x1e\x27\x30\xd0\x27\x0f\x5b\x0a\x27\x05\xba\x51\x5d\x14\xaa\x7e\x6f\xa6\x62\x23\x75\x37\x7f\x9a\xba\x64\xd0\x25\x69\xa2\x09\xd3\x3d\xe6\x86\xe0\x89\xec\x60\x11\x8e\x48\x14\xff\xc6\xc0\x77\x8c\x64\x27\xbc\xe2\xb6\xb8\x44\xcf\xcd\x5a\x7c\xed\x0e\x35\x30\x3f\x50\xa0\xdf\xe5\xdf\x5d\xde\x1a\x2f\x23"},
+{{0xc7,0x18,0x8f,0xdd,0x80,0xf4,0xcd,0x31,0x83,0x9e,0xc9,0x58,0x67,0x1e,0x6d,0xd0,0x8b,0x21,0xf9,0xd7,0x52,0x8c,0x91,0x59,0x14,0x37,0x34,0xf9,0x4b,0x16,0x98,0x83,},{0x01,0x97,0x52,0xff,0x82,0x9b,0x68,0x59,0xb9,0x05,0x8d,0x00,0xc2,0x79,0x5e,0x83,0x56,0x55,0x44,0x06,0x75,0x75,0x3f,0x37,0xe8,0x5e,0xb7,0xbc,0x58,0x39,0xc4,0xca,},{0x35,0xc1,0x70,0xdd,0x0c,0x6d,0xc2,0x92,0x0a,0x59,0x57,0x75,0xd8,0xe2,0xdd,0x65,0x24,0x3e,0x9c,0x1b,0xf9,0x6e,0xf4,0x27,0x79,0x00,0x1e,0xd4,0x5f,0x01,0xb7,0xdf,0xeb,0xd6,0xf6,0xa7,0xdc,0x2d,0x38,0x6e,0xf4,0xd2,0xa5,0x67,0x79,0xeb,0xe7,0x7f,0x54,0xe5,0xae,0xcf,0xda,0x2d,0x54,0xa0,0x68,0x47,0x6b,0x24,0xdb,0xd7,0x8b,0x0c,},"\x4a\xf5\xdf\xe3\xfe\xaa\xbe\x7f\x8f\xcd\x38\x30\x8e\x0b\xd3\x85\xca\xd3\x81\x1c\xbd\xc7\x9c\x94\x4e\xbf\xe3\xcd\x67\x5c\xf3\xaf\xbe\xf4\x54\x2f\x54\x29\x75\xc2\xe2\xa6\xe6\x6e\x26\xb3\x2a\xc3\xd7\xe1\x9e\xf7\x4c\x39\xfa\x2a\x61\xc5\x68\x41\xc2\xd8\x21\x2e\x2b\xd7\xfb\x49\xcf\xb2\x5c\xc3\x60\x9a\x69\x3a\x6f\x2b\x9d\x4e\x22\xe2\x09\x9f\x80\xb7\x77\xd3\xd0\x5f\x33\xba\x7d\xb3\xc5\xab\x55\x76\x6c\xeb\x1a\x13\x22\xaf\x72\x6c\x56\x55\x16\xce\x56\x63\x29\xb9\x8f\xc5\xdc\x4c\xbd\x93\xce\xfb\x62\x76\x88\xc9\x77\xaf\x93\x67\xb5\xc6\x96\x59\xe4\x3c\xb7\xee\x75\x47\x11\xd6\x65\xc0\x03\x2a\xe2\x29\x34\xf4\x4c\x71\xd3\x11\x78\xef\x3d\x98\x10\x91\x28\x74\xb6\x2f\xa5\xe4\x02\x0e\x6d\x5d\x64\x58\x18\x37\x32\xc1\x9e\x2e\x89\x68\x5e\x04\x64\xe9\x1a\x9b\x1c\x8d\x52\x51\xe2\x4e\x5f\x91\x81\x3f\x50\x19\xa7\x40\xa0\x4b\x5d\x91\xcb\xb8\x30\x9e\x51\x61\xbb\xa7\x9d\xca\xb3\x82\x39\xa0\x91\xf5\x0e\x09\x9f\xf8\x19\xe3\xa7\xb5\x20\x5f\xe9\x07\xcd\xfe\x9c\x0d\xc3\xee\x85\xe3\x2d\x7b\xcd\x3c\xe0\x26\x35\xe2\x05\x83\x88\x03\x1e\x31\x7f\xbf\x22\xab\x9f\x39\xf7\xf7\xe3\xcd\x1a\x11\xa9\xc1\xf4\x5f\x4e\x1e\x42\xd2\x53\x6c\x12\x2c\x59\x18\x37\x91\x18\x47\x10\x8c\xea\xfd\x99\x08\x13\xc2\xb6\x34\x4c\xff\xc3\x4b\xe3\x71\x61\xdd\x81\x56\x26\x90\x0e\x8f\xcb\x85\xc2\x1a\xfb\x4f\x6b\xe8\xad\x01\x51\x6a\x31\xc2\xa6\x58\x03\x15\x85\x7c\x6a\x21\x67\x35\xca\x99\x10\x09\xdb\xc2\xea\x50\x34\x16\x07\x47\xa8\x69\xd5\xca\xdb\x0b\x47\xff\xbd\x5d\x3a\xc9\x7f\xdd\x05\x26\xca\xe6\xea\xa3\x5c\xff\x7a\x16\xea\xf4\xfb\x95\x0c\xa3\x15\x11\x34\x6f\xea\x61\x41\x99\x9a\x3f\x75\x4e\x62\x81\xcf\xba\x15\xe8\xa8\x26\x93\x2c\x58\x9c\x5d\x24\x7c\x90\x9d\x94\xb4\xea\xb7\xeb\xcb\x09\x07\x76\x48\xaf\x06\x5c\x2d\x86\x61\x1e\xb5\x88\x45\x3e\xd7\xc2\x47\x80\xd7\x3c\x68\x9c\x87\x44\xaf\xd5\x33\xa8\x6d\x9e\xe9\xe3\x36\x57\x32\xcb\xd0\xc3\x51\xe4\x36\xf8\x98\xb7\x04\x32\x92\x09\x7e\x03\xe6\x08\x1a\x23\xac\x86\x5e\x19\xdc\x88\x58\x96\x9b\x99\x9d\x01\xfa\x65\xef\x20\x0c\x3f\x26\x9c\x81\x8e\x30\xb9\x36\x5e\xcc\x68\x3b\xcf\xe6\x9c\x20\x3b\x4e\x0a\xb6\xfe\x0b\xb8\x71\xe8\xec\xaa\xae\x82\xd3\xac\xd3\x5d\x5b\x50"},
+{{0x38,0xba,0x06,0x21,0x70,0x4d,0x21,0x55,0xfc,0x2f,0x78,0x55,0x51,0x96,0x57,0x5d,0xe0,0x6d,0x80,0x25,0x5c,0x35,0xe9,0xdc,0x96,0x5b,0x6f,0xe9,0x6a,0x4d,0x53,0x89,},{0x43,0x88,0xf7,0xf6,0x8a,0x9e,0xff,0xbc,0x36,0x6e,0x42,0xd9,0x07,0x01,0x56,0x04,0xda,0xce,0xd1,0x72,0x7c,0xd1,0xd8,0x9d,0x74,0xad,0xcc,0x78,0x9f,0xd7,0xe6,0xe1,},{0x42,0xbe,0xd6,0xa9,0x87,0x86,0xf6,0x64,0x71,0x5f,0x39,0xbb,0x64,0x3c,0x40,0x5a,0xe1,0x75,0x00,0x56,0x46,0x0e,0x70,0x04,0x69,0xc8,0x10,0x38,0x95,0x04,0xc5,0x1c,0xff,0xd9,0xe1,0xa9,0x4c,0x38,0xf6,0x92,0xfb,0x31,0x62,0x65,0x31,0x6d,0x8f,0x4d,0xc3,0xad,0x1c,0xdd,0x8a,0x6d,0x59,0x91,0xef,0x01,0x0c,0xd1,0x48,0x9d,0x7c,0x09,},"\xed\x4c\x26\x83\xd6\x44\xb0\x5b\x39\xb0\x48\xef\x1f\x8b\x70\x25\xf2\x80\xca\x7e\x8f\xf7\x2c\xb7\xed\xa9\x93\x29\xfb\x79\x54\xb7\x00\x40\x07\x05\x27\x5f\x20\xb8\x58\xcf\x7e\x34\x9a\x35\x10\x66\x5b\x63\x06\x09\xc5\xe2\xe6\x20\x69\x26\x3a\xb9\xc5\x5e\x41\x23\xa5\x64\xdc\xa6\x34\x8c\x8a\x01\x33\x20\x75\xe7\xa5\xbe\xc9\xc2\x0a\x03\x80\x79\x57\xfe\xfa\x91\x0e\x60\xc3\x5a\xe5\x79\x77\x8c\xe2\xce\x42\xe6\xa6\x9a\x1b\x64\x76\x81\xe4\x3e\xc4\xb6\x3b\xd5\xfb\xef\xab\xb3\x17\x12\xcb\x3d\x64\x19\xea\xd7\x8d\xd4\x1c\x8a\x92\xaa\xce\xb6\x3c\xbf\xa8\x9d\x2a\xf3\x96\x06\xde\x01\x0a\x39\x7e\x30\x20\x53\xa6\x15\xc1\x6e\x5e\x95\xad\x99\x35\xc0\x79\xa0\xb8\x10\x31\x25\x78\x94\x71\xa1\xe3\x57\x4f\x42\x9b\x29\xe4\xd2\x25\xc7\x72\x3f\xbb\x3c\xf8\x8c\xbd\x73\x82\x3d\x9f\x0b\x6c\x7d\x05\xd0\x0b\xde\xb0\xfb\x0a\xd3\xd7\x13\x20\x33\x18\x3e\x21\xf6\xc1\xe8\xd8\xe4\xc0\xa3\xe4\xf5\x2f\x50\x01\xda\x68\x71\x71\x34\x5c\x6d\xc8\xb4\x2c\x42\xa6\x0d\x1f\x1f\xfa\x8f\xe3\xe7\xbc\xec\xe5\x9a\x03\x58\x78\xf9\xd4\xd8\x11\x27\xe2\x24\x96\xa4\x9b\xfc\xf6\xbf\x8b\x46\xa8\x0b\xd5\x62\xe6\x52\x55\x07\x1f\x9d\x11\xa9\xeb\x04\x81\xf4\x62\x6d\x4d\x71\xff\xc3\x8a\xfe\x6e\x35\x8a\x4b\x28\x91\x79\xcb\xce\x97\x64\xd8\x6b\x57\xac\x0a\x0c\x82\x7e\x8f\xf0\x78\x81\x33\x06\xa1\xd5\xfa\xdd\x32\xb4\x6a\x1f\xbc\xd7\x89\xff\x87\x54\x06\x3e\xec\xfe\x45\x31\x3b\xeb\x66\x01\xc3\xa3\x01\x0e\x8e\xb9\x7c\x8e\xff\xbd\x14\x0f\x1e\x68\x83\x11\x09\x2d\x27\x3c\x4d\xef\xca\x47\xda\x6f\x1f\x08\x25\x74\x46\x76\xf9\xa2\x80\xb6\xc2\xa8\x14\xfa\x47\xfa\xbc\x19\x80\xd0\xb3\x7f\x08\x7a\x53\xca\x87\x78\xf3\x9f\xfb\x47\x4f\xf5\xf1\x17\x1b\x44\x2c\x76\xdd\x00\x8d\x92\x18\x2f\x64\x4a\x71\x4a\x0f\x01\x1e\x21\x5a\x78\xb9\x7a\xf3\x7b\x33\x52\x0e\xbf\x43\x37\x2a\x5a\xb0\xcf\x70\xdc\xc1\xdc\x2f\x99\xd9\xe4\x43\x66\x58\xf8\xe0\x7c\xdf\x0b\x9e\xa4\xdd\x62\x24\xc2\x09\xe7\x52\x1b\x98\x1e\xe3\x51\xc3\xc2\xdf\x3a\x50\x04\x05\x27\xfc\xd7\x28\x04\x17\x60\x46\x40\x5d\xb7\xf6\x73\x4e\x85\xc5\xd3\x90\xf5\x20\xb0\xc0\x8d\xcb\xfa\x98\xb8\x74\x24\x80\xd5\xe4\x6f\x9b\xe8\x93\xf6\xd6\x61\x43\x40\xf8\x16\x16\x11\xd5\x05\x3d\xf4\x1c\xe4"},
+{{0xae,0x33,0x1f,0xc2,0xa1,0x47,0x59,0xb7,0x3f,0x1c,0xd9,0x65,0xe4,0x85,0x14,0xe1,0x2b,0x29,0xf6,0x3b,0x06,0xcc,0xfc,0x0a,0xd4,0x9f,0x36,0x82,0x0e,0x57,0xec,0x72,},{0x08,0x80,0x3d,0x48,0x23,0x8e,0xda,0x3f,0x9c,0xeb,0xb6,0x28,0x53,0x01,0x21,0xde,0x00,0xf0,0xf0,0x46,0x8c,0x20,0x2d,0x88,0x52,0x8b,0x8b,0xce,0xc6,0x87,0xa9,0x03,},{0x75,0xf7,0x39,0x08,0x88,0x77,0xe0,0x6d,0xc5,0x6d,0xae,0xc8,0xf1,0xe4,0xd2,0x11,0xb7,0x54,0xe3,0xc3,0xed,0xbf,0xa7,0xed,0xa4,0x44,0xf1,0x8c,0x49,0xb6,0x9c,0x5a,0x14,0x2d,0xb4,0x5a,0x0a,0x76,0x50,0xe4,0x7d,0x10,0x55,0x0b,0xa6,0x81,0xff,0x45,0xdd,0x44,0x63,0xc4,0xac,0x48,0xbf,0x44,0xb7,0x30,0x34,0xbd,0x56,0x59,0x22,0x0e,},"\x57\x16\x00\x33\x90\xe4\xf5\x21\x65\x98\xa0\x3d\x7c\x43\x0d\xbf\x49\x5e\xe3\xa7\x55\x7b\x58\x06\x32\xba\x59\xf1\x51\x98\xb6\x18\x0a\x42\x46\x9c\x23\x7d\xb5\xbc\x81\xf2\x9c\xfa\xab\x0a\xff\x3c\x99\x66\x30\x9a\xb0\x69\x58\xc9\xd7\x12\x6a\xdd\x78\xe3\xb3\x24\x59\xff\x8a\x0e\x0b\xde\xf8\x74\xb5\x8e\x60\x83\x66\x8f\x38\xad\x7d\x63\xaa\xe1\xf1\x2e\x26\xa6\x13\x34\x8f\x9f\x03\xea\x5d\x20\x5f\x04\x5d\x78\xcc\x89\x02\xd4\x7f\x81\xe8\xb5\x22\x93\xe7\x0e\x86\xc9\x80\x3d\x4d\xac\xea\x86\xc3\xb6\x74\x58\xae\x35\x79\xbc\x11\x11\x3b\x54\x90\xbc\xf3\xe1\xcd\x4e\x79\x79\xc2\x64\xd8\x35\x16\x1f\xd5\x5e\xfe\x95\x3b\x4c\x26\x39\x5d\xd9\x2c\xa4\x93\x09\x20\xe9\x04\xfa\xdc\x08\x89\xbb\x78\x22\xb1\xdf\xc4\x45\x26\x04\x84\x0d\xf0\x24\xdb\x08\x21\xd2\xd5\xe9\x67\x85\xa5\xc3\x7d\xbf\xd2\xc3\x75\x98\x32\x83\xe9\xb5\xb4\x3a\x32\x07\xa6\xa9\xb8\x33\x94\x83\x29\xd5\xde\x41\xe4\x50\x08\xbc\xba\xd4\x93\xde\x57\x54\xdd\x83\xde\xcc\x44\x0e\x51\x66\xed\xaa\xe0\x20\x8f\x00\x0c\x5f\x6d\x9c\x37\x21\x53\x20\x9e\x5b\x75\x78\x11\x6f\x89\xcf\x2f\x8b\x10\x04\xd1\x30\x7e\xa7\x9e\xd3\x74\x80\xf3\x19\x4a\x7e\x17\x98\x3a\x23\x04\x65\xcc\xc3\x0f\xcc\x1a\x62\xd2\x80\xfb\xba\xcc\xf0\x06\xdc\x4d\xee\x0e\xa7\x96\xb8\x1a\xcc\xc6\x1a\x06\x3e\x2c\x08\x3d\xae\xc0\x39\xbd\x9a\x64\xa7\x70\x24\xaf\x82\xec\x1b\x08\x98\xa3\x15\x43\x29\xfd\xf6\x16\x73\xc3\x6e\x4c\xc8\x1f\x7a\x41\x26\xe5\x62\x90\xe4\xb4\x56\x81\x9b\xde\xbf\x48\xcb\x5a\x40\x95\x5b\xab\x29\x7c\x2b\xbc\xb0\x18\xad\xbf\x24\x82\x86\x60\xa5\xd1\x2a\x06\x13\xbf\x3c\xcb\x5e\xeb\x9a\x17\xfb\x0a\x05\x47\xdb\x8d\xa2\x4d\x2e\xfb\x87\xba\x1b\x84\x31\x42\xa7\x5e\x4c\xa0\xb0\xa3\x33\xe4\xa1\x4f\xab\x35\xa6\x26\x69\x32\x9c\xa8\x75\x3f\x01\x6a\xc7\x0c\xd9\x97\xe8\xbc\x19\xee\x44\x8a\xea\xf0\xf4\xbf\x3c\xe5\x23\x05\x50\x57\x8a\xb6\x4c\x19\x01\x94\x46\xce\x2d\x9c\x01\xa0\x3d\x88\x9a\x99\x09\x86\x0a\xef\x76\xf0\x67\xc5\x0b\x61\xc3\xd0\xf1\x2c\xc8\x68\x6f\x5c\x31\xbf\x03\x2a\x84\x10\x15\xcf\xef\xf1\xcf\xda\xe9\x4f\x6b\x21\xda\xe9\x41\xb3\x35\xdc\x82\x1f\x32\x84\xce\x31\x50\x8f\x5d\xb5\xc4\x48\xff\xaa\x37\x73\xe9\xbe\x1a\x4c\x85\xa1\xc5\x8b\x00\x9f\xa3"},
+{{0x82,0x43,0x5f,0x39,0x79,0x01,0x06,0xb3,0xaf,0x72,0xf9,0x1f,0x14,0xc9,0x28,0xd2,0x46,0x5f,0x98,0xcd,0xd1,0x00,0x84,0xc4,0xa4,0x4d,0x19,0xaf,0x71,0xa1,0x92,0x7c,},{0xc5,0x2a,0x92,0x64,0x6f,0x5a,0xdb,0x21,0xc6,0xdd,0xe0,0xde,0x58,0x78,0x68,0x37,0xf8,0xa3,0x41,0x4c,0x09,0xae,0xdf,0xc2,0x7c,0x81,0x22,0x18,0xa7,0xe7,0x23,0x9e,},{0x1d,0xaa,0x44,0xef,0x06,0xd4,0xc1,0x0d,0xdb,0x48,0x67,0x84,0x23,0xc5,0xf1,0x03,0xa1,0xb5,0x68,0xd4,0x2b,0x20,0xcc,0x64,0xaf,0x11,0x0f,0xce,0x9d,0x76,0x79,0xa2,0xde,0xe4,0x12,0xb4,0x98,0x05,0x85,0xc2,0x6c,0x32,0x0d,0xba,0xa6,0x01,0xc4,0x72,0xde,0xfc,0x3c,0x85,0x41,0x5d,0xae,0xcd,0xd6,0xd2,0xd9,0xea,0xca,0xc8,0x5e,0x07,},"\xf3\xd6\xc4\x6a\xc5\x24\x8d\x53\x86\xb6\xb6\x84\x62\x59\x7d\x64\x70\x39\xf5\x44\xbb\x01\xac\x2d\x10\x67\xda\xaa\xa3\x97\xd2\xdb\xaf\x12\x5a\x1c\xf8\xfd\xf2\x80\xa6\xaf\xec\x32\x4d\x53\x11\xf5\x43\x68\x8a\x15\x6c\x84\x98\x19\xbb\x04\x6b\x91\x1c\x42\xea\x3c\xa0\x1b\x99\x80\x8c\x4d\x1f\x3b\x8b\x15\xda\x3e\xfe\x2f\x32\x52\x3e\xc3\xb0\x9c\x84\xb4\x8c\xff\xd1\x3c\x17\xc9\xe2\x6c\x91\x2d\x9c\x3e\x93\x46\xdf\xae\x3f\xd0\xc5\x6c\x88\x58\x78\x07\x82\xf6\x1a\x4c\x4d\xbf\xff\x1e\x9c\xb4\xb3\x62\xcd\x80\x01\xf9\xcd\xfe\xb1\xa7\x20\x82\xdc\xe9\xc9\xad\xe5\x2e\xff\xc9\x74\x46\x88\xac\x0b\x86\xc8\x82\x66\xb5\x3d\x89\x5c\x17\xea\xd9\xe8\x9e\xd8\xd2\x4d\x40\x64\x2f\x3a\xd3\xb9\xbf\x9b\xbc\x4d\xda\x79\x66\xef\x83\x28\x28\x9f\xb3\x1e\x17\xc8\x1f\xd0\x28\xef\x1b\xd9\xa1\xd4\xc7\x92\xe8\x6e\xc2\xdb\xdc\xe3\xf9\x37\xee\xcc\x3e\xeb\x51\x88\xd3\x25\x94\x19\x19\xbb\xf7\x5b\x43\x88\xe2\x39\x95\x07\xa3\xd7\xfb\x38\x75\x02\xa9\x5f\x42\x1c\x85\x82\x6c\x1c\x91\x76\xc9\x23\xe3\x16\x31\x0a\x4b\xa4\x5c\x8a\x5e\xf7\x55\x7c\xf8\x7b\x77\x02\x0b\x24\xf5\xba\x2b\xfd\x12\x28\x10\x95\x66\x30\x7f\xea\x65\xec\x01\x50\x19\x69\x12\x17\xbc\xe6\x9a\xee\x16\xf7\x62\x49\xc5\x8b\xb3\xe5\x21\x71\xcf\xef\xd5\x25\x4e\x5e\x0f\x39\x71\x69\x18\x6d\xc7\xcd\x9c\x1a\x85\xc8\x10\x34\xe0\x37\x18\x3d\x6e\xa2\x2a\xee\x8b\xb7\x47\x20\xd3\x4a\xc7\xa5\xaf\x1e\x92\xfb\x81\x85\xac\xe0\x1d\x9b\xf0\xf0\xf9\x00\x61\x01\xfc\xfa\xc8\xbb\xad\x17\x1b\x43\x70\x36\xef\x16\xcd\xae\x18\x81\xfc\x32\x55\xca\x35\x9b\xba\x1e\x94\xf7\x9f\x64\x55\x55\x95\x0c\x47\x83\xba\xb0\xa9\x44\xf7\xde\x8d\xf6\x92\x58\xb6\xaf\xe2\xb5\x93\x22\x17\x19\x5d\xa2\x45\xfe\xe1\x2a\xc3\x43\x82\x4a\x0b\x64\x03\xdf\xe4\x62\xd4\x3d\x28\x8d\xb3\x1f\x99\x09\x7e\xc3\xed\xc6\xe7\x65\x47\xa3\x74\x2f\x03\xc7\x77\xef\xb1\x58\xf5\x8d\x40\x53\xfa\x6c\xc8\xd6\x8b\x19\x6a\xf4\xf9\xde\x51\x6f\xd9\xfb\x7a\x6d\x5d\x9e\xe4\xa8\x9f\x9b\x9b\xce\x1e\x4d\xee\x35\x7a\x1e\x52\xc0\x54\x4c\xfb\x35\xb7\x09\x2d\x1a\xa5\xa6\xf7\xf4\xc7\x60\x26\x10\xe9\xc0\x0e\xf5\xb8\x76\x1b\xc7\x22\x79\xba\x22\x8a\x18\xb8\x40\x0b\xd7\x6d\x5b\x2b\xfd\x7c\x3c\x04\xaa\xc4\x43\x6d\xae\x2e\x98"},
+{{0x1b,0xea,0x77,0x26,0xd9,0x12,0xc5,0x5e,0xc7,0x8b,0x0c,0x16,0x1a,0x1a,0xd3,0xc9,0xdd,0x7b,0xc3,0x29,0xf8,0x5d,0x26,0xf6,0x2b,0x92,0xe3,0x1d,0x16,0xd8,0x3b,0x48,},{0xc9,0xdd,0xb4,0x21,0x06,0xcc,0xef,0x4e,0x0e,0xf4,0x79,0x45,0x51,0xd2,0x1d,0xf9,0x4a,0x63,0x06,0x87,0x2f,0x23,0x16,0x63,0xe4,0x7e,0x24,0x1f,0x77,0xcc,0x3e,0x82,},{0xf9,0xb0,0x45,0x17,0xbd,0x4f,0xd8,0xef,0x90,0xf2,0x14,0x0f,0xc9,0x5d,0xc1,0x66,0x20,0xd1,0x60,0x2a,0xb3,0x6c,0x9b,0x16,0x5f,0xff,0x3a,0xba,0x97,0x8d,0x59,0x76,0x71,0x10,0xbb,0x4e,0x07,0xa4,0x8f,0x45,0x12,0x14,0x47,0xac,0x0c,0x1a,0xba,0xc5,0x85,0xd3,0x91,0xd4,0x04,0x20,0x41,0x89,0x86,0x28,0xa2,0xd2,0xdc,0xc2,0x51,0x0d,},"\xb1\x12\x83\xb1\xf0\xce\x54\x9e\x58\x04\x73\x0a\xc3\x20\x7a\xc0\x03\x32\xd2\xaa\xcf\x9c\x31\x0d\x38\x32\xd8\x79\xf9\x63\x4b\xd8\xa5\x8a\xdf\x19\x9e\x4b\x86\x3b\xb1\x74\x81\xd2\x8a\xcb\x2d\xa0\xe1\x55\x7b\x83\x36\xa4\x00\xf6\x29\x56\x25\x03\x1d\x09\xe4\xdf\x4d\x31\x9b\xbc\x1e\x8f\x6e\x92\x32\xd2\x30\x53\xbb\x3f\xfa\xc4\xfe\x2c\x70\xce\x30\x77\xfc\x00\x60\xa5\xcb\x46\x92\xa1\xcf\x0b\x3e\x62\xfe\x45\x48\x02\xae\x10\xb8\x3d\xed\x61\xb6\xbf\x45\x4c\xa7\x5e\x4c\xda\xd5\x53\x2f\x20\xb7\x06\x54\xf1\x2b\xa9\x06\xf0\x03\xa8\xb9\xe9\x86\xf1\x5a\x39\x41\x9d\xeb\x2e\xa1\xea\xd7\x59\x82\x90\xee\xeb\xf9\x25\x2b\x0c\x27\x60\x5a\x7a\x73\xa6\xab\xeb\xb4\x22\x71\xd7\x1a\x3c\x19\x7a\x46\xbc\xc8\xdb\x11\xd9\x24\x28\x42\xf3\x78\x36\x4a\x37\xee\xca\xa3\x4e\x98\x21\x35\xbe\x34\x18\x2c\x69\xca\x8e\x6e\x3c\x8c\x90\xe1\xb4\xb2\xb4\x75\x81\x5a\x17\x83\x77\xae\x01\x65\xa7\x64\xc8\xba\x28\x89\xb5\xab\x29\x09\x49\xd8\x48\x7a\x88\xe0\xd3\xd2\xbc\x7e\x25\x20\x17\x6a\xa6\xff\x9f\xf0\xc4\x09\xff\x80\x51\x5f\x4f\x0b\x83\xc5\xe8\x2c\x23\xfd\x33\x26\xcd\xd6\xb7\x62\x52\xe7\xfd\xdc\xd6\xe4\x77\x09\x78\xcd\x50\x3e\xd2\xd6\xb4\x80\x10\x11\x67\xd3\xf1\x91\xfe\xd8\xd6\xd7\x4d\x74\xa2\x00\x7d\xb1\x09\x2e\x46\xa2\x3d\xde\xcd\xdc\xdb\x98\x46\x64\x04\x7b\x8d\xd7\xcc\x8a\x57\x6e\x1a\x80\x6f\x52\xcb\x02\x7a\x94\x80\xa9\x5c\xc4\x4b\x1e\x6f\x2e\x28\x6e\x9b\x7a\x6b\xf7\xb3\x96\xfa\x54\x96\xb7\xa5\xb1\xc0\x3d\x9c\x5c\x27\xda\x1a\x42\x99\x0d\x10\xb1\x2f\xb8\x64\x0e\x15\x96\xf2\x6b\x36\x6d\x27\x0b\xa6\x4f\x99\xaf\xff\xe3\xfe\xce\x05\xa9\xb0\x25\x4b\x20\x8c\x79\x97\xcd\xb5\x12\xfc\x77\x52\x79\x54\xa1\xcb\x50\xfd\xab\x1c\xc9\xa4\x51\x62\x74\x1f\xd6\xf9\xd3\xfd\x5f\x2e\x38\x28\x53\xd7\x33\x5d\xba\x1e\x6b\x29\x59\xdd\x86\xe1\x25\xe6\x7b\x53\xdc\x8e\x45\x3c\x81\x0b\xc0\x1b\xf2\x0b\xce\x7b\x61\x8d\xd5\xd1\xed\x78\x41\x06\xee\x06\xa3\xec\xaf\x6b\x3b\xee\x0b\x56\x83\x3b\x0b\x81\x31\x39\xc5\xa6\x96\x00\x0a\x44\x9c\x97\x90\x6a\x2f\xbd\xdc\x2d\x9d\xe9\x40\x6e\xa2\x82\xac\x4e\xe5\xef\x8b\xf3\x85\x4c\x74\xa6\xb7\x17\x3d\xd2\xf7\x9c\x7a\x12\x6f\x3c\x7b\x04\x33\xfd\x4e\xa2\x6e\x87\x7a\x14\x83\x1d\xd4\x15\xa1\x9d"},
+{{0xd0,0x1a,0x0e,0xad,0x9d,0x69,0x48,0x33,0x28,0x3b,0x9c,0xd7,0x29,0x9a,0x7b,0xd7,0x5f,0xa9,0x0b,0x1d,0x2d,0x78,0x84,0xe4,0x55,0x7b,0x33,0xc9,0x98,0x77,0x2a,0x68,},{0xa0,0xf7,0x57,0x47,0x9b,0xa6,0x27,0xef,0xef,0x95,0xd6,0xec,0x7a,0x93,0x1d,0xfa,0xc4,0x37,0x3d,0xf3,0x3d,0xaa,0xf4,0xdd,0xc4,0xec,0x68,0x94,0xc8,0x26,0x1e,0xd7,},{0x9a,0x0f,0xf7,0xf3,0x51,0x74,0xec,0x3f,0x66,0xd2,0x2a,0x6f,0x06,0xdf,0x60,0xe0,0x9c,0x8f,0x62,0x3a,0x5a,0xca,0x81,0x0e,0x23,0xa8,0x8d,0x0e,0x6a,0x31,0xcb,0x6f,0x1c,0xe1,0xc1,0xf9,0xdc,0xcc,0x9e,0x14,0x84,0xb6,0x8d,0xd0,0x04,0xac,0x53,0x59,0x7e,0x29,0xad,0x6a,0xb7,0x2e,0x8c,0xe2,0xb7,0x5a,0xd5,0xb8,0x0e,0xb8,0x48,0x03,},"\x76\x27\x53\x4e\x9a\x83\xd1\xe4\x06\xab\x94\x8d\x30\xd1\xda\x9c\x6a\x5d\xb0\x8e\x0f\xeb\x7f\xc5\xba\x5c\xbf\x76\x84\x9e\xe8\xad\xd4\x84\x7e\xf5\xca\x5a\x0d\xae\x41\x1a\xca\x09\x74\x51\xcb\x4c\x2b\x49\x8c\x94\x70\x97\x40\x70\x07\x64\x0d\xc1\x9e\xd9\x38\xe3\xb9\x1b\xf5\x1c\x95\x81\x16\x8d\xf8\x60\xbd\x94\x75\x16\x68\xda\xbd\x72\x1d\xc7\x39\x98\x40\x0b\xe2\x0c\x9a\x56\x3d\x50\x51\xef\x70\xe3\x54\x6f\xee\x67\x33\x12\xb5\x2a\x27\x40\x41\x05\x7e\x70\x84\x8e\xb7\xc5\xa2\x16\x44\xc9\x7e\x44\x8a\xbd\x76\x40\x20\x7d\x7c\xda\xfc\xf4\x5d\xa6\xdf\x34\x94\xd3\x58\x5b\x0e\x18\xac\x5a\xc9\x08\x1c\xb7\xa4\x07\xa3\x9a\x87\x77\x05\xcb\xaf\x79\xa0\x1b\x91\x5f\x73\x6e\xb0\x25\xc5\x8b\x4b\x5d\x80\x7f\xb7\xb7\x56\x6c\x59\x69\x78\x7c\x1d\x6c\xa4\xeb\xa9\x7d\x50\x9e\xf7\xfb\x35\x50\xd2\x1d\x37\x7e\xce\xff\xcf\x0e\xb6\x68\x18\x95\xad\xbd\x24\x6e\xe7\xbf\x3c\x93\x5a\x00\x64\x78\xb8\x32\xec\xe4\x6d\xe6\x11\x8b\x17\xe4\x66\xa2\x7f\xc2\xa4\x4a\x89\x6b\xaa\xe2\x72\xf9\xec\xf0\x18\xc6\x5c\xb5\x0c\xfb\xfc\x8d\x26\x09\x94\xa1\x8a\x83\x2d\x97\x19\x28\xc4\x49\x67\x57\x24\x58\x51\x31\xc8\x71\x53\x3c\x98\x97\xd8\xf8\x0f\x9c\x04\x16\xb7\x18\x78\x6b\x10\xfe\xa8\xeb\x5b\xd8\x13\xa2\x69\xa1\xb6\x77\xb7\xa2\x50\x7a\x44\xb7\x13\xd7\x05\x08\x65\x30\x99\x5e\x59\x33\x5d\xdc\x28\x55\xe8\x47\xe4\xf4\xdb\x06\xc9\x1f\x1d\x54\x02\x3d\x8a\x10\xf6\x9f\x9e\x61\xbd\xce\x4b\x68\x6f\xb6\x17\xbd\x50\x30\xe7\x55\xca\xdb\x1f\x64\x4e\x1d\xdd\x91\x61\x9b\x96\xec\xd6\x05\xb0\x01\x98\xb9\xa6\xed\xdb\x5a\x84\xeb\xd3\x69\x2b\x66\x59\x79\x76\x66\x37\xc6\x77\x37\x8c\x1c\x77\x04\x1f\xd4\xa6\xb3\x55\x5c\x1d\xc8\xa8\x3f\xe9\x01\x3b\xb6\x10\x6c\xc1\x8a\x2b\x03\x7c\x93\x77\xb7\xa1\xa5\xa5\xd0\xdc\xc5\x49\x18\xea\xad\x7e\x32\xc8\x80\x76\x7b\x26\xfd\x2e\xa2\xd6\x8b\x04\x05\xf5\xe0\x74\xf5\x5a\x19\xd8\xa3\x9f\xfb\xb7\xdc\x32\xfa\xee\x6a\x7f\x95\x32\xae\xc8\xa0\x77\x6c\x3f\xf8\x3a\xe3\xa4\x62\x77\x38\x49\x6a\x37\x1e\xb9\xe0\x90\xb7\x4e\x0e\xdd\xec\xfc\xd4\x1b\xed\x0c\x0c\xe5\x81\x27\x52\x43\x47\x2d\x26\xda\x8c\x99\x8e\x4b\x6d\x6b\x44\xfc\x88\xba\x2a\xb5\x46\x42\x22\x54\x17\x12\x02\x94\x41\x78\x05\x74\x2b\xdb\x33\xb7\xb1\x22"},
+{{0xdf,0x64,0x89,0x40,0xb5,0x78,0xbc,0x31,0xd2,0xa6,0x52,0x96,0x5f,0x30,0x39,0x1c,0xaf,0x06,0xd5,0xf2,0x51,0x59,0x9a,0x73,0x7c,0xe1,0x0b,0xe5,0x5f,0x4a,0x9d,0x0d,},{0x27,0xde,0x92,0x04,0x19,0xc1,0x86,0xb0,0x1b,0xe5,0x42,0x79,0xfb,0x8f,0x9b,0xe4,0xbb,0x4b,0x2c,0xad,0x75,0xca,0x7e,0x8f,0x79,0x2b,0xfa,0x7b,0xb9,0x7c,0x7f,0x41,},{0x62,0xbc,0x99,0x1c,0x45,0xba,0x9b,0x26,0xbf,0x44,0x01,0x16,0x26,0x41,0x62,0xc3,0x4c,0x88,0x59,0x78,0x85,0xe9,0x60,0x50,0x83,0xc6,0x04,0xb5,0xf5,0xd8,0xfa,0x6f,0x66,0x2b,0xa2,0x14,0xf7,0x6e,0x6c,0xf8,0x4e,0x5e,0xc0,0x4d,0xf1,0xbe,0xef,0xc5,0xf2,0x5d,0x3a,0x3b,0x72,0xf9,0x8b,0x50,0x69,0x83,0x19,0x16,0xa6,0x32,0x96,0x01,},"\x1a\xe5\x20\xbe\xeb\x4a\xd0\x72\x2b\x43\x06\x7f\xa7\xcd\x28\x74\xab\xcf\x34\xdd\x92\x37\xb4\x47\x8e\xae\x97\x72\xae\xa2\x97\xa6\x7f\xb7\x9b\x33\x07\x02\x04\xba\xee\x44\x0b\x9c\x87\xe2\xfb\xcb\xeb\x76\x80\x1d\xdd\xea\x5e\x45\x30\xd8\x9e\x11\x58\x31\x79\x93\x9a\x00\xa3\x2f\x81\x13\x32\xc5\x22\x91\xcc\x7a\xc9\x1e\x5a\x97\x0c\xd5\xaa\x70\x8b\x1d\xa2\x6b\xe9\xfe\x43\x2a\x9b\xbd\xa1\x31\x9e\x31\xe4\xbc\xc9\xf1\x66\x6a\x05\xb5\xc0\x5b\x87\x6b\xfd\x1f\x76\x66\x87\xcc\xea\x4e\x44\x82\xe9\x24\x32\x9a\xfa\xce\x5e\xe5\x2e\x98\x79\xfd\x69\xb7\x6e\x0f\x7e\x45\x2e\xc4\x71\x3b\xff\x21\x6d\x00\xc8\x25\x99\xd2\x7c\xa4\x81\xf7\x3a\xae\x13\x6f\x08\x75\xc8\x8a\x66\xb1\xb6\xf3\x4c\x50\x52\x3a\xb6\x02\xe9\xd4\xeb\xb7\xee\xb9\xe0\x43\xa6\x5e\x41\x89\x9d\x79\x75\x2a\x27\x9d\x2e\xd4\x69\x93\x92\x6f\x36\x21\xe7\xc3\x2c\x9a\x9b\x3b\x59\xd8\xdd\x57\xbe\xca\x39\x28\x54\x34\xde\x99\x1c\xbd\x2d\xfc\xbc\x5c\xa6\x2a\x77\x79\xf4\x75\xd0\xce\xf2\xf3\xe5\x62\xf2\x9a\xcd\x47\x4f\x3c\x99\xec\x5b\xd8\xde\x01\x10\x1b\xed\x2e\x0c\x9b\x60\xe2\xd7\x0f\xd4\x32\xc8\x92\xfc\x66\xf8\xd4\x61\x9a\x91\x1b\x56\x25\x16\x3e\x9a\x42\xbf\x9e\xa3\x85\x86\xd8\xe7\x64\x00\x15\x64\xd3\x35\x41\x12\x25\xfc\xb0\xa0\x6d\xc2\xa8\x2d\xa0\x77\x9a\x3c\x44\x4e\xb7\x86\x42\x01\xb4\x3e\xbb\x72\xb9\x21\xf3\x4d\x3c\x13\x08\x9d\xf2\xf4\xfa\xc3\x66\xff\x1e\x3c\x0b\x96\xf9\x3d\x2b\x4d\x72\x6a\x5c\xe4\xd6\x91\x6d\x82\xc7\x8b\xe3\x54\xa1\x23\x0c\x2c\xf0\x41\x8c\x78\xa1\x91\x3e\x45\x4f\x64\x8c\xc9\x2c\x8d\xd0\xe1\x84\x64\x5f\xe3\x78\x1d\x26\x3c\xff\x69\xf5\xc6\x0b\x1e\xbb\x52\x00\x5a\x8b\x78\xa5\x15\xc7\xe8\x88\x6f\xfe\x05\x4d\xab\x42\x8e\x2e\x22\x1d\x9d\x76\xaf\xf4\x26\x54\x16\x8d\x83\x3b\x88\x17\x82\x93\xe1\xfe\xdd\x15\xd4\x6c\xd6\x09\x48\x31\x29\xc4\xd2\xd8\x44\x32\xa9\x9d\x31\xff\xe9\xbd\xb5\x66\xf8\xc7\x5c\xe6\x5e\x18\x28\x8e\x4d\xf8\xc1\x67\x31\xa0\xf3\xfd\xde\x1c\xca\x6d\x8e\xde\x04\x35\xff\x74\x36\xca\x17\xd0\xae\xb8\x8e\x98\xe8\x06\x5c\xbc\xbf\xd0\xff\x83\x04\x3a\x35\x7c\xd1\xb0\x82\xd1\x70\x3d\x46\x18\x81\x87\x2c\xdf\x74\x1e\x4f\x99\xbd\x14\x67\x45\xba\x70\x39\x74\xbe\x40\xf5\x79\xbf\x5c\x4d\xba\x5b\xdb\x8c\x94\x1b\xce"},
+{{0xc8,0xac,0x23,0x45,0x58,0xaa,0x69,0x81,0x6b,0x36,0x8b,0x77,0xb7,0xcc,0xcb,0x5c,0x8d,0x2a,0x33,0xec,0x53,0xae,0xef,0x2c,0xe2,0x28,0x71,0x43,0xbd,0x98,0xc1,0x75,},{0x53,0x64,0xba,0xf1,0xfd,0xb2,0xc6,0x38,0x40,0xb3,0x0d,0x40,0x31,0xcf,0x83,0xa2,0xe1,0x8e,0x62,0x07,0x93,0xba,0xe5,0x9d,0x10,0x35,0xc0,0xed,0xe5,0x5e,0x52,0x8b,},{0x32,0x25,0x03,0x61,0xdf,0x6e,0xd2,0x83,0x48,0x5f,0x95,0xf3,0xd3,0x57,0xa4,0xf1,0xc3,0x3a,0x8c,0xf9,0x16,0x58,0x32,0x7c,0xd4,0x53,0xd4,0x9c,0x95,0x36,0x65,0x51,0x08,0x70,0xaa,0x45,0x4c,0xfa,0x3b,0x83,0x24,0x52,0x20,0xa8,0x27,0xd0,0xec,0x74,0x77,0xf9,0xec,0xeb,0x79,0xc4,0xa2,0x9f,0x30,0x1f,0x95,0x3c,0xc8,0xca,0xac,0x07,},"\xce\x48\x8d\x26\x97\x5c\x1c\x93\x28\xb4\x7f\xa9\x2e\x19\x56\x13\x30\x04\x1b\x23\xa0\xe5\x7a\x4b\x8b\xca\x89\xeb\x5f\x61\x5e\x73\xdd\x7f\xae\x69\xc2\x38\x0e\x32\x12\xf9\xb7\x33\x41\xc3\x56\xdb\x75\xa6\x25\x6d\x7a\x20\xa9\x7f\x75\x9d\x4c\xba\x71\x97\x17\x8e\xa7\x24\xdd\x93\x29\x49\x36\x0e\x96\xc5\x0a\x4b\x3b\xa5\x5a\x95\x33\x72\xc3\x97\xb0\x96\x9c\x2b\x14\xd3\x60\x9e\x0a\x85\x2d\x48\x4d\xf7\x0e\xaa\xb1\x12\x49\xeb\xeb\x32\x37\x92\x1f\x0a\x39\xa5\x5d\x7d\xcc\xfe\xf2\x05\xd9\x4e\xc8\x0d\x9e\x1f\xd6\xa2\xc1\xef\xd2\x98\x44\x10\x1d\xfe\x2c\x5f\x66\x8a\xdb\x79\x75\x91\x5d\xed\xd0\x86\x50\x0c\xee\x2c\x1e\x23\x3e\x8e\x48\x85\x5c\xc1\xa6\xf2\x87\xd6\x3d\xce\x10\xad\xdd\x13\xca\xc7\xb7\xa1\x87\xef\xe4\x7e\x12\xd1\xc3\x5b\xb3\x97\x40\x52\xb2\x3a\x73\x66\x8d\x3e\x4c\x87\xdb\x48\x41\xaf\x84\x6e\x80\x86\x72\xc4\x3d\x0a\x15\x22\xe2\x96\x5f\x08\x39\x51\xb2\xb2\xb0\xc4\x09\x54\x8e\xe6\x18\x2f\x0c\x98\x50\x51\x4c\x9e\x6c\x10\x2f\x54\xba\x41\x24\xc9\x2a\x90\x27\x4f\x40\x58\x91\xe6\x62\xf5\xeb\xb3\x77\x1b\x85\x78\x31\x56\xe9\xe5\x83\x67\x34\xd0\x9d\x1b\xaf\x5b\x21\x34\xc9\x31\x62\xee\xc4\xbe\x03\xbd\x12\xf6\x03\xcd\x27\xbe\x8b\x76\xac\xcc\x6e\x8b\x8b\xac\x02\x0c\xba\x34\x79\x65\x1c\x9f\xfa\x53\xce\x4e\xb7\x7a\x77\x31\x3b\xc1\x26\x5d\xda\xb8\x03\xef\x7a\x65\x63\xba\x6f\x79\x9d\x1e\xf3\x0e\xf5\xa0\xb4\x12\x96\x5f\xda\xc0\xb9\xda\xb8\x42\xc7\x8e\xe2\xcc\x62\x8e\x3d\x7d\x40\x61\xe3\x4e\xde\x37\x97\xe1\x54\xb0\x6e\x8c\x66\xce\xbd\xf2\xde\xd0\xf8\x1b\x60\xf9\xf5\xcd\xda\x67\x5a\x43\x52\x77\xba\x15\x24\x55\x7e\x67\xf5\xce\xfa\xfc\xe9\x29\x29\x1d\xce\x89\xec\xb0\x8a\x17\xb6\x7a\x60\xc5\x82\xb4\x87\xbf\x2f\x61\x69\x62\x66\x15\xf3\xc2\xfe\x3b\x67\x38\x8b\x71\x3d\x35\xb9\x06\x66\x69\x96\x0d\xe4\xdb\x41\x3c\xd8\x52\x8e\xe5\x6e\xd1\x73\xe9\x76\xa3\xc9\x74\xac\x63\x3a\x71\x34\xcc\xe3\x83\x19\x73\x5f\x85\x7b\x7d\x71\xba\x07\xf4\x77\xef\x85\x84\x8a\xa8\xf3\x9e\x11\x81\x18\x77\x9e\xd8\x7b\x4f\x42\xaa\x35\x8a\x89\xf7\xec\x84\x4a\x45\x1e\x7e\x8f\xc0\xaf\x41\x8b\x85\xbc\x9b\xf2\xf2\x6d\x1e\xa1\x37\xd3\x35\xec\x7e\xe7\x57\xb7\x0a\xe2\xfd\xd9\xcc\x13\x49\x32\xf0\xe5\x42\x5b\xf3\x7f\xb9\x15\xe7\x9e"},
+{{0x2c,0x47,0xf2,0xb8,0xb9,0xd2,0xce,0xe9,0xe6,0xf6,0x54,0xbc,0x24,0x65,0x8f,0x9e,0xaf,0x43,0x9c,0x23,0xbe,0xaa,0x0a,0x79,0xbf,0x35,0xcc,0x8c,0xd2,0xde,0xba,0xf4,},{0x44,0x4a,0xf2,0xf3,0x4f,0xd3,0x2e,0x5a,0x19,0xf6,0x1f,0x87,0xd0,0x3e,0x10,0x76,0x27,0xa3,0xee,0xb8,0xbd,0x94,0xd2,0xfa,0xea,0xa3,0x48,0xb0,0x5d,0xea,0x19,0x80,},{0x85,0x54,0xb0,0x1d,0x09,0xed,0x86,0xe6,0x13,0x95,0xb9,0x1a,0x2b,0x1e,0xe1,0x87,0x15,0xc4,0x2f,0x9c,0x7e,0x7f,0x07,0x00,0xd7,0x9f,0xf9,0xfb,0x57,0x81,0x29,0x3d,0x61,0xc5,0x58,0xdd,0x5b,0x43,0x1c,0x93,0x71,0x8d,0xcc,0x0f,0x98,0xfb,0x65,0x2b,0x59,0x6f,0x18,0xc3,0x0f,0x82,0x21,0x5e,0x8e,0x63,0xe4,0xf6,0x56,0x8c,0x88,0x00,},"\x04\x4c\x8f\xaa\x8c\x8a\xaf\x9f\x2b\x81\x86\xa6\xb9\xb3\x38\x47\xec\x7b\x45\x24\x23\xb2\x2a\x91\x74\x3d\x2e\x59\x7e\xcc\x1e\x1e\x22\xae\x60\x05\x3e\x9e\xe6\x23\x3b\x04\x4e\x77\x59\x20\xe4\xe3\xd6\x67\x19\x90\x13\x25\xcf\xdd\x39\xbb\x53\x2f\x8a\xa4\x69\xaa\xb4\x2e\x96\x08\xc2\x12\x60\xc0\x4c\x27\x41\x3a\x7a\x94\xe4\x66\xf6\x3c\x49\x52\xe9\x0e\xf9\x0c\x12\x81\x4b\x34\x51\xb1\xca\xd7\xda\x91\x47\xf8\x40\x92\x20\xf6\x49\x8c\xc0\xa6\x7f\xef\x4b\xc0\x4f\xc0\x6e\x1d\x89\x8a\x55\x15\x59\x1e\x8b\xe0\xc4\x3d\x75\xa6\xfe\x42\x5b\x7c\xbe\xfb\x1b\x91\xb1\xbd\x78\xb5\xbe\xc7\x82\x90\x56\x98\x2e\xfd\xc5\xbe\x24\xaf\x66\x78\x00\x6a\xdc\x6f\x04\x46\x20\x2e\x7e\xc3\xa2\xd6\x97\x9c\xb0\xdf\x7e\x25\xd7\x42\x33\x91\x4d\x9c\x58\xb8\x1c\xf5\x5b\xe0\x69\x67\xd3\xa5\x95\xc1\xb9\x67\x28\x69\x99\x4c\xfb\xa6\x71\x62\x83\x3a\x21\x43\xaa\x91\xcc\x93\xac\xda\xfa\x5b\x45\x20\x8d\xf3\xe8\x8c\xcc\x01\xa2\xa4\xd2\x20\xe3\x60\x09\x8d\x91\x54\xd2\x25\xa7\xca\x5f\x2f\x1e\x52\xb1\x00\x3d\x10\x66\x50\xa7\x7b\x28\x3b\x95\xe4\xba\xf1\xe7\x33\x6f\xa9\xa7\x47\xa2\xb3\x82\x3d\x36\x09\x10\x41\x2e\x76\xdb\x72\x5c\xe1\xab\x1e\x1d\x18\x9d\x0d\x3a\xbe\xf8\x2d\x76\x66\xbc\xf1\xb7\x66\x69\xe0\x64\x3b\x44\xf7\x4e\x90\xce\xaf\xa0\xc8\x37\x1b\x57\xc5\x8f\x3b\x37\x0a\x54\x7c\x60\x95\x8f\x0f\xcf\x46\x1b\x31\x50\xf8\x48\xc4\x70\xfa\x07\xe2\x9b\xf5\xf0\xd4\xb5\x9e\xfa\x5a\xb0\xd0\x34\x1e\x04\x51\xd0\xab\xb2\x9d\x74\x14\xcd\xdc\x46\xcc\x6d\x74\xcf\x3d\xc2\x33\xd0\xd1\x70\x73\x87\xbd\x8c\x77\x80\xff\x78\xe5\x46\xfb\x77\x29\x4d\x58\xa5\xdd\xa5\xf0\x5c\x12\x97\xe3\xd1\x77\x11\x56\xd2\x85\x63\x5b\xf7\xec\xed\xb3\x8a\x9e\x5e\x77\x44\x98\x04\xf3\x89\x9e\xa4\x6a\x50\x26\x6b\x25\x5a\xeb\x52\xd1\x8e\x0f\xa1\x36\xe5\x35\xcc\x90\x26\xf6\x78\x55\x2f\xa3\xee\x21\x46\x08\x1d\x99\x96\x85\xe2\x4b\xf7\x80\x7c\xc4\x7c\x13\x04\x36\xc5\x44\xd3\x5b\x4b\x87\x5b\xd8\xaf\xa3\x12\xce\x3a\xe1\x7c\xf1\xc7\xf5\xea\x1e\xce\xcb\x50\xf9\x53\x44\x72\x0c\xec\xf0\x88\x43\x4f\xf8\xe0\xba\x04\x4e\xc1\x9c\x98\xad\xa7\x78\x21\x16\x30\x4c\xbe\xac\x1c\x3e\x35\xf5\xa4\xf4\x43\x13\x35\x4d\xc9\xa4\x0e\xce\x5a\x0f\x9a\xd3\xa2\x02\x5a\xce\xf2\x62\xc5\x67\x9d\x64"},
+{{0x88,0x7f,0xdb,0x48,0x70,0x68,0x1d,0x4f,0xb0,0x6a,0x93,0x62,0x59,0xf7,0x5c,0xae,0x05,0x17,0xf5,0x01,0xaf,0x64,0x6b,0xc0,0x7a,0x4d,0x72,0xbe,0xe7,0xfb,0x1c,0x73,},{0xc7,0x62,0xeb,0xd4,0x8b,0x2c,0xe0,0x2d,0x06,0x38,0x4e,0x38,0x55,0x4b,0x82,0x5a,0xd3,0x22,0xeb,0xea,0x74,0xd2,0x59,0xdf,0x15,0x47,0xa4,0xd5,0x47,0xce,0x00,0x24,},{0x41,0x0a,0x5a,0xf3,0xc5,0x9b,0x7c,0x6b,0xdb,0x21,0x4b,0x16,0x6c,0xb7,0x9d,0x96,0xf8,0x30,0xcf,0x98,0xbf,0x52,0xda,0xd7,0xb6,0xff,0x29,0x79,0xc9,0x7f,0xea,0x4f,0xed,0x5e,0xf7,0xd3,0xd4,0x9f,0x03,0x09,0x72,0x79,0xb9,0xa0,0x99,0x22,0x6e,0x2a,0x08,0xdd,0x30,0xc6,0x07,0x86,0x25,0x4e,0x2d,0xa8,0xde,0xe2,0x40,0xbf,0xc3,0x08,},"\xc5\xdc\x77\x9f\x3f\x3f\xac\x06\xdd\x28\xe5\xa6\x7e\x0e\x52\x4a\xf5\xb5\xdc\x3b\x34\x40\x96\x57\xb6\x3d\xfa\xce\x94\x71\xe9\xa4\x1e\x11\x32\x17\x5a\x0b\x56\x9c\x8f\xea\x9d\x2e\xef\x2c\xf5\xd5\x96\x2c\x7e\x0b\x61\x45\xa9\xe7\xa0\xc1\xaa\x33\x77\x20\x44\xf9\xc3\x99\x8c\x5a\x8c\x48\x86\x45\x8b\x4e\x58\x6f\x93\x07\x60\x83\x61\xf5\x11\xe7\xab\x50\x92\xac\x41\xec\x76\xe0\x58\x6e\xf5\xb9\xc2\x36\xfc\xf5\xca\x2f\xc8\xdd\x6a\xae\xb7\x89\x36\x7f\x2e\x7c\x99\x09\x32\x55\x5d\xc5\x22\x61\xe4\x4e\x49\x42\x34\x98\xb5\x24\x41\x91\x83\xb6\xc1\xf1\xd4\x2c\x45\x46\x4e\xcc\xb0\xc2\xf7\xe2\x51\x77\xfe\x5c\xd4\x63\x50\x2b\x40\x3e\x06\xd5\x11\xfc\xf9\xdc\xb6\x40\x12\xe0\xf2\x0b\x34\xc2\xea\x7c\x00\x4d\x9e\x48\x4a\x7e\xd8\x1f\x32\x60\xc4\x1c\x8b\x19\x53\x52\x9f\x47\xf7\x1e\x86\x78\x43\xcc\x3c\x33\x2a\xd0\x36\x6a\x63\x81\x7e\xd1\x2d\xd4\x73\x0d\x3d\xfd\xbd\x75\x72\xb9\xff\x79\x80\x45\x94\x0d\xd1\x9f\xad\x0c\x8a\xea\x0b\x4a\xb6\x1c\x40\x16\xde\x32\x79\x9c\x73\xaa\x2b\x92\xd2\xc2\x5e\xe9\xb7\x2d\x46\xfe\x8f\x06\x93\xc5\x87\x75\xef\xb0\x5e\x9e\x17\xa5\xc3\x46\xa8\x12\x65\xd3\x5b\xe6\x9a\x22\xd0\x95\xde\x18\x60\x66\xa5\xc6\xd8\xc0\x7a\x3d\x38\xd0\x02\xa1\x0e\x5e\xfd\xb8\x66\xda\x4a\x9b\xdd\x54\xf5\x09\x26\x61\xb6\xc2\xd7\x43\xf5\xae\xaa\x4c\x6c\x31\x8f\xb5\x93\x23\x90\x30\x57\xe4\x9c\x23\x7b\x45\xf6\x75\x42\xa4\xf2\x7c\xaf\x65\xb5\x7c\xfc\xf8\x8b\x71\x20\x3d\x43\xd7\xf9\x53\x22\x16\x0f\x95\xc2\x32\xdd\x10\xab\xb1\x13\xb7\x21\xdd\xba\x22\x26\xb0\x63\x22\x9b\xb4\x41\x02\x33\x6b\x10\xbf\x16\x56\x55\x11\x61\x24\x97\x86\xd4\x54\xf4\xe0\x90\x9d\x50\x00\x17\xf6\xc7\x56\x4f\x73\x3c\x83\x1a\xf4\xe5\xec\x94\xdf\xd3\xbf\x8f\xf5\xf3\x02\x1b\x70\xa5\xca\x5d\x28\xc6\xdf\xb8\xa2\xc1\x8a\x1a\x66\x2a\x33\x35\x9f\x26\x4d\x16\x96\x98\xc1\xab\x55\x78\x3f\xac\xa7\x3b\xd6\x8c\x0f\x79\xd1\xd0\x4a\xe0\xec\xdb\x52\xae\x76\x18\x92\xc0\x24\x93\xff\x35\xf3\xd8\x4f\x66\xe2\x36\xfc\x58\x13\x4a\xd6\xa7\x7d\x92\x25\x49\x05\xd7\x73\x90\x0d\x9d\xdf\x26\x54\xc7\x0b\x46\xf3\x41\xda\xcb\x47\x93\xca\x51\xee\xde\x45\x53\x3e\xae\xeb\x6e\x33\x23\xbc\x3e\x6c\x85\xa7\x94\x06\x51\xc4\xf6\xf9\x81\x91\xc6\x18\xc8\x91\xea\x4e\x22\x0e\xa4"},
+{{0x88,0xb3,0xb4,0x63,0xdf,0xc3,0x0d,0x01,0x5e,0xef,0xbb,0xbd,0xd5,0x0e,0x24,0xa1,0xf7,0x27,0x77,0x75,0xbc,0xef,0x14,0xa6,0xbe,0x6b,0x73,0xc8,0xc5,0xc7,0x30,0x3e,},{0xf2,0xb6,0x28,0x4c,0x93,0x0d,0x4a,0xd3,0x2d,0x0a,0xc7,0x19,0x04,0x0e,0xe7,0x88,0x6b,0x34,0x72,0x2e,0xdf,0x53,0xda,0x80,0x1a,0xcb,0x5f,0x93,0x19,0x69,0xe1,0x19,},{0x82,0x5a,0xff,0x71,0xf7,0x93,0x03,0xbf,0x45,0x92,0xbd,0x8d,0xa4,0xd7,0xd9,0x43,0x7f,0xf2,0x67,0x97,0x6f,0x74,0x64,0x37,0x65,0x59,0x88,0xdd,0xcf,0x29,0x37,0x94,0x65,0xa3,0xb4,0x8c,0x9f,0xb0,0xf3,0x1c,0xef,0x03,0xe6,0x36,0x88,0x61,0xc3,0x69,0xb4,0x36,0x4f,0xb8,0xe4,0xb0,0xc7,0x2e,0x26,0xa9,0xa9,0xdd,0xed,0x1c,0x25,0x04,},"\x17\xc3\x17\xfa\x6b\xc9\x0c\x55\x32\x32\x8f\x02\xcc\xfb\x6c\x09\x9e\x6f\xe1\x00\x01\x74\xf2\xaf\x3a\x3a\x93\x09\x42\x85\x06\x71\x7c\x5c\x43\x35\xbd\xd7\xc3\x67\xff\x4e\x44\x8a\x9c\x04\x75\x03\xaf\xba\x68\xfd\x8f\x79\x87\x23\x7b\xe7\xf7\xfb\xdc\x6d\x73\xf2\x4c\x64\x21\xca\xb4\x22\xb3\xfb\x25\xf6\x7b\x2d\x71\x04\x2e\x71\x57\x0d\xf2\xaf\x37\xbf\xe5\xc1\x14\x21\x1f\xd5\x52\x4b\x6c\x1c\x6c\xc5\x2f\xab\xc3\xcd\x7f\xb4\x64\xcd\x58\x0b\xb7\x40\x71\xcb\x30\x0f\x8c\x9f\x8a\x46\x20\x8e\x5a\xa5\xdd\xfe\xa5\xfe\x90\x69\x7a\xa2\xf1\x4c\x60\x79\x50\xc9\x8f\x23\x12\xa9\xe1\x6e\xf6\x34\x6a\x8f\xd1\x29\x23\x27\x33\x82\x7e\x15\x01\xa6\x60\xc7\x7c\x29\xc5\x6d\x2f\xdd\x1c\x55\x97\xf8\xbc\x89\xaa\xef\xe3\x71\x37\x34\xfe\x82\x85\x82\x01\x89\x1a\x11\x47\xef\xaf\x1d\x78\xa4\x71\xf9\x20\xde\xfc\x88\x03\x44\x55\x3e\xb7\x16\xcc\xe3\x26\x0e\x86\xa1\xbc\x0b\xe2\x83\x73\xa6\xa0\x66\x11\x6e\x8e\xcb\x10\xa0\xc4\xa7\x0c\xa2\xb5\x36\x4e\x11\x9f\x84\xae\xc6\x0d\xec\xed\x3a\x4e\xff\x1f\xe6\x88\xc5\xe3\xe2\x51\x47\x0a\xb5\x16\xfa\x96\x4a\x4b\x6f\x28\x36\x8d\xd1\xe2\x83\x59\x79\x34\x06\x4d\xc0\xc5\xb5\x69\x10\x62\xcb\x2e\x26\x7b\xd1\x5f\xd4\x22\xbc\xfe\xfb\x83\xcc\xef\x7a\xa9\xa2\x27\x5e\xf5\x7e\x47\x31\x49\x98\x8c\x15\x78\xfd\x18\x70\x8d\x2f\xf6\x9f\x8e\x59\x80\xaa\x82\x6a\x82\xca\xb7\xd8\xb9\x2b\xb5\x3b\xdd\x46\xdb\x04\x6e\xcd\xfc\x8c\xd7\xae\x5c\xe4\x4f\x3c\x5b\x8c\x05\x65\xb5\xd3\xc0\x72\xc7\x6b\x95\xce\x90\x0a\xc3\xee\x55\x10\xdb\x0e\x75\xd3\xa4\x15\x0a\x98\xf3\xcc\xcc\xc6\x9e\x93\x0c\x6b\xa7\x41\xdb\xb0\xeb\x9f\xb3\x19\x68\x71\xba\x20\x6a\x58\xe0\xda\xe3\x9c\x8d\x6b\xb7\x2a\x82\x39\x9c\x4b\x7b\x9d\xa3\x85\x77\xac\x17\xff\x15\x24\xd6\x53\xc0\xbf\x33\x67\x93\x23\xca\x7e\xef\x4e\x92\x28\x72\x90\x31\x56\x0e\xd8\xf2\xe5\x19\x3c\x64\x0b\x2f\x5e\x60\x80\x75\xa2\xed\x61\x42\x8d\xfc\xcd\xc0\x00\x50\xba\x4b\x99\xed\x6d\x15\x36\xd5\xac\x1e\x93\x96\x74\xb4\x1d\x16\x31\x2a\xe5\xb0\x7d\xef\x1b\xf5\x35\x89\xbe\xd4\x40\x06\x02\xee\x11\xb8\x50\x33\x0f\x38\xaa\xd3\x3e\xf0\x41\x70\xa3\x90\x5c\x28\xb5\x0e\xcc\x57\xdc\xcf\x4f\x29\xd0\xc0\x0f\x71\x3d\x32\xff\xc8\x57\x95\x65\x88\xa6\x32\x6b\x95\x49\xed\xb0\xe4\xfe\x61\x85"},
+{{0x42,0x7d,0x6e,0x42,0x39,0x17,0x89,0x68,0x31,0x60,0x1b,0x8f,0x4e,0x21,0x56,0x1d,0xb6,0x10,0x85,0x71,0xbe,0x00,0x9e,0x29,0xdc,0xa4,0x9a,0x59,0x60,0xff,0x31,0x4b,},{0x8d,0x9e,0x63,0x60,0xfd,0xef,0x24,0x99,0x75,0xdf,0x27,0xb3,0x10,0x6a,0x71,0x12,0x05,0x87,0x72,0x2d,0xf3,0x27,0x0a,0x85,0xa1,0x3a,0x8c,0x3b,0xb8,0xc9,0x80,0x9e,},{0xd1,0xc9,0xa0,0x1c,0x56,0xe3,0x39,0x60,0xf4,0x9d,0xf3,0x7e,0xab,0x96,0x3b,0xc5,0xa9,0x9f,0x25,0xc6,0x00,0x44,0x6c,0xe2,0xca,0x48,0xd9,0x13,0x9d,0xa5,0x73,0x3b,0x71,0x8f,0xbf,0x1a,0x98,0x73,0x93,0xf6,0xe5,0x82,0x3c,0x2d,0x13,0x0c,0x7c,0xe6,0x0e,0xa3,0xdb,0x35,0x43,0xc8,0x85,0x4e,0xf1,0x2b,0x98,0xd3,0x3a,0xdd,0xe7,0x05,},"\x9c\x2c\xc7\xf2\x46\x2e\x09\xc4\xc5\x8c\x27\x09\xab\x42\x59\x88\x5a\x4e\x88\x7d\x9f\xa5\x31\x88\x15\x05\xaa\xf2\x03\xc1\x63\xfb\x3a\x0d\xc0\x28\xf4\xad\xa6\x06\x70\x63\x8d\x4a\x97\x27\xa3\x90\x83\xbe\xdb\xac\xed\x58\xed\xb7\x79\xe1\xce\x6c\xcd\xfb\x42\x8c\x36\x2b\xb1\xdb\x0c\x10\x53\x00\x6b\xd8\xf4\xbe\xf8\x9a\x1a\x9d\xe0\x1c\x77\x4e\x35\x7f\x91\x0e\x5c\x39\xb2\x24\x77\x55\x5e\x5f\x7c\x04\x98\xb5\xb2\x8f\x36\x9e\x5d\x3f\xa4\x2a\xb3\x60\xe4\xf4\x51\xc6\x9f\x81\xba\x0f\x3c\xce\xd4\x3a\x55\x9d\xb6\x00\x10\x42\x78\xf8\x68\x79\x6b\x2c\x91\x1b\x3b\x03\x2b\x72\x9f\x4b\x22\xac\x14\x9d\xc4\x67\xa0\xca\xe4\x8d\x19\xe9\xd9\x85\xb4\x2b\x62\x54\x9d\xe1\x71\xff\x56\x6e\x1d\x1e\x9b\xb8\xe5\x6c\xfd\x1a\xe8\xf7\xbd\xdc\xfd\x8a\x23\x41\x82\x7d\xbe\x89\xc8\x82\xab\x3e\x49\x83\x39\xff\x68\x1c\x7d\xc1\x10\x4d\xe7\x38\xb4\x80\x31\x69\x43\x10\x9f\x70\x3d\x47\x1a\xb8\x6e\x4c\xa4\x28\x7e\x4c\xd7\x4c\x31\x2f\xf7\xd0\x37\x39\x56\x06\xfb\x25\xf8\x71\xe7\x27\x70\x78\xa7\x87\xd0\x2f\x31\xcc\x9e\x81\x5b\xe8\x60\x0a\x7c\x47\xc6\xfd\xd8\x23\x31\xae\x9c\x49\x6a\x54\x7b\xdb\x23\x5b\x8a\x56\xd5\x32\x59\xe6\x29\x61\x24\xa3\x2c\x3b\x62\x5d\x20\x24\x19\xd0\x64\xb9\xa4\xe8\x3e\xfa\x87\xf1\x35\x37\xb4\xf5\x13\xb9\x16\xa8\x4f\xc8\x66\xd8\xa8\x99\x80\x4c\x78\x33\xea\xa0\x19\xe0\xd7\xe0\xe8\x07\x5b\xd6\xb5\xcb\x6f\xfc\x76\x64\x79\xf3\xf6\xe2\x0e\x48\x1e\x6a\xb2\x7b\xd8\x08\xad\x90\x6c\xdc\xc7\x82\x74\x30\xe3\x12\xf7\x40\xf2\x75\xdd\xf5\x1d\xd8\x32\x48\xfa\x05\x7c\x43\xc9\xcb\x77\x55\x7b\x2f\xd9\xc2\xd5\x28\x24\xff\x9e\x14\x6d\xea\xc1\xe6\x69\x1d\x45\x02\x13\xbc\x59\x0a\x49\xbe\xc7\x2d\x52\xe3\x8f\x6b\x4d\xc6\xcc\xa9\x51\xee\xf2\x18\x4d\x24\x25\x03\x1a\xd5\x9b\x24\x2e\xff\xa6\x8b\x6c\x72\xc5\x4c\x9d\xfd\xb4\x19\xc0\x2e\xb4\x3e\xf3\xf3\x4d\x33\x8d\x2a\x9d\xd0\x3a\x78\xcf\xdd\x01\x40\x98\xe2\x49\x25\x9e\x77\x28\x2e\x0c\x3f\xc1\x01\x0b\x02\xa6\x7f\xf8\x51\xe9\xcf\xd9\x74\x9c\x1c\xd8\xf0\x6c\xf4\x62\xe6\xad\xe9\x95\xac\x46\x6f\xab\x5c\x79\x5e\x9e\xff\x13\xe5\x5b\x43\x50\xb9\x4c\x73\x16\xaa\x49\x8d\xf9\xfd\xee\x99\x58\x04\x77\x93\xe3\xbb\xb8\x9f\xb8\x1d\xa8\x5f\x4b\x9d\x43\xe4\xb0\xd4\x3b\x38\x1b\x94\xcd\xc9\xa9\x9d\x06"},
+{{0xbe,0x93,0x52,0x09,0xf6,0x2d,0xea,0x60,0x12,0xec,0xda,0x6a,0x61,0x56,0xcd,0x16,0x6a,0x4d,0x76,0x11,0x50,0xde,0xed,0x45,0x68,0x16,0xea,0xf0,0xce,0x78,0xa7,0xf6,},{0xd3,0x9a,0x89,0xaf,0x72,0x29,0x39,0x48,0xb1,0x34,0x21,0xfb,0x88,0x3b,0xbe,0x37,0x2a,0xf9,0x08,0x9c,0x22,0x4d,0x42,0xb9,0x01,0x97,0x9f,0x7e,0x28,0x04,0xe1,0xc0,},{0x08,0xe0,0x98,0xa7,0x49,0xfc,0xe6,0xd1,0x23,0x54,0x39,0x58,0x78,0xa8,0xbe,0x35,0xfe,0x9e,0xdf,0x72,0x68,0x4d,0xd8,0x28,0x12,0x24,0x89,0x9b,0x1c,0xae,0xa4,0xed,0x68,0x77,0x85,0xdf,0xf5,0x5a,0x19,0x98,0x9e,0x03,0x63,0x6e,0x16,0x66,0x38,0x6f,0x22,0xc3,0xf4,0x43,0xec,0xf6,0xfd,0x34,0xd5,0x99,0xff,0x3e,0xc2,0xfa,0xf1,0x01,},"\x11\x7f\x42\x7c\xb6\x81\x50\xca\xfc\xfa\x46\x2c\x42\x20\x61\x41\x42\x7c\x4d\xce\xa1\xc8\xea\xcc\x2d\x30\xbe\xd1\xe9\x02\x07\xd5\xae\x30\x5e\x1f\xc1\x6c\x54\xe4\xc5\x4c\xc6\x87\x8c\xdb\xed\xc9\xf5\x1f\xe1\x84\x61\xec\x37\xc5\x57\xb1\x15\xd1\x3c\x86\x82\xc4\xe1\x5f\x50\x52\x96\xa1\x76\x0e\x1e\x75\xf5\xab\x27\xa5\xc1\x5a\x13\x57\xd2\xc8\xc4\x0d\xd5\x35\x5f\x7c\x82\xfe\xa5\xd2\x7e\x28\x87\x63\x58\xc1\x2e\x91\x13\xee\x29\x83\xea\x6f\x09\xc6\x4e\x06\xe2\x97\xdd\x96\xb3\x4d\x9b\x5e\xd4\x9f\xc4\x7a\x88\x39\x54\x9c\x66\xb0\x02\xfe\x94\x5e\x8f\x94\xe7\xd2\x31\x5c\x50\xca\x4d\xc0\x98\xbe\x4b\x32\x89\x81\x2f\xbe\xa9\x6b\x47\xce\x60\x45\x40\xbd\xe0\xe5\xab\x0b\x1b\xc0\x36\xbe\x9b\x6a\x95\xe0\x9c\x81\xe8\x98\x64\x0c\x8f\x05\xd6\x0a\xd9\x42\x18\xd0\xe6\x6c\xeb\x85\xa2\x6b\x78\x29\x22\x20\xbf\xd0\x61\xdd\x07\x35\x12\x92\x3b\x90\xc7\x9d\xcf\x5a\x19\x35\xfa\xfe\x8e\x01\xef\x8b\xf8\x1b\x4d\x37\xc5\xa5\x71\xb5\x0c\x42\x1f\x9b\xd2\x19\x4b\xef\x35\x86\xfc\xb8\x58\x48\x77\xbb\x7e\x04\x81\x65\x5b\x05\xc7\xb6\x43\xb1\xe4\x5b\x04\x03\x62\x72\x84\x18\x52\xe3\x19\x40\xef\x8f\x3b\x6d\x4f\xeb\x5d\xf0\x79\xd1\x76\xf9\x79\xc1\x8a\x11\xa6\x6d\x12\x14\xe5\x2f\x68\x7e\x90\x63\xc1\xc2\xb7\x27\x7b\x68\x5d\x5c\x72\xad\x56\x9f\x78\x73\x83\x8f\x91\x02\x57\xa0\x53\x13\x1c\x83\xeb\xce\x86\xe6\x9d\x73\x63\x62\xbe\xbc\x96\xbb\xfa\x35\xfc\xba\x1c\xb5\x27\xe7\x48\xe5\xf5\x79\x92\x9f\xd4\x0c\x56\xb1\xa5\x1a\x22\x2e\x86\x33\x02\x70\x5c\x86\xf7\xb5\x4e\xbf\xbb\x94\x82\xf7\xe2\x80\xf7\xbe\xc8\xca\xf3\xa6\xb5\x67\x1a\xc3\x0c\xd1\xbe\x52\x92\x88\x79\x7c\x01\x3c\xe5\x6b\xd1\x86\xde\x7d\xfc\x18\x28\x69\x14\x25\xc1\x47\xc5\x17\x4a\x29\x0d\x80\xcb\xd5\x9c\x19\xda\x7a\xdf\x77\x91\x88\x82\xa7\xb2\xa9\xa6\x4e\x6d\x76\xb4\x8b\x92\xf2\xa2\x66\xee\xe6\xe2\x51\xd2\xe8\x17\x65\x2b\x88\xb5\x02\xde\x73\x99\x78\x2d\x75\x29\xa8\x1d\x0a\x36\x39\x96\xb9\xdf\x68\xb1\x5a\x76\x30\x90\x4c\x8c\x24\x60\x81\xfa\x4f\x09\x29\x9f\x15\x75\x79\x58\xe0\x89\xa9\x01\xc3\x56\x46\x15\xc0\xf7\xcf\x27\x52\xb8\xb9\xe5\x21\x33\x8d\x83\x6e\x3d\xae\x4c\xe2\x37\x46\x42\x25\x3c\x4c\x98\x31\x97\x4e\x5d\x8c\x28\x42\xf4\x90\x07\xb7\x17\x75\x09\x3d\xfe\x57\xf4\x44\x92\xf0"},
+{{0x68,0x18,0xc6,0x0b,0xb6,0x43,0x9a,0xc2,0xee,0xe2,0xd4,0xe1,0x28,0xe9,0xd8,0x69,0x1d,0x4a,0xd5,0xd3,0x63,0xfe,0xd7,0xd6,0x57,0x7a,0x62,0xb6,0x56,0x99,0x94,0xa4,},{0x73,0x45,0xec,0x11,0xbc,0xcc,0x05,0x6f,0xc4,0xef,0xfa,0x3e,0x4e,0xf6,0x70,0x99,0x6a,0xa2,0x6a,0x1b,0xb1,0xb8,0x33,0x91,0xba,0xbc,0x39,0xa1,0xa5,0x96,0x01,0xf9,},{0x15,0x05,0x96,0x7a,0x27,0xb9,0xf8,0x6e,0x92,0x42,0x44,0x40,0x02,0xa1,0xe3,0x19,0x7d,0x74,0xdd,0xcd,0x89,0x65,0x9e,0xc5,0x14,0x02,0x02,0xaa,0xc7,0x94,0xb8,0xad,0xc1,0x93,0xe7,0xd3,0x0f,0x33,0x82,0x64,0x29,0x90,0xf6,0xfe,0xd7,0xa9,0x99,0xca,0xc8,0xc6,0x1e,0xaa,0x39,0xb7,0xd9,0x08,0x16,0xf1,0xd7,0x38,0x74,0x4b,0xe1,0x01,},"\xb2\xae\x65\x8b\x3c\x13\xc3\xcd\xeb\x1d\xc9\x93\xb0\xf4\x5d\x63\xa2\xea\x9a\xbd\x0b\x7a\x04\xf1\xf5\xce\x59\x32\x80\x6c\x2c\xa9\xb7\xa2\x04\xfb\xf8\xd0\x66\xb7\xf0\xfe\x6a\xe0\xd1\xda\x68\xc8\x85\xee\x11\xf6\xf6\xdb\x7e\x83\x20\xa2\xea\x65\x0b\x53\x38\x51\xcd\xd9\x9d\x90\x3a\xa0\xb3\xfa\xa3\xc9\x50\xf7\x02\xf0\x4e\x86\xb4\xee\xb3\xa1\xc7\xbc\x85\x4b\x25\x14\xfa\x5b\x47\x66\xd3\x75\xb4\xf1\xad\x61\x07\x53\x78\xdd\x92\xfd\x62\x6c\x2b\x47\xe0\x13\x83\xea\x72\x98\x79\x59\x26\x2c\x56\x28\x62\xb4\x5b\x75\x57\x67\x14\x13\xb6\x66\x14\xbc\xc9\xf7\xbd\xb9\xee\x46\xcb\xed\x89\x65\xbf\xa5\x05\x31\x50\x90\xc7\x20\x4b\xea\x89\x17\x5b\xe5\xf2\x08\x02\xe3\xde\xdd\xcb\xd8\xdd\x64\xcf\xef\x7e\xe6\xa6\xe3\x86\x0c\xe1\xe5\x79\x9d\xf5\xd8\x10\xd5\xec\xf3\x2e\x61\x5d\x16\xdf\xf8\x7a\xbd\x4a\x63\x6e\xa1\x7a\xa4\xec\xe5\xb6\xb2\xc0\x46\xb6\x5b\x5a\xf7\x49\x86\x2b\x45\x79\x0c\x39\x17\x68\x20\xb3\x69\x01\xbe\x64\x9c\xf4\x16\x9d\xf7\xe9\x23\x95\x6d\x96\x06\x49\x50\xc5\x55\xf4\x5a\xcb\x94\x50\x7c\xfd\x0c\x3b\x33\xb0\x80\x78\x5e\x35\xc0\xd2\xb0\xad\xdc\x4c\x0a\xd3\xfb\x21\x6a\xc2\xe6\x01\xc9\xc7\xe6\x17\xda\xbd\xa3\x33\xda\xe6\x03\xcc\x9d\xb1\xfc\x62\xae\x4e\x0e\x45\xe3\xcc\xdd\x16\x6a\x67\x81\xe2\x43\xb7\xda\xa1\x38\x80\x66\x32\xf5\x38\x84\x4e\xe3\xd1\x40\xb7\xa8\xbb\x2b\x54\x01\x00\x77\x8c\x45\x8e\x06\x61\x70\x70\x5e\x5f\xb2\xc8\x80\x29\x09\x8b\x99\x2c\x39\xbc\x9f\xf6\x33\x0b\xfc\xfe\x77\x52\x32\x0e\x6e\xa0\x94\x9d\x2c\x87\x1a\xed\xc1\x87\xbe\x27\xfe\xf7\xdb\x5f\x72\xa6\xa7\x73\xed\xde\x0d\xc5\x2a\xe2\xed\x93\x1c\xb2\x68\x17\xb8\x5b\x15\x45\x89\x4d\x92\x29\x8a\xaf\x87\xcc\xbc\x78\x3e\x8d\xd6\xd1\x64\x93\xf5\x6e\xad\x2b\xa8\x52\xee\x9c\x7d\x10\x07\x44\x06\x44\x0d\x2a\x27\x9a\xbc\x87\x4f\x15\x46\x8d\xd6\x6a\x71\x7b\xac\xe3\x7b\xe7\xb7\x05\x5d\xd9\x68\x1f\x8b\xe8\x13\x29\xee\x7a\xf9\x7e\x3a\xbc\x43\x4a\xc1\xc9\x3a\xec\x58\x2f\x23\xfd\x1e\xc0\xfa\x5a\xaf\xcf\x7b\xfb\xda\x00\xff\xa9\x7a\xe3\x17\xae\x91\x8d\x34\x9d\x21\xa7\xf4\x61\x91\x42\xba\x23\xda\xce\xf7\xb3\x90\xae\x26\xa1\x7e\x2e\x29\x62\xae\x27\x00\x53\x76\xb7\x2d\x4d\xa9\xe2\x97\x96\x53\xa6\x63\x25\xa1\x46\x17\x63\x8d\xbe\x1a\x55\x40\xb6\x83\xac\x00\x17"},
+{{0x6d,0x1d,0xa5,0xb4,0x83,0xe6,0x4b,0x03,0x65,0x99,0x0f,0xf0,0x93,0x81,0xfb,0x17,0x02,0xfd,0x8e,0xc3,0xa1,0xa3,0x69,0xcd,0x52,0xe4,0xc5,0x67,0x13,0xa3,0x14,0xa5,},{0x08,0x05,0x5c,0x26,0x1f,0x26,0xe0,0x2a,0x65,0x8f,0x66,0xd9,0xba,0x01,0xfc,0xde,0x53,0xe9,0xad,0xe3,0xed,0xc6,0xbf,0x81,0x5e,0x4a,0x68,0x02,0xe1,0x67,0x7a,0xb3,},{0xa5,0xb8,0xb4,0x4a,0x91,0x44,0x4c,0x64,0x37,0x4b,0x52,0x3c,0xb4,0xdc,0xb0,0xce,0xf4,0xce,0x52,0x40,0x8b,0x98,0x12,0x6d,0x7e,0x1a,0xe8,0xbd,0xc2,0x8c,0xf5,0x14,0x70,0xce,0x4e,0x25,0x3e,0x0b,0xe6,0x2b,0xd6,0x8e,0xbf,0x5f,0xa6,0xbc,0xe1,0x58,0x5e,0xcc,0xfa,0x92,0x56,0xc0,0x73,0xee,0x03,0xe5,0x4c,0x52,0x5b,0xbe,0x2d,0x0a,},"\x79\xa2\xc3\x70\x55\xf1\x89\xf3\x24\x7f\x1f\x8c\xea\x19\xb2\xea\x40\xd8\x58\xdb\x1f\x5d\x13\x92\xee\x6d\x41\x1c\x78\x02\xee\x23\xde\x52\xad\x02\x81\x17\x25\xa9\x4d\x76\x67\x5d\xa8\x9a\x96\xb5\xd0\x7a\xbc\xee\x23\x3a\x1a\x2e\x1f\xa3\x24\xff\xf9\xe7\x8a\x4c\x19\x61\x47\xf8\x57\x0b\x0b\x13\x71\x3d\x96\xaa\x5d\x75\x0a\x15\xd7\xcd\x16\x2e\x7b\xa2\xe7\x53\x33\x60\x7d\xd6\x98\xeb\x47\x73\xc7\xe9\x1f\x76\x68\xff\x8b\x62\xf0\x46\x40\xeb\x12\xec\xf1\x22\xfc\xe6\xb8\x32\xe0\xd0\xdf\x92\x8e\xef\xd2\xc2\x00\x23\x64\xaf\x6b\xb5\x52\x91\xd3\xf5\x49\x29\x08\x5b\xe3\x38\x34\x2f\x09\xda\x73\xe2\x79\xc8\x7c\x83\x24\x55\x58\x19\xed\x57\xe7\x8d\x7a\xc4\x09\x51\xd3\x3f\x65\xb9\x4a\xa1\xe5\x55\xe9\x2a\x06\x3d\x11\xf1\xff\x7b\x12\x69\x43\x41\xe3\xfe\x44\x49\x33\xd0\x1a\xa3\x67\x53\xed\x3c\xdd\xa8\x90\xbd\xf9\x5a\x82\x05\xb5\xd8\x93\x22\x19\x91\xc7\x95\xad\x0a\x4a\x94\x6f\x58\xd4\x0a\x45\x34\x51\xaf\x21\x4f\xd4\x65\xe2\x8d\x3e\x2f\x0a\x56\xaa\x56\xde\xf8\xdc\x04\xaa\xd3\x57\x13\xab\xfc\x8b\xd7\x85\x6d\x5a\x9d\xc3\xf6\x0a\x3f\x2b\xd3\xe6\x36\x6f\x1f\x24\x4e\x94\x1d\x6a\xea\x89\x2f\x6a\x88\x93\x1f\xe1\xc3\x13\xe0\x90\x78\xe9\x0b\xc6\x39\x2d\x49\x05\x33\xc9\xea\x3f\xf6\xde\xaf\x3a\xad\xfa\x8d\xfd\xc4\xe9\x0f\x64\xaf\x47\x58\x9e\xa6\x5a\x87\xac\xd2\x19\x96\x02\x35\x1d\x3a\xfc\x21\x03\x19\x6e\x03\x94\xed\x52\x3a\xa7\x99\xd3\x1e\x11\xd3\x4f\xff\x54\x6d\x44\xf4\x36\xb3\x48\x59\xf9\xcf\xbc\x9c\xe4\x03\xde\x5a\x98\x30\xec\x3d\x45\x3f\x0d\x45\x97\x0f\x57\x2c\x14\x4f\x19\x1b\x2f\xbb\x2d\x0e\xa6\xcc\x9c\x8e\x24\xd9\xc0\xb2\x18\x3b\x27\x80\x72\xeb\xb0\xbe\x2d\x70\xd0\x37\xfd\x2e\x8e\xc1\x8d\xc4\xc9\xb2\x1a\xbd\xc6\xa4\xce\x8d\x46\x68\xa2\x20\xee\xbd\x69\x34\xf0\x4b\xaf\x0e\x88\xa4\x88\xd2\xdf\xc7\x35\xa7\xc5\xa7\x0d\xbb\x01\x66\xa2\x1a\xe0\x11\xfc\x6e\x7d\xa1\x0f\xc3\x20\x33\x62\x71\xd9\xee\xad\x51\x0a\x6f\x70\x32\xf2\x29\x66\x92\xbe\x50\x80\x21\xbc\x98\xc1\x70\xbe\x42\x35\xf7\xce\x31\xf2\xbc\xd6\x34\x11\x63\x68\x33\x76\xae\x2c\x56\x62\xcb\x47\x70\xc9\x6e\x01\x8e\xf1\xbf\x47\x91\x33\x19\xc9\xa0\x9b\x9e\x96\x5a\xb5\xc3\xe9\x7b\xbc\x75\x6a\x56\x66\xb4\x56\x7f\x2c\xff\x2d\x0c\x3a\x6a\x40\x26\x15\x8c\xb9\xf9\x0f\x95\x00\x56"},
+{{0x51,0x46,0xf5,0xb7,0xf1,0xba,0xa1,0x9f,0xc8,0xcd,0x78,0x5c,0x89,0x6e,0x0f,0x90,0xf9,0xf6,0x59,0xb7,0x7b,0x1b,0x9b,0xb4,0xad,0xca,0xb5,0xa6,0x26,0x72,0x05,0xe4,},{0x68,0x8a,0x8d,0xe6,0x4e,0xff,0x33,0xba,0x6b,0xbe,0x36,0xcd,0xd6,0xa3,0x84,0xbb,0x67,0xb3,0xf4,0x26,0x36,0xdb,0x23,0x4f,0xf5,0xef,0xe0,0xb3,0x17,0x43,0xc7,0xe6,},{0x4b,0xdb,0xd7,0xc6,0x4f,0x13,0xe2,0x78,0xc2,0x39,0x69,0xe7,0xeb,0x38,0x6b,0xbe,0x49,0x9d,0xbd,0xef,0xc3,0xff,0x4e,0x30,0xcf,0xac,0x5c,0xf8,0x6f,0x21,0x6c,0x24,0xc9,0xe6,0xcd,0xe2,0x0e,0x52,0x9d,0x14,0x7f,0xb7,0xea,0x08,0xf2,0x59,0x3a,0xd5,0x09,0x03,0xb5,0xed,0xbf,0x86,0xb4,0xd2,0x8f,0x2e,0xb3,0x2e,0xf1,0x37,0xf0,0x0c,},"\x97\xbd\x99\xf5\x18\xee\x07\x88\xd5\x76\xd9\x9c\x04\x3b\x44\x9d\xfc\x24\x2a\xc5\xee\xae\xc3\x44\xa1\x94\x32\xb3\x45\x96\x2e\xc4\x12\xce\x55\x36\x2b\x3b\x85\x1d\x98\x11\x9f\xce\xb9\x32\x83\x47\xf6\xfc\xc6\x8d\xbf\x56\xa2\x81\x4d\xb0\x9e\x93\x85\x84\x3a\x93\x11\x89\xea\x3e\x72\xda\x9d\x79\xa4\x56\x93\x05\x3c\x03\x57\x01\xdc\x55\x51\x24\x0f\x95\xb3\x03\xfb\xa1\x6f\x89\xaa\x53\xa4\x38\x82\xb0\xf1\x38\x12\x02\xc7\x8f\x9c\x74\x19\x89\x9f\x23\x51\xec\xa9\x5e\x20\xbf\xee\x76\x35\x1c\x48\xd0\x04\x99\xf5\x91\xda\x56\xa9\x95\x24\xbb\x74\xfe\x1c\x83\x4e\xe9\x10\x77\x13\x9f\x1e\xdf\x67\x31\x5c\x07\xa3\xfd\x97\xf8\x0b\x7c\x27\x6b\x6c\xf6\xb5\xcc\x36\xbe\x36\x3b\x73\x12\x17\xf6\x31\x9f\x51\x29\xba\x7b\x14\xd0\x54\xc8\xd8\x1d\x8e\x3a\x3f\x3b\xe6\x2a\xc3\x1f\xf6\x2d\xf6\xa3\xb2\xee\x25\x96\x96\x9b\x99\x17\x04\xb3\x1c\x68\x99\x97\xab\x46\x28\xbc\x26\x60\xc6\x78\x72\x13\x2e\x85\xda\x0c\x4f\xcf\x56\x79\x65\xf1\x25\x4a\x8f\x43\x26\x92\xa1\x7b\xb8\x6c\xb3\xc1\xdc\xba\xac\x93\x95\x52\xf0\x9e\x50\xec\x5b\x0d\xe2\xef\x85\xe0\xac\x25\x3a\x41\x65\x65\x5d\xb5\xb5\xc4\x98\x03\x82\x1d\x85\x9c\x60\x96\x1e\x06\x1d\x58\x27\x8b\x82\x7d\xd4\xd3\xbc\x47\xf1\xc2\x2d\xe0\x94\x90\x6b\xdb\xbf\x3b\xad\xbd\xde\x22\xba\x24\x25\x58\x55\xeb\x86\xd1\xd7\xf3\x70\x82\x05\x93\x11\xdc\x07\x28\xeb\xea\xf2\x6c\x44\x73\xba\xd1\xfa\x9e\x61\x4b\x53\x3b\x81\x1b\x6b\xcb\x06\x50\xc0\x6d\x87\x9a\x52\x45\x78\x8f\x34\x01\xb4\x61\x97\x30\x07\x74\xa9\xaa\x73\xcd\x97\x8c\x05\x30\xc8\x1a\x53\xbd\xb3\xfc\x93\x24\x14\xb3\xe3\x04\x40\xdc\x12\x74\x41\xef\xf1\x60\x5e\x7f\xd9\xac\x8c\x63\x2e\x82\xbf\x1b\x45\x3d\x4f\x33\xa5\x7e\x4b\x67\xb0\xb6\xfc\xf6\xed\x55\x55\xb5\xf5\xa3\x00\xa1\x4a\x00\xd0\x38\x5a\x33\x75\x05\x25\xb0\x0e\xdb\x31\x2c\x6b\xfd\xd6\x4e\xdd\x3b\x53\x16\xd1\x9f\x95\x8c\x51\x76\x34\xf0\x13\xb0\x08\x93\x6d\x34\xe9\xb5\xe1\xe9\x28\x3a\x5f\x0f\xd7\x78\x33\x77\xc0\xe5\x09\x06\x41\xbb\x9d\x33\x8c\xf3\x13\x3a\xcd\x0b\x97\x1e\x53\x79\x04\xf1\x7a\xf9\x29\x11\xaf\xad\x72\xee\x97\xf9\xa8\x28\x3a\x16\xa7\xe2\x6a\xb4\x28\x41\x6c\x10\x17\xda\xe9\xb1\xa9\x9c\x4c\x33\x20\xad\x16\x3b\xdc\xfc\x32\x8b\xfa\xf9\xb8\xd5\xd7\xd2\x6d\x41\xd1\xef\x21\xa5\x20\x8f\x01"},
+{{0x5e,0x6f,0xda,0xc9,0x35,0x1a,0x63,0x7b,0x99,0xf3,0x3a,0x26,0x4e,0x12,0x87,0x69,0x7e,0x2a,0xba,0xb0,0xcc,0xa1,0x66,0x21,0x79,0x24,0x84,0xf5,0x60,0x6f,0x44,0xc1,},{0x57,0xe5,0xf8,0x8a,0xcd,0xdc,0x8c,0xde,0x7d,0xd0,0x7a,0x31,0x46,0xfb,0x1d,0x4f,0x7a,0x9b,0x63,0x83,0xa8,0xf6,0xb2,0xb8,0xd9,0xb0,0x7e,0xbc,0x3f,0xc4,0xdd,0x20,},{0x98,0x7e,0x32,0xe0,0x0a,0x8a,0x16,0x32,0xf4,0x7b,0x50,0x31,0x94,0x35,0x5c,0x98,0x0c,0xb2,0x2a,0xde,0xb3,0x26,0xb4,0xe3,0x11,0x5e,0xca,0xb0,0x4b,0x70,0x4d,0x18,0x6c,0xd9,0x2e,0x3c,0x3a,0xc7,0xb4,0xe2,0x93,0x6c,0xbd,0x07,0xcb,0x79,0x4e,0xc0,0xcf,0xe9,0x1a,0x97,0x87,0x2f,0xf2,0xb4,0x13,0x76,0xf5,0xf1,0x8f,0x55,0xb8,0x05,},"\x4d\x6c\xd3\xbc\x2f\x86\x26\x6b\x8b\xb1\xb6\x1d\x0e\x1c\xaa\x9b\xd2\xd4\xa1\x80\x36\x1a\xef\x3a\x18\xd3\x90\xb1\x0f\x7e\x86\x0f\x69\x7e\x24\x7e\xb6\xc3\xe5\x1d\x3b\x97\x6b\xf0\xca\x18\x3d\x01\xa6\x98\x80\xf1\x5c\x94\xb8\x75\x66\x8c\xa3\x0d\xad\xa0\x89\x5b\xed\xd4\xd7\x05\xa0\xe0\x33\x04\xd0\x63\xde\xa8\x7c\x7f\xde\xc9\x8b\x89\xc0\x6f\x13\x0d\xd5\xbd\x58\x6b\x54\xd9\xba\x73\x78\x26\xbb\x40\x5c\xd8\xac\x8b\xbc\x95\x00\xac\xda\x3c\x07\x46\x1d\x00\x94\x40\xaf\x0b\x25\x31\xe7\x2f\x3f\xf5\x01\x6a\xe2\xd8\x6d\x69\xb8\x7f\xb2\x73\xd1\xe8\xdd\x5f\x6a\x26\x4b\xee\xbb\x2f\x88\x59\x96\x74\x1f\xfd\xa2\x77\xa0\xfb\xf8\xef\x08\xf8\x1f\x22\xee\x59\x61\xd9\xd3\xfc\x93\x83\x62\xe1\xca\x12\x00\x4a\x91\xd9\xb5\xf7\xa6\x83\x3a\x6c\x22\x95\x5a\xc0\xcd\xa3\x39\x06\x71\x91\x0c\xbd\x51\xe6\x85\xfe\x09\x59\x73\xe4\x15\xfc\x2d\xb8\xad\xf1\x0b\x14\x7e\xc7\x08\x0c\x3b\x8e\xbd\x07\xd2\x1b\xb9\x55\x6d\xa8\x54\x30\xa2\x68\xee\xd8\x48\x6b\x1e\x31\xc9\x43\x13\xb0\x16\x49\xfe\x91\xb2\x22\xf8\x5a\xde\xe1\x5e\xb7\x77\x07\xd7\x8f\xfc\xb6\x60\x92\x65\x44\xd3\x3b\xe9\x99\x4a\x29\x76\x20\xdc\x7a\xed\x97\xf3\x92\x63\x90\x53\xf3\x88\xb0\xb3\xaa\x3b\xd0\xac\x5b\x03\x3c\xb4\x14\xbe\x52\x0b\x43\xdf\x68\x26\xb9\x76\x89\x0d\x0c\x53\xb9\x7b\x6c\x92\xe7\xd1\xa1\x57\x3d\x0c\x74\x94\xd7\x47\xe0\xca\xd9\xbd\x8e\xa5\x38\xd6\x2a\xd5\x98\x01\xad\x07\x16\xf1\x70\x19\x3e\x30\x09\xd9\x95\x9c\x55\xd2\xff\x64\x79\x9b\xd9\x59\x35\x9a\xbb\x94\xca\x97\x23\xb5\xff\xc2\x4c\x95\x07\xf8\xc5\xfd\x6e\x88\xea\xae\x7a\x70\xad\xd8\x4d\x74\x4c\xcf\x8b\x98\x36\x37\x88\xf0\xbf\xb1\xa0\x25\x22\x02\x57\x51\xe5\x34\x71\x0d\x40\xa2\xd3\x8a\x79\x11\x94\xeb\xa2\x93\xfd\x20\x46\xcc\x14\xdd\x38\x76\xd1\x68\xfc\x6e\x23\x6c\xbe\x14\x6d\x63\x69\xd2\x25\xbf\xa6\x7e\x53\x97\x98\x65\xf7\x88\x73\xa9\xfc\xf0\x3c\x18\x6f\xa8\x52\x1f\x0a\x55\x45\xac\xce\xe8\x0d\x1e\x55\x10\x72\x21\xe2\x1f\x0f\x22\x91\xc1\x43\xde\x02\x3e\x88\xd7\x33\x0c\xc8\x7d\x4c\x51\xff\x29\xa3\x09\x06\x05\xe9\x73\x94\x90\xc1\xdc\xee\x71\x34\x95\xf2\x31\xc2\xa3\x6b\x11\xab\x23\x55\x47\xfb\x63\x28\xf7\x47\x33\x6d\x9b\x1e\xf2\x5a\x8a\xb9\x9c\xed\xa9\x57\xb2\xdc\xce\xe4\x07\x5b\x0d\x03\x38\x1b\x94\xae\x18\xd0\x41\xea"},
+{{0xfc,0xff,0xf0,0x93,0x2d,0xc8,0x6e,0xa5,0x90,0x2a,0x8d,0x33,0x07,0x33,0x29,0x96,0x0c,0xd8,0x18,0x8a,0x07,0x5d,0xd0,0xbc,0xdf,0xa8,0x38,0x2c,0x20,0xb0,0xe7,0x8f,},{0x0c,0x92,0x05,0xa9,0x0b,0xbe,0x7f,0x2d,0x50,0x5e,0x17,0xfa,0x3d,0x08,0x0b,0x52,0x2a,0x1d,0x7a,0x15,0x2c,0xad,0x2d,0x85,0xd3,0x1b,0x34,0xa0,0x47,0x1c,0x0d,0x4c,},{0x37,0xdd,0xd8,0x3f,0x98,0xb0,0x57,0xb7,0xcb,0x32,0x08,0xa8,0x32,0xc5,0x8a,0xa9,0x06,0x94,0x56,0x3c,0x23,0x54,0x8d,0x43,0x22,0x91,0x38,0x0b,0x73,0x59,0x13,0x01,0xf2,0x74,0xb0,0x4c,0xee,0x2e,0xf7,0x8c,0x06,0xd9,0x6c,0x3d,0x9b,0x7c,0x17,0x52,0x1a,0xae,0x1a,0x8c,0xa5,0x0d,0x34,0x7c,0x09,0xc3,0xcf,0x70,0x3b,0xc8,0x83,0x0b,},"\x3d\x4b\x76\x12\x23\x73\xe2\x12\xa3\x46\xd1\x9a\x66\xbb\xfc\x4b\x62\x32\x92\x64\x9b\xd0\xce\x5c\xf6\xbb\x13\x56\x48\xbd\x01\xdb\x74\x03\xb3\xd0\xbd\xd1\x69\x7f\xf4\xe6\xe9\x08\x90\x41\x16\x75\x4d\x37\x0c\x40\xd7\x00\xcd\xb6\x64\xc4\x6a\x91\xdd\x84\xa3\x58\xb9\xd2\x38\x14\x43\xe6\x0f\x2c\x3f\x56\x40\x26\x1b\x6b\x85\x8b\xa8\xf8\x28\xb0\x97\x1f\x41\x22\xb2\x02\x88\xa2\x6b\xa2\x09\x0b\xa1\x4f\xd2\x76\x36\x0c\xc6\x86\x79\xcd\x84\x19\xae\x19\xc6\xd4\xdc\x7b\x66\x14\xc0\x6d\xf5\xe5\xc0\x51\x0e\x2c\xb6\x86\xde\x0e\xbd\x75\xe5\x21\x0a\x21\x55\x62\x58\x9b\x28\xc9\xcc\xc7\xd2\x72\xb9\x8b\xd4\xbf\x93\x49\x5e\xfe\x4f\xc5\xb7\x8d\xef\xec\xfb\xca\xa9\xfe\x12\x6b\xad\x30\xe8\x9b\x3a\x38\x9b\x42\x56\xf6\xa4\x8a\x76\xc3\x45\xde\x5a\x36\xa1\x44\x9f\x08\x34\x5b\x9a\x5e\x6a\x00\x1d\xa1\xff\x9c\xd4\x33\x70\x93\x48\xe9\xae\xfb\xc7\x8b\xa5\x2d\x3a\xb3\xb4\x69\x86\x93\x5e\xba\x8e\xcf\x81\xed\xc4\x3c\x5b\x2e\x3b\x5e\xb3\x8d\x9a\x16\x5e\x9e\x7f\x72\xf6\x17\x60\x54\x63\xbe\xdb\xa9\x73\xeb\xfd\xcd\xf2\xb0\x88\x9c\x71\x41\x2f\x8f\x85\x0c\x7a\x3b\x55\x18\xec\xd8\x9d\x2e\x25\xc0\xc1\xc3\x0f\x08\x5a\x0f\xfe\x54\x0e\xf9\xc0\xe8\x8f\xc7\xec\x4a\xf1\x94\x8a\x4e\x6f\x7a\x6e\x25\x6b\x30\x7a\x11\x27\xb7\x1b\xa6\x86\xef\xea\xdc\xa0\xe4\x86\x09\x47\xcf\x67\x4f\xce\xd6\xca\xf7\x31\x0c\xcb\xaa\x8d\x90\x47\xda\xed\x30\xfd\x55\x85\xd4\x1d\xde\xae\x4d\xf2\xfe\xd4\xb6\x22\x80\x32\xc3\xe4\xae\x23\x80\xe8\x7e\xc6\xcd\x72\xe4\xd7\x4b\x8b\x4c\x38\x13\xfb\x04\x33\x89\x39\x1e\x9c\x13\xf7\xd3\x3c\x3a\xab\x5a\x78\xfc\x4c\x6a\x63\x4c\x61\xa7\x0f\x02\xa9\x40\x54\x8d\xa1\x77\xc6\x5d\xf6\xab\x17\xcd\x96\x83\xf3\x7e\xa8\x21\xc7\x40\x88\x9d\x82\xe8\x8c\x83\x4e\x7d\x5d\xc1\x16\x62\xea\x78\xb1\x3c\x6a\x4b\x62\x18\xd3\x17\x84\x21\x9a\x47\x67\x59\x5b\x1a\x56\x21\x65\x25\xcd\x68\x93\x8b\x22\xbd\xb1\xf8\xc5\xa7\xf1\x70\x1a\xfe\xb9\x61\x88\x8e\x2e\x0e\xc0\xc8\x38\xcd\x62\x0c\xb7\xdd\x8a\x14\x93\xa0\x2c\xd5\x6b\x54\x51\x25\xe4\x70\x0c\x08\x89\xfa\x26\x44\xe6\x44\xa3\xaf\x53\x1d\x1c\xd6\xbc\x95\xe5\xdf\x91\x75\xf1\x37\xf2\x84\x08\xcb\x69\x9c\x7a\xe6\x6f\x65\xd1\xd2\x93\x0f\xac\x57\xca\x8a\x60\xe6\x31\x1a\x40\x78\x48\x8c\x9e\xa4\x04\x94\x8a\x9d\xeb\xeb\x9d\x5e\x10"},
+{{0xa1,0xe4,0xfc,0xfd,0xe0,0x44,0xf1,0xbb,0x0e,0x7b,0xbc,0x63,0x1a,0x83,0x1a,0x8d,0x07,0xe9,0x0a,0xe0,0x8a,0x96,0x6a,0xd6,0x27,0xb6,0x20,0xb1,0xe2,0x8c,0x42,0xcf,},{0x25,0x56,0x0f,0x31,0x16,0x8b,0xd4,0xb7,0x25,0x52,0xed,0xed,0xd0,0x8b,0xb6,0xbf,0x79,0xa9,0x40,0x63,0xc1,0xf1,0xe1,0xd3,0x04,0x86,0x9d,0xd1,0xce,0x04,0x9b,0x95,},{0xc8,0x00,0x15,0x27,0xbd,0x90,0x2c,0x15,0xc3,0xdd,0x5a,0xe1,0x81,0x80,0x52,0x5b,0x5e,0x82,0x02,0xbe,0x66,0x71,0x1f,0x82,0x88,0x5c,0x82,0x22,0xa1,0x5f,0x06,0x00,0x92,0xa2,0xa6,0xe2,0xf7,0xd7,0xe9,0x80,0x31,0x12,0x09,0x19,0x1b,0x32,0xb8,0xad,0xe4,0x8d,0x3e,0xa9,0x8c,0xf2,0x45,0xf0,0xfa,0xd6,0x2c,0x00,0x9c,0x5a,0x71,0x08,},"\x8c\x14\x54\xd4\xe0\x8a\x14\x01\x64\x6b\xf7\xa8\x85\x9e\x8a\x14\x5e\x85\xee\xeb\x40\xdb\x38\xff\x01\x69\x70\x96\x41\x21\x2c\x81\xb6\x73\x90\x74\x9c\x01\xa7\x98\x07\xf3\xcc\xad\xbb\xd2\x25\x6f\x36\xff\xc1\x80\xcf\x9b\xa4\x4b\xf4\xa7\x61\x2d\x44\x1c\x23\xb2\xe2\x5d\x33\xc4\x8a\x73\xe1\x6c\xe3\x57\x56\x27\x58\xad\xb0\x05\x53\xc3\x14\x2f\xb8\x17\x6b\x6a\xe8\xfb\x61\x0a\x60\xf9\x23\xb0\x91\x18\x14\xb1\x0f\x56\x79\x93\x6c\x36\x77\xb7\x0e\x84\x6e\x21\x8f\x58\x75\x67\xf2\x01\x9c\x7d\x28\x2a\x10\x7f\x3c\xc8\x47\x63\xad\xae\xc8\x89\x93\xc0\xcc\x50\x03\xe7\x7a\xf6\x0d\x67\xdb\x53\xf8\xcb\x72\x7a\xa6\x67\x2d\xe0\x04\x49\x8c\x3b\x3e\x22\x2a\xa7\x08\x2d\x91\xf9\x8a\x1a\x06\x83\x74\xc5\x10\xff\x53\xa5\xe5\x59\xcb\xe2\xd6\xc7\xc3\x44\x2d\x72\x38\x90\x7c\x81\x1d\x58\xaa\x7f\x5a\x46\xb8\x31\x12\x44\xf0\xdb\xe1\xb9\xc0\xe9\x44\xdd\xa1\xd8\x01\x08\x64\x94\x9c\x59\x39\x6c\x6b\x34\x6a\x11\xf3\xaa\x86\x6d\x6b\xce\xad\xfc\x90\x90\x38\xd2\x2e\xfb\xc8\xf1\xda\xc8\x10\xa9\xf2\xfa\xfc\xce\x7c\x03\x89\xeb\x0a\x56\xc0\xf6\x8c\xae\x24\xae\x3d\xdb\xdf\xf7\x11\x6d\x2f\xad\xeb\x9b\x0e\x75\x09\x53\x6f\xdc\x3b\x83\xe7\x13\x54\xda\x6a\x1a\xed\x16\x88\x74\x90\xdc\x2f\x4d\xf5\x7b\xba\xa7\x24\x45\x28\xfa\x30\x94\xb9\x9e\x86\x75\x81\xac\xef\x90\x62\x70\xb2\xcf\x4d\xed\xa6\xb8\xfd\x9d\xbb\x79\xad\xd7\xbe\xa8\xf8\x6f\xcb\x1f\x64\xdf\xd5\x0e\x38\x5b\x42\x09\xec\x0b\x1a\x9f\x6d\x2e\x51\x90\x68\x29\x7a\x2b\x5c\x40\x5c\x21\x6b\x4a\x2e\xd9\x83\xff\x69\xc5\x9b\x53\x0e\xff\xa6\x0c\x03\x67\x05\x12\x67\xdd\x2b\xbd\x1e\x86\xa9\xab\x5a\x11\x4d\xd4\xf6\x9b\x54\x0b\xfa\xbf\xe9\x7c\x04\x03\xb8\xfc\xbb\x27\x62\x57\x61\xed\xa3\xe2\xad\x8e\x62\x5c\xfe\x4b\x61\x5b\x70\x25\x53\x1a\x49\x89\x18\xc2\x4e\x02\xa0\x0e\x79\x7b\xba\xfd\x14\xf9\xd3\xf6\x82\x7e\x39\x00\x63\xc4\x36\x08\x06\x88\xd0\x37\xa6\xe2\x99\x3c\x56\xd3\xa8\xe9\x5f\x37\x5c\x10\x04\x0b\xf0\x4f\x03\x0c\x97\x26\x23\xd9\xe3\x80\x1c\x13\xb4\xec\x8d\x01\xcf\x18\x38\x55\xf5\x93\x5f\x10\xdd\xb2\xc5\x4c\x51\xc8\x0c\xbe\xd0\xc2\x4d\xb5\x6e\x1e\xd1\x48\x93\x1d\x89\x16\x1c\x5e\xa3\x7c\x2f\x97\x87\xf8\x8e\xf7\x33\x0e\x5d\xcd\x0e\x43\xd8\x1b\xfc\x8b\xf2\x3d\xdf\x79\x83\xcc\x1d\x73\x38\x43\xa3\x3c\xcb\x39\x5d\xfc"},
+{{0xbe,0xd1,0xbb,0xca,0xe1,0x86,0x43,0xd6,0xf6,0xaa,0xc3,0x4f,0x3d,0x9b,0x6a,0x14,0x78,0x39,0x4d,0x02,0xb9,0x31,0xcf,0xf0,0x06,0xd8,0x5f,0x21,0xb7,0xdb,0xc7,0x47,},{0x4f,0x52,0x8b,0x38,0x18,0x5a,0x42,0x4c,0x6f,0xde,0xce,0x46,0x51,0x1a,0x0c,0x29,0xb7,0xc0,0x4b,0x32,0xeb,0x04,0x83,0xab,0xb5,0x2d,0x5f,0x8e,0xb6,0xb3,0x52,0xeb,},{0x0f,0xc9,0x9d,0xd3,0xb9,0xa0,0xe8,0xb1,0xfc,0x6e,0x63,0x5a,0xf5,0xc6,0x40,0x06,0xb6,0x72,0x00,0xfe,0x95,0x8f,0x53,0xcc,0xe1,0xb9,0xb0,0x91,0xa4,0xe7,0x06,0x69,0xb5,0x93,0xf1,0x55,0x94,0xbc,0x08,0x42,0xe5,0x57,0x62,0x59,0xf9,0xa6,0x85,0x9a,0x0d,0xb2,0x2d,0x74,0x0f,0x9f,0x80,0x24,0xb5,0xba,0xf1,0xef,0x6f,0x95,0x8c,0x05,},"\xff\x7c\x64\x13\xe6\x18\xa0\x56\xde\x40\x1e\xe1\x0c\x40\xad\xe3\xd7\xc0\xe6\x86\x14\x95\xd9\x7c\x26\x89\xec\x6a\xbb\x69\xdd\x2a\xe7\x01\xfd\xca\xc8\xf0\x83\x31\xea\x5c\x5f\x5d\x80\x5b\x57\x89\xee\x5e\x24\x1f\xf4\xac\x8b\x96\x0f\x4f\x2b\x9f\xef\x6a\x72\x7f\xad\x86\xdc\xd4\x32\xde\x9f\xad\x6b\xa4\x5e\x00\xaa\x36\x87\xb0\xce\xeb\x2c\x0d\x43\x0b\x7d\x5f\xde\x63\xb4\xf6\xb9\x82\xc4\xf9\xe0\x3c\x43\x0a\xba\xd9\x04\x4d\x06\xdc\x49\xe8\x9d\xf4\x81\x40\x5d\x8f\xeb\xbb\x06\x53\xe9\x68\x69\x48\xaa\xd2\xd9\x07\x25\x44\xdf\x94\x24\xfd\x48\x7f\x4e\x24\xba\x7f\x24\x55\xdd\xec\x41\x05\x82\x8c\x39\x81\xbd\xdb\xb1\xb7\xfb\xdb\xac\x15\x59\x03\xe9\x60\xfc\xd9\x4c\x07\x16\xe7\x36\xf5\x19\x86\x7f\xbc\x52\xc5\x12\x60\xf5\x71\xd7\xed\xcb\x08\x1a\x23\x55\x0a\xd8\xc7\x0b\xb2\x68\x86\x4a\xb2\x76\xaa\x2c\xc2\xdb\xf6\x23\x83\xbb\x66\x03\x0e\xbe\x94\x35\x41\x74\xcc\xec\x2d\x2a\x90\x75\x78\x55\x64\x44\x50\x7c\xbf\x84\x88\xbb\x23\xc6\x24\x23\xa3\xa9\x8d\xa7\xcc\x96\x8f\x59\x9d\x3d\xc8\x4d\xca\x3a\xfa\xd7\xf1\x4e\xc3\x06\xe1\xdb\x53\x41\x43\x21\x6a\xa2\x2a\xd1\x80\x74\xc7\x19\x57\x08\x05\xea\x46\xbc\x86\xb7\x1a\x8f\xf5\x8e\x41\xe7\x3c\xb2\x9a\xd5\x75\x0f\xcf\xc9\xa1\xc5\x42\x92\xb6\x4b\x47\xec\x95\x38\xf5\x38\x16\xe3\x6e\xd0\xd0\xc1\xae\x5e\xad\x06\xd4\x77\xaa\x97\x5e\xce\xba\xf6\x2d\x90\x23\xb7\x7e\x50\xe7\xb6\xd4\xab\xda\xa4\x85\xea\x34\xec\x76\x6b\xeb\x1d\x9b\xa0\x3c\x9c\x06\x71\x86\xe2\xe3\x82\x66\xc6\xe2\x53\x1e\x97\x48\x02\x14\x63\x8a\x2b\xb3\x14\x31\xac\x20\x86\x79\x71\x55\xfc\x77\x5b\x3a\xad\x8d\x5a\x0b\x90\x4c\x38\x1e\xdd\x0c\x6b\xc2\x3c\x66\xa1\x90\x49\x55\xed\x45\x0a\x9c\xbd\x16\x45\x9c\x32\xf5\xca\x35\x4b\xbc\x2d\xa7\xb1\xa4\xd8\x14\xf1\xb8\x71\x0a\xad\xb2\xcc\xc4\xf3\x97\x75\x8b\x7e\x9d\x91\xf3\xa9\x1e\x58\x25\xab\x86\x82\xff\x5e\x41\x70\x2e\x07\x84\x1a\xc7\x69\x8c\x3d\xa9\xf5\x58\xed\xd0\x1f\x86\xce\x2c\x50\x6b\xf4\xc2\x14\x9a\xc9\xc1\x95\xa5\x9c\x7d\xd7\xd4\xec\xf9\x3c\x90\xb4\x42\x3b\x43\x50\x58\x8d\x41\x67\x2c\xed\xc8\x51\x0a\x7a\xd5\x3b\x4b\x7e\xdc\xaf\x23\xe4\x3e\x05\x66\x9d\x27\xa1\xfe\x97\xb7\x87\x30\xd3\xfc\x06\x0b\xd4\xed\xd9\x87\x2c\xff\xb9\x62\x85\x35\x1b\xef\x14\x8e\xf7\x83\xab\x39\x21\x16\xbd\x7b\x90\x7b\xad"},
+{{0xc7,0x18,0x82,0x3f,0x43,0xdb,0x22,0x17,0xc6,0x6a,0xb2,0x89,0x97,0x04,0x16,0x5d,0x20,0x85,0x73,0xde,0x60,0xf3,0x3b,0xc0,0xb9,0x33,0x8d,0x88,0x0f,0x19,0x3f,0xb5,},{0x29,0x40,0xb8,0x79,0xb6,0x3f,0x2c,0xb1,0xf6,0xe3,0xef,0x9c,0x9d,0x33,0x3b,0xa9,0x17,0x70,0xfe,0x18,0xcc,0x5a,0x34,0x7f,0xdf,0x12,0xb0,0xef,0xc5,0xca,0x2e,0xc9,},{0x4c,0x9c,0xdb,0x1a,0xd4,0x65,0x09,0x56,0x0d,0x87,0x1d,0x30,0x89,0xaf,0xb8,0x73,0x46,0x48,0x20,0x1b,0x10,0xac,0xc9,0x53,0xe8,0xb6,0x1f,0x2c,0xce,0x2d,0xba,0xe0,0xfb,0x9b,0x86,0x8a,0xc9,0x57,0x43,0x2b,0x72,0x22,0xdb,0xf7,0xe4,0xcf,0x0b,0xc7,0x53,0x09,0xbe,0xa3,0x60,0xb2,0x63,0xab,0xbd,0xe1,0x88,0x53,0x2d,0xda,0x25,0x04,},"\x05\x0e\x68\x77\xf6\x5e\xc7\x26\xee\xc7\x01\x86\x3f\xab\x14\x0b\x99\x4a\xa1\xe9\x2a\x48\x7d\xb1\xa1\x87\x01\x31\x20\x57\xdb\x44\xbf\xde\x70\x91\x1e\xc2\x6e\xaa\x28\x63\x2d\x03\x79\x4d\x54\x5d\xfc\xb2\xae\xd4\x34\x0c\xab\x7d\x09\x25\x95\xcd\x59\xed\x23\x99\x40\x43\xf5\x0b\xa6\x96\xe9\x80\x2b\xd6\x49\x90\x12\x13\x97\x28\x64\x57\xae\x69\xd7\x6c\xb8\xe3\x4d\x7c\x1a\xb2\x45\xcb\x07\xb1\xb4\x08\xf2\xbb\xbf\xdf\x33\xa1\xbd\xd5\x59\x63\x67\x02\xc9\x18\xf9\x82\xc2\xac\x02\x21\xf7\xf9\x4d\xb9\x1e\xde\xfc\xe2\x81\x18\x25\x9f\x89\xd9\x94\xda\xd5\xbb\x01\x3c\x67\x8c\x1c\x33\x8b\x65\x39\x6b\x15\xe8\x89\x9c\x16\x99\x21\xf2\x78\x85\x9c\xe0\xc8\x56\xd8\x89\xb8\xc6\x34\x18\xeb\xc5\x73\xd2\xd6\x25\xd5\xb5\x93\x88\x39\xf2\xb1\x69\xb6\x91\x6d\x8e\x40\xdd\xe7\x0d\x3b\x72\x88\x7a\xd2\x47\x8e\xf6\xfb\x12\x84\xfa\x0e\x4f\xc5\x24\xe3\xc6\xfa\x1d\xd2\x2b\xa6\xb8\x1d\xef\x82\x79\xf3\x82\xbc\xb4\x50\x48\x85\x1b\x17\xcd\x65\x9d\x59\x40\x9f\x57\x1f\xa8\xa9\x20\xa2\x09\x34\xd9\xdb\xe1\x02\x2d\x63\x58\x40\x96\x54\x00\x24\x0f\x87\x0a\xce\xff\xd5\xdb\x7c\x7d\xf0\x8a\xf8\x9e\x47\xe1\xb9\xe2\x0b\xb9\x9f\x96\xab\x07\x3e\xdf\x53\x69\x4c\x74\x82\x89\x0e\x36\x31\x34\x02\x17\xe6\x87\xab\x27\xc9\x84\xb6\x08\x25\x16\x94\x57\xd4\x35\xa5\x40\x9a\xd8\xe4\x2d\xa0\xaa\x63\xe2\x0c\x2b\xc6\x7b\xd8\xb9\xa2\x67\xf3\x96\x73\xa7\x7f\x7f\x31\x36\xdc\x5c\xb2\xd2\x49\x48\xdb\xe7\xbc\xd7\x12\x93\x18\xc6\x8c\x6f\xe9\x5d\xd4\xdd\x4f\xe9\x42\x28\x68\x31\xea\x53\x35\x2f\xbb\x25\x2a\x12\x88\xbc\xd8\x38\x92\x13\x56\x78\x5d\x07\x21\x34\xcb\x82\x0f\x62\x79\xcc\x71\x46\x1f\x43\x1b\xe9\xd3\x01\x47\x24\x32\x1c\x92\xfd\xc5\x76\x32\x01\x37\x70\x5c\xff\xb2\xc2\x36\x64\xb7\x05\xe9\xbe\x60\xae\x1a\x19\x0f\x3e\x34\x84\xf7\x00\x58\xe7\x02\x40\x7b\x05\x6d\x7f\xe5\xd3\x1c\xee\x9c\x2a\x6a\xc6\xea\xda\x35\x16\xab\xc5\x51\x72\x56\xdf\x12\x43\x78\x0a\x03\xbb\x00\xba\x00\xce\x24\x80\x76\xee\xca\x6f\xee\x91\xd5\xef\x9e\xb9\x07\xb8\x01\xaf\x09\x7f\x3e\x9e\xb2\x56\xbd\xcd\xe8\x1e\xfe\x4b\xaf\x81\x89\xb0\x39\x9e\x36\xf1\xea\xa3\xab\x62\x66\x17\xcf\x3b\x47\xdd\x89\xca\xf6\x9c\x64\xc5\xb8\xf6\x8b\xd9\x17\xfe\x03\xe4\x66\x85\x38\x46\x0a\x1b\xe8\x8d\x9a\x84\x6c\xef\x39\x93\x46\x27\xd4\x74\x73\x4f"},
+{{0x25,0x43,0xd1,0x66,0xc9,0xf5,0xf7,0x42,0x7f,0xf3,0x03,0x4f,0xfa,0x81,0x03,0xcb,0x11,0x7b,0xf4,0x72,0x33,0x1a,0x73,0xd9,0xa2,0xf1,0xbc,0x0a,0x02,0xa6,0xff,0x1b,},{0x42,0x67,0x8c,0xf3,0x85,0x70,0x21,0xaa,0x55,0x67,0x70,0x6d,0xb0,0x31,0xe7,0x92,0x71,0x5c,0xca,0xf8,0xab,0xb0,0x2a,0x04,0x2b,0xad,0x17,0xdb,0x3d,0x5f,0xa1,0x03,},{0x20,0xea,0x93,0x68,0xa2,0xcc,0xd0,0x8b,0xf9,0xcb,0xf4,0x8d,0x4a,0x2f,0x7d,0x03,0xf0,0xdb,0x08,0xa5,0x4b,0x87,0x67,0x9c,0xda,0x03,0xe2,0x96,0xaf,0x9e,0xf3,0x78,0xbe,0x9b,0x8f,0x04,0xb4,0x06,0x5b,0x00,0x9d,0xa6,0xdb,0x01,0x6f,0x3d,0xf9,0xdb,0x64,0x82,0x58,0x73,0xe2,0xfb,0x4d,0xe3,0x04,0x49,0x91,0x5c,0xd7,0x3c,0x46,0x09,},"\x74\x6d\x7a\xbf\x0b\xfb\x26\x62\xc2\x5a\xb5\xc5\xe4\x61\x2c\x30\x6f\x16\xd1\x3e\x44\xd0\xdb\x39\x4a\x00\x15\x67\x6c\xe6\x09\x78\x4f\x03\x23\xda\x1d\xfa\x94\xd2\xb2\xf1\xf6\xe0\x24\x44\xa9\x36\xd0\x19\xb1\x43\x02\x1f\x73\xc7\x9d\xf9\x30\x9e\x7b\xdf\xf3\x9d\xae\xec\x4c\xac\xa0\x0c\xba\x4e\xf3\x1c\x83\x10\xc1\xa0\x8e\xf4\xb3\x6f\x81\xc3\x77\x84\x6b\x5b\x90\xac\xd4\x11\xaa\x67\x1e\xd7\xaf\x27\x8a\x24\x22\x9b\x78\x93\xc1\xb4\x15\xd7\x98\x88\xd7\x63\x7f\x5c\xb5\xc9\xc6\xc6\x31\xae\x5f\xfa\x29\xf1\x34\x0e\x44\x40\x96\xab\x53\x36\x17\xfd\xcb\x80\xff\x81\xda\x0a\x7c\x6c\x14\x2e\xe0\xfe\x5e\xa8\x2f\x68\xcc\x3e\xa3\x8b\x56\xf2\x72\xb0\xd8\x0f\xd5\xf4\xf5\x5c\xa9\x34\x8c\x16\x18\x81\x43\x58\x13\xc3\xfa\x9f\xff\x66\xa2\xee\x6d\x5b\xd3\xed\xba\x0d\x2f\x9a\xa7\x4b\x1c\x44\xbf\xd0\xe6\x46\x78\xd3\x71\x51\x24\x96\x3a\xc5\x75\xff\xb0\x9e\xe1\x64\x37\xda\x48\x4b\x3b\xa5\x8e\x5a\xeb\x8e\xd8\xc5\xc0\xf4\x7b\x59\x90\x8f\xe5\x80\xf3\x7e\xc1\xde\x26\x6b\x29\x5d\x6b\xe8\x5e\x62\x35\x8e\x9b\xbd\xc7\x89\x64\xfb\x83\x7e\xea\x29\xfd\xb7\xde\x86\xcc\x56\xf4\x8b\xd9\xa3\xe6\xe2\xbe\x51\xd8\xa1\xdc\xff\x3c\xa4\xd5\x6e\xa9\x34\xc6\x82\x77\x2b\xca\xfb\x51\x49\x7b\xe5\xd0\xf2\xa2\x3d\xd4\x97\x0c\x02\xc4\x4c\x09\xad\x89\x7b\x42\x41\xac\xd7\xd6\xab\x12\xd8\xf0\x0c\x9a\xad\xc3\x34\xb4\x31\xfe\xc5\xbb\x69\xa2\x85\xb7\x55\x0a\x63\x9e\xce\x96\x95\x26\x82\xb7\x33\x4b\x68\xc6\x51\x52\xe8\x93\xb1\xc8\x10\x0c\x69\x4d\x8c\x5c\xfe\x26\xac\x03\xc1\xf3\x91\x4e\x65\xc8\x4f\x0e\x77\x72\x90\xc7\x6f\x6a\xcc\xe3\x40\xbf\xf6\x6d\xa7\x22\x0f\x73\x17\x5e\x94\xaf\x52\xf9\xf1\x9e\x61\xf8\x0d\xc1\xf3\x57\x16\xb3\xf4\x8d\xfa\x50\x25\xc9\xeb\xef\x73\x82\xe0\x55\x83\x0f\x5b\xbf\x15\xc6\xf6\xa9\x50\x32\x90\x9c\x89\x2c\x0f\x89\xc8\xc1\x5f\xc3\xea\x40\xa2\x0e\xe1\xa4\x52\x9b\x52\x19\x51\xdf\x44\xd9\xd7\x9d\x74\xe0\xc4\xc2\xe0\xfe\xd8\x49\xb8\x78\x52\x06\xdb\xe6\x2b\xfa\x2c\xa2\x10\x87\xa9\x12\xe9\xb1\x84\x55\x16\x59\xcd\x8a\x58\x7e\x95\xb0\x43\x17\x19\x25\x96\xbb\x0b\x7f\xc9\xf7\xbb\xb6\xee\x04\x9c\x8b\x02\xfd\xd7\x58\xb4\xe7\x98\x82\x07\x3b\x71\xea\xab\x18\xaa\x29\x37\x01\xc1\x7d\x55\xf9\xec\x46\xc5\x2d\xe1\xe8\x86\xb6\x75\x0f\xb0\xfb\xcd\x64\xf4\x56\x8a\x21\x0a\xe4\x51\xe9"},
+{{0x85,0xe0,0xa8,0x0f,0x3b,0x30,0xc2,0x01,0x99,0xd9,0xc1,0xec,0x66,0x2e,0x39,0x2f,0xdf,0x15,0x46,0x37,0x73,0x43,0xf1,0x24,0x71,0xdb,0x2a,0x03,0x10,0xa7,0x05,0xbd,},{0x54,0x0a,0x3a,0x1d,0x83,0x67,0x2e,0x49,0x50,0x34,0xcf,0xf4,0x08,0xe1,0xfb,0xe8,0x2e,0x53,0x8f,0x09,0x17,0xe8,0xa1,0xc7,0xd1,0x7a,0xab,0x58,0xe0,0x43,0xd3,0xc6,},{0x18,0x5e,0xf2,0x24,0x6a,0xba,0x2b,0x1a,0x56,0x80,0x32,0xc7,0xdf,0x93,0xc6,0x67,0x79,0x9b,0x8a,0x52,0x1a,0x6f,0x97,0x32,0x1e,0xad,0x58,0x66,0xb4,0xcb,0x9c,0x65,0xb6,0x4a,0x1c,0x40,0xb9,0xb6,0xa9,0x10,0xe7,0x42,0xdc,0x32,0xa7,0xe6,0x6d,0x11,0xea,0x45,0xdb,0xea,0xac,0xae,0x9f,0x09,0x51,0x1b,0x81,0x01,0xf8,0xaf,0x0c,0x0c,},"\xd2\x80\x2f\x15\x96\xf8\x38\x3b\x64\xed\xbd\xc5\x94\x06\x0b\xff\x0e\x70\x13\xd5\xb7\xc8\x5d\x83\x0f\xae\x11\xae\xb3\x4d\xd5\x94\x95\x9d\xa6\x24\xe0\x44\x47\x4c\x54\x09\xc0\x05\x96\x73\xbd\xc6\x1a\x67\x1e\xf5\xb0\xb8\xa2\x6f\x30\x10\x0b\x3b\x73\x96\x8d\x8e\x4d\x83\xa7\x2f\x25\xb5\x13\x44\x8d\x2f\x6b\x6a\x44\x75\xfd\xf8\x9e\x31\xca\x92\x68\xa3\x07\x05\xaf\x3f\x64\x9e\x3f\xe0\x1d\xde\x0c\xf4\xb2\x9e\xc2\xda\x54\x36\x44\x4a\xf0\x91\xd6\x27\x30\xac\xd4\xca\xb6\x08\xf0\xdf\x26\xf0\x88\xc6\xb9\xb9\x67\x37\x94\xf0\x74\x7d\xab\x2c\xe1\x90\xf9\x05\x92\x00\x9f\xdc\xe5\x46\x4b\x36\x61\xb7\xe8\x62\x0b\xad\x65\x50\x9a\x6c\x75\x2b\x72\x7a\x8d\xc8\xd3\xef\xa5\x84\xfd\xe0\x27\x2c\x45\x1d\x65\xa9\x3b\xec\xe4\xf5\x9d\x87\xdc\x6f\xbe\xb4\x51\x40\x1e\x3e\x2e\x00\x3c\x6a\xca\x7b\x3d\x3f\x92\x71\x91\x50\xc6\x77\x8f\x01\x5a\xff\x2a\x59\xbf\xbf\x2e\x91\xb2\x1b\x0a\xd6\x87\x75\x36\xeb\x54\x56\x70\x59\xf5\x87\xf5\x4d\x4e\x2a\x6f\xe1\xfd\xcd\xd6\xa7\xfd\xcb\x85\x15\x57\x5b\xcc\x37\x05\xd7\x78\x59\x35\x2f\xa0\xb0\x44\x16\x6e\x3c\x31\x88\x46\xa5\xdf\x33\x56\x30\x03\xcb\x20\xbc\x94\x2d\x30\x39\x10\x93\xe8\xd5\x83\xe8\xe6\x4d\xec\x57\x0e\xe1\xc4\x13\x87\x62\xf6\x48\x38\x98\xd3\x2e\x20\x32\xbd\xe9\xbb\xe0\x7e\xc2\xc3\xeb\x47\xd9\x68\x76\xf0\xfc\x0f\x02\x4d\x75\x3c\xeb\x34\xff\x84\x80\xb4\xcf\x57\x62\x30\xbb\x82\x63\xdd\x80\xee\xac\x66\x2e\xba\x31\xd8\xa6\x1f\x30\x9e\x17\x5f\x4c\x01\x43\xe2\x8a\x85\x2b\x1c\x30\x61\xce\x78\xef\xbd\x16\xa2\x87\x3d\xd2\x81\x98\xa4\x6e\xc0\xa8\x00\xb3\x0d\xc8\xa9\x3b\x8d\xbb\x81\xa7\x30\xde\x45\x0b\x86\x4d\xea\x76\x80\xe5\x09\xd8\x00\xe8\x23\x29\xc2\x61\xb0\x7e\x72\xaa\x80\xee\x16\xec\x37\x5d\xdb\xbb\x6f\xe3\xd8\xd4\x7b\x0e\x3c\x5a\x9f\x23\xc4\xd2\x0b\x72\x4c\x1d\xf5\x98\x35\xd8\x30\xdd\x22\xd1\x04\x03\xd8\xf1\x5c\x10\x2c\x4b\x37\x69\xc4\x16\x66\xc3\xab\x8c\x7e\x80\xb9\x40\xd0\xbb\xb5\x86\x52\xd1\x0a\x3f\xfe\x8d\x44\xdf\x10\x12\xa3\xdd\xc4\xe1\xc5\x18\xd4\x90\x19\xf7\xc5\xd3\xd9\xf9\x5e\xd9\x3a\x31\x97\x46\xd1\xe5\x43\xff\xa6\x9e\xdb\x49\xbb\x34\x39\xf8\xa3\x25\xac\x6a\x0c\xb4\xed\xd6\x5b\xa6\x00\x80\xa0\x44\x7c\x67\x4f\xaa\x72\xd8\xae\xbd\xb5\xd2\x54\x4f\x2f\x2d\x84\x7c\x72\xc2\xdf\xa6\x05\x7a\x69\x0a\xdc\x5c\x44\x1a"},
+{{0x82,0xa2,0xc6,0x49,0x3f,0x11,0xba,0x80,0xe4,0xb8,0xb3,0xb4,0x38,0x41,0xbe,0x97,0x0e,0x2a,0x10,0xa9,0x4d,0x22,0x49,0xd8,0xac,0x6f,0x54,0x14,0xcf,0x5a,0x3c,0xb5,},{0x4c,0x2e,0xe0,0x1c,0xde,0xa0,0x7d,0xb3,0x63,0x5f,0x5d,0x4c,0x10,0x82,0xb9,0x2f,0x29,0x8d,0xeb,0x17,0xd0,0xf9,0x05,0xdf,0x71,0xb6,0x6f,0xb2,0x27,0x4e,0xae,0x99,},{0x68,0xa9,0x1d,0x4f,0x8d,0x24,0x1c,0x1d,0xef,0xbd,0x5c,0xa9,0xe9,0xe1,0xed,0x82,0x74,0x41,0x95,0x06,0x75,0x1c,0x96,0x79,0x47,0xb1,0x0d,0x50,0x11,0x8b,0xbf,0xab,0xc7,0x65,0xff,0xd7,0xb3,0x1a,0x01,0x67,0xc4,0xfd,0x8b,0x11,0x75,0x33,0x24,0x12,0xdf,0x19,0xd8,0xaa,0x1a,0x90,0x95,0x90,0x86,0x13,0x20,0x92,0x3d,0xbc,0xb2,0x04,},"\x09\x85\x4d\x13\x68\x49\x50\x41\x9e\x0b\xb1\x64\x64\xe0\x99\x88\x90\x5c\x02\x17\x18\x3a\xa1\xe4\x8a\xdb\x14\x7b\xfc\xc2\xeb\x57\xc2\x30\x0b\x0d\xfc\x39\xd4\x89\x66\x55\xa5\x7a\xe2\x04\x15\x40\x8b\xb5\xf2\xc2\x38\x01\x39\x55\xf0\xa4\xfc\x78\x2e\x0c\x99\x3f\xe4\x2c\xb0\x8c\xd8\xcf\x41\x5c\xcb\xd6\xcf\x1c\xee\x2e\x80\x97\xf0\x4e\x8f\x09\xae\x5d\xa5\xf4\x15\xb1\x6c\x2c\xb3\x0c\xb2\xab\x66\x52\xba\x50\xeb\xbc\xae\x4a\x59\xe3\x1f\xe1\x1e\x7e\xf3\x69\x9c\xa9\x0a\xaf\xa5\x86\xbb\x24\x2c\x89\xcd\x2e\x33\x2b\x2b\xfa\x2f\x81\x42\xac\xca\xf4\x36\xf8\x9b\x64\x53\xbb\x48\x05\xa1\xe7\xf3\xab\x62\x70\xf0\xda\xf8\x93\x89\xe7\x17\xd1\xb7\x01\x75\xec\x57\x07\xc8\xf5\x12\xc4\x0a\xb9\x24\xc4\x57\xe9\xf0\x91\x47\x91\x75\x0d\xc2\x92\xbb\x27\xd6\xf6\x3b\xa8\xcc\xf5\x4b\x90\xd3\xeb\xa7\xf1\x9e\xb3\x00\xd9\xeb\x8f\x3b\x72\x03\x2b\xa9\x30\x37\xf5\x52\xb4\x09\xb5\x80\xa5\xf6\x51\x16\xfa\xff\xe0\xfd\xfd\xc6\xdb\x38\x81\x38\x6c\x3c\xbc\x16\xb6\x7e\xb2\x57\x63\xd7\xae\x3a\xac\x0b\x85\xaa\x1e\x9a\xa2\x2e\x49\x59\x60\x9d\x43\x81\xe4\xb6\xd7\x15\x9f\xf3\xe3\xb2\xd3\x7b\x64\x0f\x88\xcf\xbe\x4f\x8a\x77\xf8\x01\x64\x57\x22\x8b\xa6\xd3\xaf\x5c\x4e\x33\x12\x5d\x48\xbc\xfc\xf3\x67\x8c\x16\x3b\x69\x8e\x52\xe8\x56\x17\xab\x1a\x75\xff\x20\xc6\x90\xab\x07\x15\x5e\xe7\x57\x59\x85\x78\x07\x2d\x4a\x09\xdf\xc6\xc6\xc0\x94\xec\x04\x85\x67\xd5\x13\xce\x2b\x18\x34\xe1\x63\xdf\x15\x45\x31\x9d\x80\x61\xe0\xe5\x7f\x58\xef\x04\x1b\x7b\xff\xc4\x96\x6a\xc1\x66\x03\x31\xb9\x7a\xbb\xc9\x7b\xe2\x1a\xe2\xbc\x58\xc6\xc3\x27\x4a\x8a\xda\xd5\xfd\x2c\x3b\xc1\x6b\x92\xe1\xf8\xde\x87\x7b\x6a\x26\xf0\xc6\xab\x71\x62\xe8\xaa\xb9\x3a\xf8\xd8\x59\x18\xc1\x3d\x3e\x23\x5a\x27\x37\x48\xc6\x2f\x0d\x22\xcb\x1c\x93\xe1\x34\xa4\x95\xb1\xb5\xef\x8f\x1a\x11\x34\x51\x2d\x53\xb7\xa2\x11\x26\x31\x77\xf7\xa6\x0b\xdf\x47\x46\x91\xf2\x24\xa3\xb5\xba\xc4\x00\x6d\xb3\x45\xca\x67\x25\xf5\xee\x70\x3e\xca\x0d\xea\x10\xd7\x12\x67\x6f\x63\xef\x3e\x53\x7e\x63\xab\xd2\x60\x8c\xb4\xfb\xe2\x00\xe1\x5f\x18\x20\x91\x53\x49\x60\x72\x90\x80\x44\xc9\x5a\x4e\x9c\x53\x56\xaa\xe8\xed\x5f\x09\x59\xea\xc0\x91\xe2\x27\xa0\xb8\x1f\x58\x03\x27\x6b\x3b\x3b\xf4\xb6\x86\x5a\x55\xfc\x67\x82\xf6\x2e\xa6\xd6\x39\x90\xf9\xbe\xfe\x01"},
+{{0xe5,0x5b,0x34,0x3a,0x0f,0xa1,0xfb,0x74,0x71,0x89,0xcb,0x00,0xdb,0xc3,0xa6,0xaa,0x2d,0xcf,0x5b,0x86,0xe5,0x7d,0x76,0x93,0xf3,0x07,0x42,0x03,0x89,0x76,0x11,0x53,},{0x23,0xa1,0x44,0x60,0xea,0x98,0x3c,0xf9,0x97,0xc7,0x82,0xeb,0x45,0x82,0xab,0x3c,0x8a,0xa6,0xdd,0xe5,0x33,0x25,0xb9,0x77,0xb7,0x8e,0x33,0xd2,0xdc,0x5f,0x27,0xaa,},{0x07,0x26,0x6c,0x18,0x65,0x0e,0xcf,0x06,0x32,0xe2,0x25,0x62,0x4e,0xc4,0xc9,0x7f,0xc3,0x87,0xdc,0x37,0x46,0x87,0xa6,0x19,0x56,0xdc,0xcc,0xe7,0x28,0x94,0xee,0x13,0x8a,0xab,0xc8,0x0c,0xfc,0x90,0xc9,0xee,0xa6,0xdd,0x4c,0x59,0xaf,0x45,0x02,0xee,0x29,0x63,0x5a,0x92,0x88,0x07,0x86,0x67,0x8b,0x14,0xa3,0x93,0x1a,0x69,0xf9,0x07,},"\x36\x28\x9b\x5e\xaf\xf2\xa8\x5a\x7c\x6d\x57\x5b\xd1\x5e\xa5\x94\xb2\xfd\x85\x10\x87\x4a\x46\x9b\x52\x10\x91\x63\x69\x6d\x85\xb6\x8c\x5b\x21\x1d\x29\x64\xef\xdc\x66\xe6\x25\xab\xe8\xaa\xfe\x4c\xd9\x22\x0c\xdb\x34\x11\x07\xff\xa8\x27\x6e\xd4\xb3\x70\xfe\x37\x6c\x14\x82\x68\x71\x67\xdb\xc8\xf7\xb2\x05\xa3\xf3\x30\x1a\x16\x64\xd9\x07\x28\x77\xd9\xf9\x8b\x8f\x69\x83\x13\x01\xdf\x99\x94\x71\x7f\xc8\x89\x69\x24\x23\x91\xd9\xb0\x51\x7d\x6e\xfb\x27\x17\x01\xea\xb3\xf4\xa9\xb1\x20\x42\x13\xe8\xcd\x13\xf9\xd0\x99\x04\x8b\x82\x07\x56\x2f\x2e\x4e\xbc\x65\x3c\xc6\x5e\x9d\x55\x12\xd6\x5b\x41\x02\x2c\x79\xb4\xeb\x37\x29\x87\x69\xae\xaa\x6e\xfe\xd6\x9e\x9a\x8c\xb4\x45\xc7\x01\x22\x74\xde\x62\xf5\x09\xf4\xe4\x81\x4a\xdc\xbf\x44\x53\xb4\xfa\xb8\x5d\x7c\x8f\xd8\x45\xe0\x08\x30\xef\x5b\x7b\x1e\x63\xc6\x76\x13\x98\x4c\xae\xfe\x91\x5a\x54\x8e\x18\xe5\x05\x62\x2c\xb2\xb3\x92\x99\xf4\x27\xf4\xd8\x39\x83\xba\x2a\xa0\x0d\x53\xbe\xe1\xf5\x9a\xec\x83\x18\xc5\xea\x34\x5d\x29\x42\x52\x36\x97\x92\x76\x2a\xdd\x3e\x56\xfc\xfa\x6e\x77\x97\xf0\x28\xc7\x99\x47\x90\x45\xed\xb2\xe2\x05\xeb\x6d\xd6\xca\x04\xee\xe5\x6f\x94\x96\xd2\xbf\x26\x09\x93\x57\xc9\x73\x83\x5b\x99\x36\x02\x49\x11\xe4\x65\x5d\x3e\x22\xc8\x11\xc8\xd4\xdb\xd1\xb0\x4f\x78\x97\x3f\x07\x75\x23\xa3\x89\xb6\xf2\x8f\x6f\x54\x21\x61\x42\xcb\x93\xe3\x3d\x72\xb4\xa5\x05\x2d\x27\xe4\x91\x1e\x41\xe6\xce\xc7\xbe\xbe\x1b\x0a\x51\x13\xe6\xb7\x0b\x47\x9d\x2a\xbe\xed\xf6\x9b\x75\x64\xe5\xa5\x73\xb3\x52\xd1\x6c\xec\x89\x07\x01\xbb\x38\x3d\x3f\x66\x56\xed\xa0\x89\x2f\x8c\xcc\x70\x94\x0f\x62\xdb\xe5\x28\xa6\x5e\x31\xac\x53\x88\x26\xc1\x38\xac\x66\x52\x4e\x33\x16\x37\xba\x2d\x37\x73\x03\x58\xe6\xc7\x32\xcf\xf8\xfe\xe9\x40\xaf\xd2\x2c\x39\xae\x38\x1e\x5d\x88\x26\x73\x9b\x23\xfd\xc1\xb8\x0a\xea\x5a\x62\xa2\xcf\x0f\xf1\x52\x5e\x44\x6c\xf3\x10\x46\x19\x50\x51\xd5\x85\x03\xee\xd1\xbe\xfd\x79\x3e\xea\xe1\xd5\xd1\xb6\x2a\x5c\x98\x45\x15\x7a\x09\x5c\xdc\x08\xa1\xd7\x7b\xa4\x7e\x84\xa5\xa7\x39\x98\x0f\x0f\x5b\xe7\xaa\xec\x9a\x21\x5b\x20\x4b\x4b\xb7\xcb\x1b\x38\x6d\xed\x58\xd7\xaa\xf7\x28\x53\x41\x90\x7c\x63\x33\x6e\xe3\xe6\xef\x07\x7a\xd1\x11\xb9\x74\xe7\x50\x4b\xd9\x89\xf5\x66\xfd\xa1\xb1\xb5\x9a\xba\xa9\x1c\x78\xbb\x40"},
+{{0x39,0x73,0x03,0x8f,0xa2,0xef,0x6a,0x27,0x8d,0x3c,0x1c,0xff,0x9a,0x22,0x56,0x69,0xe4,0x65,0xa6,0x9d,0x07,0x50,0x50,0x3d,0xe7,0x48,0xc0,0x02,0xdb,0xf9,0x27,0x8a,},{0xc7,0x5e,0x77,0xc7,0x81,0x49,0xd9,0xd2,0xdb,0xc2,0x63,0xdd,0xf8,0xac,0x4d,0x65,0x4d,0x1f,0xf4,0x55,0xcb,0x18,0x97,0xe1,0xc3,0xce,0x31,0xb9,0x4c,0xfe,0x32,0x10,},{0xfc,0x0c,0x54,0x53,0x83,0x9e,0xa9,0x92,0x96,0xff,0xfa,0x50,0x1d,0x58,0x36,0x66,0x28,0xdf,0x89,0xf6,0x16,0x76,0x69,0x42,0xd5,0x04,0x0a,0x05,0x60,0x56,0xda,0xb1,0x8b,0x44,0x05,0xc0,0x4a,0xbf,0x90,0x59,0xc3,0x08,0x68,0xd7,0x9c,0x93,0x6c,0xcc,0xc8,0x4c,0x4f,0xbd,0x6f,0xd3,0x0b,0x60,0xf8,0xbc,0xbd,0x7a,0x66,0x40,0x42,0x02,},"\x33\x92\xe0\x2f\x3c\x84\x66\x1e\xaf\x81\xa5\xff\x04\x35\x7f\x21\x2e\x92\x36\x1c\x5c\x22\x07\x39\xd9\x6b\x4d\x3d\x9c\x22\xd1\x8d\xf4\x8b\xe6\xb5\x51\x26\xf5\x81\x60\x1f\xfe\x0d\xa6\x3f\x38\xe1\x9c\xbb\x12\x72\x6c\xa0\xa6\xaa\x32\x55\x67\xa0\x03\xa7\x84\x9d\x06\x78\x39\x92\xeb\x9e\xb9\x28\x53\x29\x7d\x72\x28\xdb\xa9\x80\xb2\x50\xbb\x11\x0f\x63\xd0\xb8\x46\x70\xe5\xec\xb3\x19\xcb\xfd\x61\x27\x8f\x1f\x4c\xab\xf1\xfc\xb3\xf7\x01\xf1\x2f\x6e\xf8\xd3\xcc\x42\x82\xfc\xbe\x58\x9e\xb5\x65\x95\x03\xa2\xdd\xd8\xbb\xa3\x8e\x5e\xff\x09\x2d\xfa\xf5\x39\xfd\x80\x4f\x21\xf7\x3a\x90\xad\xf5\x69\xa0\x0b\xf9\xd2\x5a\x9a\xd3\xa6\x33\x09\xcc\x60\x93\x14\x24\x71\xa4\x78\xf0\xb8\x99\x22\x86\xde\x02\x3c\x68\xef\xd4\x99\x87\xec\x27\x0b\xd9\x46\xf6\xdb\x48\xf6\x84\xf1\xc2\xad\xee\xe2\x6d\x68\xdc\xe9\x5a\x55\xe4\xcb\x27\xbc\x60\x52\x30\x80\xdf\x6b\xa2\xb1\x99\x99\x6b\x1f\x1d\xa6\x92\x0d\x15\x59\xf7\x9b\xfd\xe9\xfa\x1a\x02\xde\xae\x14\x80\xc7\x6f\x94\x7f\x9d\x21\x3f\xc4\x3b\xb2\x88\x0a\x1b\x4d\x03\xbb\x14\xf5\xb0\x44\xa0\xfd\x83\xce\x04\x92\xf4\x9c\xa3\xaf\x25\x21\x1b\x86\xfa\xa5\x73\x5a\xd7\xfe\xaf\x31\xa1\xa7\x49\x1e\x70\x8b\x41\x82\x9d\x68\xe3\x24\x14\xf6\x83\x52\xb7\x1d\x1c\xd2\x3c\x8e\x12\xfb\x02\xda\x71\x14\x84\xf6\xef\x97\x52\x8a\x00\xd2\x4f\xcf\x91\xd4\xe0\x6e\x9b\xad\xae\x9a\x44\xdb\xdb\x3f\x77\x80\x41\x76\x8d\x86\x37\x04\xd7\x36\x81\x04\x00\xe7\xf2\x93\x1e\xfb\x85\xc8\x72\x4a\x59\x34\x26\xaa\x2a\xf1\xec\x5b\x66\x4f\x85\xc2\x25\x48\x96\xfd\xcf\x31\x6d\xb0\x92\x4e\x11\xaa\xe8\xd6\x83\xe9\xa0\x21\x92\x9d\x0a\x9d\x6f\xec\xb4\x59\x4b\x1b\x3f\xbc\x16\xb1\x76\xd2\x9d\x1e\xfb\x18\x19\xa4\xa4\x23\xfb\xe0\xca\x05\x59\xc5\x7e\x9e\x54\x49\xf1\x4b\xce\x91\x36\x0d\xaf\xda\x6a\x42\x7c\xe4\xa0\x99\x3d\xd0\x30\x82\xdd\xee\x06\x65\x33\xf6\xd3\xbd\xa5\x66\x0f\x42\xfd\x77\x57\x69\x0d\x67\x05\x98\xec\x70\x96\xf4\x75\xa0\x1a\x51\x99\x50\x34\x1a\x83\x1f\xc9\xa2\x81\xc0\x94\x7a\x86\x3f\x1f\x6e\x03\xbb\xa7\x74\xde\x77\xad\xc2\x3f\xbe\x52\x5c\xae\x6c\xcc\xe4\x7a\x0e\xc4\x97\x9e\x8b\xec\x86\xf3\x32\xfc\x6a\x57\x36\xe3\xb9\x8f\xb3\x32\xe9\xe8\x24\x4e\x68\xa1\x00\x45\x5e\x64\x99\xba\x8d\xba\xe9\x8b\x92\xba\x3d\x9c\x6b\x4f\xf9\x80\x34\x3e\x4c\x8e\xf4\xd5\xa4\xaa\xcf\x8b\x1a"},
+{{0xc7,0x1c,0xc1,0x0a,0xd2,0xd4,0x43,0xe0,0x25,0xad,0x06,0x25,0x68,0x6b,0x12,0x35,0x03,0xe5,0x90,0x19,0x3a,0x2b,0xc8,0xcc,0x57,0xa7,0xb9,0xb4,0x15,0x8d,0xe6,0xcb,},{0xfc,0x06,0xac,0xaa,0xb5,0x3a,0xd0,0x8e,0x97,0x62,0xdd,0x11,0xcd,0x21,0x22,0xb3,0x15,0x99,0xbd,0x25,0x98,0xce,0x6f,0x24,0x87,0x95,0xe7,0x32,0x21,0x9c,0x2f,0xc7,},{0x2e,0xb3,0x3b,0xc2,0xd5,0xde,0xb7,0xf3,0xa2,0xdc,0xc3,0x77,0xb0,0xc6,0xa8,0x62,0x13,0x4b,0xf3,0x19,0x1e,0xc4,0x0f,0xc1,0x28,0xac,0x28,0xab,0xf2,0x31,0x6e,0xf1,0x40,0x16,0x49,0xb8,0xf4,0xcf,0xa1,0xa9,0x36,0xde,0x79,0xb5,0x32,0xdc,0x04,0x3b,0x6d,0x36,0x02,0x4b,0x4c,0x37,0xbb,0xa2,0x92,0x90,0xac,0x9f,0x44,0x9b,0xa6,0x0d,},"\x2e\x08\x46\x53\x6d\xc6\xcc\xe1\x9c\xcf\x82\xdc\x2d\x0c\xd2\x1b\xd4\xe1\xca\x7b\xc3\x17\x06\x7a\xf8\xd9\x0e\xe4\x81\x8c\x85\x18\xbc\x3e\xf9\x60\xce\x11\x2a\x41\xd2\xb9\x97\x9a\x28\x2a\xe1\x3d\x70\x6a\x00\x5e\x00\x34\xf0\x6b\x39\xff\x4b\x0a\x5a\xfa\xed\x70\xb5\x61\xbc\xce\xb1\xbb\xd2\xec\x19\xf9\x74\x48\xea\xed\x4b\xe6\x20\xe3\x6a\x96\x2d\x87\x8c\x6f\x80\x17\x2b\x9f\xad\x43\xee\xd0\x7f\xf9\x3d\xb9\xb9\xca\x22\x62\xd5\xa3\xc2\x29\xc5\x4e\x30\xa4\x5e\x73\x66\x08\x92\xf0\x48\xe3\x63\xf3\x71\x44\xed\x19\x21\xf7\x29\x92\xb4\xd0\x15\x29\x87\x0c\xfe\x37\x3b\x7e\x7c\xbe\xda\xf9\x69\x26\x9f\xb7\x0a\xa7\x83\xd1\xe7\x44\x17\xc7\xba\xe0\xfe\x03\xd9\x51\xfd\xb8\xc7\x1c\x62\xe9\xbe\x7f\xdd\x5d\x23\x3e\x39\xf4\x6f\xed\x05\x7e\x49\xb6\xf3\x40\x68\x45\x91\x48\xda\x3d\x42\x41\x61\xad\x2c\x86\x95\x08\x60\x2e\x9c\x0b\xb3\x0b\xfb\x88\xac\xd5\xf4\xdf\xdf\xfd\x47\x35\x03\xcd\xfe\xda\xbc\x44\x42\xb7\x43\xbe\x07\x5e\x7c\x6f\x61\x0e\x64\xff\xc2\xe5\x31\x87\x74\x5c\xd7\x19\x65\x8f\xc6\xe6\x2a\x5b\xe5\x18\x43\x7c\x5b\xd6\xa4\xfe\xba\x94\xae\x3f\x44\xf2\xf2\x93\x08\xe8\x31\xfe\xef\xed\x67\x69\x09\xce\x5e\x80\xc8\x4c\xbd\xca\xc4\x7e\x47\xd2\x7c\x97\x12\xa0\x1f\x6b\xc5\xda\xed\xc0\x2e\x64\x14\x40\x7e\x91\x1c\x0a\x5a\x53\xe5\x32\x8a\x5a\x5f\xd9\xf0\x40\xaa\x7f\xb7\x0b\x79\xb3\x1c\xd1\xb6\xfd\x9b\xd5\x02\x90\x40\xbd\x22\xae\x22\x2f\xd2\xf6\x87\x0d\x07\xf4\x35\x32\x26\x39\xcf\x31\x93\xca\x57\x09\xb8\x82\xb0\x7a\x58\xf9\x52\xa9\x96\x3e\x56\x8f\x8c\x5a\x58\x4a\x6b\x9e\x27\x5c\x5c\x07\x95\x7a\x4d\x2c\xda\xa9\xf1\xeb\x44\x4e\xd1\x22\x4b\xac\x65\x63\xb2\xf9\x27\x3e\x80\x30\x1d\x44\xd5\x0a\xe3\x83\xb5\x97\x21\x3b\x00\xda\x5b\xf2\x7e\x5d\x1f\xe2\x40\xcc\x3b\xb6\x5a\xa5\x03\x0d\x65\x1b\x6b\x5b\x31\x76\x1d\x53\xce\x0c\x6d\x74\xa1\x5d\xad\x54\x79\xf3\x1c\x91\x5c\xcf\x44\x66\x59\x85\x3b\x89\xa5\x1a\x28\xee\x89\x76\x85\x35\x53\xfd\x2e\x02\xfe\x72\x43\x53\x8d\x00\xb4\xed\x07\xd8\xb8\xa8\x0b\x5c\x16\x5c\xd4\x63\x41\xff\xd8\x16\x3c\x55\x57\x02\x66\x3a\x4e\x6a\xb2\x95\x2b\x7e\x74\x43\xd0\xf6\xb1\x23\xb6\x94\x67\x21\xaa\x63\xe8\x7b\x11\x55\xec\xa8\xa6\xa1\xbc\x9f\xd2\x5c\x67\x62\xe5\x27\x42\xc8\x6b\xca\x1b\xa9\xd8\x37\x04\x15\x24\x4f\x0e\xdf\xdb\xe0\x93\x2b\x5c\xa0\x61\x15\x09\xc9"},
+{{0x0a,0x4f,0x5e,0x16,0x70,0xf1,0xe2,0x4b,0xfa,0x37,0xb7,0x3c,0x99,0x43,0x30,0xb3,0x6e,0x7d,0xaa,0xf9,0x30,0x16,0x1b,0x78,0xa4,0xa8,0x48,0x66,0xff,0x25,0xe3,0xd5,},{0x9d,0xcb,0xba,0x90,0x39,0x81,0x59,0x4c,0x7b,0x67,0x7e,0xa8,0x00,0x20,0x01,0xd6,0x64,0xcf,0xf7,0xce,0x8e,0x5c,0xfa,0xe5,0x88,0x40,0xcf,0x74,0xaf,0xf0,0xd3,0xa9,},{0xdc,0xf3,0x53,0xb2,0xb9,0x9a,0x4e,0xf4,0x5f,0x3f,0xdf,0x65,0x28,0x63,0x2e,0x8a,0xbd,0xc4,0x33,0x34,0x24,0x76,0xa8,0xc2,0xb3,0x79,0x00,0x40,0x4a,0x4e,0x33,0x3d,0x38,0x78,0x14,0x23,0x57,0x57,0xef,0x7a,0xd0,0x38,0x58,0xa0,0xf3,0x5d,0x46,0x15,0xe8,0xab,0xa4,0x84,0xfd,0x64,0xf1,0x11,0x2e,0xc1,0xb1,0xae,0xd2,0xcb,0x64,0x0e,},"\xf4\xb0\x5b\x3e\xfd\xcb\x1d\x5c\x07\xda\x95\x0c\x46\x56\x55\x28\x44\x0b\xb4\x88\x35\xee\x4c\x13\xf4\x3d\x7a\x16\x18\xde\x11\x9e\xbb\xb2\x59\xea\x74\x80\xa5\x04\x81\x74\xfa\xec\xc1\x05\x5b\x32\xdc\x01\xac\x71\x56\x34\x43\x21\xe8\xeb\xa6\x98\xf3\x02\xee\x16\x43\xb5\xf0\x4b\x8e\x7e\xcc\xa6\x3b\x91\x56\x1c\xe3\x51\x4a\xbe\x78\x51\xb6\xfb\x17\xfc\x94\x3b\xdc\x94\xda\x30\x8c\x8e\x47\x69\xfe\xc2\x0f\xad\xf4\xfa\x8e\x7f\x62\xb6\xff\xb5\xf1\x70\xd6\x44\xed\x29\x35\x5e\xbd\x22\xcb\x3a\xa1\x48\x6b\x1e\x36\x7c\x72\x9d\xd3\xf7\x9b\xcd\x40\xff\xd0\x8a\xf2\x8c\xeb\xc8\xd7\x76\xe1\xa4\x83\xe9\x11\xd7\x9b\xc6\x13\xe0\x9c\xc6\x21\xca\xde\xb0\x34\xdd\x6f\x72\x37\x47\x71\x98\x51\x27\xf7\xa3\xa1\xaa\x78\x6a\x52\x3a\xe6\xe3\x4e\xe4\x33\xdc\x30\xc3\x75\x98\x7c\xff\x50\xbd\xcb\xc9\x97\xfc\xd5\x1c\x94\x56\x7a\x67\xae\xfb\x6e\xf5\xed\xf9\xbd\xd6\x59\x64\xd4\x64\xbe\x9e\xbd\xfb\x88\xc0\xe2\x31\xb0\x7f\xf6\x40\x5c\x00\xf8\x25\x31\xe9\x61\xbf\xc5\xea\xd2\x66\xbc\xc0\x87\x18\x87\x8c\xaf\xb1\xd3\x75\x36\xf1\x83\xe4\x8b\xf3\x8d\x3f\x6b\xe9\x00\x25\x2d\x1f\xb4\x19\xe6\xa2\xac\x58\x96\x03\x9f\x63\xc3\x14\x01\xff\xf9\x32\xce\x98\x14\xb0\x85\xab\x20\x41\x69\x72\xa2\xb3\x51\xc8\x15\xa6\x2d\xe5\x09\x67\x46\x28\xb0\xd3\x56\x6f\xc9\xc2\xe0\xa9\x23\x7b\x93\xf9\xbb\xb2\xde\xed\xf0\x2b\xff\x83\xbf\x6d\x86\x8b\x63\x99\x32\x6d\x48\x09\xd0\x41\x9f\x31\xb2\xf3\xa4\x81\x28\x5b\x94\x07\x8b\x47\x06\x1c\xe9\x1d\xad\x58\x3d\xd5\xb1\x3b\xd0\x10\xfb\x30\xf2\x49\x5b\xb7\x04\x20\x18\x3a\x93\x01\x59\xe4\xdb\x19\x3d\xf6\xac\xd1\x24\x42\x3e\x03\x9a\x67\xf1\x56\x88\xae\xc5\x0c\x59\x27\xfb\x27\x18\x22\xaa\xa6\x6f\x29\x4b\xc8\x05\xd3\xbc\x7c\x83\x41\x87\x8a\x54\x10\x09\xf3\x0d\xa9\x9f\xcc\x00\x85\x07\x9c\xe7\xfc\x55\xe0\x01\x16\x85\x56\x2a\xbd\xb3\xa9\x47\x1f\xfd\xe6\x17\x63\x00\xef\x5b\x31\xe0\xdf\x60\x9a\x54\xa1\xee\x66\x24\x07\x0d\xa9\x9c\x87\x76\x89\x1f\xdf\x6a\xa7\x8b\x4d\x55\xb1\xf5\xda\xdf\xc0\x61\xad\xd5\xaf\x00\xfd\x3a\xde\xdb\x44\x8c\x55\x9b\xff\xf2\x04\x06\x80\x43\xa5\xd1\xd6\x21\x47\x48\x62\x8c\x3e\xbc\x5f\x02\x24\x32\x6c\xa1\x8e\xf0\x48\x42\x5d\xa9\x30\x01\x33\xfb\x69\x5d\x4f\x26\x31\x65\xac\x22\xf3\x61\x9d\x40\x5a\xf2\x71\xa7\x1a\x9a\xfb\x19\x8b\xf6\x31\x24\x1d\x34\x59\xb9\x53\x98"},
+{{0xb8,0x55,0xc8,0x18,0x05,0xc7,0x08,0x74,0x10,0xe6,0x9f,0x96,0xb0,0x24,0x02,0x71,0xdc,0x76,0xc1,0xe4,0xad,0xe3,0x8c,0x6a,0x92,0x78,0xe3,0xc9,0x4f,0xbe,0xa2,0x56,},{0x6a,0xdb,0x02,0x5a,0x40,0x26,0x0f,0x56,0x98,0x84,0xb8,0xca,0xb3,0x75,0x2b,0x4f,0x25,0x5c,0x37,0x3e,0x2b,0x42,0x4b,0x62,0x87,0xeb,0xb5,0x10,0xfa,0x06,0xff,0xf0,},{0x3c,0xaa,0x81,0x32,0x73,0xe7,0x53,0x54,0x2f,0xfb,0xfe,0xb2,0x1b,0xc3,0xe2,0xcf,0x8c,0xa7,0xd9,0x20,0xfa,0xac,0x7c,0x49,0xdc,0x2a,0xa9,0x91,0x17,0x68,0xc7,0xad,0x43,0xb3,0x8b,0x02,0x36,0xdb,0x27,0xf3,0xee,0xae,0x0b,0x12,0x06,0x00,0x1e,0x66,0x5a,0x60,0x70,0x78,0xc5,0x22,0xed,0x7a,0x9d,0xc4,0x68,0x85,0x34,0x63,0x59,0x00,},"\x85\xa9\xbd\xb7\x0a\x6c\x75\x28\x97\xe4\x3a\x91\x10\x6e\xe9\xa9\x9c\x2c\xa9\x4f\xf7\xb4\x46\x1a\x44\xa3\x91\x74\xc1\x7e\xcd\x99\xdf\x46\xee\xcd\x81\xc3\xf5\x25\x13\xdc\x9d\x54\x7d\xad\x37\x21\xc6\xd5\xee\x1f\x8f\xac\x0b\xa5\xaf\xb3\x68\x70\x44\x73\x9e\xd5\x35\xb8\x44\x00\x87\x04\xc0\x9f\xe1\xe5\xd7\x85\xd4\xc9\xc3\xd0\xb0\x58\x89\xb9\xc2\x0f\xc3\xfd\x68\xdf\x12\xdb\xeb\x2c\x34\xf6\xf7\xec\x1c\x6f\xb7\xfa\x81\x1f\xf8\x46\xb5\xa6\x1f\xa5\xfe\x55\x37\x9e\xe6\x3a\xbc\xd3\x73\xfe\xd0\x02\x54\xeb\xd0\x6b\xc8\xb2\x2f\x7f\xbf\x2f\x72\x7a\x5f\xad\x88\x51\x41\x59\xe2\x6d\x78\xdf\xdb\x09\x57\xf6\xef\xaf\x51\xa8\xe8\x0b\x58\x5e\x83\x8b\x96\x21\xd0\x51\x07\x4a\x4f\x58\x67\xb4\xae\x2f\x2f\xf6\xd6\x2b\x85\xbc\xce\xc0\xb4\xaa\xa4\x79\x16\x37\x38\x8c\x09\x01\xfd\x49\xdc\xcc\xce\x72\x04\x85\x9f\x81\xee\xfc\x63\x9f\xed\x92\x28\x04\x56\xe6\x9a\x15\x09\xb4\xb1\xbd\x76\x24\x44\x7d\x86\x2c\x45\xa0\xc8\xb0\xc5\xbb\x2c\x4c\xa5\x12\xcb\xc0\x37\xf5\x1b\x78\x09\x82\xb1\x83\xa5\xca\xfa\x15\x29\x75\x85\xc9\x47\xa2\x5b\xe8\xc2\x24\x0e\xbf\xb6\x86\x8e\xce\x5e\xa2\xaa\xb2\xc2\x39\xc8\x37\x54\xc7\xd5\x94\xb3\x72\x5a\xce\xef\x34\x4b\xa7\xe6\xae\xf4\x9f\x7f\x31\x3b\x0a\xe8\x2c\xca\xca\xd3\x87\xa6\xe9\x33\x7f\x05\xf8\xc7\x99\xef\xe7\x82\x9b\x27\xb4\xd5\xb2\x01\xfd\x5a\xe5\x83\x43\x51\x69\x07\x59\xf3\xea\x17\x5f\xd4\x74\x1b\xe2\x28\xd8\x07\xfb\x54\xdf\x4a\x74\x10\x38\xfa\xee\x47\xed\xf1\xf5\x61\x65\x25\x98\x60\x1f\x27\x15\x5f\xc5\x0d\x9d\x50\x11\x43\x37\x11\xc1\x06\xd4\xb6\x07\x85\xa5\xcc\x93\xb3\xfd\xd1\xda\xd7\x0c\x0c\x8e\xaa\x33\xf1\x51\x2e\x35\xa5\x41\x74\x5e\x37\x6c\x15\x16\x7f\xa8\xf6\xb3\xb2\xc4\xc3\xa3\x66\xfc\x41\x49\x7d\x29\x73\x57\x81\x6a\xe7\x95\xa8\x04\xc9\x80\xe7\xcb\xfb\x0c\x74\xd8\x83\x5d\x92\x9a\xe3\xbb\x52\xba\xb1\x29\x64\x56\x6d\x74\x6b\xd2\xc1\xd1\x32\xb6\x23\x3f\xa3\x4f\x75\xe2\x68\xed\xee\x77\x5e\xb3\xce\x13\x2e\x6b\xeb\x2e\x8d\x71\xf0\xc8\x76\x29\x91\xcd\xe4\xe2\x6f\x71\x43\x9d\xfa\x83\x97\x8f\x99\x56\x03\x86\x1b\xc0\xb1\xd9\x06\x0b\xbc\xca\xcc\xf8\x6f\x87\x45\xad\x96\x99\x4d\x5d\x00\x7d\x52\xe8\x3a\xa5\xe6\x94\x12\x96\x4b\xdb\xfb\xe4\x78\x0a\xaa\x8d\xe4\x1b\xe1\x29\x8a\xbb\xe9\x89\x4c\x0d\x57\xe9\x7f\xca\xcc\x2f\x9b\xbd\x63\x15\xd3\xfc\xd0\xea\xf8\x2a"},
+{{0x95,0xb9,0xc8,0xa6,0xef,0x80,0xeb,0xd5,0xcb,0xd4,0x7a,0x04,0xca,0x54,0x38,0x73,0x73,0xdf,0x4d,0x67,0xa2,0xb4,0x75,0x59,0x77,0x65,0xac,0x89,0xfc,0xf9,0x3e,0x93,},{0xf2,0xc9,0x47,0xb1,0x8a,0xdc,0x3e,0xa6,0xa2,0x3f,0x7a,0xbc,0xa3,0x64,0xb9,0x85,0x3a,0xe8,0x5a,0x2b,0x0c,0x8c,0x26,0xf0,0xd3,0x17,0x3c,0x27,0x32,0xc3,0xc7,0xff,},{0x2c,0x8b,0xf5,0x43,0xe2,0xa3,0xe0,0x04,0x15,0xee,0x4f,0x10,0x7b,0x2f,0x5a,0x66,0x87,0x17,0x6f,0x5d,0x52,0x11,0x17,0x75,0x9c,0xeb,0x56,0x17,0x51,0xbc,0xc7,0x7d,0x9b,0x08,0xa6,0xa6,0x31,0xf6,0x44,0x7c,0xd9,0x01,0xde,0x96,0x69,0x9a,0xeb,0xb1,0x68,0xbf,0x97,0x50,0x0d,0xc5,0x4a,0x05,0x43,0xef,0x14,0xe4,0xb5,0xa0,0x81,0x06,},"\x78\x55\xbc\x39\x26\x30\xcc\xf5\x31\xd3\x06\x16\x06\xdd\xfc\x81\xa0\xfd\x92\x94\xc5\x47\x91\xb5\xf9\x55\x9b\x68\x27\x25\x4a\xa1\xf2\x5c\x54\x0b\x7d\x7d\xf3\xec\x9c\xdf\x14\x25\x66\x29\xdb\xcf\x9b\x72\x5f\xeb\x34\x12\xeb\xf3\x5f\x0e\xf9\x37\x9e\x41\x31\xcc\x77\xe0\xf0\xfb\x6f\x74\x59\xa7\x38\x36\x1a\x99\xae\x4c\xcb\x2b\x60\xa9\x9f\xe9\x2b\xd6\xc3\xa5\x3d\x6f\x45\x4e\xe9\x00\x5b\xce\xc5\xae\xdc\xfa\x82\x34\x73\x92\xef\xcf\x11\x75\xe5\x78\x39\x6a\x8d\x80\x0d\xab\xa0\xf4\xc2\xcf\x4d\x49\x13\xb0\x52\x86\x20\xe3\xba\xa0\xf6\xd8\x6e\x06\x28\xe4\x7c\x0c\xa2\x6d\xf3\xb0\xc7\x88\xc4\xe1\x65\x57\xf7\xfc\x28\xdf\x82\x0c\x12\xfb\xb6\xff\xbf\xec\xb9\x82\x9d\xdb\x65\xef\x8d\x63\xe9\x0d\x68\xfc\x71\x94\xb5\xb8\x85\x91\x3f\x08\xed\xee\x84\x56\x76\x47\xff\xa3\xf0\xd0\xd3\x25\xd0\x82\x60\x0c\xe7\x1a\x23\x45\xc7\x7d\x65\xbd\x96\x25\x20\x03\xe5\xc1\x25\xa7\x18\xa0\x73\x70\xc3\x1b\x57\x08\x07\x5c\xf1\x83\x7c\x69\x25\x63\x5c\xc6\x8d\xd1\xb7\x51\xe4\x0a\xb6\x08\xb0\xd9\xd8\x85\x2c\x18\xd3\x06\x92\x19\xef\x80\x7b\x76\xd2\x88\xf9\x2c\x29\xa9\x3e\x3d\x75\xb5\xb2\xe5\x36\x81\x67\x1d\x3a\xe0\x14\x5a\xc0\x3c\xca\xd3\x16\x2e\x44\x70\x3b\x04\x01\xd3\xeb\x16\x7c\xd8\xdd\xc1\xe1\xa5\xa3\x26\xb7\x28\xb1\xe0\xc0\x0a\x94\xd8\x6d\xe6\x13\x52\xa6\x61\xe4\x08\x97\x17\x5d\x28\xd3\x41\xe4\xd1\xd9\x96\x2e\x35\xf4\xde\x18\xa5\x40\x17\x61\x1a\xd0\x53\x59\xce\x08\xb9\x7b\xfe\xdb\xfb\xe3\x99\x2e\xd5\x8e\xd4\x0f\x51\x7a\xab\x01\xc0\xfe\xfe\x8b\x63\x64\x3d\xa1\xa4\x54\x15\x27\x30\xbf\x99\xaf\x87\x40\xad\xf9\x8a\x77\xb8\xd7\x3a\xdb\x08\xe6\x09\xe0\x0c\xe9\xb1\xcc\xdf\xef\x3e\x9a\x9b\x05\xaa\x56\xe0\xbc\x79\xb6\xbb\xba\x80\xdd\x8e\x46\x1a\xf7\xcb\x20\x28\x92\xd8\x9b\x2d\x05\xa4\x45\x8a\xb3\xfa\x54\xb4\x74\xb8\xf8\xf5\x81\x79\x5d\x6c\x27\x39\xe5\x9d\x0f\xe0\x62\x40\x0b\xae\x2d\x2d\x53\x4b\x34\x0b\xb8\xe2\x61\x57\x77\xa9\xa5\x61\x5b\xb2\xcf\x43\x7b\xa5\x25\xe0\x0e\x70\x38\xf2\x2a\x57\x88\x2a\xc5\x20\xb3\x33\xe7\x5c\x3c\x92\xa8\xb9\xf0\xe3\x7f\x67\x1c\x94\xb1\x5d\xd8\x18\x2a\x08\xd7\xc1\x43\xe9\x4e\x92\x62\xb3\xcc\x55\x44\xc2\x94\xf5\xf3\x35\xc2\xb2\x8a\xc1\x19\xfe\xa0\x0f\x96\x34\xdb\x06\x39\x93\x98\x8b\x5f\x15\x05\x79\xc7\xcc\x25\xb6\xa1\xfb\x0d\xde\x94\x80\x4f\xa6\xef\x66\xff\x79\xfb\x91\x07"},
+{{0xb7,0x86,0xcc,0xfb,0x58,0x6d,0x43,0xb8,0xc4,0x6b,0xb9,0x7b,0x96,0xc9,0x18,0x73,0x1b,0xc2,0xcc,0x11,0x92,0x77,0xf1,0x23,0x67,0x1e,0x30,0x14,0x81,0x58,0xd2,0xed,},{0x90,0xc7,0x00,0x46,0x00,0xf3,0xdc,0xe4,0x09,0xfd,0xea,0xdc,0x8e,0xd0,0x18,0xf9,0xea,0x26,0x3f,0x75,0x16,0x0a,0x74,0xab,0x54,0xf4,0xc2,0x39,0x9a,0x90,0xca,0x78,},{0x52,0xba,0x96,0x58,0xa1,0xa0,0xb3,0xe9,0x8e,0xd5,0x20,0x9e,0x39,0x3e,0x42,0x00,0x66,0xa3,0x7d,0x37,0x14,0xda,0xa7,0x3d,0x5c,0x67,0x1d,0x33,0x07,0x5a,0x5f,0x57,0x27,0xfe,0x4e,0x08,0x1e,0xe0,0xfa,0x3c,0x21,0x33,0xdc,0x95,0x3a,0x2d,0xa6,0x20,0x29,0x13,0x71,0xf0,0x0c,0xcb,0x57,0xd8,0x79,0x2e,0xb5,0x96,0xa2,0xff,0x81,0x01,},"\xba\xbf\x48\xbd\x55\xea\x91\xbd\x0c\x93\xb9\x70\x24\x1b\x52\x9d\x9d\xb4\x3d\x49\x27\xfe\xa5\xf1\xa1\xf7\x08\x2d\xd6\xcb\x50\xa5\x2b\x09\x4b\x31\x29\xfc\xd9\x03\xa4\x4f\xec\x8b\xfd\xb5\xc8\x6c\x00\x2a\x2a\x45\x28\x87\xca\x25\xa6\x0e\xce\xb5\xe1\xf9\xf5\xc9\x3d\xc5\x94\x23\xc7\xaf\xe7\x47\xc6\xbf\x40\x7c\xac\xad\xec\xcf\x5d\x78\x79\x70\xcb\x06\x17\xbb\x3c\xfe\x7f\xd1\x75\x63\xd3\xa0\xdc\x91\x63\x1f\x71\xb8\x4b\xe2\x4a\xe8\x00\x11\x37\x50\xf0\x31\xd0\x1f\xd0\x53\x64\xb4\xf2\x7f\x86\xf8\xdc\x3a\xd7\x40\x7e\x1a\xe9\xe7\x68\x15\x4e\x3d\xde\x58\xe8\x67\x12\x9e\x24\x74\x54\x7b\x40\x82\x17\x96\x48\x44\x85\x8d\x05\x6b\x31\xc3\x74\x99\x1b\x7f\x16\x1f\x52\xf0\x88\xb8\x06\xe0\xf3\x13\xd6\x8a\x15\xc5\x40\x1e\xd5\x5b\x2b\x77\xde\xea\x58\x6c\xb0\x54\xdc\xd7\x1a\xf2\xab\x6a\xb1\x1e\x84\xb3\x0c\x53\x93\x45\xde\x3e\xb4\x3f\xb7\xb3\xa3\xb4\x89\x87\xc3\xbf\xa7\x06\x55\xd5\x99\xf2\xe3\x1d\x12\xad\x23\xcc\x96\xe8\x6d\x38\x0b\xfd\xa8\x12\xfe\xff\x3d\xd3\x02\x42\x92\x91\x69\x07\x02\x28\x91\xe1\x19\xbf\xc3\xed\x9c\x25\x54\x6c\xd1\x9f\xc9\x92\xd8\xa6\x1e\x60\x59\xca\x3c\xe7\x80\x2a\xf1\x11\x87\x56\x62\x0b\x87\xa7\x24\x2b\xd8\x38\x97\xc9\x4d\xd5\xa3\x6e\xd4\x0f\xc0\xf3\x4c\x2c\x93\x11\x0b\x37\xd1\x7d\xd9\x6a\x22\x06\x25\x90\xbc\xdb\x54\x67\x42\xef\x72\x18\xad\xcc\xc5\xad\x28\xf4\xfc\xe6\xec\xf7\x05\x83\x5f\x41\x13\xd8\x2e\xa5\x33\x90\x3a\xec\x8c\x38\x20\xfe\x4b\x47\x15\xf3\x7e\x20\xce\xbc\x1e\x71\x51\x9a\xa0\xb2\x40\xb4\x84\x0a\xa4\xfd\xcf\xb5\x24\x67\xfe\xdd\x8f\x4d\x1f\x9b\xc3\x3e\xe1\x14\xf3\xef\x85\xf5\xfd\xb0\x9c\xa8\x84\xaf\x38\x8a\xd3\xad\xf8\x4c\x79\x3f\x38\x6e\xfe\x6f\xf8\xa4\x6e\xd8\x1e\x5d\x45\xa3\x7c\x25\xcd\x80\xf2\xd7\x36\x3f\x43\xae\x45\xe3\x77\x2c\x0d\xf8\x9f\x11\x44\x79\x39\x80\x6c\x09\x6e\xf9\x33\xa1\x39\x44\xf0\x89\x0d\x88\x7c\x2e\x5b\xbb\x6b\x12\xea\x95\x0b\x09\xb8\xfe\x42\x52\x89\x37\x73\x52\xf3\x5f\x84\xcc\x4d\xcd\x4d\x7a\x44\x94\x89\xfa\x92\x51\xc0\x31\x13\x48\x92\x25\x80\x9c\xdf\x3c\xb6\x34\x75\xf1\x0d\x34\x17\x09\x37\x1c\x6f\xd4\xbb\x7a\x94\x94\x83\xd1\xbc\x2b\x31\xdd\xf4\xd9\x63\xa0\x7d\xe7\xea\x5c\x3f\xee\x9a\x0e\x33\xf0\x76\x9f\x2f\xaa\x40\x61\x2a\x54\x69\x74\xbd\xe0\xb7\x33\x91\x79\xe4\x12\x4a\x44\x7b\xd4\x28\x79\xcc\xda\x5c\x8a\xd1\x81\x9c\x53"},
+{{0xdd,0x1a,0x97,0x74,0xf7,0x58,0x4d,0x85,0x89,0xb1,0x9f,0x92,0xab,0x69,0x39,0xac,0x48,0x56,0x02,0xfe,0x16,0x44,0xce,0xe2,0xf6,0xf3,0xcd,0x60,0xfb,0xd5,0x84,0x00,},{0x4b,0xea,0x7d,0x0b,0x0f,0x4b,0xd5,0x90,0xf9,0xe3,0x57,0x9f,0x0c,0x5f,0xa4,0xce,0xf4,0xd6,0x0a,0x49,0xd2,0xc4,0x37,0xa0,0xaa,0xea,0xd9,0xd4,0x3a,0x73,0xd4,0xa3,},{0x19,0x59,0xbd,0xe0,0xa6,0x97,0xa6,0x39,0x93,0xec,0x47,0xd1,0x58,0x22,0x37,0x39,0xfe,0x65,0x87,0x1f,0xa0,0x58,0x70,0xd7,0xde,0x0d,0x38,0x08,0x65,0x91,0x20,0x2a,0x51,0xb1,0x74,0xd1,0xc6,0x18,0x28,0x08,0xc6,0xce,0x62,0x63,0x1d,0x81,0xdb,0xa3,0x4e,0xbe,0xd4,0xaf,0x2f,0x29,0xb0,0x6c,0x00,0xa5,0x7a,0x3c,0xb6,0x66,0x36,0x06,},"\xe5\xdc\x3e\xd2\x6c\x1f\x69\x3c\xf8\x52\x46\x5a\x05\xe3\x04\x8b\x50\x5d\xb5\x11\x6d\x9e\x31\x59\x22\x05\xa9\xc3\xd4\x72\x0b\xc1\x0b\x6c\x20\x63\x9a\x0e\xe2\xf0\xe1\x47\x22\x5b\x5b\x19\xea\x51\x1c\xfb\xa0\xc2\x1a\xac\x10\x71\x5a\x2f\x23\x2f\x10\xc2\xc8\xaa\xd4\x11\x12\xb6\xb0\x12\xe7\x5a\x41\x55\xf8\xc6\x92\x62\x53\xca\x2b\x4d\xdb\x7b\xfe\x7f\x86\xe9\x0a\x53\xdb\xc0\xcb\xa8\x9e\x48\x5c\xec\xa8\xfd\x26\xe5\x0c\x7f\x28\x2a\x25\x35\x73\xcb\x0a\x8f\xa8\x8c\xc4\x46\x23\xe8\x2e\x8f\xa2\xed\xb6\xcb\xc7\x53\x8a\xc9\x2c\x11\xe4\xc5\xb1\xea\x5f\x68\x96\x6d\x15\xd9\x3c\x34\xf3\x96\xd2\x75\x72\xf8\x64\x38\x2a\xb7\x6a\x7b\xe6\x5a\x55\x7b\x13\x97\x66\x36\x8a\x20\x7d\x98\xbc\x0c\x20\x92\x63\x70\xde\xa2\x70\x48\x16\x03\x63\xed\x85\xf4\x09\x9e\x7c\xd6\x6d\x12\xd0\x98\x8c\xfc\x9e\x2f\x16\xaa\x56\x5f\x8f\x33\xb3\x9e\x97\x8c\x05\x87\x37\x1f\x92\xdb\x50\x56\x31\x75\x64\x41\x1b\xd8\xa3\xb6\xfe\xa0\x9d\x34\x87\xaa\xf7\x34\x03\x49\x18\xff\xed\x1c\x9f\xba\x7b\xde\xc6\xfe\x68\x87\x6f\xc7\x36\x0c\xc5\x62\x9b\x92\x10\x40\x27\xfe\x57\x59\xc5\xab\x36\x53\x54\x75\x1e\x79\x69\x11\x6c\x3b\x9a\x21\xb1\x52\x33\x0a\x96\xa9\x38\x1a\xf7\x30\xd1\x78\x22\xd7\x8a\xd6\xea\x86\x00\x06\x91\x5b\x5c\xab\x44\x7a\x75\x93\x72\xe0\x5d\x49\x5e\xbb\x32\x8e\x75\xd2\x48\xda\xa0\x2f\x5d\x2e\xb9\x78\xd2\x71\x0c\xf1\xc5\xfb\x82\x48\x76\x77\x0e\x32\xca\x6d\xe2\xc7\x30\x56\x48\x92\x41\x5b\xcb\x53\xe5\x98\x1d\x70\x7a\xdd\x96\x1c\x5f\x37\xfd\xaf\xa1\x39\x9a\xf8\xae\xa9\x60\x45\x8d\x2c\xa3\x10\x55\x3f\x7c\x98\x66\xcc\xbe\x8e\x9d\x88\xe0\x8a\x44\x68\x72\xea\x66\xfc\x30\x8c\x82\x45\x14\xb7\xda\xce\x03\x34\xdb\x73\x5e\x6f\x14\xc8\x5b\x5e\x61\x9a\x5d\x60\x56\x48\xa8\x81\xe8\x76\xc7\x8d\xbe\x06\x57\x23\x3d\x4f\x7f\x3b\xfd\xdf\x63\xb4\x45\x31\x1d\x6a\xbc\x47\x63\x47\xec\x4f\xb4\x3c\x89\x46\xf9\xd1\x7c\x36\x93\x81\xd1\xc5\x64\xff\xcf\xe2\xdc\x7b\x47\x26\xfd\x57\x38\x7f\x0b\x44\xdb\x8e\xf9\x5a\x0b\x4e\x32\xa7\xbe\xdf\x31\x9e\x53\xa9\xe7\x12\x6c\x28\x11\xf9\x82\x9d\x1f\x4a\xe9\xab\xd9\xd5\xf4\x2e\xfe\xf2\x07\x5f\x47\x05\x1c\x63\xa4\xf8\x20\x20\x40\xec\x47\x23\x68\x63\x82\xc6\x03\x31\x27\xc1\xfb\xff\xf4\xbc\x82\x37\x35\x08\x75\x2d\x43\x1d\xc4\x73\xf5\x2d\xde\xab\x03\x42\xdc\x4f\x54\x47\xf8\xf2\x57\x38\xef\x65\xd7\x85\x56"},
+{{0x66,0xf5,0xea,0x8c,0xdb,0x95,0xee,0x1a,0x75,0xe3,0x24,0x67,0xd7,0xc8,0x3c,0x59,0x44,0x77,0x42,0xc8,0x5d,0xdd,0x49,0x9c,0x43,0xc0,0x86,0x73,0xe1,0x49,0x05,0x3a,},{0xa8,0xad,0x04,0xb9,0xc1,0x44,0xb9,0x7f,0xe8,0x67,0x37,0x4d,0x4f,0xe5,0x7d,0x7e,0xc0,0xc2,0x49,0x18,0x3e,0x43,0xbd,0xfb,0x5d,0x52,0x64,0x4e,0x7f,0xbe,0x1d,0xf3,},{0xec,0x5c,0x7e,0x83,0x92,0xfa,0x8b,0x61,0xbc,0x82,0x96,0x81,0x86,0x6e,0x45,0xac,0x8b,0xe4,0xb5,0xb7,0xb6,0xa8,0x22,0xc1,0xbc,0xd0,0xf2,0xcc,0x2c,0x8c,0x44,0xc3,0x3c,0xf8,0x3f,0xa4,0x2d,0x43,0xa2,0xf1,0x88,0x41,0x41,0xb4,0xa5,0x9a,0xaf,0xf4,0x7f,0x9b,0xe0,0x7e,0x63,0x2e,0x20,0x18,0x75,0x93,0x24,0xea,0xc9,0xd1,0x49,0x00,},"\xc0\xd0\x1d\xce\xb0\xa2\xd1\x71\x91\x10\x18\x79\xab\xb0\x93\xfb\x07\x75\x71\xb5\x21\xbe\x7b\x93\xa1\x17\xc6\x96\xc0\x87\x2f\x70\xea\x11\x39\xab\x62\x83\x29\xee\x56\x55\xfc\x0a\xa7\x7e\x81\x11\xd2\xfc\x88\x47\x48\xc1\xf2\x67\xb9\xeb\x09\xdc\x26\xf5\x7f\xc4\x02\xd6\x1b\xa3\x6f\x63\xf4\xd5\x89\xaa\xe6\x3c\x76\xee\xee\x15\xbf\x0f\x9e\x2d\xcd\xe4\xe4\xe3\xe7\x8f\xc6\xc2\x9e\x3a\x93\xf3\xff\x0e\x9a\x6e\x0b\x35\x66\x45\x95\x38\x90\xde\xbf\x62\xdb\xea\xf4\x90\x51\x78\xd4\xf0\xa5\xa5\x92\xc1\x92\x94\xee\xba\x7c\x21\xcf\x8f\x1b\xb3\xf4\x51\x21\x87\x37\x6d\xe7\x2f\x11\x36\xa4\x8a\xc2\xdf\xaf\x32\xd0\xf3\x7d\xe0\x64\x59\x25\x92\xb6\xe1\xbc\x0c\x51\x2c\xf4\xd2\xd8\x5d\x16\x79\x78\x53\xa8\x09\x33\xb0\x9c\x2f\x7b\xfb\x9e\x54\xa6\x9e\x51\xa8\xe4\x23\xa9\x1c\x3e\x5f\xde\xb4\x79\x05\x33\xe8\x7a\x4b\x1c\x0e\x0e\x23\xa9\xdb\x95\x73\xac\x17\xab\x6e\xc7\x01\x4d\x8b\x7c\x44\x86\xe1\x57\x25\xf8\xd2\x64\xee\xa3\x05\x0e\x83\x5a\xe0\xac\x44\x9d\xb3\x34\x50\x2a\x6d\x97\x35\x8f\xa8\x59\x10\x6a\xd0\xf6\xf4\x29\x5f\x23\x44\x92\x0a\xdf\x93\x55\xa6\x94\x9d\x8d\x14\x5c\x25\x62\x8a\x46\xa1\x04\xca\x09\x9b\xd9\xdd\xe9\x41\x11\x9c\x83\x82\x0c\xdc\x2c\xb2\xd0\x97\x22\x69\x49\x01\x04\x3c\x37\xcf\x0a\xe8\x79\xbe\x20\x30\xd0\x37\x31\x58\xb9\xc4\xb0\x71\x82\x98\xbe\x45\xf6\x30\xf6\xfc\xdc\x19\x0f\x7b\x29\x26\xd8\x76\x55\xa1\x8b\xb7\x97\xac\x50\x75\x7f\xcd\x36\x55\xc9\xe4\x1d\x51\x63\x29\x3d\x9a\x13\xd9\x84\xf5\x91\xf7\x5b\x7e\x4e\x5c\xad\xb6\x4c\x4c\x9f\xdf\xef\x76\xca\xb6\x93\x81\xd0\xf6\x0b\x48\x3f\x80\x4b\xb3\xb3\x33\x64\xdf\x8c\xff\xac\xb3\xc9\xb1\x3f\xf4\xc8\xd8\xd4\xea\x40\x76\x6a\x7d\x42\xd8\x25\x6c\x6b\x1c\x11\xc1\x91\xda\xba\x1b\x8e\xf2\x15\x93\xe4\x7b\x18\x85\x8e\xc1\x9d\x81\x73\x58\x67\x8d\x85\x48\xff\x15\x35\xd5\xfc\xf4\x41\x4b\x6a\x11\xd3\x4a\x37\x42\xf8\xd7\x14\x9f\xa6\x81\x38\x3a\x94\x08\x88\x7f\x1c\x0a\x98\xed\x52\x1e\x72\x79\x32\x77\x82\x4d\x6f\x74\x6d\x49\xb6\x3d\x44\x4e\x31\x2e\x6d\x9b\x98\x66\x11\x25\x81\x96\xa5\xb0\x12\xb8\x8f\xaa\x29\xf9\xa6\xc6\x7e\xd2\x5d\xf8\x7b\x2d\xbf\x0d\xbd\x2d\xc3\x08\x0c\x5b\x8d\x15\xa3\x7d\x34\x72\x90\x98\xed\x0d\xe9\x2d\x75\x80\x74\x29\xb2\xca\xe5\xd7\x28\x3c\x4e\x5c\x9b\xd1\x96\xd1\xad\x43\x6c\x7c\x34\xf3\xc9\x46\x6e\x5c\xb3\x19\x6b\x44\x3f\x4b"},
+{{0xed,0x25,0x58,0xe5,0xc5,0x67,0x84,0xbc,0xfb,0x4f,0x4d,0xde,0xa3,0xc0,0xdf,0xbe,0xf8,0xd9,0x6f,0xf1,0xca,0xbf,0x15,0x8e,0xc4,0xab,0xe6,0x0a,0xff,0x66,0x99,0x9e,},{0x1e,0xdc,0x99,0x10,0x12,0xac,0x6f,0x88,0x8f,0xa7,0xe6,0x04,0x57,0x77,0xe9,0xba,0x1d,0x4c,0x03,0xc4,0x02,0x92,0xd2,0xda,0x6b,0x72,0x2b,0x4a,0xd0,0xa3,0xed,0x74,},{0xab,0x9e,0x01,0x16,0x65,0x24,0xfd,0x28,0x8e,0x5c,0x68,0x9e,0x56,0xd7,0x30,0xd4,0x98,0x30,0x00,0x55,0x10,0x30,0x49,0x33,0x34,0xa3,0x98,0x4e,0x22,0x23,0xdc,0x9f,0x7a,0x5b,0x91,0x0c,0x61,0x76,0x0c,0x61,0x57,0x99,0x0a,0x4c,0x33,0x5e,0x34,0x8e,0x3a,0x7b,0xc8,0x22,0x3e,0x09,0xc1,0x0c,0x5e,0x52,0x0c,0x8d,0x61,0xaf,0xf5,0x00,},"\x2c\x64\x33\xe9\xbf\xbf\x4c\xfd\x4e\x07\x1f\x15\xce\x6b\x12\x9d\x78\x0a\x4b\x3d\xe0\x14\xfa\xc0\x34\xe0\xd4\x4e\xf7\x72\xe2\xc8\xb0\xd6\xa3\x48\x1d\x7b\x3d\xde\xb2\x37\x63\x26\x73\x55\x33\x13\xde\xac\x1e\xfa\xfe\x37\x02\xa7\xa4\x41\x1e\x12\xbd\x34\x1e\x8d\x8e\x96\xc5\x9c\x5e\x30\xc3\x68\x07\xa8\x38\x5a\x53\x8e\x9b\x66\x90\x7d\x6a\x52\x84\x00\xbd\x9f\x95\xee\xdc\x52\x16\xb2\x8f\xd7\x43\x7d\x8f\x4a\x02\x9f\xdb\xdc\x7c\x93\x8e\x4e\xb9\x81\x2f\xec\x05\xea\x69\x32\x29\x62\x9a\xce\x6a\xcc\x7a\xf6\xba\x4c\x23\x8e\x77\x22\xf3\x12\xf7\x89\x6b\x00\x49\x22\xf7\x06\x7e\xde\x10\x6f\x8e\x70\x15\x4d\x78\x3f\xb4\x12\x91\xf3\xc7\xe2\xe4\x82\x60\x45\xb5\x74\x1b\xcb\x4a\x88\x38\xf8\x7a\x32\xe0\x04\x97\x04\xe9\xb5\x32\x34\xc2\x24\xff\x89\x8a\x75\x6e\x52\x91\x34\xc1\xa9\xbf\x50\xfd\x02\x98\x19\xb2\x23\x8b\x60\xb2\xae\xc1\x12\x8f\x34\xd2\x1f\x9d\x66\x98\x3b\xed\x39\x86\x59\xd8\x08\xb6\x7a\x2e\x50\x1b\x5a\x1f\x25\xf7\x1f\x0f\x0c\x1e\xb2\xfe\xa0\xab\x42\xd8\x2f\xf3\xbc\x93\x58\xbb\x20\xc2\x75\x20\xc1\x44\xcf\x21\x16\xf4\xa4\x9c\xbc\x61\x99\x4d\x2d\x71\x05\x46\x69\x4c\x4f\x60\x2d\xc4\x06\xe0\xb0\xc2\x7e\x5f\x5e\x64\x66\x7e\x95\xc2\xec\x9d\xf2\xd6\x52\x9c\xf5\x36\x22\xea\x10\xb9\x56\xb3\x45\xec\x55\xb6\xc3\x9a\x1e\x6e\xd8\x8a\xe6\x6e\x5b\x45\x71\x79\x42\x5d\x1a\x84\x90\x37\xb0\x7c\x46\xcf\x5f\x36\x33\x01\x09\x58\x37\xce\x81\x1b\xff\x49\x60\xbf\x9c\xbd\x15\x20\x1c\x1b\x67\x40\xbd\x70\x10\x21\x40\x74\x4c\x33\x27\xac\xa9\xd6\xd6\xd1\x54\x93\x67\x98\xac\x38\x1f\xa6\x39\xdb\x43\x6e\xe8\x16\x56\x67\xd5\x38\xa6\xc7\x4a\x23\x3c\x12\x4b\xf6\x04\xfd\xad\x51\x98\x4c\x41\x70\xb8\x20\x0d\x2d\xf7\x3c\x29\xbb\x1e\x37\x6a\xff\xc3\x14\xdd\xe3\xe8\x6a\xf9\xd2\xc2\xe6\xc3\xa6\x52\x4d\x32\x1b\xce\x93\xe2\x1f\xc9\x65\x56\x4f\xaf\x77\xd0\xcd\x1a\xcc\xb4\xd7\x62\x94\x85\xf5\x64\xc7\x9f\x4d\x8a\x2f\xde\xfb\x46\x54\x54\x02\x8c\x6d\xd1\x42\x80\x42\x80\x53\x70\x74\x33\x63\xbb\x18\x47\x6a\x3f\x23\x20\xdb\x25\x89\xc7\x21\x33\xcf\x5e\x29\xda\xfb\x7d\x07\xaa\x69\xa9\xb5\x81\xba\xb5\xa8\x3f\x40\x3e\xef\x91\x7a\xfa\x14\xb7\x64\xc3\x9a\x13\xc0\xc5\xea\x70\x19\xd2\xfd\xfb\xd7\xf3\xf7\xd4\x0e\xb6\x3b\x2a\x08\x4d\xa9\x21\x89\x5f\xe4\x8f\x4f\xd5\x94\x01\x7f\x82\x56\x9b\x46\x7a\xb9\x01\x16\x9e\xb5\xda\x9c\x40\x17\x1d\x5f"},
+{{0xb7,0x27,0x98,0xb8,0x11,0xe2,0x33,0x84,0x31,0x25,0x6d,0x24,0x80,0xfe,0x7a,0x36,0x63,0xac,0xec,0xbb,0xe6,0xe6,0xc1,0xb9,0x19,0x1e,0x9d,0x9a,0x22,0x44,0x79,0x40,},{0xce,0x49,0x1d,0xaa,0xd2,0x96,0xb5,0x57,0x27,0xb0,0x95,0x13,0xdf,0x02,0xba,0x59,0x28,0xa3,0x71,0x73,0x7c,0xd3,0x58,0x41,0xe5,0xf7,0x35,0xac,0xab,0x7c,0x5d,0xf8,},{0xdc,0xfc,0x6f,0xd4,0x77,0x99,0xfe,0xc7,0x72,0xc2,0x09,0x9b,0x3c,0x64,0x37,0x24,0x6c,0x3a,0xd0,0x72,0x29,0xfc,0x74,0x0e,0x05,0x31,0x1a,0x20,0x6b,0x18,0xb0,0x2e,0xcd,0xb0,0x26,0xc9,0x26,0xf4,0x9c,0x65,0x52,0xe3,0x47,0xfd,0x35,0xdf,0xde,0x06,0xcb,0x63,0x9a,0x79,0x7c,0x50,0x61,0x2f,0x98,0xe2,0x47,0x8a,0x92,0xaa,0xf6,0x09,},"\xa5\xd4\x62\x98\xb0\x79\x06\x10\xae\xdc\x09\x70\xfe\xa2\xa7\x07\x50\x81\x84\x72\x66\xf2\x2f\x12\x47\x8b\x93\xd7\xe6\x74\xc6\xc5\x17\xf3\xc1\x4e\xd0\x61\x26\x9d\x17\x0a\xc3\x1e\x2a\x64\xf9\x75\x4a\x56\x5b\xac\x1d\xd9\x75\x73\x22\xc1\x11\x32\xe7\xbb\xee\x5f\x32\x81\x8e\x0e\x30\x63\xab\x64\xe5\x52\xd0\x9b\x0f\xd1\x75\x76\x39\xb9\xb9\xd1\xc7\x70\x01\x6b\x67\x74\x65\x87\x2b\x66\x9d\xd4\x8b\xe0\x38\x66\x57\x51\x67\x4d\xd2\xf4\x0a\x96\x6a\x26\x74\x8f\xd3\xe5\xdb\xfd\x92\x26\x5e\xb9\x36\xf5\x5b\x09\x42\x86\xc0\x10\x62\x99\x04\x34\x7c\xb4\xc5\x26\xe3\x77\x47\x0a\xa9\x6e\x81\x69\xa6\xf2\x11\x63\x38\x07\xa5\x00\x30\xe7\xff\x68\xe3\x89\x11\xb3\x55\x5e\x72\x8e\xd8\x59\x0b\x2d\xc4\x5f\xea\x69\x94\x5c\xc0\xc9\xa3\xd3\xe6\xc9\x54\xb3\xe8\x01\x06\xa5\xc9\x1d\x3d\x22\xe8\x9e\x8c\x0e\x1d\xe9\x02\x05\x8e\x9c\xd0\xf8\xce\x80\x6e\xac\x4f\x89\x3e\xe0\x42\x99\x00\xfb\x54\x87\xb8\xfd\x36\xdb\xdc\xb3\x4f\x2d\x54\xfc\x6c\xc7\x4a\x92\x39\x51\xb8\x63\xda\x70\xf1\xb6\x92\xbf\x04\x38\x48\x43\x66\xcd\x85\xee\xb8\x80\xb2\x79\xf8\xfc\xa9\xd3\x24\x2c\x55\x83\x30\xf1\xca\x57\xc6\xa5\x86\x08\xcd\xbc\x07\x73\xe1\x60\x82\xbc\xa9\x64\xdd\xc4\x03\x47\xda\x8a\x36\xb2\xa9\x32\x8c\x2f\x46\x60\x9e\x09\x2f\xd6\x4b\x41\x34\xee\xe1\xd0\x99\x81\x3e\x12\x46\x48\x9e\x8e\xe5\xb1\x9b\x3d\x3b\x89\x1c\x28\xf3\x0b\x38\xb6\xa2\x8e\xc1\xd3\xe9\xb0\x05\xde\xc9\xc6\x3f\x8b\x98\x13\xbc\x1d\xe4\xaa\xf9\x95\xf1\x77\x9d\xde\xd1\x5c\x7a\x43\x0d\x70\xca\x46\xe7\xca\xfd\x4e\x9a\x54\x38\x04\x44\x6a\xb0\x80\x7d\x64\xf2\x55\xe2\x01\xef\x42\x8a\x47\x4d\xae\x8a\x0a\x75\x02\x1b\x62\xad\x39\x88\xff\xb8\x1c\xd8\x22\x1b\x24\x30\x85\xa0\xad\x04\x6f\xdc\x16\xc6\x7f\x17\xb9\xf8\x18\x20\x09\x59\x53\xa5\xb9\x8a\xcb\xdf\x93\xeb\xcf\x80\xbc\x9c\x99\xaf\x5f\xbf\xfa\xcb\x61\xa9\x25\x1c\x5a\xaf\xdb\x22\xb1\x12\x9b\xfc\x60\xc9\x8e\x0f\x17\x52\x63\xbd\xf9\x3d\xc9\xa0\x8b\x8e\xfc\x2e\x8c\xda\xf0\xf8\x3d\x6c\x49\xec\x90\x16\x45\xea\xc5\xa4\xff\x63\x38\x5a\x6f\x1a\xf2\x07\x18\x97\x66\x2a\x37\x22\x19\xc9\x30\x1f\x54\x5a\x2e\xbb\x8f\x59\x17\xdb\x7f\x29\xca\x13\xfc\x86\x1a\xf3\x8d\x90\xc3\x5c\x03\xac\x91\x84\xc1\x22\xe5\x7b\x05\x7c\xde\x42\x6f\xd7\x6d\xca\x79\xe2\x5e\x64\xdb\xb4\x1c\x84\x14\xa0\x45\x0d\xa4\x90\x5b\x90\x2a\xe9\x8d\x2d\xa4\xba\x79\x28\x01"},
+{{0x1f,0xe7,0x32,0x7e,0xa9,0x07,0xd3,0xff,0x17,0x9b,0x11,0x78,0x11,0xd3,0x01,0x93,0xfc,0xba,0x4c,0x34,0x7b,0x90,0x65,0x7f,0xee,0xd9,0x8d,0xee,0xec,0xda,0x9a,0xc9,},{0xee,0xf3,0x01,0xb1,0x6f,0xd7,0xbf,0x3c,0x7b,0x64,0x0b,0xf5,0xee,0x87,0x00,0xac,0x5a,0x87,0x16,0x9e,0xab,0x5f,0x56,0x01,0x5b,0x3f,0x49,0x9d,0x95,0x5e,0x07,0xeb,},{0x9c,0x7f,0xdb,0x53,0xfd,0x60,0x6b,0xc7,0xc9,0xc2,0x23,0xfe,0x94,0x31,0xe1,0xad,0x00,0x95,0x46,0xd0,0x00,0x98,0x81,0x2a,0x49,0x51,0x97,0xf2,0x54,0x1e,0x87,0xf8,0xd6,0xf5,0xda,0x22,0xec,0xef,0xcb,0xb7,0xda,0x56,0x66,0x2a,0x73,0x09,0xd1,0x0a,0x6c,0x4a,0x4f,0x7f,0x29,0x92,0x78,0xd5,0x1b,0xbd,0x11,0xe0,0xcc,0x1b,0x87,0x09,},"\x19\xa8\x32\xf2\x6f\xbb\x02\x39\xf0\xd9\xd2\x6a\x2e\xbd\xed\x24\x03\xc2\xa4\x06\xdd\x1f\x68\x31\x8d\x67\x7a\xfa\x64\xf3\x50\x43\x31\x6a\x5e\xfd\x72\x97\x83\xc7\xf9\xd1\x8c\x09\x82\x46\x14\x65\x20\x91\x88\x6c\xc9\x54\xbe\x9f\x93\x12\xd4\x58\x6b\xf3\x6f\x30\x35\xac\x70\x34\x38\xb0\xcf\xe3\xde\xc5\x07\x78\x13\xc7\x10\xd1\x44\x75\x61\xab\x61\x57\xbc\x7a\xd5\xea\xb5\xb0\xc0\xaf\xdc\xc9\xdb\x77\xe6\x6f\xa8\x07\x13\x66\x82\x9c\x50\x10\x96\xc3\xd3\xa9\x38\x21\x8a\x6e\x42\x07\x10\x9d\x1e\xb8\x1f\x7d\x88\xbd\x6f\xbb\x2a\xef\xb1\xad\xef\x35\x94\xaa\xe5\x7c\x46\xb7\xb9\x84\xdb\x94\x68\xcd\x96\x2c\x61\x84\xfb\x97\x6f\x0e\x2a\xa8\x41\x52\xde\xb1\xc7\x6a\xea\x75\xae\x48\x84\x42\x94\x3a\x80\xba\x7d\x98\xa2\x8c\xb8\x64\xb5\xe8\x7c\xdb\x28\x4a\xd6\xe8\xd7\xaa\xdc\x6b\x75\xd6\x9d\x3b\xd3\x45\x78\x3b\x3e\xbb\x67\x6f\xf9\x5d\x7b\x41\x91\xe5\x99\x85\x1c\x96\x28\x83\x5c\x7c\x01\x19\x7e\x7c\x8f\x86\xf9\xc8\xfb\x49\xfe\x3e\x28\x45\x8b\xa9\xb0\x23\x62\x19\xbd\x46\xc2\x8d\xf6\x53\x24\x96\x99\x4a\xc9\xba\x73\x3c\x01\x05\xa0\x2a\x26\x9a\x2b\xe8\xb7\xcb\x40\x07\x4b\x88\x16\x02\xef\x92\x47\x05\x2d\xe9\xd6\x37\x08\x91\x88\xbd\x4c\x18\x5c\xca\xe2\x58\xa2\xae\x98\x56\xa2\xcb\xf8\x45\x11\x17\x68\x3c\xe3\x41\xf8\x09\x6e\x1d\x91\xe8\x74\xc5\xcb\x8a\x4e\x09\x39\xeb\x77\x37\x3a\x9a\x0e\xb7\x91\x64\x5b\x8f\x54\x60\x47\x2d\x66\x9d\x80\x14\x68\x1a\x5e\x77\x87\x06\xcb\x55\x66\xbb\xd4\x72\x7d\x17\x16\xb2\x3c\x62\x0d\x22\x8b\x5d\x4d\xc2\xb3\x52\xb4\x23\x93\x1f\x8a\x7e\x8f\xb5\x9e\xda\xd8\xae\x42\x45\x87\x29\x86\x1a\x98\xe0\xc8\x50\xa7\x7e\xd6\x55\xe7\xfc\xfe\x4f\xe3\x6f\x97\x72\xdf\x1a\xc3\xc6\x43\xad\x31\xdb\x56\x30\xd5\x71\xdf\x9f\xcc\x9c\x50\xde\x76\x22\x10\x84\x11\x96\x2b\xbf\x72\xde\xfb\xf4\x9e\x99\x70\x59\xc7\x31\x1b\xd9\xdd\xd5\xb3\x38\xa9\x85\x19\x38\xd3\x7e\x7a\x26\x21\x08\xa2\x91\xe2\x01\x68\x03\xbb\xef\xf4\xf9\xc7\x76\x12\x5c\xeb\x7e\x72\x72\xb5\x1c\x7c\x33\x46\x1d\x80\x89\xf8\x40\x8d\x8d\xda\x92\x50\x6d\x50\x02\x08\x4d\x4f\x41\x4d\x8a\x4d\x28\xd3\x69\x4c\x88\x63\x0e\x31\x80\x19\x90\xd9\x52\x71\xce\xf4\x7a\xa5\xc2\x63\xf9\x7b\x7d\xac\xa1\x78\x87\x01\x43\x63\x29\xb5\xbf\xaf\x72\x65\x3c\x16\x6d\xb0\x87\x70\x81\x30\xc5\xc0\xd7\x8c\xc4\xe9\x06\x4f\x86\x06\x80\x27\x1a\xfe\x4c\x40\x98\x53\xc2\xfa\xd6\x75"},
+{{0x5f,0x9d,0xcd,0x93,0xfb,0x14,0x06,0x10,0xb0,0xe2,0x11,0xb3,0x9a,0xdd,0xb1,0xeb,0x87,0xba,0x97,0x80,0x48,0x77,0xaf,0xbc,0xc3,0x81,0x38,0x8c,0xad,0x65,0x08,0x45,},{0x18,0x2a,0x23,0x7d,0x87,0x8c,0x58,0x19,0x33,0x33,0x2b,0x41,0x78,0xb6,0x7e,0xc4,0x08,0xb3,0x19,0x4d,0x44,0xe4,0xe6,0x93,0x92,0xef,0x80,0x0b,0x26,0x7c,0x29,0x49,},{0xc1,0x91,0x5e,0x05,0x2b,0x66,0x47,0x97,0xe0,0xd5,0xfa,0xad,0xc7,0x8f,0x2a,0x00,0x9d,0x6f,0xbc,0xfd,0xe0,0x3f,0x3a,0xaa,0xd5,0x9b,0x9f,0x45,0x88,0xe7,0xfc,0x3b,0x21,0x99,0x0c,0x52,0x08,0xd3,0xd7,0x6b,0x4a,0xa9,0x5b,0xd9,0x34,0xe8,0x8d,0x3c,0x98,0xc5,0x91,0x93,0x0a,0x59,0xde,0x2a,0x05,0x67,0x01,0xd9,0xf7,0x57,0x74,0x00,},"\xc3\x8b\x87\x4d\x3f\xf0\x10\xff\xf1\xa6\x61\x3b\xfa\x13\x42\x57\xb2\x48\x33\xcb\x53\x6d\xe3\xe7\x49\x92\xc3\xcb\x01\xfe\x3b\xbd\xee\xd9\x7d\xc3\xc4\x59\x6f\xa4\x40\x61\x44\x2b\xd3\x1a\x9d\x4a\xa8\xc8\x1e\x34\xad\x98\x88\x71\x82\x06\x63\x55\x09\xb1\x33\xb1\xba\x69\xcb\x1a\xa0\xe7\x5c\x7a\x18\x93\xc0\x80\x16\x1d\x26\x15\x2a\xce\xf4\x0f\x6e\xf4\x21\x0e\x95\x2a\x49\x82\x8b\x5c\xdd\xe8\x04\xbc\xb5\x36\xcd\xc3\x49\xa8\xe8\x31\xb4\xb6\x9d\x37\x85\xa7\x6b\xd9\xfb\x27\x08\x05\x65\x97\x2d\x0b\x8f\xbd\x16\xf3\xf9\x60\xa6\xbf\x3b\xa0\xc5\xb9\xc4\x04\x96\x7e\xc1\xaf\xfe\x59\xb8\xc4\xec\xc6\x50\xfd\xde\x1c\xb0\x6b\x70\x59\x5a\xd4\xd3\x25\xda\x0f\xab\x4c\x55\x40\xa7\xa8\xd5\xeb\xea\xcc\x4e\x99\xbd\x0d\xc9\x6b\xde\x82\xf2\xbd\x7d\x95\x86\x30\x84\x65\xe5\x5b\x1c\xc3\x88\xd7\x50\x48\x6b\xdd\x5c\x72\x64\xd5\x4f\x56\x14\xd4\x87\x26\xd9\x9e\x44\xd7\x77\x8d\x9e\xd0\x32\x39\x58\xab\x98\x58\xe2\xb2\x5d\xf2\xbf\x99\x4b\xa3\xe6\x25\xe2\x80\x3b\x6c\x69\x31\xe7\xa9\x92\x6f\x1e\x61\xed\x86\x24\x03\xce\x39\x2a\xb8\x3b\x7d\x1b\x66\x08\x5d\xcc\x06\xd8\x2d\xbf\x17\x6d\x01\x6d\x9f\x44\xcd\xcb\x50\x72\xd0\x04\x59\x1e\x92\xd0\x45\x9e\xf0\x5a\x51\xb8\xf5\x4b\xa1\x72\x51\xe1\x66\x21\xeb\xb7\x53\xe5\xb1\x59\x0c\x02\xd2\x1e\x40\xf4\xb7\x5e\xee\x46\x02\x86\x0b\x97\x41\xfb\xbc\x0d\x2e\x38\x5b\x8d\xac\xa8\x3c\xce\x68\xc3\x4a\x99\xbd\xe6\xa6\x0d\x13\xba\x64\x34\x7d\x0a\x38\xd6\x4b\x2a\xde\x25\x0f\x38\x85\x2c\x4e\xda\x2e\x2e\x4f\x30\x3c\x3d\xe1\xa8\xa9\xd4\xab\x33\x00\xc9\xe6\x36\x22\x87\x9f\xc8\x53\x7f\xfc\x63\xb1\x85\x61\xfa\x1f\xff\x65\x53\x12\x41\x51\x5a\x62\xbb\x9b\x08\xb8\x0a\xf3\x76\x67\xa6\x01\xae\x04\x17\x17\x93\xcc\x83\xb1\x1a\xdf\x9c\x30\xca\x9f\x4d\xab\xc7\xb4\x01\xe1\x6a\x18\x14\xcf\xc7\x50\x24\x8c\xc2\xf7\x7e\x03\xf9\xc4\x33\x44\x65\xff\x6a\x2c\x83\xcb\xb5\x6d\xb4\xb7\x34\x75\x10\x43\x83\x2c\x40\x00\x97\x2e\xe3\x23\x2f\x92\x9f\x23\x33\x7e\xba\x5e\x65\x1e\x34\xcb\xdd\xfe\x68\xba\x21\x9b\x63\x2e\x7a\xcd\xbd\x46\x30\xa0\x31\xbf\x16\x89\xfb\xbc\x7f\xbb\xb2\x10\xdb\xf2\x5e\xe8\x7e\x2e\xf2\xb3\xcb\xaf\x8d\x9e\xbd\x8f\xc9\x2c\x3a\x58\xd3\xc0\x5b\x13\x85\xa7\x6c\x87\x79\x1d\x7c\xd3\x74\x1b\x71\xb6\xc3\x29\xde\x9a\x9d\x75\x08\xa0\xc1\x56\xa9\x52\x1a\x90\x20\x56\x30\x99\xa8\x2b\x87\x70\xae\x9a\x94\x4a\x7e\x94"},
+{{0x92,0x5e,0xbe,0x04,0xc6,0xea,0xc4,0x9b,0x26,0x73,0x8d,0x6c,0x13,0x00,0xf3,0x1f,0xd4,0x82,0x84,0x78,0xcb,0xe9,0x7d,0xab,0x18,0xbb,0x88,0x96,0x42,0xe1,0xe1,0x10,},{0xcd,0x72,0x31,0xb6,0xeb,0x74,0xe1,0xfe,0x9f,0x92,0x6f,0x00,0xd8,0xde,0x2c,0x51,0x3d,0x49,0x64,0x05,0x25,0xb0,0x79,0x5c,0xab,0x89,0x3d,0x0c,0x89,0x29,0xe3,0xe0,},{0x2c,0x4d,0x69,0xbe,0xd5,0xad,0x8b,0x95,0x84,0xd8,0x49,0xcf,0x3d,0xf2,0xba,0xc7,0x22,0x82,0xb5,0xf3,0x0d,0xe2,0x66,0xb1,0x4f,0x53,0x3c,0xa9,0x6e,0x95,0x50,0xc4,0xb8,0x54,0xc1,0x54,0xbd,0xc1,0x7a,0xa8,0x80,0xcf,0x00,0x1a,0x64,0x54,0xff,0xaf,0xaa,0x2e,0x50,0x17,0x8d,0xe2,0x12,0x16,0xed,0x12,0x6b,0x63,0xf7,0x7f,0x2d,0x02,},"\xe6\xc0\xba\xd2\x3a\x92\xae\x8b\x1d\x85\x77\x82\x88\x15\x7a\xc6\xc6\x17\xc6\x33\x63\x34\x1d\x77\x78\x70\x34\x1b\xb1\x0a\x8d\x3d\xfc\x89\xbe\x4f\x55\xad\x4f\x64\xe8\x3b\xf2\x49\x9b\x69\xfd\xf7\x21\x74\xd2\x84\x4e\x6b\xd2\x89\xda\xaa\x03\x5f\xec\x5b\xf7\xcf\x45\x52\x21\x19\xdc\x7a\x8c\x81\x1d\x79\x57\x8c\x5b\xb0\xf6\xd3\x4d\xb5\x07\xad\x1f\xb6\xdb\xff\xf9\x97\xb7\x9d\xac\xfb\x3d\xa5\x0a\x41\x5e\x35\x0c\x99\x8c\x0a\x02\x80\x0a\xa5\x0f\xfd\xfe\x5f\x42\x76\xd8\xe6\xbb\x82\xeb\xf0\x47\xfe\x48\x71\x1d\xaf\x7a\x89\x3b\xdc\x75\x37\xbd\xae\xdf\x3d\xcb\x4d\xec\x5d\x24\x58\x68\x11\xf5\x9b\x25\xb1\x9e\x83\xca\x61\xe5\x59\x2f\xed\xc0\x8c\xa5\x44\x73\xce\xa2\xec\x12\x1b\xaa\x0e\x77\xfb\x2d\x9d\x76\x56\x57\xde\x67\x98\x0e\xd5\x7f\x2f\x17\x78\x58\xb6\xde\xcf\x84\xff\x90\x21\x2d\x96\x47\xf4\x1e\xed\x9b\x9d\x0e\xa3\xd8\xd6\x21\xe4\xbb\x40\x41\xac\xc5\x14\x6e\x96\xdf\xcf\x14\xea\x96\x2d\x30\xc8\xcc\xb3\x9e\xa2\xbe\x95\x8c\x9b\x87\x74\x45\x1b\xfe\xb7\xdd\xce\x71\x6e\x94\x92\x3c\xc8\x5f\xbd\x3a\x31\x30\x78\x0e\x2b\x3b\x2b\xb7\x6d\xa5\x34\x19\x12\xa4\xe9\x94\xca\xfa\x19\xbb\xa1\x97\x32\xf2\xea\x40\x2d\x71\xd3\xd8\xa9\x69\x67\x9b\x9d\x10\x42\x43\xd9\x83\x9c\x69\xee\x9e\x95\x5e\x1c\x60\x44\x97\x88\xd1\xf4\xf6\x65\x1f\x4b\xc9\xb9\x4d\x73\x52\x2e\xc0\xcf\x72\xca\xcf\xcf\x19\xf1\xf0\x3a\xd6\x23\x21\x04\xb5\x5c\xbb\x8b\x5b\xb1\xe2\x13\x44\x71\x3d\x48\x27\x42\xd6\xab\xc5\xa9\x57\x17\x4f\x62\x3b\x84\x95\x27\x2c\xc1\xe2\xb8\x31\x5e\x5c\x80\xf9\x47\xf5\x00\xc8\x3d\x85\x44\xf7\xcd\x4f\x65\x34\x89\x49\xef\x44\x20\xd7\xfc\x83\x1f\xa4\xae\x2e\xe1\x8d\xbb\xa6\x14\x92\x5c\xe1\xd7\x67\xc1\x77\xa6\x26\xc4\x52\x7a\x81\x54\xb5\x72\x92\x18\x6b\x04\x4c\xbf\x92\x89\x42\x53\xb0\x0f\xd9\x34\x3f\x9e\x69\x7b\x14\x12\xeb\xa4\x35\x97\xeb\x72\xa6\x69\xaa\xa2\xd7\x7e\xac\xb9\x68\xc2\x0f\xe1\x95\x05\xa3\x80\x74\x15\x86\x21\xb6\x06\xf7\x7d\x97\xbc\x6e\xbe\x50\xe7\x58\x92\x93\xdb\x27\xfc\x7d\xfe\x63\x1a\x4b\xee\x83\xb2\x26\x82\xa7\x73\x28\xc3\x6d\x9d\x7d\x1d\x89\x1d\x65\x21\x7c\xc4\x78\x64\xf6\x80\xdc\x8b\x5f\xd1\xa0\x1a\x0f\x7c\x34\x43\x0f\x77\x06\x0b\x69\x1a\x1a\xd2\x13\xd2\x28\x68\xe6\x1b\xbd\x38\xf4\x3f\x0c\x8b\x4d\xa6\x8a\x58\x31\x86\x66\xc0\x99\x76\x61\x70\xc2\xdb\x76\x6a\xaf\x41\x7f\x55\x6c\xc9\xa0\xa3\x93\x4e\x9f\xce\xf1"},
+{{0x4d,0xd3,0xb4,0x78,0xeb,0xdc,0x59,0x47,0x2b,0xab,0x14,0xa8,0xcd,0xd0,0xc2,0xfd,0xac,0x57,0x23,0xee,0x04,0xdd,0x89,0x17,0xc7,0xcf,0xe7,0xa5,0x36,0x48,0x5c,0x77,},{0x5b,0xcc,0xb3,0x7e,0x68,0xc2,0x34,0xbe,0xad,0x49,0x33,0x7d,0xe2,0x08,0xaf,0xba,0xf6,0x11,0x81,0x1d,0x96,0x58,0x59,0xa0,0x6d,0x31,0x30,0x12,0x47,0xd6,0x6a,0xcf,},{0x57,0x88,0xe7,0x9e,0x84,0x3b,0xde,0x9e,0xf1,0x1a,0x9d,0xfa,0xc9,0x70,0x19,0x6a,0x56,0x7c,0x63,0x08,0xc3,0x48,0xe5,0x17,0x4b,0x38,0x77,0x95,0x04,0x6d,0x59,0x0a,0x47,0x49,0x1f,0xd7,0x1d,0x97,0xae,0xaa,0x78,0xc1,0x61,0x59,0x71,0xb8,0x34,0x90,0xe8,0x59,0x28,0x20,0xf9,0x59,0x2a,0xc7,0x62,0x69,0xb9,0xd2,0xba,0x70,0x29,0x01,},"\x1c\xdb\xd2\x85\x56\xec\x44\xe8\x70\x5a\xfd\xa9\x2b\xd5\xa5\x3f\x95\xd8\xfe\x8b\x0f\xfe\x46\x33\x73\x63\x33\x16\xc5\x22\x74\xc1\x1e\xdc\xd6\x15\x51\xe3\x19\x9e\x49\x4d\xff\x6d\x90\x6a\x73\x9e\x7b\x32\x43\x03\xfc\x47\x82\x7e\x56\xde\xf0\xbd\xcc\x46\xb8\x16\x01\x7c\x71\x23\x05\x37\x02\x63\xba\xbd\x2c\x71\xbe\x47\x8f\x41\xce\x30\xb1\xdf\x63\xbe\xdd\x3b\x2e\x6a\x51\x9c\x53\xdf\x51\x58\x52\xc4\x13\x7b\xc1\xac\xa4\x9b\xf4\xc4\x63\x1f\xd6\x56\x46\x57\xd1\x1c\xd8\x3e\xa7\x3c\xc3\xd0\xcf\x9e\x3b\x3c\x3e\x7c\xa9\x9b\x4f\x12\xa9\xc9\xb6\x7c\x87\x98\x14\x8e\x0a\x0d\xc1\xef\x8b\xf5\x86\x42\xa1\x4f\x97\xa5\x72\x13\x55\x14\xc1\x0b\x19\xaa\xbe\xc2\x5a\x9c\x6b\x35\xaa\x40\x34\xa5\x7a\xae\x1b\x6d\x05\xbd\xe2\xb6\x33\x0f\x25\x1d\x78\xdb\x09\x93\xf0\xca\x4c\x26\x38\x6e\x34\x89\xa2\x09\x28\x33\xb8\xac\xbb\xc4\xf4\x91\x7f\xd3\x09\x3d\xf5\x82\xff\xf7\x1e\xce\x21\x9d\x36\x72\x45\x55\x82\x60\x9c\x0d\xb8\xd9\x6a\x70\xfc\x8a\xed\x67\x98\xde\x54\xbf\xb2\xb3\xee\x6c\x5d\x32\x8d\xb1\x63\x59\x3f\x58\x01\x9f\x38\xf3\x39\xfd\x37\x53\xf8\x96\xa4\xa2\xcc\xa8\xc1\x40\x0a\x77\xea\x39\x19\x35\xf3\x4e\x26\x39\xc5\x60\x86\x08\x10\xbb\xbe\x4b\xe1\xd1\x6e\x01\x2c\x11\x49\x0a\xa8\x4f\x29\x64\xc8\x77\xc2\x93\xb3\x00\xf4\x3d\x37\x9f\x3e\xba\x9a\xf3\x91\xde\xe5\x10\x85\x6a\x4d\xdc\xf7\x6e\x0a\x0a\xe0\x6a\x6a\x7c\x0f\x9c\x5e\x3f\xa1\xb8\x35\x4f\xe8\x97\x7b\x4e\xa3\xb2\x06\x61\x49\x1f\xa4\x61\x3b\xa6\x2f\x55\x6d\x5d\x5d\xa8\x21\x3d\x01\x21\xde\x2c\x87\x25\xdf\x0a\xae\x04\x8a\xc8\x91\xab\xbc\x06\xbd\xce\xf3\xc3\xef\xfd\xf5\xa3\x17\x49\x47\x6f\x81\x4d\xb9\x45\x79\x45\xf0\xd9\x1e\x14\x08\x00\x56\xbe\x92\x1a\x16\xaa\x96\x4a\x92\x98\x22\x1b\x15\x75\x94\x97\x3e\x32\x96\x99\x93\x31\x0c\x87\x07\xe1\x9f\x31\x43\xab\xc4\xfd\xa7\xc8\xad\x01\x60\xac\xf0\x31\xab\xa6\x52\x80\x1a\xa8\x1a\x01\x6b\x31\x37\x03\x9e\x27\xd6\x73\x8d\x02\x80\x0a\x93\xa8\x6f\x9f\x55\x85\xc5\x18\xdf\xa9\xe7\xd8\xac\x72\x7f\x37\x43\x7e\x56\xd2\x78\x83\x86\xe1\x16\x53\xa0\x4e\x16\x51\x69\xf9\x03\x97\x2a\x01\x48\x47\x51\xe7\xcb\x38\x63\x25\x90\xec\x80\xd5\xfc\xe4\x54\x16\x01\xa0\xe0\x95\x78\x5a\x9e\xe8\xd3\x59\xed\xf2\x6b\x99\x46\xe7\x98\xda\x59\x98\xcb\xb7\x36\xf9\x4e\xb7\x13\x46\x3f\x79\xf5\x61\x75\x9b\xbc\xb4\xc4\xac\x69\x3c\xab\xf2\xe1\xe0\x36\xb2\xd0\xb0\x87\x9a"},
+{{0x07,0x4d,0x92,0x18,0xc1,0x21,0x7e,0x75,0x82,0x3c,0x90,0xe0,0x10,0x48,0x4c,0x2a,0xdb,0x88,0xec,0xcc,0xd2,0xbd,0xf0,0x12,0x0a,0xa3,0xed,0xff,0xcf,0xcb,0xd4,0xbf,},{0x37,0x35,0xad,0x19,0x19,0x03,0x3d,0x16,0x17,0xb8,0x5b,0xda,0x04,0xb1,0x61,0x21,0xda,0x1d,0x86,0x1b,0x40,0x41,0x54,0xfa,0x96,0x1d,0x49,0x46,0xe5,0x5e,0xcd,0x83,},{0xb1,0xf7,0x1c,0x3b,0xd1,0xb6,0xbe,0xc4,0x33,0x37,0xe2,0x6d,0xee,0x65,0x5a,0x8d,0x5f,0x4a,0x8d,0xad,0x84,0xa5,0x11,0x84,0xb7,0x75,0xb6,0x86,0xfa,0xd3,0x1d,0x80,0x29,0xe3,0x87,0x69,0x27,0xf9,0x57,0x6e,0x90,0xc3,0x62,0x48,0x75,0xfc,0x00,0x29,0xa5,0xc1,0x0a,0x8a,0x0a,0xf7,0x5d,0x7a,0x88,0x0c,0x68,0x44,0xa4,0xa8,0x3a,0x00,},"\x6b\x5a\xa4\x0e\x91\x67\xbf\xdb\x84\x7d\xaa\x7d\x27\x86\xe2\x8e\x75\x33\xe1\xd6\xac\x53\xbe\xb6\xf6\x9b\x59\x53\x79\x5a\x2b\xf5\x9b\xbf\x7d\x14\x19\x26\x96\x8f\x50\x96\x9b\xad\x74\x2a\x4f\xb5\x79\xd3\x25\x0f\xb1\xbe\x4c\x57\xeb\xf4\xf9\x11\x2c\x70\xcd\x9f\x72\xa0\x0d\xb1\xc8\x89\x6f\xe2\xb5\xbd\xa7\xc7\x03\x0f\x49\x7c\x0b\x00\x1e\xa2\x5b\xa0\xd4\x47\xf0\x8c\x36\xdb\x8b\x90\x7c\x2f\x2a\xbb\xbb\x62\x0d\x3e\x8a\x2c\x66\xe4\x17\x12\x85\xad\xca\xad\xd1\xc1\x4f\xe2\x39\xbc\x59\x5f\x09\x83\x96\xaa\x87\x80\xff\xb8\x0f\xe1\x44\x6a\x07\x00\x1e\xc2\x34\xd8\x2a\xbd\xcd\x81\x00\x79\x39\x15\xb0\xb3\xf8\x0d\x84\xe2\x0e\x51\xea\xbc\x79\x78\x06\xf3\xbe\x81\x08\xa4\xf4\x37\x55\x0b\x06\x69\x40\x50\xa8\x29\x31\xac\x40\xc0\xa4\x89\x77\xed\xf6\xce\xd2\x42\x8d\x7c\xfe\xa8\x20\x55\x06\xde\x86\x40\x80\x65\xd1\xa1\x98\x70\xfa\x33\xa7\x08\x10\x37\xb3\xee\x44\x91\xb6\xe7\xf3\xd1\x0b\x14\xa3\x0c\x20\x91\x59\xa1\xc8\x12\x31\xa3\x5f\x03\x65\xb4\x7d\x3e\x0d\xa0\x4a\x32\xc9\x5d\x98\x33\x3c\x44\xf5\x72\xcd\xaa\xa9\x05\xd0\x69\x19\x7f\x6e\x86\x1b\x5d\xfc\xdf\xb9\xdb\x6c\x7b\x0d\x0c\xb0\x0f\x37\xc9\x16\xa1\xc4\xc0\xb8\x98\x5b\x09\xf3\x34\x09\x5e\x12\x83\xed\xfd\xd4\xe6\x2a\x29\x41\x09\x9a\x2b\x69\x36\x96\x60\x4d\x99\x43\x11\xe3\xd5\xf6\x10\x66\x83\xe1\xd7\xa1\xc7\xe5\x3d\xf7\xb7\x90\x94\x7a\x9a\x80\x1a\x0c\xcd\x48\x43\x95\xf6\xcb\xfd\x9c\xa4\xd9\x80\x4f\x18\xd5\x2b\xb0\xf9\x46\xd1\xa8\x9f\x97\xa6\xfb\x06\x80\xa8\xc4\xc0\x57\xb6\x06\x2b\x2b\x9d\xe7\xc0\x37\x48\x79\xb8\xa6\xa6\xd2\xc1\x0a\xef\x78\x05\x08\xeb\x28\xbb\x56\x9a\x08\x35\x09\x44\xc8\x2f\x6e\xf2\x8d\xb2\x30\x4d\xb6\x97\xc3\xae\x1a\xf4\x3a\x50\x0b\x0b\x97\x48\x03\xe9\xf4\x6e\xa2\xa0\x2e\x85\xed\x27\xdd\xa6\x16\xd2\x4d\x6d\xb3\xcc\x4f\x5a\xed\x82\x40\xb1\xae\xa3\xdc\xf6\x9d\xee\x5f\x14\xf9\x5e\x6e\x72\x98\x7b\xbe\x61\x89\xbc\x20\x45\xf0\xd7\x83\xa7\xb4\x7b\xfc\x19\x83\x0b\xc7\xf4\xe7\x98\xab\xe9\x02\x45\xfb\xd4\x3f\x37\xc3\xf0\x36\xd1\xcb\xf1\xe7\x3d\xcb\x1d\x9d\xaa\x87\x37\x9b\x11\x06\x97\x34\x81\xa2\x15\xc1\xf4\xf4\x6c\x16\x03\xa5\xd5\xcd\x97\xb7\x07\x6f\x1f\x5d\xc7\x89\xaa\x6a\x71\xe7\x2e\xf5\x4e\xd3\x28\xa4\xab\x64\x34\x05\x39\xff\xd1\x64\xd0\xec\x64\x5f\x32\x2d\x1b\xc3\x71\x12\xdc\x08\xd8\xc8\x07\x9d\x19\xd3\x7a\xbb\x23\x53\xf4\x8b\x5c\x49\x2f\x80\x6e\xd2"},
+{{0xd2,0xea,0x2d,0xff,0x7a,0xf0,0xba,0x2a,0x6b,0xed,0x7f,0x6c,0xc6,0x8c,0x0d,0xf6,0x64,0xa6,0xb1,0x0c,0xe8,0x01,0xc4,0x2e,0xd5,0xbb,0xe6,0x17,0xbc,0xc8,0xb8,0x4a,},{0xab,0x44,0x70,0x63,0x44,0x02,0x6e,0xd3,0x5e,0x21,0x98,0x29,0x64,0xf7,0xb4,0xdb,0xbb,0xe2,0x07,0xfd,0x27,0xc4,0x67,0x99,0x70,0x1c,0x19,0xa4,0xd8,0x8d,0x1d,0x72,},{0x9a,0xbd,0xb9,0xdd,0x2a,0xb7,0x7b,0x6f,0x5e,0x1b,0x91,0xba,0x0b,0x61,0x3f,0x5f,0x36,0x0e,0xfb,0x50,0x0d,0x3f,0xe9,0x92,0x90,0xef,0x7c,0xa1,0x4b,0xd2,0xb3,0x30,0xf4,0x05,0xa4,0xf7,0xdc,0xda,0xef,0x49,0x23,0xd3,0x11,0x1d,0x40,0xbf,0x03,0x20,0x35,0x33,0x86,0xf6,0x34,0xb4,0x0d,0xe6,0xf0,0x4d,0xe9,0x19,0x0a,0xd5,0x1c,0x08,},"\x03\xab\x5d\xae\xbc\x6e\x70\xd3\x52\x97\x79\x32\xa0\x31\x07\x87\x9b\xd5\x5d\xaf\xd0\xc6\xba\x7a\xd9\x69\x7a\x17\xb1\x27\xb3\xa7\x4a\x3e\xae\xba\xbd\x0f\x8e\xee\xbf\xc0\x48\x3d\x63\xfe\xdd\xe5\x2d\xeb\x46\xa3\x75\x24\x49\xc9\xc4\x49\x5c\x51\xa1\xc9\x1f\x57\xe3\xad\x2e\x6d\x01\xa1\x3d\x0c\x47\x0c\x52\x91\xb8\xe9\x12\x28\x83\x40\x97\x0f\xbb\x85\x78\x7b\x8b\x37\x6d\x72\x17\x52\x50\xe8\xcd\x90\xc0\x78\x88\xbf\xef\x5e\xbf\x50\x86\xc8\xff\x2a\xbc\xdd\x12\xd2\x14\xb9\xc4\x5d\x12\x08\x73\xb4\x60\x2e\x57\xa6\xaa\xb0\xb8\x28\xd1\x08\x4d\xff\xaa\x36\x51\xee\x35\x66\x26\x95\xb7\xf3\x43\x3f\x4a\xb5\x30\xc2\x9a\xc6\xcc\x5b\xb4\x3e\xcc\xd1\xb6\x89\x8b\x9e\xf7\xae\xc6\xd5\xae\xc6\x8d\x5c\x11\x14\xbb\x5d\xf7\x82\x09\x66\x59\x4c\x99\x4d\x64\x08\x91\xb8\xf2\xdc\x5d\x25\x63\x8d\xe4\x35\x49\xd8\x6d\x34\x30\x6f\xf3\xf5\x74\x57\x51\x16\x40\x5b\x9e\x8e\x28\x6e\xe0\xcd\x97\x8a\x76\x00\x2c\x44\x35\xfe\xaa\xc6\xe8\x4e\xae\x16\x54\xf3\x39\xa5\x67\xd8\xd0\x4f\xcf\xa3\xeb\x6a\x04\xb9\xad\xc6\x66\x02\x13\x00\xe9\xee\x59\x72\xb3\xdf\x5d\x4d\x0d\xd4\xbf\x79\x21\xdc\x98\xde\x82\xce\xf2\xd1\xb1\xd6\x1b\x79\x7f\xc9\x96\x8e\x11\x84\x84\xc4\x13\x42\x41\x6d\xdc\x6a\xdc\x4e\xe5\xd6\x87\xd9\x4a\x40\xce\x57\x2f\x42\xa2\x04\x86\x68\xc1\x75\xcf\x7b\x1f\x24\xc4\xef\xd0\x20\x55\x4f\xc6\xf6\x42\xe1\x4a\x57\xba\xec\x23\xe9\x5c\x25\x14\x30\x6d\x0a\x6d\x33\x64\x88\x41\x49\x7e\xac\x48\xea\xbd\x96\xd0\x47\x31\xba\xb0\x8b\xf5\xea\x9d\x43\xe0\xcf\x9a\x37\xfa\xaf\xa7\x32\x86\x9d\x68\xe7\xd5\xfe\x69\x54\xf8\xa3\x19\xef\x55\xda\x1e\x17\x8e\x43\xe8\x4a\x3b\x9a\xa3\xad\x00\xc2\x9b\x1d\x16\x11\x63\xdf\x4b\x79\xf2\x88\xe9\x39\x1d\x70\xa2\xf8\x81\x3d\x66\x62\x2e\x8a\xc3\x33\xfa\x6a\xa5\x31\x1e\xab\xec\x38\x3b\xa4\xcc\x12\x28\x15\xde\x00\x88\x77\xef\xbe\x6e\x12\xc3\x22\xc9\x75\x43\x4a\xfa\xd1\x73\xeb\xe2\x42\x03\xd9\x16\xd5\x75\x78\xbd\x2b\xca\xcc\x78\xf6\xe2\x56\x45\x13\xf8\xd1\x13\xa8\x33\xc2\xc2\x26\xeb\x97\xba\x2e\x23\x36\x1a\x5d\x02\x66\x4a\xb3\x77\xf9\x64\xc4\x30\x0b\xe2\xd7\x7b\x62\xd9\x24\x08\x23\xa0\x98\x84\xdf\x30\x7e\xff\x3b\xe5\x66\x4d\x72\xd1\x1a\xd5\x13\xe1\xbc\x56\x10\xdb\xfd\x10\x09\xdb\x39\xf0\xcb\xfe\x47\x05\x55\xec\x1b\x56\xb8\x71\x67\x07\x93\xd3\xb7\x04\xfb\x06\xee\x95\x0b\x1a\xd2\xa4\xd7\x29\x7c\xa5\x8b\xba\xd8\x10\xc3\xfa\xd4"},
+{{0x7a,0x60,0xcd,0xf1,0x87,0x04,0x60,0xde,0x8a,0xe7,0x78,0x11,0x76,0xd5,0x12,0x7e,0x71,0x20,0x7f,0xaf,0x2f,0x21,0x0b,0xd4,0xdc,0x54,0x73,0x85,0xb6,0x67,0xf2,0xf2,},{0xea,0xd6,0x7a,0x9c,0xf3,0x4d,0x0f,0xf1,0x4e,0x79,0xaf,0xa4,0x6f,0x2d,0xc9,0x96,0xe9,0xac,0x0e,0x3e,0x07,0x63,0x22,0xfb,0xb4,0x00,0x97,0x67,0xb1,0x33,0xf0,0x1b,},{0xb2,0xe0,0x81,0x42,0xbd,0xd6,0x2b,0x78,0x65,0x92,0xc0,0x91,0xf5,0xfe,0x6a,0x9b,0x7f,0x30,0xce,0x13,0x4c,0x3b,0x23,0x6f,0xbc,0x6d,0xfe,0x67,0x34,0xf8,0x82,0x70,0xac,0x58,0xf6,0xd7,0x4b,0x4f,0xd9,0x9c,0x22,0x45,0x1c,0xa4,0x65,0xa4,0x2c,0x00,0x6d,0xb2,0x5a,0xf2,0x15,0xed,0x24,0x1a,0xf1,0x18,0x96,0x27,0xc6,0x05,0x0f,0x00,},"\x9d\xc0\x23\xa5\x25\xd0\x1b\xa3\x51\x37\x98\xb7\x38\xc7\x91\x62\x92\x6e\xbc\xcc\x0a\xdf\x1e\x57\xac\x47\xc2\x0d\xea\x6c\xe1\x37\x5c\x3d\x2a\xaa\x17\x33\xb7\xf0\xc3\xbd\x94\x5c\x33\x5f\xf3\x57\x61\x12\xbb\xdc\x10\xb6\x78\x3b\xa6\x54\xe8\xc6\x10\x47\xf2\x77\x3a\xa2\x29\xbf\x84\x69\x22\xa8\x9c\x6a\x73\xd5\xf1\x05\x1e\x8d\x96\xed\x36\xd7\xd6\x74\x7e\x06\x3a\x7a\xc6\x02\xf1\x9f\xc5\x2e\x02\x1a\x4b\xbc\x28\xb0\x35\x14\xfb\xd5\x1c\x7b\x3f\xd6\x59\xf1\x2d\x54\x7d\x05\x92\xdd\x09\xf8\x73\xc9\xec\xc6\x43\x9c\x7e\x93\x1a\xd0\xe4\x85\x6b\xe3\x1c\x60\x5d\xef\x2e\xd9\xb5\xd1\x3c\x59\x42\xb2\xf3\x25\x39\x7d\xac\x6c\x97\x60\xe9\xb1\xbb\x0c\x06\xf7\x13\xcb\x92\x0c\x23\x4b\xcc\xfe\xe9\xf0\xb8\x5d\xd0\x20\xf7\x98\x8f\x3b\xe1\xcc\x66\xe9\xe5\x1b\xab\xe2\xfe\xe2\x37\xeb\x84\xec\x7e\xff\x94\x09\xaa\x91\xc1\x94\xe3\x0d\xb1\xe0\x65\x01\x59\x55\xde\x97\x46\xbb\xa0\x3f\x7e\xdf\x9a\x58\x75\x12\x40\x9a\x41\x61\xfa\x77\xea\x62\xcc\xf4\x31\x60\x2d\xcd\xcf\x36\x5e\xd6\xbf\x0a\xed\xdd\x32\xf7\xc8\x44\xe3\xa3\x4d\x26\x6e\x28\x38\x2f\x40\x62\xfd\x4d\x6f\x82\x14\x25\x21\x04\xd6\x43\xa9\xbf\xd8\x07\x17\x16\x37\x1c\xcb\xb5\x4c\x8c\xc8\xdb\x79\xad\xd6\x5b\xcb\xce\xa0\xd0\x80\xd8\x40\x28\x03\xfe\x23\x2d\xf7\x0f\x76\x57\x72\x47\xa6\x3d\x55\x83\xbb\xd5\x64\x27\x67\xbc\x63\xf3\xc5\xa7\xbb\x3a\x47\xeb\x12\x98\x4e\x45\x41\xf4\x1f\xdb\x55\x86\x9a\x08\xfa\xde\x66\xc2\x0f\x69\xa5\xa9\xde\x25\xf6\xb3\x6b\xa1\x8a\xce\x5b\x4a\xc3\x36\xbb\x2a\x8e\xbf\x63\x0a\xd0\x3e\x8b\xb8\x73\x1d\x01\xe8\x4b\x91\xd0\x24\xd1\x17\x45\x9a\x74\x89\x2e\x93\xd5\x3b\x61\xe6\xb8\x06\x8e\x4f\x04\xb4\x18\x1f\x03\x87\xb4\x56\x7c\xcd\x45\xe1\xb8\x71\x8a\x2d\x7d\x78\x78\x72\xf3\xdc\xf8\x7a\x15\x93\x5a\xd7\xda\xaa\x74\x4e\xd6\x8a\x28\x66\x6a\x51\xa1\x0d\x39\xfc\x13\x9c\xdf\xe9\xa6\x87\x30\x76\xf7\xc4\x25\x00\x9c\x38\xfa\xee\x13\x5e\x51\x32\x07\xb0\x6e\x7b\xa3\x56\x85\xf5\x07\x2d\xa3\x4b\x60\x45\xb5\x7c\xd5\xd1\xb1\xa1\xfd\xf0\x17\xb8\xaa\x8e\xbd\x27\x52\x2b\xc9\x5e\x47\x90\x87\x34\xe4\x17\x22\xa7\x67\x90\x5c\x5e\xcc\x30\xc7\x24\x81\xb6\xc1\x2b\xf4\xac\xe9\x4d\x5b\xb3\xa3\x15\x56\x91\xb7\x07\x5b\x40\xeb\xf5\x96\x8f\xdd\x90\x3d\x8f\xd3\xcc\x50\xb8\xd6\x46\x48\x59\xb1\x0f\x75\x51\x32\xc6\xd9\xb6\xda\xd1\xd6\xf1\x4c\x41\x85\xb2\x64\xd3\x49\x7a\x4e\x54\x98\x77\xfe\x94\x6e"},
+{{0x33,0x79,0xd2,0x5c,0x11,0x17,0xcf,0x80,0x2e,0xc7,0x9c,0x06,0x57,0x5d,0x18,0xe6,0xbe,0xce,0x4c,0x70,0x93,0xdd,0x43,0xfd,0xee,0x03,0x68,0x5c,0x70,0xb2,0xfa,0x9f,},{0x85,0x25,0x15,0x6f,0xe2,0x9f,0xc2,0xfb,0xf6,0x61,0xba,0x50,0x18,0x2b,0xe2,0x0c,0x89,0x98,0xd9,0x41,0x49,0x3d,0x59,0x33,0xdc,0xa4,0xd8,0xb4,0x1f,0xb4,0x42,0xd5,},{0x4c,0x36,0xbf,0xc8,0x1e,0xef,0x00,0xb9,0xcb,0x3a,0xb5,0x14,0xc6,0xd4,0x51,0xb9,0x93,0x36,0x1e,0x09,0xa4,0xbe,0x4b,0x50,0x40,0x92,0x6f,0xeb,0x0e,0x0d,0x9b,0x52,0xf0,0x3d,0xe4,0x68,0xe7,0xba,0xd8,0x3f,0x37,0x91,0x54,0xbf,0x2c,0x43,0x7a,0x71,0xf7,0x54,0xf3,0xf4,0x07,0x98,0xee,0xeb,0xd6,0x2e,0x55,0xf2,0xbe,0x77,0x14,0x03,},"\x7a\xcd\xb3\x9f\x12\x26\xbd\x3a\xbf\xfa\x50\x35\x0a\x14\x97\xd7\x61\xf8\xf0\xaa\xef\xbf\xbb\xbb\x92\x5f\xf5\x63\xe3\x89\x76\xaa\x17\x2d\x40\x7b\x61\xff\xdf\xb1\xcd\x53\x8a\x4c\xd0\x00\xb5\x78\x18\xa0\xbc\x92\xc0\xe0\xcd\x0a\x5a\xbf\xcf\x57\x83\x00\xf5\xf4\xe6\xce\xfa\x26\x72\x75\xd1\x78\x45\xda\x70\x66\xfd\x4e\x18\x01\x00\x27\x96\x0c\xd3\x95\xe6\x82\xad\x71\xaf\x34\x9b\xbd\xad\x5e\xba\xa0\xf1\x1a\x77\x61\xe1\x9e\xa1\xbe\xf6\x61\x07\x43\x16\x4b\x17\x14\x14\x53\xb4\x72\xae\x2c\x8f\x36\xce\x6b\x08\x0f\x1c\x07\x45\x35\x24\x54\xce\x5a\xea\xe1\x1c\x9d\x75\xde\x3c\x08\x00\x42\x65\xfc\x4c\xa8\x0d\x33\xb2\x6e\xae\x14\x00\xdf\xd8\x97\x7b\xf7\x23\xa6\x16\xda\xeb\x6d\x42\x19\x90\x10\xb7\x3e\x19\x3a\xb7\x2a\x58\xbd\xd2\x48\xa7\xf4\x11\x1c\xa5\x0c\x1d\xe6\x46\xbf\xea\x7b\x4d\x5b\xaf\x0f\x93\xdd\x97\x3e\xe9\x36\x49\xe2\x1e\xc0\xc6\xc4\xfc\xca\x8c\xd6\xff\x69\xdf\x76\x16\x12\x02\x1d\x85\xff\x1f\xb2\xa9\x53\x37\xda\x48\x05\xa7\x6d\x34\x7e\xe7\x1e\xf1\x9c\x0d\xff\xb5\x9f\x15\xf6\x50\x29\x3a\xbb\x97\x21\x05\x3f\x74\x06\x90\x5a\xe6\x83\xf9\x6c\x83\xa3\xa7\x44\x7b\x1a\xfb\x14\xe1\x20\x8c\x63\x9f\x37\xa9\x75\x0b\xa2\x1d\xa5\x55\x2c\xc2\x04\xea\xc4\x53\xca\x03\x62\x82\xf7\xe0\x96\x10\x93\xc3\x9e\xc1\x18\x13\x8d\xcf\x71\xcf\x2d\x28\xfb\x96\xa2\x49\x62\xb5\x2d\x33\x93\xf8\x80\x65\x3b\xcb\xa2\xc9\xb9\xd5\x7b\x77\xc5\x22\xf4\x21\xfc\xf5\xad\x75\xfb\xa9\xcf\x33\x89\xb1\x23\xaa\x97\x52\x17\x13\xff\xf8\x84\x67\xde\xb8\xc8\x99\x1d\x4b\x57\xc1\x43\x81\x70\x53\x7c\xb5\x0c\xdc\xc6\x57\xe5\x0e\x5c\x48\x0e\x12\xc0\xd4\x49\x39\xb6\x39\x99\x44\xe7\xc7\x1e\x18\x6c\x2a\xbb\x81\xfc\x57\x34\x88\x36\xd5\xe5\x7b\x72\xb2\x24\xa6\xb7\x1b\x6c\xaf\x72\x1a\xca\x73\x47\x8c\xb6\xcf\x5f\xb8\x90\x71\xae\x3a\x39\x82\x02\xdb\xb3\x8c\x30\x81\x25\x63\xbb\x9a\x23\x40\x66\x57\xa9\x56\xd3\x05\xa3\x44\x9a\x60\xcc\x86\x41\xb6\x21\x75\xa7\x17\x0c\x23\xbd\x5a\x25\xf0\xf1\x2e\x15\xa7\xed\x91\xfa\xda\x6a\x4a\x2f\x0e\x7b\x15\x5a\x3d\x64\x85\xec\x03\xce\x6e\x34\xdf\x7e\x21\x62\x40\xbb\x28\xa2\xdd\x73\x2f\xf7\x90\xd2\x28\x6e\x20\x0b\x33\xc2\x9a\x31\xa5\xe1\x9a\xd2\xcd\x02\x97\x4b\xad\xc4\xbc\x22\xde\xb7\x50\x4c\x15\x24\x1f\xc1\x06\x0c\x8a\xce\xf4\xfb\xb2\x5e\xc7\x60\x2f\xce\x36\xa2\x7b\xb8\x7b\x6e\x64\x23\xe6\xb4\xf6\xe3\x6f\xc7\x6d\x12\x5d\xe6\xbe\x7a\xef\x5a"},
+{{0xef,0x38,0xc3,0xfc,0x74,0xf0,0x54,0xae,0x43,0xe8,0xd2,0x9d,0x6b,0xa6,0xdc,0x80,0xb5,0xaf,0x84,0x82,0x70,0xd4,0xaf,0x58,0x84,0x4d,0x24,0xbc,0xf9,0x87,0x41,0x4e,},{0x0a,0xe1,0x47,0x8b,0x05,0xfb,0x32,0x99,0x65,0xea,0x0f,0xa9,0x28,0xdc,0xbe,0x81,0xa0,0xbd,0xbb,0x6f,0xf6,0x6c,0x81,0x16,0x71,0x63,0x5e,0x43,0x88,0x88,0x80,0x51,},{0x1d,0x3a,0xc6,0xb6,0xbf,0x18,0xab,0x53,0x09,0x14,0x87,0x99,0x48,0x5b,0x27,0x6d,0x20,0x40,0x1c,0x6a,0xf5,0xf9,0xb2,0xf6,0x03,0x23,0x95,0xa3,0xc2,0xf4,0xb6,0x73,0xb7,0x14,0x0c,0x07,0xcc,0x26,0xf4,0xfc,0x56,0xa5,0xee,0x00,0xb0,0x74,0x6b,0x2a,0x80,0xda,0x6f,0xda,0xd1,0x7e,0xdd,0x11,0x49,0x20,0x10,0x1d,0x2c,0x89,0xc3,0x0e,},"\xbf\x29\x0d\xb3\xdd\xa8\x76\x39\x37\xae\x4c\x83\x74\x67\x05\x32\x72\x95\xc2\xc2\x48\x06\x8f\x5a\xb8\x5c\x8b\x5d\x75\x6f\x4e\x3e\x34\x06\x2b\x55\x49\x38\x72\x61\x47\x6b\xcb\xd1\xe7\x33\x19\x90\xf1\x19\x10\xd1\x1f\x94\x60\x7c\x2b\x71\xf6\x5b\x77\x1a\xac\xab\xdc\x10\xf4\x2a\xe9\x18\xdd\x25\x94\xac\x71\x05\x1c\x85\xb3\x30\x77\x9c\x47\xaf\x00\xa5\xb9\x81\x91\xb5\x6c\xbc\xf7\xef\xe4\x1a\x27\xe8\x7c\x67\x71\x68\xc8\xab\xe9\x49\x6e\xb2\xe7\xab\xbd\x0b\x16\x04\x28\x6e\xd1\xa1\xb1\x8d\x26\x4d\x73\x3d\xe8\x7d\x0d\x3f\x80\x55\x52\x8c\x4d\x42\x6d\x7f\x8e\x6e\xd0\x24\xa7\x41\x40\xab\xd3\x54\x00\x79\x62\xa2\xa9\x7a\x5c\x2f\xf9\x76\x54\x6a\x8d\x1a\xc4\x92\x4c\x09\x22\x3d\x34\x8d\xdc\xd8\x71\x0a\x37\x99\xf9\x1b\xb8\x70\xb3\xf4\x6d\x51\xf1\xe7\xf6\x89\x2d\x6b\x08\xb9\x91\x74\x8a\x03\x7a\x86\x7e\xcc\x39\xee\x8d\x64\x62\xa7\x61\x44\x88\xed\xd3\xc2\xba\x61\x5c\xa2\xe3\x78\x54\x88\x94\x41\xb1\x3d\xc8\x35\xc3\x6b\x38\x65\x3f\x65\x98\x61\x6f\x35\x78\x3e\x2e\x15\x83\x84\xbb\x93\x1c\x90\x1b\x70\x3a\xcb\x39\x91\xfb\x7a\xa5\xba\x69\xd9\xa5\xbd\x05\x70\x24\x29\x61\xa7\x1a\x52\x47\x03\x15\xe9\x82\xe3\x41\xa6\x1c\x64\xa6\x19\xbd\x16\xfe\x81\x19\xaa\xe0\xd7\x50\x3c\xe7\xd7\xe9\x26\x14\x6b\x91\xc2\x89\x2f\x13\x16\x69\xd1\xe3\x9e\x5b\x75\xe9\xc7\x24\x52\x61\x80\x99\xa5\x7d\xc2\xee\x37\x7b\xe6\x58\x75\xee\x01\xbb\x88\xed\x52\x6f\xc3\x94\xe2\xf5\xc8\x12\x7a\x5f\x69\x12\x5e\x67\x38\x5e\xf9\x4b\x1f\x33\xad\x52\x62\x9d\x72\x0e\x31\xc0\x2a\xe0\xb5\x82\x33\x9f\xf0\xf0\xbb\x07\xff\x2b\x03\x0f\x48\xfa\x7b\x69\x27\x16\x50\x1a\xd7\x77\x3a\xd3\x15\x12\x04\xa2\xa5\x40\xfa\x94\x36\xbd\xd4\x20\x2a\x15\x73\x09\xec\x36\xce\xcb\xe5\x8b\x33\xef\xf5\x57\xfd\x33\xe0\x3f\xd3\xeb\x19\x00\x9b\xd7\xa2\xde\xa9\xef\xee\xf8\x78\x55\x67\xaa\xb2\xa4\xc9\x8b\xd1\xf2\xa8\x10\x11\xb3\x43\xa9\xf2\x0c\x44\xc5\x77\xa4\x52\xfd\x54\xba\x21\x02\x9d\x47\x06\x81\x3b\x29\x87\xc7\x6b\xb2\x42\xab\x26\x20\x84\x3c\x22\x60\xb6\x69\xad\x35\x8e\xfe\xe7\xf9\x83\x0d\xc9\xc7\xd4\x78\xa2\xde\x4a\x2c\xf8\xc4\x3d\xa7\x70\xe2\x88\xe2\xed\xbb\x6d\x73\xbc\xf2\xec\xb0\x23\xde\x6b\x2d\xcc\x6b\x16\x6e\x87\xa3\x85\xeb\x0a\xdc\x30\x56\x65\xc5\xbf\xa5\x7f\x25\x0f\xe2\x23\xad\x7f\xf4\x51\x8d\xe3\x9c\x79\xe8\x7d\xc1\x01\xa9\xfa\xa6\x82\x1a\x74\x44\x2b\xfc\xfd\xf0\xa9\xe6\x3a\x50\x9e\x2a\x2e\x76"},
+{{0x7e,0x7b,0x39,0xaf,0x69,0x38,0x0c,0xf4,0x46,0x60,0xe2,0xc1,0xff,0x30,0x83,0x34,0xe8,0x25,0x0f,0xee,0xb8,0x8b,0xe0,0xd4,0x3a,0xab,0xe5,0xe6,0x8b,0x8e,0xf1,0x71,},{0xcc,0xef,0x9d,0xae,0xd9,0x25,0x23,0x53,0x3d,0x4a,0x2d,0xab,0x6d,0x24,0x19,0xf6,0xd0,0x86,0x04,0xdb,0x64,0xce,0x37,0xe3,0x29,0x04,0xac,0x77,0xb9,0xb4,0xa0,0x1c,},{0x10,0x62,0xa2,0xdc,0x9c,0xd5,0x37,0x96,0x75,0xc0,0x4f,0x5e,0x21,0x33,0x8d,0xcf,0xb7,0x7d,0xfb,0xab,0xce,0xdd,0x62,0xb2,0x60,0x71,0x00,0xd7,0x64,0x9a,0x05,0xe8,0x08,0x71,0xe9,0x61,0x23,0x21,0x4f,0x80,0xf4,0xf7,0x3b,0x0d,0x9b,0x06,0xe2,0xd3,0x1f,0x56,0x11,0x9c,0xea,0x69,0xda,0x23,0x47,0xda,0x84,0xa2,0x75,0xb7,0xb2,0x07,},"\xd4\xa3\x97\x6d\xbf\x83\x20\x18\x56\x67\xb5\xa8\x23\x66\x40\xf2\xeb\xc9\xe4\x5e\x6d\x5f\x2a\x8d\x92\x99\x79\x27\xdd\x9b\xc5\xdb\x95\xf4\x46\x34\xbd\x65\x4e\xef\xec\xe1\x0d\x99\xd9\x2b\x46\x71\x57\x91\x64\x50\x04\xac\xcc\x6d\x14\x0f\x32\xa1\xc8\x72\xe5\x4a\xa9\xa7\x49\x3a\xf9\x45\x88\xb7\xbb\x40\x0d\x94\xd4\x58\xd4\x32\x92\x30\x7c\x5a\x1a\x38\x82\xa1\xc8\xa6\xa7\x8d\x9a\x94\x5f\x79\xd6\x4b\x32\x94\xa2\x8c\x3d\x59\xd8\x20\x22\xb0\x09\xcc\x4d\x2d\xa9\x3a\x16\xb0\x71\xc9\xab\x8e\xe9\xa3\x66\x3d\x72\xed\x34\x4f\x15\x1d\x68\xc6\x66\xa4\xb4\x96\x52\xd9\x7a\x46\xd1\x42\xa4\x74\x11\x27\xf3\xc5\x7f\x15\x51\xc4\x09\x76\xcd\x13\x81\xa8\x2a\xea\xe7\xbc\x5a\xdb\x39\x87\x20\xeb\x43\x3f\x08\x99\x48\x7e\xd2\x37\x84\x46\xb1\xa8\xdc\x6a\x33\xfc\xd4\x53\x7a\x05\xfb\x60\x3e\xc0\xa9\x0a\x27\x53\x23\x00\x24\x2b\x20\x00\x10\x86\x21\xb6\x5a\xb0\x00\xbc\x06\x38\x15\x30\xf6\x90\xd7\xe5\x6f\x81\x60\x4d\xac\xff\x19\x10\x71\x50\x40\x41\x0a\xa1\xf9\x44\xc9\x2d\xd9\xbb\xaa\x5b\xd0\x8e\xa0\x0c\x84\x42\xdf\x94\xf0\x85\xeb\x3d\xe9\x73\x35\xb6\x00\x5e\x6f\x84\xf8\x23\xd4\x34\x70\xab\x1c\x67\xda\x12\xad\x44\x99\x36\xc6\xb5\x5f\x9f\xfd\x20\x3d\xfd\x6e\x3f\x33\x30\x9e\x8a\x99\x45\xa5\x93\x20\xe6\x67\x34\xc7\x9c\x48\x14\xdb\xa5\xa1\xc1\x40\x95\xc6\x29\x25\xa1\xe1\x73\x3e\xfd\x94\x81\x7a\x25\xef\x9e\x47\x9d\xd9\xcc\xde\x6c\xa8\xad\xb7\xa8\x05\x3c\x1b\x55\x13\x46\x97\x50\x4a\xf8\x05\x3d\x59\x5b\x84\x46\x40\xb6\x1e\x93\x16\x80\x75\x46\x84\x50\xeb\x5d\xe0\x35\x86\x97\xc1\x04\xaf\xa6\xa3\x79\x6a\x50\x9c\x26\xb4\xc2\x77\xc2\x3f\xff\x42\xdf\x14\x6d\xe5\x5e\x95\xd0\xd4\xb8\x0a\x7a\xa1\x77\xd9\x92\x27\xec\xb2\xa0\x59\x4d\xee\xde\xbb\x9c\xaf\xb1\xa4\x58\xac\xa8\x07\x2c\xc7\xd7\x7c\x71\x75\xf6\x10\xca\x30\x0e\xfd\x7a\xf9\x38\x83\x46\x49\x8c\x22\x99\x15\x64\x50\x0e\x0b\x0a\xa4\xd2\x94\x6f\x18\xe6\xf5\x37\x5a\x84\x82\x86\xf3\x69\x54\xc1\xca\x22\x68\x4c\x69\x28\xc2\xa2\x5c\x7f\xe2\x1a\xba\x4a\x71\x11\xd7\xe0\x5b\xc8\xd7\x0b\x3d\xcb\x4f\x6a\xae\xc0\x64\x84\x5e\xef\x55\x25\xf8\x50\x24\xc2\x57\x0f\x3b\x78\x69\x8c\x4b\xce\xc0\xd7\x1a\xad\x53\x78\xd8\x81\x9e\x1f\xac\x44\xee\x41\x63\x70\x21\x2d\xba\xaa\xe5\x4d\x2a\xf2\x93\x9b\x82\xcb\xaa\xe7\xf4\x2f\xf4\x85\xd4\x5b\x3a\xcc\x21\x09\x0f\x5b\xa4\x1e\xc0\xda\x30\x9e\x52\xef\x28\x38\xd1\xde\x47\x1e\x0b\x7c\xf9\x85"},
+{{0xa9,0x04,0x8a,0xf0,0xc2,0x0a,0x12,0x5f,0x5d,0x39,0xc5,0x0f,0x22,0xb8,0x05,0xae,0x74,0x2c,0xf6,0x4f,0x1f,0xe8,0xdf,0xbe,0x8d,0xfd,0xaa,0x51,0x1a,0xaa,0x57,0x6f,},{0x15,0x86,0x55,0xdb,0x94,0xb1,0x5c,0xa7,0x29,0x83,0x87,0x7b,0x6d,0xb2,0x31,0xa5,0x84,0x3d,0xf5,0xdb,0xca,0x28,0x10,0xa7,0xe4,0x96,0xfb,0x59,0xab,0x71,0x04,0xca,},{0x18,0xa3,0x12,0xb2,0x0d,0x86,0xac,0x33,0x9a,0x58,0xef,0x2b,0x85,0x2d,0x46,0x7c,0x23,0xbb,0x2c,0xb1,0x22,0x7c,0xb1,0x53,0x38,0xaf,0x07,0xfd,0x04,0xb9,0xa7,0x11,0xe8,0x56,0xee,0x5b,0x2c,0x82,0xe3,0x66,0xc1,0x7f,0x86,0x17,0x13,0xd1,0x08,0x8c,0x1b,0x21,0x44,0xd1,0xc3,0x7d,0x05,0xbd,0xc0,0x0d,0x73,0x96,0x73,0x85,0x20,0x00,},"\x8e\xef\x2d\x9f\x5d\x59\x70\x99\x59\xc9\x24\xf8\x7c\x22\x78\x97\x67\x39\x3a\x15\x5d\x5c\x87\xde\x48\x8c\xef\x50\xb7\xbf\x7d\xa8\x70\xe3\xad\xc3\x00\xae\xe6\x60\x3b\x2e\xf0\x87\x64\xd9\x9d\x9e\x77\x51\xe5\xdc\xe9\x2a\xaa\x71\xaa\x18\xa6\x9c\xc8\x23\x13\x4e\x85\x52\xd9\x59\xa0\xdb\xb4\x11\x17\xe0\xa5\x93\xc3\x18\x33\xb6\xec\x21\x72\xdd\xaf\xaf\x78\x48\xdd\xd1\x8d\x28\xd0\xd4\xed\x33\x23\x7e\xc8\x04\xf6\x59\x38\xae\xd8\xe8\xa3\x28\x0d\x42\xe3\x53\xd0\x1b\xe0\x18\x7b\x13\x01\xf8\x3d\x89\x84\x90\x67\xb0\x4a\x90\x31\xf7\xe0\xf3\x3e\x34\x16\x24\x0c\x53\xd9\x26\x5e\xd0\x66\x39\x59\x97\x1f\x41\x7c\xb5\xf2\x10\xcd\xc5\xae\xbc\xb5\xe1\xdb\x7d\xfb\x82\xdf\x43\x58\x76\xa6\xe9\x8f\x41\x5b\x0d\xf8\x69\xf0\xd8\x85\x15\x35\x37\x56\x45\xee\xf7\x0f\xae\xc7\x44\xee\x0d\xc3\xac\xbc\xb0\x40\xf6\x8d\x50\x2c\x2c\x62\xc8\xdb\x45\xeb\xe5\x48\x54\xa4\xb3\x6f\x43\xfe\xb4\x9a\x6d\x1c\x2c\x2e\xa7\x99\x14\xa7\xc2\x3c\x60\xba\xaa\x67\xcb\x47\xb2\x17\x8e\x12\xdc\xe7\x6b\x00\x4c\x87\xb7\xb8\x34\x6e\xfa\xdf\x38\x0b\x9e\x1e\x41\xf6\x31\x48\xda\x51\x78\x1d\x75\xce\xc0\x40\xe4\x26\x88\x20\x21\x1f\x3c\x46\x25\x01\xd8\x08\x99\x89\x4e\x79\xd6\x18\xde\x42\x46\x1d\x78\x5a\xea\xce\x53\xae\x14\xb7\x9d\x33\x50\x1e\xd5\x62\x9b\xbd\xd0\x71\x28\x15\x6d\xb0\x72\x5f\x5b\x4b\xed\x59\x3a\x95\x29\x47\x83\x03\x84\xf6\x1d\xf0\x0e\xe0\xaa\x09\x90\x99\xc3\xcd\x97\x65\xa9\xc1\xc7\xe8\xa6\xa8\x34\x30\xb8\xd9\x86\x7c\x8e\x17\x92\x0a\xd0\xff\x64\xd8\xcd\x2f\xf5\xf1\x14\x38\x8c\xe6\xd4\x3e\xec\x17\x15\xd0\x35\xf0\x22\xfa\x97\x96\x9e\x1a\x5d\xd9\xf5\x8d\x89\x6b\x17\xc1\x22\x1c\x9e\x6c\x85\x55\x59\x72\x35\xee\xda\x6e\xc4\x1b\x0c\x11\x76\x12\xb0\x0c\x5f\x0e\xd1\x81\x6b\x05\x73\x63\x58\x27\x07\xa8\xaa\x0d\x98\xd4\xd4\xbe\x5e\x8f\xa3\x2d\x6c\x9d\x27\x82\x21\xef\x30\x67\xb8\xba\x15\x16\xd9\xe0\x51\xd2\xf6\x8b\x7d\x1b\x15\x1f\x74\xa3\x53\x4e\x78\x12\xc0\x51\xe5\xf2\xb6\x3b\x30\x35\xf8\xe5\x70\x3b\x5f\x68\xfd\x2d\x65\xbb\x75\x65\xe8\xaa\x67\xbf\xd2\xa1\x2c\xaf\x0b\xc5\x48\x11\x97\xa9\xff\x89\xd7\x7d\xf7\xa0\xe9\x65\x5e\xf0\x29\xb4\x3d\xd9\x06\xd0\xb8\x88\xe3\x13\xae\x9d\x1c\x7e\x93\x68\xa0\x13\x52\xd0\x0c\x66\x80\xdd\x0f\x1f\x57\x4a\x58\x77\x34\x8a\x7e\xa2\xc0\xb9\xe8\xe2\x72\x75\x10\xbf\x0c\x9e\xf7\x44\xf3\x69\xeb\x3c\x6c\x4f\xc1\x6a\xde\xb6\xe1\x94\x5b\xe8\x28\x7d\x0f\x30"},
+{{0xf8,0xc9,0x18,0x3f,0x23,0x10,0x5f,0xad,0x0c,0x6e,0x51,0x03,0x35,0x8b,0x58,0x32,0x88,0xf9,0xff,0x6c,0x7d,0xfc,0x91,0x10,0x6d,0x07,0x98,0x7f,0xf6,0x9c,0xe1,0xeb,},{0x4c,0x79,0x62,0x8c,0x95,0x8c,0xde,0x0c,0xc3,0xcf,0x68,0x60,0x95,0xb8,0xa2,0xf4,0x4b,0x71,0x93,0xc6,0x16,0xf5,0x1b,0x21,0xb6,0x70,0xb0,0x38,0xce,0x6f,0x67,0xff,},{0xc6,0xa8,0xbc,0x7a,0x0d,0x5c,0x61,0x85,0xb6,0xec,0xd6,0x03,0x3e,0x42,0x32,0x1d,0x5c,0x87,0x1b,0xf8,0x89,0xbe,0x72,0xbd,0x54,0xcc,0x00,0x83,0xed,0x60,0xa4,0x70,0xb2,0xcc,0x0f,0xb4,0x68,0x2c,0x89,0x4c,0x75,0xb0,0xdf,0x95,0xf1,0xec,0xfb,0xba,0x2d,0x5a,0xce,0xf3,0xe1,0xaa,0xfe,0x54,0xb9,0xf7,0xe8,0x03,0xa1,0xd0,0x15,0x0a,},"\xb1\xd6\x05\x95\x32\x3f\xf3\xc8\x44\x87\x41\x90\xe1\x83\x6e\x41\x01\x40\x9c\xbc\xea\xe2\x8d\x5d\xa8\x1f\xad\x29\x8f\xe4\x7f\x6b\xdf\x44\x74\x5b\x7c\xd0\xd3\x71\x31\xc3\xec\x36\x5b\x92\xf5\xa1\xa6\x9c\x09\xfe\x2d\x9e\x81\xda\x10\xcf\x19\xd8\x5f\xf5\xff\x26\xf9\xe7\xdb\x9f\x07\x93\xb2\x5a\xb2\x6e\x6a\x74\xf4\x4e\xb8\xc4\xf0\x78\xeb\x7a\xd1\x8e\x65\xa1\x62\x10\xd5\xc8\x44\xd3\xce\xf7\x5f\x1d\xaf\x44\xee\xe5\x58\xf9\x0e\x52\x4a\x03\x2b\x6c\xae\x6c\x8d\x23\x36\x7c\x28\xce\x1c\x75\xfc\x25\xac\x87\x43\x39\x77\xd5\x97\x53\x3c\x92\xae\x65\xf2\x91\x3a\x18\x90\x7a\xc7\xd9\x54\x3d\xf2\x41\x27\x74\x39\x43\xfe\xfd\x9c\xf8\x3e\xd8\x33\xf6\x3e\xc8\x36\x72\x33\xd8\x97\xbf\xa1\x2d\x46\x6d\x2c\x4a\x9a\xd7\x0d\x5a\x67\x2f\xc1\x07\x75\xea\x2d\x20\x4e\x63\x6d\xe7\x01\x07\x88\xda\x27\x1d\xf0\x38\x81\xa2\x5c\x8d\xfa\x5a\xf7\x3e\xe5\x59\xf8\x1b\x52\x9b\x35\xaa\x12\x7f\xdc\x0e\xe8\xfd\x36\x9c\x7a\x04\x36\x62\x39\x86\xaa\x64\x07\xfa\x67\xa1\x42\x0c\x46\xf3\x21\x1a\xb8\x4f\x84\x46\x6d\xd5\x8b\xb7\x95\x08\xa1\xfe\xb0\xa5\xa5\xdc\x3b\xb0\xc1\xb2\x48\x09\x82\x62\xa0\x64\xf3\x7b\xb2\xf0\x19\xe2\x90\xc6\x0a\xfa\xa1\x20\x66\x51\xa2\x69\x7c\xaa\xcc\x3e\xcc\x02\xec\xfc\x07\x7f\x27\x2e\x8f\x75\xce\xa7\x1c\x3b\xc3\x35\x6d\x2b\x58\x07\x27\x6f\x19\x55\x00\x1c\xfe\x10\xa6\x17\x16\xb4\x08\x2b\xd6\xf8\x4c\xae\x4b\xb0\xd9\xa4\xb7\x5a\x4b\x57\x62\xf8\x10\x79\xf1\x9d\x7d\x19\xea\xff\x86\x31\xc9\x24\x88\x5b\xd3\xa6\x4e\x12\x9f\x4c\xf6\xb7\x9c\x7a\x98\x29\x66\x55\x11\xe9\xd8\x5c\x74\x5e\xb2\x2c\x1b\x7c\xb2\xa1\x7a\x49\xb6\x28\x5c\xce\x37\xb3\xde\x41\x59\x40\x32\x83\x23\xef\xe2\x4a\x1a\x07\xee\x87\x46\x8f\x65\x10\xe4\x2d\xd2\x06\xfe\x7f\x09\xe3\xd4\x33\xfb\x52\x15\x6a\xe3\x48\x38\x31\x15\x64\x88\x63\xe4\x5b\xf6\xa3\x71\xb1\x7e\x70\xe1\x9f\x96\x27\xd7\xf0\xa5\x8b\x95\xc6\xa4\x78\x8d\x5f\xd7\x86\x2f\x16\x12\xc0\x34\x73\x25\xb7\x97\x65\x1b\xe3\x0c\x3e\x1e\x60\xea\x4a\xe6\x0b\x57\x45\xa3\x8b\x6a\x9d\x4e\xb4\x93\x5d\x6f\x3c\xb8\xd7\x1a\xd3\xf3\x9a\xdd\xa5\xe4\x2e\x22\x19\xde\x0d\x38\x19\x09\xc9\xcd\x31\x7d\xd4\x37\x94\x21\xa2\xa8\x42\x68\xa7\xea\x71\x80\xa6\x4c\x12\x9b\xe1\xe5\xe8\xfc\xbb\xf5\xed\x65\x9e\x9f\x7e\x76\x3c\xe8\x4f\x63\x0d\x54\x07\x95\x4f\x9f\x75\x57\x50\xa6\xdb\xf9\xf7\x66\x07\x17\xde\x8e\x2a\xdc\x1e\x9a\xc9\xee\x31\x65\x4d\x18\x37\xce\xe3\x97\x95"},
+{{0x16,0x08,0x9a,0x1b,0x93,0x2f,0x8d,0x14,0x99,0x56,0x88,0xb4,0x8d,0xd8,0x41,0xed,0xae,0x3d,0xa5,0xcf,0xd2,0xcb,0x16,0x55,0x53,0x06,0xf3,0xfe,0x8b,0xd3,0xed,0xb9,},{0x9e,0xcd,0x9f,0xdd,0x7e,0x0b,0x92,0x3d,0xef,0xf5,0xd8,0x87,0xb2,0x42,0x58,0x5d,0x9d,0x41,0xcd,0x2c,0x7c,0x10,0xf9,0xc3,0x45,0xb3,0x9f,0x63,0x3f,0x4a,0xb9,0x03,},{0x78,0x78,0xab,0x74,0x1e,0xba,0xe2,0x74,0x7c,0x78,0x97,0xcb,0xb1,0xd1,0x05,0x48,0x2f,0x37,0xbe,0x2f,0x5f,0x91,0x79,0x52,0x32,0xcd,0xfb,0xcc,0xc5,0x26,0x60,0x89,0x18,0xe2,0x75,0x6d,0xdb,0x75,0x36,0xb3,0x68,0x0c,0x16,0x2c,0xf8,0xa1,0xef,0x38,0xa3,0x41,0xb9,0x36,0x2b,0xfe,0x5d,0x46,0x8b,0x4b,0xce,0x21,0xdf,0x23,0x4f,0x0f,},"\x58\x50\x02\x32\x38\x8d\x9a\xa4\xb5\xfa\xf8\x5b\x02\x33\x24\x7e\x71\x7f\xd1\x68\x40\xde\x9b\xfd\x0e\xf8\x6e\x01\xe6\x13\x02\x77\x55\x13\xe2\x24\x12\x5e\x0d\x20\x42\x0e\xa9\x49\xf6\xc2\x64\x25\xf7\x00\x77\x91\x1f\x97\x11\x31\x0c\xd6\xfd\x8b\xff\x27\xcd\xea\x11\x48\x0c\x73\xe8\xf8\xb3\xc3\x76\x41\xe7\xe8\xdd\x86\x07\xc1\x64\x02\x18\xfe\xc8\x0a\x02\x09\x28\xb9\x3d\x4d\x55\x7e\xbe\x82\xec\x0b\xb1\x75\x38\x86\x7d\x2c\xb1\x4d\x44\xd3\xea\x72\x7f\xdd\x52\x82\x0b\x0d\xa9\x44\xde\x21\xcd\x5d\xa3\x03\xd7\x76\xfe\x99\xcb\xc2\x64\x83\x65\xe6\xa0\xa9\x8d\x4d\xb1\x50\x84\x26\x61\x76\x8b\xe8\x4c\x68\x50\x7a\x5c\x45\xd2\x07\x84\x0b\x03\x35\x37\x78\x6c\xb2\x1d\xad\xad\x5f\xba\xb9\xc5\xcf\xc1\xe3\x54\x7d\xe5\x50\xd3\x13\x63\x1d\xd4\xfb\xb7\xca\x8f\x71\x93\x86\x27\x60\x8d\x2e\xbf\x65\x5d\xb4\x32\x5a\xbf\x3e\xd5\x04\xdc\x18\x30\x58\xf9\xde\x1e\x44\x93\x12\xd9\x04\xc8\x46\xa1\x84\xa0\x28\xf3\x64\xc0\x28\xb2\x7e\xb4\x94\x64\x27\xe3\x1c\x21\xe1\x05\x1d\xf3\x64\xd4\x99\xf4\x77\xbf\x51\xe7\xa8\x89\x31\x83\xe5\xec\xf7\x7d\x51\x3a\x1a\x76\xb1\xa6\xfd\xfb\x16\xbe\x90\xd7\x4b\xe4\xc4\x34\x5a\x4f\x9f\x87\xee\x44\x1a\x10\x22\xd6\x7e\xe8\x44\x78\x9f\x21\xb0\xc3\x1a\xdc\xc0\xd9\x56\x63\xcd\xfb\x40\xa8\x95\xb9\x22\xdc\xe8\x06\x9b\x93\x2c\x80\x2f\xd3\xab\x1e\xf0\xce\x6b\xff\xdc\xc5\x65\x3b\x1c\xd5\x25\x7e\x19\xa0\x95\x16\x87\xe5\x45\xfa\xf4\xaa\x66\x06\x5a\x55\xc4\xb4\x19\x1e\x34\xe8\x04\x7d\x6a\x4a\xb5\x2d\x1b\x06\xc3\x69\xa4\x26\xca\x2d\x16\xb5\x1a\x02\x71\xf2\x7f\x8d\x74\x4c\x71\x1f\xce\x3a\xad\x9d\x4a\xc0\x38\xee\x70\x0e\x4e\x97\x1b\x21\xca\x48\x9f\xf2\xb8\xc7\x78\xa3\x72\x1a\xdf\x47\xc1\xae\x5a\x41\xb9\xa2\x7f\xa7\x42\xfd\x0f\x18\x16\x4e\xf3\xc2\x6b\x8a\xe7\xd1\xfa\x29\xb7\xc0\xcc\x46\x83\xbe\x65\x02\x5c\x96\x53\x7a\x12\xd5\xfc\xeb\xbd\x05\xe9\x30\xc3\x69\x3e\xbb\xba\x0a\x78\xad\xf5\x9d\x8a\x3b\x59\x8a\x34\x8e\xaa\x9f\x47\xca\xf5\x31\xfe\x44\x96\x52\xdb\x5b\x20\xd6\x89\x94\xe3\x5a\xfe\xc2\xc2\x57\x09\x05\x5a\x1d\xe2\x60\x82\xe3\x91\x2d\x49\x7c\x64\x77\x20\xa3\xf8\x73\x62\x14\x56\xe6\xa5\xb9\xeb\x61\x3a\xcb\x43\xb6\x6d\x47\xd0\xb9\x54\xc6\x9e\x8f\xbf\x2c\x5e\x63\x4c\x48\x6e\x57\x24\x93\x0e\x0b\x56\xa5\x16\x94\x0c\x8c\xb0\xe7\x75\x27\x4d\xef\xf9\x7c\xbb\x77\x59\xce\x90\xa2\xb9\x3e\x9e\xfa\xa6\x24\xe6\xb3\x8a\x39\x84\x9d\xca\x1d\xf6\x12\x73\x6f"},
+{{0x94,0xd5,0x09,0x15,0x14,0x4c,0x7e,0x7d,0xd0,0xf8,0x5f,0xef,0x87,0xed,0xdc,0x22,0x06,0xc1,0x56,0x9e,0xd1,0x43,0x1c,0x8c,0x5a,0x15,0x3e,0x32,0xe1,0xcb,0x2f,0xb7,},{0x3b,0xb0,0x98,0xcf,0x16,0x0f,0x3a,0xec,0x31,0x70,0xb5,0x7d,0x6a,0xdd,0x4f,0x56,0x73,0x92,0x70,0xe4,0xb3,0xa8,0xef,0x79,0x66,0xec,0x30,0x61,0x9b,0x29,0x91,0x02,},{0x59,0xa1,0xce,0x55,0xf5,0xa6,0xba,0xdc,0x1b,0x93,0x91,0x26,0x36,0x20,0x54,0x2c,0xfc,0xae,0x87,0xa0,0xf2,0xb9,0x50,0x22,0x50,0xcf,0xe4,0xbd,0xcb,0xf7,0x6c,0x46,0x19,0x77,0xc3,0x34,0xa4,0x8d,0x91,0x6e,0xde,0xbd,0x56,0xc2,0x1c,0xe2,0x17,0xc3,0x5a,0x64,0x44,0xcf,0xbf,0xd3,0xb1,0x1a,0x3d,0x48,0xfa,0x2e,0xdb,0x6e,0xb4,0x0f,},"\x4d\x91\x5f\x27\x33\x2d\xd7\x50\x51\x71\x9a\x24\xae\x8d\x0e\x9c\x30\xda\x79\x09\x99\xe2\x2d\x9b\x58\x7e\xf2\x03\x21\xbe\xe4\xc0\x7d\x0a\x12\x49\x4f\xfe\x59\x9f\x47\xf9\x69\x25\xf5\xd9\x25\x17\xfc\x3e\x5f\x04\x1d\x0c\x70\x9f\x2a\x97\x83\x12\x5e\xec\xa6\x65\x29\x97\x20\x1c\x42\x9a\xa6\xf1\xce\x2f\x07\xa0\xd4\xa0\xa1\x8c\xf2\x0b\x3e\x9a\x4f\x76\x63\xea\x52\x62\xca\xd8\xf9\x49\x41\x1b\x05\xff\x5c\x5e\xdd\x7b\x30\xb2\x17\xd7\x5d\x8c\x86\xc9\x4e\x5f\x92\xc1\x67\x34\x37\x4e\x8c\xea\xd6\x1b\x0b\x27\xbb\x4b\xf5\xf4\x3a\x31\x3c\x1d\xd5\xb8\x3e\x0e\xa9\x33\xb6\xca\xdf\xed\xd7\xa6\x4a\xa5\xdd\x5b\x5d\x02\xc6\x95\xea\x20\xe0\x91\xfd\xaa\x72\xef\x4e\x7c\xa4\x0f\x38\x39\x5b\xe8\xbf\x7a\x25\x5c\x6d\x06\xa6\x32\xd7\xd7\x85\xd9\xe0\x47\xf2\x32\xaa\x50\xfa\x14\x52\x9f\x98\x6f\x9e\xf9\xd7\xb5\x80\xa0\x39\x65\xb0\x15\x47\x88\x82\x2a\x22\x5b\xb5\xab\x34\x38\xb8\x9a\x5c\x28\x74\x4a\xb0\xbc\x0b\x20\x14\xe5\x79\x6a\xcb\x49\x35\xa8\x1b\x02\xa0\x46\x32\xac\xb8\x8c\xaa\x7e\x39\xe0\x69\xc7\xc8\xe1\x75\x82\x91\x09\x4a\x53\xe3\x62\xfc\xed\xaa\xa5\x83\xec\xa7\x66\xef\xeb\xf6\x9b\x38\xe8\xcd\xe9\xce\x58\xe0\x12\xc6\x0e\xc8\x8e\x8c\x42\xbe\xad\xfa\x83\x8c\xfe\x44\x0f\xa0\xc0\x1d\x65\x9c\x96\x34\x57\x6d\x7d\x7a\x2d\x3a\x04\x4f\x99\xc6\xe4\x26\x3d\x4c\x0b\x37\x4a\x38\x8a\x2a\xcf\x38\xef\xf2\x9c\x77\x7e\x9d\xaa\x60\xd5\x98\x03\x5a\x7d\x9e\xdf\x67\xa5\x02\xc3\xf5\x73\x20\x7b\x11\x9c\xac\xac\x3f\xa7\x1e\x2a\x02\x07\xc6\x01\xcc\x0d\xd6\x37\xef\x56\x2b\xac\xc3\x5c\x57\x04\x27\x38\xf1\xf5\x58\x15\xa5\x26\x80\x82\xcd\x6a\x50\x82\x92\xfa\x29\xe3\x4e\x96\x45\xd8\x7a\x1a\x2b\x6e\x58\xad\xb7\xf4\xa5\x7f\xbb\x53\xe9\x21\x3e\xf3\xdc\x87\x3f\x29\x39\x62\x58\xa1\xea\x54\x6f\xb5\x95\x2c\xe3\x43\xce\xe9\xbb\xb9\x0c\x1c\xda\x72\xc6\x5a\x7c\x8e\x40\x31\x2b\x32\x8e\x23\x19\x20\xc2\x33\x07\x7d\xca\x34\xd0\x4f\x9d\x89\xda\xa9\xa2\xf4\x34\x59\x16\x5f\xd1\x02\xff\x56\x43\xc7\x17\x52\x30\xb3\x9e\xc7\xc3\xc4\x75\x65\x0e\xf1\x31\x60\x9d\x32\x20\xf5\xa2\x94\xa4\x03\xb1\xe1\xc4\x2c\xfa\x16\x2c\xd4\x26\xf0\xae\x43\xfd\x6b\x7a\xb5\x47\xa6\x2b\x7d\x5f\x84\x74\x03\xc4\xe5\x98\x79\x53\x87\x71\x58\xcf\xde\xe2\x3c\x04\xf7\x51\xc7\xc8\x6d\x07\x8e\x82\x4c\xa6\x3b\x5e\x65\x54\x3e\x97\x8b\x6b\x0c\xc6\x89\xef\x66\x44\x12\xb0\x1b\x8f\xf1\x65\xe7\xdb\xde\x3c\x09\x9b\xf4\xf3\x4e\xbd\xdc\xb4\xc4"},
+{{0x0d,0x81,0x92,0x6f,0x51,0x3d,0xb4,0xb2,0x5d,0xfa,0x1e,0x52,0xb5,0xdc,0xa6,0x78,0xf8,0x28,0xa6,0x1c,0x7c,0x91,0x3c,0x82,0x82,0x47,0xc2,0xeb,0x04,0x22,0xb7,0xd1,},{0x0f,0x32,0x41,0x1e,0xf9,0x1d,0x4e,0x4b,0x69,0x41,0xdf,0xca,0xab,0x14,0x2e,0xf3,0xbe,0xc1,0x60,0x98,0x39,0x93,0xa5,0x26,0x2c,0xcf,0x27,0xfa,0xdd,0x2a,0xf8,0x90,},{0xe0,0xcb,0x6c,0x71,0xeb,0xf8,0xd7,0x05,0xe5,0x0c,0xad,0x9f,0x0b,0x8c,0xba,0x3e,0xcf,0x4b,0x9e,0x37,0x93,0x40,0x00,0x92,0xaa,0x5b,0x12,0x1e,0x7d,0xbb,0xc8,0xbe,0xa7,0x1d,0xf2,0x95,0x28,0xca,0x9b,0x47,0xab,0xf8,0x7c,0x19,0x8a,0x8d,0xc4,0xe1,0x4d,0x51,0x80,0xce,0x93,0x2d,0xd2,0x11,0x4a,0x3c,0xda,0xa5,0x55,0x2c,0xc2,0x05,},"\xa9\x38\x37\x52\x2f\x7e\xc2\xe9\x3a\x2e\x4b\x4c\x8b\x46\xde\x92\x6a\x81\xad\xa2\xd2\x48\xbc\xd3\x3b\x39\xb6\xc9\x5f\xb6\x2a\x61\xdb\xbe\xda\x1a\xa8\x5a\x21\xd9\xb9\x6a\x08\x51\x0d\x8d\x3a\x65\x8c\xf3\x20\xa1\x09\x28\x69\x59\x99\xd2\xc0\xd6\x05\xc7\xf9\x5a\x12\xf5\x6a\x87\x18\x50\x7d\xb0\xf4\x97\xe3\xea\xd6\x13\x13\x2a\xb0\x92\xcb\xf1\x9d\x22\x60\x35\x86\x30\x35\x8d\x9b\x26\xe6\x8d\x50\xdd\xae\x37\xc8\xaf\x0b\xb7\xd2\x74\x1f\xd2\x92\x9c\x21\x27\x9a\x78\xd1\x0e\x2c\x5f\x3c\x5b\xf4\xa4\x2a\x36\x17\x03\x6d\x54\x74\x36\x47\x76\x5a\xfd\x8c\xd9\x10\xf8\x1b\x38\xce\xd7\x23\x90\x63\x0e\xe6\x89\x44\xa3\x7d\x29\xc2\xfe\xca\xda\x1c\xc5\x9e\xc5\x44\x07\x5b\xdb\xc1\x4c\x63\xc6\x23\x4b\x88\x40\x49\x00\x0c\x27\xc7\x34\x06\x03\x56\x04\xfc\xa8\x76\x0b\x49\xa5\xe2\x10\x9e\xf9\x12\x85\xad\xc4\xec\x48\xc8\x19\xd6\x2d\x94\x8f\xac\xa9\x0f\x62\xcf\xae\xf0\xb0\x7d\x6f\xe5\x76\xd7\x62\xbf\xd0\xee\xf9\x4c\xf6\xb5\x33\x2c\x4d\x42\x25\x11\x60\x7f\x2f\xac\xc7\xac\x04\x6a\x59\xb9\x61\x7e\x83\x83\xd1\x02\x9c\xc9\x1a\xc5\x92\xb5\x20\x84\x41\x30\x32\xbe\x84\x1b\xaa\x9b\xf9\x62\x51\xa6\xbd\xa6\x71\xd4\xcd\x4b\x12\x5d\xa6\x58\xa4\xe5\xa5\x0f\x44\x28\xee\xbf\x26\x14\xfb\x0c\xe5\xfe\xbe\x80\xf7\x21\xa5\xf4\xc0\x32\x55\x06\xd2\x7a\x8d\x31\xe3\x3d\x86\x25\x38\x70\xdd\x63\xc0\x8e\xdc\x73\x02\xb2\x80\xe9\xb9\xbd\xc2\x8b\xee\xf0\x5c\x7d\xcb\x30\xd4\xc1\x62\xe9\xbe\x83\x2e\x1c\x78\x5e\x37\x55\x12\x18\x42\x1e\xec\x85\x2c\x42\x98\x21\x3b\x2f\x27\xf8\xf8\xc7\x06\xd3\x91\xb9\xc6\x9a\x56\xdb\x7c\xe5\xd8\x15\x48\xfc\xa5\xfe\xd4\x56\xf2\xd8\xaf\xd0\xb7\x5f\x79\xf8\x58\x68\x31\x6f\x4a\x09\x21\xf0\xc6\x63\x99\x26\x51\x6b\x3c\x3e\x52\xa9\xcb\x22\x55\x45\x46\xef\x70\xe1\x4c\x77\xec\xbd\xcd\x5c\x0d\x59\xa8\x17\x69\xb3\x0d\x5d\x13\x1f\x2f\xb4\x49\xc9\x96\xb8\xde\x8a\xc7\xf8\x08\x4f\x84\x99\xe1\xa5\x6f\x7c\xd2\x9d\xb6\xaa\xef\xcc\xae\x8a\x60\xe7\x56\x16\xa1\xf7\x02\xc3\xbc\x8d\xea\xa1\x00\x4a\x8d\xae\x03\x92\xa5\x9c\xee\x54\x81\x0c\x6e\x94\x0e\xee\x25\xfb\x2e\x5d\x57\x32\x67\x04\x4b\x89\x3f\xfd\xe3\x78\xfe\x75\xac\x26\x13\x37\x3d\x84\xa0\xca\x81\x87\xaf\x4a\x33\x58\xe5\x0a\x99\x4e\xd0\x33\x67\xde\x64\x5e\x10\x39\x0f\xea\x4c\x33\xbb\x1a\x6c\x0c\x39\x85\x8b\x8d\xb4\xa6\x9f\xe8\x94\xa4\x22\x3d\x45\xaf\x69\xb3\x6c\x61\x17\xc4\xdc\x25\xde\x49\xa6\x30\x17\x00\x2b\xa9\xae\x55\x1e\xf9"},
+{{0x6c,0x8c,0x53,0xb5,0x6b,0xbc,0xb4,0xc0,0xa2,0x5d,0xc4,0x0c,0x18,0x24,0x0b,0x6a,0x5c,0x75,0x76,0xb8,0x9d,0xde,0x45,0xef,0x13,0xfb,0x15,0x8e,0xa1,0x7f,0x8e,0xd9,},{0x23,0x8e,0x51,0xd6,0xa4,0x4f,0xa7,0xac,0x64,0x26,0x88,0x01,0x26,0x1e,0xa3,0x5b,0x62,0x63,0x8a,0x00,0x6c,0xc4,0x52,0xbd,0xdb,0x9f,0x16,0xfc,0x58,0x03,0x06,0x0c,},{0x4b,0xf1,0xe7,0xd4,0x9c,0xd4,0xd5,0xc3,0xc1,0xfd,0x4a,0x4b,0xc4,0x8f,0xf6,0xb6,0xe5,0x2f,0xd9,0x51,0x0a,0x41,0x18,0x12,0x29,0x69,0x96,0xe4,0xfe,0xc5,0x6b,0xe4,0x45,0x14,0xc5,0x67,0xd1,0xd3,0x34,0x77,0xbd,0x5d,0xc0,0x83,0xc3,0x95,0x8b,0xd9,0x5b,0xfe,0x59,0x9c,0x15,0x3f,0x21,0xae,0x26,0x25,0x29,0x67,0xb7,0x32,0x60,0x03,},"\xb6\x0d\xf2\x94\x4b\xa0\x15\x75\x98\x02\xd3\xc5\x87\xbc\xfe\xbe\x52\x1a\x7e\x77\xb9\x98\x5b\x76\x1c\x96\x76\x45\x4d\x24\xa6\x64\xaf\x0b\x0d\x44\x22\x5a\x55\x75\x12\xe1\xc1\xcd\x7d\xd8\x33\x5c\x8f\x6a\xdf\x92\x8e\x18\xf8\x9f\xd5\xee\xdf\x6f\x41\x1d\xcd\xaf\x99\x69\x12\xe8\xc3\xe2\x3d\x1c\xb9\x5e\xca\x4b\x9e\x24\xe7\x53\x9c\x3b\x98\xbf\x3d\x07\xec\x25\x13\x92\x09\x6c\x19\xac\x53\x74\xdc\xba\x52\x61\x32\xb6\xd9\xbb\x8f\x6c\x85\x9c\xe9\x85\xd5\x84\xc7\xbb\xa5\xb0\x2a\x81\x03\x4b\x6d\x8b\x52\x1b\xd2\x80\xe5\x0d\x77\xda\xa2\xb2\x41\x3e\xd6\x79\x83\x4f\x81\x61\xd5\xd0\x57\x3b\xdd\x47\x6a\xc3\xcd\x0a\x3a\x7d\x8d\xb4\x53\x34\xe8\x9c\x00\xab\x66\xbc\x36\x8a\x07\xb4\x23\xe2\x46\x43\x46\x36\x27\x2a\xa4\xe4\x63\x7a\x53\x06\xb2\xc3\x39\x79\x92\x78\x1f\x30\x23\x8d\xe7\x9e\xc1\x04\xac\xc7\x20\x0d\xef\xad\x96\x08\x83\xd3\x91\x44\x3e\x70\xef\xbd\x22\xf1\xcf\xce\xec\x51\x12\xfe\x9e\x8e\x13\xbb\x94\x1c\x08\x34\x68\xdd\x71\xff\xca\x97\x6c\xd5\x1c\xe1\x61\x79\x31\x10\xef\x00\xaf\xf5\xee\x2c\xcb\x77\x06\xa5\x12\xb8\x5b\xeb\x94\xac\x49\xd1\x9a\xfb\x63\x33\x65\x5c\xf3\xae\xa5\x35\xa6\xf9\xc7\x5e\x03\x48\x41\xe7\x63\xc5\xa2\x49\xb4\x70\x4e\x1b\xe7\x8b\x0e\xca\xc6\x80\x2c\x34\x3c\x1b\x7e\x7b\x57\x70\xde\x4c\x93\xa3\xa7\x9c\x46\xe6\x83\x5d\xa8\xae\x5d\xb3\x83\x8e\x17\x96\xb5\x64\xa4\x80\xa4\xf2\x90\xb6\x0a\x1c\x63\xa7\x25\xff\x3f\xef\x43\x4d\x2a\x0b\x3d\x89\x31\x97\x87\x42\xb5\x25\xc8\x3b\xae\x67\x94\xae\x64\x19\x37\x94\xb3\x70\xc2\x89\xba\x35\xed\x79\xd3\x70\x72\xa8\xdc\xfc\xad\xb4\x6d\x5f\xfa\xee\xba\x1b\xfd\x4f\x87\xd7\x66\xb5\x04\xe6\x2b\x4a\xcd\xd7\x74\x46\xe7\x9b\xa9\x94\xd6\xdb\xf4\x76\x5e\xbd\x74\xb0\x36\x51\x00\xda\x56\x16\x2c\x36\xfe\x5a\x95\x07\x7f\x6b\x42\x65\xe8\x17\x96\xb4\xa5\x74\x43\x78\x29\x70\xb9\x6c\xb4\x56\x9b\xa9\x85\xc5\x5f\xe3\xa7\x18\x38\x0b\xca\x39\xf1\x66\x24\xf8\xe4\x7c\xc6\x3c\x1b\x6f\xa1\xbd\xe1\xae\xba\x9c\x51\xf9\x4b\x70\x2b\x13\x10\x8c\xc1\x48\x1d\x42\xe6\xfa\x98\x1e\x3e\xbf\xe0\x64\xd2\xdc\xa7\x42\x0c\x74\x59\x57\x92\x31\x2a\xe3\xfb\x91\x01\xd4\xb6\x6d\x99\x16\xdf\xd6\xc1\x3a\xe8\x83\xe6\x61\xc6\x28\x22\x8b\xe9\x79\x4c\xf6\x03\x45\x07\x6d\xb2\x61\x84\xb6\x17\xe2\x72\x29\x8c\xd4\x18\x3f\x27\xbd\x52\xd4\x05\x10\xbb\x01\x5d\x20\x97\xd4\xcc\x76\xe7\x6c\x0a\x62\xbb\xfd\xaf\x53\xc7\x26\x87\x75\xbb\xfb\xdb\x88\x70\xeb\x9b\xab"},
+{{0x69,0xb3,0x20,0xfb,0xd4,0x77,0x40,0x30,0xa2,0x97,0x67,0xa0,0xcc,0x15,0x50,0xd1,0x0b,0x74,0x9b,0x44,0xd6,0x19,0xd4,0x1d,0xce,0x11,0x46,0xf7,0xac,0x80,0xa7,0x55,},{0xdc,0x50,0x8a,0x79,0xc6,0xb8,0xab,0x86,0x6c,0xd1,0x17,0xa5,0xa8,0x4d,0xd9,0xd9,0x31,0xfd,0xa4,0x50,0xbe,0xc2,0x93,0x35,0x34,0x4d,0x0d,0x21,0x92,0x16,0xd6,0x5e,},{0x69,0x7d,0x4d,0x89,0x7e,0x0e,0x2c,0xc0,0x2b,0xc1,0xc2,0xdd,0xa5,0x7f,0x0d,0xda,0x62,0x0b,0x37,0xe8,0x61,0x82,0x2b,0xb7,0xf1,0xa7,0x01,0x93,0x5e,0x95,0x9e,0xa0,0xd8,0x45,0x3f,0x74,0x6f,0xb9,0x2c,0x08,0x7e,0xd6,0x5d,0x98,0x0e,0xea,0x1d,0x6f,0xdb,0xf2,0x3e,0x99,0xb2,0x89,0xaa,0xe0,0xdc,0xbb,0x12,0x8e,0xf8,0x36,0x64,0x0a,},"\x21\x7e\x33\xf8\x86\x22\xc9\x6f\x8d\x09\x2c\x9e\x26\x66\x4f\xe9\xef\xc0\xd8\xd2\xeb\x59\xa0\x36\xfa\x46\x4c\xee\x65\xce\x44\x89\xca\xf9\x03\xdc\xe1\x7a\xfa\xfb\xc4\xf1\x8d\xc9\xbb\xfd\x6c\x1a\x4b\xe7\xb8\x34\x85\xa6\xca\x94\x7d\xef\xb1\xd3\x51\x25\xd0\x77\x39\x62\xa3\x44\xa3\x8b\x6d\xca\x9a\x40\xc3\x1c\x1c\x4e\xb2\xd7\xf6\x81\x8f\x97\x8e\x57\x3d\x66\xb9\x90\x92\x1b\x92\xb7\x77\x47\x1a\x4f\x6f\x05\x47\x7e\xbc\x35\x3a\xce\x1d\x86\xb0\x0c\xc2\x51\x77\x7a\xaf\x6a\xf3\xaa\x11\x79\xbf\xf7\x8d\xf5\x04\x8e\x5e\xf2\x99\x68\x67\x0e\x53\x54\x83\x56\x8d\x6b\xb1\x6d\xa8\x29\x56\x8f\x81\xc7\x99\xb9\xaf\xd4\xaa\xd6\xef\x08\x52\x52\xc0\xce\x3a\xc0\x1a\xc2\x1a\x9e\xa6\x9b\xd5\x8e\xad\xc6\x69\x68\xf5\x5d\xee\x38\x6b\x65\x3f\x33\x34\xef\xc3\x98\xef\x3c\x37\xa3\x8c\xe9\x3b\x21\xf1\x07\xcc\x54\xde\xc2\x6f\x53\xfe\xe5\x60\x4e\xb0\x9a\x36\xaf\xe6\xb6\x65\xb6\x32\x4a\x84\xc7\xda\x7b\x7d\xd0\x1d\x92\x78\xe4\x72\xf1\x5a\x5c\xe9\xff\x0f\xd9\x3d\x0a\xa0\x60\x4d\xd2\xdf\x8d\x5b\xf6\xa9\x12\x73\x4e\xc5\x1d\xe7\x7f\x0c\xe0\x99\xba\x11\x67\x02\x10\xa6\xa2\x06\x10\x6b\x0e\xde\x2d\xed\x85\x8a\x6b\xc4\x11\xe7\x61\x3e\x6f\x80\xe1\xaa\x52\xc3\x23\xe3\x0f\xa8\x49\x95\x1c\xc9\xb7\x76\xe4\xcc\x58\xc9\x0c\xfc\x8f\x44\x2d\xf6\x41\x51\xa7\xfd\x4a\x3d\xd6\x1a\x43\x36\xda\x21\xd0\x39\x44\x63\x5d\x3f\xd6\x67\xbe\x74\x1e\xf4\x5b\x1f\x7c\xb2\x76\xd9\xf4\xde\x81\x07\xde\x64\x58\x2f\x79\x17\xc6\xea\xb3\x8e\x0a\x88\x90\xa4\xbe\xe4\x8b\xc9\x26\x17\xa3\x61\xcc\x7b\x1d\x25\xe0\x89\x45\x3c\xe0\xa5\x25\x44\xf8\x68\xdc\xb3\x24\x9d\xe7\x61\xe7\x9d\xf6\x3e\xfa\x07\x94\xe3\xc4\x61\x8c\x55\x47\x53\xee\x28\x1c\x52\xac\x8a\xd7\x8d\x53\x38\xf0\xda\xc3\x60\xa7\x69\x38\x1b\xb4\xa3\x9f\x19\x0b\x88\x7b\x47\x23\x80\x6a\xc4\xa4\xf2\xff\x30\x4b\xc6\xf9\x33\x7a\xb5\x4c\x86\x6e\x6b\xa5\x1d\xf5\x0c\x43\xea\xb5\x2e\x2b\x39\x79\x4c\x99\x17\xe0\xc3\x14\x33\xf0\x36\x81\xd2\xf1\xd9\x3a\x04\x36\x01\x8c\xaa\xae\x20\x20\x6a\x34\x58\xad\x6c\x03\x7a\xcb\x51\x1e\xf1\x28\xf6\xdc\xd0\x53\x05\xf0\x70\x49\xa1\x3b\x6c\x6c\x3c\x5b\x81\x70\xf1\x58\xc8\xf1\x2d\x46\xe1\x60\x93\x1b\xa1\x8b\xd5\x9a\xe1\x29\xec\x07\xa0\x65\x5f\xa4\x82\xeb\xbd\x3b\x85\x0d\x36\xb8\x32\xbb\xb7\x75\xf5\x38\xe3\xc1\xb3\xa4\x3e\xcf\x94\xca\x63\x0c\xa1\x5d\x50\x28\x13\xee\xd3\xe3\x5e\x8f\xd2\x3d\x2a\xb6\x38\x60\x04\x27\xd1\x59\x7c\xb2\x9d\xa2\xa5"},
+{{0x66,0xda,0x8b,0x25,0x4a,0x37,0x06,0x73,0x78,0xf6,0x81,0x38,0xaf,0xed,0xd6,0x64,0x96,0x59,0x6a,0x05,0x85,0x52,0x4c,0x71,0x6b,0xde,0x2b,0x31,0x24,0xc3,0xe7,0xd1,},{0x85,0xbd,0xe2,0x8a,0x92,0x2a,0xb5,0xee,0xaa,0x4a,0x62,0x94,0x52,0x1a,0x2c,0xca,0xc0,0xef,0x23,0x03,0xdc,0xdf,0x8c,0x7f,0xee,0x22,0x8f,0xb4,0x55,0x20,0x12,0xe7,},{0x40,0x82,0xa5,0xbc,0x73,0x0f,0xb5,0x4b,0x6b,0xd0,0xbc,0xd2,0xa0,0x44,0xed,0x5d,0x3d,0x32,0x7d,0xc1,0x9c,0xea,0xc8,0x82,0x5e,0x62,0x9b,0x9e,0x64,0x23,0xcb,0x1c,0x61,0x42,0x36,0xf0,0x97,0xa6,0xb7,0x3d,0x47,0x39,0x47,0xcb,0x81,0xc4,0xe2,0x70,0x85,0x2e,0xe5,0xf1,0x3a,0x5b,0x03,0xdc,0x18,0xe1,0xc9,0xc2,0x7a,0x9a,0x68,0x02,},"\x3f\xae\x36\x63\x88\x37\xd0\xed\xc8\xdc\xee\x51\x7e\x43\xc4\x88\xed\x57\xfa\x6c\x98\x53\xa7\x45\xaa\xed\xfb\x10\x9e\xc1\x40\x9f\xb8\xa2\xfe\x51\xd2\x3e\x0d\xd9\xfb\xfd\x94\xf9\x1c\x18\xe6\x11\x4d\x80\x89\x01\xbf\x61\x7d\x26\x67\xce\xeb\xd2\x05\xc5\xc6\x6f\x5d\x75\x34\xfd\x2e\xc3\x3d\xbf\xe5\x80\xad\x91\x9f\x50\x42\x04\xea\xf2\x42\xaf\x87\x00\xb1\x38\xcf\xbe\x0f\x37\x29\x19\xc0\x6b\x86\x1a\x27\xd7\x20\xd0\x9d\xf2\x0f\x4f\xb7\xb7\x48\xe7\x18\xb0\xfc\x48\x6d\xbd\xfc\xb6\x94\xcb\x3f\x14\x20\x03\x5a\xc1\xbe\x55\xd3\x1f\x30\xf9\x97\xa0\x43\xd0\x47\x08\xa5\xc5\x42\xee\x37\xc0\xf7\xfe\x0b\x32\x11\xd1\x8a\x87\x03\x3d\xcb\x15\xc7\x9e\x66\x81\xc4\x97\x05\x93\xd3\x2a\x13\xc4\x8f\x0a\x3a\xf8\xbf\xc1\x36\xe0\xf9\xb5\x6a\x12\x3b\x86\xc4\xc6\x40\xb6\x50\xcb\x7d\xee\x9a\x89\xe8\x2a\xee\xee\x77\x3b\x5c\xb0\x32\xfc\xa4\x1c\x20\xc4\x07\x32\x8b\xfe\xd2\x92\x44\xe4\x60\x55\xa8\x31\x14\x61\x4d\x3d\xb5\x65\x81\x60\x4b\x11\x5f\xba\x14\xf6\x18\xe1\x02\xa1\xe1\x6c\xb0\x36\xea\x69\xdf\x92\x75\xb9\x77\xa0\x85\x81\x18\xc9\x1a\x34\xb9\xa8\x51\x9b\xd0\xda\xc3\xb6\x14\x34\xea\x08\x8f\x38\x1b\xa0\x8b\xc1\x58\x31\x89\xa4\xa7\xc8\xb6\xad\x18\xf7\x32\xd7\x4e\xff\x3a\xce\xf4\xb6\x90\x4d\xf5\x8c\x64\x69\x43\x21\x51\x37\x2d\xf9\x32\x7a\xe7\x1a\x0f\x35\x6c\x94\x46\x8d\xcf\xc2\xe4\xa5\xc0\xe4\xec\x0b\x16\x6d\x90\xcd\x46\x5f\x92\x60\xeb\xd6\xa7\xa6\x2c\xe6\xc7\x15\xbc\xc7\x15\xbe\x0c\x7e\x1f\x28\xc4\x45\x60\x12\xd3\x31\x77\xa7\xd4\x11\x3c\x9a\x5a\x22\xac\xfa\xf2\xd6\xb6\x33\x09\x07\x8f\xc1\xb1\xba\xa8\xf3\x6c\x7e\x86\x6c\x1f\x97\x2a\x65\x00\xa5\xee\xa7\x92\x01\x65\x1a\x73\x05\x20\x8b\x6c\x93\xc4\x92\xbc\x77\xca\xcb\xc9\x9c\x9c\xde\xd1\x79\xe6\x64\xa2\xf4\xe1\x69\x38\xcc\x26\xfc\xa8\xb4\x33\xeb\x80\x12\xf7\xb3\xad\x19\xba\x1f\xb8\x58\xfe\x4a\x00\xfb\x3d\x1f\x8f\xd0\xed\xdf\x0c\x37\xdc\xdb\x2e\x5d\x35\xc2\x54\x6f\x22\xe8\xc0\xf8\xce\x90\xe2\xdf\x8a\xbf\x24\x82\x7a\x01\x9b\x2c\x33\xfc\x59\x0b\xbe\x71\x2f\x01\x92\x87\x00\x2b\xc2\x21\x7c\x0d\xc0\x93\x1d\xc8\xed\x8f\x50\xbb\x44\x2f\x8b\x2d\xe2\x78\x57\x36\x2c\xe5\xa9\xfd\x97\xf0\xfd\x1b\x2b\x92\x51\xca\xd2\xa4\xac\xa1\xa9\x4d\xe2\xe9\x53\x90\x2d\x72\x28\x14\x24\x07\x44\x3b\x1d\x51\x71\x07\x64\x8a\x7b\xab\x83\x07\x49\x87\xd0\x97\x8b\xc6\x1d\x41\x9b\xc8\x45\x91\xc9\x69\xc3\xd6\xf4\xe8\x6f\xc4\x73\x87\x37\xbc\x05\x58\x75\x5c\x11\x0a"},
+{{0x27,0x65,0x48,0x29,0x0f,0x3e,0x0f,0x90,0x05,0x15,0xdc,0x63,0x36,0x6c,0x03,0xfe,0x0f,0xc6,0xee,0x13,0x0c,0x21,0xfb,0x60,0xa4,0xdf,0x9c,0xf4,0x64,0x79,0x7c,0xda,},{0x7e,0x2a,0x35,0x78,0x00,0x0a,0x08,0x7e,0xdc,0xc9,0xe9,0x4f,0xde,0x50,0x9f,0xc4,0xbe,0x05,0xca,0x0d,0xd0,0x90,0xdf,0x01,0xae,0x11,0x21,0x12,0x35,0x36,0xf7,0x2a,},{0x88,0xa1,0x46,0x26,0x1a,0xd1,0x11,0xc8,0x0f,0xa4,0x29,0x95,0x77,0xe7,0x10,0xf6,0x85,0x9c,0xf0,0xd1,0xca,0x80,0xe5,0x12,0xa5,0x52,0xc7,0x25,0xb8,0x38,0x40,0x37,0xee,0xcf,0x64,0x65,0xce,0x97,0x58,0x5c,0x9d,0x66,0x0a,0x41,0xab,0x91,0x04,0xe5,0xf7,0xc9,0xb2,0xf8,0xec,0x6f,0xb2,0x1f,0x1d,0xdd,0x50,0xd6,0x5b,0x9b,0x66,0x0e,},"\xf0\xdb\x44\x2d\xe2\x9a\x7a\x1d\xed\x55\x0d\x12\x00\x02\xcc\x12\xab\xff\xf9\x8b\x1f\x57\x6d\x65\xbd\xe1\x6d\xea\xba\x68\x7e\x4e\x0b\x0d\x5a\x87\x48\xd7\x50\x3d\xa2\x96\x9c\x64\xd6\xa7\xc2\x8d\x27\xb6\xc9\x3a\xd2\x57\xce\x32\xec\xda\xee\x37\x5f\x43\xff\xf9\x7c\x43\x2d\x45\x3f\x71\x96\xc7\x09\xc3\xbd\xfb\x73\x88\xd4\xd8\xea\xf1\x39\xf1\x82\x94\x0c\xe1\x7b\x45\x52\xe2\xd2\x0a\xed\x55\x57\xba\x4d\x2a\xcb\xf8\x45\x73\x0c\x0a\x66\xb4\x5b\x40\x95\x0b\xaf\x6a\x94\x64\x37\xaf\x6c\x9e\x3b\x33\xa7\x9e\x04\xdc\xea\xe5\x7c\x2a\x54\x95\x42\xea\xbd\x21\x6b\xf1\x39\x48\xd4\x1f\xfb\x94\x83\xfe\x29\x80\x1f\xc8\xc1\x78\x28\x40\xde\xeb\x3f\xb4\xda\x31\x92\x78\x5b\xca\x13\xed\x0a\x9e\xff\x57\xd6\x13\x6b\xaf\xbf\x9d\xec\x69\x7b\x83\x24\x47\xb2\xb6\xe7\x30\xfa\x7f\x99\x95\xba\xc6\xb7\x83\x2e\xaa\x09\x90\x5e\xe4\x9d\x46\x5a\x5e\xe4\x50\xf5\x2d\x1a\x6d\x36\x4c\x61\x81\x44\xe8\x86\xe8\xef\x63\x3d\xc7\x9d\x0a\xf8\x93\xd1\x6b\x3e\xed\xa0\xfe\xfe\xfd\x87\x59\xf2\xa0\xda\x19\x30\x17\x0d\xd1\x9e\xb7\x8f\x0d\x7a\x7b\x74\x51\x54\x03\x37\x5a\x95\xbd\xbc\xce\x01\x8b\xc1\xed\xb0\x8d\x89\x7b\xb7\x98\xa9\x5e\x7e\x86\xa5\x2a\xf3\xd9\xb8\xa4\xa1\x4b\x03\x71\xd6\x34\x98\xdc\xb2\x01\x62\x48\xeb\xd0\xbe\x80\x0e\x9f\x21\xd5\x49\xe5\xe0\xe7\xb4\x89\x5c\xa5\xcb\x72\x5a\x0c\xab\x27\xda\x8a\x8b\x12\x99\xbe\x38\xa4\x26\x09\x00\xae\x10\xdf\x5b\xab\xa1\x1a\xe2\xba\xb7\x17\x9d\xd8\x45\x39\x69\x42\x9c\xcc\x4d\x41\x60\x55\xf2\xbc\xb9\x3c\x1c\xac\x6d\x7e\x80\x4c\xf8\x12\xdf\x14\x62\xf2\x2e\xe9\xe8\x33\xa9\x76\x9e\x8e\x67\x75\x50\x40\x2c\x40\x94\xdf\x21\x2f\xd2\xc5\xfc\xc0\x9a\x72\xc7\xce\x00\x77\x51\x00\x73\x09\x0d\x0e\x63\xdb\x63\x7d\x43\xd4\xc2\x1f\x86\x19\xd3\x4d\xa5\xdb\x08\x03\x3f\x68\x6c\xe8\xb8\xa0\x82\x12\x22\xf9\x54\x34\xac\x4e\x6f\x70\x30\x94\xed\xde\xd6\xfb\x1b\x84\x6e\x97\x96\x50\x97\x9d\x3c\x77\x45\x3f\x40\xf7\xfe\xe7\xc3\xe8\x8a\x96\xfd\x1d\x70\x2e\x81\xc2\xa4\xf3\xf3\x75\x3c\x79\x64\x84\x2d\xfd\x9d\x39\x58\xa7\x43\xda\x06\x3d\x1d\x64\x8e\x51\xb2\x10\xa2\x8e\xd2\x48\x7f\x14\xd5\xf1\xbc\x6f\x33\x9b\x2d\xd1\x7a\x66\x1c\x39\x73\x6d\xa9\x9e\x4a\x4f\x07\x36\x03\x42\xd2\x37\xe3\x81\x3e\xa3\x99\x8d\x66\xeb\x31\xa2\xd7\x08\xaf\x06\x5c\x32\xb9\x27\xf7\x57\xc3\x7a\x80\x06\x60\x67\x4e\x97\x17\xba\x58\xf2\x80\xeb\x2a\xa4\x64\xfa\x74\x40\x21\x08\xa5\xd5\x66\x2e\x8d\x0f\xea\xf3\x29\x68\x7a"},
+{{0x97,0x2c,0x06,0x16,0x55,0x6e,0xf2,0x2c,0x21,0x48,0x68,0xfd,0xd8,0x22,0xc5,0x57,0x39,0xe1,0xf9,0x6a,0x93,0xae,0x83,0x51,0x2a,0xfd,0xa9,0xca,0x7a,0xa7,0x4c,0xd2,},{0x9e,0x1c,0x6d,0x41,0x07,0xf8,0xab,0x81,0x61,0xc5,0xdb,0x5b,0x88,0xa3,0x7c,0xa1,0xde,0x9f,0x4e,0x29,0x13,0x67,0xab,0xb1,0xef,0xc8,0x4f,0x83,0xf7,0x07,0x69,0x53,},{0x54,0xdd,0x06,0xfb,0xb3,0xd7,0xc6,0x3f,0x8c,0xda,0xf7,0x83,0xc2,0xd7,0xba,0xc1,0x6b,0x4c,0x82,0x6e,0x2d,0x1b,0x18,0x07,0xc8,0x4e,0x04,0x9f,0x64,0xe2,0x71,0xb2,0x1c,0xfa,0x3e,0x37,0xc3,0x44,0x26,0x02,0x87,0x80,0x5d,0x71,0x88,0x06,0xb6,0x2c,0x56,0xb4,0x7f,0x6d,0x5c,0x50,0x81,0x25,0xc9,0xfb,0x5d,0x5e,0xa3,0x5f,0xd5,0x01,},"\x86\x89\xe2\xf9\x5c\x8f\xd5\x0d\xc4\x46\x64\xa1\x8f\xb1\xa9\xf2\xc8\xf3\xee\x73\xc0\xf9\x58\x7e\xe2\x8b\xfa\x35\xc9\x23\x1c\x75\xbf\xd3\xd9\x53\x41\x74\xe5\xad\x3f\xa9\xf0\x92\xf2\x59\x94\x2a\x0f\xf0\xba\x2c\xa2\xcb\x59\x04\x3d\x19\x2c\xa8\xe3\xc8\x86\x9b\xed\xd2\x35\x4c\xbc\x5a\xc7\x82\xd7\x27\xc0\xb6\x94\x07\xf6\x8d\x13\x26\xdf\x65\xa6\x0c\x4d\x32\xf8\x7f\x19\xa1\x0f\x3d\x76\x5f\xf9\x23\x43\x4f\x55\x11\xd1\x34\xd3\x97\xc4\xfe\xf6\xbb\x19\x53\xab\xfc\xe6\x08\x27\xc3\x59\xaa\x4b\x54\xf9\x12\xaa\x8b\x17\xb8\x3d\xcc\x7e\x3b\xcb\xc5\x05\xba\x04\x6f\xe5\x7c\x16\xda\xcf\x4e\xe2\xfa\xd5\x38\xbc\x06\x81\x7c\x9b\x9d\x8d\xbc\x5f\x9d\x9b\xbf\x9f\x4a\x93\x4f\x14\xa4\x2c\x29\xe0\xe2\xf3\xa4\x9f\x46\xb2\x0e\xe7\x6c\xfe\x20\xde\xa1\xe9\x74\x50\xeb\x6a\x8f\xda\x04\x81\x68\xdd\x82\x78\x10\x20\x7f\x00\x5a\x3c\xaa\x93\xca\x11\xf4\xee\x60\x8a\x7a\x93\x55\x49\x43\x13\xae\xc8\xd7\x07\x5a\xfc\x94\xc7\xcc\xcc\x75\xc2\x31\x9b\xb4\x58\xc0\xce\x37\x3e\x9d\x00\x7f\x75\x3b\x33\xb5\x27\x93\xd5\x84\x96\xb2\xd2\x5c\xd1\xdc\xd7\x83\x2a\xac\x5d\xdb\x38\xf4\xdb\x19\xc4\x27\x21\x9e\x1a\x04\x20\xea\xd4\x7b\xa9\x5a\xb6\xd8\x9c\x65\x93\x90\x41\xcc\x73\x4c\x08\xeb\x6b\x47\x6c\xaf\x7f\xc7\x6c\x59\x8d\x94\x7f\xf4\x44\xb1\x07\x70\xf6\x29\x45\xae\x65\x04\x4f\x78\x09\x82\x99\xe2\x62\x6b\x63\x8a\x73\x28\xd1\xb7\xda\xa5\x88\x9e\x8d\xb9\x4b\xbf\xf2\xde\xd6\x2e\x14\x46\x37\x60\x22\x7c\x3f\x32\x6e\xd4\x93\x56\x5d\xdf\x0a\x17\x61\xb8\xe4\xbb\x7d\x24\x10\xfa\x0f\xdb\xf3\x56\x84\x39\x7e\xef\xea\x95\x89\x58\x89\xa0\xa9\xdf\xfc\x5e\x02\xc0\x92\x38\x3b\x7c\xe7\x4d\x2d\x90\x93\x99\x16\xf2\x6b\x71\xaf\xd2\x65\xf8\xbe\xc7\x4f\x0d\xe2\x47\xc9\x64\x39\x05\x58\x3d\xf3\xce\xe2\x35\x37\xd6\xb5\x68\xc8\x33\x8c\xe5\xfe\xe4\x2f\x7d\xd1\x5d\xad\x52\x47\xf0\x09\xac\xbf\xd5\xd7\x69\xb6\x36\x69\x59\xcd\x0a\xe1\x50\xf5\x8f\x7c\x80\xfa\x10\xd9\x89\xed\x90\x11\x93\x72\xe5\xfe\xa5\xda\x48\xa4\xe8\xea\x9c\x72\x78\x75\xdc\x4a\x20\x05\xb0\xdc\x2e\x3f\x69\x7c\x0c\xe0\xa4\xbd\xb2\xf7\x50\xc0\x4f\xbc\x0c\x27\xd0\x2d\xd8\x28\x6e\x54\xc9\xc3\x95\x9b\x6f\xfb\xdb\x1d\xe2\xaf\xfe\x9e\x78\x26\x51\xe5\x16\x8a\x50\x0a\xfe\xd0\x37\xb3\xe1\x79\x0d\xdd\x59\x38\x51\xa6\xa6\xcc\xca\x9f\xff\xb4\xa9\x9e\x27\xdf\x43\x81\x88\x71\x53\x6a\xb0\x4f\x14\xa0\x6a\x1c\x7c\xb4\x7b\xed\x62\x41\xce\x74\x30\xad\x3e\x64\x0a\x72\x67\x52\xfa\x06\xa9"},
+{{0xe0,0x40,0x5d,0x37,0x89,0x3e,0x89,0xf5,0x38,0x11,0xd6,0xd4,0x46,0xe1,0xf1,0x93,0xf5,0x1a,0xfa,0x1b,0xbb,0xa7,0x25,0xf9,0x5e,0xb4,0x80,0x33,0x42,0x4a,0x25,0x09,},{0x45,0x10,0x4d,0x59,0x5e,0x44,0x3e,0x8c,0xe6,0x54,0xde,0x9d,0x65,0x50,0x54,0xbf,0x0a,0x99,0xd3,0x56,0x13,0xd7,0x7d,0x57,0x45,0x4c,0xa2,0xd1,0xc8,0x99,0xb5,0x17,},{0x77,0xdd,0xd4,0x91,0xca,0x66,0x2e,0xbf,0xfb,0x12,0xf7,0xf4,0x92,0xd7,0xfb,0xc1,0xa1,0xb4,0x47,0xf6,0xc8,0x59,0x98,0xf2,0xf7,0xcc,0x9a,0xdc,0xe6,0x7d,0xe6,0x3b,0x6e,0xeb,0xd0,0x81,0x17,0x84,0x5a,0x03,0x02,0xf7,0x34,0x97,0x14,0xba,0x9d,0xb2,0xaf,0x58,0x04,0x8b,0x85,0x83,0x7d,0x76,0x60,0xec,0x3d,0xeb,0xee,0xe2,0xd0,0x0f,},"\xdf\x58\xc4\xfd\x07\x02\xa2\x0f\xaf\xa3\xd1\xd4\xfe\x7d\x85\x93\x8b\x12\x0f\xc1\x1e\x8d\x41\xb6\x01\xf0\xe6\x0e\x42\x23\x6a\x49\xf1\x26\x81\x3b\xd5\x12\xee\x71\x35\x90\x61\xe1\x3e\xb3\x14\xd4\x17\xf5\x6d\x6d\x56\x02\x85\xfa\x89\x91\x21\x32\x84\xc4\x2b\xc2\xce\xf2\xdc\x93\x7b\xdc\x0b\x5e\x9d\xc2\x26\x9a\xfa\xb3\x2d\xb3\x0e\x68\x49\x85\x59\x51\xcf\xbc\x53\xec\xfa\x01\x64\x38\x63\xe0\x32\x89\x95\xfe\x85\x0c\x0d\xb5\x54\x21\xbf\xa5\x64\x60\x1b\x8c\x9d\xb7\x55\x2c\x7e\x6a\xa7\xad\xfa\x15\xa5\x80\x21\xa8\x42\x66\xe9\x59\x5c\x65\xfc\xa4\xa1\x5f\xa7\x0f\x55\xf5\xd2\x12\xc9\xe2\x77\xff\xb8\x30\xf4\xca\xd1\x86\x1f\x3f\x49\x5a\x9d\x67\x2f\x56\x91\x31\x06\x39\xc1\x2d\xcd\x07\xe3\xef\x17\xa2\x37\x50\xbc\xb4\x6b\x7a\xd7\xea\xc4\x62\xeb\x51\x22\x25\xf3\xbe\x7e\x32\xf8\xf4\x98\x7a\x11\xdf\x34\x11\x66\x06\x2b\x43\xc6\x3a\xb8\x58\xa6\x00\x49\x76\x67\xfb\xb8\x8e\x93\xc7\xe2\xe0\xaa\xb4\x1c\x09\xc0\x23\xeb\x90\x2e\xc3\xba\xf6\x79\xe2\x5b\x96\xe1\x06\x92\x1a\x91\x4f\xd5\xde\x20\x0a\x47\x88\x9d\xe2\x3e\x7b\x65\xd0\xcc\xdf\x0c\x29\x03\x64\x67\xa1\x21\x0c\x00\x30\x30\x9a\x2d\x04\xec\x25\x6d\x5a\x4d\x8b\x97\xd4\x6a\x3e\x15\xf3\x45\xb6\x67\x17\x08\x03\xcd\xac\xf6\xcb\x48\xad\xd0\xa1\x34\x62\xdd\x30\xfa\x06\x2b\xd4\x56\x66\x41\xda\x07\xd7\xf6\x1e\x06\x36\x86\xed\xd9\x6b\xfe\x8f\x97\xb9\x86\xb7\xc0\xe4\x42\x49\xcd\x2d\x73\x17\x47\x29\x99\xb8\xee\x4e\xa8\x0c\x90\x2f\x3b\x18\x89\x36\x71\x2e\x89\xd8\xbf\x02\xce\x8a\xe7\x7b\x6b\x31\xab\xb0\x63\x20\x65\x45\x5d\xdd\x9f\x9d\x1c\xd9\x53\xa4\xa4\x9a\xac\x1a\x15\x16\x9e\x68\x7d\x4f\xd3\xf7\xc2\xed\xfb\x3a\xab\xc3\xb6\x61\x55\xf7\xd3\x15\xf8\xa2\x94\xfa\xdd\xff\xdb\x49\x51\x36\x7a\x0c\xb8\x70\x75\x9e\x85\xa8\x38\xaf\x66\xba\x3f\xc1\x03\xda\x2b\xab\xc3\xf3\x81\x69\x6e\xf8\x88\x2d\x85\xa8\x27\x8d\x5f\xac\x3a\x72\xf1\x6e\xb1\x19\xee\x99\x00\xb1\xfd\x98\x6c\x2a\x9f\x94\xee\xd8\xe0\xd4\xf2\x73\x69\x7e\x43\x63\xa9\x75\xff\x6a\x7b\x80\xd5\xb4\xec\x53\x55\xbf\x63\xb4\x2b\x71\xcd\x48\x42\x40\x1d\x38\xb5\xe0\x0c\xc9\x7b\xfd\xa4\x0e\x45\x66\x53\x68\x3b\xc8\xe6\xda\xde\x7d\xcf\x98\x5a\x97\xb0\xb5\x77\x6c\x4d\x72\xca\x13\xa1\x47\x4e\x4e\xb2\xec\xcf\xcd\x42\x87\x86\xdd\xd0\x24\x6d\x73\xa6\x37\x7a\x79\xcb\x8d\xa7\x20\xe2\x26\xc1\x94\x89\xbd\x10\xce\xdd\xe7\x4b\x49\xfa\xc2\xcf\xa2\x07\x12\x9c\x6a\x10\x8a\xa1\x64\xbe\x9d\x80\x9c\x4d\x31\x14\x73\x60"},
+{{0x57,0x56,0xe7,0x52,0xdf,0xf6,0x9e,0x3e,0xed,0x84,0x8e,0x4a,0x49,0xc7,0xa8,0xba,0xca,0x12,0x15,0x4f,0x94,0x31,0xde,0xc3,0x56,0x26,0xef,0x8d,0x75,0xa4,0x45,0x14,},{0x59,0x10,0xef,0x00,0xa5,0xb3,0x54,0x14,0x3c,0x46,0x56,0x1d,0xa6,0x2c,0x41,0xaa,0x13,0xd2,0x9c,0x18,0xdc,0x61,0x53,0xbf,0x8e,0x50,0x2e,0x01,0x14,0x00,0x77,0x28,},{0x81,0x57,0xd8,0x33,0x4d,0xed,0x1a,0x32,0x69,0x9b,0x35,0x0a,0xc0,0xd4,0x12,0x00,0x28,0xcd,0x8e,0xf8,0x18,0x94,0x48,0x93,0x48,0x50,0xe5,0x0e,0xe4,0x99,0x9d,0x8f,0xa2,0xcd,0x25,0x76,0x46,0xd9,0x2f,0xba,0x5d,0x66,0x2a,0x82,0x3e,0x62,0x20,0x8a,0xb4,0xfb,0xe0,0x17,0x14,0xa8,0x48,0xa0,0xb9,0x0b,0x55,0xad,0xcd,0x24,0x69,0x02,},"\xeb\x21\x90\xa3\x21\x9c\x79\x2b\x66\x66\xb2\x75\x27\x33\xad\x9f\x86\xfc\x39\x01\x55\xc4\xb4\x38\xbe\x19\x69\x59\x38\x3b\x25\xf3\xa7\x49\x53\x0d\x5a\x4b\x15\xeb\xe2\xc1\x8d\x99\x17\x8e\x6d\x45\xbb\x4a\xa2\x12\x0f\x95\xa3\x52\xe0\x40\x6c\x63\xac\x86\x72\x48\xd9\xef\xba\x12\x42\x31\x06\x48\x73\xc8\x2f\xe9\x95\xdd\x03\x1c\x7c\xbc\x7d\x15\xec\x19\x1f\xbb\x6c\x47\x4d\xc4\xc7\x77\xe8\xf4\x57\x84\x1e\xb4\x62\x48\x41\xc1\x52\xd1\x5e\xde\x26\xe7\x84\x79\xa6\xa2\x5f\xfa\x33\x55\x63\xf1\x06\x4e\xf0\x95\x58\xb9\x10\xe2\x60\x84\x18\x82\x0f\x49\x55\x4b\x67\x0c\x6b\xab\x34\xd1\xd6\x09\x84\xde\xa5\x0e\xd6\xa3\x75\xf4\x5a\x74\xbe\xad\xfb\x04\xbd\x93\x00\xbd\x59\x4e\x2e\x20\xea\x5d\x30\x52\xbb\x7d\xdc\x51\xa9\x49\xa0\x04\x79\x72\x68\x2e\xbe\x66\xd3\x8a\xac\x62\x92\x72\x70\xde\x42\x15\x0d\x58\x22\x1d\x03\xb8\xac\xe3\x58\x99\x33\x48\x7b\xf2\x3d\x29\xc5\xc2\xc8\x43\xae\xfa\x2e\x1c\xa2\x2f\x9d\x16\x80\xf8\x0c\x76\x6d\x14\x3c\xe5\xec\xef\x25\x3a\x74\x5c\xb7\x1e\x72\xf6\x50\x4a\xd9\x11\xf7\xcb\x4a\x81\x9c\xd0\x74\x86\x3a\x92\x70\x69\x29\xa3\x14\x2f\x8d\xb7\xac\x16\x41\x02\xac\x2c\xa0\xd2\xe1\x9a\x72\x5e\x1b\x5f\x81\xf4\x43\xc7\x3e\x04\x84\xf2\x6a\x45\xa3\xae\xf8\x4f\x1f\x3f\xa0\x4a\x4a\xc6\x95\xd2\xda\xb6\xef\xba\x45\x6a\x28\x1a\x39\x73\xcc\x18\x6e\x68\x0a\x66\xdf\x52\x1a\x4d\x1f\x9e\xdf\x4d\xfb\x27\x4a\x42\x70\x97\xbf\x86\x32\x81\xcf\xb0\xed\x80\xf8\xd7\x67\x66\x38\xd6\xcd\xac\x93\x78\x43\xef\xbc\xfc\xe9\x1d\xe1\xdf\x6c\x52\xb5\x94\x57\x1b\x93\x15\x60\x0e\x4b\x65\x52\xde\xfb\x84\x37\xa8\x07\xba\x21\x29\x8e\x3d\x97\x22\x12\xba\x31\x46\x92\x91\x7f\x40\x07\x53\x11\xac\xd0\x09\x39\x52\x41\xb9\xf1\xb2\x56\xc5\x15\x73\x5d\xc6\x74\xf8\xe8\x66\xd1\xee\xb4\xc3\x28\x54\x8a\xee\x71\x23\x1c\x4c\x9d\x5b\xd2\x2e\x39\xde\x88\xd1\x9f\xab\xf4\x9f\x0b\x98\x69\xcb\xf8\x35\x21\x4b\x15\x52\x2a\x93\xd3\xa5\x00\x7b\x11\xf0\xb5\x0e\x52\x28\xd4\xee\xbb\x45\x71\xb3\x5d\xa8\x4f\x4f\x68\x7e\x3f\x43\x79\x3d\x54\xf3\x82\x5b\x37\xa5\x09\xea\x56\x4b\xdf\x21\x7f\xf4\xad\xf6\x84\x7b\xbe\xa4\x31\x6a\x1d\xbc\xc7\x44\x8e\xcd\x53\x63\xea\xab\xc1\x28\xde\xcf\x05\x4e\xe1\xa0\xee\x2d\x87\x19\x79\xf8\xa6\x3b\x26\x92\xb0\x9f\x6e\x98\x6a\x13\x8e\x7f\x68\xf6\x0a\xa4\x26\xa1\xc9\xb0\x1a\x49\x02\xe1\x3b\x17\xbc\x83\x12\x41\x0c\x28\xbe\xd2\x9b\x60\x1b\x0f\xc9\xf3\xbc\x2d\x22\x3f\x87\x52\x51\x10\x0f\x86\x9c\x6b\x58\x44"},
+{{0xb9,0x04,0xac,0xb1,0x9e,0x5c,0xf8,0x72,0xd3,0x64,0x0c,0xd1,0x8d,0xdf,0x3c,0x0b,0x66,0x57,0xe0,0x11,0x7c,0xe6,0x59,0xdb,0xf5,0x02,0x59,0x01,0x5d,0x3f,0xbf,0x32,},{0xe0,0x4a,0x8a,0xa5,0x6d,0x18,0x18,0x48,0x3b,0x10,0xd0,0xa7,0xc9,0x19,0xe1,0xd5,0xd8,0x00,0x1e,0x35,0x51,0x0e,0x1e,0xc6,0x2f,0x71,0x14,0xdb,0xe8,0x1a,0xe0,0xbe,},{0x9a,0xaf,0x8a,0xc9,0x71,0x40,0xd5,0x50,0x8d,0x58,0xf5,0xac,0x82,0xb7,0xfd,0x47,0xe6,0xb1,0xf6,0x8a,0x7c,0x78,0xa2,0xac,0x06,0xf0,0x41,0x6e,0xf8,0xe9,0x91,0x95,0x3f,0x62,0xc4,0x7f,0xd5,0xfb,0xc6,0xc1,0xe0,0x1b,0xae,0x1c,0x92,0xa3,0x3e,0xf5,0x2b,0x7e,0xfa,0x5f,0x17,0xbb,0x86,0x33,0xbd,0xc1,0xae,0xeb,0xce,0x31,0x8f,0x0f,},"\x83\xf4\x12\x4d\x5a\xf9\x55\x13\x9b\x1b\xc5\x44\x1e\x97\xc5\xfa\xc4\x91\xb4\xea\x91\x14\x07\xe1\x54\x20\xa0\x34\x7e\xd7\xfa\x1f\x88\x19\xe3\x6c\x8e\xd5\x74\x0c\x99\xd4\x50\x5a\x78\xb6\x19\xd5\x60\x74\x9a\xf5\x0b\x05\x73\x51\x08\x16\xd6\x13\x22\xcd\xa9\x76\xa5\xd4\xca\x32\x05\xf5\xf0\xe6\x0e\x75\x9a\x5d\xf1\xa0\xbd\xf3\x6d\xfe\x97\x17\x90\x6a\xc5\x7c\xbf\xc9\x70\xab\x43\xb6\xfa\x18\xe6\xc0\x00\x6c\x84\xfc\x72\x54\x47\x0a\x0b\x77\x47\x27\xbf\x5f\x8e\x67\x94\x23\xa5\x31\xe4\x1c\xb5\x31\x0f\x9b\xcb\xf5\xa5\x44\x5e\xbc\x39\xfb\xd9\x09\xce\x11\xe9\x7b\xc2\xf6\x6a\x4a\x1b\xb6\xc2\xf1\x67\xf2\xc6\xe8\x0e\xb9\xb8\xb7\x2d\xf3\xe8\xcf\xd4\xe5\x14\x48\xdc\x14\xc0\xb8\x37\xf2\x94\x96\x93\xd1\xd0\x54\xc8\xf9\x5b\xff\x7f\x1e\x36\x45\x67\xd0\x34\xf2\x22\x3e\x15\x94\x77\x2a\x43\xdc\xfe\x05\x97\xfd\x6d\x13\x3b\x3f\x2e\x96\xff\xc5\x66\x7d\xd5\x92\x8f\x23\xec\x3c\x75\x0f\x84\x59\x93\xa3\x4e\x97\x76\x15\x9a\x68\x30\xd6\xfd\x90\x13\xee\x7a\xea\xa1\xfc\xcd\x69\xb9\x6d\xf2\x84\x70\x4f\xd0\x88\x88\xb1\x5b\x64\xe2\xe9\x0d\x57\x8c\x5c\xfc\x0f\x95\x69\x3f\x6a\xb6\x5c\x69\x47\x44\x6a\x85\x7c\x02\x9c\x7c\xa6\x60\x80\xb7\x54\xc7\x73\x4b\x78\x99\x8a\xbe\x9b\x7c\xc6\xef\xd0\x9a\x44\x18\x19\x4d\x88\xb3\x4e\xc6\xc3\x3a\xf6\x30\xdb\x81\xde\x5b\x99\xfe\x65\xaa\xc8\xb7\x33\x62\x37\x91\x19\xc7\x00\xd1\x07\xed\xfc\x19\xf2\x70\x76\x04\x68\xee\x8e\x5f\x15\x5d\x9a\x34\x7e\x57\xb5\x93\x0f\x32\x7a\x8d\x11\xc6\x67\x4d\xdd\x02\x0f\x9e\x7d\x9b\x76\x1d\xba\x5b\x83\xa8\x73\x02\xf1\x83\x3e\x5a\xbd\x49\x52\x6d\x66\x39\x1e\x5b\xf0\xe3\x5b\x44\x53\xd6\x30\xbf\x7d\x0a\xdb\xfe\x50\x1a\xef\x81\xe6\xc5\x93\x8f\x92\xcb\x75\x2f\x5f\x14\xd2\x80\x6f\x90\xae\x15\x46\x05\x1c\xcc\x7f\x91\x3c\x5d\x6a\x38\xff\x3b\x7b\x9a\x23\x66\x2e\xf1\xf0\x08\x08\xed\xb2\xfa\x31\xec\xba\x5c\x8d\x33\x87\xe8\x75\x41\xcd\x06\x16\xed\xbf\x3a\xaa\x35\xa5\x37\x92\x28\x61\xf4\x4c\xbd\x9f\x99\x2b\x82\x46\xd9\xc6\x4c\x41\x98\x81\x70\x1a\xb4\x3f\x7f\xd4\x64\x21\x0d\x80\x2b\xa6\x56\xd9\x5c\x0f\x24\xa3\x45\x99\xb2\x0b\x1e\xc2\x00\x11\x48\x5c\xfc\xb3\x18\x6b\x7b\xcf\x69\xd7\x45\x81\xa7\xa3\xee\xd6\x13\x4c\x4e\xec\xd6\x55\x74\xa4\x32\x0d\x9c\x57\xa8\x49\xc4\xe7\x8c\x8a\x5c\xe8\x25\x05\x00\x4a\x54\xf1\x9d\x4b\xdc\x82\x23\x40\x1b\x34\x94\x6b\x7d\x66\xe4\x7e\x63\xcf\x9d\x0f\x57\xd0\x94\x54\x91\x38\x4b\xc6\x86\x8c\x4b\x47\x86\x90\xe5\x50\x02\x1d\xf1"},
+{{0x8a,0x35,0x01,0xb7,0x69,0x53,0x60,0x3c,0x90,0x33,0xe3,0xbc,0xbf,0x3e,0xc3,0x78,0xd2,0x57,0x01,0x1a,0x6c,0x50,0xb8,0x97,0x62,0xd4,0x91,0xea,0xa7,0x2c,0x5e,0x0d,},{0x77,0x8f,0x20,0x19,0xdc,0xd8,0xdb,0xb8,0x6c,0x67,0x37,0xcc,0x8d,0xc1,0x90,0xc5,0xa0,0x4c,0x50,0xb5,0xbf,0x45,0x88,0xbc,0x29,0xfa,0x2a,0x47,0xaf,0x25,0x26,0x72,},{0xa8,0xa3,0x09,0xba,0x52,0x12,0x5e,0x76,0xa4,0xa6,0x1e,0xb4,0x3f,0xd4,0x13,0x5c,0x41,0xab,0x11,0x79,0x9b,0x91,0xcc,0x54,0xff,0xc9,0xc6,0xa2,0x0f,0x05,0x0c,0xc5,0x95,0xb2,0x81,0x43,0xc8,0x74,0xbd,0xb9,0x28,0xbe,0xed,0x26,0x1d,0x9c,0x0f,0x12,0xaa,0x19,0x2e,0x66,0x40,0xbf,0xda,0xd5,0x4b,0xa0,0xd4,0x78,0x42,0x6b,0xce,0x09,},"\xe6\x09\xf1\x22\x4a\x6a\x45\x11\x40\xcb\xc0\x25\x4d\x43\x2c\xe5\xfd\xdd\x08\xa8\xe9\x12\xf8\x1c\x41\x2f\xdf\xd5\x18\x2f\xf6\xac\x2f\x13\xc5\x76\xc8\x14\x5b\x15\xf2\x5b\x40\x9d\x85\x3f\x91\x44\x09\xe4\xe0\x2c\xef\xc3\x9d\x9b\xef\x4a\x2a\x06\x04\x98\x57\x0b\x2d\x3a\x28\x38\xc9\xb0\xb8\xe3\xaf\x4f\xc3\x7e\x19\x15\xf8\x04\xa8\x01\x88\x58\x5b\x30\xb6\x8a\x3f\xfb\x2e\x96\x0c\x73\x20\xe8\x27\xd2\xfe\x36\xe6\xa3\x28\xcc\x6e\x78\x06\x34\x8a\xdb\x0b\x77\x3b\x78\x4d\xe5\x29\xbb\x6f\x64\x75\x1b\x21\x05\x85\x94\x94\xfd\x49\xdb\x0b\xc7\xf6\x2d\xf4\x6b\x9d\x7c\xe6\x76\x97\x5c\xc5\xf4\x38\x56\x49\x84\x36\x81\x2e\x04\xf2\x6f\xb8\xb8\xab\x7e\xba\x12\xf1\xd5\x67\x22\xeb\x82\xeb\xfa\xfa\x47\x35\x97\x7a\x26\x68\x1c\xb0\x3f\xa4\xbc\x69\x51\xab\x9c\xbd\xf7\x87\xe3\x27\x8f\x2f\x57\xf2\x9e\x12\x09\x5f\x8c\xa2\xa1\x78\xcf\xa7\x57\x13\x37\xf0\x27\x42\x37\x66\x9f\x97\x65\x7d\x4b\xad\xb3\x94\x36\xd7\x86\x49\x25\x80\xfd\x55\xd8\x6b\xe3\xa0\xcd\x17\xd1\x60\x57\x01\x7b\xaa\xae\xa0\x0c\x1e\x14\x55\x21\x59\xbc\xab\xc0\xe6\x66\xba\xd3\x41\x8e\x4e\xc1\x3b\xfe\x16\x3b\xe2\x56\xf0\xc8\x9b\xc2\x34\x4a\x8d\xdf\x99\xca\x81\x60\xb1\x89\x87\x5a\xd3\x22\xd9\x0f\x58\x13\x25\x28\x1d\x53\x89\x96\x5c\x0a\x7b\x7b\xca\xe2\x29\x4a\x3c\xbe\x35\xa4\xe4\xe8\x3b\x54\xc4\x27\x63\x53\x96\x0f\xad\x11\x85\x32\xd4\x9b\x70\x76\xf2\x5a\xd1\x90\xab\x56\x94\x91\x4f\x71\x08\xb0\xab\x69\x69\xa1\x91\x28\xfb\x0a\xef\x00\xe6\x5a\x04\xfc\x83\x2d\x07\x69\x61\x67\xb9\x34\x2b\x35\x5e\xc5\x77\x37\xca\x37\xcb\xff\x3b\xb3\x19\x31\xcb\x58\x71\x2a\x4c\x46\x89\x52\xc6\x45\x9d\x56\x7a\x26\xe7\x95\x01\xe4\xe3\x1b\x1b\x09\x53\x53\x76\x32\x02\x9e\x9b\x49\x0f\x72\xe5\xa6\xe0\x57\xdd\xb4\xb3\x17\x56\xfd\x97\x04\x21\x8b\x1b\x8f\x4d\xcb\x54\x30\xc0\x25\x04\x2f\x47\x16\x9b\xfc\x7c\x80\xd7\x1c\xab\x8c\xa0\x7f\x34\x0a\xfa\x00\x8a\xbb\xe2\xe3\xa0\xab\xe1\x41\xda\x8d\x41\xca\x6b\xd6\x9d\x36\xfd\xb1\x1a\x41\xce\x0b\x72\xfa\xbc\x00\xd9\x7e\xa6\x05\x27\x00\x10\xb2\x59\xdf\x8e\x10\xdd\x22\xdc\x17\xc1\x39\x90\xa0\x5f\x02\x33\xe3\xca\x85\x6b\x40\x97\x1c\xb3\xe2\x1c\x8b\x39\x50\xb1\x3f\xc8\x4e\x1f\x26\x6c\x2a\x6f\xbe\xce\x88\xd5\x97\x25\xc3\xcf\xb2\x22\x5d\xbc\x1e\xe9\x5b\x68\x6d\xb7\x04\xfc\x93\x7b\x76\x6f\x0a\x9b\xfe\x95\xa4\x2b\x90\x10\xf1\x22\x9c\x61\x0d\x7e\xde\x09\x57\x12\xc8\xf0\xf1\xfb\x00\x47\xc0\x40\xa8\x70\x30\x6c\xd8\xdc\x74\xc4\xda\x51\xbf"},
+{{0x42,0xb5,0x36,0x52,0xd0,0x8b,0x5d,0x76,0x6e,0x66,0xad,0x8f,0x3e,0xbf,0x69,0x3c,0xfd,0x77,0x90,0x7c,0xad,0xd9,0x8b,0x54,0x66,0xdf,0x77,0xdf,0xa2,0xc6,0x37,0xad,},{0x88,0x46,0x3b,0xb8,0xa4,0xb6,0x38,0x8d,0x92,0x4c,0xb8,0x62,0x09,0x83,0x41,0x95,0x43,0x5d,0x79,0xd7,0x7f,0x8c,0x02,0xf4,0x6b,0xbd,0x16,0xd8,0x2e,0xfe,0x42,0xb3,},{0x30,0xc4,0xb9,0x9e,0x68,0xec,0x33,0x51,0x30,0x8f,0xbc,0x76,0xd9,0xca,0xf0,0xaf,0x62,0x21,0xb5,0x96,0xb7,0x01,0x7f,0xe1,0x0c,0xc6,0x33,0x02,0x3b,0xa9,0x7f,0x02,0x38,0x96,0xfe,0x32,0x2b,0xaa,0x34,0x76,0x60,0x61,0x0e,0x05,0xfa,0x49,0x3d,0x21,0x8f,0xa3,0x60,0xf1,0x8d,0x93,0xe2,0x75,0xd1,0xef,0xf6,0x66,0xb6,0x3d,0xb2,0x04,},"\x9e\xe9\x13\xc7\x4e\xe3\xc5\xe8\xc9\x0d\x64\xb8\xae\x3a\x60\x04\x9f\xc7\x65\xe1\x76\x06\x0b\xcd\x1c\xd0\x9f\x0e\xda\x60\xbf\x23\xba\xdb\x8a\x1c\xaa\xc3\xd6\x6e\xbc\x52\x68\x14\x6e\xe4\xa5\x4e\x1e\xb2\x31\xed\x25\xef\xf9\x5b\x90\xa6\xe9\x83\x37\xa5\x40\xa3\xf4\x84\x49\x79\x4a\x48\x73\xbf\xc2\xe8\x47\x28\x96\x6b\xb7\xc6\xff\x67\x6a\x2f\xf5\x73\x11\xc1\xc2\x5e\x15\xfb\xf3\xd4\x0e\x9f\x25\xab\x5d\xb9\x1f\xdd\xb7\xa0\xae\x43\x6c\x8e\xc0\x70\x75\x4b\x6d\x74\x3a\xa1\xd6\x04\x8f\xb5\xbd\x7f\x5b\x8e\x4c\xca\xd2\x03\x28\x38\x95\x30\xf1\x13\x74\xa4\x89\xb1\xd5\x05\x31\xa3\x9c\x9b\x32\xb4\x03\x69\x62\x60\x06\xd2\x64\xa9\x9e\xec\x4f\xac\x13\x41\xf4\xe7\x46\x79\x45\x7b\x41\x8e\x6b\xbf\xba\x23\x3f\x1c\xa1\x58\xf7\xb2\x9d\x40\xd5\x03\x01\xf9\xd9\x25\x36\xfd\xc5\xc2\x3f\xe5\xde\xe4\xd6\xdf\x0e\xbf\x13\xdf\xa3\x75\x4a\x14\xc8\x56\x00\x9a\xde\xa1\xdd\xa4\x09\x30\x4c\x1f\x60\xd2\x53\x30\xfb\x10\x95\x79\x47\xa0\x05\x08\xf2\xfd\x76\x42\x2e\xac\x69\x4c\xc3\x9f\xa8\xae\x7f\xcc\x77\xa0\x2f\xd9\xee\x5f\x91\x0d\x93\xe8\xaa\xc6\x8f\x14\x5d\xd8\x78\x87\x6b\xa8\xed\xa0\xa4\x9f\xcb\x20\x9c\x34\xea\x22\x0d\x4d\x06\x05\x54\x6f\xc4\xa8\x09\xba\xf0\x10\xd5\x33\xe4\x5d\x17\xb0\xe1\x6a\x46\xe9\x1e\xa6\xfe\xc2\xcd\xc5\xa8\xb3\xec\x50\x14\xb2\x5e\x92\xd8\xe5\xc9\x28\xab\x06\x99\x3d\x4f\xe2\x3a\xc8\xd4\x5c\x89\x03\x78\xdd\x13\x3f\x00\xed\xb9\x37\xc0\x71\xf7\x5c\xfc\x13\xa4\x02\xe3\xe4\x29\xa8\x48\x65\x2a\x17\x5c\x9b\x6f\x6e\xac\x86\xf6\x18\x8a\x44\x48\xa9\x6c\xe2\x87\x2e\x5f\x65\xf9\xbd\xb8\x71\x66\xc9\xb8\x7a\x7e\x95\x8e\x80\xbb\x65\x66\xe3\xfc\xf8\x71\x19\x0c\xf4\xa8\x67\xe6\x12\xcf\xc1\xe4\x37\x1d\x2b\x73\xd2\xa0\xad\x0a\xa4\x00\xba\x69\xe6\x63\x36\x23\x3b\x0f\x3c\x52\xb8\xa6\x8b\xca\x05\x12\x56\x01\x25\x50\x46\xe6\xf4\x9d\x68\x8d\x2d\xb8\x5c\x7b\x82\x12\x70\x51\x6e\x3c\x06\x13\xf3\xf2\x3f\x9c\x57\xcb\x4c\x87\x14\x28\x5c\xdf\x95\xe1\x06\xa3\xb5\xaf\xca\xeb\x81\xb7\x2f\x34\x3e\x87\xbd\x92\xf1\x58\x1d\xcf\x9a\xa9\x0a\x02\x4f\xa4\xa1\x04\x80\x59\xe3\x0d\xe8\xff\x0d\x16\x79\x4d\xcd\x74\x5d\x2b\x2d\x53\x4c\x52\x0f\x82\x78\x53\x86\x74\xa9\x34\xc6\xf1\x4a\x84\x28\xe3\xda\x01\x8a\x36\xe4\x5a\xa5\x82\x7c\xf4\xb1\x52\x84\x34\x6f\xd6\x93\x63\x14\x92\x19\xbb\x0d\x1b\xc9\x27\xd8\xd1\x93\xc4\x82\x69\x2f\x97\xdc\x88\xd8\xed\x33\x7d\x0c\x9d\xc9\x9c\x7a\x5e\x11\x1d\xce\xd4\x22\x50\xd5\x80\xe2\x06\x92\xbb\x7b\x88"},
+{{0x14,0xcf,0xe0,0x0f,0xa7,0x19,0x0a,0xe8,0x10,0x88,0x8a,0xe2,0xbb,0xd0,0xff,0x64,0x12,0xcf,0x1f,0xd4,0x08,0xa3,0x08,0x29,0x43,0x83,0xa1,0x94,0x53,0xb5,0x90,0x73,},{0x4e,0x61,0xaf,0xe8,0xc1,0x74,0xb6,0xee,0x1a,0x29,0xfa,0x09,0xcf,0x87,0xb4,0x00,0x81,0x39,0xf1,0x07,0x0b,0xc8,0x53,0x1b,0x6d,0x06,0xf5,0x4c,0x95,0x62,0xa4,0xf3,},{0xf7,0x85,0xa4,0x6f,0x69,0xbb,0xd0,0x99,0xfa,0x01,0x11,0x24,0xba,0x90,0x32,0xc1,0x89,0x74,0x2c,0x9e,0x00,0x1d,0xbb,0x87,0x81,0xd8,0x22,0x33,0x45,0xa9,0x56,0x9d,0xc1,0x44,0xca,0x69,0x4d,0x90,0x24,0x5e,0x0e,0x51,0x3e,0x88,0xab,0x02,0x3f,0x7f,0x0f,0x99,0xb7,0x41,0x61,0x59,0x75,0x8d,0xd0,0x34,0xe7,0xa8,0x9c,0xff,0x36,0x00,},"\xbc\x66\xf8\x01\xda\xa8\x29\x85\x8e\x74\x02\x93\xd4\xd2\x18\x7b\x8e\x1a\x5a\xfb\xa5\xfd\x67\xb1\x09\x56\xc6\x53\x46\xac\xa9\x44\x29\xd3\x2e\x4c\xfb\x35\x84\xab\x0e\x00\x5d\x0d\xd7\x42\x78\x1d\x47\xe8\x94\x47\xc4\xe1\xd8\x1b\xf7\xe6\x15\x4f\x8f\x73\xaf\x03\x36\x1a\xd5\x6e\xa3\xc0\x60\x00\x75\x4b\x9f\x32\x7d\x4e\xde\xac\xc4\xd3\x48\xaf\xb5\x48\x23\xe1\xc9\xd4\x9c\xd8\xff\x2b\x19\xf4\x20\x21\xb4\x0d\x58\x0c\x39\xce\x3d\x24\x36\x61\xb8\x54\x21\xfe\xc9\x15\xba\x9d\xd2\x76\x2f\x85\x0b\xd2\x08\xfd\xbf\x20\xff\xab\xa5\x6a\x46\x86\x60\xf1\x7c\x00\xfb\x1c\x0f\x4e\x85\x27\xa5\x09\xdd\x4e\xec\x13\x36\x0c\xf6\xe3\xca\xc5\x42\xb8\x75\x18\x2f\x2a\x7c\xe7\xbe\x0a\x33\x30\x2f\xe2\x6d\x36\x29\x62\x93\x84\xe3\x5c\x06\x78\x9d\xe6\x34\xe9\x0e\x96\x4f\xbd\xa8\xcb\xba\x98\x11\x1e\x22\xe8\xd0\x76\x26\x84\x26\x6a\xab\x76\xae\xba\x4a\x38\x07\x78\x69\x68\x14\xa1\xe3\x11\x94\x3c\xb3\x50\x58\x92\x64\x0c\x44\xe3\xaa\xc4\x53\x0c\x50\xac\x60\x4a\x8d\x2c\xcc\x7c\xea\xbf\xfe\xa4\xaa\x3d\x7f\x48\xa6\x6d\xcd\x75\x88\xb8\x02\x09\xdb\xc1\x73\xf0\xc6\x63\xe8\xfc\x87\xa3\x6e\x89\x2e\xc9\xa3\xff\x8f\x60\xd2\xe0\xd8\x70\x4e\x5b\x6c\xbb\x87\x32\x75\x15\x1a\xd4\xcc\x00\x57\x16\x50\x31\x90\x50\x39\x65\x1c\xa1\x0a\x95\xc6\xfd\xa3\xb2\x78\x27\xa6\x57\xef\x9a\x5f\xc3\xeb\x5b\x53\xca\xc6\x1d\xda\xf5\xa4\x17\x04\xc8\x78\x57\x0c\xbc\x3c\x41\xc4\x75\xb1\x17\xc0\x5e\xab\x0b\xb1\x96\xbc\xb7\xc4\x33\x34\xde\xbd\x64\xb9\xe3\x74\x50\xd2\x3f\x5c\x10\x16\x1e\xc5\xab\x4f\xcc\xd7\xcf\x30\x8e\x2a\x99\x95\xcc\x9e\x57\x8b\x85\xe8\x28\x5a\x52\x08\xb9\xef\xd4\x2a\xf9\xcf\x2a\xc2\xb3\xb7\x46\x42\x54\x88\x9a\x21\x87\x31\x7e\x32\x49\x97\x09\xb9\x13\x95\x3a\xd4\x6f\x1c\x23\xe1\xb6\xb5\x6f\x02\x4c\x4a\x7d\x48\x46\x11\x92\xc0\x1c\x56\xc5\x4c\x56\x47\x91\xec\x0a\x67\xb6\x1a\xcb\xf9\x57\xe6\xd0\xd7\xda\x80\x53\xed\x13\xa4\x18\x93\xd7\x67\xfc\x57\x37\xcd\x19\x55\x53\xda\x5d\x5b\x07\x06\x5f\x47\xd7\x2a\x35\xc4\x2b\x00\x1e\xb6\xdb\xd0\xf8\xe7\x7a\x4b\x76\xa6\x26\x61\x92\x64\x7f\x41\x55\xea\x11\xbd\x12\x37\xba\x77\xc8\x7c\x62\xbf\x4b\x01\x14\x9f\xc5\x8b\xc2\x8f\x0b\x5a\x28\x64\x85\xd3\x71\x7d\x32\x39\x64\x04\x62\x18\xe7\x0c\x7e\x38\xb7\xd5\xe7\x4b\xa6\xb1\x2b\x02\x2f\x18\x19\x7d\x92\xc1\x3b\xca\x89\x33\x5c\x85\x6c\xbc\x57\x56\xaa\x3b\x64\xec\x1f\x46\xe3\x96\xb1\x16\x1c\x87\x1c\xd2\xdf\xde\xd1\xa4\xec\x91\x92\x74\x29\x37\xc0\x70\x45\x31\xc7"},
+{{0xac,0x0f,0x7f,0x04,0x18,0xde,0x67,0xe3,0x48,0xfa,0x6d,0x56,0x86,0xc4,0x6d,0x21,0xca,0x72,0x62,0x2e,0xe6,0x9e,0xaa,0xbe,0x00,0xd5,0xc9,0x07,0x5a,0x34,0xf1,0x79,},{0xfe,0xab,0xde,0x08,0xf0,0x0a,0x2b,0x68,0x2b,0xce,0x9d,0x45,0x99,0x0b,0xf4,0x5a,0xfc,0x95,0x83,0x39,0xdc,0x44,0x10,0x6d,0xad,0x33,0xb2,0xc4,0x90,0xef,0x70,0x90,},{0x75,0x91,0xcf,0x82,0x57,0xbe,0xad,0x39,0xa1,0xad,0x3b,0xa1,0x91,0x8d,0x51,0x8e,0x67,0x24,0x35,0x6b,0xf6,0x25,0xa5,0x73,0xea,0xe5,0x01,0xd1,0xaf,0x94,0x6c,0x13,0xc2,0x90,0xcb,0x63,0x15,0x6e,0xc9,0xd3,0x62,0x72,0x6e,0xe5,0x0b,0x39,0xfc,0x0a,0x7a,0x2b,0xbd,0x69,0xd4,0xa8,0x1b,0x75,0x93,0x2a,0x90,0xf8,0xc7,0xac,0x7d,0x03,},"\xe8\xd0\xe8\x32\x53\x35\xe0\xf3\x5a\x85\x46\x7b\xee\xd1\xe1\x1c\x6a\x20\x78\xc3\x5a\xe4\xa4\xa1\x05\x43\xed\xe4\x0c\x17\x12\xbc\x95\x20\x12\xd2\xf8\xfe\xc1\x05\xae\xf7\xc6\xc6\x5b\x36\x34\xb4\xa7\x4b\x22\xb4\x98\xb9\x13\x50\x7d\x1f\x6c\xfd\xe8\x38\x58\xe6\x83\x0c\x0a\xf4\xf4\x64\xa6\x89\x9d\x5c\x4e\x27\x9a\xff\x36\x75\x4c\x21\xda\x80\xa1\xbb\xd1\xdc\xf4\x62\x20\x37\x5b\x1e\x11\x2a\x5a\x72\xf1\xab\x6e\x8f\x64\x19\x42\xf6\x6d\x9b\xbd\xbb\x17\x9c\xf0\x13\x9e\xa8\xde\xb0\xf4\xb8\x14\xf5\x0c\x51\x33\x29\xa1\xa0\xe2\x67\xc4\x43\x3a\x23\x31\x82\xbc\x4a\x2a\xcb\x2c\x6d\x4f\x00\xb2\x40\x94\xd3\xbd\xc0\xeb\x81\xcf\x37\xd3\x82\x60\xc2\x10\x7d\xd9\x49\x06\x13\xd2\x76\xee\x1f\x72\x26\x6c\x6e\x4a\xcc\xa5\x24\x98\x11\xa0\xf8\xa7\xda\xe6\x6a\xed\xb7\x5c\x3d\xf4\xc8\xca\x3c\xb5\xd9\xc5\x67\xba\x54\x1e\xe5\xa9\x14\x0c\x50\x58\x72\x72\xaf\x34\x53\x0a\xb8\xb0\x8b\x9e\xc0\x32\xea\xc0\x60\x39\xe6\x92\x63\x0e\x2d\x55\x4d\xf7\x7c\x1a\x03\x88\xb3\xca\xaa\x3b\xe3\x75\x4a\x84\x96\x1f\xb2\x99\xe4\x02\x22\x71\x58\xce\x36\x3e\xac\x26\x47\x8d\x47\x97\x75\xe5\x68\x5a\xdb\xf8\x28\xbb\x35\x5e\x3c\x89\xcc\xe2\x41\x50\x3c\x15\x36\x64\x32\xba\x94\xcd\x3c\xd9\x54\x79\x14\x4b\x63\x6e\x0d\xe7\x0b\x3f\x16\xd1\xa3\xca\x51\x8e\x39\x90\x09\xa4\xc2\x47\xa7\xf9\x63\x67\xc7\x14\x66\x08\xaa\xcc\x00\x14\xfc\x35\xb8\x4a\xf9\x93\x3f\x09\xba\xbb\x89\x93\x7a\xbb\x8c\xed\x11\x18\x91\x34\x3d\xdb\x79\xf6\x0b\x78\x89\x8a\xb5\x93\x8f\x8b\xa3\x81\x4b\xd8\x00\x26\x05\xb1\xdf\xd2\x97\xfa\x07\xc4\x75\xa0\xd4\xf8\xf4\x45\x1a\xcd\x70\x7d\xe8\xaf\x6c\x0e\x88\x18\x83\x3a\x3a\xbe\x5c\x96\xd1\xa8\xc6\xc9\x6e\x2c\xb6\x33\x28\xeb\xa4\x4d\xd1\xd3\x46\x84\xe4\x12\xf2\x88\xe0\x65\x20\x9d\x11\xeb\x80\x94\xd2\x2e\x4c\xc8\x02\x62\x9c\xcb\xa3\x39\x26\xbf\x1a\xd3\x6a\x62\x85\x13\x8a\xbe\xe0\x5c\x5a\x39\xa4\x75\xf3\xfd\xd0\xb3\xec\x8c\x37\x0c\xd9\x57\xa8\x37\x9e\xc2\xcd\xaf\x03\xe8\x95\xc1\xba\x12\xb4\x49\xd6\xcd\x8b\xe0\xf3\x5d\x99\xe2\xb7\xfb\xaa\x92\xdd\x54\xe6\x4e\x7c\x35\xce\xb8\x8a\x71\xa6\x80\x52\x7c\xb3\x73\xaf\xe1\x4c\xdd\x15\x8a\x0b\x90\xbf\x2d\xae\xc8\x0d\x2e\xdb\xdc\x31\x28\xcd\x6b\x63\xfa\x53\x2a\x1c\x27\x8c\xdf\xe0\xf8\xeb\xb4\xab\xba\x5e\x1a\x82\xbc\x5c\x3f\xed\x15\xc5\x79\x5b\xd9\xff\xb5\x76\x08\x2c\xc4\x79\xfa\x1b\x04\xc5\xc5\xaf\xca\xd2\x69\xa0\xf1\xad\xdf\xe7\x60\x42\xc3\xa8\xf1\xf2\x53\x77\xb6\xcb\x72\xec\x16\x14\xeb\x63\x83"},
+{{0xb5,0xa7,0xc7,0x67,0x93,0x63,0x80,0xb3,0xe9,0x87,0x51,0xca,0xfd,0x3e,0xa8,0x9b,0x38,0x8a,0x32,0xcf,0x82,0x8b,0x32,0x1c,0x5b,0xd0,0xcc,0x8d,0xd8,0x5b,0xaf,0x00,},{0xbe,0x7f,0xa6,0x5f,0x1f,0x6b,0xe5,0x10,0x27,0xf8,0xb8,0x48,0xdb,0x7a,0x8c,0x40,0x49,0x61,0xbf,0x1e,0x21,0xa2,0x3d,0xf2,0x3b,0xb8,0xce,0x05,0x85,0x0c,0xda,0xa1,},{0x60,0xe4,0xd2,0x3f,0x1f,0x08,0xfc,0xe4,0x66,0xc9,0x91,0x5d,0xde,0xd9,0x32,0x56,0xb5,0x2b,0x32,0x7e,0x5f,0x81,0xfb,0xb3,0x1d,0x1d,0x10,0xd3,0x21,0xc3,0x90,0x36,0x6e,0xf0,0x01,0xfd,0x75,0x9a,0xa9,0xd0,0xa5,0x51,0x62,0xd5,0x36,0x4d,0x91,0x8b,0x48,0xc7,0x32,0x7e,0x77,0xcf,0x53,0x58,0xbc,0x43,0x19,0xe3,0x25,0xcd,0xd6,0x08,},"\x6b\x67\xc7\x95\xd6\x6f\xac\x7b\xac\x84\x42\xa6\xc0\x99\x2c\xb5\x75\x88\x43\xb3\xe3\x93\x9e\x3c\x27\x6c\x6e\x90\x08\xda\x82\x00\x76\x77\xbf\x9e\x67\xe9\xac\x5a\x1a\x0f\x48\x6b\xea\xc0\xd8\x56\x19\x1f\xae\x25\xa1\x27\x39\x2b\xed\x46\x9b\xc7\x8d\xeb\x0c\x4b\x89\x3f\x67\xf1\x71\x6d\x83\x50\x90\x77\xe4\xa1\xbf\xd4\x13\x6d\x03\x15\x2d\xcc\x3b\x76\xd9\x52\x49\x40\xa6\x06\x4c\x66\x9f\xbf\x51\xf6\xb9\x10\x34\xb6\xd5\xf2\x89\x86\x78\xa1\x3a\x24\x70\xf6\x64\x1e\xc8\x02\x45\x7c\x01\x02\xc3\xeb\xf6\x34\x5c\x32\x7e\x74\x1b\x80\x64\x4b\x3a\x99\xbf\x72\xb5\x9a\xb8\x01\x6f\x35\xd2\x51\x88\xa0\x85\x75\x0d\xc0\x60\xe5\xa8\xd5\x24\xae\x21\x3f\x07\x8f\x28\x8c\x7b\x34\xbc\x41\xf3\xce\x35\x6b\xf2\xda\xfd\xd2\xe0\xdb\x4f\xb8\xd7\xc2\xc3\x19\xf9\x90\x60\x05\x97\x17\x02\xe4\x9c\xa6\x2e\x80\x50\x54\x0d\x41\x21\xd2\x42\xf2\xee\xab\x1b\xd1\x34\xe6\x0b\xf1\x1b\x3e\xc7\x1f\x77\x65\xa9\x7c\x0e\x09\x84\x55\xe5\x9d\x22\x35\xd6\xb3\x7e\x7c\x9f\x5b\x21\xfa\x11\x2c\x3b\xa3\x9e\x4e\xa2\x00\x61\x4f\x58\xdf\xb3\xeb\x7b\x83\x6f\x0b\xec\x1d\xdd\x43\x8d\x14\x22\x45\x0a\xe7\xde\xd1\xdf\x9d\x71\xe5\xd9\xbc\x8f\xa3\xb6\xe6\xf7\x84\x46\xce\x7c\x79\xd0\xbc\xfb\x1c\x2d\x26\xc6\xfe\xce\x68\x68\x2d\xff\xc6\x0a\x9c\x6e\x0a\xd0\x5f\x2a\x09\xf2\x1d\x75\x23\x25\x1c\xb0\xc3\xd0\x8e\xfb\xbf\x8a\xc1\x63\x39\xd7\x17\x02\x4d\x67\x60\x24\xc1\xee\x3c\x1f\x62\xc5\xae\xab\x7f\xff\x93\x7c\x57\x45\x4d\xf7\xbd\x96\xf9\x84\x4a\x2a\x39\x99\x58\x41\x8a\xaa\x6f\x18\x48\xbe\xbf\x7b\xf1\x29\x2c\x24\xeb\x5c\xd8\xea\x56\x34\x0c\x5b\xeb\x26\x88\x02\x4a\x69\x53\x27\x5b\xe6\xef\xd1\xb7\x1b\xa8\xbe\x6e\xb7\x7f\x0c\x65\xa7\xc5\x11\x1b\x96\xc4\xc1\xf3\x9c\xb7\xaa\xf8\x3f\xda\xae\x8d\x14\x8d\x7a\x8a\xf4\x0a\xe9\xe6\x51\x91\x9f\x7c\xe2\x8c\x8b\x2b\x6e\x45\xe4\xd3\xd5\x6f\xdd\x54\xd0\x0c\x24\x12\x79\x0c\xbd\x6f\x80\xe1\x08\x19\xe0\xb8\xf3\x7c\x84\xfa\x00\x49\x88\xad\xaf\xcc\xbb\xc2\x1c\x63\xd6\xbf\x2e\x73\x2d\x9d\xd6\x3b\xd4\x9b\x04\x12\xb9\x67\x4e\x1e\x88\xf6\x14\x2f\x7f\x86\x7f\x1f\x26\x89\x1b\x22\x43\x04\x23\xce\xc4\xdb\x91\xb6\x1c\x2a\xbc\x5c\x8f\xbd\x46\xb8\xb9\x35\x96\xfc\x51\x60\x68\x31\x36\xe2\x11\x29\x82\x27\x96\xeb\x5e\xa0\x88\xe0\xa7\xd8\x12\x1b\x25\x57\x2e\x3e\xc3\x77\x43\xd1\xff\x6d\x8d\x1c\x35\x36\x43\x9a\x10\xe8\x4a\x66\x5f\x2c\x75\xee\x73\xcd\xc6\xff\xac\x4c\xc2\x87\x24\x46\x9f\x79\x70\xb4\x75\x07\xdf\x3e\x1b\x14\xd4\x77\xae\xc2\xbb\x20"},
+{{0xe1,0x36,0xf3,0x98,0xa6,0x05,0xd1,0x34,0x57,0x84,0x8c,0xea,0xd0,0x7c,0x72,0x86,0xf4,0x2e,0x2f,0x28,0xdf,0x8c,0x12,0x8a,0x3d,0x0b,0xb7,0x2b,0x29,0xaa,0xcc,0x19,},{0x6a,0xa5,0x04,0x5a,0x66,0xf7,0x72,0xa5,0x71,0xfe,0x3e,0x42,0xd1,0x17,0xef,0xcd,0xf6,0xc4,0x95,0x91,0x99,0x61,0x86,0x01,0x2f,0xa9,0x8f,0x7c,0x48,0xe0,0xcd,0xa7,},{0x75,0xa4,0x5c,0x6b,0x95,0x66,0x89,0x98,0x29,0xb4,0x1e,0xe5,0x17,0xb7,0x04,0x5a,0x47,0x3a,0x4f,0x7a,0x26,0x41,0x43,0x9b,0x5d,0x7c,0x56,0x73,0xe0,0x0d,0x8f,0x5c,0x06,0x6f,0x12,0x91,0xf8,0x5d,0xea,0xda,0x05,0x02,0xbd,0x16,0xe9,0x70,0x9f,0x82,0x7d,0x47,0x51,0xf2,0x87,0x38,0x62,0xe8,0x21,0x9e,0x57,0x74,0x6a,0x19,0xa9,0x00,},"\xd3\x28\x57\x9d\xe4\xc5\x37\x2f\x3b\x38\x2c\x48\x01\x1b\x2d\x4c\x60\x29\xf9\x04\xf3\xa3\x3e\x07\xd0\x83\xd7\xe2\xb0\x37\x56\xaf\x2c\x4c\x97\xa2\xd6\x6c\x10\xec\x41\x54\xd8\x74\x79\x20\x42\xb6\x46\xe4\xaa\xe5\x10\x1d\x50\x1b\xd1\xbf\x6f\x51\x17\x51\xd0\xaa\xf8\x21\xcd\x7c\x0b\x3e\xe6\xd0\xd7\xc6\x90\xa2\x77\x7f\xe1\x6b\xdc\x7e\x49\xb7\xda\x4b\xbb\x4c\xce\x3b\x61\x8e\xe9\xb6\xf2\xe3\xa1\x92\x40\xcd\xb7\x07\x33\xb9\x84\xb1\xc9\x40\xec\x66\x96\x0b\x72\x8c\xbb\x87\x4b\x80\x64\x31\x23\x72\x2d\xb9\xdb\xbe\x88\x32\x20\x08\x93\x1b\x1c\x89\x4e\xf5\xd2\x10\x99\xe6\x3e\x7c\x65\x00\x7a\xcd\x61\x78\x4d\xb4\x99\x4a\x2f\xb4\x0c\x3e\xfe\x9c\x47\xfa\xd6\x37\x63\xdd\xe0\x6f\xa0\x17\xa2\x6b\x82\xe7\x1b\x9d\xaa\xbc\x4f\xf0\xf6\xc7\x9b\x8c\xa7\xcc\xb4\xdc\x20\x31\xbe\xf1\x08\x73\x67\xc7\x08\x69\x74\xa0\x05\x66\xde\x41\xa7\x1e\x11\xd9\x93\xab\xe4\x33\x56\x98\x92\xb8\xf7\x5d\x76\x37\x99\x32\x45\xc8\x84\x47\x8a\xbe\x3f\x95\xf4\x4b\x0a\x4b\xbe\xde\xfe\xf8\x90\x6b\x75\xe0\xd3\x40\x20\xae\x53\x64\x55\xb0\xe0\x6f\x9b\xfe\xe1\x1e\xc9\xb8\x60\x4b\xac\x2c\xc6\xeb\xe0\x8c\x8f\xd5\xf5\xcc\xcc\xcb\xc1\x61\x7b\x7c\xf6\x9a\x3c\x51\x2e\x1f\x0b\xdb\x58\x5d\xf5\xe1\x27\x43\x06\x1f\x7c\x20\x53\xbc\x37\x14\x43\x61\xc0\xb3\x5f\xd3\x9d\x56\xb1\xef\xaf\x92\xc6\x10\x36\x01\x93\xec\x20\x59\x8b\x82\x85\x80\x50\xa6\xd9\x9e\x08\x2b\xce\xfd\xbd\x53\x18\xee\x5e\xfb\x3b\x26\x0f\x32\x76\xf3\xc7\x3f\x9c\x24\xce\x0c\xda\x33\xc7\xac\xc5\x0c\xa5\xdd\x61\xbd\xb8\x5d\x79\x38\x25\xf6\x73\x2a\x6e\x33\x0c\xe6\x72\xac\x44\xfe\x6b\x2b\x9a\xfe\x6e\x2e\x96\x5c\x02\xd2\xa1\xfe\x0b\x57\xcb\x1b\x31\x7c\x1d\x31\x3e\xfd\xc3\x56\x49\x2f\xe8\x96\xfd\x14\x9d\xae\x51\xc9\x5c\xcd\xbb\x7d\x11\xf7\xd6\x10\xe0\xc6\xe2\xfd\x3e\x57\xfc\xfe\xf1\xc5\x7c\x71\x19\xa0\xaf\x6c\x78\x21\xfe\xcd\xb8\x9d\x80\x30\x2b\x49\xfa\xd4\x17\x43\xf3\xd2\xd7\xa0\x75\x15\x4b\x31\x43\xe5\x1a\xeb\x94\x7d\x4b\x5e\x8b\x7e\x4c\xa8\x6f\xec\x3e\x80\xbd\x9a\x78\x6e\x4e\x46\xed\x1e\x6e\x9f\x7e\x0b\x63\x52\x66\xd9\xfa\x09\x7a\xa9\xe2\x0f\x32\xe3\xd2\x77\x2d\x7c\x1f\x00\x8b\xcd\xd3\xf9\x2c\x72\x83\xc5\x77\x90\xc3\x62\x2c\xba\xd3\xca\x35\x80\x3c\x45\xc8\x69\xdc\x37\x7f\xf3\x6b\xd7\xc0\xe6\xf1\xbb\x89\x2f\x73\x29\xa6\xe0\x8d\xf1\xdb\xeb\xc8\x1d\xc7\xb1\x15\xf8\x52\xe3\x6a\xe5\xd9\x28\x72\x5f\xa7\xc6\xfb\x9f\x28\xb0\xfb\x39\x4f\x9e\x38\xfd\x87\x62\x5c\x5f\xa2\x3a\xab\xa4\x70\x54\xe8\xcf\xea"},
+{{0x97,0xb6,0x70,0x2e,0x24,0x68,0x05,0xdb,0xcf,0xc7,0xfa,0x42,0x4a,0x8c,0xaa,0xbc,0xf2,0x62,0xd4,0x66,0xa0,0x5e,0x0d,0xd2,0xd4,0xe7,0xc3,0x74,0xd5,0x7d,0x52,0x51,},{0xa7,0x16,0xc3,0xd5,0xce,0x78,0xf4,0xd9,0xc5,0xbe,0xe3,0x44,0x7d,0xda,0xf4,0x88,0x1c,0x98,0x6e,0xfd,0xf6,0x67,0xac,0x89,0x77,0xb4,0xfb,0x69,0xb5,0xa7,0x11,0x0a,},{0x90,0x00,0x55,0x41,0xdc,0xc1,0xd7,0xab,0x83,0x7f,0x4d,0xe5,0x39,0x3f,0xad,0xd6,0xa9,0x2b,0x26,0xa7,0xd9,0x3a,0xf3,0xf6,0x69,0xe0,0xf1,0xbf,0xd6,0x21,0xcb,0xd0,0x0c,0x8a,0x23,0x05,0x6d,0x2d,0xa6,0x78,0x65,0x57,0xc8,0x28,0xa4,0x9b,0xe1,0xe4,0x02,0x1d,0x99,0x31,0x12,0x35,0xac,0x0d,0x4d,0x56,0xee,0xfc,0x7c,0x95,0x36,0x05,},"\xea\xa8\x6c\xf7\x6f\xcb\x65\xc6\xf9\xfc\x20\x8a\xc3\x6f\x28\xb2\x00\xd3\xb4\x03\xac\xa7\x32\x07\x46\x1d\x8d\x96\xaf\xa2\x46\xd7\xc6\x9d\x17\xa7\xa9\xbf\x77\xf0\x55\x43\x56\x3a\x7d\x3e\xca\x1d\x40\x79\xe2\x29\x38\xab\xa1\xf6\xe9\xe0\x4b\x49\xfb\xc8\xed\x6f\x63\xb5\x99\x73\x0d\xe9\x97\x98\x31\xc0\x2f\x8c\xba\x61\xe5\x55\x60\xd7\x11\x0d\x4c\x6e\x61\x67\x97\x06\xa7\x15\x5d\x5a\x67\x3c\x54\xd1\x6f\xe4\xd2\x28\xc2\xec\xa7\x54\x6f\xaa\x13\x39\xf2\x6d\x7a\x0b\xb4\xee\x33\x96\x11\xaf\xde\xc9\xa6\x8f\x5f\xf5\xb5\xd2\x03\xb6\x00\x53\x3a\xd5\xa3\xb3\x68\xc8\x5d\xa1\x15\x63\xf0\x98\xcc\x26\x87\x1e\x7f\xa9\x9a\xef\xd3\x8c\xc2\x61\x51\xdb\x3b\x0b\xae\x38\xdb\x6a\x87\xb6\x78\x9e\x58\x40\xb1\x08\x84\xaf\x51\x1f\x3e\xcb\x3e\xcb\xf9\x4f\xf8\x6f\xdb\x90\x55\x05\xa8\xc3\x4b\x2a\xa6\x1f\xf2\xec\x9e\xc8\xfe\xbd\x1d\xfe\xd0\x96\x5b\x6f\xc5\xb9\xf8\x86\x9d\xc3\xa4\x75\x59\x97\x4a\x88\x22\x99\x67\x06\xda\xef\xbc\x6c\x5b\xf9\x84\xce\x06\xb0\xd3\x2b\x31\xcf\x9d\x8a\xd1\x36\xae\xd4\xb0\x52\x58\x6d\xce\x70\x73\xb7\x67\xb2\x34\xe4\xa3\x7b\xeb\xbc\x39\x3d\xd2\xe0\xf7\xd1\x55\x17\x35\x48\xc3\x8a\x15\x83\xef\x94\xe0\xaa\x84\xe7\xfc\xe0\x4f\xcc\x9b\x4e\x30\x0a\xd0\x99\x44\x9a\x49\x23\x2a\xbd\xcf\x3d\x1a\x6e\x6f\xca\xb6\x96\xf5\x99\x6f\x9b\xd1\xb9\x48\x5d\x07\x47\x55\xac\x5b\x42\x97\xfe\xe3\x12\x4c\x7c\x03\x97\x6a\x40\xd5\x70\xbe\xae\xc2\xfa\xc9\x92\x33\x9f\x88\x5f\x74\xd4\x0e\xd4\xac\x87\xa4\xf4\x0c\xef\xbc\x48\x64\xf4\x4c\x36\x83\xaa\x8f\x10\x26\xe2\xc3\x7a\xef\xfc\xeb\xfd\xfe\x24\xdd\x0b\x01\x9c\x36\xa7\x98\x88\x20\x30\x04\xb2\xad\x83\xe8\x92\x21\xf3\xf6\x36\xf4\x55\xbb\x64\xe1\x7d\x17\x54\xc7\xc6\xdd\x7f\xc0\x9a\x0d\x65\xdd\xdd\xed\x46\x22\xfc\x4f\x9f\xba\x07\x2b\x45\x10\x34\x35\xe1\x02\x20\xa5\x86\xf1\x52\x26\xd2\xeb\x37\x7f\x40\x64\xd3\xff\x37\xcb\xb4\x70\x5a\x1f\xaa\xf5\xb3\x48\xf8\xc0\xef\x7f\xd1\x56\x4d\x42\x86\x88\xf5\x8f\x33\x92\x96\x7c\xf3\x96\xa8\xff\x2f\xd9\xe7\xb5\x17\xb7\xd6\xa5\xed\xe7\x44\x03\x73\xd8\xcc\x1a\x83\x99\x00\xe8\x4d\x42\x25\x42\x83\xd9\x69\x9c\x7c\xa3\x7e\x47\x76\x92\xa3\x49\x40\x08\xb8\x04\x44\xc5\xcf\x61\x4c\xbb\xc1\x69\xbf\xb9\x29\x63\x03\xc6\x45\xe2\xce\x28\xd1\x68\xdc\x6c\xba\xef\xae\x9c\x73\x19\x1f\x57\x15\x1a\xa4\x73\x00\x9d\x29\xe1\x80\x0b\x10\xf4\xc4\x98\x60\x9b\xa1\x15\x20\x98\x5c\x78\x09\x20\x58\x69\x6f\xdb\xca\x9c\x02\x0e\x2d\xfb\x8a\x04\x3a\x3d\xe8\xe4\x52\xd5\x8c\xd1\xad"},
+{{0xd1,0x52,0x8c,0x14,0x06,0xa6,0xe4,0x94,0xa0,0x2f,0x63,0x53,0x05,0xfa,0x74,0xd7,0x45,0xc6,0x93,0x27,0xfd,0x31,0xb7,0xd2,0xc2,0x62,0x3d,0xe2,0xc0,0x30,0xed,0x85,},{0x0c,0xfe,0x36,0x9c,0xf9,0x3d,0xaf,0x6d,0x53,0xef,0x02,0x8d,0xdb,0x9f,0x00,0x04,0x43,0xb0,0x97,0x2f,0xe2,0x53,0x2f,0x83,0xa4,0x1c,0xe6,0x57,0xc1,0x83,0x6c,0xa3,},{0xb8,0x39,0x9b,0xc3,0x32,0x6c,0xba,0x0a,0x93,0xa4,0x24,0x97,0x16,0x8b,0xf5,0x7f,0x91,0x06,0xee,0x43,0xd3,0x9b,0xf0,0xfc,0x86,0x68,0x51,0x99,0xdc,0x6e,0x0a,0x13,0xb9,0xc7,0x24,0xef,0x17,0xe7,0x88,0x2a,0xf8,0xc2,0xeb,0x70,0xf6,0xc9,0xe4,0x2d,0xfa,0x2f,0xbf,0x0c,0x1c,0xb5,0x00,0x2b,0x58,0xf1,0x08,0x66,0x19,0x73,0x3e,0x02,},"\xab\xb3\x67\x3f\x3f\xa1\x7a\x33\xa7\xaf\xf7\x6e\xac\x54\xe7\x68\x7c\x04\xbc\x84\xf7\x66\x65\x1a\x8b\x24\xba\x22\x94\x79\x08\xb0\x4c\xa4\x59\xfe\xb9\x8a\xce\x7c\xab\x1e\x74\x33\xa6\xa6\xbe\xff\xd8\xd9\x50\x4e\x29\x91\xda\xa0\x64\x4d\x61\xb8\xb2\xe4\x54\x48\xf5\x4d\xf8\x81\x3f\x50\xc4\x18\xb4\x8f\x49\xe1\x03\x4e\x85\x1c\xbe\xc3\xef\x0a\x18\x50\xef\x72\x67\x33\xaf\xaf\x68\xe1\xa4\x61\x04\x16\x51\xc1\x38\xd5\x4e\x4e\xf7\x81\x87\xaf\x9a\x73\x42\xf7\x12\x87\x27\xf9\x03\xbf\x4f\xc5\xef\x3e\x40\xc6\x4e\xc2\x6f\x89\x2f\x59\xad\xd9\x8f\xe3\x94\x76\x5a\xaa\x7d\x09\xca\xe8\x1b\x9f\x69\x9a\x9d\xd8\xbf\x2e\x2f\xe8\xe1\xec\x78\xfc\x88\x4e\xaa\x0d\x2d\xbd\xbf\xb8\xc1\x68\x83\x3e\xe0\xd2\x18\x03\xcc\x35\xdc\x62\x8d\x7c\x07\xe0\x44\x04\xfb\x60\xe8\xc4\x90\xa8\xdd\x34\xed\xbc\xba\xaf\x80\xcc\xda\xe3\xf7\xd3\x73\x9e\x0e\x89\x70\x23\xee\xb5\xb1\xa8\xc0\x0a\x96\x73\xc5\x92\x58\x24\x0d\xdd\x44\x20\x65\x0f\xe5\x77\x1f\x7e\x28\xcb\x23\x99\xf5\xe1\xe0\x2a\xd0\xb6\x43\x2d\x9b\x49\x60\x8f\xcf\x0b\x1c\x0d\x7c\x41\x2a\x44\x52\x55\xb8\xba\xdc\x53\x21\xc2\x4c\x1a\xc9\x2c\x79\xa0\xba\xcc\xb9\xde\xff\xed\x02\xd1\x2f\x55\x36\xcd\x59\x5d\xc6\x60\x83\xb3\x3a\x36\x03\xa9\xd1\x6e\xce\xa2\xbf\x38\xc4\xf2\xaa\xf5\x70\xf3\x0d\x21\x16\x2b\x2e\xfd\x7e\x4d\x5e\xbf\x1e\xca\xe9\x58\x8e\xee\x36\xdd\x9d\x3d\x8e\x3b\xe7\xbc\x6d\x4b\xc2\x18\x56\x22\xf1\x1d\x1d\xa7\xc4\x9c\x93\xe6\x23\xac\x56\xfe\xe7\xe3\x70\x6d\xb8\x31\x3c\xf9\x26\xbe\x92\xe5\xc8\xa5\x39\xfd\x16\xb0\xf4\x38\xda\x8e\x51\xa5\x1f\x2d\x27\x64\x03\x56\x12\x4e\xf7\xbe\x2f\x91\xff\xa1\x79\x6a\x91\xb1\x23\x01\x93\x4d\xde\xf0\xc7\x93\x8a\x7a\x45\xf3\x6f\x53\xb6\x32\x2d\x9c\x8f\x9d\x27\x5e\x1c\xd2\xc0\xf1\x29\xf8\xab\x8d\x74\x15\x5b\x5d\x9e\x5c\x15\xc0\x15\xb0\xb0\x00\x03\xb2\xbd\xdf\xa0\xbc\xfc\xc6\x93\xa1\xdf\xcb\x4f\x53\xda\xec\x12\x6d\x16\x69\xf3\x3f\x39\xad\x05\x51\x9e\xf7\xc5\xce\x40\xe6\xf4\x57\x3c\x24\x7a\x32\xc4\xa0\x16\x28\x31\x35\x2f\x6d\x55\x8f\xf5\x83\x6a\x53\x17\xdb\xc4\x51\x5b\x3d\xf2\x69\xa8\xac\x76\xd6\x43\x6f\x26\x4b\x64\x56\x1e\x79\x68\xb5\x82\x21\x08\x48\x7b\x04\x5c\x92\xd6\xc6\x14\x2a\x1c\x28\x55\xb3\x8b\xee\xbd\x64\x25\x65\x12\x3c\xc8\x27\xcb\x18\x31\x19\x9e\x6f\x12\xa7\xe4\x23\x68\x56\xb9\x4d\xad\x73\x8f\x69\xd1\x10\x6e\x77\x35\xd7\x11\xf7\xc6\xa3\xa3\x37\x80\x41\xfc\x7a\x21\x10\x3b\xbf\x86\x69\x07\xd4\xed\xdd\xaf\xa0\xe7\xf1\xbb\x5f\xfd\x41\xa6\x0d\x64"},
+{{0x51,0x23,0x40,0xf9,0x61,0xf1,0x42,0xd1,0x91,0x5e,0x85,0xfe,0x4f,0xa0,0xf5,0x51,0xf8,0x08,0x92,0xe7,0x5a,0xcc,0xce,0x7c,0xd1,0x86,0x9e,0x6e,0x2c,0x9e,0x80,0x15,},{0x0c,0xa0,0x26,0x04,0xfa,0x87,0xe2,0xc2,0x05,0x06,0x25,0x1f,0x07,0x92,0xcd,0x21,0x25,0x85,0x6f,0x0a,0xb1,0x6d,0x66,0x3f,0x28,0x11,0x96,0x3b,0x1f,0x2d,0x81,0x72,},{0x6b,0xb4,0xd9,0x75,0xaf,0xae,0xf4,0x1e,0xa9,0xef,0x08,0x5a,0x68,0xc5,0x68,0xa0,0x5d,0xa3,0x7e,0xf2,0x1d,0xad,0x46,0x4e,0xd8,0x6a,0xc0,0xd4,0x08,0x0e,0x7d,0x01,0x29,0xfb,0x02,0x31,0x31,0xec,0xa5,0xf7,0xad,0xb2,0x58,0x6a,0x18,0xbe,0x40,0x56,0x2f,0xa2,0x76,0x4c,0xa8,0x07,0xe6,0x70,0xa0,0x59,0x6a,0x5c,0x54,0x7b,0xc0,0x01,},"\xaf\x37\xb2\xc7\x58\x7a\x8d\x5b\xc8\x95\xcd\x35\x77\x46\xab\x03\x55\x2a\x0a\x56\x1a\x29\x3d\xc7\x16\x4e\x39\xb6\xa1\x33\x3a\x92\x0b\xb6\xda\xca\x60\x06\x67\x6e\x99\xbb\x7e\x92\x8f\x9e\xa3\x91\xe5\x48\x02\xa8\xd3\x15\x96\x28\x9f\xb9\xbf\xe3\x00\x00\xcf\x52\xeb\xf0\xc1\x24\xa5\x89\x5b\xce\x33\x98\xc1\xbf\x53\x56\xbe\x82\x61\x9b\x8d\xdc\x15\xa7\x7c\xa9\x22\x49\x4b\xdb\x04\xf5\xc2\xe1\xb6\xe8\xff\x77\xae\x74\x9f\xaf\x2b\x8a\x41\xd8\x22\xc1\x7c\x06\xdf\xb7\xa5\xf9\x43\x4d\x8b\xd7\x15\xec\x87\x78\xe8\x0b\x81\xd2\xe8\xd0\x62\x98\x74\x86\x90\xc6\x55\x52\x83\xc9\x8b\xb9\xb1\x9b\x92\x46\x66\x7b\xc4\x10\x46\xff\x98\xc2\xc3\x5d\x16\x1e\x1f\x4d\x69\xd2\x54\xec\x5a\x07\x6f\x25\xbd\x5c\x7e\x2c\x98\xca\x3c\x09\xd8\x08\x33\x96\x2c\xf9\x66\x02\x87\x88\x40\x96\xeb\x30\xc4\x6c\x54\x17\x41\x06\xaf\x4e\x29\x79\xa1\x12\xf3\xe8\x94\x4e\xaa\xf7\x66\x9c\x40\xd5\xaf\xb9\x1a\x02\x4a\xbb\xeb\x14\x66\x4e\x30\x89\x03\xe4\xd2\x6d\x70\x09\x44\x6e\xe2\xe8\x30\xab\x5e\xca\x0d\xbb\xc5\x13\xfb\x4e\x04\x35\x1d\xf2\xf6\x74\x18\x64\xfb\x23\x71\xb2\x50\x2b\xe4\x3d\xc1\x5f\xc0\x44\x31\xff\xf5\xeb\x8d\x4b\x68\xd7\x24\x62\xae\x32\x2e\x57\xba\x2d\x4a\xdd\xdf\x15\xa1\x90\x2c\x21\x13\xae\xbd\x3b\x5d\x61\x29\x17\xc1\xbb\x73\xe7\x08\xad\x54\x18\xe7\xd4\x5e\x4b\x72\x80\xfc\x88\x96\xab\x80\x85\x3f\xf5\xf8\xe9\x8f\x26\x55\x3f\xc7\x8e\x30\xb3\xb0\xd7\x27\xbf\x6d\x06\x4a\x8f\x32\x88\x87\x68\xc5\x1e\xbb\x61\xb2\xc6\x00\xb4\x02\x8a\x77\x06\x0f\xeb\xbb\x02\xeb\x3d\x20\x17\x80\xe7\x45\x66\xc8\x6a\x34\x03\x18\x36\xbc\xe9\xea\xda\x81\xe5\xd0\xf3\x39\x60\xcb\x2d\xf0\x8a\xff\x3c\x97\x49\x21\xfc\x9b\x7d\x3a\xa7\xc8\x1e\x9c\x67\x1e\xd6\xd3\x3e\x7a\xe5\xed\x03\xa5\x41\x7d\x7e\x5c\xd6\xfa\xac\x91\xb5\x4b\x8f\x79\x2f\x48\x28\x3c\x60\x64\x7d\xe3\xda\x81\x6c\xa9\x75\x6c\x5b\xfe\x1b\xb8\xb5\x97\x9e\x57\x54\x01\xbd\xa3\x4e\x9c\xbc\x4d\x77\xe7\x11\xd6\xb7\x3b\x82\xda\x19\xda\x47\x3b\x55\xe8\xe7\x2d\x34\x1b\x2d\x85\x03\xe4\x86\x09\xbe\x0f\xe2\x91\x44\x4c\x28\x36\x69\xe5\xde\xad\xea\xf5\x2a\xa8\xec\x48\xda\x83\xf5\x32\x8c\xc0\x99\xfb\x41\xf8\x2b\xec\xdd\x58\xd0\x4b\x1d\x66\x20\x3d\x73\x7b\xed\x06\xcf\x21\xc9\x78\x19\xac\x13\xed\x71\x1c\xa2\x17\xa5\x7c\xf7\xd8\x0f\xf0\x82\xaa\x1a\x1c\xf8\xfe\xa5\x55\xcd\x2e\x47\xe4\xdd\xab\x5e\x3f\x99\x41\xad\x4f\x77\x5f\x49\x41\x9d\xca\xdb\x5b\x00\x4b\x68\xca\xf4\x5b\x27\xef\x49\xba\x14\xfb\x52\xb0\x9f\x1b\x18\x5b\xe9\xf9\xc7"},
+{{0xb1,0xb6,0x36,0xe9,0x57,0x57,0x4c,0x21,0xa9,0x57,0xa4,0x5b,0xd1,0x95,0xc6,0xf9,0xfe,0x4c,0xc1,0xc5,0x7e,0x84,0x13,0x4d,0x39,0xb4,0x2e,0x1a,0x84,0x32,0x9e,0xdb,},{0x95,0xe7,0x7b,0x15,0xdd,0xa4,0x7c,0xaf,0x69,0xb7,0x28,0x88,0xdd,0x69,0x96,0x1b,0xac,0xbe,0xc3,0xbc,0x75,0x35,0x30,0x03,0xe8,0xbf,0xf0,0xa4,0x3d,0xdf,0x4b,0x7a,},{0x76,0x3c,0x7d,0x0d,0x46,0x87,0x8e,0x5c,0x7e,0xcf,0x71,0x04,0xfc,0x1f,0x22,0x30,0xe4,0x61,0x78,0xa2,0x7c,0x75,0xf1,0x96,0x16,0x9c,0x02,0x79,0xed,0xb0,0x1c,0x28,0xfc,0xde,0x3b,0x0d,0x5b,0x86,0x35,0xcf,0xe3,0x39,0xfb,0x23,0x27,0x74,0xb2,0x20,0x6d,0xab,0x8a,0x46,0x0c,0xe4,0x17,0xab,0xf4,0x90,0xbb,0xfa,0x78,0x5c,0x02,0x05,},"\xe2\x5d\x32\x9c\xad\x83\x64\xd2\xde\xc2\x43\x73\xe9\x2d\x9d\x50\xfc\x7a\xbe\x8f\xdc\x3d\x0b\x4e\xe5\x7e\x1c\xfa\x5b\x7c\xd5\x8c\x23\xbe\x91\x8f\x05\x17\x9b\xa8\x41\xb6\x1e\x18\x00\x34\xca\x7e\x74\xd4\x9b\x0a\x1a\x2c\xeb\xb4\xbe\x65\x34\x4c\x91\x3c\x46\xd3\x26\x52\x33\x6e\x6b\xda\x4e\xfa\x3f\x58\x73\x0d\x39\xa6\x33\xa1\x4c\xa3\xd9\xa6\x2a\xbb\x0a\x73\x98\xcc\x29\xaf\xf9\x16\xee\xea\x2e\x7c\xaa\xc8\x08\x45\x56\x2f\x73\xd4\x03\x0f\x9c\xab\x0b\xf1\xc6\x40\x7f\x54\x01\x51\x3e\xf8\x7f\xe6\xdc\x09\x9d\xbc\x5d\xfc\x33\x52\x91\x1c\x07\xaf\x6c\x52\x3b\xef\x4c\xca\x78\x37\x96\x59\xe8\x80\x3f\x58\x59\x04\xee\x6e\xf6\xfd\xe7\x73\x66\xd9\x6d\x2c\xcf\x24\x8a\x53\x20\xd9\xb8\x29\x8b\x2a\x73\x36\x38\x79\x10\x7a\x02\xb4\x7f\x57\x21\x3a\x85\x20\x3a\xbb\xca\x5a\x41\x95\xf8\xaf\x3e\x35\x93\xed\x2f\xa3\x50\x4b\xb7\x6a\x3e\x1b\xe2\x4b\x66\xd3\x55\x66\x29\x32\xcb\x67\xdc\x88\x50\x3a\xfa\xf7\x62\xbf\xf7\x41\xba\x1c\xac\xe9\x7a\xc5\x8b\xaf\xad\x5d\x36\xc3\xaa\x02\xe0\xcb\xe2\x0e\x5f\x3d\xc8\x09\x2c\x51\x2e\xaa\x9c\x49\x43\x47\x4a\xad\x41\x99\x00\x76\x72\x1a\xd3\xf5\x3f\xb0\x8a\xc2\x29\x82\xed\x9b\x15\xc7\x51\xa9\xe2\x33\x82\xf6\xa6\x9c\x72\xe6\xe2\x44\xe0\xeb\x68\x1e\x6d\xd2\x28\xd3\x77\x4f\xcc\xb3\x7e\xb6\x23\x2f\x82\x5d\x16\x9a\x2a\xc8\xb7\xe1\x8a\x42\xcd\xaa\x4f\x2c\xf0\x58\x90\xbb\x0c\x59\x8c\xf8\xc3\x1f\x82\x9e\xf8\xca\x24\x35\xbd\xcc\xeb\x0e\x61\x93\xad\xa7\x84\x1e\xe6\x92\xf3\x0a\xed\xf8\x8b\x62\x73\x11\xb1\x38\xac\x78\xb3\x91\x3e\x06\xf7\xc3\x21\xca\xfb\x39\xd9\x01\xdf\xe1\x74\x30\xb1\xa2\x0b\xc4\x37\xa5\x55\xa5\x78\xfa\x31\xe4\xb6\x80\x79\x54\x45\x6b\xd4\xb0\x4d\x5d\x88\x79\x87\xbd\xf0\x4e\x0f\x14\xaf\x31\x41\xb2\x4c\x3a\x7b\x9a\xc7\x5a\xa3\x2e\x2f\xcd\x21\x71\xa1\x26\x09\xe1\x5e\x73\x09\x4f\xd0\x92\x21\xb4\xd2\x70\x90\xe7\x32\x19\xb6\x48\xbc\xaa\xbf\x38\x07\xc9\x28\x0b\x6c\x4a\xd7\x50\xa4\x68\xbe\x0e\x1a\xd3\xe6\xe6\x30\x16\xcb\x5c\xec\x3a\xad\xdc\x56\x89\xc2\x95\x5a\x2a\x8d\x5b\x89\x84\xd7\xc4\x43\x76\xfd\xd9\x4d\x3f\x5f\xf1\x29\x8f\x78\x17\x2b\x56\x59\x13\x70\x4e\x90\xe5\xac\x03\x8c\xb1\x72\x0e\x19\xb0\x80\xf8\x1b\x53\xd6\xa4\x5d\x45\x28\x53\x07\x11\xb6\x3d\xfe\x1e\x47\x81\xc2\x4d\x74\xae\xb2\xbd\x8a\x73\xfd\x2a\x99\x3c\x5b\x08\x91\x39\x21\x96\xac\x32\xc5\x23\x69\x99\x60\xd8\xb2\x3e\x01\x66\x4c\xf9\x02\x1d\x93\x92\x80\x50\xca\xf9\x7f\xb9\x85\x55\x45\x80\xe3\x33\x36\xa4\x56\x32\x47\xdf\x59\xef\x6c\xae\x53"},
+{{0x10,0xca,0x41,0x3d,0x70,0xeb,0x3d,0xb6,0xe3,0x37,0xf0,0xf1,0x1a,0xbc,0x07,0x5c,0x95,0x85,0x9e,0x82,0x5f,0x87,0x61,0x76,0x07,0x69,0x52,0xd2,0xf1,0x88,0x80,0x30,},{0x50,0x28,0xba,0x38,0xaf,0xec,0xc2,0x42,0x63,0x5f,0x6e,0x35,0x3d,0x5f,0x4a,0xfd,0x12,0x3f,0x86,0x0a,0x04,0x25,0x22,0x0e,0x96,0x65,0x52,0xa0,0x57,0x88,0x08,0x23,},{0x6a,0xec,0x02,0xdc,0x6b,0xdf,0xcb,0x67,0xf0,0xef,0xc1,0xfd,0x31,0xe2,0x3e,0x69,0xe3,0x71,0xab,0x38,0x02,0x50,0x5b,0x32,0x01,0xa9,0x5d,0xd5,0x25,0x41,0x7e,0xd1,0xa1,0x28,0xdb,0x4e,0x18,0x2c,0xb3,0x7c,0x28,0xf6,0x28,0x06,0x66,0x70,0x99,0xa8,0xad,0x48,0x0b,0x0a,0xc9,0xe9,0x4c,0x2a,0x7d,0x5a,0x0e,0x96,0xe2,0xa7,0x36,0x0d,},"\xea\x7f\xaf\x79\xf6\xff\x5d\x78\xa8\x23\xa7\x54\x34\x71\x34\xf1\xb3\xc3\xe9\x1c\xe5\x18\xfd\xd6\x33\xfe\xb4\xf0\x5d\x12\x5f\x05\xcb\x54\x33\x6e\xf5\x60\xe9\x2d\xeb\x68\x51\x12\xa5\xff\xcd\x3d\xfd\x39\x64\xb2\x75\x8c\xe4\x78\x5f\x6a\x34\xbf\xeb\x39\x78\x4f\x0a\xee\x55\x95\x5a\xeb\xd1\x2d\xdd\xa6\x41\xd0\x57\x69\xf7\x44\x02\xf7\x06\xda\xd2\x01\xc4\x4c\x91\x08\x1c\x7d\x7f\x65\xe7\xaa\x42\x46\xde\x6d\xc3\xed\x64\x96\xd1\x0f\x4a\x41\x20\x60\xd4\x93\xba\xc9\xae\xd5\xbe\x4f\x6d\x74\x22\x9e\x3c\x55\xeb\x68\x76\xe3\xbb\x2e\xd4\x1f\xa4\x50\x4b\x66\x70\xdd\xa8\xc7\x98\xf6\xda\xa2\x80\xd1\xaa\x72\x02\x11\x74\xf6\xc0\x1a\xec\x49\xb3\x21\xd8\x7f\x53\xac\xbc\xad\xcc\x46\x07\xd5\xb1\xe4\x5d\x63\xfc\x48\x1a\x6d\x90\x57\x6c\x87\xc1\x88\x0b\x2e\x8f\xf3\xe5\x90\xa9\x6b\xee\xe1\x80\x47\x68\xc7\x56\xbe\xb8\x6b\xf1\xde\x8a\xdc\x40\x8b\x1b\x8d\x66\x6f\x74\xba\x28\x63\x08\x22\xf9\x2d\x18\xb0\x56\xae\x37\xce\x02\x93\xee\x61\xb9\xe8\x0f\x33\xac\x26\x96\x71\xbd\x62\xa4\x05\x9b\x24\xf7\xc1\xa4\x40\x80\x74\x40\xd5\xd5\x38\xa6\x54\x58\xad\xc8\x15\x87\x24\xb2\x5c\x12\x12\x7a\xa0\x34\x9e\x55\xf6\xe5\x5b\xc9\x20\x78\xfd\x1e\xf2\x74\xc2\xaa\x79\x19\x05\x76\x6b\xe3\x94\xa2\x62\x8f\x7b\xbd\x1a\x32\xda\x5e\x48\x74\x46\xbb\xef\xae\x88\xfa\x6c\xf3\xf7\xb4\x99\xf1\x31\xfa\x19\x31\x3d\x13\xb2\x80\xad\xca\x50\xf7\x78\x02\xd1\x73\x31\xb3\x81\x68\x3b\x5e\x7e\xda\xb9\x94\x73\xed\xd3\x1d\x77\x44\x34\x88\x21\x41\x35\xfd\x6f\x26\x44\x50\x93\xe9\xe2\xaf\xf7\xd7\xe8\x92\x33\x7f\xdc\x87\x79\x06\x5d\x4d\x97\xd6\xd6\x73\x57\x67\x94\x95\x8d\xbf\xa6\xc5\x0b\x1b\x13\xac\x39\x60\x7c\x1e\x66\xef\x96\x29\x76\x10\x71\x15\x5f\xbc\xa6\xf3\x6e\xb0\x2c\xee\xae\x16\x36\x7f\xea\xc0\x74\x76\x90\x8c\x84\x7c\x9a\x53\x3e\xf6\x8c\x94\x31\x1f\xa0\x89\xff\x28\xfb\xd8\x78\x09\xb0\xd3\x87\x6b\x43\x1d\x9a\x18\xb2\x02\xf9\xa4\x04\x9a\x05\x77\xb8\x17\x76\x10\xdd\x02\xe5\xc5\x20\xec\xa9\x55\xe8\x03\xc3\xad\x4f\x50\x97\x6f\x7c\x2e\xa8\xaa\x3e\xe4\x83\x6a\x19\x85\xdf\x0a\x4f\x16\xef\x46\x98\x15\x95\x41\x98\x97\x99\x35\x60\xaf\x82\x65\x1c\x2b\x49\x4e\x68\x0b\x37\x80\x2e\x75\x37\xef\x68\xa5\x75\xc3\x4f\x85\x88\x06\x3e\xe0\x19\x72\x06\xd9\xa3\x2b\xb4\x89\x0e\x7c\x21\x6a\x4d\x33\xfe\xca\x36\xb5\x49\xe5\x32\xfe\xa6\x85\x56\xe7\x54\x0a\x4f\xb1\x69\xd4\x9f\xc5\x53\xb2\xe6\x70\x0a\xe4\x2d\x9a\x51\x6e\x68\x16\x0a\xcf\x6b\x27\x0c\x77\xca\x5e\xc2\x6e\x5a\xd5\xdc\x75\xc2\xc3\x93\xe2\x99"},
+{{0x1f,0x0a,0x10,0xa2,0xcb,0x11,0x19,0x17,0xb9,0xa6,0x7a,0x2a,0x1f,0x38,0xfb,0x86,0xf8,0xed,0x52,0x60,0x7d,0x1d,0x65,0x3a,0x45,0x7d,0x7f,0x47,0x18,0xd9,0xa7,0xde,},{0x70,0xc0,0x75,0xb2,0xe9,0x4c,0x4c,0x02,0xf4,0x5e,0x73,0x04,0x4f,0x24,0x39,0x97,0x41,0xb1,0x61,0xfe,0xb6,0xf6,0x9e,0xab,0x63,0x54,0x17,0x28,0x2a,0x4a,0x93,0x68,},{0xa4,0x24,0x5a,0xa3,0x39,0x5e,0x7b,0xad,0xa2,0xbc,0xdf,0x16,0x03,0x14,0x7c,0xc5,0xf3,0xf0,0xba,0x91,0xf4,0x0f,0xda,0xd8,0xf6,0xd3,0x71,0xc3,0xeb,0xef,0xb4,0xc1,0x50,0x1d,0x07,0x87,0x5b,0x57,0x6f,0x40,0x79,0x78,0x06,0xa4,0x84,0xc7,0xa3,0xf7,0x05,0x69,0xe2,0x32,0xb0,0xc9,0x9d,0x29,0xca,0x23,0xa2,0x33,0xb6,0x8e,0xdb,0x0c,},"\x4f\x6a\x43\x4b\xd5\xfc\x77\xf0\xf1\xb7\x04\x9c\x91\x85\x3c\xcb\xd8\x94\x39\x96\x2a\x60\x78\xa6\x74\xb8\x67\x54\x3b\x6b\x7d\x10\x55\x2e\xc1\x75\x8c\x52\x83\x04\x2b\xd6\xb4\xce\xa8\x8c\x95\x20\xdb\x04\x74\x6f\x08\x9c\xf3\xa2\x60\xfb\x0f\x33\x85\x8e\xfd\x6f\x68\x0d\xe5\xb7\x2d\x98\x76\x32\x4b\xa5\x90\x29\x91\x38\xf8\x5a\x76\xf5\xbe\x0e\x05\xe8\x85\x9c\x02\xb2\x35\x12\x55\x9c\x8b\xea\xfc\x9c\xfe\x90\x1b\x28\x3e\x15\xd1\x6c\x79\x2e\xb0\x3b\x92\x88\x0f\x6f\xf9\x7a\xa3\x8e\xee\xad\x3f\x4f\xd6\xc0\xa9\x21\x43\x23\xaa\x39\xa1\xc1\x65\x15\xe3\x0d\xbd\x08\xb8\x33\xee\x40\xa8\x14\xa2\x88\x09\xc8\x70\xe1\xd0\xa6\x2c\x37\x93\x2d\x54\x08\xfc\x6a\xfc\x63\xe7\x9a\x65\x5c\x5f\xe3\xd4\x02\x6e\xf0\x9e\x02\x99\xfb\xde\x5a\xb3\x4f\xce\xab\x14\x13\x0d\xc4\xbe\x00\x7e\x8e\x64\x44\xd7\xaa\xae\xc6\x2c\x87\x3d\xf7\x7e\x80\x10\x74\x3c\x31\xe8\x75\x7f\x1e\xae\x9e\xdb\x55\x97\xa1\xb5\xd8\x4b\xd7\x7a\xe7\x64\x2e\x1a\xca\x99\x87\x3a\x15\x2f\xfd\xe0\x68\xa8\xe4\xad\x92\x40\xb9\x03\x33\x27\x95\xe4\x0b\xb3\x28\x65\xe5\xce\x03\x43\x07\xa6\xc9\xfe\x33\x9a\x1c\x93\x77\x0d\xf5\xca\x46\x32\x9f\x6b\x09\x41\x97\x85\xcb\xf2\x84\x7b\x0c\x68\x32\x83\x71\x23\x85\x3a\xd9\x52\x65\x32\x65\xc5\xb5\x74\x0d\x19\x4e\x00\xf2\x3f\x9e\x96\x67\x91\xf0\x05\xf8\xbf\x55\xc3\x88\xc2\xbe\x9e\x21\x53\x89\x25\xf8\x55\x5e\x0d\xbd\x83\xbe\x07\x3d\xf7\x65\xaf\x49\x40\xe5\x9a\x37\x90\xb9\x83\x6b\xab\x79\x09\xe5\x67\x6f\xbf\x1c\x21\x26\xfe\x22\x6d\x78\x1a\x44\x33\x0c\xc0\x1d\x32\x83\x0f\xf8\xae\x00\xb9\x79\x2e\x39\x8c\x2c\xbb\x4f\xb8\x3a\x10\x05\xc2\x45\x54\x9a\x89\x06\x3f\xbe\x06\xc6\x2a\x48\xda\xc4\x3c\x51\x01\x24\x99\x94\xe9\x5e\x37\xf2\x4c\x1d\x8b\x3b\xc6\x73\x53\x8c\x46\x05\x5f\x80\x0d\xb1\xc0\xf9\x56\x86\x9b\x6b\x29\x7d\x99\x0f\x44\xf0\x5b\x50\xc7\xad\x6b\x85\x6f\x46\x21\x28\x58\x47\x1d\xd0\xd3\x93\x72\xb0\xdb\x75\x15\x73\xdd\xb6\xb5\xb5\x6b\xa0\x1e\x37\x1c\x78\xfe\x58\xdc\xd1\xbe\x53\x11\x2a\x6a\x73\xda\x9a\x6b\xac\x75\xd3\xc3\x9a\x1a\x70\x5a\x36\xf6\x40\xfc\xfa\xd8\xcd\x04\x07\x75\x94\xd5\x96\x85\xf6\xe3\x0d\xe7\x1d\xfd\x4a\x44\xc4\xe7\xc0\x4d\x6e\xc7\xc2\xe8\xbe\x12\x78\x5b\xb0\x5b\x29\xb3\x91\x51\xd3\x29\xf5\x87\xfd\xc3\x81\xc2\xdf\x0c\xef\x73\xfe\x0e\x3f\xd9\x20\x8d\x7c\xcb\x6e\x08\xd0\x2f\x42\xd1\xfe\xed\x27\x56\x1d\x5e\x32\x3a\xa1\x48\x62\x4e\x55\x2a\xbe\x87\x53\x2d\xe1\x5b\x7f\x42\xc2\x2c\x98\xe4\x05\x25\xb1\x74\x7c\xbd\x75\x8b\xfb\x26\xfd\x3e\xed\x3b"},
+{{0x7f,0x05,0xba,0xac,0xf1,0x67,0x58,0x3c,0xf2,0xfe,0x95,0x62,0xa5,0x06,0x99,0x1e,0xd9,0x87,0xf6,0x8f,0xfb,0x71,0x56,0x7c,0x7c,0xcc,0xe3,0xfc,0xc5,0x9b,0x78,0xb0,},{0x0d,0xec,0x39,0x52,0x85,0x2b,0x96,0xfd,0x75,0x58,0x7e,0x97,0x74,0x3f,0x9e,0x41,0xc0,0x9f,0xbe,0x6b,0xa9,0x81,0xbf,0xce,0xb4,0xeb,0xb8,0x89,0x2d,0x98,0x6a,0x16,},{0x0d,0xee,0xd2,0xdf,0x82,0xac,0xf4,0x52,0x9c,0x40,0x8a,0x02,0x93,0x1f,0x67,0x6b,0xec,0x5c,0xb7,0xad,0xe8,0x4e,0xbd,0xcd,0x57,0x8f,0x70,0xf9,0x71,0x38,0x2c,0xf3,0x11,0xbb,0x83,0x09,0x73,0x00,0x45,0x6a,0x55,0x8b,0xc4,0xc0,0x9d,0x89,0x83,0xff,0x13,0x49,0x3f,0xd6,0x11,0xeb,0x66,0xc0,0x43,0xbf,0x01,0x9b,0xad,0x6f,0x33,0x02,},"\xa2\x7d\x1e\xab\x05\x15\x09\x20\xde\xd1\xb1\xc2\x57\x8a\xf5\x82\xb2\x94\xf7\x83\x7f\xe4\xfb\x1a\x31\x69\xc2\x5e\xfb\x70\x63\x4b\xa6\x6c\x7e\x29\x91\xb3\xe7\x5c\xc5\x12\x48\x26\xa0\x3e\x05\x72\x59\xb5\xcb\x70\x62\x28\x78\x0c\xbc\x82\x75\xc3\x39\xf8\x34\x0e\x40\x2a\x66\x50\x32\xa4\xab\x65\x78\x27\xb1\xc3\x48\x1f\x75\x66\xd3\x69\x73\x5b\x82\xdb\x76\x28\xc0\x22\xb2\x12\x73\x0d\xb1\xe4\x7c\x9b\x2d\x9b\xc4\xd8\x1b\x23\x42\xd8\x9c\x6e\xaf\xc3\xe0\xb6\xde\x50\xd4\x84\xcc\xef\x11\x23\x8c\x8e\x2d\x24\x0d\xd5\x95\xdc\xef\x8b\x2f\xc5\x7b\x54\xff\x9a\x8a\x74\x11\x1f\x61\xf8\xa6\x52\xf2\x0e\xa0\x12\xc1\xad\xe3\xe2\x80\xec\xde\x29\x4c\x0e\x35\x71\x71\x90\x16\x2e\xc6\xa2\x26\x5e\x7e\x6f\x3f\x07\x04\xcf\x8a\xb1\xa0\x3e\x5c\xc9\x53\xe2\x92\x62\x91\xcc\xd4\xb0\x59\x0d\x5c\x20\x56\x8f\x94\xf9\xff\x0f\xe2\xab\x78\xcf\x9a\xe2\xc3\x8b\xcd\x49\x1e\x51\x8f\x23\xe9\xb6\x36\xf8\x80\x61\x5f\xc5\x60\x78\xe5\x12\xd7\x57\x7e\x09\x49\x7c\x11\x83\x45\x3d\x50\x81\xfd\x47\x37\xf2\x80\xec\x5e\x26\x7c\x45\x86\xb7\x8b\x70\xff\xfd\xfd\x73\x0d\x80\x9d\xf5\x60\xf2\xe3\x77\x21\x91\x84\x7b\xbc\x3f\x60\x4f\xb7\xf8\xca\x49\xee\xd3\x18\xb5\xe7\xd1\xf2\xb8\x3a\x10\xda\x0c\x85\x94\xb3\x39\xb6\x87\x1a\x57\x72\xdd\x64\x16\x8e\xcc\x27\xe2\x40\xa4\x5c\x76\x72\x5e\x7d\x55\xbe\xf3\x7e\x13\x5e\x3d\x9e\x0e\x34\xe3\x6c\x16\xe3\x4d\x77\x45\x9a\x55\x2f\x40\x74\xd0\x67\xa3\x1a\x3e\xd2\xa4\x8c\xde\xa4\x89\x5b\x10\xbd\xf1\x65\x6f\x4b\x7a\x41\x3c\x6a\x08\x8c\x64\x9f\xc9\xd7\xbc\x56\xab\xf6\x44\x35\x49\x12\x14\x19\x2a\x66\x70\xcb\x8b\x9c\x91\x7f\x8e\x1b\xc7\xb2\xcf\xce\x78\xd2\x8f\xbc\x3a\xfc\x2a\x50\xe9\x82\x13\xe7\xe0\x26\x37\x8e\x4e\xa7\x11\xd1\x51\xad\xaa\xa7\x19\xbe\xb8\x97\x46\x56\xc1\x0e\xbc\x7d\xe4\x6b\x19\xec\x82\x95\x1e\xf4\x6a\x8c\x68\xe7\xf4\x36\xe1\xb3\xeb\xed\xb2\xd0\x9b\x05\x75\xc9\x91\x4e\xad\x27\x96\xb5\x3e\x00\x61\xe2\x12\x99\x4a\xc5\x02\x6a\xea\x81\xec\x37\xc8\x13\x78\xf4\xcc\xfc\x46\x77\x00\x08\x79\x68\x59\x7d\xa3\x8f\xed\x52\xfa\x48\x09\x3a\xe4\xba\x10\x66\xc3\x1e\x3c\x7d\x85\x08\x09\x5b\xb4\x5c\x28\x01\x20\xf4\xaa\x69\xa2\x4f\x3e\xfe\xf1\xf7\x67\x98\x5a\xa1\xa3\x0e\x14\x08\x56\xf7\x6d\x15\x20\x73\x28\x78\x48\x7b\xe5\x3f\x71\x2d\xbd\x7d\x77\x9e\x31\x51\x01\x58\x8f\xd7\xdb\xdb\x13\x2f\x92\xc2\x75\x75\xac\x14\x86\xf1\x76\xc7\x90\x66\x1b\x01\x48\x39\x4e\x92\xff\xa3\xae\x6f\x8a\xfb\x2f\xaa\x2b\x7f\x4f\xbd\x0a\xd9\x1e\x75\x9a\x70\x2b\x3c\x70\x2b\x4d"},
+{{0xd0,0x0c,0x21,0x64,0x26,0x71,0x0d,0x19,0x4a,0x3d,0x11,0xcf,0xc9,0x0a,0x17,0xa8,0x62,0x12,0xe7,0xa0,0xe5,0x4b,0xaa,0x49,0xb0,0x16,0x9e,0x57,0xff,0xf8,0x3d,0x61,},{0xcf,0xe6,0xae,0x89,0x03,0xc6,0xc7,0x01,0xaa,0x30,0x46,0x95,0xc6,0x51,0xbf,0xd8,0x50,0x33,0x1f,0x9a,0xd4,0x81,0x63,0x3a,0xe3,0x70,0xc8,0x6d,0x7b,0xd1,0x3f,0xb9,},{0x15,0xc4,0x5c,0x19,0x42,0x97,0xe8,0x87,0x02,0x9f,0x49,0xd8,0xbd,0xf9,0xd6,0x10,0xdd,0x8c,0x34,0x79,0x9e,0x1e,0x92,0x30,0x26,0x9e,0x7a,0x58,0x92,0x89,0x38,0xcf,0x39,0x6a,0x02,0xcd,0x42,0x20,0x54,0x90,0x39,0x1e,0x1c,0x64,0x35,0x3f,0xb0,0x6b,0x9f,0x8e,0x9b,0x81,0x8a,0x9a,0x36,0x1c,0x20,0x4a,0x38,0x69,0x95,0xbf,0x3b,0x03,},"\x82\xf9\x78\x41\xb3\xba\x22\xdd\x9a\x44\x50\x83\x7e\xa7\xbf\x8d\x27\xa9\x73\x14\x70\xca\xbb\x0c\x20\x78\x03\x4b\xf2\x4e\x4c\x1a\x62\x90\xc0\x3f\x40\x02\xb8\x6f\xa0\x9f\x07\xb5\x20\x9f\x1f\x53\xd0\xec\xf4\xd9\xe9\x22\x3b\xec\x12\x5a\x95\x45\x51\xfe\x8b\xff\x71\x8f\x5e\x26\x48\x68\xe2\x07\xf7\x01\x19\x4e\x41\xde\x39\x97\x1f\xd3\x85\xf4\x9a\x4b\x4a\xdd\xa9\x11\xeb\xa5\x52\x59\xfc\x68\x36\x65\x32\x73\xf6\x56\xf4\xaf\x60\xb2\x06\x64\x95\x6d\x4f\x21\x35\xd9\x0d\x09\xe9\x03\x7d\x53\x66\xa0\x25\x34\x44\xe0\x22\xc7\x21\x2a\xf5\xfd\x4f\xcc\xd7\x42\x37\xd2\x88\x53\x38\xe2\xfd\x72\x15\x22\xde\x67\x63\xc2\x54\x90\x28\xc6\x23\xb9\xcf\x38\x7d\x23\x4a\xb5\xe7\xfc\xbe\x5a\x47\xc6\x85\xb7\x9e\x75\xa5\x7b\x09\x57\x40\x82\xa0\x22\x21\xdf\x64\xa2\xe8\x41\x61\x80\x87\xe7\x22\xa2\x1b\xac\x1b\xa4\xf0\xd7\xd8\x7b\xdc\x51\x0a\xaa\x8f\xbd\x10\x75\x7f\x6c\x02\x9c\xa8\x20\x37\x1f\xc7\x4c\x3b\xc5\x0b\xd8\x98\xc5\x5d\x81\x67\xf7\x3a\xda\x37\x7a\xec\xc9\x16\x29\xd6\x4c\x36\x0c\x2c\x24\x1c\x5c\xb4\x2e\x3a\x51\x8c\x5d\xab\xf0\xf4\x18\xb2\xa7\xf3\xd8\x2e\xef\xd9\x20\x26\xd3\x1e\x8b\x81\x60\x35\x8e\xae\x82\x1f\x73\x0e\xca\xfe\x7a\xce\x64\x7b\xff\x87\x41\xde\x2f\x6a\x13\x1d\x11\xc9\x69\xe9\x78\x7c\xfe\x6a\x2f\xab\x37\xbf\x8d\x1c\x7f\x4a\x2f\x36\x4d\x2f\x1a\x76\xef\x04\x6c\x18\x43\xe6\x3e\xc0\x0c\xf7\x92\x0f\xfa\xae\x56\x1e\x73\x70\xb7\x19\xfc\x16\xfc\xeb\xca\x3c\xfd\xfa\xba\x43\xf4\xf0\x90\xc4\x6f\x47\x73\x03\xa6\x60\xee\x88\xdd\x4e\x89\xbf\x14\xb9\xf8\x04\xb6\xfd\x49\x5c\xb1\x41\x27\x53\x47\x4a\x05\x6a\x0d\x89\x31\xcd\x9c\xcb\xd6\x4f\x8f\xcc\x7a\x31\x23\x46\x7c\x5d\x47\xf6\x90\x67\x9e\x88\x71\x28\x80\x93\x73\x4f\xd6\xa1\x32\x60\x38\x65\x81\x56\x41\x36\x96\x59\x4c\x13\x4d\x73\x88\x7f\x34\xee\x67\x60\x9a\xe8\xff\xb3\x26\x6c\x16\xd8\x7f\x15\x34\x5a\x47\x6f\x72\x95\x0c\x15\x87\x96\xa8\x8b\xbb\x44\x4f\x1a\xa8\x09\xca\xd8\x75\xb8\x5f\xb9\x15\x1a\x0e\x2e\xef\x2e\x00\xe8\x0d\x6b\x7a\x9b\xa4\x06\xc0\x51\x9e\xff\xdd\x94\x12\x62\x32\xfd\xf6\xf1\xe7\xb9\xbb\xc0\x36\x2a\xa7\x75\x16\xfd\xf9\x39\xe7\x90\x6a\xab\x01\x30\x71\x28\xcf\x82\x4c\x10\x2c\x09\xb9\x29\xc9\xb2\xd7\xaf\x8f\x85\xb7\xd7\xf9\xa8\x38\xb2\xae\xd0\xc6\x97\xe8\xbd\xfe\xe6\x6e\xe0\x16\xbb\x1b\xf3\x5e\xff\x6b\x2f\x7e\xf4\xb9\x1b\x1f\xc0\x4f\xac\x9f\x11\x6e\x2e\xdf\xf4\x0f\x95\xc1\x5b\x77\xc3\x1e\xe5\x22\xf3\x93\x7c\x7f\xa0\x04\x7d\x62\x25\xe0\xc8\xe5\x5e\x27\x8c\x81\x03\x91\x1f\xea\xb2\xb7\xf4"},
+{{0xdd,0x12,0x39,0x72,0xe6,0x28,0x58,0x4a,0xcc,0x46,0x29,0x3b,0x8e,0x4c,0xe2,0xb2,0xdd,0x46,0x9c,0xc4,0xed,0xe1,0x4e,0xf3,0x95,0x21,0xcf,0x08,0x37,0x35,0x85,0xb3,},{0x35,0x22,0xf7,0xae,0x59,0x6e,0xed,0xb2,0x17,0x03,0x5d,0x95,0x39,0x5e,0x44,0x8d,0xbd,0x6f,0xfb,0xf4,0x25,0x85,0xea,0xeb,0x30,0x70,0x26,0x54,0x1c,0x78,0xa6,0x51,},{0x89,0x65,0xa8,0x89,0xd5,0x4c,0xd8,0x07,0x6d,0x35,0xbc,0x2e,0x12,0xb0,0x09,0xd5,0x6b,0x07,0x04,0xc8,0x94,0xf9,0x12,0xa0,0xd1,0xd3,0x07,0x20,0xc2,0x32,0xfe,0x44,0x04,0xbf,0x30,0x09,0x54,0x1e,0x8f,0x32,0x83,0xe8,0x9e,0xa8,0x6f,0x67,0x8a,0xfb,0xdf,0x1c,0x21,0xc9,0x24,0xb2,0x3a,0x52,0xb4,0xca,0x6d,0x63,0xf4,0x8f,0xc2,0x03,},"\x2b\x28\x57\xf4\x52\x80\x17\x3e\x2e\x0e\xf9\xd5\x94\xe6\x08\x3f\x1d\xc7\xa6\x54\x92\x97\x5b\x83\x7d\xef\x6c\xad\xd8\xc8\x54\x50\x31\xee\x9d\x68\x36\x9a\x93\x93\xcc\x7b\x79\x2f\xeb\x98\x04\x0b\x21\xf1\xeb\x84\x66\x5f\x87\x85\x37\xce\x41\x2e\x9d\xb6\x80\xd2\x9f\xbd\x8f\xfc\x77\x31\xea\xe9\x1a\x20\xb4\x75\x48\x99\x62\x04\xfb\x06\xad\x74\x0e\x78\xf0\xfc\x59\x0b\x67\x91\xdc\x7a\x0f\x26\x59\x28\x6c\xc1\x6d\x02\xc5\x11\x7b\x56\x58\x36\xb4\xb8\x73\x8c\xf4\x0e\x28\x5c\x69\xc5\x0e\x41\x29\x11\x29\x23\x67\x35\x2d\xfd\xae\xd9\x98\x2d\x0f\x89\x9a\x23\xc0\xab\x51\x81\x2b\x3e\xc6\x78\xf6\x88\x2e\xa4\x27\xcd\xc9\x3a\xb4\xb2\x48\x24\x37\x70\x54\xaa\x25\xd8\x22\x46\x65\x33\x40\x07\x8c\xf1\x1d\x14\xa5\x1f\x0e\x68\x6d\x7e\x01\x8b\x36\x74\x16\x68\xfc\xe7\x45\x8d\x16\x92\x93\x36\x1d\xd1\x6b\x3d\xeb\xbe\xd1\x9e\x1b\xef\x7c\x36\x93\x4e\x20\xf3\x3a\x09\xad\x3e\x82\xb5\x3a\xb4\xe9\x4c\x25\x5d\x04\x18\x98\xb9\x77\x37\xdf\x99\x58\x4a\xf1\x4e\x40\x40\x58\xd0\xc9\x3b\xca\xe7\xbb\xbc\x06\x39\x5a\x2a\xef\xbd\xef\xa7\xb2\xed\x17\xce\xbd\x15\x13\xfa\x39\x0f\xe9\xa9\xb0\xce\x68\xce\xcc\x2b\x9e\x12\x9b\x7a\x29\xf4\x9b\x6d\x18\xc2\x8b\xac\xd3\xaf\x39\xdc\x39\xca\x97\x2f\x0e\x0d\x06\x85\x5d\x57\xc2\xb5\xfc\xac\x2f\x79\xcb\x8c\x05\x79\x9e\x4f\x65\x73\x46\x68\xda\xd6\xaa\x7a\x43\xa1\x18\x56\xe2\x3b\x1e\x73\x2d\x00\xe5\xfe\x38\x85\xb7\xda\xd4\x2e\xc1\x8a\xc8\xe0\x96\xa0\x80\xf7\xd5\x50\x70\xfd\xcf\xf6\x07\xbc\x0b\x85\x2d\x8a\x08\x0d\x2a\x74\x05\xd5\x94\x14\x69\x5f\x2e\xb7\xfb\x0a\xca\x23\xc8\x63\x57\x42\xf8\xae\x57\xf1\x37\x80\x31\x6e\x28\x08\x72\x37\x4e\x69\x29\x59\x8d\x02\x8a\x33\xc0\x5d\x83\x1c\xda\xbd\x02\x94\x93\xc3\xcc\x85\x9f\xff\x1a\x67\xd5\x62\x16\xf0\x2a\x22\x95\x66\x53\x65\x88\x7a\x35\x0a\x80\xaf\xaa\x0c\x36\x7a\x74\xd3\x70\x1a\xe8\x8f\x59\xd8\xa9\xd3\xa1\xdc\xe0\xcf\xd2\xea\xbe\x2a\xf5\x06\x5a\x1c\x7f\xca\x4a\xad\xcf\x8e\x51\xe7\x56\x12\xa1\x37\x1b\x4d\xc8\xff\xc0\xc0\xb9\xc4\xfa\xdb\x2f\x08\x1e\x2e\x03\x2d\x96\x81\x8e\x55\x73\x7a\xdd\xe3\xe1\xac\x12\x1f\x56\xcc\x86\xfb\x58\xa0\xa5\x82\x69\x2f\x62\xce\x58\xac\xce\x17\xaa\xfe\xc7\xbc\xb7\xe4\x4f\x83\x92\x58\xcd\x4a\x85\x1f\xc0\x13\x44\xee\x9f\x1b\xd0\x3e\xb9\x43\x44\xf4\x77\x86\x93\xc1\x71\xdd\x28\x92\xb2\x42\x6a\x88\x29\xab\x0c\xfe\x33\xa7\xd4\xa3\x6e\xb4\x01\x7f\x7f\xcf\xd2\x41\x34\xab\x8a\x45\xf2\x37\x17\xcd\x13\x8a\xa6\x00\x01\x72\xe3\x7b\x40\x64\xdc\x9b\x6d\x1e\x1e\xf3\xaf\x84\x97\x1d"},
+{{0x33,0x35,0xea,0x92,0x81,0x17,0xcf,0xee,0xfb,0xee,0xae,0x14,0x60,0x03,0x88,0x1b,0xdc,0x88,0x89,0xd6,0x58,0x0e,0xed,0x13,0x52,0x37,0x08,0x20,0xad,0x1f,0x58,0x4f,},{0xcb,0x20,0xd4,0xfd,0x75,0x61,0x84,0x80,0x13,0x11,0x1c,0x3e,0x97,0x61,0x7f,0x34,0x18,0x1d,0x2e,0x7f,0xbc,0xf1,0xbb,0x2a,0x2c,0xd2,0xe8,0xc1,0x77,0x5b,0x8b,0x03,},{0xf7,0xc3,0x9f,0x92,0x47,0xd2,0x2f,0x01,0x89,0x99,0x24,0x7f,0x0e,0x00,0x05,0xcd,0x63,0x07,0x6c,0xcf,0x2f,0xee,0x41,0x63,0x42,0x1f,0x86,0x40,0x7a,0x41,0x69,0x8c,0x40,0x58,0x16,0x64,0x73,0x51,0xc0,0x4e,0x93,0xb5,0x44,0x15,0xb6,0x2f,0xc0,0x3f,0xc8,0xc2,0x5e,0x20,0xf7,0x54,0x1d,0xab,0x03,0x19,0x7d,0xc9,0x00,0xb2,0x9c,0x0c,},"\x0f\xa7\xf6\xa6\xfc\xa9\x81\x42\x9b\x57\x2a\x67\x04\x87\x1b\xed\x14\x0d\xab\x93\xee\x19\x92\x00\x6e\x9a\x3b\xb2\xe6\xcc\x9a\x09\xd4\xc9\xcf\x17\x06\x6b\x32\xff\x7e\xf5\xb6\xb2\xe7\x91\x11\x78\xed\x74\x62\xc4\xc1\x75\x60\x31\x71\xca\x61\x36\x68\xb3\xbe\x19\x3d\x94\xc3\x52\x1e\x58\x89\x13\xb5\x94\x8b\x55\x0b\xe9\x9d\x82\xd9\x66\x19\x7d\x71\x0a\xcf\xd9\x59\x14\xcf\x3e\x19\x75\x36\xe8\x3e\x68\x23\x0d\xc3\xd6\x7e\x67\xdc\xdb\xde\xe0\x4f\x0d\x9c\x48\x02\x37\xec\xd2\x8f\x74\x33\x8d\xb5\xf3\xf6\x97\xd3\xd0\x7f\xf3\x36\x13\xbb\xce\x54\x2a\xcc\x9a\x7f\xed\x5d\x12\x49\x0b\x9b\xfe\x1d\x10\x95\x40\xf8\x63\x80\x0d\xd3\x56\xda\x84\x1a\x45\xa3\xcd\x8a\x08\xa9\x45\xbf\xa3\xaa\x98\xe1\x71\x23\x12\xc4\xc0\xf0\xd9\xdd\x64\xf6\xef\xcf\x73\x6b\xd9\x7d\xea\xfc\xa9\xdc\xaa\x3f\x06\xd8\x7f\x2e\xd7\x2a\xeb\x6a\x94\xf3\x28\x00\x00\xc4\xbf\x72\x8a\x01\xc1\x86\x2d\xaf\xd9\xfc\x5c\x7d\x5a\x46\xec\x7d\x3a\x87\xaf\x59\xa1\x1d\x87\xf7\xff\x84\x40\x7d\x37\x01\x0e\x1d\x94\x6c\xf2\x25\xd6\xb3\xb1\xed\xee\x2e\x8b\xbf\x1e\x07\x9e\x47\xfb\x1f\x66\x66\x93\x94\xfb\xf2\xfa\x68\xfc\x56\xfc\x89\x82\x0a\x68\x09\xc2\x51\xdd\x62\xf5\xb8\x65\xc5\x47\xb1\x4f\xbd\x3a\x19\x50\x42\x44\xff\xbc\x7e\x52\x40\xf8\x8d\x43\x60\xf9\xca\xca\xaf\x5f\x82\x43\x3d\x33\x44\xfc\xae\xe0\xac\xde\xb7\xbe\xb9\xc0\xb3\xc7\x69\xea\xc9\x20\xef\x4f\x09\xab\xc2\xa2\x09\x55\x12\x04\x59\x43\xec\xcc\x53\xb1\xc0\x3e\xd2\x4e\x56\x7f\x3d\x7a\x71\x97\x7c\xab\x98\x40\xce\x89\x8e\xe5\x8e\xd5\xc7\x3f\x6a\xde\xa8\x23\x39\x4c\x5c\x8e\x36\x58\xa6\xbf\x5a\xcb\xbf\x00\x55\x99\x2c\x31\x2c\x26\xc7\x9c\x5c\xfb\xea\x38\x60\xb8\x76\x4a\x6d\x8f\xfe\x44\x91\xf8\xa5\xb8\xa2\x15\xe0\x11\x7a\x9a\x68\x16\x4a\xee\x25\xf8\xc0\xbb\x38\x11\x95\xb2\x40\x0b\xcb\x46\x44\xeb\xce\x1c\xde\x5a\x9a\x26\x58\x2c\xab\x9d\xc7\xf4\x3c\x33\xea\xe3\x50\xdb\x65\xaa\x7d\xd2\x2a\x07\x9b\xdd\xdc\xf5\x6d\x84\x8d\xeb\x0c\xfa\x50\xb3\xbd\x73\x2d\x9d\xa9\xe8\xd8\xab\x79\xe9\x34\x69\xde\x58\x02\xb6\xdf\xf5\xac\x2a\xa8\x48\x2b\xb0\xb0\x36\xd8\xf9\xd5\x95\xb8\xea\xd9\x4b\xb8\xd7\x41\x8e\x2e\xa4\x31\x92\xef\xcb\xfc\x05\xc4\x67\xbd\xe0\xa8\x68\xa5\x16\xa7\xc1\x4a\x88\x9b\x72\xc5\xb7\x3e\x7d\x85\xc2\xba\xe9\x02\xe4\xe6\x8d\x1f\x3c\xea\xb2\xb2\x77\x3a\xf5\xbb\xae\xe6\xa0\x0d\x08\x06\x3e\x78\x33\xcd\x4e\x29\x53\x47\xe5\x8f\x5d\x1b\x33\x97\xf6\x40\xc1\x59\xcc\x60\xa6\x74\xa2\x27\xb4\xcd\x8c\x10\xf1\xdb\xae\xd5\x16\xcc\xac\xdd\x29\x5f\x11\xb0\x81\x47"},
+{{0x32,0xa1,0x88,0x3e,0xff,0x57,0xa3,0xa7,0xec,0xdb,0x31,0x02,0x21,0xee,0x83,0xc4,0xde,0x92,0xb7,0x22,0x15,0x96,0x13,0xec,0xf8,0x16,0xe3,0x82,0x43,0x7b,0x60,0xb9,},{0x82,0xdd,0x1a,0x03,0xe5,0x85,0x20,0x62,0xba,0x4a,0x8b,0x6b,0x3b,0x93,0xc5,0xe9,0xc4,0x3f,0xf6,0x99,0x5b,0xd2,0xaa,0xc7,0x26,0x06,0xfa,0xc8,0x58,0x02,0xc6,0x82,},{0x83,0x09,0xcb,0xe7,0x2f,0x80,0x4b,0xd9,0x52,0x1d,0xef,0x5d,0xad,0x4d,0x8b,0xc1,0x38,0x86,0xb1,0xd4,0xf6,0x62,0xc9,0xbb,0x5b,0x97,0xba,0x47,0x90,0xf4,0x4b,0x80,0x1f,0x31,0x95,0xea,0xd0,0xd4,0xdd,0xb6,0x60,0x81,0x8e,0xcb,0xf9,0xa6,0x83,0xca,0xcf,0x85,0xf1,0xdc,0xc9,0xe8,0x2c,0x09,0x11,0x6d,0x73,0x36,0x58,0x09,0x1a,0x00,},"\xed\x2b\x12\x3b\x5d\xd7\xf5\xe7\x18\xe0\x26\xc7\x9c\xfa\x61\x11\x92\x49\x02\xd1\x89\xa4\x06\xef\x2b\x2e\x56\xa9\xee\x55\x73\xa7\x6d\xdd\x1d\x06\x29\xeb\xcd\xec\xf2\xaa\xa7\x4e\x84\xfc\xd0\x20\x8f\x14\xee\xa2\xe1\x71\xe7\xc8\x60\x8b\x81\x8f\xef\xf4\xdb\xea\x52\xdb\x35\x42\x27\xd0\x23\x25\x0b\x1f\x01\xcb\x4c\xc8\xc5\x21\x32\xa9\x8d\x4a\xcf\x55\xa5\x4f\xee\x81\xe0\x94\xae\xd6\x6f\xa0\xd6\xb6\xa2\x00\xb6\xb8\x74\x14\x40\x22\x78\x53\x8b\x90\x52\x9a\x8c\x60\x3d\x92\x7e\xdd\xda\x97\xbc\x4b\x8c\xb9\x5d\x04\xb5\x33\x7f\xa2\x2c\xea\xfc\x8b\x34\x0c\x46\xfe\xf6\x71\x98\xd1\xfd\x98\xd8\x9c\x65\xcd\x08\x9e\x23\xf5\x3d\xbd\xca\x96\x77\x98\xb5\xcd\x92\x32\x05\xad\x51\x1e\xdf\x70\x6f\x12\x25\xf4\x64\x8c\x98\x5e\x00\x9e\xf8\xa2\xf6\xa0\x11\x7c\xdb\xe1\x4e\x75\x31\x2d\x8a\xc1\xf0\x3d\x04\x6b\x37\xcd\xee\x7d\x69\xc0\xf2\x5c\xcf\x18\x14\x5a\x68\x8a\x8b\x3c\xa8\x87\x5f\xe8\xd9\x0b\xaf\x86\xd4\x39\x69\xe4\xd6\x10\x21\x4f\x1a\xc5\xdb\xba\x87\xa1\xef\x10\x37\x7e\x40\xd7\x80\x6f\xd9\xd2\x34\x57\xfc\x9d\xf2\x98\x99\x23\x9f\xd1\xd2\x78\x84\x96\x81\xa9\x43\xad\x9c\x91\xfd\x1b\xbd\x92\xb7\x3c\xb1\x77\xa8\x78\xf9\x05\x9e\xe0\x7a\xf7\xa8\x73\x16\x13\xe3\x3d\x59\xdf\x3d\x97\x79\x60\x79\xd5\x63\x1e\xd8\x5e\xb2\x24\x51\x06\xa5\xff\x6a\x2b\xca\x40\xdf\x5c\x6e\x87\x47\x3b\x2c\x08\xc2\x21\x2f\x56\xfc\x29\x33\xa9\x69\xa3\xc9\x58\xd3\x7c\x53\x43\xba\x27\x60\xc8\x13\xa7\xa5\x16\x5d\x23\x1c\x5f\xea\xae\x62\xb7\x55\xdf\x49\xfe\xca\x80\x04\x1a\x65\x35\xf7\xe0\x3b\xc4\x8e\x5f\x27\xf9\xbe\x26\xef\x53\x67\x3e\xb7\xc3\x7a\x2b\x64\x74\x4a\x6c\xf1\x7e\x88\x77\x34\xae\x01\x0b\xf4\x0e\xea\x03\xcd\xa2\x12\xf5\x12\xfb\xa0\x58\x59\x47\x17\x96\x40\xbc\xc4\x54\x4b\x8d\xeb\x4e\xad\x12\x9b\xc3\x32\x28\x00\xad\xf9\x88\x18\xf9\x95\x74\xbe\xfd\x9b\x00\x16\xd4\xee\xc8\x1a\x8e\x78\xdc\x3a\x2a\xf1\x3c\xab\x01\x64\x9a\xe2\xe3\x3d\x51\x6b\x9d\x42\x08\xad\x66\x13\xd8\xe2\x78\xc3\x93\xba\xa8\x82\x34\x0e\xf4\x61\xff\x4f\x94\x42\x3d\x55\xcf\x3c\xed\xd2\xa6\xb5\x6e\x88\x36\x55\x31\xdd\x29\xd6\x82\x73\xad\xbf\xe3\x69\x40\x2e\x6a\x7c\xee\x05\x3d\xa1\xf1\x00\x54\x00\x91\xa0\x09\x29\x25\x29\x83\x44\x90\x24\xb1\xc3\x39\x11\x10\x65\x00\x82\xf0\xe7\xdf\xdd\xb8\xed\xc2\x04\x2f\x3c\x17\x13\xc6\x94\x4b\xa5\x14\xee\x74\x07\xd3\x2b\xf0\x6c\x85\x8e\xfe\xc4\x2a\x78\xbe\xe9\x77\x46\xe5\xb4\x87\x91\x41\xa1\x3d\x9f\xc5\xcb\x12\x3b\x78\x32\x73\xb8\x4d\x57\xad\x35\x26\xb7\xda\x3c\x68\xb8\x39\xef\xd2\x3f\x5f"},
+{{0x22,0xec,0xef,0x6d,0xab,0xe5,0x8c,0x06,0x69,0xb8,0x04,0x66,0x49,0x73,0xe4,0x57,0xc0,0x5e,0x47,0x77,0xf7,0x81,0xc5,0x25,0x22,0xaf,0x76,0xb9,0x54,0x81,0xa9,0x14,},{0xd4,0x78,0x40,0x10,0xef,0x04,0x03,0xed,0xdc,0x5a,0x62,0xd5,0xd4,0x5b,0xb2,0x43,0xb8,0x0b,0x4b,0x9d,0x69,0xc3,0x9c,0xa3,0x87,0xc6,0xf5,0xcb,0xa0,0x28,0x64,0x0f,},{0x5d,0x0d,0x2a,0xf6,0x78,0xb3,0xd1,0xb6,0x77,0x51,0x6d,0x08,0xa7,0x9a,0xaf,0xd3,0x6e,0xc6,0x7c,0x14,0xca,0xf5,0xbc,0xda,0xae,0xaa,0xcc,0x51,0xa1,0x4f,0xb8,0x05,0xcf,0x29,0x04,0xe8,0x72,0x1d,0xb2,0x71,0xb2,0x0d,0xf7,0x09,0xbe,0xe1,0xa4,0xfb,0xfe,0x62,0x56,0x50,0x73,0xb2,0xa7,0xe9,0x42,0x72,0x44,0x61,0xf9,0x27,0x93,0x0d,},"\xc5\x35\xc1\x3d\x77\x9f\xc0\x98\x59\x73\xd6\xbc\xd5\x52\xd8\x17\x34\xe9\x2b\xdf\x10\x99\x4b\x00\xcd\x4d\x53\xce\x36\x5f\xad\x8c\x7c\xfa\x96\x20\x6a\xdb\x62\xd4\x56\x7b\xe5\xe4\x66\x31\x32\x38\x53\xe3\x8c\xe4\xbd\xc1\x6d\x7b\x8f\x63\x2a\x3a\xd9\xe0\x26\x19\xef\xf3\x71\x74\xea\xc3\xf0\xbf\x2f\x7a\x75\x17\xd4\xb8\x2d\xe6\xaa\x1a\xf0\x06\x38\x19\xd5\xe1\xf9\x27\x8f\xb4\xf2\x4c\x8c\xc0\x02\xaf\xb1\x5f\x33\x4c\x04\xfa\xdb\x00\x30\x30\x13\xc0\x16\x67\xf4\x93\x2a\x6c\x4b\x97\xd3\x9c\xd4\xa4\x59\x85\x06\xc0\xbd\x74\x0e\xa9\xf1\x16\x96\x35\x7d\x7d\x17\xfe\x4d\x75\xf9\xd7\x42\x41\xa7\xaf\x71\xf9\xd8\x69\xef\x6c\xd6\x95\x68\x7c\x03\xfc\x34\xad\x65\xa6\x8a\x48\x88\xa1\xa7\x41\x26\xcb\x55\xcf\x7d\xa9\xcb\x4a\x67\x17\xf6\xeb\x88\x48\x40\x89\xd2\xc5\x18\x9a\xe3\x81\xf2\x5e\x7b\x3b\xc3\xb2\x3d\x0c\x9d\x9f\x9c\xdb\xbe\xec\xfd\x1e\x72\xa0\x5e\x67\xbb\x48\x3a\x97\x64\xd9\xfc\x75\xad\x69\xe4\xab\x12\x70\xfb\x40\xf3\x95\x8f\xea\x4d\xa5\x59\xb4\x39\x80\xb2\x46\x81\x31\x3e\x85\x91\xe6\x85\x46\xa3\xbf\x76\xee\x34\xb3\x39\x70\x92\x95\xa8\xd4\x6f\xb2\x43\x2d\xda\x2f\x22\x18\x12\xdf\x69\x28\x95\xe6\x7c\xb2\x9c\xbf\x6f\xf4\x50\x2b\x43\x9a\x4e\x9e\x43\x63\x9e\xc0\x67\xbc\x90\xae\x81\x4a\x29\x3a\x7b\xd4\x69\x68\xe6\x56\x78\x76\x42\x30\x0a\x0f\xf2\x69\x7e\x33\x13\xf6\xa4\x18\xd3\xd1\x2a\x5f\x7c\x51\xa4\xc5\x7b\x63\x38\x5f\x2d\x2a\x21\xd5\xd1\xd7\x63\xfc\x8d\x1b\x93\xc1\x34\x35\xf9\xe4\x7e\xe7\xa4\x25\x98\x0a\x6a\xe6\xf1\xa9\xd0\x07\x60\x74\x76\x78\x3c\x6d\x0c\x78\x87\x38\x0f\x86\x8c\x65\xb3\x82\xd4\xcc\x8c\x04\x47\x8b\xbd\x79\xa1\xd9\xa9\x64\xb7\x81\x71\xd6\xbc\xf0\xb8\xee\xc5\x0a\x06\xa4\xea\x23\x4d\x1c\x23\x46\x5d\x3e\x75\xb8\x8b\xc5\x40\xda\xde\x74\xed\x42\x67\x5b\x07\xf7\xcf\x07\x82\x11\xe9\x07\xf8\x6d\x0d\xc4\xb9\x78\x62\x3d\x9f\x08\x73\x8a\xf9\x28\x69\x5e\x54\x2e\xc2\x98\x0e\x55\xa1\xde\x49\xe2\x52\x47\xfa\x0a\x09\x67\x81\x18\xe3\x93\x0b\xc4\xd2\x4b\x32\x14\xd6\xdc\xfb\x6e\xbd\xf4\x90\x6c\x92\x8d\xeb\x37\xbb\x9b\xa2\x9c\x8d\xe1\xbb\x94\x18\xdb\x71\x8b\x28\x53\xba\x57\xad\x8c\xae\x46\x77\xad\xdf\xd1\x8b\x6c\x7e\x8c\x24\x26\x21\xb3\x5c\x7f\x0e\xfe\x8d\xd5\xeb\x26\xff\x75\xfd\x57\x48\xb1\xd7\x83\xf6\xd6\x8a\x7d\x9d\x56\xda\x2c\x1a\x97\x8a\xc2\x5f\x84\xfb\xb2\xbe\x55\x68\xd9\x1e\x70\x93\x82\x21\xc1\x02\xae\xe6\x04\x09\xbc\xbe\xc0\xc8\x2e\x12\xdd\xb4\x25\xee\xb6\xec\xd1\x15\x51\xec\xd1\xd3\x3d\xda\xe8\x71\xae\x0c\x8f\x24\xd0\xd1\x80\x18\x73\x2b\x5e\x0e"},
+{{0x8d,0xe8,0x63,0x30,0xb2,0x56,0x09,0x5e,0x11,0x14,0xb6,0x52,0x9b,0xed,0xce,0x18,0x2c,0x16,0x6f,0x67,0xa9,0x15,0x39,0xce,0xbc,0x4b,0xec,0x25,0xad,0xd7,0xa4,0xa9,},{0x33,0xcb,0x05,0x4b,0x55,0xbb,0x79,0x0a,0xc0,0xf3,0xaf,0xdd,0x9a,0x6e,0x7c,0x05,0x0e,0xfe,0x90,0x06,0xc2,0x4f,0x60,0xb8,0x04,0x4f,0xd0,0x8a,0x5c,0x10,0x6c,0x11,},{0x6d,0x01,0xd2,0x37,0xdd,0x2b,0xb4,0x18,0x8d,0x29,0xbf,0xde,0xc3,0x87,0x97,0x6a,0x71,0xbe,0x7a,0xdf,0xbf,0x9e,0x23,0x63,0x9b,0x21,0x6d,0x0a,0xa0,0xc1,0x19,0x32,0x23,0x5e,0xdc,0xcb,0x3b,0x42,0xad,0xcd,0xb6,0x29,0x1a,0x0d,0x29,0x9a,0xed,0x64,0x8d,0xe8,0xb1,0x95,0x79,0x49,0xb9,0xd1,0xcf,0x2e,0x50,0x49,0x30,0x30,0xa4,0x0f,},"\x39\xe6\x1e\x0e\xcc\xec\x92\x9c\x87\xb8\xb2\x2d\x4f\xd1\x8a\xea\xbf\x42\xe9\xce\x7b\x01\x5f\x2a\x8c\xac\x92\xa5\x24\x48\xa4\x2f\xed\x4c\xba\xdc\x08\x5b\xbb\x4c\x03\x71\x2a\xe7\x2c\xfc\xb8\x00\xb9\x78\x35\x06\x69\xb0\x99\x00\x84\xf2\xda\xb7\x6e\xca\x60\x6d\x1a\x49\xfc\x55\xc5\x29\xe1\xe7\xda\xdf\x39\x12\x2d\xd5\xbd\x73\x38\x93\x85\x8b\x05\x23\xef\x62\xdf\x4f\x13\x4c\xf6\xc2\x6e\xed\x02\xfd\xbc\xb3\x0c\xe4\x74\xb1\xad\xa3\xf0\x60\x76\x9f\x93\x4b\xbe\x68\x6c\xce\xbd\x60\x88\x3e\xce\xc9\xce\x3f\xfb\x8a\xc4\xa0\x67\x8c\xdc\x5b\x00\x5a\xe3\xdb\xa7\xe4\xfe\x8b\xc0\x45\x73\x99\x57\xd8\x49\xf6\x9c\x14\x74\x05\x7b\x42\x8c\x54\x25\xf3\xcc\x25\x16\xe8\xbb\xe3\xbe\x81\xaf\xd4\xe7\xb5\x75\xab\xe8\x8c\x87\xf2\xf0\x3b\x56\xf6\x9f\x9e\x3b\x61\xb3\x78\x81\x20\xda\xa4\x95\xef\x0e\x50\xeb\x97\x0a\x64\x5c\x13\xd2\x13\xc7\xcf\xb7\xd0\xad\x55\x5c\x92\x0a\x1e\x5d\xbc\xb4\x67\x97\xd9\x39\xfe\x04\x01\xf5\x47\xbf\xd1\x75\x43\x22\x1a\x53\x01\x0d\xe0\x1f\x25\xb6\x45\x19\xc8\xf0\x39\x63\xe4\xb9\xca\x58\xb0\x11\x36\x27\xc0\x5b\x96\x08\xee\xaa\x7b\x9a\xe6\x30\x5c\x96\x18\x81\x60\x00\x0e\xe3\xa7\xad\xe9\x6e\x0b\x4b\xde\x9d\x0e\xd6\xa0\xce\xd7\x65\xd7\x86\x84\x0a\x48\x17\x5a\x6e\x09\x0a\x38\xaf\x6a\xde\xaa\x14\x86\xa9\xcb\x5c\x8c\x8c\x92\x23\xee\x0a\xe4\xc6\xc0\x26\x91\xa3\x54\x7e\x32\x58\x2a\x5b\x70\x59\xd2\xee\x66\xfa\x9c\xd9\x65\x61\x5c\x31\x5b\x47\x6f\xd8\x61\x27\x9c\xd1\xdd\x76\x07\x74\x3f\xc5\x56\x12\x96\x31\x2f\x11\xe4\x65\xca\x40\xbc\xe3\xcf\x0b\x1f\x1d\x5a\x30\xaf\x60\x87\xde\x4d\xe9\x6c\xe4\x39\x65\xa4\x6c\x4f\xcc\xa1\x5f\x28\x11\x49\xb5\xc1\xa0\xc8\x8f\xdb\xf2\x74\x09\xa1\x34\xed\x4f\x1f\xb7\x30\xfa\x19\x18\x16\xea\x78\x4d\x98\x6c\xc9\xec\x4b\x69\x44\x02\xde\x1d\xcc\xa9\xcc\xc6\x4f\xbd\x07\xb0\x7e\x54\xe9\x31\xde\x82\x7a\x84\x24\x60\xca\x0b\xf6\xb0\x4e\xbb\x57\x1f\xa7\x77\x87\xe3\x88\x4b\xe2\x2f\x1e\x40\x2c\xf2\xb8\xa9\x6a\x5d\x39\x77\x0e\xc4\xa8\x43\x03\x61\x42\xa0\xbe\x97\x0b\xb1\xab\x16\x5a\x63\x74\xdc\xf4\x3d\xeb\x8b\x98\x30\xb2\xc4\x9d\xb9\xcd\xfe\x4b\x52\x42\xe3\x6f\x95\xe0\xc3\xe0\x77\xe8\xd2\x38\xfa\x6a\x8a\xc0\xd5\x86\xbf\x61\xb8\x24\x8f\xb3\xa7\x9a\x27\x0a\xb2\x2b\xe8\xa9\xda\x05\x5f\xf3\xd5\xbb\x2d\x1c\xa9\xbc\x25\xf7\x01\x4b\x96\x40\x77\x19\xde\x34\x4c\x3e\x73\xb8\xc1\x14\xf7\x92\x07\x5a\x5c\x22\xfd\xd4\x16\x15\x4d\x34\x94\xec\x3f\x02\xfb\x11\x2e\xe5\x73\x7f\x70\x70\x4c\x1b\x6b\x07\xea\xcb\xf9\x45\x62\xca\x7b\x90\xdd\x84\xd9\x8c\x3e\xdf"},
+{{0xba,0xb5,0xfa,0x49,0x18,0x7d,0xa1,0xca,0xb1,0xd2,0x91,0x90,0x00,0x19,0xe6,0xcb,0xaf,0xec,0xcd,0x27,0xbf,0x7e,0xcb,0xf1,0x26,0x2a,0x70,0x05,0x16,0xe7,0xc2,0x9f,},{0xf6,0xfb,0x19,0x85,0xec,0x59,0x1f,0x69,0xe3,0xba,0xc8,0x07,0xb2,0xea,0xbf,0x26,0x39,0x90,0xcd,0xfa,0x09,0xb1,0x78,0x09,0xe4,0x8e,0x38,0x5d,0xa0,0x65,0xec,0x21,},{0xe3,0x16,0x03,0x8d,0x6a,0xa1,0x5b,0x1c,0x1b,0x61,0xc1,0xa1,0x6b,0x36,0x90,0x4f,0xe8,0xa2,0x89,0xc8,0xd6,0x02,0xbe,0xcc,0x51,0x4d,0x99,0x22,0x00,0x86,0xb2,0x67,0x85,0x9f,0x5b,0xf6,0xe9,0xc0,0x86,0x35,0x59,0xac,0x62,0x3a,0x56,0xd7,0x53,0x23,0x44,0xe8,0xd2,0xf2,0x8b,0x3f,0x9d,0xf9,0x20,0x89,0x70,0x8b,0x1b,0x05,0x90,0x08,},"\x5c\xf8\xff\x58\x7e\x52\xcc\xcd\x29\x84\xf3\x47\x91\xee\x68\x43\xe7\x70\x17\xc3\xb5\x5a\xd4\x5c\x44\x45\x09\x65\xb7\x5d\x83\x6e\x78\xfb\xd7\xa1\xd1\x72\x9e\xff\x6d\x6d\x34\x0a\x90\x3f\x3c\xf1\x7d\x9e\x2a\xec\xaa\xff\x2a\x32\x1f\xcd\xde\x0a\xbc\xfb\xbc\xbc\xc0\x9f\x40\x86\xf8\x12\xc4\x6e\xfb\x01\xb7\x83\x43\xaf\xbe\x48\x30\x9f\x91\x74\x78\x45\x5f\x32\x00\x0c\x6a\x69\xf7\x9f\xe2\x11\xb9\x9f\x03\x7f\x59\x56\xd7\x22\x75\xa7\xfe\x7b\x45\x29\x6b\x5f\x73\x9a\xa4\x51\xff\x05\x75\xbc\x70\x58\x85\xaa\x56\x31\xb0\xd0\x85\x0b\xc2\xb1\x2c\x41\x92\x43\x5a\xe5\xd2\xf5\x2b\xc5\x43\x86\x49\x7c\x4a\x24\xb8\xb6\xdb\x51\x6b\xe0\x9d\x8c\xcf\x1e\xca\x78\x5b\xde\x97\xe9\xbe\x1a\xc0\x64\xf0\x94\xe2\xaf\xcc\x30\x7c\x0e\x06\xb4\xc5\x64\xcd\x9a\x9a\x95\x30\x5b\x37\xb8\x1f\x43\x46\x11\xdc\xa5\x5c\xaa\xa0\x31\xe8\x84\x95\xd5\xdc\x5a\x04\xff\x5f\xaf\xdf\x0a\x82\xa0\xc0\x3a\xff\x1b\xfb\xf4\xff\xeb\xae\x71\x82\x4e\x35\xe7\x51\xb0\x92\x70\x00\x76\x69\x86\x0b\x58\x00\x35\x65\x9e\x23\xac\xe7\x6b\x3b\x36\x9f\xa3\x06\xf2\xbe\xd9\x57\x99\xfa\xfa\xbc\x2e\x69\xc1\x41\xbe\xb0\xba\xca\xc7\xea\xa3\x47\xe7\x7b\xe5\xaf\x3f\xcd\xbe\x7b\x36\x4a\x7f\x9a\x66\xd5\xe1\x7a\x07\xdf\x62\x02\xfd\x98\xc1\x4b\xfe\xe2\xca\x6f\x07\x45\x65\x1f\x0c\x85\x50\xf9\xff\xff\xca\xfb\x96\xff\xb3\xf1\x03\xe6\x52\xe7\x8f\x53\x91\x6c\xd6\xf1\xdd\x05\xb3\xfe\x99\xb3\x42\x01\xb0\x7e\xac\x26\x52\xf5\x25\x35\x71\xfd\x38\x22\xc6\x95\xd2\x65\xc7\xdf\xdd\x6c\x6b\x14\xa8\x0b\x6e\x87\x18\x3e\x6e\x03\x2e\x5f\x24\x01\xcd\x23\x8c\xdd\x37\x69\xbb\x6e\x39\x08\x23\x43\x8f\x56\x73\xea\x9a\x47\x9e\x5c\x63\xfe\x07\xa0\x7f\x4e\x14\xf5\x77\x57\xc4\xd7\xd2\x2b\x35\xd7\x1c\x44\xea\xad\x48\x73\xc8\xec\xa6\xf6\xb2\x1d\xcf\xa9\x55\x20\xff\x96\x14\xab\xf7\xa0\xe1\x88\x53\x09\xf2\xce\xd3\xbc\xdf\xc3\x19\x36\x3a\x2d\xa4\x6d\xed\x79\xa5\xcc\x7b\x6f\x69\x38\x3f\x94\xab\x35\xc2\x50\x62\x9c\xb9\x15\xd6\x67\xb6\x28\x11\x86\x75\x48\x95\x80\x3e\x4b\x95\xe7\x41\x82\x89\xa6\xac\x3b\xcd\xb6\xe1\xe7\xf6\xf1\xdc\x38\xe7\x7d\x28\x19\x14\xcc\x40\x4f\x97\xcf\xf1\x4f\xb2\xc4\xfd\x81\x41\x2d\x10\x1c\x1b\xfb\x36\x8c\xe5\x93\x11\xe8\x92\xa8\xb9\xcd\xca\x86\x93\x6f\x3b\xca\x7e\xc7\x91\x63\xed\xdf\x1c\xee\x68\xf4\x9f\x1e\xba\xa2\x7e\xc5\x0f\x49\x0d\x61\x60\x1c\xa3\x5f\x8d\x6e\xd2\x66\x05\x4a\xeb\x9b\x19\x9f\x93\x3b\xff\xd6\xe0\x05\x0f\x26\x1b\x4e\x13\xd5\xeb\xfe\x2c\xaa\x65\x57\xc3\x2d\xde\xae\xeb\xc2\xa1\x1f\x0a\xa2\x33\x24\x0d\xa1\xc7\xe4\x0f\x76"},
+{{0x74,0xca,0x12,0x2a,0xb6,0x0d,0xe5,0x0c,0xdc,0x04,0xa8,0xe2,0xed,0xa4,0x5d,0x96,0x31,0x06,0x1b,0xf1,0x87,0xd3,0x16,0xbe,0x5b,0x7c,0xc0,0x6f,0x02,0x0c,0x48,0x3e,},{0x78,0x7d,0xef,0xd4,0xfb,0x24,0xa3,0x99,0xbd,0x2a,0x4e,0x76,0xdf,0xf7,0xd6,0x03,0xed,0x0a,0xcb,0x32,0x69,0x81,0x3e,0x4d,0xf6,0x90,0xbb,0xf5,0xb2,0xbc,0x69,0x6e,},{0xbc,0xb4,0xb8,0x50,0x69,0x60,0x11,0x99,0x7e,0xb5,0xdf,0xe1,0x43,0xf1,0xa3,0xd5,0x62,0x8e,0xf1,0xa5,0x40,0x76,0x91,0xee,0x48,0xc7,0x9d,0x69,0xab,0xe4,0xd5,0x33,0xf8,0x17,0xad,0x73,0x13,0xb5,0x79,0x5e,0x46,0xe5,0x95,0xf3,0xae,0x3a,0x91,0x65,0xb1,0xb6,0xfd,0xda,0xe8,0x61,0x64,0xff,0xcb,0xa3,0x76,0x24,0x98,0x37,0xf6,0x09,},"\xa8\x0b\x46\x07\x9f\xa7\x75\xf8\xc1\xa1\x9f\xa0\x82\x9b\xe6\x66\xbd\xfd\xca\x07\x9c\xad\x43\xd7\x0e\x08\x42\x18\x3b\xc0\xdb\x95\x46\x8a\x53\x9f\x0d\xb2\xae\xa3\xab\x9c\x70\x73\xb4\x5d\x22\x8a\x9b\xde\x23\x28\x97\xa6\xeb\x6f\xc9\xed\xf7\x36\x5e\x71\x01\xba\x97\xc4\x46\xa5\x19\xa3\x64\x9c\xf5\x27\xc8\xa6\xde\x72\x51\xb9\x28\x06\x81\x5a\xc2\xfa\x00\x82\xef\xf7\x5e\x25\x82\xcb\xca\x7e\x1e\x4d\xa2\xa4\x46\xea\x23\x3e\x7c\xf7\xce\xdf\xb0\xe2\x39\x8e\xb6\xe1\x1b\xba\xef\xe3\xf7\xec\x89\xf5\xd7\x3d\xd3\x4b\xd4\x7f\xbc\xb4\xd7\xb2\x2f\x2a\xae\xe3\x73\x78\x56\x51\x84\x11\x35\xcd\x86\x61\xa7\x01\xb2\x10\x84\xa3\x16\xde\xac\x30\x74\xe2\x4a\x2e\x35\xa0\x33\x0f\x7d\x14\x79\xb9\x32\xf2\x85\x27\x7c\x18\xa4\x41\x78\x72\x24\xfb\xbe\x46\xc6\x2e\x83\x4a\x18\x51\xed\x23\x79\x98\xd4\x8d\xce\x20\xba\x11\x4d\x11\xe9\x41\xbe\x29\xd5\x6d\x02\xf7\x37\x0c\x8f\x6d\x6d\x7e\x50\x24\x8d\xcd\x8e\xc8\x9d\x3b\x22\xf4\xf5\x87\x78\x12\x9f\xaf\xd4\xbb\x92\xed\xe1\x77\x14\xbf\x02\x2a\x5b\xf9\x2b\xe4\x79\xf1\x8e\x63\x85\x2e\xcd\xcf\x8c\x42\x11\xf5\x30\xdd\x30\xf7\x9c\xbf\x4b\xfa\x57\x37\xf0\xba\xd3\xb0\x10\x60\x67\xf4\x13\x27\xc3\x18\x9e\x6f\x20\x6f\x0d\x4f\x3c\x70\x4b\xf2\xbd\x0b\x16\x1f\x01\x8f\xd2\x1c\xdd\xfb\x41\x8b\xac\x4d\x52\xef\x02\xc4\x1c\x87\x92\xe4\x13\xb0\x4f\x08\x36\xce\xa1\xf8\x6c\x92\xe5\xd5\x70\x3b\xee\x2b\x5c\x58\x99\xe2\x85\x99\x20\x24\xf6\x4e\x0d\x16\xc6\x0a\xd0\xfd\x92\x54\x79\x32\xd0\xc5\xcb\x98\xd8\xda\x22\xfe\xeb\xdb\xba\x8d\x1d\xe1\xe7\xe9\xbb\x21\x9a\x92\xeb\x6c\x1c\x69\x8d\x3b\x33\xa3\x7f\x9b\x81\x97\xd2\x6b\x55\x0f\xeb\xd2\x60\x1e\x7a\x64\x3e\xa7\xe1\xd9\xe4\x48\xae\x03\x7f\x62\x9a\x30\x6c\xe4\x17\xae\xb7\x9f\x2e\x3c\xa4\x4d\x8d\xb3\x84\x8a\x81\x1f\x18\x46\x81\x1c\xbc\xb8\x74\xf8\xaf\x09\xe0\xfd\x01\x73\xcf\x17\x5f\x30\x41\x15\x47\x6b\xf2\xc6\xc2\xd2\xf3\x32\xeb\xa5\x34\xf4\x6a\xae\x80\x1c\x26\x92\xc2\xd2\xfa\xdd\xfe\xac\xc0\xf1\xda\xce\x44\x0a\xbc\x2a\xe5\xe5\xa4\x9d\x57\x8f\xd7\xf9\xde\x2a\x84\x1a\xd6\xb6\x76\x9c\x32\xb1\x44\xce\xea\x16\xd0\xf3\xc0\xcb\x3a\x8e\xe6\x94\xc3\x8c\x28\x07\x35\x95\x09\x6c\x81\x37\x62\xcc\x2c\x5e\xc4\xb0\xd8\xd7\x23\xdd\x66\x08\x53\x27\x8f\xc7\x2f\xd6\xbd\x9d\x12\x72\x93\x3d\xd2\xa3\x8e\xd9\xd0\x4b\x13\x90\xff\xe4\xb2\x94\xa6\xff\xfa\x72\x1e\xe3\xbb\xa3\x3a\x03\xa1\x49\xc4\xa0\x34\x52\x65\xc0\x1c\xe0\x15\xe9\x4d\xb4\x19\xcf\xf7\x04\x98\x52\xee\x00\x00\x48\xa8\x57\x58\xf6\xd7\xb1\xc5\x9c\x50\x89\xee\x01\x8e\xd0\x9b\x52"},
+{{0x65,0xee,0xa9,0xff,0xb7,0x56,0x12,0xbd,0xe1,0xd9,0xba,0x3e,0xa4,0xfb,0x5e,0xda,0x0a,0xa6,0xf2,0x55,0x6a,0xb1,0x5b,0xf1,0x81,0x7c,0xee,0x3b,0x95,0xbb,0xba,0x12,},{0x5b,0x39,0x36,0xdc,0x74,0x9b,0x6b,0x92,0x39,0xf1,0x57,0x98,0xac,0xca,0xfd,0x88,0x4c,0x36,0x59,0xee,0x01,0xb2,0xd1,0x7d,0x74,0xfc,0x7d,0xa7,0x82,0x74,0xe7,0xe6,},{0xba,0xa7,0x11,0x31,0x55,0x35,0x8c,0x92,0x4f,0xed,0x57,0x48,0x8a,0x65,0x67,0xf8,0x72,0x38,0x50,0xa9,0xf5,0xc0,0x3a,0x0d,0x7d,0xe8,0x5f,0xcc,0xd8,0xfb,0x4d,0x17,0xd7,0x75,0x35,0x23,0xb0,0x0c,0x0d,0x8a,0xdb,0x88,0x4d,0xc0,0xc8,0xa7,0xa4,0x4d,0xc2,0xa6,0x00,0x83,0xaa,0x5b,0x3c,0x5b,0x94,0xa8,0xd8,0x80,0xf2,0xa9,0x4d,0x09,},"\xc0\x69\x36\x32\x3c\xe3\x25\x3c\xac\x5a\xb4\xf6\xb8\x32\x70\xcd\x4c\xfe\x85\xd0\xbf\x8b\xac\x1e\x1b\x8d\x5f\x0b\x15\x3f\x54\x1c\x8e\x8e\xd9\x5f\x28\xd5\xc8\x5a\x23\x15\xcd\x93\x1b\x7c\xf3\xed\xae\x50\xf9\x28\x30\x59\x91\x62\x80\x4b\x13\x63\xd3\xac\x0d\xa0\xab\xd0\x97\x51\x02\x3b\xdd\xc1\x62\x88\x94\x4e\x61\x6d\x21\xd9\x12\x71\x97\x8b\xb7\x82\xd3\xeb\xed\x7f\xa6\x12\x84\xc7\x49\x0d\x27\x59\x3c\xa8\xa3\xd5\xb4\x75\x62\x33\x07\x01\x0a\xbc\x1f\xbf\x79\x3a\x81\x6a\xaa\xb5\xe0\x92\x4d\xec\x79\xd6\x04\x98\x96\x5c\xf7\xf8\x0a\xb5\x9f\xc0\x29\xf7\x82\x16\x67\x55\xb7\x2b\x86\x90\x75\x43\x4a\xb6\x06\xcc\x87\x0a\x7c\x0b\xc8\xbf\x29\xae\xe0\x33\xfa\x9c\xc1\x22\xed\x7c\x8e\x06\x9b\x54\x7d\xba\xe2\x59\x01\xb9\xe2\x49\xb4\x1f\xea\x0b\xf8\xda\xf3\x82\x68\x66\xbc\xae\xd2\x75\x3b\x5e\x91\xae\x93\x7e\x71\x7b\x50\x8a\x0a\xcf\x4c\x3b\x06\x1f\xf0\xcb\x9c\xfd\x38\x0e\x24\x94\x50\x09\x51\xa6\x62\xfd\x49\x28\xfc\x5f\xca\xf6\xc1\x8e\x84\xb1\xd3\x78\xe4\x9b\xd9\xd5\x96\x86\xd0\x87\xeb\xd5\x52\xd0\x7f\xa9\xba\x81\x6f\xa5\x40\x2c\xa9\xe7\x25\x2a\x64\x8d\x10\x6c\xfe\x6c\x43\x1c\xc2\xa0\x53\xe2\x29\x46\x37\xcd\xb9\x9d\x96\xab\xe6\x89\xed\xab\xc5\xca\x07\x0f\x77\xc1\xec\xd1\xd5\x2d\x53\x85\x28\x9f\x17\xce\xd7\x68\xc3\x97\x16\x71\xb9\xc0\xb2\xf8\x55\xb8\x46\x1c\x1e\x74\x6c\x7b\x38\xf7\x78\x96\xb8\x5a\xfb\xbe\xdd\x08\x37\x5f\xe9\x22\x98\x46\x14\xdd\x84\x9f\xe2\xcb\x89\xae\x71\x49\xdc\xd1\xd3\x7f\x49\x36\xe6\x7b\x14\x40\xbe\x72\xe0\x09\x39\x8b\xe6\xf0\x83\xbf\x96\x11\x48\x0b\x59\x2f\xe2\xf0\x11\x8e\x25\x3d\xb5\xd2\xe9\xe4\xb4\x54\x1c\x11\xda\x00\xf7\x16\x1a\x73\x6e\x5f\x0b\xb9\x34\x20\x8e\x3e\xf4\xe0\xb9\xa5\x22\x58\x20\x3f\x06\x0d\x18\xa1\x95\x15\x9e\x5e\x26\x8a\xa2\x80\x53\xc8\x34\xf7\xbd\x5d\xb9\xbd\x71\xf5\x07\xd9\x13\x70\xb3\xff\xca\xbb\xd4\xac\xb3\x07\x1d\x3f\x6d\x52\xc3\x49\xac\xf3\x50\x95\x34\x8c\xeb\xf5\xa8\x6f\x8c\x59\xdd\xc9\x65\xef\xf6\x10\xac\x42\x58\x04\xc0\xe2\xf6\xbe\x42\x85\x3f\x5b\x46\x43\x4a\x2c\x31\xd9\xac\x99\x53\x9b\xfd\xc0\x4e\xcf\x2f\xef\xd0\x45\x98\xfa\x63\xc1\x39\xff\x6c\x6d\x88\x41\x0e\x73\xbd\x32\x8c\xc4\x34\x9a\xb4\xbb\x86\xf2\xe2\xed\x7c\x73\xde\x96\x52\x0e\xf7\x73\x0e\xf3\x83\x45\xe0\xf9\x72\xa8\x4c\x53\x88\x10\x36\x87\xe6\x8c\x50\xf9\xd8\xc9\xaf\x90\x3b\xc6\x32\xd4\x32\x04\x06\x2a\x4f\x50\x2e\x21\x4c\x07\x05\x9c\x2c\xbe\xf7\x2a\x54\x11\x0d\xbf\x73\xe4\x25\x40\x2d\x17\xe9\x78\xec\x19\x9b\x51\x8c\xec\x03\x10\xbf\xbf\x7d\x9a\xd3\x00\x43\x4a\x4a"},
+{{0x08,0xda,0xbd,0x4e,0x5c,0x11,0x9e,0xa9,0x07,0xce,0x45,0xf0,0xa7,0xaf,0x9e,0x62,0xc0,0xc3,0xf1,0xc9,0xec,0x61,0xad,0x10,0x56,0x7d,0x79,0x36,0x28,0x54,0xc5,0x57,},{0x94,0x54,0x06,0xb8,0x5d,0x7b,0x32,0xe0,0xb1,0xab,0x12,0x00,0xb9,0x42,0x22,0xde,0x1a,0xaa,0x68,0x62,0x4c,0x60,0xbb,0x47,0x16,0xb0,0xbc,0xe9,0xdf,0x00,0x57,0x71,},{0x33,0xad,0xbf,0xcd,0x4e,0xd4,0xfa,0x67,0xc5,0x8b,0x5c,0xb5,0x9e,0x16,0x98,0x71,0x48,0x69,0x78,0x12,0x66,0x0b,0x35,0x31,0xff,0x6a,0x21,0xc7,0x49,0xb9,0x60,0x16,0x60,0xba,0xee,0xe2,0x48,0x9b,0x82,0xb4,0xcd,0xe1,0x32,0xb6,0xe6,0x2f,0x2f,0x90,0xd8,0xf9,0x92,0x78,0x60,0xaa,0xad,0x25,0x28,0x1d,0x03,0xeb,0x17,0xa9,0x52,0x0f,},"\x6c\x47\x19\xa5\xa2\xa6\x89\x48\x35\xc4\xac\x1e\xd6\x91\x59\xe5\xeb\xb5\x69\x2a\xd8\xea\xad\xa4\x39\xf7\x9e\x96\x68\x4b\x36\xce\xcf\xb4\x4b\x89\x01\x56\x31\x66\x3e\x06\x44\xf6\xc7\xab\x71\x39\x89\xd7\x42\xda\x27\x42\x72\x53\x31\x8a\x52\x43\x2d\xfa\xb2\x12\x1d\x1e\x92\x33\xea\xd7\x19\xe2\xc8\x6a\x6b\xe0\x73\x63\xd0\x02\x17\x3f\x20\x54\x46\xca\x95\xfc\x17\xb2\x46\x35\x82\x7f\xe3\x15\xf2\x22\x40\x8e\x45\xe8\x33\xf2\x9f\xf0\x8f\xf3\x1d\xac\x58\x3a\x4b\xec\x70\x76\xd5\xcc\x78\xcf\xc9\x44\x51\xcb\xf4\xf7\xe2\xfc\x5b\x5e\xd8\x07\x0f\x4e\xf8\x08\xbe\x1d\x8a\x68\x0e\xcd\xff\x59\x01\x0f\x39\xb1\xde\x80\xbe\xf1\x71\x9f\x1e\x21\x8e\x0c\xe0\xa1\xe3\x93\xa5\x66\xc5\x17\x64\xd2\x37\x0d\x95\xa6\x11\x91\xd8\xf7\xaf\x74\x0d\xc2\x08\xfa\x78\x31\xb2\x10\x67\x05\x12\xcd\x73\x76\x6e\x60\x9e\x9b\x78\x00\x21\xeb\xb2\x0c\xc8\x79\x0d\x8d\xa5\xf1\x0f\x5b\x6a\x11\x4a\x1d\xb8\x8f\x66\x76\x65\x01\x80\x2d\x9c\x36\x6e\xa3\xfa\x6f\x1b\x1e\x1e\x8b\x04\x20\x94\x34\x13\xcc\x6f\xea\xb2\x8c\x6b\x68\x3c\xd2\xb3\x33\x06\x9c\x89\x51\xbc\x45\xe8\xa1\x3b\xd5\x22\x57\x83\x51\xc8\x82\xf7\xc3\x42\xfe\x43\x31\xb9\x21\xf5\x33\xc9\x2e\xc0\x4a\x49\xb2\x92\xbc\x56\x9d\xdc\xef\xca\xb5\x72\x7f\x9b\x56\x25\xb1\x67\xa9\x02\xdc\x89\x6d\x8b\xc7\xd8\xe9\x99\x20\xf5\xdb\x8d\xd7\x67\x83\x9c\x43\xe3\xcd\xf9\x47\x08\x0d\xec\x95\x42\x14\xa6\xfb\xbe\x04\x87\xa2\xf3\x2c\xd1\x7a\x6b\x00\x03\x70\xbd\x41\x44\x84\xfb\x73\xc5\x10\xea\x01\x24\xc6\xcf\x0f\xe5\x6c\x08\x46\xa7\x9b\xfc\x59\x77\x9d\x3b\x07\xa1\xbd\x2c\x7f\xb7\xe2\xd0\x03\x9f\x0b\xd2\x1c\x8a\x30\x8f\xb0\xf5\x8f\xdb\xf9\x4e\xfa\x08\x57\xac\x3b\xdd\xdd\x86\xd5\x76\x3e\x20\x5e\xe1\xb2\x21\xf0\x60\xce\xdb\x8b\xc0\x5f\x03\x1b\x60\x6c\xc7\x4d\xad\xc5\xdb\x04\x23\x27\x48\x86\x5a\x73\xd6\xcc\xdd\xb4\xd5\xe9\x30\xd5\x28\x34\x8c\x5b\xe9\x08\x8b\xfe\x34\x45\x84\x87\xa6\x7b\x19\xa1\x8e\xca\x25\xc0\xd3\xfb\xe2\x19\x5e\xb9\x17\x07\xb6\x5d\x91\x61\xea\x93\xed\xdd\x64\xa6\x34\xb2\x32\x80\x19\x5f\xdb\x0d\x13\x88\xf6\x99\x8e\x18\x58\xa4\x5b\x88\x69\x99\xb8\x44\xe6\x79\x5d\x83\xd3\x18\x37\xe4\x41\x1f\x71\x69\x92\x26\xde\x1b\xa0\x24\x56\x08\x00\x0d\xcf\x22\x3d\xd1\x83\x59\xb7\xc6\xd4\x59\xa6\x5d\xbe\x66\xc9\x0f\x5c\xb8\xc0\x91\x22\x18\x7a\x30\x46\xa1\x6d\xd1\x79\xc3\xf4\x37\x3e\x57\xcf\x5e\xe0\xea\xb6\xa2\x12\xcc\x9e\xd8\xb5\x4b\xf3\x7f\x1d\x27\xfb\xd7\x98\x48\xe4\xec\x1f\x56\x72\x43\xab\x87\x40\xa0\x51\x49\xd9\x60\x2e\xad\xa9\x20\xa4\x6d\x61\x0d\x3c\xc8\x23\xb5\x64\x98"},
+{{0xe0,0xf7,0xd0,0x08,0x24,0xc5,0xf3,0x70,0x1e,0x55,0x17,0xa4,0xab,0xc1,0x3e,0x2f,0x2c,0x0b,0x13,0x8c,0x83,0x69,0x77,0x84,0x3b,0xbd,0x1e,0xef,0xfa,0xbd,0x96,0x8a,},{0x52,0xfd,0xda,0xe3,0xe0,0x18,0xa6,0x84,0x73,0xb3,0x16,0x8d,0x07,0x64,0xcf,0xe2,0x74,0xdc,0xc8,0x34,0xc9,0x0a,0x91,0xfb,0x4f,0xe7,0x4b,0x93,0x9d,0xd2,0x38,0xb1,},{0xcc,0xdf,0xe1,0x8a,0xd6,0xd0,0xb6,0x5d,0x08,0x6d,0x63,0x2f,0x83,0xcc,0x46,0xff,0x3b,0x3f,0x2c,0x07,0xbb,0x8e,0x76,0x9d,0x0f,0xb4,0xe8,0x2d,0xf8,0xa3,0x87,0x3f,0x9a,0xee,0x35,0xfd,0xd1,0x8a,0x57,0x83,0x60,0x31,0x80,0xa9,0x5c,0x9f,0x74,0xce,0xd9,0xdb,0x51,0x46,0xaf,0xcf,0xbb,0xdd,0x40,0xdf,0x29,0xe0,0x42,0x01,0x20,0x0c,},"\xb3\x9e\x3a\xc7\x5a\x22\x1a\xdc\xce\xd0\x9a\x85\x91\xac\x5e\x2f\xe1\x5d\xfe\xd5\xb9\x19\xcb\xaf\x14\xc6\x5e\xb7\xcd\x93\x08\x6d\xde\xe3\xf7\x47\x25\x47\xe6\x6d\xdc\x70\x06\x2b\x97\x62\x97\xd1\xa3\xc1\x70\xee\x52\x5c\x9c\x53\xba\x93\xa4\xc4\xfd\xb2\x35\x72\xb7\xca\x6e\xd1\x38\x53\xe7\x0d\xb1\xd7\x2e\xde\xb9\x94\x4b\xbc\x35\x4a\x52\x0e\x77\xae\x59\x1f\x31\x80\x92\xef\xd5\xe6\x6d\x9c\x09\x81\xc4\xa4\xbd\xa9\x8a\xa4\xe5\x90\x45\xff\x9c\x4b\x4c\xa3\xac\xb2\xff\xd8\x93\x20\x1c\x70\xb3\x4a\x77\xf2\x4e\xda\x54\x54\x9d\xc8\x4a\xd1\x34\xa3\x55\x32\x55\x38\x15\x88\x8a\xe3\xdd\x9e\x24\x1e\xc4\xeb\xbf\xf8\x6f\x8c\x1e\x8a\xdb\xaa\xc4\xb9\x1a\xfd\x18\x22\x8c\xbb\xd5\xdd\x80\x5a\xca\xbf\x0a\x1e\x29\x0c\xe5\xdd\xa0\x25\x1a\xdf\xb3\x7c\xb7\x14\xc1\x39\xb5\xa3\x24\x2d\x88\xc6\x44\x84\xa3\x76\x55\xcc\x8f\xcb\xec\xff\xa9\x7f\xbd\x14\xd6\x4d\x51\x2b\xf8\xf6\x30\x5f\x89\xc5\x09\x22\xde\x54\x16\x92\x15\x8f\xb5\x47\xfd\x53\x9f\x1e\x58\x77\xcc\x64\x94\x95\x16\x63\x32\xea\x2b\x68\x5c\xfa\x3f\x60\x20\x19\xdf\x2a\xb2\xc2\x5e\xd9\x6b\x68\x74\x5e\x9a\xe8\x9c\x94\x8d\xa1\x1a\xd8\xa8\x30\xdf\x8b\x00\xf2\xe6\x68\x19\x2d\xad\xf2\xc5\x62\x0d\x35\xc6\xe8\x1a\x28\x53\xf8\x41\xe3\x75\xa0\xd9\xfc\xa2\xd2\x96\xef\xce\x2a\xc3\x8d\x40\xb0\x30\xb5\x75\x60\xae\x6e\x83\x41\x33\x9b\x3d\x3c\x2d\x06\x11\x64\x12\x43\x19\x59\x86\x88\xfc\xa6\x18\xfc\x64\xc9\xe8\xf5\xf8\x31\x09\x7a\x05\x3a\xf1\x9d\x7d\xbd\x61\x21\x8d\x92\x67\x42\xc2\xe9\xa4\x2a\x79\xcc\x1b\x14\x89\x12\x72\x2d\x8c\xd5\xca\x79\x3a\x1a\xd7\x3b\x5f\x14\x1b\x41\x80\x9c\x2f\xc0\x53\x0b\x76\x30\xe8\x03\x90\xc6\xb3\x38\xc7\x18\x68\xda\xcc\x59\xbf\x46\x3f\xfc\x48\x90\x16\xbf\x67\xf9\xc9\xd5\x55\x3c\x1e\xde\x17\x15\x28\x13\xfe\x0b\x26\x4b\x65\xdc\xa1\xb2\xb3\x8e\x4b\x80\x9f\x8c\x97\x25\xac\x5b\x1d\x8d\x2e\x56\xbe\xc9\x64\x9f\xe5\x5c\x75\x83\xff\x23\xb0\x43\xd6\xf3\x76\x86\x28\xf1\xf0\x51\x63\x37\x82\x4a\x5a\x56\xb4\x09\x52\x0a\x6a\x6c\xb7\x7e\x4f\x5f\xc2\x0b\x9f\x68\x99\xe0\x0a\xb2\x2d\xb1\x0d\x18\x2f\x09\xb8\x1e\x94\xf3\xad\x56\x8a\x0b\x81\x24\x4d\xf3\xf1\x85\x5c\x6e\xf2\x22\xa4\x1a\x51\xb6\x2a\x46\x49\xbb\x82\x69\x0a\xb6\x5f\xac\xac\x0d\x81\xd6\xfe\x02\x60\x11\x70\xa8\xdb\x62\xcb\xc5\xec\x99\x55\xd7\x71\x1a\x1c\x39\x65\x6a\x9f\x6e\x1f\xb6\xbc\x18\x3d\x9b\xea\x15\x03\x53\x1f\x17\x36\x27\x68\xbb\x84\x1f\x9d\x21\xf1\x3a\x2c\x99\x1e\x55\xdf\xf7\xf2\xb3\x36\xe2\x9e\xb2\x95\x07\x63\x8b\xdc\xad\x7b\xb3\x1c\x69\xe9\x09\x20\x7e\xba\xbc\xc6\x53\xff"},
+{{0x6a,0xcd,0x93,0x9e,0x42,0x22,0x26,0xcc,0x54,0x43,0xd4,0xaa,0xbf,0x58,0xc1,0x1a,0xf6,0x50,0xcb,0x40,0xb9,0x64,0x8b,0x4d,0xa3,0x8b,0x92,0x7b,0xff,0x9a,0x58,0xdb,},{0x4c,0x0b,0x91,0x75,0x6b,0x9e,0x20,0x6f,0x78,0x63,0xb1,0x55,0xff,0xc5,0x50,0x9b,0xb5,0x24,0x77,0xce,0xac,0xd0,0x1c,0xa0,0x11,0x43,0x51,0x53,0x67,0x86,0x46,0xcc,},{0x79,0x99,0x58,0x77,0xed,0x24,0xc7,0x91,0x68,0x4f,0x29,0x84,0xbd,0xf9,0x60,0x9c,0x3f,0x7b,0x57,0x6c,0x57,0xd1,0x62,0xee,0x62,0x2d,0x4c,0xe8,0xf3,0x6d,0x9c,0x55,0x73,0x16,0x9d,0x88,0x01,0x21,0x6f,0x1c,0x46,0xff,0xe2,0xf6,0xe2,0xc0,0x90,0x48,0xe4,0x7d,0x4b,0xeb,0x99,0x7e,0x9a,0xbc,0x4a,0xbb,0x12,0x9f,0x9b,0x79,0x69,0x0a,},"\x82\x50\xd5\x31\xcf\x2b\x66\xaa\xc2\xb3\x78\xd5\x4b\xc5\x7f\xd3\x29\xad\x5a\x41\x4a\x59\x92\x55\x89\x8b\x3c\x3b\x45\xbf\x9c\x0d\x2c\x77\x54\x75\x66\xb6\x60\xee\xcc\x76\xa6\x95\xa2\xd6\x08\xab\xf1\x1a\x5f\x6d\xb3\xe6\x07\xfd\x5a\x21\x71\x4b\x0f\xad\x5d\x81\x4c\x01\x5e\xbf\x48\xbb\x73\xad\x75\xda\x9c\x03\xc4\xaf\x54\x89\xe7\x82\xb6\xbf\x79\x08\xa1\xbd\x52\x8d\x7c\xe7\x88\xa1\x8b\xa3\x52\x8e\x35\x37\xaa\x7b\xbf\x75\xf6\x52\x4b\xbd\x19\xa5\x30\x4b\xa2\xa4\xa3\xee\x58\xc4\x1f\xec\x31\x32\xee\x65\x01\x64\x12\x15\xef\xf7\x46\xd7\x80\x0c\x4d\x33\xf5\x2b\xe8\x35\x7e\x0e\xe7\x58\x04\x1d\x91\xcf\xe4\x3c\x60\xc3\xce\xdc\x09\xb0\xd4\x6d\x4c\xfb\x9a\xe2\xa0\x23\x9b\x6f\x33\xc6\x94\x1c\xff\x35\x37\x26\x70\xee\xf5\xc8\x85\x9a\xb6\x5b\x6e\x9f\x7e\xbc\xe3\x2f\xa1\x5a\x9a\x47\x7a\xec\xdc\x96\x83\xa1\xe3\x3a\x1e\xdc\xdc\x90\xd4\x20\xa3\x1e\x78\xc1\x53\xd2\x60\x20\x87\x1d\xaa\x4f\xff\x28\xac\xc3\xf1\x1a\x72\x06\x78\x88\x06\xb6\xfa\x02\x34\x68\xea\x5a\x3d\x18\x6d\x10\xf0\xdd\x56\x77\x96\x66\x3b\xa3\x7c\x83\x2f\xe7\x5a\xae\x7d\xcc\xeb\xf3\x19\xf9\x36\x00\xc4\x6a\x22\xf5\x72\x23\x81\x2d\xdd\x0a\x68\xd7\x6b\xaf\x5e\x27\xa9\xfc\x8b\xd6\x8c\xc1\x0b\x5b\x51\x51\xd6\x2b\x41\xf9\x34\x8e\x21\xb7\x15\x35\x2f\x26\x30\xb6\x17\xf8\x13\xb0\xc2\x89\x96\x28\x59\x04\xcf\x29\x4e\x9c\x28\x56\xb1\x7b\xa3\x5f\x9a\x82\x19\x8b\x82\x14\xa0\x35\xe2\x89\x6d\x65\x68\xbe\x42\x39\x2c\xce\xf3\x2c\xd4\xeb\xfe\xeb\xf1\x2b\xe0\x12\x52\x06\xbb\xe8\x93\x36\xd3\xe7\x62\x99\x1d\xfa\xb6\x8f\xc9\x9d\xc1\x64\x9b\x89\x13\x83\xdb\x31\xfa\xb6\x49\xe6\x28\x82\x3f\x45\x98\xcb\x63\x6a\x38\xfe\x1d\xf7\x3e\x68\xd7\x42\x5f\xc5\xd2\xeb\x55\xa0\xfd\x1b\xc9\xf5\xce\xaa\xbd\x6d\xd4\x1f\x23\xe4\xf0\x86\xc6\x92\x63\x3d\xc3\xc4\x61\x9a\x97\xab\x0e\xad\xa1\x71\xf8\x4a\xdf\x20\xec\xc8\xec\xd4\x7c\x51\xcc\xa3\xe5\x9d\xd8\x09\xb0\xae\xaa\x73\x0d\xf9\x4b\xe3\xba\xcf\xd8\xee\x88\x8b\xba\x9d\x57\x08\x50\x65\x2c\xd4\xd5\xe6\xc5\x52\xa5\x7e\x9f\x48\xa2\xb0\x6a\xac\xdc\x70\x8d\x84\xa3\x76\xfb\xc6\xc9\x4b\xa6\xbf\x64\xa5\xf0\x18\x80\x0a\x7c\xc8\x51\x24\x5a\xed\xb2\x03\x78\xb3\x29\xac\xeb\xb2\x97\x7c\x13\x98\x08\x2b\x3a\x0e\x5e\x2a\x9c\x24\x84\xfa\x30\x1d\x30\x37\xa8\x22\x4d\xdc\xc0\x95\xb1\xdb\xd8\xa2\x31\x5b\x55\xbf\x33\x18\xc2\x78\x10\xef\xc3\xd8\xe2\x5f\xa7\xa8\x78\x9b\x73\xa4\xf5\x50\x59\x08\x0b\x08\xab\xb3\x69\x9b\x7b\x86\x26\xcb\x2a\x78\x0d\x97\xcc\x1c\xa8\x03\x28\x51\xba\xf4\xed\x8b\x64\xfc\x43\x30\x86\x5f\x84\xcc\xb1\x2a\x3d\xae"},
+{{0x4d,0xef,0xf6,0x47,0xcb,0xc4,0x5e,0xca,0xed,0xc3,0xf7,0xdd,0xf2,0x2c,0x16,0x7a,0xf2,0x4e,0x3d,0x63,0xda,0x22,0xb0,0xe6,0xa5,0xb8,0x43,0x9c,0x0f,0x3b,0x19,0x34,},{0x0c,0x27,0xc9,0xd7,0x7a,0xc8,0xc7,0x25,0xbb,0x06,0x63,0x93,0x3a,0xb3,0x0d,0x1a,0xad,0x09,0xcb,0xcf,0x2c,0xd7,0x11,0x6c,0x60,0x85,0xa8,0x49,0x9f,0x70,0x14,0x02,},{0xdd,0x54,0x89,0xfd,0xe4,0xba,0x87,0xd1,0x17,0x3d,0x4c,0xee,0x06,0x82,0xaf,0xdd,0x4b,0xad,0x80,0xdd,0x77,0x0e,0xa7,0xd0,0xdc,0xeb,0xaf,0x21,0xac,0xc6,0x1d,0xd6,0x32,0x4a,0xca,0x29,0x5e,0xd0,0xe2,0x3a,0x91,0x5e,0xcf,0xda,0xd5,0x0f,0x17,0x5e,0xbc,0x51,0x6f,0x1b,0xe5,0xb6,0xd8,0x7d,0x90,0xbb,0xe3,0x86,0x22,0x49,0x53,0x02,},"\xd6\x20\x1e\xbc\x21\xce\xc1\xe9\xbc\x28\xf9\x57\xc9\xd0\x29\xcc\x38\xf9\xe8\x5e\x06\xdf\xc9\x0b\xf2\x97\xe6\x1f\x2b\x73\xb4\x07\xd9\x82\xa6\x6b\x91\xe9\x4a\x24\xe9\x1d\x06\xab\x8a\x5c\x07\x9d\x0f\x69\xbe\x57\x88\xea\x8f\xea\xce\xbd\x91\x72\x91\x19\x22\x33\x86\x2e\x6a\xcd\xa1\xe8\xcf\x9a\x48\xbf\xfb\x54\x91\xdd\x65\xaf\x54\x1b\x6c\x72\xaf\x68\x1a\x81\x82\x3d\x98\xa0\xab\xee\xb6\xba\x9f\x95\x46\x5b\x84\x11\xf9\x9e\x11\x9c\xd2\x84\x79\xda\x98\x42\x59\xbd\xf8\x6c\x9f\xef\x3c\xca\x34\xe2\x24\x69\x1f\x18\x3c\xf0\x95\x03\x77\x27\xda\x9c\xad\x29\xf2\x42\xf8\x3e\xb4\xf7\x36\xe2\x7f\xdf\x67\x01\x8d\x71\x1b\x74\xc4\x5b\x29\x55\xa6\xa7\x6e\xc1\x53\x30\xdf\x5b\xad\x80\x30\xc6\xb3\xa8\x8d\x72\xf2\x84\x47\x65\x2a\xc8\x90\x2b\x5b\x76\xcb\xf6\xb9\x45\xce\xab\xfe\xc0\x4a\x9b\x8c\xb3\x0f\x43\xd9\xeb\x77\x3e\x67\x05\x59\x4f\x0d\xe1\xb7\x0f\x1a\x20\xc9\x9f\xc4\xb1\x22\x1f\x8c\x81\xb0\xbc\x30\xda\x12\xcd\x5d\xea\x8f\x4d\x90\xf1\x3a\x81\x1a\x2c\xc1\x1a\x96\x84\x6a\xaf\xb4\xc4\x2a\x00\xe9\xae\x7d\xa2\x56\xa0\xd2\x2b\x19\x8a\xfc\x25\xcc\x10\x41\xd2\x4e\x05\x6c\xf3\x87\x60\x1d\x7b\xf7\xeb\x31\x82\xd6\x05\xfe\x5e\x63\xb1\x8d\x53\x1a\x5f\x84\xe5\xdb\xd0\x18\x4a\x76\xc6\xc4\x67\xa8\x26\x3a\x98\xb5\xc0\x05\xfc\xb2\xaa\xf9\x89\xf5\xcb\xd0\xa9\xd9\x03\xfc\xfc\x60\x9d\x6e\x57\xd9\xc4\x39\x02\x1c\xea\x93\xe4\xc4\xe9\x91\xf1\x93\xca\xf3\x24\x37\x70\xb3\x25\x78\x74\x80\x76\xb7\xf4\xcb\x97\xf1\x7c\x17\xa7\x9b\x82\x25\x3c\x24\x23\xdb\x69\x8c\xd0\xa3\x3a\xb3\x3b\xb0\x9b\x0b\x08\xcb\x8c\xea\xdc\xa1\xe2\x9c\x5d\xe2\xfc\x12\xb2\x40\x7b\x6c\xc5\xaf\x5a\xe9\x76\xdd\x3e\xc6\x30\xd8\x33\x9b\x7d\xd1\x1f\xa3\x4c\xaa\xc1\x50\xc7\xc4\x79\x1d\x8c\x42\x7b\x0a\xd9\x2e\x05\x29\x06\x7a\x88\xd5\x20\x11\xe1\xe0\xa1\x82\x99\xb9\x69\x89\x6f\x8b\x83\x60\xf7\x5c\x45\xc4\x96\xda\x47\xb0\x9b\x45\x0f\x98\x22\xbc\xbc\xd4\x3f\x42\x93\xc5\x16\x80\x2b\xf7\x47\xc4\xab\xee\xdf\xaa\x3e\x79\xcb\x91\x03\xd3\x77\x0f\x56\x07\xb7\x75\x16\xe5\xb1\xce\x0f\x64\xb6\xee\xc7\xbe\xc3\xc6\x47\xc0\x06\x95\x6d\xc5\x5b\x6c\x79\xf6\xaf\xb3\x9d\x1f\xc3\xec\xf1\x1b\x97\x4b\x44\xae\xdb\x72\xae\xd1\x31\x66\x35\x08\x3c\x21\x24\x50\x2e\x5c\x72\xd8\x6e\xca\xb6\xac\x90\x24\x3e\xb3\x9a\x6a\xa9\xcb\x94\x80\xda\x38\xe1\xed\xb8\xd2\x8f\xf9\x09\x24\xc0\x5d\x5d\x21\xaf\x5a\xf9\x59\x57\xb8\x02\x07\x81\x37\x87\x11\xa2\x9d\x09\x20\xac\xad\x8c\xcb\x39\xa3\x11\x69\x32\x78\xc9\x90\x0b\x47\x0d\xa2\xbd\x4c\x12\xa0\x1d\x73\x96\x26\x44\x01\x7b\x60\x34\x71\x3b\x2a"},
+{{0x5a,0x19,0xbf,0x6c,0x94,0x1f,0x39,0x4e,0x93,0xbd,0x36,0x25,0xfb,0x81,0xcd,0x9d,0xa8,0x1c,0x90,0x20,0xb1,0xc5,0x31,0x25,0x7a,0x7b,0x59,0x57,0xbb,0x07,0x92,0x11,},{0x20,0xe8,0x69,0x9d,0x08,0x7c,0xe5,0xe8,0x15,0x1d,0x28,0x05,0x3d,0xce,0x66,0xc2,0x3f,0x28,0x08,0x1f,0x35,0xbd,0x26,0x81,0x9b,0xbe,0x85,0xd3,0x8a,0x09,0xd7,0x02,},{0x2a,0x2f,0xd6,0x05,0x4e,0xf4,0xe7,0x9b,0x72,0x19,0x1a,0x0c,0xcb,0xd2,0xb1,0x8a,0xeb,0xab,0xe8,0xb9,0xa7,0x18,0x61,0xde,0xd9,0x8b,0x7c,0xdc,0xb6,0xa6,0x25,0x53,0x28,0xbc,0x1a,0xec,0xb0,0xc9,0x33,0x57,0x21,0xa9,0xa9,0x6e,0xe4,0xb5,0xb4,0x3f,0x90,0xd3,0x22,0xec,0xf8,0x35,0xf7,0x8b,0x26,0x4d,0xae,0x6e,0x38,0x7b,0xfb,0x04,},"\xf7\x21\xca\x3a\x32\xc1\xe8\x1c\x9c\x6f\x46\xd5\xe1\xfb\x50\xe7\xce\x2f\x4e\x70\x93\x33\xca\x2b\x55\x0d\x52\x13\xb6\x77\x3d\x67\x0c\xa5\x9a\x2b\x50\x86\xa4\x43\x84\x3a\xc5\x08\x13\xb2\x44\xc9\xc9\xfa\xc6\xd1\x19\x69\x89\x27\x81\x35\x12\xc8\x4f\xe3\x0a\x89\x55\x30\x10\x13\x8f\x91\xe8\x17\x6f\x5c\xf2\x57\x89\xd7\x28\x1d\xdb\x83\xa2\x46\x70\x5d\xcc\xb9\x99\xc4\xcd\x0a\xe2\x19\xc6\x45\xf6\xd7\x1d\x45\x1a\xe1\xf8\xd2\xf9\x89\x1a\xf8\xcc\xce\x03\xf4\x38\x55\x9f\xb8\x36\x67\xb8\x07\x7f\xbe\x43\x5a\x74\x4a\xf0\x19\xd6\xd1\x39\x9f\xd2\x13\x7f\x5a\xfb\x8e\xf3\xf4\x7b\xcf\x73\x5e\x7c\x9e\xd8\xa5\x4b\xa0\xc1\xc6\x56\xb6\x65\x0b\xb3\x0a\xdb\x1d\x57\xec\xd2\x07\x46\x39\x49\x42\x31\xa2\xe9\xe2\xf9\x85\xed\x84\x22\xee\x03\xcb\x3f\xd7\x38\xc7\x35\xa1\xb8\x28\x06\x04\x74\x60\xed\x84\xf7\x46\x8c\x3c\x64\xb3\x5d\xb0\x6b\xc5\x8d\xe4\xbb\xa4\x63\xe6\x38\xa9\x41\x33\xdf\x10\x6a\xc4\xf4\x70\x36\x1c\xcd\xe4\x41\x57\x29\x9d\x22\x5b\x17\x79\x88\x91\xba\xf5\x92\x19\x86\xa2\xba\xe3\x26\xdd\xa0\xb8\x96\x17\xc6\x77\xbd\x14\x08\xba\x27\x48\xba\xa6\x7c\x8a\x2c\x5a\x96\x9b\xc0\x0c\xb4\x0d\xbf\x49\x0e\x07\xe2\x2c\x91\x3a\xfd\xde\x63\x04\xa0\x7f\xc9\xe6\x08\x46\x99\x24\x56\xbf\xb0\x66\x3a\x09\xde\xf6\x8d\xef\x67\xa1\x6d\x29\xe9\x8c\x7b\x55\x35\x18\x48\xa8\xcf\x92\x31\x0c\x74\x63\xc4\x75\xf2\x49\xc6\xf7\x55\x7f\xd0\xd7\x55\xca\x88\xf8\x77\x84\x7f\xe0\x76\x57\x56\xac\x34\xa2\x3f\x78\x40\xd9\x5c\x3d\x29\x4e\x66\x3b\xb1\x51\x8b\x75\x92\x7c\x41\x07\x57\xe0\xf5\xc0\x7c\x5a\x7f\xb2\x15\xdc\x72\x07\x43\x3e\xbf\x79\x1e\xdf\xce\xc9\x0e\x93\x0f\x8e\x3b\xa9\xdb\xbb\x98\x54\x13\xc2\x23\xbe\x87\x87\x3b\xd3\x23\x99\x75\x81\x80\x4d\x88\x96\xda\x38\x6a\x6e\x91\x20\x05\x0a\x0e\xae\xd3\x12\x40\xaa\x17\xc7\xb6\x69\x4c\x30\xcb\xcc\x3c\x69\x56\xa6\x82\x0f\xc9\xab\x21\x87\x55\x33\x96\x3d\xc3\xb0\xd8\x83\x58\x27\x12\x76\xc6\x05\x65\x28\x91\x0d\xd9\x89\xae\x0c\x33\x0d\x17\x98\xf7\xd8\xe7\xd1\x18\x4b\x84\xa8\x14\x34\x32\x5b\x8c\x30\x2e\xdf\x60\x1d\xc5\xe6\xf8\x47\xfb\xac\xbd\xee\xff\x78\xc6\x62\x1d\x1d\xaf\xdc\x23\x9b\x18\xb8\xc1\xaf\xdc\xb4\xb9\xda\xbd\x5d\x3a\x92\xa9\x32\xea\x15\x99\x54\x6e\x62\x5f\x96\xd6\xec\x6f\xb1\xcc\xcb\x76\xb4\x76\xb3\x30\xac\x59\x25\x9c\x63\x4f\xac\x9b\x3f\xa7\xde\x7a\xe7\x05\x37\x73\xb5\xbe\xfa\x00\x1b\x04\x92\x9f\x74\xb7\x12\x41\xe1\xb2\x57\x69\x6d\x65\xa2\x6c\x1b\x4a\xc8\x6b\x7b\x1f\xbd\x69\x57\xfb\x9b\x95\x08\x4c\xe7\xd7\x00\x90\xf5\x5d\x44\x53\x46\x94\x30\x5e\x91\x76\x9a\x82\x94\x13\x04"},
+{{0xb5,0x06,0xc0,0x1d,0x69,0x74,0x6e,0xb4,0xbc,0x63,0x58,0x72,0x0e,0x43,0x8a,0xd3,0x30,0xc8,0x8b,0x60,0x5a,0xad,0x65,0x2f,0x47,0x99,0x57,0x3a,0xb0,0xa1,0xaa,0xf9,},{0x7a,0xc8,0xb6,0x88,0x63,0xbd,0x69,0x15,0x15,0x83,0x78,0x9d,0x86,0x4a,0x73,0x57,0xe3,0xa0,0x45,0xfa,0x86,0x52,0x2a,0x9d,0xaa,0x6e,0x26,0xfb,0x79,0xed,0x6d,0x23,},{0x17,0xa1,0x9d,0x26,0x91,0xb7,0xb0,0x46,0xd7,0xb1,0x96,0x69,0xad,0x73,0x14,0x0d,0xb9,0x2f,0x0c,0x97,0x8c,0x7f,0x61,0xbc,0x38,0x67,0xd9,0x2c,0xa9,0xd4,0x75,0x80,0xa0,0x38,0x0b,0x59,0x01,0xba,0xd8,0x2a,0xf4,0x5f,0x67,0x6f,0x74,0x28,0x73,0x01,0x98,0x0f,0x71,0x87,0x1a,0x42,0x26,0x1d,0xbe,0x08,0x02,0x95,0x03,0x36,0xe6,0x0b,},"\xf7\xfc\x18\x06\x6e\xd0\x4b\x30\xe6\x33\xd9\x86\x5d\xa3\x21\x4b\xec\xa6\x0b\xd7\x96\x01\x9c\xd7\xec\xc9\x18\x66\xf9\xef\x24\x46\xc1\xfa\xb0\x6d\x86\x51\xbe\x7f\x10\x1a\xec\x7b\xb8\x4e\xe2\x1e\x71\xad\x02\x02\x15\xfc\xfb\x36\xf2\xd1\x1e\x45\x79\xac\x39\xf8\xe2\xb1\x29\x0e\x38\x96\xd5\x22\xbc\xf5\x13\xaa\xa0\x67\x71\xf8\x6e\xe2\x28\xcf\xf3\xa2\x0a\x1f\x10\xc5\x64\x33\x95\x89\xbb\xa9\x60\x53\x44\xc0\xa6\xe6\x82\xad\x5b\xa4\x0d\x10\x41\x94\x1b\xc4\x6f\x98\xb9\xd0\x9c\xa1\x7f\x8f\x04\x4e\x98\x3b\x8a\x49\x08\x93\x3d\xf2\x26\x3c\xf7\x88\x11\xc2\x4c\x8f\x48\x14\x35\x4f\x6f\x4c\x68\xb7\xee\x7b\x78\x30\x82\x93\xbf\x78\xfd\x0f\xf1\x22\xf0\x95\xc1\x4a\x73\xa5\x97\x97\x17\x2a\xe0\x5c\xfc\xec\x19\x56\x3e\xb1\x8d\x2b\xc5\x30\x0e\xd4\xbf\x6b\xdc\x44\x3e\xa9\xb8\xbc\x1c\xbe\xde\x94\xca\xb9\x05\xed\xa5\xa6\xa9\x31\x59\x7d\xe4\x02\x14\x6f\xac\x9c\xf8\xcd\x6a\x8d\x10\x46\x69\xf9\x13\xfa\x83\x40\x01\xca\x4d\x09\x0f\xb7\x94\x9d\x31\x09\xa6\x3c\x05\x49\xb0\x3f\x15\x1b\x71\x17\xc4\xf4\x69\x74\xba\x59\xc6\x82\x96\xed\xfd\xde\x76\x92\xee\x43\x2a\xce\xf7\x61\x06\x47\xe0\x95\x78\x65\xe6\x2c\x1a\x0c\xf0\x56\x59\x82\x3a\x55\x45\x2d\xd5\xe4\x71\xb3\x1c\x5a\x49\xab\x05\xb5\xaa\xfd\x5a\x0e\x53\x0e\x89\x6b\x58\xcc\x52\x2e\xcf\x19\xe5\x2e\xc8\x2f\xa1\x47\xf9\xe3\x85\x17\x4c\x7e\xc3\x3d\x1d\x9b\x86\x93\x4a\xeb\x4f\x6c\x57\x00\xf7\xd5\xeb\x33\xff\x73\xc9\xfc\x6a\xa4\x7d\xf5\x1e\x09\x22\x9e\x6a\xe8\x94\xe8\x6c\x81\x8b\xef\x06\x5f\x82\x59\x71\xa4\xcb\x90\xad\xfe\xfb\x31\xeb\xd9\xd1\xb7\x94\x22\xdc\x98\x68\xf9\xf7\x4e\x7a\x32\xcd\x40\x71\xef\xb6\x9b\x27\x23\x3e\x6e\x5c\x60\xde\xdc\xd5\x32\x1c\x03\x0a\x46\xcd\x26\xf5\x60\x2c\xac\x74\x7e\xe4\xb5\x22\xd8\x57\xa3\x32\x1a\x03\xf4\x03\xa6\x00\x62\x50\x40\x63\x61\xe4\x88\x15\xaf\xba\x77\xce\x08\x90\x34\x41\x84\x5b\xa8\x72\x25\xd8\xb2\x40\x46\x74\x5d\x40\x65\x64\x5a\x1b\x98\x41\x0c\xac\x48\xd1\x37\xcb\xbb\x8a\xb1\xeb\xa5\x0d\xa9\xc2\x31\xe9\xac\xf3\x22\xa6\xdb\xec\x0e\xf4\x16\xa4\x46\xc3\xb6\x10\xd9\x35\x69\xfd\xf4\x5a\xa6\xcd\xc1\xb6\x40\xd8\xf3\x01\xd7\x86\x93\xb2\x82\x6c\xc6\xed\x46\x85\x68\xad\x9a\x0f\x94\xaa\x9b\x9f\xb9\x2f\x7e\x78\xd4\x84\xfd\xf5\xd8\xd4\x5c\x99\x1e\x28\x07\x4d\xcd\xd6\x80\xd3\xb1\xf1\x89\xef\x6b\xdc\x32\x0e\xe6\xe6\x4d\xd1\xf8\x0d\x92\x64\xd8\x30\x42\xd2\xc4\x3d\x83\x58\x1e\xf0\x39\x4b\x1b\x5d\x1f\x69\xf3\xbb\xbf\x04\xb7\xc8\x08\xba\x34\xc1\x58\x0f\x16\xf7\x65\x37\xb6\xa7\xeb\xd0\xa1\x90\x8b\xe9\x49\x4d\x3f\xca\xa9\x87\x1d\xb1\x57\x50"},
+{{0xe1,0xcc,0xb8,0x0a,0x26,0x2f,0xf8,0xaf,0x1e,0xda,0x07,0x5c,0x97,0x2c,0x8e,0x94,0x1e,0x77,0xce,0xf5,0x7b,0xdb,0x0a,0x82,0x57,0x2c,0x28,0x20,0x0b,0x49,0x3c,0xa3,},{0x3d,0x37,0xe2,0xa5,0x02,0x7e,0xff,0xde,0xe0,0x7f,0xa5,0x11,0xe4,0x23,0xb2,0xbc,0x56,0xed,0xce,0xa0,0x75,0xb4,0x16,0x49,0x76,0x67,0x25,0xc6,0xb3,0x0a,0x10,0xf4,},{0xfd,0xa3,0x4b,0x65,0x2b,0x79,0x74,0x6f,0x89,0x7e,0x22,0x2d,0x37,0xb7,0x7a,0xa2,0x50,0xd0,0x2c,0x52,0x7c,0x48,0x33,0xdf,0x80,0xea,0x41,0xd5,0x21,0x89,0xd5,0x07,0x00,0xe1,0x28,0xb7,0x8e,0xe8,0x14,0x9c,0x9b,0x19,0xf3,0xab,0xf7,0x55,0xac,0xef,0x53,0x48,0xf5,0xfb,0xaf,0x1c,0xeb,0x41,0xc0,0x38,0x90,0x6a,0xc5,0x94,0x60,0x01,},"\xcf\xdc\x54\x97\xb0\x23\xaf\xa6\x2a\x7f\xe5\x92\xca\xa9\x2b\x87\x5c\x77\x05\x74\x78\x34\x00\x2f\x77\x84\xff\x16\x61\x89\x39\x88\x15\xd4\xe8\xa7\xa0\x03\x8e\x1f\xda\xdd\xde\xba\x51\x05\x73\x27\xad\x19\x60\xe8\x59\xce\xe5\x65\x26\xbb\xb4\x12\x7b\x6a\x5f\x90\xd0\x4d\x08\xb1\x5e\xee\x66\xc9\xcc\xf8\x8b\x4b\x7d\x1e\xe9\xd3\xb8\xb8\xc6\xf4\x2d\xb3\xc3\x4e\x59\x04\x8a\x15\xc6\x04\x1f\x14\x2c\x40\x79\x36\x8b\x7b\x11\xe2\x99\x70\x11\x8b\x99\xe5\x67\x0a\xe3\x1f\xcc\xfd\xff\x13\x99\x14\x2e\xe0\x6b\x2e\x3e\x2b\x3c\x97\x07\xdd\x64\x11\x97\x86\xe2\xfa\xb4\x7e\x0b\xad\x2c\xc8\xb5\x58\xd9\x63\xbb\x48\xa4\x9a\xd2\xc6\x37\xdd\x35\xb2\x5d\xb5\x4b\xc5\xa2\x63\x02\x22\xfa\x2a\xce\xce\x9c\xe1\x2a\xb0\x81\x30\x77\xf7\x65\x9f\x50\x74\x42\x9c\xa6\xb4\x94\x33\x10\x32\xae\x79\x2a\x59\x9c\x42\x5e\xe2\x97\x45\x1d\xcf\x5e\xe1\x95\x29\x03\x12\x74\x2e\x64\x7a\x77\x95\xb8\x4d\xcc\x66\x4d\xda\xe2\xa1\xfb\xf8\xc4\x54\x8a\x37\xfd\x82\xd8\x10\xe2\x14\x5f\x01\xdf\x1a\x6d\x3b\xcc\x42\xa9\x1a\x10\x76\x8e\x09\x1f\x3d\x69\x32\x9a\x7b\xad\x6c\x07\x2c\xac\x6d\x89\xaf\xa3\x1c\x02\x90\x56\xd6\xb6\x22\x12\x16\x5c\xeb\xcd\x49\xac\x67\x2e\x38\x30\x26\x7a\xf9\xf2\x8e\xa3\x19\xbd\x04\x2f\x6c\x59\xde\x47\x01\xe5\x82\x48\x73\x6c\x8d\x97\x6a\xcf\x93\xb9\x9d\x2f\x46\x47\xa5\x47\xd3\x92\x44\x7a\x48\xda\xc1\x11\x81\xe1\x6b\x15\x01\xa9\x4c\x93\x16\xe5\xa6\x7c\x99\x0b\x35\x81\x0b\x4c\xda\x04\x73\xa6\xa4\xe5\x76\x14\x21\x58\x68\xe2\xe0\x02\xc6\x05\x8b\x42\xe4\xee\xec\x84\x13\x9d\xc1\x9e\xdf\x5f\x80\xae\xef\xfa\x4f\x5b\x07\xe8\xfd\x23\x13\x9e\xdd\xa3\x18\x99\xeb\xe6\xfe\xe7\x86\x43\xce\x68\x6b\x29\x63\xa3\x20\x72\xbd\x3b\x3b\xba\x68\x48\x5a\x05\xc2\xcc\x04\x56\xc3\xda\x50\xc7\xc8\xc6\x51\xa3\x06\x6d\x13\xa3\x66\x0b\xd4\x7a\xb6\xdf\xec\x49\xe0\x15\x57\xa6\x74\x28\x96\xaa\x4b\xc6\x36\x3a\x79\x7d\xba\xd1\xa4\x09\xcd\x4a\x50\x91\x1e\x70\xea\x00\x7a\xf8\xe9\xb1\xbb\x7e\x3a\xb5\x62\x15\xa5\x75\xc9\x0f\x73\x9c\x2d\x48\xb3\xb3\x46\x94\xb5\xac\xdf\x07\x98\x0a\xe5\x28\xde\x06\x21\xed\xfa\xc8\xb8\xfa\x84\x95\x4d\x56\xdb\xb4\xd0\x30\x82\xb9\x84\xf1\x3e\x5d\xbe\x9c\x71\x12\xff\x97\x16\xf5\x50\x53\x06\x46\x62\xce\x0f\xb8\x1e\xa3\x5f\x98\xfd\x2c\xd5\x11\x37\xa4\x6f\x64\xe0\xc1\xca\xf4\x4e\x54\x07\xdc\x96\x17\x60\xb2\x59\x7f\x7f\x92\x00\x61\x7d\x47\x13\x40\xcf\x15\x17\x6c\x3d\xa8\x80\xfe\x4e\x0e\x93\xa7\x2f\xb9\x49\x26\xfa\xed\x86\x5d\xfd\xc7\x72\xe1\x85\x29\x2c\x1e\x36\xb1\x21\x17\x81\xc3\xe9\x38\xe3\xd4\xf2\x4e\x29\xaf\x51\x7a\x37\x96\x83"},
+{{0x4f,0xc5,0x12,0xef,0xd8,0x6e,0x3a,0x63,0xb3,0x95,0xea,0xff,0x1b,0xa0,0x11,0xe1,0x59,0x0f,0xb9,0x32,0x6a,0xd3,0xff,0xed,0xe7,0x87,0x6d,0xcc,0x3e,0x9f,0xab,0xdc,},{0x26,0xc2,0xa2,0x2f,0x9b,0xfa,0xd9,0x06,0x06,0xdc,0x61,0x3f,0xf1,0x07,0x02,0x1f,0xcd,0xdb,0xec,0x72,0x37,0x06,0x66,0x60,0xb4,0x88,0x96,0x43,0x49,0xe0,0xc8,0x28,},{0x82,0xc8,0x24,0xa7,0xd1,0x13,0x9e,0xc7,0x3a,0xe1,0xd0,0x23,0xad,0xf6,0x28,0x11,0x44,0x1e,0x96,0x82,0x87,0xf1,0xa5,0x80,0xb8,0x59,0xcd,0x66,0xcb,0x33,0xb5,0x8e,0x40,0x9b,0xde,0xb2,0xa8,0x74,0xbf,0x4c,0x23,0x61,0x0b,0xd4,0x4f,0x69,0x31,0x47,0xf2,0xf7,0xc2,0x9d,0x44,0x3a,0x90,0x50,0x84,0xf3,0xea,0xaf,0xd9,0x33,0x0e,0x04,},"\x07\xcd\x1e\x9b\xfa\x38\xa7\xd8\x85\x34\x65\xa9\x3c\x77\xab\x4f\x30\xfa\xf9\x14\xe4\x8b\xc4\x76\x3b\xa0\x7b\xf9\x6b\xa8\x08\xc1\xf5\x9a\xd4\xce\x9b\x7d\x92\x1f\xbb\xc7\x79\x65\x9d\x7c\xa3\x6e\xdb\x7d\xd3\xac\xf7\xa2\x94\x52\xa8\x45\xb4\x9f\xb6\x54\x3a\x3b\x6c\x5c\x1c\x29\x3a\xff\x61\x84\x85\xa1\x0e\xea\x60\xee\x96\x49\xac\x9d\x48\x1e\x69\x49\x96\x7d\x39\x38\xb5\x2f\xe0\x9c\x36\xb9\xad\xe0\x75\x81\xdb\x4e\xb5\x42\xa9\x7f\x5a\xc8\xac\x73\xd3\xee\xa1\x84\x72\x25\x56\x76\x0c\xf4\x83\x09\x05\x64\x55\x30\x61\xb9\x0a\x0b\x6d\x2d\xff\x47\x07\xbe\x76\x39\x37\xa1\x05\x94\xa8\x2b\x76\x6b\xb2\xcf\x6d\xaa\x52\xfa\x8d\x7b\x48\xf3\x21\x27\xc4\x31\xad\x9a\xae\xd3\xbf\xde\xb9\x9a\xd4\x21\x18\xa1\xb4\xde\x7b\x99\x21\x34\xed\x9c\xda\xd0\xb5\x29\x6d\x19\x7a\x48\x5e\x49\x3e\xcf\xec\xa3\x65\x3a\xd2\xce\x0f\x92\x41\xaa\xbc\x09\x6d\x7c\x4b\xa6\x03\xba\x7d\xdd\x07\xa8\xb2\x57\xfe\x52\x32\x76\x41\x70\x73\xa6\x5f\xa4\x43\x42\x56\xfd\x1f\x23\x9e\xc1\xde\x5d\xa1\xa0\xa8\xc5\xe6\x86\xee\x14\xd9\xdf\xa4\x38\xc5\x3b\x99\xc9\x54\xaf\xab\x2f\x79\xe6\x0b\x71\x26\xf2\xcb\x58\xa2\x6e\x29\x0d\xa1\xdc\xcf\xc3\x01\xf2\x39\x74\x8e\xde\x7b\xcf\x1b\xb7\xcc\xb4\x72\x0e\x69\x2f\x57\xe5\x3e\x6f\x59\x07\x53\x99\xe1\x08\x0a\xc8\xaa\x9a\x61\xa5\x68\xc4\xc5\x69\xd3\x6e\x76\xa2\xd7\x27\x1f\x2c\x44\xde\x4e\x36\x3a\x8c\x91\x6a\x4e\x44\x6b\x02\x7b\x64\x39\x2e\x90\xce\xab\xf6\xb6\x07\x1b\xc4\x7a\x13\x79\xb6\xaa\x63\x44\x76\x3b\x2a\x0e\x7f\xf7\xc4\xa2\x7b\xff\x31\x06\x72\x1c\x25\x3e\x4c\x1d\x67\xc3\x7f\xa3\xd7\xc1\xec\xd0\x55\xb8\xe9\x29\xd5\x2a\x8e\x45\xed\x89\xfb\x18\x0f\x74\xb5\x52\xfe\x06\xf0\x66\xc7\xe4\x31\x8c\xa2\xf9\x15\x94\x6e\x83\x20\xd5\x80\x65\x61\x47\x2f\xb8\xff\x7f\xa8\x07\x2d\x8e\x6f\xd1\xce\x63\xcf\x87\x38\x2f\x7b\x94\x04\x54\x0c\x1d\x40\x6c\x70\xb2\x26\x85\x36\x77\x09\x26\x45\xce\x99\x69\x22\xe7\x34\x5d\xc0\x7f\xb7\x33\x9f\x9a\x54\xff\x07\x35\x2d\xd2\xb9\x93\x06\x3c\x2c\x83\xd1\x28\x1a\x4f\xd1\x78\xe5\xa5\xf8\x0a\x5b\x33\xc2\x29\xd0\x57\x83\x67\xd4\x41\x92\xe9\xa4\xd2\x1e\x97\x34\xd3\xbd\xa0\x83\xb7\x0f\x47\x10\x3f\xd1\x25\x17\x70\x21\xdf\x3e\x53\xd7\x99\x86\xef\xea\x2d\xc0\x4f\x02\xc0\xac\x27\x87\x88\x31\x9e\xf3\xa9\x13\x2e\x62\x32\xea\x6d\xb3\x9c\xa5\x87\x08\x55\xf9\x59\x2f\xff\x6c\x20\x9a\xd2\xf1\xc2\x9d\xd1\x68\x55\x28\x98\x97\x9e\xcf\xf8\xc8\x11\x27\x24\x8f\x83\x10\x51\x53\x00\x65\x61\x29\xd9\xb7\xac\xbb\x7e\xd1\xe4\x6b\xc9\x8c\x04\xd1\xa3\x5b\x18\x91\x37\x38\xe9\xdd\xe4\xd2\xb0\x65\xf4\x18\x42\x42\xd8"},
+{{0x0b,0x7d,0xfa,0xd0,0x5b,0xa6,0x65,0x11,0x1e,0x16,0x81,0xbd,0xc0,0xbc,0x8b,0xa9,0x73,0x76,0x7c,0xb8,0x58,0x77,0x02,0x0a,0x2d,0xbf,0x91,0x83,0x25,0x57,0x1d,0x9f,},{0x95,0x05,0xd9,0xe8,0x6d,0xce,0xf5,0x6c,0x9d,0xb7,0x6f,0x28,0x62,0xb9,0x0e,0x1f,0x27,0x73,0x20,0x2f,0x17,0x50,0x40,0x5e,0x7e,0xe5,0xae,0xd0,0xfc,0x54,0xf8,0xb9,},{0x41,0x5a,0xdb,0xb2,0xf2,0xb9,0x84,0x05,0x77,0xfd,0x18,0x41,0xf9,0xaa,0xe2,0x52,0xaf,0xe8,0xf5,0xa7,0x22,0x36,0x01,0x7d,0x50,0xdb,0x22,0xd2,0x28,0xcd,0xee,0x9f,0x5b,0x3e,0x8f,0xe9,0xa1,0x7a,0x4d,0x4e,0x98,0xb7,0x34,0x13,0x81,0xe8,0xd8,0x62,0x5c,0xdc,0xea,0x95,0x6d,0x25,0x3b,0x74,0xe0,0x2d,0xac,0xb8,0x49,0x20,0xa0,0x09,},"\xc4\x3f\xd3\x4b\xb1\x42\x4c\xca\x4e\x4d\xfb\xa7\x5c\x28\xbe\x80\x18\x44\x44\x6c\xa0\x89\x02\x08\x85\xc7\x48\x38\x25\x47\x16\x4a\x9d\x4a\x7f\x95\x70\xd3\xd1\x71\xad\x69\x81\xab\x50\xee\xee\x08\xa4\xa6\xc6\x6d\x76\x99\xd2\x3e\xdb\xe1\xfa\xaf\x44\x66\x0c\x72\xf4\x55\x2d\x87\xd2\x65\xac\xe8\x79\x28\x23\x47\x4b\x90\xa5\xd7\xf7\x40\x1d\xeb\x93\x77\x62\x7f\x60\xb0\x36\xb3\x6e\x04\x4e\xb7\x6b\xf1\x32\xfd\xdf\xcc\x0e\xf5\x70\x4a\x63\x3d\x84\x5e\x96\x2b\x47\x51\x7f\x0b\xaa\x34\xd3\xd6\xe9\xa8\xb9\xf8\x16\x8b\xcd\xc8\x4c\x6d\x2b\x30\xc6\xf3\x43\xe7\x53\x57\xf7\xf2\xc0\x03\x9b\xd2\x54\xb2\x44\xd3\x6c\xd6\x16\x75\x58\x1f\xb8\x34\x57\x0e\xd4\x11\x3a\x78\xe6\x06\xf1\x45\xa1\x11\x99\x2c\x2c\x6b\x61\xc4\x26\x76\x28\xec\x87\xcd\x88\xc3\x6a\x3c\x84\x70\x6e\x44\xae\x96\xa9\x6e\x0c\x84\x80\x31\x85\x46\xd6\xea\x6a\x6d\xf1\x8a\x2b\x4f\x19\xf8\x36\x0c\xfb\xce\x4e\x9d\x1c\xf1\x01\x1f\xfe\xa5\x63\x3a\x66\x61\x9a\xa4\xa6\x5c\xf6\x9b\xe4\x45\x96\x17\x94\x5e\x43\x59\xa9\xd4\x32\x60\xca\x1a\x20\xf4\xed\x7c\x1a\xe5\xff\xff\x3b\xd9\x22\x94\xea\x70\xab\xba\xe0\x38\x5b\x09\x35\xcd\x1c\x0e\xb5\x18\x30\x29\xc5\x85\xa0\x29\x4b\x79\x99\xe3\x2e\xf7\xa2\x90\xfc\xb0\x95\x67\x5d\xc4\xf6\x01\xe8\xf2\xc9\x6f\x35\xb7\x34\x9a\x37\x05\x75\x09\xf4\xec\x70\xc9\xf5\x0f\x60\x11\xf1\xf5\xe6\xb0\x61\xc0\x91\xd1\x1c\x0e\xd5\xde\xc8\xec\xe8\x81\xaa\x34\x05\x08\xf6\x96\xd9\xe9\xcc\x72\x98\xe6\xbc\xcd\x7c\x21\x0e\x2c\xe0\xde\xd8\x35\x92\xa3\xcf\xa1\x3e\x80\x78\xfd\xb3\x25\x8b\x39\xf1\xd1\x1c\xdf\xe0\x96\x70\xc1\xe6\x0a\x39\x10\xa4\xff\xf5\x1c\x6c\x7f\x7d\x66\x24\xf4\xc9\x3d\xf8\x88\x8c\x52\x6f\x48\x4f\x9b\x13\xe0\xa7\xf6\x29\x64\x78\x39\x78\x68\x4e\x29\x26\x79\x80\x0e\xd5\xeb\x28\x0e\x28\x7c\x7e\x63\x9e\x85\xfa\xa5\x3f\xba\x2f\xa2\x04\x5c\xe2\x7d\x8f\xb3\x08\x36\x07\x26\x55\x0d\xf9\x75\x2d\xb3\x05\xf8\xf0\x66\x47\x97\x0d\x01\x46\x91\x99\x9a\xfa\x97\xb6\x19\x3f\xfc\xc6\xd5\x32\xf4\xfa\x69\xe1\x33\xa1\xd1\x0f\x30\x47\xfc\x00\x38\x1f\x49\x97\xbb\x84\xe5\xb6\xcd\x60\x28\xc6\x21\x32\xcf\xc0\x24\xbf\xeb\x98\x03\x01\xf2\x95\x12\xbb\xd1\x09\xd0\x89\xac\xe1\x82\xcf\x9c\x2f\xfa\xb1\xb1\x7e\xb0\x0b\x6e\xb4\x6a\xe1\x98\xda\x99\x3f\x5e\xfe\x7c\x1d\xc2\x2d\x25\x04\x7c\x1e\xe5\x24\x65\x17\xe7\xf5\x75\x8f\x99\x6a\xbd\x83\xf1\x3d\xa2\x2c\x13\xdd\x20\x5e\xe1\x91\xb5\x5a\xfd\x48\x31\xef\x07\x8b\xb6\xea\x07\x3a\x62\x5b\xc9\x7c\x81\x29\x61\x60\xbb\xf2\x55\x9b\x27\x5c\xc3\x7c\xcf\x01\xb9\x1f\xd8\x7d\x4d\x99\xa3\x67\xaa\x99\x78\xda\xdd\x06\x89\xf8\xa6"},
+{{0x78,0x18,0x8d,0xf8,0xc7,0x54,0x78,0x56,0x21,0xe2,0x7a,0xe5,0x8e,0x10,0x0d,0x50,0x80,0xe1,0x6e,0x0a,0x15,0xe2,0x77,0x05,0x1f,0x95,0xf0,0x80,0x90,0x0e,0xc0,0xd3,},{0xa1,0xbd,0xee,0xe9,0x8b,0x07,0x57,0xba,0x9c,0x2d,0x84,0x09,0xb8,0x74,0x24,0xe6,0x4e,0x42,0xf9,0x93,0x2a,0xcf,0xa9,0xbc,0x71,0xfb,0x3f,0x8c,0xa0,0xe1,0x1d,0x52,},{0xb9,0x41,0x14,0xed,0xa4,0x6c,0xcf,0xc2,0x2a,0x44,0x71,0xa6,0x4d,0x79,0x08,0x92,0xe5,0x9c,0x5d,0x50,0x56,0x18,0xeb,0x0e,0x70,0x13,0x92,0xc7,0x09,0x61,0x3e,0x2d,0x50,0x3a,0x5c,0x2b,0x66,0x60,0x1e,0x63,0x6a,0x3c,0x1c,0x7d,0x49,0xb1,0xac,0x79,0x8d,0x90,0x89,0xb0,0xf9,0xcc,0xd0,0x57,0x9b,0xb9,0x06,0x34,0xd0,0xbd,0x75,0x0e,},"\xcf\x70\xcc\xa5\x7f\xeb\x1b\xee\xfe\x98\x5a\xd5\xaf\x9d\x43\x48\xd3\xa4\x6a\x63\xde\x10\x75\x38\x1f\xb3\x63\x9a\x04\x4f\xd6\xe6\x09\x1f\x5d\xb9\xc9\x4d\x39\xbe\x0f\x13\xad\xe6\xd9\xa0\x74\xe6\x7b\xa7\x06\xb3\xa8\x80\x62\x95\xf6\xb6\x54\x86\x57\x28\xc5\x8c\xa6\xe9\x41\x9d\x5d\x04\x3f\x21\x10\x81\x4b\xbf\x36\xfc\x40\x70\xe4\xd9\x45\x49\x65\xc2\x51\x20\x2c\xa3\x95\xef\xe3\xfd\xbd\x54\x4f\xeb\x18\x7e\x34\xca\x3c\x80\x79\x51\x79\x55\x2f\xce\x9a\xa8\x04\x43\x0e\x5b\x6c\x86\x85\x34\x1e\x91\xd5\x88\x9f\xbf\x3f\x98\x19\x04\x62\x0f\xfe\x70\x13\xf5\x3b\x93\x9e\x17\x44\x3d\x61\x4e\x7e\x6b\xb5\x7a\xd6\x74\xf3\xb4\xb0\x01\x63\x05\x26\xcf\x73\x02\xa7\xd0\xaf\xe7\xdc\x24\xd6\xda\xde\xf6\xfe\xba\x3f\x96\x97\x3a\xa5\xb8\xd6\x27\x52\x62\xe4\x30\xa8\x2f\x67\x86\x96\x97\x1a\x8b\x60\xe3\x8d\x3b\x2b\xcc\x17\x0d\x5b\xc2\x03\x02\xa3\x9c\x59\x6d\x27\xfe\xe3\x9e\x5d\xa5\xb1\x0e\xa9\xf3\x82\x29\x9e\x19\x81\x97\x17\xa7\x18\xd3\x7d\x15\x5f\x13\x92\x31\x82\xb5\xb7\xa1\xc5\x4c\xa1\x09\xb2\x2c\xa8\xe8\xb2\x6c\xa5\xca\x3f\x3b\x90\x62\x21\x94\x61\xba\xce\x97\xe8\x90\xc9\x4e\x41\xca\x3d\x84\x58\x7f\xbd\xf6\xe2\x40\xc3\x5c\xca\xb7\x1d\x58\x47\x7d\x28\x16\x8e\x93\x37\x26\x86\xd4\x2a\xad\x32\x4a\x3f\x16\xaf\xe0\xe9\xb8\x9e\xe2\x0e\x48\x5f\xe6\xc8\x64\xb5\x01\x3b\xa8\x83\x99\xee\xaa\x15\x98\x35\xa8\xb2\xbb\x2f\x25\xf5\x79\xca\x3b\xae\x67\x5c\x63\xda\x1b\x50\xd9\x9d\x4e\xd9\x78\x69\x2e\x56\x00\x23\x3f\x38\xab\x7e\x7a\x5a\xe0\xfb\xf8\xc0\xb6\x9c\xc3\x8b\xd3\x0e\xab\xd9\x77\xef\xa0\x5e\xe2\xc8\x35\x14\x30\x2b\xd4\x0c\x4b\xdc\xe7\xa4\x11\x0a\xfb\xb6\x57\x9c\x62\x0e\x97\xf8\xcf\x2e\x9b\xab\x2d\xcc\x7c\x33\xf1\x96\xe5\x7f\xe7\x61\xa0\x50\x12\x28\x94\xb7\xa7\x5a\x92\x95\x31\x99\x6d\xda\xad\x78\xde\x1d\x4d\x92\x4c\xd9\x3a\x61\xdf\x22\x77\x76\xbc\x1c\x39\xfb\xb8\xde\x1c\x44\x38\x86\x8b\x6a\x3a\x2c\xd9\x4c\x07\xb2\x9e\x3f\x6b\x23\xcc\x7e\x0b\x63\x68\x90\x09\xd9\xd0\xba\xe1\x60\x6b\xaf\xc7\xa8\x08\xf2\xd2\xfa\x25\x62\xb8\xdc\x09\x38\x42\xc0\x1f\xdb\x84\x0d\xa4\x86\x0a\xce\xd3\xfc\x52\x5c\xa3\x34\xed\xcf\x65\x94\x8b\xc4\x16\xf9\x8c\x45\x0f\x00\x12\xa6\x10\x7d\xd7\xf8\xed\xe4\x0e\x1c\x48\xc9\xe8\xa5\x65\xa8\x10\xb9\xcf\xd2\x03\x56\xdb\x19\xf1\xdb\xde\x59\x89\x21\x33\x2e\x0d\x81\x3f\x0c\xb8\x76\x84\x37\x03\x88\x77\x2f\xf3\xcb\xfc\xbf\xa2\x99\xc1\x98\xc9\x7b\xfb\x96\x17\x76\x8a\x05\x16\x1f\x41\x69\xff\x5d\xe5\xd9\xf4\x00\x62\x09\x0f\xb8\x82\x98\x4d\x9d\x5c\x7a\xa7\x8e\xdd\xcb\x96\x34\xe4\x66\xb8\x85\x3d\x51\x2b\x4a\x54\x6d\x74\x23"},
+{{0x73,0xcb,0x02,0xb0,0xbf,0x26,0xa0,0x15,0xda,0x1d,0xc3,0x01,0xfc,0x12,0x5d,0x7e,0x6c,0x30,0xb6,0x3c,0x9e,0x6e,0xee,0x9e,0x06,0x5d,0x4e,0x84,0x71,0x32,0xc3,0x25,},{0xac,0x9e,0x3d,0xd2,0xce,0xb9,0xb2,0x3e,0x74,0x8c,0x04,0xba,0x75,0x77,0xfe,0xdf,0x7c,0xea,0xb9,0xed,0x87,0xdc,0x43,0x0b,0x5f,0xe2,0x2e,0xac,0x50,0x95,0x0e,0x0d,},{0x1a,0x5d,0xd4,0xc8,0x91,0xc8,0xe1,0x32,0x57,0x01,0x87,0xc2,0x3b,0x9a,0x1e,0x4b,0x26,0xf0,0x54,0x60,0xe8,0x75,0x67,0x38,0x19,0x39,0x6d,0xf5,0x61,0xc8,0xaf,0x0e,0x48,0x33,0x3b,0x62,0xc7,0x77,0x29,0xd4,0x9f,0xc4,0x0e,0x17,0x4a,0x7f,0x3c,0x21,0xf8,0x5e,0xf4,0xd3,0x39,0xce,0xb8,0x0b,0xd2,0xe0,0x37,0xd8,0x03,0xaf,0x56,0x0e,},"\x0a\x2b\x61\xba\x35\xe9\x6e\x58\x19\xb8\x8b\xfd\xb2\x8b\x7c\xe0\x2e\x64\xae\x9c\xf5\x72\xb2\x1f\x13\x55\x2c\x0d\xb1\x0f\x39\x60\xd4\x4b\xa3\x47\x2f\x43\xab\xc4\xe6\x29\x5b\xdf\x79\x0b\xd9\x33\xba\x39\x75\xfd\x44\x65\xfa\x3e\x2f\xe2\xdb\x02\xb6\x37\x77\x52\x22\x3d\xec\x98\xfc\xb2\x40\x4f\x3a\xba\x43\x26\x5a\x6f\xa7\x97\x6b\x6c\x6c\xb6\x86\x8b\x88\x1b\xd6\xf3\xd2\x5c\xd9\xd6\xf7\x0e\x51\x2f\x80\x89\xc8\xef\x26\xfd\x58\x24\x50\x53\x77\x9e\x59\xc4\x72\x5a\xef\xa2\x64\x67\xc9\xf5\x00\xe1\x7f\x3e\x15\x73\xf1\xa8\x55\xe9\xb8\xb2\x19\x25\xea\x05\x27\xf3\xce\x8d\x88\xfb\x54\xa4\x7a\xbe\xed\x14\xf3\x99\xcc\x2d\x9f\x1f\xe5\x46\x65\xfa\xe0\xa8\xf0\xc6\x88\x72\xa6\x00\x04\x6d\x1d\xc3\x63\x97\xd3\x10\xce\x39\x3f\xce\xaf\xe8\x7c\x17\xeb\xe1\x22\xfd\xb5\x43\xae\xa7\x10\x85\xba\xec\x98\x27\x3f\x41\xac\x96\x69\x8c\x15\x0c\xf9\x11\xd0\xe5\xde\x23\x92\xd8\x48\x41\xd0\x12\x76\xae\xfb\xfe\x99\x95\xe1\x0a\x6d\x46\xef\xdc\x26\x78\xd4\x56\xc9\xf3\x6b\x2e\x10\x11\x4d\x11\x87\xe7\xac\xa7\x39\x03\x7e\xa5\x1f\x85\xfd\x62\xa2\x94\x29\xba\x52\x9c\xdd\x8a\xd9\x13\x47\x49\x74\x87\xed\x7e\x87\x09\xd4\x77\x6e\xf6\x86\x70\x79\x2d\x06\x15\xbc\x96\xda\x51\x78\xd6\x06\xdb\x63\xe4\xe5\xcb\x17\x2a\xcf\xbc\x1c\xbe\x20\x26\x93\x50\xf1\xb6\x05\xf3\x5d\xcd\x47\x91\x35\xbd\x30\xfb\x4b\x5a\x39\x17\x6c\xff\x74\x4d\xdb\xb3\x06\xc9\xe7\xb4\x16\x7d\xe0\x37\x9a\x61\x66\xbe\x5a\xaa\x74\xd7\x15\x7f\xac\x95\x7d\x88\xdc\x57\x59\x7c\xfe\xf2\x3e\xb5\x10\x8b\x3c\xe5\x3f\xc6\x32\xda\xd1\xb9\x72\xa2\x9d\xa5\xde\x32\xd2\x0d\x8e\xce\xde\x67\xff\x00\xda\x4a\x08\xa0\xcc\x1a\x98\xbe\xe7\xa9\x4e\x3c\xb3\x2f\xee\x94\xae\x25\xa4\x13\x54\x47\x02\xc3\x7b\x3e\x17\x78\xa0\x70\xcd\xd4\x84\x0b\xd3\x9f\x5f\x45\x79\x51\x92\xa8\x67\x86\x38\x76\xed\x0d\x13\x0d\x46\xe2\x91\x39\x35\x08\x28\x09\xf7\xe1\x5a\x49\x67\x10\xf2\x55\xd7\x83\xda\x3d\x01\x6a\x65\x4c\x15\xff\x5d\xf9\x07\xa3\xcc\xaf\x37\xcf\xe1\x1c\x8c\x3d\x49\x65\x07\xd6\x76\x0c\x05\x38\x20\xf0\xf5\x94\xc3\xd0\x1c\xa2\x69\x17\x8a\xca\x52\x5a\xb2\x82\x1e\xf5\x5f\x92\xd8\x5f\xe6\x85\xea\x34\x47\x2e\xd1\x39\x81\x71\x06\x4d\x74\xa4\x22\xec\x91\xd1\xa6\x70\x61\x8f\xc9\xf3\x24\x24\xbc\xb1\x1a\x77\xf6\xfb\x4e\x2f\xef\xd2\xc4\xe8\xa7\x3c\x45\x28\x86\xe9\x31\x66\x4d\x1a\x83\xbd\x92\x73\x29\xc0\x4d\x25\x0b\x83\x52\x1d\x7d\xc1\x3c\x91\xce\xe1\xec\x05\x0e\x11\xd4\x2a\x4b\x0c\x8c\x06\x9b\x61\xc4\x42\x2d\x3a\x49\xc0\x7e\xff\x29\x05\xb7\xbc\x7f\x4a\x5b\x43\xe6\xb0\xd6\x1d\xfb\x50\xe4\xee\xa2\xe9\x0d\x29\x8a\x78\x1d\x05"},
+{{0xdb,0x05,0x60,0x63,0x56,0xba,0xcf,0x23,0xaf,0xf6,0xcd,0xdd,0x42,0xb2,0xc6,0x94,0x35,0x2b,0x5a,0x0f,0xec,0x56,0x0a,0xff,0x54,0xd9,0xbd,0x97,0x10,0xef,0xe0,0x6a,},{0x32,0xa5,0xc7,0xcc,0x49,0x09,0x78,0x6b,0x48,0xa5,0x3f,0x31,0x09,0x3f,0x54,0x9a,0x9f,0x17,0x30,0xca,0x66,0x90,0x38,0x3f,0xdb,0x5f,0x14,0xc2,0x66,0x6e,0x31,0x32,},{0x53,0x09,0x9b,0x76,0x6a,0xdf,0x29,0x44,0xb6,0x82,0x13,0x74,0x84,0x2c,0x25,0xd6,0xe6,0x7b,0x0c,0xcd,0xe9,0xc6,0x37,0xfe,0xcb,0x11,0xb8,0xb8,0xb0,0x72,0x03,0xe3,0x07,0x57,0x32,0x80,0x5f,0x4f,0x14,0xae,0xae,0x73,0xbd,0x62,0xe3,0x08,0xb5,0x88,0x7d,0x68,0x9e,0x29,0xcd,0x89,0xb2,0x3a,0x47,0x69,0x43,0x11,0x07,0x17,0xb1,0x00,},"\x1b\xc9\xc2\x83\x3f\x37\xcd\xf1\x35\x6f\xad\x16\x67\x68\x64\x27\x17\x70\x1b\x38\xa0\xab\x0c\x2f\x58\x1a\x26\xd2\x22\xd6\x5c\xce\xe4\xbf\x0f\x6d\xfe\x64\xd3\x3b\xc0\x23\x9f\x71\xd4\xb8\x26\x44\xb0\x16\x25\xa1\xa3\x5f\xe7\x98\x67\x62\x39\xe0\xca\x77\x9e\xf2\x31\x38\xee\xbe\x3b\xd1\x9d\xe2\xd8\xf7\xc1\x5b\x4d\x96\xf1\x3e\x51\xbc\x63\x3b\xea\x5d\x61\x22\x5b\xca\x1d\x63\x39\xba\x53\xe8\x1f\x7d\x8d\x24\xc5\xd6\x0f\x04\xce\x8c\x72\x67\x61\xd2\x64\x58\x4f\x1c\x7e\x5b\x5b\x69\x92\x45\x6c\x1c\x76\x89\x2d\x63\x52\x11\x1e\x3b\x92\x6f\xe0\x25\xc0\x00\x9d\xb6\x7c\xe0\xdd\xc7\xf7\x64\xe0\xc9\xad\xb0\x48\x1b\xc2\x79\x54\x84\xd9\x63\x73\xa9\x62\xa7\xb7\x4a\x55\x96\xf5\x27\xa7\x34\x76\x49\x8c\x78\x23\xdf\xfa\x6c\x85\x43\xb0\x79\x71\xb5\xaa\x27\x1c\x12\x25\x5e\x09\x18\xdd\x73\xf5\x0c\x30\xc9\xa8\x5a\xc7\xc2\x99\x3d\xd6\x55\xda\x59\x43\x12\x63\xf5\x91\x4b\xe7\x06\x37\x4b\xe9\xc0\x75\x85\xc2\x87\x13\x28\xb4\xdb\xc3\x94\x01\xc9\x57\x07\x38\x7e\x6e\x06\x9d\x44\xb9\xd8\xfb\x05\x8f\x22\xe3\x15\xaa\x0d\x5b\x4f\x11\x68\xfc\x10\x79\x62\xb0\x64\xf7\xd8\x45\xaf\x8e\x21\x31\x95\x1d\x1c\xd6\x6d\xc8\x4d\xba\x46\xd2\x00\xaf\x4f\x4c\x5f\x51\x22\x1b\xc9\xb2\x19\x69\x42\xf8\xb4\x0e\x7d\xdb\xc9\xae\xb3\xd9\xaf\xc0\x71\x25\x95\x13\x13\x5a\x01\x6f\x28\x66\x09\x9f\xa1\x0f\x4c\x3b\x73\x50\x0b\xd5\x5c\x47\x7b\x24\x15\xe1\x0a\x27\x9b\xa1\x10\xd2\x94\xf3\xdd\x18\x42\x17\x7d\x0b\x4b\xfb\x17\x34\xdd\x0c\xcb\x7e\x39\x4b\x43\xd1\x6f\x0b\x75\x48\x36\x22\x80\xf4\x34\x76\x4d\xa5\x7f\x19\xed\x3e\x30\x2e\x53\x70\xfb\xa4\x96\x64\xc2\x30\x05\x74\x33\xcc\x64\x7e\xb2\x7c\xd2\xc7\xc1\x8c\x7d\x66\x90\x6f\x08\x82\x46\xc2\x2f\x7f\x79\x03\x99\xde\xb4\xc5\xfb\xb9\x06\x18\x17\x69\xbe\xf5\xaf\xbe\x8a\xd1\xf5\xde\x55\xbe\x58\x8f\x52\xf6\x9c\x54\xd4\xef\x5a\x96\x9a\x0d\x99\x5c\x27\x40\x7b\x23\xed\xd9\x24\x3d\x24\x99\xfd\xf2\x94\x73\xb1\x95\x5c\x84\xb3\xf7\xcb\xdc\xd8\x1b\x76\x56\xec\x0b\xe9\xe0\xfd\xb3\x38\x13\x56\x96\x0f\xd0\xca\x70\xe7\xea\x74\xb6\x46\xfc\xd3\x13\x94\x8e\x6d\xdb\x47\x60\x94\x76\xfb\x6f\xa4\x84\x2f\xa7\x88\xa0\xd5\x7b\xe3\xb0\xa6\xca\x18\x19\xf7\x16\x14\x76\x00\x43\xec\x49\x04\x88\x19\x39\x96\x8a\x43\xb5\xd1\x92\x8f\x84\xa5\x91\x90\x93\xbc\x38\x41\x58\x81\x71\xa9\xcd\x39\x0f\x8f\xcd\x61\x53\x8b\x54\xe6\xef\x99\x77\x05\x73\xe1\x98\x6d\x15\x0f\xa9\x6b\x7a\x07\xe1\xd1\x94\xaf\x1c\x0b\x40\x55\x00\xac\xb3\xd1\x0e\x3b\xe6\x47\xc8\x98\x62\x00\x6f\xa7\x85\x83\xe7\x61\x66\x84\x29\x20\x16\x0e\xb5\x7f\x0b\x2a\x6e\xdf\x19\x3c\x44\xc5\xee\xac\xf4"},
+{{0x1d,0x13,0x9b,0x1a,0xd0,0xc3,0xaf,0x1d,0x5b,0x8b,0xe3,0x1a,0x4e,0xcb,0x87,0x8e,0xc6,0x67,0x73,0x6f,0x7d,0x4f,0xa8,0x36,0x3a,0x98,0x09,0xb6,0xd1,0xda,0xbf,0xe3,},{0x24,0x28,0xcf,0x1d,0xeb,0x20,0xfb,0xad,0x1f,0xdc,0x66,0x5d,0x82,0x5b,0x61,0x41,0x22,0xdf,0x10,0x1f,0xbe,0x14,0x73,0xa7,0x99,0x96,0xba,0xf6,0x96,0x74,0x34,0xb8,},{0xdd,0x64,0x5e,0x51,0xed,0xab,0x04,0xdb,0x31,0xe3,0x31,0x72,0xcf,0x27,0xac,0xee,0xed,0xcc,0x04,0x63,0xa9,0x63,0x91,0x4a,0x0e,0xac,0x8e,0xfd,0x5a,0x34,0x34,0x1f,0x6b,0xbc,0x52,0xe0,0x42,0xba,0xaf,0x3b,0x40,0xc8,0x9a,0x57,0xef,0xb6,0x45,0x74,0xe6,0x96,0x77,0xfc,0xe9,0x55,0x24,0x6c,0x1f,0xc0,0xf2,0x69,0xef,0x81,0x90,0x00,},"\x8d\xf2\xd2\xdf\x9b\x98\x4d\xa8\x44\x33\x48\x6a\x81\x3c\x98\xc5\x97\x3a\x69\x6c\x11\x62\x46\x10\xb2\x3a\xa4\x38\x08\x34\x64\xf6\x5a\x76\x79\x66\x15\xb7\x28\xc2\xed\x4e\x60\x71\x58\x55\xaf\xc2\x39\x45\x0d\x5b\xc0\x91\x1f\xf2\xa8\x52\x30\x20\x5c\x6f\x13\x49\xba\x5b\xd8\x7e\xa6\xf7\x20\xdb\x6b\xa7\x0b\x77\x42\x17\x88\xe0\xc6\x54\xae\xbc\x23\x07\x4c\x5f\x41\xd2\x29\x07\x72\x14\x0d\x98\x1a\x6b\xc4\xfe\x70\x9a\x26\x8e\x64\x17\x2a\x02\x6b\x27\x01\x18\xb4\xdb\x51\xab\x6a\x13\xc9\x9b\x06\x31\x86\xd8\xd5\xb3\x38\xe9\x77\xed\xdc\x6b\xb5\xfd\x7d\xd5\x7d\x98\x45\xa3\xc3\xfe\x76\x17\x7d\x57\x38\xdc\xa1\x6a\x8f\x91\x02\x85\x75\x00\x17\x4f\x23\xff\x4c\x3b\xf3\xc8\x53\x6f\x11\x58\x0e\xf8\x51\x4a\x40\x9f\x5b\xbc\x9c\x02\x96\xf1\x2e\x34\x78\xd4\x08\x7f\x95\xef\xaa\x6c\x63\x60\x71\xd2\x11\x57\xbf\x11\x77\x4b\xbf\xe7\x69\x33\x06\xca\x72\x13\xda\x47\x13\xeb\xaa\xab\x35\x54\xed\xf0\x80\x11\xa5\xff\x73\xda\x12\x03\x75\xae\xd1\x96\x28\x67\x0f\x28\xab\x24\xb6\xf5\xd5\xa1\xd5\x70\x48\x0f\x65\xd3\xc1\x52\xbf\xf1\xb4\x7b\xf0\x66\x69\x29\xcb\x7c\x99\xd9\x03\x3f\xaa\xe8\x53\x4f\xc3\x5d\xa7\x30\xb8\x11\xeb\xcc\x25\xae\x10\xa1\x95\xaa\xb1\x2c\x32\x6a\xa4\x5b\xf8\x05\xc6\x2d\xd4\xcd\x5f\x86\x86\x23\xc0\x4a\x8e\x1c\x6a\xa7\x2f\x1e\xa4\x40\x0c\x60\x86\x7d\xff\x62\x2f\x31\x64\x34\xf1\xec\x89\x50\x3c\x6f\x9f\x65\xc1\x37\xb4\x94\x4c\xbc\xb3\x5f\x08\x6c\x74\xcc\xea\xfa\x22\x42\xac\xca\x6f\xfe\x61\x1c\x4b\x55\x87\xf5\xb7\x5f\xfa\xd3\x49\xf0\x0b\xf9\x6e\x4a\x58\x0a\x87\x5b\x92\x65\x40\x69\xb6\x2e\xea\xc0\xbf\x78\xe5\xae\xdd\x71\x86\x9e\xe0\x5b\x9a\x94\xe1\xc9\x8e\x35\xa9\x78\x00\xa4\xa2\x12\x20\xb0\x39\xcd\x5e\xbb\xb7\x56\xd4\x0b\x40\x42\xe2\xc8\x4a\x2a\xe9\x81\x82\x51\x1d\xae\x8e\xd3\xb8\x9f\x4f\xa0\x0f\xb8\xed\x94\x63\x16\x45\x97\x10\x05\x2a\xd4\xc0\x2f\x63\xdf\x05\xd3\xbb\x1a\xce\x33\x67\x21\x51\xbd\xf5\xda\xb4\x6c\x7b\x58\x3d\xb3\x73\x89\x9d\x4f\x03\x5b\x6c\x11\x12\x58\xb4\xe5\xa9\xe7\x07\xa1\x1d\x21\x5e\x44\xe6\x8e\xf1\xa6\xf0\x53\x80\x9a\xa5\x1b\xd9\x02\xe1\x3c\xa9\x9c\x1b\x1c\xec\xc8\x3b\x9c\x23\x5c\x71\x0e\x79\x7d\x2b\x1a\x24\x9b\x2e\xa0\x79\xb5\xc1\x67\x4e\xd7\x16\x9f\x1b\x6e\x67\xf1\xac\x77\xf8\x6b\x74\x32\x98\x96\x93\x35\xa7\x72\x44\x0f\x7f\xbf\xa7\x25\x13\x50\x0d\x84\x16\x61\x14\xa8\xfd\x54\x13\x94\x64\xd4\x2b\x99\x55\x30\xd3\x23\x70\xb6\x9b\xff\xc7\x58\x9d\x6d\xcc\x97\xe0\xbf\x17\x85\x6c\xc3\xbf\x41\x64\xdb\xec\xcc\x8a\x88\x1d\x41\x4d\x6a\x62\x02\x92\x76\xc5\xf8\x13\x7c\x0b\x3c\x68\xbc\x8f\x4b\xd4\xe7\xcf\xf6\x5e\xf2"},
+{{0x4d,0x22,0xe3,0x31,0xe0,0xcf,0x6f,0x6a,0x27,0x2d,0xb4,0xd2,0x06,0x87,0xff,0xb0,0x59,0xf1,0x22,0x5d,0x81,0xe4,0x11,0x23,0xb8,0xc8,0x9b,0x07,0x4d,0xe7,0x6a,0x3b,},{0xb1,0xe4,0xcf,0xae,0xad,0xd6,0x7b,0x12,0xd7,0xb9,0xdb,0xfc,0x0f,0x88,0xed,0xd0,0x37,0x3f,0x9a,0x88,0xc7,0xfa,0x33,0xfb,0x7f,0x2b,0x1e,0x47,0x5e,0xcc,0xb6,0x1b,},{0xc3,0x66,0xb8,0x02,0xf6,0x82,0xfc,0xd7,0x05,0x25,0x26,0x4f,0xb1,0xa3,0xcb,0xcd,0x0e,0xe3,0x5e,0xcf,0xf5,0x97,0x7c,0x2a,0x55,0x4d,0xa9,0x39,0x22,0x9f,0x17,0x81,0x9a,0x96,0x1e,0xa7,0x4c,0x3d,0x7a,0x78,0x81,0xac,0x5c,0x1f,0xa1,0x6b,0xf9,0x84,0xd9,0x45,0x6a,0x13,0x88,0xd3,0x46,0x3c,0x44,0x94,0x42,0x9b,0x1d,0xc4,0x54,0x02,},"\x9c\x8e\x3f\x5b\x4d\x70\x40\x30\xe1\xba\x71\xf0\x2e\xfc\x4b\x87\xd6\xff\xfb\x55\xbc\x3d\x8d\x03\x81\x8f\x91\x56\x24\xfc\xf7\x01\xc5\x4a\xdf\xaf\xa2\xb6\x94\xb8\x77\x51\xcb\x9f\x69\x91\x8c\x0f\x05\x0f\x4c\x10\x5d\x5c\xcb\x40\x10\x0b\x28\xdf\xd4\xf4\x11\xd5\x91\xc1\x20\x19\x17\x6a\xc2\x01\x6b\xfb\xfd\xf0\xdd\xf1\x1d\xb8\xa7\xe3\x9a\xa7\xb9\xe2\x16\xf6\x67\xc0\xa1\x5f\xb9\x77\xea\xa9\xba\x3b\xc4\x55\xcc\x58\x94\x5f\x3e\x94\x4b\x8a\xc2\xfb\xf4\xd2\x4f\xe7\xe1\xe6\x19\xcd\xbe\xee\x3e\x5e\x12\xa9\xa5\x27\xd2\x8f\x5f\xd7\xcf\xd9\x22\x0f\x13\x08\xd8\x97\xb6\xd4\x31\x4a\x5a\x01\x87\x86\x4a\x2d\x62\x1c\xf1\xb2\x84\x42\x61\x24\x7b\xf5\x20\xba\xfa\x9b\xf2\x26\xe1\x15\x68\x1e\xcd\x77\x42\x79\x80\xcd\x12\xb0\x8c\x35\x9c\xec\xd1\xde\x3f\x55\x45\xf8\x07\xf8\x1e\xd7\x63\x02\xff\xd6\x47\x7f\x89\xb9\x58\xcd\xf1\x29\x54\xcf\x70\xc1\x42\x53\x29\x93\x83\x16\x47\xea\xca\xb0\xb4\x80\x7b\xfd\xad\xb4\x38\x9d\x7d\xff\x2c\x4e\xf0\xef\x5a\x5c\x61\xd0\xdf\x76\x2e\x2e\x90\x80\xa7\x18\x1c\xec\xd0\x6a\x53\x19\x9f\x0d\xfe\xf7\x02\x62\x7a\xde\xcf\x5f\xcd\x9b\x3e\x68\xc7\x23\x33\x16\x17\x27\xf8\x71\xc7\xd1\xc4\x30\x51\xff\x1c\x92\x1f\xd5\x3b\x64\x22\x38\xb9\x78\x80\xd6\x4e\x25\xfa\xc5\x12\xab\x95\x4b\xed\xbc\xa5\x40\xf5\xb2\x00\x91\xec\x72\xe6\x7f\x88\x77\x0a\xfc\x32\xf2\x12\x5c\xa0\xda\x4f\xe8\x7b\x56\xaa\xc9\x17\x7f\x1f\x4f\x67\xc8\x51\x72\x5c\x5e\x8a\xfe\x64\xf6\x64\x79\x98\x33\xfd\x79\x10\x0b\x77\xea\xd2\x58\x38\x87\x9f\xff\x47\x47\xaa\x0d\x56\x72\xec\x0a\x94\x34\x81\x34\xbd\xbd\x4b\xb3\x9b\x0c\x67\xa0\xcd\x30\x60\x2e\xdf\x4f\xec\x6f\x7a\xf0\xcc\x2b\xda\xe1\x26\xce\xa8\x42\xdf\xaa\x43\x91\xdc\x5d\xde\xa9\x38\xe1\x79\x21\x68\x24\x0c\x2d\x8b\x25\x35\x2f\x9f\x3a\x64\x42\x35\xce\x36\xfe\xfe\xb6\x99\x2a\xd8\x8e\x28\x7a\xd2\xd8\x5b\xd8\x50\x39\x6f\xc2\xe5\x17\xa1\x52\x09\xf5\x92\x0a\xc9\x8c\x53\x2b\x1f\x4d\x86\x9b\xeb\x08\xbb\x03\xcf\x7c\x91\xaf\x3f\xfc\xed\x68\xd5\xfb\xfe\xf8\x6f\xf9\x4e\xce\x6e\x2e\xad\x34\x84\xce\x08\x0d\xb1\x7b\xbe\x40\xf1\xdb\x43\x2e\xc1\x65\x0e\xd2\x4f\xdd\x25\x0f\x33\x45\x74\x5c\x9b\x7b\x91\x98\xc9\x10\x9a\x37\x26\x1f\xc5\xec\xbb\xb1\x2f\x83\xa0\xe1\x22\x0a\x18\x67\xd4\x5f\xdd\xfe\xa8\x1d\xcf\x75\xf4\xec\x7f\xdb\x52\x50\xe5\x77\x54\xd6\xde\xa2\x70\xb6\x28\xa7\x95\x30\xec\x28\xb6\x19\xbc\xa9\x49\x3e\x63\x05\xcf\xc4\x41\x4c\x1c\x1d\xe3\x38\x9e\x89\x01\x97\xc8\x5f\x28\x40\x4f\x3f\xa9\x6a\x1e\x2f\xd9\x20\x6b\x47\x2e\x8a\x0a\x0d\x32\xaf\x55\x60\x6b\xb0\x83\xf7\x6a\x19\xb8\xea\xe3\x47\x9a\xe5\x1d\x98\xa9\x9a\x62"},
+{{0xa5,0x22,0x8f,0xf9,0xbb,0xb6,0xf2,0x32,0x32,0x7e,0xb8,0xd8,0x79,0xd7,0xf8,0xb2,0x77,0xca,0x72,0xba,0xe1,0xf9,0xa9,0xd0,0xe2,0x60,0xdd,0x90,0x57,0x1d,0xb4,0xf9,},{0xd8,0x2f,0x6a,0x69,0x74,0xf5,0x1c,0x88,0x08,0xd9,0xd6,0x17,0xf4,0xce,0xc2,0xd8,0xa3,0x7e,0xb1,0x1a,0x14,0x23,0x7c,0x9a,0xb9,0xcf,0x11,0xeb,0xc8,0x0f,0xf6,0xc0,},{0x97,0x65,0x0f,0xae,0x3f,0x59,0xca,0x76,0x47,0x7f,0x25,0x47,0x16,0x77,0x49,0xc5,0x83,0x02,0x48,0x88,0x32,0x25,0xe3,0x54,0xff,0x46,0xc7,0xe3,0x81,0x96,0x52,0x20,0xd9,0xbe,0xf2,0xc2,0x05,0x7c,0x7d,0x19,0x90,0xf0,0x8b,0xca,0x4c,0xfd,0xe8,0x77,0xff,0xf2,0xb4,0xaa,0x81,0x3d,0x9c,0x4b,0x84,0xfb,0x79,0xec,0xed,0x81,0xef,0x05,},"\x1d\xf7\xa6\x83\x5e\x33\x10\x98\x3e\xe7\xec\x73\x11\x25\xf5\xb5\xcf\x11\x7a\xf0\xe3\x6b\x36\x85\xbf\x54\xac\xe1\xc4\x8c\x46\x30\x05\x60\xa4\x5e\x9f\x9b\xdd\x96\xa0\xbc\x4d\x14\xe8\x9d\x4b\x57\x21\xa2\xca\xff\x66\x18\xb1\x82\xed\xb1\x20\x2f\x3d\x0c\x5d\x11\x8d\x09\xb6\x18\x12\xc0\x10\xe8\xb1\x96\x34\x45\x41\xcd\xee\xfe\x5f\xd1\xf9\x61\xc5\xdd\x75\x45\x95\x55\xab\x72\xef\x2a\xa7\xa7\x59\xa4\xf3\xad\x3c\xae\xd4\x4f\x4c\x9a\x8e\xf9\x5b\x76\xed\x9a\x99\xb5\x5d\xd8\xa2\x60\xba\x08\x01\x0d\x29\xff\x81\x9f\x2a\xf3\x51\x3c\x1a\x64\x0d\x6c\xcd\xde\x49\x99\x20\x5f\x9f\xca\x88\x57\x11\x5d\x8b\x5d\xb9\xf7\x0a\x62\xe5\xee\xa0\xd5\xaf\x06\x5d\xe1\x53\xf2\xed\xed\xee\xc6\x3e\x15\xc8\xe0\x9a\x92\x58\x21\x82\xac\x07\xd8\x1c\xa6\x3c\xa4\xaa\x59\x7a\x22\x20\xe7\x04\x81\x95\x7d\x41\x52\x64\xe2\x58\xbc\x26\x3e\x1c\xc3\x6e\x53\x47\x8a\xac\x5c\xa0\x16\x94\xcc\xb0\x9b\x4f\xfd\x84\x73\x99\x72\xc7\xdc\xcf\x3d\xef\xea\xfd\xed\xe1\x62\xab\x6c\x58\xa1\xdf\x27\x37\x1e\x3f\x54\x93\x06\x7f\xc9\xe2\x06\x7e\x57\x96\x23\xc0\x09\xfc\x82\x5e\xef\x0e\x01\x0f\xd1\xcc\xf2\xa8\xd3\xfb\xbb\x31\x56\xf9\xdf\xde\x0c\x7c\xbb\xaf\x84\x33\x09\x85\x17\x49\x1b\x78\xdb\x96\x98\x61\x4e\xa4\x0e\x0b\x1e\x6a\x1e\x36\xb9\x00\x45\x3a\x16\xea\x27\x6f\x34\x42\xbb\xd2\x7a\x7e\xcb\x98\x15\x11\xf5\xc9\x20\x9e\xb0\x96\xe2\x85\x88\xb6\x5b\x96\xb5\x01\x88\xc0\x38\x1f\xf7\x12\xbc\x06\xb2\xc6\x55\xcc\xa0\x75\x1c\x09\x5d\x80\x16\x25\x15\x85\x85\x1e\x67\x74\x34\xdc\x3e\xfd\x08\x7a\x12\x68\x0f\xc2\x2e\x5b\x83\x10\xa1\x0e\x32\xca\xac\x9b\x71\xc8\x76\xee\xd3\x1e\xf0\x9f\x7f\xa0\x12\xba\x08\xdf\xd2\xad\x68\xc1\xe1\x47\xf5\x05\x98\xe5\x50\x46\x7e\xf9\x9f\x29\x5a\x31\x8f\xaa\x50\x7e\xbe\x77\x6c\xe5\x5c\x4d\xa1\x64\x32\x3c\x30\xa5\xe7\x2d\xbe\x02\x7c\x3c\xcf\x96\xc7\x01\x97\xa6\xfb\x1b\x74\xaf\x13\x3a\x8b\xe2\xb0\x3c\x1b\x99\xfd\x25\xb3\xce\xd5\x1f\xe3\x88\x20\x21\xa3\xaf\xd9\x22\x9f\x64\x1b\xc6\xca\xd4\xe1\xd3\xcb\x6e\xd9\xb6\xb6\x8a\x25\xf1\xe1\x39\x72\x89\x98\x1f\x78\x92\x4b\xff\x24\xc8\xde\xe6\xa1\x8a\x04\x21\xfa\x32\xae\x3a\xb6\x0a\x0d\x93\x3a\x6a\xf4\xff\x70\x48\x74\xb0\x9b\x07\x39\xe2\xf2\x9d\x8f\x25\x2d\x79\x05\x5f\x89\xd3\xbf\xf1\x0a\x22\xc5\x4a\xc3\xd8\xaf\xee\xce\x81\x83\x53\xa6\xab\xe2\xb7\xfb\x8e\x8e\x0d\xa5\xb7\xac\x1c\xfc\x98\x5d\xf9\x75\x80\xb1\x82\x11\xa4\xe3\xed\xff\x95\xaf\xdd\xa0\x61\x54\x7d\x3a\xe0\x40\x6d\x32\x86\xcd\x30\x5b\xdf\xd2\xc3\xab\xf8\xf7\x4a\xf9\xa0\x34\x20\xe5\xb0\x3f\x82\x5e\x9c\x53\x90\x7e\x13\xa5\x81\x21\x74\xbe\x42\x89\x86\x45\x14\x9d"},
+{{0xc0,0x4d,0xc0,0x9f,0x11,0x9d,0x67,0x0f,0xb1,0xea,0xe0,0x13,0x6f,0xcc,0x06,0x08,0x5f,0x29,0x0f,0x4a,0xd1,0xaa,0x1f,0xfc,0x9c,0x16,0x0e,0xa5,0xcf,0x47,0xf0,0x9d,},{0xff,0x49,0x8c,0xe8,0xc9,0xdb,0x78,0x67,0xf6,0xd0,0x27,0x64,0x52,0xa4,0x66,0x72,0x48,0x87,0xe6,0x17,0x2f,0x66,0x81,0x67,0x1b,0x8a,0xe0,0x35,0xf5,0x86,0x5e,0xa3,},{0x4b,0xd1,0x9f,0x3d,0x9c,0x51,0x16,0xec,0x6a,0xe0,0x02,0x4d,0x0f,0x24,0x6d,0x2c,0xe2,0x50,0xd9,0xe0,0x63,0x4a,0x23,0x2b,0xa0,0x6f,0xd3,0x56,0x6a,0xed,0x55,0xcb,0xe5,0x9f,0x12,0x33,0x2c,0xba,0xd6,0x5d,0x43,0x49,0xa9,0xd2,0x2e,0x7d,0x6e,0x46,0xd2,0xfb,0xdc,0x71,0xd5,0xc8,0xf9,0xda,0x15,0xdf,0xbf,0x17,0xba,0x22,0x51,0x07,},"\x1e\x42\x29\x7f\x8a\xee\xf2\x9a\x84\x2e\x0e\x21\xf5\xdb\xae\x06\x8e\x2c\x9d\xda\xa6\xfd\x34\x8e\x48\x88\x1f\x0d\x42\xc5\x0b\xf0\xec\xf1\x70\x6b\x94\xa5\xd1\x98\x17\xca\x02\xd8\x3e\x9a\xb2\xf9\x9d\x8b\xfa\xaa\x5c\x85\xad\x39\xa1\x50\xb2\x25\xad\x3e\xaf\xa0\x67\x81\x5b\x74\x67\x2f\xe0\x26\xc3\xcc\xc6\x77\x25\x54\x40\xb6\x84\xa7\x6e\x12\x8c\xa2\xcc\xc4\x29\xf1\x52\x57\x7d\x25\xb6\x9f\x40\xdb\x58\x2d\x49\x47\x9a\xfa\xe6\x80\x71\x2d\xc0\xfd\x1f\xe1\x41\x88\x39\x68\x7c\xa6\x0c\xdd\xe9\x74\x14\x04\x62\xf9\x61\x48\x29\x5d\xf1\xce\x43\xa9\x77\x35\x1c\x77\xf2\xf0\xb0\x9a\x6b\x26\xd6\xfe\x96\x5f\xce\xae\x17\xd7\xb8\x62\x03\x71\x40\x24\x28\x54\x4f\xdf\x91\x69\x0b\x44\xe9\xaf\xc2\xe9\x08\x8c\x83\xca\x48\xdc\x85\x76\xf6\x28\x72\x47\x98\xdc\x90\x32\x31\x74\xc4\x49\x96\x59\x65\x02\xa3\x5d\xf8\xb9\x82\xc5\x70\xa6\xcb\x51\xb9\xa1\x97\xd4\x31\xaf\x33\xf0\x2b\x80\x01\x15\x67\xfe\x50\xcf\x45\xac\x11\x1b\x3d\x55\x6f\x8c\x8c\xe5\xae\x8c\x99\x72\xf2\xa9\x93\x6b\x1a\x01\x2b\x9c\x33\x9e\x30\xc9\x73\x12\xb6\x5e\xa5\x9c\x10\x0f\x79\xd7\x95\xb8\xa2\x4b\x31\xa0\xa9\x7d\xc2\x5c\xce\xd6\xb8\xff\x5a\xe1\x45\x33\x9a\x04\x8c\xa1\x2a\x57\x90\x17\xfa\xe8\xd5\xcb\xcb\x61\xd5\x2e\x31\x4d\xd7\xc2\xe7\x20\x10\xc4\x72\x17\xb1\xd0\x68\x78\xbf\x28\x18\xca\x18\x8e\x8e\x30\x79\x60\xc1\x68\x9d\x7d\xfc\x02\x02\x97\x3c\xd2\x9f\x2f\x7b\xa7\x43\x46\x9e\x68\x5e\x0e\x70\x4b\x04\xba\xca\x4f\xab\x54\x88\x44\x8a\x92\x2e\xab\xf4\x0b\xe5\x81\xc1\x99\x4d\x74\xd1\x3a\x36\x6c\xe8\x57\xfb\x40\xa6\xe0\x5d\xa8\x55\x36\x94\x17\x2c\xc3\xfd\x28\x06\x2f\x53\x82\x50\xaa\x8c\x11\xf6\x81\x39\xe7\x9c\xd1\x19\x1b\xa3\x31\x4b\x5c\xea\x08\x64\x43\x7e\xd2\xe4\xb6\xfb\xd7\x5b\x9d\xed\x09\x87\xb4\x1c\x20\x2a\x58\xec\x02\x54\xd9\xd3\x71\xa7\x95\xf1\xdb\xec\xdd\xac\x11\x2b\xe8\xd0\x9e\x2d\x7b\x9c\xa5\x75\x2f\x40\x6c\xff\xb9\x11\xca\x36\x45\x0b\xc0\x5f\x1e\xc1\xca\x3c\xa8\xd3\x51\x24\xd1\x28\x6c\x55\xf1\x0f\x61\x33\x4e\x46\xec\xe4\x18\x3b\x92\x21\x9a\x9d\xcd\x0e\x5e\x78\xef\x2a\x76\xcf\xe9\xa9\xab\x37\x95\xdf\xdc\xb4\x4f\x63\xd4\x5f\x5f\x48\xff\xb4\x15\x61\x33\xad\x2e\x99\x50\x88\x4c\x5b\xbd\x2c\x1c\xb8\x72\x9e\x40\xa8\x78\x7f\x78\x49\x69\xfa\x88\x0c\x07\xff\xcc\x97\xd5\xc0\xd2\xd4\x88\x08\x5e\x91\x16\xd7\x10\x7c\xd5\xdb\x16\xce\xcc\xde\xad\x55\x02\x5e\xea\x2e\xde\xe9\x3c\x1b\x10\x64\x27\x61\x8e\xe0\x9d\xc3\xda\xd1\xe0\x56\x76\xa2\x36\x80\x69\xc8\x04\x5c\x3e\xbc\x6c\x67\xaf\xa5\x2d\x59\x39\x82\x48\xef\xcf\x15\xe9\x04\xc7\x14\x23\x04\xff\x61\x97\x1f\x4d\x9b\xf6\x46\x0c\x1d\x64\x17"},
+{{0x67,0x91,0xbd,0x74,0xd3,0xb4,0x62,0x0e,0xf5,0xf1,0xff,0x56,0x40,0x64,0x32,0xc2,0x6a,0xb6,0x46,0xf6,0xd5,0xe9,0xdd,0xa6,0x84,0x2e,0xd6,0x90,0x52,0x27,0x53,0x92,},{0xda,0x99,0x15,0xa7,0x55,0x2f,0x11,0x0f,0xae,0xa1,0x2d,0x47,0x92,0x0a,0x09,0x60,0x14,0x43,0xd4,0x00,0x0a,0x9c,0x7e,0x21,0x8d,0x5b,0xa7,0x2b,0x74,0x98,0x9f,0xa6,},{0xb1,0xe8,0xd4,0x81,0x06,0x5b,0xd5,0x12,0x1b,0xb3,0xbf,0x56,0x96,0x00,0xbc,0xc2,0x6d,0xf4,0x0c,0x49,0x9f,0xba,0xa9,0x54,0xb3,0x9a,0x61,0x9d,0xc4,0x0b,0x95,0x90,0xc3,0x17,0x56,0xb8,0xb6,0x3f,0x86,0x01,0x51,0x69,0x4b,0x95,0x76,0x5d,0x69,0x7b,0x2e,0x1a,0xde,0x08,0x06,0xe9,0x2a,0x06,0xc4,0xa5,0x59,0xe9,0x0f,0xcf,0xa5,0x06,},"\x36\xa2\x0e\x66\xbb\x29\x15\x51\x61\xad\x85\xee\xfe\x89\x3b\x53\xac\x5a\xde\x16\x5f\x08\x9a\x77\x19\x0b\x0c\x23\x9d\xec\x8a\x20\x16\x85\xb0\x76\xb4\xde\xd4\xa1\x0a\xa4\x59\xb9\x80\xa8\xcc\xa4\x7d\x5f\x8d\xe4\xd2\xa6\x62\xe4\x46\xd5\xf7\xfb\x70\xed\x9b\xe0\x5d\xb1\xcc\xea\xdd\x13\x0b\x33\x46\xd9\x40\x9f\x9d\x6e\xf5\x28\x24\xc7\x64\xac\x6f\xb1\xcd\x15\x6d\xbd\x6a\x47\x3a\xe7\x22\xd0\xeb\xb2\x56\x38\xc5\x12\x65\xa2\x2f\xeb\xbb\x14\x96\x7d\x6d\xd8\x25\x3c\x1d\x03\x88\x95\xc6\x73\x7f\x06\x7c\x8f\x73\xc3\xc1\xcb\xe6\xcd\xa4\x36\x96\x32\xd7\xf4\xc9\xac\xeb\xe8\x7d\x05\x71\xc8\x1a\x58\xcf\xd7\x2c\xce\x4a\x5c\xf5\x3a\x1e\x75\x25\x9f\x4c\x99\x3e\x67\xef\xc8\xd9\xc3\x57\x6c\x43\xaf\x04\xa5\xca\xf3\x3d\x85\x6f\x7f\x27\x55\xd3\xa9\x75\xab\x2b\x68\x5c\x6f\x65\x68\x0c\xba\x9a\xc8\x79\xf3\xa8\xc9\xa4\x76\x5b\x87\x9c\x0a\xde\x1e\x4b\xd0\xd4\xa7\x0b\xb6\xf9\x2b\x24\xd4\x29\xdc\x74\x6c\xc7\x8f\x84\x81\x1f\x07\x6f\x32\xc6\x1e\x35\x85\xcc\x8a\xad\xe9\xb0\xca\x15\x22\x4b\xfb\xfe\x18\xbe\x10\xa3\x36\x43\x60\x0f\x66\x12\xbf\x01\x3f\x0e\xfc\xca\x83\x72\x46\xa0\xee\x5b\x03\xc0\x2f\x15\x73\x62\x4c\x4a\x44\xa9\x0f\x9e\x42\x3d\x4e\x56\x06\x1a\x71\xd0\x14\x4f\x5a\x88\x7a\x8c\xd4\xa9\xd6\xf2\x47\x90\x4e\x26\x79\x59\x51\x95\x9d\xa1\x21\xc8\x3c\x6c\x94\x1e\x2b\x6b\x9a\xb7\x62\x09\xff\xe9\x17\x85\x91\xea\xd6\x82\x30\xb9\x4a\xe9\x7d\xf5\x8f\x9f\x17\x24\x28\xc9\x50\x67\x59\x8a\xc5\x82\xff\xb9\x50\x84\x0d\x82\x66\x30\xc4\x62\x5f\x5d\xea\xdd\xec\x13\x05\x20\x3b\x4d\xb6\xb9\x45\xf9\x91\xed\x7c\xd3\xd6\xfa\xbc\xa5\x1e\x21\x66\xad\xad\x0a\xad\x51\x17\x33\x6d\x52\xd5\x94\x22\xf0\x13\x5c\x8f\xa8\xcd\xd0\x88\x4b\xe7\x35\x86\xbf\x28\x4e\x5d\xdd\xdb\xcb\x95\xb4\x11\xf9\x85\x68\x52\x6f\xbe\x71\xa5\x59\x2b\x56\xad\x5a\x73\x45\xf2\x87\x4d\xb1\xd5\x7b\xea\xb4\x3e\x8c\xc6\x95\x47\x52\x06\x29\xf0\xee\x76\xdb\xf4\x32\xa3\x76\xfa\xd2\x8b\xfc\x77\xe1\x4d\x84\x0f\x0c\x02\xd4\x78\xf1\xe2\x33\x7c\x23\xb8\x9e\x73\xe5\x27\x91\x08\xb5\x60\x9b\x18\xe8\x0d\xb0\xde\x11\xcf\xa9\x4e\xcf\x72\x39\xbc\xff\x59\xc5\x41\x18\xe4\xed\xe4\xfb\xfc\x08\x23\xae\x54\x60\x16\xf7\x74\xc5\x21\x98\xa9\x63\xb5\x54\x5a\x34\x89\xb8\x9d\xf7\x62\x6f\xd1\x1e\xd4\x65\x8d\x71\x5a\x46\x57\x99\x40\x35\xd4\x03\xb3\x37\x0d\x14\xee\xd9\x71\x8d\x59\x8d\xb6\x75\xf0\x42\x59\x2f\xea\x89\x05\x65\x44\xb3\x2e\x5b\x9c\x80\x62\x82\x8a\xaa\x3c\xf5\x9c\xb4\x76\xad\x36\xdb\x1d\xaa\x24\x82\x22\x7a\x9b\x7a\xfb\xc1\x53\xce\x93\x25\x3d\x1b\x39\xda\x95\xeb\x96\xf8\x31\x28\xff\x25\x54\xa5\x47\xe3\x4e\xea\x4a\x00\x00"},
+{{0x23,0x4c,0xe4,0xd3,0x9b,0x5e,0xba,0xbe,0x9a,0x2c,0x1e,0x71,0x97,0x0d,0x71,0x81,0x38,0xdc,0xb5,0x30,0xcf,0xd2,0x96,0x02,0x34,0x27,0xd8,0x92,0xbf,0x88,0xf8,0xa4,},{0xcb,0x73,0x93,0x0d,0xb4,0x21,0xf6,0xd2,0x45,0x36,0x83,0x7b,0xd0,0xbf,0xf6,0xfa,0x75,0xbb,0xd1,0x41,0xc9,0x8a,0x40,0x5d,0x42,0x44,0xa3,0xc4,0x24,0x55,0x07,0x79,},{0xf6,0xd0,0x60,0xed,0x7d,0x18,0x27,0x3f,0x18,0xf7,0xa6,0x9c,0xd1,0xd8,0x12,0x6e,0x47,0x8e,0x88,0xa1,0xd7,0x29,0x4f,0xf6,0x04,0x08,0x46,0xd4,0x61,0x07,0xc3,0xe4,0x1a,0x42,0x3b,0xab,0xb2,0x41,0x71,0x39,0xfe,0x58,0x7d,0x29,0x10,0x27,0x1a,0x35,0x7f,0xe5,0xbf,0x57,0xc9,0x2e,0xe3,0xa7,0xb7,0x75,0x33,0x72,0x9d,0x0a,0xc2,0x0d,},"\x77\x73\x0c\xf8\xc8\xf9\x6b\x91\x87\x90\x2a\xcf\xf9\xff\x0b\x21\x74\x6c\xca\xf0\xa3\x82\xa7\xb3\x43\xd1\xc7\x20\x27\xae\x3c\x31\x68\xa7\x3a\x6b\x8f\x49\xbc\x87\x98\x14\x1e\x15\xc2\x73\x2b\x6a\x6b\x3f\x75\x7f\x8a\x8e\x86\xc7\xa4\xba\xcb\x39\x55\x1c\x54\x87\x4d\x6b\xf7\x16\x89\x7e\xe4\xaf\x13\x25\x3a\xa5\xbb\x79\xa1\x92\x10\x4f\x44\xdc\xb3\xde\x96\x07\x45\xa8\xe6\xaa\x98\x80\x52\x4a\x62\x9f\xb5\x10\xa4\xce\x4c\xbd\xa7\xe2\x95\x7d\xff\x1d\x62\xe7\x05\x60\x6a\x2c\xc8\x4f\x91\x85\x0b\xea\xac\x5e\x58\x46\xe1\x42\x0b\xc9\x1d\xcd\xd2\x42\x7b\x69\xcf\xa4\x6a\xe3\x8a\x4f\xef\x41\x46\xea\xe3\x5f\x9c\x22\xe9\x67\xcb\x14\xa1\xaf\x9c\xab\xf8\x3b\x18\x04\x65\xbe\xd6\xef\x2c\xda\x38\x2a\x84\xd9\x99\x4a\xad\x65\x5d\x89\x52\xe0\xfb\xb0\xf9\x6f\xc8\x08\x9f\x2e\x74\x89\x49\x7f\xac\xdc\xd6\x56\xa8\xa4\x51\xb9\x28\xc1\x1e\x7a\x40\x75\x07\x2a\xaf\xbf\x17\xd8\xf1\x05\x4c\x91\x96\x28\x8d\xed\x3a\xe2\x1f\x9a\xfd\x58\x10\xa1\x00\xd8\xe4\xd8\x4c\x4a\x35\xa9\x8b\x30\xd3\xe1\x85\x24\x43\x8d\xd4\x40\x2d\xfd\x8e\x76\x75\xf0\x9d\x08\x0c\xd9\x15\xf1\x4a\xf4\x37\x2f\x7c\xe5\x83\x84\x97\x2d\x5d\x11\x10\x79\x65\x1b\x2a\xcf\x39\xd2\xa1\x67\xc6\xa0\x0b\x2b\x17\xce\x0b\x26\x87\x91\xbd\x2b\xe5\x17\x8f\xe0\xf8\x2d\x64\xda\xcd\xde\x37\x7a\x1e\x8b\xe9\xe7\xd8\xdf\xc8\x2b\x08\x64\x45\x37\xbd\xc8\x70\xc5\x81\x92\x86\xfd\x51\xf6\x79\x2d\xc5\xf6\x7b\x54\xbe\x33\x6d\x44\xd5\x4f\xeb\xf8\x1b\x8d\xf8\xde\xc5\xd8\x68\x6d\xb1\x2f\x16\x4d\x0e\x8f\xf1\xaa\x2c\x16\xba\xcc\x98\x06\x01\x0e\xc8\xe9\x11\x96\x59\x7e\xf0\x6a\x4c\xf1\x70\x7d\xef\x50\x67\xa0\x48\x89\xd8\xe4\x8a\x9b\xc2\xc0\xbe\xf6\x64\xf5\xac\xd1\xb4\xf5\xbc\x2d\xa7\xda\x43\xdc\xb5\xf9\x63\x24\x5b\xa5\x52\xfd\x49\x30\x01\xd8\x70\xa9\x51\x7a\x17\x9c\x2f\x0d\xe8\x5b\xe0\xc6\x82\xd0\x57\x48\x8e\x35\xc7\x81\x6f\xf4\xba\x52\x9a\xef\xd7\xc6\x60\x91\xf2\x06\xf5\xf4\xd7\x5c\xac\x8b\xd2\x09\xec\x2f\xa5\x5b\xe7\x4a\xf2\x31\xe2\xf3\x89\xdc\xc2\xd6\x68\xbf\x69\x5e\xd2\x67\xc3\x59\x4b\xad\x9e\xfc\x00\x21\x7c\x7a\x0e\x9e\x7b\x6a\x56\xa3\x30\x79\xa3\x0e\x73\xc3\x73\x3f\x2d\x24\xef\xec\xdd\xe8\x7f\x72\xf9\x48\xd2\x77\xd6\xb6\xd5\xb0\x35\xb4\xc5\x31\x80\xd2\x3d\x66\xcc\x0f\xf1\x7c\x15\xdd\x46\x85\x85\xe3\x89\xd9\x1a\x4c\x97\xfd\x80\x11\x0b\x21\x8a\x0b\xf7\xa5\xe0\x35\x3f\x46\x09\xd2\xcf\x01\x8a\x06\x55\x71\x00\x1c\x78\x88\x55\x5e\xed\xbd\x36\x22\xc3\xb1\x76\x9c\xd1\x3f\x33\x37\x47\x72\xaa\x6c\x8a\x8f\x58\x81\x02\x01\x7d\x4e\xe4\xe5\x0d\xcb\xbd\xb1\xd6\x10\xc3\x26\x70\x93\x4a\x6d\x9e\x6d\x9b\x78\x4b\xbf\xe7\x18\x62\xbb\x38"},
+{{0x10,0x3d,0x11,0x8c,0x7d,0xd6,0x5d,0x07,0xe8,0xd5,0x58,0x2e,0x45,0x04,0x2a,0x75,0x79,0x24,0x17,0xc6,0x92,0x00,0x1e,0xe6,0xbd,0x9a,0x92,0x7b,0x2b,0x3d,0x90,0x16,},{0xb4,0x5c,0xc9,0x45,0x14,0xa6,0xad,0x67,0x24,0x96,0xcd,0x4e,0xb9,0xfd,0xaf,0xc1,0xd4,0xa1,0x67,0x07,0x2c,0x68,0x74,0xdc,0x8f,0xf1,0x6d,0x76,0x1f,0xb6,0x69,0x86,},{0x2f,0xaf,0xc1,0x3c,0x43,0xaf,0xe5,0x05,0x43,0x72,0xb9,0x23,0xd2,0x4f,0x29,0x2b,0x28,0x3a,0xfc,0xa3,0xac,0xa3,0xb3,0xe4,0x32,0x38,0x06,0x84,0x96,0x17,0x13,0xc8,0xd2,0x3e,0x86,0xb3,0x58,0x04,0x95,0xdf,0xba,0xe4,0x24,0xb7,0x67,0xe4,0x79,0x5a,0x0f,0x92,0x2f,0x71,0xb5,0x0f,0x5d,0x7a,0x36,0x9a,0xb8,0xc6,0xe8,0x80,0x42,0x0c,},"\x5a\x8e\xe0\x79\x18\x6b\x51\xcf\x46\x29\x83\x4d\xe0\xc6\xbd\x73\x34\x85\x50\x39\xa7\x63\x1d\x68\x87\x65\x2a\x77\x28\x99\x59\x72\xe3\x62\xc1\xc4\x09\xf0\x84\xf5\xaa\xf2\x98\x6a\xe3\xf5\x36\xbe\x00\x70\xc4\xba\xf4\x59\xef\x60\xa0\x15\xef\x9d\x70\xdf\xa3\xea\x96\x71\x1c\xbb\x18\xe9\x2a\xf5\x0c\x52\x7d\x7e\xd4\x57\x87\x7a\x07\xab\x83\x72\x15\x18\xc8\x9f\x7a\x86\x41\x91\xb1\xe9\x74\x33\xb7\xc6\xcd\x63\x4a\x83\x2e\x19\x89\x1e\x76\xc6\x21\x22\xa4\x9d\xbf\xfd\x83\x49\x8a\xa4\x16\xac\xcc\xb7\x73\x7f\xe7\x5f\x4f\xb2\xc3\x53\x28\xe6\xf6\xec\xec\xaa\xa4\x2e\x43\xdb\xa5\xbc\x96\x89\x67\x3d\xab\x96\xf0\xbe\xfa\x3c\x83\xeb\x41\xd4\xd8\x87\xb3\xa1\x17\xd0\x55\xe3\x0b\xb8\x7f\xbe\x7c\x71\x94\x72\xf6\xc7\xa4\xcc\x45\xf6\x28\xf5\xfa\xdd\xc4\x8c\xa3\x44\xf7\x7b\x73\x3c\x0e\x3b\x9f\x50\x79\xdb\xd0\x7a\xf3\xa3\x84\x7a\xf1\x41\x71\x9c\xca\x2f\x6a\x76\x65\x52\xb4\x5d\x0f\xdc\xdb\x98\x68\xf2\xc7\x62\xb6\xd4\x93\x3b\xa1\x08\x36\xf9\x5b\xff\x71\xcb\x88\x04\x00\x24\xc9\x05\x34\xc4\xd7\xa9\x5a\x23\x03\xb0\x4c\x29\x61\x01\x2a\xf5\x8b\xc7\x84\xa9\x63\x27\xbb\xfe\xd0\x39\xd0\x80\x2a\x05\x26\x2d\x8e\x66\x3b\x78\x50\x8e\x92\x50\x8b\xc1\xf2\xea\x2b\x9b\xe7\x58\x0b\xde\x10\xa4\xd6\x63\xd0\xd2\x5b\x0e\x97\x3b\x8c\x5d\xed\x59\xde\xbf\x19\xbb\x04\x4a\xff\x1c\x60\xc7\x0e\xa1\xae\xfe\x85\xf6\xd1\x5c\x2c\x1b\x84\x75\x3b\x59\x57\x6a\x49\x47\x3d\x65\xaf\x3e\xd9\x41\xa3\xd5\x14\xb5\xc4\x52\x2c\x14\x1b\xdb\xee\xd9\xcb\x33\x96\x95\xb2\xe0\x2d\xc0\x70\x00\x86\x7f\x1b\xf8\xed\x8c\xfd\x3b\x1a\xfe\x68\x8f\xbc\xa8\x0e\x2f\x9b\xa5\xc0\xb1\x88\xa1\x9a\xda\xff\x66\x86\xca\x0f\xf0\xed\xd4\x44\x66\x12\x91\xfa\x27\xca\x1f\xc5\x29\x42\x9a\x5d\x8f\xf7\x9e\xd2\x02\x7c\x60\xff\xe3\xb2\xc0\x3f\xb8\xa6\x6a\x39\x85\x41\x7b\xa4\xac\xe7\xd1\x4f\xd0\xe2\x37\x1e\xdf\x5d\x71\xbc\x02\xb9\x05\x27\x67\xc7\xf7\x2c\x4e\x6f\x3f\x30\xe0\x63\x82\x76\xb9\xc4\x20\xaa\x43\x33\x09\x5d\x31\x31\x30\x33\x09\x05\x82\xe3\xac\x4d\x9f\xd3\x20\x31\x20\xba\x25\x14\x97\x3a\xb9\xd1\xc7\xfc\x42\x29\x01\x16\xb5\x1d\xae\x9f\xd5\x79\x41\x0a\xe0\x78\xed\x32\x0a\x5a\x1b\x49\xaa\x7b\x5f\xef\xcd\x75\x63\x95\x21\x3a\xf8\x64\x1e\x29\xb0\xeb\xb5\xb8\x3e\x37\x80\xe5\xd1\x0e\x9d\x3d\x11\x99\x81\x48\xf6\xc6\xf8\x6c\x4d\x4e\xb2\x52\xe2\x8c\x70\xfa\x3a\x55\xc4\x3d\x4d\x7f\xaa\xfc\xbc\xdd\x45\xad\x26\x37\xf2\x15\xe8\x15\x49\xeb\x8a\x4c\xde\x47\x15\xb7\x10\x72\x07\x50\x3a\x79\x59\x50\x60\xb8\x3a\xce\x8f\xeb\x67\x3b\x99\x79\x68\x46\x9d\xd9\xb4\xad\x6a\x7e\xa8\x1c\x6e\x61\x81\x00\x33\xf3\xed\xfc\x13\x7d\x97\x42\x09\x57\x5c"},
+{{0x47,0xee,0xe2,0x02,0x4d,0xbe,0x09,0x95,0x3e,0x98,0x1f,0x69,0x86,0x52,0x0f,0x66,0x60,0x82,0xaa,0x9e,0xf4,0x89,0x2d,0xfd,0xfb,0xdb,0xd2,0x50,0xd2,0xa1,0xdf,0x28,},{0x9f,0x13,0xcd,0x8e,0xbf,0x50,0x80,0x34,0x79,0x75,0x15,0x9f,0x36,0x02,0x96,0xa7,0x16,0x40,0x14,0xd8,0xd0,0x69,0xe8,0x31,0xda,0xb0,0x33,0x26,0x07,0x99,0x7c,0xde,},{0x5d,0xef,0xae,0x0e,0x17,0x3e,0xcc,0x18,0xd5,0xf0,0x1e,0xc9,0x29,0x1b,0xe1,0x60,0xd5,0xea,0xbf,0xf6,0x3f,0xd5,0x42,0x3f,0x2b,0xc6,0x6e,0x3f,0x64,0x08,0xc1,0x96,0x35,0x35,0x02,0xdc,0xef,0x21,0xef,0xfa,0x4b,0x9c,0x14,0xbf,0x27,0xb6,0x87,0xd1,0xb6,0xe8,0x6b,0x2a,0x20,0x5a,0x89,0xeb,0x35,0xc3,0x76,0xa3,0xa3,0x25,0x69,0x0d,},"\xc1\x33\xf0\x33\xcf\x3b\xec\x6c\xd1\x92\x12\xea\x47\xdb\xec\xb1\x3f\x2c\x60\x18\xf9\xe0\x87\x8a\xc8\x84\xbf\xb5\x75\xc0\xf5\xd3\xfc\x5b\x49\x99\x58\x0e\xb8\xac\xbc\xaa\xc8\x3a\xe9\xac\x9b\x44\x3e\x6d\x1c\xff\x44\x9c\x36\x89\xb4\x33\xd5\x09\x00\xb2\xe8\xb7\x1d\x00\xe1\x19\xc8\xb8\x75\x09\x4b\xda\xb9\x16\xad\xaa\xb7\x5b\xcc\x85\x29\x59\xd8\xd7\x59\x79\x5b\xbd\x6b\x36\x0e\xe4\x84\xaf\xe4\x7b\x1a\xd2\x83\x91\xf2\x5a\xfb\x8d\x4e\x3a\xfe\x0c\x5b\x60\x04\x98\xa1\x28\x33\xfe\x2a\x1a\x54\x83\xdf\x94\x0b\x17\x3b\xa0\xd9\xd8\xc4\xd1\x32\x1f\xa4\xb7\x33\x33\x4b\x0f\x6d\x87\x8a\x0e\x5a\x76\xf4\xf1\x80\xac\x11\x9a\x82\x08\x2a\xcb\x14\x88\xe4\x9b\xbc\xa7\xa0\x36\x9c\x19\x1b\xd6\xd0\xc5\xd4\x45\x65\x68\x21\xa9\x9c\xcb\xc9\x45\x94\x9e\xca\x81\x36\xcc\x6e\x12\x7d\x9d\xe9\x2e\xf6\x4f\x17\x4a\x6c\x04\xc8\xb5\xe5\x24\x95\xf0\xdd\x67\x4b\xb5\xca\x12\x8a\x92\x09\x96\x8f\xd4\x50\xdc\xe3\x19\x91\x3f\xd6\xa3\x0c\x33\x82\x79\x81\x63\xe6\x58\x5f\x58\xef\x20\x8b\xe4\xd0\xc6\xa2\x51\x3a\x75\x23\x88\x39\x7a\x4a\xe4\x44\x83\x8c\x84\x66\xdb\xc3\x6f\xbc\x36\xae\x08\xbe\xc8\x8e\xed\xa1\x31\xc1\x4d\x06\x36\x6b\x67\x31\x51\x45\x41\x00\xde\xa1\x11\x81\x50\xfb\xe4\x41\xb1\xe7\x82\x6e\x54\x5d\x98\x68\x24\x2e\x89\x9f\x5e\xa5\x3e\x43\x4c\x37\x93\x6c\xe6\xfd\x06\x14\x62\x83\xe8\xfb\xd5\x36\x48\x0d\xe5\x5a\x16\x10\x2c\x44\x75\x4b\xc5\x54\xd5\xbc\x2d\xe2\xf2\x5e\x19\xe5\x67\xa0\x23\xdf\x46\x40\xe7\x4f\xf3\xa4\x9e\x4d\xd3\x0e\x0e\x25\x58\xb3\xdb\xc2\xaa\xb9\x2f\xdd\x5e\x79\x42\x5e\xcb\xc4\xc6\x99\xfe\x1f\x16\x19\x65\xf1\xd0\xb4\x5d\x8b\xda\xb5\x2e\xc9\xbf\x7a\x69\xd8\xaa\x0b\xd1\x71\xe7\x55\xce\x7b\x8d\x07\x18\xf7\x26\x7a\xfb\x73\x3e\xfc\xa5\x4b\x21\x3e\x6f\x5a\xda\xb4\xc9\xd7\x6c\x86\x7f\xcb\x69\xae\x05\xc7\x4b\xd2\x15\x16\xcf\x34\x2c\x61\x61\xf6\xfc\x9e\xcc\xac\xf9\x70\xeb\xce\x54\x0c\xd8\x92\xbc\x10\x6c\x6b\xd5\x63\x61\x02\x98\xb7\x09\x68\xf0\x91\xbc\xc6\xe1\xf7\xab\x4a\x5b\x2c\x63\x74\xa1\x90\x3f\x4d\x3a\xd5\xe1\xbd\x86\x43\xa9\xc2\xf8\x78\xc3\xd7\xa4\xdc\x49\xef\x31\x97\xed\xbc\xda\x7b\xb9\x1e\x7e\x06\x60\x60\x87\xd4\xe9\x81\xbf\xab\x93\xa6\x02\x49\x77\x96\x2e\x45\x26\x25\x17\xf3\x38\xb6\x85\x7e\xec\x21\x58\xa2\x97\xb2\xaa\x91\x52\x4b\x67\x7a\x21\xaa\xc5\x7b\xe0\xb6\x3a\x80\x74\xfe\x54\xe7\xa9\xdc\x70\xc5\xa5\xc3\xde\x72\x8b\x9c\x17\xec\x12\x12\xab\x11\x30\xeb\x17\x62\x2c\xd7\xb2\x2a\xb6\xeb\xa9\x18\x5e\x8d\x67\xbe\x6c\x47\xa2\xe5\xad\xc6\x63\xd4\x64\x2c\xc1\x20\x22\x2e\x29\x9f\xe1\x34\xfd\x7f\xcd\x00\xad\xab\xcf\xaa\x64\x2f\xe2\xe0\x8d\xd5\x2e\x2c\x3f\x32"},
+{{0xb6,0xc8,0x8b,0x4c,0x90,0xfd,0x19,0xa1,0x49,0xd3,0x81,0x67,0x19,0x53,0xb9,0xb1,0x6d,0x42,0x8f,0x63,0x61,0xcf,0x50,0x3a,0x11,0x04,0x77,0xe2,0x97,0xf8,0xd2,0xf8,},{0x8e,0xbf,0xb0,0x84,0xf9,0x97,0xb2,0xea,0x79,0x32,0xa2,0x35,0x3b,0x2c,0x8b,0x16,0xbd,0x82,0x5e,0x1a,0xf5,0x87,0xa8,0xeb,0xc5,0x1a,0x6c,0x45,0xae,0xa3,0x43,0xae,},{0x74,0x47,0xa2,0x01,0x81,0xb0,0x2c,0xf1,0xb6,0xad,0x52,0x95,0x69,0xce,0x43,0x7c,0x2a,0x05,0x08,0x11,0x6f,0x50,0x20,0x5c,0x41,0xe6,0x37,0x8b,0x74,0xfe,0x2f,0xc5,0x36,0x30,0xaa,0x0d,0xc4,0xb8,0x0c,0x31,0xcb,0x26,0xc8,0xf0,0x9b,0xf8,0xfa,0xb2,0x7e,0x3a,0xbc,0x8f,0x1f,0x60,0x4a,0x5e,0xc0,0x66,0x31,0xa8,0x4f,0x6f,0x2e,0x06,},"\x7f\x4b\xf4\xf5\x21\x73\xef\xf0\x72\xf8\x18\xd0\xaa\x97\xe6\x93\x5d\x8b\xac\xcf\x48\x39\x66\x32\x53\xb2\x41\x4f\xe6\xb1\xf3\x4c\xf4\x3a\xb1\x20\x15\x5a\x1a\x3a\xea\x7b\x48\x19\xdd\xd1\x03\x16\x73\xb8\xa7\xa6\xbd\x0b\x9d\xda\x4a\xde\xfe\x69\x2a\x56\x16\x2c\x64\x61\x80\x79\x42\x64\xc5\x12\x21\x15\xeb\x90\xa6\xd3\x05\x4f\x08\x43\x02\xdc\xe3\xd8\x36\xac\x3d\xe8\x20\x63\x8b\xd8\x9a\x86\xbf\x0a\x4c\x01\x54\x7c\xfd\xc5\x43\xd6\x76\xfe\x16\x39\xef\x72\xc5\xb8\x45\xc4\x94\xe0\x78\x14\xce\xc8\xa4\x7d\x03\xdf\x73\xbe\x4e\x33\xc0\x5a\xfe\x9a\x19\x0d\xda\x04\x33\x60\x49\x6b\xe4\xcf\x3a\x63\x19\xda\x9a\xb0\x64\x81\x67\x7f\x1a\x43\x74\xd6\x0d\x3d\x3b\x63\x94\xf8\x84\x3c\x86\x9b\x0f\x41\xa1\xe8\x1c\x2b\x1a\x54\xbf\x5a\xac\xbd\x98\x20\x7c\x8d\xba\xcb\x36\x42\x2a\x3a\xa0\x13\xd5\xe8\x49\xe0\x44\xaf\x92\x85\x45\xc0\x46\x09\x7c\xaf\x14\x9d\x97\x02\x15\x11\x5d\xea\x0b\x5a\x85\x40\x1f\xf6\x72\xe0\x2e\xd4\x0b\xd0\xf5\xa4\x40\xcd\x56\x49\x40\x53\xc8\x96\xc3\xbd\x32\x60\x63\x49\xf7\xcb\xe7\xec\xe2\xa2\x23\x0c\xf2\x36\xda\xc5\x9f\x78\x17\x96\x5f\x3f\xa8\x0f\xb4\x8a\xa3\x0b\x0b\x19\xef\xa9\xa9\x65\x91\x64\x6b\xd2\x5e\x67\xc1\x85\xf7\x7e\x21\xd6\x63\x0b\x28\x8d\x4e\x55\x14\x6b\x2a\xbc\x15\xe9\x50\x88\xd9\x36\x08\x07\x75\x61\x81\x54\xbb\xdd\xa1\x15\x70\x2a\x2a\xfd\x6f\xd5\xf5\x6b\x92\x3e\x18\x88\x33\xec\x44\x89\x44\xd3\x02\x83\xe3\x37\x25\x42\x42\xc5\x81\x2d\x72\x45\xa4\xe9\x26\x70\xbc\xe3\x54\x6e\xfa\xed\x22\xd2\x74\xe1\xe6\x04\x8b\x5a\x0f\x01\xef\xbf\x89\x5d\xc4\x24\x94\xba\xf1\x74\x71\x85\xcb\x1a\x4b\x88\xfd\xf1\xe6\x09\x9b\xaa\xbc\x6a\x5a\xb5\xa2\x72\x7b\x1e\x24\x87\x89\xd1\x70\xca\xa2\x44\x96\x71\xa8\xf6\xe0\x94\xc1\x13\x32\xea\x0a\xc2\xaf\xe8\x81\x32\xc6\x44\xff\x88\x3d\x0c\x49\x9a\xd7\x6a\x93\xdf\x47\x2f\xa0\x13\xea\xa2\x7a\xb4\xda\xd6\x79\xd2\x51\x1b\x50\x49\xc4\xe9\x8b\xaa\x2e\x7b\x00\xa5\x34\x89\x1e\x29\x02\x65\xed\xb0\x76\xf7\xdc\xa8\xe6\xfe\xf3\xf4\x33\x03\x4a\x16\x57\x5f\x0e\x53\xda\x45\x77\xe6\xb1\x3f\x0c\xb0\xd7\x85\x87\x0d\x0d\x09\x8d\x5d\x80\xf4\x13\xa2\x68\xba\x84\xe0\x43\x1a\x78\x69\x23\x77\x13\x78\xcd\x57\xb8\x19\x22\x58\xe2\x63\x3c\xdb\xe0\x3c\xc3\x16\xa0\x95\x09\x70\x52\x6f\xd3\xe0\x93\x76\xbc\xef\x0d\x03\xb7\x07\x4e\x59\xa5\xa8\x4f\xc6\x4e\x79\x5a\x81\x21\x56\xd9\x60\x56\x76\x50\xbb\x1e\x14\x24\xb3\xcc\x9a\x4d\x99\xd5\x7b\xa8\x58\xdd\x1a\x0c\xad\x35\x32\xe9\x98\x14\x6e\x79\x26\x40\x45\xe2\x8e\xbb\xfd\x75\xa4\x26\xb0\xbb\x85\x1a\x24\x4a\xd6\xbe\x7b\xd5\x76\x5a\xf4\x93\xdf\xc4\x4e\xe3\x78\xcd\x04\xda\xf3\x91\x7e\xef\x2a\x62\x06"},
+{{0x79,0x49,0xa9,0x47,0x2f,0x72,0x5c,0xe7,0xc6,0x8d,0x7e,0xa8,0xfc,0x16,0xe1,0x3d,0x9e,0x0e,0x0a,0x58,0xf5,0x8c,0x24,0xf9,0x22,0x8c,0x88,0xe8,0x02,0x64,0x09,0x0d,},{0xa3,0x70,0xf8,0x28,0x33,0xf8,0x8b,0x4f,0x5f,0x53,0x10,0xb9,0x18,0xe6,0xaf,0x93,0xbb,0x72,0x4b,0xfb,0xdf,0x3c,0x02,0xc5,0x03,0x78,0x0b,0x2c,0x83,0xab,0x6c,0xc6,},{0xe0,0x28,0x98,0xcc,0x7c,0x30,0xee,0x01,0x64,0x82,0x47,0x49,0x7b,0xe8,0xa9,0xc6,0x37,0x85,0x93,0xdc,0x88,0x20,0xbf,0x7c,0x17,0xff,0xcd,0x18,0x11,0x8a,0xf0,0x98,0x79,0xa7,0x69,0xf5,0x39,0xdd,0x92,0x37,0xe9,0x68,0x21,0x16,0x66,0x34,0x99,0x8f,0x94,0x6d,0xa6,0x5e,0x6d,0xba,0xd8,0x27,0x15,0x11,0x66,0x9e,0x2d,0x6c,0xad,0x02,},"\x95\x53\x86\xb9\x2d\xd6\xbf\x92\x60\x1b\xf8\x1e\x84\xd2\x51\x44\xb5\xfc\x0b\xcd\x7d\x23\xc7\x6e\x7d\xeb\x5f\x5b\xa6\x31\x6b\xb6\x1a\x5d\x8e\x74\x18\x5b\x01\x29\x67\xf0\xa4\x43\x8b\x53\x16\x96\xde\xb4\xb8\x10\x10\x89\xe0\xc0\x48\x2a\xdf\x13\xc0\x61\x31\x91\xb9\x77\xf7\x7b\x04\x19\x81\x41\x47\xf5\xda\x64\xa1\xd3\xbe\xb1\x27\x5b\x98\x49\xd1\x29\x7b\xa8\x53\x2a\xe0\xa6\x47\xa8\xac\xe3\x95\xae\x0e\xd0\x0f\x67\x34\x8c\x5e\xe5\xea\x19\xb5\xf1\xc5\xbd\x2e\x62\x28\x18\xe8\xad\xcb\xa3\xc1\x7c\x27\x98\x7e\x4e\x3d\x6d\x91\x0a\x56\xc7\xe5\x14\x9d\x3f\x55\x74\xfc\x06\x00\x9b\xf4\xdd\x3e\x37\xcf\xe3\xeb\xda\x2c\x21\x16\xd3\x66\xdd\x88\xce\x5e\xa7\x2a\xb3\x87\x49\x05\x85\x44\x3b\x08\x6e\x8a\xa3\x8d\x11\xd3\x82\x0b\x72\xc6\x58\xe4\x63\xcd\xb5\x9c\x53\x93\x01\x1d\x4a\x8f\x4c\xb6\xa1\x95\x22\x93\x04\xe7\x62\x39\xfa\x5e\x8c\x2c\xbe\x0f\x39\xdc\xad\x13\x8a\x0e\xcb\x3c\x51\x57\x9e\xc9\xa1\x20\xa5\x16\x07\xee\xfe\xbf\xa5\x9a\x44\x62\x0e\xa5\xb1\x91\x60\x87\xea\x33\x85\x33\xfc\x13\x2f\xf2\xe4\xa4\x3d\x05\x2f\xd0\x8b\x6b\x1b\x24\xfb\x67\x2f\x73\xc9\xb9\xba\x20\xb7\xc1\xc4\x1e\xa2\x4d\x91\x2d\xe9\xb5\x55\xb6\xe5\x68\x2b\x97\x06\x08\xff\x22\x9a\xd3\x08\x6f\x43\x1f\x9b\xe1\x90\xec\x39\x22\x4b\xa2\xed\x8a\xcb\x4c\x8e\xac\x85\x82\xe2\x3a\xaa\x79\x82\x7c\x44\xe2\x48\xc5\xba\x09\x2d\xda\xc0\xf2\xf7\x96\x84\xaa\x93\xfc\x06\x10\x73\xe1\x82\x1a\x56\xaf\xb9\xbf\xec\x95\x2d\xf2\x71\x9a\x9c\x7a\x40\x3e\x6a\x93\xf7\xa6\x56\xd7\x4b\x61\xc1\xd1\x90\x83\xf8\xd3\xf1\x9e\x65\x9f\xa2\xb7\x18\xe0\xbd\x04\xb6\x93\xd6\x3d\xaf\xb8\x6a\xdb\xee\x5d\x87\xc7\x5b\x7d\x12\x91\x22\xf1\x78\xa0\xe6\x69\xeb\x03\x5c\xa4\xd8\xeb\x45\x39\x7f\x18\x51\x26\x4e\x2c\xf0\xa0\xcd\xd3\x07\x20\xc5\xe1\x39\xcd\x6a\x57\x3f\x1f\xa2\x41\xca\xe9\x42\x58\x05\xac\x79\x60\x3e\x8d\xe3\x50\xef\xdb\x0b\x9b\xc9\x5b\xa7\xb0\x85\xc1\xed\x92\xc1\x2a\xcf\x53\xf5\xd4\xa1\x13\x75\x98\x00\x8f\x2a\x36\x72\xc8\x4e\x5f\x76\x9a\x25\xc7\xa4\xa1\x65\x79\xd8\x62\x88\x77\x49\x72\x60\x6e\x4e\x7d\x85\x26\x3a\xd2\x17\xe0\xdb\xcf\x34\x3f\xe5\x54\xc1\x09\xc5\xd9\x40\x9b\x79\x39\x07\x3a\xc5\x5a\x03\x42\x0f\xec\x28\x9b\x11\x4a\x5c\x54\xc2\x0b\x45\xea\x69\x93\x85\x33\xad\xe7\xb3\xae\x85\xe1\xa7\x83\xdd\x97\x89\x7c\x3a\xe8\x25\x41\x83\xcc\x54\x04\x5c\x2a\x18\xec\xbe\x52\x16\x91\xf2\x61\x9d\x9b\x8f\x1f\xb3\x47\xca\x05\x5a\x7b\x0b\x4c\x24\xf6\x4d\x17\x73\xe0\x14\x16\x44\x1e\xfe\x15\x99\x23\x21\x7a\x84\x87\x4b\x9c\x4e\xc2\x65\xcd\xaa\xb6\x43\x90\x80\x68\x49\x78\x12\xc1\xaf\x15\xc1\x88\x07\x1e\x78\xf5\x97\xfe\xdf\xce\x91\xc5\xd4\xc6"},
+{{0xd6,0x8a,0x5e,0x3c,0x47,0xee,0xdb,0x30,0x99,0xdf,0xfc,0x80,0x4c,0xf1,0x9c,0x5e,0x74,0xbf,0x7b,0xf5,0xf0,0x1f,0x54,0xd4,0xd9,0x1d,0x75,0x74,0xf3,0xd3,0xdc,0x7c,},{0x46,0x46,0x7f,0xe9,0xce,0x3a,0xcf,0xd0,0xd7,0x43,0x46,0xbe,0x21,0xc4,0x62,0x16,0xdb,0x81,0xae,0xce,0x6c,0xe0,0x30,0x8f,0xb8,0xdc,0x63,0x86,0xfc,0x34,0x46,0xcf,},{0x89,0x6f,0xc3,0xca,0xba,0x7f,0xd3,0xfc,0x28,0x5d,0x5e,0xdd,0xdd,0xc0,0x12,0x0c,0xd4,0x6d,0xa7,0xc6,0xef,0xab,0xe6,0x6b,0x15,0x0b,0x00,0x27,0x60,0xb8,0x41,0x4a,0x89,0xac,0x9e,0x7f,0x1f,0x7b,0x7c,0x7b,0x33,0x59,0x8f,0x61,0xf4,0x57,0x18,0xe4,0xff,0x4a,0xc3,0x68,0xff,0x12,0x96,0x14,0xb4,0xfe,0x92,0x19,0xf2,0x37,0xb0,0x09,},"\x59\x6c\x03\xd0\x87\x3f\x57\x2f\x45\xc3\xb1\x6f\x0e\xf4\xb5\x2a\xd2\xbf\x59\xec\x76\xd3\xc0\xe5\x34\xd6\x2c\x1f\x84\x16\x4d\xda\xa4\x25\xfb\x85\xc9\x54\x84\x85\xb7\x06\x46\x77\xe9\x9d\x04\xc3\x9b\x6e\xba\x04\xc9\x66\x39\x7b\xa6\xa5\xf4\xeb\xaa\x69\xa2\x41\xdf\x95\xa6\xe4\x45\x02\x50\x9d\x63\x50\x55\x7e\xbf\xea\x60\x26\x4b\x62\xad\x7f\x74\xd1\x6e\x5d\x25\xd4\x59\x70\xcf\xeb\xeb\x33\xe7\xb1\xba\xc3\x34\x8d\xd0\x3a\x8e\x99\x13\x3b\x26\xbb\xfd\x7a\xa7\x22\xc2\x58\x7f\x72\xd5\x52\x6e\x98\x0d\xa9\xee\xbd\xf1\x08\x21\x1d\xae\x50\xbb\xe8\xc6\x5f\x9a\xbe\xe6\x9a\x1b\xbf\x84\xc0\x3e\x40\x44\x8b\xab\xad\x03\xd3\xcf\x3b\x7d\xe4\x88\x7d\x2b\x47\x73\x77\x02\x79\x64\x82\xd2\x26\x5c\x56\x6b\x0f\x62\x3b\x53\xc8\x67\x1b\xd3\x71\x9e\xde\xc0\xff\xd5\xf4\x9b\x49\xb0\x72\xc1\x56\x4a\x57\xf9\xba\xb6\xb9\x2d\x1f\x06\x8d\x75\x66\x39\xa4\x33\x14\x52\xe6\x1a\xa7\xb2\x18\xa8\x8b\x9d\xb7\x7a\x19\xfb\x82\xf1\x3e\x98\x68\xed\xb7\x98\xd5\xbe\xec\xa5\x5d\x1a\xb0\x95\xb3\x16\x22\x5f\x3f\x63\x90\xf8\x95\x78\xf0\x16\x04\x28\x74\x7b\xcd\x21\xbe\x6a\xe1\xd8\x69\x91\xb4\x8e\xf8\x0d\x56\x92\x50\x85\x8f\xeb\xf3\x27\x6b\xd5\xde\x3d\xb6\x5a\x24\x5c\x8b\xdc\xf1\x48\x8c\x48\x25\x96\x89\x45\x78\x6b\xed\x63\xf3\xd1\x3f\x14\x09\x36\x3b\x94\x85\x60\x47\x68\x58\xb3\x96\xbc\xe5\x88\xe4\x0b\x31\x1d\xdf\xc2\x2a\xd6\x22\xca\x7d\x1e\x69\x56\x14\x64\xdd\xa5\x00\x9e\x63\x8a\xa5\xec\x9f\x4c\x03\x92\x93\xaa\xec\x75\x00\x1f\xfc\x68\xa7\xcb\x3a\xe0\x18\x74\xdc\x7f\x39\xd7\x50\x27\xf5\x9a\x28\x96\x5f\xc1\x95\x30\xc0\x75\x2f\xe9\x9b\x15\x3d\xa7\xc0\xe5\x42\xbd\xa7\x6c\xa1\xe1\x0b\x7e\xa1\x58\xef\xb4\xd8\x21\xfb\xc6\x5e\x72\x71\xad\x99\x41\x09\x53\x15\x44\x7a\xbc\xad\x08\x80\xa0\x07\x5d\xd0\x4b\x13\x25\xc7\x26\x33\xac\xbc\xb2\x61\xfc\xb4\x07\xc2\x64\xa3\x4d\x70\xbf\x1f\x04\x4f\xee\xad\x06\x9a\xf5\xa8\x7d\xd3\x52\xf4\xbd\x81\x10\xfa\x17\x8a\xdb\xd8\xdb\xf2\x3c\x6b\x57\x5c\xdd\x5d\xf2\x2c\xc9\xa5\xcd\xd3\x7d\x9c\x8f\xaa\xb8\x1a\x4c\xb3\xfb\x5c\x4f\xe7\xff\x62\x9d\xba\xa9\xfc\x06\xb8\x0c\x1f\xb6\x91\xc2\x86\x55\x95\x5c\xfe\x5c\xa4\x41\x49\xb1\x50\xb3\xcf\x14\x0d\x9a\xca\xcb\x14\x31\x3a\x72\xc8\x40\x98\xde\x72\xba\xcc\x02\x72\xd7\x9e\xd6\x61\x7f\x72\xde\xc8\x8e\x19\xb8\x44\x25\x49\x2a\x42\x9e\xc6\xd2\xec\x08\xb8\x63\x46\xdf\xbf\x20\xea\x2a\x36\x19\xe7\x7b\x6a\xc6\x42\x30\xeb\xe2\x5f\xa0\x06\x7a\xbb\x5f\x33\xee\x49\xad\xc7\xc4\x4b\xda\x70\x46\xd7\xf2\x24\xf2\xe7\xa4\x89\x56\x83\xfc\xa8\x68\x4e\xd6\xa0\x31\x84\x4f\x57\x86\xbc\xda\x48\xb5\x04\x23\x94\x48\x7b\x52\x40\x2a\x09\x90\x77\x88\xa1\xe1\x40"},
+{{0x31,0xe8,0x2b,0xc1,0xcc,0x5c,0xed,0x21,0xcd,0xc8,0xbf,0xc2,0xdb,0xbb,0x97,0x6b,0x08,0x78,0x0a,0xfc,0x69,0x44,0xaf,0x7e,0x88,0xe5,0x0e,0x67,0x87,0x4d,0x84,0xf1,},{0x8d,0xf9,0x77,0xe2,0xb0,0x40,0xac,0xeb,0xd3,0xda,0xfd,0x67,0xb8,0x7f,0x92,0x16,0xe8,0xc3,0x71,0xbe,0xce,0xd6,0x18,0xfe,0xf3,0xa4,0x96,0xd6,0x51,0xa5,0xd7,0xb5,},{0x24,0x07,0x02,0xac,0x6c,0x68,0xd5,0x97,0xd2,0x22,0xda,0x94,0x9d,0x0c,0x47,0xd1,0x6b,0x39,0x0a,0x47,0x7d,0x1f,0xb5,0x79,0xe9,0xd8,0x94,0x8a,0xdf,0x9b,0x3b,0x6a,0x7f,0xd4,0x45,0x8a,0xe6,0x38,0x5b,0x7e,0x2b,0x68,0x4a,0x05,0xb5,0x5c,0x63,0xfa,0x6c,0xd0,0x87,0xbb,0x90,0x11,0x3c,0xba,0xb8,0xe4,0xaf,0x14,0x2f,0xcf,0x81,0x0e,},"\x69\xd4\x61\xb6\xb7\xa8\x66\xe9\x4c\xd5\x9a\x5a\x23\xbb\xa4\xa1\x27\x66\x02\xf0\x42\xba\xa8\x50\xd5\xb2\x92\x49\xd6\x74\x3a\xda\x04\xd3\xd9\x38\x21\x9a\xbb\xc2\x2a\xda\x66\xa1\x77\x81\x97\xf7\x0b\xf8\x0b\x59\x7a\x8b\x4a\xe0\x0b\xdb\x87\x68\x12\xd3\xab\x4e\xc0\x11\xdf\x73\x34\x1c\x85\x05\x3e\xeb\xcc\x2d\xf0\xac\xfc\x21\x54\x82\x83\xb5\x53\xec\xde\x01\x54\x82\x8e\xd5\xaf\x47\x57\x19\x85\xf8\x97\x67\xb0\x05\xb6\x22\xc9\xe7\xc0\x79\xdd\xe6\x94\xe4\x9d\xc0\x55\x0c\x79\x18\xcc\x51\x5c\x27\x4d\xbd\x9c\x54\x69\xd2\xf1\x8e\xcd\x90\xde\x66\x4e\x03\xca\x41\xe5\x3b\xe2\x0b\x96\xe2\x5a\xf4\x0c\x54\xab\x0f\x7c\xbe\x9e\x05\xca\x3f\xa5\xa3\x7c\x1a\xa8\xeb\xfb\x64\x44\xa3\x2c\x49\x6e\xfc\x68\x15\x7c\x69\xf3\x58\xc1\x5f\x6a\xc0\x9d\x46\xef\xef\x9a\x68\x5d\xf7\xe8\xdd\x63\xb3\x04\xbd\x3c\x63\x8c\xcf\x53\x2f\xe9\x01\xf1\x1c\xf9\x7c\x5b\x1c\xbe\xd3\x3c\x70\x63\x7c\x72\x1b\x02\x89\xad\xf6\xbb\x6d\x87\xc3\x04\x79\xfa\x92\x6e\x04\x30\x74\x30\x2b\x76\xf1\x15\x7d\x0a\x81\xde\xc4\x93\xe8\x7a\x3c\x64\x3e\x7a\x20\xb7\xa4\x15\x25\xa3\x8d\xb0\x4e\x78\xda\xe5\xe7\x79\x70\x66\xbf\xae\x2c\xf4\x48\xa4\x47\xe9\x00\x4c\xce\x8e\x41\xf0\x98\x79\x91\xfa\xd3\x03\x11\xdd\xaa\x45\x9a\x26\x44\xf4\xb9\x41\xc0\x68\xc0\xd6\xc0\x77\x1a\xfc\xf4\x2b\xf9\x13\x9a\x68\x4d\xa2\x98\x48\x6e\xcf\x67\x52\x3b\xf8\x50\x9a\x45\xba\x5c\xb8\xb3\x86\x4a\xd2\x2c\x0c\x6a\x82\x8c\x6d\xb7\x2e\x37\x1d\xe4\x10\xb4\x7d\xac\x49\xae\x9d\x3b\x57\x02\xb1\x73\x9b\x8d\x76\x0c\xe9\x86\x11\xc0\x7d\x88\xdf\x5f\x04\x68\x38\x08\xa2\x1a\xfc\x2e\x61\x71\x3f\xc2\xc0\x25\xcb\x25\xfc\xc4\xee\x94\x18\x41\x08\x3b\x22\xf6\x1e\x26\x56\xfb\x3b\x8d\xad\x41\xc2\x62\xc8\x9d\x2f\x17\x61\x03\x09\xf2\xd5\xc2\x95\x89\xa2\xdf\x61\xe5\x51\x49\x89\x50\x32\xca\x98\x1e\x45\x57\xe1\x30\xa2\x37\xfc\x08\x26\xfc\x87\x25\x29\x86\x1b\xbb\x83\x28\xd6\x73\xf3\x9b\x58\xb7\x3d\x06\x0e\xc5\x96\xbf\x22\xe7\xee\x08\x1f\x44\xe9\x2c\x02\xa5\x67\x76\x79\x52\x0e\x2a\x2b\x4d\x22\xc7\x7f\x2b\x21\x2d\x5a\xaf\x05\x0b\xf2\xc1\x41\xe3\xe2\x8b\x85\x71\xd4\x32\x19\x37\x42\x62\x35\xc7\xa6\x46\xd6\x47\xe3\xef\xe1\x83\xc2\x7b\x74\x92\x56\x5e\xca\xcd\x7f\x43\xc6\x7a\x74\x45\x3f\x47\x80\xe8\x87\x11\xba\x2d\xd4\xa3\x94\x1b\x12\xdd\xd3\x90\x92\x70\xfb\x3d\xeb\xd4\x22\x43\x6a\xb6\x16\x6f\x08\xc9\x9c\x88\x6c\xc0\xe8\xe3\xce\xcd\x06\x42\xe4\x42\x85\xb8\x86\x4a\xa4\x16\x94\x3c\x5a\x18\x69\x74\xf4\x64\x53\x5a\x87\x0a\x01\x28\x61\xbc\x2e\x58\x71\x49\xca\xe9\x71\x62\x4e\x61\xc3\x1d\x8a\x50\x7e\x3a\xd8\x27\x73\xe7\x23\xbc\xb7\x5d\xf5\x4b\xef\x84\x7a\x40\x7b\xcb\x7b\x1d\x57"},
+{{0xcc,0x56,0xbc,0x7c,0xdf,0xa6,0x11,0x92,0x4e,0x72,0xb0,0x7f,0x68,0xab,0xc6,0xca,0x5b,0x85,0xff,0x8b,0xba,0xcd,0xff,0x40,0x6e,0x51,0xba,0x72,0x0d,0x09,0xa8,0x66,},{0x5f,0xfe,0xe2,0x21,0xab,0x4d,0x0f,0xe6,0xf4,0xc9,0x34,0x6c,0x5e,0x5a,0x4b,0x8a,0x63,0x6a,0x6a,0x0b,0xad,0xce,0x96,0x67,0xbe,0x73,0x9f,0x4c,0x9e,0x67,0x33,0xc1,},{0x9b,0x86,0xa1,0x92,0xb6,0x4f,0x4f,0x04,0x4f,0xfb,0xf8,0x7b,0x41,0xc7,0xee,0x52,0xf7,0xa7,0x21,0xaa,0x32,0x0e,0x7b,0xad,0x64,0x25,0x99,0x59,0x90,0x31,0x5c,0xdd,0x50,0x2b,0xe4,0xe1,0x11,0x60,0x19,0xd1,0x31,0xa9,0x21,0x8d,0x19,0x61,0x4a,0xd9,0x55,0x43,0xb1,0x88,0x9a,0xf0,0xa9,0x7e,0xd4,0xd2,0x56,0xdc,0x33,0xd7,0x6e,0x08,},"\x08\x83\x04\xf2\x2e\x1a\x28\x60\x62\xde\xfb\xeb\xb1\x82\x7a\x64\xb7\x6a\x14\xe8\x70\x15\xe7\xf6\x46\x17\x87\x77\xab\xa7\x97\x04\x68\x8d\x7b\xf3\x2e\x1e\xfa\xc9\x7a\x9f\xc3\x39\x81\x0e\xbd\x3d\xf9\x3e\x4e\xa0\x24\x68\x69\x53\xed\x91\xfa\x6d\x2a\xb6\xe0\x7e\xc7\x81\x1a\x6d\x91\xca\x91\xb0\x98\xdb\x47\x25\xdf\x65\x84\x6a\x95\xb8\x08\x63\x5a\x8d\x0c\x5f\xe5\xac\xe2\x5f\x07\x80\xe8\x96\x17\x7b\xc1\xbb\xa1\xcd\xb4\x44\x92\x51\xc0\x1b\x48\x2f\x02\x38\x62\xf8\x8e\x07\x2e\x79\xcd\xe5\xdb\xd6\xc1\xd9\xad\x9c\x07\xc6\x06\xf5\xdf\x85\xa6\xec\xa2\x96\x6c\xbf\xe0\xa1\x67\x39\x68\x11\x2f\x26\xa3\x17\x05\x3f\x16\x7f\x61\x1a\xf2\x97\xef\xa8\x02\xe0\xa9\x4b\x3e\x1f\x33\xa2\x7b\x73\xe5\x59\x7a\xbb\x22\x41\x15\xeb\xe7\x5e\x29\x4a\x1b\xcd\xcd\x97\x92\x55\xb0\xa8\x02\x65\xc0\x89\xaa\xa7\xd6\xbe\xd2\xe3\xd0\xc9\x18\xf5\x6f\x4a\x55\xf4\x48\xd8\x63\x36\x5c\x6c\x58\x46\xfb\x9b\x2b\x9b\xb5\x5f\x6b\x7c\x6d\xff\x58\x47\xb7\x1b\xfd\xd4\xbb\x5b\x9b\xb2\xe4\x24\x9b\xc0\x24\x3a\x02\xab\x4d\x22\xba\x78\xa4\x3d\x18\x21\x95\xae\xd7\x8f\xec\xe8\x4c\xb1\xdd\xae\xb9\xef\xf6\x81\x56\x04\x5b\x29\x32\xe6\x38\xd7\x73\x1d\x0e\x8b\x4c\x9c\x8c\x38\x3b\x0d\x6d\x39\x2d\x21\xfc\x64\x07\x62\xc8\x7d\x36\x92\xb1\x81\x0b\xcc\x4a\x42\x39\x2f\xf1\x3d\x45\x16\x9e\xcb\xf0\x13\x50\x55\x09\x31\x05\x09\x8c\x86\x9b\x68\x88\x7e\x93\x4e\x2b\x9d\xa5\x23\x2a\xc6\xc9\x37\x38\x00\xf7\x0b\x64\xec\x64\xa4\xaa\x0c\xa0\x44\xc0\x77\x7c\xa3\xa3\xac\xaa\x13\x8c\x14\x24\x96\x72\xa5\x5b\x24\xdd\xfe\x4d\xc3\x57\x57\x32\x41\xe1\x4a\xd0\xac\x16\x47\x5a\x8e\x38\x67\x88\x6d\x41\xee\xa3\x5f\xe7\x93\x2b\xa9\xae\xaa\x0c\x86\xc9\xeb\x6d\xb7\x80\x80\x49\xad\xe7\xb5\xcc\x1a\x40\x82\x2c\x66\xde\xa9\x3a\xd2\x2d\x44\xb9\xe4\x29\x04\xb5\xb8\x36\x84\xae\x29\x31\xfe\x36\xc6\x08\xff\x70\x96\xf1\xb0\x9f\x81\x1b\x02\x67\x28\x04\x40\x6e\x08\xed\x9e\x77\x45\x67\x6c\xe0\x47\xf0\xf7\xf6\x47\x08\xe4\x9b\xb7\x87\x54\x72\x0b\x8a\xa2\x26\xf5\x55\x6a\xbf\x05\xb5\x65\x84\x64\x52\x92\xda\xd0\x8e\x24\x73\x63\x9a\x8c\xe5\x47\x5e\x0c\xe9\x19\x2f\x8b\xa2\xdd\x32\xce\x14\xc9\x19\x75\xab\x60\x2f\x7c\x13\x53\x8c\x52\x95\x2d\x03\x96\x15\x8c\x7c\xc6\xb9\x42\xbe\x7d\x92\x3e\xeb\x52\x3a\x73\xb5\xb4\x11\x96\x6d\x14\xac\x96\xe5\xb0\x96\xa5\x29\x32\xa4\x16\x29\x2e\xcc\xdd\xb9\x10\x71\xc8\x85\x60\xe7\x0e\xcd\x4f\xe2\xfe\x24\xd5\x23\xfa\xfc\xb9\x8e\x40\x21\x50\x2f\x41\x90\xa0\x51\x5e\xdc\xb2\x40\x19\xea\xca\x09\xec\x26\x15\xa9\xbf\xde\xb6\x0e\xb3\x54\xc8\x4a\x1f\x3c\xec\x7f\xfd\x7e\x65\xa5\x51\x5d\x47\x95\x9a\x4c\x4e\xc4\x8d\x80\x21\xb1\x75\x4a\xe2\xbf\x84"},
+{{0x7a,0x57,0xf2,0xdd,0xa0,0xad,0x03,0x38,0xab,0x9a,0x13,0xc9,0xa3,0x49,0x7e,0x9c,0x75,0x23,0x8c,0x15,0x31,0x58,0x97,0x89,0x22,0x7c,0xd2,0x74,0x9b,0xc6,0xe9,0x50,},{0x6f,0x73,0x8d,0xc5,0xe7,0xd9,0xe2,0x40,0xc9,0xf4,0xd0,0xc0,0x6a,0x5e,0x02,0x17,0x47,0x56,0x8b,0x69,0xa7,0x5d,0x50,0x7a,0x2e,0x0b,0xe7,0xea,0x61,0x35,0x26,0xc5,},{0x98,0x91,0x23,0x76,0x1d,0x93,0x56,0x32,0x78,0xfd,0x0a,0x78,0xae,0xd6,0x4e,0x2d,0xe6,0xf4,0xa7,0x00,0xfc,0x9a,0x70,0xd2,0x18,0x77,0x48,0xac,0x06,0xd9,0xc2,0xc3,0x77,0xd1,0x99,0x5f,0x89,0xc7,0x72,0x7f,0xe2,0xf1,0x20,0x78,0x4e,0x41,0x71,0xc4,0x2d,0x63,0x53,0xac,0x3d,0x4e,0x3f,0x62,0x0c,0x63,0x9c,0x75,0x78,0x6c,0x46,0x0a,},"\x8c\x85\x75\xa1\x1d\x2f\xf2\xc2\x38\xe4\x19\xcc\xb0\x06\x33\xd0\x4e\x8b\x8b\xd7\x74\x29\x01\xd5\x88\xdd\x6a\x2f\x00\xaa\x12\xf0\x8a\xe4\x1d\xca\xa9\x33\x8f\x8c\x47\xe9\x53\x12\x19\x2c\xf6\xb2\x45\xa0\x0c\xe6\x88\xa0\x29\xda\x56\xdd\x1b\x1d\xeb\x0d\x34\xb5\x41\x4f\xe1\xc2\x1d\x6b\x63\xd0\x6b\x85\x34\xac\xe8\xe8\x66\xc9\x33\xfd\x7c\x5a\x65\xed\xa9\x5a\x17\x37\xa9\xec\xdb\x17\x85\x91\x49\xac\x69\x69\x51\xb8\x2c\x23\x0e\x82\x75\xe9\x6d\xd0\x2f\xd4\x55\xea\x67\x53\x79\xe6\x7b\xa6\x34\x84\xb6\x28\x38\x31\xfe\x3f\xfe\x52\xd6\xec\x49\xb7\x09\x10\x67\x05\xc9\xd1\x9b\x85\x9d\xe9\xfd\x20\x08\x87\xcb\x44\xd8\xfd\xfe\x69\x61\xfa\x4c\xa2\x34\x09\x44\xc7\x64\xc7\x04\x49\x12\x08\x25\x7e\x73\x54\x82\xaf\x8c\xb6\x90\x41\xdd\xe6\x85\x24\x1d\x3f\xbf\x46\xfd\xa0\x57\x24\x8b\x89\x87\xbe\x1f\x80\xb5\x4e\xb5\x40\x09\xf3\x24\xdc\x45\x0e\x88\x6e\x79\xf9\x12\x58\x5b\x91\xc9\xdf\xaf\xe9\x01\x22\x62\xc4\x71\x40\x3b\x1e\x8b\x5c\x31\xfc\x53\x75\xa1\xdd\xf9\x9b\x68\xed\xf9\xed\x70\xaf\x85\x94\xf7\xd8\x4b\x2c\xc4\x91\x1f\xe9\x05\x00\xc6\xee\xbf\xba\xc0\x85\x55\x35\x50\xe3\x5b\xd2\xe5\x25\x14\xe9\x79\xe7\x24\x1e\x9f\x8e\x34\xcd\xf8\x51\x3a\xbe\x72\x51\x0d\xff\x3c\xfe\xc7\xe2\xbc\x64\x88\x64\x1c\xfd\x0a\x65\xae\x0e\x09\xeb\xe9\x9b\x15\xb2\x9d\x45\xea\x67\xa5\x7a\xad\x55\x4d\x4f\x8b\xfc\xe1\x38\x6a\xce\x22\x88\x39\xe3\xa8\xa5\x34\x14\x0e\xec\x3d\x37\xd5\x1b\xe3\x61\xf5\xea\x18\x83\x73\x9f\x56\x61\x5f\x75\xb0\x55\xa0\x6a\x91\x47\x1b\xe9\x8b\xc9\x45\x37\x83\xc3\x58\x38\x2b\xd0\x55\x5a\xe9\xeb\x0b\xdc\xd6\x66\x29\xa6\x11\xfc\x1a\x11\xc6\x53\xc8\x22\x14\x58\x7d\xec\x12\xba\x12\x0e\x25\x13\x07\x0f\xe6\x9e\x98\x2f\x7a\x80\xad\x15\x9f\x6a\x32\x5d\x97\x7d\x01\xd0\x50\xd1\x16\xa6\x2a\x4f\x8a\xca\xb6\xc3\xd6\x9f\xf6\xc8\x78\x21\x3c\x60\xa9\x48\x45\xca\xe1\x06\xde\x6c\x5d\x6f\xe2\x50\x8d\x94\x56\x5b\x7b\xa7\x5d\x58\xd1\xad\x47\xd7\x6a\x20\xde\xfa\x75\x68\xcb\x7f\xd6\x6f\x57\xcf\x37\x74\xa2\x1d\x3f\xfa\x7d\x8a\xa6\xd8\x6d\xc2\x84\xb7\x0e\x0f\x17\xe7\x63\x0b\xfc\x10\xcd\x1f\xc9\xa8\xd9\xc5\x92\xd3\x9f\x24\xa7\xb5\xc8\xe8\xaf\xf3\x53\x57\x7e\x6a\xc9\x00\x86\x90\xc7\xa1\x59\xa7\xe8\x3b\xe5\xa6\xae\x8f\xca\x96\x44\xbd\xdf\xa3\x7a\x92\xb0\x70\x55\xf9\xfa\xc9\xfa\x97\xfb\x3e\x8f\x5f\x4d\x91\x7d\xda\x5c\x6d\xc6\xea\x34\xb6\x4d\x30\x24\x05\xbc\x38\x06\x2e\x07\xce\x93\xa1\xa8\x8a\xed\x5f\xba\xf9\x95\xa0\x9b\x45\xb2\x8a\xd4\xa6\xb2\x73\xde\xc1\x41\x3c\x54\x04\x52\x9d\x82\x5b\x5e\xdc\x2e\x27\xa3\x90\xeb\x7e\x8c\x2b\x43\x90\x5e\x11\x6d\x88\x7a\xb5\xfb\x99\x3d\xfe\x15\x0e\xbd\xcf\x81\x7a\xe6\x2e\x03"},
+{{0x32,0xef,0x6d,0x78,0x9a,0x1e,0xa3,0x93,0xf1,0xbf,0x9f,0x11,0xde,0x34,0xf5,0x7d,0x65,0x3c,0x4e,0x77,0xd5,0x1e,0x60,0x50,0xfe,0xf4,0xe8,0xd7,0xbf,0x18,0x3d,0xb5,},{0xc1,0xaa,0x18,0x1e,0x62,0x0f,0x60,0x52,0x5c,0x2b,0x17,0xda,0x8d,0x29,0x0b,0xae,0x5d,0x33,0x9e,0x17,0xea,0xbc,0xea,0xb5,0x8c,0xd7,0x6a,0xe0,0x66,0xf4,0x11,0x79,},{0x88,0xf3,0xa6,0xe0,0xbb,0xaa,0x3e,0x06,0x0b,0xc9,0xd9,0x1f,0xe2,0x96,0x8c,0x61,0x12,0x6b,0x20,0x31,0x7f,0x59,0x84,0x2e,0x4a,0xe4,0x87,0x11,0xcd,0xba,0xf6,0x2c,0x6c,0x02,0x07,0x40,0x5d,0x1c,0x48,0x49,0x95,0x02,0x71,0xf0,0xaa,0xa7,0x59,0x30,0x91,0x10,0x9e,0x47,0x8d,0x13,0xf3,0x56,0x96,0x4f,0x7d,0xba,0xb7,0x29,0xaf,0x00,},"\x11\xa9\xc3\xc1\xba\x7c\xfb\x61\xad\x10\x33\x05\xc2\x58\x86\xde\x9f\x88\x15\xc6\xc2\x1f\x17\xa8\x73\x3a\x02\x4f\x94\x97\xda\x05\x40\xdb\x36\x03\xa6\x71\xaa\xe8\x37\xdb\xbb\xa1\x9e\x19\xf8\x2d\xdf\xc8\xaf\x85\x59\x80\xa7\x01\x25\xfc\x61\xcd\x7f\xfd\x10\x77\x7e\x36\x6e\x5e\x95\x69\x92\x7a\xf0\xf2\x45\xd4\xf3\x9b\x3f\xd0\xf4\x58\x79\xc2\x53\x40\x14\x12\x85\x5e\x57\x61\x90\x5e\xd6\xef\x31\x8b\x6a\x06\xea\x6e\x9f\x90\x6f\x9b\xd0\x16\xbc\xb6\x94\xa0\xdf\x65\xa0\x16\xbd\xfe\x84\x5a\x09\xf2\x3e\x50\x86\xc5\xaa\xf3\x75\xef\xeb\x86\xda\x51\x23\x9d\xdc\x35\x0b\xac\x0c\xdb\x03\xb8\x74\xdb\x15\x07\xe6\xad\x4e\x2c\x9f\x46\x02\x8c\xa2\x38\x83\x63\x54\x14\x93\xb6\xcb\x92\xc1\xdf\xca\xa3\xef\xd6\x8c\x6b\x4e\x91\xef\xb4\x67\x51\xd2\x3f\x4c\x48\xa9\x73\xf0\xa5\xc7\xc6\xfe\x2a\x12\x69\xd2\xa6\x9e\x9f\xc4\xab\x8b\xa3\xb9\x2f\x79\x64\x49\xba\x3d\xc7\x02\x45\xed\x50\x5c\xc0\xee\xee\x16\x36\x64\x7a\x68\xc7\x67\x9d\x0b\x6d\x65\x1b\xba\x35\xc2\x9b\x81\x47\x8d\x17\xca\x36\x85\x70\x7a\xd6\x16\xe6\xe5\x60\x43\x81\xf8\x4e\xe5\x2b\x25\xad\x02\xfc\x0d\xfb\x85\x43\x2e\xfb\x1f\xec\xd0\x90\xc0\x2a\xd0\x02\xc1\x85\x7f\xce\xd8\x8f\xdf\xb2\xff\x26\xdd\x0f\x50\x18\xfb\x47\xd8\x13\x58\x1f\x65\x08\xca\x63\x7c\x73\x65\x17\x7c\x51\x3d\x1e\xe0\x58\x79\xa6\x5c\x5b\x67\x6b\x3a\xa8\x73\xa1\x93\x5c\x54\x37\xea\xdc\xb6\x6d\xfb\x05\x2a\x5e\x7c\x3e\x81\xd4\x4b\x3d\xaf\x69\x8f\x42\x24\x4e\xe2\xee\x4b\x6e\xd2\xb7\xe6\xe5\x6e\x61\xff\x9c\xb4\x5e\x71\x9f\xd7\x46\x19\x8b\xf2\xa7\xde\x6d\x25\xaf\x3b\xc6\xc7\xb0\xed\x8a\xbe\x3c\xb3\x89\xaf\xd8\x4f\xfa\x2a\x23\x0d\x93\xbc\x0c\x29\xd5\xa9\x41\x9c\xbf\xf1\x1b\x78\x83\x32\x99\x21\x48\x0b\x58\x44\x65\x5d\x99\x6c\x7c\xab\x29\xdf\xb2\xa3\x92\x7b\x82\xba\x7c\x30\x6c\x45\x77\xb6\xf8\xb5\xdb\xe2\xaf\xaf\x9b\xf1\x4a\x8f\x95\x54\xcd\x01\xa6\x9a\x99\x1b\xf2\x12\x82\x8d\xe1\xe6\x31\x72\xe8\x33\xde\x06\x69\x8c\xdb\x3b\x28\x71\x63\x80\x31\x45\x72\xbf\x5b\xcf\xd3\x4e\xf5\x2a\x6f\xad\xda\x87\xba\xbe\x6b\xac\xdb\x20\xce\x63\xc7\x25\xcb\x0f\xf6\x1f\xe3\x0c\x1b\x51\xdb\xda\x2c\x26\x25\xf9\x9d\xfe\xb0\x29\xa3\xe5\x8c\xba\x7d\x01\x90\x51\x11\xca\xf4\x2f\x27\x02\x5e\x72\x0e\x18\xee\xb0\x7d\xae\x91\x55\xc5\x5a\xa3\x00\xe2\x2e\xb5\xe9\x4d\xc7\xa0\xa8\x4e\xe6\x7d\x91\xa9\x60\xae\x08\xca\x63\x2d\xbb\x17\x37\xfc\x9a\x43\xdb\xcf\xb3\xa8\x79\xeb\x9f\xbf\xfd\x72\x99\x33\x8e\x26\x4b\xc1\x23\x7a\xb6\xa5\xbc\x2a\x26\x3c\xfa\x99\xe8\x54\x44\x39\xd9\x63\x31\x63\x9f\xe9\x40\x8e\x54\xa3\x50\x61\x0f\xf0\x1d\xe3\xf8\x57\x99\xad\xeb\x73\xd8\x2b\xe9\x38\x07\x4d\xea\x85\x8e\xa6\x36\xb6\x3a\xbd"},
+{{0x0a,0x55,0x25,0xa4,0x59,0x8f,0x60,0x99,0x2f,0x86,0xba,0x1a,0xb9,0xee,0xe6,0xe2,0x67,0x56,0x22,0xf9,0x43,0x28,0x4f,0xc0,0x55,0x3e,0x44,0x46,0xac,0x5a,0x4c,0x53,},{0xdb,0x60,0xd7,0xea,0x29,0xf8,0xd6,0x0d,0xad,0x33,0xd0,0x2e,0xc5,0xf4,0x22,0x32,0x05,0x7b,0xd1,0xc4,0xbd,0x61,0x80,0xa2,0x42,0xcb,0x7a,0xb6,0xf4,0x42,0x67,0x81,},{0x8f,0xa6,0xb0,0xae,0xac,0x71,0x13,0x2a,0xd8,0x82,0x97,0x58,0x68,0xf1,0xbd,0xb8,0xc1,0x1f,0x1a,0x6c,0x1b,0x9c,0x54,0x59,0x4e,0x0e,0x46,0x28,0x6e,0xa6,0xc9,0xa5,0xd6,0xd5,0xb0,0xea,0xea,0xca,0x9a,0xe3,0xaf,0x74,0xe7,0x23,0x26,0xb3,0xb6,0xf2,0xea,0xa8,0x93,0xc0,0xec,0x42,0xa4,0x9c,0x56,0xef,0x51,0x4f,0x75,0xc7,0x7f,0x01,},"\xf7\x87\x32\x1b\x42\xc0\x8d\x40\x52\x44\x9a\x48\x85\x93\xd8\x85\xb4\xe0\xc3\x4a\x5d\x64\x14\x9f\xa8\xb9\xc8\x5e\xe5\x4b\xcb\xec\xb5\x09\x09\xb2\xa8\x6b\x88\x25\x8a\x10\xe0\x7e\x8f\x8c\x2d\x06\x8a\x89\xfb\x16\x5a\x6a\xce\x7e\x64\x99\x8b\xa5\x7d\x89\xd9\xbf\x2b\x8b\x38\xa1\xf6\xd8\x36\x4a\xee\x05\xce\x33\x48\xbe\xd4\x8b\x88\xc2\x47\x3b\xf5\xf2\x66\x5f\x51\xca\x07\x3a\x53\x05\x35\x8e\xaa\xd4\x36\x5d\x58\xb8\x3b\xc9\x81\x4e\x25\xf5\x4c\x37\xcd\x9b\x68\xa8\x08\xa5\x7d\x6c\x2d\x7d\x7b\x6d\xeb\x5f\xe2\x0f\x4f\x96\xfe\x72\x5f\x8d\xe6\x5c\x29\xa4\xf1\xcc\xef\xd7\xc2\xc6\xf2\xfc\x01\x16\xd5\x86\x76\xac\xbc\x58\x69\x1c\x79\xc2\xb0\x06\x78\x5a\x09\x75\xa3\x1d\x8d\x3c\x94\x91\x61\x59\x6a\x06\x8a\xaf\x22\x26\xab\x84\x25\x50\xe9\xc0\xb2\x61\x0a\x29\x53\x1d\x1f\x3f\x7f\x00\x82\x6b\xb6\xc7\xdb\xe0\x4e\x28\xae\x1b\x9f\xf6\xf8\x88\xa4\x9d\x82\x81\x2f\x45\x2e\x1b\x32\x74\x0b\x23\x4d\xdd\x96\x42\xe1\x8f\x32\xad\x9a\x9a\xf7\xf8\x95\x25\x28\x67\x4a\x2c\xda\x25\xb4\xf7\xba\x86\x70\x07\xff\xa7\xf7\x8f\x16\x3d\xb8\xf3\x69\x14\x95\x6b\xfa\xec\xd5\x0f\x6d\x1a\xf4\xee\x13\x32\x75\xa8\xea\xab\x94\xbb\xc0\xae\x52\xb6\xd9\xb2\x83\x26\x34\x23\x2e\xc0\xe8\xb5\xf8\x02\x2d\x3e\xf1\xea\xd9\xb7\x9e\xf9\xa1\x65\x64\x27\x71\x94\xf2\x38\x0d\x90\x21\xe1\xf1\x7b\x18\x4b\x8d\x3a\x7a\x34\xd1\x51\x39\xa3\x9c\x77\x28\xc2\x2e\x1a\x3a\x67\xa2\x7a\x6c\xa4\xb8\xa8\xa0\x63\x6c\x60\x54\xd0\xf7\x41\xf0\x46\x67\x36\x19\xfc\x6b\x07\x0e\x62\xff\x48\x62\xf5\x9d\x26\x90\x07\xf3\x43\x13\x39\x63\x7a\x89\xf5\x64\xc0\xdb\x3d\x9b\xcf\xcd\x19\xfc\x25\x13\x8a\xc6\x6d\x47\x4d\x80\xf4\xad\x79\xf6\xd1\xe7\x84\x44\x08\xe8\x80\x34\xee\xaf\xf4\xa7\x90\x33\x8d\x54\x6b\xfc\xd7\x42\x4c\x11\x9e\x21\x1f\x36\x3c\xb8\x9c\x88\x87\x49\x34\x6a\x89\xd3\x2f\x02\x3b\xb6\xb0\x36\x6a\x1e\xde\x43\x25\x03\x2a\xa3\x5f\x52\xe9\xdf\x93\x8a\x50\x27\xeb\xee\x96\x88\xae\x48\x0d\xde\x1a\x9c\x9b\x42\xd1\xa9\xc0\x8f\x71\x92\x23\xdf\xae\x1c\xfc\xd4\x9d\xd1\x05\x3a\xaa\x38\x1c\x24\xcc\x9c\x7a\xbf\xcf\x8f\x6d\x86\xd6\xaf\x72\xee\xf0\x53\x04\x41\x2f\x3d\xb2\x58\x5a\xa9\xe0\xf3\xa4\xf1\xb6\xd7\x10\xd0\x2a\xb1\x1d\xb1\xfc\x90\xad\x4d\xe2\x5d\x04\x29\x9f\x31\x29\xc2\x12\xe9\xcb\x73\xc0\x04\x79\x53\x45\x5b\xf9\x8e\xc8\xfd\x26\x74\xe4\x7b\x94\x99\x57\xde\xed\xa0\x18\xba\xdc\x9f\x2f\x68\xa1\xb1\x8e\xf5\xc5\x83\xb0\x95\xe0\x8d\xd9\x06\xda\x5f\x22\x0d\xa0\x29\xb9\xc4\x00\xe3\xca\x91\xc7\xcb\xd8\x7f\x34\x30\xc7\x42\x33\x7f\x61\xcf\x54\x74\x5b\x06\x22\xbc\xb9\x07\x62\xc6\xba\xfe\xf8\x7e\x1e\xc8\x88\xc3\x64\xfa\xd6\x46\xc3\x3a\xcc\x22\xaf\x54\x38\xb8\x4c\xd5"},
+{{0x2d,0x5d,0xdf,0xfa,0x2e,0x58,0xc9,0x04,0x51,0xea,0x05,0xde,0x47,0xb8,0xc4,0x92,0x34,0xe2,0x6c,0xed,0x54,0x85,0x4e,0x3a,0xce,0xf1,0x1d,0x8e,0xe6,0x85,0x2d,0xa7,},{0x7b,0xfd,0x1c,0x8a,0x4a,0x0b,0xbb,0x46,0x06,0xd2,0xe5,0xbc,0x09,0x0f,0x56,0xb2,0x0d,0x58,0xf2,0x20,0x4b,0x6a,0xed,0x83,0x1d,0x3d,0xf4,0xd4,0x06,0xb4,0x76,0x05,},{0xce,0xd9,0xd6,0x10,0x10,0x33,0x9c,0x47,0x1d,0xdf,0x9f,0xef,0xca,0xa8,0x2d,0x1e,0xab,0x3a,0x2e,0x0e,0x60,0x27,0x85,0x53,0xb4,0xdd,0x9f,0x39,0x5b,0xe5,0x81,0x49,0xc9,0x15,0x94,0xe5,0x61,0x8b,0x0b,0x10,0xbf,0x3a,0xab,0x94,0xf1,0x59,0xb5,0x30,0xf6,0x44,0x63,0xee,0xd6,0x6f,0xa2,0xac,0xe5,0x4f,0xd9,0x25,0x72,0xa0,0x6a,0x0e,},"\x4f\x1c\x5b\x4e\x6f\xac\x3b\xaa\x3e\x90\x10\xf3\xbf\x29\x3c\x77\x9e\x61\xfd\x7b\xbe\x05\xa5\x86\xf5\xaa\xf0\x80\x26\x37\x16\x27\xa2\x09\xac\xd1\x88\xaf\xb2\xdb\xe0\x31\x15\x47\x94\x05\x59\x71\x16\x40\xf7\x8a\xea\x9a\x62\x81\x89\x62\xf4\x45\xa8\xe7\xed\x6f\xe6\xc5\xf4\x91\x62\xe7\x43\x5d\x1b\x62\x5b\x88\xba\x39\xda\xb0\xad\x56\xfd\x2c\x0a\xd6\x51\x26\x61\x36\x2b\xf7\x8a\xfe\x5a\x14\x16\xb6\x47\xf3\xb8\x8a\x05\x6c\x9e\x72\x89\xc9\xb0\xcc\x3a\xfb\x43\x40\x21\x98\x56\x34\x93\xe7\x37\xb1\xda\x05\x25\x06\xb6\xc9\x30\x6d\x75\xad\x66\x93\xdb\x6d\x15\x71\xf9\x6f\x6f\x52\x99\x0c\x4d\xf1\x96\x65\xa6\xbb\x63\x07\x3f\xdd\x9f\x55\x59\x68\x96\xa2\xe9\xc2\x62\x2f\x2b\x0c\x2c\xc9\x9d\xdd\x1b\x64\x9f\xb0\x31\x80\x58\xd7\x47\x94\xe3\x8e\xc6\x57\xeb\xc8\x2a\xbd\x5b\xed\xf8\xb3\xf4\xbb\xa3\xbb\x6c\x99\x35\xfd\xf6\x82\x65\x02\xb7\x69\x04\x6b\x36\xd9\x6d\xc6\x95\xd7\xc8\x54\x04\x28\x4d\x2a\x2a\xb7\xfc\xf3\xb0\x2f\x68\xa1\x49\x3d\xd3\x83\xca\x63\x39\xfa\xc1\xcd\xe4\x7f\x53\xc5\xe0\x26\xd0\x86\x9f\xaf\xfe\x40\xab\xdb\x98\x19\x52\x30\xf1\x7d\x0c\xfa\xa5\x33\x31\x5a\xfd\xbf\xe7\xd1\xaf\xc3\xa6\x15\xb4\xf7\x50\x90\x23\x3a\x50\x3f\x88\x61\xe3\x23\x74\xe1\xea\x95\x57\x67\x42\x31\xd9\xd7\x37\xd4\x77\xb3\x3f\xf8\x2a\xc0\xb2\xc0\xba\x93\xc1\x1f\xb5\x23\xe6\x13\x61\x8e\xd3\x70\x52\x4a\x60\xf4\xd4\xc8\x36\x94\xc0\x33\x60\x6d\x1d\x06\x9d\x54\x4d\xcc\xd3\x90\x0c\x37\xa3\xb3\x36\x3e\xfb\xcf\x66\x97\xf9\xf7\x62\xb3\x3b\x12\x94\x58\x39\x53\xfc\x53\x77\x3e\xf5\x67\x26\xee\xb4\x70\xeb\xe9\x21\x49\xb7\x36\x48\xa1\x61\x61\xd4\x94\x12\x0a\x31\x8b\xfb\x08\x0c\xc3\x8e\x49\x96\xf4\xb2\x63\xff\xe7\x8c\x78\x77\xfe\x13\xc2\xfc\x55\x21\x9f\x44\x26\x0e\x8f\x25\x3b\xdd\x37\x9d\x87\x0e\x6c\x91\x04\x8b\x1d\x8d\x4e\x88\xb8\x82\x18\xb2\xb0\x49\xfe\xf5\x3b\x2a\xe1\xf8\xc9\x21\xed\x2b\xcb\x43\x46\x69\xe3\x97\x5d\xcc\x3f\xe4\x52\x0c\xa8\x02\x48\x42\xf7\xff\x2b\xa1\xe2\x2c\xfe\xb5\xd4\xc9\xe4\x35\xea\xda\x60\x1f\xf1\x83\xb2\x63\x64\xee\xe1\xfa\xa5\x9d\x19\xe6\xaa\x4f\x09\x75\x23\x84\x96\xa7\x09\xe4\x6b\xf6\x83\x36\xb0\x68\xbd\x80\xb3\x46\xf1\x1f\xaa\x38\x17\xa0\x7d\x1c\xbd\x84\x38\x2b\x21\x02\x98\x6f\x29\x5a\x13\x98\x07\x7b\xa2\x91\xd6\xb5\xf5\xbd\x86\x0e\xc6\x17\x72\x73\x46\x8f\x0e\xe0\xf2\x59\x1b\x57\x5c\x43\x66\xe1\x89\xb2\x24\xe9\xff\xa3\x5b\xc7\x8a\x4a\xa8\xc0\x69\x54\xfe\x33\xd0\x80\xff\xc0\xb2\x3e\x20\x9f\xd0\xe7\x94\x21\xf1\xbd\xe8\x18\xa8\x68\x90\xcf\x17\x22\x36\xdb\x21\x16\x57\xd1\x00\x31\x19\xfe\x91\xd4\xe2\x7c\x52\x4c\xcc\x11\xfa\xde\x0a\x25\xf5\x7a\x7a\x1d\x67\x7e\x1d\xa0\xb9\xc0\x43\xd0\x2f\xca\x38"},
+{{0x4d,0xf5,0xe1,0x1d,0xec,0x80,0xec,0xd8,0x82,0x83,0x75,0x54,0xfa,0x31,0x35,0xb9,0xd5,0x02,0x9d,0xf4,0x20,0x27,0xaa,0x3b,0x3c,0x92,0x92,0x46,0x32,0x9f,0xee,0x96,},{0xef,0xd9,0x28,0x89,0x8f,0xa1,0x44,0xc2,0xd1,0xc8,0x33,0x4f,0xa2,0xe6,0xb5,0xb6,0xa3,0x25,0xa7,0x10,0x2a,0x2c,0x34,0x4a,0x14,0x55,0x41,0xee,0x9a,0x6c,0x04,0x6d,},{0x62,0x54,0x5e,0x6c,0x07,0x80,0x1f,0xde,0x95,0xb4,0x61,0xe2,0xe7,0x53,0xc4,0xb6,0xc8,0x4c,0x25,0x12,0x4e,0xb3,0x30,0xa2,0x72,0x59,0x89,0xd5,0xe3,0x40,0xdc,0xef,0x0c,0x74,0x56,0xd4,0xc7,0xc6,0xa1,0x78,0xa2,0x21,0xb6,0x32,0x83,0x48,0x25,0x3d,0xb7,0x87,0xa9,0xe5,0x51,0x0a,0xb9,0xcc,0x27,0x85,0x15,0xae,0x3e,0x58,0xfb,0x01,},"\xfb\xd6\xf3\x71\xb4\xc8\xb1\x52\xc9\xce\x0c\x63\x96\xa7\x7c\x0f\xe4\x80\xbc\x02\x00\x7f\x33\x6a\xc5\x8f\xd4\xad\xdd\xa9\xd6\x98\x55\xac\x9e\x93\xa4\x5d\x3e\x35\x0f\x41\xff\x50\x2a\xa1\xd8\xfe\x15\x9c\xe8\x9b\x06\x48\x02\xa0\xa1\x89\x0f\x6a\x40\xa7\xef\x57\xc6\xe5\xe5\xed\x04\x02\x80\xdf\x07\xe7\xf4\x8f\xe8\x19\xbe\x63\x17\x67\x10\x75\x7c\xb6\xe4\x40\xb4\xf7\x8b\x57\x59\xdc\xe0\x28\xbf\x58\x5b\x3c\x3f\xec\xa1\xcf\x59\x81\xda\xda\xdf\xd2\x7e\xa1\x24\xaf\x45\xef\x63\x85\x42\xa8\x61\x7f\xf4\x9f\x94\x70\xac\x22\x85\x94\x3c\x7c\x3b\x11\x63\xb9\x03\x95\x5a\xb9\x9b\x6e\xab\x17\xf4\xd4\x9f\xfa\x87\x20\x7a\xbb\xfc\x11\x1c\x4b\x91\xf5\x41\x3d\xfc\x9b\xea\x31\x84\x3d\x11\x5d\xde\xb1\xda\x40\xb4\x5f\x58\xf4\x7c\x41\x7b\x5e\x77\xd5\x81\x89\x34\xe7\x30\xeb\xa9\xc4\x55\x7b\xbf\x48\xcb\x7f\xd4\xe6\x64\x55\x8a\xf4\xfb\x44\xee\x3d\x94\xc1\x6e\x88\x36\x31\xf3\x84\x76\xf4\x83\x7d\xb9\x4d\x54\x12\x2f\xa1\x34\xca\x51\xa5\x25\xaa\xd5\xe2\x4b\x76\x01\x8f\xee\x9a\x2e\x8f\x60\xe2\xbb\x48\xd2\x4a\xb8\xb1\x46\xf8\x4f\xfa\x98\x20\x12\x0e\x7c\x50\xd4\x5c\x0c\xfb\xe3\x5c\x8c\x31\x41\x9b\x07\x8e\x90\x71\x2c\xfe\x93\x4c\x3b\xe3\xa9\x4f\xf2\x15\x88\x73\xae\xfe\x34\xdc\x6e\x36\x90\x2b\x16\x75\xe1\xa4\x7c\xb6\x08\xdf\xe9\x60\xfb\x4d\xa8\xd2\xa8\x49\x0c\xc3\x8e\xba\xdc\x73\xa1\x00\x3c\x49\x41\xfd\xa8\xfa\xe9\x44\xa1\xde\x8e\x3b\x10\xef\x6d\x9e\x67\xce\xec\x74\x59\x77\xd3\x33\xac\x9e\x71\x21\x41\x21\xed\xe8\x89\x22\x95\xe2\x77\x99\xf2\x06\x67\x5a\x9d\x54\xac\x12\x15\x9d\x3a\x1f\x95\x4f\xd0\xee\xff\xbd\x30\xa3\x19\x04\xfb\x2e\xee\x77\xa8\xaa\x9d\xc4\xcc\xbb\xe2\x85\x10\x96\x14\x6a\x4c\xe0\xe8\x1f\xb9\xc6\x24\x98\xdb\xd8\x3b\xf8\x3b\x55\x02\x9a\x5e\x90\x00\x86\xb9\x53\x1c\xe3\x24\x7a\x98\xf8\x65\x4e\xfd\x8f\xe7\xa8\x36\x43\x1f\x75\xda\xf0\x86\x8f\x01\x08\x32\x6e\x23\x02\x6d\x2d\xb4\xa7\x21\x24\xec\x4e\x39\xd4\xbb\xf3\xd8\x46\xc9\xf5\x1c\xa3\xcc\x31\xeb\x1d\x02\xc2\xba\x32\x1e\x46\x19\xf2\xb6\x59\xc0\xbf\x0f\xe5\xc1\x9b\x21\x3f\x3c\x79\x12\x4f\x36\x43\xf7\x4d\xd0\xff\x9c\xe5\xd2\x77\x27\xbe\x6c\x69\x58\x15\x9c\x16\x44\x04\xf4\x33\x01\xfe\x17\x42\xe2\x79\xde\x9e\xfd\x44\x1e\x73\xe4\xea\x7a\x84\x25\x87\xa7\x9d\x11\x5d\x36\xec\xa9\xc0\x3c\x90\xff\x0d\x14\x74\x74\x10\x9f\xc2\x0a\x91\xd7\xb3\xcc\x22\xeb\xcb\xb8\xc7\xf7\x1b\xd6\x1e\x8c\xae\x47\xc5\x05\x0c\xec\x1d\x48\x49\xa1\xd4\xa8\xe7\xa6\xf8\x45\x54\x84\x37\x70\x6c\x25\x33\x1c\x9e\x57\xc2\xcc\x6d\xa1\x17\xf2\xe5\xa0\xf4\xb3\x68\xc4\xcb\x20\x62\x65\xc4\x17\x8e\x06\x55\xff\x67\x5f\xfc\x1d\x4c\x58\xec\xeb\x9e\xdb\x4d\xa3\xad\x2c\x5f\x62\xcd\x13\xab\x48"},
+{{0x85,0xd3,0x23,0x30,0xe2,0xe0,0x73,0xa4,0x60,0x30,0xca,0x0e,0xe2,0xdf,0x2f,0x8e,0xb8,0x74,0xa9,0xfd,0xdf,0x56,0x24,0xc8,0x03,0x17,0x75,0x11,0x1f,0x11,0xee,0xa2,},{0x6e,0xa7,0xde,0x2e,0xd5,0xea,0x5c,0xdf,0x50,0xbf,0xff,0xee,0x77,0xf7,0xbd,0x2f,0xcc,0x21,0xd4,0x86,0x66,0xbb,0x1f,0x48,0x90,0xc7,0x6a,0x69,0xcc,0x7b,0xa4,0xe8,},{0x41,0x43,0x63,0xfe,0xad,0x6e,0x59,0xa3,0x43,0x8c,0xe5,0xa3,0xa2,0x77,0xd6,0x2b,0xdd,0x00,0xfa,0x2e,0xfa,0xc6,0x46,0x3d,0xd1,0x3f,0xcd,0xde,0xd9,0x3a,0x7f,0x10,0x8a,0xe1,0xf5,0x28,0xff,0xc8,0xff,0x4e,0xca,0x33,0x1d,0xab,0x91,0xae,0x5b,0x14,0x16,0xe2,0xdd,0xb7,0x3b,0x6d,0xaf,0x85,0x3b,0x03,0xc8,0x1e,0x99,0x36,0x56,0x0a,},"\xae\x61\x07\xf3\x8f\xf9\x4e\xd0\x32\x79\x03\xcb\xaf\x6c\x3e\x3a\x34\x98\xc4\x7a\xbb\x29\x89\xa8\xb3\x7b\x3a\x19\xdf\x88\xc6\xde\x79\x0a\xcc\xb4\xb7\x25\x81\x77\xb9\x15\x1d\x1f\xe0\x40\x63\x57\x7d\x3c\x3a\xcd\xb4\xc9\x29\x96\x8a\xfd\xad\x6f\x25\x2a\x67\xed\x4c\xa8\x9d\x06\x0f\x1a\x46\x53\x98\x3f\x7a\xb5\x8d\xdb\x93\xe2\x87\x8f\xba\xb0\x63\x7d\xbb\xeb\x95\xd2\x5c\x59\x86\x83\x9d\xe2\x74\x8d\x9f\x34\x02\x7a\xee\xbf\x1d\x9e\xb9\x36\xcb\x67\x70\xe0\x8d\x45\xb8\x09\x5b\xac\x9c\xbb\x71\xdb\x14\xe8\xa3\x42\x22\xb1\xf2\x23\x7b\x9f\x0b\xc9\x76\x6a\x23\x1a\x6d\x10\x27\x99\xf7\xc0\x81\xd5\x00\xfb\xea\xde\x60\x3c\xdc\xdd\x7d\x5b\x96\x5f\xba\xce\x4b\xe5\xc2\xcd\x93\x2d\xcf\x5f\x6e\xd3\x17\x22\xf4\x1d\x5a\x36\x3b\x34\xba\xbf\x3f\x63\x6f\xb3\x03\x82\x4a\xa7\x01\xdf\xe1\xd3\xe4\x12\x63\x07\x8c\x1e\xbb\xdc\xb1\xf7\x3f\x12\x45\xb8\x3e\x3f\xa7\x0a\xb8\xe3\xf1\x41\x3e\x6b\x06\xbd\xae\x02\x2b\x71\x4d\x60\xa4\x01\xd5\x74\x80\xdc\x64\xe7\xaa\xc6\xd3\xde\x85\xfc\x94\xd8\x53\xca\x13\xb7\xe6\x74\x15\x57\x9d\x5c\x67\x21\x23\xa5\xaf\x19\x4b\xee\x14\xae\x35\xdc\x27\x24\xff\x20\x9f\x11\x66\x63\x86\x61\xf8\x81\xb1\x19\x4a\xa4\xe3\x1b\x42\xa5\x27\x96\x47\x81\x59\x15\x04\xba\x76\x10\x3f\x97\xb7\xf5\x52\x03\x15\x47\x3e\xc9\x4b\xb0\x17\xa1\x66\x67\xb2\x2a\x85\x76\xa7\xcc\x2a\xc0\xb7\x75\x63\x03\xc7\x56\xf0\xdd\xaa\xe9\xd0\x18\x9e\x6c\x8d\xe3\x49\xf9\x19\x57\xc7\x2a\x52\x9e\x9f\x7e\x9b\x94\x56\x52\x48\x40\xba\x02\x34\x4f\x55\xad\x3c\x11\xa0\xb2\x59\x90\x14\x39\xf2\x65\x5a\xb9\xf8\xc6\xc8\xe8\xe9\x60\xc0\x57\xd9\xc7\xda\xfe\x42\x5c\x75\xd4\xa3\x3b\x80\x1d\x45\x47\xcd\x05\x51\xa6\x80\x2a\x80\x05\xdd\x72\x42\x47\x64\xdc\xf5\x7e\x4a\xa2\x22\x90\xea\x4f\x5b\xaa\xc5\x1d\x79\x39\xc0\x53\x42\x88\x2e\xe1\x43\x80\xef\x2d\x47\x04\xb4\x19\x49\xb2\x28\x2a\x1e\x1a\x3f\xa7\xdd\xea\x9f\xe8\x3b\x9f\xc5\x1d\x4e\xef\xa2\xeb\xac\x72\x2e\x4c\x0a\x7c\x59\x9b\x69\x25\xf0\x1b\x8a\x20\x66\xdc\x0c\x26\xf9\x21\x96\xf4\xf5\x03\xe8\x87\xc1\xe6\xef\xb0\x93\xf1\x53\x13\x87\xbd\x88\xc6\x91\x99\x7b\x9b\x89\xe3\xcd\xf7\xda\x12\xd3\x73\x41\x83\xa4\xb6\x12\x6b\xe9\xe0\x77\x47\x04\xb5\x29\x65\x9b\x55\x48\xf1\xb8\x75\x12\xcc\x18\x78\xca\x4e\xf5\x59\x90\xb4\x83\xc9\xaf\x6a\xa9\x76\x35\xf4\xf0\x79\x49\x72\x70\x65\xab\xf2\x1e\x21\xe3\x29\x90\xb1\xa7\xd0\x7d\x74\xe0\x2d\x9b\x07\xec\x63\x99\x31\xbf\x9e\x2c\xa3\x94\x1f\x2b\xa6\xb5\xef\x14\xdc\xc2\xa2\x47\xd2\x11\x7e\x9c\xb4\x1e\xfa\x3f\xcc\xa2\x47\x16\x64\x14\x52\xbe\xed\x2f\x92\x65\x7c\x2f\xb7\x31\xf0\xb9\x4e\x8c\x89\x2a\x81\xbb\xa9\x1f\x63\x9d\xf4\x37\x96\xac\xd3\x01\x3a\xc0\x44\xf6\x08"},
+{{0x66,0x59,0x0d,0x36,0x99,0x84,0xc6,0xf5,0xad,0x3a,0x89,0xc7,0x8d,0xdf,0xca,0x10,0xa0,0xa7,0x65,0x79,0x95,0xdc,0x01,0x88,0xb6,0xb5,0x7a,0xc3,0x16,0x47,0x31,0xa4,},{0x98,0x87,0x3a,0xb1,0x33,0x46,0xee,0x48,0x67,0x7c,0x4f,0x86,0x12,0xdb,0x31,0xeb,0xd1,0x3d,0xb5,0x8b,0x2b,0x03,0x4f,0xd1,0x55,0xaf,0xa8,0x72,0x0f,0x4e,0x93,0xe8,},{0xf0,0xdb,0x63,0xa1,0xbc,0x76,0x24,0x16,0x1c,0xa0,0x06,0x38,0x53,0xb2,0xde,0xe4,0x5f,0xcc,0xd2,0x24,0x71,0xe0,0x12,0x36,0x6f,0x86,0x8a,0x4a,0x9c,0x74,0x65,0x4e,0x13,0xf1,0xa3,0x15,0xad,0x83,0x91,0x6e,0xbf,0xb8,0xdc,0x31,0xa4,0x20,0xf8,0x3c,0xf6,0x45,0xc4,0xc9,0xd1,0x6b,0xb4,0xd5,0xd9,0x9d,0x23,0xc7,0xb4,0x3e,0x23,0x00,},"\x2e\xc1\xc6\xb0\x82\x97\x37\x83\x2c\x9c\x79\x8a\x92\xeb\x49\x0b\x23\xd3\x34\xc3\xbb\xe6\x27\xcb\x58\x2d\x17\xa9\xe4\x29\x60\xef\xcd\xc7\xd3\x47\x50\xe0\xb4\xaa\x86\x4c\x20\x4f\xb8\xd6\x2b\x47\x99\x2e\x91\xdb\xfc\xfd\x69\xf5\x1d\x93\x7d\xc0\x6c\x48\xc0\xad\x43\xe8\x59\x83\x71\xcd\x0e\x3b\xbc\xe4\x16\xbf\xd4\x4b\x09\x44\xb9\x93\xaa\x29\x93\xfd\xea\x48\x71\x34\xcd\xe4\x22\x77\x72\x3e\x06\x83\xec\x98\xe6\x95\x95\xe9\xb7\xb1\x4c\x8c\xf9\x61\x7a\x1e\x30\xdd\xb8\x06\x0e\xac\xba\x48\xd8\x82\x53\xb1\x65\x33\x61\x08\xde\x0c\xb0\x2f\xf2\x0f\x54\x24\xb5\x67\x83\x08\x69\xc9\xb4\x32\x9c\x99\x45\xf0\xbf\x2f\x3c\x7a\xcd\x1e\x77\x43\x58\x93\x0c\xd8\x90\xfd\x9c\xb8\x64\xd9\x50\x93\x5a\xd8\xa4\xa3\xbe\xcc\xae\x8f\x83\x3f\x63\x56\x19\x13\x71\xc3\x26\x33\xdc\xf8\x82\x70\x9b\x0d\x98\xbd\x80\x7b\x38\x3a\xed\x8d\x7b\xb0\x97\xb6\xe2\x62\xef\x70\x0c\x9d\x76\x8f\x4b\x56\x90\xe3\xa1\xa8\xf2\x17\x55\xd6\x58\xdb\x2d\x1b\xfd\x2f\x70\x71\xe0\xca\xec\x7c\x2c\x53\x81\xc5\xef\x5c\x2c\x22\x81\xc6\xbc\xed\xc8\x67\x39\x0b\x90\xf3\xb2\x7b\x0f\x0f\x64\xa3\x36\x58\x57\x8a\x5c\x0d\x66\xe2\x11\xe6\xff\xf6\xe8\x64\x88\xac\xf8\x2b\xc0\xf5\xe2\x66\x4b\x83\x69\x90\x46\x03\x7c\x0d\x33\xd3\x40\xff\x98\xed\x62\x63\x35\x4c\x24\x27\x31\x36\xff\x0e\x4f\x0f\x23\x3a\x6c\x82\x54\xfc\x0c\x90\x76\x43\x30\xe3\xb1\x05\x7b\x1e\x66\x6d\x5e\xcd\x5a\x2e\xfe\xaa\x6a\x10\x5b\xfc\x85\x84\x31\xb8\x8e\xd7\xfe\x55\x1e\xb3\x2a\xc0\xaf\x27\xc6\x6a\x98\x03\xa3\xbc\xf8\x76\x34\xc6\x6c\x70\x66\xdd\x01\x97\xa3\xcb\xd2\xd6\xf4\xe6\x5c\xfd\xb8\xf3\xda\xf9\xf3\xca\x5c\x4f\x4e\x0a\xdd\x45\xf5\x54\x1a\xa1\x8d\x04\x1f\x70\x6e\x4f\xa8\x7c\x34\xe9\xa2\x23\xd8\x85\x72\xeb\x50\x08\x3e\xe8\xc7\xc4\x75\xdf\x56\x8b\xc7\x3b\xd0\x8c\x0f\x0d\xea\xa3\x74\xaf\xb1\xc1\x78\xd0\xdd\xdb\x23\x6e\x15\xa8\xbc\x23\x85\xed\x3f\x52\xb8\x76\x1e\x63\x78\x87\x40\x7a\x20\xae\xc3\xe9\x9e\xc8\x30\xda\xe3\x16\x7e\xf0\xcd\xb3\xf3\xff\xd2\x00\xd8\x3b\x75\xb7\x49\x69\x0b\x9e\x25\xe2\x17\x1d\x07\x2c\xa5\x6f\x71\xba\xec\xd2\x1f\x7d\x45\xa1\x2c\x91\xb2\xc0\xfb\x3f\xea\x3b\x15\x8e\x54\x64\x82\x84\xbb\x00\x95\xb3\x62\x44\xb0\xb1\x21\xf9\xf1\x38\x4c\xe9\x00\x43\x65\xe7\x77\x2f\xa3\x08\x28\x25\x0f\x51\x98\x5f\x1b\x17\xb2\xd2\xf8\x0a\x33\xe8\xfc\x6d\x85\x65\xea\x15\xcd\xaa\xcd\x42\xa8\x7b\xd7\xc9\x40\x8b\x1f\xe1\xc7\x70\x66\x5b\xdd\xed\x75\x4b\xc2\xff\x2e\xf9\x1b\x97\x3a\x86\xb9\x9f\x10\x59\xc6\xf2\x27\x24\x6a\x69\x8b\x38\x54\x15\x09\xdd\x54\x49\xfc\xe6\x0d\x38\x62\x24\x18\x3b\x7d\xce\x1b\x38\x84\xf7\xba\xe1\xc2\xe4\xeb\x59\x45\x10\xb5\xca\x58\x52\x79\xd9\x04\x1d\xf8\x81\x7b\x06\x19"},
+{{0x41,0xcf,0x07,0x1f,0x48,0x42,0xec,0xd4,0x94,0x19,0x1b,0x8c,0xf2,0x8c,0xc0,0x92,0x31,0x85,0xef,0x1b,0x07,0x45,0x8a,0x79,0xa5,0x9a,0x29,0x6d,0x35,0x49,0x82,0x2e,},{0x6d,0xc8,0xe4,0x46,0xdb,0x1d,0xa3,0x53,0xb5,0x8d,0x0c,0x45,0xd8,0xb4,0xd8,0x16,0xba,0x59,0xe2,0x5b,0xb6,0x80,0x71,0x2d,0x62,0xd6,0xd3,0xdb,0xf7,0x8d,0x06,0x98,},{0x41,0x05,0x2b,0xc4,0x17,0xb2,0x4d,0xc4,0x83,0x83,0x96,0x6a,0xf0,0x14,0x3f,0x9c,0x0b,0xa8,0x5b,0xbe,0xfb,0xda,0xf7,0x91,0xb1,0x6a,0x4d,0xad,0x1f,0x57,0x0e,0xb8,0x07,0x03,0xc0,0xa2,0xcd,0xeb,0x2f,0x7a,0xd6,0xdc,0xd3,0xfa,0x7b,0xdb,0x5c,0x22,0x5e,0x86,0x9c,0xd8,0xfb,0x27,0x8d,0xff,0x06,0x67,0xd3,0x8a,0xcc,0xf3,0xdb,0x08,},"\xda\xeb\x5f\x0e\x84\xf1\x59\x0b\xca\x2b\x9d\x97\x19\xef\x5d\x1c\xfa\x79\xe0\x58\x34\x46\x33\x2f\x18\xe9\xe4\xfe\xb0\xb1\xf1\x53\x40\x29\x7a\xc9\xad\x67\x24\xc8\x5b\xb1\x65\x58\xea\x54\xeb\x5d\x70\x2a\x47\x24\x8b\xad\xc6\x25\x2a\x80\x43\x71\xb7\x4c\xfe\x10\x62\xd1\xdb\xa1\xec\x68\xfd\x1d\x4d\xd0\x29\xcb\x55\x03\x4b\xbf\x61\x06\x82\x51\xef\xf3\x98\x36\x36\xf6\xde\xbd\x57\x27\xbe\x91\x99\x3b\x3e\x4d\x0a\xbc\x96\xec\x19\x64\x21\xa4\x7b\x78\x93\xf8\x39\x86\xd6\xc0\x32\x3f\x0d\x19\xaa\xf2\xcd\xe9\xd3\x56\x5c\x10\x4c\x9d\x31\x76\xec\xb5\xed\x5e\x17\x3f\xee\x52\xb5\xa0\xc4\x2b\x6a\xb2\xfc\xb1\xcc\xba\x96\x49\xc2\xc6\x7c\x52\x0e\x9b\x96\xce\xa6\x93\xdf\x3e\x58\x60\x9a\xd6\xa0\xbd\x52\x2e\xfa\xaf\x03\x85\x8d\x24\x5d\xd0\xa3\x8f\x84\xa2\xfb\x10\x20\xf4\xdd\x97\xc3\xae\xef\x0e\x24\x47\x7d\x30\xd2\x56\x70\x1e\x90\x0b\xef\x26\xa8\xa6\x26\x9a\xb6\x60\xd7\x42\x93\xa2\xbf\x1d\x20\xc2\xcf\xae\xbb\x7c\x28\x20\xf5\xf5\xb0\x74\x53\xbb\x69\xee\x76\x9b\x52\x39\x15\x39\xf0\xc6\x06\xd2\x2e\xb3\x92\x3e\xe6\xf5\xa1\xd4\x60\x50\xaf\x90\xf0\x11\xf8\x51\xac\xe7\x63\x27\xd3\xd1\x8c\x48\x17\x0a\x9a\x25\xb0\x4b\x77\x0f\xd9\x38\xef\x8a\x30\xb7\xbd\x03\x39\x1d\xd3\x6c\x51\x6b\x62\xf0\xcb\x78\x67\x07\x40\xe0\x0e\x69\x59\x5c\x41\x8d\x96\x72\x53\x82\x0b\x75\x4c\x4f\xd6\x66\xe3\xcc\xe1\x6e\xe0\xc9\x41\x83\xbb\xea\x70\x6f\xe2\x98\xe1\xc9\x9d\xdb\x82\x12\x17\xed\x90\x08\xcc\x8e\x8b\x83\xbc\x8b\x81\x99\x15\xb0\x7b\x14\x6f\xe7\x45\x02\x4a\xc3\xc4\x61\x16\xcb\x4c\xce\x5e\x32\xec\x5d\x75\x24\xa2\x38\x8d\x9f\xe2\x97\xeb\x02\x81\x1a\xf4\x54\x6f\xcd\x58\x60\xe1\x4c\x0d\x13\xf0\x3d\xd7\x5a\x42\x49\x61\x59\x00\x07\x8a\x3c\x35\x8c\x53\x42\x96\x2b\xc1\xbe\xac\xf6\x8c\x24\x68\x21\xa4\x59\xab\x53\x21\xec\x9f\x57\x4f\x49\xd1\x03\x89\xf4\x0f\x14\xdd\xfc\x85\x13\xff\xe3\xde\xaa\x73\x36\x03\x5a\x67\x5f\xa5\x85\x8b\x49\x0c\x5d\x24\x77\x80\x06\x4a\xdb\xaf\x75\xa7\x63\x35\xee\xc9\xab\x91\x87\x71\xb0\xb1\xdf\x51\x47\x64\x2a\xef\x4a\x16\x6a\xb1\x72\xed\x60\x1f\xed\x21\x0f\x6c\x0c\xff\xd9\x18\x69\xf7\x49\x0b\x57\xe7\xc6\x52\x41\x86\x3e\x7e\x8c\x0a\x26\xeb\xa6\x3b\x53\x42\xd0\xfd\x82\x14\xac\x73\x1e\x1c\x43\x8d\x01\x77\x11\x5f\x6a\x19\xe0\x93\x5c\x7a\xf6\xbc\x7d\xbe\xb7\x55\x11\xd9\xbd\x8e\x63\xe3\xe2\xf4\x7a\xb0\xdd\x1c\xed\xd7\xb1\x80\xd7\x4a\x4b\x44\xd4\x61\x19\x7a\xef\xdd\x36\x20\x46\x51\x66\xa3\x9b\x45\x39\x50\x43\xce\x88\x74\xcd\xd7\x2c\x60\x2b\xd3\xd2\xee\xcb\xad\x34\x66\xb5\xcb\x1a\xa4\x1a\xe9\x2a\x8a\xfe\xf2\xd7\x64\xce\xc0\xc4\x49\xd2\x7e\xfa\xc4\x37\x93\x8f\x28\x0b\xea\x9c\x50\xa5\x82\xe5\x7c\x27\xf9\xb3\xde\x87\x2f\x0c"},
+{{0xa2,0xc8,0xe1,0x61,0xa8,0xd9,0xd6,0xe8,0x88,0xc3,0xd0,0x9b,0x0b,0x97,0x27,0x37,0x30,0x7a,0x2c,0xbd,0x2a,0xcd,0x7c,0xcd,0x80,0x4d,0x24,0x31,0xac,0x6c,0x58,0xd2,},{0x3a,0x32,0x57,0x75,0x88,0x67,0x32,0xde,0xca,0x40,0x68,0x57,0xa8,0x05,0x60,0x10,0xaa,0xea,0x28,0x75,0x54,0x5b,0xa6,0xf3,0xdf,0x30,0x75,0x45,0x71,0x38,0x69,0x92,},{0x56,0x0d,0x01,0xb9,0x4d,0xf1,0x1d,0x83,0x34,0x77,0x52,0xff,0x51,0xb3,0x54,0x5e,0xf5,0x5c,0x56,0x32,0xae,0x7c,0x8e,0xfb,0x11,0xaa,0xdd,0x83,0x12,0xde,0xf7,0x25,0x62,0xe8,0xf5,0xd7,0x5e,0xce,0x10,0xad,0x46,0xbc,0x96,0xc8,0x60,0xde,0xec,0xe3,0x9e,0x63,0x4a,0x5f,0x50,0x65,0x4d,0x4c,0xdb,0xa8,0x4a,0x8e,0x6f,0x70,0x24,0x0a,},"\x83\xa3\xbe\xbc\xac\x5f\x28\xc5\x43\x3e\x3c\x4f\x1e\x7b\xf5\xd2\xe4\xdc\xd2\xf5\xe5\x9d\xbe\xe0\xa8\x3b\x07\x02\x57\x15\x35\x07\x46\xf8\x56\x75\xf1\xdf\xea\x37\x4a\xa7\xd7\x94\x28\x7b\x89\x2e\xf9\x09\x7f\xf6\xd2\xe1\x22\xf0\xa6\x56\xfb\xa0\x79\x8c\xdc\xfc\xb3\x64\x5d\xfc\xfd\x78\x8c\x74\x0c\x0f\xd0\x45\x20\xe7\xa0\x6a\x02\xa0\x58\x29\x63\x0a\x2b\xf0\xcd\xfe\x2e\xcc\xa0\x09\xec\x44\x04\x99\x46\xbb\x1d\x23\x26\xdd\xd6\x1d\x7e\xc6\x40\xbf\x69\xeb\x44\xfb\x23\xcc\x1f\xf4\x78\xc5\x70\xc7\x5d\xb7\xe7\x66\xe3\x5b\x7c\x43\xdb\x73\x68\x0d\x14\x07\xa9\x43\x99\xfb\x62\x1b\xaf\x38\x45\x74\x5c\x1c\x4e\xd0\xb9\xf0\xb4\x85\xbe\x2d\x53\xc5\x68\x54\x5d\xdf\x18\x77\x5a\x83\x7a\x05\xd9\xc9\x15\x7b\x08\x4e\x8c\xd0\x1f\xc3\x24\xf0\x7f\x11\x68\x77\xe4\x07\x5d\xba\x24\x32\xc8\xa7\x75\x2e\x9e\x93\x95\x86\xad\x93\xf0\xc0\xaa\x5e\xda\xc9\x4b\x8d\x82\xe5\x44\x99\x97\xb1\x5b\x8c\x89\x61\x58\x9c\x44\x28\x21\xaa\x83\xb6\x02\x39\xec\x5f\x15\x8c\x3f\x5e\x9e\xc5\xbe\xa5\x11\x5d\x5f\xed\x61\x91\x8e\x8f\xcd\x5b\xce\x61\xc7\x77\xf2\x0b\x6b\xfe\x80\x3a\x69\xc6\xfc\x79\x4a\xb8\xc5\x7d\xf2\x71\xda\x86\x38\x72\xa6\x13\x35\xb1\xfa\x29\xf4\x60\x8f\xf0\x37\xf7\x12\x06\x98\x09\xca\x64\x2a\x03\x07\xc7\x9a\xa9\x2e\x10\xcb\x89\x3a\x29\xd1\x72\x01\xa0\xb6\xd1\xb4\x6a\x72\x12\xb3\xba\xec\x97\x03\xc0\xb0\x39\x2b\xa6\xb7\x6e\x5c\x9c\x10\xf8\x35\x99\xb8\x1e\xa2\x22\x83\xf9\x54\x7a\xac\xda\xa7\xf3\x08\x96\xd1\xff\x73\x1e\x11\xfb\x9e\x56\xad\x06\x03\x04\x17\x11\x98\x05\xba\xb6\x35\x21\x49\x6c\x3b\xb9\x2a\x12\xf5\xe5\x5a\xfc\xf6\x0e\xd4\x21\x77\x37\xf3\x04\x6b\x16\xca\x50\x66\x57\xa6\xd6\x96\xd7\x5a\x6d\x8e\x18\xe9\xef\xe2\xb0\x8c\x8b\x1f\xa0\x72\x82\x38\xe2\x7c\xfb\x32\x21\x66\xee\xe4\xee\x76\x96\x8b\x77\x7b\x50\xee\x6a\x2b\x80\x4e\x1e\x9b\x46\x01\x66\x20\x13\x2b\x65\x88\x71\x8d\x97\x8c\xa2\xc0\x02\x69\x79\xc4\x00\xd3\xc5\x33\x67\x51\x21\x0f\x0b\x00\xd2\x69\xec\x8f\x4e\x2f\x95\x59\xe1\x80\x33\x2d\xd2\x70\xe5\x0c\xc9\x46\x5c\x55\x58\x93\x63\x55\x52\x1b\xc3\xc9\x56\x0f\xc1\x9e\xc1\x42\x42\x12\x1e\x6b\xb2\xff\xf8\xf5\x03\x37\xfc\x26\x4a\xcf\x1a\xc1\x70\x43\x28\x33\x4b\x3b\x52\xcb\xa9\x6d\x93\x03\xb1\xb5\xdb\x85\x9d\xae\x31\xd8\x0f\x17\x11\xfb\xa2\x51\xe1\x0b\x4d\x12\x21\x28\xf9\xfa\xff\x68\x72\xd0\xc0\xb8\x1e\xef\x59\x54\x1f\x83\x2b\x0a\x9d\xf3\xa4\xcd\xd5\x91\xc8\x77\x36\xb1\xae\xcf\x24\x2c\x27\x5a\x10\xc3\xfd\x67\x83\x9d\xad\x4e\xf3\x99\xb9\x49\x4e\xcd\x77\xf7\xba\x5b\x5d\x4f\x2c\xa3\x04\xe5\xb2\x29\x21\x30\x7c\xb1\x8f\xa6\x4a\xa3\xd0\x1c\x44\x11\xc8\x36\x9c\xce\xde\x46\x5e\xe3\x69\xee\x63\x7d\x43\xd2\x88\x26\xbf\x60\xdd\xde"},
+{{0xd3,0xd1,0x88,0xb3,0x90,0xba,0xcc,0xd9,0x50,0x24,0x52,0x61,0x46,0xb8,0x2b,0x91,0x84,0xe1,0x97,0xe4,0x6a,0x93,0x40,0xa0,0xe6,0xec,0x18,0xbf,0x75,0xbe,0x7f,0xc5,},{0xd8,0xf7,0x94,0x94,0x8a,0xa6,0x98,0x61,0x00,0x21,0x4e,0x9b,0x7b,0x90,0x24,0x42,0x08,0x06,0xb4,0xc6,0x78,0x46,0xd5,0xbd,0x50,0x61,0x13,0xb3,0x53,0xa2,0xea,0x3d,},{0x16,0x97,0x6b,0x26,0x7d,0xe9,0x6e,0x38,0xdd,0xdc,0x84,0x78,0x07,0x5f,0x6b,0xdd,0x71,0x59,0xe5,0x63,0x34,0xb2,0xd2,0xd1,0x92,0x09,0x46,0x29,0x4f,0x33,0xcd,0x6b,0x7f,0x9c,0x50,0xf8,0x05,0x7f,0x49,0x6c,0xab,0x5d,0x94,0xbb,0x4d,0xca,0x26,0x2f,0x9f,0x0f,0xdf,0x9b,0x1b,0x64,0x74,0x1f,0x4b,0x72,0x2d,0x32,0xef,0xa8,0x22,0x03,},"\x5e\x65\x65\x8e\x42\x03\x75\x43\x3f\xd7\xc1\xf6\xbe\x67\x88\x41\xe5\x81\x04\xf1\x0b\x4c\x67\x63\x59\xd8\x4f\xce\x79\x92\xf5\xc5\x75\x57\xd7\x38\xf8\x30\xb5\x05\xfa\x0c\x2b\x9e\xab\xf8\xd1\xa9\xf8\x1f\xe8\xf3\x15\xd6\x62\xe2\xb8\x4c\xe9\x52\x99\xeb\xf4\xe5\x03\xb5\xe1\xf7\xf8\xcd\xb6\x68\xae\x73\x3f\x3d\x0c\xdd\x4c\x74\x2a\xb5\xf2\x72\xbe\xa4\xf1\x8d\x18\x3e\x89\x23\x84\x76\x62\xf9\xa3\x9c\xd4\xb1\x4e\xc7\x6d\x11\x03\x2f\xe5\x73\xc2\x62\x01\xae\xf6\x66\x01\xce\xc6\x83\xe3\x4b\x89\xaf\xd9\x64\xe9\x87\x80\x1c\x70\x6a\x85\xe2\x7b\xab\x33\x70\x1c\xd1\x09\xbc\xf0\x7b\x27\xca\x67\xf0\x22\xc4\x94\xa0\x4c\xbe\x5a\x9c\x6d\x63\xaa\xd9\x36\xcd\xf1\xa1\x80\xfd\x05\x86\x51\x98\xb9\x6f\x06\xa7\x8d\xa9\x57\x99\xd3\xaa\x4d\xf3\xb1\x70\x03\x3c\x69\xe8\xfb\x04\x28\x8c\x35\x46\x55\x3b\x57\x9c\x0a\xe3\x93\x80\x62\xd3\xd8\x42\x1c\xfa\x66\x26\x85\x29\xbe\xc0\x27\x1e\x53\xb4\xee\x7d\x09\x9e\x71\x48\xa8\x02\xdf\x80\xfe\x5e\xed\xee\x1c\x90\x3a\xe8\xed\x4d\x64\x0e\xad\x76\x12\x62\xdd\x40\x14\xf2\x5f\x93\x97\xba\x3f\x1c\x08\xd8\x3a\x3c\x48\x5c\xfb\x55\xf8\x99\x19\xaa\x97\x2d\x6b\x7e\x77\x11\xbe\x9e\x30\xc1\xeb\x96\xa0\xc3\x84\x53\x09\xfb\x23\xdb\xc7\x5b\x69\x91\xdd\x6e\x48\xcd\xde\x90\xe0\x4f\x22\x8e\x8c\xcf\x3b\xa2\x3f\x27\x47\xcf\xb9\xd3\x38\x1a\x93\x05\xf8\x16\xf2\x6c\xdd\xe4\x1c\x02\x20\xfa\xd2\x28\xff\x6a\x8b\x09\x5c\x77\xb6\xba\xe8\xfa\x33\x68\x14\x27\x24\xbf\x1f\x5e\x0f\x6f\xbc\xa5\x32\x0c\x21\x5b\x6b\xa8\x6b\x91\xe3\xa8\xac\xf7\x50\xe9\x3f\xa7\xea\xa6\x5c\x4f\x78\x5e\xf8\x42\x1a\x19\xc1\xe2\x7b\xc2\x4b\x42\x8e\x08\xa9\x02\x42\xab\xac\x9b\xd4\xaa\x03\xc6\x56\xf8\xf4\x6d\xc4\x0b\x36\x15\x2c\x1b\xd0\xde\xf1\xac\xfc\x0d\xa1\x0a\x2f\xa1\xdc\x3d\xa7\xac\xe5\xa8\xfd\x76\x22\x7b\xb1\xa6\x02\x39\x0f\xe5\x7a\xfd\x32\xef\xe2\x81\xf2\xea\x6b\x2e\x4d\x25\x45\xcb\x88\xd2\x30\x8d\x72\x69\x1c\x9a\x52\xb4\xca\x25\x23\x1a\x01\x07\xf2\x5d\x11\x7c\xc9\x35\x39\x76\x21\xc6\x83\xbd\xc8\xf2\x2e\x81\x03\x40\xf2\xcb\xac\x4c\xea\xa3\x46\x86\x65\x26\x18\x79\xf0\x07\x42\x00\x74\x3e\x0d\xe5\xf3\xe5\x83\x08\xb9\x8b\x04\xb8\xc7\x14\x8a\x4e\x00\x4e\x66\x7e\x83\x2b\x00\x84\xb5\xf2\xbd\xc6\xfd\xc9\x59\xf2\xfc\x28\xa8\xd3\x1d\x9a\x9e\x78\xe5\xd5\xf9\xc0\xb1\x19\xe5\xff\x1f\x68\xf7\xc0\xda\xf0\xc0\xf1\x69\x47\xcc\xa5\xb7\xce\xd0\x96\x01\xe2\xeb\xed\x28\x2e\xf2\xbf\x8f\xe9\xa2\x7e\xd2\x7f\xc5\xbc\xda\x8a\xed\x6c\x71\xbe\xe3\xe7\x75\x10\x04\x47\x26\x89\xbb\xf6\xd9\xd0\x79\x52\xa2\x42\xff\x87\x0d\x7c\x3f\x5e\x1f\xfc\x2c\x1f\x40\xfc\x9a\xb7\x57\x9b\x39\x2b\x55\x4f\x3d\xc5\x88\xc0\x3a\xb9\x57\x43\x1f\xe5\xd0\x2c\xbc\x71\x1a\xd4\x89\xfe"},
+{{0x61,0x91,0x7a,0x97,0x5c,0xb7,0xec,0x56,0x4c,0x70,0x8a,0x56,0x53,0x88,0xc5,0x72,0x36,0xa6,0x6b,0x69,0x7d,0xcd,0x5a,0x7f,0x10,0xba,0xe6,0x71,0x57,0x2a,0xc7,0xf0,},{0xec,0xc0,0xf0,0xb9,0x92,0x76,0xe5,0x28,0xf8,0x2b,0x42,0xf2,0xef,0xce,0x85,0x79,0xf8,0x3e,0x63,0x8c,0x6a,0xce,0xfd,0x07,0x28,0x28,0xc0,0x4e,0x43,0x4f,0x55,0xaf,},{0x6a,0xbb,0x3e,0x37,0x7b,0x5c,0x80,0xb7,0x4f,0x77,0x21,0x9c,0x1a,0x9e,0x09,0x6f,0xba,0x0e,0xb6,0x89,0x90,0x81,0x7a,0xcf,0xf1,0x2d,0xba,0x7f,0x61,0xc7,0x7c,0xcf,0x59,0x5f,0xb6,0x60,0x85,0x52,0x00,0x3c,0xea,0xd0,0x6c,0xa1,0x31,0x7c,0x9c,0xd5,0x1a,0xc4,0x72,0x4b,0x29,0xf4,0x09,0x21,0xfb,0x92,0x84,0x33,0x76,0x87,0x64,0x01,},"\x6e\x97\x0e\x0b\x1c\x92\xa7\xf4\x96\xa8\x2d\x8a\xe8\x0c\xfd\x0c\xce\xf1\xd2\xc7\x99\xd4\x17\x28\xf3\x5d\xdc\xd6\x03\xb4\x21\xc2\xa5\xab\x3b\x48\x9e\x78\xf4\xb6\x22\x97\xde\x43\x7c\x5a\xd1\xa9\x68\x3f\xf8\x7f\xa2\x8e\xb3\xcc\x38\xce\x24\x2a\xf5\x94\x19\xf9\xfd\x43\xfc\xaa\x54\xfc\x39\x89\x92\xf8\xc8\xe3\x1f\x2b\x33\xdc\xcc\xd0\xee\x11\xba\x7b\x38\x8e\x8d\x2a\x36\xea\xd0\x67\xc6\xbe\xce\xd5\x89\x0a\xb7\xd4\xa9\x4f\x55\xda\xb9\x21\x28\xa0\xf8\x14\xc0\xe6\x89\x71\xdf\x57\xbd\x50\x78\xa7\x40\x31\x75\xc7\xc2\xfd\xd4\xa5\x24\x47\x15\x3a\xb3\x74\x56\x72\x9a\xee\x33\xe5\xfc\x93\xdb\x8e\x7f\x48\x03\x09\x87\x5e\xcf\x6d\xb0\x7c\xe7\xf3\xca\xc5\xde\x49\xe3\x61\x27\x5c\xa5\x0b\x6b\x71\x9f\x4b\x71\x5b\x3e\x30\x86\x3c\xbb\x3b\x71\x64\xba\x9e\xb9\x6e\xf3\x30\x4b\x19\xad\x4d\x74\xdc\xe4\xbd\x25\xe7\x7b\xbb\xbe\xff\x1e\xe7\xd1\xfb\x55\xb9\xc4\xf7\xfc\x4c\xd9\xbd\x55\x10\x8a\xfc\xf9\x9c\x1a\x41\xcd\x6f\x6b\x1a\xdb\x29\x7b\x10\x6c\x8b\xa2\x4e\x31\x34\xf8\x7d\xd8\xef\xe5\xcf\x85\x49\x22\x91\xb9\x4d\x66\x00\x95\x8c\x28\xb9\x12\x2f\xe6\xe0\x1b\xd3\xe3\x29\xe4\x2d\x19\x26\xb8\x9f\x7a\x8c\x40\xa4\x98\x67\xe5\xaa\x3a\xd7\x49\xbd\x98\xda\xe7\xd0\x06\xb4\x53\x60\x9e\x7d\xae\x26\x36\x4d\x91\x72\xbe\x72\x83\x33\x01\x21\xed\x2b\x40\x27\xe0\x88\x51\x18\x74\x3a\x6e\xa0\xcb\x7d\xc2\x74\x09\xa9\xb2\x82\x0b\xcc\x24\x2e\xa1\x0a\x00\x93\x7b\xf8\x49\x20\x1e\x0f\xb6\x19\x94\x21\xf1\x63\xe9\x79\x4f\x2d\xd4\xb3\x32\x01\x4a\x09\xd3\xee\x80\x71\xda\x78\x77\x47\xf9\x90\xf5\x17\x99\x19\x02\x7d\xdf\xf7\xca\xb0\xf5\x5e\x9a\xfa\x8e\xcc\xb1\x6c\xc2\xdd\x3c\xbb\xea\xd7\xff\x7e\xc8\x18\xc2\x53\x39\x3f\x74\x87\x41\xf5\x54\x07\xf7\x40\x8e\xe3\x3a\x42\xae\x2d\x6e\xcb\x3f\xb6\x00\xa7\x1f\x30\xab\x63\x06\x06\xe5\x53\xb4\x36\x78\xe5\x98\x54\xf3\xa2\x94\x7b\xcf\x4e\xa0\xfc\xfe\xdc\x31\x4d\x83\x70\xd1\x26\x63\x95\xfd\xa3\xc9\x10\x5e\x97\x59\x52\xf6\x0e\x30\x86\xbb\x82\x48\x15\x13\xd6\xfe\x8a\xdb\x4f\x95\xef\xb9\xa9\x5b\x66\xd4\x80\xd2\xbb\x17\x10\x78\xcf\x40\x68\x4a\xc6\x9a\x78\x9c\x7f\xb7\xfa\x42\x53\x33\xd7\x05\xdb\x00\x06\x67\x55\xdf\x72\x8d\xe0\x2d\xf2\x5b\xae\x34\xf1\xd7\xd4\x9c\xaf\xfc\x51\xe9\xba\x2b\x10\xb9\x8f\xe4\xcd\x9d\x22\xb7\x76\x4e\xd9\x31\xed\xb5\xf0\xb5\x54\x49\x6e\x99\x53\x91\xe0\xaf\x0b\x8d\x1c\x7a\x82\x95\xa8\xd1\x5a\x7c\x65\x56\xd2\x9c\xb1\x9e\x08\x55\xca\x50\x5a\xd0\x1d\x2a\xa3\x09\x28\xa8\x4b\xc4\x89\x59\x57\x6d\x81\x2d\x9b\x27\xb8\xe8\x88\x79\xfa\xa2\x80\x6c\x08\x41\x36\x0e\xcd\x0f\xe8\x3f\x5b\x84\x8f\xc1\x2f\x65\x8f\x1e\x7f\x40\xe5\x61\xc2\xe7\x8d\x3b\x01\x25\x21\x0a\x92\x06\x1c\x2d\xb2\x1b\xa6\x60\xe8\x60\x8f\xf5"},
+{{0x7b,0xa2,0x5f,0x27,0x97,0xa2,0x83,0x6f,0x37,0x9d,0x6b,0xbc,0xbe,0x9a,0xbf,0x4f,0x2d,0xef,0x5e,0x52,0xf7,0x2b,0xd9,0xe0,0xb0,0x06,0x57,0x10,0x22,0xfa,0xc2,0xf3,},{0x6c,0x2e,0xd4,0xe8,0xc0,0x12,0x4d,0x5d,0x05,0x40,0x79,0x6d,0x39,0x45,0xd1,0xde,0x71,0xaa,0x69,0x69,0xe6,0xab,0xea,0x0f,0x1b,0x0e,0x6f,0xc4,0x29,0xc7,0x04,0x6f,},{0xf1,0xf5,0x90,0xa9,0x07,0xba,0x98,0x0e,0xb0,0xd6,0x48,0xab,0x4d,0xed,0x5f,0x92,0xfa,0xf7,0xcb,0x85,0x1d,0x81,0xd8,0x58,0xa7,0x8f,0xa6,0xb7,0x7c,0xbb,0xe1,0x2f,0x64,0xd2,0x0d,0xf5,0x27,0x71,0xa7,0xd5,0xe5,0x39,0xa1,0x52,0xd7,0x31,0xe1,0x90,0x3d,0x42,0x11,0xfd,0xcf,0xef,0x9a,0x48,0xb4,0x6c,0x8f,0xd5,0x39,0x4c,0xa0,0x09,},"\x17\x1a\x34\x09\x87\x80\x97\xb3\xb2\x2b\x2c\x00\x66\x0b\x46\xe5\x42\xc2\x16\x4c\x00\xbb\xee\x54\x55\x48\x37\x94\x0e\x70\xf0\x3d\xa9\x91\x6a\x40\xf9\xbd\xe8\x28\x8f\x45\xe4\x7b\xef\x7f\xfe\x4e\x55\x7c\xd4\x47\x40\x45\xe7\x40\xfd\x95\x9d\x98\x4f\x4e\xc8\x1d\xa8\x8d\x44\xa3\x73\xc1\xed\xa0\xcf\xc6\xb0\x8e\x35\x13\x73\xd3\xb8\x2a\xb0\x90\x2d\xf8\x06\x3f\xd9\x08\xe7\x03\xe0\xcb\xec\x41\x0a\xb5\xcd\xfe\xaa\xe0\x01\x88\xce\x2a\xd4\x2b\x8b\xf0\x4f\x7d\xaa\x5f\x0e\xe3\x33\xa6\xf9\x31\x1b\x4a\xd9\x81\x09\x52\xd5\xd5\xa6\x4b\x20\xf3\x7e\x84\x54\x15\xfc\x3c\xdd\x61\x6f\xeb\xec\x50\xdb\x29\x6f\xb3\xf3\xbb\x7f\x6b\x36\x6b\xbe\x52\xe4\x89\x7a\x05\x61\x7b\xf7\xc9\x81\xa6\x2e\xdc\xbb\xbe\x5d\xa4\xc3\x9c\xaf\xa8\x69\xaa\x2b\x27\x34\xe6\xcf\xed\x90\xed\x8b\xe7\x59\x49\x39\x0e\xe4\x45\x66\x89\x24\x55\xb8\x90\xcf\x56\x8b\x94\x5a\xab\xb7\x58\xd3\x85\x4b\xe6\x53\x9f\x3b\x86\xbf\x01\xd1\x88\xe4\x8c\xf2\x62\x6a\x0d\x7d\x38\x17\x03\xbe\x6e\xd1\x29\x0d\xfb\x94\x7b\xc2\xe0\xf8\x3d\xbc\x58\x70\x30\x80\xd7\xf5\xb9\xef\x19\xae\xf9\x30\x90\x8f\x68\xf0\xc8\x00\x10\xa9\x40\x1b\x30\x3a\x9f\x6d\xa8\x05\xbb\x8a\x0e\xd0\xf3\x94\x13\xee\xfe\xdf\x91\x9f\xfd\x8e\xa6\x39\x1b\xf9\x5d\x42\x29\x60\x4e\x49\x45\x7b\x8e\x23\xbe\xc6\x11\x48\x4c\xc7\xf9\x83\x2d\xd9\x5b\xdc\x3a\xd1\x77\xc0\x50\xf4\xab\x63\x3d\xcd\xb3\xe6\x91\xf5\x90\x28\x73\xb3\x8c\xb0\x72\x0b\x91\x13\x35\x7f\xe0\xcf\xb9\x8a\x68\xcc\xcb\x5d\x5f\x08\x09\xd5\x9a\x37\x5c\xf7\xb5\xa2\x75\xd4\x3c\x4c\x34\xff\x68\xe4\x48\x52\x6e\x8e\x1a\xad\x44\xe2\x00\x08\xa2\x32\xaf\xbc\xf5\x32\xa4\x2b\x50\xa0\x25\xa1\xb2\xee\x4e\x07\x7e\xb0\x12\x5a\x59\x3d\x51\xa2\x00\xec\x20\xd8\x72\xc0\x58\x38\xad\x36\xaa\xae\xec\xcc\x3e\xd9\xef\x41\xf6\xd1\x22\x67\x02\x17\xd5\xc0\x8f\x6e\x13\xc1\x72\x19\x45\x89\xac\xc3\xc5\x9f\x7e\xf7\x90\xc7\xc8\x5a\xa6\xd5\xeb\x69\xd4\xc8\x9a\x72\xf5\xe7\xc9\x24\x69\x85\xc1\xac\x0c\x5d\x19\x7f\x76\xa7\x3e\x37\x74\x83\x9d\x4a\xa2\x09\x6a\xca\x19\x0a\x30\xf4\xaa\xc5\x40\x57\xb6\x4f\x35\x8e\x0e\x06\x40\x0c\x0d\xf2\xf8\x76\x41\x2d\x34\x48\x4c\x43\x44\xf4\xd7\xc8\x66\x51\x7d\x3e\xfb\xa4\xa9\x0f\xa7\x14\x4c\x9b\xa5\xdb\x33\x61\xdb\x57\x69\x40\x3e\xc8\x16\x26\xa5\x11\xf9\x3e\x30\xf8\x58\x6e\xad\xfc\xaf\xd9\xa3\x6e\xcf\xf8\xd2\x4b\x42\x07\x9a\xda\x8e\x57\x9a\xc3\x08\x51\x17\x7b\xce\x90\x38\xb0\xe1\x30\x00\x72\xd6\x8e\xfd\xd7\x23\xf6\x35\x50\x64\x84\x32\x75\x81\x5a\x66\xb9\xd7\x3a\x12\x99\xaa\x59\xa1\x81\x2f\x64\x52\xfb\x41\x15\xea\x2b\x1f\x9f\xf4\xa9\x96\x90\x59\x6e\x3f\x20\x22\xd8\x1e\xd8\x74\xdd\x67\xe6\x18\x9c\xa0\xe6\x8b\x93\x04\xe9\x93\xa9\x5b\x66\x66\x5e\x0d\x07\x4c"},
+{{0xd1,0xe1,0xb2,0x2d,0xe5,0xe0,0x4c,0x9b,0xe4,0x65,0x1d,0xd7,0x39,0x95,0xa3,0x66,0x6c,0xb5,0x35,0x2c,0x65,0xac,0x7b,0x70,0x51,0xb3,0x66,0xfe,0x1a,0xc0,0xc3,0x10,},{0x12,0xfe,0x56,0xf1,0x01,0x2d,0x5c,0x12,0xf1,0x35,0xed,0x59,0x82,0xf3,0x82,0xae,0x5f,0x11,0x43,0xbc,0x90,0xe8,0xcb,0x8c,0x93,0x05,0x17,0x54,0x55,0x1e,0xe9,0x0a,},{0xab,0xaa,0xb4,0xfa,0x6a,0xeb,0x0a,0x0b,0x34,0xee,0x0d,0x61,0x3a,0x0a,0xf0,0x49,0xed,0xb4,0xce,0xdb,0xfe,0x9d,0x3b,0xeb,0xe9,0xc0,0x06,0x18,0xb1,0x15,0xb9,0xd1,0xfa,0x52,0x4e,0xc3,0x49,0x5e,0x13,0x30,0xb0,0x93,0x61,0x81,0xea,0xbb,0x14,0x29,0x9f,0xac,0xcc,0x40,0xea,0xa8,0xcc,0xa5,0x7e,0xd3,0x24,0xb7,0xa6,0x42,0x0c,0x0e,},"\xc7\xf2\x18\xb5\xaa\x7a\xae\x17\x99\x62\x5a\x56\xc4\xd7\xd7\xb0\x26\x37\xe5\x72\xf1\x41\x1a\x61\x22\xf1\x13\x79\x1a\xa3\xc6\x28\xe8\x19\x60\x2f\xb4\xf0\x33\x5a\x61\x23\x01\x3f\xa6\x4e\x9f\xdc\x4e\x4a\xe4\x97\xbd\x16\x9c\x2f\xa7\x7b\xc2\x36\x12\x97\x17\xf4\x62\x88\x6b\x41\x08\x93\xfa\x78\x09\xcb\xfd\xc8\x92\x22\x3b\x40\xee\x04\x1e\xbd\x4e\xc7\xdd\xab\x55\xbe\x60\x81\xa1\x64\x66\x43\xa9\x12\x0b\xaa\x46\x28\x9a\xcb\xa1\x5b\x3b\x48\xaf\x3b\x7a\xde\xcd\x69\xf4\x3e\xed\xe7\x9d\x9b\x19\x57\xe1\xd8\xc3\x12\x9e\x0f\xa0\x57\x9d\x3d\x39\x53\x70\x46\x1b\x0e\x12\x55\xc9\xca\xa9\x4e\x47\x25\x60\x1c\xb9\xd0\xe2\xd6\x02\x44\xd1\x5b\x64\xe1\xf7\xbc\x90\x15\x59\x0a\xd0\x99\x1f\x12\xf8\x26\x73\x11\x20\x6e\x9e\xb5\xd1\x6a\xdd\x0b\xa5\x21\x8f\xce\x5f\xff\xe1\xc9\xce\x5f\xfe\x1f\x73\x11\x32\xf4\xb1\x2c\xac\xb0\x2f\x97\x45\x17\x10\x84\x6b\x7f\x82\x4f\x4f\xa9\xe0\x89\x19\x26\x64\x69\x78\x9c\x00\xce\x0d\x94\xd3\x8f\xa8\xfe\xc3\xf5\x1f\x2f\x88\x6e\x9d\xb0\x9b\x80\x44\x70\xb1\x9e\xc9\xe8\x06\x63\xf1\x55\xb4\x98\x4d\x2b\xbd\x0b\x2c\xe9\x93\x02\xe0\x6c\x64\x44\x4b\x69\x6e\x31\x29\xfc\xef\x34\xc3\xdd\x00\xf7\xab\x5b\xed\xa7\x47\xa3\xfc\x63\x39\x19\x2b\x74\x0f\x35\x69\xb6\x7d\xbd\x6f\xfa\x39\xe2\x71\xfa\xa4\x00\xd9\x61\x6b\xff\x86\xec\x49\xa6\x59\xde\xf2\xe7\xf5\xd4\x51\xf2\xa2\xb3\x5e\x66\x2a\x6e\x7c\xc2\x2f\x1e\x5c\xdc\xde\x8a\x59\x98\x81\x35\xb7\xe7\x65\x62\x74\x3c\x1e\x6a\x09\x99\x01\xb3\xef\x97\xcb\xff\x23\xf2\x09\xbd\x70\x88\xc2\xf0\x32\x45\x27\x9a\x1d\xc7\x8d\xdd\xc1\xbb\x0c\x1d\x35\x10\x03\x57\x88\x21\x26\xb3\x28\xd3\xd9\x4e\x08\x71\xb6\x0b\xe2\x53\xfd\x1b\x6e\xcf\x03\xc1\xdb\x73\x1d\x9e\xed\x0e\xdf\x2b\x26\x43\x23\x07\x80\xa4\xd6\x6e\x99\x17\x9a\xad\x1b\x82\x40\x2e\x55\xf6\xd7\x85\xeb\xc8\x0f\x8d\xd2\xfd\x2b\xeb\x09\xf3\x10\x35\xdf\x62\xc1\x7f\x42\x8e\xd0\xb2\xd5\x65\x08\xdb\x31\xe6\xd2\xdd\x5f\xb6\x9e\xbe\xee\xa3\x25\x70\x70\xcf\x2f\xe6\x7d\x42\xd2\x88\x16\xa5\x5d\xba\xe0\xb1\x85\xdb\x44\x21\xbb\xfd\xae\xfc\x79\xc0\x8c\xdc\x1a\xcc\xf7\x16\x42\x56\x2e\xc7\x00\x36\xda\x2b\xba\xfa\x4a\x89\x19\x54\xc4\xee\x40\x49\xb5\x5c\x64\x0e\x91\x93\x0e\x39\xe3\xef\x10\x18\xdc\x16\x47\xf2\x69\x42\xc6\xdb\xdf\x4d\x56\xe4\x1e\xb2\xc8\x98\xc8\x21\xfa\xc1\x7c\xc2\x73\xe8\xe4\xaa\x56\x08\xa8\x12\xcf\x4b\x82\xf9\x60\x19\xc2\x52\xd5\x6e\x78\x05\x29\x8c\xcb\xe8\xce\x40\xb0\xbd\x0f\x93\x3b\x88\x4c\x0f\xaf\x97\xa9\x58\xb2\x04\x08\xb8\xa5\x29\x7c\xce\x55\x27\xb2\xca\x21\x28\x06\xe7\x2a\x32\x64\x45\x7a\x7f\xac\x86\x62\xb8\x2c\xa2\x33\xe1\xc7\x75\x8d\xc6\xe4\xf1\xb9\x99\x58\x63\xf2\x5f\x74\x7b\xce\xe4\x3b\x63\x9b\x1f\x8f\x20\x26\xd2\xd2"},
+{{0xdf,0x29,0x4e,0x47,0x7b,0x1b,0x91,0xc5,0xac,0x5b,0x98,0xc3,0x30,0xd2,0x22,0xd7,0xcd,0x2d,0x53,0xe7,0xd0,0xbc,0x0c,0xa4,0x03,0xdf,0x4e,0xc7,0x53,0x27,0xa2,0x74,},{0x5f,0x0b,0xd2,0x2f,0x2f,0x18,0x96,0xd1,0x56,0x3b,0x4f,0x69,0x40,0xc7,0xdf,0x89,0xef,0xc2,0x58,0xc0,0xff,0x6c,0x2f,0xcd,0x67,0x4d,0xaf,0x4f,0x59,0xfc,0xdb,0x60,},{0x99,0x45,0xab,0x73,0xb5,0x85,0x62,0xb3,0x55,0xda,0xbc,0x4e,0x2b,0x6b,0xe7,0xe0,0x5f,0x37,0xf8,0x95,0x71,0x44,0x0c,0xcc,0x32,0xc1,0xa9,0x47,0x37,0x09,0x5b,0x78,0x66,0x74,0x7d,0x21,0x00,0x70,0x00,0xa0,0xf0,0xe3,0x51,0x11,0x4b,0x88,0xe0,0x13,0x8b,0x55,0xdf,0x44,0xfe,0x72,0xeb,0xe9,0x59,0x14,0x10,0xe7,0x07,0xfa,0x9d,0x02,},"\x3e\x42\xd6\x68\x40\x96\x30\xcb\xb8\x48\x12\xac\x7f\xf1\x15\x4f\x70\xfc\xa8\xbd\xff\x3f\x1a\x04\x0f\xa3\xaf\x86\x8a\xa1\xc4\xe9\x15\x08\xb1\xae\xfd\xf5\xc3\xa8\xb4\xb0\x77\xa4\xd1\x62\xd2\xc0\x5b\xd3\x64\xfb\xbe\x8c\x5a\x08\x31\x4c\x2e\x07\xdf\xfb\xd6\xe8\xdd\x2e\x08\xa0\xdc\xc9\x6e\xa9\x2d\xdd\x4c\x97\xf7\x9d\xb9\x42\x5a\x6c\x6b\x34\xc4\x60\x43\xd0\x9a\x68\xb7\x68\x72\x36\xa9\x18\xd2\x1a\x56\x16\x10\xa1\x3a\xc5\xe4\x46\xe0\x88\x1b\xb2\x6c\xc8\xe2\x8a\xad\x16\x54\xf8\x67\xad\x82\xae\x33\xf8\xf7\xa7\x8a\x65\xbe\x57\x69\x94\x75\x51\x6a\x1a\x87\x46\x84\x3e\x93\xa1\xa2\x94\x35\x46\x24\xfa\xc0\x4d\x45\x2c\xcf\xbe\x4f\xdd\x92\xa9\x51\xaa\xa0\x7d\x26\x67\x6d\x5c\xb0\x77\xa5\x00\x0d\x43\x9c\x12\x42\x76\xc0\xdb\xcf\x86\xe7\xaa\x15\x3c\xc2\x4b\x5a\xff\x67\x7c\x6b\xad\xc2\x61\xc2\x89\xf4\xa4\xae\x51\x9b\x2e\x2f\xff\x31\x2f\xbf\x0f\x5b\x4c\x46\x98\xf6\xae\xdd\x8f\xcb\x1d\x23\x48\x94\x2d\xe3\xfb\x73\xba\x27\xf6\xdb\x14\xc2\xf0\x91\x80\x35\x6e\x5f\xca\xe1\xad\xf6\x5e\x22\x42\x5f\x8c\x27\xf1\x9e\x98\x94\x83\x50\x6e\x5d\xf5\x7a\x1b\x61\x3a\x22\xe3\x45\x03\x8b\x3e\xa9\x1c\x0f\x78\xff\xff\x46\x38\x3f\x38\xc7\x22\x25\x35\x8a\x34\x57\x0d\x6f\x66\x4a\x17\x45\x4a\x15\x16\x13\xf0\x1c\xba\x77\x7f\x62\xec\x83\x18\x75\xec\x5e\x27\xd2\x57\xf1\x80\xb6\x36\x6c\xb1\x83\x10\x7c\x40\xf5\x0b\x01\xb2\xb9\xbf\x91\xb3\xb5\x54\x9e\xd9\x31\xa3\x53\x7a\xa4\x16\x89\xf7\x2b\x25\x7a\x6a\xa3\x9c\xdc\x6f\xce\xdf\x14\x39\x83\xbe\x5b\xff\xe3\xae\x2b\x29\xf8\x2f\x88\x21\x22\xd6\x6a\x79\x25\xf5\xa7\x10\x82\x6c\x0d\xad\xb7\xe4\xfa\x4e\xc0\x79\xba\x2e\x76\xda\xda\x43\x3f\x30\x77\xcb\x1e\xf7\x46\x13\xfc\x5d\xbf\x82\x58\xb6\xda\x7c\x73\xc8\x66\x37\x24\x57\xed\x50\x0f\x97\xf9\x90\x7e\x1f\xc2\x63\x53\xc7\x0b\xa3\xbd\x9c\x36\x15\x1d\x46\x86\x5d\x2c\x65\x98\x65\x62\x48\x5c\xf8\x42\x1f\xeb\xbe\x77\x7c\x73\xe6\xcd\x00\x26\xd6\x6d\x35\x12\x8b\x9f\x8f\x33\x26\x4a\xeb\x56\xbd\x3e\x4b\x8d\x1f\x52\x66\x41\x1e\xf3\xb2\x3b\x76\xb3\x6d\x4c\x9d\xf3\xc5\x12\xfd\x56\x0c\x2b\xe5\x2a\xc5\x23\xc1\x93\x77\xad\x2a\xdc\x0e\x8c\x30\x9c\xf5\xbb\xf7\x2d\x9e\xb8\x5d\x65\xa9\x48\x47\xd4\x97\xd8\xd1\x02\x42\x4f\xb8\x43\x81\x66\x6e\xcb\x1c\x35\xa3\x72\x5d\x7d\x9e\x92\x84\xfd\xeb\xb6\xb3\x62\xaa\x6a\x9c\x6f\xb3\x7a\xba\x87\x35\x7f\x57\x4c\x0e\x63\xb4\x49\x7d\x49\x8f\xfb\xb7\xd0\x69\x2d\x78\x4b\x4b\x18\xce\x9f\x91\x50\xc1\x46\xd3\xd1\x8c\x38\x2e\xda\x04\x93\x8c\x69\xd0\x77\x8f\x29\x02\xd5\x23\x5a\x56\x52\xb9\x7c\xef\x6d\x5f\x60\xda\x6b\xd7\xed\x4f\xf9\x7c\xd9\x4d\x49\x39\xca\xca\x3b\x6b\xaa\x3c\xfd\xac\x04\xcd\xa9\x55\x96\xf4\x67\xcb\xc6\xcb\xcd\x92\x64\x16\x77\x43\xea\xc1"},
+{{0x70,0xc6,0x85,0x9f,0x08,0xcf,0x42,0xb4,0xbd,0xa9,0xeb,0x62,0x97,0x9d,0xff,0xb7,0xcb,0x08,0xeb,0x3d,0xab,0xe9,0x3f,0xe9,0x4b,0x01,0x38,0x46,0x17,0xcf,0x67,0x30,},{0x40,0x1c,0x9e,0x20,0x33,0xe2,0x25,0x9f,0xb6,0x38,0x3b,0x3e,0x8b,0x9e,0x17,0xb3,0xf2,0x06,0x27,0x46,0xbb,0xe6,0x48,0xcf,0x48,0x45,0x16,0xdb,0x0f,0x2f,0x1b,0x06,},{0x0f,0x03,0xa4,0xf1,0x5c,0x33,0x9b,0x4f,0x7b,0x88,0xb4,0xe2,0x1a,0xd9,0xe3,0xd6,0xbb,0xf3,0xef,0xfb,0x7b,0x67,0x8f,0xfa,0x50,0x0d,0x47,0x38,0x3b,0x71,0xa7,0x45,0x4f,0x62,0x90,0x7b,0x56,0xf5,0x9f,0x9b,0x9a,0xf6,0xd5,0xb2,0xa0,0xfc,0x1c,0x73,0x7a,0x64,0x10,0x51,0x95,0x08,0x98,0x99,0xf5,0x7a,0x2c,0x9d,0xba,0x50,0x9e,0x0a,},"\xdd\x06\x09\xea\x15\x99\x21\x39\x5d\x11\xfb\x2d\xa8\xea\x4f\x74\x7d\x7f\x74\xb5\x80\x52\xe0\x1c\xad\x40\xa2\x71\xfa\x0b\xbe\xed\x91\x02\x0f\x4f\x0c\x08\x46\xc4\xf0\x77\x78\xa6\xaa\x76\x8e\xb5\x17\x12\x29\x4e\x9e\x1f\x32\xa6\x02\xb1\x52\x51\x4f\x5e\x6d\x39\xf9\xe0\x8f\x7a\x78\x12\xbd\x90\x0c\x10\xa9\x14\x69\xe4\x7e\x8a\x78\xe5\x4c\xd4\xbd\x7c\xfe\xde\xde\xc1\x71\xef\x37\x3f\x1c\x4f\x9b\xbc\x2c\x81\x40\x2f\xb1\x4e\xd0\xbf\xac\x8d\x04\x3f\x11\x7d\x61\x24\x52\x1a\xfa\xe0\x91\x6a\x51\x0d\x56\x8a\xcf\xa3\xaa\x33\x01\xbc\x97\x9a\xc2\x8d\x55\x1d\xbb\xea\x6c\xea\xc4\xc2\x12\xaa\x8c\x84\x92\xb3\x61\x3a\xe7\x39\x5d\xd4\x12\x5f\xc4\xc2\x5d\x5b\x4d\x99\x23\x08\x21\xd4\xb1\x7e\xc2\xee\x6b\xe7\xd6\x04\x19\x5a\x21\x54\x33\x3b\x97\x35\x26\x58\x0c\xa7\xef\x9e\x30\xc6\xc1\xdd\x42\xef\x2a\xfe\x42\xb1\x1b\x1a\xa4\x9b\x9c\xca\xba\xca\x17\x09\x1e\xeb\x38\x0e\xc5\xe3\x4a\xd1\xe3\x82\x7c\xc6\x0d\xac\xf1\x44\x28\x6c\x78\x92\x59\x0b\xd2\x67\x1a\x8d\xc5\xf3\xa7\x02\xc1\xde\x7c\xd3\xb4\x2c\x1b\x15\x0b\x09\xc3\xe5\x8e\xf6\x94\x3b\x45\xd8\x9d\x41\xdf\x36\x1f\x1d\x5c\x25\x56\x55\x91\xb6\xac\x8d\xea\xa7\x36\x76\x53\x1f\x6e\x5a\xbe\x58\x04\xb0\x09\x7f\x8d\x45\xea\x29\x39\x17\x73\x33\xca\xce\xf1\x2e\x4b\x71\xfe\x49\x36\xba\xfe\x00\x74\x7a\x89\x30\xbc\xea\x55\xb8\xfd\x84\xa0\x1f\x6d\xf8\x4e\x7a\xcb\x93\x1f\xc7\xc0\x1d\xdf\xd6\x3d\xee\xc3\xad\x3e\x69\xdf\xa2\xb7\x35\x50\x58\x3d\x57\x47\xee\xe9\x6c\x55\x36\x36\x87\x97\xe2\x47\xf2\x3f\x53\x7d\x79\x07\x9a\xb6\xda\x31\x41\x02\xc7\x44\x3d\x41\x96\x0e\x3a\x3d\x8c\x35\x9c\x4a\x4e\xc6\x26\xfc\xc4\x4e\x11\x0e\xa7\x44\xd4\x17\xaa\x85\x0d\xb8\xec\xdb\xfe\x34\x0a\x96\x2d\xb0\xd8\xc5\x7d\xc5\x17\xbe\x8b\x40\xd1\x4d\xe9\x7b\x1e\x9e\x04\x26\x44\x7f\xde\x0a\x04\xe5\x06\x79\xc5\x3b\xa1\xaa\x3c\xdc\x38\xc7\xed\xe6\xdb\x6c\x05\x4b\x1e\x9c\xe7\xde\xad\xaf\x93\xeb\xdd\x47\x07\x91\x53\x5f\x3e\xcf\xab\xf3\x41\x63\x55\xf7\xa1\x8a\x38\xaf\xe6\xbf\xe5\x07\xef\x08\xc4\x37\x3a\x4a\x69\xde\xe1\xfc\xb6\x5b\x16\x31\xa0\xde\x14\x88\x64\x9d\x0b\xb2\x67\x9a\x9a\x45\xf6\x78\x20\xb2\xa4\xa1\xe5\xa5\x48\x07\x2d\xa7\x03\x2d\x17\x25\x55\xe7\x88\xcc\x98\x60\xeb\xb3\xc0\xc3\x59\x49\x37\x51\xb0\xc2\xc9\x50\xa7\xfc\xf4\x80\x3c\x14\x7f\x93\x40\xfc\x93\xd8\x5f\x1e\xfa\x57\xb3\x90\x81\xb9\x2d\x93\x47\x3f\xd2\x35\x16\xc4\x95\x0e\xd4\xb2\x9a\x2e\xd3\xa0\x42\xae\x3d\x92\xa1\xe5\x2c\xb7\x09\x63\x6f\xc7\x27\x2f\xd7\x47\x20\x8b\xee\x2b\x16\xd1\x91\xe4\xc6\xde\xb2\x76\x72\xaa\x34\xe4\x39\x14\xcf\xf2\x05\x5c\xa4\xee\x8b\xa3\xe1\xdc\x58\xa6\x79\xc7\xf7\xde\xe2\xc1\xd5\x3e\x28\x75\x09\x70\xf5\x7d\x85\xea\xb1\xc2\x6b\x89\xbb\x73\xe0\xb1"},
+{{0xc5,0x96,0x29,0x61,0x81,0x5b,0x57,0xcd,0x16,0x24,0x03,0xce,0x08,0xe4,0x10,0x5d,0xdb,0x8a,0xae,0x2d,0x3f,0x53,0x3f,0xb4,0x9c,0xc2,0x36,0xb5,0xff,0x50,0x4d,0x6e,},{0xdb,0xad,0xe7,0x22,0x36,0xba,0x12,0xd4,0x97,0x7b,0xa4,0x6c,0x36,0x4b,0xb6,0x9a,0x88,0x7f,0xf4,0x02,0xde,0x91,0xd4,0x7a,0xfa,0x9b,0x93,0xc9,0x5b,0xe7,0x1e,0x7e,},{0x81,0x01,0xba,0xef,0x00,0x4e,0xb6,0xf5,0xad,0x4d,0xe0,0x97,0x9f,0xf3,0x6d,0x34,0x39,0xb8,0x21,0x2b,0xdc,0x92,0x89,0x42,0xe4,0x31,0x91,0x5b,0x3f,0xd1,0x8b,0xc2,0xad,0x67,0xb2,0x6f,0x18,0x94,0x1d,0xcb,0x16,0xd2,0xc2,0x91,0x91,0x42,0x1e,0x77,0x9f,0xed,0x62,0x2f,0xd9,0xf5,0x82,0x64,0x4e,0xaa,0xdb,0x3f,0xe5,0xc0,0x98,0x03,},"\x4a\xe4\x14\x8d\x79\xca\x94\x25\x59\x2a\xa2\x40\xbd\x15\x34\x24\xa3\xbf\x4a\xe2\x73\x95\x87\x2c\xe5\x72\x8a\xc7\x61\x35\x96\xa7\x7d\x5c\xe8\x56\x5d\x8d\x6e\x1b\x59\x35\xb3\x90\x6c\xaf\xe1\xff\x88\x8e\xbc\x98\x15\xe0\x4a\x62\x4d\xfc\x4c\x69\x07\xb8\x5f\x6f\x1a\x0d\xbd\xdf\xf6\x2e\x91\x51\x22\x0d\x47\x44\x62\xcb\x9f\x13\xd8\x9d\x3a\x93\xa0\x0b\xa2\xb6\x0f\x7e\x7c\xa6\x3d\xa1\x7a\x63\x79\xd6\x73\x55\x1e\x79\x0b\x59\x11\x72\x7c\x90\x6d\xc9\x4f\x86\xd8\x27\x75\x46\xc1\x56\x4a\x45\x57\x3a\x77\x43\xbb\x8a\x13\x8c\xde\x87\xb3\xb2\xf2\x8e\x5e\x24\x59\x40\xa5\x1e\x7c\x45\x8c\xf8\xc5\xf0\xa7\x02\x75\x96\x25\x53\xe0\xd2\x39\x0d\x17\x1d\xb4\x4c\x2f\x7a\x5c\x9e\x9f\x93\xb9\x0f\x7a\x5f\x54\xf1\x91\xb0\xd8\x75\xba\xd7\xe0\xbe\xb9\x80\xc2\xa3\x36\x5c\xd7\xb9\x20\x87\x24\xf4\x65\x44\x18\x11\x7e\x16\xef\x71\x34\xe3\xe2\x79\x4b\x6f\x9e\x80\xec\xab\xec\xa3\x25\x4e\x70\x4c\x21\xb7\xad\x30\xc5\xde\xe0\x17\xea\x25\x33\xfc\xd9\x42\x51\xe5\x5a\xe7\x5a\x8c\xc6\xdb\x66\x74\xb3\x9c\x88\xca\x42\x00\x60\x43\xd6\xbd\x9b\x00\xec\xf6\x4c\xea\xfe\xeb\x40\x2b\x1f\x22\xfd\x89\x1f\x2d\x11\xc5\x15\xc1\xab\xa6\xa2\xd4\xc0\xbd\x21\x81\xa4\x8e\x43\xfd\x1c\x0a\xf9\x1f\x9b\x7b\x7d\x37\xf3\xdc\xd9\xe4\xc0\xa7\x59\x74\x84\x67\xd3\x48\xa8\xb1\x16\xdf\x6a\x4e\xac\xf1\x78\xae\xcc\xcd\x30\x66\xe9\x2d\xca\x45\xda\x7a\x3e\x31\x9f\x37\x71\xeb\x34\x90\x02\x21\x93\xc5\xb6\x52\xf0\x45\x68\x7e\x17\x05\xf2\xe5\x69\x1c\x13\x4b\xe4\x00\x63\x53\xd7\xec\xd0\xe9\x18\xd5\xde\x0f\x3b\x87\x80\x9f\xca\x4a\xcf\xab\x94\xe1\x14\x8f\xf7\xcf\x07\xf7\xcf\xd0\xc7\x45\xdd\x2b\xe0\x1a\x24\xa5\xe0\x69\x28\x06\x98\xbc\x3f\x54\x00\xa6\xdc\xd0\x8e\x44\x59\x5c\x03\x88\xe4\x48\x33\x76\x8f\xc4\x91\x04\xee\x11\x5b\xdc\xb0\x2b\xfb\xda\x17\x9d\x16\x4c\xe9\x69\x93\x66\x29\xf2\x33\x56\x01\xb5\x6f\xe8\xf7\x85\xcc\xa3\x80\x5f\x04\x03\x87\x2c\x62\xf7\x3c\x3c\xe8\x05\x63\xd0\x70\xe9\x76\xd8\xec\xc5\x11\x24\xe2\xca\xce\x7e\xe1\x86\x99\x04\x7c\xb0\xf8\xfb\x8d\x9c\x59\xb8\xa6\x0d\x12\xc0\x8a\x09\xfc\xe5\x8f\xd9\x2c\xd3\x6d\xb6\xa8\xe8\x9d\x11\x8c\xf8\x8a\x92\xdc\x8a\x26\x00\xbd\x95\xf5\xa8\xe8\x5d\xb5\xcd\xbb\x24\x9c\xa8\x12\xca\x20\x9c\x76\x18\x05\x1c\x45\x64\xa3\xa0\xe1\x92\xb7\xe4\x59\x92\x45\x6c\x87\xd1\x74\x12\xc1\x1a\xde\xad\x52\x6a\xb8\xdb\x21\x45\x2f\x74\x71\xd1\x7f\x2e\xbc\x90\x01\x54\x50\xed\xf4\xf0\xa4\x4f\xb2\xf4\x90\x5f\x74\xd7\x02\x75\xcc\xd8\x9b\x93\xa6\x50\x47\x3c\x02\xa7\xda\x0c\xbc\x67\x91\x5c\xeb\x7a\x1e\xa5\x9f\xa8\x88\x44\x72\xdc\x91\x7e\xe9\xd2\x46\x33\x9c\x59\x26\x84\x3e\xcf\x53\xfa\xfd\xc5\x6a\x69\x56\x01\xa2\x76\xc2\x3a\x84\x3e\x4d\x30\xf8\x9c\x97\xc9\xee\xe6\xdf\xc7"},
+{{0xde,0xe6,0x86,0x6c,0x78,0x74,0xc1,0x27,0x02,0x9e,0x96,0xe0,0x25,0xbf,0xfd,0x35,0xfc,0xfd,0xf4,0xdc,0x36,0x96,0x6c,0x15,0xee,0x62,0x93,0x36,0x80,0x13,0xd3,0x79,},{0x08,0xc9,0x4d,0xa3,0x51,0xbb,0x2b,0xee,0x72,0xe6,0xe1,0x96,0xbe,0x74,0x88,0x07,0x58,0x37,0x62,0xc5,0x29,0x6e,0x05,0xb1,0xe5,0x29,0xc4,0x7c,0x6b,0xba,0xce,0xc6,},{0xb7,0x8e,0xbd,0x6d,0x65,0xb1,0x75,0xd4,0xbb,0xd3,0xd9,0xa2,0x08,0x2a,0x0e,0xfe,0x6e,0x99,0x1c,0xb2,0xe4,0x03,0x52,0x1e,0xec,0xe0,0x0f,0x41,0x8f,0x2e,0x95,0x6b,0x66,0x90,0x78,0x80,0x65,0x8b,0x9e,0x8e,0x47,0x69,0x96,0x53,0xd1,0x59,0x13,0x23,0x80,0xd9,0xce,0x11,0x09,0xaf,0x9c,0x27,0x57,0xda,0xf4,0xcd,0xf1,0x8c,0x9c,0x0a,},"\xf1\xaa\x19\x77\xf5\x31\x1b\x53\x8b\x94\x0a\xe4\x42\xa3\xab\xc8\x9a\xac\xcd\xcd\x0a\x79\x38\x0a\x24\x25\x8d\x4a\x9f\x1c\xe6\x38\xfc\x2f\x5b\xa2\xe5\x3f\x8e\x1f\xa6\x17\x6f\x17\x8d\x90\x24\xa7\x78\x94\xc2\x8c\xad\x42\xd6\x29\xc7\x93\xd6\x8a\x02\xbe\x94\x11\xb5\x27\xac\xad\xae\x7e\x5c\x38\x51\xba\xbb\x45\xb5\xfe\xce\x32\x9e\x29\x03\x4c\xd4\x25\x71\x08\x37\x27\xf3\x5a\xec\xad\x7c\x9b\xe5\x95\x4e\xc6\x4e\x8f\x6e\xca\xb7\xcc\x05\x90\xe5\x41\x56\xa4\xe1\xa4\x53\x03\x84\x9f\x78\x97\xe7\x2c\xf2\xfb\xcd\x84\xf5\x6c\x72\xf9\x41\xdb\xb0\xb0\x9a\x32\xe6\x38\x6f\xbe\x18\xa4\x3b\xb9\xbd\x8b\x79\x3e\x4b\x9e\xdd\x53\x21\x03\xea\xb5\x4d\x62\x71\x17\xd2\x81\x39\xb6\x4e\x60\xfb\x0b\x81\xd0\x90\x01\xbb\x24\x04\xd9\x25\xe2\x65\xba\xbd\xc6\x9f\x96\xb1\x35\xe9\xe6\xab\x7f\xeb\xb1\xed\x30\x75\xd6\xaa\x2a\xbd\x2b\xbf\x9b\x65\xfa\x9b\x3b\x71\x91\xef\x37\xb6\x33\x60\x59\x10\xee\x88\xf6\x6e\xad\xa7\x9f\x00\xf5\x36\xd3\x80\xb8\x2f\x2f\x4b\x59\x85\x11\x2d\xe0\x04\xa5\x66\x03\xf4\x43\x6d\x8f\xf3\x00\xf4\x2b\xf5\xac\xdc\x7a\x4b\xf1\xea\x9d\x41\x96\xc4\x80\x49\x5b\xac\xb0\x06\x76\x30\xfc\xc0\x00\xb4\xf2\x79\xdd\x3f\x30\xf3\x53\x27\x60\x92\xd1\x52\xc3\xf4\x3e\xfd\xc0\x41\xde\xaa\x0b\xc5\xaa\xab\xa7\xf8\xbb\xd8\x5e\x69\xc1\x37\x42\xd6\x78\xdb\xb6\x53\x60\xaa\xf7\xb5\x48\xa0\x44\xc0\xec\x60\xa5\x7a\xf6\x50\xbc\x31\x97\x3f\x83\x2f\x96\x12\x65\xbc\x23\x18\xf8\x07\x75\xaf\xd5\x1f\x55\x19\x4c\x42\x42\x3f\x7b\xf4\xe0\x05\x2f\x98\xcb\x20\x69\x13\xff\xea\x48\x86\xec\xd2\x7a\x41\x79\xb1\x37\x73\xf9\x47\x50\x2e\x18\x1b\xf1\xa1\xf2\xc6\x2c\x6f\x08\xc2\x03\x59\xf0\x6d\xf2\xb1\x81\x27\x04\x3b\x10\x70\xd0\x19\x4e\xf5\xe5\xbf\xd3\x7d\x22\x79\x84\xcf\xb1\x09\x89\xf2\x1c\x71\xad\x0f\xe3\xb8\x12\x27\xd3\xa7\x17\x89\x45\x5e\xda\x38\x3c\x22\xf4\xd2\xfc\xc7\x25\x79\xf4\x65\xe0\x66\xf3\xd3\x8b\xef\xc0\x24\xef\xef\x6c\x2e\x32\x96\x49\xce\x43\x4d\x62\x73\x67\xa9\x00\xd0\x7f\xe6\x23\x42\x35\xc8\x46\x56\xea\xc5\xdd\x0d\x78\x8c\xf4\xcb\x31\x87\x18\x24\xd6\x6a\xe4\xbc\x89\xed\xeb\xa1\xb3\x67\x01\x29\x84\x53\xe8\xda\x1e\x69\xcf\xb8\x68\x09\x5c\x3b\xe6\xed\x21\x82\xda\x1c\xff\x49\x05\xaf\xd2\x07\x31\xac\x1e\xd9\x84\x16\x47\x37\x90\x3c\x7d\x8b\xb0\xad\x16\xae\xcf\x2f\xae\x33\x74\x04\xfe\x35\x66\x45\x15\xd9\x3b\x70\x1e\x2f\x87\x86\x64\x45\x4c\x0d\xec\xd1\xc6\x55\x8a\xda\xce\x3c\xdb\x22\x75\x07\xa5\x16\x06\xf0\xa5\x4d\xf8\xdf\xaa\x42\x02\x05\xdd\x57\xc6\x52\x42\xff\x24\xa4\x05\xef\x85\xc9\x2d\x60\x28\x86\x93\x2b\x35\xfa\xbe\x9c\x3b\xce\xbf\xc6\x23\x56\x39\xe8\x73\xfc\x2d\xd0\x84\xc5\x2c\xd6\xa7\x41\x3b\x83\x1d\x1c\xc9\x99\x31\x37\x3a\xab\xd8\x47\x62\x0e\xb6\x9b\xb0\xfa"},
+{{0x52,0x36,0x23,0x55,0x59,0x95,0xba,0xaf,0x2a,0x27,0xad,0xcb,0x1e,0xba,0xfa,0xa8,0x02,0xd2,0x3e,0xf7,0xab,0xfa,0x97,0x75,0xf2,0xc9,0xbf,0xa0,0x7d,0x64,0xe0,0xac,},{0xd3,0x4d,0xea,0xe6,0x52,0x3e,0x61,0x9d,0xd1,0xbf,0xc8,0xf3,0xc4,0xca,0x4b,0x78,0xb3,0x68,0xc0,0xf7,0x20,0x03,0x5e,0x14,0x4c,0x3f,0x2f,0xc1,0x05,0xd4,0xce,0x21,},{0xb1,0x87,0x17,0x29,0xfe,0xc8,0x3a,0xea,0x0a,0xaa,0x47,0x2b,0x70,0x0a,0xcd,0x09,0x48,0x13,0xfb,0x7d,0x57,0xb9,0x09,0xe0,0xea,0xaf,0x21,0xee,0x93,0x18,0x47,0xad,0xde,0xdd,0x2b,0xe8,0x53,0x3d,0x0c,0x30,0x5c,0xb9,0xcf,0xe5,0x08,0x0e,0x76,0xc2,0x80,0x8b,0x6e,0x51,0xc9,0x82,0x62,0x90,0xdd,0xb7,0xb9,0x4b,0x6f,0x7d,0x58,0x0b,},"\x05\x53\xe6\x9e\xf2\x11\x65\x2d\x62\xbf\x28\x1b\xfb\xdd\x37\xbe\x22\x76\x9d\x81\x97\x46\x36\x1c\x7d\x65\xdd\xd0\xfa\xd6\x77\xcc\x04\x38\xb3\x01\xd1\x51\x45\x78\xe0\xda\x58\xe5\x5f\x72\x9f\xa8\xe6\x6d\xde\xb7\xf9\x73\xa8\x18\xd2\x4e\xd8\xfe\x02\x7b\x84\x91\x17\x9d\x07\x77\x3f\xb5\xd2\xbb\x96\xaa\x85\xd6\xb3\x75\x04\x54\xe5\x0d\xe9\x1f\x9b\x88\xae\xe8\xaa\x68\xe6\xbb\x53\xed\xc6\x66\x77\xb4\x1e\x60\x1a\x46\xab\x4b\xb1\xe6\x56\xe7\xfa\x5f\x01\x79\x93\x36\x80\xa6\xec\x95\x04\x27\x5e\x7a\xdf\x7a\x32\x48\xe6\x3a\x0f\xc9\xc1\xea\x5a\xe9\x6c\xd0\xc6\x5a\x89\xa7\x7c\xec\x2b\x1f\xd8\xf4\x53\x7e\x82\xc1\xc4\x88\xa6\x9a\x0e\xf6\x4f\x58\x73\x4d\x9e\x73\x47\x8e\x1d\x1f\x12\x31\x14\xef\x66\x08\x5e\x0b\xa3\x19\xcb\x81\x0b\x66\xaf\x96\xd1\x30\x8b\x1a\x2b\xd9\x2b\xa2\xc2\x65\xaa\x30\x9e\xcd\x55\x57\xd4\x02\xc3\x80\x2c\xae\x8d\x7e\x95\x00\x7f\xe6\x10\xc2\xaa\x75\xfc\x66\x19\x6c\x3f\xad\xfe\x99\x7d\x6d\x59\x98\xe1\x8d\x26\x0e\x9d\xa3\x1d\xa9\x21\x8c\xba\xd1\x03\xcb\xfc\x2c\x75\x47\x76\x5d\x67\xe8\x1f\x24\xac\x83\x02\x2e\xf5\x1c\x6c\xc5\x08\x64\x36\x6a\x35\xf6\xb9\xb9\xaf\x94\xe8\x4c\xaa\x9f\xd3\xd7\x67\xc8\x31\xf0\x96\x7a\x61\x46\x2f\xbc\xfc\xc8\x03\xf1\x2e\x37\x39\x03\x9a\xcd\x5d\xbe\x93\x66\xf0\x5a\x33\xdb\xea\xf3\x60\xe2\xdd\xcb\xe5\xc4\x43\xf8\x0e\xf2\xad\x62\xe0\x3c\x1d\x5b\x70\xcd\xea\xb4\xa7\xdd\x41\x55\x30\x64\xc8\xd1\x52\x70\x9d\xef\xf8\x20\x76\xb9\x07\x11\x92\x37\x6f\x51\xd4\xc2\xc7\x1a\x84\xe8\x9f\x2d\x94\x01\x32\x0c\x2e\x45\x9b\x3e\x24\x3c\xca\x7c\x26\xfd\x09\x8c\x26\x4a\xc8\x8e\xf6\x38\x92\x1d\x98\x0b\x0a\xe9\xe5\x12\xd3\x72\x03\x7d\x81\xad\xc4\x81\x26\xd7\xc9\xe4\xb5\xaf\xa5\x7e\xc2\x65\xd4\x01\xb9\x65\x3e\x92\x8a\xfb\x7d\xff\x9b\x48\xe2\x95\xe4\x70\xd6\xb5\x2e\x88\xb3\x9d\x0a\x40\xcb\x8e\xba\x24\x9f\x8b\x13\xd8\x11\x13\xdb\x1d\x3e\x01\xef\x75\xc7\x22\xf2\x69\x48\x8e\x96\x3c\xc8\x18\x27\x04\xf8\xca\x01\x8e\x73\xdc\x07\x14\xe9\xa9\xfc\x79\xbc\x43\x63\xc2\x8c\xb3\x98\x43\x74\xf7\x3b\x2a\xa8\x78\x6e\x74\xe0\x15\x95\x07\xa2\x98\x83\xfe\x0e\xd1\xc6\x00\xf5\x25\x88\x5f\x2f\x10\xea\x00\x6c\x39\xe5\x9b\x92\x5b\x76\x5b\x1e\xde\x53\x42\x57\xa1\xf4\x0f\x28\x46\x58\x4f\x06\x97\x46\xb5\x2f\x56\x00\x43\x0a\x28\x63\xd7\x93\x60\x95\xfb\xc2\x2a\x6a\xda\x67\x4d\x41\xb3\x74\xe2\xb8\xb9\xa1\x9f\xa7\x12\xb5\x94\x45\x33\xbb\x6d\x6e\xc4\x3b\x89\xd4\x97\x1b\x70\x20\x5a\x6a\xcd\x72\xa8\x99\xda\x12\x61\x82\x04\xdb\x0c\x3e\x82\x67\xb8\x45\x79\x16\x93\xe0\xae\x6a\x35\xf1\x4d\xa1\xf8\xf4\xdd\x17\x4b\xce\x03\x18\xfb\x5a\x00\xf6\x72\xed\xe4\x23\x04\xcf\x04\xa6\x27\x60\x57\x75\x90\xf2\x7e\x2d\xfa\x6e\x5e\x27\x95\xd6\x60\x53\xb3\x0a\xf7\xf1\xbf"},
+{{0x57,0x5f,0x8f,0xb6,0xc7,0x46,0x5e,0x92,0xc2,0x50,0xca,0xee,0xc1,0x78,0x62,0x24,0xbc,0x3e,0xed,0x72,0x9e,0x46,0x39,0x53,0xa3,0x94,0xc9,0x84,0x9c,0xba,0x90,0x8f,},{0x71,0xbf,0xa9,0x8f,0x5b,0xea,0x79,0x0f,0xf1,0x83,0xd9,0x24,0xe6,0x65,0x5c,0xea,0x08,0xd0,0xaa,0xfb,0x61,0x7f,0x46,0xd2,0x3a,0x17,0xa6,0x57,0xf0,0xa9,0xb8,0xb2,},{0x90,0x3b,0x48,0x4c,0xb2,0x4b,0xc5,0x03,0xcd,0xce,0xd8,0x44,0x61,0x40,0x73,0x25,0x6c,0x6d,0x5a,0xa4,0x5f,0x1f,0x9f,0x62,0xc7,0xf2,0x2e,0x56,0x49,0x21,0x2b,0xc1,0xd6,0xef,0x9e,0xaa,0x61,0x7b,0x6b,0x83,0x5a,0x6d,0xe2,0xbe,0xff,0x2f,0xaa,0xc8,0x3d,0x37,0xa4,0xa5,0xfc,0x5c,0xc3,0xb5,0x56,0xf5,0x6e,0xdd,0xe2,0x65,0x1f,0x02,},"\x2c\xc3\x72\xe2\x5e\x53\xa1\x38\x79\x30\x64\x61\x0e\x7e\xf2\x5d\x9d\x74\x22\xe1\x8e\x24\x96\x75\xa7\x2e\x79\x16\x7f\x43\xba\xf4\x52\xcb\xac\xb5\x01\x82\xfa\xf8\x07\x98\xcc\x38\x59\x7a\x44\xb3\x07\xa5\x36\x36\x0b\x0b\xc1\x03\x0f\x83\x97\xb9\x4c\xbf\x14\x73\x53\xdd\x2d\x67\x1c\xb8\xca\xb2\x19\xa2\xd7\xb9\xeb\x82\x8e\x96\x35\xd2\xea\xb6\xeb\x08\x18\x2c\xb0\x35\x57\x78\x3f\xd2\x82\xaa\xf7\xb4\x71\x74\x7c\x84\xac\xf7\x2d\xeb\xe4\x51\x45\x24\xf8\x44\x7b\xaf\xcc\xcc\xec\x0a\x84\x0f\xec\xa9\x75\x5f\xf9\xad\xb6\x03\x01\xc2\xf2\x5d\x4e\x3b\xa6\x21\xdf\x5a\xd7\x21\x00\xc4\x5d\x7a\x4b\x91\x55\x9c\x72\x5a\xb5\x6b\xb2\x98\x30\xe3\x5f\x5a\x6f\xaf\x87\xdb\x23\x00\x1f\x11\xff\xba\x9c\x0c\x15\x44\x03\x02\x06\x58\x27\xa7\xd7\xaa\xae\xab\x7b\x44\x6a\xbc\xe3\x33\xc0\xd3\x0c\x3e\xae\x9c\x9d\xa6\x3e\xb1\xc0\x39\x1d\x42\x69\xb1\x2c\x45\xb6\x60\x29\x06\x11\xac\x29\xc9\x1d\xbd\x80\xdc\x6e\xd3\x02\xa4\xd1\x91\xf2\x92\x39\x22\xf0\x32\xab\x1a\xc1\x0c\xa7\x32\x3b\x52\x41\xc5\x75\x1c\x3c\x00\x4a\xc3\x9e\xb1\x26\x7a\xa1\x00\x17\xed\x2d\xac\x6c\x93\x4a\x25\x0d\xda\x8c\xb0\x6d\x5b\xe9\xf5\x63\xb8\x27\xbf\x3c\x8d\x95\xfd\x7d\x2a\x7e\x7c\xc3\xac\xbe\xe9\x25\x38\xbd\x7d\xdf\xba\x3a\xb2\xdc\x9f\x79\x1f\xac\x76\xcd\xf9\xcd\x6a\x69\x23\x53\x4c\xf3\xe0\x67\x10\x8f\x6a\xa0\x3e\x32\x0d\x95\x40\x85\xc2\x18\x03\x8a\x70\xcc\x76\x8b\x97\x2e\x49\x95\x2b\x9f\xe1\x71\xee\x1b\xe2\xa5\x2c\xd4\x69\xb8\xd3\x6b\x84\xee\x90\x2c\xd9\x41\x0d\xb2\x77\x71\x92\xe9\x00\x70\xd2\xe7\xc5\x6c\xb6\xa4\x5f\x0a\x83\x9c\x78\xc2\x19\x20\x3b\x6f\x1b\x33\xcb\x45\x04\xc6\xa7\x99\x64\x27\x74\x1e\x68\x74\xcf\x45\xc5\xfa\x5a\x38\x76\x5a\x1e\xbf\x17\x96\xce\x16\xe6\x3e\xe5\x09\x61\x2c\x40\xf0\x88\xcb\xce\xff\xa3\xaf\xfb\xc1\x3b\x75\xa1\xb9\xc0\x2c\x61\xa1\x80\xa7\xe8\x3b\x17\x88\x4f\xe0\xec\x0f\x2f\xe5\x7c\x47\xe7\x3a\x22\xf7\x53\xea\xf5\x0f\xca\x65\x5e\xbb\x19\x89\x6b\x82\x7a\x34\x74\x91\x1c\x67\x85\x3c\x58\xb4\xa7\x8f\xd0\x85\xa2\x32\x39\xb9\x73\x7e\xf8\xa7\xba\xff\x11\xdd\xce\x5f\x2c\xae\x05\x43\xf8\xb4\x5d\x14\x4a\xe6\x91\x8b\x9a\x75\x29\x3e\xc7\x8e\xa6\x18\xcd\x2c\xd0\x8c\x97\x13\x01\xcd\xfa\x0a\x92\x75\xc1\xbf\x44\x1d\x4c\x1f\x87\x8a\x2e\x73\x3c\xe0\xa3\x3b\x6e\xcd\xac\xbb\xf0\xbd\xb5\xc3\x64\x3f\xa4\x5a\x01\x39\x79\xcd\x01\x39\x69\x62\x89\x74\x21\x12\x9a\x88\x75\x7c\x0d\x88\xb5\xac\x7e\x44\xfd\xbd\x93\x8b\xa4\xbc\x37\xde\x49\x29\xd5\x37\x51\xfb\xb4\x3d\x4e\x09\xa8\x0e\x73\x52\x44\xac\xad\xa8\xe6\x74\x9f\x77\x78\x7f\x33\x76\x3c\x74\x72\xdf\x52\x93\x45\x91\x59\x1f\xb2\x26\xc5\x03\xc8\xbe\x61\xa9\x20\xa7\xd3\x7e\xb1\x68\x6b\x62\x21\x69\x57\x84\x4c\x43\xc4\x84\xe5\x87\x45\x77\x55\x53"},
+{{0x03,0x74,0x9c,0xa2,0x04,0x58,0xa3,0x5a,0x37,0xa8,0xd7,0xa2,0x6f,0x95,0x9f,0x0d,0x59,0xf6,0xdc,0x99,0x73,0xfa,0x36,0x3c,0x1f,0xf8,0xca,0x4e,0x63,0x8c,0x2c,0xd3,},{0xea,0xeb,0x94,0xf4,0x06,0xbd,0xe6,0xa7,0xcf,0x8b,0xde,0x2a,0xdf,0x30,0x81,0xf8,0x37,0x5b,0x87,0xd9,0x33,0x5d,0x49,0x6c,0x71,0xd0,0x42,0xcd,0x2e,0xaa,0x16,0x6c,},{0x78,0xa3,0x87,0x7e,0x02,0xbd,0xfd,0x01,0x5e,0x7f,0x86,0xa3,0x27,0xa4,0x8c,0xc3,0xa5,0x23,0x0b,0xbd,0xb1,0x24,0x3f,0x1a,0x8c,0xf2,0x27,0xf7,0x8a,0xb5,0xe7,0x68,0x0d,0xe3,0x01,0xa9,0x15,0xdc,0x11,0xb3,0x36,0xfb,0x5f,0x65,0x66,0x84,0x8b,0x42,0x50,0x0a,0xdb,0x5d,0x67,0x39,0x69,0x12,0x2b,0xa8,0xf0,0x05,0x3c,0xd3,0x06,0x0b,},"\xee\xf5\xce\xeb\xd0\x44\x5e\x9c\x91\x81\xaf\xf9\xc6\xf2\x66\x01\x28\xfc\xfb\x63\x69\x1a\x42\xcf\xa4\x43\xd6\xa6\x49\xef\xc5\xfa\xd8\xc2\x08\x03\x76\x3e\xe9\x7d\x1d\xba\x08\xe6\x3e\x08\xa2\x61\x6d\xa0\x50\x77\x48\x9f\x2f\xa2\xc5\x6b\x75\x34\xf9\x40\x26\x19\x25\x1f\xdf\x9c\x32\x0d\xe7\xaf\x10\x9e\x2f\xd8\xb2\x56\x5c\xe8\xa7\x52\x4c\x94\x05\xec\x0f\x8f\xca\xa7\x14\x9a\x6d\x21\x0e\xfd\xe8\x3b\x11\x1c\xf8\x2d\xc0\x83\x5c\xf9\x4f\x20\xcd\xb0\x21\xb7\x3b\xd2\x62\x66\x65\x55\xe6\xd6\x27\x07\xb4\x6e\xe4\x2f\xa9\x00\xb4\xf4\xf7\x05\xde\x33\xd3\xdb\xdc\x68\xa8\x8d\x1a\x4d\x0a\xe9\x33\x56\x6d\xb6\xc6\x23\x7e\xc8\xab\xe1\x02\x4d\xac\x4b\x7f\x46\xd4\x07\xbe\x16\x59\x4d\x90\x46\xc7\x31\x2d\xda\x66\x14\xd9\xbc\xdb\x01\xfb\x83\x24\xfc\x62\xb8\xee\xaf\x0a\xbc\x23\xcd\x57\x0e\x30\x4f\xca\x08\xe8\x8c\x73\x5e\x5d\x31\x59\x24\x09\xce\xb5\x83\x86\x2e\x6b\x0a\x76\x77\x29\xf7\x55\x6f\xa2\xc0\x53\x64\x4d\x36\xc8\x33\x7c\x02\x74\xe7\x49\x20\x29\x82\xfb\x4a\x17\x1a\xca\xc1\x96\xc0\x2b\x7f\x16\xa8\xda\x49\x07\x1c\x8a\xb8\x07\x6d\xd5\xd3\xab\xad\xfe\x3a\xf8\x2c\xa8\x5d\xa0\x2d\xcc\x1c\x4a\x6f\x2e\x19\x30\xbe\xe2\x00\x9e\xee\x0d\x97\x1e\x40\xdd\x12\x17\x5c\x8d\x00\x69\x4f\x03\x25\xa3\xb3\x13\x3c\x0d\x0b\xd3\x82\xa5\x19\x4f\xb2\x14\x22\xce\x67\xc7\x8a\x5a\x6e\x15\x37\xe3\xb9\x7d\x5e\x20\x4e\x5d\x19\x56\x96\x39\x0f\x77\xd1\x90\x24\xc1\xbf\x6b\x51\x25\xa0\xcd\xbf\x7b\x98\x80\x03\x61\x81\xc9\x8e\x1a\xc2\xe5\x16\x5b\xd4\x96\xcf\x99\x74\x51\xa1\xc1\x21\x02\xe6\x69\x46\xb1\x67\x6a\xbd\x4c\xbd\xd2\xc1\x16\x73\xf4\xf2\xcd\x5f\x3c\x9a\x43\x4d\x74\x7f\xa0\x5b\x40\xfb\xc7\x22\x68\xb4\xeb\x28\x42\xe4\x74\x1f\x51\xb7\x70\x9b\x6a\xcc\xc4\x7f\xca\xf7\x0d\x9c\x1c\x4c\x35\x86\x71\x19\xd8\x1c\xb3\xff\x1f\x16\x08\x11\x33\xf1\x65\x9a\xed\x85\xf6\x3b\xc9\x01\x98\x9e\x26\x17\xfc\xce\x15\x3c\x29\x78\xd7\x08\xfd\x02\x44\x9a\xe4\xd5\x38\xd1\x22\xdd\xb8\x52\x7c\x0a\x76\xa1\x02\xee\xff\x6e\xdb\x65\xdb\xa2\x98\xd3\xc2\x17\xf6\x55\x18\x14\xed\xde\xec\xe1\xae\xf5\xf3\x71\xa5\x4f\x12\xbf\xfd\x6b\x49\x61\x81\x9a\x0f\x24\x4f\xf0\xd7\xd8\x69\x4c\x14\x42\x2d\xe9\x82\x2c\x13\x17\x9e\x4e\xeb\x81\x59\x50\x79\xb9\xdd\x2a\xd1\xe7\xc3\x9b\xd3\x03\xcc\x44\xae\x3f\x36\x34\x88\x15\x77\xa2\x66\xfd\x6b\xb7\x91\x78\x12\xb9\x99\xdc\x80\x9d\xc0\x9c\x3d\x70\x19\xda\xcd\x28\xe4\x30\x13\xa2\xf9\xe4\xf9\x4b\xb0\xbf\x71\x24\xef\x09\x17\x83\xf7\x96\x39\x7f\x64\x63\xbf\x1e\xfb\x39\xcd\x46\xf3\x79\x0a\x1d\x9b\x6a\x7c\x30\xf1\x49\xb5\xe6\x6c\x29\x37\xe3\x9c\xb9\x74\x4d\xdc\x66\xab\x56\x1b\xad\x4e\x6f\xa8\x53\x4d\x69\x88\x38\x22\x64\x3d\x63\xd8\xbd\x7b\x18\x16\x21\xa2\x67\xe9\x55\xe7\x58\xd1\x79\x2b\x44"},
+{{0x53,0xcb,0xd6,0xf6,0x8c,0xee,0x27,0xb9,0xf7,0xbc,0x05,0x9b,0x80,0x3b,0x44,0x79,0x49,0xbb,0xc9,0xc5,0xd5,0xa3,0x86,0x52,0xd7,0x78,0x9c,0xa1,0x54,0x20,0xde,0xa1,},{0x61,0x16,0x99,0x0b,0x53,0x31,0xe2,0x16,0x5f,0x82,0x74,0x3f,0x01,0xd8,0xe7,0xbd,0x5d,0x70,0x88,0xb3,0x01,0x59,0x83,0x3f,0xa7,0xb9,0x39,0xcf,0xb1,0xcc,0x04,0xd7,},{0xd8,0x25,0x04,0x40,0x5f,0xf1,0x6b,0xa6,0x44,0x3d,0xc4,0x82,0x36,0x72,0x63,0xa8,0xe2,0x00,0x36,0x0a,0xca,0xaa,0x83,0xfc,0x4e,0x4b,0x72,0xbd,0x24,0x9f,0x16,0x10,0x3e,0xc7,0xe5,0xa7,0xe9,0xca,0x17,0x19,0x8f,0x88,0x8e,0xac,0xa1,0x6b,0x74,0x0c,0xc3,0xf5,0xc3,0xb7,0xb6,0x17,0xa3,0x4b,0x94,0x91,0xc3,0xed,0x76,0xaa,0xb3,0x0d,},"\x30\x6f\x8e\x1d\xf0\xa4\xca\x78\xbd\x77\xe8\xe1\x19\x1c\x94\xde\xaa\x82\x64\x83\x55\xc2\xae\xcb\x7e\x82\xfc\x56\xd6\x4c\x50\x46\x19\x24\x7e\x7c\xf8\x94\x33\x28\xd1\x1f\x3d\xb4\xb1\xdc\x14\x8e\x8e\xf6\xf6\xc3\xbc\x35\x59\x69\x66\x2a\x28\x1a\x65\x57\x63\x91\x24\x2b\x7b\xd5\xa6\x2f\x8f\xa7\xac\xb6\x04\xe3\xa3\x44\xae\x1a\x9d\x73\x2a\x25\x43\x15\xf3\x1a\x04\x64\xc1\xe6\x58\x74\x62\xd2\x92\x12\xc4\x0e\x5e\xcf\x06\x1e\x26\x9a\xa0\xb9\x03\x90\xba\x41\x04\x07\x21\x68\x4b\xf2\xaa\x95\x82\xd8\x30\x66\x22\x1d\xb6\x0d\x0f\x7a\xe2\xf1\x49\xa3\x6e\x16\x95\x27\x04\xfb\x1f\x3a\x98\x2e\xac\x6b\x45\x83\x66\x5c\x63\xe5\xa8\x99\x6f\x24\xa5\x66\xdd\x50\x6a\x33\xd4\xec\x8a\x02\xb2\xbd\x34\xb7\x14\xc7\x45\x00\x0c\x01\x28\xa3\xc8\x9d\x94\x25\x06\xd1\x2f\x4b\xeb\x90\x0e\x29\x03\xcd\xb3\x4b\x35\xca\x9b\x6d\x3a\xd9\xb3\x50\xac\x99\xf4\x1d\xb3\xac\xfe\x7f\xe5\x5a\x28\xc0\xf0\x06\xb8\x44\xc9\xdc\x48\x53\xfd\x98\x53\x5a\xda\x79\x41\x6d\xca\x5f\xee\x58\x03\xa2\xd9\xf5\xd6\x8e\x6b\x80\x53\x9f\xf3\x02\xe9\x73\xf2\x4e\x9b\xc8\x8b\x7c\x41\x94\x11\x7d\xdb\x9f\x93\x2b\x32\xd5\xec\x74\x86\x8a\x13\x63\x1e\xce\x68\x81\x4b\x93\x14\x21\xdc\x89\x02\x49\x57\x03\x41\xf4\xb4\x23\xe8\x6e\x8e\xe0\x81\xb2\x27\x02\xf6\x49\xa6\xc7\xa0\xb7\xbd\xf5\xfb\x75\x62\x02\xbd\x10\xb0\xbb\x22\x15\xc7\xd6\x59\x7e\xff\xd8\x52\xf0\xb8\x9a\xbe\xc1\x5e\xa8\x22\x57\x68\x9d\xf8\x1e\x33\x82\x54\xf9\x3e\x81\xcb\xf0\x61\x72\x9d\x48\x3e\xb5\xcf\x64\x98\x05\xd7\x8e\xd8\x92\xdd\x0b\xd2\x48\xca\x1e\x25\x2b\xea\x51\x84\x7e\x1e\x82\xd3\x9a\xf5\x80\x50\xdc\x4a\xfb\xf9\x11\x5a\x3a\x60\x49\x3e\x8c\x0b\xa2\xe8\x6e\x08\x98\xcd\x0d\x43\x08\x91\xb9\xeb\x0a\x40\xf8\x74\x31\xe2\x5f\x41\x53\x8a\x03\x0f\x88\x4f\xab\x36\xad\x11\x16\x5d\x26\x7e\x8d\xd9\x4d\xcb\x05\xb9\x3a\x5a\xe7\x79\x69\x43\x0e\x18\x10\x13\x4e\x15\x72\x51\xb9\x82\xdf\x34\x3d\xff\xae\x61\x23\xa9\x9a\xa0\x56\x2d\x5d\xf7\x24\x08\xf1\xa6\xe2\x9c\x40\x59\xa5\xa8\xaa\xa4\xe6\x21\x52\x8f\xc6\x3a\x9c\xbe\x1f\x4c\x0f\xef\x25\xfe\x3f\x8e\x18\x15\x77\x74\x09\x7a\x9d\x91\x02\x0a\x90\x06\xb6\xc8\x60\xec\x1e\xe1\x0d\x52\x1d\x20\x3a\x1f\x8b\xb8\x25\x61\x29\x6f\xaa\xd4\xb2\x20\x3d\xa5\x3b\x20\x7a\x45\x9b\x29\xc1\x8b\xc0\x64\x93\x32\xb1\x80\x7c\x13\xca\x61\xac\xfa\xf9\x07\x79\xfe\xbb\xc7\xf3\x24\x21\x64\x79\x7e\x6f\x57\x2c\xb1\x5a\x9b\xe5\x88\x73\x43\x45\x5e\x26\xb9\x10\xc8\xbe\xfe\xe4\x2a\xeb\x04\x7f\x9a\xbe\x6b\x37\x50\xdb\xd7\xde\x99\x20\x2a\x0b\xb5\x76\xce\x14\x89\xe6\x1c\x1f\x5d\x27\xc6\x79\x2e\x63\x21\x8e\xdb\xfd\xb9\xb3\xdc\x51\x5b\x42\x54\xd8\x2c\x85\x9e\x52\xce\x6b\xd7\xad\x29\x6d\xd0\xe3\x70\x9d\x4c\x46\x63\x62\xf9\x02\x65\xe9\x9d\xa7\xd0\xb7\x01"},
+{{0x8b,0x65,0x74,0xf6,0xd7,0x39,0x69,0x81,0xe2,0x23,0xa4,0x83,0x7b,0xc3,0x39,0xc3,0xfd,0x65,0x94,0x19,0x84,0x5a,0x21,0x21,0xbf,0x85,0xbe,0x2e,0x69,0x5d,0x86,0x0d,},{0xe3,0x81,0x1a,0xca,0x70,0x63,0x4f,0x5a,0x9c,0xe4,0xb5,0x92,0xa1,0x7b,0xb5,0xcf,0xda,0x53,0x44,0x24,0x22,0xe2,0x03,0xcd,0xa9,0x50,0x4c,0x9d,0x65,0xb2,0x63,0xe8,},{0x2f,0xd0,0x90,0x54,0x75,0xa2,0xce,0xc3,0xe7,0x6f,0x99,0x09,0xb8,0xaf,0xd8,0x3b,0xeb,0x8d,0xae,0xfa,0x77,0xaf,0xcd,0xa3,0x4c,0xb4,0xf1,0x17,0x28,0xef,0x15,0xfc,0x9c,0x1d,0x7f,0x6f,0x6a,0xff,0xfc,0x28,0xf3,0x87,0x4f,0x91,0x3e,0x17,0x98,0x0f,0x0e,0x8e,0x3d,0x5a,0xd2,0x39,0x51,0xdf,0x2b,0x32,0xef,0xaf,0x62,0x19,0xce,0x0d,},"\xa4\x8a\xac\xc0\x49\x5f\xa0\xf1\x25\x9b\x27\x86\x5d\x3d\x75\xdc\x52\xc2\xc8\x28\xea\x8c\x4c\x2a\xd7\x85\x77\x07\x2f\xef\x72\x70\xf6\xa4\xd5\x82\xbb\x7b\x96\x2f\x4c\x3f\xd1\x49\xa6\x0a\x06\xbc\x8e\xfd\x29\x70\xef\x03\x14\x8d\xdf\x61\x98\xb9\xb6\x95\xa6\x9f\xad\xb5\x34\x09\x51\xcb\x75\x39\x8a\xc5\x1a\x4f\xd5\x54\x30\x37\x8c\xd5\xda\x88\x85\x21\x0b\xfd\x21\x46\xf9\x5c\x62\x76\x32\xfe\x8b\xe0\x6d\xe0\x1a\x7c\x27\xb8\x9d\xee\xfd\x67\xef\xc6\x9c\x9b\x5c\x62\xb3\x81\x08\xf7\x76\x22\x91\x43\xda\xe6\x60\xc1\x0c\xbe\xa3\xcd\x4f\x7e\xe5\x3d\xc3\x69\x2e\xd0\x11\x77\xe4\xa6\xf7\xe4\x24\xb5\x66\x6f\x7f\x49\x5f\x2a\x65\x60\x2c\x7d\x08\xc5\xd5\x72\x23\x4a\x56\x7c\xb6\xc3\x8a\xfd\x79\xca\xb5\xc4\x03\x6d\x62\x63\x7a\xef\xab\x55\x88\x76\x9a\x44\x8a\xb4\xc6\x5e\x24\x55\x4b\xd4\x15\x80\x50\xe0\x9e\xb5\x8f\x99\xab\x40\x77\x7b\x03\x56\x70\x9b\x7c\x02\x5a\xe5\xae\x54\x22\xac\xf8\x74\x44\x93\x1a\xe4\xd9\xa8\xb3\xd9\x44\x76\x88\x11\x28\xba\x1e\xb7\x32\x8f\xaf\xc7\x5f\x6b\x9d\xac\xc9\x6d\x3b\x64\x87\xdd\xef\x7c\x59\x26\x2d\xca\xda\x42\x6a\xac\xb1\x39\x22\x93\x54\x11\x56\x62\x35\xe0\x58\x37\x26\x22\xd8\x85\xbd\x0c\xc0\x49\x58\xdc\xfb\x17\xe0\x8f\xcd\x7f\x14\x7e\x20\x15\x6c\x8e\x26\xaf\x85\x53\x0f\x55\x11\xa6\x8d\xb4\x3d\xaf\xc4\xe6\xa2\x3f\x66\x7d\xf3\x74\x3e\xed\xd7\x1a\x3f\x07\xf7\x6f\x94\xd1\x68\x8a\xfc\x84\x63\xbf\xa5\xa4\x39\xae\x31\x14\x69\x94\x8e\x74\x47\x06\x4f\x0b\x05\x06\xf3\x67\x19\xc1\x34\x66\xa1\xb9\x87\x76\xd9\x67\xec\x58\x20\x8b\xa6\x74\x03\x73\x03\xdf\xc6\x19\x0d\xa7\x83\xff\x27\x30\x3b\x86\xb5\xfc\x32\x11\xf0\x1c\x91\x5e\x83\xa6\xad\x01\x21\x44\x79\x11\xcb\xe1\xcf\x69\x6f\x61\x8f\x60\x23\x66\x43\xf2\xe9\x4e\x15\x5d\xb6\x57\x18\x29\x44\xc1\xa4\x3b\xdc\x7b\xd5\xea\xf3\x48\x1f\xe1\x28\x40\x92\xcb\x37\x89\xa8\x92\xbd\x79\xa1\x11\xfd\x41\x01\x43\xcf\x91\xae\x33\x28\x60\xb1\xd2\x9a\xa0\x41\xd1\x77\xb5\x0d\x6c\xc2\xb9\x66\x0d\x32\x8c\x0f\x23\x0a\x35\x15\xe6\xa0\xd6\x88\x70\x9c\x0c\xd3\x47\xad\x2f\xf3\x2d\x61\xd1\xe1\xe9\xba\x76\xf8\x1e\x87\x3a\x6c\x42\x0f\x17\x07\xf3\x84\x1d\xb5\x19\x6c\xb5\x3f\x50\x6f\x00\x06\x35\x2c\x7c\x44\xc0\x80\xf3\x09\x68\x01\xa5\x7a\x49\xcf\xe8\x42\x05\xbd\xd7\xa9\x80\x1f\x84\x3c\xf2\x6b\x95\x58\xa2\xdb\x78\x8e\xf1\xb2\x37\x91\x5d\x58\x7b\x9b\xa9\x77\x98\x90\xf6\x1f\xdc\x91\xe0\x3e\x4f\x4c\xdb\xef\xe4\x17\xcc\x22\xd5\x22\xa8\x6a\xdd\xdb\x53\xf3\x74\x74\x50\xab\x62\xb5\x76\x56\x5d\xb3\x2e\x0c\xd4\x42\x76\x54\x7d\x9a\x16\x65\x3c\x27\x96\x59\xdd\x4d\x17\xec\x04\x82\x7c\x53\x3e\x33\x39\x0f\xe9\x4f\x79\x35\x09\x25\x6d\xb6\x75\x31\x73\x6a\xb3\xfc\xee\x2a\x30\x1a\xc3\xf0\xa2\x4d\x3b\x10\x8d\x7e\x75\xc3\x2a\x5a\xba\x36\xd6"},
+{{0x29,0xb2,0x88,0x1b,0x8c,0xaa,0xdb,0x33,0x6e,0x78,0x80,0xc5,0x10,0xb8,0x00,0x85,0xf4,0xb1,0x22,0x18,0x60,0xb3,0x01,0xeb,0x45,0x25,0x65,0x07,0x52,0xa6,0xd2,0x89,},{0x0c,0x5c,0x44,0xed,0x29,0xd2,0x1b,0xca,0xde,0xe2,0x1c,0xbd,0xe6,0x1a,0x9c,0xdb,0x6d,0x59,0x36,0x00,0x9b,0xa2,0xf5,0xb2,0xe7,0x77,0xc9,0x24,0xdd,0xfb,0x67,0x51,},{0x99,0xe9,0x96,0xe8,0x5a,0x49,0x4f,0x19,0x80,0xcb,0x07,0xde,0x9c,0xa6,0x16,0x5e,0x7d,0xe1,0x04,0xd3,0x9f,0xe3,0xc3,0x22,0x67,0x35,0xc5,0xda,0xa5,0x69,0x51,0x6f,0xca,0xf1,0xb6,0xe4,0xdf,0xad,0x0d,0x38,0x9b,0x6d,0xb0,0xec,0x8a,0x8f,0x20,0xdd,0x2c,0x60,0x26,0x56,0xb5,0xe7,0x61,0xc8,0xf3,0xa6,0x55,0x83,0x82,0x15,0x19,0x09,},"\x19\x74\xa2\xe2\xb4\x79\x49\xf4\x67\xa9\x31\xd1\xd9\xdd\x5c\xe1\x16\xe9\xf5\x03\x0a\xd0\x9a\x8c\xc7\x28\xd1\xae\xb1\x48\xbb\xf9\xac\xf5\x98\x74\xda\x80\xe7\x08\xd5\x3c\x66\x8f\x2f\x14\xd7\x52\x20\x71\xe9\x09\x80\x84\x27\xb2\xab\x5a\x05\xf8\xb9\x4f\x21\x50\x5c\xd2\x6a\xbc\x53\x45\x89\x78\xc7\x84\xd4\x79\xea\x6d\xab\x10\x5c\x4f\x79\x84\xa0\xfb\x97\x90\xe5\x06\x24\xf4\x73\x4b\x55\x19\x05\xaa\x5f\xfa\x60\x18\x4c\xd2\x01\xcf\x2b\x26\xc9\x79\x5d\xa6\xe7\xe0\x8d\x6a\x0b\xc7\x72\x24\x00\xfe\xf9\x4f\xc2\x10\x38\xbe\x89\xd3\x4b\xcd\x14\xc4\x27\xb8\x5b\x68\x66\x73\x71\x96\x15\x2d\x4e\xeb\x66\xd0\x5b\x24\x5a\xe8\x4b\xdc\x77\x87\xc1\x4a\x8b\xec\x2e\xea\x53\x60\xf0\x42\x43\x3d\x70\x79\x44\x67\xd4\x73\x93\xb9\x37\x57\xf3\x31\xcf\x2b\x53\xc6\x60\xd7\x1c\x29\x58\x2a\xee\xa7\x9b\x12\x52\x7a\x28\xb0\xc5\xe1\x10\xdf\x6f\x85\x4e\xea\xd9\xa2\xb0\x0d\x42\x54\x2c\xa8\x27\x6b\xb8\xbf\x98\x8b\xaa\xb8\x56\x59\x96\xfe\xe5\x0c\xf3\x1b\x24\x59\xc4\xc5\x0a\xb4\x75\x26\x5e\x83\xe2\x28\x5d\x43\xfe\x1f\x75\x2a\x55\xb2\xdb\xc4\x9f\xca\x04\xa8\x10\xf0\x41\x3b\xf6\xbd\x81\xb7\x9a\xc6\x4e\xe1\xf8\x9b\x97\xbd\x7d\x26\xd6\x25\x12\x27\x3e\x24\xa6\xba\xb2\xd5\xf7\xd2\x22\x6b\xaa\xab\x7b\x11\x12\x09\xbb\x03\x73\x3d\x8a\x60\xdf\xa3\x1a\x51\x6f\x4a\x8c\x76\x99\xd8\x28\x5c\x10\x65\x15\x9a\x6c\x73\x31\xc1\xde\xfb\x47\xa3\x0e\xf5\x85\x8c\x50\xb7\xd0\x45\x12\x4a\x09\x81\x3d\x1c\xfd\xa5\xc9\xcc\x3b\xb5\xbf\xae\x73\xc9\x84\x19\x7f\x8f\x85\x7f\x18\x6c\x41\xab\x87\xfb\x79\x62\xb6\x31\xf4\xd0\x07\xcf\xbe\xe2\x21\xfc\x65\x72\x78\x4a\x55\x11\x94\xc1\x97\x77\xb0\x8e\x6b\x59\x67\x57\xe7\xcb\xa7\xa0\xe2\x7f\xe4\x53\xf9\x0d\xc5\x9c\xc0\x8c\x64\x72\x43\x1c\x02\x0e\x8d\xd0\x91\x75\x90\xe7\x9c\x1f\x20\x73\x83\xaf\xb3\x90\x76\xad\x24\xda\x8e\xe5\x24\x86\x73\x94\x53\xa2\x59\x0e\x51\xbf\xc8\x9b\x13\xc2\x03\x3c\xfa\x5f\x89\x03\xcb\xe9\x96\x1a\x85\x98\xba\x55\x62\x32\x86\x9d\xfa\xb4\xd5\x6e\xdf\x4f\x05\xe8\xb7\x7d\x05\x87\x18\x95\xe6\x3b\x53\x51\xf7\x6c\xb2\xd2\xc8\x38\x5c\x10\x9d\x73\x06\x19\x2a\x25\x44\x6e\x4d\x62\xdc\x7d\x62\x4f\x0c\x66\x73\x98\x6b\xe0\x62\x8b\x2c\x2d\x73\xeb\x94\x1d\x35\xa3\x43\x30\x90\xf5\x9b\x28\xa5\x97\x9d\x56\xdb\xc9\xfd\x69\x73\xf6\x36\x47\x64\x2c\xd9\x03\xb0\xcf\x7a\x6a\xcd\x33\x0d\x87\xe2\x29\x27\x10\xde\x99\xe0\xc1\x79\xca\x78\x92\x9c\xca\xec\xfa\xed\xbf\x27\x42\x41\x4f\x17\x6b\x60\x90\xc0\xd5\x9a\x9d\xb7\x81\xc9\x96\x7e\x28\xfa\x4e\x77\xd2\xa0\x82\xe4\x2f\x52\x16\x91\x67\xe9\x2d\x4f\xdd\x82\xe2\xcc\x05\xdd\x91\x84\xc7\xdf\xee\x49\x0a\x23\x7f\xda\xd4\xdf\xeb\xc0\x18\x68\xe0\xa4\x35\x3a\x29\x54\xd0\x90\x92\x84\x61\x82\x1a\x7a\x84\x8d\x1b\x60\x81\x7f\xc3\xbd\xef\xa1"},
+{{0x42,0xaf,0xe8,0x9d,0xac,0x83,0xe7,0xd3,0x89,0x96,0xc0,0xdb,0xce,0x0c,0x98,0x74,0xc0,0x09,0x27,0xba,0xbd,0x77,0xca,0x8c,0xea,0xc3,0x4e,0x56,0x44,0x74,0x28,0x2b,},{0xa4,0xc5,0xf5,0xe3,0x80,0x3f,0x0a,0x03,0xd5,0xc1,0xc9,0x06,0xca,0xec,0x9c,0xc6,0xd2,0x85,0x14,0x07,0xf1,0xca,0x29,0xf7,0x2a,0x45,0xf2,0x33,0xe6,0x65,0x62,0x44,},{0x4f,0xba,0x2d,0x6c,0xc1,0xb7,0x19,0x3d,0x35,0x62,0xf8,0xc8,0xbf,0xe6,0x90,0x5c,0x82,0x9d,0xb2,0x65,0xa5,0x42,0x7c,0x5c,0x26,0x57,0x14,0x78,0x5b,0x83,0xf6,0x95,0x14,0xc5,0xe3,0x0e,0x28,0xb5,0x66,0x84,0xc8,0x2d,0xae,0x26,0x37,0x58,0x1b,0xf3,0xf4,0xef,0x27,0x14,0x20,0xbc,0x7e,0x60,0x10,0x61,0x3a,0x38,0xfa,0x10,0x1a,0x0d,},"\xe7\x10\xa1\x63\xad\x28\x85\xae\xb7\x65\x8e\xb3\x74\xf1\x18\xb7\x68\x42\xec\x36\xef\x3b\x01\x0c\x3c\x6b\x95\x59\xe8\xb1\x60\xc2\x62\x8d\xed\x0b\x85\x11\xeb\x49\x07\x18\x0d\xa4\xb6\x21\xe9\xaa\x4a\x32\x22\x88\x88\x8a\x1c\x09\x13\x0f\x69\xf8\x90\x59\x7a\x92\x93\xe7\x4f\x92\x89\xbd\xaa\x5c\x91\xb6\xfd\x24\xaa\x04\x4a\xb9\xfc\xb3\x40\x2f\x7a\xbc\x48\xd2\xab\x7b\x38\x80\xa0\x48\xda\xa4\x48\x64\x5a\xd2\xec\xb5\x5b\x3c\xae\xe2\xd6\x8a\x8b\xed\xb5\xd1\x86\x5d\x5e\x21\x1d\xe3\x9b\x0e\xaf\x22\xe5\xda\xf1\x0f\x71\x68\x20\x3a\xa1\x5b\x85\xaa\x47\xbb\xd3\xcc\x41\x69\xcb\xc1\xfe\x80\xb4\x70\x0b\x62\x58\x71\xed\xab\xcd\x4f\xe7\x4a\x3e\x96\x55\x69\xce\x24\x5c\xfc\xde\x42\x09\xcc\x8a\xbc\xd6\x79\x7d\x44\x18\x5b\x4f\x96\xc0\x18\x1b\xbd\x27\x00\x87\x83\xe9\x35\x8a\x53\x94\xfe\x3a\x34\xa0\x68\x71\xd3\x79\xda\x35\xb2\x0b\xb5\x7e\xef\x9e\x55\x24\xee\x79\x12\xa6\xf4\x1b\x4a\x1f\x68\x4c\x39\x19\xcf\xcd\xc0\x0f\x45\x80\xba\xf9\xe0\x9d\x31\x6c\xef\xa0\xf4\x65\xdc\xa5\xd8\xee\xc5\x14\xe9\x5e\x5a\x57\xbb\xcd\x27\xe4\x1f\x81\x19\xb2\x64\xae\x14\xa3\x19\xd8\xc3\x85\x9b\xab\xf1\xf4\xa6\xb6\xb7\x7e\x44\x2c\x86\x1d\x6e\xe2\x8a\xd1\x2b\x82\x36\x2e\x90\xdb\x0c\x36\x72\xb0\xe0\xd9\xff\x58\x14\x6f\xd1\x59\xaa\x8f\xa9\x9d\xc7\x55\xfc\x85\xb9\x0c\xf9\x41\x92\x79\xc0\x62\x4b\x93\xe7\x5e\xda\x0e\xf7\xc0\x96\x95\xae\x93\xbd\x72\x82\x41\x93\x77\xb7\x6c\xa8\xbd\xc0\x52\x1c\xfe\xe6\xf6\xd7\x29\xc3\xad\xff\x89\x46\x87\xb1\x77\xef\x19\x52\x9a\x6b\xda\xce\x70\xb6\x85\xc6\xd7\xa5\xd7\x4a\x08\xe2\xa9\xe7\x24\x03\x59\x75\xc8\x0d\x18\xcb\x36\x94\x70\xde\x72\x99\xcb\xd6\xb0\xa2\x7c\x92\x32\xc7\xea\xba\xc8\x6d\x50\x93\xa6\x5f\xfe\x0b\x40\xd4\x0b\xef\xe8\x0b\x68\xcd\x9d\xce\x1e\xa1\xe6\x57\xe4\x5e\x9c\x49\x9d\x0b\x69\x0f\x74\x45\x5f\xb4\x70\x96\xed\x8c\x18\xd1\x51\x7f\x90\x44\x29\x01\xa6\xc4\x10\xb7\xf6\x41\x5f\x20\xae\x48\xc5\x8a\xde\x8d\x67\x5b\x6c\x05\x8d\xf1\x6a\xe7\x69\x8f\xce\xae\x95\xaa\x77\x1b\x4c\xd8\x8a\x0b\x3f\x22\xc5\x1f\x98\xc7\x1c\x1e\xb4\x6b\x26\x4b\xf9\x7a\x30\x0e\xcb\x1f\xd2\x62\x26\xad\x8e\x87\xa0\x58\xcf\x3e\x70\x8e\x26\x0f\x56\x6b\x68\x53\x14\x04\x51\x33\xf4\xa5\xe8\xfb\xc3\x45\x61\xb9\xa0\xf1\xff\x93\x39\xf5\x52\x31\x07\x6b\x73\x6b\x6e\x11\x52\x43\x19\xa2\x72\xbd\x44\x53\xa0\xaf\x14\x93\xda\xa0\x91\x67\xe8\x46\x43\xd2\x07\xa0\x2f\xee\x98\xfb\x22\x3b\x01\xa9\x9a\xa5\xce\xf2\xb7\x00\x1e\x47\x0f\x6f\x94\xa5\xdc\x20\x8e\xdf\xc0\xcb\x8c\xf3\x11\x4a\x91\x96\x00\xf0\x61\x17\x2f\x0e\xfe\x03\x90\x36\xbf\x4d\xdd\xbf\xd0\xd4\x5f\x91\x44\x3b\xf2\x6f\x8e\x15\xed\x7d\xb8\xe5\x5f\x08\x6a\x4a\x45\x83\xf4\xbd\xa0\xf5\x56\x28\x4d\xcf\x71\x29\x2f\xe7\x0f\xca\xa8\x25\x9b\x9f\xaf\xf3"},
+{{0x10,0xf0,0x09,0xaa,0x88,0x7d,0x91,0xce,0xd8,0x09,0xaf,0xe1,0x92,0xd7,0x8e,0x47,0x99,0xd9,0x03,0x77,0x62,0xf4,0xa9,0xd3,0xa4,0x29,0xfd,0xe0,0xf3,0x9f,0x7b,0x7a,},{0xcf,0x51,0x16,0xb9,0x21,0x21,0x2e,0x9b,0x78,0x82,0x9a,0x02,0x63,0x46,0x36,0x91,0xc6,0xfb,0xcc,0xdc,0x0c,0x11,0x8b,0xe1,0x41,0xc9,0x6f,0x8c,0x88,0x05,0x3d,0xd3,},{0xc3,0x7b,0xb7,0xb7,0x3b,0x11,0x05,0xbe,0x08,0x6f,0xf3,0x07,0x69,0x72,0x07,0x72,0x62,0xdf,0x4d,0x73,0x32,0xf6,0x08,0xc7,0xb2,0xb9,0xd9,0x78,0xd4,0x74,0xcb,0xbc,0x27,0x10,0x46,0x08,0x00,0x35,0xf3,0x96,0xee,0x36,0x47,0x9b,0x7a,0x67,0x11,0xc6,0x8e,0x25,0x61,0xc7,0x41,0xc0,0xec,0x5f,0xc9,0xec,0xa1,0x73,0x4e,0x81,0x1f,0x04,},"\x2e\xdf\x14\xd6\xcd\x56\x89\x6e\xea\xa7\x70\x21\x1c\x49\x84\xbe\xd8\x0e\xca\x8d\x65\x34\xd5\xd5\x10\x88\x4f\x55\xf1\x1f\x99\xff\xa9\xf8\x9b\x58\x6f\xfe\x7b\x1e\xc7\xea\xab\x6a\x9d\xc1\xa2\x4a\x3e\xe3\xc7\xa6\xab\x44\xad\xe9\x91\x78\x83\x26\x4e\xde\x2f\x13\x61\xbe\x7d\x7a\x38\x17\xf2\x9d\xec\x95\x81\xc3\x19\xf1\x8f\x95\xd5\xbe\x26\xd9\x11\x8b\xe6\x78\x34\x00\x37\xa6\x8a\xbf\xc5\xef\xbb\x9a\x3f\x3f\x38\x78\xaa\xe3\x72\x1f\xfe\xf5\xbb\x6a\x26\xc7\xb1\xa3\xa5\x6d\x2b\xda\x6c\x6e\x86\x0e\xb4\x1f\xd8\xd8\x37\x11\x74\xd9\x1c\x74\xc5\xeb\x67\xc3\x85\x5c\x63\x0d\x64\x1d\x2e\x57\x1a\x9a\x51\xc6\x40\x2c\xfe\x18\x42\xce\xf3\x89\x80\xcb\x8d\x0a\x64\xbc\xc8\x9b\xe3\x18\x9e\x68\x11\xf4\x7e\x8f\x4d\x00\x63\xa5\xb1\x60\x1f\x44\xfd\xa2\x0c\x1c\x4c\x2f\xc4\x9c\xbe\x27\xa4\x13\x7d\xc4\x63\x8c\x2a\xd2\xd0\xa5\x47\x47\x47\x22\x9c\x56\x8e\x38\x05\x43\x1f\xa3\x6e\xeb\xa7\x85\xf7\xb9\x78\x44\xb5\xe3\x19\xfa\x6a\x09\xcc\x5a\xe8\x40\x34\x74\xbb\x91\xdd\x89\x6c\x1e\xc2\xba\xc7\x3d\x2e\x50\x5e\xfc\x62\xbd\x50\x2b\x5c\xeb\x08\xd1\x6e\x83\x2e\xc5\xdc\x4f\x98\xb5\x1b\x9d\x07\x38\xb9\xfb\x28\xf3\xab\xe8\x96\x6b\xf2\x23\x75\xa0\xb2\x2c\x47\x1a\x9e\x58\xe3\xfd\x70\x0d\xe1\x5c\x52\x96\x37\x3c\x1b\xc9\xd4\x64\x0e\xb7\x81\x6e\x1d\xc9\xc8\xce\x86\x19\xa8\x11\x83\x00\x9e\xc9\x74\x87\x1e\x8f\x0a\x97\x72\xed\xe0\xa6\x38\xb3\x57\x4b\xf7\x5d\x8f\x55\x98\x7f\x3c\xfa\x6f\xec\x68\x97\x0b\xfe\x00\xb2\x3b\x59\xfb\x5b\xf4\x99\x6e\xa5\xd7\x70\x4f\xcf\x2e\xff\xcc\x0f\xd7\xf3\xd8\xe6\x05\x60\x08\x09\x7f\x26\xca\xff\xd5\x41\x5a\x28\x2a\x27\x6a\x9b\x26\x45\xe5\xca\xb1\x29\x68\x87\x2e\xb0\x52\xf4\xd7\xc1\x0c\xc7\xc2\x1d\x51\x61\x81\x8b\xb4\x4c\xc8\x56\xb0\xde\x76\x9d\x55\x9c\x55\xdf\x64\xad\x9a\xdc\x16\xc0\xac\x65\x83\x8f\x66\x0d\xa8\x13\x86\xb7\x0b\x93\x52\x5e\xc2\xf4\x0f\x6f\x63\xf8\xea\x5d\x48\x30\xb9\x64\x6c\x46\x18\x3b\xb4\xe6\xf2\x70\x47\xbd\xa2\xa5\x46\xbd\x34\xbd\x4d\xb5\xfb\x88\xfd\x8a\xb7\xc7\x5f\x65\x2e\x15\xd5\xaa\xa6\xb4\x6a\x8a\xcf\x6e\x44\x8b\xf2\xdd\x64\xde\xe3\xc1\x05\x64\x7c\x7f\x83\xad\x20\x0d\x80\x97\xc4\x44\xa1\x58\xd8\x5a\x54\xf0\xe5\xdb\xb1\x2b\x43\xde\x94\x3a\xf1\xa8\x18\x56\xac\x96\x9f\x52\xa0\xbd\x45\x43\x81\xbd\x26\x50\x41\xa2\x69\x1d\x1a\x4a\x0d\x81\x9f\xa7\x90\x92\xc8\x80\x35\x21\xfa\x53\x68\x9a\xb8\x52\xf1\xfb\xab\xe0\x0c\x94\xb7\xf6\x82\xd1\x21\xcf\xf5\x43\x91\x32\x25\x29\xc8\xd5\xad\x7b\xbb\x98\xea\xfe\x30\x0a\xb9\x22\xf1\xc8\x92\x40\xa1\xe6\x33\xcf\x56\xa7\xb0\x2f\x74\xa2\x92\x14\xe5\x69\xa0\x57\xbd\x58\x5e\x40\x4d\x7c\xd5\x35\x20\x41\x45\x6e\x6c\xf9\x0c\x15\x34\x2e\x02\x56\x70\xf4\xfc\xcd\xf9\x87\x83\xb6\x85\x32\x14\xca\xc3\xfa\x80\x8a\x66\xc2\x7b\x65\x3c"},
+{{0x45,0x78,0xc6,0x5a,0x7c,0xa4,0x8f,0x27,0x74,0x05,0x0a,0x7b,0x0c,0xe7,0xa4,0xfd,0x5a,0xd4,0xe6,0x96,0xb2,0xb8,0xaf,0x23,0x96,0x16,0x4a,0x1c,0x7e,0x1b,0x7b,0xd7,},{0x15,0xbf,0x9d,0xbd,0x3b,0x81,0x73,0xe6,0xf0,0x3d,0xcf,0xd5,0x75,0xd9,0x09,0x84,0x5f,0x03,0x8e,0xaa,0x09,0xc5,0xd9,0x08,0xfe,0xf9,0x08,0xa9,0x74,0x58,0xb3,0xef,},{0xa1,0xc2,0x42,0xb4,0x5e,0x94,0xfd,0x18,0x0f,0x05,0x4c,0x71,0x01,0xe5,0x5b,0x39,0x65,0x68,0xf4,0x83,0xdb,0x6f,0x0d,0xfc,0x41,0x68,0xb6,0x9b,0x59,0xd3,0x85,0x81,0x4c,0x19,0xeb,0x30,0x75,0x23,0x7d,0x1f,0xbb,0x1f,0xee,0xbb,0xfe,0xa5,0x0c,0x56,0x81,0x3c,0x8c,0x39,0xc2,0x27,0x52,0xe0,0x2d,0xb7,0xe5,0x7f,0x3e,0x3f,0xbf,0x0d,},"\x50\x6f\x32\xb9\x68\x14\x24\x3e\x4d\xd8\x87\x0a\x8f\xd6\x0d\xde\xf0\x9b\xb8\xc5\x63\x15\x10\x70\xd9\xbc\xb2\xb1\x60\xa3\xea\xbd\x71\xa0\x44\xd7\x1e\xc9\x3f\xba\x95\x28\x8e\xd6\xfe\x1a\x7b\x92\x16\x51\x60\x43\x07\xd6\x5a\x45\xec\x5d\x3f\x26\x31\xac\xe4\x0e\x58\xd5\x3c\x72\xe5\x26\x88\x6e\x16\x97\x2f\x6e\x0d\xb9\x4d\x57\xb5\x56\x34\xfd\x39\xd5\x5e\x9b\xb7\xf2\x12\xaf\xab\x00\xf7\x74\x64\x09\x26\x7e\x8d\x56\x5f\xf5\xc2\x25\x73\x33\xc3\xd0\x41\x52\x17\x4f\xe1\x2d\xe6\xa5\x7b\xea\x05\x7d\xc2\x19\xe2\xfb\xa5\xf1\x91\xed\x81\x41\xc0\x18\x96\x9d\xe1\x94\x72\xd6\xaa\xf7\x63\xf1\x9e\xc5\x54\x70\x2b\xb3\xdc\xbe\x13\xca\x9b\x23\xb2\x41\x8c\x99\xe7\x18\x38\xa8\x8c\xf4\x54\x72\x8c\xf9\x20\x8a\x16\xc8\x4e\xa3\x98\x29\xb4\xba\x9b\x4c\x77\xe1\x76\x11\x2b\xfe\x1b\xf3\x5f\x95\xc4\x02\x8c\x7d\xb8\x0b\x36\xfa\xa2\x9d\x2b\x89\xe9\xe8\x62\xf3\x10\x00\x06\x5f\x13\x9b\x3d\xa7\x7d\x9d\x86\x85\x30\x57\x4b\x7e\x39\x1e\xd9\x7b\x34\xf8\x78\x16\x4f\x6b\x8d\x87\xb4\x06\xc7\xdc\x78\x60\xa5\x17\x5f\x92\x0e\x5a\x62\xdc\x1f\xc8\x2e\xd8\x45\x25\x43\xb1\x07\x36\x0d\x35\xd2\xb4\xc4\x23\x9e\xab\x46\x6d\x32\xbf\xda\x34\xf5\x10\x37\xa6\xfa\xe7\x6f\x6d\x8b\x83\xe8\xf7\xf4\x89\xdd\x4c\x1b\x49\xc3\x8f\x53\x57\x6e\x62\x17\x2c\x17\xde\xe3\x66\x5f\xde\x8c\xbf\x01\x5a\xf9\x66\x5b\x0f\x1d\xa2\xfb\x77\xb1\x34\xf0\x4b\xe2\x71\xe4\x02\xf3\x15\x37\xc2\xfc\x05\xc2\xf9\xb6\xfc\x3f\xfe\x47\xde\x33\x69\x13\x38\x67\xc6\x9d\x10\xe7\xf5\x37\xba\xe4\x56\x7d\x46\x8e\x0f\x2e\xd8\x06\xfe\x33\x5f\x93\x9c\x75\x99\x4f\x36\x3c\xe3\xb7\x0d\xaa\x7d\x5b\xd2\x31\x7c\x83\x38\x51\xfd\x8c\xc9\x72\x51\xec\x41\x90\x23\xd9\xd0\x17\x4d\x84\xd5\x60\x9a\x69\x18\xa1\x74\x0e\xb1\xe3\x09\xbd\x12\x73\x66\xde\xb9\xc5\xab\x12\x99\x2e\x99\x02\xe0\x15\xfe\x58\xd6\xad\xbf\x52\xd2\x2a\x76\x0a\xcd\x63\xe1\xed\xd8\xf1\x38\xe9\xfb\x01\x37\x18\x86\x01\xe1\x97\x8e\x7d\x04\xfb\x2a\xda\x2b\x2a\xee\x12\xf4\x9f\x28\x36\xc6\x84\x2d\x88\xcf\x48\xc8\x66\xe3\xd3\x3f\xcd\x26\x9c\x27\x5c\x89\xc2\x5e\x36\x69\xca\x90\xde\x7b\x67\xa7\xe7\xa3\x82\xcb\x7e\xfa\x47\xe9\xc2\xbf\x76\x57\x1c\x79\xa2\x50\x85\xef\x02\x04\x87\x15\x2f\x06\xbf\xa1\x33\x01\x5a\x1b\x8f\x1c\x0f\x6a\x9f\x0e\xae\x1b\xa6\x2b\xf1\x04\xf1\xc1\x6a\xc1\x4e\x1e\x96\xc4\xeb\xdf\x06\x1e\x0c\xc7\x10\x1d\x38\xda\x7e\x9e\x09\x94\xda\xf0\xf3\x22\xaa\x3c\xfe\xf9\x1b\x61\x6c\x2d\x00\x06\x89\xab\x18\xed\x45\x26\x8d\xcd\x27\x50\x94\xf6\x56\xba\x3c\xf5\x15\x26\x10\x24\x74\x1f\x74\x44\xab\x7f\xc4\xde\xcc\xe1\x67\x56\x03\x2a\x1b\xe2\x70\xff\x0b\x03\x17\x54\x2b\xa0\x26\x62\x26\x0a\x37\x6f\xc9\x12\xcb\xb0\x29\xca\xc5\x45\x15\xf5\xa5\x51\x36\x4f\x6a\x99\xff\xad\x0b\x9c\xbc\xd0\xe6\x93\xb7\xa5\x21\xcb"},
+{{0xc2,0x1e,0x70,0xc4,0x6e,0xde,0x66,0xe6,0x8a,0x88,0x73,0xbb,0xc6,0x4b,0xa5,0x12,0x09,0x30,0x3a,0x0a,0xc4,0xfc,0x49,0xb1,0xd8,0x3e,0x81,0x93,0xad,0x46,0xc0,0x37,},{0x9f,0xbf,0x80,0xa4,0x25,0x05,0xd2,0xc9,0x52,0xf8,0x9f,0x45,0x58,0xc3,0xe6,0xd1,0x87,0xa7,0xbc,0x1e,0xf4,0x46,0xb2,0xe3,0x73,0x23,0x43,0xc1,0x3b,0x33,0xd2,0x00,},{0x0a,0xe3,0x43,0xbb,0x84,0xe3,0xa2,0x99,0x07,0x8e,0x24,0x34,0xba,0x22,0x00,0x22,0xf3,0x16,0x0f,0x96,0x8a,0xc0,0x44,0x82,0xbf,0x8c,0xad,0x13,0xb4,0x23,0xf2,0x67,0x0f,0x01,0xfb,0x5f,0x7b,0x32,0xc5,0x97,0x52,0x0f,0x84,0x60,0x7e,0x0f,0x79,0xc0,0x75,0xfa,0x70,0x78,0xe6,0xe6,0x9d,0x3c,0xec,0x31,0x92,0x65,0xd4,0x66,0x08,0x0b,},"\xf5\x5a\xa5\x70\xce\x4f\xc9\x5f\x73\xf5\x17\x20\xd2\x54\xe4\x69\x5f\xcd\xc8\x1a\xaa\x04\x01\x30\xc7\x68\x7f\x03\x9b\x8b\xa5\x9e\xd8\x57\xce\xb2\x9c\x12\x10\x25\xa8\x57\xfe\xac\xb4\xa0\x1f\x38\xe0\x11\x78\x31\x0a\xe6\xe3\x5c\x99\x8e\xbf\x89\xdd\x79\x05\x7b\x4a\xfc\x6d\xb3\x40\x60\x1c\x81\x70\x3c\x87\xa8\xc4\x0e\x5c\xeb\xb0\x44\x1d\xf7\x8a\x6d\xe1\x3a\x44\x7c\xb0\x16\xc6\x5e\x74\x1b\xb7\xdf\x30\x4d\x83\x05\x6b\x72\xc6\x82\xc7\x31\xfa\xc0\xa0\xc7\x0b\x78\x11\xca\x14\xa5\x01\x54\x61\x30\x99\xc2\xc4\x37\x52\x1c\x40\x4b\x63\x61\xde\x36\x21\xf8\xea\x56\xb0\x8e\xbf\xdb\x07\xb4\xf2\xbb\x8b\xa2\xec\xc1\x64\x33\x6d\xa8\xef\xc9\x42\x76\x6e\xf0\xc7\x4d\xfd\x3b\x49\xe0\x87\xe9\xa2\x7a\xe5\x4a\x7a\x2b\x98\x28\x1b\x9a\xf9\x3d\xc1\x1a\xa2\xf0\x92\x24\xab\x5a\x73\x0f\x02\x18\xf4\xa6\xe1\xea\x48\x85\xa7\x7f\xbd\x93\xa1\xc5\x82\x77\xd9\xe0\x1b\xe7\x3a\x25\xcd\xa9\x18\xfc\x27\xdd\xdb\x45\x3a\x5d\xa6\x90\x2a\xd0\x2b\xa0\x57\x75\xc6\x7e\x07\xbe\xa4\xdf\x86\x91\x34\x66\x74\x43\x65\xc1\x32\x6e\x0a\xb5\xe1\x25\x4c\x17\x96\x74\x47\xd5\x91\xba\x5e\xd1\xb6\x3a\x42\x54\x3b\x87\xfe\xd4\x14\x59\xa0\x89\xbc\xea\xff\x21\x98\x02\xa8\x7a\x87\x2a\x76\x3e\x69\x23\x33\xce\x1c\xc7\x39\x78\x25\x08\x4b\x2b\x83\x1e\x93\xd8\x0d\x67\x37\xf3\x29\x80\xf2\xf3\xae\x82\xc6\x21\x90\xfe\x3f\xa7\x00\xc5\xb7\x32\x9d\x6d\x50\x04\x2b\xdf\x83\x1f\x37\x54\x8f\xcc\x80\xb1\x1f\x57\xcf\x20\xf6\x7a\x3b\xb6\x51\xa7\xbe\xff\xcc\x48\xb7\x0d\x17\xeb\x60\xf7\x25\x9c\xc5\x3b\xf7\xff\x60\x80\xeb\x2b\xd0\x92\x3b\x04\x83\xaa\x30\x65\xa8\x95\x5f\x01\xd2\x3b\xa8\x09\x51\xe0\xae\xfd\x2a\x93\x72\x19\x15\x72\xbc\x52\x91\x6a\xa2\x2a\x2a\xec\x39\x37\x67\xfa\xfd\x08\x68\x39\xe2\x36\xfe\x04\x60\xce\x6d\x63\x9c\x7c\xe6\x9f\xe7\xf9\xd3\xaa\xd2\x13\x05\x73\x44\x35\x70\x44\x3b\xe6\xba\xb9\x3a\x06\xa5\x4b\x8a\xc2\x9b\xf3\x3f\xf9\x94\x9b\xc9\x21\x58\xe6\x92\x4b\x6b\x68\xec\xda\x5f\x6f\x3a\xaf\x42\xb3\xd2\x2d\xf6\xd5\xe6\x7d\x5c\xb3\xab\x71\xeb\x8e\xe0\xb0\xe6\x67\x32\xe1\xda\xca\x6c\xd6\x0d\x9a\xa7\x43\x05\xfc\xd5\x70\x07\x6d\x22\x8d\x44\x6d\x5e\xe5\x42\xb1\x04\x88\xbf\x8a\xa9\x88\xf4\x51\xfa\xeb\xe7\x4a\xb6\x69\xd6\x04\xd9\xdd\xb1\x51\x06\x62\x0e\xa0\x2e\x8d\xb3\x8c\xe6\x39\xb5\x74\x78\x12\xbb\x90\x48\xee\x8b\xf7\x2b\x1a\x95\x1a\x05\xdf\xfa\xc9\x54\x17\xcb\x43\xb0\x6d\xce\x61\xee\x3d\xa6\xf2\x83\x2e\xe8\x3b\x2e\x72\x88\xdd\xd6\x2e\xeb\x58\x93\xf7\xf2\xf6\xc8\x09\x0d\x99\xe3\x36\xc9\xf9\x06\x9e\x18\x15\x98\x58\x41\xbd\xd5\x05\xb5\xf8\x3d\x89\x5e\x87\x95\x93\xda\xde\xe7\x2c\xeb\x97\x65\x69\x9b\xf8\x0b\xd0\x6a\x5c\x55\x33\x1b\x25\x45\x52\x7d\x0c\x7c\xae\xce\x96\x58\x4c\xe3\xec\x7f\xe0\x22\x60\xf2\x0b\x8a\x1c\x06\x35\x76\x3f\xf4"},
+{{0xf2,0xc1,0x05,0x77,0xf7,0xdf,0x77,0xf0,0xc1,0x15,0x7a,0x8c,0x33,0x1a,0x7b,0xd2,0xae,0x63,0x86,0x67,0x0e,0xb6,0x5f,0x0f,0xae,0x12,0x23,0x31,0x69,0x0f,0x82,0x8a,},{0x0d,0x4c,0x34,0x0f,0xc2,0x31,0xaa,0xfb,0x3b,0x6f,0x74,0xb8,0x9b,0xce,0xf7,0xee,0xaa,0x0b,0x04,0xf2,0x93,0xec,0x85,0x44,0x24,0x7b,0xfc,0x3f,0x2d,0x57,0xc1,0xe0,},{0x60,0xb7,0x03,0x11,0x5a,0x32,0x2a,0xb8,0x92,0xc2,0x76,0xbf,0xd1,0x8f,0x70,0xa9,0xeb,0x0c,0x73,0x23,0xe2,0xc0,0xa6,0xeb,0x5f,0xc7,0xe3,0x30,0xb0,0xbc,0x3b,0x07,0xa5,0x78,0xa0,0x82,0x84,0x62,0x64,0xf0,0x32,0xc6,0x19,0x1d,0x04,0x0b,0xd9,0x8e,0x5d,0x5a,0x4d,0x4f,0x07,0x6f,0xb9,0x06,0x2a,0xcd,0x36,0xbe,0xa4,0x0c,0x91,0x02,},"\x38\xea\x1e\x02\x8a\x49\x3d\x1c\x60\xec\x70\x74\x9f\x14\xd4\x36\xeb\x3a\x2b\x2d\xe5\x4f\x21\x3d\x01\xa6\x45\xb5\x80\x43\x0e\xcd\x8e\xce\x6b\x55\x69\xcc\x01\x7a\x49\x43\xe5\x59\x5c\x5e\xd6\xe4\x8c\x94\x43\xf2\xfa\x5e\xb2\x22\x7f\xfe\x56\xd2\x11\xf2\x69\xbc\x8f\x6f\xa9\xee\x8c\xd5\x6f\x6b\x84\x70\x53\x92\x08\xaf\xe2\x9a\xb0\xa1\x95\x04\x4d\x95\x7b\x31\xf9\x3e\x18\x4a\x9c\xbe\xf1\xa1\x4e\x14\xf8\x08\xbb\xf5\x89\xac\x77\x70\x08\x4f\x99\x8e\x1b\x25\x4d\xa5\x9c\xa6\xd3\xe6\x2e\x7b\xe1\x79\x07\x16\xd2\x56\x0f\x01\x5f\x39\x9c\xbb\xce\x48\xcf\xd0\x39\x1e\xad\x19\x93\x44\x6f\x6b\x24\x93\x97\x7d\x93\xd7\xb0\x9a\x07\xa7\x9a\x59\xce\x15\xdc\xe7\xa1\xda\x9c\x64\x6f\x45\xaf\x2c\xca\xd5\x5b\xa1\x58\xe6\x38\xc4\xa3\x0c\x5d\x30\xe9\xac\x6e\x3a\x33\x39\xc2\x43\x42\x6d\x86\x49\x1b\x2d\x92\xda\xc1\x47\x8e\x8d\x74\xff\x0b\xf1\x49\xbd\xb5\xe0\x9e\x3f\xb6\xb8\x26\x2e\xb0\x68\x79\x81\x55\x4a\xe2\xcb\x47\x19\x63\x39\x07\x9d\xa0\xa1\xa5\x72\x39\xc1\x9b\xf7\x81\xf6\x2f\xda\xf4\xe3\x15\x60\xa8\x43\x17\xef\x03\x04\x92\xcf\x1b\xb1\x30\x5b\xa8\x51\x8e\xba\xf2\xb4\x34\xd3\x64\x16\x72\xc8\xf6\xea\x2d\xef\xa6\x96\xdc\x7e\x4f\x39\xef\xc0\x8d\x28\x8d\x1c\x96\x6a\x6c\x71\x48\xc0\x12\xee\xc4\x39\xf7\xe1\x2d\xba\xb5\xb8\x7c\xfa\x44\xc9\xae\x19\x00\xf8\x38\x6f\x24\x44\x4e\x10\x92\xb2\x3a\x27\x4c\x13\x8e\x95\xc6\x61\xe9\x37\x7e\x8a\xd2\xd1\xfc\xaf\x19\x39\xec\x9a\x63\x2a\x87\x3f\x7e\xad\xbe\x68\x7b\x4a\x03\x3b\x92\xa4\x77\xf2\xe0\x2e\x9e\xd9\x2c\xe4\xf9\x5c\xf1\x70\xb3\x90\x15\x18\xa0\x62\x14\x3e\x56\xdb\x05\x4d\xf4\xe4\x43\x15\x44\x78\x5a\x6d\xfa\x24\xee\xc0\xf0\xde\x7a\x69\x9c\xcf\x28\x6d\xad\xfa\xd8\x59\x03\x61\x22\x50\x76\x4f\x25\xcd\xea\x81\x27\xd0\x07\x8d\x55\x48\x25\xea\x6e\x73\x71\xc4\x38\xbc\x46\xf2\x9f\xb8\x93\x7f\x8d\x9a\x39\xcf\x88\x49\x05\x2d\x43\xec\xbf\xf6\xc4\xa3\x76\x2a\x5f\x40\x0c\x15\x14\xe8\x5e\x91\x38\x4f\xef\x9b\x40\xf4\x31\x4e\x22\x3a\x9d\x68\xc5\x26\xac\xc7\x02\x27\xd6\x2b\x8b\x63\x7a\x34\x2d\xf1\x13\xd3\x18\x20\x2c\x51\xed\xd3\xc1\xef\xd1\xff\x20\xb1\xff\x07\x8b\x32\x06\x8e\x79\x4d\x92\x81\x33\x03\x7f\x1e\x3a\x34\x68\x9e\x62\x9e\x43\xfd\x2b\x8e\x88\xea\xb5\x0d\x7e\x7a\xb0\x64\x70\x14\xab\x5e\x4a\xd5\x82\x00\x65\x67\xef\xf7\x2b\x5a\xf2\xda\xc5\x36\x89\x2c\xcc\x87\x1f\x8a\x80\xb5\xcb\x79\xd9\x0b\xcc\x6b\x77\xd4\xcd\x08\xf8\x76\x18\x4e\xf5\x8c\x06\x4a\xe4\x30\xbb\x79\xa6\xb9\xe9\x6b\x0a\xd8\x73\x68\xaa\x83\x8a\x8d\xcc\xff\xac\x0c\xd8\xce\x9e\xa0\xd0\xec\x4c\x4b\x0f\x42\x67\x34\x16\x65\x9c\x98\x49\x92\xcf\x53\xb1\xe4\x45\x43\x10\x07\x64\x0d\x47\xec\xe2\x6d\xee\x4a\x29\x43\xaa\x70\x97\xdd\x35\x6c\xff\x47\x54\xf2\x1a\xc0\x7f\x6b\x3f\x73\xc4\x69\x05\x55\x12\xf3\x7a\xba"},
+{{0x04,0x1a,0x97,0x90,0x6b,0x59,0x56,0xb9,0xd3,0x40,0xf2,0xe0,0xd7,0xa1,0xdc,0xbf,0xef,0xe6,0x63,0xe9,0xbb,0x40,0x26,0xf8,0xcc,0x1a,0xe7,0xe2,0xa1,0x4d,0xe2,0x7e,},{0xf3,0x82,0xd3,0x2e,0x88,0xc3,0xa7,0x2c,0x7c,0xad,0xda,0xfc,0xf8,0xaa,0x69,0x9e,0x21,0xdb,0x7a,0x6b,0xf4,0xed,0xd6,0xe4,0x9a,0x00,0x5a,0xad,0x70,0x2e,0x6a,0x79,},{0xa2,0x3f,0x03,0x2e,0x66,0x92,0xa0,0xe8,0xbf,0xee,0x5b,0x2d,0x30,0xb4,0x14,0xcb,0x16,0xc3,0x5a,0xd0,0x8d,0xa3,0x1f,0x69,0x6d,0x46,0x1a,0x02,0x85,0x78,0x22,0xc4,0xef,0x35,0x7f,0x0c,0xcf,0x31,0x02,0x5a,0x4d,0xc9,0x5c,0xed,0x30,0xa9,0x94,0xf4,0x1e,0xdd,0x1d,0x08,0x7a,0xfc,0xaa,0xf3,0xe8,0xe8,0x75,0x70,0x83,0x20,0xf8,0x0c,},"\x71\xa7\x59\x57\x41\x15\x44\x97\x5a\x48\xcf\x10\x3a\xa1\xf8\xe2\xad\x15\x24\x44\x59\xcd\xc0\xe3\x36\x96\x6e\xb8\xb2\x6c\x97\xf2\x16\x9e\x5d\x78\x53\x70\x37\xef\xc0\x77\xe8\x6f\x06\xe0\x5e\x9c\x1d\xc3\x41\x82\x88\xc0\xa2\xbe\x6b\xa3\x4b\x3a\x04\xab\x20\xba\xe7\xf3\x62\x10\x94\xb8\x7d\x78\xa7\xea\xcb\x86\x4d\x40\x78\xcb\x4e\xfc\xba\xc5\xad\xd9\x37\xa2\xc6\x01\x2e\xe1\xa8\xb2\x56\xcc\x27\x6b\x65\xd5\xe9\x2b\x4d\x00\xb9\xb1\x1f\xad\x88\x49\x91\xde\xc4\xc1\xcb\x9d\xce\x18\x63\xc8\xb0\xa2\x10\x16\x1a\xe6\xb3\xf8\xbf\x9c\xc4\xdc\xe4\xad\xfd\xc8\xed\x57\xd8\x3e\x95\xab\x9d\xd2\xd9\x26\x58\xdf\xbd\x3a\xfa\x99\xe3\xf8\x95\x1e\x2a\xd7\x4a\x14\x8f\x6f\x59\x7e\xb2\xc9\x45\xc1\xf1\xb9\x44\x61\xae\x07\x45\x48\x1f\xd0\xed\xf8\x38\xc6\x28\x60\x35\xe3\x6f\x01\x12\x38\x87\x5d\xbb\xa2\x28\x9d\x3d\x6a\x39\x42\xa7\xf9\x55\x4c\x64\x43\x05\x24\x4d\xdb\x77\xc1\x17\xcb\x4b\x56\x23\x77\x29\xdd\xe4\x28\xb8\xbb\x42\xdf\x9c\xe2\x9e\x14\x4d\xfc\x96\xcf\x6c\x67\x67\xb1\xee\x6d\x05\x3c\xe4\xf8\xbb\x20\x56\xab\x78\x10\xaa\x13\x68\xa8\x91\x0f\x2f\x69\xe0\x61\xc1\x9d\x88\x47\x18\x4f\xed\x53\x4f\x98\x75\x8d\x70\x3a\x76\x88\x5f\x91\xeb\x75\x2a\x21\x95\x4a\x10\xc6\xf6\xb4\xda\x10\x46\x4d\xed\x36\xb0\x00\x89\xf6\x62\x91\x54\x21\xbf\xda\xd4\x96\x75\x36\x89\xcc\xd0\x3b\x62\x40\x21\x08\x07\x61\xe6\x81\x76\xb1\x06\x97\xda\xc8\x78\xe4\xc3\xdb\x2f\xd0\xb2\x8c\x65\x53\x35\xd9\x80\x16\xf1\x9f\x26\x5b\xb0\xb2\x43\x4c\xb4\x63\x78\x44\xd9\x1e\xd0\xce\x05\xed\x25\x91\xfd\x99\x89\x65\xf8\x3f\x31\x97\xd1\x0e\xef\x44\x88\x50\xe7\x92\x03\x27\x24\x70\x1d\xa3\x05\xcb\x6d\x79\x46\x69\x48\x3f\xc3\xdc\x6f\x68\x6b\x18\x3e\x29\x99\x13\x0c\x8f\xc0\x05\x8d\xca\xbb\xc9\x18\x8f\x26\xb2\xd6\x3e\xbd\x6c\xb1\xe1\x8a\x09\x7c\x77\x04\xa5\x9b\x5e\x18\x7e\x01\x42\x59\x3b\x70\x83\xf7\x40\x0a\xfa\x9b\x1b\xf0\xc1\xcc\x6c\x35\x6b\xc4\x33\x4a\xf7\x72\xe6\x71\x53\xb4\x5b\x33\x1b\x99\x09\x20\xc2\x4e\xed\xe2\xc6\xe3\x23\x70\x3f\x52\xec\xd6\x07\x35\xb2\x3b\xf2\x2b\x81\xee\x77\x59\x27\xc3\x7e\x53\xda\xd7\x59\x6e\xa6\x5a\x73\xbb\x96\x77\x5f\x3b\x87\xc8\xb3\xc0\x88\xec\x69\x5b\xc3\xa7\x50\x2c\x0c\x51\x0f\x02\x0b\xf9\xac\xa3\xcb\xb7\xa2\xc0\x11\xc6\x7f\xf2\x7d\x63\x4c\xaf\x1d\xcf\xc5\x8e\x5e\x39\x7e\x66\x58\x25\x22\x72\x01\x1c\x8f\xfd\xd6\x42\x30\xa9\x32\x41\xff\xf6\x83\x72\xc4\xba\x85\x38\x2b\xbb\x22\x93\x09\x65\x29\x22\xdb\x68\x83\x66\x31\xe5\x5b\xe6\x9a\xb6\xad\xb8\xe4\x33\x53\x57\xfc\x92\x3e\xfe\x15\x4a\xfc\xc2\x22\xd6\x0d\x07\xf5\x69\x90\xa3\xe5\xa2\x14\xb2\x27\xae\xcf\xf2\xcd\x1b\xb6\xf0\xc7\x9f\xf5\x45\xf7\x0a\x61\x61\x41\xa9\xd5\x3f\x92\x2a\x02\x44\x3f\x7d\x2a\x46\x89\xc3\x5b\x09\x5d\xd3\x94\xd5\x0b\xf4\x9f\x96\x80\xa5\xf7\xd9"},
+{{0x4b,0xc5,0xe0,0x5a,0xa0,0x03,0xa4,0x49,0x2f,0x4b,0xad,0x10,0x2a,0x53,0x90,0xf7,0xce,0xba,0xb3,0xd3,0xec,0xa9,0x15,0x21,0x42,0xad,0x5e,0xf7,0xd8,0x40,0x30,0xae,},{0x67,0x51,0xd3,0xad,0x8b,0xb6,0xc6,0x4d,0x6a,0x17,0xd7,0xe4,0x47,0xa2,0x7d,0xa2,0x2f,0x5f,0x04,0x03,0xf4,0x37,0xba,0xc9,0x44,0x9f,0x13,0xcc,0x85,0x3d,0xd8,0x40,},{0xa2,0x4f,0xee,0x11,0xf7,0xec,0x6d,0xa3,0xe9,0xdf,0xaf,0x6c,0x85,0x8a,0xc0,0x04,0xb4,0x53,0x1a,0xbd,0x1c,0x9d,0x3b,0xb6,0x4f,0x40,0xdd,0x24,0x7f,0x00,0x35,0x93,0x50,0xe4,0x3b,0x2d,0x4b,0x8f,0xbe,0xc5,0xf6,0xb2,0x41,0xec,0xf9,0xf1,0x10,0x14,0x85,0xcf,0x41,0x87,0x35,0xb0,0x5f,0x71,0x20,0x18,0x33,0x5b,0x20,0x06,0x83,0x08,},"\xa8\xf7\x94\xdb\x17\x95\x66\x7d\x28\xd2\x4b\x70\xac\x22\x00\xa6\x23\x9a\x34\xe2\x43\x8c\xed\x1d\x03\xf9\x7e\xd4\x8b\xeb\x4d\x6b\xea\x67\xc1\x43\x38\xf7\x73\x64\x19\xdc\xd2\xa2\xa7\x97\x37\x26\x57\x2e\x6a\xfe\x7e\xdf\xef\x22\xc9\x9b\xe8\xb0\x69\xf0\x4f\x6d\xc6\x1a\x13\xb3\x43\xc6\xe5\x85\xab\xad\x22\x14\xd8\x5c\x36\xf0\x29\x96\xfa\xbb\x46\xbb\x91\xb5\x17\x6a\xc7\x08\xe4\x9a\x0b\x05\x30\x17\x04\x8f\xbb\x55\x45\x3f\x2b\x82\x08\xd6\x67\x8d\x1a\x8c\xf6\xa1\xee\x9a\xd7\xa9\x1e\x38\x03\x25\x63\x5d\x1e\x23\x6a\x6c\xa1\xd6\xcc\x7f\x6b\x59\xf2\xa2\xbf\x18\x4f\x5e\xe4\x51\xd6\x79\x9f\x69\xba\x11\xa0\xcd\x6b\xc0\x4b\xe8\xa3\x51\xa8\x0e\x72\x5b\x5f\xc4\x56\x3e\x45\xbd\x47\x49\xec\xbc\x45\x20\x52\x29\x10\x5b\x9d\xe7\x32\x61\x49\x85\x27\xf3\xd4\xec\xfb\xb5\x83\xff\x53\x27\x53\xd0\x7c\x38\x52\x6b\xb4\x82\xd1\x71\xa2\x61\xb9\xcf\x89\x90\x6a\x7d\xea\x8c\xbd\x7e\x72\x6b\xa3\x1e\xa6\x88\x03\xa6\xb0\x04\xf6\xdc\xd1\x9e\x67\x19\x50\x46\x37\x38\xcc\xa7\x8b\xb0\xdf\xfa\x3d\x64\x57\xe4\xae\xca\x65\x7e\xc6\x49\xb9\x7e\xe3\x0e\x97\xc8\xcb\xe6\xce\x43\xc2\xaa\x9a\x69\x95\x8e\x9d\xc8\x81\xe4\xaa\x7b\x32\x78\x07\x4e\x78\x7a\xce\x5f\xb6\x01\xd7\xfa\xf7\xca\x51\x03\xec\xbb\xd3\xbd\x55\x4e\xb1\xb0\x66\xf8\x29\x6d\x2c\xc5\x7e\x8c\x8a\x32\xe9\xc0\xe6\xa9\x26\x96\x4d\x6d\xf2\xd8\x64\x58\x64\xb3\x22\xc3\x22\xf1\xca\x80\x73\xce\xdf\x2b\x55\x67\x11\xa7\xa2\x0b\x77\xc0\xa1\xed\x27\x7a\x9a\x6c\xa2\xc0\x71\x54\xe8\x63\xfe\xf5\xa4\x04\xe3\xe8\x9f\x0d\x7f\x30\xf2\x18\xec\x4d\xe7\xa5\x3a\xeb\x9c\x41\xee\xaa\xf6\xce\x74\x96\x49\xc9\x99\x8f\xd6\x2b\xcb\xa2\x87\x23\x38\xe1\x9c\x94\xe5\x9d\xd5\xe2\xdd\x77\x6f\x53\x71\x9d\x21\x74\x69\x76\x93\x2e\xf1\x1a\xbf\x7a\x32\xae\x6b\x07\x44\x66\x5d\x0e\x0c\xe5\x13\x95\x5a\x9e\x68\x53\x1d\x8e\xe4\xde\x9a\x8d\x35\xdd\xfb\x88\xeb\x5a\x48\x6a\xd6\x31\x37\xe8\x89\x2f\xd7\xc6\x89\xd4\xf9\xe7\x02\x1b\x11\x73\xbb\x37\x52\xa5\xee\xcf\x29\x92\xe3\xfd\x46\x42\x26\x3c\x7b\x3d\x81\x5c\x29\xb4\x66\xab\x69\x28\x5f\xfe\x4b\x8d\xaf\xcb\xf3\xd0\x1d\x63\x55\x53\xab\x75\x75\xa7\xa3\x47\x1e\xdc\x7b\xe4\x12\xd3\xd0\x1e\x6f\xe8\xe3\xcd\xc3\xfa\x04\xd2\xa7\x59\x93\x81\xe2\x2b\xba\x49\xc5\x53\x9d\x79\xc6\x2b\x52\xbb\x0e\xca\x33\xf7\x42\x55\xe4\x1a\x95\x26\xa8\x92\x89\xb1\x5f\x18\x50\xd9\xaf\xa8\x7e\x6b\x6f\xa1\x27\x10\x1c\x1a\x6d\x88\xd4\x33\xe0\xc8\x6a\xa6\x0b\xba\x8f\xe7\x10\x0e\xd6\x1d\x5a\x9d\x00\xa0\x07\x64\x51\x3e\xb1\xc7\xf5\xf5\xc3\xb3\xef\xc4\x53\x2a\x36\xb4\x07\xfe\x2d\x17\xcf\xb4\xe6\xfc\xd6\x04\x9c\xff\x3a\x35\x56\x23\xa3\xa4\x13\x90\xea\x48\xf4\x21\x20\xd8\x97\x94\x91\x11\xbe\x3d\x16\x9b\x2d\x2e\xf4\x5b\xdb\x89\x4f\xe2\x0b\x1a\x95\xef\x66\x14\x94\x27\xa9\xd8\xf8\x0a\x9b\x2e"},
+{{0xa3,0xbe,0xd9,0xfe,0x23,0x54,0xbd,0x28,0x60,0x14,0x9a,0x3d,0xb7,0x5a,0x85,0xb1,0x29,0xcf,0x83,0xe9,0xd7,0x3e,0x63,0x17,0xba,0x70,0x54,0x52,0x19,0x33,0xf8,0x96,},{0x5a,0xc0,0x3b,0x4f,0x13,0xd9,0x1d,0x06,0x6b,0x2c,0xe3,0x59,0xe9,0xbb,0x1d,0xfb,0x6b,0xfa,0x5a,0xfa,0x38,0x2f,0xd1,0xcc,0xd7,0x2a,0xef,0x11,0x76,0x07,0x9f,0x89,},{0x33,0xbc,0x1e,0x0b,0xf1,0xb4,0x93,0xe0,0xcf,0xb7,0xea,0x40,0x48,0x0a,0x14,0x23,0xe0,0x91,0xf7,0x14,0x57,0x45,0x01,0x31,0x73,0x78,0x7d,0xf4,0x7a,0x10,0xdb,0x24,0xc1,0x65,0xd0,0x05,0x96,0xfa,0xb7,0x0e,0x68,0xc9,0x4c,0x10,0x4e,0x8a,0x74,0x07,0xcf,0x69,0x5c,0xd3,0xfb,0xe5,0x85,0xb5,0xb1,0x76,0xb8,0x5c,0xcc,0xa4,0xfd,0x08,},"\xdb\x85\x38\x08\x68\x6d\x6d\x21\xf4\xc5\x7b\x54\x1e\x5a\xd6\x33\x94\xd4\x65\xe6\x00\x78\x64\x3c\xab\x1e\x06\x5c\x9f\x30\x6c\x50\x00\x78\xf0\xcc\x41\xef\x0f\x95\x42\xb5\xfe\x35\x6a\xec\x47\x77\xef\x8a\x95\x55\x4c\x97\xb6\xa4\x40\x99\xe9\xbd\x64\x04\xfb\x0b\x2e\x41\xf9\x19\x14\xb0\x74\xd1\x22\x37\xcd\x44\x2e\xbd\x40\xb5\x1b\x8b\xc8\xbb\xe4\x37\xa2\xc5\x33\x32\xd2\xbe\xb2\x28\x1b\xf7\x32\x4a\x0c\xf5\xb7\x41\xbb\xf9\x8d\x1e\xb9\x85\x8b\xe9\x26\xe9\x15\xa7\x8e\x8d\x31\x4b\x41\x44\xf3\xd2\x0d\xfc\x6c\xb7\xf4\x8c\x23\xaf\x90\xf8\x71\xc6\xcd\xa9\x08\x45\xa4\x1a\xff\x17\x07\xa8\x7b\x4e\x55\x16\xf1\x8e\x8b\xd7\x68\x3c\xfd\x74\x07\x08\x03\xe8\x88\x33\x8c\x9a\x18\xf7\x92\xc8\xd3\xa7\x04\x17\x0f\xf9\x82\xbf\xfc\x9e\x8e\xc9\xea\x5d\x1a\x62\x59\x2f\x16\x88\xd4\xf2\xb0\x1e\x11\xf9\xf8\x87\x74\xc4\x7a\xc1\xd5\x8f\x69\x0b\xcf\x28\x8c\xf8\xa4\x73\xd3\x50\xa8\x23\x9d\xf9\xd3\xa6\x28\x81\xda\xdd\x33\x85\x31\xfd\xce\x76\x15\x80\x7c\xe9\x65\x49\x6d\x6f\x35\xd6\xc0\x42\xf0\xce\x7f\x21\xef\xe5\xce\x64\x25\x18\x59\x41\xed\x56\x36\xb8\xae\x91\x3a\x75\xd2\x1a\xb9\xdb\xdb\x3c\x3b\x66\x87\xa4\x5e\x04\x49\x38\xa9\xf1\xc1\x3a\x33\x0e\xa9\x76\x1e\x28\x3e\x61\xd4\xa3\x20\xe1\xf5\x59\x88\x2f\x34\xb6\x07\xfe\xfe\x32\xc3\x43\x17\x4a\xbc\xdc\x77\xb0\x65\xa9\x29\x04\xb4\x2d\x96\x1d\xb8\xed\x91\x6c\x01\x46\x4f\xfd\x43\xf9\x3c\x10\x77\xf1\xdf\x7e\xe6\x50\x31\xcf\xe0\x5d\x78\x0d\x01\xd0\x8e\xe0\x36\xf2\x2a\x2b\x05\x12\x19\x3b\x0c\x0f\x38\x01\xe0\xa0\x20\x8e\xef\x24\x5c\x9e\x51\x93\x52\xd2\xb0\x09\x63\x82\xf2\xcb\xa0\x6e\xb2\xa0\x1d\xac\xf6\x19\xea\xbb\xc8\x83\xc5\xd4\xf2\xfd\x7c\x34\x23\x17\x9c\x0f\x5f\xfd\xaf\x8c\xaf\xff\x5c\x46\xb3\x4a\x09\xc3\xc5\x0e\x29\x49\xc0\x60\x00\x20\x7d\x70\xd3\x7d\x65\xa7\x43\x07\x5f\xdc\x2b\xe6\x2d\x41\x2a\xa6\x3e\x36\x37\x06\xca\x90\xe6\xef\x44\xe1\x52\xea\x4d\xc5\xc2\x89\x3e\xcd\x08\xd7\x96\xd4\x1f\x17\x22\x54\xc3\xd1\xd1\x4b\xb0\x67\xb5\x3a\x08\x97\xbb\xd7\x3c\x99\x54\xd9\x64\x8b\x2a\xf1\x0d\x9c\x27\x03\xe3\x8b\x6c\x62\x46\x9f\x6f\x95\x8a\x1c\xa0\xa3\x20\xc1\x23\x39\xe9\x0c\xf7\x68\xc8\x7b\x47\x38\xc2\x19\xf8\x09\x3b\xff\x4c\x2c\xfd\x29\x45\x9f\x6d\x32\x81\x34\x93\x78\xe9\x15\xa3\xb0\xe7\x24\xc7\x4d\x2b\xd7\xa8\x51\xac\x7c\x6b\x48\xe8\xaf\xc7\x12\x4f\xdc\xbc\xab\x5f\xf8\x0d\x1d\xee\x30\xa6\xc0\x24\xcb\x43\x31\x97\x23\x66\xeb\xab\x26\xbb\xb9\xf6\x08\xca\xac\x7e\x51\x91\x4d\xf0\x58\xb9\xb3\x74\x5d\x98\xc5\xd2\x7e\x97\x10\x54\x75\xec\x01\x73\x77\xe6\x31\x61\x98\xec\xe4\xec\x59\x09\xf0\x4f\xc2\x7e\x7b\x38\x2e\x66\xad\xb6\x2a\xc8\xa9\x77\xf3\x76\xfd\x5d\xae\x43\x4f\xb5\x51\x75\x24\x9c\xa1\xab\x6b\xb0\x2d\xec\x06\x96\xf0\x89\xbe\x34\x54\x88\x7a\x0c\x32\x36\x1d\x17\x2b\xd2"},
+{{0x88,0xa2,0x4f,0x0d,0xf3,0xae,0x29,0x14,0xdf,0x79,0xda,0x50,0xec,0xf8,0xec,0xb4,0x2f,0x68,0xc7,0xba,0xad,0x3b,0x6c,0x3a,0x2e,0x0c,0xc9,0xc2,0x5d,0x09,0xd1,0x42,},{0x12,0xe6,0x60,0x3f,0x71,0x3b,0x23,0x05,0x35,0x85,0x68,0x71,0x00,0x18,0x68,0x5e,0x14,0x15,0x53,0xc4,0x75,0x91,0x39,0x6f,0xb4,0x25,0x9e,0x42,0xdc,0x53,0xb9,0xc9,},{0x17,0x07,0xcc,0x00,0x91,0x86,0xbf,0x3f,0x03,0xf7,0xbb,0x9e,0x3c,0xd4,0xcf,0x6b,0x73,0x7b,0x7a,0x6b,0xaa,0xde,0x7f,0xc6,0xc3,0xff,0x5c,0x12,0x25,0xdb,0xb2,0xba,0xf5,0x4f,0x47,0xc8,0x5e,0xaf,0xa1,0x32,0xc3,0x1e,0xac,0xa0,0x3e,0x6a,0xec,0x14,0x47,0x73,0x3f,0xac,0xd3,0x71,0x49,0xb7,0xc6,0xcf,0x0c,0xd4,0x1f,0x61,0x14,0x04,},"\x65\x4e\x9e\xdc\x69\xfe\x63\x4c\x23\x08\xba\x8c\x46\xa9\x55\xe8\x82\x45\x62\x86\xea\xe3\x59\x3c\xae\x73\x9c\x44\x86\x6c\x0d\xe9\xed\xcb\xbf\x0d\xb1\xc4\x41\x49\x66\x84\x67\x70\x9d\xc9\x70\x62\x98\xdd\x2e\xac\x33\x01\xda\xba\xd5\xbd\x8e\x93\xc5\xe8\xa9\x3f\x19\x4e\x0f\xc1\xd9\xf3\x76\xc1\x44\xc2\x93\xae\xfd\xa0\x86\xb2\x21\x8f\x2e\x9d\xfd\x7c\x2d\xc5\x2b\xa3\x3e\xb2\x29\xdc\xf7\xbb\x68\xce\x0f\x87\x6c\x5f\xd4\xe8\x1a\xfd\x80\x16\x9f\x73\xcf\x26\x4e\x5d\xc0\xce\x16\xe1\xb8\x76\xcd\x11\xc7\xad\x89\x05\x8e\xe0\x82\x0c\x40\x00\x5d\x01\xf1\x19\xf8\xbe\x6f\x1a\xfb\xe2\x4c\xa4\xae\xdc\x18\xe9\x78\x96\x82\x7c\x3e\xd6\x7f\xc4\x56\x30\xe7\x90\x3b\x7f\xee\x9c\x99\x0e\x36\x19\x37\xbf\x4e\xa0\xa4\xd8\xd1\x6c\xf6\xd9\xcf\x03\x81\xe9\x06\x5e\x36\x25\x14\x8f\x8a\xe0\x49\x1a\x03\x41\xd0\xff\x9f\x72\x7b\xe1\xf3\x10\xca\x1e\xc3\xf0\x10\x4a\xa0\x54\x32\x17\x84\xdd\x24\xd5\x3c\x98\x5b\x28\xd4\x40\x82\xf8\xe1\xc1\x08\xa4\x41\x09\x63\x8f\xf5\x11\x6e\xdd\x85\xae\xb8\x6b\x6e\xa5\x12\xa1\x9b\x60\x2e\xdd\x9d\x21\x10\x70\xd0\x44\xaf\x5b\xed\xb6\xc8\x52\x7b\xa3\x49\x1e\x34\x5b\xac\xc1\x30\xb3\x69\x60\x28\x2a\xe7\x37\xb8\x5c\x76\x92\x74\xf0\xf7\xc5\x88\xf4\x0e\x66\x25\xb2\x36\xbd\xc1\xa3\xb8\x73\x20\x46\x0e\xee\xad\xa2\x78\x12\x4b\x56\x68\x87\x4f\x39\xf5\x9c\x2e\x6a\xa2\x08\xc3\xb6\xa9\xb8\x45\xc4\xd0\xa2\x7a\x05\x46\x78\x6f\xa1\x3e\x51\xcc\x98\xb7\x3f\xd7\xee\x32\x7b\x62\x15\xec\x6b\x62\x9f\x4c\xc7\xe4\xbd\x3c\x0a\x3d\xb7\x8a\x21\xff\xfe\x24\xc7\x04\x38\x71\x6b\xc3\x7b\x8d\xa7\xc5\xff\x7c\x36\x88\xa9\x03\x39\xc2\x2e\xb5\x0b\x7c\x2c\xd3\x6b\x68\x83\x1f\xd5\x93\x91\x75\x68\x9b\xd3\xe2\x2c\x38\x81\xaf\x33\x7e\xe1\x44\x35\x70\x9e\x35\x10\x40\xef\x3d\xa9\x55\x72\x4e\x51\xc2\x4a\x5e\x2c\x09\xf8\x91\x80\x83\x93\xfb\xf8\xef\x7f\x1f\x5f\x02\x98\xde\xeb\xdc\xd8\xd6\x66\xcb\xcf\x3e\x86\x6c\x71\x89\x99\xab\x6b\x1f\xee\xc9\xc4\x7e\x02\xe7\xd6\x35\x40\xf8\x99\x63\xd5\x42\xc5\xd0\x1f\xb6\xfc\x30\x76\x89\x68\xae\x81\xb2\x0c\x35\x4b\x40\x00\xc1\x32\x77\x47\x64\xd6\xd4\x43\xad\xd6\x4f\x6d\xd7\x48\xf5\xfb\x5b\x7f\x6e\xba\x40\x1d\xb4\x31\x8b\xe9\x93\x98\x9f\xcc\x25\x77\x96\x1f\xa5\xad\x31\xf6\xa2\xa9\xd6\xa7\x55\x28\x58\x65\xcd\x5d\xc3\xa8\x8c\xfb\x5a\xba\x7d\x92\x3b\xaf\x78\xb5\xd1\x31\xb4\xc2\x14\xdf\x55\xb6\x17\x1f\x45\x20\x9e\x21\xca\x66\x45\x49\x0d\x3a\x36\x44\xdd\xa6\xdc\x92\x9c\x7c\x40\x95\x76\xd3\x71\x64\x75\x5e\xf8\xaa\xf3\xdc\xd4\xd2\x27\x75\xee\x7d\xea\x0e\x56\x5b\xd5\x47\x27\x92\x1c\x64\x9b\xc5\x1f\x20\xc1\xf6\x8c\x1f\xde\xac\x45\x5c\x67\xd7\x1a\x1c\xb8\x83\x7f\x46\x91\x44\x8b\xf0\xbf\x04\x4a\x46\xf1\x68\x5f\xbe\x22\xb1\xe0\x18\x77\xf7\x47\x7d\x34\x99\x40\x8c\x4c\x31\x65\x10\xce\x2e\x55\xb9\x80\x05"},
+{{0x18,0x4d,0x0c,0xe2,0xe9,0xdb,0x7f,0x25,0x7a,0x8b,0xf4,0x64,0x6d,0x16,0xd2,0xc5,0xef,0xc2,0x70,0x2c,0xed,0x02,0x6b,0x69,0x06,0xd3,0xc8,0xc0,0x11,0x8f,0x22,0x61,},{0xe9,0xda,0xb8,0xfd,0x9d,0x94,0xdc,0x9b,0x24,0xcc,0x79,0xc6,0x35,0xcc,0x57,0xce,0x66,0x51,0x89,0x82,0xba,0x3e,0x24,0x47,0x24,0x07,0x41,0xba,0xc0,0x73,0x0e,0xc5,},{0xb1,0xe3,0xbf,0x5f,0xa7,0x4d,0x7e,0x44,0x2c,0xed,0x9a,0x98,0xd9,0x27,0xd8,0xc4,0x5e,0x0e,0x64,0xd8,0x74,0xf8,0xea,0x59,0x20,0xa3,0x60,0xa4,0xbf,0x42,0xd8,0x3c,0xe1,0x8a,0x92,0x4a,0xc7,0x96,0xe1,0xa7,0x7d,0x1b,0x02,0x08,0x29,0x4b,0x50,0xf8,0x22,0x17,0x7f,0xdb,0xdd,0x45,0x8c,0x74,0x35,0x6f,0xcf,0x6b,0xd7,0x94,0x51,0x06,},"\x6a\x9b\x87\x6b\x0b\xf4\x18\x9b\x3c\xc1\x5f\x9e\xb4\xfb\xe7\x93\x2b\x55\x77\x89\x2a\x22\x20\x0c\xe1\x07\x15\x68\x53\xd6\xd3\xca\x36\x3f\x02\x5a\xd7\xa2\xd8\x62\xaa\xdc\x74\x2d\x94\x15\xbd\x8d\x1f\xca\x13\xc9\xdc\xa3\x58\x60\x44\xe5\x5a\x8c\xf5\xde\xe1\xce\x56\x45\x76\xe3\xe8\xe3\x65\x54\x05\x46\x50\x1b\x34\xca\x67\x5c\xf2\x00\xe0\x77\x1a\x81\x8c\x73\xd3\x7f\xcd\xa8\xcb\x15\xe4\x8d\x5a\x0b\x9e\xa3\xbe\xec\x0f\xf6\x61\x0b\x2a\x8a\x21\x4c\xa4\xf7\xef\xac\x0e\x71\x38\x10\x52\xd9\xbf\x3c\x00\xc3\x29\x59\x34\x74\xeb\xd0\xa6\x87\xa0\xb4\x1d\x14\x4b\x5e\x7a\xb1\x41\x2b\x97\x0a\x74\xba\xba\x4d\x27\x4b\xb0\xdb\xfd\xb0\x2b\x11\xf7\xf6\x39\x64\xba\x6f\x3b\xa0\xad\x23\x34\x1d\x08\x3b\x91\xa4\x30\x82\x39\xe3\x3d\x50\x82\x43\x96\x12\x65\x88\xde\x72\xa2\x39\x0c\x1c\x0f\xc0\x67\x47\xc2\x87\x72\xf6\x30\xbf\x4d\x14\x3f\x7a\x11\x59\xf0\x28\xc0\x93\x40\x48\x94\xe6\xd1\x6f\x63\x46\x35\xd4\xfc\x33\x0f\x3d\x7a\x73\x13\xef\x75\x6f\x5d\x49\xd8\xf6\x20\x5e\xb1\xc7\x92\xa9\x49\x5d\xa1\x31\xb4\x33\x45\xa0\x09\x0c\x12\xca\x56\xe6\xad\xac\x5b\xe0\xcb\xca\xc3\x60\x9d\x69\xf7\x24\x15\xf6\xc3\x7f\x3c\xfb\x2c\xf7\x6b\x3e\x65\xf3\xc9\x3a\xc9\x2b\x63\xf2\xba\xa4\x66\x24\x90\x75\xbc\xa6\x9d\x4c\x1d\x1f\x3a\xde\x24\xab\x31\xef\xfc\xb9\x04\x69\xc2\x4b\xb4\x10\xab\x47\x23\xe1\xb7\xe1\xc8\x8b\x3a\x36\x43\x35\x63\xf7\x1a\x99\xaa\xd5\x8f\xe8\x05\x68\xf9\xc1\x02\xda\x89\xba\xd9\x79\x63\xe7\x7d\x66\x22\x48\x31\x66\xf3\xae\x26\x1f\x32\xa5\x2a\x86\x10\x1e\xbd\x64\x5f\x61\x42\xc9\x82\xe2\xcd\x36\x25\xcf\x8b\x46\xb9\xb2\x89\x12\x46\x92\x0f\x69\x7f\xca\xed\x39\x7c\xb9\x22\xc2\x74\x94\x51\x67\xa0\xe6\x19\xb0\xb5\x06\x37\x76\x06\xdb\x04\x57\x83\xb0\xb8\x8e\xa0\x4e\x93\x2d\x21\xff\xc0\x64\xa1\x2a\x40\xeb\xe9\xb4\x80\xf1\xa2\xc7\xdd\xd3\x95\xa9\xb1\x5e\xfd\xc4\x95\xc9\x71\x4f\x36\xfa\x99\x6f\x79\xf8\xeb\x8e\xfa\x52\xd9\x9a\x24\xab\xfe\xf4\x3b\x32\xa2\x37\xc5\xbc\x00\x18\xda\x3b\x16\x2f\x59\xb8\xd3\xd4\x74\xe2\xce\x08\xfa\x80\x24\xc5\x8a\xcc\x0a\x99\xff\x61\x4e\x6c\xd7\xfd\xd9\xca\x4e\x8f\x41\xa1\x44\x9a\xa6\x18\xd0\x33\x37\xe8\xa3\x74\xd5\x60\x55\xb2\x07\xa9\xdb\xe6\x9f\x59\x48\xf9\x01\xca\x7d\xb0\x41\x0f\x01\xaa\x37\x3d\x9e\x02\x27\x62\x35\x99\xbc\x21\x28\x45\xb0\x06\xe9\x42\xfa\xbc\x58\x2c\xd7\x26\xdb\x5c\x44\x3e\xb2\xdf\xfb\xc9\xe3\xe7\xf0\xe5\xcb\x67\x44\xf7\xad\x71\x60\x50\xfd\xf2\xc6\x0c\x7c\x77\xc2\x53\xab\x74\x5d\xb9\xc8\x55\x26\x55\x68\x3e\xa7\xea\x68\x0a\xa4\xaf\x34\xdf\x13\x25\xc2\x9b\x88\x74\xb6\x1b\xe2\x3d\xe4\xff\xba\x25\x42\x4f\x46\x19\xec\x68\x2c\x26\xb3\xa6\x7b\xda\x9b\xc4\xc9\x4b\x79\xa9\xfc\x4d\x82\xd3\x40\x49\x5b\x43\x7a\x1c\xbd\x6b\x60\x30\x7c\xfc\xb1\x00\x26\xf9\x64\xa0\x17\x62\x3e\x33\xdb\xf2\x33"},
+{{0xd0,0x2b,0xbf,0x70,0xd5,0x13,0x51,0xe3,0xb4,0x7a,0xd8,0xe5,0xed,0x26,0x3d,0xbf,0x55,0x6d,0x14,0x98,0xfa,0x9b,0xd5,0xdb,0xd9,0x9f,0xb4,0x26,0x90,0x09,0xdc,0xed,},{0x8c,0xe4,0xb5,0x9f,0x94,0xce,0xd6,0xec,0x96,0x14,0xd6,0x7d,0x30,0x66,0xd9,0xd3,0xa0,0xdf,0x7a,0x46,0xb3,0x7b,0x4c,0x17,0x25,0xef,0x1e,0x57,0xbc,0x68,0xa0,0xd1,},{0x6e,0x7c,0x66,0xac,0xc9,0x54,0xff,0xd9,0xdd,0x4c,0x1c,0x63,0x35,0xab,0x4f,0xe7,0x9d,0xbb,0xed,0x78,0x2c,0x4a,0x47,0xec,0x30,0xd8,0x48,0xd8,0xbb,0x2b,0x4f,0x10,0x69,0xdc,0x62,0xe5,0x22,0xa1,0xe8,0x01,0x7f,0x54,0xa6,0x34,0x5e,0x17,0x28,0xc0,0x73,0xaf,0x64,0x47,0x85,0x6d,0x8c,0x1e,0xd3,0x58,0x78,0xb5,0x71,0xe5,0x23,0x0d,},"\x55\x45\x60\xf7\xa7\xfd\x1a\xe7\x75\x8a\x2f\xce\x7d\x78\x0f\x6b\x3f\x04\x3d\x3a\xf8\x9d\x4f\x19\xef\x57\x3c\x34\x99\x75\x54\xdf\x24\x3f\xaf\x2a\xaa\xb6\x5b\x2a\xfd\xd2\x86\x10\xd4\xa5\x1e\x9a\x4b\x46\x4d\xb6\xdb\x09\xeb\xf7\x3b\x7d\x24\x05\x4c\xc9\xb1\x28\x14\xbb\x29\xee\x99\xe1\xa7\x3b\xd6\x03\x89\x83\x60\xf9\xdc\xf0\x1e\x67\x08\x36\x28\x6f\x82\x36\xed\x8c\xef\x07\x5f\x3d\x56\x33\x12\xc1\x6c\x73\xfc\x37\xee\xdf\x25\x2f\x8f\x42\xd3\x0a\x13\xe7\xfb\xa3\xb1\x65\x23\x8c\x7f\x81\xea\xae\xb5\x31\x90\xf3\xec\x3b\x5d\x63\xf0\xee\x03\xe3\x98\x7e\x39\x0d\x1d\x81\xe8\x27\x7e\x9f\x6c\x1e\xe6\xec\x4e\xc3\xfa\x0d\x72\x0e\x9f\x53\xf9\xc2\x6f\x04\xaa\x2e\xd2\xb5\xef\x31\x60\x89\x59\x99\xea\xce\x29\xcf\x5d\xc2\x54\xad\x71\x10\x6b\xb7\xe8\xbc\x29\xa5\xb1\xd2\x41\x25\x93\xd0\x81\x94\xe8\x8e\x16\x59\xa7\x31\x59\xa2\xa2\x20\x33\xab\x06\x6e\x8d\x3d\x8c\x3b\xc8\x6b\x7b\x01\xde\x81\xa8\xc6\x60\x47\xb0\x7f\xe2\x4e\xd2\x40\x31\x8b\xa3\x7b\xa3\xef\xb6\xcf\x63\x26\x04\xca\x4f\x44\x6a\x75\xfd\x8e\x70\xc4\x53\xf0\xc6\x0e\xe1\x6e\xca\xf5\x24\xe7\x03\xf4\x7d\xf5\xc2\x82\xca\x32\x89\xb3\xaf\x61\xde\xe4\x70\x9e\xe0\x85\x32\x3b\x1e\x5c\x8a\x6b\xc0\x76\x62\x01\xc6\x35\x03\x14\x46\x89\x1f\x34\x94\xe9\xdb\x20\xdd\x4e\x9e\x08\x38\x24\x9a\x67\xe1\x38\xd1\x3e\xe2\xc9\x6f\x61\xe7\x71\x06\x15\x42\xaa\x16\xef\x20\xd8\x1e\x3a\x0f\x4e\x45\x21\xa6\xcd\x6c\x92\xfc\x26\xfe\xef\x03\xb6\x6c\x70\xe0\x35\xca\xfc\xc1\x9c\x96\xfb\x9d\x82\x91\x8f\xe1\x97\x78\x0e\xff\x0e\xda\x6e\x25\x12\xc5\x6e\x2a\x73\xd7\x70\x32\xb7\x68\x91\x9b\xea\x97\x72\xf5\x98\x9c\x8b\x6c\x65\xc3\xd1\xe9\x7a\x21\x80\xcc\x3a\x37\x57\x9d\xa7\x0c\xe9\x80\x6a\xc1\x28\x5a\x3e\xab\x41\x5c\x06\x07\xd8\x8c\xb8\x65\x42\xea\xb9\x0b\x9d\x2d\x67\xfa\xff\xfc\xad\x23\xa7\x14\x00\x0e\xe5\x9e\xd6\x8c\x95\x6e\x81\xc4\x45\x42\x88\x82\xf9\x7a\xf7\x4d\xb3\x62\xe4\x5c\x0d\x1b\xd8\x85\x6e\xed\x16\x6e\x4a\xec\x4b\xfd\xf9\x5e\xad\xb2\x51\xe2\xa1\xef\x80\x48\x52\xa9\xea\x77\xd3\x45\x77\xfe\x70\x83\x1a\x92\x8b\x10\x1b\x60\xac\x61\x3e\x7b\xa2\xe6\xba\x0a\x94\x01\x3a\x64\xc2\xf8\x21\x9f\xd3\x0b\xff\x40\x90\x99\x66\x7a\x78\x6f\x99\x32\x7b\xb0\x3e\x2f\x21\x87\xf4\x45\xb4\x6b\xee\xda\xb6\xd3\x25\xaf\xd9\x04\xe3\x95\x43\xe9\x3f\x4b\x6c\x54\x43\x24\x9d\x74\x4b\x2d\x1a\x43\xe1\x41\xe4\x76\x8b\xd4\x0a\xab\xe4\x05\x72\x44\xe1\xea\xdd\x9d\xae\xc1\x75\x71\x9e\x51\xa0\x93\xac\xe3\x2f\xe8\x2b\x2e\xac\xb5\xec\xb0\xda\x6c\x1f\xfe\x98\xc8\xce\xe7\x88\x6e\x30\x16\x70\xdf\xf8\x71\x13\xef\xed\x42\x82\x47\x1a\xfb\x6b\x8a\x0f\xdb\x50\x5e\x2e\x8e\x7d\xbc\x1a\x08\xa2\x2e\x96\x80\xbd\x09\x8b\xf1\x27\x58\x02\xbd\xb4\x59\x41\x3a\x3b\x23\x7d\x77\x13\xa1\xbb\xf5\x97\xe6\xad\xf2\xb6\x0e\xaf\x82\x37\x91\xb3"},
+{{0xaa,0x0f,0xda,0xe2,0xa5,0xa4,0xc9,0xc0,0x45,0x21,0x91,0x30,0x04,0xcd,0x89,0xef,0xbc,0x88,0xb2,0xda,0xdf,0x5a,0xbb,0x24,0x6f,0x3c,0xa7,0xf6,0x92,0x35,0x44,0xaf,},{0xbf,0xfc,0xb1,0x7c,0x35,0xc1,0x30,0x4c,0xdd,0x9d,0x62,0x4f,0xf6,0x9b,0xee,0x60,0xec,0x7c,0x9e,0xc3,0x27,0xd1,0x23,0x50,0xd7,0x0f,0xac,0x12,0xb4,0x7c,0xc2,0x5c,},{0xf9,0x37,0x29,0x89,0x69,0xca,0x34,0xd9,0x75,0x84,0x44,0x89,0x07,0x35,0x8b,0x0f,0x47,0x84,0x1f,0x30,0x23,0xaf,0xc7,0xef,0x76,0x81,0x52,0x1c,0x5b,0xe0,0xf5,0xe5,0x62,0x8a,0x8f,0x60,0x7e,0x2f,0x31,0x63,0x6e,0xf6,0x36,0x46,0xb0,0xe9,0x89,0x8a,0x72,0xad,0x35,0x57,0x06,0xd2,0xc8,0x06,0x0f,0xbc,0x64,0x0e,0xfb,0x3d,0x66,0x05,},"\xb1\x41\x84\xcf\xdc\x4a\x5f\x0c\x7f\x83\xf9\x4a\x83\x2f\x58\x85\x07\xe2\xd7\x2a\x89\x32\x98\x70\x07\x85\x71\xd2\x08\xa0\xc4\x96\x0c\x2f\xdc\x4c\x23\x6c\xf8\x82\x29\x98\x1d\x12\xb1\x0a\x1b\x68\x84\xc8\x65\x0d\xda\xf1\xd4\xb2\xeb\x98\x15\x75\xb1\xe0\x19\xfe\x3f\x60\x42\x36\x76\xf8\x85\x6a\x99\x2c\xce\x36\xd6\xd0\xa3\xd0\x26\x63\x1c\x8c\x1e\x1f\xfe\x34\x13\x4b\x29\x6f\x40\x84\x2b\x6d\xf4\xf8\x6f\x83\x3e\x01\x75\xba\xe5\x0e\x86\xbf\x85\x6d\x1e\xe7\x99\x25\xf4\x34\xb8\xbf\x2c\x84\x51\x9f\x1f\x5d\x25\x38\x60\x49\xce\x3c\xa6\x17\x77\xe3\x0b\x70\x0a\x60\x2d\x39\x52\x50\xb6\x0f\xc6\x4a\xc6\xf8\xdb\x02\x7e\x8d\xa8\xb9\x55\x0f\x24\xed\x11\xa1\x1d\x9f\x9f\x9c\x5e\x0a\xf1\x45\xb8\x65\x97\x51\xac\x6b\x55\x86\x1f\x63\x88\xa6\x43\x36\xb3\x1e\xfe\x45\xc0\x80\x2d\x76\xa5\x34\x86\xa8\x1e\xba\x07\x31\x4b\x4d\x96\x1c\x14\x1a\xb3\x4e\x2f\x76\xed\xac\x0e\x6d\xe3\x14\x22\xdf\x79\x2a\xf0\x81\xe7\x69\xc7\xed\x05\xda\x9a\x5a\xf2\xfd\xf3\x6f\x14\x17\x69\x90\x8b\x70\x09\x37\xf0\xe1\x06\x8c\x13\x1f\x17\x6e\xb9\x6c\x67\xaf\xdb\xe7\x8f\x40\xd8\x60\x07\xfb\xcd\x47\xe4\x9e\x2e\x4c\x4c\xe0\x49\x93\x6a\xdf\xf1\xce\x3e\xac\x42\xb9\x6b\x34\x29\xb5\x62\x6b\x1a\xa6\x2a\xcd\xe0\x7f\x45\xa1\x3c\xe1\xbd\x21\x1f\x32\xbd\x7e\xfe\x47\x90\xc8\x37\x1e\xbf\x87\xc1\x64\x47\x7a\x5c\x9f\xa3\xe7\x8c\x2f\x88\x07\x7b\x09\x73\x44\xcf\xfa\x03\x1c\x44\x29\xc7\xf4\x2d\xca\x07\x73\x78\x50\xee\x7a\x76\x9b\x36\xd0\xf0\x62\x5a\xdf\x12\x0e\xa2\x3f\xf4\xe3\x93\xa4\xfd\xcb\x65\x58\xdb\xf9\xb2\x66\xa0\x32\xe3\xb0\x59\x9b\x9d\x66\x92\xfc\xeb\xd8\x15\xa3\x89\x76\x07\x85\x63\x25\xfc\xd0\x11\x5d\xc3\x10\xdb\x3a\x87\x92\xfb\xeb\xd3\x99\x49\x4c\x83\x71\xe5\x85\x72\x7b\x3d\x63\x24\x14\x49\x68\x93\xd0\x38\x13\xba\x1f\x99\x66\x1b\xce\xb9\xdc\x18\xec\x5d\xc2\x7f\x52\x67\x03\x18\x68\x77\x69\xfc\x67\x8d\xdc\x7e\x40\x22\x7c\x20\x05\x22\x01\x3f\x5c\x0e\xec\x0e\x47\x81\xe6\xfc\x15\x3a\x0c\x2f\x4f\x3f\x95\xe5\x17\xc8\x41\x99\x24\xab\x39\x99\x2a\xf8\xc1\x94\x65\x05\x7f\x13\x44\x86\x69\x6b\xa7\xfd\x46\x51\x76\x8b\x4e\x74\x9e\xf3\x6f\x02\x44\x46\x17\xcf\x97\xf0\xa4\x23\xe4\xc1\x3b\x7b\x66\xba\x2b\x6c\x45\x68\x78\xb0\xb5\x0c\xe2\xee\x5e\xc5\x64\xed\x88\x54\xf7\x82\xaa\x1d\x1c\x6a\xa7\x60\xf2\x52\x2c\x7d\x97\xb9\xb1\xab\xe0\xba\x81\x09\x59\xd7\xaa\x40\x3a\x99\x37\x5a\xa3\xe3\x9a\x11\x5d\x1f\xc6\xfe\xdd\x00\x2f\x38\x30\xa5\x0a\x83\x7d\xc7\x20\x32\x9e\xc0\xc7\x3d\x5b\xfd\x50\x03\x85\xc7\x36\x83\x82\x87\xe1\x92\x01\x52\x5d\x18\x9c\x3a\x08\x4c\xd5\xa3\xf3\x59\x87\x5e\x3b\x83\x25\x28\x9c\xed\x18\xb6\x3b\x00\xff\x9c\xd0\x70\xc3\xe6\x74\x44\xbd\x3d\x83\x46\x17\x40\x85\xcc\x45\x13\x5c\xaa\x0c\x67\xb3\x22\x6e\x4a\x52\xe9\xa1\xc5\x5a\xed\x7e\xc5\xfa\xde\x6b\xf1\x6c\x19"},
+{{0x71,0x62,0xfe,0xf0,0xac,0xa4,0x97,0x4b,0x09,0x4a,0x6a,0x08,0x05,0x43,0x95,0xf8,0x77,0xff,0x94,0x33,0xf1,0xe3,0x3e,0x20,0xe8,0x8e,0xaa,0x90,0xf9,0x38,0x99,0x7d,},{0xa2,0x80,0x64,0x0f,0x13,0x9f,0x45,0xc3,0x5a,0x48,0x71,0x53,0x7e,0xef,0xe6,0xef,0x9d,0xb0,0x2d,0xe7,0x85,0xee,0x9f,0xd5,0x4f,0x80,0x5f,0xb5,0x7d,0x37,0x46,0xef,},{0xae,0x16,0x1c,0xce,0x95,0x40,0x33,0x84,0xb6,0x5c,0x6b,0xc9,0xb3,0x93,0xeb,0x07,0x25,0x64,0xc3,0x5f,0x3a,0x6c,0x04,0xfa,0x51,0x7a,0xb0,0x68,0xbc,0xd2,0x37,0x67,0xcc,0x0c,0x8e,0xdd,0x92,0xb1,0xa1,0x3a,0xe9,0xa9,0xce,0x48,0x64,0x13,0x7f,0xb8,0x9c,0x1f,0x37,0xb7,0x48,0xcf,0xc9,0x13,0x4b,0x67,0x41,0xba,0x1b,0x22,0x28,0x0d,},"\xc9\x0f\x45\x0b\xda\x1c\x6e\xfd\x8d\x12\x78\xde\xbd\x7a\xe0\x3e\x2e\xac\x27\x40\xa5\xa9\x63\xfc\xf9\x6c\x50\x4e\x31\xd4\xd6\xfc\xc5\xe2\xb5\x2a\x25\x18\xd2\x74\x1c\x55\xe9\x59\x18\x67\xb2\x42\x32\x28\xf9\xc1\x9f\x33\xc6\xf3\x87\x05\xc6\x20\x36\xd4\x80\xff\x53\xdf\x12\x07\x7e\x38\xfd\xb0\x73\xc6\x73\x10\x5d\xa1\xe1\x16\x19\xba\x53\x21\xa7\x1b\x5f\x49\x93\x23\x4a\x11\x94\x8e\xa1\x10\xcf\xa2\x42\xbc\x23\xfa\xc9\xaa\xe4\x62\x60\x6e\x39\x64\x1c\xa7\x14\x7e\xeb\xba\x1e\xec\x55\x3f\xce\x94\xe5\x3e\x4e\x01\xb0\x73\xdd\x78\x0a\x2f\xf6\x78\xb3\x15\x72\xca\x11\xee\x08\x77\xe7\x56\xbc\xdb\x66\x53\xe5\xe1\xb4\xcb\xfb\x56\x9a\x9d\x60\xe3\xee\x33\x61\x82\xdc\xb9\xb2\x5d\x1b\xe6\xdb\xf9\xb5\xc7\x14\x6d\x77\x55\x85\x83\x4c\xab\xde\x02\x78\xae\xe5\xd5\x7c\x85\xe9\x83\xf8\x4d\x88\x33\xa9\xe1\x5b\xcc\x11\x19\x8e\x1c\x1d\xa6\xba\x59\x28\x21\x29\xf1\xdb\x96\x6f\x54\x60\xc8\xfb\x65\x30\xfb\xc3\xa9\x8a\x31\xfc\x0f\x4e\x9b\x33\x73\x66\xee\xc1\xdc\xe1\x08\xc8\x26\xd4\x90\x45\xab\xfa\x12\xee\x88\x79\x7f\x08\xf0\x68\x3f\xef\x77\xed\xaa\x35\x43\xb9\x1c\xb1\x18\xe4\x24\xd9\xc4\x08\xda\x54\x74\x31\x12\x51\x07\xd9\xb0\x74\x4c\x24\x43\xce\x99\x17\xe1\xe3\x28\xd8\x18\x50\xba\xbb\xc9\x4d\x92\x0a\x1d\x06\xe5\x24\xdb\xb6\xc2\x3d\xd8\x2e\x17\x87\x82\x2d\x71\xc4\xcd\xc4\x09\xae\x85\xba\x4d\xeb\x58\x1f\x93\x47\x48\xf7\x5e\x7a\x76\x9b\x9d\x68\xc4\x58\x9e\x59\x4e\x65\xcb\x6c\x8f\x49\x03\xff\xba\xbd\x5a\x32\x6e\x89\x44\x1a\x54\x2f\x8a\xc2\x64\xcc\xc6\x4e\x95\xa8\x98\x2a\x71\x0b\x6c\x56\xff\x7d\x10\x91\x6a\xfc\x40\x9e\xa8\xa4\x1b\x74\x67\x9d\xd6\xa7\x66\xf5\x9c\x52\xb9\x30\x5b\xa7\x33\xb1\x3c\x9e\x81\x1e\xe1\x30\x83\x92\x5f\x42\x00\x68\x2b\xd0\x5d\xea\x33\x95\x32\x52\x29\x70\xaa\x14\x9d\x00\x4a\x2e\xa2\x0f\xf4\x61\xe9\xec\x0f\x3b\x62\x56\x5c\x1a\x10\x62\x59\xc8\x36\x60\x5c\xc2\x7c\xad\xc9\x51\x5c\xb9\x97\x9e\x89\xaf\x28\x7c\x02\x7d\x75\xed\xbf\x87\xd5\xcf\xf6\x3a\x7f\xec\x9b\xd1\x0e\x78\x77\xab\x9b\xf8\x68\xd7\x34\xbd\x3a\x23\x74\xce\xf7\x02\x5c\xc4\xda\xb7\x10\xe2\x54\x80\x66\x85\xa1\x36\xec\xd0\x3e\x36\x77\x03\x46\x51\x3a\x15\x14\x5b\x89\x0e\xee\xf4\x7b\x80\xea\x08\xe4\x6c\x81\xd2\x02\xe5\x33\xe9\xa0\x6a\x38\xa6\xf7\x6e\xf5\x7a\x9c\x73\x6e\xc7\x8d\x00\xb8\x08\xe3\xff\xd9\xc7\x9b\x9d\xc7\xa2\xe5\x89\x90\x76\x56\xc9\x32\xab\x8a\x8b\x57\xda\x1a\x49\x5b\xa7\x45\x20\x15\xe7\x92\x4b\x52\x69\xab\x1f\x67\xbd\xb4\x3a\x35\x83\x14\x87\xab\x90\x02\xf5\x2d\x78\xb1\x34\xcd\x37\x51\x92\x5a\xaa\xb0\xb4\x5c\x8e\x6b\x0f\x2b\xf0\xcc\x9a\x46\x59\x31\x71\x08\xfb\xa9\x13\x6a\xab\xb0\x92\x1a\x58\xfb\xb9\xb5\x0e\x51\x24\x3f\x9b\x53\x18\x47\xdc\x96\x57\xe9\x6f\xba\xf7\xaa\x69\x8f\xe6\xfe\x44\xf9\x05\x90\x14\x4c\x70\x33\x72\x50\xc5\x8b\xc5\xdd"},
+{{0xde,0xa1,0x80,0xc9,0x1b,0x53,0x3a,0xaf,0x73,0x6b,0xc5,0xd3,0xc8,0xe4,0x74,0xd5,0xe5,0xd4,0x75,0xb7,0x5b,0x92,0xcd,0xe6,0xbd,0x1d,0x10,0xf3,0xb8,0xf5,0x5a,0xd4,},{0x30,0xb2,0x0f,0xb3,0x20,0xb0,0x0e,0x77,0xc4,0xe0,0xa8,0xeb,0x37,0x30,0xaf,0x3c,0x0b,0x1c,0x5f,0x5e,0xd9,0xee,0x2b,0x05,0x62,0x70,0x7e,0x4f,0x55,0xc4,0x93,0x8b,},{0xd0,0x83,0x33,0x3f,0xb8,0x4e,0x79,0xc9,0xb3,0x3e,0x55,0xe8,0x19,0x2d,0x57,0x1f,0xfc,0x8d,0xc5,0x07,0x45,0xb6,0xb5,0xfd,0xd8,0xc4,0x4d,0x92,0xa6,0x3f,0xd1,0x78,0xc4,0xe5,0x7c,0x2a,0xb3,0xa1,0x21,0x1c,0x0b,0xa2,0xd3,0x9d,0xa3,0x0b,0x06,0x62,0x9d,0x8d,0x1c,0xc1,0xd9,0xf2,0x59,0x32,0x63,0xd5,0x24,0xfa,0x5a,0x2e,0xbc,0x03,},"\x60\x61\x44\xb7\xd4\xf9\x6b\xef\x7f\x11\x2b\x6d\x41\xbc\xb5\x00\xd2\x13\x6c\x13\x4c\xed\xa2\x20\xe2\x4d\x0f\x15\x24\xec\xa1\x2c\x30\xf2\xb1\x02\xc7\xf3\x78\xd6\xbb\xa2\x59\xc5\xb4\xa5\xef\x8e\xc9\x30\x9d\x5c\x8d\xa7\xe8\xd2\xde\xd3\x79\x2a\xee\xea\x21\x08\xf7\x7d\x66\xb2\x30\x45\x93\x8e\xd6\x47\x51\xf2\x0d\x48\x32\x6b\xe2\xfb\x99\x62\x8c\xfb\x18\x73\xd7\xdd\x27\x58\x1c\x10\x5e\xc1\x32\x49\xa9\x52\xa5\x07\x84\xb8\xb3\x4c\xb3\xb2\xc1\xa0\x04\xfa\x8b\x62\x8a\x07\x67\xfa\x9a\xbf\x05\x8d\x95\x5d\xf8\x5d\x13\x4a\x0f\xc7\xf4\xb7\xd7\xfb\x0c\x8d\x31\xbc\xe3\x45\xdd\x0a\x42\x82\x14\x5a\xfb\x2f\xf1\x97\x51\xf2\xcc\x3a\x1c\xae\xa2\x42\xba\xaf\x53\x87\x49\xbf\x38\x80\x00\xe3\xdc\x1d\x73\x93\x59\xdf\xeb\xae\x64\xae\x1e\x10\xfb\x6f\xc1\x7c\xc9\xfb\x95\x05\x35\xc2\xde\x12\x95\x87\xa8\x68\x59\xb7\xbe\x36\xdf\xe9\xb6\xc1\x14\x1b\x25\xe0\x91\x5c\x8d\x4a\xa1\xcc\xea\xe7\x04\x6b\x3d\x7c\xfa\x94\x0b\xc9\x8d\x4d\x69\xfc\x5a\x30\xdd\xe1\xde\xe4\x2f\xb5\x27\x22\x81\xbf\x8f\x8e\x7f\x3e\x1a\x04\x39\x7f\xb4\xf3\xad\xef\xc5\x75\x32\xdd\xbd\xe3\x68\x33\xa6\x76\xe6\xf3\x9c\x82\xaf\xf6\xbf\x48\x32\xec\x97\x1e\x03\xbe\x38\x29\xc0\x2a\x20\x3c\x82\xd9\xeb\x8c\x16\x30\xee\x96\x93\xf4\x5d\x26\xf5\xf5\x1a\x31\x03\xca\x64\xd4\x68\xec\xea\xc1\xb2\x9a\xf4\xc4\x2e\xb2\x16\xd7\x6e\xc8\x99\x48\x36\xb4\xbe\xc7\x64\x89\xca\x50\x70\x68\x0c\x2c\x2e\xb4\x57\x21\x0a\x77\xc4\x7f\xdc\xbf\x60\x01\x72\x07\x3a\x53\xf1\x45\x3b\xb5\xc8\x04\x39\xc8\x82\xf0\x73\x6d\xe4\x06\x37\xb4\xf5\xab\x1f\x76\x1f\xf3\x55\xc6\xe9\xbd\x4a\xbd\xe7\x56\x0d\x5f\xc1\x13\xc8\x30\x15\x9a\x1b\x77\xc4\xe8\x7b\xc2\xc6\x98\x80\xa4\x0c\x58\x05\xec\xc8\xaa\xaf\x57\x57\x5b\xcc\xd8\x17\x7f\xc6\xb8\x35\x69\x23\x3c\x0f\x5c\xa2\x23\xac\x40\x13\xca\x10\x6c\xac\x28\x54\x70\x6a\xea\xd7\x14\xfa\x29\xf2\x86\x0a\x5f\x97\x53\x26\x8a\x36\x71\xd9\xf5\x9c\xde\x60\x48\xcf\x0b\x89\x86\x05\x0f\x7f\x54\x9e\x4f\xd7\x55\x7f\x2f\xc3\xfc\xdc\xcd\xdc\xef\xda\x58\x6a\x64\xb3\x00\x6e\x58\x25\xf2\x7c\xa3\x16\x87\xca\xf6\x63\xbd\x90\xa0\x5b\x11\x52\xd7\xc8\x8d\x7f\x10\x51\xa9\xd7\x91\x74\x86\x51\xd8\x88\xa6\xa1\x2f\x22\xd6\xc8\xc3\xf7\x8c\x2b\x86\xea\xf5\x39\x4b\x4e\xf7\xee\xfb\x89\x79\x7b\x25\xe5\x42\xdc\x93\x10\x2d\x02\x1a\x1d\x0b\xed\x6a\x7d\xcd\xd8\x10\x2b\x8f\x04\x30\xa0\xbc\x21\xd9\x04\xa3\xc9\x34\x6c\x01\x83\x43\xdd\x99\x37\xcb\x35\x25\x00\x07\xa2\x84\x82\x5d\xb0\x8e\x9a\x11\xfe\xe3\x1c\xff\x7a\x31\x4c\x48\xc4\x2d\x8b\x31\x4a\xcc\x27\x82\x2a\xf0\x3d\x19\x54\xc7\xcc\x8b\xf9\xad\x4e\x9e\x98\xf4\xad\x4e\xfb\x35\x52\x88\xda\xa8\xc9\x0d\xe9\x03\x7e\x64\xa7\x86\x1f\x5e\xe4\x3a\xda\x9f\x0f\xcc\xde\x34\xd0\xbc\xf5\x02\x88\x55\x0f\x70\x0f\x21\x5a\x79\x44\xa5\x38\x0e\x2a\x8e\x3f\x04\xf2\xb4\xf5"},
+{{0x9d,0xaf,0x6d,0xbb,0x7f,0x76,0x29,0x66,0xe7,0xa5,0x7c,0x2e,0xc1,0x99,0x6e,0x9f,0x5b,0x55,0x5b,0x98,0x66,0xb8,0xe3,0x1d,0xea,0xab,0x43,0x56,0xeb,0x13,0x81,0x6e,},{0xf0,0x21,0xb5,0x5a,0x36,0xd9,0xfb,0xfb,0xf2,0x97,0x8b,0xc0,0xdf,0x73,0x6b,0x28,0x9c,0x82,0x41,0xd6,0x43,0x53,0x09,0x84,0x1a,0x13,0x4b,0x07,0xd4,0x7c,0xe4,0xed,},{0x49,0xb6,0xbc,0x46,0xb7,0xab,0xb5,0x69,0x4d,0xa9,0x42,0x15,0xef,0xc4,0xb3,0x0e,0xea,0x04,0xae,0x2e,0x73,0xeb,0x2d,0xa8,0xe8,0xc9,0xef,0x9b,0xe2,0x22,0x24,0x98,0xb1,0x7e,0x13,0x93,0x96,0x46,0xc2,0x9e,0x32,0xd6,0x45,0x58,0x46,0x40,0x64,0x15,0x90,0xb1,0xbb,0xdb,0xfe,0x24,0xf3,0x6c,0x6f,0x69,0x4b,0xf8,0x72,0x38,0xee,0x04,},"\x54\x45\x23\x90\x0d\xaa\x67\x78\xc0\x39\x1a\xe4\x04\x4a\x51\xc0\xc4\xa5\xe4\x44\x13\x3f\xbd\x77\x47\xd5\x39\xa7\x44\xfa\x60\xab\x5d\xc5\x4e\x18\x19\xdc\x8e\x56\x89\x9c\x56\xef\xd7\xef\x3d\xa3\x41\x79\x0e\xcc\x49\x64\x5e\xf3\x25\xc6\x56\x8a\xe9\x71\xd3\x0d\x21\xbb\x7f\x23\x46\x4f\x46\xa2\x4b\x80\xd4\x9b\xb9\x3c\x6e\x91\xde\x79\xb2\x43\x31\xd0\x70\x7f\x43\xd0\x66\x5d\x01\x97\x74\x3a\xdf\xf6\x90\xd6\x15\xa1\xc9\x25\x87\x77\xfc\x47\xd0\x21\x71\x42\x42\x6a\x47\x34\x89\x2e\xb6\x22\xab\x8e\x50\xbb\x12\x8e\xc3\xa8\x95\x26\x6a\x38\x61\xa3\x97\x68\xbc\x76\x09\x6f\x58\x1f\xd0\x82\xdf\x9b\x72\x23\xe8\x5a\x8a\xfb\xdb\x5c\xaa\x49\x22\xaf\x2a\x01\x4b\xf8\xa5\xcd\x11\xe5\xc5\xea\x93\xe9\x1c\xd4\x6d\x5a\x1b\x99\xb8\x5a\x26\x70\xe3\x21\xde\x2e\x32\x25\x5a\xfd\x67\xfe\x2c\x37\xfd\x93\x2c\xac\xa2\x2d\x24\x1f\xaf\x4c\xce\xfe\xff\x58\xd6\xbd\x04\xcf\xaf\x11\xde\xdd\x29\xc8\x71\x9f\xfc\xb0\x2e\xf6\x5c\x5d\x3e\xb7\x8b\x4f\xc0\xd1\x70\xa2\xe3\x43\x2c\xc8\x12\xf0\xd0\x41\xd9\x76\x0c\x13\xc1\x2f\x7c\x7f\x2f\x84\xfe\x5e\x0f\x70\x0c\x10\xb1\xa6\x9c\xa4\x66\xa7\x0b\xde\xff\x8d\xbe\xc7\xd3\x18\xfb\x09\xdd\xd8\x27\xef\x61\xca\xa6\x91\x0b\xbc\x06\x1c\xbd\xa2\xb5\x27\xef\x2e\x59\xed\x4c\x17\x22\x99\x72\xf8\x95\x67\xd7\x05\xde\x92\x31\x92\x4b\x41\xbb\x6e\x7c\x01\xfe\x85\x42\x64\x47\x4f\xa7\x6b\x1f\x88\xcd\x57\xea\xc3\x11\x17\x1a\xf1\x03\xd2\x30\x78\x42\x4a\x12\x67\x5f\x2f\xa3\x6c\x2d\xe0\xbf\x53\xc2\x95\xfe\xeb\x31\x57\xde\x95\x89\x22\x98\x6e\x32\x51\x3d\xfa\x33\xb3\x5e\x15\xc3\x94\xa1\x1c\x0f\xcc\x55\xb8\x2d\x6d\xd0\x59\x7c\xdd\xd2\x7e\xde\x7d\xe1\x29\x85\xa6\x16\xe6\x40\x26\xbe\xfb\x5d\x69\x04\x82\xb3\xff\x22\xc0\xdd\x21\xf2\x7a\x08\x6d\x37\xa0\x49\x9e\xa3\x6f\xe2\xc4\xb5\xa9\x59\xd1\x0e\x9a\x61\x0c\xab\x1f\xe0\xd2\x8c\xf1\x01\x3d\xca\xe6\x3d\x8f\xde\xe0\xec\xbd\x8b\x4e\x19\xd5\xd0\x40\xe2\xfa\xd7\xd0\x41\x3a\x38\xe8\xc4\xe7\x35\x52\xad\x46\x04\x7b\x5b\xbd\xd1\x5c\x09\xcc\x0d\x34\xe4\x8b\x91\xfd\xba\xe2\xa9\xd1\x62\xd4\xb2\x1e\xe2\x0a\x1e\xf5\x35\xea\x88\x35\x95\xbc\x49\x51\x69\x2a\x67\x16\x34\x54\xc7\x36\x7f\x13\x4b\xf6\x45\xd4\x8f\x99\x69\xe3\xd4\xf0\xf9\xea\xf4\x14\x4c\xe9\x80\xa0\xa2\xe3\x34\x2c\x74\x6c\x2b\xdc\x3c\xcd\xc2\xf8\xa7\xda\x57\xa0\xe8\x02\x87\x82\xd3\x0a\xf5\x85\x7d\x9e\xfb\x37\x66\x6d\xf6\x5d\x7c\xc3\x84\x71\x66\x61\xe6\x1f\xf5\xc0\x97\x52\x59\x5e\x94\x11\x2c\xa1\xa8\x40\xd6\xe4\xf6\xec\x0e\x55\x49\x4c\x5b\x44\xf7\xc0\xf0\xd4\xa9\x9c\xd7\x09\x05\xbf\x84\x85\x56\x17\x48\xf4\xdc\x0f\xd7\xa4\x4a\x1b\x13\x91\x13\xc3\x8a\x1e\x8e\xb5\xc7\xa2\x0f\x3e\x95\x2e\xae\xa8\xce\x38\xb2\x07\xc2\x8e\xd9\x72\x71\x8f\x03\x1f\x47\x7c\x62\x07\xce\x43\x3c\x51\x5f\x5a\xc2\x84\x0f\x49\x74\xf1\xf1\x69\x89\x62\x6c\x76\xbc\x98"},
+{{0x71,0x86,0xf8,0xd1,0x68,0xd9,0xdd,0xf1,0x7e,0xdb,0xaf,0x0e,0x7b,0x1a,0xbc,0xb2,0x6d,0xa3,0xe4,0xc0,0x27,0x2d,0x98,0x79,0xc7,0xfd,0xff,0x64,0x21,0xc4,0xea,0x50,},{0x96,0xb4,0xa6,0x56,0x23,0x20,0x29,0xfc,0x1b,0x83,0x64,0x70,0x3c,0xbe,0xa7,0xa5,0xd7,0x38,0x75,0x18,0xa8,0x8c,0xed,0x1a,0x91,0x5e,0xc8,0xd8,0x86,0x84,0x81,0x32,},{0xa9,0xc0,0x49,0x9f,0xc2,0x16,0xa1,0x45,0x32,0xd7,0x36,0x36,0x5c,0x63,0x55,0xf9,0x38,0xf8,0xd8,0x19,0x4f,0xa1,0x13,0x28,0x48,0xf8,0x3e,0x49,0x04,0x54,0xd4,0xbb,0xf6,0x92,0x69,0xf1,0x22,0x59,0xfc,0x6c,0x07,0x4c,0x10,0x15,0xe4,0x25,0xe4,0xf4,0xf2,0x7c,0x02,0x9c,0x93,0x33,0x49,0x51,0x36,0x1a,0x35,0xad,0x11,0x76,0x54,0x0e,},"\xa3\xe6\xcb\x6b\x84\xcc\x5c\xf1\xfb\x1a\x84\x8b\x4b\x8e\xa7\xcb\x7c\x87\xe0\x44\x57\x50\xc6\x1f\x9a\xa5\xd7\x7d\xed\xdf\x94\x94\x63\xec\xd3\x9b\xfc\x71\xf2\x61\x0c\x2a\x94\x24\x84\x7f\xb7\x6f\x84\xc5\xda\x1f\xa1\x0e\xf7\x18\xa3\x45\x66\xce\xc1\xb3\xe8\x99\xe7\x25\x2e\x8d\x4d\x34\x60\x16\x49\x8f\xf1\x19\x97\x27\x50\x06\x16\x60\xba\xed\x31\x28\x27\x58\x31\x81\x07\x3d\x1d\xc7\x4b\x76\xc4\x30\xca\x30\xd4\x09\xe4\xe8\x43\x9c\x0f\xc4\x8c\x00\x68\x06\x29\xd4\x3a\xe2\xa7\x7d\x69\x22\x8f\x7f\x8a\x12\x53\xaf\x15\xbd\x2c\xb6\xbb\x1c\x16\x96\x55\x0c\x4c\x79\x0f\x44\x98\x69\x63\x0a\xb9\x2b\x9c\x11\xcd\xe1\xf9\x61\xaa\x21\x03\xec\x23\xf7\xd9\xf0\xfe\x9c\x3c\x41\x32\x58\x2e\xfa\x79\xa6\x6a\xe3\x42\x6e\x51\x05\xb8\x0b\xfe\x5e\x04\xdc\x8b\xb1\xe3\x8a\x31\x10\xcd\x72\x98\x4b\x3e\xf0\x2a\x0c\xa6\x2a\xb6\x38\xcb\xcf\xbc\x8a\x6b\x59\x3d\x26\x13\xdc\x06\xec\x86\xfe\xe3\x4f\x65\x18\xd4\xa3\xfb\xdc\x15\x72\x37\x17\x45\x64\xda\xeb\x66\x74\xcd\xc3\x4f\x4d\x65\x37\xcf\x81\xd8\xaa\x9b\xdd\xbf\x3a\xed\xa3\x12\xda\xae\xee\x33\x6f\x9e\xd8\xbf\xf8\x1e\x29\x4b\xc7\xd4\x4d\x25\xcd\x78\x70\x72\xe6\xcb\x41\x4b\x65\xfb\x7a\x84\x6f\xc0\x65\x36\x7b\xa8\xe3\x7b\xef\xfd\xf0\xb7\xba\x8f\x98\xcd\xf1\xeb\x87\x0f\x4e\x8b\x71\x30\xfa\x34\x29\xd2\xe2\x4b\xce\x59\x94\xda\xf1\xaa\x65\xe5\xf6\x03\xb6\x31\x05\x3d\xc5\x10\xb2\xf0\x97\xe8\x6e\x9b\x9b\x55\x23\x02\x75\x79\x68\xd0\x13\x6e\xe6\x75\x4c\x42\xa3\x2c\x99\x0a\xdd\x9c\xb5\x29\xbc\x89\x75\x1d\xfa\x4e\x5e\x3a\x0b\xad\xaf\x4c\xc4\x0b\x6a\x09\x50\x7f\x9f\xcd\x24\xc3\xca\x72\x25\x95\x99\xc6\xee\x58\xd8\x57\xb3\xa1\x89\xe0\x48\x90\x2e\x88\x5a\x36\x07\x42\x60\x93\xcb\x0f\xab\x43\x7c\x0f\xb0\xed\x2f\x1e\x96\xe9\x44\x1a\x7e\x95\x4f\xe3\xef\x76\x46\xe2\x6a\x39\xa0\x70\x33\xd0\xa1\x55\x5d\xfe\xed\x9a\x6f\x57\x79\x4a\xf3\xa2\xab\xf0\x05\x7e\x9f\x85\x3a\xe5\xc3\x01\x38\xfd\x80\xe2\xf2\x9c\x2f\x4a\x93\xad\x31\x45\xda\x10\xa3\xe3\x1c\xe9\xff\x97\x86\xac\x65\xd8\x60\x37\xd9\x8b\x7a\xa6\xd1\x1d\xe8\x80\x00\x10\xe1\x33\x86\x9e\xb6\x7a\x50\x39\xb9\xb8\xfe\xb6\xef\x90\x3d\x0c\xc7\x46\x41\x26\x07\xda\x72\x5c\xe2\xdc\x6a\x35\x21\x09\xdb\xc6\xa5\xe4\x0b\x17\x0c\x23\x05\x0b\xc4\xfb\x1e\xfa\x0c\x34\xfe\xc0\x0e\xae\x32\x19\xc2\x90\x40\xe8\xf5\x97\x8c\x93\x84\xee\x91\x5d\x8c\x93\x98\xdd\x12\x0d\x5c\x3c\xba\x38\xf8\x52\x6b\x06\x19\x7c\xb2\xc2\x61\xde\xc7\xd7\x26\xae\x13\x0f\x9b\xee\x17\x26\x17\x00\xe9\x99\x31\xfa\xc4\xb4\xdc\xa0\xf7\x58\x70\x1a\xcb\xf3\x70\x7d\x47\xdf\x53\x21\x13\x0e\xc1\x0b\xb3\xb1\x30\x78\xc4\xdc\x5d\xe3\x47\x0f\x15\x8b\x57\xdb\xeb\x87\x8b\x3a\x85\x24\xe0\xed\x2c\x95\x47\x54\x5f\x0f\xdd\xf1\x31\x25\xe4\x5b\xb2\x3d\x6a\x7b\x38\x3a\x18\x7f\x4c\x5d\x54\xa7\xb4\xc8\x3d\x59\x57\xf2\xcd\x7e\x6f\xbc"},
+{{0xe8,0x6e,0x8c,0x62,0x56,0x6e,0x15,0x75,0x3b,0xd5,0x57,0x7e,0xaa,0xe7,0xf2,0x41,0x05,0xb7,0x40,0x55,0xa2,0x56,0x29,0x58,0x07,0x08,0xbf,0xc8,0x3a,0xeb,0xf0,0x6c,},{0x8c,0x8c,0xe8,0x82,0xd5,0xf7,0x65,0x86,0xd8,0xdd,0xcc,0xc5,0x57,0x9b,0xcc,0x1c,0xdf,0x4c,0xfd,0x71,0x62,0x30,0x4c,0xb1,0x0e,0x76,0x96,0x02,0x6e,0x70,0x7f,0x17,},{0x54,0xd2,0xfd,0x44,0xac,0xf9,0xe2,0x09,0xbc,0x7e,0x43,0x33,0x72,0xbd,0x73,0x07,0x4d,0x07,0x80,0x6a,0x77,0xc6,0xce,0x22,0x8e,0x9b,0xe9,0x94,0x41,0x8b,0x00,0xc7,0xec,0xbc,0xb7,0xac,0x00,0x6c,0x29,0x4a,0xec,0x9d,0xe6,0x68,0x57,0x2a,0xdd,0x51,0x7c,0x06,0xb4,0xeb,0x4f,0xe2,0xff,0x35,0x23,0xbf,0x04,0x3d,0xf4,0x4d,0x3d,0x0d,},"\x12\xfa\x63\x1b\x0e\x48\x2e\x9b\x9d\x63\x3e\x94\xb8\x2d\x8a\xb4\x36\xfe\x54\x8e\x5b\x95\xda\x92\x62\x46\x23\xd1\x3f\x2c\x70\xda\x77\x5b\xa1\x36\xc5\x22\x9c\x16\xa0\xc7\xa6\xfa\x91\x4b\x2f\xed\xa5\x64\xe1\x72\x19\xe4\x73\x70\xf9\x51\x5b\xb1\xd5\x9d\xe6\xe9\x58\x62\x04\xd9\x43\xdc\x56\x0d\x73\xe2\xe7\x57\xf7\xeb\x39\xbb\xc7\x11\x1b\xb4\x6b\xc6\x43\xc1\x3f\x60\x21\x12\x73\x9b\xec\x77\x8d\x7d\x4f\x49\xd0\x92\x56\x3d\x68\xf5\x77\x6e\x43\x0e\x3b\x0b\xf2\xdc\x1b\x01\xbe\xb3\x04\x01\x96\xda\x63\x02\x90\x8b\xfe\x91\xe0\xfc\x38\xe0\x4c\x15\x0e\xf9\x07\xdc\x73\x6c\x44\x5f\xf2\x1f\xdb\xd2\xdc\x1e\xac\x0a\x0f\x5d\x00\xa3\x0a\xf0\x28\xaf\xe2\xff\x61\x16\x2b\x75\x8c\x7d\xa9\xa7\x76\x66\x6a\x11\x23\x59\x43\x1c\x48\x85\x6a\x87\xca\x82\xd3\xdd\x1c\x8a\xf3\x76\x59\x86\x35\x43\x2b\xf8\x91\xbe\xcb\xc3\x3a\x8f\xda\x44\xce\x88\x3e\xa8\xaf\x4a\xd8\xb9\x1a\x92\x61\xce\x76\xb9\xe9\x39\xc4\x61\xfa\xc5\x3a\xe0\xf0\x76\xe8\x2d\x87\x9a\xac\xe8\xf3\x8f\x12\x0b\xc9\xb0\x4d\x81\x25\xed\x24\xbc\xd7\x79\xd9\xd2\x43\x86\xb1\xdd\x20\x17\xeb\xee\x81\x97\x37\x6e\x8c\x36\xfa\x3a\xef\x8c\x1e\x71\x3e\x2b\x8b\xce\x49\x66\xd8\x48\x88\x68\x1b\xa7\x84\x95\xfb\xd1\xd6\xcc\xa5\x86\x26\xe6\x85\x4c\xda\x60\x6b\x83\xd6\x29\x3d\x01\xe8\xe3\xe1\x3b\xbf\x4a\xac\x85\x1d\x9a\x1e\x00\xd0\x02\x4e\x26\x99\x3b\x0b\x30\x91\xbe\x7e\x80\x61\xbc\xbb\x3c\xbb\x23\x02\xce\xab\x96\x89\x7a\x8e\x1f\xf3\x67\xec\x86\x25\x69\x3c\xf3\x15\x34\x12\x4a\x9d\x5d\x72\x5b\xca\xe0\x01\xd6\x7b\xc2\x11\x1d\x0a\xb8\x11\x1f\xa1\xd2\x4e\x4e\xd0\x6d\x63\x58\x3c\xe6\x90\xf2\xa0\x46\x26\xd7\x91\xd2\x9e\x3e\x31\x5a\x41\x5b\xf2\xe8\x53\xa5\xf2\x97\x4c\x83\x3a\x3f\xe2\xe2\x90\x9c\xf6\x69\xc7\x3c\x1f\x59\x39\x2d\x30\xc3\x7f\x3b\x9c\x5a\x3d\xdc\xfd\x75\x62\x1f\xda\x36\xe4\xba\x2f\x16\x14\x78\x58\xf6\xf2\x06\xb9\xa1\x40\xf1\xdd\xc1\x46\x6c\x9a\x53\xed\x73\xf8\x24\x90\xbc\x95\x32\x2c\x95\x5f\x61\xd1\x1c\xb5\x1d\x5e\x8a\x58\xc6\xb3\xcb\x0f\xdf\x04\x19\x76\x32\x01\xbe\xea\x93\xa8\x51\x2b\x14\x05\x24\x5b\xfc\x38\x41\x55\xad\xc5\xce\x77\x8a\xa7\x4d\x00\xa3\x22\x72\x64\x65\x11\x9a\xf7\x95\x01\xf0\x40\xdd\x0a\x7a\x84\x06\x00\x01\xca\x89\xd2\xfe\x5e\x9c\xf9\x77\x9a\x54\x7e\x3e\xbd\x3b\xf8\x64\x29\x90\xa3\x69\x0e\x2b\x2c\x3e\x54\xcb\x7e\xee\xea\xbc\x24\x2b\x4d\xd9\x92\x74\xc4\x25\xa8\x67\x93\x1c\x92\x9c\xa7\x08\x08\x60\x1c\x39\x08\xcf\xd7\x88\x86\x7d\x68\x7d\xc3\x66\xe9\x76\x35\x0c\x9e\x70\x58\x4b\xd3\x90\xd6\x7e\xeb\x7c\xfe\xa2\x6c\x42\x68\x6d\x3d\x96\x20\xf6\x2f\x64\x10\x4e\xf4\x1e\xd1\xd1\x30\xd7\x9e\x32\x59\x38\x48\x62\x96\xb7\xab\x2d\x2a\xdb\x78\x52\x67\x43\xe4\x00\xac\xb2\xb7\xaf\x09\x62\x8d\x68\xcf\x94\x75\x10\x16\x25\xc2\x0e\x1d\xc0\x51\xd7\x3c\x99\x7c\x95\x2e\x12\x81\x2c\x80\x5b\x68\xff"},
+{{0xa5,0xca,0xb2,0x72,0x7e,0x2f,0x13,0x1a,0x4d,0x63,0xfa,0xce,0xe7,0x99,0x33,0x66,0x63,0x93,0x0a,0xa0,0x7a,0xfd,0xa6,0xbd,0x5a,0x8e,0x98,0x5a,0x02,0xde,0xb1,0xea,},{0xac,0x35,0x5f,0x95,0x26,0x0f,0xbf,0xea,0x77,0x8c,0x55,0xb5,0xaf,0x8b,0x3f,0xd1,0xf2,0x4d,0x26,0x93,0xda,0x35,0xde,0x4e,0xe5,0x08,0xa2,0x7e,0xd3,0x50,0x39,0x1f,},{0x13,0x8c,0x7a,0x8e,0xca,0x5b,0x5c,0x37,0x15,0x88,0x13,0x84,0x3c,0x9a,0x90,0x4e,0x5f,0x53,0x0a,0xd9,0x71,0xee,0x43,0x2a,0x44,0xf3,0x44,0xf8,0xc6,0x4b,0xbf,0xaf,0x10,0x2f,0xf4,0x1d,0xaa,0x5c,0xf7,0x22,0xa4,0xbc,0x66,0x40,0x58,0x87,0x59,0xb8,0xf3,0x6f,0x9c,0x05,0x9e,0xab,0x93,0x6c,0xc4,0x5e,0xd4,0x79,0x63,0x94,0xa0,0x02,},"\x48\x34\x39\x15\x4d\xd5\xe5\xd1\x09\x85\x7c\x24\xd1\xc4\xe7\xfb\xbe\xfd\x2f\x38\x65\x1d\xa8\x12\x89\xf2\xad\x3d\x61\x54\x30\x65\x38\xb8\x2a\xc7\xdb\xa9\x21\x0e\x74\x07\x76\xed\xe4\xcc\xf5\x1d\x4f\x63\x09\x4b\x03\xe4\x6a\xd3\xaa\x3c\x31\x94\x7d\x8c\x36\xce\x6f\x94\xe8\x52\x96\xbd\xed\xcc\x1e\xad\x62\xea\xa1\x44\x1e\xcd\xe0\xa2\x25\xd0\xbf\x02\xed\xca\xcf\x86\x50\x14\x89\x9a\xf6\x6d\x98\x08\x04\x0c\x2d\x02\x00\x0a\x0f\x5c\xe4\xf1\x68\x3c\x1a\x49\x52\x76\xd9\xc4\xd7\x28\xc9\xec\xd6\xf0\x78\xdb\x8a\x0c\xfc\x26\x71\x87\x23\x85\x62\xab\x1a\x1e\xa2\x81\x3f\xb4\xf1\x2e\x87\x8e\x1b\xa1\x43\xf4\xd0\x6a\x3b\xc8\x10\x0c\x35\x50\x11\x8d\x69\xda\xe6\x7b\x55\xed\x69\x2a\xcf\x94\x44\xda\xa5\xc3\xe3\xc0\xa9\x8e\xe2\x8c\xf1\x72\xde\x0c\x58\x4c\x9f\x2e\xc9\xbb\x6e\x9b\x57\xf5\x72\xa8\x6f\xf8\x72\x9f\x65\xf4\xc6\x5b\x7f\xea\xcc\xaa\x21\x72\x0e\xd7\x9e\x90\x61\x8b\xca\xfb\xfd\x95\x33\xda\x85\x23\x2b\x45\x08\x83\xaa\x91\x9f\x82\x7f\x04\xc4\xa9\x7b\xf5\x13\x90\xd4\xf8\x56\x9c\x19\x17\x26\xf4\x4f\x7e\x39\xfb\x3d\xb7\x3b\xfc\x41\x5b\x6f\xfc\xa8\xb9\x1a\xca\xad\x69\x23\x85\x72\xf1\x4b\x49\x98\x5e\xa0\x3c\x98\xd7\xb1\xd4\x4b\x3a\x65\x54\x76\x5b\x19\xab\xf9\xb2\x52\x74\xe9\x7e\x46\x34\xe4\xb0\xf9\xe8\x02\xeb\x6f\x74\x3f\xff\x95\x07\x57\xee\x01\x3a\x69\x88\x22\x18\x81\xa7\x44\x3f\x1f\x32\xbc\xcb\x00\x7e\x99\x37\x9c\x7c\xa4\xf9\x06\xd5\xfe\x11\xcb\x12\xf6\x6b\x53\xa3\xd2\x1a\xc9\x47\xbe\x0c\x81\x50\xbc\xd0\x4f\x1c\x81\x6b\x3f\x0c\x07\xc5\xfb\xc0\x90\x5a\x71\x36\x95\x68\x49\xda\x03\x83\x6d\xae\xc2\x5c\x3e\x1a\x06\xec\x3a\xeb\x20\x56\x48\x17\x6f\x89\xf4\xa2\x91\xfa\xc4\xf1\xd3\x89\x9f\x56\xc9\x06\x5e\xeb\xb8\x76\x8b\x84\xb3\x1b\x7c\xc0\x31\x08\xbd\x08\x88\x33\x8d\x17\x74\x99\x49\x70\x29\x2d\x93\x50\x31\xfe\xa3\x35\xd9\xe7\x90\x8f\xe0\x25\x48\x89\xc0\xb1\x71\xcf\xe0\xaf\x2e\x6f\xde\x7a\x5e\xa3\xde\x1f\xdc\xda\xe5\x37\xb6\x31\x31\x19\xc2\x7f\x77\x20\x24\xef\x36\xe4\x5c\x8b\x89\xf2\x6c\x93\xd9\xee\xa1\x37\x25\xe1\x2d\x81\x0c\xf9\x82\x4a\xea\x04\xcb\x80\x2d\xa7\xe4\x58\xe8\x42\xca\x37\x5e\x36\x71\x34\x6e\x00\x89\xde\xc5\x71\xbe\x16\x9b\x0d\x90\x96\x6b\xf3\x68\xfe\x36\x98\xfd\x3e\x72\xbf\x16\x24\x9d\xd9\x00\xaf\x6d\x29\xff\xa4\x83\x51\x36\x0f\x12\x24\x17\x14\x58\x5f\x7a\x9b\x4c\x7b\xaf\xc9\x52\x22\x67\x35\xde\x14\x62\x74\x3d\x78\xab\xad\x0f\x67\x11\xf2\x49\x5f\x33\x13\xad\x4e\x0b\xa2\x16\xb0\xde\xa5\xdc\x15\x16\xa9\x54\x9f\x7d\xfc\xfe\xb9\x3e\x59\x1a\xbe\xda\x5e\xa3\xc7\x04\x59\x06\x52\x3b\x40\x86\x8c\xa5\x73\x5d\x6a\x33\x71\xc3\xc2\x94\xc1\x11\x26\xd0\x97\xf4\xc7\x08\xe9\x04\x64\xc1\xad\x91\x42\xfa\x0b\xed\xf0\x7d\xfc\x5f\x4c\xb6\x7d\x6e\xd8\x0f\x1b\xfe\x72\x68\x3c\xfb\x2a\xd6\x65\x30\xdc\x43\xd7\x02\x3f\x37\x90\xff\x42\xd9\x5b\xd8"},
+{{0xcb,0x63,0x19,0x61,0x37,0x79,0xa4,0xef,0x66,0xbe,0x14,0x14,0x4b,0x28,0x40,0xad,0x01,0x67,0xc0,0x3f,0x3b,0x8d,0x04,0xff,0x59,0x2c,0xd1,0xd2,0xd7,0x22,0xe3,0x30,},{0x18,0xeb,0x03,0xf0,0xa3,0x34,0xb0,0x80,0xe1,0xaf,0x43,0x99,0xd8,0x37,0x6d,0x83,0xc5,0x33,0x31,0x6d,0xc6,0x87,0xcf,0x34,0x1f,0x0a,0xfa,0xb4,0x50,0x96,0x52,0x99,},{0xc1,0xb3,0x99,0xcd,0xc1,0x98,0xe9,0xa1,0x59,0xe6,0x84,0xfc,0x26,0x68,0x6d,0xe6,0x60,0xda,0x54,0xcf,0xe3,0x12,0xca,0x73,0x45,0xdf,0x0c,0x7d,0x15,0xa3,0x57,0x43,0x01,0x44,0x10,0xbd,0x2f,0x6c,0xd1,0x1e,0xef,0x33,0xa8,0x9b,0x3d,0x15,0xcb,0xc1,0x7c,0x7a,0x35,0x89,0x37,0xfd,0x99,0x72,0x05,0x05,0x1f,0x92,0x57,0xc2,0x56,0x09,},"\x87\x4a\x6c\x81\xd6\xdb\x71\x33\xa7\x91\x69\x76\x0c\x84\xd3\x6e\xea\x3d\x42\xea\x08\x92\xb7\xc8\xdd\xe8\x44\xa3\xa6\xb6\x0a\xa9\xf2\x66\x07\x26\xc9\xc4\xdd\x26\xa0\x1f\x4e\xd0\xdc\x1c\x53\xba\x60\x05\x46\x3f\x7e\xa6\x4a\x1e\xc6\x39\x53\xbc\x3d\x81\x05\x2a\x2f\x10\x84\x38\x9a\x77\x06\xdf\x74\xed\x41\x36\x08\x2a\xb5\xc6\xe8\xc7\xf4\x11\xdf\x9d\x3a\x0f\x3c\x40\xf5\xa6\x0e\x2d\x21\xa8\x54\x8e\x7a\x25\xde\xe3\x40\x30\xb3\xc3\xe7\x5c\xaa\x93\xdd\xaa\x9c\x19\x0c\xb6\xde\xda\x24\x13\xd5\x4e\x37\x3d\x43\x53\xdb\xa4\x3d\x39\x49\x1a\x2f\x56\xc8\xb3\x6d\x45\x01\x6f\x77\xd7\x47\x16\x91\x63\x45\x39\xe7\x6c\x4f\xb4\x19\x13\x47\x2b\x0a\x23\x05\x4f\x54\x8f\x54\xb1\xe7\x10\x9c\x8b\x65\x21\xb5\x7a\xe9\x81\xd0\x50\x31\x6a\x33\xc4\x9c\x71\x16\x26\x8d\xcc\x4b\x78\xc2\xba\xe5\x3a\x3a\xe4\xdd\x17\x8b\xb8\xb7\x6b\xb3\xbe\xfe\x19\xe4\x1a\x2c\xf1\x2c\xeb\xb7\x11\x68\xf9\x71\xf2\x02\x46\x1c\x63\xf7\xd6\xee\xf1\x07\xf5\xb1\x03\x0e\xdd\x4e\x75\x00\x9e\x91\x16\xc3\xcd\x0e\x8b\xdd\xc2\x99\xb4\x1f\x1a\x45\xe7\x84\xef\xa6\x46\xda\xda\x64\x06\x8e\x92\x48\xec\x98\x8f\x23\x26\x34\xad\x3d\x5a\xab\x19\x56\x0e\x83\x0a\x5b\xd6\x65\x45\x7c\x94\x29\x5e\x1a\xf0\x16\x0f\xbc\xe2\x72\xef\x48\x45\xdd\xf0\xc4\xf2\x4d\x97\x6f\x51\x86\x90\xea\x1f\x82\xff\x4d\xfa\x48\x13\x64\x1a\x67\x59\x8e\xa9\x84\x01\xe0\xff\x10\xa0\xe5\x82\xe2\xb9\x08\x67\xb4\xe6\x23\x2c\x34\xea\x49\x9c\x16\x99\x09\xa4\x41\x26\xf3\x77\xd8\xcc\x1c\x11\x90\x58\x66\x34\x0e\xfd\x1e\x7b\x07\x7d\xc7\x45\x6d\x59\xc9\xb9\x6a\x12\x4a\xac\x3b\x33\xbb\x22\x74\x41\xbb\x7a\x52\xe6\xc3\x14\x0d\x7a\x4f\x67\xca\x05\xbb\xc9\x3c\x93\x77\x5b\x92\x91\x19\xa2\x24\xed\x8f\x39\x00\x58\x20\xf4\x20\xcc\x6c\x53\x0e\x61\xe2\x0a\xdc\xa0\x1e\x93\x9c\xc0\x31\xdf\x49\xcd\xb1\xec\x8f\xf4\x93\xc9\xef\xbc\xad\x34\xc5\x71\x08\xef\xd7\x64\x55\x89\x66\xfb\x14\x70\xb0\x74\x5e\x69\x66\x19\x1a\x9a\x9e\x44\x58\x1b\x09\xfa\xf4\x69\xf9\x51\x53\x72\x03\xd9\x26\xbc\x8a\x55\xd0\x80\xa8\x05\x18\x1d\xd7\x29\x6e\xd2\x0a\x81\x82\x68\xf7\x55\xea\xa6\x6b\x08\x22\x42\xf4\xd0\x20\xf7\xcd\x67\x20\x89\x04\x84\xc0\x1c\x75\x7f\xe3\x5d\x87\xb5\xbc\x90\x6d\xea\xcc\x2e\x30\x71\xde\x46\x01\xbc\xf0\xdd\x6b\x83\x7c\x43\x31\x06\x04\x7f\xd8\xec\x9b\xd0\xe9\x8c\x9e\xe8\x06\xf7\xec\x8c\x5a\x10\xea\x21\x36\xf1\xf9\x0f\x90\x0b\x85\x3f\x95\x3f\x00\xb0\x76\xbd\x1e\xbd\x92\x9d\x08\xa3\x8b\xec\x68\xd8\x66\x43\x50\x47\xbc\xb6\x72\x1e\x06\xb6\x40\x85\xdc\x05\x58\xc1\xfa\x85\xa2\xc8\x3b\x0c\xaf\x4c\x81\x60\x84\xf1\x0a\x4c\x58\x85\x29\x5b\xca\x15\xff\x7c\x18\xe5\x96\xc6\x2c\x92\xee\x99\x21\xa2\x7c\x29\xd1\x95\xbd\x28\x22\x13\xff\x36\x60\xb6\xe7\x54\x6b\x4e\xaa\x77\x7c\xe3\x9f\xc5\xd2\x04\x84\xc7\x1e\xd6\xca\x06\xf9\xb7\x7a\xb1\xd8\x72\x39\x3a\xb2\xd1\x02\x55"},
+{{0xb2,0x98,0xad,0xf3,0x8a,0x67,0x08,0xf8,0xd1,0x8f,0xf1,0xed,0x96,0xbf,0xba,0xb4,0x21,0x54,0x0d,0x09,0x6c,0x4e,0x43,0x51,0xb9,0x22,0x09,0xb5,0xe6,0xaa,0xab,0x65,},{0x77,0x0e,0xdf,0x42,0xb8,0xa0,0x39,0xc6,0xca,0xb9,0xba,0x65,0xeb,0xfb,0x13,0x5a,0xbc,0x2d,0xa3,0x14,0xa4,0xc3,0x09,0xf4,0x6a,0x8f,0x32,0x5b,0x52,0xd0,0x65,0x93,},{0xe5,0x5f,0x8d,0x30,0x41,0x22,0xdc,0x17,0x5c,0xf0,0x27,0x46,0x74,0xfc,0x9d,0xed,0xfe,0xc2,0xb5,0xf8,0xa2,0xee,0xb1,0xe3,0xe7,0xf8,0xe0,0xdf,0xba,0x0d,0xac,0x2d,0x32,0xf4,0xe7,0x04,0xce,0x91,0xcd,0x59,0x91,0x84,0x13,0x3c,0x3b,0xf1,0x06,0x3d,0x2f,0xae,0x63,0xd7,0x3a,0xcc,0x57,0x72,0xd7,0x18,0xd8,0x11,0x83,0x31,0x86,0x02,},"\x9d\xf4\xd5\xd7\x56\x5d\x2c\x05\x22\x62\xdd\x34\xd6\x00\x7d\x86\xd9\xc0\xf0\x7c\x70\x89\xaf\x61\x19\xe3\x04\xf4\xd8\x01\x1d\x7e\xaa\xd7\x7b\x3e\xf7\x0c\xc2\x80\x84\x7d\x59\xf2\x97\x20\x2b\x7e\x18\x61\xae\xf3\x34\xbf\x38\xde\x14\x74\x0e\x80\x73\xc9\x55\xa8\x51\xd2\xcf\x3d\xad\xc3\xed\xce\x15\xbe\x49\x0e\xaa\x84\x5b\xa5\x53\xfc\x6e\x87\x46\xe5\x29\x15\xe6\x55\xaf\x4b\x86\xc6\x29\xd4\xc5\x22\x78\x36\x35\xd4\x64\xa2\x82\x57\x77\xd8\x9d\x70\x97\x67\x7e\xf0\xe5\xee\xae\x38\x53\x7e\xcb\x65\x6e\x3b\x28\xdd\x07\x35\x8f\xd9\xfb\x2c\xd4\x62\x51\x72\x86\x65\x9a\xef\xc7\x9d\x37\x4d\x1d\x13\xed\x93\x96\x7c\x53\x0c\xde\xa4\xf3\x14\xa0\xf9\x1d\x62\x89\xb4\xc7\xa4\x27\x9b\x6f\x4c\x4a\xbc\xa3\x33\x57\xf6\x9e\xd8\x4b\x91\x19\x63\x7a\xdb\x7c\x18\xe6\x94\xcb\x3c\x56\xe7\x36\x37\xda\x91\x07\x35\xd4\x3c\x38\xaa\x80\x86\x67\x5a\x06\xad\x37\x0e\x57\x26\x88\x1d\xa5\xe1\xa1\xdc\x61\x44\xd6\xa6\x2a\xff\x7f\xb0\xc3\x52\xd8\x8d\xc9\x71\xa3\xd7\x2d\x30\x71\xe1\x4b\x47\x42\x53\x56\xaf\x1b\x01\x92\x33\x53\x82\x61\x45\x1a\x99\xa6\xcf\x4a\x07\xce\x9a\xb1\xc3\x99\x0d\xe6\xab\x8d\xe2\x11\x6c\x75\x61\x05\xc5\x12\xb7\xa3\xee\xb3\x15\x7b\x15\x8b\x32\x1e\x44\x4e\x80\x6d\x89\x0b\x38\x90\xed\x9d\xdc\x86\x9f\x17\x11\x72\x3b\xb9\x9a\x72\xbd\xb9\x23\xd1\x31\xba\x4e\xdb\xfb\xb6\xda\xe9\x9a\x5c\x7b\x32\x8d\x31\x0d\xf9\xa6\xd1\xdc\xd8\x59\x18\x96\x28\x33\xe8\x9e\x20\xf5\xc5\xe6\x33\x3a\xc8\x61\x09\x4a\xe9\xe7\x99\xc8\x64\x1b\x9b\xae\xa1\x1a\x2e\x0e\xc2\x34\xbe\x59\x30\xe0\x28\x80\x85\x9c\xde\xc0\xd9\x78\x23\x7c\xbe\xa5\xc7\xc3\x2c\x11\x1b\xaf\xdd\x4b\xfb\xff\xe4\xfb\x34\x85\xef\xfe\xcd\x51\xbd\x19\x5a\x71\x40\x4c\xa5\xb5\x9a\xfa\x25\x2d\x7b\x5f\xf9\xd0\x30\xf4\x8c\x6f\xaa\xdb\xdb\xa9\x18\xf2\x1a\x0c\xd3\x9a\xf5\x69\x66\xdc\xcf\xa2\x5f\xb5\xa5\xcf\x9a\x4b\x26\xa7\xf5\x44\x1d\xf6\xe3\x20\xe3\x4b\x27\x39\x3d\xe2\xec\xfb\xd6\x9a\x15\x94\x90\x9a\x6c\x68\x5e\xc6\x45\xfc\xf3\x04\x8d\x01\x48\xfa\x38\xd3\xe8\xa6\x4d\xc3\xc2\x1a\xe4\x4d\xa7\xe4\x6a\x5e\xa7\x93\x6c\x2b\xa0\x83\x68\x9a\x78\xca\x3a\xc6\x0b\x87\xbe\x6d\x23\xea\x40\xf5\x96\x15\x83\x74\x28\x42\xe3\x75\x25\xa4\x9c\x5f\xe8\xfd\x15\xd7\xb0\xc9\xe8\xfc\xcd\x07\x93\x6d\x19\x53\x82\x12\xf7\x37\x3d\xbb\xf3\xdf\x7d\x46\xad\xf9\xd9\xf5\xdb\x09\x52\x4c\x65\xb8\x83\xae\x6f\x6c\xef\xa2\x4b\x19\xec\x48\xce\x28\xcf\xa7\x34\xd9\xbd\x6e\x77\x83\x7d\x1a\x14\xd6\xa1\x9d\x34\x5b\xfb\xea\x55\x9e\x7e\x6b\xfb\x71\xdd\xad\x83\xcd\x8d\xee\xab\x68\x7f\xe7\x3c\x05\x74\x88\xf8\xf2\xb3\xe2\xe2\x6d\x13\x00\x9f\x4d\x23\xe6\x61\x9a\x23\xc0\x69\x2a\xf7\x66\x69\x21\x7d\x5e\xbd\x46\x08\x5b\x39\x88\x90\xe5\xc9\x1f\xdb\x4d\xb5\xba\x40\xe7\x77\x3d\x51\x8d\x3c\xf0\x0c\x0a\x5b\x5a\x4b\x0f\x1b\x85\xd6\x29\x16\xa5\x9e\x56\x07\xb7\xb1\xeb\x80"},
+{{0xe9,0xcf,0x16,0xd6,0x96,0xf6,0x3b,0x59,0xe5,0xe2,0x5c,0x9e,0xe2,0xd7,0x5b,0xb0,0x5e,0xd2,0xba,0xa5,0x91,0xa7,0x55,0x7f,0x9f,0xb1,0x29,0xcf,0x98,0x3d,0xe0,0xba,},{0x6d,0x1a,0xe3,0x85,0xe8,0x0a,0x39,0x55,0xe8,0xd0,0xc5,0x93,0xa8,0x1f,0x43,0x1c,0xd4,0x32,0x67,0x1e,0x78,0xcd,0xba,0xfe,0x83,0xfe,0x58,0xdb,0xcd,0xb9,0x85,0x60,},{0x81,0x12,0xac,0x37,0xea,0xfb,0x74,0x9d,0x3f,0x4a,0x1e,0xa1,0x48,0x43,0x79,0xdf,0x3e,0x38,0x3b,0x01,0x9c,0x12,0xde,0x85,0x15,0xe3,0x49,0xe4,0xf6,0xf9,0x98,0x63,0x2e,0x30,0x96,0x83,0x47,0xa1,0xd1,0x5b,0x09,0xda,0x2e,0xb8,0x00,0xb0,0x3d,0x81,0x9d,0x20,0x2b,0xd1,0x0a,0x6a,0x46,0x3b,0xb0,0x2b,0x36,0x6d,0x68,0x55,0xfe,0x0e,},"\xa1\x0f\xea\x8f\xc9\x3e\xcc\xfe\x2a\x6b\x78\x26\x07\x95\x63\xad\xf8\xaa\x9a\x66\x64\x44\x93\x22\x00\xcc\xa9\x44\x7d\xd0\x27\xc5\xc7\x20\x4e\xa6\x2b\xf8\xf5\xe2\xe3\x91\x45\xac\x39\x48\xab\x3f\x31\x86\x88\x7b\x30\xbc\x60\x23\x30\x24\xb4\x83\xf3\xf5\x19\x03\x6a\x3e\x94\xc8\xd7\x51\x0a\x85\x3a\xc6\xe2\x0c\x6e\x52\x6e\xe3\xcd\xb7\x6d\xe6\x63\xf6\x73\x05\xad\x80\xdf\x23\x42\xc8\x50\x1b\x4f\x4a\x8e\xe3\x66\x5a\x79\x8f\xc4\x37\xdd\x81\x4e\x4e\x47\xe7\xa4\x66\x89\x0e\x0f\xfa\x8f\x51\x0f\x3e\x6e\x19\xc9\xc9\x69\xf7\x0a\x76\xe5\xcf\x30\x54\xd1\x7d\xe4\x59\xac\x8e\xe9\x95\x50\xbd\x38\x31\x9f\x36\xe4\x33\x43\x4a\x92\x6a\xd6\x8b\x96\x1e\x0c\xa1\x0a\xdd\x4b\xa9\x92\xb3\x65\x06\x60\xa2\xc3\xc2\x6f\x5d\x74\x0a\x31\xaf\xb7\x76\x3f\x54\x2f\x72\x3b\x8a\x3c\x92\xd8\xae\x92\xa5\x67\x76\x4e\xfc\x70\x53\x03\x12\xba\xab\xdd\x3f\xbb\xd5\x27\xfe\x0f\xcb\xca\x3f\x6a\x70\x64\xcd\xde\x18\x56\xe9\x7a\xb7\x86\xaf\x7d\x70\x22\xa9\xd4\x6a\x33\x8e\x8e\x17\x54\xaf\xd9\xad\xac\x85\x6a\x38\xde\x2a\x4c\x97\x66\xde\xe8\xdb\xc7\x09\xb0\x67\x1a\x6a\x6e\x6e\x1e\x5d\x12\x07\x4d\x22\x24\x5c\xd7\x3b\xee\xeb\x1b\xd8\xec\xfc\x1e\x85\xa2\x1b\xde\x25\x3f\x7c\x46\x5a\xbc\x1f\xea\xa9\x61\xc0\xff\x5c\xff\x2d\x89\x64\x72\xae\x17\xab\x84\x88\xe3\x3f\xfe\xfd\xb7\x2c\x10\x5e\x20\x4f\x94\x4a\xda\x51\xee\x13\x98\x1a\x13\x6c\x0f\x38\x42\x6e\x3e\x49\xb0\xe9\x18\x41\xc3\x27\x94\xd5\x2f\x13\x35\xdf\xa6\x37\xf1\x51\xc7\xe4\x0f\x9b\x83\x0a\xed\x53\x9a\xc5\x73\x1b\x81\xcd\xe3\x26\x4d\x22\xbe\xad\x31\xa6\xcc\x68\xd1\xa7\x31\x43\xb5\xba\x48\x16\x13\x92\x32\xf3\xf7\xf9\x79\x83\xf4\xec\xba\x64\xc4\x95\x53\xbe\x9d\x6d\x94\x3f\x91\xdf\xe0\x3d\x1e\xe8\x61\x8c\xd4\x0d\x2f\xb7\x23\x8a\x31\xd1\xbc\x38\xe7\x6a\x55\x1f\x9e\xee\x22\xe7\x3a\x27\xd7\xa4\x8b\x40\x87\x72\xea\x72\xc3\xed\x63\x7b\xb4\xb1\x68\xf9\xd7\xae\xad\x94\xea\x03\xbc\x11\x10\x99\x01\xc8\x89\x92\x7d\x51\xcd\xac\xf9\x62\x12\x59\x62\x55\x99\x79\xd3\xe4\xc8\xe3\xb5\xae\x58\x2f\x2d\xba\xd4\x99\x88\x02\x85\x6c\x4d\xf6\x9e\x8f\xb5\x49\x17\xe2\xf3\x6b\xb6\x7a\x19\xa2\x6e\x9a\x9a\x94\x85\xbc\xe9\x8d\xbf\xff\x0d\x2b\x02\xb9\x37\x7a\x91\x37\xa7\x34\xe5\x7b\x5c\xe6\x65\x05\x30\x17\xe9\x92\x67\x7a\x1a\xa0\x79\x24\x0d\x2c\xf9\x63\xcd\xf9\xbf\xea\x8d\x46\x00\x91\x23\x2d\xaf\x89\x80\x1f\xd7\x51\x71\xa6\x19\x5a\x5c\x04\x68\x15\x91\x4b\xe1\xf6\x28\x68\x78\x3d\x6f\x2c\xf2\x8a\xf9\x37\x8d\x6c\x68\x93\xe7\x5d\xe6\x41\x11\x1c\x68\x47\x27\xef\xfa\x31\xb8\xbc\x9b\x0a\x01\xdb\x9c\x9e\x81\xcc\xd8\xf4\xd4\xe8\x75\xd4\xbd\x90\xd2\x53\xf5\x89\x89\xa8\xa5\x2a\x20\x3a\x77\xa4\x96\xd6\x97\x98\x6b\x03\x1e\x9f\x69\x9b\xc6\xa1\x6c\xd5\xf9\xc3\x60\x18\xeb\xda\xa3\x6b\xad\x0e\x01\x4f\x4c\xf3\xb4\xb7\x46\x17\x1b\xf8\x93\x14\xe8\xb7\x2c\xbd\x47\xcc\x61\x6a"},
+{{0x23,0x8a,0x6d,0x49,0x79,0x32,0x1a,0x14,0xa9,0x97,0x23,0x6f,0x45,0x85,0x04,0x6c,0xf7,0xa0,0x5c,0x0a,0xdc,0x6b,0xa1,0xfd,0xb1,0x9e,0xc2,0xa3,0x2f,0x62,0xbe,0xeb,},{0x0b,0x4b,0xa6,0x74,0xe4,0x01,0x66,0x5b,0x67,0x90,0xcf,0xda,0x08,0x07,0x04,0xcd,0x90,0xe2,0xf3,0xd3,0xef,0xab,0x25,0x3e,0xd8,0xdc,0xfb,0xd1,0x8e,0x40,0x67,0x89,},{0x29,0x42,0xf7,0x08,0xc0,0xed,0xe4,0xcb,0x0d,0xde,0xf1,0x3b,0x85,0xd7,0x1d,0x72,0x13,0xe0,0x38,0x3d,0xd2,0x94,0xf5,0x34,0x13,0x5f,0xd6,0x9c,0xaf,0xbc,0xfc,0x0e,0x33,0x09,0x0a,0x2a,0x0c,0xa3,0xfa,0x57,0x2c,0x72,0xcd,0xf5,0x59,0x2d,0xe9,0x03,0xb1,0x58,0x44,0x95,0xab,0x63,0x99,0x81,0x50,0xf2,0xb3,0x93,0xa3,0xb3,0x40,0x0c,},"\x97\xcd\x61\x9a\x22\x51\xed\xa9\x16\x64\x64\x31\xd4\xcd\x15\x98\xc2\xd4\x4d\x06\xaf\x3e\x48\xbd\x18\xe3\xde\x7f\xb4\xbd\x4f\x78\xe0\x0a\x69\xee\xab\xde\x3f\x82\x06\x5c\xfe\xe6\xcd\x71\x1f\x07\xd2\x26\x37\x16\x1f\xf6\x85\xf6\x5a\x7d\xdf\x54\x55\x31\x97\xfd\x31\xc5\xc6\xb7\x1d\x9e\x36\x5a\x94\x1d\xce\x4c\x3e\x22\x5d\x19\xcc\x63\x3a\x7e\x12\x86\x2c\xd2\x3e\xbb\x7c\x74\xa7\x04\x85\x0f\x76\x1a\xc0\x24\x1b\xe5\x17\xce\x7c\x36\x09\x36\xce\x07\x25\x0d\x9f\x2e\xb2\x78\x71\x15\xee\xc3\x77\xe1\x13\x4d\xc0\x8f\x44\xeb\x0a\x2a\x2a\x27\x16\xf0\x01\x44\xa4\x9f\x01\x2a\x57\xb3\xcd\x06\xef\xeb\x3f\xae\x92\x0f\x28\x5c\xff\xd9\xa4\x01\xa0\xb9\x86\x59\x4e\x17\xb2\xc9\xc8\xfd\xab\x83\x5d\x9f\x3f\x5d\x47\x4b\xe7\x33\xc1\x92\x5e\xe6\xf0\x93\x86\x71\x10\x66\xc3\xfc\xd6\x45\xee\xb0\xfb\xe7\x05\x41\x69\xeb\x70\x9d\x4a\x3f\x0d\x16\xf2\x8a\x1f\xf5\x06\x6c\x84\x2b\xc6\x3e\x35\x9e\x92\x48\x5b\x38\x75\x7f\xf4\x6c\x27\xf7\x9d\x0c\xdc\xf0\xe1\x6e\x97\xe3\xc7\xb7\xe2\x17\x8d\xff\xd2\x70\x28\x2d\xd6\x12\x05\xd5\x85\x4d\x84\x1f\x0e\x3f\xc0\xe4\x82\xcc\x1e\xe4\x85\x52\xcf\xe6\x58\x93\x5b\x54\x27\xc3\x66\x23\x0a\xef\x79\xae\xf4\x02\x1d\x6f\xab\x5f\x18\x75\xcc\x84\x9e\x32\x1a\x75\x50\x0e\x9e\x1b\xa5\xdd\x59\x6b\x43\x8c\xf8\x8b\x23\x5b\x01\xa6\x76\x25\xc4\xbf\x84\xd0\x72\x4a\xe6\x88\x0a\x37\x85\xe3\x3b\xd9\x23\x5f\xd0\xf5\x98\x18\x04\xd2\x1c\xbd\x63\x3c\xb1\x80\xf3\x44\x56\x46\x02\x07\xa2\x90\xa2\x54\xd9\xfe\x61\x06\x3d\x40\x63\x4c\xa3\x87\x2f\x09\x35\xfa\x28\x32\x87\x95\xca\x41\xb0\x06\xa2\x11\x1f\xc5\x93\x2b\x1e\x77\x9c\xe9\x66\xcc\x47\xad\xb7\xc0\xdd\x98\x73\x33\xba\x75\x29\xa1\xa4\x99\x6c\xe9\xf5\x6e\x05\x19\x81\xfe\x1f\x55\x3e\x57\x8f\x43\xc3\xba\x94\xbe\xac\xc9\x3c\x3e\x73\x96\x67\xc7\xa7\xc6\xfa\x27\xe1\xe0\x81\x69\x5d\x20\xba\x70\x5c\x3f\x10\xb2\x0d\xf5\x30\xcb\xb0\xec\xb8\x74\x56\x50\x11\x09\x68\x70\x19\x31\x84\x52\x78\x5d\x38\xe7\x66\xb3\xcd\x35\xb0\x07\xd7\xe3\xcf\xe0\xb2\xcc\xa8\xaa\x6e\xf7\x39\x55\x99\xdc\xb9\xc4\xd2\x8b\xcc\x35\xc7\x6d\xfc\x35\x34\x3c\xb1\x34\x8b\xa3\xe9\x62\xf1\x0e\xe8\x6f\x86\xf5\xb6\xd4\xca\xe2\xe8\xc2\xb1\x85\xe3\xea\xa1\xae\xb8\x7b\xcf\xcf\x2f\xb7\x6c\xc7\xfc\xc6\x89\x50\x71\xb1\x68\xe8\xb7\xf6\xca\xa0\xfd\x63\x98\xe7\x78\xcc\x07\x91\x2f\xf5\xd6\xe6\x10\x21\xa8\xa5\x9a\xe0\x35\x21\x60\xf5\x6d\x54\x88\xfe\x2f\x2a\xcc\x94\x03\xda\x9a\x9f\xfc\x66\x1c\x1e\x9d\xc5\xbe\x88\xc4\x20\xdb\x0f\xd7\x7d\x84\x5d\xc8\xdd\x9d\x8e\x58\xf9\x96\x1b\x79\xaf\xc6\x86\x24\xba\xa8\x6a\xa6\x43\xa8\xa3\xc7\xed\xf7\x1d\x55\x3c\xc0\xd3\x22\x4a\x60\x69\xec\x67\x4f\x52\xda\x29\xa1\xcb\x60\xc4\x19\x23\x01\xa2\x43\x47\xa8\xaa\x83\x26\x26\x9e\x0a\x14\x78\x0c\x95\x83\xcd\xff\x51\x59\x27\xfd\x5b\xef\x52\x8f\x9d\x23\x78\x7a\xeb\x80\x3d\x70\xeb\x91\x6b"},
+{{0x59,0xd5,0x01,0x39,0x3d,0xc5,0x99,0x97,0x23,0x81,0x07,0x06,0xfa,0xd7,0xd6,0xef,0xd1,0x63,0xc4,0x47,0x10,0xc7,0x41,0xc1,0x85,0xc2,0x7e,0x04,0x25,0xe3,0xc0,0x5b,},{0x82,0x65,0xd4,0x3c,0xfb,0x07,0x35,0xb5,0xd7,0x25,0x0f,0xcf,0x0f,0xcb,0xd1,0x54,0xbf,0xc0,0xee,0xcb,0x13,0xb7,0xad,0x93,0xb6,0xb0,0x29,0x40,0x58,0x8b,0x84,0x3b,},{0xe6,0x46,0xf1,0x64,0xcf,0xed,0x8c,0x2e,0x06,0x07,0x10,0xdc,0xfb,0xc3,0xe9,0xfa,0x5e,0xb3,0x96,0x37,0x68,0x13,0x19,0x01,0x84,0xe3,0x46,0xf5,0x2b,0xb0,0xba,0x57,0x46,0xcc,0xb6,0xb5,0x95,0x22,0xb1,0xaf,0xf9,0x83,0x0f,0x2f,0x98,0xb9,0xe5,0xda,0xfc,0xd8,0x32,0x07,0x78,0x83,0xc4,0x4e,0x8a,0x35,0x38,0x8f,0x71,0x8b,0xf4,0x0c,},"\x56\x4e\xd2\x2c\x17\x2f\x5c\x3a\xfb\xb0\xb9\x5a\xd2\xfc\x64\xe4\xbe\x6d\x4d\xb1\xeb\xb8\xd3\x99\xc4\x3a\x5e\x16\x04\x8e\x7f\x87\x32\x18\x1e\x5d\x0e\xed\x8e\x63\x8e\xf2\xa5\x5a\xa0\xd7\xb6\x81\xfe\x02\xbb\x54\x23\xaf\x94\xbd\x35\x2d\x3c\x2d\xde\xc0\xf8\x47\x60\xa4\x11\x2b\x4f\xe0\x17\xcf\xbc\x50\x2f\x95\x43\xcf\xa4\x1f\xb2\xaa\xe7\x5a\x3a\x08\x1f\x8c\x49\x90\x33\xd1\xfa\xe5\xd9\xc5\x0c\xb4\x4d\xbc\x63\x60\x5a\x54\x39\x8f\xbf\x07\x98\x52\xeb\xa8\x6f\x2f\xdf\xc2\x72\xd0\xc4\x17\x9d\x7c\x13\xcb\xc1\xc2\xa3\xda\x0b\x82\x84\x5c\xf1\xa4\x6e\xbb\xe3\x1e\x79\xb6\x00\x97\x33\xc7\xbf\xe7\xaa\x4f\x9f\xfd\x71\x9c\x77\xdc\x7d\x74\x8e\x49\x2e\x14\xee\x5e\x41\x79\xbf\xa9\xe6\x49\xcf\x0d\x89\x53\x41\x86\x38\x5e\xe9\x94\x10\x05\x1d\x66\x56\xe6\x23\x43\x8c\xc7\xb2\xe7\x07\xe4\x8c\x84\x91\x55\x49\xae\x8d\x67\xa3\x06\xc6\x7b\x10\x6b\x7a\x25\xf4\x5f\x8e\x10\xdd\x7d\xd3\xea\xac\x31\xf1\x05\x22\x57\xeb\x6a\x75\x76\xb6\x85\xcb\x9e\x6c\x1c\xd0\xd7\x3c\x7a\x3c\xed\x5a\x8d\xd2\x73\x08\xae\x00\xf9\x5e\xab\xda\xe9\xd1\xc4\xaa\x89\x34\xe2\x42\x4c\x93\x28\xa5\x22\x8f\x4f\x82\xdd\x4a\x66\x55\x6d\x82\x17\xc5\xa2\x2b\x2b\xeb\x86\xa2\xa4\x34\x13\xee\x5e\x10\xf8\x83\xf2\xcd\x6c\x2e\x87\x49\xb5\x50\x88\x42\xec\xae\x5f\xfc\xcb\x79\x6d\x96\x33\xe8\x7e\xf4\xa9\x6c\x0d\xf7\xef\x47\xb2\x83\xd0\x96\x72\x3b\xa3\x13\x5b\xad\x75\xb2\xe1\x9e\xc0\x4f\x70\xa4\x78\x42\x8a\xd5\xd0\xaa\xc0\xdd\x2a\xb9\x90\x59\x13\xe7\xe5\xad\xe4\x08\x80\x1d\x5d\x3c\x54\xd9\xcf\x7b\x8f\x0f\x0c\x5e\xb0\x54\xc1\x47\x5c\xc2\x10\xa2\xc7\x98\xd8\xbd\x89\x93\x2f\xf9\xf3\x60\x42\x18\x58\x05\x3a\x70\x7b\x8b\xbd\x32\x05\x5c\x44\xb2\x07\x12\xa2\x67\x8a\x9a\x6a\xf9\xe3\x6d\x04\xdc\xff\x44\xf4\x31\xcf\x19\x30\xcd\x18\xfc\x93\x5d\x22\x67\x77\x5c\x69\x09\x67\x25\xed\x89\xa2\x91\xdd\x60\xe2\x1a\xc0\xb0\x12\x87\x34\x07\x29\x92\x82\x3e\xf8\x7b\x5e\xfa\x6c\xc5\xb0\x50\x17\x7f\x55\xf4\xce\xc9\x2a\x08\xa6\x5b\xca\xdc\xab\x9a\x41\xc3\x60\x86\x37\x0b\x7b\x9d\xd6\x29\x8a\xc7\xb0\xae\x6a\x09\xc9\x71\x0a\xbb\x46\x76\xa8\xfc\x87\xa3\x65\x12\x90\x14\x4b\x6b\x30\xef\x4f\x6f\xbe\x5b\x9a\xd2\x52\x37\xfe\x06\x05\xe3\xb9\xf1\x8a\x77\x18\xac\x9f\xca\x6f\x32\x5e\xa5\x5f\x49\xa8\x07\xfb\x80\xa2\x40\x2a\xe1\x34\x23\x08\x0d\x32\x77\x58\x64\x90\x23\x79\x8d\x57\x28\xe0\xdc\x64\xac\x88\xa6\xe2\x94\x5d\xbb\x3e\x3f\xfa\x9f\xdb\x4c\x7b\x58\xfb\xa3\xf5\xfb\xd6\x7c\x68\x6b\x29\x71\xbb\xd8\xba\x4d\x27\x5d\x57\x3e\xb7\x96\xeb\x91\x46\x77\x5d\x8c\xdc\xd5\xfd\x3e\xb5\xa8\x8e\xa5\xa9\x30\xec\x32\x44\xe6\xa3\x7c\x81\xf6\xa2\x55\x4e\x5b\xa7\x87\xf0\xe4\x53\x19\xfe\x4b\x8a\x2f\xfb\xfe\xd5\x07\x70\xe7\x82\x7b\x3e\x7b\xc2\xb4\x4c\xe5\x12\xae\x60\x51\xb6\xf9\xf1\x39\x31\xea\x6a\xcc\x09\x6b\x8d\xcb\x01\x96\xbe\x42\x24\x84\xdb\x5f\xcb\x29\x9d"},
+{{0x83,0x9f,0xb1,0x32,0xe6,0x92,0x50,0xca,0x1a,0xd9,0x45,0x10,0x08,0x7f,0x92,0xce,0x06,0x87,0x69,0x21,0x3a,0x19,0xb2,0xa6,0xc8,0x94,0x90,0xf1,0xf5,0x78,0x80,0x7a,},{0xeb,0x58,0x66,0x19,0xb4,0x4a,0x15,0x37,0x9a,0xcc,0x46,0x21,0xa2,0xac,0x71,0xea,0x58,0x97,0x00,0x26,0xc2,0x8e,0x24,0x09,0xfc,0x1b,0xa2,0xbd,0x8b,0x23,0x6d,0x1d,},{0x66,0x43,0x7b,0x6b,0xc0,0x5e,0x75,0xdd,0x16,0x26,0xc3,0xc4,0xff,0x1f,0x72,0xe6,0xdb,0x38,0x1b,0xa1,0x59,0x09,0x48,0xf8,0xf1,0x6a,0xd4,0xd6,0x6e,0x59,0x91,0x65,0x9a,0xa8,0x44,0x05,0x56,0x8c,0xfb,0xc0,0xa7,0x7c,0x02,0x5e,0x59,0xe4,0x3f,0xd5,0x3a,0xb9,0xff,0xab,0xba,0x7b,0x25,0x8f,0x78,0x79,0x62,0x39,0xf9,0x0d,0x45,0x01,},"\xc5\x72\x32\xfe\x32\xf1\x1e\x89\x4b\x43\x7d\x40\x45\x62\x07\xcc\x30\x6d\xb4\x81\x69\xb2\x0e\x07\x81\x10\x3a\xff\xe8\x02\xf5\xaa\xbe\x85\x82\x95\x2c\xa8\xe9\x57\x45\xe9\x94\x0d\x53\x5e\x00\xff\x65\xab\x3c\x64\xbe\xd3\xd1\x17\x3a\x0f\x3d\x70\xce\x4e\xbe\x2b\x50\xd0\x48\xbb\x47\x16\x4d\x2a\x2c\xd9\xd9\x5a\x10\xcf\x0d\x07\x3e\xd1\xc4\x1b\x3d\xe3\x33\x52\x8e\xe3\x29\x68\x22\x3a\x0d\x84\x7c\xad\xbb\x5b\x69\xf3\x82\x16\x4e\x9a\x28\xd2\x3e\xc9\xbd\xe9\xa8\x28\xe8\x77\x1c\x9e\xb4\x92\x20\xaf\x54\x18\x55\x08\xaa\x07\x3a\x83\x91\x95\xf1\x03\xbc\x2f\x32\xfe\x04\xf9\x51\xca\x45\xbf\xbf\x30\xd2\xfb\x81\x14\x05\x6a\x73\x6a\xdd\xf2\x7e\xcd\x9a\xf0\xf6\xe5\xe9\x7e\x57\x73\xc4\xfa\x90\x22\x68\xc3\x2a\x15\x14\x10\x95\x5f\x3c\x76\xaa\xe2\x55\x54\x9e\x0f\x03\x3f\x89\xe1\xa7\x8f\x26\x5c\xba\xb6\xbe\xb7\x51\x6d\x4b\xad\xc4\x9c\xda\x45\x88\x31\x62\x25\xb4\xc8\x5e\xa9\xfa\x99\xc7\xd6\x76\x6e\x94\x90\xc4\x9d\xe5\x9d\xa7\x17\xf6\x67\x65\x35\x30\x07\x1d\xd2\xf0\xc5\x3e\x31\xd8\x76\x81\x56\xfe\xb0\x8f\xaf\x00\xdb\x0a\x04\x53\x3d\xf9\x79\x57\xa8\x4a\xa4\x6a\xeb\x7e\x36\xc0\xb0\xbe\x69\x01\x89\x46\xf1\x53\x8a\x6a\xea\x71\xdf\x53\x6f\x14\x42\xc2\x44\x4a\x43\xa0\x43\xd0\x46\xab\xde\x1a\x78\x2b\x0f\x4f\x5c\x6a\xa7\x20\xaa\x60\xaf\xed\x94\x7c\x0c\xee\x47\x7d\xbe\xc0\x05\x57\xb3\x72\x12\xd9\x33\x57\xca\x2b\x6b\x6f\x82\x71\x5b\xa0\xe4\x84\xf6\xda\xf2\xd0\xb7\xa9\x8c\x03\x35\x19\xce\x38\x26\x35\x86\x79\x6d\x5d\x31\xcb\x2b\xc3\xd1\x12\x5b\xc0\xcc\xd3\x29\xa5\xc2\x1f\xd2\x7a\x21\x8d\xed\x60\x7a\x0e\x75\x15\xb5\x71\xf1\x92\xc3\x3f\x5f\xba\x51\x4a\xfe\x4d\x45\x81\x00\xf3\xcc\xba\x3f\x38\xeb\x43\x0b\x4f\xc8\x8f\xae\xf9\x99\xfa\x71\xee\xe4\x88\x22\x89\x03\xbe\x29\xf2\x4d\xf8\x1d\xc9\x11\x04\x4e\x92\x4c\xda\xa0\x17\xcc\x7d\x87\xe5\x6a\x6c\xba\x87\x60\x85\x9b\xd6\x3d\xd2\xd4\xf5\x81\xb9\x55\xec\x92\x4a\x49\xaf\xb4\x7c\xa0\xd6\x3e\x78\x26\xfd\xc7\x12\xb4\x94\x3b\x73\x9e\x18\x57\x75\x5a\x33\xc6\x50\x36\x75\xfd\xde\xae\x06\x27\x06\xe3\x4f\x74\x4f\xd9\x32\x64\x8a\x56\x08\xce\x60\x8a\x61\x99\x57\x83\xf3\x33\x9c\xa3\xfe\x10\x7e\x19\x72\x74\x4b\xf6\xd4\xed\xaf\xbf\x47\xce\x02\x1e\x05\x82\x1f\xb1\x24\xc7\x08\x39\x30\xe6\x8e\x6f\x5c\x32\xd2\xd9\xfc\x4a\x88\x4c\x0b\xc8\x84\x04\xe4\xcf\xe3\xc1\xa2\x42\x0d\x41\x82\x3a\x38\x5f\xb3\x28\x8d\xb6\x5c\x89\x54\x5f\x6e\x73\xf0\xd8\x00\x4b\x2b\xa1\x2a\x4e\x07\x72\x75\x23\xef\x08\x56\x70\xda\xff\xaf\x41\xc2\x8a\x4c\x11\x57\xbd\xd2\x45\xe6\x87\x50\xdd\x20\x0e\x02\x3a\xf9\x0c\x67\x56\x1e\x0f\xe4\xba\x34\x0c\x43\x3f\x75\x5e\xef\xab\xd4\xb0\x39\xbf\xc3\x23\xdc\x11\xad\xb7\x5a\xec\xc4\x48\xa8\x69\xc7\xf2\xa5\x8b\x9d\x86\x17\xc6\x4b\x8f\x89\xfc\x58\x3f\x8c\x94\x8e\x2d\xf0\x25\x1a\x6c\x7d\x8c\x73\x8c\x3b\x5a\x42\xb7\x49\xad\x5e\x8e\x98\x6b\xd8"},
+{{0xad,0xc1,0xe5,0x6c,0x3a,0xc9,0x4e,0x6c,0xda,0x04,0x11,0xcb,0xc3,0xce,0x2a,0xf1,0x28,0xd1,0x85,0xa2,0xa2,0x73,0xbd,0xb2,0xaf,0x8d,0x7e,0x50,0xfb,0x96,0xb5,0x26,},{0x5d,0xcf,0xec,0x1f,0x91,0x12,0x75,0x15,0x64,0xec,0xb6,0x07,0x15,0xeb,0xb2,0xc5,0x17,0xb5,0xec,0x37,0xb2,0x53,0x4f,0xd6,0x32,0x99,0x24,0x42,0x9b,0x7f,0xd5,0xc5,},{0xf0,0x2e,0x5d,0xbc,0xb6,0x87,0x04,0xaf,0xad,0x03,0xac,0xa8,0x10,0x61,0xdb,0xdb,0x99,0x85,0x70,0x04,0x9f,0x10,0xce,0x65,0x0e,0xc7,0xa2,0xef,0xf1,0x5c,0x79,0x3d,0xdf,0x5a,0x27,0x2c,0xb6,0x83,0xc2,0x2c,0x87,0x25,0x7c,0x59,0xbd,0xef,0x39,0xef,0xea,0x79,0xbd,0x67,0x95,0x56,0xea,0x15,0x05,0xed,0x00,0x36,0xcb,0x46,0x04,0x0c,},"\xd4\xf9\x59\x47\x4e\x0b\x89\xe2\xdc\xd0\x20\x66\x98\x4f\x88\xd7\x39\xdd\x11\x34\xa3\x33\x09\xf0\xa8\xb7\x80\x2e\xaf\x01\x33\x03\xc1\x35\x15\xdf\xeb\x46\x1e\xa3\xd2\x48\xe9\x98\xb9\xa4\xe5\x4d\xae\x5b\x00\x19\x0a\x45\xe7\x0d\xc6\x7e\x98\xf3\xd4\xcf\x90\x6c\x21\x4d\x4f\x63\x6d\x29\x52\x92\x5e\x22\xb1\xa8\x6a\x1a\xab\xb3\xa8\x92\xa9\xf8\xed\x45\x4f\x39\xc6\x3d\x35\xb7\x1e\x87\xa2\xda\x55\xa8\xe1\x67\xac\x83\xa8\x66\xad\x16\x7a\x17\xae\xd1\x83\xc0\x85\x18\xc1\x5e\x6b\xe3\x48\x58\xb4\xce\xe2\xb8\x42\x73\x14\x76\x0f\xff\xdd\xd5\x92\x38\x54\xb1\x74\x7f\x79\x6e\x1a\x52\x49\xfb\x30\x44\x89\x4e\xd6\x46\x82\x9f\x65\x43\x16\xee\x52\xf4\x01\x0c\x8d\xd3\x21\xfa\x1d\xec\x39\x7e\x50\x14\x5e\xd9\xe3\x16\x86\xfd\x52\x03\xf7\x23\x3b\x8d\xa7\x80\xac\xaa\x91\xee\x0b\x5b\x47\x20\x78\x66\xaa\xd8\x5f\x83\x7e\x03\xb4\xe6\xf6\xde\x8c\x04\xac\xaf\xd7\x07\xbd\xc1\xdd\x45\x50\x0a\xb5\x64\x80\x1b\xee\x9a\x58\xec\xe3\x60\xd0\x04\x82\x8b\xaa\xf5\x23\xe2\xf5\xab\x69\x32\x6a\x03\xaa\xbe\x01\x08\x78\xfd\x43\xff\xaa\x56\x87\x22\x44\xd7\x68\x1f\x16\x18\xe6\x23\xe3\xd4\x74\xc7\x3a\xf8\xb0\x80\xa6\x18\x21\xa5\x74\xef\x2f\xd7\x52\xd2\x3b\x60\x5e\xc5\x21\xc1\x9c\x15\x50\xde\x98\x0c\x09\x4d\x05\xe0\x23\x8f\x3e\x00\x8e\x6b\x19\x5a\xbf\xdd\x40\x28\xee\x1e\xe1\xd6\xc6\x6a\x76\xf1\x78\xf0\xb4\x31\xe4\xaf\x44\xdd\xcc\xfc\x52\x90\xed\xff\x36\xec\xe6\x3e\x83\x85\x56\x70\x13\xf4\x3a\x2a\xeb\xb6\x7e\x3e\xf4\x06\x30\x8c\x20\x48\x8a\x76\xd5\x8a\x21\x4f\x31\x39\xd9\x83\xb1\x9a\xfb\x12\xe3\x28\x36\x07\xfd\x75\x10\x7b\xd3\x1f\xeb\x62\x56\x17\x4b\x7a\x18\xae\xca\xc9\xf8\x56\x25\x82\x01\x8b\x0e\x6d\xe4\x05\x35\xe3\x5b\xef\x2b\x56\x25\x53\x88\x51\x29\x39\x75\x62\x90\x0d\x34\x17\xf9\x8c\xdd\x1e\x29\xd7\x31\xff\x48\x93\x3f\x29\x52\x95\x81\x63\xba\x67\xd5\x95\x61\x81\x1b\x83\x77\x2b\xd0\x57\x10\xb6\xe3\xcc\x04\x34\x60\x99\x37\x50\x72\x23\xab\xb7\x1a\x6a\x8c\x83\x8f\xec\xdb\x1d\x2d\x37\xc9\x5d\xc8\x06\xf6\x5f\x3f\x96\x63\xd9\x9f\x06\xe6\xc0\xf3\xc3\x2e\x95\xaf\x1d\xd7\x08\xe8\x11\x08\x63\x6a\x26\xb9\x68\xe9\x83\x39\xc7\x41\x28\xb6\xcf\x67\x13\x35\x88\x4a\xc7\x2f\x75\xb6\x37\x19\x5e\xa9\xec\xa0\x53\x60\x89\x96\xc3\x2e\xd4\x45\x41\x0f\x67\xfa\x10\x4b\x39\xf0\xfd\xf3\xc9\xb5\xc6\x15\x7b\x76\x80\x37\x56\xb2\x7f\x4c\x3b\xa1\xb4\x7f\x32\x85\x76\x24\x8e\x9b\xc5\x3e\x7b\x8a\xb0\xb2\xed\x97\xc2\xf9\x99\x8b\xcc\x7d\xfe\x39\xe2\x64\xaa\xd3\x0c\x6c\xfe\xf2\xb5\x55\x3f\xfb\x5a\x69\x9a\xa4\xbd\x0e\xab\xe4\x38\xce\x05\x22\xcc\x91\xfe\x4e\x72\xbf\x7e\xac\xba\x47\x71\xcc\xf6\x3a\x37\xaa\xfc\xad\xbf\xbf\x99\xdd\x76\xb8\x5b\x80\xee\x07\x5d\x3a\x7d\x1a\x90\xa5\x5b\x77\x29\xa5\x41\x6e\x5b\xe6\x96\xbf\x9f\xb7\xf3\x15\x8c\xfd\xb5\xcf\xda\xcd\xde\x81\x72\xee\x1a\xb9\x48\x6e\x24\xcc\xea\xd2\x9b\x45\x7a\xcf\x43"},
+{{0xdb,0x89,0xdf,0x6a,0x23,0xd8,0x90,0xb7,0xf0,0x02,0x60,0xe8,0x1f,0x4a,0xd9,0x8f,0xd0,0x94,0x40,0x36,0x51,0x31,0xe8,0x5e,0x22,0xc7,0x95,0x1a,0x18,0x7b,0x02,0x18,},{0xc9,0x67,0x63,0x67,0x2e,0xe4,0xa2,0xcc,0x5a,0x93,0xb6,0xa6,0x83,0xdf,0x9b,0x5d,0xe4,0xd9,0x38,0x6a,0x79,0x08,0x35,0x68,0x1d,0x12,0x17,0xd1,0x92,0x96,0xbd,0xc8,},{0x80,0xb7,0xfc,0x8b,0x6a,0xe6,0xee,0xce,0x81,0x66,0xb7,0xea,0x53,0x4c,0xb5,0xb2,0x14,0xc9,0xea,0x99,0x73,0x92,0x1e,0xd0,0x5d,0xe4,0x0c,0x78,0xe1,0x4f,0x16,0x2b,0x09,0xe9,0x78,0xca,0x6d,0x86,0xee,0x43,0x4d,0x98,0x4b,0x8b,0x00,0x70,0x40,0x9d,0xd2,0xad,0x11,0xb5,0x31,0x78,0xe2,0x39,0xda,0xb5,0xbc,0x39,0xc7,0xba,0x46,0x0d,},"\x54\xc1\xc5\x11\x1e\x08\xc9\x82\x45\xba\x4f\x13\x18\xba\x1d\xb1\xdc\xc7\x4d\x14\xa5\xc9\x8a\xb9\x68\x9c\xba\x1c\x80\x2c\x68\xbc\xfc\x81\xfd\x87\xff\xc6\x1c\xaa\x94\x2f\x66\xd7\xe5\x15\x7f\x65\x53\x8c\x7e\x7b\x33\x17\x04\x84\xb4\xb6\x54\x3f\x36\x20\xff\x29\x63\x8b\x64\xd4\xda\xe7\xb0\x22\x21\xcf\x77\x83\xf1\x87\xec\x42\x31\xe6\xb6\x94\x6d\x82\x76\x20\x74\xf0\x9c\x32\x78\x1c\x2f\x38\x46\xde\x3e\x82\x17\xf6\xe1\xb6\xe0\xd2\xb5\x59\x5d\x74\x2e\x2c\x4e\x32\x5a\x28\x41\x92\x40\x44\xdf\xcf\x12\xb4\x79\xeb\x69\xf1\xbb\xd4\x0e\xab\xdd\xd1\xff\x54\xa9\x18\x4d\x36\x6d\xff\x9d\x8f\x2d\x86\x3e\x37\x8a\x41\xf1\x0c\xd1\xda\xe9\x22\xcd\x7f\xbb\x2a\x54\x4e\x47\xea\xbf\x47\xca\x0a\x38\xab\xba\x34\x45\x49\x19\xbb\x9a\x4e\xf0\x44\xbf\xb9\x7b\x70\x8c\x2f\x74\x28\xd6\x8f\x9c\x57\xc0\xee\x7e\x79\x25\xf7\xa2\xb5\xc6\xe7\xdf\x82\xbb\x26\x80\xc8\x62\xdc\x7c\xc6\x8b\x0f\x54\x53\x0e\x64\xaf\xe2\x76\x3d\x9c\x7b\xaf\x45\xcc\x6f\xe6\x12\xd1\xf7\x82\x77\x39\xc4\x41\x13\x98\x88\x8f\x73\x67\xc3\xd4\x37\x79\x07\xac\xc0\x6a\x06\xf9\x3f\x88\x72\x26\x79\x8f\x48\xaa\x54\x64\xf6\x01\xc2\xc1\xed\xda\x77\xed\xfe\xb9\xb9\xb5\xd5\xf9\xcb\x6f\xed\x37\x90\x05\x47\x47\x7f\xca\x1d\x09\xab\x52\xd6\x3e\x49\x1f\xeb\x12\xfd\x6d\xc8\x05\xa7\x8c\xee\x3b\xaa\xde\x43\x52\x98\x20\x61\xde\xa5\xa2\x65\x3d\xb8\xe7\x60\x77\x72\xe8\x34\xb3\xa5\x05\xc1\x6d\xd6\xe7\xc7\x1b\x91\x1e\x84\x2e\xba\x92\x5d\x77\xa3\x3c\x5c\x57\xce\x11\x84\x09\x80\x78\xca\x2e\x6a\x3f\x69\xaa\x6a\x14\x63\x9d\xc9\x7b\x4b\x30\xc9\x9d\xc4\xfa\x3e\x2c\xf6\x3c\x70\x1c\x30\x6c\x5e\x25\x3c\x51\x13\x85\x4c\x18\x5e\xbc\x8b\x47\x98\xf6\x8d\x1f\xd7\x80\x05\x4d\x3e\xed\x2f\x39\x4c\x45\x43\x04\x96\x6b\xdd\xbd\x12\x28\x08\x34\xec\x9b\x40\xc1\xe9\x8b\xc2\xd9\x8f\x48\x45\xf6\xeb\x44\xf2\x53\x15\xee\xdb\x3b\x79\xff\xca\x41\x80\xc1\xbd\xdd\x97\xd0\xc9\xaf\xfb\xac\x58\x81\x49\x37\x68\x26\x80\x07\x6f\xe5\xa3\xba\xbb\x65\xd2\x8f\x25\x17\x03\x6c\x0c\xfb\x42\xf0\x29\x3e\xb2\xac\xb1\x39\x49\xfe\x91\xe0\xad\x06\x78\xaa\x24\x3d\x77\x34\xa8\x9d\x99\x78\x70\xbf\x9a\x6a\x58\x4e\xd6\xe6\x28\x16\x3e\x39\xd8\xaa\x61\x0d\x46\xb9\x28\x5b\x9e\x1d\xd7\xe8\xf8\x07\xfd\xf5\xca\x2b\xbf\x6d\xe5\xe5\xe6\x8a\xf7\xcb\x7e\xbd\x43\xec\xce\x22\x7c\xd7\x0c\x7b\xf4\xee\x14\x33\xed\xfc\xfe\x88\x66\x14\x67\x0c\xdd\x19\x63\x43\xfb\x91\xe1\x54\x16\xd2\xf6\xac\xba\xe3\xea\xdc\x03\x02\x31\xee\x9d\x2e\xcc\x52\xa8\x8c\xe8\xdc\x7d\x09\x8e\x7f\xac\x77\x68\x5b\x4e\xb5\x40\xe3\x01\x93\x07\x14\x32\x21\xb8\xef\x77\xf3\x63\x2c\x89\x3d\x55\x6e\x0b\xb7\x43\xa1\x96\x3e\xc1\x58\x86\xc8\x54\x5e\x87\xc9\x5c\xc8\x25\xf2\x00\xd0\xf3\xcf\x4f\x55\xa3\xd6\x60\xa5\x36\xa2\x3a\xef\xcc\x42\x8a\x43\x20\x34\x85\xee\x84\x34\x2f\x5c\x00\x1e\xe8\x40\x4e\x75\x90\x17\x00\x62\x82\xab\x8b\xa8\x90\x3e"},
+{{0x00,0xe6,0xbb,0x17,0xaf,0x3c,0x2d,0xf6,0x52,0xb3,0x4f,0x9a,0xbe,0x19,0xf9,0x90,0x19,0x07,0x42,0x33,0x68,0x6c,0x71,0x14,0xe3,0xa0,0xed,0xf0,0x83,0x09,0x93,0x4f,},{0x7b,0x82,0x32,0xa6,0x6c,0xec,0x2f,0x91,0x5a,0xaa,0x79,0x51,0xd2,0x9d,0x2b,0x9e,0xe9,0x3d,0x32,0x1d,0x15,0xb2,0x03,0xc5,0x1e,0x61,0xe8,0xce,0x83,0xd1,0x87,0xf8,},{0x04,0xb3,0xb8,0x50,0x1e,0x39,0x6c,0x4a,0x78,0x8e,0x14,0xac,0x49,0xf6,0x17,0x4c,0xdb,0x5c,0x85,0x5e,0x65,0x12,0x03,0xcf,0x68,0xd1,0xef,0xa8,0x9a,0xa5,0x86,0x78,0xd4,0xd1,0xf3,0x03,0xa9,0x87,0x7a,0x37,0x86,0xd2,0x03,0xc3,0x55,0xb0,0x9d,0x52,0x86,0xc1,0xca,0x0d,0xf0,0x4a,0x89,0xaa,0x06,0xcc,0x3f,0x9d,0x0f,0xd3,0x05,0x04,},"\x06\x32\x81\xe4\x1e\x8b\xa9\x70\x3e\xd0\x9e\xf3\xbf\x0e\xa4\x6e\x4c\xab\xdd\x6e\xbd\x76\x9d\x05\xdc\x04\x5d\x4f\x99\x0d\x69\xfc\x55\x41\x30\xa4\xe6\x1a\xa2\x1e\x2d\xe4\xc9\x2d\xb4\x8a\x20\xa3\x7b\x17\x47\xa7\xea\xc5\xeb\xb2\x73\x5a\x89\x38\x19\x7f\x13\x9f\xad\x14\x97\xb3\x51\xad\x06\x4c\x0f\x18\xf8\xfa\xf1\xfe\x11\xf6\x39\x79\xa6\x99\x68\xe2\x4c\xf9\x1e\x58\xa3\xab\x03\x26\x69\xe4\xef\xee\x27\x4f\x96\xb5\x8b\xe7\xd9\xe3\x91\xf3\x6f\xcf\x07\x09\xb2\xcb\x2d\x22\x69\x4a\x6c\xeb\x17\x24\x69\x45\xeb\xb3\xbc\x7f\x0f\x03\xbf\x0b\x08\xdc\x96\x26\xe3\xe7\x15\xc9\x91\x67\x1d\x53\xeb\xb9\xae\x83\xa7\xd0\x8d\x44\xf6\x36\x35\xc4\x0f\x8d\x48\x17\xf5\x8d\xe9\xeb\x77\xcb\x25\xb2\xac\xd6\xde\xf9\x69\xab\x56\x9e\x97\x4a\x8a\xda\xc1\x1a\x86\xb5\x8f\xe6\xc1\x00\x67\x49\x9f\xc9\x14\xdf\xf5\x69\x02\xcb\xc3\x93\xa7\x1c\xc2\x5e\x8f\x05\xc0\x3c\x94\xf1\x3b\x84\xa2\xb0\x1a\x58\xc1\x0d\xbc\xbb\x60\xeb\xce\xe4\x87\xf5\x29\x17\x74\x66\x29\x99\x25\xda\x50\xe2\xda\x5b\x55\x57\xf0\xae\xee\x3f\xd7\xf4\x7b\x5c\x2e\x3f\x84\xce\xfa\xb4\x67\x96\x91\x39\x4d\xd1\x22\x30\x3b\xb7\x69\xaf\xb3\xad\xfe\x83\x58\xb0\x2b\x67\x92\x73\xb3\x5a\xbd\xc6\x40\x25\x76\xcc\xce\x5e\x10\x44\x2a\x13\x7e\xf9\x45\x69\x39\xb2\x89\xef\x4e\x41\x7b\x1c\xc6\x23\x9f\x7c\xee\xdd\x68\xf1\xa8\x26\x41\x80\xe0\x68\xb4\x96\x6f\xd6\x7f\x2b\xad\x6e\xdd\x8b\x4a\x1e\x8d\x2b\x54\x2d\xaf\x26\xdb\x83\x1f\x1f\xb5\x1e\xb8\x6f\xfa\xde\xcc\xd9\xac\x3d\x66\x4f\x34\x6e\x7d\x04\x6c\x33\xa5\x72\x84\x1e\xa8\x33\x4e\x7f\x2f\x41\x7a\x05\x71\x2a\x9e\x33\x4e\x48\x7f\xd3\xae\x17\x54\x55\x16\x2f\xe8\xf4\x9c\xc0\x26\xa6\x40\xc6\xcf\x93\xcf\x58\x87\x50\x52\xf4\x1c\xc9\x82\x06\x15\x65\x3e\xa2\xd0\x84\xc8\x96\xea\xfe\x5a\xd4\x72\x55\x79\x65\x30\x84\x99\x4f\x95\x6d\x5c\x94\x59\x0a\x24\x09\x58\x1b\x6f\xc8\x6e\x40\xaa\x58\xbf\x6e\x60\x57\xa6\xf9\x0a\xf3\xb8\x7a\xea\xf3\x29\x94\xa5\x5a\x54\xf7\x9b\xdf\x3d\xbb\xf5\xce\x0f\xf8\x12\xe4\x86\xb0\x54\x5d\x9e\x9c\x2b\x0b\xce\x0d\x4c\x36\x47\xb1\x82\x72\x62\x49\x88\x34\xe1\x98\xa3\xec\x70\xf3\xb0\x3d\x6a\xad\x2c\x49\xeb\x80\xb5\xe2\x05\x14\x39\x22\x5f\xd9\xce\x94\x68\xd6\x9a\xf7\x0a\x26\x2e\xe3\xb8\xb6\x2a\x8e\x5b\x41\x34\x6d\xa3\x01\x2f\xfb\x45\x81\x6b\x7b\xec\xb0\xe7\x9a\x60\xbf\xf7\x16\x36\xa3\xe4\xbb\x1b\x35\xca\xf1\x95\xf5\x51\x17\x28\x0f\x78\x72\x17\xb3\xca\xa2\xe7\x93\x72\x6f\xc5\xa7\x4d\x11\x60\xdc\xad\x86\x89\x04\xc1\x97\x38\x11\x34\xed\x8c\x3d\xb3\x75\x0b\x75\x56\xf6\x9c\xcc\xe1\x8b\x77\x38\x8b\x58\xc5\xb8\x11\x3e\x59\x0a\xd6\xea\xc5\xb9\x1e\xce\x5a\x67\x05\x02\x5c\x80\x35\x3c\xeb\x1e\xd8\x4a\xaa\x1c\xc4\x8a\x41\x6b\xc0\x16\xae\xf1\x73\xbb\x80\xb2\xba\x28\xc5\x79\x60\xc6\xb0\x11\xb6\xb4\x95\xa3\xf3\x31\x1e\x79\xfe\x46\xbd\xb6\xa4\xc3\x81\xfb\x9d\xc4\x62\x8b\x0a\x83\x02\x35\x58\xf1"},
+{{0xfb,0xdd,0xf6,0xe6,0x1e,0x20,0xd8,0x06,0xe5,0x59,0x17,0x75,0x6d,0xe6,0x0d,0x0c,0x9a,0x99,0x97,0x6f,0x64,0x67,0x16,0xff,0x2f,0xf1,0x31,0x2c,0x54,0xdd,0x97,0x1d,},{0xac,0x53,0x8f,0xab,0xad,0x43,0x80,0xe6,0x0e,0x97,0x71,0x26,0xe7,0x69,0x5e,0xed,0xa5,0x41,0x7d,0x85,0xf7,0xd2,0x3d,0xb2,0x1b,0xd0,0xad,0x11,0x11,0x16,0xf0,0x5d,},{0x8c,0x9b,0x77,0xaa,0x0f,0x1c,0xf5,0x2e,0x8f,0x7a,0x91,0x8b,0x21,0xb4,0x68,0xe6,0x23,0x35,0x91,0x1b,0xc5,0x93,0x06,0xb3,0x0c,0xe7,0x7b,0xf6,0x92,0xc1,0x10,0x59,0xb0,0xee,0x9c,0x5d,0xaa,0xf6,0x83,0x9b,0xb8,0x13,0x73,0xc6,0x1d,0x28,0xd0,0x72,0x70,0x2b,0x59,0x5e,0x4d,0xce,0x28,0xcb,0x99,0x38,0x22,0xb2,0x48,0x13,0x04,0x0b,},"\x3e\x99\x53\xca\x55\xd0\xcd\x23\x3b\x98\x83\x3e\xb1\xbc\x79\xd3\xb5\x5f\x18\xc8\xfa\x1c\x42\x02\x7b\xca\x25\x57\x91\x53\xb5\x5d\xa0\xc5\xa1\x78\xb8\x38\x69\x56\xd9\xa5\x41\x83\xb2\x4c\x91\xdc\x4b\xe9\x94\x84\x72\x37\xd3\x66\x6a\x0a\x01\x30\xfe\x19\x92\x4b\xc0\xee\x50\x89\x6c\x35\xa2\xe1\x6a\x29\xe2\xe2\xac\xf1\x80\xbd\xd9\x37\x93\x54\x68\x7f\x0e\xce\x68\x82\xd2\x6e\x98\x0e\x68\x66\x98\x04\x3b\xb1\xb0\x12\x13\xaa\x64\x4a\x4f\x8d\x61\xf9\xb6\x13\xe6\x2e\xaa\x35\x76\xce\xa0\xb0\xb8\x3f\x05\xce\x25\x58\xff\x63\x56\x49\x5c\x45\xed\xe4\xa8\xf6\x5b\x81\x4a\xb8\xa7\x30\x94\x03\xdf\xd4\x3c\xbe\xa9\x08\x93\x93\x9b\x78\x00\xaa\x00\x23\x2b\x5f\x6b\x77\x14\xeb\xdc\xd8\xbc\xf3\x4a\x5a\x7e\x82\x2a\xc7\xb1\xb0\x99\xac\x61\x5f\x13\x5f\x8c\x35\x1d\xc4\x1a\xe5\xf6\x6d\x5f\x9c\x26\x00\x45\x4c\xa0\x1c\x00\x9b\xa6\xde\x04\x16\x2a\xe5\xf1\xf2\x70\x89\x3c\xa3\x90\x7a\xff\x7f\x78\xe0\x33\x96\xe3\x2b\x62\x2f\xf3\x40\x53\x7b\xf1\x23\xe5\x59\x95\xe9\x20\x96\x09\x33\x0b\x2e\xee\x51\x12\x74\x84\xa4\x0e\x25\x07\x00\x82\x3f\xeb\x0b\xc9\x7b\xb5\x09\xff\x73\x26\x75\xde\xc3\x2e\xcb\x63\x5e\xd9\x2c\x7d\x78\xfe\x30\x50\x20\x0c\xf1\xd9\x41\xd6\xb3\x88\x80\x0a\x84\x19\xd9\x6a\x59\x5e\xce\xd5\xec\x4e\xfd\xcb\x6f\x98\x7f\x54\x72\xa5\xc4\x30\x58\xd3\xa3\xa7\xbb\x56\xd7\x98\x03\x65\xed\x43\xdb\xc2\xbe\x48\xf1\xd1\x8c\xe7\x6a\x89\x18\x54\x26\xfd\x5c\x69\xdf\x7e\x92\x91\xab\x78\x23\xc2\x3a\x76\x94\x1e\xd3\x83\x6a\xac\x7b\x58\xc0\xd5\xfb\x6b\x63\x6c\x42\x47\x1a\x4d\x17\x03\x51\x6f\x03\xe9\x35\xf3\x1f\x19\x54\x50\xe5\x37\xb2\xa0\x7d\x54\x5b\xa4\xb6\x8a\xfb\x06\x38\xc6\x5b\xb0\xff\xaa\x0c\xfd\x69\xd7\x10\x48\x19\x79\x66\x19\xd4\x83\xa0\x24\x5b\x4f\xd9\x01\x7f\x62\xa7\xd3\xa5\xfc\x3b\x72\x89\xd7\x57\x35\xf2\x87\xca\x0a\x95\x1a\xd5\x83\x44\xb2\xab\x7d\x7d\xf8\xdb\xd7\x92\x2a\x5a\xbb\x8d\x7c\x2e\x79\x14\x7e\x6d\x36\xee\x31\xf9\x30\x47\x3b\x07\x27\xdc\xfd\x58\xd6\x44\xd7\xd7\x0a\x0e\xd3\x1c\xa6\xa1\x3e\xd9\xdb\xd2\x24\x49\x2e\xfd\xa1\x9e\x4f\x8e\xed\x46\x18\x0f\xe7\x50\xf0\x7b\xbe\x8e\x99\x85\x4d\x13\xf5\x8b\xa9\x68\xce\x38\x59\xd6\x11\x89\xcd\x2b\x66\x7f\x3b\x2d\x06\x65\xb5\x74\xc4\xba\xc1\x9d\x9e\x37\xe5\xb7\xa8\x0e\xb3\x34\xe3\x68\x10\x53\x0a\xa5\xd1\x76\x63\x93\xf8\x11\x5a\x52\x09\x0c\x91\x82\x34\x28\xc8\x97\xa5\xf3\x5e\x12\xa8\xaf\x2c\xd4\xfb\x13\x90\x7c\xa6\x60\x3a\x4f\x76\xf5\xc2\xe0\x23\x74\xa8\xdc\x3a\x47\xc1\xbe\x6f\x1d\x1c\x8e\xbc\x59\xb3\x6d\x1c\xfa\x0a\xb2\x3e\x9b\x0a\xe9\xb0\xe6\x37\xee\xed\xb9\xc6\x6b\xea\x62\xdc\x63\x0c\xde\xfa\x71\x82\x39\x61\x7e\x31\x18\xe5\xb6\xde\xb7\xc2\x94\x47\x52\x82\xe8\xab\xe2\x4f\xd5\xa5\x4b\x78\x6f\xff\x90\x28\xc5\xa0\x33\x38\x4e\x4b\xc8\x01\x4d\xec\x8d\xa1\x00\xa9\x4b\x17\x8e\xf8\x8e\xc3\x57\xb6\x6d\x2b\x90\x98\xab\x64\x79\x16\x96\xb1\xa6\x6b"},
+{{0x8a,0x55,0xe7,0x7b,0xb0,0xc8,0x74,0x0b,0x8c,0x2e,0x8d,0xdf,0xdf,0xdb,0x40,0xf2,0x7e,0x45,0xfe,0x81,0xfe,0x45,0x71,0x11,0xbf,0x1c,0x87,0x30,0xea,0xb6,0x16,0xb4,},{0x9f,0xf1,0xfd,0x0c,0x50,0xeb,0x24,0xf9,0x9f,0xe2,0xf7,0x71,0x1d,0x52,0x87,0x2d,0xfc,0x90,0x03,0x80,0xdd,0xdc,0xdb,0x86,0xfe,0x6f,0x4a,0x5f,0x35,0x0a,0x87,0x43,},{0x8a,0xae,0xba,0x53,0x5c,0x51,0x1c,0x31,0xd3,0xf8,0xe9,0x5c,0xb0,0x77,0xa9,0xa7,0xec,0x7d,0x08,0x44,0x1e,0x53,0x42,0xa6,0xab,0xe0,0xbf,0x2a,0x5d,0x7f,0xc9,0x30,0xb4,0x3d,0xac,0x3d,0x1e,0x8e,0xf2,0xcb,0x03,0x45,0x52,0xeb,0x4d,0x08,0x39,0xbc,0x8b,0xf2,0x94,0x55,0x1d,0xd2,0xd8,0x0c,0x53,0xfd,0x62,0x79,0x35,0x1a,0xc2,0x0c,},"\x20\xfb\x41\x4e\x26\x4a\x95\x47\x84\xf1\x12\xba\xce\x7e\x04\x74\xb3\x9c\xb3\xc9\xe5\x3d\xee\x0a\x21\xf4\xcf\x6d\x4a\x99\xb9\x34\x7d\xdf\xfb\xe2\x81\xa6\xc2\x30\xa7\x5d\x63\xa7\x2f\xd0\x5f\x6d\xb5\x3e\xa7\x01\x4e\xf7\x70\x9d\x18\xff\x97\x0f\x48\x5f\xe8\x3b\xa1\xd3\x71\x47\x33\x8a\xde\xd6\xda\x4c\xfd\xac\xc1\xe6\x9d\x2f\x3e\x0e\xf3\x62\xf4\x7b\x5b\xcf\xb7\x8a\x1e\x17\x9e\xb5\xc5\xb1\x06\xc8\xd8\x2a\x0a\x0b\x29\x0d\xf0\x75\xab\x27\x43\x69\x29\xcd\xe6\x56\xf0\x23\x09\xf9\x57\x50\xeb\x67\x65\x83\x26\x2e\x5f\x2f\x69\xf0\xff\x72\xa8\xe0\x57\x26\x63\x82\x26\x92\x05\x31\x87\x40\xbf\xe0\x6b\xf5\xc2\xcb\x45\x33\x90\x8e\xf9\xf9\xf2\x86\x9a\x75\xb9\x53\x35\x79\x82\x0e\x3b\xc0\xca\xff\xd6\x46\x17\x1c\x82\x86\xc3\xa4\xab\xa1\xff\x09\x15\xd9\x36\x11\x20\x5e\x23\x0f\x39\xff\x4c\x4c\xaf\x3f\x33\x3e\x75\x3f\xce\x2b\x71\x21\x3e\x53\xd6\x08\x41\x5e\xe1\x7f\xd4\x82\x12\xee\xdd\x88\x40\xf3\x37\x10\x1e\xf0\xd0\xb6\xf7\xbe\x4b\xff\xc0\x6e\xee\xfe\x80\x66\xdd\x27\xa0\x54\x1a\x46\x88\x31\xac\xdd\xc4\x90\x2e\x2f\xef\xef\xbe\xd1\x9c\x30\x8e\x56\x21\xe0\xbf\x46\xbc\xd5\x38\xaa\x13\xfa\xf0\x4d\x38\x07\x59\xc0\xe1\x07\xe9\x12\x00\x18\x39\xdf\xd0\xb6\x35\x44\x0e\x96\x38\xf5\x37\x7c\xa8\x45\x0f\x35\x0c\x01\x12\x9e\xe3\x37\x64\x41\x5c\x53\xcb\x2f\xfb\xf9\x68\xdf\x78\xb7\x42\xfd\x06\x65\xe7\x8a\x34\xab\xf4\xde\xcd\x1f\xd3\x86\x28\x9a\x13\x64\xe6\x45\x55\xee\xc5\x8b\x0a\xf9\xa4\xcd\x6b\x36\xd1\xd5\xc6\x11\xa2\x84\x6d\xfb\x55\x89\x34\x4b\xbb\xb0\x25\x60\x24\x1b\x74\xb9\x93\xa2\x5b\xef\x50\xfb\x1e\x73\x19\x08\x6e\x6a\x23\x98\x63\x00\x83\x4e\xd2\xdb\xa9\x8a\x16\x87\x21\xc2\xf7\x84\xdf\xb8\xd3\x80\x0d\x06\xa0\x54\xae\xf1\x4d\x17\x72\xb6\xc5\x74\xaf\x25\x63\xd1\x93\xef\x2e\x51\xbd\xc6\x2d\x2a\xbc\xe2\xee\xbe\xad\xa7\x92\x03\x49\x8e\x66\x86\xc2\x87\xf3\x7b\xd8\x8a\xeb\x16\x6f\x7d\xff\xc3\xe6\xad\x02\x94\x11\x7e\xf6\xee\x9d\xa8\x47\x9e\xd8\xa1\x6f\xe9\xbe\x24\x6d\x26\x68\x04\xf2\x96\x58\xdb\x75\xe7\xa0\x87\x3b\xe7\x1d\xc7\xd4\x07\xe3\x9f\xab\xd6\x6f\x98\x8b\x45\x74\x77\x42\x7f\xad\x81\x30\xf0\x9a\xb6\x65\xf1\x59\x7c\x90\x46\xe7\x37\x3a\xf9\xa8\x35\x2a\x86\x83\x0c\xb9\x2a\x80\x44\x88\x70\x0f\xe6\x89\x19\x24\xfe\x2a\x72\x01\x73\x3d\x95\xe5\x91\xee\x0a\x1f\xef\x1c\x26\x36\x07\x8d\x37\x0e\x7a\xd3\xb6\xa9\x44\xfe\xd2\xcf\x2b\x30\xab\xa2\xd5\x6f\x34\x95\xb2\x84\x9c\x03\xbb\x61\x4f\x48\xbc\x4e\x50\x7c\x39\x5a\x6c\x35\xd3\xee\xd4\xc7\xbe\x8e\x68\x0f\x2d\x45\xa3\x10\xb1\x87\xeb\x88\xcf\x0e\x8e\xd4\xde\x7d\x37\x24\x6a\x50\xa6\x36\x7b\x97\xee\x37\x84\x32\x2c\x0b\x71\x13\x1a\x28\x31\x98\xda\x48\x04\xde\x75\x1d\xcf\x70\xc4\xba\xd0\x0d\xd9\x8d\x87\x3a\x69\xdd\x1a\x09\xcf\x69\xdd\xfa\xd7\xae\x60\x35\x00\xb6\xa4\x62\x25\x80\x98\xd8\xb6\x6b\x85\x29\x35\x94\xe2\x08\x82\x9b\x52\x28\xfa\xe2\xfa\xfc\x39"},
+{{0x16,0x3b,0x0c,0xb6,0xa1,0x2e,0x8f,0x07,0xb0,0xc2,0x9d,0x6a,0x63,0xf6,0xa6,0x52,0xce,0x49,0x72,0x70,0xb5,0xe4,0x6f,0xcf,0x83,0x3c,0x99,0xbd,0x84,0x3f,0x8c,0x64,},{0x68,0xa3,0x5d,0xe4,0xba,0x6f,0x0f,0x82,0xec,0xf4,0xb1,0xe0,0xdf,0x8e,0x24,0xcb,0x4f,0x18,0xf2,0x10,0x3f,0xf0,0x4d,0xc1,0xb5,0x33,0x39,0x91,0xb6,0xd3,0x14,0xba,},{0x17,0x73,0x8f,0x57,0x26,0x55,0x07,0x80,0x65,0x1d,0x60,0x19,0x9f,0xda,0x39,0xd9,0xc4,0x76,0x8d,0xb5,0x91,0x7e,0x32,0x39,0x36,0x31,0xc5,0x4a,0x41,0x9d,0x59,0xf1,0x8e,0xf9,0x60,0xdd,0xd4,0x39,0x38,0x0d,0xab,0xc3,0x14,0x76,0x1b,0xd0,0xcd,0xb5,0x7c,0xce,0x48,0x1e,0x61,0x09,0xfe,0xd0,0x95,0xde,0xa6,0xe8,0x65,0xaa,0x67,0x0b,},"\x56\xa1\x60\x3f\x72\x5b\xe0\x76\x13\x05\x8c\xdb\x3a\xcd\xc5\x23\x54\xe3\xbb\x1f\xf2\xbe\xd1\x3f\x89\x51\x75\xb1\x5c\x8c\x5a\x90\xff\xbe\x46\xb1\x1a\x06\xcf\xe3\x62\xda\xdf\x73\x23\xc9\x40\x41\x72\x55\xaa\x7a\xa5\x43\x12\x10\x3e\x71\x46\x3d\xaa\x0b\x5c\xda\xeb\xd0\xbe\x72\x3c\x73\x22\x73\xe3\xc3\xf5\xbf\x7a\xa3\x51\x9d\x69\xdf\x6f\x47\x70\xda\xa1\xdf\x82\x80\xbb\x3c\xd2\xc7\x14\xac\x03\x02\x00\x54\x65\x79\xf5\x6c\x60\xb9\x1a\xe1\x1f\x4c\xf8\x74\xa3\x5f\xc5\x9b\x35\x4b\xed\x80\xf5\x6e\x11\xa6\xcd\x62\xa8\x8c\xe6\xb4\xf6\xbf\x39\xd6\x4c\xe3\xd8\x04\x09\x82\x5f\x90\x16\x2c\x3d\x96\xd1\x0e\x47\x86\x07\x36\x5f\x7a\x24\x1e\x71\xaf\x98\x00\x42\xfe\xc2\xd6\x88\x91\xe0\xc8\xa3\x7c\x58\xec\x4e\x60\x0f\xd5\x81\xe7\x90\xb0\xaa\xe8\xe0\x9f\x35\xd4\xcc\x18\x76\xdf\x43\x4b\x80\xee\xe0\x53\x69\xf8\x48\xfc\x49\x30\x57\x7d\x16\x84\x27\x58\x88\xf3\x25\x9c\xb4\x73\x76\xc5\x16\x9c\x99\x37\xf8\x55\xa9\x6a\x9e\x74\x8a\xd0\xa6\x9a\xe4\xab\x2f\x2f\x17\x44\xa3\x92\xf9\xac\xc6\x20\x99\x75\xb7\x84\x98\x4c\xb1\x2f\x98\x29\x2c\x36\xa5\x32\x21\x99\x4a\xbc\x56\xf9\xa6\x6d\xae\x45\x60\xb7\x93\x56\xff\x47\xe1\x28\xc0\x79\x6a\x7f\xb0\xe0\xbb\xc9\x60\x0a\xf4\x8e\x49\xea\xa9\x42\x7c\xf6\xeb\x66\x20\xb1\x0c\xd2\xc0\x85\xb0\xb3\x42\x00\x4d\x5b\x0d\x3e\xdc\x11\xd2\x92\x42\xa4\x63\x87\x80\x76\x2c\x9d\xc6\x06\x9b\x66\xbd\x84\x97\x3b\x50\x11\x96\x1c\xe5\x6d\xb5\x8b\xda\xf4\x8e\x6b\xe1\x2a\xb9\xad\x24\x41\x62\x97\x00\x4d\x02\x91\x4b\x95\x9f\x54\xe0\x92\xf8\xcd\x43\x65\xfa\x6a\xb7\x8d\xdb\xff\x4c\xe8\xda\xd4\xe2\xf5\x3a\x05\xc0\xcc\x49\x9b\xfb\x47\x81\x4a\x27\x13\x55\x1d\xcd\x19\xd4\x47\xf6\x27\x57\x6e\xa4\xea\x4b\xbd\xa8\xba\xe1\x8a\x64\x65\xce\xd7\x47\xea\x17\x18\x0b\x00\x9f\x01\x21\x21\x60\x48\x2b\x04\x33\xaa\xc6\x8e\x67\x64\x4d\x00\xf4\x1f\xdf\x99\x90\xb9\xe1\x11\x17\x63\x4d\xeb\x13\x9b\x1a\x40\xad\x3f\xce\x42\x99\xa1\x7f\xe1\xdd\x22\x53\x01\xc7\xf8\xd8\x01\x0a\x79\x6d\xc7\x9c\x13\x30\x7d\x3f\xf9\x92\xa8\x8b\xe6\x64\xd4\xc8\x86\xd6\x8c\xa9\xe4\x47\x0c\xfb\xe6\x3e\xbf\xfc\x42\x40\x10\xe3\x72\xb6\x92\x2a\xa9\x5c\x80\x1d\x1e\x94\x06\xda\x4b\xc1\x88\xca\x82\x06\x64\x05\xbc\xdb\x3e\xaf\xc9\x37\x62\x9b\x32\x63\xdc\x7d\x50\xee\x52\x78\xcc\xec\x6f\x11\xd5\x51\x7f\x56\xbc\x26\x9c\x87\x36\x91\xe7\xeb\x53\xfa\xef\xf0\x75\x64\xab\x46\xb4\x03\xf1\x5d\x9e\x0e\x69\x24\x86\xee\x09\x8e\x7b\x51\xb4\x28\x13\x46\x9b\x82\x35\x04\x22\x33\xca\x3f\x9c\x4f\x8f\xf2\x4a\x57\x1f\x47\xe0\xad\xf9\x14\x4a\xea\x48\x8a\x2d\x2d\xd0\x01\xe3\x1f\xc9\x61\xe0\x5c\x3e\x85\xf0\xd9\x81\x40\x7c\x87\x31\x58\xbb\x0d\x35\xba\xfe\x4b\x60\x42\x2e\x67\x55\x1e\x97\x01\x65\xce\x3f\xc5\x99\xd0\xfc\xc9\x2b\x16\xac\x36\xa9\x2b\x2c\x1d\xc6\xb3\xf0\x33\xfe\x31\x0c\xd1\x96\xda\x04\xa4\xe6\x39\x03\x11\x77\xcd\x27\xd7\xc2\xfb\xec\x65\xa0\x0b"},
+{{0x8c,0x83,0x93,0x81,0xb6,0xa7,0xce,0x26,0x49,0xc1,0xea,0x46,0x4a,0xe3,0xc2,0xd3,0xfd,0xb1,0xec,0x66,0x6d,0x7b,0x4b,0xe4,0xe2,0xa9,0x41,0xab,0x6d,0x65,0x57,0xa7,},{0x5c,0x72,0x4a,0x30,0xc6,0xfb,0x32,0x81,0x53,0x43,0xa8,0x0d,0xde,0xe6,0xee,0xe5,0x44,0x51,0x64,0x18,0xea,0x95,0xe1,0xba,0xc8,0x0a,0xfc,0x80,0x40,0xd6,0x3f,0xc6,},{0x5d,0x21,0x10,0xd1,0xd2,0xf3,0xed,0xd6,0x83,0xbd,0xfd,0xbe,0xa3,0xff,0xa7,0xcf,0x55,0x28,0xa4,0x0b,0x8b,0x3d,0x8d,0x8c,0x9b,0xfd,0x22,0xae,0xac,0x28,0xba,0xd4,0x71,0x66,0x6e,0x06,0x2f,0x7d,0x38,0xce,0xda,0x8b,0xb3,0x73,0x97,0xa1,0xc5,0xc3,0xf7,0x33,0xb5,0x37,0x96,0x70,0x45,0x70,0x64,0x78,0x43,0x7d,0x4d,0x18,0x7a,0x0a,},"\xcb\xcf\x89\xc3\x54\x89\x64\xc3\x8d\x70\xfd\x8f\x68\xe8\xec\xe3\x6c\xc3\x97\x55\xc9\x71\xd1\x4d\x7e\x05\x6f\x39\xb0\x23\xef\x16\x6d\x17\xf2\x43\x85\x22\xf0\x10\xd6\xd8\x35\xd8\x86\xe7\x1f\x47\x4c\x67\x27\xa4\x22\x1f\xd0\x3a\x75\x74\x57\x82\x89\xed\x54\x93\xac\x4c\x09\x47\xe3\xf4\x28\xd8\xfe\x06\x40\x06\xa2\x56\xce\xf2\x18\x11\xd7\x26\x78\xf5\xdf\xc6\xba\x66\xac\x29\xec\xd1\xb3\x2f\xf5\x55\x7c\xb0\x8c\x5f\x13\x05\x59\x21\x7a\x04\x13\xb7\x59\xc2\x4d\x83\x38\x8a\x2b\xb9\xb2\x9b\x6b\x91\xd1\xf3\x10\x1e\xd6\x25\x21\x1e\x4d\x73\x80\x51\x93\x47\x8c\xf9\x95\x39\x6c\x10\xb1\xc5\xaf\xfa\xcb\x00\x89\x9d\xa0\x4e\x3c\xce\x19\x3b\x49\x4e\x2a\x93\x3c\x4e\xeb\xe0\xa3\x7b\xfb\x8f\x1b\x83\x71\xbd\xe5\xfd\xa0\x9e\x80\x4e\x94\x0f\x34\x48\x96\xa5\x29\x46\x7a\xde\xe4\x5a\x8f\xeb\xf8\x5a\xb0\x36\xca\xb8\x80\x14\x3b\xe4\xf5\x9b\x77\x41\xd8\xe4\x50\x27\x8b\x06\x36\x55\x78\xd4\x0b\x19\xdc\xec\xc6\xe1\xee\x3d\xa3\x4a\xb2\x90\x13\xfa\x3a\xf7\x72\x92\x72\x96\x21\x10\xe3\x85\xab\x9a\x02\x2f\xae\x41\x46\xf8\x97\x16\xf7\xba\xb9\xd3\xdc\x68\x2f\x4f\xac\x77\x36\xd3\xe0\x89\x73\xc6\x85\xbb\xb2\x75\xbb\xf8\xf2\x17\x41\x9e\x5c\xae\x02\x19\xeb\xa5\x16\x6a\x5d\xe1\xb1\x1e\x3f\x9a\x90\x8b\x8a\xc7\xe6\x5b\xcd\x62\x3f\x8c\x18\xbb\x02\x4f\x60\x5d\xcb\xac\xda\x79\x0d\x83\x62\x95\x74\x44\xa9\x5c\x13\x0a\x37\xee\x9d\x56\x3d\x0c\xbb\x4c\xb2\xb0\xff\x71\x59\x1d\x93\x90\xb6\xc8\xfc\x28\x75\x3a\x0e\x40\x2d\x64\x87\xcf\xac\x60\x71\x35\x92\x7d\x89\x26\x75\x12\xb3\x4f\x87\x70\x57\xd9\x27\x1b\xcc\xc0\x24\xdf\xed\xcc\xc6\xc3\x2e\xdf\x75\xc8\xb7\x55\x1c\xdf\x80\x15\x4e\xe8\xe0\x8a\x0c\xc4\x30\x44\xe1\x03\x6b\xae\x01\x7e\xb4\x8b\x65\x02\xc7\xa9\xd6\x0c\x8b\x37\x0c\xf3\x79\x9c\x46\x4f\x96\x4a\x69\xee\x65\x95\x01\x22\x3e\x78\x9a\x64\x97\xb6\x34\x96\xdf\x1a\xda\x2e\x80\x8d\x24\x34\xfc\x8b\xb9\x79\x4e\x5e\x2a\x20\xbb\xf4\xd6\x92\x5c\xb3\xc5\xbb\x14\x84\x2f\x19\x20\x09\x05\xba\x93\x54\xe0\x0d\xc3\x3c\xff\x5b\x42\xd4\xe9\xd9\x66\x8b\x34\xe6\x61\xd4\x4b\xef\x76\xfe\xfe\x2e\xd5\x1f\x94\x42\x3a\x93\x3a\xc9\x4f\x15\x23\xbf\x37\x82\x3a\x23\x8d\x61\x6c\x6b\x17\x97\x34\x41\xe3\x5f\x94\x05\xa0\x4d\x99\xea\xa8\xf5\x04\x53\x4c\x8b\x5f\xa5\xe8\xe3\x35\xc7\x43\xbc\xf2\x1f\x5d\x49\x2b\x71\x12\xe0\x0f\xd8\x64\x2c\xb1\x2b\xfe\xc8\x49\xdf\x62\x12\x0d\xbb\x06\xbf\xc2\x94\x6a\x56\x01\xe2\x5b\xe7\x50\x11\xc6\xf0\x0c\x65\xd3\x5f\x44\xa4\x6a\xf9\xe4\xf7\x80\x9e\x57\x89\xa3\xa6\x1b\xa0\xa3\xb2\x13\x89\x04\x97\x29\x6c\x81\xe4\x2e\x88\xf0\xec\x0f\x5d\xef\xc1\xf5\xd3\x9f\xf2\xa4\x8b\x7e\x30\x26\xc9\xe5\x47\x20\x2e\xdc\x7e\xb7\x38\xc3\x4a\xd3\xa1\x5d\x37\x3e\xf8\x2a\x4c\x1d\x18\x1f\x28\x5a\x98\xbd\x33\x14\xc2\xc1\x94\x7c\x9e\x2c\x60\xac\xa5\x17\x50\xee\x7f\x94\x3c\xaf\x0c\x4e\x1e\x5c\x7d\xf7\x29\x1e\x97\x3b\x1f\x93\x6b\x73\x70\x76\x19"},
+{{0xaa,0xbb,0xb2,0xef,0xed,0xb5,0x99,0x42,0x4a,0x5f,0x3e,0x08,0xf9,0x0f,0xa8,0x82,0x6c,0x5c,0x92,0x17,0x0b,0xe5,0x01,0xa1,0x18,0x1f,0xe8,0xe8,0xdf,0x97,0x4e,0x0e,},{0xce,0x73,0x19,0xef,0x88,0xb2,0x42,0x42,0x06,0x66,0xca,0x69,0x7b,0xa8,0x50,0x1d,0x27,0x4e,0xc4,0xa5,0xdc,0xf8,0x44,0x59,0x66,0x08,0xb9,0xdd,0x5a,0x8a,0x3a,0xcd,},{0xa0,0xb1,0x9c,0xfa,0x6c,0x80,0xde,0x77,0xbf,0xcd,0x32,0x10,0x30,0xbf,0x8c,0x03,0x89,0x3e,0x2b,0x21,0xac,0xe6,0xc6,0xba,0x1f,0xf7,0x40,0x8e,0x6f,0xf0,0x7d,0x84,0x7e,0x6b,0x2b,0x68,0x8d,0x4f,0xd5,0x1a,0xa9,0x32,0x70,0x1d,0xb6,0x40,0x2e,0xf2,0x23,0x22,0xe6,0xe9,0xfc,0x7e,0x32,0x0a,0xbb,0x4d,0x24,0xe1,0xac,0xc6,0xcf,0x06,},"\xfc\xc1\x5c\xc5\x79\x70\x56\x9e\x9c\xcf\xa5\xa7\x78\xfc\x7a\xed\x71\x97\x8a\x3f\x56\x24\x57\x7b\x6f\x57\xfa\x3f\x16\x7e\xa2\x23\xef\x31\x76\x4c\x48\x8d\x05\x9d\x06\x53\x1d\x01\x6b\xcb\x17\xd5\x44\xd4\x69\x77\xaa\x24\x1f\x8e\x07\xaf\x47\x87\xa0\x81\x0f\x98\xd7\x66\x46\x0c\x08\x41\xad\x81\xb8\x8f\x4d\x5d\x81\x64\x48\x5a\x12\x58\xa9\x46\x22\xc5\x49\x24\x28\xd6\xd5\x75\x94\x37\x15\x76\x6c\x2b\x0a\x86\x5b\xed\xba\x16\x7d\x5d\x34\x0e\xdb\x57\x9c\x47\xaa\x32\x45\x9b\x8f\xc9\x8a\x79\xbb\x0b\xed\x1c\x96\x0b\x4c\xcb\x7f\x2d\x4b\x56\x81\xa2\xa7\x0d\x50\x5b\x85\xb8\x1e\x3d\x99\x67\x27\x14\xe4\xea\xb4\x1f\x3a\xb0\xca\x87\x4f\x41\x71\x86\xfe\xb6\x9e\xd1\x3f\xb9\x11\xf4\x9d\x15\x84\x75\x8b\x2d\x18\xb4\x67\x3e\xdf\xae\x49\x5e\x68\xda\xd5\x13\xa7\xac\x0d\x47\xb2\x75\x3c\xb4\xed\xa7\x8f\xb4\x31\xf0\x4d\xda\x8f\xe8\x03\x0d\x7b\xb4\xe8\xdb\xcc\xb9\x69\xd7\xf5\x80\xd9\xc1\xef\x93\x5d\x07\x4d\x7a\x41\xd1\xf8\xb9\xdc\x45\xc9\xa2\xe4\x10\x6a\x55\x29\xa9\x8b\x95\x52\x9a\xb0\xed\xea\x0b\x57\x22\xdd\x68\x6f\x5a\x7f\x3c\xd8\xfb\x26\x24\xab\x26\xc4\x2d\xf1\x1f\x51\x0a\x10\x3d\x8a\x92\x98\x30\xad\x85\xf5\x21\x24\xe3\xd5\x82\x7b\xa6\x0b\xfb\xcd\x73\x6c\xb6\xc5\x90\xee\x77\x7e\xad\x7a\xa2\x22\x4d\x7a\xe4\x6d\x25\x7a\x90\x40\x72\x47\x96\x0c\x9c\xb0\x38\x60\xae\xaa\x7f\x54\xc1\xa8\xe1\x11\x60\xd1\x1b\xb4\x73\x06\x5e\x19\xb7\x07\x21\xc8\xf0\x72\xe1\x90\x9d\x53\x9e\x9a\xc9\x41\x85\x90\x4b\xbb\xfe\x54\x87\x37\x54\xae\x1c\xa7\xbc\xed\x6f\x40\x56\x1a\xf4\xb5\x05\xf0\x3a\xc9\x72\xa6\xf0\xbf\xa7\x3b\x5f\x83\x2f\xe2\x3b\x89\x8b\x2b\xbb\x05\x74\xa6\x66\x2e\xe9\x3b\x3b\x36\x0d\xa1\xec\x7e\x83\x8e\xb2\xc7\x7c\x7c\xb7\xfc\x16\x4f\x7c\x46\x27\x01\x04\x89\xc8\x58\x90\x07\x52\xc9\x2d\x9d\x75\xad\x54\x71\x67\xe4\xbd\xd1\x1a\x07\xd2\x8b\x65\x1a\xa3\x0f\x16\xa8\x50\xe0\x60\xdd\x28\x82\xfb\x82\x09\x19\xa3\x98\xe8\x05\xeb\x63\x69\x9f\x4f\xf5\x95\xf9\x91\x52\x47\x31\x64\x1e\xce\x25\xfb\x3f\x8e\x89\xad\xa5\x01\x19\x2b\x1e\xdd\xae\xcb\xac\xc8\xb8\x98\x52\x8f\x2d\x5b\x33\x12\x69\x4f\x5e\xc2\xdc\x91\x42\xe1\x51\x3f\x77\x7a\x5c\x83\x34\x09\xc1\x71\x63\x3f\xf9\xfa\x26\x09\xd0\x49\x7f\x5d\xf4\xfb\xf4\x8e\xf2\xb7\x7d\x55\xe2\x55\x19\xd2\xee\x79\xb5\xfe\x9d\x8f\xa4\x60\x00\xde\xcd\xb4\xf2\x5d\xfb\x3f\x2b\xaf\xb1\x9f\xbe\x2c\xbd\xac\x00\x2a\x35\x9a\x95\x4b\xc6\x9b\xdf\xe2\xfb\x36\xad\xfd\x9a\x15\x09\xf3\xe3\xa4\xc6\xb1\xf3\xf3\x6e\x7c\xf8\x0d\x58\x3d\x44\x0f\xf2\xa1\x44\x64\x30\x98\x97\x4d\x71\x49\x3e\xcb\x64\x17\xc0\xb8\x06\x5b\xd2\xc2\x1c\x1e\x34\xaf\x09\x24\x3f\xb4\x9e\x9d\x35\x29\x7e\xb0\xa5\x2d\x56\xdd\x27\x0f\xea\x6d\xc5\xc0\x80\xa0\x55\x99\xf7\x85\x81\xe9\x0f\xd8\xcc\x4c\xd1\x1a\x50\x5e\xdd\xe8\x4b\x89\x2d\x89\x53\xbd\xbb\x23\x79\xd3\x3a\xad\x64\x65\x8a\xe2\x06\x07\xdd\x35\xb0\xbf\x3a\x26\x37\xd2\x0c\x3f\x86"},
+{{0xc2,0xe0,0x74,0xfa,0xa2,0x34,0xe9,0x9a,0xb2,0x0a,0xdb,0xbe,0xae,0x11,0xb8,0x10,0x97,0x23,0xb7,0x08,0xc5,0x45,0x86,0xdf,0x65,0x2b,0x40,0x2c,0x35,0xcd,0xd1,0x27,},{0x5e,0x52,0x4e,0xce,0x1c,0x69,0x6e,0x70,0x5a,0x35,0x14,0xdd,0x00,0x82,0xb8,0x40,0x79,0x5a,0x59,0xc3,0x6a,0x96,0xcb,0xc4,0x82,0xbf,0xf5,0xab,0x4e,0xf5,0x15,0xd1,},{0x65,0x7c,0x38,0x26,0xb3,0x48,0x3f,0xd4,0x2a,0xb6,0xdf,0x86,0x9d,0x1b,0x77,0xa8,0xc4,0xdf,0x67,0xa6,0xa5,0x90,0xc7,0xc6,0x77,0x29,0x69,0xe3,0xdf,0x33,0x12,0xae,0x06,0x54,0xfb,0x83,0x84,0x7a,0xf2,0x21,0x93,0x5a,0x05,0x12,0x29,0x16,0x36,0xec,0x05,0x95,0x70,0x08,0x79,0xeb,0xdb,0xa8,0xa1,0x46,0x7c,0x53,0xd4,0x0c,0x23,0x06,},"\x31\x29\x03\x38\xe4\x6d\x1c\xc2\x5c\xe9\x9c\xba\xcc\x40\x16\x03\x41\xb7\x85\x82\x3c\x82\x3c\x4a\xb9\xba\xee\x3b\x61\x25\x79\xf1\xc0\x11\x71\x67\x96\xe5\x6e\x26\x93\xf6\xdd\xad\x43\x92\x2a\xa7\x84\x7c\xbb\x41\x48\x10\x16\x51\xbb\xe6\x2d\x50\xbe\x90\x82\x5e\x8e\xab\x77\x7a\xa4\xb8\x02\x6d\xc5\x38\x5a\x97\xd3\xdf\x76\x16\x01\x91\xf9\x22\xcd\xd2\xf0\x7b\xa5\xf8\x5e\x95\xf4\x5d\xb2\x29\x28\xf9\x07\x34\xff\x52\x0c\x44\xdc\x8f\xe3\x90\x3b\x4c\x51\xcd\x23\xe0\x64\xf0\x1c\x82\x9e\xc7\x4f\xbf\xfe\x25\xfd\x0d\x36\x9d\x27\x65\x74\x0f\x43\x85\x6b\xd7\x39\x8a\x19\x11\xad\x74\x98\x36\x16\x0f\xd9\x8d\x04\xb2\x8e\xe8\x7e\x11\x1d\x40\x71\x8b\x5a\x16\x6f\x05\xc9\xa4\x71\xa4\x15\x66\x55\x70\x69\xf7\xa1\x4d\xe9\x88\xbb\xbf\x67\x77\x52\x1f\xcb\xa6\xdd\x65\xde\x4c\x06\x67\x4a\x11\x85\x3a\xf8\x3a\xcc\xb7\x0f\xb3\x28\xdd\x8f\xd6\x10\x5a\x7d\xf5\x26\x9c\x9f\xae\xc8\xd9\x00\x14\x7e\x92\x8d\x97\x0c\x36\xcd\x83\x4b\xd6\x05\x4f\x70\x65\x0d\xfa\xce\x94\xb7\x62\x9d\x16\xe3\x70\x3d\x76\x6c\xe7\x63\x8d\x0a\xd1\xe1\x7b\x77\x46\x9b\x95\x8d\x2b\xa2\xa1\xe6\x31\xa1\x63\x5e\xfd\xcb\x00\x6e\xbc\x6e\x5d\x8b\x9f\xaf\x7e\x5f\xb9\x89\xdc\x08\x96\xc5\x61\xa2\x6f\x3c\x25\xf0\x55\x71\x6b\x36\x71\x38\xea\x5d\xa1\xf8\x1d\xc7\x2c\xff\x7a\x55\xaf\xae\xe5\x83\x9e\xf5\xaa\x82\x2b\x29\x70\xaa\x18\xa8\x98\x21\x63\xbf\x5e\xed\x1b\x67\x7c\xca\xac\x12\x24\xff\x6c\x6c\xf2\x56\x37\x47\x80\xae\x65\x80\x3b\xf5\xc6\xe2\x3c\x80\xba\xcd\x76\xec\x3e\x2d\xdd\x3a\xb7\x19\x97\x50\x64\x48\xe1\x9d\xb1\x98\xef\xad\xc9\xf7\x57\x49\x1f\x1b\x09\x72\xc8\x2d\xb2\x94\x10\xe1\xe8\xbb\x67\xbb\xb2\x3d\x53\x56\x3b\x88\x07\xe5\xe0\xc2\xe3\x2e\xe5\x96\xb5\xb4\x40\x23\x28\xf9\xe1\x79\xe9\xce\x85\x6d\x3b\xd1\x99\xd5\x8d\xe6\xc5\xc2\x52\xe7\xa6\x12\x4d\x81\xfc\x9e\xea\xf2\x3d\x34\x7d\x2a\xb8\x89\x17\xaa\x68\x44\x50\xdd\x58\x30\x35\x16\xc1\xa4\xd2\xbd\xcd\xde\x22\x0c\x9a\xe3\x79\x0f\x29\x8d\x7d\x38\x4b\x70\xc2\xfe\x25\x88\x07\x84\x8f\xc3\x53\x20\xb5\x78\xb3\x35\x03\xb7\x5f\x38\xa1\xdf\x63\x0b\xd3\x3e\x6a\x85\xa4\xdd\x4d\xf9\xf6\xe5\x5a\x6e\x68\x67\xc7\x38\x01\xe5\x93\xe1\xd5\x91\xdb\x89\xba\x9a\x9a\xf0\xfc\x29\x2e\x06\xfb\x51\x5a\xc8\xa5\xe8\xe3\x43\xa8\x21\x33\x55\x75\xba\x48\xfb\xaa\xe3\xfb\x12\xde\xea\xae\xe6\x0f\x4b\x3d\x31\x7e\xc0\xa5\x54\xdd\xd4\x25\xc8\x49\x32\xc2\x7a\x7a\x12\xf2\x9d\x63\x71\x51\x07\x83\xbd\x75\xe6\x0e\x2f\x6d\xa2\x00\x52\x06\x9e\xd7\x1e\x69\x5a\x94\x31\x82\x19\x3c\xb6\x85\x1a\x7d\x2f\xa3\xc6\x66\xc1\x93\x02\x80\x15\xac\x8b\x7e\x7d\xaa\x6c\x52\x04\xf7\x7a\x62\x32\xb8\x8b\x4a\xbf\xfc\x53\x62\xfd\xe7\xde\xc3\x6b\x9d\x45\x48\x80\x84\x92\x83\xb1\x15\x63\x39\xea\x2e\x8c\x3b\x10\xe5\x1b\xfa\xbd\xf7\x25\x78\xc7\x26\x41\x9a\x38\x54\x2c\xf8\x64\x9d\xf9\xa0\x90\x9f\x58\x2d\xeb\xad\x5f\xd8\x9d\x8c\x81\xf8\x3d\x9e\x42\x3e\x75\x03"},
+{{0xb9,0xda,0x4e,0x6a,0xf0,0x7e,0x39,0x8a,0xb4,0xd2,0x17,0x52,0xa3,0x2c,0x8f,0xfa,0x9b,0xe0,0xc3,0x10,0xd3,0x50,0x59,0xfb,0x66,0x1b,0xd7,0x3a,0xfa,0x97,0xe2,0xa8,},{0xf8,0x62,0x80,0x3c,0x96,0xcc,0x42,0xad,0xc8,0x25,0x28,0x84,0x54,0x72,0x30,0xb9,0x70,0x04,0x7b,0x7e,0x5d,0xa9,0x96,0x26,0x0c,0xcc,0x02,0x40,0xab,0x71,0xa6,0xec,},{0x62,0x5e,0x1f,0x42,0xc8,0x74,0x34,0xa2,0x5d,0x62,0x2d,0x80,0xd1,0x25,0x32,0x80,0x6a,0xfb,0x25,0x09,0x33,0x24,0x49,0xe6,0x96,0xb6,0x5e,0x1e,0x58,0x88,0x50,0x8f,0x11,0xc4,0xac,0x25,0xf5,0x9b,0x8d,0x94,0xd0,0xbf,0x27,0xe4,0xc8,0xd1,0x86,0x70,0x07,0xc4,0x08,0xda,0x57,0x30,0x82,0xdc,0xf1,0x9d,0x15,0xa9,0xd5,0xcc,0xcb,0x0c,},"\x6b\x95\xaf\x0e\xeb\xb6\xa0\x8a\xfa\xda\xa1\x96\x21\xf7\x6a\x83\x9b\xe8\x08\x51\xc6\xdd\x31\x5e\x82\x76\xf5\x01\x99\x5d\x4c\xe6\xd1\x34\xdf\x5e\x79\x8e\xd5\x17\xa2\xf0\xe6\x2a\xa1\xd6\xc9\x8c\x36\xef\x14\xbb\x1e\x5d\xdf\xc9\x8d\x5a\x7f\xcc\x81\x14\x0a\x13\xc2\x0d\x2c\xa0\xc4\xb4\x0e\x6e\x6a\x03\xee\xd8\xc8\x99\xf9\xd1\xf7\x92\x46\x81\x52\x19\x9f\x4b\x95\xa4\x32\x66\x89\x47\xa5\x1d\x7b\x8e\x10\x4d\x8d\x1f\x12\xaa\xcd\x96\x7e\x08\xb0\x8c\x41\xc3\xc8\xca\x3f\xee\xda\xa5\xb8\xb6\x3b\xce\xc0\x61\x38\x64\xd9\x53\xd8\x11\x43\xec\x81\x42\x5b\xde\x29\x16\x4a\x08\x76\xf2\x3f\x37\xac\x9a\xc9\x47\x36\x72\xce\x11\xa0\x8b\xd5\x47\x6f\x6f\x66\xd6\x65\xe9\xad\x61\x7e\x34\xeb\x32\xee\x56\xff\xa4\x59\xf2\x0d\x1b\x93\x53\xd7\x82\x12\x98\x54\x57\x50\xc6\xef\xf3\xe7\xd4\x07\x3d\xc3\x18\x5e\xde\x03\x91\xcc\xe0\x57\x5f\x8b\xa6\x37\xd8\x00\x06\x8d\x9d\x7e\x54\x03\xba\x70\x38\xd2\xdb\x77\xda\x14\x47\x84\xf2\xe8\xea\x76\xae\xdf\xe5\x21\xe7\xdc\x6a\x67\x4e\xde\x35\x57\x95\x95\x99\x3f\xb2\x0d\x44\xb4\x05\x27\x83\xf5\x6c\x8c\x0b\xbd\x04\x40\xb6\x9e\xab\xde\x84\x46\x8d\xd1\x3c\x67\x1f\xb1\xbb\xd5\xcb\x02\x2c\x2a\x4f\xcf\x35\x42\xd8\xb3\xbb\x51\x8e\x5a\xde\xbd\xdc\x84\xe7\x14\xb1\x3b\xe5\x2c\x56\xb2\x82\xb4\x2a\xc0\x89\x2a\x54\x59\x28\x1b\xe7\x16\x07\x29\xf4\x11\x2c\x7d\x99\xdf\x9b\xe5\x43\x4f\x82\x3a\x9c\xe0\x50\x17\x89\xde\x1d\x55\x0a\xd5\x0b\xb1\x8c\x8d\x89\xa3\x36\x68\x27\x0b\xff\x7b\x91\xff\x11\x8f\x5c\xd9\x90\x9a\xdd\xde\x90\xc0\x24\xa3\xad\x71\x39\x15\x17\x46\x74\xf2\x8a\xaa\x9f\x94\xa3\x22\xba\xa5\x43\x73\x8e\xda\xb4\x97\x33\x12\xb5\xbf\xa1\x21\x55\xde\xbc\xee\x16\x3c\xfe\x2b\x04\xac\x9c\x12\x2a\xc8\xa4\xe1\xbc\x41\x8c\x14\x95\x5d\x96\x10\x45\x5b\xd9\x45\xe9\x79\x3b\x91\x62\x67\xc9\xc5\xf9\xe5\x3a\xc0\x45\x18\x92\x6e\xc9\x8e\xcb\x84\xa4\xf0\x44\x5d\xcb\x12\x36\xc7\x6c\x3a\x67\x8c\x69\xab\xe4\xe9\x2c\x22\x97\x1d\x62\x21\x72\x01\xa1\xbd\xf0\x5c\x04\xdf\x84\x20\xa3\xde\x6a\x91\x7a\x85\xe7\x1e\x2b\x97\x25\xe7\x7b\x52\x29\x15\xd4\xc9\x94\x60\x77\x63\x7c\x2d\x88\x13\xf0\x10\xb9\x49\x1c\xf0\xed\xdc\x3d\x46\x68\xcc\x0f\x8b\xc8\xa6\x83\x57\x9b\xe5\x43\x93\x4d\xa2\x85\x3a\x16\xf5\x71\x57\x24\xf7\x79\x81\x9f\x44\x43\x9e\x1d\xeb\xca\xa4\x27\x0d\x9b\x85\x94\xba\x4c\x86\xe1\x06\x3b\x3c\xe4\x79\xd7\x1a\x54\x09\xbe\xf2\x7e\xf4\xe5\xc1\xd1\xc9\x6e\x8b\xe1\x38\x65\xaf\x7b\xb4\x3f\x09\x16\x2c\xcb\xc8\x3a\x2c\xa9\xe9\xb8\xa2\x32\x4e\x6d\x99\x65\x75\xee\xfe\xd3\x7e\xf4\x99\x08\x18\x57\x38\xb8\xea\xe4\x3f\x8a\xdc\xa3\x30\xc9\x9b\xc6\x6c\xc1\xfd\x52\xc5\x30\xd7\x37\x1c\x60\x86\x9c\xe4\x2c\x19\x7d\xca\x0a\xd1\x28\xb8\x5f\x61\xc8\x75\x8f\x0d\x54\x2f\x3d\x32\x98\xb6\x5e\x93\xc6\xe8\xa6\x8f\xa0\xe9\xa1\xd5\xe8\xc5\xfe\xc8\x05\xb8\x3a\xff\x43\x90\xe1\x15\xeb\x64\xf3\xf0\x78\xa0\xb9\xb6\x6c\x27\x38\x43\xfc\x6c"},
+{{0x14,0x3f,0x7b,0x42,0x47,0xd5,0x49,0xf6,0xb7,0xc0,0x91,0x72,0x66,0xc5,0x0f,0x96,0x2c,0x28,0xa2,0xea,0x24,0x76,0x2f,0x53,0x7a,0xa0,0x6a,0xd1,0x5e,0x40,0xb3,0x5a,},{0xc9,0x95,0x9f,0x90,0xa2,0xd5,0xfe,0xac,0xba,0xe2,0xc4,0xc8,0x03,0xde,0xd5,0xde,0xab,0x86,0x98,0x76,0x37,0x06,0x43,0x37,0xaa,0x2a,0x0b,0x0d,0xde,0xf2,0xfd,0x86,},{0xc1,0xcf,0xae,0x58,0x51,0x57,0x13,0xea,0x72,0x8c,0xfa,0x09,0x09,0x0e,0x89,0x42,0xf8,0xdf,0x18,0x62,0x1b,0xa7,0x09,0x0e,0x3a,0x33,0x76,0xc3,0x80,0x27,0x75,0xa1,0xec,0xaf,0x43,0x6b,0x18,0x49,0x78,0x04,0x1e,0xbb,0x75,0x22,0x6f,0x97,0x0d,0xf7,0x1d,0x6a,0xd3,0x53,0xc0,0xfb,0x46,0x50,0x23,0xf9,0xe2,0x98,0xf6,0x4a,0x70,0x02,},"\xe2\x74\x20\x23\x47\xa0\xd0\x57\xa4\x8b\xf2\xa1\xf6\xe9\xf6\xcb\x42\x56\x07\x9d\x80\x03\x74\x09\x3c\x02\x0c\xbf\x52\x0e\x5f\xa2\x7f\xe9\x96\xff\x07\xf3\x3a\xd3\xb2\x1f\x74\xab\x0c\xd9\x3c\x86\x47\x5f\xf3\x7c\xf6\x22\xd3\xf9\xfa\x4d\x13\xbc\x99\xf0\x13\xe8\x50\x2b\x24\xe4\x6c\xc8\x7c\x47\xe6\xb2\xc3\x66\x2b\x50\xe9\x79\xa0\xf3\x45\xb7\x84\xff\x21\xa8\xa4\xd9\x2a\xdc\x65\xe8\x6e\x33\xb4\xdb\xe1\x7f\x52\x8c\xcd\xf5\xb4\x86\x46\x64\xba\x94\xff\xdb\x7c\x7d\x24\x12\xb4\x38\xe6\xe4\x3f\xa9\x66\x81\x47\xee\x33\x28\x22\x4d\x1f\x52\xa3\xf5\xb5\x43\x59\xb4\xf7\xfe\xf6\x9a\xf8\xf8\x67\xb4\x78\xf1\x30\xa1\x47\xbe\xa4\x2e\xd3\x98\x03\xbc\xbc\x25\x57\xbc\xa8\xc3\x99\x9f\x1d\x24\xf0\xa6\xb0\x3c\x98\x84\x60\x11\xf9\xec\x74\xf6\x66\x41\x7b\x95\x02\x0e\xb1\xfb\x2f\xb8\x8b\x63\x12\xe5\x00\x8c\xff\x03\xe2\xd7\x7a\x26\xaa\x53\x2d\x17\x80\xb5\x07\x7f\x9e\x8b\x82\x86\x74\x45\x5d\x6b\xc9\x57\x97\x5f\x7b\x2a\x50\xe7\xfd\x7c\x16\x12\xce\x02\x36\x2e\xfa\x4c\x55\x5a\x1e\xef\x68\xec\x34\xa5\xc0\x06\xa6\xda\x00\x8a\x31\xd4\x19\x3d\xc2\xcc\x64\x76\x85\xad\x3c\xfa\x3b\xd7\xc5\x60\xb7\xae\xd4\x5f\x0f\x1a\x3d\x1b\x5b\x36\x22\x68\xde\x53\x28\x57\x05\x5a\xb9\xd1\xd5\xd8\x58\xd9\xae\x9a\x75\x9a\x51\xbb\x94\x78\xe8\xf0\xee\x93\xc9\x84\xb5\x76\xb8\xb4\xab\x46\x02\x80\xbe\x3d\xe2\x05\xa3\x2f\x1d\xc3\xd5\x72\x92\x3f\xb2\x13\xac\x15\x12\xd8\x0e\xb5\xad\x5c\x18\x94\x4b\xe7\x7f\xc1\x7d\xef\x13\xa6\x1b\xbd\x31\xbc\x71\xac\xc2\x3d\x25\x0e\xc5\x89\x4e\xbc\x21\x4c\xfe\xc0\xc1\xb9\x06\x51\x6d\x32\xd8\x36\xad\xc8\x38\x80\x2e\x8d\xe3\x0d\xd7\x6d\xf6\xe6\x1c\x1b\xc4\x38\xb6\x8d\x2b\x02\x5a\x84\xf2\x11\xfa\xcf\x3f\x13\x84\xd2\x61\x2d\x0f\xae\xf5\xd1\x71\x31\xcf\xe0\xcf\xe8\x33\xfe\x95\x0e\x47\x9b\xc2\x9c\xbe\x7f\xd6\xda\x0c\xce\x30\x7c\xf0\xb1\xbd\x92\xc8\x0e\x87\x8e\x43\x2f\x63\x6e\xa0\xcd\x42\x48\x0c\x07\xe8\xb8\xe5\x7e\x69\xb2\xf9\x38\xb7\x81\x20\xf6\xaf\x4a\xbe\xbf\x7d\x4b\x05\xca\xcd\x6e\xed\x85\x44\x91\xc0\x29\x75\x5c\x4e\x66\x33\x89\x93\xed\x2a\xc2\x5d\x19\xa0\xc5\xb4\x0f\x5e\x32\xc8\xa8\xb1\xbc\xe3\x69\x71\x81\x86\xc9\x1d\x60\xed\xff\x24\xa8\x37\x7a\x99\x69\x75\x75\x99\x06\x7d\xd3\x12\x63\xa0\x6d\x6a\x61\x15\x47\x81\xf2\x96\x11\xab\x81\x2f\xf8\x2e\x81\x37\x39\x64\x62\x63\x70\x4c\xd6\x04\x63\x57\xa2\x3c\x04\x5e\x24\x07\xb7\xa8\x95\x08\x25\x93\x91\x31\x4f\x2f\xbe\xe4\x9a\xef\x08\x55\xc6\xe5\xe6\x3d\x91\x2a\x19\xdf\x15\xb1\x1e\xce\x34\xe2\x76\xdc\xb8\x8b\xf2\xf2\xe4\x75\x63\x58\xf3\x4a\x0e\xe3\x95\x2b\x68\x6f\xcd\x17\x57\x8a\x88\x41\x76\xd3\x4e\xa2\x91\x6c\x5d\x9f\xcd\x00\xeb\x9e\x0a\xa9\xf2\xcf\x0f\x16\xe2\x56\x4b\xfd\x28\xb6\xab\x59\x68\xb8\x44\x8f\x06\x83\x20\xe4\x18\x71\x60\xf8\x66\x57\x81\xb1\xe2\xed\x9d\x04\x9e\x1b\x54\xa7\xd7\x27\x20\xff\x9d\x4f\x07\x30\x51\x99\x6a\x9d\xb6\xf0\xc6\x82\x1c\x42\x4f\xa5\x1d"},
+{{0x0d,0x1f,0xe9,0xd8,0xb9,0xa2,0xf0,0x4c,0x22,0xbb,0xb0,0xed,0xea,0x38,0x33,0xa0,0xce,0x43,0x33,0x93,0x47,0x53,0x1f,0xdb,0x67,0xed,0x51,0x3a,0x13,0xd3,0x6b,0x39,},{0x67,0xc4,0x9f,0x41,0x0f,0x48,0x53,0x29,0x3d,0x0c,0x4d,0x39,0xf4,0xc1,0xb3,0xd6,0xc6,0x10,0x3c,0x5c,0xfe,0x20,0xa9,0xa5,0x9b,0x53,0x93,0x20,0x43,0x51,0x73,0x69,},{0xb0,0x57,0x25,0xe7,0x37,0x1e,0xd0,0xa9,0x1e,0xbc,0x89,0xf3,0xc3,0x0b,0xaa,0x99,0x18,0x37,0x63,0xed,0xb4,0xce,0x34,0xfe,0x90,0x1a,0xf3,0x73,0x1e,0x00,0x1c,0xc5,0x4f,0x28,0x71,0x18,0x91,0x5e,0x90,0x36,0x5d,0x91,0xac,0xa8,0xfe,0xb1,0x70,0x87,0x69,0xf9,0xf1,0xd6,0xee,0xf5,0xaa,0x11,0x3b,0xee,0x00,0xb5,0xef,0xab,0x27,0x04,},"\x64\x21\x7a\xc8\x41\xfd\x4d\x64\x59\xbf\xc4\xa4\x9b\x88\x01\xd6\x92\x9b\xf1\x9b\x40\x8e\x8a\x53\x79\x0c\xeb\x51\xec\x34\x1f\x9b\x46\xa3\x51\xe8\xc2\xe5\x9d\x88\x7e\x1e\xac\xcb\x91\x42\x31\xcd\xca\x1d\x3e\x5c\x47\xd1\x66\xb4\xcd\xb9\xb5\x8c\x01\x3c\x59\xa3\xbd\x28\x3a\xd1\x0f\x6b\xd6\x2c\x0f\x15\xf7\x64\xce\x14\xf3\xb2\x65\xf5\x37\xc6\x3e\x73\xb6\xc4\xfa\x65\xe0\x6c\xe1\xe1\xf4\xae\x0d\x11\x48\x9d\xd2\x60\x2f\x95\xfc\x40\x2b\x77\x12\x05\x2a\xbc\x84\xbd\xc7\x78\xc1\x9f\x10\x00\x1b\x4e\x0d\x5f\xbe\x46\x30\x90\xe8\x3e\xf4\x38\xfe\x06\x8f\x3b\xb6\xfb\xc2\xc1\x39\xaf\x06\x78\xed\x2a\x11\xfa\xa1\xb9\xe4\x9a\xaa\x46\x20\xab\xfc\x08\x43\x9f\xbf\xe2\xc6\x18\x40\x76\x9e\x5f\xda\x26\x77\xf8\xe2\xf0\xa1\x45\x64\xf9\xf5\x04\x23\x2a\x9f\xc0\xd9\xda\x47\x1e\x67\xfb\xc5\x74\xc3\xd5\x6d\x2a\xeb\x93\x7a\x58\x6e\xd5\x58\x35\x56\x30\x8a\x99\x8e\xb1\xdc\x47\x6a\x01\x4f\x5a\x08\x22\x8d\xbe\xd9\x5a\x12\x08\xbc\x1d\x1f\x5d\x76\xb4\xe8\xd0\xb2\x43\x4b\x99\x5a\xd4\x58\xe4\x29\xee\x61\x42\xa0\xc9\x71\x76\x8c\xc4\x0c\x40\xbc\xb0\x8e\x96\x03\xf0\x96\x11\x47\x44\x71\xb3\x85\x9d\x7f\xd5\x84\x21\x9f\x02\x65\x7b\x43\x0e\x9e\x56\x95\x5b\x34\x67\xac\x56\xff\x2e\xab\x22\xcc\x49\x84\x89\x03\x6a\x57\x41\x20\xe2\xdb\x76\x9a\x3b\x21\x50\x03\x89\x14\x2c\x78\xa8\x7d\x06\x9f\x0e\x25\x76\xca\xfd\xa8\xcd\xdd\x79\x15\xa9\x22\x87\x73\xd2\xac\x9a\x07\x5c\xb3\x87\xf2\xa8\x98\x61\x72\x13\xb2\xcc\x50\x59\xd1\x19\x41\xbc\x4f\xe5\x86\x41\xe7\xc1\x75\x02\x67\xe5\x3e\x99\xc4\x21\xcb\x4c\xf2\x1d\x09\x8c\xa2\xd1\xf4\x16\x44\xf7\x90\x89\x83\xeb\x17\x4a\x23\xa7\x81\xcf\x15\xef\x38\xeb\x91\x16\xed\xa4\x12\x3a\x15\x22\xf5\x3b\x81\xfb\x73\x68\xe8\x07\x5f\xb8\x38\x59\xd2\xcf\x98\xd9\x21\x53\x5a\x70\x9f\xaf\xa9\x87\x3c\x4a\x03\x9a\xae\x68\x2f\x7e\x62\x86\xb8\x99\x25\x7c\x09\x24\x01\x6c\xa5\xbf\x6d\x31\x69\x09\x92\x11\xa9\xa4\xa6\x74\x5c\xdd\x31\x98\xf1\x33\x7f\x60\x92\x82\x27\xce\x3c\x7d\x60\x96\x0b\x53\xde\xdf\x01\x1a\x89\x40\xf5\xc4\x68\x20\x7a\x38\x94\xbb\x08\x72\xb3\x33\xcc\xde\xc9\xd5\xec\xd9\x11\xec\xbb\xb9\x6c\x9b\xc4\xbd\x48\x75\x32\x0e\x4d\x3e\x9c\x02\xd9\xdc\x76\x10\x9e\xc4\x5e\x61\xd1\xcf\x5a\xc7\x29\xf2\xe3\x4a\x96\x47\xb9\x5b\xce\x70\xb0\xc6\x33\x17\x1a\xda\xf0\xdf\xdb\x5a\xfb\xa4\x03\x5b\x3c\xce\x8c\xb7\x14\x1a\xd1\x42\xbb\x7a\xdd\x4f\xc3\xf9\x61\xd4\x2d\x72\x03\x75\x4a\x4e\x31\x32\x21\xd4\x87\x83\x1e\x32\x94\x7d\xa9\x11\x38\xab\x64\x8b\x59\x52\xef\x69\x56\xe2\x7a\xa5\xd2\xc1\x75\x79\x4b\xf8\x1e\xf2\x77\xfa\xa6\xb9\x05\xe1\x45\x02\x86\x68\x87\xd8\x78\x80\x60\x6e\x81\xb2\x7a\xf0\x1b\xb2\x63\xec\xf2\xc5\x82\x05\x85\xea\x6c\xe8\xd8\xb3\x91\xd8\x6f\xce\xda\xdc\xd1\x1f\xdb\xb5\x66\xfd\xf1\x47\xf4\x02\x01\x0f\xc3\x5f\x51\x57\xe0\x36\x14\x6b\x37\x36\xc8\xa4\x33\x59\x12\x7c\x26\x1f\x6b\xf0\xca\xd3\xbd\x8a\x34\xcb\x15\x09\xf7"},
+{{0xc1,0x0b,0x5a,0xc6,0x05,0x5a,0x1d,0xdb,0xca,0x28,0x55,0x2e,0x5c,0x72,0xeb,0xd0,0x52,0x78,0xc9,0x22,0x39,0xb2,0xfc,0xd0,0xc1,0x35,0x36,0x51,0xa8,0xe5,0x59,0xa0,},{0xb2,0x18,0x3e,0x1b,0x00,0x81,0x6d,0x29,0x30,0x5f,0x74,0x68,0xe7,0xe4,0x5e,0xed,0x3f,0xd8,0xf2,0x3c,0x15,0xb3,0x05,0xf9,0xfd,0xa9,0x3e,0x81,0x2d,0x65,0xbc,0x27,},{0x8a,0x9a,0x32,0x17,0xfd,0xf0,0x64,0x3a,0xaa,0xa5,0xc8,0xfb,0x2a,0x88,0xa5,0x56,0x39,0x88,0x59,0xb8,0xfe,0xef,0xbc,0xb4,0x8c,0xcd,0x88,0xe5,0x85,0xa1,0x67,0xc9,0x4d,0xbb,0x5c,0x0c,0xad,0x24,0xd1,0x5b,0xca,0xbb,0xc1,0xed,0xb2,0x1f,0x02,0xa8,0xc4,0x57,0xc5,0x61,0x20,0xa3,0x23,0x4a,0xc3,0x35,0x77,0xb9,0xaf,0x2d,0xdc,0x01,},"\x35\x94\x90\x5f\x9e\xa4\x64\x61\x5f\x41\xb8\x7a\xbb\x9d\x16\x73\x37\xf2\x9d\x45\xd9\x7f\x7a\x14\x64\xec\x9f\x2e\xe5\x0f\x90\xf2\xe6\x73\x39\x87\x4d\x3f\x20\x93\xbe\x92\x26\x10\x77\x01\xec\x1a\xab\x94\x1c\x4e\x05\x9f\x1b\xb2\x6c\xe8\x6e\x14\x8d\x1d\x9f\x0d\xa2\xa2\xa0\xf9\x82\x9a\x36\x4f\xb4\xf1\x3f\x58\xb9\x60\xd0\xf8\xd7\x23\x23\x28\x3c\x44\x90\xef\xdf\x57\x87\x86\x45\x89\x0f\xf7\xbc\x50\x65\xda\xd6\xe5\x1d\xd1\xe5\xb9\xa5\x07\x51\x50\x97\x8b\x33\x67\xf1\xba\x84\xe4\x5f\xf1\xf1\x27\x6c\x57\x6e\x4b\xc7\x2b\xe8\xaa\x8e\x40\x5f\xc2\xb2\x7f\x81\x46\xb9\x99\x84\x5f\xaa\xa0\x59\x5d\x3c\xb7\x0e\x5d\x37\x12\xed\x54\xa0\xfb\x3e\x32\x2d\x45\x38\x0b\x5d\xe3\x60\x9b\x96\x7b\x95\x9b\xca\x5a\x58\x3c\xc5\x20\xcd\xcb\x7b\xcb\xb8\x29\xaa\x25\xd7\x93\x20\x95\xec\xb3\x03\x92\x3c\x25\x60\xaf\xc3\xfd\x73\x24\xb7\xb7\xac\xd0\x89\xa9\xf0\x0c\x03\xa7\x3d\x04\x3d\xc0\xcf\x0b\xa0\xd8\x41\x1e\x2b\x1b\x18\xd2\x1d\x2a\x32\xa7\x26\xa5\x30\x59\x14\x0f\x78\x4f\x7c\xed\xf2\xf3\x3c\xec\x66\xfe\x4a\xd5\xcc\x9e\xac\xcb\xe4\xae\x10\x03\x6a\xc3\x52\x3b\xac\x70\x0a\x11\x3a\x98\xb5\x98\xe6\xdf\x03\x04\xc6\xfa\x32\x12\xac\xc0\x4c\x4e\x3c\x7f\x66\x87\x36\x2e\xf8\x6d\x61\x7c\x6d\xd4\x83\xf8\xd8\x0c\xea\x66\xd1\x95\x11\x27\x42\x8a\x61\xc1\xe1\x55\xa6\x85\x0b\xb2\xaf\xb7\xf9\x1c\x82\xd7\x3e\xb2\xb0\x54\x3e\xe8\xfc\x1f\x38\xe1\xdc\xdb\x3c\x50\x3d\xdc\x9b\xa0\x81\x24\x56\xa5\xce\x2e\x11\xd5\x56\x48\x7a\x64\x69\x74\xa7\xbb\xf8\x6e\x80\x6c\x58\xc6\x8c\x42\x69\xa7\xc9\xbb\xca\xc0\xff\xef\x98\x35\xb3\x3d\xc4\x49\xa7\x54\x79\xec\xd2\x3f\x6d\x14\x9c\x1e\x5e\xa8\xb6\x92\x08\xff\x36\xe5\xfb\xd6\x82\x95\x55\x03\x18\xbf\xa0\xd3\xb1\xd6\xc1\xad\x42\x70\xbc\xab\x09\x04\xae\x53\x49\x1f\x9b\x1c\xa5\x02\xe0\x12\xee\xd7\x7c\x42\x7d\x49\xa0\x96\x2f\x10\x55\x12\x5d\xd7\xb5\x37\x33\xd8\x52\x89\x34\xb5\x58\x0d\xd5\xfd\x5b\xbe\x85\x49\x78\xba\xe3\xd2\x5b\xb4\xae\x94\x4e\x90\x65\xe8\xe2\xe0\x79\x46\x51\x8a\x6f\x54\x8e\x36\xe0\x56\xbe\x82\x4d\x9e\x02\xa7\xa3\xea\xad\xd3\x79\x29\xf5\x81\x01\xcb\x18\x53\xbe\x3d\x75\x47\xf5\x8f\x49\xe3\x8b\x01\x8a\x74\x8d\x3f\x19\xc4\x85\x82\xab\xbd\xbe\x95\x3a\x8a\x25\xba\x9d\x36\x5d\xea\x83\x59\x35\x89\x9c\x19\xfb\x0b\x51\x90\x6a\xa9\x72\xc5\xac\x45\xe9\x9c\x40\xb3\xb7\x6e\x35\xd3\x27\xe3\x21\xe8\xae\x23\x06\xa6\xeb\x3d\x8c\xb6\xec\x2f\xa5\x39\x9a\xdd\x19\xea\x00\x28\xa0\x17\x92\xc0\x8e\x27\xc1\x6c\xf4\xf8\x5a\xaa\xae\x72\xf9\x86\xb0\x99\xf9\xeb\xe4\xad\x0b\x25\xd0\x6d\x3d\xe4\x4a\x8b\xfa\x52\x84\x4b\xe4\xa9\x39\x44\x83\x3c\xe2\xad\xd5\x1b\xb5\x54\xb3\x56\xa7\xdc\x49\x74\x8d\xd4\x5a\xe7\xec\x9e\x8d\xb4\x26\xc9\x7a\x25\xda\x5e\xdd\x3b\x62\x1e\x4a\xdb\xde\x48\x19\x7a\x33\x14\xde\x1c\x50\xf4\xd6\x00\x20\x27\xdd\x75\x19\xdd\xe3\xe1\x57\x29\xe4\x86\x95\x5a\xc4\x0d\x9d\x66\x87\x6f\x90\x66\x8c\x68\x9d\x8a\xb5\x98"},
+{{0x06,0x1b,0xdd,0xab,0x28,0x0b,0x0f,0xdc,0xb2,0x6b,0xfd,0x9a,0x0f,0xc7,0x21,0xf6,0x8f,0x88,0x34,0x3b,0x5d,0x39,0x83,0xa1,0x6b,0x6d,0xfa,0xa5,0xe7,0x69,0x69,0xf3,},{0x81,0x55,0x78,0xbb,0xa6,0xe7,0x07,0x0e,0xbd,0xec,0xa1,0x17,0x56,0x8b,0xd7,0x7e,0xbf,0xf9,0xe1,0x4c,0xb8,0xbc,0x20,0x0c,0x32,0xbd,0x87,0xdb,0x1f,0xb3,0x7d,0x6c,},{0xb8,0x32,0x97,0xcc,0xdd,0x6d,0x00,0x98,0xeb,0xf5,0xd1,0x32,0xd1,0x74,0xde,0x19,0x58,0x31,0x1a,0x76,0x6b,0xcc,0x4d,0xa1,0x5f,0x86,0x4d,0x80,0x1f,0x38,0xe0,0x9d,0x61,0x3e,0x7a,0xa8,0xc3,0x36,0x30,0x27,0x35,0xd7,0x5b,0xe4,0x16,0x6d,0x73,0xb0,0x18,0x4b,0x0e,0x0b,0xc5,0xef,0x39,0xed,0xbc,0xcb,0x6e,0x0e,0x61,0xaf,0xeb,0x0c,},"\xee\x76\xb4\x0c\xd4\x29\xea\xc7\xbc\x12\x83\x9c\xa2\xf7\xcd\x31\xf1\xe0\x09\x8a\x39\xc5\xfc\x19\x80\x5b\xe0\x33\x1f\x44\x79\x9e\x31\x8d\x12\x57\x1f\x06\xe2\x99\x37\x53\xa3\x68\x5c\xd2\xa9\x6b\x23\x01\xe2\x00\x24\x20\x9a\xdc\x5a\xdf\x74\x79\xff\x90\xc4\x77\xc3\x69\x5a\xbb\x99\xbd\x28\x57\x9d\xbc\x78\x31\xa1\x92\xbe\xed\x0c\xe1\x7b\x03\x8b\x20\x76\x48\x00\x65\x3a\xf7\xaf\x02\x4e\x2a\x10\x4e\xd0\xf3\xe5\x2d\x4b\xbd\x3e\x10\x9c\xf1\x26\x29\x1f\x49\xb0\xa2\x1b\xe4\x33\xc1\xc5\xa2\x58\x9e\xa5\x72\x99\x7f\x63\xd2\xbb\x39\x72\xd5\x32\xbe\x35\xa0\x47\x1e\xf0\x57\x3d\x79\x5c\x07\x2b\x6a\x86\x85\xb9\x5e\x47\xb0\x9e\xa9\xf4\x75\xd9\x3b\xf1\x2b\xbd\x77\xb7\xd2\xbf\x5d\x5b\xdd\xf0\xae\x02\x37\x53\x71\xd1\xd7\x99\xea\x92\x04\xbe\x38\x9e\x6a\x8e\x5d\xee\xdc\xd4\x92\x02\xe9\x2d\xf7\xc3\xe7\x61\xf9\x2e\xf8\xd7\x9f\xa7\x38\xd2\xc5\xbc\x28\x0e\xd3\x28\x79\x83\x2f\xf2\xb0\x26\x42\x45\x89\xcd\xbd\x52\xd1\x5b\x60\xf2\xaa\x35\x26\xb8\x98\x84\x9a\x34\xa8\x5f\xf1\xc4\x7d\xc6\x55\x4b\x85\xac\x76\xaa\x79\x35\xcb\xf3\xf7\xbc\x80\xad\x00\x91\x92\xa8\x75\xca\x20\x9b\x40\xfe\xb0\x47\xcc\x44\x69\x68\xf9\x70\xda\x47\xb8\xcd\x67\xda\x7e\xb4\xe5\x4a\x0e\x5a\xb2\x0c\xb3\x5b\xc6\xfb\x7f\x13\x30\x7c\xe6\x7e\xb6\x20\x4a\x67\xce\x9b\xb1\xd1\x39\xc1\xb4\xbd\x5d\xbe\xd5\x80\x10\xc8\x7b\xf8\x31\xe6\x52\x2e\xe1\x82\xda\xd9\x45\x80\x4b\x76\x7c\x4d\xf2\x55\x4f\x15\xb9\xe9\xaf\xd2\x59\x9e\xf2\x58\xc6\x7a\x22\xca\xeb\x92\xa5\x79\x88\x00\x6b\xbc\x72\xc1\x04\xfa\xc7\xe5\x41\x3c\xd3\xd3\xb8\x02\xc8\x3e\x63\x9e\xaf\xe2\x12\xa3\x8b\xb7\xef\x77\x9a\xf1\xa9\x4e\xe1\x37\xf6\xc6\x06\x67\xbc\x48\xf2\x7b\xf4\xa2\x22\x41\xbc\x44\xbb\x60\x33\x83\x62\x39\xbd\x6e\xaf\x3e\x2e\x22\x31\x87\x84\x1e\x46\x41\xb0\xf4\xe9\xff\x8d\x5a\x41\xdd\xbe\xab\xb4\x13\x8f\x6b\x58\x5a\xce\x0f\xb6\xb5\x3d\xc3\xc9\xed\xc0\x37\x3b\x60\x47\xf2\x7d\x83\x5e\x8e\x24\x66\x44\xfd\x83\x2c\xcf\xe0\xdf\x25\xc3\xd7\xda\x18\x7c\x9f\xa0\x54\x20\xd4\x34\x55\xf2\xd0\x8b\x57\x19\x29\x38\x6b\x59\xc6\xe0\xe1\x0a\x35\x60\x1d\xa8\x99\xb1\xb4\xdc\x3d\x95\xb6\x7d\xd9\xa8\x38\x18\xb0\xa3\x18\xbf\xdd\xa0\x64\x64\xb4\xa4\x2d\x3c\xb9\x85\xf3\x0e\xc9\x7d\x6a\x2a\xf1\x32\x91\x15\x5d\x60\xce\xc5\x7c\xbd\x58\xd5\xcf\xcb\x35\xc1\x85\x35\xe8\xd2\x99\xb5\xb0\x07\x59\x08\x92\xea\x94\x9d\x1b\x13\x7a\x62\xb3\x9a\x43\x6c\xd7\xe5\xb9\xf8\xd1\xb6\x93\x8d\xba\xa6\x2c\x22\x68\xd4\x59\xc6\x22\x0a\x3e\x6f\xcb\xf8\x0b\xa0\x11\x8a\xcd\x23\x42\x56\x3f\xbd\xbc\x1f\x7c\x9d\xba\x7e\xa2\xc0\x72\xaf\xc8\xae\x21\x28\xe3\xeb\xca\x06\x44\xff\xd8\x16\x3e\x80\xa1\xa5\x57\xd9\xd3\x90\x34\xcc\xd9\xdb\xd1\x2c\x88\x55\xa6\xf9\x16\x5b\x08\x01\x83\x9c\xf6\xe0\x7a\x9f\xba\x4c\x64\xd9\xc0\x99\xe1\x54\x10\xe2\x90\xe6\x77\x03\x1b\x65\xcf\x7d\xeb\x00\x79\xbd\xad\xc5\x73\xcc\x05\x6d\x76\x66\xd9\x5d\x03\x3a\x0b\x6b\xdb\xa7\xec"},
+{{0x2c,0xab,0x5b,0xf5,0x5f,0xfa,0x91,0x4e,0x9a,0xd0,0x76,0x22,0x19,0x0d,0x34,0x3e,0xc5,0x5c,0x13,0xcd,0x91,0xb3,0x88,0xcb,0x75,0x00,0xff,0xe0,0x6d,0xf7,0xc1,0x80,},{0xb6,0x1e,0x43,0x2b,0xb9,0x7c,0xba,0xe3,0x88,0xa2,0x57,0x8a,0x74,0x84,0x99,0x8e,0x00,0xe9,0xad,0x3d,0xdf,0xd6,0xca,0xb8,0xd3,0xa5,0xfc,0x5b,0xa0,0x43,0x07,0xc8,},{0x4c,0xf0,0x8f,0x4f,0xab,0xbd,0x06,0xdc,0xcb,0xcc,0xe2,0xa7,0xa5,0x94,0x1f,0xe9,0xaf,0xdd,0xc4,0xd2,0xd0,0xbc,0x80,0x80,0x2e,0x93,0xb1,0x2c,0xb1,0x35,0xd3,0xac,0xf6,0x51,0x1e,0x0f,0xe4,0x11,0x3c,0x5e,0x3c,0x55,0x41,0xb2,0x7d,0x3a,0x21,0x50,0xa7,0x57,0x74,0x2a,0xc6,0x5f,0x95,0xa9,0xce,0x66,0x73,0xff,0x0c,0xd2,0x1c,0x0f,},"\x2c\x2d\x04\xdc\x3a\xd1\x98\x23\x59\xec\xd5\xbc\x3e\xe0\x35\xf3\x49\x8e\xed\xff\x61\x04\xa9\x3c\x60\x2a\xf2\x17\x9a\xeb\x2c\xb1\xf4\x1c\x5c\xdb\x0a\x77\xb1\x24\xf9\x46\xaa\x8a\x82\x4a\xa3\x07\x6c\x2e\x1a\xcf\xd4\x8f\x68\x07\x0b\x26\x27\x6a\x65\x6b\x4a\x47\x58\xab\x15\x1a\x6a\x9c\x41\xbd\x74\xe0\x9b\xbd\x9a\xdc\xce\x1e\x87\xa0\xa8\x0d\x17\xfd\x92\xe8\x5e\x4b\xda\x47\x2c\x98\x8b\x6b\xb1\x18\x3b\x7e\xe5\x9a\x09\xd8\x05\x70\x46\x6d\xb9\x0d\xd3\x74\x95\x79\xc4\xeb\x19\xab\x75\xfc\x15\x2e\xcd\xcd\x68\xcd\x10\x78\xef\x06\xe5\x93\xc7\x35\x16\xfa\x82\x91\x48\x1a\x66\x7d\x3f\x95\xbf\xeb\x14\x4b\xab\x59\xd6\xdd\xc7\x3a\x27\x95\xc1\x01\x7e\x09\x53\x6b\x31\x62\xe4\xbc\x58\xf8\xea\xd3\x89\x57\x01\x8c\xfe\xc7\x2b\xad\xbf\x22\x81\x9a\xb0\xb4\x06\xc6\x47\x30\xfc\x73\xfd\x9e\xe6\x1f\x74\x18\x7e\xda\x91\xed\x4e\x79\x93\xe6\x68\x84\xaf\x43\xef\x4c\x6b\xf7\xf7\xc3\x79\xe8\xf0\xf6\x3d\xcb\x80\x41\xe2\x6b\x8b\x82\x92\xb6\xb6\xd1\x90\xe4\xad\xf4\x30\xfa\x82\xdd\x74\xc5\x73\x85\xb9\x19\xc4\x46\xdb\x37\xb5\xe8\x76\x7e\x4a\x0c\x95\x01\x3b\xe8\x9b\x2b\xc4\xe9\xfd\x62\x75\x4a\x84\x44\x18\x40\x09\x68\xae\xd2\xdd\x32\x8d\x7b\x1d\xc9\x1e\x1a\x2b\x30\x09\xdc\x7a\xd1\x40\xa0\x68\x6f\x67\x31\x68\xa6\x0e\x88\xd8\x0c\x52\x0f\xc2\xdc\xfc\x56\xca\x9d\x4b\x0c\x88\x85\x90\x99\x23\x07\x14\xde\xc8\x3d\x26\xb4\x63\x05\x54\xdc\xb9\xc4\x90\x18\x95\xf7\x8f\x38\x34\xb0\x97\x66\xb6\x7a\x46\x5d\xe8\xc9\x49\x00\x65\xbf\x56\x83\x39\x24\x33\x99\xfd\xc9\xd5\x10\x03\x24\x66\x7c\x5a\xb2\x8f\x35\xc0\x0f\x61\x25\x63\x8e\x61\xda\xb7\x0d\x1e\xec\x48\x95\x1d\xe0\xfb\x3f\x7b\x23\xd3\xcd\x98\x24\x37\xc6\x34\x73\x41\x5b\xef\x37\x4a\x66\x32\x96\xf2\x98\x6b\x1a\xe9\x57\x9b\x9f\xfc\xe7\x1e\xc3\x5e\xec\xa1\x16\xd1\x94\xf8\xfb\xa9\xa4\x5a\x91\xba\xe2\x7a\xc4\x55\xdb\x71\xa6\xb0\x1a\x72\x9d\x0c\x13\x5f\xcd\xcb\xc2\x3e\x50\x4a\x29\x43\xc0\x0a\xa4\x20\x70\x51\x9d\x9c\xd7\x7a\xe6\x75\x4f\x31\xeb\x46\xa3\xe5\xbe\x9e\xeb\x3f\xc8\xd3\x1f\xf1\x82\xda\x9b\x08\x7b\xe3\x46\x2c\x84\x59\x12\x6e\x86\x29\x09\x23\x2f\xd5\xf2\xd8\x9c\x01\x81\x59\x57\x61\x1e\x6a\xe7\xca\xa9\x8b\x60\x53\x77\x6a\x77\x15\xc2\xf9\x3c\xcf\x03\x08\x87\x03\x0c\x56\xc2\xb8\x22\x6d\xae\x29\x77\x99\x5a\x6d\x3f\x1e\x9d\x79\x11\xa9\xc9\xd2\xa3\x03\xf0\xe0\x1f\x32\x33\x8e\xfd\xaf\x8e\xe6\x3f\xc4\x1b\x25\x39\x9c\xff\xd0\xb3\x5f\x7e\xe5\x67\x6b\xd8\xfd\x3d\xa2\xcb\xee\x4a\xe2\xea\x98\x08\xd7\xe7\x35\x83\xd9\x94\x33\x99\x31\x46\x67\x4a\x40\x40\xf4\x2f\x63\xd1\xb3\x13\x5c\xc7\x97\xa8\xd8\xf0\xb8\x85\x73\xa3\x28\x90\x69\x6c\xac\x94\x39\xd1\xe1\x5d\x19\x6d\x90\x90\xb6\x2b\x6d\xb7\xe6\x3c\x96\x47\x2d\x94\x6e\x66\x8c\xbd\xa1\xf4\xdb\x88\x93\x00\xcd\xcc\x25\xe8\x4c\x9f\x38\x57\xd1\xd9\xe5\x32\x41\xcf\x62\x5f\x39\x09\xaf\x1c\x8a\xaf\xf4\x30\x9f\x68\xf6\x54\xb7\xa1\x5b\x67\x71\x1c\x5b\x7f\x9d\xe7\x67\x75"},
+{{0xdd,0x7b,0x59,0xa3,0x3d,0x97,0x0b,0xef,0x62,0xe0,0xe2,0x1a,0x7b,0x6e,0x4c,0x30,0x96,0x06,0x86,0xf1,0x7f,0x49,0xaf,0xdb,0x4a,0x9f,0x4e,0x80,0x8e,0x35,0x5c,0x7f,},{0x53,0xa0,0xe5,0x72,0x77,0xd9,0xbb,0xee,0xcf,0x99,0xc4,0xd1,0x38,0xfd,0x66,0xfa,0xfc,0xae,0xc7,0xbc,0x5f,0x56,0x7f,0x83,0x20,0x80,0x0c,0x4e,0x58,0x4f,0xf8,0x2e,},{0x87,0x29,0x4d,0x22,0xd4,0xad,0x0d,0x08,0x14,0xe2,0xd6,0xd5,0xfa,0xf5,0x57,0x49,0xe9,0xb3,0x98,0x03,0xb4,0xd4,0xb7,0x87,0x9e,0x60,0xb7,0x77,0xc1,0xfc,0x41,0x58,0x4f,0xe1,0x51,0x35,0xba,0x11,0x23,0xff,0x5f,0x20,0x0d,0xb3,0x5a,0x34,0x68,0xdd,0x4d,0x58,0xda,0xd7,0x7b,0xd9,0x6e,0xe2,0xb8,0x88,0xa5,0xa8,0xb1,0x8c,0x32,0x04,},"\x75\x58\x03\x67\x93\x05\x18\x16\x8b\x0a\x76\x4d\x09\x58\xbe\xc4\xfc\x46\xcf\x59\x19\x99\xeb\x37\x37\xe4\x2a\x02\xea\x72\xd2\x10\xda\xad\x53\xe5\x4a\x7c\x2c\x13\x4a\x6d\x47\x83\x37\xd2\x63\x33\x68\x54\x81\x70\xed\xef\x0d\x85\x17\x9f\x30\x23\xe1\x50\x38\x68\xa6\xe5\xe2\x77\x5e\x41\x2a\xc0\x5f\x05\x89\xd4\x2a\x37\x7e\x75\xaa\x6b\x8f\x52\x20\xa7\x69\x9a\xe8\xaf\xf0\x10\x94\xec\x46\x9d\x63\x61\xd3\xe8\xf3\x86\x15\xed\xcd\xa4\xd2\xd5\x28\x9a\xcf\x73\xdb\x64\x56\x98\x57\x80\xc9\x2e\x07\xf6\x2c\x77\xa9\x09\xfb\x6e\xf5\x98\x82\x20\x62\xbd\x57\x2b\xf7\x05\x8d\xcb\x83\x5e\xf3\x44\x3d\x3e\x47\xb5\xc6\x03\xd9\x27\x36\xdd\x1d\xf2\x6b\xe4\xb9\x28\x3b\x76\xe3\x21\xd5\x5c\xe2\xb6\x38\xcd\xe2\x25\x77\xca\x59\xc9\x63\xc2\x47\x95\x56\xc5\x75\xcc\xb0\xd6\xd1\x8c\x80\x4e\x2e\xb0\x1f\xf5\x35\x81\xeb\x04\x0f\xfd\x2c\xc4\x67\x60\x73\x7a\x74\x67\x2e\xa6\xbf\x78\x05\x8a\x6a\x0a\x1f\x5e\xbf\x56\xde\xcb\xf9\x4b\x54\xaf\xb2\x3c\x11\xd3\x41\x79\xbf\x09\x76\xb4\x15\x80\x17\xd4\x07\xc9\x5a\x40\x1f\xa6\xf9\x62\x4d\x77\x13\x5e\xae\x81\x41\xeb\xea\x9f\x35\xd5\xf5\x1b\x3d\xed\x99\x5c\x7f\x70\xc0\x25\xb0\x94\xad\xef\x2b\x07\x1f\x97\x11\x55\xd7\x79\x6d\x61\x3a\x55\x0d\x09\xe7\xf4\xdf\xc3\x45\x17\xb3\xf8\xfa\x43\x93\x28\x6a\x2b\x22\x80\x17\xda\xf2\xe0\x15\x38\x7e\x13\x52\x7f\x63\x66\x1d\x3c\x13\xe7\x8e\x90\xfb\x29\x55\xee\xe3\x45\x73\x91\x19\xb7\x91\xf0\x5b\x07\xc8\xf4\x2a\x43\x6e\xfc\xad\x1e\xc5\xea\x10\xf3\x08\xf8\xe2\x3c\xa9\x8b\xc6\x5a\x5f\xd9\x39\x3e\xfa\xaf\xe5\xcd\xef\xba\x81\x05\x81\x70\xcc\x54\x93\xc0\x0c\xed\xf2\x54\x09\x74\x35\xd2\xe2\xfd\xe5\x5f\x86\x6b\xb8\x2d\xbd\xfb\x91\x54\x34\x49\x74\x86\x63\x59\x16\x7b\x46\x6c\xaa\x90\x9b\x91\x53\x0c\x9c\x7e\xe8\xc5\x3f\xa9\x01\x64\xbb\xd0\xb1\xfa\xdb\xdc\xd0\x81\x27\xf1\x9b\xe5\x03\x30\x71\x51\x8d\x3c\xf1\x0a\xe6\xbd\x6f\x98\x27\xe1\x20\x6f\x5e\xc0\x95\xc1\x98\x61\x70\xe8\xd5\xd8\xe7\x2e\x57\xd4\x22\x87\x01\xdf\x2a\x48\xc9\x54\x87\x30\x56\xcf\xdf\xba\xaf\xb1\x0e\x46\xa0\xc1\xf1\x44\xb1\xa0\xea\xcd\xd2\xcb\x66\xbb\x91\x2a\xc4\x71\x78\x7d\xab\xe4\x83\x53\x85\x91\x20\xb0\x34\x03\x56\x7c\x41\x5d\xdb\x88\xfc\x0d\x7f\xba\x40\x69\xbb\xfe\xf4\x06\xee\xd7\x24\xa1\x1a\xbc\x04\x1e\x8e\x7b\xeb\x66\x3d\x0d\xc9\x9d\xce\xf3\xac\x6a\x14\x90\x07\xb4\x2d\xd1\xf2\x2a\x77\xdd\x52\x90\x18\x14\x32\x51\x72\x22\x4a\x27\x78\xf3\x66\xfb\x9e\xb0\x2c\x81\x2b\x84\x2a\x42\x84\x25\x61\xc6\x8f\x2a\xc2\x31\xc2\x6c\xe9\xe8\xb1\x9a\xe9\x1e\xbf\xad\x3c\x0e\x9f\x66\x36\x3a\x13\xec\xd8\xb8\x97\xa3\xd0\x0a\x26\xd2\x57\x64\x8d\x56\xc6\x74\x74\x41\xca\x1c\x6e\xe9\x9f\x08\xdd\xad\x25\xd1\x16\xdf\xad\xab\x03\x83\x00\x0d\x3d\x72\x25\xcf\x2e\xff\x70\x76\xb2\xad\xab\x95\x22\x29\x25\x55\xf3\x19\x32\x06\x78\x60\x00\xd4\x2c\xa3\x4d\x70\x8d\xc0\x42\x84\xa9\x4d\x17\x4c\xc9\x2f\x10\x2e\xfd\xdf\x31\x48\xc2\x99\x69\x16\xd4"},
+{{0xd8,0x80,0xd2,0xfb,0x06,0x26,0x2f,0x57,0xab,0x87,0x78,0xe3,0x3d,0x16,0xb4,0x73,0x06,0x09,0x78,0xa6,0x54,0x9c,0xdb,0xcd,0x55,0x86,0xba,0x81,0x05,0xf5,0xac,0xa8,},{0x0d,0xe4,0x86,0xd2,0x11,0x5f,0xaf,0x2d,0x54,0x72,0x66,0x77,0x2e,0x43,0x0f,0xd9,0x72,0x7b,0xdc,0xac,0xe6,0xec,0xbf,0x2f,0xe2,0x3a,0xb6,0x0f,0x7b,0x52,0x54,0xb1,},{0x4c,0x00,0xa7,0x16,0x68,0xd3,0x21,0x3c,0x29,0xc7,0x04,0x1c,0x5a,0x03,0x7e,0xdf,0x13,0xc6,0x51,0x4b,0xd0,0xeb,0xc8,0x80,0xc9,0x09,0xca,0xff,0x15,0x06,0xa4,0x5d,0x27,0x80,0x9f,0xb7,0x4e,0x66,0x02,0xea,0x2a,0xad,0x0f,0x84,0x28,0x31,0xb7,0x4f,0xb3,0xd6,0x90,0x0c,0xcc,0x52,0x06,0x52,0xda,0x28,0x36,0x8f,0xd9,0x0c,0xa3,0x0e,},"\x11\x47\x43\xe8\x2a\x09\x93\xce\xc9\x70\x50\x67\xab\xd7\x7c\x16\x8b\x53\x67\x7e\xde\x5c\x15\x9f\xad\x36\xf0\x6f\xc1\xa1\x4a\xcd\x77\xf8\x83\x79\x9e\xd9\x88\x3f\x99\x15\xae\xa6\x38\xec\x17\x41\xf3\xf4\x21\x58\x55\xfb\x5b\x07\xdf\x37\x93\xbb\xe5\xb5\x68\xeb\x35\x94\x39\x1a\x9e\xf5\x72\x7f\xab\x93\xe5\x74\x69\xb3\x7d\xe1\x25\xb1\xe9\xf2\xe6\xfe\x2c\x3d\x1a\x10\xec\xf8\x7b\x6c\x0a\x66\x5c\x6d\x46\x0a\x17\x0e\xef\xb9\xbf\x71\x6c\xd8\xfa\xea\x97\x64\xf5\x79\xff\x34\xeb\xfa\x9c\x4c\xfb\x34\x70\x6d\x8d\xd7\xc9\xeb\x1d\x10\xb2\xdf\x46\x0a\x46\xbb\x57\x89\x43\x0b\xf4\x49\x15\x8b\x58\x24\xf2\xa3\xa7\xb9\x18\xb3\x3a\xcf\x2d\x9e\xbe\x90\x21\x6d\x1b\x7c\xbf\x4a\xf7\x70\xc5\xdb\x95\xfc\x62\xff\x3a\x3c\x38\x5c\x3a\x82\x17\x85\x3b\x73\x46\x63\x4a\xaf\x30\x60\x72\x88\xdb\x0c\x48\x3b\xd4\xc2\x22\xeb\x33\x2c\xb8\x9d\xc4\xa2\x17\xe6\x33\x4a\x26\x84\x13\xa3\x90\xbb\x37\x1a\xec\x35\x5f\xbe\x4c\x73\x6f\x7d\xa7\x5f\x9c\x88\x75\x41\xa2\xb7\xd0\xda\xc0\x18\xb6\x13\x8f\x02\x1e\x77\x26\x6d\xde\xce\x84\x68\x45\x2a\xda\x39\xf5\xe6\x3d\x02\x09\xb9\xd6\xda\xbf\x97\x54\x13\x25\x6d\xca\xa1\x5a\xc1\x4b\x60\x68\xe1\x77\x05\x6c\x7b\xf0\xf0\xf7\xc8\x84\xa3\x40\x20\x32\x29\x8c\xd5\x59\xa6\x31\x20\x39\x40\x06\x32\x32\x7f\x9c\x0e\x76\x3e\x52\x79\x8c\xb1\x77\xda\x44\x75\xe4\xb2\x40\x5c\x15\x7c\xa4\x27\x74\x11\x08\xd3\x3e\xd0\xb7\xa3\xf5\x34\x38\xce\x6b\x72\x5c\x6d\xd5\x81\x4a\xf5\x1c\xfa\x45\xdb\xce\xd5\x57\xf7\x26\xdb\x13\x0d\x55\xcd\xe7\x53\x3b\xc2\x09\x2d\x6b\x69\x9c\x2c\x87\x0a\xf2\x82\x73\x1e\x18\xd6\x51\xae\x85\xb3\xdb\x4b\xa0\x28\x53\xf8\xc8\x7f\xd5\xe3\xab\x69\xbc\x57\xb0\x8b\x81\xf8\x3c\x23\x9c\xcf\x22\xe8\x17\xe2\xad\xa4\xd0\xad\x14\x48\x7e\xd1\x46\x12\xc8\xb0\x97\x3e\xc0\x65\x0a\x55\xf6\xbf\x9a\xf4\xae\x92\x56\xad\x35\x46\xa3\xf6\x7d\xd3\x5d\x98\x7e\xf2\x19\x09\xa9\x4c\x50\xf0\xef\x06\x40\xe7\x55\xb1\xc4\xe1\xa0\x12\xaf\x0d\x31\x76\x6e\xeb\x5d\xf3\x1c\xd1\x04\xc6\x4e\xb6\x2e\xb4\xef\xb1\x39\xcf\x30\x57\x69\x40\x1d\x21\x3f\x96\xa4\x88\xd5\xee\x7e\x3c\xe3\x2b\x01\x92\xee\x8f\x08\x31\xbf\xbe\x8f\xe9\x5d\xe9\x56\x88\x6b\x52\x4d\x33\x19\xb7\x3f\xd5\x6d\xc6\x0e\x9f\x1c\x72\xd7\x81\x55\xa9\x7c\x6f\x43\x69\x7b\x20\x46\x6b\x3e\x7a\xeb\xd3\x57\xb9\x16\x96\xe7\x34\x8f\x45\x99\xb3\x4f\x35\x91\xed\xdf\xce\x2a\x7b\xd8\x49\xab\x16\xf7\xb4\x3e\xbb\x16\xe2\x3d\x6f\x52\x10\xef\xa3\x0a\xb3\xba\x8d\x32\xc4\x06\x62\xb8\x66\x2f\xd9\x11\x54\x4b\xc2\x45\x8c\x65\x69\xef\x75\xa9\xb9\xdf\x6a\x0f\x6d\x80\xd6\x58\xba\x86\xb2\x41\xca\x19\xce\x9a\x6f\xcf\x01\xd3\xda\xa9\x5a\xfb\x59\xc3\xd8\x9a\x18\xb9\x48\x62\x13\x94\x32\x7f\xc5\xe9\x20\xa7\x5f\x98\xf5\xe2\xb3\xd6\xc9\x5f\xd8\x52\xad\xf5\x67\xb6\xd3\x7c\x54\xd2\x97\x08\x56\xa5\x99\xf7\x49\xe2\xc5\x5d\xac\x7c\x23\xe3\xfb\x1a\x63\xbb\x4c\xc4\x7b\x8b\x94\xf3\xd5\x89\xac\x4b\xee\xf0\xaa\xd4\xe6\x29\x2f"},
+{{0x58,0x58,0x71,0x94,0x1c,0xc2,0x82,0xe3,0x33,0xd5,0x7b,0xbf,0xc3,0xd4,0xae,0xda,0x86,0x2c,0xfa,0x0a,0x37,0x50,0x30,0xcd,0x59,0x4b,0x36,0x92,0x84,0x8c,0x5f,0x00,},{0x4f,0x34,0x38,0x16,0xcd,0x48,0x05,0x0b,0x67,0x8d,0x3a,0xdf,0x70,0x00,0x88,0x77,0xc9,0xfc,0xf5,0xcb,0x66,0x2c,0xc4,0xad,0x2b,0x93,0x86,0x4c,0x02,0x09,0x07,0x07,},{0x29,0x88,0x56,0xe5,0x70,0x18,0x8a,0xef,0xca,0xd8,0x1b,0xb9,0x70,0xf0,0x76,0x96,0x57,0x70,0xc2,0x67,0x62,0xfe,0x29,0xe6,0x55,0x4d,0xc7,0xaf,0xcd,0xb8,0x01,0x72,0x3b,0xf6,0xc7,0x63,0xb4,0xcc,0xd6,0x5f,0x4e,0x15,0xd7,0xd8,0xea,0x38,0xfc,0xf6,0x7e,0xa9,0xd2,0x85,0x90,0xc7,0x92,0x55,0xc1,0xcf,0xeb,0xa7,0xb5,0xe4,0x5a,0x00,},"\x65\x1c\x10\x1b\x3e\x2d\xfe\xf0\x78\x3c\xe9\xf6\x1b\xd0\xa8\xbd\xc9\x30\x7a\xc0\x48\x8b\x9d\xd7\x0c\xd9\x0a\x7e\xd8\xf1\x79\xa7\x89\x35\x55\x62\x95\xb9\x1c\xc2\xb9\x72\x11\xe3\xb9\x81\xb8\xda\xfc\xb3\xd0\x6b\x76\xd0\xb6\xed\xa7\xfc\x61\x94\x5c\x0e\xe2\x65\x2c\x5a\xc4\x54\x25\x64\x96\xcb\x82\xf9\x8c\xc1\xcc\x92\xd8\x18\x93\xb1\x08\x2b\x31\xb4\x7e\x6d\x22\xa2\xde\x60\x9d\xe4\xce\x8d\x7c\xc4\xf4\xa1\x52\xc4\x7f\x41\x0d\x7f\xc3\x7d\x38\xcc\xd6\x29\xa4\xb3\x3e\x62\x21\x89\x60\x81\x79\x7d\x07\x53\xdd\x4f\xaa\x8a\x8b\x44\xd6\xc4\x67\x71\x66\xdf\xb4\xd5\x21\x54\x46\x36\x0a\x3c\x28\xd8\xf6\x8e\x38\xab\x54\x60\x8b\x98\x82\x1b\x83\xc1\x87\xb5\x39\x3a\xd8\x74\xa7\x6f\x4f\x5d\x72\x94\x93\xa1\xfd\x74\xcc\x77\x19\xca\xea\x99\x1d\x22\x9c\x5d\x0c\x8c\x4c\x5f\x89\xd8\xe4\x34\x5f\x4f\x52\x21\x43\x13\x41\x0b\x8c\x06\xb3\x31\x5f\x45\xed\x0c\x2f\x91\x38\xab\x96\x6a\xec\x0a\x64\x5b\x6d\xba\x76\x38\x0a\x53\x91\x23\xe0\xf3\x3b\x97\xf3\xd0\x60\x39\x4a\x30\x53\x58\x1f\xfd\xef\x3e\x6d\x36\x53\x11\x66\xb5\x53\xa9\xdd\xe0\x31\x05\xc0\x4a\xf6\x97\xd9\x5e\x95\x21\x7f\xd6\xdc\x96\x8b\xf3\xb4\x48\xd5\xf3\xa8\xe4\xf5\xae\x7e\xdc\x30\xec\x78\xb1\xae\xa4\xf0\xdb\x18\x9a\x94\x9a\x12\x21\x38\xcd\xfb\x5f\x96\x93\xdb\x00\x4b\xae\xd1\xa4\x21\xdc\x44\x12\x2f\x32\x72\x87\xf7\x27\xcf\x98\x9f\xca\xe3\xcf\x3b\xe3\xe3\xdd\x9b\x9f\x53\x50\x2c\xf5\xd9\xfb\x18\x6d\xe7\x91\xd3\x10\xd1\x22\x86\x9c\x9f\xc3\xb6\x95\xde\xc1\x60\x74\x77\xf3\xe1\x49\xe5\x2b\x63\xcf\xdf\xb0\xd9\x83\xe8\x9a\xf2\xf7\x5a\x8f\x48\x98\x43\xec\x05\xc5\xea\x5f\x0e\x72\x1a\xca\xb3\x87\xc6\x80\x25\xf2\x0a\xbe\x0d\x27\xb4\xce\x29\xf4\xa6\x4f\xb7\xf8\xe8\xa3\x32\x87\x3d\x3e\xd1\x21\xfb\x49\x34\x14\xb8\xcb\x0c\x00\xad\x3a\xb6\x16\xc5\xbe\x52\x41\x47\x1a\xde\xe9\xf8\xf4\x69\x74\xea\xe8\x4a\x4a\x8c\xe6\xfa\xbb\x7f\x5d\x9a\x6b\x75\xa7\xe6\x70\x45\x6f\xcd\xcd\x1d\x98\x2e\x8f\x82\x7a\x4b\xbb\x69\xde\xc7\xe3\x05\x3d\xfe\x83\x5b\x70\x30\x1b\x7b\x76\x3f\x00\x04\xbc\x90\x6e\x14\x55\x42\xf4\x87\xb4\xdb\xa2\xed\x56\x1b\xd1\xa2\x03\x06\x23\x6a\xf4\xb3\x6e\x40\x68\xe8\xc0\x07\xb9\x45\x4f\x87\x41\xa5\xf8\xf0\x79\xec\x1d\xb8\x83\x5e\xb6\x54\x42\x90\xd6\xad\xb5\x2a\x70\xd7\x67\x5d\x85\xdf\x4a\x9a\x12\x55\xbf\xd9\x36\xc3\x31\xfe\x51\xc0\x97\x7d\x12\x4b\x5a\x50\x6d\x29\xc6\xee\xc3\x3c\xaa\x25\xd8\xeb\x28\x95\x2d\x6f\xfb\x9d\x6e\x3d\xa8\x90\x38\x2d\x88\x87\x96\xd3\x74\x60\x7f\x66\x43\xb8\x9e\x73\x26\xd9\xed\xc4\x9a\x0f\x53\xbd\xcb\x8c\xc7\x6f\xfd\x39\x3a\x77\x06\x52\x2d\x04\x17\x00\x36\xcc\xb6\x63\x30\xdb\xac\x9d\xa7\xe6\x16\x8c\xaa\x88\xcb\x62\x18\x1e\x55\xa7\xb6\xd5\x21\xa2\x11\x5e\x23\xe2\x02\xee\x24\x80\xb5\x87\xbe\x45\x01\x44\x79\x79\xa8\xd7\x36\xf9\x01\x2e\xcf\x00\xe6\x7b\x31\xe8\x10\x4f\x6e\x7d\xf0\x8a\x96\x83\xcd\xc8\x9c\x03\xa4\xe3\x7e\xe2\x29\x28\xd4\x5f\xa1\x90\x94\xe0\xd6\xe7\xb4\x0b"},
+{{0x05,0x88,0xac,0xd4,0xe0,0x9b,0xa9,0x02,0x74,0xc8,0xf3,0xd1,0x57,0x5b,0x2b,0xf3,0x64,0xa7,0x76,0x88,0x4a,0x9a,0xeb,0x41,0x03,0x41,0x5e,0x16,0x3b,0xa0,0xbf,0x81,},{0x3e,0xca,0xe6,0x97,0xb4,0x25,0xd8,0x7e,0x34,0xa1,0xd9,0x44,0x09,0x8e,0x3d,0x32,0xe2,0xc1,0xec,0x56,0xc3,0x62,0x7d,0xf8,0x0b,0xa2,0xb8,0xa4,0x3d,0xdc,0x19,0x03,},{0xa1,0x11,0xb9,0x70,0x6d,0x24,0x2c,0xd3,0x6d,0x6e,0x87,0x41,0xcb,0xb0,0x97,0xb9,0xe2,0xff,0xfa,0x40,0xf4,0x3f,0xd6,0xf2,0xd3,0xd9,0x16,0x93,0x66,0x73,0x32,0xb5,0xf2,0xdb,0x5e,0xe3,0xea,0x20,0xb8,0x32,0x91,0xb8,0x40,0x57,0x95,0xb7,0x4d,0x63,0x3d,0x46,0xf4,0x75,0xab,0x7c,0x47,0x61,0x71,0x18,0x53,0x5b,0x80,0x51,0xd9,0x07,},"\xf8\x28\xf8\xc9\xda\xd2\x98\xc5\xb7\x19\xda\xa8\x52\xb1\x7e\x76\x25\x98\xa7\x0f\x4e\xcd\x16\xa2\xfc\x59\x6e\xb0\x26\x38\x99\xe9\x83\xd4\x4e\xdc\xc7\xbd\x24\x0c\xb0\x76\x10\x60\x0a\xe9\x6a\xac\x0d\xfc\x3b\xe3\x87\xb6\x16\x85\x08\x99\xb5\xcf\x44\xe1\x76\x7f\xfa\xca\x3d\xf3\x81\x58\x59\x84\x24\xf8\x07\x14\x14\xc7\x04\xe6\x0b\x42\x2a\xd7\x73\x77\xfa\x7f\x6a\x8c\x5d\x0e\xbc\x02\x35\xe2\xd4\x3a\x98\x4f\x3a\xdf\x75\x9e\xb1\x04\x47\xf3\xc2\xf6\xb8\x0d\x5a\x11\xef\x41\xd3\xa0\x98\x52\xc0\x93\x2a\x1b\x9a\xc2\x3e\x6f\x40\xa1\x67\xde\x21\x04\x1b\xec\x88\x85\xf9\x43\x3e\xb8\x0b\x95\xc9\x78\x59\x58\x04\x6c\xdb\x7b\xf1\x47\xa7\x99\x47\x82\x3b\x41\x49\xae\x05\x21\xd7\xe5\xaa\xbc\x15\x64\xfa\x40\x44\x10\x6e\x2e\x39\x2e\x9c\x34\x44\x57\xe9\x92\x93\x76\xea\x9b\x42\x29\xc6\xe7\x73\x8f\xe7\x90\x08\xd5\x54\xc4\x29\x39\x69\x14\xc3\x63\x87\xf5\x79\xb4\x6b\xab\x14\x6f\x6a\x95\x10\xeb\x6f\x8c\x85\x55\x1c\xbd\x84\xc7\xdc\x0d\x0b\x1c\x01\x0c\xcb\xa5\x96\x3a\x7f\x39\xf1\x81\xe4\x4d\xbc\x98\xe4\x95\xaa\x63\xc0\x10\x59\xcb\xe6\xa9\x9b\x07\xb4\x49\xe7\x75\x9c\x9a\xf9\xe0\xf8\xd9\x05\x4a\x67\xa3\x48\xfa\x19\xd7\xf9\x1e\xc0\xa4\xd4\xf2\xc7\x02\x6c\x3b\x84\x92\x59\xa3\x50\x41\x7f\xd8\x6c\xab\x21\x42\xe4\xcf\xe3\xc0\xaf\xbf\x25\x18\x2a\x2d\x52\xbd\x2e\x0b\xc9\x20\xe8\x50\x80\x83\x2b\x91\xb9\x27\xb6\x29\x48\xa6\x7c\x31\x7e\xb0\x90\x91\x46\x1d\x49\x3e\xea\x5f\xfc\x47\xbf\x08\x55\x82\x96\x82\x58\xa3\xc8\xdd\x81\xa8\x58\x27\x0b\xdd\xaf\xe7\x92\x56\x84\xa1\x5f\xfb\x51\xbc\xfa\xab\x93\x1a\xfa\x46\x5e\x30\x90\xe8\x6b\xe4\x1e\x35\x47\xcb\xa2\x34\xb8\x5f\xe7\xdb\x70\x04\x96\xa5\x05\x00\x2d\xf3\xca\x4e\xae\xc7\xb9\x62\x78\xc7\xd1\xa7\x7d\xb8\x34\xa9\x17\x97\xbb\xb8\x26\xd0\x92\xaa\x28\xb4\x95\x45\xed\x3b\x1e\xda\x23\xbe\x11\xa3\xf5\x28\xb9\x55\xcb\x0c\x4f\xa6\x6e\x16\xe9\x57\xe5\x70\x4c\xf3\x19\xe5\xf7\x9c\xc0\x9f\x2d\x05\x4e\x6d\xaf\x19\xe2\x92\x6b\x11\xe1\xe4\x13\xff\x82\x2c\xa1\x41\xf7\xc3\xd3\x85\xae\x95\xdd\x20\xb3\x46\xe5\x83\xcf\xb0\xc2\x29\xec\x39\xcf\x88\x9a\x54\x19\xcd\x37\xbc\x18\x4e\xf5\xfb\x14\x46\x22\x08\x0a\x30\x2d\x9d\x77\x45\xc4\x51\xf7\xd8\x82\x42\xcc\x26\xb9\x16\xa3\x56\x9a\xbc\x7d\x1f\x21\x6d\x57\x79\x7a\x47\x2b\xc6\x21\x76\x17\x58\xe8\x40\xeb\x8e\x29\xbc\x8e\xfc\xb7\xaa\xfc\x7c\xf8\xf4\xe5\x93\x30\xd3\x5e\xe1\x07\x49\x6d\xec\x6e\x71\x4b\x1f\xa4\x30\x98\x37\xbb\x47\xeb\x3a\x06\xb4\x60\x4d\xd2\x07\x33\xcc\x0e\xaa\xc2\x64\x9e\x18\xc0\x73\x42\xef\x55\xd1\x9b\x8d\x03\x95\x91\xac\x28\x69\xac\xc3\x4b\x6c\x3c\x1c\xa3\xcf\x26\x3f\xf8\x4c\xa4\x3a\x5f\x64\x65\xba\x34\x88\x8c\x10\x90\x13\xb3\x2b\xfc\x0d\x0d\x15\xf5\xa7\x6c\xec\x27\x0a\xb3\xac\x9a\x10\x63\x31\x31\x2f\x5a\x0a\x84\x28\x2c\x3a\x3d\x4a\xea\x1e\x7c\xf5\x3d\xbf\x8b\x24\x0b\xdd\x11\x1c\x34\xd2\xa9\x3d\xfd\x12\x58\xfe\x92\x67\x13\x3f\x75\x54\xdc\xc2\x1a\x8f\x43\x9c\x16\x5d"},
+{{0x7d,0x14,0x02,0x3e,0xb4,0x8b,0xbd,0x43,0x76,0x49,0xa2,0x41,0x87,0x79,0x05,0xa3,0xc9,0x32,0xf1,0x46,0x40,0xf2,0x9a,0x0f,0xb1,0x34,0x11,0x4e,0x8f,0x33,0xf5,0x82,},{0xea,0x5c,0x11,0xb4,0xb2,0xc5,0xef,0x4a,0xb7,0x06,0xcc,0xa3,0x47,0x50,0x43,0xc9,0x58,0x18,0xeb,0x56,0x5a,0x79,0x7e,0x33,0x68,0x8a,0xfe,0xac,0xd6,0x8a,0xdc,0xca,},{0x31,0x33,0x9d,0xce,0x23,0x33,0x6d,0xf5,0xb2,0xb1,0x93,0x52,0x2a,0xa3,0xdd,0x2d,0x41,0x14,0xa6,0x6a,0xf1,0x65,0x62,0x89,0xc9,0x52,0xbc,0x11,0xc9,0xb2,0x10,0xf7,0x7a,0x54,0xd4,0x61,0x61,0xf4,0xe0,0xc5,0x2b,0x30,0x13,0xe4,0x0b,0x9e,0x9e,0x84,0x27,0xd8,0x51,0x32,0x5b,0xd7,0x1c,0x4d,0x99,0x35,0x3e,0xee,0xd7,0x51,0x08,0x0d,},"\x90\x01\xdb\x31\xf2\x79\xbe\x50\x53\x19\xb8\xe7\x2b\xde\x11\x99\x51\x29\x80\xdf\x65\xf0\xd8\xa9\xb4\x93\x04\x67\x41\x3a\x99\x7b\x97\xa3\x62\xb5\x72\xa4\xb4\x4b\xc9\x40\x48\x7f\x18\xb2\x08\xce\x6a\xc5\xc6\x87\x16\xd3\xaf\x1b\xce\xf1\x70\x38\x3b\x5c\x4b\x5c\x47\xe4\x47\x37\x72\x6f\x93\x83\xbc\x4f\x14\x47\x68\xbf\x5c\xaf\xb4\xe9\xdf\xe3\x97\x61\xe6\xed\x47\x89\x71\xd1\xc7\x0e\x6d\xab\x2f\xd0\x49\x9d\xff\x92\x93\xb2\x39\xd1\x6c\x96\x02\x61\xc6\x82\x18\xb9\xf5\xb1\xbe\xe6\x90\xf0\xd2\x40\xc1\xb3\xdb\x71\x1f\x9e\x82\x1f\x08\x09\xbb\xeb\x9a\xaf\x24\x9c\xcb\x16\x8c\x67\xd9\x65\x56\x2d\x24\xf8\x48\x51\x61\x40\xbf\xd9\xfc\x05\x0d\x4f\x20\xda\x5a\x17\x94\x46\x8a\x9c\x07\x25\xea\x5c\x66\x9d\x5c\x63\x0d\x93\x10\xe5\x74\x51\x07\xda\xd3\x72\x61\xb5\xd9\x1e\x38\xe0\x85\x12\xe6\xf3\x73\xec\x5d\xca\xd5\xca\x09\x07\x29\x07\xc8\xfb\x7b\xf3\xb9\x26\xc3\x33\x94\x90\xb3\xf5\x1f\x76\x44\xe7\x3a\xe2\xec\x01\xd6\x1b\xe7\xc6\x52\x65\x36\xb4\xff\xd1\xab\x68\x49\xfe\x0c\x2f\x40\xd3\xbd\xa2\xa4\x9e\x55\x50\xb8\xdf\x97\x90\x81\xda\x85\x16\x8d\x0f\x71\x58\x2b\x90\x36\x77\x52\x6d\x1f\x1b\x15\x11\xe1\x38\xb6\x84\xfc\x46\xaa\xc8\xbd\x80\xc3\xde\xf7\xee\x81\x38\x19\x04\x61\x80\x7c\x55\x36\x12\x5c\xb0\xe2\xc3\xd0\x83\xa1\x87\xc7\x26\x9c\xb5\x31\xec\x36\x78\x78\x7b\x32\x55\x5c\xf0\x4a\xb0\x93\xc9\x00\x2e\x7d\x79\x2b\x4d\x93\x3f\x2e\x30\x70\xf3\x9a\xc8\xcc\xf8\xd5\xf5\x45\x5f\x12\x10\x9d\x8a\x8a\xeb\x4e\x21\x2f\xad\x4a\x70\xb1\x47\xc0\x4a\x7b\x91\x84\x60\xb1\x31\x63\x76\xe6\x40\x20\x85\x95\x17\xeb\x7e\xe3\x0c\x29\x0b\xe8\xb8\xd6\xf9\x67\x39\x15\x25\x6c\x3b\x04\xb9\xd9\x05\x4b\x52\x33\x8e\x0d\x36\x07\x85\xe4\x6a\x18\x28\x44\xc5\xc3\x76\x6a\xea\x8e\xd3\x11\xb2\xd4\x81\xc0\xb7\xb2\x11\x4e\x41\x8e\xd1\x7f\x8d\xeb\xf0\x1a\x83\xff\x37\x51\x70\x24\xee\x9e\x28\xe0\xc9\x0d\xce\x6d\x05\x9f\xfe\xe4\x13\xd2\x7c\xd6\x27\x83\xa8\xb8\xb5\x01\x6a\xd2\x76\xe3\x9d\xfd\x8f\x8f\x3d\xdf\xc4\x28\x10\x18\x18\xce\x50\x7f\x00\x3e\xb5\x8c\x9a\x5c\xc8\xb1\xaf\xf0\x5a\xab\x8f\x0d\x7f\x1d\x1f\x6d\x4b\x87\x1d\xbc\xed\x1f\x3d\x28\x66\x23\x97\x52\xfb\x13\xf6\xe1\x80\x34\xbb\x2b\x5a\x66\x35\xca\xa6\xec\xc4\x62\xe0\x58\xeb\xe2\xfa\x65\x1d\x3d\x0f\x36\xe2\x0a\x31\xf7\x65\xe4\xb9\x58\x27\x0b\xd8\x25\xc6\x81\x8a\xac\x1a\xd7\x56\x31\x35\xae\xed\xf1\x4a\x2b\x6d\x39\x8b\x6e\x34\x00\x84\x01\xb2\x18\x46\x18\x20\x07\x1c\x5a\xf7\x78\x46\xcb\x9c\x32\x81\x90\xc0\x61\xd5\xaa\x6e\x0e\xcd\xe7\xef\x58\x56\xb0\xe6\x81\x4f\x83\x3f\x70\x40\x96\xdf\x08\x25\xfa\x4b\x46\xdc\xda\xcf\xa2\x7c\xd8\x7b\xd7\xbf\xef\xf7\xf8\xca\xe1\x66\xa3\xa0\x4d\x43\x7c\x7b\xe7\x16\xc4\x90\x45\xc7\xbd\x3d\x13\x49\x62\x7c\x9c\xbd\x04\xc1\x5f\x00\xa6\x96\xe3\xcf\xfb\xb4\x5a\xf2\x91\x22\x62\x7e\x7e\xd3\x3b\x42\x49\x91\x3b\xec\x00\xf0\xe2\x8a\xa1\x12\x98\xcc\xe8\xb6\x49\x08\x1f\xe3\xb1\x69\xb4\xaa\xea\xca\x48\x5b\xda"},
+{{0xe8,0x30,0x6b,0xad,0xa6,0xd5,0x5e,0xb1,0x88,0xd9,0xf7,0x5c,0x81,0x5c,0xc9,0x14,0xe9,0x3c,0x9c,0x72,0x22,0x39,0x1c,0x15,0xbb,0xae,0xaf,0x93,0x54,0x43,0x79,0x35,},{0xbf,0x27,0x98,0xb8,0xe5,0x54,0xf5,0x1e,0x22,0x86,0xc3,0x03,0x4a,0x88,0xe5,0x77,0xff,0x23,0xfa,0x32,0xa6,0x72,0x44,0xea,0x82,0x45,0x91,0x2e,0x8b,0xf4,0x6d,0xa4,},{0xcc,0x66,0x27,0x30,0x8e,0x2f,0x42,0x43,0x83,0xfa,0x70,0x59,0x4f,0x57,0x57,0x91,0x60,0x05,0x40,0x02,0x7a,0x27,0x51,0x61,0x9b,0x28,0x3a,0xff,0xea,0xeb,0xc9,0xc9,0xd2,0x9a,0xc6,0xdb,0x28,0x6d,0xd2,0xc1,0xb5,0x96,0x58,0x7b,0x87,0x8d,0x1d,0xf4,0x78,0x1d,0x43,0x6b,0xb5,0x70,0xc1,0xc0,0xf0,0xd3,0x33,0x68,0xdc,0x66,0x52,0x0b,},"\xd7\x04\x38\x09\xc3\xe3\xdc\x00\xb1\x7e\xfd\x52\xc9\x13\x0b\x11\xb7\x86\xf1\xe2\x57\xb5\xe2\x2f\x81\xa7\xfa\xae\x60\x0b\xbc\xdf\xd5\x18\x53\x7f\xe8\x52\xc6\x42\x35\x97\x62\xfb\x75\xe8\xad\x85\x92\x49\xe6\xab\x49\xce\x1b\xb0\x4f\x24\x92\xf2\xaa\xc3\x54\x46\xba\x6e\xb0\x3e\x76\xde\x3a\xbd\x2d\x5f\xc7\xe6\x14\x68\x43\xad\xd0\x42\x86\x0a\x4a\x16\xb5\x9b\xdd\x7d\x03\x83\x78\xa3\x5e\x1a\x04\xb1\x21\x7a\x55\x71\x0d\x93\x7e\x2c\x90\x32\x23\x2e\xa2\xcd\xd1\xd2\x5a\x0b\xff\x71\xef\x5d\x3e\x0c\x05\x6b\x29\xcb\x92\xf6\xdf\x69\x2b\xde\x14\xdf\xa5\x0e\x13\x2b\xeb\xd8\x9e\x9f\x18\x33\x88\x0b\x65\x7a\x78\x1e\x94\xec\xb6\x03\x04\x17\x56\xe5\x51\x7d\x44\x23\xc5\x6f\xad\xc1\x3e\x2b\x31\x80\x88\xfe\xdd\xf3\xb5\xc8\x3c\x20\xb4\x6f\xdd\xbb\xa9\x23\x05\xe4\x86\x06\xda\xb7\x48\xce\x38\x48\xb8\x43\xf4\x71\x1f\x37\x0c\x3e\xc7\xd5\xe1\x9a\xb4\xc0\xac\x1a\xe1\x5a\xaa\xf2\x3d\x65\xfe\xce\xda\xbc\x08\x04\x9b\x9e\x29\x11\x3e\x57\x61\xed\x9d\x1c\x62\xeb\x07\x5c\xab\xb2\x67\x4c\xdb\xe1\xe3\xa8\x89\xba\xe4\xb1\xdd\x31\xb6\xa5\xb2\xea\x1b\x8d\xed\xcc\x3c\x51\x5e\xdc\x44\x67\xc3\x02\x31\x17\x6c\xd4\x4b\xec\x8a\x05\x79\x51\xab\x5c\xd3\x9a\x96\x23\xf8\xaf\x84\x73\xcd\x27\xd9\x33\x02\xbf\x8a\xa6\x24\xc9\xc3\xc5\x79\x9d\xa1\xdc\x49\x44\x94\xef\x8f\xf1\xdb\xe0\x18\x7e\xa5\x16\x26\x70\xb8\xd0\x98\xc3\xa9\x49\x19\x39\x8d\xad\xf7\x9e\x6c\x24\x91\xc4\x44\x39\x2c\x29\xcd\x50\xd5\x74\x35\x06\x32\x90\x84\x2b\xfa\x0e\x85\x30\xfa\xeb\xc0\x06\xd6\xea\x78\x01\x11\x7e\x0a\x3f\x01\x9e\xe2\x8f\xb3\x79\x22\x35\x40\x2e\x2f\x69\xb8\x7a\x43\xdc\x22\x7f\x9d\xe3\x16\x02\x97\x56\xc3\x16\x7d\x64\xa3\xa3\xf6\xd7\x31\x60\x33\x1d\x5a\x18\xee\xe5\xb0\xe6\xe2\x2a\x66\x3e\xfd\xcc\x8d\x67\xaf\x3b\xce\xd0\x41\xea\x84\x3a\x56\x41\x60\x3e\xc7\x2e\xfd\x64\x4e\x17\x3d\x19\x9a\x8c\x83\x0b\x2e\xa5\xfe\xc0\x37\x80\x27\xc3\x72\x25\xaf\xcb\x60\x4c\x4c\xdc\xf4\x09\xbe\x1c\x50\x9c\x9a\x37\x7b\xe0\xd0\x52\x41\x07\xc6\xd9\x2b\x5f\x09\xa2\x9e\xfb\x71\x09\x29\x56\x70\xbb\x1a\x1d\xd3\xea\x00\x8b\xb7\x91\x85\xf0\x9b\x98\xf0\x20\xc4\x3f\x14\x39\x68\x5b\x96\xf6\x19\x93\x11\xa0\x90\x87\x0f\x0d\x9b\x10\xd4\x95\xcd\x41\x0a\xa9\x5b\x7e\x53\x74\x9b\xe3\xa6\xc0\xfb\xc7\x29\xf9\x6c\xf8\x56\x43\x97\xb0\x9c\x13\x51\x40\x16\x82\x5f\x72\xf1\x4e\xb9\x32\x94\xd7\x01\x0a\xcc\xfd\x11\xf1\x7a\x6a\xc8\xf5\x44\x26\x3d\x60\x38\xd5\xc7\xdb\x29\x48\x62\x91\xb3\x0e\xa4\x9b\x6b\x54\xcf\x88\x82\x6d\xd2\x52\xcd\x9d\xbb\x57\xd8\x41\xb5\xa4\xcf\x70\x2a\x32\x64\xfa\xa4\xdc\xcc\x86\xab\x14\xda\xf1\x24\xef\x3d\x53\x35\xa6\x87\x8d\x06\x5c\x6b\xa2\x99\x91\x04\x57\x65\xee\x55\x42\xcc\x9f\x5d\x9f\x35\x4d\xcd\x2c\x6e\x0c\xf7\xff\x3a\x30\xf6\x49\xb5\x91\x2d\x97\x1d\x63\x35\x78\xf1\xe9\xf2\x63\x87\x4d\x05\x65\xc2\x47\x30\x1d\xcb\xd1\x5d\x76\x21\x1a\xe2\xd3\xd5\x06\xfc\x64\xde\xb7\xe0\x42\x56\x5d\x43\x8e\x2b\xfb\x24\x92\x43\xb7"},
+{{0x36,0x3c,0x1e,0xa7,0xc3,0x2e,0xa3,0x28,0xa0,0x55,0xaf,0x7b,0xd8,0xb3,0xbf,0xd2,0x04,0xfb,0x0b,0xbd,0x4b,0xf4,0x2f,0xfe,0x26,0x2f,0x3a,0x5e,0xbd,0x54,0xda,0x55,},{0x7a,0x83,0xec,0xca,0x51,0xef,0x6e,0x5a,0xa0,0x43,0xa5,0xce,0x04,0xd9,0x28,0x8a,0xdd,0x49,0xa2,0x77,0x54,0x8b,0xd3,0x01,0x6b,0x69,0x3f,0xfa,0x79,0xa2,0x2e,0xdc,},{0x5f,0xd1,0xe5,0xf9,0x92,0x2a,0x12,0xf6,0x36,0xb7,0x2a,0x7d,0x62,0x17,0x09,0x1f,0x94,0x8a,0x55,0xbc,0xb1,0x82,0x6b,0x8f,0xca,0xf9,0x9d,0x26,0x41,0x6c,0x7a,0xb1,0x35,0x1c,0x10,0xf4,0x09,0x3f,0xfd,0x8a,0x2a,0xf8,0x69,0x14,0xa0,0xa9,0x81,0x84,0xec,0x7e,0x06,0xd2,0xde,0xe8,0x7f,0xdc,0x0f,0x4a,0x47,0xf8,0xc6,0x3c,0xf5,0x01,},"\xc4\x1c\x1e\x1f\xb7\x59\x54\xa0\xae\x0e\xbc\x29\x09\x0b\x9f\xc5\x33\xe6\x93\xe7\xc7\x10\x5c\xfe\x40\xef\x52\x6e\x4e\x12\xa7\x40\x52\x21\xf2\x18\xc7\xac\x01\x9e\x1d\x4c\x92\xda\x28\x53\xf2\xd7\x26\xaa\x62\x27\x79\x24\xdf\x0c\x34\x3f\xc3\xd4\x7c\xd5\xa9\x9a\x3e\x27\x9b\x26\xa1\xb1\x3b\x1f\x2a\xa3\x6f\x7c\xcb\x4b\x54\xfb\xef\x18\xbd\x87\xa5\x5f\x1b\xc4\x0c\xe7\xb2\x02\x91\x45\xee\x7a\xab\x39\x17\x95\xac\x68\xde\x61\x99\xf5\x05\x94\xfc\x79\x61\x1b\x85\x13\x1c\x14\x30\x21\xf2\x6f\xa3\x58\xda\x0c\x7c\x6a\x65\xdd\xe0\x76\xda\xb4\x88\x67\x5b\x72\x23\x09\xe5\xed\x97\x46\xd1\x8a\x89\x30\x99\x06\xa7\xa9\xdf\x23\x7d\xd2\x7b\xd5\x90\xcc\xc7\x7c\x40\x2e\xf6\xe1\x9c\xa6\x3c\xc8\x6b\x85\x16\x03\x30\xee\x6e\x1f\x1f\x47\xa2\xff\x80\x7e\xef\xad\xc0\x09\x63\x52\x0a\x1c\x60\x0a\x3e\x45\xaa\x7f\xb2\x55\x4f\x47\xd8\x97\xbd\x86\xd8\x1c\x3b\x08\x77\x10\x12\x22\xfa\x78\x50\xb8\x0c\xe3\xbc\x06\xc9\xe5\x8c\x0c\x96\xe3\x2f\xec\x85\x30\xc9\xfa\x1e\x41\x63\xf0\xef\x84\x56\x95\x2b\xf6\xdd\x58\x04\x5a\x36\x3d\x61\x88\x0e\x9a\xc9\x76\xa3\x60\x3e\xf7\x7a\x4c\x39\x5e\x6a\x07\xe3\x42\xf6\x02\x3b\x8a\xf1\x02\x25\xcf\xf2\x40\xef\xc0\x36\x6a\x79\x9f\xd8\x6e\x9d\x06\x20\x60\xd8\x72\x40\x33\xbd\xf6\x75\x88\xcd\x73\xac\x28\x4d\xe4\xc6\x94\x3c\xf4\x5e\xe4\xf7\x5f\x59\x37\xd9\x7d\x78\x10\x5f\x0b\xbe\xce\x04\xd3\xdc\xb5\xe4\x24\xef\xf8\x9b\x77\x3e\x5d\x6b\x4f\x37\xef\xa9\xa0\x65\x4c\xb3\xef\x34\x52\x78\xa6\x2d\x87\x6c\xfe\xf9\xa3\xdc\xdc\xeb\x70\x81\x44\x18\x77\xeb\xd5\xfa\x30\xc9\xd9\x54\xe3\x68\x4f\xa4\x76\xa4\xf4\x85\xd4\x26\xfd\x3c\x8c\x32\xbe\xa0\xf9\xcc\x20\xb1\x5e\x8f\xdf\xc3\xca\x4b\x30\x2c\x07\x4f\x50\x81\x32\xd1\x5d\xe6\x25\xc1\x0a\xe0\x73\x78\x11\x46\x3d\xcc\x55\xfc\xc4\x01\x4b\x20\x20\x8f\xff\xce\xfa\x9d\xd4\x52\x11\x9b\x16\x52\xde\x41\x34\x8f\x69\xf2\xc4\x88\xf5\xcc\x18\x56\xd6\xe7\x8a\x5c\xbe\x3e\x37\x3d\xd4\x59\x8e\x2d\x39\xf8\x76\xeb\x94\xe0\xb0\x1b\x21\xfa\x91\x29\xef\x41\xb6\x39\xf4\xe0\x5e\x69\xde\xb1\x83\x5e\xd4\x4b\x91\x12\xa6\x86\x2a\x5b\xce\xa0\x72\xc6\xe1\xb8\xf0\xf0\x58\xf4\x6b\xac\x2a\x84\x5a\x58\x2d\x14\x8f\x17\x76\x0b\x9e\x0a\x2b\xa6\x0b\xbb\xf3\x88\x4a\xf9\x4d\xd4\xc7\xec\x9d\xb0\x8e\x9a\x5b\xcc\x6d\xde\x13\x46\x44\x2e\xe1\xf4\x70\x7d\x1f\x79\xb6\x9b\xa8\x67\xf4\x18\xdc\x27\x91\x73\xf7\x7a\xdb\xc5\x8a\xb8\x5e\xa3\x93\xb9\xdc\x68\x26\x19\x00\xc1\xca\xa8\x2d\x2f\x50\x47\x4c\x42\xae\xc9\x11\x31\x42\x78\xc0\xaf\xfa\x2a\x6b\x6c\x36\xd1\xff\x88\xf3\xb4\x9f\xb2\xb7\xc3\x39\xd2\xa7\xc2\xb3\x04\x9f\x8c\x0a\x08\xd1\x6a\x9e\x8d\xf9\x3d\x13\x0d\xa4\x84\xbd\xba\x6d\xbe\xc5\x34\xcd\x51\x09\x7a\x04\x82\x21\x10\x6b\xab\x48\xd6\x7f\x95\x1b\x75\x05\xa1\x48\x48\x92\xb8\x57\x79\xc5\xa3\x11\x17\x02\x12\x4d\x95\x7a\xcf\x2d\xc3\x52\xef\x9b\xa2\x47\xbc\x80\xe2\xce\x96\x26\x9c\xe8\x5e\x78\xb9\xeb\xda\x98\x90\x76\xdd\x5f\xf7\x3e\x1e\xb2\x75\xe5\xd7"},
+{{0xdb,0x22,0x28,0xff,0xff,0xa9,0xd2,0x53,0x4a,0xef,0x91,0x8f,0xb8,0x5b,0x82,0x1a,0xd3,0x60,0xe2,0xd3,0x9d,0xec,0x5a,0xeb,0x2d,0xb0,0xdf,0x02,0x49,0x7f,0x94,0x16,},{0x6d,0x01,0x95,0x77,0x7f,0x81,0x05,0xff,0x52,0x3b,0x79,0xc5,0x9e,0x3c,0x30,0x81,0xfe,0x89,0xdb,0x6f,0x87,0x03,0x3f,0x09,0x4f,0xa5,0xa9,0x40,0xce,0xf8,0x4b,0xb4,},{0x82,0x18,0x9d,0x34,0x0b,0xc1,0x1c,0xea,0xa4,0x00,0x41,0x0e,0x08,0xba,0xe9,0xd9,0x01,0xaf,0x05,0x91,0x25,0xe9,0x53,0x78,0x6f,0x8a,0x04,0x3d,0xdf,0x11,0xf7,0xb2,0xf8,0xe3,0xb6,0x17,0xac,0xcd,0x78,0xe2,0x93,0x9a,0xdf,0xab,0xf2,0xd2,0x47,0x1f,0xaf,0xd6,0xf5,0xbc,0x45,0xb1,0x40,0x75,0xb3,0x28,0xe3,0x4d,0x80,0x75,0xb2,0x07,},"\xfc\x07\xcd\x99\x04\x0f\x13\xe5\xa8\x4f\x94\x74\x6d\x6b\xb8\x68\xf7\x52\xb4\x48\xb6\x2d\x99\x59\x3e\xf2\x9e\x43\xcc\x82\x45\xf0\x47\x0f\x65\x55\x2d\x64\x32\x20\xf6\x71\x92\x85\xe1\x5c\x37\xa6\xd1\x74\xae\xf7\x60\x88\xcc\xda\x5f\x88\x68\x5b\x52\xda\xe2\x84\xc6\x5b\x38\x0d\xa3\x45\xa2\xe1\xaf\x2e\xd7\x64\x80\xd2\x69\xcb\x93\x4b\x43\x17\x62\x0b\x79\x2e\xbb\x39\xb2\xa6\x78\x24\x7d\x6d\x81\x5f\x2a\x5c\xb9\xaa\x56\x0e\x4b\xf6\xde\xba\x4c\x0a\x0d\xdc\x82\xd0\xe5\xa5\xa6\x5a\xcb\xc4\x78\xe1\xec\x6b\x06\x4d\x7b\xb7\x38\x8a\x73\xf6\xed\xa3\x0b\x0b\x6b\x73\xdd\x8f\x87\x92\x63\xad\x1a\x03\x48\x67\x1d\xcf\x21\x1c\xb9\x6e\xd0\x8e\xd5\x2f\x33\x17\xda\x68\x18\x5d\x6b\xb2\x58\x9d\xc1\x1d\x75\x5d\x47\xa3\xb6\xf6\xa0\x38\x6a\x85\x94\xd9\x57\x0b\x2e\x9b\x0d\x4b\x5e\x13\xdc\xcd\x9b\xb7\xac\xbe\xf0\xab\x27\x6a\x7a\xeb\xe1\x29\x31\xbe\x67\xf1\x0d\xe2\x67\xa0\x29\x89\x53\x01\xf5\x66\x25\x30\xad\x8a\xb3\xd2\x30\xb3\xb6\xd7\x09\x3a\xcd\xfb\xf2\x74\x75\x7a\x90\x78\xe2\x0c\x23\xbc\x82\x2d\xef\xfa\x61\x00\x54\x86\x10\x2c\x01\xab\x82\xbd\xc8\xcd\xcf\x1b\xb3\x7f\x9b\x56\xd3\x9e\x50\xfd\x5a\x68\x95\x41\x6e\x76\x7f\x4e\x36\xc1\xa4\x17\x78\x90\x81\x25\xb5\xca\x3f\x92\xa9\x0d\xa9\xad\xdf\xf1\x55\xfb\x1f\xd7\x76\x88\x08\xa8\x0f\x20\x3e\xd7\x37\xef\x00\x77\x63\xbd\x2f\xea\x9f\xf2\x8c\x84\xb4\x35\x51\xc9\xfc\x43\x8f\xfc\x47\xfc\xfc\xf6\x4d\xc7\x70\x06\x13\xaa\x8b\x3a\xf8\x63\x3a\xe8\xb6\x98\x74\x37\xc0\xaa\x47\x81\xbe\x1e\x82\x13\x96\xc5\x36\xcb\x30\x05\xd0\x55\x49\xb1\xcb\xa7\x01\x35\xaf\xb7\xfe\x30\x68\x96\x1c\xad\x3a\x14\x63\xcc\x0b\x55\x60\x68\x4e\x27\xbb\xa7\x7a\xef\x41\x9d\x82\x38\x68\xe0\xce\xba\xd1\xf1\xce\x0a\xe9\x02\x74\x4a\x15\x2d\xd2\x94\x51\xa1\x7e\x28\xa8\x9a\x71\x58\xa1\x83\x6e\xfc\xe4\xa3\xe5\xc7\xd1\xfa\xa4\xc3\x87\x5b\xc4\x6c\x4d\x9b\xe2\x2d\x66\xd3\x66\xac\x6f\x59\x53\x8a\x00\xb2\x75\xb0\x2f\xac\x6d\xa7\x55\xa8\x54\x08\x19\x97\xd5\xd1\xd0\xe6\xe5\x68\xa5\x95\x8c\xf3\x34\xc5\x18\xcd\x51\x7a\xb9\xd7\x3c\x48\xd6\xcb\xc4\xae\x4e\xea\x43\x53\x11\x3e\x7e\x4a\x7c\x05\x92\x0e\x68\x6b\xf0\x7a\xfb\xfb\x8d\xd2\xec\x4f\x18\xfa\x71\x38\xe5\x7d\x33\x2c\xd7\xa4\x22\x8f\xea\x73\xbc\x09\x25\x2f\x24\x42\x72\x94\xeb\xd3\x64\x5e\xe0\x99\x6c\x2e\x85\x1a\x8a\xa5\x1a\x7c\xd9\xfc\x2e\xab\x47\xc0\xab\x21\x3f\x4f\x51\xd2\x16\x09\x1e\xd0\x89\xe4\x59\x2e\x9b\xb0\x82\x8b\x85\x8f\x84\xf6\x0b\x93\xad\x84\xa0\xa2\x28\x27\xcb\xd2\x74\x14\xb7\x81\x32\x2a\x04\xd3\x96\x08\x28\xf6\x38\xdf\x28\x34\xc7\xf7\x83\x9d\x70\xdb\x12\x6b\xee\x5a\xf2\xee\x75\x59\xa8\xac\x4c\x01\xa6\xc3\x91\x39\x6a\xf9\x3f\xa0\x60\x89\x40\x29\x7d\xdf\x89\x00\xc5\xdd\xb4\x66\x34\x0a\xe5\x1c\x60\xc7\xea\xd7\x62\x44\x7e\x76\xd8\xbc\xcb\x57\x39\x97\xcf\x66\x14\xd1\x88\xa0\xb9\xa2\xf5\x6e\xed\x9b\x0f\x9d\x46\x3a\x19\x78\x7f\x40\x92\x58\x1a\x65\xc6\xbf\x78\x1b\x93\xc5\x60\x87\xe5\x4e\xe1\x34\x3a\xab"},
+{{0x66,0xb5,0x0f,0x69,0x2e,0x39,0x5e,0xb8,0x33,0x86,0xe0,0x27,0xc8,0x2c,0xe3,0xfd,0xee,0x3b,0xd8,0x99,0xb0,0xd3,0x17,0x9d,0xb0,0x86,0xfb,0xf5,0x24,0xf5,0x74,0x59,},{0x44,0x85,0x36,0xe9,0x82,0x40,0x84,0x37,0xce,0x89,0x67,0x40,0x53,0xe3,0xc5,0x89,0xc9,0x8c,0x09,0x5c,0x60,0x02,0x1a,0x11,0x81,0x78,0xc6,0x26,0x1d,0x88,0x10,0xfe,},{0xbd,0x13,0xf6,0x36,0x2c,0x07,0x07,0x89,0x22,0xf3,0x0c,0x63,0x30,0x75,0x1b,0xf6,0xe7,0xcf,0x42,0xa7,0x69,0x16,0xee,0x65,0x3e,0xb1,0x7a,0xcc,0xff,0x1f,0xbb,0xca,0x35,0x25,0x8c,0x4c,0xbc,0x58,0x2a,0x5e,0x8c,0xc9,0x4f,0xd2,0xc7,0xed,0xeb,0x53,0x76,0x2f,0x1f,0xc2,0x31,0x23,0xd7,0xf4,0xf1,0x45,0x40,0x9b,0x31,0xcd,0x38,0x02,},"\x74\x28\xa9\x64\x21\x2b\xcb\xe8\xdf\x7d\x59\xe4\x8e\x92\x34\x80\xaa\x0e\xe0\x9b\x91\x0d\x04\xef\xb6\x90\x36\x62\xef\xc3\x10\x7a\xc8\xfd\xc0\xc5\xf3\x92\x72\x74\x0c\xd8\x77\xe1\x6c\xd7\x1c\x54\x92\x38\xc3\x37\x22\x0c\xe2\xf6\xb5\xa1\xfc\x6f\x7b\x0a\x1c\xd4\xed\x21\xd9\x38\x89\x08\x1e\x34\xfb\x7f\xde\xcf\x41\x78\xbb\xd4\x31\xe6\x11\xe5\x39\xd9\x00\xc3\xd0\xac\x3d\xc7\x10\x7b\x36\xb4\x1d\x6d\x0d\x5d\x32\xc1\x97\x27\xf9\x08\xb6\xeb\x36\x7f\xeb\xb3\x52\xa4\x93\x58\x1f\xf1\x28\xb5\x6c\x4c\xaf\x6f\xb8\xe0\x99\x81\xf0\xd3\x79\x57\xd1\x28\x20\x17\xfb\xb8\x07\x61\x4c\x20\xf4\x65\xdc\x02\xb0\xcd\x96\x99\x83\xbd\x5a\xe1\xeb\xf6\x57\x8d\x7f\xf3\xce\xff\x32\x0e\x25\x56\x21\x99\xde\xe9\x34\x75\x7c\xc1\xf5\x8d\x55\x40\xc4\x1a\xac\x1c\xe4\xf2\x11\xf0\xb8\xec\x41\x07\x17\x40\x30\xe7\x02\xbc\x6a\x8a\x9c\x85\xc5\x05\xc9\x31\x6a\xef\xea\x3e\x43\x72\x24\x2d\xe0\x19\xb3\x5e\x2b\xd3\xc5\xa9\x56\x52\x19\x71\xc1\x06\xa3\xad\xbb\xc1\x3c\xdc\x4f\x7f\x9d\x3c\x58\xb9\x6a\x34\x4b\x4a\xc3\xef\x6b\xd8\xac\xa6\xed\x98\x76\xb4\x3e\x64\x97\xfa\xf7\xfa\x4c\xf2\x7f\xbc\xb6\x65\x73\x0c\x09\x1e\x13\xaa\xf7\xe9\xef\xe7\xdd\x10\xe1\x4e\xb1\x9a\x92\x00\x42\x42\x10\xec\x8b\x8f\xba\x7e\x69\x44\x4c\xe1\xa9\xe3\xa7\xb2\x6c\x11\xf6\xb7\x14\x5b\x69\x83\xa7\x80\x57\x76\x48\x40\x31\xbf\xf5\x2e\x81\xae\x76\x9b\x70\xa2\x82\xb0\x94\xff\xb5\xfb\x55\x25\xdc\x1a\x87\x2e\x20\x7e\x82\x7a\x2e\x11\xf4\xec\xf7\xb5\x30\x8c\x74\x8a\x92\x78\xea\x7b\xd6\x61\x88\x19\x44\x00\x43\x0c\x8c\xd5\x96\xeb\xb8\x72\x21\xe5\x36\xf6\xaf\xe1\xf1\x50\x5d\x6a\x59\xf4\x1d\x16\xa2\xf0\x14\xe1\xcf\xa5\x13\xf7\xa6\x97\x31\xd7\xbf\xdb\x2a\xff\xce\xfe\x05\x37\xd4\x2c\x79\x6e\x3f\xd2\x7e\x41\xb7\xca\x72\x05\x1b\xef\x28\xbb\x7b\xde\x70\x10\xdc\xfe\xd8\xaa\x16\xef\x67\x6d\xb6\xe5\x20\xc3\xce\xf8\xd6\xf5\x8a\x9a\x28\x13\xcf\xf0\xf7\x04\x1f\x87\xfb\xfb\x84\x31\xe0\x20\xed\xe1\xd4\xea\xf1\x9e\x23\xb9\x83\x44\x5c\x59\x15\xb5\x4a\xdf\xb5\x57\xfc\x20\xd0\x05\x8f\x40\xf5\xe0\x98\x25\xdb\xa8\xd8\xf2\x0c\x00\xf4\x3b\x3a\xee\xbb\x61\x57\xbe\x32\xec\x54\x62\x7d\x5d\x42\xab\x81\x3c\xf9\x7f\x09\x5d\x26\xdb\x80\x36\xc1\x2e\x82\xcb\x96\x3e\x80\x01\x16\x7e\x61\xab\x39\x3b\x4c\xca\x75\x5e\xce\xa8\x69\x95\x4e\x32\x3f\xa5\x26\x2c\x5f\xda\x3e\x0b\xe9\xa5\x1e\x5a\xf5\x1f\xa6\x44\x48\x24\xfb\x83\x7c\xc6\x7b\xe5\x37\xa8\x75\x69\xc3\x0c\xf0\x11\x4d\x39\xa0\x39\x42\xde\x4e\x1c\xd5\x23\x35\x5d\xab\x1a\xf3\x60\x80\xa9\xa9\xa5\x48\xbe\x1c\x2a\x7f\xbe\x54\x33\x77\x23\x15\xd2\x83\xe5\x15\x6d\xf6\x48\xbe\xe4\xb7\xdc\xda\x74\xf1\x59\x05\xd5\x42\xbe\x54\x87\x3c\x15\xc5\x3f\xf4\x2a\xca\xbf\x8c\x56\xf2\x57\xd7\x64\x72\x2d\xb4\xe9\xc7\x18\xe1\x20\x98\xa3\x45\x74\x86\xa6\xc9\x47\xac\x2d\xe0\xaf\x53\xe8\x2c\xf9\x50\xbb\x37\xca\x29\xc8\xda\xdf\xa3\x64\x6d\xb4\x98\x2a\xf5\x72\xd3\x9b\x26\x8c\x7f\x96\xb0\x3e\xf6\xb6\x53\xc8\x79\x45\xf2\x9b\xc5"},
+{{0x55,0x32,0x8b,0xe4,0xb3,0x70,0x82,0x27,0x33,0xff,0x39,0x89,0xa6,0xa3,0x28,0x2d,0x65,0xfe,0x8f,0x20,0x7a,0xb7,0x27,0x0d,0x7c,0x2e,0x72,0x7c,0xa3,0xcf,0xaa,0xc4,},{0x51,0x8e,0x02,0xee,0xf5,0x2f,0x5a,0xae,0xbd,0xe3,0xd1,0x08,0xea,0x79,0xec,0xad,0xfc,0x4d,0x99,0x4c,0xe1,0x95,0x36,0x21,0xe5,0x4b,0x7b,0x3b,0x12,0x1f,0xf8,0xff,},{0xf5,0x8d,0xb1,0x9f,0xd8,0x34,0xe1,0x51,0x94,0xc3,0xc0,0xf8,0xa6,0xa5,0x0e,0xbc,0x4c,0xf0,0x74,0xe8,0x0e,0xa2,0xe7,0x0c,0xda,0xf1,0xe1,0x69,0xbd,0x51,0xeb,0xd0,0x99,0x0b,0xad,0x77,0xc4,0xfa,0x20,0x8b,0x8d,0xd1,0xe2,0xc8,0x57,0x4c,0x01,0xb5,0xf5,0x96,0xc8,0xdf,0xa6,0xbb,0x8e,0x6a,0xe3,0xa4,0x7f,0xf4,0x12,0xe7,0xe2,0x09,},"\x6c\x24\xc9\xaf\xbb\xf1\x2d\xca\xee\x6f\x10\xe4\x08\x92\x52\xf2\xc6\x0b\x2a\xb9\x3a\x02\xc1\x60\x2f\xb5\xde\x4c\xe3\xbd\x92\x3e\xb0\x2f\xe1\x03\x9f\xdc\x15\x99\x6a\x44\x69\x15\xe7\x67\xde\xe0\x17\x6d\xdd\xb7\x8e\x9d\x6b\xbf\x06\x96\x75\x77\x5a\x82\x9d\xd8\x08\xd3\x76\xb0\xcf\x79\x20\xbf\x1a\x66\xe1\x30\x3b\xa5\x24\x19\x78\x5f\x25\xf2\x8b\xb3\x38\x99\xeb\xde\x84\x0c\x0a\xb1\x4b\x91\x9a\x65\x80\xcb\xaa\xc3\xa8\x05\x62\x7b\x9c\x4a\x77\xba\xa1\x6f\x82\x5a\x9e\xac\x2d\x6d\x36\x41\x65\x14\x93\x37\x0e\x50\xee\xe9\x4c\x74\x04\x97\x64\x36\x56\x05\xab\x4d\xac\x1a\x03\x02\x27\xa3\x30\xaa\x17\x8f\x2f\x8d\xa3\x77\xaf\x73\xf0\xbb\x04\x0b\xac\x12\x36\x6e\x65\xe0\x59\x10\x55\xf9\xf2\x3e\xac\xa3\x5e\x96\x88\xd8\x37\xa3\xc0\xd9\x9c\x16\x8f\xd8\x86\xac\xc9\x22\xcf\x37\xa7\x11\x8e\xf8\xa4\x4b\xb0\xa4\xfa\x42\x88\x04\x93\x09\xa7\xdc\x1b\xed\x80\x62\x1e\x10\x63\xe3\xe5\x92\xc0\xfb\xa4\x2d\x73\x98\xeb\x15\xf7\x40\x28\xac\x15\xd7\xed\x65\xa6\x36\x8a\x13\xb7\xf9\x56\xd1\x95\x47\xeb\x50\x6c\xe7\xec\x90\x73\x4e\xb9\x49\xcf\xf1\xd9\x8c\xe4\x14\xf1\x0a\xdc\xba\x8c\x00\x73\x20\x01\x87\x50\xa7\x1b\xd3\x6d\x3b\x6b\xfd\x61\x27\x05\x45\x08\xe3\xef\x65\xd9\x98\x48\x51\x4d\x33\xd6\x8b\x58\xe3\xa4\xb2\x24\xf7\x9b\x6e\x34\xdd\x48\x03\x40\x46\x7f\xe7\xf0\x25\xcc\x88\x21\x3d\x80\x8f\xbb\x5b\x91\xe2\xe4\x3c\xf9\xd9\x50\x64\x07\x98\x65\x92\x73\xd4\x7a\x25\xf1\xf0\x13\x2f\x68\x82\xfa\xad\xba\xfb\xa2\x8f\xee\x5f\xa1\x72\x72\xc1\xa9\x00\x11\x72\xb3\xab\x6f\xf2\xc3\x15\xf2\x6c\x07\x73\x44\x05\xb5\xee\x8b\x5e\x4f\x08\xe1\xe3\xb8\xae\xa0\x19\x46\x7f\xb0\x71\x88\x7f\x19\x19\x01\xa2\x1c\x59\x76\xc1\xca\x8a\xaf\x0a\x1d\x4a\x2e\x69\x8e\x76\x23\xe9\xbb\xe9\xca\x2a\x67\xa1\x53\xa1\x6f\x89\x5e\x6d\xd9\xea\x92\x44\x41\xb4\xbd\x0b\x67\x45\x52\xe3\x98\xb8\xd9\x70\x34\x3a\x9b\xc7\x76\xa3\xa3\xfc\x1a\x86\x60\xc5\x62\x5d\x60\x81\xb5\xd8\x7f\x0f\x8a\xc9\xf0\x7a\xb5\xab\xe7\x7c\xdb\x8e\x30\xd2\xfd\x1f\x6f\x46\x52\x5c\x75\xdd\x0d\xd1\xca\x32\x81\xcc\x89\x34\x6f\xb3\xe6\xd7\x38\x8e\xbe\xe1\x54\xcb\x59\xbd\x9e\x95\xed\x6a\x41\xd5\xdf\x66\x8b\x59\xea\x13\x78\x68\xeb\x12\x0b\x8a\x2c\xfd\xf4\x67\x44\x14\xfd\x27\x96\x99\xf2\x8b\x5a\x5c\xcc\x2e\x2f\xc8\x02\xa4\xc9\xe0\xb8\x5b\x76\xf2\x0f\x6b\xce\x2a\x49\x54\x88\x6f\xc4\x02\x67\x0a\x71\xef\xd2\x61\xf5\xdd\x7b\xca\x16\x88\x4a\x28\x7c\x62\x2f\xd4\x45\xf6\x8d\x44\x15\x1c\xc0\x13\x4b\x22\x9d\xa3\x8d\xaa\xab\x81\xb5\xc9\x60\xd5\x77\x00\xca\x92\xb2\x6d\x0b\x14\x21\x34\xce\x94\xb7\xbe\x6c\x18\x61\x0e\xa2\x13\x6f\x8b\xa8\x32\x9a\x2e\x8c\x00\x0b\x8f\x02\xfe\x05\xbc\xf7\x2c\xb7\x1f\x8c\x72\x53\x5f\xfc\xd8\x18\xe3\x8e\x79\x92\xa8\xf0\xc3\x2a\xc6\x21\x77\xd1\x52\x2a\xe5\x52\xc6\x0c\x1e\xe6\x16\xb7\x5e\x4b\x34\x42\xe7\x96\x57\xe4\xa3\x33\xc0\xb3\xd7\x44\xea\xf2\x60\xd0\xc3\x36\x93\x16\x86\xa6\xd6\x68\xc6\x4f\xef\x44\x00\x52\x35\x2c\x2b\x25\x8c\xfb\x65"},
+{{0x7d,0xa0,0x5f,0x04,0xe5,0xd3,0x8b,0x98,0x9b,0x83,0xf7,0x2f,0x7a,0xb2,0x6c,0x13,0x87,0x76,0x75,0x8f,0x4f,0x57,0x7e,0x49,0xdc,0x73,0xd6,0x01,0x3f,0xf4,0x37,0x59,},{0xb1,0xde,0x51,0x67,0xf4,0xd3,0x30,0x80,0x4e,0xec,0x9e,0xb5,0x65,0xef,0x40,0x55,0xf1,0xb6,0x4d,0xd9,0x5e,0x1c,0x9b,0x27,0xc6,0x7f,0xfe,0xf9,0x14,0x82,0xcc,0xa8,},{0x05,0xf1,0x17,0xf9,0xbc,0x3e,0xa5,0x5d,0x45,0x5e,0x9e,0xf1,0x35,0xe9,0x2e,0x76,0x65,0xd1,0x80,0x70,0xd8,0xf5,0xe3,0x75,0xdf,0x67,0xbe,0x18,0x17,0xce,0x14,0x35,0x7a,0x55,0xe7,0x01,0x66,0xf3,0x26,0xb7,0x7d,0x85,0x24,0x32,0x27,0xcf,0x67,0xd8,0xf2,0xe0,0xbf,0x84,0x40,0xca,0xbf,0xb0,0x52,0x75,0xb3,0x73,0xf1,0xe1,0x19,0x0e,},"\xa6\xa8\x61\xd8\x94\x7c\x5c\xd6\xad\x08\x19\x60\x2e\x32\xea\x76\x81\xc8\xf7\x30\x10\xee\xe5\x53\xe5\xde\xfb\xf7\x98\x20\x98\xb5\xf7\xb3\x99\x24\xbb\x79\x59\xad\x64\xc3\x03\x26\xbe\xd5\x60\xbf\x51\xe9\x98\x3c\xda\x5d\xff\x4f\x31\x1e\xea\x24\xcb\xe6\x8c\x61\x06\xce\xac\x9b\x84\x3a\xa4\xe2\xad\x1b\x6f\x8a\xe1\xe4\xf9\x68\x71\xfc\x02\x5b\xe4\xa6\x16\x38\x5f\xf2\xd4\xb7\xf5\x68\x29\xab\xef\xaf\x6a\xac\xbb\x78\x0d\x6c\xbb\xc9\x51\xb6\xe0\x5a\x78\x7f\x88\x5e\x33\x25\x61\x16\x65\xec\xc9\x24\x27\x4a\xa5\x31\xbc\x13\x3f\x62\xc7\x6c\xb3\xad\x14\x8f\x3c\x95\x79\xa8\x15\xa1\x42\x00\xb7\x64\x8d\xae\x0b\x07\xb3\x27\xd3\xbf\xcc\xdb\x6f\xe3\xb6\xcb\xd7\x0e\xa6\x5e\x6c\x0c\xc2\x51\x6a\x89\x66\x96\xd0\x7b\x2e\x77\x71\x3b\x0b\xee\x3b\x92\xfb\x1b\x6f\x75\xb0\x82\x0a\x5c\xb6\x2c\x5f\xe6\x20\x40\x03\x94\x3e\x24\x85\x71\x66\xfb\xdf\x57\x1f\x11\x5d\x45\xf4\x2e\x75\x90\x1d\xf8\xb1\x2c\x32\x61\x8a\xac\xb0\xd2\x42\x86\xc8\xd3\x03\x96\x05\x1f\xc2\x72\xaa\x17\xf4\xd2\xd4\x74\x61\x15\x2a\xac\xd3\xfa\xa2\xb7\xb2\x08\x31\x22\x78\xe8\x09\x24\x05\x92\xd1\xd1\xaa\x58\x5c\x56\x28\x0e\x66\xff\xd9\x2b\x57\x17\xd0\xcd\x1e\xb9\xfb\x74\x01\xde\xf8\x79\x48\x7c\x37\x4e\x5c\x53\x0b\x6f\xeb\xf9\x11\x12\x25\x74\xd2\x4f\xe1\x04\xb4\xf4\x5c\x7c\x60\x1e\x6c\x91\x7d\x3c\x18\x82\xc1\xad\x3c\x55\x5d\x8f\x2c\xe9\x55\xb5\xa1\x0d\xb0\xd5\xa8\xb8\xac\x7a\x62\x66\xb2\xe6\xb2\x7a\xd0\xee\x34\xf4\x7a\xd8\x57\x36\x7d\x52\xf7\x09\x6d\x4b\xac\xef\x0e\x46\x72\x54\x88\x42\x4b\x93\xb8\x9a\xcd\x42\x9f\xfb\x5e\xf3\x3a\x0b\x08\x1d\xd0\x94\x79\x67\x91\x96\x02\x3c\x39\x67\xf4\x4a\xd4\x1e\xb1\xa2\x39\x55\x27\xfd\x3b\x79\x76\x8f\x1b\x88\x5f\x04\x29\xb4\x95\xab\x60\x52\x56\x91\xbe\x84\x65\x06\x32\xa2\xf6\x6c\xb6\x3a\xd5\xbf\x2f\x6a\xe7\x0b\x66\x8c\x5a\x19\x3f\x74\x99\xfc\x4f\xc4\x2c\xf8\xcb\x30\x8c\xe5\x02\x9a\x50\x27\xba\xbe\xf5\x5d\x19\x25\xec\xfb\xa9\xf2\x7e\xb6\x08\x16\x19\xed\x0d\xf8\x56\x9f\xd8\x0e\x9d\xa1\x04\xdb\x39\xb5\xb8\x14\x0b\xfe\xbe\xbd\x29\x08\x54\x40\x06\x58\x19\xde\xba\x8d\x46\x9a\xe8\xb3\xea\x6d\x3b\xac\x58\x91\xf9\xa4\xdd\xfb\x7f\x1f\x06\xd1\x3c\x31\xa0\x7e\xe5\x3f\xb5\x4b\xc9\x7b\xd0\x86\x96\x39\x4c\x38\xe7\xf3\x68\x0c\x0f\x02\xf9\x75\xf4\x69\x92\x11\x47\xa4\x09\x85\x90\x97\x81\x3b\x4c\x3f\xa4\x3d\x17\x4a\xc4\x02\xf1\xa5\x28\xcb\x5f\xc4\xb8\x07\x51\x84\x32\xef\xf3\x34\x07\xa1\x11\xca\x3a\x3d\x7e\x9e\x84\x13\x5a\xba\xc8\xa8\xf5\x2e\xa6\x31\xc8\x6d\x74\xa1\xc6\xe5\x74\x9e\xdd\x14\x91\xc0\x02\x4e\x7d\xe7\xfe\x52\x85\x68\x29\xb7\x2f\xd1\x3d\xa6\x3a\x1a\x23\x43\x34\x9d\xf6\x62\xab\x31\x63\x53\x60\x32\x34\x6e\x53\x47\xf0\x43\xff\xf5\x28\xbf\x67\x15\x09\x22\xff\xf2\x02\x6b\xab\x74\x2d\xb9\xca\xe7\xcb\x2e\x3c\x74\x58\x07\x19\x65\x2c\x28\x44\x7c\x5e\x20\x98\x23\x17\x97\xee\x6e\xf1\x23\x1f\x57\x92\x05\x4b\xc3\x35\x9a\x32\xc8\x6d\x2f\x94\xf8\x5f\xa7\xd4\xa7\x41\x9d\xd2\x41\xff\x66\x2a"},
+{{0x1b,0x8e,0xc6,0x58,0x80,0xed,0xbf,0x03,0x9a,0x13,0xe9,0x70,0xb1,0x5a,0xa6,0x7e,0x19,0x2a,0xa0,0x2c,0xa6,0x5c,0xff,0x9a,0xda,0x17,0xd4,0x55,0x8f,0x40,0x13,0x7d,},{0x12,0xc1,0x19,0x1e,0x4d,0xe3,0xbd,0x44,0xd0,0x39,0x07,0x01,0x53,0xad,0xb7,0xb5,0x81,0xf6,0x00,0xe9,0xa1,0xdd,0x69,0xaa,0x89,0xf2,0x77,0xc7,0x06,0x9e,0x76,0xf8,},{0xbf,0xf2,0x69,0xa3,0x5d,0x6c,0x8e,0x55,0x2c,0xe7,0x16,0xd1,0x63,0x81,0x81,0xce,0x85,0x83,0xb4,0x5c,0x0e,0xc5,0x93,0xb4,0xe5,0x8c,0x40,0xac,0x76,0xe7,0xf8,0x5c,0xa1,0xda,0xff,0xfd,0x68,0x54,0x1e,0x62,0x3a,0x1e,0x35,0xa7,0xc0,0x97,0x26,0x88,0xb2,0x5e,0xed,0x72,0xf4,0xda,0x57,0xec,0xa1,0x68,0x57,0xa8,0x26,0x3c,0xaa,0x0b,},"\x37\xf1\x8b\x7f\x64\xc5\x13\x34\x79\xd6\xda\xe3\xbe\xf6\x79\xcd\xc2\x1e\xce\x3f\x5b\x57\x9a\x6a\x9c\x3f\xa2\xe5\x9e\x9b\xe8\x7d\x20\x09\xf7\x4e\x1c\xfd\xac\xcb\x1c\xe3\x7d\x00\x70\x23\x69\xbd\x16\x9d\x94\xfd\xcf\x85\xaf\x9f\xa3\x21\x7d\x27\xe6\xed\x6d\x1d\x8e\x5d\xf7\x61\x5e\x8e\x37\xea\x55\xde\x1f\xd0\xb0\x6d\x77\xb4\xc8\x3b\x92\x9d\x80\x58\x6f\xa0\x69\x4b\xe7\x2e\xc8\xb3\x65\xad\x2c\xbc\xdd\x2b\x1a\xd8\xcf\x7f\x03\x6d\xfa\x4d\xaa\x1a\x90\x36\xcd\xb1\x20\x43\x22\x27\xb1\xf0\x7b\x88\x66\xb1\x22\x12\x03\x09\xeb\x91\x4a\xb8\x4c\xdd\xeb\xa1\xde\xc4\x8a\xb9\x26\x36\x72\x85\x88\xfe\xdb\x3a\xaa\xd7\xe7\xdb\xb2\xac\x30\xe6\x3c\x6f\x5f\x90\xfc\x6c\xe6\x2d\x6d\x3b\xd8\x8b\x0d\x5a\xac\xfa\x61\xde\x9f\x32\x67\xb3\x00\x91\x7b\x57\xa4\x80\x36\xab\x20\xc9\xa0\x54\x46\xb8\x76\x74\x94\xaf\x24\x9e\x7d\xe7\xbc\x50\x7a\x22\x07\xcc\x95\x6f\x71\x84\x55\x5a\x7d\x5d\x88\x83\xbb\x4b\x3e\x93\xf2\xdc\xfc\x57\xb0\xda\x86\x38\x65\x8d\xcd\xce\x88\x5d\x44\xd9\xcc\x68\xb1\xd8\x17\x0a\x36\x77\xcc\x5e\x50\xcb\xf3\x3d\x54\x3e\xba\xe4\x47\x7d\x92\x39\xcf\x83\x38\x4e\xc5\x9b\x42\x33\xe8\xff\x33\x43\xf0\x6f\x30\x18\x77\x72\x9a\x53\xd4\x20\xbf\x01\xc6\x2e\x66\xab\x7f\xe5\x5d\xd8\x7e\xe8\x23\xa5\x8f\xcb\x87\x87\x0e\x1f\x52\xe8\x79\x17\x7c\xd4\x39\xc5\x33\xf5\xa2\x23\xe5\xa3\x43\x6f\xe9\xd6\x42\x65\x48\xda\xcf\xc8\x6a\x08\x46\xd3\xed\x23\xac\x04\x25\x63\xe8\x87\xff\x46\xaa\xd0\x05\xf4\xe1\xde\xe3\xee\x0e\xe4\xc2\x7a\x72\x51\x70\x9a\xe4\x0a\xbc\x5e\x25\x68\x64\xe4\x78\x5a\x4e\xdd\x8b\x2a\xdf\x1b\xc5\xb4\x01\x8e\x28\xd0\xb1\x75\x86\x7b\x02\xd0\x52\xa6\xe1\x7e\x41\x1a\x3d\x8b\xeb\x2a\x42\x08\xb7\x6c\xc6\x21\xfd\x18\xbe\x14\x8e\x23\x5d\x55\xaa\x71\x27\x70\x65\x57\xde\xc0\x53\xa1\x3f\x1a\x47\xdf\xda\x40\x5b\x3f\xe5\xbd\x28\xef\x5d\x34\x86\x19\xf5\x1e\x59\x5e\xf5\x05\x5f\x83\x9e\xfa\xf1\x10\xe4\x90\x16\x31\xac\x31\xa0\x2f\x4f\x7e\xe4\x24\xa3\xa2\xc3\xe0\x0d\x26\x02\xd2\xcc\x1e\x49\x29\x06\xee\xa4\x20\xa9\x26\x82\x38\xac\x66\x22\xa0\x89\x74\xe5\x73\x02\x92\xe6\xed\x51\x02\x56\xef\xde\x66\x7e\x0d\x9a\x0f\xf2\x21\x3f\x54\x12\x0c\xcd\x81\xff\xaa\x6b\x7c\xc4\x81\x41\xa2\xb7\x29\x85\x2a\xf5\x83\xd2\x6a\xa5\x1f\xbd\xe6\x7b\xe4\xdf\x14\xe5\x20\xc2\x25\x7a\x73\xc5\xc2\xe3\xc3\xd8\x7d\xfb\x25\x36\x11\x75\xfd\x18\xab\xd7\xe9\x9a\xa0\x9b\x85\xf8\x8f\x19\xc8\xd8\x2d\x45\x85\x8f\x31\x44\xc5\xdf\xb7\xa4\x9e\xde\x45\xb4\xef\xd8\x71\x05\x92\xa3\x72\x06\x36\xe7\xe8\x89\xc7\xe2\x2a\xd1\x3b\x2d\x44\xbb\x7e\x2b\x47\xb2\x96\x3a\x5f\xa3\xf2\x55\x7b\x85\xbc\x0c\x69\x3d\xe3\xd2\x2e\xf9\x46\x4f\x7b\x81\x4a\x20\xa4\x67\x6a\xd2\x6f\xca\xa0\x35\x44\xc6\xaa\xd4\x12\x83\x09\x5f\xcd\x12\x10\xaa\x8c\xc0\x29\xff\x5a\x26\x00\x5a\x89\x12\x26\xc2\x98\xe9\x4a\x52\xaa\x71\x33\x91\x3e\xc9\xd2\x2a\x5b\x2a\xc0\xbc\x6f\x15\xb2\x51\xd0\xb9\x38\x89\x21\x3c\xd1\xb1\xe5\xc6\xfd\x08\xf1\xa8\xf5\xcb\xd4\x21\x53\x29\xa3"},
+{{0xe7,0x53,0x88,0x02,0x6a,0x6a,0x6d,0x6c,0x6d,0x19,0x9e,0x36,0x29,0x93,0xa5,0xb1,0x04,0x49,0x01,0xe1,0x8a,0x76,0xc2,0xfa,0xc7,0x26,0x1a,0x6d,0x1c,0x19,0xa4,0xf3,},{0xb9,0xce,0x14,0x25,0x1c,0x0c,0xdf,0x3b,0xdd,0xb2,0x06,0xdc,0x6b,0x8b,0x2b,0x7f,0x5b,0x7e,0x4d,0xd1,0xbe,0x2c,0xe1,0x86,0x3f,0xf1,0x88,0x06,0xae,0x00,0xf1,0xee,},{0x6d,0x0f,0x83,0xd9,0xc5,0x5d,0x84,0xbc,0xf9,0xa8,0x61,0x47,0xd9,0xb6,0xba,0x9a,0xd5,0x37,0x83,0x2f,0xd0,0xf9,0x9d,0xae,0x7e,0x72,0xc8,0x13,0x9a,0xfc,0xb3,0x0c,0x7b,0x24,0xf6,0xb2,0x92,0xe3,0x2f,0x98,0x47,0x09,0x75,0x51,0xb7,0xfb,0xfd,0x51,0x0c,0x84,0xe8,0x9b,0xe9,0x82,0x54,0x44,0x14,0x57,0xbd,0x08,0xe5,0xf0,0x53,0x02,},"\xb9\x9c\xdc\x84\x72\x11\xc0\x66\x42\xdd\x11\x1b\xc5\xe0\xbe\xca\x53\xa7\x4f\xfb\xa2\xe3\xac\x93\xaf\xb4\xb0\x94\x75\x18\xe8\x32\x35\x27\x33\x0a\x4e\xfe\xfb\xe4\xba\xfa\x00\xba\xfe\xcb\x43\x4a\xb1\xe5\xb7\xce\x65\x65\x6f\x7a\x4f\xd8\x56\xaa\x6c\x38\x5e\xd8\xd7\xbd\x62\x85\x58\x0d\x7d\xd6\x08\x82\xe6\x9c\x19\xda\x07\x69\x09\xd6\x47\xde\x09\x5a\x80\xe9\x8a\xd8\x9b\x81\x4a\xad\xcb\xbf\x6f\x03\x3c\x49\x20\x2f\x65\x6c\x09\x10\x50\x39\x59\xcf\x97\xcd\x0f\xa8\x2d\x5f\x6d\x22\xfb\xa3\x38\x99\x51\x29\x4c\x4f\x7c\xdc\x21\xeb\x82\x44\xbd\x65\x60\x63\x7a\x5e\xca\x62\xa8\xeb\xa1\xf4\xa9\x33\xd1\x87\xa7\x5f\x86\x71\x16\x43\xaf\x35\x88\x31\xc8\xc1\x6a\x9a\x0f\x09\xe2\x53\xb2\x39\x5e\x9c\xb3\x71\x61\x1e\xec\xdd\x66\xb4\xab\x52\x1a\xa9\x4b\x3f\x20\x23\x7e\xae\x41\xcd\x10\xc5\xe2\x1a\x45\x2d\x48\xe7\x48\x18\x7f\x35\x4a\x67\xad\xf6\x81\xb0\xfe\x61\xcd\xae\xc9\x4a\x5e\xaf\x01\x26\x9f\xce\xb5\x70\xd5\x14\xff\x3c\x55\xff\x1d\xba\x2f\xd2\xdf\x17\xf8\x6a\x8a\xeb\x74\x78\x38\x11\x3d\xee\x94\xa4\x3b\x13\x84\xcb\xe1\x33\xcd\xf6\x42\x7e\x8d\x12\x2e\x4e\x93\x37\x04\xda\x6e\x26\xcf\xce\xe9\x7f\xe3\xf6\x29\xb6\x0b\x91\xb2\xdd\x86\x38\x67\xfa\x79\x80\x1e\x2b\x91\x6e\xc4\xc0\xfb\x62\xe0\x71\x59\x42\x1e\x65\x79\x74\x30\x7a\x1d\x02\xf7\xf2\xed\x47\x24\xa8\xb5\x21\xa8\x61\xf5\x5f\x35\x52\x1e\x8b\x2e\x1a\x84\x90\x4c\x42\x8c\xfc\x5b\x60\x14\xbb\x0f\x8b\xa8\x43\x4c\x22\x09\xbd\x40\xac\xa3\x11\x30\xdb\x97\x74\x33\x33\x59\x7d\x23\x51\xd5\xf6\x81\x17\x41\xf6\x26\x88\x97\x3b\xd7\x73\xd3\x02\x66\xfd\x1e\xfb\xd8\x9d\x47\xa9\x64\xf9\xd0\x19\x97\x15\x3d\x08\x7d\x92\x69\x66\x16\xdd\x10\x3a\x93\x4c\xcb\xac\x4c\x1d\x14\x2f\x20\x75\xd4\xe2\x2c\x3d\xa4\xa0\xe9\x73\xb2\x38\x63\x19\x62\x87\xb7\x91\x74\xfa\x29\x75\x5f\xc6\xd9\xb5\xe1\x00\xac\xe0\xa4\x59\x75\xe5\x03\xb2\x54\xd3\xf1\x95\xc2\x61\x71\x09\x10\xfe\xf1\x06\x89\x2c\x08\xbb\x29\x6d\x23\x0c\xde\xa9\xf5\xa1\x1f\x91\xac\xaa\x6e\x7c\x05\xe9\x2c\x28\x1d\x2b\x31\x55\xfe\x44\x80\xb0\xaa\x5e\x0d\xb4\x1d\x10\xe0\x5c\xfd\xef\xa4\x36\x40\x51\xcb\x75\x5d\xc7\x2f\xfa\x97\x8c\x00\xb9\x4a\x5f\x21\x2d\xc6\x91\xf8\x39\xb4\x9d\xe9\x7e\x01\x39\xd6\x5e\x8d\x73\xb2\xb2\x89\xb2\x6a\x12\xc6\xcc\xd8\xed\xc0\x4a\xdb\x45\x2a\xf7\xff\x09\x4a\xa9\x01\xea\xf5\x76\x51\xeb\x1b\x87\xb8\x33\xd0\xa0\x9b\x4a\x4a\x64\x62\xf4\x06\x64\x62\x37\x69\xe9\x50\x79\xf3\xc9\x62\x85\x0c\xc3\xb4\x01\xbb\x00\x58\xb8\x47\x5b\x10\xc8\x62\xf3\x2f\x30\x0a\x2b\x14\x3b\x3d\xea\x26\x9d\xdc\xbe\xa7\xbe\x7d\xd2\x42\x6d\x0d\x42\x04\xeb\x66\xa3\x9f\x13\x18\x82\x2d\xcb\x9c\x56\x13\x98\x63\x7f\x4a\xb8\xde\x19\x67\x68\xac\xe7\x4f\x34\x8c\x01\x2d\xd1\xba\xbe\xc1\x7f\x53\x00\xff\xe0\xd7\xaa\xae\xaf\xef\x7d\xb6\x50\xa8\xf2\xf3\x09\xa9\x79\x3f\x52\xc6\x85\xc7\xe1\xd5\x13\x32\x74\x91\x57\x84\x89\x9c\x48\x1d\x48\x5c\x9b\xd3\x0e\x99\xfc\xdc\x97\xd9\x6e\xf0\x74\x87\xda\x66\x3b\xef\xe6\x82\x99\xdf"},
+{{0x5b,0x32,0x3f,0xc0,0x1a,0x16,0xc4,0x5d,0x10,0x64,0x66,0x7d,0x2e,0xa4,0xa7,0xea,0x59,0xd2,0x03,0x42,0x56,0x2d,0x12,0xfb,0xc5,0x98,0xd5,0xaa,0x73,0x00,0x68,0x8e,},{0xd4,0x14,0x1b,0x45,0x5d,0x30,0x16,0x42,0xba,0xda,0x28,0x14,0xaf,0xcb,0x16,0x20,0xd5,0xeb,0x56,0xd9,0x2b,0x11,0x85,0xfe,0x5d,0xad,0xef,0x55,0x96,0x25,0xfa,0x71,},{0xe2,0xef,0xf6,0x07,0xf0,0x22,0x7a,0x29,0xd5,0x82,0xd6,0x9f,0x34,0x58,0xac,0xad,0xd3,0x22,0x6f,0xce,0xaa,0xc0,0xab,0xbd,0xae,0xd5,0x26,0x75,0xc5,0x16,0x30,0x07,0x3c,0xd3,0xa9,0x01,0x70,0x7e,0xcf,0x05,0xe8,0x93,0xf2,0xc3,0x6d,0xaa,0xf0,0xcc,0x49,0x01,0x11,0x69,0x46,0xb5,0x77,0x0d,0xc0,0x38,0x12,0x5f,0x6d,0x13,0x1b,0x09,},"\xad\x24\x66\x9e\xf5\x5c\x54\x0a\x8e\xd1\x62\xce\x1d\x28\xf0\x17\x60\xa6\x07\x19\xa0\x37\x73\x36\xeb\x00\xb1\xec\xbe\x6f\x61\x60\x1c\xd5\x64\xf9\x2c\x95\x68\x04\xf9\xbe\xd4\xe1\x47\x6b\x94\xe5\xea\x8c\xca\x80\xcb\x49\xa3\x04\xef\x85\x1f\x7f\x67\x5a\xbe\x58\xe6\x68\x1d\xc0\x12\xad\x55\xe5\x1b\x02\x1d\x98\x28\x56\x9d\x0b\xcc\x9e\x05\x27\xa3\xfc\x03\xc8\x91\xd1\x7a\x90\xe6\x33\x7a\x1e\xa6\x7f\x2f\x08\x81\x05\x87\x69\x38\x37\x08\x1e\x4c\x08\xa3\xd7\x2c\x53\x6c\x21\x40\xda\x20\x0b\xa4\x56\xc3\x76\xf6\x1d\x05\x65\x1f\x0c\x5f\x39\x57\x11\xf4\x1c\x0d\x6e\xae\x98\xc9\x06\x76\x4d\x1e\xbe\xf3\xf9\x04\x6c\xb7\xc8\x62\x26\x40\xfc\xaf\xaf\xbf\xb8\xf6\x2e\x1c\xd3\x2c\x66\xee\x1c\x55\x50\x94\x89\xa5\x38\xab\x61\x29\x99\xe7\x99\x7b\x77\x9c\x64\x22\xef\xf1\x09\xda\x4d\xf8\x29\x20\x93\x0d\x8d\x36\x3d\x78\x30\x90\x87\x95\xa3\x88\x8f\x25\xd6\x67\xe1\x4d\x15\x5e\xd4\x45\x81\xbe\x43\x0f\x79\x73\xb5\x74\xe2\xbc\x0b\x13\x4c\xf1\x39\xfb\x4b\xb0\x1d\xbd\xa4\x1b\x67\xb9\x81\x47\xd8\x01\x2f\x40\x67\x7f\x4b\x80\xce\x4a\x53\x4c\x90\xad\xea\xbf\x48\x4b\x21\xfa\x99\x4b\x7a\x17\x5f\x8a\x8b\x8a\x40\x75\x56\x44\x78\xdd\xb0\x50\x24\x58\x0b\xab\x03\x8c\xd9\xea\xa1\xdf\xda\x55\x2f\xb3\x12\x29\x42\x9b\x61\x4f\xa1\xd8\x0c\x52\x61\x4e\x84\xfa\xa2\x21\x7f\x26\x0f\xf7\xcc\xea\x8c\x7b\x06\xe3\xd7\x7f\xf8\x74\xeb\x81\xfc\x85\x97\xe5\xfc\xdc\xec\x95\x1b\x5f\xe6\x4a\x1a\xf8\x6e\x73\x19\x3a\x88\x24\x69\xeb\x3b\xa3\xc3\x82\x73\x4b\x28\x87\xb4\x19\x31\x6e\xa4\x48\xaf\xc2\x82\x47\x8c\x25\xf7\xbc\xa1\x84\x29\xcb\xbf\xfd\x88\x71\x17\x7c\x5e\xcc\x7d\x8a\xa9\xa1\xb9\xec\x87\x19\x2d\x29\xa5\x25\x39\xc0\x81\xc3\x59\x33\x32\x44\x4c\xbe\x66\x87\x2c\xf3\xd0\xe1\x97\x29\x2b\x82\xb0\xbe\x5f\xcd\x85\x8c\xd6\xca\x48\xb5\x3e\xe5\xb6\x16\x41\xbc\xaa\xf3\x1d\x81\x9c\x7e\x1c\xed\xaf\x9e\xe6\xb0\x7e\x09\xca\xed\xfb\x30\xb9\x20\x4a\x1d\x4d\xdb\x70\x56\x0c\xbe\x1e\xb0\xc0\xec\x43\xf1\xd1\x78\x20\x1b\x29\x08\x19\xfc\xdc\x92\xc6\x3e\x0d\xb6\x0f\xb8\x7d\xff\x00\xe5\x12\x64\x8c\x89\x58\xa8\x47\xef\xc3\x63\x46\x07\x3f\x1a\x4f\x1f\x23\x17\x06\x0f\x1c\x54\x3e\x6f\x01\xb4\x24\x85\xbe\xeb\x56\xca\xb3\xba\xb2\x6e\x6a\x0c\xa6\x93\x58\x02\xc7\x62\xb7\x99\x15\x9e\x32\x0f\x36\xb5\xe8\x3d\x4a\xca\x89\x62\xaa\x2c\x3c\x2b\x7a\x38\x70\xe9\xe0\x47\x31\xf3\x94\x8c\xf9\x41\xe2\x1d\x50\x96\x4e\x5d\x63\x5a\x35\xa5\x3e\x29\x98\x11\xb8\xca\xdf\xcb\x44\x16\xc5\x75\x98\xa3\xfd\x05\x41\x09\x10\xdb\xc0\xea\x2c\x78\xfd\xb9\x25\x74\x99\x7d\x58\x79\x62\x79\xea\xaa\x78\xb3\x6d\xce\xf1\xc9\xa1\x29\xee\xff\x82\x39\x9a\x26\xd0\x08\xff\xa3\xbf\x04\x18\xff\x7d\x39\xb6\x42\x7f\x34\x18\x95\x02\x4d\x16\xe2\x2a\x0c\x62\xa8\x2b\xeb\xa2\xe2\xba\xc2\x3d\xee\x18\xcf\xcd\x5d\xb2\x39\x7f\x37\x8c\x53\x67\x30\x90\x82\xc4\x4e\xb4\x3c\xed\xc1\x52\x20\x25\x3a\x62\x32\x03\x99\x66\x5f\x71\x34\x9c\xc1\xb9\x44\xf5\x8c\x73\xa1\x0a\x0b\xbf\xd4\xca\xf1\x28\x91\xe3"},
+{{0xbe,0x1c,0x11,0x2f,0x78,0xcf,0x13,0xae,0xfc,0x5c,0xe7,0xe3,0x37,0x64,0xac,0xa4,0x48,0x1f,0x9f,0x88,0xb0,0x18,0xe1,0x22,0xdb,0x9f,0x8d,0xac,0x14,0x62,0x46,0x05,},{0xae,0x38,0x99,0x36,0xbb,0xf6,0xd1,0x6e,0x3c,0x1e,0xeb,0x64,0x74,0x29,0x89,0x70,0x86,0x6e,0x12,0xec,0x9c,0x1d,0x6a,0xea,0x2f,0xd9,0xdb,0x6b,0x56,0xaa,0x59,0xc4,},{0xf5,0xfc,0x5a,0xcb,0x17,0xe9,0x95,0x7e,0xa3,0x04,0xf1,0x23,0xb6,0x50,0xe1,0x44,0xc9,0xe4,0x37,0x72,0x83,0x50,0x9d,0x43,0x1d,0xa6,0xa2,0xbb,0xd5,0x27,0xbe,0xb3,0x82,0xc9,0xf5,0x87,0x45,0xa3,0xe5,0x6d,0xcc,0x65,0x5b,0xd2,0xeb,0xb7,0xae,0xef,0xc9,0x3e,0xdc,0x3f,0x20,0xd8,0xd3,0xc3,0x79,0x23,0x03,0x1e,0xec,0x0c,0xb4,0x07,},"\xd7\x7f\x9a\xee\xa0\xfe\x98\xed\x7f\xb7\x4d\x58\x2a\x40\x2b\xcb\x79\x31\x47\x4b\x4a\x95\xd5\x23\xf3\xfb\x76\x9f\xb7\x09\x7d\x2b\xe4\xc6\xec\x10\x52\x14\x01\x63\x22\x25\x53\xaa\x8f\x4f\x89\xe4\x21\x73\x00\x14\xec\x73\x46\x97\x20\xce\xa9\x67\xf8\x8b\x6a\x48\xd0\x2a\x2d\xdc\x1a\x12\x1f\xdf\xfb\x8a\xe1\x27\x73\x8e\x29\x3c\x4d\x6b\x1b\x74\xad\x03\x84\x4d\xe6\xbf\xe8\x21\x50\x6b\x3a\x7a\x81\xd1\x9c\x37\xa7\xf0\x1c\xa4\x81\x47\x12\x19\xef\xe2\xa7\xb9\x2c\x4b\xd2\xac\x07\x74\x3b\x49\x75\x69\x64\x41\x71\x4b\x84\xd6\x3c\x54\x9d\x7a\x6f\xb6\x1f\x16\xfb\xcd\xb7\x2b\x91\x4d\x78\x82\xd0\x91\xf9\x70\x6d\xa3\x8c\x1a\x81\xa1\xc6\xa4\x0f\xbe\xc0\xd8\xe2\x38\xb5\xd5\x6d\x46\x0e\x90\x9f\x85\x47\x9f\x7a\xd8\xb1\x19\xf3\x54\x55\xe3\x40\x10\xca\xa7\xe5\xd0\x1f\x38\xe3\x01\xad\x37\xe8\x00\x5f\x6e\xd2\x9e\x4a\x10\x2d\xb3\xf6\x1d\x84\x09\x3f\x78\xc4\x9a\x96\x48\xc9\x77\xbf\x4d\x5b\x68\x9f\x71\xf4\x06\xf8\xad\x7b\x9a\xeb\x1a\xe2\x21\x33\xa8\x4c\xe1\xb2\x78\xb2\xcd\xde\x46\x59\x01\xb2\x3a\x17\x9d\x07\x2a\x80\x87\x9d\x0a\x24\xd2\xaf\x19\x7b\x32\x2a\x07\xbf\x5d\x40\xee\xab\x3a\xf1\x21\x17\xf1\x30\x21\xdf\xc1\x68\x1a\xba\x5c\x08\x3f\x25\x96\xe3\x7f\x11\x23\x42\x2b\xbd\xca\x3b\x2c\x32\xcb\x59\x4f\x56\xc3\x25\xe0\xc5\x64\xa1\x73\x32\x88\x05\x34\x59\xc6\x24\x88\x92\x5c\xd8\x0e\x7c\x94\x4d\xb9\x98\xc3\xc7\xbe\x54\x6b\xf8\x9d\x7a\x51\x1c\xcd\xba\x4b\x80\x9e\xee\x0f\xc2\x87\x3d\xad\x72\xb4\xcf\x3b\xa0\x51\x28\x9b\xb3\xf4\xe9\x92\x57\x32\xe4\x5a\xe7\x74\x10\x58\xc8\xfd\x11\x59\x9d\xd8\x43\x92\x7e\x3d\x14\x59\x8b\xb8\x30\x52\xd3\x35\x69\xcf\xb0\x2a\xf0\xc8\x8f\xa7\xae\xa4\xbb\x46\x84\x1c\xd2\xdd\xbd\xf5\x98\x8f\xcf\x32\x5f\xf1\x04\xa5\xdf\xc4\xa3\x0d\x26\x9d\x2a\x94\x97\x30\xc3\x61\x3b\xdd\xd3\x67\x3b\x42\xf6\x09\x0e\x6a\x60\xe4\xa2\x53\x06\x24\x63\xa6\x5d\x7e\x7f\xc0\x03\x0b\xba\x76\x9c\xa3\x44\xbf\xa9\xac\x82\x3f\x58\xcb\x5c\xee\x8a\x5f\xc0\xca\x37\x22\x8d\xe5\xa4\xd9\x3e\x0e\xcf\x7f\x10\x82\x16\x59\xa2\x26\x1f\x7e\xf1\x59\x6e\xda\x4e\x41\x1c\xf3\xc9\x66\x9d\x81\xde\x74\x54\x7c\xe4\xbf\x83\x3e\xb4\x32\xf3\x85\xce\x90\x38\xfe\x84\x8a\x8c\x96\xda\x7f\x01\xfd\x95\xbe\xa0\x6d\x1d\x74\x7c\x8a\xe7\x36\x49\x5b\xba\x22\x85\xbe\x5c\x32\xaf\xea\x44\x95\x20\xcf\xe8\xe1\xce\x25\xf9\x07\x7e\xd0\xec\x0f\x65\x98\xa9\xb8\xf7\x38\x6f\x15\x35\x81\x70\xcc\xef\xc3\xd5\xff\xb0\x09\x28\x81\x54\xde\x87\x7c\x24\x09\xae\x5f\xd8\xfe\xf0\x09\x3f\x1c\x36\xb3\xa8\xf5\x47\x43\x2c\xd0\xf6\x2c\x40\x33\x24\x2a\xd9\x92\x1a\x8f\x11\xc0\x0f\x36\x6d\xa9\x39\x69\x30\xa8\x0c\x99\x7d\xf4\x29\xa4\xf5\xf4\xe4\x5c\x7a\x6d\x7e\x02\xaf\x03\x31\x86\x75\x7c\x73\xcb\xe6\x4d\x2d\x4e\x78\xea\xaf\xe2\x75\x39\x52\x80\x35\xf2\xcf\xcf\x8e\xaf\x0a\x42\xbd\x25\xf8\x8b\x2f\xc6\x9e\x42\x66\x8f\xae\x66\x77\xc9\xac\x90\x91\xd9\xd1\x5a\x41\xf3\xac\xe6\x5d\x90\xa0\x22\x98\x73\xdc\xf2\x54\x25\x6c\xca\x44\x9e\xd4\xc1\x7d\x54\x35\xba\xe4"},
+{{0xbd,0x85,0x23,0xed,0xa8,0x99,0xb9,0x84,0x23,0x0e,0x32,0x88,0x75,0xb9,0x67,0x2e,0xdc,0x9f,0xcd,0x24,0xea,0x5c,0xc1,0x2d,0x7b,0x57,0x2d,0xa4,0xbe,0x01,0xfb,0x7b,},{0x02,0xb7,0x34,0xeb,0xbe,0x88,0xc1,0x3b,0xfa,0x95,0xa5,0xd9,0x64,0xfc,0x7e,0xf9,0xd3,0x95,0xbd,0x63,0x03,0xf0,0x65,0xdc,0x4e,0xe1,0x7b,0x3a,0xc1,0x54,0x8b,0x7b,},{0xfc,0xfc,0xdb,0x08,0x8d,0xcb,0xd0,0xa5,0x1b,0xd3,0x01,0xe3,0xe1,0x56,0x16,0x71,0x93,0x5d,0x8b,0x6f,0x71,0x9c,0x5d,0x92,0x69,0x06,0x40,0xd3,0xc9,0x1e,0x77,0x5b,0xf4,0x05,0x41,0x32,0xef,0xc0,0x5a,0x21,0x22,0xfc,0x20,0x9d,0xb3,0xc3,0x34,0x32,0x33,0xff,0x8a,0xec,0xeb,0xd5,0x2d,0xaa,0x2b,0x3b,0x21,0xee,0xb1,0x5f,0xd1,0x02,},"\x16\xc2\x16\xc9\xbe\x9f\x0d\x4b\x11\x54\x10\xbd\xfd\x15\x93\xc8\xe2\x62\x22\x1a\xb9\x7a\x2a\x39\x5a\x12\x19\x8f\x95\xc3\x02\x05\xb0\x89\x62\xd4\x89\x31\x18\xba\x9f\xf9\x9a\xb1\xc7\xa6\xe1\xf2\xf1\x75\x19\x10\x70\xac\x94\x53\x27\xad\x6c\x47\x0b\xab\xf7\x92\x8b\x07\xdd\x78\x8c\x85\xb6\x4b\x71\x2e\x0a\xae\x6c\x0e\xa2\x02\x81\xe4\x2f\xd5\x61\xe8\x3e\x3f\xba\xc6\x7f\x14\x00\x0e\xe5\x6d\x98\x1d\x2a\x2f\x0b\x9c\xa0\x0a\x9e\xa4\x7c\xa2\xf6\xfc\x8d\xca\x10\x35\xfc\xeb\x14\x2c\x3f\x26\xf2\x0e\x3c\x73\x22\x07\xff\xff\x11\xb7\x96\x95\xbd\xaf\xa4\x15\x21\x4a\x44\x99\x30\x23\x26\x60\x5c\xf0\xb8\xc8\x2f\x2b\x11\x39\x2e\xcc\x90\xcd\x74\xa7\xb4\x11\xb6\xd9\x07\xa3\xd5\xc1\x30\xc8\x79\xb7\xcf\x88\x0f\x22\xbb\xd7\xf0\xe9\x59\x33\x71\x8e\x96\xd7\xd1\x6c\xae\xa9\xf2\xc3\x9e\x89\xb1\x3c\xd5\x22\x66\x27\x36\x04\xa9\x6b\x51\xd6\xe3\x4f\x70\x67\x35\xdd\xd9\xfc\xa4\x4d\x09\xcd\x86\xbb\x72\x17\x60\x0e\x0d\x34\xd4\x16\xac\x24\x9f\x2e\x41\xbd\x0f\x4a\xbc\xbd\x25\x80\xad\xae\x21\xd7\xeb\xa5\xfa\x44\xf3\x9d\x78\x0f\x17\xeb\x85\xcc\xbe\xf5\x8f\xef\x90\x3a\x28\x0d\x95\xf8\xf3\x21\x07\x89\xfa\x12\xe1\x20\xe2\x1b\x6e\x8c\xad\x91\x78\x35\xbb\xdc\xc3\xb0\x7e\x84\x69\x39\x54\xe2\x3a\x94\xf9\x9f\x93\x7d\xdb\x0d\x4a\x18\xd4\x2c\x3e\xa8\xfc\xa7\xd1\xea\x6e\xd5\x3a\x00\x24\x6f\x99\xea\x52\x0e\x64\x05\xbd\x2a\xa5\x49\xb0\x6e\x7d\xa7\x22\xc1\xba\x74\xaa\x1c\x13\x6e\x8e\xa5\x8b\xaa\xf8\xd3\x76\x58\x69\x3f\x3e\x0b\x44\xf6\x31\xdd\x6d\x08\xff\xdf\x4f\x09\x18\x9d\x30\x35\xa3\xf0\x34\x68\xe2\x96\x96\xef\x05\xe0\x2c\xc1\xaa\xbf\xec\xbd\xa2\x30\x1b\x54\x0c\xb0\xeb\x0a\x75\xbc\xce\x73\xdb\x92\x73\xa9\x16\x1a\x98\xad\x89\x8f\xcd\x65\x79\xfb\x7e\x4b\x32\x79\x54\x4f\x2e\x0b\xd7\x74\xdd\x1a\x81\x57\xda\xa8\x8a\x70\x32\x11\x67\x70\x3c\x60\xa6\x08\xa4\xb5\x42\x16\x59\x03\x75\xe5\x97\xfe\x21\xae\xa9\x7b\x52\x18\x5d\x0e\x37\xa5\x3b\x63\x88\xa7\x07\xa2\xbc\x24\xac\xf9\x44\x25\xf8\x4f\x3d\x56\xbc\x9f\x7e\xe7\x41\x2a\x9e\x18\x33\xad\x55\xb7\xea\xe6\xda\x58\x16\x98\x16\x63\x83\xa2\xeb\xa8\xb6\xf5\x39\x20\xf5\x17\xa5\xc8\x0b\xd3\xe0\x3f\xaa\xd4\x08\x7e\x3e\xe8\xfe\xc9\xa7\x9a\x01\xc7\x79\x51\x21\x33\xd7\xb6\xe5\xf1\xde\xc7\x66\x30\x0d\xc4\x05\xcc\x21\xa8\xc5\x83\xfb\x73\xbc\x90\xcf\x24\x38\x5b\x08\x60\x49\xd3\xbf\x20\xc3\x00\x98\x3c\x0b\x35\x15\x38\xdc\xcb\x22\x7a\x14\xfa\xfd\x23\xac\x4b\x26\xbe\x81\xa2\xb1\x20\xcf\x21\x6f\xc5\x83\x54\xf9\xdc\xbf\x05\xf6\x63\x39\xad\x6d\xdc\x2c\xac\x14\x67\x7b\x90\xe2\x47\xeb\xb6\xc5\xc2\x29\x00\x7d\xc6\x0f\x37\x4a\x06\xd4\x04\xeb\x23\xeb\x1e\xc4\x99\x07\xc6\xe8\x81\x62\x9e\x18\x67\x26\x8c\xa6\xff\xfa\x59\xaa\x3c\xa8\xf6\xc2\x95\x16\x2b\x95\x36\xc2\xbe\x22\xbb\xe3\xb7\x23\x80\xef\x11\xb6\x1b\x35\x7a\x62\x53\x10\x0e\x30\xa5\x86\x81\x8b\xa0\x03\xfa\x3f\xfd\x1f\xc9\x19\x88\x1c\x05\x02\x2f\x94\x84\x85\x98\xf2\x17\xfe\xa2\x22\x50\x72\x20\xd1\x08\xa2\x8f\xc7\xbc\x39\xa8\xa1\x1c"},
+{{0x33,0xa8,0x5a,0xe1,0x50,0xbb,0xf5,0x52,0xf4,0x16,0x63,0xb2,0x15,0x21,0xc2,0x96,0xd2,0x46,0xdd,0x6c,0xf8,0x19,0x5d,0xf8,0x51,0xc6,0x95,0xbd,0x15,0xf4,0xa5,0x02,},{0xc8,0xc9,0xc4,0x25,0x21,0x00,0x8d,0x5e,0xff,0xf5,0x76,0xc7,0xe4,0xa5,0x60,0x83,0xce,0xd9,0xa9,0x28,0xda,0x6f,0xd5,0xcf,0x93,0xfd,0xa5,0x72,0xa5,0xa2,0xd0,0xc0,},{0xbb,0xe4,0xcd,0x63,0x67,0x6e,0x26,0xd6,0x75,0xa1,0x91,0x15,0x1d,0x30,0xdb,0x72,0xb5,0xb8,0x4d,0x46,0x1e,0xec,0x65,0x64,0xaf,0x86,0x7a,0xb4,0x1b,0xae,0x99,0x31,0x14,0x78,0x85,0x51,0x9e,0xc9,0xd7,0xe6,0xc8,0x18,0x74,0x3c,0x8e,0xf6,0xd5,0x16,0x7b,0x35,0xb4,0x21,0x36,0x3c,0x09,0xb3,0x57,0x36,0x7f,0xe8,0xde,0x44,0x3a,0x06,},"\x93\x7e\x05\xf2\xf1\xfd\xbd\x41\x73\x15\x53\xe7\x7c\xf1\x81\xb5\x07\x97\x58\x94\x0a\xee\x8e\x92\x62\x3f\xb1\xd5\xf0\x71\x28\xb7\xd7\xf1\x7e\x48\x42\x70\x7a\x56\x2c\x45\xba\x69\x26\x4c\x0f\x73\x0a\x82\x1c\x7d\xb6\xbf\x82\x99\x0d\xc6\x51\x26\x9b\x29\x6c\x33\x51\x79\x11\x30\x53\xd6\xf8\x5b\xb0\x96\xb2\x91\x11\x65\xfa\x39\x00\xcb\x10\x24\x16\x48\x7b\xa8\x07\x86\x79\xc6\xb3\x36\xdf\xf3\x87\x63\xc0\x8d\xcd\x20\xfa\x66\xdd\xa4\x5c\x57\x5d\xf1\x50\xd8\x51\x16\x5a\x48\x04\x97\x38\x30\xf4\x36\xdf\x60\xb8\x13\x19\xf9\xcf\xb5\x64\xc0\x65\x28\x96\xed\x5f\x18\x49\xcb\x33\x54\xf5\x0f\x00\x12\xf2\x86\xe8\xa3\x0c\x21\x35\x28\x69\x34\x74\x00\x4e\x85\x04\x01\x2b\x94\x55\x60\xc0\x74\xa6\xa1\x63\x43\x2c\xf4\xac\x4b\xa7\x17\x5c\xf2\x60\x05\xdb\x71\x99\xee\x96\xd8\x93\xcd\x1a\xad\x3f\xdf\x5d\x57\x46\x0e\xf0\x2d\xda\x6d\x3a\x14\x08\x25\x19\x6f\x3f\x8e\x2f\x37\xda\x36\xb6\xfd\xad\x18\x4f\x27\x40\xf1\x16\xde\x75\x8a\x92\x91\x70\x30\xc5\xfb\x80\xf0\x26\x24\x96\xd2\xdf\x93\xc7\xe2\x76\xf2\x5d\xa7\xdb\xed\x8e\xb8\xdd\x4c\x56\x3a\xba\x55\xb8\x2a\xf6\xba\x3a\x70\xca\x5f\x85\x8b\x44\xa0\x33\xcf\xb7\x95\x60\x4d\xde\xe7\x46\xe7\xc8\xae\x79\xd2\x72\xfb\x9a\x23\x41\xa2\xa2\x02\xdf\x5e\xac\x08\xde\x75\xad\x80\xc6\x58\x0d\x92\xb1\x69\xf2\xe1\x31\x88\x57\xb1\xb1\x42\x1c\x30\xf3\xdd\x46\x10\x93\xde\x2d\x34\x5e\xde\x74\x04\xb7\x2a\x45\x0d\xe0\x7b\x16\xee\xe6\x8c\xe6\x28\x87\xb6\xea\xa4\x36\xee\xe6\x84\xbe\x75\xce\x0e\x1f\x96\x26\x3e\x8d\x87\x36\xf9\xba\x00\x0d\x88\xe9\xe5\x86\x0f\x32\x8a\xe1\xe2\xdc\x73\x09\x9d\x32\xfc\xeb\x1b\xd2\xc0\x12\x36\x98\xa4\x9b\xea\xd1\x90\xa0\x0e\xc9\xa6\xf8\x71\x33\xed\xdd\x45\x31\x6f\x65\xeb\x0d\x32\x9b\x07\xb9\xa6\x6b\xb9\xfe\x42\x58\x8b\xf7\xb8\xd0\x6e\xfe\xc1\x98\x6b\x82\xa0\x81\xed\x3f\x68\x02\xe9\xbe\x73\x46\x47\x84\x55\x9a\x4f\x2c\x09\x7b\xa1\x4b\x0b\xfd\x5d\x7e\x0a\xff\x65\xcb\x69\xab\xd0\x3f\x86\x16\xcd\x7e\xdf\x7e\xc3\x68\x21\x9e\xdc\xf8\x93\xe9\xee\x71\xda\xd9\xf1\x8d\x79\xe5\x68\x26\x5d\xdc\x67\x16\x22\x32\x13\x23\x5b\xb9\x28\xe9\x08\xde\xa8\x27\x78\x4c\xd1\xaf\x39\x6d\x59\x0c\x81\xf4\xea\xcd\xfc\xf8\x9c\x5c\xac\x96\xfa\x05\x00\x64\xa2\x28\x41\xea\x71\x5f\x8c\x89\xd6\xd5\xaf\xbf\x59\x7a\x4d\x00\x5d\xbc\x6b\x13\x85\x6d\x33\x5b\x42\xa9\xa8\x2e\xdc\xb9\x49\x83\x5c\xca\x20\xb0\xa2\x3d\xe5\x1c\xc3\xae\xc3\x55\x66\xef\xf0\xc5\xae\x1a\xb3\x75\x13\x20\xd2\xc3\x10\x49\x52\x38\xed\xa3\x83\xc3\x8a\x41\x63\x15\x2b\x88\x15\x69\x0b\x8f\xf0\x15\x03\x5d\x1d\x00\xea\x4a\x0d\x6c\xaf\x32\x4b\xb7\x1a\x66\x4a\x1b\xed\x31\x48\x07\x84\xa6\x8f\x43\x8c\xaa\x35\x9e\x8d\x26\x73\xc8\x57\xd4\xb8\xc0\xb6\xc6\x95\x84\x7b\x86\x80\x0e\xa3\xd7\x34\xb5\xec\xc4\xd5\x2b\x50\x7a\xc6\x9b\x3a\x67\x78\x91\x60\x16\xeb\xc2\x31\x5f\x44\xc9\x0b\xf0\xc3\xe7\xda\xe0\x1d\x49\xcb\xc3\x03\x40\x2b\xbc\x63\x4a\xe1\x19\x1f\x3f\x6f\xd6\x3d\x30\x3b\x0c\x0b\xe0\x33\xa4\x7b\x90\xf8\xd3\xa7\x7f\x0a\x44"},
+{{0xba,0x9e,0x68,0x62,0x04,0x97,0x5c,0x3b,0xde,0xd4,0xc1,0xe9,0xf7,0x4c,0x7e,0x4c,0x7a,0x7e,0x3c,0x99,0x81,0xd0,0x1b,0xfc,0xa0,0xad,0x01,0x15,0xc3,0xf0,0xf5,0xc3,},{0x49,0x90,0xfc,0xe6,0x95,0x2e,0x8b,0x7d,0x0a,0xfc,0xf4,0xbf,0x9d,0xba,0x9b,0xce,0x1b,0xc4,0x81,0x5e,0x37,0x51,0x1d,0xa7,0xc2,0xad,0x48,0x92,0x58,0x1d,0xe0,0x3a,},{0xc7,0xd2,0x3a,0x58,0xe2,0xfb,0x2a,0x8d,0x4b,0x8e,0xd1,0xe9,0xea,0xe9,0x1e,0x11,0x29,0xc2,0xaf,0x8b,0xd0,0x5f,0x0b,0xd5,0x72,0xab,0xeb,0xbe,0x0f,0x30,0x82,0x59,0x25,0xf0,0xdf,0x71,0xcf,0xb7,0x21,0x8c,0x68,0x6e,0x55,0x48,0xd9,0x42,0x77,0x10,0xa6,0x90,0x36,0x6b,0xa8,0x55,0x41,0xc7,0x91,0x01,0xa5,0x8a,0x10,0xe8,0xaf,0x0a,},"\x46\xbb\x48\x95\x2a\xe5\x8f\x2b\xf5\x8f\x5b\xe8\xdf\x4f\x31\x6b\x50\xf3\x63\xec\x84\xee\xd8\xf8\x2f\xf4\xc0\x4b\x06\x92\xd0\x3a\xef\x26\xe8\xe1\xe6\xc9\x54\x9a\x22\x47\xd5\x40\xa6\xe2\x2f\xeb\x11\xe5\x7f\x4b\x80\x8a\x20\x97\xe8\xa7\xb6\xb3\xb7\xaf\x37\x69\xe6\xd8\x1d\x64\x88\x6e\x69\x62\x37\x2f\x4f\x39\xe4\x9c\xd4\x6c\x1b\x5f\x73\x5f\x38\x0f\x7c\x27\x7d\x09\x97\x76\xed\x1a\xea\xa5\x7a\x35\x9c\x0a\xa8\xc7\x2f\x40\xeb\x91\xa1\xbf\x07\xea\x15\x7f\x5d\xdb\x30\x40\x9d\x6e\x3a\xf9\x89\x90\xce\x7f\x30\xaf\xfd\xac\x5e\x22\x01\x06\x46\xdc\xa9\x6a\x54\x00\x60\xfc\x90\x8a\x31\x25\xb0\x00\xad\x1e\xd3\xa0\xf2\x55\xcd\x34\xf1\x5d\x7d\xd1\xfd\x68\x1c\x3c\x35\xa1\xcd\x65\x20\x56\xec\xc5\x26\x4d\x39\xaa\xf7\x2a\x9b\xb8\x3a\x55\x1c\xc9\x34\x88\x7a\xe1\x07\xaf\xdf\xef\x06\x32\x17\x27\x0d\x95\x96\x89\x14\x18\xbd\x46\x1b\xba\x63\xde\x65\xbe\x06\x7b\x1b\x78\x64\xfe\x46\x48\x4c\x7c\x9e\x96\x34\x9a\x7c\x03\xa8\x0f\xa0\x55\x05\x0a\xa1\x8a\xce\x2a\x44\xb4\xa0\x3c\x94\x78\x24\x17\x2b\x30\xe2\x10\x11\x15\x94\x43\xca\x3c\xef\xaf\x69\x6a\x7a\xa8\xf9\x80\x11\x26\x0c\x94\x36\xbf\x48\x99\x1f\x41\xd4\xd5\x07\xb9\x6c\xe7\x32\x3e\x53\x1a\xdc\xf6\x63\x47\xc5\x5c\x88\x55\x67\x3a\x9f\x2e\xc8\x9b\x5c\x80\x24\x46\x06\x17\xec\x72\x71\x77\x3b\x36\xd6\x4f\xc1\x4e\xb5\xd8\x26\x52\xc5\x3a\x30\x31\x45\x72\x27\x09\x3d\x11\x8f\xd8\xeb\x93\x84\xe8\x02\x29\x04\x1a\x96\xa6\x49\x34\x50\xf9\x7e\x67\x36\x26\x3a\xbf\x1e\xcd\x9e\x9f\xb9\xa4\xf0\xf6\xd6\x67\xfa\x82\x41\x51\x48\x5e\xdc\x37\xb3\x4a\xcf\x3d\x8c\x35\xf9\xc1\xbe\x48\xb5\xe9\x6a\x12\xaf\x8e\x2d\x35\xc2\x3a\x03\x58\x0f\x21\x1d\xa6\x31\x6b\x34\xc5\x6b\xee\x87\x2d\x47\x64\x1b\xca\x77\xda\x64\x0f\xdb\xba\xd5\xa9\xad\x8a\xb9\xdc\x79\x57\x91\x3d\xa7\x34\xad\x37\x49\x2b\xa4\xde\x8c\xf1\x36\xcc\xcd\xeb\x6b\xa3\xf1\xbd\x3f\x00\x3b\xe7\x26\x3c\x4f\x2a\x40\xc3\x3f\x24\xca\x33\x39\x59\x6e\x6c\x34\x28\x33\x81\x00\xeb\xcc\x07\x22\xd4\xf5\x0d\x30\xb3\x3b\x91\x2d\x4e\x7c\x1a\x9f\xe6\x5f\x66\x58\xa6\xf2\x39\x14\x0a\x62\xc3\x26\x1e\x10\x39\x2e\xd1\x93\x0a\xa9\x17\x65\x2d\x3b\xd2\xbe\x4e\x8a\x08\xab\x97\xe1\x45\xb9\x20\xab\xb3\x1e\xe4\xbc\xd5\xa0\xd7\x1f\x63\x81\x80\xf6\x1c\x24\x58\x23\xa3\x99\xa7\x34\xa4\xdc\xde\x09\x97\x88\x02\x45\xed\x71\xeb\x9b\xc6\x5e\x3c\x6f\xc9\x5a\xb9\x20\xb8\x02\x4c\x17\xd4\x4c\xed\x00\x37\xd0\x4a\x13\x3c\x26\x41\x78\x2f\x1d\x62\x2d\xf4\x52\x69\xb4\x91\xd3\xfa\x2a\x12\x27\x57\x9e\xaa\x38\x6d\xe3\xe7\xde\x7b\xc4\x55\xc6\xa1\x54\xee\xe5\x72\x7f\xff\x04\x37\xa2\x00\x76\xc5\xc3\xb0\x57\x7c\xac\x5b\x4b\x69\x34\xe2\x69\x38\x02\x22\x46\x1a\x60\xf9\x54\xe4\x89\x79\xc0\x67\x12\x17\xf1\x6f\x70\x27\x98\x30\x34\x12\x10\x93\x18\x6c\x78\x70\x5f\xc2\x7d\xc9\x2e\x2e\xda\x41\x16\xa6\xbf\x7d\x23\xe0\x54\x8d\x62\xb6\x7b\x25\xc4\x1e\xd0\x61\x92\xbc\x26\xef\x13\x97\xbf\x16\x01\xf3\xa6\xe2\xa0\xe7\xf6\x61\xfb\x05\x05\xee\x38\x2f\x27\xae\xc2\x80\x5a\x3e\x21\x17"},
+{{0x59,0x07,0xa8,0xc0,0x84,0x04,0x38,0x75,0x23,0x8e,0xdb,0xdc,0xb7,0x83,0x2f,0xbb,0xa4,0xc0,0x5e,0xa3,0xc5,0xf8,0x8a,0x96,0xf1,0xfb,0xf9,0x50,0x40,0x1e,0xc1,0x64,},{0xe2,0xf4,0x95,0x09,0xd1,0x00,0x7f,0x61,0x8e,0xfe,0x4f,0x1f,0xd6,0x7e,0xaa,0x6e,0x2a,0xb1,0x8a,0xfb,0x2d,0xec,0xce,0xd5,0xa0,0xb2,0xba,0x83,0x63,0x78,0x92,0x60,},{0x8c,0x49,0x12,0xc0,0xf8,0x85,0xd7,0x6c,0x91,0x40,0x59,0x50,0x53,0x73,0xa6,0x4b,0xdd,0xd6,0x7d,0xd4,0x68,0x36,0x9a,0xb9,0x18,0xf2,0x3e,0xa2,0x8e,0x04,0xc1,0x91,0x77,0xa8,0xd4,0x61,0x14,0x4f,0x0a,0x8b,0x51,0xd2,0x15,0x17,0x6c,0xb0,0x8b,0xd6,0x53,0x01,0xc3,0xc4,0x62,0x37,0xb6,0x1b,0xb1,0x49,0x8c,0xa7,0x9d,0x4b,0xe7,0x0e,},"\x43\x3b\x24\x78\xe1\x8f\xad\x5c\xb8\x10\x67\x06\x1d\x22\x55\x28\x22\x97\x78\x30\x78\x85\x47\x54\x60\xfb\xe3\x13\x7a\x5b\x44\x02\x48\x94\xdd\xbe\x56\xfa\x6e\xd0\x21\x49\x6f\x07\x86\xe4\x2b\xc6\xc2\xd2\x79\x7e\xa0\xa6\xbf\x35\x5e\x88\x11\x5f\xaa\x55\xcd\x92\xed\x42\x13\x3d\x9d\xcd\xa6\xb9\xeb\xf6\x3c\xe4\xa9\x94\xd1\xa8\x2d\x2a\x49\x26\x75\x58\xbe\x54\x18\x2a\x6f\x85\x11\x2b\xd1\x2b\x24\x7a\xda\xcf\x14\x05\xfc\x7e\xc7\xa0\x15\xd4\x3a\xb4\x0b\x82\xc6\x77\xf7\xf8\x5a\x0e\x48\x19\x7c\x5b\x96\x57\x61\x99\xf4\xc3\x34\x3f\xf7\x65\x4d\x52\x3a\x30\xc4\x3a\x05\x4c\x3e\x46\x44\x51\x27\x80\x34\xb7\xf1\x96\xc3\x66\x76\x8c\x62\x8a\xf9\x4f\xc0\xcc\xfc\x9a\x29\x55\xf9\xd3\x23\x38\xb9\x44\x78\x0f\x8e\x32\x70\x85\xb1\x03\x78\x18\x68\xe4\xfb\x79\xd5\x61\x22\xd7\xf3\xf5\xab\x30\x9e\x5d\x63\x4a\xdd\x15\xda\x38\x2c\x0d\x23\x58\xe6\x47\x18\x2b\xe4\xde\x6e\x9a\x9e\x43\xe6\xa3\xa3\xb8\x21\x5b\x20\x4d\x95\x07\x61\x0d\x46\x16\x21\x00\x0f\xb1\x89\x37\x07\xaf\x7d\x25\x95\xbf\xef\x8a\x8c\x5c\x5c\xd0\x8f\x30\x9a\x5f\xb5\x5e\x45\x51\x9a\xea\x9b\x84\x74\x8c\xa5\xc6\x72\xbf\xec\xd3\x0d\x25\x65\x12\x34\xa3\xcc\x31\x9b\x43\xdf\xce\xfc\x1a\x07\xb5\x5b\x4a\xca\x71\x4c\x2e\x7e\xf9\x63\x8f\xe7\x88\x4a\x77\xb2\x22\x53\xa0\x1a\x22\x29\x50\x0e\x9c\xe1\x0f\xda\x73\xa8\x43\xc1\x9c\xc0\x96\x26\xd2\x45\x6c\x22\xa9\xc9\x01\x88\x1d\x52\x1f\x4b\x15\xd2\xf6\x13\xcb\x46\x9d\x30\x4d\x57\x92\x23\xbc\x5f\xf7\x38\x04\xdf\x63\x71\x51\x7e\xba\xa5\xb6\x77\xea\x91\x0f\xf1\xa0\x2a\x26\xfa\xfe\x48\xfe\xf4\x69\xed\x79\x9b\xed\x6d\x56\xce\x96\x18\x34\xa2\xed\xc2\xe2\x3c\x0d\x94\x26\xec\xcd\xcc\x93\x4f\x4c\x22\x0e\x37\x81\x5f\x7c\x33\x4b\x73\x83\x60\x7d\x43\x05\x20\x94\x6a\x88\x1a\x08\x32\x5b\x41\x64\x97\x9d\x5e\x82\xcd\x81\x34\xd7\x8c\xec\x48\x61\xc0\x19\xf6\xde\x30\x1c\x1b\x9a\xec\x52\xbb\x98\x20\x33\xfb\x79\xb2\xe9\x73\x1b\xab\x29\x68\xbc\x3f\x93\xfa\x56\x04\xb8\x93\xc6\x02\x8c\x20\x4c\x36\xbb\x8c\x6b\x07\x4b\xe2\x8c\x96\x4d\x28\x49\xb5\xbb\x19\xd7\xe0\xba\x24\xe2\x2a\x20\x4d\x4f\xda\x83\xb1\x01\x31\xd3\x83\xf1\x0b\x13\x6b\xd0\xdb\xa3\x9e\xc2\x6a\xf3\x0e\x3f\xfb\x4d\xbc\x0c\x92\x1f\x0c\xc9\x91\x07\x15\xd5\x1c\x81\xfe\x4c\x62\x95\x0e\x85\x55\x49\xa1\x7c\xd7\x3a\x09\xac\x91\xe0\x6d\x46\x15\x18\x37\x6d\x0f\xcf\xa1\x23\xdf\x0a\x83\x71\x03\x45\x8d\x9c\xe2\x21\x80\x8d\x1f\x9e\xf2\xed\xc5\xcd\x2e\x68\x23\x14\x5b\x52\x48\x94\xea\x48\x52\x6d\x98\x5e\xef\xd3\xf6\x06\x79\x39\x95\x48\xe1\xed\xea\xdb\x53\x95\xb4\x3d\x87\x04\x4b\x2b\xfe\x7c\x60\x37\x02\x9b\x34\x6a\x40\x22\x27\xea\xb8\x1f\x33\x3e\x10\xe7\x7f\x1d\xbc\x06\xa2\x11\xd4\x3b\x82\x55\x86\x76\xc2\xdc\xff\x90\x82\xb1\xdd\x53\x36\x8d\xf0\x02\xde\x13\x29\xaf\x30\x00\xb1\x71\xa6\x91\x43\x89\xbb\x80\xec\x0c\x9f\x3e\x41\x2a\x44\x1b\x80\x0a\xfc\xeb\x04\x86\x70\x9a\xda\xc6\x6c\xaf\xee\xf2\x48\x83\x93\x31\xf5\xd8\x92\x19\x7e\x25\x42\x0f\x1e\x37\xd7\xc0\x24\x7f\x66\x9f\x5f\xcb\xf0"},
+{{0x60,0x20,0xae,0x27,0x3e,0x0e,0x05,0x37,0xba,0xc8,0x81,0xd7,0x54,0x9d,0x92,0x3e,0xb1,0xcc,0x20,0x0d,0x49,0xca,0x65,0xd4,0xbe,0x63,0x5e,0x39,0x17,0x3d,0xf9,0xda,},{0xda,0xaf,0x0e,0x69,0x9a,0x12,0xa9,0x2c,0x16,0xe0,0xde,0xd3,0xeb,0x34,0x50,0xa3,0x63,0x11,0x82,0x45,0x77,0xe3,0x61,0xf0,0x56,0x96,0x60,0x33,0x00,0x16,0x62,0x97,},{0xb1,0xba,0x88,0xfe,0xd7,0xe5,0xf4,0xb7,0x57,0xf3,0xfa,0x4d,0x1e,0xd9,0xb1,0x9e,0x49,0x8e,0x5d,0x2f,0x5e,0x6c,0xd4,0x6e,0x42,0x6f,0xe8,0xf0,0x39,0x88,0x2f,0x1b,0xe7,0x7a,0xc9,0xe5,0xa9,0x26,0x5c,0xbf,0x7e,0x3c,0xd2,0xa9,0xe9,0x92,0x6c,0x18,0x19,0x91,0x43,0x79,0x8d,0xa5,0xbe,0x47,0xa4,0x08,0x64,0x40,0x49,0x6b,0xa0,0x0f,},"\x6a\x80\x11\xde\x09\xaa\xc0\x0d\xb1\x6f\xf7\xe5\x5c\x2d\xe6\x7d\x8c\x98\x83\xfc\xb2\x04\x0d\xed\xbc\x1e\x32\x1c\xab\xa7\xbb\x03\x69\x71\x53\x01\x76\xd1\xdb\xba\xa9\x27\x52\x0b\xdf\xcc\xbe\xd8\x84\x01\x26\x04\x3e\xdc\x44\xcb\xb7\xfa\x35\x28\x68\x0e\x5f\x1b\x56\x64\x95\x1d\xc9\x01\x09\xae\xa4\xb9\xc3\x36\xca\x04\x3d\x82\x21\xa4\xc8\xd2\x01\x16\x56\xbf\x94\x4e\xfd\x36\xba\x0a\x10\xa4\xb3\x89\x19\x60\x55\x75\x0b\x0e\x38\x8f\xb5\x28\x70\xbb\xec\x8c\x55\x19\x81\x31\x44\x39\x45\xc0\x9f\x3a\xac\xe3\xe6\x91\x50\x14\x37\x40\x73\x26\x6f\x34\x88\x74\x42\xd7\x4f\x46\x8f\x8d\x70\x78\xbb\xa0\xbd\x81\x4c\xd6\xdd\x42\x3c\x97\xb5\x69\x05\x58\x7b\x15\x2d\x1f\xcf\xba\x0e\xb9\xfd\xe2\x11\x26\x91\xda\xfa\xf4\xf9\x21\x56\x2f\x24\x1b\x62\x84\x10\x01\x83\x4f\x6c\xe3\x66\x85\xf8\x2a\x8f\xaa\x3b\x7a\xfa\xd7\x3a\x5e\x59\xbf\x5f\x9e\x71\x3e\x59\x16\x3f\x31\xdb\xe6\x96\x11\x8a\xf3\x35\x06\xd2\xff\xea\x3d\x9c\x15\x56\xfb\x15\x2f\xd2\xb3\x21\xc3\x17\x57\xd0\xc3\xc0\xf6\x0e\xe1\x13\xed\xac\x02\xd6\x7e\xfb\xb3\x03\xdc\xe6\xfa\x88\xf7\xb9\x74\x6c\xa1\x10\xe6\xa0\xcd\x09\x9c\x08\x31\xf5\x3c\x55\xc2\x8b\x6c\x82\xaf\x44\x64\x56\xb8\x42\xb2\xc9\x50\xa5\x53\xee\x2c\x76\x5e\x97\x29\xe6\xb0\xc5\x46\xbf\xc2\x6b\xd6\xd4\x2d\x06\xb2\xed\x5d\x4c\x8c\xbb\xc7\x5f\x2a\x3a\xd8\x12\x93\x95\x79\x3d\x97\x9c\x03\x1f\xce\x7e\x20\xb3\x8b\xd8\x9c\x9b\x62\x47\x48\xb2\x01\x34\x23\xce\xba\xda\x02\xcd\xe2\x05\x2d\xa5\x66\x4c\x6c\x64\x26\xcb\xfc\x88\xf8\x4f\xf6\x02\xe2\xe2\x0d\xf9\x67\x8f\xbb\xa5\x77\xa4\xc1\x34\x51\x7e\xe0\x50\x68\x11\x51\x58\x0f\x7c\x5c\x97\x87\xb9\x6e\x55\xc4\x07\x5a\x26\xf4\xf8\xcc\xff\xbb\xb6\xea\x18\xde\x1b\x2c\xc8\xc4\x49\x6b\x16\x04\x27\x70\xb7\xec\x6e\xb5\x42\x9e\x7a\xc1\x89\x12\x32\xaa\x4e\x47\x46\x7f\x4e\x9a\x98\x5d\x80\x54\x7e\xcc\x4c\x6f\xd9\xf5\x97\x63\xed\xe9\x16\x71\xf2\xaa\x57\x36\xa5\xd1\x48\xe3\xa8\xff\xc8\x8e\x61\x25\x3a\x85\xb0\x95\x36\x54\x95\x8e\xb2\xd6\x94\x01\xcb\xea\xe7\x75\xf8\xcb\x8c\x3c\xa4\x2d\x21\x69\x3e\xbe\x29\x88\x38\xdf\x94\xc1\xd7\x7b\x12\x6a\x12\x05\xcc\x47\xd5\x0d\x53\x67\xb6\xf2\x76\xec\x8d\xb6\xb9\x53\x24\xa3\x1e\x8f\xd2\xed\x2e\x43\x42\x0c\x4a\xd0\x2e\xa2\x77\xdd\x94\x8a\x55\x19\x3d\x0f\x0b\x4d\x1c\xf2\x83\x86\xc7\x25\x97\x5c\xe5\xc1\x2d\x2a\x6f\x35\x67\x3c\xc2\x2a\x06\x94\xcc\xa4\xda\xf6\xaf\xbf\xd3\x26\xd8\x8c\x18\x50\xf8\x34\xc4\x2f\xf0\xe2\x92\xba\x4f\x13\xe5\xef\x07\x74\xa5\x96\xd3\x39\x04\xc0\x26\x2d\x31\xdf\x2c\x58\x4a\x0a\x4f\x45\x3f\x6a\xe4\xa8\x8a\x27\x5f\x7d\xe7\x9c\x13\xae\x1a\x73\x11\x5b\xe0\x2f\x42\x5c\x6f\x17\x7a\x1e\xc4\x63\x9c\x42\xa7\x92\x80\x9a\x2b\x09\x19\xeb\xd3\x21\xe3\x16\x00\x1d\x5b\x2f\x84\x89\x4f\xce\xbd\x50\xa1\xdc\xf4\x4d\x70\x2b\x92\x45\x32\xfc\x0e\x4d\x3f\x9f\xf8\x48\x6c\x0e\xd1\x80\xee\xcc\x3e\x09\xe2\x27\x2a\x94\xdc\x7d\x24\xa4\xe8\x7a\x93\x1f\xe2\x49\x5c\xbf\x99\x2c\x0a\xae\x92\x01\xe0\x79\x62\x98\xf9\x36\x3d\xba\xc4\x75\xe8\xed"},
+{{0x93,0x2a,0x20,0x0e,0xce,0xe7,0x22,0x3f,0x24,0x14,0x62,0x83,0xa4,0x04,0x8c,0x67,0xa6,0xa2,0xd2,0xfc,0x4b,0xa0,0xf9,0x24,0x8b,0xdf,0xfd,0x82,0xc6,0xcc,0xe3,0xcb,},{0xec,0x9b,0xfb,0x7a,0x6d,0x04,0xe7,0x26,0xfc,0x1e,0xa0,0xc4,0x24,0x61,0x0d,0xcb,0x79,0x67,0xbf,0x15,0xd6,0xd6,0x62,0x68,0x58,0xd4,0x11,0x19,0x8d,0x40,0xe2,0x39,},{0xcd,0x1e,0x4b,0xdf,0x4a,0x3e,0x4a,0x31,0xd6,0x52,0x54,0x33,0x3c,0x8c,0xc4,0x08,0x7e,0x4c,0xc4,0x0b,0x02,0xe2,0xa3,0x47,0xd0,0x9a,0x3d,0xde,0x69,0x84,0x90,0xc0,0x87,0xd7,0x10,0x9a,0xd0,0x20,0x9c,0x53,0xe9,0x87,0x58,0x9c,0xbf,0x3c,0xe2,0x64,0x12,0xa2,0xb0,0x2c,0xb8,0xa3,0xbc,0x93,0xfe,0xc7,0x5a,0xb5,0xd2,0xc3,0x87,0x03,},"\xdf\x95\x32\x07\x04\x82\x13\xaf\xb8\xe2\xaf\x45\x2c\x88\x9a\x21\xca\x13\x6a\x68\xc9\x29\xbd\xc8\x24\xf9\xa8\x9a\xc5\x96\xdc\xb9\x00\x19\xa4\x6f\xb6\x82\xbc\xfd\x96\x2f\xcc\xb2\x7d\x00\xba\xf8\xec\xca\xf9\xd9\xa7\xd8\x18\x3c\xab\xd7\xdf\xa5\x06\xf7\xba\xfb\x49\x35\xab\x04\x59\x31\xff\x8f\xae\xb7\x16\x31\xf9\xed\x6b\xb8\xf8\x47\x3a\xd6\x29\x0d\x7c\xf5\x19\xdb\x31\x0a\x44\x42\xc4\x61\x11\x8f\x67\xd1\xa6\xd1\x03\xba\xe6\xf2\x69\x7c\x94\xb7\x42\x6d\x9e\x02\xe3\xcb\x95\x22\xfd\x0b\x44\xae\xf6\x00\xc9\x62\xfe\xff\x58\x73\xd9\x8c\x27\x90\x88\x7b\x8e\x88\xd1\x60\x82\x4f\x1b\xba\x22\x01\x76\x39\xf8\xdc\xe6\x8f\x74\x34\x80\xde\xea\x1f\x92\xaa\x1f\xd4\x13\x5d\xd0\x64\x57\xa6\x0f\x36\xb7\xd7\xf5\x17\xd4\x0c\x94\xc0\xdd\xdc\x2e\x46\x58\x47\xd9\x09\xb9\xf6\x82\x45\xff\x2b\x42\x1d\x59\x19\x00\x1a\xae\x5a\xef\x24\xe0\x2c\x00\x2d\xa9\x07\xe8\x60\x5f\x16\x0e\xa6\x09\x6b\x58\x0b\x75\xce\xa0\x22\xd4\x02\xf7\xf5\xfd\xc4\x64\xf8\x7f\x78\xc7\x90\x6a\x01\xe8\xe4\x8f\xb5\xb3\x51\x74\x61\x2b\x48\xac\x8b\xc7\x50\xe0\xf3\xae\xb0\xa1\x2f\x7d\xfc\x09\xb0\x84\x2c\x17\x80\xa5\xfd\x9c\x54\xaf\xb9\x39\x9b\x94\x08\xba\xac\xcd\xa2\x0a\xfb\xe3\xd6\x82\x24\x8d\x7b\xf1\xef\xde\xf4\x90\x5a\x31\x9b\x0f\xfb\x10\x8b\x75\x3b\x71\xcc\x97\xe9\xe2\x1e\xc9\xb3\xdd\x28\xce\xe0\x39\xd9\x41\x8a\x11\x35\xf0\xad\xd0\x92\xaa\x66\x31\x2e\xa2\x91\x33\x00\xd1\xcc\x89\x16\x52\x43\x02\xbd\x3d\x1b\x09\xe6\xb2\x9c\x68\x57\xcb\xdc\x56\xef\x4b\x3f\x35\xd8\xee\x67\x72\x08\xef\xfa\x84\x6f\xdb\x06\x6b\x05\xeb\x71\x7b\x4d\x45\x12\x0c\xab\x72\xa7\xdb\x7a\x7c\xa8\x46\xe8\x7b\x16\xb6\x90\x47\xeb\x76\xd8\xf1\x8d\xa8\xe1\x39\x9e\xc0\xa8\xc9\xc3\x28\xcb\xe6\x0e\x0b\xf4\x20\x44\xd2\xeb\xf2\x81\x8b\x3c\x04\x75\x88\x45\x2f\xcd\x2b\x3e\xfc\x1e\x10\x09\xae\x07\x68\x87\x27\xdb\x8f\xb6\xdf\x2a\x2f\xe7\x5d\x1c\xf2\x2f\x32\xba\xc0\x9c\x82\xa6\xa3\xd7\xee\xd7\xd0\x05\x08\xcb\xe5\xb7\x24\x60\xec\xfc\xdd\x3e\xe9\x11\xef\xe5\x89\x8d\xbd\x8e\x4c\xe8\x59\x13\x26\xdd\x15\x22\xf9\xd2\x55\xda\x86\x1b\xf9\xeb\x2a\x1d\x57\x25\xd7\xd5\xd4\x27\x34\x03\x41\x94\x5e\x7b\xca\x8c\xf2\xff\x8a\x99\x74\x50\x95\x3e\x77\xd2\x03\x68\x3e\x4b\x0d\xaf\xc3\x30\xe0\x56\x72\xd2\xec\xd1\x3a\x3f\x44\x2d\xf1\x37\x04\x4e\x0f\x55\x6f\xfb\xce\xff\xea\x26\xcb\xae\x26\xcb\xa6\xf2\x56\x8c\xf3\x9f\x90\x84\x89\xe1\xa9\x2e\x76\xaf\xbf\x29\x79\x95\xda\x4b\x2c\xb1\xab\xc9\xee\x1f\xe4\xdc\xa5\xaa\x83\x8b\x2f\xbd\xc1\x09\xe8\x9b\xef\x3c\xe5\xa3\x6e\x5b\x2f\x71\x2a\xc4\xc8\x89\x43\x82\x48\xfa\x5a\x21\x50\xca\xc6\xc9\x77\xb5\xe0\x54\x3f\x40\x10\xb7\x31\x47\x32\xfd\x18\xe7\xfd\x59\x82\xe8\x32\x76\x51\x9e\x78\x72\x5e\x5a\x5e\xeb\x86\xf4\x89\x20\x84\xae\x52\xda\x38\x49\xc2\x28\xc8\x09\xed\xbf\x69\xa2\xcc\x47\xc4\x78\xd1\x87\x19\xf1\x11\xd7\x37\x88\x7c\x7a\x2e\xb3\x25\x08\x98\xdb\x34\xe5\xe5\x07\x6f\xab\x9f\x4a\x9e\x6e\x19\x29\xa3\x48\x08\x36\xde\xa0\x7b\xa4\xd6\x3f\xce\xfc\xe5\x54\x34\x30\xa8"},
+{{0x5c,0x48,0x3e,0x83,0x7e,0xb0,0x1e,0xd5,0xa4,0xad,0x5d,0xb3,0x79,0x26,0x99,0x82,0x4d,0xf1,0x3e,0x57,0x6b,0xe9,0x67,0xd1,0x21,0x15,0xc8,0x5e,0x02,0x86,0xe6,0x28,},{0xfe,0x1a,0xa8,0xb0,0x69,0xda,0x56,0xe6,0x76,0xef,0x3a,0x57,0xd9,0xbb,0xa8,0x83,0x05,0xea,0x03,0x28,0x08,0xee,0x63,0x52,0x73,0xb3,0x7c,0x5c,0x63,0x5d,0xef,0x4e,},{0xc1,0x7c,0x2f,0xbf,0x8c,0x00,0xbc,0xea,0x30,0x35,0xbf,0x0a,0x62,0xd3,0x02,0x29,0xdb,0x74,0x2c,0xab,0x11,0x99,0x67,0x7c,0x7e,0xb4,0xeb,0x0e,0xf5,0xc7,0xb5,0x1a,0xd4,0x87,0xa4,0x97,0x1b,0x63,0x1e,0x79,0x4a,0x58,0xbb,0x08,0x23,0xcc,0x0f,0xe6,0x26,0x10,0xfd,0xa6,0xa9,0xe0,0x3f,0x8c,0x4c,0x33,0x81,0xcb,0x15,0x4c,0xef,0x0b,},"\x58\xd5\xe2\xcd\x89\x9b\xa9\x85\x37\x8b\x3e\xc3\x3e\x9a\x86\x98\x22\xb2\x3d\x5d\x89\x6a\x28\xf4\x24\xfc\xd6\xe4\xcc\x28\xb8\x0d\x4a\xaf\x2d\xe8\x04\x36\x7e\xfd\xf5\xe4\x23\xb1\x23\x4d\x82\x1d\x63\xac\x05\xea\xed\x12\xc7\x3e\x8e\x36\x08\xaf\x0d\xdc\xcc\x83\x86\xb7\xd8\x42\xb1\x2e\x60\xd3\x0c\xed\xe3\x25\x53\x94\x5e\x78\x29\xe9\xb2\x3f\x5c\xcc\x2e\x71\x03\xa0\x8f\x2c\xdd\x9e\x75\xa7\xb3\x6f\x5e\x63\x72\x0e\xf0\xd4\x9b\x25\x92\xbe\xf3\x74\x02\x68\xc8\x9c\x86\xa6\xcb\xdf\xe2\x01\xde\x0d\xb9\x98\x5c\xeb\x19\x39\x9c\x9a\x1d\x5b\xb0\x58\x6a\xf3\xc8\xcd\xf2\x71\x32\x99\xeb\x04\x43\xa5\x41\xa4\x73\x84\x60\x72\x43\xc5\x4a\x05\x91\x50\x58\x36\x7d\x3f\x2d\xb3\x80\xed\x31\x7a\x8c\x12\xc7\xa6\x3e\x80\x9c\x2e\x84\xd4\xac\xb9\xd9\xee\xf5\x4c\x6f\x5a\xf7\xab\x59\xcb\x91\x68\xb1\x06\x8f\x9d\x2c\xcd\x97\x8f\xe7\x21\xba\xd6\x8a\x66\x9f\xfe\xde\xa3\xe9\x2c\x76\xb3\x2e\x31\x66\x65\x8e\xe3\xbd\x0d\xeb\x1b\x08\x41\x94\xce\x35\xd9\xa7\x41\xc5\x7f\xc2\x24\x1e\x68\xef\xaa\x65\x32\x0b\x23\xa1\xdd\x19\xea\x8b\x7e\xc8\x1e\x76\xf1\xe9\x16\x3f\x95\x92\xee\xee\x5a\xf8\xec\xed\x02\x72\xf3\x35\x12\xd0\xd4\xca\x06\x7f\x05\x55\x1b\x26\x53\x96\xe1\x00\x14\x78\x3c\xac\xac\x79\x43\x7b\x19\x84\x2d\xe6\xab\x91\xb9\xd9\x23\xbb\xeb\x50\x33\x25\xbc\x54\x86\x9f\x66\x3e\x6e\xa4\xae\x68\x97\x70\x1b\xe7\xe1\x1d\x16\xcd\xfa\xe0\xee\xe8\x61\x86\x20\x00\xe7\xa4\x16\x07\x81\x54\x7e\x42\x52\x6a\xf5\x1b\xa9\x69\x8d\x23\x4a\xaf\x51\x0d\xa8\x1a\x0d\xbf\x26\x43\x66\x15\x3d\x7a\x6d\x5e\xb3\xfb\x08\xb9\xbb\x5e\xa0\x65\xc2\xf5\xe5\xb6\xbb\x67\x9d\x2e\x21\x0b\x5b\x40\xe2\xbc\x82\xf7\x8d\xc9\xab\x58\x24\xb7\x4a\xad\xad\xd8\x9b\xf8\xa8\xb7\x3a\x0a\x2f\x43\xac\x74\x83\x78\x92\x1a\x73\xa2\x52\x70\x4a\x4a\xdb\xf7\x40\xcb\x99\xc1\xe1\x59\x4c\x37\xac\x9a\xcc\x19\xf5\x23\x15\xc6\xa8\x46\xa5\x7b\x36\x12\x8c\x64\xd7\x67\xaf\x44\xe9\xc8\x63\x05\xbf\x18\xba\x7c\xd5\x26\x80\x52\x3a\x3b\x10\x2f\xba\x6f\xe5\x55\x67\x06\x9d\x20\x47\xcb\xdd\x96\x05\xea\x12\xc8\x87\x7d\x39\x9c\x1e\x66\xe3\x38\x17\x73\x1f\x50\xb8\x4f\x81\x7d\x1f\x07\x60\xa4\x0f\x97\x46\x86\x18\x93\x41\x05\xeb\x00\xec\x50\xc7\x6d\xb3\xc5\x3f\xcf\x43\xfe\x17\x02\x90\x7d\x9a\x75\x6b\xcf\x43\x9f\x88\x31\xd0\xbf\xac\x92\xe7\x05\x8f\xb1\x57\xbe\x3e\x59\x1d\x37\xeb\x34\x16\x5e\x3c\x6f\xc6\x0e\x72\x29\x4c\x08\x3e\x47\x76\x26\xf9\x00\x1c\x1d\x73\x7c\x29\x03\x77\xdf\xa5\x8e\xa4\xea\xd3\x02\x8f\xc7\x62\xce\x8a\x3a\xfe\xc2\xe6\xe1\x32\xc6\x62\xdf\x60\x34\xab\x55\x4f\x93\xef\xac\x65\x7a\xd3\x4f\x61\x07\xd3\x47\xfc\x5c\x5e\x53\xf3\x73\x3e\x17\x8b\x76\x01\x4d\x2f\x9b\xbd\x06\xef\x2d\xfe\x60\xe2\x08\x3d\x88\x65\xf7\xf5\xb2\xac\xc0\x25\xd9\x12\xe5\xcf\x6c\xda\x6e\x79\x81\x43\xe9\xdb\xbc\x70\xa0\x21\x1d\x8e\x40\x03\xd7\x8b\x38\x3d\x66\xa6\xad\x29\x71\x7c\xa2\x4e\xdd\xef\x7d\xf7\xcd\x3a\x7e\xf6\x52\xab\xa5\x48\x7a\xfe\x5d\x02\x6c\x9b\x10\x28\x07\x29\x4e\xb2\x7d\x98\x24\xee\xb6\xb4\x0f\x08\x3d\xe7"},
+{{0xb0,0xd0,0xab,0xdd,0x84,0x44,0xe1,0x0f,0x29,0x37,0x54,0xac,0x9f,0x16,0xe3,0x1b,0xdc,0xdd,0x97,0xb7,0x06,0x71,0x28,0xaa,0xe8,0xe4,0xd7,0xf1,0x12,0x89,0xe2,0xcd,},{0x1c,0x78,0xcc,0x01,0xbe,0xa1,0x53,0x52,0xb6,0x3c,0x56,0x97,0xf1,0xcf,0xe1,0x2f,0xfd,0xd1,0x6d,0xdc,0x1d,0x59,0xe7,0x79,0x51,0xb6,0xe9,0x40,0x8e,0xe2,0x28,0xad,},{0x64,0x40,0x8b,0xdd,0x2d,0x0f,0xc8,0x92,0xa5,0xb6,0x2b,0x5a,0xcf,0x8e,0x3b,0x3c,0x73,0xc0,0xb5,0xc4,0xfa,0x2a,0x72,0xe3,0x9d,0xd6,0x08,0xd4,0x93,0x7f,0x93,0x32,0xf7,0x3e,0x14,0xd0,0x8b,0xad,0xc6,0x27,0x01,0x14,0xd1,0xf1,0xa5,0x56,0xcc,0x6e,0xe8,0x48,0x8a,0xbb,0x90,0x7f,0x79,0xae,0x17,0x5c,0x35,0x2e,0x9f,0x11,0xee,0x05,},"\xaa\x27\x6c\xc5\x43\xfc\xc6\x2d\x70\xa7\x04\x60\x8d\x98\xce\x51\xb6\x45\xb5\xc2\x4a\x64\x0a\x5d\xf1\x0a\x55\x91\x41\x7d\x10\x89\x26\xdf\x3f\x0c\xe1\xb9\x21\x03\x33\x09\xeb\x8d\x86\x59\xf4\x89\xfd\x6f\x79\xaa\x1b\xf4\x88\x2d\x72\xac\x69\xcc\x58\xd3\xbc\xe0\xfa\x89\xb1\x64\x11\xe9\x75\x3e\xb4\x0c\x6c\x4d\x59\x8d\xc8\xf4\xab\xb0\xbc\x48\xf1\x37\x03\x71\x32\x6c\x9a\x86\xbb\xc2\xac\x62\x14\x47\x8e\x78\xa3\x84\x08\xbd\xda\xfa\xa9\x59\x26\x00\xc4\x9a\x12\x9c\x05\x39\x2f\x8a\x7d\x64\x2b\x49\x13\x7a\x20\xf3\xfe\x9f\x11\xee\x17\xcf\xa3\xaf\xd2\xaf\x71\x56\x5e\x9c\x40\x08\x0b\x60\xcd\x0d\xbc\x37\x8e\xda\x06\x2c\x7c\xbc\x7f\xe9\x72\xbd\xe4\x50\x9a\x1d\xe9\x5f\x14\xdf\x48\x2f\x48\xaa\xcc\x46\x3c\xd5\x94\xf6\x6d\x64\x8d\x37\x94\x73\x8a\xd6\xab\x49\x6e\x2d\xa5\x0b\x0d\xb2\xba\x7b\x65\x91\x85\xe4\x58\x7f\x18\x2e\x83\x3d\xe7\x50\xfa\xac\xdd\xf2\x1a\xf5\xe0\xcf\x4c\x9a\xf3\x85\xb0\x4f\x7b\xe2\x31\x49\x8a\xd0\xb7\x42\xd5\xa8\x7c\x06\x11\x5d\xb2\x30\x97\x3a\x51\x42\x7f\x20\x2f\xa3\x9a\xfb\x98\x28\xb5\xf0\x3f\xa3\x27\xcb\xd5\x2d\xfe\xc6\x6d\x71\xea\x31\x98\x65\xdc\xf6\x81\x0f\x18\x58\x47\x2d\x8b\xea\x3e\x44\x7a\xdf\xb4\xb6\x07\x58\xe8\x6b\x48\x13\x37\x09\x73\x2d\x2b\xcf\x51\xc7\x6c\xaa\x84\x7b\x65\x37\xfc\xb0\x5b\xb8\xc8\x7d\xc5\xe9\xfb\x02\x2b\x32\x60\xc1\xd7\x1b\x14\x98\x59\xc9\x66\x3d\xbd\xae\x6a\x7b\xbf\xd6\xde\xb9\xd1\x23\x80\x9c\x24\x14\x01\xaf\x10\x71\x9c\xf9\x1a\x6b\xed\x16\x08\x4c\x44\x46\x07\x35\x9e\xd8\xf0\x18\xdb\x11\x15\x11\x89\x2b\x46\xbd\xac\x6c\x9c\x61\x38\x41\xde\xd8\x86\xb9\xde\xc0\x6c\x01\xe8\x04\x87\xe4\x8f\xbe\x77\x8e\x9e\x97\x50\x8f\xfd\xa0\x57\x78\x53\xaa\xbd\xca\xca\x8b\x0b\xab\x6c\xe4\x15\x57\xaa\xb9\x63\x1c\x96\xd6\x09\x77\xe3\x57\x18\xb6\x05\x95\x27\x3f\xdb\xa1\x40\xf5\x50\x0a\x8d\x35\x76\xf5\xa9\xfc\x8f\x3c\xa4\xc0\x2c\x16\x7a\xf2\xe0\x3d\x25\x75\x0b\x42\xad\xb0\x3b\x14\x17\xf2\xb6\xd2\x19\xbe\x5f\x84\x29\x33\x1a\x26\xa4\x49\xb5\xd4\xdb\x2b\x1a\x09\x15\x2e\xea\x2b\x25\xd2\xdf\x7e\xf6\xfe\x0a\x32\xe2\x5f\xae\x79\x36\x0a\x9a\xee\x15\x11\xfd\xa8\x06\x45\x50\x93\x7a\x71\x30\x97\x19\x30\xc6\x73\xbb\x35\x8e\x5f\x55\x95\x1f\x50\xb1\x46\xd8\x5d\x38\x3f\x3e\x01\xc1\x51\xec\xe6\xc0\x6d\x83\x67\x01\x25\x32\x80\xfd\xcf\xf4\xe1\x39\xd3\x31\x9a\xb2\xe2\xca\x71\xbc\xc3\xfa\x0f\xaf\x7c\x70\x2c\x9c\x60\x4e\x56\x51\xde\x4a\xf5\x70\x0e\x9e\xde\x72\x58\xb9\xbc\x14\x8d\x55\x95\xcd\x34\x17\x0e\x3e\x5c\xf2\x92\x82\x83\x90\x90\x8f\xda\x96\x1f\x22\x30\xac\x0b\x8c\xac\x64\x73\x97\x32\x70\x6c\xe2\xd5\xe5\x9a\xbd\x6d\x5e\x20\x7b\xda\xfe\xa7\x4d\x28\xd7\xa7\x58\xf2\x20\x0e\x4e\x00\xa0\xbc\xf0\x30\x6a\x3c\xab\xda\x47\x02\x4f\xab\xea\xe4\x88\xab\x5c\x32\x37\x15\xcf\x3c\xa7\x72\x0a\xf9\xeb\xbf\x85\x82\xe1\x15\x8a\x09\x9d\x73\x6b\x56\x9b\x9d\x40\x29\x58\x17\xea\x25\x54\x06\x8b\xef\x32\x44\x2c\x11\x1e\xc8\x14\xc6\xed\x41\x59\x19\xba\x73\x52\x63\x34\xdf\x30\xba\xc6\x66\x08\x4e\x56\x01\xc2\x28\x1c"},
+{{0x49,0x84,0x97,0xfd,0xcc,0x6a,0x10,0x58,0x91,0xe0,0x23,0xff,0x32,0xd7,0x5f,0x7c,0x37,0x48,0xd8,0xc5,0x2d,0x87,0xdd,0x3b,0x27,0x75,0xae,0xfd,0x81,0x60,0xa1,0x43,},{0x2d,0x79,0xae,0x9c,0xee,0x4a,0xc6,0x27,0x5b,0x05,0x74,0x9c,0x43,0x8e,0xbe,0x55,0x2b,0x41,0x3d,0x87,0x3c,0xc0,0x7f,0x14,0xf5,0xfa,0x13,0x01,0x77,0x21,0x4c,0x54,},{0xb0,0xa3,0x6a,0x2c,0x93,0x47,0x56,0x34,0x8e,0xb4,0x7c,0x25,0xa3,0x2c,0x3f,0x2a,0x5d,0xdb,0xd5,0x8f,0xcc,0x72,0xa0,0x8c,0x3c,0xea,0xd1,0xa2,0xd9,0x00,0x33,0x5c,0x30,0x01,0xe3,0x5b,0xfe,0x1f,0x3f,0xb5,0xa5,0x55,0x00,0x9b,0xa8,0xe9,0x68,0x74,0x49,0x4b,0x97,0xe8,0xb0,0x97,0x00,0xed,0xcb,0x1f,0x25,0x84,0xb9,0xd0,0xfe,0x03,},"\xbe\x38\xbc\x8c\xdf\x46\x19\x0e\x30\x4a\xb5\x3d\xd2\x9c\x2b\xc4\x09\x54\xfd\x4c\x6d\x2b\xb9\x90\xf9\x3b\x2b\x5c\x69\x1f\xdf\x05\x27\xc2\x60\xf5\x06\x61\x87\xf2\xd0\xf3\x1f\x43\xa0\x8b\x36\x0e\xa1\xed\x82\x00\x65\x17\x64\xb8\xfa\x49\x59\x5a\x15\x94\x10\x9e\x49\x67\x59\xab\x66\x23\xfa\x33\x37\x8d\x80\x0e\x61\x17\xe0\x79\xe1\x3f\xe8\x5c\x81\xb6\x3e\xbe\x24\x7b\x3d\xf6\xc1\x58\x4b\xc7\xcf\xfb\xdf\xa4\x5f\x2a\x2c\xe7\xc2\x37\xaa\xaf\xef\x8c\xbc\xa7\x0b\xca\xbc\xe0\xb8\x47\xd5\x51\xf4\x6a\x7d\x15\xce\x2a\x0d\x3d\x54\x5a\xba\xcc\x59\x30\x01\x0c\x53\x64\x88\x87\xd4\x76\xe0\xd1\x3a\x34\xfc\x1c\x54\xdf\x09\xd1\x06\xed\x75\x8d\xee\xdc\x76\x1d\x55\x7a\x73\xb2\xbc\xdd\xde\xfb\xa4\xed\x00\x59\x97\xb1\x92\x79\xb9\xd2\xde\x37\xd0\x41\xfe\x01\x3e\xef\x05\xa2\xe1\x1c\x9a\x23\x4e\x87\xcc\x0e\x16\xc0\xc6\xda\x42\xaa\xa5\xbf\x99\x64\x17\xbf\x64\xe5\xb7\x85\xd6\x7d\xc3\x25\x47\xc1\xf0\x52\x17\x8d\x69\x4c\xf2\x0f\x16\x98\x58\x9e\x7e\xd4\x9b\xe2\x9d\xd5\x9f\xd5\xc0\x1b\xa1\xd9\xf5\xfb\x06\xa7\x58\x95\xb7\xb1\xe1\x58\x95\x09\x7e\xbd\xe8\x4c\xad\x63\x03\xaa\x0a\x86\xdb\xc3\x24\x74\x7d\x97\x24\x5d\x70\xc5\x20\x3b\xe0\x1b\x06\xcb\xde\x06\xae\x03\x72\x04\xd2\x37\x30\xcd\x69\x61\x89\xf7\xac\x26\x7c\xf2\x02\x17\x99\x29\xce\x54\x10\xe0\xe3\xad\xe5\x13\xd2\x20\x1b\xfd\x20\xfe\xfa\x40\xb4\x47\x6f\x27\xbf\x90\x7c\x76\x2e\xb7\x26\x2a\x5b\xe1\x3c\xfc\x04\x7a\x84\x6d\x20\xa9\xf2\x31\x1b\x64\x69\xb0\x6a\xb5\x45\xf0\xec\x9f\xc4\x46\xea\x25\x0c\xd3\xb7\x3a\x7b\x6b\x96\x0c\x10\xca\x4c\x2d\x6c\x64\xa1\x56\xa1\x8c\x9f\xb8\x10\xe4\x9a\xfd\x0c\x36\xda\xab\x8b\x8b\x85\x66\x43\xa4\xcc\xaf\xa9\xad\x88\x6e\x91\xe5\x44\x53\x5b\x8e\xdd\xa2\x7c\x90\xc0\x6a\xb6\xbc\xc5\x36\x28\xbe\x18\xd7\xd6\x36\x9c\xa1\x80\x1f\x91\xc2\xe0\xb9\x5f\x36\xd7\x02\xf7\x72\x34\xb4\x10\x07\x19\xc0\x59\x95\x1e\x45\xb1\xf9\x16\x98\x39\x34\xe3\x2b\x4d\x4d\x8f\x29\xc0\xa3\x73\xf8\xd8\xf0\x91\x8b\x96\x78\x65\xcd\x0e\x4b\xec\xa0\x13\x27\xc9\x9d\x5f\xde\xd4\xc1\xa6\x9a\xc2\xd4\xd9\xb7\x8f\xfb\x83\x05\x67\x00\x21\x04\x02\x50\xcc\x27\x73\x7e\x75\xdf\x75\x76\x0f\xec\x8b\x8d\x30\xb2\x45\x65\x4f\x3c\x12\xf1\xf7\xce\xa0\xbc\xe7\x8a\xb3\x69\x35\x78\xaf\x3e\xa6\x1f\xfc\xcd\xf9\xba\xf7\xc3\xea\x65\xb8\x8f\xc8\x54\x12\x81\x26\x47\x67\x96\x89\x2c\x66\x3b\xd1\x45\x18\xc9\x91\x86\x29\xa1\x09\x5f\x61\x4e\x04\x92\x44\x6c\x3d\x84\xb1\x6e\xc9\x4f\x7e\xca\xda\xeb\x6b\x65\x9b\xbb\x48\x67\xb5\x79\x06\x17\x14\xfd\x5b\xb0\xfa\xa4\xad\x6b\xe0\xff\xb3\x88\x8b\xea\x44\x7e\x4e\x34\x38\xc8\xf0\xea\xe6\x44\xfb\xd4\x5a\x38\x02\xdc\x40\xec\x45\x1b\x21\x2b\xd5\x92\xda\xcd\x4d\xa9\x66\x86\xdc\x8b\x20\x24\x25\x7f\x25\xe9\xc8\x30\xbf\xf7\x95\xee\xe8\x5d\x87\xa0\x90\xc1\xa4\x23\x21\xe7\x10\x55\x57\x64\xed\x82\x57\xc9\x41\x5c\x7f\x22\x4b\x53\x75\x58\xce\xfd\xc6\x15\x12\x9f\x28\x35\x02\x67\xc0\x1b\xa0\x40\x3e\x07\xf5\xc6\x06\x7f\x91\xc8\x5a\x2c\x50\xc8\x66\xdc\x43\x88\xaf\x38\xd2\x16\x02\x03"},
+{{0xd9,0x62,0xa6,0x71,0x9e,0x5c,0xc7,0x72,0x4c,0xa4,0xa1,0xd5,0x59,0x53,0x68,0x12,0xb4,0xe2,0x2a,0xa7,0xbc,0xb1,0x3e,0x4f,0xb1,0x72,0x2d,0x28,0xe0,0x45,0x21,0x7c,},{0xa9,0x44,0x59,0x2d,0xbc,0x7d,0x77,0x03,0x9d,0x72,0x02,0x56,0xc3,0xfd,0x34,0x0d,0x34,0xdb,0x89,0x2a,0xb1,0x3e,0x48,0x12,0xd6,0x62,0xe2,0x84,0x0c,0x28,0xb6,0xd0,},{0xdf,0xb9,0xb6,0x35,0xac,0x0e,0xdf,0x83,0xb7,0xb5,0x9d,0x0b,0x84,0x09,0xaf,0x47,0x5f,0x66,0xfc,0x99,0x46,0xaf,0x0b,0x7c,0x63,0xab,0x8c,0xf5,0x92,0x9d,0x47,0x01,0xa1,0xbf,0x66,0x95,0x9c,0xde,0x62,0xfb,0xcf,0x59,0xa4,0x8a,0xb3,0xbb,0xaf,0x0b,0x9a,0x61,0xb6,0xe0,0x0b,0x21,0x81,0xeb,0x93,0x42,0x82,0x07,0x0a,0x5d,0x53,0x00,},"\xa6\xaa\x7a\x19\x0d\x00\x3a\xb1\x75\x33\x2b\x8f\x58\xe7\xca\xeb\x69\x08\x54\xd9\xdb\x56\xdb\xb6\x95\x7b\x3f\xb6\x54\xe2\xe0\xda\x99\x1f\x31\x54\x21\x42\x04\x13\x5d\xf1\xe1\x10\x43\x17\xc9\xe3\xc5\x8e\xed\xff\x1f\xc6\x1a\xba\x57\x74\x4c\x0c\x7e\xf4\x86\x00\x0a\x70\xb2\xc1\x42\xeb\xad\xdc\x07\xab\x06\x5e\x2a\x85\x5d\xaf\x19\x8a\x68\x03\xac\x24\xef\x37\x24\x48\x7c\x13\x51\xdd\xed\xa0\x51\x39\x13\x45\x7d\x76\x86\x0d\x78\xa9\xb6\xbc\x3d\xba\x66\xc4\x0e\x5f\xc3\x49\xa8\x73\xad\x60\x65\xce\x7d\x7f\xdc\x2c\xc4\x83\xb3\xae\xfb\xf2\xf0\x3d\xd6\x69\xbd\x9c\xb8\xf6\x3c\xee\x47\x78\x5c\xac\xb0\x9d\x87\x2c\x9a\xeb\x83\xe9\x86\x84\x05\x25\x43\x24\x03\x79\x82\xe0\x86\x13\x45\x5d\x95\x21\xd8\x8e\xa2\xfd\xa0\x20\xbe\x73\x0c\xfc\x8c\x07\xcb\x0b\x37\x61\x4c\xcb\xa2\xfa\x3e\xc4\x98\xb8\x15\xbb\x5a\xdb\x99\x6e\x84\x8b\x38\xc0\x15\xa6\xa5\xc7\x52\xeb\xda\xc7\xb9\xee\xd8\xb6\x96\x19\xd8\xc8\x46\xb6\x6f\x78\x16\xd1\xdf\x1e\xbc\x21\x07\x1c\xef\x0b\x25\x1e\x2e\xab\x59\x82\x7f\x6d\x60\x55\x08\x43\x70\xfd\x27\xc2\x03\xe8\x6a\x18\x9f\x1e\xe1\x1e\x84\x03\xab\xdc\xbd\x1f\x45\x34\x1a\x82\x05\x25\xd8\x63\x7d\xc4\x84\xa5\x18\x5d\x65\x51\xcb\x88\x2a\x96\xb9\x98\x1a\x5f\x1a\x82\x1f\x27\xb6\x56\xff\xf9\x0e\x7f\x69\xbf\x28\x6f\x75\x2f\x97\x0f\xfc\xa5\xc5\x3e\x08\x50\xb2\x0b\x94\xf9\x43\x16\x27\x09\x4a\xce\xa9\x12\xa8\x80\xb7\x49\xa6\xf8\x0b\xb2\x06\xcc\xaa\x74\x6f\xa7\x0c\x83\x3c\x9f\x32\x30\x89\xce\x05\x58\xc9\xdc\x20\x0d\x57\x39\xd1\xe4\x99\x63\x4f\x2c\x16\xe5\x4b\x7f\x6d\x78\x19\xc4\x70\x71\xb6\x0b\xd5\x4d\xd0\xf2\x73\xa3\x19\x75\x0f\xd3\xc5\x10\xa4\x9a\xb5\x6f\x63\x0c\x7c\xe6\xd8\x02\x3d\x97\x86\x23\x46\x85\x9b\xc0\xb4\xd6\x05\x22\x49\x69\x70\x89\x03\x76\x03\x01\x40\x9c\x60\xab\x25\x17\x56\x11\xf0\xbe\x98\xb2\x3a\x8c\xd8\xac\x53\x5e\x35\x13\xbc\x77\xe1\x45\x21\x93\xda\xdf\x44\x35\xe6\x3c\x36\x29\xb6\x66\xa5\xea\x4c\x4b\xad\x36\xea\xca\xd2\x60\x14\x04\xea\xbd\x8d\x9a\x07\x95\x6e\xc2\xb4\xb7\xbb\x63\x36\xed\x75\xb8\xdf\x8f\x16\xde\x42\xc0\xfc\xae\x93\x65\x2e\x3c\x40\x7c\xbd\x45\xe8\xd4\x13\xef\x51\xe8\x54\x2d\xf6\x25\x12\xee\x79\x3e\x41\x35\x8a\x1d\xe1\x92\x46\xc6\x58\x6b\x3c\x14\x07\x41\x04\x21\xf6\xe8\x65\xc7\x5a\x9f\x4a\x6a\x47\x88\xf8\x4a\x9c\x78\x1d\x8f\x80\x24\xbf\xdb\xe2\x5b\xdc\x7d\x4b\x69\xcb\xaa\x77\x19\x62\x8c\x0b\x07\xec\x2c\x4a\x23\x4f\xff\x4a\xc3\xd4\x93\x5b\x9c\xe4\xc8\xa1\x69\x47\xab\xe7\x95\x1f\xf8\xd9\xac\x92\x15\xe3\x38\xfa\x0f\xe9\x12\x41\x76\xd1\x7b\xac\x1e\x05\x59\x2c\x43\x98\x68\xae\x5a\x4f\x75\xfd\x1e\xa8\x2a\xa4\x54\xc2\x0a\x93\x9d\xed\xa7\x29\xa0\xe1\x96\x46\xce\xbd\x82\x20\x49\xc8\x25\xc7\xe3\x1c\x6e\xfa\xd4\x5e\x30\x6f\x2d\x9f\x05\x69\xe0\x71\x73\x31\xf4\x80\x04\xc2\x6e\xbf\xe6\x8f\x38\x43\xe9\x0f\x80\x67\x03\x2d\x21\xe7\x86\xc8\x53\x9e\x01\xbe\x3c\xea\xc5\x95\x4a\x05\x46\xc8\x4b\x73\x4d\x99\x94\x56\xa7\xc4\x5f\x8c\xeb\xaa\x47\x8e\x54\x80\x07\xf9\xd3\xaf\x83\x6f\x75\x4d\xe4\x12\x3f\x2f"},
+{{0xe1,0xd1,0x41,0x65,0x18,0x92,0x1d,0x07,0xc8,0xc3,0x9e,0x29,0x73,0xd8,0xea,0x12,0x49,0xca,0xa8,0xbf,0x65,0x9c,0xc3,0x6c,0x79,0x37,0xf8,0x4e,0xce,0x7a,0xd4,0xfc,},{0x48,0xbd,0xcc,0x3f,0x1a,0x5b,0x80,0x58,0xed,0x9a,0x32,0xef,0x1c,0xc4,0x8c,0xf7,0xa8,0xab,0x76,0xa6,0xe4,0x51,0x9e,0x5a,0x82,0x85,0x52,0x41,0xad,0x6f,0xff,0x8a,},{0x42,0x32,0xd2,0xa4,0x81,0x08,0x4d,0x11,0x96,0xdb,0x62,0xf2,0x2d,0xc7,0x4c,0xf2,0xea,0xf2,0xdb,0x0d,0xf0,0x5a,0xd7,0xcd,0xde,0x67,0xbf,0xc2,0x9b,0xff,0x56,0xcd,0xe0,0x19,0xac,0x9f,0x03,0xd8,0x1f,0x18,0x27,0xeb,0x1e,0x3b,0x0a,0xbe,0x02,0x04,0xca,0x7f,0x77,0xfa,0x87,0x4a,0xb5,0x26,0x83,0x54,0xff,0x08,0xbb,0x7f,0x48,0x00,},"\x3d\x26\x3d\xe1\xab\x91\xe8\xdd\x7b\x31\x7f\x7a\x27\xfb\x60\xa6\xe1\x83\x8c\x0c\x79\x3b\x03\xab\xbe\x70\x82\xb6\xbd\xa0\xc7\xc4\x60\x62\x26\x21\x92\xc8\x8b\x65\xc0\x26\xc1\x74\x58\x4d\x29\x64\x97\x10\x42\x9a\xe4\x4a\x46\x14\x0b\x4c\x82\xc8\xa0\xb7\x4d\x56\xa0\x04\xf8\xe2\xf5\xc1\x8f\x84\xf0\x46\x41\x53\x77\x2f\x83\x12\x63\x3f\xc6\xad\x28\xa7\xd9\xfb\x55\xf7\xd7\x8c\xd6\x48\x8c\xa5\x81\x17\xea\xf9\x23\xfa\x28\x87\x5e\x2b\x31\x89\x89\x31\x85\xaa\x3c\xcd\x04\x4d\x3f\x11\x0e\x2e\x7c\xab\xdf\x6f\x81\x4b\x9f\xdd\x67\x33\xbd\x5f\x30\x7a\x87\xbc\x73\xb6\x25\x0d\x58\x83\x93\x6d\xeb\x1d\xb0\xe0\xaf\x1b\xe7\xab\x32\x9b\x5c\x6b\xd9\x35\xbd\x8f\x8d\xc8\x88\xf0\xd1\xc4\x64\xed\xbc\x02\x3c\xbc\x08\x07\x53\xee\x8f\x79\x9f\x10\x72\xba\xd1\x14\x4d\xfa\xa6\x15\xa5\x9e\x2a\xed\xc6\x62\xe8\x3c\xb1\xf8\xe5\x20\x96\xa7\xee\x48\x3b\xf8\x73\xb2\x5a\x0c\x04\xc1\x85\x1a\x0e\x87\x37\x50\x63\xaa\x1a\x94\xfa\x83\x5c\x05\x26\x40\x36\x6b\x79\xf7\x35\xd3\x28\x61\x97\xab\x32\xeb\xdb\x51\x23\xf6\xb4\x7a\xd3\xf4\x42\xc4\x4c\x53\x0a\x68\xf8\x51\x27\x59\xe9\xcf\x38\x6f\xba\x07\xb8\x06\x4b\xc8\xfe\x83\xe2\x45\x49\x5e\xc4\x5f\x89\x38\xf8\x25\x9d\xc8\x01\x62\x05\xf7\x8d\x39\x54\x44\x2e\xc1\xb4\x45\xd8\x3d\x95\xad\x18\x05\xa5\xe0\xe8\xb3\xd5\x6b\x87\x0a\x20\xda\x18\xd7\x4f\x26\xf5\x50\xa9\xc7\x53\x4a\x41\x44\xdc\xbc\x1c\x3c\xdb\xbe\x47\x0c\xc1\x53\x90\x50\x43\x08\x8f\xac\xf1\xd3\x03\x55\x9d\xe4\x1e\x96\xc0\xab\x40\x9b\xb3\x6d\xcf\x38\xcc\x90\x38\xa6\xa4\x90\x8d\xea\x82\xa6\x53\x19\x5c\x16\xf2\x90\xa7\xc3\xac\x48\x76\x36\xcc\x5b\xcb\x18\xd1\x5a\x14\xac\x62\x4c\x70\xb6\xf6\x46\x2b\xf2\x49\xe0\x00\xce\xe9\x24\x01\x8b\xdf\x7d\xde\x39\x11\x4c\xb4\xf6\x52\xe1\x22\xe8\x74\x4d\xa2\x8b\x05\x89\xe1\x28\x4d\x70\xd9\xf1\x06\xde\x16\xd0\x73\x64\x80\x80\xe6\x43\x7f\xf3\x84\xe6\x81\x77\xd5\xcb\x71\x8e\x2c\xe3\xf1\x7b\xa1\xe9\x90\xae\x3c\xe9\x40\x66\x01\x30\xe9\x37\x50\xb8\x2e\x2f\xb4\x1a\xa3\x69\x77\x45\x68\xd7\xcf\x28\x67\x25\xe3\xc5\x8f\x63\xe7\x3f\x86\x97\xae\xec\xc7\x17\xc5\xcf\x1a\xf7\xad\x74\xf4\x46\x29\x2c\x90\x5d\x84\xe2\x2b\x23\xd4\xe0\xd2\x60\x4b\xff\x48\xfe\xfc\x40\xc6\x20\x4b\x5e\x34\xc0\x42\x29\x2e\x53\xbe\xc9\x36\x01\x59\xa5\xcd\x97\xb2\xdf\x57\x86\xb8\xf5\xa2\x92\xc0\xb3\x9d\x14\xa8\x70\xa4\x58\x8e\x67\xbd\x12\xb2\xc2\xf7\xa4\x40\x84\x62\x85\x1d\x2a\xa7\x87\x97\x1d\x93\x15\x19\x0f\x42\xcc\x58\x8a\xf0\xd2\xdc\xd9\x1f\x31\xbb\x71\x5e\x92\x50\xf1\x19\x28\x14\xf7\xb8\xa2\x1f\xef\x45\x17\xb0\xcf\x8b\xb8\xa1\xa1\xa5\xf5\x00\xee\x21\x9d\xfb\x46\x13\x2e\xfe\x8e\x90\xbc\x49\x09\x3a\x55\x59\xf9\x68\x1b\x4f\xb5\x9e\x5b\xa9\xef\x3f\x05\xd3\x4e\xed\x03\x4c\x14\xd7\x7e\xe9\x5e\xbd\x76\xff\xa5\xaf\x0b\xef\xcb\xa1\x8f\xdf\x93\x2a\xf4\x85\x45\x10\xb7\x5d\xb0\x0a\x72\x57\xb2\x34\x88\x7d\x49\x60\x7d\xfd\x16\x18\x0d\xb5\x16\xc7\xa2\x0c\xcf\xca\xed\xa6\xae\xdf\xb6\xa2\x37\x7f\xbf\x31\xe6\x7b\x51\x76\x55\xdb\x73\xca\x29\xe1\x18\x62\x4d\x60\x80"},
+{{0x2b,0xf7,0x4f,0x00,0x4d,0x7d,0x0a,0xf7,0x3a,0x83,0xea,0x20,0x8c,0xc2,0x06,0x72,0x3d,0x18,0x8f,0x4c,0xf6,0x07,0xbc,0xad,0x4b,0x69,0x80,0x26,0x8f,0xf2,0x1f,0xa7,},{0x8f,0xdc,0xd9,0x93,0x52,0x43,0x8b,0xeb,0x52,0xf0,0xd1,0x74,0x2b,0xae,0x71,0x84,0x45,0x12,0xdd,0x06,0x85,0xaa,0xf1,0xc9,0x09,0xe3,0x8f,0xc4,0xb5,0xaa,0xb6,0xcc,},{0x3e,0xb5,0xb3,0x39,0xe1,0x91,0xa3,0xb6,0x16,0x85,0x45,0xda,0x5f,0xb0,0xca,0x9b,0xe2,0x09,0x04,0x39,0x19,0xb9,0xc7,0x0a,0x07,0xb4,0xa7,0xa3,0xbf,0x64,0xb1,0x02,0xf6,0xff,0xd6,0xd2,0xb0,0x25,0x59,0xdc,0x68,0x1e,0xd3,0xb9,0xc8,0x22,0x97,0xb2,0x01,0xdc,0x25,0xc4,0x97,0x38,0x80,0xe1,0x55,0xe1,0x3a,0x29,0x42,0x6e,0xb4,0x0d,},"\x89\x8e\x43\x03\xea\x5b\xeb\xd2\x00\xa5\xf7\x56\x2b\xe5\xf5\x03\x26\x40\xa3\xf5\xcc\xfa\x76\x42\x92\x04\x5a\x1a\x36\x8d\x02\xaa\x59\x10\x77\xd8\xf3\x04\xf7\x4d\xbd\xfc\x28\x07\x34\x45\x4e\xd8\xc2\x72\x7a\xff\x39\x2c\x10\x8c\x52\x6e\x52\x7e\x67\x2c\x53\x97\xb2\xd7\x7c\x01\xf7\x74\x1e\xf8\xdc\xc2\x51\x0e\xe8\x41\xb5\x9d\xd1\x0f\x4e\x1d\x3a\xc5\x01\xaf\x7c\xbd\xb8\x5b\xa3\x11\x29\xc2\x62\xfd\xe1\xa0\xc8\xbc\x83\xd6\xff\x94\x4b\x6b\xae\x3f\xa7\xfb\x62\x58\x7c\x68\x1d\x8e\x34\x29\x65\xc5\x70\x5f\xd1\xa6\xab\x39\xe5\xa0\x77\x0e\xe7\x79\x8d\x9f\xb6\xc0\x01\x8a\x51\x4d\x53\xaf\x84\x8d\xb6\x04\x7c\xd0\x2d\xb3\x52\xd5\x56\x3b\x53\x66\x23\x73\xb9\x71\x93\x5a\x1a\xc2\xb7\xb6\x36\x1d\xac\x67\x48\x77\x18\x13\xf7\x74\x93\x16\x69\x49\x61\xb9\x40\xff\x38\x05\x81\x1a\x49\xfa\x27\xa9\xba\x45\x7a\xd2\x88\x48\xc6\x97\x05\x0e\x01\x88\xd0\x77\x3e\x17\xfb\x52\x19\x4e\x19\x0a\x78\x72\xa3\x98\xf3\x1c\x0f\x0a\xe0\x65\x37\xa2\x73\xff\xb5\x0c\x2c\x81\x64\x45\xab\x88\x28\x11\x92\x2c\x06\x21\x55\x6c\x46\xa3\xa0\xec\x40\xbf\xed\xb4\x11\xe9\x0b\x6d\xb1\xdd\xd4\xbb\xeb\xb5\x7d\x10\xdf\x56\x6a\x63\xd7\x26\xa3\x33\x08\x51\x4c\xe3\xb4\x99\xd5\xe5\x26\xc2\x2b\x95\x6d\x8b\x99\x91\x3d\xcb\x13\xe4\x37\xe9\x47\xb6\x66\xc4\x1c\x54\xd8\xb3\xae\x23\x56\x64\x7e\x80\x17\xab\x67\x83\x86\xc9\x27\x21\x9a\xe7\xbd\xdc\x0d\x82\x12\x65\xf9\xdc\x4f\xf3\xf8\xce\x5b\xe6\x0f\x8e\x9d\xef\xc5\xca\x33\x50\x68\xee\x29\xfe\x83\x04\x91\x7b\x78\x87\x84\xa2\x38\x8a\x32\x01\x92\xf9\x32\x5d\x0e\x6c\xff\xfe\xa2\x1e\x6e\xaa\x29\xe7\x70\x7f\x63\xa9\xea\x4f\xbb\x25\x58\xe3\xd0\x83\x5b\xab\x1f\x52\x36\x10\x37\xae\x59\xe5\x03\xee\x96\xb9\xd7\x08\xa4\x7a\x3a\xe4\xba\xd1\x13\xe2\xa4\x60\xa2\x69\xcc\xf2\x5a\x00\x03\xcb\x3e\x68\xa5\x51\x86\x4e\x59\x84\x09\x14\x79\x11\x26\xf9\x54\x78\x8b\x25\xb5\xaf\x5a\xaf\x58\x6e\xbb\x87\xfa\x5f\x37\x7b\x4d\x7d\x7f\x84\xc0\x00\xdd\x2c\xb4\x40\xe2\x14\xd3\x8d\x5e\xcf\x70\xf2\x0e\x98\x81\x82\x8e\xda\xa1\xdb\xec\x37\x09\x3d\xb9\x60\x68\x6c\xa1\x23\xf1\xec\xba\x63\x36\xb3\x7f\x46\xcf\x76\x5b\xe2\x81\x4b\x9e\x67\x05\xbc\x9d\x6a\x49\x31\x81\x18\xc7\x52\x9b\x37\xc8\x4e\xc8\x8d\x58\xa8\x45\x3d\xcb\x69\x2c\x9a\x36\x01\x6b\x94\x8e\xbe\x6f\xb2\xc1\xd0\xad\xf5\xf1\x98\xee\x30\x97\xa6\xff\x0b\x8e\xeb\xba\xd8\xb0\x76\x93\x30\xb1\x86\x89\x51\x6b\xc0\xfe\x66\x8b\x0d\x05\xe3\xa5\x84\xfc\xf8\x9c\x49\xdb\x50\x1d\x61\xc2\xde\xf7\xed\x37\x22\x07\x01\x93\xa5\xb6\x83\xc5\x08\x7e\xf2\x74\xce\x6a\x19\x3d\xd4\xa3\x03\x53\x6c\x67\x93\x4b\x46\x60\xa8\x41\xee\x1b\x44\x6a\x68\x92\xb1\x4d\x0b\x0a\xa3\xe9\x8f\xdf\xfd\x43\xc7\x97\xad\xd3\x65\x83\xf7\x4c\x94\xd0\xe2\xd6\x8e\x2d\xe8\x18\xd9\xaf\x20\x05\x98\xf0\xb2\xbe\xae\x16\x9c\x8d\xfb\xc4\xd3\x97\xe6\xd1\xce\xb6\xda\xa6\xc9\xf6\xbb\xf4\xf8\x31\x1b\xa2\x6f\xfb\x19\x4d\x44\x21\x6c\x51\x30\x52\x67\x07\x4e\x85\x6a\x1d\x6e\x92\x27\x80\xf4\x79\x8e\x2f\x22\x02\x23\xff\xf1\xdc\x37\x0c\x8e\x34\x51\x4a\xba\x42\xdf\x51"},
+{{0xf5,0xf7,0xd5,0xb7,0x3c,0x5a,0x65,0x30,0x1b,0x5b,0x4c,0x67,0x10,0xed,0x12,0xc1,0x6e,0x79,0x03,0x17,0x7d,0xb7,0x92,0xca,0x71,0x5e,0x23,0x38,0x9d,0x05,0xd8,0x3e,},{0x7c,0x47,0x62,0xe9,0x79,0xf0,0xc7,0xe2,0x07,0xbe,0x18,0x43,0xe2,0x66,0x6a,0xca,0x27,0xea,0x89,0xbf,0xf5,0xb6,0x1d,0x57,0x3c,0x98,0x5f,0xc7,0x02,0x5e,0x1e,0x28,},{0x58,0xfb,0x39,0x2f,0x82,0xd5,0xe5,0x2f,0xf0,0x72,0xcc,0x77,0xef,0xe0,0x48,0xf2,0x23,0x52,0x50,0xc7,0x11,0x25,0xee,0x82,0x1c,0x5f,0x3b,0x39,0x3b,0xcf,0x2f,0xa4,0x6b,0xe4,0xc5,0xd8,0xca,0xf1,0x3c,0xb5,0x19,0xef,0xe0,0xc2,0xfa,0xd9,0xee,0x23,0x1a,0xe9,0xb6,0xfd,0x1f,0xd5,0x09,0xc9,0x8c,0x69,0xc2,0xd3,0x6c,0x75,0x3e,0x0e,},"\x7c\x93\x18\xd5\x6e\x63\xf1\x65\x35\x43\x6f\xa4\x5a\xfe\x27\x8e\x74\xe6\x18\x81\xbb\x46\x89\x97\xd0\x41\x8b\xc7\x20\xb6\x30\xda\xdb\x81\x28\xb4\xb6\x5c\xa6\xe9\x21\xe5\x01\x81\x3d\xf9\xfe\x03\xb4\xef\x0a\xae\x80\x35\xdd\x08\xc5\xf8\x20\xce\x5d\xf1\x2e\xe1\x18\xd9\xc3\x6d\x3b\x15\x1a\x52\xc3\xf9\x6a\xe1\xca\x4c\x82\xfd\x19\xda\x66\x9d\xdb\xa9\x4f\xeb\xf8\xea\xc8\xc4\x2b\x44\x7b\xab\xc8\xa6\x0b\x36\xe8\x03\x62\x4f\x7d\x20\x47\xbd\x8d\x8a\x15\x36\x87\xf1\x0d\xc1\xca\x82\x10\x0b\x7c\x87\xd3\x23\x70\xec\x8f\x26\x71\xed\x7d\x06\x7c\xc8\x05\x87\xca\xb8\xdb\x3a\x71\xce\x5e\x40\x63\x27\xf7\x63\xec\x1b\x3c\x16\x67\x70\xa7\x55\x36\x63\x0c\x81\x5f\xd8\x26\x75\x82\xd1\xb5\x05\x1f\x0f\x82\x1c\x02\x15\x0b\x2e\xef\x34\x9b\x50\x59\x03\x14\xaa\x25\x70\x79\x3f\xa6\x4a\x76\xed\x2e\xd8\x3d\x2b\xa1\xf9\xb9\xf1\x16\x31\x54\x61\x2b\x49\xa6\x4a\xd8\xd5\x57\x3c\x25\xb1\xcd\x37\xc4\x1a\x44\xe3\xdf\x78\xf1\x05\x3d\x90\xb0\x68\xf0\xd3\x7a\xe0\x0c\x4a\x32\xb1\xa3\xff\x87\x4c\x41\xda\x4a\x70\x43\x39\x2f\x18\xef\xe5\x51\x8d\x76\xe8\x8b\x41\xce\xd6\x9e\x6f\x4c\x01\x4f\x06\xeb\xc5\x14\x6e\x61\xe8\x2f\xae\x1c\x49\xc3\x7c\x39\x4f\xea\x34\x19\x9a\xb8\x6c\x11\xa4\x46\x7a\x37\x4e\x40\x25\x5a\x05\xd4\x26\x97\x14\x30\xd5\x6c\xdb\xa2\x5a\x21\xad\x77\x9c\xc7\xf6\x2d\x22\xcd\x87\xb6\x0f\x08\x91\xbd\x85\x6a\x51\x7e\x14\xb7\x2a\x9a\xc7\x67\x2e\x4e\x8f\xb3\x74\xa9\x75\x8a\xb0\xc4\xe5\x96\x4a\xae\x03\x22\x89\x73\xf1\x73\xa5\xd4\x2a\xef\x9d\xb3\x37\x36\xc3\xe1\x8d\x8e\xec\x20\x4a\x1a\x17\xb9\xd0\x45\x93\xde\xa4\xd8\x04\xcb\xc8\x1b\x9a\xc5\x45\x80\x50\x49\x55\x39\x99\x9a\x99\x85\x48\x7e\x7c\xa1\x1c\x37\x58\x2e\xf8\x5c\x84\x1e\x8f\x06\x5e\xa9\x8f\xdd\x6b\x1c\x60\xde\xa1\xec\x28\x83\x52\x15\x68\x85\x6a\x6e\xbb\x27\x49\xf2\x07\x2e\xb4\x34\x48\xbe\x07\x05\xed\x47\x7c\xf4\xb2\x00\x48\x65\x21\x7d\xe5\xfa\xdb\xe2\xa0\xf9\xd6\xb8\x4b\x3f\xe7\xf7\xbf\x6c\x77\x53\x74\x96\x24\x6e\xc7\x96\xb8\xef\x2c\x04\xf6\x8a\xb5\xb1\x4f\xce\x0c\x6d\x28\x7b\x83\x62\x27\xd9\xf0\x8f\xa0\xee\x19\x72\x2f\x67\x98\xa5\xd8\x28\x0d\x10\x7c\xfc\x1b\xd5\x92\xd9\xdd\xc7\x24\xea\x86\xfc\x39\xdc\x94\xa3\x94\x01\x9e\x3a\x3d\xe9\xe0\xd1\xc7\x35\xe8\x62\xde\x2b\xb9\x52\x5b\x5f\xb4\xbd\x12\x12\x12\xbf\xaf\xf9\xff\x58\x6a\xc3\xc7\x5c\x5a\xce\x74\x6d\x9c\xa3\x07\xf7\x95\xff\x26\x97\xf2\xb4\x1a\x63\x46\xed\x23\x39\x7e\xb3\x88\x98\x69\x1e\x6f\x66\x84\x16\x37\xd0\xab\x0d\x96\x83\x09\xe0\x19\x40\x02\x30\x90\x15\x41\x6e\x74\x47\x2f\xe3\x24\x25\xd4\x5f\x07\xc7\x71\x19\x18\xb1\xe5\x79\x0f\x57\x2c\xe4\x44\x10\x42\xd4\x26\x03\x37\x92\x29\x7b\x5f\x81\xe0\x80\x9b\xd9\x69\x1f\x0a\x50\x5e\x32\x59\xfc\x03\xc9\xff\x10\x7e\xb9\xb4\x87\x95\xf4\x9f\xb0\x9c\x1b\xab\x56\x59\xd3\x9f\xfe\xcb\xdc\xc4\x03\xe3\x80\x3d\xc0\x12\x43\x8c\x2f\xb3\x6f\x68\x30\x15\xc5\xdf\x04\x82\xcb\x7d\x7f\xc5\x75\x73\x64\xa0\xa3\xc1\x0d\x0e\x12\x59\xc0\x1f\xcc\x4d\xd5\x49\x4b\x52\x90\xa6\x94\xae\xa3\xf6\xfa\xe5\x47\xac\x57\x6f"},
+{{0x43,0xd4,0xbe,0x6d,0xe9,0xcb,0x00,0x89,0x8e,0x99,0xdd,0xcc,0x2e,0x15,0x30,0x11,0x0f,0xa2,0xcb,0xc4,0x37,0x6c,0x48,0x5e,0x9c,0xa5,0x7f,0xd6,0x55,0x86,0xd8,0xa3,},{0x36,0x32,0xad,0x38,0x9b,0xe2,0xfa,0xb3,0xfb,0xa0,0xd8,0x04,0xbf,0x63,0x45,0xcd,0x32,0x2e,0xdd,0xd6,0xa7,0x5d,0x8c,0x37,0xfd,0x4b,0x5b,0xa1,0xc9,0xc2,0x5e,0x8f,},{0x86,0xae,0x93,0x25,0xf8,0x0b,0x98,0x86,0xc8,0x38,0x1f,0x96,0xa1,0x8c,0x21,0x20,0xe6,0xdb,0x01,0x6a,0x0d,0x6c,0xa2,0x82,0xed,0x93,0xba,0x9b,0x61,0xca,0xec,0x02,0xde,0x88,0xef,0xca,0x8b,0x8e,0x91,0x6a,0x4b,0x16,0xa5,0x85,0x25,0xa2,0xf6,0x8d,0x21,0xe5,0xfb,0xe6,0x7d,0xb4,0xc4,0xd6,0x20,0x95,0x95,0xc4,0xab,0xc3,0x2b,0x09,},"\xd9\xd5\x5d\xab\x0f\xa6\xda\x76\xb6\x8e\x84\x1c\x24\xd9\x71\xba\xc1\xf7\x9a\xf5\x13\xd8\x34\xe4\x26\xa5\xd0\x81\x14\xce\x8b\x54\xce\x8b\x7a\xfe\x01\x6b\x0f\xad\x03\xee\x74\x50\xc6\xc3\x09\x71\x73\x68\x1a\x4b\x2e\xb9\xf9\xc1\x79\xa8\x8e\x7c\xc3\x68\x13\xf2\xf5\xd1\x5f\x79\x98\xaf\xa9\xfd\x4e\x54\x6c\x73\xbb\x42\xe7\xf9\x52\x2b\xe6\xaf\xab\xca\x8c\x7b\x64\xfe\xd0\xe2\x92\xe4\x37\x5f\x3e\x1e\x5f\xd9\xfc\xb5\x39\xf4\xe5\xe5\x43\xfb\x6a\x11\xa0\xdf\x32\x1e\x70\x08\x4a\xaa\xbb\x70\xa9\x95\x0c\xee\xe3\xd8\x79\xc3\x86\xef\xca\x1e\x59\xc3\xcb\x7c\x45\xb5\x60\x09\x5e\x7a\xf0\x0f\xf5\x2f\x8a\x1a\xaa\x9c\xcf\x09\x2f\x0b\xb8\x06\xd9\x76\x10\x74\x2a\xc5\x82\xa3\xab\xbe\xdd\xf3\x9f\x49\xd2\x29\xd3\x2a\x11\x86\xd0\x21\x51\x8d\x74\x72\x8d\x13\xd9\x62\x63\x5d\x63\xba\xa6\x74\x3b\x12\x6b\xf4\x58\xfa\x2a\xc7\x56\xfb\xf8\x80\x96\xc8\xd3\x34\x0c\x62\x23\x90\x53\x4a\x74\x3f\x18\x64\xd5\x4d\xea\xb5\xe5\x53\x63\x72\xce\x5a\xc9\x37\x62\x28\x74\x14\xea\xe1\x58\xa7\x6b\xf8\x1d\xf5\x41\x7c\xf4\xc0\x47\xbe\x3a\xc1\x47\x5c\x51\x7e\xbd\x3a\xc1\xd1\xd1\xbd\xda\x11\xb3\xf9\x9c\x18\x17\x3e\x03\x0a\xcd\x51\xd2\xb5\xcf\x79\x51\x65\x09\x41\x54\x05\x07\x75\x11\xbd\xd9\xcb\xe1\x7d\x04\xf4\x78\x05\xe9\x8d\x0d\x14\x5e\x60\xa5\xd0\xe0\xf4\x53\xcd\x9b\x5c\x1a\x24\xf1\x2b\x75\xe8\xcc\x34\xd5\xe0\x06\x91\xff\xac\xbf\xf7\x88\xfe\xa8\x34\xd9\xd7\x79\xc1\xe6\x10\x29\x4d\xce\x19\x17\x0d\x28\x16\x0c\xff\x90\x9b\xea\x5a\x0a\xa7\x49\x40\x17\x40\xea\x3a\xf5\x1e\x48\xb2\x7c\x2b\x09\xf0\x25\x44\x42\x76\xc1\x88\xc0\x67\x1a\x6d\xa9\x4b\x43\xd1\xe5\x25\xe6\xa4\xa8\xa1\xa7\x3d\xfe\xdf\x12\x40\x18\x46\xba\x43\x06\x8a\x04\x09\x2b\x12\x91\x22\x70\xd2\xb6\x0d\xf6\x09\x97\x79\x75\x6b\x8b\xbb\x49\xec\xe8\x2d\x55\xf0\xf8\xdb\x1b\x80\xfb\x4b\x59\xbb\xa8\x60\xbd\x18\xc7\x5d\x6c\x83\x4d\x69\x44\x2a\xe0\x31\x4c\xf2\x39\x9f\x53\x92\xa3\xc6\x72\x8c\x63\xe5\xc5\x16\xc4\x22\x2a\xac\x60\xf9\x16\xdd\x63\xd1\xd0\x51\x7e\x8e\xb1\x0b\xd0\xe1\x5e\xb9\x06\x14\xde\xb2\x96\x40\x3a\xd1\x5b\x8c\x12\xb9\xe9\x71\xef\x2f\x01\xe5\x9f\xc3\x5d\x90\xc5\x5a\x8e\x20\xe9\x43\x7d\xd4\x34\xb2\x6d\x5c\x2c\x6e\xc2\xd5\x3a\xce\xc1\x7e\x81\xe4\x78\x31\xdc\x2d\xe8\x21\x83\xd7\x13\xb5\x9a\x4d\x1f\x46\x96\x9d\xdc\xdd\xaf\x27\xf4\x4e\x5a\x31\x1a\xaa\xc3\x9c\x3d\x5a\x97\xbc\x90\xca\xd7\x12\xf4\x6f\x85\xe6\xc8\xfb\xf5\xd5\x8d\x8b\xc3\xec\x27\xd3\x10\xa9\xea\xf2\xc3\x69\xcb\x00\x64\x97\x70\x39\x0a\x3f\x98\x8f\x36\x2e\xfc\x15\x5f\x56\xa1\x46\xa6\x26\x50\x54\x7e\x91\x53\x25\x07\x01\xee\xad\x1b\xd0\x1c\x89\x46\x22\x72\xdf\xaf\x0a\x43\x1a\xf4\xbd\x7c\x3d\xb4\x51\xad\xa6\x03\x23\x3f\xda\xd3\xaa\x89\x99\xaa\x21\xe2\xd3\xa4\x3b\x0b\x56\xfc\x6a\x91\x24\xd3\x35\x98\xb3\x73\x7f\x4e\x5c\xb2\x58\xbe\xda\x75\x6a\xd2\xe1\x7d\x06\x91\xd1\x5d\x41\x6b\xb7\xcb\x07\xec\x8d\x8c\x7a\xf5\xde\x80\xe5\xb9\x39\x4e\x32\x0c\x4c\x6e\x43\xef\xaa\xe6\x84\xad\x00\xf6\xdd\x20\xa8\x75\x0e\x95\x9c\x2f\x04\x20\x6f\xc0\x23\xaa\x19\x0c"},
+{{0x7d,0x01,0x0d,0x76,0x0f,0x24,0xe5,0xa2,0xde,0x34,0x08,0x9c,0x9f,0xdb,0x19,0xc3,0x3b,0x15,0x5b,0x0a,0x37,0xca,0x45,0x5a,0x5e,0x5b,0x1d,0xae,0x7a,0x07,0x31,0x76,},{0x4c,0x87,0x7b,0x3c,0x49,0x71,0xfb,0xb5,0x51,0x16,0x6e,0x21,0x4d,0x1c,0x76,0x24,0xc5,0x22,0x77,0x90,0x3c,0x59,0xa5,0x62,0xa8,0x0b,0x91,0xa8,0x54,0x83,0xfb,0x47,},{0x55,0x70,0x61,0x38,0x79,0xae,0x22,0x77,0x8b,0xd5,0x4f,0x14,0xfb,0x6e,0x8c,0x02,0x56,0xa7,0x1f,0x3d,0x79,0xc3,0xe5,0xcd,0x8e,0x41,0xae,0xa8,0xcf,0x77,0x3e,0x24,0xd2,0x9f,0x1f,0x1b,0x24,0xf8,0xc8,0x0d,0x29,0x49,0xe8,0x20,0x14,0x65,0xdb,0xde,0x89,0x40,0xb1,0xfa,0xb6,0x48,0x3b,0x08,0x5d,0x41,0x8e,0x25,0x10,0x14,0x20,0x0c,},"\x86\xe2\x11\x55\x72\xbf\x4c\x01\x3e\x6b\x4b\x04\xd0\xb0\x3e\x60\x6e\xe7\x0d\x92\x9c\xb8\xec\x36\xf4\xe2\xf3\x55\xdb\x3b\x5e\x15\x73\xd6\x58\xd1\x7b\xb1\xa3\x10\xc1\x69\x89\xa1\x6b\x95\x58\x92\x2e\xe4\x93\xf3\x59\x04\x21\x03\xc4\xdc\x1b\x40\xdf\xf7\x70\x99\x01\xfd\x58\x30\x13\x3f\x42\xc4\x65\x1e\xca\x00\x8b\x49\x9e\xe4\xf8\x4c\xd4\xec\x1e\xda\xa7\x82\x56\xed\xb6\x2f\x24\x02\x1a\x00\x76\x25\x69\x19\xe4\xe2\xce\x0a\x5a\x20\xf9\x21\xc2\x78\xcc\x29\x91\x59\x64\x4b\x5e\x3a\x3b\xbd\x08\x9d\xcb\xbe\xba\xd3\x76\x6a\xea\x77\xe9\xf0\x8e\xe5\xf7\xd4\xc1\x9d\x81\x70\xbc\x3d\xe1\xba\x77\x9a\x76\x99\x14\xf9\x65\xdb\xde\x2b\x61\xba\xd2\x14\xc5\x08\x18\x60\x41\xf7\x6c\x25\xbe\x95\x76\x56\xf5\xcf\xb7\x33\x4e\xb8\x38\xa3\xcf\xbc\x55\xcf\xba\xb6\x7a\xdf\x15\x52\x61\x99\x41\xb8\x35\xcd\x3e\x34\x10\x3b\x18\xb4\x91\x31\xe8\x20\x96\xf0\x5f\x57\x0b\x89\x98\x04\xba\xb8\xb6\xcb\xad\xdb\xbc\x02\xf9\xf3\xb5\x59\x73\x6d\x99\xca\x7b\x02\xd3\x26\x8f\xa2\x73\x99\x6f\xcf\x05\x71\x97\x7d\x1c\xc3\x00\x8c\x4e\xf8\x48\x97\x0e\xe3\x50\xb1\x58\xc4\x7e\xc2\x77\xad\xd4\x74\x2f\xa2\xbc\xbe\xa9\xbd\x55\x49\xc7\xbc\xa0\x38\x02\x0e\xce\x68\xf1\x88\xc1\xea\x3a\x62\xdd\x9a\x07\x3d\x4c\x13\x8c\xa8\xa9\xac\x04\x08\xdc\xfd\x46\xe3\x6b\xdf\xf7\x39\x88\xa5\x8b\x96\x17\xca\xa0\x8b\xd4\x1b\xf3\xe8\x12\xe7\x82\x4f\x0f\x7e\x81\x46\xa4\x44\xf3\x6b\xf5\x3a\x1c\xd8\x92\x03\x9c\xcd\x33\x5f\x5a\x2e\x79\x74\x5e\xac\x96\x14\x8c\x2a\x29\x99\x47\xf1\xb2\xe3\x28\xa3\x78\x9b\xf1\x3c\x6d\x73\x50\x6f\x3b\xdc\x68\xea\x48\xab\xf0\x02\x27\x0f\xe4\xee\x9e\xf9\xed\x6b\x10\xc2\xfb\xb4\xff\x12\x75\xb9\xd7\xdd\x35\xd8\xa5\x2e\x37\x17\x58\x57\x4c\xb4\x66\xc5\x7b\x5a\xbc\x24\x29\x76\xbe\xfc\x8d\x98\xa0\x13\x1b\x9b\xb8\x46\xb2\x19\xe4\x66\x91\x86\xa8\x3c\x05\x6c\xd8\x08\x06\x61\xde\x16\xb5\x1c\xe5\x76\x7b\x22\xe9\xa9\x32\x42\xbf\x8d\x32\x05\xc6\x6a\x67\x3c\xe7\x83\xd1\xc0\xd3\x7b\x63\x00\xfb\xf0\xd6\x12\x79\x40\xf8\x8f\x18\x19\xc4\x50\xdc\xc9\x05\x43\xed\x79\x4f\x1f\xd4\x4e\x65\x39\xfe\xba\xf1\x9a\x4c\xc9\x88\x70\x01\x4d\x7c\xca\xd7\x4d\x18\x76\xa1\x23\xec\xd1\x45\x51\x6c\x74\x3b\x4b\xba\x62\xd8\x21\xca\x9a\x79\x51\xe0\xdf\xb2\x3f\x38\xd9\xe3\xa3\x65\xfd\x83\x22\xf2\xee\x47\x99\xe9\xff\x11\xe1\xc5\xc3\x0b\x55\xa3\x55\xc8\xa5\xde\xea\x81\xa5\x45\xe3\x47\x05\xab\x56\xd1\x7b\x1f\xa0\x6e\xd7\x64\x15\x55\x67\x02\xf3\x64\x80\x82\x46\xf8\x63\xc3\x19\xf7\x5c\xdf\x6b\xd7\x48\x43\x8d\x1a\x2e\xaf\x42\x06\xc5\x60\xbf\xaf\xc2\x35\x67\x9a\xd6\x04\x9c\x1a\x01\x52\x6f\xcb\x9a\x3c\xe1\xb1\xd3\x9b\xe4\xdf\x18\xb1\x5f\xa0\xea\x55\x27\x2b\x17\xeb\xde\xdf\x6c\x30\x49\x8a\x8a\x14\xf2\x04\x2b\xe1\xc2\xcd\xb0\x9e\x9e\xf3\x84\x6d\x66\x59\xa9\xf6\xd6\x73\xdf\x9a\xfb\x7e\xde\xd0\x4b\x79\x3d\x97\x31\xf0\xac\xcc\x41\x46\x8d\xc1\xf3\x23\x6c\x99\xac\xad\xee\x62\x39\xc3\x61\xb8\xbd\x7e\x2d\x0c\xfe\x8b\xb7\xc0\x66\x87\xe0\x8e\x76\xb7\x1a\xd5\x7a\x03\x61\x79\xf2\x91\xd0\x96\xae\x2f\xa0\x81\x8e\xf4\xbf\x48\x66"},
+{{0xaa,0xaa,0xbb,0x7c,0xe4,0xff,0xfe,0x4d,0xc3,0x57,0x47,0xba,0xea,0x2b,0xc5,0xf0,0x50,0xbe,0xf0,0x6e,0xe0,0xc1,0xfd,0x63,0x2a,0x06,0x7f,0xec,0xe1,0xef,0x4f,0xb5,},{0x82,0x0a,0x24,0x42,0xd5,0xf4,0x5f,0x3c,0x79,0x14,0x78,0xe0,0x98,0xfb,0x3b,0x06,0x8d,0xa5,0x2e,0xc4,0xe8,0xda,0xde,0xc8,0x50,0x65,0xc3,0x56,0x59,0xf4,0x37,0xe0,},{0x05,0x0a,0xe8,0xae,0xce,0xec,0x96,0x27,0xb8,0x01,0x37,0x35,0x7a,0x22,0x96,0x2a,0xc8,0xb4,0x50,0x48,0x66,0x17,0x08,0xd3,0x94,0xd0,0xa5,0x1a,0xad,0xc3,0x81,0xfe,0x85,0x35,0x02,0x3d,0x6e,0x1b,0xda,0x0e,0x72,0xb3,0x49,0xb5,0x0b,0x26,0xda,0x7c,0x3a,0x30,0x85,0xe8,0x1e,0x9d,0xd6,0xcf,0x12,0x78,0x68,0xfc,0x5b,0xae,0xab,0x01,},"\xf9\xd2\x85\x97\xa3\xe2\xb6\x4b\xa3\x27\xac\x5c\xd2\x9f\x08\x1e\x74\xbf\x46\x1b\x2e\xb2\xd3\xcf\xd9\xd5\xe9\x21\x58\xd2\x1d\x1d\x2a\x47\xab\x50\x98\x1c\xb1\x9f\xe3\xf8\xc6\xfe\x48\x82\x49\xb1\xc4\x9f\xb8\x97\xa0\xfe\x21\xab\x54\x04\x41\x4f\xd9\x14\x87\x5c\x22\x0f\x1c\xbc\x12\xf5\xc3\x8c\xfb\xa7\x9f\x7a\xc3\x03\xa5\x23\x1a\x37\x2b\x02\xfa\xd6\xc8\x46\x2f\x8c\xc4\x9f\x0f\x64\x96\x5b\x65\x1d\xcc\xef\x0b\xb9\x60\x82\x15\x09\x08\x49\x17\x7b\xe4\x7b\x2d\x30\x72\x94\x4d\x36\xe8\x56\xda\x18\x5c\x7b\x3a\x68\x9f\x7e\xde\xf9\x88\x33\x8e\x09\x63\xed\x31\xa6\xb0\xa8\x0d\x5c\xb0\xb1\xcc\xcf\x6f\x39\x48\x37\xaa\x6f\x8b\x2f\x3d\xa5\xef\xbd\xf4\xd3\x60\xd4\xbf\x4d\xd7\x08\xce\x64\x45\x58\x7d\x94\x2b\x79\x76\x1c\xe9\x51\xb1\xbb\x4d\x90\x50\x70\x36\x18\xa6\xd9\x30\xa8\x0c\x69\x57\x6f\xc4\xaf\x30\x6a\x2a\x56\xdb\xd8\x84\xa0\x5a\x1e\x4e\x9f\x31\x36\xcd\x0b\x55\xae\x47\x4b\xb5\xd3\xd0\xfb\xc9\xb0\x33\x9c\xec\x34\x4f\xdd\x08\x5c\x19\x28\x10\x14\x81\xc6\x87\x94\xf5\xc8\x90\x13\x71\x08\xce\xa7\x91\xd2\x1f\x81\x68\x3d\x3e\x1a\x9e\xec\x66\xac\xe5\xc0\x14\xd8\x9e\x69\x80\x8e\x5f\xa8\x3d\x38\x12\xee\x68\x0f\x5a\x99\x71\x68\x1b\x8a\xdc\xd4\xa1\x6e\x9a\x4c\x16\x5b\x5e\xf9\x93\x2c\x5e\xd8\x25\x23\x7f\xd5\x03\x7b\xcb\xef\xe4\xcb\x11\x56\x4f\xa7\x07\xc8\xa9\x32\x90\x75\x14\x14\x89\x1b\x1e\xdd\x33\x13\xc6\x5f\x8b\x91\xc2\xe9\x25\xa3\xc1\x2a\x9d\x3a\xa4\x5f\xd5\xa6\x67\xb7\x83\x93\xc3\xe3\x9d\xf8\x8a\x8f\x0d\x11\x48\xb5\x31\x1e\x3d\x87\xc4\xa9\x2e\x0a\x3f\xb9\x15\xbc\x90\xd5\x55\x8d\x05\xb4\x75\xa8\x83\x47\x78\xaa\x94\x3e\xa3\x9b\x8e\xaa\x95\xad\x18\x32\xe5\x91\x6e\xa3\x10\x2d\x7d\xe0\xb8\x36\xcd\xe8\xf3\x75\x9d\xbb\x3b\x9d\x56\xea\x81\x7b\x3e\x49\xc9\x83\x21\x02\x77\xc2\xc7\xc5\xb0\xdb\x18\x74\x22\x53\x2f\xca\x98\xa2\x8b\x3b\x65\x9c\x6b\x81\x5a\xc1\x26\xfa\xdb\xe2\xf4\x00\xc7\x3e\x9d\x2d\xed\xcb\xbd\x2d\x3a\x36\x5f\xfa\xd7\xe6\x66\xc8\x96\xe3\x1e\x61\xb3\x84\xed\x3a\x9f\xcf\x12\x90\x53\x8d\xf1\x1b\x94\x74\xc6\x28\x1c\xc5\x92\xc7\x1c\x88\x08\x86\x8b\x42\x92\xc1\x7e\xce\x6b\x3e\xdf\x5e\x35\x42\xa7\x0b\x91\x15\x93\xe9\x3f\x35\xec\xd9\x72\x9b\xd8\x88\x0a\x24\xea\xf4\x1f\xbc\x65\x74\xdf\xe1\x67\xec\x2d\x0e\x7a\xb3\xdf\x5e\xc3\x4b\x8b\x55\xd5\x48\xab\x93\x73\x8a\x2e\xea\xf2\x1c\x88\x4c\x5c\x85\x51\xdb\x2e\xdf\x2b\x04\x9f\x1a\x2a\x84\xfa\x72\xac\x89\x78\xa4\xc2\x78\x09\xf2\x09\xc1\xb2\x19\x5a\xff\x50\x4f\x69\x98\x56\xcc\x4f\x22\xd4\x4e\xbd\xd0\xfe\x50\x37\x44\x68\xd0\xb1\x79\x2e\x57\x4b\x51\x10\xa1\xf4\xcd\x0e\x22\x1e\x82\x4a\x78\xdd\xc4\x84\x5f\xeb\x46\xd6\x6d\x63\x3d\x23\xcd\x23\xf4\xb6\xfb\xe4\xc8\xce\x16\xcd\x1a\xf6\x15\x36\xda\x5f\xa6\x7b\x10\xac\x75\x55\xa6\x8c\x0e\x0b\xdb\xf2\xf8\xd7\x23\x09\xd9\x95\x51\x6b\x81\x18\xbf\x43\x83\x5d\x0a\x01\xc0\x8f\xfe\xba\x3e\xa3\xed\x05\xcd\x2d\x54\xf0\xea\xbc\xda\x05\xd0\x03\x7d\x52\xca\xed\x3b\x19\x37\x4f\xaf\x73\x99\x90\x94\xf7\x90\x55\x92\x4b\xea\x9a\xec\x44\x70\x13\x5f\x5e\x8b\xf1\x83\xc9\xd1\xc9"},
+{{0xe9,0x5c,0xc2,0xa4,0xd1,0x19,0x3b,0x75,0x39,0xfc,0xbb,0xea,0xae,0xed,0x98,0x5b,0x6f,0xb9,0x02,0xdd,0x0e,0xfb,0xd6,0x38,0x74,0x57,0x55,0x0d,0x0d,0x6a,0x2f,0xea,},{0x72,0xa1,0xff,0x1e,0x9b,0xb1,0x1c,0x8d,0x88,0x96,0x8a,0x7b,0x16,0x96,0x37,0xad,0xee,0x43,0x8e,0x22,0x63,0xf0,0x06,0xdc,0xa4,0xfe,0x02,0xfe,0x06,0x6c,0xba,0xd3,},{0x1b,0x8d,0x7c,0xc2,0xad,0xf3,0x6c,0xae,0x16,0x31,0x25,0x0c,0x82,0x43,0x1b,0xd8,0x84,0x37,0x16,0x3a,0x63,0x49,0xad,0x96,0xe7,0xa8,0x64,0x44,0x7e,0x9f,0xee,0x75,0x3a,0xc3,0x65,0x5c,0x98,0x35,0xb4,0xd1,0xec,0xbb,0x30,0x6c,0x63,0x8b,0xa5,0x40,0x2a,0xd0,0x2b,0xa6,0xd2,0x25,0xd9,0x68,0x82,0x88,0x9f,0xe8,0xd2,0x04,0xa6,0x04,},"\x84\x26\x74\x39\x20\x1b\x05\x91\xdb\x60\xc0\xf1\x7a\x9c\x15\xe4\x54\x09\x29\x56\x52\xd5\xf5\x5b\x87\xfb\x35\x19\x67\xc8\x46\xa5\x67\xf5\xce\xba\xae\xd1\x76\x2b\xff\x54\x85\xf0\x48\x53\xca\x92\x69\xf4\x64\x09\x4e\x51\x2d\xf1\xf0\x2e\x13\xe5\x17\xb1\xda\xa5\x8d\x34\xca\xa2\xd5\xff\x9f\x9e\x79\xbc\xaf\xb4\xce\x96\xe8\xa0\x89\x25\x8a\xd6\x13\x43\xb4\x46\x62\x8e\xbc\x4f\x5b\x2a\x84\xd0\x3b\x72\xef\x3f\x73\x85\x89\xfa\x13\xc4\x25\x19\xa8\x28\x29\x9a\x3f\xae\xc0\x35\x03\x7b\xc1\x0b\x44\xe3\xbd\xfe\xd9\xe0\x87\x07\x17\xcb\xaf\x31\xbe\xf8\xb2\x2c\x4e\xa1\x6e\x81\x57\xfc\xbc\x63\xee\xfa\x39\xed\x82\x2e\xfd\x42\x15\xc2\x47\xdd\xa4\x87\x86\x27\x7e\xc0\x30\xa8\x6c\x0e\xf4\x85\x1d\x67\x3c\xfe\x75\x2d\x06\x77\x88\x3c\x2c\x45\x20\x38\x97\x0c\x09\xbd\x48\x17\x14\xbc\x3f\xbe\xcf\xa4\xff\x2a\x3c\x24\x56\x95\xd7\xec\xc2\xf4\xde\xc7\xf5\xed\xe0\x4f\xf6\xdb\x43\xe2\xbb\x91\xc0\x66\xb6\x49\xef\x73\xfd\x3b\xe8\x60\xcb\x83\xfa\x80\xb0\x74\x14\x9f\x43\x1e\xeb\xb9\x17\xec\x84\x78\xda\x87\x0c\x11\xe3\x17\x70\x38\x59\xf9\xf2\xf4\x00\x8a\x6c\x7c\x75\x4b\x06\xe1\xf7\xd2\x47\x96\x89\xda\x84\xe8\x89\x22\xf3\x82\x74\x98\x5e\x11\xce\x13\xcd\xbd\xb0\xf2\xec\xe6\x8f\xb6\x02\xad\xe0\x3d\xd5\x49\xa3\x62\x49\x1f\x4a\x20\x3f\xf8\x07\x44\xf6\x63\xc5\x23\xa0\x26\xb4\x31\xaa\xd4\x5c\x58\x29\xe0\x29\xad\x62\x56\xd1\x27\x6f\xd7\xb7\xa1\x2d\xdb\xf1\x72\x7d\x9e\x23\x3f\xb5\x34\x45\x73\x70\xa4\x26\xe5\x6f\xb3\x9c\xf4\x04\xa3\xec\xbf\x0c\x4b\x50\xbb\x52\x2d\xce\x98\x1e\x08\x30\xfd\x84\x06\xe6\xd9\x72\x5c\xeb\x1d\xdd\x3a\x19\x47\x93\x7d\x90\xe0\x4d\x76\x8a\xe1\xd1\x26\xe2\xae\xac\x21\xb8\xc9\xef\xc5\x4c\x40\x96\x1b\x7f\x4e\x9e\x88\x02\x5f\x7e\x0b\x9d\xe9\x01\xeb\xf0\x04\x9e\x74\x1b\x79\x79\x97\xd8\xdb\x78\xe9\x28\x3b\xbb\x5f\x90\xf3\x5a\x2c\x4d\xee\x27\x31\x42\xec\x25\x8c\x02\xad\x0e\xcc\x61\xcc\x5c\x9f\x12\x13\x2d\xb2\x8a\xf4\x1c\x1f\xb7\x8e\x52\x4b\xe5\x32\x7b\x5f\xfc\x35\x96\x27\x79\xfb\x11\xff\x0c\x5d\x3e\xe0\xa3\x1f\xf4\x7e\x73\xb1\x72\x9d\xfa\x46\xe8\x98\x6b\x1b\x89\xab\xc8\x8a\xd0\x6a\xbd\x5b\x6f\x76\x6d\x23\xab\xf6\x42\x25\x78\x94\xeb\xdf\xa7\x9e\x63\x09\xf1\x27\x23\x74\xee\x94\x33\x67\x7b\xa1\x3e\x45\x1b\xaa\x95\x33\x0e\x66\x0c\x80\x52\xae\x87\x2e\x0e\x32\xe2\xb2\xd1\x28\x6d\x01\xa0\xab\x58\x10\x42\x4e\xd8\xb9\x40\x54\x65\xbd\xeb\xa0\x3b\x69\x83\x84\x67\x6f\xe5\xea\x46\x4a\x03\x44\x6c\x4f\x7c\xd7\xb4\x33\x12\xec\xf1\x51\x36\x04\x64\x57\x1a\xd2\x86\x10\x58\x1f\xba\xdb\x94\x5a\x1d\x68\x18\x1d\xeb\x40\x3a\xa5\x6e\xba\x0b\xb8\x40\x32\x8e\xee\x36\x10\x3c\x7d\xe0\x73\xa6\x87\x9c\x94\x1c\x75\x54\xc6\xf6\xf2\xa0\x80\x80\x9e\xb0\xe5\xbd\x0e\x13\x0f\x29\xa2\x29\xe9\x30\xdb\x01\xfe\xca\xc2\xe0\x36\xbd\xf0\xe0\x01\xe2\xa8\xea\x32\x64\xf8\x64\x9d\x5b\x60\xc2\x91\x03\xf0\xb4\x9c\x24\xc9\x7f\xac\xaf\x7e\x81\x06\x9a\x2b\x26\xab\x3f\x93\x3f\x42\x7d\x81\x27\x2c\x6c\x8b\x7c\xd0\xdf\xb7\xc6\xbb\xe9\xc0\xea\xab\x32\xbb\xda\x22\x18\xb9\x62\x3a\x21\x19\xaa\xb1\xf3\xeb"},
+{{0x77,0xad,0x0f,0x94,0x2c,0x37,0xf0,0x31,0x3e,0x6b,0x04,0x56,0xda,0xba,0xec,0x81,0xb2,0xd6,0x1f,0x6c,0x11,0x8d,0xdb,0x29,0xea,0xf3,0xac,0x5b,0xf1,0x95,0x04,0xd4,},{0x69,0x2d,0x2d,0xa5,0xa9,0x5f,0x48,0x61,0x1a,0x6d,0xa8,0x9c,0xfb,0x3b,0x35,0x40,0xf6,0xaa,0x0c,0x85,0x0d,0x6d,0x98,0xde,0xea,0x87,0x0e,0x39,0x7f,0xed,0xe3,0x28,},{0x69,0x6b,0xd5,0x52,0xdd,0x01,0xdb,0x80,0xb3,0xd6,0x7d,0x61,0xee,0xb7,0xec,0xc5,0x68,0x78,0x40,0x4a,0xb1,0x19,0x44,0x2a,0x1c,0x74,0x22,0x99,0x2c,0xfa,0x35,0xae,0xa9,0x20,0x82,0x5d,0x2d,0xaf,0xd8,0x92,0xad,0x7e,0xb6,0x82,0x5a,0xd9,0x99,0xae,0xe5,0xc8,0x3b,0x7b,0x50,0x79,0x06,0x53,0x4f,0x91,0xac,0xe7,0x59,0xc5,0x51,0x0c,},"\x87\xe6\xde\xad\x2c\x85\x54\x9e\x3d\x8d\x25\x88\xa0\xa3\x36\x06\x03\xa6\x24\xfb\x65\xae\xbb\xc1\x01\xbf\x7f\x1f\xec\x18\xd0\xb2\x8f\xbd\x5d\xba\xee\xd3\x87\x52\xcd\xf6\x35\x5c\xe8\xdc\x84\xe1\x8a\xc1\xa4\x39\x3d\x2a\xb8\x88\x88\x2c\x4f\xf1\xc9\xc8\x13\x7f\x83\xbe\xe3\x63\x36\xbc\xbf\xbb\x72\xd5\x04\x9e\x0a\x40\x08\x74\x51\x4f\xdc\x36\x33\x04\x6e\x89\x38\x3d\xde\xd9\x3c\xa3\x1f\xde\x0d\x89\x8e\x11\xe9\x26\x8d\x3d\x5c\x24\x06\x66\xed\x55\x27\x61\x3d\xa7\x9f\xb7\xe4\x96\x25\xb4\x4c\xde\x78\xb4\x1c\x67\x90\x2e\xb0\x21\x6b\x3a\x7a\x3e\x56\x0e\x26\x1d\x71\xd7\x64\xaa\xcf\x15\x95\x9c\x17\xfc\xd6\x17\x6f\xb2\x5e\x24\x9e\xe6\xbb\x1b\x3b\xd7\xbd\x90\xf6\x0b\x0b\x0f\xfa\x03\x15\xa0\x65\xa2\x4b\xba\xe8\xf2\x55\xbf\x29\x8d\x7e\x4d\x44\xf0\xb4\x30\xc4\x15\xb4\xfb\x36\xcf\xa6\x62\x6a\x83\xf4\x9a\x25\x67\xf6\x24\x4f\x40\xe9\x23\xad\xd1\xd4\x9a\x72\xf5\x7b\x15\x30\xf5\xb3\x79\xde\x3a\x91\xc2\xe9\xa1\xac\x79\xab\x37\xbc\x3b\x9b\xa7\x3d\x88\x28\x13\x6b\xcc\x87\xd2\xc0\x11\x90\xde\x54\x57\xfa\xcd\x90\xf3\x69\x55\x3f\x7a\xc5\x21\xc5\x67\x2b\x08\x67\xdf\xa8\xda\x3b\x95\x2a\xd9\x5b\x67\xda\xb9\x9b\x48\x20\x57\x2f\x2d\x4a\x29\x8e\x95\x18\x63\x77\x79\x28\x9c\x03\x1b\x79\x3d\xee\x85\x9c\xde\x7b\x24\xad\xd6\x49\xff\xf8\x71\x24\x8a\x66\x02\xd2\x51\x62\x79\xda\x60\x58\xcb\xb6\x96\xfa\x8b\x1d\x89\xa2\x0d\x20\x99\xe6\x46\x44\x32\x10\x48\x3e\x5d\x41\x34\xe9\x28\xfa\xeb\x38\xa3\xb5\x08\x19\x9e\x0d\x69\xbb\x55\xee\x34\x77\x42\x05\xc0\xa6\x12\x05\xb5\x0b\x08\xfe\xbe\xaa\x40\x1e\x6e\x3a\x51\xa2\xbf\x98\xef\xac\x78\xb7\xae\x2b\x85\x2c\x53\x95\xa1\x2c\x40\xe2\xc7\xdd\x1b\x20\x25\x04\xb5\xa7\xd2\xf7\xe4\xfd\x4f\x86\x10\x93\x0d\x28\x68\xcb\xa8\x86\x43\x39\xe0\x41\xda\x21\xc0\x71\x5f\x41\xb2\xb2\x3d\x14\xd0\xb5\x45\x48\x0b\xc3\xbd\x7d\x72\x15\xcf\x2f\x81\x6a\x33\x32\x08\x1e\xca\xa0\x8c\x0f\x8b\x99\x52\x52\x51\xf5\x72\x31\xb6\x75\x0c\x2d\xbd\x11\x09\xac\x41\x60\x48\x6b\x76\x83\x24\xb6\xba\xc8\x7e\xf5\xa2\x26\x44\x8c\x43\x12\x40\x32\x8f\x42\xcc\xa5\x86\xbe\x7a\xff\x3c\xbe\x76\x05\xfa\x34\x15\x14\xfc\xcf\xb9\x66\xaf\x3d\x45\x30\xe8\xcd\x90\x37\xa1\x1c\xe5\x93\xc2\xd3\x83\xe1\x03\x5a\x0c\x2e\xda\x09\x8d\xe9\x0d\x50\xc5\x18\x4a\x9c\x01\xb5\x7f\x26\xb9\x4d\xed\xd1\x45\x4c\x34\x06\x37\xec\xcc\xee\x70\x62\x57\x54\xa3\x28\xc6\x5f\x42\x64\x5b\x5e\x1a\x56\x55\xee\xf9\x7d\xfb\x1c\x63\x08\xed\xf4\x9f\xa3\x68\xd1\x7d\x17\xe0\x6a\xdc\x51\x2b\x39\x73\xea\x65\x2a\xc4\x0a\x99\x78\xe1\xbb\x1b\x2f\x86\xc5\xa9\xff\xbf\x60\xdc\xc4\xf6\xbb\xc9\x8a\x64\xf4\xde\x65\xe7\xec\x61\x72\x1e\xde\xb0\xe5\x23\x84\x56\xf7\x61\xd2\xd1\x29\x3a\xf0\xde\x9f\x79\x3b\x11\xd8\xca\xdf\x01\xa9\x43\x19\xa0\x2a\x42\x73\xff\xc4\xd3\xff\xa7\xb3\x4d\x74\xfd\x2e\x0b\x10\x0f\xca\x58\xb5\x32\x5f\x90\x7a\x74\x91\x93\xe7\x51\xd6\xc1\x16\x68\x7a\xee\x37\x47\xb5\x94\x60\xd4\xef\x15\x6e\x72\x47\x6e\xae\x1b\x84\x55\xd7\x6e\x71\xb3\x06\xb9\x81\x29\xb7\x2f\xe1\xcb\x5e\xb4\x05\xa7\xc2\xf4\x32\x7f\x38\x62\xd4"},
+{{0x29,0x32,0x14,0x69,0xee,0x9f,0x2b,0xb1,0x65,0xa0,0x69,0x64,0x03,0x32,0xb4,0x89,0xbf,0x5c,0x3f,0xab,0x68,0x2e,0x93,0xda,0xe9,0xd8,0x63,0x17,0xbf,0x50,0xc5,0x2c,},{0x96,0xf7,0x30,0xf8,0xef,0x89,0x70,0x26,0x8d,0xba,0x0f,0x75,0x70,0x41,0x0b,0x61,0x88,0xa1,0xa3,0xc8,0x63,0x97,0x74,0x09,0x13,0xd5,0x3a,0xda,0x26,0x2a,0xb8,0x7e,},{0x4e,0x1a,0xff,0x84,0x63,0xbc,0xa1,0xb7,0xde,0xb1,0xd3,0x77,0x3d,0xf2,0xe7,0xa0,0x68,0x64,0x11,0x1b,0x6d,0xc4,0x2a,0x62,0xae,0x98,0xde,0xb2,0x31,0x39,0x43,0xb3,0x15,0x3e,0xe4,0x66,0x96,0xb1,0x5c,0x24,0xef,0xc2,0xa8,0x08,0xaa,0xba,0x81,0xc7,0x8e,0x3d,0xfa,0x4d,0xfb,0x50,0xca,0x9f,0xe8,0x44,0x45,0xea,0x68,0xbc,0x8e,0x0a,},"\x9c\x71\x2c\x83\xd5\x4f\x2e\x99\x3c\xa6\x8a\x96\x32\x84\x60\x04\x49\x9c\x51\x95\x44\x8d\xdc\x49\x1c\x3a\x0d\x2e\x3a\x66\x6d\x6b\x33\x09\x8e\x48\x64\xfd\xf8\x6e\x61\x9d\x50\xf1\x0b\x7c\xc6\xc3\x9b\x3f\xf2\x80\x1a\x94\x91\xf6\xfa\x97\xc5\xf1\xc4\xaf\xa7\xae\xff\x31\xd7\x38\xf9\xa7\x68\xa7\x9c\x73\xb2\x55\x77\x31\x0f\xb0\xad\x4f\xaf\x85\x43\xa0\x98\xf8\x59\x57\x1b\x61\x48\xe8\xb5\x29\x26\x44\x57\x57\xd5\x54\x9f\xd2\x5a\x26\x51\x85\x31\x56\x63\x79\xd1\xc2\x74\xe6\xc6\xa9\xd6\x41\x32\xe4\xac\x25\xac\x9a\xf9\x38\x1b\xcb\x88\x53\x32\x11\x3f\x43\x01\x4a\x13\x9a\x81\xf8\xd4\x3c\x8a\x6a\xb5\x4c\x11\xa5\xc9\x2e\x06\x19\x1c\x1e\x51\xb7\x57\xac\x9f\x11\xe3\xdc\x15\xdb\x44\x86\xd1\x67\xff\x9f\x2d\x65\xe2\x3e\x6c\x96\x22\x3d\x9a\xff\x8d\x10\xd1\x50\x2c\xf3\xdb\xce\x5e\x35\x7e\x6b\x12\xdb\xe9\xb7\xe9\x97\xc3\xd0\xa5\x07\xd3\xba\xe3\xcf\xef\x1f\xfc\x8d\x05\x6e\xf7\xdc\x72\xdd\xc1\xc8\x1e\x31\x0a\xd2\x05\xbe\x16\xe7\x7f\x27\x38\x35\x4b\x10\xb4\x84\xd3\x07\x6c\x27\xe6\xb4\xf1\x66\x38\x85\x81\xf3\x50\xbe\xfe\x22\xfb\xb0\x82\xb5\x41\x21\xee\x59\xec\xc7\xae\x5d\xec\xe8\x98\x82\xac\xf2\x6c\xb7\x47\xff\xaa\x3e\x2d\x05\xa6\x96\xf6\x0f\xd9\xe8\x29\xc7\x09\xd8\xf0\x2d\xaf\x53\x7b\x23\x69\xb8\x91\xfe\x6c\xcb\xf8\xdf\xcd\xd7\xf4\xa3\x64\xb1\x99\x85\xbe\x7e\xde\xc6\x7d\xdc\x1d\xb7\x13\xc0\xa9\x0f\xaf\xa4\x88\x37\x77\x25\x62\xde\xac\xc2\xd2\xa0\xe7\x89\xe1\x8a\x8b\x5b\x3b\xd9\xe0\x83\xea\x92\xff\xfc\x31\x83\xd5\xd4\x14\x15\x32\x59\xb3\x3a\x43\x29\xcf\xc8\x08\x24\xeb\xcb\xe0\x44\xa7\xe3\x3a\xb8\xa2\x4f\xde\x54\xbd\x95\x20\xae\xa2\x84\xb0\xc4\xc4\xfa\x94\x27\xd2\x51\xc0\xdd\xd0\x13\xec\xdd\x82\x90\xef\x55\x65\xf6\x08\x50\x8e\x36\x35\x89\xe5\x29\xd8\x4f\xf0\xf2\x6f\x9e\xcb\x03\x05\x2d\x58\x97\xfa\xbc\x91\x7e\x56\xe6\x01\xb6\x4a\xbf\xe5\xa1\x7c\x39\x50\x28\x9d\x0c\xdc\xaf\x1f\x60\x05\xa9\xf8\x10\x6f\x43\xe1\x7a\xdc\xaa\x2d\x1e\x26\x91\x66\x76\x2f\x80\x54\xde\x05\x13\x5d\x5d\x13\x93\xd7\x00\x0a\x15\xb8\x7b\xd6\x88\x46\xa8\x9d\x5b\xc2\x28\x63\x32\x51\x51\xaa\xc8\x43\xf7\x22\x78\xae\x6f\x4a\xf7\x2a\x4e\x44\x9a\xdb\x7e\xae\x6d\x43\x6a\x1e\xc7\xe5\x8e\x59\xb7\xb8\xbb\x9e\xf0\xdd\xaa\xa0\x01\x82\x6f\x8d\xcb\x44\x64\x79\xde\xaf\xd8\xb8\xd5\x42\x04\x1c\x19\xa0\x5b\x1e\x0e\xe4\x7b\x46\x40\x91\x0c\x31\x93\x0c\xa4\xe2\x0b\x10\x57\x58\xec\x75\xf1\x95\x03\x56\x94\x7f\x62\x61\xd0\x03\x7f\xe3\x07\x73\xa3\xec\xe6\xa9\x6c\x8d\x54\x33\x33\x3d\x82\x2c\x27\x77\xef\x7f\xf8\xbe\x60\x33\x34\x5b\x50\x55\xd5\x8f\x5e\xb3\x72\x9a\xf5\xae\x88\x24\xf3\x31\xee\x07\x31\xc8\x9b\x20\xac\x11\x8f\x55\x04\x27\xcd\x95\x8a\x55\xf6\xb1\xa2\x88\x8a\x08\x7b\xb7\xdb\x55\xbf\xc7\x3b\x29\x42\x9b\x44\x48\xdb\xe9\x11\x9c\x45\xa8\x73\x39\xb4\x49\x7a\x69\xa4\xcf\x83\x3e\x8f\x37\x70\xcc\xe5\xe0\x1f\xaf\x5e\x73\xbb\xaf\x62\x76\x83\xc0\xa2\x8c\x73\x05\x2f\xbe\xce\x20\x30\x43\x38\x9d\xfb\xfd\x45\x49\x5e\x51\xda\xb8\x6a\x25\x2e\x5b\xc1\xb4\xb7\xfe\x28\x07\xe3\xd0\xe2\x36\x3b\xea\xb5\x1c\x67\xfb\x31"},
+{{0x04,0x65,0x77,0x50,0x49,0x7e,0x68,0x15,0x2c,0x43,0xce,0x34,0xa5,0x8d,0x21,0x06,0xe6,0x4c,0x55,0x7c,0xd7,0xa8,0x4e,0xf0,0x5d,0x9e,0xb8,0x2e,0x6b,0xcb,0x05,0xf5,},{0x3b,0x3a,0x19,0x47,0xb4,0xcb,0xf6,0x0b,0x82,0x6d,0x60,0x9f,0x19,0x2d,0xc2,0x30,0xaa,0x9b,0x9b,0xaf,0x4c,0xd6,0xa6,0x09,0x2e,0x49,0x5f,0x1d,0x2e,0x47,0xad,0x62,},{0x7e,0x2e,0xae,0x5a,0x29,0x3f,0x41,0x83,0x91,0xf6,0xd8,0x5a,0x79,0x94,0xb0,0x7c,0x45,0x22,0x80,0x01,0x7e,0xe6,0x53,0xbf,0x61,0x7a,0x8d,0x5b,0xe2,0x4c,0xbb,0x5d,0x0e,0xfd,0xfb,0x7f,0x7f,0x00,0x13,0x12,0x26,0x0f,0x34,0x4e,0x6f,0xb9,0x15,0xad,0x8d,0x7d,0xe9,0xc0,0x51,0x98,0x27,0xc0,0x57,0x26,0xf9,0xce,0x25,0x45,0xdd,0x0b,},"\x29\x48\x22\x7a\x89\x0f\x6f\x84\x5b\x77\x5e\x62\xc5\x3a\xf3\x80\x50\x64\xa1\x57\x64\x46\xf0\x85\xd9\x0f\x8b\x9a\x5e\xd6\x8d\xf1\xea\x39\x3c\xe4\x79\xc4\x41\x41\x49\xa9\xec\x5a\x17\x10\x36\x42\x4d\xff\x03\x44\xb4\x95\x8f\x61\x32\x29\x8d\x0e\x24\xc9\x26\xd2\x8a\xd9\xd7\x9f\x98\xc6\xe6\xbc\xf1\xc5\x76\x76\x06\xec\xd2\x91\xc6\xad\x47\xb4\xf9\xfb\x2b\x02\x01\x15\x5a\xda\x62\x7b\x7a\x1f\xd5\xb0\x74\x19\x87\x40\x83\x05\x9e\xb5\x2b\x2f\x6e\xc2\x28\x18\xb7\x82\x46\x22\x8f\x3f\xe6\x35\x5d\xfd\xa7\x0e\xbb\x9b\xbe\x73\x22\x93\x78\x73\x63\x99\x55\x7c\xe2\x4b\x30\xbf\x64\x5a\x14\xe2\x25\x6f\x70\x01\x9b\x33\x36\xb2\x03\xfb\x77\xc6\xec\x94\xa7\xa2\x63\x48\x88\xfe\xea\xd4\xd7\x2c\x23\x91\xe9\x9e\x8c\x8d\x53\x3f\xd8\xa4\x2b\x08\xc1\x1f\x88\x7a\xb2\xde\xb6\xeb\xbf\xe3\xd2\x51\xde\x63\x53\x6c\x36\xcd\x53\x42\x23\x98\xe5\x44\xcf\xf8\x7b\x07\xa6\x33\x49\xfc\x50\x85\xdd\xe9\x3a\x1b\xfd\x71\x71\x13\x3a\x20\x43\x98\x1f\x60\x75\x22\xc8\x13\x3c\x63\x42\x8d\x1b\x92\x62\x6c\x79\xb7\x35\x8e\x70\x21\xcf\x1f\x41\x2a\x78\xaf\xa7\xcb\x3f\x59\xff\xef\x92\x79\x88\x5a\x5b\xdb\x24\x66\xac\xd3\x4c\xd5\x15\x80\x83\x0b\x83\x51\xeb\xd4\x40\xa9\x66\x23\x90\x7a\xd1\xf4\xb5\x62\x03\xf5\xe1\x59\xa4\x29\xe3\x54\x6e\xad\x0c\x01\x1d\xbe\xd0\x90\x28\x71\x7e\x3c\x3d\xfe\xd3\x91\x97\x76\x4d\x4d\x24\x5e\xf2\x28\xb9\x80\x44\x71\x8e\xf4\xd8\x82\x2f\x21\xb2\xc5\x68\x50\x38\x47\x3b\xf9\x3d\xc0\x93\x74\x51\xeb\x02\xd3\x1a\x46\xc8\xdc\x7e\x94\xc3\xe8\x67\x8c\x83\xb9\x8a\x43\x81\x8f\x12\x5b\x52\x8b\x47\x6a\xad\x31\xd1\x58\x4f\xfd\x48\xf1\x49\xe5\x73\x6e\x58\xf9\x42\x05\xd3\x88\x9e\x56\x7e\x4d\xd1\xea\xc2\xfa\xc1\xf8\xf4\xdc\x54\x0e\x53\x22\x46\x0f\xb9\x40\xe1\x2e\x93\xc4\xc9\x8d\xed\x19\x41\xc1\x90\x4f\x96\x7f\xb4\x64\x36\x84\xc1\x9a\x4d\x5c\x44\x1d\x60\xb0\xe9\xf4\x08\x55\xe5\x23\xfe\x7f\x99\x10\x76\x57\xa6\x80\x76\x27\x5b\xf8\x4b\x7c\x69\xa3\xf2\xb3\x85\x5b\xc8\x02\x6b\xa9\xb0\x0b\xc6\xfe\x34\xb9\x9d\xa0\x63\x17\x00\xa6\x7f\x52\xb3\x4e\x17\x96\x33\x98\x87\xa4\x83\x05\x12\x1d\x53\xab\x44\x40\xfc\x4b\x5c\x9b\xf7\x23\x94\xd5\xed\x37\x2f\xf1\x8c\xa3\xf0\x07\xbd\x02\xdf\x65\x1d\xc3\xac\x43\x82\x75\xf1\xa3\xe5\x24\x22\xb8\x6c\x45\x86\x76\x6a\x21\xcd\x89\xf8\x05\x80\x5d\xbb\x44\xfd\x89\xfe\x24\xfb\x2c\x0b\x40\xd1\xb7\x54\xc3\x35\xdb\xaf\xfc\x3b\x3b\xb8\xbb\x46\xc7\x4c\x36\x37\x45\x04\x04\x2d\x86\x78\x92\x27\x59\x98\x62\x31\x2e\x99\xca\x89\xeb\x50\x4c\xc3\xd7\x5d\x19\x49\x5a\xa8\x6b\x20\xb2\x73\x6b\x12\x1b\xb2\x07\x5c\x88\xed\x4a\x3f\xbd\xaa\x6b\x2c\x3f\x76\xd1\xff\x55\x25\xd3\xa2\x86\x3e\x4d\x83\xc7\x2b\xfe\x01\xe1\x02\x78\x80\x94\x74\xe1\x82\x2d\xe2\xd9\x62\x83\x48\x93\x20\x02\x96\x11\xaa\x9d\xff\xc4\x82\x9d\x66\x86\x9e\x63\x49\x4f\x9a\xad\xe7\x0b\x77\xa7\xb8\x0f\xbc\x93\xe3\xde\x4d\x93\x59\x13\x75\x2d\x04\x5e\x13\xb3\x12\xc5\xd0\x82\xf6\x24\x2d\x49\x85\xb0\x53\xb3\x78\x3e\xb0\x2c\x66\x14\x96\x3d\xc0\xd5\x5d\x4c\xbe\x88\x7b\xae\x29\xcc\x18\x97\x9e\x5e\x2e\xa9\x45\xbc\xd4\x0d\x89"},
+{{0x8b,0xd9,0x90,0x70,0xc5,0x0a,0x9f,0xa4,0x18,0xef,0x7f,0x75,0xc0,0x01,0x29,0x91,0x6a,0x41,0xc8,0x60,0x70,0x96,0x1c,0xcb,0x2b,0x20,0x2b,0xe1,0x8c,0x2d,0x10,0xd7,},{0xdd,0xd7,0x33,0x08,0xfc,0xe8,0xca,0x65,0x52,0xd0,0x39,0x42,0x8c,0x7a,0x1a,0x94,0x92,0x33,0x20,0xa3,0x1c,0x0f,0x58,0x0d,0x3c,0x23,0x52,0x80,0xf0,0x3c,0x18,0x30,},{0xb1,0x4a,0x7b,0x26,0x20,0x12,0xc5,0x90,0x9e,0x21,0xd5,0x87,0xfb,0x4f,0x29,0xa9,0x09,0x3c,0x8e,0x1c,0x29,0x99,0x81,0x6a,0x82,0x11,0x8f,0xef,0xbf,0x10,0xe6,0x8e,0xa8,0x98,0xbf,0x0d,0xa1,0x8e,0xbf,0xd0,0x34,0x1e,0xa8,0xf8,0x2a,0x18,0x44,0xc8,0xe0,0xdd,0x53,0x06,0xe5,0x09,0xb9,0xd0,0xc3,0x5b,0x47,0x3a,0x7d,0x20,0x95,0x07,},"\x48\x5f\x8d\x68\x0f\x79\xee\x2d\x82\x8b\xe7\xd0\x18\xa6\x5e\x0b\x64\xb0\xf0\x18\x48\x19\x86\x3e\x71\x10\xee\xa8\xf2\x99\xa7\x2c\x4d\xc8\x7f\x8e\xe8\xa8\xae\xaa\x81\xaf\x91\xdc\x71\xad\xea\x79\xfc\x97\x97\x42\x1c\xcc\x64\x6e\x6c\xd5\xdd\x48\xb4\xde\xc1\xde\x96\x86\x93\xfb\xce\x0d\x00\x21\xa3\xd9\x8d\x38\xa8\xbb\xc5\x81\x95\xe6\xdf\xc3\xb5\xe1\x46\x1b\x2a\x59\x41\x03\xe8\x0a\x29\x44\x1d\x5a\xaa\xf8\x89\xe3\x1c\xc8\x65\x14\x1f\x0c\x6b\x2c\x8c\x81\xf7\x21\x67\x9e\xa2\x39\x4e\xc6\xe4\x08\x1e\xc2\x03\xc2\xea\x39\x7d\x94\x84\x75\x7a\x7a\x0e\xcd\x53\xe6\x52\xdb\x9d\xf1\x7b\xea\x0e\x32\xfe\x8b\x2c\xbc\xe0\xd1\xd9\x7b\x96\x1e\xd7\x4e\x8e\x62\x2b\xcd\xd3\x55\x8b\x7c\x48\x69\x5a\xdf\x18\xaa\xe6\x11\x0e\xa9\xa3\x39\xb9\xda\x40\x7a\x9e\xda\xf2\xab\x08\x1a\x68\x1e\x18\x32\xcc\x21\x5b\x1f\x08\xa6\x7d\x55\x9a\x47\x44\xaf\x7c\xd5\x03\x18\xc2\x06\xee\x91\x15\x75\x82\xf8\x2e\xb6\xc0\xfc\x29\x02\x7b\x44\x61\xc3\x07\x33\xb8\x16\x9d\x14\x81\x32\x2c\x48\x60\x50\x9b\xa0\x96\xba\xcb\x71\xa5\x79\x24\x67\x51\xd5\x67\x54\x0e\x41\x43\x1e\x14\xf1\xb4\x6e\xf1\x6e\xba\x27\x61\x04\xbc\x01\x65\x0d\x5c\x49\x26\xe4\x7c\x9c\x60\x40\x78\x4b\x04\x3c\xd0\xaa\x48\x54\xef\xe8\x79\x7f\xd0\x46\x2d\x45\x39\xf3\x80\x35\xae\xf0\x8b\x45\x77\xc1\xa9\x11\x8d\x00\x4b\x6d\x01\x86\x2f\x52\x76\x77\x6d\xfe\xf1\x37\x18\x64\xf1\x55\xac\x0f\x07\x83\x89\xc2\x05\xcf\x05\x38\xd8\x5f\xa3\x48\x24\x4d\x7a\x42\x29\x11\x31\x0f\xf6\xc1\x01\x32\xb1\x59\x8b\xb4\x45\xc7\xe2\x07\x7b\x76\x3c\x47\x3d\x1e\x7a\x61\xa3\x8b\x64\x92\x9a\x64\x8b\x60\xb2\xe5\x43\x54\x37\x39\x22\x4b\x40\xfb\xf6\xd8\x7f\x10\x79\xc3\x0b\xc8\x73\xac\x38\x99\x1d\x51\xb8\x9e\x9d\x26\x1c\x4b\xcc\xb3\x75\x35\x5c\x07\x2c\x1e\xa2\x0e\x4f\xf9\x1d\x55\xd9\xf7\x54\x4e\x90\xd1\xc6\x64\x6c\x59\xaf\x72\x42\x4d\x8a\xaa\x8e\x0a\xed\x07\xb3\x88\x9d\x4e\x45\x0c\x12\x09\x68\x4c\xe1\x38\xd0\xc9\xda\x07\x95\x25\xf5\xaa\x02\x05\x0a\xf5\x70\xe4\x31\x5c\x2f\xa8\xb0\x99\xb7\x76\x5b\xfb\xb8\x94\xfa\xd3\x59\xb8\xe2\x48\x04\xec\xe0\x52\xac\x22\xa1\x91\x70\x53\x35\xe9\x88\x40\xa6\x24\xe4\xcb\xf3\xa1\xa1\xa3\x27\x81\x27\x85\xb2\xc0\xf5\xd6\x38\x14\x57\xb7\x2f\xdb\x63\x3e\x81\x93\x8b\xbb\x54\xb8\xc3\x7c\xcc\xb5\xd5\x9c\x58\x27\xc7\x68\x3a\x52\x47\x54\x49\x77\xe9\x84\x44\x21\x78\xd0\x85\x29\x06\xca\x6f\x94\x5c\x42\x29\xeb\x08\xad\x27\xe6\xc2\x75\xd7\xb4\xec\x8d\xc2\x5f\xb2\x81\x93\x37\xe5\x3e\xad\x6c\x7a\xa7\x87\xf9\x1a\x7d\xc6\xdd\xaf\xd5\x36\xee\xfc\xbd\xec\x2c\x50\x16\x7b\xe3\x43\x06\xa8\x2e\x16\xd5\xd5\x2b\x3b\x1b\xe0\x08\xa7\xa6\x11\x27\x4c\xe2\xcf\x8d\x62\xe3\xb9\x00\xc0\x99\x43\xbe\x70\xcc\xc7\x7b\x07\x06\x37\xc2\x50\x61\xd6\x1b\xe9\x10\xee\xf5\x0d\xf1\x87\x44\xc3\x3e\x76\xf6\x70\x1e\x0a\x8f\xf6\x29\x7f\xa6\x7e\x4b\x41\x08\xc1\x37\x56\x72\x7a\x9d\x74\xbc\x9e\x17\x98\x3e\xec\x08\xf8\x66\xb7\xc7\xff\xb3\x7f\x3c\xcb\x01\x41\xa8\x0f\xef\xf6\x32\x2b\x2a\xc6\x2b\x84\xce\x27\x97\xfd\x98\xd6\xff\x26\x9a\x41\xa0\xc3\x84\x82\xdb\x67\x98\x62\xa3\x8c\xd2"},
+{{0x1a,0xf4,0xcf,0x6d,0x24,0xab,0x37,0x82,0x86,0x7d,0x96,0xa1,0xc2,0x75,0xce,0xeb,0x02,0x2c,0x69,0x1a,0x30,0x8e,0x62,0x45,0x66,0x5d,0x61,0x6b,0xf6,0x7c,0x2c,0x32,},{0x19,0xd3,0x17,0xea,0x98,0xd3,0x5b,0xa5,0xfa,0x67,0xc1,0x2e,0xcf,0xb3,0x27,0x50,0xdf,0x27,0x5d,0x7a,0x45,0xb8,0xe2,0x11,0xa7,0xac,0x47,0xed,0xe7,0x71,0x2d,0x9f,},{0x7e,0xb4,0x6c,0xd0,0xde,0x31,0x55,0xb4,0x37,0x47,0xd7,0x32,0xf1,0x04,0x5d,0x8e,0xf7,0x44,0x92,0xad,0x82,0x7a,0x22,0x45,0xbd,0x17,0x10,0x28,0x28,0x44,0x2e,0x43,0xa0,0xce,0x7e,0x8b,0x26,0x8e,0xd7,0xfd,0x8d,0x3e,0x7b,0x28,0xf0,0x72,0x79,0x5d,0xa3,0xe0,0x70,0xf1,0x2b,0xc4,0xe2,0x3e,0xae,0xf5,0x7b,0x85,0x3c,0xee,0x88,0x0a,},"\xf4\x45\xfd\xcf\xe2\x8c\x17\xbd\x44\x27\xae\xa5\x67\x6c\x0e\x12\x80\x84\x15\x97\xe9\xd6\x6d\xe7\xd7\xa7\x17\x23\x11\x09\x39\xbe\xd0\x0f\x4e\xba\xf9\x60\x3d\x53\xc9\xcb\xf6\x27\x1b\xe5\x47\xaf\x29\xb2\xa0\x45\xec\x41\x28\x8a\x7b\xb7\x9d\x66\x2d\xc2\x10\xe2\x15\x95\x7f\xa8\x46\x88\xc9\x16\x54\x3e\x56\x17\xf5\x60\xe4\xd3\x8f\x73\xba\xef\xc3\x7e\x11\x91\x4e\x47\xc5\x15\x06\x78\x51\xe8\xed\x21\x39\x3e\x13\xdd\x19\xed\x9b\x73\xd9\x89\x45\xfc\x82\x6a\x25\x8e\x95\x7d\xc0\x83\xdd\x8e\x53\x5c\x30\xa5\x4b\x42\x66\xdd\x71\xd1\x13\xce\x85\x6b\x46\x28\x2a\x18\x03\x36\x27\xa9\x8e\x64\x72\xcc\xb4\x63\xed\x3d\x96\xfa\x7b\x35\x5d\x3b\x2c\x2a\x2b\x60\x10\xdd\x14\xf4\xea\x39\x65\xdd\x87\xbe\x1c\x42\x9b\xde\xa8\x30\x0b\x4b\x0b\x44\x45\x86\x35\xb4\x97\x9f\x5e\x3e\x8e\xb5\xc6\x18\xd4\xe1\x3e\x1d\x68\x8b\xf8\x8c\x7e\x4a\x3d\x93\x8e\x84\x33\x6d\x67\xbe\x68\xdf\x34\x35\xc5\xc9\x90\x86\x32\x1c\x02\xe1\x3b\x4a\x12\x52\x4b\x34\xe4\x6a\x0b\x4d\x27\xf3\x0d\x7e\xd4\xf5\xce\xcb\x36\xde\xad\xf0\x9e\x7e\xfc\xc7\x55\xca\x66\x75\x68\x29\x79\x14\xc6\xbc\x24\x06\x27\xd9\xd0\x9a\xac\xf8\x54\x15\x41\x2c\x06\x35\x62\x34\x53\x27\x8d\x9b\xf0\xe1\x0e\xec\x65\xfc\x72\xaf\xff\xfa\x93\x92\xdc\x78\x81\xd1\xe5\xc7\x60\xa4\x02\x80\xf1\x6b\x14\x75\x12\x7b\x91\xb6\x9c\xcb\x65\xdc\x4b\x35\xde\x10\xf9\x43\x25\xc0\xcb\xe1\xc4\x70\x19\xa2\xea\xf2\xb4\xba\x92\xd7\x85\x22\x9a\xac\xfa\xd1\x82\x6e\xbb\xde\xbe\xfb\x7d\xad\x4b\x05\xf8\x82\x43\xe1\x5f\x27\x97\x66\xe3\x32\x1d\xd8\xdb\xa6\x50\x44\x4d\x81\xfb\x08\x78\x76\x7a\x9c\x63\x53\x4b\xb4\xba\x21\x28\x5a\x24\x16\xcb\x8f\x85\x6d\x11\xa9\x6e\x0a\x8c\x8d\xe1\xe1\xa7\x51\x32\xf1\x56\x4c\xd9\x94\x99\x56\x90\xbb\xed\x2e\xe1\x54\x53\x7f\xb6\xf2\x79\xfb\x09\xc8\xde\xa6\xf6\xaf\xab\xc6\x28\x56\xe3\xd1\x28\xfd\xfa\x79\xfc\x49\x76\x19\x3b\xb9\xb3\x36\x86\x1e\x47\xb5\x6d\xc2\x58\x23\x93\xd2\xe5\x44\x65\x1a\xc8\x5b\xc5\x8e\x9e\x6a\x94\xdc\x4c\x39\xc4\xef\x72\x53\x8a\x14\xf8\x56\xcd\x95\xc3\xe2\x79\x0a\xde\xe0\x3a\xb2\xe5\x2c\xa0\xae\x47\x1d\xe5\x02\xcb\x19\xe6\x76\xaf\x35\xf5\xf9\x3d\x84\x0f\xef\x96\x06\xcb\xe9\x2d\x8b\xc2\x50\x06\x10\x5d\x92\x34\x45\x88\x83\x88\x42\xc3\xbe\x50\x5c\x73\x50\xe3\x51\xb7\x35\xe6\xcc\x6f\xb7\x92\x75\xb2\x7b\xd9\xeb\xd3\x6b\xa4\xd0\x60\xac\xee\x73\xb5\xa3\x15\xce\xff\xab\x86\xd0\x6f\x21\x68\xa6\x70\x65\x57\x81\x96\xa0\xed\x04\xa4\xdd\x71\xd6\x73\x48\x37\xdb\x08\x38\x57\xab\x1e\xb5\xe0\xee\xc4\xff\xba\xc9\x54\x4f\x4e\xc1\x9b\xde\x19\x4d\xf8\x4b\x1c\x84\x83\x41\x57\x4b\xf1\x0d\xae\xe8\x5b\x81\x78\x19\x6f\xb6\x08\x12\x3a\x80\x81\x71\xd7\x3c\xe4\x20\x6a\xd6\x52\x16\xad\x1a\x5c\xbd\xe4\x0b\x19\xd6\xae\x7f\x40\xdf\x97\xab\x84\x32\xe2\xc5\x3a\x50\x4e\xd1\x22\xe2\x5f\xb7\xa5\x1c\x14\x35\x4a\xb3\x92\x8e\xde\xb3\x9c\x29\xeb\x24\x6b\x74\xa0\x76\xf8\x9d\x03\x50\x4f\x40\x1b\xd1\x76\xb5\xcf\xfe\xe4\xb9\xdb\x09\x7c\x45\x76\x4f\x51\xaa\x37\x67\x04\xb5\xa7\xf2\x10\xb3\xf1\xa9\x05\xe2\x5d\x67\x00\x2f\x65\x57\xeb\xb7\x49\x73\x7c\xda\x31"},
+{{0x2a,0xac,0xc8,0x19,0x7f,0xf8,0xfa,0xe1,0xc1,0xcf,0x38,0x62,0xe3,0xc0,0x4a,0x21,0x78,0x29,0x51,0xf8,0xe4,0x8e,0x40,0xb5,0x88,0xf8,0xbc,0x74,0x60,0xc3,0x0a,0x03,},{0x9a,0x1b,0x01,0xe2,0x15,0x4f,0x1c,0x36,0xa8,0xe1,0x6b,0x79,0xee,0x7d,0x2d,0x05,0xb8,0x71,0x2e,0x0d,0x27,0xa0,0x61,0xa6,0xd4,0x1d,0x47,0x57,0x78,0xb0,0xdf,0x8c,},{0x64,0x7c,0xdd,0x6c,0x1a,0x67,0x29,0x0e,0x57,0x67,0x6a,0x78,0x11,0x3a,0xaa,0xdc,0xa6,0x9a,0xc5,0x7b,0x99,0x77,0x15,0xc5,0x09,0x89,0x5b,0x8c,0x5c,0x94,0xe8,0x2c,0x0b,0x6a,0xce,0xcc,0xf3,0xba,0x8b,0xd7,0xcf,0x61,0x75,0x2b,0x1b,0x19,0xd1,0x3b,0x49,0xf1,0x5f,0x8b,0xfa,0x04,0x6e,0xb4,0x42,0xa5,0x5c,0xd5,0xba,0xb1,0x42,0x02,},"\x5d\x82\x75\x2c\xe5\xda\x31\x80\xfa\xf4\x78\x7a\xed\xfb\x19\x29\x4b\x43\x48\xa1\xd9\x20\x2c\x85\x39\x83\x31\x32\x3e\x0f\x42\xb0\x83\x52\x27\xe6\x8e\x11\x56\xf2\xd4\xba\x2f\xe4\x50\xe6\xd6\xef\x2b\x92\xd8\x9b\xbb\xe4\x09\x6e\x12\xca\x83\x97\xeb\x2f\x45\xe6\x76\xf1\x67\x3a\xa4\x1c\x95\x9f\xcd\x30\xd5\x57\x88\x53\xb5\xdb\xd1\xc0\xd5\xb3\xa0\xf0\xd8\x70\xec\xa7\x1e\xa1\x33\x90\x11\x1b\x25\x8f\x65\x48\xb3\x2f\x37\xa0\x5e\x97\x44\xa6\x56\xfd\x77\x8d\x65\x72\x19\x65\xc6\xd9\xb3\x28\x60\x0b\x45\x70\x47\x70\xe0\x4b\x09\x97\x90\xaa\x78\x84\xf0\x0d\x7b\xb7\x65\x9e\x33\x72\x10\xbd\xc2\x3e\xaa\x71\xd7\xb0\x16\x03\x0a\xca\x62\x23\xb5\x56\x9b\xdf\xc2\x90\x81\x1a\xac\x40\x95\x24\xdc\xcb\xf9\xba\xbc\xbe\x4b\xf2\x09\x46\xb5\x44\x31\x7c\xa6\xf2\xf9\x18\x31\xc7\x9f\xb2\x73\xb6\x40\x4e\xb4\xe6\x1e\x1f\x7b\x10\x6e\xbd\x0d\xb9\xf2\xb1\x97\x4d\x2f\x03\x1b\xce\x25\x80\x36\x06\x55\x2c\x34\x41\x65\x5e\xfc\xf2\xc7\xea\x52\xad\xcb\x30\x99\x3d\x85\xf2\xdd\xa7\x96\x03\xe9\x41\x5a\x02\x32\x45\xa6\x6c\x07\xa9\x56\x93\x31\x46\xf5\x3c\x99\x3c\x08\x89\x18\x08\xb8\x16\x6b\x30\x72\x1f\xbd\x1f\x8a\x1b\x93\x7d\x14\x07\x0d\x78\x6e\x9e\xb4\x51\xf2\xab\x51\x42\xf8\x3a\x60\xf3\x5d\x76\xad\x8b\x81\xd6\xa5\x7c\xf3\x68\xfc\x6f\xca\xcc\x0c\x47\x58\x44\x0d\x9c\xd5\x95\xb1\xb0\x94\x2a\x36\x55\xe2\x50\xda\x98\x3b\x72\x41\x54\x6d\xcf\xbe\x0a\xe8\x10\x77\x65\x02\x95\x40\x9f\xf9\xe9\x09\x77\xfb\x99\x60\xcb\xf4\x0a\x2a\xf5\x17\x74\x02\xba\x2f\xaf\x50\xdb\x6f\x1a\x73\x65\xcf\x99\xe9\x92\x42\x9e\x38\xdb\x43\xea\x83\xfd\xdc\x95\xa6\x48\x67\x6c\x0b\x16\xbc\x95\x2b\x15\xde\x99\xd5\x2f\x6b\x52\x33\xda\x4e\xae\x19\x78\xe8\xba\x25\xe6\x23\x5a\xfb\xc5\x11\xc7\x6c\x4c\x87\x4c\x92\x37\x92\x2b\x1c\xef\x08\x47\xd0\x7a\x80\x20\x0c\xba\xe3\xc7\xc8\x1f\xcb\xd0\xd1\x72\x52\xed\x8c\x61\xad\x19\x54\xfc\x86\x2e\x1e\x04\x44\x4c\x32\x08\x6f\xee\x38\x0d\x1c\x17\x54\x13\x22\xb9\xa6\x0d\xa6\x62\x35\x2e\x21\x0e\x9a\xe2\x15\xe3\x53\x29\x6d\xb9\x22\x33\x9a\xa1\x7d\x21\x73\xec\x31\xf1\xc5\x30\xa2\x4b\x1f\x34\x8a\x31\x57\x2e\x14\x69\xca\xac\x80\x8f\x9c\x76\xec\x27\x31\x87\x3b\x80\x3e\xad\x3e\x54\xea\x24\xbc\x24\x49\x9b\x97\x04\xb3\xbd\xce\x81\x38\x9b\x9d\x14\xd4\x95\x27\xc0\x4b\x3b\xb9\xe3\xba\x6d\x94\x6c\xea\x58\xcf\x78\x6d\x4d\x28\xb8\x9b\x41\xc5\x82\x74\x03\x5a\x86\x90\x5a\xd9\x57\x58\xc3\x16\x13\x66\xab\x93\xda\x81\xe6\xb4\xc8\x08\x36\x4e\x08\x7d\xae\xea\x4c\x4c\x5c\x2a\xa6\x87\x19\x37\xc5\xfe\xab\xa2\x14\x9f\x01\xf7\x38\xf4\x53\x96\xe6\x6e\xa8\x06\x32\x21\xe1\xc8\x1c\x05\x25\x5b\xa5\x64\xad\x44\x0c\xb5\xd0\x7c\xbd\x4b\xab\x94\x1e\xa5\x93\x24\x49\x30\xbc\x5c\x28\x9b\x31\x65\xd3\xec\x88\x47\xeb\xc4\xb6\x74\xc0\xa4\x9f\x91\x69\xad\xef\x78\x6d\x77\x67\xbc\x8f\x21\x3d\xb7\xd9\x5c\x06\xe9\x9b\xc1\x1e\x20\x00\x55\xb6\x5e\xb7\x9a\xda\xa0\x1b\xcd\x2c\x85\xda\x43\xce\x63\x70\xe1\x2e\x34\x9b\xf6\xd4\x75\x48\x7a\xff\xdf\x92\xe2\x0a\x3a\xcd\xed\x1d\x76\xf9\xe8\x3e\x91\x9e\x98\xde\xf1\x95\x07\x2a\x50\xd0\xc5\x71\xdd\x25"},
+{{0xff,0x86,0x21,0x56,0xc7,0xea,0xb6,0x81,0xc9,0x5e,0xff,0xf8,0x00,0x3e,0x00,0xa1,0x4f,0x1f,0x0d,0x50,0x5d,0x55,0x07,0xe6,0xe5,0xb3,0x91,0x79,0xdf,0x9b,0x1c,0xda,},{0xe1,0xb8,0x9f,0xb3,0x11,0x14,0xea,0x46,0x10,0x7f,0xfd,0x03,0x29,0xf1,0x06,0x64,0x28,0xde,0x54,0x70,0x8e,0xdb,0xec,0xf3,0xed,0x9d,0x47,0x08,0xcd,0x14,0x3f,0xe2,},{0x4b,0x81,0x37,0x04,0x2d,0x67,0x84,0x75,0x7d,0x4a,0x9c,0x06,0xbc,0x74,0x32,0xf4,0x80,0x9b,0x1c,0x6a,0x90,0x35,0x42,0x73,0x6d,0x9a,0x57,0x66,0x8c,0x20,0x84,0x5c,0x17,0xd4,0x68,0x55,0x70,0x85,0xc5,0x7f,0xb6,0x32,0x13,0xda,0xd3,0xbe,0x0f,0xa3,0x6a,0x11,0x8f,0x7c,0x1a,0xef,0xf2,0x56,0x2f,0xf4,0xb8,0x88,0x8c,0x26,0x90,0x0e,},"\xb3\xd1\xdb\x72\xa6\xa9\x85\xec\xd7\x0a\x2c\xff\x6c\x18\xc1\x79\xe2\x17\xd4\xf4\x10\xfd\x39\x34\x96\x96\x85\x90\x1b\xd0\x71\xbc\xe6\xc2\xfb\x67\x63\xe1\x0c\x6f\xa1\x6e\x75\xa1\x17\x60\x66\xb8\xec\x81\xae\x3a\x80\x39\xe7\x1d\xc2\xcd\xc6\x4a\x40\xfd\x62\xb7\xce\xe7\xbe\x4b\xa0\x33\x2f\xe4\x5d\x0b\x60\x15\x86\x52\xe3\x3f\x8d\x3a\xff\x3c\xb4\xd6\xb0\x21\x74\x4d\x0d\xd1\x78\xb1\xbf\x0a\x1c\xc1\xd3\xfe\x93\x21\xbe\x28\x42\x1e\xb8\x82\x63\xa1\x24\xf4\x97\x92\xd0\x79\x47\x5a\x8c\x55\x5f\xf5\x69\x08\x73\x51\x4b\x5d\x48\x3e\x53\x21\x7e\x0c\xbb\x12\x86\x2b\x85\x0f\xe3\x90\xc8\xf8\x30\x08\x08\x6e\x64\x9a\xc9\x04\xb0\x18\x35\x0a\xb4\x91\x57\xee\x9b\xca\xe6\xc0\x7a\x4b\x87\x8b\x48\xe2\x5e\x98\x4f\xbb\x4d\x36\xb6\x1d\x68\x9b\x13\x46\x8a\x28\xd1\xe3\x87\xe0\xe8\x86\x57\xf8\xc8\xac\x95\x86\xa6\xe2\x6c\xf9\x4d\xff\x6f\x82\x64\xe3\xff\x62\x58\x86\x5c\x6d\xcf\x85\x7b\x00\x14\x78\x86\xe1\x75\xdf\x04\x32\xe3\x2f\x04\x40\x0e\x29\x9f\x21\x18\x83\x12\xb3\x2d\xfc\x05\x0e\x7b\x7e\x87\xee\xaa\x0c\xba\xac\x6b\xe9\x93\x7a\x5e\x0c\xc3\x11\x13\xde\x7c\x8b\x23\x3e\x1c\xe8\xe5\xd9\xc5\x64\xfb\xe9\xf3\x7b\xbd\x41\x1d\xf7\xa5\xe4\x4e\x6c\x7e\xbb\x67\x6d\x85\x89\x4d\xcc\xf4\x86\x5e\x4d\xda\x0c\xad\xef\x2b\xbc\x55\x00\x0b\x3a\x29\xf1\xf7\x1e\xf4\x46\x1d\xdc\x3b\x33\x1d\x91\x56\x65\x34\xc5\xd6\xd8\x4c\x73\x13\x76\x29\x53\x20\xf8\x0a\xdc\x90\x28\x8f\x99\x53\x55\x4f\xcd\xf9\x21\x3d\xe6\xa9\x05\x21\x0d\x4c\x80\x64\xaf\x91\xcd\x98\x32\x5e\xf9\x18\x98\xd3\x3d\x70\x03\x82\x02\xe3\x2f\xb6\x70\x9c\xa3\xd7\x88\xfe\xcb\xd1\xb8\x41\xfa\x4e\x5e\x90\x62\xd6\x42\x67\xc3\x5c\xfd\x44\x4f\xb6\x9e\x2f\x60\x47\xf5\x8b\x1c\x2a\xf4\xcc\x7e\x4c\xac\x2f\x89\x08\x88\x36\x05\x92\x11\x3e\x96\xad\x3a\x85\x7e\xd0\x5e\xaa\xba\x6f\x91\x53\xef\x89\xb9\x3e\x00\xe8\x74\x37\x33\xec\x47\x2d\x9b\x0e\xec\x1c\xd8\xfa\x52\x42\x5c\x4a\x26\xbd\x7d\xf7\x3a\x27\x12\xbe\xbe\x51\xae\x3b\x25\xeb\x78\xdb\x82\x14\x90\x31\xfe\x7b\x28\x1a\xf6\xcb\x77\x14\xed\xf8\x9d\xe9\x15\xf3\x47\x0f\x15\x3e\xed\x7f\x45\x62\x43\xbb\x90\x34\x2e\x19\x0e\x64\x7f\x39\xe0\x46\x88\x3c\xe2\x8a\x89\x20\x03\x31\x5e\xa3\x79\x42\x9e\x95\x82\xa9\x35\xeb\x78\x96\x33\x96\xd1\x36\x84\x5f\x86\xc4\x66\xe8\xfa\xf2\x27\x2f\x43\xff\xef\xc2\xad\xa5\x60\x1f\x8a\x6b\x2a\xc4\xcc\x6b\x92\x82\x09\x17\xf2\xe0\x39\x3c\x8f\xaf\x98\x2d\x6c\x5f\x4f\x23\x0e\x27\xce\x22\x78\xa7\x23\x77\x47\xfa\x85\xa9\xc8\x57\xbf\x18\x02\xc3\xea\xe0\xd2\x35\xb5\xad\x58\x49\x7d\x66\xa0\xd3\xa9\xba\xeb\xcc\x41\x7f\x18\x33\xe9\xcc\x44\x60\xf9\x75\xd7\x28\x58\xcd\x11\x8d\x7a\xaf\xaf\x1c\x87\x82\x97\xca\xcf\x71\xac\x75\x67\x6d\xc1\xb4\xfb\x51\xc1\x77\x58\x10\xd0\x35\x37\xf2\xd7\x66\x27\x8b\x99\x71\xbb\x97\xd3\xc4\x9b\x51\xfe\xb2\x6d\x37\x5e\x0c\xb9\x10\x95\x74\xa8\x16\xf8\x4e\x76\xfc\x7e\xf0\x72\xd5\x79\x3c\x2f\x65\xab\x2e\xfd\x90\x52\xe6\xb8\x56\x9f\x28\x05\x86\x1c\x31\xa7\x34\x4a\x3c\x44\x06\x9a\x94\x32\x0d\x27\x4e\x27\x12\x71\xea\xfa\x3b\xfe\x64\xde\x75\x37\x84\x6a\x01\xe5\x1f\xda\xe0"},
+{{0x58,0x26,0x19,0xab,0x3c,0xf5,0xa3,0xae,0x77,0x66,0x88,0xbf,0x6d,0xba,0xcb,0x36,0x33,0x0a,0x35,0xad,0x75,0x24,0xe4,0x9e,0xf6,0x63,0x68,0x77,0x64,0xcf,0x6e,0xc7,},{0x20,0x02,0xea,0x0a,0x38,0xa3,0x27,0xe0,0x38,0x4a,0xea,0xe4,0x68,0xdb,0x0f,0x6c,0x85,0x16,0xa6,0x96,0x09,0xaf,0x9e,0xee,0x93,0xe9,0xec,0xb9,0x4b,0x44,0x9c,0x66,},{0xfe,0x97,0x01,0xda,0x1a,0xa8,0x1c,0x55,0xba,0xc3,0x36,0x38,0xf7,0x75,0x54,0x2b,0x80,0x44,0x80,0xf3,0x4b,0x7b,0xfc,0x78,0xda,0x99,0x16,0xe5,0x24,0x6a,0x60,0x4d,0x39,0x0b,0xf9,0x20,0xc8,0x72,0xa7,0x79,0x24,0x24,0x6e,0xe8,0xd0,0x39,0x3b,0x20,0x2e,0x7b,0x25,0xb2,0x48,0x4f,0x65,0x4a,0xc3,0x67,0xcb,0x09,0x25,0xec,0xe3,0x05,},"\xca\x74\x28\x4f\x11\xc5\x6e\x25\x98\xd7\x8a\x4e\xcd\x03\xb4\x0e\x01\x7a\x55\x81\x76\x01\x2b\x26\xfd\xf6\x95\xc3\xde\x98\xa7\x4f\x8f\x40\xa4\x7d\x79\x78\xed\xc2\x4e\xe8\x09\x2b\xfe\x5e\x61\x59\x68\x34\xde\xed\x1d\x9d\x34\xa0\xf5\xcd\xae\xbe\x34\x21\xaa\x19\xe0\x12\xde\x86\x5b\x9e\xe1\xb7\x34\x79\xb2\xbd\x1a\xc9\x82\xf9\x7e\xd9\xc7\xcd\x20\x45\x9c\x60\xfb\xb1\x1e\x1e\x2b\x4e\xac\x5d\xb6\x84\x4c\x71\xd7\x29\x49\x50\x2b\xba\x50\x3a\xce\xc9\x05\xad\xba\x25\xf6\xb1\x19\xea\xf9\x63\x9f\xa8\xab\xb3\x02\xdf\xf9\x93\x2d\x85\x0c\xc4\x4c\x57\xcf\x90\xb2\xe5\x8a\x8b\x52\x51\xc1\x26\xa9\xe2\x8f\x5c\x76\x1b\x62\x80\xe2\xcd\xdd\x79\xcb\xd6\x8e\x53\xff\x4a\x62\x26\xd3\xbd\x4c\x96\x1b\x9b\x9e\x43\x45\xa2\x54\x58\x62\xc7\x97\x38\x66\xf0\x42\x0b\x89\x8e\x7b\xae\xa9\x0e\xa4\xee\x00\x40\x42\xef\x38\xa1\xfd\x95\x6a\x72\xfd\xf6\xfd\x43\x25\x7d\xa9\xfd\xb9\x66\x80\xef\x4f\xdf\x9e\x94\x3d\x26\x5c\xdc\xf2\xe5\x2e\x32\x01\xd5\x40\x8b\xc6\xce\x10\xe5\x70\x0a\xdf\x12\xb5\x5b\xa1\x4a\xa8\x29\xd8\x69\x1c\x31\xf2\x4f\xc4\xa5\x1c\xe6\xfa\xa1\xf3\xef\x2e\xad\x78\xe5\xe7\x53\x44\x6a\xd3\xfa\x4a\x84\xc1\x93\x97\x9a\xeb\xc8\x30\x9b\xad\x60\x81\x4f\x48\x59\xb9\x31\xd7\x04\x14\x76\x44\x91\xc6\xc9\xed\x8d\xb6\x73\xc5\x43\xd3\x51\x85\xcd\x28\x88\xaa\x21\xc1\xa9\x20\x34\x27\xe0\xac\x0b\x1f\xe3\x4c\x0e\x4a\x40\x01\xe0\x95\x6c\x13\xcb\x59\xa3\xba\xf8\x7c\x21\x09\xa8\x88\xa4\xc9\xe7\xaa\x48\x17\x67\xd8\x02\x0f\xf3\x5d\xd7\xc5\xcc\xec\x7c\x08\xe9\x71\xa7\xe2\x18\x13\x8c\x90\x54\x6a\x7d\xdf\x36\xad\x11\x4b\xe5\x85\x57\x43\x2c\x2d\xdf\x34\xce\xd3\x37\x9f\x70\xd4\x40\x7e\x58\x79\xf9\x84\x2f\x38\x17\x17\x05\x1b\x16\x85\xaa\x7a\xb0\xad\x38\x54\x1e\xc1\x68\xf5\x1c\xb6\x88\xf3\xcd\x1a\x01\x9a\x33\x6c\x9f\x4f\x3f\x82\xde\x78\x5c\x07\x48\x67\xfd\xc8\x80\x0f\xc7\x6f\xba\x04\xc8\xad\x8d\xe1\x0d\x2e\x9b\x43\x05\x81\xbe\x44\xc4\x1e\xcc\x8f\xc8\xa6\x16\x31\x43\x99\xd1\x8c\x64\x79\xf5\x7e\x57\x3b\x22\xa6\xee\x5c\xe2\xdc\xc0\x89\x48\xa0\xde\x1f\x0d\xd2\x5b\x65\x71\x5a\xb1\x8c\x70\xc7\x62\xfc\x3d\x7d\x60\x0c\xad\x63\x22\x60\x38\x50\x9c\x19\xab\x35\xb5\x49\x3e\xee\x73\xa7\x03\x73\x1e\xc5\x35\xc9\x0c\x6f\x06\xd9\x4d\x3e\x5f\x7e\x51\xa0\x9f\x9f\x8f\x42\xc5\x01\xb8\x50\x46\x86\x36\x5c\xee\xe9\xe0\xfe\x00\x13\x29\xf3\x03\x52\x21\x46\x71\x7c\x6a\x12\x58\xd0\xf1\x57\xcb\xea\x4b\x5a\x5e\x3d\x13\xbc\x90\x7e\x95\xfd\x6e\x8a\x71\x89\x6a\x02\xc3\x10\x6b\xd2\x6a\x51\x00\x51\xf1\xb3\x02\x58\xab\x27\xf8\x75\x67\x3b\x13\x37\xee\x36\xb7\x1a\x37\x6e\x0f\x9e\x78\x09\xa6\x7c\x67\xd9\xac\xc1\x6c\x25\x1d\xcb\x8c\x92\x6c\x8e\x93\x25\x16\xd3\x8b\x72\x33\xea\xc6\x15\x9c\x59\xca\xd0\x30\x7c\x59\x0e\x71\x31\xb6\x22\x19\x14\x5a\xaa\x35\x5b\xfb\x4a\xcb\x6a\xf0\xa5\x50\x00\x06\xcd\xd8\xb8\x13\xfe\x19\x08\x60\x2e\x08\x74\xc9\x62\x2b\xb3\x76\x73\xba\x1a\xcb\xa4\x14\x23\x16\x67\xbc\xc4\x90\x7a\xc8\x71\xf8\x7e\x6c\xe3\xf5\x91\xc1\x91\x71\x05\x7a\x9f\x45\x7f\x53\x62\xae\xda\x10\x5d\x18\xfb\x84\xf7\xd0\xf0\xa7\xda\x7e\xf8\xda\x91\x14"},
+{{0x2b,0xbd,0x83,0x0c,0xe7,0xde,0xf3,0xfe,0xce,0xa1,0xec,0xd6,0xea,0x0a,0xe9,0xc9,0xf4,0xfa,0x8f,0xfc,0x3b,0x1f,0x19,0x38,0xc5,0x05,0x05,0x1b,0xab,0x40,0xcf,0x7a,},{0x0f,0xdf,0xed,0x8d,0xe3,0xc1,0xea,0xf8,0x91,0xce,0x37,0xe3,0x4c,0xb4,0xa2,0x44,0x1c,0xbb,0xae,0x08,0x83,0x38,0x3d,0x70,0xde,0x24,0x64,0x85,0x0b,0x4a,0x64,0x2a,},{0x13,0xeb,0xc9,0x79,0xa8,0x87,0x10,0xe3,0xc5,0xf3,0x45,0xcf,0xbb,0x82,0x48,0x13,0xb3,0x08,0xa9,0xd5,0xc6,0xde,0xe3,0x28,0xbf,0xd2,0x35,0xa9,0x7d,0xe7,0xb3,0x26,0xde,0x6c,0x73,0x8f,0x96,0xf6,0x98,0x31,0x94,0x92,0x09,0x99,0x68,0x52,0xdd,0x9c,0x09,0x8d,0x58,0x08,0x41,0x87,0x09,0xf2,0xbf,0x51,0x0d,0x46,0xb7,0xf0,0x36,0x06,},"\x5f\x1e\xde\xaa\x3c\x0b\x2a\x63\x31\x1d\x97\xf1\xc5\x4e\x7e\x2f\x68\x71\x70\xe6\xb4\x6e\x21\x69\xcb\xf5\x6c\x66\xf2\x31\xbf\xc4\xa5\x76\xbd\x2b\x84\x20\xbf\x35\x7d\x3a\x90\xf8\xf3\x2e\xa1\xad\x99\x39\xb4\x67\x25\x4b\x66\xa1\xdf\x1f\x5b\x4c\xba\xc6\x3a\x5c\x27\x24\x26\x0d\x24\xd8\xdf\x8e\xdb\x58\xae\x24\x7a\x25\x91\xe9\x20\xb1\xa4\x20\xcf\x8d\x85\x39\xea\x57\xdb\x0d\xad\xff\x1a\xd3\xe9\x8c\x31\x72\xd0\x33\x16\x3c\xb4\x34\xa7\x66\xb0\xc1\x18\xa5\x6a\xbd\xcc\xe7\x9c\x82\xaf\x7b\xac\x74\xed\x0e\xa0\x24\xac\x4c\xe0\x22\x2d\x0a\xa9\x14\xf4\x32\x09\x2b\x1b\x51\x78\x04\xdb\x59\x18\xa8\x45\xe9\xcc\xa5\x5a\x87\xdb\x7c\x28\x52\xf7\xdd\x2e\x48\x36\x01\x85\xcc\x44\x2c\x79\x30\xaf\xe1\x5d\xd6\x22\xcc\x02\xbc\xd1\xee\x77\x8b\x59\x70\x5f\x14\x33\x32\x41\x58\x8a\x52\x2d\xe2\x44\x07\xe8\xe6\xe1\x0d\x5e\xf3\xa8\x8e\x3a\x3c\x44\x38\xc1\x7f\x75\x04\x67\x4f\xd7\xe4\x18\xcb\x2f\x77\xad\x0a\x56\xd2\x38\x67\x03\x15\x5e\x9a\x40\x1c\x43\xdd\xb5\x1e\xad\x55\x20\xaa\x7b\xa0\x38\xe7\xde\x53\x31\x41\x8a\xd5\x52\xbd\xcd\x18\x5f\x50\x3a\x85\x48\xf5\x5b\x63\x86\xe4\x68\x7c\xa5\x15\xf7\xc0\xee\xa5\x70\x98\x3b\xfb\x24\xbe\x16\xf7\xb3\x00\x3f\xb7\x56\xe3\x26\x56\x2f\x2a\x32\xfe\x65\xff\x84\x4c\x39\x84\xc7\x2e\x40\xdd\x49\xe4\xf3\xae\x8c\x0f\x81\x9a\x79\x39\xb2\xe7\x36\xe3\x81\xf5\x82\x3c\xbc\x61\xb2\xed\x01\xd9\xb0\x5c\xf8\xb1\x46\x48\xa4\x8b\x0d\x7c\xbe\x88\x2a\xc1\x6c\xad\xd8\xc4\x2a\xa2\xc7\x02\x46\x34\x7b\x4d\x84\x95\x36\xa7\xac\x22\xc7\x20\xda\x3c\xf1\x78\x72\x5e\xe5\x57\xa9\x2c\x25\xb1\x2b\x8b\x95\x6d\x3b\xf4\x80\x2e\x9e\x8a\x15\xb5\xab\x75\x42\x35\xcc\xa0\xe5\xb7\xe5\x5e\x4a\xec\xe4\x5a\x47\xe0\x84\xce\x14\x47\x44\x05\x98\xef\x5d\x4f\x5f\xdc\x2c\x98\xa5\xad\x13\x6c\xff\xbf\x87\xd3\xcf\x52\xf6\x73\x8c\xca\x79\x48\x35\x60\x92\x07\x8f\xdf\x25\x45\x77\xf5\x59\x69\xa0\xc6\x52\x46\xda\xc8\x09\xa2\xfc\xa1\xf6\x0a\x1d\x92\x98\x77\xb9\xa6\x54\x0e\x88\xa9\xe6\xe9\x15\x59\x38\xd2\x2c\x68\x7e\x63\xb3\x87\x53\x4d\x38\x5e\x89\x61\xe5\x88\x67\x43\xf9\x5f\x4a\x70\x80\xd9\x16\x62\x45\x17\xb1\x53\x36\x03\x0a\x46\x71\x4b\x16\x8b\x83\xd6\xf9\xcc\xe0\x60\x66\x49\xc0\x1f\x0a\x1d\x0a\x2a\x53\xf5\xe3\x78\xf6\xaa\x98\xc3\x84\xaa\xfb\x3e\xef\xdb\x34\x21\xfa\x3a\xc9\x8a\x0d\x3a\x9c\x02\x9c\x23\x00\xae\x02\x41\x06\x7d\x1a\x4f\xc9\x2e\x43\x86\x88\xea\x88\x9f\xcb\x1a\x1a\x9e\x86\x34\xb9\x16\xc6\x0b\xaa\x0c\x18\xbf\xcd\x13\x9b\xfe\x30\x17\xbf\xbe\x16\x29\x13\x43\xce\x86\x05\xbb\x78\x72\x55\x8c\x6b\x5f\xd5\x6d\xfd\x22\x15\x77\xed\xcf\xfa\xa8\xbd\xa3\x4d\x7a\x11\xab\x8c\xb2\x78\x28\x8e\x58\x34\x84\x26\x76\xfc\xcf\xfa\xa9\x11\x1b\xce\xd2\xb3\x57\x5f\xdd\x49\x62\x1b\x76\xe8\xd1\x29\xb6\x17\x00\xee\xab\x03\x14\xef\x94\xd5\x50\x50\x6a\x4b\x8d\x1e\xe6\x55\x08\xd8\x9d\x0e\x99\xe9\x33\x6b\x41\xd9\xf7\x4a\xa4\xd7\x22\x11\x4d\xe0\xf3\x1e\xcf\x00\xb0\x97\xf5\x3c\x9a\xca\x9c\x7a\x28\x5b\x58\xa3\x5d\x70\x29\x8c\x5c\x34\xf7\x4b\x4a\x70\x53\x08\x03\x31\x00\x34\x9f\x0c\x62\xf9\xc2\xeb\xf7\xde\xad\x0a\x77\xb2\x98\xeb"},
+{{0x1a,0x7a,0x3c,0x2f,0x54,0x81,0x13,0x1b,0xe5,0xf8,0x68,0x45,0x6a,0xa2,0xfa,0x90,0xe5,0x6d,0x52,0xcb,0x72,0x1c,0x71,0x84,0xeb,0xff,0x06,0xfe,0xd2,0xfe,0x68,0x5d,},{0x7c,0x2a,0xd0,0xf2,0xa5,0x70,0x55,0x03,0x26,0xfb,0x50,0xa8,0x50,0x83,0x58,0x21,0x67,0x6d,0xe1,0xde,0x12,0x7f,0x6d,0xe1,0x67,0x02,0x99,0xd8,0x14,0xf6,0xe3,0xce,},{0x97,0x61,0x60,0xfb,0x5b,0xbd,0xab,0xe5,0xc8,0x96,0x2f,0x23,0xba,0xba,0xcf,0x0b,0x0a,0xb4,0x1c,0x2b,0xb1,0x3e,0x9c,0x0d,0x44,0x90,0x67,0xb7,0xde,0xcc,0x7d,0xb4,0xe9,0x4e,0x76,0xa7,0x1b,0x9c,0x0a,0xc4,0xd6,0xaf,0x38,0x7a,0x72,0xa8,0xcd,0x73,0xe3,0xbc,0x63,0xb7,0xed,0x65,0x0b,0xee,0xbf,0x17,0x42,0x4c,0x49,0x0b,0xd6,0x0d,},"\xc6\x28\x34\xd9\xd5\x5d\x1a\x44\x03\xe9\x25\xd0\xa5\xb5\x52\xda\x17\x4c\x02\xf4\xe9\x45\xde\xc3\x38\xc1\xbb\xb2\xae\xb4\xff\x40\x02\x0e\xf7\x0f\xf5\x05\x20\x5c\xf8\x81\xb6\x29\x96\x0a\xbd\x62\x76\x4e\x5a\x54\xf2\xb5\x10\x56\x67\xb1\x1c\x7d\x5b\x7a\x4c\xcc\x3f\x48\x8b\xdd\xdb\x95\x8a\x7b\xe9\x54\x62\x07\xe6\xc4\x67\x18\x97\xc0\x53\x50\x8e\x1f\xd8\x32\x22\x13\x0a\x79\x33\x97\x6d\x2b\xec\x61\x4e\xd8\xf9\xb6\xa6\xb9\xf4\xef\xb2\xa5\x8b\x9d\x00\x5b\x94\x3e\x42\xf1\x71\xb7\x09\xa7\x31\x30\x70\xcb\x2e\x06\x8d\xa3\x9c\xf9\x99\x22\xb6\x9e\x28\x5c\x82\xad\x97\xf2\xd6\xc7\x79\x22\xca\xe2\xb5\xe3\x20\xe8\x35\x77\xc0\xd0\x88\x76\x1e\xc8\x81\x52\xc2\x97\x49\x29\x78\xa9\xd7\xa3\xff\x67\xed\xe4\x4c\x2a\x70\x7c\xf3\xe2\x35\x2e\x23\x2f\x53\xc8\x78\x2b\xa4\x89\x28\xa9\x7f\x8a\x36\xb2\x0a\x41\x68\x16\xe9\x45\x79\xb9\xd7\x25\x0a\x29\xdc\x84\x70\xf6\x3a\x70\x58\xe2\xd2\xa9\x9d\x6f\x0c\xcb\x53\x0d\xf5\x96\x95\x05\xef\x5c\x78\x44\xeb\x16\x7d\x20\xf4\x12\xa5\x08\xfa\xb1\xf8\xcd\x9c\x20\xc5\xeb\x9a\x41\x7a\x54\x12\xb5\xda\x6a\x57\x13\x57\x59\xfa\xb1\x7f\x63\x14\xf6\x8d\xf3\x5b\x17\x72\x42\x14\x43\x67\x6f\x31\x25\x79\xaf\x6b\x14\x11\x53\x5a\xda\x8f\x76\x01\x2b\x69\xbb\xeb\x60\xb2\x89\x7e\xe6\x60\x7c\xb3\x69\xcd\xf5\x2f\x4f\x6d\xdf\x88\xcd\xb2\x63\x0d\x78\x89\x6f\x13\x61\xfe\xa2\x2a\xe6\x34\x21\x76\x96\xff\x11\x4f\xb4\x2d\xbe\x4f\x43\x46\xf1\xbe\x5b\x57\xad\xb3\x84\xae\x7e\x49\xb4\x1f\x74\xb3\x1b\x9a\x62\xbc\x69\xdc\xa1\x65\x89\xc6\x34\xeb\x9d\x7c\x6c\x94\xf8\xec\xe4\x4b\x60\x62\x8f\x98\xe1\x02\x4c\xf3\x2e\x3e\x3d\xd6\xdc\xe5\x5a\x12\x22\x53\x2f\x49\x0d\x63\xe6\xa2\x75\x28\x1c\x0f\x3a\x6c\x10\x18\x91\xb8\xd5\x7a\x45\xde\x11\xde\x35\xeb\xb1\x51\xc0\xdc\xd7\x5e\x6c\x05\x0b\x3c\xd8\xba\xba\xe8\x45\xc3\x9f\x66\xc3\x6c\x77\xcd\xe0\x5b\x68\x3e\x4f\xb0\x10\x3d\x93\xe7\x65\x93\x35\xc8\x7f\xc0\xe3\x23\x5b\x2e\x82\x48\x8c\xda\xbe\xb5\xc5\xc8\x75\x80\x87\x45\xee\xa9\x2d\xe8\x6b\x8e\xfc\xb6\x3e\x16\xd0\x82\x91\x9a\xee\x2e\x92\x89\x9c\xb0\xbc\xf1\xc1\x42\x15\x77\xa4\xa0\xd9\xdb\x09\xee\x1f\x9f\xeb\x92\xa5\x38\x21\x03\xcf\x7c\x32\xcf\xe4\x63\x72\x5a\xe4\x86\x6d\xaa\xfe\xda\x05\x34\xc1\x69\xf8\xf9\xbe\x40\x4f\x3b\xaa\xe1\x23\xfa\x76\x8a\xce\x46\x17\x8d\x4b\x9b\xbc\x5b\xd7\xae\xec\x79\x03\xb0\xa5\xbc\x57\x53\x89\x86\xee\x09\xe0\x7e\x32\x07\x7b\x3b\x9d\xe5\x0d\xd1\x96\x7a\x37\x2c\x38\x5a\xc8\x86\x28\x7c\x18\x45\x1a\x64\xef\xb3\x7d\x05\x6f\x9f\x41\x94\xc0\x8b\x1e\x3e\xc9\x70\x22\x26\x7b\xf0\x04\x3c\x13\xd2\x6b\x9c\xe1\xf5\x39\x05\xf6\xe4\x1b\x3d\x99\xdc\x81\xb3\x31\x90\x9b\x72\x26\x66\xef\x24\x32\xe6\xaf\x8a\x45\x31\x07\x53\x12\x30\xce\x4a\x1a\xf8\xee\xd6\x26\xda\x22\x3d\xa7\x6b\x46\x50\x7e\x33\xd7\xcd\xbd\xe0\x2d\x41\x10\x40\xc8\x9a\x11\xd9\x51\x56\xed\x4a\xc2\x60\x5b\x82\x69\x39\xc6\xcf\x87\x7b\x4e\xe7\x36\xc5\xda\x77\xcf\x46\x50\xa9\x99\x7a\x3b\x9c\xf4\x6a\x82\xba\x2b\xc0\x13\x33\xc0\x44\x78\xb5\xc9\x2e\x24\x98\xbd\x00\x2f\x01\x31\x40\xae\xdb\x30\x1b\x95\x99\x3d\x1d\x75\x08\x70\xd9\x88"},
+{{0x19,0x1a,0x1d,0x90,0x32,0x1c,0x7f,0x4e,0x74,0x94,0xbb,0x98,0x29,0x09,0xa9,0xeb,0x40,0xc3,0x34,0x1d,0xd3,0x2a,0xe4,0xd9,0x67,0x50,0xb7,0xd0,0x29,0x66,0xb4,0x0f,},{0x95,0x62,0xd9,0xe2,0x13,0xf1,0x45,0xc4,0x56,0x93,0x5b,0x70,0x31,0xc6,0x80,0x66,0x9f,0x8b,0xbd,0x31,0xa4,0xc2,0xed,0x3c,0x91,0xc4,0x00,0x2a,0x56,0x29,0xe9,0x7b,},{0x74,0xcb,0x02,0x8d,0xc6,0xb7,0x5b,0x37,0xa1,0xda,0xea,0x1c,0xf8,0x84,0x65,0xdb,0x83,0xa0,0x09,0x3f,0xec,0xb2,0x2d,0x99,0xba,0x85,0x5e,0x9a,0xb5,0x9d,0x05,0xcb,0x22,0xc8,0x7d,0x0b,0x09,0xdf,0x7c,0x11,0x62,0x13,0xba,0xa8,0xf1,0x89,0xb2,0x70,0x3f,0xf9,0x53,0xcd,0x20,0x2e,0xb9,0xde,0xa3,0x97,0x6e,0xe8,0x8f,0x5f,0xa7,0x03,},"\x85\x89\x0d\xb4\xe2\xfb\xce\x09\x3d\xde\x5a\x80\xbf\x8f\xe0\x9a\x98\x4b\x83\xa4\x9b\x7c\xcb\x5d\x4b\x06\xcd\xaf\xdd\xd3\x82\xe4\xb8\xa8\xa5\x05\x30\xe8\x2c\x20\x06\x12\xc9\xd7\xd8\xa0\x89\xbc\x8a\xa8\x45\xc3\xcf\xcc\x38\xa6\x19\x5d\x21\xc2\x61\x8c\x3d\xba\x2b\x57\x09\x20\xec\xcf\xcd\x23\x6f\x17\xf0\x8d\x81\x42\x68\xf8\x82\x24\x2d\xdf\x07\x02\xda\x87\x85\xf4\x07\xaa\x8f\x86\xfe\xcf\xa9\x03\xc4\x8d\xa8\x3f\x83\x97\x77\xeb\x6b\x4a\x2b\xbf\x5d\xf7\xa4\xda\x53\x47\x5a\xf1\xff\xe4\x4b\x5f\xe0\x07\x2b\x8f\xbf\x3d\x26\xe6\xd8\x9e\xa6\x7d\x8a\xc8\x45\x94\x92\x89\x0a\xda\x65\x7e\xb3\xdc\x24\x92\xb8\x8d\xe1\x75\xb4\xbb\xa1\xa5\x08\x06\x4d\x61\x96\x74\xaa\xae\x2a\xf0\x9d\x31\xa5\xc2\x7c\x8d\x5d\x5a\x29\xb0\x37\x79\xf4\x28\x6b\x89\x66\xce\x40\x7e\x6f\xf6\x92\xfb\x94\x25\x20\xa9\x93\x8d\x69\xcc\x70\xac\xb0\x6b\x01\x4b\x6d\xfc\x19\x83\x42\x06\xcf\x1a\xc6\xc4\x48\xae\x6f\x07\x80\x25\xb5\x5f\x3d\x82\x72\x01\x26\x8a\x92\xad\xd9\xad\x17\x8e\xf7\x6a\x29\x89\xfe\xdc\x6e\x39\xf4\xeb\xb9\xf9\x6c\x9b\x83\x52\x69\x4f\xa5\x4f\xa0\x22\x01\x9c\x0e\xc0\x01\x2d\x0d\x76\x9e\x23\x67\x80\x3f\x92\x5f\x17\x5f\x9f\xb9\xcb\xec\x4a\x0c\x9c\x1e\x2c\x83\xea\x57\xe6\xa9\x2a\x17\xf5\x55\xca\xb9\x34\x27\x1e\x72\xc8\xcc\x32\x15\xfc\xb8\x7c\x20\x53\x9b\xf1\x42\x77\xb1\xbf\xbd\x6e\x58\x80\xef\x95\x3f\xc7\x5f\x23\xc0\xdd\x4f\xcc\x1e\x0b\xe3\x40\xaf\x94\x7d\xe0\x2e\x87\x7f\xd5\xc7\x7d\xd1\xdf\x7b\x41\x4b\x5c\x0b\x40\xc7\x49\x56\xa5\x45\xa1\x15\xb0\xc6\x99\x3a\xb2\x33\xb7\xe7\x2c\x82\x2b\x6b\x33\x81\xbb\x1f\xc1\x08\x75\xbf\xfe\x3e\x2e\xd1\x19\x0f\xa3\x3f\xc1\x5d\xa0\x83\x79\x4f\xcc\x2c\x5b\xf5\xa0\x79\x09\x06\x3c\xb2\x89\xa0\x8a\x2c\x8a\x33\xd3\x43\x84\x2c\x2d\x6a\x3c\xfa\x2a\x16\xca\x2e\xaf\xca\xb7\xea\x10\x0d\x1c\x71\x4b\xaa\xbb\x71\x49\xf0\x7e\x25\xde\xe3\x23\xe7\x80\x75\x7d\xfa\x80\x16\xfa\xa7\xc0\x62\x62\x22\xc3\x65\xf8\xf2\xf6\x68\x7d\x1d\xed\x23\x4f\x79\x9c\xc5\x0d\x1c\xd2\x6b\x4c\xfa\x40\x45\x91\x70\x56\xfc\x79\xc3\xb8\x8b\x2b\x19\x08\xe3\x72\xdf\x66\xda\xc8\x73\x46\x31\x64\x83\x49\xbc\x37\xfa\x34\xb2\x5f\xff\x3b\x07\x47\xb6\xbc\x16\xb9\x4e\x3e\x58\x95\xe4\xbb\xd9\x3d\x47\x8a\x6c\x1f\x75\xe4\xfa\x30\xfa\xa9\x22\x04\x9e\xd4\xc5\x0f\x12\xf4\xb3\x12\xa8\x97\x4d\x0f\xed\x8d\x44\x25\x5d\xcb\x2b\xf0\xfe\xbe\x47\xfb\x3f\xb8\xed\x99\x03\xb5\xba\x4c\xa1\x8e\x3c\xc6\x76\x2c\xfa\x1e\xaf\x04\xdf\xa9\x44\xd4\x96\xe0\xfe\x8b\xb7\xdc\x04\x54\x51\x39\x6b\xfa\xba\x54\x85\xd9\xd5\xf3\x91\xa9\x54\xc3\x71\x42\x53\xcc\xd9\xb1\x99\x64\xd4\x28\x06\x80\x72\x07\x83\x03\x6b\x3a\xbf\xaf\x28\x84\x58\x3e\xa5\xbd\xbc\xf6\x9d\x08\x89\x7a\xb2\x88\x31\x46\x35\xab\xb4\xc2\x96\x4b\x71\xad\x92\x91\xfe\xb5\xb6\x1f\x80\xe9\xb0\xcc\x07\xf9\x12\xa8\xe5\x59\x8d\x55\x48\xde\xfe\x0e\xea\x1c\x44\x85\x73\x71\x0a\xac\xdd\xb1\x52\xf9\x3c\x7c\x6f\xd3\xf7\xe4\xed\x9f\x74\x42\xa6\xb9\x00\xf2\x3c\x3c\x54\x4c\xe5\xc9\xba\x5f\x5e\x92\xaa\xfd\x11\xc9\xff\x5f\x79\xc0\x8b\x9d\x04\x5f\xef\x07\x97\x06\x25\xf6\x2e\x2f\x43\x34\xa4\xd6\x64\xca\xf7"},
+{{0x62,0x85,0x63,0xaa,0x3e,0xe2,0xfc,0x61,0x1b,0xcf,0xf7,0x8b,0xfb,0x2a,0x75,0xe9,0xfd,0x87,0x80,0xe8,0x7a,0x93,0x94,0x99,0xa6,0x1b,0xea,0xa6,0xa4,0xb7,0x19,0x13,},{0xda,0x20,0x61,0x6e,0xe4,0xa4,0x1c,0x2e,0xbf,0xdc,0x50,0xab,0x54,0x95,0x3b,0x6d,0x38,0x7b,0x06,0xc6,0xde,0xf7,0x57,0x96,0xb0,0x88,0x09,0x56,0x5c,0x6c,0xf8,0x05,},{0xc9,0xa6,0xaa,0xa9,0xb4,0xe1,0xcc,0xe1,0xb5,0x84,0x45,0x72,0x5f,0x61,0xf5,0x52,0xc8,0xfb,0x45,0x83,0x1f,0x03,0x48,0x27,0x98,0xf0,0x1f,0x66,0x3e,0x99,0x83,0xdb,0x1a,0x82,0xfd,0x33,0xab,0xa3,0xec,0xcb,0x96,0x22,0x64,0x26,0xd5,0x0a,0xe1,0x7c,0xc5,0x12,0x74,0xce,0x18,0xa3,0x88,0x60,0xf4,0x0b,0x2f,0x82,0x36,0x1b,0x5c,0x03,},"\x05\x6f\xb9\x54\xfb\xe6\xa6\x01\x4f\xad\xac\x1e\x1a\x9f\x56\xcc\x08\xaf\x37\x34\x8e\xba\xf6\x92\x06\x83\x38\x4e\xfa\x47\x62\x6c\xcd\xdf\xea\xd2\xd5\xe9\xe8\xcf\xff\x45\xf7\xac\x63\xde\x63\xf6\x9d\x12\x84\x8c\xe3\xc0\xef\x1f\x53\x0a\xde\x43\x0f\x0a\xfd\x5d\x8e\xcf\xd9\xff\xd6\x0a\x79\x74\x6a\x2c\x5b\xee\xdd\x3e\x67\x24\x99\x82\xf8\xb6\x09\x2e\xe2\xd3\x40\x47\xaf\x88\xa8\x1f\xea\xb5\xd5\x2b\x47\xd5\xb3\xf7\x6c\x20\x41\x72\x5f\x6f\x81\x32\x93\x05\x0a\xaa\x83\x4b\x01\xa3\xa5\x8f\x69\xaa\x4a\x8c\xa6\x1f\x5b\x74\x6f\x60\x0f\x3d\x45\x2c\x62\x82\xff\xdc\xa4\x42\x9b\x93\x38\x96\x7b\xa3\xa7\x26\x66\x90\xae\xc7\x5e\xbf\xbf\x7b\xe9\x8d\x99\x9b\x03\xed\xdc\x72\x92\x58\x1b\x0d\x69\xe3\x0a\x03\x51\xa1\x51\xdb\x70\x41\x2b\x0b\xfd\x43\xd3\xba\xa9\xd4\x56\xcb\x3e\x0b\x4f\xc1\x9c\xb0\x9e\x6c\xad\xcb\x6d\x3f\x3b\xe5\x13\x7c\xc7\xa8\xd3\x21\x9e\xc2\x03\x6e\xc6\x70\xed\x7e\xc5\x23\xb1\xb1\xc6\x87\xb5\x46\x53\x07\x88\x2f\xe3\x8d\x74\x72\xd0\xba\x87\xa4\x71\x86\x83\x09\xd2\xf7\x73\xff\x24\xc8\x7d\x39\xc1\x6b\x70\x8a\x4e\xd9\xaf\x43\xf7\x4c\x8d\x85\xcf\xe8\xab\x54\x06\x90\x7e\x94\x1a\x14\x97\x0e\x20\x9c\x29\xff\x7e\xd8\xa2\xf9\x35\xae\x41\x70\x9f\x27\x0d\x0d\x08\x55\x5e\xf7\xaf\x2e\xdf\xe4\x0d\xf3\x99\x22\x3c\x78\x5a\x43\xe7\xf3\x69\x15\x89\xe2\xea\x4c\x03\x6f\x11\xd0\x3d\x7d\x1e\xea\x14\xf6\x20\x03\x53\x25\xcf\x2b\x33\xba\xf3\x86\x39\x3e\x8a\x97\x2a\x7a\xf6\xcd\x9b\x85\x43\xb3\x2e\x25\x33\xd1\xfc\xc3\x17\x7f\xd9\x6d\x1e\x13\xbf\x8b\x68\xde\xb2\x22\xf9\x44\x97\x26\x5d\x3c\xcb\x34\x57\x51\xbd\x5b\x66\x90\x78\x08\x19\x98\xd6\x08\xca\x5f\xdc\x13\x48\x39\xd4\xed\x2b\xeb\xb2\x95\x2f\xea\x5a\x39\xc6\xf0\x33\xc1\x55\x8f\x69\x8c\xe4\x94\x6e\x4f\x6c\x08\xaf\x87\x4f\x27\x35\x7f\x87\x0e\xbe\xeb\x21\x99\x97\x6f\xfa\xef\xac\x95\x1f\x8e\x17\xfe\x7d\x08\x21\xe1\xb9\x2a\x90\xaa\x4e\x9d\xef\xd3\xfa\xfd\xa0\x52\xa4\x44\x47\x6d\xb1\xce\x38\xa9\xe1\x76\xe8\x41\x18\x9a\xbd\x8f\xec\xde\x0f\xbc\x5c\xb5\x5f\x51\x1f\x5f\xde\x07\xea\x97\xde\xb3\x9b\x7a\xa8\xdc\x84\xa3\x94\x6a\x6c\xf9\x26\xd3\x9b\x95\xc1\x1a\xf9\xd6\x4d\x98\xb8\x07\xf4\x70\x4d\x0a\x2b\xda\x97\xda\xd9\x88\x1a\xda\x1b\xf6\x63\x63\x66\xe6\x0a\x52\x2b\x48\x21\x04\x78\x61\xc7\xaa\xe2\x14\x6a\x02\xee\xf6\xb2\x5d\x51\x37\x1a\x0f\x17\xd2\x4b\xc1\x87\xdc\xdd\x05\xd5\x41\xc2\xf7\x22\x01\x42\x79\x15\xa3\x92\x8c\xd3\x78\x68\x91\x03\xac\x50\xb3\x3f\x87\xa4\x7e\x8c\xdf\xa6\x87\xa5\xf0\xaf\x8a\x56\x73\x1d\xab\xe6\x62\xf4\xf2\x83\x6d\xe0\xba\x8f\xaf\xd8\x6a\x38\x54\xbc\xa0\x12\xd7\x08\x8a\x00\xb9\x85\x4c\x2d\x3c\x70\x8d\xdf\x58\xfa\xa3\x55\xa8\x9a\xfc\x2c\x80\xf3\xf5\x33\x6d\xa0\x1d\x72\xa2\x77\x1a\x05\x58\x13\xfb\x35\x33\x0f\x7d\x2e\x01\xb1\xd1\x2d\xaa\x95\xed\x55\xd3\xbd\xc5\xdf\x77\x39\xcb\xc3\xca\x09\x7a\x41\xb6\xb2\xbd\x7f\x0f\xf9\xdd\x1d\x86\x58\x98\x3b\xa3\xff\x79\x20\xc1\x5f\x29\x2a\x1e\xf9\xfc\xad\xa1\xc6\x07\xec\xb4\x5d\x3a\x73\xc9\xff\xd4\x2f\x3e\x16\x02\x2f\xdf\xe1\x27\x44\x92\x63\x95\xf7\x4f\xb3\x11\x17\x93\xfa\x92\x81\x82\x1a\x66\xa0\x1d"},
+{{0x91,0x41,0xf7,0x9e,0xd3,0x0b,0xf6,0x00,0x61,0x1a,0x13,0xf3,0x67,0xb4,0x03,0x96,0xf2,0xec,0x83,0x9c,0x56,0x12,0xbb,0xf1,0xe6,0xe4,0x97,0xf8,0x39,0x54,0xbc,0x88,},{0xf1,0x4e,0xda,0x96,0x26,0x40,0xbe,0xcb,0x66,0xc4,0xd1,0xf1,0xa0,0x21,0x11,0x02,0x51,0x91,0x7b,0x8b,0x1d,0x34,0x82,0x82,0x98,0xd3,0x21,0x45,0xba,0xf6,0xe5,0xd9,},{0xcf,0x20,0x2d,0x7f,0x2f,0x9e,0xd1,0x17,0xf4,0x29,0x50,0x2b,0x2a,0x5a,0xff,0x54,0xa7,0xf7,0x51,0xd2,0x17,0x15,0x15,0xa4,0xd2,0x03,0x75,0x34,0x46,0xdf,0x0e,0xba,0xc8,0x69,0x84,0xc8,0x8b,0xd4,0x2b,0xd1,0xfb,0x8d,0xcb,0x40,0x87,0x76,0x72,0x2a,0x38,0xf3,0x2c,0xce,0xb2,0x5f,0x32,0xa2,0x5d,0x73,0x93,0xf1,0x38,0xee,0xdf,0x0a,},"\x8f\xec\xaa\x7a\xe9\xa3\xd4\xa4\x85\x1a\x66\x36\x2b\x36\x6e\x16\x7b\x9f\x43\x00\xfd\xab\x20\x56\x54\x75\x19\x87\xf0\x85\xde\x61\xbe\xc9\x34\x4a\xa8\x6f\x5e\x5c\x64\x77\x51\x4c\x28\x04\xce\xd7\xac\x0c\xd0\x62\x85\x29\xa3\xa1\x59\x92\x36\xed\x67\xbe\xbe\x1f\x2e\x95\xaa\x15\x1f\xe0\xf3\xb3\x01\x1a\x1d\x4b\xe9\x90\x1c\xaf\xab\x2f\x18\x91\x90\x4d\x4b\xff\x01\x28\xc1\xd3\x5e\xce\xcb\x32\x2b\x3c\xc0\x1d\xac\xc5\xae\x3d\xca\x69\x14\xa7\xd3\x4d\xa8\xc9\x65\x7b\x95\x0f\x89\xd1\xd6\xae\xc3\x29\x9b\xb6\x90\x11\x10\x71\xfa\x87\x28\x27\x74\x94\x3d\x96\xa4\xab\x7c\x3d\x6d\xe7\xd1\xbf\x11\x93\x63\x06\x8c\xc8\x2d\x45\xe4\xb7\x64\x54\xc6\x08\xbc\x35\x66\xb7\xf9\xb3\x85\xcc\x7e\xb3\x8e\xe4\x29\xaf\xc2\xda\x99\x66\x9f\xc5\xc1\xbe\x82\x16\x1a\x1b\x0c\x33\xf7\xba\x9a\xd4\x41\x9d\x20\x62\x97\x19\x01\xdb\x00\x3b\xfa\x23\xc4\x47\x14\x99\x5c\xb0\x6b\xfa\x96\x6e\x50\x23\xaa\x93\x46\xfd\x37\x5a\xe2\xa1\xe8\x40\x84\x31\x4d\xf3\xf0\x8c\xe2\x08\x00\xc2\xc2\xad\xfb\xb8\x13\x66\xf6\xb1\x04\x24\x3d\x62\xd5\x04\x1e\x72\x73\x43\x3f\x17\x58\x1b\xf9\x3f\x4c\x61\x46\xfa\x96\x6f\x63\x8a\xb0\x7e\xa1\x66\x94\xa7\xce\x30\x5c\xc6\x09\xa6\xe1\x06\x23\xff\x7f\x6c\x79\x16\xb6\xe4\xdb\xde\xbb\x7b\x52\xec\xa7\xf0\xd5\x18\x7f\xf6\x64\xd7\xc3\x70\xed\x22\x88\x6a\xa2\x67\x13\x29\xd9\x28\xe0\xa3\xbe\xa3\xb4\x71\x1a\x12\x8b\x9a\xab\x90\x26\x6f\x86\x51\xd2\x20\xb9\xcc\x1c\xbf\x5b\x1c\xe7\x26\x59\x31\x80\x36\x90\xd3\x29\x1c\x01\xea\xd4\xdb\xc3\x32\x9a\x97\xe8\x5c\x4f\xe1\xd3\x56\x60\x8c\xc9\xe6\x0b\x05\xbc\x14\x83\x8a\x86\x08\x27\x9a\x00\x61\xde\x28\xff\x7b\x8e\x81\xf5\x9c\x8a\x8c\x55\x23\x92\x4c\x4c\x48\x5e\x6e\xa8\x0a\xc8\x17\x50\xbb\x0e\x41\x9e\xfc\x78\x58\xcd\x4a\xf5\x0c\x8b\x8c\x80\x65\x0f\xac\xab\x4d\x82\x58\xf9\xca\xfa\x03\x10\xa0\x07\xcc\xcb\xc4\x18\x5c\x82\xfd\x14\x6d\xf1\xd8\x11\x87\x9d\xa3\x65\x0d\x57\x16\xf1\x00\x4b\x71\xd2\xc7\xf2\xbd\x65\x03\xc3\x54\x58\x9f\x86\x02\xc9\x50\xa1\xf5\x13\x9f\x81\x14\x60\x75\x28\x80\xa3\x41\x11\x66\x30\xe4\xff\x84\x94\x8e\x74\xa9\xeb\x35\x0d\x64\xd8\x29\x30\x02\x20\x02\x33\xf2\x09\xb1\x7d\x78\x89\x7c\x7c\xe6\xce\x29\xe2\x9f\x82\xd4\xad\x6c\x61\xeb\x79\xf5\x73\x9c\xb6\x68\xb2\x1a\x74\x55\x55\xc9\x6e\x19\x52\x68\x45\xe8\x2c\x6e\xd2\xb1\xc6\xbd\xd6\x36\x4b\x8f\xc7\x9b\xa9\xa3\x2d\xbd\x3f\x8b\x97\x5e\xb9\x23\x62\x39\x58\xae\x0d\xaa\x4f\xfa\x13\x92\x17\xc0\x0e\x02\x1f\x93\x7e\x9b\x79\x1c\x37\x99\x1a\x35\xe5\x23\x1a\x19\x14\xc0\x45\xa7\x87\x43\x2f\x97\xb8\xe2\x06\x3d\xb1\x05\xe1\x4d\xa9\x79\xc1\xc4\xcb\xa7\x85\x21\x0e\xb0\x20\x11\x33\x4b\x23\x0c\xfb\x68\x31\x99\x8c\xcc\xe2\x53\x86\xf4\xf3\xba\x0d\xce\x20\x06\xe9\xc3\x94\x0b\x4d\x5a\x56\xaa\xcc\xdc\xab\x02\x71\x86\x89\x81\x63\x60\xf1\x88\x52\xfd\x19\x98\xa9\x9f\xce\x9a\x04\xda\x3f\x5e\x23\xaf\x94\xc6\xe8\xa5\xba\xdf\xd3\x93\x04\xb9\xe2\xa3\x76\xa1\xf9\xba\xc0\x9a\x85\xbd\x04\x24\x76\xe2\x6b\x58\xec\x73\xf1\x23\x6d\x41\xab\x4b\x4e\x7a\x54\xde\xf9\xd6\x6a\x38\xf8\xe5\x46\xde\x7b\x38\x8e\x1e\x7d\x66\x81\xe5\xe2\xa0\x96\xf1\x60"},
+{{0x69,0x5c,0x96,0x0b,0xbb,0x0d,0xd5,0x7f,0xfa,0x36,0x15,0x1c,0x85,0xde,0x73,0x51,0x54,0xfe,0x5a,0xd5,0xf5,0xfc,0x77,0xd0,0x05,0xa0,0xa3,0x20,0x11,0xde,0xb3,0x0c,},{0x34,0x12,0x5e,0x4e,0x21,0xf7,0x89,0xed,0x0e,0x11,0x80,0xc1,0xf6,0x36,0x9c,0x72,0x1d,0xca,0xe9,0x85,0x9b,0x6f,0x7b,0x04,0xf9,0x57,0xe5,0x10,0x01,0xee,0xde,0x8a,},{0x4a,0xf4,0x1c,0x55,0x4d,0x99,0x08,0x12,0x68,0x6c,0x32,0x9a,0x87,0x5c,0x41,0xee,0x24,0xb4,0xa7,0xfd,0x7b,0x3d,0x4f,0x8c,0x8d,0x52,0x75,0xf2,0xe7,0xcb,0x24,0x2b,0x25,0x8b,0x58,0x58,0xa4,0x66,0xde,0x59,0x5c,0xe2,0xa2,0x17,0x7e,0x35,0x1c,0x7f,0x08,0xc7,0xfc,0x4e,0x0b,0xf9,0x7e,0xc5,0xfb,0x2d,0xcb,0x82,0x52,0xd2,0xc9,0x0a,},"\x37\x06\x69\x6c\x7a\x90\x66\x90\xd0\xd3\xb7\x1e\x7e\x21\x1c\x7b\x06\x71\x68\xf3\xa8\xf1\xed\x98\x4a\x0a\x5e\x60\x78\x59\x76\x62\xe4\xe7\x88\x9d\x52\xdb\x0f\x78\xe0\xd5\xef\x0e\x5f\x7a\x0a\x0f\x42\x63\xb6\x84\x8b\x07\x25\xca\xa4\xb1\xce\xa6\x98\x74\x09\x51\x1c\x8e\x5e\x98\x2d\x3f\x5b\x82\xbb\x56\xa4\xa7\x94\x71\x21\x93\x7f\x8e\x10\x5c\x5a\x14\xb5\x3e\x6c\x37\xcc\x71\x6b\x1e\xba\x92\x24\x21\x82\x8b\x04\x6f\x68\x56\xc4\x4f\xab\xf1\x3a\x75\x16\xc6\x2a\x5f\xf9\x85\x68\x45\x0c\xee\x78\xb1\x40\x33\x50\x47\xbf\x1c\xa7\x7e\x15\x49\xa8\x94\xfe\xeb\x07\x80\x45\xe4\x64\x18\x32\x25\x3b\xf6\x95\x48\x54\x52\xec\x36\x90\x65\xa6\x00\x29\xa6\xc9\x07\x7a\x37\x9d\xb2\x04\x85\xea\x2e\xdb\x6c\x96\x95\x47\xbb\x26\x53\x28\x9b\xc6\xe8\x1f\xfc\xb8\x4b\xdb\xf7\x73\xdd\xea\x4b\x37\x50\xe9\xa7\x23\x95\xd1\x17\xf6\x44\xb0\xe2\x20\x61\xd4\xf3\xbb\x7c\x5b\x61\x2e\x4b\x70\x39\x5e\x07\x79\x51\x6b\x46\x65\x91\x16\x90\x2f\xd0\xfb\xcd\x23\x40\xee\xa4\x5e\x9c\x23\xdb\x25\x64\xa5\xe1\x1d\xc7\x9e\x8f\x4b\x33\x2a\x44\x3e\xc3\x5a\xad\x96\x04\xfe\x79\x12\x52\x08\x82\x95\xe8\x4f\x65\xa3\x07\x31\x25\x50\xd9\xeb\xf6\x1f\x36\x7e\x4a\x0f\x2b\x56\x23\xe5\x3e\xf6\xbc\x13\x28\x25\xfc\x24\xeb\xee\x4e\xbf\x33\x8c\xbf\xb5\xdf\x69\xb3\x2d\x03\x0d\x44\x7c\x44\xf3\x13\xba\x96\xfe\x07\xbb\xfe\x5b\x01\x66\xea\xec\xbc\x61\x9b\xb6\xb2\xe5\x92\x40\x10\xba\x3e\xc1\x50\xff\x6a\x69\xfe\xc4\xde\xd9\xc4\x42\xf9\x8c\x15\xe7\x7f\x31\x9b\x48\x43\xb3\xb7\x48\xb5\xd2\x60\x89\xa7\x6c\x2b\x83\x4f\xf9\x3c\x41\x3e\x04\xca\x95\x50\xcd\x21\x1c\xe2\xd6\xa5\x83\xd7\x82\x57\x50\x66\xdb\x6d\xd3\x3e\x8d\x5e\x83\x74\x35\x5d\x06\x8a\x5e\xb9\x6f\x8b\x3d\xa8\xdd\xdf\xb5\xba\xf5\xc5\x96\xda\xaf\x55\x6a\x8f\x2c\xb5\x78\x1e\x50\x42\x32\x7f\x92\xae\x06\x21\xea\xe0\x88\xb5\xf0\x13\x59\x2e\x77\x87\x3a\x81\xd7\xe0\x68\xd7\xb8\x33\x7d\xb9\xf1\x09\xa8\x35\xb4\x75\xe5\xca\xf7\xce\xa5\xaf\x3b\x4a\xd6\xd9\x0b\xaa\xf1\xc7\x36\x55\xec\x67\x67\x47\xfc\xdd\x41\x77\x5b\x4f\xbe\x39\x24\xc3\xf4\x1d\x8a\x73\x75\x28\xd1\x2d\x61\x56\x65\x3a\x22\x35\x8c\x68\x21\x42\x6b\x2c\x0a\x33\xe1\x63\x4c\x62\xc7\xc8\x38\x56\x49\xbc\x23\x3e\x7d\xaf\x94\x39\xf0\x9d\xb9\xbd\x11\xea\x01\xe2\x8b\x77\xec\xbb\xc4\x59\x0e\x29\xfd\xcf\x0f\xdd\xe1\x52\xf6\x47\x81\x32\xfe\x4c\x3a\x5b\x45\xa7\x30\x5a\xf6\xe3\x81\xca\xdd\x72\x49\x6e\x66\xbb\xb8\x66\xce\xa4\x7f\x7e\x7d\x7e\x63\x34\x16\x00\xaf\x3f\x49\xce\x9c\x9e\x4e\x37\x39\x4d\xf5\xdf\x71\xdc\x10\xcd\x39\x1f\xdc\xb8\xa1\x93\xdc\x98\xfc\x19\x05\x9f\xa3\xac\x23\x0e\xc5\x47\x6b\xf9\x4d\x85\x55\x6a\xce\x6e\x1b\xa3\x24\x21\xbf\x59\xdc\xbe\x05\xc5\xe1\x5d\x34\xc6\x64\x4e\x27\xd0\xa0\x2b\xe9\x7f\xa8\x38\x7e\xe0\x37\x06\xf2\x2a\x8f\x4b\x3b\x40\x40\xad\x7d\x3f\x8a\x86\x97\x1a\x20\xa0\x9e\xc8\x1b\x76\x96\xd8\x34\xc5\x26\xb8\xe5\x1c\xb9\x7d\x27\x64\x3f\x9a\xbf\x5e\x29\xff\xd0\x33\x3f\x95\xde\x15\xd1\x10\xc2\x06\x4c\xa4\x94\x67\xc1\x4e\xf2\x27\xf4\xba\xbf\x1a\x55\xe7\xb1\xcd\xa0\x42\x9c\xff\x25\x6b\xe3\x1c\xf1\x16\x71\x9a\x81\xb9\xc5\xfb\x75\xfd\xf6\x4e"},
+{{0x25,0xcb,0x17,0xfc,0x33,0xd2,0xbf,0x83,0x84,0xae,0x4d,0xf2,0x0c,0x1f,0xad,0x5c,0x35,0xfd,0x76,0x5a,0xff,0xde,0x04,0xb5,0x25,0x6d,0x4d,0xe0,0x1c,0xa8,0xde,0x14,},{0xb8,0x6c,0xa3,0x12,0xfe,0x59,0x85,0x20,0xc6,0x4b,0xe5,0xc7,0x2f,0x5b,0x23,0x81,0x65,0x07,0xf6,0x9e,0x07,0x0f,0x82,0x8e,0x02,0xd2,0xaf,0xcf,0xe1,0x1b,0xfa,0x01,},{0x8c,0xcb,0x0d,0xbc,0xf7,0xcc,0x03,0xe8,0x3e,0x21,0xc5,0x74,0x74,0xaf,0xd3,0xad,0x88,0x98,0x09,0x7b,0x97,0x2e,0xde,0x17,0x5a,0xca,0xae,0x48,0xe3,0xec,0x17,0xb2,0xdb,0x06,0xfc,0x82,0x77,0x6b,0x07,0x51,0xc0,0xf9,0x56,0xfd,0x71,0x96,0xf3,0xd1,0xc9,0x63,0x21,0xa6,0xcf,0x3d,0x89,0x24,0x15,0xd8,0xf8,0xee,0xb4,0xa1,0x41,0x08,},"\x4b\x4a\x71\xcb\xf8\xcb\xaf\x57\xa7\x7d\x4e\xa1\x88\xa6\xf9\x64\x84\x0f\x0d\x71\x4a\x5f\x38\xa0\x95\xa1\x3b\x4e\x57\x12\x97\xa8\x8b\x79\x24\x17\xd1\x61\x84\x42\x7f\x90\xe0\x43\xdd\x8a\x55\xb7\xf1\xc1\x3e\x00\xdf\xa6\x05\x16\x44\x5c\xbe\x77\x06\x8c\x79\xc8\xc3\x5e\xbe\xac\x33\x0c\x33\xf1\x12\x1d\x05\x73\x1a\x8f\x51\x32\xd6\x48\x00\x73\x27\x46\x41\x19\x5a\x75\x20\x21\x16\xff\xf1\xc3\x18\x81\x71\x78\xfd\xd7\x68\xbb\xdf\x10\x5f\xa0\x69\xc7\xa3\xd1\x43\xfd\xf5\xd1\x7b\xfa\xd7\xc0\x62\x4e\x52\x92\x06\x8f\xd7\xbb\x6d\x30\x3b\x4a\x27\xcb\x20\xa4\xe6\x18\x75\x07\x67\x87\xd1\x9f\xa6\xf7\x29\xc9\x4d\xc0\xba\x9b\x8c\x0b\xfd\x98\x66\xda\x5c\xb2\xe7\xa2\xcd\x2e\xdb\xdc\x95\xac\x34\x9e\x5e\x5c\x21\x72\xe5\xa4\xcf\x7b\xd9\x0c\xab\xe2\xc6\xe2\x24\x59\x80\xbd\x72\xd0\xf6\xf5\x47\x98\x81\xe8\xc4\xc3\x54\xf6\x8a\xa7\x28\x41\xd0\xc7\x3b\x98\x6b\xa5\x10\x21\x20\x31\x61\x02\x6e\xe3\xd7\x29\xdd\xf1\xa0\x49\xff\xe9\xeb\x25\x43\x98\x02\xf0\x30\x11\xd1\x44\xe5\x0b\x02\xbd\x4a\xca\x5e\x55\x06\xd3\x2f\xcf\x69\xe3\x2f\x54\x25\x44\x79\x8f\x4e\x87\xf7\x2b\xdf\x24\x33\xb1\xff\x32\x59\x29\x2e\x1d\x90\x81\x2c\xff\xd7\x9f\x6a\x54\x32\x70\xba\xf2\x4a\x3c\x39\xdd\x35\x98\xe1\xc6\x61\x61\x29\x22\x52\x2f\x38\x7d\x51\x59\x76\x92\xf3\x14\xc4\xd5\xac\x4b\xf1\x88\x3a\x61\x46\x36\x33\x6a\x55\x44\xd5\x9f\xf4\x1d\x1e\x0d\xbc\xf8\xe6\x62\x7e\x7c\x80\x85\x64\x63\x22\xdf\xc2\x0c\x33\x2c\xbd\xf3\x53\x70\xd4\x7d\xca\xbb\x80\x2e\x17\xca\x84\x78\x0e\xec\x66\x1c\x90\x4d\x5b\xfb\xc2\x40\xad\x6a\x14\xa7\x53\x3f\x71\xa2\x75\x00\xc6\x1d\xd3\xe4\x73\x98\x38\x87\xa8\x68\x35\x18\x7a\xbb\x0d\xf0\x8f\xa6\x2c\xda\x69\xdc\xe8\x6e\x21\xfa\x5a\xe9\x54\xc2\x2e\xdd\xb6\x0e\xe3\x13\x15\x04\xa6\x9b\x50\x48\x6a\x17\x76\x70\x91\x88\x37\x60\x63\x8a\x29\xc3\x80\x30\xe1\xe0\x5f\xdb\x28\xe1\x58\x63\x30\x10\x38\x5a\x62\x06\x13\xcc\x10\xd5\xa5\xf3\x50\x95\x5f\x4a\x34\x7c\x65\xed\xdd\xb7\xe2\x51\x59\xda\x8d\xcc\x26\x55\x92\x8a\xd6\xf6\xd8\xc4\xc1\xab\xb8\x17\xd7\xfe\xf3\xba\xe5\xde\x04\x02\xed\xde\xe7\xb5\x15\x21\xce\x28\x0a\x66\xb7\x96\x14\x0f\x56\xaf\x9b\xc2\x0e\x46\x58\x75\xce\x26\x28\xa8\xa1\x04\x77\xce\x9b\x2e\xac\xc7\xd8\x6f\x88\x27\x24\x57\xbf\xd4\x43\xe7\x12\x52\x69\x96\x25\x43\x80\xf0\x13\x52\x27\xe9\xfc\x15\x1c\x86\x95\xe9\xcc\x64\xd2\x72\xb2\x56\xab\x95\xc9\xa9\xf5\x68\xe9\x37\x16\xe0\xe5\x3d\x29\x88\x2e\x3c\xe7\x42\x61\x25\x7a\x02\xcd\x49\x7c\x37\xd7\x64\xd9\x0f\x7f\xd4\x78\xa1\x7a\x89\x0a\x8b\x2e\xa6\x1a\xb8\x1f\x68\x69\xb1\x20\xa2\xf6\x48\x4a\x88\xc1\x51\x95\x33\x91\xec\xa4\x45\x01\x53\x77\xb3\xa5\xdf\xfe\x4c\xfb\xac\xfb\x5b\xab\x2c\x47\xf6\x54\xf7\x2a\x9d\x19\xcb\xc4\xd2\x95\x37\x19\x84\x05\xe3\xa0\x4b\x4b\xfe\x11\xbc\xdb\x5c\x1f\x30\xd9\xac\x02\xf5\x48\x49\xc5\x7a\xa9\x6f\x7b\x56\x63\x61\x16\xf2\xbb\x6f\x25\x83\xd9\xaf\x94\xc8\x6a\xff\x5c\x13\x7f\x63\xce\x54\xe8\xf0\xc2\x1b\x6c\x25\xc1\xf0\x47\x2a\x22\x9c\x90\x81\x7e\x61\x62\xea\xc7\x1c\xcd\xa3\x09\xa1\x64\x3b\xd6\x31\x2a\x52\x63\xa2\xef\xe6\x46\xdf\xfe\x79\xeb\xd8\x15\x7a\x28"},
+{{0x49,0xe2,0x4d,0x16,0x99,0x83,0x37,0x26,0xb1,0x8c,0x78,0xea,0x65,0x68,0x40,0x1a,0x97,0x1e,0x1c,0xa3,0x9d,0xd0,0x6d,0x75,0x63,0xac,0x8b,0x42,0x50,0xd4,0xa9,0xf5,},{0x71,0xcf,0x05,0xe9,0x0d,0x30,0x1a,0x6d,0x9f,0xad,0x7f,0x0b,0x38,0xec,0x8b,0xb0,0x44,0xfc,0xfd,0x97,0xc8,0x49,0xb0,0x4c,0x00,0x36,0x25,0xde,0x29,0xbe,0x86,0xbb,},{0xa0,0xb6,0xa2,0xaf,0x15,0xb6,0xbe,0x9e,0x95,0x1e,0xf3,0xf3,0x2c,0xbd,0x1c,0x67,0x02,0xe8,0xe0,0x17,0xfb,0xd3,0x15,0xa3,0xf2,0x59,0x9c,0x3f,0x1a,0x11,0x86,0x5d,0x46,0xe7,0x84,0x59,0xa0,0xd7,0xf7,0xbe,0x04,0x6a,0xae,0x29,0x3c,0xad,0x09,0x13,0x7e,0xc8,0x47,0xe2,0x69,0x28,0x10,0x6d,0x9a,0xa3,0x5e,0x09,0x82,0xb9,0x92,0x02,},"\x6d\x26\x05\xf6\x1e\x1a\x04\xb6\xae\x18\xc2\xc2\x5a\xe1\x00\xdd\x42\xa6\x1e\x66\x4e\x2d\xb5\xc3\x4d\x7a\xd1\xf8\x4a\xc5\x07\x55\x2b\x74\x1c\x20\x86\xc1\x7c\x85\x2b\xab\xe0\x7a\x91\xe1\x29\xa5\x06\xee\x59\xed\xb9\xce\x73\xbe\x1b\x1d\x06\xd1\x20\xec\x36\xa1\xe9\x4c\x62\x81\x05\x4e\x78\xce\xb1\xbd\xef\xfb\xcb\xf4\xf0\x10\x51\xed\x38\x1b\xfc\x8a\xd1\x76\x9f\x41\xe2\x40\xbf\x60\x59\xd9\x70\x4c\xac\xec\x66\x66\x11\xf4\x1e\x4d\xd4\x38\xb7\xf5\x02\x42\xea\x86\x75\x6b\xb1\xf8\x1e\x59\x42\xc0\x92\x12\x9f\xbc\x6d\xe4\x95\x5d\x28\xdf\xf3\x52\x37\xdb\x30\xe4\xa5\x03\x6a\x99\x14\xc9\xf8\x4d\xbd\x8c\xcf\x82\xba\x2b\x1b\x3b\x55\x54\xa2\xb7\xa7\x4c\xb0\xb2\xa1\xe1\x96\x33\x45\x28\x6e\x25\x8d\xc8\xe7\xd5\x67\x18\x03\x5f\x95\xf3\x13\x81\x1c\xfb\xd8\x52\xa0\xf8\xf4\x9a\x29\xef\x93\x3e\x7c\xda\x7e\xd9\xc7\xe8\xb1\x62\xcd\xba\x1a\x82\x26\x2c\xd4\xdf\x7c\xf8\xea\x4b\x58\x6d\xb4\x3d\xcc\x1e\x37\x64\x59\x8e\x9c\xa4\x66\x73\x82\x2b\xaa\x2a\xd8\x7f\xb1\x4b\x6f\xdb\x9e\x20\x32\xd0\xca\x51\xc2\x6c\x5e\xf3\xd9\xf7\x97\x85\xfa\xc2\x49\x1c\xdb\xf7\xc3\x99\xf3\xcd\x17\x74\xc1\xa6\xb1\xe4\xa6\x7f\x54\x36\xd8\x0d\xb0\x25\xf8\xfb\x64\x09\xe2\x75\xbd\x0e\xd5\x08\xb5\xe0\x39\xed\x2e\x4e\xec\x8b\x0f\x4d\x5b\xe9\x9d\xca\xfa\x6a\x14\x01\x25\x27\x32\xa6\x5b\x37\xc9\x43\xc0\x7e\xf3\xac\xbc\xfb\xb3\xdc\x06\xda\xd0\xa8\x8f\x2f\x5e\xb5\x51\xa3\x99\x7a\xd6\xc6\xee\xd9\x5e\xdd\x9a\x0a\xf4\xa2\x88\xd5\xe4\x32\x86\xb2\xac\x07\x29\x77\xc4\x36\xb7\xc5\xff\x7a\xb6\x1c\x94\x84\xf2\x57\xf5\x8e\x01\x0c\x9b\x6a\xd4\x15\x81\xd7\x42\xcd\x19\x75\x2c\xde\x54\xd2\xb4\x20\xd6\x43\x65\x4e\x90\x96\xa8\x1e\xb9\xdc\xf8\x04\xc7\xc2\xed\x0e\x38\xd1\x3a\x5c\xe3\x99\x78\xcd\xd0\x2b\x25\x35\x09\x45\xde\x78\xfe\xec\xc0\xc2\xc2\x2f\xfd\x70\x5c\x3b\xa8\x11\x32\x65\xc7\xb9\xa7\xc8\xdd\xb5\x91\x78\xbd\x21\xd7\xf6\xc3\x1c\x6b\xe2\xc3\x67\x49\xee\x0f\x9a\xb8\xbc\x1d\xcf\x5d\xa5\xcb\x2d\x2d\x59\x62\x35\x8f\x71\xf9\x6a\xb3\x79\x2a\x25\x2a\x51\x9e\x41\x53\x51\xf4\x3e\x7e\x12\x03\x5b\x03\x28\xf2\x82\x08\xcf\x4b\xe5\x29\xd2\x99\xaa\x5c\x12\x8c\x9d\x5e\xd5\x75\xbf\x90\xc5\x35\x05\x69\xea\xa6\xf2\xd5\x52\x1d\xe1\x18\x03\x09\xf6\x86\xc9\x7e\x9a\xd6\xfa\x1e\xc1\xdd\x86\x27\xae\x89\x51\x58\x1c\xf6\x04\xb8\xb9\x17\xc5\xba\x43\x4a\x63\x7b\xe1\xbc\x8b\x79\xf4\xac\xaf\x77\x95\xf4\xe5\x1a\xab\xdb\x88\x50\x77\xbc\x4f\x3c\x68\xfc\x33\x18\xde\x58\x23\xd7\xe0\x80\x4e\xe9\x95\xb7\x03\x87\x95\x0f\x79\x93\x53\x68\x23\x00\xd4\xe7\x97\xf3\xca\xd6\x11\xb4\xc5\x62\xc8\x64\x0f\xf2\xb3\xfe\x29\x29\x16\xa9\x70\xfb\x98\xc1\x47\x5c\x1f\x4e\x27\xb9\xb3\x3c\xfe\x0d\x3a\xd9\x32\xa1\xeb\xe6\xa2\x7f\xc3\xb4\x46\x62\x29\x54\xae\xe1\x68\x36\x68\xc8\xbd\x4a\x3f\x90\x3b\xe5\xc7\x7d\xfd\xb8\xe8\x91\x4c\xed\xc5\x1f\x65\xfe\xd2\xd9\xc4\xd0\x3e\x13\xa6\x68\xd4\xc7\xea\x5e\x31\x88\x3e\x1b\x3d\xb6\x43\x63\xe2\xac\x5c\xc5\x4b\x54\xce\x69\xc6\xad\x52\xf8\x74\x99\x9b\x5d\xd2\xc5\x78\x2f\x03\xc3\xd5\x15\x05\xdf\x53\x6a\x1f\xe0\xd8\x60\xd3\x3e\xab\xed\x64\x1a\x94\x00\x89\xf1\x29\x7d\xd0\xf5\x7f"},
+{{0xf8,0xff,0x97,0x03,0x2a,0x34,0xcf,0x99,0x99,0x08,0x80,0x58,0xaf,0x56,0xff,0x70,0xb6,0xac,0xb2,0xed,0xf7,0x59,0xe1,0x31,0xfa,0xec,0x84,0x40,0xfd,0xec,0xf6,0xc4,},{0x54,0x38,0xb4,0xe3,0x3f,0x1c,0x5e,0xa1,0x12,0xfb,0x1b,0xaf,0xef,0x40,0x59,0xbf,0x09,0x5a,0x11,0x40,0x9b,0x64,0xd4,0x6b,0xfb,0x4d,0x25,0x47,0x3c,0x1c,0x08,0x74,},{0x50,0x9e,0x9e,0xad,0xfe,0x8d,0xde,0x79,0x14,0xac,0x20,0xca,0xfc,0x0b,0x0a,0xf2,0x2b,0x84,0xdd,0x8a,0x21,0x0a,0x48,0x12,0xcd,0x8c,0xae,0x39,0xb0,0xa2,0x72,0xe5,0x3e,0x02,0x24,0x6d,0xc8,0x93,0x9e,0x92,0x26,0x92,0x03,0x36,0xe1,0x40,0xb3,0x15,0x32,0xd0,0x68,0x13,0x7a,0x34,0x16,0x1e,0x59,0x9a,0x86,0x94,0xa9,0x5d,0xdf,0x01,},"\xdf\xb4\x1f\xb9\xd5\x37\x02\xcb\x2b\x9e\x3f\xfc\xad\x4e\xa6\x02\x71\x6f\x71\x8a\x7e\xa3\x3e\x21\x84\x3e\x2a\x6c\x05\x2c\x70\xc6\xc5\x14\x85\xd7\x2b\x53\xa5\xbb\x4e\x34\xe0\x3e\x3e\x1d\x1a\x52\x51\x8e\xb3\xe7\xf1\x8f\x2a\x1e\x1c\xaf\x78\xac\xb2\x11\x60\x89\xbe\xd4\xc6\x17\x13\x8e\x71\x6a\x91\x43\x1f\x2c\xf6\x44\xa1\x21\x0f\x6d\x19\x20\xd2\x85\x99\x42\x64\xd6\x46\x6b\x0d\x8d\x2c\x62\x63\x80\x44\x61\x6f\x57\x6e\xdc\x7d\x0d\x93\xcb\x66\x01\x31\xd4\xbb\x50\x87\x5e\x15\x36\x40\x12\x3a\x96\xf1\x5b\x75\xa5\xbc\xee\x46\xd5\xcc\x5e\xb1\xa4\x31\xc5\x9d\x2e\xad\xdf\xd5\x53\x15\x02\xfe\xb1\x55\x1b\xf7\x79\x1c\xd5\x98\x9d\x17\xd1\x02\x96\xd0\x1b\xa3\xae\x3e\x38\x4c\x67\x45\x26\xca\xb6\x2a\x7c\x24\xc0\xff\x67\x7d\xe7\x1c\xa1\x72\x62\x1a\x28\xa8\x5e\x01\xee\xfe\x07\xf6\xee\xf9\xc3\xec\xfd\x7f\x94\x98\xac\x42\xf4\x6a\x43\x71\x6f\x61\x53\x18\xa3\xb2\x87\x57\xc3\xa1\x5f\x4f\x1c\x38\x22\xae\x7a\x75\xc2\x03\xa2\x98\x25\x8d\x75\x36\x38\xcf\x42\x5e\x15\xbb\xc4\x62\x02\xb0\x93\xb8\xe4\xf3\xe6\x70\xfb\xb6\x63\xdb\x2b\x69\xc8\xfb\x0f\x62\x50\x74\xd8\x5a\x44\xd3\x50\xe0\x42\xbb\x1b\x74\x02\x1d\x19\x29\x97\xa2\xc2\x7d\xd6\xc8\x63\x48\x41\xd1\x00\xa0\x34\x4b\xae\xd7\x50\xa3\x9f\xf5\xdc\xd9\x84\x8d\xfc\xf0\x9e\x5c\x8c\x47\x96\x7b\x96\x55\x6e\x23\x32\xca\x17\xd8\xe4\x2d\xd8\xf3\x93\xa5\x44\x5a\x37\x22\x44\x60\x0b\x30\x01\xb8\xfe\x86\xc4\x5e\xaf\xc6\xe7\x38\xaa\x7e\x11\x7b\x4a\x79\xfa\x2e\x6b\x00\xf4\x64\x92\x8d\x18\x56\xc8\x3e\xcf\xe8\x7d\xd3\x4d\x15\x8f\x5c\xb4\xe4\xf4\xd6\x10\xf5\x97\x17\xec\x79\x0b\xd3\xff\x87\x20\x40\xb6\x7e\x8d\x39\x39\xe8\x04\xe3\xb5\xdb\x98\x5a\x09\x56\x21\xcb\xcc\xd6\x86\xc0\x93\x4e\xce\x3e\x27\xab\x2c\x6c\xe3\x3f\xb5\x2b\x11\x1f\x48\xe4\xf2\x74\xbd\xf3\x20\xd0\xb0\x23\x84\xc8\x3c\x49\xe1\xa0\x41\xbd\x23\x19\x10\x9c\x85\xa0\x6d\x80\x48\xa9\x93\x35\x7a\xbf\xd8\x11\xac\x2f\x38\x05\x9d\x07\x7a\xcb\xc3\x6a\xa9\x66\xc0\x28\x90\x37\x48\x62\x5f\x92\xe8\xf7\x9d\x51\xbd\xa1\x0f\x78\x52\x29\x77\xf7\x6e\xc4\xe8\x85\xe4\x9a\x46\xc6\x8d\xe0\x9f\x3d\xa8\xf8\x6b\x71\xae\x64\x23\xbd\x29\xde\xef\x1c\xc6\xa1\x13\xea\xc1\x15\xa6\xcd\xe2\xcc\xd0\x11\xfc\x1c\x0f\x0e\x34\x27\xf4\x3c\x3e\x96\xfc\x41\x56\xed\xf6\x2d\xdf\xb7\xb0\x83\x6b\x88\x8b\xab\x3c\x43\x45\x05\x5a\x6c\x41\x78\xe9\xe2\x28\x29\xfd\x8c\xfc\xe3\x9b\x0b\x84\x44\xeb\x26\x48\x7c\xc9\xdc\x82\x60\x6f\xea\xad\xaf\x49\x78\x69\x4e\x65\x64\xf2\x72\x9c\x1b\x13\xab\x37\xc9\x07\x2d\xb4\xe9\xde\x94\x0e\xe5\xf1\xd0\x58\x84\xae\x7f\xd9\xd9\xec\x9c\xb7\xde\x56\x34\x76\x00\xa8\x8d\xea\x92\x08\xa6\x34\x19\xfc\xe2\x9e\xe5\x00\x55\xa3\x74\xa8\xf2\x2f\x9a\xe2\xbe\x98\x05\xa9\xf4\x76\x15\xaa\x59\x57\x6b\x44\x04\x2f\xf1\x26\xa8\x98\x24\xe3\x6a\xd6\xbc\x58\xe0\x6b\xb9\x0f\xbe\xef\xba\xe5\xd6\xd7\xd6\x24\x30\xf3\x73\xb6\x29\x6f\xbf\xcd\x4d\x66\x20\x16\x83\x53\x58\x3f\xbd\x3d\x5a\x29\x2b\x95\x72\x51\x75\x34\xe2\xfb\x0b\xee\xf2\xfa\x98\xa4\x64\xe5\x91\x03\xe7\xa0\x42\x87\xf1\x5d\xad\x0f\xac\x54\x97\x0e\x77\x15\x07\x8d\x63\xec\x26\x36\x2f\x6f\xba\xbc\xdd\xea\xf7"},
+{{0x2e,0x4c,0x39,0x21,0x9f,0xc9,0x2a,0x53,0x8e,0x48,0xe9,0x5f,0xbf,0xcf,0xef,0x30,0xf5,0xa2,0x1b,0x78,0x94,0x0b,0x81,0x05,0x3b,0xda,0xd4,0x60,0x2b,0x4c,0x96,0x90,},{0xf8,0xee,0xd8,0x92,0x17,0x66,0x20,0x43,0x4c,0x7f,0x0e,0xc5,0x3d,0xcf,0xf3,0x98,0x63,0x10,0x9e,0x7c,0xa4,0xd0,0xb3,0xc6,0xc4,0xb5,0x64,0x10,0xbe,0x01,0xe5,0x37,},{0x39,0x45,0x20,0x12,0x2b,0xb0,0xa5,0x64,0x64,0x8a,0x7a,0x8b,0xc8,0xdc,0x73,0x63,0x6c,0x51,0x77,0x46,0xa3,0xc8,0xa0,0x5b,0x90,0x1e,0x72,0x52,0xfe,0xf0,0xe5,0x02,0x3d,0x90,0x99,0x1e,0x31,0x1b,0x53,0x82,0xd4,0x91,0x00,0xe5,0x26,0x33,0xc7,0x0f,0xe9,0xc2,0x6c,0x14,0x50,0xe0,0x60,0x3e,0x6d,0x45,0x22,0x99,0xaf,0x4d,0xae,0x07,},"\xc8\x7d\x1f\xba\x9d\x94\xa6\xa5\x40\x89\x80\xfc\x80\x83\x98\x0f\xd2\xd2\x52\xfa\xe5\x40\xf6\xee\xc1\x9e\xd6\x74\x6c\x29\xe3\x39\xa1\xc2\x9f\x6f\x53\xbc\x23\xfd\x6b\xfa\x43\x85\x07\xef\xf5\xda\xf9\x03\x40\x3c\xda\x70\x7b\x4d\xc5\xe8\x44\x80\x5d\x6b\x1c\xeb\x4a\xff\xf4\xb2\x32\xe8\xe6\x9d\x7d\x27\x1f\x3c\x06\x7c\x48\x54\xf3\xd9\x4f\x27\xfe\x32\x55\x81\xfa\xca\x79\xd1\xf0\x2a\x26\x29\x0a\xd2\x3a\xf7\x11\x00\xc1\x2c\x09\x15\x76\x47\xca\x9d\xa4\x3d\x76\x90\xdd\xcd\x94\xdb\x65\xe0\x00\x98\x9c\x87\x8b\x75\xa0\xff\x22\xd2\xc7\x09\x62\x59\x4c\x9b\x08\x08\xf2\x78\x46\xcc\xac\x85\x67\xbc\xe5\xd2\xe3\xb7\x60\x28\x09\xf2\x3b\x59\xcd\x71\x8a\x08\x05\xd1\x08\xf3\x1a\x63\x2a\x05\xb8\xdf\xa5\x03\x5a\xb9\x46\x1a\xeb\xa4\x16\x00\x9d\x74\xfd\xf9\xe0\x07\x20\x28\x56\x89\x0d\x2c\xff\x80\xfa\x24\x0b\x97\x8a\x48\x27\x0f\xcb\x2f\x47\x36\x97\xbc\xba\x8e\x73\x0a\x55\xc2\x87\x61\x91\x9a\x23\xbe\x41\xda\x27\xff\xea\x09\xe3\x55\x9c\xaa\xab\xf9\x51\x9e\xc0\x8e\x1f\xfa\x86\x81\x7a\xa3\xe8\x87\x4f\xa8\x16\xe7\x71\x8c\x5b\x2f\x34\x49\x67\xba\x1b\xc2\x81\x9c\x4f\x04\x5a\x97\xb4\x05\x44\xea\x61\xd7\x17\x08\x3c\xca\xf1\x1e\x9d\xdc\x04\xa3\x59\x8e\xf1\x81\xe7\xbe\xf4\xac\xef\x45\xb6\x55\x1b\x47\x8a\x0d\x77\x31\xc4\xf0\x8c\xe5\x80\x2f\x78\x25\x8d\x41\x90\x17\x66\x10\x76\xd7\xd6\xd2\xef\x39\xe5\x7c\xf9\xcd\x93\x97\xdc\xc5\xde\xbf\x64\xab\x82\xb6\x61\x59\xf5\x78\x31\x6e\x74\xcd\x49\xf5\xad\x2c\x6f\xef\x83\xcf\x08\x68\x3b\x95\x70\xa9\x46\xad\x49\x03\xdf\x4e\x96\xec\x00\x8e\x14\xa5\x01\xfa\x93\x86\xbd\xaf\x2a\x63\x99\x3c\x6c\x9b\xdf\x23\x1f\xd0\x9e\xa6\xf9\x6e\xf4\xd4\xe2\x9a\x3a\x33\x27\xcb\xf7\x4e\xa8\x31\x05\x4e\x66\xca\x86\x68\x0c\x6c\xe5\x3b\x66\xf9\x46\x5d\x06\xb3\xfa\x07\x98\xbb\x69\x05\xae\x38\x45\x59\x34\xf2\xfb\x7e\x0b\xa4\x72\x32\x89\x89\xf0\x01\x30\x86\x71\xcc\xcb\x56\x6d\x22\x2c\x72\x16\x5b\xb3\xa7\x44\xfb\x98\xe2\x21\x0f\x96\x20\x68\x0d\xf3\xe3\xcd\x14\xa8\xbd\x94\xb5\x74\x5c\x00\x16\xdd\xa7\x7f\x05\x9f\x26\x05\x3b\x64\xcf\x45\x23\xc3\xd4\x29\x11\x2f\xb6\xb3\x28\x39\x8b\xc6\x30\xa2\xe9\x06\xb9\x5a\x6c\x57\x80\xcf\xdc\x06\x41\xbe\x47\x51\xbe\xbd\xdf\x77\x24\xdc\x9c\x27\xe7\x8d\x60\xed\x0f\xd7\x36\xd5\xab\xd8\x89\x29\xc1\x79\x5d\x47\x3a\xbd\x2b\x03\x20\xc5\x40\x47\x57\x28\x82\x18\x67\xa4\x09\xa2\xff\x13\xcc\x44\xce\x35\xe5\x98\x1e\x9f\x6b\x87\xa2\x8d\x4f\xa8\xb8\x67\x5e\x50\x3f\xae\xfc\xa7\xc1\xd7\x98\x47\x37\x87\x1f\xe9\x19\xac\x41\x4e\xea\x26\x5e\xe3\x1f\x9f\x78\xf5\x21\xf3\xf4\xf8\xd0\x0c\x3f\xb7\x91\x71\xf3\xc6\xa5\xdb\xf5\xe1\xac\x8b\xf6\x3b\x4c\x3d\x8d\x8b\xc1\x21\x03\x6e\x9e\x55\xbb\x70\x2e\xa6\xc8\x6e\x92\x5e\xc0\xb9\x84\xde\xd2\xc7\x1f\x3b\xfd\x49\x32\xe6\xc4\x1b\x58\x2f\xd0\x2c\xa5\x9f\x53\xce\x29\x74\x45\x78\x5c\xc4\xca\xc2\x47\xb0\xb8\x4e\x7f\xa0\xbc\xdc\xf7\x9b\x3e\x4a\x15\x5f\x98\x78\xc1\xf6\x43\xbe\x9c\x42\xf7\xa4\xf2\x72\x60\x44\x45\x05\xc1\x84\x5b\xd5\x3b\x55\x0a\x31\xd7\x95\x3c\xc7\x38\x86\x1f\x46\xbd\xf4\x87\x0f\x3a\x77\xac\xe1\x91\xab\xd6\x3c\x45\xad\xb1\x53\x90\x9f\xb5\x9a\xb5\xdb\x9b"},
+{{0xf0,0x92,0xe6,0xbe,0x8d,0x2d,0x9a,0xd0,0x69,0xa3,0xe2,0xb9,0x76,0xd2,0x44,0xe3,0x4c,0x15,0xc2,0x8c,0x48,0xd3,0x2f,0x55,0x60,0xa5,0x41,0x85,0xd1,0x50,0x15,0x02,},{0xcf,0xeb,0x3e,0x74,0xe4,0xb5,0xc8,0x35,0x6a,0x81,0x75,0x7b,0x8f,0x1b,0xe4,0xb4,0x29,0xfc,0x18,0xfc,0xaf,0x49,0x7c,0xbf,0x8d,0x8b,0xc0,0x48,0x0f,0xf9,0x78,0xf9,},{0x63,0xcd,0x4c,0x0b,0xa3,0xbe,0x93,0x97,0xcc,0x0f,0x3c,0x1a,0xf3,0x48,0xec,0x4b,0x8a,0x91,0xe4,0x2f,0xee,0x67,0x5d,0xa1,0xd0,0x59,0x00,0xb9,0xa8,0x6c,0x13,0x8f,0x91,0x74,0xeb,0x99,0x6b,0xbd,0xf3,0x1c,0x42,0x95,0xe0,0xc5,0x78,0xac,0x0f,0x9d,0x53,0x76,0x41,0xa2,0xaf,0xd5,0xdf,0xf9,0x3a,0x39,0xc5,0xcd,0x9d,0x3c,0x48,0x0b,},"\x2c\x25\x5f\xb2\x5d\x45\xb0\x86\xc0\x71\xe0\x3e\x52\x5b\x4d\x72\x85\x78\xfb\xb6\xb0\xc6\x0d\xa9\x41\xe6\xbf\x2a\x48\x98\xb2\xd5\xb6\x98\x8c\x53\x30\x27\x85\xab\x7a\x3b\xc4\xbb\x2c\x20\x5a\xcd\x27\xd6\xa4\xcb\xdd\x1a\x0c\x08\x89\xde\xd7\x84\x26\x4c\xb7\xc0\x28\x89\xc5\xc7\x11\x3f\xc9\x0b\xbb\xcd\x31\xff\x00\x14\x32\xc0\x53\xf9\x71\x07\x3c\xf6\x71\x2f\x66\x7f\xce\x46\x98\x77\x6b\x98\xcc\x54\x44\xc6\x92\xab\xd1\x28\x81\x98\xbe\x5a\xd5\x67\x46\x09\xf7\xe1\x39\xad\x1b\x9c\xcb\x94\x3f\x8d\xfd\x9d\x12\xc5\x4e\xce\xe2\x78\x34\x1b\x2e\xe1\x27\x79\x91\xca\x62\xcd\x3b\xfe\x12\x8d\x13\x92\x96\x4e\x95\x88\xe2\xf9\x7c\x32\x17\x04\xa3\xde\x10\x61\x88\xc5\xeb\x33\x5a\xa5\xa1\x9a\xcc\x90\x67\xb4\xa9\x41\x29\xb9\xd1\xa6\x16\x7c\x4b\xbf\xb5\x6f\xb9\x76\x84\xcb\xbd\x72\x0c\x86\x86\x9e\x00\x20\xab\x07\x76\xcd\xc9\x95\x4f\xeb\xa8\x62\x12\x4b\x07\x3f\xba\x8d\xe9\xea\x9a\x38\xea\xcf\xa0\x03\xae\x4f\x1c\xdc\xbf\x15\xc3\x2f\xb6\xb9\x70\xc7\x31\x15\xdd\xff\xcd\x4f\xa3\xb7\x18\x46\x11\x0e\xde\xc2\x57\xfc\xae\xd6\x11\x36\x04\xf7\x19\x25\x72\x57\x72\x64\xb9\x90\x5c\xa6\xae\xd8\xda\xec\x13\x84\x03\xca\x41\xaa\x95\x42\x78\xa5\x72\x0b\x26\x7b\x90\xca\x16\x3a\x9b\xdf\x44\x7e\xad\xe8\xde\xb7\x69\xa3\xb4\x92\x37\xa7\x35\x16\x97\x7c\x28\x73\x45\x55\xdd\x23\x4c\xa7\xde\x49\x99\x26\x1b\xc7\x96\x0f\x53\x6b\xa8\xa3\x5a\xd3\xd0\x2c\x75\xf1\xc2\xbe\xa0\xa0\x61\x2e\x7d\x49\xc4\x03\x97\xdd\x6a\xf5\xff\x58\xba\xe6\xa6\x4b\x6a\x77\xe9\x81\xf9\x2d\x15\x9e\x0b\x2b\xd2\x05\xab\x15\x70\x52\xf4\x70\x17\xa3\xe1\x8a\xec\x94\x4d\x04\x65\xee\x00\x17\xe9\x61\x48\xa6\x12\x9f\x74\xd3\xcc\xb4\x89\xfe\xa1\x3a\x15\xa9\xb9\xac\xed\x58\xc6\xee\x0e\x6e\x84\xe0\x5f\xda\xdf\xae\x07\xb3\x34\xa9\x8f\xc3\x7f\x7e\x51\x1c\xd5\xa4\x4e\x9c\x74\xe4\x78\xd3\x49\xe3\x0e\x29\xae\xb4\x6a\x4d\xf0\x1e\x43\x07\xfe\x65\xe1\x39\x4a\x75\x8f\x6a\xda\x2f\xb1\x20\x22\x5c\xcd\x50\xa4\x90\x13\xe6\xc9\xf1\x75\xaf\x90\xf3\xfc\x8c\x57\xe7\xa6\xa9\x69\xa9\x16\xc3\xf1\xaa\xcc\x22\xf3\xe0\x1a\x07\x0c\xc4\x8e\x6f\xd8\x78\xe2\xbd\x07\x3d\xf9\xee\x6f\x05\x9b\x98\x56\x84\x04\xfc\x7e\xae\x7d\x4b\xf6\xfa\x16\xc0\xc8\x03\xc6\xbe\x84\xe8\xb7\x9c\x67\xaf\xfc\x8c\x88\xca\xbd\xee\xbc\x11\x34\xbb\x23\x86\xe2\x2b\xa4\xd2\xe9\xe0\xf3\xe1\xab\x3a\x0d\xac\x7c\x80\xdd\xee\xd7\x73\xcd\xa0\xc4\x1d\xc9\xde\xfa\x67\xfe\xa3\x77\x69\xcb\x4a\x1e\x15\x22\xd7\xe0\xb3\xd7\xc4\x63\x8b\xcd\x98\x31\x53\xd4\x78\xbe\x5e\xcf\x2b\x6a\xb1\xb4\x01\x24\xe4\x22\x2b\x8c\xaa\x46\x47\xbd\x50\xd7\x4d\x20\x39\x43\xab\x20\x93\x8d\x5f\x27\xd9\x08\xa6\x73\x67\x40\x46\xce\x2e\xf1\x8e\x85\x8b\x0a\x01\xa7\xe7\x53\x0d\xed\x0f\x8c\xc8\x9e\xf0\x9b\x73\xca\x59\x7c\xf7\x3a\xfb\xc9\xa2\x71\xa4\xd2\x3c\x92\xfe\x59\x18\x83\xc4\x40\x10\x9c\x4e\xf4\x16\x67\x0b\x7f\x2c\x59\x05\xb7\x7f\x65\xf5\x6d\x09\xd4\x02\x50\x35\x6f\x9b\x1d\xbc\xaf\x1e\xe2\xc0\xb6\x36\x96\xf8\x4d\x68\xdd\xbe\xa1\x60\x08\x51\x51\xa9\x52\x62\x74\xd7\xb8\x46\xcc\xeb\x6c\x43\x48\x09\x84\x84\xde\x3b\xb7\x23\xae\x5e\x85\x27\x6d\xf4\x9f\x56\x34\x13\x0f\xf9\x05\x75\x4f"},
+{{0x01,0xa2,0x47,0x94,0x3a,0xfe,0x83,0xf0,0x36,0xb6,0xb6,0x0f,0x23,0xd9,0x77,0x74,0xfd,0x23,0x20,0x8e,0xdc,0x31,0xcf,0x3d,0x88,0x20,0xe9,0xdc,0x63,0x66,0x11,0x03,},{0x8c,0x97,0xa5,0x8b,0xe0,0xe8,0x47,0xc4,0x8a,0x6a,0x39,0x87,0xcf,0xe2,0x50,0xa8,0xd7,0xb0,0x7d,0x97,0xf9,0x61,0xf6,0xb7,0xb7,0x9e,0x7d,0x80,0x42,0xb8,0xbd,0x7b,},{0xed,0x2c,0xed,0x1a,0x4f,0xdd,0xb3,0x44,0x2a,0x63,0x73,0x48,0x17,0x9a,0x6a,0x5b,0xee,0xdc,0xb4,0x4c,0x8e,0x98,0x8c,0xa2,0x6f,0x78,0x93,0x6d,0x2c,0x8d,0xb5,0xc5,0x16,0xd5,0x4b,0x8c,0x4f,0x08,0xd9,0x1d,0xd7,0x04,0x2a,0xb6,0xab,0x26,0xd8,0x7f,0x23,0x0e,0xb2,0xb2,0x15,0x6f,0x3c,0xe2,0x99,0x4f,0xce,0x7c,0x2b,0x0f,0x10,0x0e,},"\x08\xd8\x14\x95\xda\x77\xf4\x07\x25\x5c\xc4\x1a\x81\x8e\xef\xa7\x27\xe2\xc4\x7a\xe4\x11\xf4\xb5\x41\xf0\x1f\x81\x1d\x90\x6d\x55\xfb\x1e\x3c\x9c\x48\x4d\xf3\x05\x65\x36\x4d\xe9\xdc\xb9\xfe\xa0\xaf\x66\x11\x2f\xe7\x5f\xd1\x1a\xe8\x1d\x26\x41\xb5\x47\x58\x9f\x8b\x97\x4a\x97\xe7\x97\x6e\xd6\x92\xaa\xd6\x40\xed\xd2\x88\xbd\x86\x3d\x11\xc4\xca\x98\x36\xf9\xd7\xc1\x15\xc3\xd9\x88\x30\xd6\x42\x47\xcb\x6f\x8f\xb6\x03\xc6\x98\x11\x33\x55\x2a\x32\x04\x04\x19\x61\xbd\xd8\x3e\x2f\x9d\xeb\xa7\x70\xc0\x39\x4f\x9b\x60\x2a\x45\x35\x51\x07\x49\x21\xa3\xde\x28\x32\x13\x69\xd7\xf8\xca\x64\x0c\x45\x10\x9e\x8f\x52\x2c\x97\xed\x9f\x35\xb9\x27\x7a\x35\x0e\x29\x59\x31\xb4\x2e\x01\x35\xe9\x4a\x92\xfe\xd3\x63\xd6\xca\xe3\x92\xf7\xc4\x51\x99\x32\x7e\x24\xb4\xcf\xa5\x89\x8a\xb5\x99\xae\x7b\xd5\x0b\xd3\xa0\x0c\x0d\x00\x7e\x95\xfa\xf8\xf2\xae\x10\x38\x02\xca\x7e\x53\xb2\x79\x18\x4d\x06\x90\x5f\x57\x48\xca\x8b\xe1\xf7\x2e\x66\x8c\xb8\x32\x83\xdd\x00\x40\x64\x91\xf8\xb9\xb4\xe5\xa9\xd4\xa5\x43\x8b\x2f\xa4\x37\x1e\x0b\x05\x68\x6f\x87\x57\x5b\xaa\x79\x6e\x30\x2f\x08\xff\xc4\x25\x66\x27\x50\xa3\x3a\x0c\x9c\xfa\xa4\xb4\xd7\x04\x1f\x92\x64\xfe\xd7\xbe\x4f\x9f\xde\x2c\xac\x68\xa2\x15\x82\x36\xf6\xac\x43\x04\x7e\x91\x1f\x4c\x4e\x8b\xc6\x63\xfd\xd5\x05\x17\xdf\xaa\x8f\xbc\xd2\x19\xdd\x7a\x0e\x93\x69\xf4\x3d\x0d\xd2\x5b\x4f\x0c\xf9\x30\xf2\x0b\x7b\x7c\x6d\xb9\xd5\xbe\x0c\x6e\x19\x60\x94\x1a\x3e\x04\xd1\x41\xc0\x3e\x59\x61\xaa\x33\xe9\x02\x44\x77\xd5\x33\xc9\x95\x37\x87\x96\xbf\x22\x92\xad\xe9\x22\x69\x5b\x14\x56\x9f\xc3\x39\xb3\xd9\x08\x5c\x63\xfc\x6e\x5b\xef\x4d\x99\x0c\x80\x33\x3a\x6b\x57\xaf\x47\x8f\x93\x8e\x3e\xe7\x38\xb1\xd1\x29\xbd\x97\x6a\xfe\x68\x61\x28\xbc\xac\x08\xcc\xbe\xb0\x34\x9b\x9b\x53\x73\x13\xbc\x7b\xf5\x91\xc6\x5d\x4a\x71\x23\xad\x30\xbd\xbe\x14\x86\xb4\x28\x08\x47\x48\xb6\x50\x7f\x6f\x5e\xf6\x7c\x26\xca\x86\x2c\xf7\x26\xaa\xc1\x40\xb8\x61\xae\x0d\xc7\x4b\xb3\xc0\xb4\x89\x78\x9f\x17\x14\x5e\x9a\x85\x5a\x3e\x2b\x5d\xaa\xc4\x18\xd8\x35\x37\x33\x23\x9e\xf6\x9c\x7b\x56\x5b\x53\x03\xeb\x87\xbd\x7f\x64\x9a\xbf\x40\xa2\xf1\x35\xa2\x9e\xd2\x7e\x3b\xe4\xc1\x2c\xd6\xdd\xd2\xe5\x41\x8a\x99\x97\x43\x83\x66\x3f\x58\x49\xbf\x3c\xe5\x53\x2b\xf6\x4a\x80\xaa\x52\x11\x91\xd2\x53\x90\xbc\x19\xa4\x5e\xed\x1d\x3f\xec\xa1\xd9\xfc\xc0\xdb\x03\x1b\xfb\x48\xe4\x50\xbe\x3d\x45\x93\x35\x6d\x5b\xa0\xf3\x10\x47\xb4\x57\x74\x5f\x21\xe3\x2e\xbe\xa3\xca\x6c\x35\xf0\x5d\x78\xd8\xc3\x16\x40\xb0\xfe\xcb\x94\x01\x16\x56\x75\xc7\xf9\xcb\xb1\x9b\xc4\xb5\x67\x7c\x2c\xce\xdc\x4e\x7a\xaf\xb8\x41\x84\xc1\x91\x99\xac\xa0\xdb\x21\xcf\x50\x67\xdc\x3a\xf7\x69\xbc\xc6\x29\x35\x5f\xf7\x25\x7a\x9e\xfd\x71\xa6\xa9\x2d\x13\x0d\x35\xab\xee\x6e\x70\x60\x5b\x5c\xab\x93\xc0\x28\xfa\xc3\xaa\x23\x44\xba\x86\x1a\xc1\xe8\xce\x9a\x4b\x07\x0c\x3d\xf7\x40\xd2\x8c\x5e\xce\x0f\x1b\xc3\x1c\x2d\x7d\x1e\x5e\xcc\x76\x10\x44\x80\x93\x91\x33\xa1\x86\x60\xe4\xa3\xe4\x84\x6b\x25\x17\xbe\x3b\x8e\x7a\xfa\xfe\x07\x83\x91\xd8\xaa\x8e\x5c\x30\x13\x7e\x85\xd9\x4d\x64\xa2\x79\xfb\xee"},
+{{0x91,0xfd,0xef,0xcd,0xbc,0x99,0x0d,0x3e,0x8e,0xeb,0x60,0x17,0x04,0x34,0xda,0x10,0x83,0x1b,0x03,0x08,0x1f,0x6a,0xfd,0x0d,0x7e,0x12,0xb1,0x00,0x11,0xe0,0x2a,0xef,},{0xc5,0x8d,0x3e,0x20,0xb8,0xd4,0x7b,0xa4,0x55,0xb9,0x12,0x57,0x2d,0xc8,0x40,0x81,0x5e,0x3d,0x88,0x5f,0xa5,0x91,0x7d,0x1d,0xa4,0x84,0x08,0xb9,0xa9,0x56,0x40,0x98,},{0x51,0x01,0x12,0x22,0x3b,0x33,0xa5,0xab,0x15,0x64,0xf7,0x53,0x71,0x91,0xcd,0x29,0x2a,0x9d,0xbd,0x5a,0x32,0x3d,0x7a,0xdd,0x05,0x84,0xc1,0xb0,0xad,0x00,0xd0,0xac,0x71,0x99,0xc3,0xfb,0x75,0x8e,0x91,0x3f,0xf3,0xd7,0x16,0xc2,0xe9,0x0d,0xd9,0x0d,0x4e,0x8f,0x59,0x95,0x1e,0x87,0xef,0x8b,0x78,0x21,0x4a,0x51,0x75,0xc4,0xe6,0x08,},"\x5b\x0c\x1a\x3a\x95\xe0\xba\x74\x74\x76\x6c\x9b\xad\xfa\xe3\x4a\xb8\x60\xe0\xa6\xc0\x33\xa2\x2f\xba\x72\x11\x27\xf5\xbb\xee\xe8\xe2\xcb\xde\x1a\x1d\xfe\xb1\x8d\x55\x1c\x95\x99\x4d\x21\xe3\xeb\xc6\x8a\xfa\xe6\x85\x44\x4a\x3a\x41\x95\xbc\x75\x55\x38\x90\x3a\xcf\xa6\x71\x55\x92\xdd\xe2\x56\xe7\xa1\xb4\xc3\x63\xec\xa7\x1e\xf0\xf3\xa4\x8a\xe3\x44\x2d\x50\xd5\x66\x1b\x39\x40\x96\xb7\xec\x27\xbb\xf5\x29\x53\xf3\x04\x0c\xd2\x5b\x78\xce\x47\x55\x27\xe0\xcc\x59\xf1\xef\x9a\xe2\xe0\x59\x04\x31\x58\x2b\x2d\xf8\x14\x14\x99\x82\x9a\x2c\x5f\x7b\xbe\x35\x98\xe4\xc9\x6c\xc0\x1e\xde\x2f\x43\xb6\x56\x05\xb4\x88\x59\x37\x09\xc0\x94\xb5\xa0\x42\xb2\x85\x55\xfb\x52\x27\xa6\xd1\x56\x37\x6f\x3f\xf0\x7b\xd5\xc8\xbc\x68\x04\xd3\x9a\x32\x82\xac\x59\x70\xba\x08\xae\xbf\x75\x42\xb8\x45\xf6\xb5\xc2\x38\xc2\xce\x20\x44\x3f\x7f\x77\x55\xd7\x5f\xe4\xfa\x16\xb9\x64\x4c\xa3\xe2\x1d\x91\xa9\xa8\x7c\x68\x61\x15\x74\x8a\x16\xc0\xae\x4a\xe4\xe1\x6d\x1c\x71\xae\x60\x0b\x39\xcd\x25\xe5\x63\x3b\x39\x9f\xee\x7f\xf2\xe3\x62\xbe\xd2\x51\x25\xc6\xfd\x5c\x7f\x5f\xfa\x2d\xa2\x35\x3f\xd3\x5b\x78\x4a\x1b\x1b\x03\x19\x77\x47\x58\xb7\x39\x0c\x44\xdc\xc9\x2f\xca\x42\x01\xdf\xe1\xa3\x75\x69\xde\x05\xf0\x66\x4d\x08\xb9\x0d\x6e\x2b\xad\xc2\x1b\x92\xf9\xce\x87\x21\x42\x35\x7b\x96\x15\x08\x0a\xb7\x65\x9a\x24\x6f\xf0\x85\x2a\xdb\x17\xdf\xda\x70\xcf\x17\x54\x15\x7b\x13\xbc\x03\x2b\x4c\x5d\xeb\x8e\x10\x68\xb4\x69\x2b\x93\x16\x5d\xa3\x5e\xfc\x9d\xa8\x6a\xcb\xe6\xf8\x0f\x01\xbb\xc2\x6f\x57\x5e\xc5\xaf\x5b\x05\x0e\x98\x28\xaf\xde\x6c\x3b\x78\xe7\x33\xeb\x5a\x91\x24\x92\xf7\x65\xbc\xad\x73\x1b\x95\xe3\xab\x88\x96\xb6\x17\x58\xbf\x91\x3b\x9a\x15\x68\xf9\xc5\xb4\x60\x33\xcf\x45\xdc\xc1\x75\x0d\xa2\x06\x6c\x60\x8d\xc3\xd3\x43\x73\x8e\x84\x8d\xc3\x90\xcd\x47\x44\x32\xe9\x91\xd7\xaa\x2c\x5b\x27\x81\x42\x1e\xfe\x55\xe3\x6b\x0b\x42\xc1\xf4\x9a\xe2\x77\x48\x0b\x0f\xc5\xff\x68\x5b\xb5\xa3\x1b\xe3\xa0\xfa\x44\x82\x38\x16\x07\x70\x37\x54\x8a\x5c\x9b\x0e\x1c\xc6\xc6\x35\x04\xa4\x07\x57\x9a\x36\x32\xb3\xc9\x6f\xcd\x0d\xe5\xea\x1e\x4d\x6e\x87\xc0\xca\xf7\xb6\xca\xe3\x12\x0d\xb8\xb1\xf4\x61\x5c\xe6\xa7\x5a\x81\x65\x4f\x39\x04\x28\xb6\x4c\x21\x3e\x72\x7e\xec\x3a\xe7\xf9\xf4\x2d\xb9\x06\xf4\xde\x1f\xda\xdd\x34\xa3\xda\x2a\xeb\x12\xb4\xd9\xa1\x85\xf4\xa6\x0c\xb0\xc2\x67\x45\xf5\x30\xb4\x81\xfc\x97\x6a\x09\x3c\xe2\x4a\x30\x91\x6a\xf6\x05\xee\x94\xb0\x87\x85\x19\x3a\x94\x9d\x56\x9c\x4b\x7e\xf5\x96\x03\xbb\x62\x43\x60\xe7\xb4\x08\xd9\x8c\xa5\x09\xda\xf5\xa9\x2a\x6d\x40\x15\xbd\xb6\xf9\x7a\xd4\xff\x0c\xf0\x5c\x8f\x0c\xd5\x47\x6a\x93\x44\x26\xa0\x59\xf2\x44\x44\x46\xe5\x86\x4f\x08\x9e\x0f\x06\x75\x61\x59\x10\x66\x2d\x7c\x1e\x79\xa6\xc7\x5f\xa3\x14\xb7\xba\x2c\x64\x3b\x0d\x37\x65\x3e\xef\xe5\x93\x17\x2d\x1d\x33\x2c\x8d\xd6\x44\x92\xea\xf1\x04\xfb\x19\x57\xba\xa5\x20\x49\x44\x2d\x10\xb5\x6a\xf8\xea\xe8\xff\x82\xcd\x8f\x46\xa0\x49\x4b\xec\x2f\xcb\x9f\xad\xf1\x0c\xf7\x1a\x6e\xec\xd0\x54\x7d\xaf\xdc\x7a\xdb\xaa\x45\x03\x78\x3f\x94\x3a\x46\xb4\xad\x0e\x6d\xd7\xf2\xca\xb5\x56\x17"},
+{{0xef,0x00,0xb3,0xc1,0x81,0xf6,0x32,0x7d,0x02,0x25,0x67,0x51,0xcb,0x51,0xc2,0xc3,0x6c,0x0c,0x0a,0x78,0x07,0x63,0x40,0x54,0x8f,0x5b,0xc0,0x70,0xd8,0x6d,0x9e,0x26,},{0xdb,0x14,0xcd,0x32,0x58,0x8f,0xd7,0x41,0xe8,0xf4,0x2e,0x51,0x21,0xcc,0x81,0x1a,0xd4,0x50,0x63,0xf2,0x81,0x41,0xe8,0x3c,0x66,0x8f,0x07,0xd9,0x12,0x28,0xf0,0x49,},{0x13,0x9f,0x9c,0xb9,0x9b,0x99,0x5b,0xe6,0x58,0x8c,0xdd,0xb5,0x05,0x16,0x94,0x83,0x8f,0x9d,0x82,0xa6,0x07,0x61,0xfd,0xe3,0x04,0xb0,0x02,0x7f,0xf8,0x65,0x84,0xbf,0x65,0xc7,0x3c,0xc6,0xd2,0x53,0xe5,0x60,0xf6,0x55,0x25,0xdf,0x04,0xbf,0xe1,0x46,0xc8,0x3b,0x42,0x26,0x9c,0xf3,0x78,0x0f,0x8b,0xc3,0x92,0x43,0x78,0x94,0xae,0x01,},"\x7d\x6a\xbe\xc7\xa1\x1a\xf6\x73\x24\xce\x17\xb1\xd2\x0b\xb4\x0c\x66\x8a\x21\x9b\xc9\x5d\xf0\x5e\x32\x5d\x86\xf8\x87\x95\xe2\x64\xd4\x54\xfc\x5f\xa7\xd9\xc8\xaa\xfe\x77\xe9\x0a\x6a\xf6\xb5\x74\x53\xd8\x5b\x97\x0b\x55\x2a\x85\x6b\xa6\x59\xab\x31\xbd\x8a\x66\x0e\xb7\xd3\x58\x7b\x45\x3e\x5c\x5f\xc6\xb7\x94\x72\xb2\x6e\x8f\xf7\xdd\x6d\xb6\xbe\x35\x72\x54\x8b\x0d\x75\x4e\xd4\xd9\x85\xb8\xd9\x96\x5f\x88\xb9\x52\xfc\x4f\xa3\xb7\x61\xcc\xff\xc3\x53\x54\xdb\x0e\xb9\xc5\xa1\x71\x71\x8a\x8a\x55\x92\x87\x02\x13\x82\x7d\x36\x91\xba\xe7\xfd\x9c\x63\xf2\x05\x03\xe0\x43\x19\xb5\xe9\x53\x57\x9d\xe4\x7e\x3e\xf8\xe1\x62\x85\x49\x50\x3c\xb4\xf6\x87\x1b\xa2\x5d\xb8\x73\x47\x08\x0e\x53\x1a\x51\x7a\x8b\x72\x21\xe6\xad\x84\xdf\xf8\x32\x56\xd9\xab\x9a\x43\x3d\xe8\x71\xb9\xcb\x9c\x50\x44\x58\x9e\x67\x20\x6b\x31\x7a\x52\x06\xae\xba\x96\xc9\x2f\xd6\x09\x40\x71\xc6\x44\xfe\x52\x65\x8d\xed\x92\x20\xcf\x6a\xbd\x50\xe2\x30\x5a\x1c\x90\xfd\x66\xaa\xcf\xb3\x8e\xb0\x5e\xaf\xf6\xca\x5f\x85\xf4\x29\xcd\x57\x71\x6e\xb8\x77\x39\xa0\x2b\x64\xcf\xfa\x08\xc4\xf6\x85\xb0\x03\x10\xb5\xb4\x84\x49\x20\xdf\x21\x5a\x9f\x24\xa1\x76\x13\xae\xf8\x5f\xec\x94\xf5\x11\xdc\x8a\x42\x94\xed\xdc\xea\x11\xc0\x8c\x0b\x39\x9a\x23\xd9\x16\x38\x3e\x29\xad\xeb\x98\xc6\x5d\x41\xc7\x05\xa5\x7f\x84\x05\x20\xfa\x80\x8d\x7f\xd2\x5f\xdc\xe1\x59\xf7\xa0\x84\xd0\x62\x97\x4b\x30\x13\x2a\x57\x12\x42\xba\xff\x41\x96\x24\x6d\x6d\x75\x7b\x31\x2e\x9d\x60\x85\x53\xd2\xdc\x53\xb6\x23\xb2\xe9\x5c\x75\x38\xfb\xc5\xde\xb6\x2b\xa7\x37\x76\xd8\x5e\x51\x18\xfa\x1a\x30\x2d\x4d\x07\x6d\x99\xe1\x00\xf0\xdf\x11\x9c\x33\xfc\x66\xcd\xfe\x6f\xd4\x4d\x71\x99\x7b\x78\xc8\xf7\x89\x0c\x70\x73\x46\x05\x62\x20\xd1\xe9\xde\x88\xbc\x17\x3c\xf0\xb7\x6c\xb3\x02\x87\x7e\xc1\x6a\xf4\x6e\x4c\x31\x63\x9f\x54\xee\xdc\x16\xda\x9d\x9e\xb0\xad\x95\xbd\xa5\x45\xdf\xc4\xa7\x32\xb6\xda\x98\x14\x13\x6a\xb1\xb9\x39\x2a\x07\x1b\x02\x24\x73\xb3\x49\x05\x57\x69\x8b\x77\xe7\x44\x7a\xc8\x59\x0d\xca\xf4\xf2\x42\xad\x3d\xfb\xc0\xdf\x71\x6c\xc0\xea\x75\x36\x26\x97\x3d\xf0\x8d\x93\x5d\x17\x8e\x33\x12\xfb\xe2\xa7\xba\x9c\x50\x93\xc5\x3b\x92\x55\xea\xca\x29\xb7\x25\x78\xe3\xba\x1b\xdf\xaf\x0c\x9e\xce\x21\xa5\xdf\xf6\xea\x42\x15\x24\xf7\x0f\xc1\x90\x4e\x9a\x2c\xf7\xc5\x18\xbf\xcc\x7e\x36\x73\xee\x87\xff\x27\xe1\xca\x2a\xc3\x2b\xcb\x40\x91\xcb\x34\xa8\x2a\x71\x56\x3f\xf6\xa6\xa1\x5d\xa0\xeb\xd5\xbd\x10\x25\x6c\xe9\x60\xf4\xea\xa7\xfe\x35\xe1\x28\x88\x60\x50\xd0\x49\xfe\xc3\xa4\xab\x16\xd5\xb0\xc1\x07\x26\x7e\xae\x1a\xb8\x01\xea\x5b\x91\x98\x38\x39\xda\x1c\x48\x8c\x12\xf8\x64\xd7\xc3\xa7\x7f\x2b\x6a\xe2\x7d\x54\x01\x09\xf6\x8d\x78\x36\x4b\xb6\x27\x18\x3b\xd5\x03\x91\x75\x47\xaa\xf3\xb3\xa1\x80\x9d\xa0\x25\x77\xb3\xf0\x3a\x9a\x3f\x5a\xf4\x8c\x88\x02\xe2\x97\xc8\xbb\x63\xdb\x6a\x86\xd3\xea\x72\x7a\x6d\x71\x48\xb3\xaa\x44\x4b\x8d\x16\x8f\x38\xc6\xc8\xf2\x40\x88\xa4\x9a\xf3\x31\x77\xa3\x44\xad\xab\x2c\xf6\xe0\x8e\x0c\xb0\x37\x1e\xd5\x2b\xde\xad\x13\x2f\x77\xe7\xae\x3e\xe5\xd8\xfb\x17\xaf\xc0\xa0\xbb\x73\x11\xb9\x56\x0b\x67"},
+{{0xd0,0x71,0xd8,0xc5,0x57,0x8d,0x02,0x59,0x49,0x93,0x2a,0xa6,0xbf,0x6a,0x80,0xb1,0xcc,0x41,0x2f,0x10,0x6f,0x91,0x57,0x4e,0xe2,0x46,0x54,0xb4,0x45,0xee,0x9a,0x97,},{0x9b,0xcb,0xf7,0xd2,0x21,0x2f,0xb6,0x2c,0xcc,0xf8,0xb6,0xc7,0x68,0x03,0xa5,0xea,0x24,0x40,0x9d,0xa6,0x28,0x7e,0xfb,0xb8,0xb1,0xf0,0xc7,0xb3,0x0e,0xbd,0xd9,0x3e,},{0x0c,0x29,0x7a,0xbe,0x0f,0xd8,0xeb,0xcc,0x6b,0x77,0x19,0x98,0x75,0x5e,0x2c,0x6b,0xe0,0x7c,0x81,0x2b,0x5a,0x80,0x54,0x49,0x57,0x06,0x31,0x70,0xca,0x69,0x43,0x2e,0x72,0xb6,0x0d,0xaa,0xe3,0x22,0x95,0x8a,0x22,0x38,0xcd,0x6a,0x46,0x28,0x94,0xa3,0x87,0xee,0xf6,0x5b,0xf9,0x6f,0x63,0xf5,0x4c,0x08,0x56,0x87,0xa5,0x02,0x75,0x0e,},"\x3e\x8e\xe7\x0e\x51\xe5\x6e\xf5\x7f\x6e\x66\xb3\xa8\x84\xaa\x04\xa7\xb4\xd4\x59\x9f\xb9\xb4\x39\x96\xb3\x93\xa8\x68\x09\x35\x12\xea\x74\x1a\x0c\x6a\x94\xf4\x0c\xe4\x98\x62\xd2\xfd\x1f\x75\x51\xf4\x64\x7a\xbd\x80\x75\xbc\x1b\x74\x2a\xd4\x0e\x29\xa6\x04\x61\x30\x12\x24\xfe\x8f\x76\x92\xb1\x47\x72\x78\x2b\x4e\x89\x6b\x63\xfe\x05\xab\xd5\xff\x53\x14\xf9\xec\x80\x75\xf2\x8d\x90\x8c\xca\xaa\xce\x5e\x90\x5e\xa7\xf5\x7a\x49\x1b\x99\xb3\x59\x1e\xea\x54\xa6\xb7\x81\x91\x67\x74\x9d\x38\xa0\x47\x62\x06\x76\xa1\xa7\xaf\x11\xf4\x85\xa5\x5b\x7c\x87\x9e\x68\x50\x38\x08\x58\xc8\xf4\x5c\x0c\x1c\xcb\xd7\x40\x6e\xd0\x99\xd8\x4a\x74\x71\xb9\x35\x0c\x4d\xdb\x28\x47\x0b\xf5\xbf\x32\x7d\x5b\x3c\x22\xd8\x99\xb4\xc6\x60\x83\x9e\x10\x4a\x06\x22\xae\x85\xc8\x4a\xa9\xfc\x7f\x0a\x2c\x7c\xeb\x6e\x69\x1c\x49\xc0\x64\xb5\x31\x34\x99\x68\x3e\x8e\x03\xb2\x11\x5e\xda\x7d\xda\xd5\x5a\x49\xf9\xfb\xe6\x25\x44\xf9\x14\x51\x1c\xfb\xec\x6b\x84\xdb\xde\x7e\x80\x90\x9b\x45\xfb\x10\x50\x2e\x2c\xaa\xa7\x21\x24\xfd\x94\x56\xa3\x87\x2f\x95\x92\x70\x7e\x9a\x4c\x50\x12\xda\xa9\x72\xea\xf6\x5f\xab\xe5\x53\xde\xbe\x82\x57\x01\xef\xef\x5c\x75\x6b\xb4\x65\xe9\x66\xab\x68\xdd\x52\xf3\xdd\x00\xa4\x5c\xf6\xdc\x3f\x19\xb8\x6b\xb0\xdb\x4a\x86\xe4\x66\x98\x85\xa0\x74\x69\x6a\x67\xd8\xea\x21\x18\xc7\x66\xef\x62\x5f\x8a\x98\x02\x6f\x9f\x4a\x3c\x5c\xcc\xf9\x84\x6f\xdc\x90\xed\x93\xec\x7c\x1f\x3c\x70\x86\x95\x4f\xa2\xf0\xa4\xca\x96\xd4\x01\x84\xaa\x57\x54\x55\x27\xa1\xf9\x65\xc1\x1d\x84\x3c\x90\xc5\xa5\xe0\x8d\x7c\x11\xf2\xd5\x61\x00\x4e\x90\x57\x48\x52\xeb\x50\x46\xaa\x1e\xa7\xb6\x10\x09\xfd\x5d\xd7\xd6\x24\x2a\x8d\xf5\x8a\x9e\x8e\x55\x5c\x7f\x4c\xdc\x13\x0d\x69\x01\xbf\xe6\x79\x7f\xdc\x6c\x39\xbe\xec\xfb\xba\xb6\x62\x5b\x2e\x4f\xb9\xd8\x00\x02\x76\xd4\xa9\x4f\xc6\xfc\x10\x51\xfe\xff\xf5\xad\xeb\x72\x4b\x87\x09\x0d\xb0\xa2\xc6\x97\xd0\x56\x66\x4d\x99\x1f\xad\x80\xdc\x80\xfa\xb7\x00\xb1\xf1\xf2\xee\x27\x73\x4e\xbc\x26\xb2\xa6\x41\xc3\x2a\x0c\x91\x1b\x27\x0a\xc7\x6b\x0d\xa5\xc0\x89\x14\x97\x1c\x91\x12\x46\x3a\x70\x70\x9c\x0d\xda\xc7\x91\x00\x16\xf9\x13\xf6\x21\x00\x86\xd7\x25\x5c\xef\x11\x95\x57\x10\xf6\x51\x88\x9c\x83\x62\x1d\xd8\xa4\xfc\xd5\x36\x63\x02\xd6\xc9\xb5\x6e\xef\xcf\xac\x85\xc1\x4a\x94\x78\xb6\xd7\x18\x07\x54\x28\x80\x07\x60\x51\x5c\xab\x5f\x3d\x44\x55\xe2\xb9\x70\xdf\x9f\xe4\xbe\x83\x83\xd7\x04\x83\xbb\xdd\x75\x60\x71\xf5\x3b\x2f\x9c\x27\x5c\x7c\x85\x12\xd1\x63\x51\x8f\xe5\x55\x83\x75\x14\xc8\x67\x76\xc9\x47\xf2\x9a\x77\x57\x02\x87\x44\x6b\x69\xbe\x40\xc8\xd4\xab\xbd\x65\xef\x25\x07\x24\x9b\x5a\xec\x33\xac\xb7\xb8\xbd\x3f\x35\xbc\x85\x9b\xa4\xe3\x7b\xdb\x49\xcf\x91\x3d\x93\x98\x9c\x44\x38\xd2\xab\xcf\xa3\x88\xcc\x89\xd7\x8a\xc0\x62\x70\x65\x64\x92\xe7\x52\x8f\x29\xbd\xfe\x8c\xbb\x9b\xfa\x9e\x73\xc1\xda\x01\x3f\xc3\xce\x21\x05\x65\x76\x13\xff\x62\xbb\x0c\x3b\xf4\xde\xe3\xb0\xd2\x65\x9c\x72\x6e\x7b\xcd\x9e\x97\xec\xce\x92\x47\xd4\x60\x0d\xfe\xaf\x60\x44\x4e\xd8\x62\xb0\x0b\xa1\x1e\x70\xea\x88\xd4\xf0\xb6\xb5\x39\xfc\x9f\x36\xbb\x2a\x1a\x9e\xd2\xb3"},
+{{0xe9,0xd4,0x86,0xc2,0x9a,0xe8,0x11,0xb9,0x42,0xe1,0x0d,0x81,0xf0,0xa6,0x71,0x63,0x17,0xb8,0x42,0xc2,0xc5,0xbf,0xde,0xf5,0x5c,0xc4,0x32,0xb7,0xfc,0xae,0xb8,0x18,},{0x43,0xa5,0x2d,0x15,0xb9,0xf7,0x31,0xd7,0x37,0xb1,0xc4,0xdb,0xc3,0x22,0x27,0xa4,0x80,0x96,0x30,0x91,0xd2,0xc6,0x28,0x6f,0x48,0x2e,0xf1,0xe8,0x36,0x70,0x54,0xe5,},{0x65,0x19,0x1a,0xa8,0x85,0xdd,0xab,0x9f,0x67,0x27,0x18,0x79,0x95,0x2f,0xc6,0xaf,0xfe,0x41,0xca,0x20,0xeb,0x3b,0xcd,0x86,0x67,0x31,0x61,0xb0,0x3b,0x53,0x26,0x94,0xd6,0xdd,0x88,0x90,0x8e,0xb1,0xb1,0xee,0xc0,0x03,0xcf,0xcb,0xe6,0x14,0x6b,0x45,0x38,0xe2,0x1d,0xf5,0x59,0x69,0x91,0x2a,0x0d,0x7d,0x88,0x18,0xad,0x79,0x59,0x0d,},"\x14\xfe\x1e\xd5\xbb\xbd\x76\xcc\x73\xdc\x56\x50\xbd\xa9\x2d\xe8\x63\x26\xe2\x4d\x2f\x1f\x62\x24\xba\x85\x68\x94\x4d\x6f\xe3\x44\x26\x75\xdb\x96\xf1\xd8\x49\x8f\x16\x34\xff\x9b\x6e\x50\xcb\xa9\xdb\x4e\xb0\xb0\xb0\x21\xb2\xbe\xcf\xce\x4b\xef\x33\xc4\xce\x0e\x32\xc8\xa9\x83\x89\xec\xa9\xe0\x59\xa6\x62\xd6\xf0\x37\xc5\x4a\xa4\x0c\x76\xcd\xee\xe8\x56\x50\xf0\x89\xea\x56\xe1\x38\x3a\xb0\xf5\xc3\x6f\x6d\x66\x45\xff\x7e\x87\x66\x73\x01\xf9\x44\xfd\xc2\xed\x35\xb0\xd2\xc3\x5c\xb2\xe4\xb4\x56\x36\xe7\x49\x8e\x92\x7f\x58\x46\xb3\xe1\xed\xfb\xd1\x60\xa4\xae\xf3\x32\x0c\x34\x28\x49\x6b\xda\xaf\x7d\x3e\xd5\x6e\xf0\xb7\x25\x4a\xc5\x97\xbe\x58\x9a\x70\x58\x44\x16\x30\x0c\x1a\xdc\xfb\xa4\xf2\x2c\xfd\x4c\xd6\x61\xe1\xf5\x0f\x15\x5d\x17\x2f\xa5\x74\x8d\x29\x6b\x29\xcd\xd7\xeb\x81\x21\x48\x3f\xf1\xd9\xfe\x95\x3f\x94\x51\xc7\xc7\xa5\x42\x00\x72\x85\xee\x72\x46\xbc\x0f\xde\xa9\x38\x81\x40\x29\xab\xce\x05\x7a\x0e\xcb\x97\x4b\x12\xd3\x60\xea\xb6\xaf\xd3\x07\x97\xd6\x14\x45\xad\x2b\xac\x7e\x52\xbc\xe4\x34\x63\x15\xf7\x8e\xb8\x75\x42\xd5\x95\x28\xb2\xf6\xc5\x6d\x66\x24\x1c\xb4\x42\x03\x3f\x64\x3d\x3d\x2a\x67\xcb\x63\x7d\x8d\xa9\x5d\x4f\xd1\x23\x4b\x03\x1a\x3e\x51\x72\x3a\x1d\x26\xe6\xf5\xca\x07\x98\x73\x21\xad\x11\xa9\x0f\xcc\x1d\x4e\x2b\x0b\x89\x66\x50\xc3\xa7\x51\x8d\x56\x55\x29\xbe\xa8\x06\xa0\x5d\x44\x7e\x08\xd2\xa6\xa3\xdb\xf1\xa3\x69\x15\xb2\x95\x7c\xa5\xb4\x0e\x58\xb9\x7a\xd0\x36\x97\x35\xc4\x28\xbd\x6d\x69\xbd\x21\x00\x44\xb6\x51\x41\x8d\x98\xb0\x59\xd9\x0c\x83\xe4\x60\x11\xf4\x1c\x03\x2c\x56\x55\xa5\xef\x21\xac\x2c\x8c\x2b\xc9\x4b\xe0\x7e\x45\x42\x6a\x7a\xe5\xd4\x7b\x45\xf2\x7c\xf4\x28\x9c\xa4\xdd\xab\xe0\x8a\x12\xb9\x10\x20\x7d\xab\xb3\x4a\x46\xab\x75\xce\x69\xb5\x8e\x7e\x17\x66\x4b\xf3\x35\x9a\x8f\xb6\x8e\xb0\x32\xc9\xea\xa6\xdf\x87\x38\x29\xf0\xe0\x84\x85\x53\xf7\x32\xe1\xc3\xc0\x84\xb3\x2b\x7a\xf7\x50\x74\xe7\xbb\xaa\x4e\xb5\xd7\xea\xd7\xaf\xf9\x75\x80\x10\x9b\x60\xf4\xc7\x92\xf9\xe2\xa6\x51\x37\xb0\xaa\x48\x17\x5b\x81\x15\xd9\x13\x05\xf4\xc7\x7e\x2d\x08\xe7\xe8\xd7\xe7\x78\x5c\x96\x68\x42\xc2\xe3\x50\xfe\xd4\xf9\xe3\x3b\xf6\xe1\x84\xc5\x50\xb4\xb0\x6e\x95\x74\x14\xed\xf5\x2f\xa0\x79\xe8\x19\x73\x45\x84\x61\xfb\xb9\xb7\xd7\xd3\x4b\xef\x15\x03\x57\xf4\x32\xca\xac\x3a\xe9\xf3\xdc\x96\xeb\x5a\x2d\x12\x3e\x09\xed\xa1\x70\x2e\x1d\x10\x70\x17\x7b\xb2\x20\xc4\x23\xc0\x96\xec\x24\x42\x43\x85\xc6\x79\xbe\x02\xef\x84\xd0\x9e\xd1\x02\xf4\x9c\xad\x3b\x1f\xd6\x70\x67\x9a\x39\x71\x4f\xf1\xd6\xe4\x22\x8d\x8d\x7d\x0e\x19\xed\x0e\xba\x13\x2f\x21\x28\xd4\x7b\xaa\x56\x9a\x8e\xcb\x7b\xd4\x8a\x82\x62\x82\xf9\xcf\xcb\xf6\x0d\xde\xce\xaf\x1d\x02\x13\x2c\x8a\xff\xed\x3a\x03\xd2\x34\x0d\xeb\x78\x7c\xd6\x49\xc5\x1c\x6e\xcb\x9f\xf7\x5d\x7a\x7b\x4e\xf9\xb1\x51\x39\xcf\xea\x27\x62\xab\x18\x61\x51\x97\xa6\xb5\x1f\x6e\x75\xdb\xd0\x45\x73\xa2\x44\x80\x94\xd0\xcd\xeb\x0f\xe4\x58\x58\x83\xff\x9b\x68\x82\x4a\x04\xb8\x3e\xc9\x1c\xf8\x4a\xcd\x6a\x74\x46\xcb\x1f\x5e\xe3\x7d\x5d\xf8\x0f\x17\xcb\x2b\xdc\x3f\x31\x22\xa8\xfa\xf7\x6e\xbd\x06\xcf\xe8\x17"},
+{{0xe6,0xfa,0x10,0xdb,0xb4,0x78,0xe1,0xe3,0x6b,0x35,0xdf,0xeb,0x02,0x50,0xf6,0x3c,0x08,0x51,0x50,0x70,0xae,0x79,0xb2,0x2f,0x04,0x7e,0x27,0x17,0x08,0xd6,0x4f,0x5c,},{0xe0,0x2e,0x1f,0x2b,0xd8,0x79,0x2e,0xf4,0x83,0x48,0x1c,0x6d,0x11,0xf7,0xc7,0xc9,0xdb,0xde,0xec,0xc9,0x85,0x94,0x32,0xe7,0xf2,0x79,0xe9,0xd1,0x73,0xd3,0x11,0x64,},{0xc0,0x3c,0x47,0x03,0x59,0x12,0x7e,0x9d,0xe3,0xaf,0x0e,0x0e,0xd7,0xd3,0xb1,0x9f,0xae,0xe0,0xec,0x14,0x0b,0x79,0xc2,0x99,0xe2,0xcb,0x6d,0xac,0x0a,0x3e,0x7e,0x31,0x41,0x41,0xcc,0x85,0x4b,0x45,0x96,0xce,0x4c,0x51,0xc7,0xb0,0xde,0xc8,0xa5,0xc8,0xcf,0x09,0x36,0x20,0x53,0x61,0xd5,0x36,0x5f,0x4b,0xcc,0x07,0xc4,0x28,0x7c,0x07,},"\xad\x31\x60\x75\x8d\x8c\x08\xa6\x61\x52\x5c\x95\x28\x0a\x37\x18\x87\x49\x69\x85\x9f\x1c\xc9\x18\xe3\x4f\xec\x00\x8a\xcf\x23\xb8\x89\x6e\x8d\x50\xc3\xc0\x51\x23\x31\xdc\x89\x78\x0f\x8b\x10\xfc\x34\x9c\x67\x5c\x4c\xd8\x2a\x5d\xf8\x58\x6b\x43\xc8\x64\x44\x8f\xac\x00\xb8\x47\xb9\xc9\x80\x54\xab\x79\x3f\x63\xc7\x1a\xa5\xe5\x24\x8e\x22\xd0\x69\xbd\x3f\x85\x2a\x3b\x8c\x6e\x2a\xc8\xef\x86\x1d\x90\xbc\xd9\x84\xbf\xca\x87\x58\x3e\x59\xe9\xa7\x46\x8f\x29\xb8\x08\xdc\x2f\xe5\x30\x2a\x98\x9d\x6f\x2e\xcd\xe7\x58\x5c\xd9\xbe\x4e\x4c\x76\x1c\x4d\x4b\x3e\xea\xf4\x69\x9f\x65\x56\xef\x03\x9a\xf2\xb8\x0f\x94\x07\x60\x5a\xc3\x97\x35\x1d\xd8\x55\x95\x58\x44\x95\xba\xa1\x77\xb0\x8c\x88\xd2\xec\x1f\xc4\xe3\x2d\x1c\x0b\x8d\x7e\x7a\xc5\x83\x9d\xfb\x92\x3f\x09\xb3\x23\xe7\x8e\xce\xb7\xe9\x6c\x06\x04\xb0\x1a\x19\xe4\x9c\x9b\xea\xf4\xf2\x5e\xc4\xa8\x4c\x1a\x08\xf2\x38\x0e\xdd\xc3\xa7\xf0\x12\x18\x49\x59\xcc\xd1\x9e\xcb\xba\xc6\x5e\xac\xa1\x55\xce\xe9\xec\xfe\xc1\x1e\x7f\xee\x05\x8e\x17\x4f\xc4\xed\x7c\x67\x9f\x2c\x15\x63\x1d\x4e\x15\x27\xbc\xdb\x0e\x3b\xb0\x81\x5f\xfd\xff\xc0\xc8\x56\xbe\xf0\xdc\x0f\x5c\x82\x37\xf7\x09\x8e\x26\xbd\xb6\x9e\x87\x82\xd1\xca\x51\x11\xec\x3c\x7e\xdb\x42\x5d\xff\x80\x32\x02\x6c\xba\x3d\x2e\x08\x1b\x71\x31\x0d\xb9\xba\xda\xd1\xad\x02\xf1\xec\xcc\x53\x7d\x87\x4c\xd1\x8c\x6b\xb0\x12\x21\xf7\x1e\xe6\x62\x50\xd9\x4c\xf8\xec\xce\xaa\x96\xd3\xc5\x7e\xea\x2b\x0a\x8e\xc7\x24\x29\xd7\x60\x64\x88\xbd\xf1\x9e\xc3\xbb\x16\xe5\x08\x67\xc7\x93\x7d\xef\x09\xfc\x78\x3f\x20\xa2\xa5\xec\x99\x25\x3d\x6b\x24\x0d\xf4\x67\x7d\xd2\xd5\x27\x7b\x01\xc5\xb8\xe5\xbd\x6c\x7d\xf0\x87\x42\x05\xbc\x8c\x2f\xff\xdb\xa1\x31\x46\x74\xd3\x1c\x9b\x2c\x91\x99\x22\x8e\x19\xe0\x42\x18\x34\xc1\x65\x7d\x06\x98\x28\x69\x16\xc7\xe3\x92\xf0\xab\xd5\x54\x5b\x96\x3a\xc1\xff\xa9\x97\x21\x61\x6c\x23\x79\x6f\x85\xc3\x4a\x5c\x66\x4a\xe8\x1d\x16\xb2\x16\xa5\xb0\xcf\x5b\xc6\xb5\xa9\x08\x29\x72\x85\xd6\x16\x44\x12\x8f\x88\x6f\x38\xaf\x9e\xdd\x25\x19\x3d\x7e\xcc\x77\xa7\x99\x94\x27\x8d\xa0\x71\xf5\x44\x95\x93\x7f\xee\xf5\xa5\x19\x57\x52\x7c\x3e\xec\x7c\xb0\xb4\xe8\xaa\x7a\x4e\x85\x6d\xef\xd5\x7d\xd9\x23\x34\x15\x1b\x98\x6a\xa6\x9c\xa6\x92\x60\xd1\xe2\xd7\xb5\x3c\x05\x67\x7e\xe0\xd2\x16\xb2\x8d\x03\x62\x52\xdd\x30\x06\xde\xbe\x1b\x65\x74\xa2\x5e\x6b\x19\xdf\xb4\x8f\xa6\x43\x16\xaf\x8f\xd6\x8d\x78\x93\xb3\x97\xe7\xdb\x57\x80\xab\x27\xbf\x87\x26\xff\xf6\x05\xd3\xb4\x6d\x80\x05\x95\xb4\x62\x4b\xee\x30\x2c\x96\x43\x26\x03\x4b\x52\x34\xd1\x75\xdf\xdc\xc2\xce\x88\x2e\x65\xb3\xd9\x3a\x04\x38\xf6\x92\xe9\x69\x5d\xe1\xf2\x4c\x70\xa7\x9b\xee\xd2\x54\x15\xec\x5a\xae\xcf\x33\x91\x95\x3b\x2f\xfd\x45\x3a\x8f\x04\x67\x56\x1a\x4a\x47\xee\x14\x4a\x43\xfd\xff\x83\xdf\x2b\xea\x5f\x66\xa7\x22\xb5\x2a\xbe\x86\x13\xf2\x0c\x59\x4a\xf0\x98\x2e\xb3\xf0\x45\x05\xa5\x24\x61\xdd\x03\x4d\xa8\x6c\x36\xca\x16\x21\x77\x05\xc0\x48\x23\x91\x1d\x72\xa2\x47\x69\x51\x76\x33\x56\x28\x86\xf2\x50\xf2\xcf\x78\x8b\x8f\x32\x86\x4a\x94\x74\xf5\x7e\x62\xe5\x7d\xe8\xfd\xaf\x95\x9a\x6b\x72\x28\x74\x40\xa8"},
+{{0x05,0x8e,0x36,0x80,0xb8,0xfc,0xc0,0xaa,0x14,0x90,0x08,0x9c,0x11,0x24,0x67,0x7f,0x98,0xd7,0x4b,0x1b,0xfb,0x71,0xee,0x86,0x63,0xf0,0x25,0xf0,0xd9,0x46,0xcd,0x20,},{0xec,0x72,0xce,0x0e,0x82,0xc6,0xa3,0xb2,0x12,0x43,0xd2,0xf0,0x0e,0x9e,0x88,0x3a,0xdb,0xc5,0xcb,0x63,0xb3,0xd9,0x36,0xef,0xa5,0x0c,0x07,0xcb,0x92,0x91,0x48,0xe2,},{0x57,0x34,0xec,0x50,0xa7,0xf8,0x2e,0x48,0x53,0x6b,0xdc,0x43,0x70,0xcf,0xef,0x2e,0x15,0x0a,0x63,0x1d,0xab,0xaf,0x89,0xed,0xcf,0x0f,0xda,0xbe,0x4f,0x58,0x39,0xf4,0xf5,0xfb,0xd8,0xdf,0x8e,0xc4,0xa3,0xac,0xd4,0x0a,0x8b,0xfb,0x96,0x3d,0x18,0x55,0xff,0x92,0x74,0xdb,0xc3,0x31,0x65,0xb5,0xe6,0xd3,0x7a,0x23,0x9d,0xac,0xe9,0x03,},"\xe6\x3d\x14\xf5\xbe\xa7\xa1\xab\xb8\xfe\xe6\x97\x74\x6c\x22\x80\xdf\xd0\x62\x2d\xe7\x35\x72\x26\xcc\x07\x42\x72\x2a\x32\x29\xbe\x12\x6b\x08\x3e\x86\x8a\xea\xf0\x7d\x2f\xc9\x7a\xdc\x33\x42\x70\x96\x74\x19\x3c\xa2\x81\x74\x4e\x85\x0e\xa1\x54\x40\x05\x0a\xec\x93\x0e\x45\xd7\xa8\x7b\x8a\xc8\x01\x5c\x89\x67\xc2\x00\x33\xa5\x32\xd2\x95\x91\xb1\x35\x58\x6c\xe0\xfd\xd2\xe6\x68\xb5\xc8\x64\xb3\xbd\xe7\x0c\x7e\x71\x9a\xd2\x41\x93\x12\x51\x86\x19\x33\xff\xbf\xa9\x64\x83\xff\x82\x85\x67\x48\xc5\x6d\xc2\x6e\x25\x7d\x69\x2e\x51\x34\xd8\x2f\xc7\x19\x1c\x11\x0d\x95\x90\xd3\xfc\x75\x1c\xd6\x36\xb0\xc4\x6f\x44\xf8\x80\x3e\x59\xe2\xf9\x3f\xa0\xcb\xe2\x47\xa1\xa6\x25\xb4\xbc\x2c\x7b\x1f\xdc\xeb\x5a\x2b\x22\x59\x1f\xa6\x13\x7c\x54\x04\xdf\xec\x6a\x69\x63\x9e\x3f\x63\x2b\x59\x76\xab\x9f\xe1\xc6\x3a\xa3\xda\x9d\x52\xb0\x44\x00\x8f\x3a\xe4\x4b\x7c\x36\x4f\x08\x56\x64\x32\x3a\x88\xeb\x45\x83\xe8\x71\x40\xf7\x63\x78\x2b\xff\x88\x19\xcf\x74\x1a\x87\x5d\x50\x6c\x92\x9d\x34\xbb\xd4\x30\x07\xde\x4b\x18\xf6\x87\xa7\x58\x11\x11\x28\xb1\xdb\x86\xfc\x5a\xd2\xfb\x9f\xca\xd1\x2c\x9d\xd2\x8f\xee\x5a\xd1\x0d\xe0\x73\x9f\x8e\xfd\x9b\xff\x66\xf8\x40\xb1\x1b\x3f\x91\xc5\xe0\x7c\x21\x45\x2c\xab\x24\x24\x2b\x6e\x32\x16\x5c\xd1\xe6\x95\x72\xbf\x21\x6e\x86\x04\x53\xda\xd2\xfd\x12\x9c\x33\x37\x58\x58\x0b\xb7\xd0\xf1\x95\x09\x74\x5e\x85\x14\x63\xd1\x27\xa5\xf9\xbe\x21\xfe\x54\x9c\xae\x55\xd5\x6b\x8b\xea\x80\xbf\xaf\xda\xc1\x0a\xcd\x83\x8e\xa8\xaf\x31\xc0\x07\xdc\x32\xbf\xd7\x40\x82\xd9\x11\x0a\x3e\x91\xe6\x1e\x03\x57\x58\x7e\x4e\xd3\x28\x27\xad\xe9\xb6\x91\x0a\x98\x8c\x1d\x3b\x2d\xd2\x2c\x0e\xe7\x6e\xf3\x5f\xe1\x5e\x09\x94\x04\xa4\x5d\x4b\x2a\xca\xb9\x12\x3e\xcc\x45\x55\x0a\x40\xfa\xf8\x33\x6b\x46\xc6\x30\xa9\x08\x03\x58\xff\x8b\x8e\x58\xaf\x0b\xcc\xbd\x35\x01\x0c\x1e\xcc\x12\x81\x66\x55\xa5\xec\xeb\xa9\x5a\xd3\xf5\x03\xa1\x8e\xc5\xbe\xce\x3a\x33\xf4\x69\xdf\xe9\x17\xe1\xc5\x5e\xf1\xd8\x1e\x5a\x75\x56\x1e\x6b\xbd\x99\xc6\x53\xa6\xd0\x95\xb9\xf3\x87\x91\x1e\x40\x33\x2f\x62\x16\xf9\x56\xa3\x5c\xf7\xd9\x9a\x9f\xdd\x0c\x44\xc5\x1e\x90\xa5\x64\xf1\xc3\x6b\xf3\xd4\x0a\x7f\xaf\x4b\xa2\x8b\x1a\x12\x0b\x32\x05\xfb\xac\x1a\x98\x56\x92\x90\xbe\x37\xc5\x8b\xbd\x74\x5c\xe0\xfb\x74\x83\x52\x70\xab\xa2\x25\x2a\xda\xec\x15\x7d\xc4\x24\x61\x22\x1a\x2c\xff\x68\x7b\x9e\x65\xce\xb5\x7c\x2d\x77\x70\x0a\xea\x63\x20\x48\x6c\x5b\x1b\xec\x9c\xc5\x3e\x7e\xf9\xe4\x8f\xcd\x1b\x77\x83\xac\xbe\x75\xa6\xbe\x02\x67\x27\x88\x12\xdb\xf3\xd2\x57\x6c\xf7\xad\x39\x11\x27\x1a\xce\xbe\x0f\x2c\x04\x60\x2a\x08\x0c\x8b\x96\xc1\x20\xfd\x86\xfd\xa2\x82\xaa\x4e\x1c\x13\x1f\xe9\x7c\x90\x7c\x15\x85\x5f\x87\x75\x5f\x51\x1c\x03\x7b\xef\xad\x0f\x56\xb3\x9f\x32\xa2\x13\x3a\x22\xf3\xd5\xa9\xbe\xc3\x44\x3f\x29\xa6\x94\xe9\x7f\xe0\x5e\x10\xfb\x8e\xf9\x99\x13\x02\xb9\xe0\xd8\x4d\x92\x9a\x19\xeb\x03\x47\x1f\x3a\x86\x13\xd3\x93\x68\xe1\x58\x83\xa7\xe4\x97\x0b\x53\xcb\xaf\x29\x29\xd8\xde\x43\x1b\x48\xb4\x35\xd7\x53\x3c\xaa\x2e\x36\xce\xab\x6c\xdd\xb3\x46\xe5\x35\xe5\x15\xc4\xb3\xdb\x76\xde\x07\xd9\x85\x54\x14"},
+{{0x51,0xba,0x3a,0x4f,0x3d,0x85,0xd1,0x54,0x8c,0x2f,0x24,0x94,0xa3,0x51,0x1f,0x3b,0x95,0x15,0x66,0x3d,0x7e,0x85,0x37,0x0f,0xb6,0x15,0x02,0x37,0xe9,0xbc,0x98,0x0b,},{0x77,0x49,0xde,0x02,0x10,0xbc,0xe0,0x6d,0x48,0xf5,0x9b,0x95,0xae,0xb1,0x52,0x8f,0xd9,0xb4,0xe5,0x2c,0xdd,0xe2,0x2f,0xb8,0x19,0x3b,0xed,0xd5,0xdf,0x12,0x81,0x7c,},{0x16,0xfb,0x29,0x0c,0x91,0x3b,0x20,0xeb,0x1c,0x3d,0x7b,0x79,0x82,0x49,0xeb,0x84,0x59,0xd4,0xbe,0xe8,0x12,0x5d,0xb2,0xb3,0xf1,0xda,0xab,0x8a,0xf9,0xd9,0xa7,0x00,0xed,0x79,0x8a,0xdd,0xd8,0x02,0xdf,0xcd,0x29,0x7a,0x41,0x25,0x93,0xcd,0xa7,0xbe,0x99,0x79,0xa1,0xf0,0x93,0x50,0xe8,0x6f,0x69,0x8a,0xc3,0x38,0x0e,0x34,0x1d,0x07,},"\xd1\x8d\x0c\xbf\xc1\x6d\x0f\x9b\x67\xf2\x53\x9a\xd6\x20\x7c\xd9\x21\x7a\xd5\xed\x03\x33\xcd\xdb\x10\x41\xe0\xac\x2b\xdd\x92\x02\x76\x62\x96\x52\xb4\x9c\xbc\x98\x02\x59\x3e\xc3\x64\xea\x79\x5a\xbc\xd1\x58\x20\x85\xf5\x5b\xc6\x6c\x48\xfd\x3e\xed\xe6\x18\xd6\x36\x96\x17\x10\x0e\xae\xcc\xc1\x5f\x24\x9d\x6e\xee\x5b\xb2\xc4\x3c\x01\xb0\x62\x3f\xe6\x03\xce\xee\xe4\x9b\x40\xfb\x7c\x53\xfc\x68\x47\x36\x73\xc0\x9b\x1a\xc7\x7e\xa9\xbe\xb7\xe8\x53\x03\x79\xa8\x6d\x69\xec\xd1\xff\x11\x81\x3f\xbb\x88\xf6\x92\xf0\x5e\xf1\x32\x07\x42\xb4\xfe\x7e\x06\xd5\xba\x71\x65\x66\x46\xcd\x75\x00\xde\x19\xbb\x93\xd8\x44\x53\x66\x03\xf4\x0b\xd4\xae\xea\xf0\xc4\xdb\xc0\xac\xfd\x20\x2b\x28\x6b\x64\xaf\xb8\x3d\x4a\x37\x8d\xd4\x5e\xe3\xc1\xdf\x6b\x3e\xf1\x6b\x8b\x1a\xcc\xbc\x04\x06\x32\x50\xec\x47\xb8\x6a\xe5\xa7\x1d\x1d\xab\x38\xb5\xeb\x80\xd6\x63\xfa\xa7\x88\xf8\xb5\x9a\x75\x4c\x0f\x9c\x9f\x6d\x90\x62\x52\xaf\x46\xab\x1f\xff\xed\x27\x6d\x23\x88\xdb\xe7\x0d\x96\xba\x67\x47\xd1\xfe\xd4\xfc\x0b\x55\x29\x3d\x5f\x78\x7b\xda\x0c\x0d\xf4\x6a\x73\xf4\xaa\x7d\x29\xe1\xc9\xcc\x85\xcd\x04\x3e\x3d\xff\xe0\x57\x46\x2c\xa5\xfe\x5c\x64\x70\xe7\x39\x27\x6f\x8b\x53\x4c\x01\x72\xe4\x60\xf3\x40\x48\x7a\x56\x94\x68\xaa\x58\x90\xcc\x14\xf2\x0d\x67\xd7\x9c\x66\x1e\x87\xfe\xba\xc6\x27\x59\x71\xc3\x73\x08\x07\xeb\xf1\x75\xe0\xde\x10\x49\xbe\xe6\x7c\x89\x5e\x57\xb7\x1a\xb8\xa2\xf3\xcf\x36\x41\xfd\x54\x8d\x09\x41\x4f\x5f\xc3\x02\x6a\x0a\x35\xf6\xba\x95\x16\x73\x94\x49\x41\xcb\x23\x6f\x3d\x19\x76\xdc\x69\x07\x7d\x95\x14\x50\xe7\x66\x03\x16\x98\x8f\x6f\x2a\x6f\xbb\xff\x3b\x37\xce\xaa\x02\xfd\x6f\x02\x73\xbd\x80\x31\x85\xa1\x09\x03\x9c\x63\xf2\x51\x9b\x98\x3d\xaf\x65\x54\x25\x3b\xed\x54\x97\xc0\xb0\xbd\xaa\x0b\xd4\xa1\xfa\xc9\x00\x26\xad\xe3\xe4\x0c\x55\x4c\xff\x2c\xcb\x36\x99\x0e\x71\x55\x67\x08\xc5\xc4\x03\x92\x56\xff\xc7\x33\x7e\x5f\xea\x11\xf5\xe9\x0d\x3e\x4d\x93\x35\x91\x79\x11\x6a\x85\xc2\x41\x36\xca\x34\x83\x5c\xd3\x40\x12\xe4\xd7\xdd\xc7\xb7\x21\xc2\x46\xc7\x37\x00\xe2\x76\xdc\x2f\xf9\xf2\x77\x0b\x43\xc8\xe8\x0a\x17\xf0\x1d\x32\x68\x0b\xae\x22\x8e\x64\x23\xa8\x80\xc3\xfb\x99\x6a\xb8\xd2\x21\xbc\x62\x74\xac\x5f\xa7\x70\xd2\x05\xfc\x87\x8f\xba\x9b\xbd\x77\x6a\x3d\x79\xed\x77\x04\x89\x50\xf3\x6d\xc0\xaa\x3c\xcd\x28\xe4\x75\x6a\x99\x19\x04\xae\x05\x1b\x8a\x4b\x7d\xe3\xa1\xf2\xad\x0f\xb4\x5a\x33\xd0\xc6\x82\x25\x84\x1f\x8e\xb6\x5b\x6a\x16\xe9\x5f\x89\x35\x91\xe1\xaa\x73\xa6\x4f\x0d\x2e\xe9\x38\xab\x69\xad\xcc\x8c\x59\x51\x8b\xec\x50\x1c\x39\xf1\x39\x17\x4b\xbb\x00\x69\x9e\x1a\x0f\x0e\x0d\x88\x9a\xae\x54\x3a\x55\xe6\xac\x56\xd5\x20\x4c\x1a\xde\x1f\x27\xd8\x2a\x6a\x95\xe1\x4b\x2d\x69\x09\xdd\xa7\xbf\xaa\x7f\x48\x7f\xb6\x19\x59\x01\x4b\x78\x79\x5c\xb4\x63\x9f\x09\xf0\xd3\x29\xfe\xb3\x5c\xcf\x52\xed\xc2\xdb\x72\x19\x14\xe4\x23\x30\x68\x89\xa4\x83\xfe\xe8\x76\x36\x0e\xe3\x26\x33\x53\x19\x07\x0c\x56\x4f\x3a\x8b\x95\x3f\x52\xf4\x15\x13\xa2\x26\x08\x83\xc3\x8d\xd9\x78\xa2\x48\x60\x4a\x41\xbd\x4b\xfc\x9e\x84\x18\x4d\xc9\xe8\x4d\x25\x89\xf4\xaf\xff\x84\x17\x82\x4c\xe5\xad\xba"},
+{{0x7d,0xde,0xc5,0x26,0xa4,0x97,0x1d,0x89,0x12,0xa6,0xbd,0x43,0xc6,0x9f,0x92,0xed,0x86,0x44,0x2b,0x15,0xf4,0x2f,0xba,0xbb,0xf2,0xd1,0x7e,0xff,0x98,0x99,0x31,0x61,},{0x0d,0xfe,0xff,0xb2,0x76,0x23,0x09,0xb4,0x73,0x4e,0x4c,0xe2,0x52,0x3c,0xf1,0x86,0x31,0x49,0xf7,0xe1,0x9a,0x7c,0x14,0x7e,0xc0,0x89,0x9e,0x11,0x0c,0xa9,0xd8,0x7d,},{0x9e,0x60,0x3b,0x01,0x5f,0x42,0x87,0x1b,0x78,0xeb,0x27,0x52,0x3f,0xbb,0x7c,0xe9,0x62,0xfc,0xa3,0x2a,0xe2,0x70,0xe8,0xe1,0x2d,0xca,0xdd,0x25,0xaa,0x85,0x2b,0x89,0x1f,0x6f,0xef,0x77,0xb5,0x9a,0x54,0x6c,0x9a,0x7a,0x7c,0xac,0xb5,0x5e,0x1d,0x32,0xad,0xc8,0x05,0xae,0x5f,0x61,0xa6,0x9e,0x67,0x64,0xc7,0xc0,0x82,0x92,0xeb,0x03,},"\xe8\x77\x4a\x45\xd4\xd8\xf8\x6d\xda\x5c\x08\x80\x2b\xa2\x47\x2e\xf3\xc8\xd3\x6c\x7f\x38\x3a\xc0\x46\x12\xa4\x64\x38\x2e\x9d\x6c\x07\xd8\xd3\x58\x22\xc5\x3f\x43\x88\xf5\x15\x36\x14\xfe\xfa\xf4\x63\x74\x74\x7b\x9d\x4f\xd4\x46\xa8\x64\x76\x9a\x4c\xad\xe8\x43\xc1\xea\xb8\x57\x43\x19\x11\x2f\x01\x79\xd2\xea\x9e\x3c\x19\x5d\xc0\x68\xf0\x69\x74\x62\xb9\xe0\x7c\x87\x94\x87\x0f\x8f\xb8\xff\xc0\x81\xe4\x58\x6a\xfb\xcd\xba\x7a\x4f\x59\x25\xe9\xfd\x9e\xc9\x42\xd8\x43\x47\x33\xc2\xdd\xd5\xe2\x9b\xbd\xfc\x73\x42\xb9\x28\x68\x71\x9b\x54\x40\x88\xa4\x8e\xba\x4c\x82\xf1\x87\xdd\xca\x8f\x47\x46\x25\xa7\x1c\xf6\xb7\xaa\x5f\x08\x1c\x74\xf7\x40\x8f\x53\xb7\x81\x63\x6e\x7e\x9d\x29\xb0\x7f\xdb\x6d\x9c\x35\xe5\xeb\x38\x2d\xb7\xa3\x1a\x8b\xa5\x16\x91\x5d\xf8\xde\xe9\xe1\xad\x3f\x18\x28\x43\x68\x3e\x8d\x1d\xc5\xd8\x66\x9d\xbf\xcf\x09\x54\x1a\x43\xc0\xa0\x46\x13\x38\x1a\x5b\x5e\x4e\x71\xb2\x3c\x5a\xd0\x9b\x8e\xaa\x51\xcb\x93\x8d\x0c\x75\x2c\xc3\xd3\xa1\x0f\x10\xb4\x2b\xe8\xee\x7f\x6b\xda\xc8\x07\x85\x68\x43\x49\x46\xbb\xf5\x6d\xa7\x0e\x7d\x54\x15\x7a\x6e\xfd\x48\x46\xeb\x15\x52\x78\xc9\x4c\x38\x88\x65\x8a\x7a\x2f\x8e\xa3\xba\xc1\x47\xaa\x89\x16\x92\xae\x8b\x23\xf1\xaf\xe7\x1e\xcf\xde\xca\xa6\xc1\x13\xb5\xca\xaa\xa1\x93\x98\xc7\xdf\xe7\x3f\xac\xb4\x15\x5f\xd6\xba\xc1\x8d\x5d\xf2\x12\x9e\x8b\x29\x07\xec\xee\x15\x1b\xdd\x14\x7a\x7c\x3e\x46\xea\x72\x75\x4d\xe3\x2c\xeb\x06\x6d\x9d\xb1\xc2\x6e\x80\xdf\x36\x31\x29\x2b\x16\x17\x4c\xfa\x6f\x1d\x9c\x08\x28\xb8\x49\xc2\x2d\x29\x65\x1a\x73\xe9\x10\xd9\x27\x58\x77\xf4\x64\xce\x93\x26\xc6\xe4\xed\x6b\x07\xdc\xb3\xa3\x53\x63\xc1\xaa\x64\x72\xe0\x2c\x5c\xd8\x55\xe3\x8a\xab\xe9\x65\xac\xe9\xf3\xf5\xa4\xf5\xde\x03\x00\x86\x94\xcb\x90\xaf\xe4\x16\xc9\xd4\x86\x88\xde\x7f\x75\xcf\xe2\x43\xff\x7f\x41\xe0\x59\x31\x09\x34\x90\x3d\xb5\x68\x84\x45\x08\x26\x2c\x89\x9d\xfa\x75\x0c\xd6\xa2\x82\x98\x24\xba\x02\x7a\xea\x1b\x6d\x01\x77\x72\x6a\x34\x3a\xdd\x4e\xcd\xc5\xf7\xe6\xe9\x09\xab\x7d\xe6\x15\xef\x28\x07\xf9\xe7\xd7\x1c\xe2\xf7\x8a\xcf\xf5\x7e\xba\x79\xc3\xf5\xe0\x7c\x8b\x66\x1c\x1e\x30\x27\xf8\x17\x6d\x28\xbf\xef\x76\x7d\xd6\x8d\x4e\x5d\x62\x8f\xec\x0b\xfe\x88\x79\x93\x41\xf3\x06\x12\x87\x34\xfa\xd2\x02\xaa\xfc\x9f\x11\x12\x3f\xb3\xe3\x63\xd1\x0a\xee\x0d\xb5\xe2\x7a\x15\x70\xdf\xae\xe4\x7e\x24\xda\x47\x3b\x07\xfe\xe5\x9a\x6c\x93\xf0\x98\x1d\xbe\x32\x5c\xd8\xcc\x2d\x2e\xd7\xdc\x17\x16\x6b\x26\x7c\x1b\x11\x05\x36\xf2\x63\x6b\xba\x34\x75\x1a\x78\xf7\xf6\x29\x81\x82\x44\x2d\x83\xc1\x23\xbb\xee\x4f\x50\xc5\xb0\xfa\xcf\xf0\x3e\x7c\x55\x6e\xd9\xe6\x4c\xa2\x7c\x4b\xca\x5a\xb0\xde\x0d\x5f\x9c\x2c\xbb\x54\xcc\x2d\x94\x73\xa3\x2d\xf9\x99\x39\x0a\xc2\xff\xee\xd3\xd4\xcb\xa3\x49\x73\xdc\xec\x3f\xba\xba\xfc\x4d\x54\xca\xe4\xe7\xe8\x5d\x4a\x6e\x8a\xfe\x45\xca\xcd\x71\xe0\xf2\xe6\xd0\x4b\x4f\x9d\x3b\xcf\x43\xd3\xfa\x41\xe9\x98\xcc\xbe\xd0\xf1\x50\xd5\xca\x1d\x52\x72\x93\x2d\x93\xec\xa1\x04\x95\xc6\x83\x34\xfa\x32\x68\xf3\x1d\xe5\x22\xcb\x12\xa7\x44\x9f\xfb\x5c\xb5\xe8\xf1\x46\x2c\xd9\xb5\x17\x70\xcc\xaf\x58\xb1\xe0\xd8\x2e\xf9\x29"},
+{{0x0b,0x65,0x90,0xdd,0x7c,0x2f,0x15,0xf9,0x4a,0x56,0xe2,0x40,0x16,0x93,0x63,0xc2,0x67,0x32,0x30,0x2b,0x9d,0x44,0x0b,0x53,0x27,0x23,0x00,0x2e,0x15,0x5d,0x02,0xd9,},{0xcd,0x18,0xe0,0x32,0x57,0x7c,0x55,0x76,0xf2,0x23,0xf3,0xe3,0xd8,0xa1,0xfa,0x8e,0x9a,0x87,0x0f,0xef,0x09,0xe9,0x40,0x9f,0xaf,0x40,0xd7,0x14,0x3e,0x52,0xfc,0x44,},{0x64,0x2d,0x81,0xac,0xf3,0x8c,0xf0,0x99,0xa8,0x33,0xa7,0x4f,0x2d,0x80,0xb8,0x54,0x48,0xec,0x2b,0x1a,0x5d,0xdc,0x64,0x47,0x0b,0x21,0x3d,0x54,0xb7,0xbe,0x61,0x33,0x68,0x9a,0x71,0x94,0xf5,0xd8,0x97,0x92,0xe1,0x6e,0x5d,0xf7,0x55,0xa4,0xfd,0x9e,0xf4,0x68,0x9e,0xa9,0x52,0x92,0x6e,0x0e,0x4e,0xcb,0x3b,0xd4,0x81,0xfd,0x91,0x02,},"\x71\xfe\x0f\xd5\x5d\x5e\xd1\x20\x6f\x28\xee\x16\xe4\x19\xfa\xb6\xfa\x66\xa2\x51\xfa\x6b\x06\x01\xda\x26\x1e\x42\x9f\x55\xb8\xd5\xae\x3f\x3c\x52\xa1\x7f\xe1\xec\x73\x4b\x81\x0a\xb6\x3a\xad\xe4\x44\x70\x39\xca\x0a\xe4\x68\x7c\x24\x35\xf5\x61\xe4\x6c\x5b\x30\x97\x17\xab\x31\xe0\xf6\x40\x76\xb2\x16\x92\x11\x57\x2b\x74\xe1\x8a\x1f\x45\x25\xa6\x4f\xa7\x17\xa5\xed\xf1\x49\x75\x81\x29\xcb\x04\x03\x5e\x7e\x20\xba\x40\x05\xb7\x48\x09\xde\xc6\x44\x50\x4c\x24\x54\xa7\x7f\x99\xb2\x0c\x53\x74\xf3\xce\xe7\xd8\xc6\xb6\x8b\x24\x3c\xaf\xb3\x00\x98\xdc\xe9\x04\x90\xfd\xc3\xb9\x2f\x54\x94\x8f\x42\x46\x39\xe1\x9f\x8f\x20\x20\xd1\x55\x13\xda\xef\xad\xd9\xe9\xb1\x2a\x84\x76\x1e\x5e\xce\xa0\x88\xad\x56\x1f\x06\x20\x9f\xd4\x42\x3f\xcd\x00\x3f\xbc\xd1\x87\x3e\xa5\x49\x63\xa2\xfa\x07\xc7\x47\x6b\x13\x88\xf9\x01\x5d\x9e\xac\x30\x5b\xea\x5a\x3d\xe1\x94\xf5\x5a\x17\xb4\x2d\x59\x9e\x5c\xe6\x2c\x8b\x7c\x19\xe7\xe7\x09\x61\x37\xb9\xd0\xa6\x5e\x63\xc1\xa3\xb8\x45\x38\xca\x65\x36\x9a\x20\xe8\x82\x2f\xff\x5e\xcb\x57\xfc\x09\xb4\xe6\x84\x5b\x4f\x24\xd4\x88\x69\x71\xac\x1a\xc2\x8c\x77\x58\x0e\xa5\x67\x2a\xd1\x4c\xe4\x44\x17\x19\xc2\x14\x54\x6d\x07\x36\xcb\x7a\xd0\xbd\x9f\xb5\xb2\x6c\x6d\x9c\x53\x6b\xf8\xc8\x57\xae\x42\x57\x7b\x36\x34\x1d\x39\x2b\x43\x32\x3b\xda\xe7\xdf\xaa\x49\x19\x86\x87\x2a\x23\xd8\x27\xc6\xef\x8b\x57\xe7\xd0\x0f\xea\xe3\x83\x4c\x46\x64\x00\xaa\xd1\xd3\x67\x82\x39\x84\xaa\x02\xd2\xef\x49\x29\x14\xae\x11\x27\xe7\x55\x1b\x81\x25\x59\x37\x83\x05\xe4\xfd\x52\xd8\xbc\x7e\x41\x57\xec\xca\x45\x1f\x43\xee\x9f\x54\xc8\x21\x53\xc7\xdb\xfa\xf7\xec\x35\x23\x87\x73\x05\x1b\x4e\x58\x7d\xb1\x36\x95\x7e\xc5\x71\x38\x2b\x90\x59\x0b\x5d\x10\x26\x02\x45\x80\x96\x6b\x72\x52\xd2\xcd\x3f\x4f\x16\x25\xc4\x85\xba\x90\x6b\xff\x17\x59\x92\x18\x89\x78\xf2\xd6\x27\x4f\x3a\x03\x17\x49\xba\x7e\x70\x2f\x56\x54\x7e\xdc\x96\xec\x26\x7b\x84\x89\x28\x80\xd7\x50\xd7\x31\x0e\xbf\x6d\xb2\x41\x25\x3c\xab\xe4\xb2\x5a\x97\x74\x58\xc6\xff\xc9\xe3\x53\xe6\x2a\xdf\x05\xe6\xef\xc0\xfc\x1e\xbe\x89\xf5\x27\x70\x5b\xcc\x26\xb7\x01\x28\x56\x10\xd9\x8a\xa3\xbf\x23\x87\x2b\x69\x96\xd3\xde\x48\x0e\x8d\x09\xd7\x83\xc4\xa0\x8c\xd3\x83\xc9\x01\x26\x35\xaa\x68\x97\x8b\x50\x06\x81\x8b\xbd\xe4\x4f\x29\x87\x47\x9b\xcb\x2b\x71\x1c\x1b\xee\xed\x27\xcf\x09\x97\x0a\x16\x4e\x45\x4f\x71\x08\x22\xee\xf5\x55\xc1\xc7\xbf\x9f\x76\xd5\x25\x4c\xe2\x20\xc9\xaa\xa7\x16\x84\x7a\x24\x94\x88\xf9\xcd\xb4\x4c\x48\xf4\x52\xab\x52\xc4\x0f\x6d\x03\xad\xc8\xbf\x3f\x19\x7b\x25\xe3\xd1\x27\x83\x0e\x74\xfd\x81\xeb\x14\xf7\x54\x20\x5b\x3a\x48\x44\xc5\x96\xb6\xe3\xa9\x93\x6a\xd6\xfd\x9e\x80\xa1\x63\x20\xb3\x81\xc3\xff\xc7\xb6\x9e\xab\x54\x53\x6f\x55\xab\xe2\x2c\x91\xd8\x98\x40\x8e\x88\x0c\x6d\xbf\x0f\xa5\x64\x8d\x51\x77\x72\xca\xa5\x35\x3b\x25\xdb\x60\x50\xd7\x53\xfa\xf1\x98\xec\x1d\x37\x5d\xe0\xfa\x72\x18\x0a\x93\xba\xb0\x3d\xed\x77\x16\xcb\x87\x50\x5b\x68\xac\x6a\x35\xe7\x3d\x0f\xcf\x34\x45\x7e\xff\x82\x17\x89\x52\x14\x2c\x7b\xac\x9d\xfd\x87\x2a\x9a\x82\xf8\x5b\x24\xb8\x8f\xa4\x2d\x4b\xe0\xa0\xca\x0b\x2c\x70\xf4\xc6\x22"},
+{{0xc6,0xd9,0xac,0xc5,0x17,0x5f,0xa2,0xb8,0x96,0x5c,0x15,0x8c,0x56,0xba,0x0a,0x5a,0x66,0x6a,0xd2,0xc7,0x40,0xcd,0x5b,0xb6,0x79,0xbb,0xa9,0xb1,0xdc,0x50,0x92,0x84,},{0xf5,0xcf,0xca,0x21,0x1b,0x02,0xfb,0xa7,0x72,0x03,0x47,0x70,0x3b,0xf1,0x63,0x1c,0xb3,0x08,0xfa,0xbc,0xda,0xa6,0x74,0x29,0x52,0x7c,0x5b,0x7b,0x67,0x6d,0xba,0xef,},{0x4d,0x2c,0xe7,0x07,0x09,0x0b,0x0f,0x3f,0x41,0x46,0x2f,0xd7,0x5b,0xd6,0x09,0xa2,0x72,0x4f,0xad,0xfe,0x5c,0xa3,0x90,0xe3,0x13,0xa4,0x2c,0xab,0x42,0x86,0x8e,0xd6,0xe9,0xa8,0x91,0x4d,0xc1,0x39,0x09,0xc0,0xd6,0xf6,0x1e,0x63,0x71,0x29,0x57,0xc7,0x6f,0x3b,0xd8,0xb7,0xf5,0x53,0x49,0x71,0x5a,0x3a,0x31,0x75,0x15,0xc0,0x71,0x08,},"\xf2\x45\x10\x0c\xd2\xd3\x16\x48\xf5\xf3\x51\xbd\xa5\x64\xc9\xdb\x4a\x35\x82\x0c\xc3\x0e\xf6\x51\x33\x7c\x4c\xd8\x88\x07\x05\x69\xd1\x17\xa9\x34\xb9\xc9\x18\xe5\xdf\x8b\x37\x44\xdd\x66\x20\xcc\xbc\x49\xf6\xb3\xe5\x78\x2a\x30\x33\x9d\xbb\x9c\xbe\xd0\x5d\xd2\xb3\xb8\xc5\xbf\x15\x46\xe7\x0a\xf6\x36\xe6\x61\x5c\x48\xb2\xc3\xc2\xd1\x9f\xe3\x54\x20\xdf\x53\x14\xf6\x3c\x48\x12\xb5\x8e\x82\xa2\xa6\x0b\x18\x02\xf3\x8e\x50\x5c\xe7\x48\x01\x7a\xfa\x97\x7d\x3f\x9b\x1b\x6b\xea\x21\x92\xac\xec\x73\xbd\xce\x12\xd6\x5e\x68\x4d\xa4\xd8\xb4\x1f\xa9\xa8\x6f\x11\x08\x6e\xdc\x2d\x52\x96\xf6\x7e\xfc\x53\xac\x84\x07\x0f\xde\x13\x69\x3e\xb2\x31\x8f\x5a\x8c\x3b\x11\x7c\x23\x34\x22\xad\xcd\xd3\x52\xf3\x28\xf0\xec\x69\x9a\x46\x50\xc9\x3f\x9b\x4a\x7d\x79\x5d\x7f\xc2\x62\x2a\x03\xd9\x9b\x64\xf7\xb3\xdc\x31\x94\xf6\xc3\xb1\xb6\x9d\x99\x07\xce\x09\x24\x01\x07\x3f\x47\xa2\x8f\x47\x99\xd2\x29\x09\x2a\x1b\x07\x41\x29\x95\x4b\xe8\x0c\xa4\xa3\xe6\x58\x2e\xe0\x5c\x30\x2c\xac\xb7\x43\x1d\x1c\xa6\xa4\x51\xaa\xed\x72\x78\xab\xc7\xf7\x85\x75\x24\x1c\x2a\x2e\xea\x2e\x84\xcb\xf9\xa3\x34\xdf\x40\x21\x09\xc0\x28\xe3\x45\x47\x3a\x13\xaf\x9b\x00\x8e\x20\xbc\x8c\xf0\xbc\xef\xbb\x7a\xa7\x27\xec\x85\x6e\x99\x25\xb4\xdd\xd9\x9d\xeb\xa8\xf2\x52\x91\x1a\x59\x01\x54\xb5\x79\xa8\xaa\xa3\x1f\x07\xdd\x50\x25\xdf\x5c\xd8\xa0\x9f\x74\x29\x64\xcc\x8c\x36\x5d\x8a\xff\x4e\xb1\xd7\x9f\x6e\x5a\x07\xda\xc5\xf4\xed\xe9\x2b\x4e\x2e\x61\xd3\x4c\xc2\xd4\xf0\xaa\xaa\xb0\x37\xad\x5f\xdb\x95\xde\x6c\xd5\x98\x4e\xba\xf7\xcc\xe7\xf0\x8d\x0c\xa0\xdb\xbe\x48\x3c\xe3\xcb\x35\xcd\x79\x0c\xa0\x42\x70\x65\xa3\x4d\xf7\xf4\xc2\xaf\x86\xef\xe9\xb7\x65\x71\x3a\xff\x25\x7f\x5c\x1d\x54\x70\x95\x27\xad\x18\xac\x33\xab\xcd\xee\xdb\x20\x80\x64\xeb\xae\xa4\x83\x5b\xe4\x94\x2b\x8f\xc6\x66\xad\x1b\x79\xb6\x65\x13\x09\xe5\xea\x1d\xa3\x02\xd7\xfb\xa2\xe9\x9f\x0e\x63\x19\xe8\x2b\x99\x05\xa1\xea\x48\x2b\xa0\x43\xb6\x80\x0b\x33\x0d\xc4\x8b\x33\x13\xf5\x9b\xb2\xf9\xe8\xa7\xf0\x7e\xb1\x80\x0a\x70\x27\x45\xdb\x14\xc6\x29\x9a\x98\x2d\xad\x89\x79\x54\x44\x5b\x7d\x98\xeb\x58\x37\xfd\x70\xbf\x19\x0c\x64\x95\x52\xc8\xe8\x6f\xeb\x7f\xf5\xb3\xed\x8e\x0a\x06\x70\x4d\x45\x53\xa3\xc2\xdd\x74\xf1\x8e\xa8\x23\x3a\xe0\xa5\x0d\x91\x4f\xe0\x8f\xbc\xd3\xa1\x43\x5f\xed\x56\xa9\xf3\xa7\xef\xfa\x14\x0f\xb5\x52\xdd\xd2\x1d\xff\xff\x7f\xa4\x73\x32\xdd\xfc\x1e\x53\x17\xf4\x17\x7d\x5e\x2f\x11\xa0\x6e\xc8\x4c\xcf\xb8\x9b\x65\x4e\xa8\x1b\xd4\x2d\x7e\x07\xa3\x87\x30\x1d\x0f\x40\x26\x4a\xbb\xf9\xf9\x10\x7b\x30\xed\xe8\x64\xcc\x76\x90\xc0\x6d\x2e\x24\x7a\x06\x0b\xb2\x24\x4a\xd7\x8e\xd5\xc5\x51\x5a\x1a\x2a\x61\x2d\x61\xe3\xd9\x31\xe2\x8b\xc9\x39\xb4\xd3\x43\x5e\xee\x4f\x73\x31\xb1\xf0\xf8\x53\x75\xd8\x2a\xc9\xa7\x7c\x43\x74\x00\x32\x05\x17\x46\xdc\x92\x69\x45\x8c\x14\x7d\x18\x8d\x84\x40\x19\x54\xa4\x89\xcb\x4f\xbf\x9b\xf8\x4b\xa7\xd8\xf1\x00\x90\x3c\xe6\x78\x31\xb4\x05\x4d\x0f\x58\xcd\x88\x3d\x54\x2c\x49\x33\x10\x3f\xf0\x70\xcd\xfc\x9d\xbb\x0f\xcc\x31\xef\xca\x46\x6e\x77\xa3\x3f\x1a\x81\x3d\xa6\xdc\x0c\x7c\x31\x58\x5e\x8f\x4f\xef\x1e\xbf\x42\xfb\xd1"},
+{{0x7d,0xfa,0xe4,0x16,0x41,0x9d,0x7b,0x0d,0x4f,0xc1,0xf8,0x23,0x84,0x0c,0x3e,0x4b,0xd4,0xad,0xcd,0x4d,0xc2,0xdc,0x17,0xb3,0x86,0x37,0xac,0xed,0xac,0xbd,0xbb,0x45,},{0xbc,0x51,0xd7,0x74,0x59,0x31,0x31,0x7e,0x1e,0x34,0x6e,0x2e,0x7c,0x92,0x03,0x91,0x81,0xb6,0xbf,0x38,0xee,0x2f,0x5a,0x44,0xfb,0xe2,0x33,0x9c,0x4f,0x95,0x2a,0xb9,},{0xda,0x34,0xb1,0x98,0x3e,0x8c,0x55,0xe4,0x1f,0xda,0x8e,0xc8,0xab,0xf2,0x3b,0x36,0x7a,0x0d,0xa6,0x06,0xc8,0xcd,0xbb,0x1e,0x8b,0x57,0xe0,0x34,0x3c,0x05,0x57,0xa5,0xf0,0xe8,0x15,0xe7,0xf2,0x2f,0x86,0x05,0xae,0x93,0xb2,0x7d,0x03,0x77,0x6a,0xc1,0xf7,0xde,0x3d,0x79,0x2e,0xa2,0x93,0x3a,0xc2,0x2d,0x2d,0xc2,0x3b,0x32,0x3d,0x0c,},"\xec\x84\x3d\xc4\xdd\xa6\xe9\x02\xe9\xbe\x31\xb7\x0f\x11\x76\x3b\x75\x7a\xb6\xce\x73\x34\xdc\x00\x76\x4b\x2d\x08\x4e\x9d\xaf\x24\x84\x48\x59\x84\xee\x28\xa2\x83\x0f\xcb\x94\xc5\x41\xcb\x46\x94\x40\x03\x67\x31\xde\x80\xff\x56\x0f\x53\x0c\x9d\x9e\x6e\x1f\x7d\x9c\x4c\x5b\xdf\x50\xb0\x4f\x54\x03\xc2\x9f\x76\xd7\xe3\x6e\x00\xbb\xea\x35\xdb\x1c\xc6\x0d\xa8\xd7\x76\x52\x62\x66\xc3\x32\x4c\xe7\xef\xec\x64\x50\x85\x96\x09\x26\x68\x56\xd7\x01\xa4\x7a\x48\xde\xe8\xbf\x37\x40\x95\x65\xc7\xfb\xfa\x99\xa2\x04\xe5\x53\x0c\x97\x1c\x60\x5b\x44\x30\x5d\x5c\x74\x67\x89\x41\x14\x25\x3c\xf4\x3c\xdd\xf1\x8b\x62\x96\xdd\x25\x4a\x4d\x96\xac\x70\x00\x91\x81\x86\xdf\xd4\xbf\x45\x4e\xd3\x09\x74\xc5\x53\xd0\xae\x15\x1a\xd4\xcf\x54\x0c\xec\xaa\xa0\xb5\x94\x8b\x09\x85\xa9\xc7\xb6\xe7\x81\x59\x32\xba\xc1\x17\x32\xfc\x7d\x10\x26\x7f\x6b\xf8\xf1\xe7\xc0\x8d\x65\x0e\x56\x7b\x4e\xdd\x15\xae\x79\x58\x41\x0e\x42\xf1\xf5\x37\xfa\x73\x2f\x72\x7a\x26\x83\x88\x32\x1d\x53\x44\xc4\xe7\x8b\xb9\xa7\x4e\xab\x9d\x6a\xbf\x96\x89\x65\xc6\x66\x93\xd5\xf1\x12\xdd\x4c\x14\xfd\xfd\xd9\x60\x05\xea\xa6\x75\x7f\xa2\xcc\x10\x13\xfe\x43\x27\xab\x09\x99\xd1\x17\xf3\xdb\xf3\x25\xb0\x7c\xd4\x54\xd4\xb1\x41\x99\x1e\xf7\xe2\x3d\xb5\xee\x24\xbe\xda\x35\x88\x4a\xa3\x70\x48\x08\x64\x8a\xa4\x3c\xd6\x25\x62\x59\xf7\xd3\xdb\x5e\x05\x53\x11\xf2\x53\xe8\xb5\x7a\x4c\xda\x5a\xfe\x0b\x0a\xdf\xc3\x64\xe1\x60\xca\x37\xe8\xde\xc6\xb9\x5a\xa6\x15\x2e\x5d\x5d\xa6\xeb\x91\xbe\x0e\x44\xff\xe8\xe4\x95\x33\x26\x7b\x7e\xb7\x95\xf5\xf8\xe0\xb2\xc3\x5b\x29\xdf\xbc\x87\x58\x5f\x22\xbd\x5b\x90\x9d\xfd\x6a\x5e\xdc\x0e\x3a\x9d\x97\xb0\xc4\xf3\xad\xc5\x1e\x96\x99\x37\xc0\x8f\xd6\x5f\x53\x7a\xac\xda\x8f\x11\x27\x5a\xf0\x2c\x33\x54\x54\x26\x30\xf3\x92\x0c\x39\x3f\x5c\x42\xb9\xfc\x63\x3d\xe9\xd9\x4c\x72\xe3\xf2\x00\x02\x34\x9a\xd0\x41\x80\x35\xb3\xf2\x5f\x02\xca\x92\x8e\x5b\x2d\x40\xa7\x7a\x1c\x3e\x56\x22\x1f\x4b\x9d\xb0\xc2\x5b\x09\x6d\x6e\x5d\x0f\xe7\x58\xda\x2c\x69\x05\x3e\x8d\x08\x6d\xef\x4e\xdc\x6e\x34\x53\x78\x3f\xfc\x63\xa4\x96\x01\x22\xd9\x23\x67\x1a\x90\x60\x08\xba\xc1\x05\x61\xae\x62\x19\xd2\xb5\x1d\x53\x67\xbf\x13\xcc\xab\xf5\x93\x1b\x9f\x18\x6e\xb1\x09\xba\xcd\xe4\x0e\x1a\xf2\xb5\x64\x81\xe0\xc6\xdc\x6f\x5c\x54\x73\xf8\x00\x1c\xf3\x71\x91\x9a\xcb\x40\xce\xc5\xb9\x62\xeb\xba\x80\xe3\x2d\x6e\xba\xc4\x80\x6d\x04\xd2\x47\x68\xc2\xad\x2e\x3f\x92\xa8\xcb\xe4\x77\x54\xf9\xbf\x61\x59\x53\x52\x2b\x26\x3d\xc2\x49\x37\xfb\xd9\x32\xc8\xc4\x59\xeb\x8b\x10\x94\x43\xaf\x6c\x19\x5a\x59\xfd\x27\x21\xb0\x12\x56\x28\xf2\xb8\x14\x3c\xf3\xc1\x28\xbc\xec\x13\x92\xef\xd1\x6b\x73\x4c\x10\x71\x6d\x96\xba\x7d\x1f\x41\x39\x17\xcc\xaf\xa5\xbf\x5f\x83\xf5\x24\xfe\x84\x06\xa1\x52\x11\x5e\xa7\x70\xe1\x74\x5e\x82\xe8\xb5\x1d\x75\x2b\x8b\xd7\x85\xdf\x48\xbf\xc1\x20\x41\xbf\x87\x4f\xc7\x3a\xfb\x42\xca\x5d\x69\xc6\x41\x64\x79\xce\xb4\xaa\xa0\x49\x2b\x6f\xf2\x1e\xe1\x2d\xb2\x21\x3a\x42\x86\xfd\x56\x05\xc9\x3a\x7b\xb8\xa3\xb0\x71\xb0\xb2\x5f\xb0\x1d\x77\xab\xbc\x87\x71\x48\x94\x70\xa1\x07\xaa\xda\xe9\xf6\x40\xc2\x4d\xfd\x53\x28\xf6\x0f\x4b\x7d"},
+{{0x70,0x94,0x16,0x07,0x49,0x97,0xb9,0xc9,0xaf,0x4d,0x37,0xa0,0x11,0x39,0xe8,0xa3,0xf9,0xf2,0xce,0x5d,0x72,0xa5,0x7d,0x80,0x5e,0x82,0x2a,0x81,0x18,0x6d,0x01,0x7e,},{0xae,0xe1,0x10,0xf1,0xf4,0xd4,0x6e,0xa6,0x06,0x49,0xd7,0x86,0xb1,0x50,0x05,0x2e,0x28,0x7a,0x9d,0xa6,0x01,0x22,0xc4,0x7b,0x09,0x08,0xfa,0x8b,0x2c,0xa2,0x8a,0x80,},{0x8e,0x4b,0x41,0xf0,0x97,0xd8,0x36,0x14,0x18,0x4b,0xa7,0xf5,0x2b,0xa2,0xfd,0x9f,0x05,0x65,0xf8,0xa6,0x37,0x21,0xef,0x55,0xf9,0x31,0x62,0x82,0x6b,0x9f,0x0a,0xc0,0x70,0xc0,0xe2,0x86,0x4b,0x5f,0xfd,0x8e,0xcc,0xc1,0x8e,0xfa,0xd1,0x8b,0x2c,0xe8,0x4b,0xe5,0x7c,0x0b,0x4a,0x41,0xc5,0x2e,0x20,0xef,0x37,0x72,0x23,0x77,0xc6,0x0f,},"\xed\xda\xa3\x69\xc0\xe3\x1a\x1f\xcc\x1d\xa4\x6f\x65\x36\x24\x42\xa0\xcc\x21\xc7\xdc\xdd\x5c\xd9\x0e\x0a\x2e\xe9\xf2\x51\x10\x81\x2b\xa1\x14\x93\x1c\x86\x8a\x70\x86\x07\xac\x16\x08\x4d\x79\x71\x5d\x13\xb3\x38\xc0\x5c\x6a\xef\x73\x43\xe7\xda\xd2\x82\xf9\x6f\xe2\x81\x93\x18\x8f\x0c\xc8\x93\xc7\xdc\xe8\x05\xfd\x3a\x7c\xd2\x68\xb7\x28\x94\x16\x0b\x52\x45\xfe\xd9\xfa\x99\x43\xb7\xc8\x0a\xdb\x3c\x2d\x1a\x35\x3d\x8f\x12\xdf\x25\xa3\x1d\xde\x7f\xa3\x85\xbb\xec\x35\x1d\xa6\x6f\x15\x30\x32\xe1\x77\x56\x27\x3f\x8d\x54\xe9\xa3\xb9\xea\x25\xae\x67\xd1\xe9\xc1\x8c\xc6\x8b\xe6\x01\xe3\xd6\x82\x82\x81\x8c\xe0\xe7\xcf\x88\xa4\xd1\x33\x64\x53\x02\x17\x32\xf0\x8d\x9e\x76\xcd\x23\x63\x79\x29\xb0\x91\x1d\x5f\x86\x14\xf4\x84\x2e\x67\x0c\x14\x28\x60\xaf\xc2\x65\xc5\x01\x72\xb1\x3b\xfd\x35\xad\x8f\xc5\x4b\x28\x65\x7d\xa3\x2b\xac\x15\x3b\xa9\xaf\xfc\x89\x7a\xfb\x3c\x72\x1f\x48\xca\xa4\x62\x40\x58\x57\x10\xb0\xf2\xd2\x4d\x5f\xf4\x96\x5d\x1d\x10\xf1\xa0\x7b\x06\xab\xea\x6a\x08\xe1\xd6\xf1\x50\x0d\xa1\x2c\x43\x4a\x6d\x77\x8c\x94\x10\x67\x10\x80\x00\x47\x5c\xe8\x31\xbc\xfe\x2d\x0a\xfe\x40\xb7\x41\x9d\x07\x05\x9b\xc0\xcd\x8d\xce\x4b\xe9\x58\x7f\xf2\x9a\xd8\xbf\x0b\x26\x8a\xe2\x3c\xe0\xda\x5b\xb5\xbf\x74\xff\x0b\x2b\x31\xb8\x21\x12\xa9\xfd\x5a\xbd\x9b\xfd\x0a\x90\xe6\xf4\x72\x35\x48\xc6\xbb\x2f\x99\xdc\x06\x1b\xa3\x2e\xba\x2d\x53\xe6\xbc\x79\xbf\x44\x1b\x23\xfb\x74\x60\xde\x04\xe8\xe8\xef\xbc\xd4\xd4\xcc\x73\x55\xde\x9e\x3b\x08\x61\xa6\x81\xb9\x83\x83\x9d\x44\x88\xe5\x51\x75\x1f\x23\xe9\xa6\xe2\xe4\xd4\x43\x27\x3b\x9e\x0f\xe6\x4d\x8a\xcd\x1c\x74\x8b\x55\x59\x43\x82\x23\xdd\x21\xb5\x18\x31\x89\xe0\xf3\xc0\xe8\xed\x41\x4c\x03\x56\xba\xb7\x7a\x65\x4d\xe1\xa5\x77\x14\x62\xef\x14\x34\x49\x70\xa4\x91\x51\x1a\x72\x29\x14\xf4\xa8\x9f\x4f\x1a\x82\x7e\x18\xcd\x84\x47\x9c\xc9\x25\x92\xea\xdf\x8d\xe2\xdf\x82\x4b\x97\x6d\xcb\xd2\x84\xa3\xba\x64\xbc\xdb\x0d\xf1\x5e\x8f\x41\xc0\xb2\x47\x15\x86\xb2\x6a\x06\x35\x3d\x90\x50\x28\x23\x5c\x1c\x6e\x5c\x45\x87\x22\x27\x25\xaf\x08\x3e\x11\xe7\x9c\x94\x3a\xa4\x44\xd4\xaa\x41\x21\x8d\x3e\x97\x43\x36\xe3\x72\x81\x3e\x99\xe2\xb0\xc5\xf0\xae\x81\x0f\xfe\xd9\xa7\xa3\xd6\xcb\x74\xc5\x47\x3d\x99\x0a\x59\x11\x32\x9b\x8e\x82\xec\x6b\xf2\xbd\x43\x21\xbb\x48\x73\x70\xf8\x73\x9e\x7a\x2a\x4a\x53\x43\x08\x33\xd4\x5b\x9f\xe3\xde\xb9\x3f\x79\xfc\x6a\x51\xd5\x63\x69\x5e\xcd\xb9\x78\x58\xd2\x13\xda\x58\x44\x34\xb7\xc7\x15\x46\xaa\xe8\xd9\x67\xe1\xc6\xd0\x08\x2b\x10\xd4\xa7\x2d\xe1\x74\x2e\x53\xc4\xb2\xf9\x2e\xb8\xb5\xc8\xc3\x5a\xb6\x53\x5e\xa8\x10\x0b\x37\x92\x4a\x0a\x91\xd2\xa7\x28\xd0\xf5\x64\x24\x37\xaa\x66\xc8\x2a\xb7\x4b\x5d\x07\x45\xec\x08\xf7\x70\x5c\xb8\x1f\xa0\x79\xd8\x9e\xcd\xc9\xaa\x1f\x8d\x7d\x82\xdc\x77\x46\xd3\x46\x15\x34\x3a\x69\x25\xdc\x31\x8f\x35\x2a\x2b\x45\x01\x24\x38\x42\x4f\x90\x98\xfd\xdf\x6e\x61\xfd\x1f\x8f\xb4\x9d\xa4\x0b\x3e\xec\xe8\x9a\x1a\xf1\x99\x6d\xe7\x0c\xd1\x69\x6c\xbf\xd9\xe3\x01\xea\x5f\x44\x37\xc7\x1a\xc2\xa0\x32\x25\x4c\x14\x0a\x90\xe8\x5f\xb8\xff\xc4\x66\x7f\xa1\x39\xc1\xee\x9b\xbf\x12\xee\xd9\x06\xa9\x67\xbc\x09\x21"},
+{{0x3d,0xcb,0x7a,0xe7,0xd9,0xf0,0xf1,0x41,0xf1,0xd9,0xf0,0x78,0x83,0x63,0x5b,0x91,0x3e,0xd2,0x9f,0xb6,0x1d,0x0f,0x74,0x1c,0x9a,0xfd,0x05,0xa2,0x7b,0x04,0x5b,0x06,},{0xae,0x62,0xb7,0xee,0x1b,0x8d,0xb5,0x76,0x4d,0xaf,0xdd,0xd9,0x72,0x4a,0xcc,0x10,0x6d,0x6c,0x0a,0x4d,0x1e,0x85,0xd8,0x90,0x6f,0x75,0x84,0xb5,0x58,0xf5,0x77,0xdf,},{0x09,0xa1,0xe6,0xfe,0xdf,0x97,0x1b,0x3e,0xdb,0xfa,0xef,0xbe,0xb8,0x9a,0xa5,0x39,0xca,0x0b,0x02,0xb3,0x7e,0x7a,0xc4,0xea,0x89,0x20,0xd6,0xd4,0x34,0x8e,0xe0,0xcf,0x9a,0x2d,0x5e,0x96,0xfc,0xe5,0x17,0xc6,0x65,0xe7,0xc3,0x83,0x68,0xba,0xf2,0x49,0x79,0x24,0x9a,0x95,0xb7,0x0e,0xa7,0x43,0x6c,0x00,0x78,0x5f,0x16,0xa3,0xae,0x09,},"\x38\x11\x6a\x57\x26\x69\x07\x0d\xd5\x86\x32\x18\xc9\x1a\x77\xa4\xab\x47\x55\x36\x88\x48\x8c\x79\x28\x38\x50\x9e\x9a\xba\x25\x06\x7a\xdb\x7e\xa4\x24\x98\x48\x00\x9d\x91\x4a\xe9\x87\xa6\x03\x23\x48\xc1\xc0\x68\x1c\xf9\x77\xa9\x55\x2d\xd6\xbb\xf4\xe6\xff\x32\xac\xc9\xfa\x61\xcb\xee\x25\xa3\x93\x07\x65\x0f\x8b\xa6\xa7\xce\x42\x1e\xf2\xf7\x1b\xcc\xc0\x95\x81\x38\xf9\x32\x4c\x86\xbf\x2e\x52\x8f\xa3\xe4\xd1\xb1\x9f\x9f\x2c\xa5\x26\x84\x09\xb8\xcc\x19\xc6\x2d\xd9\x79\xb8\x96\x97\xe4\x57\xed\x2d\x98\xbd\x20\x96\xf6\x2d\x3d\x9e\x24\x73\x88\x79\x59\x27\x80\x3e\x79\xab\x71\xd4\xf7\x2f\x56\x8e\x94\x5a\x8a\x16\x21\x59\xd9\xb8\x48\x36\xe4\x58\x56\x44\xd4\x97\x9f\x61\x4a\xad\xa7\x3a\xd4\x13\xa8\x33\x91\xe9\xcf\x88\x0c\x42\xac\x2a\x98\x34\x3b\x6a\x82\xcd\x2b\x61\x58\x14\x56\xf6\xde\x5c\xeb\x24\xfe\x46\xb7\x62\x5d\x52\xab\x2c\x2c\x32\x4a\xc7\x47\x03\xd1\x5e\x15\xf1\xae\xff\x80\x55\xd2\xf7\x39\xf7\x36\x3e\x16\xec\x1d\x78\xbe\x2c\x62\x99\x43\x6c\x8c\x8d\x33\x6b\xd2\x92\x71\xa8\x97\xa6\xec\x93\x2e\xd0\x87\x25\xbe\x21\xb2\x8f\x9a\xa1\x4e\xaf\x4f\x71\x85\x31\x54\xdb\x14\x58\x7c\x93\x0a\xb3\xeb\x02\x27\xad\x7f\xfb\x45\xb3\xba\xa6\xa9\x99\x49\x9c\xc8\xa6\xe4\x5b\x1a\xb4\xd0\xb3\x39\x78\x2b\xcd\x9c\xfb\xcf\x88\xcf\x7e\xae\x89\x1c\xc8\x41\xe9\xc8\x8a\x1f\x6a\x69\x1f\x39\x48\xa6\xbc\x85\xba\x7f\x46\x11\x64\x2e\x84\x22\x3c\x3b\x17\x89\x46\xdd\xbe\xdd\xcf\xcd\xef\x4a\xe4\xc4\xe1\xa8\x14\xb9\xb1\xf0\x2b\x1e\xaa\x82\x4d\xb9\x3f\x44\xb2\x7d\x14\x20\x6b\x34\x04\x65\xa1\xce\xfc\xf5\x35\xc6\x3e\x55\xc4\x28\x72\x24\x26\x27\x33\xd9\x8a\xaa\xa1\x54\xf3\xad\x42\xcd\x85\x46\xa4\x61\xce\x0d\x46\xd8\x86\xd3\x46\x1a\x21\x50\xcb\x45\xdb\xe5\x64\x73\xff\x63\xd3\xdc\x7a\x2b\x95\x7b\x82\x39\x69\xf1\x9b\x59\x68\xe8\xb4\x24\xc8\x79\x74\x19\x26\xd8\x2c\x63\x86\x75\x3b\x0f\xa1\xf0\x80\x28\x4e\x55\x78\x94\x23\x63\xaa\xde\xb2\x1f\x8e\x1e\x89\x09\xfa\x6c\x38\x07\x64\x14\x9b\xc9\x15\xb2\x28\x60\x4e\xfc\x56\xd9\x2e\x4b\xeb\x72\x0e\xdc\x74\xc4\xd7\x8f\x92\x5d\x6c\xfd\xf7\xba\x2f\x14\xb5\x62\x37\x75\x81\x0d\x2d\x07\xbd\x38\x8c\x57\x3e\x36\x52\x3f\x21\x57\x38\xe6\x91\x14\xdc\xf8\xd8\x0f\x17\x0b\xfa\x67\x6e\x31\xfb\x62\x6a\x7d\x44\x9e\xd9\x66\x47\x36\x34\x75\x97\x0c\x8c\x47\x80\x97\x09\xbc\xb5\xe7\x20\x0f\x2a\x22\x7c\x7c\x8e\x7b\x00\x0f\x30\xc0\xbd\xe6\x1d\x67\xbd\x68\x95\x36\x16\x29\xa3\x6c\x8f\xdd\x5a\x56\xb8\x1e\xfb\xac\xf1\x5c\x1b\x35\x30\xa0\x8c\xde\xd5\xb1\xfd\x45\x7f\xbd\x2f\x03\x04\x2f\x56\xf1\xb3\x7e\xd1\x5c\xdb\x91\x2f\xa0\x29\x8c\x27\x67\x25\x08\x7e\xe2\x7d\x3c\xf2\x55\x0f\xe6\xe8\xa0\x33\x0a\xf4\x17\xf4\xf5\xba\xf0\x36\x27\xed\x67\xc5\xf8\x32\x33\x63\xab\xac\x5a\x1f\xe3\x48\x23\x18\x0e\x3e\x0e\x20\x80\xf7\x5b\xfd\x91\xc2\x07\xcf\x6b\xaa\x9a\x22\x9c\xf4\x43\xdd\x44\x2c\x59\x02\xe0\x67\x3f\x32\x52\xb8\x52\x63\x46\x58\x58\x72\xf6\xcd\x36\x60\x25\xa5\x69\x92\xb7\x0e\xde\x39\xbc\x8d\x32\x2f\x9c\x22\xa1\xdc\x59\x9e\x9f\x0d\x52\x4c\xb6\xd2\xea\x5a\xe2\x87\x8e\xf6\xbe\xd4\xb7\x02\x80\x7f\x1e\x1e\x73\xeb\xf2\x90\xeb\x6c\x0e\xeb\x85\xc1\x37\x16\xf6\x26\xaa\x90\xd3\x64\xb4\x90\x48\x37\xce\x05"},
+{{0x29,0x73,0x11,0xdd,0xef,0xfe,0xc9,0xd2,0xbe,0x68,0xef,0x7b,0x2a,0x20,0xfe,0x2d,0x27,0x7e,0x1d,0x8e,0x51,0x64,0x8b,0x03,0x57,0x2a,0xda,0x27,0xec,0x1f,0x9f,0x43,},{0x6a,0x6c,0x28,0xe7,0x61,0x64,0x0c,0x40,0x08,0x33,0x3a,0xae,0x5a,0x33,0x66,0x30,0x2e,0x2f,0x46,0x77,0xa9,0x53,0xba,0x48,0x2a,0xb6,0xfb,0x4a,0x1d,0x70,0xb4,0x47,},{0x4b,0xf0,0xb9,0x2c,0x6e,0xe4,0xea,0xce,0x5e,0x8e,0xb1,0x03,0x70,0xff,0x9d,0x9c,0x68,0xa5,0x74,0x9d,0x59,0x89,0x9d,0x04,0x32,0x7a,0xaa,0x38,0xf8,0xf8,0x25,0xe0,0x32,0xe5,0x97,0x42,0xb3,0x7d,0xe2,0x31,0x07,0xa3,0xec,0xdd,0x3f,0x7a,0x0d,0x08,0x12,0x26,0x14,0xb7,0x8f,0xdd,0x37,0x29,0x3c,0x8d,0x05,0xe2,0x8f,0x5f,0x71,0x08,},"\x26\x52\xac\xfc\x3b\xdf\x09\xa5\x99\xec\x67\x86\xbb\xd9\x4f\xe5\x77\xcf\x57\x8e\x02\x63\xcc\x68\xd9\xf5\x7a\x6c\x83\x45\x8f\x80\xac\xd8\xa7\x5e\xf0\x30\x40\xa6\x35\x67\x2b\x96\x8f\xf2\xaf\xdb\x28\x8d\x28\xb9\x99\x6f\x64\x15\xb2\xf3\x17\x5e\x9e\xa3\x7a\xeb\x05\xdf\x81\x81\x2e\x38\xa4\xc9\x76\xeb\x92\x85\x6c\xed\xb9\x1a\x26\x9a\x46\xfc\xa5\xdf\x9b\xd7\x30\xfd\x84\x45\x2b\x4b\xd9\x35\x77\xc6\x1f\x42\xc1\x41\x13\x97\x98\x82\xa8\x6a\x9f\xe6\x32\xe4\x75\x6a\xfd\x89\x81\x6f\xc4\x67\x0a\x31\x05\x03\xfd\xaa\xd2\xdb\x76\x4c\x37\x21\x21\x3c\x3e\x60\xf2\x9c\x26\x68\xd4\xde\x8f\x42\xb0\x87\xf2\x5c\xd5\x6c\x69\xa4\xe4\x8f\x13\x4f\x55\x98\xcf\x14\x5b\xe6\x38\xa5\xc2\x31\x88\x63\x32\x90\x61\x72\x9a\xac\x91\xda\x6a\x19\x1f\xd7\x74\x88\x0c\xf9\xcb\x55\x5e\xec\x15\xb0\x04\x4f\x10\xe5\x43\x3f\xb4\x6a\x9b\x88\x92\xda\x8f\x6d\x24\xf1\x42\x58\x8b\x70\xff\x0b\x49\x20\x0c\x50\x6b\x88\xbe\xd4\x49\xad\x10\xd3\xf9\x2c\x2b\xae\xda\x6b\xbf\x58\x67\x6c\x5b\xbc\x67\xd3\x1f\x64\xfb\x12\xe8\xd5\xe7\x88\x76\xd5\xc8\x49\xfc\x31\x4b\x2c\xf8\x01\x0c\x51\x02\x04\xc8\x63\x3d\x0c\xc3\x18\x56\xec\x6a\x11\x4e\xa8\xa8\x9c\x48\x92\x7b\x07\xa3\x1a\xb8\x42\xc9\xb8\x35\x2d\x93\x67\x34\x51\x41\xa9\x9b\x40\x04\x9d\x5c\x48\xe7\xd2\x7c\xab\x42\x7a\xde\xfd\x1f\x0f\xc1\x13\x6b\x35\x3c\xb0\x1c\x3d\xef\x91\xff\xfe\xe8\xad\x91\xe8\x8f\x4b\xb7\xd2\x61\x5c\x0d\xcc\x95\x34\x4c\xd0\x19\x50\x93\x8e\xcb\x14\xb8\x44\x6b\x56\xa0\x6b\xf2\xf2\xf6\x5f\xb8\x73\x5e\x8a\x7b\xc9\x6b\xb4\x6c\xe9\xca\xc7\x1a\x88\xeb\x8f\xda\x5e\x69\xd6\x9e\xb2\x9a\xa4\x2a\x01\x6b\x85\x83\x89\x3e\x9d\x72\x77\xcb\x13\x59\xc5\x68\x7e\xed\xcd\x59\x9d\x8a\x46\xe6\xc1\x49\x63\x63\x7d\xb0\x4a\x92\x9f\x4b\xc7\x93\x04\xac\x2d\xae\x73\x3b\x3a\x83\x9e\xb7\x4f\xbe\x3d\xe5\x04\x2f\xd6\x55\xea\xec\xb1\x5f\x39\xb2\xfe\x16\xda\xd8\xa6\xff\x8d\xbc\x05\x4f\xed\x51\x28\x2a\x85\x6e\x9d\xa6\x31\x6f\xac\x6d\xb5\xd5\x6f\x77\xf1\x8d\xa8\x41\x2e\xb3\x77\xe5\xb1\xb8\xf4\xcb\x13\x54\xec\xfe\x8f\xe8\xfd\x54\xe6\x2d\x76\x7a\x80\xde\x04\xcb\x76\x20\x22\x9a\x88\x31\xdb\xc9\xec\xd4\x57\x8f\xfa\x2f\xf0\x6b\x54\x45\xe4\x40\xd6\x9a\xab\xc9\x4c\x47\xbd\x17\xf2\x2b\x69\xf5\x2e\xea\xe5\xcf\xcd\x01\xa5\xca\xfe\x05\x80\x07\x2a\xe9\x16\x6b\x95\x74\x3d\x68\xc3\x56\x4c\x5a\x7e\x46\xf2\x4b\xc4\x8a\x89\x8a\x1a\xb2\xeb\xe6\x3f\x36\x85\x1d\x2a\xac\xfa\x0c\x4f\x32\xd9\x93\x77\x1d\x31\x4e\x72\x5a\x43\xd9\x80\x5d\x13\x71\xcf\x72\x3e\xf1\x61\xd4\x2e\x63\xff\xca\x68\x8d\x7f\x0e\x21\xef\x5b\x3f\x9a\x56\x1a\x62\x10\x70\x2b\x85\xfb\xd1\xf8\xca\x75\x38\x9c\xc7\xa2\x27\x39\xba\xe4\xde\xd9\x37\x57\xf1\x52\x0d\xc3\x88\x44\xa1\xa8\x8b\xe8\xe0\x96\x45\x05\x91\x48\x80\x7b\x93\x37\x70\x87\x8c\xb8\xa9\xad\x92\x11\x31\x71\x31\xe6\x93\x24\x53\x2f\xd0\x27\x9b\x83\x18\x5b\x62\x8f\xc2\xf9\xe2\x15\x00\x38\x46\x93\xfa\x29\xf2\x6b\xd1\xb9\xc3\x01\x60\x13\x67\x66\x5f\x05\xf3\x72\xda\xb4\xe3\x10\x77\x26\xcd\x3f\x63\x9c\xa6\x2b\xf6\x3a\x75\xf7\x7e\xaa\x75\xf7\x13\x61\x57\xad\xa2\x37\x4e\x65\xfb\x4f\xd3\x49\xb4\x5e\x25\x44\x1f\xd2\x1b\x13\xe6\x91\x13\x66\xb9\x7c\xfb\x4d\x6a\xd5\x22\xb8\x50\xad\xf4\x0c"},
+{{0x4d,0xb2,0xb5,0x81,0x44,0xa8,0xd2,0xd0,0xec,0x03,0xbb,0x9b,0xc2,0x9b,0x4c,0xa8,0x93,0x85,0x4c,0x80,0xb6,0x4a,0xfa,0x4a,0xf7,0xa9,0xc9,0x36,0x93,0x5e,0xcb,0x04,},{0xfc,0x5c,0xd7,0x50,0xe1,0x74,0xed,0x71,0x8b,0xd9,0x38,0xfa,0x8e,0xd9,0x9a,0x1b,0x9d,0x55,0x6b,0xa7,0x67,0x0f,0x2a,0x77,0xda,0xf1,0xc7,0x20,0x11,0x37,0x32,0xa5,},{0x42,0x45,0x17,0xaa,0xdd,0x85,0x3c,0xe3,0x98,0x57,0x59,0xa3,0x27,0xe7,0x76,0x0d,0x91,0x56,0xd3,0xb2,0x73,0x45,0x38,0x3f,0x0e,0x4a,0xd6,0x66,0x1e,0xe4,0xa3,0x72,0x4d,0x18,0xd8,0x20,0xf6,0xc5,0x57,0xf8,0x27,0x97,0xbe,0xb6,0x2d,0x2f,0x08,0x54,0x33,0x74,0x4f,0x89,0xa2,0xd8,0x52,0x93,0x79,0x64,0x81,0x86,0x2e,0xf8,0xa4,0x0f,},"\xc8\xd1\xdb\xc9\x36\x91\x1e\x12\x2c\xee\x18\xf9\x2b\x16\xa3\x9a\x2e\xef\x08\x23\xb2\x27\xf8\x98\xcd\xf5\x84\x2b\x93\xd5\x9f\xc0\x02\xed\xb5\x49\x8a\x20\x87\x2e\x19\x55\x4e\xf7\x39\x99\xeb\x3a\x7b\x3e\x2f\xdd\x90\x70\xe1\xef\xa9\x22\x8e\x9e\x93\xb2\x9a\x86\x8a\xe3\x79\x9e\x4e\x57\x23\x24\x83\x6b\x1a\xd5\xaa\x81\x2b\xf0\x0f\x84\x5b\xc2\x17\xeb\xbc\x3f\xab\xdc\x4e\x1b\x6e\x51\xef\x9e\xfa\xc2\x77\x0a\xa0\xa4\xa1\x1e\xe5\x2a\xb9\x56\xac\x64\x48\xaa\x26\x29\xcb\x61\xdb\xb1\xf1\xed\xb3\xbd\xe9\x9b\x48\x76\xda\x39\x2a\x6e\x0b\x9a\x0c\x31\x84\x9a\x58\x90\xae\xa9\x52\x2f\x56\xd0\x15\xa1\x93\x50\x15\xb9\x1b\xf4\xc6\xa0\x01\x1d\x23\x77\xd6\x71\xc3\xd0\xd7\x53\xc2\x7f\x8c\x76\xe4\x05\xd0\x23\x0f\x1f\x4b\x9b\x88\xfc\xeb\xba\x1e\xaf\x13\x77\x72\x35\xe5\x53\x24\xb7\xd3\xf8\x1e\x68\x61\x09\xd9\x1c\xe6\x89\x53\x0b\x90\xd2\xc5\xc7\x1d\xd1\x87\x72\xb3\x85\xd6\x2c\xcb\xfd\x2e\x08\x9a\x1b\x67\x09\x83\xf6\x0c\x21\xc4\x45\x5c\xb9\xd1\xa0\xdc\xaa\x74\xc8\x74\xe3\x52\x11\xf8\x22\x7f\xf7\xc2\x34\xdf\xf8\x5e\xc0\xb0\x7e\x36\x8c\xfa\x50\xa3\x43\x57\x83\x95\xa1\x4c\x68\xf1\xf8\x9b\xd4\xec\xbc\x17\x2e\xf8\x05\xe5\x83\x1e\xc8\x94\x75\xfc\xc8\xd6\x85\xca\x92\x55\xa7\x7e\x3b\xa3\xc1\x47\x50\x8e\xc9\x2d\x7b\xcc\xe8\x79\xaf\x0a\xbd\xd2\x41\x6b\x67\xb5\xf5\x05\x07\x33\x79\x14\xf3\x90\xbb\xe0\xb4\x50\xb6\xa2\xf1\x15\x93\x72\xc4\xbc\xce\xa3\x82\xce\x3d\x6d\x9f\xb2\x51\x5e\xcf\x79\x30\x05\x9a\x05\x52\xb7\x5f\x97\x88\x62\xbf\x97\xe8\x32\x5a\xf2\x4d\x1b\x8c\xe9\x51\x2b\xfc\x7c\xef\x88\x42\x32\x04\x23\x41\xd8\x2f\x9b\x5d\xad\x2e\x50\x2a\xc6\xac\x79\x5f\x99\xda\xc7\xfc\x60\xe3\xb8\x63\x9d\x0e\x15\x00\xde\xad\x4e\x78\xac\xa1\x09\x95\x7d\x57\x7a\x13\xc1\x92\x5d\x74\x03\xc1\xac\xf9\x89\xa9\xde\x67\x11\xe2\x3c\x67\xbf\x87\x22\xf5\x51\xb7\x74\xca\xda\x93\x1b\x5f\xd9\x73\x43\x4e\x3b\x71\x72\x81\x98\x83\xe7\x0c\x52\x78\x5e\x3b\x49\xd3\x23\xd0\x56\x36\x64\x11\x58\x64\x0d\xcf\x6a\x4c\x20\x0e\xb2\xc1\x3b\x1b\xee\xb2\xdc\x36\x03\x52\x47\x0d\x15\x38\x6e\x59\xe6\xfa\x60\x36\x7e\x5e\x7f\x17\x2b\x21\x15\x9d\x5e\xe7\xca\xb0\xd7\xf5\x86\x82\x39\x85\x8e\x2a\x93\x55\x04\x80\xfe\x8f\xb4\xdc\xaf\x4f\x22\x4c\x4b\x2a\xd5\x44\x87\x91\x63\x2d\xf3\x0e\x8e\x5f\xb9\x98\xb3\x5e\xa9\xae\xc8\xc9\x34\xa4\x40\x3a\xef\x82\x18\x7c\xa1\xab\xf8\x2a\x34\x4d\x00\xff\xb9\x93\xd9\xff\x34\x61\xd6\xfe\xcd\xaf\x5d\x3b\x48\x1e\x0d\x31\x15\x3d\xbf\x6a\xed\x28\x8c\x8a\xdd\x06\x4e\x83\x31\x55\x01\x41\xbd\x5f\x7a\x7e\x04\x7b\x86\x07\xd8\x46\xa6\xbf\xb7\x2d\x68\x34\x46\xa4\x45\x11\x46\x06\x25\x0d\x8d\x2d\x3a\x8b\x95\x08\xbb\x07\xd4\x62\x3c\xdf\x17\x88\xb5\x49\x9e\x9c\xb9\xa1\x37\x98\x49\xbf\xa1\x9c\x9a\x9f\x4c\xd3\xd9\x25\x3a\xdf\xfd\xa2\x5f\x47\xc8\x11\xbe\x83\x3b\x02\xf3\x32\x7e\xbb\xa8\x37\x30\x19\x5d\x61\x4b\xae\x6f\xe4\xe7\xa3\x83\x08\x15\xd2\xaf\x40\x0d\x20\xa9\x41\x7a\x09\x5e\x7e\x8e\xea\x10\x44\x91\x7c\xbe\x51\x2c\x40\x18\xd6\x56\xe2\xdb\x67\xbb\x98\x9c\x00\xe1\xe5\x07\x62\x3e\x82\x78\xd7\x29\x92\x5b\x84\xfb\x5c\x18\x6a\x7b\xac\x18\x9e\x6d\x6a\xb1\x4f\xd7\xb6\x2f\xdc\x63\x2b\xeb\xb5\xf7\x7c\xb5\xcc\x2f\x70\x7d\xf4\x05\x30\x99"},
+{{0xc8,0x20,0x41,0x3c,0x24,0x56,0x74,0x71,0x04,0x66,0x2e,0xf4,0xdf,0xf3,0xac,0x23,0x3a,0xc4,0xb9,0x1a,0x76,0xd3,0xc4,0xea,0x75,0x44,0x90,0xbc,0x9b,0x1e,0x29,0x1f,},{0x89,0x93,0xce,0xa2,0xf7,0xf2,0x80,0x6c,0x77,0xb3,0x98,0x1b,0x54,0xbf,0xa9,0xbf,0x17,0x62,0x15,0x1b,0x41,0x8e,0x5e,0x72,0x53,0x71,0xca,0x2c,0x04,0xd2,0x23,0xee,},{0x7e,0xf7,0x0e,0x4a,0x14,0x95,0x4d,0x50,0x9f,0x11,0x7f,0x4b,0xd0,0x1b,0x22,0x0b,0xcc,0x19,0x2d,0x3b,0x5f,0xdf,0xc3,0x48,0x2f,0xbb,0xc3,0xb6,0x9d,0xc0,0x68,0xa7,0xc4,0x76,0x1d,0x1b,0xeb,0xc2,0x31,0x7d,0x6d,0xb7,0x4f,0x90,0x6a,0x15,0x56,0x42,0xb0,0xa3,0xc6,0x59,0x2b,0xdc,0x72,0xe6,0x4e,0xac,0x6f,0x20,0x3f,0xb7,0x4e,0x02,},"\xd2\x99\x2f\x83\x92\x4a\x59\x48\x87\xe6\xef\x13\xf2\xae\x80\x8f\xc8\x63\x9c\x7b\x2c\x99\x4f\xaf\x0f\x79\x5e\x36\x01\x6d\xab\x77\x00\xa0\xee\x53\x01\x70\xf0\xb9\xfe\x98\xab\x75\x88\xce\x03\xbc\x50\xc2\xba\xe6\x5e\x05\x26\x47\xe7\x56\x73\x5b\x35\xd0\xb5\x9c\x96\x4e\x91\x7d\x8c\x83\xe2\xf9\xfe\xcc\x4c\xb0\x55\x64\x28\x7f\x0e\x34\xc9\x49\x40\x05\xe2\x5b\x1a\x8b\x1b\x94\x2b\x54\xd8\x90\x35\xf1\xb1\xc3\xc9\x45\xfc\xc8\x4e\x4a\x39\xef\xa2\xca\x50\x95\x9b\x45\x9a\xf7\x4d\x21\xb6\x24\x2e\x2f\x56\x51\x8f\x70\xe8\x67\x92\x57\xc0\x89\xd2\x6c\x3b\xb7\x92\x68\x7c\x92\x33\x55\xb2\xc1\x8e\xe2\x13\x6d\x40\xcb\xa4\x5a\xcb\x64\x24\x0d\x96\x67\xf3\x9d\xba\x36\x39\xb6\x51\x6d\x4c\x49\x47\x57\x3e\xf4\xce\xd8\x76\xb5\xb2\xea\x34\x89\xea\xea\x53\x9f\x55\x7f\x58\xda\x20\x46\x91\xa7\x6e\x29\xc9\x4b\x8b\x05\x38\x23\x2c\x5f\x7d\x0b\xb0\xfd\xd0\x16\x91\x04\x31\x35\x4b\x3e\x1e\x7c\xe6\x2a\xd4\x36\x91\x7c\xd5\xc3\x15\xa5\xbe\x9b\x97\x1c\x80\xf9\x7b\xc9\xd5\xc1\x56\xff\xd6\x4f\xd4\xe3\x1d\xa5\x60\x83\xe0\x2a\x0c\x8f\xce\x55\x4d\xb6\x86\x74\xcb\x62\x70\x0b\xa9\x51\x75\x2b\x82\x9b\x03\xc5\x42\x32\x74\x12\xee\xc9\xcc\xc6\xa5\x0a\xdf\x47\xbb\xee\x15\x44\x66\x82\xda\x2f\xea\x42\x04\x89\x36\xd7\x63\x06\x0c\xd8\xf5\x39\x65\x26\x16\xdf\xa8\x08\xd6\x23\xff\x77\x7b\x41\x13\x65\x2e\x78\x9e\xc0\x25\xb8\x5e\x04\xef\xe8\xad\x4c\x96\x0b\x19\x0b\xf4\xa5\xa6\x32\x4d\x6f\x57\xc1\xad\x22\x01\x8c\x83\xcd\x7e\x7e\x09\x7f\xc6\x7b\x80\x26\x9c\x13\xb4\xdd\x97\x01\xca\x98\xf9\x87\x69\x58\xba\x76\x89\xc6\xf6\xf1\x0a\x73\x2a\x64\xbe\xf2\x2e\x8b\x98\xbd\x30\x4d\x5d\xbf\x4f\xb1\xf9\xe4\xca\x53\x9a\x5c\x4a\xa6\x19\xc4\x4d\x6f\x58\xf8\x24\xb2\xdb\xae\x77\xb7\xe8\x3b\x56\xdb\x5e\x5a\xa7\xb0\xae\x9c\xe1\xcd\x10\xa6\x9f\x04\xa8\x0f\x13\x79\xeb\x0c\x47\x4e\x47\x82\xdf\x0e\x3b\xa6\xa1\x48\x22\x6b\xd1\xa6\x62\xd9\x5e\xe2\xd6\x7c\x52\x07\x33\x3c\xb1\xd5\x41\x76\xd9\xe5\x06\x45\x94\x79\x02\x9f\x31\xdc\xac\xe2\x69\x93\x8f\x6b\xc5\x62\x78\x78\x41\xdc\xfe\x10\x1f\x4d\xb6\x0b\xd6\x60\x16\xe1\xee\xbb\x6b\xfb\xd9\xcd\x83\x04\x2d\xd1\x37\x9a\x46\x4f\x40\x5a\xaa\xe3\xc1\x18\x07\x84\x8c\xc4\xf9\x5c\x3c\xc6\xfa\x92\xab\x4e\xa5\x30\x58\x34\xeb\x86\xb8\x73\xfa\x30\xed\x1f\x7f\x47\x0b\xf6\x63\xf1\xa7\x0c\xf9\xe6\x0a\xb6\x80\xcd\x1d\xbb\xd0\x3a\xc0\x43\x3b\x3d\x4b\xb4\x82\xf8\xb3\x44\xd4\x6b\x3a\xa9\x34\xb8\x63\x3f\x57\x09\x0b\xea\x5f\xcc\xca\x64\x88\x79\x98\x35\xf1\x33\xf8\xbc\xf6\xe8\x87\xca\x59\xd1\x90\x76\xd6\xca\x19\xd4\xe2\x83\x49\x05\x1e\x01\x6b\x03\xe9\xa9\x20\xf4\x12\x0f\xb5\x23\xd1\x37\x1d\x0e\x38\x46\x73\x19\x54\x3f\x12\x7e\xd9\x14\xb4\x3a\xd0\x62\x22\x6a\x53\x65\x82\xdb\x72\x8c\xcd\x76\xe9\x83\xf1\x17\x66\xa8\x86\x3c\x2f\x42\x4f\x65\x50\x8d\xcb\x26\xfe\x0c\x5a\x80\x0c\x35\x09\x39\x60\xa1\x21\x97\x6e\x30\x51\xe2\xef\x1a\x2a\x99\xc1\x2f\xb7\xbd\x8b\xc0\x37\xa4\x39\x68\x68\x06\xeb\x72\x01\x7a\x07\x1a\x91\xb3\xe3\x9c\x90\xe8\x6b\xc3\x35\xf9\xbb\x54\x3b\x12\x7c\x98\x86\x73\x8c\xb5\x38\x06\xb9\xcb\x3c\x25\x94\xc7\xef\xfc\x2a\x59\x20\xaa\x83\x4b\xe6\x5c\x49\xf4\x79\x64\xe8\x9e\xec\x74\x72\x8d\xe7\x71\xf3\xd6\x75\xde\x9d\x1e"},
+{{0x67,0x69,0xcc,0x8e,0x12,0x56,0x17,0xc2,0x2c,0xe5,0x72,0x37,0xa4,0xfc,0xa1,0x50,0x7f,0x94,0x12,0x34,0x66,0x1d,0xf7,0x43,0x28,0xd0,0x4a,0xb6,0x2e,0xf8,0x6c,0x47,},{0x05,0x11,0x2c,0xa6,0x0b,0xaf,0xf7,0x9b,0x49,0x16,0xc1,0xbe,0xe2,0xb9,0x39,0x0c,0x04,0x7a,0xf0,0x8c,0x35,0xeb,0xb3,0xc3,0x81,0xb9,0x74,0x8d,0x1d,0xd4,0xc4,0xfd,},{0xd3,0x9d,0x85,0x3d,0x2c,0x2c,0x5d,0x21,0xb5,0x87,0x1e,0xa5,0xa7,0x5c,0x04,0x10,0x48,0xd9,0x3a,0x47,0xdc,0x59,0x9a,0x5f,0xdd,0xc0,0x85,0x62,0x85,0xce,0x63,0x6f,0xcd,0xfd,0x85,0x64,0x08,0x3d,0x06,0xff,0x28,0x4a,0x52,0x4b,0xc6,0x33,0xcf,0xdf,0xc3,0xb0,0x37,0x16,0x3d,0x67,0x4c,0xb9,0xbb,0x5b,0xa3,0xbc,0x25,0xbe,0xd0,0x0e,},"\x68\x54\x89\x73\x9b\x98\x56\x47\x49\x58\x7f\xf1\xac\x96\xba\x68\x2d\xa3\x0b\x40\xa4\xde\x24\xf5\x4e\xc8\xb0\x83\xdd\xa4\x53\x33\x16\x21\x67\xcb\x3f\x97\xb2\xc7\x31\x4c\xe7\xa3\xf3\xf3\xd3\x19\xcc\xc3\x5b\xb6\xa9\xf0\x07\x7d\x56\x31\x61\xe2\x81\x46\x9c\xf0\x89\x68\xd9\xdc\xf7\xae\x5f\xff\x83\x0a\x5d\xb0\x0b\xc3\x80\x10\xe6\x66\x2d\x49\x4f\x3c\x86\x47\xc4\xf7\x0c\xe2\xd2\x9a\x9d\xa8\x46\x10\xa0\x80\xb5\x75\x9a\x3b\x58\x20\x52\xdf\xde\x66\xe4\xa7\xfa\x5f\xb2\x7f\x06\x50\x73\xfe\x72\x3d\x83\x70\x1d\x5b\xac\x06\xca\x43\xb4\x6d\x1e\x58\x09\x76\x70\xc1\x94\xa1\x3a\xf8\xb5\x73\xa3\x79\x1a\x96\x61\x55\x7c\xbc\x04\x27\x57\xab\x8a\xdd\x0e\xf7\xcf\x4f\x35\x43\x5a\x42\x12\x35\x3f\xcb\x3c\x20\x3c\x73\xdb\xc9\xd2\x68\x52\xd0\xe9\x17\x32\xe3\x62\x1c\xe8\x28\x92\x9c\xdc\xa4\xd9\x19\x20\x48\x75\x19\x22\xed\x22\x5e\xab\x29\x00\xcf\xf9\x71\xa2\xa2\xd3\x42\x46\x36\x48\xbb\xb1\x94\x43\x19\xa8\xef\x6d\x43\xdb\x62\x48\x0f\xbf\x1d\x72\x57\xd2\x26\x94\x53\x97\x93\xf2\x5c\x92\x79\x17\xca\xab\x25\xc1\x19\x3a\x2d\x2b\x23\xbb\x5c\xb8\x56\x9a\xef\xff\x4f\x0c\xa4\x23\xd1\x9b\xbd\x46\xfc\x5e\xf7\x52\x4f\xf8\xcb\x70\x6f\xfc\x47\x07\x65\x09\xc0\x5a\x81\x58\xaf\x77\xf9\x8d\xf6\xa9\xb5\xcb\x32\x44\xab\xa4\xb5\xc5\xf9\xce\x59\x7e\x7d\x29\xba\x07\x01\x3d\xca\xc1\x91\x1b\x6d\xe7\x11\x3c\x73\x6a\x40\x05\xc4\x59\x99\x29\x79\x01\x9a\x45\xb2\xdd\x80\x2a\x07\x66\x09\x09\xeb\x4c\xe2\x05\x40\x81\x70\xd8\x25\x45\xda\xcb\xa8\x68\x6d\xbd\xe9\x27\xdb\xc9\xc7\xd9\x62\x05\x8e\x9a\x95\xea\x66\xb8\xdf\xd3\xea\x43\x53\x57\xa9\x3c\x73\x94\x8c\xd3\x55\xf6\xac\x65\x52\x32\x3f\x17\xc2\xa6\x78\x66\x2b\xc0\xe9\x72\x6a\xd5\xa5\x25\x1d\xd2\x76\x47\x40\x4c\xbf\xe6\x1c\xea\xaf\xdc\xfc\x08\xa4\x75\xff\xd8\x7c\xb7\xf5\x97\xe5\x6a\xc1\x67\x04\x09\xdd\x94\x08\xae\x47\x70\x42\x0c\x6e\x5e\x6d\xd8\xe7\x48\xfe\x03\xa7\x2d\xc1\x28\x03\xd0\x27\x71\xd9\x2f\x47\xe6\xe7\x17\xcc\xc1\x44\xfc\x03\x72\x75\xb6\xf7\x45\xdd\x30\xda\x1a\x45\xd2\x9d\xb6\xd9\x07\x3e\xee\x50\x09\xcf\xd5\x46\x27\x33\x41\x4a\x49\x5f\x34\x9d\xb0\xb6\xdb\xf2\xce\xa9\xcc\xd5\x72\x38\xed\x5e\xe9\x1a\xd8\xbc\x86\x17\x9a\xd5\x69\x5a\x85\xa5\x04\x84\xe6\x17\x75\x1d\xe5\xef\x7a\x7d\x8a\x8d\xb9\x50\xa9\x8a\x6b\x7f\x7d\xee\x9d\x42\xa5\xdf\x69\x2f\xcc\xf5\x55\xc9\x40\xdc\x39\xcf\x2e\xac\x48\xcb\x9d\x15\xcd\xa1\x4d\xd2\xa7\xec\xc0\xb7\x6e\xbe\xc6\x8a\xd4\x17\x7d\x11\x17\xe0\x77\x66\xc4\x85\x90\xd4\x3c\xa7\x66\x28\x68\xeb\x97\x90\xac\x29\xf4\xf2\x39\x2b\x9a\x93\xf8\x97\x59\xe7\xba\x54\x6b\x92\x5b\xd8\x6f\x80\x7d\x8d\x16\xc7\xe6\x37\xdc\xc6\x66\xe9\x05\x90\xbf\x43\x0d\x98\x6a\x67\xf1\xb0\xc7\xc2\xc9\x49\x30\x84\x58\x69\xed\x8d\x8a\xdd\xe1\x8f\xc1\x88\x74\x56\x88\x1b\x4b\x26\xb5\x3d\xcb\xa7\xa5\x26\xf0\xec\xa1\x4e\x8b\xb6\x89\xd6\x6f\x0a\xa1\xb2\x53\xc3\xdc\xfc\xf5\x95\x40\xd5\xd2\xf5\xad\x61\x7f\x52\xc3\x09\x38\xa5\xa9\x2e\xa3\x85\x07\x7d\x75\xaa\x4a\xc0\x7a\xfc\x2b\x35\xfb\x8c\x1d\x5e\x78\xeb\x29\x5f\xc2\x0f\xe3\x7c\x41\xac\x06\x95\x9d\x3a\x17\x97\x84\x3a\xd7\x05\x6c\x1b\x41\x2d\xd0\xb4\x80\xaa\x3b\x39\xbc\xc2\x05\x87\xd9\xa0\xfe\xf9\x2c\x6c\x95\x0e\xbc\x5b\xb8\xe1\x42"},
+{{0x1d,0xf7,0xac,0xfb,0x96,0x33,0x04,0xe5,0x1e,0xc4,0x71,0xca,0xf1,0x81,0x10,0x25,0x56,0x78,0x3c,0xb7,0xd9,0x1e,0xad,0x30,0xbd,0xc2,0x53,0x4d,0x07,0x8a,0x14,0x88,},{0x05,0xa3,0x1f,0xfc,0x70,0xe4,0xe3,0x56,0x9f,0xc2,0xbe,0x11,0x0c,0x64,0x3a,0xd5,0xf0,0x87,0x91,0x3c,0x7a,0xa4,0x76,0xdc,0xd8,0xd6,0xe4,0xbc,0x7e,0xc2,0x2d,0x24,},{0xb1,0x81,0x93,0x8d,0xe1,0x01,0x42,0xf3,0x24,0x07,0xb4,0xe7,0x86,0xcd,0xdd,0xe9,0x32,0xeb,0x11,0xdb,0xc0,0xbf,0x0e,0x5a,0xc5,0x09,0xfa,0xe7,0xa5,0xbc,0xc3,0x29,0x61,0xfe,0x34,0x48,0xf9,0x12,0xc8,0x50,0x0f,0xc6,0xdb,0x4e,0x1d,0x32,0x62,0xa8,0x3c,0x9d,0xbe,0x76,0x9b,0xb8,0xc3,0xa7,0x61,0x00,0x0f,0xe3,0x6c,0x0d,0x71,0x04,},"\xb0\xc3\xee\xb5\x7f\x14\x60\x6a\xb7\xab\xea\xb2\xee\x05\x73\x84\x3c\xa2\x2e\x6d\xb2\xfd\xf2\xc9\x06\x4c\xea\x51\x98\xdc\x58\x30\xeb\x15\x8d\xa8\xe2\xda\xa8\x88\x57\xaf\x8b\x8e\xef\xcc\xf0\xc2\x6c\x3e\xc0\xf3\x30\xe9\x2c\xff\x06\xbc\x05\xa2\x9b\xfc\x99\xf9\x40\xb6\x1f\x3c\xfb\x29\x64\xb3\x37\x09\x7a\x65\x50\xa3\xe9\xa3\x28\xc8\x5b\xe6\xf1\x60\xd2\xc0\xa5\x7f\xf6\xf1\xb3\xc5\xff\xcc\xa8\x90\x89\x42\x5a\xb6\xbe\x01\x72\xe1\x75\xba\xf4\x0c\xf1\x2b\x24\xa8\x15\xf7\x0f\x29\xa3\xa4\xcd\x0a\x6a\x13\x2f\x12\x00\x97\x75\x2f\x4b\xc7\x43\xed\xe0\x8f\x5f\x21\xd4\x2f\x28\x2f\x76\x71\xf7\x78\x3e\x27\xb2\xa8\xe2\xc1\x46\x92\xf1\xe0\xe5\xde\x82\x85\x5d\xab\xf9\x8a\x1a\x63\x97\x60\x06\xff\xbf\xe5\xf5\xa5\x79\xb4\x60\xe2\x6d\x06\xbd\x54\x28\x42\xa5\xf9\x26\x1b\xbf\x26\x04\x51\xd2\x32\x1c\x50\x89\x32\x01\x3c\xc6\xe9\x04\xf7\x9b\x5e\x46\x86\xd0\x33\xe1\x2c\x7b\xbd\x7e\xb1\xc9\x23\x79\xc5\xec\x34\x1b\xf6\x45\x7a\x3f\x17\x26\x4a\x7c\x27\x8b\x27\x50\x1e\xca\xed\xc3\x61\xeb\xa8\x44\x44\x23\x42\xb4\xb1\x0f\xa9\x4d\x26\x58\x65\x11\x6a\xcf\x43\xfc\xbe\xc9\x65\xd2\xab\x4b\xbb\xe6\x14\xc4\xf9\x0a\xb6\xb3\xe0\xd5\x38\x3f\xa0\x49\x88\xbf\xbb\x26\x03\x07\xdd\xe2\x2d\x84\x09\x8b\x63\x31\xd1\x55\x14\x1a\x92\x7b\xb7\x8d\x66\x4b\x34\x1d\x2f\x2a\x93\xe2\x91\xcf\x79\xba\xae\xcd\x26\x12\xf6\xb1\x04\xf3\xfc\x81\x37\x3a\x7c\x6a\x04\x5b\x59\x24\xbf\x95\x0c\xd5\x42\xf7\xb7\xac\xce\xf3\xaa\x7d\x72\x5d\xe0\x53\x05\x5d\x95\x1b\xd7\x68\x11\x13\x92\x59\x66\x38\xae\x09\x71\x70\xf4\x49\x2b\xa5\x0a\x46\x8f\x8e\x34\x77\x63\xdb\x61\x2d\x3c\x7d\xe7\xe5\x64\x59\xb2\x6e\xe0\x29\xc6\x30\x82\x7a\x35\x3a\xee\x73\xde\x68\xd6\xd7\x2b\x27\xaf\xd7\x5d\x22\x16\x45\x27\x94\x5c\x72\x26\x84\x4f\xab\x15\xb8\xdc\xc9\x14\x34\x9e\x31\x41\xc6\x13\x16\xad\xc8\x94\xde\xdc\xdc\x84\x39\x84\xd9\xc7\xfe\xae\x39\xdb\x33\x2d\xc3\x93\xe9\xe8\x96\x1b\xbd\xe0\x71\xc3\xd2\x85\x8b\x3c\xb5\xf3\x3b\x16\x4a\x15\x61\x6c\x6f\xe1\xbb\xc2\x4a\x35\xf2\x13\x36\xd2\x61\xc5\xd8\xcf\x75\x9e\x27\xe2\x2c\x91\x01\xc4\xae\xbd\xe3\xe1\x26\xcf\x64\x6c\xa7\xb2\xe0\x31\x28\x09\x5c\x59\x76\xbf\x3f\x6e\x49\x1a\xf0\xf0\xb6\x40\xc7\x31\x09\x66\xac\x59\xc5\x9f\xbc\x5b\xfe\x05\x48\xf8\x8e\xe6\x1a\xd9\xec\x40\xc1\xc0\x6d\xd2\x9d\x79\x4c\x44\xa3\xea\x22\xc3\xd4\x76\x26\x22\xec\x1e\x8b\x33\x3e\x45\x07\x4d\xb9\x37\x41\xfd\xa1\x93\xc9\x11\xf6\xdb\x58\x79\xe5\x5e\xe3\x6e\xf6\x02\x61\x4a\xe6\x4a\x5c\xde\x9d\x83\x06\xd2\x2f\xbc\x4a\xe9\xc8\x81\xa5\x94\xbd\xe6\x79\x61\x25\xfc\xb6\x28\xb9\xf3\xb6\xfb\x3f\xfd\x51\x1b\x35\x3f\x14\x6a\x27\x27\x2a\xfd\x3e\x5d\x28\xb7\x7f\x58\xa6\x7f\x1f\xd2\x72\x85\xc2\x5e\xcc\x1c\xcf\x64\xe3\x8d\x21\xf3\xb9\xff\x22\xe0\x0e\xe9\x00\x62\x9e\xf1\xa6\x3e\x71\x3f\x25\x88\x83\xdd\x91\x1f\x30\xc0\xd3\x98\xb7\x4b\xd7\x97\x14\x9b\xe5\xe2\x69\x67\x22\xda\x09\xd5\x2d\x4e\xbf\x3c\x67\x39\x29\xd2\x98\xaa\xc3\x4c\xe0\x5b\xea\x08\xea\x9a\x42\x4e\x93\x45\x9c\x2e\xb8\xfc\x22\x22\xc3\x1c\xc1\x3d\x80\x3b\x90\xa8\xa7\x0b\xcd\x0a\x30\xc2\x09\x21\x1d\xc2\xcc\xc8\x5b\x0b\xcd\x45\x82\xc6\x95\xf5\x8d\x80\xbf\x6e\xc4\x71\xa2\x50\x5f\x68\x84\x7a\x75\xf6\xe9\x11\xfd\x87"},
+{{0x7e,0xd8,0x7c,0x36,0xdf,0xdb,0xae,0x60,0xc9,0x40,0xa3,0xb3,0x25,0xc1,0x9f,0xde,0xd8,0x14,0xd7,0x6a,0x54,0x48,0x20,0xa3,0x2f,0x28,0x6a,0x5c,0x0a,0xd7,0x1d,0x72,},{0x3c,0x4a,0xc5,0x10,0xb3,0x62,0x22,0xc2,0x52,0xa2,0xdc,0x1a,0xfc,0xb4,0x0f,0xb0,0xeb,0x85,0xbc,0xa9,0x03,0x91,0x19,0x6a,0x58,0x83,0xaa,0x2c,0xc9,0x12,0xb2,0xdf,},{0x57,0x9b,0x38,0x12,0x4b,0xd0,0x59,0x1a,0x59,0x7c,0xc9,0xa3,0x89,0x12,0x7c,0xea,0xf5,0x51,0x56,0x07,0x73,0x63,0xed,0xb8,0x11,0xd0,0xb6,0x55,0x52,0xac,0xfc,0xc6,0x77,0xb2,0x72,0x94,0x21,0x99,0xca,0x25,0xab,0x79,0x0d,0xe6,0xe0,0x84,0x60,0x3a,0xd1,0x05,0x2e,0xc2,0x10,0xcf,0x6f,0xcb,0x14,0x17,0x28,0x90,0x67,0xce,0x3c,0x08,},"\x62\xd3\x13\x91\x2a\xbb\xb0\x06\xb7\x77\x4a\x67\x37\x71\x4a\x34\x99\x70\xce\x04\x21\x11\x2f\x40\x04\x63\xd3\xdb\x0e\x2f\x7f\x12\x8d\x7b\x96\x93\x9f\x43\xc1\xe7\x10\x7b\x51\x18\xa7\x7c\x11\x96\x83\xd8\x66\xb7\xe3\xd7\x2a\xc2\x1f\x6b\x42\x72\xb4\xbe\x92\x89\xb6\x55\x6f\xe3\x1b\x60\x51\xa0\xb4\x2e\xd5\xea\x0c\xf3\x47\x69\x6d\x30\xfb\x8b\xff\x6b\x8b\x57\x27\x19\xde\x19\xa2\x31\xcc\x85\x45\x9a\x99\x0c\x37\x80\x1f\x08\x37\x18\x6c\xef\xbb\x55\x21\x56\x96\x66\x96\x7c\xd4\x24\x3d\x73\x07\xf1\xb0\xb2\x4c\x8e\x2b\x9b\x69\x23\x17\x30\x4f\xbe\x3d\xd0\xa2\x63\x65\x01\x91\xb3\x52\x16\xf5\x29\x16\x57\x3a\xf9\x05\x24\xf9\x1d\xb1\xa9\x24\x71\xd7\x58\xc9\x2d\xc6\xd1\x4d\x1a\x4b\x26\xf4\x1b\x40\x40\x3c\xa8\x7d\xcf\xab\xdc\xa4\x7b\x9f\xc2\x53\x35\x78\xf1\x61\xf3\xb0\x19\x9b\x5c\x69\x8e\x08\x07\x04\xb2\x1c\x9e\x61\x52\x69\xfc\xd0\xd4\x04\x39\xed\x8b\xc3\xbd\xfb\xc9\xaf\xb4\x4c\x11\xfa\x89\x27\x5f\x0e\xaa\xa5\xd0\x8f\xa9\x59\xd6\x37\x8d\x0d\xb8\x99\x10\xd4\x8f\x2d\x86\xa1\xeb\xfc\x5c\xbf\x10\xeb\x2d\x5a\xad\xf5\x1b\xbd\x83\x44\xff\x8b\xbb\x5b\x8a\xfe\x05\xa4\x50\x11\xb5\xe4\xb7\x2e\xb8\x64\xad\x26\x3e\x8a\x03\xa6\xc7\xf9\x8a\xee\xb3\x54\xf7\x30\xa3\x18\xaa\x30\xfb\x56\xd3\x3d\x80\x74\x8c\x98\xeb\xec\x15\x87\x8c\xcf\x3c\xe8\x22\xf6\x9d\x34\x56\x84\x3c\x40\x0d\xc5\x6b\x48\x1a\x95\xe6\x88\xb8\xa4\x73\x5b\xf3\x84\x3f\x58\x33\xdd\xa0\xef\xe0\x9e\x71\x75\xb5\x67\xc6\x61\x38\x7a\xfd\x2e\xbc\x07\x9a\x48\xe3\x49\x67\xec\x97\xb9\x27\xdf\xa5\x81\x88\x8f\x23\x1a\x98\xa7\xed\x33\x10\x3b\xfa\x8e\x8f\x9b\xa6\x51\x35\x27\x90\x0b\x39\xb8\x62\x31\xda\x79\x11\xa2\xfc\x93\x58\x88\xa7\x5f\x11\x29\x58\x4a\xff\xf2\x02\x52\x49\xc4\x18\x8f\x09\x05\x2f\x85\x68\x77\x06\xd0\x5e\x29\x91\x44\xd4\x0d\xe8\x89\x8b\x7c\x8b\x2d\xfe\xf0\xc3\x70\x85\x73\xd8\xb0\x56\x3a\x6b\xd0\xa5\x04\xc0\xb6\x74\x57\x02\xb1\xb5\x71\x21\xc6\xf0\x40\xaf\xf2\x71\x98\x94\x8b\xa6\x9c\x21\x25\x3a\x28\xd3\x9e\xba\x72\x62\x19\xbe\xda\x1f\x82\x09\xfb\x83\xe9\xad\xb0\x7a\xd4\x09\xfb\xd6\xd2\x55\x65\x88\x9a\xb4\x51\x23\xf9\xd9\x45\xec\xd7\xd9\xca\x70\x28\xec\xe0\x92\xe3\x5f\xbb\x7c\xb3\xf3\x28\x12\x6e\xfd\xda\xc5\xd8\x59\xf2\xb2\xc6\xeb\x09\x01\x33\x69\x0e\x20\xc1\x7d\xea\xf3\x88\x26\x85\xf0\x7e\x9e\xd2\x65\x3b\x80\x3b\x9b\x38\x3b\x70\x74\x8a\x1f\xa9\x2c\x86\xf8\x6d\x6c\x47\xea\x87\xb1\x0b\x12\xe3\x63\xba\x50\x80\x60\xf4\x7c\xe2\xa2\xf3\xb6\xa3\xee\xfc\xd4\xda\xcf\xc7\x1c\x41\xf4\x36\xfe\x0c\x2b\xc3\x4d\x4b\xaa\xd4\x95\x74\xe7\x44\x3c\x12\x6a\x58\x9f\x6e\xf7\xbc\xa4\x49\x54\xf0\xbb\x28\xec\x71\x51\xb0\x51\x1c\x23\xc6\xbc\x42\xd5\xe8\x59\x83\xec\x16\xbb\x5f\x50\xa3\x82\xd6\x88\x15\x0a\x49\x60\x9c\xbd\xe5\x69\x8e\x86\xdc\xbf\x02\x12\xc2\x29\x22\x99\xdc\x4d\xcf\x87\x42\x9f\x6c\xd2\xee\xc8\x09\x48\xce\x86\x7e\x25\xc9\x45\x84\xcd\xc6\x4b\x09\x90\x29\xeb\x85\x4e\xdc\x26\xea\x21\x42\x1e\xff\x48\xcf\x4e\x41\xf4\x9e\x2d\x89\x47\x8d\xef\x06\xc4\x2b\xea\x22\x0a\x13\x3e\x50\xf5\xc7\x44\x64\xc7\xe7\x3f\xb1\xc1\xa7\x7c\x50\x7c\xf6\xcd\xa8\x5b\xe4\x02\xb7\xe6\xd6\xd2\x1e\x81\x0d\x6d\x0b\x59\x72\xb9\xfe\x77\xe5\x4e\x74\xae\xe1\xf3\xbb\xfd\x6e\x7d\xe6\xb5\xc0"},
+{{0x6a,0x29,0xf8,0x1b,0x8d,0x9a,0xa4,0x8a,0x1b,0x23,0x36,0x4e,0xac,0x8f,0x6a,0x4b,0xdd,0x60,0x7a,0x84,0xcf,0xe8,0xe8,0x8d,0x90,0x17,0x5d,0x80,0x64,0x3a,0x58,0xa8,},{0x4c,0x3b,0xe3,0xa2,0xa8,0x42,0x5f,0xf3,0x1c,0x3a,0x0d,0xb4,0xa5,0x2a,0x0c,0xb1,0x41,0x6c,0xeb,0x48,0xcc,0x3e,0x4c,0x28,0xa4,0xf2,0x28,0x4a,0xb3,0x46,0x07,0x15,},{0xdf,0x09,0xcb,0x9b,0x87,0x8d,0x3d,0xc9,0xe5,0x42,0xdb,0xac,0x28,0x94,0x3e,0x28,0xe4,0x1d,0xce,0xcb,0x92,0xcb,0x7e,0xa4,0x40,0x09,0x88,0x5e,0x46,0x49,0x97,0x43,0x33,0x05,0x61,0xba,0x1d,0x36,0xae,0xdd,0x46,0x76,0x75,0xfd,0xca,0x2b,0xaa,0xa4,0x70,0x1b,0x6f,0xad,0x97,0x9f,0xd8,0x39,0xc4,0x70,0xd1,0x3c,0x82,0xda,0xa9,0x05,},"\x78\x76\xa3\xf4\xeb\x69\xbb\x7e\x54\xe9\xff\x95\x4e\xbd\x3b\x10\xb9\x3a\x4c\x1a\xfe\xae\x92\xfa\x03\xc1\x03\xcb\x63\x13\xa2\x01\xc5\xb3\x3a\x9a\x72\x23\x75\x5c\xb5\x10\xe2\x5e\xc5\x82\xb5\x4e\x81\xb8\x49\x56\xf6\xc5\x3f\x1f\x08\xa6\x3b\xf0\xc4\xa2\x61\xaf\x45\x0e\x52\x3f\xe8\xf6\x1d\xdb\x3c\x0e\xea\xb8\x75\x10\x72\x68\x88\x01\xb2\xa4\x73\xb7\x1a\x2e\x38\x70\x8d\xa6\x8c\x2f\x37\x92\x5c\xb0\x5a\x20\xc4\x28\x3b\x3a\xf9\x7b\x6f\x0b\xa6\x5a\x54\x03\x55\x43\x75\xe2\x15\xd9\xe3\xaa\x1b\x0f\x9f\xdb\x0f\x84\x99\x23\xed\xbd\xaa\x0a\xb4\x81\xc5\x45\xa5\xdf\x8f\x51\xd1\xf6\x8b\x22\x35\x07\xea\x0e\xcc\xfa\xeb\xb5\xfc\xcf\x5e\x3d\xfa\x65\xa4\x4e\xea\x50\x45\x68\xa8\x81\x80\xa0\x60\xbb\x06\xc5\x15\x57\xb8\x1e\x66\x7b\x4b\x04\xe3\x21\x0f\xa4\xc3\x79\x87\x6c\x49\xf3\xe5\x6b\xf2\xbe\x1c\xf5\x19\xa7\x41\x83\x93\xd2\x40\xdc\x8a\x22\x4c\x6c\x38\xac\x2a\xb9\xd8\xfa\xdf\xc5\x36\x20\x30\xc7\x93\x0c\x3c\xe7\x79\x5b\x14\x7c\x26\xc8\xa2\x8c\x65\x34\x29\xd9\x0a\x17\x3a\x86\xa8\xb1\x8a\x00\x9e\x62\xae\xf6\xec\xa9\x5d\x39\xbd\xbe\x45\x64\x77\x78\xa2\x53\x2a\x41\x5a\xe1\x9b\xad\x23\x11\x29\x12\x78\x42\xfe\x1d\x0f\x11\xfa\xb4\xa1\xcf\x0b\x17\xe4\x98\xcd\x59\x52\xc9\x39\xe0\x90\x09\x02\x87\xb1\x44\x89\x5d\xff\x00\xce\xc8\xd6\xae\xda\xf6\x24\x81\xa4\x17\x83\xe0\x21\x08\x2c\xe3\x52\x06\x3e\x62\x81\x1f\xd9\x99\x90\x10\x4d\x8a\x46\xcd\xca\xee\x2b\xab\x45\x8e\x52\x47\xfb\x02\x3e\x92\x33\x30\xa4\x28\xc7\xbc\xfd\x20\xb0\x8f\x52\x0e\x89\x46\xdd\x65\x83\x47\x35\x2a\xe0\xc4\xbe\x73\xc3\xd5\xec\xcd\x11\x14\x9f\x3a\xb7\xb8\x05\x2c\xfd\x95\xc3\x5d\x41\x64\x54\x6f\x5d\x8f\x37\x75\x17\xa7\xf4\x32\xc0\xd5\x56\x3a\x7b\xcc\x7b\xd1\x19\xd3\x42\x1d\xfe\xba\xae\x84\x45\x99\xb2\x9b\x38\x3b\xb8\xd5\xdb\xf1\x40\xd9\xbd\x47\xa0\x78\xb7\xae\x7c\x6a\xa8\x7b\x1e\x29\x23\x6c\x9f\xcf\xd6\x54\xb7\xf8\x09\x79\x4c\xcc\xb2\x61\x58\x8e\x18\xde\xc6\xc4\x04\x6a\x93\x40\x67\xd0\xdf\xa0\x37\x91\xd0\x3d\x83\xb7\x18\xac\x4d\x24\xdc\xe7\x85\xa3\x02\x8d\xe0\xc9\x59\x2d\xba\x7c\x5c\x58\x45\x18\x4a\xfc\x9c\x0d\xfc\xf9\x40\x95\x86\x0f\x0e\xb8\x02\xeb\xea\x20\x17\x8e\x78\xb5\x64\x2e\x5d\xd6\x1c\x33\xb3\x97\x69\x05\x2d\x9d\x85\x4d\xce\x90\x2f\x47\x6e\x21\xf9\x6c\x65\x0b\x46\x3b\x7b\xc3\xd0\xff\x29\x96\xb6\x5c\x57\x83\x1f\x8b\x7c\x0f\xb9\x15\xf4\xdd\x72\x26\xac\x95\x5c\xbc\x7d\xfb\x03\xf9\xb7\x58\xdd\x3e\x0d\xfc\xe2\xe0\xe5\x80\xc9\x1a\x30\xc7\x83\xff\x56\x7b\x17\xf1\x2d\xfd\x5d\x31\x37\x64\x6e\x20\x01\x1c\xdc\xaa\xe1\x11\x02\xdc\x71\x68\x86\xcb\xf1\x23\xc0\x94\x88\xb1\x73\x63\x6a\xbd\x54\xe9\x62\xca\xee\xc9\x7d\x5e\xb9\x40\x68\x2e\x70\x3b\x73\x0f\x61\x56\x2c\xd1\x4b\x9e\x65\x61\xb5\xe9\x3f\x60\xcd\x0e\x1e\x86\xd1\xa1\xb4\x71\x9c\x5b\x50\x82\x42\xbd\x6b\x2d\x9a\x54\x8f\x59\xbb\xb8\x75\x07\x59\x69\xef\x20\x32\xf3\x19\x6b\x8a\xec\xcc\x45\xa4\x4d\x9d\xbd\xaf\x87\x8e\xd1\x6f\x1d\x85\x5e\x89\x18\xed\x65\xa4\x5e\xe5\xc7\xfa\x32\xa1\xec\x69\x32\xa1\x59\xcf\xb5\x0f\xfc\x87\xbe\x06\xdf\xcf\x72\x28\xae\x88\x70\xcc\xd3\x57\xfc\x65\x6e\x33\xfa\x4b\x6b\x8b\x7d\x1a\x72\x15\x55\x3c\xab\xac\xc7\x0a\x39\xc9\x80\xb9\x71\xe5\x1a\x17\xed\x63\x18\xb4\x3b\x29\xbb"},
+{{0xef,0x12,0xdf,0x47,0x9d,0x98,0x3a,0xd9,0x6e,0x8b,0xa6,0x53,0x30,0xb3,0x6d,0x49,0xaa,0xdb,0x98,0x31,0x64,0xe1,0xc0,0xb4,0x52,0xb5,0x60,0xde,0xd1,0xd0,0x8d,0x60,},{0xf7,0x61,0xcf,0x28,0x26,0x92,0x7a,0x7c,0xda,0x8c,0xb0,0x4f,0xaa,0x2c,0x59,0xf8,0x42,0x5a,0x8f,0x7d,0x39,0x8f,0x76,0xe8,0x67,0x02,0x1c,0x95,0x1f,0x07,0x38,0x09,},{0x4c,0x80,0x10,0x86,0x6d,0x91,0x15,0xf0,0x52,0x93,0xb9,0x34,0xca,0xc6,0x81,0x04,0xcc,0x2c,0x34,0x37,0x56,0x8c,0xb9,0xd5,0xc5,0x70,0xb1,0xa8,0xbe,0xe7,0x06,0x60,0x30,0x75,0x53,0x70,0x33,0xbd,0x70,0x8a,0x9c,0x9f,0x3d,0x1e,0x25,0x19,0xa9,0x15,0xb1,0xc4,0xae,0x4c,0xcd,0xdf,0xcf,0x0e,0xd0,0xc0,0x49,0xd3,0x42,0xa0,0x2e,0x02,},"\xe5\x8f\x34\xda\xea\x75\x5a\xc4\xe4\x13\x33\xd6\xf0\xed\x01\x35\xf7\xdb\xce\x50\x30\x9b\xb1\x95\x6b\xc7\x1a\xcb\x12\xc7\x70\x67\xa6\x47\xff\xd8\x6a\xa5\x87\x0c\x0c\x00\x07\xe8\xf9\x95\xa2\x2b\x88\xc4\x67\xde\x22\x54\x44\x54\x42\x01\xc5\x57\x49\x5e\x25\x3e\x33\x19\xcc\x5c\xa3\x76\xd3\xe7\xcc\x1e\xb4\x67\x34\x6e\x52\xad\x95\x6a\x6f\xa7\x33\x72\x0b\x17\x11\x7b\x5b\x75\x85\xe4\xd5\x59\x40\x9a\xae\xfa\x95\x58\x0f\x91\xe5\x02\x01\x5f\x49\x7c\x5c\xdc\xb7\xd4\xd5\x61\xf5\x44\xef\xa3\x5c\x1e\x2a\x53\xb7\x2b\xdd\xec\xee\xc2\xd1\x05\x0f\x17\x7d\x48\x0f\x68\x74\x05\x66\x4d\xfd\xde\xc0\x6e\xee\x4b\xd1\x47\xa9\x12\xfd\xbf\x74\xf2\xa9\x5d\x1f\xd1\xe1\x12\x68\x69\x4c\xe4\xd4\xec\x4f\xff\xd6\xdd\xb3\x25\x4d\x36\x0f\x23\x6f\xab\x4d\x1a\x17\xf8\xd0\xd1\xa5\x11\xf9\x44\x69\x2f\x23\x96\x39\xae\x03\xd6\x4f\xac\xec\x65\x38\x42\x7a\xb7\x1f\x71\x27\xf4\xa2\x76\xf9\xbc\x45\xbb\xa6\x11\xdf\xcc\xe6\x44\x6c\xc1\x39\x68\x97\x6c\x8b\xb6\xd6\xfe\x21\x06\xd7\x05\x92\x2d\xca\xc9\x56\x96\x6a\x76\xd4\x8f\x2a\xff\x4b\x86\x51\x4e\x39\xa6\x7e\x16\x43\xfc\xc3\x21\x85\x80\x24\xe6\x93\x18\x98\x33\xc8\xad\x59\xb4\xb6\x25\x29\x8e\xba\xfe\x64\x62\x6b\x48\x0f\x32\x6f\x13\x40\x72\x3c\xb3\xd3\x83\xf4\xfc\xcb\xfc\x23\x7a\x3f\x4c\x4f\x7e\xcf\x0b\xa4\x36\xb3\x2c\x2f\xe3\x51\x79\xda\x93\x11\x1b\x48\xcc\x9e\xa2\x42\x02\xbd\xc1\xb2\xfb\x60\xa4\x31\x9d\xfd\x98\x64\x47\x0f\x73\xf5\x41\x37\x20\x6e\x0b\xf0\x07\xf5\xae\x88\xa8\x87\x47\x00\x8a\x60\xf4\x78\x9a\xd1\x67\x72\x4f\x17\x9c\x02\xb6\x3a\xed\x00\x25\x73\xd2\x8a\x6b\xcf\x88\xe0\x7c\xe8\xda\xea\x5d\x5f\x1a\xcf\x48\x7b\x4c\x5c\x16\xc2\xbf\xe1\x12\x31\xea\x5e\xa7\x63\xe8\xf3\x32\xcc\x73\xda\x1b\x2f\x8c\x19\x8e\xa8\x17\x3f\xd3\x3d\x4b\x2a\xe6\x9e\x5d\x4d\x1a\xad\xdd\xf2\xfd\x82\x1b\x85\xbe\x45\x15\x19\x62\xd1\xf9\x9d\xf8\x13\x08\x61\x88\x52\xad\x7c\xf4\x1d\x72\xda\x08\xa1\xb3\x9d\xf7\xd8\xb9\x94\xb4\xdd\xff\x37\xf9\xdf\xe8\xf3\x8c\xe3\x0e\x91\x06\x1d\x95\xd5\x8f\x7a\xe8\x26\xb0\x23\x85\x27\x2e\xc0\x9f\x01\xa7\xb3\xe4\xb3\x91\xd0\x9b\xce\xd6\x65\xda\xd6\x95\x05\xb4\x19\xda\x84\x81\xbc\x37\x92\xbf\x8b\x8e\x7a\xd6\x4b\x63\xf2\x45\x66\x6c\x8c\x32\xfd\x5c\x1b\x1b\x48\xc9\x95\x1e\x1c\x21\xa1\xeb\x5f\x50\x7c\xff\x13\x7c\xfb\x86\x2c\x2c\xc9\x87\x66\xe8\x78\xc9\x30\xa0\x83\x82\x8c\x9d\x8d\xb1\x8b\xf1\x67\x16\x68\x5f\x39\xd6\x57\x2a\x8c\xa8\xb2\xa5\x14\xf7\x70\x03\xd4\xe7\x5b\xc1\x54\xae\xbf\x14\x10\x37\x78\xf3\x65\xb1\xc3\xf0\x35\x41\xdd\xbd\x07\xd6\xe2\x3e\x56\x76\x2d\x97\x1e\xb0\x29\x83\xe9\x3c\x4e\x01\xba\x4b\x8a\x21\x78\x92\x8c\x43\x37\xd3\x02\xf3\x1c\x9c\xcb\x75\xb2\x49\xa8\x2d\xc9\x68\x21\xe9\x5a\x03\xab\x6b\x77\x0d\xf2\xc3\xdf\xdb\xf1\xfe\x97\x73\xf8\xbc\x1b\xc5\xb3\xaf\xa0\x44\x0b\x10\x25\x78\xf3\xd2\x13\xc8\xd0\x19\xcf\xf1\x24\xf7\x5c\xe4\xac\xcc\x8c\x66\x7f\xeb\x27\xc7\x51\xa6\x12\x00\x74\x81\x31\x04\xe0\xcd\x07\x0c\x9f\x5e\x45\x1d\xcc\xff\x4c\x80\xd7\x11\x07\xc9\x75\xab\xfa\xc0\x7d\x4d\x27\x0c\x72\x7d\x8a\x2f\xec\x34\x9b\x53\x39\x68\xe2\x71\x89\x2d\x2b\x62\xc1\x25\xfb\x79\x74\x60\x3c\x30\x5e\xa3\xbf\xa3\x0f\xb6\x10\xfc\x5a\x23\xeb\x68\xa8\x40\x64\x44\x39\x1a\x52\x13\x37"},
+{{0xf7,0x31,0x31,0x7c,0xf5,0xaf,0xfe,0x58,0x70,0x4c,0x4d,0x94,0x97,0xae,0x86,0x0b,0xbf,0x73,0x9d,0x0f,0xd9,0x6b,0x7c,0x02,0xef,0xb6,0x77,0x7b,0x3c,0x85,0x8a,0x19,},{0xd7,0xd6,0x38,0xae,0xcc,0xe1,0x46,0x1e,0x31,0x42,0x55,0xaa,0x29,0xd9,0xa6,0xb4,0x88,0xae,0xa1,0x39,0x6e,0x96,0x82,0x69,0x5a,0x47,0x0e,0xff,0x23,0xf3,0xed,0x84,},{0x2a,0x4f,0xea,0x98,0xf9,0x24,0x01,0x71,0xa1,0x82,0x3f,0x2f,0x69,0x35,0x20,0x62,0x67,0x2e,0x6c,0x6e,0x66,0x52,0xd3,0x88,0xa8,0x77,0x14,0xd6,0x47,0x99,0x5d,0xf7,0x5b,0x6e,0x1e,0xd1,0x74,0x6a,0xf2,0xad,0xf4,0xe8,0x06,0x13,0x5d,0x60,0x75,0x4e,0x60,0xfe,0xa0,0x32,0x12,0x8e,0x35,0xab,0xc1,0xf1,0x61,0x51,0x81,0x12,0x5f,0x0b,},"\x16\xf5\x1c\x59\xe9\xae\xfc\x26\xb0\xda\x5e\x00\x85\xeb\x2e\x2f\x1f\x85\x6d\xef\x97\x25\x76\x9e\x3a\xf1\x2f\x86\x09\x05\xae\x13\x3f\x65\x07\x4d\xa7\x6d\xbf\x25\xc6\x7f\x62\x57\xd2\xdc\x66\xc0\x5f\x9b\x31\xae\x17\x7b\x69\x92\x9f\xc1\x83\xb5\x88\xc5\x19\xbc\xa1\x47\x96\xa0\x89\x6d\x29\x05\xfd\x94\x2d\x7a\xb4\xa3\xfd\x95\x41\xa5\x52\x9f\x72\x9c\x58\x51\x41\x9b\x5f\xbe\xf7\xb1\x34\xd6\x76\x2e\xb9\x7e\x8a\x95\x1a\x8f\xf5\x2a\xa0\xd7\xe6\x74\x44\xd0\x6b\x07\xaa\x55\xe4\xeb\x9a\xb8\x92\xf4\x7b\xfd\x11\x1d\xf5\xb6\x2f\x6f\x3f\xd1\xa5\xed\x84\x12\x5f\xee\xbb\x77\xda\x63\x7c\x05\xd5\x26\x5c\xed\x11\x3d\xfe\x87\x82\xdb\xd1\xce\xcd\x2c\x6c\x03\x2b\x8f\xa8\x85\x5b\x3a\xe7\x8d\xe7\x4f\xaa\x5a\xa2\x0a\x76\x14\x63\xc2\xa3\x0b\xe6\x6b\xd3\x8c\xde\xc7\x5f\x89\x57\xcb\x94\xc1\x13\xa4\x5d\x54\x6d\xaf\x47\x5d\x89\xaa\x14\x82\xf8\xd2\x80\x3a\x23\xc9\x39\x20\x20\x15\xa0\x8e\x94\xb1\x32\x72\x8f\xbe\x8f\x60\x19\xd7\x16\x8a\x08\xa5\x93\x01\x70\xe5\x63\x9d\x11\x0e\x47\x39\xdb\x85\xe6\x1e\x64\x49\x59\x44\xb5\x42\x3a\x74\xad\x5a\x8a\x0a\x51\x06\x12\xec\xe6\x55\xce\x18\x86\x40\x51\x52\x5b\x90\x8e\x0b\x19\x29\x0a\xbe\x8b\x11\x82\xc4\x8c\x70\x0d\x35\x05\x15\xfd\x34\x99\x56\xe8\x08\x73\x27\xf3\x0b\x6f\xc3\xf1\x31\xc2\x14\x4a\xbb\x3f\x0e\x9c\xa3\x31\x17\x2b\x35\x06\x4a\x82\x81\x1a\x68\xe2\xcf\x36\xb4\x3e\x3a\xd2\xe8\xdf\xa5\xb1\xce\xf5\x0e\x2a\x60\x29\x3f\xc5\xf6\x35\xc9\xa9\x99\x8d\x8c\x1a\xd2\x96\xe7\xc7\x8f\xc0\x58\x20\x22\xd6\x30\x67\x18\x6b\x65\xe7\x64\x82\x8c\xc0\xf5\xf7\x63\x2d\x5e\xef\x86\x3e\x6c\x6d\x90\xe3\x8c\xcc\x87\xd7\xb7\x47\xfa\xc8\x49\x1d\x63\x2c\xf7\xf5\x4b\x9a\x9e\xed\x16\xee\xbe\xc0\x1b\x6c\xc3\x3d\x24\x63\xf7\xf9\x50\xd8\x28\xb5\x5e\xe3\xf7\x7c\xbe\x97\x4f\x48\x94\x8e\xb7\x57\xae\xd4\xe0\xdb\xb0\x0a\xd9\x5e\xe0\x13\x23\x48\x6e\xba\x3c\x8d\xa8\x86\xed\x7f\x57\xbb\x40\x0d\x63\xa1\xb2\xeb\xea\xa2\xe7\x0a\xdf\x03\x79\xe3\x39\x30\x01\xba\x62\x6c\x0d\xd5\x4b\x7f\x0c\x9a\x25\xaa\xe6\xc9\x87\x5d\x4e\x76\x22\xf3\xed\x42\x8f\xb3\x12\x4b\x29\xc5\xdb\x9a\x7e\xf1\x6e\xbd\xdd\x68\x05\xf0\x95\xf5\xe7\x69\x82\x3c\x43\xf2\x62\x86\x8f\xf4\x3e\x3e\x05\x25\x74\x6d\x94\x97\xaf\x12\x4a\x01\xdf\xf6\x1e\xc7\x18\xaf\x3b\x5b\xb7\x46\xfc\xc0\x8a\xeb\xd1\x66\x84\xd4\x56\xae\x79\x32\xff\x5e\xd7\xd6\xb0\xf1\xb2\x5c\x7a\xde\xef\x59\x8b\x5d\x58\x87\x75\x90\xac\x1d\xc0\x59\x75\x15\x67\x96\x99\x87\x74\x08\x1e\x5b\x66\x82\x2a\x94\xa6\xa8\x02\xc3\xa2\xcd\x9f\x48\x9e\x16\x28\xaa\xf4\x65\x2b\xe1\x18\x4b\x0f\xc7\xc5\xee\x7f\x97\xce\x08\xb9\x23\x3b\x4b\x83\xd9\x36\x7b\xe5\xf4\xaa\xe9\x78\x25\x93\xa3\x52\x65\x15\x4d\xea\x4c\x37\x5c\x16\xf0\xca\xf6\xdc\x45\x94\xd2\xbd\xbf\xc3\x37\x5b\xb2\xa0\x43\x2c\x48\x2f\x13\x94\x1c\xe2\xaa\xab\x4d\x83\xe7\x4d\x11\x6f\x5d\xe4\xab\x28\xf8\xdc\x3d\x1c\xd1\x9d\x27\x1e\x56\xe1\x03\x98\xbd\x1d\xf5\xc8\x70\xfc\xbf\x93\xa7\xd1\xdf\x39\x39\x54\x7c\x10\x7b\xfd\x90\x64\x3f\x6f\x50\x01\xae\x7e\x06\x39\x7a\xe1\xa2\x71\xbb\x82\xa1\xf3\x8e\x09\x7b\xec\x66\x74\x66\xb8\x0e\xe3\xe5\x0d\xd4\xfc\x9d\x5d\x54\xf1\x8f\xaf\x7a\x5b\x55\xa8\x83\x45\x94\xef\x0c\xb7\xe5\x08\xbb\xd2\x8f\x71\xfd\x34\x23\x5b\xbf\xd3"},
+{{0x49,0x8e,0x5a,0x21,0xa9,0xb0,0xc3,0x47,0xba,0x83,0xa4,0x7a,0xc1,0x00,0x69,0x45,0x7f,0x57,0x83,0xc2,0xe1,0xe6,0xe4,0x64,0x00,0x45,0xe5,0x94,0xb1,0xc6,0x93,0x32,},{0xfb,0x39,0x48,0xc8,0x11,0x99,0x56,0x91,0x05,0xcc,0x1b,0x7d,0x9c,0xeb,0x3b,0x41,0xa3,0x43,0xbb,0x00,0x57,0x55,0x38,0x59,0x2e,0x09,0x84,0xf4,0xf4,0x71,0x0a,0xbe,},{0x28,0x60,0x83,0x0c,0xcd,0x1d,0x41,0xd9,0x50,0x76,0x81,0x6a,0x39,0x84,0x24,0xf7,0xb7,0x39,0xc4,0x9f,0xda,0xcf,0x56,0x54,0x52,0x9d,0xa8,0x5f,0xe3,0x56,0x55,0x84,0xf6,0xaa,0xc2,0x61,0x4c,0x63,0xf7,0x74,0xb6,0x1d,0xb9,0x08,0x1f,0x14,0x10,0xfb,0xa8,0xe5,0x0a,0xb3,0xb4,0xc3,0x9d,0xc0,0x63,0x14,0x24,0x3f,0x3f,0x0d,0x8e,0x0f,},"\xe4\xfb\xea\x86\x4a\xa5\x11\x90\x82\x66\x45\xd2\xf7\x72\xcb\x0f\x9e\xdd\xd3\x03\x44\x73\xfa\x31\x77\xc7\xaf\x9a\x5d\x41\xe1\xa7\x3a\xd5\x78\x4c\x70\x96\x55\x9f\xcd\xdb\x7b\x7c\x85\x89\x1c\xf2\x4e\x82\xc5\x88\xd7\x47\x74\xff\xca\xc0\xc6\xb4\xee\xbc\x2f\x3f\xa4\x3e\x9d\x45\xf2\x59\xd6\x75\x64\x03\x0c\xfe\xea\xb9\x23\x6c\x66\x5b\x65\x0a\xf0\xc9\x2c\x87\x51\x89\xf5\xf9\x38\x35\x04\xb1\x53\x60\xa0\xb9\xa5\xa0\x0d\xa3\x1f\x63\x5b\x96\xf6\xc7\x3e\xf4\x7b\x6b\x06\xf0\x28\x11\xd1\xd1\x9c\x2e\x8e\x53\x55\x0c\xe2\x2e\x42\xec\x50\xa1\xeb\x2e\xa2\xf4\xcd\x03\xc4\x42\xd4\xaa\x43\x68\x94\x23\x8c\xeb\x18\x35\xfe\x99\xb2\x40\x35\x8a\xa0\x56\x2c\x24\x96\x98\xa3\xf1\x23\xc2\xc1\x7e\x59\x10\x10\xbd\x6f\xdf\xcb\xd7\xdb\xe7\x0b\x04\x52\x05\x02\xec\xe3\x7a\x9a\x1d\xfa\x1a\xe3\x37\x04\x17\xb0\x04\x21\x7a\x5b\x8f\xe9\x90\x3c\x9a\x3b\x9f\x4b\x6d\x5c\x46\xc0\xed\x0c\x53\x8c\xec\x22\xf2\xdf\xcb\x2a\x28\x0a\x42\xad\xc4\x89\xcf\x2e\x06\x29\x12\xbe\x99\x28\xf0\xc0\x60\x89\x1e\x43\x20\x91\x17\x75\x26\xf1\xb3\xa9\x68\x06\x9d\x4a\x57\xad\xe8\x28\x55\x98\x10\xae\x03\x60\x68\x1f\xf9\x93\x29\xfa\x0f\x59\xe7\xe5\x9c\xdf\x87\xf9\xf3\x3c\x40\xe9\x70\x31\xb9\xf8\x1d\x48\xfc\x12\x28\x6e\xfb\xb3\xd4\xe5\xa6\x2e\xf5\x7b\xc0\xd5\x2d\x53\x3b\x99\xc5\x10\x6a\xa7\x9c\xfe\x17\x93\xa9\x08\x51\x85\x96\xc3\x83\x48\x3e\xc4\x9f\xf9\x8e\xc5\x57\xbf\xff\x74\x90\xa4\x6d\xaf\x67\x14\xf2\xc2\xc3\x2f\x57\x93\x2c\xa0\xd7\x30\xf0\x3f\x38\x1d\x69\xde\xcd\xbd\x9a\x7a\x6d\x4a\xfc\x62\x40\x65\x43\xc8\xeb\xe9\x0a\xc7\x6e\x6a\xfa\xbd\xb8\x24\x92\xa2\x06\xa3\x69\xe0\x42\x86\xd3\x13\xe1\x11\x07\xd8\xcd\x9b\x4b\xf6\x8f\x81\x5d\xba\x4e\x99\x0b\x04\x9d\x79\x21\x6d\x36\x53\x13\x83\x42\xcd\x11\x8b\x13\x0f\x66\xb0\x06\xf3\xd8\x9a\xc3\xcf\x89\x83\x70\x48\xb0\xf8\xa6\x2d\x94\x05\x1d\x2e\xab\x89\x1a\xc5\xf4\x78\x88\x87\x9d\x88\xe5\x46\x67\x6d\x1d\xae\xeb\x4d\x17\x5d\x3f\x04\xa9\xd7\x4f\xfc\xdd\x47\x74\x60\x16\xf8\x4a\xd0\xd1\x12\xaf\xb5\x9a\xd1\x21\x87\xe9\x4f\x22\x53\x5d\x77\xe9\xe0\x51\x6f\xa4\x21\x85\xc1\x97\xba\x77\x4b\x39\x32\x27\xf7\x41\xfe\x68\x27\x3f\x42\x3f\xb0\xe0\xe0\x47\x4b\xfd\xaf\x2d\xa7\x8a\xeb\x1c\xd5\xb9\x8c\x1d\xc0\x83\x21\x24\x74\x2a\x47\x54\x12\x5f\xc7\x8b\x19\xc5\x59\xa5\xb3\xf7\x71\x1e\x06\x8c\x44\x0c\xc0\x46\x9a\x1c\xfa\x5c\x18\x64\xbe\x18\x73\x5a\xa8\xbc\xd4\x06\xc4\x37\x1e\xb8\x57\x75\x4d\x90\x8b\xf3\x79\xb9\x1f\xcb\x24\xe3\x43\x96\xbf\x87\xc1\x9a\x04\xa8\x3d\x59\xda\xe7\x1f\x3f\x38\x39\x82\x9d\x06\x22\x13\x01\xef\x59\x56\x96\xe7\x19\xd5\x6b\x79\x52\x0a\x0e\x50\x99\x29\x83\x3b\x1d\x80\x4a\x6a\x0e\xa4\x04\x00\xbb\x45\x02\x8c\xe5\xd3\x69\x33\x88\x3e\x17\x40\x6e\x27\xa8\x10\x90\x57\xb1\xa1\xa5\xe5\xda\x21\x0a\x69\x21\x99\x4f\x46\x7a\xb4\x1a\xa8\xf0\xd8\x87\x75\xa8\xa8\xeb\xb4\xec\x77\xd7\xc8\x0e\x45\xa7\xbb\x42\x2a\x4c\x00\xc9\x05\x83\x91\x14\x65\xe6\xb5\xf0\xfd\xcd\xea\xb7\x28\x71\xca\x54\x2e\x1d\x1a\x2c\xa9\x4d\xf4\xed\x2e\xab\xf9\x0d\xed\x00\x45\x29\x03\x24\xa9\xff\xfb\x30\x14\x54\x70\x20\x9f\x38\x26\x58\x09\x89\x34\x91\x99\xdc\x5a\xb8\xd4\xa2\x5d\xf7\xa0\x52\x9c\xf9\x14\x71\xe3\x08\x42\xab\xfa\xcd\x44\xab\x78\x1d\xfc\x13\x95"},
+{{0xc2,0x4c,0xbf,0x40,0x1a,0xd0,0x3b,0xd8,0x8d,0xcc,0x7b,0x51,0x9e,0xcf,0x62,0x4d,0xb2,0x22,0x3e,0x99,0x02,0x89,0x30,0x9e,0x1e,0x9f,0x1f,0x8f,0x61,0x27,0xc6,0xc9,},{0xa7,0x46,0x66,0xf3,0x57,0x20,0x9f,0x71,0x89,0x90,0x37,0x88,0xf1,0x07,0x56,0x3e,0x50,0xc0,0x51,0xc3,0xd4,0x0c,0x3f,0x3d,0xad,0x10,0xd3,0xc3,0xcf,0xf1,0xe6,0x78,},{0x58,0x1e,0x6c,0x85,0xae,0xc6,0x23,0xb6,0x2b,0x3d,0x4c,0x9b,0xc9,0xc7,0x77,0x59,0xd5,0x49,0x27,0x22,0xe2,0x52,0xd4,0x4c,0x1f,0x8a,0xda,0x9d,0xa2,0xec,0xc6,0x7c,0x17,0x08,0x32,0x73,0xaa,0x09,0x1b,0xba,0xc0,0x46,0xae,0x63,0xc7,0x88,0x93,0x15,0x2e,0x14,0xd9,0x26,0xc4,0x1a,0xe3,0x5f,0x0e,0x6e,0x39,0x59,0x49,0x6b,0x13,0x06,},"\xe7\xfa\x35\x9e\x6a\x09\xb2\xc5\x4a\xab\xed\x3b\xba\xbf\xb7\x28\x53\xa8\x05\xaa\xbc\xf4\xd1\x8d\xda\xd3\x9f\x03\xf3\x46\x01\xe5\x5b\x6c\xe2\x63\xc9\xa3\xca\x6a\x3e\x5f\x14\x25\xc8\x21\x92\x8c\x61\xe7\xf7\x50\x91\x9b\xd3\xaf\x32\xbc\xb7\xb9\x4d\x45\x9a\x7a\x9a\x35\xf6\x1c\x94\x17\x92\xe2\xcc\x2e\x43\x27\xbe\xb3\x44\xa8\x41\xa0\x7f\x32\x06\x8a\xf1\x02\xb3\xde\x61\xea\xb6\x4e\xf6\xd5\xe6\x90\x62\xe3\x93\xab\x5e\xdf\x6a\xc9\xef\x7b\x38\xd4\x9a\x01\xbe\xf0\x00\x3f\x42\x11\x74\xc8\x88\x59\x75\xc0\x18\x32\x89\x9c\x31\x35\xe7\xa8\x6e\x5b\x55\xd9\xb1\x32\x8b\xb4\x28\x9b\x5c\x40\x20\x0f\x49\xe5\x52\x3b\x3c\x46\x1d\xc7\x17\x5e\x14\x65\x02\x22\x97\xc3\xd3\x80\xf2\xb1\xfe\xf3\x9c\xb8\x2c\x00\xfd\x16\x0f\x44\x7e\xb5\x12\x63\xfa\x25\xb4\xdf\x0f\xca\x41\xec\x0c\xa2\xec\xe7\x47\x22\x01\xaf\x86\xc3\x03\x8c\x49\xdf\x09\x9a\x9a\xef\xa1\xf8\x8d\x0e\xdf\xd1\x7c\x0b\x3c\x86\x04\x66\x29\xc0\x94\x54\x05\x4a\xa0\xfb\x2c\x69\x49\xdd\x9c\x13\x01\x85\xdf\xa5\xd9\x03\x89\x1e\x08\x74\x2c\xd0\x42\x94\x03\xf5\x7f\x40\x52\x15\x8b\x2f\x40\x1d\xa4\x75\x68\x54\xe4\xaa\xf0\x24\x22\x1e\x37\x51\x3c\xf6\x77\xee\x6a\x0b\x15\x9f\x50\x1d\x37\x7e\xa3\x2e\xb7\x1e\x77\x80\x04\xf2\x72\x03\xcd\x6d\x55\x3f\xda\x5d\x65\xe1\x87\x94\x77\x04\x6f\x3e\xa3\xd1\xd7\x5c\x9d\x0d\x30\x31\x14\x56\x70\x9c\xc7\xf6\xab\x68\xc7\xb0\xd5\x2b\xe4\x0f\x04\xcf\x65\x56\x55\x32\x32\x85\x31\x83\x29\xe8\x4c\x6a\x5b\x07\xe0\xce\xed\x5f\x78\xf7\xf1\xfa\x62\x29\xbe\xf8\x78\x79\x3c\x58\x47\x28\xab\xf4\x51\x0b\x7f\x27\x79\x4b\x59\x42\x91\x62\x54\xc5\x89\xa0\x9c\x8e\x91\x1f\x0b\x95\x42\x11\xa6\x36\x99\xa7\x52\x14\x7f\x2a\x4e\x1a\x18\x95\x66\x44\xbe\xa2\xca\x26\x92\xba\x18\x22\x80\xe0\x4a\x72\xdd\x89\xb0\xd1\x26\x85\x00\x93\x8f\x34\x7b\xf4\x3f\x2a\x24\x2e\xe9\xb9\xa6\xba\xac\x9b\x35\x0d\x65\x6f\xb1\x9e\xc8\x34\xab\xe3\x16\x44\x40\xf2\xd2\x07\x1f\xe5\xe3\x2c\x8e\x4c\xf9\x05\x53\x9b\x83\x9c\xee\xca\x26\x20\xfc\xb2\xa0\x87\xf7\x80\xe6\xc7\xf5\xe0\x5c\x50\x68\x88\x25\x0e\xa7\xc8\x56\xfb\x30\x98\x32\x00\xaa\x8f\x78\xfc\x17\x71\x05\x4a\xda\x0f\x3f\xac\x38\xae\x2f\x33\xdc\x4a\x4f\x85\x1b\x76\xed\x74\x0c\x09\x62\xa7\x6a\x4d\xe4\x40\x80\xdc\x62\x0a\x44\xad\x8f\x23\xd3\x46\x2b\x79\x2a\xb3\xaf\xb1\x9c\xb8\xa9\xf4\xd9\xe5\x9a\xd7\x65\xa7\x71\x89\x9d\xa8\xcb\xec\x89\xe5\x07\x7e\x85\xc0\xc9\x31\x26\x37\x6c\x94\x1b\xef\x1f\x8b\xb9\x92\xd3\xa3\x5f\x27\x07\x25\x84\x6f\xb2\x52\xf8\xb5\xfb\xb7\x56\x7e\x40\x6a\x1b\x53\xb6\x19\x76\x9e\x63\x2b\x2b\x40\x87\xcd\x4c\x27\x6e\x5d\x58\xff\x2b\x56\xe8\x9e\xde\xc4\x8c\xe5\x3a\x52\xe3\x29\xca\x15\x59\x53\x8f\x10\x90\x2c\x01\xa8\x5f\xbb\x3c\xd7\x2e\x6b\x82\x91\xe5\xfe\x63\x9b\xee\x9d\x47\xd3\x4c\x24\x9a\x7a\x07\xd7\xa1\x42\x7a\x01\xf6\x3d\x60\x98\x4c\x45\x0b\xef\x81\x9b\x19\xf6\x5e\x26\x14\xfd\x9c\x2f\xae\x7b\x92\x31\xa0\xbc\xa4\x14\xed\x94\xa5\xee\x7e\x66\x32\x7d\x2a\x99\xc8\x48\x78\xb7\xbe\xe0\x87\xe8\x91\xf2\x53\xfa\x1f\xec\xe3\x13\x64\x8c\x06\xc4\x5d\xb2\xd9\xf3\xbc\x85\x99\x93\x7b\x75\x2d\x38\xce\x50\x63\xd0\xed\x9a\x43\xec\x9d\x40\x15\x89\x3d\x43\xbf\x5b\x2d\x1c\x60\x47\x85\x10\x46\x89\x68\xb7\x96\xf0\x15\x37\x89\x59\x54\x41\x72\x2a"},
+{{0x8b,0x3d,0xcd,0xe4,0xab,0xbf,0x4e,0x62,0x11,0xc4,0xa5,0x1c,0x4b,0x02,0x68,0x00,0xa8,0xa2,0xa0,0x61,0xcb,0x38,0xa2,0xec,0xc7,0xc9,0xcf,0x11,0x3f,0x92,0x70,0xbf,},{0x51,0x45,0x35,0x58,0x0f,0x0d,0xe3,0x59,0xbb,0x0d,0x41,0xf2,0xef,0xdd,0xaa,0x04,0xc2,0xec,0x95,0x01,0x19,0xf3,0x16,0x34,0xb2,0xc1,0xa3,0x2f,0x19,0x5f,0x69,0x68,},{0x4f,0x3d,0x4d,0x22,0x85,0x03,0x01,0x7e,0x74,0xa6,0xbb,0x58,0xaa,0xfa,0xe3,0x5c,0x3f,0x37,0xbd,0xee,0x4f,0xf6,0xbe,0x2e,0x62,0x40,0xb5,0x08,0x2f,0xed,0xdb,0x22,0x27,0x35,0xe1,0x2f,0x31,0xe0,0x56,0xfa,0x68,0x54,0x47,0xe5,0x38,0x48,0x03,0x00,0x7e,0xa7,0x91,0x0e,0x60,0x5c,0x1b,0x78,0x11,0x8c,0xd5,0xac,0xc5,0x87,0xa6,0x06,},"\x48\x14\x25\x02\x7d\xa6\x72\xb6\xf2\x6c\x91\xb8\x0e\x55\x58\x2c\xae\xf4\x7b\xb1\x5a\x2d\xe8\xfc\xa8\x52\x22\x17\x85\x18\x0b\x20\xa7\xfd\x6d\x49\x07\xb5\x88\x1c\xc1\xd6\xe3\x9a\xb9\x61\x2c\xc7\x4d\x69\x77\xe9\x14\x1f\x70\x87\xbb\x27\xab\x30\x84\xa2\x62\x85\x58\x6f\x84\x11\xdb\x1f\x50\x3a\xdf\x52\xdc\xb2\x5a\xb8\xff\xfd\x2e\xc1\x50\x4c\x17\x77\xb9\xd6\xdd\x4a\x29\xe2\x01\x9e\x5c\xba\xe1\xb7\xeb\x26\xf9\x5b\xbe\x07\xd9\x0c\x2f\x6f\xb0\x88\x4a\x59\xa8\xd5\x8d\xde\x51\x16\xed\xc3\xbc\x34\x9d\x37\xc1\x60\xb2\x7b\xef\xbe\x5a\x5c\x18\x1c\xe7\x25\x63\x92\x35\x4d\x22\x1b\x58\xc4\x7e\xb0\xbb\x10\x92\x9e\x74\x21\x79\x5f\x4b\x7a\x7c\x27\x5e\xdd\x08\xc0\x88\x56\x87\x72\xe9\x93\x21\x8d\xd6\xf3\xc2\xcb\x4a\xc6\x57\xa0\xa3\xf9\x1f\x31\x26\xb9\x91\xad\xf6\xcb\xe7\xd1\xb1\x9b\x8c\xd8\x3b\xe3\x60\x2e\xd1\x8f\x03\x96\x33\xfb\xd2\x38\x7b\xda\x69\xe2\xcf\x03\x87\xd8\x64\x4d\x97\xb3\x03\xfb\x00\x63\x9a\xee\xe7\xae\x46\x3f\x6f\xe1\xa2\xc4\xb8\x9a\xeb\xa3\xe9\x09\x4c\x11\xfc\x29\x11\x4b\x20\x28\x3f\x28\x7c\x6d\xd2\x8c\xb0\x98\xda\xe8\xda\xbc\x48\xe8\x5b\xb5\x9c\x0d\xc6\xe7\x8c\x95\x66\x05\xcb\x7c\xf0\x69\x42\x35\x3e\x7a\x22\xe9\x6f\x80\xa3\x7a\x66\xf7\x18\xd9\xe4\xdb\x8c\x52\x45\x2a\xa0\xa3\x57\x72\xe8\x1b\xa2\xb3\x03\x20\x5b\x41\x2d\xd2\xbf\xc1\x5c\xe9\xb4\x36\xf9\x9f\xbb\x32\x12\x6b\x63\xce\x9c\xb4\x31\x99\xf1\x57\xd8\x17\x51\xa7\xc4\x93\x7d\x13\xaf\x4c\x58\x29\x52\xb5\xd6\x06\xb5\x55\xb0\x46\xbf\x1d\xe0\x6c\xf3\x9b\x63\xa8\x02\x87\x37\x18\x03\x60\x9a\x38\x7e\xe8\x0f\x3a\x5d\x88\xb9\xd6\x21\x96\x50\xed\x17\xd3\xcc\x18\x3b\x2c\x70\xd5\xeb\x94\xe3\xbc\x52\xae\xa7\xaa\x7f\x53\xbe\x0e\x20\xb8\x97\x2f\x14\x3d\x8e\x20\x16\x2e\x80\x3e\xdb\x4a\xa8\x3d\x55\x53\xfd\xd5\x53\x39\x8b\x0f\xa1\x76\xb9\x59\xcb\xa1\x40\xd6\xe9\x80\xc9\x25\x1b\x0f\xa0\xb6\x5e\x90\x84\x17\xf8\x2f\x45\x1f\xf9\xf2\xde\x6b\x9c\xa5\xe3\xb5\xf4\x1b\xa4\x0d\x05\xa5\x4f\x3d\xab\x48\x86\xaa\xcc\xa0\x5c\x9c\x27\x98\x13\x9a\x4c\xb3\x3e\x96\xa9\x14\x94\x74\x99\x10\xa1\x7c\xe8\xb3\x92\xfc\x0f\xc7\x76\x29\x74\xd7\x9d\x33\xdb\x92\x4b\xfe\xf8\x65\x5a\x72\x37\x76\xff\x87\xf9\x50\xfd\xc5\x68\xb1\xe5\x26\x53\x45\x41\xf5\x72\x72\x3b\x84\x06\x63\xc1\x91\x88\xc4\x24\xf7\xc4\x89\x23\x5a\x42\x4b\x09\xfe\x25\xc3\x07\x27\xea\x1c\xb0\x49\x53\xd7\x06\xd6\x8b\xfe\x12\x10\x0e\xf6\xf6\x4c\x35\xc6\xb8\xde\x67\xed\xf0\xe3\xad\x01\x4a\x40\x0e\x82\x1e\xa3\x40\x24\x32\x19\x99\x86\x7b\x43\xc8\x2c\x45\x01\x84\xb7\x8f\x74\x25\xce\xbd\x73\x19\xdc\x6f\x65\xd3\x60\x66\x5d\xfb\xe7\xc3\x66\x74\xda\xc3\xa5\x4e\x96\xda\x91\x0c\x02\xd3\x64\x07\x80\xb2\x2d\x51\x2c\xa0\xe3\xca\x35\x87\xb9\x4e\xa9\xfc\xd7\xa3\x1b\x4a\xf6\x9f\xd6\x20\x7c\x68\xfe\xd2\x5f\x89\x92\x1c\x1c\xdc\xde\xfd\x1c\x09\x02\x04\x49\x2b\xff\x9b\xbb\x52\xe0\x88\x85\x82\x9d\x01\x2b\xc2\xdf\xb4\xfe\x8c\x35\xe5\x9c\xd1\x3b\xcb\x8e\xad\x34\x19\x3c\x40\xb0\x3e\xe4\xd8\x25\xee\x13\x22\xff\x4e\xf0\x71\x27\x95\x74\xcb\xae\xe7\xc0\x7f\x14\xbe\x60\x6b\x9c\xd0\xe2\x61\x11\x1e\xf2\x0d\x96\x81\xd7\x6c\xf7\x8c\x89\xa8\xc3\x97\xd6\xb8\xdc\x77\x8f\x49\x84\x16\x6a\xd5\xdf\x3a\x81\xaa\xf2\xe6\xde\x09\xf7\x00\x19\x5a\xe2\xc1\xd4\x60\x96\x47"},
+{{0xd4,0xa7,0xa9,0x52,0x4d,0x30,0xa6,0x33,0x7c,0x0a,0x0b,0xe9,0x5c,0xa9,0x05,0x91,0xde,0x98,0x88,0x03,0x8e,0x3e,0x59,0xe1,0xb2,0x5a,0x41,0x81,0xef,0x94,0x66,0x29,},{0x9f,0xc3,0xeb,0xd1,0x39,0xcc,0x5b,0x7c,0x0e,0x05,0xaf,0x47,0xbf,0xf6,0x61,0x9b,0x81,0x28,0x15,0xbb,0x01,0xce,0xec,0x39,0x2a,0x3f,0xf0,0xae,0xc3,0x81,0x1d,0x2c,},{0xd1,0x57,0x88,0xbc,0xd8,0x8d,0x1d,0x81,0xb9,0xe6,0x1d,0x4f,0xe2,0x6e,0xa4,0x9e,0x66,0x81,0x9a,0x59,0xd2,0xae,0x48,0x32,0x32,0x1b,0x81,0x4d,0x50,0x62,0xfa,0xdb,0x87,0x80,0x7d,0xb6,0x85,0x2e,0x1d,0x82,0x95,0xe3,0x1a,0x29,0x1b,0x1e,0x78,0x5d,0x01,0xd8,0x34,0x89,0x5f,0x88,0xf4,0x00,0xdf,0x88,0x32,0xc1,0x60,0x7b,0x5b,0x0c,},"\x17\x19\x80\xc0\x3f\xdf\x7a\x72\x7b\xd5\xba\xb3\xba\x09\x45\xe6\xad\x5f\xaf\x0a\x7f\x50\x6a\x56\xd1\xd0\xed\xd9\xa3\x06\xb3\x15\x8d\x84\x32\x66\xd3\x09\x1f\xc1\xe4\x22\x81\xdf\x97\x55\x9a\x22\x01\xf5\xbd\xdd\xfe\x68\x3d\x0e\x10\x28\xd1\xd9\x5b\x2f\x31\x3b\x48\x4c\x39\x2f\xfd\xb1\xcd\xf8\x85\x08\xaf\xde\x3d\x6f\xd2\xa1\x28\x88\xba\xce\xde\xb7\x9f\xf3\xdb\x40\xc9\xac\x0e\xc3\xfb\x90\x1b\x22\x86\x98\xad\xf8\xd8\x45\xff\x4f\xce\x10\xde\x55\xd4\x24\x36\xdc\xe9\x30\x97\x3a\x34\xbe\x05\xd1\x40\x1f\x33\x4d\x4c\xe8\xe3\xa7\x93\x79\x9e\xaf\xdb\x94\xd0\xf2\xab\x09\x50\xb0\x79\xe6\x65\x3e\xeb\x49\x9f\xc7\x44\x7c\xcb\xee\xed\x8d\xbd\x54\x56\x80\x8c\xd7\xa3\x8f\x9a\x15\xa2\xa9\xc7\x38\xd6\x13\x34\xca\xb8\xce\xeb\xbb\xf4\xa4\x81\x4d\x94\xc6\x18\x59\x17\x87\x84\x60\x4e\x0c\x21\x54\x59\x7e\x72\xcf\x58\x7c\xd1\xf5\xda\xfe\x59\x22\x05\x18\x90\xe7\x6d\x61\x6d\x8c\xd5\xb0\x5d\x64\x78\xd0\x62\x6e\xa8\x3c\xe8\x08\xc4\x61\x43\xe6\xfb\x06\xb4\x18\x2d\x22\x8d\xa8\xf6\xd4\x13\x9e\xca\x5b\x8f\x3b\x1b\x98\xaf\x68\xc5\x9b\x4b\x5a\x53\xc1\x36\xee\x90\x43\x2a\xca\x2b\xb9\x15\x52\x9d\x26\x36\x79\x49\x82\x62\x33\xb4\x3e\x55\x80\x4b\x55\xfc\x9f\x21\x5e\xb0\xb0\xb7\x92\x91\x46\x5b\xb3\x4e\xda\xea\xdf\xfa\xbf\xe6\xcf\x41\xbc\x07\xb5\xdd\x4d\x01\x42\xf0\x36\x1f\x05\x8e\xe1\xb3\xb9\xfc\xc1\x96\xeb\x9b\x35\xb1\x34\xbe\x3d\x1d\x23\x20\x04\x48\x9e\x8f\x69\x93\xf6\x25\xa6\x30\x15\xbc\xd3\xf1\xe8\x75\x88\x32\x48\x58\xcc\xfb\x77\x0d\xdd\xd8\x94\xbf\x29\x7b\xd7\x63\xef\x58\x28\xe2\x1f\x5c\x89\xaa\x98\xcf\xbc\x1c\x08\x2d\xd7\xfb\xaa\x43\x07\xbd\xa4\x0b\x4a\x75\x8c\xa8\xf3\x9f\x4e\x4a\xae\xd3\x09\x04\x12\x68\xdb\xcf\x0a\xf3\x2d\xe0\xd7\xfa\x90\xa5\x23\x96\x3b\x78\x0b\x6a\x93\x2c\xf8\x94\x99\x02\x5f\x0e\x0d\x04\x74\xc7\x43\x48\x94\x75\x10\xe6\xc5\xec\x7c\x9e\x05\x06\x6e\xeb\x4a\x73\x52\x0c\x3d\x92\x7c\x39\xac\x26\xad\x75\x96\x32\x5b\x2c\xc4\x7c\x5e\x82\xa7\x75\x45\x5b\x7a\xf0\x31\x20\xb1\xcf\xbf\xd6\xec\x3f\xc0\xc3\xbe\x60\x78\xb0\x0c\xfd\xf8\x34\x2a\xe8\xbf\x14\x71\x59\xf5\x0e\x9d\x56\x4e\x2f\x68\x30\x6d\xae\x3c\xae\xdd\x10\x19\xf3\x23\xc4\x78\xa1\xe1\xf6\x75\x98\xdd\x83\x4b\xd1\xd1\xa8\x73\x3f\xd7\xfd\xd8\xa8\x76\x52\x6c\x53\x15\x18\x93\x6e\xdb\x72\xd0\x16\x56\xb3\x44\xc7\xd6\x5a\xc1\xce\xe3\x7c\xe5\x99\x7b\xa4\x8d\x3f\x4d\x06\x4d\x88\x05\x7e\xfe\x9a\x48\x2d\x9e\x00\xab\x5c\xae\xb5\xac\xa2\xd6\x60\xe3\x37\xbd\x15\x48\x73\x65\x69\x79\x56\xa5\xe4\x7b\x02\xab\xdc\x30\xd8\xe3\x53\xfe\xd4\xe1\xac\x41\xd2\xbc\x21\x20\x02\x11\x43\x63\x59\x35\xc6\x20\x18\x6a\x52\x2b\xde\x54\xbe\x04\x46\xfb\xd2\xdc\x88\xb5\x63\x04\xb3\xa6\x42\x27\xd0\xac\xd5\xf8\x5a\x6b\x67\x87\xa3\xad\xcf\x2d\x7c\xfc\x86\xc6\x34\xb4\xd7\xab\x43\x15\xb9\x7d\xe9\xe6\x66\xcf\xf3\xff\x1b\x88\xf3\x29\x5e\x7b\xab\x9e\x9f\xd4\x6f\xaf\xdd\xb4\xf5\xfa\xc5\x1c\xc0\x17\x01\x29\xc6\x51\xb4\xef\x4d\x39\x50\xd6\x94\x2f\xf0\x20\xd1\x66\x8a\x52\x8b\xde\x1d\xa9\x36\xc0\xec\x1a\xe0\x9e\x84\xf8\x20\x58\x61\xff\xf4\x91\x50\x2a\x87\x2c\x81\x54\xa9\x6e\x7e\xa2\x5e\xda\x95\x5a\x7f\xd2\xe4\xb4\xc7\xa8\xd2\x73\xf6\x0b\xc7\x4f\xab\x7b\x49\x68\xca\x6f\x75\xda\xea\x50\x40\xf8\x39\xfd\x56\xc2\xa9\x80"},
+{{0xd0,0x8f,0x4b,0xab,0xba,0x3b,0x53,0x65,0xfa,0xf7,0x38,0x79,0x5c,0x9d,0xa4,0x5d,0xb1,0x86,0x2c,0xb2,0x8b,0x93,0xeb,0x66,0x35,0xd1,0x32,0x0d,0xa0,0xf4,0xd9,0x37,},{0xef,0x31,0xb4,0x54,0xf7,0x34,0xe5,0x2b,0x34,0x38,0xee,0x2f,0x1c,0xbc,0x35,0x63,0x1b,0x19,0x69,0xde,0x54,0xac,0x98,0xfe,0x46,0x33,0xf2,0xf5,0x00,0xac,0x87,0x12,},{0xac,0xeb,0xe4,0xc8,0x6f,0xa9,0xfe,0x2c,0x1a,0x5c,0x57,0x6a,0xc0,0x50,0x1e,0x8a,0xb0,0xf6,0x40,0xfa,0x40,0x38,0x05,0x36,0xfc,0xf9,0x50,0x59,0xd5,0x3d,0x4a,0x35,0x55,0xd2,0x20,0xac,0x36,0x35,0x87,0x17,0x5e,0x4b,0xde,0x16,0x3c,0x0d,0x00,0x65,0x0a,0x12,0x96,0x3d,0x46,0x76,0x6c,0x99,0xbb,0x62,0xbf,0x75,0x73,0xe2,0x87,0x0c,},"\xa3\x94\xd8\x85\x4c\xeb\x5c\x43\xaf\xee\x1a\x48\x92\x6b\xbd\x66\x85\xaa\x8a\xec\xfd\xcf\x85\x41\x33\x33\x39\x74\xd6\x24\xbf\x2f\x1f\x9c\x30\xf0\x05\xbb\xf3\x4c\xee\x3a\xfe\x2b\x29\x06\x00\xee\xae\x6f\x1d\xd1\x2a\x0c\x34\x6f\xbb\x2a\xb9\xc9\x16\xc5\xd5\xd8\x0d\xcd\x87\x88\x78\x75\xa0\xac\x84\x76\x78\x03\x9f\xdc\xd3\xa9\x79\x35\x41\xf5\xd6\x75\x14\x3a\x6a\xba\xdc\x3b\x18\xf0\xfe\xf5\x10\x8c\x19\xc2\xdb\xfb\x59\x71\x0e\xef\x98\x66\xa4\xf3\xf2\x97\xa0\x9e\xe4\x8c\x68\x03\x00\x7d\xd6\xba\x8f\xd4\xbe\x84\x1c\xfb\x10\xff\x05\x14\xc3\x0f\xc4\xdd\x49\xa3\xcd\x43\xbb\xd1\x6e\x46\x04\x43\xa1\x1a\xfe\x64\x9e\x90\x1d\x63\xd8\x9a\xf5\x98\xaa\x68\x6b\x2f\x60\x7e\xc1\x1f\x35\xe1\x7a\x79\x8a\x42\x13\xb7\x5a\x38\x78\x8d\xa4\xf2\x7c\xf2\xb0\x2c\xad\xdf\xe6\x1c\x37\x29\xa8\x7e\xc6\xe6\xb0\x98\xf6\x8e\x7a\xed\x28\xa8\x00\xc4\x84\xdf\xa0\x13\x04\x01\x20\x8f\x98\x6d\x79\x2f\x54\x63\x5a\xdd\x28\x48\xe1\x51\x26\x2a\x36\x5e\xb2\x1e\x27\x27\x19\x1e\x1f\x70\x0f\x3b\xf5\xc7\x3b\x0f\xb4\xc5\x46\xd0\x04\x8a\x15\x5c\x18\x71\x79\x20\xfc\x04\x25\xc8\xc8\xfa\x8f\x16\x7c\x43\xa2\x77\xbb\x36\x6e\x0a\xd7\x02\xc8\x9b\xc5\xaa\x06\xfd\x47\x09\x43\xbe\x05\xcb\x9e\x32\x59\x78\x72\x29\x71\x4c\x30\xa4\xe8\x7b\x00\xa6\x33\xaa\xf7\xbe\x6b\x58\x75\x01\x0d\x12\xe1\x07\xc9\xa5\x26\x1c\xa5\x62\xd6\x70\x25\xbe\xa0\xfe\x22\x34\x63\xed\xb9\x2e\xa0\x1c\xca\x92\xc4\x4f\xf2\x4d\xa9\xd8\xa8\x0a\x64\x21\xf3\xd4\x13\x5d\x64\x7d\x1b\xb0\xfd\x98\x8c\x46\xc8\xa1\x70\xce\xb4\xf3\x3f\xff\x9c\x0f\xfb\x6a\xba\xd1\x09\x2c\x84\xdf\xad\x82\x90\x89\x8b\x24\x95\x16\xa2\x92\xe8\xda\x96\xfd\x51\xa8\x10\x05\xee\xcf\xde\xbb\x05\x93\x30\x99\x27\x7d\x07\x3a\x48\x0c\x3f\x9e\xb8\xaa\x11\x96\x8c\x4d\x8d\xc0\x78\x7a\x9a\xec\x3e\x05\x27\xb7\xfe\x4c\x06\x35\x41\x13\x35\xa1\x81\x16\x89\xe8\x8f\x6d\x5c\xed\x0d\x40\xd6\xb4\x8b\x7f\x2d\x99\x29\x52\x93\x48\x94\x15\x30\x76\xa8\xd3\x73\x72\xfa\x00\xd9\xce\xfc\x5c\xf8\xc2\x6a\xdb\x5a\xcf\x32\x5a\x01\xcd\x00\x5a\xb8\xd4\x74\xa5\x2d\x67\x11\x40\x78\xc6\x51\x6a\xef\x80\x4b\xba\x19\xb8\x87\xa2\x8e\xd5\xe4\x6e\xe9\x99\x5e\x5a\xd3\xa8\x2f\xb9\xcd\x93\x28\x34\x33\x68\x09\x21\x11\x4b\x4d\x9a\xf8\xfc\xb6\xb2\xb5\x35\x83\x9c\x36\xde\x8d\xf1\x2b\x17\xea\x6d\xdc\xfc\xb3\x33\x4f\xf4\x0e\x6c\xf0\x4c\xcd\x5c\xa6\x40\x3b\xa0\xb6\x2b\x4c\xb7\x1b\xbd\xe9\x1d\x8b\xab\xda\x69\x15\x2c\x9c\x93\xae\x76\x9b\x55\x29\xc8\xd5\x2f\xd9\xa6\x90\x9a\x15\xe1\xa0\x60\x1a\x71\x46\x49\xc9\x6e\xc9\x96\xc1\x70\x6d\x10\x21\xb9\x74\x87\x98\x0d\x7b\x2c\x2a\x39\xbb\xb0\xe4\x70\xd8\xe4\x6a\xc4\xaa\x60\x9a\x09\x22\xc9\xbd\xc0\x16\x12\xea\xde\xac\xcd\x5f\xa5\x23\xb2\xa8\xd0\xe6\x2f\xfe\x56\x28\x16\x47\xd6\x1f\xff\xbb\xc8\x40\x53\x57\x45\xd1\x44\x25\x9c\xc8\x13\x00\xfe\x99\xdf\xbf\xfe\xa6\xb0\xb9\xbc\xd2\x84\x73\x98\x2d\x32\xe9\x3e\xd4\x66\x34\xa9\x98\x79\x06\xd6\xf4\x89\x39\xd8\xdf\xbf\xb3\x7d\x33\xb8\x88\xdb\x60\x8c\xb2\xff\xe3\x9a\x8c\xf6\x7b\x72\x64\x46\x11\xc7\xd3\x2a\x4a\x8d\xf6\x12\x46\x8c\xd5\xe5\xd7\x5f\xbb\xa7\x9e\x63\x8a\xa1\xda\xa2\x8c\x4e\x0e\xeb\x9a\x63\x7f\xf8\xa0\x8b\x65\xf7\xa7\x61\x24\x14\xdf\x76\xbc\x7b\x0b\x56\xb5\x53\x7d\x66\x6f\xac\xfd\xda\xf6\x5a\xf1"},
+{{0x8f,0x47,0x4f,0x88,0xcf,0x86,0x3c,0x48,0x54,0x56,0xa5,0xa2,0x15,0x52,0x81,0xff,0x27,0xb2,0x84,0x59,0xf6,0x3b,0xc4,0xf1,0xdb,0x00,0xe0,0x03,0x10,0x64,0xf6,0x49,},{0x43,0x14,0x4a,0x32,0x9d,0x75,0x1d,0x04,0xe0,0x71,0x69,0xb7,0x79,0xee,0x92,0x0d,0xd0,0x29,0xcb,0x44,0x5b,0xf3,0x76,0xba,0x3a,0x66,0x85,0x72,0x18,0x23,0x44,0xa3,},{0xf6,0x1f,0x78,0x07,0xc3,0x3e,0x19,0x6d,0x0f,0xe1,0x82,0xef,0xa4,0xd4,0x51,0x6a,0x98,0x15,0xdd,0xd4,0x49,0x53,0x8b,0xba,0xa6,0xb8,0x6b,0x69,0x01,0xa0,0x5f,0x5d,0xdd,0xa0,0x60,0x1e,0xc9,0x0f,0x39,0xf1,0x55,0x47,0x79,0xdb,0x7a,0x09,0xa6,0x05,0x72,0xef,0xfd,0x4d,0x12,0x8d,0x0d,0x3c,0x2d,0xd4,0xe8,0x83,0x57,0x4b,0xc6,0x0b,},"\x84\x08\x91\xd9\x48\xec\x19\xc8\xc7\xf7\xc9\xd3\xc4\x77\x53\x62\xa5\x44\xa0\xec\x97\x45\x7a\xb5\xd1\x4e\x12\x5d\xc5\x4b\x59\xc8\xdc\x9a\x63\x5e\x7b\xad\xb6\xbe\x73\xc3\xa5\x8d\xc0\xe9\x92\x9f\x2b\x42\x0d\x83\x56\xd6\x17\xc3\xd4\x1b\xfe\x69\xb4\xe1\x58\xd4\xbf\x08\xfb\x17\xe6\x88\xd3\xcf\x3c\x94\x8b\x69\xb3\x5f\x0b\x6d\xb6\x62\x72\xa8\xeb\x2b\xd4\x10\xd6\x50\x9f\x6c\x82\x8b\x6a\x20\xd6\x58\x6e\xaf\x85\x76\x01\xed\x9d\x60\x54\x79\x9c\x25\x32\x0e\xba\x80\x77\xfe\x1a\xe2\x26\x71\xb3\x3a\x15\x88\xff\x2b\x23\x5d\x3c\x71\xa2\x7c\xe5\xc6\xc6\x6e\x18\x88\x91\x98\xd1\x16\x93\x36\x76\xbc\x4f\xb0\x71\x0d\xb7\xff\x1a\xc2\xf2\x0c\xe3\x69\xbe\xf5\x6b\x43\xcd\x1d\x40\x6c\xef\xda\xcf\x00\xf1\xf3\x48\xb8\xca\x7a\xa6\x14\xdb\x11\xa3\xa6\x40\xfd\xb5\x93\x89\xd1\xa6\xa3\x94\x75\x5c\x13\x3f\x1b\x01\x9c\x83\x08\xca\x5a\x95\x1e\x73\xb8\x10\xa1\x80\xf6\xff\x25\xb2\x9d\xbb\xcc\xef\x4c\x13\xa9\x75\x03\x39\x39\x07\xa2\xdb\xa0\x96\xa8\xce\x5c\x86\xc0\xee\x6f\x97\xc1\x44\x1b\x8d\x63\x31\xcb\xa5\x3b\x19\x60\x6b\x42\x1a\xf5\x2f\x65\xf9\xc6\x63\xe6\x3d\x39\x82\x71\x8f\x94\x8c\x6b\xae\x96\x1b\x8e\x4b\xf8\xcd\x9e\x31\xcd\x09\x92\x8e\x4e\x80\x61\x65\x97\xcc\xfa\xdc\xb8\xa6\x14\x15\x49\x33\xbc\x37\x58\x9c\x85\xc7\x76\xe3\x4e\x5a\x90\x66\x0f\x59\xa6\x5b\x5e\x93\xad\x43\x88\x42\xf9\x82\xd0\x2b\x04\x1e\x6d\xbd\xdf\x17\x10\x99\xf8\xdb\x70\x99\x57\x31\xa0\xdb\x8c\x46\x25\xc9\xbc\xa7\x10\x80\x59\x61\xfb\x17\x6d\xae\x81\x97\x68\xfc\xad\x7f\xf9\xbf\xce\x36\x40\x3c\xa7\xf7\x83\xe7\x61\x37\x26\xd7\xdc\x59\xf2\x4e\x24\x7c\xf1\x50\x68\xff\x3b\x19\xc7\x25\xfa\xd6\x5e\xa8\xe8\xa7\xf7\x22\xd5\x28\xc9\x5f\xce\xf1\xc0\xcc\x79\xd1\x8e\xf0\x7c\xee\x8b\x01\x1e\xea\xbd\x99\x21\x63\x4d\x76\xa6\x1a\x8a\x3c\x89\x31\xb8\x27\xe8\x18\x98\x81\xf8\x1f\x7a\x17\x5f\x21\xfb\x03\x78\xb8\x18\x8e\x58\xbd\xb2\x01\x7b\xef\x39\x0f\x18\x00\xd9\xd7\x4f\x26\x3a\x81\xdf\x8e\x67\x52\x2d\x09\x2e\x77\x5d\x01\xe0\x04\xe7\xf8\xd8\x28\x1a\xe2\xc2\xfd\xf8\xc3\xa4\x45\xf9\xef\xf7\xfd\xf1\x3f\x26\x1a\x77\x3d\xdf\x2d\xd9\xcc\x6b\xa5\x58\x5d\x99\x0c\x99\x5e\x6e\xb8\x9d\xff\xd9\xff\x0a\x9d\xbb\x76\xce\x5e\x10\xdd\x02\x72\xd5\x00\x14\x97\x88\x13\x66\xf5\xd6\x36\xa9\xcc\xea\xa2\x83\x22\x8d\x3a\xc6\x14\xdb\x21\x7a\xb8\x91\xd6\x68\x9d\xbe\xb9\x50\xe1\x20\x0c\x3d\xe5\x3b\xc5\xda\x07\xf1\xd3\x63\xda\xe9\xbe\x6e\xc3\x6e\xda\x6e\x68\x7d\x26\x29\x0f\x7a\xbc\xa2\x68\xa7\xfa\x03\xd9\x31\x88\x64\xed\xa9\xa1\x1e\x3b\x26\x14\x06\x05\x92\x0a\xc1\x3a\xde\xc1\xb5\x54\x8c\x9a\x7a\x32\x15\xa5\x87\x6b\x7e\x94\x1a\xfa\x1c\xb5\xd7\xf7\xf0\xc1\x16\x30\xcd\x42\x9f\x3b\x2b\x37\xdc\x76\xc6\xcb\xea\x4f\x3b\x72\x6a\xa8\xa5\xf8\xb9\xf7\x05\xb0\x5d\x7e\x94\x51\x95\x6f\x8a\xf1\x3c\xe0\xa8\x59\x55\xc7\x13\x5d\x64\xad\xe5\x49\x6e\xa5\x42\xe7\x0f\x8d\xa5\xb5\x73\xaa\xf1\x37\x08\x5d\xc9\x6c\x69\x27\x09\x96\x95\x67\x26\x68\xb3\xc7\xc6\xf9\x3c\x97\x7a\x4e\x8e\x9e\x77\x02\x95\xf2\x0d\x52\xdf\xf1\x87\xf8\xdb\xb2\x5e\xe7\xe7\x74\x02\x4e\xb9\xbe\x08\x12\x1e\xd7\x4b\x6d\x54\x62\xf4\xbb\x7d\xc2\x00\x38\x74\xca\xa3\x1b\xb7\x59\x5c\xd9\x3a\x99\xeb\xe1\xef\xf9\x28\xbb\x5f\xcb\x9e\x9c\x89\xdd\x31\xd4\x87\xfc\x0e\x20\xbb\xe1\x50"},
+{{0xe4,0x2b,0x30,0xd4,0x9c,0x43,0xc4,0xfa,0xd8,0x3d,0xd5,0x1f,0xdc,0x2a,0x4a,0xc5,0x90,0x13,0x27,0xad,0xd8,0x00,0xb6,0x69,0x72,0xc8,0xc7,0x0b,0xde,0x18,0x0a,0xdc,},{0xf7,0x34,0xaa,0xfa,0xa4,0xdb,0xaf,0x31,0x5c,0x25,0x8c,0xca,0x8b,0xbc,0x1d,0x4f,0x34,0xe8,0x36,0x01,0x10,0x98,0x74,0x22,0x2a,0xa0,0x55,0x89,0xf3,0xa6,0x63,0x5f,},{0xff,0x8e,0x07,0x6e,0x34,0x3c,0x8b,0x73,0xaa,0x45,0x3b,0xfe,0xe9,0xb2,0xba,0xb6,0xd5,0xc2,0xf7,0x4c,0x35,0xe1,0xba,0xd1,0xe5,0x2a,0xe7,0x77,0xd6,0x9f,0x79,0x76,0x40,0x83,0xf9,0x94,0x36,0x8a,0x1a,0xc8,0x51,0xa6,0x41,0xcd,0x24,0x70,0x08,0xa3,0x4f,0x3b,0x60,0x89,0x62,0xf4,0xdd,0x51,0x09,0xac,0x71,0xcc,0xe9,0x78,0xec,0x02,},"\x0d\x49\x70\x51\x86\x1e\x22\xd8\xa9\xc6\x0e\x5f\x7d\xe6\xc8\x95\xcb\xa3\x35\xb2\xe8\x2e\x60\x21\x18\xad\x83\x42\xb4\xd4\xed\xaa\x80\xf9\x5e\xfb\xb5\x9c\xfd\xa1\xfc\xc0\x29\x17\x25\x70\x0e\x8a\x81\xbb\x12\xa0\xb8\x62\x3b\x1f\xe2\x89\x1b\x8d\x98\xf7\xa8\x4c\x59\xfd\x92\xf8\xa7\xad\xfc\x06\x50\x42\xf7\xf4\xfd\x7e\x1a\x79\xf5\x5a\x1d\x4d\x5e\x54\xe0\x4e\x67\x2f\x1c\x9e\x4c\x4c\xd8\xd0\x00\x3f\x3c\xd5\x4b\x76\xe2\x16\x3d\xd7\x37\xac\xb2\xde\x5c\x26\x3a\xc1\x02\xa4\x8f\x69\x6b\x60\xca\xf9\xbe\x39\xc6\x65\xcc\xe1\xe0\xf3\xd4\x98\x55\x3f\x57\x90\x61\x88\x9a\x5e\xc5\x60\x3e\x4d\x14\x1c\xfd\xed\xe8\xe7\x31\x75\x72\xcf\xe7\x6a\x0f\x48\xe4\xae\x06\x06\x2c\x91\x57\xb5\xea\xac\x34\x68\x93\x81\x92\xdb\x4b\x16\x10\x5c\x73\x64\xa9\x44\x32\xb2\x15\xa7\x17\x97\xfe\xe1\x4c\x3c\x9c\xe2\xf7\x46\xed\x79\x03\x02\xfc\x41\xdc\x49\x2d\x37\xd9\xef\x02\x4a\xb5\x1d\xa3\xbd\xaf\x0f\x81\xd9\xa9\x30\xaa\x0e\x02\x5c\x04\xfd\x71\x02\x6b\x6a\xfe\xb7\xed\x01\xa9\x1a\x1e\xfd\x6c\x39\xf5\xe4\x47\xc6\x6d\xd3\x8a\x76\x56\xc6\x13\xd0\x21\x26\xf3\x58\x5d\xfa\xa0\x2d\xf9\x30\x25\x3f\x83\xbd\x42\x19\x64\x63\xeb\xc5\x0f\x8c\xfc\x94\x9e\xd3\x50\x39\x2e\x61\xce\xec\x13\x09\xda\x15\xa4\x32\xf8\x0d\xfe\x94\x8e\x26\x1c\xe6\xd8\x42\x1c\x54\x59\xcd\x21\xf3\xff\xa2\xed\xb5\x00\x98\x2b\x2a\xbf\xa5\x2e\x82\x43\x7c\xa2\x30\xf6\x09\x11\x63\x20\xd9\x89\x3e\xb8\x2a\x14\xdf\x72\xb7\x73\x66\x67\x51\x6f\xc0\x12\xb2\x8a\x03\xc9\xdd\x88\xea\x43\x08\xd8\xce\xea\x44\xcc\x60\x44\x54\xcd\xfa\x2c\x79\x76\x15\xbc\x0a\x6b\x3e\x00\x89\xaf\x0a\x81\xbe\x54\xd1\xb1\x10\xa1\x3a\xb9\x11\xb4\x52\xc3\x42\x80\x0c\xee\x2a\xd2\x39\xa2\xb1\x88\xa7\xfa\x87\x5e\x94\x1d\xaa\xeb\xcf\xc8\x8b\x70\xae\x4b\x1c\x57\x5c\xdb\x6e\x6d\x89\x44\x81\x36\xf6\x0e\xe8\x1c\x70\x3c\x47\x82\x2d\x2c\x0e\x50\xc7\xf1\xe8\xb7\xfc\x7e\xbd\x80\x78\x9f\xcd\x7e\x06\xc7\xe5\x0b\x5f\xc8\xb7\x76\xe8\xb9\xa4\xcd\x59\x05\xa2\x90\x69\xbc\x3a\x55\x8d\x7c\xab\xce\x2a\xf4\xf3\x10\x76\x7d\x5b\x11\x7e\x30\x76\xb3\xa0\xd5\x27\x17\x55\x43\xb2\xcc\xea\x28\xd5\xf7\x16\xfa\xc3\x2e\xfe\xd3\xd2\xe0\x27\x6b\xe4\x4a\x89\x56\xfc\x82\x40\xf2\xdb\x33\x97\x61\x4f\x2f\x2d\xa0\x21\x66\x69\x4e\xc6\xa7\xfe\xec\x6e\xce\x39\xd7\x2b\x64\xbb\xc6\xb4\x76\xa4\xf8\x4f\x8d\x87\x93\x80\xa3\x84\x88\xe4\xd6\xe5\x8c\xac\x03\x90\xae\x25\xa5\xfc\xb7\x3d\x47\x41\x4b\x4c\x26\xbb\xb9\xb4\xcc\x66\xe4\x25\x94\xbd\x56\xd8\x41\xa3\x60\x92\x34\x91\xd1\x17\xbe\x2c\x6e\xb2\x32\x0f\x3c\x61\x75\xe4\x4e\x27\xb6\x65\x3c\x5d\xac\x6f\xae\x73\x60\x0b\x67\x96\x0d\xca\x50\xaa\x85\x5a\x89\xe0\xff\x51\x1e\xa0\x4f\x14\x3e\x89\xf1\xda\x02\x84\x76\xbe\x4b\xf6\xd9\x4c\x80\xff\x72\x63\x39\xe8\xbc\xfb\x7d\xd9\xf8\xcf\x20\x22\x59\xc0\xac\xb6\x27\x6c\x28\x1e\x38\x47\xc2\xcc\x8d\x2f\xba\x84\x43\x8d\x2d\x3c\x60\x31\xf2\xa7\xb9\x5c\x1d\x8f\x9f\x3c\xc8\x6a\x5e\xff\x65\xcc\x01\x1d\xe9\x5a\xd8\x96\x85\x8e\x1f\x7f\x6d\x6b\x94\xbf\x49\xdf\xff\x5d\xe2\xd7\xfd\x71\xef\x10\x81\x34\x28\x5f\x61\xae\x47\x54\x83\x44\x2d\xc9\x0b\xf0\x13\xfa\xed\xf3\x77\x1c\x47\xc5\xb9\x6d\xc3\xcf\x8e\x48\x51\x00\x60\xad\x8d\x45\xfd\x54\x61\x62\x27\x80\xd8\x69\xd4\x61\x7b\x57\xfe\x3c\xb5\xcc\x02\x03\x15\x3a\xae"},
+{{0x5c,0xb5,0x14,0x21,0x74,0x82,0xbf,0x42,0xf6,0x11,0xfc,0xec,0x36,0xa5,0x28,0x68,0x07,0xc2,0xbd,0xbb,0x56,0x96,0x76,0x91,0x35,0x3f,0x54,0x31,0x0e,0x1a,0xd5,0x53,},{0x28,0x06,0x99,0x00,0x3d,0x5d,0x3e,0x1c,0x05,0xad,0x10,0xfb,0x10,0x95,0x9b,0xbc,0x59,0x5c,0xfe,0x21,0x30,0x69,0x96,0x5c,0xd8,0xcf,0x39,0xdd,0x42,0x6a,0x05,0x68,},{0xd5,0x3e,0xe2,0xe0,0xf0,0xfd,0x65,0x7b,0x20,0x52,0x47,0x8f,0xd1,0x5d,0xf1,0xd3,0x8f,0xe0,0xe9,0x3a,0x54,0x83,0xeb,0x4a,0x6e,0x7d,0xe9,0x3d,0x02,0xa4,0xcd,0x54,0x4d,0x8f,0xdd,0xdc,0xea,0x82,0x2b,0x71,0x57,0x6e,0xd0,0x28,0x53,0xd9,0xa6,0xb1,0x4e,0x1a,0x54,0x8a,0xef,0xe9,0x0d,0x92,0xf8,0x83,0x79,0x2b,0x7f,0x1d,0x86,0x09,},"\x2f\x57\x25\x8c\xca\x79\x32\xe5\x8b\xed\x54\x6c\xb0\x04\x11\x15\xbb\xad\x23\xd1\x83\x46\xef\x7a\xb5\xe3\x11\x00\x82\xb3\xa9\x71\x2f\x6c\xbe\x12\x70\xe6\xdc\x0c\xea\x33\x64\xa0\x6a\x5f\x2f\x28\x3e\xc3\x9b\x63\x05\x8d\x34\xd5\x99\x79\x07\x2f\xcb\xbd\x7a\x5d\x0f\x44\x2b\xbd\xf0\x82\xd5\xbf\xe2\x99\x8a\xeb\x51\xbd\x26\x12\x78\x03\xe5\xc7\x96\xc3\x88\x43\x20\x0a\xe2\xf6\xe6\x05\xaf\x31\x2f\x54\xfd\xff\x17\xed\x1d\xfa\xa8\x9d\x28\xfa\x67\xdc\xe4\x62\xde\x4f\xe2\x52\x68\x21\x2b\x28\x2e\x22\x2a\x44\x3e\x2f\x31\xe2\x69\x05\x41\x71\xaa\x73\xc7\x19\xa8\x96\xcd\xb7\xa5\x39\xdf\xd1\xd4\x29\x91\x97\x81\x97\xd7\xc4\xf2\xd3\x0a\x64\x1b\xe3\x4b\xf1\x38\x0a\x4f\x4d\xc6\xd9\xb1\x01\x63\x66\x36\xa4\x96\xbe\xb3\x57\xe3\x47\xc1\x66\x65\x16\xdf\x8e\xb5\x60\xa0\xe0\xd1\xe1\x52\x9c\xe3\x6a\x60\xe0\x0e\xd2\x78\xda\x38\x02\xbe\x19\x23\x42\x98\x9b\xb6\x11\xb4\xe3\xcb\xd9\xc3\x7e\x8c\xce\x07\xef\xc1\x2d\x29\xbe\xfd\x7e\x2f\x3a\xdb\x13\xd2\x8f\x70\x8d\x97\xb6\x3e\x10\x74\x82\xc8\x62\x95\x6d\x7c\xe8\xdf\xc2\xaf\x5c\xac\x8d\x51\x65\x92\x67\xb0\xbb\xed\xdd\x5e\xfa\x41\x4d\xde\xab\xd1\x7b\x23\xca\x6e\x84\x3f\xf4\x9e\xff\xc8\x2a\x5d\x07\xe3\x6a\x83\xb6\x7c\x2a\xd7\xe4\x8e\xb9\x99\x0b\x42\x1c\x55\x58\x00\x9b\xd6\x93\x4e\x86\xd5\x4a\x8a\x6a\xc4\x07\x87\x96\xe3\x05\xc7\xcc\x81\x0d\x3f\x66\xea\x6b\x95\x04\xfe\x0a\xe6\x75\x7c\x50\x4c\x55\x52\x53\x0a\x6f\x8b\xbb\x52\x40\x9b\xe0\x79\xd8\xe4\xa2\x8a\x6f\xd7\xdc\x89\x35\xf8\xeb\x94\x98\xad\xc0\xf2\x3d\x08\x07\xec\x86\x29\x5f\x48\x98\xf5\xd0\x5e\x15\x0b\xdc\x43\xaa\x8b\x7b\xdc\x89\x3a\x0a\x68\x4c\x30\x63\x89\x8b\x6c\x95\xe7\xd5\x6a\x4c\x10\x26\x90\x43\x8e\x9d\xf9\x97\x58\xa9\x0f\x47\xc6\x08\xda\xcc\x4c\xa2\x40\x26\x6f\xab\xa3\x5f\xa1\xeb\x2e\xaa\xbe\x28\x8d\x2c\x2a\xd5\x0b\x6c\xbf\x10\x7c\x00\x25\x75\xe9\x1f\xf4\x72\xa4\x41\x79\x40\x66\x7b\xe8\x18\x01\x73\x85\x4c\x93\xdf\x84\x46\x4b\xcd\x31\x2b\x7a\x7a\xe4\xdc\x2b\x90\x59\xfb\xe6\xf8\x3f\x53\x80\x64\x25\xbd\xff\x03\x1c\x6a\xed\x6e\xfa\xfd\x9d\xe8\xdc\xd0\xdf\xab\xea\x8e\x6f\xa6\x81\xe9\x91\x93\xfb\x3c\x64\x7e\x44\x21\x12\xc9\xa2\x3f\x59\x6e\x65\x41\x1d\x8d\x6b\xfc\x39\x23\x00\x4e\xce\x91\xea\x6d\xeb\x88\x11\x11\xb1\xdc\x29\x94\x3f\x57\x89\x81\xee\x8c\x3b\xce\x85\x25\xf7\x85\x65\xf3\x4b\x85\xff\x20\x01\x5f\xea\xe8\x46\xf9\x5b\x18\x70\x0b\xc5\xcd\xf1\x4b\x2d\xb6\xca\xc6\x98\x14\xd6\x3d\x74\xbf\x20\x32\x93\x03\xe5\xca\x9f\x04\x73\x1f\x68\x81\xce\xc6\xd3\xab\xf8\x7f\x5e\xac\x08\x73\x4f\xaa\x34\xcf\xf4\xd3\xcd\x9a\x4a\x11\xd7\xb1\x2f\x73\x25\x3b\x4d\xd0\xa4\x31\x78\xf0\xd3\xc1\x9c\x0c\x40\xd9\xed\x91\x8d\xd1\x76\x46\xf6\x16\xaf\x79\xfd\xf6\x19\x42\x62\xf0\xfa\x4f\x71\xb3\x18\x7d\xed\xca\x48\xd9\xcb\xcc\x19\x93\x1a\x15\x19\x67\x74\x56\x25\x6e\xd3\x83\x54\x56\x7c\x3a\x67\x57\x1c\xdf\x82\x17\x0a\x2c\x85\xbd\x2c\x5e\x68\xe0\x5a\x0f\x3b\x93\x90\x3f\x19\x1b\x89\x4f\x84\x94\x6f\x89\x00\x05\x68\x05\x4c\x1c\xea\x9f\xd0\xb8\xbb\x55\x01\x95\x06\xc5\x43\x41\xc2\x49\x31\x98\x45\x48\xba\x45\x8a\x4d\x81\x30\x89\x89\x6e\x86\xa2\xdc\x33\xd9\x46\x04\x00\x3f\x35\x4a\x7c\xc9\x41\xc7\x54\xaa\xea\x24\x25\x3c\xbe\x4c\xf2\x14\x7f\xfe\xc5\xe7\xb9\x50\xcb\xf2\x8e\x28\x44\x81"},
+{{0x87,0xd3,0xba,0x95,0xc4,0x0d,0xf8,0x00,0x69,0xb1,0x79,0x7d,0xdf,0x68,0xe8,0x66,0xe6,0x6d,0x46,0xc5,0x1f,0xde,0x60,0xe7,0x68,0xa9,0xdb,0xc5,0xc9,0x2f,0x57,0xa9,},{0x2b,0x81,0x2b,0x2c,0x9b,0x60,0xff,0x31,0x97,0x5c,0x42,0x9a,0x86,0x73,0x6d,0xcc,0x17,0xa5,0x8d,0x3d,0xc1,0xda,0xa3,0x46,0x23,0xa4,0xbb,0xcb,0xe2,0xcc,0x05,0x81,},{0xfa,0x0d,0x12,0xcd,0x53,0x23,0x6c,0x41,0x08,0x6b,0xea,0x8c,0x0c,0xc6,0x0b,0x77,0x64,0xa3,0xed,0x72,0xbd,0xeb,0x9d,0x1a,0xe5,0xee,0xac,0xb4,0x88,0x11,0xfe,0x52,0x97,0x62,0xa2,0xc6,0xf2,0xbb,0x06,0xd9,0xb3,0x18,0x21,0x8d,0x96,0x8f,0x64,0x44,0x35,0x49,0x7a,0x1b,0xd0,0xd0,0xd8,0xc1,0x61,0x2a,0xb8,0x99,0x6d,0x98,0xd7,0x07,},"\xe1\x12\x56\xf8\x2a\xd7\x6f\x3f\x4a\x49\xd7\xba\xd3\xce\xd8\x71\x8d\x36\xd2\xf2\xbb\x3d\x31\xbb\x61\xed\xd1\xec\xbc\xee\x66\x21\xfd\x2e\xee\xd3\xe3\xde\xb5\x97\xb1\x49\xff\x71\xb8\x51\xf6\x1c\x8c\x68\x19\xe1\x31\xf9\xa2\xaf\x76\x73\xc3\xf2\x07\x02\xac\xfd\xc8\xb8\xf9\x06\x4b\x41\x5c\x9a\x3e\x35\x56\x8e\x37\x1d\x74\x0a\x38\x12\x7c\x1f\x27\xb3\x91\xb4\x5d\x07\x04\x5a\xea\xf0\x0a\x54\xe5\xb7\xfa\x54\x8a\xfb\x5f\x96\xfe\xb5\xf5\xb4\x4f\x60\xcd\x17\x07\xe8\xfa\x95\x67\xf7\x80\x6e\x15\xf6\xa0\x1a\xa0\x20\x77\x73\x3f\xe7\x38\xb0\x8f\x21\xef\xbc\xf9\x8c\x19\xd5\xb9\x70\xe6\x16\x3e\x5f\xe8\xf4\x80\x0e\xf9\xed\x22\xa0\xf9\xb5\x12\x6f\xf1\xeb\x1c\x7d\x65\x01\x9c\x8b\x44\x03\x91\x92\x70\x29\xb8\x13\xda\xb7\xc7\xe8\x63\xd4\x82\x29\xf8\xdf\x85\x39\x43\x45\xfc\xc8\x8a\x30\x0f\x60\xa8\xd5\x16\xd8\x77\xa5\xa3\xa7\xe3\xc4\x9a\x9e\xb0\x6c\xd9\xf2\x66\x5c\xe2\xa8\x90\x22\x96\x2b\x1d\x49\x59\x2b\x09\xc7\x54\x3d\xa8\x35\xce\x63\xbc\x9a\xbb\x82\x21\x45\x76\x2b\x71\xcb\xe1\x50\x29\x2c\xe5\xc8\x70\x4e\x5a\xd3\x4f\xb4\x59\x2f\x97\x20\x44\xe4\x3e\x69\xf0\xe1\x67\x2d\x6c\x83\xcf\x25\xaa\xc6\x8e\xfe\x3d\x27\xaf\x2a\xd3\x42\x74\xb9\xd2\xb7\x77\x42\xd9\xc6\xdf\xbd\x57\xf9\x2f\xf6\x4d\x3e\x4c\x67\xc5\x41\xd8\x50\x2a\x7d\x03\x18\x95\xaf\x85\x31\x9a\x4e\xae\x2d\x25\x43\x35\x83\x5e\xff\x11\xe7\xa3\x67\x1a\x6a\x0d\x21\xb7\x2c\xe1\xfc\x2a\xcb\xa1\xa9\x20\x18\x38\x34\xbc\x0a\x4b\x73\xf6\x39\xff\xcb\x0f\x6b\x81\xcd\x92\x0f\x2e\x94\x20\xd6\x12\x16\x6d\x56\x82\xa0\x60\x60\xea\x0b\x6f\xa6\x95\xfe\xcc\x77\x04\xbb\xe4\xb0\x52\xaa\x3e\xc8\xf7\x20\xf7\xd4\xf3\x2e\x8a\xff\x86\xb8\x0b\x8c\x1c\xc1\x27\x64\xa0\x48\x74\x03\x7c\x31\x03\xe9\xdf\xec\xb8\xf7\xab\xcb\x0e\x07\x3b\x23\xe6\x7c\xa0\xa9\xb1\xfc\x72\x99\x3a\xbf\x31\xdb\xc2\x4a\x8f\xee\x09\x5b\x32\x51\xc2\x26\x26\xaf\x5d\xd1\xb6\xd3\x4b\xe5\xea\x06\xa0\x2a\xe1\x76\xc7\xb8\xcb\x9d\x06\x35\x01\xbe\x6f\x61\x20\x82\x88\x9f\xdb\xdc\xbf\xad\xc3\x3a\x0d\x31\x1b\x08\x0b\x8d\x64\xe4\x9f\x16\xb1\x6d\xd8\xed\xd3\xb2\xed\x11\x93\xa7\x4e\x5b\xe5\x07\x60\x9b\x04\x27\x27\xcc\xf0\x8a\xfb\x05\xcc\x6c\x50\x52\x4e\xf0\xe2\x66\x46\x21\xdc\x8b\x05\xb1\x5f\xfa\x81\xab\x6f\x7e\x3c\x8a\x5b\xb3\xea\xb1\xf6\x8e\x36\x56\xc1\x19\xd9\x69\xe4\x14\x4c\xf3\x28\x5a\xf2\x3c\x04\xdb\xec\xc0\x38\xae\xfd\x91\x83\xc4\xe7\x24\x47\xb2\xaa\xa8\x31\x5f\x46\x96\xce\x6d\x1e\xf4\x29\xba\x0e\x5c\x3d\x5f\xfa\x7f\x05\x0b\xe3\x9c\x7f\x61\x2f\x4e\x10\xf8\xef\x07\x0d\xf7\x2f\x8a\xdd\xbe\xaf\x33\x39\xc1\xad\x8b\x5f\xc3\x9a\x2e\xcf\x29\xa8\x7f\x82\xe2\x9a\x01\x17\xba\xac\x66\x25\xad\x5c\x80\xcf\xe7\x59\xfa\x1d\xbc\xfa\xa1\x2b\x37\x44\x77\xd8\x0b\xfc\xf0\x67\x96\xc3\x0f\x2c\x39\xcf\x03\x03\xd0\x0d\xc5\x6a\x32\xd1\xd0\x39\x59\x2d\xdb\x06\xc2\x2a\xa0\x68\x84\x1c\x0b\x46\xfd\x48\xdf\x8f\xbb\x74\x92\xcc\xbc\x59\x0c\x56\x3c\x8f\xec\xce\x42\x63\xc8\xc7\x53\x92\x18\xbb\x97\xb3\x57\x11\x53\x7e\x98\x81\x95\xdb\xf5\xbc\xd5\xcc\xaf\x06\xfa\xf5\x08\x47\x09\x77\xa5\x35\x8e\x6f\x02\x60\x83\x49\xfb\xb9\x9a\x23\xfb\xe3\x6b\x8c\x97\x15\x5a\xdc\x24\x6a\xd7\xd9\x3a\x8c\x20\x3f\x75\x44\x6c\x83\xc4\x34\x2c\x35\xba\x10\x4e\xcc\x67\xe6\x69\xdb\x4a\x95\x46\x6e\xe6\x8f\x45\x8a"},
+{{0x7c,0x27,0xae,0x47,0x07,0x2b,0x0c,0x9b,0x9c,0x2c,0x35,0x1f,0x13,0x27,0x89,0x98,0x95,0xef,0xa5,0x36,0xc9,0xc0,0x67,0xd0,0xe0,0xce,0x8e,0x82,0xe6,0x29,0x27,0x93,},{0xf9,0xfe,0xbd,0x12,0x1e,0x17,0xdb,0x72,0x29,0xb5,0x67,0x09,0x02,0x18,0x49,0xc3,0x5d,0x69,0xfa,0x08,0xb5,0x06,0x20,0xe6,0x67,0xf8,0x42,0xec,0x7a,0xc7,0x82,0xdc,},{0x32,0x71,0x96,0xdd,0xd4,0x3b,0xb6,0x02,0xd0,0x4d,0x19,0x64,0xcc,0xc0,0x59,0xed,0x62,0x7c,0xef,0x0a,0x88,0xd8,0xad,0x91,0xbe,0x49,0x31,0xf1,0x7c,0x25,0x0d,0x55,0x29,0xf5,0x52,0x79,0x4a,0x3e,0x26,0x9d,0x17,0xa6,0x3b,0xd3,0x29,0x33,0xeb,0x5e,0x51,0x9c,0x1d,0x50,0x65,0x74,0x77,0x0a,0xe4,0xa7,0x29,0x64,0xe0,0x6f,0x7d,0x00,},"\x15\x47\x87\x6a\x98\x8d\x1b\xe7\x14\xa4\x2f\xb9\x1c\xb0\x37\x63\xf1\x91\x3a\x89\x2e\xcb\xd4\xde\x2c\xcf\x83\x44\xd2\x07\x58\xb7\xb6\xd0\x02\x59\x10\x1f\xe9\x72\x25\xb2\x97\xf8\x7b\xfe\x22\x20\x04\x32\x5d\xb7\xf6\x32\xce\xaf\xfb\xd1\x34\xc9\x6c\xbd\x57\xe9\x85\xbe\xc8\x43\x4f\x81\xa4\xee\x6a\xf8\x5c\x3f\xad\xe5\x0e\x4c\x4e\xf2\x0c\xb0\x39\x35\x45\xe4\xd4\xa8\x6e\x1f\xa3\x9a\xaf\x33\x3f\xe4\xde\xd0\x54\xbf\xc0\x50\xa8\x98\x3a\x03\xdd\x1e\xcf\x2b\x5e\x95\x17\xba\xf9\xe1\x15\x21\x29\xa8\xa7\x59\x35\x71\x1e\xdb\x20\xaf\x5c\x8c\xf9\xc6\x94\xa3\x3c\xee\x45\x1c\xd9\x50\xb2\xff\xf0\x8e\x31\x58\xc5\xcf\xb7\xb1\x5c\xb3\xe9\x0d\x46\xf4\x94\xb6\xa1\x08\xd8\x88\x8d\x5e\xc2\x9a\x33\xc0\x66\x02\x3b\x49\x77\x09\xb2\xd9\x40\x1f\xea\xf2\xe7\x4f\xf2\x6c\x16\xd3\x6c\x39\xe6\x51\x7f\xf9\x54\xbd\x98\xbc\xe7\x70\x06\x71\x98\x8f\x66\xe8\x51\x07\x64\x4b\xa2\xea\x00\x7a\x13\x01\x8c\x1c\x14\x4e\x3c\x5b\xb8\x0d\xb9\x51\x1f\xcc\xa4\x10\x1b\xf4\x9f\x8c\x80\xff\x3c\xa7\xd2\x98\x25\x7c\xbf\xea\x62\x9f\x83\xd5\xe0\x66\x39\xd3\x1f\x63\x9d\xb4\xb8\x72\x6c\xbe\x22\x4d\x75\x88\x29\xba\xb1\x09\x05\x17\x1c\x9c\x0e\xc3\x70\xd5\x80\x31\xef\xe4\xcc\x5a\xe7\x2a\x49\x5a\xcf\xf6\xcb\x2e\xd9\xee\xc6\x58\xba\x11\x70\x88\xdd\x3c\x6e\xd1\xdf\x8f\x9c\xb1\x0b\xd4\xfe\x0e\x5e\x8a\xd9\xf5\x03\x4e\x34\x65\x2d\x98\x66\x8d\xb1\x5c\x85\x33\x39\x3a\x6e\x9e\xc0\x87\x0c\x35\x66\x6c\xe5\x4e\xfe\x2b\xcb\x45\xc3\x4a\x72\x30\xe6\xa7\x00\x67\x63\x49\xc7\xb3\xab\xf3\x1d\xe7\xb7\xb0\x52\x1f\x89\xb3\x0a\xc4\x03\x4c\x2a\x4b\xa8\x21\x8e\xef\xdf\x8d\x2a\x5c\x1f\x8e\xd9\xb7\x01\x57\x9e\x47\xaf\x8a\x52\x9a\x95\xa1\xff\x64\xd8\xfd\xb8\x85\xc3\x68\x39\xb4\xc5\xf6\xd7\x2a\x99\x25\x7e\x86\x78\xdc\xcf\x31\x27\x54\xb9\xd4\x61\x9b\xee\xce\xb8\x25\x52\x6d\xe6\x22\xbd\x96\x76\xfd\x5f\x35\x76\x93\xab\xab\x07\x8b\x9e\x03\xae\x21\xe8\x7c\xa1\x61\xe7\x78\xaf\x77\x09\x6e\xaa\xc2\xd2\xd3\x2b\xfe\xc8\xec\x94\xaf\x79\x65\xf6\x1d\x68\xef\x66\xa4\x52\x3c\x1c\xc7\x0c\x95\x19\xb0\x75\x0b\x3c\x9e\xed\x5a\xeb\xa9\xf0\xa9\xb7\xef\x52\xcd\x4a\x2d\xe2\x9b\x39\x5b\x70\x5f\xa5\x3f\x02\x8f\xa7\x66\x15\x9f\x20\xe7\x5f\x4d\x38\x4e\xc4\xfd\x66\xdf\x06\xe7\x44\xc9\x9a\xc8\x8c\xb8\x49\xc2\x85\x75\x7c\xc5\x57\xe2\xee\xdd\x86\x95\x9d\xa2\xc1\xb8\x1f\x5b\x27\x15\xa6\x51\x98\x48\x90\x1a\xe4\xf8\x9d\x09\x13\xc8\xde\x57\xc5\x3d\xad\xf2\xe5\xe1\xaa\x2a\x9c\x5f\x46\x4f\xc7\x61\x0e\x8e\xf5\xf5\xcd\xd8\x20\x3a\x67\xa9\x3c\x33\xa0\x6d\xab\x35\x8d\xc5\xae\x23\xed\xfe\xe6\x33\x42\x62\xf4\x7b\x19\xb1\x13\xd6\xca\xfe\xda\xc1\xb4\x39\x02\x53\x9d\x74\xfb\xa2\x9a\xaa\x7b\xce\x68\x88\x4b\x72\x61\x6a\x05\x42\xc9\xfc\x69\x54\x7c\xd1\x9a\xe1\xdf\x01\x72\x3a\xbd\xda\x65\xe9\xbf\xac\x5d\xa0\xd0\x42\x40\xc6\xa2\x17\x5c\x00\x62\xe4\xe1\xed\x8a\x5b\x39\x7a\xfc\xd4\xde\x38\xe8\x62\x09\x27\x2c\x7a\x42\x4b\x5a\xe8\xd5\xa4\x0b\x48\x4c\xe1\xb4\x70\x4a\xf2\x83\x16\x09\xad\x0f\x36\xe9\x0e\x07\xb2\xaf\xed\x01\xdc\x05\x57\x4a\xd3\x97\x17\x23\xc5\xb5\xc1\xdd\xd4\xfc\x8b\xd2\x63\xbc\xdf\x56\x8a\xf7\x5e\x73\xd8\xab\xd1\x00\x8c\x9e\xc7\x12\xf8\x0f\xfc\x65\xac\x34\xe2\xa7\x93\x04\xea\xde\x1d\x2a\x1d\xff\xec\x0e\x4c\x98\xc3\x58\x24\x68\xf3\x20\xbf\x8f\x66"},
+{{0x08,0xed,0xdc,0xb5,0x62,0x5a,0xe1,0x9f,0xfe,0x7b,0x49,0xa7,0xdc,0x82,0x9c,0x89,0x3c,0x75,0x38,0xb0,0x88,0x5e,0x18,0xf9,0x8d,0xb7,0x8c,0x8b,0xeb,0x56,0x9c,0x26,},{0x83,0x47,0x8b,0x1c,0x58,0x57,0x6a,0x0d,0x18,0x34,0xb2,0x8d,0x46,0xfb,0x80,0x51,0x6d,0x6f,0xb6,0xf9,0xf5,0x91,0x69,0x4b,0x44,0x35,0x2e,0xec,0xd1,0xe7,0xe8,0x9a,},{0xec,0xe7,0x53,0x22,0x99,0x51,0x54,0xb2,0x92,0x43,0x7e,0x47,0xd3,0x8a,0x6a,0x70,0xaf,0x37,0xe2,0x02,0x07,0x16,0xfd,0xe4,0x6b,0xfd,0x39,0x3b,0x3d,0x36,0x9b,0xdd,0xb5,0x32,0x53,0xb5,0x56,0x62,0x1c,0xfb,0x34,0xc8,0xa9,0x02,0x54,0xe1,0x32,0xfd,0x28,0xec,0xd0,0x98,0x43,0x34,0x13,0xa2,0x1b,0xd3,0xa9,0x79,0x8c,0xa1,0xf3,0x09,},"\x01\x5b\x1d\x3e\xeb\x00\x92\x9e\xa8\x0b\xd8\x68\x7d\x18\x28\x6f\x0a\xdf\xe6\x45\xcc\xf2\x5a\x22\xb5\x06\x19\x21\xe2\xa0\x30\xfc\x76\xd0\x33\xfb\x53\xd0\x93\x7c\x69\xb3\x1c\x5b\xe4\x99\x13\xca\x1f\x2c\x3d\xca\x12\x1b\x2b\x87\xc5\x9b\x3c\x84\xc7\xae\x52\xaf\x19\xc6\xb9\xfa\x1b\xd6\x75\xfb\x6d\xd8\xb3\x29\xd5\x66\x87\x86\xdc\x78\x83\xe2\xd2\xe8\x58\x6f\xf4\x12\x8b\x90\xde\xe8\x4b\xe0\xab\x54\xd6\x81\x3f\x7a\x8c\x61\x34\x75\x71\x73\x98\x17\x75\xde\x84\xc4\xdd\x39\xe3\x36\xf8\xa4\xef\x8d\xca\xde\xc9\x43\xe9\x0d\x42\x1b\x22\x9c\x11\x78\x5f\xcd\x3f\xe9\x63\x03\x74\x58\xe7\x6c\x82\x0b\x3b\xc2\xc9\x47\x60\x01\x26\x2b\x26\x1d\x28\xb6\x5b\x48\x9d\x76\xb4\xbe\x23\x65\xe4\xa8\x0f\xa8\x71\xb0\xa5\x3b\x6a\x5f\xb2\x43\x68\x82\x35\xac\xc5\xf4\x77\x4d\xb1\x5d\x47\xb4\x2d\xd6\xc8\xd9\xe1\x2d\xcb\x0b\x5d\x98\x0d\xab\x0f\x3a\xd8\xa4\x96\xf7\x6e\x50\x06\xc2\xca\x82\x67\x5f\xf1\x94\xca\xf8\x07\x0d\x04\xbd\x38\x4f\x97\xe5\x83\xe7\x3c\xbc\x4f\x7f\x25\x73\x10\xa6\x1b\x1c\x80\x62\x32\x2d\xce\x81\x15\xf6\xdd\x93\xee\xe8\xa9\x3f\xfa\x5c\xab\x66\x34\x11\x6e\x1a\xb7\x05\xfa\x86\xc4\xa8\xea\xa5\x56\xc6\xc8\x9d\xbc\xad\x01\x04\x36\xbf\xfe\x45\x18\x22\x49\x1f\x1e\xa8\x6c\x20\x20\x7e\x4d\x12\xdf\xa3\x62\x61\x6c\x58\x9f\x97\x10\x7e\xa5\xd8\xbd\x8a\x72\x15\xc6\x00\xff\xc7\x0b\x80\xe2\xab\xb1\x5a\xcb\xe4\xbe\xcc\xa2\x0d\x72\x15\x5a\xbc\x3d\xbe\x8e\x37\xcf\xd7\x3f\x74\x20\xf2\x1c\x9b\xcd\x0c\x32\x73\x51\x3b\x50\x49\x67\x08\x74\xd5\x51\x9b\x3b\xc1\xdb\x52\x3c\x1d\x7e\x90\xc1\x65\x96\x7c\x4c\xb2\x84\x5a\x2e\x8b\x47\xb5\x88\x92\x54\xf5\x8a\x9b\xbb\x82\x6f\x94\x52\x1c\xdb\xd0\x41\x6f\x5f\x18\xff\x78\xa3\xfd\x0d\x7a\xb8\x97\x90\x62\x64\x48\x3c\xde\x64\x2d\x8e\x70\x3f\xd8\x2e\x5a\xe7\x0a\x9f\x97\x8f\x64\xee\x80\x52\x05\x54\x85\x05\x28\x58\x1c\xa9\xa0\xb3\x8c\x19\x6f\xd1\x66\xda\xe5\x87\x9b\x3f\x72\xf5\x9c\xde\x91\xcc\xa2\xc8\xbf\xaa\x47\x8b\x98\xd6\x24\xcd\x34\x72\x44\x02\xde\x57\x8e\x57\x54\x82\x5c\xe2\x27\xd2\x87\x1b\x45\xa5\x11\x71\x49\x51\x5b\xff\x81\xa9\x23\x24\x6f\x3b\x72\xd0\x7b\xd4\x58\x12\x5c\x70\xa1\x4d\x87\xc3\xfd\x13\x39\x2a\x3b\xda\x65\x53\x01\x6e\x8b\x2d\x07\xbd\xe9\x03\xcf\x68\x7b\x44\x5c\xfd\x6f\x76\x14\x92\xeb\xa4\x65\x22\xad\xa8\x4a\x96\x15\xd8\xda\x34\x98\xb2\x58\x06\x72\x69\xb7\x88\xe5\x59\xb6\x59\xd4\xb4\x8a\x87\xd8\x80\xd6\x37\x8b\xe6\xa8\x87\x46\xf3\x5b\x32\x2b\x04\x78\x45\xaa\xdc\x52\x3b\xea\xff\x30\x70\xf7\x21\xc3\xc0\x71\xea\xa3\x19\xb7\xa4\x7c\x1b\x20\xd3\x00\xdc\x03\x21\x90\x9b\x66\x9e\x57\xd3\x9a\x1c\xe2\xfd\xbe\xaa\xfa\xc2\x13\x50\xec\x2d\x6e\x6d\x5b\x88\x01\x86\xc0\x28\xa8\x61\x47\x4d\x50\x76\xa4\xad\xc5\x03\x2f\xec\x91\x40\x78\x7c\x36\x80\x6e\xf7\x9c\x72\xe3\xa1\x9d\x8c\x8b\x70\xbd\xaf\x20\x72\x95\x54\x2d\x96\x82\x5a\x5d\xe7\xdf\xe1\x08\xef\x57\x45\x99\xb8\xf1\x84\xc6\x3a\x5a\x13\x1d\xb1\x9b\x3b\xe5\x3f\x69\x9c\x10\xfc\x4c\xa7\xc6\x3f\x35\x00\x21\x1b\x35\x6a\x0a\xc6\x64\xdd\xfc\x1a\x92\x52\x59\x00\x26\x39\x5b\x47\x9b\xe9\xa5\xe4\x75\x84\x23\x56\x0b\x65\xbb\xce\x5b\xba\xde\x49\x3b\x13\xd0\x0c\xf8\xc1\xd3\xb7\xe9\x22\x13\x67\xe8\xf0\xea\xda\xb6\xe6\xd1\xb5\xff\xfd\xe7\xb2\xd7\x41\xfc\x2c\x83\x02\x24\xff\xf7\xff\x14\xae\x5c\x07"},
+{{0x22,0x73,0x94,0x2d,0xb3,0xe5,0xd3,0x22,0x1e,0x80,0xd9,0x94,0xfd,0x5e,0x11,0x63,0xaf,0x55,0xf5,0x45,0x5a,0x8e,0x52,0xbe,0x85,0x2d,0xd3,0xad,0xf7,0x62,0xb4,0x40,},{0xbc,0x58,0x67,0x4e,0x99,0x6b,0x6f,0x3e,0x32,0x20,0xb3,0xe9,0x4f,0x00,0x67,0xbb,0x0e,0x9b,0x0d,0x97,0xd9,0xe1,0x05,0x9c,0xf1,0x39,0x97,0xa1,0x93,0xac,0x03,0x2a,},{0x87,0x4d,0xde,0xce,0x08,0xf3,0x0b,0x30,0xf0,0xd4,0xc8,0xb3,0xed,0x7c,0x61,0x51,0x49,0xb8,0xaa,0x74,0x0d,0xaa,0x34,0x7b,0x55,0x95,0x8f,0x1e,0x21,0x19,0x04,0x4f,0x69,0x5a,0x21,0x06,0x96,0x90,0x50,0x64,0x48,0xd8,0xe7,0x35,0x2b,0x90,0x46,0x51,0x1d,0x7f,0x39,0xa5,0x41,0x5b,0xb9,0xc5,0x70,0x50,0xfc,0x17,0x05,0x5c,0x38,0x08,},"\x8a\xa0\x50\x9e\x4b\x91\x41\x86\xff\xff\x07\xae\xb9\x7a\x04\xb5\x46\x27\x2d\xa2\xf9\xea\x7b\xfa\x65\x9a\x24\xcb\x50\x96\x6c\x23\xeb\x65\x42\xe4\xf2\x2d\xeb\xe3\x3b\x65\x76\x92\x45\xc4\xd1\xb5\xdc\xf3\xe6\x99\xc7\x0c\x5c\x2b\xaa\xd9\x73\x4e\x9d\x1e\xfe\x54\x48\xab\x71\xc8\x94\x6a\xec\xce\x52\x68\xd2\x6f\x19\xcf\x60\x5e\xb3\xbf\x38\xb0\xb3\x32\x26\x94\xac\x0d\xcb\x76\xb0\xf9\x46\x84\x2f\x6c\x5c\x68\xd7\x63\xfc\xe7\x47\x01\xbd\x6b\x78\xe7\x1c\x8c\x31\x42\xad\xd4\xed\x46\xe0\x96\x9b\xb9\x55\x5b\xe0\x36\x02\xd5\x62\xe4\xc8\x9f\x3a\x91\x99\x40\xe8\x83\xa9\x69\x40\x54\x2f\x27\x79\xfb\xf9\xec\x0a\x28\x5d\x9d\x8a\x72\x36\x01\x46\xe3\xff\xbd\xb7\x8d\x21\x03\x16\x03\x8d\x95\xd6\xab\x75\x71\x65\xaa\x94\x3c\x03\x3e\xeb\xb3\x21\xc0\x5a\x39\x95\x69\xbc\xf6\x6b\x4d\xdb\x0b\x2e\x0e\x33\xc4\x79\x3d\x81\x7c\xcf\xf5\x7f\x99\xb3\x18\x9c\x60\xd5\xd7\xb9\x41\x9d\x1e\xbc\x94\x3a\x79\xd4\xd8\xc3\x94\x56\x61\x80\x59\x4f\x55\x9a\x80\x52\x9c\xc1\xba\x28\x87\x7a\xf8\xf5\xc0\x50\x3e\x94\x3c\xd3\xaa\xd9\x98\x11\x64\x52\x72\xda\xfb\x49\xb9\xb3\xe6\x10\x7e\xb5\xe5\x18\x6e\x16\x08\x75\x71\x26\x05\x3d\xeb\xce\xc7\x5d\xd9\x56\x5c\xee\xa0\x6a\x13\x91\xa8\x22\x6d\x1f\x45\x93\x79\x22\x40\xcc\xd9\x7c\x67\xa6\xc2\xb1\x34\x4c\x22\xc9\x1f\x42\x03\x3a\xde\xf5\x28\x61\xf3\x2a\x4e\x07\x12\xa9\x17\x87\x9a\x0b\x05\x18\xb5\x42\x4b\xcd\xc0\x54\xb4\x4e\x97\x2e\xd2\x4d\x01\x68\x9f\x4f\x27\xf5\xf1\x76\xf0\xa5\x78\xab\x2d\x3c\x08\x78\x27\x2e\x8c\x08\xc2\x15\x82\x11\x86\x54\x12\x4d\xca\x39\x58\x53\x37\xc1\x3c\x18\x65\x81\x4c\xaf\x09\x96\xca\xdf\xa6\x5b\xe5\x80\xde\xe3\x22\xeb\xcc\xda\x70\x4b\x22\x80\x58\x26\x04\x06\x7d\xc3\xc6\xb1\xf7\xd8\xa2\x69\x78\xa6\x5c\xff\xd1\xed\x31\x96\xa2\xb0\x65\xfb\x3c\xaa\x79\xe6\xb5\xb6\x6c\x13\xd7\xbd\x7d\x0e\xc1\x4a\x3a\x4d\x58\x41\x3f\x21\x2f\x47\x1e\xca\xad\x3a\x84\xaf\x35\xe5\x98\xa8\x9f\xb3\x44\x7d\x33\x24\xf0\x20\xfb\xf1\xb7\x3e\x2a\x98\x6e\x0d\xa1\x6c\x01\x83\xbf\x92\xa3\x98\xc4\x19\xa0\xf9\xf3\x05\x37\xbe\xa0\xdf\x8d\xf2\xdc\x53\xc1\x54\xe8\xea\x16\x06\x89\xe7\xbb\x4d\x72\x9d\xd8\xab\x90\x03\x14\x27\xaa\x39\x45\x86\x3a\x85\xe8\x96\x52\xb9\x35\x38\x05\x16\x6f\x7c\x0a\x18\xc9\x39\x95\x4b\x27\x87\xc3\x70\x94\xf9\x25\x12\x72\x2e\x52\xb0\xc9\x76\xb9\xe4\x2a\xf4\x03\x9d\x2c\x05\x78\xff\x14\xfa\xe1\xd8\xc2\xd1\x39\x6b\xeb\x2d\x6a\xa6\xeb\xd5\x54\x74\xa9\x34\x98\x67\xa0\x3f\x3a\x99\xd7\x87\x80\x63\x4a\xb4\xb3\x5c\xfe\x1b\x87\xa9\x13\x32\x52\xa6\x98\xbc\x40\x7d\x63\x84\x28\x70\xe2\x2c\xcf\x39\x33\x62\x0a\xc0\x42\x3c\x3d\x1f\x68\x1d\xd7\x3c\x01\xd0\x6c\x3b\x94\x15\x06\xc9\x8e\xed\x9b\x78\x68\xe0\x17\xb7\xf9\x97\x16\xb0\xb7\x7f\x11\x32\x1e\x5a\xb2\x3d\xbf\xcf\xca\x93\x50\x84\x5e\xe1\x80\x44\x4c\x50\xff\x0a\x9c\x96\x5f\xcb\xf7\x77\x70\x8e\x4f\x34\xcc\xc6\x37\xc6\xa0\x8d\x85\x43\x84\xf8\xd3\xe2\x51\x69\x56\xc1\x51\xd0\x31\xbb\x1c\xbe\x71\x2a\x5e\xf9\xee\x16\x61\x92\x28\xbd\x29\x6f\x2a\xfe\x58\x2d\x99\x53\xd5\x90\xd1\x8b\xb2\x05\xf7\x0f\x84\x4c\x16\xc0\xa2\xd8\x31\x80\x37\xd4\x3d\xd8\x0f\x65\xc6\xa7\x53\xf2\xa8\xe2\x7c\x89\xc8\x3e\x7e\xd7\x0c\x52\xf7\x06\x2d\xfb\xb1\xf5\x44\xaa\x23\x6b\x5c\x70\x4e\x7b\x39\xce\x0a\x55\xfd\x46\x52\x80\x83\xca\x61"},
+{{0xdb,0xfa,0x45,0xab,0xaa,0x55,0x41,0x52,0x38,0xb1,0x28,0x76,0x34,0xd5,0xee,0xc4,0x02,0xda,0xdf,0x62,0x2e,0x27,0x0c,0x04,0xa8,0x91,0x4c,0xed,0x27,0x0a,0x72,0xbe,},{0xc0,0xfe,0x32,0x35,0x81,0xea,0x29,0x67,0x50,0x79,0x7e,0xb5,0x50,0x8c,0xa1,0x9a,0x58,0x3b,0x53,0x7f,0xa7,0xdf,0x45,0x29,0xf0,0x80,0x4a,0x33,0xc1,0xa4,0xbe,0xf4,},{0xa4,0x62,0xa9,0xba,0xa5,0x6d,0xc0,0xf7,0xa7,0x1b,0xf8,0x7b,0x95,0xf4,0x8d,0x64,0x20,0x22,0xd9,0xd1,0x73,0x3e,0xe3,0x68,0x37,0x77,0xa3,0x78,0x22,0x28,0xac,0x85,0xfc,0xd8,0x30,0x26,0xbe,0x4c,0xa9,0x7a,0x34,0x5b,0x08,0x4f,0x50,0x87,0x4e,0x91,0x24,0xe1,0x6b,0xa1,0x7d,0xea,0xd4,0xad,0x85,0xc0,0xe5,0x6f,0x16,0xef,0x18,0x04,},"\xe2\x6e\x8d\xcb\x44\xe6\x41\xfc\x20\x08\x0e\x95\x47\x4b\xd3\x9d\x71\x6c\x5a\xfe\x5a\x1f\xfb\x05\x6d\x1e\xaa\xb0\xc4\x9f\x85\x70\x71\x7d\xb6\x43\x7a\x03\x22\x8a\x9a\xd9\xf4\xbb\x0b\x34\x3b\x95\xe1\x60\x23\xc0\x80\x7e\xb2\xa1\x51\x06\xa6\xeb\x12\xdc\x76\x68\x3e\x69\xdd\xa3\x36\x31\x48\xc5\xd7\xdd\x97\x13\xaf\x6f\x87\xa0\x94\x10\xea\x8f\x76\xb6\xb7\x8a\x11\x44\x29\xbc\x85\xf7\x84\x81\x2f\xca\x31\xac\xb0\x30\x95\x52\xcc\x18\x8c\x6e\x96\x97\x09\x3c\xf4\x04\xc6\xf0\xf4\xab\xe8\xa1\x60\x86\x73\xfd\xfa\x5e\xb7\x8f\x65\xfc\x1d\x49\xcd\xec\x40\x94\xb1\xbd\x23\x4a\x46\xe0\xec\x62\xa4\xb6\xd3\x1b\x82\x96\x11\x54\x01\x27\x87\x6b\xff\x4c\x17\x3d\xe0\x58\xcf\x61\x00\x4b\x01\x4a\x7b\xdf\x79\x3d\xfd\x6b\x63\xc5\x07\xd2\xb2\x3e\x0f\x56\xbc\x2f\xe6\xba\xf6\x37\xce\xe4\x0d\x18\x99\x22\x95\xd8\x48\xef\x49\x8f\x8a\x16\x1b\xd8\x7e\x60\xc9\x1f\x97\xa9\x1e\x9e\xf3\xf6\xd9\x7f\x2b\x2d\x21\x04\xba\x6f\xdd\xd6\xc6\x80\x70\x62\x73\xda\xe8\x7e\x6e\xec\x1a\xf2\xa4\x59\x84\x98\x50\x69\xe8\x09\xe8\xde\x32\xc1\x28\x89\x29\x9a\x32\xd4\x0f\x38\x77\x45\x99\xac\x33\x24\xb7\xcb\x0a\x4e\xa6\x32\xc5\xf9\x10\xad\x87\xf5\xad\xbf\xa5\xc3\xbb\x20\x49\x82\x79\xfd\x53\xc1\xc2\x67\xfe\x0a\x84\x77\x30\x85\xda\x26\x6b\x25\x3c\xd8\x53\xdf\x7e\x96\x35\x58\xcb\x06\x88\x07\x80\x97\x34\x23\xc5\x64\xcd\x0b\xcd\x6b\x93\x33\x4c\x19\x59\x53\xd7\xcd\x89\x9f\x8a\x54\x7d\x1a\x1a\x0a\x8d\xef\xf1\x38\x1b\x43\x21\x57\x47\x28\xcf\x71\xb9\x6f\xf2\x09\xe8\x99\xda\xa8\xf1\x3f\x41\xb2\x30\xe1\x7b\xff\xdf\xdd\x2a\x89\x43\xaa\x5d\x21\xe5\xf3\x6e\x1d\xa0\x7e\xdd\x6c\xee\x92\xdc\x48\xb5\xb2\xa7\x58\x01\x46\xa9\xba\xf7\x13\x95\x0c\xe6\x76\x25\x5a\x89\xe3\x4f\x87\x87\x54\x7d\x62\x86\x8d\xb1\x4b\xa4\x65\x94\xda\x31\x0d\x7e\x2d\x9e\x7c\x7d\xbe\x17\xdb\xd7\x1e\xb4\x7c\x56\xc5\x72\x1d\xc9\x6d\x69\x64\x70\x57\x37\x94\x80\x94\x11\xcd\xfa\x27\x6b\x05\x9d\x00\x07\xc2\x5d\x74\xb2\xa6\x7d\x38\x24\x6d\xe1\x1e\xf4\x6d\xfe\x26\x70\x92\x6f\xe4\xb6\x36\x56\x23\x1b\xc7\x26\x8b\xba\x23\xf3\x78\xe8\x4a\x42\x8c\x3c\xbf\x45\xcc\x53\x96\x78\xfd\x46\x7c\xd3\x3d\xd0\x75\x7c\xfa\x02\x4e\x54\xda\x1f\xf5\x4c\xe8\x20\x22\x9b\x77\x8b\x18\x4b\xe1\xfa\x2e\x84\x68\xcc\x19\x95\x59\x40\x73\x5e\xaa\xa8\x84\x02\x2f\x64\x18\xb0\xb1\xf2\x6b\xcc\xf1\x69\xf1\xbc\xac\x7d\x82\xa3\x5a\xb6\xef\x84\x7e\x1d\xba\x53\x7d\xca\xff\x57\x25\x0a\x8d\x1c\x71\xfa\xcb\x13\x4c\xd0\x6b\x01\xc4\x53\x19\x13\x27\x45\xdc\x48\x88\x88\xa1\xd7\x76\x1b\x84\x86\xa3\x7e\x69\x88\xa1\x12\x0b\xcc\x16\x82\xdb\xfc\x89\x14\x3f\xc3\x5b\x46\x93\x5d\x8a\xcf\x6e\xf3\xc4\x2f\x0f\x4b\xf6\x79\xdf\xd6\xff\x44\xb6\xad\xa2\x6b\x01\xa9\xf8\x9f\x37\x4c\x7d\x2e\xe4\x8d\xfe\x1a\x41\x0e\x89\x7c\xdf\xd9\x7f\x62\x6d\x26\x68\x50\x28\x14\x40\x07\x93\xb3\xb0\x7c\x87\x20\xbb\xdd\xc5\x9c\xb0\xf9\xde\x96\x4a\xe0\x75\xb4\xaf\x3d\xd4\xba\xf6\xd0\xe4\xf9\x4f\x29\x4e\x81\x09\xd6\x57\x7c\x4f\x8a\x9c\x7a\x5f\x7d\x69\x4b\xf8\x8f\x1a\x5e\xa7\xeb\xa0\xa6\x6d\xa6\xc7\x70\xc0\x8b\x3a\xbf\xfc\x53\x4d\xf2\x19\xdc\x3e\x33\x23\xb0\x22\xe9\x6c\xc8\x60\x02\xb1\x89\x18\x1a\x1d\x2b\x52\x7d\x27\x95\x0b\x7f\x42\x5a\x47\xda\x40\x13\x77\x8b\xd0\x0b\x71\x10\x59\x22\x20\x49\x21\xe9\xdc\x69\x2c\x23\x3f\x7b\xaa\x04"},
+{{0xef,0x64,0xe1,0x7a,0x53,0xf7,0xfb,0xca,0xfe,0x3e,0xa4,0x68,0x76,0x84,0xa0,0xda,0xdb,0x18,0xd0,0x37,0x35,0xa4,0x0a,0x53,0xb3,0xed,0xb0,0x49,0x07,0xee,0x61,0x62,},{0x91,0x86,0xe6,0xbc,0x14,0x29,0x61,0xc4,0xd3,0xeb,0x36,0x9e,0x9e,0x11,0x57,0x82,0x92,0xde,0x5b,0x6a,0xf5,0x34,0xd4,0x23,0xff,0x24,0x0f,0xa2,0x6e,0x21,0xa7,0x81,},{0xf5,0x8f,0x39,0x6b,0xa2,0x7e,0x06,0x7a,0x5f,0xe0,0x03,0xe3,0x85,0x58,0x2a,0xe3,0x49,0x0e,0x05,0x95,0x77,0x15,0xd7,0x04,0xda,0x0d,0xa6,0x3a,0x64,0x19,0xd2,0xe4,0xf6,0xdc,0x66,0xb7,0xe8,0x8e,0x42,0x8a,0x6f,0x21,0xb9,0xea,0x20,0x22,0x99,0xa3,0xc3,0x6b,0x24,0x2b,0x0e,0xa0,0x64,0x76,0xff,0x12,0xd0,0xb6,0x58,0x0c,0x04,0x03,},"\x68\x82\x45\x6c\xc3\xd1\xad\x0d\xaa\x9b\x88\xef\xf0\x96\x9f\x15\xe9\x7b\x48\xd0\x51\x96\x7e\x13\x90\x84\x72\x25\xf2\x6a\xc2\x55\x59\xf0\x24\x6b\xf7\xd6\x83\xfa\x28\xec\xed\xad\x21\x49\x1d\x77\xbd\x26\x96\xfa\x83\x5d\x0f\xd1\x19\x88\x4f\xec\xe9\xd8\x03\x69\x1b\x2f\xd3\xde\x17\xee\x08\x7c\x74\x00\x7a\x7d\xe9\xbc\x65\x34\xbb\xfe\x95\xfd\x32\xe9\x7c\x37\x5f\x4c\xb6\x57\x31\xaa\x1e\x83\x46\xbe\xa2\x1b\xe9\xf2\xc3\xdc\x87\x4a\xf0\x43\x19\x06\xcc\xbc\x2c\x60\x01\x27\xf4\xd3\xb0\x69\xeb\x09\x1d\x16\x5e\xc4\x53\xe6\x72\xe9\x3c\xae\x8b\x72\xf0\x33\x71\xd8\xb8\xa8\x24\x4e\xc4\xec\x2e\x09\xf3\x1d\xf4\x02\x06\xa2\xb1\xc8\x4c\xaa\x1b\x99\x3c\xc6\x75\xfd\xe1\xc7\x9b\xd4\xa7\xd1\x59\x74\xfa\x29\xce\x2e\x89\x2c\x28\x99\xcf\x48\x2c\x3d\x96\x63\xf6\xd2\xa7\x97\x84\xf4\x1c\x1f\x58\x66\xd3\x7c\x85\x46\xf3\x57\xd5\x64\xd3\xc4\x21\x8d\xfa\x6d\x20\xb6\xc2\x82\xb4\x00\xfe\xdd\xe5\x24\x39\xd4\x72\x21\x2c\x57\x67\xa3\x5d\xa5\x20\x10\x32\xda\x87\x30\x96\x8b\x07\x20\xe8\xa6\x04\xde\x6c\x1b\xaa\x3f\x4e\x89\x6a\xc2\x61\x4f\xb1\xab\x6e\x3f\x6c\xf3\x87\xa8\xeb\x2f\xf8\xa9\x21\x47\xab\x34\x92\x38\x43\x2e\x50\x9d\x82\x9c\xb7\x5b\x2c\x17\x65\xc5\x12\x21\x84\x8e\x25\xaf\xff\x5f\x16\xe4\xdd\x0c\xd5\xc9\xf7\x13\xc4\xaa\xab\x2c\xe8\x36\xf8\x49\x45\x06\xb5\x30\x9d\xc2\xb0\xae\x74\x5b\xb9\xc4\x79\x80\x98\xfb\x86\x41\xd5\x20\xa0\x8b\x02\xf7\x5a\xd8\x0d\xbc\x2c\xe2\x9e\x89\x0b\x4d\x72\xa3\xff\xb2\xa1\xcb\xd5\x38\xe1\x22\x9f\x57\x9c\x29\xae\x66\xbc\xa8\x5e\x0f\xa0\x8c\x86\x47\xa1\xab\xcf\xe8\xa4\x9f\x5e\x50\x8d\x4d\x24\x95\x55\x66\x23\xd9\x26\xce\x49\xef\xa4\x35\x0a\xaa\xab\x5c\xec\x2c\xd8\x85\xbe\x1d\x63\x47\x5e\x3b\xab\x7c\x7c\xdc\x8d\x65\x61\x73\xb8\xd4\x56\x02\xf4\xb3\xd2\x81\x24\x1d\x17\x19\x03\x27\xb2\x4c\x38\x36\xb1\x93\x11\xa1\x93\xaf\x86\xa6\x76\x8f\x04\x85\x2a\xb0\x6e\x67\xc8\xea\xd5\x91\xcd\xcb\xf3\x78\x9c\x61\x32\x09\xcf\xe0\x3f\x58\xc0\x30\x5f\x63\x20\x3b\x48\x7f\x7c\x5f\xc0\x98\x87\x7e\xc9\x8a\x68\x9c\x9d\x35\xaf\x81\xe8\x40\x78\xd6\x6f\xe9\xe4\xec\xcb\xb1\xcc\x6c\x71\x99\x1c\x03\x01\x7b\xb8\x11\xf4\x1f\x07\xde\x68\xfa\xd1\x94\x14\x60\x61\x32\x4f\x3d\x0e\xf2\x17\xa5\x4c\xf3\x8f\x7a\x62\x5a\x38\x86\x9f\x67\xd0\xb7\x43\x1d\xf9\x37\xcd\xe3\x49\xc1\x75\xce\x8b\x26\xac\x88\xd3\x9a\x43\xe2\x79\xb0\x18\x76\x4e\xfa\x4d\xd6\x27\xcb\xf5\x91\xf6\x20\x9c\x4a\x5b\xb1\x9e\xbf\xa7\xc7\x13\x55\x92\xd0\x2e\x50\x1c\xae\x5e\x6b\x31\xc9\x0e\x72\xfa\xab\x47\xf7\xdc\xed\x2c\x48\xad\xf8\x84\x43\xb3\xed\xe6\x0c\xef\xb0\xd6\x37\x9d\x69\x22\xec\x43\x7f\x08\x6b\xad\x62\x17\xd4\xd4\xff\xef\x18\xe2\x25\x23\x66\x4b\xf4\xe9\xca\x1e\x65\xa2\x8c\x2a\x7a\x60\xc5\xf6\xbc\x90\x6b\x73\x7c\x29\x93\x5f\x90\x97\x46\x30\x48\x57\x5b\xef\xd1\xa2\x54\x9d\xc4\x74\xb1\x3e\x68\xae\xec\xf1\x66\x04\x3e\x07\x5a\xac\x51\x55\x40\xf8\x31\xb4\x30\x66\xce\xf9\x32\xe6\x3d\xcd\x5b\x37\xb6\x15\x78\xc3\x5b\x09\xe4\x5c\xc2\xa8\xde\xf5\x71\x03\xed\xfc\x5f\x64\x98\x31\xa8\x96\x1f\xe4\xa4\xb3\x72\x1f\x1d\x6d\xf4\xea\x9f\x03\x38\x81\xb4\x74\x30\x0e\x0f\x12\xcb\x9c\xd3\xba\xbd\xcf\xfb\xb9\x18\xdd\x9b\xb0\xe2\xf5\xb2\x10\x33\xe4\x30\x23\xa0\xd2\xe6\x6d\xa3\xab\x0f\x07\xee\x98\x8b\x16\x88\x9c\xa5\xd5\x1a\xbd\xc0\x5f\xde"},
+{{0x33,0x47,0xdc,0x47,0xbb,0x3d,0x2e,0x5d,0x02,0x86,0xac,0x06,0xa5,0x4f,0xd9,0x21,0xc9,0xe9,0x6b,0x68,0x99,0x86,0x2a,0x54,0xe5,0xcc,0x81,0x15,0xd3,0xd0,0xba,0x99,},{0xd0,0x0b,0x64,0x5d,0x86,0xdb,0xb7,0xe5,0x24,0x75,0x7e,0xc7,0x78,0xc6,0x2b,0x7e,0x60,0xd0,0xb6,0x57,0x68,0x83,0x33,0x8c,0x9b,0x67,0xc2,0xc7,0xe4,0x50,0x92,0x68,},{0x9a,0xb4,0x29,0x9b,0x17,0x72,0x93,0x44,0x75,0x0b,0x69,0xdc,0x60,0x37,0x36,0x8c,0x98,0xf4,0x7b,0xe6,0x27,0xfb,0xd9,0xad,0xfd,0x8d,0xb3,0x9f,0x99,0x64,0xdd,0xb7,0xbc,0x92,0xd6,0x74,0xc7,0xbe,0x74,0x07,0x56,0x39,0x6b,0xaa,0xee,0xac,0xbf,0x74,0x94,0x7b,0x61,0x91,0xc6,0xed,0x1f,0x5d,0x32,0xa6,0x3d,0xf3,0x6d,0x54,0x26,0x01,},"\xe2\xf4\x8e\xdf\x9d\x64\x33\x20\xab\x99\x1c\x8f\xf9\xf6\xaa\x75\xfe\x06\x6e\x7d\x88\xff\x1e\x47\x2a\x5a\xc9\xc5\x18\xde\x1f\xb6\x29\x83\xb1\x00\x7f\x64\x22\x80\x91\x17\xbd\xbe\x8a\x0e\x57\x87\xf6\x6b\xb0\x57\xd2\x7f\x12\x9a\x20\x0b\x40\x57\x6e\x17\x19\xcf\x9e\x98\xfc\xb7\x2a\xf9\x4b\xb8\x2e\xe7\x0f\x37\x19\xa2\xe2\xcd\x9b\x64\x77\x7c\xea\x5e\x44\x64\x59\x87\x4b\x74\xbf\xbf\x56\xb2\xd2\x52\x64\x00\x59\x2a\x9b\x45\xa5\xcb\x79\x80\x92\xb6\x0a\x81\xb7\x1d\x82\xf0\x68\x5f\xae\x7f\x81\x0b\x52\xd2\x26\xad\xac\x7a\xd8\xa9\x18\x3f\x09\xfe\xbe\xe9\xd2\x50\x46\xc0\xfe\x30\x66\x81\xac\xe2\xbf\xf9\x1b\x34\x82\xb0\xbc\x30\xb2\x02\x1c\x43\x41\x64\x5d\x67\x51\x34\xfe\x30\x81\xc5\x1e\x5c\x59\xe4\x0b\x37\x5a\x14\x34\xf6\x3b\x42\x6e\x30\x53\x0d\xa9\x35\x3b\xb2\xa9\x42\x32\x20\x43\x4a\xe5\x9d\x7b\x6f\xdc\x14\x3f\x49\x82\xeb\x8c\xfa\x77\x51\xb7\x5b\xf3\xe9\xc9\x13\xc7\x3b\x76\x0b\x07\xd3\x95\x31\x0c\x59\xf3\xb7\x7e\xbf\x12\xed\x2d\x7b\x03\x59\x0d\x33\x17\xaf\x17\xdf\x42\x1e\x78\xb0\x84\x9f\xd5\x6d\x94\x5c\x56\x96\xa0\x40\xfc\xaa\x78\xa9\x3e\xcc\x16\xd5\xac\x34\x45\x06\x36\x11\xf3\x01\x3e\x9a\x3a\xe2\xe1\xc2\x70\xdd\x01\xa8\xff\xe3\xe6\x12\x6b\xc1\xe4\xc9\x5f\x65\x47\xa8\x65\x1f\x26\xb6\x40\x4e\x39\xee\x4c\xe7\x61\x89\x18\xf3\xf9\x37\xa5\x25\x73\xec\x27\x7b\x77\x1e\x91\xad\x09\x6f\xa1\x5c\x7a\x34\x0a\x80\x9b\x47\x03\x18\xa4\x63\x64\x23\xeb\x48\x88\xa1\x21\x60\xc4\x66\x3f\xce\x29\x96\xd6\x38\x89\x6c\x83\x9b\x2c\x7a\xd4\xb3\xa9\xb2\xe6\xcb\x71\xe9\x12\xfe\x39\xb8\x43\xc6\xe0\x83\x2e\xca\x22\xde\x93\x8b\x50\xae\x86\x3e\x48\x58\x2c\x10\x85\x12\x32\xf7\x5e\x52\x25\xb8\x89\x6b\x5a\x47\x0f\x81\x8b\x6f\xa3\x9e\xb7\xbb\x59\x03\x57\x67\x86\x12\xd2\x5f\xe1\xa4\x0e\xa1\xb9\xd7\x1d\x88\x09\x09\xc1\xbd\x4a\xd1\x76\xcc\x0c\xef\xfd\xce\xe7\x09\x9e\x78\x82\xa7\xc9\x07\xe4\xbe\xc7\x98\x30\xc6\x77\x1a\xcb\x89\x94\x4b\xd5\x4a\x51\x65\xb3\x18\x70\x91\x69\x21\xb1\x98\xac\xd4\x43\x2e\x7e\xed\x8c\xe1\xde\xb3\x45\xb1\x07\xed\xa7\x60\x26\x6f\xcb\xda\x3b\xa5\x22\x94\x00\xa3\x03\x60\xa4\x64\x5c\xa8\xdb\x38\xc3\xd5\xf4\xa8\xde\xf1\x57\xbb\xdb\xbf\x2c\x1f\xa1\xdc\x6b\x05\x14\xa4\xf5\xa0\x36\x4f\x92\x83\x81\xb4\x0f\x95\x57\x9a\x26\x46\x7f\x22\x82\xa8\xa2\x55\x75\x84\x02\xac\x9c\xa8\x0e\x89\xb9\xcc\x68\x60\xa3\x4b\xb3\xf9\x0c\x32\x37\x65\x7c\x21\x29\xea\x48\xc8\x52\xb9\x25\x69\xe8\x11\x06\xbc\xe4\x61\xe2\x02\x44\x54\x82\x1a\x91\x75\x92\xd1\x99\x1b\x5b\x69\xf2\x7b\xbe\x01\x99\x77\x52\x8a\x2f\xc0\x11\x92\xc5\x6b\x4a\xea\x87\x3c\xf8\xc5\x8d\xfd\x7c\xb4\xb0\xe9\x17\xe8\x7a\x87\x04\xc9\x92\x82\x0f\x98\xd7\x74\x04\xd3\xf1\xd2\x05\x0c\x67\x43\xf6\xe9\x3c\xdb\x51\xa6\x1a\xa6\xf4\x5b\x35\x1b\x26\x46\x1d\x13\x29\xf3\x15\x12\x72\xac\x39\x62\x34\xd0\xd6\x7c\x17\x8a\xcf\x91\xfc\x51\x0d\x86\x42\x9c\x69\xa8\x7f\xdf\x10\x11\x55\xda\x8d\x94\xde\x67\x22\x23\x8a\x6f\xb1\x70\x16\x86\x2b\x11\xd5\x02\xc6\x67\xee\x9c\xa0\xaa\xbe\x1c\x20\xb9\x77\x89\xf1\x86\x7a\xdd\x78\xb8\xb8\x7e\x9a\xb5\x19\x34\xc0\xb4\xa1\x6c\x2c\xbc\x4d\x2e\xfe\xdb\x79\xc0\x5b\x23\xe0\xcf\x78\x92\x01\xac\x75\xfe\x07\x6d\x31\x5f\xcb\xac\x20\xba\x0d\x31\xe4\xdc\x61\x69\x27\xd6\xea\xb1\xb1\xc8\x7a\x1c\x9c\x77\x8e\x4b\xd2\x85\x29\x58\x74"},
+{{0xff,0x15,0xd6,0xe7,0x4e,0x28,0xe4,0x1d,0x05,0xa8,0x66,0x3a,0x70,0x2f,0x03,0x8d,0x5b,0x85,0x78,0xc4,0x27,0x5e,0x77,0x2b,0x73,0xba,0x44,0x0b,0xc5,0xf5,0x5a,0x06,},{0x47,0x47,0xe2,0xe9,0xb8,0x26,0x37,0xb3,0x84,0x4b,0x85,0xf7,0x5b,0x59,0xf7,0x13,0x6b,0x7f,0xdb,0x1a,0x62,0xe7,0xb7,0x0d,0x6a,0xac,0x17,0xb3,0xc5,0x75,0x2f,0x2f,},{0x42,0xc1,0x29,0x5f,0xaf,0xe2,0x6d,0xe3,0xea,0x34,0x92,0x6b,0xf1,0xef,0x80,0xbc,0xaf,0xe4,0x7b,0x21,0xb9,0x0e,0xae,0xd1,0x96,0x35,0xed,0x75,0x38,0xd7,0x67,0xcb,0xf3,0xa1,0xe5,0xde,0xda,0xab,0x82,0xad,0xf7,0x51,0x20,0x37,0x3e,0x92,0x32,0x02,0xf7,0xfd,0xa0,0x82,0x67,0x84,0x29,0x2e,0xba,0x8b,0x23,0x8b,0x6c,0xb8,0x83,0x04,},"\xce\x7b\xf9\x72\x84\x4f\x51\x84\xae\x8e\xac\x87\xb1\x2b\xe9\x20\x2c\x72\x39\x96\x1d\xc2\x3c\xd4\x1f\xf5\x5b\x9b\xfa\xac\x0c\xc0\x6f\x3f\x1d\xec\xfa\x95\x71\x09\x5c\x8e\x82\xb4\xeb\x6f\x8a\x1c\x52\xc8\xd3\xde\xaa\x61\xa9\xaa\x94\xe2\xec\xd9\xab\x5b\x80\x63\xf2\xda\x6d\x80\x15\xdf\x0a\x51\x44\xfa\x3a\x48\xe3\x05\xad\x9f\x41\xea\xa1\x1c\x4d\x74\x85\x43\x74\xec\xbf\x38\x2e\x30\x02\x57\x9a\x9a\x24\x9e\xfa\x1e\x1c\xa0\x4d\x33\x84\x47\xd7\xf2\x20\x67\x03\xe6\xca\xbf\x5b\xbd\x33\x2b\x42\x57\x3b\xcb\xd3\xb6\xf7\x1b\x7c\x3b\xf7\x3d\x4c\x77\x4a\xa0\x1e\x86\x68\x41\x43\x28\x29\xd0\x7f\x96\xe1\xf6\x1a\x20\x21\x6d\x96\x8c\x90\xe3\xed\x11\xf6\x63\xf7\xd6\x27\x16\x22\xfe\xfc\xf3\xab\x68\xf3\x44\x32\x85\x15\xd5\xcc\xe2\xce\x85\xe8\xbf\x3d\x1d\x09\x04\x36\x92\xe1\xfb\x8b\xbd\xdc\x07\xa4\xab\x0a\x3e\xef\x8c\xa6\xa4\x20\xe7\x4b\xff\x8d\x3d\x71\x55\x96\xaa\x82\x16\x82\x95\x4f\xe8\x96\x29\xae\x27\xc1\xbb\x03\xb6\xaa\x09\xf3\x6a\x39\xa3\xe3\x7b\xa9\x81\x32\xf4\xe2\x38\x88\xf9\xf3\x35\xe7\xbe\xaa\x2c\xb2\x72\x7a\xcc\x3d\x27\x77\x30\x9b\x85\x29\x52\x32\xe5\x4d\xa8\x8e\xbb\x6f\x10\x53\xd6\xde\x79\xac\x66\x09\x85\x2e\xb9\x3a\x0a\x35\xbc\x1a\x7b\xdc\x22\xd6\x28\xbc\x86\x12\x4d\x69\x6c\x3f\x98\x28\xb6\xf8\xb9\xaa\xde\x1a\x65\x21\x61\x77\x48\x6c\x25\x2a\x4b\x42\xd9\x0a\x4e\x0f\xea\x20\x93\x48\x9e\x24\x4d\x80\x8e\xf7\x02\x1a\x97\xd5\x60\x8c\x0a\xe1\xd6\x63\xc7\x75\xe8\xbb\x9e\x9a\x73\x15\xf1\xfe\xb6\xd1\x29\xb5\xa5\x41\xea\x59\x29\xa2\xc6\x33\xb6\xd8\xc3\xc4\x54\x41\x71\x79\x46\xcf\x87\x3e\x9b\x4c\x51\x21\x80\x13\x5d\x54\xf0\x53\xab\xe4\x4c\x6d\xf3\x9b\x7b\x06\x2e\xf7\x24\x01\x62\xcb\xd0\xb8\x51\xaf\xe5\xf9\x15\x36\xa9\x49\x94\x18\xe8\xbf\xf4\x99\x64\x73\xd8\x05\xeb\xc1\xae\x48\xda\x2d\x0b\x12\x9e\x8e\x82\x52\xf1\xd5\x3c\x32\x8f\x32\xdb\x25\x2d\xe3\xbe\xfb\xe5\xf3\x12\x80\x12\x11\x43\xa8\x00\x4a\x4c\xae\x63\x1c\x82\x74\x09\xe5\x20\xe3\x94\xcd\x0f\x89\x50\xcd\x4c\x3c\xf3\xf3\xdb\xd4\x95\x2a\x4d\xfe\x69\x87\x5f\x56\x53\x89\x06\x1a\xd0\xa0\xce\xe6\xb6\xaf\xf0\x9c\xec\xa2\x6d\x99\x0e\x89\x6a\x2a\xba\x9f\x3b\x26\x01\x5b\x63\x42\x37\x68\x68\x4c\x03\xed\x0d\xe6\xce\xe7\xac\x5b\xbd\xf9\xf4\x85\xc2\x27\x5c\xd1\x2a\xef\xa8\xf9\x07\xb8\x51\xa0\x2d\x51\xc3\x4f\x12\x1b\x77\xf3\xa5\x6a\x9e\xbd\x1d\x65\xff\xe8\x9b\xee\x38\x1f\xf2\xa7\x48\x0e\x89\x68\xcf\xf2\x5a\xc8\xd0\x4e\x14\x9a\x9d\x50\x27\xd1\x4b\x88\xf8\xae\x26\x04\xd2\xac\x22\xac\x67\xd1\x3e\x90\xad\xa6\x20\xc2\x04\x6d\x28\x29\x93\x84\xd0\x95\x9f\xb7\x6e\x22\x58\x87\x96\xce\x42\x7a\xae\xaf\x4e\x2a\x8a\xae\xc3\xe8\x7f\x84\xcc\xd0\x82\x52\x4c\x96\xd7\x66\xee\xc6\x6f\x0b\xec\x3e\x79\x95\x58\x14\x5f\x09\xd3\x30\x13\x4f\x1c\x63\xf3\x70\x53\xcd\x4b\xdc\x1c\x37\xfd\xe9\x72\x91\x85\x75\x51\xf5\x0a\xc8\xe1\x5f\x06\xac\x1c\x73\xda\xa1\xe8\xc5\xbc\x92\x77\xe3\xd6\x9c\xb4\x4a\x32\x37\xec\x57\xdb\xbc\xcf\xdf\x66\x85\xad\xa2\x0b\x74\xa1\xbc\x6b\x74\xab\x05\x69\x0e\xaf\x9b\xd0\xc4\xbe\x17\x04\x2f\x5c\xd3\x20\xcd\xd6\x13\xdc\x08\xd2\x9a\xf3\x46\xaa\x41\x91\xce\x0b\x4f\x85\xbb\x2a\xd7\xf3\xba\xc7\x38\xa9\x37\x7e\xc6\xb8\x40\x62\xcc\x70\xfc\xa9\xec\xfb\xe1\xf5\x7f\xe5\xb2\xce\x7a\x4f\x73\x9c\x81\xca\xbc\xde\x04\x64\x51\xdd\x61\xce\x1d\xbc"},
+{{0x1e,0xd3,0x7b,0x61,0x0b,0x8b,0x35,0x41,0x7d,0x04,0xe5,0x9a,0xaa,0xda,0xc6,0x88,0xff,0x81,0xf1,0xe5,0x07,0xc8,0x9b,0x4f,0x40,0x01,0x60,0x94,0x19,0x08,0xcb,0x8c,},{0x48,0xe8,0xcb,0xeb,0x12,0x40,0xbd,0xeb,0xf0,0xa2,0xd9,0x29,0x53,0xaa,0x89,0xb2,0x82,0xc4,0x9a,0xab,0x2c,0x38,0xae,0x69,0x04,0x4c,0x51,0x51,0x5c,0x33,0x00,0xd5,},{0x86,0x08,0x81,0x5e,0x10,0x59,0x0d,0x55,0x04,0x87,0x4d,0x89,0x99,0xfd,0x6f,0x09,0x62,0x6f,0x95,0x0b,0xe2,0x0c,0x91,0x2c,0x27,0xc9,0xde,0x6e,0x79,0xb0,0xfa,0xf7,0x77,0xa5,0x33,0xbd,0x5b,0xb6,0x67,0xab,0x51,0x3a,0x49,0x45,0x8e,0xcd,0x67,0x87,0xa0,0x9e,0xc0,0xdf,0x6c,0x9c,0x9d,0x63,0x33,0xc5,0xe3,0xae,0x61,0xea,0x37,0x0a,},"\x1e\x67\x67\xdf\x97\xdb\x1c\xfb\x40\x88\xda\x7b\x20\x0d\x9f\x59\xec\x8d\xd4\x53\x3b\x83\xbe\x30\x9f\x37\x65\x00\x31\x06\x57\x27\xcd\x52\x02\xce\xf4\x84\x26\xa5\xf3\xa1\x1d\x50\xb3\x81\xf8\xbc\x22\xff\x10\x18\x27\x35\x9f\x2d\x0a\x61\x0a\x4f\x75\x54\x64\xa0\xc8\x91\xcb\xd9\x8d\x2d\xcb\x41\xd9\x77\x9d\x28\x8f\xcf\x1f\xea\x62\xe5\x21\x63\xae\x67\xe9\x04\x28\xb8\x63\x98\xef\xa2\x18\xf1\xb9\x82\x08\x1f\xc5\x13\x30\x5f\xd3\xe8\xec\xe7\xf9\xac\xb0\xe1\x0e\x00\x1d\x2e\xd2\x99\xa4\x8a\x80\x87\x0b\x3d\x5d\x8a\xb9\x00\x63\x09\xb3\x15\x91\xca\xf0\x58\x33\x80\x07\x3a\x2d\xb6\x1f\x45\x25\x4a\xb9\x65\xb5\xe4\x67\x2c\x4b\xfa\xa8\x6e\x33\x6c\x49\x27\x85\x52\x72\x9f\xb2\xda\x76\xff\xe5\x02\xec\x61\xe1\x69\x6c\x7f\xc9\xef\x19\xf7\xcc\x2a\x27\x75\xb2\x97\x00\xcb\x38\x42\x94\x06\x3a\x17\xfe\xd4\xfc\x63\x5b\xc1\x32\x82\xa9\x0d\xad\x0c\x00\xaa\xdb\xcd\x56\x9f\x15\x6a\x85\x4f\x8b\xa9\xe7\xd6\x07\xd2\x0f\x2e\x9e\x53\x37\x98\x11\x61\xd8\x04\x64\x46\x68\xd0\x64\xfa\x63\xdc\xeb\x9f\x58\x01\x35\x3d\x0a\xb9\xf4\x1d\x1d\x8b\xdc\x76\xc1\x3a\xb2\xf0\x23\xea\x01\xad\xbc\x4c\x81\x68\xd9\x39\xe9\x8f\x64\xfd\x89\x19\x38\x4a\xbe\x76\x70\x92\x63\xc0\xcd\x7c\x3e\xfa\xdc\x28\x01\xcc\x4a\xbd\x80\xa0\x9b\xb3\xed\x6b\xb7\x8c\xd6\x20\x96\x9c\xd3\x5c\x6a\x3a\x5d\x01\x48\x5e\xad\x4c\x45\xeb\xb6\xac\x6a\x83\x21\x2a\x7c\x76\x67\x54\x27\xb2\x1d\xa8\xa7\xa5\x04\x7b\x30\xa6\x10\x0c\xda\x02\x47\x6c\x18\x6e\x6c\xe4\x0d\x27\x68\xa9\x42\xc9\xf8\x73\x05\xe9\xd3\x63\xb5\x24\xc0\x09\x4a\x9e\x2e\x29\xf5\x85\x89\x4c\x0a\xdb\xfc\xd6\x06\x90\xfc\x7f\xb0\xa9\xc7\x17\xcf\x43\xb4\x84\xfd\x45\x15\x1b\x13\x04\x16\x9c\x26\x92\x1d\xb2\x27\x6e\xc0\x5a\xd2\x2a\xd1\x66\x85\x4f\xd2\xf9\x40\x85\x77\x8c\x47\x0d\xc4\x52\xe5\xcf\xa4\xae\xe0\x4f\xac\xb7\x70\x52\x6e\x1f\x24\x8d\x3d\x15\xc2\x72\x80\xfd\xfa\x1f\xd2\xc1\x04\x4b\xcb\xc8\x81\xc3\xd9\x98\x15\xc9\x7f\xbe\xa4\x61\x10\xbe\x02\xda\xb7\x74\xf3\xa6\x10\xe5\x80\x2a\xbf\x36\xa4\x98\x75\xc6\x82\x63\x8e\x0a\xe4\xcc\x82\x77\xc5\xe9\xaa\x73\x07\x44\x5e\x6b\xbc\xbe\x54\x9e\xec\x2a\x45\xb1\x59\x7f\x74\x47\x10\x7b\x62\xe2\xce\xe0\xa5\xfc\x51\xbe\xae\x3e\x1f\xe9\xbe\xfb\x18\x85\xd9\xb3\x0f\x9b\x4f\x1f\x56\x20\x6d\xee\x0d\x67\x77\x9c\x57\xf4\x84\xc8\xc3\xc8\x99\xa5\x15\xa9\xd1\xc1\x0f\x60\x59\x84\x0c\x1c\x73\xd3\xf0\x5b\xcb\x88\x59\x0c\x52\xf7\xda\x39\x18\x38\xdc\x2e\x73\x22\x8f\x09\x81\xc2\x89\xa4\xc2\x7f\x0c\x75\x7f\xaf\x7b\x3b\x89\x14\x6e\x33\xda\xfa\x49\x0d\x9e\x0f\x92\x75\xb0\xcf\xa6\xa7\x71\x0a\x73\x83\x14\x59\x59\x5b\xf7\x32\x11\x2b\x62\xfc\x86\x4c\xa4\xc8\x29\x78\x4a\x3f\x16\xee\xc4\xe1\x8f\x93\x69\x18\xa7\xb9\x89\x16\x69\xe9\x33\x22\x3f\x74\x5f\xda\x56\x2b\xc0\xa4\xe6\x1e\x3d\x14\xea\x45\xdf\xc3\x27\xe2\xfc\x0c\xdf\xe6\xf2\xf9\x75\x46\xc9\x0f\xce\x82\xf5\x22\x29\x14\x80\x11\x1a\x1e\x6b\x93\x88\x27\x2c\x0b\xe2\x8d\x20\xed\x84\xbb\x84\xd4\x9b\xc1\x99\xcd\x59\x99\x48\xb8\xf2\x03\x9d\x07\x82\x7a\x3f\x40\x75\xd3\xa6\x7e\xe5\x72\xa0\x13\x79\xa3\x62\x13\xfe\x11\x6e\x76\x8b\x41\x14\xe8\xa4\xb3\x13\x4c\x38\x18\x96\x07\x72\xd7\x27\xb0\xca\x6f\x7c\x99\x7c\xa9\x98\x43\xb7\xeb\x02\xff\xc0\x13\x97\x1c\xbe\x0e\x6e\x60\xd4\x97\x73\xf1\xe8\xc0\xb3\x06\x06\x13\x1c\xb1\x0c\x3e\x04"},
+{{0x84,0x36,0x44,0x78,0xec,0x94,0xbd,0x25,0xc4,0xbd,0xb8,0x2d,0x29,0x62,0x29,0xe6,0xda,0xce,0x2b,0x13,0x59,0xd6,0xd2,0x1b,0xe2,0xb3,0xaf,0xcd,0x7b,0xda,0x19,0xc7,},{0xa1,0x81,0x4f,0x8c,0xe0,0xfc,0x3b,0x23,0x60,0x93,0xa5,0x0f,0x46,0x8c,0x13,0x16,0x21,0x1f,0xe6,0xc5,0x2e,0x23,0x45,0xd9,0xf0,0x76,0x6b,0x36,0x88,0xa0,0x3c,0xad,},{0xb4,0xc2,0x32,0x1a,0xde,0x3c,0x19,0xed,0x4e,0xd4,0xc6,0x39,0xd5,0xa4,0xd6,0xf2,0xbe,0x8e,0x2f,0xb1,0x3b,0xb7,0xbd,0x62,0x5a,0xd6,0xdc,0x87,0xe2,0xc2,0x0f,0x93,0xad,0x6b,0xe7,0xb7,0xe4,0x27,0x11,0xa8,0x78,0xdb,0x9d,0x76,0x05,0x4b,0xfd,0x7b,0xc2,0x5e,0x37,0x74,0xa9,0x3d,0xa1,0x54,0x3c,0x9b,0x4f,0x66,0x33,0xb0,0xbe,0x09,},"\x7b\xb7\x29\x3d\xe5\x5f\x05\x8f\xb2\xec\x22\xb6\x87\x26\x05\x43\xdc\xaa\x90\xf1\x40\xb9\xf4\x5e\xdd\xd4\xbc\x22\xe4\x09\x77\xe0\x0e\xd3\x3c\xd1\xef\x1b\xba\x13\xc1\xd0\x99\x08\x59\x00\x55\x69\xa8\x07\x67\xe4\x86\x4a\x2c\xd2\x88\xc8\x13\x93\xe0\x4a\xd9\x71\x78\x2e\x2b\xc4\x93\x10\x8c\xbe\x80\xda\xcf\x0b\x7b\x9c\xd5\x34\x98\x84\x07\xa4\xf9\x32\x7e\xc8\xe9\xc4\x04\x32\x84\xef\x6e\xe5\xa2\x6a\x5b\x41\x77\x65\xd3\xea\xbb\x48\xa0\x07\xe7\xc7\xf3\x29\x87\xd7\x0a\x13\x9a\xc4\x16\x78\xcd\xf7\xa5\x5c\xb8\x0c\xf9\xdb\x5e\xaa\x45\xf3\xde\x0f\xbf\xba\xdf\xfc\x40\x99\x63\x70\xe4\x8b\x1f\xf5\xed\xd9\x79\x40\xe7\x50\x79\x21\x64\x83\x6a\x4a\x5a\xc2\xe3\xff\x53\xe4\x8a\x1e\x55\x6d\xb9\xad\x0c\x5c\x0b\x94\x4f\x4a\xee\x51\x9a\x2b\x0a\x88\xbb\x1c\x1f\xc7\x45\x45\x24\xcd\x57\xaa\x53\x50\x98\x62\x43\xd3\x4f\xc5\x8e\x24\xe8\x19\xec\x0b\x85\x45\xd8\xdf\xcf\x6b\x20\x31\x14\x41\xd3\xa3\x5d\x3e\x71\xb3\xe3\xec\xd7\x88\x4d\xda\x84\x33\xa4\x05\xe3\xd9\x96\x90\x00\xc8\x20\xa8\x9b\x95\xd1\x97\x84\x1d\x98\xae\x73\x4a\x2e\x81\xda\xf6\xa7\xdc\xf5\x6c\xb2\xfc\x26\xf2\x16\x5a\x5f\x42\xb8\x6c\x7e\x9e\x5b\x11\x16\x17\x00\xa1\xab\x98\x31\xf3\xfa\xe5\x8e\x14\x20\x8b\xe1\xbf\x33\xb5\x8e\xcc\xe8\x1b\x0c\x6b\x7e\x02\xf8\x8a\xdf\x9a\xb0\x30\x26\x3e\x2c\xc9\xb6\xe3\x3e\xbc\xa3\xf4\x95\x49\x2e\x32\xbf\xe3\x72\x53\x7d\xe6\xc6\xb8\x76\x44\x82\x8f\x74\x94\x2a\x02\xb0\x07\xf1\x4c\x3f\xc5\xdb\xde\x76\x33\x3d\x36\xd0\x76\x31\xb7\xa9\x92\x4f\x71\x75\x50\x04\x06\x97\x92\x3f\xa7\xb9\x54\x6b\xfb\x02\x17\x02\x4e\xa3\xf2\x52\xb5\x15\xb5\xd6\x4a\x62\xc4\x8e\x02\x7c\xef\x67\x50\xbe\xda\x49\xa0\x24\x47\x03\x9b\x25\x0a\x0b\xda\x07\xdc\x06\x24\x91\xa6\x62\xe2\x68\x74\xc8\xd0\x0f\x80\xe6\xcf\xc8\xb3\x0f\x2c\x3b\xf7\x72\x0b\x57\xf2\x61\x5f\xc4\x78\xfe\xfa\xa6\xd3\x17\x05\xb4\x3c\x5a\x54\xf7\x58\x66\x6b\x30\x2a\x8d\x34\x95\x31\x31\x94\x1b\x79\x57\x73\x04\x76\x79\x4d\x0b\xd9\xd2\xdf\xa7\x2f\xd2\x03\xf2\x2d\xf5\xec\x6b\xba\xac\xe8\xb9\x39\x4b\xeb\xda\xea\xa5\x61\x46\x10\x11\xb4\xfc\xa6\x18\x5c\x9a\x38\x28\x3f\x54\x03\xfd\xac\x32\x6d\x1f\x73\x4c\x6a\x5d\xed\x67\x24\xd9\xf3\x84\xae\xbd\x6c\xab\xfc\xbe\xc1\x2a\xba\xb9\x82\x0d\x08\x07\x32\x51\x5e\x05\x00\xcf\x5d\x3e\x2f\x9e\xf8\x0a\x4d\x76\x46\xa7\xda\x9e\xff\x41\x0f\x50\x7c\x69\x87\x3b\x32\xd5\x40\xec\x32\xb2\x83\xef\x31\x79\xa4\xc6\x32\xb3\x66\x57\x6d\xff\x05\x8f\xaf\x8c\x8c\x70\xbc\x69\xbe\x80\x89\x82\xec\x14\x97\xae\x89\x11\xb0\x01\x65\xa6\x66\x95\xf4\xd3\xb9\x87\xe7\x39\x0b\x5c\xf8\x78\xe3\x5e\x67\x65\x41\x28\x5e\x4e\x13\xdf\xae\xb2\xf3\x68\xcb\x51\x1b\x77\x8b\x10\x6a\x42\x87\x78\xa1\xb8\xf2\xa7\xd2\xe0\x93\x51\x9b\xc9\xb5\x18\x8e\x38\xc6\x79\x3e\x96\xbd\x0d\x30\xe2\xa3\xdb\x9e\xe1\x46\x8c\x3d\xc8\x7c\xc3\x65\xc8\x10\xf9\xdb\xdf\x01\xa4\xb5\x14\x21\xf6\xfc\x8d\xfd\xa3\xa1\x6e\x2d\xa7\xca\x71\x59\xb6\x86\xa5\xe1\x67\x33\x89\x37\x88\x2f\xf7\x15\xd3\xe7\x50\xd9\x58\xfc\x9e\x4b\x1f\x05\x53\x12\x92\x99\xaa\x84\x30\x18\x3e\x50\x6c\xd7\xf2\xb2\x79\x07\x6e\x0e\x1c\xca\x97\x49\xcf\x12\x3c\xe5\x07\xfe\x07\xdd\xbb\xc4\xdc\xca\x6c\xdb\x9e\xf1\xb8\x33\xf6\x1d\x4b\xff\x00\xbe\xc0\x12\x15\x8f\x43\x2c\xeb\x75\xb4\xf2\xed\xb1\xbb\x84\xe5\xeb\xb9\x25\x9e\x09\xf9\x62\x5c\xe3"},
+{{0x00,0xdb,0x37,0xad,0x2a,0x19,0x5f,0x08,0xa0,0x84,0x40,0xd0,0x59,0x25,0x9e,0x53,0x9f,0xeb,0x40,0xb4,0x74,0x92,0x82,0x55,0xe7,0xc9,0x4e,0xbc,0x3b,0x05,0x03,0x8c,},{0x04,0xf8,0x8b,0xf6,0x39,0xe0,0xf7,0x1a,0x57,0xd0,0xd0,0xaf,0xff,0x5f,0xe9,0x7d,0xde,0x38,0x09,0xff,0x28,0xec,0x68,0xeb,0x6f,0xc4,0x23,0xf4,0xfa,0xff,0x43,0x90,},{0xf4,0xd1,0xc8,0x0f,0x5e,0x7b,0x91,0xc5,0xc7,0xa8,0x2a,0x68,0x2d,0x49,0xba,0x6f,0xb1,0x9d,0x40,0x0a,0x29,0x97,0x48,0xa0,0xc9,0x69,0xbb,0x99,0x81,0x69,0x98,0xbe,0x63,0x4e,0x84,0xda,0x78,0x58,0x1b,0x06,0xe3,0x47,0x0e,0xfe,0xc3,0x98,0x04,0xfe,0xd9,0x3d,0x29,0x73,0x9f,0x04,0x39,0xa8,0x09,0x5a,0xc4,0x0d,0x9d,0x38,0x5e,0x04,},"\x5a\x94\xf7\x29\xd3\x0d\xd8\xaa\xe2\xa5\xc8\xc2\x85\x47\xbf\x45\x06\x29\x5d\xc6\x1b\xfe\xad\x97\x27\x74\x60\x82\xd4\x3b\x0f\x81\x14\xc8\xc1\x8c\x5e\xda\xf2\xfe\xc7\xca\xe8\x19\x35\x63\x38\xf0\xbf\x11\x5a\x17\xb0\x38\xac\xfd\x7c\x96\xba\x62\x62\xca\xbd\x57\x10\xfc\x0e\xfb\x43\xd1\x3d\xf4\x06\x5b\xec\xbf\x1b\x9e\x27\x9c\x03\xec\x9b\xbf\xed\x54\xd9\xa1\x3f\xe0\x6a\x55\xa3\xbd\x05\xc8\x07\x85\x8b\x41\xe1\x8d\xbd\xe1\x3b\x09\x07\xd4\x03\x41\x32\x26\x2d\x9c\x2f\x4d\x2d\x37\x6e\x16\x09\xad\x28\x0d\xe2\x0b\xa7\x09\x84\x4d\xbd\x12\x95\x02\x57\xf1\xb0\x7e\xf8\xcc\x33\x37\xc0\x1a\x70\x26\x93\xfb\x4d\x92\xd0\x47\xe6\x98\xc3\xa6\xdd\x46\xc4\xa9\x2a\x10\xd4\xc7\x80\xe5\x2e\x50\x25\xe0\x9d\x56\x53\x5d\x7e\xeb\x9f\xe7\xf0\x33\xe6\xe9\x26\x0a\x68\xf9\xd5\x4b\x6f\x37\xcc\x06\x96\x56\xe3\xbc\xee\x06\x92\x2b\x34\x96\x81\xa8\xe7\x75\x1c\xde\xcb\xe1\xec\xb6\x63\xfb\xc6\xf7\xc8\x61\xf8\x53\xdc\x31\x0f\x33\xde\xfa\x98\xee\x34\x3a\x68\x63\x2e\xc2\x2c\xaf\xec\xb7\xf3\x21\x2f\x81\xe7\x0b\x71\x84\x3b\x9f\xe8\xc8\x6a\x68\xb5\xc8\x6f\x03\x22\xd3\x48\xa7\x6d\xa7\xf1\xba\x0c\xa3\xcd\x7b\x6f\xd1\x5f\xf8\x92\x92\xb3\xf6\x36\xcd\x08\xcf\x62\x5c\x74\xd5\x10\x2c\xab\xb5\x71\xa3\xdb\xa8\x6a\x1c\x92\xf4\x1c\x72\x03\xb4\x49\x42\xf5\xa2\x46\x25\xac\x37\xd7\x7e\x49\xa5\x7f\x11\x82\x38\x69\x9d\x80\x7c\x25\x0d\x5b\xf4\x6f\x7a\x3c\xec\x57\x79\xa6\xe5\xae\x1a\x6c\xa1\x60\xcf\xf3\x7f\xb3\xb7\x83\x88\xfe\x9c\x03\x0c\x40\xe7\x15\x46\x01\x08\x1a\x51\x7f\xc0\xaa\x18\x02\xcd\x3b\x84\x5b\x94\x6e\xfe\x94\xaa\x8b\x9e\x03\xf6\x8a\x80\xde\xd0\xdf\xbf\xad\x4d\xae\xe4\x0f\xa8\x38\xc1\x33\x84\x1a\xe8\xa3\xce\x0d\x79\xfa\x8a\x2b\x94\x34\xba\xc5\xe1\xda\x6e\x0c\x71\x93\xe8\xde\xa4\x35\xa0\x3a\x85\xf7\x61\x84\xf7\xeb\xe2\xaa\x74\x9b\xe9\x41\x31\x04\xa1\x78\x68\x9b\xa6\xd2\x7e\x94\xfc\xcf\x61\xeb\x3a\xba\x0e\x6a\x5a\x63\xaf\x0c\xa8\xf0\x5a\x35\xcb\x63\x70\x51\x94\xe4\x4d\x92\x93\xde\x39\x29\xb0\xd9\x2b\xe6\xf8\xe6\x27\xc3\x50\xa8\x3f\xc9\x00\x0a\xa9\x5b\x93\x82\x0b\xe9\x79\x5c\x80\xb5\x66\x2c\xd7\xb3\x48\x22\x32\x80\x61\x35\x6d\xc5\x80\x57\x8d\x1a\x35\xb1\x01\x40\xdc\xd2\x48\xe4\x85\x31\x04\xd2\xc5\xb2\xc1\x3f\xf6\x83\xdd\x5c\x30\x79\x4b\xe4\xa7\x68\x58\xaf\x1c\x0d\x9a\xf3\x47\xce\x1d\xcd\x97\x2e\xe4\x9a\xac\x12\xbb\xcd\x89\x9c\x93\x29\x87\x1d\x3e\x7a\x06\x83\xd1\x75\x77\x9a\xfe\x35\xf2\x6a\x2d\x24\x8f\xd7\x80\xea\x85\x1d\xc4\xba\x6d\x21\xf8\xa1\x71\xaa\x6c\xb8\x69\x7d\x9d\x11\x21\x61\x54\x03\x07\xcd\x54\xf9\x31\x77\x5d\x70\xb3\x3d\x3b\x6d\xe1\x09\x1f\xc1\x75\x05\x31\xc0\x8f\xa7\x0f\x7b\xe3\x8a\xa1\x10\xd6\x74\x6b\xb5\x65\xdb\x7b\x47\x0f\x90\x08\x50\xfb\xbf\x1c\x66\x2f\xd6\x13\xe4\xf3\xa5\x68\x95\x49\xe3\x10\x7e\x9b\x0f\x17\xde\xf7\xa5\xbd\x7f\xd7\x59\x6c\x4d\x04\xc7\xf4\x8c\x77\x9f\xc3\x5e\x09\x33\x5e\x1d\xf7\x84\x08\x4e\x55\xd8\x55\x1d\x1f\xf4\x9d\xe5\xb3\x11\xcd\x35\x0f\x34\x7a\x0b\xd2\x86\x3a\x2a\x30\xe6\xea\x18\x3a\xd2\xe3\xee\xde\xbc\x18\xdd\x28\xc6\xa5\x96\xe6\x93\xdc\x33\x89\xf7\xd9\x0b\x71\x3e\x3a\x85\xa6\x25\x16\x30\x5a\x70\x66\x7f\xc1\xfb\x3c\xb1\x0e\x8a\x95\x57\x50\x27\x39\x43\xc5\x68\xe1\x07\x69\xce\xf7\x81\x99\xdf\x44\x50\xdb\xc4\x90\xfe\xf1\xb3\x04\xb0\x52\x22\x1b\x2d\xb9\xc4\x4f\xe0\x03\x45"},
+{{0x6c,0xa1,0xa1,0x48,0x2a,0x07,0xf2,0xa6,0xc5,0x7f,0x04,0x11,0x97,0xb3,0x4a,0x51,0x19,0xe6,0x89,0x03,0xcf,0x6d,0xfb,0x51,0x71,0x1d,0x95,0x50,0x97,0x31,0x63,0xc0,},{0x80,0x34,0xa5,0x5e,0x3b,0x6e,0xd7,0x99,0xf4,0x9e,0x2e,0x70,0x3a,0x81,0xf4,0xac,0x02,0x57,0x3c,0x44,0x5d,0x76,0x5e,0x30,0x69,0xbe,0x42,0xf0,0x9c,0xbd,0x18,0xad,},{0xdd,0x9b,0xdb,0xad,0xd9,0xfd,0xc8,0x1c,0xe2,0x30,0x28,0x8c,0x4a,0x06,0x8d,0xf0,0x7e,0x18,0xb4,0xc7,0xcc,0x51,0xc0,0xca,0x48,0x11,0xdf,0xbd,0x04,0x76,0x5c,0x56,0xbc,0x88,0x32,0x40,0xe4,0x6e,0x3a,0x42,0xc0,0x1d,0x8d,0x24,0x24,0xfb,0xc3,0x32,0xb7,0xc5,0xa1,0x7b,0xce,0xb1,0xf6,0xe8,0xda,0xd0,0xbf,0xe5,0x62,0xca,0xd3,0x02,},"\x08\xfd\x84\x87\x50\x3c\x3f\x32\x96\xb6\xf1\xb6\x4d\x6e\x85\x90\x6f\xd5\x98\x6c\xf9\xc5\xd9\xfa\x8a\x59\xd9\x2f\x44\xe6\x47\x0a\xf3\x4b\xcd\xef\x33\x6f\xfd\xc8\x64\x56\xec\x7a\x7b\x57\x61\xf1\xad\xea\x02\x73\x26\x63\x0e\x68\xab\xc6\xb8\xcd\x5d\xdf\x40\xb6\x41\xa2\x59\xad\x02\x43\x21\xbf\x3e\xf9\x8e\x76\x32\x79\x71\x49\xc4\x92\xd5\x35\x94\x75\x2c\x55\x0d\xfb\xc4\xfa\x6b\xf4\x71\x76\xf4\x23\xa2\x70\x56\x93\x94\x7a\xa9\x0d\x68\xdd\xc8\xef\xb6\xcb\x9d\xbe\xca\xfd\x28\x30\xd0\x4f\xd9\x3b\x1e\x9e\x7c\x12\xb9\x3e\x0d\x0f\x3e\x26\x34\x90\x0f\x25\x86\x0d\xda\xdb\xae\xce\x17\x80\xff\x2d\x3f\x3d\x9f\xb8\x38\xfd\x0d\x5d\x66\xf8\xaf\xb3\x05\xff\x1a\x1a\xed\xca\x2b\x97\x4b\x63\xe4\x3f\x5b\x3c\xc9\xdf\xed\x1b\xcf\x11\x99\x91\x76\xed\x95\x85\xac\x82\x9b\xc6\x79\x4e\xf3\xac\xd8\x72\xe8\xd2\xe9\x26\x08\xb3\x20\xf8\x94\x99\x6a\x56\x2e\x1e\xb1\x77\xe2\x1b\xe5\x7c\x22\xc4\x1e\xc2\x59\xa3\xdf\xf9\xc7\xc9\x49\x1d\xb8\x38\xd7\x6c\xf9\xb0\x38\x31\x11\x59\x8e\x35\x7f\x44\xba\xbe\xbf\x12\x1b\xdb\x24\xee\x9d\x55\x7b\x7d\x5a\xf4\x91\xa0\xa0\x36\x5c\x90\x36\x1f\xe4\xf7\xe3\xd1\x3a\x17\xda\x3a\x39\xfd\x43\xf6\x90\xdf\xb0\xb2\xd8\x60\xca\xb4\x19\xf7\x75\xab\x71\x52\xcd\xc8\xf2\xaf\xdc\x50\xe8\xd5\xda\x5d\xa0\x17\x06\xee\xa2\xa2\xff\xad\x4b\xab\xee\x8b\x03\xda\x33\x6a\x4d\x84\x3d\x9d\x7e\x0a\x93\xf3\x6a\x92\xe6\x61\x0a\x36\x8b\x63\x13\x3f\x05\xa3\xfd\xc5\x5e\x3e\x1a\x44\x0b\x0f\x87\xa5\x33\x64\xc1\xd3\x72\x42\xc5\x7a\x10\x9e\x6d\xf6\x93\x45\xb0\x1c\x21\xc1\x08\x9e\x79\x0a\x66\xf4\xf3\x38\x0d\x3b\x76\xff\xb4\x20\xdf\xe1\xe6\x20\x0e\xac\xe5\x79\x26\x5a\x42\x7f\xbd\x35\x55\x14\xef\x95\x3e\x1a\x6e\x96\x8e\x37\x02\x1b\x3c\x6a\x29\x0d\xcd\x02\x93\xda\x67\x68\xda\xd7\xc6\x63\x11\x63\x30\x51\xc0\xac\xcb\x0b\x91\x65\x46\x4d\xfd\xdf\xde\xd2\x3b\xd1\x3e\xf9\x08\x74\x4f\x9c\x21\x11\xdc\x15\x31\x42\xd2\xf1\x05\x34\xd8\x93\xfe\x0b\x54\x5f\xec\x53\xfd\xb3\xb3\x5b\x51\x83\x98\xb0\x2a\xb2\x17\x91\xfa\x97\x7e\x30\xcf\x4b\x40\x4e\x7a\x29\x9d\x37\x87\x10\x8b\x83\x6a\xa0\xd5\x9c\x11\x4f\x1f\x36\x71\x9a\x7a\xcf\x85\xac\x99\x4d\x9c\xb7\x23\x06\xf2\x58\xf7\x8a\xc0\xa3\xb6\xc0\x53\x43\xe0\xb7\xa9\xaa\x72\x6e\x52\x26\x7e\xdf\x97\xf4\x97\x2f\x76\x64\xf4\x37\x20\xad\x33\xce\x6e\x61\x54\x40\xe3\x65\x37\xcb\xc5\x69\xbd\x6f\xf9\x4f\xfd\xae\xa5\x1e\x06\x02\x9d\xae\x78\xc5\xb9\x15\xc5\x37\xca\xea\x6f\x15\x04\x14\x79\x79\xb8\xaa\xae\x0b\xcd\x96\x18\x43\x7e\xbe\xd0\xb5\x5e\xfa\xec\x32\x0e\x84\xc7\x59\x59\xa3\x7a\x26\x0a\x02\xd4\xef\x1b\xb6\x26\x41\x52\x0f\x1a\x03\xdd\xea\x8c\x4c\x1d\xe8\xd7\xfa\xc5\x8d\xa4\x08\xb0\xab\x47\x57\xa1\x35\xf1\xd0\x75\xc9\xf7\xc9\x9f\xb9\x9d\xb9\x42\x7c\xe9\xb0\xd6\x26\xcb\x1a\xc1\x89\xad\x86\x63\xd7\xa7\x14\xfb\x5c\xd1\x58\x5c\x3b\xf9\x9a\x0a\xa4\x6d\x76\x39\x78\xd0\xb1\x2d\x65\xc4\x38\xbb\xb7\x3f\xea\xa5\x1b\xa2\x6a\x45\x9e\x7b\xea\x25\x43\x94\x66\xc0\x86\x13\xe4\x25\x40\xc8\xc6\xd5\x43\x67\xf2\x21\xfc\xce\x0c\x5e\xb6\xaf\x2f\xaa\x18\x1e\xa2\x15\x21\x80\x9b\xe7\x56\x49\xcf\x8d\xee\x76\x71\xdb\x7f\x94\x8f\x34\x6c\xbd\x03\x02\xbf\x9a\x06\xea\xbc\x72\xe2\xe5\x12\xb3\xdf\x88\x5f\x6d\xaa\x39\x8f\x93\xe3\x6d\xae\x2d\x6a\x04\x47\x81\x21\xf9\x77\x87\xd4\xce\xdf\xf6\xdb\x09\xaa\xf1\x0f\x27\xb1"},
+{{0x27,0x84,0xdf,0x91,0xfe,0xa1,0xb2,0xd2,0x1d,0x71,0x3d,0xe2,0xed,0xc6,0x65,0x24,0x51,0xa0,0xc1,0x59,0x54,0xb8,0x65,0x60,0x62,0xea,0x1d,0xed,0xc2,0x44,0x5b,0x2a,},{0x95,0x56,0xdb,0x53,0x70,0xf8,0xfb,0x3c,0x74,0x78,0xde,0x03,0xd2,0x3d,0xf1,0xcd,0xa9,0x6f,0x27,0x40,0x11,0x8e,0xfd,0xd3,0xd1,0xa9,0xfa,0x4c,0x3b,0xfe,0x88,0x49,},{0x17,0xd1,0x71,0xd9,0x46,0xde,0x35,0x16,0x15,0x84,0x07,0xe1,0x32,0xcc,0x1a,0xce,0xca,0xef,0xd6,0xd0,0x92,0x11,0x2b,0xe6,0x53,0x99,0x95,0x23,0xe2,0x0b,0xd4,0x95,0xf7,0xb7,0xf6,0x00,0xe8,0xd5,0xa6,0x71,0x33,0x0d,0x32,0x69,0x3d,0x60,0x19,0xc0,0x8d,0x2d,0x00,0x3b,0x17,0x6e,0x63,0x19,0xc3,0x53,0x94,0x20,0x0e,0x02,0x7d,0x0e,},"\x2e\x3b\xc5\x4d\xf4\x16\x74\x1d\xbe\x79\x16\xad\x25\xf0\x4e\x48\xd5\xa9\xd7\x7a\x62\x3e\x57\xf9\xcd\x61\xec\xb4\x4f\x09\xf7\x68\x33\xeb\x2a\x3e\x9a\xb7\xaa\x89\xff\x5d\x2d\x56\x0c\x07\x17\x7d\x85\x4d\x7c\x49\xcb\xef\x49\x2b\x7f\x4f\x7e\x56\x7d\xe1\x27\x51\x24\xe1\x6c\xa4\xa7\x98\x01\x62\xfa\x0f\xd1\x62\xa8\xe5\xfd\x6f\x35\x61\x70\x07\x03\x4b\xce\xec\x57\xc8\xfa\xf7\x66\x4f\x4b\x3b\xaf\xfd\xea\x8d\x8f\xc2\xba\x22\xd5\x85\xe9\xe2\xd7\x39\xf5\xff\xc9\x9b\x4e\x0d\xbe\x9c\x36\x86\x54\x7e\xa0\x48\x15\xa5\x9c\x4a\x25\xb5\xf2\x39\x06\x68\xe4\x18\xba\x0f\xcb\xdf\x4c\x4a\x51\xf3\x39\x05\xc7\x4f\xbb\x83\x0a\x19\xf9\xbc\x86\x36\xdb\xaa\xff\x20\x99\x95\x44\x79\x96\xd2\xe5\xb1\xc3\x77\xb4\xcb\x87\xa4\xe1\xef\xe1\x2d\xe3\x4d\x33\x59\x9f\xf3\x97\xb7\x40\x17\xd7\x11\xed\xd3\xe7\x72\x15\x5b\xe5\xa4\x40\x6e\x74\xcb\xe2\x93\x1e\xf5\x13\x59\xaf\xd5\x1b\x5b\x1a\x7b\x3e\xa2\x2e\xe8\xed\xa8\x14\x76\xbc\xc1\x7e\xa7\x68\x0f\x6f\x31\x04\x70\x3b\x9f\x2a\x35\xcf\x26\x27\xeb\x74\x1d\x1a\x30\xaa\x4b\xee\xf6\x57\x9e\xc7\xd0\xb0\x7a\x4e\xf3\x2a\xbc\xb4\xd7\x56\x97\x0f\x70\xa3\x67\x8e\x17\xe6\xe5\x73\x18\x90\xae\xbc\x8c\x92\xb9\x56\xd4\xb3\xb5\xfe\x2a\xdf\xd7\x9b\x21\x1a\x18\x83\xdf\xc8\xc9\xa4\xb1\xb9\xc8\xc1\xbb\x26\x5e\x1f\x3d\xd3\x92\x44\x5e\xa5\x9b\x59\x0a\x01\x95\x51\xf8\x12\x18\x49\xf4\x35\xb3\xac\x1b\x29\x90\x2f\xc8\x39\x25\x54\x05\x6b\x93\x90\x3d\x5f\x26\x3b\x3d\x54\x08\x43\xd6\xaf\xa7\x5a\x2a\xd8\x30\x4b\x76\x90\xde\x99\xa7\x34\xc3\xd1\x30\xb6\x95\x47\xb1\x8b\x09\xe9\x8c\xbf\x25\x27\x30\xe4\xae\xdb\x6d\xc4\xb5\x8b\x22\x43\xfe\x55\xe8\x09\x39\xd3\x7b\x0a\x59\xd7\x22\x26\xd8\xa2\xcc\x51\x53\x09\x5e\x15\x99\x4a\xd6\x21\x95\xaa\x31\x0f\x2a\x64\x26\x67\x6b\x66\x1e\x47\xb9\xfc\xff\xfa\x04\xd6\xdc\x62\x5f\x29\xf4\x4c\x7c\xf6\x20\xb3\x78\xa6\x5d\x23\x83\x44\xb3\x80\x44\x8c\xd1\x19\xcc\x7f\x37\x3f\x62\xcd\xfa\xd6\x41\x49\x90\x63\x53\xf3\xa5\x41\x07\xc5\xdb\xa6\x5e\x3c\xc4\x94\xb0\x53\x1f\x4d\x64\x74\x93\x63\xf2\x30\x73\x8b\x2c\xfe\xed\x98\x35\x20\x22\x7d\xd5\xbc\x43\xbe\x59\xb3\x26\x8e\x28\x32\x16\xf6\xe9\xc7\x5e\x0c\x1c\x71\x27\x2e\x54\xfd\xb2\x9c\x78\x58\xd2\x87\xd1\xef\xa1\x91\x7b\xe3\x7c\x8e\xea\xb5\xe4\x4c\x3a\xd7\xb3\x6e\x8a\xc9\xf6\x69\x91\xeb\x82\xa5\x14\x8e\x59\x72\x03\x4a\xd0\x1c\x62\x61\x5a\x45\x15\x45\x79\xfa\x50\x86\x9e\x7b\xe9\x87\x6b\x56\x56\xea\xad\x2e\x43\x02\x5a\x62\xdd\x13\x4b\x61\x2d\x8f\x4d\x5e\xbc\xf8\x05\x6e\x19\x8b\x71\x34\x38\xe8\xe0\xe3\x47\xca\xfb\xfc\xb8\x9e\x39\x4a\xa3\x30\xd4\xc7\x88\xd4\x9c\x65\x8f\xcf\xc8\x0b\x3e\x00\x78\xf0\xe8\xe1\x9a\xa9\xb8\xfe\x8e\xb0\xba\xb9\x3d\xe7\x85\xd0\x43\xe0\xf4\x75\xae\xb6\x0d\x62\xe3\x8f\xb1\xf8\x38\x4a\x00\xb7\xa9\x02\xda\xee\x13\xd2\x13\x62\x69\xe5\x08\x01\xb8\x0a\x65\xb2\xf9\x13\xcf\xe3\xff\xb3\x65\xd9\xaa\x2f\xd1\x93\x72\xa0\xb0\x22\x56\x95\x44\x4e\x4b\xc5\x48\x71\xd1\x08\xe0\x9c\x7e\x1c\x2b\x42\xdc\xbb\xac\xce\x24\xea\x5b\xd5\xbf\x1f\xcf\x4a\xc6\x97\xa3\xfe\x09\xa5\x46\x77\xb7\xa8\xdc\x8d\x5e\xec\xb8\x6c\xc7\x92\xee\x9b\x6f\xea\x2d\xe1\x6a\x47\x32\x69\xfd\xc6\x5d\xbb\x73\xc2\x58\xc8\x21\x44\x04\x07\xc6\x42\xf7\xd3\xd3\xf5\xc7\x08\xd5\x53\x32\xda\x83\x43\x10\x6c\x19\xb2\x30\xa5\x14\x27\xf3\xb7\x71\x91\x6a\xe3\x68\x8b"},
+{{0x4b,0xb7,0x92,0x36,0xfa,0xda,0x31,0x44,0xb6,0x82,0x96,0x49,0x9b,0xa4,0x4a,0xe5,0x34,0x07,0x4c,0xa9,0x4d,0x4b,0x58,0x1e,0x5e,0xdc,0xff,0xfe,0x13,0xb3,0xad,0x19,},{0x0a,0x83,0x99,0xf1,0xe5,0xa4,0x23,0xdc,0xf7,0xb2,0x5b,0x2f,0xb0,0xac,0x9e,0x1e,0x95,0x48,0x14,0x8b,0xea,0x84,0xd0,0x21,0xe0,0x42,0x87,0x60,0xe0,0x5d,0x58,0xbf,},{0x69,0x8f,0xab,0x68,0x51,0x0d,0xb8,0x12,0x1a,0x46,0x5d,0xb7,0x7e,0x4f,0x8b,0x58,0x6a,0xee,0x89,0x58,0x16,0xe6,0x3b,0xbf,0x0b,0xeb,0x24,0x2d,0xb4,0xe8,0x4c,0x15,0x7f,0x4b,0xe2,0x01,0xae,0x65,0x64,0x51,0x7a,0x87,0x0d,0x17,0xf6,0x0c,0x85,0x83,0x70,0xc0,0x1c,0xca,0x17,0x18,0x9c,0xb4,0x18,0x9e,0x81,0x43,0x91,0xd1,0x50,0x0d,},"\xad\x81\xab\xf6\x93\x7a\x7a\xcd\x7f\x18\x37\xf0\x4d\x3f\x10\xe7\x08\xc6\x1a\x5f\xbe\xde\xee\x4d\xb7\x6e\x15\x98\x57\x03\x84\xe6\xef\xec\xe9\x7c\x92\x5d\x2e\x5c\x34\x88\xca\xb1\x0b\x5b\x52\xb8\xa5\x48\x6e\x99\xd8\xff\xe8\x6c\x19\x81\xa1\xf1\xd5\x32\xdc\xd4\xd4\x89\xe5\x54\x6d\x86\x65\x32\x98\xe7\xa5\xf9\x6e\x81\x44\x55\x2d\xda\x8a\x18\xe7\x5b\x5f\x73\x55\xb1\x35\x41\x62\x11\x06\xe4\x97\xe5\x1a\x56\xd8\x65\x9d\x19\x8f\xe1\x00\x37\xe2\x21\x28\xaf\xc2\x71\x4a\x2c\xb5\xa1\x2c\xc5\xdb\x09\x68\xa3\x43\xef\x91\x8e\x87\x69\xdd\x6a\x3e\x5b\x9e\x32\xaa\xb6\x6c\xb0\x23\x9e\xbe\x4c\x17\xf1\x82\x18\xe2\x52\xeb\xa6\x16\x2e\x97\x70\x49\xeb\xac\x0b\x38\x04\x8b\x3a\xaf\xb7\xd4\xd7\x22\x63\xe9\x21\x28\x99\xa3\xbf\xe0\xa6\x9c\x99\xe2\x2a\xc6\x1c\x5e\x96\x12\x45\x63\x03\xd9\x24\x58\xb5\xc5\x02\x91\x6c\x34\xa8\xee\x5c\xd9\xa5\x82\xa5\x25\x76\xb6\xdc\x9d\x7d\x4c\x64\x2f\x21\x29\x98\xbf\x33\x58\xd4\xa8\xc2\xea\x67\x68\x6e\x55\xd4\x89\xf6\xa7\x6e\x6b\x07\x0e\x6e\x99\x5a\x74\x53\x26\xc9\xaa\x63\x63\x0a\x00\x33\xad\x30\x72\x1a\xa6\x5f\xac\x60\x4a\x6e\x58\xc7\x50\x72\x1a\x56\xca\x67\x60\xc9\x41\x34\xd6\x11\xfa\xb4\xd3\x54\xe4\xf6\x6a\x29\x67\x7b\x1a\x66\x66\x01\xe9\xda\x79\xf2\x13\xf5\x82\x03\x74\x33\xc0\x7f\x94\xd5\xf0\xde\x6a\xa9\xfa\xa0\xb3\x2f\x7b\x02\x3f\xb9\xfc\x13\x5a\x26\xf9\x70\x52\xac\x80\xb3\x9b\x30\x6a\xed\x13\x92\x6c\x28\x54\x19\xa2\x9b\x20\xe2\x37\x0d\x8a\x09\x5b\x32\x25\x8f\xa9\x89\x34\x89\xee\x21\x08\x9c\x75\x2e\xc0\x62\xe1\x20\x35\x9e\x2f\x35\x15\x12\x82\x54\xc8\x09\x8c\xca\x65\xa9\x1a\x02\x2d\xd0\x57\xa2\xc2\xa1\xb6\xb8\x5d\x13\x7c\x3c\x96\x7d\xcb\x70\xaa\x17\xa2\xff\x4b\x37\x67\x8b\x38\x29\x02\xf0\xf9\x31\xee\x74\x3f\xc3\x98\xac\x1b\x8c\x10\x46\x98\x67\x30\x84\x79\xe4\x0d\x7f\x2f\x04\xa4\xb0\x4c\x44\x89\x15\x84\x88\xdd\xb7\xbe\xc5\xa4\x7f\x20\xff\x35\x6d\x99\xa1\xb3\xe9\xd0\xb7\xfe\x9b\x0a\xd9\x49\xf2\x98\x96\x0e\xfa\x4d\x97\x28\xf8\x10\x1c\xf5\x3d\xa3\xbf\xfd\xd9\x52\x4b\xf4\x40\xa5\x8b\x32\x73\x8d\x0b\x62\x93\xe8\x53\xf4\x66\xff\xd4\x2c\x56\x07\xac\x9e\x35\x3b\xa0\x3e\xfb\x57\x8c\xc9\x96\x3d\x8a\xaa\x9d\x2e\x26\x6d\x1d\x2a\xe9\x29\x6f\x30\xc9\xef\x44\xec\x69\x10\x30\xd5\x96\xa4\x01\xb6\xce\xe7\x2a\x54\x0e\xf3\xc4\x2e\xc0\x17\x42\x66\xba\x54\x01\xf3\x54\xad\xc8\xe2\x54\x04\x43\x7e\x88\x8b\x08\x28\x69\x39\xbe\xde\x30\x8a\xcd\x30\x32\x7e\xbf\xf0\x62\x70\x09\x7c\xc2\x94\xf0\xa0\xf3\x9f\x9a\xa3\xc6\x65\x85\xca\x47\xe6\x0c\x4b\x8e\xa3\x60\x89\xeb\x8a\x90\x88\xbb\x18\xb0\x34\x31\x35\xbb\x6a\x45\x6d\x2f\x6a\x3b\xf3\x90\x72\x3e\x78\xb4\x2c\x03\x7c\x2d\xe2\xe1\x43\x2c\xaa\xd3\xa5\x94\x02\x12\x94\xd4\x3f\x5b\x15\xa2\xe8\x19\xdc\x74\x8e\x45\x1d\xe4\x00\x68\xc8\xf0\x32\xf1\x3b\x47\x11\x37\x70\x12\xed\xcd\x4f\x11\xde\xc1\x11\x1b\x12\xeb\x6e\x1b\x00\x63\x38\x18\x70\x6d\x71\x32\xd9\x91\xce\x20\xdf\x3b\x92\x1d\xb2\x18\x5e\xe2\x5b\xb6\xf5\x82\x75\x76\xec\x01\xad\x89\x0f\x79\x79\x3b\xaa\x35\x8c\x2b\xbf\xb6\xfa\xad\x11\xd8\xcb\x0d\x0d\x2d\x2b\x29\x81\xfb\xf4\xe3\x72\x34\x9f\xc6\xa0\x1c\x36\x07\x7b\x59\x32\x5f\x70\x2b\x38\x00\x59\xa6\x5c\xf2\xf5\xea\x98\xd6\xbd\xc8\x15\x20\x53\xb8\x5b\x28\xc8\x1e\x41\x3c\x4c\xac\x7e\x22\x6c\x13\xdb\x32\x67\xd2\x18\x30\xf0\xe5\x43\x11\x02\x91\x70\x05"},
+{{0xaf,0xd7,0x65,0xe6,0xaa,0xc0,0x14,0x6d,0x48,0x11,0xef,0x95,0x97,0xbc,0x3f,0x44,0x76,0x3f,0x03,0x37,0x8b,0x7b,0xe0,0x33,0xd6,0xe6,0x4c,0xa2,0x9d,0xec,0xae,0xf9,},{0x6b,0xb7,0x61,0x23,0xd9,0x25,0x89,0x22,0x68,0x6c,0x53,0xfb,0x69,0x17,0xb9,0xa4,0x59,0xca,0xbd,0x30,0xbe,0x8c,0x43,0x97,0x0d,0x80,0xf5,0x35,0x0c,0x2d,0x98,0xef,},{0x3d,0xc9,0x19,0x4d,0x50,0x81,0x14,0x19,0x04,0x9e,0xaa,0x07,0xb6,0x55,0xb7,0xd4,0x06,0x4b,0xcb,0x0e,0x7f,0xb5,0xf9,0xe5,0x32,0x6b,0x5f,0xc8,0x56,0xfc,0x0a,0xb8,0x70,0x59,0x73,0xae,0x10,0x01,0xdf,0x55,0x37,0x39,0x77,0xdd,0xe2,0xd9,0xb8,0x10,0x79,0x55,0x14,0x14,0xad,0xc7,0x1c,0xc8,0x52,0xd4,0x99,0xb0,0xcf,0x82,0x4f,0x07,},"\x18\x3b\x10\x92\xc7\x90\x4e\x47\xa1\x42\x03\x17\xa2\x5d\x0f\x59\x11\x0a\xa8\x4d\x6b\x34\x19\xad\x45\x68\x65\xc4\x3b\x29\xe9\xd1\xda\xcf\x75\x5d\x9e\x5c\xf9\x4c\x55\x91\xd5\xd9\x12\xd0\x5c\xa9\xa5\x2d\x01\x5d\x6e\x8f\x5d\xc9\x4e\xfd\xce\x0d\x7c\xf5\x65\x12\x03\xb1\x1e\x54\x27\xa9\xf6\x79\x42\x9e\x00\x41\x4a\x48\xea\xb1\x3f\xd8\xe5\x8b\x87\xeb\xa3\x9d\x10\x25\xd6\xa1\x8b\x2c\xdc\xbe\x14\x74\x36\xdb\xf3\x8a\x1c\xe8\x64\x13\xae\x31\x87\x65\xe1\xbb\x1d\xf7\xe2\xb3\xbe\x97\xe9\x04\x08\xb1\x17\x17\xcf\x45\x9b\xcd\x0f\x3c\xac\x58\xb4\xa0\xd3\x5b\xff\xb5\x33\xe2\x0d\xf3\x74\x51\xc1\x14\x01\xce\x1d\xab\x02\x05\x5c\x7e\x08\xc5\xec\x46\x39\x0c\xd6\x17\xa6\xb5\xf2\x2f\x65\x18\x30\xa1\x11\x2a\x06\xed\xe4\xc4\x0a\xb7\x95\x78\x51\xd6\xc6\x6f\x17\x1c\xd1\x62\x41\x59\x09\x00\xb8\x52\xa3\xd0\x19\x95\x7b\xe1\xb7\xbb\x7a\xcb\x89\x23\xf2\xa3\x57\xc3\x26\x44\x56\xcf\xca\x9b\x42\x9d\x71\xfe\xcb\x7e\xda\xe3\x9b\x25\x2b\x4e\xb6\x10\xe8\xc7\x18\x83\x56\x99\x75\x4b\x8d\x41\x24\xb4\x92\x48\x8e\xde\x62\x61\x0c\xce\x44\xb5\x92\x18\x66\x3b\x6c\x96\x46\xa1\x4a\x84\x17\xed\xdb\xb6\xf4\xfb\xe5\xa4\xbb\xbb\x48\x2b\x37\xa4\x45\xe3\xc1\x6b\x65\xa1\x41\xcd\x3e\x12\xa5\xb2\xc0\x48\x1d\x61\x4d\x6d\x20\x84\x79\xb9\xb2\x09\xb8\x28\x85\x4d\xae\x0e\xa1\xed\xed\x50\x65\x55\xfe\x18\xe1\x85\x40\x05\xcf\x00\x1a\x80\x77\x08\x34\x98\xd2\x7f\xad\xf1\x18\x28\x6b\x53\xb8\x97\x4d\x69\xfa\x28\x25\xbe\x8c\xa3\xd6\x03\x6a\x92\xca\x52\xf9\x1d\xde\x6d\x5b\x1f\xfe\x28\x88\xf4\xd6\x07\x79\xfa\xd1\xfb\x41\xd8\xc0\x71\x40\x49\xaf\x68\x1b\x75\x5f\x2d\x42\x04\xee\xcd\x09\xe0\x77\x21\x0a\x48\xa1\x95\xe7\x2c\x80\xe1\x27\xc3\xd4\x87\x50\x95\xc6\x57\x0a\x1f\x78\x09\x59\x07\x52\x8c\xf7\x74\x6f\x31\xd9\x71\x11\xc6\xf4\xcb\x25\xb3\x74\x12\x99\xa7\x57\x48\x22\xd4\x6b\x6e\x79\xed\x23\xc2\xfe\x05\x7b\x3a\xc7\x29\x0b\x46\x0b\x16\x6e\xe9\x0a\x45\x56\x2e\xff\xed\xcc\x6b\xa8\xf4\x79\x5f\x73\x95\x81\x8d\xb5\x6b\x6e\xdd\x59\xca\x2c\xc4\xae\xa1\x84\x1f\xd9\x56\x5b\xec\xd6\xc0\x81\x04\xcd\xee\x26\xba\x9d\xe2\x00\x77\x3d\x09\x1b\xc7\x7a\x57\xc5\x47\xf1\xa6\xba\x0a\x2c\xd7\x17\xab\x32\x56\x1d\x74\x22\xea\x72\x35\xad\xb0\xcb\x36\xbf\x5c\xbd\xf8\x8f\xca\xe0\x66\x30\xa1\x56\x47\xd9\xa3\x57\xb4\xe0\xe5\x02\xd2\x73\xf3\x79\x6a\x51\xe0\xbc\x3f\xed\xbf\x7a\x1e\x64\xaa\xd7\x22\xaa\xc5\xfd\x02\x2f\xa7\x9d\x60\xfc\x70\x73\x25\xf1\x27\xeb\x1f\x03\x86\x87\x95\xcc\xdc\x0b\x4c\xb2\x6f\x20\x23\xd1\x52\x15\x3a\x97\xa2\x60\xbf\xf1\x17\x45\xd2\xe2\xcc\x0b\xf8\x60\xd4\xa6\xe3\x58\xa6\xd8\x17\x6d\x2a\xc1\x78\xa9\xae\x1a\x2d\xc7\x5e\x8b\x49\x04\x08\xff\x7c\xdf\x99\x13\x29\xf3\x3c\xb0\xc0\x5e\x1e\x35\x69\x25\x08\x7e\x0b\x8d\x96\xa5\x23\x51\xd1\xd1\x77\x68\xeb\x13\x4c\xdb\x21\xa1\x54\x6a\xae\xdc\xc6\x87\xdf\xa1\xb2\x2e\x92\xfb\x52\x41\xa8\x36\x77\xa1\x53\x44\x5b\x77\xd5\xe7\x03\x50\x8e\x2a\xbc\x58\x8a\x9f\x42\xe5\xbc\x71\x06\x73\xe4\xdd\x8a\xd7\x03\xfa\xb2\xd7\xdb\x1e\xb8\x42\x26\xc8\x9d\x87\x62\xa7\x09\xe3\xe9\x13\x8a\x1f\xa7\x90\xf2\x92\x9b\xff\x61\xbc\x1e\xa6\xe8\xaa\x1a\xd0\xe3\x88\x7d\x70\xa5\x6d\x4e\x65\x47\xfc\x60\x6a\x50\xd3\xbe\x3b\xd6\xdb\x03\x66\x3e\x00\xca\x9e\x4f\x24\xfe\x8c\xbf\xd7\xd8\xc9\x73\x8d\x63\x67\x55\x4b\x7b\x60\x1f\x74\x19\x0b\x59\x70\xa3\x98"},
+{{0xeb,0x34,0x71,0x45,0xf3,0x39,0xed,0xd8,0x02,0x78,0x5b,0x6f,0xbe,0xcd,0x5c,0xb8,0x08,0x89,0xac,0x7c,0xe4,0xeb,0xad,0x2f,0x67,0x07,0x67,0x65,0xdb,0x93,0x9b,0xca,},{0x99,0x4a,0x45,0x6e,0xad,0xa0,0x30,0x20,0x92,0x1c,0x3d,0x10,0x9c,0x13,0x5e,0xb9,0x61,0xfc,0xd4,0xa0,0xa4,0x00,0xba,0xfd,0x32,0xca,0x06,0x1b,0xbc,0x86,0x25,0x43,},{0xfd,0xbd,0x15,0xe1,0xe6,0x46,0x9d,0xf7,0x20,0xd9,0x55,0x2c,0xb5,0xdd,0x17,0x7b,0xcb,0xd2,0x92,0xfc,0xda,0x83,0xcd,0x93,0xc8,0x8d,0x01,0x14,0x91,0x2d,0xc8,0x70,0x31,0x09,0xba,0xc0,0xd4,0x59,0xac,0xe9,0x95,0x7d,0xf2,0x29,0x3a,0xc1,0x6d,0x40,0xd5,0x14,0x89,0x35,0x56,0x85,0x32,0x99,0xb9,0x7b,0x4f,0xd4,0x13,0x7a,0x3d,0x00,},"\x5b\x8b\x31\xba\xf8\x84\x83\xf0\x95\xb5\xd0\x2e\x17\xd8\xb7\xb4\x6c\xf4\x64\x60\xe6\x4c\x6b\x02\xc5\x6d\x8d\xaf\xe3\x48\x23\x70\x6c\xb5\xc1\x5f\x33\x8a\xd9\xb5\x65\x86\xa9\x49\x71\x1a\xa7\x31\x2c\xc9\x34\x50\xd2\xfb\x9a\xf4\x61\x3f\xc3\x07\x93\xa6\x31\xa5\x5c\x14\xe5\x3c\x0c\xb1\x5f\x06\x11\x63\x99\x39\x8c\x8d\xd6\x18\x76\xc6\x29\x15\xf9\xf9\xe4\xcd\xf8\xf7\xd8\x9a\xde\x12\x9e\x6d\xde\x7d\x63\x67\x1a\x18\x63\xf5\xda\x8f\x42\xea\x64\xc0\x79\xec\xb9\xa2\xc1\xb1\xdd\x9a\xda\xe6\x0e\x96\xb9\xcb\xbc\x76\x24\x53\x2a\xa1\x79\x75\xeb\xa1\x7a\x7a\xf0\x2b\xfb\x21\x9a\xac\x02\xb3\xd4\x30\x6c\xd3\x89\x33\xa8\x50\x60\xcd\x62\xab\x51\x3a\x39\x65\xb0\x91\x50\xa4\x88\xc9\x2b\xf7\xca\xb0\x48\x2e\xee\x56\x46\x3f\x01\x39\x00\x9b\x9f\xbb\x3f\xf4\xec\xae\x21\x1f\x42\x8b\x5b\xfb\x88\x76\xf0\x04\x98\x3b\x90\xc4\x47\x84\x6c\xa4\xb7\x45\x66\xe9\x79\xbc\x30\xc9\x5e\x99\xfa\xab\x69\xa3\xeb\xbf\xe4\xda\x60\x34\xc8\x2d\x63\xe9\xc5\xcc\xaf\x84\x86\xaf\x3b\x5e\x0d\x38\x14\x22\x93\x8b\x0c\x22\xf5\x16\x95\x5b\xdc\x36\x94\x31\x73\xf5\x83\x27\x08\xa3\x3c\xf5\x2d\x88\x75\xd9\x7f\xde\x58\x5b\x49\x17\xe4\xad\xec\xdd\x1e\x79\x85\x67\x62\x03\x3a\xf2\x2f\x25\x4b\x50\xce\x9d\x0c\x70\x0e\x77\xa7\x31\x55\x4f\xa0\x11\x3a\x0c\x66\x66\x83\xf3\xfd\xb1\x9e\x3a\x42\x63\x02\x23\x0b\x63\xe3\x3a\x78\x5e\xf2\x4a\x92\x89\x45\x5b\x3b\x8f\xc6\x18\xff\xfe\xf4\x9c\x2c\x6e\x48\xfd\x4b\xb4\x22\xf5\x04\x14\x9d\xe2\xb4\xc0\x35\x5c\x36\x34\x08\xe6\x6d\xa8\x1c\xbb\x58\x15\x52\xa4\x11\xe3\x64\xfe\x3e\x4c\xa9\x6d\x70\x72\xab\x07\x2e\x75\x68\xc1\x3d\x35\xe4\x1c\x78\x25\xa1\x3a\x5c\x68\xfb\x9f\xb5\x98\x8b\xbb\xfb\x9a\x0b\x51\x16\x57\x64\x66\x0c\xdf\xa2\x41\x1f\x3d\x42\x16\x5d\xa1\x87\xc5\x8e\xde\xf0\x10\x5a\x6d\xb1\x77\x42\x05\x43\xe9\x58\xd5\xd5\xe8\xa3\x71\xf7\x98\x70\x51\xc4\xe1\x78\x6d\x01\x8e\xb3\xd7\x32\xc2\x10\xa8\x61\xac\xaf\x67\x1b\xe9\x5b\xb6\x3f\xbc\x88\xbf\x8b\xe7\xbe\x53\x90\x93\x9c\xd9\xfb\x2a\xcf\x39\x81\xdd\xa6\x1b\x78\x7a\x7b\xbd\x78\x46\x8e\x1d\x32\xca\x46\xaf\x8f\xb3\x2a\x18\x46\x3c\x18\x0f\x52\x4b\xe1\xda\x91\x0d\xa5\x50\x8d\x42\xa0\x05\x17\x41\x22\x7c\x9b\x62\xde\x6d\x19\xb3\x3c\x0b\xd4\x80\x67\xb0\x35\x85\x9a\xd9\xbd\xc2\xdd\xd9\x7b\xef\xca\x31\xe6\x5a\x88\x6c\xfc\x75\x3a\xfc\x4f\xf2\xa7\x21\x2a\x89\xd3\x7c\x04\x6c\xdf\x39\x99\xc0\x51\xff\x13\x96\xbd\x99\xcb\x54\x94\x56\x39\xeb\x64\x62\xdb\x9e\xce\x84\x07\x7b\x0b\x3d\x6b\x3d\xf3\x95\x2d\xd3\x67\x56\xc6\xda\xb2\xab\xc2\x5a\x51\xbf\x32\xc1\xe9\xcd\xd0\xa7\x28\xa7\x98\x5f\x7b\x7e\x0d\x9c\x1a\x6f\x66\xce\x12\x16\x37\x3d\x25\x2d\xaf\x59\x58\xf2\xe8\x97\x3f\xd2\x68\xfa\xd0\xef\xe2\x51\xce\x76\xfe\x47\xbd\x0a\x4d\x0c\x4f\x10\x17\x94\x9d\x4c\x2b\x16\x71\x72\x18\xe1\x49\x15\x4e\xd6\xfb\xe5\x6f\x86\xd8\x2e\x19\xef\x0a\x91\x63\x19\x12\xf2\xa8\xf3\xde\xbb\x00\x76\x6b\x61\x77\x80\x2f\x4b\x2e\x79\xf6\xe7\xbf\xa9\xc6\x2c\xfa\x2f\x75\xcd\xb6\x04\x92\x63\x0a\x85\xc9\xb4\x31\x77\xd2\xdd\x9b\xa8\xd0\x54\x8a\xbe\x24\x92\x3a\xe8\x44\x3e\xea\xdc\xd0\xf5\x8a\x7b\x82\xdf\xf5\x0d\x88\x40\x03\x88\x9c\xb5\x60\xf7\xac\x53\xe7\x10\xa7\x55\x75\x36\x24\x64\xb1\xaa\x43\xd2\xa9\xb2\x2f\x2b\xd2\x16\x2d\x30\x2f\xaa\x74\x52\x34\x4c\xe7\xad\xe9\x98\x36\x87\xb6\xc6\x8e\xca\x47\xdd\xdb\x28\x9b\x15"},
+{{0x32,0x08,0x83,0x7d,0x15,0x54,0xb6,0x51,0x1a,0xdd,0xa0,0x9c,0xba,0xe5,0x65,0xda,0x78,0x43,0x9a,0x47,0x2a,0x5d,0x1b,0x10,0x7c,0xe0,0xa9,0xb1,0xd7,0x75,0x7d,0xb7,},{0x9b,0x52,0x5e,0x35,0x36,0x8a,0x92,0x1e,0x3a,0x2e,0x9a,0x35,0xa4,0xde,0x9e,0xa4,0xc4,0x36,0xca,0xba,0x27,0x12,0x3e,0x5c,0x36,0x9e,0x2a,0x6c,0xf5,0xc9,0x0a,0xb6,},{0x70,0x9d,0x1c,0xa9,0xca,0x2f,0x74,0x2a,0xb9,0xdd,0x0b,0x04,0x93,0x35,0xf5,0x44,0xcf,0xfb,0x2f,0x1a,0x36,0x93,0xd5,0xf5,0x3f,0x8b,0xa0,0x83,0xb9,0xb0,0xd8,0x6e,0x52,0x08,0xfa,0x8e,0x1e,0x81,0x56,0xc9,0xcc,0x22,0x42,0x77,0x5a,0xbb,0x7e,0x15,0xaf,0x30,0x85,0x86,0x8e,0xf4,0x57,0x63,0x4e,0x99,0x26,0xc4,0x04,0xec,0xf3,0x0f,},"\x43\x6a\x3c\x31\x76\x3f\x93\xd4\xd5\x46\xc6\xd1\xec\xfb\x7a\xe4\x59\x16\xaf\x75\x4f\x83\x9d\xcf\xe9\x6d\x6b\x69\xc6\x12\x14\xd0\x16\xfc\x84\x2f\x56\x46\x2a\x3f\x07\xf6\x61\xb2\xe2\x50\x5a\xcf\xaf\x48\x2a\x0b\x0f\x4f\x55\x01\xee\xc4\xb2\xd2\xd7\xd4\x44\x54\x4d\xe0\x00\xb9\x90\xf4\x36\x3d\x3f\x98\x3f\x5d\x4e\x09\x30\x97\x52\xff\x57\x9c\x73\x20\xc9\x15\x95\x1c\xc3\xa1\xe3\x23\x8c\x1b\xa7\xa1\x91\x30\xea\xbf\x6a\x37\xf5\xf0\xbc\x56\xe2\x52\x42\xf7\x52\x06\x1f\x3c\x63\xac\xad\x99\x2a\x75\x01\xe9\x67\xde\xb9\x25\xb3\x0e\xd1\x05\x43\x1e\x58\x21\x02\xfa\x4f\x30\x8c\x2f\x06\x83\x61\x2b\x56\x68\x6d\x52\xda\xed\x69\x43\xa7\x21\x9f\x3b\xee\xa2\xe0\xa2\x92\x42\xe8\x6d\x55\x62\xff\xab\x83\xb5\x6b\x26\x33\x26\x66\x4e\x02\x9e\x96\x1e\x70\x17\xd8\xe8\x9f\x5e\x3e\x1d\x10\xf5\x93\x28\x54\x55\x0c\xe6\xe5\xcd\x76\x97\x1f\xd2\x35\xcf\x9c\x00\x27\xd0\xcf\xed\x33\x15\xc2\xcb\xf1\x85\x08\x62\x4d\x8a\xcf\x04\x7f\x9b\x96\x8f\x90\x7d\x9e\x6f\x4c\xfa\x5e\x45\xc8\x0a\x27\x2c\x2d\xbb\x62\xc5\xd4\x19\x45\x80\xdf\xab\xed\xd8\x2c\xb4\xd7\x64\x92\x34\x4b\xe9\x6c\xcf\x5d\xaa\xf6\x1e\x6b\x2b\x55\xef\xdb\x3f\x65\x21\x0a\x3d\x6e\x1f\x36\x98\x87\xca\x0e\xa0\xd5\x8c\x3d\x14\x6a\xe3\xcf\x9b\x00\x00\x76\x88\x41\x15\xfa\x51\xb5\xfd\x66\xbe\xc0\xcc\xbf\x0d\x29\x20\x19\x6a\x7d\x7a\x38\x44\x5f\xbe\xd2\x2d\xfc\x75\x64\xdc\x56\xf6\x0d\x6e\x29\xe5\x92\x48\x53\x74\xc6\xbd\x1e\x5b\x15\x93\x1b\x69\xca\x6e\xe6\xb3\xaa\x25\x25\xc2\x35\x85\xf0\x92\x9f\x31\xcb\xd1\x1f\xb1\xa5\x33\x02\x16\xb9\x0a\xe5\xa6\x56\xdf\x7a\x07\x4c\xec\x64\xe5\x98\x18\x4f\x50\x3f\xb2\x3c\xc0\x5e\x65\xda\x9a\xe7\xe8\x44\x1f\x40\xe2\xdc\x26\xb8\xb5\x6d\x2c\xb5\x23\xa7\xc6\x35\xdc\x08\x47\xd1\xcd\x49\x8a\xbf\x75\x6f\x5a\x13\xea\x14\xf8\xfa\xb2\xc4\x10\xb1\xa4\x70\xf4\x9a\xa8\xdc\xa4\xac\x02\x56\xb1\x18\x00\xde\x0d\xd0\xec\x42\xb1\x42\xc5\x61\x12\x8d\x35\x7e\x78\x3b\x12\xf6\x1c\x66\x8f\x5e\x6e\x06\xb7\xb4\x8b\x7b\x22\x54\xde\x5b\xdc\x18\x04\xb7\x23\xd5\xfd\x6a\x0f\x4b\xc7\xc5\x9e\x7c\x50\x54\x18\x26\x13\xbb\xd2\xfa\x92\xb4\xc1\xda\x16\xbc\x8c\x97\xe1\x6b\xcb\x0d\xbf\x8c\x92\xb7\x48\x99\xb3\x7f\x31\x87\x57\x14\x0b\x6c\x4f\xd5\x35\xe2\xe1\xe0\x57\x0a\x50\x81\x8c\xf7\x8f\xb9\x88\xe1\xf4\xce\x40\xe7\x6e\x8f\xe3\xd6\x97\xd7\xa4\x58\x50\xf2\x93\xce\x17\x0f\xd8\xab\x07\xcf\x15\x34\xea\x5f\xfa\xd3\x4f\x6f\xcf\xa4\x2d\x0d\x21\xa9\x1d\xfb\xfe\x05\x97\xc7\x3f\xd9\xb9\x76\x76\x14\xeb\xdf\xd0\x2c\x3a\xc0\xc4\x9a\xd1\x0c\x94\xbe\x59\x69\xee\x08\x08\xc0\xa3\x0b\x2a\x1e\xaa\x90\xea\x43\xb8\x57\x5c\x30\x56\xf4\x23\xcd\x4b\x6f\x34\xae\x51\xc2\x22\x37\x65\xa9\xea\x21\xf6\x45\x73\xc1\xa1\x39\x61\x32\x12\x46\xe3\xb5\x34\x9e\xe0\x48\xfb\x62\xd5\xfb\x61\xb1\x71\x43\x91\x18\x25\x62\xb9\x15\x98\x36\x0e\x5f\x9b\xf4\xac\x80\xdb\x24\x64\x32\xaf\xb3\xa4\x3d\x34\x96\x50\xde\x03\xd3\x43\xc2\xe9\x7a\x8e\xef\xd1\xbf\x30\xc1\x0c\x25\x86\x7f\x53\x26\x6b\xd1\xf0\xdc\x14\xae\x1a\x6b\xe9\xef\xde\xcf\xf6\x7e\x7d\x29\x2c\x6c\xdf\xc9\x0d\x80\xb8\x86\x66\x8f\x04\xc2\xa0\xf5\xad\x7f\xa1\x7c\x17\x8b\x6e\x9b\x45\xa1\x1f\x4d\xdf\xe2\xd6\x69\x60\xa3\xf7\x51\x35\xad\x5e\xd1\x54\xe5\x13\xe1\xa5\xd1\x38\xe7\x37\x1e\x84\xd7\xc9\x24\x53\xe6\xc6\x2d\xc5\x9b\x8e\x1f\xa9\x3d\x77\x3a\x25\x40\xd9\x1c\x25\x7c"},
+{{0x4e,0xc6,0x82,0x9b,0x43,0x99,0x70,0x56,0xd9,0x96,0x85,0x38,0x9b,0xd5,0x3c,0x52,0x8d,0xe7,0xe5,0xff,0x27,0x15,0xd6,0x5c,0x95,0x66,0x19,0x82,0x6e,0x3f,0xb5,0xb5,},{0x7d,0x92,0x2d,0x57,0xfd,0xb1,0x27,0x92,0x87,0x9a,0xec,0x4e,0x8c,0x65,0x14,0x63,0xec,0xe0,0x64,0x49,0x2c,0x72,0x17,0x53,0xd2,0x2e,0x11,0x55,0x09,0xfe,0xd7,0x06,},{0x15,0x9c,0xa4,0x04,0xf7,0xf7,0x41,0x17,0xc5,0x16,0x3c,0xf4,0x04,0x11,0x09,0x49,0xeb,0x57,0xae,0x2d,0x76,0x62,0xb1,0xff,0x41,0x78,0xcc,0x67,0x56,0xe9,0x0a,0xda,0xea,0xb7,0x1b,0x06,0x4c,0xe1,0xdf,0xf4,0x57,0xb2,0xdb,0xa7,0xe2,0xdc,0x13,0xc2,0x17,0xbc,0xae,0x8a,0x61,0xfc,0xf8,0xce,0x14,0x87,0xa6,0x49,0xc2,0x57,0xff,0x07,},"\xed\x26\xb4\x13\x0d\x4e\xbf\x3f\x38\x61\x49\x1a\xa3\xdd\x96\xa4\xeb\x69\x75\x21\x73\xfa\x6c\x84\xca\x65\xdf\xc9\x91\xc7\xfe\x44\xe0\x2b\xd6\x16\x50\x25\x2a\x1d\x23\x78\x66\x82\xec\x38\xc1\xfe\xe8\x2c\xc3\x50\xdb\x7c\x3c\x39\x49\xa1\xc9\x35\xff\xeb\xd7\xba\xa2\x4f\x35\xa3\x93\xfb\xd2\x7e\x7c\x34\xc2\xf9\xff\xda\x60\xa1\x8d\xf6\x6c\x3e\x46\x5d\x90\xed\x48\xfb\xba\xd3\xfa\x79\x47\xde\xe7\xe6\x59\xa3\xee\xad\xb8\x87\xf0\x96\x3f\x6b\xdd\x76\xc3\x6c\x11\xae\x46\xd0\x88\xee\x50\xbc\xa8\x18\x7a\x0a\x88\x32\xdb\x79\x84\xb7\xe2\x7c\xbe\x6a\xbf\x12\xd2\xc9\x4f\x33\x7e\xc7\x8c\xb3\x8b\x26\x24\x1b\xd1\xa3\xd2\xf5\xfa\x44\x07\xfd\xd8\x02\x27\xd2\xb1\x70\x14\x4b\x41\x59\x78\xe3\x72\x01\xd0\xfc\xf4\x31\x74\xb9\xd7\xb2\x11\x5d\x5e\xb8\xbc\xec\x27\x6a\x77\x5a\xea\x93\xf2\x34\x0d\x44\x25\xd3\x4d\x20\x47\x49\x4d\x91\x7e\x0d\xbe\x37\x85\x7e\x6c\x99\x85\x9b\x71\xc9\x14\xaa\xd5\xe5\x4f\x7b\x2b\x03\x3e\x59\x4e\x27\x2c\xc5\xcf\xe9\x19\xf8\x88\xe5\x5c\xb6\x15\x7a\xff\xcf\x35\x72\x46\xd0\x0b\x53\x2c\xc4\x71\xb9\x2e\xae\x0e\xf7\xf1\xe9\x15\x94\x4c\x65\x27\x93\x15\x72\x98\x53\xda\x57\x2c\x80\x9a\xa0\x9d\x40\x36\x5f\x90\x87\x5a\x50\xd3\x1c\xa3\x90\x0d\xa7\x70\x47\xc9\x57\xc8\xf8\xbf\x20\xec\x86\xbd\x56\xf9\xa9\x54\xd9\x98\x8e\x20\x6b\x44\x4c\xa5\xa4\x43\x45\x21\xbf\xc9\xc5\xf3\xa8\xa0\x61\x47\xeb\x07\xd1\x1d\xfe\x11\x71\xec\x31\xff\x55\x77\x15\x88\xb3\x33\xee\xe6\x21\x5d\x21\x6c\x47\xa8\x56\x6f\xbb\x2b\x18\x97\x46\x46\xac\x5a\x92\xc6\x99\xd7\x75\x84\xc0\xde\xfe\xfd\x2d\xfa\x58\xfc\xa2\x71\x99\xe4\x1e\xc5\x8a\x24\x63\x20\xb3\x5f\xaa\xb7\x5b\x97\x95\x19\x24\x22\x6d\xa4\xab\x28\xf0\x1b\x47\x07\x8e\x71\x2e\x4f\xd9\xf7\x7b\x25\x1c\x96\x67\x85\x8c\x28\xe3\x2e\xf1\xcd\x01\xfc\xbe\x43\x5c\x54\x2d\xba\xd0\xa8\x4a\x13\xcd\xbb\x57\x75\xe6\x2d\x81\x1d\xc6\x90\xd9\x55\x5c\x37\xf1\x5f\x91\x76\x7a\x56\x13\x57\xdf\x10\x6e\xef\xe0\x56\xe7\x36\x06\x70\x65\x0f\xb8\x18\xfc\x6a\xdc\x59\x97\x3e\x9a\xd5\xcd\xcd\x80\x98\x07\xab\x56\x39\x7f\x3c\x13\x94\x87\x32\xd9\x8d\x67\x6f\x4a\x44\x70\xa9\x5d\x8b\x51\x82\x37\xe2\x26\xf0\xcc\x5f\x47\x65\x16\x4a\x5c\x3e\xf0\x50\x71\x4b\xe0\x2a\x12\x6b\xe8\xf6\x65\x46\x48\x15\x81\xb9\xe9\x4a\x26\xaa\xd2\x4c\x69\x3b\x7f\xdb\xc1\x8a\xcd\x3e\xd7\xcf\xc4\x7d\x8a\xb2\x67\x45\xd7\x8e\x70\x1d\x0c\xf0\x5d\xd8\x44\xb5\xb3\x45\xa2\x9d\xab\x68\x4c\xbc\x50\x92\xba\x02\x2e\x3c\x58\x2d\xfc\x04\x4c\x31\x00\xad\x02\x75\x66\x97\xa8\x49\x82\x29\x15\xa1\x6e\x2a\x2b\x81\x0e\x68\x15\xf5\x44\x21\xd2\xf3\xa6\xff\xf5\x88\xc0\xd9\x01\x3c\x76\xf3\x3e\x09\xbe\xae\xef\x60\xd8\x77\x42\x30\xe8\xce\x71\x31\x28\x9a\xef\x2a\x40\x68\x6c\x81\x9f\xb2\x04\x0b\x06\x12\x4d\x3d\x9a\xa4\x19\xd5\x67\x88\xf1\x7f\xa7\xed\x9b\x9b\x57\xce\xaa\xd1\x33\x7a\x01\x01\xbe\xa0\x44\x0c\xff\x74\x5d\xdd\x97\x22\x05\x5d\x1f\x9b\xcf\xb0\x09\xce\x2c\x2f\x41\xa9\xe7\xe8\x68\x06\xb8\x72\xcd\xc2\x05\x9b\xc8\xec\x68\xf5\xee\x56\xc4\xba\xcf\x4b\xbd\x30\xea\x4c\x71\x55\x86\x4d\x60\x0c\x0e\x2e\xee\x73\xb3\x19\xbd\xa4\x37\x2e\x9c\x60\x3c\x77\x2c\x25\x89\x0c\x76\x10\x48\x99\x89\x47\x5d\x37\xa7\x7a\x45\x74\xa2\xba\x55\xbf\xd9\xc9\xcf\xd1\x46\xfb\x97\xe6\x16\x5d\xcc\x19\x55\x9f\x4f\x85\xdf\xca\x2f\x97\xf3\x70\x2e\xd8\xfa\x6b\x3c\x2a\x97\x41\x97\x4a\xa0\x7a\xb6"},
+{{0xb1,0x50,0xa7,0x89,0x29,0xed,0x1e,0xb9,0x32,0x69,0x21,0x3e,0x1e,0xbc,0x22,0xe2,0xe4,0x0a,0x60,0x1b,0xdb,0x00,0x54,0x99,0xb7,0xbe,0xb0,0x58,0x91,0x7c,0x53,0x40,},{0x28,0x86,0x6b,0x6d,0x1c,0x39,0x3c,0xb0,0x8e,0x46,0x4c,0xf5,0x57,0x14,0x40,0xa6,0x49,0xe5,0x06,0x42,0x38,0x0d,0xdf,0x4f,0xfb,0x7a,0xd1,0x50,0x48,0x5c,0x10,0x8e,},{0x27,0x6d,0xd0,0x96,0x2e,0x6e,0xe6,0x4f,0x05,0x92,0x44,0x1a,0x8a,0xf0,0xe5,0xef,0x8f,0x93,0xbf,0x0b,0xae,0xba,0x20,0x50,0x4b,0x9d,0xb4,0xf9,0x5a,0x00,0xb9,0x39,0xea,0x38,0xde,0xf1,0xc7,0x97,0x86,0x28,0x98,0xca,0xbe,0x9d,0xc4,0x64,0x4f,0x0e,0x67,0x7e,0x87,0xc0,0xa3,0x3b,0x87,0xb6,0xa4,0xd2,0x2a,0x80,0x7d,0x0e,0x1e,0x02,},"\x1b\xf5\x5d\x27\xf9\xdd\xe6\xc4\xf1\xc0\xdd\xd3\x60\xa2\x5d\x94\x93\xc0\xff\xdc\xa7\x4a\x7e\xd5\xe5\xa5\x14\xe9\x55\x15\xcd\xa4\xaa\xd8\xf4\x5c\xd6\xed\x79\x01\xf8\xf2\x24\xa6\x3b\x38\x12\x1c\xbe\xac\x2f\x56\xda\xe2\x10\xdd\x05\x37\x50\xcb\x20\x75\x14\xa8\x89\x1e\x24\x5a\x5d\x07\xe7\xde\x78\xa2\xe3\x81\x44\x63\xf1\x48\xd2\xac\xb7\xdc\x71\xf9\x95\xc9\x29\x9a\xd0\xd6\x26\x6c\xfe\xfc\x94\x26\x96\x57\xfd\x47\xcf\x53\x12\xb9\x2a\xf2\x75\x06\x51\xc4\x79\x63\x6c\x9d\x36\xae\xf0\x8f\x7d\x11\x95\xe7\xfa\x1b\xa3\xab\xb5\xdc\xb9\x01\x36\xb0\xfb\x9a\x37\x66\x8b\x87\xa2\xdb\x88\xd1\xe2\xb6\x44\x0d\x3e\x6e\x60\x1e\x6d\x4b\xc1\x0c\xf1\xcb\xdf\x1d\x61\x69\xc0\xdc\x2c\x4a\xec\xde\xb6\xcd\xd4\x56\x7d\x42\x50\xb2\xaf\xa7\x15\xb1\x66\xc9\x46\x7f\x90\x7d\x3f\xa5\xa6\xda\xf2\x00\xb3\x09\xc1\x09\x37\x68\x30\x49\x9c\xaf\x31\x49\x00\x1c\xf3\x33\x94\x48\xca\x3d\x76\x52\x25\xd6\xb3\xc1\xcd\x26\x7c\xba\x93\x6e\x7a\xa4\x83\x25\x39\x46\x6f\xd2\x0c\xbb\x38\x32\x3c\xbb\x22\x28\xa2\x71\xf2\xd2\x82\x56\x1c\x73\xed\x79\xa1\xad\x04\x69\x8e\x27\xef\xe3\x93\x23\x5f\x34\x56\xc2\x95\x40\x7d\xa0\x96\x0f\x00\x34\xd8\xde\xef\xd1\xc1\x85\x73\x6f\xd3\xea\xf1\xf9\xa1\xe3\x2f\x09\x17\x4c\x1f\xe1\x27\x20\xb7\xc9\x6f\xeb\xdb\x33\xe0\x1b\x1b\x6a\x1c\x63\x71\x50\x19\x4b\xe4\xff\xab\x15\x9e\x45\xb2\x45\x85\x57\x68\x46\xbb\x64\x27\x4e\xca\x7b\x39\xa3\xed\x93\x57\xde\x7b\x08\x42\x13\x02\x4a\x9e\x85\x89\x26\x36\x00\xa2\x86\x7c\x2a\x7c\xf8\xb9\x90\x76\xa1\x2a\x07\xbd\x7d\xf8\xd5\x27\x7b\xb0\x4a\xd7\x2e\x63\x9b\x77\xea\xca\x1e\xc5\x8e\xf9\x63\x7e\x9a\x23\x76\xba\x87\x8a\x45\x72\x35\xa0\x6f\x78\xfd\xf0\xe0\xd9\x25\xcb\x2f\xd2\xa3\x8c\x77\x18\x8f\x60\x37\x2e\xf6\x00\x97\x92\x42\x43\x99\xc9\xb6\x79\x28\xda\x2e\x3b\xa9\x1c\xbd\xe4\x07\xe7\xe8\x76\xba\x98\x13\x9e\xd2\x2c\xa3\xb9\x83\xbe\xde\x00\x00\x52\x87\x96\x44\x8e\x4a\x10\x55\xac\xb2\xde\xaa\x56\xbc\x30\x82\x54\xc5\xbd\x49\x8c\x27\x5e\xce\xdc\x13\x57\xef\xe1\xfd\xa0\x1d\x34\xd9\x16\xdd\x4d\x86\x47\xe5\x77\x19\x95\xa6\x53\xe0\xf8\xa5\x28\x4c\xc7\xbf\x73\x15\x7b\x33\x49\xd5\x9e\x6f\x92\x0c\xad\x6c\xdd\x17\x19\xf0\x38\x02\x5c\x43\x00\xe0\x21\x0c\xe2\x49\xfa\xf3\xc8\x2d\xe1\xfd\x1c\xda\xbe\x61\xc1\x4e\xcb\x1d\xf0\x0c\x5c\x46\x6a\xa6\xa0\x12\xa9\xc1\x0d\xcf\xe5\x9b\x7e\x9d\x3b\x15\x5d\xab\x6c\x7b\x7c\x16\x08\xc1\xed\xd5\x1d\xbd\xad\xf6\xba\x58\x76\xb5\xe6\x0f\xdf\x7f\x19\xe6\xef\x71\x2c\xd1\xa7\xdd\x3a\x06\x2a\x65\x74\xa7\x43\x6b\x31\x9e\xfb\x94\x4e\x42\x23\xf5\x42\xb2\x50\x2c\x1b\xa9\x76\xbe\x91\xe0\x5b\x0f\x85\xa0\x9f\xd7\x93\xbe\xca\x88\x33\x75\xfb\x67\xcd\x13\x3f\x52\x84\xd8\x99\x84\xff\x3c\xaf\xa7\xe1\x1a\x9d\x85\xe7\x89\x32\x32\xa5\x24\xec\x54\xb2\x0f\x97\x5d\x3c\x0a\x11\x43\xa0\xef\x41\x17\x6b\x70\x51\xea\x91\xd4\x0c\x5f\x44\xfd\x9e\x10\x05\x58\xbf\x12\x12\xa7\xb8\x91\xe6\x8b\x55\xca\x61\xf4\xbe\x94\x52\x66\xd9\xa1\x00\x7a\x14\xaa\xeb\x68\xc4\x8e\x25\x7f\x0f\x46\x31\x0a\xd1\x64\x81\x46\x7e\xc1\x77\x35\x35\xd5\xfc\x08\x49\x15\xf5\xd0\x04\xba\x0d\xc7\x59\x1d\x21\x23\xc6\x22\x07\x90\x9d\x84\xf2\xb3\x82\xf5\xef\x12\x75\x9a\x95\xcd\x3f\x51\x89\x80\x6e\x27\x39\x60\xae\xe1\x62\xc0\x0f\x73\xe7\xfa\x59\x36\x39\x57\x65\x4b\xb1\x91\x6b\x57\x09\xbb\x0a\x9d\x04\x05\x14\xae\x52\x84\x95\x1e\x6b"},
+{{0x9f,0xc7,0xc4,0x9c,0xb8,0xc4,0xf0,0x97,0x2d,0x6e,0xd9,0x70,0xae,0x2c,0x6a,0xc3,0x37,0xe6,0x75,0x42,0x5c,0xc8,0xdc,0xe7,0x30,0xfc,0x41,0x44,0x43,0x02,0x93,0x5d,},{0x47,0x82,0x52,0x0b,0x06,0xf9,0x33,0x44,0xaa,0x76,0x67,0x80,0xe5,0x44,0x01,0x36,0x3d,0xfd,0x7d,0x96,0x7c,0xc3,0xbf,0x06,0x48,0x8a,0xf9,0x09,0x20,0xa3,0x0f,0x85,},{0x5c,0x78,0x3a,0x86,0x0a,0xa6,0x68,0x18,0x4d,0xd2,0x2c,0x4f,0x9a,0x54,0x6b,0x5e,0xc9,0x6e,0xba,0xd2,0xe4,0xaf,0x00,0xf9,0x68,0xc6,0x88,0x67,0x13,0x54,0xe0,0xcc,0x9b,0x57,0x2c,0x73,0xbc,0x6f,0x19,0x93,0x7a,0x05,0xf1,0xba,0xf3,0x43,0x47,0x63,0x96,0x5c,0x96,0xe1,0x03,0x40,0x7f,0x0e,0xb6,0x42,0xc5,0x64,0x41,0x54,0x29,0x0b,},"\x82\xbc\x2c\x70\x0d\xb2\x22\xa4\xac\x91\x4a\xa2\xbe\x8f\xa2\x8e\x42\x20\x67\xf9\x4f\x33\x44\xf5\x36\x2b\xeb\xaa\xbe\xd7\x61\x2b\x0e\x46\x4a\x73\xa6\xc4\x56\x90\x35\x64\xb1\x53\x93\x48\x51\x40\xdd\x0f\x3a\xff\x90\xaa\x6e\x16\x61\xdd\xf6\x82\x85\x0d\x04\x90\xaf\xc3\xd7\x35\xde\xa0\x5b\xa4\x7c\x85\xd9\x7e\x83\x35\x33\x51\x4c\x19\x8b\x4c\xf6\xe6\x6d\x36\x0e\xe5\xbf\x00\xe1\x4a\x3a\xab\x1a\xd0\xe7\xb8\xab\x2a\xac\xc9\x64\xd4\x28\x30\xc7\x84\x53\xdf\x19\x55\xbb\xed\x1c\xd6\x8a\xda\x3d\xb0\xec\xdb\x60\x1a\xd7\x66\x7d\x5c\x5e\x2f\xd4\x9e\x36\xf7\x32\x8e\xaa\x33\x7d\xbd\x6f\xf7\x0e\x78\x98\xa3\xf9\x8c\x15\x9d\x04\x5a\x24\x27\xad\xe5\x33\x3c\x88\xfc\x4a\xfd\x38\x19\xdc\x82\xf4\xda\xa3\xc5\x23\xcb\x57\xe3\x5a\x2a\x5a\x72\x5d\x63\xd4\x02\xba\xef\x51\xe5\x1f\x1e\xf4\xf8\xf9\xa5\x95\xc9\x37\x9c\x9a\xba\x87\x3f\xb4\xe7\x65\xa9\x31\xda\x09\x14\x8a\xba\x6e\xc5\xb4\x48\x59\xb0\xe8\x1f\xf9\xfc\x22\x95\x98\xac\x9f\xbd\xb0\xbd\xbd\xdb\x56\x92\xa5\x22\x22\xdf\x52\xea\x38\x7b\xbb\xf3\x6a\xd6\x4d\x19\x46\xbd\x28\x2e\x32\x3f\xf4\x82\x2a\xd9\xda\x89\x7f\xf7\x3f\x01\xb3\x90\xcf\xe2\xe6\x4d\xe4\x92\xd5\x5d\xe7\x7f\x5d\x7d\x00\x60\xa6\x87\x2a\x01\x83\xcc\xba\x61\x0f\x53\x27\x4c\xcb\x29\xce\x6d\xce\x6a\x03\x6c\x53\x17\xa1\xed\x2a\x7c\x10\x68\xc1\xb2\x46\xfc\x1d\x58\x81\xd0\x0d\xe0\x6e\xb4\x01\xcf\xf9\x5e\x6b\x69\x14\x86\x99\xdb\x13\xe9\x4b\xb5\xb2\x80\x21\x2d\xff\x54\xc7\x0e\x56\xde\x23\x5a\x5f\x14\x00\xb5\xbe\xa5\x67\x72\xd0\x60\x17\x0f\x1d\x06\x57\x32\x15\x61\xe4\xb4\x91\x07\xeb\x96\xd9\xb3\xbc\x5a\xdf\x45\x1c\x2a\x52\x4e\xba\x4d\xb0\x03\xb7\x7b\x63\x2a\x5d\x89\x82\x7a\x62\x24\xcc\x79\x8e\x09\x6b\xa2\x7f\xb3\x3b\xf6\x1e\x3b\x8e\xaf\x18\xd0\x01\xae\x8e\xb5\x2f\x85\xc9\x0d\x9e\x12\x54\x48\x03\xe6\x7f\xf0\x20\x47\xe0\xd2\x3c\x22\xe7\xf8\xb9\x80\xc0\x1c\x3d\x48\x24\xb2\xa9\xa1\x4a\x2e\x8f\x67\x2a\x7b\x0c\xe0\x3b\xdb\xb3\xbd\x56\xd7\x54\xa0\x96\x4d\xb0\x1c\xa8\x99\xd4\x88\x00\x15\x08\x65\x7b\x7b\x02\x2c\xcf\x04\x2c\x38\xfc\x19\x49\xd0\xe0\x0a\xf4\xd3\x01\xd4\xf0\x0c\x3d\xea\x20\xe3\x08\xa0\xf9\xdc\xac\xb4\x32\x22\xb3\x82\x41\x44\xaf\x77\xbe\x18\xa5\x04\xaa\x8d\x26\x8b\x8a\x56\x00\x72\x5e\x7c\xc5\xf3\xa2\xe6\x25\x6a\x80\x74\xd1\xae\xbc\xa1\x23\xea\x53\xa0\x76\x7a\x92\xe1\x78\x3a\x49\x83\xc5\xef\x3d\x7d\xd7\xf0\x2a\xa9\xd1\xf4\xf9\xaa\xc6\xce\x25\x45\x93\xf0\x87\x92\x01\x4f\xb8\x67\xea\xf8\x79\xb8\x8a\x4e\xfb\x18\xe8\x9b\xa1\x10\x06\xad\x09\xd8\x54\x31\xcc\x26\x57\x5b\x53\x8d\x8e\x78\x90\x64\x6c\x59\x88\x64\x7c\xc1\x05\xd5\x82\x90\x7a\xe6\x25\xe0\x9c\xd0\x89\xf4\x72\x49\xe8\x18\x14\xda\x14\x04\x4c\x70\x14\xe8\x0e\x7a\x8e\x61\x9c\x7b\x73\x5f\x70\x16\x16\xb6\xa3\xc6\xf4\x92\xcd\xc6\xed\x46\x3e\x71\xa3\xd2\x22\x91\x48\x2d\x90\xa1\xde\x6f\x09\x7c\x4a\xe2\x54\x87\x61\x84\xc5\x62\xb1\x65\x75\xb9\xd0\xd1\x93\x13\xed\x98\x86\x4f\x49\xfe\x2e\x1d\x07\x4a\x21\x21\x1b\x2b\x2a\x6d\x27\xdd\xb2\x86\x11\x52\x0d\x5f\x71\x23\x05\x8f\xd0\x07\xbb\x01\x00\x1d\xef\x07\xb7\x92\xbb\x05\xbb\x74\x1c\x12\x9c\x6a\x36\x37\x6c\x38\x53\xb8\xbb\x4f\x66\xb5\x76\x0c\x8e\xb4\xec\xc7\x30\x6b\xa3\xa9\x0c\x70\xda\x47\xc9\x65\xf6\xdc\xcb\xdb\x61\xa7\xfd\xa1\x8e\xe9\x67\xcf\x8c\x5f\x05\x03\x11\x09\x2d\x0f\xde\xea\xed\xd1\x26\x5d\xef\xdd\x66\x0a\xbe\x70"},
+{{0x08,0xbf,0x05,0x9b,0x4d,0xa9,0xaa,0x7f,0xfc,0x70,0x2f,0x5b,0x23,0x04,0xc4,0xf9,0x6c,0xa4,0x9b,0x7d,0xab,0xb6,0xaf,0xb4,0x1d,0xc9,0x1c,0x0f,0x00,0xc6,0x5b,0x78,},{0xa6,0x28,0x9b,0xa2,0x8e,0x80,0xe8,0xd1,0xa3,0x19,0x22,0x3e,0x41,0x65,0xdc,0x0b,0xce,0x73,0x52,0xaa,0xf2,0x42,0xf7,0x0c,0xc9,0x68,0xd2,0x1d,0x77,0x75,0x28,0x32,},{0xe2,0x47,0x65,0x86,0x01,0x37,0x68,0x9a,0xad,0x50,0xeb,0xee,0xfc,0x8d,0x6d,0xb8,0xe9,0x36,0xa4,0xcb,0xa6,0x2c,0xe8,0x7a,0x7f,0x58,0x02,0x09,0x38,0x4a,0x9d,0x7e,0xec,0x90,0x70,0x90,0x5f,0x60,0xad,0x63,0xa7,0xbe,0xfd,0x7c,0x70,0xf0,0xae,0x7c,0x81,0x09,0x16,0x9a,0xee,0x4e,0x51,0x8f,0xce,0xbf,0xac,0xa7,0x23,0xc5,0xb2,0x07,},"\xbd\x4f\xb2\x8a\x1d\xd0\x8b\x07\xba\x66\xe1\x7f\x0c\x4f\x21\x85\x3f\xef\xef\x1c\x9d\x20\xba\x79\x77\xf1\x54\x64\x1e\xa1\xa1\x8b\xec\xf6\xbb\xb8\x03\x88\x88\x62\x94\xe0\x75\x6a\x3c\x50\x8f\xfd\xfe\x90\xb5\x1e\x13\x56\xd1\x12\xd8\xcd\xe5\xee\x2c\xc6\x33\x2e\x61\xd1\x69\xcc\xc8\xcc\x93\x49\x94\xf1\xbb\x56\x0f\xa4\x66\x0c\x0b\x0f\xd4\xe8\x14\x9a\x22\x5e\xd4\x88\x3e\x68\xfb\xb6\x9d\xa7\xaf\x8a\x52\x4b\x17\x14\x1c\xcb\x76\xb5\x0c\xd8\xe1\xb6\x7d\x3c\xe0\x37\xde\xd7\xdf\xa5\x9b\xc7\xc2\x67\x42\x26\xec\x7e\x07\xb7\x8e\xa3\xf7\x82\xfd\xa3\xe5\xf1\xe9\xca\xea\xb6\x08\xca\x38\x7c\x30\x46\x54\xf8\x01\xd0\x0e\x10\xa7\xc2\x9f\x4b\x0d\xa3\xe5\xf8\x95\x13\xa9\x80\x37\x71\x9a\x1a\xef\x4c\x25\x06\xc1\x77\xaf\x54\x51\xa0\x07\x57\xa5\x9f\x16\x22\x9c\x4f\x44\x14\xdf\x51\x58\x0d\x48\x21\x0d\xab\xc9\x37\x73\x70\xb6\x06\x8a\x88\xe8\x1d\x3a\xd1\xbe\xd4\x98\x51\x55\xc3\x60\x0f\xf4\x87\x68\xb9\x03\x02\x2f\xe0\x2a\xe4\x80\xf2\xe6\x32\x9f\x0b\xcc\x91\xd7\x5f\x5c\x6a\x09\xfd\xf7\x7b\xde\x90\x49\x9f\x3c\xa3\x95\xcb\x20\x06\x2a\x09\x84\xad\x6a\x01\x41\xfd\x01\xc2\xd5\x4d\xfb\xb1\xee\x58\x46\x10\x64\x07\x73\x43\x9a\x16\x58\xd2\xc9\xf8\x62\xf1\x83\xbf\xef\xb0\x33\xa3\xbe\x27\x18\x12\xf1\x3c\x78\x70\x46\x57\xe7\xfb\x4f\x85\x01\x75\xfc\xd6\x3d\x3e\x44\x05\xd1\x92\x24\x2c\x21\xf2\x7c\x51\x47\x7f\x32\x11\xa9\xce\x24\x8e\x89\x2b\x42\xfb\x6d\x85\x82\x0f\x41\xb8\x97\x83\x6f\x20\xf8\x5a\x13\x11\x53\x4b\x5c\x40\x4f\x8b\x7a\x4a\x03\x19\xbc\x6c\xec\xaa\x57\xfe\x4d\x4f\x20\x60\x7c\x99\xc2\xdf\x22\xfa\x06\x76\xf9\x9d\x1b\xd8\x78\x86\xc9\x28\xc4\x98\x8c\x6e\x78\xc5\x7d\x75\x83\x30\xe6\x92\x2c\xbe\x03\xc1\x03\x40\x25\x3d\x0d\xd4\x83\x79\x2c\xe7\x5e\x6c\xd0\x9d\x12\xfb\xbb\x04\x1f\x02\x05\xe6\x5a\xd2\x5c\xe7\xc1\xb2\x4e\x77\xee\x8d\x6f\x91\x5e\x3b\xc3\xe1\x0d\x09\xfb\xd3\x87\xa8\x4b\xda\xab\xfd\x1c\xed\xb5\x2c\x0b\x17\x33\xb5\xf4\x70\x88\xc0\xd3\x5e\x0e\xf4\x58\xc8\x54\x14\xc2\xb0\x4c\x2d\x29\xf6\x3f\x77\x58\x61\x31\xee\x65\x53\x0f\x20\x9b\x51\x8a\x0f\x25\x7a\x07\x46\xbb\xd5\xfe\x0a\x2e\x0c\x38\x8a\x6c\x48\x0e\x1b\x60\x71\x4f\xee\x1c\x59\x41\xbb\x4e\x13\xf7\x07\xea\xc4\x87\xa9\x66\x6a\x72\x3b\x57\x93\x13\x4a\x26\x8b\x77\x59\x77\x86\xc3\xa3\x19\x3b\x46\xd3\x55\xdd\x08\x95\xfc\x62\x16\xc5\x36\xa5\x42\xff\xd7\xd7\xb0\x80\x10\xc8\x6f\x54\x7a\x5d\xaa\x38\x33\x5a\x8b\xfa\x26\x55\xd5\xf7\x1b\x4d\x88\x07\xf5\x0c\x85\x45\xc5\x83\xdd\x0b\x69\x00\x22\xee\x65\x87\x3a\xea\x3e\x8f\x1a\x56\x5f\x3b\x0e\x4e\x02\x95\xfb\x0d\x32\x1f\x5c\x0b\x39\x7f\x2f\xd0\x52\x8f\x86\xa0\xd1\xb7\x07\xf7\x37\xb1\x75\xc6\x9e\x9e\x7a\xe3\xc8\x4d\x4b\x2c\xf3\xa3\x8a\x63\x1a\xa8\x03\x2b\x3e\x65\xbb\x45\x28\xf6\x6d\x0b\xfd\x34\x47\x3e\xd0\x10\x1d\x2a\x61\x25\x5b\x21\x5b\xc1\xcb\xab\x9a\x26\xd2\xb9\x69\x32\x4b\x77\xc8\xa5\x46\x4e\x5b\x23\xdf\x6c\x51\x12\xf9\xd1\x7c\x58\x7d\x95\x55\x9d\xe2\x12\xad\x24\x1d\x8b\x12\x60\x50\xe5\xfd\xdf\xcc\x83\x9a\x7e\x5a\xa2\xfd\xa1\xca\x20\xc0\x91\x0d\x86\x34\x18\xf1\x95\xb3\x8a\xdf\xcc\x36\xe9\x2f\x23\x96\xac\x31\x44\xb5\x37\xb3\x0f\xbe\x4d\xde\x61\x49\x02\xf8\x99\x78\xb7\xfb\x42\xcd\x99\xf1\x3d\x99\xc4\x5c\x73\x4f\xb8\x2c\x32\x59\xf9\x0b\x88\xfd\x52\xbd\xcb\x88\xf7\xee\xec\xdd\xe4\xc2\x43\xd8\x80\xba\xc7\x61\x4e\x15\xcf\x8d\xb5\x99\x3f\xfa"},
+{{0xdb,0xbd,0x0f,0x7e,0xcb,0x64,0x82,0xcb,0x01,0xc4,0xdb,0xdc,0x38,0x93,0xc0,0xdb,0x81,0xe8,0x31,0x35,0x3a,0x5b,0x01,0xcc,0x75,0xd3,0xb1,0x1f,0x2f,0xf3,0xc5,0x9c,},{0x2d,0x4e,0x58,0x8d,0x31,0xa3,0x84,0xb1,0x78,0x58,0xc0,0xd7,0x84,0xf6,0x71,0x2b,0xaf,0xd0,0xb4,0x12,0x04,0xcf,0x8f,0x0d,0x57,0x97,0x3e,0x59,0xc7,0x70,0xd3,0xda,},{0x96,0xc0,0x03,0x61,0xfb,0x71,0xc5,0x23,0x05,0xe1,0xab,0x77,0x07,0xe0,0x46,0x52,0x03,0xeb,0x13,0xdf,0x3e,0x06,0x55,0xf0,0x95,0xfb,0x33,0x19,0x42,0xa4,0x0b,0x15,0x58,0x41,0x43,0xb3,0x70,0xa7,0xdd,0x57,0x61,0xfb,0x03,0xc0,0x75,0xd0,0x4a,0x83,0x48,0x66,0x1c,0xce,0xa9,0xad,0xa5,0x33,0x65,0xb5,0x00,0x08,0x7d,0x57,0xec,0x0c,},"\xe0\xff\xf3\x59\x75\xeb\xa7\x8d\xa2\xb0\xff\xcc\x5c\x1b\x66\x36\x00\x88\x8e\x82\x55\xcd\x20\x8f\x6d\xce\x7e\x88\x95\x3b\x71\x42\x93\x73\x89\xa3\x37\xae\x82\xf4\xcf\xe3\x2f\xcb\x34\xf5\x52\xa4\x8f\xa8\x89\x9e\x1a\x65\x9e\x3e\xd3\xd3\xd2\x90\xef\xc9\xa0\xf7\xde\xdf\x33\xe2\x1d\x04\x8d\x8d\x91\x07\x57\x03\x7b\x76\xe8\xa7\xee\x9e\x4e\xca\x30\xf5\x29\xdd\xc0\x2c\xef\xfc\x26\xd6\x4f\xda\x73\x03\xcc\x0d\x89\x40\xe9\xef\x59\xdc\x98\x3c\x12\xcc\xd1\xd2\x71\x7e\x64\xd3\x00\x6a\xf8\x2a\xb1\x5b\xb8\x78\xbb\x89\xd1\x75\x8b\xe4\x43\x10\x42\x06\x38\xb9\x6a\x0b\x5e\x1e\x65\x00\x9d\x69\x39\x5d\x02\x7a\x5d\xa4\xa8\x5e\x90\x1b\xe9\xaa\x2c\x0b\x3a\xcc\x50\x8e\xe1\x85\x74\xc1\xb2\xfa\x9b\xd5\xd7\xae\x7c\x7d\x83\x07\x12\xda\x5c\xbf\x26\xbe\x09\xa3\x12\x84\x70\xa1\x2a\x14\x90\x9a\x80\xa2\x66\x65\x9b\xef\xda\x54\x8f\xd2\xb2\x2f\x24\xc5\xfd\xc2\x06\xed\x3a\x4e\x75\xf5\x32\x06\x82\xed\x0e\x4c\xe8\x17\xd6\x3d\x5c\x7f\x1e\xe2\xb4\x40\x64\x33\x55\xbe\x65\x42\xf5\x9d\xc6\xc4\x5a\xb1\x57\x72\xf2\x21\x9a\x81\x2e\xf7\x52\x76\x42\x01\x5b\xc7\x5f\xe4\x5b\xa9\x69\xe8\x10\x0c\x26\x8e\x24\xce\xef\x92\x05\xa8\x3a\x3f\x7b\x5a\xe8\x00\xad\x06\xe0\x95\xb9\xb1\x39\x21\x94\x89\x79\x3a\x7b\xce\x84\xeb\xeb\x65\x4a\xb6\x66\x9e\x28\x55\xcc\xbe\xb6\x94\xdd\x48\x65\x15\x05\xb9\x59\xd3\x2a\x77\x02\x0b\x86\x95\x33\xe3\x25\x6d\x40\x68\x5a\x61\x20\xba\xb7\x94\x48\x5b\x32\xe1\x16\x92\x56\xfb\x18\x8f\xe7\x6e\x04\xe9\xef\xa6\xd1\x0d\x28\x6a\xe8\x6d\x6f\x1c\x87\xe8\xfc\x73\xad\x9b\x59\xfe\x0c\x27\xee\x92\xa4\x64\x15\xb3\x9d\x78\x6d\x66\x32\x5d\x7f\xa6\xfd\xa7\x12\xf1\x99\xda\x55\x4f\xc1\xc8\x99\x44\xa4\xe8\x4c\x19\x6e\x97\x9a\x80\x75\x53\x71\x8c\xb8\x1c\x07\x6e\x51\x1e\x60\x9d\x5c\xac\x23\xd8\xf4\x5b\x38\xb9\x4b\xcf\xcf\x15\x8d\x0d\x61\x60\x22\x38\xd5\x2e\x3a\xe8\x4c\x81\x53\x22\xf5\x34\xf2\x54\xe6\x33\x89\xae\x15\x5d\xee\x2f\xa9\x33\x96\xf0\xea\x49\x9d\x5d\x08\xc2\x47\x59\x08\xc6\x48\xbd\xdc\xee\x59\x1e\x13\x37\xe9\x42\x1d\xc5\xa2\x57\xce\x89\xcc\xce\x4c\xee\xa8\x09\xd7\xe8\x71\x34\xe0\x39\xdb\x1b\xe5\x98\x19\x6d\x30\x89\xfd\xcf\xa8\x97\x8e\x02\xc1\x55\x58\x32\xda\x0a\x72\xb0\x8a\xd0\x7c\xdd\x07\x26\x27\x40\x9c\x87\x39\x37\xb0\xe8\x35\x71\x5b\xaa\xf2\x60\x8b\x23\x95\x32\x74\x67\xcf\x69\xa1\xcd\xcc\xe6\x37\x24\x18\x38\x3e\x7b\x89\xc8\xdf\x4d\x53\x1f\x58\x51\x49\x50\x9e\xad\x1e\x41\xb6\x62\x7f\xea\x81\xc7\x95\x8c\xb4\x9d\x2d\x3c\x3e\x2f\xc6\x91\xe0\xb8\xcf\x72\x67\x9c\x08\xb8\x90\x46\x54\x53\x1b\xc4\x36\x8f\xb6\x17\xac\x75\x57\xd9\xdb\x8d\x32\x9d\x77\xe4\x8d\x8f\xb4\xde\x73\xab\xe7\xcb\x93\x88\x27\x4a\xf5\x85\xf8\x75\xc0\xda\xb7\x93\xe4\x35\x35\x18\xbb\x24\x69\x53\x42\xaf\x0f\x5d\xf5\xbe\x4e\x9c\x7a\xd2\x15\xbe\x90\xe2\x55\x40\xda\x34\x89\x71\x7d\xd3\xd2\x92\x54\x58\x5a\x45\xc1\x3e\x6d\xcc\x7e\x9c\x8a\x3a\x79\xff\x75\x5c\xbe\x46\x5b\x25\xe2\x3a\x1d\xa6\x08\xe1\x08\x4f\xec\x83\xbf\xf8\x0c\xfb\x74\x42\xb1\x46\x01\x87\x30\x7a\xcd\x75\xe3\xf2\xd1\x28\x43\xa7\x70\x94\xac\xc3\x28\x88\xfb\xe5\xf1\xfc\x24\xc6\x15\xd1\x9a\x06\x53\x91\xd4\x17\x64\x74\x64\x42\x46\xb5\x34\x3d\xa7\x76\x26\xa2\xd4\x83\xfe\x20\x4f\x83\x93\x28\x77\x5b\x71\xa4\xcb\x56\x72\x73\xe1\x69\x64\x0a\xf9\x3d\xde\x3e\xca\x91\x16\xf4\x00\xe2\x3a\x7a\xd3\xd8\xfc\x3a\x28\xe5\x65\xf1\x25\xd6"},
+{{0x74,0x8b,0xb3,0xcd,0x47,0x71,0x37,0xbc,0x88,0x0e,0xa7,0xc6,0x1d,0xf2,0x5c,0x1d,0xac,0x6e,0xbe,0xc9,0xe6,0xc3,0x19,0x3d,0x81,0xff,0xa6,0xf7,0xa8,0x1e,0xc6,0x67,},{0x10,0x6f,0x28,0xcf,0xed,0xf0,0x96,0x45,0x42,0x26,0xb3,0xb0,0x1f,0xc2,0x4a,0xb1,0xc9,0xbb,0xd7,0xf2,0xb0,0x97,0x3e,0x56,0xfe,0x2f,0x4c,0x56,0xa0,0xb1,0x47,0x5b,},{0xe1,0x3c,0xa8,0xe5,0xce,0x7c,0x26,0x80,0x90,0x90,0x8d,0x61,0xcf,0x2f,0x0a,0x3e,0x45,0x72,0x41,0x2b,0xf5,0xad,0xfc,0x5a,0xdd,0xfe,0x88,0x55,0x6f,0x14,0x8b,0x5f,0xcb,0xe3,0xe1,0xbc,0x65,0xff,0x16,0x11,0x7d,0x35,0xc9,0xd5,0xdc,0x3b,0x11,0x71,0x98,0xf8,0x84,0x92,0x5b,0x40,0x35,0xb2,0xc0,0xde,0x6c,0x40,0x2e,0xd4,0x7a,0x01,},"\x00\xde\x6d\x99\x0c\x84\x33\x8a\x39\x8f\xda\x5f\x4a\x2c\xca\x73\x3c\x56\xb2\xa2\xea\x39\x6c\x2f\xe6\x67\xc2\x68\xe3\x81\x45\x87\x85\x39\xbd\x41\xbc\x14\x0a\x2c\xdf\xe7\xe1\x83\x60\x41\x10\x48\xcc\xa6\x0f\x35\xce\x51\x09\x91\xdf\x26\x1c\xbf\x66\x90\x39\xd9\xd2\x56\x87\xa0\x7f\xc0\x47\x6a\x41\xf5\x0e\xcc\xf3\x81\x53\xee\x6a\xe9\xff\xd3\x92\xb2\xbe\xc0\xcc\x67\x10\x1e\xc3\x69\x6d\x7a\x2e\xc8\xcb\xd4\x47\xb6\xa6\xea\x06\x3d\x33\xec\x12\x8a\xe8\xb5\x75\x77\xde\xe1\x7b\x97\x16\x25\x63\xf1\x5e\x42\xb5\x5c\xa4\xbe\xdb\xdf\xb6\x31\xa9\xf6\x26\x2f\x94\xae\x35\xbb\x35\xf7\x95\xc3\x5a\x01\xde\xdb\x46\x45\xa7\x3c\xfa\x6e\xd9\xee\x52\x1e\x46\x31\xfb\x17\xbb\xc0\x6e\xe5\x73\x16\xbe\x52\x74\x27\xc8\xaa\x55\xc6\x31\x18\x74\x62\xd4\xb2\xc8\x82\x2c\xa4\xe1\x8b\x7a\x5d\x4c\x11\x4c\x11\xdc\x22\x06\x9b\xc8\x32\x65\x6d\x5f\x4d\x39\x54\x87\x18\xc5\x1f\x5e\x4f\xc8\x28\xf6\x0e\x37\xf0\x13\x07\x50\x52\x65\xac\xb2\x2d\x5e\x8d\x76\x7b\x9a\xa7\xb8\x66\xa1\x57\xc6\x43\x87\x3e\x09\x08\x4a\x1a\x40\x4a\x7b\xb5\x8c\xcc\x4b\x5a\x39\x0f\xd3\x06\x01\xc8\x96\x93\x5e\x35\x56\xf6\x0d\x2d\xc6\xbd\xff\xe4\x7d\xa0\xa6\x87\xc8\xec\xe1\x24\x1f\xf6\xc0\x7d\x77\x61\x11\xca\x65\x98\xfc\xa9\x68\xcb\x6a\xfa\x0a\x14\xa3\x4a\xb8\xf5\x4b\x95\xd3\xd8\x47\x3a\x17\x4b\xc7\x25\x52\x3f\x86\x74\xdf\xb2\xb1\x0f\x87\x42\x07\xfe\xe1\xb0\x8b\x42\xda\x1f\x58\x65\x53\x05\xa3\x59\x75\x7a\xa0\x25\x1f\x14\x13\x8e\xed\xbc\x28\x0c\xbd\x38\x5b\xf4\xbb\xf5\x53\x01\x14\xcc\x43\xb0\x47\x47\x79\xe2\x04\x96\x2f\x85\x60\xd4\xaa\x42\x3e\x17\xe6\xae\xca\xce\x66\xc8\x13\x78\x4f\x6c\x89\x8b\x5b\x9c\xb7\x46\xa9\xe0\x1f\xbc\x6b\xb5\xc6\x60\xf3\xe1\x38\x57\x4f\x59\xb9\x74\x54\x45\x48\x6c\x42\x2b\xc0\x6a\x10\xcc\x8c\xc9\xbc\x56\x45\x8e\xf8\x5e\x0e\x8a\x02\x7c\xb0\x61\x7d\x03\x37\xdd\xda\x50\x22\x0b\x22\xc5\xc3\x98\xf5\xce\x05\xec\x32\xf0\x9b\x09\x0f\x7c\xf6\xc6\x0f\x81\x8c\x6b\x4c\x68\x30\x98\x3e\x91\xc6\xea\xdf\x1e\xae\x4d\x54\xbd\xe7\x54\xf7\x5d\x45\x0a\xe7\x31\x29\xf6\xc4\xff\x5c\x4c\x60\x6f\x7c\xad\xbf\x4f\x78\xa1\x8d\xb2\x96\x1c\xc8\xc8\xdd\xab\x05\x78\xcf\xed\xfc\xf9\x5e\xf0\x88\x8a\xfd\x38\x55\x37\xd1\xd0\xa0\x76\x48\xa5\xce\x25\x22\xd0\x63\x35\x07\xd7\x75\x93\xe1\xa0\x36\x6d\x1e\xce\x84\x3d\xe6\x98\x67\xd7\xac\x44\x2b\xa7\xda\xd2\xa9\x0b\x59\xd8\x98\x4e\x4a\x94\x6b\xbe\x5f\x17\x2d\xa4\x27\x63\x8b\x2b\x61\x20\x90\x41\xff\xf5\x0e\x60\xec\x02\xec\x2c\x0b\x1d\xc4\xbe\x2e\xdd\x13\xe8\x7b\x64\xd1\xd1\x66\x31\x14\x57\x3c\xf5\x8a\x17\x73\x9f\x46\x3a\x1c\x3d\x6b\x21\x23\x39\x01\x83\xb5\x05\xc8\xee\xff\xb2\x05\x39\xbd\xfe\xeb\x40\x77\x6d\x20\xc4\x59\xba\xc4\x56\x99\x68\xfc\xaf\xe4\x4e\xa4\xcd\x62\x4a\x84\xbf\xcc\xd7\x87\x6d\xd7\xbf\x55\xf8\x3a\xc7\x04\x0e\x30\xf3\x26\xdc\xe3\x25\x58\x8e\x1b\xa5\xbc\x07\x90\x26\x5d\xfd\xba\x09\x83\x9e\xef\x57\x16\x41\xe8\xa1\x23\x4b\x6c\xfc\x3a\x36\xa8\x66\xbd\x6b\x92\xcd\x71\xec\x74\xe0\xd4\xde\xb9\xe7\x4d\x15\x82\x01\xaa\x50\x2f\x07\xc8\xba\x34\x8a\xc2\x6a\xaf\x9b\x3d\x07\x0c\x9a\x40\xb5\x2a\x44\xe9\x32\x55\x2b\x67\xa2\xdf\x05\xa7\xf0\xf0\x3c\x61\x7b\x48\xdc\x27\x82\x36\x6a\x23\x1e\x0c\x4e\x39\x38\xa4\x27\x4b\x36\xaa\x94\x50\xff\x93\x6b\xe1\x32\xdc\xb6\x92\x83\x8d\x65\x4c\x94\x54\x2c\x6e\x04\x7a\x7f\x78\xba\x71\x19\x19\xf9\x08\xa1\x5b\x30\xb9"},
+{{0x39,0x3d,0x44,0xdd,0x0d,0xed,0x71,0xfc,0x08,0x47,0x7b,0xd2,0x5e,0xd0,0xe6,0x62,0x9f,0xa7,0xf8,0x8f,0x08,0x2e,0xbc,0xef,0x09,0x18,0x98,0xe5,0xc9,0xe3,0xd5,0xb8,},{0xc5,0x2a,0x99,0x3b,0x80,0x2d,0x84,0x54,0x0d,0x27,0x54,0x79,0xa1,0xaf,0x5e,0x28,0x7d,0x19,0xea,0x13,0xb3,0x80,0xfa,0x30,0x68,0xd2,0xf2,0xc6,0x8e,0xb9,0x7a,0x09,},{0x84,0xc7,0x16,0xe6,0x0d,0xe6,0x7b,0x02,0x0c,0xc1,0xa6,0xa2,0x4e,0x65,0x49,0xfe,0x56,0xc6,0xd9,0x41,0xa8,0xed,0xea,0xe4,0x07,0x62,0x66,0x66,0xc3,0x1c,0xb6,0x0d,0xee,0x6b,0xe5,0xa7,0x1e,0xbd,0x76,0xba,0xf7,0x1b,0x75,0x11,0x4b,0xcc,0xfd,0x37,0xd1,0x63,0xa9,0x68,0xbb,0xee,0xc1,0xf7,0x69,0x72,0x15,0x12,0x96,0xc4,0x7e,0x07,},"\x14\x2b\x6e\x82\x50\x13\x62\xd5\x5a\x04\xb8\x9d\x54\x1a\x79\x68\x63\xd7\x78\x38\x40\xd3\x4c\xbd\xfc\x51\x6a\x3c\x84\x77\x2f\x92\x44\x6f\x5f\x0d\xf4\xc4\x5c\x6e\x0d\xc8\xec\x1e\x9b\xb0\xff\x7e\xc1\x69\x6a\x09\xcd\x7a\xe3\x4c\x10\xf8\xe6\x1a\x9a\xca\xbd\x43\x03\xf0\xa9\x24\x72\x37\x62\x1c\x49\x0e\x8d\x9d\x0f\xe4\x44\x82\xc5\x60\xd0\x51\xb8\x2b\x07\x4a\xc3\xd8\xe4\x9b\xb2\xac\x71\x5a\xc4\xcd\xe3\xd4\x70\x9d\x0e\xa3\xaf\xc5\x1b\xfd\xef\x4b\x65\x67\x71\xfb\xd5\x5f\x89\xda\x9f\xa6\xdc\xaa\x62\xcb\xae\x56\x12\x08\xd9\x8c\xfa\x24\xcb\x81\x25\x2b\x89\x5f\x6a\x4a\x92\xc8\xe4\x07\xaf\x6c\x1f\x1e\xf4\x9d\x8d\xde\x15\x4f\xbc\xb1\xca\x45\x7a\x20\x4b\x5e\xa5\x43\x2e\x4d\x71\xfb\x7e\xb2\x4d\x43\xf6\xfe\x25\xe7\xb4\xc6\x59\xb0\xee\xbc\x4c\xbc\xc8\xb3\xcf\xde\x07\xc8\xf0\x7b\x18\xa5\x15\x70\xe7\x16\x3e\x33\xb3\x17\xb6\x13\x60\xf9\xce\x08\xd9\x5d\xe2\xc3\x15\x6a\xf1\xcc\xc9\xb5\x5b\xcf\x81\xea\xbf\x3c\x40\x43\x40\x46\xbb\xe8\x2e\x02\x99\x2a\x2a\xc8\xb3\xb4\x25\x68\x0a\x23\xd9\x34\x72\x6c\xb1\xb7\xbf\x26\xce\xb5\x2a\x39\x02\x2c\x00\xac\xf4\x25\x25\x71\x67\xb8\x21\x18\x5f\x68\xe3\xed\x17\x90\x3d\x8d\x22\x27\x54\x98\xc3\x9a\x9e\x8d\xf8\x84\xec\x00\x55\x8d\xcf\xa4\x3b\x8a\x11\x9c\x2e\x85\x3b\x9a\x03\x18\xbb\xea\x08\x7f\x9c\xec\x17\xca\x49\xb7\x08\x17\xb8\xd7\xc1\x70\xa8\x90\x6f\x3e\xe9\xe8\xf8\xcb\x27\xa1\xd0\xf5\x75\xab\xfa\x62\x7e\x88\xf0\x8c\xa4\xb9\x3c\x32\x97\xc4\xf3\x17\x07\x2f\x42\x1c\x5e\x60\x2e\x2f\x83\x1d\xfb\x82\x55\x1b\xdc\xe8\xd7\x12\x16\xf0\x5c\xf9\xa2\x77\x3b\x90\xfc\x93\xb9\xd8\x55\xa9\x1e\x35\xad\xe3\x32\xa5\x06\x1f\xdb\x82\xb3\x09\xba\xb4\xf5\x6e\x2d\x58\x6a\x84\xc6\x74\x81\xd1\x90\x2c\x26\x1b\x3f\x97\xdc\x30\xb1\x84\x61\x9d\xf9\xfd\xfc\x7a\x32\x9d\x06\x1a\x41\xdf\x33\x22\x02\x13\x3d\x8e\xae\xed\xdb\x4c\xfc\xee\x53\x53\x6e\x07\xaa\xd1\x15\x53\xdc\xf5\xed\x1e\x94\x9d\x45\x35\x5f\x9e\xf4\x2c\x78\x32\xb0\xde\x7c\x2f\x15\x26\xfb\xef\x86\xb6\x36\x49\xb6\xb8\x5a\xe5\xca\x86\xf0\xce\xa6\xdf\x9c\x12\x6c\x1d\x79\x48\x9c\xc3\xbf\xc6\xe8\xbf\x03\x46\xeb\x30\xd0\x16\x43\xc0\x10\x15\x0c\x5c\x8d\x0e\xb5\x01\x0a\x46\x11\x22\x15\x13\x79\x91\x08\x5e\x57\x49\x3b\x22\xe8\x35\x26\xb7\xb1\x72\xc6\xc7\x34\x1c\x40\x32\x1e\x9c\xeb\x7c\x82\xbf\xba\xa4\x8f\x3b\xd8\xf5\x13\x72\xd9\x6d\x47\x44\x4f\xf0\xd8\xbb\x2e\x5f\xd2\x65\x14\xeb\x63\x91\x05\xe3\x38\x95\xfd\xc4\x1f\x6d\xf1\xfb\xfd\xcb\x08\x46\x6e\xc2\xd2\x17\xfc\x99\xfb\x01\x2f\xe6\x54\x0c\x0c\x5a\x59\x66\xed\x3e\x66\xfa\xb1\x20\x2a\xb9\xda\xff\xe8\xe2\x7e\x8f\x74\x62\x82\x8d\x66\x26\x59\xea\x3b\x2c\x60\x8c\xf6\x8e\x30\xdb\xac\x62\xff\xd8\x22\x9f\x4a\x53\xf5\x9a\xe1\x68\x33\xb8\x1a\x15\x91\x61\xf1\x93\x69\xf6\x0f\x51\xc4\x3a\x21\x7e\xfc\x5e\xfd\x6a\xb7\xa9\x1f\xe2\x49\xc7\xb8\xa0\xc1\x4e\x9f\xae\xa5\x33\xde\x13\x38\x49\xa9\x24\x47\x67\x6f\x6c\xc1\x8b\xef\x4f\xec\x7f\x37\x31\x97\x59\xce\x80\xea\x3e\xac\x18\xfa\x2d\x9f\xa0\x23\x09\xe1\xce\x93\xac\x6c\xf4\xcd\x2c\xb2\xc9\x5f\x1e\x2a\xff\x7b\x2a\x88\x56\x40\x5a\x7b\x8e\xba\xbe\xb4\x90\x6d\x9b\x97\x34\xda\x9f\xb5\xe5\xd3\xf3\x22\xbb\x5b\x55\x9f\xa6\x1e\xc8\xf5\x15\xdb\x90\x65\xab\x4b\x91\xa7\xa3\x1d\x5c\x62\x50\x61\xc2\xfd\x2b\xcf\xe1\x7f\x94\xbb\xde\x47\x76\x30\x2b\x8a\xef\x3d\x5b\x52\xdb\x3b\xc7\x3a\xe4\xa3\x0c\xc4\x41\x7a\xcb"},
+{{0x71,0x19,0x36,0x40,0xa0,0xa2,0xb2,0x2f,0xb2,0x2d,0x00,0xa8,0x0b,0x33,0xa5,0x51,0x4f,0x3d,0x10,0x00,0x03,0x4f,0xcc,0xd8,0x85,0xd8,0xea,0x86,0x38,0xf0,0xb0,0xf8,},{0xb1,0xd3,0x6f,0x72,0x3b,0x70,0x86,0xd9,0x23,0x11,0x9f,0x46,0x75,0x9b,0x39,0xfa,0x1e,0x40,0x38,0xc6,0x41,0x8c,0x37,0x9b,0xa9,0x8b,0x58,0x40,0xc7,0xea,0x50,0x68,},{0xa9,0x70,0x2a,0x33,0x95,0xac,0xd2,0x0d,0x75,0x43,0x73,0x09,0x5d,0xc6,0x14,0x45,0x58,0x4d,0x8e,0x57,0x10,0x80,0xe1,0x79,0xad,0xcb,0xa3,0x10,0x6b,0xb0,0x6a,0x7c,0xe4,0xd4,0x60,0xf1,0x26,0x1a,0xef,0x86,0x43,0xab,0x16,0x34,0xf4,0x7c,0x94,0x14,0xa3,0x2e,0x18,0x3a,0x32,0x76,0x91,0xe6,0x58,0x43,0xdd,0x6c,0x05,0x50,0x72,0x07,},"\xe0\x28\x79\x48\xbb\x85\xa3\x98\xe6\xaf\xfa\x2d\x25\xfc\xff\x8b\xdb\x93\x26\xf5\xd1\x4f\xde\xb6\x05\x49\xf5\xfb\xf0\xc1\x81\x6f\x11\xcb\xdd\x4e\x90\xfe\xa0\x39\xdc\xa6\x0f\xaa\xd1\x69\x60\x03\xf9\x15\x15\xc9\xb2\x72\x88\x2c\x95\xc9\xa4\xab\x6e\x27\x77\xbd\x92\x7e\x7d\x84\x42\xae\xa6\xce\xa6\x19\xc9\xb1\x52\x55\xfe\xd6\x12\xb5\xcc\x31\x58\xfc\x70\x5b\xb7\xa5\x06\xf4\xaf\xec\xf4\xe3\x4e\xd5\x17\xb2\xc1\x2b\x83\x62\x61\x0e\x5e\xa2\x70\x48\x5c\xcc\xb3\xc9\xaa\x97\xec\xd6\xcb\x19\x63\x09\x00\xf0\x7d\x94\xcb\x29\x3c\xb6\xe0\x89\xa9\xa7\x7c\x01\x94\x07\x3a\x7f\x71\x77\xb0\x23\x0d\x25\x76\x3a\x2e\xf9\x8d\x47\x70\x4c\xb2\xc3\xaf\x4c\x3c\x1b\x49\x56\x31\xb4\xa5\xb2\x1b\x2e\x56\xbf\xf2\xed\xe0\x3e\xa4\xfe\x7c\xf8\x29\x17\x34\x7e\x3a\x9d\x4d\xbe\xef\x37\xd1\xcf\x17\x61\x5a\xda\xa0\xfd\x17\x05\x79\x69\x91\x7d\x47\x8d\x03\xcc\xd8\xf8\xb8\x8e\x5e\x5a\xca\xe6\x73\x2a\x81\x61\xdf\xb5\xf7\xd0\x21\x23\xc8\xd5\xa5\x65\xcf\x4d\xd9\x8d\xfc\x9a\xaf\x5a\x33\x50\x58\xa9\x41\xca\x43\x07\x3f\x26\x59\x61\x5a\x72\xfe\x78\xc1\x01\xc4\x1a\xed\x07\xf3\xbc\xf9\x80\xb0\xa5\xb3\xfb\xaf\xdb\xbe\xa9\x2f\xd8\x89\xcf\xd5\x3d\x40\x32\x78\xbc\x15\xa5\x9a\xa1\x40\xc2\xd7\x73\xb8\x88\x9b\x96\x3d\xce\xa3\x65\x36\x2e\x42\x6e\xf4\x60\x98\x45\xc9\xbc\xe9\xf8\xae\xb5\x91\xd1\xa4\x69\xb0\x72\xb4\x12\x09\xf5\xa8\xb6\xdc\x23\x95\xad\x90\x60\xeb\x2e\x37\x09\x78\xae\x33\x11\xd1\xcf\x0a\x8f\x20\x51\x42\xd4\x36\xba\xb6\xb9\x59\x43\xa9\x7c\x23\xe6\x1b\xd1\x4b\x2d\x95\x67\x2c\xb9\x32\x5e\x9a\xb1\xfc\x9e\xee\xaa\xcc\xd5\x8b\x9f\x4a\xc1\x55\x0b\xde\xc8\x44\x9b\x03\x60\x39\x49\x6c\x5f\x07\xa5\xed\x64\xd5\xd8\x51\x71\x69\x01\x44\xdb\x5c\x81\xc8\x1c\xbc\x4c\x16\x71\x8d\x52\xc4\xdf\xd1\x95\x8c\xa5\xc9\xc8\xba\x58\x2c\xd9\xd7\x06\xf2\x7a\x74\x74\x4c\x3a\x05\xbf\x1c\xcd\x51\xf1\x09\x20\x10\xd3\x6f\x15\x78\xb5\x78\xae\x0e\x9f\xfa\x47\x07\x90\x55\xef\x94\xfa\xbc\x9f\xf7\x2f\x73\x8b\xef\x68\x46\x1e\xb3\x40\x4c\xce\xe9\x53\xf5\xee\x86\x4c\x97\x4c\xe7\x0e\x90\x37\xe3\x38\x8f\xba\xf2\x88\x9e\x13\x66\xca\xa0\xf6\x51\xe2\x1b\x33\x9e\x3d\x56\xb9\xd9\x5a\xc3\x0b\x35\x92\xa9\x48\x91\x2c\x90\xbf\x54\x47\x3c\xeb\xc4\x67\xb0\x9a\x39\x43\xdc\xac\x48\x68\xac\xb5\xb3\x5e\xa6\x91\xef\xf4\xd8\xcc\x1c\xda\x0c\x6c\x0a\x9c\x16\x9a\x4e\xe1\x00\x41\xf3\x5f\x43\x3f\xb5\x3d\x26\x06\x7b\x29\x10\x56\xb1\xda\x69\xff\x46\xfb\xea\x1c\xa7\x21\x36\x59\xa9\x90\xd5\xd5\xdf\x14\x06\xb0\x93\xda\x2a\x33\xc8\xdf\x95\xab\x3c\xe8\x11\xaf\xb9\xc9\x8c\x5b\xfd\x7c\x4e\x98\x1b\x3e\xa9\x4e\xef\xd2\xe2\xfe\x95\x70\x7d\x89\xf3\x07\xfa\x76\x82\x8b\x5c\x67\x74\x95\x0a\xee\x80\x62\x67\x14\x25\x6e\x19\x7d\xc7\xda\x97\x21\x58\xc7\x68\xbb\xee\x7f\xbd\x16\x9e\xc1\x5b\x4b\xb7\xbe\x72\x97\x6d\xbe\xd3\xe5\x12\x76\x6e\xf2\x2e\xf3\xb8\x12\xbc\xac\x4a\xa3\x11\x5a\xfe\x83\xd3\x12\x84\xaf\x8e\xac\xea\x4e\xe4\x9a\xfd\x42\xd9\xc4\x4f\xff\x2d\x86\x1c\x08\x62\x9b\x55\xda\xe0\x0f\xf6\x74\xfb\x02\x8e\x73\x8b\x05\xdc\xb3\x8a\xea\xa6\x96\x3c\xc3\xfa\xaf\xc7\xb6\x92\x45\xa2\xa1\x22\xa9\x6d\xd2\xf0\x3a\x82\x4d\x72\xb0\xfe\x0d\xd7\x98\xdf\x5c\x4b\xb7\x5a\x87\x32\x4e\x76\x4a\x50\xa5\xff\x52\x54\x7a\xda\x8f\x8f\x88\xe6\xf3\x8a\xee\x49\xd5\x8d\xdb\x01\x26\x48\x85\x4c\xd5\x9d\x0e\xc9\x7b\xc3\xd5\x8d\x0a\xd4\x49\x1f\x08\x59\x07\x67\xce\xb1"},
+{{0xbf,0xc9,0x62,0x6c,0x91,0xf3,0x48,0xfd,0xaf,0x46,0x9d,0xef,0x23,0x02,0xe9,0xe3,0x8f,0x90,0x51,0xe7,0x34,0x9e,0x48,0xf8,0x50,0xcf,0x35,0x2a,0x83,0x31,0xa2,0x8b,},{0x4e,0x81,0x93,0x06,0x1c,0x9d,0x65,0xa8,0x2b,0xcb,0x25,0xda,0x08,0x9b,0x4a,0x80,0xba,0x41,0xb3,0xdd,0x2f,0x8e,0xd1,0xdc,0x81,0xe1,0xcf,0xd0,0x3c,0x84,0x91,0x15,},{0x66,0x02,0x42,0xc1,0xdc,0xf3,0x29,0x13,0x69,0xc6,0x5c,0x9d,0x7f,0x89,0x87,0x2e,0xab,0x48,0x22,0x00,0xe3,0x44,0xb2,0x96,0xe3,0x36,0xa0,0xa2,0xe6,0x31,0xfa,0x79,0x60,0x24,0xb6,0xe1,0x11,0x9c,0x27,0xd5,0x22,0x64,0xa4,0x98,0x15,0xdd,0x78,0x19,0x27,0xa7,0xdf,0x46,0x7e,0x88,0xb8,0x01,0xe6,0x84,0xfc,0x60,0x22,0x96,0x25,0x0e,},"\x2f\x11\xf4\x0b\x2a\x19\xf6\x40\xc0\x04\x4c\x7b\x13\x96\x80\xc3\xc3\xb6\x9f\x00\xff\x9f\x6a\x41\x86\xfd\x7d\xed\x56\x9c\x1d\x8c\x57\x20\xf1\x9d\xd3\x5c\x78\x16\xd0\x8a\x94\xc0\x82\x04\xe4\x76\x43\xe2\x64\xd4\x25\xe2\x1c\xef\xb8\x31\x29\xc9\x09\xa3\xd7\x8c\xaf\x72\xc4\x6b\xf1\xa7\x29\x76\x5e\xf4\xb8\xca\x80\x3f\xda\xf8\x05\x2f\xfc\x6c\xc4\xa6\xb5\x79\xa1\x60\xb7\x03\xb1\x53\x55\xc6\xfc\xd3\xb9\xa2\xec\xbc\x26\x7e\x60\xdd\x59\xf6\xa2\xb1\x94\x20\xe5\x57\x27\xa8\x0b\x0b\xb6\x41\x67\xc8\x3b\xa0\xc8\x05\xde\xed\x49\x1d\x93\xe7\x23\xf3\xb4\x32\x63\xd1\x74\x20\xb8\x5b\xe8\x6c\x16\x5c\x55\x27\x79\xdb\x96\x0e\x0a\xa9\xeb\x4d\x9f\x3a\x16\x4a\x5a\x21\xfa\xb3\xf5\x09\xa8\xf0\x19\x9a\x69\x43\xc4\xb2\x23\xcf\x9d\xac\xa7\xe1\x10\xe0\x56\xa8\x1d\x9c\xe0\xe0\xc0\x2a\xc2\x65\xee\xac\x05\xec\xd8\x44\x48\x46\x8a\x4d\x12\x2b\x87\xa3\xe0\x4c\x28\x37\xe4\x3d\x21\x27\x04\xfd\x41\xe7\xf3\xd1\x98\xa2\xe7\x6b\xec\xa0\xe7\x02\x9c\x43\x2a\x06\x54\xec\xd4\x4f\x98\x4c\x5d\xf0\x67\x41\x96\x4d\x83\x72\xc8\x6e\x16\x2a\x8c\x54\x18\x84\x9b\x41\xe5\x71\xfe\xb8\x3e\xb4\x2f\xbb\xcd\xdb\x8a\x08\x21\x43\x90\x9e\xaa\x50\x12\xb9\x79\x93\x1d\xc7\xe3\xcc\xcb\x44\xc7\x91\xe0\x4b\x80\x65\xee\x63\xf0\x56\x1d\xa1\xbb\xf3\x7b\xf6\x50\x34\x77\x87\x9c\xfb\xaf\x6d\x9d\x7d\x9a\x74\x75\x55\x3f\x53\x53\x5f\x84\x7a\x76\xdc\x3b\x2b\x7a\x3d\x1d\x47\x0b\xbe\x17\x12\x4a\x88\xe0\x3f\xe9\x94\xba\x10\xc2\x42\x21\xe3\x9e\x3d\x0f\xf5\x3c\x79\xe2\xfa\xaf\xa1\x90\x12\xd5\xef\x19\x2b\xc6\xd5\x26\x0b\x66\xf9\x97\xb6\x44\xcf\x48\xd9\x9f\x38\x99\xd7\xc4\x85\xe6\x84\xaa\x1e\x6e\x30\x85\x5c\xf7\x5c\x2d\x80\xc7\xa3\xee\x43\x54\xfe\x13\xc6\x76\x09\x1c\x86\x67\x37\x3d\x30\xe6\x0f\xf8\xe0\x9f\xed\xef\x17\x5a\x1a\x87\x39\x5f\xef\xa0\x72\x2b\xf6\xc0\x1c\x65\x55\xcf\xf0\x68\x89\x2a\xfe\x94\x86\xcb\x1f\xcc\x5f\xb6\x64\x1e\x82\xd8\x70\x79\xba\x5d\x7a\x9c\x13\x93\x55\xd6\xc1\x4c\x50\x7d\xbd\x59\x47\x24\xb5\x53\x51\x10\x09\x65\xbe\x9e\x5d\xbf\xa7\x70\x88\x78\xc4\xb2\x9f\x4d\x54\xc2\x17\x74\x6e\x32\x6a\xb2\xa5\x4f\x99\xb8\x81\xd7\xda\x5b\x11\xed\xb0\x8a\x6d\x79\xd8\x85\x69\x1b\x1f\x70\x85\x51\x73\x10\xb3\x09\xcf\x9b\x1b\x71\x4a\xab\xc5\xc1\x7a\x50\x9b\x14\x0b\x89\xb3\xf9\xdc\xee\x50\xca\xb4\x41\xbf\x5a\xd3\xbb\xc2\x99\x90\xf6\x27\x40\x61\x70\xa7\xa1\x0f\x2d\x47\xdf\xc9\x25\x61\x54\xf9\x62\x30\x8e\x76\x9a\x2a\xb1\xb2\xa0\x0e\x27\xe3\x27\xf0\xd1\xfa\x16\x4d\x1e\x38\xea\xd5\xce\xaa\xe2\x38\xba\x52\x6f\x54\xb8\x1b\x45\xde\xa6\xc8\x97\x41\x86\xb1\xb6\x72\x5f\xa4\xc8\x3e\x62\xf3\xe2\x54\xf7\x29\x87\x1b\xda\x4d\xc4\x44\xbc\xe7\x8f\x09\x03\xfa\x31\x8e\xaa\xc8\x22\xa9\x55\x32\xab\x01\x9e\x9c\xfc\x56\x19\xe2\xc2\x06\x7f\x25\x8f\x43\x75\xd2\xe0\x22\x2e\xa5\xbf\x96\xa2\x53\xa2\xa3\xfa\x9e\xea\x02\xc3\xee\xcc\xb0\x28\xc7\x6b\xc6\x0d\x38\x29\x8b\x95\xb9\xaf\xe6\x60\x31\xb1\xa2\xa2\x61\x52\xfd\xaa\x7e\xf4\xf8\x37\xab\xb5\x11\x85\xdf\x8b\x2e\xf8\x5a\xd2\xc9\xbe\x6d\xfb\xa7\x5e\x37\xdc\x7d\x12\xe1\x78\x7f\xc5\x5f\x86\x6f\xd0\x66\xf1\x22\x91\xdf\xf1\x97\x6a\xfc\x10\xda\x91\x31\x01\xe7\x04\x95\xd8\x78\x33\x48\xd6\x11\xb0\x11\xec\x67\x1c\x0d\xa7\x37\xbf\x96\x2c\xdc\xc9\xe4\xa8\x00\xb5\x13\x93\x5a\x56\xd0\x84\xea\x64\xa7\xd4\xe8\xe9\x9e\xe9\x44\x0a\x73\x61\x32\xe4\x2c\x90\x95\x03\xc2\x22\x4a\x14\x1b\x25\xce"},
+{{0x39,0x3b,0x76,0x94,0x82,0x37,0x5b,0x82,0x14,0x27,0xa6,0x6d,0x16,0xe4,0xf5,0x51,0x85,0xb7,0xa3,0xb7,0x33,0x8f,0x1a,0x06,0xf6,0x7c,0xdf,0xa7,0xe3,0x5c,0x54,0x1c,},{0x84,0xaf,0xd7,0x06,0x78,0xff,0xa8,0x5a,0x9f,0x65,0x74,0xcb,0xcf,0xe3,0xb1,0x5d,0x04,0xa9,0xfd,0x15,0x01,0x6f,0xf8,0x55,0x0a,0x98,0x7c,0x4b,0x95,0x1c,0x71,0x22,},{0x31,0xf9,0x8c,0x0a,0x08,0xfd,0xa8,0xe7,0x35,0xb5,0x73,0x66,0xaa,0x1b,0x83,0xb9,0x3d,0xae,0x63,0xb5,0x81,0x0c,0x82,0x1d,0x99,0xcb,0x39,0xdf,0x52,0x1f,0xea,0xc0,0x7f,0x3c,0x41,0x0b,0x27,0xba,0x33,0x07,0x75,0x7d,0x60,0x49,0xf2,0x24,0x54,0xfb,0x6d,0xe9,0xe2,0xc3,0xc2,0x43,0x8d,0x68,0x31,0x90,0x97,0xd1,0x12,0xcf,0xdb,0x07,},"\x8a\xe8\x05\x3e\x03\xbe\xbe\xae\x54\x40\x43\xb8\x41\x4b\x38\x53\x64\xad\xd1\x67\x37\x37\xcf\x8a\xb2\x01\x93\xd4\xaa\xbc\x8a\x78\xe1\xd6\x9b\x9c\x7e\x52\x72\x9e\x69\x30\x78\x06\xe9\x27\xce\x38\x07\xb0\x7c\x68\xc8\x33\xc4\xfc\xf1\x6d\xb1\x5e\x7d\xce\x60\x4d\x17\x98\x91\x5f\xd4\x21\x16\x89\xb4\x86\x46\x42\x50\x2d\x38\xe9\x1b\x19\x97\xb7\x18\x23\x31\x8b\x69\xab\xe5\xbe\xd6\xf5\xe3\x01\x5b\xfb\x22\xdf\x30\xdb\x37\x1f\x22\x60\xc5\xc2\x2e\xba\x60\xdf\x39\xb3\xed\xd3\xc4\xd7\xa1\xe1\x11\xcd\x9b\x8a\xa4\x6f\x67\xbd\x0c\xf3\xa7\x17\xaf\x06\xec\x0c\xe5\x67\x02\x8e\x06\xe4\x79\x79\x34\xad\x69\xb1\xf5\xbe\x44\x0f\xf3\x7a\x8a\x03\x4b\x15\x33\xfa\x94\x64\x24\xac\x59\x54\x00\xad\x27\xd3\xbe\x76\xdc\x89\xba\x9d\x6c\x49\x93\x9a\x09\xf2\xe4\x01\xc8\xf2\x0f\x7f\x7b\x4b\x9e\x63\xb9\xd5\x52\x01\x53\x4a\xb4\xcc\x7b\xe8\x85\xf0\x43\x2a\x2c\x66\x73\xd2\xe7\x65\x19\x4d\xff\xd9\xb6\x09\x6d\xd2\xb2\x84\x39\x18\x75\x09\x59\xa8\xdd\xe4\xa3\xab\x40\x7e\xb2\xf7\xe1\xa4\x9c\x25\x97\xe3\x08\x05\xf8\x48\x0d\xd0\xcc\x82\x72\xa3\x20\xc0\x0a\xa2\xb2\x10\xf5\x76\xe4\x25\x77\xd3\xaa\x41\x97\x03\x69\x7c\xa4\x06\xd4\x3a\x1a\x4f\x99\xb0\x73\x36\x64\xf6\xd6\xb2\x40\x3c\xba\x1b\xdc\xc5\x1f\x54\x1c\xf2\x42\x36\x07\x05\x70\x54\x07\x55\xc7\xa8\x63\x1f\xcc\x2f\x18\x93\x8f\xa1\x1b\xc2\x91\x15\x5b\x39\xd7\xa7\x62\xa1\xff\x4d\xca\x97\xb4\x48\xf7\x0e\x2d\x3d\xe4\x47\xcb\x08\xf9\x18\xea\x20\xcb\x43\x3f\xa1\x15\xe3\x08\x80\xc9\x6c\x8c\xf5\xf0\xeb\xbc\xf4\x82\x30\x9d\xb6\xdc\x1f\xb6\x4e\x17\xc0\x4d\x7c\xdf\x7a\x90\xf4\x01\x4d\x15\xae\x76\x96\xb4\x44\x23\xb0\xba\x08\x4e\xed\x4d\x3f\xb2\x8c\x1e\xfb\x39\x82\x8a\xca\x2f\x40\xca\x6d\xf3\x42\xc2\x0e\x95\xf8\x00\x6b\x27\x67\xa8\x3f\x50\xc3\x1f\xcc\x15\x81\xa0\x97\x53\xe7\x82\x91\xf0\xd9\x93\x1d\x99\x2a\xd3\x60\x44\x73\xce\xb8\x85\xec\xbe\x78\x57\xcc\x52\xad\x55\x85\x33\x4d\x14\x85\xd0\x22\xe1\x06\xb7\x1c\x29\xbd\xfc\xf2\x3e\xe8\xa4\x75\xdf\x2c\x09\x05\x32\x35\x6a\x6f\xfc\x02\x23\x23\x17\x98\x8a\x2c\xbc\xfb\xc2\xa3\x6b\x4b\x48\x3c\xb4\x45\x10\xe8\x55\x99\xb6\x12\x59\x6b\x62\x65\x72\xb0\x99\x6d\x8a\x61\xc0\xee\x3e\xff\xf1\xf7\xc7\x1c\x05\xfb\x5a\x8d\x8c\x5d\x09\xd9\x24\xeb\xaa\xc8\x80\x04\x51\xc9\xdb\x24\x56\x71\x0a\x27\x9d\xfe\x2d\x22\xf6\xae\xa9\xde\x31\x80\x1d\xc7\x42\x53\x43\x62\xb0\xe8\x10\xe9\x9e\x84\x1d\xbb\x7f\x0c\xf9\xaf\x1a\xef\x54\x2a\x52\xc7\x76\xcc\x51\xf2\x87\x36\x8f\xbe\x6a\xd6\x51\xfa\xd5\x78\x7e\xf7\x7c\x73\x53\x5f\x3d\xfb\x36\x18\xcc\x8f\x0d\xbb\x54\x9d\xdc\xa9\xb9\xbf\x91\x13\x5a\x34\x56\x00\x1a\x46\x21\x5a\xde\x38\x8e\x7c\xeb\x9f\xcd\xfd\x0d\x2d\x0a\x03\x56\xaf\xbe\x2c\xec\x1c\x2e\x78\xb4\xd9\x98\xd4\x55\x4f\x46\x21\xf1\x15\x1d\xd3\xff\xd3\xba\x4c\x0b\xc8\x52\xf3\x11\x75\x8c\x5d\xca\x42\x5d\x18\xba\x15\xa8\xd6\x7c\xa4\x01\xd0\xe6\xcf\x28\x0c\xb8\x83\x84\xa2\xda\xd4\x9f\xae\x39\xba\x2a\x77\xb4\x67\xb3\x23\x8a\xa2\x8c\xfd\x13\x7e\x5c\x5c\x0f\xf9\x00\x0f\x8b\x06\xa2\x19\x2e\x16\x29\x20\x69\x22\x65\xdb\x24\xab\x6a\xed\xe5\x35\xe3\x1c\x20\x93\xbe\x57\xeb\xf8\x80\x5d\xf1\x78\x89\x14\xf3\xa8\x84\xf8\x84\x17\x90\x15\x80\x8d\xb4\xd3\x02\x0f\x3e\x78\xbc\x34\x28\x5d\x23\x37\x62\xe8\x99\xeb\xff\x28\x42\x82\x15\xe2\x44\x40\x4d\xe2\x91\x72\x8f\xbf\x41\x24\xce\x5b\x24\x35\x26\x0a\x8e\x34\x11\x80\x07\x5a\x56\x51\xe6"},
+{{0x26,0xcb,0xc2,0x51,0x0e,0xe6,0xea,0x39,0x0a,0x2c,0xb9,0x48,0xa0,0x15,0xd1,0x31,0xab,0xf4,0xc0,0x95,0x49,0x15,0x62,0x0b,0x78,0x16,0xae,0xcf,0x4e,0x11,0xda,0x6d,},{0x14,0x5e,0x8d,0xd2,0x2b,0x44,0x00,0x28,0x9d,0xaf,0xb6,0x26,0xd9,0x5a,0x94,0xc2,0xf3,0xb6,0x9c,0x65,0x19,0x77,0x17,0xcb,0xdc,0xd8,0x50,0x98,0xc5,0x49,0x21,0x07,},{0x67,0x10,0xd0,0xdd,0x00,0x54,0x5b,0x44,0x4c,0xf7,0x14,0xb7,0x91,0x44,0xfe,0x79,0xf3,0x8c,0xb1,0xc0,0xf5,0xb7,0x42,0x48,0xd4,0xf0,0x1f,0xe3,0x60,0x11,0x7a,0x26,0xff,0xed,0x4a,0x3b,0xf2,0x13,0x23,0xb2,0x8a,0x39,0x3a,0xe9,0xde,0xe0,0x7d,0x69,0xe5,0x83,0xe3,0x16,0xc6,0xa5,0x73,0xd3,0x7c,0x64,0x4a,0x8d,0x62,0xc4,0x05,0x06,},"\x9c\xeb\xe2\x4b\x4f\x8a\xde\x86\x43\x0e\x27\x9a\x3c\x43\x3e\x4a\xe1\x7e\x00\x88\x52\xa2\x4f\x08\x69\x0c\xbc\x3d\x75\xe3\xb7\xf2\x00\xda\x89\x7c\x25\xf7\x48\x3b\x37\x63\x7d\x4b\xc1\x10\x08\xd9\x22\x4c\xd5\x81\xfb\xc0\x38\xad\xad\xa0\x2d\x27\x1e\xd2\xa5\xd2\x85\xd8\x43\xa0\xf8\xb7\x9e\x37\x94\x5d\xc3\x5b\xc2\x64\xbe\xcd\x80\x43\x07\xe1\xd4\x42\x18\xa6\x43\xe4\xb5\x9a\x93\x11\xde\x98\x5d\x24\xb4\xc2\x6f\xb1\x46\x03\xbe\x5d\xba\x18\x39\xee\x0c\x8d\x2e\xde\x6c\xb5\x0a\xf6\x7c\x80\x45\x19\x03\x7b\x1b\x16\x63\x31\x8c\xfc\x6e\x75\xd0\xf0\x51\xdb\xb5\xd3\xea\xf3\xaa\xd1\xf7\x8e\xf0\xcf\xf4\x8d\x5c\x55\xb2\xfd\x25\xdb\x15\x39\xd0\xf0\x2d\xae\x9f\x25\x14\x8a\x8d\x33\x8b\x97\x87\x9b\xbd\x39\xdf\x96\x1a\xa2\xc3\x96\x31\x5a\x2a\x86\xcc\x78\x35\x81\xe6\x7e\xa8\x44\xac\xfe\x86\x45\x42\x8a\x27\xb8\xd3\x2e\xa3\x06\x4e\x3b\xf6\x2d\xcf\x58\x01\x0e\xc4\x34\x88\x62\xfa\xc2\x5e\x3d\x9f\xcd\x4e\x5d\x65\xbe\x59\x90\x5d\x81\x6d\xfb\x96\x49\x92\xba\x7a\xce\xef\x8c\x20\x75\xa3\x12\xe5\xff\xc4\xf9\x53\x0e\xa2\x0f\x77\xf9\x3e\x81\xcf\x8a\x01\x9d\xc3\x94\x56\x34\x36\x4b\xab\xf7\x97\x72\x04\x5a\x0d\xba\xa7\x7c\x47\xa2\x2b\x77\x22\x3b\x70\x4d\xeb\xd2\xd0\x03\xf6\xa5\xc7\xbf\x6b\x19\xcd\x2c\x49\xb6\x14\xfd\x4d\x47\xfd\x25\x1f\xe6\x22\xcb\x98\x17\x85\xc1\x46\xbd\xb7\xc1\xd2\xea\x02\xb1\x16\x92\x3b\xf9\x8a\x1a\xfb\xb7\x85\x8a\xdf\x2d\xf9\x38\xa7\x90\xec\x1f\x90\x74\xad\xb8\xd1\xaf\xb5\x63\x3f\xa9\x61\xa8\x47\x64\x01\x0d\x3b\xde\xd1\xc0\x33\xd2\x5a\xbd\xb4\xb0\x0f\xb0\x5e\xd7\x64\x0f\xae\x61\x87\x9d\xf8\x8f\x0b\x09\xe3\xab\xd0\x57\xb9\xa5\x21\x08\xa9\xbc\x98\x5f\xb7\x3a\x5f\x29\xd8\x4d\x1c\xa6\x92\x1b\x62\xf1\xb7\x03\xc7\xee\xb4\x81\x5d\x9d\xd6\xd0\x66\x73\x8d\xb1\x18\xba\xf6\x1b\x04\x22\xf3\x88\xf1\xbf\xc9\xe3\xa9\xbe\xd8\x3a\x1a\x72\x7d\xcc\x26\x6a\x99\x88\x36\x48\x46\x80\x7f\x4d\x55\x18\xbc\x2e\xdd\x0e\xcb\x34\x13\xc2\x6f\xd0\xc7\x9b\x75\xd8\xcb\x5b\xcd\x85\xc0\x6f\xcc\xea\x4d\x03\xfb\x89\x88\xdf\xf3\xed\x0c\xc9\xdb\xae\x78\xd6\xae\x8d\x5f\xc4\x02\x46\x17\xa2\x3f\x52\xbd\x61\x53\x85\xd4\xee\xe0\x8f\x91\x34\xeb\x3b\x25\x0c\x8f\x82\x2b\x47\xd9\x1e\x8c\x4d\x4c\x29\x29\x80\x16\xe6\xfc\x81\xf1\xf1\x09\x92\x53\xd7\x94\x5e\x07\x98\x95\x5d\xa0\xdd\xe1\x4e\xbb\x93\x4e\xcf\xae\xea\xba\xe8\x78\x83\xe1\xcc\x39\x80\x67\x40\x0f\xe4\x62\xa2\xc4\xe9\xf2\x32\xdb\x5c\xdd\x61\xeb\xa9\x49\x18\x8c\xf0\x1b\x23\x8b\xe7\xad\xa9\x38\xf0\x02\xdc\x3a\xe3\x1f\xdf\xd4\x25\xc8\xd4\x6e\xa0\x32\x32\x3a\xaf\x20\xdd\x3d\xe2\x50\x7d\x36\xbb\x45\xfb\xb9\x1c\x40\x96\x9a\x9e\x5d\xa2\x0f\x7f\x93\x6b\x0f\x4b\x13\x7b\x62\xfe\x2b\xa3\xa6\x67\xbc\x03\x62\xd9\x3f\xc5\x0d\x3f\x22\x95\xe1\x67\xfc\xba\xb0\xfb\x3a\x39\xb7\xcb\x02\x4b\x57\x8f\x94\x90\xf7\x34\xb2\x8c\x9c\xcf\x71\x92\xf1\x83\x94\x7d\x5a\x51\x3e\xfa\x49\x16\xe4\xd8\x2b\x2a\xb4\xba\x7e\xc2\xff\xba\x21\x3c\xe8\x2a\xd6\xed\x3b\x10\xe4\x85\x53\xe7\x33\xc9\x40\xaa\x9b\x9c\xe7\x13\x37\xc6\xc2\x80\x5d\xfb\x8d\xd6\x61\x8b\x6d\x40\x90\xa3\xd6\xcc\x96\x3e\xce\xa2\x6d\x1c\xdc\x2b\xf5\xac\x99\x9c\x11\x27\x61\x68\xa9\x31\xd8\x16\x46\x9d\x79\x08\x3c\x24\x08\x1a\x50\xdc\xbd\x22\x27\x52\x38\x52\x67\xce\x1b\xfc\x1d\xb7\x6b\x15\x54\xad\x57\xe3\x47\x52\xb7\xf8\x98\x31\x47\xc1\x16\xd4\xa3\xfa\xe6\xf6\xd5\x7e\x65\x4f\xed\xd7\x37\x8d\x2b\x49\x89\xea"},
+{{0xb1,0xf5,0x9e,0x3c,0x23,0x80,0xd7,0xaa,0x41,0x4d,0x0b,0xf9,0x08,0x93,0xa3,0x8d,0xdd,0xfc,0x29,0x38,0x59,0x30,0x3d,0x16,0xf0,0x0d,0x9e,0xae,0x6c,0xb3,0x45,0x0e,},{0x84,0xe3,0xf5,0xf7,0x2f,0x19,0x09,0x5b,0x0f,0x53,0x38,0x48,0xa5,0xa9,0x1d,0x0f,0x07,0x43,0xb8,0xe3,0xa3,0xe2,0xf5,0x2f,0xcb,0xd7,0xeb,0xe7,0xc5,0xb5,0xa9,0x98,},{0x60,0xaf,0xc1,0xe9,0x91,0xfd,0xd2,0x7c,0xc4,0x72,0xb9,0xac,0xc9,0xd4,0x05,0xb4,0xd2,0xb9,0x13,0x08,0x92,0x90,0xb3,0x11,0xc4,0xfa,0x89,0x1a,0xe2,0xee,0xa0,0x56,0x71,0xfd,0xe7,0xa0,0xef,0x86,0x55,0x7b,0xd8,0x67,0xd1,0xc0,0xb7,0x47,0xca,0xf3,0x52,0x29,0xd6,0xef,0x52,0x8f,0xe3,0xe0,0xd0,0xbc,0xf6,0x30,0x38,0x0e,0xa9,0x0e,},"\xc6\x17\x4c\x9a\xd3\x68\x5d\xd6\x48\x63\x60\x17\x83\x7b\x8d\x99\x22\x00\x31\x9e\x9a\x5a\x0d\x26\xd9\x4d\x2d\xa7\x5e\x2c\x3a\xff\x46\xf4\x2d\x7b\x3a\xba\x47\x2b\x7f\x86\x0b\x0f\xe1\xf6\x95\x52\x97\x31\xfd\xc8\xcf\x0d\xa7\x05\xd1\xd0\x9a\xca\xd0\x4f\x01\x08\x37\xec\xef\x41\x9d\x57\xe9\xea\x6c\xac\xf1\x68\xc5\x21\x56\x96\xf4\x71\xf3\xca\xa8\x97\x60\x7c\x62\x9d\x44\x3d\xe0\x99\xd3\x17\x53\xc2\x46\x77\xd8\xd7\x5f\x4b\xf1\x72\x46\x81\x8b\x58\xad\xc0\x42\x4b\x76\x2a\x19\x1e\xf3\x9a\x70\x76\xa5\xad\x12\x61\x4c\xf5\x4c\x47\xeb\x09\x08\xbb\x86\x65\x18\xc5\xfa\xc1\xca\x2d\x2e\x5b\x65\x75\x20\xa2\xb3\x69\x5c\x6f\xb3\x60\xf1\x6f\x4a\xb3\x57\x99\x8e\x4c\x0e\x97\x23\x1d\x6f\x89\xc9\x68\xdc\x29\xec\xc1\xaa\x91\xfa\x0d\x75\x43\xb5\xd2\x24\x7b\x0d\x85\xe4\x87\x43\xab\x7c\xc8\x15\xcf\xda\xa8\x2b\xf6\x8c\xa6\xd3\xe2\x25\x0b\xfd\xa2\x70\x24\xd6\x1b\x47\x4c\x6b\x81\x54\xac\x8d\x1b\x5a\x36\x20\x97\x82\x51\x5c\x16\x46\x68\x0d\x37\x06\x9b\x8b\x44\x12\xf9\x51\xb0\x25\xa4\xd5\x43\x62\x5d\xd0\x22\x90\xbf\x03\xc6\x73\x46\x13\xf9\x9b\x7a\x4c\x3a\xf5\xc5\xf9\xe9\xac\x34\x74\x46\x5e\x64\x84\x23\x01\x8d\x40\xa6\xad\xbe\x88\xa3\x30\x1d\x3d\x25\x9b\x04\xee\x44\xcc\x05\x62\xee\x0d\xed\x4f\x5e\x26\xad\x97\x7a\xb5\x63\x1f\x85\x76\x8d\xbc\xe5\x3f\x61\x6c\x02\x9a\x8b\x8f\x93\x3e\x2a\x92\x64\xb1\xc8\x1f\x51\x7e\x9f\xf5\x8a\xb9\xf4\x5a\x23\xee\xed\x42\x04\x35\x8f\x8f\xff\x0c\x8f\x97\x5e\xf1\xdf\xa5\x77\x6a\x5f\x77\x93\xba\xe2\xf2\x81\xd7\xb0\xcb\xef\x24\x0b\x3f\xc6\xbe\x05\x88\x21\xea\x2b\x80\x0f\xff\xe5\x5a\x7d\xe0\xaf\xc9\x3e\xde\x9c\x60\xc8\xde\x00\x5a\xbb\x9a\x2c\x88\xf4\xe6\x1e\x8d\xeb\x31\x70\xf1\x07\x8a\x36\xe2\xd8\xf2\xa5\x82\x39\xbd\xee\x49\x6e\x90\xd1\x37\xd2\x11\x0f\x0a\xd8\x57\xa8\x8b\x35\x27\x66\x4f\x78\x19\x39\xe0\xb2\xf7\x66\x34\xff\x9f\x6c\x57\xe1\xc4\x3f\x58\x24\x31\x71\xcd\x86\x2e\xf4\x28\x45\x76\x17\x2a\xf1\xf6\xc3\xbd\x37\xd5\xd7\x4b\x28\xa7\xa9\x86\x98\xbd\x74\xe5\x7b\xbc\x14\x2e\x67\xf7\x03\xf9\xd6\x2c\xde\x76\x1a\x02\x26\x8f\xec\xb3\x43\xfc\x01\x41\x88\x36\x41\x4f\x12\x22\xca\x24\xbc\xdd\x69\xd0\x05\x90\x1d\xa2\xa0\xf9\x44\x65\xe4\xd4\xba\x68\x89\x88\x16\xbf\x7e\x3e\x4b\xb7\x9c\x8c\xa5\x99\x7f\xba\x9a\x8d\xf8\x4f\xaa\x2d\x24\xb0\x44\xc4\xea\x61\x02\x9a\x46\xcb\xa7\x03\x42\x1e\x36\x1d\xfa\x52\xca\xaf\xf3\xbb\xaa\xb7\xfd\x75\x3f\x28\x56\xd7\xc0\x83\xae\xb9\x76\x8d\xa1\x1d\x82\x1e\x2d\x30\x9f\x7a\x73\x5c\x39\x96\x92\xda\xc2\xf2\x62\x84\x6b\x89\x1b\xf6\x46\x1a\xf2\x3c\x8c\x7c\xe1\xd4\xd9\x03\x2c\x3c\x14\x0f\x73\x9e\x55\x84\xc3\x6f\x05\xea\xf4\x34\x9f\xf4\x54\x5f\x28\x3a\x4e\x0f\xea\x49\x43\x0a\x1b\x18\x0d\x08\x71\xe3\x74\x2b\x88\xcc\xb5\x91\x12\x4f\xc4\x27\xed\x67\x3b\x5f\x27\xb0\xb0\xa6\xf5\x4a\xf2\x2b\xa4\xa6\xd1\xc6\xc1\xdb\x2a\x1f\xca\xa6\xd8\xa0\x30\x8b\x77\xef\x2d\x0c\x61\xbb\xf5\x1b\x95\xf1\xe8\xb6\xab\xc5\x04\x1d\x97\xb6\xb6\xf1\xb5\x69\xb3\xf6\x3c\xec\x05\xcb\x56\x7a\xae\xa1\x06\x72\x70\x96\xee\x8a\x9e\xa8\x7b\x88\x04\x90\x1f\x7e\x88\xa7\x40\x9c\x66\xf1\x52\xde\x9d\xbf\xcb\xe3\x19\x52\xe6\xfd\x83\xb2\x87\x7a\x77\x5f\xae\x42\x5b\x38\x51\xe0\xef\xf8\x79\x2f\xfb\x38\x48\xf8\x4a\x65\xcc\x31\x72\x53\xb2\x72\x47\x5e\x71\x7e\x49\xe9\xc6\xff\x6b\x78\x59\xd1\x1b\xba\x7c\x44\x28\xc8\x2d\x17\x89\xe0\xdc\xa5\xbc\xad\xca\x2f\xdb\x25\x9e\x98"},
+{{0xdb,0x46,0x1b,0x9f,0x70,0x7e,0xb2,0xcd,0x77,0x48,0xc4,0x4c,0x99,0x56,0x2f,0x13,0x02,0x39,0x74,0x89,0x35,0x3d,0xf5,0xf3,0x03,0x79,0x7f,0xe0,0xd0,0xb5,0x8d,0xe1,},{0x63,0x51,0x16,0xda,0x8b,0xa5,0xa3,0x6a,0x37,0x77,0x28,0xe2,0x86,0x18,0xe7,0x5c,0x55,0x92,0xae,0xcc,0x18,0xe3,0x40,0x11,0xc4,0xc4,0x25,0x91,0x97,0x0b,0x73,0x66,},{0xdd,0x04,0x9c,0xa7,0x9b,0xeb,0x9e,0xac,0x32,0x5a,0xcf,0x44,0x67,0x2f,0xf5,0x78,0xa9,0x68,0x50,0x2f,0xe1,0xbc,0xf5,0xea,0x19,0xd5,0x2c,0x0f,0x67,0x78,0xc7,0xf1,0xc7,0xbb,0xf7,0x42,0x74,0x79,0x07,0x78,0x6e,0x60,0x81,0x23,0x91,0x1a,0x92,0x07,0x78,0xd2,0xf9,0x59,0x6f,0xe2,0x9b,0xe7,0xcc,0x28,0xfd,0x00,0x9d,0x7c,0x44,0x0e,},"\x1a\x2a\xc8\xc1\xb9\xea\x09\x9b\x83\x1a\x68\x12\xd2\xb4\x26\x13\x09\x05\x8e\xa5\x88\x3d\x70\xb1\xc6\x07\xb9\xcd\x3f\xdf\xdb\x86\xe7\x99\x02\xb0\xfe\x89\xe8\x0e\xa7\xc4\x78\x20\x76\x74\xb2\xd8\x03\xb0\xb9\xca\x14\x7f\xfe\x62\xe5\x94\xf5\x06\xc7\x96\xd6\x89\x97\xce\x48\x2b\x51\xa4\x6e\x49\xb4\xa5\xd8\x58\xcd\xea\xe2\xc6\xec\x9b\x69\x41\x98\xe6\x82\x2f\x0e\x33\xed\x57\xbe\xdb\x03\x35\xc7\x89\x0a\x72\xa7\xee\x3c\x23\x82\x3b\xe7\x9b\x7f\x94\x71\xe0\x33\xc7\x9a\xee\xd5\x2e\x57\x60\xfb\x0c\xcb\xb9\xd3\x8f\xde\xd8\xb4\x73\x83\xc1\x91\x03\xce\x44\x70\x58\x34\xc5\x9d\xdd\x86\xf7\x03\x39\x48\x61\x2d\x66\x62\xf5\x16\xce\x4e\x39\x9f\xf2\x03\x63\xcc\x72\x81\xa6\x9b\x2d\x5c\x30\x7b\x10\xb7\x04\x15\x01\x84\xec\xe3\x2f\x39\x0d\x77\x2c\xcf\xa7\x84\x83\xbb\x77\xa9\xfb\xa8\x44\x25\x36\x69\x84\x17\x1c\xc2\xbb\x60\xb0\xec\x6c\x62\x8d\x4e\x90\x30\x74\x6d\xac\x1c\xab\xca\x60\xf0\x56\x83\x81\x33\x46\xa1\xa5\xbc\x14\x72\x75\x49\x79\x5c\x1c\x92\x68\x69\xe1\xaa\x25\x09\x3d\x59\x1b\x43\xe0\x86\xe4\x3a\x04\xd1\x70\xd9\x42\xc4\x16\x5e\x1c\x5c\xe7\x6c\x3e\x64\x97\x3d\x91\x36\xf9\x32\x5b\xee\x82\x16\x82\xf1\x04\x3e\x95\x1b\x02\x76\x7f\x3f\xb4\x58\xd0\x24\x49\xad\xd3\xe8\xa6\x6e\x51\x6f\xdb\x1e\xd5\x80\xe0\x56\xe0\xf7\x8e\xe3\x3f\xd9\xee\x32\x80\x91\x2f\xae\x07\xfe\x1e\xa0\x25\x27\xcd\x00\x1d\x6f\x6f\x2f\x89\xee\x64\x9f\x51\x74\x14\xd5\x6f\x57\x35\x9a\x84\x68\x91\xf0\x22\x2c\x32\x1d\x7e\x70\x81\x79\x95\xa8\xcd\x8e\x94\x76\x0b\x6e\x74\x83\x2b\xab\x68\xd5\x5b\xc4\x64\x18\x84\x22\x1f\xd2\x9f\x12\x2d\x87\xa9\xa8\x68\xb6\xa6\x06\x0c\x87\xb2\x38\x2c\xf7\xbb\xdd\xa4\xcd\x6a\xaa\x1b\xbc\x8e\x6d\x63\x4a\xb5\x80\xc8\x65\xf5\xad\xd6\xa1\xd5\x4e\x61\xa6\x07\xdc\x2c\x37\xb0\x8a\x8c\xba\x6e\x61\x0c\x12\xcf\xeb\xef\x9c\x98\x9e\xef\x3b\x78\x2a\xcb\xd1\xbc\xec\x5f\x04\xe8\x35\xca\x10\x12\x98\xb5\xe9\xbd\xd8\x81\x3a\x71\xb0\xd4\x69\xfc\xf1\x27\x27\xd3\xde\x1c\x3f\x97\xdd\xbc\x6a\xb2\x65\x84\x40\xdd\x64\x21\x01\x9b\xc6\x8f\x35\x6d\x6f\x25\x53\x68\x65\x85\x1d\x92\xd9\x0f\xe9\x96\x9c\x3b\x7c\x35\xa2\xe8\x8c\xe1\x53\x47\x6e\xc3\x97\x3a\xf9\x35\x9f\x16\x77\xa4\xca\xf1\xcc\x48\x1c\x71\xbd\x90\x22\x8f\xf5\xfc\x6d\xd8\x3b\x8a\x69\x9f\xfe\x51\x49\x29\xf5\xc9\x5c\xb4\xf0\x4b\x00\xdd\x18\xa2\x87\x2c\x41\x86\x8d\x3b\xeb\x76\x49\x8d\xdc\x92\x34\xb6\x3f\x59\x9d\x70\x71\x80\x1d\xb2\xc2\x87\x8f\x7b\xef\x4f\xfd\xdd\x81\x32\x26\xf0\x6d\xb8\x4e\xb3\x02\x17\xa7\x18\x30\x82\xe3\xc1\x24\x2b\xb6\xd0\x1c\xd3\xa6\xce\x27\xbf\xf1\x6b\xfb\xfd\xd7\x5b\x7e\x51\x04\x31\x2c\x49\xc4\x3a\xad\xfc\xd5\xb4\xed\xba\x0f\xf5\x0d\x28\x90\xca\x3c\xd9\xcc\xa3\x3e\x4f\xc6\x94\xc0\x57\xc4\x7e\xbe\x1c\x20\xa4\xad\x11\x5f\x98\x5d\xc7\x44\x2c\x6f\x6d\xa7\xbe\x53\x0b\x69\x02\x28\x9c\xab\x9c\xa1\x39\xc6\xb2\x4c\xb8\x0f\xfd\xd7\x82\x32\x4e\x60\x2c\x45\x91\x0d\xb6\x3d\x8b\x5c\x44\xca\x29\xd2\x7f\x56\xdb\xf0\x01\x86\xba\x58\x3c\x34\xe1\x60\x31\xdf\x35\x75\x46\xb3\xab\x9a\x3d\xd6\x5e\x91\xd7\x12\x8c\x93\x91\x95\xe6\x46\xa0\xf0\xb8\x9b\xf5\xdf\x04\xba\x23\x3d\x6a\x12\xa2\x71\xf7\xe0\x4a\xa4\x5c\xda\x99\xb4\xa5\x5a\x21\xcb\xbb\x73\x85\x15\xe3\x2c\x56\xaa\xc2\x49\x62\x32\xb1\x00\x8a\x67\x61\xc8\x04\x5a\x1f\xe0\xf9\xa3\x64\x40\x47\xb5\x96\x6a\x58\xa6\x00\x46\x6c\x1b\x1d\x11\xdd\xad\x5a\xa5\x73\xc4\x3e\xbd\xa8\x87\xe1\x6a\x05"},
+{{0xf5,0xc0,0xa7,0xf8,0xf6,0x58,0x4c,0x5d,0x2f,0x2e,0x1d,0x08,0x10,0xe8,0xe8,0x61,0x03,0xe4,0xe2,0xd4,0x5c,0xf9,0xa7,0x21,0xd8,0xc4,0x7f,0x67,0x49,0x33,0x96,0xa4,},{0x3c,0x6d,0x6c,0xce,0x49,0x63,0x31,0x41,0x07,0x86,0x96,0x13,0x1a,0x8d,0x84,0xed,0x82,0x3f,0x30,0x66,0x4b,0x28,0x9a,0xf9,0xdd,0x30,0xc6,0x40,0x7f,0x6f,0x03,0x13,},{0xd4,0xc3,0x0a,0x48,0xc4,0x52,0x3b,0x1f,0x84,0xb1,0x4b,0x65,0x7a,0xf8,0xf8,0x59,0x75,0x5b,0xba,0x63,0x59,0x98,0x8b,0x67,0x5c,0x6d,0x85,0xdd,0xf3,0x54,0x62,0x82,0x0d,0xa4,0x76,0xd8,0x4f,0x6c,0x40,0x2e,0x65,0xb0,0x20,0xd9,0xe8,0xa2,0xc2,0x85,0xc1,0x67,0x08,0xae,0x58,0xd1,0xf8,0xdb,0xc6,0x57,0x82,0xa8,0x98,0xa6,0x65,0x08,},"\xd6\x8a\xbc\x60\x9a\x7a\x0c\xe2\x56\x69\x9e\xb1\x70\x43\xde\xfe\x1e\xb8\x22\xc9\x70\x8f\x65\x71\x8a\x06\x58\x1f\xab\x21\x10\xec\x2d\xb0\x92\x13\xbb\x9e\x0f\x36\x12\xce\x4a\x3f\x8f\xdb\xe7\x57\xa9\xf0\xeb\x2c\x3e\xba\x43\x8a\x90\x88\xb1\x8f\x6c\x5c\xaa\xbb\xe5\xc8\x2f\x7a\x9a\xb2\xfe\xcf\x0f\x58\x59\xd1\x75\xe1\x39\x26\x30\x33\x74\x24\x58\xf8\x2a\x6f\x38\x75\x6c\xd5\xbc\xdf\x9e\x07\x36\xdb\x2c\xab\x20\xa0\xcd\x3f\x0f\x1c\xdb\xea\x85\x56\xd8\x49\x09\x35\x8d\xd8\xf6\x9f\x0d\xac\xd4\x9a\xbf\x8a\xc1\xbf\xe7\x59\x40\xd6\x93\x9e\x6a\x55\x38\x5b\x5a\xce\x7c\xe1\xfd\xe1\x20\x67\x9a\xb6\xea\x7a\x89\xd1\x42\x68\xd2\x9f\xfb\x46\xdf\x10\x5b\xf3\x90\x92\x42\xc6\x60\x5f\x3e\x3e\x2a\xb7\x44\x89\x37\xd6\xdb\x2b\xa0\x54\xc7\xb1\x4f\x43\x2d\xb4\x1d\xc1\x8a\x5b\x95\x73\x36\xb7\xf5\x2d\x97\x8e\xc0\x3e\x7d\x57\x64\xe9\xbd\x2f\x4b\x68\x95\x8d\x93\x7b\xf2\x98\x23\xb2\x7e\xfb\x31\xe2\x5b\x43\x92\x5c\x4d\xac\xbe\x67\x18\xa6\x0f\xea\x3b\x32\x70\xe7\xb7\x6b\x0d\xe0\xe7\x0f\x7f\xa3\xc1\x2c\x21\x5e\xf7\x2b\x95\xdc\x1b\x52\x76\x23\x81\x79\xdf\xc5\x2f\xc4\x88\x59\x64\x9f\xa5\x82\xd0\x5a\x60\xdf\x68\x59\x9a\x1c\xee\xa6\x4f\x64\x12\xd3\xf8\x49\x8a\xe2\xce\xdb\x12\x42\x45\x88\x3a\x24\x0b\xc0\x85\x1f\x0e\x32\x49\x65\xbe\x12\x04\x86\xe1\xea\x89\xa0\x18\x2d\xfa\x8e\xab\xd3\xb8\xfa\x66\xa9\x9c\x51\x49\x13\x89\xf3\xc8\x3a\x3c\xdb\x42\x67\xf3\xe4\xdb\xc9\x8f\x0c\x44\x85\x6b\x04\x4d\xc8\x8d\x90\xee\xee\x84\x15\xbf\x73\xde\x17\x1a\xfe\x84\xbe\x90\x35\xe0\xdc\x4c\x80\xcf\x04\x22\x46\x9f\xe0\xc9\xbd\x1c\x6a\xa6\x54\xa5\x9b\x5e\x34\xee\xd3\x51\xcd\xa2\x87\x12\x69\xac\x47\x8e\x8d\x38\x2e\x74\x0e\x9a\xc7\xab\x4d\xdc\x4c\x0d\xef\x0a\xea\xb7\x97\xb6\xf1\xa4\x27\xb8\xe4\xa8\x49\x7a\x0b\x97\x97\xda\xdc\xd3\x5c\x41\x4f\xd5\x5b\x78\x31\x30\xf6\xcd\xed\x38\xa4\x4c\x1a\x89\x28\x83\x07\xeb\x84\x25\x48\x41\x37\xa8\xae\xdb\x03\x0d\x54\xb6\x16\xa8\x2e\x3c\x5a\xcf\xfb\x08\xd6\xcc\x1a\x61\x74\x5c\x29\xaf\xc6\x8a\x0c\x18\x38\xb1\x39\x15\x9c\x5f\xa6\x67\x4d\x66\xb9\xe3\x38\x11\x5a\xad\x4b\x1b\x47\x10\xaa\x5d\x95\x17\xbc\xf7\xe1\xcb\x12\xd4\xe6\xa5\x1c\x11\x78\x9f\xdc\xae\x9d\x9b\xbe\x78\xf6\x9a\x33\xe5\x2d\xf1\x83\x3c\x87\x6b\x02\x68\x7a\x40\x4f\xac\xad\x32\x84\x1c\xb2\xd5\x25\x54\xe7\xb8\xe2\x20\x9e\x3f\x88\xfd\x94\x8c\x1e\xcf\x83\x95\x7c\x96\xf4\x3b\x03\x4b\xed\xa6\xc4\x76\x09\x6b\xcb\x09\x30\x1a\xd6\x1f\x83\x67\xcc\x43\xe1\x56\x13\x18\x62\xb4\x2e\xce\x28\x5b\xec\x2d\xcc\x2d\x02\xd0\x94\xd0\x42\xa1\x60\x72\xeb\x22\xab\x98\x88\x01\x3b\xe8\x23\x71\x56\x94\x00\xec\x1f\x8e\xc7\xe7\x91\x08\xc4\x1b\x85\x33\x65\x26\x8f\xa4\xcf\xbc\x62\xc4\xac\x12\xcc\x98\xd2\xec\x38\xa8\x7d\x60\x85\x85\x95\x67\xc0\xf2\x7d\x6d\x43\x1a\x04\x6e\x88\xa9\x81\x55\x58\x66\x07\x05\xfd\x05\xeb\x06\xc6\xc0\x5e\x5b\x7d\x62\x34\x7c\xee\xe2\x7d\xff\xed\x71\x41\x54\x0d\x60\x8c\xb9\x75\x07\x5a\x96\x44\xac\xc6\x32\x84\x39\xf9\xfa\x68\x2b\x22\x6b\x18\x61\x54\x54\x90\x11\xc3\xb0\xf0\xff\x4f\x74\xca\xa7\x1c\x19\x44\xe4\xcb\x83\x6c\xe8\x51\xd9\xb5\xd9\xe7\x27\xc5\x53\xe3\xc7\x23\xcf\x98\xc2\x73\xe5\x67\x5c\xab\x89\x9b\xb6\x6f\x46\x33\xa7\x6d\xea\x35\x73\x41\xf9\x83\xc5\x3d\x91\x58\xad\x31\x9a\xda\x75\x40\x8b\x41\xc0\x6f\x26\xb7\x43\x5b\x80\xdc\x3b\xc0\xaa\xf2\x2a\x83\x3d\xde\xdc\xd6\x78\x5c\x87\xd1\x96\xb0\xaf\x2c\x9a\x43\xd1"},
+{{0x1a,0xb9,0x46,0xc0,0xc1,0xae,0xbf,0x9c,0xa3,0x7c,0x2f,0x4e,0x2a,0x4b,0x33,0x7d,0x5b,0x1e,0xbc,0xcd,0x24,0x73,0x4c,0x9c,0xb2,0xa1,0x60,0x8c,0x88,0x1e,0x57,0x57,},{0x9a,0xfc,0x63,0xdf,0xce,0x0d,0x48,0x9b,0x40,0x90,0x7a,0xee,0xd6,0xdf,0xfe,0x4c,0xd8,0xef,0x5a,0x6f,0xfa,0x22,0x98,0x95,0x56,0x44,0x5c,0xbf,0x9b,0x35,0x19,0xc2,},{0xbf,0xab,0xde,0xa4,0x18,0x10,0xa5,0x3f,0x8e,0x52,0x7a,0xcd,0x66,0xec,0x10,0x6c,0xe2,0xae,0x1a,0x67,0xff,0x6a,0x9b,0x52,0x2e,0x0f,0x08,0xfb,0xbf,0x12,0x52,0x68,0x2c,0xb3,0xa1,0xdc,0xc8,0x75,0x60,0x19,0x44,0xcb,0x88,0x00,0x0f,0x72,0xe1,0x39,0x07,0x00,0x79,0x03,0xa7,0x7c,0xd0,0xdb,0x03,0x16,0xd4,0x19,0xac,0x38,0xc2,0x04,},"\x9b\xb0\x71\xb6\x2c\x04\x06\x4b\x0c\x96\xe2\x43\xdd\x19\x8c\x39\x71\x7b\x25\xc9\x94\x48\xc2\xc0\x02\xb8\x4a\x99\x20\x4c\x5a\x6e\x23\xb4\xb9\x12\x02\x86\x75\xbf\xdc\x4d\xf9\x3c\x5b\x2f\xb8\x08\x81\xa2\x3e\x0d\x44\xba\x18\xbd\xe9\x91\x21\xee\xe8\x6a\xdc\x6f\x84\x28\x19\xd6\xeb\xc7\xa2\x88\x99\x2d\xa3\x28\x58\x05\xa8\xb8\xb6\xfb\xcd\x22\x67\xb6\x86\xb3\xe1\xbf\x79\x60\xb4\x5f\x24\x4f\x85\x2e\x82\x49\x29\x44\xe3\xd6\x18\xbc\xc4\x51\x4c\x17\xf7\x22\xba\x49\xac\xa7\xf2\xf3\xbb\x4e\x91\xf9\x40\xe9\xce\xf0\x15\x65\x0c\x3e\x40\xb0\xc8\x55\xa1\x7c\x42\xf1\x1e\x3a\x34\xac\xc8\x52\x87\xdb\xe0\xf9\x09\x3c\x00\x37\x3d\x50\xc0\xb3\x06\x4a\x5a\x5f\x2b\x1e\x89\x20\x65\x17\x52\x82\x95\xfd\x87\x17\x03\xa8\xe7\x62\xb5\xe7\x6f\xb9\xb7\x47\x3d\x21\x49\xb8\x5b\x94\x61\xf5\x58\x7e\xd7\xe7\xfc\x8b\x50\xaa\x09\x87\x6d\xee\xb6\xe2\x37\x07\x85\x02\x14\x2c\xec\x6b\xdd\xc7\x01\x40\xfe\x1d\x1f\x16\x58\xd5\xd3\xe9\x10\xfd\x70\x36\xa2\xf9\x24\xb4\x99\xdb\x17\x56\xf7\xc8\xce\x0d\x5f\x0d\x04\x5b\x39\xbc\x81\xc5\xc2\xf1\xa7\x61\xf5\x2f\xf3\x93\xe0\x64\x9b\x8d\xb0\xbd\x88\x54\xbd\x02\x6b\xe2\xc7\xc3\xcd\x63\x52\x6b\xa5\xa8\x0d\x48\x33\x5f\x03\x38\x32\xd6\x33\x76\x07\x1b\x63\x08\xf0\x59\x60\xcb\x3f\xc9\xfa\xc9\x32\xed\xd8\x37\x6d\xae\x51\xf2\xc6\x61\xf7\x5b\x7c\x6f\x4a\xc8\x56\x75\x3a\xca\x62\x06\x28\x77\x60\x9f\xc4\xa0\xff\x60\x67\x02\x82\xc0\x5e\x88\x2d\x1a\x03\x5b\xf9\x89\x0c\xab\x29\x6a\xc7\xa8\xdf\x24\x4c\x56\xf4\x90\x25\x0f\x02\x00\x54\xb8\xaf\x51\xbe\x4f\xc3\x18\xbe\xba\x50\x62\x32\xbf\x45\xe1\x7f\x5c\x74\x0c\xf0\x9d\x37\x51\x5a\x8b\xc8\x94\xbc\x95\x5c\x8a\x46\x08\x77\xc7\x85\x4f\x8b\xe3\x63\xb2\x19\x33\xe1\x62\x87\xae\x0c\xb7\x0f\x22\x2d\x4e\x36\xb8\xb4\x24\x97\x55\x59\xbb\x4b\xfc\x8d\xd1\xd5\x1b\x3c\x0f\xaf\x4a\x53\xe3\x02\x19\x6f\x9f\xed\xb5\x32\x87\xd0\x93\x15\xdf\xff\xa2\xbc\x4b\x3a\xcf\xf1\x37\xf9\xa7\x6d\x68\x56\x21\x7f\x79\xcb\xb2\x54\x33\xfc\x97\x89\x9f\xd6\x54\x0f\x18\x08\x8e\x84\x41\x7e\x48\x33\xe4\xa9\x1a\xab\xa4\x65\x8a\xe9\xad\x7f\x76\x0d\xd9\xc5\xb7\x19\x1a\x0d\x3c\x05\x54\x1b\x83\xc0\x25\xa7\x99\x21\x38\xe6\xd1\x08\x0d\xa1\x4c\x2c\x88\x7c\x6d\x67\x0a\xab\x37\x4d\x43\x6c\x27\x2f\x9e\x96\xf8\x5a\x9c\x42\x33\x79\xc0\xd4\x7c\x46\xdf\x6d\xe3\x34\xea\x20\x57\x15\x8d\x33\x23\x1e\x14\x26\xa6\x6d\x3c\x70\x82\x7a\xad\x55\x11\xb8\x46\xe0\x3b\x94\x92\x3d\x5f\x94\xba\xf1\xf8\xcf\x11\xa8\x61\x37\x3a\x5b\x80\xad\x5e\x31\x7e\xc2\xa5\x29\xe9\x4e\x63\x6c\xdc\x3a\xa2\x9e\x5d\xac\x20\x5a\x0c\x13\xf6\x8f\xb1\x98\xcf\x94\x56\xe6\x39\x0a\xea\xd4\xd9\x78\x2a\x10\x38\xf6\x47\x8d\x33\x9a\x81\xba\xe7\xaf\x2a\x04\x15\x1c\x2f\x22\xe8\xd3\x9f\xe0\x71\xe1\xa5\x21\x68\xd5\x7c\x84\xc3\x62\x93\x41\x3f\x8e\x6f\xf6\x93\x4f\x05\xe7\xef\xad\x6f\xa1\x20\xc8\xc1\xc3\x8a\xd1\x88\x6a\x3d\x00\xbf\xc3\x06\x45\x92\x03\xc0\x2c\xdf\x4f\x06\x65\x2b\xc8\xfa\x0e\x8b\x9c\xc7\x79\xd4\x3f\xbb\x78\x9e\x7d\xad\x5d\xc9\x9f\x41\xd4\xcc\x58\x8c\x1b\x65\x42\x6a\x4e\x77\x38\x9e\xdd\x04\x97\x75\x78\xf8\xf3\x16\xbc\xdd\x94\x61\xd6\x66\x47\x2c\xdd\x27\x6a\xa5\x69\x72\x1c\x65\x23\x22\x56\xba\x1c\xf0\xe7\xf5\xea\x55\x32\x17\x29\xbb\x0e\x03\x86\xa7\x7b\x86\x55\x32\x02\x46\x96\xed\xde\xf4\x85\xb7\xd7\xb2\x8c\x15\x73\xb9\x34\x7e\x41\x4d\x42\x61\x99\x54\x82\xe3\xb3\x12\xde\x13\x31\xf8\x4e\x75\x48\x60\x7a\x84"},
+{{0x04,0xbb,0x88,0x7a,0x8a,0x31,0x84,0xff,0xc7,0xea,0x09,0xc9,0xbc,0x7c,0x1f,0x7c,0x34,0x11,0x55,0x6a,0x7c,0x7c,0x39,0x8c,0xb8,0xb2,0xd9,0x8f,0xfd,0x9e,0xe8,0x66,},{0x6a,0xb1,0xe4,0xae,0x4a,0xa0,0xd3,0x89,0x89,0xae,0xef,0xa8,0x05,0xb5,0x78,0x80,0x6e,0x2e,0x97,0x1a,0xc7,0xac,0x05,0x40,0x99,0x58,0xbf,0xe6,0x00,0x71,0xf4,0xa7,},{0xcd,0x84,0xf5,0x5e,0x5e,0xf4,0x53,0x19,0x24,0xc5,0xa2,0x18,0x1e,0xc8,0x7a,0x64,0x54,0x13,0x88,0xc1,0x05,0x94,0x06,0xbc,0x07,0xd5,0x31,0x57,0xa1,0x68,0xe2,0x03,0xcc,0x8a,0xa0,0xf0,0x06,0x9d,0x53,0xff,0x58,0xa9,0x5b,0x8a,0x8c,0xaa,0xfd,0xad,0x26,0x36,0x3c,0x7d,0x0f,0x80,0x45,0xc4,0x35,0x9e,0x97,0xb4,0x36,0x02,0xc6,0x06,},"\xb7\xab\x0c\x81\x63\xf4\x78\xc6\xca\xbf\x2b\xbd\x7c\xa3\x7c\xb0\x24\x56\xd7\x6e\x52\x7e\xea\x1b\x0d\x26\xdb\x24\x2e\x37\x87\x76\x32\x98\x5a\x3e\x3c\xa4\x1b\x52\xe2\x1d\x79\x01\x7b\xff\x81\xee\x55\x1a\xd7\x2a\xf2\x77\xb4\x10\xe4\x2a\xf8\x22\xc6\x08\xcd\x69\xd0\x0b\xf4\x40\xb7\x5b\x78\x7a\x8c\x91\x5d\x70\xb6\xc6\x37\x6c\x3f\x67\xfa\x64\xd6\x12\xa1\xb4\x49\xa7\xe2\x13\x4d\x9c\x23\x23\x01\x57\xd5\x76\xe0\x6a\x66\xa8\x42\x2a\x61\x1e\x2a\x0f\x09\x72\x86\xc1\x99\xea\x2a\x16\x28\x61\x86\x4b\xd0\x35\x07\x6a\xb2\x0b\xba\xe2\xb4\x40\x8a\x2c\x64\x33\xcb\x23\x43\x3a\x88\x9f\xe6\x59\x8f\x47\xbe\x53\xbb\xd2\xc8\x0f\x07\xa8\xfc\xcb\x8a\xae\x51\x11\x61\xe6\x09\xda\x4d\x18\x0a\xce\xa5\x44\x81\x1e\x94\x49\xc5\xdc\x22\x50\xe3\xe5\xa0\xcd\x41\xda\x33\xa2\xda\x63\x2e\x60\x38\xbd\x86\xf1\x6d\x5b\x7c\x1b\xe4\x9f\xc6\xdb\x49\x90\x76\xca\x91\xf7\xaa\x02\x8f\xe3\x85\x29\x70\x0b\x21\xd0\x72\xd2\xb7\x5d\xcc\x8b\x43\x78\x1d\x4b\xc4\xd3\xbb\x58\x4d\x9d\xa0\x1c\x3e\xcc\x85\xb1\xe9\x3f\xce\x04\x5d\xad\xce\xea\x51\x06\x46\x8b\xdf\xe5\xf7\x0d\x66\xa4\xfa\xd6\x0e\x4f\xb8\x64\xec\x15\xea\x50\xf6\xcb\x79\x72\x23\xc8\xc7\x56\xf7\xa1\x93\x1a\x39\x46\x4e\xbb\xb9\x67\x9f\x6b\x01\x68\x7c\x17\x4e\xaa\x32\xb9\x68\xb9\xcf\xac\xe8\xc1\x67\x12\x0a\xa7\xbd\x02\x42\xf0\x03\xa0\xc3\x77\x70\x25\x51\xb3\x0d\xa2\x48\x8e\xb2\x94\x40\x52\x93\x4a\xef\x4b\xfe\x11\x5f\x0a\xb7\x40\x5a\x3d\x5f\xa9\xbd\x79\x6b\x37\x17\x42\xbc\x11\x4a\x9b\xf2\x8c\x5b\xd2\x56\x26\x29\x5c\xe2\x61\xa6\xa8\x3e\xf6\x0b\x77\xd2\xd3\x2d\xd7\x10\x5f\xc8\x36\x64\xaa\x89\x76\x5b\x3f\x81\x91\xee\xee\xd8\x78\xf2\xeb\xff\x2f\xb9\x76\x63\xa6\x18\x77\xc0\x93\x93\x3b\xbd\x07\x31\xe6\x37\x57\x57\x1b\x0e\x37\xca\xc9\x9e\xd0\x1f\xd2\x14\xcb\xd4\xfe\xb9\x77\xe8\x56\xe0\xa1\xa7\xef\x0c\x40\x8c\x20\xe0\xdd\xaf\x1f\xd8\xf0\x28\xcf\xa0\x8c\x85\x0f\xa7\x09\x0d\xca\x8c\xdd\xe0\xcb\x69\x03\xda\x18\xc6\x29\x0c\x66\xa1\xc0\xae\x0a\x08\x4b\xf2\x50\xc5\x1a\x9d\x03\x5e\x5b\x16\xec\x61\x66\x36\xaf\xb9\xb5\xbc\xe3\x6a\x77\x5f\xe2\x17\x5b\xcc\x2e\xe0\x72\x20\x83\x4e\xeb\x31\xca\xee\x50\xe9\xf8\x06\x3f\xb1\xfc\x84\x68\xae\x25\xe3\x96\x67\x89\xa6\xd8\xdf\xfe\x08\xa6\xf7\xa1\xe6\x72\x6f\x93\xae\x74\x82\xde\x02\x62\xbb\x1f\x8d\xe0\xc9\x5a\x99\xec\xb9\x56\x84\xd4\x4b\x3f\x1a\x33\x2a\x18\xd2\xcd\x3d\xcf\x25\x3c\x33\xd7\x35\x52\x2f\x79\x6b\x65\x1c\x9a\x63\x3a\x8e\xbe\x95\xd0\x2b\xc0\x46\x58\x25\xee\x54\x1a\x7d\x92\x7b\xb5\xb9\x0a\x6d\xb5\x49\x9f\x8d\x99\x3a\xb4\x04\xb1\x65\x0b\x75\xe7\x92\xa7\xc8\x34\xeb\x41\xf0\x47\x01\x38\xb0\xf5\x78\xa0\x4c\x9b\xa5\xad\x95\x0a\xc7\xc9\xb5\xd3\x28\xf3\x40\x8b\x64\x5a\xd9\xc6\xbf\x19\x6d\xd9\x61\x44\x55\x96\xbc\x78\xf2\x84\xb8\x91\x4b\x2a\x8c\xf9\xb7\xbd\x3a\x71\x6d\x8f\x14\x4b\xb6\xb1\x5d\x83\x10\x23\x71\x3b\x5e\x41\xfd\xa9\xb5\x87\xff\x9d\x6c\xc4\x3c\x08\xd3\x5a\x70\x7f\x49\x52\x83\xe1\xac\xe9\x60\x48\x7e\x7f\x02\xb7\x54\x3b\x68\xa7\x31\xa2\x9b\xf3\xbe\x14\xb6\xe9\xc3\x71\x74\xa9\xf4\x6f\x56\x11\x99\xdb\xd2\x7b\x46\xbf\xe6\x22\x43\xe0\xc1\x1c\x0e\xdf\x13\xb6\x4f\x41\x1c\x8e\x8e\xce\xd3\x5d\x84\x28\xf7\x9f\x10\xea\xcf\xfb\x72\x34\xe5\x46\x41\x3d\x1e\xb0\xfa\xd8\x8c\x0e\x93\x85\x93\xb4\x3b\x5e\xe0\xe4\x28\x5d\x4d\xdd\xf5\x29\x5d\xbf\x1a\x3d\xdb\xe9\xf4\x13\x4d\xd7\x6d\x3d\xe7\x04\x62\xc2\xf0\x4f\xe0\xae\xbd\xf5\x9a"},
+{{0x97,0x76,0xa4,0x67,0xfa,0x14,0x00,0x73,0x54,0x12,0xa7,0x9b,0x49,0x5f,0x9f,0xca,0x07,0x8c,0xe1,0xd8,0x7a,0x85,0x30,0xd8,0x5c,0x26,0x05,0x5d,0x3a,0x39,0x44,0x88,},{0xc7,0xdb,0xe0,0xe4,0x1c,0x0a,0x31,0xc0,0x94,0x27,0x93,0xff,0xd1,0x42,0xd8,0xb9,0x5c,0xc8,0x2e,0x5c,0xaa,0x92,0xa3,0x79,0xba,0x23,0xf6,0x44,0xed,0xf2,0x24,0xda,},{0xe1,0x31,0x7b,0xa2,0xa1,0x23,0xae,0x3b,0x29,0xe7,0xb6,0x0e,0x8e,0x93,0xbe,0xed,0xd7,0xa0,0x84,0x51,0xa0,0x13,0x69,0x5b,0x6d,0xcf,0x35,0x8e,0x40,0x34,0x02,0x6d,0xc7,0x40,0x37,0xaf,0xbd,0xd2,0x17,0xff,0x4b,0x14,0x8b,0x02,0x91,0x38,0xf4,0xbc,0xc8,0xf9,0x83,0x6a,0xbb,0xae,0x7e,0x62,0x76,0xe9,0xe7,0x69,0xdb,0xd8,0xf0,0x07,},"\xd7\x85\x53\xa1\xb7\x05\x5b\x58\xb2\x13\x10\x1b\x1c\x84\xc5\x3e\x16\x4e\x39\xc6\xe9\xd3\x6d\xb4\x3f\x30\xe1\x9e\x2a\x12\x5a\x9a\x67\x70\x9e\xaf\xef\x96\x4f\xa5\xba\xb7\x26\x1d\xdb\x3a\x8a\x01\x88\x45\x7d\xfb\xf5\x15\x9c\x40\xe5\x1d\xa8\x20\x84\x83\x24\x57\x81\xd7\x13\x1e\x23\xa8\xbe\xe5\xe5\x06\x33\x18\x16\xb9\xde\xee\xfe\x6e\x55\x6e\x3f\x0c\x95\xc6\x68\xd1\xbe\xdb\x7d\xa6\x35\x06\x54\x58\xad\x20\x46\x70\x12\xf5\x9f\x17\x13\x52\x06\x80\x20\xce\x3c\x75\x87\x86\x93\xf6\x43\x7b\xc4\xa0\x9f\x13\xb9\xb0\xf0\xcd\xda\xf1\x69\x1b\x87\x2f\x82\x00\x80\x93\xeb\xfb\xe2\x33\xd0\x31\x3e\x72\xc8\x63\x2d\x7d\x17\x93\xf0\xb8\x1c\x76\x88\xf5\x44\x70\x33\x0f\x04\xe6\x48\x60\xe6\x44\x6b\xfc\x6d\x96\xc8\x75\x69\xbf\x18\x2f\x0f\x43\x85\xaf\x48\x5d\x42\x99\xca\xc0\x4e\x06\xba\x47\x34\x65\x56\x6c\x47\x7f\x07\xb9\xdb\x27\x7a\xb4\xa9\xde\x2f\xb2\xde\xd0\xa5\x01\x1c\xd0\x6d\x67\x5c\x08\x00\xb3\x4f\x55\xbc\xf3\xec\x72\xd2\x1c\xa1\x50\xc8\xbf\x23\x61\x28\x7b\xe8\x1e\xfa\xbb\x96\xd8\x68\x8a\x1d\xee\x3f\x43\x0f\x06\xf6\x37\xdf\xd0\x6f\x15\x14\x64\xa0\x5c\x95\xf5\xfe\x76\xaf\x2e\x06\xd0\x12\x3f\x69\x48\xa2\x6b\x3b\xe8\x35\x04\x5a\xa2\x68\xcc\x1b\xe9\x76\x69\x71\x07\x77\x02\x08\xa7\x56\x8f\x02\x5c\x2d\x53\xc7\x19\xe5\x24\xcc\x36\x9d\x9b\x4a\x33\x7d\x8f\xd1\xef\x34\x5b\x9b\xca\x57\xfb\xd7\xb6\x5a\x6b\x99\x7c\xad\x3f\xce\x4c\xf0\x6f\x2c\xa4\x3e\xbe\x29\x86\xd0\x96\x82\xd4\x7c\x92\x2b\x2c\xb7\x56\x9d\x98\xde\x97\xa6\x16\x4f\x54\x70\xee\xc7\x1c\xed\xa5\x20\xcc\xec\x77\x32\xbd\x01\x68\x9e\xf8\x16\x56\xe9\xf6\xd0\xc5\x8a\x89\x55\x58\xae\xe8\x63\xf5\x46\x9e\x7a\xb9\x79\x15\xbf\xe0\xb8\x0a\x06\x4c\x65\x9b\x18\x30\x31\xf7\xf1\xa8\x6f\xb1\x1a\x9d\x52\x8c\x28\x15\xdc\xaa\x2f\x0d\xec\x3d\x21\xa8\x82\xe1\x06\xe2\x04\x93\xee\x0a\xcb\x77\x08\xea\xa2\x91\x25\x74\xae\x97\xbb\x28\x8b\x41\xfc\x09\x25\x05\x3a\x29\xb0\xbf\xbc\x0e\xba\xe8\xd6\x3c\xc0\xb4\x6e\x37\x38\x04\x6c\x5a\x20\x25\x30\xbc\xb1\x5b\x18\x7a\x72\x85\x4a\xa2\xd8\xa7\xa7\x6c\x89\xa8\x9a\x5d\xb4\x60\x32\x07\x4e\x1b\xd7\xde\x77\xef\x20\x65\xa0\x8f\x38\x9d\x78\x3c\xf7\x59\xeb\xd5\xa6\x3a\x44\xd9\x19\xf9\x48\xf5\x60\xc3\xe9\x4c\x42\x39\xe2\x74\xe0\x51\xa2\x04\x85\xa4\x30\xcb\xd5\x29\xf3\x13\xd9\xf7\xed\x67\x9a\x34\x18\x7b\x24\xf8\x41\x30\x87\xa9\x02\x1e\x47\x31\x73\x0f\x5f\x46\x1f\xc5\xaa\xd6\x65\x4d\xfa\x1c\x05\x04\xd2\x61\x24\x70\x7e\x63\xee\x57\xf9\x31\xb2\x78\x59\x08\xf8\x6b\x10\x4b\x3e\xcb\x96\x00\x02\x51\xd0\x6c\xe1\xfa\x45\xe4\xcd\x6d\xf9\x1a\xc1\x5b\xbf\x7c\xa3\xc3\xeb\x8e\xe0\x82\x76\x12\xa2\x9e\xcb\x7a\x36\xd5\x47\x0c\x40\x50\x51\x82\xfa\x9a\xc9\x13\x57\x0d\x0c\x10\x50\xd9\xa4\x34\x55\xcb\x7b\xdc\x17\xd1\x69\x80\x5f\x01\x89\x56\xf8\x54\xf8\x91\x9b\xbf\xb7\x19\xe1\x86\x7b\x36\xa6\x4a\xab\xcd\xb8\x07\xf4\x8d\xcc\xc0\x67\x2f\x67\x88\x74\x50\xb3\xf3\xe9\x58\xd7\x84\x99\xe0\xd1\xab\x36\x8a\xa4\x94\x42\xe5\xe8\xa3\x32\xbf\xfd\x44\xc1\x69\xea\x67\x62\x9c\x85\x72\x4d\xb6\xf1\x58\x6b\x6c\x6b\x5b\xe4\x86\x4d\xfd\x53\xda\x7c\x0f\x7b\x8b\xb3\x57\x31\x16\xbe\x50\x77\xd3\x32\xbd\x12\xa6\x30\x0f\x3a\x68\xa8\x98\x66\xb4\x79\xec\x2b\xaa\x27\x7f\x9f\x56\xf6\xe1\xd4\x9d\x74\x1e\xb3\x22\x03\x5f\xf8\xcb\x1d\xe8\x5c\x8d\xc8\x7a\xc8\xe6\xe4\xc5\xd2\x0b\xfb\x6d\x31\x7a\xb1\x25\x93\x0c\x42\x60\x9b\xe3\xae\x82\x24\x2a\x9e\xf0\x56\x88\x58\xd8"},
+{{0x09,0xd8,0x12,0x26,0x97,0x12,0x6d,0xfc,0x7e,0x11,0x68,0x5a,0x04,0x12,0x3f,0xdf,0xb4,0x7c,0xcd,0xdb,0x44,0x99,0xd8,0xa3,0xae,0xf4,0x18,0xcb,0x65,0xae,0xd7,0xa7,},{0xf8,0xdd,0xb1,0xc0,0x0f,0x6e,0x0f,0x4b,0xea,0xa6,0xfc,0x38,0xe5,0xd0,0xa5,0x77,0x5e,0xe2,0x8c,0x80,0xdb,0xde,0x3f,0x0c,0x79,0x30,0xa3,0x3a,0xad,0x71,0x50,0xf3,},{0x18,0xcf,0xaf,0x6d,0xc8,0xe4,0xe8,0x58,0x2b,0xce,0xfe,0x0c,0xdc,0x6f,0xce,0xfe,0x6a,0x4a,0x87,0xea,0x62,0x95,0x85,0xf3,0x7d,0x2f,0xba,0x44,0x6b,0x3a,0xeb,0xd4,0x52,0x42,0x63,0x82,0xda,0x0d,0x49,0x1c,0x39,0xcb,0x7d,0x54,0xd2,0x73,0x00,0x5d,0xc1,0x32,0x12,0x15,0x68,0xd2,0xab,0x67,0x45,0x20,0xad,0xda,0x75,0x23,0x84,0x0d,},"\xa0\xd8\xd8\x79\x8e\xba\x22\xf5\x67\x60\xc3\x06\x43\xe9\xfc\x67\x95\x54\x7e\xa5\xf2\xf2\xbb\xd1\x1c\x03\x92\xb2\xeb\xf7\x11\xac\xa2\x2f\x08\x24\x19\x9f\xc3\x18\x8a\x45\xbd\xff\xde\x70\xec\xe9\xab\x15\xa5\xea\x89\x62\x2a\x58\x71\xe0\xef\x76\x85\xd1\x0f\x12\x74\xcc\x19\x5b\x4f\xda\x81\xf8\x79\xd1\xe9\xbf\x42\xf8\x73\xb2\x0a\x85\x9c\x23\x3f\x9e\x49\xad\xbf\x05\x77\x31\xe1\x13\x35\xe9\xb6\xd8\xed\x0e\x06\x9e\x13\x4e\xc4\x61\xca\x88\x90\xd7\xb0\x47\x3c\x40\x5e\x8a\x9d\x95\xd1\x57\x11\xb1\x24\x76\x10\x37\x62\xc6\x26\xd9\xf2\xaa\x5d\xd5\x19\xbd\x82\x5b\x60\xb3\x23\x4e\xbf\x65\x1e\x0d\x19\x33\x37\x1c\x52\xbf\xd8\xce\x33\xfc\x36\xbb\xa3\x28\xf7\xf3\xf2\xcc\xc0\x10\x00\xa8\x99\x04\xaf\x37\xe4\xe1\xe9\xe1\x5f\xff\xab\x5c\x2b\x0c\x47\xf3\x7c\xdc\xb0\x68\xdb\x33\xac\x36\xa5\xf0\xd6\xde\x12\x03\xfb\xf8\x94\x93\x24\xbd\x3e\xfd\xa0\xf9\x88\x9d\xb0\x0d\xa2\x31\x7b\x49\xfd\x18\x69\x99\xdf\x7f\xcd\xc3\xcb\x4e\x1d\x18\xfa\xa2\x54\x56\x1c\x25\x11\x78\xb8\xd3\x3f\xdc\x9d\xcc\xd8\xd2\xd7\x21\xb9\x3a\x53\x6c\xcd\x3c\x0e\x9c\x85\x63\x37\xf1\x95\xee\xe7\xda\x9a\x7f\x6b\x0a\x42\xb7\xc5\x41\xc6\xa6\x8c\x59\x5b\xf3\x47\x04\xd9\xfe\x3a\x56\xd2\xec\x84\x81\xd5\x77\xc9\x6e\xcc\x08\xb8\xe4\x0a\xcd\xbf\x05\x0e\x20\xc6\x83\xf3\x9c\x41\x4e\x8c\xbf\xcf\x4a\x01\x52\x31\x4c\x05\x98\x7a\x83\xbd\xe3\x02\x5b\x73\x5c\xca\x30\x23\xab\xc5\xfe\xb7\xe0\x0d\x02\x36\xb4\xf2\x4b\x15\xe6\x79\xdb\x05\x2c\x8d\x2f\xdd\xb3\xbe\xf8\x66\x3a\x6d\xf8\x19\xa9\x81\x55\x27\xa1\xa2\xf6\x0a\x0f\xa4\xe5\x07\x8d\xdc\x6d\x43\x5f\xe8\x92\x87\xb3\x0f\xfd\xeb\x5d\x9a\xe0\x5d\x1a\x86\x90\xfb\xc7\x59\x0a\xad\x57\xd4\x3d\x22\xc1\x2a\xce\x2c\x81\x96\x88\x8e\x35\x4e\x9f\x78\x2f\x5d\xbb\x44\x14\x9e\x83\xfb\x8b\xbc\x9d\xa6\xd8\x9c\xe2\x06\xc1\xe2\xb6\xb2\xb2\x8f\x93\x3f\x3e\x5f\xf1\x17\x5a\x31\xa8\xff\x5d\x31\xe6\x5c\x8b\x00\xc5\xba\x46\x22\x24\xa1\xe0\x9d\x4f\x09\xcb\x40\xfc\x87\xc3\x6e\x7d\x28\x5c\x77\x4a\x96\x97\x62\x03\x65\x18\x28\xe7\x83\x62\x88\x47\xac\x51\x2e\x5d\x1c\x35\xb3\x5b\x03\x01\x71\xf9\x23\x96\xf5\xff\xaf\xf5\x85\xce\xad\x04\xb6\xae\x21\x0d\x80\x70\x7c\xc6\x83\x2d\x98\xa2\x0d\x3a\x94\x76\x48\xda\x26\x04\x93\x7f\xef\xd2\x5a\x9f\xe0\xfc\x5c\xac\x08\x3d\xdd\x7d\x20\x75\x30\x7f\x4f\x38\x26\x64\xf6\x87\xdc\xe8\xc6\x55\xde\xd9\xc1\x2d\x48\xff\x76\x01\xdf\x2a\x48\xd3\x7f\xe2\x14\x97\x08\x44\xc0\x75\xf2\xea\xb0\x02\x05\x9f\xc2\x27\x1e\x61\x7c\x96\x57\xa0\x1b\xec\x1d\xd3\x8f\x6c\x28\xba\x8a\x61\x7b\xd3\x08\x51\xe3\xf9\xdb\xac\x90\x44\x18\xdf\x1d\x02\x15\xad\x45\xdf\xc9\xf0\x2b\x5c\x5e\x9f\x9b\xbc\x6d\xe8\xb0\x7a\xf0\xbd\x1f\x7f\xa8\x92\x25\x44\xf1\x2d\x2a\x3e\x1a\xad\xff\x7e\x9c\x6b\x93\x32\x0c\x3a\x61\xef\x33\xda\x07\xeb\x87\xb1\x61\x7f\x9e\x77\xd7\x70\x2e\x55\x8b\xc7\xd8\x12\x2e\x0d\xfe\x2a\xe8\x3e\x83\x6c\x5b\x1a\x62\xaa\x58\x5c\x0d\xff\xe7\x16\xf7\x46\x3c\x0b\x33\xda\x5b\x1e\xda\x55\x6a\x1e\xf1\xe4\x50\x42\xc7\x9b\xdd\x3e\xc3\xcb\x88\x63\xa7\xbc\x1b\x0f\x7e\x1c\x05\xbd\x99\x20\xf0\x5b\x4e\xda\x86\x51\x77\x05\xed\x07\xf6\xdc\xa7\xbb\x00\xae\x04\x56\xe6\x78\x7d\x9f\xae\x8e\xde\x4e\xcd\x0b\xc5\x72\xeb\x5c\xc6\xd1\x9e\x89\x1f\x1b\xcb\x22\x9e\x94\x09\xe0\x65\x74\xc7\xdf\x05\x81\x73\xcb\x58\xc3\xfd\xf2\x0f\x3f\xf1\x7c\x37\x05\xaf\x62\xd9\xb7\x22\x5c\x57\x43\xf6\x00\x60\x7f\x77\xcb\xe7\xd6\xe7\x61\x8a\xbc\x79"},
+{{0x10,0x20,0x1b,0xf0,0x08,0x43,0x67,0x59,0x0d,0xe6,0x74,0xcc,0x0e,0xd2,0x64,0x8e,0xc2,0x5d,0x3b,0xa8,0xdb,0x40,0xd0,0x0e,0xde,0x15,0x33,0x98,0x50,0x8b,0xc1,0x26,},{0xba,0xdb,0xd0,0x5e,0x5f,0x79,0xe3,0x11,0x69,0xf7,0x40,0xba,0x46,0xa5,0x89,0x10,0xa1,0xb7,0x77,0x05,0xaf,0x45,0x71,0x7b,0x2a,0xf8,0x08,0x56,0x45,0x7c,0x58,0xc9,},{0xf1,0xd9,0x96,0x58,0x8b,0x29,0x8f,0x27,0x1e,0x97,0x0c,0xeb,0xd2,0xa1,0xb3,0x39,0x97,0x9c,0xd2,0x9d,0xdd,0xee,0x36,0x45,0xd0,0x7f,0xab,0x8a,0xb4,0x65,0xdd,0xe3,0xe9,0x86,0x67,0xec,0x01,0xad,0x7f,0x1c,0x0a,0x65,0x92,0xe0,0x69,0x7e,0x66,0x5c,0x72,0xfd,0x38,0x14,0xdb,0xe1,0x89,0xed,0x5f,0x4e,0x76,0xc7,0x94,0xe5,0x38,0x09,},"\x7b\xb1\x47\x06\x17\xd1\x1e\x45\xeb\x60\x2a\x82\x9a\xd7\x73\xee\x2b\xb7\xe6\xb8\x8d\xa4\xc0\x4a\x72\x16\xa4\x50\xf8\x49\x93\xa4\x98\xcb\xd3\xb9\x25\x40\x28\xf2\xf9\x9f\xc2\x1a\x23\x28\x8b\xdc\x1e\x15\x1a\x72\xa9\x13\x0c\x3d\xed\xda\x1b\xbb\xcc\xd4\xe6\xc0\xf4\x8a\xe9\xf3\x53\x18\xcb\xef\xc9\x59\xf4\x05\x04\x5e\x6e\x0b\x5f\xb2\xe7\x38\xf2\xb7\x65\xbe\x11\xb1\xb6\xa0\xf1\xe8\x31\x95\x49\xd9\x5f\xa8\xd1\xdf\x81\x67\xcd\x4a\x77\x17\xae\x16\x36\xa9\xdf\x54\xd9\x6e\xaf\x2d\x63\x23\x69\x00\xfd\x11\x33\x82\x52\xa5\x00\x8d\x5d\x48\x0e\x2b\x1e\x98\x61\xd1\xf7\x06\x88\xc4\x7e\xae\x46\x89\xda\x01\xa4\x7d\xa3\xdf\xb6\xd2\xba\xb3\xcd\xf5\x05\xee\x5d\x80\x1a\x15\x2c\x26\x70\x93\xd1\x7e\x9b\xf7\x13\x7a\x6e\xe7\xb8\x34\xd0\x08\x55\x00\xe4\x01\xc1\x7f\x32\x86\xc1\x57\x5d\x1c\x01\x00\xfa\x98\x07\x63\x0c\x4a\x99\x06\x54\xc1\xe7\x1a\x8b\x71\x56\x27\xbb\x13\xd4\x42\xc8\x4a\x44\x98\x44\xc4\x04\xb8\x72\xbf\xba\xc7\x18\xa4\x8d\x0e\xa0\x94\x5c\x77\x16\x6a\x53\x13\x9b\x0f\xf0\x09\x81\x34\x76\x4f\x9e\xcd\xb8\x8e\xab\xe0\x7c\xcb\x2c\xce\xd4\x95\x5e\x08\x24\x9b\x2f\x57\x70\xad\x41\xfc\xcd\x7b\x5b\xb3\x72\xe6\xc3\x37\x67\xe0\x7f\x5b\xe7\xd1\x07\x12\xde\x81\x84\x1b\x13\x4e\x19\x3d\xf0\x77\x6a\x0f\xc1\x56\xff\x5d\x0e\x96\xf4\x0a\x70\x47\x53\xe1\x14\x5e\x9f\xa0\x83\xc4\xdd\xee\xf4\x41\x62\x34\xf6\xe1\xa2\x38\x2c\x8e\x5b\x3a\xd4\x05\x45\x8e\x89\xd2\xf4\x93\xa4\xd7\xc2\x9a\x23\xde\x21\x07\x48\x5b\x7f\x56\x35\x01\x24\xe7\xe0\xd6\x95\xc5\x22\xb6\xde\x7a\x92\x47\xa2\x92\x4c\xe6\xf2\x86\x32\x36\xc1\x0c\xc2\x12\x64\xad\x54\x59\x0d\x31\x47\x63\xea\x1a\x19\xaf\xac\xd9\x0e\xba\x95\x58\x70\x40\x7e\x8c\x63\x65\xa1\x43\xa5\xc1\xb9\xa8\xbe\x5e\x4a\x4d\xca\xdb\x72\xe0\xd4\x76\x49\xbd\x53\xab\xd4\x6b\x5c\x69\x60\xea\xe2\xca\xb7\x73\x75\x3c\xc0\xe0\x4e\x99\x41\x4b\xc2\xcb\x30\xf4\x8b\xb5\x41\x39\xd0\x66\xe4\x3e\x2f\x0e\x1a\x4a\xe9\x63\x85\x8b\xef\x96\x7d\xf8\xc8\x41\x40\xd2\xd0\x92\x02\xb4\x06\xd5\xd8\x5c\xb7\xa9\x6c\xc5\x7f\x23\x3e\xb2\x18\x7f\xfd\x02\xf9\x4e\x92\x29\x7b\x5e\x69\xd9\x69\xd3\xa5\x93\x6e\xfe\x49\x29\x14\x4f\x25\x8b\xfb\x39\xdd\x0c\xe2\x63\x59\xc4\x54\x9f\xc2\x18\xa0\xaa\x54\xf3\x1b\xd5\x51\xb8\x78\x1a\xcb\xbf\x61\xcb\x3f\x73\x2c\xda\xf6\x22\xc6\xa6\x91\x88\xcf\x55\x7a\x3a\x92\xed\x15\x3e\x69\x12\x5a\x40\x90\xac\x45\x15\x36\xa0\xe9\xa6\x3a\x41\x78\x29\x10\xff\xcc\xb4\xe8\x50\x02\x11\x23\xff\xd1\xf3\xbf\x39\xc7\x34\x60\xa6\x5c\xcf\xe4\xdb\xa9\xbd\xef\xb5\xd5\xf4\xda\x6c\x46\x9a\xa1\x32\x2f\xa2\x70\x43\x23\x83\x63\xee\x72\x91\x86\x88\xd7\xca\x1c\x4c\x29\x52\xe4\x30\xd5\x63\x25\x6b\xb8\x6d\x35\x0a\x35\xee\x82\xe0\x15\x04\x74\x7f\x31\xd0\x2e\x03\xae\xdd\xa5\x46\xd0\xf1\xb2\xf4\x51\xb8\x70\x82\x16\x02\xd0\x0e\x81\x90\x36\xad\xe5\xa7\xc7\xfc\xd2\x1a\x6d\xe6\xaf\x35\xb1\xf9\x63\x2a\x70\xaf\x65\xdf\x64\x45\xf6\xfa\xdf\xbc\x0f\x41\x67\x55\xc8\x24\x66\x40\xe5\x6b\x85\x6b\x66\xdd\xd9\x2a\x60\xc0\x35\x38\x22\x1d\xc8\xfb\x14\x2c\xe2\xdb\xac\xdb\x74\x25\xf3\x3c\xb8\x5d\x85\x0c\xc0\x2c\x31\x5c\xfc\x11\x1f\x6f\x65\x1d\xde\x1b\xdb\x67\xfb\x20\x8e\x1f\x6b\xde\x78\x4d\xdc\xf7\xbd\x18\xc8\x05\x1a\x2e\x0b\xbf\x10\x18\xb8\xf3\x95\x36\xc5\x89\xde\x65\xea\xdc\x6c\xf3\x79\xb7\x7c\xad\x13\xf9\x08\x9c\xb3\x23\xfb\x2e\x94\x3d\x06\xcd\xd1\x07\x05\xc1\x21\x13\x4c\x65\x48\xdc\x53\x41\x5f\x8c\x37\x0e\xc6\x90"},
+{{0xc4,0xaa,0x42,0x52,0x46,0xb5,0x17,0x3f,0x5e,0xf8,0x98,0x15,0x2e,0xca,0x3d,0x09,0x2b,0xb4,0xc2,0xdd,0x02,0x85,0x3f,0xcf,0xc7,0x17,0x83,0x99,0xf4,0xe2,0xf7,0x58,},{0x29,0xb7,0x7a,0x30,0x75,0xf4,0x19,0x24,0x3c,0x0c,0x1b,0xc3,0x96,0x59,0xd7,0x31,0x17,0xac,0x00,0xe5,0x5e,0x8d,0xe3,0x8f,0xe9,0x82,0x9a,0x87,0x9c,0xc5,0xb8,0xa0,},{0x5d,0x85,0x45,0xa4,0xbe,0x3f,0xd6,0xda,0x25,0x78,0xc2,0xec,0xcb,0x64,0x8d,0x83,0xfc,0xfe,0x58,0x71,0x33,0xfa,0x7a,0xe4,0xa1,0xcf,0xca,0x9a,0xe6,0xda,0xa4,0x92,0x59,0xc9,0x52,0x04,0x4a,0x85,0xa2,0x0b,0x6f,0x53,0x24,0xf8,0x27,0xdb,0xa2,0xd1,0xa8,0x38,0x8c,0x40,0xa9,0x28,0xb9,0x50,0x91,0x3c,0x63,0x4f,0xb3,0x09,0x27,0x07,},"\x7d\xf9\x78\xa1\xf4\x97\x68\x38\xff\xed\x74\x49\xa4\xdc\x13\x8b\x60\x4f\x4b\x2a\x4a\xe6\x89\xce\x75\x01\x8e\xbc\xcd\xab\x2e\xaa\x0b\x60\x76\x8f\x72\x08\x25\x7f\x2b\x28\xe7\xaa\x09\xbf\x6c\x05\x88\x8d\xa4\x6f\xd3\x96\xd1\xc8\x03\x01\x17\x50\xe3\x0e\xb4\x84\x87\x0c\x88\x06\x97\x76\x96\xf1\x2e\xbb\x9f\xee\xb4\xca\xf9\x2a\x02\xdb\xaa\x22\xbb\xff\x63\xf8\x42\xc3\xba\x14\x7b\xca\x7c\x00\x31\x42\x78\xac\xd0\xdb\x17\x35\x69\xf4\xe3\x65\x27\x95\x8e\xf6\xf1\x00\x2b\xd3\xcd\x01\xf4\x07\xa8\x65\x31\xed\xcb\xd9\xf3\x1b\x3a\x4a\xb8\x80\xa4\xf5\xb5\x2b\x42\xd0\xd4\xa1\xba\x66\xa2\x09\x86\x51\xae\x3e\x6c\x91\x51\xf4\x02\x73\x28\x5f\x7f\x6a\x4e\x81\x60\x6b\xf9\x80\xf6\x89\x50\x4b\x42\x08\x0f\xdb\x97\xc7\x28\x46\xfb\xa9\x04\x7c\x7e\x66\x0b\xa5\xc6\xbf\x12\x6a\x9a\x59\x9e\x25\x71\xfa\x13\x50\x5a\xf7\x58\x1b\xfe\xbc\x16\x51\x3f\x5c\x94\xdc\x71\x93\x7e\x6e\x61\xb3\xea\x10\x93\x9b\x02\xea\x10\x85\x9f\x32\xd7\x91\x2b\x9e\x38\x06\xab\xef\x61\x85\xfc\xff\xa6\x88\x21\x47\x80\x05\xcb\xfc\x1d\x63\x7d\xd0\x20\x42\x56\x20\xa3\x18\x07\x48\x98\xbd\xc3\x09\x31\xc5\x9a\xc0\xc6\x6c\x4d\x12\x38\xb0\x97\xcd\x5b\x17\x0f\x08\x44\x35\xd4\xba\xe4\x8a\x03\xd9\x2f\xd4\x8f\xc2\xca\xa4\xff\xc5\x05\xf1\xbc\xa5\x16\xfb\xd6\xe4\xf8\x88\xcc\xed\x98\x2a\xe0\xdd\xb8\x8f\xc2\x8a\xa6\x97\xb7\x07\x1d\x01\x5b\x0a\xcb\x28\x09\xb0\x1d\x1d\x9c\x7e\x7b\x53\xee\xe6\x82\x4c\xc3\x7c\xce\x5b\x69\x93\xd8\x8d\x83\xea\xfc\x2e\x92\x8a\x6f\x14\x7d\xb6\xeb\x80\xb1\xa6\x9f\x01\x60\x5b\x04\x6b\xd2\xfd\x1d\x92\xc5\x45\x9d\x6d\x33\x98\xa9\xca\xa2\x99\xdd\xd0\xc3\xba\x2e\x08\x94\x13\x07\xb1\x20\xcc\x13\x99\x2f\x70\x03\xac\xed\x14\xa4\xa4\xd9\x23\xbb\xb1\x2f\xc3\x93\xff\xcf\x92\x0b\x9f\x6d\x47\x75\xe9\x4d\x4a\x51\x22\x67\xfd\x26\xa6\x99\x7c\x60\x62\xb4\xc9\x90\x0f\x98\x62\xb9\xea\x0c\x8d\x7d\xf1\x9f\x05\xc2\xb6\x04\xaf\x5b\x98\x64\xfb\x27\x54\xa8\x07\x3b\xbb\xfb\x18\x23\x3e\x6e\x15\x0f\x72\xa5\x25\xe3\xa5\x76\x0f\xcd\xa7\xd3\x2a\x60\x03\x4f\x95\x6e\x3c\xbd\x34\x36\xc2\x00\x83\x0b\x3e\x7a\x14\x57\x12\x20\xbc\xb6\x27\xd5\xa4\xbe\x72\xc2\x0b\x23\x35\x1b\x2d\x92\x06\x02\xa5\x1c\x3e\xb3\x2c\x12\x37\x03\x9d\xfb\xff\x43\xc9\x87\xfd\x85\x63\x77\x7f\x0e\x5a\x39\xf8\x14\x6c\x16\x4b\xdf\xfc\xe4\x4f\x3b\x13\xee\x74\xd6\x4b\xfd\xcf\x98\x03\xf0\x3d\xd0\x17\x2a\xc4\xfa\x4b\xf6\xc7\x83\x9c\xb1\x1f\x3d\x34\xba\xef\x0e\x32\xb5\x49\x42\xfc\x4f\xa3\x8f\x47\x3e\x29\x66\xf4\x91\x1c\x0e\x80\xd7\x69\x37\xb2\x5b\x76\x32\x27\x5b\xa8\x83\x09\x63\x5a\x60\xdf\x13\x54\x89\x20\x8d\x3e\x73\x4b\x67\x2e\xda\x7d\x2b\xa2\x15\x79\xab\xa8\xd8\x86\x0e\xa7\x64\xfd\x67\xea\xf9\xc3\x8e\xa7\x63\x7d\x1b\xad\x57\xb2\xf3\xd7\x82\xb9\x1e\x1d\x5d\x92\xac\x30\x0b\xdb\xa7\xab\x91\x13\xce\x91\x3d\x0c\x79\x3c\x12\xa9\xa7\x26\xe3\xfc\xab\x05\xcb\x47\x99\x77\x87\x16\x40\x63\x0d\x45\x9e\x69\xe8\x1c\xa5\xcf\x56\xdd\xb2\xa0\x61\x1d\x61\xd4\x81\xc1\xb8\xce\xf3\x80\x4b\xd4\xe5\x75\x4a\x61\xeb\x49\xb1\x7e\xf2\xb0\x3c\x83\x05\x7b\x5d\x20\xd8\x82\x05\x8c\x00\xf5\x4b\x6c\xca\x86\xbe\x95\x35\x0d\xd7\xbc\xb2\x5e\x4c\x1c\x46\x58\xf4\x52\x29\xc8\xbb\x9f\x5c\xdf\xcc\x44\x79\x5c\x97\x8e\x33\x88\xd3\x25\x76\x01\x06\xe5\x2b\xe9\x83\x4b\xd8\x1f\xfc\x5c\x62\x48\x6b\x6f\x33\xc2\x74\x59\xdf\x17\x8e\xb9\x46\xe7\xa8\x2d\xb9\xce\x0d\x29\x5b\x92\x5b\xb6\x12\x6d\xd5\x5c\x31\xf4\x9a\x68\xdc\xef\xc7"},
+{{0xf1,0x3c,0xaf,0xde,0x6f,0x39,0xb9,0x63,0xdc,0xa9,0x66,0x26,0x86,0x2f,0x4f,0xbc,0x5c,0x2e,0x00,0xdd,0xf0,0x8b,0xec,0xea,0xc7,0xa6,0xe2,0xfc,0xa9,0xe1,0xcc,0xf7,},{0xc1,0xb0,0x1a,0x91,0xe8,0xee,0x0b,0x9f,0x19,0xa7,0x2e,0x5e,0x7e,0x0a,0xef,0xcf,0xdc,0x44,0xa1,0x57,0x47,0x4e,0x99,0xfe,0xeb,0xd0,0xff,0x55,0x2d,0x73,0xb2,0xac,},{0x6c,0xa9,0xf8,0x0a,0x62,0x50,0x1f,0xaf,0x31,0x9f,0xb8,0x4a,0xf4,0x71,0xf6,0x76,0xae,0x3f,0xff,0x85,0x56,0x5c,0x97,0x98,0x1f,0x14,0x57,0xcb,0xb8,0xc4,0x9f,0x97,0xb2,0x66,0x31,0x6a,0x99,0x2d,0xb0,0xd4,0x2b,0xc5,0x02,0xf0,0x95,0xa5,0xf2,0xd9,0xa4,0xe1,0xcf,0xac,0x0c,0xc9,0x35,0xd3,0x88,0x2c,0x8a,0x3a,0x0e,0xa6,0xe1,0x0e,},"\x2b\xee\x73\xb7\x4f\x1b\x76\x22\xeb\x09\x6a\x28\xd8\x3a\x81\x9b\xce\xc2\x2d\x99\x99\xa3\x20\x62\x10\x3d\x60\x4a\xe6\xd7\x8e\xdf\x8f\x89\x38\x95\xd2\x22\x0a\xb7\x56\x90\x41\x0c\x58\xaa\xb5\x90\xa9\x8d\xdf\xf2\x3a\x94\xd2\x35\x0f\x88\x9e\x53\x46\x42\x00\xa5\x27\xd5\x4d\x62\x57\x11\x07\xb2\x7e\x57\x4f\x54\x2e\xba\xc2\x49\xb8\xe2\xe3\xce\x08\xd1\xbd\x27\xbd\x8d\x29\xf2\xe6\x12\x43\xde\xef\x0e\x69\x38\xe5\x2e\xe2\x99\x2f\xf2\x18\x7d\x7a\x7f\x52\x82\xed\xd9\x8f\xc4\x98\x5b\x61\x9a\xcb\x80\xaa\x9d\x03\xd6\xcb\x84\xb8\x21\x10\x6f\x40\xd6\xe5\xf4\xc3\x87\xab\x0a\xf6\xf2\x06\x61\x5d\x0a\x17\x5f\x7e\x60\xee\x27\x55\xae\xa3\x46\x75\xfd\xd8\x23\xeb\x24\x10\x9a\x9b\xd8\x18\xea\x2d\x9d\x9b\xd1\x99\xcf\x8d\xfe\x79\x62\x4b\x03\x72\xae\x85\xe9\x8c\x60\x20\x02\x34\xbd\x41\x3f\x4a\x62\xce\x68\xa4\x7b\x6c\x9b\x12\x85\x7c\x0d\x39\x9a\x44\x8e\x5a\x52\x80\xe9\xf2\x2f\x9b\x12\xea\x2c\xd3\xc6\x87\x13\xe7\x7d\x0a\x11\xf3\x62\x8d\x8e\xc5\xe0\x60\x63\x90\x31\xd3\xb6\x40\x02\x1c\x9c\x38\x80\x9d\xc5\xf4\x2d\x2e\x1c\x2e\x23\x46\xc8\x6e\x24\xee\xdc\x59\x84\xa1\x15\xa4\x2d\xe8\xde\x7e\x35\xc9\x91\x75\x39\xe8\x98\x85\xca\x91\x6e\x07\x2a\xfd\x5d\x46\x84\x6b\x2a\x93\x59\x61\xc2\xfe\x28\xe9\xeb\x3c\x8f\x89\x6b\x86\xfc\x12\x0c\xbd\x3a\xf2\xaa\x13\x9c\x49\x9d\x29\xcf\xc3\x69\x9d\xb7\x9c\x14\x48\x4e\x9e\xc2\x57\xa5\xf6\x43\x44\xb7\xad\x1e\x3d\xfb\x34\xee\xe7\x65\x4c\x6b\xf1\x2f\xd3\x8f\xbb\xa8\x0f\xe1\x76\x2a\xab\x57\x11\x2b\x3a\x94\xe2\xbe\xe7\x90\x41\xd1\xe8\x84\x40\xf8\x5f\xb7\x2d\xde\x68\xd4\x9e\x84\xbc\xed\x99\x8a\x2f\x63\x35\x44\x6e\x4a\x83\x5e\x70\xc5\xf8\x27\xfb\x3a\xd7\x82\x3d\x5f\xbe\x3b\xe5\xf6\xec\x7e\x43\x4e\xe5\x24\xcc\xd9\xff\x5b\x7e\x72\xa3\x2d\x09\x1a\x7e\x17\xc8\xb1\xae\x41\xa1\xaf\x31\x79\x3c\xce\x91\xd8\x4c\x36\x22\x67\x89\x69\xc8\xf5\x17\xdc\x26\xe3\xcd\x61\xd2\x44\x69\x12\x28\x3f\x93\x53\xbb\x5a\xd0\x3c\x11\x1c\x62\x33\xde\x31\x4c\x61\xb8\x31\xcb\xf3\x8b\x04\xfe\x58\xcf\x44\xf1\xd2\xd0\xb4\x5f\x25\xa6\xb4\xe0\x25\x68\x59\xcd\x5d\x83\x0f\xac\x5e\xc3\xc8\xd7\x63\x98\x55\x9e\x9b\x26\x01\x0f\x5e\x1d\xa5\xf2\x5d\x22\x00\x93\x54\x53\xff\xac\x5a\xea\x51\xf7\xe8\x1e\x72\xec\x8e\x5f\x04\xd2\xf8\x85\xc7\xb4\x5c\x63\xf6\x44\x56\xcf\xe2\x31\xb8\xcb\x24\xaa\x16\x20\xa9\x02\x63\x9c\xa7\x8d\xd3\x91\xaa\x4a\x3d\x03\xe1\x19\x75\xc8\x90\x7f\x96\x4f\xd5\x5d\xf9\xbb\xb1\x40\xe3\x8d\x6d\xb9\x32\x56\xb4\xb3\x9c\x2b\x7b\xcb\xe3\x5b\x11\x82\x6b\xbf\x8c\x08\xf1\xdc\xb4\x8e\xdc\x4b\xfb\x70\x46\x2a\x35\xea\x8c\xd8\xcb\xa7\x9f\xab\x8b\x4c\x44\xe7\x3b\xe7\xec\xfa\x11\x21\x66\xf6\xdc\xab\x70\xd8\xbb\x55\xd8\xb8\x42\x8c\x2d\xa7\x1a\xac\xa2\xfc\x3d\x90\xf3\xcc\x5e\xd0\x15\x51\x35\x8d\x60\x78\x9b\x9d\x57\x1e\xfe\x10\x89\x20\x27\xfa\x37\x40\x4a\xaf\x59\xec\x1c\x2d\x71\x11\xec\xc3\x59\x24\x67\xed\x1d\x9b\x8a\xba\x8e\x22\x9e\x32\xd2\xa0\x0c\x19\xdb\x71\x87\xfb\xcb\x12\x20\x61\x96\x1c\x1f\xda\xca\x30\x7e\x9c\x9c\x9d\xe9\x72\xad\x51\x40\x2f\xa6\x7d\xc1\xc2\xa4\x03\xb3\xc5\xe8\xb1\xe2\x46\x86\x2d\x6a\xd6\xa4\x98\xdb\x6d\x76\x1f\xb5\x66\xf6\x06\x59\x42\xb6\x0a\xd4\xb4\x30\x9d\x18\x2b\xc5\x15\x4c\xfc\x36\x86\x31\x85\xa8\x7e\x23\xab\xaa\x1d\x54\x1a\xb7\x63\xa4\xa1\x06\x6c\x0a\x7a\x8c\x3d\x82\x1a\xe3\x2f\xd3\x1c\x88\x92\x40\x10\x46\xd0\xa2\x0e\x91\xa6\x47\x79\xf4\xbd\xa8\x11\x20\xaf\x3f\xb3\x48\x6d\x3f\xc0\xa7"},
+{{0xc8,0x46,0x34,0x42,0x61,0xa3,0x48,0x65,0x39,0x38,0x34,0xbf,0xaa,0x3a,0x15,0xa3,0xf5,0x3a,0xc9,0xe1,0x38,0x33,0xb0,0xb2,0x87,0x12,0x27,0x81,0xb7,0x9d,0xe3,0x92,},{0xeb,0xad,0xe0,0x22,0x61,0x95,0xae,0x25,0x4b,0x61,0x15,0xe2,0x16,0x96,0xa9,0xc6,0x5a,0x19,0xd5,0xe0,0x40,0x44,0x31,0x31,0xc2,0x2b,0x89,0xf0,0x2f,0x69,0xab,0x78,},{0xd5,0xe4,0x1b,0x47,0xad,0x0f,0x34,0x00,0x70,0x97,0x70,0xed,0x43,0x91,0x9b,0xaf,0xdf,0x24,0x38,0x1b,0x66,0x15,0x44,0xe5,0x1d,0x8b,0x5c,0xee,0x9e,0x97,0xb3,0x67,0x6a,0x4c,0x0f,0xfa,0xeb,0xb2,0xcb,0xd2,0xdb,0x79,0x85,0x32,0xb6,0x5c,0xf6,0x54,0xa5,0xb6,0xc1,0x66,0xef,0x88,0x6c,0xb0,0xfb,0xbf,0x4a,0x4f,0x84,0x4c,0x44,0x0b,},"\x5a\xbd\x13\xe9\x5b\x6e\xe1\xd5\x51\x47\x68\x28\x22\x00\xa1\x4f\x7d\x1a\x57\x1f\x34\x68\xe2\x2e\xfe\xc9\x93\x46\x30\x66\xa3\x7a\xec\x83\x73\xe5\xfb\x49\x95\x64\x19\x1f\x32\x94\xa9\xb3\x0a\xfb\x5f\x1a\x34\xd4\xd8\x8a\xbc\x3e\x9b\xc3\x03\xc1\xab\xa0\x5b\xd8\xfa\xca\x90\xee\x35\xd9\x7a\xc3\xdd\x91\x06\xf6\xfa\x3c\xa8\x1a\x38\x10\xec\xce\xfa\x6a\x20\x9e\xa3\xf3\xfc\x30\x49\xdc\xb1\xb0\x03\xc7\x28\xf7\xf6\x37\x4c\xa9\x8c\x58\x2d\xe6\xdb\x1a\xf7\x60\xf0\xa0\x21\x33\xca\x4a\x01\x03\x24\x30\x4d\x26\xa0\xe5\x0a\xf0\xd1\x3c\x13\x4d\xa3\x4a\x03\xa4\x1e\x83\xec\x8f\x10\xea\x5b\x85\x9b\xec\x1f\x51\xb0\x1c\xab\xb2\xd1\x6c\x1f\xc5\x2b\x05\x8f\x8e\x5d\xef\xae\xde\x12\x81\x71\xc2\xe0\x26\x90\x23\x16\xf8\x71\xb3\x5e\x32\x92\x65\x6f\x0e\x5b\x39\xbb\xbc\x81\xd0\xc0\x83\x0e\x6a\xc0\x1f\xac\x9b\x45\x39\xf4\x7f\x9a\xcf\xbd\x58\xb7\xab\x9f\x5a\x12\x56\x00\xf2\x51\xa2\x71\xd7\xbf\x16\x7f\x29\x54\xca\x8e\x1e\x0c\x96\xe1\x6b\x06\xe8\x30\x7d\xf8\x8b\xb8\xe9\xd5\x7d\x5b\xa0\x44\xf2\x7f\x3e\xaf\xf8\x1d\x9f\x15\x05\x54\xaa\x71\x22\xfd\x10\xd1\x1f\x35\xd2\xbe\x2b\x16\x24\xe3\xe1\xa1\xd7\x7f\xea\x4c\x5c\x7f\x8b\x98\x3e\x94\x5b\xa8\xc0\x8d\xc1\x54\x5b\x3e\x6b\x29\x73\xad\x04\x1c\x44\xd0\x61\x7e\xcc\xc8\x71\xa3\x82\x1a\x9f\xfe\xa9\xdb\x7c\x2b\x0d\x05\x5d\xa5\x5d\xe0\xb3\x50\x63\xe4\x22\x5a\xee\x6b\x22\x5a\xb2\xa7\x90\x6a\x8e\xe3\x29\xd1\xb3\x97\x2e\x0d\x1f\x70\x81\x7c\x50\xcc\xfe\x94\x03\xd1\x2a\xd6\x2c\x94\x92\x3b\x9a\xa2\xd7\xf8\x5a\x8d\xda\x47\xbe\x4d\xce\xc0\xdc\x2b\x0b\x58\xf7\xac\x19\x0a\xe0\x57\x9b\x9b\x13\xbb\xb8\xb1\x6a\x31\xb0\xab\x4d\x6f\x27\x91\x25\x3a\xb4\x75\x1b\x53\x6b\x88\xd3\xb4\x93\x7c\xc3\xa1\x10\xaa\x82\xa6\xff\xed\x68\x53\x52\x4b\x66\xb3\xef\xfc\xd2\xf6\x3c\x6f\x96\x45\xce\xa1\x3a\xa2\x3c\xd1\xc9\x9d\x9f\xfd\xa4\xcd\x3a\x9c\x5d\xf4\x5e\xc7\x47\x26\xc3\x47\x11\x28\xb7\x08\x9f\xbd\x82\x69\x4d\x2d\x3f\x08\xdc\x93\x06\xc0\xfc\x9c\xe7\xc8\x01\x13\x8e\xb1\xec\xb7\x56\xe5\x71\xe9\x05\x9b\x75\xed\x03\xf9\x2a\x31\x50\x2f\xbe\xb5\xfe\xc5\x1d\xe9\x35\x90\x10\xc4\x39\x7d\x28\xb6\x5e\x35\x6e\x38\x00\x1d\x0d\x51\xac\x96\x00\x72\x8c\x78\xb5\x76\x6e\x0f\x21\x79\x38\xb4\x10\xe7\x85\xb4\xc0\x1e\x86\xa3\x45\x2b\xcb\x38\x84\xac\xa4\x75\x40\x85\x9c\xc4\x9b\x00\x0f\x0b\x61\xfd\xbe\x72\x75\x25\x74\xb2\x7a\x22\xd4\xc4\x04\x13\xa4\x3b\x31\x09\x24\xb1\xbb\x14\x0f\xc9\xfd\xaa\xe2\x66\xd6\x59\x30\xe3\xf2\x34\xfe\x84\x1d\x82\xb2\x61\x76\xff\x86\xc5\xd2\xbd\x8d\x96\x5c\x52\xd7\x28\x06\x4e\xbd\xf6\x8d\xc8\xe4\x83\x49\x41\x80\x1c\xca\x0b\x2f\x25\x6d\x4f\x6c\x3d\xd1\x9d\x35\xd5\x36\x2b\xbf\x9b\x8a\x3a\x1c\x86\x3e\x09\x26\x89\xdd\x28\x52\xad\xd4\x88\xbf\x42\x68\x5b\x11\xe1\xe1\xad\x57\x45\xd0\x75\x62\x8d\x73\x1f\x91\xcf\xd7\x49\x15\x9e\x2e\x1c\x83\x7f\x4e\xf8\x3d\x80\xea\x1d\xd9\xbd\xed\x5f\x88\x01\x8c\xe1\xd4\xb3\x37\x1f\x95\x43\x53\xf3\xd8\x94\x37\x00\x62\xc0\x96\x5d\x67\x98\x6d\xbc\x48\x17\x15\xf4\x2d\xd2\xc9\x16\x07\xab\x8b\x5f\x0d\x89\xf6\x6e\x68\xd7\x3d\x50\xd6\x40\x52\x4d\x72\xe6\x91\x34\xb8\x87\x29\x8e\x5c\xd8\xc4\xb9\x05\xba\x5e\xfa\x0e\x9d\x68\x52\x14\xb8\x42\xf5\x0a\x2a\x39\x83\xa1\xaf\x58\x5a\xf2\xca\x43\xdb\xcf\x02\xc4\x08\x97\xae\x2e\x1a\xb5\x1d\xbc\xe5\x70\x34\x5e\x8e\x13\x5f\xb7\xb4\xeb\x0a\x1d\x6a\x0b\xb5\xa8\xa1\x80\x7e\x42\x5b\x2d\x62\x83\x60\x76\x80\x58\xe6\x1a\xd1\xcf\xaa\x20\x99"},
+{{0xfa,0xaf,0x55,0xd3,0xc2,0x97,0x14,0xb6,0x5c,0x22,0x81,0xe2,0xc2,0x2d,0x61,0x34,0x97,0x1a,0x2e,0x74,0x00,0x8f,0xb9,0x40,0x89,0xa7,0x73,0xee,0xeb,0x44,0x83,0xa6,},{0x39,0x86,0x2e,0xac,0x6d,0xd5,0x2e,0x38,0x1b,0xb3,0x4d,0xc1,0x96,0xba,0x8a,0x37,0x4d,0xcb,0x7d,0xf6,0xcb,0x14,0x0f,0xd0,0xcf,0xa6,0xcf,0xa3,0x9b,0x8c,0x75,0x3f,},{0x5b,0x00,0x83,0xf7,0xa8,0x20,0x61,0xc6,0x5c,0xf6,0xc7,0x56,0x40,0xc8,0x1c,0x28,0xe8,0xd6,0xd2,0xe8,0x7f,0x6d,0x57,0x95,0xc9,0xaa,0x3b,0xb3,0xe3,0x90,0xe9,0x19,0x90,0xe8,0x2d,0xb6,0xf0,0x7e,0x61,0x4f,0x50,0x7a,0x56,0x0a,0xba,0xa1,0xec,0xa6,0x56,0xc6,0x78,0xdd,0xca,0xe8,0x19,0x82,0x51,0xe6,0xaf,0x0b,0x76,0xb8,0x8d,0x0d,},"\x94\xe6\x61\xc2\x52\x40\xa8\x9e\x82\x3d\x7f\x5d\xc0\xe6\x92\xed\xdd\x13\x70\xc3\x5a\xc4\x4d\x5a\x8c\x87\x98\xd0\xc9\xaa\xfd\xf0\xbb\xfb\x54\x92\x60\x56\x8d\xba\x1c\x69\x08\x6b\xee\x63\x6b\xe8\xed\xcc\xd3\xcb\xb2\x70\x16\x24\x4d\x54\xd7\xed\x2f\xeb\x7f\xa6\x46\x14\xd4\x54\x49\xd7\xe0\x58\xe7\x1b\x30\x6c\x22\xe6\x91\x1c\x2a\xc7\x42\x07\xba\xe5\xa8\x4d\x0f\xc2\x47\xbe\x49\xd3\x56\xe5\xd4\x35\x3b\xa5\x58\x6b\x6e\x4b\x2b\x97\xce\x9e\x23\x77\xb6\xee\xd9\x2c\x84\x9e\x67\x69\x44\xae\x90\xdc\x42\x08\xe3\x00\xe1\x9c\xc9\x1d\xc2\x6b\xbd\xd5\xa3\x0c\xfa\x92\x81\xa1\x5e\xfd\x87\x30\x66\xf8\x5a\xf3\xa2\x6f\x31\x06\x23\xe0\x09\x80\x48\x53\xcc\x68\x55\x90\x3e\xa6\x4a\x90\x98\x97\xe3\x15\xe7\x3d\x31\x29\x48\x98\x0e\xf6\x28\x9d\xb2\x1a\x5e\xbb\xec\x8c\x8e\xfe\x20\xd1\xd5\x3d\xfa\xad\x6d\x9f\x42\x96\x53\x2e\x88\x7c\x37\x35\x01\x05\xa6\x33\xab\xc7\x73\x18\x87\x51\xb2\x8c\x3a\x08\xf1\xb5\xee\x04\x72\xde\x46\x27\xe6\xb6\x1b\x68\x27\x8d\xd5\x1c\xed\x6a\x61\xec\xf3\x88\x86\xe4\x53\x39\xdc\x6c\x60\xc3\x1e\x85\x0e\xf8\x29\x6a\xe8\x0f\x9d\x31\x70\x17\x76\xeb\x9a\xf2\x16\x93\xf4\xc5\x2e\xc0\x62\x62\x57\x38\xd4\xe3\xaf\xbf\x71\xd1\xc8\x1f\xc4\x84\x63\x60\x36\x3e\xa5\x41\xa9\x76\x62\x3a\x5e\x4e\x6b\x6a\x67\x23\x7e\x92\x37\x17\x3f\x1a\x1d\x54\x33\x02\x85\x88\x85\x71\x4c\x2a\x59\x1d\x0a\x78\x62\x82\xa0\x28\x5a\x37\x11\xf7\xbc\x2b\x63\xca\x79\x87\xe9\xae\x7d\x02\x03\x55\x55\xcf\x3b\x6a\xd6\xf7\x1c\xa9\x8a\xa9\x28\x88\x3b\xf8\x1d\xd6\xf8\x64\x93\xea\xab\x56\x37\xb4\xdd\x56\x9d\x1e\xe8\xde\x6a\x44\xbc\xed\xb6\x2b\x97\x06\xb1\xdb\x89\xe3\xf0\x5d\xf1\x63\x10\x01\x7d\x89\xef\x3e\x4b\xc0\x99\xb7\x21\xa5\xc8\xd3\x80\x43\xd6\xe4\xa2\x2c\xf0\x40\x09\xc0\xfc\xee\x6b\xe6\x99\x37\x82\x99\x54\x94\x1b\x8b\x4a\x1e\xbf\x4d\xae\xa0\xd7\x74\xd0\x78\x2b\xe1\x76\xc8\xe5\x91\x90\x77\x56\xc2\xcf\x75\xde\xa6\xf7\x87\x7d\xd6\x87\x5b\x8f\xe1\x01\x2f\x30\x50\xcf\xb1\x28\x9c\xf0\x88\x66\x7e\x15\x22\xee\xed\xc9\x27\xac\x86\xbf\xe2\xc4\x07\x43\x2b\x4a\x81\x3a\x6a\x7a\x55\x04\xe9\x99\x20\x6d\xb1\x82\x7e\x25\xfa\xfd\x70\xce\xd3\x6d\xb3\xb2\x81\xb6\xf7\xb1\x4e\xd5\xba\xa0\x57\x23\x15\xa9\x39\xc5\xbf\x4a\xbb\x13\x3d\x2e\x7b\x16\xd5\x2d\xe2\x08\x17\xaf\x05\x5d\xf5\xf1\x41\x20\x77\x34\x61\x0a\x0c\x6e\xeb\xed\xaf\xff\xd9\xcc\x9f\x06\x9b\x67\xf9\xa1\xc0\x45\x4b\xe4\x1d\x54\xc1\x38\xbe\x54\x2e\x5e\x38\xcf\xe2\xf2\x93\xf7\xd2\xd3\xdf\x66\x97\x7a\xcb\x36\x6a\x42\xc1\x9b\x31\x85\xac\xfa\x1b\x36\x3c\x61\x31\xa4\xa8\x11\x1c\x3b\x1f\x4f\xd7\xac\x40\x6d\x0e\x69\x10\x3b\xa1\x5b\x8c\x4b\xf2\x9b\xc2\xed\x9c\x45\xcf\xd1\xd2\x79\xd8\xd9\x31\x44\x4b\x2b\x18\x49\x25\x2b\x8a\x70\xee\xd8\x0f\xd2\x60\xed\xf5\xa3\xc0\x1b\x96\x90\x16\x0d\x23\x11\x85\x1d\x21\xc9\x30\x2d\x98\x59\x86\xea\xee\xb3\xae\x2c\x07\xc7\xc7\x67\x20\x94\xf9\x1d\xb0\xbd\x50\xbe\x37\x7e\x4d\x1e\xb0\x7e\xe7\x6a\xf4\x9d\xc1\x36\xa1\x45\xa1\x1b\x17\x2f\x08\x11\xfe\x73\xd6\x25\x9b\xe3\x70\xc4\xdf\xca\xb6\xf1\x9e\x4a\x64\xb1\x51\xd0\xa6\xdb\x80\x50\xc3\xde\x2c\xc3\x25\xf5\xc5\xf6\x59\x4c\xf6\x24\x8e\xb0\x81\x20\x95\x39\xe0\x8c\xa3\x42\x29\x84\xe7\xbf\x80\x3d\xe3\xa4\x19\xb1\x44\x23\xf1\xe5\xa5\x42\x24\x04\x2c\xe4\xf0\x54\x88\xa6\x04\x4f\x40\x42\xbd\x64\x9b\x1a\x08\xce\x10\xc2\x00\x6e\xa7\x6e\xfa\xb4\x64\x1f\xef\x28\x97\xef\xd7\x24\xe6\x05\x4a\x3b\xd1\xa6\x9e\x39\xa4\xa5\xe2\xd5\x02"},
+{{0x6d,0x78,0x55,0xe3,0x0f,0x7a,0x13,0xe2,0x37,0xb0,0x67,0x14,0x43,0x46,0x43,0x4b,0xb4,0xb0,0x51,0x78,0xc7,0xd8,0x8d,0x49,0x2e,0x79,0x02,0x7c,0x4b,0x0f,0x3c,0xdd,},{0x72,0x73,0x29,0x38,0x28,0xef,0xa3,0x49,0x82,0x23,0x92,0xdb,0xba,0xb0,0x78,0x79,0x57,0x7e,0x1a,0x77,0xa6,0xfd,0x6a,0xfe,0x33,0x75,0x3a,0x9e,0xec,0x88,0xc4,0xaf,},{0x0f,0xe2,0x8e,0xad,0xd9,0xe5,0xdd,0x57,0x4b,0x3f,0xaa,0xea,0x81,0x0d,0x44,0x52,0x2c,0x8b,0x1b,0xfb,0xb3,0xe3,0xd5,0x7e,0xd8,0x89,0xfa,0xed,0xec,0x91,0xd0,0xe1,0x4a,0x86,0xb9,0x14,0xc4,0xc7,0x66,0xf1,0xbf,0x9b,0x8f,0x18,0xb0,0xdb,0x89,0x0d,0xb6,0xc1,0xb1,0x25,0xd5,0x78,0x04,0x33,0x36,0x19,0xb1,0xe0,0x72,0x0a,0x33,0x00,},"\xf8\xb9\x36\xe7\x93\xb0\x17\x58\x0c\xc0\xe9\xcb\xda\x2a\xcb\x64\x74\x50\x7f\x4b\xca\x3a\xfc\x87\x83\xec\x46\xee\xb8\x2c\xcd\x4d\xd2\x52\x56\x76\xaa\x6a\xb5\xc0\xdc\xf7\xd7\x5f\x7e\x03\x11\xe6\xfe\x6b\xf2\x72\x63\xf8\x57\x8f\xeb\x55\xc5\x61\x2d\x1f\x28\xe8\x88\xb7\x66\x56\xc4\x1c\xcd\x8a\x70\xb9\xbc\x60\x4b\x42\x72\x4f\xa2\xbc\x41\x1d\x44\xc3\x1a\xb6\x8c\xe8\x4f\x83\x93\x39\x9e\x34\xd5\x40\x85\x79\xc2\xba\x29\x21\xf2\xf8\xd1\x14\x87\xaa\x7e\x52\x55\x7f\xee\xd9\x67\x57\x19\x9d\x3a\xae\x63\x77\x77\x01\x54\xb1\x7f\x35\x77\xc7\xac\x3d\x8c\x76\xcf\x74\x61\xb5\xe8\xd4\x2a\x71\x85\x07\x8e\xd4\xf8\x62\xfc\x57\x50\x2f\x61\x50\x75\x30\x7b\x6e\x10\x3c\x77\xc1\xf6\xc8\xbd\xa7\xaa\x17\xe4\x35\xe2\x1b\x94\x9a\xf4\x4d\xff\x5a\xa3\x0a\x62\xda\x71\x2f\xa9\x96\x6a\x61\x2f\xfc\xa1\x48\x71\xfd\x6f\x86\x0b\x4a\x96\x14\x01\x2c\x53\x69\x91\x0e\x0f\xfd\x6f\x0f\xbd\x88\x9a\x9c\x25\x7c\x32\xbd\xcf\x90\xbb\x80\x62\x7c\xb2\x72\xec\xd4\x59\x98\x97\x55\x59\x55\xe1\xfe\x08\xcd\x7e\xbb\x21\xc0\x71\xbe\x0f\x48\x98\x96\x96\xcb\x39\xaa\x82\xad\x11\xba\xa5\xd4\xac\x61\x3a\xbf\x1b\x6d\xb8\xa2\x0e\x68\x68\x36\x22\x28\x33\xf8\xb6\xdd\x2f\x00\x06\x22\x7b\xe4\x8e\x85\x80\xdc\xc8\xde\x62\x0d\xac\xb2\xf6\x5a\x69\x36\x75\xd6\xcb\x45\xba\x5d\xd1\xaa\x70\xdb\x76\xbc\x64\x1d\x4f\xb5\x67\xec\xbc\x71\x11\x44\x2e\x29\x41\x58\xbe\x57\x5c\x71\xdd\xc2\x6e\x94\xf4\x12\x66\xa2\xfd\x3a\x0d\x43\x57\x81\xfc\x09\x46\x48\xfa\xdf\x5f\x17\xcd\x41\xab\x89\x58\x21\x89\x4e\xc0\x80\x6b\x26\x2c\x39\x35\x34\xfe\x66\xf2\x1e\x37\x83\xc1\x4a\x96\xc8\x8f\x2e\x06\x53\xfe\x32\xe7\x5d\xce\x8a\x46\x3b\xb9\x7e\xed\x6c\x16\xf3\xf3\x22\x81\x69\xab\xb5\xb4\xbf\x9e\xa3\x27\x8c\x1f\xf0\xf8\x6e\xae\x71\x38\x9b\x64\x33\xac\xd0\x97\xee\xfa\x9e\x6e\x05\xf4\x95\x5c\xd5\x17\x83\x0b\x8d\x98\x70\xcc\xb5\x22\x74\x15\xe5\x0f\x23\xf6\x47\x32\x17\xa7\x45\x09\x64\x70\xdc\xa9\x3d\x2b\x34\x67\x3c\x5d\x6a\x57\xed\x02\xc8\xe0\xca\xe1\x19\xb3\xf3\x29\xd8\xab\x64\x98\x49\x4c\x29\x21\xbb\x6f\x49\x6d\xd0\x83\x81\xe7\xd3\x9f\x2d\xb5\x76\x3b\x14\xa2\x82\x1b\xef\xcc\xa0\xa9\xfd\x31\x25\x45\xde\x68\xab\xf2\x06\xd1\x2d\x8e\x02\xe7\x3b\xc7\xe3\xcb\x79\x6e\x7e\xe2\x6c\xc6\x3d\x74\x1e\xfa\xfc\x53\x45\xf8\x13\x29\x51\xbc\xfb\xfd\xdf\x63\x1f\xb7\xcb\x43\xef\x35\xb9\x45\x3c\x93\x90\xeb\x23\xb1\xf9\xd8\xb1\xc7\x2d\xeb\xd2\x4f\x09\xa0\x1a\x9d\xc6\x0e\xe6\x81\x53\x06\x18\x83\x57\x78\x1a\xf6\xe1\x82\x0a\xa3\x5e\x4e\xc1\x21\xb7\xca\x34\xd7\xde\x76\x11\xb2\x46\xa3\xe7\x03\xed\x48\xc7\xeb\x03\xa6\xfe\x8f\x85\x2e\xe7\xd3\x25\x45\xc9\xd8\x52\xd6\x4d\x5d\x75\x93\x0e\x5f\x1e\xbe\x21\xa3\x07\xef\xa7\x62\x2e\xda\xce\xd6\xd8\x79\x02\x6f\x0f\x85\xa9\x11\x20\x12\x80\x37\x05\x58\x22\x69\xd3\x9f\x14\x32\x34\xdf\x89\x09\xab\x3d\x94\x8e\x76\xd3\xda\xaa\x24\x22\x6d\x9a\xc6\x01\xee\xf2\x77\xfd\x2c\xfc\x4a\x19\xae\xdf\x43\x87\xa2\x16\x17\xb0\x3e\xc3\xd3\x84\x5a\x38\x55\x4f\x5e\x97\x03\x6e\x56\xec\x1c\xe6\x60\xdf\x9c\x06\x2c\x2c\x99\x3b\x77\xc5\xba\x6a\x6d\x05\x23\x1d\xae\x37\x64\x18\x3c\x3e\x96\xaa\x53\x9c\xfb\x34\x15\xfb\x16\x3c\x64\x5b\x23\x03\xb2\xd6\xd4\xbd\xa8\xca\x6c\x72\xbc\x03\xd5\x30\x5f\x9b\x11\x8e\x92\x5e\x27\xd2\x9a\xb7\xdc\xb1\x96\x47\x0e\x63\x39\x63\x1b\x23\x80\x74\x4c\x04\xd1\xda\x34\x8f\xc0\xfe\x27\x42\x77\xf8\x2f\x95\xbd\xfb\x0b\x64\xb4\xcf\x3b\x51\xe5\x71\xc0\xdd\xb3\xb5\x3c\xa6"},
+{{0x7e,0xe4,0xe7,0xe9,0x8c,0x6a,0x40,0xf0,0xe7,0x44,0x13,0xf2,0x40,0x39,0xbd,0x22,0x0d,0xf1,0xf8,0xc7,0xf0,0x15,0x52,0x8d,0xbf,0x52,0x84,0xab,0x9f,0x7c,0x82,0xe2,},{0x4d,0x5a,0x80,0x0f,0x9b,0x22,0x07,0x0e,0x01,0x6e,0xe2,0x3a,0xf8,0xa3,0x10,0x90,0x2b,0x36,0x9d,0x58,0x9a,0x84,0x7f,0x34,0x5c,0x2e,0xa2,0x96,0x8d,0x6d,0x09,0x24,},{0xac,0x3b,0xfe,0x3a,0xdf,0x94,0x1c,0x93,0x4d,0x33,0x49,0xc4,0x92,0xde,0x70,0xd5,0x16,0x6b,0xe3,0x89,0xf9,0x55,0xbe,0x87,0xc2,0x88,0x3f,0x41,0xf2,0xda,0x14,0x6c,0x91,0x06,0x51,0xa3,0xb4,0x52,0xc2,0xd7,0x39,0xdc,0x9b,0x53,0x1c,0x57,0x45,0x56,0x5e,0x69,0xd9,0x83,0x59,0xf1,0xd7,0xd9,0x3e,0xbd,0x36,0xd7,0x0a,0xbb,0xf0,0x0d,},"\x8f\xb0\x13\x73\xc4\x2e\x69\x61\x4a\xea\x99\xaf\x49\x32\x37\x85\xf3\x38\x61\xb9\x4e\x90\xf5\x65\x38\x9e\xbf\x70\xe2\x19\xf5\xde\xc7\x32\xe0\x01\x0b\x58\xf7\x29\x05\x30\xdf\x22\x2a\xc9\xc7\x3e\x1c\x2e\x92\xa5\xe6\x06\x1d\xe5\x59\x0c\xaf\x9c\x0d\x50\x21\xd7\x29\xea\xa1\x15\x41\xfa\x1d\x08\x21\x60\xbe\xaf\x61\x1e\x7c\xfd\xc0\xeb\xb3\x15\xd3\x88\xe5\x38\xb4\xb5\x02\x8f\x9b\x30\xd3\xd9\x73\x34\x7f\xfd\x44\x26\x3e\xef\x08\x3b\x81\xb2\x1b\x82\xec\xa5\x75\x6a\x49\x4b\x1d\x81\xc0\x7d\xe8\x49\x50\x6d\x3e\x3b\x66\x87\x97\xa5\xc5\x44\x25\x4d\x4e\xbe\x5c\xf8\x17\x1b\x39\xf8\x72\x4c\xbc\x41\x89\x29\x1b\x3c\x53\xc2\x1e\xce\x49\xa1\xd7\x39\x56\x3c\x65\xb4\x90\x25\x93\x56\x47\xa7\x30\x3a\xe0\xef\x7f\x6d\x24\x55\x46\x45\xa4\x28\xdb\xbb\x42\x44\x9f\x53\x99\xe3\x6d\xc7\x87\xb7\xd6\x95\x8a\x02\xee\xbb\xb8\x36\xe5\xe5\x3e\x26\xe4\x87\x23\x9d\xe9\x4d\x1d\x25\x0e\x79\x43\xac\x0e\x22\xd9\x27\x50\xa0\xcf\x34\x73\xbe\x1a\x62\x25\xcb\xe7\x95\x45\x04\x82\x69\xf6\x23\x7e\xc9\xf9\xec\x30\x7e\x8a\x34\xb7\xbb\x34\xcd\x49\x06\xe4\x31\x62\xa3\x70\x8f\x32\x9c\x5b\x98\x9d\x7a\x7f\xcd\xe1\x09\x9a\x54\x25\x46\xfe\x9c\x33\x18\x2b\xa5\x1b\x84\x3e\x96\xd1\x1c\x79\xe9\x1a\xd2\x1f\x71\x70\xe2\x57\xfd\xc2\x81\x8e\x12\xf9\x16\x8a\x97\x4c\x96\x8a\x4d\x27\x3f\xa3\xff\xa9\xf3\x5f\xf9\x05\x98\x0e\xaa\xd3\x72\x1c\xae\x80\x2b\xee\x36\x21\x0b\x40\xb9\x93\x19\xbb\x66\x99\x82\xe9\x43\xb2\x70\xa4\xc4\xd0\xa9\x2e\xcb\x5b\xba\x2d\xd8\xb4\x0a\xc3\xd2\xf0\x32\x5c\x46\x9d\x5e\x9d\x48\x3f\x52\x41\x97\x40\x10\xc5\xc0\xda\x33\x5f\x16\xe9\x62\x19\x6c\x2e\xf1\x4e\xb2\x4a\xaf\xbb\x31\x1b\xfd\x5f\xa8\xdc\x8d\x2d\x61\xe6\x87\x8a\xd2\xcc\xe0\xdc\x99\x39\xe4\x45\x22\x72\x3d\x42\x7e\xf3\x2f\xb4\x3b\x96\x7f\x5e\x44\xfc\x66\x57\x92\x79\x6f\x8c\xf9\x34\xf0\x1c\x32\x5d\x63\xd5\x83\xdc\x3c\xa9\xd4\xfc\xc7\x57\xd9\x17\x85\x80\xda\xef\x53\xaa\x3a\xb2\x1d\x2c\xe4\x35\x95\x5d\x1c\x6d\x47\x63\x8c\x5e\xdb\x62\xff\x55\x61\x69\x3d\x1c\xbd\x10\xec\x9e\x39\x9a\x71\xbf\x9d\xb1\xc9\x96\x9f\xd5\x9e\x4e\xeb\x31\xaa\x59\xbf\x39\xe9\xf1\x84\x17\x8d\xef\x72\x46\xed\x4b\x8f\x4b\xe5\xba\xda\xa5\xdb\x4a\xf8\x67\xf4\xf2\xec\x39\xa1\x37\x04\x20\x2c\x87\x84\xfa\x16\x8c\xe9\x6f\x9c\xfa\xc7\x10\x17\x23\x62\x75\xfd\x85\x7c\xc3\xc5\x1a\x9c\x7a\xc2\x56\x21\x5e\x14\xb8\x43\xf7\x21\x4d\xc9\xf8\x24\xb9\x1d\x1a\x51\x70\xd0\xef\x1d\x37\x69\x6f\x93\xee\x96\x6a\x2b\x7d\xec\xe2\x2b\x4f\x3a\xfd\x39\xc1\x6d\x60\x1e\x5f\xf8\x40\x8d\x45\xc1\xa6\xce\x71\xf0\x60\x97\x6c\x5b\xe4\xc0\x42\xb1\xb7\x38\xdf\x95\x80\xba\x5a\xe7\x78\x80\xa7\x0c\x0b\x94\xf0\xe1\xc9\xf9\xaa\x34\xc0\x90\xd6\x12\xd5\x7a\x9b\x93\x1f\x50\xa1\x25\xfa\x35\xce\x40\xa2\xcb\x7f\xaa\xd5\x30\xf8\x09\x08\xc7\x3c\xb7\x82\x58\xaf\xd2\x63\x13\x90\x04\x1d\x92\x61\x7e\x9b\xf6\x4c\xe9\x6e\x8e\x4a\xc7\xf3\x12\x6d\x8a\xf8\xa0\x4c\x75\xff\xd4\x38\x76\x9d\xe0\x6f\x74\xc2\xfc\x20\xcc\x81\x92\xda\x35\x3e\x79\x06\x12\x83\xbb\xa0\x8a\x8d\x24\xe6\xe4\xe2\xe8\x3b\xa5\xb0\x8e\x42\x75\x22\x60\x62\x14\x8d\x8a\x02\xaf\xad\x65\xb6\xf6\x27\xcf\xbd\x29\xb7\x1c\xa1\x8a\xee\x5b\x1f\x97\x16\x9b\xf0\x22\x8b\x37\x6f\x41\x06\xb5\x0f\xd9\x1a\x38\xa6\x62\x11\xd6\x9e\xbb\x4a\x7a\xf0\xe1\xc2\x21\x7f\x1b\xa0\x14\xd1\xe0\xcd\x17\x50\x8d\x58\x15\x5d\x16\x3d\xd9\xde\x2f\xe1\xc6\x4c\x7f\x88\xd5\xb5\x53\xe9\xba\x1e\x1f\x25\x43\x0d\x7e\x12\x5b\x07\xa8\xc2\xed"},
+{{0x1f,0x28,0xd9,0x09,0x1d,0x19,0x6c,0xba,0x3d,0x45,0x52,0xe5,0xa3,0x37,0xa4,0xd8,0xaf,0x3f,0x29,0x5e,0x62,0x9e,0x4b,0xa6,0xfe,0x99,0x70,0x31,0x20,0xae,0x41,0xe0,},{0x81,0x4d,0x34,0xbf,0x28,0xee,0x6d,0x90,0xf0,0x39,0x59,0x90,0x41,0xdb,0x81,0x0f,0x7c,0x9d,0xaa,0x91,0x8e,0x03,0xe9,0x61,0x97,0x41,0x4b,0xc9,0xaa,0x31,0xec,0xdc,},{0x5b,0xe5,0x52,0xfa,0x73,0x1e,0x83,0x67,0x93,0xf6,0xdd,0xa8,0x95,0xdc,0x9b,0x1e,0x2c,0xcd,0x66,0x9d,0xe1,0xc8,0x43,0xe0,0x0e,0xa6,0xfa,0x3c,0x5e,0xbf,0x97,0xa3,0x4b,0x26,0xf1,0xf3,0xac,0x7f,0xf2,0x22,0x5e,0xe4,0xa7,0xe4,0x30,0x07,0x2c,0x13,0xda,0x40,0x66,0xdc,0xdc,0xc0,0x5b,0xa2,0xb5,0xf6,0x1a,0x6e,0x8d,0x21,0x07,0x09,},"\xa6\x94\x68\xbc\x33\xeb\xfe\xf0\x61\x5c\x64\x3c\x49\xda\xc6\xe0\x4f\xdb\x6c\xfb\x8e\xc4\x58\x57\xbb\xb7\xa2\x7e\x52\x8f\xd6\x31\xfc\x34\x11\xba\xee\x65\xcc\x1f\x94\xfc\xc9\x4a\xed\x4a\x43\x32\xfa\x68\x61\xe0\x65\xe0\x61\x63\x54\x17\x09\xd7\x97\x28\xe0\x1b\xe2\xb1\x40\xa0\x22\xc8\x3e\x7b\x23\xb9\xed\x2a\xd2\x83\x21\x69\xdf\xc9\x56\x90\x91\x3c\xf3\x72\x01\x30\x65\x70\x80\xc9\xd5\xa7\x82\x7e\x56\x60\x75\x74\x52\xc5\xfc\x3d\xcd\x80\xcc\x6b\xe0\x98\xc6\x29\x22\x6d\x54\x66\xe0\x2b\x97\x12\x6b\xe7\x4a\x14\x52\xee\x16\x81\x50\x95\xde\xb4\x2b\xf0\x65\x66\x71\x50\x28\xc1\x18\x25\x82\x0a\x8a\x23\xc6\x0d\xa2\xb6\x8d\xd9\xa5\x5d\xad\x2a\x29\xa4\x96\x44\x43\x81\x7c\x07\xd7\x76\xb2\x44\xb1\x51\x86\x81\x9a\x3b\xbe\xd4\x14\xab\xf4\x57\x9a\x3e\xce\x3a\x3d\xc7\xb1\x05\xd0\xa9\xdb\xa3\x7b\x9e\xaa\x78\xbe\x8e\x46\xe1\x69\x8b\x59\xb0\x94\x0b\x01\xf3\x8b\x28\x3c\x33\xa9\xa4\xb1\xd4\xf8\x14\x4b\x16\xee\xb5\xfc\x0a\x7a\xf0\xd0\x81\x69\x66\x45\xa1\xea\xb3\xa7\x87\xcb\xcf\x88\xfa\xd9\x3d\xd6\xcd\x46\xd2\x95\xa8\x79\xa1\x77\x50\x33\xa9\x85\x63\x82\x2e\xf1\xf6\xb6\x9a\x58\x1e\x49\x73\x6c\x8d\x70\x1b\x44\x53\x96\x93\x40\x52\x1e\x4a\xd4\xbf\x94\xb9\x11\xb0\xe2\xd8\x6f\x34\xee\xce\x4a\x63\x85\xff\x1f\xe6\x32\x20\xcd\x3c\xc5\x92\xf3\x6d\x6c\x49\x1f\xa1\x8f\x7c\x14\x04\x36\x0d\x2a\x77\x53\xfe\x07\x3e\x09\xa2\xfc\x42\xa4\xbb\xea\x55\xbc\x96\xd7\xf0\x5c\x98\xae\xd2\xcc\x4a\x9f\xae\x8f\xd4\xa0\x19\x7f\xf0\x1f\xa7\xf0\x04\x6e\x3c\x3e\xb5\x9a\xaa\xbc\xa3\x13\xa4\xdd\xaa\x5d\x20\xd2\x7c\x2c\x5f\x1a\xc6\xd8\x7f\xd3\xcb\x4b\xd3\x5a\x1e\xc7\x5d\x10\x4f\x7c\x36\x73\x31\xa3\xe2\x95\xe5\x3c\x4e\x80\xba\xe1\x4b\x97\x92\xd0\xd5\x26\xf7\x40\xd4\xff\x03\x6f\xaf\x54\x87\x96\x7f\xfa\xbe\x8e\x88\x3d\x3f\xb0\xd1\x6f\xaa\xdb\x28\xe1\x28\x5d\xed\x41\x57\x0c\x0b\x07\xc2\x55\x9b\x53\x1e\x0f\x92\x54\xef\x88\xe5\xb1\x0f\x64\xf4\x83\x9a\x9a\x0b\x6c\x3c\x7f\x1b\x78\x50\xf4\xad\x9b\xf0\x99\x9a\x7f\x2a\xe7\xc4\x5a\x65\x8e\xa5\x30\x36\xfc\x70\x19\x98\x42\xb8\xe4\x9e\x60\xf9\x67\xde\x1f\xf3\xab\xff\xf6\xcd\x73\x5b\x7c\xd8\xb8\xf9\xe2\x48\xf1\x56\xf6\xc6\x54\x38\x69\xeb\x99\x82\x3d\xae\xa8\x8d\xeb\xaf\x79\xf0\x1e\x65\x21\xec\x63\xfe\x72\x72\x4e\xe3\xc8\x22\xb8\x8b\x39\x68\xb2\x48\x52\x09\x15\x83\xc4\x9a\xb3\xc1\x5f\xa1\xf7\x9b\x18\xd9\x8f\x04\xd9\xb6\x84\x1c\x9a\x7c\xa0\xde\x2f\xcc\x02\xf9\x5d\xd6\x49\x49\x2e\x8b\x56\xa3\x1e\xc1\xe2\x44\x33\x7a\xf6\xaa\xae\xde\x8b\xf9\x9f\xc8\x14\xef\x57\xc0\xd5\xe0\x8c\x3c\x7e\xcc\x18\x97\x98\x0a\xa1\x69\xa9\x92\x6d\x20\x69\x8d\xf6\x93\x0e\x21\x10\xcb\x46\x0f\x49\x39\x01\x00\x74\x10\x95\xf8\xed\x00\x41\x2a\xe6\x96\xd9\x8e\xfe\xfd\x29\x0d\xa5\xf7\xd0\xb7\x28\xd2\x0a\x1e\xbf\xa6\xbd\x7d\x27\x0f\x28\x1a\x98\xc7\xb1\xe4\x08\x43\x51\x25\xaa\x48\x3c\x6b\x7d\x63\x3f\xf7\x58\x8a\x94\x16\x58\xf6\x12\x95\x44\xd6\x29\x45\xb9\xb8\xaf\x71\xa8\xc6\x2c\x0a\x50\x07\x6c\xb8\x54\x1b\xa7\xe4\xbd\xe4\xed\xe4\x41\x72\x2c\x6e\xb9\xdf\x8c\xfd\x06\x56\x33\x9e\x86\xd2\x26\xab\xae\xa0\x5e\xa0\x47\xf6\xb8\x30\x77\x01\xf6\xc9\xa4\x4c\xc9\xcb\x83\x7b\x8e\xb6\x24\x45\x92\x5e\x8a\x88\x81\xd2\x53\x8f\xcb\x2b\x24\x9e\x4e\xe8\xb6\x86\xec\xfb\x49\xc4\xdf\x86\x40\x1d\x24\x9a\xac\x35\x84\x1e\x91\x40\x04\xf9\x45\x5d\x3f\xde\x37\x5d\x20\xa0\x1f\xba\x27\xb1\x97\xa6\x98\xd3\x84\xc7\x65\x05\x10\x68\x01\x62\x7e\x83\x36\xbd\x2d\x76\xd7\x61\xa8"},
+{{0xc6,0x4d,0xd2,0x0d,0x42,0x62,0x75,0x26,0x19,0x8a,0x22,0x64,0x76,0x90,0xc8,0x95,0xb5,0xb4,0x5b,0x69,0x8f,0x57,0xa6,0x9d,0xfb,0xe4,0x8d,0xbd,0x42,0x6a,0xa4,0x70,},{0x2e,0x01,0xd4,0x04,0x16,0xf7,0x8a,0xcd,0xdb,0x34,0xb8,0x44,0x5e,0xa4,0xfd,0x0a,0xb3,0xfa,0x9e,0x66,0x43,0x04,0x47,0x52,0x21,0x3f,0x07,0xc7,0xf0,0xff,0x43,0xa0,},{0xde,0xac,0xc8,0xc2,0x32,0x18,0x72,0x76,0x76,0xd5,0x40,0xa2,0x3b,0xda,0xd7,0x81,0x02,0x11,0xe6,0xd5,0x7a,0xd2,0x94,0xc3,0x7d,0x4b,0x1c,0x9a,0xf6,0xb3,0x37,0xa5,0x3f,0x78,0x80,0xd2,0xba,0xfa,0x73,0xb3,0x05,0x08,0xc0,0x08,0x42,0x6b,0xf8,0xd7,0xc9,0x65,0xa1,0xf4,0xa4,0x22,0xa1,0xbc,0x7d,0x6a,0xd6,0x22,0x6f,0xd1,0x97,0x06,},"\x82\x1b\x9f\x7c\x16\x10\x4b\x53\x3b\xd1\x27\x18\x4f\xd7\x2a\xde\x09\x2b\x13\xbb\xd9\xac\xee\xd2\x9b\x8d\x10\xf1\x66\x88\x92\x2d\x16\x5f\x89\x31\xd5\x3d\xf5\x90\xfb\x71\x3b\x67\x4d\x80\x5c\xe0\xc9\xd6\xce\x6c\x43\xba\x69\x68\x19\x1d\x12\xbf\xa0\x8a\x8c\xe2\x2e\x8f\x33\x6b\x2b\x49\x1a\xf2\x5d\x1b\x16\x06\xf9\x30\xca\xeb\xe5\x22\x39\x2a\x87\xd4\x2c\xe7\xbc\x16\x7a\xa7\xb6\x10\x59\x72\x20\xaf\x31\xa6\x65\x35\x30\x71\xe8\xd9\xe5\xf4\x20\x78\xb9\xc3\x88\xbf\x04\x02\x58\xe2\x1f\x9c\x3a\xb3\x8c\x04\x27\x61\x8b\x2c\x28\xd3\x43\x0d\xf2\x79\x21\xbf\xc5\x84\x87\xb3\x46\x19\x78\xbf\xa8\xbf\x58\x6c\xfe\x83\x58\xe0\x92\xf8\xf4\x74\x66\xe7\x62\x45\x1d\x50\x16\x4a\x0d\x74\x36\x0f\x66\xb4\xcd\x3a\x35\x75\xda\x01\xda\x23\x75\x24\x30\xc0\x35\xda\x85\x9f\x57\x7d\xe2\x22\x90\xaa\xb4\xed\x7f\x34\xd2\x67\x40\x6a\xb5\x47\xeb\x44\x5c\xc6\x4d\xf5\x30\x19\x42\x7f\x4e\xb7\x2b\xca\x55\x39\x71\x53\xd0\x1c\xcf\x7e\xc9\x7d\x7a\x96\x7d\x9a\xff\x46\x23\x1d\x2e\x20\x27\xb3\x8f\x3b\x41\xbd\x2c\xb1\xb7\x98\xa4\xae\x88\xab\xf4\x89\x62\x16\xd3\x15\xbd\x53\x83\x02\x42\x59\xe5\x97\x42\x80\x2a\x91\x1b\xad\xcf\x84\x73\xdb\x91\xaf\x31\x97\x33\x32\x0c\xb9\x52\x1e\xf9\xce\x43\x72\x67\xb6\xea\x17\xbc\xaf\xe5\xd0\x90\x3b\x12\x3a\x35\xc9\x88\xf4\x98\x34\xf6\x1d\xd5\x52\x64\x0a\x32\x76\xda\x26\xaf\x17\xec\x21\xa2\x02\x96\x58\x6d\xd6\xf4\xb3\x6c\x7a\x4f\x0b\x89\x9d\x70\xb4\x2a\xf8\x9e\x29\x37\x01\x32\xed\xfb\x72\xd6\x83\x41\x94\xa1\x60\x93\x60\xb1\xf1\xfe\xab\x89\xb9\x6b\x8e\x8f\x0f\x68\x98\x7c\x57\xcc\xe0\xba\xb7\x68\x11\x37\x18\xfb\x17\x09\xde\x2d\xf3\x21\x77\xd4\x40\x85\xda\x5e\xfd\x9d\xa7\x0e\x1a\x85\x8c\x92\xf2\x45\xac\xfe\xe6\x4b\x71\xf3\xeb\x16\xe0\x4f\xc1\x39\x89\xe6\x93\x37\x99\x97\x01\xdd\x73\xab\xc2\x66\xc9\xfd\x4c\xff\x91\xa0\xfd\x04\xfb\xd8\xb1\x3b\x12\xe6\xf4\x50\x38\x57\x15\x84\x8e\x00\x7f\xa0\xd4\x63\x11\x9f\xd7\xde\x63\x25\xb6\x40\x04\x2b\x65\x42\x12\xe0\xdb\x8d\xa1\xad\xeb\xd2\xa7\x58\x9f\x77\xee\x4f\x75\x2d\x28\x2c\xa1\x11\x9c\x43\x1b\x17\xad\x0a\x02\x1e\xf2\xbf\x95\xe5\xac\x47\x04\xe6\x2d\x70\x39\xd0\xe6\x51\xe4\x56\xd6\x0e\x63\xba\xde\x40\x1c\xca\x77\xc9\xa8\x91\x63\x17\x4d\x50\x22\xd7\x45\xab\xdc\x76\xb9\xff\xe2\x54\x41\x55\x23\x5e\x30\x63\xe6\xe4\xae\xec\x44\xed\x5d\x8a\xb4\x08\xd9\x66\xfe\xc1\x20\x16\xc1\x30\x73\x0b\xbc\x55\x87\x32\x06\x5d\xa8\x00\xa7\x0c\xbf\xb0\xfc\xcc\xa4\x5d\x00\x28\xcb\xfd\x96\x32\xdd\xb2\xf0\xed\x12\xed\xae\x7b\x93\x0b\x10\x6c\x9d\x12\x85\xa4\xb8\x70\xde\x75\x07\x99\x9c\x74\x79\x3d\xd4\x97\x40\x87\x19\xc8\x98\xab\xe4\x9f\x7f\x33\xa3\x3e\x69\xb5\x0f\xa5\xaf\x94\x80\x06\x85\x66\xd1\xfd\xdf\x44\x82\xd7\x97\x04\xad\x8e\xf1\x1b\x88\xb4\x2c\xc6\x9f\xce\x8a\x55\x7b\x5b\xa5\x10\xe7\x08\xb9\x37\x51\x23\x03\x85\x68\x27\x0d\xe4\x07\x23\x2e\x95\x62\x1e\x2d\x04\x57\x0b\xec\x2c\x41\xec\xcf\xd8\x55\xb2\x1f\x0c\x9b\xba\xa2\x3b\x5c\x58\x15\xfc\x88\x8f\x7f\xbe\xd4\x82\xc3\x20\xff\xa1\xe0\x63\xe8\x7b\x55\xbc\x8f\x7e\xee\xa3\x74\x06\x3a\x9b\xe6\x5f\x7e\xd9\x22\x5b\xf6\xca\x34\xcf\xa3\x11\xb7\x9f\x3a\x25\x8c\x25\x2e\x63\x45\xed\x6a\xc8\x47\x48\xf4\x68\x07\xa5\x5d\x4b\xa4\x12\x66\x16\x9c\xd2\x62\xd4\xf7\x22\x79\xef\x0c\xaa\x77\xff\x44\x93\x35\x32\xbd\x13\x74\x75\x6c\x23\xec\x85\xf5\x5e\xfe\x9f\xc2\x33\x1f\x26\xf8\x81\x62\x9f\x80\xc2\x69\x2f\x7f\x53\xe4\xbc\x6f\x22\xef\xb4\x54\x57\xa2\x23\xf0\xd1\xc4"},
+{{0x0f,0x8e,0x9f,0x35,0x26,0xb4,0xfa,0xea,0x92,0x76,0xf2,0x2a,0x17,0x79,0xe6,0xf8,0x27,0x09,0x80,0x8f,0x6d,0x0c,0x61,0x2a,0xdf,0xe3,0x2a,0x6e,0x8a,0x06,0x10,0x05,},{0xd4,0x8c,0x3f,0x0f,0xde,0xf3,0x82,0xd1,0xd8,0x03,0x13,0xe8,0x46,0xfc,0xa9,0x5e,0x41,0x81,0x76,0xbb,0x5d,0xfa,0x9d,0x39,0x8c,0x1d,0x21,0x24,0x77,0x6f,0x69,0x0a,},{0x2f,0x59,0xa2,0x93,0x60,0x73,0x91,0x38,0x34,0xeb,0x15,0xa0,0xe0,0xbc,0xb9,0xaa,0x80,0x40,0x89,0x46,0x8f,0x24,0xdd,0x1b,0x2d,0x37,0xa1,0x93,0x4a,0xe9,0xba,0x10,0x20,0xff,0x64,0xb7,0x2e,0xec,0x03,0x26,0x8d,0x0a,0x7c,0x01,0x2c,0x4e,0x79,0x63,0x00,0xf6,0xdf,0x7a,0xdd,0xa0,0x1c,0x8b,0xc5,0xe9,0x01,0x5c,0xcd,0xee,0x1a,0x00,},"\x0c\xcd\x37\xc4\xcf\xd8\xe7\x0c\xa3\xbb\x39\x46\xd0\x9d\x70\xd0\xf6\xa4\xb8\x1d\x6d\xfb\x07\x9d\x78\x73\x74\x80\x71\x58\x98\x80\x92\x73\x82\xf7\x43\x6a\x6e\xf8\xf5\x1c\x25\x54\x73\xdd\x01\xfe\xb5\x2c\x8e\xdb\xe4\xd3\x25\x57\x13\xe6\x8d\x64\x0f\x3d\xcf\x15\x8f\x2b\xfb\x9f\xbe\xcf\x71\xf0\x71\x9d\xfe\x8c\xe6\xb6\x01\x28\x1b\xa6\xc2\x0a\x56\xb4\xf8\xe7\xca\xa4\xaa\x9f\x86\x8f\xbf\xc5\xe4\x32\x1c\x22\xd6\x5f\x03\x82\xc4\x89\x6b\xf9\xbe\xbe\x35\x46\x94\x9e\x81\x85\xa4\xd8\x17\xe4\x5b\x5d\x12\x93\x95\x38\x21\xbd\xd9\x8e\xc2\x59\xf6\x4a\x3d\xe5\x38\x65\xb1\x49\xea\x01\xc8\xf6\x83\xec\xda\x61\xda\x5d\xc1\x0e\x7e\xbd\xdd\xfe\x74\x84\xf5\xeb\x10\x31\xb7\x91\x65\x87\xca\xa3\x99\xa0\x6b\x6f\xea\x4c\x5e\x6e\x0b\xe6\x50\xfb\xdf\x06\xc1\x03\x6d\xf2\xcc\x35\xf6\x2e\xa0\xea\x71\x3f\x52\x80\x9d\x77\xf4\x7c\x2e\x55\xc9\x23\x92\x48\x16\x80\xb6\x33\x20\x56\x22\x69\x13\xb0\xce\x88\xa6\xc5\x5a\x26\xbd\xb5\xb8\xba\xb3\xcf\x46\x95\xa8\xc5\x22\x30\x2c\x4e\xba\x37\xd3\x1f\xf7\x7e\x58\x30\x1b\xcc\xfc\x7c\x7b\xe8\x58\x0c\x63\x42\x68\x79\x95\xf4\x4a\xcd\x19\x09\x65\xae\x0d\x7b\xf0\x66\x95\x92\xb6\xad\x88\x74\x3e\xbb\x36\x0c\x73\xe0\x48\x4a\x23\xd2\xf9\xe9\x9e\x9e\xb0\x38\xdc\xbd\x87\xca\x9b\x1a\x49\x8f\x1b\x2d\x35\xfe\xdd\x7f\x8e\x1f\x7f\xd8\xca\x52\x64\x86\x91\x1e\x07\x6a\xea\xb4\x87\x7b\xba\xcf\x37\x8a\x28\x55\xf9\xc5\xac\x03\x91\x30\xdc\x69\x0e\x17\x7d\x67\xb2\x44\xcc\x8a\xd0\x32\x37\x9e\xf7\x1f\xe0\x5e\x9c\x86\x13\xd8\xf5\xd6\xea\x3d\x4e\x3e\x47\x22\x20\x29\xcc\x00\x42\x53\xbe\x47\xf8\x7f\xb5\xe3\x31\x4c\x48\x98\x13\x4b\x87\xac\xf1\x0b\x25\x38\xba\xd8\x97\xbd\xc5\x01\x2d\x8f\x97\x62\xc8\x71\xb6\x53\xd4\x00\xfe\xe0\xce\xed\x5e\xf6\xbd\xd1\x6f\xaf\x3f\x0a\xbd\xbd\x72\xcd\x0a\x12\x94\x05\x46\xf0\x99\x5f\xf1\x4b\x0f\x1b\xd5\x48\x56\xff\x74\xc3\x6e\xb4\xf2\x2d\x72\x87\xae\xfd\xc6\x09\x99\x8c\x1f\x41\xbc\xc3\xbb\x3a\x5f\xa4\x92\x34\xf4\xfa\x8e\x92\x9c\xd0\xf5\x54\xb3\x15\x39\x5d\xae\x87\x3c\x61\xca\x70\xe0\x41\x0c\x2f\xd5\xa1\x15\xd2\xa6\xff\x1f\x1c\x94\xb2\x7b\xa4\x50\xb8\x19\x4b\x21\xf0\x95\xc6\x1a\x5f\x21\x5e\x3c\x84\xf5\xd4\x3f\x0e\x73\x62\x86\xd3\x3b\x8c\x47\x81\x4d\xb9\x79\xf9\xdc\x00\x91\x98\x46\xbe\xe6\x85\x33\x7d\x99\x55\x5a\x24\x47\x2e\x6b\x00\xb3\xf4\xa1\x43\x11\xa6\xc7\xc9\x04\xba\x58\x89\xda\x6c\x1d\xdc\xc1\x11\x75\x80\xf5\xfb\xc4\x1f\x2b\x8a\x42\x68\xcf\x0e\x9f\xa5\xbf\x41\x25\x34\xc9\xe4\x05\x2a\xac\xb5\x04\xcb\x86\xe2\x14\x7a\xb8\x02\x3d\x58\x80\x0b\x76\x3f\x9a\xbf\x9d\x04\x40\x78\x8a\x51\xdf\xe5\xcb\xd4\x42\x30\xba\x52\x28\xf1\xf5\x96\x0e\xa3\xa4\xe4\x04\x4d\x36\xda\xf8\x11\xcb\xdb\xec\x5d\x69\x64\x63\xd8\xe9\x41\xf2\x72\x17\x56\x3b\xb4\x4a\x21\x18\xa4\xf5\xac\xd6\xe7\x94\xde\x17\xe0\x28\xcb\xde\xef\xde\xf2\xcb\xf0\x3d\xd3\x2e\x78\x99\xe6\x5a\x1c\xf8\x39\xf5\xd9\x0e\x1f\x8c\x36\x4b\x57\x7f\xe3\x10\x53\x53\xf6\x67\x68\xdb\xf7\xaf\x0c\x52\x1a\xa8\xa4\x9f\x7a\x22\x08\x2d\x88\xf9\x01\x49\x8c\x90\xb9\xd7\x77\x7e\xd2\xf9\xf0\xe8\xa5\x52\xd8\xa1\xfa\x5e\x96\x32\xed\x85\x32\x58\xc9\xc2\x15\xb6\xdb\xb4\x11\x1d\xcf\xca\x55\x4b\xfb\xc9\xbb\xa2\x2f\x88\xbc\x55\x55\x2c\x6d\x86\x25\x56\xd7\x41\xda\xd5\x9f\x21\x5e\x37\x28\x83\x46\xca\x7d\x7f\xd8\xc6\x5a\x38\x0d\x72\x0c\xaf\xf9\xef\xa1\x49\xf3\xfd\xa2\x32\xda\xa5\xb1\x2e\xf1\x1c\x0a\xf0\x86\x2b\xd0\x22\x9e\x07\x5a\x3c\x6b\x60\xef\x0b\xbb\x3d\xad\x7f\x29\x08"},
+{{0xfe,0x7c,0xdc,0x79,0x66,0xd0,0xff,0xb9,0xc7,0x6f,0x4a,0x18,0xe7,0xf0,0xbf,0x90,0x69,0x0e,0xb7,0x6d,0xc3,0xd3,0xd5,0x08,0x84,0x64,0x8e,0x2e,0x39,0x37,0xd0,0x20,},{0xa1,0x2e,0xe9,0x81,0x2d,0x6a,0xf6,0xaa,0x48,0x79,0xfa,0x72,0xbc,0x0a,0x69,0x80,0x4e,0xa1,0xa8,0x5f,0x9b,0xc4,0xa2,0x6a,0x5b,0xa7,0xcf,0xbb,0x91,0x4d,0x0d,0xd9,},{0xb5,0x2d,0x03,0xfd,0xeb,0xcd,0x42,0x97,0x37,0xef,0x70,0x92,0x06,0x87,0x21,0x1f,0xbb,0x4c,0x04,0xf8,0x1e,0x35,0x5c,0xec,0x70,0x72,0xc5,0x05,0x41,0x75,0xd2,0xed,0x77,0xf3,0x8f,0x46,0x6f,0x00,0x14,0x22,0xda,0x8f,0xcd,0xf0,0x67,0xdb,0x14,0x51,0x00,0x7c,0xab,0x60,0x7f,0x04,0x9c,0x2e,0x26,0x07,0xb5,0x7d,0x44,0x71,0x3c,0x04,},"\xdc\xb9\x1c\xf1\x55\x46\x1a\x60\xdf\x07\xee\xc2\x9d\x98\x61\x6e\xd1\x72\x8b\x34\xef\xa9\xe1\xf7\x44\x5a\x91\x58\xa8\xf8\x8d\x7f\xaa\xae\x0e\x24\x72\x5a\xef\xf2\x63\xc3\xf7\x4f\x0c\x68\x4f\x18\x58\xf0\x5b\x69\x95\xd2\x84\x6b\x6a\x83\x2f\x67\x08\x5a\x42\x76\xd8\x66\x1a\xeb\xd3\xbf\xcc\x73\x18\x1f\x1f\x51\x02\x93\xb6\xde\x5e\x4b\xb2\x3f\xf2\xdc\xa1\xdf\x60\x8c\xb1\x4a\xe5\x22\xac\x4b\x51\xe1\xf9\xb9\x73\xab\x8b\xaf\xcd\x53\x4e\x71\xc5\x71\x81\xb1\x18\x96\xee\x10\x61\xfb\x36\x9c\xa4\xd2\x93\x9d\x1e\x57\x06\x0d\x9f\x4d\xb0\xa5\xc0\xb0\x7d\x52\x68\x7f\x15\x78\x17\xe6\x3e\x2f\xe7\xeb\xcc\x3e\x7c\x95\xef\xe0\x5b\x85\x99\x10\xc9\x5e\xed\xe8\x6d\x14\x39\x9e\x61\x62\x48\xa2\x8c\x24\xc4\x14\xdb\xb6\x93\xaf\x9b\xe4\x35\xa3\xa9\xcd\xc3\x3e\x0e\x2a\x58\x69\x18\xd9\x1b\x8a\x85\xce\xdd\x16\x12\xd7\xc1\xa2\x17\x92\xbd\xd4\x3a\x91\x5b\x15\x7e\x04\xbb\x3a\x44\xec\xbe\x23\xfa\x49\xcc\x55\xda\xab\xbe\xaa\x15\x5a\x73\x7f\x76\x5b\x8d\xdb\x0f\x3b\x15\xd4\xec\xf2\xce\xf7\x05\x4c\xa7\x3e\xc8\x7d\x91\x75\x2c\x2e\x99\x19\x5c\xdb\x19\x58\x84\x4f\x14\x4e\xda\xb8\x2a\x97\x54\x9f\xc9\xce\xc0\x8e\x87\x11\xcf\xf8\x63\xb6\x3f\xc2\x31\xa7\x7f\x76\x2e\x5c\xd9\xda\x9d\x59\x40\x92\x52\xe9\x9a\xb0\x4c\x42\xbc\x57\x09\x7e\x46\x4e\x3c\x6a\x48\xd8\x02\x41\xe6\x32\x5e\x3e\x40\x94\x98\x9b\x34\xc0\xe8\xb3\x2b\x1a\x78\x29\xd5\x4d\xf3\x2a\x05\x0e\xe8\x7d\x8f\x7c\x4f\xe3\xe4\xf4\xf7\x04\x9d\x1f\xee\xcd\xbe\xa6\x71\x08\x35\x0d\xb4\xe8\xed\xbe\x3c\x3f\xf8\xab\x2a\x25\xd1\x47\xb1\xc1\xc5\x82\x1b\x0f\x8c\x21\x04\x2d\x65\x5d\xb8\x31\x69\x1f\x59\x98\x3f\x27\xd2\xed\x1d\x49\x06\xc5\x44\xe2\x4e\x79\xbe\x68\x65\x3c\x9b\x22\x9a\x7f\xb6\x1e\xf5\x45\xba\xb1\x6e\x98\x81\xcb\x4d\x92\x65\xe2\x93\x59\x0a\x0b\xc2\xdc\x86\xba\xd2\x30\x07\xff\x40\xc9\x58\x61\x92\x3b\x49\x82\x41\xc1\x0d\x26\xbf\x48\x48\xf6\x2b\xa7\x38\x3f\x64\x9d\xc3\x8a\xf1\x84\x0d\x0d\xe9\x28\xa9\xbf\xee\x5e\x11\xb5\x14\x34\x16\x3a\x7a\xb1\xed\x53\x74\x15\xf1\xe9\x32\x85\xe3\x69\x92\x05\x72\x01\x58\xf9\x55\x7d\x86\x41\xed\x2b\xf4\x85\xb8\x21\x2c\x8f\x82\x66\x8b\xac\x3c\x22\x8e\x69\x24\xc1\x7d\x0d\x98\xf2\xe6\xd9\x23\x43\x71\xc4\x42\x5e\xb7\x58\x68\x9f\xdb\x0d\xc1\xce\xa1\x39\x4a\x28\x62\xe8\x7b\xb3\x8e\x62\x4c\x34\x79\x91\x68\x61\x32\x78\x22\x5f\xb5\xe1\x9c\x92\x47\xad\xa3\x55\x54\xf2\xc4\xad\xdb\xb6\x1d\x5a\x50\x2a\x70\x81\x27\xd6\xef\xbc\xa8\xf7\x35\x09\x0b\xdf\xdd\x88\xdb\x29\xfb\xd1\x4b\x69\xab\x12\x62\xf0\xc3\xe2\x6d\x26\x3a\x59\xc5\xae\x46\x39\x06\x53\x83\xd5\x25\x0b\x54\xcf\x59\x2b\xb7\xad\xfe\xaa\xe0\xd2\xfe\x81\x6b\x63\x81\xe8\x6e\xa2\xd1\xc7\x18\x13\xcb\xc3\xd8\xfe\x2d\x31\xde\x7b\x30\xfb\x6e\xc2\x29\x4f\xe4\x53\x6a\x36\xc6\xa1\x83\x5a\x71\x62\xab\x4b\xf8\x9d\x19\x46\x61\x19\x65\x7b\x0e\x46\x45\xae\xf5\x03\x50\x5b\x4d\x55\xdf\x97\x7b\xd2\xc9\x0c\x64\x40\x6f\x49\x70\xd5\xcf\xf2\x45\xb8\x35\x32\x2a\x6f\xbe\x23\x4e\x5e\xfb\xb5\xea\x45\xe8\xf0\xd3\x97\x3b\xe4\xaa\xa2\xaa\xda\xab\x07\x7d\x6c\x9b\x25\xbd\x44\x94\x40\x9e\x93\x47\x9d\x2d\x15\x07\xf6\x6b\xc8\xbe\xf8\x29\x99\xa1\x3c\x79\x43\xb4\x72\xb9\xe6\x1e\xc2\x9d\xeb\xef\xbf\x22\x41\x42\x3e\x0f\xaa\x42\xc1\xa3\x38\xa7\xa6\x13\x1d\xed\x93\x5b\xa0\x3a\x28\x66\x2e\x68\x59\x33\x68\xdd\xe5\x4b\x46\x2f\x2a\x5f\xb7\x46\x18\x5f\xf5\x50\x3e\x69\xba\x36\xbf\x16\xf7\x14\x58\xcd\xd0\x57\xe5\xc1\x72\x67\xf6\x74\x98\xd6\x52\x86\x0b\x46\x5e"},
+{{0xf6,0xc9,0xab,0x5e,0xa7,0x5f,0x29,0x4e,0x8e,0x0c,0x07,0xc4,0xc0,0x9e,0xd8,0xee,0xa3,0x11,0x3b,0xdf,0xc2,0xef,0x75,0x9e,0x20,0xa2,0x64,0x57,0x16,0x04,0x10,0x8d,},{0xb1,0x2f,0xf5,0x5b,0xd3,0xec,0x42,0x61,0x0e,0xac,0xea,0x28,0xb3,0x13,0xa1,0x6e,0x19,0xc9,0xe8,0xb4,0x7c,0x2b,0x15,0x17,0x09,0x91,0xbe,0x08,0x8d,0x65,0xcf,0x63,},{0xa7,0xf9,0xd0,0x8b,0xa1,0x41,0x83,0xef,0x24,0x7f,0x2c,0x25,0xfe,0xcc,0x2b,0x83,0xed,0xa6,0xde,0x58,0x02,0x2e,0x46,0x6c,0xe7,0x8f,0xcf,0x50,0xf7,0x1c,0xe2,0x61,0x62,0x44,0x65,0x62,0xee,0xa4,0x5d,0x63,0xa2,0x1c,0x3b,0x22,0x56,0x1f,0xd4,0x68,0x00,0x58,0xac,0xb8,0x25,0x40,0x7a,0x15,0x40,0x8f,0x27,0x13,0x61,0xa1,0x46,0x0f,},"\x71\x62\x3b\x39\x74\x3e\x39\xc7\xe0\x86\x38\x80\x6d\x46\x8a\x1a\x8a\x6f\x35\xc2\xae\x38\x8e\xef\xc2\x73\x74\xbb\x52\x53\x88\x14\xc4\xb3\x6c\x9b\x8e\x38\x9a\xd8\x31\x83\xde\x02\xa1\xbb\xd0\x32\x57\x34\xe4\x61\x87\x54\x09\x23\x37\xd3\xe7\xdc\x12\x56\x92\x8e\x35\x28\x87\x0c\xa7\xf0\x06\x13\xa2\x5b\x71\xbb\x15\xd1\xd9\xea\xaf\xf9\xf2\x26\x9b\x71\xc1\x97\x69\xe0\x03\xce\x84\x56\x14\xb2\xec\x95\xed\x28\xca\x85\x5b\x52\x21\xd4\xcb\x80\xa6\xca\x94\x66\xaa\x33\xe2\x51\x0d\xdf\xf7\xdc\xe1\x86\x15\x9d\xa7\x0f\xc8\xb1\xfb\xac\x12\xa2\x6e\x1f\xc0\x94\x22\x76\x89\x2a\xd6\xe9\xb0\x03\xf5\x69\x59\xbd\x31\x3a\xf2\x89\xe7\xa0\x53\x2a\x66\x4b\x76\xb9\x6b\x91\x98\x54\xe0\x65\x0c\xb8\xc5\x2e\xc4\xc5\xfb\x50\x53\xaf\x2f\x0c\xf8\xc0\xf2\x2a\x52\x3f\x9e\x2c\x64\x19\xdf\x8d\x0b\x71\x4e\xe3\x77\x68\x00\xeb\xfa\x70\x77\x60\x84\x66\x7d\x6d\xcf\x54\x1f\x14\xcf\x16\x62\x62\xe0\xf6\x4c\x42\x76\xae\x28\x88\x5e\x6c\xfd\x09\x7b\x70\xc0\xd6\x18\x6e\xa5\xdb\xd0\x33\x32\x3c\x98\x76\x13\xda\x08\x64\x5d\xe0\x72\x08\xba\xe1\x2a\x17\x8d\x8f\x7f\x65\x0a\x25\xaf\xbd\x70\x1c\x85\xa1\xba\x63\x9e\xf9\xf1\x21\xc4\x0c\x5c\x12\x9a\x47\x37\x34\x33\x86\xa4\x81\x83\xff\x3c\x59\x13\x89\xd8\x9e\xcd\xa5\x26\xcf\xfb\x26\x74\xf1\x7b\xb1\xc2\x30\x90\x55\x4b\x13\x40\x84\x97\x96\xa6\xd4\x44\x46\x0b\xb4\x19\x42\x7e\x93\xe6\x58\x5b\x0f\x4f\x06\x5a\xd8\x7e\xe6\xed\xf5\x4b\xe6\x18\x8a\x1d\xd5\xac\xe1\x36\x4d\xef\xa5\x61\xf7\x4e\x26\x76\x9c\x9b\x29\x1e\xe7\x55\x52\x76\x50\x1c\x6a\x49\x08\x0d\xa0\x92\x4f\x37\x92\xc2\xa7\x28\xa5\x20\x07\xb1\xc0\x7c\x95\x57\x8f\xed\xaf\x40\x39\x96\x23\x9e\x9c\x55\xa9\xa4\x4c\x3d\xfc\xc3\x7c\xdf\x03\xfb\x48\x5d\xb5\xa0\x8d\xff\x15\xa7\xa4\xf7\xb7\xf1\x54\x74\x2e\x84\x31\x56\x4d\xc1\x7d\xbd\x43\x2e\x10\x33\x7c\x22\x76\xfc\xfd\x9d\x70\xf7\xc3\xd5\x70\x39\x3a\x0c\x19\xf6\x40\x51\xc7\x3a\x87\x0e\x20\x55\x84\x10\x65\x31\xd1\xfd\x2a\x1d\xd1\xc9\xd0\xfc\xe1\x4f\xfa\xaa\x07\x7b\xb7\xe2\x60\x25\x1e\xed\x6c\x62\xbc\x6e\xdc\x24\x22\x51\x94\x40\xc2\x24\x4e\xba\x38\x40\x46\xb0\xed\xda\xa6\xcf\x2c\x1c\x7e\xee\xbf\xcd\x78\xfc\xae\x18\xb8\x22\x90\x55\x2b\x59\xc0\x46\x3d\xc4\x50\x61\x8b\xa6\x7c\x77\x0d\xec\x0e\x22\x9b\x84\x60\x93\x6c\xa8\x19\x56\x2b\xcb\x36\x96\x9c\x8f\xf7\x0b\xf1\x13\xc1\x16\x71\xe0\x0b\x94\x13\x55\xbf\x01\xad\x54\xb0\x5c\xfe\x2a\x04\x8b\x38\x72\x8c\xbd\xd1\xb4\x98\x09\xe1\xf2\x07\xac\xa3\x09\x8d\x99\x42\xee\xc4\x7d\x6c\x9d\x41\x3b\x37\xc9\x14\xfe\xdd\x38\xac\xd5\xff\xe4\x96\xca\xc7\x57\xc2\xef\x8b\x77\xbd\x84\x03\xd1\x4b\x1f\xc9\x8a\x90\x3f\xe2\xb9\x79\x46\x82\x33\xa7\xf2\xae\xd6\xf8\xd5\x09\xd8\x74\xe1\xdc\xe0\x51\x49\xaf\x9d\xf3\xfe\x45\x95\xc7\x1e\x8b\xc4\x63\xde\xe9\x38\x4d\x5e\x05\x05\xd2\xa6\xb0\xa2\xb8\xa1\xed\x62\x16\xaa\xae\x9d\xcc\x76\x02\x48\x7a\x4c\x08\x51\xfd\xf0\x96\x29\xc1\xe9\x91\x18\x80\x9a\x95\x44\xa6\x57\x7a\xf9\xf9\x15\xd1\xe6\x5d\x81\x62\x20\xc4\x8c\x84\x90\xfa\x9b\x70\xda\x42\x2a\xd6\x80\x02\x23\xd6\xd8\xc3\x40\xf9\xea\xb2\xcc\x7e\x14\x93\x62\x12\x4a\x30\x0b\x40\xcb\xb8\xc0\xa6\x5d\xa3\x01\xdb\xba\x93\x1b\xa5\x64\xf3\x59\x73\xca\x8b\xf2\xd1\xed\xb5\x6c\x19\x46\x61\x95\x5b\x3b\x68\x38\x1f\xa1\x5d\x4b\x8d\xc6\xad\xa1\xa5\xce\xbd\xa3\xa4\xcc\xc5\x51\x23\xe0\x05\x7f\x4f\x82\x10\x41\x93\x7d\xd5\x49\x20\x9c\x82\xe1\x16\x57\x0b\xc9\x08\xa2\x8e\x32\x99\xa9\x44\x14\x43\x49\x8f\x74\xb3\xcc\x88\xe1\xa6\x2d"},
+{{0x43,0x10,0x3d,0xf0,0x1a,0x48,0xa0,0x3c,0x57,0xf3,0x2f,0x52,0xd7,0x0c,0x68,0x49,0xee,0x44,0x58,0x0b,0x2a,0xb4,0xee,0x72,0xd5,0x48,0xd8,0x48,0x13,0x4f,0x7c,0xeb,},{0xa3,0xcb,0xe0,0xd6,0x4b,0x05,0x60,0xbc,0xb5,0xae,0x00,0x90,0x01,0xe3,0x14,0xd9,0xec,0x90,0x79,0x01,0xdd,0x74,0xa8,0x04,0xa0,0x05,0x90,0x22,0xed,0x9c,0x6d,0x04,},{0x19,0x54,0x47,0xbe,0xb1,0xde,0x4a,0x7e,0x36,0xea,0x89,0xa6,0xce,0x3c,0x99,0xbc,0xc8,0x94,0x11,0xdf,0x5e,0x0b,0x15,0xf7,0xba,0x0b,0x1d,0x11,0x0c,0x45,0x6a,0xbc,0x6b,0x3f,0x5f,0x1d,0xa6,0x10,0x6e,0xd8,0x87,0x86,0x4b,0xa5,0x6a,0xab,0x46,0x6a,0x8a,0x63,0xb3,0x35,0xcf,0xcf,0x4c,0x64,0xd6,0x5c,0x0e,0x6f,0xb4,0x80,0xb4,0x01,},"\x73\x8c\xbf\x06\xd0\x0d\x4d\xcd\x5e\x5f\x24\x3a\x1c\x18\xdd\x5e\xc2\x02\x78\x88\x46\x95\xa1\xcf\x3b\xea\x67\xbb\x5b\x05\xdd\x7e\x60\xa2\xa2\x4f\xd3\x25\xbe\x6b\xf4\x6b\x46\x28\x73\xec\x90\x7f\x9d\xe8\x8d\xc2\xc7\x62\x62\x0b\x7e\x0e\xf7\x27\x65\xd4\xbd\xa6\x62\x45\x49\x93\xc8\x28\xa1\x74\x6e\x9e\xd8\xd1\x9d\xff\x43\xc4\xc4\x85\x27\xac\x84\x5f\x21\x86\xa4\xad\x7c\x1d\x99\x2a\x16\x24\x5c\xd5\x73\x07\x3e\x09\x40\xdc\xee\xd3\x68\x11\x0b\xb5\xfd\x0a\x4c\x88\x34\xce\x88\xa7\x71\x25\xb9\x14\x73\x93\xc8\xb5\x8c\xb1\x6e\x5e\xbd\xc1\x82\x44\xeb\xfa\x48\xba\xba\x46\x97\x3f\xdc\xd4\x85\xb1\xb2\xe5\xf3\xb0\xe7\x09\x92\xcf\x19\x99\x58\x06\x38\xd8\x7f\x1f\x5b\x27\xc4\xd7\xf9\x1d\xec\xf3\x7d\xe2\xe7\x34\xe3\x19\x55\x35\xc6\x31\x08\x2b\x3e\xba\xa8\xce\x30\xa9\xc2\xc2\xdb\x01\x6d\x7d\x35\x47\xe6\x21\x61\x88\x50\xe2\x20\x40\x03\x8d\x0f\xe0\xfa\xea\x2f\x9b\xf5\x10\xb6\x82\xc4\xfd\x14\x75\x0e\x89\xb4\xc1\x99\xef\x0c\x99\x05\x00\x54\x3e\xee\xab\x5f\x0b\x50\x7a\x31\x31\x99\xc2\xa2\xa0\x26\x2d\x6d\x81\x4c\xbc\x09\x33\xc5\x92\xe2\x56\xc3\xe2\x9d\x52\x4b\x06\x6e\xa5\xa4\x54\x33\x61\xa1\x04\x50\xe0\xaa\x67\x5c\x61\x40\x8f\x30\x7f\x26\xee\x58\x96\x9d\x63\x27\x8f\x13\x5b\x7d\xcb\x66\x6b\x93\xf2\xca\xcf\xd8\x38\x73\x47\x1e\x97\x4a\x28\x6b\x09\x02\x3f\x50\x15\xfa\x1a\xaf\x18\xbf\xbf\xa5\xf7\x43\x85\xd0\xdf\x6b\x9a\xdd\x51\x6f\xfc\x0c\x31\x13\xe3\x7e\x09\x78\x38\x64\x6a\xc9\x30\x54\xff\x4d\x96\x02\x06\x67\x44\xba\x33\x96\x95\x3f\xd7\x81\x68\x13\x01\x70\xbb\x27\x5c\x15\x2b\xdd\x36\x6f\x73\x06\x5c\x0a\x7a\xd7\xad\x00\x75\x8c\xb9\x9a\x7a\xc1\xb7\x80\x9d\x26\xdf\xaa\xc7\x58\x46\x82\x01\xee\xb6\x0d\xea\x36\x8c\x33\xf2\x57\xaf\xe2\xf1\xb4\xc0\x2e\x37\xba\xfe\x40\xf5\xd7\xfd\x40\xc8\x7d\x1c\x56\xa0\xcb\x28\xe9\xd2\x83\x69\xa3\x92\x4b\xce\xf8\xb6\xd9\x99\xdc\xf4\x29\x4d\xd8\xc4\x14\x3d\x75\xc6\xc2\x5b\x5a\x45\x44\x48\x8d\xde\x72\x52\x48\xc7\x8d\x93\xc1\x5b\x81\x5b\x01\xcb\xd0\xf3\x1d\x1b\x00\xac\x04\x83\x7e\xf8\x5b\x40\x03\xfc\x96\xd4\x45\x7a\xc5\xa0\x23\x62\x3e\x67\xb6\x6d\xa4\x70\x0a\x08\x59\xf8\x3f\xdc\xcd\x3c\x7a\xae\x09\xde\x09\xa0\x57\xe0\x0d\xb4\x4a\x2a\x6a\xac\xaa\x21\x74\x6a\x49\xb8\x22\x46\x89\xa5\xcc\x18\x54\xba\x3d\xc4\xaa\x2a\xa3\x45\x24\xe7\xa5\xa8\x9d\x11\xee\xa3\x56\xaa\xea\x5e\xf5\xfb\xf5\x42\xc9\x9f\x54\x4d\xb9\x40\xf5\x08\x68\x38\xee\x2a\xb2\x18\xb8\xd3\xf2\xe1\x07\xd0\xb2\x9d\x4b\x04\x83\x0e\xed\x79\xc0\x76\x8e\x02\xc2\x84\x4b\x3c\xba\x32\x68\x95\xf4\xab\x38\xa3\x99\x4b\x83\xab\x30\x60\x0f\xf5\x11\xcc\xb5\x95\x99\x2f\x8c\xc0\xd2\x95\x48\x07\x97\x2d\xa3\x65\xb0\x6f\xbd\xab\x53\x9b\x2e\x03\x59\x8b\x34\xe5\x3c\xfc\xf9\x39\x90\xb9\x7a\xac\x1d\x32\x97\x83\x36\x6d\x45\x1f\x97\x2b\x8d\x8a\x00\xb6\xb8\xec\xdb\x37\x27\x96\x44\xce\xc1\x44\x7c\x09\x98\xee\x4f\x70\x90\xf3\x4c\x9c\xc8\x53\x05\x90\xca\xe7\x65\x36\x0a\xad\xb0\xab\x31\x35\x00\x49\x41\xc9\x23\x02\xcb\xb2\xb3\x50\xa1\x4e\x8f\x30\xaf\x53\x25\xc2\xb4\x38\x00\x5e\x3a\x9d\x45\x85\xe6\x32\x65\xc3\x27\xba\x72\x57\x54\xb3\x32\x56\x91\x7f\xb9\x65\xae\x9f\x02\xed\x21\x26\xb4\x81\x47\x3d\xc0\xe9\x31\xc2\x52\x2b\xf0\x0f\xe6\xa2\xec\x95\xc7\x92\x24\x7b\x1e\x03\x39\x61\x12\xf7\x83\x07\x0e\x2f\xe6\xc2\xcb\x98\x22\x50\xd1\x3f\x2d\x54\x60\xc7\x44\xfd\xe4\x53\x23\xe6\x31\xcc\xcb\x54\x0c\xd7\x25\xf2\xc5\x5a\x70\x58\xf2\x30\xe8\x2b\x79\xf3\x66\xaf\xcb\xb0\x25\xb4\x92\x55\x43\x95"},
+{{0xf9,0x13,0x9e,0x57,0x9f,0xa9,0x6e,0xbd,0x62,0x87,0xdb,0x3b,0xab,0xcd,0xa6,0x0f,0x92,0xe7,0x31,0x53,0x56,0x6f,0x92,0x4c,0xb5,0xde,0x04,0xde,0x44,0x93,0x48,0x1e,},{0xc0,0x6c,0xe3,0x35,0x53,0x3a,0xf8,0xd8,0xf3,0x37,0xf2,0xb3,0x8e,0x0a,0xaf,0xa2,0xce,0x9b,0x27,0x22,0x3c,0xd9,0xdd,0xc5,0xef,0x32,0x02,0x7f,0x04,0x88,0x9b,0x7f,},{0x05,0x1d,0x8d,0x7f,0x0b,0x68,0xd2,0xee,0xc7,0x2c,0x81,0xad,0xfc,0xfb,0x31,0xae,0x85,0x58,0xf6,0x0a,0xb6,0x3c,0x9f,0x56,0x52,0xa8,0xdf,0x63,0x8f,0x66,0x6f,0x1e,0xbc,0x0c,0x6e,0x0b,0x41,0x19,0x53,0xbc,0xda,0x6b,0x51,0x51,0xb2,0xb9,0x3a,0x39,0xe3,0xc5,0x33,0x0a,0x85,0x73,0xe1,0x68,0x79,0x22,0x72,0xab,0xd3,0x6c,0x81,0x0a,},"\xb3\x30\x76\x4d\xdc\x62\x8e\x4a\xd6\x7a\xa4\x98\x2a\xe8\x6d\x45\x81\x07\x1c\x19\x3e\xc3\xc5\x8f\x81\x3d\x79\x21\xb8\x4d\x2a\x54\x56\x2b\xd8\x74\x17\xae\x1d\xe5\x90\xa1\xa4\x8c\x4e\xc7\xd5\x56\xad\x93\x1d\x65\xc0\x54\x3f\xdf\x06\x07\xc7\x49\x85\x9e\xe1\x2f\x99\x52\x02\x0c\x19\x5c\xf8\x74\x60\x95\xe1\x08\x7c\xc6\xc3\xc8\xef\x9d\x24\x05\x25\x60\xce\x81\x3d\x61\x39\xb7\xa7\x5c\x8f\x4b\x8e\xa3\x0a\x9c\x4a\xb8\x88\xd0\xa6\x34\x1c\x99\xab\xd3\x5e\x09\x03\xbf\xe5\x6c\x93\x15\x23\x40\xc4\x12\x76\xd7\xf2\x4e\x09\x12\xb1\x2a\x4d\xb3\xd7\xee\x44\x84\xdf\xa5\x3a\xfc\x0b\x1a\xea\x14\x09\xd1\xe0\x32\x8a\xa1\xc8\x60\x41\x27\xca\x2e\xb1\xa5\xe8\x1b\xf3\x1f\x8c\x7a\x51\xc6\x05\x2c\x53\x4e\xfe\x6b\x3d\x0e\xe7\x4f\xf5\xa9\xb1\x1c\x61\x57\xe3\x64\x77\xef\xa9\x38\x2f\x57\x51\xbe\x8c\x8c\x64\x54\xc4\x46\xd6\xf8\xdc\x7e\x92\x95\x25\xcc\x3d\xe7\x8c\xb1\xba\x4a\xba\x9b\xd4\xbe\x15\x26\x10\x43\x75\x82\xc9\x65\xee\xa4\x8c\xbd\x4c\xaa\x6f\x30\x8f\x85\xf4\xf8\xd0\x06\xa0\x42\xf6\x19\x20\x07\x62\xe1\xbb\x9b\xa4\x22\xe6\x54\x75\xb3\x3a\x94\x94\x29\x8c\xfb\xb7\x5a\x15\x2b\x36\xd2\xa0\x55\x01\x80\x77\x05\xb9\x52\x76\x53\x50\xcd\x14\x14\x1d\x35\xd4\x98\x66\x92\xd6\xc3\xbc\xfc\x6d\x61\xdf\x00\x52\xa6\x20\xaa\xb8\xcc\x13\x20\x5e\x75\x4c\x16\xf9\x3e\xca\x79\x20\xbb\xea\x51\x57\xef\x11\x2f\x0b\x64\xc1\x05\x4f\x90\xa5\xdd\xc1\x75\xa8\x9e\x29\x24\x2f\x57\x64\x6e\x74\xcc\x88\x5e\x81\xa1\xcc\x14\x4c\x3d\x78\x2d\x11\x52\xa9\xe4\xcf\xe7\x6c\xb3\xff\xab\xe7\xdb\xe6\x03\xfb\x38\x69\xec\xa8\x69\x96\x98\x70\x9c\xc8\x7f\xc9\x61\xc1\xe2\x99\xcf\xca\x22\xe3\x24\x2e\xae\x78\x8c\xff\x11\xbf\xca\x61\x02\x67\x45\xf4\x97\x62\x25\xb2\x6e\xe2\x00\xc4\xf1\x91\x0c\x4b\x83\xdf\x5c\xe4\x6e\xf4\x87\xd7\x48\xd9\xc4\xc5\x02\x14\x1b\x78\x74\xca\xf4\x1e\x5a\x29\x7b\x24\x8c\x2b\xac\x69\x90\xa1\x5b\x07\xb4\xcf\x81\x0e\x59\x28\x74\x42\xd9\xa3\x69\x6c\x02\xe8\xd7\x32\x4d\x3c\xf7\x30\xdd\xa5\x40\x53\x6b\xeb\x13\xcf\xde\xae\x61\x80\xdd\x74\x84\x83\x2d\xfa\x94\xe9\x4a\xa6\xcb\xa1\x17\xaa\xe1\x72\x70\xf4\x8f\x93\xb2\xf9\x8a\xe9\x58\x17\x18\x16\x3f\x44\x63\x54\x6c\x0a\xe0\xf2\x79\xc3\x6b\x92\xbe\xe6\x6f\x1c\xa2\xd6\xa4\xf7\x26\xd2\xdf\xee\x0b\xc1\x1c\x1d\x8a\x1f\xa6\x2c\x3c\xc8\xab\xa2\x66\xb9\x87\x59\x28\x6c\x10\x68\x48\x3b\x23\x76\xb4\x03\xc8\x87\xfb\xb6\x57\xdc\x0f\x25\x5d\xea\x90\xdb\xd2\x33\x08\xf7\xe0\xe8\x42\xb4\x98\xa8\xdf\xc7\xc9\xcd\x5a\xef\x0e\x87\xd5\x6b\xe4\x0d\x50\xfc\x1d\xd4\xc0\xaa\x7d\xee\x55\xae\xbe\x4d\x6b\x6a\x52\x05\x39\x62\xb8\x7b\x0f\x2e\xe0\x9a\x90\x81\x61\x55\x33\x3d\x5c\x57\xa1\x47\x24\xe0\x01\xbc\x3d\xed\x17\x84\x3b\x76\xe2\xc4\x7a\x17\x63\x39\xc8\xde\xfc\x54\xb5\x5b\x23\x58\xae\x7d\x01\xb0\xf6\xe0\x8f\x31\x21\x6a\xe9\x03\x40\x69\x41\x68\xa5\xa7\x9e\xe8\x83\xea\x78\x58\x00\x7d\x17\xc3\x73\x59\xc9\x9d\x65\x97\xef\xe4\x60\xc1\xa2\xf7\x73\x8a\xc3\x2c\x5e\xb5\xe3\x9e\x50\x0c\x49\xc0\xdf\xf9\xc4\x65\x9e\x8c\x50\xcc\x5c\xa7\x9d\x8b\xa4\xe5\x97\x2d\x67\x22\x54\x68\xfb\xa6\x41\x67\xa6\xb2\xc6\xf3\x68\x93\x5c\x7a\x04\x9d\x35\xd3\x55\xc7\x67\x25\x20\xd3\xc9\xe4\xe4\x3c\x67\x1c\x3c\xb8\xde\xe2\x59\x04\x74\x95\xde\x0f\x56\xdd\x71\x91\xd5\xbd\x4b\xbd\x29\x51\x7e\x36\x47\x92\xff\x89\xd3\x37\x99\xb6\xe7\x81\xc2\x01\x93\xf5\xa3\x16\xfb\x40\xde\x74\xfe\xe2\xac\xc2\x5e\x47\xf5\x12\x21\x4d\xe3\xb1\xe9\xb3\x82\xa8\x69\x29\xc1\x57\x3d\x37\x24\xc2\x50\x17\xc0\xe5"},
+{{0xc8,0xee,0x95,0x4d,0xb5,0xa1,0x1b,0x29,0x2e,0xd9,0x77,0x64,0xfa,0xe6,0xb2,0x83,0x05,0x1d,0xb5,0x7d,0xcd,0xc0,0xaa,0x0d,0xf5,0x39,0x3b,0xb6,0x0c,0x11,0x2e,0xd3,},{0x5c,0x2f,0x81,0x82,0x4e,0x99,0x75,0xdd,0x7e,0xa3,0x53,0xbc,0x66,0x80,0x7d,0xed,0xc7,0x61,0x03,0x49,0x79,0x4e,0x2f,0xc0,0x8e,0x5a,0x31,0xe0,0x02,0xe3,0xfe,0x07,},{0xf3,0x07,0x7a,0x75,0x10,0x1e,0x12,0x1e,0x5c,0x3e,0x77,0xd8,0xed,0x97,0xb5,0x78,0xd2,0x39,0xbd,0x42,0x18,0x03,0xd3,0x45,0x5b,0x56,0x54,0x40,0x5a,0x4c,0x58,0x6a,0x60,0x92,0xe1,0x3a,0x85,0x29,0xba,0xce,0x46,0x8a,0x30,0x57,0x84,0xb3,0x73,0xe4,0x33,0xfe,0xe4,0xa3,0xdf,0x89,0x56,0xbe,0xfa,0x01,0x2f,0xd8,0xa8,0xee,0xd1,0x0c,},"\x7b\xa3\xfb\x56\x83\x15\xaa\x81\xe2\x1f\x19\x77\x80\xed\xc2\xc6\xea\x26\xd8\xd0\x6a\x43\x78\x91\x2f\xca\x23\x01\xcf\x1e\xab\x3d\x80\x3c\x84\x69\xde\xdd\xf3\x76\x70\x3d\xdb\x7c\xe0\x6a\x77\xda\xb2\x0e\x02\x34\x4f\xad\xcc\x50\x02\x2a\xb3\xc7\x13\xcd\x03\xc1\xda\xa9\x3f\x1c\x7e\xa5\x72\x62\x9f\x61\x0b\x5e\x3c\x51\x41\x1b\xb8\xc1\x96\x94\xbb\xce\x90\x3c\xac\x47\x05\xf9\xb5\xdd\x0f\x47\xbc\x5d\x0a\xa3\x25\x3f\x90\x88\x70\x29\x90\x27\xff\xbd\x34\x49\xee\xba\xd4\x53\x32\xb5\xd0\xc4\xf5\x33\xdb\xed\x18\xa9\x9a\x24\x98\xb9\x16\x4e\x24\x5f\xb6\x5c\x0a\xfa\x0b\x05\x37\x03\xa0\xcf\x95\x94\x0a\xc7\xa0\x19\x5d\x4f\x70\x46\x60\x9c\xf0\x43\x71\x33\x87\x06\xb9\xb1\x98\x6c\x0f\x11\x81\x75\xd2\xcd\xfc\xe7\x4a\x6f\x88\x65\x98\x25\x85\x4e\x94\xec\xe5\x8f\x51\x57\x63\x6d\x62\x35\xb7\x6d\x32\x74\x5a\x2a\x81\xa9\x67\x1a\x8f\x86\x02\x7b\xa9\xe0\x17\x63\x88\x8f\xc1\x71\xce\xf7\xc4\x51\xc3\x60\x72\xbc\x74\x99\x83\x9d\x43\x1c\xf1\x8c\xd7\xc6\xc9\xfb\xa3\xaa\x71\x2a\x05\x43\x28\xcc\xd6\x2b\xe4\x82\x0a\xbd\x5e\x78\x21\x62\x76\x46\x11\xd4\x53\x9b\xa2\xce\xbd\xc2\x09\xb3\xf4\xe4\xb6\x9c\x3d\x64\x07\x3e\x92\x0d\x21\x52\x14\xfb\x0f\xda\x44\x18\x5a\xad\xa5\xc3\x61\x27\xa1\x5b\xa1\x5c\xa2\x8a\x3a\xd0\x86\xe9\xd0\x33\x66\x86\x9c\x60\xc3\xfb\xce\xbd\x86\x9d\x2e\x40\x64\x3e\x83\x3f\x89\x48\x03\xf9\x80\xa2\xda\x7e\xa4\xe5\x9c\xe4\xd7\xc0\x6f\xd2\xaf\xf0\x87\xee\x7b\xcf\xdd\xaa\x3b\x32\x81\x7c\xe6\x3a\x63\x58\x7d\xba\xfe\xf3\x80\x01\x3a\x6f\x1e\xe3\x73\x4b\x94\xca\x3d\xf9\x64\x4d\xd0\x43\x43\x02\xec\xb3\x24\xaf\xe3\x5f\x46\x5c\x9c\x1c\x93\x1b\x27\x29\x4f\xc6\xee\x02\x72\xde\x22\x42\xae\x90\xd7\xf2\xe0\x67\x02\x7e\xf8\x64\x2e\x8f\x17\x1e\xd8\x80\xff\xab\xce\x8a\x20\xa1\xb3\xe3\x39\xad\x4e\x3f\x1a\x90\x01\xf2\x0f\x90\x02\x61\x88\xfd\xe3\x4b\x21\x7a\x6e\x26\xaa\xff\x18\x42\x2b\x7f\x84\x3d\x0f\xdd\xa3\x21\xc3\x19\xc7\x78\xf2\x31\x37\xf2\x0c\xcc\x1b\xda\x18\x90\xe5\xbc\x91\x6a\x54\x56\xd0\x68\xd3\x7b\x5a\xcc\x63\x47\x72\x0c\x56\xa5\xa4\x91\xbc\x34\x8d\x6c\x84\x8a\x9c\x8f\xec\xfe\x58\xc9\x2b\x1f\x30\x2f\xe1\x49\x19\x71\x8c\xd5\xe7\x8b\x7f\xd6\x01\xd0\x9d\xc0\x1e\x69\x04\x86\x1e\x8d\x68\xb3\xc5\x75\x35\xb6\x13\x66\x76\xcb\xc6\xe8\x39\xaf\x0d\xd7\x39\xdb\x89\xa7\xab\xd9\x13\xfd\xf6\xb0\x0e\x9c\xa0\x26\x02\xde\x6c\xa0\xaf\xd0\x91\x3d\x99\x2f\xba\xa8\xff\x82\x2b\x9d\x9b\x09\xdd\xa7\xa2\x9b\xe9\x19\x10\xd8\xfa\x3c\xaa\x2a\x5e\x51\x83\x46\xc1\x67\xc9\xf5\x19\x41\xcf\x73\x53\xf3\xf3\x4c\x1d\xab\x33\x48\x5d\x0a\x8c\x19\xda\xf9\x51\xfd\x3e\xf2\x0d\x0b\x11\x9d\x80\x38\xdf\x90\xc1\x14\xa2\x5a\x5b\x93\xae\x40\xec\x44\xb9\xa5\xd2\xbc\x1c\x65\x17\xc6\x82\x50\x0d\x4c\xdc\x19\x71\x42\xbe\xc3\xaf\x82\x32\xc0\x71\x42\x8d\xc5\x4c\x0d\x30\x45\x42\x72\xe7\x33\x6b\x0b\x58\x88\xa6\xe8\xfe\xcd\xe8\x59\xe2\xac\xcb\x7f\xb0\x94\xac\xc5\x4f\xfa\x48\x1f\x76\x23\xd9\x44\x69\x1f\x04\xfb\x36\x13\xa9\x95\x49\x80\xf1\x7e\x2a\xd2\x17\x3d\x68\xcf\x0e\xc1\xb6\x7d\x8a\x91\xd6\xec\x82\x94\x6b\xcf\x05\xcb\x90\x68\x1a\x71\x62\x7b\x59\x02\x38\x33\x4e\x3d\x5a\xb9\xda\x6a\x08\x9b\xd7\x26\x24\xdf\x90\x74\xcd\xd2\x30\x9e\x04\xdf\xca\xe0\x32\x81\x2f\xe8\x4f\x9d\xb8\x82\xcd\xea\xae\x69\xee\x5d\xaa\x5a\x66\xff\x42\x7f\xc4\x52\xed\xd0\x76\x9b\x6a\xab\xcc\x13\x9d\x0f\x70\xaf\x8b\x97\x43\x0e\x64\x4f\x58\xa4\x12\x87\xa9\x3f\x63\x1d\xed\xa8\x2c\xa0\x71\x6d\x79\x75\x4c\x5c\x50\x3e\x52\xa6\x65\xda"},
+{{0x6d,0xbc,0x55,0x9e,0x4a,0xb1,0x93,0xee,0xbf,0x70,0xc5,0xc3,0x2d,0x79,0x7b,0xe0,0x0b,0x73,0x11,0xe8,0xe6,0x69,0x1d,0xa9,0xaf,0xcc,0x18,0x72,0x91,0xf2,0x50,0x1c,},{0x38,0xa7,0x03,0x44,0x76,0xfb,0x93,0x82,0xf1,0x41,0x77,0x68,0xc4,0x21,0x62,0x95,0x1a,0x26,0x36,0x90,0x2c,0x38,0x98,0xc0,0x29,0xbe,0x27,0x8a,0xb4,0xc3,0x1f,0x31,},{0x31,0xf1,0x6a,0x7c,0xaf,0x2b,0x74,0xf6,0x5e,0x05,0x7c,0x93,0x33,0xa1,0xa2,0x63,0x3d,0xac,0x73,0x46,0x33,0x8f,0x79,0x85,0x10,0x73,0x0e,0xb8,0xd5,0xd3,0x25,0xfc,0x10,0x80,0xdd,0x5a,0xad,0x5f,0xce,0x05,0x34,0xe9,0x54,0x3f,0x3c,0x93,0x58,0x68,0x04,0x46,0x4a,0xf5,0x88,0x6e,0x86,0x44,0x12,0x9c,0x77,0xeb,0xaa,0x48,0x5f,0x01,},"\x88\xee\x23\x65\xf7\xcf\x9d\xe3\x3a\xcd\x53\x56\x49\x68\xb2\xdc\x7f\x73\x70\xb7\xe7\x03\x3f\x4c\x66\x3a\x88\xc2\x5f\x60\xf7\xf7\x11\xd6\x19\x08\xeb\xf1\xf5\xbb\x72\x83\x55\x53\xc8\xaa\x8c\x8e\x4f\xcd\xec\xd3\x79\x78\x23\x82\x89\xbf\x6c\xa8\x48\x76\xd2\x28\x21\x7a\x28\xd8\x1b\x0b\x45\x7c\x92\x2e\x91\xec\xba\x8d\x3e\x1d\x2e\x66\x59\xc2\xb0\xae\xa0\x51\xb9\xc2\xe0\x9c\x7d\xfe\xb5\x1d\x30\xed\xe7\x67\x57\x03\x41\xff\xac\x1e\xcf\x0d\xe2\x0c\x82\xd1\xe9\xed\x07\x75\xde\xac\x72\xda\x7c\x2d\xec\x23\x48\x65\xde\xc8\x3f\x67\x15\xe1\xc3\xc5\x9d\xe2\x03\x3c\xc2\x4d\x86\xbc\x2d\x31\xaa\x16\x64\x96\x86\xed\xe0\xdb\xbd\x89\x64\xc3\xa6\x4a\x3d\xca\x55\x88\xd7\x24\x8b\x1f\x24\xdf\x8d\x75\xf0\x9a\xac\x62\xc0\x78\x28\xca\x43\x1a\x3a\x2d\x77\xa6\x0c\xc9\x3c\xfa\x34\x95\xca\xbe\xb1\x90\x4e\xd5\xb5\x63\x98\x4e\x8c\x20\x77\x7b\xac\x87\x74\x10\x8a\x64\xed\xa5\x8f\xb3\x20\x24\x4a\x3a\xdd\x3e\x3e\x7a\x76\xcd\x13\x7c\xfa\x4a\x09\xb6\xe6\xe9\x30\x11\xea\x0a\xe6\x51\x71\xaf\x13\x07\x11\x76\x6c\xd2\x5b\x3c\x74\xec\x54\xc0\xbd\xfa\x02\xb3\x12\x0a\xc2\x90\x87\xeb\xac\x98\x37\xfc\xa6\x5b\xa9\x71\xbc\x42\x81\xdd\x55\x7c\x50\x0e\x22\x5e\xa6\x6c\x3c\x3f\xd5\x22\x06\xc1\x9a\x9f\x93\x95\x46\x31\x69\xf8\xc7\xa8\x46\xbd\x9f\x83\x4d\x7f\x33\x7d\x0b\x61\xfb\x30\xbc\xe2\x94\xf4\x78\xae\x1f\x1d\x97\x7e\x45\x4e\x43\x3e\xe8\x72\x9f\xb0\x65\xcc\xe0\x3f\xb2\xe4\x35\xdc\xbc\xbf\xba\x01\x53\x7e\x7a\x67\x62\xe5\x5e\x7e\xd2\x25\x28\x30\x37\x04\xbe\xb5\xae\x38\x1f\x2e\x18\x10\x56\xf2\x51\x33\x27\x3c\xf1\x7d\xdf\x2b\x06\xe2\xd9\x47\x7f\x2c\x09\x75\x5f\xc8\xd9\xc7\x3c\xb3\x31\x00\x46\x8c\x64\x13\x1c\x68\x6c\xac\x79\xfd\x38\x45\x01\xe5\x0f\x8b\x0b\xee\x28\xba\x39\x58\x3f\x42\xe4\xfd\x37\x99\xe2\x4f\x60\xda\x5f\xd3\xc7\x79\xaa\xbf\x69\x9f\xfd\x23\x21\xed\x04\x5a\x85\xbc\x64\x24\xf6\x0f\xdc\xc4\x9c\x1c\xb3\x1f\x24\x9a\x42\x36\xc0\x94\x91\x76\x81\x81\xb9\x21\xf5\x86\x02\xfd\x41\x5c\x1e\xde\xb2\x6f\x39\x32\x4a\xdd\xff\x14\x77\x13\x24\x73\x7c\x67\x20\xcc\x92\x39\x1b\x94\x9d\xcb\x42\x12\xbd\x69\x31\xd4\xde\x51\x40\x1e\x7f\x95\x3b\x7b\x03\x6b\x22\x3f\x0a\xf7\xa8\xe4\x08\xb0\x4e\xa6\x35\xa2\x3f\xa0\x70\x9b\xa0\x42\xa5\xd9\x92\x95\x4c\x09\xd8\x58\x1d\xcc\xcf\x52\x56\x8a\xd2\x7a\x1c\xc7\x1d\x18\xaa\x27\x40\xf6\x21\x21\x2e\x7f\x4c\x5e\x5e\x5e\x5e\x45\x32\xd9\xa6\x7e\xc2\x77\x3a\xc2\x1c\x8a\x4b\x00\x2d\x65\x24\xf6\x18\x2d\xd3\x71\x73\x5d\x2c\x2a\xbe\x6c\x95\xc2\x81\xc6\xfb\x1e\x97\x6b\xc1\x7e\x38\x3f\xd5\x2a\xea\xaa\x9f\xbd\x4a\xbb\x82\xa2\xcc\x65\x39\x5f\x8c\x2c\xc7\xd8\x18\x2a\x0d\x25\x0c\x68\x5c\xfc\xba\x93\xa9\x51\xee\x7c\x50\x3c\x6e\x3e\xec\x23\x6c\xe3\x3e\x08\x6c\x61\x07\x28\x73\x7c\x1c\x3b\x3a\x24\x25\x2d\xa7\xf2\x16\x72\xd9\x28\xeb\xda\x99\x3a\x94\xc4\x58\xab\x99\x0f\x5d\x19\xd8\x00\x23\xc3\x6a\xa1\x6e\xaf\xca\xb1\x43\xf3\x52\xe9\x7d\x64\x09\xf3\x24\x99\x41\x11\x9b\xfd\x9f\x5f\x90\x84\x72\x4d\x9e\xba\xd3\x83\xb1\x0f\x34\xd3\x3a\xc8\x30\xcc\xe9\xe5\xcb\x8a\xec\xee\x6f\x40\x30\x1c\xbb\xe3\x09\xfd\x06\x15\x34\xa7\xd0\xc3\xed\xaa\xea\x02\xa1\x71\xd8\xb2\x34\x9d\xbe\xec\x62\x85\x20\xac\x33\x4a\x5b\xfe\x28\xa9\xd5\xf4\xc0\xd7\x40\xf7\xc7\x2d\x4d\x72\xd8\x9a\x97\x32\x6a\x03\x00\x2d\x1e\xf3\x85\x22\xbc\xd3\x7b\x42\x84\x7a\x31\x4b\xd8\x43\xec\x88\xd1\xf2\xf9\xd3\x9f\x57\xf2\xf1\xa1\x3d\x01\x40\xa8\x84\x74\x50\x44\x8c\x88\x0b\x3a\xe7\x65\x31\xe9\x5c\x43\x92\x97\x32\x50"},
+{{0xc9,0xd4,0x16,0x83,0x0a,0xe2,0x02,0x8f,0x21,0x75,0xd2,0x2b,0x61,0x4c,0x79,0x19,0x8c,0x67,0x0c,0xfa,0xa0,0xe7,0xa3,0x61,0x50,0xef,0x0f,0xee,0x21,0xa9,0x5c,0xe6,},{0x6e,0x3e,0xb4,0xd0,0x18,0x73,0x07,0x2d,0xf9,0x46,0xf1,0x79,0x2f,0x71,0x06,0x33,0x08,0x95,0xe7,0xa7,0x6d,0xd9,0xae,0x27,0xf8,0xa9,0x88,0x03,0x94,0x90,0xfd,0x4b,},{0x47,0xfa,0xad,0x4e,0x65,0x52,0x93,0xed,0xa1,0x56,0xb2,0xa1,0xfa,0xbb,0xfb,0x7e,0x00,0x9f,0xc2,0x90,0xaa,0xfe,0xdb,0xd5,0x65,0x21,0x14,0xa4,0x78,0x53,0xbc,0x77,0xa8,0x23,0x3a,0x2b,0x17,0x9f,0x60,0x54,0x77,0xd7,0x87,0x87,0x8c,0xbb,0x15,0xea,0x61,0x24,0xdf,0x8d,0xc5,0x7b,0x2c,0xe7,0xbe,0x7d,0x18,0xb7,0x16,0x2f,0xb5,0x0d,},"\xff\x9a\xd4\x83\x7c\xd0\xbb\x77\xd6\x21\x0f\xdd\xdc\x75\x5e\x6c\x0f\x1a\x73\xc2\xbc\xd0\x3f\x7a\x58\x69\xe7\x34\x2c\xfd\x73\xcf\x70\x86\xf8\x65\x56\x15\x60\x27\x7b\xf6\xc3\x42\x1a\x91\x2d\x67\x65\x8b\x1f\xa9\x70\x57\xc4\x96\xf4\xbe\x8e\xdc\xbe\x18\xb5\xec\xd0\x8a\x1e\x7d\xb2\x52\x23\xab\xda\x20\x8f\xa5\x31\xf4\xb2\x80\xaa\x03\xb0\x4b\x60\x60\x34\x11\xd3\x74\xba\x7c\xbb\x02\x0b\xb9\xa8\xce\x4c\x0e\x45\xa7\xe1\x32\x14\x48\x43\xc3\x1f\x8b\x45\xc5\x8e\xb3\xea\x85\x3c\x2c\xeb\x61\x37\x6e\x9d\xf8\x1d\x97\x78\xe7\x21\xad\xac\x77\xb5\x03\x54\x93\x7f\x34\x37\x2f\xcc\xd5\x75\xe8\x8d\x9d\x05\x8e\x43\xdf\x94\x2f\x2c\x43\xb5\x23\xc8\x09\x8e\x6d\xd9\xe6\xbd\x21\xd5\xa6\x49\xb4\x72\xd4\x1e\x34\x5f\xcd\x5e\xfd\xdd\x49\xea\xb3\x02\x70\xcd\x87\x88\x40\x4f\x28\x51\x6e\x09\xd3\xac\xc4\x00\x48\xb3\x9d\x32\x46\xf7\x57\xe4\x82\xe1\x45\x9c\x62\x6b\x79\x9e\x04\xd0\x67\x27\x13\x73\x71\xe1\x20\xaf\xb9\xfe\xc3\x9a\x25\xf4\xe6\x76\x4b\xf9\x79\x2f\xe4\x92\xee\x0f\x21\x0b\x57\xdb\x9e\xbb\x9e\x8e\xf4\x1b\x02\xc7\xfe\xe9\xed\xd4\xb6\x17\x4c\x57\x0d\xe0\x20\xa3\x91\x28\x71\x33\xfe\x8c\xcb\x41\xa8\x3f\x91\xbd\x22\x38\x2b\x21\xe1\xd7\xeb\xc2\xc7\xe5\x01\x8e\xf5\x14\x2d\x82\x63\x7d\x02\x62\x0f\xbc\x05\x69\xcc\x09\xc4\x4e\x91\x11\x12\xbb\xae\x99\x06\x4d\x68\xd1\xc6\x9e\x77\xc9\x93\x0b\x0d\xe0\x30\xc8\xc1\xd7\x48\xc4\x14\x05\x9d\x5e\x29\x9b\x7e\xdc\x08\x94\x06\x51\x89\x4b\x30\x3a\x2b\x32\xdd\x2c\x36\x5a\x06\x7c\x97\x23\x58\x55\x94\x64\x4d\x3e\xe8\xde\x1a\x51\xfa\xea\x0e\x65\x0f\x21\x24\x88\x5a\x94\xcb\x99\xeb\x90\x3b\x7d\x45\x79\xbd\xe5\x91\x49\x7d\x95\x39\x30\xd3\x63\xdd\xdb\xda\xc6\x27\xb9\x7a\x91\xf4\x96\x82\xdf\x8e\x72\x50\xa7\x07\x3d\x38\x3a\x7a\x22\xcf\x11\x3f\x28\x58\xce\x6b\x63\x2a\x28\x92\xc4\xe8\x8a\xa9\xa0\xd2\x89\xeb\x57\x62\x9b\x00\x8d\x3b\x1b\x60\x81\xe6\xfe\x5d\x3c\x0a\x6c\x80\x21\x89\xb5\xf1\x08\xe7\x66\x31\x9e\x15\xb3\x3e\xaa\x5b\x8c\xed\x40\x27\xea\xec\x83\xb4\xac\x68\xb1\x4b\x82\x98\xbc\x51\xcd\x8e\xb3\x80\x9b\x7a\x2d\x68\x4f\xe3\x2b\xbd\x9f\xab\x5c\x91\x8e\xeb\x17\xcc\x44\x4d\x73\xf7\x30\xd4\xc8\xcc\x05\x7b\xd3\xa2\xf1\xf0\xae\xbb\x61\x63\x29\x34\xe6\x17\x02\x16\x88\x29\xcd\x7e\x91\xde\x81\x50\x96\x29\xd0\x1a\x8c\xde\xfe\x0d\x1a\xc4\x9e\x21\xf0\xc5\xfb\xe1\xb2\x24\x48\x27\x26\x8a\x0a\x27\x35\x7e\x15\x8b\xd7\x68\x84\xa2\x1e\x7f\x1f\xac\x1b\x62\x72\x16\x6d\x5a\x9f\x64\xf9\xb6\x72\x98\x9a\x87\x62\xf5\x12\xbf\x1d\xf4\xb2\xab\x69\x97\x65\xf2\xcd\x83\x96\xf4\x76\xe7\xf5\x99\x95\xde\xe7\xd8\x90\x20\x7e\xff\x0f\xd2\x72\x63\xec\x23\x2e\x37\xcf\xed\xfe\x7c\x44\x05\x55\xd4\xca\x74\xe5\x2d\xa2\x46\xc4\xb8\x37\x57\xbe\xaf\xd2\xab\x2a\x51\xef\xe1\x60\xbb\x02\xb9\x8c\x26\xd6\xb2\xc3\xf0\xc1\xaa\xcb\x2f\x3c\x34\xa5\xb2\xa3\xb6\x6f\xee\x17\x5b\x78\x75\x48\x07\x3d\x8b\x57\x77\xc6\xbe\x88\x0b\xdc\x19\x6b\x33\x74\xa2\x15\x4f\x94\xd9\x36\x0f\x77\x55\xac\x68\x15\xa2\x8a\xf2\x96\x27\x1e\x22\xa8\xf2\x35\x43\xc7\x49\x55\xa6\x09\x12\x5b\x02\xa5\x69\x21\x80\x11\x42\x02\x95\xcc\xf0\xd7\x35\x69\x99\xa5\xb8\x95\xcc\x88\x48\x3f\xad\xf7\x97\x0c\xec\x6c\x64\x24\x0f\x70\x79\xfd\xb1\x5f\xfc\x5c\x42\x27\xe5\x39\x26\xd2\x78\xba\x0f\xed\x3c\x39\x93\xbc\x86\x82\x28\x23\xdd\x58\x1a\x32\xab\x2e\x3a\x07\xf7\x94\x30\x22\x4b\x27\x4e\xad\xd8\x45\x59\x8a\x7d\x1d\x89\x67\x6a\xaf\x23\x67\x77\x74\xb7\xb0\x58\x3b\xcc\x83\x59\x9d\x15\x5d\x14\xb0\x9a\xdc\xf4\x9e\xd5\x05\xe8"},
+{{0x2d,0x27,0x7d,0xd5,0x5f,0x57,0x19,0x5e,0xc0,0x72,0xb4,0x7c,0xb1,0x44,0x8c,0xb5,0x82,0xc8,0x35,0x73,0x9e,0x6c,0x98,0xba,0x71,0xab,0x12,0x8f,0x70,0xce,0x6b,0x79,},{0xdf,0xa9,0x25,0x93,0xef,0x0f,0x0d,0x97,0x4a,0x11,0x37,0x83,0x0a,0xd1,0x38,0x48,0xaf,0xef,0x3b,0x81,0x0c,0x2a,0x21,0xbf,0x77,0x91,0x78,0xce,0x4b,0x3a,0xb9,0x74,},{0x73,0xc1,0x06,0x06,0x49,0xa7,0xc0,0x14,0xed,0x01,0x94,0x58,0x51,0xb5,0x3e,0x28,0x53,0x24,0xe6,0x0d,0x06,0x1c,0x83,0x1d,0xda,0x41,0xf0,0x33,0xb5,0x65,0x83,0x06,0xa1,0xf1,0x12,0x32,0x7a,0xfe,0x93,0xca,0xa9,0x21,0x02,0x07,0x30,0xaa,0xe0,0x06,0x9c,0x9a,0x2b,0x45,0xee,0xf5,0x5c,0xbb,0x4a,0x5a,0x9c,0xd4,0x6c,0xda,0x80,0x08,},"\x14\x54\x9e\xdd\xd5\xf2\xb7\x90\x5d\xda\x19\xd7\x4a\xb2\x07\xaa\xc6\xfb\x3e\x3d\xf3\x29\x5d\x84\x52\x31\xef\x3a\xea\x6e\x1f\x04\xee\x03\x3c\x90\x38\xdc\xb4\xbd\x3d\x5e\x45\x2c\x54\x83\x4d\x0f\xf2\xb7\xde\x3f\x32\x2e\x56\x26\x94\x9c\xd6\x1d\x6e\x89\x01\x38\xff\x0e\xa8\xad\x84\x6e\x8f\xe8\x87\xae\xe1\x5f\xc4\x8b\xbe\x4f\xba\x42\x45\x5f\x5c\x17\x45\x7a\xe7\x89\xb4\x05\xaf\x85\x96\x11\xfe\x1f\x87\x46\x18\x5a\x65\xae\xf2\x13\x4e\xa4\xd8\xf3\x98\xd4\x8d\xf7\xc1\xbb\xa4\x30\x44\x08\xae\x7e\xfb\x35\x29\x24\x09\xd5\x08\xdd\x55\xce\x21\xde\x8c\x28\x16\x0d\xc9\xe8\x77\x70\x0c\x76\x3d\x06\xb0\x1b\x85\x42\x05\x2d\x7d\xdb\x63\x35\x54\xe3\x58\x42\x79\xc7\x96\x93\x70\x23\xc8\xea\xc3\x72\x77\xbe\x2b\x82\x04\xff\x3e\x0e\x10\x31\x19\x0a\x01\x01\x4c\xf5\xf5\xb4\xd7\xad\x99\x67\x27\xf9\x75\x31\xe0\x35\x5b\x87\xc9\xe6\x11\x52\x5a\xad\x07\x99\x58\xe9\xaf\xe2\xab\x10\xe4\xa3\xe7\xa1\xb6\xba\x0a\xff\x81\x5d\xa2\xcd\x81\xea\x9e\xb9\xf5\x36\x98\x66\x33\xf3\x16\xdd\x06\xc2\x50\x3c\x6b\x19\x8d\xc5\x93\x04\x80\x7b\x98\xb4\x29\x35\xf5\x1f\x63\x7d\xdb\x59\xe2\x33\xfe\xd5\x66\x43\x9c\x1f\xe9\x6c\xda\xaf\xa4\x9f\x44\x12\xd0\xc1\xe6\x54\xd8\xc6\x90\x42\x47\x0b\x3a\x59\xac\xb6\xbf\x67\xe4\x0b\x38\xa7\x70\x67\xd5\x99\x7b\x8d\x35\xed\x61\xd6\xeb\x3c\xc7\x8b\x8b\xdc\xb9\x57\x4b\x1c\xed\x9f\x6f\x33\x9e\x9e\x38\xf9\x41\x46\xef\x63\xf0\x49\xe6\xb8\x02\xbf\xed\x2a\x51\xab\x42\xe7\xd4\x89\xf3\x16\xff\x4d\x1c\xd8\x98\xbc\xf8\x50\x56\x51\x68\x74\x40\x74\x9c\x0f\xb7\xa5\x7d\xbe\xff\x72\xe6\x46\x89\xfa\xa4\x1c\x07\xb4\xad\xe5\x99\x33\xd2\xfa\xc6\xd5\x73\xde\xb7\x39\x54\x9e\xb7\x5f\x1e\x6f\x73\x85\xd8\xc6\x14\x28\x94\x97\x3e\xd6\x85\xeb\x8e\xd0\x80\xc2\xa4\x9f\x3a\xc6\x57\x11\x61\xaf\x96\x63\x5a\xd0\x57\xdf\x14\x86\xd3\x96\x77\x3a\xc8\x98\x32\x10\x97\x89\x86\xe1\xbf\x21\xa2\x08\x06\xd6\x67\xa4\x8a\x55\x5a\x96\x32\x21\xd5\x06\x14\xa8\x97\x6b\x2e\xec\x97\x51\x2d\xb1\x1a\x35\x81\x94\x49\x2a\xb5\x45\x58\x01\xba\xa1\x4a\x51\x1b\x26\xeb\x0c\x68\x28\x9d\x79\x05\x23\x71\x2f\x2f\xf8\x70\x98\x92\x69\x5c\x4d\xb9\xad\x31\x0d\xf8\xc6\xee\x7b\xd8\x3c\x87\x1f\x05\xae\xc3\x3b\x7a\xd3\x26\xf4\x46\x69\x2a\x42\xf7\x22\x23\x76\x24\x6d\x53\x6a\x32\x6c\x4d\x73\xeb\x57\x2f\xea\xda\x11\xb8\xac\x71\x14\xf6\xcb\x44\x4c\xa2\x78\xfc\xf0\x7b\x97\x0d\x2a\xd4\x65\x37\x2a\x68\x7d\x36\xb7\xda\xac\x47\x87\x48\xec\x6a\x93\x2d\xa2\x08\x43\x94\x8e\xfa\x39\x30\x97\x81\x42\x72\xe5\xca\x1c\x73\xe7\x11\x97\x3a\x52\x68\x3f\x98\xc0\x1e\x55\x24\x1c\x15\x4d\x28\xe3\x8d\x3e\xdf\xad\xe2\x30\x3a\x4e\x7c\x45\xc2\xa7\xa1\xc9\x96\xee\x11\x37\xaf\x86\x4a\x98\xb6\x98\x09\xfc\x92\x14\xee\xa8\xcf\x3a\xfe\x84\x2f\xee\x3e\xb9\xa9\x32\x2c\x3b\x82\xfd\xdb\x05\xd4\xd1\xa2\xde\x09\xc1\xce\x72\x73\x44\x53\xa8\xdd\x3a\x89\x20\xd0\xd0\xac\x96\xef\x77\x8b\x9e\x02\xc6\xa3\xf1\x28\x72\xe1\x7d\x3a\x81\xba\x75\xfd\x23\x3b\xaa\xdb\xe2\x16\xea\x0a\x58\xe9\xdd\xa0\x08\x40\x87\x02\x08\xae\x41\x35\x40\x03\x0b\x3c\x05\xe5\xd0\xb8\x32\xdf\x87\xc8\xee\x7f\x15\x34\x87\xaa\x11\xba\xd9\xf1\x39\xc7\xdd\x4b\xcf\x41\x8f\x4b\xcb\x95\xbe\xe8\x57\xd0\xe9\x60\x84\x47\x23\x87\xcb\x39\x12\x7a\x94\x71\x34\x50\x19\x63\xa7\x07\x1b\xdb\x34\xde\x69\x61\xbe\x2b\x6b\x06\xe4\x03\xe7\x59\x18\xe6\xf6\x9d\x08\x02\x1c\xf2\xa8\xac\xb8\x0a\x01\x11\xf4\xd5\x06\x10\xc1\x52\xd3\x9c\x66\x21\xc0\x57\x8a\xc6\x89\x95\x9b\x1c\xe6\xf3\x76\xf4\x3d\x18\xaf\x06\x2e\x4a"},
+{{0x42,0x80,0x66,0xc5,0x24,0x45,0x72,0x6d,0x0e,0xa2,0x00,0x7e,0x50,0x46,0x37,0x27,0x4d,0x84,0xee,0x23,0x23,0x25,0xb5,0x05,0xf2,0xc5,0x16,0x35,0x7f,0x80,0x75,0x83,},{0xdd,0x40,0xfe,0x8f,0x67,0xc6,0x65,0x61,0x3b,0x3c,0x45,0x9f,0x6a,0xce,0x8d,0xc2,0x8d,0x34,0xe0,0xe7,0x7e,0x2f,0x6a,0xa0,0x60,0x59,0x28,0x19,0xbe,0x6a,0x9d,0x68,},{0xc9,0x38,0x82,0x9f,0x59,0x8b,0x1f,0xf1,0xb8,0x18,0x33,0x60,0xd2,0x23,0xf4,0x3c,0x59,0x47,0x30,0x60,0x68,0x76,0xa9,0x9a,0x3f,0x31,0xb2,0x06,0x5d,0x04,0xe6,0xf0,0x75,0xd1,0x39,0x6b,0x3c,0x8c,0xff,0xb0,0xe1,0xe2,0xea,0xab,0xda,0x7d,0xa5,0xe7,0x89,0xcc,0xd1,0xc0,0x20,0x83,0x5f,0xe3,0xa7,0x1d,0xcd,0xb6,0xaf,0x03,0x96,0x0c,},"\xe2\x79\x6c\x50\xd9\x3d\xf8\x12\xbc\xa4\x1b\xf2\xa1\xe1\xdd\x73\x7d\x8c\xf6\xf6\xb4\xf7\x62\x42\xe3\x91\x78\x18\x67\x58\xcb\xae\x08\x84\xe6\x0c\x6b\x4a\xaa\xdd\xae\xc9\xa8\x99\xa9\x12\xe5\xc5\xb9\x80\x4d\x7b\x04\x97\xba\xb4\x45\x8c\x58\x5d\x4f\x25\x92\x22\x49\x8c\xe9\xe8\x0e\xb6\xa7\x97\x9b\xbe\xd6\xd5\x2c\xc3\x80\x72\xf7\x45\xcb\x2c\x63\xe6\x63\xbc\x3b\x9d\x6c\xaf\x01\x2a\x60\x7f\x6d\x3b\x70\x6e\x15\x57\x57\x87\x17\xec\xbb\x97\x1a\xeb\x7c\x48\xe1\xdf\x95\x71\x1c\x55\x0e\x00\x69\x93\xbf\xfb\xa9\x11\xcb\x64\xad\x52\xd5\x17\xed\x18\xbe\x82\x36\x9e\x81\x58\x19\xd3\x17\x59\x47\xd4\xa3\x5b\x2c\xc7\xb9\xdc\x6c\x10\x05\x13\x26\xb3\xf1\xdc\x1e\xdb\x1b\x68\xba\x01\x5f\xf7\xca\x1d\xc3\x61\xd8\x96\x7a\xbc\xff\xd3\xc3\x1f\x7d\x6b\x0c\xb1\x39\x6a\xe5\x41\xf2\x97\x59\xc4\x13\x0b\xe5\x2e\xcc\x11\xd9\x92\x61\xc3\x65\xbf\x7c\xde\xc7\x81\x49\x4c\x5f\xa0\x52\x6d\xb4\xdb\xbe\x66\x0a\x43\x2b\xe5\x60\x43\xc6\x6e\xa0\x7c\x25\x62\x7a\x5f\x72\xb7\x81\x23\xdc\xf9\x86\xff\x71\xed\x1a\xff\xd1\x65\x9b\x13\x93\xd9\x62\x1f\x71\x1d\xfa\x63\xea\xda\x38\x34\x30\x79\x70\x58\xf1\x56\x6a\x00\x05\x2d\x67\xba\x53\xc1\x23\x7b\x56\x91\xde\x3b\x03\x9f\xd4\x47\x6f\x11\x51\xe5\xed\x5f\x5a\x98\x67\x2f\xa3\x3a\x1d\x85\x4f\xa0\x15\x66\xb3\x32\x31\xd4\x6a\xcd\x7f\x34\xb8\x03\x44\x79\x98\x18\x53\x76\x4d\xab\x87\xf4\x98\x44\xcb\x62\xc6\x3d\x53\x6f\xac\xa9\x20\x44\x7d\x8c\xd1\xe8\x11\x3e\xdb\xc8\x3e\x4a\x6b\x78\x15\xe1\x80\xcd\x78\xb9\x33\xd9\x68\x7f\xd5\xbe\x99\xd0\x51\x8a\x44\x66\x29\x89\xbc\x64\x01\x11\x24\xf1\x87\xd4\x39\x79\x99\x4a\x95\xe0\xc9\x03\xa0\x06\xc1\xc0\xbe\xf1\xc0\xf3\xdf\x1e\xb7\x00\xf9\x80\xc2\x8c\x3c\x1e\x99\x7d\x0c\x56\xd1\x13\xda\xe1\x96\x88\x2b\x05\x01\x8f\xca\xb3\x14\xd8\x11\x7f\xaf\xba\xbe\x77\x00\xb9\x32\xd4\x7c\x57\x36\x2b\x20\x35\xed\xdc\xe2\xd2\xef\x33\x64\x1e\xa9\x0c\x3e\xa3\xfe\xc6\xea\x5b\x87\xe1\x61\x01\x4c\x4f\x82\x14\xfd\x03\xce\xbf\x94\xab\xe1\x22\x53\x7a\x98\x70\x32\x39\xdf\x58\x21\xc5\xab\x63\x3f\x98\x36\x5c\xc6\x36\xe3\xf1\xd2\xf7\x4e\x0f\xf8\xf1\xfe\xe0\x6a\x3f\x73\x90\x7e\xe5\x04\xb3\x10\xfd\x52\x24\xad\x4d\x05\xcd\x23\xc3\x56\xdf\x8b\x34\x64\x72\x98\xc4\x98\x28\x72\x5b\xa5\xfd\x60\x61\x1e\x82\x9b\x63\x37\xbc\xc9\xdc\xf8\xe8\x97\x1c\xab\x3e\xe9\xc2\x63\x37\xd3\x8d\xfd\xfa\x03\x6b\xf6\x09\x6b\x63\x5a\xc1\xbd\x55\x25\xec\xd3\x77\xa1\x52\x72\xa8\xac\x9b\xbe\xf1\x33\x10\x7a\x42\x25\x8d\x8b\x19\xec\x69\xdc\x42\x61\xbe\x53\x00\xa2\xd2\xd5\xca\x99\xf3\x1e\xfd\xf2\x59\xf9\xd0\x79\x86\x9a\x34\x41\x37\x79\xf3\x02\x88\x24\xd7\x47\x68\x6c\x46\x0f\xfc\x49\x6f\x20\x10\xf4\x03\xe9\x03\xe2\x7a\x87\xdd\x07\x5a\xe0\xa7\xf1\x68\x94\x16\xd3\x1b\xcc\x15\xf4\x90\xca\xf9\x75\xc4\x0e\x71\x5d\x54\x99\x03\xe8\xbc\x0f\x7d\x91\x41\xe0\x20\xf4\x10\xf3\xca\x2b\x2c\x07\x97\xca\x0d\xc8\xd7\x39\x2b\xff\x24\x35\x28\xc7\xf3\xbe\x13\x89\x97\x18\x5a\x4b\x36\xf4\x53\x76\xd9\xfd\x70\xba\x20\x98\x9d\x2d\x1a\x91\x1d\x4b\x98\xd1\x60\xd2\xb8\xde\x59\x2d\xe2\xf4\xc0\x4f\x35\x86\x0d\xf3\x20\xc5\x48\x44\x0d\x5e\x3a\x34\x6a\x14\xd3\xa6\x3f\xe4\x85\xc2\x88\x91\x26\xb7\xf4\x1d\x55\xa6\xeb\x23\xd5\x62\x0b\xab\xf8\x56\x4a\xa7\x9d\x15\x6e\x98\x3f\x36\xd9\xed\x49\x8d\xa9\xca\x88\x8d\x94\x6b\x53\xcc\x47\x68\xa5\x89\x2d\x52\xd5\x41\x52\x69\x60\x28\x25\x24\xba\x61\x94\xda\x65\x94\x1d\x1e\xa3\x0f\x80\x6b\xb6\xd9\x7c\x74\x88\xb9\x3f\xd0\xa7\x70\xa9\xb1\x5e\xfc\xd1\x2c\x5c\x46\x94"},
+{{0x31,0x45,0xbc,0x68,0xd8,0x29,0x79,0x40,0x8e,0x46,0x57,0xb7,0x75,0xf1,0x50,0xc6,0xd2,0x8a,0x32,0x4d,0x74,0x6e,0xa6,0xde,0x90,0xfd,0x72,0xb1,0x7a,0x25,0x79,0x82,},{0xc7,0x76,0x18,0x6c,0xe4,0x7f,0x30,0xad,0x08,0xfa,0x1d,0x2c,0x61,0x6a,0x36,0x44,0x66,0x5b,0xa5,0x4f,0xf7,0x30,0xfc,0x2f,0x4d,0xb1,0xdb,0xa3,0x8d,0xde,0xed,0xca,},{0x24,0xa4,0x33,0x33,0x76,0x83,0xbc,0x71,0xa6,0xca,0x3b,0xcc,0xd8,0xcc,0x24,0x00,0xc2,0x44,0x64,0xfa,0x67,0x71,0x4b,0x46,0x51,0x5f,0x2a,0x14,0x32,0x71,0x27,0x05,0xd5,0x70,0x61,0x4d,0xb6,0xd2,0x6b,0xbb,0xd3,0xf0,0x26,0x7c,0x14,0x27,0xca,0x1c,0x2f,0x40,0xdc,0x9a,0x6f,0x1f,0xb0,0xf0,0xfc,0x71,0x4a,0x02,0xe2,0x4b,0x47,0x08,},"\x2e\xa8\xdc\xe1\x48\x7f\x45\xd6\xff\x8e\xb8\x3c\x54\xfb\x7e\xdd\x76\xad\x6e\x60\x8b\xb8\xda\xf1\xa1\x82\x3d\xa4\xf4\xe4\xe9\x86\x31\x73\x89\x7c\x19\x7a\xc6\x58\x04\x82\x3b\xca\x95\x09\x1f\x59\xe8\x6d\x63\xc1\x8d\xbc\xdb\x85\x74\x3f\x88\x93\xee\x69\x4d\x81\x56\x01\xf8\xf2\x2f\x4d\x7d\xf0\x87\xf0\x11\x4b\xb2\x6c\x37\x95\xe1\xfe\x4b\x7f\x4a\x8f\xa3\x1f\xd9\xf4\xff\x10\xfe\x5d\xd4\x52\xc5\x4c\x55\x78\xc7\x52\xf8\x88\x21\x30\x76\xbe\x46\x7b\xa3\x0d\x2e\x2f\xbb\xee\x87\x7c\x4b\xe9\xb6\xec\x4f\x04\x02\x1c\x00\x6f\x92\x66\x31\x19\x43\xca\xb7\xce\xa9\x9a\x2a\xce\xbb\x69\xee\xc3\xe6\x18\xc1\x31\xf9\x74\x30\x07\x5f\x79\x75\xe3\x9f\x26\xd5\x31\x51\x78\xb6\x9a\x1d\xdf\x73\x17\x61\x05\x1b\x93\xfb\x8d\xf7\xe0\xe8\xb4\x1e\x82\xe7\xf4\xf7\x5e\x91\xd6\xc8\x90\xb1\x4c\xa5\x33\xe0\x94\xeb\x8e\xa4\x48\x6d\x38\x71\x85\x96\x6c\x98\x29\x5d\x3f\x58\xb1\x7e\xef\x6c\xc3\xb4\xd0\x7e\x93\xa3\xd9\xf4\x77\x2e\xe5\x2f\x18\xa5\xbb\x30\xaa\x39\x72\x85\x0e\x65\x81\x70\xbd\xdb\x67\x6f\x33\x26\x6c\x9f\xd1\x0f\x59\x90\xba\xd8\x91\xf0\xce\xb7\x82\x73\x6b\x40\xf0\x1b\xd8\x65\x09\xb0\x63\x04\xa9\x6d\x93\xda\x23\x3d\xbe\xd1\x8a\xfa\x18\x18\xaa\xf5\x7a\xf9\xbd\xbc\x86\x7b\x39\x7f\xf2\x35\xa8\x3e\x85\x72\x24\xb1\x50\x65\x22\x5e\xec\x03\x9d\xd4\xe2\xd6\x9a\x04\xee\x10\xbe\xa0\x69\x50\x41\xed\xa5\x9b\x05\x8e\xc0\x5f\x49\x04\x8e\xe3\x24\xd1\x6c\x4d\x61\x07\xb6\xec\xd0\x48\x75\xeb\x74\x4e\x93\x65\x47\x1b\x4c\x5f\xe6\x61\x1b\x26\x18\x93\xf9\xd2\xb1\x28\xe1\x35\xf9\x2e\x47\x41\x56\xb2\x71\xb3\xc8\x2e\x9a\x76\x63\xda\xd4\x95\x3d\x30\xe1\x0e\xda\x08\x62\x60\x7d\xec\x33\x72\xb3\x99\x70\xf2\xa8\x4b\x12\xf6\x0e\x6d\xae\x7f\x31\x79\x90\x86\xd3\x8a\x7e\x34\x94\x84\x19\xc1\xb0\x7f\x44\xc2\x15\x9c\x86\xb8\xc0\xcf\xe8\x74\x7f\xc2\xba\xd5\xbf\x47\x53\x56\xcf\xe6\x9d\xe2\xdc\x6a\xd5\xa5\x19\xfd\x65\xc1\x25\x64\x70\x1c\x05\xf7\xc2\x77\xec\xaf\xcf\x4c\x87\xb1\x48\xdf\x1f\x98\x79\xa9\xae\x44\x3c\x55\xae\xa5\x21\x38\xc6\xfa\x01\xef\x0c\x3a\xbb\x5f\x2d\xf9\x0a\x57\xab\x66\x24\x17\x8c\x73\x7b\x54\x91\x5b\x7a\xa2\x9e\xa7\x8e\x8e\x49\xef\x5a\x81\x6d\x8a\x92\xc2\xf8\x1b\x8a\x19\x63\x27\x79\xc8\x92\xd6\x6f\x75\x3d\x51\x8c\x41\xcc\xcc\x9e\x59\x3e\x50\x74\x26\x25\xbc\xaf\xa4\x68\x80\x5c\x37\xa2\x1f\x8e\x29\xa6\x96\x0d\xdf\x5c\x5e\x5c\xa1\x4a\x7b\x05\x2a\x7b\x60\x15\x69\x7a\x02\x10\xed\x6f\x01\x43\xe6\xb4\x84\xc3\xf5\xb3\xb4\x72\x6c\x60\x7d\x07\xbf\xb3\xd5\x4a\x09\xc9\x80\x43\xf2\x1d\xcc\x5c\xc2\x0b\xb4\x75\x4e\x2e\x5a\x73\xb2\xf8\x06\xc2\x20\x4b\x72\xf3\x6a\xb9\xe9\x6a\x62\xc6\x27\x7c\x0a\xd6\x6b\xe7\xab\xff\xc1\x63\xb4\xe8\xfa\xfc\xef\xf5\xe2\x02\xe5\x94\x3f\x4f\x0e\x6b\x92\xb4\xdd\xb9\x53\xcb\xb7\x91\xf8\x31\x66\x03\x69\x38\xe6\xc4\x4a\xd9\x1a\x59\x6a\x55\x73\x44\x0f\xb3\x07\x41\xe6\x60\xb6\xcd\x5f\x86\xff\xa7\x46\xe6\xe9\x72\xb8\x05\xc1\x0b\x7b\x7b\x9a\x63\xc0\x55\x1d\xb8\xeb\x4f\x84\x00\xcd\xe2\x86\x8c\x0d\x0d\x4e\xb4\xcf\x11\x7f\x8e\xc4\xab\x97\x44\xfc\x58\x79\xde\xa7\xf0\xef\x16\xc2\x91\xd5\x5c\x17\xf0\x8b\x73\x1b\x7c\x65\xd0\xc4\x41\xb6\x3b\xc8\xff\x5e\x94\x90\x4c\x02\x6a\x13\x61\xda\xcc\x80\xa9\x3a\x9b\x9f\xba\x3b\x40\x36\x17\xae\xb9\x4a\x56\x85\x41\x84\x80\x11\x95\x42\x34\xae\xad\x70\x0f\x03\x4c\x47\xc7\xde\xf8\x77\x90\x52\x55\xf1\x8b\xdb\x9a\x25\x7c\xe5\xbd\xcf\x0e\x17\x67\x0c\xda\xaf\x13\xb1\xc7\xe0\x9d\x58\xf9\x2a\x96\x63\xaf\x23\x9e\x22\x07\x8e\x18\x0a\x23\xcc\xb6\xf6\x4d\x64"},
+{{0x5a,0x25,0xea,0x5e,0x18,0x2d,0x9b,0xf8,0xe9,0x30,0xa2,0x0b,0x6c,0xf5,0x5e,0x24,0xe8,0x38,0x62,0x78,0x9b,0x38,0x39,0xb1,0xce,0x9a,0x71,0xe9,0x38,0xc4,0x2d,0x37,},{0xc9,0x81,0xfc,0x36,0xf1,0xa6,0xd5,0xf7,0xd4,0x51,0xcd,0x5e,0xf3,0x9c,0xd3,0xab,0x02,0x08,0x7f,0xcc,0x6a,0xf2,0x7d,0xd7,0x8e,0xa8,0x27,0x49,0x7e,0x77,0x9e,0x21,},{0xa4,0xf3,0x5b,0x49,0xd7,0xe1,0x98,0xe5,0xd3,0x26,0xe3,0x53,0xfb,0xb0,0x1f,0xa1,0x3b,0x6a,0xe2,0x60,0xd1,0xe4,0x8e,0x30,0xc1,0xb9,0x67,0x73,0x7a,0x5e,0x79,0x93,0x6c,0x97,0xca,0x2b,0xa7,0x99,0xca,0x34,0xe5,0xe7,0x88,0xce,0xa5,0xac,0x8e,0xd1,0x0d,0x5c,0xd1,0x5d,0xae,0x53,0xe4,0x24,0x32,0x32,0x1c,0xc2,0x6d,0xc9,0x98,0x09,},"\x21\x4d\xd1\x92\x7f\x2c\xac\xd9\x88\x87\x14\x24\x9b\x85\x43\x46\x02\xac\x78\x45\x3b\x4a\xf5\x38\x6e\xee\x39\x29\x5d\x3d\x5a\x22\x67\x80\x6e\xb0\xcf\xf2\xc1\x32\xd3\x64\xc2\x42\x0d\x04\xe3\xf6\xcc\x0a\x96\x7b\xf0\x5a\x10\xff\xcf\x12\x17\xbb\xf3\x15\xe7\x5b\x98\x06\x0f\xd4\x58\xd6\x7e\xba\xad\x93\x80\xf4\xad\xc4\xdb\xdf\x74\xcb\xf1\xc6\x47\x92\x02\xbd\xd7\xfe\xd3\xa9\x46\x69\x7d\xc3\x84\x44\xd8\x8b\xfe\x51\xd4\x1d\x7a\x9b\x38\xda\x60\xb8\x50\xc5\x6b\x48\xba\x98\x4f\x6a\x18\x89\x51\x49\x55\xc0\xda\xdb\x69\xa8\xc7\x36\xcc\x76\xcd\xc4\x9f\x13\xf8\x5a\x8b\xfb\x79\x28\xff\x0a\x0c\x0c\x03\xf1\x7c\x74\xb5\xe1\x06\x2d\x75\x53\xfb\xeb\x9d\xd3\xd5\x08\x1d\xe1\xdf\xd8\xa6\xa9\x97\x66\x97\xc6\xa2\x59\xbc\xf7\xd4\xbe\xf1\xc2\x1e\x0a\xaf\x32\x98\xb0\x42\x1b\x91\x9f\xdd\xfc\x1d\xcb\x3e\xc6\x83\xd8\x6f\xf3\xd4\x23\xd7\x1c\x8f\x2d\x72\x3a\x42\xff\x68\xd8\x2e\x9f\x39\x17\x49\xb8\x29\x98\xdc\xfa\x11\x21\x60\xf5\x2a\x41\x3a\x23\xd9\x5f\xc4\x2c\x3b\xd2\x23\x84\xba\xd7\x77\x54\xa7\x10\xd8\xb9\xf8\x4a\xe0\xa8\x02\xfc\x46\x50\x9e\x7f\x2b\x07\x07\x90\x12\xb4\x3b\xfe\xea\xb7\x19\xbd\xe5\x6f\x00\xe5\x9b\x8e\xdf\x1c\x47\x28\x83\xb1\x98\x5b\x2f\xa6\x99\xa1\xae\x90\xcf\x45\xd7\xac\x58\x0c\xeb\x5f\x27\x97\xde\xf5\xb8\xbf\x4f\x2b\x9b\x35\x19\xa7\x27\xb9\xf2\xcd\x12\x56\xa2\xf0\x76\xed\x22\x96\x49\x5b\x5c\x2d\xf7\x88\x7f\xf8\x9e\x88\xe2\x36\xa1\x4c\xde\x63\x24\xf4\x3d\x68\xd9\x01\x72\xb0\xb8\x8b\xd2\x88\x03\xe9\x99\xdb\xed\xcc\x50\x1d\xb6\x54\x54\x4e\x17\x1e\xc1\xf9\xf3\x2d\x4d\x33\x21\xd5\x89\x39\x2e\x03\xca\x65\x9f\x96\x75\x2e\x1f\x08\xa5\x5d\xb5\x53\xd8\x66\x98\x55\x41\xf5\xbe\xf8\x4c\xe2\xee\x32\x3e\x17\xd1\xf7\xdc\x16\x4b\x50\x51\x5a\x28\x7d\x53\x05\xfc\x28\xc5\x98\x3b\x9e\x53\x98\xb2\x40\x7a\xe4\x72\x96\xfe\x4a\x48\x1d\x22\xff\xb4\xb8\x65\xa6\x6b\x97\xa6\xc2\x79\x35\xdd\x8e\xb8\x69\x94\xb7\x9d\x36\x83\x63\x71\x3f\x10\x1d\xc3\x7f\x42\x9e\xee\x0f\xee\x24\x41\xc2\xdc\x17\xbf\x43\x92\x4f\x0c\x04\x4f\x14\x32\x90\xea\xf3\xf9\xee\x4d\x94\x6d\xbe\x45\x83\x1a\x0d\x83\xc0\x76\xe7\x51\xc1\x4f\x3b\x1a\x72\x67\xf5\x44\x6c\x18\x86\x98\xd2\xb4\x6d\x87\xe6\xf3\xb2\x0b\xb3\xfd\xaf\xe2\x4c\xc0\x96\xbc\x31\x2d\x86\x78\xb3\x8a\x80\xc3\xf0\x52\xa0\xc9\x6d\x5a\xd8\x7a\x5d\xd8\xc1\x33\xcc\x9a\x15\xbe\x33\x57\x4c\xd9\x43\x08\xc2\x4d\xec\x1a\x9b\xdf\x18\x9b\xa6\x87\x19\x9f\x72\xef\x67\x09\x87\x8e\x10\xf8\x7b\xd8\xa0\x3d\xc8\x4c\x8f\xa9\x64\x20\x28\x58\x98\xca\x32\x11\xd8\xb0\xcc\xef\x64\x01\x1e\xc2\x4f\x38\xe5\x74\xda\x34\xda\xb9\xd2\xf0\x02\x10\x52\x27\x89\x0f\x92\x48\x8c\x62\x1e\x57\x13\xe4\x7d\xbc\xb1\xa8\x2a\x6d\xa6\x0d\x8b\x22\x01\xeb\x29\xd4\x94\x49\x33\x60\xed\x5a\x3f\x4b\x52\x25\xea\xe7\x70\x7e\xe0\xb4\xc0\x40\x73\x05\xc1\x67\x54\xc7\xf6\x30\xfc\x85\xc1\x3e\x49\x17\x04\x7b\xcf\xf3\xb2\xa2\x93\xfe\x95\x55\x06\xc7\x26\x4e\xa6\x5b\xf3\xa9\xb2\x5a\xcf\x34\x36\x00\xd8\xfa\x0c\x7c\x1a\x29\x0d\x02\x71\x10\x1b\x7f\x40\xb9\x6e\x7f\xda\xf2\x9d\xef\x9d\x93\x27\xa5\xae\x05\x44\x6c\xb5\xa6\xd3\x22\x45\x3a\x8b\x09\x8b\xcf\x3a\xee\x1f\x70\x4e\x14\xd0\x0b\xe3\x42\xb8\x93\x4d\x19\xe5\x29\x21\x88\x72\xea\x3a\x2f\xb2\x12\x4b\x52\x66\x7c\x01\xfc\xa5\x84\x1c\x66\xe1\xe6\x4a\x1e\x68\x0e\x09\xba\x18\x6e\x04\xd1\x05\x18\x6c\xf6\xeb\x72\x8b\x9d\x50\x2a\x66\xb8\x29\xfb\xc9\x92\xa3\x88\x10\x04\xec\xdc\x80\xad\xfd\x04\x4e\xda\x88\x0f\x8a\xf7\x2a\x14\xfb\x55\x0d\x7c\xc7\x41\x94\xa9\x45\x20\x7d"},
+{{0x42,0x33,0x5c,0x30,0xb3,0xf6,0xb3,0x59,0xce,0xf5,0xaa,0xb6,0xa3,0xce,0x28,0x58,0xa1,0x51,0xb7,0xa4,0xfd,0x78,0xd2,0xfd,0x3e,0xe3,0x6f,0xc2,0x9d,0x24,0x94,0x04,},{0x30,0x1c,0x51,0x5a,0x02,0xa4,0xc6,0x6b,0xc6,0x40,0x10,0x80,0xc6,0xca,0x79,0x23,0xb7,0x83,0x1e,0x3c,0x9a,0x72,0xb5,0x5b,0x14,0x02,0x7e,0xb2,0xe7,0xb3,0xb1,0x52,},{0x67,0xb0,0xf1,0x74,0x49,0x03,0x9e,0x8c,0x79,0x7b,0xf9,0x13,0xaa,0xe6,0xe4,0xf0,0xbb,0x99,0xc7,0x4d,0x6d,0x10,0xc9,0x73,0xb9,0x90,0xff,0xe0,0x3e,0x7e,0xe4,0xab,0x5b,0x35,0x80,0x6d,0xb1,0x5a,0x98,0xc0,0x84,0x6a,0x82,0x7e,0x7b,0xcd,0x53,0x9c,0xd3,0xbc,0x09,0xdd,0x11,0x8a,0xb3,0xe5,0x26,0x63,0xa3,0x57,0xb1,0x29,0x91,0x07,},"\x6d\xa2\x25\x1e\x6f\x55\x95\x36\xb0\x9b\xfa\xfb\x81\x60\xa2\xe8\x10\x2d\x31\xf8\xb5\x93\x24\x08\x3e\x52\x27\xb2\x0c\x3e\x5c\x3a\x06\xe2\x39\x67\x68\xdc\xa3\xec\x76\xdc\x7f\xc0\xeb\x3d\x14\x5e\x62\xed\x07\xfc\x1a\x8b\x1b\x2e\x34\x70\x13\xa0\x52\x72\x74\xd0\xb2\x34\xfe\x72\x50\x26\xa9\xd1\x28\xf8\xdf\x20\xdb\xfa\x3b\x65\x03\x81\x8e\xde\xbd\x7f\x24\x93\x40\x80\x94\x5a\x7e\x1e\xa0\x22\x73\xfe\x48\xb6\xed\x1e\x83\xfd\x16\x8d\x79\x73\xfb\xb7\x94\x1b\x40\x37\xd3\xcd\xa5\x55\xe0\xe8\x9c\x2b\x94\x3f\xb1\xe2\x07\x65\xac\x7d\x4f\xa3\x77\x7f\x35\xa0\xa8\xbc\x11\x8f\x59\x9c\x84\x7b\xe3\xfd\xb2\xd8\xe2\x01\xae\x12\xa3\x0b\xde\xfb\x03\x4f\xf2\x4e\x3e\x2e\x70\x1a\x0d\x17\x33\x73\x40\x78\xbd\x1f\x9a\x69\xbb\xc6\x67\xe4\x61\x21\x1f\x2c\x76\x9d\x29\xdb\x7c\x4d\x62\xd6\xb1\xb9\x2b\x56\xf5\xf1\x8a\x93\x1a\x92\x60\x64\xb7\x8d\xa1\x46\xe1\x8b\x48\x13\x9b\x9b\x39\x86\x2a\xec\x37\xbc\xce\x12\xcb\x78\x94\x29\xe6\x8e\xa3\x81\x12\xd0\xb5\xcc\xe3\x0b\xd2\xd2\x6c\x5f\x7f\xd4\x15\xda\xf7\xca\x31\x7b\x33\x68\xb7\x61\x7d\x45\x25\xe5\xbc\x97\xd9\x46\x1d\x5d\x64\xf6\xb5\xd3\x18\xd0\xbc\x3b\x76\xf2\x5b\x06\x05\x42\x69\x09\xf2\xaa\x0c\xd6\x67\xa4\xf0\xe0\x75\xb9\xa9\xfb\x2e\x9a\x6c\x82\x70\x4d\x8a\x9f\x16\x66\x84\x4e\xdc\x32\xf6\x3a\x3d\x4e\x0f\xd9\xfd\xba\x30\xb5\x1b\x33\x36\xb9\x6e\x9e\xae\x39\x2a\x34\x2d\xe4\x9e\x9b\x5f\xa0\xf9\xb9\x01\x71\xbd\xe0\x9c\xf1\xe9\x46\x49\x91\x40\x00\x81\x59\xeb\x18\x65\x56\x3c\x28\x39\x4b\x03\xa8\xd7\xa5\x52\x27\x1b\x28\x76\x68\x75\x66\xb8\x0f\xd3\xbe\x2b\x66\x33\x2f\xca\xd1\x96\xca\xb8\x52\x7c\x56\xe2\x15\x36\xa1\x41\x65\x2c\xdc\x7f\xa7\x45\xb2\x6a\x33\x1d\x78\x7b\x93\xe5\xe8\x16\xd8\xd8\x51\xa5\x8f\x6a\xc0\x7a\x58\x27\xfc\xdf\x47\x2e\x86\x85\x43\x3a\x40\xca\xc0\xc4\x9a\xa5\x69\x31\x9a\x2e\x57\xb4\x1c\x99\x98\x16\x5e\x69\x72\x3b\xa7\x7e\x5c\x04\x23\xc4\xb4\xca\x07\x18\x7b\xb7\x44\x2e\x7d\x31\xca\xac\xb2\x77\x00\xc7\x1a\xe4\x8c\xd0\x55\xed\x2f\xe4\xda\x36\x3f\x44\x82\x11\x24\xcc\xa1\xbf\x2e\x63\xd9\xb8\xab\xd2\xfa\x41\xb1\x42\x2f\x52\xd5\x58\xbc\x5f\x11\x0c\x86\x3c\xc6\x00\x86\x49\x84\xed\x25\x9b\x73\xcd\xdd\x57\x96\xb3\x29\x79\xed\xdf\x76\xa0\x7b\xc5\x9b\x73\x68\xc4\x8e\x12\x9e\xcc\x0d\x45\x35\xdc\xce\xe2\xc3\xb8\xe5\x6d\xe5\x0e\x6f\x5c\xc6\xea\x51\x5c\xd6\xa0\xeb\xdf\x1c\xa7\x9a\xa2\x79\x48\x21\xad\x2e\x10\x9e\xdd\xa4\x50\xc9\xfc\x3c\x84\xd8\xc9\x6b\xc3\x8d\x4b\x43\x7a\x73\x8f\x81\x8b\x4d\xdc\xb6\x84\x38\x3c\x09\xb1\x1b\x36\x05\x2e\x9d\x2f\x76\xa6\x1e\xb4\xd6\x20\x49\xce\xd5\xf6\x16\x62\xc4\xb9\xec\xd2\x4a\x67\xf4\x51\x9d\x46\x52\x8c\x5b\x2e\xb2\x10\x05\xf4\x9c\x73\xa3\x37\x0c\x68\xe3\x7a\xc2\xb1\x8d\x48\x1f\xa1\x0f\x96\x71\x4f\xe0\x5c\x16\x8d\xf1\x1c\xda\x54\xf1\x4f\x49\x37\xe9\xfc\xe1\xf5\x16\xc0\x37\x1b\x36\xa2\xc0\xa0\x50\xba\xc7\xfa\x51\x22\xa6\xe3\x5e\xc9\xc4\x04\x36\x58\x5f\x31\x6e\x6c\x91\x1b\xdf\xd7\xdb\x4b\x80\xb4\x30\x64\x79\xb8\x2a\x2b\x24\x3a\x52\xb2\xd2\xb6\x27\x42\xed\x11\x28\x27\x90\xcf\x6f\xdc\x7c\x9c\x82\x43\x64\xcf\x25\x63\x6a\x85\x51\x50\xbd\xdb\xdf\x7e\x64\x0f\x9f\x95\x2a\x94\x7e\xc7\x97\x49\x25\xe8\x24\x50\x68\xb2\x92\x10\x1b\x1f\x4b\x20\x18\xe8\x5d\x07\x8c\x2f\xee\xf4\x49\x23\x49\x72\x9a\xd4\xac\xb3\x8f\x1c\x7c\x02\x70\xb6\x1d\x3d\xfd\x76\x36\xc6\xcb\xf1\x81\xe4\xc8\xa0\xe6\x4f\xa0\x61\x32\x55\x3c\x2b\x9d\xb7\x01\x9e\x3b\x3c\x48\x5d\x8d\x5b\x7d\xfd\x5f\x51\x5e\x4d\x71\xed\xe5\x35\xae\x7f\x2a\xae\xdc\x23"},
+{{0xbe,0x6b,0x2b,0xab,0xdd,0xd2,0xdc,0xa1,0xb0,0xe1,0x0d,0x12,0xd2,0x0a,0x9c,0xe2,0x9c,0x67,0x85,0xda,0xc1,0xd6,0x0f,0x2e,0xdf,0xa9,0x4a,0xc2,0x78,0x4b,0xa7,0x66,},{0x39,0x8f,0x22,0xf0,0xef,0xbf,0x8c,0x38,0x35,0x5e,0x47,0x91,0xbf,0x67,0x08,0x98,0x95,0x1f,0xbb,0xd5,0x51,0x8f,0x0e,0x2a,0x60,0x5d,0x46,0x00,0x23,0xf6,0x13,0xf0,},{0x70,0x2a,0xb9,0xac,0xbf,0xa7,0x5e,0xa2,0xad,0xbe,0x4b,0xe2,0xb6,0x84,0x76,0x25,0xae,0xb4,0x09,0xee,0xf9,0x59,0x6f,0xab,0xe3,0x9d,0x2c,0x53,0x3a,0x03,0x43,0x1e,0x5e,0x57,0x95,0x52,0xe8,0xa6,0x4f,0xc4,0xfb,0x7d,0x92,0x6a,0xa8,0xff,0xfe,0x06,0x40,0x69,0x84,0x64,0xc4,0x45,0x4c,0xe3,0x5f,0xe8,0x3f,0xf2,0x63,0x05,0x1a,0x01,},"\x5c\x92\x95\x88\x1b\x7a\x67\x06\x69\xb0\x4c\xbe\x0d\xab\xd8\x96\x93\xb7\x7f\x7c\xce\x0d\x4a\x33\xf5\x2e\x02\xeb\x26\x95\x9e\x71\x3d\x9a\xef\x5f\x95\x44\x2b\xdf\x91\x72\x83\x83\x32\x52\x02\xaa\xcc\xc0\x37\x47\x7e\x36\x66\xfa\xca\xf2\x4e\xac\x95\x34\x87\x9a\xa3\xef\xe1\x8f\xfc\x1a\x5c\x54\xe3\x9c\x76\x87\xd0\x93\x7b\x24\x71\xba\xb3\x89\xb6\x46\xcb\xe6\xb3\xe5\xd5\x96\x1e\xa6\x3b\xd4\x52\xb4\x74\x33\x44\xce\x4c\x79\x33\x74\x52\x37\x95\xc7\x81\xee\x84\xd5\x11\xe2\x94\x11\x19\xba\xd1\xf4\xa7\x46\xed\x9d\xba\x89\xc8\xd0\x75\x1a\x64\x02\x71\x86\x35\xf6\xe3\x1d\x9e\x18\x68\x1c\x69\x56\xc5\x37\x32\x51\xd3\x5f\x53\xba\xa1\x98\x7c\xd4\x48\xc9\x03\x1a\x07\xf3\x2c\x80\x29\x11\x9d\xe3\xa9\x16\x31\xde\xde\x1d\x93\x3e\x0f\xa3\x26\x29\xaf\xe1\xb4\x2e\xb5\x91\xc2\x2f\x87\x33\x1e\x93\xcc\x08\x3c\x23\xf6\x4a\x6e\x5e\x58\x6f\xf3\x1c\xc0\x4e\x42\x3c\x56\xae\x3f\x6a\x73\x94\x6c\x48\xde\x4d\x85\xab\x00\x17\xba\x24\x45\x6d\x69\xb5\x9d\xca\x6d\x40\x3b\x64\xb0\x7c\x40\xd3\xb9\x0e\x12\x23\x21\x5e\x3f\x7e\x87\x6c\x67\x01\x11\x1e\x37\xe5\x17\x77\x08\x87\x31\x0c\xa8\x56\xf0\x09\xa0\xd6\x06\x54\x83\x5d\x94\xe6\x58\x7a\x43\x9d\xa5\xdb\x0a\x0c\x37\xd7\xc9\xd3\x7c\xa1\xd7\x03\xe1\xb3\x22\x76\x31\xad\xac\xaa\x79\x42\x1a\x1c\x43\x9d\x60\x34\x9a\xe5\x77\x41\xb7\xa8\xad\x09\xec\x29\x31\x23\x03\x0b\xf6\xba\xc0\x68\x9e\x53\x1c\xa7\xe7\x27\x18\x22\x3f\x9e\xa4\x3b\xec\xb0\xee\x9d\x9c\x1a\xb8\x45\xed\x1c\xae\x44\x3e\x3c\x5d\x4a\x9b\x1e\xde\x6d\xb3\x41\x7c\x3a\xce\x28\x11\x43\xf4\x2d\x85\xf5\x99\xb3\xb9\xd3\xd0\x5f\xa0\xed\x07\xc1\xec\x35\xff\xab\x03\x05\x16\x8b\x4e\x56\xe5\x8a\xfa\x06\x17\xf9\xa8\x6b\x1b\x5b\x20\x1d\xcc\xb0\x72\xb4\xce\xf0\xbb\x7b\x95\xc5\x2d\xae\xef\x9d\x9e\x74\x24\xa5\xc0\xf1\x48\xf9\xff\xe6\x0a\x5b\x23\xe0\xff\x82\xc7\x30\x99\x2a\xc9\xc1\x7f\x97\xf0\x65\xcf\x0a\xd5\x37\x7e\xac\xcb\x31\xd8\xbb\x92\x3b\xd2\x60\xea\x11\x9e\x6f\xa9\xbd\x69\x83\x48\x2d\x70\xd9\x21\x91\x02\x40\x2d\xc6\xa3\x49\x91\x93\xd0\xc1\xcd\x3e\xd2\xa6\x69\x21\xa9\x8d\xf6\x9b\x79\x14\x13\xf4\x97\x0b\xbc\xe0\x4f\x63\x9a\xf9\x09\xc6\x4f\x45\x60\xdb\x0a\xf6\x00\x3d\xc4\x62\x19\xe8\xad\x2b\x37\x2f\x8b\x5f\x81\xcf\xaa\x04\x1a\xb7\x1a\x34\x8c\x93\x1e\x8d\xfd\xbc\x40\x9c\x22\xd7\xee\x6e\x07\x62\x6e\x10\x4e\xc6\xcc\x7c\x6a\x41\x16\x17\x7f\x93\xaf\x16\xf1\x24\xf1\x96\xda\xb6\x19\xb6\xf6\x98\xc2\xd1\x91\x85\x8e\x96\x0c\x2e\x94\x7b\x51\xf3\xac\x48\x38\x75\x9c\x21\xfe\xf7\xeb\xae\x35\xda\x24\xf5\x5e\xbd\xa9\xb9\x87\x9a\xea\x17\xa6\xd8\xd9\x27\xde\x48\x7b\x17\x5f\xd7\xfa\xa2\x14\x38\xa2\x09\x23\xdd\xbb\xca\x72\xe6\x72\x69\x34\xbd\x6c\x21\xe8\x11\x80\x19\xf6\x5b\x38\x10\xa0\x7f\xa2\x7b\x1c\xba\x64\xd0\xf3\x9f\x0b\xfd\x49\xdc\xfa\xfd\xef\xe3\x79\xbd\xea\x82\xf3\x1a\x9c\x39\xf7\xe8\x1d\x29\x43\x37\xd1\x0f\x1e\x9d\x8b\x50\xeb\xa4\x58\xce\x7b\x75\x3d\x36\x96\x85\x38\x51\x3e\xdd\xb0\xe8\x45\x34\x41\x1c\x4a\xf3\xf0\x21\x46\x10\xee\x39\x01\xa0\xeb\xf3\x16\x17\x3c\xca\xf1\x5c\xd7\xee\x49\x6d\xbf\xc2\x46\x5e\xb8\x34\xdf\x62\x02\x9d\x62\x1f\xe9\x11\x82\x4d\x79\x87\xdf\x2d\x46\x34\x6b\x4d\xce\x1e\xce\x7d\x19\xd5\x51\x18\xc0\x37\xc9\x95\x51\x11\xd0\x7f\x1f\xc3\x62\xc7\x39\xf1\xea\x5b\x27\x5c\x71\xc0\xae\xbf\x59\x65\x5e\x2d\xef\x16\xe1\x23\xb3\xeb\x25\x26\xc3\xca\x5e\x83\xcb\x24\xd5\xb6\x8d\x7a\xc4\x0a\x67\x59\x33\x84\xc5\x63\xaf\xe0\xb5\x52\xad\xaf\x60\x80\x50\x35\xbe\x97\xb8\x06\x76\xad\xeb\x15\x76\x52\x08\x33"},
+{{0xb1,0xe4,0x7c,0xa3,0x1c,0x64,0xb6,0x8a,0xaf,0xaf,0xb4,0x43,0x51,0x2e,0x66,0x78,0x7c,0x65,0x92,0xf3,0x34,0xaa,0x78,0xfa,0x21,0x9a,0x3d,0x93,0xc3,0x3a,0x4a,0xb3,},{0x58,0x11,0x9b,0x38,0xe6,0xa1,0x48,0xa9,0x36,0xbc,0x5f,0x92,0xf4,0xf2,0x9b,0x98,0x2f,0xf2,0xcc,0xa6,0x4a,0x5a,0xff,0xa1,0x4c,0xa1,0xb6,0xa6,0x2f,0xe3,0x28,0xc4,},{0xdf,0xac,0x86,0xdf,0x58,0x6e,0xc3,0x4c,0x7c,0xfe,0xa5,0xd5,0xa6,0xcd,0x11,0x40,0xe5,0x0b,0x6b,0xf0,0x50,0xf8,0xe4,0x1a,0x19,0x0e,0xbf,0xd3,0xb1,0x43,0x2b,0x95,0xa5,0x7d,0x56,0x52,0xdb,0xae,0x8f,0x53,0xe0,0x37,0xae,0x32,0x6e,0x7f,0x18,0xcf,0xef,0x7c,0x77,0x9f,0x40,0x34,0x6f,0x7c,0x0d,0x86,0x44,0x61,0x05,0x93,0xf2,0x09,},"\x76\x7e\xc1\xb3\xda\xf2\x04\x38\x7f\x3f\xd3\xb2\x00\x10\x78\x1a\xfb\x1f\x38\xf6\x14\x47\x42\x13\x28\x7f\xff\x11\x30\x7f\x5f\xf5\xae\x7e\xc9\x45\xa2\xb9\xb4\x87\x00\x49\xd4\x53\x2f\x8f\x61\xc1\xa7\xb5\xf2\x11\xfc\xa2\xe6\x7c\x37\x4d\x96\x21\x9d\x8e\xa9\xde\x73\xf0\xe3\x87\x04\xfc\x94\xc0\xe9\xe7\x2f\x2e\x15\xda\xba\x3f\x88\xf7\x49\xb1\xed\x70\x26\x60\xdb\x1a\x35\x2a\x26\x67\xd4\xdf\xd4\xe0\x0a\x18\xef\xa4\xc6\x60\x9e\xe9\xc9\xa8\x8a\xda\xcb\xbb\x98\x5d\x3d\xe8\xdd\xd1\x7d\x4e\x4e\xb7\xcf\x74\xa1\xda\x91\xed\xb3\x90\x85\x2e\xa4\xcb\x9a\x42\x4f\x7f\xa2\x22\x9e\x08\x30\x33\xa3\x40\x59\x11\x7e\x5e\xfa\x7b\x66\x13\xd7\x5e\x58\xb7\x02\xc6\xce\xe5\xd0\x04\xe8\x59\x9b\x97\x50\x3a\x5f\x10\xc4\xc4\xe5\xb9\x57\x73\x71\xd3\xd0\x5b\x2d\xfb\xf7\xcb\xef\xe6\xd0\x92\xd6\x5c\xbd\x40\x51\x38\xd9\xb0\x4c\x51\x86\x23\x59\x83\xfa\xb6\xd4\xce\x85\xb6\x36\x27\x62\x06\xd7\x4a\x2e\xe7\xdb\x61\x64\xda\xc4\x7c\xce\x78\xf5\x0d\xb9\x9a\xf6\xac\x6e\x70\x64\xc1\x3a\xab\x79\x3b\xe8\x7e\x66\x28\x9c\x94\xa0\x9f\xb0\xa3\x1d\x97\x97\x1e\xdd\x74\xea\x9c\x0c\xe8\x74\xd2\xb7\xd6\xc4\xab\xae\xff\x07\xf8\x70\x22\x51\x51\x94\x6a\x5c\x47\x6f\x6b\x97\x89\x96\xb8\x7d\x8c\x98\x46\x06\xc7\x91\x28\x7d\xa6\xba\xd0\xaa\x44\xb0\x13\x0b\xe8\x86\x71\xa5\x56\xe2\xde\x35\xc4\xcb\x03\x8e\xe7\x81\x27\x35\x30\xac\xe0\xa1\x04\xc2\x78\x09\xae\xe0\x33\xc8\xbf\x90\x29\xd9\x0f\xe7\xba\x06\xaa\xa9\x4e\x16\xa5\x2c\x64\x3d\xfd\x92\xa7\x62\x4f\xbb\xee\x77\xa7\x15\x8b\x2c\xc1\x51\xbd\x3f\x61\xa1\xa7\x6f\x32\xb2\x84\x89\x30\x7a\xcf\x0d\xd8\xc2\x6c\xc4\xad\xbb\xb8\xde\x43\x0d\xb4\xe4\xf5\x83\x08\xb6\xab\x90\x45\x61\x11\xde\xac\x29\x78\x17\x2f\xe1\xfc\x0c\xe4\x98\x08\x8a\xdd\x4c\x31\xc2\x1f\x24\x27\x90\x25\xfe\xb4\x8c\xbb\x7a\x92\x0c\xff\x2d\x28\x71\x05\x87\xaf\x52\xc8\x44\xdb\x8a\x7a\xeb\x7d\xf1\x0d\x43\x41\x1a\x3c\x8e\xee\xbb\x40\x6d\x6e\xfc\xb1\x92\x48\x88\x7d\x45\x0b\x57\x3d\x90\x30\x5e\x1f\x23\x75\x3e\x89\x05\x11\xdc\xc7\x7c\x74\x0e\x31\x6a\xd7\xf5\x2d\x49\x02\x07\x3d\xb3\x99\x8e\x4e\x4a\xcc\x4e\x01\x88\x5b\xd1\x18\x8e\xcd\x61\x65\xae\xde\xd1\xe7\x78\x70\x2b\x6a\x6a\x79\xa9\x49\x99\x10\x2d\xf7\x20\x18\xf7\x92\xf8\xf1\x62\x00\x7e\x81\x2a\xef\x8f\x95\x6e\x12\x32\x82\xbb\xdb\xd0\xc3\x56\x12\xc2\xd3\x47\x3f\x94\x4c\x6d\x76\xbe\x9e\x86\xff\xfa\x46\xcc\xb1\xae\x13\x50\x5a\x4a\x81\xf3\x1b\x84\x26\xb8\xb6\x0d\xe8\xe8\xa7\xc1\x6d\x1e\x16\x65\xb2\x71\x43\x46\x65\xc4\x42\xa9\xc6\xa9\x77\xce\x98\x6f\x69\x93\xb7\x43\x9a\xf0\x3b\x40\x2e\xea\xff\xf1\x45\x6d\x15\x15\x26\xd9\xc5\x8f\x51\x5f\xd2\x48\x5e\x0c\xbb\x32\x4a\x50\x3a\x8d\x49\x13\x44\xcd\xb2\xaf\xf4\xc4\x1a\xa8\xe2\xed\x66\xe5\x80\x83\xbf\x0d\x2f\xbf\x48\x77\xc8\x5a\x4b\xcd\x6b\x9c\xbb\x82\x12\x42\xc9\x41\x47\xe5\xfd\x8b\x7d\xd7\x92\xad\x0a\x28\xd4\x9d\x41\x10\x0b\x43\x1b\xb4\xd8\xc7\x83\x3d\x85\x05\xdd\x9e\x26\x49\xf9\xca\x70\x51\xbe\x68\x71\x2e\xf3\x63\x71\x02\x03\x6b\x00\x26\x49\x47\x3c\xe2\x59\x67\x7d\x82\xc6\x06\x28\x95\xe1\x61\x92\x8b\x75\x2f\x13\xc9\x1a\x45\x95\x5e\x80\xf0\x07\xde\x69\x0e\xdf\x8a\x0e\x5e\xee\x44\x22\xe1\x62\xb9\xd2\xb4\xa9\x21\xd3\xa6\x48\x45\x79\x3a\xa2\x22\x9e\x9c\x23\x9e\x57\xa6\xb1\xa9\x0a\x52\x54\xc3\x51\x2f\x99\x34\x53\x15\xac\x7d\x34\x57\xf9\x15\x42\x96\xc6\x68\x22\xab\xe1\x84\xd6\x4e\x57\x2b\x9c\x38\x49\x29\x58\xe2\x1b\x02\x92\x67\x54\x10\xe7\x34\x8b\x2b\x71\x8a\x0b\x75\x92\xca\xee\x94\x58\x1a\x94\x8d\x2f\x41\xfa\x03\xc6\x1e"},
+{{0xfb,0xd5,0x5f,0xa7,0x43,0xc3,0xa5,0x91,0x0b,0x38,0x57,0xdd,0x0b,0x6a,0xa5,0x84,0xf3,0xb2,0x38,0xde,0x05,0x6b,0x76,0xab,0x76,0x17,0xae,0xb5,0x26,0x38,0xfe,0xf6,},{0xa7,0xa1,0x63,0xc4,0x18,0x3b,0xd8,0x4b,0x75,0x6d,0xf3,0xc8,0xaf,0xdf,0xb9,0xcd,0x5b,0x24,0x23,0x52,0xd9,0x49,0x9e,0xbd,0xab,0x90,0x78,0x5c,0x3b,0xd6,0xdb,0x2d,},{0xef,0xfb,0x29,0xda,0x69,0x85,0x97,0x1c,0x20,0x2e,0x24,0x50,0x30,0x1d,0x49,0x71,0x1b,0xed,0x25,0xfa,0xd8,0x5f,0x61,0x99,0xd1,0xeb,0x1e,0x71,0x91,0x4d,0x96,0x4c,0xbe,0x18,0xe3,0x4c,0xc3,0xe3,0x28,0x72,0xcd,0xec,0x02,0x6b,0xd1,0x19,0xa4,0x1c,0x1c,0x07,0xca,0x41,0xe8,0x2a,0xcb,0xa6,0x2f,0xb0,0xa7,0xc8,0x2a,0xed,0x80,0x0c,},"\xbf\x52\x52\xb2\xae\xca\x11\x63\x77\x1f\x76\x62\x78\x76\x80\x66\xf2\x19\x71\x35\x7e\xa7\x99\x61\x58\xa8\xd6\xe9\x08\xdd\x59\xb5\x99\x71\x34\x9f\xa1\x78\x82\xcb\x92\x24\xb9\x72\xd0\xff\xab\xe8\x55\x10\xdc\xf2\x5a\x9f\x9f\x9b\xde\xfa\xd2\xf4\xca\xdf\xbb\xda\xcc\x1f\xca\x9d\x94\x8c\xb5\x41\x2f\x47\x4c\xad\x23\xb5\xb9\x19\x9b\xf3\xc7\x37\x06\x41\x33\x9b\x75\x0e\x1f\x78\xc2\xad\xb4\x60\xaa\x5b\x21\xb1\xfa\x8f\x97\x71\x4a\xbb\x4e\xd5\xe9\xcb\x51\xd6\xde\x55\x81\x66\x18\xab\xd3\xfd\x2b\x28\x6b\xc1\x1c\x67\xba\x01\x12\x93\x73\xd4\x35\xb3\xe7\xe3\x91\xba\x37\x26\x14\xda\x83\x22\x87\x5e\x46\xa6\x75\xb6\x45\x15\x60\x24\xca\xd2\xdd\x13\xf9\xa0\x81\x61\x6b\xf1\x31\xa2\x43\x58\x89\x4e\x0e\xfa\x1d\x56\x64\x8f\xfb\x42\xef\xb5\x40\x31\xda\x7f\x37\xd1\x97\x61\x51\x55\xae\xdb\x69\xc4\xe7\x09\xc8\xbb\xbe\x7f\xbf\xcb\x59\x83\x47\xac\x5d\x0c\x63\x84\x07\x84\x7b\x28\x1c\xf1\x16\x43\x30\x97\xf5\x66\x21\x58\x71\x9f\xcd\xd3\x7b\xeb\x48\x92\x68\xce\x71\xde\x7d\x70\xed\x92\x5f\x74\x3f\xc6\x3a\x71\x5f\x7e\xee\x75\x49\xfd\xb9\x09\xcc\x45\x4c\x98\x8b\x30\xae\x4d\x77\xd6\x2f\x65\xa0\x7e\x2c\x8f\x93\x62\x38\x5d\x02\x8a\x60\x31\x08\xc9\x45\x87\x2f\x5e\x1a\x97\x41\x98\x78\xed\x49\x54\x2e\x28\x8e\xf0\x7b\x5c\x90\xf5\xc4\x15\x9e\x16\x23\x03\xd0\x80\xf6\xac\x2b\x05\x8d\xdc\xac\x60\x74\x6f\x9e\x1c\x9e\xc1\xdf\x8e\xda\x42\xd6\x27\x38\x58\x6d\x3f\xdd\x65\xdf\x55\xf4\x37\x4f\x32\x94\xe0\x86\x8d\x41\xef\x0b\xb1\xfd\x55\xe0\xcb\xf1\x95\xbb\xfc\xfc\xde\x5b\xdb\x41\xfa\xd9\xa0\x47\x7e\x4c\x90\xca\x27\xfa\x8c\xf5\x03\x36\x2a\x33\xfd\xec\xa5\xa4\xf0\xff\xea\x26\xe8\xd7\xe1\x34\xfa\xd3\xb1\xec\x3d\x05\x60\x55\xbb\xa5\xe6\x5d\x81\x15\x3e\xe8\x31\x87\x3b\x93\x8d\xf7\xd2\xc8\x3c\x2a\x52\xb3\xc2\x21\x82\x7f\x96\x1b\xd0\x08\x36\x22\x32\xd8\x82\xa0\x41\x2a\x04\x7a\xfd\xfb\x85\x97\xc8\x65\xa2\xaa\x2c\x2c\xf5\x18\x99\x34\xa8\x3e\xe6\xb7\x52\xa6\x26\x94\x1e\xdc\xe0\xc2\x0b\x6f\x7a\x69\xf1\xcf\x12\xf9\xa3\x31\xcd\xfa\x9e\xda\x24\xc8\xde\xfa\x76\x9c\xcc\xe2\xef\x74\x6c\x30\x7d\x8b\xb0\x48\x91\xfc\xef\xd4\x9a\xf3\xe6\xf9\x69\x91\xa7\xa2\x0f\x27\xb6\xc0\xaf\x12\x18\xbe\x31\x79\x1d\x1d\x02\x93\xe0\x81\xb9\x0a\xf3\xb9\x2e\xcb\x17\x5e\xc8\xc7\x89\xf7\xa8\x64\x2e\x04\x1e\xc3\xa6\x1a\xae\xfe\xf6\x2a\x80\x7d\x1a\x50\x54\xad\xf8\x32\x3b\xed\x94\x22\x41\x62\x37\x32\xa2\x05\x1d\xc0\x1f\x9a\x20\xa2\x9a\xa4\x8b\x3f\xdf\x26\x5d\x0b\xa6\xc1\x38\xfb\x57\x93\xe2\x87\x50\x02\xe7\xde\x3f\x5c\x3f\xf7\xe8\x3a\xd2\x7d\x11\x1c\x84\x8b\x7e\x6e\x2e\x5a\xd5\xf2\x8e\xb7\xc3\x63\xf9\x5f\x96\x0c\xbc\x42\x13\x36\xce\x98\x5f\x94\x6b\x05\x15\xb1\xbd\xd3\xa8\x32\xc3\xfe\x90\x3f\x7b\x44\xe2\x0c\x92\xea\x80\x82\x6f\xbf\x97\xe2\xa4\xfc\xaf\x2d\xb1\xa0\x86\x98\xdd\x62\xed\xd0\xa8\x45\x89\xd7\x46\x2c\x44\x7b\x4a\x89\x6f\xe0\x08\x60\x04\x24\x96\xbd\x51\xb1\x92\x5c\xb7\x9c\xc3\xb8\x29\x01\x6a\x4c\x7e\x62\x79\x0f\x80\x58\xc5\x46\xf2\x14\x5a\xaa\xef\x4d\x4b\x1e\x27\x3f\xf6\x13\x00\xf8\x00\x8e\x94\x6b\x62\x2f\x60\xe5\x05\xf5\xf6\x29\x0d\x51\xeb\x99\x7d\x20\xfc\x3f\xbb\x3e\x99\xed\xd6\x8f\xf5\xcc\xe9\xe8\xc2\x83\x88\x1c\x36\x4f\xf2\x15\xcb\x50\x04\x5e\x60\xf4\xa7\xee\x45\xb6\xc9\xd8\x64\x47\xf3\x81\x41\xd3\x42\xdb\xc5\x30\x8f\x8c\x66\xef\xc4\x7f\x7c\x45\xf6\xd2\x5e\x65\x64\x30\x9a\x86\x2d\xb9\x0f\x4d\xf3\x31\x78\x7e\xcd\xd8\x9d\x3a\xaa\x46\x05\x3e\x29\xf1\x02\x62\x4d\xdf\xe8\x0e\x8a\x3f\x99\x28\x7c\xec\x19\xfa\x83\xe4\x4d\x55\x7c\x04\x41"},
+{{0x5d,0x66,0xce,0xb7,0xc6,0xe5,0x8c,0xac,0x91,0xe2,0x88,0x27,0x91,0x70,0xe8,0x18,0xe7,0x87,0x18,0x0c,0x6b,0x42,0xdf,0xa1,0x68,0x78,0x7d,0xd0,0x7f,0x80,0x9f,0xa4,},{0xef,0xc9,0xb3,0x5d,0xb8,0x1f,0x34,0x61,0x98,0xa7,0xac,0xc6,0x9f,0x65,0xfd,0xfb,0xf4,0xc2,0x2e,0x68,0xdd,0x76,0x12,0xe3,0xb8,0xec,0x68,0xd3,0x78,0x55,0x3b,0x8d,},{0x6e,0xf2,0x64,0xab,0xf8,0xb0,0xe5,0xc2,0xd7,0x93,0xb2,0xc7,0x52,0x79,0x61,0x4a,0x39,0xc7,0x75,0xeb,0x2b,0xcc,0x08,0x91,0x06,0x7a,0xbc,0x61,0xf6,0xd6,0x44,0xa6,0x9f,0xf8,0xf8,0x14,0xa3,0x05,0x22,0xcc,0xa9,0x05,0x36,0xf0,0x12,0xc6,0x28,0x3a,0x76,0xc3,0x2b,0x89,0xee,0xe1,0xbd,0x9a,0x43,0x36,0xf4,0xfd,0xda,0xc8,0xdc,0x0b,},"\x94\xd7\x2f\x6d\xec\x4f\x7c\x92\x06\xb4\x15\x10\xce\x71\xa0\x29\x55\x60\x4f\x3c\x5d\xe8\xe4\x47\xd5\x87\x18\x65\xa7\x58\x98\xa4\xd2\x07\xa2\x6c\xf3\x3d\x10\xca\xf0\x5a\x0b\x6e\xd0\xd3\x89\xfe\xe9\xed\x49\x27\x50\x98\xa8\x8e\x1c\x0d\x83\x04\xe8\x1b\x40\x74\x21\x4c\x7a\x5c\xe1\x57\xeb\x26\x17\xef\x04\xe1\x32\x4b\xa9\x42\x12\x9f\xaf\x32\xc3\x1c\xb4\xaa\xe4\xa5\x91\x6c\x75\x08\x08\x72\x68\x56\xf7\x18\x0e\x57\x97\xed\xe4\x43\x62\xd7\x47\xd7\x0c\xec\x15\x9d\x3b\x6a\xce\xc6\x3a\x51\x4c\x7e\xf3\x1b\x2e\xcd\x16\xdb\x7f\xe6\x8e\xa9\xc5\xea\xd9\xd8\x70\x92\x18\x00\x34\x8f\x69\x54\x12\xf3\x09\x3e\x61\x98\x5a\x31\xea\xdb\x79\xb5\x9d\x91\xdd\x9a\x37\xf8\xd4\xef\x7a\x5d\xdf\x22\x3d\x4b\x24\x77\x4c\x2e\x44\xe3\xf2\x71\xff\xb8\x50\x0d\x59\x53\x81\xb3\xdf\x2e\x8e\x6b\x79\xee\x65\x53\x5a\x51\x9a\x43\xea\xa5\xe5\x2b\x25\x6c\x26\x43\x30\x5e\x31\x70\xcb\xe5\x76\x06\xa0\x54\x5f\x85\x86\x56\x5c\xfb\x75\xbf\x5e\x95\x64\xc6\x2a\xf0\x5f\x15\xee\x6e\x62\xaf\xee\xf8\xc2\xc7\xa9\xda\xe2\x35\xc9\xed\xd1\xd7\xc2\x5c\xf4\x9a\xdc\x03\x3e\xe7\xb5\x83\xf5\x18\xbc\x16\x8e\xa4\x88\x36\xb5\x0f\xfe\xdd\x20\x32\xb3\xf6\x30\xcc\x56\xda\xad\xd5\x13\xeb\xda\x86\x48\x23\x61\x0f\xc6\x7a\x72\xb9\xa7\xd8\x11\x71\x05\xc1\xc7\x1d\x85\xa9\x6b\x1d\x27\xa4\x41\xfa\x1e\x7c\x6c\xf8\x02\x33\xa4\x9f\xe0\xe7\x6a\x40\x27\x8d\x06\xe3\x43\x47\xd8\x7b\xe7\x7b\x98\xde\xd5\xe2\xa3\xea\x1a\xfb\x13\xbe\xe1\xe6\xcd\x6c\xa6\x3b\xe5\x4f\xcf\x88\xa2\x0c\xcb\x7a\x9f\xc3\x24\xbf\x61\x43\x20\x1b\x44\x48\x3b\xcc\x96\x40\x33\xda\xb7\x1c\xf8\xf2\xa5\x91\xfc\x05\x0d\x57\x24\xe9\x5a\xa5\x0d\x32\x89\x6e\xec\x0f\x3b\x34\x31\x1d\x2a\x99\x34\xe9\xf8\x52\x97\x7e\x25\x3f\x15\x30\x4c\xae\x24\x16\xc2\xc4\xfc\xd8\xf1\xfe\xcc\x3f\x1f\x64\xbb\x79\x75\x99\x29\xab\xb0\xe8\xe8\xf5\xf7\x29\x3d\x69\x1a\xf2\x2a\xbd\x3b\x2a\x67\x70\xb0\xcf\x14\x46\x08\xf2\xd6\x2c\xc7\xe5\x2b\xfe\x33\x3b\x2e\xd2\xde\x39\xb9\x9a\xfd\x37\xe3\xac\xf0\x7e\xda\x37\xdd\xf0\xdf\x02\x9b\xff\x2e\xc2\x25\x44\xb6\x0b\xd7\xdb\x23\x8d\xf1\x97\x5f\xfa\x00\x75\xa8\x2a\xbd\x8d\x6b\x05\xb2\x67\x18\x0b\x87\x0e\x21\xab\xf3\x69\x81\xae\x77\x68\xde\x53\x99\x3b\x30\x4f\x1c\x54\x53\x87\x2f\xdf\xa8\xed\xad\x45\xf8\x00\x1a\xa0\xe7\x34\x2b\x3b\x58\xec\x0f\x38\x9d\xcb\xc2\x71\xfb\x0f\x90\x00\x62\x87\x57\xab\xba\x58\xc0\x57\xe1\xa0\x89\x9f\x6f\xaf\x15\xf3\x74\x0f\x31\x43\xf5\xc0\xb7\xa9\x15\x96\x80\xde\x8c\x55\x72\x66\x44\x1b\x3b\x01\xca\xac\x12\xec\x27\x8f\x5a\x10\x25\xdf\x53\xed\xb6\x13\x4c\x96\x66\x3a\x96\x66\xae\x3b\xaa\x90\xfc\x83\x51\x11\xef\x05\x1b\xd9\x12\xf6\x79\x67\x44\x91\x13\xb6\xa8\x5f\x71\xdf\x8c\x60\x37\x72\x4e\xb8\xfc\x7d\x83\x19\xbc\x03\x85\xbe\x9b\x0e\x99\xe9\x5f\x9a\xed\xca\xe8\xd4\x5a\x51\x44\x76\xf0\x5b\xcd\x72\x35\xc0\x13\xeb\xc3\xae\xa9\x12\x3c\x67\xaa\x6f\x3b\x79\xc8\x5e\xa5\xdb\x15\x9e\xef\xad\xfb\x75\xa5\x0a\xc6\xb9\x5b\x49\x6b\x55\x72\x58\x1a\x76\x11\x2f\xf6\xdb\x26\x3f\xc1\x4c\x58\x18\xaa\xd5\xbc\xa3\xb2\xcb\x3a\xc8\x11\x6d\x42\x94\x82\x78\x1e\x06\xf6\x1e\x75\x63\xe6\x50\x5e\x51\xc8\xff\x99\x8b\xf8\x4a\xed\xb5\x20\x2e\x2f\x9f\xf4\xc2\x68\x98\x20\x29\x6c\xc6\x96\x03\x09\x1b\x8b\x81\x8f\xbe\xb2\xaf\x5f\x4c\x57\x06\x0d\x98\xc1\xa9\x04\x84\x3a\x70\xbf\x97\x5b\x3c\x3c\xa6\x03\x1a\x4c\xad\x5b\x4b\xbf\xba\x7e\x9b\x47\x49\x1a\xb7\x40\xd9\xeb\xe4\x1d\x76\x88\x10\xcb\x8c\xc5\x1a\x93\x7f\x7e\x3b\x22\xe3\xcf\x07\xce\xae\x0c\xe2\x08\x31\x49\x5a\xfc\xdd\x8c\x1a\x98"},
+{{0x62,0xed,0x86,0x82,0xbd,0x3a,0xb3,0x96,0x6e,0xba,0x3b,0xff,0xb7,0x75,0xa3,0x18,0xa0,0x3d,0x99,0x93,0x19,0x79,0xe9,0x9f,0xeb,0x2d,0xdb,0xd6,0x94,0x55,0xa0,0xef,},{0xd3,0x2a,0xda,0x17,0x8b,0x3e,0xc7,0x70,0x0c,0x47,0xdd,0x6d,0x36,0x53,0x22,0x03,0x3f,0xe4,0x31,0xc3,0x02,0xb4,0x6f,0x8d,0x58,0x79,0x8e,0xd8,0x33,0x71,0x56,0x6b,},{0x3d,0xa8,0xd1,0x4d,0xc4,0xe7,0x1f,0xe6,0xc3,0x2e,0xde,0x46,0x37,0x88,0xe4,0x1b,0x82,0x6b,0x4e,0x21,0x60,0xba,0x10,0xc9,0x5f,0x1c,0x8a,0x27,0x49,0xaa,0xd8,0xf1,0x2e,0x98,0xae,0x24,0x68,0x30,0x3b,0xaf,0x69,0x08,0xbd,0xb3,0x5e,0xf3,0x8a,0x5e,0xcd,0x77,0x74,0x1e,0x72,0xee,0x3a,0x42,0x7f,0xd9,0x04,0xda,0xe6,0x6f,0xcf,0x03,},"\x9e\xb1\x3b\xc7\xfa\xcf\x51\xa1\x80\x54\x1e\xc1\xdc\x5f\x5a\xcb\x14\x8c\x8d\x5e\xad\xcd\x2c\x4e\xf0\x68\xbc\xdd\x11\xb3\x49\x25\xea\xbf\xaf\xab\xfe\x82\xa2\x84\xbc\xba\xee\x13\x81\x15\x2a\xf8\xe5\xe0\x9f\x03\x7c\xf1\xbb\x64\x84\xac\x18\xe3\x73\x59\xbf\xaa\x4c\x87\xaa\x07\xd3\xd1\x4e\xd0\x89\xb0\x53\x91\x0d\x1f\xa4\x73\xf7\xbc\xe1\x43\xe2\xa5\x9c\x4d\xaf\x99\xb6\xc6\xe4\xe9\x29\x1d\x97\xc8\x64\x71\x2a\xf3\xea\xba\x53\xce\x25\x17\xa4\xf7\x5c\xd7\xec\xf2\x78\xf3\x4e\x22\xb7\xdf\xfd\x08\x8f\xa5\xec\xad\xc0\xdd\x22\x13\x5e\x42\xa5\x36\xc6\x84\xf2\x19\x5d\x31\x5f\x69\x24\x57\x1e\x46\x3f\x5c\xfc\x11\xb9\xf9\xd0\x5a\x7e\xa1\x1b\x98\xa1\x69\xa1\xe3\x93\x60\x97\x3c\x50\xad\x45\xc7\x49\x1b\x57\x13\x8e\xc0\x50\xf4\x3c\xbd\x5d\x17\xeb\x3f\xe0\x01\x3e\x3d\x28\xd5\x26\x05\x4e\x07\x63\x31\x52\x24\x6f\x16\x55\x4f\x30\x54\x74\x9e\xea\x68\x7b\x9c\x37\x1b\x40\x9c\xd3\xec\xef\xb1\x11\xa1\xd6\x00\x40\x73\x44\xe6\xd6\xec\x38\xc6\x0f\x6e\x54\x5a\x92\x38\x2e\x46\xc4\xd1\x13\x12\x5d\xbe\x5b\x98\x26\xe1\x27\xf1\x01\x81\xa3\x5a\xcf\xff\x28\xab\x37\x64\xca\x7f\x23\x8f\xf4\x79\xfd\xbc\x45\xb7\xa2\xad\x0f\xf5\x38\xc8\xac\xd0\x01\x8d\x44\x70\xfe\xbc\xc6\xa3\x07\x65\x1c\xb5\x83\x2f\x32\x6b\x19\x24\x1b\xe9\x86\x7e\x4e\xca\x6a\xe3\x6f\x0e\x2d\x83\xfd\x77\xb9\x72\x02\xb3\x64\x71\x6e\x36\xd1\x89\x5a\x36\x85\x3e\x7e\x76\xe8\x8f\x62\xdb\xbf\x77\x26\xc2\x18\x05\x69\xc6\x66\x73\x83\x7a\xd7\x2f\xf9\x36\xcf\x0e\x2f\xdb\x9e\xc6\xaf\xcc\x79\xf8\x82\x9e\x15\x7f\x95\x22\x88\xf4\xe0\x0d\x04\x10\xa7\x22\x53\xbf\x60\x5e\xdd\xce\xb0\x14\x40\xde\xe5\xdd\x32\xb5\xa8\x03\x43\x9f\x03\x8c\x06\xaf\x1c\x90\xb2\x7b\x5f\xe9\x84\x3c\x27\xae\x76\x60\x9c\xbf\x83\x28\x35\xc0\xe3\xc4\xbb\x59\x97\x6c\xce\xde\x44\x87\x86\xd9\x1e\x43\x8e\x07\x75\xc0\x6a\x92\xd0\xf0\xb8\xdc\x0e\xf6\x82\x60\xf7\xdd\x9e\x68\x71\xc4\xd0\xc0\xc0\x94\x63\x85\x26\x15\x21\x85\x16\xf4\xa6\xde\xbf\xdb\x46\x27\x3b\x28\x33\x82\xcd\x9c\xa7\x44\xab\xf9\xfd\x43\x91\x94\xb8\xcf\x1b\xdb\xb3\x17\x5c\xa9\xc5\x7a\x1c\x37\x3c\x41\xfc\xe9\x2b\xd5\xfc\x01\x2b\x19\xa0\x69\x8a\xef\x37\xba\xf8\x06\xae\x09\xad\xd8\xcb\x97\x2a\x9e\xf9\xa7\xa5\xa9\xb1\xfd\x9a\x41\xd8\x54\xc3\x0c\xca\x13\x96\x14\x0e\x20\xc2\xb9\x86\x54\xfe\x6e\x51\x1b\x62\x6a\x43\x91\x5b\x22\xfb\x2d\xad\x74\x7b\xa7\xfe\x74\x60\xd8\xce\xbb\x20\x06\xfe\xa1\x9b\x32\x84\xb0\x9c\x06\xa6\xf5\x2f\x17\x9a\x32\xbe\xb5\x63\x57\xb9\x29\xa6\x59\xf0\xfe\x6a\x26\xb6\x97\x03\x3d\xef\x58\xba\x60\x3f\x43\x0f\x74\xaa\x35\x07\x09\x81\xdb\x74\xcc\xf1\x91\x90\xa1\xfb\x05\x14\x4e\xc0\xa0\x9a\x51\xe5\x47\x65\x06\x97\x30\xb0\x9a\x7a\x23\x31\xff\xb3\xde\x2a\x7e\x02\xc5\xe1\x84\xda\x40\x13\xdf\xe9\x37\xc3\x71\x11\x75\x24\xf7\xb2\x10\xba\x60\xe2\x69\x2d\xcd\xce\xf3\x6a\xb2\x27\xb4\xc4\xf0\x2a\x9f\x48\x89\x72\xb8\x47\xf0\xd6\xb5\x9d\x02\xee\x54\xfe\xde\x88\x21\xdb\x6c\xf7\x31\xcc\x8a\xc8\x95\x35\x0a\xc5\xcd\x4d\x6b\xaa\x3a\xd0\x36\xf0\x6f\x20\xd1\x0a\x14\x0c\x4a\xd3\xd1\x0c\xa9\x85\x53\x2e\x31\x60\x46\x27\x73\x38\x5a\x2e\xb5\xe4\x64\xd5\x28\xe1\xe5\x9c\x29\xf6\x6b\x3d\xe5\x9e\x9e\xa2\x8a\xf3\xf9\x7b\xfc\x55\x89\x03\x57\x52\xa5\xa5\x52\x3d\xec\xd2\xdf\xf0\x1f\xc0\x0f\xf3\x1b\x30\x15\x2f\xf5\xda\xfa\x33\x1c\x6a\xb1\x58\x73\xaf\x41\xaa\x96\x0a\xac\xe7\xd2\xcb\x4f\x95\xc2\x3d\xf4\x4b\x9e\x6c\x6e\x2f\x86\x78\x8a\x87\x2f\xd3\xa5\xcb\xe4\xac\xc9\x58\x10\xda\xa0\x9d\xcc\x1d\xf9\x33\x46\x5e\xf0\x40\xc5\x3d\x9d\x95\x9f\x9d\xad"},
+{{0x4e,0x57,0xf0,0x31,0x1f,0xff,0x0e,0x5d,0x53,0x88,0x49,0xb1,0x21,0x6f,0x69,0x5b,0x1a,0x52,0x77,0x94,0x17,0x08,0x20,0x4d,0xb2,0xf0,0xc1,0x5b,0x3c,0x73,0xc8,0x2a,},{0xe3,0x37,0x1f,0xe2,0x36,0xad,0x2f,0x6f,0x42,0xf9,0xe1,0xfa,0x4e,0x1e,0xda,0x2c,0x3e,0x29,0xc3,0x6c,0x8a,0xd2,0x21,0x8a,0x3c,0x03,0x79,0x82,0xf0,0xb5,0x79,0xec,},{0x4f,0xdc,0x7b,0x6e,0x28,0x27,0xf6,0x4b,0xa3,0xc0,0x33,0xc7,0xfb,0x6d,0x1b,0x35,0xdd,0x68,0x0f,0x53,0x29,0x99,0xa0,0xd7,0x7a,0xeb,0x27,0x6c,0x31,0xbd,0x9e,0x39,0xc6,0x70,0x97,0x8b,0xe4,0x72,0x43,0xc1,0x13,0x22,0x3a,0x57,0xaa,0x10,0x23,0x31,0x50,0x67,0x8b,0x40,0xdb,0x78,0x59,0x1c,0x04,0xd0,0x8d,0xf5,0x7a,0x70,0xa2,0x09,},"\x05\x2a\x1f\x41\xeb\xfd\x4b\xf6\x5e\xfb\x0e\xc8\xe7\x4d\xd7\xb3\x06\x5e\x9c\x48\x2c\x49\xb9\x92\x62\xe6\xdf\xa8\x40\x7d\x9e\x31\xed\x34\xd2\x29\xba\x41\xfc\x49\xa9\x4a\x13\x09\xf9\x90\xa9\x9c\xb9\x90\x2f\xb8\x4f\x4e\xde\x91\xbb\x64\x71\x45\x64\xa9\x13\xd5\x74\xd4\xa3\xc2\x86\xf0\xa1\x92\xa7\x8c\xe2\xd5\x5a\xae\x5c\x9f\xb0\x57\xff\x36\x12\x00\x18\xb2\xa8\xb5\x4d\x98\x08\x55\x37\xea\x64\xae\xa9\x99\xd5\x32\x1c\x78\x80\xb3\x6a\xb4\x30\x18\xea\x2c\x92\xa5\xe6\x83\x50\xd3\xde\x85\x26\xe2\xc8\xbc\x91\x41\xf4\x34\x9a\x18\xa3\x4f\x21\xde\x0a\xbb\xf2\x93\x09\x87\x56\x7f\x0a\xaf\x8e\xb1\x91\x45\x58\x0d\x71\x30\x6c\xe8\xa6\x9e\x79\xf8\xee\xa2\x6c\xfa\x0b\x8b\xeb\x49\xcc\x5a\xa2\xbc\x77\xb7\x97\xd4\xf8\xd5\x03\x26\xff\xb9\x37\x39\x9e\x94\xfd\xec\x85\xe1\x92\xf1\x27\x2a\x80\xe9\xa0\xeb\xba\xf5\xd0\x1f\x1b\x97\x06\x08\x02\xbd\x4a\xf3\x4c\x0f\x7d\x7e\x98\x54\x3f\x9d\x66\xd6\x0e\x0e\x6b\xc0\xbf\x9c\x99\x0b\xe3\x1e\xea\x19\x78\xff\xd1\x67\x33\xa8\xab\xe4\x95\x58\xb3\xad\xd0\xdc\xe6\xde\xfd\x64\xdc\x04\x3f\x15\x19\xb1\xe9\xbe\x66\xe0\x6e\x41\xec\xab\x16\x8c\x83\x39\xa8\x5e\x0b\x91\x38\x18\x64\x4e\xa7\xc5\x33\x44\x68\xfd\x71\x96\xa0\x1e\x1d\x4c\xe8\xdd\x1e\x7e\xe3\x13\xdd\x53\x50\xb8\xdc\xe4\xf5\xd7\xa6\xac\x09\x85\x7c\x4d\x3d\x0f\x10\xa3\xd9\x06\x26\x09\x75\x45\x92\xad\x10\x77\xb2\xe2\x09\x6f\xc9\xe5\xb1\x97\x8c\x98\xb5\x66\x0d\xdf\x51\xb4\x6e\xde\x9f\x9d\xcd\x41\xb2\xef\x44\xe7\x9f\x6d\xaf\xf7\xd3\x62\x68\x70\xe2\x24\x3c\xaf\xb2\xf4\x36\x79\x39\x10\x9e\xd9\xc0\x14\x84\xb7\x9e\xaa\x30\xa1\x89\x1e\xa1\x8f\x98\x4e\x16\x1d\xcd\xd1\xbd\xa3\x71\x34\xbf\x67\x35\xd2\xb2\x14\x9b\x48\x98\xda\xcb\xfd\xa6\x1e\x60\x02\xd7\x2a\x6f\xc5\xd2\x1f\x10\x98\x21\x32\x31\x13\x2d\x56\xdf\x68\xd6\xa9\xbf\xdf\x4e\xdd\xc0\x52\x4d\xb8\xfd\x8f\x24\x88\x52\x04\x9a\x68\x25\xa5\xed\xd2\x36\x0c\x00\x9a\xf2\x4f\x0a\x94\xc5\x07\x9d\xdf\x6f\xe7\x96\x94\x5f\xf9\x84\xaa\xc3\x64\x11\xce\x80\xd9\x87\xc6\xed\x67\xb6\xb0\xdd\xb6\xd4\x17\xf6\xe8\x09\x99\x1e\x72\x9d\x14\x7d\xd0\xd2\x1a\x09\x32\x41\x36\x3c\xf4\xef\x3b\x8e\x3b\xa0\x2d\x48\x66\x33\xb6\xb2\x17\xf5\x49\x3e\x2e\x43\x2b\x8c\x2e\x27\xd0\x0c\x5b\x56\xc9\xb6\x5f\x9a\xed\x49\xce\x93\xd7\x7e\x7d\x0b\xf5\xf9\x2f\x92\xf5\xbb\x4b\x59\x5d\x66\xf8\x87\xa4\x88\x01\x33\xf9\x70\x46\x3a\xb8\xb7\xf3\xd8\xc7\x94\xc0\x40\x6e\x88\xe3\xea\xb9\xae\x65\xf1\xa1\x85\xd6\xe3\x9e\x2d\xd6\xab\xb8\xa9\x3d\x2a\xc4\xb9\x20\x83\x98\xda\xb8\x9d\xbc\x07\xa4\x1a\x50\x26\x40\x26\x41\x2d\xa0\x22\xb5\x8f\x48\x9d\x4d\xba\x31\xfb\x88\x2f\xec\xb1\xff\x8c\xa1\x82\x0d\xda\x18\x65\xaf\x15\x51\xe4\x6c\xd6\x18\xb4\x4c\x4e\x6e\xb3\x03\x7a\x93\x33\xfd\xcc\xef\x4b\x89\x51\x89\xe4\x39\x0e\x93\x14\x5d\x26\x4c\xa5\xf4\x52\x02\xa3\xeb\x28\x53\x59\x3f\xee\xd6\xc6\x6d\xbb\x28\x8f\xf3\xa3\xc0\xfa\x83\x2b\x2a\xa7\xe5\x29\xb5\x56\x88\x97\xb3\x14\x94\x02\xa9\x07\xe7\x41\xe1\x01\x1c\xe0\x73\x1c\x91\x5f\x91\x44\x6a\xa0\xd5\xca\xf0\x59\x5f\x18\x16\x43\x4f\xa4\x57\x6d\xb3\xbc\x31\xe1\x0c\xc2\xaf\x33\xf6\x13\xf0\x3c\xa7\xb9\x49\x1a\x0a\x34\x05\x25\x27\x1a\xb5\x37\xf6\x2a\x11\xa8\x4d\xa0\x1c\x7f\x55\x81\xad\x57\x38\xc3\x72\xb5\x33\x5b\xab\x9b\x2b\x9d\xc2\xfe\x91\xe9\x33\x30\x4d\x94\x01\xba\x8e\x1c\xe8\xdc\x55\xc4\xfb\x46\x6b\x3a\x8e\xd7\xf5\x3a\x12\x2b\x83\x81\xd8\xf2\x90\x47\xd7\x26\x4d\x06\xfb\x51\xec\x3e\x70\x07\x1f\x27\x36\xa4\xe7\xe1\x53\x7a\x52\xfa\x25\x6a\x04\xee\x86\xfa\xd2\x7a\xd2\xd2\x8a\x9b\x36\x29"},
+{{0x39,0xf0,0x55,0x6b,0x1c,0x5d,0xca,0xb3,0x87,0x10,0x41,0x81,0xbb,0x30,0x4d,0xe0,0xcf,0x81,0x59,0x20,0xb9,0x72,0xe8,0x71,0xd5,0xf0,0xfb,0x41,0x6d,0x8e,0x61,0x6a,},{0xd8,0x5f,0xb7,0x6e,0x78,0xc3,0xd5,0xbb,0x7c,0xa6,0xb0,0x5b,0x31,0x01,0x91,0x82,0x1a,0x4a,0x7d,0x2d,0x9b,0xdf,0x02,0x29,0x2c,0xc7,0xae,0xa5,0x64,0x2e,0x48,0x19,},{0x01,0x66,0xaf,0xed,0x5a,0x8f,0x7c,0x3f,0x7a,0xd6,0xf3,0xfd,0xd2,0x93,0x8e,0xff,0x00,0x89,0x8e,0xab,0x81,0x5c,0x54,0x55,0xac,0x90,0xfb,0x51,0xf6,0xe1,0x85,0x4f,0x0c,0x07,0x53,0x19,0x4b,0x76,0x29,0x59,0x4c,0xc1,0x27,0x1b,0x00,0x34,0x31,0x22,0x1c,0x57,0x4b,0x0c,0x0d,0x19,0x08,0x2f,0xee,0xda,0x51,0xb0,0x84,0xae,0x5e,0x03,},"\xa8\xd0\x34\xe1\x70\xfc\x22\xb5\x7a\x44\xaa\x62\x69\xed\x1f\x01\xcb\xa8\x01\xf3\x98\xdf\x1a\xdf\xe7\xdf\x04\x4d\x5f\xa4\x68\xbb\xfa\x8a\xf4\x74\x9a\xb5\x0d\x24\xd6\x2e\x31\x3a\xc0\xe7\x3a\x64\xb4\x28\x2b\x74\x62\x6a\xf2\xb4\xa4\xb5\x4c\x27\x4e\x5a\x6b\xc2\x80\xb6\xdc\x25\xdc\xfe\x07\x81\x4c\x9c\x81\x6d\x2f\x9e\x36\xc0\x5b\x9b\xfe\xdf\xf7\xc6\xb0\x3c\xdd\xeb\xd4\x73\x5e\x09\x93\xd3\xc3\xfd\xc6\x54\x04\x43\xc6\x00\x5e\x90\x0b\x40\x35\xe1\x40\x8a\x85\x01\x6a\xa1\xb8\x92\x02\x99\x0e\x5d\x84\xed\x99\x81\xc2\x9b\x77\x20\x6d\x7c\x11\x30\x52\xa2\x02\x98\x12\xc6\xea\x13\xaa\xe8\xbe\x0a\xca\x7a\x33\x06\xbf\x61\x72\x42\x29\x8e\x68\xbe\xcd\x0d\x5d\x16\xc8\x88\x7f\xd1\x95\x0b\x77\x85\xa4\x6b\xb0\x22\xb3\x9f\x76\x07\xcd\x89\x13\x71\x8b\x30\x17\xfc\x3f\x86\xd6\x93\x3f\x75\xee\xc5\x19\x1a\xd1\xf1\x98\x9a\x8d\x26\x17\x86\xf5\x6b\xe4\xa9\x88\x37\x0d\xb8\x29\x61\xa9\xfc\xc9\x53\x54\x2e\x51\xc2\xe0\x86\xdb\x0e\x02\xb4\xfc\x34\x66\x94\xab\xd9\x05\x9d\x5b\x11\x72\x26\x47\x66\x9e\x7f\x17\xb7\x45\xa6\x0b\x02\xf7\x33\x9f\xcc\x99\xbc\x35\xd5\x9f\xd0\xb9\x8b\x60\xc3\x14\xab\xd4\xbf\x8a\xa4\xb7\xea\xe0\x9d\xd0\x09\x7a\xcb\x91\x89\xf0\x2c\xf8\x5a\x25\x1a\xc9\x2a\xaf\x69\x1b\x15\xcd\x4a\x33\xb5\x8d\x76\x63\xab\xd0\xb0\x44\x43\x33\x04\x4a\xf5\xce\x20\xfd\x71\xcb\xaf\xfc\x0d\x29\x83\x58\x19\xf4\x92\x93\xfc\x26\xe7\xf9\x78\x7f\xc3\x68\xc4\xd3\x5c\xae\x92\x74\x7f\x21\xca\x1f\x3e\xfd\x87\xa0\xd8\x10\x41\x99\x41\x64\x82\xd0\x7b\xfe\xc1\x28\x1c\x66\xf5\x65\x28\x5b\xf6\x72\xd5\xe7\x48\x64\x00\x66\x0c\x01\x75\x55\xe9\xfa\x2b\xf6\xa4\xe7\x02\x7f\x0e\x7e\x5f\x44\x3e\xd6\x58\xb7\x5b\x59\x06\x12\xab\xde\x0d\x80\xd1\xa2\x6c\xb8\xbd\xe7\x6b\x99\x6e\xff\x6a\x74\xe3\xda\xfc\x59\xeb\x1b\x58\x4f\x45\x97\xa2\x39\xcd\x83\x9f\xa1\xf1\xb7\xbd\xa1\xa2\x4d\x15\x0c\x4e\x24\xb9\x1c\xec\x01\xee\x53\xa3\xac\x85\x2a\x91\x2d\xe1\x95\xa3\xc2\x9d\xd7\x07\x9a\xa7\xe8\x8a\xa8\x1e\x9d\x31\xb8\xfc\xcd\x43\x5e\xda\x11\x3c\x3f\x82\x45\x8b\x7f\x79\x33\x57\x2b\x77\x67\x53\xc9\x22\x40\xcc\x03\x61\x58\xa4\xba\x0e\x56\xef\xed\x53\xec\xb5\x3f\xc0\x93\xfe\xad\x14\x34\x34\x85\xae\x5d\x91\x05\xbb\x16\x3f\x26\x25\x14\xe4\x8b\xe7\x41\x59\xc9\xfa\xbc\xb7\x1d\x1a\x42\x80\xd9\xed\x70\xd7\xe4\x2b\x75\xf7\xfd\xad\xd0\x2d\x69\x19\x8f\x5f\x46\x5b\xf6\x04\xcb\x42\x54\x41\x7b\xac\x37\x14\xb3\xa9\x9e\x6f\x1a\xce\xc9\xe3\xb3\xd0\x97\xf9\x72\xfb\xc3\x6f\x2e\xda\x39\x26\xd5\x61\x12\xd4\xe9\x09\x7d\x89\xbd\xc3\x59\x37\xb9\xa3\x15\x8e\x7c\xdd\x5d\xa4\x01\xe1\x80\xd3\xed\xe6\xb1\xff\x02\x86\x41\x92\xeb\x72\x97\x81\x53\x4f\x49\x64\xdd\xf2\xaf\x11\x80\x0d\x8b\x5b\x6d\x01\xb2\x09\xaa\x33\x69\x36\x6c\x19\xa2\x8c\x79\xa8\x7d\x21\x74\xec\x22\xfb\x14\x89\xa6\x75\x5c\x34\x8a\x99\x6d\x0a\xa5\x6e\x0f\x60\xd5\x8e\x26\xbe\xfa\x23\xa8\x6b\xef\x4e\x35\x29\x51\x2e\x30\xa9\xd1\xc5\xe4\x88\x50\x18\xcb\x97\xae\xb7\xc9\x3c\x5c\x41\xca\xa3\x42\x36\x57\x5c\x22\x6f\x3b\x23\x5e\xdd\xba\x36\x4e\x28\x5b\x6e\x35\x27\x07\xbb\xb3\xb3\x39\xbb\xf2\xa6\x3a\x9c\xb9\xbd\x33\x3a\x77\xe7\x9b\xd5\x8a\x48\xe1\x4c\xe5\x88\x6e\xd0\xcd\x07\xc2\xd1\x65\xa8\x1b\x5e\x6a\x31\xa8\xae\x78\x06\xbc\xf2\xe0\xc4\xec\x29\xa9\x67\x72\x5e\x57\x7f\x17\x41\xee\x68\xf3\x45\xf5\xf7\xab\x0f\xad\x31\xc8\xb4\xb1\x8b\x43\x1c\x49\x77\xd5\xc5\x84\x00\x4b\x45\xf7\xcd\x19\x61\xaf\xfe\x87\x38\xe2\x4c\x38\x26\x10\xef\xe9\x98\x35\x3d\x7e\xba\xf9\x19\xb2\x79\xbb\xb6\x91\xc3\x05\x2b\x8b\x2c\x5f\x09\x80\x8e\xf3\xa6"},
+{{0xba,0xb3,0xff,0x7a,0x44,0x48,0xd8,0xa0,0x3d,0x8a,0xcf,0xdb,0x91,0x3f,0x77,0xfe,0x77,0x80,0x43,0x95,0xc3,0xe5,0x4e,0xc2,0x35,0x11,0x79,0x27,0xe3,0x2b,0x50,0xd5,},{0x54,0x97,0x5e,0x35,0xe5,0xb1,0xd0,0x32,0x3f,0x2d,0x6f,0xb5,0xc6,0x15,0x8b,0xf6,0x65,0x4b,0x08,0x4f,0x76,0xbb,0xdc,0xfd,0x72,0x34,0x92,0x29,0xe8,0xe4,0xa6,0xe8,},{0xd6,0xb4,0x13,0x5f,0xc7,0xac,0xb3,0xd7,0xcd,0xf9,0x87,0x89,0x6d,0x91,0xb8,0xa9,0x0d,0xb5,0x84,0xd8,0x93,0x3a,0x6f,0x30,0x29,0xe3,0x26,0x1e,0xc1,0xc3,0x90,0xcb,0xac,0xfa,0xaf,0xef,0xf4,0x43,0xb6,0xda,0x4f,0xdb,0x1d,0x84,0xc6,0x4a,0x54,0x56,0x0f,0xef,0xfa,0x2f,0x1c,0x7a,0x91,0xbd,0xe9,0x73,0x02,0x22,0x92,0x3b,0x67,0x03,},"\xb6\x47\xb6\x7c\xf0\x1c\x2c\xac\xc3\x9d\xe5\x96\x9e\x19\x9b\xe6\xd9\x32\x01\x67\xa4\xce\xbb\xf1\x62\x59\x50\xb1\xe6\xb7\xad\xf5\xca\x24\xd1\x34\x95\x68\x86\x5f\xbb\xfd\x90\xf5\x13\xf0\x5f\x79\xf7\x0a\x63\xa2\x38\x73\xdc\x7a\x19\x5d\x4b\x28\x5a\x08\xf3\x0e\xe0\x61\xd0\xb8\xe6\xb4\xd6\xbf\x9b\x2e\xcf\x2c\x69\xf3\xd5\xa0\x7a\x67\x30\x53\x7c\xca\x4a\x4e\x4c\x7e\xe6\x84\x70\x2b\xff\x88\x3f\xab\x8b\xca\xf8\x93\x11\xc5\x49\x8b\xcc\xb5\xa0\xf7\xc8\xd4\x9b\x54\xf4\x82\xff\xfb\xca\x6e\x7d\xa2\x62\x45\x2b\xa5\x9a\x57\xa6\x87\x9d\x81\xb7\x3c\xd7\xad\xf7\x2a\x3b\xe2\x8a\x37\x3c\xd6\x33\x10\x40\x84\x61\xc2\x1b\x90\x7f\x63\xe0\x86\xb2\x92\xff\x02\x83\x3e\x8a\x2f\x46\xad\xbd\x67\x1d\x02\xb0\x3a\x69\xac\xa2\xe1\x1d\x28\x7c\x52\x2a\x95\x45\x20\x44\x2e\xce\xfa\xa9\x05\xdb\xfc\xc8\x25\x4c\x58\xc3\x95\x4a\x89\xbf\x56\xcb\xe0\x1a\xd5\x63\x19\x71\xeb\x39\xeb\x43\x2a\x85\x4e\x69\x19\x29\xdf\x7e\x48\xb9\x00\xca\x6e\x74\x0a\xcc\xf5\x78\xb3\x17\x95\xb4\x9a\x6c\xa7\x74\xbd\x8b\x99\x31\x06\xa9\xc4\x94\x8c\x18\x71\x49\x48\x31\x59\x90\xa5\xf1\x91\x69\x24\x20\xf2\x89\x32\x8a\xb7\x13\xec\x19\xb7\xea\x89\x4d\x16\xe6\x47\x61\x00\x87\x1c\xf3\x16\x8e\x4f\x93\x5b\x55\x05\xd1\xed\x5b\x0a\xa2\x9b\xe3\x6f\xa3\xa3\x46\xac\x3e\x76\xf1\x43\xc4\x6c\xa6\x91\x23\xb7\x9c\x36\x39\x9a\x0d\x2e\xd3\x02\x77\x24\x94\xad\xf4\x42\xbb\xaf\xbc\x4d\x01\x53\x26\x92\xc7\x85\x9d\xf0\x4d\x2c\xa7\x8b\xa5\x5d\x77\xfd\xf3\xe5\xad\x99\x37\x86\xa2\x4c\xff\x21\x99\xbb\x49\x38\x78\x73\xcc\x41\x4b\x4c\xf1\x13\x7a\xbb\x7e\x94\xae\x3d\xdb\xf9\x7f\x53\x4a\x18\xfc\x5a\xe5\x85\x23\xa3\xcc\x52\x28\x3d\xc7\xb0\x16\xf3\x1c\xd6\x55\x79\x81\xc5\x07\x6c\x77\x4f\x30\x3a\x47\xc4\x27\x87\x0e\x20\x7e\xd8\xbd\x66\x64\x0f\xf0\x92\xdb\x50\x3f\xa1\x24\xbf\xdc\xf0\x20\x05\x1d\xad\xd1\x06\xdd\x24\x58\x40\xb3\x19\x10\xb8\xa9\x06\x0d\x59\x86\xf0\x2b\x60\xaa\x5e\x33\xb4\xd7\x55\x09\x12\xcd\xc5\x77\x6c\x77\x2a\xac\x93\xae\x19\xc7\x3b\x7e\xcf\xca\x38\x9e\x62\x76\x81\xa8\x78\x1e\xb4\x7d\x84\xe9\x34\x60\xba\x89\x1d\x3f\xf6\xea\xdf\x8f\x2a\x90\x3c\x38\x34\x74\xbe\xaa\x42\xb9\x0e\x03\x22\x36\xdc\xd8\x98\xd0\x2a\x40\xef\xb4\x4e\x47\xea\xd5\x2b\x75\xb0\x9c\x7d\xa1\xcd\x6a\x2d\xfd\x4d\x1c\x04\x52\xde\x69\xf6\xac\xac\x1a\x68\xdd\x78\xda\xf9\x72\xae\x26\x08\x21\xe2\xec\x52\x2f\xb5\x74\x9b\xeb\xe0\xad\xb4\x52\xbf\xa4\xfa\xa1\xe9\x79\x11\xc1\x29\x9f\x16\x56\x8d\x68\xee\xf4\x05\xf4\xb1\xcd\xac\xab\xed\x59\xf7\xb0\xfb\xce\xab\x71\x9a\x34\xb2\x99\xf5\x8a\x4a\xe8\x15\x4f\x98\xf4\xd9\xf4\xf1\x40\xb1\xf0\x85\x00\x69\x46\x72\x5e\x7c\x29\xbb\x0b\xc6\xcc\xf2\x53\x44\x97\xc6\x1d\x4c\x16\x12\x62\x4a\x61\xd7\x0d\x26\xc3\xef\xb7\xd7\xc3\x51\x84\x86\x57\xf7\xf8\xee\xbf\x8b\x99\x07\x47\x74\x0e\x6f\x91\x0c\x97\xce\xf1\x50\x37\x57\x65\xc8\xc0\xb3\xb4\x49\xc0\xd0\x9d\x66\xf0\x08\xe6\x7c\xfa\x76\xea\x2b\x68\x08\xb6\xfe\x63\x2e\xaf\xe0\x58\x7f\x37\xe3\x6b\xe9\x8d\xcb\x17\xa3\xf4\xa1\x5b\x65\xa9\xf6\xfc\xf9\x64\x2b\x52\x52\x20\x77\xb1\xfb\x4c\xc3\xc0\x8d\xf4\xb4\x67\xca\x71\x6d\xb1\x6b\x73\x7f\x78\x2c\xdf\x38\x71\x70\xa5\xf1\xf6\xa7\xae\x0a\xb3\xf5\xb7\xc5\x85\xe3\xb0\x65\x5a\x64\x56\xa5\x03\x59\x5c\xe8\xea\xea\x25\x37\x85\x5e\x7f\x0d\x50\x61\xbc\x29\xb4\xe6\x7d\xaa\x82\x46\x3c\x19\x0e\x9f\xdd\xd5\x2f\x83\x22\xdd\xb4\xe0\xf2\x6b\x68\x77\x82\x28\xeb\x57\xe1\xa1\x85\xb7\x02\x5d\xa1\x49\x87\xd4\x4b\xaa\x76\x7b\x22\xee\x7f\x4c\x84\x59\x10\x32\xe8\x8e\xc1\x2e\xb8\xc5\xa4\xb9\xe1\x57\xec"},
+{{0x48,0x6c,0x7b,0x43,0x6c,0x1d,0x43,0xd6,0xb7,0x03,0x51,0x22,0x83,0xc1,0x66,0xdc,0x86,0x3e,0x5a,0x33,0x80,0x2f,0x4e,0xa6,0x5f,0xc7,0x38,0x77,0x89,0x02,0xd0,0x14,},{0xb5,0xdc,0x94,0x7d,0x64,0x33,0x7c,0xae,0x82,0x12,0x2b,0xd6,0x8c,0xc8,0x08,0x40,0x59,0x6d,0xe3,0xbe,0x56,0xcb,0xd0,0xc8,0x33,0xaf,0x3f,0xaa,0x3a,0xdc,0x37,0x76,},{0x31,0xf9,0x5c,0xbb,0x74,0x63,0xb8,0x75,0x28,0x65,0x42,0x27,0xbb,0x13,0x97,0xbf,0x10,0x65,0xb4,0xf5,0x76,0x80,0x80,0x78,0x20,0x7d,0xfa,0xf0,0x6d,0x12,0x4b,0x41,0xf4,0xc3,0x18,0xf4,0xa9,0x31,0x5a,0x66,0x08,0x5b,0x9e,0x56,0x8a,0x71,0xe4,0x14,0xed,0x94,0x14,0x51,0x73,0x10,0xc6,0x99,0x94,0x6d,0xb0,0xc9,0x76,0x28,0x52,0x07,},"\xaf\x03\x60\x53\x67\x2d\xcf\x3a\xa2\x6e\x28\xec\x6a\xa6\x42\xce\x28\x4b\x89\x6c\x69\x88\x7d\xfd\xcf\x08\x24\x51\x5e\xb0\x84\x8d\x9d\x97\x0c\xa2\x72\xdf\x77\xa8\x6b\x3f\xf6\xdd\xaf\x3c\xba\xdd\x3a\xb6\x28\x3b\xc3\x7c\xdf\x7a\x56\x07\xd5\xdf\xc7\xcf\x96\x32\x92\x99\xcc\x53\xed\xbb\xe6\x57\xfd\xfa\x2c\xa2\x44\x67\x05\x0a\x0a\xeb\x8c\xff\xd7\xd3\x3d\x54\x3e\xc2\xc1\x91\xcc\x0b\xce\x89\xac\x37\xd3\x32\x93\xb1\x88\x8c\xcb\x76\xc2\x8a\xdc\x67\x1a\x49\x35\xa8\x46\xd9\x07\xe4\xad\xd0\x11\x0f\xeb\xbe\xe5\xae\xc8\x0f\x9d\x2f\xf7\x4e\x2a\xf4\xfd\xbe\xbb\xcf\x49\x10\x5a\x64\x69\xd7\x38\x00\x06\xb2\xca\x44\x36\x48\x14\x45\x4e\x44\x5e\x36\xdc\x00\x12\xf3\x39\xc9\x68\x54\xf8\x36\x44\x2a\x05\xa5\x0b\xec\x90\x73\x27\xf7\x4b\xa9\xf6\xfd\x79\x0f\xf0\xad\x37\x83\xd2\x97\xbd\xcc\xa7\x64\x60\x78\x37\x03\xeb\x5f\x2b\x1f\x51\xb0\xa7\x40\xce\x7a\x8f\x00\xa3\x87\xe3\x63\x62\x70\xa9\x71\xfa\x8f\x15\xb4\x49\x67\x30\xd8\x8a\xdd\x80\x7a\x7f\x7e\x98\x7c\xd4\x15\x95\xa2\xe7\x43\x5d\xf5\x19\x55\x76\xa3\x5f\x5e\x91\xb2\xfc\xfa\xc9\x4e\xd5\xd7\x76\x63\x78\x3b\x61\xe6\x67\x1d\x34\x83\x8b\x6b\x56\x44\xfb\xc1\xc5\x39\xfe\x15\x9b\x77\x92\xdb\x96\x7e\x83\x52\x61\x8d\xda\xca\x0c\xde\x73\x43\x7b\x59\xe7\x80\x1b\x49\xeb\x46\x09\xb1\x05\x77\xca\x26\x92\xdd\x6f\x9d\x5e\x9d\x4b\x5e\x5e\x62\xc5\x91\x3e\x7b\x87\xe6\xb3\x47\xbe\x61\x53\xb1\x71\x99\xc9\x16\xa1\x3f\x8a\x88\x5b\x37\x8e\xf0\x9e\x13\xca\xe4\xd8\xb0\x79\xd7\xd5\xcb\x90\x94\x19\x9b\x0f\x20\x53\x3c\x90\x08\x3b\xc3\xac\xb2\x66\x76\x97\xee\xd2\x2e\x36\x70\xab\xb4\xa5\x53\xe9\x95\xc9\xdd\x95\x94\xe5\x92\x39\x1a\x00\x04\xb6\x55\x65\x44\xf3\x56\x12\xc4\x97\x13\x59\x57\x7c\x47\x63\x82\xca\x53\xb3\xf2\x62\xa5\xe3\x3e\xd2\x6e\xec\x80\x9f\x4f\xdb\xa4\x89\x8a\x11\x36\x75\xcb\x6a\xf7\x17\xdb\x62\x57\x9f\x39\x80\xb2\x14\x63\xbe\x02\x9c\xb4\x16\x0f\xe5\xd2\x57\xc4\x6c\xd6\x66\x4f\x98\x61\xac\x50\xfe\x05\xc1\x44\x05\x7d\xce\x2f\x8d\xf1\x53\x2a\xa7\xaf\x58\x9f\x41\x27\x06\x01\xce\xf0\x6b\xbe\x4f\x35\xc3\x1c\x78\x2b\xb3\xcf\xff\x7d\x5a\xb6\x4a\x14\xec\x41\x73\x61\xf1\xd3\x2c\xbd\x38\xb6\xbd\x0e\x02\x50\x5d\x14\x16\x30\x2b\x85\x05\xae\x2a\x96\xe8\xd5\x33\x9c\x34\x6c\x2b\x06\x62\xd3\x50\x25\x9c\x50\xc5\xe4\x87\x95\x91\x4e\x6f\x88\xe9\x7c\x81\x1c\x39\x3b\xdf\x9a\xec\x7e\xf8\x20\x47\xca\x28\xee\x97\x1c\x17\x5c\x27\xe3\x6e\x10\x97\x27\x96\x0d\xdf\x1a\x1b\x97\x6a\xb4\x4f\x48\x51\x60\x7b\xd9\x66\x80\x8a\xc4\x6d\x54\x00\x31\x28\x29\x7f\x5f\x44\x87\x10\x8d\x6a\x02\xe7\xa1\x64\x13\xd2\xb7\x5e\xcb\x42\xfd\xdf\xb6\x69\xc8\x01\xd2\x3d\xe5\x0a\x6f\x7b\xf6\x58\xf7\x53\xc6\xb2\xb3\xb4\x7c\x06\x40\x10\x5d\x0a\x80\x1b\x32\xa1\x94\x3c\xdc\x15\xc8\x86\x55\x5e\xb7\x5b\xb7\x92\x7b\x93\xc3\x5c\x5b\xe1\xf9\x8b\x19\x6c\xaa\xc2\xda\xd9\x91\xb1\x04\x4e\xa8\x63\x94\x4d\x54\xd8\x83\xab\xc3\xc6\xde\x66\xed\x86\x8e\xe8\x4b\xcf\x9c\x34\xcc\xdb\x80\xfc\xd9\xcc\x04\x02\x74\x77\x32\xcd\x63\x0b\xbf\xa3\xbb\xe8\xb0\x38\xdc\x1d\xbd\xaf\x43\x6d\x9a\xc0\x0c\x02\xd5\x28\xec\xe2\xe7\x91\xee\x31\x2a\x86\x8f\xeb\x2f\x58\x7c\xa4\x4d\xb5\x73\x13\x84\xfa\x18\x31\x14\x20\x61\xb2\xea\xd2\xb8\x0c\x66\xbd\x2f\xa5\xdc\xca\xbe\x6a\x25\xf2\xa4\x93\xfe\xaa\xcd\x23\x1d\x2f\x40\x96\x46\xb9\x42\xa5\x78\x54\x5e\xa4\xfe\xea\x9a\x73\x47\x3f\x79\xdc\xf1\x3e\x0c\x9f\x1b\x49\xfd\x89\x12\xec\x48\x73\x28\x04\x5b\xd0\xfa\x22\x89\x22\xee\x6e\x97\x3e\x61\xf6\xe9\x33\x65\x29\x65\x78\xdc\xc2\x1c\x36\x14\x79\xee\x2d\x24\x87\x9f\x2e\x9b"},
+{{0xa6,0xe6,0xad,0x2c,0x37,0x9c,0x6f,0xcc,0xad,0xb4,0xa4,0x9b,0x23,0x2a,0x91,0x42,0x61,0x8e,0xa3,0x01,0x03,0xc3,0x3c,0x22,0x6f,0xf6,0x28,0xbc,0xfd,0x81,0xf4,0x26,},{0xf7,0xc4,0x32,0x3f,0x5c,0x41,0x9d,0x9b,0x3f,0x34,0xa8,0xeb,0x42,0xae,0x7f,0x1f,0xaa,0x23,0x33,0x07,0x90,0x30,0xc5,0xd6,0x4f,0x9f,0xfb,0x1e,0x9b,0x16,0x00,0x2d,},{0x07,0xd9,0xfc,0x24,0x4f,0xda,0xb0,0x01,0x59,0xeb,0xec,0xc5,0xa0,0x08,0x83,0x45,0x3f,0x08,0x31,0x01,0x71,0x76,0x9d,0x29,0x70,0x01,0xe8,0x77,0x01,0x0e,0x3e,0xce,0xd9,0xfb,0x60,0xec,0x91,0xcb,0x4d,0x88,0xe7,0xba,0x40,0xc5,0x30,0xb1,0xf9,0x23,0x79,0x78,0xcc,0xd9,0x6d,0x5c,0xba,0x9e,0x4f,0xa2,0x7e,0x2a,0x0a,0xd9,0xd6,0x0c,},"\x2e\x85\x76\x76\xa5\xbb\x1c\x6e\x9e\x94\x50\x7f\x83\xc6\x0a\x67\xf5\x47\xc5\xde\x9e\x94\x56\x6b\x19\x7a\x6a\xf6\xcf\x47\x52\xe9\x3d\xbd\xef\x6b\x9f\x66\xd1\xfe\xbd\x95\x7e\x42\xa7\xf5\xad\x64\xef\x1d\xbc\xc4\xfe\x69\xae\x95\x25\xd1\xa4\xde\x67\x05\x4c\x88\xf2\x9c\x06\x47\xba\xcf\x8b\x82\xf3\x21\xff\x99\xfe\x9e\xed\xc9\x92\xed\x34\xc1\x17\x7f\xc5\x42\x12\x27\xcc\xac\x10\xfe\xb9\xce\xd4\x08\x2f\x56\x58\xda\x63\x71\x47\x23\x97\x97\x37\xe7\xdc\xbf\xe2\xe8\xb5\xd5\x0f\x91\xdf\xca\x83\xe7\xf9\x5f\x35\xd1\xad\x8d\xd5\x11\x44\x50\x2f\x3d\xf6\x72\x43\x26\x11\xf0\xe7\x66\xa9\x0d\xcc\x2a\x57\x39\xc8\x05\xd9\x5f\xe5\xb0\x41\xde\x9d\x7f\xb4\x7b\x44\x04\xaf\xc8\x03\xa3\xbd\x48\x04\xc7\x81\x7e\xbc\x5b\xdf\xef\x8a\xdd\x9e\x25\x0b\x50\x96\x6c\xa8\x93\x9b\x22\xb3\xc6\xff\x93\x6e\xaa\x65\x9a\x24\x0c\x0c\x84\x8b\x81\x0a\xce\xcf\x61\x81\xe0\xe4\xdb\x8e\x4c\xf8\xfc\xce\x7d\xe5\x59\xcb\xe8\xaf\xa9\xdb\x84\x99\x57\x09\x11\xa3\x88\x7e\x85\x0e\x50\x9c\xdb\x70\xde\xbc\x34\x77\xd1\x21\x75\x01\x4f\x79\xf8\x1b\xa1\x13\xd0\xb7\xb3\x35\x11\x8f\x85\xcf\x59\x99\x6f\x80\x67\x58\xeb\x90\x3c\xc4\x50\xf5\x2f\xee\x10\x2e\xfc\x01\x44\x1e\x9a\xe5\xfa\xe7\x4c\x23\x1d\xfd\x85\xeb\x6b\xad\x17\xd6\xb7\x0e\x93\x85\x84\xfa\xcb\x21\x72\xcb\x03\xbd\x5e\xa0\x7b\x7f\x0d\x37\x1f\xfa\x35\x1c\x0e\xe4\xef\xe9\xba\x4a\x3f\xd5\x43\x87\x46\x55\xe7\xd3\x9c\x53\xae\x86\x32\x98\x02\xe5\xc3\x85\xe9\x28\x3a\x29\x73\xca\xb8\xcf\x7a\xc7\xff\x0f\x91\xd1\xd4\x8b\x58\xab\xfd\xad\x65\x8d\x81\x2f\x07\x88\x16\x76\xbd\x22\x6b\xfe\x95\x7d\x7d\xf3\x0c\x41\x30\xa4\x48\x35\x4a\x6b\x94\x40\x5a\x41\x16\x50\xa9\xc8\xfc\x85\x11\x55\xec\x5a\x8a\x3e\x3b\x67\xae\x0c\x4b\x5c\xb8\x9b\xb7\x3f\xc8\x29\x74\xbe\x62\xda\x73\xf0\xe2\x30\x92\x93\x7d\x40\x5b\xa4\xaf\x6c\xab\x94\x65\xea\x43\xa6\x25\x3f\x44\x57\x08\x2a\x06\xac\x12\xb7\x5e\x88\xec\x68\x44\x87\xf9\x07\x63\x73\xfa\xb8\x89\x28\x59\xd8\xe8\xba\x43\x14\x23\xaa\x80\x5a\x22\x0c\xbf\xda\x43\x1b\x32\xb1\xe0\x31\x21\xf7\xfd\x4d\xe1\x85\x91\xf2\x50\x5c\xc0\xf5\xb2\xb1\xa7\x60\x5f\xbc\xc6\x37\x57\xb0\x7e\x29\x9f\xef\x5a\x2b\x73\x65\x23\x0c\x2e\x92\xa2\x59\x62\xc2\xe8\x01\x2a\xd3\xfa\x9e\xe9\x48\x82\x70\x96\x25\xba\x68\xc7\xb2\x13\x66\x4a\xe2\x53\x2b\x60\x9d\x7c\x9a\xa0\xe8\x3d\x49\x3d\xbc\xe7\x63\x2f\x35\x58\x0e\x06\xd3\x11\x1c\xed\x32\x0d\xd0\x19\x04\x41\xf6\x2d\x9e\x35\xf5\x0d\xe5\x9c\x27\x2f\xb0\x0f\x56\x8a\x00\xb0\x74\x6c\x33\xa9\xbd\x24\x90\xc0\x74\xb9\x1c\xdd\xc4\x87\xef\x2e\x45\xa0\xf0\x30\xe0\x8f\xdc\x18\x17\xbc\xa8\xa9\xce\x29\xd2\x92\x79\xe7\x55\xde\xbc\x28\xdf\xad\xc3\xc4\xd1\xb4\x58\x48\x6e\x3c\x8d\x0c\x43\x18\xe7\xe6\xf9\xeb\x5a\x36\x53\xb3\xf7\xc4\x95\x07\x07\x7c\xd5\xeb\x81\xf1\x0b\x88\x10\x7c\xc0\xf9\x31\x69\x32\xab\xe9\xb6\x4e\x88\x86\xd0\x68\x56\xa8\x5b\xe6\x3b\x0c\x2b\x47\x5c\x0a\xfc\xb0\x69\x44\x26\x86\x0f\xb2\x4b\x5c\x17\xab\x6a\xb7\x73\x3d\x5e\x64\x1b\xe7\x4f\xd5\xf6\xa1\xff\x18\xd2\xf9\xa4\x27\x70\xfb\x30\x75\x0f\x56\xf4\x85\x4e\x38\xd5\x8a\xef\x18\xa2\xa6\x1c\xbf\xb4\x9e\xe5\x76\xed\x97\x73\x7b\xc2\x8d\xf3\x26\x8a\x33\x41\x75\x51\x3d\x97\xaf\x00\x9c\xbb\xcf\xdf\xad\x50\x39\xd6\x9b\xb4\x6f\x70\x88\x67\xd9\xb3\xce\x0b\xf2\xf5\x69\xe3\xcf\xbc\xf6\x13\x6f\x88\x70\xd2\x52\x08\xb2\x1a\x3e\xdc\xb7\x33\x93\xdf\xcd\x41\x72\xc1\x40\x2c\x41\xf3\x6e\x3f\x82\xa4\xea\x6d\xcd\x89\x16\x86\xba\x66\xe1\x43\x20\xaa\x0e\x22\xba\x0c\x1e\xf0\x33\xd6\x62\xcd\xb8\x60\xcd\xfa\x3a\x40\xf6\xcc\x53\x2a\x08"},
+{{0x9b,0x6d,0x7e,0x28,0xeb,0x05,0x15,0x97,0x32,0x4d,0xce,0xb7,0xa1,0x89,0x41,0x24,0x67,0x25,0xe8,0x8d,0x53,0xab,0x2c,0x34,0x77,0x11,0x05,0x33,0x0c,0xf1,0xf4,0xae,},{0x88,0x72,0xa5,0x0b,0x5f,0xe3,0x62,0xf8,0xea,0xd1,0xd4,0x0e,0x20,0x45,0xf0,0xd4,0x0b,0x2e,0x7b,0x50,0xb5,0x9d,0x80,0x90,0xbc,0x47,0xad,0x68,0xeb,0xee,0x09,0xed,},{0xc6,0xdc,0x5c,0xa1,0xe8,0x56,0x00,0x15,0xb4,0x93,0xaf,0xe2,0x66,0x6c,0xcf,0x6f,0xef,0xa8,0x03,0xd8,0x52,0x6c,0x83,0x7f,0xe7,0xf1,0x23,0xc7,0x99,0x14,0x27,0xab,0x03,0x0d,0x7c,0x77,0x0e,0x45,0xf6,0xde,0x84,0x81,0x52,0x3b,0x94,0xec,0xe9,0x7f,0x3f,0x16,0x1c,0xf5,0xb8,0xc7,0xae,0xa3,0x9f,0x5a,0xd8,0x26,0xbf,0x8d,0x0a,0x02,},"\xd1\xe1\x98\x7b\xff\x65\xf6\x2a\xd6\x76\x24\xc6\x65\x79\x24\xf5\xd6\x73\xb7\x82\x4e\xbe\x40\x40\x26\xc0\x56\x2d\xed\x31\x43\x44\x0b\xe6\x37\xf9\x8c\x9e\x01\xa6\xaf\xdf\xa9\xa4\x7d\xd4\x9c\x7c\xba\x6e\x3f\xd2\x3e\x45\x52\xf7\x63\x2b\x14\x38\x0b\x27\xcd\x3e\x96\x06\xcc\xe3\x50\xf1\x52\xab\x12\x6b\xea\xd0\xa5\xd3\xbc\xe4\xd4\x20\x92\xd9\x34\xc8\xca\x33\x7e\x98\x7e\x11\xd8\x6c\xfb\xfb\xd2\xac\xc3\x22\x3b\xd1\x67\x44\xa9\x27\x72\x8f\x48\x53\x72\x17\x5c\xc6\x94\xdf\x30\xa7\x3f\x9d\x33\x76\x5f\xf0\x14\xef\x00\x8d\x58\x63\x21\x03\x38\xcc\x34\x82\xcc\x27\xea\x31\x7e\xec\x92\x1b\x0c\x56\x8c\x38\xab\x27\xc4\xa5\x64\xe8\x02\xb1\xb9\x46\x68\xc6\x51\xe2\x0a\x0b\x55\xf3\xa7\x9d\x21\x5f\xc3\xa0\xd0\x49\x04\x01\x09\x32\xc4\xcc\x68\xc2\xa9\xe7\xd0\x0e\x5d\x38\xd8\x2d\xf5\x52\x06\xba\xb9\x5c\xf6\x97\xbe\xbc\x72\x06\xee\xde\xf6\xfd\x18\xd9\xa2\x0c\x2c\xbb\x28\x5b\x00\xef\xa7\x69\xa0\x8d\xab\x2b\x3a\xba\xdf\x00\xd1\x98\xb4\xf1\x92\xdd\x44\xbc\xb9\x14\x31\x82\x3a\xe6\xfd\xf9\x84\x58\xec\xa3\x9c\xd2\x92\x63\xf0\x99\x93\x03\xe7\x0d\xc6\x94\xfe\x01\xc5\x3a\x11\xc1\xd1\xc3\x4c\x1e\xe5\x06\x8a\x20\x1d\xbe\x7e\x10\x08\xd7\x64\x35\x89\x68\xb4\x02\xaa\x39\x85\x49\x50\x7f\x7b\xd1\x85\x08\x00\xe4\x11\xb1\xc4\xe2\x8d\xdc\x04\xa8\x59\xe1\x79\xbe\x8a\xd7\xe6\x67\x0e\x50\x9d\xb0\x27\xad\x7e\x51\x7e\x44\x25\x95\x4f\x5a\x80\x74\x14\xa6\xda\x26\x7a\x76\x4e\x71\x2a\x99\x84\x65\x06\x49\x82\xd8\x51\xa2\x65\xea\x3c\x4d\xfb\x74\xf9\x92\xa7\xcc\xcd\x9a\x82\x68\x7f\xa6\x1c\x32\x2c\x4f\x58\x9e\x86\xb8\x82\x52\x13\xbf\xa9\x51\xda\xe6\xaf\x35\x4a\xce\x18\xf0\x73\x99\x5a\xdc\x95\x83\x9d\xac\x01\x65\x51\x1d\x61\x75\x37\x91\xa5\x3e\x48\xe3\xa8\x27\x3d\x44\x82\x3d\x25\x96\xf2\xa2\xdb\x2e\x5f\x1a\xe5\x97\x22\x1b\xa7\xf3\xeb\xaf\x4a\x7b\x28\x88\x39\x50\x02\xbd\xaf\xf5\x1f\xa5\x4b\xfb\x97\x9d\xe1\x03\x14\x04\xca\x77\x89\xfe\x09\x5d\x4d\x17\xf0\x7a\x35\x55\x6b\x10\xfe\x8e\x14\x17\xc8\xa6\xa6\x31\xc2\xed\x36\xcb\x7a\x0e\x61\x81\x77\x62\x89\xc3\x44\x81\x4d\x42\x13\x1a\x73\xb1\x2f\xaa\x35\xd7\x78\x14\xc6\x81\xa6\x01\x37\x4b\xa7\x1c\xb9\xad\x53\x15\xfa\xd4\x2d\x3a\xcf\xc7\xc1\xd6\x28\x81\x02\x56\xda\xf7\xd8\xc3\xc9\xa2\xe5\xbd\xcf\xb7\x70\x08\x2f\xa6\x38\x16\x89\x58\x52\x3a\x1c\x3b\x03\x5d\xbc\x6d\x5a\xdf\x26\xdf\x89\xa7\xcc\xab\xed\x3e\x7d\xd3\x77\xc1\x6d\xa8\x41\xf1\x3c\x68\x94\xd4\x3c\xeb\xb4\xe3\x90\x22\xf1\xcc\xec\x22\x74\x44\x5c\x78\xb3\xad\xc7\xbb\xf7\x0d\x89\x0b\x80\x23\x6c\xc4\x46\x8f\x95\x69\xc5\x9a\x7e\x33\xb5\x70\xe6\x70\x38\x0d\x24\x4e\x4e\x31\x0e\x11\xc3\x92\xf1\xe3\x34\x05\x4b\x92\xc8\x38\x6c\x16\x1c\xe0\x41\x09\xb0\x37\xbd\x62\x8d\x91\x9d\xcb\x62\xda\x14\x35\xbf\x94\xe8\x8b\x0a\x88\x46\xd4\x86\xd1\x67\x78\xf7\xa3\xb8\x80\xe6\x60\xf4\x41\xfd\xf8\x6e\x56\xb8\xaa\x06\x61\xf5\x5a\xae\xce\x27\xf9\xdd\xaa\x0e\x2a\x22\xc2\x15\xb0\x40\x53\x97\x26\xb9\x85\x39\x15\xa1\x59\x2d\xff\xea\xe3\x2d\x7b\x5b\x67\xeb\x62\x05\xbb\x0b\xd7\x27\x9f\x78\x8d\x5f\x83\x3c\x40\x66\x78\x0c\xa0\xa4\x2d\x3e\x4e\x1a\xa2\x2b\xd0\x6b\xb5\xee\xd8\x9b\x94\x13\x77\x1e\xca\xb6\x44\xca\x72\xd1\x29\x1d\x00\xf7\x40\x90\x1a\x73\x11\xdc\x03\x67\x15\xd2\x3e\xbd\x9a\x59\x89\x16\x28\xf0\xd8\x7e\xd4\x89\x50\x2f\x06\xd7\x5b\xbd\x11\xcd\x16\x02\xa3\x5e\xe7\xe1\x33\x35\xd6\xa1\x44\xb0\x88\x30\xe6\x69\xc0\x2e\x65\x2f\x3f\x10\x0d\x39\x3e\xf9\xb4\xac\x05\x32\x14\x39\xbc\xe6\xce\x36\xff\xc5\xab\xca\x89\x0b\x87\x96\xcc\xb5\xe1\x63\x03\x55\x9c\x5d\x91\x17\xf0\xf3\x1d"},
+{{0x70,0x09,0xed,0xd0,0x79,0x50,0x96,0xed,0xc4,0xfe,0xd5,0x5a,0x17,0xcc,0xf4,0x84,0x13,0x1e,0x60,0x8c,0x6d,0x5d,0x66,0x96,0xbf,0x33,0x76,0xe2,0x69,0x24,0x95,0x9b,},{0x77,0x57,0x4b,0xf0,0x69,0x52,0x71,0x45,0xe7,0x2d,0x3e,0x85,0xce,0x7d,0x4f,0xcd,0x67,0x1a,0x33,0xe0,0xa7,0x1e,0x6b,0xf0,0xda,0x7e,0xa4,0x71,0xdd,0x6e,0x86,0xa4,},{0xb7,0x01,0xb8,0xf9,0xa4,0x34,0xe0,0x6d,0x71,0x9a,0xd2,0x5d,0xcc,0x54,0x06,0x0c,0x79,0x86,0x64,0x7f,0x44,0xf3,0x88,0x4b,0xcb,0x6e,0x5e,0xe1,0xd7,0xa4,0x46,0xcc,0x26,0x5c,0xec,0x02,0x9b,0x53,0x7d,0xa7,0xf2,0x52,0x33,0x26,0x55,0x8a,0xc9,0xba,0x34,0xf4,0xcc,0x2a,0x97,0xcc,0xa3,0x45,0x2e,0x70,0x56,0x2e,0x7a,0x8f,0x55,0x04,},"\xb1\x2c\x12\x47\x05\x39\x54\x7c\x2d\xe6\xbc\x4e\xea\xc7\xb6\x3e\x50\x8e\xd7\x10\xf3\x56\x37\xd9\xfd\xd2\xdc\xca\x32\x2a\x7a\x50\x71\xda\xb2\xb2\x84\x5e\x30\x79\x28\x06\x03\x5c\x9f\xcd\xaf\xe2\x78\x3e\x3b\x67\x7d\x6b\xe5\xaa\xc7\x0b\x33\x91\x0a\x2b\x95\xe8\xb5\xd5\x9b\xda\x61\x59\x35\xa4\x17\xb7\xae\x19\xa7\x85\x37\x74\xe8\x9a\x12\xaa\x54\x7b\x41\x92\x97\x9a\x01\xef\x6e\xf3\x2a\x40\xde\x79\xd6\x80\x05\x7a\x83\xa0\x74\x61\x7c\xa6\x50\x1f\x59\xe7\x35\x64\x92\x7c\x38\xb5\x8c\x19\x58\x5a\x2c\x03\x65\x9c\x02\x6e\x4d\xe3\x80\x6d\x6c\x1c\xa8\x95\x8d\xee\x47\xbc\xb8\x89\xe7\x6d\x2c\x3a\x9a\xb5\xb8\xb6\xaf\xb2\xe8\x42\x29\x80\x56\x56\x7b\xf9\xb5\x89\x57\x41\x54\x83\x33\x62\x33\xef\x49\x20\xfa\x57\xf4\x96\xe1\xf0\x34\x8c\xca\x20\x36\x64\x96\xfa\xb3\xa7\x5b\xf4\x21\x4e\xce\x47\xa4\x5f\xea\xa1\x39\x2d\xb3\xf2\x54\xd9\x6a\x7f\x37\x40\x2c\x98\x11\x14\x0d\x73\x58\xb4\xef\x8f\x20\xa2\x98\xee\xef\x90\x4e\x37\xd6\x8f\x37\x8d\x33\xcb\x96\xd0\x0c\x03\x10\x9f\xc8\x3f\xd0\x6a\x87\x6c\x92\x48\x2f\x61\xab\x79\x14\xeb\x7c\x2e\x5e\x84\x06\x6e\x0e\x91\xe2\x1e\x42\xe9\xbe\x23\xdf\x12\xb5\xc7\x47\x97\x3c\xb8\x64\x42\xc3\x22\x91\xd3\xd1\xae\x71\x9b\x36\xa6\x2f\xaf\x3a\xba\xa2\x05\x3a\x31\x3f\x62\x5d\x85\xc5\x1a\x51\x98\x57\x19\x15\xef\x8a\x2b\x19\x9b\xa3\x7d\x25\x88\x45\x75\xba\x1b\x72\x84\x4c\xab\x43\x28\xb5\x7f\xab\x1e\xc9\x74\xee\x8e\xa1\xdf\x7c\xa9\xc7\x8a\x4d\x3a\x03\xbc\xb0\xab\x41\x69\xbf\x06\xa3\xa4\x38\xd9\x56\x6c\x6c\x50\x1d\x8d\x9c\xcc\xcb\x1a\xc2\x6b\x4d\xa4\xae\x1a\x9d\x8e\x8b\x9d\xf6\x62\x82\x1a\xd9\x75\xc9\xb0\x15\xfe\x26\xf6\x89\x8d\x22\xab\x91\x2f\x0e\x40\x5a\x5b\x27\xcf\xd3\x9d\x65\x7d\xcd\x92\xcd\xeb\xe6\x79\x19\x02\x71\x34\x84\x40\x6d\xdd\xce\x71\x18\x87\x31\xe4\x43\x19\x38\x1a\xf2\x7d\xaf\x76\x79\x22\x73\xb8\xc3\x52\x51\xd1\x1b\x83\x6a\xfe\x8b\x3c\xe9\xb4\x02\x73\xf6\x91\x5e\xbe\x6b\xc9\x5a\x75\xbb\x94\x1a\x42\x92\x09\x86\x7f\xba\x87\x64\xbf\x6c\x40\xdb\x6e\xec\xb4\xf2\x17\x47\x83\x7c\xf6\xae\x7f\xbf\xe3\x6d\x50\x23\xdf\x7f\xce\x2c\x0c\x3c\x57\xaf\x28\x98\x88\x53\x13\xc5\xc4\xbd\xa3\x5c\x7d\xa6\xcb\x29\x93\x2f\xb1\x99\x1f\x62\xbb\xb0\x80\xb3\x2e\x20\x50\x61\x93\x11\xae\x69\xab\xb3\x02\x2d\x91\x3f\xa9\xea\xbd\x5d\x5c\xb4\xdc\x54\xd7\x5d\xca\x63\x8c\xda\x9a\xf3\x31\xc0\xcf\x4d\x20\x07\xb6\xca\x39\xf6\x55\xa6\x1c\x01\x03\x9f\x12\xa4\xb9\x78\x2b\xc3\x9a\xec\x4d\x22\xef\x00\x93\x38\x8d\xd7\xd5\xb5\x6d\xfb\x8a\x7f\x9d\x86\x69\x00\x4e\x28\x78\xdd\x8a\x6d\x76\x85\x7c\x08\x45\x24\x50\x68\xfe\xe1\xc5\x31\x96\x31\xe7\x8d\x37\x85\x16\x5c\x70\xaf\xd6\x52\x99\x30\x13\x78\x55\x1e\xbf\x61\x35\x84\xc6\xa7\x62\x0a\x0e\x3b\x67\x79\xf3\x8c\x09\x40\x06\x24\x97\x00\x8e\xb2\x33\x87\x08\x68\xc2\x1c\xcc\xac\x23\x95\x01\xb6\x3b\x74\x9a\x85\x60\x2c\x28\xa0\x95\xca\xfc\x74\x9b\x05\x11\xa6\xc8\x78\xed\xb3\xb7\x80\xea\x17\x4d\x07\xb1\x21\xe3\x15\xa8\x26\xdd\xa6\xec\x8d\xc5\x43\x63\xe2\xcd\x2e\x63\x05\xa1\x94\x82\x5c\x0e\xa9\x0e\xfd\x7a\x9f\xd8\x9c\xd9\x7b\x99\xc4\x30\x0b\xd3\xbf\x93\x53\xd8\x2f\xbc\xce\xea\x71\xb4\xee\x3f\x1a\xae\x95\x39\xb4\xcc\xe9\x0c\xa4\x77\x59\x7c\x17\x4e\xf2\x0f\x4b\x9f\x4e\x62\xd0\x9a\x57\x0d\x31\x35\xaa\xbe\xe9\x55\x1f\xa6\x09\x83\x95\x8c\x0b\x7b\x8c\x37\x44\x55\x3e\xe1\x4e\x7f\x3c\xd1\x03\xa1\x92\x51\xc9\x9b\xf6\x38\x4a\xbb\x60\xa7\x6a\xfc\x66\x58\xb8\x0d\xfc\x51\x10\xad\xc4\xc7\x32\xfe\x0e\xe3\x29\x33\xfb\x28\x48\x28\xe0\x08\x88\x7a\xef\x80\xf6\xf8\x13\x34\x04\x46\xc0\x21\x7c\x12\xee"},
+{{0x12,0xfe,0x8e,0x5c,0xe2,0x0c,0xaf,0xaa,0x32,0x79,0xda,0x7b,0x34,0xaa,0x87,0x75,0x2e,0xad,0x67,0x9f,0x15,0x61,0x28,0xaa,0xef,0xb4,0xaf,0xa5,0xdb,0x4f,0x2a,0x6f,},{0xe7,0x7f,0x44,0x20,0x6b,0xb0,0xc4,0xc5,0x9a,0x28,0x70,0xcf,0xc2,0xec,0xac,0x63,0x36,0x2d,0xee,0xcb,0xe8,0x11,0x5d,0xe5,0xcb,0x1a,0xfc,0x2d,0x9a,0x3d,0x47,0xf1,},{0x04,0xea,0xf9,0x00,0x96,0x6e,0x09,0x92,0xd3,0x6e,0x3c,0x22,0x0a,0x4b,0xd4,0xd8,0x2b,0xcc,0x6e,0xb9,0x98,0xed,0x05,0x1d,0xbc,0xb9,0x16,0x0b,0xcd,0x35,0x74,0x09,0x73,0x6b,0xcf,0xf7,0xe6,0x63,0x0e,0x96,0xf5,0x53,0x8a,0xec,0xa6,0xab,0x8b,0x0d,0x0b,0xd8,0x2c,0x0c,0xd7,0xc4,0x54,0x99,0x17,0xfe,0xbb,0x9c,0xba,0xda,0x08,0x0c,},"\x6b\x80\xcc\x6f\xbb\xd3\x32\xf8\xc6\x19\x7c\xdf\x2e\x6d\xc1\x9a\x21\x30\xfa\xa2\xec\x93\x8e\xf5\x58\xb8\x84\xba\x4f\xa5\xe1\x13\xe5\xb3\xe4\xb1\xaa\xf5\x1b\x69\x5f\x13\xef\xfe\x13\xf7\x7d\x39\xca\xb3\xc0\x7d\x04\xd6\x6d\x43\x0d\x99\x74\xb1\xda\x3d\x39\xdf\x12\x78\xc0\x0d\x6b\xcb\xfd\x4b\xae\x75\xb8\xc0\x76\x40\x4d\xbb\xb8\x34\x48\xfb\x49\x3d\xf6\x70\x00\xf9\x7d\x24\x7e\x8f\x23\xdc\x08\x1f\xce\x99\x2b\x65\xa2\x1b\x35\xd7\xbd\x7f\xa7\xdc\xcc\x54\xa5\x60\xaf\xd1\x4b\x1e\xc4\x36\xc1\x09\x46\xf6\xaa\x59\xea\xe1\xbe\x3e\xcf\x31\x1d\xef\x51\xe4\x6b\x6b\x4d\x1d\x08\x0d\x17\x84\xb2\x33\x4b\x80\xcf\xba\x72\xcd\x93\x1f\x55\xec\xd2\x98\xb0\x5d\xc8\x36\xab\x12\xd0\xad\x8b\x5d\x6e\x9b\x1e\x3c\xea\x3d\x84\x33\x68\xee\xf1\x9f\x5c\x14\xc6\xbb\xad\x94\x14\xcc\x7a\x4d\xb6\xa7\x26\xe4\xfc\xae\xd4\x44\x40\xa0\x19\xfe\x12\xa6\x05\x73\x40\x3c\x0e\x66\x2d\xc9\x02\xd1\xc8\x73\xff\x30\xc9\x31\xba\x7e\x43\xa3\xb3\xbf\x71\xd5\xb0\x94\xea\x50\x49\x71\x64\x7c\xa9\x43\x56\xf0\xa5\x3e\x44\x4b\x4c\x00\x8e\xe5\x97\x72\x04\x22\x1b\x40\x0d\xee\xc3\x7f\xc2\x73\x45\x25\x45\xf8\xf2\x18\xbe\x98\x87\x25\xbc\x38\xc8\x5d\xf2\x12\xea\x73\xdc\x0b\xc7\xcb\xba\xc9\x07\x98\x2f\xef\xad\x68\x0f\xbd\x97\x5c\x20\x93\xa7\xfe\x8e\x6b\x37\xc1\xcc\xed\x87\xf8\x1d\xaa\x57\x29\x1a\x5a\x18\x47\x6d\x11\xa1\x8e\xc4\xb5\xcb\xce\x5d\x55\xac\x9b\x62\x4b\x04\x84\x30\xf2\x54\xf6\x71\x07\x85\x06\xe6\x98\x9d\xf7\xc0\x92\x56\x52\x50\x39\x08\x5a\xb7\xc1\x30\xc2\x40\x00\x4a\xbb\xb3\xaf\x6b\x48\x1c\xc1\xa0\x61\x7e\x57\xe3\x88\xee\x4b\x1f\x05\x2f\x34\xa0\x03\xfe\x6b\xb2\x02\xcb\x87\xd2\x74\x1b\xd8\xe3\x45\x4c\xa7\x3d\x2f\x61\x20\x11\xec\xc7\x4d\x88\x34\x35\x10\xa6\x3c\x93\x13\xdd\xc3\x6c\x25\xd3\xfb\x03\xe1\x88\xf5\x60\xbd\x02\x9c\x80\x15\x85\xce\x55\x29\x88\xdc\x55\xb7\xd8\x52\x2a\x33\x96\xc0\x1d\x5e\x71\x5a\xe2\x6c\x62\x2c\x64\xfe\xd5\xb9\x8e\x9c\x55\x9e\x4a\xa7\x8d\x1e\xd3\xb7\xb8\x90\xd4\x77\xec\x8c\x50\xa0\xff\x10\x7a\x3f\x83\xb0\x7b\xd3\x5e\x9c\xe9\xa0\x8b\xcf\xc0\xf1\x68\xee\xc7\xaa\x31\x1f\x71\xc6\x6a\x71\xce\xb9\xd5\xa2\x19\x9a\x14\xbe\x36\x86\x5c\xa8\xd0\x7e\x18\x6b\x13\x92\xb9\x29\x0c\x57\x80\x04\xd5\x84\xf1\x91\xc8\x2a\x53\xd8\x50\x89\x0b\xcc\x0d\x12\xdf\xf8\x40\xe0\x43\xdd\xdc\x2e\x67\x0c\x83\x60\x20\x92\x4f\x58\xc0\x44\xb2\x18\x76\x3c\xa6\x19\x82\xbc\x33\x2d\x24\x7b\x2a\x00\x8a\xb5\x70\xb6\x56\x5a\x06\x89\x2a\x26\xcf\xb0\x85\x3d\x79\xda\x28\xef\x8b\x91\x0a\x93\x29\x54\x4b\x79\x2a\xe4\x45\x6b\xa7\x76\x50\x66\xb9\xd1\xb4\xa3\x00\x21\x04\x48\x66\x0a\xe4\x8b\x50\x44\x41\x01\x7c\xdd\xd1\xf6\xf0\x09\x38\xb1\x07\x2c\x8a\xb8\x24\xad\xfe\x8a\xe3\x49\x23\xc8\x2e\xec\x75\x4b\xee\x1a\x65\x50\xab\x1d\x3d\xa0\x86\xe3\xae\xbb\xf2\x11\x69\xc4\x44\x69\xe0\x3b\xba\xe0\xd7\x2c\xe8\x63\x45\x77\x84\xcf\xe1\xdf\xc2\x76\xf1\xaf\xad\x9e\xe5\x3e\xba\xb5\xa3\xc6\x57\x2e\xb1\xca\xe0\x99\xa4\xa5\xfe\x19\x31\x92\x90\xe6\xa1\xb8\xb0\xe7\x54\x1e\xd7\x35\xb3\xf2\x1b\x1e\x2c\x75\x09\xf8\x7f\xd1\xfe\xd0\x00\x07\x47\x9b\x3c\x1b\xb7\x84\x32\x46\x63\x02\xd2\x46\xd8\xd0\x31\x99\x63\x07\x26\x0a\x0c\x41\xa0\xe3\xec\xd1\xe7\xfd\x83\x4d\xac\x11\xa1\x3e\xb0\x36\xb3\x9c\x36\x99\x66\xfd\xef\x39\x4c\x18\x3e\x54\xe7\xb0\xcb\x3d\x0c\xeb\x19\x8b\xd0\xe6\x6c\x00\xd3\x8d\xb7\x03\xaa\xce\x30\xcb\xbd\xab\x36\x9d\xfd\x1d\x9e\x51\x4d\x09\x68\xf1\x00\xc9\xf0\x7c\x31\x50\x89\xad\xb3\xad\x02\xe5\x9c\x04\xb9\xbe\x46\xe9\x9f\xbf\x5a\x62\xc6\xbb\xec\xdf\xf5\xb3\x81\xe5\x51\x27\x82\x4d\xdb\x18"},
+{{0xee,0x9b,0x6c,0x2e,0x0c,0x9b,0x01,0x47,0x2c,0xe3,0x2d,0x54,0xd1,0x76,0x2a,0xb0,0x30,0x33,0x17,0xd7,0x6d,0x3a,0xa7,0x8f,0x5e,0x08,0xa9,0x02,0x4c,0xa1,0xe0,0x83,},{0x01,0x6d,0xf0,0xf7,0x17,0xbc,0xb7,0xad,0xf6,0x26,0x95,0x8d,0x83,0xbf,0x8a,0xa3,0x25,0xc7,0x05,0x18,0xc6,0x8b,0xc7,0xef,0xd8,0x42,0x53,0xb7,0x5d,0xb0,0x87,0x88,},{0x4b,0x00,0x1d,0x96,0x42,0x83,0x5d,0x72,0x13,0x8d,0x68,0x01,0x98,0xe6,0xaf,0x70,0xb5,0xde,0x7a,0xf0,0x15,0x13,0x1e,0xa7,0x26,0xf4,0xe5,0x1b,0x5e,0x8b,0x6d,0x48,0xc2,0xa6,0xca,0x8e,0x87,0x09,0xcc,0x82,0x22,0xa5,0x04,0x7c,0x09,0xa6,0x6e,0x51,0x8a,0xc5,0xe8,0xb6,0xe5,0x35,0x48,0x94,0x82,0x61,0xf0,0x70,0x1f,0x68,0x73,0x08,},"\x77\x2c\xc2\x5c\x3b\x69\xbb\x3f\xf5\x65\x56\x64\xef\xa4\x78\xac\x41\x4a\xdf\xae\xa7\x0a\xc4\xa2\xa8\x87\xed\x39\x68\xc5\x4d\x34\xdb\xf1\xbe\x32\xcc\x9a\x9b\x54\x20\xa4\xad\x3c\x9a\x87\x7b\xc8\xcc\xec\x94\xad\x47\x3a\xa7\xa3\xc7\xde\x08\xa0\xfd\xb5\xed\x1e\x89\x87\x2b\xe7\x81\x70\xbe\x22\x1d\x27\x97\x76\xbb\xc6\xed\x9c\x5a\x67\x16\x89\x80\xd5\xea\xf8\x95\xe1\x34\x0f\x5d\xfa\xa3\xdf\x62\x2d\x65\x44\xb3\x99\xd7\x49\x45\xfd\x13\xbb\x11\x73\x62\x1e\x05\x61\x51\x46\x40\x13\x7a\xa7\xbc\x9c\xb7\xde\xbe\xff\x2c\x62\x69\x77\xd4\x47\x26\x3b\x7e\x57\xd4\x3d\x69\xef\xb2\x30\xcd\x25\x86\x5e\x4d\x92\x48\x28\xf5\xe3\x6f\x96\x4e\x40\x3e\x34\x93\xf3\x0d\x6d\xfe\xa6\xca\x3b\x78\x10\x75\xb5\xe3\xb2\x5c\x05\xac\x50\xe5\x55\xf1\x5b\xa1\x2b\x0e\x05\x9b\xff\x99\x64\x84\x12\x9d\xb6\xea\xfd\x88\x99\x3d\x6f\x0b\x7e\xcd\x15\xdc\xe2\xfc\x99\xf8\xb8\xe4\x35\x16\x35\x2d\xdb\x46\x1a\x04\xb9\xff\x34\x86\x45\x2e\x6a\xa6\xa5\x4b\x2d\x10\x62\xa7\x71\x42\x50\xcd\x2a\x88\xff\x6c\x4c\x17\xb6\xcc\x66\x52\xd8\xc5\xac\x27\xd4\x44\x3a\xeb\xf3\xd5\xfb\xaa\xee\x45\x21\xec\x76\xf0\x41\x3d\xb6\x44\x21\xec\x8d\x69\x49\x62\x67\x25\xfe\x56\x16\x0a\xb3\x07\xc0\xe7\x39\x06\xc4\x51\x55\xef\xab\xb4\x72\x22\x02\x1f\x22\x0d\x32\xbd\x3d\xb0\x71\x2a\xbd\xe2\x59\x9e\xa4\xff\x79\x97\x17\x81\x1d\xcd\xf8\x18\x2d\xf6\x71\x6d\x2a\x03\x8a\xee\x15\xd7\x78\xda\x55\xac\x20\xf0\x1f\x25\x30\x9c\xea\xd5\xb5\xb7\xb2\x23\x22\xe1\x82\x8e\xa7\xc9\x1a\xe6\x66\xf2\xdc\xd6\x84\x07\x31\x48\xe3\x1b\xb2\x24\x7d\x5f\x93\x50\x6e\xa8\x08\x52\x27\xad\xc9\xae\x19\x82\xe9\x50\xf0\x06\xa9\xda\x15\x8b\x9c\xec\xff\x89\x29\x76\x1c\x84\xf9\xd9\x76\xfd\xcd\x31\x7f\xfe\xd3\x6c\xbf\x6a\xcd\xa3\xe5\x0c\x9b\x73\xbd\x2c\x80\x85\x40\x9d\x11\x9b\x64\xce\xd7\x34\x9a\x26\x74\x26\x2a\x83\x2b\xec\xb0\x3c\x2e\xdc\xca\xc0\xec\x54\x12\x4e\x82\xf8\x10\x18\x17\x92\xda\x49\xea\x10\xbd\x94\x1f\x98\x95\xa0\x69\x59\xfd\xe0\xd3\xb0\xae\x84\xc3\x9d\xf0\x53\x90\xab\x33\xc3\x6c\x79\xca\x22\xe6\x59\x4d\x7f\xc6\xe3\xf8\x69\x22\xd7\x8e\xb7\xf5\xc2\x54\x95\xd8\x22\xa3\xb4\x10\x51\xb2\x4e\x57\xa7\x6f\xcf\xc1\x65\xcd\xe6\xd0\x96\xcc\x7b\x7e\x9d\x05\x5f\xe8\x64\xd5\x29\x42\xd6\x29\xa8\xac\x26\x1b\xe1\xdc\xd3\xa2\x1f\x89\x5f\x49\xb6\x7e\xe4\x7e\xab\x7c\xf1\x64\x4d\x57\x1d\x5f\xf3\x8c\x17\x9f\x5c\x6a\x54\xa3\x61\x2f\xb3\x47\x53\x41\x2a\x1b\x95\xbf\x62\xff\x31\x79\x80\x4f\xfb\xb9\x90\x51\xf2\xb0\x80\x56\x3a\x4a\xe0\xf2\x7c\xf9\x96\xea\x8b\xe3\xba\xe0\xa4\x33\x9d\xcc\xdf\xf6\xb6\x67\x15\x59\x26\x6e\xaf\xf4\xef\xf6\x82\xb8\xde\xe8\x9c\x9d\x2d\x45\xac\xdb\xec\x4a\xa6\xce\xcd\xbd\xb1\xd2\x84\x60\x9e\x65\xef\xb7\x7b\xb8\xf1\xa5\x1f\xc4\xd4\x56\x8a\x70\x5f\xb9\xc9\x7b\x23\x03\xc1\x46\x7d\xff\x8c\x8c\x5e\xe2\x75\x59\xb9\x3a\xd1\xc5\xb9\xc5\xc6\xc7\xc5\x29\xfa\x8c\x55\xc7\x5e\xbb\x59\xb2\xa8\x18\xaa\x9b\xda\x1e\x9e\x79\xbc\x66\x02\x97\x72\xf8\xae\xa1\x1b\xad\xd3\x22\x65\x65\xd5\x4f\xd0\x1b\xda\x8c\xb2\x70\xe7\x0d\xc9\x33\x9b\x46\x90\x0b\x58\x18\xe9\x32\x07\x5b\xe6\xc2\x8e\x73\xa1\x91\xd0\x2c\xbd\xc7\x45\x4b\xe1\x23\x87\xb0\xd4\x7a\x1a\xb1\x42\x32\xd2\x34\x2a\x6f\x15\x18\xea\x97\x09\x8b\x81\x5a\x1c\xa3\xf9\xc7\x0b\x25\x72\x2b\x1b\xcd\x7d\xac\xda\x63\x56\x22\xfc\x8e\x72\x95\x9f\x57\xf7\x67\xea\x56\x3d\xa4\xc1\x58\xee\xf7\x20\x01\x09\xf6\x14\x16\xc2\xe7\x04\x39\x92\x30\x62\x43\x7b\x1d\x08\x2a\x8c\x7f\x43\x94\x71\x3c\x1b\x7b\xa0\x58\x7b\x84\x1c\x11\x44\x75\xee\x3f\xf0\x59\xdf\x8c\xfa\x12\xa3\x21\xd9\x01\xcb\x47\xf5"},
+{{0xa3,0xd2,0x35,0x05,0xd0,0x7c,0x5f,0x93,0x7f,0x13,0x63,0x9d,0xbd,0x81,0x8e,0x85,0x14,0x52,0x34,0xee,0x70,0x17,0xec,0xee,0x86,0x36,0xc7,0xba,0x76,0xeb,0xef,0x5b,},{0xfd,0x7f,0xdb,0x3d,0x02,0x2b,0xa3,0x6e,0xad,0xfe,0xd0,0xda,0xaa,0xe5,0xbf,0xf0,0x45,0x05,0x40,0x3f,0x17,0x14,0x73,0xe4,0xd3,0x61,0xee,0x8d,0x15,0x0a,0x0e,0xb4,},{0x67,0xa6,0x67,0xee,0x0d,0x62,0x54,0xca,0x0a,0x8f,0x21,0x25,0x82,0xc0,0xcb,0x8b,0x6e,0xd9,0x7c,0xc9,0x67,0xdb,0x02,0x12,0x96,0xad,0x6a,0xa9,0x9f,0x0a,0xd3,0xa9,0x44,0x97,0x8c,0xfd,0xaf,0xf1,0x3f,0xe5,0xf8,0xc6,0xe8,0x8c,0xbd,0x83,0x1a,0x54,0x73,0xd0,0x74,0x2e,0x37,0x34,0xb3,0xe2,0xdf,0x00,0xff,0x32,0x40,0xa5,0xde,0x02,},"\xbc\x29\x8e\xd6\x98\x92\x90\x40\x28\x72\x5e\x21\xb1\x14\x46\x2d\x89\xd8\xc0\x06\xdc\x88\x4b\x17\x87\x56\x83\x8a\xf4\x95\x4f\xf0\xf1\xb7\x95\x17\x30\x7a\x25\x8a\x0e\x76\x81\xe8\x79\xac\x47\xd7\x92\x02\x30\xb0\xcc\x1d\x66\x17\x1e\xb2\x14\xd7\x7c\xd9\x7f\x61\x7c\x40\x5e\x6c\x21\x72\xfc\x58\x9f\x16\x25\xcc\x5e\x1b\x59\x31\x10\x53\x1f\x6e\xb5\x3f\x1e\x6f\x48\x6d\x19\x64\x61\x24\x47\x75\x0a\x04\x1f\xe5\x1b\x33\x2e\xb3\xfb\xc7\x11\x61\x6c\xe3\x5f\x04\x04\x42\xb4\x31\x63\xb8\x0b\x75\x1e\x21\xec\x12\x45\xf1\x2e\x48\x83\xc7\x9d\x3b\x41\x32\x82\xc6\x9b\xfc\x6a\x46\x5d\x1e\x78\x96\xba\xb0\x38\xdc\x89\xb4\xcf\xc0\x32\xfc\xcd\xfc\x87\xb0\x7f\x06\x11\x0e\x1f\x50\x6a\xcc\xa8\x15\x7a\x32\x25\x43\xbf\x1e\xd8\x90\x67\x27\xf2\x8d\x0d\x68\x9b\xcd\x7d\xd3\xdf\x85\x93\x52\x04\xa9\x04\xab\x3f\x7a\x0d\x99\xc1\x6e\x5a\x54\x2c\xc2\xbc\xde\xbf\x5b\x50\x2d\xba\xbe\x33\xb9\x72\x48\x0e\x02\xe7\x1a\x43\x8a\x19\x80\xa8\x76\x6f\x10\x8b\xd8\xad\x51\x10\x42\x23\x99\x4d\x9b\xfb\x3c\x3a\x4b\x7a\x59\x23\x8c\xe2\xef\x7d\x72\x88\x38\x3f\xfb\xf2\x91\xe1\x60\x2b\x38\x4a\xf6\x07\x00\xd7\xda\xf0\xe8\xfe\x60\xf8\xca\xed\xe4\x3d\xb0\x6b\x3f\x4c\x8c\xff\xf7\x49\xae\xaf\xa4\x6f\xc6\x1c\x49\xb2\xd5\xa4\x12\x04\xcf\x86\xf0\x49\x25\x4d\x80\x9e\x94\x98\xaa\x9d\x4c\xfd\xb9\x4a\xcb\x2b\xab\xfc\xf7\x86\xdd\xfb\x03\x69\x15\x16\xb3\x83\x8b\x0d\x4f\x20\x1c\xb2\x59\x1e\xdb\xb0\xb0\xf6\x74\xe1\xe2\x82\x03\x16\xb7\x2e\x81\xb4\x8c\xc5\xa6\xb2\x93\x38\xbc\x36\x68\x1f\x8f\x7d\xca\x43\xee\x6c\x0b\xd2\xe4\x02\xaf\xbf\x96\x77\x97\x51\x64\x53\xbc\x01\xbe\x86\xbf\x42\x29\x9d\x1b\x73\x6a\x0d\x97\xbb\xc9\x22\xf5\xa7\x8a\xf2\xdf\x42\xe6\xf8\xc2\x8e\x95\x3f\x2c\xea\xda\xff\xc5\xe9\x30\x64\x04\x1e\x42\x5a\xd6\x97\x5f\x88\xc7\xaa\xdf\x81\xc3\x68\x69\x1a\x58\x1e\x88\x5f\x2a\x6b\xa7\x2e\xd6\x8b\x8f\xef\xbc\xd6\xce\x36\x86\x26\xd4\x48\x92\xa2\x02\x70\xb5\xf7\x09\xc2\xe3\x4b\x83\x35\xd4\x2e\xeb\xd6\x7a\x24\xdf\x73\xf4\x54\x55\xc4\x19\x44\x18\x7b\x66\x92\xf0\x54\xb2\xfc\x95\x91\x37\x3f\x19\xfc\x71\xaa\x7f\xa2\x7d\xf6\x00\x6a\x1d\x54\x9b\xbf\xae\x7d\x3c\x3e\xb3\x6e\x5a\xb2\xaa\xa1\x0a\xa5\x53\x8d\xa7\xef\x36\xc8\xff\x35\x4b\x60\x58\x13\x40\x04\xd6\x60\xa4\x03\x63\x21\xca\xad\x00\xa3\x0b\x1c\x49\x8b\xa3\xd8\x08\xc4\x40\x5e\xf7\x96\x18\xfc\x22\x12\xa7\xb8\x33\x96\xa3\xd7\xce\xdc\xeb\x86\x3c\x66\x37\x4d\xc4\x69\xae\x18\x3c\x7e\xd7\x4b\x3e\x70\xd6\x37\x4a\x06\x2d\xe0\x37\x9b\x21\xcf\x25\xd3\xc4\xc5\x76\x21\x15\xcd\xfe\x75\x55\x45\xe8\x9a\xd4\x05\x2b\xb0\x27\x9d\x93\x8e\x90\xde\x3a\xbf\x50\x44\x10\xca\xad\x72\xb7\xc2\x9f\x53\xd0\x1d\x9d\xd7\xf2\xec\x5e\x45\x9a\x04\x59\x2b\xdd\x66\x41\x66\x13\xe6\xed\xd0\x04\x56\x9e\x0e\x6c\x98\x82\x7b\x8c\x1d\x70\x02\xa6\xd1\xbf\x30\x3e\x18\x25\x95\x01\xdd\x89\xf6\xee\x94\x76\x6d\x18\xaf\x81\x04\x63\xeb\x13\xb2\xef\xdd\xf1\x72\x3a\xf7\x35\xa8\x87\x16\xe1\xfc\xb4\xb7\xb4\x3c\xb9\x7e\x1c\xc9\x03\xb2\x40\x8e\xf4\x53\xad\xa4\x16\x47\x86\xf0\x08\x45\xfb\xfa\x1f\xfc\xa5\xcc\x3e\x1c\x4b\xd9\x94\x0e\x7d\x99\xae\xf9\x19\x16\x6d\x05\x8b\x51\x45\x3c\x9c\x14\xfb\x9f\x32\x51\xec\x5f\xe4\xf1\x53\xc7\x0a\x44\x92\xdc\x34\x96\x29\x61\x86\xf2\x3a\xd4\x7e\xba\xd1\x3c\x66\xe6\x87\x27\xce\x50\xba\x94\x87\xf1\x80\x18\x90\xb6\x93\xef\xeb\xfc\x37\xbb\x5d\x95\xf8\xaf\x54\x8e\xc8\xd6\x49\x82\x89\xe5\x5f\x98\x83\xfc\x5b\xe8\x4c\x25\x6d\x2b\xc5\x48\x49\x38\xc7\x09\x82\x0d\x9b\x6b\x80\x59\xc0\xaa\x42\x67\xdd\xe6\x90\x78\xe4\x87\xc8\x86\x5c\x0b\x13\x0a\x0c\xa8\xca"},
+{{0x6e,0x26,0x51,0x05,0xee,0x71,0x71,0xd1,0xbd,0x79,0x3e,0xff,0xd8,0x7d,0x1e,0x2c,0x79,0x45,0x0d,0x5e,0x18,0x8b,0x57,0xbe,0x3a,0xa1,0x62,0xe2,0xa5,0x25,0x28,0xad,},{0x1f,0x40,0x3c,0x7a,0x75,0x50,0x31,0xc1,0x3c,0xa6,0x3a,0xf5,0x76,0x35,0xdc,0x6e,0x2c,0x4f,0x23,0xbd,0x6b,0x1d,0x67,0xca,0x65,0xda,0x68,0xb0,0x99,0x43,0xc5,0x54,},{0xb5,0xa8,0x3a,0x11,0x7a,0x60,0x34,0x5a,0x67,0xe4,0xa6,0x65,0xf3,0x7d,0xe7,0x22,0xa6,0xec,0x03,0x91,0x38,0x29,0x38,0x99,0x59,0xf3,0x76,0xee,0x62,0x64,0x77,0xe6,0x54,0xac,0x8d,0x72,0x0f,0xc7,0x27,0xd4,0xbb,0x8f,0xe1,0x54,0x4f,0x5d,0x0b,0x0b,0x85,0x05,0x14,0x29,0x0b,0x24,0x27,0x3c,0x4c,0xd4,0xb7,0x3a,0xca,0x4a,0x53,0x00,},"\xf8\xb9\xd4\xb0\x27\xeb\xb1\x0e\xe5\x11\x81\x9e\x6e\x56\xfb\x1b\xa9\x58\x40\x18\x41\x8d\x82\x88\x5a\x38\xa4\x49\x08\x60\x07\xb8\x78\x5b\x51\x05\xca\xf7\x82\xbf\x9b\x36\xda\x03\x9c\xc6\x0e\x22\x7c\x7e\x16\x14\xf2\x9b\x64\x0b\x1e\x9b\x22\x74\x7e\xea\x7a\x67\x25\x61\x4e\x89\xe0\x78\x3e\xbe\xbb\xb7\xee\x55\x7e\xf3\x6b\x2b\x46\xcf\x64\x61\xe5\xbe\x2a\xd1\xd7\xa7\xc2\x71\x1a\x47\x5c\xa4\xfb\xc3\x30\x92\xba\x42\x56\x67\xe3\x4d\x09\x00\x60\x51\x8f\x2f\xec\x63\x6b\x04\x91\x23\x87\x6a\xb2\x1c\x8b\xd9\xc5\x0d\xcc\xb9\x84\xca\x01\x1a\x02\xee\xa0\x20\x56\x4f\xa8\x21\xfc\x36\x2b\xfe\x39\x2a\xab\x50\xc2\x73\xfc\x7b\x5a\x04\x21\x88\xe3\x31\x62\x1b\x9d\x2f\x74\x3e\x5c\x8c\xf3\xab\x1f\xaf\xfa\xfe\x2a\x00\x04\xc8\xef\x7c\xdf\x5e\x6d\xbb\x5e\xb5\x44\xe4\x28\x9f\x71\xa6\xfd\x15\xc6\x38\xce\x29\xd2\x8e\xfb\x9c\x03\x9e\x47\x74\x29\xa3\x49\x7a\x83\x82\x7e\x76\xce\x77\xa4\x98\x16\xd9\x0b\x41\xa8\xe1\x52\xf3\x7a\x09\xe6\x34\x0d\xfe\x06\x9a\x4a\xc6\xf2\x7d\xd2\xea\xc7\x47\xfd\x21\xe3\x15\x20\x88\xc1\xb1\xec\xd3\x2a\xc6\x79\x92\x74\x90\x75\x04\x88\xc2\x91\x78\x51\x47\xb6\x3b\x0b\x8f\xf1\x1d\x18\x9b\x90\x49\xb8\xa3\x96\xb6\x93\x2f\x85\xbd\x6a\x15\xef\xf9\xf0\xce\x18\x08\x41\x1a\xf0\xf9\xc8\xe6\xe9\x7b\x81\x4f\x11\x0b\xd4\xdf\x13\x86\xa9\x79\x7d\xc5\x11\xf0\xaa\xb6\xab\x65\x07\x1d\x9e\xa8\x36\x53\x2c\xec\x51\xb9\x2c\xa7\xfb\xdb\x8d\xe1\xc8\x43\x66\x58\xde\x2e\xb6\x5e\xdd\x86\x04\x4f\x6c\x1a\xba\x31\x78\x64\x7a\xd6\x78\x61\x2e\xe7\x4f\x04\x6c\xa3\xc7\xfe\x2f\x39\xc0\x9d\xd2\xe0\x7d\xf2\xb4\x22\x70\x85\xfe\x93\x6e\x79\x4d\x22\xfd\x5f\x40\xa2\x5f\x08\x77\x15\x80\xac\x80\x1d\x98\x89\xf5\xa7\x6a\xea\xe1\xf0\xcc\x4a\x9e\x1e\xdb\xdd\xa3\x75\x0c\x74\xc8\x50\x52\x4b\x32\xf4\x49\x33\xfd\x88\x3b\x53\x72\xbf\xb7\xe7\x61\xe0\x69\xfe\x7c\x1c\x0e\x7f\xbd\x4a\x7f\x58\x46\x7e\xa6\x88\x3f\x9d\x5b\x7f\x66\xd3\x86\xb0\x49\x9b\xb6\xfb\x5e\xad\x89\xc9\xa1\xfd\x2c\xce\xb9\x73\xe2\x87\x9b\x5d\x03\xea\xa4\x52\xe1\x60\x22\xd5\x96\x17\xda\xa0\x48\x6f\x4d\x4c\x11\x78\x07\xfd\xa8\x49\x9d\xfb\x7a\x28\x6f\xd2\xf7\x1a\x8e\xb5\xfe\x64\x06\x5c\x41\xe4\xe1\xe2\x36\x2a\xb4\xe4\x77\x96\x9e\x3a\x40\x8a\x24\x7e\x3a\x56\xfc\x86\xf2\xb0\x1e\xf8\xd3\xcd\xda\x87\x25\x82\x34\xbc\x7f\x25\xb6\x69\x07\xf3\x64\xb3\x7b\x62\x45\x29\x6c\x4f\xdf\x49\x9f\x20\x23\x7f\x48\x64\x85\x2f\xc5\xd8\xcd\x5d\x05\x41\x8b\xe8\xb1\x38\x59\xee\x9a\x43\xe1\x7e\x1f\x57\xa4\xc3\x5e\xa2\x82\xed\x68\xeb\xcd\xa6\x82\x81\x74\x24\x5a\x49\xc6\xcb\x65\x90\xeb\x1f\x2d\xcf\xb0\x07\xbf\xa1\xc3\x20\x77\x95\x6d\xa9\xac\xbe\x3e\xf0\x72\x37\x99\xfd\xb8\x69\xd8\xde\x30\x70\x6a\x9c\x02\x68\x14\xd1\x6a\x01\xe0\x33\xc9\x1b\x59\x07\x0d\xfe\x44\x5c\x5b\x84\x8a\x51\x66\x12\xe5\x13\x1f\xe8\x48\x69\x21\xe3\x6b\x8e\x7e\xf1\x57\xa8\x88\x22\x88\x6c\x68\x1b\x5d\xa7\x1f\xea\x94\xd9\x57\xda\xfe\xc2\x6f\x41\x47\xa3\xb2\xac\x38\x3a\x5f\x47\xc8\x58\x5e\xb1\x7a\x8a\xc6\x57\x90\x64\x1b\x42\x18\xd7\x55\xf8\xbe\xa4\xd9\x7a\xe2\xa4\x5b\xdc\xdc\x23\x23\x62\x94\xd8\x52\xc9\x5d\x08\x40\x6d\x2e\x9b\xd3\x0c\x32\x64\x52\x53\x8c\x1f\x5e\x50\x04\xd4\xa1\xa8\x27\x20\xda\x32\xe5\x9d\xc3\xab\x18\xea\x08\xa0\x58\xf7\x91\xd2\x44\x18\x55\x60\x86\xc1\xe4\xed\xce\x89\x82\xaa\x23\xb1\x18\xfb\x26\x6e\x60\xb5\x42\x78\x0a\x69\x33\xad\xd9\x13\x26\x55\x12\xc0\x7b\x11\x49\x78\xd4\x4a\xf7\x3b\x20\x30\xec\x47\xb0\x6f\xd0\x9d\xda\x8c\x4f\x1d\x4e\x31\x37\x75\x46\x8c\x45\x1f\x9e\xe6\x11\xe9\xcd\x4c\x08\x45\xc2\x50\x19\x48\xa7\xb1\x4e\xf1\xd4\xb5\xcf"},
+{{0xc4,0x37,0x0d,0x2a,0xaf,0x35,0xac,0xd1,0x58,0xfc,0x0d,0x16,0x22,0xa3,0x99,0xc9,0x9f,0x41,0xb9,0xda,0x4e,0x97,0x0b,0x35,0x4e,0x5b,0xa0,0x5c,0xbe,0x84,0x4c,0xa8,},{0x35,0x45,0xd7,0xd4,0xc9,0x5c,0x3d,0xb6,0xa5,0x45,0x30,0x53,0x7a,0xfa,0xfa,0x4d,0x86,0xdd,0xec,0xf9,0xcc,0x7e,0x66,0xc3,0x19,0xba,0x9f,0x7d,0xd7,0xd0,0x7e,0xe7,},{0x9f,0xeb,0xab,0x5a,0xe1,0x61,0xd6,0x92,0xa6,0xa3,0x94,0x50,0x0a,0x28,0x90,0xd2,0x1c,0x7f,0x0e,0xe2,0x6f,0x46,0x40,0xaa,0xba,0x4f,0xe6,0x6b,0x90,0xb8,0x9e,0xdc,0xb8,0x0e,0xa4,0xcd,0xca,0xbb,0x4d,0x2c,0x3a,0x5c,0x41,0x54,0xe8,0xff,0x20,0xd0,0xe2,0x37,0xfe,0xfd,0x00,0xc7,0xba,0x97,0x82,0xe1,0x74,0x8f,0x64,0x88,0xac,0x01,},"\x61\x9f\x57\xde\x2b\x1d\xba\xee\x20\x9a\x82\x5d\x8c\xa9\x7f\x84\xee\x49\xeb\x12\xa0\xb1\x3d\xcd\xd2\xb3\xa4\xee\x45\xe0\x17\x6d\x47\x4c\xf0\x94\x60\xc8\x31\xa8\xae\x1d\x3f\x39\xbe\xeb\xd0\x88\x08\xb3\xed\x17\x61\x21\x3b\xa9\x53\x42\x18\x60\xcc\x07\xe2\xdb\x31\x2e\x68\x0d\xf0\x3e\x60\xa6\x87\x02\x64\xab\xca\x8f\xd5\x13\x01\xe1\xc1\x56\x20\x23\xd8\x02\xcc\xd5\xc7\xd1\x96\xdb\x39\xfb\xb8\x30\x4b\x0e\x59\xe3\x33\x16\x41\x92\xec\xc3\x33\x38\x7e\xef\x69\xc7\xa7\x8a\x5d\x11\x25\x88\x62\xd6\xc2\x81\xb1\x9c\x0b\xd3\x36\xcd\x3e\xdb\x2f\x9f\xaa\xd4\x02\x1a\xc2\xf2\x05\xc1\x68\x14\xb3\x85\x48\x43\x3f\xf9\xed\xdf\xd6\x11\x33\x77\x97\x69\xdc\x69\xaf\xac\x65\x8a\xfc\x1d\x1b\x41\x6d\x39\x0a\xd5\xb4\x5a\x1a\xd5\xcc\x4b\x00\xb4\xb2\x78\xfb\xe4\xb5\x9d\x52\xe6\x1a\x6a\x5f\xd0\x02\x41\xc6\xcb\xc3\x82\xd2\xd6\x21\xa3\xde\xd0\x02\x01\x9b\x33\x05\x60\xe3\x61\xfa\xab\x28\xf4\x1d\x1a\xf9\xc9\xc0\x02\x0f\x2b\xaf\x99\xe8\xd8\xee\x58\xe3\x12\x22\x02\x14\x7c\x0a\xdc\x57\xd6\x70\xc5\xb3\x80\xaf\x59\x4c\xc7\xed\x57\xb8\x7e\xc6\x67\x4a\xb6\x3f\x3a\x98\x49\x75\x3b\x94\x62\xaa\xb5\xde\x88\xc9\x48\xa8\xb1\x09\xaf\x4d\x49\x54\x92\x7a\xac\x58\xbe\xe9\x53\xbe\x0d\x8d\x7d\x71\xaa\x11\xd1\x1f\x1a\x87\xb1\x47\x7b\x91\x70\xbd\x73\x5c\xfc\x24\x49\xf0\x51\xb8\x2b\xc5\x9b\x0b\xee\x76\xa1\x72\xe8\xd3\x26\x70\xf5\x1d\xdd\xdb\x80\x4a\xd1\x10\xa5\x65\xe3\x84\xcd\xb7\x6f\xad\x04\xcf\xf6\x78\x93\x09\x1e\x41\xe6\x9c\xfd\xf7\x0e\xa9\x26\xc2\x63\x69\xa5\xb6\x19\x3b\x19\xab\x0a\x62\x55\x8d\xa5\x5f\xfa\xfe\xb8\x78\x97\x57\x71\x06\x44\xaa\x19\xf4\x74\xbe\x4a\xda\x9d\xc1\x84\x9b\x07\xd5\xe1\x7b\x85\xf9\x21\xe1\x01\x6a\x54\xaa\x60\x95\x77\x72\x53\xa7\x34\x26\xfc\x78\x64\xb9\x95\x5f\x04\x90\x70\x23\xdb\x20\x7f\x85\xdd\x21\xa6\x51\x06\xcf\x0d\x62\x23\x85\x87\x0c\x34\xc2\xda\x9a\x11\xe4\x72\x63\x95\x12\x1e\x4a\x67\x61\xfb\x52\x22\x29\xd9\xe5\xcc\x9d\xab\x35\xae\xb8\x7d\x0d\x79\x69\x3c\x00\x6f\xde\x1c\xfa\xf1\x16\x20\x8b\xba\x96\x20\x59\xcf\xc0\xd2\xd6\x37\x0a\xac\x77\x48\x36\x2e\xe6\xa0\xa3\xca\x7b\xf1\x33\xeb\xcf\xa2\x0f\x1c\x4e\xd8\x30\x7f\x80\x0c\xca\x7e\x6c\x4b\xea\xa3\xfb\x2a\xb0\x86\x12\x53\x64\x28\x5c\x44\xed\x1a\x73\x7a\x67\xcb\xf3\xb7\x63\xc9\xf8\xb1\x42\x7e\x89\xdf\xa9\x6d\x29\x0e\x9d\x48\x42\xfe\x63\x16\xaf\xef\x83\x4c\xd8\xcd\x1f\xdc\x1f\x12\x4c\xa3\xfe\x26\x26\x6d\xa6\x2e\x27\x5c\x0b\xf7\xfc\xc8\xe5\xf9\xbb\xa6\xc0\xd3\x8e\x23\xfa\xfa\xb1\xe0\x49\x48\x17\x94\xc1\x4f\x4a\x8c\x53\xbe\x1c\x96\xf7\x69\xc9\xb1\x3e\xac\xa3\x9a\x0e\x49\x36\x6d\x2c\x9f\xfe\x8f\x20\x63\x60\xa9\xd5\x03\xde\xc5\x98\x62\x11\x12\xe3\x77\x67\x13\xe7\xfc\x06\x49\x43\x3e\x25\x7e\x50\x3a\x54\x60\x59\xa9\x89\xda\x89\x15\x7d\x76\x47\x60\x05\xfd\x90\xe4\xb0\x7a\xaf\x0d\xb0\xbc\x0b\xc0\xb6\x7d\xb8\xdc\xba\xdf\xf3\x93\x74\xe1\xaf\xae\x55\x16\x34\xe0\xe3\x28\x31\xad\x0e\x5f\xa7\xd5\x21\x6f\xa7\xc6\x44\xf7\x3e\x1e\x8e\x07\x23\x83\x94\xa4\x16\xc1\x69\xaa\x9d\x53\x03\xf4\x69\xa5\xd4\x07\x43\x08\x72\x1f\xfd\xde\xff\x65\x59\xe5\xad\xf0\xc2\x77\x3b\x3f\x52\x64\xe7\xaa\xa8\xc2\xdb\x88\x8e\x28\xe8\x15\xc7\x10\x69\xc3\xb4\xce\x6c\x29\x03\x4c\x0a\xb3\xb5\xc1\x9a\x80\xa9\xd8\xc2\xe8\x74\x81\x35\x31\xc4\x22\x75\x2a\xd6\x2b\x3c\x5a\x1a\x3d\x6c\x5a\x5d\xb5\x87\x27\x06\x93\xaa\x75\xd5\xf1\x72\xee\xdd\xf4\xeb\x83\x9b\xd7\x93\xaf\xfb\x1c\x79\x6a\x1d\xf0\xe4\x42\xdd\xf9\x9b\x78\x0a\xa4\x1e\xea\x0f\xe6\xf8\x65\xbb\x53\x9c\xa5\x3a\xa4\x5d\xb9\xa8\x56\xcb\x75\xd0\x15\x1d\x35\xed\xea\x80\xf2\x94\x6d"},
+{{0xbd,0x3d,0xe1,0xa1,0xd1,0x64,0xbd,0x6e,0x9b,0xe0,0xa6,0xd1,0x07,0xf7,0x03,0xa6,0xdd,0x91,0x4c,0x86,0x67,0xcd,0x34,0x1d,0x13,0x9f,0x19,0x57,0x8d,0x93,0x3b,0x16,},{0x9b,0x02,0x49,0x64,0xbd,0xfa,0x85,0x2e,0xb2,0xd4,0x14,0x4f,0x35,0xb7,0xcd,0xc2,0x67,0x81,0x14,0x3c,0x2b,0xd7,0xf6,0x60,0x23,0x3f,0x8b,0x8a,0xa3,0x60,0x71,0xee,},{0x13,0xcc,0x15,0x8f,0xd0,0x61,0x79,0x2f,0xce,0xd1,0x56,0x87,0x95,0x98,0x25,0x1d,0xd0,0x1d,0x57,0x5b,0x40,0x0f,0xe3,0xe3,0x9a,0x70,0x08,0x63,0xaa,0xe8,0xdb,0x1f,0x91,0x97,0xfa,0x50,0x1c,0x0c,0xf9,0x93,0xe4,0x4d,0x6a,0xc5,0x51,0x80,0xb8,0x69,0x83,0x8e,0x8a,0xe2,0x4b,0x21,0x4f,0xa3,0x5e,0x24,0x4b,0x7a,0x6c,0xff,0x6d,0x0d,},"\x17\x69\xfc\xdb\xf5\x12\x47\xed\x4c\x83\xa0\x0b\xbb\xf0\x2f\x44\x28\xda\x6f\xce\xdd\xd0\x16\x1a\x02\xfc\xcd\x15\x00\x97\x06\x65\xe1\xc7\x63\x0a\xd2\x2e\x3d\x97\x49\xc7\x92\xe7\x1a\x26\x0c\xff\xf6\x05\x32\x56\xe0\x2f\x5b\x47\xbb\xa1\x4b\x76\x1a\xe5\x3c\xa7\x21\x9e\xd2\x80\x1d\x2d\x78\x8e\x26\x41\x9f\x36\xc8\x1e\xf9\x2c\x23\x03\x68\x37\x35\xc8\xa1\x75\x6a\xda\xb6\xa4\x87\x92\x31\x53\xe4\x35\x60\x3c\x96\xb2\x39\x55\x3e\xdf\xde\xb0\x93\x29\x8f\x7a\xe7\xdc\x90\xf1\x6a\x7e\x56\x64\xb9\xe4\xc0\x2b\xa7\x31\xa2\x3c\xf2\x23\x4e\x25\x0a\xc9\x74\x26\x33\xa9\x32\xa9\x48\xbb\x83\xdc\x3d\x79\x4d\x05\x9f\xed\xf4\xec\x86\x18\xc7\x43\x3c\x5d\x8f\xe5\xe6\x2c\xf0\x7b\x57\x68\xc4\xd9\xb2\x61\xc7\x15\x36\x80\x4f\xe2\xe7\xca\x70\x98\x87\x65\x21\xd5\x76\x77\x36\x14\x24\xe4\x7f\x1b\x95\x92\x37\xf9\x07\x10\x42\x1f\x5b\xc4\xf1\x09\xf7\xd4\x89\xc7\x55\xe9\x4e\xef\xdf\xb3\xc8\x5b\x90\xec\x01\x31\x81\xa2\x3b\xb9\x53\x5f\xee\xa4\x94\x1d\x0a\x06\xa5\x40\xbd\x6b\x58\x8e\x55\xb7\xf3\x57\x57\x14\x9c\xa3\xe6\x40\x96\x5e\x1a\x0f\xf7\xf3\xc8\x25\x92\x59\x95\x7f\xf5\xda\xb9\xfb\x87\x32\xea\xe7\x19\xb6\x24\xa4\x49\x28\x78\x17\x9b\x5a\x83\xab\xe5\x1c\xaf\x02\x08\x3d\x73\x7c\xeb\x4f\xcf\x04\x2f\x2e\x60\xba\x02\x97\xac\x72\xb8\x7f\xe3\xe1\x4b\xa5\xfb\xc5\x4b\x48\x09\x10\x73\x89\x68\x23\xbf\xa2\x89\xce\x8e\x16\x87\x3b\x48\x81\x2c\x32\xbf\xea\x5f\xf6\xbb\x22\x1d\x1e\xa5\x46\x3d\x32\x5b\xbe\x31\x1e\x7f\xd1\xe7\x83\xde\x65\x0b\x79\x52\xea\xe4\x61\xd6\x3b\xc7\x47\x05\x22\xaf\x5b\x77\x89\xf8\xfc\x2e\xb1\x92\xd2\xcf\x77\x6c\x5c\x24\xb4\x4e\x29\xcd\xb0\xcc\xcb\x1d\x90\x36\x14\x38\xe4\x95\x0f\xf3\x4d\xbc\xb3\xcb\x0e\x81\xcc\x45\xf8\xd0\xff\x57\x09\x49\xf7\x80\x84\xe1\x06\x0f\xf5\x59\x4a\xd5\x16\xf5\x0f\x1c\xb0\xa7\x65\xe1\xc0\xe0\x38\xd5\x94\x3b\x93\x6e\x4a\x8b\x49\x33\x54\xe7\x9a\xbc\x91\x7b\xb9\x27\x12\x66\xee\xba\x77\xa9\x3a\x65\x7f\x9a\xd8\x7b\x29\x1a\xc7\xea\x38\x6f\x5d\x4f\xcb\xc5\x82\xe7\x2d\x5c\x23\xd9\x2b\xa9\x44\xb0\x06\x4c\x20\xe3\xe2\xdc\xf5\x04\xbc\xc7\xc6\x96\x6c\x63\xf2\x08\x08\x43\x60\x0b\xa3\x13\xec\x27\xcb\xa9\x5e\x7e\xf3\x18\x16\x8c\x90\x67\xdc\xe8\x6c\x1e\xf0\xd5\xd9\xeb\x7a\x61\x58\x48\x9d\xf3\x2e\xd5\x8b\x69\x31\x03\x08\x18\xf0\x07\x05\xa0\xdc\x55\xd3\xdb\xf8\x00\x6a\x85\x46\x64\x1b\x18\x65\xd9\x19\xbc\x24\x22\x02\xcb\x3a\xe3\x00\xbf\x86\x53\xe3\xb3\x78\x94\xc3\xdc\x0e\x47\x7b\x9d\x7c\x41\xba\xf8\xd3\x88\x7c\x2e\xb5\x9b\x1e\x4d\x50\xbb\xb6\xf1\x79\x2a\x1c\x93\x67\xc6\x5c\xdb\x45\x0c\x2d\xfa\x21\x45\xe6\x11\xa9\x7a\xd8\x1c\xff\x1f\xd8\x3c\x6c\xf7\x23\x09\x47\xea\xff\x4c\x21\xdc\x1b\xaf\xb7\x1e\xc4\x1e\x5b\xc7\x2b\x37\x45\xec\x3e\x38\xbf\x59\x30\xc1\x26\xd0\x60\xf0\xc5\x0a\x89\x5f\x00\x9a\xa1\x8e\x87\xf2\x17\x4f\x58\xab\x53\x79\xa7\x21\xfd\x83\xaa\xd5\x51\x7f\xd9\x9d\xff\x14\x6e\xde\xea\x61\x52\x12\x35\xe2\xf1\xa1\x6e\xe5\x83\x03\xe0\x91\xbe\x8d\x57\x90\x94\xc1\xd8\xa2\x0b\xc7\x4a\x55\x0d\x77\xc0\x0d\x08\x75\x71\x51\x7a\x63\xcd\x41\x26\x93\x3a\x4f\x09\xa0\x70\xbf\x8e\xa4\xff\xb8\x46\xa9\x78\x0e\x97\x34\x04\x3b\xac\x4c\x0f\xf4\x7b\x1a\xfc\xcf\x52\x93\xac\x14\xbc\x73\xeb\xf6\x71\x29\x65\x7e\x4b\x8a\x8b\x33\xdd\xac\x7b\x0f\x4d\x71\x9d\x2d\xc6\x5d\xf6\xea\x0a\x3f\x24\xcf\x44\xc8\x33\x8e\xd6\x01\xa3\x93\x9c\xa3\x58\xfc\x4b\xe1\x3e\x8e\xde\x02\x75\x39\x71\x2c\xa2\x3e\x3f\xfb\xa7\x06\xe8\xfd\xd6\x2a\x07\x4e\xe0\xad\x74\x20\xf7\x80\x60\xcc\x96\xfb\x2a\xbf\x30\xe9\xea\xa2\x41\xc0\xf8\x7e\xbb\xe3\xec\x73\x51\x75\x96\xf7\xc3\xc5\xa8\x0c"},
+{{0xf6,0xae,0x51,0x6a,0x51,0x29,0x6f,0xc5,0x23,0xce,0xa5,0xf0,0x08,0xcf,0xbd,0x09,0xe7,0x3f,0x78,0xb6,0xfd,0xd3,0xb6,0x94,0x26,0x12,0x80,0x41,0xa5,0x60,0x4c,0xf9,},{0x37,0x6c,0x82,0xba,0x7b,0x87,0xaa,0x77,0x41,0x87,0x27,0xdb,0x33,0xd3,0x26,0xae,0x75,0x8b,0xf7,0xa1,0x35,0xc1,0x04,0x60,0xcd,0x8b,0xf8,0xfe,0xb8,0x3c,0x2b,0x10,},{0x0f,0xe4,0xdd,0x7e,0x1f,0x60,0x8e,0xe8,0x2b,0x7f,0xe8,0x63,0xd1,0xb0,0x3a,0x81,0x84,0x3c,0xe2,0x0c,0x76,0x2c,0xd8,0xbb,0x24,0xef,0xd4,0x6b,0xa0,0x25,0xff,0xf3,0x33,0x1d,0x87,0x57,0x52,0xca,0x72,0x20,0xc5,0x3d,0xd3,0xc7,0x1f,0x2b,0xc1,0xe2,0xc6,0x4a,0x2f,0x9c,0x58,0x86,0x5a,0x2a,0x24,0x48,0x09,0xf4,0x13,0x4e,0x53,0x07,},"\x83\x42\xf2\x5a\xc4\xb1\x7e\xba\xd6\xf7\x9b\x9a\x03\x31\x75\xc7\xf2\x8a\xf0\x9e\x65\x8e\x8c\xb9\x8c\x29\x4f\x15\xc3\xc8\x34\x26\x29\xcb\x2a\x32\x47\xdf\xc8\x75\xb8\x2f\x5b\x38\x0c\x5d\x11\x42\x6a\x2e\xeb\x62\x45\x0b\xd8\x85\x65\x01\x07\xc6\x83\x62\xa3\xb7\x2c\xe8\x23\xf2\xd1\x59\x42\xb7\xdd\xa3\x01\xd2\xfb\x63\x8f\x30\x2a\xa9\x57\x0b\x47\x91\x1d\xad\xd3\xbd\xdb\xfe\xd5\x54\xc1\xc8\x0b\xd7\x18\x07\x8b\x8b\xd2\xc9\xc3\x14\xa5\x16\x6f\x26\x5e\x82\x66\xee\x2d\xb3\x57\x56\x1a\x55\x85\xc4\x14\xa7\x84\x0b\xfa\xe6\x09\xd7\xcd\xdd\xe1\xfa\xde\x85\x56\x0f\x23\xd6\x38\xef\x3d\x52\xe5\x1f\x5c\xf3\x13\xa0\x72\xc5\xea\x0f\x81\x7f\x72\x81\xe2\xcb\xa5\xc5\xc8\xd2\x6c\x92\x85\x92\xb8\x1f\x0f\xf8\xcd\x18\xdb\x5a\x2c\x41\xd8\x80\xd7\x44\x73\x86\x3c\x7b\xbd\x00\x56\xfa\x4d\x4a\xfa\xbd\x17\xa3\xb8\x9d\x97\xd3\xfe\x5d\xc0\x6b\x0f\x61\x2a\x1d\x66\x42\x39\x23\xba\x8d\xfb\xb8\xec\x82\x46\x62\x4d\x83\x78\x4e\xba\x4f\x57\x36\xba\x38\x5e\x44\x22\x96\xc8\xcb\x0f\x1b\x68\xe0\x33\x42\xb2\xc6\xc1\x03\x34\x6f\x6d\xd7\x40\xe2\x6c\x3d\x13\xca\xef\x80\x1d\x1b\x26\x21\xd8\x9f\x06\x93\x91\xa0\x78\xd4\x3a\xe6\xff\x12\xee\xca\x66\xbc\x32\x63\x7b\x45\xf0\xac\x62\x7c\x2d\x7b\xbf\x8a\x49\xd9\x46\x81\x75\xe2\x68\x85\xe0\x28\x21\xd3\xa3\xba\xa2\xc3\xe3\xa6\xbb\x96\xb5\x75\x26\xe2\x24\xcf\x3d\x85\x9f\x66\x95\x73\xcb\xd5\xc8\x73\x93\x74\x61\x56\xf3\xd1\xc7\xa8\x03\x08\xdc\x1f\x24\x05\xbf\x0d\x40\xbe\x1c\xa7\x3b\x76\x7d\xed\xf4\x03\x13\x37\xc0\x81\xbf\xa3\xae\x6e\x54\xf6\x02\x3f\x42\xf0\xcb\xd8\x77\x62\xdb\x55\x91\x3c\x70\x72\x06\x03\x40\x10\xdf\x2a\xa8\x75\x3d\x03\x0f\x03\xc2\x67\xe7\x1a\x9d\xd2\xc6\xc1\x9d\xe3\xe1\x85\x1a\xbf\xac\xbb\xd5\xdd\x5b\xf8\x96\xfa\xb8\xe4\x15\x31\x7b\x49\xf1\xe4\x09\x6e\x3d\xa9\x9a\x5b\x5d\x0a\x3c\x42\xda\xf9\xde\x94\x84\x7c\x1e\x53\xc8\x81\x8a\x5b\x84\x33\x23\xf5\x01\xe3\xa7\xfa\x68\xdf\x89\xa5\xf4\x1f\x2c\x62\xc3\x8d\x17\xf2\x50\xb0\x2a\x67\xfa\xe4\x7d\xaf\x06\x3f\x55\x89\x42\x37\x7e\xf8\xa8\x90\x52\xf1\xa2\x15\xd7\x68\xf7\x91\x3a\x7e\xc1\x4e\x98\xb8\x1e\x4b\x2c\xcf\x26\xba\xca\xd6\xf3\x96\x64\xaf\xc0\xe9\x1a\x3c\xad\x69\x1d\xb2\xbf\x56\xa7\xab\x66\x77\xb4\x95\x96\xdb\x88\x7c\x97\xde\xf4\x35\x08\xa7\xa2\xec\x2a\xb7\x55\xec\x36\x8e\x2e\x53\xd1\xe1\x6b\x60\xff\xf0\x9c\x3b\x52\x26\x3f\x0f\x7c\x1e\xa9\xcc\x35\x37\x31\x97\xe9\x5c\x11\xe6\xd2\x2f\xa9\xd8\x29\x9c\x42\x37\x36\xf5\x81\x4f\x1e\x79\x8d\x22\x75\x18\x60\x0d\xf6\xa7\x90\x35\x8d\xea\xe3\x8d\x56\x39\xe1\x98\x3f\xe0\x18\x43\x6e\xa5\x8b\xa8\x46\x75\x48\xc9\x29\xef\xbb\x16\xdf\xea\x41\x02\x25\x3a\x35\x0f\xb8\x4d\x98\x31\xc4\xc2\xcb\xcb\x76\xe1\x8d\x7f\x3e\x95\x36\x41\xad\xa4\x14\x21\x39\x30\x91\xe6\x3d\xfe\x66\xde\x24\xc9\x92\x32\xc7\xd6\xa2\x83\x7a\x48\x98\x3c\xf5\xb1\x63\x31\xce\x00\x05\x0d\x1c\x71\x39\x58\xff\xce\x5f\x2e\x93\x48\xc5\x2f\x53\x12\x05\x79\xa7\xc9\xa1\x60\x08\xd1\x34\x83\x8e\x59\x61\x29\xc7\x02\xfc\xd2\x11\x48\xbd\xf9\x17\x4d\x48\xe2\xda\x0a\x8a\x66\x35\x9e\xde\xe0\x1c\x50\x09\xef\x67\x42\xfe\xc4\x1c\x1a\xce\xcd\x03\xef\xe1\xcc\xc9\xb1\x30\xd6\xe5\xac\x92\x57\x6a\x85\xcc\xb7\xcf\xc7\xd0\xe4\x23\x31\x06\x17\x29\x31\xa0\x86\x99\x79\x0b\xc4\x1a\xcf\xbb\x73\x1a\xdb\xb2\x6d\x56\xb3\x9a\xaa\x5b\x33\x3b\xc1\xa1\x0e\x2c\x70\x64\xca\x86\x11\x9d\x8c\x71\x71\x48\xf9\x24\x41\xaf\x24\xcd\x2a\xa8\xf5\x7c\x86\xba\x38\xa5\x9a\x10\x0b\x92\x76\xdf\x38\x27\xec\x7f\xb4\xd3\xfa\xf5\x8b\xe3\x1c\x6e\xca\xfd\x69\xcf\x1c\x64\x10\xa4\x9c\xd7\x08\x1f\xf6\xe9\xfc\x39\x7c\x2d\x20"},
+{{0x83,0xf7,0x89,0x90,0x0f,0x04,0x0d,0xc6,0x2f,0x4d,0x18,0x78,0x4c,0xb6,0x4b,0x63,0xc8,0x8e,0x8d,0x18,0x00,0x16,0x96,0xbb,0xeb,0x47,0x07,0xc4,0x69,0xd1,0x1a,0x5b,},{0xed,0xfc,0x2b,0xab,0x7e,0x79,0xf4,0x00,0x37,0xfe,0x4d,0x90,0x41,0xde,0x48,0xda,0x9a,0xee,0x8f,0x97,0x80,0x98,0xd7,0xb0,0xae,0x17,0x92,0x90,0x25,0xe4,0x27,0x3d,},{0xea,0x65,0x82,0xcc,0x23,0xe0,0x46,0x09,0x17,0xf7,0x82,0xd9,0x64,0xe3,0xbb,0x6d,0xcd,0xe0,0xae,0xea,0xc4,0x2c,0xc1,0x49,0x19,0xd3,0x6c,0xe7,0x8a,0xa0,0xaf,0xd9,0x80,0x72,0xf5,0x4c,0x79,0x5f,0xbf,0xd7,0xa4,0x1d,0x99,0xd7,0x06,0x06,0xc2,0x8a,0x5d,0xcf,0x19,0xbe,0x38,0xa0,0xce,0x2d,0x09,0xbb,0x8f,0x84,0x4c,0x31,0xbf,0x00,},"\x6c\x11\x2a\x20\xd3\x06\x57\xab\x5f\x8c\x5c\x04\x47\x8d\x6c\x42\xd1\xc6\xbd\xef\x38\xcd\x4f\xe0\x06\xac\x2a\x57\xe2\x90\xff\x29\x28\x78\x96\xee\xa8\xc3\x0a\x01\x39\xc1\x8f\xc8\xc9\x75\x64\x56\x3e\x86\xc8\xd3\x40\x56\xa6\x71\x9b\xfe\x47\x9d\x9e\x87\xe8\x1b\x19\x45\x23\x31\xbf\xa1\x54\x80\x68\x82\xe5\x03\x9a\x20\xc9\xe9\x54\xb1\xfc\x7c\x01\x5d\xcf\x58\x15\xbd\x7c\xf7\xb6\x35\x7d\xf9\x28\x0b\x9b\xd4\x3f\x89\xff\xc9\x19\x45\x32\x3b\x5a\xcb\x2a\xe0\x02\x54\xd4\x16\x28\x68\xd1\xc8\x3e\xc6\xe0\xfc\xbe\x7a\x8a\xb9\x25\x41\x92\x14\x9c\x6b\xc9\xe5\xfe\x35\x06\x94\x16\x5d\x66\x38\x33\x1e\xb2\x4e\x3b\x13\x90\xc6\x98\xc4\x83\x83\x78\xc0\x1b\x2c\x61\xa3\xeb\xe2\xc0\x60\xb9\x8b\xa6\xee\x02\xb5\x19\xb4\xea\xc1\xe0\xbc\xc0\x9b\x23\x24\xcc\xf5\xb1\xa7\xfe\x8f\xd0\xb1\x54\x5a\x94\x27\x83\x2a\xbb\x25\x74\x4e\xeb\x36\x32\x6b\xe6\x4e\xfe\xd3\xa7\xb0\x7d\x63\x0a\x21\xc3\x08\x1b\x55\x26\x1c\x35\x32\x87\xc6\x6c\x57\x66\x3a\x99\xdb\x46\x6a\x5d\xee\x22\x74\x6b\x81\xc7\x50\xef\x85\xbe\x51\x14\x3e\x22\x1e\xcd\xf1\x14\xfe\xf1\xb3\x08\x2f\xf5\x4f\xd0\x44\xbc\x88\x4b\xfb\x3c\xc5\xc5\x33\x59\x97\x00\x98\x67\xce\x94\x91\xa8\x0f\xe6\x96\x82\x5f\x99\x42\x6d\xef\xab\x6a\x49\xba\xdc\xde\x40\x3f\x58\xe8\x31\x79\x66\x21\x07\x47\xb5\x67\x75\x4d\xe5\x30\x76\xb3\xec\xbf\x65\x34\x6c\xb8\x39\x05\x83\x2e\x16\xd0\x1b\x50\xb9\x3d\x37\xeb\x9b\xfe\x20\x17\x2a\x31\x63\x0d\x25\xf3\x21\x7d\x87\xd9\x34\x65\xfd\x8a\xc5\x54\xcb\xbb\x39\xd9\x82\xea\xd7\x21\x93\x91\x23\x4c\x88\x9f\x0b\x92\xa2\xe0\x41\x3d\x86\x6c\xac\x08\x7d\x62\x8c\xe3\x1c\x61\xc6\x32\x3e\xcb\x8e\x68\x95\x55\xaf\x10\xde\x2b\x65\x6e\x6a\xea\x2c\xde\x93\x2e\x24\x1f\x6d\x1f\x8a\x9e\x33\x16\xcf\x13\xf1\x35\xac\xef\x83\xa0\xc0\xcf\x22\xf9\x5c\xa8\x18\xe6\x1f\x92\x76\x87\x74\xc6\x30\xe0\x92\x5b\xe9\x9d\xbd\x32\xb4\x99\xc0\xfe\x7d\x84\xa4\x2e\x39\x32\x87\xf6\xf5\xce\x3d\x0b\x27\x1f\x17\x00\x45\xa6\xd4\x8e\xab\x31\x6f\xe1\x7b\x18\x58\xb1\xff\xee\xe9\x08\x88\xf3\xa3\x7a\x24\x80\xdf\xd0\x4a\x4a\x86\x29\xf8\x68\xb5\xc0\xa8\x0e\xe1\xf0\x37\x19\xf3\xa4\x7d\x40\x95\xbe\xf1\x0e\x02\x34\xfc\x30\x0e\x2a\xf4\x82\x28\x5d\x78\x93\x79\x68\x31\x9d\xa9\x4b\xeb\x6c\x40\xe0\x78\x57\x7c\x02\x4f\x3a\x5c\xda\x00\x84\xe2\xf8\x55\xa9\x39\x6a\xaa\x9e\xe9\xbf\xaf\x2c\xc7\x71\xfe\x68\xc4\x0b\x62\x9e\x8d\xcf\x11\x5e\xf0\x3e\x75\x7a\x2a\xc9\xee\xf0\x73\xf1\xbd\xf9\xc5\xa4\x41\x00\x31\x55\x8a\x6d\x38\x2b\x5f\x16\x02\x4b\x15\x1b\x1c\x01\xee\x78\x17\x41\x3a\x3c\x4d\xe9\xdd\x64\x78\x78\x5b\x81\x10\x1d\xf5\x52\x24\x30\x05\x87\x80\x20\x7e\x79\x0f\x61\x2d\x78\xe5\x70\x5c\xee\xd4\x6b\x0e\xc0\x75\xe7\xc1\xdc\x07\x3b\x17\xb2\xb4\x3d\x72\x53\x59\x27\xbf\xd2\x71\xe9\x2e\x3c\x93\x63\x8e\x40\xa9\x60\x1d\xc2\xc1\xab\x76\xd9\x1a\x41\x03\xdf\x65\x7d\x91\x1c\x82\x9e\xe8\xa5\xf7\x47\xf7\x64\x2f\x5a\x91\x5a\x5f\x40\xf6\x30\xb4\x30\x39\xc7\xd4\xbd\x2a\xd2\xb3\x21\x29\xd9\x4e\x5b\x2f\x03\xad\x4a\x3d\x45\x57\x7e\xb8\x1f\x36\x9c\x9e\x3e\x2a\x4f\x6a\x8e\x41\xac\xf8\x28\x3b\xe5\x84\x25\xea\x99\x3b\x8e\x98\xee\xa6\x33\x05\x56\x64\x86\x18\xda\xd9\x8f\xa2\x55\x62\x0d\x83\x6d\x3c\x7f\x29\xb9\x07\x89\x58\x49\x28\x61\x67\xc7\x18\x1e\x2c\xaf\x55\xc2\xc1\x84\xa9\xa9\x11\xf8\xe4\x1c\xb0\x42\xe2\xcd\x48\xb0\x54\x4e\xa7\x9f\xe2\xef\x38\x1e\xbc\x5b\x15\xe3\x9a\x9b\x5c\x6d\x99\x8f\xae\xaa\xa7\x77\x3c\xfe\xc0\x84\xc0\xbf\xae\xd1\xbc\xab\x96\x3a\x4e\xf3\xd9\x4d\xbb\x3d\xfe\x72\x4c\x04\x0c\xe4\xd1\xe2\xee\x7f\xc2\xda\x4b\x25\x12\x7c\xe3\xa5\xdf\x69\x3f\xcf\x5a\x6e\xd1"},
+{{0x43,0xbf,0xf3,0xcd,0xd5,0x30,0x7e,0xd7,0xd2,0x5c,0xf9,0x6f,0xdb,0xba,0x64,0xab,0x18,0x11,0xc8,0xbb,0x93,0x4e,0x21,0x87,0xea,0x7f,0xfc,0x01,0x8d,0x85,0xe0,0xf2,},{0x00,0xf1,0xb5,0xd3,0xca,0xc6,0xe5,0x6c,0xa5,0xf8,0x94,0xd4,0xcd,0xbf,0x9b,0xeb,0xd9,0x68,0xd2,0x4d,0x5e,0xff,0xa5,0x05,0x8b,0x0e,0x20,0xbb,0x08,0x98,0xf6,0xf1,},{0xa6,0xb5,0x6b,0x76,0x86,0xdf,0x1d,0xc5,0xf4,0xed,0x54,0x4a,0x4d,0x97,0xe6,0x70,0x36,0x19,0x5a,0x32,0xb2,0x2e,0xcd,0x5d,0x31,0xea,0x17,0x30,0xe6,0xed,0x8f,0x81,0x0d,0x25,0x8b,0x44,0xc0,0x8e,0xa4,0x5f,0x03,0x2b,0x93,0x74,0x41,0xb7,0x2c,0xd0,0xdc,0x37,0x55,0x6f,0xd7,0x87,0x4e,0x9f,0xe6,0x4f,0x15,0x76,0x5c,0x52,0x10,0x03,},"\x64\x6f\x8b\x34\x18\x2d\x5e\x60\x2b\x51\xca\x73\x29\x34\x7c\x0e\x19\x8c\xb7\x47\xe4\xda\x0a\x6b\x80\xf3\xf6\xf9\xf3\x36\xf6\x70\x8d\x85\xcb\x42\x9a\xb2\xd6\xbe\xd3\x5d\x50\x13\x12\x9c\xd1\x00\x14\x2c\xdd\xce\xe8\x63\x51\x79\x02\x1b\x3e\x24\x92\x2b\x81\xae\xf1\x3c\x13\x70\x28\x69\x39\xd6\x3d\x6b\x6a\x41\x95\xed\xa1\xd8\x12\xca\x51\x82\x04\x76\x8f\x87\x34\x8c\x68\x89\x55\x2c\x63\xd1\x37\x2c\xde\x6a\x5e\x9d\xaa\x7f\x84\x45\xec\x8d\x61\x30\xa3\xf5\xae\xf0\xed\xea\xce\x01\x0b\x6c\x7f\x0b\x9d\x24\x16\x2a\x8d\x04\x45\x4b\x81\xd4\x8e\xa9\x09\x7b\xd8\xdf\x09\x34\x59\x71\x9c\xcb\x54\xaa\x10\xf5\x1c\x24\x6a\xa9\x9c\x58\x0b\xea\xf9\xc9\xc5\xbc\x60\xfa\xf0\xae\x5c\xec\x7f\x51\x37\xf6\xc5\xc1\x44\xdf\x45\xd1\x2e\xe9\x95\xad\xcc\xf2\x5a\x9d\xb8\x1b\x85\x58\xbd\xfb\x65\x83\x01\x86\xe7\xb9\xd4\xee\xd9\xf6\xb4\xd7\x32\xb1\xb5\x82\x2d\x03\xeb\x01\x7c\x07\x24\xf4\x8f\x87\xba\xaa\xe1\x04\x5d\x6f\xdb\x12\x5c\x91\x34\x06\x4f\xaf\x18\xdb\xed\x58\xd8\xfb\xac\xea\xcd\x4f\x09\x7d\xf9\xb3\x42\xe5\xc4\xa5\xbc\x85\xb2\x95\x97\xd4\xb6\x40\xf1\x55\x1c\x5b\x62\x4a\xb2\x1b\x48\xe9\x4a\x90\x30\x04\x9b\xe1\xf0\x5a\xa8\x51\xd0\x82\x7e\xaf\x87\x00\xdf\xe1\x47\xfd\xcd\xee\xdb\xc9\x8c\x4f\x15\x77\x4f\x01\x20\xfb\x59\x70\xa2\xf8\xb2\x17\x94\x34\x0b\x62\x83\x79\xa8\x02\xb9\xf7\xc0\x68\xb0\xdf\x63\x19\x3e\x51\x0f\xc7\xb2\xaf\x97\xee\x38\xde\x47\x92\x97\x85\x53\x55\x28\xd3\x50\xd8\x86\x20\x61\x0c\xfd\xb5\x5d\x24\x9e\x38\xfb\x73\xc8\x28\x71\x13\x91\x9c\xe3\x32\x67\xd7\xdb\x92\x4e\x49\x19\xa4\x4e\x6e\x29\xa9\x0d\xbe\x3b\x7b\x0d\x39\x21\x16\x3f\xeb\x5a\xc1\x05\x62\x4e\xd8\x52\xbe\xce\x35\x38\xe9\x91\x93\x30\x0c\x89\x33\x45\x69\x93\x50\xa8\xf9\x9e\x8c\x6a\x41\x09\x5f\xc9\xfc\x08\xda\x07\xf7\x57\x11\xf7\xdf\x03\x44\x06\xde\x14\xed\xd8\xe2\x2a\x63\x3a\x86\xe4\xa5\xa5\xc9\x75\xac\x5d\x34\x89\x1c\xcc\xfc\x85\x43\x77\x1f\xfa\x08\x0e\x0b\x45\xd6\x5a\xb8\x30\xa3\x61\xac\x4c\x42\x62\x94\xd3\x68\x5e\xa8\xc2\x60\x39\xc7\x1c\x90\xfc\x3f\xb5\x12\xbe\x9f\xc9\x48\x07\xd7\x6d\xbd\xaf\x8f\xfa\xa4\xfb\xf9\x84\x9d\x68\xe8\xa5\x7d\x30\xc4\xa0\xb9\x73\x5c\x23\xf0\x8e\xf2\xe2\x84\x45\x84\x67\xe1\x5d\x66\x53\x62\xcb\x64\x6f\xde\x69\x37\xec\xba\x53\x09\x12\x64\x63\x83\x57\xa7\x22\x42\x5b\xc6\x2d\x1e\x30\xec\x5f\x0d\xd8\xfe\xa2\x6b\x2e\xa4\xa8\x49\x00\x35\xde\x43\xf2\x74\x84\x6f\xb0\xcf\x02\x09\xec\x74\x37\xf3\xc3\xd0\xa5\x60\x37\x3d\x03\x4e\x5f\xd7\x9e\x25\xb6\x42\x4d\x9b\x2c\x17\x61\x63\x2b\x35\xa1\x21\x32\x52\x18\x27\x34\x5c\x55\xe4\xe7\x14\x2d\xd6\xfe\x94\xd6\x20\xfe\x51\x5c\x15\x3e\x83\x95\xb5\xd1\x30\xc7\x44\x13\x9b\x6a\x92\xef\xd3\x7f\x22\xba\x13\xfe\x4c\x09\x53\x73\x55\x0e\x2e\x4f\xcb\xa0\x32\x5b\x3e\xa3\xb9\xfe\x25\xcc\x7d\xd9\x2c\xbf\x42\xe1\x5f\x45\x54\xb7\x7a\xc2\x7a\x4a\x34\x63\x82\xff\x61\x00\x45\x15\x08\xd6\x02\xcf\x64\x3f\x60\xb6\xca\x42\x86\x35\x6f\x21\xa3\x11\x0d\x4e\x2c\x8a\x89\x62\xa7\x80\xfc\xff\x43\x9b\x3a\xa8\x04\x99\xdf\x27\x0f\xc3\xe6\xca\xd8\x89\x33\x48\x87\x2f\x0f\x70\x2f\x93\x90\x00\x0c\x7f\x6e\x06\x27\xd2\xbb\xb7\xb7\xce\xf5\xc4\xda\x25\xda\xdf\xea\x80\x32\xe5\x02\x32\x97\xa7\x0a\x65\x8e\x9a\xe7\x3b\xdd\xc3\xb2\x27\xa1\xc1\x17\x41\x13\x3f\x01\x2f\x0f\x48\xfe\x26\x44\x6f\xa6\x7e\x64\x72\x0f\xc8\xdc\x97\xf3\x0d\x0d\xd0\x26\xf6\xdc\x21\x64\xea\xd8\x57\x82\x4a\x0a\x7a\xeb\x20\xf1\x15\xd5\x0d\x1b\x65\xdd\x5d\x82\xe0\x9a\xbe\x83\x4e\x8c\xa8\x89\x57\xe3\x99\x84\x82\x49\x55\xa1\xa1\x3e\x3b\x94\xa0\x01\x57\x18\x6d\xcd\xc2\x89\xe3\x4b\x67\x8c\x91\xcb\x2a\x1a"},
+{{0x06,0x3b,0x90,0x25,0xe3,0x21,0xe9,0x72,0xd6,0x53,0xa0,0x62,0xbe,0x34,0xf9,0x93,0x65,0xaf,0xfd,0xcc,0x98,0xec,0x9f,0xf4,0x3e,0xf4,0x22,0xbe,0x0f,0x80,0x44,0x60,},{0x10,0xd0,0x1a,0x63,0x01,0x2a,0xc0,0x99,0x56,0xba,0x9e,0xd6,0x1d,0xf3,0x5b,0xb7,0xaf,0xe3,0x65,0x8b,0xb3,0x00,0x48,0x52,0xe4,0x71,0x74,0xbd,0x07,0xdd,0x4d,0xe7,},{0x85,0xc8,0x1d,0x6b,0x0d,0x85,0x78,0xfa,0x58,0xe1,0x3a,0xb3,0x91,0x00,0x15,0x28,0xb4,0x6a,0x1d,0x63,0xa0,0x32,0x7c,0x7a,0x4a,0x04,0x08,0x7f,0xc6,0x68,0x75,0x8a,0xa6,0x5c,0x01,0xd5,0xa1,0x50,0xf9,0x35,0x67,0x4e,0xf3,0x07,0x50,0x7e,0x6f,0x4c,0x91,0xe1,0xfc,0x35,0x00,0xb2,0x6f,0x64,0x9b,0xee,0xa8,0x7d,0x27,0x56,0x37,0x04,},"\xa7\xee\xd2\x96\x52\x84\x4e\xe0\x04\x9b\xaf\xb2\xcf\x63\x40\x29\x71\x02\x0d\x7e\x65\xc1\x0b\x91\xac\x57\x26\xee\xa8\x6f\x40\xdb\xc5\x3c\x3f\x0a\xbe\xde\xba\xf6\xcc\x44\x9b\x4f\xea\x48\xc0\x15\xfe\x4d\x90\x7b\x3e\x55\x05\xcf\xf5\x0a\x12\x18\x19\xa2\xe4\xa8\xa2\x96\xd5\x75\x10\x15\xbb\xcd\x7e\xf6\xfb\x7c\x27\x27\xbb\x00\x0b\xe1\x34\x2a\x7d\x14\xbc\xa9\x79\x04\xed\xfe\x8b\x18\xdd\xb6\x39\x33\x41\x83\x27\xa5\xaf\x81\x7e\x95\xba\xd7\x4e\xb7\x90\x20\x36\x15\xd0\x82\xe7\x14\x93\xea\xd4\x7c\xcc\x09\x01\xa2\xca\x9f\x50\x13\x3c\x44\xef\x85\x08\xd5\x1f\xb7\x3c\x61\x6f\x01\x47\x53\x22\x45\x82\x2d\xd1\x02\xb3\x37\xa1\xb2\xaa\xe2\xef\xc7\x2d\xca\x7a\x94\x19\xd5\x98\xa6\x47\x52\x33\xdc\x1a\x4e\xe0\xec\x6d\x05\xda\x12\xa2\xb2\x87\xcb\x77\xff\xaf\xdd\xe2\xd0\xac\xc2\x81\x99\x93\x3e\x66\x21\xee\xc1\x6a\xb4\x24\x51\x70\xcf\x02\xda\x80\xd4\x92\x26\x31\xa2\x32\x72\x91\x51\x65\xad\x88\x72\x27\x50\x03\x5d\x2a\x09\x77\xbc\x79\x1d\x14\xfb\x3d\x8c\xb0\x2b\xc7\x7f\x7c\x71\xbe\x52\x42\x62\x9a\x4c\x9a\x58\x8d\xfd\xde\x95\x78\x49\x4d\x8b\xaa\x4e\x68\xf5\x19\x4b\x80\x02\xc8\xe3\x78\xa0\xe8\x33\xb7\xc1\xa9\x69\x81\xc4\xfb\x05\xe4\x57\xff\x48\x26\x0b\x72\x49\x3c\xbc\xb8\x2a\xe1\x16\x73\xd1\x4c\xee\x85\x28\x8f\x63\x70\xbd\x4b\xca\x92\x51\xa7\xe2\x14\xc3\xeb\x79\xe7\xbb\x6f\xce\xbb\x16\xc9\xe0\x56\xf2\x9b\x62\x72\x74\x3e\xfa\x6f\xe8\xbf\xd2\x55\x97\xce\x86\x89\x8a\xb3\x05\x9e\xb0\x23\x1c\x73\xb5\x30\x59\x03\xfd\x13\x19\xbd\xf4\x9e\x59\x9d\x8b\xbc\xd7\x4a\x8b\x97\x67\x30\x8b\x61\x56\x3c\xcb\xac\xd3\x8f\xc5\x0c\x83\xab\x44\xca\x75\x9d\xc9\xb6\x5b\x2a\x4b\x54\x7c\x50\x97\xf2\x20\xc1\xc8\x8b\x2b\x0a\x48\xf6\x5f\x91\xfe\x78\xb1\x50\x12\x78\xe1\xe3\x04\xde\x58\xb4\xc8\x2a\x5c\x39\x99\x81\x09\x8a\x17\x84\xeb\x90\x42\x50\x18\x59\xf2\xa9\x3f\x31\x7e\x41\x77\x2f\xd5\x2f\x97\x2e\x51\xb0\x7e\xd9\x4d\x31\x4e\x1d\x1a\xf4\xed\x82\x90\x9a\x0b\xef\x67\x1f\x54\xb5\x5d\xb7\xb7\x0d\xa1\xf7\x18\xc8\xe6\x48\xae\xdd\x6d\xa6\x4b\x05\x77\x05\x26\xf1\x2b\xc4\x3f\x68\xb9\x55\x48\xda\xc5\x08\x09\xa6\x87\xdb\x97\xd7\x3f\x06\xf4\x7e\xd0\x88\x31\xb6\x0a\x28\xe9\x82\x92\x06\x32\x05\x8f\x0e\x6c\x90\xc0\x18\x7f\xf4\x45\x64\xf8\x1e\xfd\x8f\xd9\x3e\x32\x7b\xc6\xd8\x0b\x49\x0e\x08\x8b\x9a\x10\x03\x6c\x80\xdc\xda\xd4\x9d\x2b\xe0\x74\xfb\xba\x31\xe0\x6f\x71\x80\xe5\xad\x1c\x88\x23\xd6\x09\x66\xa9\xce\x15\x50\x3c\xe6\x0d\xd4\x0e\x91\xee\xf2\x35\x9d\x83\xd7\x0d\x98\x40\x1d\xde\x7b\xe3\xc6\xb0\x7e\x57\xd4\xe4\x7d\x04\x21\x76\x33\xd8\xe2\x63\xca\x34\x8f\x81\xfb\xe9\xa4\xa6\x2f\x45\xd7\x7c\x84\x3b\x6b\x1a\xd2\x84\x66\xd9\xda\xfb\x1b\x91\x0b\x34\x8e\xd8\x7c\x68\x6c\xab\x29\x2d\x48\x0c\x19\x1d\x18\x7b\x40\x4a\x9b\x1d\x13\x2b\xa4\xe2\x93\xd3\xad\xa9\x91\x72\xac\xc1\x21\xfe\x66\xb8\x45\xb9\x8b\x16\x0c\x58\x23\xf6\x01\xc7\x75\x8f\xb2\x6c\xae\xe8\x57\x01\x59\x5b\x2d\x52\xca\xa2\xf5\x68\x8a\xa2\xbf\x2f\x6c\x4b\xb6\x37\xf8\xe0\x0f\x49\xab\x6c\x26\xbc\x6a\xd8\x9e\x13\x67\xfd\x28\xe4\x91\x7d\x25\x08\x93\xa7\xb3\x2d\x39\x66\x0b\xde\x8d\xb4\x9f\x08\x6f\xb7\x39\xe5\x60\x12\xc3\x6b\xea\x0b\x26\xcf\x6d\x93\x57\x94\x0b\x00\xd5\xa4\x52\x8f\x90\x59\xaa\xf0\x86\x69\xe5\xf4\x6c\x99\x5e\x60\xf8\x87\xb5\xc4\xab\x88\xac\x74\x42\xed\x01\xa1\x4c\x6a\x42\x00\x6b\xaf\x1f\x34\x3f\xef\xe3\xe4\xac\xa8\x43\xa3\x24\xe1\x76\xb2\xfe\x7e\xc7\x88\x3d\x1c\xbd\x06\x8b\xc2\xfc\x96\x2f\xfa\x60\x24\x4f\x65\x4c\x77\xac\x56\x50\x81\x7d\xc0\x84\x46\x55\x45\xa9\x23\x0a\x74\x82\x6b\x0c\x50\xeb\x85\x25\x2a\x88\x6f\xf2\xb1\xaf\xea\xf8"},
+{{0x88,0x3c,0xc1,0x38,0x17,0x57,0xb0,0xfe,0x04,0x55,0xb7,0x7b,0xc9,0xcd,0x0d,0xd4,0x64,0xd2,0xb4,0xbf,0x0c,0x7a,0x3c,0x0c,0x2d,0xc7,0x75,0xfb,0x78,0xaa,0x37,0x32,},{0x83,0xa8,0xb6,0x69,0xcc,0xd0,0x12,0x45,0xce,0x3b,0x81,0x8d,0xcb,0x1b,0x58,0x8f,0x86,0x53,0x58,0x50,0xe6,0xc7,0x10,0xc7,0x92,0x17,0xfe,0x43,0x98,0x24,0xf3,0xfa,},{0xc7,0xcf,0xd5,0xc9,0xfe,0x93,0x0d,0x15,0xa1,0x1e,0xbb,0x34,0xe3,0x43,0x1f,0x48,0x9d,0xa0,0x10,0xeb,0x19,0x3e,0xdb,0xfa,0x6f,0x23,0xd5,0xd1,0x4d,0xd8,0xfe,0xab,0xd7,0x88,0x0d,0x2d,0x5a,0x56,0x00,0xd3,0x85,0x46,0xce,0x3b,0xc6,0x4a,0x86,0x29,0x1a,0x1c,0xe3,0x1f,0x27,0x2f,0xf0,0x20,0xdf,0x8c,0xb6,0xa0,0xfd,0x4d,0x3a,0x0d,},"\xff\xec\x29\x3d\x12\xea\x63\x6c\xa4\xc4\xa0\xa5\xe2\xdb\x15\x34\x26\x39\xc4\x76\x67\x4d\x2e\xbd\xab\x4a\xef\xd4\x04\x6b\x5d\xdb\x56\xae\xb2\x10\xc1\x19\xaf\xdf\xb8\xa8\x91\x28\xa3\x4f\x6d\x77\xf2\x61\xed\xea\x07\x72\xa2\xf8\xdb\x14\x0a\x26\x40\xfd\x8e\xca\xdb\x0b\x47\x92\x16\x9b\x6b\x28\x10\xae\xe2\xc5\xcd\x83\x52\x88\xbf\xf4\x93\xbc\xeb\xee\xea\x28\xa7\xa2\x48\xc3\x61\x16\x54\x0f\xa7\x17\x36\xd6\x6b\x0a\x47\x5b\x5f\xa9\x2c\x0d\x46\x00\x2f\xca\x7a\x1e\x69\xd1\xb5\x9e\x81\xa3\xa6\xd4\xf3\x39\x76\x9d\xae\xb2\x0b\x5f\x9d\x75\xc4\xc2\x8f\x69\x21\x32\xd2\x8d\x3c\x56\x4c\x09\xfe\x3d\xcc\xa0\x35\x9c\x3c\x63\xec\x37\x7a\x33\xf9\xee\x87\x4d\x8a\x78\x9d\x77\xc9\x6a\xc0\x5f\xdf\x3a\xb3\x8b\x2c\x82\x74\xa9\x02\xef\x8b\xb7\xf4\x67\xfc\x7e\x07\x3c\x77\xb1\xdb\x5f\xc8\xef\x96\x6c\x12\x0c\x4d\xae\x3f\xb7\xf5\xb7\x4a\xbb\x99\x01\x66\xc8\x12\xa5\x25\xd1\x23\xf7\x6e\xd5\x12\x12\x50\x80\xa1\x53\x4f\x3d\x8b\xdc\xcc\x54\x1f\xc9\x75\x90\x28\x75\x46\x09\x6f\xc8\x80\xbf\xcf\xdd\x00\xe6\x5c\x0e\xbf\x4a\x09\xfd\x64\x76\xce\x1b\x7c\x8f\xaa\xa5\xa1\xcc\x27\x86\x71\x9a\x30\xd8\x25\x58\x11\x18\x47\x52\xa8\x8b\x08\xac\x9f\x0f\xf1\xd6\x26\x2f\x25\x86\x94\x0a\xfe\x1f\xe4\x5e\x0b\x56\x34\x48\xa5\x5f\x30\x30\xe4\xc3\x9c\x1f\x3f\x86\xa7\x33\x67\x03\x80\xea\xb0\x88\xe3\x93\xde\x09\xd1\xf5\x08\xd2\xfb\xca\xfc\x64\x9a\xea\xe6\xb8\xc3\x0e\x32\x9e\xc3\xfd\x28\x29\xbe\x6d\xb0\xab\x8e\x63\x7e\xa1\x09\x5b\xdc\x3d\xf3\xac\xc2\x3d\x3c\xf7\x05\xa9\x54\x2c\x19\xe5\x90\x92\xec\x41\x3a\x4e\x2b\xd5\xde\xd2\x8c\xd3\x4d\xdb\x3d\x32\x94\x9a\xa4\x87\xf1\xc3\x37\xd6\x97\x9c\xf5\x12\x62\x2d\xbf\xb7\xda\x1c\xbb\x1c\x7e\x5a\xbe\xea\x70\x09\xe2\x94\x3f\xfb\xa2\x25\x2e\x1d\x86\xec\xa9\xd6\xd5\xc2\x46\xcd\x2e\x13\x4a\x3e\x5d\xad\x37\xef\xef\x71\xce\x39\x7a\xda\xfb\xd9\xe7\x2b\x3f\x9a\x86\xff\x0f\x5d\x81\x2c\x46\x22\x5b\xeb\xd0\x70\x3b\xc5\xcc\xe9\xc6\x45\x82\x00\x8f\x7e\x55\x8c\x40\xa3\xb3\x52\x20\x96\xd1\xaa\x2b\x61\xbc\x90\xcd\x88\xc6\x28\x5d\x94\x20\x87\xd8\xa4\x66\x5a\x0e\x64\xd3\x57\x2f\x74\x68\x9b\x4f\x24\xef\x40\x0d\x74\x1b\x57\x14\x06\x13\x47\x14\x44\xde\xcc\x65\x4a\xf0\xff\xb2\xed\xfd\xf9\xfd\xd0\x75\x09\x81\x90\xb3\x4c\xde\x28\xdd\x16\x68\x72\xc6\x08\x65\x67\xa6\x87\x61\xce\xf2\x5d\xa4\x0b\xd4\xc3\xd3\x4f\xdd\xd7\x2e\xe5\x65\xb0\xb9\x37\x67\x8e\xe8\x43\x49\xd1\x16\x0f\x5f\x07\x05\xf8\x95\xd0\xf1\x41\xce\x8f\x51\xa1\xe4\xfd\x2d\xc4\x70\x4b\x52\x7a\x40\x25\xa9\x39\xcb\x2b\xb7\x88\x57\xeb\x18\xd7\x88\x72\xed\xc9\xee\x70\xe6\x0b\x2a\x42\x70\x0a\x19\x8f\x4f\xff\x6c\x31\x92\x51\x68\xbe\x07\x7d\xc2\x3c\x32\x2a\xbb\xca\x97\x36\x1f\xec\xaa\x3f\xcb\x19\x6e\x65\x6c\x12\x8f\x39\x82\xfe\x11\xe5\x51\xa4\xa0\x88\x5d\xa6\x0d\x39\x7d\x0e\x40\xd0\xd8\x97\x26\x2f\x1b\x4b\x67\x2f\x78\xa2\xd2\xad\xfc\xdd\x6e\x15\x25\xc2\x6e\x71\x95\xfb\x9a\xc6\x06\xbb\x1b\xa4\xa9\x89\x08\x03\xb4\xbd\x84\x34\x6a\xe8\xd8\xc7\x19\x6c\x90\xae\xcc\xb2\x96\xa4\xc3\xeb\x4e\xfa\xcb\xfc\xb6\x2e\x38\x3b\x8a\x49\x4a\xc7\x23\x56\x2d\x0d\x8c\x37\x91\x87\xa9\x2e\x3b\xda\x6b\x15\x69\x47\x6a\xed\x21\xae\xd7\xa0\x56\xb4\xa5\x82\x67\x44\x01\x7c\xc0\x06\x0b\x4d\x55\xfa\x87\x72\xb5\xb1\xc1\x5f\x57\x48\xad\x72\x98\x00\x5a\xec\xbc\xbd\x90\xa3\xe5\xc6\x15\x9a\x86\x74\xab\xbb\xa3\x79\x14\x41\x50\x02\xb5\xa6\xef\x5d\xf3\xc6\x49\x42\x6e\xa1\x27\x5a\x01\xd8\x0a\xdf\x49\x0a\xc5\x46\x06\x2d\x93\x99\x9a\x6d\xcc\xac\xb9\x6a\x09\x04\xad\x33\xd9\x05\x76\xdc\x6a\x21\xb6\x72\xe8\xff\xb0\x66\x13\xfb\x3f\x14\xe6\xcb\xdd\xe8\x8c\x24\x37\xc9"},
+{{0x5e,0x40,0xa7,0xaa,0xbb,0xb0,0x83,0x0a,0x9a,0xb0,0xfd,0x79,0x69,0x0e,0xe0,0x43,0x39,0x01,0xc6,0xcb,0x06,0x76,0xab,0xe4,0xbb,0xa0,0x6f,0x5b,0xbe,0x58,0xfa,0xc2,},{0x4d,0x4f,0x28,0xfe,0x09,0xc4,0xaa,0xbf,0xca,0x01,0xef,0x6e,0xe7,0xfd,0x63,0x72,0xfb,0x62,0xdb,0x61,0xaa,0xee,0x82,0x7c,0x43,0xfd,0x1a,0x6d,0x1c,0x25,0x90,0x32,},{0x59,0x76,0x72,0xab,0x8d,0x3a,0x60,0xde,0x54,0x56,0xfc,0xc9,0xc3,0x82,0x53,0xf5,0xf3,0x7b,0x80,0xe7,0x4a,0x00,0x7c,0x9f,0x6d,0xb9,0x09,0xd2,0x7d,0x0e,0xad,0x16,0x27,0x89,0x24,0x49,0x94,0xf3,0x5b,0x80,0xd6,0x1b,0xe1,0x99,0xc4,0x17,0xc7,0xea,0x90,0x1b,0x98,0xcc,0x63,0xfe,0x3c,0x50,0xfc,0x3c,0x63,0x38,0x49,0x0f,0xa2,0x06,},"\xfd\x4e\xc8\xb3\x4f\xc6\xb7\x43\x81\x3f\x59\xe2\xfd\x1f\xef\xa8\x70\xf5\xa9\x70\xe2\xeb\x75\x16\xef\x7c\x30\x6f\x4b\x82\x3f\xfe\xe9\x2d\x60\x1f\x76\x5d\x79\xca\x14\x6a\xba\x8b\xc6\xe7\x98\x44\x55\x99\x35\xcd\xdc\x24\x26\x49\xc0\x59\xec\xf2\xdb\x84\xfd\xc2\x19\x36\x66\x88\xa8\x8f\xc2\x5b\x85\x1c\x36\x61\xe5\x19\x88\xc2\xbf\x73\xbb\x8e\x3d\xc1\x6d\x22\x41\x5a\xb1\xa7\xb3\x55\x79\xda\xac\x73\x25\xe3\x19\x15\x7d\x7d\xa5\xfe\xe8\x7c\x93\xa4\xdf\xcb\xaf\xc9\x2f\xba\x7e\x17\xcc\x68\xe3\x90\x37\x33\xc6\xc8\x01\x57\x2d\x90\x73\x20\xb2\xfe\xb5\x17\x10\xe8\x56\xa1\xf7\x6f\x85\xa7\xee\x1a\x11\xe6\x2d\x2e\x45\xa3\x52\x93\x8d\xd8\xcf\xc2\xbc\xcb\x90\x2d\xea\x44\x4f\xaa\xae\x6d\x84\xc5\xf3\x91\xe1\x0a\xef\x76\x92\x8a\x45\x15\x3d\xb6\xcd\x25\xa2\xbf\x35\x3d\x80\xd9\x7b\xf4\xb3\x80\x86\x05\xe8\x98\x00\xd2\x98\x40\xea\x60\x97\x8d\x9e\xc9\xb2\xc3\x02\x74\x98\x88\xf9\xde\xbc\x84\xdd\x1e\x2a\x79\xaa\x0b\x6b\xa0\x2a\x03\x91\x93\x08\x1b\xdb\xff\x05\x99\xa1\x4d\x91\x8c\x0c\x8d\xea\xc4\xf6\x0b\x6e\x99\x47\x4a\xb5\x30\x11\x74\x10\x34\xfe\x2a\x20\xcf\xf4\xe0\xf0\x23\x42\x4c\x8e\x57\x97\x76\x8a\xd5\x3d\xf6\xd0\x1a\x24\x01\x1f\xa9\x0f\x0b\xb1\xd5\x06\x9c\xdb\x36\xb4\x50\xf4\x33\x11\x0c\x2c\x56\xf3\x4a\x1d\xe4\x26\x09\x14\xcd\x46\x96\xb1\x4a\x09\xc0\x26\x8b\x2a\xe2\xe9\x8e\x6b\x4e\x99\x2b\x91\x25\xf8\x78\xf1\xac\x09\x82\x31\x70\x62\x83\x88\xf0\xf6\xe2\x56\x25\x9c\xa7\x86\xbb\xe1\x44\x88\x4c\xb2\x98\xcc\x04\x3d\x02\xf5\xc3\xdc\x68\x4f\x78\x7f\xaf\x16\xc1\x0f\xdd\x84\x37\xa8\xc3\x09\x74\x63\xbd\xb9\x9b\x78\x03\x0f\x94\x74\xfc\x5c\x99\x51\xdc\x75\x26\x49\x05\x86\xfe\x1c\x2d\xb0\x54\x11\x34\x14\x60\x23\x9d\x5e\x8b\xc5\x30\x65\x90\x2b\x95\xfb\xa2\x82\xc2\x76\x65\xe8\x69\xa1\x9d\xae\x84\x60\x6d\x17\x26\x67\x51\x55\xd3\x80\x39\xb9\xe5\x5d\xb4\xd5\xce\xec\x95\xcd\x6d\x87\xf8\x5e\x99\xdd\xe5\x4a\x04\x76\x1e\x6e\xad\xa6\x61\x9d\xa8\x95\xb6\x54\xfe\x38\x45\xe8\xa6\x0f\x3a\x3b\x32\x48\x3d\x6d\x27\x97\x8a\xf5\x45\x02\xb2\x20\xe4\x78\xdb\x78\xcf\xf7\x7a\x9c\x97\xfb\x79\xfb\x5a\xcf\x56\x28\x9f\x38\x1a\xcb\x10\xde\x64\xc3\xf2\x38\x42\xb1\x2b\xf5\xf1\xb2\x83\xbd\x25\xd4\x8d\x09\x12\x8f\xb5\x5d\xda\xe2\x55\xbe\xb7\xc6\x6a\x74\xcf\x6f\x06\x95\xa4\xf8\x28\xcb\x29\xe4\xaf\xdb\xb3\xb4\x2a\x23\x5d\x4f\xdb\x66\xb9\x63\xac\x8f\x68\xe8\x2b\x00\xa1\xc4\x50\x08\x63\x29\x62\x47\x17\x8c\xfd\xef\x80\x3b\xb7\xb1\x14\xf0\xc0\x32\x76\xf6\x71\x66\x9a\x08\x7d\x92\x28\xa3\x7a\xe7\xb9\x9b\x06\x15\x49\xc1\xcf\x8e\xc1\x72\x46\xea\x1e\xe0\x3d\xbc\x88\xbf\x42\x64\x16\xd5\x86\x57\x2f\xf1\x0a\x31\x45\x60\x6f\x27\x84\xe4\x35\x7b\xe4\xed\xee\xc6\xc3\xa7\xbf\x11\xbb\x5b\x0e\x90\xcf\x50\xed\xaf\x89\x1e\x51\xd2\x63\x57\xbf\xc8\x53\xce\x23\xb2\x99\x15\x5c\x82\xc1\x03\x1d\xfa\x64\x07\x4d\x72\xa0\x9d\x29\x72\x0e\xad\x6e\xbb\xbf\x75\xd5\x73\x8e\x32\xcd\xa6\xb6\x46\x6a\x8d\xef\x6b\x50\xa1\xed\x9b\x86\x5a\x9a\x88\xa0\x80\x18\xac\xb5\x01\xa4\xde\x9d\xb5\x4d\x05\x22\xce\x9c\xec\x7a\x06\xbd\x9a\x5f\x86\xb0\xb4\x6c\x07\xbf\x3e\x7f\x5a\x42\x6f\xf6\xb4\xbb\xe1\xe0\x03\x13\xa5\xac\x27\x19\xa9\x59\xed\x44\xee\x0a\x44\xbd\x97\xda\x6d\xb2\xcb\x97\x1b\xd6\x83\x34\x90\x89\x49\xed\x85\x0f\xbf\x73\xd0\xe0\x20\x49\xda\x18\x1c\xce\x9c\x2d\x9c\xa1\xb6\x24\xc8\xd8\x7c\xf9\x04\xeb\x82\x1d\xc7\x95\x92\x95\xda\x57\x77\x92\x06\x60\xb4\x3c\xcc\x25\xcd\x38\x9f\x15\x7f\x67\xfa\x03\x90\xfe\xac\x97\xa7\x52\xc1\xac\x20\x4c\x21\xdf\x56\xbb\x0f\x4f\xc0\x16\x41\xb4\x80\xaf\x2b\x89\xb5\xd1\x6d\x4a\x0b\xcb\x0a\x50\xb8\x2b\x0e\x04\x84"},
+{{0x3a,0x34,0x13,0x6a,0x97,0x34,0x80,0xd9,0x70,0x06,0xdc,0x27,0x93,0x58,0xe6,0x60,0x62,0x93,0xd8,0xcb,0xc1,0xa4,0x4e,0xe5,0x52,0x33,0xaf,0x2b,0x52,0x64,0xb9,0x0c,},{0xe5,0xef,0xfd,0x92,0x1b,0xe8,0xee,0xc5,0x30,0x75,0x2f,0xcc,0xc5,0x76,0xef,0x0d,0x9b,0xcd,0xe4,0xb3,0x2c,0xc6,0x49,0xd3,0xf7,0x95,0x47,0x17,0x56,0x28,0x60,0xcc,},{0x42,0x5f,0x27,0x22,0x12,0x83,0x57,0x55,0xad,0xcc,0x05,0x22,0xc6,0xf6,0xe0,0x5f,0x68,0x00,0x8a,0x3b,0xe9,0xba,0x59,0x74,0xe4,0x20,0xc4,0xc5,0xcb,0x56,0xe6,0xc5,0x5d,0xec,0x0d,0xe3,0x47,0xb1,0x6c,0xae,0xf8,0xbd,0x33,0xb7,0x1b,0x44,0xc8,0x35,0x7d,0x05,0xb6,0x32,0x1d,0x7b,0xf4,0x93,0xd2,0x58,0x61,0xdb,0x48,0x7b,0xd6,0x03,},"\x98\x1c\x8e\x10\x90\xe3\x96\x95\x1b\x07\x2e\xf8\x49\x70\x62\x02\x08\x97\xbf\x7d\xd7\xad\x50\x5b\x4d\x6d\xc1\x1b\x3e\x1d\xbc\xb0\xda\x24\x99\x84\xa1\x40\xe1\x64\xfc\x2e\x02\xb3\x1d\xa3\x98\x46\x55\x4a\xa8\x90\x5b\xc8\xb3\xdf\x8a\x76\xbf\x60\xeb\x5f\xfc\xf2\x2c\x97\xb6\x71\x22\x7d\x24\x90\x71\xda\x8f\xf6\xbb\xa7\x5b\x2f\x76\x68\xce\xc1\x9a\x89\xe6\x47\x5a\x12\x46\x3d\xab\xf3\x68\xb3\xca\x24\x45\xbb\x30\x35\xcc\x00\xfa\xe8\x5b\x70\x72\xfb\xcf\x59\x54\x01\x75\x5b\x80\x51\xe6\x09\x70\x65\xae\x42\x9f\x18\xee\xb1\x3f\xfa\x6d\xde\x59\xdf\x6f\x3c\x20\x6b\xfd\x9c\xe1\xf8\xa8\x00\xc8\x59\x0a\x40\x21\xd1\x60\xf6\x6d\x67\x40\xa3\x69\xae\x83\x56\x17\x53\x8b\x58\x90\x23\x1f\x13\xc5\x66\x7b\xaf\x51\x0a\x60\x6b\xda\xa8\x4b\x8d\x10\xee\x60\x15\xe1\x2a\x4c\x1e\xc0\xbd\x04\x21\xa2\x94\xc5\x1c\xf6\x3b\x5d\x1f\x05\x8e\x11\x53\xdc\x42\x5d\x10\xce\xe8\xb1\xb0\x84\xd6\xc2\x93\x47\xe9\x6f\x0f\x31\xb8\x39\x60\x7d\x07\x8b\x79\xa9\x0c\xa3\xd1\xf0\x63\x80\x7a\x46\x3b\x7c\x32\xf4\x5a\x53\x44\x98\xd7\x1d\x47\xed\xc3\xb1\x7a\x4d\xff\x27\xfe\xdc\xff\xab\x30\x1f\x34\xf1\xa6\x4c\x02\x78\xa5\x35\x89\x34\x9a\x23\x3a\xf3\x0b\x1e\xc1\xae\x41\x0f\x7b\x16\x30\xc7\x14\x5c\xa4\x2c\x96\x63\xf5\x12\xe8\xa5\x78\x26\x7d\xc9\x5e\x83\x28\x9c\x17\x03\x2e\x09\x78\x2e\x2f\xe8\xe1\x6e\xfb\x87\xf0\x3c\xa0\x3b\x11\x95\x61\x4f\x89\x96\x1c\xa3\x93\x9d\x3b\xdf\x73\x72\x21\xa2\x2d\x7a\x18\xec\x30\xfc\x12\x6d\x0c\xa6\x63\xe8\x8d\x60\x60\xd0\x4c\x6a\x44\xe5\x61\x6e\x55\x6e\x07\xd6\xd4\xa8\x47\xf1\x71\x1c\xf4\x37\x17\x81\x0c\x70\xaa\x4b\xe7\x30\x27\x8b\x3b\xd6\x55\x5c\x95\x4d\xc6\xed\xb0\x9d\xb0\x8f\x0e\x21\x18\x03\x59\x62\x80\xf3\xc7\x86\x8d\x23\x42\xcc\x23\x08\xea\xae\x4d\xa1\x91\x35\x14\x66\x4b\x1d\xb9\x62\xe9\x9c\x8a\x8c\xff\xe5\x79\x31\xf5\xdf\xcd\xdb\xc1\xcb\xb3\x6c\xe1\xc8\x42\xe2\xdd\xde\xad\xfd\x7e\x7d\x0a\x50\x48\xcd\xcb\x96\x1b\x14\xf3\x5f\x43\x5e\x73\xa6\x83\xc8\xce\x25\xc8\x16\x81\x25\x66\xfd\xf8\x17\xe0\xd3\x36\xae\x0b\xd2\x47\x32\x85\x12\xb2\xa8\x56\x76\x32\xbf\x20\x55\x3d\x9b\xd6\xfe\x15\x7f\x22\x0f\xfb\x0b\x46\xeb\xae\x89\xa7\x04\x59\x72\x8a\x57\xee\xd1\x79\x62\x56\xf1\xbd\x50\xb6\xd5\x47\xea\x3e\x25\xfa\x59\x13\xd3\x89\xa2\x25\x83\xe9\x15\xeb\x49\xde\x35\xa9\x7b\x5a\xcc\x52\x1d\xb0\xd0\x05\xc2\x95\x75\xe1\x66\x11\xa7\x55\xf2\x1a\x3a\x5a\x82\xa2\x0a\xa9\x00\xa7\x07\xce\x36\x82\x54\x92\xc3\xca\x15\x39\x5f\x17\x00\xb4\xaf\xab\x94\xda\xa7\xa0\x2f\x14\x53\xb1\xf9\xa6\xbd\x36\xef\xb2\x04\xd9\x28\xee\x1f\x4d\xcc\x86\x0f\x3a\x85\x9b\xad\xc0\x06\xfb\x30\x5f\xa1\x23\xd4\xc7\x9b\x23\xa2\x0e\x32\x29\x5d\x04\x0a\x7f\x8f\x6c\xac\xa2\x5d\x83\xf7\x1c\x62\xe3\xaf\x78\x36\xef\x76\xb9\x3a\x83\xd3\xc3\xb4\x93\xaf\x14\x17\x53\xda\x19\xe4\xcd\xcb\xa5\x66\x17\x27\x10\x34\xb4\xf4\xf3\x94\xc7\xc6\xb7\xd7\x96\x66\xf3\xaf\xb6\x92\x24\x4f\x06\x1c\x69\xa8\x88\x1d\x1b\x52\xb8\x84\x9f\xb5\x34\x99\x0a\xc2\x39\x19\x09\x47\x1e\xbb\xb7\x28\xe2\x9c\xd2\x0f\x42\x23\x54\xc4\x30\x97\x17\xeb\xff\x3e\xfd\x18\x33\x37\x08\x06\xd5\xbf\xb5\x3c\xa2\xda\x31\x6d\xac\xb5\x0a\xb7\xfb\x73\x96\x73\x23\x5a\x1d\xc5\x3a\xa8\x89\x30\x72\xd5\xb9\x1c\x9f\x6d\xb8\x3f\xc4\xea\x41\xd1\xee\xf4\x9a\xc2\x8a\xfc\x1c\xed\x8f\x36\x18\x90\xab\x9f\x77\x9d\x19\x30\x82\x83\x1c\xb8\xc4\x2f\xb2\x79\x2b\xee\x3b\x26\x29\x6b\x62\x95\xeb\x78\xa8\xd8\x53\x11\x76\x61\x62\x4e\x11\xf7\xf5\x7a\xfd\x60\x85\xa7\xb9\x12\x36\x79\xfd\xac\xa1\xcf\x2a\x78\xd3\x80\xbc\x4c\x36\x0a\xa7\xc3\xcb\xfd\xe0\xc0\x09\x1f\xe5\x3e\x22\x19\xc0\x70\xf2\xf0\x2f\x14\x83"},
+{{0xcf,0x33,0xe7,0x97,0x4d,0x8f,0x0b,0xf8,0x99,0xac,0x5b,0x83,0x4c,0x7c,0xf9,0x64,0x79,0xce,0x1c,0xfd,0x45,0x3a,0xf0,0x7f,0x97,0x05,0x27,0xf3,0x6a,0xa8,0x5c,0x1f,},{0x57,0x8f,0x60,0x33,0x8b,0x1f,0x04,0x1a,0x97,0xd3,0x19,0xfe,0xcf,0xa3,0x0c,0xfa,0xed,0x36,0x93,0x03,0xcc,0x00,0xb3,0xec,0x8c,0x5c,0x99,0x04,0x11,0x58,0xe2,0x0c,},{0x97,0xa5,0xb6,0xd2,0x68,0xa5,0xb4,0x17,0x5f,0xb0,0x6f,0x1f,0x37,0xd0,0xa6,0x33,0x51,0x92,0x96,0xed,0xc3,0x00,0x11,0xc9,0x54,0xd8,0xf0,0xb9,0xbb,0xe2,0x64,0x18,0x00,0x39,0x6c,0x4b,0x35,0xd4,0xb0,0xd7,0xd2,0xa1,0xd1,0x7c,0xbb,0xeb,0xdc,0x55,0xa8,0x09,0x46,0x2d,0x6c,0xc1,0x9a,0x6f,0xad,0xbe,0x1b,0xd1,0xba,0xe8,0x8a,0x01,},"\xe8\x13\x14\x4b\xd1\x16\xf6\xac\x36\x38\x92\x17\xb5\x17\x1a\x90\x2f\x06\xb7\xdd\x7b\x14\x4d\xf4\xf9\x09\x15\x53\xc7\xc7\x83\x57\x53\xa2\x96\xcb\xb0\xd7\xfa\xb9\x9c\xef\x77\xb6\x1f\x34\xa0\x4c\x8a\xf0\x4e\x7d\x5d\x1f\x96\x13\x02\xde\x89\xe2\x00\x5f\x29\x9f\x5a\x4a\xa1\x79\x24\x61\x7d\x00\x66\x93\x93\x77\x45\x53\x9c\x30\x48\xee\x36\xb8\xc2\x3a\xfe\xc0\xaf\x9f\xea\xa0\x06\x6c\x8a\xf8\xe0\xa7\xf0\x90\x93\x49\x82\x10\xf6\xd8\xdc\xc0\xaa\xad\xa5\x66\x87\x86\x91\x0f\xf7\xc5\xb3\x48\xd4\xcc\xd6\xee\xef\xfa\x3a\xcd\x18\x16\xd9\x01\x1a\x4c\x40\x25\xf6\xc2\xfd\x2c\x02\x0a\x10\x59\x36\x27\x52\x0d\x4d\xd9\x9e\x07\xc6\x2d\x2d\xbe\xbe\x84\x13\x9e\x1c\x7d\x86\x7c\x09\x35\x74\xfa\x60\x1e\x4e\xe3\x07\xac\x92\x6e\x5d\x36\xb6\x2d\x7e\xd8\x4a\x26\x15\x88\xb7\xe2\x88\x3c\x79\x26\x61\x2b\x4c\xc6\x7e\x2b\xb7\x25\x44\xa1\x0d\x6b\x49\x29\xc8\x8e\xf6\xc4\x7c\x26\x25\xd2\xf6\x81\x6b\xd7\x3c\x3b\xae\x89\xd2\xe0\xc8\x61\x71\xac\x4b\xd0\x80\xae\x55\x5d\x62\x74\x0d\x1d\x2a\x76\x1c\xed\x86\xdf\xc3\x28\xec\xc2\x7e\xe3\xdb\x6d\x40\x41\x08\xef\x4e\x0b\x64\x90\x62\x53\xb4\xc0\xa7\x71\xad\xef\xed\xc8\xa2\xc5\xb5\x3c\x42\x5a\x70\xcd\x6f\x63\x95\x6f\x7a\x0a\x61\x9f\xdf\xbf\xd0\x0a\xa0\x78\x41\x8e\xb4\x65\x2f\x8b\xc6\xf3\xc2\x53\xbe\xec\x98\x38\xb7\x7f\x9c\xbe\x2e\xf2\xb8\x05\x5c\x57\x73\x53\x9e\x35\x6b\xd8\x19\x26\x06\xec\x10\x1e\x3f\x60\x58\xb1\xdd\x08\xa6\x8f\xdb\xc5\x49\xdf\xe6\xb7\x72\x5d\xc2\x54\x9e\x8e\x3f\x90\xdc\x5b\xe3\xcc\xfb\x0a\x38\xba\xf9\x37\x7c\xb3\xf6\x50\x1d\x2e\x15\xcc\xb3\x55\x6a\x89\x5c\xcb\x23\xf0\xb6\xdf\x9f\xe5\x93\x11\xcf\xf5\x53\x74\xc3\xfb\x3a\x32\x98\x1c\xa2\x6a\xb4\x26\xf3\x66\x3d\x04\xe3\x16\x7e\x53\xa5\x37\xb7\x58\x9a\x9f\xb7\x36\x79\x09\x0a\x20\x55\x32\xc1\x32\x90\x66\x34\x33\x4a\x7e\x87\x49\x79\x3f\x8c\x59\x3f\x3f\xd6\x27\x8c\xe0\x05\x03\x83\x48\x7f\x3b\x24\x50\x67\xaf\x94\x88\x1a\xa1\xae\x96\x8d\x0c\xae\xba\x5f\xa5\xc7\xbe\x5f\x4e\x4b\x72\x57\x51\x86\x95\xd8\x9b\xcc\xde\xc5\x07\xb9\x67\xb4\xfd\x64\xb6\x89\x3b\x3e\xe7\x80\x3c\x1d\x36\xea\x8a\x02\xfc\x42\x6f\x9a\xfc\x8e\x9f\x24\x32\x15\x27\xec\x98\x44\xbc\x3c\x54\xa0\xf7\x66\x7e\x03\x43\x00\xbb\xb4\xfb\x02\x0f\x6d\x5b\xb9\x54\xe7\xb5\xa3\xa7\x06\xa4\x93\x9d\xb3\x3c\x15\x48\x92\x64\x34\x76\xa2\x91\xd4\x7d\xc1\xe6\xf7\x2c\xe9\x1d\x13\x6f\x11\xdb\x26\xb9\xc9\xba\x73\x6e\x40\xdf\x0a\x15\xc1\xa8\x91\x49\x99\x6b\x25\x1d\xd9\x88\xb3\x90\x04\xe6\xef\x41\xbd\xc0\x61\xdb\x58\x0b\x7b\x74\xde\x2a\x65\x18\x10\xbd\x89\x17\x53\xb9\x73\x86\xd7\xf8\xcb\xdb\xb6\xec\x38\x6f\xa2\xc3\x42\xf5\xef\x20\xe6\xe3\xa8\xbb\x4d\x51\x49\xa7\xd4\xde\x12\x24\xdf\xf1\xd1\x72\xc8\x75\x70\xf7\x76\xd5\xef\x45\x95\x9b\xe0\x93\x8a\xd7\x9f\x5d\x33\x95\xcb\x27\x21\x62\x71\x22\x88\x7b\xd7\xa8\x98\x3b\x64\x77\x97\xbd\x41\xd8\x82\x64\x1c\x81\x43\x1c\xe8\xd9\xb3\x06\x7a\xde\xc4\xcd\xe9\x26\xc5\x13\x13\xf0\xcf\x84\xc5\x29\x25\x62\xdd\x49\x08\x64\x2d\xd2\x45\x28\x84\x84\xc5\x56\x8a\x78\x7d\x0c\xed\x36\xa3\x52\xf0\x32\xda\x4f\x7e\x4d\xe0\x6b\x11\x47\x3f\x65\x0e\xec\x65\xdd\xa9\x96\x39\xaf\x2d\x42\xd8\x4e\xe2\x30\xf4\xf8\x36\x23\xd9\xc9\xaa\xa3\xb1\x6b\xda\x10\xdd\xaa\xd2\x5a\xf5\xc1\xc1\x0f\x81\xc8\xc5\x1c\x81\x1a\x3a\xa3\xe3\xdb\x58\xa7\x02\x5e\x43\x80\xe2\x85\xda\x47\x4a\x61\xba\x59\x17\x3f\xf0\x42\xa4\x6a\x79\xab\x18\x4b\x07\x01\x08\x41\x6f\x9d\x61\x58\xcf\x96\xd0\xe6\xdb\x44\x76\x14\xa0\xd9\x08\x9e\xbb\x6a\xee\x4e\xf1\x07\xbe\x45\x93\xd7\x1e\x79\xf6\x79\x86\x68\xa7\x40\xae\x4b\xac\x5a\xc7\x59\x4e\xcb\xd5\xdc\x82\xe7\xd0\xf9\xcb"},
+{{0x51,0xb1,0xad,0x0f,0xfc,0x21,0x49,0x7a,0x33,0xdb,0xdb,0x85,0xea,0x2b,0xc1,0xce,0x3d,0x0c,0x2d,0x95,0xd9,0x46,0x1a,0x39,0x09,0x73,0xfe,0xe3,0x77,0xfc,0x75,0xf4,},{0xba,0xd0,0x41,0x25,0x75,0xd3,0x80,0x13,0x01,0xed,0xee,0x6b,0xc0,0xf2,0x76,0xe7,0x87,0x35,0x7b,0x41,0x22,0xf5,0x2d,0xe9,0x81,0x88,0x58,0x51,0x88,0x42,0x49,0xcb,},{0xcf,0xb6,0x5b,0x6f,0xf0,0x37,0x7c,0xef,0x51,0x1f,0xd9,0x7b,0x90,0xc3,0xec,0xb8,0x08,0x33,0xf1,0x42,0xa7,0xcf,0x50,0x22,0xce,0xd3,0x0b,0x3f,0xb7,0x86,0x20,0x86,0xd0,0x13,0x39,0xb8,0x86,0x6a,0x23,0x8c,0xb0,0x70,0x27,0x6e,0x19,0x44,0xb5,0xfe,0x32,0xcc,0x40,0x99,0x47,0xcb,0x91,0xde,0xb1,0x43,0x2c,0x29,0x1b,0x60,0xfb,0x0d,},"\x78\x82\xe8\x6e\xf3\x40\x2f\x6d\xbc\x65\xcc\xe8\x31\x5b\x39\x76\x5f\xaa\x4b\x1f\xc8\x76\xfa\xd5\xf8\x22\x0c\xb2\x2a\x7d\xf2\xe3\x58\x0e\xab\x3a\x7e\x8f\xa7\xfb\xb6\xb5\x94\x82\xca\x0e\x36\x4a\x13\x13\x96\xdf\x79\x2a\x32\x41\xa0\x60\xe4\x41\x43\xb6\x76\x74\x93\xc6\xbf\x75\xf1\x87\xa9\x64\x3a\xa1\x1e\x11\xeb\xa7\xb0\xa8\x0f\x0a\x68\xb9\xf1\xb7\x9f\x75\xb6\x6c\xc5\x9d\x9d\xa7\x79\x55\xfd\x7e\x87\x99\xf9\x9d\x6e\xb0\x8f\x90\xd3\x18\xf4\xef\xcb\xfe\x71\x15\x9b\x10\xa8\x3a\xa5\xfd\x69\xbb\x75\x33\x6f\x5d\xf2\x96\xea\x06\x0a\x42\x6c\x95\x45\xdf\x94\x0b\xc1\x45\x4e\xfc\x1f\x9d\xc9\x65\xf1\xf2\x2d\x94\x73\x03\xfb\x8e\xc1\x24\x07\xff\xf6\xb1\xdb\xe4\x7e\x34\x21\xc3\x17\x64\xfd\x90\xc8\x3a\xc7\x11\xd1\x99\x26\xe2\x29\xa0\x64\xc6\x1f\xe3\x67\x6a\xf3\x00\xa1\x71\x6f\xab\xe4\xe3\x84\x22\x64\xad\xb3\x2e\x0d\x9c\x9f\x5d\x4a\x65\xd0\xd7\xb5\xc3\x77\x0d\x73\x7e\xe1\x3c\xbe\xd2\x1d\x7a\x1d\xa3\x6a\xaf\x7e\xc0\xf3\x6f\xcc\x47\x6f\x65\x96\x81\xe5\x16\x0a\x5a\x1f\x49\xe7\x59\xb9\xd0\xfc\xd4\xfd\xb8\x54\xec\xcd\x99\x17\x2a\x47\xd2\xc4\xef\xbe\x0b\x37\x57\x63\x1d\xf1\xba\xe1\x75\xf0\xfa\x74\xdd\x04\x8b\xb6\xa5\xfe\xd8\x43\x02\x84\x34\x9d\xa3\xd6\x7d\xf2\xa6\xf7\xe8\x26\x9b\xc7\x9f\xb2\xc5\xd5\xed\x60\x84\xe9\x07\x6f\x45\x5a\xb6\x38\x91\x90\x46\x36\x9a\x44\x6d\x57\xfc\xad\xa7\x01\x1c\xc7\x71\xbf\x6d\x87\x4a\x8e\x5d\x23\xc6\x87\x74\x7d\xe4\x1d\xd0\x4b\xff\xc7\x17\xd6\x12\x81\x83\x84\x6e\xb5\x94\xb3\xcb\x1c\x1a\x8a\xa0\x4f\x0d\x7e\xba\x53\xaf\x39\xcb\x1d\x4e\x6f\xec\xf3\x11\x3b\xd8\x42\x24\x16\xf4\xc4\x40\x37\xae\xee\x9e\x0f\xdc\x51\x7c\x48\x73\x1f\xd0\x4e\xe9\xc9\x9f\x5d\xbc\xa3\xd5\x74\x50\x9d\x7b\xaf\x32\x88\xf2\xc2\x30\xa0\x2d\x17\x03\xbd\xb1\x61\x1c\xde\x2a\x76\x6d\xac\x19\x3d\xe1\x67\x44\x3d\x20\x09\x0d\xc3\x4d\x29\x27\x7a\x86\xb1\xe9\x98\xb2\x45\x64\x51\x17\xe5\x11\x1f\x12\xf1\x46\x06\xc5\x54\x46\xdd\x91\x2d\x34\x75\xc1\x98\x76\xe1\x9a\xc5\x36\xd3\x17\x87\x6c\x4b\x0a\x2e\x0f\x98\x61\x61\x29\xa5\x68\x37\x32\xa4\x23\x17\xc5\xe8\x09\xdc\xa9\x56\xb2\xab\xb4\x84\xad\xa8\x10\xa1\x5c\x81\xcc\x85\x62\xb5\x55\xda\x94\x58\xf9\xb4\x43\x38\x49\x02\x30\xc7\x40\x4f\x3d\x48\x61\x1f\x84\x12\x7e\x73\xe2\x77\xd8\x8c\x62\x21\x2d\x2a\x3a\x35\x1f\xc6\x76\x65\xb1\x8d\x77\x21\x62\x30\x63\x2c\xbc\x78\x12\x88\xe1\x5c\xeb\xf3\xec\x33\xa7\x20\x5e\xb2\x2b\x9a\xbe\x4c\xdb\xc7\xdd\xba\xaa\x53\x64\x08\x75\xeb\x76\x3f\x52\x2c\x36\xcf\xff\x2e\xb2\x3e\xe5\x86\xd7\x75\x28\x62\x59\xfa\x94\xa4\x4f\xa7\xec\x01\x50\x96\xa2\xa4\x46\xb6\x73\x2b\x80\x02\x42\x67\xfe\x3d\x5d\x39\xd1\xc4\x85\x09\xb3\xec\xaa\x2e\x24\xe5\x4d\xe4\xd6\x1c\x09\x7b\x70\xf7\x53\xb5\xaf\x9a\x6d\xb6\xf9\x75\xd2\x5f\x4f\x83\xd0\x6f\x87\x9e\x17\xef\x7c\x50\x9a\x54\x14\x44\xba\x3e\xb6\x86\x78\x38\x09\x0e\x22\xda\xfd\xbb\x0e\xb3\xb0\x56\x5b\xe1\x57\x9c\xee\xcd\xed\x20\xf5\x44\x25\x6c\x7c\x4e\xde\x3b\x62\x84\x3c\x65\xb0\x46\x6b\xe6\xb7\xe2\x73\x05\xb9\x63\xca\x91\x4e\x3b\x7d\x21\x73\x61\x18\xed\xb3\xd6\x58\xd9\xd7\x6f\x50\x9d\xb3\xb9\xca\x2e\xae\x28\x96\x4a\x4b\x3b\x3c\x38\x4a\x81\xa4\x89\x0e\xe9\x6f\xbe\x93\x4a\x6f\x2a\xec\x8e\xeb\x6c\xfe\x59\xac\x9d\x3b\xbc\x16\x46\xba\x32\xa1\x14\x2f\xee\x59\xfe\xd6\xfb\x7b\xbc\x04\x98\xcc\x27\xde\xad\x41\x3b\x7b\x43\x51\xec\x20\x63\x43\xc0\xab\x89\xfc\xf8\x72\x43\xb1\xab\x45\x0e\x58\xff\x11\xa1\x14\x0a\x38\x3f\x19\x6a\xa3\x97\x6c\xe1\x7c\xf3\x45\x30\xf0\x49\xa1\xde\x90\xe3\x17\x53\xcd\x85\xe7\xf1\xfd\x5c\xf2\x04\x26\xc9\x37\x9f\xeb\x8c\x31\xb4\xbf\xec\x35\xea\x5a\x78\x95\x3d\x75\xc5\xcf"},
+{{0xfa,0x2f,0x46,0x1c,0xe8,0xc7,0x12,0x62,0x18,0xc4,0x7c,0x91,0x56,0x9e,0x87,0x99,0x79,0x7c,0x83,0x36,0x8f,0xc8,0x42,0xb6,0xe1,0xc2,0x2f,0xd5,0x2a,0xec,0x70,0xbf,},{0x6b,0x89,0xb2,0x3f,0x1e,0x11,0xa7,0x5a,0x53,0xf9,0x92,0xf6,0xca,0x57,0x75,0x00,0x8c,0x6e,0x9e,0x7e,0x49,0xc0,0xd8,0x51,0x0b,0x0e,0x83,0x69,0xb7,0xa2,0x0b,0xcc,},{0x84,0xf7,0x9d,0x9e,0x8f,0x30,0xe5,0xbb,0x63,0x62,0x23,0x97,0x14,0x55,0x6b,0x04,0x73,0x6f,0xa4,0x44,0x65,0xca,0xba,0xad,0x23,0xbe,0xaf,0x5a,0x99,0xfc,0x45,0x1a,0xd4,0xae,0x5a,0x18,0xc7,0xf6,0xf9,0x64,0xfa,0x41,0x03,0x92,0x16,0x01,0x8e,0xc5,0xa2,0xac,0xca,0xe1,0x07,0x5a,0x6b,0xb3,0xa6,0xec,0xbc,0x1f,0xca,0x02,0xb9,0x04,},"\x79\x9b\x39\x80\x2a\x18\x27\xe4\x5c\x41\x12\xfe\xe0\x26\x03\x4c\x0e\x59\x8a\xff\xce\x2c\x55\x0c\x19\x3f\xee\x73\xf1\xdf\x8c\x30\xc8\xd3\x87\x33\x40\x08\x8c\xe8\x59\xde\x34\x71\xe9\xd0\x57\x68\x6c\x82\x9b\x54\x08\x79\x5e\x08\xb3\xdc\x7a\xa3\xb6\x37\xc7\xde\x9d\x21\x72\xad\x03\x33\xc1\xbe\xa8\x61\xa6\x23\x2f\x47\xf0\x5a\x10\xbf\x5d\xf8\x08\x15\xa2\x71\x25\x6e\x37\xe8\x08\xa0\xe6\x2f\x1f\x07\xd9\xe1\x0e\xbb\x94\x7d\x3e\xfa\xbf\x8a\x28\xfa\x9d\xcc\xd9\xa1\xd5\x99\xf5\xfd\x61\x65\x50\x8e\xfd\x67\x9c\xf3\x56\x01\x50\x58\xbf\x4b\x34\x11\x8f\x83\xaa\x3e\x5b\xc2\xce\x19\xec\xa8\x4f\x71\x83\x98\xad\xbc\x0a\x52\x76\xcf\x9d\x8c\xaf\xfc\x27\xe3\xe6\xab\xbe\x34\x5b\x0e\x9e\xcf\x89\xc6\x77\x1b\x0e\x75\xd4\x08\xba\x2f\xbb\x90\xfc\xfd\x70\xc5\x3f\x2e\x4d\x52\xba\x54\xd9\x78\x4c\xf7\x1c\x34\x9e\xf6\xf1\x4a\xe4\x97\x0d\xef\x6e\xfb\x5f\x30\xe9\x84\xd6\x01\x6a\x19\x6d\xea\xec\x7e\x04\xb4\x76\x19\xc4\x8b\xf4\x9d\xc0\x2f\x7f\xef\x3e\x13\xb7\x56\x17\x4e\x90\xd0\x5f\xcb\xdd\x5e\x13\xf0\xe4\x34\xef\xd5\x42\x1b\x09\x1d\x51\x79\x00\xed\x0d\x57\x85\x96\x88\x62\xb4\xbf\xe5\x09\x3a\xb6\x72\x17\x18\x0d\x97\x55\x4c\xcd\x9c\xc3\x14\x29\x32\x6c\xab\x42\xf3\xf8\x39\x80\x60\xc1\x9d\xb4\x88\xb5\xd1\xc8\x0b\x29\x09\x0a\xfd\x1c\x6b\xac\x36\x42\x26\x48\x00\x21\x1b\xc2\x78\xfc\xb9\x9d\xae\x9d\xbf\x49\xda\xf1\xb2\x4a\xb5\x69\xdc\xbb\x87\xd4\xd3\x54\x73\x35\xe3\x5d\xb9\x84\x00\xcd\xfc\xe6\x79\x06\x82\xe9\x36\x00\x22\x0e\xc4\x99\x24\x5f\xa4\xee\x15\xd8\x43\x83\x1b\x56\xcc\x26\x41\x80\x25\xbf\x87\x00\x16\x05\xc6\x69\x1c\xa6\xbd\x40\xa4\xe2\x48\xc3\x09\x80\x1b\x76\xa7\x95\xed\xe8\xad\x53\x08\xbc\xb6\xd1\x75\x4a\xb3\x37\x1f\x00\x03\xbb\x8c\x4e\x4e\x47\x19\x54\xe2\x8b\x1e\x98\x66\x37\x9f\x82\xe1\xfb\xac\xb7\x9d\x50\xad\xdd\xad\x5b\x97\x78\xb5\x58\xcd\xdb\xb0\x03\x8a\x5f\xf3\xd5\xc9\x55\x7b\x96\x5d\xe3\xa7\x08\x2c\x45\xa8\xec\xf3\xe7\x72\x1e\xb6\x90\xb6\xc7\x1f\x3d\x89\x75\xd5\x30\x0f\x67\xc4\xdc\x4a\x73\x68\x46\xe4\xcc\xd2\x6f\x93\x46\x3d\x5b\xc6\xf4\x6e\xdc\x48\x86\x64\xbe\x96\x96\xbe\x12\xb0\x2d\xd1\x04\xd1\x0c\xc6\xb1\xd8\x2e\x81\x17\x81\x12\x14\xa6\x48\x7d\x17\x36\x7e\x39\x5a\xde\x2e\xf6\xb2\x6a\x17\x83\xa7\xe2\xf2\x45\x21\x3b\xc0\x3a\x75\x5d\xf3\xee\x8e\xf9\xf1\xef\xf9\x72\xc6\x91\x90\x65\xcb\x7b\x75\x66\x78\xd4\xdd\xfd\x19\x3e\xdd\xc0\xb4\x2e\x86\x89\x61\x36\x43\x14\x6d\x74\x28\xca\x37\xbf\x31\xbd\xf1\x4e\x31\x86\x78\x58\xf3\x9d\x23\x23\x70\x9e\xb3\xb7\xd7\xf4\xe3\x97\x02\x23\x78\x42\x4b\xde\xe9\xbc\xb7\x4e\x9d\x5d\xfd\x37\x1f\x47\x34\x99\x8f\xc1\x8d\xf4\xcd\xfb\x4b\x5c\x21\xc2\xe5\x0f\x8d\x6c\x15\xbc\x14\xbf\x4f\xda\x6c\xeb\x9d\x80\x82\xca\xe4\x32\xdf\xc9\x8b\xfb\x3e\xcd\x16\xb8\xd7\x4f\x83\x0b\x64\x2b\x04\x28\x75\xe9\x21\xb0\x54\xbd\x1a\xaa\x58\x1f\x60\xd7\x18\xdf\x66\x9f\x56\xdc\x2f\x10\xd4\x78\x99\x77\x22\x16\x2e\x83\x94\x0e\x61\xa1\xb6\xe4\x2d\xf2\xa4\xa3\xa7\xcb\xcd\xd6\x11\xce\x96\xcb\xcf\xb5\xa9\x5c\xc4\x73\x23\x1c\xa1\x3c\x06\x09\xd0\xce\x1a\xe5\xdd\xb5\x46\x6d\x6d\x65\xee\xfa\xd9\xda\xf2\xa3\x69\x01\xbc\xc9\x45\x84\x7d\xa1\xed\x6e\x2e\x24\x0e\x84\x8b\x23\x1b\x7d\x0e\x1a\xcd\x06\x54\x3e\xc9\x3e\x76\x8e\x59\x98\x5d\x7e\x96\xc8\xc3\x1f\xcd\x12\x10\xf0\x96\x42\x71\xe2\x18\x77\x52\x5c\xb1\x34\xbc\x35\x36\x25\x7d\xbb\x11\xd3\x0a\x3c\x4f\x94\x9f\xb8\x2a\xe0\xc3\x1c\xcd\xfe\x41\x94\x32\x51\xe5\x0a\xa4\x35\x53\x92\xac\x30\x9e\xf6\x0f\xc1\x74\x32\xa2\xbe\x4b\xdb\x2f\xcb\x28\x60\x7c\xc4\x5a\x52\xb6\x00\x16\xbb\x1d\x2e\x23\x97\x2f\xf2\xc2\xa2\x47\xd7\x25\x58\x5b\x1e\xf2\xb1\x5f"},
+{{0x1b,0xe2,0x94,0x9d,0x51,0xe7,0x20,0x81,0x75,0x82,0x62,0x13,0xee,0x6a,0xe3,0xc0,0x91,0x17,0x27,0x42,0xe8,0x8c,0xaa,0x02,0xed,0x0f,0x31,0x3e,0xcb,0xe5,0xd9,0x10,},{0xd7,0xbf,0x47,0x48,0xd6,0xdd,0xed,0x5b,0x57,0xa2,0xab,0xf7,0x97,0xfa,0xcc,0x56,0x0b,0x48,0x56,0x3d,0xfd,0x9d,0xcf,0xf4,0xbe,0x52,0x2c,0x71,0x7a,0x6c,0xfd,0xa9,},{0xf4,0x1f,0x2e,0xf6,0x59,0x5f,0x17,0x66,0x0b,0xb2,0xfe,0x93,0xe5,0x1f,0xc6,0xfa,0x9c,0x31,0xda,0xdc,0x9d,0xb9,0x0c,0x3f,0x46,0x60,0x7a,0x7f,0xb4,0x80,0x0b,0xb7,0x5a,0xd9,0x63,0x25,0xdc,0x7e,0xab,0x78,0x24,0x72,0xb0,0x4d,0xa6,0xd8,0xe6,0xfe,0x64,0x65,0x5d,0xea,0x55,0x1f,0xbd,0x50,0x49,0xe8,0x76,0xce,0x5a,0x40,0x5f,0x02,},"\x04\x5e\x2b\x0e\xc7\xbb\x20\x3a\x49\xbd\xcb\xa9\x41\xe2\xb7\x3c\x23\xc1\xfe\x59\xa1\x7d\x21\xa0\x12\x4e\xa2\x4b\x33\x7f\x92\xab\x9c\x92\x3a\x20\x57\x6b\x62\xd5\xd0\xf6\x24\xe7\x93\x2c\x11\x5b\x54\x74\xe0\xa4\x6a\x4d\xc9\xec\x51\xf6\xa0\xce\x8d\x54\x74\x4d\x1d\x52\x09\x33\x20\xe3\x9b\xe2\x03\xf7\x4a\x0f\x5d\xfa\xc5\x2c\xf0\xf9\x95\xc6\x6d\xf2\x91\x4b\x68\xad\x87\x1f\xbe\x81\x52\x5a\xd2\xd8\x8a\xc6\x99\x33\xa7\x5a\xea\x74\xac\xe4\xe3\x63\x43\xdd\xc0\x6d\x32\x08\xf1\x6d\x80\x5f\x5d\xd7\x86\xb4\xda\xaa\x16\x67\x48\xcf\xee\xc5\x71\x4c\x85\xc1\x04\x78\xb5\x97\xac\x7f\x6a\xe2\xc9\x88\x91\xe3\x8f\xd4\x14\xaa\x81\x1b\x76\x21\xd8\x05\xeb\x8f\xcc\x46\xcf\x4d\x56\x8a\x8a\x92\x58\x7c\xbb\xc1\xae\xcc\x12\xf1\x0d\x90\xac\x1e\x01\xae\x98\x6d\x14\xfe\x82\x95\x1c\x68\x2c\xea\xc8\xc9\x25\xfc\x66\x54\xd8\x38\xac\x93\x53\xae\x2f\x93\xf3\xc8\x8b\xf7\xb8\x2c\xbc\x43\xb1\xe4\x9e\x5c\xeb\xfb\x19\x49\xad\xe4\xb2\x2e\x4b\xcf\x1b\x40\x0c\x0a\x8f\xa8\xa6\xfe\x76\x70\xf6\x9f\xc3\xfa\xec\xd4\x80\x5b\x8c\x95\x4c\x01\xa5\x40\xd1\xa1\xe7\x88\x43\x6e\xae\x07\x3a\xe9\x56\xda\xe3\x17\x69\x05\xa8\xf0\xa3\xc6\x0f\xd9\x80\xda\xb4\x19\xd4\x1e\xc0\x6e\x52\x73\xfb\xb1\x3d\xb9\x38\x1f\x89\xb6\x63\xcc\xc4\xbd\x75\x3f\xd9\x0f\x14\xa7\x7b\x3d\x81\xc4\x5d\xd3\x56\x1c\xd1\xfa\x0e\x94\xd2\x34\xce\xf9\xd7\x85\x9a\x2e\xc9\x42\xbf\xc1\x88\x49\xd7\xf2\xad\xa3\xa5\xd6\x57\xbc\x19\x3d\x2e\x14\x91\x68\x2f\x16\x65\xa5\x34\xb1\xac\x20\x83\xb7\x38\xbe\x8f\x9e\x96\x3f\x59\x41\xed\x48\x3c\x6a\xcc\x82\xe9\x59\xb8\x1b\x8a\xf0\x2f\x47\x1c\x08\xf5\xf8\xb1\x2e\x10\xe0\x08\x19\x28\x98\xa4\x45\x02\x02\xaf\x73\x15\x92\xe7\x4e\xfe\x2a\x94\x8e\x51\xd0\x6e\x44\xde\x9b\x95\x6b\x7b\xc9\xa6\x9b\x6e\x74\x68\x7a\xb2\x06\xde\xc4\xd3\x5b\x31\x73\xfb\xc4\x38\x82\x9d\x50\x64\xbf\xbc\xf7\x43\xc1\xe2\xd4\x6f\x62\x8f\x2e\x51\xc6\x26\xd8\xe4\x16\xd7\xbe\x6e\x55\x5a\x24\x96\x91\xab\xb1\x67\xf1\xd9\x2f\x4f\xa3\x39\x2f\xde\x24\xe9\x93\xce\x7f\xf5\xc1\xb8\xe1\x57\x7a\x7c\x0e\x73\x02\x5c\xc6\xfc\xd7\x27\xa8\x2e\xf0\xc1\x29\xe9\x1e\x55\x33\xe0\x21\xa3\xcd\xbb\x99\xd5\x4b\xf7\xcd\xcd\x3f\xf1\x19\x15\x4f\x3f\xad\x92\x42\xb6\xed\x35\x0d\x10\x37\x2c\x97\x6f\xf3\xa4\x37\xd0\x97\x86\x7d\x9b\xfb\xa9\x1d\x84\xbd\xa5\x5a\x6b\xcd\x6e\x36\x41\xb2\x13\xa2\x18\xb3\x04\x15\x89\xc5\x5a\xfb\xb3\x44\xde\x6e\x97\xd8\xc3\x5b\x5c\x86\xcf\x3b\xe0\x63\xf9\x01\xff\xee\xa8\xcc\x91\x06\x99\x67\xd2\x34\x60\x35\xa9\x1e\xb5\x70\x6a\x3b\x53\xf6\xd1\xc3\x4d\x4d\x21\x16\x70\x6b\x65\xc2\x98\xec\x57\xde\x82\xab\xc4\x00\x3c\xe8\xcc\x5e\x0b\x88\xff\x71\x0d\xda\x1d\xce\xf6\xf1\x54\x27\x71\x06\xb8\x3e\xb4\x6c\x04\x5b\x08\x2d\x11\x3b\x36\x1d\x6a\x62\x58\x08\xc9\x13\x05\x84\xdf\xc9\x67\x07\xef\x89\x55\x90\x7b\xaa\x61\xcf\x88\xc6\x6b\x6d\x1f\x60\x58\x11\x19\xcb\x62\x17\xa8\x52\x15\x73\x36\x17\x8c\x68\x5e\x6e\xd4\x85\x26\xed\x5c\x4e\x3b\x79\x67\xd5\x1f\x99\xdf\x68\x76\xa1\xac\xfb\x84\x5c\x57\x1b\x89\x86\x56\xe5\xe3\xbc\x73\x98\x0b\x9b\xed\x11\x98\x86\x63\x59\xc9\xe9\xb1\xef\xa9\x15\xf8\x10\xd1\xef\x8a\xd6\xcb\x3f\xc2\x1f\xbf\xe6\x54\x30\x6d\xe6\xca\x13\xa3\xa6\xa4\x8e\x7a\x13\xed\x87\x46\xac\xbd\x07\xf4\x8e\xb0\x0c\x36\x37\x4b\x1e\xb4\xf3\xf0\x1c\x19\xe2\xe8\xd3\x7e\x9f\xc0\x64\xb3\x3c\x0d\x66\x9b\xba\x55\x4d\xdc\x68\x21\xa7\x7b\x40\x89\xca\xbd\xca\xfc\x97\xf6\x0e\x60\x50\xbc\xa4\x44\xae\x8c\xfc\x44\xd9\x3c\x40\xef\x53\x18\xbe\xe6\xf8\xcf\x0c\x06\x7b\x85\xcd\xdd\xc4\x59\x74\xa4\xea\xcf\xc3\xef\x51\x31\x5b\xa0\xf3\xf6\x29\x68\xc7\x00\x3a\x7f\xf4\x44\x61\x24\x00\xb1\x59"},
+{{0x3b,0x6b,0xa6,0xd5,0xcc,0x9c,0xd6,0x24,0x1d,0x8b,0x00,0x97,0xa3,0x72,0x2e,0x4d,0x06,0x6f,0xea,0x3d,0x56,0x0a,0xea,0xb4,0x67,0x3e,0x86,0xf1,0xf8,0xec,0x60,0x26,},{0x8c,0xa6,0x52,0x07,0x17,0xcf,0x36,0x3c,0x4c,0xef,0xfa,0x76,0x32,0x8a,0x0a,0x16,0x6f,0xf8,0x3e,0x45,0xca,0x7d,0x19,0x1c,0xc8,0xef,0x6c,0xa6,0xe5,0x24,0x33,0x67,},{0x78,0x8c,0x9f,0x45,0x54,0xdd,0xba,0x5c,0x7d,0x64,0xba,0x75,0x9e,0xc4,0x56,0x94,0xec,0x79,0xfb,0x85,0xe8,0x23,0x68,0xa0,0x74,0xbd,0xd8,0xdf,0x34,0x42,0x13,0xa5,0x6d,0xd0,0x9f,0x33,0x4c,0xd9,0xac,0xb9,0x41,0xbe,0x28,0x3d,0x98,0xc4,0xb1,0x5d,0xcf,0xec,0xd1,0x4e,0x93,0xf6,0xa2,0xe3,0xcb,0x0c,0x1a,0xa2,0xde,0xe7,0xd9,0x0b,},"\x36\xde\x93\x0c\xc8\xe1\x88\x60\x83\x6a\x0c\x82\x9d\x89\xe9\x63\xa5\x8b\xdd\x9c\x6b\x6e\xf5\xbc\x61\xf7\x59\x92\xd2\x07\x52\x42\xdc\xa2\x3e\x28\xde\x20\x5a\x33\xdf\xea\x86\x1f\xc4\x4a\x32\x62\x8e\x8e\x7c\xdd\x3e\xd7\xff\x49\xea\x6a\x70\x97\xe0\x09\x0c\xfd\x9f\xf5\xec\xab\x1d\xe8\x22\xfc\x0a\x4c\x37\x76\xdd\x56\xc1\x91\x92\x04\x51\x6a\x94\xce\xc5\x63\x8d\xa1\xd9\x9e\x52\xb8\x66\xf5\xec\x41\x62\xa9\x12\xed\xb4\x1c\x1e\x92\xed\xfc\x35\x3f\x67\x05\xe1\xc1\x2c\xd4\x1c\xb6\x2d\xed\x4a\xd8\x15\x79\x40\x05\x9b\xfc\xf5\x07\x19\xd3\xf2\xad\x00\x84\x85\x40\xce\x89\xf3\xf9\xaf\xa6\x10\xcc\xba\x5e\xcc\x37\xe3\xe2\xc1\x53\x4f\xcb\x38\xfc\xd3\x9a\x2d\x14\xd5\xb5\xda\x6f\xea\x24\xe0\x06\x65\x4e\x30\x90\x47\xa2\x9c\xad\x0a\xe4\xda\x8e\x70\x8f\x97\xa1\x8c\xad\x5f\xbd\xc9\xac\x84\x40\x0c\x53\x2c\xed\x54\x88\x86\x53\x9e\xdd\x6c\x54\x10\x74\x79\x0a\xe4\x50\x2f\xdf\xe9\xf3\x27\x3a\x87\x6a\x21\x86\x23\xa2\x57\x06\xa1\x52\x5e\x67\xe5\x7a\x16\xd2\x2c\x21\xb6\xa4\x5e\x23\x84\xe2\x87\xac\x44\x52\xae\xc4\xe0\x63\x05\x6b\x4c\x17\x8a\xb0\xe5\xb2\xa5\xba\xd3\xf4\x63\xc4\x72\xc4\xea\x1f\x9c\x1a\x66\xe5\x27\x04\x73\xa8\x35\x09\x4e\x8f\x0e\xef\x68\x0c\xd7\xb2\x0d\x0e\x70\xf4\xd6\xc9\x58\xfe\xe0\x8a\x93\x60\xaa\x60\x66\x88\x8f\x4d\xd7\xce\x5e\xc2\x22\x59\xfa\x0b\x53\xfe\x92\x71\xc0\x83\xc6\xfc\xdb\x72\x83\xb0\x90\x61\x08\x8c\x52\xf7\x1b\xfd\xd2\x77\x7c\xe0\x80\x1f\x41\xa6\xc4\xce\x90\xef\x13\x1d\xe1\xe1\x83\xcb\x89\x49\xce\x32\x3c\x9e\xb1\x3a\x4b\x0c\xac\xf9\x9d\xef\xdf\xdb\x68\xd5\xed\x1f\x68\x91\xb4\x8e\x21\x04\x76\x68\xd6\x9d\xe8\xa8\x0f\x8e\x56\x34\xde\xd0\x87\x36\xa4\xfb\x54\x10\xcd\xea\x9c\x72\x59\x6e\x36\xdf\x68\x41\xf2\xee\xa4\x68\x50\xc8\x74\x73\xc8\x95\x54\x02\x05\xb0\x92\x19\x60\xff\xa5\xd9\xd8\xff\xb8\xe2\x9c\xde\x96\xa3\xed\xe0\x15\xac\xbc\x26\x97\x40\x04\xd3\xe4\x38\xa8\x5b\x2e\x33\x85\xf6\x4d\x18\x14\x00\x39\x41\xff\xd3\x63\x99\x2d\x39\x40\xc6\xe6\xd8\x1f\xf8\xe4\x5f\xce\xd6\xd3\x6c\xe1\x98\xd8\xcc\xbe\xfe\xe4\x32\xa7\x7d\x8f\xca\xdd\x73\xfb\x79\x9f\x6b\xaf\xef\xb5\x1a\x2d\xa7\x98\x72\x1c\x3d\x46\x5b\x16\x3e\xf1\x3e\x6e\xcc\x65\xe6\x03\xb2\x89\x3e\xe4\xcc\x9e\x1c\x6d\x1d\xe7\xa6\x5c\xab\x5c\xbd\xf5\x36\x85\x5e\x28\x8c\x3c\xcd\xa8\xd2\xfa\x3c\xe1\x0c\xf4\x93\x58\xa2\xef\x4e\xf0\x76\xe5\xbf\xa9\x1b\xbc\xf3\xd9\x66\xdf\xa3\xdc\x6e\x71\x2f\x19\x56\xd4\xe5\x8a\xa3\x6e\x71\x2d\xd3\x34\x71\x69\xb1\x9c\x8d\x44\xbe\xc5\xbc\xb7\x30\x77\x8f\xcc\xcc\x58\x9e\xd5\xd3\x50\xd4\x4c\x17\xbd\xe2\xee\xbb\x6f\x5e\xc5\x9f\xb2\x40\xd6\x7d\x81\xae\xa9\x26\x7f\x34\xf1\x5e\xee\x2d\xe3\xf4\xfa\x67\x39\x14\x79\xbd\xbb\x43\x0f\x48\x43\x70\xfb\x0e\x08\x95\xb9\xae\x06\x5b\xbd\xd4\x3e\x23\x0c\x62\xac\x07\x18\x4e\x8b\x06\xb2\x4b\x8b\x97\xec\x02\xdc\x6f\x37\xef\x61\x64\x1e\xd5\x6e\x3f\x5e\xb8\xd2\x08\x0b\x51\x44\xef\x76\x0b\x51\x87\x52\xe1\x97\x54\x79\x2e\x19\x34\x3a\x38\x55\xe1\xe2\xf7\xa7\xdc\x62\x35\x17\xee\xd2\xf5\xd2\x65\x48\xa6\x8e\xb8\xff\xd7\xbf\x70\xf7\x8f\xd1\x86\xdb\x63\x49\x28\xbb\x98\x13\x8f\x2b\x8f\xe8\x44\x81\xcc\x53\xf5\xaa\x35\xe2\x66\x6c\x63\x25\xe1\xd2\xb8\xac\x5e\x2d\xf2\x93\x5b\x7f\x64\x13\x95\x2d\x10\xd6\x07\x6f\xfc\x75\xbb\x6a\xf6\x3b\x29\xb0\xb9\x66\x3b\xec\x37\x24\x7b\x66\xb5\x08\xdd\xe4\x1f\x2f\x11\xb8\x43\x33\x55\x9d\xfa\xc7\x3f\x76\x1b\xcd\xa8\x4a\x48\xd2\x66\x07\x3a\xef\x16\x38\x46\x08\x49\xe7\xa1\x72\x06\xa2\x5f\x68\x00\x77\x0b\x91\x4c\xc0\x26\xba\xf9\xe3\x25\x59\x14\xe1\x32\x58\x44\x1c\xef\x35\xad\x1d\x66\x83\x3e\x98\x7e\xbe\x44\x31\xe6\xa6\xbb\x22\x2c\xbb\x65\xaf"},
+{{0xdd,0x99,0x87,0xb1,0x8f,0x9a,0x92,0x2c,0x0f,0x6f,0xea,0x18,0xeb,0x00,0xb8,0x96,0xc7,0xa2,0xd3,0x09,0x3d,0xb3,0xea,0x31,0xd3,0x84,0x21,0xda,0x0d,0xe5,0x12,0x31,},{0x57,0x39,0x21,0xa9,0x55,0xfe,0xb6,0xdd,0xe4,0x1b,0x05,0x5c,0x8d,0xac,0xac,0xcd,0x1d,0xb7,0xfe,0x9e,0x36,0xb5,0x09,0xd3,0xc9,0xe3,0x6f,0x97,0x35,0x75,0x23,0x24,},{0x3e,0x9f,0x2b,0x00,0x7c,0x0e,0x29,0xec,0x87,0x59,0x95,0xa6,0x30,0x9b,0x97,0x3d,0xeb,0x8b,0xaf,0x11,0x3d,0xed,0x13,0xf1,0xe0,0x00,0x3e,0x9b,0x9b,0xf9,0x39,0x16,0xa4,0xdf,0xe4,0x79,0x37,0xda,0xdf,0xc7,0x8a,0xa6,0x63,0xc5,0x5f,0x67,0x4e,0xc3,0x5c,0x38,0x46,0x25,0x8f,0x18,0xe7,0xbb,0x93,0xfb,0xba,0x3e,0x82,0x6a,0x1f,0x0d,},"\x48\x16\x2f\xdc\x3a\xbf\x73\x19\xc6\xca\xab\x60\xcb\x8d\x05\x20\x87\x5c\xb4\xee\x8a\x07\x09\x27\x83\x16\x7d\x47\x33\xff\xe5\x20\x4e\x5f\xeb\xe7\xd2\x91\xe9\x53\x6b\xde\xa3\xdf\x06\x37\x15\x9a\x65\x3e\x09\xfd\x99\xaf\x66\x1d\x83\x00\xae\x74\x1a\x3e\x91\xa8\xbd\x85\xea\xd0\x5d\xc7\xd9\xe6\xf9\x29\x32\x33\x16\xed\xc4\xca\x62\x4e\xa7\x81\x8b\x25\xbd\xc0\x61\xf7\x14\x92\xfd\x22\xd4\x65\xab\x22\x6f\xd9\xa1\x0d\x8b\xab\xfc\x07\x4c\x68\x6c\x43\x6c\x24\xa3\xa5\x3f\x8f\xf3\x89\xce\x9c\xa1\xdb\xc8\x90\x74\x45\x88\x92\x41\xf8\xfd\xa3\xa7\xa3\xf5\x02\x4f\xa8\xcb\x0d\x04\x4b\xda\xf6\x71\x6d\x98\x3a\x6d\x83\x98\x14\xff\xe7\x0d\xdc\x55\xbb\xba\x11\xac\x97\x88\x7b\xdb\x4d\xad\xa9\x65\x65\xbb\x07\x5d\x5f\xc1\xd3\xc5\x24\x4b\x9f\xff\x77\xde\x58\x72\x9a\x05\x9a\x91\x1f\xb3\xe0\xeb\x16\x4f\xb8\x42\x9e\x26\x56\x85\xd1\x4a\x63\x23\x30\x46\xd2\x0e\xcf\x28\x9c\x55\x72\x31\x69\xa9\xd6\x3d\xda\x0d\x52\x55\x15\x3d\x9e\xf4\xa6\x1b\x92\x12\xf4\xb8\x20\x69\x7a\xe7\xc3\x08\xcf\xab\x40\x3b\x2c\x34\x31\x90\x62\x26\xe4\x5c\xe2\x19\x20\xdf\x52\x01\x60\x9d\xaf\x83\x0f\x28\xad\x79\x60\x05\xa9\xbd\x8e\xba\x62\x0c\xf8\x39\xc3\xba\x22\x7b\x96\x3c\x7b\xd0\x91\x48\x22\xdf\x2c\xa0\x3c\x22\x54\xd0\xcb\x8a\xca\xe0\xd5\x9e\x4c\x3e\x0e\xc2\x15\xc8\x36\x96\x9d\xcd\x1d\x49\xbf\xe1\x97\xe2\xf3\xee\xa3\xfa\x8a\x37\x3b\x55\x8d\x0f\xb9\x06\x3c\xf1\x56\x8e\x73\x9a\xad\x8f\x09\xfb\x43\x7c\xaf\xb5\xa2\x72\x37\x5f\x43\x60\x64\xee\xe1\x1b\xd9\x03\xd3\xaa\xea\xb4\xe3\xfd\xcd\x36\xbd\x20\x76\xee\xa1\x79\xa4\xf0\xd4\xfb\xc8\xdf\x42\xbf\x26\x60\xf0\x8d\xe7\xd5\xc6\x39\x7c\xae\x10\xb7\x27\x74\x58\xaa\x6c\xfa\x01\xe8\xa6\x73\x7e\xb1\x26\x22\x78\x56\x64\x66\x91\x68\x1c\x10\x6a\x15\x7a\x26\xae\xd2\x1b\x1a\xaf\x0e\xd2\x76\x64\x21\xcf\xc3\xd1\xc7\xdd\xfb\x72\xfc\xdf\x4b\x8b\x49\x0f\xc0\x9a\xce\x49\xae\xdd\x77\x12\xb2\x1a\xc5\x6f\x86\x01\xf6\x25\x56\x3c\x78\x43\x06\xf3\xb9\x17\x4a\xdd\xf7\x64\xe0\x51\xaa\xdf\xe1\x28\x31\xaf\x96\x69\xe6\x2c\xab\x12\x1c\x74\xdf\x34\x37\x24\x42\x9d\x6c\x26\x66\x02\x71\xc3\x2f\x40\xcf\x7c\x2d\x08\xbd\x0a\xfc\xc7\x28\xde\xf4\x13\x5d\x4e\xb5\x5b\x6a\x3e\x76\x29\xd8\x06\x86\x4a\x85\xb3\x6a\x32\xb9\xb2\x1a\xc0\xd3\x96\x80\xa2\xae\x4e\xc4\x18\x97\x09\x17\x8e\x34\x94\x97\xf3\x93\x99\xfb\xc7\x8b\x3c\x6c\xfa\xca\x6e\xde\xa7\xc3\x3d\xda\x3c\xc1\x1e\x43\x84\xf1\x58\x3d\x6c\xfc\x6b\x58\xf4\xea\xa2\xbc\x56\xab\xa4\x2f\x73\x8a\x42\x9b\x93\x58\x08\x50\xde\xe3\xfd\x25\x39\x94\xf8\xb0\xfa\x66\xee\x8e\x27\x3d\xec\xab\xd5\x32\x09\x5f\xb0\x4a\x4a\x3c\x34\x0a\xf0\xe5\x5b\x57\xef\xab\x43\x63\x0f\xc0\x2e\xf2\x0b\x42\x5c\xa2\x18\x7e\x3c\x6c\x5e\x10\xf1\x2d\x61\x8f\xd2\x43\xa2\x24\xf6\x50\x1e\xbe\xb9\xd3\x21\xc6\x38\x5b\x81\x27\xef\x9c\xdc\xd0\x97\xce\x7f\xa0\x21\xcf\x40\xd2\x1c\x39\x91\x23\x43\xf6\x7a\xcc\xe1\x82\x5e\x3a\x51\xb8\xa7\x18\xe8\xc3\x40\x62\x2f\xff\x65\xfe\x00\x53\xd2\x4a\xa3\x35\x1b\x6a\x24\x00\x18\x5d\x7a\xeb\x88\xe8\x7a\xc4\xa1\xd3\x94\x90\x9d\x49\x41\x4a\xef\xc2\x2b\xa0\x09\xaf\xf6\x96\x2c\x92\x17\xd7\x55\x69\x4e\x4d\x6a\xa8\xa5\xd6\xa8\x03\xce\xbb\x15\xde\x8f\x54\x16\x34\xb6\xfc\xeb\x0c\xac\x79\xdd\xa8\xa1\x8e\xef\xbb\x53\x7e\x70\xff\xe9\xaa\x5a\x6a\x6a\xaf\x92\x40\xfa\xc2\xea\xcb\xfb\xef\x01\xad\x6b\xdf\x50\x75\x87\x80\xf8\x6a\x4e\x48\x89\x85\x36\x2d\x58\x25\x01\x1f\x5e\x8b\x66\x42\x5a\x61\x6b\x7e\x10\x4e\xb2\x3f\xe8\xf1\x00\xcb\x02\x49\x82\x36\x62\xbd\xa3\xda\x47\xa4\xc3\xc1\xca\x2f\x91\x4b\x25\xb9\x73\x85\x34\x02\x60\x47\xdf\x6d\x7f\xf6\x31\xdf\x2c\x41\x31\xf6\x80\xe1\x37\x43\xc9\xcc\xf2"},
+{{0x38,0xd2,0xef,0x50,0x9f,0x93,0x05,0x1f,0x14,0x51,0x67,0x73,0x7c,0x22,0xe1,0xa5,0xbf,0xe8,0xf4,0xa9,0x1e,0xba,0x0b,0xb8,0x7c,0x39,0xce,0x04,0xa8,0x9b,0xae,0xc6,},{0x01,0x11,0x5f,0x6d,0x89,0xa5,0xda,0xab,0x54,0xf8,0x92,0xbb,0x4a,0x4b,0xda,0x1c,0xe5,0xd8,0xf6,0xc9,0xc8,0x8a,0x50,0xce,0xe8,0x3b,0xd9,0x87,0xa2,0xc0,0xdd,0xf7,},{0xde,0xc4,0x62,0x53,0x50,0x9b,0x11,0xe4,0xb5,0x2a,0x6a,0xe4,0xf3,0x66,0xb6,0x80,0xdf,0xfc,0x28,0x0d,0x0a,0x04,0x4f,0xc0,0xcb,0x79,0x0b,0x6e,0x75,0x13,0x81,0x46,0x1e,0x1e,0x60,0x2a,0x89,0xe3,0xb3,0xd3,0x06,0x4c,0x40,0x7f,0x60,0x2f,0x1c,0x22,0x40,0x4b,0x68,0x23,0xbd,0x24,0x67,0x54,0x93,0x14,0xa0,0x00,0x01,0x66,0x4a,0x08,},"\x42\x7b\x5a\x01\xe8\x59\x7f\x04\xfd\x42\x2f\x0a\x66\x2d\x0b\xe2\xdf\xa8\x53\xed\x5f\x9d\x3f\x60\xff\x90\xf2\xc5\xee\x08\xbb\x59\xfd\x03\xd4\x02\xb7\x54\xca\xf5\x4d\x00\x58\xf5\xa2\xcf\x87\xaf\x4f\xef\x21\x77\xd5\x9e\x18\x22\x62\x93\xfd\x2a\xf3\x76\xbc\x98\x7b\xf7\xb3\x20\xb9\xd1\xe2\x49\xab\x9e\xfb\x75\x07\x8e\x6d\x3d\xf2\x9e\x03\x50\x47\x76\x35\x43\x44\xaa\x69\xe7\x2e\x1e\xbc\x52\xa3\xc3\x8a\x4c\x2a\x16\x73\xb4\xe9\x74\xa2\xe4\xe1\x2a\x2e\x78\xea\x3e\x3f\xe5\x0c\x53\x63\x0d\x09\x6d\xa3\xe2\xfe\x82\x99\xf7\x1a\x1b\x44\x1b\x4c\xf0\xca\xeb\x93\x7a\xfa\x4a\x0e\x39\x15\xcc\xab\x39\x96\xc9\xf6\xa8\xf4\xfd\x37\x54\x3e\x8f\x75\x90\x0c\xfd\x47\x17\x53\x70\xef\xb8\x52\xa5\xf6\x9d\x67\x36\x83\xf9\x98\xfd\xcf\xf8\x5f\xf8\xf3\x2b\xaa\x80\x70\x66\x60\x44\x22\x02\x7d\x51\xa4\x35\xdd\xf9\x88\xed\x2f\xd8\xeb\x19\x1f\x10\xb4\x68\x07\x42\x00\x08\x75\x6e\xb4\xe3\x00\xc4\x09\x9c\x2d\x64\x50\xbc\xc6\xa4\xe7\xd0\x67\x31\x56\xb8\x37\xf0\x50\x63\x38\xf3\xd1\xb5\x73\x4b\x16\x6c\xa5\xcc\x2f\x24\xa4\xef\x02\x6c\xda\x2c\x4a\xe3\x10\x5b\x63\xca\x85\x70\xd1\x85\x46\xcf\xac\xb8\x60\x42\x96\x6a\x00\xef\x52\xc7\x29\x90\x19\xf6\x8a\x2d\xf0\x8c\x8b\x70\x4e\x85\xe7\x13\xc3\x48\xd7\xf1\x67\x76\x60\xe1\x8e\xba\xb5\x9b\xf4\xe1\x2e\x6f\xf2\xd7\x83\xd8\xd5\xd4\x2a\xab\x6e\xf0\x17\xb7\xa1\x96\x6a\xee\x8d\xc1\x4d\xda\xbe\xd4\x9b\x4b\x64\x3d\xf4\xe9\xb0\xb6\x03\x83\xc7\xd8\xb4\xb8\x8c\x65\xa8\x98\xc1\xc7\x7d\x43\xd6\xbd\x68\xb2\xa5\x74\x3f\x1f\xed\xd6\x54\xdc\x84\x49\x6d\xa0\x2c\xeb\x69\xb9\xb4\xd3\xa8\xe0\x0c\xcd\x72\xe7\xc7\x5f\xc5\x0a\x8d\xd0\x87\xe1\x83\xe6\xc1\xf5\x79\xba\xeb\xc5\xc6\x3f\x28\x07\x93\x67\x91\xb5\xfe\x48\x47\xcd\xcf\x15\x17\x74\x23\x52\x05\xcd\x2d\x7b\x8b\xf4\xae\x88\x19\x22\x5e\xa7\x08\xb7\xba\xac\x66\x99\x8f\x0c\xba\xb2\xc7\xdd\xf2\x51\xf3\xb1\xde\x10\x17\xd3\x97\x69\x22\x05\xee\xa6\x39\xf1\x2d\x77\xbe\xef\x6c\x13\xbb\x12\x10\x0f\xf8\x90\x64\x70\xbc\x7b\x21\x29\x80\x53\xbe\x1a\x61\xb7\xb3\xa4\x99\xed\xc3\x10\x99\x6c\x8b\xc0\x87\x19\x07\xca\x46\x8e\x89\xed\x31\x1a\xdc\xa2\xe2\xb8\x29\x30\x97\x5b\x3e\xfb\xbf\xc0\x3c\xdd\xf4\xd9\x48\xc4\x76\x5e\x8c\x10\x59\x08\x82\x16\x9a\xcd\xdb\x8f\x8c\x36\xd8\x4c\x2d\xac\x3b\x79\x8e\x7a\xbf\x84\x47\x12\xfa\x45\x8d\x27\x7c\x24\xe8\x14\x04\x7d\x74\x23\x19\xa8\x34\xdd\x9f\x92\x7a\x2b\x44\x85\xef\x13\x74\x5f\x7a\x60\xdd\x6b\xb3\x37\x93\x63\x04\xc9\x7d\x3f\x9f\x14\x4e\xb2\x9b\xb6\x95\xb8\xdc\x31\xb9\xd8\x49\x10\x61\x1d\x28\xd5\x81\xca\xa9\x36\x5d\x6d\xff\x52\xd4\x10\xa4\xad\x52\xbd\x12\x17\x29\xff\xf5\x28\x88\xf4\xda\xae\x17\x07\xf6\xf5\x6d\xac\x61\xff\xb9\x96\x1c\xda\x71\x76\xaf\x44\x60\xa6\xd5\x54\x2a\x20\x44\x6f\xb5\x14\x7f\xce\x72\x72\x04\xce\xc6\x89\x9b\x9a\x3d\x4f\xf6\x22\x6b\xb8\xa1\xc7\x8e\x36\xfc\xdd\x9e\x50\xc0\x40\xd7\x2d\x0f\x40\x07\xd3\xfa\x9a\xa7\x67\xe4\xab\xd0\xad\xd6\x2f\xdb\xcc\xde\xff\x67\x21\xeb\x25\x9e\x00\xa7\x21\x63\x20\x06\xbe\xde\x0d\x17\x3d\x38\x34\x4d\xea\x44\xf9\x6b\x67\xd9\xa2\xee\xa1\xd2\xaf\x5f\x74\x8e\x8e\xbd\xb4\x41\xbf\xb4\xe5\x8e\x2d\x42\xfe\xc7\x40\x56\x6a\xcf\x73\xa3\x03\x35\x8f\x7d\x89\xc8\x15\x8c\xf2\x1f\xe8\x5b\x0d\x4a\x41\x7e\xbd\xc8\x6d\x04\x69\xf6\xb9\x1c\x24\xad\x61\x0d\x48\x6d\xed\xc2\x18\xb2\xce\x7a\x8b\x96\x75\x47\x23\x15\x1f\x0d\x00\x76\xff\xf9\xf1\x9d\x11\x2d\x9c\x05\x92\xfb\x8d\x92\xc9\x9d\xcb\x8d\xdf\xaa\x46\xfb\xe0\xd9\x2d\xf4\x6b\x8c\x00\xca\x43\x45\xad\xb6\x9a\x5a\xca\x69\x4a\x86\xcf\x30\x64\x64\x51\xbb\x17\xba\x6e\x60\x7a\x91\x2b\xf1\x09\xd5\xfc\x2d\x3e\x27\xd0\x0d\x94\x56\x00\xa8\xa5\x7c"},
+{{0x43,0xbf,0xb3,0xdb,0xe4,0xd9,0xbd,0xaa,0x82,0xb3,0x54,0xdd,0x59,0x63,0x34,0xe6,0x60,0xd7,0x6f,0xc0,0xb2,0xeb,0x69,0x89,0x93,0xae,0xf3,0x76,0x7f,0x1c,0x7c,0x7f,},{0xd0,0x0a,0xec,0xef,0xf0,0xce,0xb8,0x32,0xc2,0x51,0xd1,0xfe,0x6b,0xcb,0xea,0xea,0xcb,0xb4,0x11,0x3f,0x52,0x81,0xba,0xba,0x4e,0x87,0x8f,0x7b,0x95,0xf9,0x3f,0x07,},{0xa9,0x99,0x55,0x23,0x02,0x0a,0x0d,0x22,0x2b,0xc4,0x8f,0x98,0xd0,0x55,0x04,0xe3,0x06,0x8f,0x30,0x4a,0x6d,0x19,0x70,0x06,0xcc,0x9c,0x03,0x5e,0xea,0xde,0x09,0x9e,0x7a,0xa9,0x7e,0x90,0x89,0x4e,0xad,0x17,0xe8,0xc3,0x0b,0x0a,0xa4,0xa9,0x80,0x88,0xf0,0x38,0xb9,0x22,0x44,0xc4,0xb2,0x0f,0xde,0x96,0x4f,0x85,0x34,0xe8,0xfb,0x03,},"\x3f\x3e\xed\xdc\xae\xf4\xe1\x66\x2a\xdb\x66\xbb\x1b\x20\x7d\x79\x3f\xcb\xef\x81\x50\x05\xe8\x26\x43\xed\x70\xc9\x85\x54\x03\xda\xc2\x8b\x52\x07\x27\xa9\x01\xa5\x32\xd2\x8b\x9b\xd1\x34\x8d\xb2\xf8\x96\x7b\xbb\x8c\x90\x98\xb0\x7f\x57\x0a\x2e\xae\x1e\xe4\x82\x64\x0c\x0b\x67\xa5\x2a\x38\x61\x21\x33\xa1\x5e\x25\x8e\xde\x38\xcd\xa8\x78\xff\x36\xed\x32\x1d\xff\x87\xcc\x6a\x01\x38\x3b\xa8\x40\x67\xd6\x0a\xf4\x17\x76\xac\xf8\x0a\x8a\x4e\xac\x77\xf7\xd8\x7c\x37\xa7\x04\xa3\xe2\xac\xa1\xe8\x81\x5e\x49\xfb\xca\xb7\x97\xc8\x56\x52\x95\x38\xbe\x07\xd5\x16\x96\x32\x1f\x69\xb0\x9b\x5d\xc5\xa1\x5e\x5f\x0e\x4c\x22\xd2\x28\x37\xf6\x2e\xe4\xc8\xbc\x7f\x25\xa9\x48\x7b\x96\x2c\xc2\x0f\x13\x3f\xcb\x87\x0e\xd1\x25\xcc\xa5\x85\xd1\x81\xbd\x39\xf9\xdf\xa6\x61\xf1\x9b\xe7\x6d\xa7\xf6\x5f\x22\xfb\xbc\x80\x75\x2a\xeb\x39\xe8\xd5\x9e\xd9\x6e\x14\xf5\x95\xd0\x49\x29\x40\x2b\x50\x29\xc6\x0c\xee\x37\xc0\x21\x7b\xc5\x31\xd8\x0d\xb3\x41\xda\xce\x3c\xce\x76\xe6\x43\xaa\xc5\x38\x87\x47\x3e\xdc\x6e\x19\xcb\x39\xfe\xcf\x6a\xf4\x24\xa2\x06\x63\x93\xd1\xc3\x3f\xc7\xb9\x36\x76\xd7\xe6\x10\x5b\x9b\xfc\x96\x7d\x1e\x29\xaf\xdc\x4c\xf1\x5b\xca\xfa\x09\xc2\x95\xa6\xf9\xde\xee\x33\x1a\xb3\xb0\xd4\x93\x12\x6e\x2b\x2f\xff\xb4\x2a\x6b\x68\xe7\x9e\x13\x8d\xb5\x50\x82\x72\x62\xe4\x87\xa8\x3f\x37\xf0\x1d\xd7\x92\x2b\xe7\x5e\x92\xfc\xf5\xd9\xd4\x80\x3b\x3a\xc2\xf3\x5d\xa2\x10\xfb\x38\xb2\x63\xb0\xff\xb6\xc2\x70\x8d\x4b\x55\xb7\x57\xaf\x52\x07\x7a\x7e\x31\x84\xd0\x1e\x82\xf6\x4d\x32\xcc\xe4\xfd\xee\x0f\x8d\x4e\x36\x4b\xcf\xb9\x58\xeb\xbf\xdb\xb6\x22\xb3\x8b\x51\xe9\x30\x27\x1c\x7b\x1b\x70\xaa\x9d\x4b\xb3\xaa\x4b\x99\x7c\x52\x14\x4d\x3a\xa6\x21\x62\x57\x3a\x3a\x1d\x9c\xe4\x6c\xdb\xee\xb8\x44\x9f\x12\x25\xc4\x49\x63\x1e\x88\x97\x52\x1c\xd0\xf6\x37\xb7\x21\xa1\x25\x2b\x8a\x10\xab\x0b\xe8\x70\xaf\xbc\xd8\x9d\x58\xb2\xeb\xb6\x32\x11\x95\x0c\xad\x7a\xb8\x2c\x81\x95\x02\x6b\x50\xea\x8b\x77\xb9\xe9\x0e\xd5\x59\xaf\x44\x84\x30\x88\x51\xa3\xa1\x56\x71\x68\x53\xa8\xac\x4e\xcb\x8c\x5c\xc7\xd9\x35\xb0\xf4\x66\x12\x41\x43\xb1\x17\x7f\x05\xd0\x8b\x97\xd1\xad\x54\x2e\xd2\xc2\x46\x5a\xf1\x85\xe7\xdb\x42\xb6\x9c\xb8\x02\xa7\x17\x94\xa3\x13\x98\x83\x02\x96\x70\xc9\x56\x74\x2a\xaa\xd7\x90\x7a\x71\xd9\x59\x85\xfc\x1d\x45\xb6\x59\x97\xb4\xec\x6c\xe8\x25\x5d\xe9\x59\x27\x0a\xfa\x7d\xe9\x0f\x29\x29\xde\x63\xf9\xb1\x72\x11\xd7\xf1\xae\x82\x0a\xda\x9c\xe3\xe4\x86\x49\x17\x9d\x60\xb0\x14\x94\x93\x48\x1f\x01\xd4\x59\xdb\x7d\xad\x05\x26\xb5\xbd\x9f\x4b\x33\x80\xd2\x5b\xa2\xc5\x02\xba\x8f\xa3\xc4\xd4\x13\x1b\x46\x62\xad\xde\xfb\x41\x82\x7f\x75\x9f\xa7\x1d\x44\x7d\x5f\x02\x92\x45\xf4\x8c\x62\x2e\xb7\xc6\x8c\x8e\x71\x08\x1f\x7f\x78\x9d\xe7\xa2\x83\xd2\xed\xa8\x3a\x7d\x17\x22\xa0\x5f\xb7\x2e\x17\x60\xc2\x40\x40\xc4\xd8\x34\xde\xf5\xdf\x5f\x74\x2e\x02\xb3\x04\x51\xc8\x93\xbc\xf7\xd7\x71\xdb\x78\x4c\xbb\xda\xec\x87\x6d\x8a\xc8\x67\x43\xb5\x29\xa2\x92\x00\x7a\xc7\x53\xc9\x9a\x57\x99\xcc\x32\x4f\xe5\xeb\xb5\x44\x8a\xb5\x54\xb1\x0d\x41\x36\x97\x4a\x12\x54\x2d\x25\xc6\x14\x7c\x67\xc5\xd2\x33\x6c\x9d\xb7\x5c\xba\x2f\xd6\x08\xcd\x43\xab\x95\xbe\xac\xd0\x43\xa1\x34\x9c\xef\xa8\x28\xe2\x3b\x5f\x0b\x6e\x0e\x29\x51\xf3\x35\x3b\xb9\x2b\xfd\x1f\x0a\x49\xc3\x3f\xb3\xcf\x37\x99\xa0\xb5\x43\x19\x8a\xd5\xd0\x3d\x26\x3c\x1a\x06\xc3\x5a\x26\xad\xe1\x51\x84\x91\xc8\xc1\xd2\x7a\x2d\xb0\x33\x80\x89\x32\xcd\x1c\x47\xb5\xa1\x26\x98\x5a\xcb\x8d\x88\x83\x60\xee\xcc\xfe\xb3\xbf\x51\xb0\xd1\x89\xb4\x19\x04\x40\x40\x4d\x12\xfb\xa6\x5d\x0a\x7a\x14\xc6\x20\xc5\x55\xf8\x22"},
+{{0x51,0x4e,0x07,0x0b,0x01,0x90,0xd1,0x8c,0xbe,0x98,0x1a,0x5a,0x15,0x1e,0x77,0x53,0x39,0x8a,0x27,0x2b,0xcf,0x01,0x48,0x13,0xad,0x37,0x97,0x22,0xc3,0x6e,0x13,0x3d,},{0x6f,0xbd,0xe0,0x47,0x4c,0xc4,0x81,0x0e,0xff,0xa5,0x0a,0x07,0x82,0x0c,0x96,0x5a,0xa0,0x03,0x95,0xff,0x3a,0x5b,0x3e,0x2e,0xdd,0x7d,0x35,0x6b,0x7d,0x6a,0xef,0x2b,},{0xb6,0xc3,0x55,0xc9,0x58,0xb5,0xba,0xa7,0xeb,0xe9,0x77,0xa9,0x3f,0xcf,0x53,0x95,0x89,0xa3,0x66,0xd4,0x01,0x60,0xe4,0xe0,0x31,0xb8,0x8a,0xb9,0x64,0x02,0xc7,0xbd,0x57,0x7f,0xf6,0x35,0xfc,0x07,0x78,0x24,0x23,0x59,0x8d,0xca,0x43,0x66,0x81,0x24,0xa8,0xb2,0x87,0x51,0x0e,0x2c,0xfd,0x07,0xa1,0xe8,0xf6,0x19,0xf6,0xc8,0x54,0x0a,},"\x83\x14\x55\x76\x2a\x5d\x80\x09\x7b\xb2\x84\x50\x42\xf4\xc8\x76\xe7\x10\x85\x35\xbe\xd6\x83\xe8\xc4\x46\x19\xd0\x81\x54\xa2\x29\x44\x4b\x10\x1e\x3e\xd7\xc0\x15\x07\xe8\x70\x94\x14\x46\xaf\x97\x8c\x0f\x53\x41\xd1\xac\x1d\xd1\x5b\x14\xe8\x96\x67\x12\xdf\x19\xf5\x2f\xeb\x51\x03\xcf\x62\xb6\x63\x27\x56\x44\x6c\xc7\x54\xdf\x00\xa3\xf6\xdd\x71\x99\x68\xa2\xce\xf6\x6c\x3a\xdf\xb7\xd1\xfc\x49\x1f\xbb\xf3\xd5\x92\x94\xab\x34\x61\x9e\x17\x6d\xb0\xd4\x46\x15\x1e\x37\xea\xa3\xda\xf1\x72\x40\x6e\x98\x3d\x9d\x23\xa6\xb6\x9e\x92\x97\x60\x30\xf5\xac\x70\x40\xad\x51\x14\x12\x9f\xea\xf9\x7a\xf1\x5b\x22\x96\xfa\xe7\x04\x92\xdb\xbe\xb2\xb4\x82\x76\x87\xfb\x79\x87\x15\xc9\xbb\x2c\x32\x55\x7a\x81\xd8\x91\xb8\x97\x05\x29\x00\x70\x71\x59\x75\x1f\x07\xdb\x07\x4c\x77\xf0\x71\x96\x71\xf1\x76\x66\x89\x02\x9a\x3c\xdd\xf3\x9d\xf3\x48\x3c\xf2\xb0\x4f\x71\xc2\x5d\xe0\x5f\xc2\xd0\x2b\xb4\x8e\x53\x9e\xaf\x1a\x32\x16\x46\xcd\x80\xef\x2f\x0a\xc7\x03\xf4\x5e\x73\x89\x53\x08\x00\xe5\xd4\x17\xcc\xea\x8a\x5c\x08\x66\x82\xf0\x47\x45\xd5\x0b\x5d\xfc\x8f\x6e\xdc\x87\xa9\x5c\x7d\x20\x2a\x9c\xfd\x99\x87\x14\xb7\x46\x92\x0e\xbb\xe2\x33\x5b\xca\x1a\x01\x71\x76\x20\x16\xf5\xe4\xbd\xa8\x9c\x57\xd0\xed\xc6\x91\x0c\x6d\x22\xc8\xf9\x09\xda\x3d\xb1\x35\x2f\x0c\x8b\xd1\x8f\x3b\x5a\xac\x25\xf1\x93\xb8\x94\x70\xf9\x76\xbc\x4f\x1a\xff\xb3\xc6\x6b\xc5\x87\x6c\x6f\xe2\xac\x75\x08\x53\x3d\x97\xbb\xcf\x77\x11\x9d\x9a\xae\x19\x3f\x07\xe0\xb6\x4b\x46\x1c\x9c\x6c\x3b\x9d\x29\x3b\xd3\x7d\xe3\xd8\xe1\xab\x1e\x8d\x87\x2c\xd9\x4e\x6c\xf0\xeb\x68\x43\x9f\xdc\xd3\xb2\x5c\xe8\x48\x34\x60\xbd\x8b\x7c\xce\x88\x9f\xb7\x22\xb4\x36\x1e\x11\x8d\xa9\x83\xef\x4a\x9e\x45\xce\xbc\x0c\x1b\x82\x29\xea\x53\xe6\xf5\x55\x05\xf6\x44\xe0\x9a\xca\xa4\xc4\xb8\xcc\x64\x0b\x2c\xd2\xb3\x12\xe1\xc3\xa2\xc0\x26\x69\xe1\xf9\xc0\x63\x11\xc7\x8d\x36\x00\x09\xdb\x9e\x67\xc3\x9b\x49\xd1\xe5\xd7\x70\xc0\x1d\x28\x4b\x0a\x17\xa4\x1b\x4e\x7c\xa7\x45\xd6\x65\xec\x07\x50\x0e\x4d\x9f\xc8\xeb\xc1\xcc\x6a\xf5\x3a\x3f\xc7\x6b\x0c\x3f\x14\x31\xd4\x98\x43\xf2\x0e\x18\x27\x82\xc8\x2b\x3b\x5a\xae\x36\xfe\x20\xca\x64\x26\x18\x06\x8b\xe2\x33\xd4\xb5\xef\x9e\xae\xff\x40\x15\x36\xdc\x59\x3a\x2b\xc1\x83\x44\xf5\x5a\xc5\xd5\xfc\x7b\x3e\xb5\x06\xd1\x1c\xb3\x75\x33\x00\x63\xc6\x20\xc5\x33\x4d\x72\x3c\x7d\x1f\x04\x28\x16\xbc\x47\x85\xb3\x5a\xc0\xe6\xf1\x74\xf7\x36\x87\x8b\x7b\x49\x16\x58\xca\x67\xd8\xfc\xab\x53\x8f\xc6\xec\xd2\x77\xea\xd9\x0d\x95\x4b\x46\x0d\xa4\x25\x3a\x1c\x3a\x30\xb3\xd8\x92\x8f\x69\xac\x98\x76\xa2\x89\x19\x69\xfc\x2d\x06\xa6\x68\x99\x2b\x8e\x21\x15\xdf\xe5\x35\x8a\x71\x24\xba\x7c\xcf\x42\x1d\x80\x54\xea\x04\x34\x44\xcd\xeb\x40\xb7\x16\xdc\x7a\x36\x59\xa3\xca\x94\x34\x72\x93\x48\x90\x60\xe2\xcf\x67\x12\xa2\xa6\xc7\xb8\xad\x14\x67\x85\xfc\x40\xcc\xb9\xda\x28\x78\x30\xd0\x11\xd0\xd2\x4d\xf3\xe7\xaf\xbe\x97\x2d\x6f\x41\x7d\xe5\xcd\x75\xf2\x59\xea\x07\xca\xfd\xde\x20\x5f\xc0\xa3\x65\x13\x5c\x23\x2c\xbd\x7c\x1b\xc5\x39\xfa\x4b\x7e\x1c\xce\x35\x18\x52\x37\xc2\x3f\x80\xae\x97\xc1\x86\xd0\xd3\xb1\x05\x03\xd5\x98\x4a\x20\xec\x41\xc3\xcd\x04\x2c\x28\xa4\xc3\x1f\x95\x74\xb0\x6a\x87\x2b\xf9\x59\xab\x0a\xdd\x1f\x5d\xee\x14\xa1\xe7\x41\xef\x23\x8d\xfc\xde\xc0\x85\xaa\x08\x8d\xcf\x39\xa3\x6d\xda\x8f\x2a\x85\xed\x0d\x36\x2c\xcb\x00\x5d\x02\xe5\xac\xcc\x09\x2a\x37\x6d\xc1\x1a\x56\x61\x70\xd5\x83\xdb\x35\xf1\xde\x0b\xe3\xf1\x59\x08\x59\x6e\x9b\x78\x1a\xc8\x1b\xe0\x7b\x9b\xd2\xaf\x46\xc5\x6f\xb4\xd9\xd8\x42\x76\x01\x1e\x46\x18\xb7\xf7\x6f\x96\x79\x4c\xd0\xfd\x57\xed\x41\x4b\x63"},
+{{0xbc,0x79,0x0a,0x73,0x85,0xdd,0x1d,0xdd,0xc7,0x62,0xe3,0xb2,0x02,0x21,0xdc,0x07,0x8b,0x6c,0x3d,0xa8,0x98,0x6d,0x41,0x80,0x94,0x07,0x27,0x25,0x7c,0xfd,0xcd,0xf1,},{0xc9,0x26,0x46,0x26,0xf6,0x8f,0xed,0xb5,0xb3,0x9c,0x28,0xf0,0x30,0x45,0x3b,0x54,0xd0,0xd5,0x1a,0x98,0xb1,0x77,0x21,0xf2,0x61,0x1d,0x7f,0x27,0x7e,0xf4,0x8b,0x81,},{0x6d,0x6b,0xd6,0x5f,0x37,0x26,0x79,0xfe,0x9d,0x94,0x5f,0xf5,0x65,0x16,0x33,0x3e,0xce,0x0b,0x7a,0x25,0xb1,0x5a,0xd2,0x48,0x73,0x81,0x67,0x0e,0x53,0x6f,0x52,0x46,0x77,0x5e,0xb3,0x9a,0x11,0x4d,0xb2,0xb9,0xcd,0x50,0xf3,0x12,0xb3,0x60,0xd9,0xd0,0xbe,0xa2,0x95,0xdc,0x37,0xb8,0x17,0xb3,0x32,0x89,0x0a,0xdb,0x65,0xe4,0xc4,0x01,},"\x14\x3d\xd7\xbf\xbf\xf2\xad\xc7\x1f\x5d\x12\x3d\x47\x4e\xa0\x69\xdf\x14\xae\x92\x3e\xd9\xbf\x8f\x98\x91\xe6\x0b\xae\x43\xf0\xc9\xf5\x55\x37\xac\x9d\x1a\xe5\x23\xce\x4e\xcf\xd3\x3b\x20\xae\x44\x5e\x9c\x42\x63\x72\x05\x0f\xa5\x21\x7c\x1e\x4f\xb0\x13\x53\xeb\xf2\xe3\x29\x04\xef\x7e\xef\xcf\x72\xe8\x02\x3b\xae\x06\xbb\xb6\x40\xcf\x77\x7d\x5b\x0e\x11\x52\x7b\xc8\x35\x49\x3a\xd6\x98\x0a\x15\x7b\xb2\xd5\x0b\xe2\x33\x65\xe7\x2c\xbf\x0b\x3f\x20\x9e\xf0\xc4\x4a\x00\xb4\x1a\x62\x26\x24\x88\x09\x6c\xae\x5a\x69\x6b\x4d\x64\xcb\xad\x34\x50\x0d\x41\xfb\x4e\x4b\xc7\x0f\x8b\xf6\x21\x44\xd0\x1c\x22\x75\xd6\xd2\x9f\x5d\xe7\x5b\x17\x21\xd5\x04\x6b\x68\x29\x16\x44\x43\xeb\xfd\x9c\x17\x81\x31\x9d\x88\xf5\x40\x10\xed\xc2\x96\xab\xbe\xd0\x2b\x7d\xad\x9b\xa5\x85\xb5\x52\xe0\x00\x5d\xcc\xa4\x00\xbf\x4f\x45\x9e\xed\x7d\xb8\x6e\xa8\x61\x2b\xe9\xe9\x18\xdf\xd4\xe2\x70\x0c\x47\x10\x08\x32\x83\x62\x6f\xac\x75\x44\x17\xe0\x08\x7d\x26\xba\x14\x5d\xfc\x45\xb1\xc9\xbf\x7b\x4d\xd7\x0e\x6c\x50\x87\x47\xef\x80\x5c\x9a\x02\x42\x5a\xeb\xc6\x42\x1e\x0d\xeb\x6a\x79\xd8\x9a\xce\xee\xe0\x1e\xce\xcc\x9f\x3c\xa3\x65\x38\x38\x26\x58\x4c\x43\x0e\xbd\x39\xec\xf0\xa7\x28\x66\xae\x0a\xce\xca\x5a\xd4\xf0\x40\x5b\x67\x77\x9c\x04\xc5\xde\x03\x30\x61\x4d\xa3\x47\x0b\x80\x5d\x78\x7c\xe7\x9a\xc5\xa6\x96\xdd\x6f\x6b\x55\x39\xb1\xa6\x51\xb4\x24\xce\xfb\x19\x49\x1d\xa6\xe0\x88\x92\x23\xcc\x98\x39\x8b\x42\xc0\x04\x14\xff\x8d\x6c\x06\x27\xeb\x97\xcf\xf2\x0a\x8c\xbe\x7f\xcc\xb4\x1d\x81\x0f\xcf\xe8\x58\xca\x74\x75\x24\x7e\xf6\x28\xe8\x4a\x09\xd0\x12\xfe\x12\x23\x5b\x38\xc1\xcc\x9d\x82\xe2\xb6\x9d\x01\xd6\x21\x8c\xfd\x48\xe8\x5f\x26\xae\xad\xd1\x95\x40\x8c\xdd\x4c\x2f\x80\x6a\x89\x04\x1f\xd0\x31\x7f\xb1\xa7\xb6\x20\x9f\x90\x42\x70\xd3\x4e\x60\x61\x95\x04\x72\x88\xb0\xfb\x11\xa5\x72\x29\x38\xf6\x7c\x22\xb3\x13\xf7\xf7\x4b\x20\x25\xc7\x5b\xcd\x1e\xcc\x5a\x9a\xdd\x4a\x64\x0a\x41\xf2\x99\x6e\xb6\x6e\x5a\xf1\x96\x19\x8d\xb5\x8a\x3f\xb9\x93\x8f\x34\x9f\x92\x2a\x24\xd8\x6f\x4e\xd8\xa9\x6a\x09\xa1\x96\xc2\x4d\x6d\x01\xed\x76\xf3\x81\x6c\x05\xc4\xf2\x6b\xac\xa9\xb9\xd6\xdc\xc7\x9b\x58\x0d\xfb\x75\xd6\xc9\x05\xd4\x80\xda\xd7\x69\x51\x85\x4b\xda\x1c\xaa\x7f\x4a\x81\x95\x43\xae\xd0\x1a\xe9\x56\xbf\x30\x58\xfe\x8b\x3c\x7d\x5d\x72\x49\x62\xf1\xa6\xa8\x31\x43\xdd\xad\x27\x4f\xda\x3a\xd5\x78\xe9\x8a\xa9\x67\xc4\x10\xee\x57\x57\x5e\xf0\x1c\x02\x58\x56\x0f\x0a\x1f\xa4\xb7\x93\x27\x79\x6d\xe9\x94\x20\xcf\xd0\xa4\x15\x50\x63\x60\xf1\x24\x2c\xcc\x58\xa6\x88\x09\x27\x75\x0d\xbb\xff\x13\xd7\xc1\xb4\xed\x51\x9c\xda\x35\x72\x10\xf1\x2f\xb0\xd1\xc4\xd4\x8f\x04\x11\xbd\x7e\x05\x8c\xc4\xcb\x93\xd3\xc7\x75\x97\xe2\x65\x3f\xfa\x28\x2d\x3c\x2f\x12\x8a\xc3\x3a\x23\x7a\xf2\xfc\xbc\x9e\xf9\xc8\x11\xf3\x78\x14\xba\x2b\x0b\x85\x09\x3d\x0f\xd1\x8b\x8c\x6f\xb0\x9a\x43\xce\x52\x25\x4d\x23\xd5\x5f\x32\xe1\xd3\x24\x2a\xed\x1f\x23\xd9\xcf\x20\x4a\xa0\xdf\xd4\x4a\x34\x6f\xe0\x9e\x55\xa4\xa0\x6c\xf1\xbe\xf8\xbb\xf3\x7b\xa1\xf1\x59\x8a\x58\xae\xf8\x95\x01\xec\xba\xc0\x45\x35\x43\xe4\x80\xed\x0a\xdd\xe9\x0c\x84\x1d\x95\xeb\xd6\xeb\x23\xba\xa9\xf7\x0f\x83\xc1\x49\xea\xb3\x2d\x09\x13\xc7\x9b\x09\x93\xd0\xe1\xd3\x57\x4f\x0f\x54\x2e\x56\xa2\x06\x16\xcf\xe4\xa8\xbd\x7a\xae\xeb\xe0\xb0\x83\xdc\x2c\xe0\x14\x61\x78\xc0\x74\x82\xa0\x11\x29\xbc\x6f\xef\xdc\x81\x41\xc1\x38\x48\x94\xb6\x9c\xbe\x2f\x29\xda\x18\x8f\x7f\xd4\xac\x34\x1a\x2d\xf6\xfd\x90\xde\xe6\xa4\x46\xd2\x74\x63\x24\xc7\x5c\x1e\xf5\xb1\xac\xe1\x87\xd3\xbc\x16\xd7\x05\x59\x89\x29\x75\xd7\xe4\x71\x38\xf0\x40\x63\x85\xea"},
+{{0xdb,0x3a,0x44,0xdf,0x40,0xd2,0x55,0xa2,0x5c,0xf2,0x3f,0x53,0xc4,0x52,0x23,0xb7,0xd8,0xf1,0xf1,0xf1,0x11,0xba,0x07,0x40,0x6b,0x71,0xe1,0x84,0xa8,0xcd,0x06,0x12,},{0x6b,0x12,0xbd,0x95,0x80,0xae,0x20,0x7a,0x9b,0x0b,0xaa,0x82,0x87,0xb8,0xbb,0x86,0x66,0x93,0x73,0xee,0x5e,0x5a,0x62,0x5a,0xb4,0xa6,0xef,0x2d,0x08,0x71,0x25,0x97,},{0xcc,0x28,0xb5,0xef,0x4b,0x97,0x73,0x63,0x7f,0xae,0x7e,0x5f,0x08,0x4b,0x69,0x94,0xaa,0x35,0x98,0xf8,0xf4,0xa6,0x5d,0x0b,0xb2,0x01,0xd1,0x72,0xd8,0x61,0xa3,0x01,0x49,0xb3,0x33,0x8d,0x3c,0x3a,0xb7,0x5b,0x32,0xb2,0x55,0x95,0xcd,0x8b,0x28,0x96,0x30,0xc3,0x37,0x6a,0xcd,0x10,0xba,0x2a,0xb2,0x6b,0xc1,0xab,0xa9,0x00,0x84,0x0e,},"\x52\xdd\x8b\xa4\xff\xfa\x34\x4d\x1e\x08\x11\xd9\x67\x5c\x31\x3f\x9c\xc0\xe5\xa1\x38\x47\x86\x91\x98\x9d\x2b\x7f\x73\x89\x02\x50\x68\xfa\x35\xf7\x4f\x9a\xea\xf1\xe9\x56\x65\xec\xf8\xd5\x70\x7f\x75\xf6\x5f\x22\x56\xee\xa9\x33\x98\xbe\x59\xc0\xd5\x38\xf5\xe8\x58\x4b\xfb\xb3\xa2\x40\xf5\x01\x6d\x79\x27\x23\x4c\xb3\xea\xc3\x5b\x39\x1b\x8b\x53\xf2\x0e\xd8\xba\xe0\xba\x11\x08\x96\x94\xbf\xea\xde\x11\x07\x16\x56\xd4\xcf\x18\xef\x2d\x36\x81\x92\xe0\x4e\x08\xe3\x02\x4f\xc1\xd2\xfd\xa6\x31\x2a\xfc\xa6\x8d\x10\xc9\xc3\x36\xa0\xe3\x68\x50\xbe\x1a\x4f\x35\xb0\x33\xa8\x5a\x2a\x95\x49\xf2\x67\x3a\x99\x5f\x2a\x9a\xb4\xbd\x46\xc8\xfd\x2d\x83\x8e\x64\xf7\x61\x71\x34\x27\x32\x9c\x9a\xf5\xe4\x21\x1a\x22\xab\x20\x8a\xaa\xb8\x0e\x19\x4c\xd0\xf6\xa5\x02\xb3\x08\xfe\xd6\xc5\x83\x51\x78\x01\xa4\x8e\xd4\x33\x0e\x2f\xad\xdc\xd4\x18\x09\xc3\x91\x9b\x30\xe8\x4d\xb3\xc6\x87\x31\x03\x1e\x79\x85\x7d\xd9\xf9\x7f\xfd\x12\x54\x7d\xa7\x06\x67\x98\x07\x41\x51\xec\x88\xa5\xfa\x96\x3b\x9d\x9d\x83\xba\x2f\xee\x13\x58\x33\x95\x0e\xf7\xbc\x62\xb3\x40\x1e\xa1\x1b\xb3\x6f\x25\x56\x1b\xc0\x52\x2b\xb0\x2d\x8d\xad\x05\x43\xf6\x3d\x54\x7b\xe7\x7d\x0a\x4c\x9b\xf6\x5d\x42\xf3\xa2\x76\x14\x4d\x2e\x47\x4e\x29\x42\xf3\x79\x02\x21\xe2\x6f\xba\xe7\xca\x91\xef\xd8\x59\x21\x99\x08\x35\xfa\xfb\x6d\xc6\x74\x63\x5c\x96\x01\x82\x10\x38\xb5\x27\x11\x34\x3d\x1a\xa2\x5f\x1c\x46\xba\x4e\x3c\x6e\x71\x2b\xac\x19\xe5\x3e\xae\x30\xe5\x24\x6e\x4f\x04\xdd\xf2\xac\xdb\xb3\x41\x63\xc2\x43\x67\x76\x90\xbe\x0b\xf2\xe3\xfa\x16\x48\x70\xb5\xe6\xf5\x36\xb2\x2f\xb8\x9e\x5e\x8e\x1d\x87\xcd\xb3\x40\x44\x97\x7e\xd2\x83\x6e\x54\x4d\x7b\xa4\x93\xdd\x42\xa2\xb6\x49\xbc\xf3\x13\xc5\xb3\x9a\x1d\xbf\xff\x3e\x7f\x2a\x59\xad\xe8\x7d\x3e\x7b\x25\x8f\x58\xe5\x65\xfd\xba\x3e\x4d\x92\xb1\xed\xb8\xbf\xf5\x4d\xc4\x9d\x86\xc5\x3c\x03\x0c\xf5\x8b\x97\xef\x06\x6d\x24\x1b\x54\x05\x30\x21\x39\x05\x73\x9d\x8e\x1a\xa7\x2e\xd9\x0f\x68\x5d\x39\x58\xea\xa2\x42\xb0\xcb\xf7\xa2\xeb\x97\x6e\xe9\x6a\x63\xe6\x67\x86\x46\x41\x69\xa7\x42\xd4\x57\xe4\xd9\x11\x7c\x7d\x66\x42\x84\x45\xa4\x69\x30\xc2\x8b\xa7\xa2\x65\x82\x41\x80\x5e\xbe\x72\xc7\x8e\x02\x03\x5d\x26\x3a\x21\x1e\x59\x0b\x49\x0c\xdb\x84\x41\x50\x62\xee\xd1\x4f\x13\xb8\xa1\xa9\xe7\x7c\x8d\x7b\x75\x51\x5b\x18\xfb\x85\x38\x6e\x4a\x7e\x05\x39\x80\xd3\x0f\x48\x99\xe8\x38\x63\xbe\xe8\x75\x58\x58\x87\xc5\xf4\x8b\x51\x6c\xcb\x73\x1c\x4b\xca\xa3\xdf\x07\xd0\x47\x95\x81\x40\x96\xc7\x9d\x7c\x5f\xdc\x4d\xab\xf5\xe2\x6a\x4c\xa1\x83\x8e\x0e\x5d\x87\xdb\x71\x30\x9b\x81\xea\x7c\xe4\x61\xe5\xe4\x4c\x7a\xb2\xf1\x05\xad\x75\xc5\x43\xc1\xe9\x17\x9c\x36\xa5\xfa\x55\x5e\xc9\x22\xff\xed\x1b\x76\xd2\x58\x01\xdd\x74\xf8\x0c\xd0\xa6\xba\x7b\xc2\x0d\xb0\xad\x58\x0b\x7b\xbb\x9d\xdc\xfd\x93\xad\x1c\x5f\x20\xf3\xe2\x7c\x3e\xa3\xa1\xe7\x1e\xb7\x4f\xf5\xf9\x44\xcd\x3b\x98\xf6\xd0\x45\x29\x59\x30\x11\xc4\xae\xce\xf6\xdc\xaa\x60\xfb\x18\x36\x8c\xb1\x2b\x6e\x39\x1b\x3f\x5d\xf7\x65\xcb\xab\xff\x15\x89\x8c\x84\x79\x6f\xc2\xb5\x3f\xa4\x90\x0d\xad\x03\x4a\x13\xb0\xce\x14\x45\xad\xda\x4e\xf7\x19\xbe\x74\x14\x19\xe2\x31\xe9\x2f\x1f\x66\x7a\x32\x84\x2a\x42\xdb\x79\xbd\x7a\x01\x4a\x80\x9c\x81\x59\x6e\x82\x62\x73\xd1\x6f\xe5\xd4\x04\x58\x24\x2a\xe1\x0e\x12\xe6\x0b\x34\x89\x53\x0c\x66\x22\xb5\xbb\x44\x45\x4f\x29\x61\x6e\x47\xe9\xa2\x97\xce\x1c\xa0\x74\x13\x7f\xd9\xae\x13\xe3\xee\x8e\xdb\xcf\x78\xaf\x26\x54\x59\xdb\x1a\xf3\x42\xdc\x0b\x2f\xc8\x09\xbd\xa0\x15\xb5\xa8\x2b\x2b\x7c\x54\xef\xe4\xe5\xfc\x25\x2e\xb1\x3d\x66\xe8\x08\x93\x6f\x19\x10\xf4\xc4\x8b\xe0\xef\x7a"},
+{{0x77,0x96,0x4d,0xad,0x52,0xb5,0x79,0xb8,0x96,0x67,0x53,0xda,0x31,0x86,0xd1,0xc5,0xe9,0xd3,0x3d,0x33,0xa4,0xdb,0x38,0xbc,0x0d,0x7a,0x1a,0x6c,0x11,0x2c,0x13,0xc2,},{0xfc,0x25,0x12,0x5e,0x78,0x29,0xf6,0x42,0x34,0x37,0x5e,0x52,0xae,0x9f,0x77,0xae,0x10,0x13,0xf9,0x9d,0xf5,0xf9,0x96,0x5a,0xd2,0xaa,0x16,0x58,0x95,0x96,0xd0,0x91,},{0x3d,0x1b,0x4b,0x4e,0x82,0x0d,0x25,0x0b,0xe2,0xa8,0xfa,0x97,0x1e,0x59,0x9e,0x1e,0x98,0x97,0x75,0x28,0xb2,0xf9,0x30,0x18,0x96,0x81,0xa9,0x3b,0x05,0xe1,0xa7,0x06,0xfc,0x80,0xef,0xfa,0x94,0xe9,0x29,0xbc,0x43,0x92,0x16,0x56,0x89,0x73,0x88,0x28,0x8a,0x9b,0x29,0x27,0x1f,0x37,0xa1,0x4b,0xe0,0x14,0xb8,0x73,0xc6,0x8f,0xc9,0x04,},"\xc3\x39\xe7\x18\xa7\x57\xf3\xf3\xbd\x1b\xab\xdd\x2e\x00\xaa\xa5\xcd\x7f\xc9\x00\x5e\xe3\x4b\x6f\xdc\x09\xd7\x1f\xbd\x9c\x92\x89\xab\x1d\xd1\x4d\xba\x2c\xad\x58\xcb\x80\x51\x16\x77\x7b\xd8\x0c\x85\x96\x64\x33\xad\x46\xf9\xca\x6e\x54\xf1\x3d\xd3\xca\x7e\x56\xe4\x7f\xea\x41\xe5\x48\x8a\x45\xad\x53\xbc\x5d\x65\x74\x27\xe1\xd7\x93\x8f\x55\x19\xf1\xb0\x9f\x5b\xdd\x98\xaa\xe5\xac\x96\x43\xef\x78\xeb\xa4\x93\x49\x25\x33\x9a\x15\x5d\xc6\x68\x28\x57\x10\x02\x09\x7a\x11\xa5\xce\xe7\xb5\x1a\x44\x1b\x75\x6b\x0c\xe6\x5b\x77\x9a\xfe\x19\xda\x6a\x18\xef\xc1\x45\xf6\x09\x0c\xe7\x70\xde\x9e\x0e\x91\xf5\x43\x27\x0a\x09\x85\xea\xb4\x75\x29\x3c\xcf\xdd\x31\x41\xc4\x14\x2e\x47\x22\x23\x3b\x26\x74\x99\x44\x76\x41\x23\x5d\x72\x8b\xd7\x5c\xd1\xad\xc0\xdb\x14\x2f\x73\x31\xad\xdd\xf8\xc5\xee\xa3\xd5\x76\x40\x5d\x86\x99\x15\xb5\x60\xf9\x64\xe3\xe0\x00\x3c\x91\xf5\xe9\x6b\xff\xbe\xee\xc7\x3e\x51\x02\x4e\xf5\x2c\x55\xc6\xdc\xb5\x4d\x58\x20\x3e\x62\xf4\xdd\xb6\xe1\x37\xeb\x08\xe1\xbf\x13\x26\x01\x8a\xfd\x1a\x86\xca\xb6\xc8\x41\xe0\x66\x1c\xe0\xa1\xa7\xae\x96\x7f\x24\xc1\xa7\x7f\xc7\xca\x50\x5f\x72\xe5\xf7\x93\x6e\x39\xc6\xf4\x83\x7e\x25\x95\x19\x5a\x69\xcd\x67\x65\x10\xa7\x16\x1a\x4d\xc5\xe3\x18\xf3\xd4\xf3\xac\x0a\xf0\x3f\x8c\x4a\xe5\xbc\xe3\x93\x24\xe9\x73\x8a\xea\x49\xf0\x02\xd3\x2d\x16\xde\x23\x17\xe9\x5a\x9f\x32\xee\x60\x4e\x13\xdb\x80\x38\xb2\x64\xcf\xc1\x7a\xed\x29\xc9\xde\xbf\x81\x91\xde\x9e\x0e\xfc\x95\x1a\xd6\xd5\x48\x67\x06\x8c\xf5\x0a\x26\x9c\x37\xa2\x41\xf8\x52\x06\x78\x8d\x23\x14\x31\x77\xf6\x59\xcc\xa6\x6c\xfc\xe0\x3b\xc0\x50\x22\x55\x33\x7f\x16\xb3\xda\xd6\xf7\x91\x32\xab\xf8\x0f\xf1\x2b\x6d\x22\x81\xe6\x37\xeb\x6c\x71\xf7\x6e\x26\x33\xa1\x14\x56\x52\x40\xee\xd0\x0f\xab\xea\x9e\xd8\xde\x28\xc8\x32\x21\xf8\xcb\x48\x5f\x51\x2d\x90\x08\xbf\xc7\x4a\x36\x6d\x4c\x2b\x4e\xd1\x72\xd3\x67\xe0\x24\x7c\xb6\x50\x98\xc1\x10\x28\x2e\x83\x1d\xf8\xe9\xbd\x4f\xbd\x5f\x4d\xd2\xb7\xf2\x42\x0c\x23\xb8\x5a\x63\x7a\xa2\x26\x2c\x3c\xb8\x84\x05\xf7\x07\x30\xc9\xab\x4c\x9d\x0f\x22\x7e\xe4\xfa\x4e\xf9\x1e\xfe\x9a\x59\xb3\xe6\xd8\x43\xdb\x87\x9f\x56\x50\x05\x9e\x99\xf0\xe4\xa0\x38\x68\x38\xe6\xf9\x87\x6f\x67\xd5\x0f\x89\x83\x2d\xda\x5f\x30\xa9\xcb\xfd\x71\x01\x34\xf9\xb5\xb5\x46\x27\x49\x6a\xa3\xa4\x32\x12\xb0\x7f\x03\xdb\x11\xd3\xd4\xf8\x75\xd4\x1d\x1f\x4a\xc4\x59\x69\xdd\xef\x69\xf8\x1a\x06\xd2\xb0\xc6\x46\xc9\xcd\x93\x1c\xf2\x50\x2f\xef\x0d\xd3\x2a\xbb\xf0\x95\x1e\xd3\x03\xf5\x28\x48\x25\x93\x43\x97\xfc\x22\xe7\x86\x98\xd3\x5a\xd8\x1d\x82\x25\x6b\xf9\xe1\x54\x00\xa1\x09\x16\x23\xa9\x82\x6f\x1e\x57\x79\x23\x67\x41\x7e\xf0\x25\x86\xd6\x4e\x65\x0d\xa9\xac\xe2\xf1\x8a\xa0\xa1\x26\xd8\x67\xca\xc4\xb5\xd4\xc9\x1b\xf5\x20\x9e\x53\x59\x55\x63\x86\xf8\x27\x08\x3e\xb5\x3e\x8b\x47\x09\xff\xfa\xbe\x92\xc6\x1d\x78\xff\xb5\xda\xf1\x02\x74\xe2\x42\xa7\x00\x91\xf3\xf9\xb9\xd5\x96\xc1\x25\x8c\x9a\x63\x38\x4f\x4b\x05\xb0\x28\x66\x12\x22\x18\x1c\x0f\xca\x96\x5f\x0a\x2c\xb5\x6e\x4b\x55\x6d\x6f\xbf\xf7\x1b\x64\xd9\xb3\x58\xda\x31\xaa\x37\xc7\x4f\xf5\x96\x2f\xb8\xd9\x6a\x38\x3d\x04\x97\x24\xc1\x9e\x24\x9c\x9e\xdb\xb2\xa3\x75\xb2\x3c\xe3\x10\x4d\xa0\xec\x58\xd2\x63\x5b\xa0\x3b\x55\x42\x3f\xa2\xdb\x7e\xb3\x49\xa4\xfc\x58\xa1\xef\x54\x0e\xe9\xa0\x2c\x2e\x70\x3c\x68\xd7\xf8\x47\x5f\x43\x4d\xdd\x32\x00\xdb\x1f\x06\x74\x57\x91\xa3\xac\xc3\x16\x0d\xba\x50\xa3\x93\x44\x7f\xfe\xef\x6d\xc7\xb9\x8f\xb0\x66\x84\xcc\x90\xfd\x85\x20\x3d\x11\x9d\xcd\x81\x99\xe4\xd9\xa8\x9a\xe3\x46\x7a\xe4\xbb\x19\xfb\x71\xcf\x74\x70\x29\xc2\x40\x96\xf9\xa5\x0e"},
+{{0x5c,0xaf,0xd8,0x17,0xa4,0x41,0x0c,0xcb,0x27,0x12,0x17,0x23,0xef,0x32,0x07,0xc1,0x73,0x1a,0x08,0x61,0x94,0x5b,0xe9,0x62,0x71,0x4c,0x0e,0xd9,0x50,0x38,0xa1,0x95,},{0x4e,0xa0,0x86,0xbe,0x43,0xec,0xe1,0xc3,0x2d,0x08,0x05,0x9b,0xba,0xdc,0x9e,0x9a,0x2b,0x2f,0x4f,0x3f,0xe3,0x70,0xf1,0xf5,0xcc,0xd7,0xdb,0xde,0xc0,0xaa,0xf3,0x03,},{0x28,0x85,0x15,0xfa,0x72,0x59,0xf1,0xeb,0x58,0x7f,0xe8,0xa2,0xc4,0x03,0x43,0x4c,0x46,0xf8,0xd7,0xe7,0x5b,0x6d,0x22,0xbb,0x38,0x96,0x56,0x6c,0x01,0x7d,0x09,0xb6,0x98,0xc2,0xc8,0x07,0x79,0x9c,0x2f,0x65,0xf9,0xcd,0xb4,0xeb,0x58,0x15,0x1c,0xcf,0xc4,0x8d,0x10,0x80,0x61,0xa6,0xb3,0x14,0x84,0x32,0xb2,0xbf,0xc1,0xcd,0xab,0x05,},"\x50\xb2\xf0\x53\x42\x41\x80\x46\xd1\x6a\x30\xbe\x4f\xc6\x2b\x67\xda\xf6\xc1\x8d\x2a\x74\x24\x2b\x7c\xb5\x5b\xa9\x0a\xd2\x0b\x6c\xaf\xdd\x60\x15\x57\x37\xc2\x9d\xe4\x8a\xa5\xd7\x99\xfe\x54\x95\xfe\x59\xdf\x5a\x9b\x8c\x0a\x8e\x54\x18\x90\x47\x63\xfb\xad\x83\xea\x69\x86\x65\x1b\xac\x31\x11\x79\x39\xce\xf4\xe0\xc7\x99\x30\xd5\x2d\xfd\x7d\xb4\x3c\x31\xad\xda\xe3\xcf\x93\xe3\xef\xc5\xa9\x16\xef\xd0\xd6\x5f\xdc\x30\x90\x9f\xa3\x56\xcc\xbc\x52\x47\xd7\xaa\xa0\x67\x13\x1b\x6b\x48\x20\xfd\x02\xf8\xe3\x95\xf5\xa9\x70\x4c\x9b\xdd\x75\x60\xa6\x11\xd6\x25\x59\xa8\xdf\xe1\xd2\x85\x9c\x52\x48\x6c\xc1\x1e\xd3\x33\x19\x92\x48\x8f\x41\x75\x20\xd9\x20\xdc\x73\xa3\x2d\x4f\x08\x11\x00\x82\x50\x0f\x5a\x96\x2a\x30\x69\x32\xc6\xa7\x80\x29\x55\xce\xda\xd7\xab\xf5\x3b\x0f\x19\xfe\x47\x94\xa3\x1d\x6b\x85\x53\x80\x28\x43\x06\xcc\xff\x71\xa4\x00\x78\x59\xa2\x32\x8b\xb1\x90\x24\xc4\x3e\x10\xd7\x70\x64\xd8\x66\xd9\x62\x2d\x14\x2c\x27\x35\x4b\x84\xac\x3b\x4f\x82\x32\xf7\xa2\xf8\xaf\x64\x09\xd5\xcc\x75\x7a\x18\xef\x81\x3d\xfa\xf4\xb9\xbc\x04\x0c\xb0\x06\xd7\x7f\x14\x36\x41\xaa\x20\x36\xac\x7b\xc9\x28\xdc\x96\x58\x5d\x9e\x36\xc7\xbc\x9c\x56\x4d\x25\xf1\xc2\xcc\x0b\xea\xb9\xd5\xf2\x07\xe8\x4b\x21\x5f\x1e\x7a\xa6\xfc\x32\x82\x37\xb7\x9c\x39\x92\x3a\x4e\x09\xc7\xc7\x3d\xc6\xb2\x4b\x14\x16\x29\x4d\x79\x8a\x4e\xd5\xf7\x58\x33\x6d\x91\x5a\x87\x0a\x7d\x6b\x75\x92\xb5\xb8\x8a\xac\xe2\xdc\x5f\x26\x7b\xdb\x49\x11\x41\xcb\xba\xe2\xa6\x77\x40\x7c\xc0\x95\x5f\x96\x19\x62\x59\x93\x04\xba\x0b\x83\x96\x71\xa5\xc0\x00\xe9\x20\x10\x8a\x05\x29\x80\x87\xe4\x97\x70\xae\xee\xaa\xb3\x63\x27\x24\xcb\x0f\xc2\x28\x57\x96\xdc\x41\x48\x14\xfd\xa7\x8a\x54\xe6\x7f\x00\xa0\x2f\x77\xd3\xcc\xde\x1e\xd9\xd7\xb1\xde\xf1\x4e\xa1\xf6\x19\x10\xbd\xf3\x0a\x11\x96\xfc\x63\x51\xb6\x22\x54\xd6\x44\x5e\x6c\x90\x44\x5b\x16\xef\xaf\xe2\x89\xa2\x78\x4b\x92\xe4\x2b\x78\xa4\xa9\x00\xc3\x5f\x55\x63\x0b\xbb\x77\x62\xff\x9e\xb7\xfe\xf7\xd0\x4c\x90\xb9\x57\x1c\x4f\xc7\x60\xa4\x10\xdb\xfc\x25\x29\x91\xd0\xba\x27\xf2\xd4\x14\xfe\x64\xee\xfd\xff\x4a\xbc\x18\x81\x7c\x97\x06\xc6\x31\xbf\xa2\x03\x82\x1d\x3b\x92\xcb\x33\x8b\xaa\xf5\xd1\x23\x2b\x46\x26\x47\x95\x4d\x09\x02\x46\x2f\xb1\x69\x6e\x99\x1f\x07\xfa\x9c\x3d\xbc\xf2\x87\x29\x60\x83\x1b\x4d\xed\x92\xa4\x21\xcf\x21\xb7\x53\x16\x5f\xf3\x09\xef\xe2\xef\x54\x38\xc0\x12\x70\xd1\x0c\x6a\x03\xd3\x4f\x71\xeb\xc2\xda\xb1\xda\x90\xda\xa3\x57\x98\x4d\x24\x62\xbc\xb3\x5e\xe3\xde\x55\xc3\xa5\x5f\x8b\x98\xae\xc2\x11\x4f\x74\xc8\x43\x41\xa6\x41\x27\x86\x3c\x12\x0b\x5e\xca\xd9\xe3\x29\xa5\x75\x6a\xe4\xa2\x55\x5d\x84\x92\xcd\xa8\x35\x22\x5a\x8d\xeb\x3f\x9c\x15\x58\xf0\xd4\x25\xbc\x17\x2f\xf7\x64\x0c\xc7\x9d\x97\x80\x04\x16\xfd\x62\x94\xcc\xcc\x70\xcd\x1c\xf5\xb6\xa8\xe2\xaa\x07\x28\x9b\xd5\x22\xbf\x99\xdc\x96\xc3\x6b\xfe\xe8\x0e\x84\x6f\x5d\xd7\x46\xdd\x4c\x50\x03\xe4\xbf\x7d\x29\xef\xee\xa7\x50\x8a\x01\x61\x23\x68\x82\xc9\xa8\x2a\x56\xaa\x2c\x25\x74\x66\x96\x52\xc6\x30\x92\x3a\xb4\x70\xdd\xb9\x5d\x45\x6f\x7b\x8e\x8f\x07\x59\x9b\xa0\xd1\xd3\x8b\xc7\xf8\x17\x6e\x3f\xdf\x02\x09\xbd\x6f\x75\xd4\xcc\x11\x80\x3a\xfb\x18\x56\xcb\xc0\xe9\x1c\x73\x73\x0e\x4f\xb9\x8f\x3c\x94\x8a\x87\xd5\xa7\xed\xcc\x0a\x6a\x8a\xc8\x10\xea\x3e\xaa\x6e\x06\x3c\xec\x5f\x55\x66\xcd\x6d\xed\xc5\x37\xdb\x6d\x68\x6b\x80\x21\xf6\xea\x82\x5a\xd7\x47\x5e\xc7\xf1\xc5\xdb\xde\x45\xd3\xff\x4b\x5e\xe5\x1c\x0d\x04\xf1\xd7\x40\x18\xeb\x91\xe5\x04\x0d\x01\xc8\xb7\x1a\x4a\xab\xbd\xe6\x09\x4d\x4a\xfe\xcc\xb1\x8d\xfc\xde\xd7\x3e\xa7\x5e\x3b\x9f\x8c\xe1\x67\xdf\x62\x09\xae"},
+{{0xd5,0xca,0xc8,0x55,0x21,0xaf,0x78,0x1f,0x3d,0x5f,0x66,0x86,0x2a,0x04,0xb0,0x87,0xd0,0xcc,0xdc,0xac,0x92,0x6c,0xfe,0x9e,0x74,0x7b,0xe8,0xd5,0xc2,0x63,0x3f,0x78,},{0x10,0x0d,0xcc,0x53,0x03,0x9b,0xf0,0x5e,0xa0,0xa9,0xf5,0x88,0x82,0x12,0x69,0x3d,0x4f,0x9e,0x0e,0x75,0x25,0x95,0xbb,0xcd,0x02,0x06,0x10,0xe0,0xae,0x21,0x35,0x96,},{0x5d,0xc0,0x33,0x63,0x41,0x4e,0xea,0xc0,0x08,0x6f,0xb6,0xfe,0xba,0x44,0x21,0x7c,0xef,0x4c,0x52,0x0d,0xb6,0x19,0x26,0xdf,0x68,0x0c,0xa6,0x02,0xdc,0x11,0x00,0x3c,0xe6,0xaf,0xbf,0x3d,0x13,0xc8,0xc5,0xb0,0x52,0x73,0xd2,0x14,0x15,0xe6,0x7c,0x14,0xa2,0xee,0x5d,0x0b,0x1d,0x53,0x52,0x41,0x9a,0xb9,0xb3,0x9c,0x00,0x3a,0x51,0x0c,},"\xd5\xe7\xdd\x59\x49\x09\x37\x5a\x4b\xe0\x8e\x74\x82\x5d\x59\x8d\x53\x5b\xf4\x6e\xc0\x84\xde\x52\xb5\x73\x91\xc1\x27\xef\xf5\x22\x4a\xb2\xd1\x94\xdf\xb2\x66\x33\x47\x8d\x02\xfb\xda\x74\xd1\xdc\x58\x21\xf7\x91\xbf\x96\x2d\x8d\xad\x9e\x4e\xf2\x42\x24\x89\x19\x07\xb0\x18\x9c\xcc\xc8\xb1\x33\xd3\xaa\x20\x78\x92\x6d\xae\xf2\x89\x8c\x19\xc2\xe0\xbf\xe0\x20\x41\xa9\x04\xb9\xf0\x4b\xe7\xcb\x50\xae\xd0\xd9\x62\xd1\xad\xd2\x0b\x40\xa8\x8a\xb7\xab\xad\x62\x6c\xf4\xda\x0a\x78\xf9\xf5\x36\x85\x50\x1f\xdf\xa5\x85\x43\xdd\xf2\xea\x0e\xea\x69\xe7\xba\x16\x0f\x8a\x17\x7a\x25\xfc\x21\xe8\xa2\x9c\x66\x16\x33\xe3\x0e\x52\x3b\x0e\xc0\x1b\x2a\xee\xe2\xd4\x26\xe4\xae\xad\x45\x74\x88\x10\x8f\xe5\xf5\x69\xcf\x6e\x2f\xdb\x68\xc2\x8f\x2b\x30\x52\x82\x35\x77\xcd\x93\x4e\x7b\x06\x2c\x8a\x34\x24\xcd\x43\x67\xfb\x31\x5b\x74\x4c\xa3\x52\x55\xd7\xf1\xaf\x4e\xdc\x9b\xc9\xd8\x83\x71\x23\xd9\x79\x03\xb4\x3d\xf3\x67\xc7\xd4\x18\xc7\x93\x47\xff\xaf\xe7\xc7\xb1\x72\x4b\xba\x34\xed\xe8\xd3\x56\x8d\xb5\x05\x98\x3e\xad\x47\xf6\x2b\x56\xe3\x61\x8c\x11\xdb\x8f\xf0\xbf\x49\x2a\xc6\x75\x97\xd2\xf9\x6a\x6f\x42\x0f\xf9\x85\x34\x1b\x78\x6a\xd6\xce\xae\xdd\x10\x5d\x0d\x15\x63\xb2\xd5\x35\x43\xd7\x8e\x72\x56\x72\x5d\x20\x4e\x82\xed\x3a\x2e\x6a\x6e\x83\xdf\x61\xfc\x28\x2a\x62\xca\x06\xe6\x21\x74\xb5\x5b\xef\x40\xa0\xbd\xf8\xd2\x3d\x1c\x33\x0c\x71\x44\x14\x85\xee\x85\xe7\x0c\xed\x12\x1e\xac\x60\x7f\x58\x06\x78\x16\x3e\x4b\xd7\x5c\x67\x09\xff\x3b\x41\xde\x80\x59\x4b\x9e\x2f\x2a\xa2\x78\xfe\xfc\x21\xd7\x3e\xe3\xf7\x28\x54\xb9\x58\xd9\xa8\xf6\x3e\x3d\x70\xf7\xfe\xad\x8c\x3d\xca\x8e\x71\xbf\x4b\x9c\x2a\x36\xf2\x12\xb3\x2e\xb3\x29\x2e\x63\x55\x80\x38\x65\x59\xee\x1a\x11\xdf\x15\x29\x3a\x0c\x21\xcd\x73\x60\x86\x98\x46\xba\x5b\x7b\xa8\x5c\x99\x4f\x5b\x2f\x9c\xc5\x0e\x5e\xea\x8e\x4b\x36\x91\xd8\x86\x06\x2a\x18\xcf\xb1\x82\xf1\xe8\xb6\x11\xfe\x1b\xc2\x63\x15\x9c\xb8\xa0\x86\x78\x7c\x81\x1b\xea\x48\x12\x53\x00\x08\xc7\x0c\xa0\xc4\x7e\x64\xeb\x2f\xba\xd5\xb0\x27\x27\xa6\x6f\x2c\xdd\x6d\xde\x86\xf5\xd2\xa9\x64\x5a\x1e\x9a\xa6\x6e\xe0\xe1\x5b\x97\xf5\xfd\x22\x95\x96\xee\x02\xe6\x61\xca\xb9\xa5\x4e\xee\x1b\x81\xf9\x8f\xe2\x56\xed\x6c\x54\xfe\xaa\xa0\xba\x04\x7e\xea\x35\x33\x44\xf6\xe5\xc6\x2b\xe1\xe9\xd5\xc0\x9a\x2a\x69\x94\x11\x11\x0c\x56\xd1\x94\x9e\x90\xc0\x7b\x19\x38\xba\x95\x55\xac\x1b\xe8\x51\x1b\x51\x02\x18\xd7\xcd\xe7\xe1\xd7\x4a\x68\xaf\xb6\x42\xf8\x17\x15\xfe\x9e\x6c\x96\xc5\x03\x81\xae\x5a\x9d\xf3\x06\x51\x87\x85\xdc\x4d\xbc\x3a\x64\xf6\x0f\x24\x5c\x56\x4b\x80\x29\x51\x2f\x38\x1b\x56\xee\x78\x77\x03\x42\x68\x03\xc8\x0a\xb1\xc3\x11\xf4\x77\xb8\x91\x70\x8b\x59\xfa\x74\x8f\x32\xde\xbf\x54\xd2\x41\x37\x71\x97\x8c\x26\x5c\x9b\x87\x11\x4a\xdf\x25\xb8\x33\x7a\xa9\x3b\x0e\x63\x2a\x5b\x6e\xda\x47\x4b\xec\x16\x32\x81\x59\xfb\xed\x06\x7b\x00\xb8\x7a\xdd\x61\x96\x54\x92\xec\xcc\x6f\xd3\x46\x1c\x10\x00\xe4\x03\x7a\xb1\xe8\xac\x89\xa8\x52\x4f\x78\xae\x09\xd3\x08\xea\x6c\x94\xff\x88\x37\x32\xb7\x12\xee\xc0\xef\x07\x71\x8d\x33\xc0\x11\xb9\x39\x8f\x8c\xfe\xa7\x33\x07\x5a\xf3\x31\xfb\x3f\x97\xcd\xc1\xe8\xc9\x9f\x6a\x10\x72\x5a\x68\xc5\xc5\x8f\xdd\x8b\x0b\xaa\x50\x22\x7f\x34\xd7\x3d\x23\x90\x52\x03\x69\x8e\xaf\xf6\x26\x65\x4c\xe8\x3d\x86\x51\x08\x49\x9b\xe6\x86\x1f\x61\x41\xbf\xa6\x21\x9d\x7a\xb8\xb5\x84\x51\x91\x99\xf8\x80\xcf\xa1\xb2\x6d\x91\x94\xd3\x01\x71\x1c\x30\xfb\x44\x6d\x6e\xa7\x64\xa4\x31\x0f\x70\xe4\xb8\x59\xcf\x95\xfd\x44\xaa\xf8\xc1\xe2\x40\xe8\x0a\x71\x61\x1d\xbc\xf5\x2d\xa5\x8e\xdc\x32\x03\x11\xde\x38\x8d\x5d\x9d\x76\x9e\xb5\x9b\xe0\x93"},
+{{0x15,0x9a,0x9e,0xdd,0xea,0x5d,0xe6,0x34,0x03,0x98,0x7b,0x56,0x70,0xdb,0x6f,0xac,0x98,0xff,0xe5,0xec,0x3a,0x6c,0xf0,0x15,0x16,0xee,0x2c,0x70,0xce,0x3b,0x3b,0xe0,},{0xf6,0x1f,0x4a,0x04,0xa5,0xa1,0x2c,0xca,0xec,0xfa,0xf4,0x4c,0x1c,0x9c,0x18,0x88,0x47,0x5a,0x2c,0x89,0xfb,0x02,0xf2,0x6b,0xb8,0x1a,0xb5,0xf7,0x8f,0x4c,0xe3,0xa8,},{0x05,0x43,0x71,0x2c,0xef,0xa2,0x9a,0x22,0x0d,0x90,0xf8,0x1b,0xaa,0x4e,0x4c,0xf7,0x7a,0xc6,0x52,0x08,0xb2,0xd5,0xce,0x9f,0xd1,0x7c,0xe2,0x14,0xad,0x4a,0x93,0x7b,0x7f,0xc5,0xc7,0x86,0x41,0x3b,0x58,0x05,0x1c,0xca,0x3b,0xb8,0xb2,0xeb,0x55,0x65,0x7d,0x89,0x57,0x2b,0xc5,0x0e,0xa2,0xe5,0xec,0xdc,0x55,0x50,0x88,0x49,0x16,0x03,},"\xd1\x95\xe5\x90\x0d\xd3\x93\x14\x81\xbc\x01\x2e\x77\xbf\x06\x0a\xaf\x31\xcc\xcb\x0f\xe1\xa6\xc4\x0e\xaf\x28\x6a\x61\x66\xa1\x66\xb1\xea\x37\x05\x34\x26\x28\x4b\x92\x0c\x67\xfe\xe1\xd4\xb9\xd8\x6f\xb8\x61\xcc\x6e\xdd\x34\xe1\x0c\x52\x23\x37\x34\xd9\xcd\x92\xf5\xdb\xf4\x33\x51\x2e\xd2\x55\xac\x6b\x26\xe5\x6f\x5c\x66\x4b\xcc\xb2\x60\x69\x2c\xf4\x9d\x08\x36\x3e\xe9\x4e\x33\x6a\xcc\x48\x96\x00\xa6\xaa\x51\x2a\x04\x0f\x10\xeb\xf1\x8f\x7d\x2c\xbe\xe9\xca\xd1\x4c\x4f\xf8\x73\x77\xa3\x26\x34\x19\xd8\x29\x75\x29\x40\x1f\x15\x33\x7a\x4c\x4d\x23\x25\xed\x7d\xef\x76\x3a\x0d\x47\x9c\xaa\x40\x82\x66\x83\x4d\xa2\x42\xf3\xa1\x6b\x79\xa4\x58\x66\xb9\xd9\xd7\x1a\x48\x29\x31\x76\x74\xcf\xf7\xae\x6c\x8c\x58\x7b\xa4\xd4\x98\x0e\x81\x86\x13\xd3\xad\x82\x50\x7a\x7a\xb0\x32\xbb\xf9\x9c\x5e\x9b\x64\x03\x71\xbb\x41\xb9\x1e\x96\x5d\xc3\x1e\x8c\x7d\x4b\x3b\xaf\xd4\x95\x70\x52\x7f\xaa\xa8\x7a\xbb\xf6\x41\x6c\x47\xb1\xb1\xb0\x9d\x34\x01\x25\x31\x26\xcb\x24\x6a\xe4\x5a\xcf\x5f\x10\x0b\xb1\xf9\x2f\x11\xa5\xc6\xc9\x37\xe0\x58\x8d\x8b\x14\x6b\x3e\x4d\x3c\x7e\x5b\xf5\x74\x84\xe9\x84\xfe\x3a\xfc\x47\x72\xf2\x4e\xbf\x89\x4c\xdb\x39\x83\x7f\xbd\x46\x9a\x92\x1a\x96\xac\x5a\xf5\xe0\x70\xf6\xc9\x62\x4c\x58\x8e\x9d\x4f\xe6\xdd\xfe\xed\x1f\x8f\xe2\x0e\xb9\xc4\x60\xce\x6e\xe3\x8b\xf4\x71\xdd\x56\xdc\xf2\xe3\xee\x99\x8b\x8e\x7f\xdc\xf6\x12\xe7\x8a\x2e\x7c\x71\x73\xc0\x16\x09\x82\xbe\xde\xcc\x2c\x62\x1e\x5f\x66\x11\xb4\xef\x21\x02\xe3\x2e\x7c\x29\x80\x3a\x7e\x25\xfe\xe1\x51\x24\x31\x58\xa7\x6e\xe5\xd8\xc1\xbb\x2e\x7d\x8c\x88\x87\x1b\xa4\x33\xc5\xe5\x41\xc2\x60\x26\x93\xd9\x01\x10\xbe\x79\x5b\x52\x3a\x8f\xad\xb6\x05\xd8\xe3\xd7\xe4\x93\xfe\x24\x5d\x9c\xc5\x32\x0d\x32\xb8\x5d\x61\x35\xa4\x4b\x11\x68\x72\x94\x14\xc2\xca\x21\x56\x0f\xb4\xfe\xec\xde\xef\x0c\xf7\xd8\xe0\x71\x27\x4e\x88\x56\xc0\x04\x03\x3e\x80\x01\x3c\x73\xaf\x71\x77\xc3\x19\x78\x16\xa5\x03\x2d\x90\x59\xb1\xb6\xe4\x15\x2c\x38\x61\x92\xdd\x54\xb9\x0f\x9d\x30\x8b\xe9\x8e\xd7\xd0\xca\x9d\x12\xe8\xaa\xf6\xf9\xd8\x69\x38\x6a\xa9\xdb\xb0\x15\x93\xd3\x7e\x72\xf0\x90\x12\x4d\x34\x55\x29\x8e\x9b\x4c\x9e\xc3\xca\xe7\x3b\xb8\xee\x41\xeb\x63\xe3\x8c\x56\x13\x3e\xfd\xba\xf4\x49\xb8\x4e\x1e\x49\x1e\x49\x6f\x1c\x70\xa4\x4d\x06\x99\x86\xba\x88\x18\x42\x20\x69\x06\x1b\xb6\xeb\xcb\x7b\x20\x54\xe6\x3d\xf3\x81\xba\x03\xc6\xa7\x67\x4a\xbd\x61\x05\x0d\x69\x3d\x41\xbf\xe3\xca\x50\x46\xc6\x5f\xfb\x06\xa0\x74\x98\x09\xe5\x8d\x4c\x93\xa9\xff\x69\xed\x30\x95\x0b\xde\x1f\x99\x21\x6f\xff\x29\x9f\x22\xf1\x6b\x07\xc2\x54\xc2\x65\xae\x0b\x12\xe3\x13\x16\x3c\xcd\xf5\x03\x6d\x49\x05\x5f\x9a\x96\x67\xb0\xb7\x12\x92\xbc\x3b\x62\x60\xcb\x87\x56\x8f\xd2\x67\x17\x0b\xc9\x40\xc3\x33\x29\xd7\x29\xc9\xe3\x2d\x0f\x91\x80\xb1\x34\xbf\xf8\xae\x93\xb1\xbf\xeb\xfa\x38\x42\xfe\xf2\x0b\xc0\x4a\x29\x7b\x00\xa8\x4a\x0f\x42\x8d\x5f\x42\xfa\xb8\x61\x42\x99\x6d\x4a\xd9\xef\xab\xc4\x98\x52\xf8\x81\x2f\x3b\xfb\x5e\x57\x53\x9e\x21\x86\xeb\x8a\xe2\x29\x58\x0b\xc6\x04\x48\xac\xde\xf5\x72\x3c\x88\x15\x88\xb5\x37\x89\xf0\x5b\x91\xe0\x22\x89\x22\x32\x52\xd7\x53\xf7\x98\x13\x77\x9a\xce\x70\x5e\x04\xae\xd1\x52\x65\xd3\xbd\xf2\xa2\xe4\xb1\x56\x54\x77\x0a\x27\x58\x54\xe6\x4c\xf4\x43\x90\x60\x7a\x45\xd7\xbb\xa9\xaf\x3e\x1a\x2e\x28\x30\x67\xfc\xd6\xe6\x33\xaa\x2d\x24\x03\xbd\x81\xf7\xc7\x92\x76\x55\x10\xb5\x98\x41\x2f\x6b\xda\x07\xb2\xa9\x45\xb9\xf6\xd4\x6a\xb2\xf7\xc3\x20\x07\x5b\xc6\xb6\x0a\x80\xda\xa4\x4a\xf3\x91\xf4\xcd\x56\x21\x31\xbb\xdd\x40\x7d\x66\xf8\xdb\x12\x59\xbd\x76\xfa\x7e\x4d\x52\x64\xe1\x45\x54\x6c\x94\x2d\xfe\x90\x07"},
+{{0xed,0xa0,0xfe,0xac,0x0f,0x2a,0xfe,0x01,0x74,0x49,0x15,0x52,0x48,0x7f,0x39,0x62,0x17,0x13,0x32,0xb8,0x22,0xdc,0x3d,0xa4,0x26,0xf9,0xa5,0xf6,0x2b,0xef,0x7b,0x8d,},{0xef,0xf2,0x7c,0xb5,0x1f,0x4d,0x39,0xc2,0x42,0xf3,0x23,0x01,0x9a,0x12,0x34,0x81,0x8e,0xf2,0xe4,0xcd,0x1b,0xda,0xbc,0x0f,0x2d,0x8d,0x21,0x34,0x58,0xdc,0x47,0x1a,},{0x6c,0xbc,0x7e,0x6f,0x5e,0x12,0x14,0x5b,0x01,0x68,0x7a,0xd9,0xca,0x6b,0xf6,0xe4,0x7f,0x94,0x17,0xc2,0xce,0xfa,0xd3,0xfb,0xd6,0x8f,0xd6,0x5d,0xd7,0x4f,0xaa,0x97,0x50,0xcb,0xa9,0x92,0xde,0x4c,0xeb,0xcf,0xcd,0x35,0x80,0x8c,0xbb,0x3f,0xf1,0x2c,0x8d,0x93,0x07,0x99,0xaf,0x36,0xef,0xe7,0x97,0x6b,0xf2,0xfe,0xa7,0x9e,0x3e,0x0e,},"\x90\x11\x19\xda\x4e\xd1\x81\xaa\x9e\x11\x17\x0b\x20\x62\x6e\x00\xab\xf0\xb5\x48\x24\x5e\x3d\xeb\xf9\x4b\xf5\xed\x50\xae\xef\xe9\x42\xb4\x02\xcc\x99\x48\x94\x78\x52\xde\xdf\x2b\x53\x04\x01\x76\x65\x74\x9c\xd4\x7c\x21\xfc\x65\x2e\xe9\x95\x67\x9f\xf9\x31\xe3\x0e\x94\xaf\x98\xb4\xa9\x8f\xd4\x4e\x84\x9e\x98\x47\x0f\xe0\xa7\x6c\xe8\x0c\x61\xf8\x3f\xb4\xe8\x5b\xa5\x23\xee\x3f\xd2\x5d\xb0\x00\x05\x3b\x49\xd0\x93\x0e\x3b\x07\x9e\x86\x6e\x15\x3f\x7d\x86\x36\x7f\x23\xa4\xc4\xab\xc6\x3b\x30\x75\x46\x1e\x90\xe4\xfd\x89\x6d\xa0\x49\x2e\x27\xd7\x14\x94\x1e\x96\x7f\x52\xc9\x3f\xfa\xec\x44\x80\x3f\x57\x87\x7d\x86\x6e\xb5\xf8\xc5\x28\x17\x85\xaa\x48\x26\x79\x2e\x39\x64\xc6\x65\x90\x82\x1e\xea\x66\x75\x20\x74\x26\x40\x18\xa5\x71\xf5\xb0\x13\xb3\x8e\x15\x2c\x95\xc0\x24\x8a\xe6\x03\x68\x22\xa6\x7a\xfc\x9e\x02\x69\x45\x73\x15\x2b\x86\x4c\x56\xc2\xf7\x30\xa0\x82\x10\xf8\x5e\xc4\x6f\x98\x4a\x64\x3d\x51\x6a\x15\xfc\xfa\xa8\x48\x40\xf5\x12\x04\x7d\x11\x0e\x07\x18\xd2\x93\x95\x5f\x01\x58\x25\x7f\xba\x0d\x78\xeb\x7d\xf2\xf0\xb7\x7e\x6e\xeb\x76\xdb\x5e\x71\x70\x73\x10\xe8\x27\x36\x1c\xd4\xe1\x19\x74\x0e\x63\x92\x2d\xb4\x2c\x2c\xeb\x5e\xe1\x75\xd5\x0d\xec\xc7\xb7\x49\xfd\x23\x25\xbc\xe1\xe6\xa8\xf7\x10\xff\xcc\x1e\x1c\x9b\x33\xc3\x80\xe5\x2a\x64\xda\xa9\x58\x5f\xab\xe4\x06\xd9\xcf\x24\x48\x8f\xe2\x6f\x3a\x49\x5f\xb0\xab\x50\xe1\xe2\xba\xd8\x23\x81\xaa\x22\x43\x10\x99\xcc\x8a\x56\x98\x13\xd7\x9c\x9d\x78\x56\x9c\x0d\x95\xda\x9a\xad\x2b\xfb\x57\x75\x8d\x52\xa3\x75\x27\x52\xe0\x23\xd6\x51\xc9\xcb\x66\xa4\x12\xa5\xc8\x0f\x6b\xa5\x47\x93\xf7\xec\x87\xb4\xc5\x98\xfe\xd2\xce\x24\xab\xd7\x60\x87\x08\x89\x5c\x46\x72\x73\x59\xff\xec\xa6\xd6\xc6\x2e\x10\xa6\x78\xca\xa7\x18\xb4\xcd\x26\x32\x92\xcf\xef\x53\x5b\x9f\xbe\x27\x56\xb7\x39\x6d\x69\x7b\x31\x46\xc5\x51\xe6\xaa\xc1\xf5\xf1\xc2\x4b\xe9\xb6\x7a\x1e\x2a\x2a\xff\x74\x53\x01\xba\x6a\x21\x22\x17\xc5\x3d\x68\x16\x81\xbb\xb4\x01\xbf\x4a\x43\x65\x6f\x5d\x15\xcd\xe9\x69\xc1\x78\x00\x99\xa3\x32\x37\xeb\x19\xa3\xb8\x58\x5d\x6b\x5d\xea\x2f\xb5\x77\x84\x5f\x25\xee\x2a\x82\xcc\xf4\xb2\x85\x02\xf9\x0f\xe8\x0b\x8c\xdc\xdf\x2c\xcf\x93\xc4\x34\xc0\xe6\xaa\x5d\x87\x52\xa4\x43\x43\xc2\xb1\x8d\x20\xfe\x40\x04\xc4\x70\x38\x65\x93\x56\xf8\x7a\xbe\xd5\x44\x50\x34\xd8\xe2\xd3\xd1\x47\x68\xf5\xef\x31\x2c\xf1\x02\xa9\x88\x46\x83\xbc\xc0\xcd\x8a\x71\xe3\xec\x36\xfb\xb6\x33\x4a\x1b\xba\xed\x5d\x2b\xf1\x04\x16\xd8\x2b\xd6\x53\x04\x75\x38\x0a\xb6\xe2\x57\x7b\xbc\x69\xce\xbd\xa7\x5f\xaf\x02\xad\x82\x7b\x54\x51\x82\x13\x20\x6f\xd4\xcd\x66\xf2\x52\xb2\x34\xac\xa9\xee\xde\x7e\x3e\xeb\x81\x5d\xdc\xd8\xd5\x19\xc5\xd7\xf5\xd9\xd1\xfb\x9c\xa0\xfa\x44\x67\x99\x00\x95\xfa\x46\x22\x0c\x20\xa2\x07\x1d\xfc\xaa\xd5\xf0\x24\xda\xe3\x41\x6f\x7c\x49\x2d\x75\x74\x88\xc4\x9a\x2e\x4d\xf4\x83\xbc\x9b\x80\x09\x8e\x0d\x5d\x68\x3f\xac\xb8\xc9\x60\x82\x9d\xff\x09\xb3\x03\x36\x9d\x46\xcb\x57\x33\x1f\xf2\x17\x91\xee\x25\xd6\xbe\x7d\xec\x7e\xba\xf1\xb3\x24\x79\xa7\xf5\x14\xdc\x64\x71\x05\xc9\x44\xc3\x6f\x7d\xbf\x0a\x5b\x58\x91\x28\xdb\xaa\xa4\x21\x71\xd6\x42\xf2\x5a\x98\x1c\xe1\xf8\x37\x9f\x91\x69\x0b\x36\xaf\x77\x46\x48\xd5\x62\x4c\x08\xdb\xd0\xa9\x0f\x70\x87\x16\xdf\xab\x20\x24\xda\xe8\x65\xb9\xc4\x9a\xb2\x74\x73\x82\x6c\xd4\xa0\x10\xbf\xdb\x52\x01\x1d\x8c\x7c\xb3\xf4\x21\xca\x8c\xa3\xcd\x04\x86\x88\x91\x88\xe6\x7d\xf0\x0f\xb8\xc2\xa6\x43\xe7\xad\xb2\xf8\x27\x9f\x76\x3e\x5b\x9a\x81\xb6\xdf\xc3\xf7\x21\xfc\x5f\x68\x49\xf6\x67\x36\x78\x8c\xc5\x57\xc4\xeb\xc6\xfc\x68\xd6\xf6\xac\x77\xbe\xdd\xa8\xac\xb3\x62\x24\x3b\xda\x74\xe7\xb2"},
+{{0xec,0x05,0x9f,0xc6,0xbe,0x98,0x3c,0x27,0xec,0xa9,0x3d,0xdc,0xdc,0xb5,0x3a,0xf7,0x28,0x62,0x55,0xda,0x91,0xe2,0xa5,0x6a,0x68,0x4f,0x64,0x1e,0xc2,0xd0,0x9d,0x6e,},{0xff,0xc6,0xcb,0x75,0x1c,0x70,0x07,0x1b,0x65,0xec,0x2a,0xc6,0xb4,0x5f,0xd1,0xd5,0x5f,0xe8,0x36,0x96,0x5f,0x80,0xb3,0xe7,0xc7,0x84,0xfc,0x70,0x4a,0xcb,0xdf,0x69,},{0xa7,0xb8,0x8e,0x5a,0xbf,0x13,0x28,0x24,0xbd,0xde,0x77,0xc5,0xf8,0xdf,0x94,0xab,0x26,0x48,0x1f,0x6b,0xee,0x66,0x0e,0xa1,0x62,0x24,0x70,0x82,0xa2,0x50,0xd3,0x90,0xc7,0x1d,0x32,0x0a,0xd0,0x60,0xd8,0xef,0x34,0x1f,0xb6,0x9a,0x48,0x32,0x94,0xf0,0xd6,0xde,0x72,0x6f,0x0c,0x86,0x2f,0xa3,0x7e,0xa4,0xbc,0x6d,0xab,0x52,0x15,0x09,},"\xd1\xac\x63\x25\xa4\xe6\x90\xfa\x79\x53\x68\x83\xd5\xc2\x0e\xac\xb7\xd9\x64\xc0\x17\x8f\x74\x2c\x2b\x23\x72\x7d\xeb\x62\x64\x5a\xf7\xc8\x19\x22\xa0\xe7\x2e\x5e\x30\xb5\x83\x9a\x2e\xd5\xe5\x67\xec\x31\xce\x22\x41\x15\xb8\x2d\x2b\xf2\x51\xb7\x39\x3f\x01\xb0\xd0\x3a\x60\x2b\xc1\x20\xae\x62\xaf\x7f\xbc\x37\x9d\xfc\xf9\x5b\xbb\xba\x98\x4a\xab\xa3\x4f\xe2\x12\xac\x99\x00\x33\x28\xb8\x32\xc3\x53\x2d\x42\xee\xe1\xe1\x87\x4d\xc2\x2a\xd6\x7d\xb6\xc9\x1d\xbb\xfb\x2b\x45\x78\x5d\xbc\xd3\x99\x17\xd3\x6f\xb4\x8c\x1b\x5d\x6f\x38\xbd\xda\x5d\x28\xfb\xba\x64\x17\x55\x75\xaf\xea\x46\xc8\xed\x67\x57\xff\x30\x16\x4e\x0d\xf2\xe7\x21\x76\xe8\xb6\xc9\xdb\x5b\x5e\xf3\x90\xb7\x2f\x2d\x4d\x94\xe3\xb6\x6f\x0d\x44\xa7\xe0\xf0\x6e\x89\xde\xbc\xdf\x13\x63\xc0\xe7\x5d\x50\xdb\x5b\xb7\x01\x90\xd1\x9f\x66\xa3\x9c\x6f\x7d\xba\x70\xdf\xcd\x4a\x9f\xed\x02\xc2\xf1\xd0\x67\xe7\xc7\x88\xc5\x8f\xdb\x3e\x17\xa2\x37\x7c\xe4\x86\xec\x65\x82\xf3\xba\x99\x7b\xb5\xf7\x0c\xd6\x21\x00\x29\x56\xf5\x13\x1a\xa3\xa1\x61\x7c\x0c\xeb\xcc\xd9\x39\x1d\xe1\x30\x7c\x85\x97\x0a\x8b\xc1\x55\xf5\x19\x87\x26\x68\x45\x0c\x91\x48\x86\x89\xf5\x3c\x2c\x1a\x7e\xd5\x3f\x38\x8c\xb1\x3a\x2c\x38\x96\xfe\x5b\x7d\x3a\x0d\xc1\x68\x3f\x27\x66\x4c\x8b\xea\xea\x68\x0c\x8c\xc5\x4a\x90\xe4\xc6\xf9\x9f\xbf\x05\xf2\xc2\x2d\xf6\x0d\xe9\xae\xc8\x0c\x79\xb7\xd6\x62\x07\x05\x06\x67\xb4\x52\xd7\x85\x7f\x9a\x8c\xa7\x23\x28\x0d\xac\x79\x92\xe2\x07\x92\x67\xec\x3a\xd9\x11\x40\x46\x42\xc4\xe3\x26\xbf\xb9\x6b\x43\xc8\x94\x34\xba\x4b\xc7\x8c\x25\x2f\x4d\x4c\xa8\xd1\x3a\x88\x74\xc6\xfc\x82\x52\xea\x0b\x56\xc6\xbc\x78\x68\x47\xd4\x31\x83\x06\xe1\xc6\x52\xc4\x52\x58\x5e\xef\xd0\xbd\x9d\xd3\xc1\x48\xa7\x3b\xa8\x6e\xed\xea\x94\x5f\x01\x67\x13\xed\x7d\xf0\x85\xd0\x06\x66\x89\xe7\x92\xda\xcb\x2b\xfc\x1e\xb5\xc8\x24\x37\x2a\x26\xc5\xe9\x44\xaa\x74\x44\xac\x97\x73\xd4\xa1\x92\x1e\x49\xbd\xd4\xf8\xf6\xd7\x88\xc2\x63\xfe\xe0\x4c\x7b\x44\x4c\x53\x05\xed\xb6\x33\xe1\xff\xe0\xba\x4e\xa8\xda\x01\x1a\x62\xf2\xbb\xfe\xf4\xb8\x95\xad\x3f\x22\x4c\x3b\xa3\xbf\xf0\xc9\x5d\x75\x75\x0c\x9b\xcc\x66\xff\x8a\x20\xb6\xc2\x4b\xde\x75\x81\xa7\xec\x38\x66\xf8\x71\x6f\x78\x1f\x46\xdc\xad\x45\xa9\xeb\xcb\x6e\xd4\x69\x53\x36\x83\x97\x01\x17\x35\xd4\xb5\x2d\x00\xe8\xdb\x39\x79\x95\xdb\xdb\x3d\x4f\x42\x54\x68\x7f\x04\x68\x8a\x26\x8c\x30\x5b\x2b\x1f\x62\x2c\xf5\x1b\x17\x47\x75\xba\xd7\xf6\x67\x4a\xdc\x2e\x58\xe0\x5c\xce\x86\x5f\x12\xd7\x56\x9c\x8e\x9b\x35\xbc\xdf\x3c\xcc\xe6\x33\x0d\x08\xce\x53\x40\xa7\xc6\x30\xf2\x7a\x6c\x80\x86\xb5\x14\x6b\x29\x2f\xcb\xf5\x0f\xf6\xaa\xae\xf8\x84\x8a\x70\x7b\x25\x43\xc6\x18\xd1\x7b\xd9\x76\xc2\x40\xbc\x79\xd3\x3e\x00\x4e\x49\x53\x48\x29\x15\xe7\xe6\xef\x94\x96\x4b\xde\xa4\xe0\x2d\xd7\xc2\xf4\x75\x23\x5f\x2b\x99\xe4\x32\x29\xc9\xac\x3a\xba\x0d\xb5\x9a\xc2\xda\x03\xa9\xee\x4f\x37\xdb\xf2\x47\xa3\x3e\x6d\xfe\x5b\xe7\xc7\xf8\x25\x84\xf0\x4a\x46\xd4\x9f\x66\x21\xda\x31\xb9\x1a\xc3\xda\xa4\xd6\x8d\x48\xa5\x66\x59\xb4\x48\xc0\xed\x36\x5c\xb4\xaa\x0c\xfd\x90\x88\x53\xdf\x5b\xbf\xa8\x8e\x60\xe1\x0a\x5a\x00\x2c\x32\xab\x33\x33\xf2\xc3\x9b\xbf\x3e\xe0\x1a\x4a\xa6\x0d\x2d\x01\x42\x3e\x60\x97\xdc\x54\x30\x5f\x81\xa2\xd9\x3e\x2f\x6b\x4e\x8b\x35\x19\x71\xcb\xf2\x45\x7d\xc7\x6e\x1f\xb8\x92\x93\x38\x47\x98\xef\x28\x23\x4e\x9b\x1a\x47\xde\xdc\x23\x36\xf8\x6b\x8e\x13\xc4\xae\xf7\x90\xf5\xa1\x12\x39\xc7\x47\xd9\xd8\x65\xc9\xa1\x5a\xde\xb0\x71\x07\x02\x67\xe5\x34\x62\x56\x64\x8a\xdc\x0f\xa4\xdb\xdf\xd7\x87\xca\x14\x65\xfc\x24\x0a\x32\x4c\x3c\xaf\x29\x31\xda\x41\x49\x9e\x27\x5f\xd4\xb3\x5f\x6d\x08\xdb"},
+{{0xf1,0x6a,0xbd,0xbc,0xc0,0xbc,0xc6,0x1a,0x1a,0xee,0x3a,0xbd,0x87,0x67,0xab,0x52,0xe5,0xf7,0x99,0x99,0xbb,0x77,0xa3,0x97,0x6c,0xbc,0x82,0x67,0x0d,0xfd,0x2f,0x73,},{0x10,0xf4,0x51,0x71,0x9d,0xb0,0xfd,0x21,0x37,0x6e,0x22,0x8a,0x41,0xc3,0x03,0x5c,0x8c,0x2b,0xc4,0x2e,0x5a,0xaa,0x92,0x6f,0xe6,0x08,0x87,0x8d,0xbb,0x0d,0xc7,0xab,},{0x33,0xd8,0x05,0x29,0x08,0x69,0xb8,0xe0,0x4f,0xf0,0x89,0xfa,0xa2,0xd1,0xfa,0xb8,0x37,0x43,0xba,0xda,0x68,0xad,0xe5,0xb3,0x8a,0xe5,0xf0,0xcc,0x58,0xc3,0x37,0x4e,0xba,0x43,0x94,0x3c,0x1f,0x51,0x10,0x67,0x8e,0xb3,0x9b,0x46,0x58,0x61,0x18,0x22,0xa2,0x6d,0x35,0xff,0xe1,0x9e,0x9c,0xfc,0xb9,0xba,0x95,0x89,0xe4,0xec,0x31,0x05,},"\xbf\xac\xd7\xdd\x4e\xea\x46\x7d\xcc\xe4\x04\xf4\xa3\x52\x0a\x45\xb9\x4e\xba\xa6\x22\x19\x7d\x02\xd6\x15\x29\xd2\xb3\xbf\x27\x3c\x4e\xe1\xfb\x95\xa1\x80\xc8\xf8\x7d\xe1\x90\xa2\xe5\xea\x70\xb8\x4a\xe1\xeb\x6f\xd4\x44\x7d\x8a\x3a\x8d\xed\x10\xf6\xed\xe2\x4f\x0e\xb9\x2b\xd3\x0b\xc6\x5d\x48\x71\xe8\xf5\xda\x08\xcb\xe8\xcd\x3c\x0a\xc6\x4f\xd5\xa5\x7a\x6b\x06\x4a\x89\xd5\x15\x9b\x42\xf8\xb3\xe5\xa1\x83\x8c\x9c\xb1\x9d\x88\x10\x6c\x07\x73\xa2\x75\xcd\x2a\x1d\x60\x99\x30\xbf\x6b\x30\xae\xca\x62\xb9\x7e\x31\x9b\xbf\xa9\x34\xf4\xd0\xa1\xe6\xac\x80\xba\xeb\xcb\xa2\xd8\xea\x4b\xed\x9c\xa8\x56\x2b\x4a\xcb\x56\x97\x9b\xf8\x85\x32\x4a\xc4\x0a\xb4\xa5\x0b\xfb\x9f\x34\x90\x49\xfc\x75\xa0\xe0\x3d\xe4\xcc\x43\xea\xe3\xc6\xa6\xcf\xfb\x5f\x6a\xe6\xc9\x45\x04\x41\x5e\x6c\x7e\xd3\x04\x5a\x93\x2f\x47\xfd\x20\xb9\xf3\x48\x3a\x77\xb6\xd4\x49\xd8\xdf\xd4\xa6\x38\xdb\xf5\x6f\x03\xf0\xf0\x31\x87\x90\x59\xb2\xfb\x49\x76\x79\x43\xf4\x6b\x38\x72\xe2\xde\x56\x7d\x5f\xef\x80\xb0\x29\x25\xe9\x86\x3e\x0f\x1d\x31\xa8\x0f\x4e\x64\x51\xc3\x25\x69\x4b\x80\xcf\x1f\x19\x18\xc6\xe4\x98\x87\x8e\xdc\x47\xc4\x53\x0c\xac\x46\x6f\x1a\x29\x4d\x55\xdf\x09\xaf\x4f\xdc\x80\x72\xad\xb1\xbf\x26\xca\x8c\x92\xf9\x12\xa2\xb9\xfe\xbc\x8b\x97\xb5\x8c\x1e\x9d\x32\xc7\x80\x32\x30\x52\x97\x2b\x6f\xbd\x53\x30\x4c\x05\x19\x3c\xae\xb6\x7c\x5b\xd3\xe6\x74\x79\x72\x5d\x29\x7d\xff\xb0\x68\x90\xab\xf8\xcd\x9e\x42\x45\x8e\x16\x8a\x61\x18\xf9\x05\xb1\xd5\x34\x86\x01\x6f\x85\xdc\xd9\x8d\xd3\x39\xe3\x46\x05\x33\xd0\xb8\xa4\x9f\xae\x6d\xc1\xa0\x71\x72\x5e\x6a\xe5\xf2\x94\x47\x9e\xe3\xbd\xca\xeb\x74\x06\x18\x41\xfb\x26\x08\xe8\x8a\x49\xfd\x0f\x38\x95\xb1\x8f\x85\xb9\x0f\x72\x41\xdd\x13\x87\x71\x00\x53\xfa\xa6\x2b\xae\x75\xe9\xae\x39\x36\x9c\x1c\x02\xde\x5d\x19\x24\x2e\xfa\x16\xe1\x1d\x44\xa4\xba\x57\x78\xce\x77\x22\xa9\x1c\xec\x0b\xc0\xa0\x8c\x06\x9b\xdf\xa1\x30\xd1\xc6\xc4\xb5\x6c\x6e\x93\x54\x24\x03\xcc\xf2\x76\x84\xde\xf5\x7d\xef\x26\xdf\x86\xce\xd5\x71\x28\x2d\xc9\x60\x97\x46\x18\xf0\xa7\x4a\x0c\xde\x35\xb6\x53\xcc\x6e\x77\x30\x43\x1b\x82\x5f\xfb\x9b\x8a\xaa\xb3\xc7\xa3\x97\xc9\x92\xbc\x2f\xa2\x32\x70\xfb\x11\xee\x43\x1a\xfd\x5f\x9a\x64\x44\x83\x01\x11\x73\x99\x3f\x19\x48\x5d\xd3\xcb\xdd\x18\x7b\xd3\xd9\x95\xeb\xf0\x03\x1b\x1b\x0d\xe4\xa8\xde\x9c\x14\xeb\x6f\x78\x0e\x36\xb8\x92\x57\x56\xb9\x79\x06\xa1\x96\x9d\x85\xe9\x67\xd8\x80\xe6\xe7\xdd\xa4\x2f\xd3\xc3\x00\x19\xf1\x1d\x70\x81\x07\x1e\xee\x66\x26\x42\x28\x36\xbb\xed\x27\xd4\x6d\xd0\xdf\x1f\xeb\x66\x10\xdc\x85\x9f\x51\x3c\x0b\xc6\x53\xd7\x02\x20\xfe\x04\x8d\x2e\x97\xc2\xe0\x6a\xf5\x30\xe1\x1b\xdc\x70\x29\xbc\xcc\x5c\x92\xed\xec\xef\x5e\x4a\x2e\x0b\xe2\xd2\x51\xf4\x41\x5d\xca\x3e\x55\xb3\xa8\x50\xf2\x63\x0b\x87\x9e\x4e\x03\x6c\xe8\x63\x3b\xf2\x09\x20\xb6\x80\x94\x21\x59\x29\xac\xcc\x7b\xe4\x0c\x57\x78\xbc\x55\x4e\x6e\xdd\x7e\x54\xc9\xe1\x45\xb2\xee\x07\xb6\x5d\x06\x1c\x11\xde\x0e\x83\xf3\x81\xce\x4f\x57\xc6\x48\x3f\x51\x06\x93\x63\x51\x10\x74\xc7\xa5\x77\x35\x3b\x45\xc6\xeb\x71\x19\x9d\xce\x50\x59\xfd\x2c\x46\x11\xb0\x54\x23\x8a\xaa\xdf\x2b\x6b\xa5\x34\xbf\xff\xc2\x72\x2a\xe3\xe3\x1f\xf7\x9a\xe2\xeb\xca\x99\xcc\x35\x07\xf8\xa0\x33\xcf\x4f\xea\x70\xc5\x2f\x7d\xb5\xde\x44\x2b\x42\xb8\xd4\x1e\x99\x01\x2e\x42\xca\x0e\x85\xa9\xfb\x6d\x4f\x16\x5b\x33\x0d\xe6\x38\x3c\x57\x26\xef\xca\x2f\xe9\x71\x34\x00\x02\xf5\x62\xdc\x6c\xb8\xf2\xfa\xf0\x66\x57\x25\xe0\x97\x79\x9d\x09\x60\x91\x86\x4d\x66\xa9\x50\xa5\x79\x09\x53\xee\x16\xb9\xea\x58\x20\x09\x21\x87\x08\xc4\xac\xcd\x81\x38\x13\x58\xa2\xc6\x89\xa0\x41\xd0\x2d\x78\x61\x21"},
+{{0xbe,0x79,0xd1,0xae,0xea,0x86,0xe8,0x6f,0x39,0x81,0x37,0xe6,0x2f,0xfd,0x79,0xe5,0x0e,0xff,0x9f,0x31,0x3f,0x25,0x19,0x2f,0x89,0xe5,0x2f,0x0b,0x4b,0xbd,0x5d,0x32,},{0x18,0x7d,0xac,0x85,0x5c,0xa4,0x42,0xfd,0x9a,0x3d,0xdc,0x32,0x89,0xc2,0x4e,0xb2,0xd2,0x6f,0x7a,0x40,0xfb,0x29,0xd8,0xe7,0x44,0x31,0xb2,0x50,0x22,0xc3,0xa0,0xcc,},{0x6d,0xab,0x59,0x3b,0xb1,0xd4,0x48,0xc9,0x74,0xa6,0x5c,0x6a,0x0b,0x6f,0xad,0x22,0xb4,0x73,0x26,0x32,0xd0,0x04,0x89,0x17,0x6e,0xf1,0x26,0xaa,0x59,0x01,0x09,0xe0,0xa7,0x23,0xa1,0x13,0x10,0x7b,0x53,0xe1,0x7d,0x69,0x0a,0x0d,0x40,0xb0,0xfa,0x33,0x6c,0xc8,0x7f,0xd5,0xfc,0xe8,0xf5,0x41,0xac,0xce,0xc6,0x7f,0x7d,0x1e,0xbc,0x06,},"\x6d\x63\x2a\x7d\x3c\x9b\xe5\x36\x49\xd0\xd1\xa5\xee\xdf\x51\x9a\x41\x3b\x13\xac\x64\xe9\xad\x85\x4d\xfa\x04\xf2\xe1\x73\x29\xd8\x22\xbe\x57\x3d\x9e\x35\xac\x06\x6f\x02\x22\x13\xa3\x44\x62\x0b\xba\x28\x9f\x53\x31\x69\x55\x84\xd1\x34\x3e\x81\x54\x05\xae\xab\xe3\x86\x1d\x63\xb3\xa5\xb9\x2b\x8c\xd8\xee\xed\x22\x80\x22\x2a\xbd\xe3\x0a\x1b\xcc\xd3\xf3\xe4\x11\xaa\xb9\x22\xfa\x1b\xaa\x09\x7a\xa5\xc7\x80\xd0\xea\xef\x94\xea\x10\xfe\x21\xf7\xd6\x39\xb7\x6d\x47\x88\xae\xb5\x92\x4a\x9d\x26\x2d\xcb\xc5\x68\x8a\x3e\x43\x54\x4b\xec\x08\x8c\xa2\xe0\xd0\x6d\x77\xa7\x1f\xb6\x41\xd5\x52\x26\x61\x44\x52\xb1\xe0\x80\x7a\x9f\xcd\x3c\xa6\x9b\xf7\xf2\x5d\x80\x41\x47\x0c\xeb\x7b\x21\xea\xd0\x3e\xc0\x37\xa1\x62\x9b\xd5\x00\xaa\x23\x3b\x59\xbe\x44\x97\x82\x10\xb6\xa3\x66\xf2\x23\xac\xfa\x07\x97\x95\x40\x07\xb0\x0e\xfb\x4f\xfa\xdb\x5f\xc9\x2b\xdb\x37\x86\x3e\x50\x2d\x7d\x70\x68\x10\x39\xed\xf3\x37\x70\xdf\x3d\x1d\xe3\x43\xdc\x35\xf2\x26\xd5\xe7\x39\x44\xba\x02\x55\xe2\xa8\x8e\xf6\xc4\x1e\x47\x2b\x21\x45\x67\xc2\x49\x59\x4a\x50\x87\x8b\x67\x31\xc1\xae\xb5\xb1\x0f\xa9\x1f\xa7\x6a\x37\xe1\xf9\xf1\xc0\x0f\xdb\xfe\x34\x85\xde\xd5\x4a\x00\x9a\xb6\x13\x39\x27\x11\x56\x68\xb5\x9f\x51\x15\x50\x8d\xa9\x37\x0f\x6b\xc9\x2a\x11\x85\xc0\xd5\xca\x01\xd2\x91\xe1\x8c\x54\xac\xfa\xca\x73\x8b\xd7\x19\x68\xa3\x42\xa0\xcb\xa6\x2e\x4b\xb1\x04\xa5\xbb\x37\x9f\xc8\x3e\xe1\x82\x0d\x1d\xb9\x80\x25\x3d\x6c\xb3\x83\xe9\x5a\xf1\x5f\x53\xc8\x5d\x17\x58\x90\xdd\xe5\xe4\xed\x03\xd2\xd0\x13\x5e\x3d\x60\xb1\x82\x93\xf5\xb5\x64\x1e\xf8\x3c\x6e\xce\x3d\x52\x59\x8f\xc6\x35\x36\x86\xe6\xf7\xb0\x9f\xde\xc1\xf6\xf1\x53\x67\x2d\x34\xb4\x89\xb4\x8a\x0d\xb9\xe4\x2c\xed\xa7\x17\x55\x48\x1c\x04\x70\x16\xc2\x25\x34\xe9\x0c\x6d\x20\x1e\xd7\x85\x96\x02\x63\x6e\xa7\x7a\xe8\xc6\x73\x4b\x7c\x4c\x5b\xd9\x95\x79\xc5\x08\x73\x1c\x72\x46\xa2\x95\x86\xe4\x06\xe1\xd9\x32\xf6\x71\x30\x71\xd4\xbe\xa6\x3d\xc5\xe2\xa3\x76\x1e\x16\x02\x4d\x2c\x32\x84\xf7\x09\xa1\xf2\xba\x08\x5e\xad\x32\x00\xc7\x04\x62\x75\xcb\x96\xb6\x1a\x60\xb5\xac\x55\x9b\xc4\x88\xbd\x10\x64\x67\xc3\xde\x50\xbf\x5d\x74\x0d\x05\xc9\xcd\x70\x1d\x65\xb7\xda\xea\x29\xe6\x4d\xd5\xa9\x7a\xdb\x6b\x5c\x82\xcf\x7f\x23\x01\x7a\xa7\xca\x1a\xc9\xa3\x9e\x58\x27\xeb\x47\xe2\x0d\x35\x9b\x67\xc7\xd4\xe1\xa8\xe3\xe2\x7c\x52\xd3\x3d\x93\x03\xa5\x92\x62\x34\x84\xd7\x97\xb4\x02\xcb\xb4\x58\xd1\xac\x2e\xa5\x3e\x1c\x4f\x7a\xbb\x70\xcc\x02\x95\x54\xa2\x34\x57\x4d\xef\x9b\xc3\xb0\xd3\x83\x5d\xc3\x14\x90\x2e\x25\xab\xb2\x2d\xfd\xed\xdc\x67\x9a\x3c\xc8\xf0\x73\x40\xb1\x5f\x57\x62\xf4\x40\x7f\x38\x03\x42\x55\x4e\xd0\xc6\x2f\x73\xb6\x18\x16\xea\x8c\x52\x94\x61\xe1\xbf\x0e\x9d\x1c\x2d\x5e\x4c\x57\x46\x33\x6b\xc0\xe1\x32\x87\x3c\xde\x0d\xc2\x15\x8b\x54\xfa\x1b\x67\x8a\x00\x6b\x4d\x95\xed\xa8\xa9\x55\x71\x42\x73\xb7\xcc\x5c\xf2\xad\xd9\x09\x4d\x46\xe4\x9a\xbc\x09\x6a\x45\xf4\x18\xe2\xed\xbe\x99\xdd\x85\x29\x11\x68\x80\x64\xdf\x7c\xf0\x61\xd0\x7a\xee\xf4\x27\x95\x69\x0f\x48\xc9\xba\x19\x56\x54\x75\xd5\x46\x8a\x9e\xf4\x5d\x7b\xf7\x5f\xd7\x11\x82\xdd\x6e\x64\x01\x38\xf1\x82\xa6\xa0\xc6\xcb\xbd\x00\xc4\x95\xc4\x38\x95\x30\xac\x8e\x67\x96\x0e\xb5\xc5\x76\x3f\x54\x84\xea\xb1\xc1\xab\x85\x01\x40\xda\x04\x2b\xa4\x7e\xd8\x52\x88\x00\xd4\x17\x87\xf0\x75\xfe\x0d\x85\x50\x1a\x7a\xb7\x66\x35\xd0\x34\x10\xd2\x86\xc0\xe1\x7d\xb4\x02\x3a\x76\x39\x74\x68\xcc\xb0\x91\xcc\x5a\xc1\xf6\x43\x45\x87\x91\x3e\xab\x92\x2b\x50\xca\x55\x67\x01\x6d\xde\xa3\x2f\xb5\x32\x55\xbe\x67\xf2\xdc\xf9\xff\xa8\x5d\x11\x7f\x1a\x65\x5f\xa7\x0d\xd3\xa5\x4c\xf9\x91\x53\x1f\x19\x13\x0e\xaa"},
+{{0x26,0x99,0x52,0x17,0x2c,0x3f,0xa9,0x76,0xde,0xfb,0xf4,0x0b,0xd6,0xed,0xd8,0xf1,0x5c,0xfd,0x4b,0xe1,0x0c,0x75,0x8e,0x37,0x41,0xd7,0x41,0x62,0xd8,0xea,0x22,0x9a,},{0x4a,0xea,0x57,0xc7,0x21,0xe3,0xdc,0xca,0x82,0x39,0xe9,0xad,0x9b,0x22,0xc1,0x9b,0xab,0x8d,0xf7,0x2c,0x88,0x79,0x3b,0x24,0xd8,0xdc,0x47,0xcf,0x97,0x40,0xfc,0xf8,},{0x3a,0xc8,0x0d,0x1e,0x8f,0x68,0xb4,0x05,0x8c,0x3a,0x04,0xda,0xd7,0x18,0x73,0x73,0x95,0x9f,0x26,0xa2,0x70,0x02,0x49,0x6f,0x8a,0xfa,0xac,0xcd,0x8b,0xea,0x09,0x01,0xc5,0x4c,0xab,0x87,0xb2,0xa2,0x30,0x2e,0x1f,0x36,0x25,0xc2,0xb0,0x6c,0x7e,0xbc,0xf3,0xce,0x96,0xde,0x3a,0xfd,0xf0,0x0f,0x51,0x94,0xa3,0x5e,0x05,0x52,0xc7,0x0e,},"\x7c\xcb\x6a\x05\x70\xc5\x33\x73\x7b\x9a\x53\x4a\x34\x1a\x7a\x96\xdc\x76\x52\x8b\x99\x7a\x9b\x48\xe6\xe0\xfd\xe1\x0f\x47\x4b\x27\xec\x98\x99\x12\xd1\x76\xca\xb7\x42\xd8\x9a\x84\x8b\x36\x66\xe9\x27\x7d\x69\x5b\x02\x2f\xd5\x3a\x9e\xb8\x9e\x88\xc7\x20\x39\x9e\x24\xed\x25\xdb\x9e\xb3\x5d\x6d\xa0\x09\xe9\xf0\x24\xef\x8e\x65\x51\x65\xbd\xef\x1c\x0d\x79\x7c\x74\xf0\x19\xcd\x59\x1a\x04\x42\xa1\x2d\x1c\xa8\x93\x83\x6c\xa2\x62\x8b\x33\xe8\x54\xf3\x42\x8e\xec\x4a\xa5\xed\x84\xf4\xbd\xd2\xee\xf8\xb6\xd2\x25\xca\xf9\x49\x6d\xf9\xed\xff\xd7\x35\xea\x54\xdb\x1b\xde\xa8\x83\xad\x5d\x47\xeb\x0b\xd4\xa6\x65\x3f\x0a\xb0\x37\xf0\x40\xa4\x15\x17\xa7\x74\x1f\x91\xe8\x2f\xdb\x6f\xda\x04\xf0\xdf\xa1\xbc\xf8\xb9\xb3\x7b\xf2\xbf\xbd\x87\x32\x7a\x63\x6f\x90\x7f\xdf\x96\x8d\x01\x89\xd1\xa1\x18\x09\xc4\x23\x0b\xa6\x9d\x5c\xbd\x84\xf5\x61\xbc\xac\x3a\xd0\x02\xe5\x58\xc5\xb9\xb0\x97\xa0\x19\x02\xf2\x9c\xe3\xf1\xec\x26\x41\x53\xd6\x68\xc7\x8b\x84\x51\x05\xb9\xcd\x2e\xf3\xc9\x43\x53\x1b\x75\xaa\x42\x8f\x17\x9e\x4b\x34\x18\xb1\xd5\xa4\xaa\x7a\xb1\x20\x3e\xfa\x49\x5c\x87\x69\x62\x8e\xb1\x06\x3a\x93\x7b\x73\xe4\xb5\xcd\x0c\xda\x33\xda\xb0\x1a\x50\xc6\x4f\xeb\xd9\x75\xc5\x7a\x1e\x84\x15\x08\xe8\x60\x60\x94\xd0\x82\x4f\xdd\x96\xcc\x6c\xfa\x18\xfa\x82\x09\xb3\x0f\x0a\x2a\x78\xea\xc9\xa7\x67\x17\x6f\x57\x3e\x78\xc0\x68\x80\x9b\x19\x9a\x69\xac\x6d\x33\x5d\x7c\x92\x09\x99\xc4\x0c\xba\xd8\x7c\xf4\xcc\x7c\xa5\xc6\x44\x29\x1d\x75\xad\x7a\x74\xbc\x1e\x63\x92\xd1\xce\x31\x1e\xcf\xd2\xeb\xc9\x16\xe3\x9e\xb6\xaa\x3e\x7d\x89\xfb\x80\x5a\x27\xa5\x5f\x17\x89\x12\xb1\x57\xbc\x01\xa0\x55\xf6\x7a\xef\xa7\x8e\x55\xc8\x06\xcb\xd9\xc0\x1b\xaf\x8e\xf9\x2c\xad\x22\x60\xb4\xbb\x14\xcf\xe6\x17\x82\xde\xe5\xc5\x99\x72\x50\x69\x41\xc4\x62\xa4\xda\x7e\xb8\x99\x53\x1c\xf9\x96\xbc\x98\xba\x36\x29\xef\xfe\x6f\xcd\x17\x06\xd1\xb4\xee\x4f\x2a\x14\xe9\x21\xbd\x40\x8f\x30\xe1\x2e\x73\xfb\x7a\xa8\x60\x53\x6b\x03\xe7\x7c\xa9\x37\x82\x32\x81\xa1\x64\x53\xfe\x82\x79\x35\x94\x32\x01\xe6\xec\x14\x3a\x67\xee\xfa\x4f\x94\xe9\xab\xf9\x4f\x7e\x3d\x41\xb7\x0a\x82\xbe\x69\xde\xd8\xa5\x30\x60\xc2\x30\x5f\x42\xf6\x2f\xe6\xa2\xf7\x04\xb6\x7a\x1e\x8f\xdd\xc7\xd9\x8b\xa7\xf3\x45\x71\x19\xb3\x11\xd4\x49\x66\x3e\xd9\xe3\x20\xd6\x18\xdc\x23\x68\xd4\x95\x08\x75\xb9\xc3\x8c\x5d\x8c\x03\x10\x4e\x2e\x32\xc4\x32\x5d\xed\xd2\xbc\x26\x7e\x2a\xcc\xb0\x11\x20\x18\xe9\xc5\xa8\x00\x7c\xca\xb2\xf6\xd7\xc7\x37\x79\x20\x02\xac\xb7\x30\xd7\x2e\x9f\x73\x08\x29\xeb\xc4\x2c\xa5\x64\xc1\xd9\x27\x1b\xf1\x86\x9c\x4d\x35\x83\x55\x89\xb7\x43\x1e\xf7\xa3\x1a\x07\x00\x60\xfe\x4a\x08\x9f\xb1\x1f\x2d\xd3\xdc\xe6\x5a\xe0\xfb\x45\xbc\x3a\x28\x60\x91\x7d\x93\x3b\xa2\xd0\x90\x56\x9e\xf5\xed\x43\xbc\x25\x32\xdb\x87\x9e\x0f\x1f\x22\x5e\xad\xcb\xef\x1c\x03\xd9\xed\x78\x29\x9e\x23\x3e\x4c\xf0\x7b\x06\x4a\x7b\xaa\xc3\x4c\x5a\x0c\x19\xfc\x3a\x55\x42\x08\x9f\x70\x16\x7b\xe2\xf8\x5b\x4a\x10\xe7\x78\x52\x52\x23\xbe\x8f\xfd\x5c\xff\x96\x48\xb1\x00\x5a\x09\x8b\x4b\x39\x24\x39\x8f\xb0\xbc\xab\xcc\x6e\xdf\x30\xc0\x61\xec\xe7\xae\xa3\x5f\xe9\x8a\x92\x03\xf8\x71\x13\x69\x53\x0f\xeb\x5e\x67\xbb\x2d\x4f\x59\xd9\xc8\xbc\x99\x38\x54\xdd\x47\x47\xcd\xe3\x99\xbd\x0e\x63\x74\x0c\x1c\xc8\x39\xad\x0f\x09\x8a\x38\xa8\x0b\xea\xdd\x64\x8e\x14\x36\xde\xee\x60\xe9\x31\xe6\x8f\x52\x97\x9c\xe4\x9f\x30\x1f\xe3\x9a\xfb\xb6\x15\x35\x20\x91\xc8\xb6\x58\x5f\xe8\x84\x47\xed\x6e\x59\xa0\x20\xb2\xbb\xe6\x6a\x94\x23\xae\x52\x28\xc2\x03\xbf\xd4\x84\x7b\x51\x81\xe2\xc3\xb4\xda\xd8\x3a\x6d\x4f\xa7\x69\x85\xee\xf7\x6a\xdd\xe3\xb3\x4e\xdb\xdd\x28\xd6\xa0\xb4\xa4\xee"},
+{{0xcc,0x31,0x38,0xe5,0x02,0xa5,0xff,0x6f,0x80,0xd2,0x46,0x36,0x6e,0x84,0xd6,0x5c,0x59,0xf1,0x2d,0x4f,0x49,0x63,0x97,0xe6,0xeb,0x99,0xb5,0x26,0x7b,0x8c,0xbe,0x2a,},{0x9e,0x2d,0x3e,0x88,0xaf,0x7b,0x52,0xdd,0xcf,0x00,0xe6,0xd0,0xc7,0x75,0x9c,0x12,0x38,0xb8,0xfb,0x3e,0xb1,0x44,0x21,0xfe,0x82,0xc3,0x48,0x33,0x43,0x78,0x35,0xbd,},{0xa2,0x70,0x0e,0x38,0x95,0xed,0x0c,0xc2,0xaa,0xf0,0x12,0xa4,0x0b,0xc7,0xbd,0x0b,0xd2,0x9d,0xd7,0x9c,0x69,0xc0,0xb4,0xa6,0xed,0xd0,0x53,0x0c,0xf3,0xe2,0x67,0xc0,0xf8,0x2d,0xd8,0x4e,0xda,0xf1,0x74,0x4d,0xc4,0x11,0xd6,0x2c,0x00,0x28,0x71,0x52,0x58,0x82,0x2d,0x7b,0x63,0xd3,0x97,0x05,0x61,0x2b,0x3f,0xad,0x4b,0x5e,0xfb,0x04,},"\x58\x5e\xcf\x2f\x09\xeb\x92\x3d\xf2\x0a\x85\x55\x64\x2a\x2b\xc0\xb6\x8c\x6a\x5f\xcf\xd6\xb8\x40\x1c\x4a\x0c\xba\xbb\x4c\x6e\x6a\x20\x67\x62\xb7\xa3\x9f\x2c\x54\x55\xd7\x80\x8e\xbf\xbe\xd5\x6d\x67\x60\xa4\x31\xc7\xd2\x0c\x2d\xc6\xef\x1b\x73\xca\xa3\xc4\x94\x88\xe3\x0b\x1c\xa2\x52\x0a\xd2\x0b\x26\xa1\x97\x00\x78\x0e\x5e\xf3\xce\x01\x44\x38\x8d\x84\x07\xb6\xa7\x0c\x1c\xda\x37\xdb\x7f\x12\x09\x1d\x89\x2f\x2e\x91\xad\x40\x78\xbb\x4d\xb1\x76\x2e\x46\x28\x5a\x7b\x66\x4b\x2a\xd3\xa3\x4d\x26\xd8\xa9\x4d\x64\x58\x7a\x84\x52\x77\x22\xea\x83\xcb\x8a\xa8\x89\x84\xe1\x48\x97\x43\xb4\x21\x4e\xa6\x04\x1a\xa1\x8e\x55\x20\x09\x54\xef\xc7\xed\xb3\x19\xdf\x94\x7e\xfb\xfc\x6c\x8d\x0f\xea\x48\xa1\x31\x61\x34\x65\xd8\xf4\xc4\x94\x98\xf2\x26\x91\x45\xc6\xda\xe5\x04\x78\x05\x25\x98\xe1\xca\x3b\xe0\xe3\x36\x11\x57\x1f\xa3\x84\x77\x1e\xee\x40\x2c\xc2\xb1\xd8\x48\x36\xc8\xf1\xad\x28\xf2\xad\x23\xde\xe9\xff\x1d\x7e\x1f\x25\x21\x63\x58\x74\x11\x5d\xef\x4d\x93\xe8\x9b\xe7\x61\x80\xbc\x55\xf7\x61\x14\x43\x60\xa8\xb2\x22\x89\x2d\x64\xd1\x57\xcc\xb5\xd8\xf4\x85\x5d\xca\x56\x70\x14\x95\xa0\xe1\x00\x2d\x34\x0a\x4a\x46\x15\x6b\x9b\x7f\xe0\x6b\x7c\x07\x59\xe0\xb6\xdf\x55\x9b\x69\x1e\xde\x78\xb5\x5a\xf6\x4e\x7c\x8d\xd9\x08\xb7\x88\xdd\x6b\xa3\x5a\x90\x2c\x81\xdc\xeb\x37\x88\xb6\x15\xde\x22\x5a\xfa\x58\xa8\x11\x81\xab\x24\xa7\x37\x05\xee\x83\x8b\x6e\x86\x3f\xe1\xbc\xc2\x6c\x1b\x94\x32\x39\x23\x0c\x27\xc6\xb3\x97\xb2\x3d\x13\xde\x6a\x02\xc9\x7f\x36\x45\xda\x91\xd4\x13\xf9\x16\x47\x3b\x01\x8a\x61\x59\x4b\x6f\x51\xce\xa4\x44\x57\xda\x1e\x3d\xbb\xba\x6d\xe1\x68\x66\x65\x7e\x92\xef\x02\x02\x71\x8a\x84\xad\x03\x33\xe8\x33\x6b\x05\x2b\x00\x47\x33\xe8\xe9\x5e\xc1\x3e\x5f\x91\xb3\x80\x6a\x98\xd3\xdb\x72\x9f\xb7\x35\xb8\x14\x7c\x4a\x98\x2a\x2d\x5b\x4e\xfa\xe9\xc0\x9d\x0a\x9b\xf8\x91\xcb\xbc\x3c\x8f\x53\x1e\x76\xe4\x04\x4e\xc9\x1f\x4d\x7c\x5c\xf7\x73\x10\xe2\xb2\xcd\xe2\xe0\x7c\xcf\x3e\x0a\x19\xdd\x6a\xe1\xb3\xfc\xb2\xdf\x42\x18\x6e\x9c\x72\x92\x2d\x2d\x4c\xe5\x1b\x30\x6e\x81\xb1\x6c\xfc\xf8\xf0\x0d\x51\x3f\xbd\x2c\x52\x39\xb4\x5a\xfc\x65\x4f\x6f\xe2\x1a\xcb\x7e\x8a\x0c\x9a\xa8\x7b\x0b\x60\x50\x74\xdf\x95\x76\xa6\xdd\xd9\x00\xac\xa5\x67\x61\x7c\xb7\x96\x56\xb3\xb5\xec\xb9\xff\x68\xb2\xf6\x24\x1e\xd0\xd0\x24\xac\x27\xaa\x6e\xb4\x86\xb6\x9f\xdc\x0a\x0d\xb9\x20\x96\xab\xf8\x60\x02\xde\xc7\xaf\xd8\x47\xa0\x06\xa3\xf6\x95\x5b\x49\x56\x90\x53\xbe\x9f\x1d\x0a\x49\xb7\x93\xa5\x41\x1e\x59\x16\xf4\x18\xec\xab\x95\x32\x43\x55\x3b\x66\xe6\xba\xdc\x4e\x90\x9b\xe0\xef\x5c\xc7\xc6\xd2\x71\x99\xec\x3f\x21\x42\x3b\xc4\x57\x73\xfb\x40\xb9\x7b\x61\x18\x5b\x57\x08\x0e\x8f\x0b\x89\xa3\xea\x57\xc8\x44\x4a\xb2\x7e\xcf\x70\x06\xa7\x66\x04\x7e\xef\xf5\x4d\x85\x56\xcf\xed\x23\xde\xf1\xda\x2c\xc8\xae\xbb\x48\xc9\x4e\x77\x9e\x82\x03\xae\x2c\x90\x2b\x51\xde\x0e\xde\x04\x56\xfb\x73\xfb\x4d\x5f\x51\x4a\x4c\xeb\xc4\x7f\xec\x3f\x94\x84\x69\xa5\x45\xc6\xbc\x57\xb4\x13\x8d\xb3\x4e\x7c\xc0\x06\xde\x26\xef\x50\x7b\x54\xd2\x81\x47\x56\x7a\x8c\x29\xac\x1e\xce\xf5\xbb\x84\xfb\x99\xac\xeb\x23\xa2\x02\x94\xd7\x4a\x85\xae\x36\xb3\x34\x50\x66\x8a\x5c\x26\x09\xd3\xa9\x39\x34\x58\x6f\xf9\x0c\x3b\x6d\x27\x32\x9e\xee\xf3\xa7\x54\xe9\xa9\xcb\xd5\x61\x7e\xf3\xb0\x93\x97\xbd\xc9\x71\x37\x07\x66\x58\x9a\x12\xd8\x90\x05\x0d\x16\x51\x45\x8b\x3f\xc5\x33\xc8\x43\xbf\xfd\xf9\x75\x4d\x93\x2c\x4e\xd7\x61\x1d\x4d\x27\xc3\x2a\x08\x75\x55\xb5\xea\xa3\x7a\xe9\x0c\x49\x79\xef\x54\x29\x9c\x42\x0a\xb5\xe2\x9a\xe2\x84\x5d\x4d\xcf\x21\x78\x92\x0a\x86\x51\x75\xfb\x9c\xc0\xe6\xb8\xc5\x24\xb1\xee\x49\x58\x05\xd5\x17\xbf\xe0"},
+{{0x5c,0x69,0x2c,0x68,0x11,0x98,0xb1,0x72,0xdf,0x2f,0xac,0x2a,0xec,0x3f,0xcf,0x70,0x15,0xc2,0xbb,0x68,0x30,0xf2,0xa9,0x8e,0x30,0xa3,0x96,0xb6,0x4a,0xf4,0x28,0x0e,},{0x33,0xb1,0x69,0xd4,0xca,0x27,0x10,0x40,0x92,0x6e,0xa8,0x78,0x35,0xe5,0x06,0x6f,0x9f,0x05,0x78,0x2f,0x08,0x7f,0xca,0x7a,0x55,0x6f,0x7b,0xf4,0xcb,0xa2,0xe8,0x86,},{0xad,0x8f,0x37,0x9c,0xaf,0x41,0xf7,0x2d,0xcc,0xad,0xc3,0xe9,0x15,0x35,0x7a,0xb0,0xcd,0x30,0x4e,0x10,0xf4,0x12,0x0e,0x0d,0xbb,0xfa,0xac,0x01,0xbf,0xfa,0xf2,0xbe,0x89,0x3f,0x70,0x07,0x2d,0xc9,0x64,0x06,0x91,0x81,0xbe,0xc1,0x7f,0xe0,0x25,0x10,0x55,0xb2,0x1e,0x23,0xde,0xe4,0x36,0x3b,0x27,0xef,0x1f,0xff,0x67,0xaa,0xfe,0x06,},"\xb1\x60\xee\x3a\x93\xcf\x6b\xc3\x45\x6e\x5b\xd0\x19\x7c\x09\xaa\x76\xc2\x25\x80\x52\xf9\xa3\x4d\xbc\x2e\xd5\x89\xf8\xdb\xe5\xff\x99\x69\xa6\x1c\xfe\x84\x6b\x2f\x67\x39\xdc\x7d\x4a\x14\x96\xe9\xad\x58\x60\x5b\x5a\x27\x58\xca\x07\x8c\x55\xa9\xfc\x1c\x4e\xeb\x54\x91\xa8\x4b\xfd\x46\x8a\x2c\xeb\x14\x1a\x77\x34\x93\xa9\xb3\xee\x82\x8b\x5d\xde\x9c\x00\xc2\x36\xff\x01\x56\xe4\xe2\xe4\x5f\xa0\x79\x31\xda\x68\xbb\xd2\x03\x0a\x88\x14\x05\xc4\xf7\x87\x28\x81\x3a\x5e\x04\x81\x24\x04\xc2\xa1\x9c\x9b\x87\xb1\xcf\xe9\xaf\x95\xe2\x73\xec\xf9\xc5\x18\xc5\x39\x35\xf8\x42\x56\x3b\x19\x2f\xae\x12\xa7\x3c\xef\x08\x5f\xe1\x9e\x89\x9e\x5b\xa0\x89\x79\xe3\x11\xfb\x28\x6f\xbf\xc7\xb2\x48\xaa\xbd\x40\xdc\x61\x61\x0e\x1d\x4f\xc9\x80\x6d\xd2\x12\x92\x39\x2d\xb2\xdb\x40\x42\x6c\x5d\x19\x6a\x48\x9c\x5d\xb7\x7e\x3e\x9c\xf0\xbd\x04\x1e\x3c\x23\xb5\xba\x1d\xb7\x81\xa1\x07\x90\xbe\x1f\xe0\x7a\x2b\x00\xca\x3a\xf8\x9c\xbd\x46\xef\xce\x88\x0e\x1e\xf2\x8b\x0c\xd7\x9d\x53\xb4\x2c\xd8\x0e\xaa\x13\x7e\xff\x7d\xf9\x0b\xcb\xcf\x95\xc9\x85\x8d\xc0\xcc\xc6\xd8\xca\x8a\xe3\x54\x7b\xdb\xf9\xff\x90\x24\xf3\xcf\x17\x01\x15\xeb\x28\xbf\x12\xb7\xd3\xb7\x01\x46\x0f\x48\xd1\xb4\xb2\x3d\x7f\x6f\xf7\x2f\xfd\xc9\xa6\xc5\x26\x24\xd1\x53\x12\xd7\xf1\x9d\xdb\x60\x26\xa1\x5e\xb5\x42\x95\xd3\x31\xfd\x79\x50\x91\x03\xbc\x59\xa3\xb6\xe1\xba\x7a\xc8\xc1\x12\xe4\xde\x28\x17\xe5\x1c\x1e\x16\x50\x7b\xa6\x6f\x25\x47\xbc\x89\x9f\x69\xc1\x20\x7a\xe5\xe3\x7b\xdb\x0e\x16\x1b\x15\xb6\x12\x30\x5b\xc0\x94\x0f\x9d\x1b\x38\x2a\x37\xec\x2d\xa6\x39\xa6\xec\xba\x1b\xcd\xfc\x51\x21\x4c\x32\x23\xc1\x1b\xba\xb7\x9f\x3f\xae\x3d\x55\xe2\xd4\xbe\x58\x4f\xd7\x60\x1e\x4e\x2e\x55\x8b\x3b\xe5\x70\x71\x15\xa6\x1f\x5a\x81\x5e\xc2\x4a\xac\x18\x09\x34\x57\xbc\x46\xc0\x5c\xfb\x7a\x3f\x25\x33\xea\xda\xdc\x9e\x6c\x1f\xe3\x10\x77\x9e\x69\x7f\x68\x30\x35\xce\x57\x87\x3d\xf5\x5d\x79\x1f\x6d\x2f\xb0\xe2\x10\x7e\x68\x66\xf8\x39\xc3\xa1\x26\xe9\x02\x38\x65\xce\xd1\xbc\xf6\x77\x99\x55\xaf\x54\x7e\x1d\x87\xeb\x32\xa9\xbf\x32\x28\x57\xfd\x12\x6b\x0c\xdc\x5d\x5e\x90\x4e\xb7\x6c\x67\x06\xe3\xc8\x97\xae\xfd\x6e\x47\x56\xfb\x8a\xca\x81\x70\xca\x5b\x39\x66\x90\x89\xaf\x1b\xb1\x41\xa2\x5d\x6b\x8b\x06\x03\x4d\x8b\x11\xab\xf1\xff\x8f\x8d\x43\x37\x58\x46\xfa\x8f\xa8\xa3\x4b\x5f\x26\x48\x20\x74\x4d\x31\x14\x9b\x7d\x57\x32\x6c\x59\xb1\xdb\x74\x13\x16\x78\xf6\x34\xe7\x23\x2c\xa5\xea\x51\x88\x76\x0a\x70\xdc\x35\xdc\x89\xf8\xe4\x53\xb4\xc6\x5b\x77\x2c\x2b\x6b\x62\x76\x8d\x83\x73\x23\x65\x51\xba\xaf\x24\xd3\xc3\x04\xc4\x1b\x62\xc3\x6e\x6a\x33\x83\xb3\xa1\x63\xb7\x3e\x78\xd8\xba\xdb\x75\x74\x1e\x50\x01\xd4\x19\xd3\x0e\x2e\xd7\x7c\x30\x96\xe8\xd8\xdf\x71\x3b\x93\x76\x2c\x97\x07\xbd\xd0\xf3\x65\xa8\x74\xb9\xda\x8a\xb7\x10\x49\x5d\xd5\x6a\xea\x93\xbb\x77\xfb\x22\x26\x35\xc6\x3b\xce\x9f\x63\xaf\x91\xfa\xc8\x9c\x66\x98\x6b\x8e\x21\x76\xdd\x45\x1d\x58\x33\x94\xc1\x90\x7c\xba\x17\x25\xf0\x6d\x25\xd1\xd0\x91\x2b\x3e\x5c\x6c\x7d\xcd\x34\x35\x8f\xad\x59\xdb\xc6\xf6\xb1\xc2\xef\x33\xd3\xca\x82\xf4\x35\x18\xfe\x4f\xf3\x13\x78\x01\x6e\x57\x8a\x7b\xab\x0b\x77\x67\x6e\xba\xe0\xd4\x8d\x08\x89\xd6\x90\x29\xd2\x09\xf2\x83\xce\x8f\xe0\xec\x23\xcd\x83\x2a\xdc\x12\xa9\xc3\xe3\xae\xc2\xd6\x03\x66\x95\x55\x6d\x93\x13\xf1\x2a\x89\x9d\xd5\x9a\x66\xbe\xf2\x8e\xde\x17\x5f\x8a\xae\xee\xb2\x94\x2b\xb9\x08\x92\xa0\x4b\x44\x0d\x04\xb6\x6f\x5e\xef\xf6\x1a\xda\x72\x79\x02\x94\xce\x55\xc8\x6c\x6d\x92\x78\x5d\xdd\x26\xc7\xa7\x31\x60\x3b\x06\x9c\x60\x3c\x92\xe4\xfe\x8f\xf7\x82\x54\x4c\x8e\x89\xb4\x0b\x8b\x55\xf9\x0e\x2a\x5e\x9a\x0f\x33\xc7\xfe\xc7\x7d\xad\x81\x52"},
+{{0x9d,0x5f,0x85,0xd2,0xe7,0xdf,0xd0,0x3b,0xb6,0x89,0xd9,0x00,0x28,0x5f,0xd4,0x46,0x15,0x38,0xa5,0xf2,0x71,0x0a,0x13,0xed,0x21,0xc7,0x75,0xf6,0xef,0xf6,0xb3,0xff,},{0xb8,0x67,0x97,0xe4,0xbe,0x02,0x86,0xae,0x39,0xe4,0x4d,0xf0,0xa0,0x0c,0x01,0x6d,0xb4,0x55,0x5e,0xf8,0x6f,0x2f,0x05,0xd0,0xa3,0xed,0x89,0xd8,0x9a,0x4c,0x3e,0x5e,},{0x17,0x6b,0x95,0x92,0xf8,0xc2,0x51,0x35,0x29,0x2a,0xdd,0x4d,0xaa,0xcc,0x9c,0x4f,0xaa,0x21,0xd4,0xf4,0x9b,0x27,0x84,0x80,0xc4,0xe8,0x88,0x1c,0x01,0x62,0x4d,0xf9,0xa3,0x7e,0x23,0xe1,0x8e,0x84,0xca,0x32,0xd0,0xd8,0xcb,0x85,0x10,0x54,0x22,0x2f,0x10,0xa4,0x95,0x41,0x9f,0x19,0x7e,0x7b,0x3d,0x18,0xdf,0x0a,0xdf,0xb1,0xb3,0x07,},"\xf7\x0b\x5b\x05\x3a\x46\x72\x51\x2c\x24\xb3\x16\x83\x92\xf6\xa1\x7d\xd7\x7d\x86\x89\xc2\x1c\x86\xef\xc2\x58\x29\xa1\xa0\x4f\xab\x4f\x76\xc8\x52\x16\x84\xd3\x20\x10\x45\x59\x07\xa2\x69\x08\x67\x7b\x40\xdc\x69\x47\xd6\x54\xf2\x91\x4c\x30\xec\xee\x72\x4f\xa6\x84\x46\xb5\x9d\x09\x1e\x25\x8f\xc8\x62\x41\x1c\x96\x4d\x66\x8d\xef\x83\x03\x4b\x62\x7e\xd4\x16\xdc\x19\x0b\xb5\xa2\x63\xa6\xff\x8d\x55\x9e\x13\xb8\x93\x62\x25\xfb\x4d\xab\x4f\x7b\xda\x04\x68\xe5\x47\xe7\x08\xcb\x04\xce\xbe\x1e\x5c\xfc\x69\xf7\x6a\x1d\x28\x3f\x28\x16\x82\x86\xf2\x4e\xce\xa5\x53\x5e\x44\x90\xa0\xc5\x55\x67\xa7\x34\x5e\xf9\x53\xce\x42\x6b\x20\x9a\x3d\xe3\xdf\x59\x5e\x80\xee\x61\xe5\x72\xa2\x78\xab\x02\x21\x95\x51\xb7\x3d\xa4\x19\x84\x80\x82\x85\xa8\x35\x98\xa0\x2d\x9b\x28\x67\x12\x10\x00\x4e\x31\xd8\xaf\x92\x42\xc1\x6f\x90\xd5\xea\x8f\x63\xa1\xff\x66\xcf\xe6\x0e\xcb\xe5\x37\x24\x5f\xa1\x2a\x9b\x15\x41\x15\x29\x58\x06\xea\x2d\x11\xf3\x67\x17\x82\xb9\xaf\x4f\xa8\x6a\x12\x88\xe1\x23\xcf\xd2\x40\x9a\x5d\xc9\x8f\x41\xb8\xf6\xdf\x29\x9b\xbc\xc4\xbb\x64\x47\xdc\x03\xa6\xd6\x0e\x9b\x2c\x5b\x8f\xfc\x40\xd9\x83\x95\x6b\xe9\x77\x68\xdd\x06\x12\xd4\x7c\xbf\xa7\x57\x1c\x99\x69\x85\x6c\x15\x2c\xd3\xb4\x73\xac\xe0\xb8\xa1\x44\xaa\xc2\x09\x5c\x0f\x72\xf1\xd3\x14\x71\x52\xb9\x08\xef\x66\x26\xd5\x22\x28\x19\xb2\x0b\xb3\x35\x0a\x46\x45\x2f\x67\x54\x90\xc2\xa8\x21\x50\xee\xc4\x0d\x75\xb6\x6a\x32\x5d\x6e\x92\x9a\x90\x5a\xde\x1e\x31\x60\xab\x95\x01\x81\xef\xc6\x6e\x59\x23\x08\x65\xd5\xe5\x99\x69\x8a\x8a\x3f\xf5\x60\xc4\xc6\x01\xa7\xa9\xa5\xda\x3b\x5d\x89\xbc\xa9\x3f\x7c\xf5\xbc\xf5\xbd\x5e\xcf\xf8\xf1\xa1\x85\xc8\x22\x0e\x4c\x77\x82\x1e\x62\xad\xf9\x5a\x03\x7f\x2d\xf7\xce\xf4\x3a\x4c\x60\xac\x75\x80\x1e\x9f\xcc\xdc\x5b\x08\xee\xd3\x28\xdd\x93\x10\x09\x04\x11\x56\x45\xec\x1e\xe0\x85\xcc\x77\x8b\x0f\x4e\x46\xe1\x72\x98\x98\x4a\x70\x2e\xce\xb3\xe1\x52\x83\xd8\x20\x00\x4f\x74\xa0\x79\x52\x0d\x63\xa7\x5f\xae\x33\xec\x3f\x4b\x83\x64\x69\xe1\xaa\x99\xea\x24\x4a\xf1\xfb\x08\xb0\x0a\x8c\x9d\xfd\x03\x30\x8d\xfc\x20\x23\x5e\xa9\xc8\x28\x3f\x4d\xa4\x7c\xfb\xcd\xbd\x03\x1a\x02\xd1\x64\x16\x0f\x2a\x58\x98\x67\x00\xb1\x95\x26\xd4\x1e\x4d\x7f\xd4\x58\x43\x4d\x72\x64\xbc\x8e\xb6\x42\xe6\xd8\xdd\x27\x59\xce\x2b\x85\xc9\x7b\x37\x02\xe7\x0d\xa7\x1f\x18\xed\xc5\x3e\x91\x40\xa6\x45\x62\x7e\x02\x78\xe8\xe7\x05\x39\x03\x74\x84\xdc\xd1\x8c\x62\xfa\x33\x07\x17\xd6\x14\x8a\x0d\x62\x3f\xf8\xb6\x5e\xa8\x56\x7e\xc7\xfa\x04\xc8\x92\xe3\xa1\xec\xee\x96\xe8\x32\xf4\x15\x50\x74\xc8\x3c\xbc\x93\xe9\x8c\xc6\x7f\x1f\xa1\x12\xaa\x06\xe9\x91\x5f\xa4\xd2\xde\xa9\x31\x55\x1e\x7c\x62\x3a\xa8\xa3\xa7\x61\x9e\xa2\x4f\xf9\x14\xe2\x64\xf3\x1f\xc7\x3d\xfa\x8c\x43\x0a\xc4\x6c\xe1\x6d\xc9\x68\xc5\xa4\x08\x5d\x5c\x38\x0d\x30\xcd\xc6\xf4\x3d\xee\x80\x6f\x38\xd1\xdf\x42\x0a\x06\x55\x74\x14\x47\x37\x05\x6d\xaa\x62\xf0\xc0\x98\xc9\xc5\x2f\xcc\x04\xcc\xa6\x42\xc4\x5d\x68\x73\x45\xa0\x94\x61\x3d\x4a\x3c\x6c\x87\x88\xbf\xa2\x18\x53\x8a\xd7\xec\xe1\xbd\xb6\xc9\x39\x24\xee\xc4\xba\xaa\x3e\xb1\x5d\xc1\x49\x4d\x65\xff\xa1\xa2\x3f\xf8\xe9\x85\x26\x34\x08\xfb\x02\xbf\xe3\x9a\x8c\x55\xb3\x00\xb1\xa0\x2e\xd3\x6c\x67\x14\xdd\x5a\xb7\x50\xd4\x7f\x02\x1f\x65\xe0\x8c\x63\x5f\x1d\x6b\x7b\xaf\x39\x6c\xb4\xf9\x3d\x56\xc1\xca\x46\x1b\xb1\x2e\x94\xde\x7e\x5d\x98\x65\x9a\x8a\xf0\xbf\x01\x9f\xc4\x22\x80\xe1\x11\xe0\x48\x00\xff\x80\xe0\xc1\x57\x15\x0e\x16\x56\x09\x45\x42\x81\xb2\x00\x07\xe3\xed\xfa\xa1\xea\x85\x44\x65\x54\x7a\x00\x6a\x4c\x32\x36\x41\x14\x95\xda\x16\x60\x98\xaf\x28\x23\xa4\x59\xcf\x10\x0a\x1f\x3c\x92\xc6\x39\x0c\x60\x66\xcd\xbf"},
+{{0x4a,0xaf,0x2d,0x13,0x28,0x84,0xf3,0x0d,0x11,0x27,0xcf,0x18,0x7e,0xe0,0x93,0x88,0xb4,0xa5,0xc4,0x4a,0x9a,0x92,0x67,0xe6,0x72,0x83,0x17,0x39,0x89,0x51,0xfb,0x61,},{0x83,0x72,0x7e,0x92,0x57,0x34,0x91,0x28,0x55,0x9e,0xbf,0x75,0x9f,0xdc,0x82,0x12,0x2c,0xce,0x76,0x74,0x66,0x39,0xc0,0xad,0xa9,0x76,0x1f,0x0d,0x60,0xb9,0x40,0xb1,},{0x5f,0x11,0xdf,0x39,0x06,0xa7,0x12,0xa9,0x53,0xf4,0x7c,0x85,0x98,0x06,0xb5,0x23,0x73,0x58,0xd0,0x8b,0xa9,0x5e,0x49,0xf9,0xe5,0x30,0xa3,0x71,0x65,0x83,0x5e,0x93,0x59,0xd9,0x76,0x9d,0xc2,0x1f,0xbb,0x4d,0x44,0x49,0x7b,0x93,0x90,0x5b,0xca,0x8d,0x99,0x17,0xc7,0x28,0x49,0x3f,0xee,0x3a,0xcd,0x5b,0x52,0x1d,0xbd,0x1e,0x24,0x08,},"\xd7\x3e\xaf\x11\x41\x3b\xf4\xd5\xbc\xcf\x6a\x2e\x80\x9c\xd6\x83\x2a\x51\x82\x3a\xa2\x2b\xd1\x6e\x09\xcf\x56\xff\x04\x5e\xef\x2d\x1a\xda\xdd\xa5\x0c\x2e\xbd\x67\xbb\xc4\xd7\x0e\x49\x3c\x96\x8c\xb4\xde\x49\x77\x06\x5d\x44\x63\x30\x06\x94\xc9\xca\xa5\x72\x06\xd6\x66\x46\x93\xd8\x46\x2c\x3c\x57\x6b\x52\x5c\xc7\xac\xf7\x9f\x26\xf9\x05\x5a\x1b\xcf\xa7\xd0\x77\xf4\x5e\xbe\x0b\x2d\x48\x1e\xbd\x63\xf7\x34\x0a\x33\xe4\xab\x68\xf1\x60\x49\x75\xec\x1d\xfe\xc4\x5a\x79\x1a\x2a\xbb\x10\x44\xd7\x5a\x4d\xb5\x5a\xdf\x59\xb8\x39\x4e\xbd\xe6\x82\x4c\x21\x14\x5b\x00\xef\x3b\x1b\x08\xed\x11\xfd\x51\xdd\xa5\x14\xed\x7e\x21\xe5\x4d\xba\xf6\xab\xb6\xd9\xe3\x17\xfc\xf9\xfd\x37\x5b\x18\x76\x4e\x64\xac\x9b\xe5\xb0\x8f\xec\x3b\x78\xab\xba\xb1\xd1\x2a\x2a\xb0\x9d\x55\x9a\xcd\xc7\x13\x3f\xb2\xe0\x00\x8e\x0c\x11\x4b\x7c\xad\xb4\xbf\x76\x30\x78\x67\x4d\x03\xe9\xc8\x07\xbe\xc1\xe2\xca\x71\xad\xcd\xaa\x31\x0d\x58\x7f\xa5\x69\x50\xfc\x0f\xb2\xe9\x79\x04\x3d\x50\xf9\xae\x23\xfa\x8f\x82\x1c\xd9\xd6\x23\x27\x89\xd0\xee\xcc\xfc\x4f\x47\xe3\xad\x80\x4e\x25\xcf\x5a\x42\x5f\x94\x37\x7d\x17\x87\x48\x33\xe6\xae\x36\x38\x17\x8c\x78\xb7\x95\x19\xd6\x4d\x97\x93\xf4\x50\x46\x06\xa0\xea\xb6\x87\x07\xf6\xe1\xf7\xcc\xcb\x51\x5b\xe3\xd1\x20\x1b\xcd\x19\xf2\xf0\xe2\x55\xc7\x22\xea\xb1\x2b\x43\xaf\xf8\xc8\xc5\x56\x11\x25\xfb\xca\x1f\x65\x42\x07\x6a\x06\x15\x2e\xb7\xe4\xb0\x78\x63\x24\xc2\x49\x5e\x79\xd7\x9c\x0a\x8e\x29\x5b\xb2\xe3\xdf\xd0\x5a\x90\x33\x19\x00\x65\xa2\x84\x55\x2a\x6e\x73\x60\x06\xac\xe4\x1f\x97\xcc\x43\x4a\x25\x12\x05\x1b\x72\x7c\xe5\xbc\x9c\x4a\x75\x52\x9e\xc5\x3d\xd7\xd1\xf1\x26\xe7\x93\x85\x77\x47\xb5\xba\x8d\x03\x15\x5d\x45\x55\xf5\x9e\x8b\xaf\x2f\x0c\xdb\xa8\x71\xac\x16\x0e\x75\x19\xa8\x52\xdb\x00\x4f\x70\x16\x41\xa4\x0a\x42\x2d\x4c\x38\xb6\xc0\xc3\xcc\x8f\xbb\xd0\x53\x22\xdd\xc0\x00\x1f\xb8\x67\x28\x6e\x29\x6c\xbd\x69\x86\x2c\xbc\xcc\x74\x47\x03\x8e\xb3\x0f\x8a\x81\x23\xb7\xb3\x13\x73\x98\x47\x02\xc3\xbe\x45\x7a\x4b\x8c\x54\xe6\xe5\x28\x04\x85\xa2\xc4\xff\x84\x52\x1f\x29\x8d\xde\xb3\xb3\xb2\xbc\x91\xf1\x14\xdd\xce\x67\x03\x02\x48\x04\x44\x69\xdc\x06\xf3\x62\xf2\x91\x9a\x3f\xec\xe5\x08\x23\x75\xd0\x40\x80\x37\x6f\xe2\x19\xd9\xb4\x57\x5b\x1c\xf1\xc9\xec\x4d\xca\xc5\x74\x9f\xc7\x78\xf5\x15\xdd\xa1\x3f\xa0\xd5\x86\xc2\x64\xb9\xbb\x61\x50\x33\x10\x76\x2c\x78\x9c\xa1\x16\x08\xd2\xfe\xe6\x74\xc7\x0a\xc4\xfc\x6d\x5e\xbc\xf6\x8c\x4a\xb8\x9b\xd8\x45\x55\xfc\x00\x75\x23\xc2\x8a\x7e\x1d\xd0\x8a\x98\x62\x04\x4d\x52\x45\xb9\x1a\x87\x78\xec\x9e\xe9\x84\xa4\x1a\x9e\x13\xb7\xab\xd6\x57\xae\x2a\x46\xae\x86\x01\x52\xc6\x44\xac\xd9\x53\x67\x67\x8f\xf6\x4c\xc5\x40\x06\xe3\x66\x14\x80\x5e\xd6\x18\xa7\xc6\xd0\xfd\x33\xa9\x08\x52\x30\x90\x84\x1c\x23\x0a\xf0\x98\x46\xd1\x32\xbb\x4c\x6b\x60\xe2\x44\x1f\x9d\x3c\x49\x87\x14\xf4\x70\xf6\xbc\x03\xa8\x0d\x14\xa2\x94\xb5\x65\xd1\xd5\xe7\x81\xcf\xfc\xb1\x30\x4e\xfd\xbb\xc7\xbf\xea\xbd\xed\xc8\x57\xac\xc4\x2e\x27\x62\xbb\xf9\x7a\xf8\x39\xa1\x66\x75\x2d\xa2\x95\x67\x28\x17\xf1\x0d\xbd\x47\x2d\x38\x1f\x53\x16\x55\x55\xac\x82\x22\xa7\x85\x35\xa8\x68\x05\xf1\xbe\xd4\x22\x88\x9f\x20\x61\x09\xaa\x74\x77\x2e\xdc\x0b\xb5\x1e\x8a\x98\x40\xcf\x62\xc9\x2f\xa6\x35\xb9\x0c\xae\x07\x6d\xd5\x0e\x5a\xed\x9d\xea\xc8\x43\xfa\x8a\x6b\x53\x99\x88\x28\x5f\xf1\xad\xab\xe4\xc7\xb8\x3d\x9e\x29\xac\x2d\x94\x09\x2d\xaa\xfe\xc9\xf6\x67\x36\x89\xba\x9e\x92\x52\xd8\x64\xd7\x57\x7a\xa8\x95\x05\xd3\x31\xfe\x78\x09\x86\x12\x77\x00\x2a\x0b\x44\xa9\x6b\xa6\xae\x4a\x52\xb3\x54\x8b\xf2\x68\xe7\x77\x78\x0c\x00\x20\x9b\x24\x5f\x8b\x14\x17\xee\x5e\x70\x1a\x12\x33\x4a\xd5"},
+{{0x4b,0xc7,0xda,0xab,0xc5,0x40,0x7c,0x22,0x6d,0x19,0x20,0xdb,0x4a,0xfd,0x21,0xb2,0xa5,0xb3,0xe5,0x9b,0x8e,0x92,0x46,0x05,0x3f,0x6a,0x1a,0x6a,0xfa,0x54,0xe7,0xe7,},{0xdc,0x53,0x98,0x85,0xfc,0x7b,0xee,0x00,0x2a,0xc5,0xde,0xba,0xe1,0x6b,0xdd,0xbe,0x4b,0x55,0x3f,0xa1,0x5e,0x81,0xee,0x79,0x88,0x76,0x94,0x0f,0x38,0xcf,0xc4,0xc5,},{0xa7,0xa6,0x48,0x88,0x39,0xbb,0xae,0x04,0xde,0xc9,0x2f,0x96,0xd7,0x28,0xc4,0x64,0x68,0x5d,0x7a,0x96,0xdf,0x51,0x2b,0x00,0x51,0x16,0x3d,0x22,0x53,0x8f,0x74,0x54,0x6f,0xa9,0x86,0xb1,0xb6,0x0a,0x6d,0x8c,0xc7,0x66,0xa2,0x6c,0x69,0x84,0xc9,0xcd,0x26,0x88,0x39,0x58,0x98,0xe2,0xb2,0xae,0x72,0xdc,0x6a,0x2d,0x5a,0x9f,0x75,0x0e,},"\x6a\xcc\xe9\x98\x43\xb2\x41\xaf\xe6\xed\xd5\xd0\xab\x78\xd0\xfb\x21\xc8\xc3\x5a\xff\x88\x13\x89\xd5\x05\xf2\xf1\xdd\x91\xaf\x1e\xb2\xad\x22\x92\x54\x92\x7c\x7f\x0e\xcf\xb7\xa8\x14\x16\x90\x57\x3a\x65\x5d\x69\x85\x3d\x74\xd0\x70\x8b\xf8\xb1\xe6\x0a\x03\x96\x30\x28\xa6\x25\xb7\x9f\x3d\xfe\xa2\xb1\x13\xff\xca\xb4\x6f\x3c\xfd\x4a\x62\x1e\x8f\xd8\xff\x0a\x96\x81\x43\xb0\xae\x03\xcc\xb6\xf4\x2e\x25\xe2\xd7\x4d\xbf\x51\x5b\xc3\x58\x69\x9b\x63\x50\x09\xb0\x1d\x61\xfe\x59\x7f\x1d\xc2\xc3\x5a\x7b\xa4\x55\x52\x78\xee\x0e\xa4\x56\xc7\xd3\x5f\xa8\x75\x7a\x41\x79\x24\xb1\xd0\xa8\x35\x1f\x22\x6a\x13\xec\x29\xd0\x25\xb4\x26\x96\xec\x1d\x99\x25\xb7\x69\xcd\x59\xc8\xe2\xf9\xcd\x3c\xe4\xe5\xc0\x20\xe0\x51\xe7\xa3\x6f\x3f\x97\xc1\xe8\xec\x71\x97\x4b\xc1\x6a\xc4\xde\x46\x51\xad\x4d\xf2\xe9\xc0\xee\xd6\x86\x92\x42\x24\xfe\x6d\xe6\xc6\x0d\xd4\xac\xc2\x6e\x0a\xab\xd8\x0c\x21\xd5\x09\xd9\x59\xb8\x0b\x43\x53\x95\x8d\x00\xe4\x4c\x51\x1d\x23\xbc\xf4\x45\x52\x60\x8b\xfa\x56\xa9\xc5\xae\x79\xde\x62\xbb\x23\xf1\x1d\x74\x0f\x48\x24\x0c\x27\xe1\x01\x99\x97\x51\xf2\x53\x47\x42\xc0\xa6\x91\x3f\xf6\x4b\x68\x3a\x18\x99\x5a\xbc\x39\x3f\xeb\x9d\x57\xc7\x1f\x49\xa0\x80\x55\x72\x98\xcc\x40\x5d\x11\xb7\x98\x8d\x71\x16\x84\x0c\x5a\xda\xf5\x3b\xc6\x72\xb4\x69\x23\xcc\x45\x7c\x70\x39\x94\x0a\xd4\xd5\xbf\x07\x3c\x6c\x88\x6b\x13\x39\x52\x59\x26\xd2\x81\xdb\xd1\xa7\x97\x39\xb2\xe3\x64\x14\xcb\xd3\x21\xb1\x85\xfc\x88\xf1\x8d\x2f\x81\xc8\x09\x97\x5b\xe9\xa0\x93\x64\x4c\xc5\x59\xed\x2a\xe5\xcc\x0e\x35\xcb\xdd\x18\x11\xf7\x02\x86\x05\x7a\x3f\x70\x30\x67\xed\xdd\xf5\xeb\x16\x90\xa7\x42\x7b\xb7\x3f\xe3\x02\x4e\xd0\xdb\x82\xa5\xce\x8f\x17\x16\x42\x8a\x76\xfd\x29\x2b\xa9\x9a\x30\x0c\x4b\x2f\x36\x0d\xa2\x12\x46\x17\x59\x0b\x10\xe3\xb1\x62\xa6\xe6\x7d\xd5\xd5\xa5\x9b\xcc\xa1\x0f\x61\x0f\xa0\x64\xaf\xfd\x55\xf8\x48\x3b\x98\xa6\x8d\x07\x6f\x27\x8a\xbf\x88\x8a\x08\xa0\x14\xe0\xea\x49\x91\x80\xfb\xc7\x98\x40\xce\xed\x13\xcc\x6b\x24\x58\xbf\xab\x9b\x0d\xd7\xae\x9d\x86\x46\x1f\xe2\x15\xe7\xc9\xf6\x3f\x76\x8c\xee\x4a\x88\x2d\xf0\xdd\x84\xe3\xeb\x4f\x2d\x7f\x6b\x18\xfa\x57\xd8\xbc\x7d\x9a\xfb\x63\xc2\x1a\xc4\x65\xe7\x90\x3b\x9b\xfb\x86\x38\xa2\x93\x61\xf7\xeb\xfc\x6e\x54\xe5\x46\x5a\x6c\xef\x46\x3a\xe2\x26\x43\xae\x41\x02\x58\x77\x9c\xa7\x4b\x70\x40\x1a\x94\x55\xa4\xd1\x57\xd7\x4a\x70\x29\xef\xe6\xb5\x19\xa8\xc4\xbe\x69\x67\x56\xe0\x45\xae\x40\x81\xb7\x7d\xd6\x03\x1f\x0d\x25\x0f\xa7\x61\xe6\x0f\x85\x9d\x90\x63\xfc\x10\x5a\xa0\xa1\xa7\x45\x0a\xf1\x53\xe7\x05\x47\x77\x77\xc4\x42\x58\x6d\xf4\x07\x40\x2b\xa2\x38\x75\x2f\xae\xf7\x4f\x33\x45\xc2\x6a\x45\x33\xbe\x9a\x61\xf5\xfc\x6b\xde\x48\xe3\xcb\xa7\x5c\x04\xd6\xf7\xb3\x33\xe3\x70\x06\xdd\x0c\x94\xfd\x3b\x6a\x13\x0b\xd6\xfc\xdb\x3c\x6a\xbe\x21\xca\x60\xeb\x43\x1c\xc2\xd8\xa2\xec\xe7\x16\x9d\x2d\xcf\xce\x27\x60\x82\x56\x57\xfd\x4c\x26\xf3\xc3\xb8\x30\xac\xdf\xd5\x08\x01\x1d\x14\x76\x4b\x3b\xe9\x17\x15\x57\x1a\x31\x83\x01\x8e\x0d\x22\x1f\xb9\x53\x2b\xb2\xe1\x71\x1e\x72\x5a\x27\x3a\xe0\xcc\x2f\xac\xcb\xa7\xd5\x50\x49\x29\x45\x9c\x99\x25\x17\xb0\x5c\x1d\xdd\x03\xaa\xcc\xd9\x37\xb8\x6e\xb6\x7b\xc8\x20\x2d\x01\xca\xb3\xd4\x89\x58\x6e\xea\x1a\xcc\xa7\xdc\x20\xcd\x0b\x64\x75\xc2\x58\xff\x67\x36\x61\x49\x6a\x22\xea\x96\xb8\x9d\xb4\xbf\x3f\xca\xae\x3b\xb0\x4f\x67\xdb\x09\x6a\x47\xff\x7e\x1e\xe2\x39\x56\x2d\xc1\x0d\x40\xf0\x53\x94\x4f\x3d\x7b\xcc\x3f\xf4\xc0\xff\x76\x56\x54\xba\x5e\xa6\x4f\x0e\xa6\x3e\x45\xa2\x1d\x9b\x12\x94\x9f\x14\xf7\xea\x70\x74\xe9\xb6\x59\xc5\xc5\xd4\x48\x16\x84\x2d\xe8\x96\x98\xa8\xfc\xca\xce\x43\xeb\x6b\x41\x35\xe0\xb3\x33\xac"},
+{{0xf2,0x6a,0xf2,0x10,0xe3,0xb2,0x01,0x73,0x99,0x0c,0x77,0x45,0x92,0x2c,0xdf,0x94,0x24,0x77,0x3a,0xbb,0x37,0x4d,0x77,0x7a,0x51,0x2c,0xf5,0xb9,0x7b,0x3a,0x00,0x0d,},{0x54,0x58,0x6a,0xbf,0x04,0x11,0x76,0xe0,0x6a,0xec,0x5b,0x60,0x10,0xe1,0x90,0x91,0x6d,0xa5,0x4a,0x8c,0x4b,0xde,0x28,0x8c,0xf2,0x4d,0x8c,0x10,0x7c,0xb3,0xb7,0x30,},{0xce,0x45,0x45,0x30,0xb9,0x22,0xba,0x5e,0xa1,0x62,0xf1,0xa4,0x52,0xe0,0x5c,0x00,0x36,0x3a,0x49,0xa9,0xdb,0x8a,0x56,0x94,0x97,0xc0,0x0c,0xaf,0x1c,0xbe,0xa9,0x91,0x80,0x77,0x05,0x54,0xed,0x4e,0x31,0x40,0xdf,0xca,0x45,0x55,0x15,0x9e,0xbf,0x48,0xef,0x5d,0x2a,0x50,0xf3,0x94,0xae,0xbd,0x78,0x21,0x16,0xed,0x65,0x69,0xa4,0x09,},"\x88\xe2\x6d\xa3\x5c\x54\x88\x4b\x47\x14\x6f\x4e\x3f\x01\x4a\xb6\x5b\x3d\x71\xaa\x7e\x3c\x33\x91\xad\xbe\xb1\x9e\xf2\xe7\xb9\x30\x2e\x28\x19\x91\xb2\x61\xb6\xa0\x99\x2e\x2e\x89\xa4\x9f\x48\x0c\xa2\xd8\xe6\x84\xb1\x2f\x9b\x15\x09\xb3\x8f\x6a\x7a\x98\xa5\xdd\xb4\xc2\xd8\x69\xfd\x03\x18\xe9\x8e\xcd\x8f\xd9\xdf\x49\x1b\xaf\x99\xa9\x29\x4d\xe4\x9e\x1c\xf8\xdd\x41\xee\x85\x73\x0a\xf0\x25\xa7\x01\x14\x3e\x4f\x0c\x8e\x3d\x92\xd5\x5b\x59\xca\x7d\x4a\x6c\x89\xad\x76\x0d\xff\xc0\xc2\x18\x92\x09\x50\x8e\xf6\xc2\x21\x4e\xdf\x99\x67\xb1\x7d\xef\x12\x3d\x86\x92\xc9\xe4\xe2\x0b\x1e\x98\x26\x88\x08\x70\x4f\x5f\x9f\xe1\xa6\xd6\x05\x5e\x32\xc8\x72\x56\x4b\xd1\x7e\xdb\x73\x59\x57\x86\x29\x01\x7f\x0c\x30\xfe\xab\x8b\x50\x4e\x22\x89\x23\xad\xc7\xe8\x1a\xe2\x0a\x85\x2d\xb0\xad\x67\x6a\x78\xe0\x81\x33\x6d\x6b\x04\x02\xf9\xcd\xc5\xd5\xe9\x01\x28\xca\x94\x5d\x10\x51\x5c\xa0\xc5\xef\x03\xf7\x31\xb1\xd4\x0a\x71\x07\x41\xd4\x1c\x1d\xd1\xca\x16\xb1\x06\x0f\xeb\xf2\xa0\x53\x2e\x6f\x5d\x76\x51\xef\x44\x63\x75\xec\x18\x09\x0c\xb8\x41\x8b\x82\x02\xf2\x5a\x03\x89\x03\x1b\x30\x7f\x22\x3c\x5b\x5f\x6a\xfe\x36\xa9\xad\xc1\x06\x8f\x2c\x6e\x0e\xa5\xb2\xb6\xcf\xeb\x8d\xc0\x04\xf7\xb8\x29\xc8\x04\x39\x06\x9b\x81\xa7\xbd\x90\x74\x77\xc6\x13\x5e\xf2\x82\xb7\x71\xf1\x41\xdb\xe7\x5a\x0f\xa0\x56\xe0\x6b\x8a\x1a\x1f\x98\xc2\x5f\xa5\x4d\x14\xc8\xfd\xb4\x2d\x65\x02\x59\x5c\x59\xd2\x5b\xac\xf1\xa1\x9a\xde\xfc\xc1\x31\x70\xf7\xa4\x31\x7b\x6a\xb6\x10\xb6\x09\xd4\x14\xb0\x07\x3e\xa0\x4a\xc2\x9e\xb1\x0e\xe7\x3c\xd7\x1a\x4c\xa6\x04\x09\xf8\xe7\x60\xe6\x0f\x93\x95\x10\x10\x0d\x0c\x8c\xd7\x6f\x26\x4b\xb3\x78\x11\xf9\x7a\xa5\x29\x9a\xc0\xb1\x2d\x41\x68\xff\x38\xec\xdf\xa8\x0b\x1e\x5c\x1b\x3b\xbd\x4d\x40\xd3\x54\x47\x35\xdf\x71\x67\xeb\x15\x8a\x9a\x9a\x23\x4d\x44\x5f\x1d\x66\x3d\xed\x71\x71\xed\xc6\x8d\x17\x2c\x92\x21\x4b\x82\xef\x13\xfe\x6b\x8c\x43\xaa\x89\xb7\x39\xb4\x99\x0a\xe9\x47\xa3\x4f\x02\x0a\x8d\x89\x43\xb0\xf7\xa5\xd6\x1d\xfa\x76\xad\xde\x02\x72\xe9\x8c\x11\x59\xc0\xfd\x8a\x1d\xe3\x3f\x2c\xef\x8e\xdd\x32\x85\x7b\x21\x89\xed\x96\x12\x80\x57\xeb\xde\xa8\x1f\x7a\x3a\x3d\xff\xe1\x89\x3b\x5b\xa8\x77\x55\x6c\x90\x38\x3f\xa2\xc5\xa6\xfd\x68\x0e\x8a\x67\xde\xe4\x80\x2d\x90\xdf\xe9\x71\x62\x3a\x7b\xe2\x2a\xb3\xca\x56\x06\x7b\x1e\x5c\x69\x4a\xa8\x4c\x19\xf1\x6d\x69\xe2\x84\xdd\xfa\x03\x9c\x10\x8d\x04\x35\x81\x38\x12\x39\x0d\x8e\xbc\x1e\x50\x13\x81\x76\xf2\x59\xdc\x0f\x26\xbc\xa1\x3b\xc9\x43\xf5\x0d\x5a\x35\x00\xb1\x8d\x59\x35\x74\xc6\x20\xfc\x09\x7a\xce\x43\x0f\xb8\x07\x28\xd3\xa1\xaa\x64\x4e\x50\x4b\x10\x09\xad\x67\x53\x6c\xeb\x01\x1f\x2a\x35\x7d\xbd\x00\x9e\x4a\x63\xf5\x24\xd5\xb5\x95\x7f\x33\x15\x67\xc5\xb4\xd1\x85\xa6\x1d\xf2\x2d\x70\x71\xd3\x1a\xe9\x21\x41\xe1\x99\xc1\x22\x89\x51\x5a\xed\x80\xc9\x10\x21\x45\x6b\xcd\x45\xcc\xc6\x34\x03\x7d\xcf\x69\xb4\x1d\x6b\x1f\xf5\x34\x71\x01\x0d\x99\xf1\x87\xf0\x46\x54\xf4\x36\x22\x28\x78\x71\xfe\xe6\xdc\xf5\xf3\x02\x3c\xbd\x09\x13\xd9\x9a\xff\x43\xfa\x95\xb3\x2e\xa2\xb1\x33\xb4\xc9\xac\x4b\x01\x7b\x7c\xf8\xf9\xbe\x50\x86\xfe\x92\xb4\x2c\xb8\xdb\xed\x5b\x63\x0b\xf0\x97\xc1\x8e\x2e\x55\xc3\xdd\x93\x27\x1e\x09\xc2\xd1\xcc\x6a\xf8\x7d\x83\xfd\xef\x3c\x3e\x3c\x4c\xba\xfb\xea\x9b\x60\xfd\x5e\x9c\xf0\x01\x1d\xe2\xe9\xe2\x6f\xbf\x09\xaf\xee\xf5\xc6\x98\x02\xa6\xc4\x6b\xdf\x54\xc1\x45\x86\x29\x44\x17\x3e\x01\x7e\x30\x14\x9e\xa5\xc0\x3c\x7a\xef\xa2\x8a\x9c\xac\x77\x67\x00\x2e\xa3\xfe\xfb\xde\xae\x5b\xae\x00\x5c\x37\x0d\xbc\x06\x42\x44\xd5\xb9\xbe\x55\x00\xa3\x57\x26\xa9\x9b\xc9\xe8\xc2\x75\x2d\x51\x0e\x13\x9a\xf2\x25\x58\x00\x98\xc8\x18\x9a\xa9\xc5\x20"},
+{{0x39,0xbf,0xfe,0x00,0x7f,0x8d,0xf7,0xce,0x4e,0x56,0xfd,0x17,0x6b,0x10,0x2b,0x92,0x3b,0xa4,0x8a,0xeb,0x82,0x69,0xfd,0x0c,0xd5,0x20,0xc2,0x3a,0x7b,0x23,0x6e,0x6c,},{0x95,0x32,0x63,0x68,0x00,0x01,0x0b,0x3d,0xd4,0x01,0x2e,0x34,0x1f,0xca,0xd6,0xd2,0x9a,0xfa,0xd4,0x84,0xe6,0xfd,0x73,0x6e,0x89,0xd5,0xbc,0x02,0xba,0x0a,0xc8,0x53,},{0xa2,0x7c,0xca,0x4b,0x9f,0x5b,0x95,0xad,0x0e,0x44,0xe4,0x74,0x0c,0x15,0xde,0xae,0xb9,0x3f,0x22,0xa9,0xb2,0x54,0xeb,0xbd,0x23,0x29,0x36,0x5a,0x00,0x96,0x6c,0x9f,0x4e,0xc1,0xe5,0x5c,0x58,0x94,0xe7,0xbf,0xc2,0x3d,0x39,0x8d,0x39,0x70,0xb9,0x46,0x5e,0x98,0xa8,0xd2,0x3e,0x72,0xda,0xe8,0xe3,0x50,0xda,0x35,0x31,0xae,0x69,0x08,},"\x7a\x8c\x20\xbf\x2e\xff\x69\xaf\x8b\xad\x6b\xdf\xab\xc7\x90\x9c\x58\xce\x74\x6c\xc4\xdf\x78\xb6\x9b\x33\xc1\x05\xba\x3b\xd8\xda\x75\x24\x47\x58\xb5\x17\x2d\x5c\x45\x01\xbc\x39\x97\x01\x85\xee\x3d\x43\x70\x83\xa9\x95\x9f\x81\xe7\x66\x5b\x82\x9a\x69\xa5\xd7\x2e\x03\x4d\x35\x1a\xdd\xdc\xeb\x3d\x3f\xff\x58\x99\x88\xdf\x18\x2b\x46\xfa\x53\xd2\x6e\x7c\x9e\xac\x06\x22\x15\x78\x8f\x23\x37\xbf\x90\xf0\x17\x7d\x8c\xa7\x44\xf9\x5f\x28\xfe\xa8\x54\x59\x3c\x43\x62\xc8\x2e\x9d\xed\x19\xb9\x04\xff\x99\xd2\xbe\xa8\x24\x32\x82\x2e\x52\xc3\xda\x6d\x46\x2d\xa7\x54\xff\x1f\x8b\xd1\x09\x94\x2d\xf5\x1d\xba\x25\xb7\xcd\xe8\x38\xd5\xf5\x24\x23\x9f\x13\x31\xf4\x63\x19\x4e\x10\xff\x56\x79\x5b\x29\x68\x78\xfe\xb1\xf5\x5d\x43\xec\x7d\xaf\x0c\xa5\xab\x3d\x68\x4b\x55\xbb\x0a\xa4\xc7\x20\xd4\xb5\xc2\xe8\x30\xc8\x58\x69\x4d\x3d\x0f\xdb\xaa\xd0\xbf\x67\xd8\x73\x18\x2d\x95\xb2\x41\x2f\xce\x5e\x7b\x00\xfa\x6b\xfc\x38\xb1\x32\xef\xb9\x6f\x87\xbc\x6c\x10\x07\x0a\x57\x16\xec\x9b\x33\xa2\x69\x2c\xdf\x5b\xc4\x1c\x7f\x73\x7e\x28\xc4\x22\x03\x17\xa4\x89\xb7\x32\x3d\x5e\x20\xf6\x5d\x37\x5d\x76\x9f\x9e\x79\x37\x6f\xd0\x2d\x85\x36\x86\x71\xe7\xe0\x81\xeb\x75\x3f\x88\x85\x45\xeb\xe5\xc0\x00\xb2\xf8\x01\x43\xeb\x35\x8d\x43\x18\x5e\x2f\x1c\x29\x4b\x9f\x29\xc8\xbb\x91\x48\x2d\x43\x87\x49\x4a\xad\x17\x6d\xeb\x85\x54\x0f\xd0\x05\xc9\x7d\x13\xe6\x66\x3f\x09\x94\x4e\xb4\x3a\x46\xe6\x23\x67\x94\xbf\x6e\x21\xf8\x1d\x0a\x42\x09\x0f\x9c\xce\xf9\x0a\x6c\x48\x07\xb5\xff\x54\x13\x00\xe5\x93\x48\x81\xa8\xd9\x21\x96\xb4\xce\xe8\x5d\x28\x09\x2a\x82\x8e\xa3\xbf\xc6\xb7\x45\xad\x21\x9b\xe9\xf5\xe9\x57\x41\x17\xd0\x79\xe0\x2f\x4b\x74\x8e\x2c\xc0\x1a\x32\x82\x6a\x37\x08\x23\x19\x14\xd2\x77\x2c\x76\x41\x19\xfd\x99\xd5\x3a\xb5\xb5\xa2\xe9\xd8\x91\xa4\x8a\x9a\xaa\xac\xc2\x63\x38\xb1\x82\x48\xdb\x8a\xb2\xd5\x25\xda\xf1\x5f\xf5\x3a\xcb\xc3\xaa\x98\xd4\xf2\xd4\xa3\x37\xbb\xaf\x6d\x1b\xe2\x19\x85\xa4\xaf\x60\x0e\x29\xbb\xb4\x2c\x8d\x89\xe6\xb3\x89\xc6\x6f\x42\x27\x0c\x3a\x0b\x05\x1b\xdb\x62\x38\x81\xe0\x2f\x2f\x42\x94\xce\xc3\x47\x63\x86\x74\x7a\xba\xe6\xc7\x70\x0b\x8f\x9b\x03\x87\xcd\xdf\xb7\x36\x68\xfb\x57\x69\x3d\x84\x74\x19\x6b\x33\xab\xd1\x2d\xce\x59\xa5\x7c\xf7\x2e\xe6\xcc\x1d\xdb\xaa\xdf\xb1\x9e\x90\xaf\x81\x31\xb3\xa9\x0f\x98\x67\xf4\xc7\xe1\x5b\xdf\x9e\x21\x84\x77\x01\x6b\xd0\xad\x3b\xe8\xdd\x05\x96\x71\xff\x65\x6c\xbd\x4e\xd8\x98\x08\x6d\xe4\xd4\x23\xf3\xdf\xb2\x70\xbb\xf1\x9d\x9f\x53\xf7\xf6\xf2\xd2\x2c\x6a\xc9\x02\x5c\xba\xdb\xa4\x42\xe3\x1d\x98\x11\xe3\x7e\x84\x7d\xbd\x48\x4d\x80\xcf\x74\x30\x39\xff\xa7\x04\x84\x70\xfb\xdc\x60\x80\xf6\xd3\x81\xdc\x7e\x3f\xa2\x71\x22\xdf\x53\xcc\x06\x39\x4e\xa6\xfc\x44\x6e\x1b\xa7\x25\x38\x73\x3e\xd3\xab\xb6\x85\xf1\x6d\xfd\x5c\xcf\x58\x5a\xe8\xfb\xf9\x95\x4b\x50\xf1\x0b\x7e\x54\x32\xa2\x2b\x36\x94\x06\xa9\xb7\x08\x89\x61\xf0\xae\x20\x74\x95\xae\x71\x85\x39\x6d\xcc\xf2\x92\xdc\x46\x3f\x41\xf3\x76\xa1\xca\x89\xee\xfb\xae\x19\x26\x91\x52\x03\x1b\xfd\x81\x52\x88\xe8\xb5\xba\xf3\x48\xc4\xf8\xff\x3d\xff\x4f\xd6\xd1\x08\xf8\x71\xda\xa3\x52\x11\x0f\xa6\x41\x88\xb0\x1b\x85\x26\xa8\x45\xaa\xed\x13\x3e\x45\x6b\x4c\x83\xc4\xfd\x4b\xbb\x16\x5b\x40\x90\x30\x7e\x8e\xb1\x7d\xf1\x76\xc3\x22\x52\x0f\x37\x59\x9c\x21\x05\xaa\x81\x20\x75\x83\x94\xa4\x22\x24\x73\x47\x67\x64\xcf\x0a\xf7\xc5\x51\x83\xeb\xa9\x68\x3d\x72\x70\x63\x14\x43\xf3\xc5\x1f\xb8\xab\x0c\x13\x0a\xc4\x36\xab\x60\x3f\xf4\xf1\xd8\x65\x6c\xdb\xed\x22\x9a\x20\x2b\x40\x00\x8e\xa1\x0b\x17\x15\x42\xf7\x4a\x70\xb7\xbb\xac\xc4\x01\x6b\x7f\x63\x6a\xa8\x96\x33\xb7\x66\x80\x58\xf1\x33\x12\xf5\x7c\x51\x62\xd1\x8e\x39\x9e"},
+{{0x3c,0x40,0x80,0xcd,0xa0,0xfc,0x3c,0x03,0xb6,0x14,0xd9,0x80,0xf2,0xff,0x83,0x1f,0x5b,0xe0,0xe7,0xa9,0x81,0xd5,0x38,0x1a,0x16,0x18,0xe0,0xb8,0xfd,0x00,0x17,0x76,},{0xf1,0xc3,0x26,0x9d,0x87,0x04,0x02,0xca,0xa4,0x38,0x82,0x13,0x5d,0x9d,0xba,0xdb,0xbb,0x16,0x2d,0xfc,0xa0,0xb3,0xda,0xd1,0x97,0xe6,0xb8,0xa7,0xee,0x67,0x9a,0x70,},{0xc9,0xd4,0xa4,0x72,0x8b,0x8f,0xdd,0x24,0x0d,0x9c,0x49,0x8a,0xa3,0x5d,0xe9,0x5a,0x4b,0xbd,0x51,0x78,0x5b,0x73,0xc8,0x40,0x3f,0xdf,0x04,0x0d,0xfa,0xed,0x94,0x47,0xef,0xad,0x00,0x69,0xb6,0x7c,0x78,0x3d,0x4b,0x81,0xd9,0x66,0xbe,0xf6,0xe3,0xd9,0xa8,0x08,0xa0,0x58,0x4b,0x98,0xec,0x2b,0x18,0x32,0x2c,0x4c,0x92,0x0e,0xb0,0x0a,},"\x0c\xee\xbc\x0e\x8a\x47\x72\x0f\x25\x83\x5e\x2b\x9a\xcf\x89\x1b\xcc\xa4\xbd\xa3\x86\x37\xf3\x63\x27\x44\x58\xba\xa9\xe2\xbb\xaf\xed\xd0\x93\x8f\x56\x88\x73\x4e\x22\xac\x50\xfb\x12\x0f\x66\x5f\x6c\x4c\x61\xc6\x53\x17\x39\xb9\x29\xac\x83\xcd\x77\xf8\x96\x3b\x75\x44\x88\xb9\xb8\x59\xc1\x38\x53\x63\x7c\xf0\x25\xc1\x4e\x8f\xdd\x11\x8f\xaa\x14\xcf\x39\x30\xce\xb3\x5f\x10\x4d\x95\x44\x1e\x56\x48\x94\x40\xf6\x20\x41\xef\x1a\xa7\xc4\xb0\x8b\x28\x07\xe3\x2b\xb9\x58\x4b\x90\x04\xd7\x6e\x76\x53\x33\x48\x50\x6d\x64\xf1\x12\xe1\xff\x6f\x93\x8f\x64\x22\x30\xbf\x38\xaf\x01\x0e\x41\x98\x72\x70\x24\x8b\x13\x63\x5a\x35\x67\xb3\x55\xbb\xa5\xb5\x74\x48\xc6\xd1\x3b\x74\xf3\xbe\xbf\x61\x79\x15\x82\x10\x28\xfc\xa5\xde\xfa\x4c\xe5\x42\x4c\xa1\x91\xcd\x54\xa2\x29\x44\xa3\xd9\x40\xe4\xee\x2e\x2b\xa5\xd5\x04\xc8\x5f\x95\x9b\x51\x4c\x4f\xab\x41\xcc\xb5\x74\x3d\x9c\xb2\xf9\xbf\x33\xd1\xd8\xc2\xa5\x86\x9e\x9f\x46\x60\xc3\xfb\x22\x4b\x39\x14\x1e\x31\x10\xc9\xee\x8a\xeb\x87\x1e\x14\xc6\x2c\x6b\xe3\x8f\xb9\xa4\x56\x8d\x73\x68\x10\xbb\x9d\x20\x73\x17\x8b\x6c\x7e\x87\xe3\x58\x2e\xfc\x62\xb5\x3c\x23\xc5\xd4\x65\x20\xba\x33\xff\xb3\xa9\xca\x64\x9e\xf2\x6f\xe7\x4a\x3c\xff\x61\x88\x42\x73\x26\xb8\xc9\x6f\x74\x35\x4c\xb3\xec\xaa\x61\x1b\x12\xcd\xed\x56\x5e\x59\xfe\x1f\x8f\x40\x00\x97\xe9\x3e\xa8\x59\x51\xb5\xb4\xe9\x00\x9e\xea\x7d\xb9\x37\xe4\x34\x9c\x4e\x5e\x00\xc4\x45\x6c\x6c\x5f\x4e\x57\x41\x1b\xaf\x4e\x46\xe7\x00\xac\x40\x02\x57\x76\x5f\x48\xda\xb0\x3e\x43\x9f\x76\xc1\x49\x9b\x51\x08\x04\x7c\x83\x01\x09\xdc\xe7\xf7\x40\xd1\x39\x37\x87\xe2\x9d\x37\x16\xd3\xc4\x7e\x75\x5c\xb8\x28\xe7\xd4\x40\xa9\x71\x97\x51\x97\xeb\xdb\x3f\x9b\x73\x7b\xa1\x1f\x7f\xd0\x38\x6a\x95\x92\x49\x01\x7d\xe7\x23\x4d\x5e\x5a\x9b\x47\x3b\xb9\x58\x3a\x37\x42\xc7\x74\xee\x55\x2a\x12\xa1\xf3\x6e\xb3\xf2\x6c\x88\x5b\xed\x22\xe9\x1c\x74\xcf\x32\xa8\xdd\x3e\xdb\x08\xb6\x74\xbf\x38\x6e\xf4\x27\x72\x79\x12\xd5\x7c\x5f\xaf\xaa\x1c\xfe\xb7\x40\xcd\x52\xb9\xde\xe9\x95\xe3\xd0\x16\x1c\xd9\x21\x3f\x38\xfd\x68\x1d\x53\x8a\xb8\xbf\x97\xb7\x45\xf5\x49\x80\x03\x0e\xf8\xb7\x26\x96\xd4\xe2\x74\x73\xfb\x0f\x1a\xcd\x5d\x0a\xae\x02\x97\x21\x16\x80\xea\x0f\xc5\x9d\x7b\x6d\x51\xc6\x32\x92\x58\x5a\x1d\x55\x3d\x0c\x89\x54\xb4\x2a\x4b\xd6\xfc\xd3\xa4\x95\x75\xbf\x5c\x88\x95\x3f\x1f\x4e\xa7\xfe\x0e\xd7\xa5\x79\xd1\x69\x7e\x64\x5e\x2a\x61\xc6\x9d\x1a\x56\xbc\x60\x5b\xb0\x40\x60\xa2\x77\x8d\x50\x9a\x8a\xad\xbf\x35\xd9\x46\x97\xcc\xee\x9d\x35\x43\xdd\x01\x28\x1a\x03\x1f\x2a\x0e\xb3\xa9\xeb\x13\xae\x56\xff\x44\xfa\x0a\xed\x4f\x34\x88\x74\x7d\x6a\xf8\x20\xf3\x98\x9b\x71\x33\xf4\x49\xea\x56\xd3\xa7\xf7\x31\xe7\x91\xb7\xed\x2a\x5d\xb9\x39\xbb\x75\x35\x2d\xe7\xda\xec\x50\x66\xfd\x57\x55\x71\x65\xad\xff\xa6\x31\xcd\x3f\x96\x7c\x3c\x7c\xfc\x11\xcc\x1f\x14\xfa\x23\xde\xfe\xc3\xeb\x02\x39\xb4\x5e\xd6\x01\xa3\xa8\x07\x8c\xcf\xc7\xf8\x38\x09\x02\xa8\x59\xee\x9c\xe2\xdb\x79\x5e\xfa\xca\x0a\x01\xdc\x08\x79\xd5\x06\xac\x97\xd1\x07\x04\xd7\x75\x7b\x3c\xcf\x3b\x37\xc3\x39\xb4\x2d\xb2\x37\x82\x27\x80\x23\xe4\xc2\xe7\x7d\x74\x24\x6c\x9e\x54\x41\x49\xa5\x5c\x0c\x92\x0e\xbf\x29\x86\xb4\xc5\xb4\xb3\x57\x2f\x74\x8c\x4b\x15\xc7\xf8\x63\x99\x9b\xc5\x13\x2a\xda\xd0\x97\x61\xeb\x76\x50\x50\x19\x76\x9f\xb5\x54\x22\xf6\x03\x18\x4e\x24\xc0\xd4\xf3\x76\x19\x87\xb5\xc5\x0f\xea\xfc\xce\x53\x30\x2a\x3a\x41\x5e\x20\xf5\x6a\x05\x48\x03\xe5\x53\xba\xcd\x24\x2a\x5e\x13\x64\xaa\x3b\x2d\x7c\xb3\xbc\x1e\x1b\x86\xa4\x74\x31\xcb\xd3\x96\x95\xb6\x7f\x55\x4c\x46\x45\xb7\x23\x69\x04\x09\x4c\x11\xaa\x1b\x40\x32\x6b\xa9\x1b\x8b\xf4\x87\x3e\x9a\x4d\xe0\x4e\x2b\xf4\x62\x59\x72"},
+{{0x45,0x43,0x8f,0x91,0x46,0x5d,0x74,0xa2,0x82,0x5b,0x0f,0x66,0xa3,0x5b,0xd7,0xc8,0xd0,0x05,0x86,0x54,0x79,0xb3,0xdc,0x10,0xa9,0xb5,0x6f,0x29,0x7d,0x31,0xb9,0x26,},{0xf0,0x92,0xb5,0x88,0x03,0x30,0x87,0x1e,0x5a,0xaf,0xdd,0x3c,0xeb,0x38,0x50,0xee,0x7e,0x09,0x41,0xa2,0xa1,0xdc,0x89,0xf4,0xfb,0x47,0x71,0xd7,0x5a,0x22,0xf6,0xf2,},{0xd9,0x28,0x7b,0x7f,0xec,0x01,0x7f,0x2e,0xa4,0x0a,0x14,0xa1,0xf6,0x2d,0xca,0x78,0xb0,0x2a,0x3d,0x66,0x32,0xdf,0x7c,0x60,0xeb,0xd9,0x0f,0xc5,0xe4,0x92,0xc5,0xc6,0x2c,0x43,0x16,0x6b,0xf8,0x56,0x58,0xfb,0x30,0xa0,0x8b,0x57,0xa5,0x81,0x31,0x21,0xb8,0x03,0x97,0x57,0x1a,0x31,0x2b,0x6d,0xd1,0x1b,0x65,0x39,0x20,0x54,0x16,0x02,},"\x30\x71\xd4\xb7\x20\xdf\x10\x93\x65\x99\x67\xcd\x4e\xef\xef\x2e\xf9\x67\x84\x75\xf7\xde\xc5\x8f\xec\xec\x1d\x92\x8d\xea\xf8\x02\x45\x7a\x19\x34\xe6\x04\x55\xf4\x96\xcf\x42\x51\x82\x0e\xd6\x0a\x3d\x81\x33\xb6\x24\xd3\x3a\xf2\x6a\x26\x27\x84\xb5\xa2\xfb\xa7\x3c\xca\x2a\xa5\xe5\x19\xe1\xf5\x39\x58\x47\x80\x64\x98\x64\xba\x5f\xbc\x1f\x01\x1d\xdd\xac\x38\x1f\x8d\x48\xd0\xd6\x0c\xe8\x23\x17\x01\x17\x3c\x9d\x2a\x30\x7a\x76\x30\x2e\xbc\x69\xdc\xbc\x93\x0d\x28\x43\x14\x75\xb5\x16\xf9\x8f\x77\x8e\xd2\xe1\xff\xf2\x72\x90\x9a\x27\x2c\xc3\xfb\xb6\xb3\x1c\x80\x41\xa3\x7c\xb7\x77\xe0\x62\xe4\x96\x49\xaf\xad\x12\xc1\xb5\xf7\xfc\xb8\x06\x5a\x99\xe7\x42\x33\x62\xad\x16\x90\x60\x31\x26\x5d\xb7\xe8\xb8\x97\x51\xf8\xa4\xa4\x07\xf2\x50\x26\x50\xfe\xd7\x53\xe4\x2c\x8c\x91\x1e\x50\xb9\x4b\x38\x00\x69\x5b\x0e\xba\x7d\xff\x06\xb7\xa7\x10\x11\x7e\x49\x20\xd4\xb1\xc6\x05\xa3\xeb\xf3\x2e\x06\x96\x67\x16\xed\xa1\x4b\x30\x42\x99\x8a\x3c\x7a\x5e\x9f\x83\x54\x2d\x7d\xde\x65\xe5\x28\xbe\xd6\x10\x1d\xeb\x33\x1d\xeb\x94\xcd\xd4\x60\x44\xbe\xf8\x8c\x09\x7b\xaf\xd4\x0d\x69\x21\xa7\xc4\x84\xc8\xf9\x66\x84\xdc\x37\x16\x71\xd9\x4e\xee\x7c\xbe\x5d\x58\x77\x15\x31\x4c\xff\x0d\x18\x77\x27\x2d\x81\x90\xa9\x0e\x18\xbf\xb3\x21\xd5\x2b\xf7\x47\x05\x13\x7b\x2a\xbf\x91\x65\x73\x17\x67\xa1\x3a\xdc\x9c\x85\xe0\x39\x7b\x47\xae\xf9\x6b\xad\xb2\xca\x7f\xcb\x82\x93\xb0\x1f\xd1\xde\x31\x6e\xe1\xe6\x5f\x35\x6b\x9d\x6e\x8e\xa1\xfd\xd8\x37\xbd\x96\x08\x11\x49\xea\x2d\xcd\x73\xc4\x88\x1f\x32\xb7\xde\xeb\xc3\x71\x5e\x2d\x7c\xdb\x64\x3e\x0d\x98\xf4\xe8\x46\x50\x8b\x04\xb3\x24\x39\xff\x14\xb1\x16\x4f\x46\x84\x6d\xf9\xaf\xae\x44\x46\x4c\xf5\x50\x10\x4c\xd3\xaa\xb3\x81\x75\x40\x47\x0a\xaa\x2a\xb9\x55\x9a\x68\xb7\xff\x6b\x1b\x9c\x0c\xe9\xf5\x86\x9c\xbd\xcd\xd6\x17\x09\x09\x42\xe3\x53\xb4\xc7\x7f\x09\x39\x58\x96\xbe\xcd\xdf\xf1\xab\x7f\x07\x58\x6a\x51\x4d\x81\xfb\x09\x63\x61\x55\x75\x66\x87\x0f\x16\x91\x98\x34\x85\xa8\x0c\x34\x13\xda\x98\xb8\xd1\x9c\x78\xe6\x37\x9f\x94\x3e\x5b\xd5\xa5\x69\x7a\xa3\x3c\x5e\x6b\xfc\xfb\x7b\x8d\xf1\xe1\x57\x4e\xe4\x16\xfa\xb3\xc8\xa7\xd0\x88\xb3\xa0\x57\xcf\x86\x53\x21\xb7\x4e\x61\x03\x52\x6d\xd9\xad\x15\xca\x5a\xd3\xc0\xf6\x97\x18\xe2\x70\x81\xd4\xb3\x4a\x7c\x6d\x1a\xab\x6b\x96\xc0\xa7\x54\xb9\x89\xb4\x94\x06\x38\xc9\xed\xe3\xd1\x7b\xd4\x9f\x65\xbf\x78\x3d\xc8\x5f\x1c\x4b\x14\x48\x76\xcd\xbd\xb2\x28\x2a\x95\x64\xaa\x81\xb5\x70\x92\x08\x0d\x64\x48\xfb\x65\x80\xec\xf0\x9f\x82\xa7\x55\x01\x0d\x55\xd4\xa5\xe4\xf3\x05\xe2\x59\xdb\xe9\x95\x08\xb4\x79\x25\x0d\x80\xec\x17\xc8\x76\x0a\x93\xe0\x5a\x29\x57\x1f\x68\x56\x07\x30\x22\xc8\x70\x69\x13\xc4\x6a\x2e\xfd\x2e\x9c\xaa\xe4\xff\xa1\xb4\x22\x2e\x3d\x70\xe9\x79\xe8\x1a\x71\x95\x1d\x7c\xb8\x30\xbc\xbc\xf9\x01\xaf\x24\x4f\x64\xe4\xad\x9f\x52\xfa\x3b\x62\x03\x1e\x35\x16\xda\x50\xbc\x2b\xce\x78\xeb\x9d\x61\xbf\xed\xd9\xb3\xf5\x7e\x89\x35\x5f\x17\x7d\xb6\x16\x2b\xf6\x1d\xa0\xe4\x54\xc3\x42\x88\xb9\x67\xc3\xfb\x4c\x34\x1b\x32\xd4\xd1\x3a\x31\x98\x69\xb8\xe3\x60\x46\xf9\xe3\x38\xb5\xf3\x6a\x1f\xc1\xa7\xed\xa7\xd7\xb0\xd4\x38\xe0\xa7\x5d\x84\xbb\xe4\xd6\x8c\x87\x9a\xda\x80\xdd\xe2\x3f\x71\x55\xb5\x32\xcc\xcf\x7a\x63\xf1\xbe\xdf\x84\xf8\x2f\x44\x0c\x9e\xc3\xcb\x0e\x45\xf3\x2c\x92\xf7\x64\x38\xf5\xb4\xb9\x10\x44\x1e\x67\x38\xaf\x3f\x5d\x20\x50\xd5\x79\xee\x96\xb8\x8f\x3b\x00\x81\x0a\xb1\x26\xff\x3a\x8f\xef\xd9\x71\x04\x43\x24\xdd\x4e\xb3\x44\x7d\xac\x5b\x77\x80\x9c\xda\x8c\x71\x68\x25\x49\xd7\xcf\x2d\xce\xe3\x40\xed\xcf\x94\x94\xac\xa4\x29\x01\xe2\xc1\x1e\xd9\x77\x90\xaf\x48\xbc\xea\x29\x52\x1e\xf0\xe3\xd0\x3c\xda\xde\xcd\xc8\x94\xdd\x07\x56"},
+{{0x72,0xcf,0xce,0xf4,0xc9,0xd6,0xa1,0x98,0x6d,0x19,0x03,0x11,0x84,0x0e,0x55,0xcb,0xaf,0xac,0xc8,0xa6,0xeb,0x5e,0xcc,0x72,0x93,0x4f,0xda,0x53,0x5b,0xdc,0xff,0xb2,},{0xa9,0x44,0x64,0xd8,0xcc,0x8f,0x3e,0x43,0x39,0x39,0x47,0x64,0x9f,0x91,0xc2,0x75,0x23,0x27,0xe4,0x0d,0xac,0xa1,0x1a,0x99,0x70,0xc5,0x18,0x1e,0xda,0x37,0xd6,0x06,},{0xdb,0x72,0x70,0xac,0xce,0x78,0xd7,0xfb,0x09,0x08,0x0a,0x32,0x79,0x41,0xbc,0xe7,0xeb,0x14,0x5b,0x9e,0x36,0x61,0x86,0x6a,0x86,0x83,0xf9,0xa1,0xa3,0xde,0x97,0xfb,0x02,0xb0,0x25,0xdb,0x9e,0xc7,0x6f,0xf3,0x25,0x60,0xfe,0x63,0x88,0x27,0x74,0x2e,0xa2,0xf4,0xeb,0xef,0x6b,0x7c,0xce,0x44,0xf9,0xaa,0xee,0x43,0x4f,0xd7,0xc1,0x08,},"\x66\xa6\xcb\xe8\x8a\x8a\xb9\xa3\x38\x47\x79\x7f\xc4\x80\xb2\x44\xe8\xa2\xb8\xec\x79\xe8\x0b\xc2\x63\x77\x53\xde\xb3\x6f\xa3\x01\x4f\x84\x3e\x22\xa4\x7d\xb0\xa3\x17\x78\x38\x5e\xc1\xf4\x55\x67\x2e\x0d\xff\x6c\xa2\x1c\xa4\xcf\xd2\xb9\x89\x47\x1b\x7f\xfc\x30\x78\x28\x13\x8b\x0a\xd4\xe6\x47\xc2\xd1\x3c\xef\x72\x44\x69\x05\x4a\xbd\x37\x40\x24\x5a\xea\x4b\x78\x9e\x24\x4e\x95\xcf\x9e\xcf\xd0\x8a\x0d\x13\xc7\xce\xd3\x93\x33\x27\x27\xa7\xf3\xd8\xfb\xda\xbd\x93\x9d\xe2\x8c\xaa\x41\xcc\x96\xc7\x08\x11\x98\xe2\x26\x53\xd9\x4e\x02\x4a\x61\xf5\xf3\xdc\x5a\xa3\x7f\xa9\xad\xdd\xc9\x6c\xf1\x69\xd3\x50\x62\xa0\xa2\x9b\xa4\x5a\x53\x9c\x87\xa6\x8a\x3a\x03\x04\x36\x13\x09\xd2\x13\xe6\x14\xee\x83\x73\xda\xfb\xa2\xa7\xd6\xed\x7d\x2a\xd3\x77\x04\xc0\x94\x6e\x4d\x09\x3e\x2d\x94\xd0\x61\x36\x4c\xc1\x23\x10\x63\x72\x91\x03\xa7\x7c\xcb\x50\x18\x91\xbb\xc3\x18\x54\x57\xbb\xd2\x86\x9e\xb6\x3d\xc6\x0f\x19\x6f\x10\xa3\x8b\x7b\x36\xcb\x3f\x64\x3d\x35\xdd\xbf\x43\x8a\x44\xbf\x0c\x8f\x57\x0f\xad\x41\xbd\xde\x26\x7f\x0f\xfc\xf1\xf2\xf9\x27\xd6\x26\xd1\xb0\xd9\x80\xa0\xce\x22\x3f\x2f\x00\x54\x84\x5a\xfe\x41\xd3\x9d\xe5\xa4\x57\x21\x9f\x27\x6c\x67\xe6\x9b\xe2\xd5\xc9\xe0\x70\x13\x16\x39\x56\x1c\x26\x75\x1f\xb0\x64\x35\xe0\xe4\x2e\x25\x08\xc5\xf4\x9c\xd1\x2b\x51\x7c\x98\x33\xff\x97\xf5\xe5\x1e\x1d\xce\xaf\xa9\x42\x6d\x3d\xc5\x2f\xd1\x37\x9c\x64\xcc\xaa\xbb\x26\xdb\x1a\xf6\xde\xd7\x15\x36\x28\x84\x2f\x0c\xbd\xbb\xbd\x6a\xa0\xcf\xa5\x40\x7f\x40\x94\x96\xc0\x65\x32\xdb\xea\xc9\x4d\xab\x9b\xab\xa0\xb3\xc9\x88\xfa\x03\xd3\x6f\x91\x1d\x80\xe4\x9b\x37\x0b\x68\x37\x03\x7f\xf2\x49\xe7\x6d\x69\x2c\xd1\x77\x37\xe0\xd0\x79\x65\xd3\x3f\x17\x04\x2b\xbc\xd1\xe9\x90\xe0\x40\xf7\x19\x36\xf6\xfc\xa2\x54\x2a\xe3\x37\x48\x36\x77\x87\xc0\x1b\xde\xa7\x5c\x9a\x0e\x66\x15\x02\x81\xc4\x68\xfe\x5c\x73\xaf\x9e\x5b\xec\x37\x2d\x50\x20\xc3\xd3\x7f\xa1\x03\x5a\x67\xe2\x24\xd0\x95\xf0\x66\xa5\x1f\xe1\xf6\x81\xc3\x07\x39\x39\x27\x2f\x6a\xf7\x75\x0e\xd8\xd1\x83\x49\x17\x8a\xb4\xa2\xee\xb4\xe9\xca\x82\xbb\x67\x29\x6e\x98\x90\xf3\x16\xc9\xd9\x49\x59\x53\xd6\x84\x36\xeb\x1c\x1a\x2f\xb6\xa1\xcc\xa4\x5a\x8e\x88\xa0\x9b\xdd\x65\xa5\x55\x80\x25\x61\x8b\x36\xd7\xf3\xcb\x38\x9d\x2e\x2a\xb1\xed\x23\x32\x28\xec\x92\xa3\x27\x97\x8c\x0a\xdc\xed\xdb\x6c\x96\x32\xd3\xab\xd7\x97\x16\x21\x71\x37\x54\x75\x8e\x21\x01\x3a\x0c\x3d\x00\x9b\x6e\x31\x93\xcc\x15\x2c\x57\xef\x73\x10\x7b\xd4\x35\x7d\x52\x8b\xe4\x08\x73\x02\x7b\xf1\x84\x0f\x68\x55\x36\x08\x0f\x12\xc5\xff\xa9\x3c\xa6\x29\x73\x67\x80\xe0\x15\xe8\x6d\x19\x09\xf0\xd8\xf3\x72\x01\x0c\x9c\xb7\x2c\x09\x89\x84\x5f\xc8\x83\x15\xe6\xb9\x37\x0d\xc9\x2d\x36\x83\xef\x44\xd3\xf7\x5f\xc9\x6c\x4b\x0e\x89\xe1\x3d\x68\x2d\x19\x88\xb6\x85\x71\x3e\xad\xa8\x42\xbe\x9d\x2b\xbe\x2a\x76\xbb\xa1\x5d\x38\xcb\xaf\xb6\x5c\x40\xc2\x15\x9b\x0c\xee\xb0\xd7\x69\xb9\xbe\x35\x55\x40\x73\x4f\xf3\x77\x36\xc0\xf0\xfa\xcb\x95\x15\x93\x09\x36\x5b\x96\x46\xbc\x4b\x34\x4f\xb1\x9a\x5c\x16\x39\xa8\x8e\x87\x31\x7b\xfb\x3b\x5e\x7b\x51\x30\xfa\x7d\x56\x43\xed\x4d\xa0\x64\x30\xc8\xa0\xc1\x85\x8c\xcf\x2f\x9a\x6e\x3d\x62\x01\x22\x53\xf0\x12\x2d\xba\xb4\xa3\x54\x75\xa6\xf6\x55\x89\xb2\xb0\x95\x99\x28\x26\xe4\xf1\xb5\x8f\xa0\x50\xb8\xf9\x5c\x4f\xeb\xa3\xfb\xaa\xdd\x2c\x22\x44\xad\x4a\xbd\x41\x01\x39\xad\xf4\xc1\x53\xcb\x5e\x69\x33\x7a\xf1\x76\xa7\x83\x7e\xea\xea\x99\xbd\xcd\x59\x38\x5a\xfd\xed\x34\xff\xba\x80\x63\xa3\x5f\x4f\x55\x8e\x4e\xeb\x48\xf1\x48\x7b\x56\xb1\xf8\xd1\xf7\x30\x67\x62\x1c\xb5\x48\xc8\x08\x75\x3e\x35\x26\xa2\xf2\xaa\xbd\xe1\x26\xbe\xa5\x21\xcf\x67\x3d\xea\xfa\x79\x2c\xa5\xbd\x22\x12\x79\x5b\xd6\x6b\x86"},
+{{0xa6,0x33,0x7e,0x4d,0x3b,0x1a,0x49,0xb1,0x26,0x31,0x67,0x78,0xc6,0x13,0x51,0x6c,0x03,0xac,0x88,0xc9,0x6d,0x92,0xff,0x5c,0xc7,0xe0,0xc8,0x52,0x7c,0xce,0x1a,0x62,},{0xf5,0xea,0xc4,0xfe,0x0e,0xa1,0xa5,0xf2,0x36,0xb4,0x9d,0xa3,0x3a,0x24,0xe2,0xf3,0xa8,0x3d,0x4b,0x26,0x0c,0x54,0xd3,0x41,0x6c,0x64,0x4e,0x05,0xc8,0x38,0xbf,0x51,},{0x78,0x13,0x76,0xc9,0x51,0x2f,0xa3,0x3c,0x45,0x70,0x47,0xa1,0xf4,0xf0,0xda,0x31,0x76,0xe6,0x0e,0xe4,0x77,0x82,0x86,0x9b,0x7e,0x9f,0xa5,0x84,0x1d,0x96,0x4f,0x3c,0x1a,0xd6,0x6b,0x70,0xc1,0x14,0xb1,0x77,0x1c,0x32,0x4c,0x83,0xff,0x6c,0xd9,0x97,0xae,0xfc,0xcd,0xc5,0x9c,0x11,0x4d,0xb9,0xf2,0xf3,0xca,0x7d,0x84,0xa7,0xb6,0x0f,},"\xe3\x34\x30\xc3\x8c\x4a\x40\xb3\xc6\x6e\x20\xcf\x3b\x70\xe9\xfe\xa8\xcc\x50\x76\x1f\x2a\xfe\x24\x9e\xc0\x59\xc0\x7b\xc3\xb3\x7e\x5b\x94\xf4\xa4\x3e\x31\x00\x99\xb1\x9a\x85\xf5\x9d\xff\x73\xa7\xe4\x95\xc4\xdf\x31\xf7\x47\x80\xcd\xef\x7b\xd6\xe4\x7c\x39\x4c\x18\x91\xea\x30\x52\xe3\xcc\xf5\xd8\x4b\xae\x08\x2d\x24\xba\x71\x78\xac\x65\xd2\x29\xad\x18\xa8\x49\x40\xf6\xb4\xdb\xc5\x96\xee\x63\xc1\x81\xb5\x7b\x5b\x49\x69\x89\x79\xc1\x86\x32\xfa\x82\x1c\xa6\x1e\x35\xa0\xd0\x35\x1f\xe1\x3d\x69\xe0\x6d\xdc\xc8\xd6\x66\xdc\xa2\x45\x02\x17\x7f\x34\x4e\x2f\x44\x05\x75\xd3\x9e\xbf\xe5\xe7\xf1\x06\x53\xb6\x5b\xef\x29\x1d\xc8\x13\xa0\x43\x4c\x97\x5d\xe1\x64\xc1\xa7\x6b\xf6\xfc\xef\x98\xf2\x31\x81\xc0\x09\xb9\x18\x30\xb6\x18\xe4\x87\x48\x47\xd2\xe2\x1b\xbd\xb9\x3f\x20\xcd\x8b\x1f\x4b\xaa\xdf\x99\x42\x8a\x22\x67\x43\x86\xa6\x68\x15\x2b\x4b\x90\x39\xff\x06\xab\xcf\xe3\x34\xa0\x62\xf7\x94\x05\x61\x72\xec\xbc\x07\x94\xdf\x98\x27\x1b\x9a\xcf\xe4\xb7\xda\x55\x3a\x87\x63\x42\x37\x63\x00\x09\xa0\x5b\x25\x7c\x18\x4c\xbe\x23\xd9\xcd\x5a\x03\x86\x58\x01\x0f\x57\x48\x99\xf3\xb2\xd1\x54\xd1\x85\xee\x67\x23\x09\x13\x65\x0c\x3a\x05\xb5\x4a\x2e\xdc\x24\x3a\x42\x87\x39\x8e\x37\x69\x28\xea\x9c\x6b\x2c\xba\xf3\x71\x25\x25\x40\xe2\xb8\x04\x3f\xcf\x55\x68\x13\x19\x6a\xe5\x72\xc2\x7c\xfb\x5a\x46\xab\xb9\x72\x9a\xf2\xdc\xfc\x29\xe0\x33\xdd\x11\xf3\x3e\x86\xcc\x6a\xc3\xbc\xe6\xf3\xf9\x57\x7d\x36\x78\x1a\x69\xed\x7e\xaf\x8c\x82\x63\xa0\xf1\x8e\xba\x0f\xe8\xa4\x81\xf3\xe1\x5a\x55\x59\x94\x34\x19\x5f\x7c\xb0\x57\xdd\x36\x4e\xaa\x07\xdd\x0d\xfd\x26\x6b\x80\x7f\x53\xa2\x07\x0f\xd7\x91\xe8\x72\x42\x2f\xd9\x07\x13\x4f\x4a\x8a\x78\xa8\x76\xbd\xcb\x03\x1a\xc8\x60\xdf\xe0\xbb\x57\xe1\x05\xdb\x82\x87\xb3\x1a\x60\x4e\xb7\x12\x69\xbe\x5b\xa2\x29\x98\x5c\xea\xbc\x2b\xdf\x16\x5a\xc7\x41\x65\x0b\x1f\x01\x3a\x66\xc9\xbd\x24\x3d\x03\xa8\xb1\xc5\x08\x13\x81\xcb\x92\xe2\x3f\x90\x57\x77\x1f\xc0\x7c\xa3\x2d\xff\x1d\xb9\x4f\x5a\xdf\xd2\xf4\xff\x9a\xf3\x1d\x25\x0d\xd4\xf8\x6b\x22\x59\x2f\x60\xa7\x45\x75\x15\x62\x13\xf1\x08\x46\xc7\x46\xa9\x20\xfe\x39\x85\x1b\x32\xfe\x4c\x8b\x87\x58\x76\x5b\xc5\xb8\xb9\xd5\xb9\x92\x63\xdf\x36\xf9\x78\x88\x05\x3f\xd1\x0f\x1d\x68\xf5\x77\xae\xd5\x59\xbc\xfd\xe7\x44\xbc\x65\x11\x07\x6c\xaf\xd6\x89\x44\xa0\xed\x10\x55\x2d\x11\x34\x4b\xc7\xe4\xd9\xef\x93\x6d\xac\xce\xd5\x27\x43\x31\x32\x95\x9b\x1c\x73\x24\xad\x1c\x4c\xbc\x3a\x1a\x73\x6b\x1f\x02\xaa\xe8\xe0\x61\x1a\xe2\x3f\xdd\x47\x4f\x5b\x8e\xe7\x05\x6f\xcb\x5a\xf6\x13\x3e\xcc\x08\x4b\xb9\xf1\xf5\x0c\xbd\xac\x66\x24\x44\x37\xb4\x34\x8f\x4e\xdf\xe2\x37\xfc\x3c\x38\x29\xab\x94\xeb\x4f\x14\xca\xb1\xcc\xd6\xca\xee\x36\xfa\xdc\x20\xa3\x10\xcf\x06\x90\x62\x2c\xdc\xa8\x48\xae\xd0\x3f\xf4\x03\xa6\x63\x3f\x4f\x65\x79\x94\xb7\x80\xdd\x60\x48\x14\x9c\x3b\xfb\xc1\x78\x89\xe3\x7d\x90\xb1\xe5\x42\x0e\xb3\xd4\x59\x6b\x91\xba\x11\xbc\x02\x29\xc6\x5d\x05\xb9\x3c\xd7\xe0\x45\x4d\x1f\x3c\x6e\x1e\x80\x71\x98\x37\x92\xc4\xd4\x36\x8d\x07\x78\xae\xf4\xe1\x23\x33\x5f\xd2\x96\x2c\x65\x7b\xd0\x51\x35\x71\xa5\xfc\xe2\x11\xde\x62\x87\x4f\x27\xca\x10\xdc\x15\xba\x2d\x44\x5f\x1c\xf4\xbe\x5f\x83\x3c\xf0\xb5\x64\xc0\x22\x57\x6b\x98\xc0\xa2\x43\x49\xb6\x70\x85\xf9\x22\x02\x67\x5d\x7d\xac\x48\xb9\x5e\x3b\xfd\x65\x55\xa9\xec\xb7\xc7\x2f\x08\xbf\xec\x0d\x22\x02\x22\x49\x2f\xdc\x96\x36\xf0\x36\xec\x45\x08\xa3\x65\xb7\xb7\x09\x79\xf9\xeb\x4a\x72\x63\xa8\xba\xcb\x1c\x1d\x01\x55\x73\x86\x46\xcd\xd4\x6a\xb9\x23\x4a\x17\x03\x11\x50\x0d\x0b\xae\x6e\x55\xa8\x63\xbd\xaa\x56\xf5\x16\x45\xad\x85\x29\x7a\x73\x81\xf8\xd2\x0c\xf9\x6c\x47\x4d\x1b\xb8\x1f\xce\x13\x2b\x14\x55\x5d\x1a"},
+{{0x10,0x7d,0xa9,0x8d,0x0e,0xe8,0xe7,0xc0,0x0f,0x6d,0x41,0xec,0x26,0x59,0x44,0xce,0x67,0xef,0x8c,0x8f,0xfb,0x51,0xf4,0xf1,0x1f,0x4e,0x5f,0x1a,0x27,0xfb,0xe8,0x05,},{0x3b,0xec,0x34,0xb1,0x61,0xb1,0xbc,0xff,0x00,0x9f,0x8c,0xfc,0x50,0xd8,0x4c,0xeb,0x6a,0x2d,0x5b,0x20,0x3b,0x52,0x38,0xa8,0xaa,0xd8,0xa8,0x36,0x18,0xb4,0x42,0xe7,},{0x53,0x25,0x2b,0x92,0x3a,0xd1,0x9c,0xc3,0x97,0x84,0xd3,0xa9,0xae,0x59,0xd6,0x2a,0x63,0x00,0xdc,0xc5,0x0a,0xc8,0xfd,0x07,0x13,0xcb,0x58,0x84,0x45,0x01,0xd8,0xd3,0x80,0x5a,0xfa,0x0f,0xda,0x64,0xc7,0x3e,0xa0,0xf6,0x0e,0x6a,0x8b,0x34,0x45,0xbf,0xff,0xe6,0xca,0x6b,0xfd,0xc8,0x7e,0x12,0x8b,0xaf,0x99,0xbf,0x62,0x68,0xfc,0x09,},"\x1a\x7b\x7f\x3e\x1c\x7c\x41\x49\x2a\x7c\xe7\x99\xef\xdb\x2d\x9d\xc2\xf2\x48\x9c\x84\xae\x28\xbb\x7d\x08\x4f\x32\xec\xa8\xfb\xb0\x66\x88\x5a\xc6\xf2\xef\x74\x49\xe7\x12\x26\xa8\x2e\x9f\x15\x37\x72\xa9\x93\xeb\x6b\x6b\xca\x64\x91\xd2\x6a\xca\x5d\xee\x98\xb7\x7a\x1d\xdc\x59\x92\x2b\x31\x45\xc4\x47\xde\x73\x7f\xaf\xac\xba\x5a\x75\xf2\xa8\x01\x37\xb5\x59\x46\x97\x22\x0d\x19\x61\x76\x74\xa6\x91\x13\xfd\xf7\x7c\x34\x3a\xf2\xb7\xe3\x86\x1b\x5b\x78\x22\xf5\x8d\x60\x08\x9c\x3c\xa5\x4c\x74\x9d\x27\xf8\x83\x79\xc0\x67\x59\x8f\x06\x39\x39\xba\x86\x31\xd1\xf5\x2d\xc9\xab\x45\x50\x45\xfb\x36\x0c\xc2\xa5\xb6\xb0\x12\x7f\xac\xfc\xf5\xb1\xb4\xc3\x3e\x3f\x19\x4f\xc9\x24\xb8\x54\x16\x8c\xb1\x16\x9a\xb1\x09\x97\xb4\x38\xb7\x1c\x80\x87\x83\x47\xbe\x88\x7a\xf4\x48\x10\x13\x4b\x51\x4c\x80\x69\x08\x20\x1a\x3d\x3e\x6d\x0c\x56\x12\x0c\x43\x14\x87\x4d\xc2\x94\x4d\x84\x44\xf0\x1b\xaf\xa3\x4a\xa6\x2e\xce\xf0\x98\x15\x45\xe5\xd0\x2f\x40\x16\xc0\xb1\x64\xfc\x05\xae\x18\xf5\x35\xc3\x1b\xf2\x0b\x86\xf3\x1f\x7a\x79\x4a\xba\x14\x89\x84\xc3\xff\x43\x3d\xc2\x22\xc4\x43\xb5\xd2\x6c\x1f\x66\xe6\xc5\xf1\x9d\x19\xcd\x6e\xad\xd4\xdc\x94\x10\x1b\x2f\x52\xb5\x8c\x9d\x45\x90\xcb\x10\xdb\xc5\xd6\xea\xcd\x11\xd4\x2e\xd0\x9f\x15\xbd\xe4\x4e\xe9\x27\x1d\xef\x29\x2f\x73\x1b\xf3\xb4\xac\x6c\xd1\x27\xe4\x88\x4c\x2c\xb3\x0b\x28\x5f\xc9\x24\x76\x38\xa2\x99\xe4\x16\x52\x06\x24\xd1\xec\x8d\x0d\xf2\x49\x89\x39\xc7\x19\xa9\xe7\xbd\x29\xa3\xc5\xc3\x2a\x3e\x82\x41\x36\x8d\x6e\x4f\x90\xfe\xa2\x9d\xc3\xa3\xf1\x47\xea\x9f\x76\xc5\x78\x0e\x73\x14\x3f\x55\xd3\xde\xc7\xb6\x63\x41\xd3\xf3\xea\xc1\xd9\x8f\x8e\x7d\x4e\x87\x75\x09\xb4\x43\x8c\x3a\x52\x46\x6d\x24\x2a\x10\xb4\xc2\x7c\x4a\x0d\xb9\x23\x2d\xad\x01\x14\x14\xeb\xfb\xd5\x79\x06\xf1\xa4\x10\x20\x7b\x52\x6b\x0d\x1f\x1b\x69\x86\xb3\xeb\xd7\x55\x0a\x2b\x3c\x15\xfc\x24\x09\xc7\x62\x6e\x0d\xd3\x30\xef\x67\x22\xe3\xba\x48\xb1\xd9\x20\x56\x52\xac\x19\x4c\x21\x47\x3c\xe2\x58\x55\x9d\xb5\x11\xef\xad\x3e\x5d\x55\xf2\xa7\x96\xd6\x5a\x6a\xb9\x7d\x86\x31\x06\x2a\x59\x3a\x13\xaa\xa0\x95\xdb\xc9\x3e\x62\x17\xce\xd6\x19\xcb\x16\xa5\x7e\x74\x43\x55\xa1\x6b\x15\xe7\x7d\x49\x79\x11\x92\x99\xbb\x04\x3e\x48\xfa\x3e\x61\x54\x60\xe1\x64\x88\x29\x84\xa2\x23\xd4\x18\xca\x95\x34\x0c\x5b\xfc\xda\x67\x3f\xcd\x13\xb2\x9f\x2c\x47\xd2\xf9\x7e\x3e\x8c\x61\x3b\x6c\x58\xdf\x0e\x62\xcf\x23\x06\x1d\x6f\x54\x5b\x75\x50\x33\xfd\x3d\xc1\x40\x5e\x5f\xef\x35\xa1\x3e\x01\x5f\x98\xb1\xcc\x42\xf7\x1b\x99\x68\x1f\x96\x81\x25\x82\x29\xa4\x47\x3d\x86\xea\xbb\x0c\x17\x92\x79\x41\xe5\x0c\x08\xf3\x4a\x76\xb4\x3b\xcc\x6d\x04\x2e\x56\x32\xef\x9c\xcc\x91\xb6\xe6\x95\x0f\x5d\x30\xf6\x70\xfb\x39\x02\xc3\xd4\x09\x31\x5a\x40\xb0\x82\x1c\xe8\xa9\x9a\x97\xfe\xca\x54\x78\xbf\xd7\x82\xe7\x87\x67\xb3\x11\xf3\x74\x16\x3f\x58\x96\xb0\xbe\xb9\x58\x38\xe6\x45\x87\x8c\x64\x99\x03\x85\x12\x3b\x61\x57\x5d\xd8\x42\xdc\x76\x35\x4b\xac\x9c\x6d\x5a\xcd\x99\x35\xb6\x09\xbc\xcc\xb8\x46\x3d\x39\x22\x5d\xa1\xaf\xb8\x91\x1d\x36\xe6\x09\x89\x2d\xd1\x72\x38\x52\xab\x9f\x82\x75\x8f\x3f\x1e\x4d\x28\xdc\xf0\x2c\xb0\x6e\xed\x26\x84\x4a\xae\x68\x82\xed\x44\xbc\xe4\x4a\xbc\xd1\xdf\xba\x63\x34\x18\xc9\xf1\x55\x87\x9c\x97\xab\x27\xf8\xae\x23\x83\x30\x39\x2b\xe5\x49\x1a\x07\x86\x62\xda\xaa\x02\xa3\xd5\x45\x8b\x77\xc5\x49\xc4\x9b\xe2\x01\x24\x5e\x7a\xae\xc0\xd9\x4e\x54\x37\xbe\xca\x6e\x5a\xb0\x46\xd6\x94\xe9\x6b\xf5\x1e\x04\xfb\x44\x37\x9b\x2b\x9b\x80\x16\x75\xfe\x14\x77\xf3\xe0\x89\x87\x4a\x60\x11\x71\xd8\xb6\x8f\x02\x02\x01\x46\x01\xa5\x3f\x81\x2f\x53\xe5\x81\xc3\xb9\x63\x12\xb3\x6b\x9e\xe0\x4f\xff\x11\xd9\xea\xb4\xe4\x51\x48\xdc\xc8\xf0\xfa\xb1"},
+{{0x8b,0xc2,0x29,0xfc,0x23,0x46,0x53,0xb1,0x3c,0x92,0x47,0x10,0xcb,0x46,0x8b,0x8f,0xa9,0xb2,0x80,0xe2,0xad,0xb4,0x9c,0xb4,0xb3,0x6b,0xf5,0x9d,0x6f,0xa4,0xa6,0x39,},{0x46,0x14,0x69,0x75,0xdf,0x67,0x04,0xcb,0xf4,0x53,0x20,0xa5,0xe6,0xcb,0x6d,0xe8,0x13,0x46,0x9f,0x31,0x31,0xe6,0x1d,0x44,0x7b,0xbc,0xa1,0xa4,0x77,0xa0,0xc5,0x57,},{0xd2,0x43,0xb8,0x7d,0x13,0x97,0xd5,0x94,0x13,0x9d,0x83,0xc3,0x9a,0xcf,0x85,0x01,0xd0,0x73,0xbd,0x4b,0xe7,0x18,0xb4,0xc2,0x06,0x98,0x07,0x29,0xe7,0x20,0xa4,0xc5,0xb0,0xea,0x91,0xa2,0x8e,0xa1,0x26,0x04,0xa9,0x87,0xe6,0x95,0x91,0xc5,0x43,0x04,0x9f,0x29,0x73,0xbb,0x91,0xc1,0x70,0x21,0x3c,0x32,0xa6,0x4a,0x0f,0xac,0x82,0x04,},"\xba\xe2\xdc\x7f\x94\xab\x5c\xcd\xca\xa8\xcf\x49\xed\xbe\xf0\xf6\xd7\xae\xb1\xfa\x89\x07\x80\x05\x33\xaf\x44\x92\x61\x11\x94\xe5\x6c\xef\x37\xb1\xf0\x33\x30\x37\x38\xae\x2c\x3b\xc4\x58\x8f\x5c\xb3\xd5\x5f\x34\x5b\x9a\x40\x7e\x78\x77\x42\xa0\x6a\xf0\xb6\xee\x20\xde\xe3\xdf\xe9\xc9\x1d\x76\x2a\x3e\xbd\x19\xae\xd0\x79\x07\xbb\xb9\x1c\xd7\x76\x32\x65\x40\xde\xd9\xf7\xff\x7d\xda\x76\x61\x5f\x97\x8e\x94\x90\xf4\x06\xed\x2d\x91\x16\xe2\x09\x3f\xa7\x85\xe9\x71\xb5\x06\x2d\x31\xcb\x40\xff\xf9\xe3\xc5\x51\xa7\x3b\x20\x24\x5d\x46\xdf\x4d\x7f\xd1\x30\x3a\x28\x18\x01\x72\xd9\xa2\xbf\x55\x93\xc4\x79\x17\xb5\x86\x90\x91\x7c\x1f\xb0\xe1\xe2\x99\x4d\x1f\xa9\x77\x35\xae\x37\x8d\xe6\xea\xfd\x5c\x1a\x25\xab\xaf\xa3\xcf\xd2\xdf\x7a\xea\xbd\x6e\x68\xfc\x44\xed\xf8\x2f\xc8\x36\x94\xe5\xd8\x41\xa1\x5b\x14\x56\x8b\x61\x10\xbe\x64\x4b\xf2\x2b\x71\xfc\x47\xd7\xf0\x7e\x16\x66\x95\x7d\x0f\x87\xda\x17\xf1\x3f\xcd\x63\xc1\xc2\x96\x6f\x68\x7d\x25\xdc\xbd\x99\x63\xf0\x1e\xff\x13\x2d\x5f\x2b\x86\x67\x78\x16\x58\x8c\x12\x3e\x94\x57\xbe\xfc\xce\xd2\xd3\xcd\x1d\x1b\xeb\xe8\xdd\x8f\xbb\x15\x87\xe5\x53\xcb\xcc\x4c\x87\x62\x06\x4c\xd3\x2e\xf7\xa1\x70\x24\x10\xf7\x7f\x15\x24\x0d\x7e\x2b\xb5\x82\xc6\x78\xc0\xda\x88\xef\x45\x22\x83\x0b\x14\x36\x60\xac\x9c\x43\x4d\x95\x77\x2e\x6e\xee\xed\x60\x14\xae\x16\x82\x4c\xcd\xc4\xdf\x2d\xf6\x4a\xeb\x69\x80\xb5\x1d\x11\x89\x85\xdc\xbb\xd1\x96\x1f\x31\x5e\x6a\x94\x33\xf0\xb9\x6b\x1e\x63\x51\x25\x7e\xad\x83\xe0\x5b\x4c\xc8\x9c\x92\x4b\xf8\x35\x58\xba\x7d\x2e\x7c\xa3\x7c\x03\x17\x9a\x8f\x85\xb8\x31\xe7\x21\x7b\xf4\xc5\x53\x83\x87\x61\xd3\x26\x02\x85\x3b\x81\x59\x3b\x0e\xbf\x8e\x4b\x9f\xfa\xf0\xec\x40\x5b\x2a\x83\xaf\x7d\xe5\x55\x4d\xaa\xd2\x8b\x58\x2e\xe0\x8b\xd8\x4b\x37\x55\x50\xca\xe0\x8a\xe4\xa5\xbd\xa7\x15\x81\xfc\x3b\x7b\x54\x49\x8c\x4e\x1a\xfb\x96\x6b\x4a\xf1\xd9\xc8\x43\xa6\xb2\x5b\x34\xe0\x4c\xfd\x9b\xd2\x37\x42\x44\xf1\xfe\x20\xec\x62\xbe\x3c\xcf\xab\x4e\xde\xf7\x9e\xd6\x4e\x6b\x71\xaa\x92\x28\x12\x7c\x63\x59\xea\x1c\x4a\x80\x87\x89\x08\x96\xff\xa4\x6e\x00\x92\xde\xc7\xef\xbc\x96\x0a\x17\xb7\x70\x91\x6f\x95\x40\x70\x13\x2e\x26\xd9\x8d\x97\x74\xa2\xac\xdf\x80\x9d\x58\x6d\xf0\x25\x2f\x67\xcf\xe8\xd9\x85\xa3\xe2\x48\xdb\x0f\x90\x73\x1a\xce\x7a\xbd\x99\x9c\x74\x6b\x69\x64\x8d\x5c\x3b\x4b\xd6\x11\x37\xe0\x8f\xcc\x8b\x2e\xfc\x56\x76\xbc\xd8\x56\xa1\x3b\x36\x21\x51\x47\x4c\x4a\x1e\xfd\xed\xc5\x92\xcf\x3e\xad\x1a\xba\xbc\xd4\x8e\xe2\x04\xd2\x77\x26\xad\x1b\xda\x4f\xe4\xb0\x9a\xb5\x10\x89\xd0\x16\xde\x6b\xa2\x59\xea\x81\x80\x7f\xaf\x21\x1c\x87\xe4\xc9\xef\xbf\x6a\x4c\x75\x3e\x08\xf7\x80\xed\x55\x33\x8c\x0f\xde\x14\xfb\x99\xb3\x07\x22\xb5\x59\x4b\x3a\xbe\x02\x04\x7f\x46\x62\x42\x42\x1f\xb8\x11\x76\xc9\xc4\xf0\xfd\x2b\x5e\x7c\x5a\x0f\x65\xa0\xc5\x9a\xa8\xc3\xa9\x86\x08\x7d\xe7\xba\x40\xba\xca\x77\xbd\x36\xac\x21\xce\x34\xe9\xfe\x97\xfa\xcc\x4e\x29\x83\x30\xee\xce\x1c\x8e\xc6\x23\xe6\x6a\x4b\x0f\x23\x42\xd2\xc5\xa0\x2c\x5f\x5a\xbd\xdc\x5f\xf1\xf1\xf2\xd0\x3c\x1d\x4e\xe9\xb4\xb3\x42\xed\x3b\x1c\xc2\x65\x61\xf3\x21\x7b\xf8\x50\x0e\x08\xf0\x27\x57\x1c\x53\xc9\x23\x26\x05\xa5\x3f\x2b\xda\x02\x4e\x39\x92\x91\x63\xa8\xe0\x07\x91\xac\x06\x56\xbb\x07\x83\x82\x5e\x71\x05\xff\xa9\xd9\x09\x69\xdc\x09\x4a\xf4\x6f\x70\x2e\x85\xcc\x11\xe4\x42\xb3\xd5\x53\x4c\x1d\x32\x75\x20\x7d\x6d\x29\xa9\x42\xc3\x58\xed\x5f\xa0\x75\x57\xc3\xc0\x14\xcf\x54\x1f\x9a\xae\xea\x60\x25\xb4\x1e\xcd\xd8\x48\x51\x2b\xa2\x5e\x72\x1e\x43\xd3\x29\x18\x5f\x8f\x94\x89\x2e\x9e\x2d\x5e\x7c\xbb\x99\xe7\xad\x25\xf6\x9e\x5b\xef\x73\x2c\xfc\xeb\x07\x86\x11\x55\x3c\xc7\x83\x77\x37\x5e\x74\xe6\x6f\x1b\x9d\x8d\x20"},
+{{0x3e,0xdb,0x50,0xff,0x07,0x4e,0xf9,0x71,0x7f,0x4f,0xb0,0xb6,0xce,0x25,0x2b,0xf4,0xbd,0x04,0x9c,0x90,0x83,0x77,0x5f,0x52,0x9e,0xaf,0x51,0xe9,0x75,0xcb,0x32,0x45,},{0x4b,0xc2,0x1f,0xe0,0x3e,0x67,0x9a,0xbb,0xfc,0xd8,0xc5,0xea,0x2b,0xcc,0x4d,0x83,0x8a,0x78,0x7d,0x48,0x40,0xc3,0xbc,0x39,0xde,0x4b,0x04,0xc4,0x17,0xc7,0x68,0xa5,},{0xde,0xb3,0xd9,0xfc,0x7b,0x2d,0x86,0xab,0x4b,0x92,0x6f,0x99,0x52,0x79,0x70,0xab,0xb5,0x18,0x38,0xbc,0xc2,0x91,0x9e,0x94,0xcd,0xa3,0x37,0x1f,0xd0,0xe7,0x69,0x3f,0xe3,0x7e,0x0c,0x40,0xe1,0x23,0x3b,0x09,0xff,0xa9,0x03,0xa0,0x34,0xdd,0xe2,0x87,0xc0,0x23,0x7d,0xc5,0x94,0xf5,0x3a,0xbc,0x87,0x84,0x48,0x69,0xdc,0xe9,0x20,0x02,},"\x97\x5e\xce\x4e\x81\xf0\x01\x5f\x5a\xc3\x04\x46\x09\xd0\xac\x3a\x8d\xf9\x14\x5b\x50\xc4\x28\x89\xdd\x31\x2f\x56\x3c\xf6\x12\x6e\x36\xff\xfa\xf2\x1e\xb6\xb8\x4f\xbd\xa1\x5a\xa8\x5c\x66\x14\x5f\x75\x41\xe5\xb4\x1a\x8e\x81\x70\x0b\xe3\x56\x22\x4f\xc1\x09\x32\x7a\x69\x19\x66\x56\x73\x53\x4f\x5c\x8a\x4a\x00\x17\x50\xb1\x99\xdb\xfd\x63\x06\x91\xaf\x55\x2d\x4d\x26\xa9\xd9\xaf\xb3\x3a\x16\xaf\x39\x11\x54\x12\x4b\x53\x42\x6c\x9f\x69\x50\x57\xb1\x81\x4f\xd6\xd3\x10\x29\x8a\xf6\xc8\x30\x68\x6a\x4a\x00\x7a\x14\xe0\x05\x7b\x72\xfb\xad\x5b\x80\x3a\xd3\x53\xd1\xc3\xfd\xb8\x90\xa9\xc8\x18\x08\xe8\x9f\x22\x91\x87\xbc\xb4\x4f\xee\x16\xa4\xeb\xca\xd5\xeb\xa4\x59\xb0\x28\x27\x2a\x56\x2c\x05\x07\x9f\xa7\xae\x3e\xca\xe8\x04\xa9\xe8\xc4\xf3\xf3\x15\x81\x3c\x5e\xe0\x84\x1b\xbc\xcf\xe4\xa9\x56\x23\xb5\x17\xa4\xb4\x2b\x2c\x6d\x97\xa3\xbf\x26\xac\xdb\xe2\xe9\x79\x63\x3f\x02\xaa\xc4\x66\x52\x6a\x3e\xbb\x14\xda\x19\xbc\x95\xf2\xc3\xfd\xf6\xbd\xb0\x8b\xe8\xbd\xe9\x7a\x86\x4c\x90\x7e\x91\x8c\x67\x9a\xb7\x26\xf8\x01\x77\x14\x58\x40\x21\x6b\x9d\xc3\xf9\x81\xef\x17\x87\x4f\x08\xb2\xfc\x66\x11\xa6\x34\x6c\x3d\xa6\xa5\x5e\xcf\xa7\x53\xc9\x91\x9f\x4f\x19\xe3\xc7\x90\x93\xbf\xd7\x8f\x86\x15\x98\xe4\x66\x6e\x1c\xab\x68\x8e\x46\x04\xd4\x6c\x9c\x58\x2e\xad\xb9\x2c\x98\x8f\x47\x8d\x16\x0f\x5a\x15\x18\x2b\x33\x40\x20\x17\x97\xd0\xb9\x55\x28\x2e\x4a\x21\x7b\x50\xb1\x4b\x10\xc9\xf4\x90\x67\xea\x3e\x84\xe5\x27\x4d\xca\xec\x74\x47\x4c\x57\x07\xc2\x8b\xba\x0d\xb8\xcd\xe3\xe8\x38\xd7\x31\x3c\x17\x1b\x85\xff\x2b\x9a\x3d\x2b\x16\x7e\x90\x61\xf8\x4d\xf3\xb1\x3b\xdd\x08\xb2\xd5\x01\xe5\x37\x92\xd6\x80\x54\xd0\x48\xab\xfe\x3b\xce\x98\xd9\x78\x25\x6f\x2f\xd2\xc6\xc4\xe7\x6f\x39\x68\x8c\xcc\xf0\xfe\x14\x9a\xf9\xd3\x47\xe7\xb0\x40\xef\x24\x1d\xd5\xa5\x3e\xaa\x5e\xab\x35\xa1\x8c\x68\xc7\x54\xa0\x6b\x03\x39\x9b\xbe\x56\xa2\x52\x68\xc8\x29\xa5\xba\x82\xb2\x81\x92\x04\x1d\x3b\xd2\x44\xeb\x08\xbf\x78\xe7\x6d\xef\x87\xcd\x09\xf3\x2b\xea\xc9\xbb\x63\x98\x23\xb3\x69\x67\xa5\x74\xd8\x96\x0d\x1b\xd0\x34\x35\x67\x9d\x93\xed\xdc\x55\x80\x63\xc5\x40\xb9\xc2\xf6\x09\xfe\xd2\xe2\xe3\x57\x6d\x19\xe6\x20\x9e\xab\x46\x6c\x20\x67\x91\xc3\xaa\x19\x96\x23\xfb\xae\x7d\x34\x97\xe8\x0f\xdd\x3f\xcb\xaf\x5b\x89\x11\x0e\xd7\x22\x44\x23\x4b\xe8\x5c\xca\x4b\x27\xa0\x9b\xb7\x0a\x26\xec\xe4\xeb\x8d\xd9\x70\xa2\x6e\x5b\x04\x36\x1f\xa5\x0e\x90\x38\x0e\xd6\x5f\x41\x4c\x1b\xe9\xf5\x06\x4f\x71\x42\x91\x16\x26\x7e\xdd\x69\x76\x42\x2a\xd9\x2d\xeb\x2b\x80\x4a\x92\xe8\x1c\x9f\x65\x22\xa0\xf3\xb5\xd8\xad\x36\xb4\xf8\x7d\xb5\x16\xa2\x28\x73\xe6\xf2\x72\x84\xf2\xca\x36\x0a\x2f\x40\xff\x3d\x8e\x23\xde\xc8\xef\x8a\x17\xa4\x3a\xcb\xb6\x12\x71\xa7\x27\xcb\x86\x90\xd2\x9b\xb8\x20\x16\x73\x6b\x31\x02\x62\x01\xdd\x3d\x38\x8d\x2c\x64\x3a\x73\xcf\xbd\x0a\x94\xe2\x05\x51\xfb\x5f\x8e\x1f\xfc\x39\x74\x12\x72\xaa\x23\x08\xdc\x8d\x21\x33\xa3\xfa\x9c\xf1\x09\x79\x6d\x69\xd2\xcc\x8a\xdd\xc4\x4a\xe2\x52\x77\x81\xee\x99\x3a\xf2\xa6\x37\xa8\x72\xf0\x2a\xff\x47\x4a\x70\x73\xf2\x9d\x9c\x89\x50\x77\x01\xfe\xcb\xbf\xd5\x10\x13\x53\x53\x7e\xba\x17\xc2\x96\x69\xda\xc0\x42\x7e\x38\xe2\x2d\xfa\xac\x91\xfc\x20\xd9\xe3\xfe\xe7\x91\xf4\x62\xa8\x63\xbb\x19\x08\xfb\x1e\x42\x04\xb6\x88\x80\x31\x4d\xda\xca\xaa\x35\xa1\x7a\xf5\xf5\x7a\x39\x9f\x19\x31\xe7\x8f\x5a\x37\x45\x4f\xd3\x8c\x57\xa6\x8e\x8d\x36\x78\x48\xa9\x73\x45\x18\x9c\x70\x07\x7f\xd1\xaa\x07\x54\xe7\x03\xe3\x52\x61\x80\x63\xb9\xe3\xfa\xf3\xb1\x4b\x5f\x0b\x27\x11\x36\x33\xc5\xd1\x73\x63\x74\x1e\x96\xa6\x7e\x81\x64\x01\xe8\x09\x8c\x17\xbf\xfe\x9c\x6f\x35\x87\x64\x6f\x40\xe9\xfd\xb6\x81\x9f\xd2\x2a\x74\x3a\x7a\x6e\x10\xfe\xba\x11"},
+{{0xcd,0xa4,0xba,0x93,0x94,0x0a,0xa0,0xc0,0xc3,0x15,0x0b,0x39,0x29,0xb9,0x5e,0xe7,0x76,0x9c,0xe4,0x3f,0xd9,0x8e,0xca,0xff,0x9c,0x4a,0x50,0x9e,0x73,0x6d,0x5c,0x8e,},{0xf4,0xc7,0xa2,0x5f,0x1a,0x74,0x3d,0xaf,0x41,0x41,0x7e,0x47,0xe0,0x27,0x53,0x7f,0x24,0xf4,0x81,0xbd,0x1a,0x75,0xe6,0xb1,0xd3,0x3e,0xc4,0xc8,0x2c,0x55,0xa2,0xd3,},{0x31,0x04,0x8d,0x33,0x4a,0xf0,0x5a,0x4f,0x27,0x5f,0xf8,0x27,0x54,0x4e,0xa2,0x96,0xa4,0xa7,0x75,0xfa,0x59,0xef,0xa0,0x00,0xc5,0x76,0x13,0xfa,0x6e,0x5c,0x49,0x3c,0x3a,0x9b,0x79,0xe8,0xce,0x56,0xe7,0x22,0x5b,0x0f,0xa3,0x26,0x20,0x4f,0x03,0x36,0xc2,0x13,0x53,0x5a,0xe5,0x89,0x17,0x7a,0x8e,0xae,0xdb,0x6d,0xf8,0xb2,0x02,0x03,},"\x3a\x1d\x66\x8c\x66\x88\x41\x48\x96\xa7\x69\x7f\x3c\x2e\x43\x10\x98\xed\xfc\x45\x7e\x04\xd2\xda\x86\x95\x68\xad\x5b\x33\x10\xe5\x9e\x4c\x72\x7c\x90\x3c\xbf\x18\x17\x40\x88\x02\x31\x9a\x8c\x23\x1b\x58\x02\x3d\xfa\xe4\x94\xc0\x13\xaf\x0f\xdb\x78\xc9\x1d\x5b\x45\x7f\x8c\x47\xa3\xdc\x31\xd8\xc8\x59\x4a\xa0\x8f\x14\x62\x03\xfa\x2c\x28\xb3\xdd\x79\x6a\x11\xa9\x7a\xde\xde\x6a\x7a\x70\x9b\x5a\x19\x18\xef\x1b\xea\x83\x53\x3c\x78\x34\x73\x70\x33\x56\xf5\xbe\xea\x7f\xd1\x8a\xc4\x4e\xc6\x89\x04\x95\xed\x17\x0d\x03\xf1\x5b\x41\x86\x08\xa7\xd9\xef\xd5\x2f\xa1\x09\x18\x63\x80\x51\xc4\x48\xd9\x8d\x57\x24\xf5\x67\xc8\xc6\x7f\xd5\xb6\xec\x8c\x3d\x63\x60\x08\xb9\xba\xe5\xe8\xb1\xe9\x84\xf8\xff\xb8\xb6\x4b\xee\xbd\x63\x45\xa1\x05\xc1\xc1\x08\x31\x32\xfd\x45\x08\xd6\xac\x0d\x4e\x91\x45\x50\x12\x10\xe5\x17\xd9\xb2\x24\x78\xe2\x15\xb6\x02\x59\x9f\x80\x37\x62\xdc\xd5\xa4\x09\xb3\x46\x0e\x7f\x34\x0f\x47\xef\x77\x28\x1a\xd2\x38\x3d\xe0\x8c\x5b\x80\x95\x38\xaa\xec\x92\x2b\xfc\xa0\xd6\x75\x2f\x14\x79\x72\x64\x6d\x0a\x8d\x83\x40\x77\x2c\x87\x1d\x3b\x34\xab\xc0\x60\x37\xde\x3a\xb4\xe3\x71\x29\x86\x5d\x5b\xa7\x0b\x6f\x3c\xc9\xa0\x59\xef\xb7\xdd\xdc\x38\x82\xf4\xfc\xfe\x13\xf4\x48\xc9\xbc\x66\x48\x88\x58\x96\x03\xba\x98\x68\x3a\x93\xb4\xb3\xb1\x01\x49\x92\xa5\x5c\x8e\x4e\xa1\xba\xf9\xcc\x00\xd1\xba\xdf\xf5\xfd\x7f\x5d\xa5\xe3\x07\xfb\xd1\xb4\xc9\x84\xe0\xfa\x0e\xde\xc5\xd3\x0b\xfe\xf5\xf4\x77\x30\x12\x63\xb5\xd7\x52\x00\x1b\x85\xdd\x52\xdf\x3b\x4a\x7a\xc2\x3b\x93\x0a\x91\xc0\xa4\x57\x65\xa6\x64\x88\xd8\xeb\x59\x01\x85\x70\x60\x06\x7b\x82\x37\x81\x88\x54\x92\x88\xdd\xc6\x18\x31\xe5\xb6\x84\x1b\x34\x4c\xae\x22\x50\x04\x22\x19\xcf\xb4\xac\xe0\x23\xe6\x91\xf9\xe4\x8d\x00\x6e\x9a\x07\xc6\x7d\x24\x68\xf9\x35\x93\xb4\xaf\xc1\x61\xc0\x76\x8b\x6c\xeb\x74\x4c\x24\xc9\x23\xda\x34\xaf\x3d\x5e\xd5\x77\xcc\x7f\x85\xd4\x91\x56\x0f\x4c\x0b\xcb\xcd\x1d\x5e\x34\x21\xbd\x1c\xcf\xaf\xb3\x73\xd6\x51\xbd\x61\xed\x71\xc0\x9e\x99\xf6\x12\x00\x17\x04\xd0\xc6\x30\xd8\x54\x7b\xd9\x70\xb6\x6e\x7f\x5c\xe7\xa0\x14\xe0\xff\x5a\x33\x7d\xc5\xc5\x6a\x99\xf1\x31\xb9\x12\x91\x40\xee\xea\x39\x39\x7c\x48\xca\xa9\xa8\x08\x6f\x9f\xd9\x91\x50\xbe\x7e\xf8\x7b\x6d\x4b\x94\xb1\xbd\x52\x87\x8b\xf3\xbb\xfc\xce\xac\xc2\xcc\x45\xe8\x97\x1c\x3a\x4d\x4a\x3e\xb8\x6a\xf9\x87\x4d\x4f\xa5\xe7\xca\xa7\xf4\x5d\x15\x53\xff\xbb\x41\x64\x5b\xf0\xf5\xe9\xb2\x97\x72\xe3\xdc\x08\x1b\x25\xb5\x2e\x1c\xb7\xe2\x16\x74\x83\xd5\x4f\xba\x69\x0d\xdb\x29\xd5\x46\x2d\x2a\x27\xa3\x5d\x85\xf0\x07\xad\xed\xe2\xa3\xdd\x72\x81\xf6\x54\x33\x6a\xfa\xfb\x73\x70\x78\x2b\x29\xca\xd6\x43\xd9\xd9\xdb\x2f\x05\xf2\x81\xb5\x3e\x13\x3e\xc3\x0e\xec\x09\xfb\x0d\x06\x1b\x74\x58\x1a\x2b\xd2\x79\x0b\x13\x73\x91\xf1\x93\x28\x88\x0f\x64\xc5\x3b\xe7\x00\xd0\xfa\xdd\xb7\x0d\xc1\x65\xd2\xd6\x2e\x67\x1e\xb9\x44\x9a\x2e\x6e\x9d\xf2\xc1\x6d\x8f\x49\xfa\x4b\x5b\x84\x30\x9f\x73\x35\x13\x3d\xbe\x87\x2c\x5a\x8f\xdc\xfb\xc4\x98\x0a\xbf\xb3\xc9\x59\x7d\x5d\x66\x7a\xd2\xf6\x88\xc7\xab\x24\xc9\xe4\x40\x29\x8d\x72\xb2\x8b\x0f\xcd\xe9\xc6\xf0\x71\xbc\xcc\x93\xe8\xdd\xbb\xa7\xb6\x0a\x0b\x54\x4a\x2e\x06\xc3\x9c\x67\x23\xd4\xf7\xdc\x18\x5c\x21\x13\x5f\xd1\x3a\x72\x77\x0b\x97\x61\x19\xe4\x9a\x1f\x81\xed\x47\x6b\xe0\x7c\x44\x3d\xe0\xb0\xee\x76\xfb\xd9\x19\x38\x93\x28\xb3\xeb\x86\x07\xbc\x2f\xe3\x8f\x85\x74\x5e\x28\xad\xb7\x48\x2b\x70\x1c\xcc\x66\x90\xe4\xae\x5a\x93\x32\xea\x44\x61\x31\x79\x38\x7d\xc6\xfc\x47\xc1\xd1\xec\x36\x60\x35\xe9\x91\xe1\x40\x43\x23\xbd\xbb\xf5\x35\xf1\xc3\x3c\xf5\x7b\x67\x23\xf1\x3c\xa6\xca\x32\x9e\x2a\xaa\x4b\x46\xb4\x26\x07\x33\x99\x06\xc7\xef\x49\xb3\x2d\xb8\x2c\xdf\x6a\x87\xad"},
+{{0x21,0x7e,0xcd,0x6a,0x7f,0xcc,0x98,0x71,0x92,0x10,0xc3,0x4c,0xc2,0xe1,0x4f,0x5e,0x2d,0x6b,0x5a,0x22,0xf2,0x68,0xc1,0x4b,0xc4,0xd8,0xa7,0xf2,0x81,0x72,0x00,0xc3,},{0xd5,0x91,0x91,0xce,0x28,0x2d,0x72,0xfe,0x3a,0xc4,0x58,0x78,0xe2,0x4b,0xb2,0xf2,0x8c,0x40,0x9b,0xa0,0x5d,0x76,0xce,0x9b,0xcf,0x22,0xf5,0x0b,0x0c,0x77,0x86,0x75,},{0xa0,0xb1,0x69,0xe8,0xe9,0xce,0x55,0x75,0x55,0xe0,0x33,0x4a,0x0d,0xe7,0x43,0x8e,0x55,0x36,0x75,0x48,0x9e,0xa4,0xba,0x9c,0xc6,0x3a,0x23,0x4d,0x00,0xde,0xd8,0xab,0x69,0x67,0xa3,0xbe,0x90,0xef,0x69,0xe0,0x76,0xdb,0x9e,0xa3,0xd5,0xca,0x23,0xb3,0x24,0x8d,0xd2,0x59,0x91,0xee,0x1f,0x4d,0x80,0x62,0x0b,0xf4,0xdb,0x43,0x8f,0x0e,},"\x9b\x53\x37\xe7\x8f\xb3\x82\xf2\x2e\xa6\x0e\x03\xc0\xbf\x3e\xe4\x70\x0b\x69\x78\xa9\x1e\xe6\xac\xdf\x6a\x40\x9e\x49\x18\xd1\x68\x48\x81\xfa\x1d\x11\x8c\x08\xc9\xf6\xf2\xca\x0c\xab\x56\x74\x02\xc9\x50\x10\xe7\xab\xdf\xe8\x48\xae\x79\xba\x24\x9a\xdc\xb9\x6e\xae\x1d\xfa\x08\x43\x95\x21\x39\xcf\x49\xb5\x88\x64\x78\x95\x69\x1a\x2e\x98\x80\x46\x6b\x7e\x77\xe5\x4f\x6f\x60\x81\x5e\xbf\xd5\xe5\x74\x8f\x41\x3c\x0e\x15\xf9\xd5\x76\x79\x9b\xcf\x31\x28\x47\x10\x63\x6f\x6e\x9d\xc7\x87\x85\x00\x79\x6e\xed\x80\xc8\xaf\x4b\xe2\x96\x19\x52\xea\x80\xbb\xed\x14\x04\xbd\x5d\xae\x9e\x6d\x05\xfd\x4f\x32\x5a\x3b\x83\xcd\x45\x28\xa0\x86\x9c\xef\x84\xb4\xd3\x0e\x02\xf9\x41\xd7\x49\xa8\xda\xc9\x7b\xb3\xfa\x83\x9d\x25\x73\x9b\x97\xec\x37\x45\x36\xbd\xea\x50\x04\x84\xa9\x41\xdb\x9f\x22\x99\x97\x06\x58\xd4\x11\x48\x29\x5c\xa0\x84\x6c\xa2\x36\x62\x38\xb6\x20\x1a\x48\xb3\xe4\x47\xed\xbe\xa7\xa4\xc8\xf7\x10\x20\x14\x27\x69\xe1\x5f\xa7\x2a\xe5\xf2\x87\x14\x0b\xc5\x95\x3b\x8a\x9a\x24\x2d\x20\x5f\xc0\x19\x09\x1f\x2a\xbe\xd0\xfd\xa4\x7f\x52\xd5\x9a\x02\x04\xce\x74\x01\xc1\x82\x9b\x58\x57\xb9\xa0\x91\x6f\xce\xbe\x2e\xef\x99\x1c\x41\x3a\xcd\x71\xb1\x8d\x85\x90\xd6\xb6\xd0\xfb\x39\x94\x30\x26\x78\xc2\x9f\x2b\x6a\x53\x02\x3f\x91\x87\xe4\x6c\x36\x79\x0b\xce\x73\x87\x3c\x54\x5a\x72\xbe\xb5\x53\x29\x4b\x1e\xe5\xd0\xd0\xdf\xf2\x39\xe2\x8e\xc6\x3b\x01\xe4\xd8\xfe\x0d\x6e\x69\xb1\x60\x1e\xfa\x24\x11\xf0\xc0\x60\x1e\x7e\x4f\x65\xc9\x84\xf8\x29\xf0\xdc\x2a\x84\x21\xe7\xf6\x6d\x93\x30\x53\x71\x51\xc7\x24\x3c\xa5\x24\xd7\xa5\x47\x35\xc6\xe3\x44\xf1\xfc\x93\x8e\xae\xea\x27\x79\xc9\x40\x89\x1d\x6d\x01\xaa\x55\xf4\x0c\xc1\xad\xba\x12\xe8\xa6\x7a\xd9\xa2\x7f\xe6\x3f\xb4\xf3\x8d\xc0\xf0\x18\x41\x92\x57\x18\x42\x72\x55\xbd\x66\x5d\x5e\xb3\xbc\x86\x98\x96\xdb\x86\x25\x20\x4a\xd4\xb0\x2f\x5a\x22\xaa\xee\xad\x6e\x30\x04\x71\xfe\xa6\x1d\xbb\x1b\x55\xc0\x71\x36\x5c\x58\xb1\x51\x1f\x38\xb0\x9a\x46\x71\xbd\x66\xb3\xfe\xdd\xa9\xc8\x7e\x43\xd1\xeb\xf3\x01\x76\x4e\x18\xfc\x0c\xf1\x6b\x2d\x2d\x67\xed\x23\x9b\x39\x3a\xc7\x19\x68\xa9\x03\xc0\x24\x77\xfb\x2d\xf9\xef\x01\xdb\xfc\x31\x67\xde\x72\x65\xf8\x91\xe4\xfd\x24\xd0\x2c\x63\x10\x35\x19\xb8\x6a\x70\x85\xb1\xec\x2f\xb4\x19\xdb\x76\x6b\xee\x7a\x64\x1a\x4b\xe4\x29\x61\x4a\xb8\x9f\x20\xf9\x75\x34\x10\x72\xbf\x04\x41\x9f\xb6\x9b\xe7\xa9\xee\x71\xa5\xb4\x9a\xf8\x3e\xd3\x22\xba\xc6\x8a\x42\x9f\xf5\xc5\x20\x67\x73\xbe\x54\x38\xb6\x5e\x53\xf6\x09\x72\x9f\x4f\x6a\x21\xc1\x33\x39\x11\x26\x4d\x63\x92\x70\x17\xe8\x13\x6b\x47\x25\xcd\x1c\xc9\x64\xe0\x8c\xa0\x93\x3a\x56\x1e\x7e\x3f\x59\x87\x76\x83\x30\xe2\xe5\x4f\x8d\x72\x8f\x59\xed\xfe\x2c\x91\xc4\xf9\x9a\xef\x97\xd1\x85\x59\x19\x5a\x3d\x8e\xb3\x15\xdf\xf9\x6f\xe2\x76\xda\x71\x37\xef\xf9\x30\x57\xac\x73\x1e\x06\xa6\x0a\x58\xbd\x8a\x9a\xe8\xc7\xcb\xaf\xf0\xcb\x33\x72\xc6\x8d\xaa\x17\x5c\x42\x8d\x52\xf1\x07\x3a\x38\xbf\x29\x46\x5d\x2a\x71\x28\xbb\x40\x07\x40\x06\xed\xcb\x72\x5a\x83\x1d\x81\x28\x64\xef\x43\xf3\xb8\x66\x7c\x9f\xb7\x10\x93\xa1\x67\x30\x49\xde\xc0\x5e\x09\x16\x9d\x86\xfe\xe9\x2d\xf2\x86\x00\x8a\xd9\x90\x65\xa2\x92\x97\x97\xa9\x13\xd0\x23\x3f\x4d\x1a\x95\xa2\x20\xbd\x91\xc1\x1d\xd9\xc4\x56\x85\xdc\xad\x38\x57\x80\xa0\xc4\x8b\x9c\x4a\xd2\xd6\x63\x03\xe8\xde\x4a\xf1\xdb\x3c\x04\xe4\xa3\xdd\x42\x19\xfe\x77\x3f\x83\xa8\x92\x4b\x0f\xcb\xff\xfc\xf2\x64\xab\xce\x32\x83\x29\x24\x03\x6b\xfa\xbb\xa6\x54\x6b\x1d\xf4\xe3\xf7\x88\xed\x8a\xd5\xc2\xcd\x92\xb2\x64\x1b\x47\x09\x0a\x10\x3c\xf5\xbd\xc4\x6d\x8b\x21\x43\x17\x47\x57\xda\x80\x1c\x36\x0a\x7a\xa1\x07\xfa\xc6\x54\xb3\x4c\x86\x0b\xd5\x4f\x76\xbb\xf4\x3c\x48\x47\x8d\xf4\xfe\x7a\xa5\x9c\xf9\x1d"},
+{{0x08,0xd1,0xd0,0x6f,0x3e,0xc2,0x9e,0xb5,0x22,0x93,0x90,0x7b,0x70,0x5e,0xc5,0x6c,0x5a,0xb3,0x54,0xfb,0x78,0x67,0x37,0x73,0xae,0x61,0x25,0x30,0x94,0xb8,0x9e,0x82,},{0xc1,0xb9,0x9a,0x87,0xad,0x15,0xbd,0x46,0xf6,0xc8,0x48,0x45,0x2a,0xf0,0xfa,0x3c,0xcc,0xcb,0x5c,0xdf,0x6e,0x34,0x8d,0x81,0x6e,0x36,0xc5,0xd0,0xfc,0xa6,0x6e,0x66,},{0x0b,0x8e,0xdc,0xb8,0xb1,0x5a,0x8c,0xd0,0x74,0xc4,0x1d,0xc2,0xa1,0xba,0x29,0xd9,0x64,0x8d,0x6a,0xcb,0xdc,0x33,0x83,0x14,0x70,0x7e,0xca,0x6f,0xb4,0x71,0x4c,0x99,0x54,0x3b,0x49,0x07,0xb9,0xf8,0x5e,0x57,0xee,0xcf,0xfe,0x0f,0x7a,0x6b,0x70,0x73,0xa8,0x09,0x46,0xf8,0x08,0x75,0x53,0xf4,0x68,0x31,0x09,0x27,0x3a,0x60,0x4a,0x08,},"\x12\x0b\x35\x57\x3c\x34\x91\x4b\x37\x30\x51\x88\x0d\xa2\x7e\xd2\x41\x37\x7f\x0e\x78\x97\x2c\x98\xd0\xfa\xeb\xaa\x76\x7e\xb7\xa7\xc7\xe7\xc6\xfc\x34\x05\xa4\x33\x6e\xf9\x5b\xc5\xda\x92\x25\xbb\xd0\x9e\x9e\x11\xf2\xa1\xbf\x14\x2a\xf4\xe8\xa0\xf9\x24\xd3\x23\xdd\x5a\x49\xdf\xe5\x84\xf0\x90\x43\x9c\x08\xe5\x15\x11\x34\x4d\x47\x0c\x62\x00\xac\x7e\x7c\xa1\x50\xd0\x88\xa9\x1e\x47\xc4\xc9\xff\x74\xe3\x8a\x42\xa3\x32\x15\x5d\x81\x52\xae\x4a\xbd\x11\x61\xad\xca\x93\x4c\x23\x4c\xe4\x60\xaf\x87\x89\xe5\x3f\x10\x9d\x7d\x31\xee\xde\x0a\x90\x9b\xd1\x93\xfc\x8d\x3c\x2c\xfe\xc1\x0b\x14\x3c\x31\x47\x67\x11\xbb\xec\x27\xe1\x96\xa5\x49\x85\xbc\x34\x71\x67\xac\xd2\x33\x50\x88\x27\xba\xd3\x6e\x54\x8c\x88\x06\x42\xb8\x6a\x28\xc6\xd3\x40\x4b\x51\x1d\xa2\x4f\x11\xdf\xaf\x6a\x8f\x46\xdd\xcb\xc9\xde\x9e\x39\x15\x97\x66\x9b\xdd\xfc\xa6\x56\x0f\x91\xac\xd3\x45\x9f\x32\x9b\xb0\x71\xdd\x80\xda\xdf\x35\xf0\xe5\x0d\xf5\xb1\x0f\x88\xd2\x67\xac\x9d\x30\x62\x33\x0d\xd9\x9a\x6b\xcf\xa1\x31\x87\xf4\x5c\x0c\x21\x4d\xcd\xe2\xcd\xf9\xc3\xba\x4d\x59\xe6\x33\xa3\x54\xa4\xe2\x77\xc6\x77\xbb\xdf\xa2\x41\x91\x17\x9c\xbc\xaf\x05\xa1\x0d\x40\x78\xd8\xad\xd9\x3b\xc9\xed\x8f\x6c\x6c\x49\x97\x57\x40\x36\x55\x34\x1f\x90\x4e\x37\xd9\x27\x75\x0c\x69\x9c\x26\x9d\xc9\x0d\xc2\x6d\x00\x56\x25\xc3\xf4\x12\x4b\xff\x66\xfe\xca\x59\xd4\xab\xff\x41\x72\xba\x3d\xf4\x5a\x87\x43\x02\x23\x10\x30\xfa\x78\x33\x84\xf5\x09\x99\xe3\xc4\xba\xa5\xea\xdb\x45\x14\x52\xc8\x88\xb5\x19\x27\x2e\x90\xf7\x3c\x68\x72\x76\x8e\x0d\xe2\x0e\xe2\xe5\xf9\x50\x2f\x35\xe4\x9f\xec\xc2\x8b\x75\x20\x18\x87\xfe\xd2\x81\x8e\xff\x54\x53\x98\x39\x2f\x5e\x5b\x68\x76\xbc\x55\x6a\xc1\x3a\x19\x03\xad\xa1\xb9\xd7\x25\xb0\x4a\x14\x20\x4b\x59\x9e\xc3\x3d\x62\xb7\xdc\xae\xea\x8c\x52\x87\x7b\x2c\xfd\xc3\x55\x8a\x91\xd2\xc9\x15\x75\x00\xa3\xbb\x6d\x45\x2e\x5e\x2f\xf0\x93\x29\x4f\xc4\x33\xcb\xd6\x34\x65\xbb\x19\x13\x07\xed\x80\x1a\x15\xb8\x5d\xc2\xff\x0b\xb3\x83\x12\xf8\xb8\x17\xa4\x36\xd4\x22\xcf\x46\x07\xc6\x4e\xe7\x03\x59\x23\xdb\x6b\x96\xa3\x89\x99\x10\x14\x9b\x0d\xa4\xaa\x3e\x96\x68\x5d\x71\x63\xaa\xcf\x9e\x61\x9d\xc6\x08\x13\xce\x4f\x34\x4f\x30\x79\xb4\x3f\x18\x7f\xa3\x1b\xda\xcb\x9a\x1d\x77\x20\xb9\x39\xd5\xbd\x24\x1b\x96\xa1\x77\xd7\xb7\x76\x8f\xfe\xbf\x79\x04\x4c\xd2\x95\x6d\x6f\x88\xdb\x1c\x24\x3a\x10\xfe\xde\x68\x14\x85\x2c\xf4\x04\xb2\xcd\xcf\xa7\x74\x07\x6d\xc1\x25\xc7\x0a\x57\xc6\x90\x7e\x99\xaf\xe3\x96\x22\xae\x11\xf5\x57\xe7\xd3\x4b\x39\xaa\xaf\x45\xf8\x34\x05\x8d\x2f\xe5\xf1\x5b\x5e\xb7\x0a\xc1\x5a\x90\xa3\xde\x58\x50\xab\x1d\xcb\x48\xb0\x6b\x6c\xca\xa4\xb4\x2f\x85\x7e\x71\xec\x00\xb8\xa3\xd8\x97\x4b\x0b\xea\x68\xfa\x0f\x66\x55\x92\x11\x5b\x4f\xa5\x55\x72\xcf\x0b\x07\x38\x64\x1f\xc8\x68\xd4\xa2\xe7\x14\xdb\x3a\xd7\x21\x9a\x82\x3d\x54\xb7\xf7\xc2\x65\x6b\xa5\xc5\xee\xbe\x35\x94\xc7\xdb\x12\x29\x8c\x16\x25\x1d\x98\x45\xbf\x2f\x78\x00\xb4\x19\x0b\x74\x6e\x21\xb0\xc1\xa5\xc4\x7a\x3d\xf9\xa0\x59\xce\x09\x56\x67\x4e\xb7\x03\xde\xcb\x0a\x00\x45\x43\x7d\xa4\xda\x10\xf2\x86\xd7\x20\xd1\xb9\xdf\x05\xfb\x24\x41\x5d\x68\xe0\x65\x57\x0e\x6b\x31\x50\x31\x42\xd0\x33\x35\xa8\x07\xbd\xca\x30\x89\x2e\xdb\x5f\x55\xf8\x98\x9d\x9e\x64\x96\x59\xc0\x74\x4c\x54\x33\xbf\xb4\xde\xeb\x11\xc2\x62\x6a\x86\x50\xe5\x4d\x4d\x39\x8b\xa1\x9b\x64\xf6\x8b\xed\x06\xd7\xfc\x40\x8f\x47\x0a\xc7\x04\xe2\xac\x92\x2a\xc1\x41\x1f\xee\x24\x54\x3e\x56\xf2\xf5\x0b\x6b\x08\x95\x3d\xc5\x6a\x7a\x75\xed\xae\x43\x0a\x6d\xf2\x8a\x22\x7a\xda\xc9\x1b\xa2\x6f\x0e\x19\x85\x95\x32\x77\x39\xcb\xa3\x03\xe9\xaa\x39\x3e\xa6\x61\x8a\x84\xf8\xf5\x03\xd0\x05\x6e\xe8\xd8\x7e\x37\x96\xe0\x36\xcc\x51\xcc\xb7\x91\xde\xb7\x95"},
+{{0xf0,0xc8,0x5c,0x76,0xb1,0x53,0x2e,0x89,0xae,0xa9,0x75,0x15,0x6d,0xdd,0xb1,0xd3,0xd0,0x66,0xf6,0x40,0x9f,0x84,0x1b,0xb4,0x41,0x09,0x22,0x72,0x5f,0x26,0x9d,0x86,},{0xfd,0x75,0xfc,0x75,0xc3,0x6f,0x83,0x49,0x8d,0x8f,0x08,0x27,0xf0,0x1d,0x3b,0x45,0x7f,0x8b,0xc4,0xd9,0xdc,0x55,0xe4,0xa4,0x62,0x74,0xdd,0xf0,0x03,0x4f,0xe1,0x6f,},{0x42,0x18,0xfe,0x4c,0x1d,0xce,0x79,0x5c,0xa9,0x2a,0x49,0xa6,0xf4,0x79,0x8e,0xb5,0x41,0x2d,0xc8,0x25,0x86,0x03,0x14,0xec,0x46,0x9f,0xed,0x45,0xde,0x3a,0x7b,0xf8,0xea,0x55,0xe8,0x53,0xa3,0x49,0x58,0x4b,0xd9,0x5a,0x82,0x6a,0x58,0x5a,0x50,0x3f,0xd5,0x0b,0xfe,0x4c,0x63,0x5e,0xf1,0x83,0xd0,0x73,0x01,0x36,0x7e,0x90,0x10,0x0a,},"\xae\x2e\xb0\x18\xd4\x8d\xbd\x4f\x21\x0b\x16\x77\x8b\x5b\xd2\xfd\x14\xc9\x4e\x6b\xbf\x2b\x3f\xf8\x55\x18\xe5\x60\xab\x8d\x3e\x72\x20\x1f\x43\x34\x20\xf0\x0f\x11\xbc\x78\xe0\xe9\xf3\x72\x08\x75\xb2\xe9\xdc\x11\xe0\x43\x25\xb8\xb3\xf0\xd4\x65\xdd\xab\x21\x51\x1c\x45\x7d\x6a\xca\xd8\xf2\xfd\x5f\xdc\x0d\x28\x23\xfe\x6c\xaa\x66\xa1\x91\xa3\xb6\x32\x6b\x32\xa1\x6b\xef\xd6\x4d\x15\xb3\x61\xa4\x15\x13\x64\x1b\xce\xba\x26\xbf\xe9\x3b\xdf\x85\x4a\x4f\x8f\x8a\x0b\x29\xf7\xe2\x82\x62\xe2\xd6\xe9\x8a\xa2\x4a\xc2\x7f\x6f\x78\x83\xac\x01\xa7\x4c\x40\xcc\xe9\x47\xeb\xac\x70\xe9\xfe\xf2\xa1\x6e\x62\x89\xe4\x68\x95\x0e\x39\x1e\x9e\x24\xef\x58\xe8\x8a\x44\x37\x72\x69\xce\xba\xfe\xd8\x98\x7d\x22\x0d\xca\xe2\xd8\xb1\x26\xb6\xbf\x81\x21\x67\xd0\x23\xd9\xba\xac\x95\x0d\x9d\xb8\xcf\x52\xde\x63\x06\xbd\x48\x99\x96\x10\xc0\xa4\x33\xfa\x9e\x17\x71\xcb\x83\x2d\x41\x97\xaa\x34\x0d\xd0\xcc\xd0\x74\x4f\xc6\xb6\x2f\x90\xbd\x3e\xbb\x53\x08\xca\xb5\xf9\x40\xe2\x91\x64\x23\xcf\x0f\x3b\xf0\x80\xc0\x6a\x94\xf0\x26\x91\x04\x60\xdd\xa8\x09\x37\x4e\x64\x57\xf0\x64\xf1\x78\xe3\x08\xe7\xa1\xb5\xaf\x4d\xef\x31\x90\x07\xd0\x41\x77\x8c\x3d\x6a\x41\x9f\x51\xba\xdf\x87\x66\x38\x79\x30\x2b\x53\xff\x26\x9d\xf4\x42\xd0\xe0\x5c\x95\x8d\x5b\xaa\xcc\xee\xd7\xf5\xf8\xaf\xc8\x11\xc1\x89\x00\xee\x3b\x0f\x61\xe5\xdc\xcf\xd5\xda\xc8\x53\x32\xd3\x2e\xbb\xa3\x71\xaa\x2d\x47\xa6\x06\xf5\x95\x46\xe4\xbb\xb6\x05\xa7\x46\x77\xb1\x9a\x0f\xe8\xe9\x5f\x9f\x77\xc0\xb8\xb7\x1d\x07\xe9\x83\x00\x4d\xc2\xab\x2c\xb3\x79\x3a\x32\x3c\x10\x8d\xfa\x79\x70\xda\x00\xdb\x19\x86\x74\xbd\x34\xbf\x73\x10\x76\x7f\x76\xa2\x24\xe0\x7b\xdb\xc6\x2b\x9d\x07\x8c\xbc\x75\x36\x7e\x2e\xba\xa2\xc5\xd2\x74\xbf\x34\x27\xf2\xa0\xcc\x5d\xbe\xf0\xaf\x4e\x63\xad\x88\x9e\x13\x1b\x12\xbc\x8c\xa3\x2d\x82\x7f\x72\x60\xb0\x44\x9d\x04\x43\xfa\x28\x84\x40\xef\xd1\x36\x4e\x3c\x98\x49\x47\x7e\x73\xee\x0b\xa4\x24\x0d\x49\x2a\xf5\xce\x13\xc3\x45\x61\xb4\x50\x10\xc1\x09\xd8\x42\xc1\xfe\xd1\xbe\x3f\xa9\xe1\x84\xaa\xa1\x40\x64\xf4\x3f\x6d\xea\x0b\x65\x9c\x5b\x97\x89\x3c\xf2\xa4\x33\xbc\xfb\x1d\x2a\x87\xeb\x56\x4b\xd9\x09\x2c\x26\x66\x70\x47\x31\xf8\x3e\x56\x43\x4b\x2a\x42\x99\x65\x0c\x70\x60\xf9\xff\x7e\x8a\xad\xcb\x45\x93\xf6\x09\x18\x8d\x8b\x46\x76\x46\xcf\xe9\x52\x70\x06\x7a\x1d\x35\xcd\x75\x9f\xe5\x81\xaf\x4e\x62\x60\x2c\x02\xef\x14\x74\x41\x43\xeb\x42\x4f\x2d\x9f\x33\xa6\x02\x88\xc1\xb2\x5f\x08\xe4\xb2\xf5\xfe\xae\x06\xcb\xcc\x2b\x20\x52\xbf\x38\x4e\x1a\x6f\xcd\x84\x71\xce\x5e\x56\x58\xd7\x7f\x40\xc3\x5c\x41\x5e\x2a\x9e\x09\xfb\x58\x3b\xb7\x47\x12\x58\xe7\xc8\x06\xf3\xc2\x18\x22\xdd\x10\xf5\x6a\x64\x0c\xdc\x00\x12\x8d\x3b\xa5\x56\xba\x51\xdc\xaa\xb4\x7c\x3b\xaf\x9f\x01\x97\xd3\x66\x3d\xe8\xd0\x93\xe8\x31\x73\x32\x5d\xef\x1e\x83\xa2\xf5\xf5\xac\xf1\x2a\xe0\x9f\x3c\xe9\x6c\xd8\x88\x03\x4d\xcb\xe6\x14\x7d\xc5\x99\x83\x62\xa4\xbc\x40\x6d\x28\x84\x6a\xb1\x50\x3c\x17\xc9\x4f\x9a\xfd\x90\x3c\x9a\x58\xe1\xce\xbb\x4a\xbb\x4f\xf6\xf2\xa4\x10\x24\xe0\x6d\xca\xad\x14\xf5\xb7\x0c\x1b\x26\xe6\x9f\x96\xec\xf1\x4b\x8d\xa3\x1c\x62\x1f\x9a\xd4\xe3\x0a\xeb\x98\x23\x78\x67\x1f\x7d\x1f\x2c\x4b\x57\x2c\x41\xbb\x88\x30\x84\x0a\xc5\xdd\xce\xd8\x81\xf8\xff\xf2\x10\xc3\xc7\xf2\x36\xd8\xc5\xf2\xcf\xda\xcd\xa2\x98\x93\x30\x2f\xde\x15\x28\x2d\xb5\x40\xcb\x54\x37\x37\xdd\x77\x85\x25\x69\x22\x1f\xdd\xcd\xd6\x8d\x87\xe2\x40\x21\x79\xd3\xa5\xa7\x77\x34\xc2\x75\xa1\xd5\x60\xa4\x62\xf4\x03\x18\xbb\x68\x19\x83\x7d\xa3\xd3\x05\xeb\x49\xb3\x86\x50\xef\xdc\x8f\xe4\x09\xd4\x0f\xb9\x4c\xd5\xdc\x3e\xb0\x27\x38\xf3\x88\x52\xf6\x71\xa0\xc4\x14\x14\xb7\x6f\xb4\x36\xf3\x41\x7b\x8e\xf3\x00\x92\x1c\x00\x9e\xbb\xd7\xcf\x8e\x11"},
+{{0x18,0xe2,0x68,0xb1,0x5a,0x25,0x01,0xdd,0x4c,0x97,0x9d,0xc1,0x03,0xca,0x6a,0x84,0x22,0x16,0x13,0x2b,0x3b,0x50,0x81,0xd7,0x75,0xf8,0x86,0x40,0xf8,0x9c,0x80,0x41,},{0xb3,0x4e,0x19,0xc1,0xe2,0x08,0xfb,0x48,0xa8,0x85,0x07,0x9d,0x9f,0xbf,0x37,0xc7,0x4f,0x92,0x71,0x09,0x60,0xf8,0x32,0x15,0x4f,0xab,0x18,0x57,0x0c,0xfb,0x4c,0x1d,},{0xf2,0xdc,0xfc,0x06,0xef,0x1d,0x8e,0xcc,0xd8,0xe4,0x0b,0xdf,0x01,0x30,0x7d,0xd1,0x96,0x83,0xf2,0x14,0xd4,0xf0,0x84,0xe6,0xb6,0x93,0x4f,0x63,0x72,0x78,0x30,0x0d,0xbb,0x18,0x89,0xf2,0xd3,0x7f,0x53,0xb3,0xae,0xf2,0x6f,0xbb,0x3e,0x36,0xbd,0x75,0x98,0x5f,0xa7,0xc8,0xea,0x6d,0xdf,0xfa,0x72,0xc8,0xe4,0x06,0xf2,0x4b,0xb2,0x0e,},"\x42\x4b\xdc\xf0\xb2\x56\x00\x14\x39\xd1\x69\x58\xff\xf6\x48\xcf\x7a\x86\x04\xaf\x22\xcf\xa5\xb4\x43\x31\xb4\xdc\x35\x6d\xff\x25\xcc\x05\x63\xda\x9d\x64\x01\x33\xac\xb7\x0b\x6a\x11\x76\xc4\x82\xdb\xc9\x40\x8c\xd6\x79\x3d\x56\xbc\x29\xcc\x40\x88\x23\xd3\x88\xed\x88\xb2\x4c\xeb\x66\x21\xdb\xac\x00\x23\xee\x69\xf7\x6f\x82\x96\xa7\x39\x52\x11\x68\x5b\x3c\xea\xa9\x95\xf0\x35\x5d\x9a\xad\x3d\x97\x35\x8f\x4a\x37\x9e\x59\x20\xec\x54\x5f\x46\x96\x21\xcf\x76\x8a\xbf\x55\xd2\xa5\x54\xc9\x49\xb0\xed\x70\x18\x7c\x22\x05\xad\x03\x29\x85\xc9\xb5\xb2\xe4\xba\x57\xe0\xb4\xa4\x7d\x34\x45\x12\xb8\x4b\xfe\x9f\x3a\xa5\x60\xfe\x6e\xcf\xc5\xbd\xf8\xc3\xb4\x18\x45\x29\x35\x73\xf8\x1e\xd3\xb7\x0e\xdc\x63\xa3\x0c\x70\xcd\xa3\xf4\x55\x90\x13\x13\xf6\xd2\x3d\xb3\x09\x47\x8f\x03\xe3\x4e\x71\x35\x6d\x83\xfa\x5d\xb9\x28\x0c\xc2\xb4\x36\x9c\x3d\x24\xdd\x90\x38\xf2\x47\x59\x6c\x39\x1e\x48\xb2\xf3\xf8\x90\xa1\x41\xca\x1d\x12\x07\x7c\x69\x34\x47\x35\xa5\x9b\x1d\xd4\x07\x6b\x22\xe1\x61\x89\x99\x1e\x5f\x1b\xe4\xfb\x76\x95\xaf\x90\xeb\xea\x5d\xf2\x86\x13\x5c\xec\x2a\x6e\x99\xaa\x1d\xda\x32\x8e\x62\xc0\xdf\xb6\x37\x42\x20\x2d\x63\x62\x4d\xcc\x0c\x5c\xf1\xa5\xdf\x79\xe2\x87\x8d\xbc\x71\xfa\x96\x57\x66\x01\xaf\x22\x84\x4f\x54\x57\x33\x12\x6a\xf7\xd3\x98\x4c\x3e\xd2\x52\xe6\xa8\x76\x44\x5c\x92\x25\x9f\xbb\x47\x0a\x10\x56\x9b\x49\xe5\x79\x1f\xd0\x18\x2c\xfe\x1c\x3f\x88\x29\x7f\xac\xc8\xc3\x1a\x53\x32\xf1\xf4\xeb\x49\x58\xdb\x13\xb6\xc0\x79\xaa\x9c\x94\x94\x87\x26\x34\x03\x19\x0c\x83\xc1\x1a\x43\x19\x1f\xfe\xc6\x02\x3f\xb3\x4c\xfa\xb2\x52\x5b\xeb\x54\x6c\xf9\x20\x0a\x96\xf5\x85\x4b\x2f\x78\xec\xb2\xd9\xa5\x3a\xa9\xd2\x87\xa9\x0d\x4d\x41\x0a\x63\xad\xa0\xe9\x75\xd3\x04\xd5\x14\x83\x53\x46\x3f\xa8\x05\xb4\x80\x5f\xb4\x68\x7e\xd8\x85\x7d\xfc\xe4\xbc\x6e\x80\x83\x3c\x8f\x9a\x79\xcd\x4f\x02\x9a\x2d\x80\x2b\xfd\xc8\x19\xed\x0c\x0a\xc8\xf2\x10\x23\x28\x7f\x2b\x4b\xaf\xbc\xc8\x99\x93\xfe\x46\xd5\x2a\x9c\x62\x46\xde\xad\x61\x7d\xf7\x97\xd4\x8e\xe9\x85\xf0\xf0\xdf\x9a\xa8\x2e\xa2\x0e\x0d\x0d\xb2\x8a\x25\x4a\x9a\x25\x3f\x39\xf9\xcf\x01\xe3\xdb\x8f\x3e\xbc\xf7\xcb\x97\xce\xc5\x8c\x4e\xfe\x03\x12\x69\xb4\xb3\x7e\x4c\xbb\x36\x1f\x73\xab\x4b\x49\x80\xbd\x90\x08\x49\x53\x88\x44\xc5\x2c\xb3\xac\x75\x83\xb8\xf8\x96\x53\xa0\xde\x65\xa8\xbe\x91\x58\x2c\x55\x23\x9c\xb8\xf5\xd5\x31\x8a\x88\xd1\x60\xe1\xc8\x71\xe5\xea\x7e\x75\xf5\xa6\x9c\xba\x85\x38\x22\x1a\xb4\x2c\xe2\xa2\xc4\xd9\xc3\xb7\xec\x85\x7f\x23\x0d\x57\x37\x31\x13\x36\x86\xae\x8a\x7e\xd6\x40\xf4\x2f\x31\x02\x94\x89\xe4\xe6\xaf\x2b\x3e\xa4\xc7\x94\x8e\xd5\x37\xc0\xc5\x90\x67\x26\xc2\xb6\x25\xfd\x5f\x94\x9e\x3a\x7c\xf3\xb6\xe9\x98\xec\x76\x1d\xd6\xe2\xb5\x17\x1a\x68\x74\x97\x52\xe7\x21\xb7\x88\xc3\x47\x7f\xa1\x90\xcd\x6e\xa8\x1d\x57\x9d\xce\x64\x62\xd9\xc6\x62\xad\x89\x62\xe7\x93\x38\x71\x0c\xc8\xd2\x73\x8a\x5f\xb0\x4a\xdf\xdb\x3f\x14\x32\xcf\xd8\x0e\x2e\x96\x7d\xa0\x00\xd8\x3a\x0f\xa8\x5a\xba\xe2\x95\x2f\x3f\x36\x83\xe2\x54\xd8\x68\xf4\xbf\x80\x9e\xb2\xe3\x00\xe7\xb2\x09\x73\x4a\x3c\x89\x4e\x96\x6b\x16\x08\x8d\x5e\xd3\x54\xbf\xfb\xff\xbb\xf2\xec\x2b\xe9\x3a\x32\xa8\xbe\x5c\xfa\x18\xfa\x56\x53\x01\x2e\xda\xe5\xaf\xd8\x70\x9c\xa5\x5c\x0c\xf2\x3a\x55\x0d\x34\xca\x0f\x32\xd8\xf6\x66\xfb\x47\xa1\x2f\x2b\x73\x53\xa4\x0c\x53\x79\xf7\x53\x66\xc1\x3f\x4a\xb9\xf1\x4c\xf8\x0a\x94\xe1\xf1\x3d\x8b\x09\xb7\x6f\xd8\xd1\x4f\xfa\x53\x8f\x31\xfd\x8a\xeb\x49\xd3\x34\x33\xf4\xdf\x7c\x2c\xa6\x73\x99\x57\x9f\xe9\x90\x78\xaa\x72\x1d\x6b\x6f\xc0\xc5\x0e\x8a\x91\xfc\x71\xca\x25\xea\xc1\x37\x6f\xc6\x71\xbf\x61\x53\xe7\x20\xb2\x5c\x7e\x97\xa3\xd4\xef\x84\x42\xac\x67\xac\xf5\x8b\x50\x4b\x67\x15\x8f\x91\x30\x25"},
+{{0x3c,0x39,0x3f,0x9d,0xf1,0xfb,0x0b,0x1e,0xec,0x09,0xb7,0xf2,0x70,0xb8,0x59,0x82,0xba,0x0f,0xd5,0xe4,0xb1,0x79,0x5e,0x1a,0x7f,0xa9,0x91,0x37,0xfe,0xe2,0x4d,0x7d,},{0x97,0x4f,0xe2,0x37,0x30,0xfc,0x17,0x94,0x56,0x70,0xfb,0xc1,0xf8,0x0b,0x93,0xf9,0x45,0x93,0xc8,0xd4,0x4b,0xc7,0x5d,0x18,0x9a,0x6b,0xbf,0xaa,0xba,0xf5,0xdb,0xd9,},{0x22,0x33,0x3e,0x56,0x41,0x0f,0xdc,0xbf,0x84,0xf6,0xa8,0xde,0x74,0x13,0x37,0x69,0x16,0x84,0x49,0x5b,0xa6,0x9e,0xff,0x59,0x6d,0xb9,0xc0,0x3a,0x28,0x12,0x10,0x88,0x1e,0x6c,0x91,0xef,0xa9,0x1b,0x21,0x83,0xc0,0xea,0xc9,0x16,0x15,0x28,0x17,0xa7,0x8c,0xa7,0x24,0xba,0x7c,0x8b,0x51,0xbb,0x4c,0xaa,0xde,0xa9,0xa3,0x41,0xeb,0x0e,},"\x54\xd8\xb8\xd5\xfa\xc2\x8c\xff\xa7\x7a\x09\x16\xd6\x33\x3c\x16\xed\xbc\x8b\xb7\x4a\xa0\x6e\x56\xdc\x00\xe4\x7e\x39\x29\xe4\x08\x64\xb8\x84\x0d\x91\x20\x79\x59\x7e\xac\xd8\x1d\xae\x43\xe2\x78\x5d\xfc\x68\x9f\x3e\x85\xf8\xc6\x65\x81\xef\xc5\xe8\x53\xd1\xfa\xaa\xc7\x44\x40\x0a\xb0\x8c\xbd\xb5\xd1\x61\x46\xfa\x60\xf9\x99\x05\xed\x84\xfd\x29\x36\xdd\x73\xf4\xbc\xa2\x57\x2b\x7c\xf5\x16\x05\x60\xff\xaa\x68\xda\x7a\x67\xe4\x0e\x08\xa7\xbb\x7a\xef\xc4\x04\x3e\xbe\xd5\xfe\x80\xa4\x14\x81\x7e\xdf\x2c\x63\xf6\x2f\xac\x0d\x47\x44\x6e\xd0\xbb\x58\x40\x58\xf4\x87\x2f\xec\xff\x62\x15\x59\x31\x1a\x27\x0a\xea\x37\xa6\x29\x68\x64\xe8\xd1\x68\xbf\x1e\x2f\x55\xcd\x3b\x27\x6e\xdf\xa6\x12\xb5\xd9\xc3\x36\x2e\x61\x8b\xe6\xe8\x2a\x6e\x5f\x82\x66\x79\x24\xf3\xd1\xd3\xdf\x82\x5f\x9d\x23\xf4\xd6\x14\x2d\x31\x00\xdf\xc7\x0f\x70\x60\x3a\xbf\x3f\xda\xda\xca\x69\xef\x6a\x18\xef\x90\x92\xb3\xc4\x1e\xc6\x58\xab\x27\x21\x6f\xc6\x14\x7a\x08\x0a\xcd\xa6\x0a\x84\x19\x84\xee\x83\xf4\x1a\xc4\x2a\x80\xea\xac\x91\xff\xfc\x82\x28\x39\x1e\xf5\x83\xab\x3e\xdd\xcf\x87\x65\x23\xc2\x02\x81\x35\x53\x00\xd8\x6c\x11\xa4\xe7\xc1\xad\xe8\xe5\x05\x60\xf4\x39\x06\xc9\xbc\x8c\xa5\xfb\xf8\x33\x9f\xbe\xbd\x02\xe3\x3e\x85\x18\xbe\xe5\xe8\x06\xb8\xc1\x0f\x82\x77\xf4\x10\x66\x47\x35\xa2\xbf\x55\x68\x39\x63\x54\x92\x45\x2e\x6c\xa0\x79\xde\xb9\x75\x1c\xfc\x67\x97\xf4\x9b\xca\x96\x13\xff\x2e\x7f\xdd\x36\x46\xf7\xc5\x23\x6a\x36\xbd\xf0\x05\x17\x45\xe5\x95\xdc\x00\x72\xfd\x66\x51\xd5\x76\x27\xa6\x00\x4c\x0f\x0c\xfa\xe8\x56\xbb\xc2\x8a\x12\x31\xcb\x83\x96\x65\xff\x04\x15\x2e\xc3\x1c\x00\x7b\x3e\x2e\xd0\xa9\x73\xb2\x4c\x93\x14\x9c\xe7\x01\xe6\xfd\x65\x39\x20\x6a\xe9\x1b\xec\x4c\xe6\x5a\x89\xdb\x26\xc7\xd3\x8c\xec\xb8\x91\x9f\x96\xfb\x6c\xb8\xf6\xc1\x93\x9d\x90\xfb\x3f\x90\xb8\x87\x78\x9f\x29\x57\x5a\xb2\x0e\x0b\x08\xbc\x35\x81\x53\xd8\xc0\x35\x21\xdc\x89\x18\x70\xb5\xf7\xee\xdc\xc1\xe6\x2b\xee\x7d\xa0\x63\xae\x66\xff\x0a\x4b\x7d\x98\xd1\xcb\x75\x8f\x69\x74\x3c\x3d\xb3\xae\x2a\x2c\x9b\xe1\xbe\x09\x4f\x17\xcd\x28\xf9\x2d\x8c\xcb\xca\x98\x3c\x74\x9c\x75\xc6\x10\xf8\x40\x83\x6e\x2c\x43\x0c\xcd\xef\xf0\xaf\xa5\x44\x44\xf1\x2b\x4a\x4f\x00\x2c\x60\x94\x51\x83\x42\x44\xc0\xc0\x7d\xf8\xe1\x22\x02\xa6\x5f\x94\x44\x7c\xd4\x90\x3a\xcb\x60\x6d\x77\x25\xa8\x6e\x4a\x23\x43\x98\x4e\x67\x9c\x4a\xf1\xb3\x67\x9c\x75\x5e\xa5\x0d\x0a\xbe\x2f\xcc\x0c\x1c\x33\x51\xa9\xee\x19\x6b\x46\x44\xc4\x24\x22\x2b\xe9\x9e\x2f\xb3\x73\xf9\x64\x1e\x3f\xae\xbf\xf4\x31\x70\xeb\x03\xfb\x8e\xc4\x55\x7d\x15\x1a\x55\xfa\xb6\xc4\x99\xd4\x44\xc8\x4b\xe8\x9f\x24\x47\x68\x2d\xe4\xe6\xf6\x35\x34\x75\xef\xcb\x8f\xc5\x32\x56\x76\x3a\x94\x8d\xc7\x5c\x51\x5f\xa3\x53\x54\x5d\x0c\xba\xd2\x9d\xf5\xe9\xdb\x5c\xc4\x57\xed\x30\x86\xcf\xfb\x3d\x75\xe8\x46\xc4\xe8\xd8\x81\x47\xfc\xd0\xd8\xaa\x5a\xba\xb4\x9b\x5e\x05\xc3\xd7\xfe\xef\x63\x79\x43\x34\x7a\xd3\xf4\x92\xee\x35\x6e\xf3\x48\x81\xcf\xd8\x5a\xbc\xe8\xa1\x44\xce\x77\x61\xe2\x84\xe8\xb8\xcb\x08\x96\x60\x49\x04\x7a\x99\x6e\x23\x55\x9f\x77\x6b\x1a\x9f\x41\xcb\xa3\x95\x41\x08\x48\x6e\x29\x27\xbe\xb6\x43\x3a\x36\xff\x8b\x2f\x03\xaa\x74\xb3\xd2\x09\xc4\x88\xe0\x77\xf9\x24\xf2\x31\xe2\x83\x45\x94\x2c\x7d\xcc\x2e\x61\xd7\xc9\xb5\x22\xb6\x59\xfc\xb5\x36\x62\xaf\xf3\x64\x8f\x66\xda\x3e\x83\xe5\x9b\x0d\xaa\x90\xb9\x4c\x51\x5d\xad\xab\x10\xd5\xa8\x39\xcb\x3a\x2f\x1d\x3c\xd0\x92\xde\x55\xd9\x95\x13\x8c\x3a\xc0\xb9\x07\xaf\x15\xac\x63\xec\x18\x74\x11\x43\x27\xe2\x19\x71\x34\x5e\xf1\x70\x31\xd5\x26\x17\xe7\x84\xda\x37\x71\x43\x9b\xe2\xe8\x41\x48\xbc\xfe\xa1\x32\xbd\xe1\x0e\x6f\xda\x54\x7d\xcb\xb1\xc4\xd8\xf7\x4d\xdc\xe1\xfc\xcf\x82\x13\xe0\xda\x6e\x97\xb8\x1f\x75"},
+{{0xf8,0x66,0x9c,0x88,0xf1,0x68,0x5b,0xbf,0x04,0x80,0xcc,0x92,0x21,0xac,0x2e,0xad,0x8f,0x55,0x1b,0xfa,0x87,0xec,0xba,0x2f,0xd4,0xdd,0xf3,0xba,0x34,0x76,0xeb,0xda,},{0x34,0x72,0x3f,0xb8,0xe2,0x53,0xad,0x9c,0x71,0xce,0xfd,0xe0,0x36,0x28,0xd2,0x04,0xe5,0x35,0xde,0x47,0x9e,0x10,0x48,0xe5,0x18,0x87,0x62,0xa1,0xf3,0x37,0xfe,0x5f,},{0x37,0x46,0xda,0x6c,0xd8,0xca,0x10,0x8b,0xee,0xf0,0x64,0x87,0xbe,0xe6,0x35,0x84,0xf8,0x12,0xc8,0xe0,0x69,0x5f,0xc8,0x63,0xb8,0x6e,0x5d,0xb1,0x32,0x38,0x0b,0x62,0xff,0x85,0x44,0xf6,0xf3,0x74,0x82,0x5b,0x0e,0x3e,0xa0,0x62,0x0e,0xf8,0x54,0xc1,0x33,0x11,0x14,0xd6,0x67,0xdf,0x1f,0x9e,0xa7,0x76,0xc3,0x96,0x38,0x70,0x29,0x0d,},"\x5b\x49\x41\xbe\xec\x22\x41\xc9\xfb\x76\xd8\x48\x4f\x4f\x3f\x3a\xb4\xff\xe8\xec\xc8\xe7\xae\xc7\x6d\xe2\xab\x8c\x36\x85\x84\xd7\x51\xb0\xd3\xfe\xb8\xa1\xdc\x81\x68\xcd\xc6\x94\x96\x8f\x66\xb2\xa0\xb0\x52\xaf\xbf\x8b\xe3\xa7\xd9\x51\x63\xe9\xda\x91\x41\xc5\x9c\xa5\x59\x76\xc2\x92\xc5\xc7\x4d\x31\x31\x8d\x6a\x91\xe7\x81\x7c\x5a\x8b\x2f\x81\x21\x18\xcb\xeb\xa3\xa1\x33\x23\xcd\x97\x48\xbf\x86\xed\x1a\x85\xdd\x4e\xbc\x0d\xf4\x95\xcf\xa3\xd4\x62\x74\x34\xbf\x14\xaa\xe8\xab\x67\x81\x46\x7a\x56\xd9\x65\xd1\x0e\x63\x71\x98\x9d\xfa\x0f\x6b\xc0\xf7\x85\x9f\x37\x71\xeb\x90\x04\xb3\x43\x67\xdb\x27\x05\xdb\xd6\x0f\xa8\xf7\x89\x5c\x1e\xad\xf5\x9f\x53\xda\xb1\x68\xb4\xf9\x36\x39\x79\x02\x55\x01\xdd\xd9\x68\x0d\xeb\xc0\x7c\xd1\xca\x4a\x09\x97\x87\x6e\x92\x11\xf3\x07\xd9\xb7\xb9\xd9\x04\xe4\x8d\x28\x61\xa7\x78\xb8\x79\xad\x59\x0a\x9a\x2f\x14\x1b\xd5\x68\xe3\xa1\xbb\x24\x94\x62\x8e\x9e\xc0\xc6\x42\x55\xae\xea\x6f\x0e\xed\xca\x30\xad\x38\xa1\xf3\xff\xec\x3b\x2b\x5e\x94\x2e\x21\x94\x01\x04\xe9\x14\xd1\x1a\x44\xc0\x0f\xdd\x47\xda\x3e\x55\x13\xaa\x85\x30\xae\xe2\x47\xc9\x5c\xa6\x6d\x08\xa2\x60\x8c\x75\xba\x98\x58\xda\x14\xf9\xa8\xa3\x2b\xe7\x13\xd3\x09\xe0\xf5\x84\xc8\x1e\xf5\xbe\x04\x0e\x00\x65\xf0\x7b\x77\x5a\xe1\x75\xdf\xe2\xc8\xb9\x0a\x88\xcc\xda\x17\xfa\x4f\x21\xc7\x7e\xad\xf5\xd2\x5b\x6e\x40\x4b\xf0\x04\x47\x9e\x05\xa0\x1a\xc0\x04\x2b\x89\x93\x7e\xb2\x78\xc1\xc3\x4f\x33\x02\x8d\xb7\x80\xba\x3b\x61\x79\x18\x59\x5a\x39\xc0\xfc\xad\x67\x4b\x85\xc4\x0c\xac\x8d\x34\x5b\x7c\xa0\xbb\x48\xa2\x8e\x66\xc4\x4d\x8b\xb5\xf2\x79\x41\xe4\x0b\x0e\x9c\x70\x97\x97\x6c\x62\xdf\xef\x50\xc9\x8f\x17\x56\x6c\xcb\xac\xc8\x7c\xb0\x3b\x94\xdf\xdf\xaf\x32\xf1\xe5\x6f\xfa\x63\x9d\x63\x61\x1e\x21\x3c\xeb\xf5\x4c\xd0\xa3\xe2\x17\x2d\x81\x1c\x0e\xbd\x75\xb1\xa8\x64\x62\x64\xdd\x8b\x1a\xbd\x46\xe5\x48\x97\x2a\x1b\x26\x2c\xd9\x5d\x51\x15\x36\xdd\xdc\xb4\x97\x29\xfe\x7b\xd0\x0b\x38\x38\xbd\x2f\x20\xa1\x42\x64\x0e\xdb\x1b\x6e\x76\x5b\x65\xda\x72\xe7\x23\x32\x61\xc8\x89\x2e\x2f\x49\x49\xbb\x51\xf3\x2a\x1a\x5a\x3e\xe1\x49\xbe\xa2\x6f\xdc\xed\xb9\x91\xd2\xcd\x12\x66\x37\xe2\x97\x1e\x9b\x6f\x0b\x78\x5d\xf2\x8a\x48\xf3\x01\x70\x73\x49\x42\x3f\x44\xe8\x46\x22\x89\xd7\x25\x49\x82\x30\x48\x9d\xf1\xb5\x1b\xe3\x0f\x08\xd7\xe3\x25\x05\x65\xc6\xef\x82\x4b\xc5\x3a\x1b\xa7\x4a\x57\xa2\x5c\x06\x86\xad\xcb\x6c\x82\x5a\xb1\xca\x70\xc8\xa5\xd4\x6d\xbb\xc6\xfa\x60\x74\x61\xe2\x6d\x16\xfe\x93\xbb\x3d\x3a\x94\x3a\x3d\xc0\x5f\x30\xea\x6d\xc8\xbb\x12\xd7\x08\x21\xd3\x20\xf1\xad\xf1\xce\xba\x4b\xe6\x57\x19\x4f\x7f\xcc\xd2\x19\x90\xf8\x62\x9d\x74\x46\x01\xcf\x52\xea\x6d\x94\x05\xaa\xa2\x87\x8f\x1e\xec\x40\x03\xb4\x5a\x42\x18\xd8\xf8\x0b\xb0\xf5\xaf\x04\x73\x26\x48\x77\x52\xe2\xb7\x6d\x68\x87\x25\x20\xbb\xea\xe7\xb3\x09\xd7\x82\x82\xa0\x73\xfe\x0b\x1a\x1a\x7a\x98\xda\x23\xdf\x68\xca\xf8\xc2\x69\x9b\x1c\x7d\x0f\x47\xbd\x7d\xe2\xc0\xbb\x23\x36\x99\x63\xe6\x8a\x69\x74\xc8\xe2\xb5\x95\xb8\x29\x3a\x9f\x4d\x98\xdf\x7e\x9a\xe3\xad\xd2\xa3\xf6\x4e\x83\x03\x97\x39\x64\x2d\x19\x22\x04\xe8\x5e\x6c\x48\xd5\xd6\x71\xf6\xc7\x5a\x0a\x89\x57\xed\xbb\x74\x18\x76\x20\xf2\xab\xa9\x9c\x1c\x62\x58\x4c\x59\xac\x00\x64\x7e\x3f\xb4\x02\x92\xb9\xdc\x1a\x33\x46\x86\x85\x53\x39\x2f\xd3\xf1\x1d\x6d\xc6\xf5\xf2\xf4\xe8\x5e\xe2\x51\x25\xcd\xd6\x44\x74\x3c\x7d\x45\x28\x1e\xda\xc6\x38\x4c\x77\xcb\x98\xa6\x7d\x9a\xe6\xfc\x9a\x0a\x76\xb9\xf6\xfa\x69\x6f\xdf\x4a\xce\xab\x5f\x79\x4e\xe5\x21\xb1\xe5\xa0\xee\x57\xaf\x53\xbd\xf1\x76\x80\x1b\x4f\x45\xcf\xb3\xca\xe3\x28\x72\x34\x23\x4b\x77\xce\x21\xed\xf8\x68\x0d\x68\xc4\xa8\xee\xcf\x1b\x03\x53\x7e\xa5\x69\x9a\xcb\x56\x27\x77\xe4\x2a\x48\x6f\xe7\xcd"},
+{{0xce,0xcc,0xc6,0x83,0x11,0xfc,0x45,0xb6,0xc2,0xa2,0xf1,0xff,0x9c,0xdd,0xe0,0x07,0xec,0x78,0x7f,0xdf,0x25,0xd0,0x2c,0xcd,0x2a,0x1c,0xad,0x9d,0xe3,0xfb,0x4c,0xff,},{0x6f,0x80,0x47,0x34,0xef,0x92,0x82,0x41,0x80,0xda,0x71,0xe5,0x5c,0xf3,0xbf,0x1a,0xfe,0xf6,0x5b,0xcf,0x56,0x09,0x62,0xe0,0xb0,0xac,0xbb,0x2d,0x8c,0xca,0x59,0x84,},{0x3c,0x44,0x62,0xaa,0x47,0x01,0x01,0x32,0xdb,0xb2,0x63,0x11,0xe4,0x44,0x72,0x72,0x79,0xed,0xad,0xe1,0x5a,0x4d,0x66,0x2c,0xf6,0x47,0xf3,0x27,0x5c,0xf3,0x25,0x3e,0x6d,0xe9,0x33,0x38,0x30,0xe0,0x51,0x7a,0xa5,0xfa,0x7b,0xc2,0xd0,0xe6,0x3e,0xa2,0x59,0x7a,0x94,0xb0,0xfe,0x92,0x70,0x6e,0xcd,0x17,0x2c,0x5e,0xc5,0xc7,0xf0,0x06,},"\xba\xc1\x86\xd9\xfe\x5a\xbd\xa7\x9c\x3a\x35\xa7\xa3\xc2\xea\xe6\xae\x6a\xb2\x82\x47\x91\x27\x70\xc8\x4e\xfd\x04\x8e\xbd\x3a\xba\x57\xc3\x7c\xf4\xc6\xc7\xf3\x0a\x79\xf6\x8a\x3f\x76\xb2\x0c\xd8\xc6\x63\x1f\xcc\x96\x67\x05\x22\x08\x0e\x6b\x62\xe8\x87\xae\x6f\x44\x36\xd4\xca\xf5\x69\x43\x13\x1c\x52\xdd\x28\x2b\x25\x1c\xd0\x75\xf1\xf7\xf8\xe0\xbd\xb6\xbe\xdf\xc9\xa0\x79\x6f\x55\x79\x04\x2b\x56\xe6\x93\x74\x96\x1b\x11\xdf\xd6\x1b\x12\xde\x2b\xb7\xd4\x9b\xfc\x50\x9c\xdb\x31\x38\xf3\x35\x6a\x0d\xde\xd9\x8f\x53\x01\xb7\xc4\xa7\x48\xbf\x89\xb2\x3d\xf4\xf7\x47\x2f\xf8\xb1\xf5\x05\xd7\x65\xc6\xff\x82\xdb\xad\x74\xb9\xd7\xae\xf2\x2f\xbc\xca\x0b\x7f\x35\x04\x2f\x9a\x76\x2b\xd0\x69\x02\xbb\x21\xc7\xf9\xf7\xf6\x6b\xef\x38\x90\x1d\x75\x01\x2d\x61\xd7\x44\xde\xe7\xaf\xd8\x9f\xc7\xe9\x08\xc4\x06\x85\xbd\x44\x0a\xed\xa4\x20\x4d\x00\x6f\x26\x30\x7d\x82\xa4\x96\x96\x31\x15\xf9\x0e\x09\xf7\x66\x88\x29\x1f\x4a\x67\xd6\x41\x1f\x76\xd1\x66\x17\x87\x5b\x2b\x99\x82\xdf\xdc\x5e\xe9\xb8\x3b\x98\x17\x00\x93\x19\x11\x0b\x54\x04\xc6\x31\x16\xfb\x6e\x94\x64\x84\x6f\xa0\x09\x55\x56\x32\xf0\x76\x98\x4c\x15\xe1\xf6\x08\x17\x33\xa0\xd4\x6f\x2d\x6a\x3c\xeb\xf7\x9e\xd9\x02\x0c\x9d\xec\x8d\xf1\x58\xa3\x34\x1f\x39\xea\xa5\xfc\xf1\xcf\x42\xa9\x48\x49\xb2\x35\x2c\x1a\x1e\xcd\x4f\xb8\x14\xc2\x0d\x07\xdf\xda\x31\x2b\xd4\xf2\xf5\x8c\x15\x76\xb4\xaa\x31\x5c\x96\xc8\x78\x6a\x4c\xfb\xb7\x36\xb2\xd2\x3c\x38\xb1\xd8\x1c\x46\x44\xea\x36\xaf\xa0\x76\xe0\x55\xbe\x59\x17\xcd\x7a\x92\x35\x0a\x7e\xd6\x6a\x5a\xb2\x25\x3f\x55\xc4\xfd\x1a\x0d\x0e\x6d\x4e\xda\xb5\xf7\x12\xed\xb4\x40\xc0\x6f\xac\x8f\x07\xe6\xd7\x3c\xc9\x0b\x2b\xa7\x13\xd7\x3c\x73\x80\x23\x61\xce\x46\xa4\xeb\x5e\xd1\x06\x0c\x4c\xf5\x32\x07\xd3\x01\xf0\xfc\xd4\xf0\xc9\xd1\x58\x0d\xb2\xfc\x10\x59\xd3\x72\x07\x64\x38\xa0\x11\x92\xa7\xf9\xfd\x6f\x78\x83\xf5\x64\x22\x86\x6f\xd9\xf0\xaf\xe5\x3f\xdc\x91\x0a\xfa\x5a\x75\x1c\xbf\xa3\x77\x59\x25\x79\x16\x5c\xb5\x6d\xc3\xeb\x4d\xce\x67\xe3\xdb\x33\xa9\x81\xa5\x6b\x7d\x9f\x7b\xde\xa7\x4f\xba\xea\x34\x78\xe6\xab\x2c\x64\x4f\xd7\x77\xb8\xbf\xa7\x2a\xa0\xf0\xa5\x21\x98\xd3\x6e\x5b\x63\x4d\x2c\x9a\x11\xb7\xfe\x0a\xb2\xf9\xa4\x09\x01\xc5\xb1\x48\xa0\x19\x2e\x95\xa1\x70\xba\xf7\xd5\x35\x0f\xe0\x1e\x56\x95\x42\xb9\x34\x85\xa4\x19\x71\x44\x34\x85\xfa\xf5\x7f\x67\xf5\x6d\xfe\x2c\x58\xe5\x39\xc9\xf9\xb4\x49\xc3\xf9\x12\x49\xa1\x0c\x1a\x1b\xe7\xe0\xb3\xea\xbe\x8e\xe0\xba\xb1\xf1\x1f\x89\x61\x4d\xce\xd4\x18\xc6\x2a\x07\xa0\xb5\x9a\x13\x70\xd6\x53\x1b\xa1\x77\x09\x1c\x6a\xd5\x95\xfb\x59\x48\x82\x04\xf6\x33\x44\x73\x6e\xa1\x01\x7a\xff\xbe\xb7\x53\xa9\x97\x86\xb1\xeb\x64\x51\x0e\x2e\x71\x7e\xc9\x0e\x02\x74\x4b\xc3\x52\xd3\xf1\xb2\xab\x7b\xe0\xeb\x65\x62\x3d\x04\xfb\x3a\x04\x6c\xe7\xf4\xda\x69\x7d\x82\x98\x28\xa5\x2c\x7b\x04\x3b\x2a\x82\xec\x97\xfb\x04\x1b\xf5\x19\xb4\xde\x31\x6f\x4e\x2f\x5b\x0d\xb6\x2a\xed\x0e\xed\x95\xca\xd4\x32\x0c\x19\x47\xc3\x5f\xd8\x84\x7a\x58\x67\x87\x28\x83\x56\x11\x19\xc0\x1b\x00\x89\x21\x3d\x84\xdb\x99\xd4\x39\xf0\xf6\x44\x4d\x87\x83\xdd\x4b\x64\xbe\x35\x77\xcd\x46\x1c\xf7\x53\xc8\xe6\x1c\x91\x2d\xe2\xe5\xd7\xa7\xe2\xba\xef\xa2\x58\x97\x5d\x16\xef\x31\x17\xda\x59\xa6\xc8\x93\xf3\x33\x91\x87\xdf\x31\x68\xb8\x9f\x0f\xb0\xb2\x19\x8b\xb6\xf1\x59\x4b\xb8\x8f\x3d\x61\x0f\xce\xc3\xe3\x6d\xe0\x4a\xe1\x03\x28\x11\x2e\x6f\xf7\x4f\x5a\x8c\xe6\x8d\x40\x71\x74\xb4\xc0\x69\x1c\x76\x02\xea\xb1\xbb\x10\xf3\xc4\x9d\xd2\x2b\x84\x50\x78\x2d\xea\xe9\xa7\x31\x5e\x3b\x88\xde\x79\xcd\x15\xe6\xc9\x26\x81\x65\xed\x3a\x0f\xb3\xf8\x9b\x18\x3e\x1a\x21\x21\x52\x00\x3f\x32\xa2\x66\x5d\x37\xcd\xd7\xf6\xb5\x6c\x24\x53\xe5\x58\x0c\x4d\x21\xf9\x98\x3f\x38\x79\x8e\x9b"},
+{{0x7b,0x30,0xb4,0x2d,0xc2,0xc6,0x70,0xa1,0x95,0xfe,0x2a,0xf8,0x79,0xfc,0x5d,0xe3,0x74,0x02,0x45,0x88,0xfe,0x3d,0xe4,0x3e,0x2d,0xd5,0x08,0x44,0xf4,0x8f,0x42,0xbe,},{0x82,0xa2,0xac,0x60,0x79,0xf2,0x12,0xb5,0xee,0xdd,0x0c,0x19,0xe9,0x39,0x4f,0xaf,0xac,0xd7,0x4d,0x71,0x6f,0xde,0xfb,0xfc,0x6c,0xb8,0xa7,0xea,0xf4,0x1c,0x03,0x62,},{0x0a,0x63,0xb8,0x4f,0x46,0x93,0x5f,0xaf,0x3e,0xa1,0x64,0xb0,0x0a,0xf2,0x27,0xb0,0x08,0x68,0xa0,0x3f,0x56,0x12,0x93,0x5e,0x18,0x61,0x9a,0x84,0xa2,0xe5,0x7b,0x88,0x51,0xd7,0x46,0xe6,0x3f,0xd9,0x10,0x07,0x87,0xf5,0x33,0x8d,0x51,0xc1,0x07,0x3c,0x2f,0xc5,0x30,0x30,0x99,0xe1,0x87,0x3e,0x5e,0x3d,0x3e,0x5c,0x03,0x6f,0xbe,0x01,},"\xc6\x68\x7a\xef\xeb\xc5\xc8\x16\xd1\xa3\x34\x53\xbe\xca\x50\x20\xd3\xa9\x7c\xda\x1d\xac\x56\x62\xf0\xaf\x72\xba\xd4\x44\xe2\xfd\x11\x76\xa7\xb0\x4c\x1b\xd0\x9d\x83\x26\x18\x20\x9b\xf3\xe3\x3e\x52\x35\x38\xd6\xda\xa7\x53\x04\x6e\x87\x1d\xd3\xb3\xc7\xac\xad\x33\xe7\x9c\x1b\xb7\x89\x64\x07\x86\x5d\x16\x8d\x4b\xc3\x75\x7b\xde\x4f\x82\x3c\x08\x77\x86\x26\xf8\xc7\x1f\xb7\xcf\xcf\xdf\x03\xa8\x24\x97\xbd\x8b\xe7\xd8\xf8\xef\x64\x90\x30\xb5\xf3\x6a\x33\x94\x59\x96\x8e\x24\x6a\x1e\x42\x08\x53\xda\xce\x41\xca\x85\x0a\x4e\xea\xe8\x34\xae\x11\x96\x10\xca\x4c\xd0\x66\x2a\xac\x39\x62\x15\x86\x99\x80\x27\xef\x2f\x61\x48\x5c\x02\x85\x06\x71\x4a\xe0\x9c\x76\x39\x9d\x87\x3e\x80\x81\x58\x57\x8a\xa5\x9e\x82\x12\xf5\x88\x65\x31\x9f\x9e\x0d\x2b\x8d\xa7\xad\x52\x9e\x0a\xc1\xf1\xeb\x43\x5a\xec\xfd\x35\xf5\xab\xb9\x2b\xea\x50\x73\x49\x6b\xf4\xc0\xbf\x15\xba\xa2\x73\xbf\xc5\xc3\x10\x44\x74\xa2\xdc\xf1\x32\xc3\x33\xeb\x36\xec\x2c\xbf\x04\xfa\x95\x80\xb7\x68\xf5\xce\xa7\xb5\x61\x7e\x58\x80\xaf\xf6\x32\x01\xc2\x74\xd6\x69\x74\x3e\x1b\xc5\x56\xb0\x67\x90\x2e\xee\x29\xd2\x91\x11\x28\x89\x69\xcf\xfa\x87\x9f\xc9\xcb\xf6\x6f\xbf\x93\x26\xd9\xd9\x25\xac\x41\x02\xfa\x9f\x1a\x06\x08\x1a\xde\xc0\x79\xcb\xc9\x67\x46\xd7\x9b\x63\xa0\x12\xed\x77\xd8\x2c\x9f\xfd\x4e\x3f\x16\x1f\x6c\xea\x28\xcc\x23\xfa\xc2\xa5\x43\xf5\xb1\xd0\x64\x4e\xc0\x48\x38\x32\x7b\xcc\x65\x2b\x85\x8f\x93\xff\x46\x3f\x7e\x94\x9e\xec\x8c\x9d\xb6\x56\x9a\x86\x98\x4f\x83\x1d\xf6\xac\x6d\x95\xf3\x8f\x46\xce\xbb\x6e\x65\x83\x65\x7f\xac\xd2\x10\x8d\xbc\xd0\xaf\x23\xab\x01\x01\xa1\x30\x1b\xeb\x48\xa4\x4c\xac\xcb\x91\x09\x44\x73\xd7\xe5\xa5\xc8\x8c\x64\x4f\xd3\x42\x05\x73\xb6\x78\xf1\x7b\x51\x74\xcb\x14\xe9\x0f\xac\x69\x4d\x1d\xbc\x6c\x96\x32\xb5\x97\x4a\xef\x28\xac\x08\xd7\x20\xb2\xea\x30\x44\x0d\x2a\xfb\x04\x93\xb4\x0d\xb2\x4e\xfb\xdb\xf5\x3c\x43\x09\x21\xe5\x2a\x10\xb5\x46\x61\xe1\x49\xd1\x65\x59\x1a\x7c\xf9\x1d\x65\x08\xea\x47\x2f\xb3\xbe\x16\x39\x5e\x30\x31\x2f\x19\xb8\x7c\x47\xe4\x68\x04\xa0\xfa\x29\xb5\x6b\x5a\xc9\x50\x67\x7b\xc6\x02\x38\xb5\xe9\x9e\x03\x0b\x1e\x55\x21\x46\xa0\xe8\x8c\x29\x4c\xfc\xa8\x35\xc1\x01\xc5\x5f\x34\x23\x87\x4c\xc1\x28\x75\x6e\x73\xa5\xde\xbe\x8e\x97\xfe\x21\x66\xb6\x5c\xb4\x46\x42\x77\x0c\x6d\x1d\x23\x90\xaf\x1b\x0f\x31\xb9\x58\xc8\x30\xe9\xac\x4f\xe2\xf5\xad\x59\x05\x82\xfb\xb8\x92\xbf\x94\x95\x84\x47\x7e\xf7\xbd\xe2\x3f\x7d\xd0\x2b\x63\xf7\xc2\x90\x88\xa5\x72\x51\x00\x91\x32\xff\xbb\x78\xed\x14\xde\xfb\xef\xd9\xfd\x31\xfd\xca\xb0\x3b\xa8\x0a\x23\xf3\x33\x98\x37\x60\xab\xad\x4f\x16\xdd\xf9\xdd\x44\x14\xf0\x4d\x00\xdb\x56\xba\x72\xd6\x3a\x3a\x13\xd2\xc4\x42\xf5\x49\xfd\x66\xc9\x88\xd2\xe4\x60\x1d\x13\xb5\x2f\x77\x50\x0d\xd6\x92\xbe\xc9\xd6\xbd\x3b\xaf\xa9\x24\x2f\xdc\xfa\xeb\x69\xb9\x8b\x0b\x57\x89\xb2\x80\x38\x40\xde\xc6\x37\xb4\x9a\xf4\x38\x1a\xe3\xfa\x42\x9f\xb5\x34\x61\xa0\xc6\x74\xeb\x5a\xa1\x8d\xbd\x60\x7a\x2b\x77\xa9\x6d\x3a\xb4\x64\xec\xd9\x74\x92\xf6\xde\x46\x0c\x9f\x11\xb5\xc1\x75\x6c\xb5\x9c\xb1\x34\x8d\xfd\x77\x95\x6b\x71\x90\x7c\x54\x82\x1e\x30\x3c\xb8\xb1\x49\x06\xc0\x03\xe3\x48\x4b\xe4\xea\x05\xa6\x90\x1d\x69\xb0\x74\x85\xe8\x58\xf7\xb4\x71\xc6\x35\xf9\x03\x95\xb9\xa3\xe2\x24\x7f\x1a\xd1\x2b\x11\x8f\xfa\xfc\x72\x21\xa5\x7b\x10\xe3\x19\xb6\x1a\xf1\xc1\x36\x06\xa8\x16\x16\xce\x3f\x1d\x62\xba\x93\x2f\xf4\xe6\x3e\x74\xb8\x42\x55\xe3\xaf\x52\x10\xbb\xd5\x71\xbd\xa4\x4c\xbf\x44\xb7\x14\x42\x2c\xb4\x5c\x2e\xf2\x1f\x98\x13\x1b\xa9\x6b\x7e\xdb\x9b\x03\xe3\x3d\x7d\x18\x8d\x5b\x8d\x90\x4c\xb4\x13\x6f\xe2\x69\xdb\x14\x69\x88\x16\x8e\x7e\xe2\x45\x35\x63\x54\xf0\x02\xa5\xea\x8b\x35\xa3\xa9\x9e\x83\xa1\x32\x72\x27\x41\x44\xb3\x3a\x60\xca"},
+{{0x66,0x56,0xf4,0xd4,0x71,0x81,0x57,0xc4,0xba,0xc3,0x8f,0xf7,0xab,0xe5,0xeb,0x1f,0x81,0x2c,0x0b,0x98,0x6d,0x9c,0x01,0x4a,0xba,0xd5,0xb0,0x9a,0xa6,0xc8,0xee,0x4a,},{0xf3,0x08,0x78,0x98,0xe4,0x52,0xbe,0x9e,0x30,0xae,0xcc,0x4e,0x8f,0xfe,0x0c,0x01,0x16,0x98,0x88,0x68,0x3f,0x62,0xa4,0x5b,0x8d,0xa3,0x82,0x99,0x01,0x4f,0x5b,0x4a,},{0x9c,0x2c,0x39,0x91,0x5a,0xed,0x6a,0xdd,0x00,0x4e,0x7d,0xd6,0x84,0xee,0x3d,0xcd,0xd1,0x0d,0x87,0xa4,0x87,0xf6,0x77,0xe7,0x3c,0x2b,0xce,0x0f,0xca,0x7d,0x50,0x87,0x96,0x46,0x41,0x50,0xa5,0x2a,0x44,0x0f,0x52,0x37,0x85,0x0a,0x00,0x9c,0x72,0x16,0x2d,0x9d,0x29,0x85,0x47,0x0a,0x33,0x49,0x0e,0x66,0xd3,0xc4,0x01,0x70,0x4c,0x05,},"\x94\xd9\xe5\xe5\xa7\xb7\x05\xd9\xd9\x76\xfe\x71\xe9\x4d\x3f\x7f\xa7\x86\x6a\xfb\xf7\xec\xe4\x24\xf1\x36\x32\x77\x99\xb2\xb2\x06\xce\x4e\xf4\xc3\xf3\xe7\x05\x55\x3a\xfc\x8f\xd5\xc1\x95\x2a\x4c\x16\x65\x8d\x4a\x78\xaf\xbb\x9a\x97\xf2\x71\x93\xc6\x5b\x65\xb8\x2e\x8f\x3b\x71\x51\x5f\xac\x82\x64\x0e\x0f\x8a\x5f\xb3\x5a\xe6\xfc\x6a\x3d\xb0\x51\xa2\x2d\x4a\x53\x00\x41\x3e\x6e\x33\xd1\x9c\x20\x13\xc2\x98\x3a\xca\x8a\xd6\xce\xc2\xce\x64\xa8\x14\x16\x4f\x06\x1a\x1a\x3c\x5a\x86\x10\xa7\x65\x0b\xfb\x54\x23\xd4\x36\x2c\xe0\x22\x06\xdb\xe4\xa6\xfa\x82\x6f\x03\xb4\x2a\xc3\xcd\x9e\xa4\xc6\x51\x40\x1b\x3c\xea\x82\xc3\x99\x3f\x6a\xf8\xb2\xc9\xe2\xe6\xff\xe6\x92\x80\xab\x3f\x09\xfb\xe9\x0d\xd5\x47\xcc\xda\x9d\x9e\x8e\x8a\x53\x7b\x3b\x36\x05\x54\x22\x7e\xd0\x70\x9f\x29\x31\x98\x98\x2e\xfb\x5e\xfb\x0e\x73\xe0\x00\x42\xd1\xa0\x63\xb5\x74\x52\x02\x7d\xce\x1a\x39\xe4\xb0\x06\x8f\x58\xb1\x11\xec\x5d\xc1\x42\xbf\x41\x9a\xd8\x93\xd5\x4f\x42\x60\xcb\xde\x76\x28\xf7\x83\xde\x84\x96\x38\x03\x06\xa4\xef\xf6\xd8\x28\x69\x10\x42\x59\xc9\x4c\x54\xad\x5a\xa8\xb0\x67\xc4\x24\x96\xcb\x88\xdd\x31\x15\x0e\xa0\x4d\x49\x9b\xfa\xc9\x1f\x4b\xb3\xe6\x8a\xf5\xaf\x7a\x56\x8a\x3e\x4c\xe7\xf1\x70\xd9\x86\x01\x16\x3f\x49\x52\xf1\xd2\x5e\x12\xe0\x0e\xf0\xa2\xd8\xf1\x11\xaf\xdb\x0f\xaf\xba\xd2\xbf\x8e\x8b\x9d\x49\x36\x3f\xca\x68\x18\x36\x17\xb5\x41\x27\x0d\xda\x46\x09\xb2\x61\x67\x29\xab\x1b\x8c\x42\xdb\xdd\x7b\xf9\x86\xaf\x8f\xba\x52\xe7\x33\xe4\x2b\xa0\x3c\x89\x2e\x1e\x1e\xc0\x6a\x90\xb1\x63\xf5\xa7\x9f\x61\x65\xeb\x73\x16\x97\x2a\xc1\xad\xbf\xcf\x1d\xca\xb0\x78\x47\xef\x82\xc2\xca\xb1\x01\x5d\xbb\x50\xaa\xdc\x79\xfe\x11\xc8\x32\x09\x8c\xac\xc3\x98\x20\xab\x08\x5b\x69\x63\xbd\x42\x16\x0e\xd6\x61\x3b\xae\x5e\x20\x1f\x17\xc0\xfd\x7f\x32\x35\x7a\xe3\x50\xce\x9c\xbb\xe9\x26\xfa\x42\xdc\xbd\x42\x2a\xc1\xbf\x09\xa1\x9a\xd1\xf6\x94\x69\xe4\xd1\xdc\xb1\x24\x11\x8e\xd4\x52\x2d\x35\x3c\x17\x42\x98\x65\x0f\xf8\x83\x82\xfa\x2f\xdb\xb2\x86\xc4\x5b\x18\xa9\xba\xf6\xf6\x76\x3a\xc2\x0c\x9c\xa4\x76\x7d\x34\x8c\x4b\x8d\xed\x63\x00\x76\x65\x7b\x85\xb1\x4c\x11\xae\x27\x37\xea\x29\xa4\x35\x15\xb7\xf0\x56\x74\xa0\xcd\x3e\xd4\xbf\x6a\x3d\x18\x9a\xe9\x72\x21\x8f\x87\x7c\xd8\xaa\x69\x49\x9d\x5a\x08\xc9\x9e\x44\x06\x94\xcc\xac\xcd\xf1\xf6\x42\xe1\x4e\x90\x10\x5b\xee\x6d\x98\xed\xee\xab\x3b\x4f\x33\x9f\x30\x01\x88\xae\xc0\xc1\x6b\xd6\x45\x21\xd9\x28\x73\x98\xe6\x48\xdb\x94\x33\x0e\xd8\xf6\xb9\xab\x6c\x7a\xd9\x3f\xfc\x43\xe8\x79\x2e\x63\x7c\x61\xbf\xf7\xd8\x56\xe5\x4e\xf4\x98\x73\x84\xe3\x12\xcb\x57\x01\x7a\x50\xea\xe5\x95\x2a\xbe\x19\xd8\x99\x9c\x8c\x82\xdf\xc4\x57\x98\xcc\x17\xc8\xd9\x49\x6b\xf5\x20\xec\xc5\xb7\x7f\xe2\x84\x91\x55\x66\xc4\x56\x85\xc3\x04\xa2\xac\xd5\x25\xef\x12\xc8\x6f\x38\xae\xf5\x54\xd8\xa2\x38\x47\x37\xcc\x41\x33\xfb\x7e\x2b\x65\xc1\x3b\xef\x31\x66\x8a\x6c\x2f\x60\xee\xcd\x84\x12\xee\xff\x7f\x6b\x60\x5c\xbe\x95\x08\x3e\x23\x3e\xc1\xa7\xbb\x36\xde\x23\x6c\x8a\x71\xba\x28\x72\xbe\x94\x6c\xd3\xb3\x89\x35\xf5\xda\x64\xc8\xfe\xc8\xe1\x4f\x45\xcc\xf6\x12\x4b\xab\x7f\x70\x56\x7c\x2f\x2b\xfd\xd5\x66\x67\x60\x95\x72\x03\x7c\x76\x14\x6c\x99\x17\x07\x65\x9b\x57\x09\xb0\x74\xe3\x45\x1f\x92\x1a\x2d\xf2\x83\xb9\x6a\xa2\x6a\xb4\x76\x62\x50\x16\xf1\x81\xad\x64\xc9\x91\x9c\xf4\x1d\x71\x4a\x1a\x9a\x5e\x2b\xb2\x6b\xaf\x87\x70\xb2\xeb\xa7\x7b\x77\x8a\x33\x26\x77\xa7\x57\x2e\xe3\xa2\xb1\xdc\x05\xf7\x35\x6b\xdc\xae\x5f\x55\xe3\x53\x29\xe3\x4c\xaa\x79\x43\x0b\x27\x0c\x03\x61\x60\xdc\x9f\xca\xab\x5b\x25\x45\x43\xac\x94\xb2\x46\x81\xf1\x71\x72\xb6\x15\x9d\x16\x62\x1d\x7a\xd0\xee\xbd\x89\x5a\x1e\x1d\x09\xb9\x16\xa8\x6f\xb4\x8e\x4c\x91\x66\x10\x57\xee\xe9\x5c\x08\x70\xed\x54"},
+{{0x14,0x38,0x3e,0x6e,0x56,0x04,0xc9,0x9c,0x24,0x8d,0x39,0xbe,0x51,0xd1,0x64,0xb1,0x34,0x42,0xb0,0x5e,0x51,0xd7,0x8e,0xcd,0x99,0x93,0x64,0x22,0x1a,0x45,0x03,0x6b,},{0x2f,0xc1,0x61,0x38,0x22,0x0a,0xb7,0x4b,0x3b,0xd4,0x46,0xf8,0xa7,0x14,0xb5,0x8d,0x54,0x63,0xd4,0x0d,0x43,0x67,0x92,0x50,0x07,0x47,0x4c,0x5b,0x9e,0x35,0xd4,0x94,},{0x45,0xe8,0xed,0x1a,0x75,0x1d,0xfc,0x3b,0x9b,0x7b,0xd7,0xa1,0x0b,0xf5,0xbd,0xcf,0x8c,0xa4,0x61,0x86,0x5a,0x49,0x0c,0x10,0x5f,0x10,0x45,0x29,0x41,0xcf,0x87,0x72,0x12,0x14,0xbf,0xbf,0x3a,0x35,0x60,0x6b,0x7c,0xe3,0x5d,0x6f,0x70,0xaa,0xf2,0xd5,0xea,0xdc,0xc0,0xde,0x03,0x5e,0x9b,0x2f,0x6d,0x7b,0x86,0x2f,0xc2,0x84,0x90,0x04,},"\xc4\x75\x3b\x7f\x7a\x6f\x6d\xea\x25\x15\xc6\xe3\xd2\x95\x61\x50\x6f\x4f\x36\xe0\xde\x84\x99\x92\x21\xf2\x28\xe2\x0b\xd5\x12\x8e\xd9\x3b\xdb\x8d\x11\x93\x23\x7d\x8e\x29\x41\x69\xa2\xbc\x44\x8a\xf9\xdd\x36\x06\x63\x01\xef\xb7\xfe\x12\x31\x35\x3c\x06\x23\xff\xe1\x11\x5d\xeb\xb6\x90\x5a\xc6\x94\x6e\xe3\x82\xa2\x7c\x3c\x09\xe1\xb1\xf5\xc1\x14\x93\xdb\xa3\x7d\xa0\xff\x6e\xea\x75\xd9\xfa\xb0\xee\x92\x6d\x70\x1d\xac\x2f\xc5\xb7\xef\x57\x88\x80\xa5\xd5\xee\xec\xad\xc1\xf4\xbc\xc4\xcd\x4e\xc6\xf2\xf1\x4f\x52\xa8\xc1\x64\x07\x2e\x6f\xde\x5a\xb2\xee\x9c\xee\x0b\x48\xe5\x1a\xf0\x55\xf9\xfe\xc7\xc6\x37\x50\xfe\xdf\x72\x33\x2b\x23\x86\x3a\x1e\x54\xc5\x2b\x46\x1a\x21\x50\x6d\xfd\xfc\x63\x88\x0e\x22\xd8\x9c\x89\x44\x12\x66\x6c\x92\x98\x21\xc0\xe4\x39\xe7\x45\x41\x5f\x71\x79\x69\xe6\x05\x85\x54\xd6\x4b\x94\x7a\x4f\xc9\xd1\x6a\xca\xe3\xe4\x9a\xec\x08\x80\x1a\x09\xd9\x72\xf7\x9e\xad\x68\xd5\x29\x76\x80\x69\x73\x5c\xaa\x74\x2b\x45\xa5\x83\x05\x81\xb8\x0c\xa0\x61\xa6\xc1\x51\x5e\x3f\x7d\x5a\x93\x37\x87\x8c\x19\xfc\x94\xee\xf2\x26\x98\xea\x6c\x4d\x05\xf9\xed\x41\x1b\x6b\x8f\x05\x2b\x5f\xf1\x5d\xc2\x3a\x64\xbe\xea\xae\x99\xf8\x48\x93\xde\x3d\xf9\x40\xa4\xe0\xb8\xe9\x93\x93\x01\x39\x05\x2d\x99\xbe\x47\xbc\xa8\x77\x5f\x85\x63\xbd\x40\x26\xb7\x13\x43\xd5\x19\x68\xf2\x33\x75\x28\xf4\xc9\xdb\x8b\xbd\x0a\x29\x8a\xf0\x4b\x27\x69\x5d\x86\xb7\xf7\xba\x6c\x4c\xcc\x62\x73\xfe\xbc\xd8\xf7\x5c\xff\x26\x69\x95\x24\x4f\xc1\xfa\x13\xd8\xd8\x43\xf0\xbf\xf4\x9c\xc2\xd5\x08\xf4\xa2\xb3\xaa\xd1\xd9\x5f\xb2\x2a\x2b\xc6\xad\x1b\x96\x6b\x08\x12\xd9\x90\x70\xbb\xa0\x7c\x92\x3e\xe4\xd0\x81\x07\x48\x6d\xc0\x1a\x06\xdb\xa6\xf1\xd5\xf1\x05\xac\xea\xde\x33\xb1\x66\x51\x0e\x42\x7e\xbb\xce\x52\xa3\xe7\x83\x1f\x0f\x78\xa3\xc6\xe0\x72\x60\x83\x34\xd8\x02\x1c\x33\x8a\x73\xcc\x0c\x47\xf1\x9c\x9f\xae\x40\x3b\x97\x16\xd0\xd1\x5f\xbd\xf6\x46\x6b\x08\xf6\xac\xce\x3f\x50\xa7\x03\xb1\xde\xa8\xd8\x26\xdf\x84\x2c\xa1\xba\x20\xd2\x9f\x45\x48\xac\xfc\x75\x4c\xf0\x11\xf5\x70\x68\x1b\x59\xe4\xda\x25\x38\x5e\xbd\x6d\x5c\x3a\xdc\x93\x05\x29\xe1\x66\xce\x67\x05\xf6\x01\x02\x10\xdb\x10\x64\x62\xb3\x33\x32\x04\xe7\xad\xad\xee\x66\x06\xa5\x62\x06\xb4\x7e\xef\x20\x74\xb1\x16\xe2\x2a\x61\x54\x18\xec\x2c\xdc\x33\x1f\x1e\x19\xe0\x7e\x8a\x37\xb9\x2d\x69\xdf\x07\x34\xe0\x85\xda\xee\xb9\x01\xec\x6e\x8c\x35\xf1\x03\xf1\xd8\x6e\xf0\xd2\xa2\x65\x2b\x01\xd1\x83\x59\x7e\x4c\xfd\xee\xdf\xe5\xdf\x9a\x7e\xf6\x6a\x1c\x79\x6a\x37\xa2\x71\x13\xb9\x44\xdd\x7b\xa1\x7c\x46\x00\x15\xab\x8a\xce\x45\x1c\x57\x85\x0e\xc6\xc2\x90\xc5\x4e\x51\x13\xf5\x5e\x99\xa8\xe6\xe4\x71\x1e\x3b\x78\x17\xbf\x91\xa5\xad\xb3\x7f\xb9\x46\x1b\xe6\xb1\xb5\x5d\x58\x60\x46\xe4\x2a\x54\xc5\xde\xf4\x07\x6f\x1f\xf6\xc3\x1b\x80\x6f\xc6\x02\x47\x43\x56\xaa\x28\x99\xea\xe7\x0f\x5e\x5a\xbf\x1f\x75\xa7\xf2\x4c\x13\x4c\xde\x11\x79\x3b\xb1\x62\xe0\x3a\x58\x3d\x5b\xe0\x46\xac\xc7\x34\x56\xd1\x2d\x50\x9d\x92\xf7\x70\x57\x68\x68\x6f\x6c\x71\x4a\x4e\x57\xec\x88\xb7\x13\x98\xe2\x3e\x83\x5d\x6d\x65\x47\x22\x59\x96\xb7\xed\x08\xf3\xb7\x44\x3b\xb1\x7c\x89\x94\x09\x49\x3d\x0e\xfe\x84\x55\xbe\xc8\xe8\xc2\x84\xa3\xb1\x49\xa5\xb4\xca\x63\x1e\xa6\x20\xb1\xbb\x81\x7c\xed\xab\xa5\x0b\x04\x44\x11\x84\x9d\x26\x0a\x6f\x2a\x0d\x3f\x2c\xce\xec\x38\x42\x71\x9a\x5e\xa4\xfe\x18\xdd\xe0\xd4\x2d\xcb\x33\xad\x21\xe6\x45\x33\x25\xaf\x6f\x3c\x00\x9f\x2b\xb9\x78\xd3\x0c\xee\xae\x9a\xa4\x92\x8b\xf7\x37\x67\xcd\xa9\x29\x2a\xb8\x93\xce\x5f\xa3\xaa\x4c\x23\x21\x63\xb4\x5c\x64\xed\x79\x77\x77\x9b\x1c\x0c\xaf\xcf\xc2\xb9\xfa\x08\x4a\x32\x4f\x11\x3a\xde\xec\x21\x8b\x47\x35\xb6\xb4\x64\xdb\x6d\x46\xc2\x79\x1a\xf3\x45\x5f\x1c\xa5\xea\x1e\x9a\x04\x8c\x05\x1a\x54\xdf\xa0"},
+{{0x59,0xb0,0x72,0x63,0xb2,0x2c,0x0a,0x38,0xbb,0xc5,0x91,0x05,0x95,0x94,0xb2,0xbd,0x92,0x7e,0x80,0x59,0x61,0xdd,0x07,0xe1,0xf9,0x42,0x45,0xb2,0x3a,0xa2,0xe0,0x16,},{0x0b,0x1e,0x4c,0xf5,0xaf,0xf2,0x78,0xec,0x65,0xb4,0x05,0xf5,0x10,0x8e,0x1b,0x5b,0x18,0xa9,0x69,0xad,0x1f,0x1e,0x63,0x81,0x91,0x2c,0x82,0xd6,0x98,0x90,0x7c,0xba,},{0x88,0x6d,0xa3,0x3e,0x35,0x53,0x28,0x5e,0xa5,0x9c,0x14,0x31,0xb6,0xe8,0x6e,0xa4,0x9b,0xb6,0x8b,0x2e,0x0e,0xfd,0x2b,0x15,0x7e,0x77,0x91,0xb7,0x4f,0x35,0xa2,0x42,0x1b,0xb3,0x59,0xf3,0xdc,0x1e,0x4c,0xe5,0xf1,0x1f,0x73,0x65,0x2e,0x03,0xbf,0xc0,0xb4,0x29,0xc5,0x8f,0x0f,0x2d,0x74,0x18,0xc7,0xc2,0x0b,0xce,0x2e,0x2d,0x19,0x01,},"\x08\xce\x0d\x4d\xb5\xc2\xaa\x50\x0a\x19\xef\xbc\x8d\xc8\x54\x92\x50\xf7\xdd\x46\xa7\xa9\xa5\x40\x74\x17\xb3\xd5\x18\x20\xe4\xb0\xd6\x12\x75\x58\x3f\x56\xf8\x97\xfd\x94\x2b\xdd\x73\x11\xad\x6b\xaf\x73\x81\x28\x56\x7a\xf6\x55\x8d\x75\x90\x6a\x02\xc4\x34\x3a\x99\x55\xd5\x9b\x11\x08\x8c\x58\x8d\xc7\xdd\x08\xf6\x79\x65\xc5\x60\x2a\x56\x92\x8d\xda\x4a\xe1\x64\x29\x31\x63\xb5\x17\xca\x17\xde\xd0\x4f\xe4\xab\x2f\x97\x89\x13\x0a\xe9\x6a\xb2\x31\xf0\x7e\x09\x01\x5b\x78\xf3\x84\x8c\xef\x43\x5d\xb0\xad\x9f\x35\xe0\xfb\xc9\x85\x1e\x3e\xcf\xc9\xfb\x18\x6d\x14\xd8\xda\x4d\xda\x45\xd0\xb3\xeb\x3e\xe4\x50\x0c\x10\x1e\x31\x94\xb5\x72\x14\x06\x89\xcd\x75\xda\x12\x87\xb2\x54\xf3\x74\xe3\xd9\x33\x26\xae\x5f\xaf\x11\x40\x18\xac\x71\x4b\xd0\x03\x75\xd9\x2a\x8b\xb6\x59\xc3\x29\x12\x83\x1f\x4f\x20\x77\x6e\x9e\x2c\x25\x02\x9f\x0a\xff\x39\xfd\xda\xc7\x24\x15\x43\xa0\x36\x6b\x84\xde\x7b\x1f\xf2\x3e\x8e\x4d\xc0\x93\xdf\x0d\x2d\xd5\xe5\x3e\x68\x47\x94\x8c\xf3\xd0\xff\x3f\x56\x4a\xd9\x4d\x9c\xc0\x0a\x5e\xa5\xb6\x95\xe4\x08\xbf\x50\xf5\xba\xb2\xf6\xea\x87\xba\x8a\xd3\xa1\x94\x01\x95\xcf\x1b\xc2\xb5\xb3\x48\x47\xad\x3a\x5e\xff\xb8\xa7\x82\x3d\xe9\x1e\xf1\x63\x38\x69\xd1\xf0\x46\x43\xaf\x4d\x82\x6a\x59\xe7\x8b\x9d\x18\x63\x12\xb3\xd9\x72\x26\x36\x54\xac\x55\x87\xb8\x0b\x71\x76\x46\xf3\x10\x03\xdb\x81\xac\x70\x86\x0d\x3f\xc8\xcd\x3a\x6a\x0a\x0d\x57\x6d\x25\x73\x1e\xf7\xb8\x96\x62\x63\xd7\xa0\x5b\x55\x00\x9e\x8a\x23\xda\xc0\xf9\xa2\x1a\x24\xb0\x6e\x13\x90\x0e\x44\x44\x46\xfd\xfe\x56\xcb\xc1\xa0\x26\xdf\x41\x06\x6b\x20\x1b\x14\x81\xe5\x61\x58\x92\x6c\x0c\x9e\xa9\x0f\x0c\x64\x5a\xab\x4b\xef\x12\xd4\xe0\x72\xcb\xfd\xc3\xc3\xd5\xe0\xc7\x2c\xf8\x8f\x16\x6d\xe0\x48\x87\x4f\x35\x34\xe0\x40\xc6\x2b\x16\x62\x82\x1b\xdd\x16\xb0\xe8\x58\x28\x17\x46\x1c\xb2\x68\x92\x79\xb4\x46\xd7\x0c\x8a\xc2\x0a\xd0\x3e\x59\x8c\xad\x49\x08\xc5\x2c\x35\x0d\x42\x43\xee\x8a\xed\xb8\x7a\x4a\xf9\x77\xf7\xdb\x57\xcd\x94\x7b\x47\xd6\xbb\x51\x40\x9d\x80\xd8\x1f\x6d\xb0\x3c\xb9\xa6\xa6\xb7\x98\x12\xf4\x70\x69\x0a\xfc\x18\x36\xa5\x31\x33\x80\x94\xcf\x26\xd3\xc1\x23\x2f\xd5\x60\x5d\x8f\x8c\x55\xb6\xf8\xa2\xa7\xef\x1e\x0c\x78\x15\x55\x94\xb2\x37\x95\x6d\x2a\xba\xd6\xa9\xad\xcd\x58\xe1\x1c\xcd\x35\xcc\x99\x5b\x9a\x0a\xec\xbf\x7f\x57\x41\xac\x05\x1b\x04\xef\x6b\x97\x44\xb5\x6f\xcc\xb4\x63\x98\x52\x8b\xb3\x1f\xbe\x84\xe0\x78\x84\x3e\x69\xbf\x33\x88\x98\xcd\xef\x69\xad\x41\x87\x23\x95\xe4\x6b\x59\x39\x04\x82\x55\x47\xe0\x0b\xda\xf2\x21\xf8\xfa\x58\x7e\xa2\x03\x7f\xfb\x9a\xc9\x30\x7d\xd3\xf8\xf3\x5e\xc5\x38\x6b\xa9\x66\x33\x3e\x2a\xc8\x72\x7b\x0e\x1b\x80\x61\x2d\x3c\x7f\x2c\xb8\x8b\xaa\xca\xdf\xe2\x16\x3b\xc3\x8c\x88\x84\x2e\x76\xa3\x94\x57\x1d\x40\x61\x0e\x8a\x29\x76\x02\x79\x37\x63\x29\x6e\x3e\xab\xf7\x20\xe9\x84\xb2\xed\xd2\x8c\xf5\xc4\xe0\xf9\xa0\xf7\x6a\xce\xba\x28\xcc\x1f\x1b\x69\xff\x1d\x35\xb4\xbd\x33\x47\xb7\xf9\xa9\x5a\x4c\x1e\xa1\x07\x34\xe1\xc9\x18\xeb\x96\x24\x9d\x0c\xc7\x0b\x47\x7f\x6f\x23\x80\x9b\xbd\xa9\x01\xd5\x3f\x48\x5a\x71\xf5\x08\x60\x02\xc1\xb7\x1e\xfc\xc4\x1c\xb1\xae\xb5\x12\x2a\x3f\x3b\xfc\x96\xc5\x1a\x55\xd7\x5c\x02\x98\x42\x88\xbe\x65\x78\x87\x85\x4c\xfa\x73\x89\x74\xbc\xd5\x44\x01\x46\xf9\xbb\x14\x04\x0d\xe5\x4f\x54\x44\xad\x43\xb7\x9a\xf9\xbd\xb2\x4e\xd6\xa4\x8e\xb2\xfd\xee\xd7\x1f\x31\xf0\xec\xe1\x02\xe9\x18\xe9\x56\x35\xc7\xa0\x38\x63\x3e\xe3\x48\xd8\xb5\x78\x16\x52\xd5\x05\x9d\x21\x5a\xc9\x7f\x30\xea\x20\xd2\x77\xeb\xbf\x15\x24\x69\x05\x42\x8a\x7b\xec\x02\xb8\xf9\x26\x31\x5b\xad\x67\x23\xfd\x64\xd7\x1f\xc9\x5f\x33\x33\x64\xcb\xe9\x0d\x46\x46\x33\x3c\x40\xdd\xa6\xd1\xd4\x33\xb7\xc1\x95\xa7\x58\xdb\xb4\x03\x8a\xf5\xdc\xc7\x23\x2d\x45\x47\xf5\x40\xe3\x94"},
+{{0x5c,0xc1,0x15,0xd8,0x39,0xe0,0x58,0xcd,0xb6,0x51,0x8e,0xe9,0xc1,0x61,0xc0,0x04,0xd8,0x8b,0xd3,0x90,0x8d,0x3c,0xf6,0xd5,0x2c,0x8f,0x29,0x6a,0x1a,0x07,0x6b,0x9b,},{0x1e,0x8f,0x33,0x05,0xbf,0x2f,0xa1,0x1b,0x17,0xd9,0x24,0x16,0xab,0x0e,0xa7,0x62,0x39,0x6d,0x88,0xf2,0xf9,0x70,0xef,0x0b,0x10,0x0e,0xd3,0xbf,0x5c,0xc1,0x34,0x40,},{0x03,0x71,0xc2,0xd6,0x4c,0x5e,0xc0,0xc8,0x27,0x6c,0xa5,0xff,0xa6,0x15,0xef,0xf4,0x2f,0x9e,0xff,0xfc,0x58,0xdd,0x8e,0xcf,0xcf,0x67,0x62,0x0a,0x9b,0xcb,0x38,0xfa,0xf1,0x18,0x93,0x2b,0xf2,0xcd,0x5b,0x92,0x05,0xfa,0x55,0x13,0x34,0xdf,0x2a,0x75,0x7c,0x59,0x77,0x44,0xf7,0x91,0xf3,0x71,0xfb,0xed,0xd9,0x8b,0x21,0xf7,0x34,0x05,},"\x53\x3e\x49\xc1\xd5\xf3\x3c\x5e\xc4\xbe\x84\xc6\x19\xf4\xec\x64\x9c\x25\xfd\x70\xbd\xcf\xe2\x57\xa6\x3c\x33\x73\xa4\xd0\x89\xc8\x9a\xf6\xee\xb7\x16\x0d\xd7\x7a\xb6\x6b\x1e\xe7\xe1\x08\x50\xab\x4f\xc1\xf3\x51\x32\x33\x2b\x53\x78\x9b\x2b\x01\x40\xc4\xf2\x0f\x97\xf2\x14\x20\x72\xd6\x24\xaf\xf7\xaa\xd3\x24\xaa\xcd\x06\x8c\x03\x5a\xff\x52\xfa\x71\x2f\x4e\x74\x83\x2d\xe0\x31\xb2\x64\x23\x14\xd1\x71\x10\xde\xe6\xfb\x85\x76\x2d\xc3\x0d\x7e\x97\x78\x2f\xd1\xfb\xff\x71\x79\xf0\x09\x17\xf5\x5a\xf7\x50\x3a\x5b\x7e\x23\xc6\xea\xdb\x65\xe1\x04\xf1\x51\x7b\x66\x24\xc9\xe5\x20\x4b\x3f\xd2\x9a\x65\x85\xe9\x2c\xe3\xa3\xee\xe2\xc5\xae\x17\x79\x20\xf7\xb4\xab\x2c\xac\x87\xd6\x72\xab\x6b\xaa\xc1\x18\x6d\x90\x4a\xea\x34\x98\x53\x4e\xb5\xab\x23\xe4\xac\x4c\x0d\xdb\x0d\x82\xa5\xae\x53\x1d\x76\x54\x9d\x36\x76\x28\x57\x7b\xac\x42\x35\xe8\x97\xd9\xfe\x20\x55\x22\x04\x7d\x21\x4f\xf6\xcc\xf3\x11\xc4\xe3\x97\x82\x7d\x97\xf2\x86\x8e\x70\xac\x17\xd2\x8e\x33\x49\x99\x74\x4d\x35\x93\x76\xa4\x82\xfd\xcb\x41\x4b\x02\xb2\x68\x7b\x96\x2e\xe8\x08\x6e\x57\x3f\xe0\x00\xdc\x51\xde\xe0\x68\x79\xc6\x84\xe2\x5f\x94\xce\xe5\xe8\x61\x34\x7e\x7b\xe7\xfc\xa5\x49\xa0\xf7\x65\x13\x6a\x2f\x4b\x88\xfe\xde\x07\x02\x4d\xd2\xfc\xe1\xf6\xd0\xc0\x35\x4d\xa1\xa1\x6e\xf3\x66\xb3\x15\xb3\xf7\x23\x30\x31\xf9\x79\xb7\x0e\xac\x6e\x23\xbf\x3b\x34\x9e\xfb\xd0\xe4\xf5\x3f\x4d\x5c\x41\xfc\x00\x42\x76\xa5\x96\x70\x65\x9f\x69\x05\xef\x03\xd2\xfc\x09\x8d\x58\x9f\xcb\xc1\x32\x82\x82\xfa\x22\xb1\x0d\xb8\x3c\x5d\x70\x86\x59\x94\xfd\x19\xd7\x60\xa3\x9d\x47\x6e\x02\x33\x0d\x2c\x6d\x19\xe7\x42\x26\x7d\xd3\x65\xbb\xe1\xfe\x5c\x71\x1a\x95\xb1\x84\x50\x8c\xe4\x8c\x1c\x96\xd7\xe6\x39\x90\xb4\x08\xd4\x50\x89\xbe\x79\xe3\x2f\x9c\xb0\x16\x2f\xd1\xe7\xd0\xd1\x9d\x97\xd0\xae\x78\xff\x82\x4c\xc6\x98\x94\x86\xc0\xbd\x03\x83\x52\x55\x1f\x37\x49\x9e\x9e\x98\x26\x80\x4e\x9d\x26\x24\xad\x0c\x7b\x75\x34\x56\x0f\x45\xfd\x7d\x32\x4b\x8e\x51\x7e\x01\xc9\xb2\x74\x3c\x14\x97\x9c\xfd\x51\x2b\xc3\xfe\x66\x72\x79\xb3\xa2\x77\xfb\x46\x3e\x9d\x73\x49\xb6\x4f\xfc\x9f\xe6\x08\x84\xc2\x1e\x48\x10\x81\xed\x70\xe6\xda\x5a\x35\x39\xc4\x48\x97\x1f\x0d\x97\x87\x28\x9f\xcb\x00\x80\xf2\x19\xe9\x94\x49\xf8\x29\x8c\x42\x47\x5f\x87\xfd\x10\xae\xb5\x09\xc5\x30\xcf\x6a\x57\x74\x8e\xb8\xf3\x56\x21\x61\xfa\x48\x75\xea\x95\x3f\x09\x65\x9c\x7d\xf7\xa9\x95\x0f\x03\x17\x46\x7c\xb4\xe5\x36\x6e\x19\x6e\x32\xf5\xe2\x69\x67\x33\xa2\x5e\xac\xbd\xe4\x92\x10\x49\x07\x62\x06\x0e\xa2\x31\x37\x0d\x40\x90\x42\x9b\xb0\x6b\xb8\x67\x39\x9e\x8d\x37\xbf\x5d\x21\xa0\xe7\x21\x47\xe4\x96\xcf\x3b\x7d\xd6\xfe\x6e\x5e\xde\xa9\x66\x8d\x80\x21\x90\xa9\x1c\x60\x0e\x29\x52\x3f\x8e\xb9\x04\xe4\x8b\x70\x41\x2b\xc1\x0a\x70\x20\x98\x4c\x5f\xf0\xf5\xf3\x83\xf2\x14\xae\x59\x4d\xc8\x59\x71\xe4\x80\x37\x28\x48\xd0\xd7\xe7\xcc\x5c\x18\xff\x88\xba\x9b\x26\x2d\x78\x84\x69\x8a\x41\xc6\xc7\x81\x9c\x03\x19\xfd\xc6\xbb\x07\xb9\x1d\xc1\x69\x4d\xaf\xe3\xaf\x37\xa5\x38\xbf\x2b\x2d\x8c\xac\xb2\x7d\x24\xcd\xc6\xea\xdb\x8c\x6a\x2e\x6b\x7d\xf8\xa4\x65\x4a\xe9\x37\x85\x0c\x89\x0a\xd9\x30\x98\x0a\xfc\xc1\x49\x2d\xb8\xa0\x16\x8c\xbc\x9f\x10\x65\x7e\xb4\x8d\x2a\xc8\x7f\x51\x75\xd2\x3c\xae\xd4\xb5\xe6\xf1\x0b\xbe\xaa\x5e\x33\xfc\x5f\x64\x18\xd6\x3b\xa3\x74\xab\x1a\x3c\xbd\x36\xb7\x29\xdd\xbd\xab\xa9\x89\xd4\x64\x5e\x3a\x66\x13\x0b\xae\x41\x7c\xad\x08\x6d\xad\xd3\x08\x43\x35\x25\x14\xc3\x75\xf2\x57\x1a\xba\xf9\x3e\x9a\x07\x71\xfa\x10\x3a\xe9\x25\x85\xb0\x4f\x55\xc4\x34\x76\x9b\x43\xd6\xd2\x2f\x75\x3f\x93\x06\x03\x6e\x53\x52\x4f\x6f\x4d\x9c\xcb\xd2\xc3\x03\x17\xa8\xe8\x99\xf3\x16\x14\x90\x35\x89\x4d\xa9\x45\xb7\x6d\x90\x82\xbf\xee\x32\x8e\x7a\x31\xb6\x63\x28\xee\x8b\x94\xe0\x68\xc7"},
+{{0x75,0xa5,0x03,0xf4,0x8f,0xfc,0x22,0x16,0x17,0x67,0x25,0x19,0x11,0x1b,0xf9,0x0d,0xa3,0x9d,0xa9,0xea,0xb2,0xe2,0x91,0x4f,0xd3,0x75,0x5f,0x10,0xf5,0x39,0x36,0x68,},{0xf6,0x80,0xcc,0x0f,0x63,0x58,0xcd,0xcf,0x53,0x7a,0xa7,0x11,0x28,0xcf,0xad,0xfc,0x0f,0x3a,0x89,0xc1,0x00,0xaa,0x34,0xbc,0xd2,0x42,0x7e,0x24,0x8b,0x6e,0xd5,0x0b,},{0xdf,0x28,0xe3,0xe6,0x30,0x36,0x08,0x67,0x86,0x4b,0xc4,0x1e,0x43,0xfd,0x7d,0xde,0xb5,0x28,0x76,0xdc,0xe9,0xb2,0x34,0xa3,0xfc,0xc3,0xd8,0x54,0x9d,0xb0,0x11,0x2e,0x17,0x63,0x90,0xa6,0x85,0xeb,0xd4,0x84,0x93,0x6e,0x25,0xc0,0x8c,0x8a,0x38,0x78,0xa3,0x7b,0x3c,0x4e,0x23,0x9a,0xd0,0xa0,0xe5,0x01,0x99,0x37,0xff,0xbc,0xd4,0x07,},"\x7b\x01\x09\x04\x23\x23\x6c\xb4\xb1\x3c\x41\x77\xfc\xe5\x2a\x7f\xf6\x58\x05\x88\xcc\x2e\xb5\xa3\xf3\x9f\xf5\xd0\xc7\x3e\x01\xe0\x1b\xf7\xbd\x74\xaf\xe4\x15\x12\x50\xc3\x91\x42\x6e\xa5\x07\x27\x1b\xea\x1d\x6d\x85\xf0\xb2\xfe\x35\xc4\x05\x00\xf9\x8d\x06\x56\xc6\x38\x8f\xc9\xef\xba\x18\x37\xdb\x22\xdf\xa2\x9d\x89\x26\x76\xf5\x0e\x57\x5f\xe8\x9f\xd2\x93\x89\xd0\x9d\x08\x0b\xad\x67\xba\x54\x4c\xac\xab\xf5\xa7\x73\x82\x37\xc5\x5e\x28\x75\xed\x49\x16\x30\x2a\x2b\x4d\xc4\x96\xe7\x42\x73\xbf\x05\x19\x11\x37\x81\x0e\x50\xe4\x81\x95\x26\x0b\xab\x6d\x81\xf9\xc8\x05\x62\xee\x73\xcc\xb9\x33\x3c\xd9\xb6\x1d\xaf\x5b\x00\x38\xa4\xe6\xc5\xc9\x58\xa9\x1f\x68\x50\x8c\x1d\x88\x25\x19\xc1\xaa\x4f\xfc\xc5\x35\x62\x46\x3a\x0a\xe3\x01\x63\x69\x6f\x84\xb9\x7c\xcb\xd8\x67\x98\x20\xed\xd3\x61\x7e\x7b\x89\x6e\xef\xfe\x34\x1e\xc6\xb5\xb0\x3f\x73\xb6\x25\xd7\x41\xc6\x55\xfe\x6e\x82\xd1\x1d\x47\x8a\x7d\x54\x3f\xf6\xc0\xfa\x3a\x3a\x8c\x94\xa6\x16\xfb\x84\x70\x70\xd1\xfb\xdd\xe6\x01\x0f\x02\x6b\x08\x9c\xd8\x63\xc3\xbd\x29\xb1\xc4\x26\x9f\x77\x65\x9e\x51\x57\x28\x89\x0c\x97\x3b\xe8\x7f\x0b\x83\x3c\xa5\xaf\x6b\x4c\x31\x33\xad\x4f\xa4\xf9\x16\x55\xc6\xad\xb5\xb7\x23\x5c\x27\xfe\x34\x82\x84\xf3\xf1\x33\x66\xa6\xa0\x3a\xd2\x2b\x87\xc6\xf5\x58\x4b\xde\xae\xa4\x8c\x70\x32\x5d\x6e\x33\xa4\x75\xf5\x05\x11\x06\x38\x75\x19\x2a\x87\xed\xc3\x88\x08\x9b\x84\x39\x53\x90\xc2\xa3\xad\x89\xa2\x25\x95\xdc\x4a\x71\x5a\x42\xa2\xc0\xef\xde\xf6\x7b\x35\x4b\x34\xfc\x75\xca\x98\xdf\x91\x3e\x75\x9e\x51\xc7\xf6\x25\xdd\xd5\x98\xac\x22\xd4\x21\xde\xcb\x57\xbe\xbd\x54\x22\x0e\xc6\xda\xa5\xec\xe7\x69\xd2\xe0\x1b\xe7\xb6\xbe\xe2\xff\x5a\x0b\x06\xb3\x2d\x6d\xa1\xd7\xbc\x05\x7e\x3a\xbf\xaa\xb2\x42\xa3\xf7\xe6\x64\x6a\x15\x9e\x4f\x50\x5e\x46\x62\x98\x2b\x13\xd0\xcc\x1f\xba\x91\xd1\x03\x09\xa4\x2d\xc1\x08\x7c\xf1\x0d\x36\xe3\x1f\x17\x06\x15\xa0\xac\xb5\x08\xbf\x68\x3e\x2d\xe0\x0c\x87\x64\x0d\x30\x4a\x94\x7b\xc4\x97\x1f\xf3\x61\x9c\x72\xab\xd8\x3c\x7b\x2c\xbb\x34\x64\xc4\x04\x0c\x26\x62\xb5\x85\x08\xb7\x46\x80\xcf\xa6\xde\x06\xe8\xd2\x1e\x3b\xec\x85\x11\x19\x93\x12\x68\x00\x09\x07\x1f\x70\x6b\x7b\x13\x3a\x24\x87\xd5\x74\x5f\xfa\xdd\x5d\xc0\xeb\x2b\x55\x3d\xf4\x40\x78\x7f\x01\x1d\xda\x37\x71\x9f\xa7\x13\x15\xe8\xb2\x91\xef\xd7\x7d\xa3\xba\x14\xfb\x99\x5f\x03\x57\x1a\x3d\xb5\x22\xb6\x3c\x60\xbe\x56\x19\x94\x16\x99\xb3\x92\x22\xb5\x9d\x0f\x23\xe5\xeb\x37\xea\xd4\xb7\xf7\x50\xed\x4a\xbf\x4d\xb8\x7c\x70\xda\x66\x5b\xef\x4d\x7a\x29\x21\xb2\xc9\x98\x97\xf2\x32\x1c\x9b\xe6\x07\x5e\x74\x4c\x82\x28\x63\x9a\xb7\x36\xdb\xeb\x2b\xea\xb4\x40\xc1\x56\xa3\x9a\x2e\xfd\x26\x1d\xb5\x08\x55\xe3\x04\xd9\xcf\xeb\x99\x14\x1c\x61\x35\x58\x10\x9f\x21\x47\x4d\x27\x2a\x2d\x90\x6d\x48\x93\x93\x4a\xff\x8e\x08\xa4\xfc\xee\x96\x4a\x5c\xd0\x07\x32\xfd\x33\xaf\x29\x84\x9c\x8d\xfc\xa6\x59\x79\x42\x18\x57\x18\x5c\xf6\x29\xf8\x68\x07\xa8\x59\x73\xd3\x44\x0a\x6b\xf8\x11\xa5\x8d\x04\x13\x87\x24\x98\x11\xec\x04\x7e\x5e\x8b\x34\x3b\x23\x87\xd0\x18\x1e\x0d\x0b\xd4\x61\xef\x10\xe8\x16\x4a\xae\x35\x7d\x9b\x29\xdc\x0a\xce\x3e\xc6\xd7\x43\xae\x34\x54\xab\x9f\x84\x2a\x28\xd5\x71\x02\x17\xdf\xfe\x50\x34\x4e\x8d\x93\x2f\x18\x01\xb0\xe8\xf9\x66\x19\x8e\xf1\xc9\xcc\x69\x69\xf3\x47\x34\xaa\x6a\x63\xae\xaa\xb4\x33\x9f\x75\xd3\x4f\xfa\x8a\xcb\x93\x7e\xd9\xc7\x30\x92\xa3\x09\xa9\xb8\x4a\x25\x01\x1e\x31\x14\xc2\x65\xe4\xf6\x02\x33\x7e\xb6\x99\xb5\xa2\x2d\x57\x2b\x03\xe4\xda\xd0\x3b\x04\x61\xc0\x0d\xb9\x67\x9b\x72\xfc\x5b\x49\x3e\xf4\x48\x6f\x85\x53\x5d\x81\x3a\x58\x08\x03\x85\xaf\xd4\xe8\xd8\x71\x82\x80\x34\x33\x4b\xfe\x44\x1d\x18\x98\x4e\x4d\xfc\xde\x02\x44\x03\xb5\xae\x66\xcc\x50\xa4\x73\x01\xb5\x7f\x9a\x32\xf7\x40\xbd\xc7\xff\x1d"},
+{{0xd8,0xaa,0x2a,0x0a,0xa5,0x14,0xfd,0x84,0x5f,0x7a,0xa6,0x6b,0x83,0xc0,0xea,0xbb,0x9c,0x16,0x02,0x3a,0xbc,0x16,0x95,0x77,0x34,0x50,0xb2,0xbb,0x33,0x25,0x22,0xf2,},{0xe4,0xe8,0xd6,0xb2,0x98,0x24,0x8c,0x15,0xfe,0x08,0xf8,0x7a,0x3b,0xc6,0x08,0x4b,0xf2,0xd6,0x4d,0x7f,0x1e,0x4b,0x2d,0x51,0x59,0x9e,0x9f,0xad,0x9c,0xc9,0x10,0x92,},{0x14,0x6f,0x65,0xd4,0x3e,0x71,0x55,0x42,0x89,0x4b,0x79,0x00,0xa2,0xf8,0xcd,0x4b,0x17,0xd3,0x87,0x0a,0x61,0x00,0xe3,0x7d,0xe0,0x05,0xb0,0xdb,0x5d,0x81,0x51,0x24,0x6d,0xe4,0xee,0x38,0x42,0xd3,0xeb,0xca,0x20,0xa5,0xda,0x22,0xa3,0x63,0xa7,0x57,0x5e,0x7a,0x55,0x12,0x82,0x95,0xf2,0x72,0x11,0x48,0x4a,0xf5,0x7c,0xd5,0x31,0x09,},"\x08\xde\xb3\xb8\x32\xf5\x2d\x65\x56\xf7\x8c\x3f\x0a\xbe\x46\xf1\xef\xe4\x5e\x3d\x5d\x88\xe7\xf8\xed\xf8\x03\x67\x0c\xe4\x61\x29\x21\x74\x9e\x9e\xce\x63\xfd\xc9\xbe\xf2\xba\x48\x38\x12\xbb\x62\x2b\xe7\x44\xd4\x04\x04\xfd\x6e\x09\xc9\xe1\xcb\x7c\xe1\x9d\xe8\x1a\x9d\xad\xf5\x56\x35\x2e\xe8\x98\x10\xc7\x6a\x9b\x10\x47\xac\x62\xb1\x6e\xbb\x7d\xa2\x3d\xdc\x2d\x4a\xb7\x6a\x02\x05\x61\xd0\x2d\x41\xb5\x8b\x94\x95\x3a\x23\xfa\xaf\xdd\xd7\x81\xb7\xdc\xa7\xb7\xfb\xee\x70\x6e\xc1\x0a\x73\x12\x5b\xf7\x44\x36\x05\x6b\xf3\xb4\xf2\xa0\x70\x1c\xfe\xf0\x5b\xeb\xd3\xdd\x8e\xef\x30\x6c\x1a\xc1\xb0\x09\x50\x88\x1f\xf0\x5a\xb5\xc8\x24\x8a\xd1\x09\x6a\xc9\x1d\x52\x6a\xe5\x9b\xa0\x58\x3b\x27\xdb\x7d\x1e\x39\x0f\x57\xa5\x88\x9e\x27\x99\xa4\xa1\x51\x9b\x15\xd9\x3d\xbf\x0b\x21\xd4\x50\x87\x3c\x76\xba\x52\x04\x61\xe8\xbb\x5c\x83\xc9\x01\x2e\xac\xd5\x57\xbe\xa6\x40\x58\x6e\xfc\xb8\x69\x00\x76\x47\xd4\x49\xf9\x1c\xcd\x52\xaf\xe3\xa8\x94\x77\xde\x7c\x2b\x64\x7e\xcc\x9b\xf9\x67\xfb\xf5\x76\x9d\x74\x88\x94\x47\xd9\x52\x2d\x9e\x80\x69\xc3\x49\x9a\xf6\xa8\xa1\x09\x7a\x95\xd3\xbc\xc5\xf8\x34\x33\x93\x44\x84\x31\x4c\xb3\x07\x58\xb5\x25\xfe\x53\xe9\x07\x21\xdf\x5c\xbe\x03\xd9\x6f\x0d\x0f\x98\x52\x1f\x01\xa5\xfb\xe5\x7c\xe8\x80\x4d\xbd\x18\xf8\xf5\xea\xc8\xf7\xdb\xb5\x8c\x41\x78\x9a\x44\x43\x3f\x8a\x8d\x12\x45\xd2\xad\xda\x8c\x78\xd8\x81\xc6\x5e\xa6\x61\xab\x17\x8d\x4f\xc2\x63\x4c\xd6\xcb\x51\x4a\xb6\xf2\x54\x3e\x91\x12\x18\x3f\x3f\xf7\x3a\x3f\x45\x01\x06\xb0\xee\x8a\x34\x7a\x80\xcb\x82\x4a\xc1\xf8\x01\x64\xe3\xbb\x51\x23\x69\x8d\xe0\xe7\x47\x35\x9c\xa3\x5a\xca\xa3\xba\x0c\x94\x3b\xea\xcd\x7a\x9b\xdf\x8f\xf7\x39\x78\xe9\xfb\x00\x20\x45\xe8\xfe\x56\x48\xcc\x0f\x9c\xfa\x88\xb0\xd8\x12\xe8\x1a\xa6\x2e\x0d\x9c\x73\xfe\x61\x3a\xfd\x95\x39\xbc\xb6\x15\x72\x1f\xb4\x97\xd6\x2f\x65\xc8\x3b\x87\xa6\xd2\x14\x3f\x9b\x1c\x88\x0e\xc8\x67\x1b\xd4\x2c\x8d\xe9\x57\xb1\xa6\x8e\xe4\x92\x26\xff\x71\x7c\xcc\x6e\x74\xf2\xee\xe4\x9c\x30\xde\xa5\x3f\xec\x3c\xd4\xd9\x0f\x2c\xcc\xd8\xf9\x7c\x55\xd5\xc7\x52\x45\x4b\xe2\xba\x7b\x6f\xf2\x03\x0b\xe6\x7e\x0d\xf5\x0c\x5e\x88\x38\x43\xe7\x16\x12\xf2\xb9\x53\x59\x54\x3e\x2b\xa1\xbf\x2e\x98\xde\xbc\xf5\x76\x8f\x2b\xe6\xfd\x50\x4d\x97\x83\xce\x92\x1a\x81\xe0\x94\x16\xdb\xcf\x2b\xb6\x55\xa9\x24\xb1\xef\x01\x12\xd6\x71\xf0\x84\xa5\xb6\x90\xb0\xb6\x4a\x8b\x9b\xf5\x03\x33\xc3\x59\xff\x3f\xef\x19\x96\x94\xf9\xb6\x29\x24\x24\xf0\x06\x66\xce\xf6\xd0\x6d\x16\x1a\x79\xe3\xa1\xb9\xb9\x62\x9e\xea\x53\x50\x5f\x5e\x36\xae\xad\xfe\x0d\x75\x96\x72\xb0\xff\xe4\x98\x39\x7d\x90\xa5\x5d\x99\x44\xb3\x05\x41\xa7\xe1\xbd\xac\x53\x02\x06\x40\x13\x7d\xc2\x52\xae\xf6\x22\xf3\x81\x9d\x36\xab\x49\x8d\x76\x3e\x43\x27\xba\x85\x80\xdd\x9f\x7e\x5f\x47\xc2\x4c\xc9\x92\x87\x34\xb7\xe6\x21\x12\xc5\x7e\x3e\x0c\xfe\xde\xcd\xcb\xac\xcb\x0c\x45\xaf\x82\x19\x45\x5e\xe7\x22\x3c\x71\xe7\xe2\x04\x10\xc5\x24\x4e\xb8\x27\xaf\x2f\x39\x35\xce\x47\x55\x44\x47\x47\xaa\x94\x5f\x4c\x26\xdb\x3a\x29\x85\x19\xe7\x5f\xc6\xba\xce\x91\x52\x99\x72\xe8\x69\x1b\x69\x4d\x30\xaa\x8b\x5e\xc4\xc1\xa0\x28\xd3\xbd\x10\xbd\x0c\x8a\x40\x8f\xb7\xd9\xd7\x03\x49\x55\x53\xec\xea\x59\x8d\x06\x22\xdc\xc7\x4d\xe4\x89\xba\x71\x95\xcd\xae\x8d\x5c\xff\x98\x55\x92\x18\x37\xb5\x28\x43\x3e\xe5\x5c\x0b\x70\x90\x85\x7a\x0c\x27\x84\xd9\x31\x0b\x48\x25\xa7\x99\x3a\xd9\xc6\xf1\x8f\x83\xbc\xa5\xcc\x6a\x25\x04\x71\x68\xa8\x37\x6b\x06\x2e\x3a\x48\xea\x90\xca\xd8\x8e\x33\x11\x87\xc2\xb6\xf2\x81\x42\x6f\x81\xf7\x88\x04\xa8\x95\xc4\xec\x06\xc3\x41\xfe\x84\x6a\xf4\x52\x7e\xa2\x60\x69\xdc\xf6\x1d\x81\x3f\xdd\xf0\xfc\x43\xc7\x07\x35\x0b\xfb\x2f\xc1\xcf\xfc\xee\x7d\x7c\xcd\x7d\x75\xf7\xa4\x65\xa3\xd1\x4d\x57\x30\x2c\x14\x6a\xba\x3e"},
+{{0xde,0x8f,0x1c,0x99,0xe7,0xf8,0x55,0x6d,0xf2,0x0b,0x59,0xb8,0x50,0x4c,0xff,0x7c,0x6c,0x52,0x41,0xa8,0xae,0xeb,0x30,0xb9,0x2e,0xab,0x97,0xbf,0x48,0x1d,0x0f,0xe9,},{0xe4,0x63,0x79,0x1d,0x0f,0x56,0x7e,0xe7,0x3a,0xbb,0xf4,0x7d,0xd5,0x71,0x67,0xa5,0x35,0x61,0x3b,0x05,0xcd,0x48,0xd9,0x2e,0xbc,0x7d,0x24,0xe6,0xeb,0xff,0x95,0x73,},{0x30,0xab,0xc4,0xe4,0xe4,0xb3,0x88,0x58,0x1e,0x66,0x8b,0xd4,0x09,0xee,0x18,0xa6,0xed,0xe8,0x1a,0x13,0x6c,0x28,0xa2,0x92,0x4d,0xf5,0xfc,0x00,0xd7,0xc2,0x80,0xd9,0x78,0x62,0xae,0x3a,0x67,0xa9,0x35,0xce,0x49,0x23,0x64,0x13,0x5e,0x65,0x9a,0xdb,0x5f,0xba,0xbe,0x68,0x98,0x16,0x59,0x1f,0x49,0xac,0x50,0x22,0xa3,0x87,0xcc,0x09,},"\x38\xd9\x3e\x5c\x98\x01\xdb\x90\x17\x97\xec\x75\xc6\xdd\xdc\x65\xae\x79\x80\xde\x21\x0b\xed\x43\xb3\x3e\xb4\x4c\xdc\x6d\xc9\x93\x3f\xb6\xbe\xc7\x42\x1d\xb1\x0f\x0a\x59\x32\x0b\x9e\x64\x2a\x21\xf1\xdd\x23\x56\x01\xfc\xd6\xc5\x3b\xe4\xa8\x77\xf4\xfe\xd3\xfa\x4a\x0a\xd4\xdc\x6e\x9b\x39\x1b\xcf\xa4\x34\x90\x69\x25\xba\x45\xec\xc5\xb4\x35\xd9\xab\x8c\xfa\xfc\x39\x4b\xdc\xca\x9b\x07\xd5\x66\x83\x93\x44\x6e\x34\x00\xe9\x03\x94\x35\xa1\xdc\x78\xcb\xc0\x88\x07\xa3\xfb\x24\xca\x8b\x19\xf6\x4e\xa0\x8b\x8b\xf6\xc2\x0a\x19\x5b\x51\xff\x80\x15\xf3\xe7\xc9\x1d\x08\xe4\xbc\x62\x41\x55\x95\xa5\xa8\x82\xfb\xa6\x51\xdc\x3a\x67\x51\x87\xaf\x61\x82\x49\x74\x7b\x46\x80\xd1\xd1\x5a\x20\x2e\xa9\xdf\x48\xb1\xc2\x14\xfd\x40\x34\x66\xfd\x1a\x26\x5f\x2d\xef\xaf\x8e\xd5\xa6\xbf\x0e\xb0\x8d\x18\x64\xf2\xa2\x8e\x94\x72\x14\x3c\x6f\xd1\x03\xb6\xb1\x08\xc0\xd1\xd1\x36\x3b\x99\xf9\x20\x2d\x11\xf0\x20\x56\xc2\x79\xcc\xa3\x15\xdb\x1a\xb6\xd3\x10\x18\x45\x8f\x57\xba\x33\x16\xcd\x27\x38\xe8\x0c\x49\x2d\x85\x7c\xb1\x74\x99\x25\xe3\x31\xc6\x58\x58\xb5\x09\x83\xcd\x98\x38\xcf\xd2\x18\x8a\x5e\x8f\x05\xb4\x71\xfd\x3c\xdd\xcd\x30\xd9\x69\x01\x19\x40\x20\xf1\x15\xfb\x46\x9a\xb5\x84\x90\x06\xdf\xfa\x2d\x54\x3a\x13\xb3\xb5\x06\xed\x65\xcc\x45\x75\x32\xb8\xaa\x3e\xe3\x1d\x9d\x8d\x9e\x52\x98\xd7\xac\x70\x7a\xc1\x5b\x82\x7a\x57\x8c\x81\xd4\x34\xf8\x4c\xb1\xb5\x61\x20\xd6\x67\xb2\xaf\xe6\xd1\x53\x0a\xfd\xdf\xb9\x66\xd9\x53\xbe\x7e\x32\xdf\x07\xde\x38\x9e\x2d\x04\xb2\x32\xd3\x51\x2c\x7d\xb9\x35\x8f\xc9\x44\xd1\xb1\x18\x07\x8e\x69\x99\xe8\x91\xbb\xfa\x4a\x43\x29\xf6\x5d\x80\x71\x88\xb5\x98\x58\xc4\x31\x21\x1b\x29\x57\x6f\x44\x96\x13\x8b\x7c\x0c\x12\x8f\x7b\xef\x5f\x79\xb0\xf4\x46\xfc\x6b\x4a\x0e\x20\xbc\xa4\xc4\x0a\x83\x57\x1a\x36\x64\x4a\xbf\xfa\xbd\x49\xcb\x58\x5f\xd0\x64\xc8\xe5\x09\xd9\xa0\xfc\xff\x46\x26\x76\xf0\xeb\xcb\x61\xce\xc6\x1e\x51\x2b\xe6\xf1\x82\xab\xd5\x9e\x09\xf6\x42\xaa\x61\x96\x34\x85\x34\x82\xec\xe8\xf8\x98\x00\xf9\xc5\xbc\xfb\x84\x14\x31\xca\x06\x91\xed\x8d\x80\xe0\xa2\xfc\xb7\x97\xa0\x36\x89\x7c\xfb\x65\x37\x58\x6b\x31\xc0\x0b\x79\x65\xef\xdd\xfd\xa7\x28\x61\x84\x50\x26\x45\x91\x57\xf7\x9e\xba\x1b\xca\xf6\xcd\x41\xd6\x18\xae\xb1\xbd\x8d\xa1\xbe\x98\xf0\xcd\xc7\xf2\xe0\x9b\x90\x3d\xe4\x9c\x0c\x1b\xe9\x1d\xcc\x17\x7b\x29\x80\x96\x83\x6d\xce\xa4\xf6\x01\xdd\x86\x69\x15\x55\x12\x83\x25\x43\x8b\xd9\xcc\xbf\xc0\xe7\x77\x92\x0a\xe8\xbb\xd5\x76\x34\xc6\x10\x4f\xe6\x9a\x3a\x72\x01\x2a\x23\x60\xb6\xe5\x52\x55\x0c\xff\xb4\xe2\xf0\xb4\x1f\xe1\x55\x37\xee\x0e\x6f\x37\xe7\x88\x0f\xb4\xd1\x2b\xef\x6c\xad\x26\x6c\xe5\x8d\xf9\x81\x6b\x35\x96\x0c\xd0\xbf\x86\x52\x86\x2e\xe7\x89\xcc\xc3\x1a\x7e\xfc\x21\xa8\x1b\xda\x46\x14\x6b\x11\x1f\xcf\xd9\x4f\x04\x85\x6a\xb6\x1a\x55\x7b\x1f\xf7\xc8\xe4\xea\x6d\x9c\x4b\xcd\xd9\x3b\x15\x1a\xa0\x84\x61\xc5\x68\xde\xfb\x2a\xef\xdf\xce\x96\x39\x4d\xc8\x22\xd4\xef\x6c\xc4\xb9\xa3\xe6\xc3\x32\x03\x9f\x65\x38\xaa\x0d\xf8\xde\x81\x26\xd9\x0c\x31\x2f\xf4\x96\x88\x74\x86\x11\x15\x65\x53\x43\x46\xa7\x46\x26\x25\xd6\x3d\xf6\x9f\xcb\x57\x41\x90\x6f\x19\xe0\x0f\xc8\x00\x3f\x08\xb9\x59\x85\xc3\x8b\x86\x74\xaf\x42\x3c\xa5\x6d\xe5\xf8\x81\xb5\x9c\x46\x62\x43\xa7\xad\xba\xdb\xa2\x9c\xaf\x57\xfa\x77\x71\x22\xe6\x18\x23\xb4\xe7\x08\x18\x2a\xaf\x37\x20\x6d\x7d\x5e\xd0\x51\xc1\x2a\x5c\x0f\x6b\x43\x71\x04\x3f\x56\x2c\xdc\x02\x9d\x5e\x1b\xa9\xb2\xbf\x5f\xfb\xf1\xf5\xf5\x23\xdb\x06\xfe\xca\x42\x7d\xb7\xa0\x88\x19\xff\xb2\xd0\x58\x52\x42\xe2\x0d\xa5\x8e\x32\x0b\x16\xb1\x6e\x44\x8d\x8b\xe0\xef\x74\x02\xd2\x4a\x71\x94\x25\x71\x33\xbd\xc9\x82\x31\x4d\x83\xad\xbc\xd1\x2e\x8a\xf3\x13\x03\x42\x6c\x59\xff\xd8\x26\x9c\xe4\xb9\x87\xca\x9b\x6f\x0f\xfd\xbb\x4d\x1d\x12"},
+{{0x07,0x36,0xf8,0x01,0x72,0x0a,0x94,0x7c,0x5c,0x2f,0x32,0x58,0xce,0x0d,0x51,0x1c,0x3e,0x17,0xe9,0x4e,0x37,0xb3,0x0a,0xdf,0xa5,0x20,0x95,0x92,0x11,0x71,0xd4,0x00,},{0x4f,0x69,0x42,0x55,0x92,0x0d,0x0c,0x38,0xde,0x6e,0x72,0xe1,0x65,0xc3,0x3a,0xee,0x76,0xb1,0xcb,0xf6,0xf4,0x83,0x7a,0xa5,0x90,0x14,0x75,0x66,0x7a,0xcd,0x28,0x26,},{0xc0,0x3c,0x03,0x14,0x85,0x12,0x79,0xed,0xcd,0xe9,0x70,0xc2,0x3e,0xfa,0x23,0x6f,0x23,0x5e,0xda,0x96,0x0d,0x2c,0x27,0xd3,0xca,0x94,0x6f,0x65,0x0c,0x20,0x0b,0x4e,0xba,0x04,0xbe,0x66,0x8f,0xf6,0x2e,0xaf,0xfa,0x6c,0xea,0x35,0x1a,0xbd,0xfc,0x54,0x40,0x1d,0xcc,0xce,0x3d,0xba,0x78,0x00,0x4a,0xec,0x95,0x81,0xa2,0xcc,0xf4,0x0f,},"\x7f\x87\xb5\x1f\x6e\xad\x2d\x44\x02\xa3\xbd\x3c\x37\x69\xa2\x67\xac\x8e\x82\xf7\x79\xad\x7b\x98\x6d\xec\x82\xcb\xfc\x1e\xa5\x12\x91\x88\x43\x26\xd9\x22\x69\x67\xcb\x66\xa9\x68\x73\x18\x4f\x0e\x83\xb3\xab\x25\xa5\xab\x2f\xa8\x05\xfe\x3a\x0e\x7b\x19\x0a\x62\x2d\x46\x1b\x78\x30\xa3\xf6\x97\xc8\x31\xc2\x9e\xa7\xc0\xcd\x4b\x68\xd8\xe7\x7a\xa6\x97\x11\xcf\x86\x4d\xc1\xd5\x39\x4f\x48\x45\xe2\xfb\xb5\x07\x64\x04\xe0\x9a\x88\xb7\x9f\x05\x67\x05\x51\xbc\xe2\xef\x54\x68\xb7\x9d\x57\x88\x8b\x98\x52\xa4\xbb\x47\x9a\x4f\xd0\xbe\xb6\x81\xfd\x52\x3f\xc5\xbf\x44\x58\xab\xbc\x38\xec\xe7\x2e\x10\x6e\x00\x22\x20\x15\xa5\x7e\xbe\xc5\x5b\xf4\x75\x13\xe2\x5c\x3c\x45\x54\x84\x3b\xda\xcb\xcf\xe9\xf1\xb8\xd0\xae\x35\x4e\x48\xd0\x3f\xde\xbd\xf2\x0d\x65\x5b\x52\x68\xd8\xbb\xbf\x33\xb1\x28\x89\x10\xf0\x44\x4f\xcd\x56\xc0\xda\x7b\x89\x03\x36\x2b\x7e\x37\xa8\x64\x65\x42\x77\xcf\xfb\xe6\xc6\x08\x57\xf0\xb3\x51\x4d\x22\xa4\x0b\x9d\xd2\xd3\xfe\x5c\xae\xa5\x50\x7a\x0d\xe3\x05\x1b\xb3\xa4\x01\x5f\xa0\xfe\x4c\x46\x2b\x98\xfe\xf2\x35\x7d\xcf\x6b\x97\xdc\x75\xde\xf3\x82\xf9\x01\xf9\x6f\x4a\x04\xa3\xef\xc6\x02\x54\x20\x0a\x2c\x4c\xdc\x8a\x58\xb2\x5d\x94\xe3\x29\x54\xea\xff\x15\x11\xac\x46\xe3\x60\x66\x63\xb6\x87\x5f\x13\x64\x99\xda\x6a\x76\x90\x97\x87\x9a\x6e\x08\x34\xd5\x64\xfa\x7f\xdb\x99\x58\x11\x83\xed\x0c\x9d\x48\xfd\x19\x5d\x7e\xcd\x9f\x4d\xd4\x86\x55\x65\xfd\x17\xa0\x08\x71\x8d\xcd\x76\xf6\x8a\x54\xe5\x16\xa2\xb7\x30\xed\x3d\xba\x5c\x2c\xf4\x06\x30\xbb\xfe\x7f\xa0\x3b\xb7\xcd\xd9\x67\x69\x54\x95\xa7\xc8\x6e\x2e\x84\xcb\x01\x7e\xc6\x96\x01\x92\x46\x31\x59\x5a\xff\xaa\x8c\xfd\x04\x8d\x14\x26\x7c\x73\xe5\x4c\xfa\x53\x90\x47\xe7\x17\x69\x1e\x39\x97\x37\xfa\x50\xcc\x48\x44\x96\x12\x57\xc9\x3d\x72\x53\xd2\x32\x26\xb7\xcd\x0d\x1b\xd3\x1f\x3f\x0d\x2d\x89\x2d\x07\x3d\x8c\x50\x73\xc6\x02\xf6\x1a\x04\xd6\x43\x7c\x39\x03\xeb\x4a\x64\xa0\x1f\xbc\xc0\xc7\xe1\x59\x20\x1c\xdc\x4a\xa4\x2e\xf3\xb1\xff\x9c\x78\xfc\x27\x5c\xfb\x11\xa0\x5f\xfe\xd8\xf9\xf2\x2d\x85\xba\x92\x4d\x8d\x32\x23\x1c\x25\x4d\x89\x8d\xa7\xf0\x67\x9a\x64\xca\xb8\x40\x26\x90\x6e\x9e\x85\xf9\x5e\xfd\x8e\xe2\xa1\x72\x56\x33\xf4\xde\x2b\xa6\x7d\x99\xaa\x7f\x05\x50\xaf\x13\x9e\x9f\x8c\x52\x93\x78\x67\x27\xd8\x26\x30\x29\x6d\x5d\xaa\x9e\x83\x0a\xa1\xb3\xb5\xb3\x02\xb8\xb6\x62\xac\x83\x2e\x92\x13\x01\x6b\xa4\x93\xa0\x3a\x28\xcc\x3e\x95\x40\xd0\xd6\x5a\xcd\xdb\xfe\x12\x52\xb5\xc1\x6a\x84\xa4\x45\xce\x75\x41\x5c\x6c\xd8\xab\x16\xfe\x5e\xef\x11\x70\x97\xd7\x1e\xb5\x67\x6b\x9a\x95\xb3\x58\x82\xa7\xc3\x50\x6b\xc5\xd0\x2f\x03\x91\x0a\x63\xd4\x68\x46\xb2\x13\xc3\xc9\xbb\x2f\xc3\x4e\x6c\x69\x01\x7d\x20\x65\xa1\xad\x3c\xe3\xfd\x14\xab\x00\x14\xf5\x84\xe5\x7e\xa9\xd9\x03\xe4\x0a\xce\xb2\x30\xa8\x69\x3f\xa2\xe6\x36\x41\xc2\x54\x38\xff\x7a\x16\x38\x76\x04\x38\x84\x4c\xdf\x00\x11\x80\xf5\xb1\x77\xbe\x69\xed\xf7\xef\x66\xb3\x93\x12\x80\x52\x14\xcb\x17\x70\x6c\xef\xe5\x45\xbe\x5a\x77\x01\x9a\x5e\xc5\x2b\xbf\x78\x85\x0f\xa3\xd9\x7d\xe2\xd4\xd7\x4a\xa6\x8b\x58\xca\x81\x2a\x1b\x15\x6a\x0c\x40\x01\x12\x9f\x06\x72\x32\xa6\xec\x91\xa5\xed\x42\x70\xf2\xa4\xc6\xef\xee\xe7\x87\x00\x47\x70\xc8\x59\xe4\x50\xe8\x37\xef\xb0\x4d\xc9\x98\xbd\x27\x3c\x27\xa0\x98\x55\xe4\xec\xa1\xa2\x2a\x9b\x88\xc1\x7b\xdb\xf2\x53\xa7\x97\x61\x07\x0a\x76\x81\x7a\x7f\x74\xff\x3f\x07\xfb\x71\x8b\xff\xa0\xb4\xf3\x26\xf2\x84\xe6\x2f\x83\x68\x32\x42\x7b\xe8\x2f\x48\x33\x73\x51\x5b\x9b\xf5\x9a\xf4\xa7\x6a\x57\xe2\xf4\x0b\x91\x03\x4d\xd5\x68\xec\x14\xac\x10\xe2\x30\x9b\x87\xe2\x92\x2f\x9c\xd9\xfc\x1a\x46\xa4\x7e\xd3\xbc\x7e\x1b\x9f\xeb\x9e\xe0\x67\x07\x3f\xa5\xdc\xe2\xa6\x75\x30\x52\x6d\xe6\x7e\xe0\xe5\x09\x66\x3c\x44\x46\x7e\xeb\x59\x42\x01\x03\xeb\xcd\xff\xa7\x09"},
+{{0xfa,0x75,0x65,0x04,0x91,0x04,0x74,0x28,0xd3,0x63,0xb5,0x82,0x22,0x22,0x12,0x2d,0xff,0xb5,0xa9,0xfd,0xdc,0x60,0x3c,0x33,0xc8,0xa6,0x08,0x61,0x83,0x75,0xdc,0xf3,},{0x98,0xc9,0x64,0x1f,0xa9,0xdf,0xa8,0xea,0x13,0xe0,0xd1,0xc7,0x16,0xb8,0x67,0x9e,0x26,0x4b,0xe1,0x5d,0xd2,0xd4,0xc0,0x6a,0xb4,0x3c,0xbe,0xe4,0x79,0x16,0xee,0x01,},{0x1e,0xff,0xbf,0x92,0x99,0xa1,0xb9,0x35,0x4f,0xe1,0xf1,0xde,0xc1,0x76,0x65,0x95,0xea,0x76,0x7a,0xb8,0xe4,0xda,0x9b,0xb5,0x7b,0x4f,0x69,0xbc,0xbd,0x8c,0xb3,0xd8,0x6f,0x76,0x83,0x92,0xf5,0x9b,0x39,0xfa,0xfa,0x8a,0x21,0x0a,0x65,0x09,0xfe,0x0d,0x60,0x08,0xd6,0x35,0x61,0x11,0xad,0xfb,0x37,0x99,0xc1,0xd5,0x59,0xc2,0x63,0x09,},"\xf5\x4e\x41\xb9\x39\xe3\x7d\xf1\x7c\x7d\x60\x43\xfd\xed\x14\xa9\x15\xd9\x34\xe8\x67\xc3\x45\x26\x9f\xdc\x01\x77\xf5\xbd\x10\xc4\x34\x8f\x31\x9e\x0a\xb9\xa6\x4c\xc0\xb7\xd4\xe0\xc9\x1c\xa9\xaa\xda\xab\x2e\xdc\xba\x54\x4f\x14\xed\x2c\xb5\x39\xca\x89\x75\x09\x7d\x87\x92\x70\x95\xb4\xeb\xd4\x90\x34\x43\x40\x06\x1e\xd9\x3c\x38\x16\x7e\xda\xa0\x96\xa2\x30\xdb\x59\x62\x4c\x67\xfb\x9a\x1e\x1d\xda\xc4\x02\x13\x3f\x4d\x47\xcf\xc1\x1e\x2f\xae\x6b\x3f\x3c\x50\x01\xcb\xa9\xa8\xae\xd9\x00\x73\x10\x32\x40\x22\x7e\x71\x6f\xf7\x1b\xf6\x8a\x59\x1b\xa2\xce\xff\x2d\x31\xb8\x6e\xf2\x1a\xb0\x12\xec\xcd\x40\x9a\xd5\xc2\x9d\x65\x9a\x1b\x37\xc4\xd8\x55\x05\x30\x41\x40\xfb\x2c\x34\x37\xa2\x06\x86\x8b\x13\x52\xc1\x02\xbb\xfa\x3b\x9a\x76\x52\x2a\x2b\xfc\x54\x06\xb2\x57\x69\x6d\xe7\x4e\xe7\xd3\x15\xc8\xe9\x9c\xaa\x96\xbd\x83\x80\x06\xc6\xda\x2a\x42\x33\x31\x5a\x85\x6a\xcb\x8e\x80\xc3\x31\x68\xb3\x33\x55\x1d\x91\xd0\x74\x05\x57\x34\x13\x0b\xd7\xd1\x4c\x56\x81\x1e\xba\xbf\x7d\x5a\x25\x0e\x60\x72\x59\x3d\x9f\x2f\x8b\x97\xc1\x2a\x70\x3c\x2c\x47\x9c\xb0\xb1\x5b\x7a\x27\x75\xc9\xdc\xd2\xca\x46\x24\x67\x23\x68\xa2\xe6\x14\x54\x67\xf3\xbe\x66\x15\xf9\x3b\x81\x20\xa0\xa1\x2d\xa1\x56\x06\x63\xa2\x6a\x61\x73\x19\x66\xb4\x4b\x29\x9e\xbf\xad\x2a\x95\xc6\x23\x60\xf3\x9c\xe0\x5d\x95\x58\xe3\x05\xee\x23\xa5\x2f\xa5\xce\x20\xf6\xbe\x5e\x26\x2a\xff\x3a\x86\x4d\x5d\xda\xbe\x23\xff\x94\x3f\x71\xd5\x99\x84\x93\xd9\x9f\xe2\xac\x23\x74\xb4\x64\xa6\x91\x83\xc3\xbc\x4f\x1d\xdb\x88\x36\x11\x14\x9d\x7d\xdb\xf1\xe8\x38\x0b\x54\x43\x35\xe2\xb8\x93\x95\x05\x4c\x9f\x25\x58\xdf\xc5\x6e\xa9\x3f\xf1\x4d\x0f\x15\xd2\xe0\xbd\x89\x37\xa5\x56\x38\x7d\xe9\x6e\x41\x8d\x8b\x3a\x7d\x66\x6f\xb1\x90\x36\x4b\x2c\x21\x90\xd3\xc2\x5f\x17\x52\xd5\x48\x3d\xcb\xb5\x96\x00\x64\xf0\xc8\x7f\xcf\x8f\x31\x3d\x28\x78\x1c\x11\x4a\x16\x9b\x69\x0a\x87\x01\xc5\x0d\x89\xc7\x73\x24\x53\x1c\x0f\x84\x9d\xba\xd1\x63\x3d\x92\x5a\xcd\x06\xc1\x6a\x9c\xea\x19\xa4\x34\xeb\xc4\x2a\xeb\xb1\xfd\xb9\xb0\xba\xcc\x93\xce\xc3\x99\x19\x94\x36\x64\xea\x1a\x95\x84\x06\xff\x9e\x49\x35\xc9\x2c\xa7\xc3\x97\x08\xf9\xca\xb7\x10\xa5\x83\x09\x6b\x4e\xd9\xf4\x8d\x9e\x09\x06\x47\x24\x0d\x76\xec\xcb\xab\xa5\x91\xf5\x5f\xe7\xe3\x6d\x72\xc2\x17\x27\xac\xba\x0f\x80\x30\x95\x4e\x62\xbc\x58\x0b\x8b\x67\x0c\x44\x57\xc3\x40\x3e\x36\x9a\xc2\x0e\x66\x0d\x66\x2f\x7f\x6a\x41\x42\x13\xea\x43\xf7\xc0\x10\x50\x09\xc1\xde\x81\x7a\xdf\x6f\xfd\x9c\xca\x3b\x45\xa6\x3a\x82\x22\x81\xc6\xe2\x77\x2f\xd7\xb7\x80\x96\x03\x18\x4b\x48\x79\xb1\x8c\x88\x79\x03\xf0\xfc\x8d\x8e\x1e\x2d\xbf\x6e\x77\x2f\x0b\x2d\x9b\x8a\x29\x92\x7a\xcc\x81\x71\x4a\x22\x56\xad\x8d\x7b\x73\x30\x52\x7d\x7d\xbf\x8b\xef\xd8\x2f\x8c\x9b\xb4\x01\xcf\x0a\x90\x24\x9a\x64\xca\x6f\x88\x33\xdb\x31\xbd\x03\xb9\xe7\x94\x6d\x06\xdd\x04\x38\x3d\x7c\x08\x2d\x70\xae\xb3\x7f\xf8\x4c\x2b\x05\x7d\x97\x3b\x89\x4b\x4a\x03\xec\x7b\xf0\x31\xae\xa6\x56\xa1\x90\x84\x88\x89\x4a\x4a\xda\x3f\xd7\xfa\xdf\x91\xed\xe9\x55\x0d\x38\x41\x5f\x82\xa0\x94\x55\xc0\xf4\x32\xfb\x55\x98\x71\x32\xf0\x00\x42\xaf\xd6\x0e\xa5\x1d\x1f\x1c\x6c\x1a\xfe\x0c\xf8\x7c\x34\x6e\x31\xe6\x3e\x26\xf4\x9b\x13\x71\x77\xb2\xd4\x7a\xb3\x0f\x07\xce\xa0\x71\x93\x12\x74\xcf\x01\x08\x36\xd6\x83\xff\xf3\xbe\x71\x34\xc7\x8b\x8b\xfd\x8b\x1b\x8f\xc2\x04\x9e\x18\xcc\xb1\xe1\x8a\x0a\x95\x85\xa7\xd8\xa1\xe2\x54\x92\x60\x86\x68\xc9\x6d\x62\xa0\xac\xa8\xef\x90\xe0\x48\xd2\x03\x78\xc1\x08\xd0\x6b\x03\xfe\x3e\xc4\xad\xb2\x75\x28\xae\x08\xf7\xde\xd9\x48\x78\x93\xae\x64\xca\x4b\x93\x92\x02\xaa\x4c\x17\xaf\xe7\x18\xcd\xca\x49\xff\x96\x16\xd0\xcd\xf8\x33\x4b\x6a\xee\x2d\x6d\x20\x94\x7c\xa4\xbd\x7d\xf5\x31\xdd\x1d\xa9\x95\x81\xff\x72\xea\x56\xfe\x62\xca\xa2\xc9\x5e\x35\x87"},
+{{0xe1,0xc1,0x29,0x46,0xd2,0x21,0xa1,0x94,0xf2,0x2f,0x27,0x62,0xc0,0xe5,0x1c,0xbe,0x3f,0x98,0xb9,0x14,0xa4,0x7d,0x3d,0xc4,0x1a,0x1f,0x45,0xc5,0x43,0x70,0x63,0x7c,},{0x10,0x40,0x81,0x36,0xa6,0x8f,0xc5,0x6c,0x7d,0x3b,0x36,0xb7,0xfe,0xf1,0x22,0x09,0x4d,0xe0,0x81,0x03,0x11,0x89,0xcc,0x84,0xa4,0x88,0x06,0xaa,0xf6,0xcb,0x91,0x85,},{0x8f,0xd7,0xfa,0x40,0x0c,0x03,0x2f,0xcf,0xbc,0x40,0x29,0x42,0xfc,0x78,0x63,0x75,0x26,0xbe,0x97,0xab,0x82,0xf2,0x37,0xbb,0x39,0x3e,0xa3,0x9e,0x35,0x73,0x8c,0x67,0xd7,0x54,0x09,0x54,0x3a,0x8b,0x3c,0x05,0x5f,0x08,0xbf,0x69,0x19,0x9a,0xf6,0x3b,0x69,0x11,0xa4,0x82,0xfb,0x4f,0x65,0x80,0x80,0x2e,0xc9,0xd2,0xdc,0x3c,0x11,0x06,},"\x87\x0f\x4c\xd9\x7c\xfc\x0a\xaf\xad\xa4\x00\x72\x31\x2f\xb5\x4b\xcc\xc0\x76\x28\x71\x4e\x49\x62\xd4\xbe\xf4\xee\xb5\xde\x40\xa1\x9a\x24\x6b\x5b\x7d\x52\xd4\x87\xb7\xe5\x2d\x65\x6f\x2c\x64\x03\xb9\x16\xd0\x2e\x02\xa6\xd2\x91\xc1\xe1\x82\x8d\xd9\x45\xa5\x83\xb4\x38\x52\x8d\x1c\x39\x76\x5a\x57\x20\x31\xff\xa9\x16\xb6\x83\x21\xf3\x2e\x66\x46\xf0\xdc\xc1\xc6\x02\x35\xff\xaa\x32\x35\xf4\x84\xa5\xc4\x97\x8f\xa3\xe6\xbf\x14\x30\x1d\x53\xe1\x2f\x4c\xc5\x21\x18\xb1\xf6\xf0\x7f\x53\x36\xf5\xd0\xa9\x37\x89\xbb\x01\xd1\x62\xfb\x31\x26\xdc\xd7\x56\xe0\x64\x2e\x7e\x69\x89\x63\xc0\x34\x59\x11\xa5\xcf\x3c\x99\x53\xf7\x73\x19\x42\x6c\xea\x2c\xde\xda\x3e\xfe\x98\x9e\xcb\x63\xcb\x9e\xb8\xb9\x20\xde\x76\x6c\x4f\xcf\x63\x36\xe5\xbc\x43\x71\xa0\x68\x37\x1f\xed\x95\xc8\xc2\xb6\x1e\xe9\xb7\xc3\xe3\x83\x1c\x20\xbf\xfe\x87\x07\xc0\xc9\x8b\xe9\x61\x53\xc8\xa8\x73\xd7\xf2\x8a\xfc\xa1\xbf\x71\x08\x5c\xe0\xe3\x89\x9e\xef\x55\x91\xbd\xd6\x66\xdc\x2d\x07\x64\x17\x72\xd7\x45\xc5\x16\x44\xa2\x60\x81\x5b\x20\x8c\x4d\xd3\x05\xf0\x5f\xe4\x63\xd0\xd9\xd5\xa9\xee\xff\x97\x79\xf5\xb1\xd4\x4f\x26\x08\x30\x78\x56\x6d\x0e\x5f\xf5\x6b\x3a\xf0\xe6\x4c\xc3\x87\x08\xaf\x5a\x65\xf6\x54\x35\x2d\xf1\x04\x37\xf1\xdd\xf9\x45\xa0\xda\x1f\x4d\xef\x6a\x71\xa0\x60\xe0\xc4\xad\xec\xca\xac\xf8\x5e\x09\x0f\x70\x90\x37\x0a\xe2\x4e\x52\x38\xd7\x68\xa0\x8f\xe6\xb4\xbb\x5e\xc4\x97\xa6\x60\x31\x98\x60\x84\x15\xc7\xc6\x49\x00\x48\xaa\x36\x73\x7c\x08\x50\x30\x08\xae\xce\x0f\x49\x42\x19\xdd\xf8\x9b\x72\xea\x77\x17\x1c\x6d\x31\x17\x08\x9e\xb8\x89\x07\xe8\xc3\x3f\xb9\xe7\x0b\x0d\xc2\x81\xf6\x64\xb5\xf9\x65\xb5\xd2\xad\xb1\x25\x07\x10\xef\x23\x52\x02\x5f\xb2\x93\x39\x5a\xe1\xd2\x3e\xe3\xb5\x92\xb4\xc5\xf2\xd5\x55\x69\xa5\x45\x86\x54\xce\x3f\xc2\x5d\xd0\xe3\xf7\xe6\x75\x7a\xa7\xb3\x47\xc1\xff\xd3\xba\x4d\x4f\x2c\x4b\x6d\x36\xaf\xd5\x98\x63\xa3\x2a\x59\x4e\x74\x53\x7e\xce\x9b\x8b\x1e\xc2\x69\xbb\xc4\xcb\x54\xd7\x62\x38\x21\x1f\x62\xa9\x8a\x46\xa4\xaf\x66\x2f\xa8\x1e\xba\x6f\x30\xf5\x14\xb8\x66\xb7\x94\x2b\xc1\x73\xf7\x21\x1a\x6c\x01\x4d\xa1\x4e\x74\x13\x27\xa5\x68\x62\x3d\x14\xb8\xf8\x35\xef\x1d\x5d\x62\xb2\x52\x3c\xfe\x6a\x85\xbc\x69\xfa\x05\x20\x0d\xea\xc1\x56\x8b\x94\x6a\x81\x6b\x75\xc5\xd7\x60\x31\x74\xfd\x4e\x2f\x91\x01\xa7\x90\x63\x79\x1b\xc3\xd5\x92\x97\xcd\xc1\x0b\xda\xa6\x63\xab\xf3\xc1\xbe\x2f\xda\x17\xe4\xe5\xce\x39\x4e\x90\xbd\x76\xb1\xf9\xe0\x40\x5f\x56\x75\xb9\x9d\x63\x8a\xbc\x2c\x1b\x2d\x8b\x53\xa6\xfd\x3d\xc8\x37\x58\x55\xec\x54\xcc\xbd\xa2\x4e\x67\x25\x27\x72\x3b\x07\xbb\x59\x9d\xb5\x4e\x38\x79\x33\x91\xcf\x09\xef\x3b\x1f\xd7\x61\x49\x90\x06\x5b\xbd\x4a\x19\xe8\xd3\xd1\x04\x82\x53\xba\x4c\x97\x1c\x2f\x98\xd2\xb3\x59\xdf\x50\x90\x87\x32\x3a\xa6\x90\x50\x29\xf5\xcc\x5e\x1a\x0a\xaf\x2f\x7c\x01\x08\xdd\xb1\xa4\x0f\x56\x2b\xe6\x4e\x57\xe6\x95\xed\x21\xdc\x7d\xb1\x7d\x53\x36\x77\xef\x12\xfc\xbb\xe2\x9f\x3b\x23\x7b\xb6\x34\x4b\x11\x09\xb3\x2a\x94\x62\xab\xc3\xad\x3c\x07\x10\xb0\x4f\x38\xc6\xf5\x95\x2d\xb2\x75\xe7\x7e\x2f\x37\xe9\x5d\x55\x09\x6b\xba\xf3\xe3\x05\xd5\xd7\x43\xd3\x65\x95\xbf\x05\x67\x89\x2c\x21\x0a\xc7\xba\xe7\x37\x1d\x16\x45\x84\x78\x5d\xd8\x90\x17\x41\x59\xb3\x93\x0a\x9a\x6c\xe3\xa1\x66\xdd\xa2\x38\x3e\x6e\x2a\xf2\x8c\x1b\xf3\x19\x24\x47\xe9\x05\x11\xdc\xd8\x0e\xbd\xf9\xee\x2c\x9b\xde\xdd\xee\xb6\x10\x55\x86\x41\x53\x2d\x07\xcd\x13\xda\x61\x25\x41\x54\xcc\x0f\xd9\xd4\x81\xe3\xb0\xa2\x37\xaf\x2e\xc2\x62\x56\xd4\xab\x21\x9f\xaf\x15\xad\x2b\x7e\x8e\x57\xab\x72\x6f\xf2\x72\x32\x16\xa5\x74\x58\x5e\x2a\x63\x9d\x94\x8c\x2c\x4f\x69\xee\xaa\xd2\x83\xe3\xa4\x4f\xf2\x68\xea\xef\xd7\xe6\x6b\x73\xed\xe4\x73\xa8\x39\x7c\x76\xb4\x8d\x56\xcb\x3c\xcd\xab\xc9\x1a\x89\x29\xcf\x42\x99\x83\x50\xe0"},
+{{0x76,0x2f,0x06,0xca,0x01,0xe3,0x14,0x71,0x5f,0x92,0xc9,0x0b,0xbe,0x72,0xa2,0x5b,0xf2,0x62,0x12,0xc8,0x1e,0xb1,0xd1,0xa0,0xda,0xe2,0xc3,0x11,0x30,0xf7,0xcd,0xbb,},{0xf9,0x62,0x6f,0xfd,0x69,0x27,0x31,0x92,0x5e,0x5a,0xac,0xfa,0x1b,0xde,0xd0,0x1a,0xa8,0xf7,0x30,0xb7,0x72,0xd5,0xe4,0x6a,0xdb,0xc3,0x15,0x56,0x5b,0x9b,0xf2,0xc9,},{0xe8,0x42,0xb4,0x9e,0x53,0x3d,0xbc,0x92,0x99,0x8d,0xc0,0x78,0xe5,0x97,0x93,0xa2,0xc2,0xfa,0x63,0x6b,0xdf,0xaf,0xdb,0x48,0x93,0x4c,0x93,0xcf,0x34,0x79,0x71,0x02,0x93,0x8d,0x13,0x7a,0xb7,0xea,0xd1,0xa0,0xf7,0x0e,0x94,0xa6,0x7d,0x57,0xef,0x6a,0x02,0xc9,0xec,0x77,0xd7,0x1f,0x70,0xcc,0x57,0xf1,0x53,0x3b,0xec,0x87,0x73,0x0e,},"\x94\x97\x48\x3a\x4f\xba\x78\x43\x3b\x38\xe9\xde\xb8\x91\x5c\x75\x0b\x6d\xa0\xf7\x8a\xf4\xa6\x8b\x62\xf9\xfc\x03\x91\xe3\x38\x87\x3b\x1d\x64\xb1\xb7\xf0\x9f\x12\xf0\x56\xa3\xc9\x16\x53\x49\x8a\xd5\x6e\x06\x9b\x8b\x16\x08\x87\xe8\xe3\x78\xa7\x6d\x8b\x3c\x66\x70\x83\xc0\xa2\xb2\xd2\x31\x7d\x3b\x87\x48\x57\xe5\x78\x62\xef\x0c\xb7\x04\x36\xa9\x02\x8f\x01\x91\xcc\xc6\x16\xe9\xd7\xc9\xbd\x86\x98\x08\xcf\x09\x48\x35\xff\x51\x86\x77\xb3\xfb\x08\x9f\x4c\x9d\x07\x7c\xc7\x74\x24\x05\xb4\x86\x3a\xc7\xa5\x96\x45\xc9\xcf\x54\x0d\x57\x39\x9d\xa6\xae\x9d\x07\xfd\x19\xfc\xa9\x5b\xc8\xa8\x6d\x8b\x8e\x24\xe4\x87\x33\xf3\x21\x58\xfd\x19\xa8\xa1\x11\x1d\x1d\xa1\xf9\xb5\x80\xa3\x9c\x10\x48\x46\x16\xcf\x2b\xc0\xec\x29\xf6\x3f\x77\xc8\x53\x56\x15\x8e\x16\xda\x59\x4b\x5a\x89\x0e\x55\xd0\xb6\x45\x99\xb3\x02\x93\xe9\x00\xed\x92\xad\x26\x19\x69\xe7\xdf\x4c\x4b\x1d\x0b\x60\x24\xbd\xce\xb6\x90\x67\xef\x48\x6c\x20\xfd\xcd\x22\xa1\x0d\x5d\xa4\x5f\xbf\x90\x5b\xa1\xe9\x35\xc9\x6f\x50\xaf\xb6\x35\x71\xbc\xff\x31\x30\x68\x4e\xda\x0b\x56\xe6\x0b\x26\xcf\x4c\x0e\xf9\x93\x8a\x92\x76\x8f\xc8\x63\x1f\xe3\x08\x23\x6b\x01\x2f\x92\xaf\x24\xa8\xf6\xe6\xec\xbe\x76\x62\x9b\xba\xf8\xff\xe5\x4c\xdb\xe8\x67\x1d\xe2\xba\x62\x4a\x7c\x0f\x61\x93\xbb\xa4\x11\x04\x12\x90\x2b\xac\x29\x90\x92\x2a\x9e\x5a\x81\x05\x3c\xf8\x76\xa4\xc8\x05\xa0\x4c\x56\xa8\x13\x9d\x34\x19\xe4\x54\xa6\x22\xd0\x34\x2b\xf4\x26\xe9\x80\x2c\x3d\xc1\xb4\x08\x0c\x75\x49\x2a\xfe\x9d\x7b\x15\x45\xfe\x08\x6d\x96\x35\x41\x32\x4f\xf5\x2a\x48\xc6\xbf\xae\xa2\x66\x68\xb3\xe0\x1e\x52\x36\xfd\x45\xfe\x54\x59\x45\x35\xc0\xb2\x3e\x28\x7e\xbd\x14\x28\xc8\xbe\x0a\xd1\x41\x60\x0e\x91\xcb\x51\xe1\xea\x66\x27\x1a\x64\x21\xfb\x68\x9e\x88\xa0\x79\x0a\x65\x1d\xbd\x21\xee\x20\x89\xb2\x74\x66\x6f\x66\x0c\xa0\x9c\xe2\xd6\x0e\x39\xe2\xee\x5f\x03\xb6\xeb\x82\xd1\x99\x76\x96\x6e\x79\x90\x0a\x81\x0f\x6d\x5b\x5c\x1a\x54\x8e\x50\x64\xf5\xc3\xd8\xa9\xf2\xde\xf0\x17\x9d\xf9\x9d\x14\x3f\xde\x69\xb0\x71\x2c\x09\x1c\x29\xe9\xb2\x5f\x40\xca\xfd\x57\xa0\x24\x65\x8d\x77\x74\x03\x76\x10\x34\x2f\x38\x00\xfd\x51\xf4\x9e\x79\xa5\xb3\xde\xcc\x11\x2f\x58\xd0\x3e\x3d\x29\x58\x75\x85\x88\xbc\x4b\x1c\x6a\x6c\xda\x7b\xc5\xf5\xbe\x18\x3e\x41\x51\x3c\x1f\x23\x0f\x3c\xc3\x64\x30\x4b\xf8\x24\x84\xb7\xcf\x19\xa0\x02\xe1\x50\xf9\x8c\x5e\x97\xc6\x16\x6e\xa1\x5b\x86\x34\x0b\x8c\x5e\xbe\x5c\x1a\x18\x3e\x55\x88\xe6\x6f\x55\x90\x50\x86\x31\x3f\x37\xa4\x09\xe8\x9b\x47\xdb\x31\xae\x97\x45\x3e\xdf\x69\xfe\xd7\xbe\x08\x11\x30\x71\xf3\x74\xb2\x6e\xc6\x04\x3f\x2a\x0e\x9c\xf8\xba\xd8\x02\xab\xad\x69\xe6\x17\xe7\x62\x43\xb3\xcc\x03\x4b\x09\x9d\x87\x29\xee\x40\x7a\x53\xeb\x03\xbd\xc6\x41\x0a\x03\x95\x04\xb3\xb1\x2c\x81\x9b\x64\x54\x5d\x40\x5c\x6a\x4f\x08\x49\x21\x93\x5b\xdf\xf4\x13\x0a\xe6\x29\xd9\x09\x62\x6b\x06\x26\x76\xe5\x38\xea\xfd\xff\xb1\xd6\x22\x9c\x08\x89\xd3\xcd\xdd\x33\x65\xdc\x3d\x65\x36\xf7\x24\x8c\x49\x31\x7c\xb5\x0c\x56\xfb\x57\x85\x55\x41\xd6\xfe\xeb\xac\x81\x6c\x99\x28\xfa\x66\x2d\x0a\xe8\x0a\x0f\x39\xe5\x70\xbb\x7d\x22\x41\x6f\x98\xf3\x71\xb6\x42\x47\x96\x89\x51\xa8\xa2\x46\xf7\x4b\x30\x61\x74\x3c\x9a\xf7\x68\x4b\xbb\x96\x6a\xe0\xbd\x78\xa8\x10\x49\x3e\xa4\xcc\xd7\x11\x74\x87\x1c\x82\xbb\x65\x2b\x27\x48\xe5\xbc\xcb\x0a\xb6\x38\x8a\x50\xf0\x53\xa0\x48\x08\x7f\xd9\x7e\xb1\x5c\x1a\x21\xb1\xee\x18\x25\xe5\x4a\xa1\x30\xd6\x63\x18\xaa\xf6\x61\xbb\xb2\x47\x63\x57\x7e\xb3\x7d\x31\x0e\x21\x9b\x0a\x9b\xba\x03\x75\xeb\x9c\x9b\x4a\xf8\xc4\xb9\x9a\x36\x99\xe0\xd3\x26\x67\x33\xb6\xe4\xe9\xc5\x34\x49\x0a\x13\x41\xcb\x19\x90\xca\x5b\x1c\x84\x7b\xc8\x12\x60\x26\xfe\xa9\x03\xa1\xf5\x49\xd6\x5a\xf8\xfe\x02\xa9\x16\x3f\xf8\xea\x28\x1e\x72\x26\x24\x3e\x2a\x15\x3b\x92\x18\x51\xde\x10\xf7"},
+{{0xc5,0xcc,0x0b,0x95,0x81,0x8c,0x4b,0xf3,0x8d,0xa1,0xd6,0x5f,0x02,0x16,0x27,0xe9,0xe5,0x7d,0x26,0x2b,0x02,0xec,0x6d,0x91,0x7a,0x7d,0x46,0xb1,0x1c,0x7f,0xe4,0x8a,},{0x45,0x7d,0xa4,0xef,0x14,0x51,0x9d,0x54,0x1e,0xdf,0x92,0xca,0xbe,0xd9,0xb0,0x4d,0x8a,0x2f,0x2a,0xfd,0x15,0x10,0xa9,0x2f,0x00,0x9b,0xb4,0xe8,0x75,0x4f,0x1e,0xba,},{0x3b,0xa0,0xaf,0x8a,0xf1,0x27,0xc4,0x58,0x48,0x26,0x09,0x0e,0xcd,0xaf,0x48,0x5e,0xbd,0xf0,0x7b,0x82,0xbc,0x49,0x9c,0x9a,0x2b,0xef,0xca,0x28,0xd4,0x93,0x44,0x97,0x4a,0xdd,0xbc,0x8d,0x80,0xa5,0x25,0x60,0xe0,0xf3,0xd7,0x3f,0xf5,0xcc,0xcc,0x72,0xc7,0x4b,0x5b,0x47,0xad,0x2e,0x6d,0xe9,0x61,0x2d,0x1a,0x00,0xae,0xc9,0x27,0x01,},"\xd6\x60\x8b\xf5\xac\x00\x0e\xca\xf9\x5f\xc0\x9f\x9c\xb7\x49\x8c\x51\x8a\x6e\x02\x55\x58\x6e\x63\x37\x85\x3b\x1d\x7d\x9d\x7d\xe4\xdf\xe1\x24\x5d\x59\x03\x1a\x31\x7d\x4e\x2b\x6a\x73\xc4\xc3\xf9\x5b\x58\x2e\x72\xa6\x42\x02\x21\x58\x7b\xac\x12\x0f\xb8\xed\x73\x48\x07\x0f\x28\x60\xd8\x58\x66\xa0\x9f\xe7\x56\x74\x34\x97\xf2\x11\x9b\xc1\xbf\xdf\x57\x3b\xe3\x5d\x10\x91\xbe\x37\xf1\x8b\xcd\xa6\x74\x1c\x90\xd5\x66\xcc\x92\x4b\x72\x16\x4b\x74\x9a\xf9\xa6\xf4\x0f\x71\xd3\xea\x5d\x87\x64\xcd\xc8\x17\x14\xbd\x73\x95\xe5\xf6\x79\x97\x36\x36\xef\xf1\xdb\x1c\xf0\x01\x29\x83\xf7\x1a\x2f\x2b\x12\xd4\x5a\x29\x4e\x5a\x38\x9f\x4c\xd2\x48\x3e\xb3\x9d\xa0\xdf\x26\xb7\x36\xc7\xaf\x6e\x41\xdd\x35\xa7\x8e\x45\x29\x2c\x39\x4e\x34\x68\x95\x32\x88\x87\x21\xf8\x63\xc5\x6d\xb9\x7d\xa1\xcd\x10\xa6\x6a\x20\xa6\x70\xb2\x7f\xe8\xce\x55\x68\xa4\x2b\x89\x37\x79\x0c\x7b\xe1\xaa\x42\x0d\x20\x3d\x7a\x88\x5c\x17\x29\xcd\x6b\x8e\x19\x71\x89\xe4\x79\xd5\x42\xcb\xcb\x9b\x53\x65\x6f\x2b\x9f\x53\x9c\x32\x5c\x34\xaa\x59\x8f\xd9\x1e\x7d\xf7\x0f\x9a\x74\xab\xec\x46\x76\x54\xb1\xc9\xa3\xd1\x44\x38\xe7\xc0\x83\x60\x40\xb7\x93\x87\x1e\xcb\xe9\xe5\xf6\x68\x0c\xcc\xcd\x5d\x46\x96\xa8\x7e\x37\xe8\x9e\xab\x28\xb6\xbd\x67\x9e\x8f\xe1\x62\x7b\xdc\x9d\x37\x3b\x82\xf5\x2c\xd8\xc4\x9b\xe9\xba\xcd\xc6\x30\xa3\x2f\xd1\x28\x35\x25\x5a\x54\x2f\xb7\xb1\x23\x93\x77\x9d\x44\x98\xaa\x06\xa0\xe7\xe1\xa4\x97\x79\x39\x81\x7e\xb2\x08\x8a\xf1\xe1\x9b\xb0\xe5\xac\xa8\x54\xc1\x25\xdc\x60\x3d\x83\x57\x36\xa0\x3d\x93\x80\x51\x53\x0c\x9a\xb1\xaa\x3b\xc7\x79\xb3\xba\xe7\x45\x0e\xf5\x7d\x1b\x3f\xc0\x93\xa3\x7d\xbe\x9d\x1b\xd6\xd0\x40\xf2\xf8\xee\xba\x77\xf7\xfa\x88\xc1\x49\xf0\x65\xc7\xac\xe3\x32\x77\xaa\x99\x69\xc2\x66\xea\x6d\x85\xca\xd6\x2c\xfa\xf5\x50\x8e\x70\x32\x71\x6b\xe6\x84\xa2\x28\x56\x41\x3e\x0e\x65\xe4\x2b\x6e\x9e\x6d\x86\x5a\x87\x36\x3c\xbb\x62\xd5\xbb\xb6\xa3\x73\x1d\xdd\xa0\xfa\x6a\xd0\x29\x3a\xf9\x89\x3c\x09\xa9\xe7\x43\x09\x0f\x2c\xee\x2f\x44\x37\x73\x6d\xd4\x33\xe2\xac\x74\x28\xbd\xc8\xc7\x7c\xb9\x96\x43\x55\xfa\x44\x15\xcc\x38\x31\xd8\xc7\xca\x5a\xf9\x3d\x51\x75\x2e\x71\x8c\x60\x66\xec\xa1\x42\x6a\x87\xc2\x98\x08\x28\x1a\x85\xac\x7e\x0b\x40\x44\xff\x6e\x28\x0e\x28\x01\x4b\x93\x83\xd1\x9c\x9d\x38\x7d\x29\xdc\x14\xde\x43\x3d\xa2\x60\x78\x4a\x49\x44\xca\x76\xc2\xfe\x8a\x08\x0d\x09\x96\xd9\xa6\xc2\xa3\xd3\xa7\x07\x72\x80\xed\xce\xe0\x38\x9a\xa8\xe5\x36\x5d\x1d\x9b\x34\x6e\xca\x09\x47\xb0\xff\x52\x65\x94\x3c\xcf\x09\x93\x9a\x4b\x4a\x8f\x98\x5f\x6a\x5e\x72\x72\x3c\x79\x5d\xa0\xbc\x36\x0d\xce\x50\x1f\x67\x3a\xb6\xea\x84\x43\xf1\x29\x42\x79\x52\x45\x3e\xb7\x2b\x3a\x8d\x0d\x97\x6c\x27\x8c\x5b\xd1\xa9\x85\x3c\x91\x8e\x0c\x24\x0c\x3c\x73\x49\x32\x95\x3f\xdb\x50\x39\xfb\xb0\x46\x87\x93\x7c\x9f\xf0\xab\x74\xa1\x6e\xae\x21\x2b\xc6\xf2\x0e\x70\x0a\x77\xc0\x92\xd2\x3d\x2e\xfb\x58\x0e\x0c\x19\xd6\x5f\x30\x41\x29\xab\x8e\x6c\xc1\x2e\x58\x05\x22\x57\xba\x09\x44\x9f\x30\xd3\xd9\x74\x39\x1a\xff\xf5\x63\x3d\xef\x2f\x5c\x4e\xbd\x57\x3a\x9e\x44\x4b\xf3\xa3\xdd\xac\xed\xf0\x2c\x05\xf3\xcc\x2e\x75\x06\x64\xa8\x4a\x1d\x24\xc5\xd2\x8b\x49\x67\x0d\xe8\xa2\xf2\x09\x08\x39\x48\x3c\xa3\x89\x59\x99\x1a\x7d\x37\x27\xe2\x1a\x15\xe8\x20\x16\xc1\x5a\x09\xee\x71\xf4\xf4\x3c\x0a\x60\x8b\x48\x48\x5c\x99\x34\xa3\x86\x14\x79\x4d\x62\x91\xda\xa3\x9c\x01\xc4\x5d\x3d\xeb\xe5\x79\xb5\x82\x3b\xf3\x40\x64\x04\xb4\xc8\x0e\xe6\xff\x34\x2b\x46\xb3\x34\xb0\xb8\x83\xb4\x0b\xfd\x2f\x9a\x53\x59\x5a\xb6\x2f\xd1\x35\x1e\xbc\x88\x30\x83\x70\x49\x72\x18\xdf\xc9\x8c\xe0\x81\x40\x7d\xa8\x12\xa4\x6d\x64\x97\xd7\xaf\x9e\xc6\xd8\x3e\x1c\x60\xee\xb7\x12\xd8\x89\xdf\xbe\xd0\xc8\x05\xaa\x11\xcf\x81\x7d\xd8\xf0\x43\x96\xef\x87\x1a\x26\x11\x2d\xcb\x7c\x0e\x1d\x2e\x68"},
+{{0x61,0xfa,0x86,0x77,0xee,0xda,0xde,0xd6,0x9b,0x16,0x5c,0x8d,0x27,0x7c,0x97,0x82,0x49,0x66,0x30,0x28,0x30,0x1d,0xf6,0x16,0x3e,0x39,0xb0,0x6a,0xc2,0xf5,0x62,0x5f,},{0x87,0x33,0x9e,0xb5,0x72,0x38,0xdb,0x2e,0x4e,0x60,0xf3,0xc2,0x8a,0x3f,0xd5,0xfb,0x61,0x1c,0x65,0xfd,0xdc,0x81,0xee,0xd7,0xcf,0x77,0x71,0xdf,0x34,0xd9,0x22,0x67,},{0xc0,0x4e,0xbd,0x11,0xc3,0xeb,0x09,0x39,0x6f,0xe8,0xd6,0x82,0x79,0x51,0x0a,0x9e,0xfe,0xe3,0x91,0xab,0xee,0x40,0x81,0xf0,0xd2,0x75,0x67,0x4a,0x30,0x47,0x94,0x83,0x5a,0xad,0x7f,0x3e,0x34,0x5b,0xcf,0x0a,0xf8,0x02,0x7f,0x97,0x47,0x7e,0x79,0xe6,0x79,0x2b,0x8f,0x29,0x98,0x46,0xae,0x28,0xcb,0x13,0xbd,0x88,0x75,0x37,0x99,0x0d,},"\x02\xc5\x81\xde\xe0\x3f\x2c\x60\x39\x35\xaf\x5e\xce\xec\xfa\x67\x71\x34\xa3\xe0\xae\xa5\x4f\xec\xaf\x42\x71\xfb\x52\x95\x1a\x27\xb7\x68\x77\xcc\xd4\x9a\xb4\x86\xdf\xc2\x27\xcf\x31\xc9\xd9\x57\xcc\x97\x30\x65\x73\xfc\x7f\xe1\xd3\x1b\x6c\x7d\xf3\xd7\x80\xf3\xa0\x5c\xa6\x39\x56\x57\xa9\x42\x43\x42\xc9\xc6\xb7\x03\x12\x7e\x03\x8d\xf0\x79\x21\x54\xe3\x0a\x49\x47\x61\x12\xcb\x92\xd0\xd5\xa2\xd2\x2e\x89\x57\x52\xa8\x6e\xdd\xdd\x91\x2f\xdc\x81\xb1\xe6\x4a\x7b\xb7\x50\xf0\x99\x18\x21\x32\xee\x48\x23\xfd\xe8\x45\x80\x2a\x94\x45\x39\xd4\x12\xb2\xa8\x1a\x15\xb0\x00\x71\xa9\x50\x50\x4c\x5b\x55\xa7\x1b\xdb\x8c\x5a\x58\x26\x39\xe8\x55\xe8\xbe\x24\x1c\xda\x1b\xa6\xb3\xb4\xf6\x45\x54\xd1\x78\x24\x90\x4c\xb3\x0c\xd7\xef\xd9\xac\x04\x9e\x39\x0b\xb7\x9f\x53\x59\x8e\xf1\xe8\xfc\x27\xdd\x7b\xf5\x99\xc9\x02\x8c\x9e\xbf\x92\xfc\x3b\xe1\x1d\xf3\x29\x61\x2a\x22\x8e\x0f\x56\x84\x68\x7b\xf4\x1f\xf2\x03\xe9\x7a\x76\x86\x12\x6a\x39\x36\x6b\xdc\x26\xd5\x0b\xe0\x25\xd5\x18\x7c\x6b\xa0\x66\x6e\x37\x9b\xe4\xa8\x0a\x9e\x62\xef\xfc\xd9\x16\xd7\xf9\x8d\xe6\x51\xe0\x0b\x97\xad\xf5\xd2\xd5\x3d\xaa\x7f\x8d\x69\x5a\x29\x15\x60\x75\x5c\x74\x44\x82\x36\x4c\x4f\x1f\xa4\x7e\xc0\xb1\xda\x16\x1a\xa3\x88\xf9\x59\x79\x89\xa9\x77\x26\xd3\xed\x2c\xec\x82\xf1\xa1\xbb\xc4\xac\x0b\xe0\xa0\x0c\xb4\xa8\xdb\x1f\xb7\xc1\x4b\xa0\x5d\x89\x63\x48\xdc\x05\x59\xd2\xa9\x0b\xea\xc2\x04\x1d\xd7\x7f\x82\xd6\xb1\x2a\xeb\x22\x43\xca\x0f\x41\x9a\x57\xd3\xca\x9c\x7d\x25\xa3\x0f\xf0\xe8\xbb\x0d\x94\x51\x55\xd1\xb3\x6a\xd1\x07\xb5\x5b\xea\xa9\x5b\x7d\x5e\x32\x00\x34\x07\x62\x9f\x15\x15\xf8\xa7\x08\x9e\x24\x88\xd0\xd7\x54\x4c\x2f\x7c\xc7\xc7\xf0\x98\x5d\xa4\x28\x40\xd4\x36\x8f\xf4\xf0\xfa\x4f\xa2\x98\xe3\xb7\x22\x93\x03\xab\xa5\x14\xae\x94\xe7\x02\x65\x35\xa3\xf4\x26\xff\xbb\x4e\x00\x1c\xd5\x0e\xd1\x2f\x21\x4b\x3a\xbe\xf9\x6e\x30\x16\x35\xc9\x87\xb1\x33\xfc\x5e\x61\x84\xe7\xb7\x57\x2b\xc3\xd9\x9a\x45\x23\xcb\xd5\xaf\xe5\x93\xce\xdf\x4c\x9c\xd0\x2f\xf2\xe3\x62\x37\xe4\xee\x12\xef\x1a\x22\xd1\x6d\x7c\xf4\xc0\x72\xdc\xed\x91\xcd\xd2\x6e\xe1\x44\xcc\x2b\xef\x49\x50\x02\x63\x49\xe9\x44\x47\x84\x08\x1f\xe4\xe0\x49\x8b\xc7\x5f\x72\xe6\x81\x8f\x45\x9b\xba\x90\x49\xc5\x61\x31\x6c\x9f\x49\x8e\x7b\x1a\x99\x4b\x0e\x93\x05\x5f\xe7\x3e\x44\x4c\xbd\xf9\x6a\xc3\x5e\x9c\x4e\x92\xe6\xb4\x9e\x3b\xc0\xe9\x9d\xe1\x71\x6d\xf8\xea\xca\xeb\x8d\x2f\xd7\x48\x70\x04\x4c\xb3\x9c\x0e\x36\x7a\x1f\xe3\x2a\x9b\xb2\x97\x44\x16\x36\x4e\x73\x0d\x52\x48\xdf\xb1\xdf\x16\x4a\x8d\x58\xca\xa1\x00\x5f\xdc\x91\xba\xc2\xbc\x01\xcc\x77\xde\xcc\x14\x89\x3e\xf9\x46\xfb\x3c\x81\xbe\x08\x32\xc7\x2f\xba\x37\x20\x62\xf8\x36\x0f\x4d\x8e\x6d\x5b\x74\x1c\xf7\x03\x2d\x8d\x89\xde\x2e\xdf\x4c\x71\x4a\x29\xf7\x5a\xbd\x8f\x5f\xf4\x3e\xcd\xd4\xb7\xa0\x4d\x7d\xb0\x88\x2d\x16\xe7\x44\x73\xa0\xfb\x79\xdb\x44\x4a\x78\xea\x44\xaa\x26\x31\xb8\xc0\xd7\xb0\x30\x0d\x55\xcb\x6a\xc4\x85\xf2\x4c\x0a\xcc\x64\x77\x47\xc4\x3d\xb3\xb2\xa8\x67\x7b\xaf\x65\x6f\xa7\x35\xa5\x75\xf1\x81\x3f\x36\x68\xa2\xac\xa9\x17\x57\x11\xb5\x25\xeb\x49\x6e\x9e\xf9\x71\x1d\x75\xf5\x90\xc7\xd9\xef\x99\xe0\xf5\x9e\x84\x83\xcb\xf9\xf2\x84\xe3\xf5\xa3\x3e\xe7\x78\x1e\x62\xb8\xb0\x55\x51\x77\x7e\xfe\x0f\xbf\xd1\x9e\x54\xb6\xbb\xd1\x42\x94\x4b\xc2\x95\x9a\x82\xeb\xd2\x95\xd2\x3d\x34\x43\xb6\xce\x65\x8c\x2d\x57\x9a\x76\x37\xb5\x49\x52\x04\x91\x90\x8e\x34\x28\x2e\xc2\x71\x69\x72\xe6\xf0\x35\x39\x29\x54\x7e\xf1\x53\x7a\xec\xc9\x6b\x2d\xf6\x16\x14\x85\x99\xb0\x9d\x9b\x81\x39\x4a\x13\xfe\x7d\xb8\x67\x60\xb1\xe2\xa0\x60\xef\xd4\x84\xe8\x18\x99\x39\xeb\xdf\x6f\x21\x64\x0d\x89\xd8\xe7\x36\xde\xe0\x82\xad\x72\xa0\x18\x4a\xde\xdd\x8d\xf2\x14\x74\xc9\xf5\x26\xbc\xfd\xf7\xe8\x56\x58\x19\x4b\xb6\xd9\x42\xe7\xf3\xfe\x96\xc2\x3f"},
+{{0x70,0x48,0xc6,0x52,0x1a,0xef,0xaf,0xa4,0xea,0xc6,0xd6,0xc3,0xa7,0x02,0xb9,0x52,0x54,0x80,0xa6,0x64,0x82,0xe4,0x96,0x98,0x96,0x75,0x7f,0x2c,0xd1,0xac,0x7d,0x5b,},{0xed,0x93,0x11,0x3c,0x16,0x43,0xa5,0x3a,0xa0,0x64,0xca,0xa6,0x31,0xce,0xb6,0xe2,0x0f,0x6d,0x6e,0xc2,0xfc,0x6c,0x07,0x11,0xcb,0x8a,0x1f,0xe7,0x31,0x39,0xaf,0x93,},{0x7c,0x45,0x70,0x3e,0xd3,0x94,0x2e,0x44,0x04,0x1c,0x7f,0xa1,0x85,0x8a,0xa5,0xf1,0xdc,0x38,0x1f,0x49,0x3a,0x45,0x2d,0xfb,0x52,0x70,0x80,0x17,0x89,0x8f,0x71,0x0e,0x31,0x11,0x8e,0x33,0x1f,0x00,0xaa,0x64,0xcb,0x73,0x88,0x36,0x68,0x2b,0x7d,0x17,0x7e,0x97,0x95,0x5c,0x00,0x31,0x9a,0xbd,0x79,0xa4,0x9e,0x0f,0xcd,0x16,0xfe,0x00,},"\x53\xf7\x4c\x72\x4d\xb1\x57\x8a\x1a\x29\x6a\x7c\xca\xc9\x04\xa2\x50\x4d\xd9\x00\x53\x89\xb4\xf8\xd4\xea\x4b\x63\x07\x29\x8f\xc6\xdc\xce\x98\xa6\xbc\x07\x28\x0d\x20\x36\x4e\x40\x5a\x46\x7e\x73\x65\x78\x96\x52\x69\xc8\x14\x61\xd6\x1f\xc6\xb7\xe4\xba\xd6\x8d\x2b\x6d\xd0\x00\x58\x50\x10\x5f\x0a\x67\xbb\xc6\xee\x22\x3e\xc1\x75\x4a\xf4\xe3\xb9\xaf\xa5\x06\x2d\x1c\x18\x61\x04\x8f\x18\x5b\x12\x8f\x1a\x5c\x0f\xb2\x5c\x39\x19\xb4\x83\x3e\x29\xe2\x02\xbc\x94\x1a\x90\x5e\x63\xc2\xc0\x5b\x10\x14\x64\x7b\xd7\xed\xe5\xbe\x9f\x99\x66\x15\x18\x7a\x3d\x3b\xb2\xc7\xdc\x4c\x28\xf7\x05\x3d\xef\x9b\x28\xb2\x9e\x23\x31\xf1\x62\x96\xdc\xe8\xf1\xed\xe4\x84\xca\xec\x99\x67\x02\xbd\x99\x02\xe5\x26\x84\xc8\x12\xc8\x74\x40\xf6\x9b\xd1\x41\xc7\xe0\x0c\x69\x47\xd1\xfc\x7c\x3b\xdc\x0b\xc5\x50\x6b\x6e\xa4\x62\xe6\x5f\x9e\x74\x3b\x72\xc0\x07\xdd\xc7\xa3\x77\x49\x37\x77\xd4\xeb\x12\x62\x0c\xa6\xc0\x19\xc8\xbf\xc4\xc2\x9e\xc8\xaf\x38\x2f\xc3\xea\xc8\x41\x02\x1a\x74\xe4\x67\x4b\xa3\xe4\x3e\x5d\x7b\x41\xe3\xfe\xeb\x17\xda\x00\xa7\xce\x45\x5a\x1c\xec\x70\xb0\xbe\x6e\x56\xf8\x5f\xc3\x7f\x64\xcf\x07\x33\xb7\xe3\x12\x41\xde\x64\x1a\x8a\x8e\x5b\x91\x89\x7b\xc1\x58\xfe\x93\xd1\x02\xc0\x1d\x1f\x5e\x16\x6d\x40\x81\x65\xfe\x3f\xcb\x13\xd5\x30\x45\x90\xab\x8e\xf0\xdc\x8d\x5a\x8c\x1d\x8a\x93\xfc\xeb\x85\x4f\xc1\xfa\x36\xd0\xcc\x48\x0c\xf8\x51\x2d\x80\xbe\xe6\x9b\x06\x50\xa9\x57\xda\xed\x28\x3c\xd7\x63\x81\x55\xed\x77\x30\x86\xe8\x6a\x8f\xfb\x19\x8a\xcc\x74\x23\xb5\xd1\xa6\x09\xa1\x75\xa5\x6b\x94\xc9\x6b\x73\x18\x51\xb9\x3a\x94\x97\x71\x01\xe2\x55\xf1\xce\x92\xe2\x32\xa0\x5e\x2e\x33\x87\xfc\xb4\xdc\x13\xa3\x1b\xee\x6e\xe2\x55\x07\x32\x2c\x73\xc9\x88\x30\x80\xa7\x4c\x00\xf8\x03\xa9\x98\xdd\x53\x0a\x79\x12\x6b\xb1\x44\xed\x55\x74\xc4\xb2\x31\x80\xe3\x4e\x09\x92\x83\xb4\xbb\x1d\x28\x82\x2f\xce\x37\x17\x04\x6f\xf3\x2e\xf9\xe2\xcd\xf9\x67\xe3\x18\xea\x72\x6a\x2a\xee\xc5\x78\x06\x64\x3a\xd4\x80\x1d\x3e\x0d\xa5\x2a\x1d\x77\xbf\x04\x3f\x5a\xe9\xf3\xae\xa9\xe4\xbc\x4f\xa7\x95\xd0\x84\x01\x08\x5c\xa9\x4c\xfc\x4c\xe7\x19\xda\xbc\x7b\x23\x90\xd0\x3d\x29\x4a\x65\xb7\xaf\x9b\xc3\x90\x72\x28\x5b\x77\x7b\x2f\x13\x3d\xc1\x1a\x70\xc0\xa9\xf0\x60\xe1\x04\x41\xf4\x02\x16\xac\xb6\x41\x63\x7a\x2e\xad\xf1\xf7\xb8\xd2\x62\xfe\xc1\xb4\xd0\xf0\xf4\xfa\xa9\x3f\x3f\x73\x2c\xac\x38\x2d\x8a\xc4\x2e\x17\x8e\x22\x44\x99\x9d\x76\x4a\x9d\x0e\x98\x17\x14\x68\x6e\xb4\x92\x44\x97\xe5\x6b\x50\x15\x7e\x99\x39\x03\x2c\x9f\x88\xeb\x65\x7c\xfd\xe4\x4a\xd3\x47\x14\xaf\x4a\x51\x32\x4e\x5e\x77\xd0\xde\xea\x99\xc9\xf2\x44\xd2\xe0\x9e\xa4\x25\x82\x0a\x74\x6d\x88\x3a\x0c\xf4\xb7\x05\xc2\x9d\xf8\xc0\x37\x44\x81\x54\xdc\x08\xa4\xd4\x33\x74\x05\xfb\x87\x65\x82\x31\x14\x37\x0b\x37\xed\x86\x08\x6e\xc5\xf8\xbd\x6c\x72\xab\xf1\x3f\x51\x84\x30\x71\x0f\x59\x7b\x06\x10\x8f\x65\xb3\x0a\x48\x34\x96\xe2\xed\x81\xda\xb1\x0f\xee\x94\x7f\xe0\x4b\x54\x85\xf2\xe3\x07\x40\x49\xd2\x22\x84\x26\x66\x51\xad\x10\xdd\x08\x6a\xaa\x5d\x45\x2e\x0d\x1a\x61\x12\x9d\x1e\x77\xc6\x63\xc2\x6d\x08\x89\x62\xb5\x54\x56\x45\xb7\xa1\xa8\x71\x3d\x51\x32\x7a\x7a\x35\x9b\x12\xda\xad\xb8\x5a\x2c\xd4\xb5\x41\x0d\x5c\x20\x26\x7f\xa7\x66\xb8\xc4\x2a\x84\xdc\x42\x66\x45\x88\x87\x9b\x3e\xae\xfd\x4c\xc8\xdc\x69\x3f\x98\xac\x20\x56\x09\xe5\x70\x66\x5b\x01\xea\x46\x55\xe3\x94\x29\xa7\xa7\xe5\x42\xef\xb4\xf7\x89\x0d\xbf\x4e\x34\xc6\xcf\xf0\x7e\x4d\x35\xbd\x3e\xee\xdf\x5b\x46\x28\x0f\x4a\x0d\xa0\xc2\xe7\x3c\x94\xea\x81\xcf\xea\xe7\xf9\xbd\x04\xfe\x2d\x45\x97\x65\x00\xf7\xdc\xac\xb0\xdf\x2a\x5d\xc7\x36\xa8\x23\x67\x1d\xb6\x79\xbe\x66\xcb\x33\xc1\x62\xfd\x2c\x74\xae\x71\xfb\xf4\xd2\xb0\x5a\xf0\x42\xb3\xa9\x77\xf5\xb9\x44\xb9\xfd\xb6\xc3\x44\x24\x42\x1b\xcf\x4f\x62\x23\x76\x84\x28\xfa\x14\x0f\xd4"},
+{{0x3e,0x63,0x73,0xb2,0x65,0xb9,0x67,0x89,0x00,0x7a,0xd2,0xa1,0x0c,0x30,0x9a,0x56,0x76,0x38,0xf2,0x55,0x87,0xd7,0x7e,0x28,0xb0,0x82,0x3a,0x4f,0x17,0x9a,0xe4,0xfe,},{0xa3,0x23,0x4e,0x5d,0x13,0xb0,0x34,0x72,0x16,0x50,0x36,0x40,0x4f,0x6d,0xe8,0x0e,0x70,0x28,0x39,0x50,0x0f,0x13,0xd9,0xc9,0x85,0xa0,0x77,0xd4,0x5c,0x69,0xff,0x45,},{0xf5,0x1e,0x0f,0x87,0x8a,0x5a,0x70,0x96,0x47,0xe8,0x5f,0xea,0x83,0x9f,0xd5,0x66,0xe6,0xf3,0x5c,0x8a,0x61,0x85,0xd0,0xc9,0xeb,0x13,0xe0,0xd5,0xb9,0xe6,0xe8,0xaa,0x95,0xc3,0x33,0xa8,0xf5,0x06,0x32,0xa4,0xd6,0x65,0x7b,0x51,0x8c,0xe4,0xcf,0xde,0x40,0xb8,0xf5,0xa0,0x5b,0x2d,0x9f,0x84,0x41,0xfc,0xc9,0xd2,0xd6,0x92,0xd5,0x09,},"\xb9\xd0\x68\xbb\xca\xe7\x72\x2f\x82\x8b\x0f\x8c\x98\xa7\x38\xe3\x6a\x7d\xf4\xc9\x97\xc7\x24\xba\x27\x53\x1a\xf3\x4a\x2f\x10\x6c\x75\x13\xa4\x4a\x46\x1a\x9a\xa4\x30\x9b\xc1\x5c\x4e\x0d\x42\x75\x91\x93\xea\x1c\xde\xa9\x56\xbb\x81\x59\x85\xf5\x78\x67\x14\x5e\x9e\x2c\x75\x85\xfc\x8d\x61\x02\x7e\x47\xd2\xd7\x35\xe2\x44\x8a\xf3\x78\x29\x09\x40\x4e\xde\xaa\xc0\xfd\x73\xf6\x04\x5d\xcd\xb0\x4f\x03\x77\x75\x8f\x02\x20\x4a\xae\x3a\x72\x20\x31\x1c\x0f\x47\x23\x58\x27\x10\xcc\x44\x0c\x36\xc9\x58\x7b\x5c\x9e\xbc\x40\x63\xfe\xa8\xca\x3f\x43\x19\x58\x94\xf7\x9a\x36\x50\x87\x13\x72\x82\x30\x2d\xbf\x2e\x7a\x0d\x41\x1a\xb5\x8b\x70\x26\xcc\xde\x19\x88\x69\xaa\x73\x43\x34\xc0\x52\x38\xe2\x75\xe3\xc3\xab\x21\x70\x83\x49\x57\x69\xe2\xfa\xd3\x74\x05\x14\x52\xd7\xf5\xb1\xdb\x0e\x78\x58\x36\xd4\xbd\x5e\x29\x78\xa3\xe9\x91\xaf\x0f\xf7\x16\xf4\x38\x89\xa0\x7f\x5d\xf2\x99\x60\x36\x21\xc3\x9e\x2c\xde\xe0\x89\x98\x5d\x9e\x6b\xf7\xb2\xfb\xd0\x23\x73\xae\x1b\x5e\x9b\x88\xf5\xb5\x4a\x07\x6e\x67\x6d\x77\x90\xbf\xc8\xf5\x7d\xcc\x59\xef\x52\x85\x0c\xe9\x92\xa7\x3b\xa7\xbc\x99\x1d\xeb\x4d\xde\x5e\xb0\xb2\x16\x70\xb1\xb3\xd4\xb6\x4f\x36\xcc\xa8\xe3\x07\x09\x85\x68\x49\x7d\x89\x16\xf6\xb5\xd0\xe9\xe8\x9f\x99\xf8\x60\x06\xf3\x9b\xd3\xa8\x10\x76\x9c\x8f\x78\x01\x77\x3c\x96\x38\xab\xcf\x5e\x27\x11\xb1\x9d\x11\x67\x59\x3a\xcb\xe8\x5e\x41\x61\x42\x89\x97\xa2\x19\x4d\xc5\xe7\xb7\x64\x0f\x0d\x2c\x1e\xb2\x05\x55\x3b\xe9\x16\x7f\xfb\xc2\x2b\x7c\x2e\x76\x98\xf3\xaf\xa1\x07\x54\xcb\x44\xd4\xb1\xd4\x5b\x83\x73\x03\xb1\x66\x90\x73\x41\x5a\x22\x60\x6b\x50\xf2\x1f\x82\x65\xe1\x39\xf2\x30\x5a\xc0\xe0\x12\x7a\xe0\x56\xce\x8a\xbe\xab\xa2\x0e\x1d\x26\x9a\x2b\x2e\x89\x9c\x49\x54\x72\x68\xa0\x69\x6a\xe4\x50\xdc\x02\x67\xf7\xf6\x3a\x8e\xdf\x07\x4c\x47\xd3\xc2\xdb\x1d\xa3\x63\x93\x73\x73\x04\xe6\xdd\x4f\xac\xcd\xb6\xab\x55\xe5\xf8\x52\x0c\x3d\xff\x5f\x6b\xea\xc3\x0b\xa8\x5b\x86\x08\x23\x51\xe3\xde\xd8\x40\x0a\xa5\x7f\x65\x0c\x0c\x33\x03\x6d\x65\xb3\x9b\x7d\x2f\xb6\x11\x28\x63\xd5\x9b\x72\x55\x82\x42\xe8\xb0\x45\xad\xdd\x35\x7d\xe6\xfd\x37\xa8\xf6\x61\x17\x65\xc9\xb5\xff\x19\xcc\x4d\xb7\xe1\x17\xc6\x5a\x00\x45\x89\x08\xb0\x24\x5d\x04\xf7\x90\x8f\xc7\x3b\x16\x5d\xff\x6e\x4b\xe4\xb4\x20\x32\xd8\xcf\xd7\xd6\xf7\x77\x2c\x1b\xfe\x72\x1d\x4b\xcf\xe2\xfc\x52\x79\x98\xf3\x4f\xb4\x41\x8a\x1f\xae\x1e\x6c\x37\x67\xc4\xd0\x78\x06\x21\xf9\x23\xda\x1f\x0a\x0d\x3d\x21\x9c\x03\x6a\xcf\xd3\x70\x9d\xad\x4c\xf2\x4d\x90\xbc\x69\x1d\x70\x0e\x6a\x9c\x80\xcc\xfd\x10\xbd\xe8\xe7\x91\xc0\xfe\xa8\x28\x80\xc0\x7b\xaa\xaa\x31\x1e\xef\x79\x24\x07\x84\xf6\x28\xa7\xd2\xa0\x91\x84\xe0\x16\xf8\x10\x08\xe7\x74\x29\xa8\x65\x8b\x15\x3e\x44\xe7\x9a\x98\xad\x24\x8f\x7f\xda\x23\xb5\x90\xd6\x46\xd7\xc1\xd8\x41\xf4\x92\x7d\x6e\x8b\xc7\x32\x14\xd1\x0a\x7f\x3c\x29\xc8\xf8\x39\xa8\x90\x8d\x20\xa7\x4e\x82\x7a\xf4\x67\xac\x5a\xbf\x0f\x1d\x0e\xd3\x9c\xdd\xd9\x69\xdd\xe9\xee\xb4\xa4\xb7\x52\x7a\xb3\xe2\x47\x5a\x19\x5e\x24\x47\x4a\x4e\x36\xb0\x90\x52\xe2\xda\xd4\xa5\xeb\x46\x91\xe2\x63\xb8\xc6\x1b\xbd\xe8\x77\x72\x20\x7e\x01\x1c\x4c\x1e\x14\x23\x5f\xb2\x4e\x4d\xa4\x38\x87\x5d\x18\x53\x0f\xef\x90\x26\x19\xdd\x48\x5d\x77\xb5\x45\xab\xb5\x6b\x69\xc7\x55\xaf\xe7\x58\x60\x69\x71\xab\x97\xdd\x3a\xce\x1c\x1a\x34\xa3\x37\x94\xc8\x15\x6d\xa7\x99\xe8\x22\x4d\x88\x5e\x18\x68\xf9\xcb\x46\x6d\x80\x2c\x82\x7c\xc3\xe1\xec\xd0\xae\x6e\x0b\x01\xf8\xf7\x91\xb1\x22\x08\xfc\xc0\xfe\xd3\x85\xb7\x96\xeb\x2f\x29\x08\xb5\x8d\x30\xb3\x73\x3f\x14\x70\xf2\xe2\xef\x12\xad\x43\xfe\xb7\x2d\x08\x16\xde\x3c\x13\xa8\xb5\xa5\x23\xe1\x4c\xdf\x5f\xf3\x72\x0b\xf8\x77\x69\xcd\xe7\x49\x5d\x22\x6b\xf3\x82\x38\xa8\x25\xf7\x5a\x09\xf6\xbb\x9a\xfc\xe5\x16\xa7\xbc\x70\x11\x43\x70\xbb\xc4\x0f\x17\xc7\xbc"},
+{{0xf5,0xe8,0x59,0x7e,0xac,0x0e,0xbf,0xa9,0xd3,0x85,0xde,0x85,0xa1,0xfb,0xaa,0x35,0x14,0x63,0x95,0xb1,0x34,0x57,0xb5,0xb1,0x4d,0x36,0x70,0xda,0xca,0x69,0x05,0xe7,},{0xce,0x93,0xe6,0x42,0xc2,0xf1,0x50,0x84,0xbc,0x83,0xba,0xfd,0xaa,0x19,0x67,0x63,0xde,0x2a,0x3c,0x51,0x3b,0x0e,0x44,0xf6,0x8d,0xdb,0xde,0x37,0x85,0x14,0xc4,0x41,},{0x57,0x65,0x43,0xfc,0x21,0xab,0x0a,0x7c,0x5f,0x63,0xb1,0xcf,0xf0,0x1b,0xf8,0x45,0xdf,0x91,0x79,0x2e,0x7a,0x97,0x50,0xc5,0x50,0x8b,0x51,0x66,0x5e,0x7f,0x89,0xf1,0x7c,0x6e,0xc3,0x35,0x5a,0x0a,0xed,0x87,0xdb,0x8c,0x77,0xbd,0xb2,0x71,0xfb,0xed,0xc7,0x14,0xff,0xad,0xb7,0x8b,0x5e,0x0f,0x97,0x81,0x16,0x77,0x1b,0xa7,0xcf,0x0b,},"\x27\x33\x41\xf2\x19\xff\x5c\xf3\x81\xc7\x7b\x2d\xd2\x26\xc5\x8f\x8f\x33\xc4\x52\x70\x48\xcb\x00\x6a\xff\xef\x8c\xee\x15\x1e\x30\x0e\xfe\xf6\x29\xfe\xd2\x1b\x70\x45\x1f\x72\x92\x92\x62\x7d\x1f\x3f\x1b\x52\x57\x35\x9e\xe5\xa6\x71\xcf\x62\xae\x57\x32\x49\x40\xf2\xd0\xb1\x5a\xac\x76\xff\x39\x82\x20\xc0\x80\x24\xe2\x9a\x8c\xf3\x65\x04\xe1\x2a\x4e\x96\x43\x8f\x42\xc3\xda\x0c\x00\x05\x41\xbc\x11\xf0\x91\x38\x1b\x0b\x72\xb5\x8a\x92\x08\x3f\x44\x6e\xca\x19\x91\x99\x68\x78\xde\x35\x08\x1c\xc4\xab\x90\x95\x8c\x96\xcf\x5c\x99\x79\x6c\xba\x79\x51\xee\x18\x6f\x26\x52\x7a\xed\xe6\x9d\xb3\x04\xce\x29\x41\xba\x15\xcc\x00\xba\x2f\x14\x11\xf2\x08\xda\xd4\x5e\x87\xbc\xf6\x38\x79\x2d\xe0\xa6\x86\x24\xb6\x67\x29\x7c\x27\xa3\x43\xdb\x4b\xaf\x34\xa0\x22\x8e\xaf\x0d\x10\x22\x00\x9b\x5d\x06\x8b\x25\x34\xd9\x20\x30\x2e\x71\x31\x0f\xeb\xf0\xdf\x1b\xb0\x2c\x2e\xf0\xad\x1a\xe1\x49\xde\xad\xf8\xc1\x84\x37\x3c\x0f\x7e\xb6\xb2\x56\x95\xbe\x82\xd1\x2c\x71\xb6\xc8\x32\x67\xd9\xa2\x33\x66\x7e\x77\xbc\x20\x59\x83\xf8\xb8\xd8\x77\xd8\x5a\xea\xd3\xf6\x0e\x82\x0f\xfc\xb1\x7a\xdd\xdd\x92\xa7\x71\x2b\xbe\xb3\x4e\xe7\x19\x66\xda\xfd\x99\x07\xd1\x93\xdd\x9d\x72\x5a\x31\xa6\x13\xd2\x9e\x32\xbe\x72\x13\x28\x08\x92\x6d\x94\x37\x47\x7f\xee\x25\xed\xa6\x10\xae\xb1\xdc\xe1\x2e\xa3\x16\xc6\xae\xc6\x68\x9e\x50\x1c\x55\x19\x23\x82\x5a\x34\xb4\x2c\x4f\x06\x75\xb8\x6a\xb2\x6a\xde\xea\x2e\x60\xda\xe6\xc6\xd1\xcd\xd0\xcb\x3c\x34\x7b\x16\x38\x40\x39\xa8\xe3\xfd\x60\x87\x38\x13\x87\xcb\x4b\xc7\x2d\xdb\x5f\x25\xb3\x74\x85\x9b\x02\xe5\xbb\x1b\xa0\x6d\x3c\xc6\x9e\xc4\x4c\xec\x4b\x98\x5c\x84\x76\xe3\x50\x32\xe9\x9a\xbf\x00\x1a\x1d\x44\xdd\xc6\xe2\x88\x9c\x3c\x2c\x3e\xca\xce\xd6\x09\xb2\xb2\x68\x0e\x00\xb1\xef\xa7\xe9\xd2\x6d\x62\xf2\xb3\xab\x36\xf9\x21\x04\x47\x90\xab\xbd\x49\x36\x07\x56\xdc\xff\xcc\xf2\x30\xf6\x6d\xbb\x70\x1a\xa1\x64\xda\xd6\x06\x9a\xa2\xb8\xb3\x30\x9f\x2f\xe4\x4d\x5e\x0b\x25\xbd\x55\x64\x31\xf0\xdf\x4c\x2e\xa9\x7a\xe7\x9e\xd4\xa5\x75\x78\xd6\x6f\xc6\x93\x9c\x57\x62\x8a\x90\xca\xc9\x7a\xdf\xa8\x70\x2a\x4a\x1c\x89\x65\xba\x1a\x90\x26\x25\x67\x28\x66\x64\x00\x30\x03\x53\x3c\xc9\x31\x4c\xaf\x7d\x3b\x98\x2e\x0a\x43\x2f\xf5\xaa\x4e\xd5\x74\x19\x83\xd9\xb5\x43\x23\xac\x7e\x29\x9b\x2b\x49\x56\xc1\xa2\xc1\x91\x55\x7b\x27\xd8\x6b\xe7\x14\xb5\xb6\x8f\xcb\x1d\x41\xf7\x8c\xa5\xdd\xb6\xb5\x3b\x3d\xfc\x8e\x7d\x6b\x3c\x3d\xb0\x59\xaf\x9f\x2d\xd7\x65\xef\x04\xb6\xd1\x6e\x67\x37\xc7\x27\xaa\x11\xf3\xdf\x37\x74\xa3\xfc\x96\x18\x2e\x28\x2a\xcc\x3d\x23\x3e\xea\xbf\x8c\x72\xd3\xf2\x46\xae\x18\x45\x05\x28\x8f\xef\x39\xb3\x67\x66\xb1\x0d\xd1\xbf\xbf\xbf\xa7\x0f\x97\xb3\xc9\x01\x72\x6d\x1e\x0d\x0a\x83\x7d\x11\xf0\x12\x3a\x34\xab\xad\x1a\x79\xaa\xbe\x80\xb1\x25\xb1\x28\xee\x16\x0b\x51\x18\x48\xf7\xf0\x4c\x49\xc8\xd5\xc2\xf2\x04\x1d\xa7\xd9\x59\x9c\x29\xb1\xda\xc8\xc6\x80\x77\xef\xac\x3e\xca\x58\xbb\xc1\x63\x7a\xad\xce\x21\xc7\x74\xfe\xa4\x2d\x2b\xcf\x4a\x0b\x98\x92\x30\x7e\x36\xfa\x25\x0a\xce\xe7\x95\xad\x2b\xfe\xcf\xbf\x60\x31\x9b\x81\x66\x3e\x2a\x26\x57\x19\x46\xf7\x5a\x8d\x96\x9a\xf1\x6b\x3b\x57\xc3\xec\x3e\x66\x15\x8a\xaf\x42\xcc\xf5\xe5\x8b\x93\x7a\xae\xf6\x13\x31\x86\x06\x60\x33\x17\xe5\xaa\x31\x8b\xe7\x0f\x8d\xa3\xc0\xc1\x6b\xe6\xc2\x9e\x3e\xc9\xfe\xf4\xe4\x6e\x8c\xa2\x41\xd9\x41\xd5\x80\x49\xa0\x63\xd9\x0a\xfc\x95\x3c\xa3\x2e\x8a\x50\xa6\x47\x36\x32\x58\x8a\xc4\x1e\xae\x97\xf2\x0c\xe9\xb7\x41\xed\x41\xc9\xa4\xaa\x65\x51\xfd\x82\x3c\xe0\xc8\x11\xa5\xbb\x5a\x17\x1c\x1e\xa4\x23\x8a\x02\x46\x81\x1e\x46\x9c\xf4\x98\xb7\x96\x21\xc3\x23\xeb\xa7\x98\x53\x44\xfe\x11\xe6\x74\x99\xed\xf4\x96\x74\x91\xaa\x74\x9f\x8f\x3f\xe3\x99\x61\xd7\x68\x92\xc9\x3a\xac\x3b\x19\xfa\x4b\x4f\xc1\x74\xd7\xd4\xd4\xd8\xbd\x6e\xe4\x75\x47\x50\x08"},
+{{0xcd,0xad,0xc5,0xb8,0x9c,0xb2,0xb6,0x30,0x8a,0x00,0x6f,0x2f,0x4e,0x95,0x5a,0x91,0xaa,0xf3,0xba,0x70,0x16,0x5f,0x2d,0x44,0x4e,0xf1,0xff,0xeb,0xbd,0xaa,0xa2,0x21,},{0x05,0x41,0x41,0x5f,0xf5,0x46,0x7f,0x28,0xce,0xac,0x83,0x9b,0x13,0xa1,0x76,0x6e,0x72,0xc9,0x9e,0x65,0x45,0x20,0x7d,0x9d,0x5d,0x96,0x97,0x41,0x1e,0xb6,0xbc,0xa7,},{0xff,0xed,0xe7,0x01,0xeb,0x18,0x29,0xce,0x23,0x61,0xcd,0xa2,0xc8,0xbb,0x63,0x33,0x85,0x39,0xd8,0xad,0x2f,0x66,0x77,0x58,0x55,0x31,0xe7,0xbf,0x1d,0x39,0x22,0x38,0x26,0x79,0xa1,0xae,0x84,0xff,0xeb,0x75,0x3f,0xc9,0x75,0x4e,0x50,0xc0,0x18,0x52,0xf9,0x55,0xe3,0xfd,0x60,0x9f,0xf6,0x4b,0xf0,0x5b,0xbe,0x70,0x75,0xcd,0xbe,0x00,},"\x91\x17\x27\x03\x6d\xb3\x09\xd6\xe2\xe3\x36\x9e\x4f\x17\xd9\x8d\x99\xec\x07\x0c\x33\x28\x3b\xb1\x24\x4e\xfd\x62\xe7\x6b\xd7\x0a\x69\xb9\x72\x3b\xd2\xb5\x20\x47\x2b\x98\xaa\x06\x59\x24\x36\x6d\xe7\x80\x90\x0b\xcd\x8b\x77\xb5\x0f\x87\xc3\xc3\x61\x87\x02\x4b\xbc\x59\xcc\xf4\x48\x2c\x7b\x4a\xad\xb5\x6e\x2e\x5e\xcc\x00\x03\xd9\x89\xd6\xaf\xc6\x3e\xc1\x02\x42\xe5\x74\x82\xfe\x39\x21\x52\x61\xd5\xfc\x95\xa0\x18\x5f\x95\xe9\x54\x0c\x55\xf7\x4d\x69\x60\x48\xbc\xa7\xab\x11\x26\x81\xa5\x55\x8e\xa9\x3c\x3b\x1f\x1c\xd3\x64\x65\x9e\x94\x33\xce\xee\xbe\x05\x4e\xe7\x13\xc4\x77\x60\xd7\xad\x13\x2a\x7f\x3f\x8f\xe3\xd5\x04\x1b\x81\x1a\x26\xb6\x5e\xfb\x1f\x34\x0e\x18\x1a\x4e\xc7\x20\xea\x13\x6b\x3a\xf3\xd9\xe5\x46\x1d\xd2\x43\x70\x33\x6f\x10\xe6\x35\x4c\x8c\x17\xac\xf9\x99\x85\x44\xce\xc0\x87\x3e\xfa\x68\x7c\xb1\x32\xae\xcf\x70\xae\xbb\xc5\x67\xba\x03\xc5\x36\x49\x9e\xf9\x6c\xc8\x41\x2e\x7a\xaa\xd5\xbf\x96\x42\x2b\xe4\x7c\xb9\x41\x36\x45\xdf\x2c\x17\x03\x19\x23\x47\xdc\xbb\x12\x31\x27\x45\x59\x71\xae\x15\x7e\x9f\xa2\xdb\xff\x88\x74\x5a\x96\xc6\x58\xb8\x65\xe4\x1f\x55\xae\xbf\x98\x39\x50\x05\xdd\xcb\xd5\x98\x3e\x6a\xe0\x2c\x4f\xbb\x5e\x17\x91\x67\x96\x32\x5f\x76\xed\xf5\xb6\x4a\xfa\x4e\xc5\xa7\x41\x8a\xfe\xd2\x3a\x97\xef\xad\xe6\x8b\x6a\x5b\x31\x45\xf0\x8a\x5d\x3d\xb9\xc2\x98\xa5\x12\xfa\xbd\xac\x68\x56\x2b\x3f\x55\x37\x7f\xf4\x4b\x00\xc1\xc2\xf3\xef\xd1\x81\x32\xda\x71\xf9\x71\xa9\x53\xa9\x31\x8c\x57\x52\x33\x61\xa1\x60\xf9\xb7\xe3\xb5\x1c\x52\x4e\x95\xdd\x5e\xf4\x56\x8e\xf1\x8a\x80\x07\x75\xe9\xd2\x6e\x07\x13\x19\x42\xd2\xbe\x4e\xf2\x2c\x0c\xbc\x13\xdf\x01\xc6\x8b\x1b\xcd\x3b\xce\x9b\xd5\x1c\x4c\xed\x65\x2a\xdc\x40\x07\xbe\x43\xb3\x7c\x67\xa5\xc5\x5e\xd4\x02\x9e\x8a\xd1\x5d\xef\x83\x05\xc9\x68\x62\x1a\xed\x4c\xd4\xbf\xe0\x79\xa6\xf4\x88\x84\xd8\x56\x80\x39\x2c\xa9\x2b\xa6\xe1\x2f\xea\x6f\x4a\x05\x6f\x79\xd6\x7b\x19\xb0\x5f\x90\xd6\x84\xbe\x7d\x45\x72\x5f\x79\x67\xc6\xa4\x67\xaf\x43\xb8\x6a\x6b\x1b\x9d\x9e\xed\x3a\x42\x48\x97\x1c\x76\xa7\xac\x29\xc2\x92\xdf\xba\x4d\x75\xc5\xf7\xba\x70\x9a\x39\x05\x8e\x96\xad\xf6\xdb\xd7\x60\xd3\xce\xf4\x02\x4b\xf3\xed\xc4\x41\xef\xbf\x11\x47\xa2\xc1\x08\xbd\x6f\x9e\xb4\x39\xc1\xc5\xc4\xd3\xa6\xea\x4e\xc3\xd9\x2c\xef\x38\x13\x61\x88\xbe\xc9\xe0\xb6\xc0\x51\x8d\x8b\x79\xba\x59\xc5\xdc\xba\x39\x3a\xed\xfd\xff\xb0\xb7\x0d\x77\x9c\x2b\x97\x65\xce\x44\x52\xe7\xe3\xb0\x8c\x44\x02\xb1\xa6\x08\x32\x08\x40\xfb\xe9\x6d\x1e\xb8\x65\x6e\xb1\xc2\x0d\x95\x51\xdd\xf5\x33\xb9\xf1\x5e\x4e\xb5\x78\x37\x56\xc5\x3d\xdd\x3b\x14\xd8\x07\xf8\x38\xac\x96\x80\xf8\x9f\x1a\xdf\xb7\x8d\x68\xcc\xb0\x67\x31\xa9\x0b\xea\xc5\xf0\xd7\x09\xd5\xb8\x8c\x75\x43\x7a\x66\x3c\xb9\x62\xd3\x7f\x96\xb8\xe8\x92\x84\x77\xb5\x61\x12\x28\x01\x5d\x33\x7f\x04\x9e\x8b\x62\xe4\xdf\xf8\xd0\xbb\x6c\xda\x24\xa5\xdf\x90\x83\xe3\x48\xbe\xf1\x25\x85\xf5\xf4\xc4\xd3\xbb\x3c\x7e\x78\xd5\x50\x19\x4a\x45\x25\x1a\x08\x79\xa1\x62\x4b\xf9\xdd\x35\xeb\x65\x5c\x39\x39\xfe\xa8\x90\x9f\x6d\xf3\x95\xbe\xbd\x02\xb6\x8a\x17\xa8\x97\xc9\xaa\xdd\xd6\xe2\xe2\x04\x61\xe3\x03\xf5\x7c\xde\xb0\x0a\xe0\xf2\x3e\x60\xa9\x4c\x19\xc7\x71\xd8\xaa\x60\x53\x3b\x93\xce\xdc\x1b\x76\xd2\x29\x0a\x01\xbf\x43\xb2\x72\x5f\x12\x5b\xef\xa5\x75\x15\x4e\x98\x6c\x9c\x62\x05\xa1\x59\x6c\xba\xa2\xd1\x34\x70\xc2\x34\x22\xf2\xdf\x7b\xec\xe4\xe6\xeb\xd7\x52\xe9\x38\x9a\xe6\x08\x57\xb5\x29\x69\xd2\xdd\xef\xa9\xc0\x34\xf1\xbf\x35\xae\x33\x16\x30\x4e\x94\x9c\x89\x90\x82\x0e\x26\xe6\xcf\xfa\xe4\xb3\x88\xd1\x50\x5f\x92\x37\x06\x29\x7f\x8d\xb5\x56\x53\x79\x19\xeb\xbe\x30\x86\x02\x3f\x12\xf4\xde\xd3\xb1\x1a\xcf\x2a\x6d\x97\x3d\xdd\x8e\xb2\x7b\x07\xc5\x80\xbf\x44\x8c\xaa\x5a\x2e\xa1\x16\xc5\xea\xf3\x6f\x7a\x6b\x17\xa8\x5b\x39\x55\xdc\x8a\x44\xa6\x20\xd8"},
+{{0x2d,0xdd,0x79,0xe7,0x60,0x64,0xc2,0xe6,0xb3,0x22,0xaf,0xb0,0xc5,0xc6,0x85,0xcd,0xbe,0xc6,0x28,0x21,0xcd,0xfc,0x0c,0xb1,0x4d,0xb7,0xd0,0x1b,0xa3,0xbf,0x21,0xa5,},{0xf5,0x5b,0x4a,0xb6,0x4a,0x25,0x82,0x21,0x2b,0x96,0xcc,0xac,0x06,0x40,0xe2,0x71,0x94,0x4a,0x34,0xa2,0x86,0xd0,0x35,0x83,0x30,0x45,0x81,0x0e,0x34,0x18,0x24,0xbb,},{0xa4,0xc3,0x96,0xe1,0x9d,0xd4,0x2e,0x03,0x91,0x84,0xcd,0x25,0x11,0x88,0xff,0xa2,0x45,0xf0,0x36,0x7c,0x69,0xc0,0x2d,0x12,0x47,0x4e,0x5c,0xa9,0xe5,0xc7,0x68,0xa7,0xee,0x3a,0x3d,0x47,0xeb,0x22,0xd1,0xac,0x9e,0x04,0xb7,0x04,0xa7,0x4f,0x41,0x69,0x47,0xf3,0xf4,0x9a,0x32,0x42,0x59,0x4e,0x7b,0x63,0x90,0xe8,0x2b,0x60,0xd5,0x05,},"\xa5\x66\x74\xa1\xe1\xf0\x97\x95\x25\x1a\xbe\x54\xab\x43\xc2\x98\x20\x8f\xef\xc9\xbb\x91\x76\xfd\xb2\x3e\x1e\x9f\x60\xf0\x32\x64\x79\x15\x56\x7e\xbd\xcc\x2b\x86\x9e\xdb\x70\x55\xf4\xab\xa6\x7e\xcf\xe7\xfa\x19\xed\xa4\x5c\x06\x04\x7c\x7a\x51\x84\x8b\xe9\x97\x32\x51\xf8\x5f\xf7\x6f\x1c\x59\xe3\x65\x43\x82\x85\x8c\x9b\xe1\x23\xdb\x8a\x94\x90\xc6\xc9\xb3\x09\xb8\x2d\x1e\x2c\xa6\xf4\xa0\x7d\x00\x12\x02\x83\xc6\xc2\x95\x64\x49\x95\xa9\x66\x28\x61\x2b\x8d\x67\x91\x57\x35\x18\xe2\x55\x6a\x68\x8a\x09\xf1\x49\xbc\x84\x6a\x68\xbd\x0e\xf7\x92\x79\x03\x57\x10\x03\x1e\xf0\xa8\xfe\xd1\xdd\x0b\xf0\x26\x12\x5d\xc6\x64\x8f\x86\xf6\x43\x09\x94\x2e\x18\xf2\x3b\x12\xd1\xdc\x68\xc6\xf2\x77\x0c\xa8\xb5\x48\x5b\x36\x9b\x0c\x92\x00\x7a\x94\x61\xc1\x39\xfc\xbb\x41\x17\x5f\x31\x6d\x44\x67\x06\x0a\xb4\x3d\x12\x22\xf5\x80\x24\x04\xbf\x63\xc2\xdf\x7e\x00\x4b\xdc\x40\x0c\xa8\x0f\xe0\xd2\xcb\x68\xa2\x10\xfb\xc3\xfc\x0b\x90\x32\x09\xd5\x47\x6e\x7a\x56\xba\xef\xb8\xfa\xd7\xf3\x28\xb7\x2f\x32\x71\x13\xe1\x39\x41\x4b\xa6\xf3\x4e\x99\xc2\xec\xcd\xe0\x44\xe7\xa3\xac\x70\xc5\x80\xcd\x26\xc7\x45\x01\x92\xca\x4c\x82\x3c\x7a\xc5\xea\xe8\x76\xc0\xd1\xc8\xc7\x68\xc1\xcb\x0b\x7e\xa4\x1f\xc9\xb7\xd2\x94\x37\xbb\xad\xab\x18\xe0\xf5\xed\x1d\xef\xe0\xcf\x6c\x0e\xba\xa6\xb6\xd7\x77\xf4\xda\xd9\xab\xdd\xbf\xc0\xfd\x6a\xb5\xee\xea\x80\x3c\xfa\x01\xc0\xbd\x46\xf6\x5f\xef\xa4\x69\x01\xab\xbe\x0d\x89\x10\x4e\x3b\xc4\xae\xe1\xf0\x59\x9c\x69\xb6\x7b\xa5\x45\xab\x9b\x54\xf5\xde\xe3\x40\xac\x69\xd8\x82\x99\xe8\x68\x22\xac\xdd\xdd\xce\x60\x11\x22\x01\x2f\x99\x29\x97\x74\xaa\xf1\x7c\x96\x4e\xde\xcb\x95\xe1\x27\x7d\x46\x2d\xe6\x4e\x91\x15\xa6\x1a\xd9\x8a\xa3\xd2\x2e\x3b\xa6\xf8\xf1\xcd\x69\xb6\xb5\x2b\x83\x38\x28\x23\xf3\x0e\x96\x6b\xda\xd1\xff\x5f\xc1\x98\xae\x32\xe9\xb6\x80\x55\xd4\x39\x2b\xc7\xc3\xdf\x10\x15\xf1\x28\xae\xe1\xe4\xfa\x3d\x49\x99\xe3\x29\xf2\x2f\x0f\xf6\xaa\x77\x8b\xae\x02\x94\xa1\xdf\x74\x36\xcb\x16\xa2\xbf\xcd\x74\xb4\x63\xab\xe7\xcb\x4b\xac\x53\x62\xc8\x9c\x9d\x1a\x37\x8a\x2c\xb8\x85\xcc\x3b\x26\xab\x4b\xe8\x81\xef\x1a\xfc\x14\x43\x0e\x10\xd2\x65\x39\xca\x35\x8c\x36\x76\x28\x6a\xd8\x1c\xe1\xc9\xe7\x85\x92\xaf\x66\xf1\x82\xbb\x1f\x7f\x86\x2f\xe7\x55\xbf\xfb\x5b\xe5\xc5\xf2\xb7\x31\xc1\x32\xe2\x38\x8a\x76\xa1\xa7\xb1\xcd\xdf\x05\xae\xd2\xac\x9e\xc4\x08\x47\x52\x71\x94\x2c\xca\xdd\x32\xe4\x9d\x87\x91\xed\xf8\xb8\xde\x11\x75\x51\xce\x26\x4a\x60\xb8\x41\x05\xea\xe8\x7e\x66\xf6\xa4\x01\xd1\x32\x2b\xb2\x1a\x98\xe8\xac\xd2\x77\x49\x32\x54\xe5\x04\x00\x4f\x72\xc7\x6e\x79\x03\xd2\xfa\x38\xfa\xb7\x17\xe9\x4c\xe6\x27\x94\x7c\x4e\xa3\x26\xbd\x25\x75\xc3\x73\x10\xf3\xb4\xd8\x43\xb9\x0f\xa7\x7d\x32\xd9\x95\x21\x94\x15\x0b\x62\xf8\x50\x18\x7a\x4f\xdf\x38\x46\x6d\xfa\x06\x56\xc0\xa2\xe0\xb3\xf0\x74\x92\xac\x8e\x37\xe5\xd0\xdf\x95\xcc\x89\xdf\x30\x85\xa2\x69\x29\x1d\xc2\x51\x22\x10\xd3\xfe\x44\x24\x8d\x7a\xb9\x96\xbe\x09\x9a\xf6\x4c\x22\x75\x66\x66\xf8\xde\xa5\x6c\x00\xb9\x06\x77\xd1\x18\x25\x00\xdd\x27\x4f\xd0\x76\x92\x53\x82\x6d\x67\x7a\xb1\x6a\x55\x7b\x08\xb3\xc5\x22\x65\x49\x8d\x85\xc4\xcb\x2b\x60\x0e\xe0\x48\x1b\x7c\x1c\x47\x6a\x9d\xaa\x8b\x88\xc7\x1f\xc2\x1b\x6f\x89\xbf\xdf\xec\xe5\x8d\xa9\xe8\xd5\x65\x65\x2e\x43\x95\xbd\xf4\xc8\x11\xb4\xf4\xf2\x2d\x2b\x96\x13\x26\x1f\x88\xc6\x04\xc2\x97\x4d\x3e\x97\x7d\x14\x0d\x04\x6e\x1b\x66\x25\xb7\x07\x16\x40\xd3\x52\xcb\x7e\x7e\x65\xd4\x6c\x61\x34\x47\xbe\x8d\xc5\xa2\x00\xaa\x9a\xca\xb4\x6a\xfc\xcf\xeb\xb6\xb1\xc3\x19\x73\x24\x6c\x34\xfa\xaf\x8d\x26\xea\x5e\x83\xbe\x15\x71\x8f\x8f\xdb\x0c\xfc\x44\x4e\x2e\xb6\x0f\x36\x59\xb0\x20\x16\x1c\x22\x8e\x6b\x92\x40\xb7\xac\x39\x4c\xab\x81\x2d\xe1\x05\x15\x76\x6f\x22\x47\x3e\xcc\xa5\x35\x59\x4c\xe5\x28\xa5\x7c\xf5\xda\xb2\xeb\x32\xab\x84"},
+{{0x3a,0xbb,0xdb,0x0b,0xa1,0x1a,0xa1,0x06,0x3b,0xd2,0x6b,0x02,0xc1,0x16,0x03,0x78,0x62,0x28,0x5b,0xab,0xd2,0x15,0xd2,0x40,0xbc,0x9c,0x09,0x26,0xf4,0xec,0xea,0x81,},{0xb8,0xfc,0x59,0x43,0x8f,0x8c,0xe9,0xe3,0x78,0x5a,0x47,0x3b,0x22,0xc8,0x89,0x2c,0x51,0xea,0xc2,0x56,0x8c,0x68,0x1d,0xcc,0x77,0xb6,0xf0,0xe0,0x79,0x9c,0x4e,0x33,},{0x98,0x1f,0x20,0x05,0x5a,0x45,0x75,0x25,0xae,0xe5,0x61,0x62,0x64,0xe6,0xaf,0x42,0xe8,0xb3,0x87,0xcb,0x08,0xf8,0xb4,0xa7,0x3f,0x9b,0xe0,0xb3,0x66,0xf1,0x03,0x5b,0xb3,0x0a,0x1c,0x87,0x48,0x94,0xcb,0xec,0xe0,0xa8,0x46,0xd8,0x49,0xb7,0xec,0xc5,0x56,0x58,0x5d,0x0d,0x3d,0x39,0x56,0x45,0x80,0x7f,0xf2,0xa3,0xca,0x5a,0x59,0x0c,},"\xdc\xcd\x55\xf9\x22\xcd\x27\x4f\x69\x75\x00\x0a\xdc\x8d\x98\x63\x0c\x6d\x75\x2c\x12\x02\xa9\xdd\x12\x10\x48\xb9\x39\x45\xaf\x2b\x11\x10\x96\x77\x88\xf9\x9e\xc0\x28\xe3\xd3\xb4\xcf\x82\xfb\x07\x17\x3e\xa4\x40\x1e\x3b\xb4\xb0\x7b\x7b\x0b\x24\xb0\x59\xa7\x66\x33\x95\x32\xd9\xdf\x3e\x31\xb7\x2c\x95\x8c\x11\x9d\x8d\xfa\x15\xa5\x07\xaf\x6c\x5f\x7e\x78\xfe\x27\x0f\xa8\x1b\x9d\xf0\xf2\xe4\xaf\x24\xbd\x99\xfb\xeb\x14\xe0\x03\x30\x84\xd7\xfb\xf8\x4d\xde\xdf\xd5\xce\x56\x75\x1d\x15\x90\x84\x75\xdf\x8a\xf0\x13\xd0\x91\x17\x3c\x13\x86\xb9\x13\x94\x26\xcc\x60\x81\xea\x16\x5b\x8c\xe4\x81\x94\xb8\xe1\x8a\x9b\x91\xa4\x63\x13\x44\xfe\x29\xc8\xe7\x28\x18\xb7\x1f\xa1\x5c\x92\x92\xd1\x3f\xdf\x5f\x9d\x18\xe2\x9b\xd0\x29\x1b\x81\x38\xde\x73\x8f\xd3\xa3\x6c\x35\x23\x90\x22\x36\x8b\x45\x6f\x1f\xac\xba\x90\xa0\xd8\x0d\x6e\x31\x1c\x5f\x6c\x6f\x04\x67\x7e\x92\x37\x3a\x5f\xc4\x73\x88\x94\xdb\xed\x20\x6c\x30\xda\x34\x1b\x3b\x19\x6c\x94\x78\x58\xa6\xd2\xad\xc6\x8a\xac\x3f\x20\xcf\xdb\xe0\x49\x79\x61\xda\xe3\x34\x70\x26\x6d\x17\xec\x71\x9a\x59\xf0\x58\x6f\x82\xf9\x9f\x1c\x90\xed\x70\x05\xa2\x07\x21\x9a\x55\xed\xc7\x60\xf4\xeb\x8f\x24\x02\x64\x7f\x6f\x77\x97\x1f\xf7\xb6\x34\x35\x7b\x6b\x29\xbb\xd7\xea\x05\xe2\xe2\x58\x54\xe9\x9c\x62\x0f\x4b\x8b\x64\x73\x90\x22\xff\x0b\x33\x8a\xfe\xf3\x5f\xb6\xf4\x1a\x53\x62\x9a\x51\x8e\xb9\x3d\x66\x02\x0f\xb3\x53\xae\xf8\xdd\x07\x1e\x09\xc9\x16\xd4\x70\x4a\xcd\xf7\x76\xb3\x8c\xa9\xc5\x9f\x21\x1f\xf8\x8c\x43\x0a\x57\xe8\xf1\x71\x39\x23\xb3\xf3\x0c\xa8\x69\x70\xa1\x4a\x52\xdb\x4b\xcb\xe6\x0d\xf4\xbc\x3c\xfd\xf2\x54\xbf\x10\xf8\xaf\xae\x87\xbd\x61\xb3\x58\xf4\x3c\xc2\x96\xc0\x41\x29\x64\xc4\xe0\x0f\x71\x21\x33\x97\x46\x85\x17\xcb\x01\x37\x9c\xb7\x29\xc7\xb9\xe3\x5b\xd5\x0b\xdd\x98\xc3\xd3\xb7\x62\x97\xa1\x38\xb5\x7c\xeb\x6c\x77\x74\x2d\xf0\x88\x1d\x07\x66\x8c\x08\xa6\x30\xa4\x4e\x6e\xd7\xeb\x20\x6d\x6a\x56\x44\x07\x10\x43\x8a\x51\x11\x42\x4b\x61\xaa\xee\xce\x40\xe9\x00\xf5\xe3\xc4\x57\xe9\xd6\xe3\x1a\x79\xec\x5b\x4b\x42\xb6\x8e\x66\xe1\x99\x30\x92\x87\xca\xd6\x53\x36\xfc\x7f\xe4\x3f\x43\xcd\x8c\x77\x3d\x3c\x65\x80\xd7\x21\x7e\x2c\xab\xec\xd3\xea\xbc\x48\x5c\x4a\xcf\x47\x71\x8c\x39\xb0\x2c\x78\x58\xff\x34\x7c\xec\x75\x35\xed\xdc\xd4\xfc\x81\x5d\xf8\x14\x56\x9a\x88\xae\x70\xf2\x73\x3a\x65\x39\xf2\x08\xc7\x9c\xf4\xe7\xc4\xf9\xea\x24\x1a\x92\xe9\x51\x51\x71\x36\x14\x18\xa4\xc2\xe5\x3c\x07\x6a\xaa\xbc\x47\xe4\xc9\x71\xbd\x04\xb1\x00\xc2\x62\x82\x30\x88\x57\xe0\x6e\x7e\x5f\xbc\x43\x42\x56\x4f\xb3\xb1\xea\x4a\x17\xa9\x25\xe9\x1e\xe6\x91\x22\x32\x1d\x39\x2b\x24\x69\x65\xb8\x6b\x54\xfd\x5c\x83\xfa\x5c\x47\x41\x63\xf9\x8a\x9f\x44\x7d\x88\xcb\x59\xfe\x2c\xdf\x9f\x54\x12\xfc\xbe\xb3\xef\xfa\xc8\x97\x67\x91\xc6\xa4\x7b\x66\x9a\x2f\xc5\x5a\xbe\x8e\x09\xe7\x41\x57\xef\xcd\x1c\xa7\x8f\xc1\x0f\xa6\x87\x01\x0c\x68\x26\xc6\xe8\x96\xef\x5c\xd7\x1d\x0f\xe4\xd1\xbd\x07\xc1\x0d\xac\x3b\x03\x48\x5e\xdd\x25\x69\xa7\xee\xcf\xbc\x4e\x5d\x2e\xe2\x37\x98\x59\xe2\x65\x26\x7b\xed\xaa\xd6\x9d\x93\xb7\xc1\xbd\x18\xf2\x7e\xa4\x24\x83\xc7\xe4\x10\x0e\xe0\x5b\x28\x30\x39\xbf\xb9\x89\x1d\x37\xc4\x67\xed\x83\xb8\x8c\x79\x4e\xab\x6b\xab\x9d\xc6\x77\x89\x26\x50\xe2\xd8\x96\xfb\xfe\xc1\xb1\xcd\xb7\x21\xbe\x30\xb0\xb8\xe5\x35\x87\x09\xe1\x65\xcb\xe3\xa1\x82\xc9\x3b\xc0\xa0\xce\xa2\xf8\xcf\x3a\x62\x57\xad\xf7\x64\x53\x40\x41\x20\x22\x41\xa5\x27\x9b\x66\x8e\x40\x12\x5f\xc0\x94\x58\x5a\x3c\x58\x8a\xba\x82\xb6\x7c\xd9\x1d\x48\x3e\x54\x30\x04\x28\x42\x68\x63\xa4\x23\x64\x04\x9d\x7c\x45\xa1\x69\x38\x5a\xa8\x9b\xf3\x77\xf0\xd3\x2b\x07\x80\x9b\x58\x71\x39\x5e\xc0\x53\xa2\x57\xd9\x3e\x48\xbb\xf4\x07\xeb\x60\x91\x40\x1e\x25\x65\x46\xe3\x1f\x9f\xcd\x24\xd2\xc5\xb3\x33\xcf\x65\x78\x50\x02\xf0\x8d\x54\x8d\xb2\x6a\xd1\xf3"},
+{{0x8a,0x44,0xd6,0xaf,0xc6,0xc8,0xee,0xe1,0xbc,0x7d,0x5f,0x69,0xe4,0x95,0xb0,0xb1,0x8c,0xa7,0xae,0xe0,0x07,0xde,0xa7,0xcf,0x0d,0x17,0x14,0xd7,0x85,0xa9,0xf4,0xed,},{0xd4,0xf3,0x66,0xb3,0x37,0x7f,0xa3,0x9b,0x36,0xf9,0xae,0x14,0xda,0x40,0x4e,0x22,0x40,0x49,0x0d,0xbd,0x8d,0x79,0x6b,0x1a,0xb8,0x72,0xdf,0xcb,0x83,0xa5,0x95,0x40,},{0xe0,0x72,0x7e,0xb7,0x2e,0x84,0xd2,0xb8,0x2c,0xdb,0xd0,0xa6,0xbd,0x2f,0x49,0x49,0x63,0x16,0xaa,0xe8,0x35,0x1e,0x49,0x02,0xac,0xd5,0xe3,0xcc,0x57,0x34,0x6e,0x7e,0xba,0xfd,0xd9,0x2a,0x90,0xde,0xd7,0x6f,0xd0,0xc6,0x69,0x0d,0x68,0xbb,0x2f,0xed,0xd6,0x13,0xe4,0x4f,0xa2,0x22,0xbe,0x01,0x26,0xda,0x52,0x0a,0xcc,0x2c,0x41,0x05,},"\xde\x80\x32\x69\x66\x53\x6c\xe9\x49\x96\xaf\x2d\xe7\xa0\x76\x05\xcc\x4f\xcb\x9e\x75\xee\x0a\x67\xa1\xe2\x09\x32\x11\x1d\xe9\xb3\x56\xd5\xbe\xea\xe8\x6c\xc5\xf5\x64\xc1\x0d\x66\xe3\xde\x95\xa5\xb9\x9e\x84\x49\x28\xea\x8e\x77\x58\x6c\xf3\xc1\x0a\xd3\x63\x3d\xde\xeb\x1d\x9d\xcf\x3f\x94\xb7\x0b\xf1\xef\x63\xd2\x38\xdf\x20\x4d\x70\x5c\x0b\x17\x4f\x83\x28\x25\x45\xf5\xe4\x07\x5f\x8d\x69\xa4\x81\x79\xc2\x9e\xab\xf5\xc1\x74\x2e\xf3\x9e\x1a\xd9\x63\xbe\xbb\xb6\x6f\xce\x94\x91\xa9\x84\x65\x12\x15\xc2\xe7\x50\xe6\xee\x83\x65\x76\x64\x40\xa8\x44\x19\xe5\x2d\xcf\x67\x1f\x1c\x52\xea\xa2\xb9\x90\x2b\xcc\xa4\xb3\x7c\xff\xdb\xac\x8e\x7e\x7e\x6b\x0a\x5c\x87\x48\xef\xbf\x45\x2d\xf6\x16\x3f\x4c\xa0\x7b\x61\xf9\xa0\x5e\xc2\x0a\x2b\xd6\x33\x38\x9e\x67\x0b\xb5\x45\x4a\xcd\x6f\x3a\x06\x33\x5b\x5d\xa9\xec\x32\x62\x64\xe9\x62\xc7\xd9\xd0\x6c\xe7\xe9\xff\x04\xa0\xa5\xbb\xdf\xaa\x4c\x41\x08\x66\xa5\x72\x01\x16\x51\x43\x9f\x2d\xbc\xe5\xde\xe6\x67\x92\x4a\xc4\x93\x4d\x20\x54\x96\xbd\x1d\x4d\xf0\x8b\xd0\xcb\x3f\xd2\xde\x73\xa2\xef\x34\x2f\xf0\x09\x1e\x10\xe1\x5b\x3b\x76\x0a\x57\x5d\xf9\x3c\xf1\xc9\x7c\x01\xc5\xab\x11\xc0\x94\xbf\x34\x87\x82\x06\x71\x8f\x6b\x28\x5a\xa5\xcc\x51\x27\xbd\x7f\x98\x8b\x84\xa9\x04\x95\x30\x6f\xd9\xe9\x9d\x89\x55\xe6\x68\xd1\xa3\xff\x10\xf6\x5b\x7c\x47\x9f\xac\x24\x11\x9a\x3c\x10\x12\x2d\x4d\x18\xa8\x05\xb2\x47\xdf\x16\x8c\x0a\x51\x00\x16\x9b\x55\x72\xd1\x70\x12\xd7\x51\xa4\x2e\x83\x37\x61\x15\xe1\x15\x61\xc1\x60\xc1\x5e\xfa\xd7\x6d\x21\xf7\xab\xb4\x30\x36\x64\x75\x23\x86\x31\xf8\x4c\x88\xf8\x38\xb0\xac\x40\x4c\x91\x3d\x2f\xa1\x24\x50\x23\x84\x85\xc3\x02\xfc\x20\x1f\x44\x15\x1c\x19\xbc\xbd\xc1\x19\x0c\x12\xd1\x54\x08\x31\xfb\x19\x58\x1c\xb9\x31\x72\xb0\xd2\xff\x5c\x65\xf3\x1c\xaf\xf2\x0f\x81\x38\x81\xf8\x4e\x5e\xf9\xd5\xc1\x65\xe0\x96\xd2\x54\xca\xdf\x89\x52\x49\xaa\xb8\xd4\x49\x6c\x94\x0a\x40\xf9\x07\xbd\x40\x93\x5a\x94\xf5\xe5\x5b\x6d\xd0\x51\x15\x41\x00\xfe\x33\x17\x70\xef\xf2\xba\xd6\x54\x56\x19\xb8\xa3\x3e\xf6\x46\x2a\x50\xc0\xb2\xc4\xed\x2f\xba\x4e\x4e\x38\x3e\xbf\x29\x32\xe6\x19\x27\x66\xa4\xaa\xd1\xd6\xe2\xb6\x92\xd9\xf2\xbd\xc2\x33\x93\xe8\xaa\xcf\xba\x32\x3b\x53\x4f\x84\xed\xf2\xdc\xed\x7c\x94\xd5\x16\x87\xda\xa2\x71\x98\xa9\x14\x4b\x31\x2b\x71\x6f\xe1\x70\x14\xa7\xbe\xd0\xc1\x4a\x24\x38\x73\x3d\x55\x5c\x65\x64\xc8\xc1\xa3\xd9\x97\xeb\xae\x7b\x3d\xe8\x87\x7a\xf5\x3c\x1d\x1a\x50\x29\x15\x8a\x80\xaa\x0c\x87\x48\x9f\xef\x27\x0c\xdf\xfe\x10\xd3\x4b\x15\xc1\xa9\x69\x3a\xe0\x39\x02\x43\xe3\x14\xcf\xac\x06\xef\x6e\xef\xeb\xcc\xf4\x3d\x42\xea\xc2\x4c\xe9\x87\x94\x29\xd2\xfc\x72\x53\xb3\xed\x17\x58\x25\xbc\x4d\xa0\x76\x2b\x49\x33\xa9\x8a\xfd\xb9\x4b\x06\xf4\xfc\xd2\xad\x36\x11\xaa\x99\x9d\x7c\x1c\x8d\x85\x2d\x01\xdd\x9e\x52\x64\x84\x55\xa0\x4e\xb2\x33\x0a\x76\xfd\x94\x2c\x53\x1e\x51\x4b\x5e\xc0\x72\x8a\x89\xd3\x4c\xa5\x90\xea\x99\xc8\x8f\xaa\x20\xdf\xb7\xbb\xf6\x56\x54\xaa\x6c\x21\x2b\xeb\x8a\xd6\xbf\x7c\x77\x73\x91\xcd\x49\xc3\x9c\xf8\xab\x51\xb9\x5b\x41\x9e\x3d\xfc\x8d\x94\xa9\x3a\x1e\xf0\x22\x3c\x6d\xe9\x0b\xf9\x62\x18\xd8\x04\x5b\xd4\x95\x2a\x0d\x83\x72\xa5\x57\x8c\x6a\xaf\xa7\x4b\xa6\x62\xe3\x18\x8e\x6a\x6e\x56\x7e\x4d\x2f\xe8\x22\x7d\x07\x43\x98\x2a\x41\xeb\xfa\x0d\x31\x0f\xe7\x9f\xed\x27\x04\x17\x90\xef\xd5\xaf\xac\x22\x43\xe1\xd1\x50\xb1\x45\x01\x5d\x9d\xea\xb0\xed\xed\x63\x94\xac\x36\xfc\x5f\xb2\x01\xf5\x20\x4f\xbd\x42\x2a\x36\x04\x23\x30\x15\xbb\x0a\x48\xa9\x20\xe2\xe5\xe0\xd4\xde\xed\x67\x20\x25\xf2\x3c\xfb\xa9\x38\x89\x59\x7e\x50\x4c\x88\x87\xad\xd4\x6c\xfe\xf4\x02\x4a\xfb\x8a\x26\xee\xb7\xdc\xdd\xb2\x39\x7b\x44\xa1\x79\x63\x67\x34\x00\x42\x13\x70\x28\xc3\x30\x76\x26\x81\x6c\x29\x31\xe6\x1e\xbb\x6b\x69\xed\xcb\xcb\x61\x2c\x9b\x18\x1a\x28\x53\x01\xce\x46\xf8\x2f"},
+{{0x8a,0x97,0x2d,0xd0,0xf1,0x19,0x0c,0x2b,0x9d,0x54,0x8f,0x4b,0xa5,0x82,0x64,0xbb,0x04,0x82,0x67,0x75,0x50,0x2a,0x8d,0x5c,0x2b,0x20,0x9e,0xe8,0x8d,0xce,0xa5,0xfb,},{0x6d,0x80,0x37,0x5f,0x3c,0xf1,0xaa,0xb2,0x83,0x55,0x1d,0xf4,0x45,0xd1,0x7e,0x7d,0x3b,0xaf,0x9b,0xcb,0xec,0xbb,0xb2,0x67,0x05,0x2e,0x02,0xfd,0xb6,0x91,0x44,0xd3,},{0xbd,0x45,0xb3,0xc0,0x45,0x85,0x0e,0xbe,0xf7,0xb8,0x0d,0xd1,0xde,0xab,0x48,0x03,0x7b,0x13,0x46,0xc7,0x1d,0xea,0xf1,0xe5,0x8f,0x2a,0x7b,0x16,0x26,0x74,0xf9,0x4d,0x1e,0xf3,0xd4,0x23,0x90,0x37,0x33,0x0b,0xd6,0x33,0x5f,0xe4,0xf0,0x14,0x92,0x50,0x90,0x1f,0x00,0xa8,0xe4,0x6b,0xe5,0xfa,0x0a,0xae,0xc6,0x9d,0xe0,0x6d,0x73,0x04,},"\x30\xb2\x89\x48\x93\x9a\xa2\x63\x43\x7e\x45\xc5\xc0\x25\x4f\xb2\x0e\x61\x7e\xd0\xf3\xfa\x7d\xac\xe5\xa0\xa8\xe0\xfe\x3c\x1f\xc4\xad\xb2\x80\x9b\x61\xc5\xe8\xd9\x2c\xd2\xf3\xde\x93\xb1\x73\xbe\x70\x7b\xad\xa9\x42\x40\xc6\x26\x2c\x16\x0e\x8c\x78\x21\x65\xbe\xef\x99\xd0\xbe\x8e\xcd\xad\x63\x16\xdc\xd7\x34\xbb\xb9\x0a\x66\xcb\xd5\xb1\xcb\x4f\xd8\xf2\x22\x6c\xea\x94\x8e\x4d\xf7\x6b\xbe\x25\x1d\x47\x8f\x5c\x3f\xe0\xd6\xde\x4b\xe5\x4f\x67\xf5\x02\xb2\x80\x4f\x62\x8b\x79\xa5\x50\xfb\x1a\xc4\x83\xad\x2b\xa1\x66\x37\xc4\xbc\x9d\xa6\x7f\xb4\xf9\x86\x59\xc4\xc4\x39\x4d\x16\xb6\xd1\x4b\x3e\x0b\x0c\x1e\x62\x5d\x71\x0d\xcc\x1c\x11\xdf\x5d\x34\x14\x7b\x1e\xc5\xa4\x17\xb9\xe2\x1f\x90\x8c\xfc\x52\x3d\x43\xe3\xf1\x81\xc7\x20\x9c\xc5\x6b\xdb\x5a\x21\x62\x86\x95\xed\x32\x0f\x8d\x4c\x07\xfd\x6d\x84\xaa\x03\x42\x6f\x21\x64\x4a\xae\xfe\xee\xc3\x11\xc7\x4e\x94\x99\x93\x60\x47\x35\x0a\x9b\xf5\xb7\x03\x96\x2e\x77\xce\x55\x13\x36\x83\x5f\xc3\x2c\xcb\xd2\xc9\x0a\xe5\x2e\x24\xd4\x7d\x8d\xcb\x98\x7a\xbd\x12\x1d\x3f\x74\x6b\x5d\xe2\x30\xf2\x64\x69\x60\x3f\xb0\xc4\xa8\xf6\xcd\x79\x73\xd7\xda\x88\x2e\xd1\xd6\xe4\xd9\xc5\xa4\x6e\xc2\xc2\x19\x40\xad\x33\x89\xa1\x86\x01\x4e\xe9\x72\x78\xe5\x35\x09\x88\xb1\x5e\xcd\x9e\xa7\x45\x6b\x3c\xb5\x5e\x4d\x30\x93\xf1\x3a\x87\x5b\x50\xd6\x51\x63\x78\xec\xaf\x58\xd7\x52\xc6\x37\x4e\xd1\x56\x38\x40\x93\x11\xfc\xd3\x79\xd1\x22\xc8\xd8\xc5\x9b\x86\xf4\xe8\xdc\x46\xad\xb7\x30\xa9\x33\x84\x6e\x0b\xd2\x48\xd3\x60\x82\x52\xd9\x70\xb5\x04\xc8\x13\xc6\xde\xa9\xfc\x88\xa3\xde\x64\x19\x56\xdc\xa2\x91\x20\x4d\x39\x0b\x6b\x39\x98\x1f\x8c\x0a\x6b\xcf\xc3\x1c\xa0\x74\x44\x20\x66\x2a\x9b\x35\xeb\x3f\xc2\x11\xf8\x10\xa3\xe8\x06\x25\x00\xb1\xe4\x9b\xdf\x85\x76\x65\xff\x32\xa9\xba\x76\x19\x4b\xbb\x77\xfb\x9c\x15\x41\x29\x64\x24\x4b\x98\x65\xf7\x3d\xed\x9f\x25\xb4\x9b\x42\x5a\xa2\x53\xd8\x07\xd9\x81\x82\x92\x76\x3a\x51\x3e\xc8\x07\x47\x34\x4f\xba\x0a\xcf\xe5\x93\xcc\x26\xb1\x33\x0b\xb9\xad\xe6\x6c\x4e\x88\xcf\x1b\xae\xd6\xd6\xe7\xb7\x50\xe6\xc7\x23\x9d\x7b\xcb\xfa\x3f\xbe\x45\x40\x5a\x63\xb9\x6d\x50\x34\xcc\x0c\x07\xff\xc3\xb5\x08\x58\x08\x1d\x19\x55\xe2\xd2\xfe\x5b\xe5\xfd\xa7\xa8\x99\x69\x43\x76\x8b\x05\x51\x70\xb7\xfd\x52\xf0\xa3\x20\x97\xfe\x1b\x7a\x94\xf1\xbf\x87\x9a\x0c\xba\xbe\x10\xac\x9a\x7c\xc1\xf9\xf5\x50\x68\xc4\x8e\x3c\xcc\x06\x51\x36\x43\x10\x18\xd3\x8d\x20\x10\x9d\xc9\x5d\x99\xcc\x2b\xbe\x7c\x62\x7a\xb1\xa8\xaa\x5f\x43\x16\x13\xb7\x90\xc2\xe6\x52\x6c\xf0\x4f\xdc\x9e\x55\xf5\x1c\x05\x5f\x3c\x20\x45\xa6\x75\xe3\xa1\xe5\x4b\xa4\x09\xf7\xae\xfa\x7e\x4a\xa0\x7a\x2b\xbd\x5e\x4a\xb1\x63\x21\xa9\xf0\x99\x69\x43\x91\xfd\xa6\x8a\x74\x58\x1e\x2f\x1f\x11\xdd\x9a\x6d\x52\x4b\x1b\x83\x26\x0d\xb5\x7b\x72\xef\x29\xc2\x8c\x8d\xb5\xc3\x7f\xd1\x85\xb7\xc2\xd8\x45\x50\x90\x65\x3a\xf3\x32\xdb\xc8\x2b\xfb\x0d\xb5\xdc\xca\xbf\xb6\xb2\x8c\xaa\x35\x05\x25\xcb\x54\xcc\x84\xe5\x53\xe1\xcf\x39\x54\xb6\x12\x39\x3e\x79\x93\xff\x7e\x8b\xf5\xec\xe3\xf1\x45\x09\x4d\xd7\xa2\x7c\xb4\x7f\x22\x74\x76\xf2\x89\x23\x52\x51\xf7\x72\xb3\xba\x77\x6b\xb7\x73\xaf\x0c\xc5\xf7\x86\xa3\xfb\x9e\x93\x1a\x53\x0c\xfb\xd8\x91\xcb\x5a\x5d\xfe\x25\x16\x9e\xf9\x33\xcc\x82\xc9\x08\x0f\x32\x39\x61\xa1\x20\x15\x8e\x4b\xbd\x71\x13\x4e\xf1\xf9\x01\x08\xb8\x15\xc2\x89\xd4\xe9\xa9\x58\x9e\xc6\x4c\x05\xfb\xb4\x2a\x21\xb2\x3d\x16\xe2\xa6\x46\x78\xae\xcf\xab\x65\xcd\x9a\x80\x6c\x59\x81\x03\xd4\x1f\x70\x09\x77\x63\x17\x83\x1f\xed\xdd\x1c\x90\x02\xd4\xa9\x22\x04\xf9\x7b\xa9\x49\x0c\x61\x46\x98\x03\x07\x21\x02\x52\x4b\x9d\xf5\x19\x00\x5f\x98\xaf\x54\xd6\x0c\xa5\xba\x60\xb5\x5b\x09\x6a\x4a\xc2\xb1\x6e\xb9\xcc\x81\x97\x3c\x31\x35\xd3\xfb\x68\x73\xdd\x96\x53\x80\x0a\x22\xbb\x5d\x0d\x61\x17\xca\x5d\x91\x65\x53\xbe\x39\xc9\xa3\xb5\x11\xeb\x3d\xb7\x30"},
+{{0x12,0x38,0x0c,0x45,0xa7,0x9a,0xde,0x0f,0x48,0x3c,0x88,0x1a,0xaa,0x37,0x30,0x43,0x8b,0x08,0x35,0x90,0xf4,0x04,0xdc,0x9e,0x60,0x1f,0x76,0x15,0xf3,0x75,0xa6,0x28,},{0xd6,0x6f,0xc5,0x9a,0xe9,0x17,0xf7,0x6d,0x24,0xce,0x8a,0xb8,0xee,0x03,0xfb,0xcb,0x71,0x5d,0x5e,0xea,0x4b,0x08,0x39,0x2b,0x59,0x1e,0x64,0x85,0x91,0xc7,0x3c,0x89,},{0x02,0xb2,0x51,0x74,0xa3,0xdd,0x52,0x19,0xed,0x48,0xb2,0xc9,0x4c,0xa2,0x12,0xb6,0x3a,0x6a,0x3a,0x25,0x97,0x70,0x3c,0x07,0xb7,0xf0,0xc9,0x65,0xc3,0xc6,0xac,0x2e,0xb4,0x50,0xef,0xe3,0x87,0x16,0xa2,0xa2,0x8b,0x3f,0x89,0x84,0x6b,0x06,0xeb,0xdc,0xa4,0xbd,0x09,0xaa,0x58,0x1f,0x24,0xe8,0x4d,0x80,0xfc,0x10,0xac,0x1a,0x00,0x0a,},"\x68\x45\x23\xc2\xe7\xfa\x8b\x4b\xd7\x54\x8c\x4b\xac\xaa\x86\x78\xa3\x30\xdb\xbb\x96\x06\x32\x94\x01\x66\xb2\xcc\x9a\xfc\x15\x35\xc8\x0c\x11\x2c\x8d\xc4\xad\xa7\x62\x92\x33\xfe\x90\x90\x55\x23\x7d\x51\x3e\x29\x2a\xf1\x5a\xd7\x69\x2f\x11\x5a\xa0\x92\xda\x65\x75\x32\xf5\x18\x99\xc3\xf7\xf5\xd9\xd4\x07\xed\x5c\x16\x3e\xb3\x95\x04\x80\xa4\x12\x2a\x09\x92\x98\x1f\x07\x7b\xc8\x67\xf9\x06\x07\x54\x07\xba\x98\x49\xc4\xea\x04\x73\xce\x54\x0a\x79\x67\x44\xef\xa3\x86\x03\x78\xe1\xb8\x93\x43\xe5\x83\xd0\x80\x7e\x5a\x67\xc4\xd5\xbd\x7c\xe6\x41\x29\xfe\x90\x2b\x8c\xfa\xbd\x2c\x21\xfa\x3d\x2a\x10\xe9\xbf\x9e\xa5\xe5\x47\x3a\xe2\x50\xc9\x16\x05\x09\x97\x26\x78\xf9\xa7\x40\xe6\xca\xdb\x3b\x52\xf5\x02\xfa\x61\x6c\xff\xae\x1d\xef\x89\x3d\x54\xe4\x1e\x54\xd3\x26\x46\x4c\x9f\x43\x5c\x63\x50\x5f\xb1\x5e\x3e\xea\xf5\x02\x1c\x65\xdc\xd0\x10\xf8\x40\xaa\xb3\x17\xc8\x60\x5d\xfb\x1a\x0c\x8a\x3d\x55\x49\x86\x1b\x69\xaf\x2c\x93\xd8\x6c\x98\x1d\xf3\xa5\x1c\x5b\xf5\x78\x5c\x2f\x85\x26\x10\xe4\x4f\xa4\xff\x1c\x71\x61\x15\x2e\x56\x18\x38\x47\x44\xfe\x83\xba\xbf\x0b\xcb\x75\x61\x78\x9a\x02\x31\x25\xf6\x24\x2a\x18\x3c\xac\x95\x49\xc9\x32\x73\x3a\x86\x8a\xa1\x82\x65\x6e\x2b\xa0\xa8\xc0\xbe\x10\x69\x96\xa8\x5c\xeb\xf1\xbd\xad\x12\x3b\x98\x2b\x4e\x05\x55\x10\x87\x94\x82\x02\x1d\xae\xa9\xd8\xf2\x6c\x58\x8e\x6c\xd1\x01\x26\xcb\x31\x96\x88\x03\x56\xbe\xe8\xf2\x98\xbc\xa3\x06\xec\x56\x99\xc7\x57\x6b\x76\x50\x87\xc2\x53\xa6\x02\x14\x01\x0c\x6e\xd7\x0d\x87\x1c\xfc\x87\x38\x01\x8a\x0e\xdb\x57\xf1\x06\xb4\x21\x8d\x85\x5e\xab\x2c\x91\xf3\x9f\x85\x8b\x3f\x25\x90\x56\x31\xa0\xee\xe2\x98\x56\xfd\x34\xf7\xb8\xc9\xba\x51\xc1\xc4\xc6\xa7\x35\xd6\xc7\xa1\x3d\x22\x0d\x7a\x56\x6c\x3f\x50\x6c\x72\xbc\x74\x17\xab\x37\xf0\xd6\xd7\x96\xff\xc7\x1d\xf9\xdc\x7c\x6e\x13\x7d\xa5\x6b\x7a\x3e\x10\xcf\x0b\x1a\xbb\x3f\xfb\x70\xbc\x66\x29\x3b\x5d\x75\xb4\x05\xed\x8b\xec\x0d\x6f\xcd\x06\x92\x5c\x38\x11\x68\xac\x18\x8d\x0b\x8a\x1a\xf0\x83\x9f\x5b\xde\x84\x3b\x69\x91\xe5\xa5\xd6\xcd\x66\xfe\x6b\x0f\xde\x86\x7c\x08\x6e\xd4\x38\x76\x91\x9a\x1b\x72\x33\xd8\xd7\xe1\xd2\x74\x2f\x61\xc7\x7d\x8e\x59\x91\x68\x9c\x83\x28\x67\x66\x55\xb7\x6a\x37\x50\x56\x0e\x75\xd1\xc7\xe8\x5e\x3c\x00\x85\x05\x93\x31\x09\x4b\xba\x57\x10\x03\x2c\xf6\x79\xa5\x25\xc7\x8b\x31\x70\x0e\x6d\x91\xf7\x52\x94\xc4\x22\x48\x92\x97\xe1\x73\x59\x43\xe4\x17\xfc\xd3\x55\x80\x58\x2f\xdd\x02\x39\xb5\x11\x46\x53\x0c\xc0\x9d\x83\xb2\x8f\x0a\x1d\x64\x22\x20\xdf\xb9\x9b\xad\x62\xf3\x95\x41\x03\x50\x81\xd6\x5d\x77\x8d\xdf\x32\x39\xba\x0e\x6f\xa9\x91\x4b\x17\xb3\x97\xa5\x34\xcb\x8f\xd3\xb4\xff\x42\xa8\xd8\xc8\xee\x66\x15\x3f\xbb\x1f\xf0\xfa\x54\xf7\xbd\x03\x27\x85\x16\xe6\x34\x1a\xf8\x0f\xcd\x1f\xce\xe7\x0c\x35\x9d\x20\x53\x68\xac\x49\x0d\x75\xa3\x54\x51\x2d\xa4\x6b\xa7\x63\x4c\x15\xb2\x84\xb2\x44\x77\x80\x8f\x17\x63\x33\x60\xa4\xb4\x9f\xb3\xbc\xaa\x84\x18\x41\xcf\x92\x41\x7e\xb2\x4c\xe4\x82\xd5\xa2\x4b\xfd\x2d\xac\x37\x22\x31\xda\x53\x9a\x05\x42\x00\x02\xff\x7a\x20\xc4\x76\x09\x7d\xa0\x6f\x59\xf0\x33\x14\xe6\x05\x9f\xad\x88\xc5\x0c\x3b\xaa\xc0\x3c\xef\xa7\xcd\x82\x11\xd2\x46\x1b\x16\x60\xea\x6b\xcf\x47\x68\x38\xc9\x1a\x10\x07\x4e\xb4\xb4\x0e\x6e\x97\x4a\x94\x5a\x67\xf6\xee\x69\x04\x23\x1e\xf0\x41\x88\xf1\xea\xd5\xba\xf3\x56\x94\xef\xe3\x01\xed\xc7\xe8\x66\xda\x23\xb5\xa6\xc5\x8f\x01\xb2\xa5\x2c\xf3\xab\x80\x5e\xdc\x5c\x13\x68\x62\x6b\x95\xb9\x4e\xb4\x64\x5b\x69\x3e\xc8\x80\xf2\xb8\x11\x7a\x69\x3a\xfb\xdc\xd2\x48\x24\x31\x89\x0f\x41\x0b\xc5\x80\x53\x0f\xef\x37\x58\x79\xc2\xe4\x60\x49\xca\x89\x1a\x2c\x3e\xcd\x60\x43\xae\x80\xd8\xaf\x34\x66\x34\x67\x4c\x6d\xfe\x90\x59\x97\xde\x5d\x05\xd6\x20\x09\xee\xed\x27\x75\x02\xfb\x5a\x5a\x31\x55\xee\xee\xb6\x73\x48\xb6\x0d\x89\xa3\x4a\x78\x12\x63\x9f\x54\x1f\xfe"},
+{{0xd1,0xb3,0x43,0x0d,0x4e,0x63,0xaa,0xbf,0xa9,0xef,0x96,0xbc,0xba,0xf1,0xfa,0x6a,0x9e,0xb5,0x21,0x9d,0xd4,0x4d,0xf3,0xb1,0xa6,0x15,0x63,0xdf,0xfe,0x1c,0xcb,0x28,},{0xc2,0x8a,0x05,0x19,0x52,0x45,0x29,0x0e,0xcd,0x38,0x53,0x55,0x85,0xce,0x51,0xf3,0xc2,0x35,0xc5,0xd6,0x50,0xc8,0xc5,0x7c,0x2f,0x79,0xbb,0x0a,0xc0,0xe8,0x08,0x34,},{0x4c,0xb6,0xff,0x5d,0xd7,0x06,0xb1,0xae,0x81,0x6c,0xdb,0xaf,0x9e,0x9e,0x1e,0xdc,0x80,0xa6,0x62,0x84,0xf9,0x46,0x52,0xd5,0x0e,0xc1,0x4e,0x28,0x3b,0x2a,0xdc,0x59,0x2f,0xd0,0x84,0x33,0x71,0x44,0xff,0xa7,0x12,0xdc,0x34,0xce,0x8e,0x61,0x06,0x68,0xa6,0x5e,0x96,0x9f,0x05,0xce,0xb5,0x47,0x86,0x30,0x4d,0x0d,0x58,0xd3,0x1a,0x08,},"\x07\x6c\x0c\x87\x62\xe4\xbc\x00\x3c\x36\x0a\x12\xa1\x95\x98\x05\x05\x51\xd1\x6b\x4b\x8d\xa0\xfb\x9c\x4a\xfc\xc8\x1a\xdb\xe6\x19\x95\xf2\x5c\xbc\x28\xdc\xa4\x20\xbf\xa9\x46\x10\x54\xd3\xee\x00\xad\x78\x18\x3e\x7f\x26\xdf\x68\x98\xaf\x9a\x4d\x22\x5f\xca\xb6\x7c\x04\x2e\x9a\x13\x52\x5d\x1f\x75\xff\x0e\x3d\x8d\xa8\x08\x96\xb7\x28\xf3\xe2\xdb\x65\x94\x4a\xe0\x71\x7d\x77\x59\x90\xb5\x9e\x5b\x70\x43\x4b\xd4\xb3\xee\x45\x2f\x10\xac\x06\x10\x57\x0b\x38\x22\x08\x32\x96\x8f\x54\x4d\x3e\x4d\x11\x9b\x1d\x4b\x50\x15\xc6\xcd\xf4\xcf\x22\x0b\x56\xb5\xc0\xcc\xd8\xe3\x98\xd5\xe4\xa5\x8d\xa3\xb0\xe2\xb2\x70\xa5\xd3\x9b\x82\xab\xb7\xf9\xd2\x7a\x41\x90\x18\x55\x0b\x62\x00\xae\x51\xc8\x48\x82\xf0\x86\xae\x7e\xa5\x35\x16\x71\xb6\xdd\x96\x09\x23\xad\x6b\xef\xc1\x34\x09\x87\x9a\x8d\xf6\x19\xbd\xf6\xc8\x8a\x6f\xe1\xec\xc0\xf0\xf3\xaa\x21\x9f\xb6\x19\x02\xbe\x48\xa5\x3d\xf2\xbc\x66\xc5\x6f\x1c\x1d\x17\xf7\xe6\x16\x7d\x25\x51\x65\xf1\x74\xba\xa9\xca\xf5\x3c\x73\xcb\xbb\x7c\xc2\xc7\xc0\x87\xf4\x3a\xbe\x2a\xed\x5a\x21\xfe\x42\x90\xb8\xd6\x79\x60\xa8\xa9\xcb\xc2\xa5\x7a\xbe\x22\x65\x4d\xc1\x84\xcf\xf9\x16\x8b\xb6\x97\x27\x03\x75\xfe\x88\xd5\xc4\x9c\xf9\x5b\x06\xcf\x9d\x0d\xac\x81\xfb\xd9\xc0\xd7\xb8\x2d\x05\xed\x2c\x3f\xd4\x9c\xcc\x29\x40\x44\x41\x71\x25\x45\xf9\xa9\x91\xe4\xf0\xdd\xb6\x21\x90\x83\x82\x96\xf9\x67\x29\x9a\x38\x60\x72\x26\xd8\xa6\x81\xf0\xa8\xf3\xc4\x38\x4f\xd1\x8b\x30\x25\x7c\x46\x3c\x0a\xbd\x0f\x4f\x6f\x12\x25\xa5\x1b\x76\x2d\x6d\x0a\xc7\xd5\x9c\xd2\xef\xd6\x98\xb8\xd1\x3e\x23\xd7\x04\x09\xf6\xb0\x7d\x69\x5c\x16\x71\xcd\x6f\x59\x44\x3b\x1d\xb0\xab\x35\xb9\xdc\x06\x40\xe4\xc6\xd1\xac\x50\x47\x5d\x28\xef\x94\xf8\x17\x90\xe2\xe5\xb2\x54\x55\x14\xb2\xa4\x9c\x5c\x21\x53\x45\x9b\xe5\x40\x89\x0f\x53\xbc\x18\xe4\xa1\x6d\xcb\x5d\xcf\x50\xf3\x7a\x95\xc6\x06\xfd\xf4\x85\x98\xe5\x2a\xf3\x17\x9a\x20\x48\x61\x5d\x93\xd9\x7e\x05\x99\xb7\x08\x8c\x11\x74\xbb\x9f\x15\xe3\x70\x18\xf9\x9a\xcb\xce\x5b\x13\x02\xf8\xd8\xce\x2a\xb8\x54\x37\xfe\xeb\x0c\xaa\x77\x84\xdc\x83\xc9\xe7\xc3\x6f\xe0\x59\x90\x6b\x03\x0a\x86\xa3\xde\xd0\xab\x9d\x8b\x73\x52\x9d\x47\x5e\x66\x1a\x08\x08\xd6\xd3\xf0\x90\x7f\x85\x28\x87\x3f\x08\xd5\x74\x8b\xe1\xd6\x97\x12\xe8\x52\x62\xd7\x7b\xdf\x13\xbf\xd1\x8a\x5c\xde\x6f\x71\x46\x26\x73\xab\x29\xb1\x61\x73\x15\xa9\xa6\xe9\x36\xa8\xe8\x1a\x8e\x43\xbd\x0f\x66\x44\xa5\xc6\x9e\xaa\xac\x89\xbd\xaa\x99\xcc\xa8\x03\x83\x37\x05\xe5\xaf\xa6\x9b\x3b\xd1\xd0\x25\x2b\x85\x46\x50\xf2\x19\x97\x91\xe6\xac\xa7\xc7\x5a\x86\x12\x83\x21\x62\x33\xa2\x63\x3a\x6a\xef\xf9\xd3\x01\xee\x5c\xb4\xdd\x72\xc0\x8a\x45\xcd\xae\x8f\x54\x58\xc0\x95\xb2\x2e\x75\x9c\x43\xb4\x9b\x98\xe9\xf4\xcb\x33\xd5\xde\xa8\x79\x44\x9e\xae\x73\xcb\x87\x4c\x73\x59\x43\x25\xeb\xf6\x8c\x1e\xd4\x06\x4b\x6f\x61\xab\x2f\x01\x4a\x2f\x19\xf3\x2e\x12\xb3\x3c\x5e\xaa\x8a\x29\x20\x4d\x5e\xba\x58\xdc\x07\x50\x72\xfe\x39\x9b\xe7\xd1\xab\x18\x08\x20\x8f\xb4\x08\x12\x3b\xdc\x0b\x4a\xb3\x13\x0f\x9f\x70\x6d\xc3\xeb\x19\x4b\x60\x5e\x73\xa3\x2f\x12\x5a\xe4\x91\x28\x5c\xe6\x03\x9f\xb6\x23\xc3\x8b\x81\xd5\xab\xa0\xf5\x59\x9f\x6c\x86\xe8\x72\x48\x6b\x4e\x96\x49\xda\xff\xe3\xa3\xd0\x6c\xb0\x73\xdd\x3b\xc6\xf4\xe1\x0a\x18\x70\x0e\x45\x72\x2d\x78\xa6\xb0\x97\x2d\xc9\x4d\x5c\x7a\x7b\x66\x41\x75\x7b\x79\x60\x75\x71\x9d\x7b\x8e\xc3\x6a\x1e\x79\x6f\xb5\xf8\xfe\x6f\x1b\x79\xa0\x85\x9c\xb4\xd6\x7c\xec\x05\xed\x91\x4c\xfa\x32\xc1\xdd\xfe\x21\x8e\xf9\x63\x43\x6c\x3a\x11\x48\xac\x2c\xf9\x09\xdf\x73\x59\x89\x06\x57\x46\x3a\x4e\xa2\x5f\xed\x59\x61\x8a\x06\x81\xa1\x21\x7e\x22\xd6\x4e\xf9\xd9\xb4\x55\x9d\x0a\x0f\x6b\x3c\xe8\xd8\x47\x93\x0b\x23\x23\x01\xca\xf4\x4c\xdf\x7a\x3f\x18\xa2\xac\x13\x0b\x92\xcf\xd9\xc0\x33\x60\x55\x7b\x5f\x7c\x47\x75\x46\x2a\x10\x71\xf7\x03\x44\xc7\x18\x37\x4b"},
+{{0x03,0x3e,0x00,0x3d,0x7a,0xab,0x7b,0xc7,0xfc,0x8a,0xc2,0x04,0xc7,0x33,0x79,0x9a,0xe5,0x53,0xc3,0xfe,0xc5,0x3f,0x10,0xdb,0xf7,0x95,0xb5,0xf4,0xb8,0x7f,0x1c,0x95,},{0x68,0x2f,0x46,0xf5,0xc0,0x56,0xdd,0x45,0xba,0x0b,0x5a,0x78,0x20,0x31,0xf9,0x59,0x6a,0x73,0xaa,0x29,0x2c,0xa2,0x32,0x6b,0xed,0xa7,0x4a,0x52,0xfc,0x32,0xb7,0x16,},{0xed,0xb4,0xe0,0x20,0xd6,0x76,0xfa,0xc6,0xa8,0x45,0x53,0x48,0x80,0xbf,0x61,0x36,0x37,0x4a,0x8b,0x7f,0x2c,0x53,0x85,0xbb,0x9e,0xe2,0x25,0x38,0x1f,0x49,0x4e,0xfb,0x74,0xa5,0x5b,0x41,0x3a,0xe0,0xea,0x70,0xad,0xd6,0x1b,0xfd,0xfb,0x87,0xfb,0x42,0xd5,0xbc,0x0c,0x53,0x59,0xdd,0xdd,0x57,0x3d,0x53,0x8a,0xe9,0x3a,0x6b,0x36,0x09,},"\x59\x6a\xa2\xc4\x0b\x33\x18\x87\x89\x38\xeb\xc1\x38\xdb\x27\x4b\xb3\x8a\x52\x01\xeb\x7c\xaf\x87\x5e\x6c\x64\x57\x91\xda\xe0\x12\xbd\xef\xd4\x85\xe6\xbd\x9d\x84\x99\xc4\x2a\x2a\xe8\x6c\xf3\x2b\x18\x00\x2e\x76\xbb\x58\x2c\xca\x0d\xec\x48\x15\xde\xd8\xa1\x21\x1f\x8f\xc8\x85\x7f\xce\x1d\x57\xf6\x15\x1d\x88\x78\x7b\x97\x8f\xab\x56\xbf\x92\x6b\x15\x33\xe1\x94\x99\xe8\xbb\x99\x15\x8c\xdd\x6e\x98\x0f\x6b\xa5\x43\xae\x83\x1f\x9d\xd1\x34\xb0\xfe\x6d\x5c\x24\x88\x7d\xc7\xa8\xd4\x78\x1d\xd9\xb7\xfc\x5d\xc9\x46\x4b\x04\x5c\xbf\x9d\x1e\xf5\x03\x6b\x5b\xf2\x8b\x54\x9a\xc7\xaa\x8f\xaf\xb9\x1a\xdc\x9f\xec\xa7\xa1\x45\x54\xd1\x10\xe3\x10\xc7\x49\xe4\x85\x33\xf3\x59\xc7\x0f\x05\xfb\x7a\xed\xef\x13\x66\x36\xb8\xef\x72\x23\x88\x65\x39\x86\x4e\xe5\x2d\x34\x11\x8b\x4b\x8b\x74\xe0\x8f\xe6\xb6\x58\x96\xe4\xb1\x9b\x6d\x7c\x3f\x25\x28\x26\x55\x85\x48\x17\x10\xd2\xd7\x49\x48\xeb\x4b\x17\x08\xa5\x0f\xa7\x40\x21\xbd\xa4\xb3\x61\xbc\x68\xd2\xa5\xd2\x02\x10\x9f\x8d\x28\xd8\xaa\x67\xd7\x8c\x11\x36\xcd\x2e\x90\x3c\x8d\xfa\x17\x5a\xf7\xbd\x96\x3b\x73\xda\xe4\x95\x87\x3c\xcd\xae\x62\xbf\xef\x88\x56\x36\xdd\x83\x55\x0f\xf9\xc0\x5c\x37\xba\x33\x89\xd1\x54\x36\x85\xd8\x94\x83\xb0\xc1\x04\xe7\xef\xbb\x77\x02\xc5\xa0\x39\x8a\xc7\x20\x48\x4c\x50\x93\x68\x35\xee\x9d\xf2\x53\xf0\xef\x8c\xbe\xf3\xe0\x7d\xe9\x69\x51\x1c\xcb\xf8\x75\x57\x49\x3a\x0b\x97\x2e\xf0\xe8\xe6\x29\xcf\x38\x22\xdb\x21\x28\x6e\xd7\x27\x66\x1b\xd3\x17\x86\xfc\xa1\x42\x11\x06\xda\xcd\xee\x1c\xaa\xf4\x94\x54\xe8\x54\x79\x4f\x70\x4d\x22\xa9\x5a\x4c\x8e\x6b\x1c\x2f\xee\xa5\x7e\x56\x23\x8c\x20\x96\xf1\xcc\x57\x86\x47\xfe\xa5\x44\xd6\x76\x44\x82\xbd\xf5\x14\x88\x79\xa2\x5f\x94\x3d\xb1\x6f\x29\x02\x1b\x9e\xcf\xe3\xe0\x90\xb4\x25\xc8\x1c\x70\x09\x84\x2e\x1c\x7a\x02\xd9\x1c\xa6\x0c\x12\x01\xc3\xbd\xae\x9c\x53\x73\xaf\x03\xf2\xf4\xdb\xef\x40\xde\x8d\x9b\x21\xfe\xd6\x8d\xee\x51\x0d\xe0\x42\x72\x34\xca\xa1\xc2\x0a\x3a\xe5\x49\x95\x48\x34\xc9\x33\x73\xd9\x13\xb8\x75\x0f\x23\xa0\x37\x80\xd7\xa9\x45\x4e\xd6\xfe\x51\xfd\x2d\x27\x6b\x9d\x4a\xa3\x2d\xe0\x5e\x03\x81\x6e\x64\xe9\x46\x6f\x4f\x0e\x22\x46\x51\x42\x8d\x34\x2c\xbc\xc6\x97\x17\x0a\x47\xef\x99\x6b\xda\xcb\xce\x91\x11\x7c\xa1\xf8\x45\x5b\x25\xb2\xb0\x84\x43\xe9\x91\x4e\x3d\x90\xc4\x89\xee\xaa\x77\x31\xdd\xea\x21\x23\xd5\x5d\x67\xb1\x66\x83\xfb\x7c\x82\x36\xaa\xa5\xa1\xb0\xfc\xaf\x8d\x17\x00\x11\xdb\xe9\xaa\x28\x57\xbe\x61\x2c\xbb\x85\xef\x69\xe5\x68\x31\xb4\xda\xcf\xbc\x7a\x59\xb4\x65\xa6\x6d\xc7\x41\x2d\xdb\x3d\x6a\xf4\xeb\xfd\x70\x58\x64\xe7\xd4\xfb\x99\xa6\xcc\xb4\x8b\x11\x83\x68\xfe\xab\x02\xa3\x40\xc4\x32\x76\x8d\xe0\xe0\x67\x87\x1e\x9e\xa8\x08\xd6\xd9\x93\x81\x58\x29\xe7\x1f\x6c\x04\x2b\x66\x49\x95\x09\x8f\xee\x94\xd5\x43\xdf\x15\xe5\xb1\x69\x57\x03\x1b\xd2\x38\xbc\xad\xbb\xdc\xc5\x76\xaf\xfb\x64\x03\x03\xd6\x9c\x5b\x25\x0b\x3a\x53\x9a\xfd\x12\x7f\x7e\xe2\x60\x9e\x52\xe5\x15\x4f\xbd\xff\x3e\x45\xf9\xc4\x40\x66\x65\x6d\x56\x1e\x0f\x64\xdf\xf2\x80\x5d\xf8\x8e\x30\xa3\x80\x53\x08\x22\x41\x3a\x7a\xb7\x6a\x1b\x9a\x86\x53\x78\xd2\x47\x63\x06\x9a\x81\x40\x02\xa9\xa9\xd0\x37\x95\xca\x8d\x2b\x5b\xd1\x09\x03\x93\xe9\xe4\xb1\xff\x7d\x7f\x0e\xb8\x4e\x71\x2a\x01\x8f\x68\xc9\xe3\x84\xf0\xa0\xae\xf3\x96\x78\x79\x28\x4f\x40\x9e\x30\xd2\x36\x50\x86\xe6\x69\x52\x27\x8c\xa9\xb6\xf9\x0e\x8f\x69\xa4\x8d\x9b\x28\xbb\x4c\x4e\xd6\x32\xab\xca\x3a\xf4\x14\x4d\xa7\x42\x2b\xf5\x19\x92\xf7\x34\x73\x14\x53\xc7\xa3\x3e\x15\xe5\x9f\x53\x08\x12\x9d\x6a\x77\x4a\x94\x58\x6f\x72\x33\x11\x17\x91\x76\xc0\x94\x8f\xff\x4e\x30\xc1\xb9\x59\x81\x2c\xac\x97\x7c\xc7\x43\x47\xb0\x07\x94\x0f\x2f\xb9\x62\xa9\x0d\x66\x06\x6a\x6d\xe8\x80\x19\x84\xde\xe4\xa5\x32\xd4\xb0\xac\xd6\xdc\xaf\x06\x72\x7b\xab\x70\xb3\x86\x62\x32\x23\x4c\x91\x00\xbf\xdc\x66\x9f\x77\xca\x49"},
+{{0xee,0x55,0xfc,0xf7,0x0a,0x27,0x5c,0x72,0x6b,0xd4,0x85,0x66,0x83,0xb3,0x47,0xde,0xcf,0xd4,0x22,0xf1,0x82,0x6c,0x07,0xa9,0x32,0xcb,0x85,0xbe,0x9f,0xa4,0xef,0x3c,},{0xdf,0xcf,0xfb,0x5e,0x15,0x53,0x78,0x9d,0x56,0xa9,0xf3,0x91,0x4b,0xce,0x50,0x0d,0x07,0xc5,0xac,0x31,0x1f,0x92,0x78,0x54,0xb2,0xcf,0x1e,0x58,0x33,0xc0,0x32,0x37,},{0x9d,0x8c,0xb2,0xea,0xf3,0xff,0x3e,0x0c,0x2b,0xc6,0x72,0xe1,0xd2,0x55,0xc5,0xb8,0xe8,0x07,0x31,0xbf,0xf6,0xf6,0xab,0xa5,0x17,0xe1,0x33,0x54,0xe8,0x51,0x08,0x0f,0x4a,0x8b,0xb8,0x12,0x1b,0x26,0x24,0x24,0x4c,0x9e,0xe9,0x5c,0x8a,0x09,0x2f,0x10,0x37,0x03,0xfb,0xe6,0x6f,0x9c,0xba,0x10,0x0d,0x2e,0x91,0xed,0x77,0x4a,0xc9,0x07,},"\xb8\xc8\x45\xcf\x7c\x54\x85\xf0\x62\x2d\x1d\xdc\x17\xf7\xa0\xf6\xf0\xfd\x70\x74\xfe\x19\x4b\x0e\x0c\xd4\x26\x50\xcf\xc8\x17\xf5\x7f\x09\x5f\x8c\xdf\xad\x1e\xbe\x0d\xfb\xc1\xbd\x76\x17\xab\x4f\x20\x4e\x9d\x55\xd8\x1a\x7c\x8a\x43\x39\x40\xec\x6f\x17\xc8\xa8\xe3\xd5\x6c\x1a\xfb\x0a\xf3\x74\xbd\x32\xd5\x4e\xf7\x13\x2d\x26\xb8\x9c\x47\x0c\x2a\xb5\xbe\x16\xfa\xbb\x4c\x75\x19\x3d\x6d\xa5\x9b\xa2\xfd\x15\x7e\x9e\xa4\xe0\xc5\xc0\x8a\x52\x02\xf5\xed\xc6\xa6\x17\x01\xf0\x8b\xb3\x44\xca\x64\x55\xd7\x5d\x14\x5a\xdb\x24\x4c\x53\x4c\x8c\xfc\x62\x3f\x4d\x4b\x67\x67\x59\x4b\x39\xa7\x69\x0b\xee\xec\x4d\xf9\x74\x6a\x57\xff\xee\x05\x14\x54\xc4\x27\x8e\xa4\x3c\x81\x0f\xf1\x3c\xd7\x69\x61\x5f\x9d\x05\xd4\xfe\x4a\x51\x58\x3e\x80\xc0\x15\xdc\xfe\xd9\xaf\x05\xf9\x3d\x05\x4d\x34\xff\xd9\x39\xbd\xd8\xf0\x51\x8f\xa3\x03\x0a\x96\x4d\xc9\xd8\x0d\xf0\x0f\x16\x35\x82\x40\x72\xcd\xf2\x9b\xc8\x02\x59\x20\x9d\x50\xf5\x6f\xca\x9f\xbd\x6a\xe1\x51\x4a\x67\x19\x89\xce\xa4\xf6\x84\x6b\xc1\x91\x79\x09\x7c\xca\x40\xc6\x24\xd7\xed\xbf\x91\xfb\x5b\x25\x39\xeb\xbd\x50\x2d\x36\x46\x71\x14\x30\xba\xe4\x23\xfd\x11\x58\x48\x09\x33\x18\xb7\xd0\x87\xef\x1e\x3b\x89\x4b\xc3\xb9\xea\x27\xaf\x85\x3f\xca\x85\x95\xd3\x6f\xb7\x29\x99\x69\x16\x2f\x2e\xd6\xa2\xb5\x50\x75\xb2\xc6\x30\x80\x28\x57\x17\x6d\xec\x4c\xb5\xac\xf2\xb1\x3a\x35\xa9\x94\x9b\x91\x2b\xb5\x7d\x81\xeb\x0c\x8a\x8a\xdf\x3c\xf6\x4c\xb5\x71\xbf\x5f\x3d\x71\xf9\x87\xd6\x4d\x74\xe9\x19\xa0\x03\x36\xe5\x7d\x35\xee\x4e\xec\xfc\x65\x70\x00\xdd\x5b\x12\x99\x5e\xe1\xb1\x16\x59\x1c\xe5\x8e\x56\xde\x25\xb2\x9c\x94\x82\x9d\x1d\x68\x52\x1b\x95\x58\xe4\x72\x5e\xc7\x70\x39\x06\x9c\x0c\xd1\x7b\x2a\x00\x33\x59\xe9\xe1\xe1\x12\xc7\x59\x01\x76\xce\xbc\xe7\xf0\x01\xf1\xd1\x36\xe8\x18\xf4\x81\x8c\xfd\x94\x74\x5a\xfa\xab\x56\xf1\xa4\x06\xf9\x7d\xd9\xe6\x1b\x73\x52\x66\xd6\x82\xad\x7d\xf2\x6d\xd7\x0c\xde\x0b\x57\xfe\xa7\xdb\x2d\xf8\x32\xfa\x88\xa3\x5f\x53\x97\x94\x88\x4d\xdc\x41\x21\x84\x03\x01\x6c\xb6\xd5\x22\x1f\x3f\xeb\x5d\x3a\xee\x4a\x98\x40\xa9\x13\x07\x2d\x29\xf8\xd1\xa9\x36\x7b\xb0\xbb\xf5\x45\xf7\xda\xe7\xc0\x0a\x0d\x0c\x03\x42\x23\x1a\xe4\x62\xbb\x74\x2e\x14\x98\xee\x58\x4a\xe6\xc8\x3f\x2f\x1f\x2d\x04\x52\xbe\xad\x98\x22\x68\xcd\x3c\xfd\xe7\x8f\xf4\x22\xe2\x26\xbf\x7b\x2a\xf1\x13\x77\x57\x79\x7f\xb0\x2e\x52\x75\xc3\x48\x09\xd5\x4c\xa9\xee\x2a\x65\x27\x5e\x6e\x5c\xff\xdd\x20\xad\x1f\xa1\xee\x0b\xd8\xb2\x1e\x04\xce\x82\x9e\x02\xcd\xb6\x3c\x48\xbf\xcd\xd8\x6d\x3a\x08\xc5\x97\x89\xc9\xd7\x8e\x36\x18\x1d\xef\xeb\x72\x27\x10\x72\x75\xed\x6b\x5c\xcb\x12\x7c\xd7\x2b\x37\x4e\x17\xf5\xee\x0b\x5e\x47\xb4\xb3\xe1\x4a\x8e\xc6\xd8\x6b\xb7\x50\x71\x87\xf2\x8d\xb3\x2b\x3f\x3f\xa1\xca\x13\x44\x6f\xe5\x25\x3e\xe7\x83\x64\x5e\x79\x42\x72\x79\x9a\x86\x3b\x4f\xca\x99\xe4\x43\xcb\xaa\x05\xde\x3c\x50\xed\xf3\xd5\xcd\x7c\x10\x52\x9c\x6c\x09\xa0\xc1\x45\x34\x06\xac\x7e\xca\xfa\x9b\x3a\x1f\x36\x9d\x68\xf3\xc6\x18\xf5\x8e\xfc\x35\x9d\xf2\xf3\xfc\xd2\x47\x8b\x55\xa4\x1a\x11\xf2\x48\x7e\x7f\x70\xec\x29\x3b\x3e\xcc\xc7\x00\xef\x44\x4a\x33\xd1\xea\xe9\x84\x9c\x5b\x76\xd2\x9a\xfd\x5a\x23\x86\x1a\xef\x4f\x2a\x7b\xa3\xf6\x66\x30\x1f\xde\xb5\xd3\xd8\xf0\xdc\x9e\xe2\xe0\x14\xb2\x4c\x74\x65\xde\xe3\xc0\x96\x4e\xdd\x49\xed\x49\xed\xab\xb5\xca\x7a\xfb\x99\x57\x4d\x00\x1e\x58\x12\xa0\x85\x23\x1f\x24\x1b\x6b\x08\xc7\x3e\x80\xfb\x44\xbb\x2a\xdf\x55\x4f\x14\xfd\x6d\xce\x94\xa6\xf6\x36\x23\xd9\xc1\xde\xb4\x1a\xd1\x01\x65\x1a\x6b\x67\xae\x52\x34\xda\xae\x81\x97\x9f\xbd\x82\x33\x89\x64\x9a\x3b\x0a\x06\xc6\x8b\x80\x46\x8a\x99\x1d\x30\x07\x74\x87\x51\xfa\x69\x28\x1d\xb1\xb9\x4d\x6c\x16\x0a\x1c\xab\x50\x94\x3c\xdb\xb8\xde\xa5\x75\x09\x06\xb3\xc6\x59\x5b\xb5\x80\xde\xdb\xfa\xe5\x74\x64\xcc\x7a\x65\x1d\x4c\x51\xdb\xb5\xfa\x98\x05\x97\xd1\x76\x69"},
+{{0x49,0xc2,0x98,0xa2,0xdb,0x3d,0x25,0x89,0xc9,0xfe,0x16,0xa4,0xe5,0x71,0xe5,0xaa,0x23,0xcb,0xaa,0x77,0x7b,0x86,0x47,0x02,0x90,0xa3,0xed,0xa7,0xa5,0xd3,0xe9,0x6b,},{0xda,0xc5,0x23,0xd6,0x37,0x4c,0x8f,0xf1,0x5f,0xc4,0xdd,0xc7,0x13,0x71,0x5a,0xc3,0x5c,0xf5,0x54,0x7f,0xc1,0xb1,0xb2,0x64,0x6b,0x63,0xfb,0x41,0xa7,0xf2,0x16,0x21,},{0x2a,0x43,0x9c,0x73,0xc9,0x81,0x17,0xfb,0x29,0x52,0xe2,0xb1,0x61,0xf7,0xf3,0xb9,0x9e,0x7d,0x39,0xbc,0x69,0x7f,0x79,0x40,0x75,0xdb,0x7b,0x63,0x4d,0x29,0xf1,0xff,0x57,0x24,0xf6,0x77,0xf8,0x31,0x2a,0xd5,0x15,0xb0,0x97,0xcc,0xa9,0xdf,0xc3,0x0e,0x79,0xee,0x8a,0x7c,0x9d,0xd7,0x28,0xbd,0xd4,0x5d,0xf8,0x59,0xc7,0xbd,0xe3,0x0a,},"\x35\x82\xee\xb0\xd3\x71\xdf\x38\x5d\xe8\x8b\xaa\xd3\x80\xcb\x0c\xdb\x60\xea\xb2\xba\xeb\xb3\xc7\x98\x37\x75\x3d\x08\xe1\xcb\x78\xc0\xbd\x76\xdd\x11\x04\x45\x49\x56\xd5\x71\xce\xb7\xe6\xb5\x71\xa5\x23\x68\x35\xd7\x84\xb5\x0f\xf6\x60\x57\xb1\x35\x95\xe7\xd0\xc8\xf2\x5d\x08\xae\x8b\x54\xb6\x12\x3b\xa0\x81\x51\xac\x7d\xb0\xc5\x6a\x98\x0f\x7f\x0b\xb3\x9a\x54\xb4\x37\xf5\x48\x51\x97\x99\x86\xab\x13\x67\x83\x5e\x5c\x4f\x3a\x3b\x3d\x76\x0d\x38\x27\xe7\x6c\x56\x8a\xe7\xae\xbb\xb6\x12\xe7\x75\xbd\xde\xcc\xd3\x34\xac\x6b\xcd\x32\x53\xab\xc2\x9d\x4b\x7c\x3f\x10\x36\x26\x66\xf6\xae\x75\x08\x03\x70\xa3\x6c\xba\x55\xdb\x3a\x91\xcb\x57\x89\xe4\xd6\xf9\xef\xea\x4d\xf1\xdd\x77\x30\xa5\xe2\x79\x60\xd5\x3b\x51\x21\x94\x8c\xce\x5a\xf6\x53\xff\xf1\xd5\xb4\xe5\xb0\xa8\x8c\x71\x8c\x49\xb3\x1c\x79\x3d\x88\xc1\xcc\x45\xab\x8d\xa2\x9d\x05\xe9\x06\xcd\x05\x94\xb5\xf6\x63\x8c\x8e\xc3\xf1\x76\x0b\xa4\x23\xb5\xab\x1d\x08\xa5\x87\x70\xaf\xb0\xf1\x39\xab\xd3\x49\xc1\xbf\x16\x0d\x89\x02\x23\x9c\xe2\x4f\x19\xb4\xe1\xbe\x09\x5f\x7e\xd1\x65\xf3\x93\x1e\x3c\xbc\xc3\x07\xe9\xfc\x5c\x65\x80\x31\x22\x8e\x55\xcb\xbe\xec\x0d\x0b\xcf\x8f\x69\x51\x54\xa9\xee\xd1\xbe\xf3\x52\x28\x78\x9b\xfc\x0d\x23\x8b\x83\x72\xd3\x18\x32\x8c\x13\x39\xfe\xa0\x88\x14\xdb\x86\x21\xab\xca\x3a\xeb\x82\x09\x8b\x5a\xa8\x7b\xb9\x8f\x5e\x40\x52\x2a\x08\x88\x53\x2c\x17\x48\x45\x3d\xb2\xd2\xb3\x94\x3e\x4a\xbb\x31\x2d\xe3\x19\xae\xc4\x8c\xc1\xc9\x47\x75\x97\x29\x53\xfb\x64\x96\xb8\x16\x89\x37\x62\x35\x10\xcd\x48\xc8\xb2\x47\x95\x6d\x31\x68\x48\x6c\x17\x6a\xe7\xa4\xcb\x38\x4e\xac\xfd\xab\xfa\xdd\x9f\xba\x30\xa2\x3b\x81\x1b\xd7\x79\xf3\xcb\xa5\x43\x38\xc2\x8b\xb3\x38\x22\x38\xed\x3b\x8d\xd2\x1b\xea\xb2\xf5\xca\xde\x28\xc5\xe0\x9b\x31\xa4\x54\x80\x8a\x53\x48\x12\x2e\x3a\xe3\x81\x22\x96\xf7\x86\x9c\x38\x65\xc3\xc9\xd8\xfe\x18\xbd\x81\x2f\x2e\x60\xe9\x14\x97\x5c\xfe\x1b\xef\x8d\xbb\x80\x97\x00\x6f\x0d\x7c\xf3\xfc\x15\xeb\x95\xc2\x78\x54\xb1\x43\x12\xb8\x8d\x52\x80\x15\xaf\x69\xfb\x75\x05\xb8\xf3\x27\x03\xf6\x4e\xb1\xc9\x58\xf0\x46\xdd\x25\x12\x42\xf8\xbe\xa7\x46\x7f\xc7\x29\x1d\x09\x5e\x96\x96\xe1\x1a\xa4\x5a\xbe\x79\x24\xe8\x56\x35\x15\x35\xaa\x07\x73\xd3\xd9\xe6\x1c\xc9\xa2\xd8\x9b\x5b\x07\x74\xd7\x64\x5e\xe1\xaf\x7e\xb6\xfc\xd4\x40\xbc\x69\xd4\x3e\xde\xaa\xf9\x35\xfd\x2a\x52\x95\xac\x19\xa9\x7d\x70\xaf\x92\x98\x83\x0f\x81\xc0\xa5\x09\xf2\x42\xf4\x73\x37\x24\x78\xfa\x58\x79\xfb\x2c\xb8\x51\x10\x80\xfc\x2e\xcd\x82\x59\xb8\xc3\xce\x9e\x8b\x64\x07\x61\xdc\x79\x27\xc3\x2e\x7f\x5b\xae\x97\xa8\xb8\xac\x93\x56\x62\xe5\xf4\x5d\x14\xca\xd6\xd3\x4a\xff\xc9\xa1\x94\x14\xc4\x56\x6f\x45\xf9\x77\x39\x67\x10\x89\x4c\x53\x99\xed\x44\x80\xf1\x8e\x90\x95\x7f\xaa\x76\xcc\xb5\x12\xa2\xd0\x75\x73\x05\x8a\x95\xb4\x2f\xe1\x81\x02\x49\xd1\xc8\x5e\xc4\x31\xa0\x49\xd1\xae\xcb\x0f\x11\x83\x79\xbd\xc3\xf1\xee\x49\x0b\xc8\xa0\x54\xc3\x2c\x3d\xac\x76\x59\x96\x6c\xdb\x66\xf9\x95\xac\x40\x3d\x5e\x79\xeb\x6b\x25\xb3\xf3\xf6\x5a\x6c\xee\xc2\x20\xd6\x6c\x05\xf8\xa8\xa9\x8b\x80\x79\x9b\xa4\xf2\xc6\xdb\xbb\x4d\xfb\x58\x62\xc9\xa4\x6b\xca\x01\x3e\xbd\xfa\xba\x74\x94\xa3\x0c\xe1\x46\x06\xaf\xc0\xb0\xf9\x93\x14\x3f\xed\xee\x78\x96\xd9\xa6\xbb\x81\x49\x91\x66\xed\x02\xe9\x41\x86\xaa\xf3\x21\x87\xae\xb6\xe2\x82\x50\x1b\xca\x43\xb5\x7b\x7e\xfa\x09\x39\xc9\x34\xbc\x8f\xbb\xd2\x6c\x44\xb6\x18\x33\x5a\x35\xc6\x92\xff\x99\x6a\x5b\x95\xd3\x27\xdf\x9b\x2a\x66\x21\xb3\xb0\xf1\x90\xdb\x1f\x36\xd9\x11\xd1\xa6\x63\xa4\xeb\xf9\xa2\x85\x4b\xb4\xf4\x06\x10\x95\xb6\x98\x12\xc8\x2c\x2f\xfe\x3f\x92\xe9\xb4\x4d\x2e\xa6\x31\x69\x88\x1c\xae\x84\x53\xd6\xee\xf7\xcf\x69\xc2\x5a\x28\xb3\xf8\xdd\xc7\x01\x48\xef\x26\x72\x1a\x3c\x1f\x2e\x62\xd9\xd1\x0c\xea\x42\xfc\xa3\xfa\xcd\x74\x67\x3a\x4e\x7f\x33\x50\x73\x64\xaa\x28\x6c\x0f\x38\xd7"},
+{{0x82,0x3f,0x0c,0x29,0xfb,0xfd,0xd3,0xd1,0x82,0x8f,0x30,0x55,0xe9,0xec,0x01,0xff,0xd1,0xb5,0xa3,0x75,0x11,0x8d,0xdd,0x7e,0x4e,0x0c,0x43,0x71,0x9f,0x57,0x3f,0xf7,},{0x73,0x12,0x5f,0xc8,0x3a,0xbb,0x8b,0x7c,0x65,0x85,0x59,0xfc,0x12,0x73,0x93,0x23,0x1d,0x03,0xca,0x58,0x46,0xe0,0xc8,0x81,0x18,0xd1,0x3d,0x55,0xca,0x44,0x78,0x9d,},{0xfa,0x74,0x7b,0x6f,0xe3,0x38,0x1a,0xd6,0xbc,0x82,0xa9,0x56,0x43,0xc1,0xf4,0xa2,0x0b,0x76,0xba,0x73,0xbf,0xf0,0x0e,0x63,0x5d,0x64,0x20,0x2d,0x8b,0x0d,0xf0,0x3d,0xbc,0x56,0xb0,0x13,0x8b,0x3a,0x6d,0x41,0x98,0xff,0xaf,0x58,0xcc,0xd3,0xd3,0x88,0xed,0x25,0xeb,0xcf,0x77,0x04,0x43,0xe4,0x1e,0x9d,0x21,0x47,0x95,0x0a,0x30,0x0b,},"\x80\x2c\x39\xce\x7f\x2a\x50\xbd\x81\x62\x2a\xdd\x0d\xf4\xe0\xfe\x03\xec\x3d\x2d\x30\x5a\x45\xa6\x16\x52\x71\xed\x79\xad\xd2\x43\xb9\xa0\x0e\x52\x18\x31\x92\xfe\xb2\x4c\x4f\xdb\xd2\x2c\x80\x7a\xe1\x00\xef\xcf\x16\x5b\x9c\x99\x61\x94\xe0\x0f\xa8\x17\x76\x5e\xa9\x4a\x03\x07\x0e\x48\x66\x86\xb4\x45\xfc\xb2\x63\xcc\xfe\x1f\x58\x62\xf3\xb8\x4b\x10\xf3\x90\x08\x0b\xfc\xae\x44\x7a\xe0\x06\x97\x42\xb8\x61\x8f\xa9\x57\x5f\x7e\x63\x7a\xd5\x4e\x83\x4c\xaf\x03\x94\xd7\x45\x03\x2c\xe1\xe2\x55\xc0\x27\x32\x50\xf1\x50\x4b\x37\xa0\xad\xd9\x4a\xa2\x45\xc7\xde\x52\xc8\x0e\x05\xd6\xe0\xa9\x6a\x14\x41\x05\x43\x82\x6a\x49\xe9\xb9\x45\x62\x6d\x4e\x89\xf5\x50\x27\x16\x3d\x4b\xd6\xd0\xe9\xbd\x1a\x24\x77\xf6\x7d\x3d\x56\x68\xa4\x2e\x94\xd8\xb6\x11\x93\xd8\x21\xe0\xd1\xb2\x30\xfc\xad\xc5\x36\x13\xb7\x5b\x02\xcf\xb8\x15\x84\x56\x07\x7e\xbd\xf5\xa5\xf0\x0c\x3b\x5b\x18\x63\x70\xca\xfe\xc4\xa2\x1c\x69\xdc\xe1\xf0\x1e\xfe\xf2\x3c\x37\xab\x90\xf8\x58\x23\x8a\xef\xbe\x21\x2b\x55\x6d\x2f\x07\x34\x06\x55\x9f\x1a\x51\xd8\x4e\xff\xfd\xce\x07\xb0\x0d\x01\xbb\xf3\x37\x71\xcc\x12\xc9\x60\xac\x89\x36\x5a\x9c\x82\xc5\x23\x43\xf7\x60\x33\x81\xb8\x90\x23\xc1\xa6\xe7\x02\xa5\xb1\xe4\xbd\x19\x1e\xa6\x97\x0b\x5e\xa4\x51\xea\x05\xb5\x9b\xf8\x3e\x55\xf2\x9a\x1f\x80\x32\x12\xbb\x2e\x58\xf0\x61\x63\x33\xd9\x11\x47\x08\x52\x9e\x8b\x6c\x60\x81\xde\xeb\x7c\x29\x9a\x5a\x2a\x53\xcc\xd2\x4e\xd5\x8f\xfb\xfe\x50\x3d\x80\x61\x4a\xdb\x05\xca\x11\xcf\x29\xde\xd0\x09\x04\xea\x12\x39\xf8\x2b\xa4\x0c\x79\x3e\xbc\x33\x97\x75\xf8\xb0\xfe\x39\x01\xf5\x48\x2e\x31\x0c\x79\x3c\x6e\x2c\xf0\x1d\xc1\x57\x72\x7a\xf2\x38\xf4\x9c\x98\x62\x80\x4b\x04\x75\x51\xfd\x88\x6f\x4a\x48\x99\xe2\x2a\x6a\x65\x70\x11\x17\xa3\x85\x80\x55\xbb\xfe\x96\x6e\x37\x0e\x73\x3e\x17\xef\xad\xa2\x85\x9f\xd8\xff\xa9\xe0\x1f\xce\x56\x06\xa2\x55\x36\x76\x78\xf4\xbd\x4e\x21\xe5\xda\x0f\xef\x30\x75\x7f\x34\xe3\x89\xf7\x6b\x7d\x57\xc4\xe4\x10\xa0\x02\xe9\x00\xe4\x8f\xb2\x18\xc8\xf2\x77\x8f\x14\x8f\xee\x56\x96\x5f\x5b\x47\x3e\x25\x25\x6c\x23\xa7\xaf\x19\x83\x42\xcf\x3e\xf0\x2b\x84\xdf\x2c\xd5\x80\x0a\x46\x1c\x1b\x07\xbd\xa2\xf4\x26\x28\xa6\x8a\xd2\x9d\xbb\x82\xa4\x70\x96\x7d\x73\x02\xc9\x93\xb2\x34\x13\x6e\x5b\xf2\x55\xe6\x24\x8b\x10\x2c\x2b\xff\xb2\x01\x72\x37\x1f\x1c\xa3\xe1\x0b\x08\x10\xe8\x64\x95\x03\x54\x6d\x9a\x73\x1c\xf1\x9b\x08\x33\x57\xd4\xcf\xec\xc8\x9b\xed\xb5\x35\x06\xfe\x19\x9b\x67\x03\x91\xa6\x20\x06\x9a\x30\x81\xf2\x53\xb4\xd7\x90\x88\x0a\xa2\x3b\x53\xe9\x7c\x75\xdc\x0c\x36\x05\x40\xe5\xb0\xa3\xef\xb1\xac\xcf\xfd\x13\x74\x14\xff\x84\x23\xd5\x46\x46\xfc\x56\xba\x5f\x53\xbd\x84\xc7\x26\x7c\x2f\x7e\xe3\xe3\x76\x07\x54\x41\x54\x36\x5f\x9f\x85\x08\x1d\xd7\xd2\xee\x75\xd3\x02\x27\x5c\x79\x9e\xf2\x42\x7c\xa6\x49\x63\x55\xdc\xda\x1d\x44\xe0\xd9\x77\xbf\x68\xdb\x30\x06\x50\x0a\xe3\xf4\x00\xd6\xa8\xc7\xcf\x47\x05\x7d\x4f\xc8\x7e\xee\xcb\x02\x11\x6b\x73\xee\xd6\xce\x1f\xcc\xef\x6e\x8f\xb8\xae\xa3\x63\xb2\xf6\xf5\x32\x2a\x5f\x07\x53\xf4\x58\x99\x53\x76\x46\xd5\x86\x51\xbe\x90\x37\xbf\x91\x42\x3c\x29\x86\xf5\xcc\x2b\xcb\xce\x4f\xae\xc9\x03\x49\x8b\x40\xfc\x2d\xea\xb6\x60\x3d\x6e\xea\x58\x5d\x27\x20\xd2\x1b\xb2\x72\x2b\xc0\x5b\x35\xae\xd2\xbc\xc0\xe8\x04\xfe\x9d\x23\x9f\xaf\xda\x7d\xda\xfe\x1d\x78\x60\xab\xb0\xfb\x28\xf4\xbf\x2b\x1f\xbb\x62\xa7\x86\xe4\x55\xbe\x02\x4b\x19\x3b\x78\x30\xbe\x0d\x55\x8f\x02\xc9\xf3\xae\x31\xdc\x10\x7e\xe9\x42\x1d\xc5\xf0\xb0\xf8\x94\x02\xb7\x1a\x45\x81\x40\x15\x36\xbc\x47\x30\x85\x06\xd9\x69\x39\xa2\x06\x36\x27\x44\xe2\x7d\xde\x94\x4f\x40\x96\xa1\x2b\x5f\x63\xda\xb6\x4d\x04\x14\x84\xd3\xfd\x91\xa6\x2c\x2f\x0e\xf9\xae\x78\x74\x22\xeb\x27\xfe\xd0\x80\x2e\x25\xf9\xbc\x77\x5c\x49\x15\xa8\x37\xfe\x3e\xb7\xb9\xd5\x84\x3e\x4d\x82\x10\xc6\xb4\x94\xb6\x12\x81\x63\x7a\x6b\xe3\x20\x52"},
+{{0x65,0x67,0x66,0x33,0x37,0x42,0x14,0xc4,0xac,0x4b,0x7b,0xce,0xa9,0xf1,0xcc,0x84,0xb1,0xb7,0xe7,0x94,0x11,0xe3,0x10,0x52,0x5a,0xce,0x38,0x5f,0x45,0x66,0xc1,0xd5,},{0x0e,0x6e,0xc5,0x80,0x1d,0x8b,0xd6,0xb1,0xeb,0x42,0x14,0x21,0xa1,0x40,0x8f,0x13,0x4c,0xf7,0x12,0x33,0x8e,0x0f,0xfc,0x24,0xcd,0xcc,0xdc,0x4f,0x7f,0xa3,0x1d,0xbe,},{0xe0,0xb8,0x67,0xc9,0xdb,0xda,0x35,0x32,0x34,0x33,0xc0,0x46,0xe0,0x83,0x0c,0x25,0x1b,0x43,0x46,0xc5,0x39,0x59,0x72,0x28,0x6b,0x3a,0x72,0x31,0x0e,0xd4,0x52,0x6e,0x54,0x5d,0xc0,0x9d,0x39,0x18,0xf2,0xeb,0x99,0x20,0xbc,0x9b,0x24,0x1e,0x90,0x50,0xd8,0x48,0xd3,0x83,0x02,0x88,0x65,0x15,0x91,0xf9,0x36,0xd3,0xba,0xe4,0x53,0x01,},"\x9d\x62\x2c\x20\x67\x87\x69\x40\x93\xc6\xf2\x9f\x93\x61\x9f\x21\xbb\x64\xc0\x39\x41\x6d\x20\xdc\x70\x8a\x08\x4a\x9d\x2e\x49\x0c\xf5\x65\x8e\x13\xd6\x2c\xb0\xd2\x1e\xab\x00\xe4\x2d\x85\x1b\xc6\xec\x75\xda\xf4\x05\xd2\x37\x32\x46\xee\xa4\x15\xe8\x66\x29\x1b\xab\xf7\x64\x97\x68\x0a\xaf\x04\x42\x5a\x42\x55\x2b\x10\x7d\x58\xcd\x18\x56\x1c\x8c\x94\x83\xf7\x40\x74\x4c\xbf\xa6\x05\x4c\x1b\x12\x6f\x5a\x76\x65\x9a\xc1\x9d\xdd\xad\x4a\xb5\xa0\x91\x55\xd8\xc0\x50\xb5\x35\x4e\x06\xa4\xdd\x3e\xe3\xa6\xf9\xc9\x1e\x8b\x4c\x7a\xf2\x74\x96\x64\xe7\xab\xe9\x70\x61\x58\x9e\x15\x3c\x58\xe2\x7c\xf2\x99\xa2\x5f\x2b\x53\x0c\x06\x07\x31\xec\x0f\x43\x66\xbd\x1d\xeb\xeb\x4d\x4e\x91\x2e\x76\xe5\x08\x53\x4d\x43\x3e\xc4\x8f\x96\xb6\x2e\x15\x0d\xe9\x39\x63\xa1\xb3\xe6\xc8\x09\x1b\x49\x5a\x96\x51\x8c\xe3\xd3\xb9\xa8\xdb\xdc\x2a\x13\xfd\xd0\x77\xf2\x23\x1d\xe8\xd7\x6f\x56\xd9\xab\x1c\x2f\x9e\xfa\xbc\xe4\x63\x83\x64\xf8\xfb\x2a\x2c\x68\x3c\xa8\x19\xb7\x03\xab\x45\x3b\x11\xd3\x7a\x69\xfa\x4b\xcb\x80\x23\x98\x08\x34\xf7\xb9\x02\xad\x18\x19\xfc\x02\x92\x12\xfd\xea\x0a\xbf\x11\xde\xc8\x8c\x55\xd6\x8e\xf8\x7a\x26\xdb\xb1\x5d\xc3\xd3\xdf\xbc\xdd\xdd\x5e\xd7\x1b\xe8\x6f\x32\xc7\x6e\xe2\x22\x1d\x92\x43\x68\x3d\xf9\x51\x65\x64\xb2\x6b\xab\x5c\x84\x5d\x4d\xfe\x0a\xdc\xc7\xcb\x9f\xe1\xee\x2c\x05\x1a\xf5\x90\x8c\xe0\xcc\x3a\x90\x90\x4d\xbc\x0d\x36\x80\xed\x49\x92\xf4\x6c\xe2\x5c\x2e\xe8\x51\xc4\x14\xf0\x18\x7d\x89\x3e\x5c\x3b\x01\x89\xa7\xbb\x68\x93\xd6\x83\xf5\xe3\x39\x4c\xc0\x46\x29\x9a\x16\xa1\xc1\xb5\x69\x59\x33\xa8\x9b\xb1\x30\x30\x85\x5b\x81\xb3\xc7\x46\x85\xf7\x19\xde\x01\x60\x57\x5a\x0f\xf0\xa9\x1f\xd9\x43\x47\xb8\xbc\xbe\x12\x5d\x1d\x3f\x9c\xe7\x72\xa8\x12\x6e\x00\xf5\x63\xb3\x18\x96\x56\xd5\x52\x2c\x18\x7a\xb8\x31\xa7\xad\xe7\xac\x06\xfd\xca\xc7\xf1\xd4\x58\x82\xe5\x1f\x9b\xf5\xb4\x4a\x2d\xab\xa4\xa5\x3d\xbb\x31\x97\x0b\x4a\x0f\x12\x72\xfe\x14\x08\x7e\x0c\x3c\x7e\x45\x42\x31\x2f\xe7\x4d\x76\x7f\x21\xe7\xea\x48\x7d\x52\x84\x28\x4f\x46\xf2\x0f\x32\xc5\xb1\x6e\x1e\x0a\xc8\xd7\x96\xab\x2f\x80\xb3\x44\xe7\xa8\xd8\x4d\x5d\xe8\x23\xa5\x08\x97\x75\x2d\xc5\x49\xa4\x8f\xc1\x0b\xcd\x43\x6a\x7a\x93\xe9\x7c\xd0\x5d\x78\x30\x13\x8f\x32\x38\x79\x68\x0c\x34\x3c\x16\x46\x7d\x26\x4d\x74\x9b\xf4\x5e\x40\xf3\x9f\xbc\x3a\x00\xc4\x3b\x00\x69\x3b\x01\x56\x76\x8f\xf2\xe3\xf8\xad\x9e\xb6\x40\x50\x22\xf5\xca\xda\x66\x94\xe8\xa3\x3c\xdc\x59\xc6\x67\x3c\x44\x11\x72\x44\xeb\x03\xfd\x7f\xd6\x75\x93\x0c\x29\x4e\xdd\x29\x40\xf5\xf1\x80\x95\x3d\x91\x0c\x55\x48\x5b\x20\x57\xae\x0c\x93\x02\xf4\xa8\xe8\x31\xa5\x53\x0e\x3c\xbb\xf6\xf4\x72\x22\x40\x83\xa9\x52\xa8\x39\x0a\xb0\x0d\xc0\xf6\x9d\xfd\x88\x0e\xea\x2d\x73\x9d\x21\x8d\x6a\x66\xf2\x37\xf1\x0d\x44\x01\xaa\x75\x8f\xf8\x12\x0c\x0a\xe2\x76\x61\x27\x84\x90\x24\xf5\xa4\xcc\x57\x4a\x5b\x02\xb9\x35\x96\x68\x12\xcd\x1f\xb6\xd7\x9d\x0c\x4f\x59\xff\x80\xf0\x35\xa0\xb1\x09\xcc\xcb\x22\xfb\x08\x53\x5b\x87\x41\x49\xed\xf2\xa0\x97\x0c\x14\x88\x84\x27\xd0\x7d\x1e\xaf\xa6\x84\xa6\xd3\x45\x4e\x49\xb2\x25\x18\x4c\x6b\x99\x3e\xc8\xdd\xb8\xb5\xa3\x5e\xe4\x5f\x87\xf6\x92\x66\xd4\x90\x96\xa3\x17\xd8\x6a\xde\x27\xf4\x52\x9f\xe7\x23\x64\xd0\xb9\x58\x00\x72\x99\xd9\xde\x87\xd6\xff\x9f\xb0\x4d\x57\x3a\xea\x46\xba\xc8\xeb\x76\x47\x52\xeb\x46\x5c\xaa\xab\xa6\x89\xa6\x46\x0c\x11\x07\x30\xbd\xd0\x8b\x16\x89\xde\x7b\x05\xde\x59\xaf\x9f\xe2\x44\xac\x36\x3e\x95\xc9\x8b\x66\x93\x59\xaf\x90\x31\xa3\xa9\x3b\xa6\x31\xab\xf1\xf6\x1d\x20\xef\x7f\xc6\x88\x3b\x48\x40\xfc\x92\x67\x12\xe1\x3d\x87\x4b\x72\x2f\x6a\x79\xb1\x60\x70\xc0\x31\x13\x25\xe9\xa7\x0f\xcd\x86\x91\x6c\xfa\x1d\xa7\xf9\xd0\x56\x3a\x22\xfe\x9b\xfe\x85\x4b\x0c\x18\x6c\x86\x63\xb0\x61\xb6\x5b\xc0\x71\xe8\x39\x93\x8d\x8f\xdd\x7c\xf8\xf6\x95\x2a\x64\x67\xfa\xd8\xe5\x84\x90\xed\x2b\x26\x81\x33\x01"},
+{{0xd2,0xed,0xed,0xcd,0x85,0x32,0x06,0xcb,0xf5,0x9b,0xd7,0x4a,0x25,0xa3,0x03,0xfa,0x2d,0x6c,0x39,0x36,0xbb,0x48,0xeb,0x42,0xf6,0xd9,0x00,0xcb,0xe8,0x07,0x72,0xbe,},{0x22,0x44,0x11,0x1e,0x2e,0x76,0x9e,0xab,0x81,0x87,0x1e,0x06,0xc5,0x80,0x17,0x8c,0x23,0x5c,0x7b,0xf4,0xa5,0x2d,0x2e,0xcc,0xe1,0x18,0x87,0xa9,0xb4,0x6c,0x45,0xc8,},{0xbe,0x3c,0x2b,0x56,0x7f,0xe8,0xc2,0x08,0xc9,0x8e,0x71,0x97,0x11,0x7e,0xb0,0x1b,0x3c,0x19,0x7b,0xdf,0xc8,0x58,0x56,0x2d,0xc5,0xcd,0x90,0xf8,0xe2,0xc0,0x35,0x70,0x42,0x30,0x39,0x95,0xba,0xba,0x2f,0x40,0xb7,0x34,0x5c,0x56,0xdb,0x0b,0x46,0x25,0x58,0x0a,0xa8,0xdc,0xc4,0x8d,0xf6,0x01,0x9d,0x23,0xa8,0x38,0xea,0x71,0x72,0x02,},"\x80\x70\xbc\x0d\xb0\x89\xa5\x92\x54\x46\x01\x9b\x7e\x40\x3c\x74\xec\x78\x90\x3e\x4b\xd5\x4b\xc1\xd0\x8a\x54\xa6\xf0\xed\x75\xa8\x5b\x76\x3f\xf5\x4d\xc3\x3a\x26\x00\xcc\xb4\x57\xfd\xba\xea\xe5\x48\x47\x7f\x6d\x69\x47\xae\x26\xde\xb7\x1e\xac\xd1\xd2\xd6\x22\x82\xa0\x83\x84\x3b\xe4\xe5\x93\x1d\x91\xc9\x3b\x62\x82\xc5\x88\x07\xce\x8f\x0d\x88\x0b\x14\x38\xda\xd8\xfd\xcb\xa8\x61\x2d\xf7\x3b\x9f\xaf\xf3\xa9\xf7\xdb\x30\x05\x25\x05\x36\xaa\xbd\x98\xae\x02\x7a\x89\x5e\x10\xb5\xcb\x7b\x69\x87\x5c\x0f\x39\x93\xaf\x24\x51\x92\xf4\x39\x3e\x9c\x4d\x34\x05\x74\x6e\x31\x1d\x3a\x91\x44\x7f\xcd\xbd\x73\x06\xb6\x02\x0c\x93\x3b\xba\xb9\xe3\x9d\x13\x49\x16\x25\x03\x5c\x9c\x63\x6e\xfa\x17\x39\xc3\x58\x87\x10\xa8\x79\xd9\xe3\xce\x17\x64\x61\x6f\x10\x82\xe8\xdf\xf5\x75\x59\xc3\xf5\xa5\xd7\x6d\xd3\x01\x12\x4f\xa4\x89\xfb\x94\x9e\x9e\x03\x9d\xd4\x62\x1b\xda\x60\xf0\xb8\x6b\x31\x1e\x78\xed\x0a\xb3\xb5\x28\x96\x50\x44\xb2\x3d\x78\xee\x2f\x81\x06\x1f\x8e\xdb\xd6\x92\x99\x33\xd1\x8c\x02\x07\xde\xc4\xb5\xb6\xb2\xfa\x4a\xca\x27\x47\xcf\x5b\x11\x0d\xf0\x0b\x0c\x98\x27\xbd\xb3\xd9\xdb\x2c\x7b\x03\x28\xd4\x0d\x99\xe1\xf6\xb2\x28\xe4\x0d\xad\xae\x78\xae\xda\x02\x89\xb6\xa2\x3d\x4e\xb5\x83\x70\x88\xe5\xd8\x84\x13\x63\x2c\xcc\x22\xe2\x1a\x73\x76\x8c\x67\x32\x01\xe9\xa8\xd8\xdc\x6e\xb6\xf7\x39\x7f\xed\xbd\x39\x8d\x26\xf9\x69\x2c\xa7\x2f\x6d\x6c\xf0\x56\xaa\xac\x50\xac\x2f\x3b\x26\x6d\xbe\x5e\x7b\xe7\xa0\x24\x77\x45\x78\xea\xd5\x85\x24\x5d\xaa\xa7\x3e\x0a\xaf\x83\x3c\x07\x0b\xa4\xb2\x04\x4c\xcb\x5e\x5c\xd1\x6f\x9c\x0a\xd9\x2e\xa8\x44\x80\x55\xdd\x82\x8c\x79\x93\x5a\xa6\xc0\x74\x1f\x9e\x2b\x81\x03\x24\xfd\xc6\xe6\x1e\x84\x2f\x94\x57\x22\x68\xbf\x7d\x5a\xdf\xa7\xab\x35\xb0\x7f\xb1\x9e\x78\x15\xa8\xaa\x5d\x81\x13\x01\x30\xac\x5c\xda\x8a\x47\x51\xee\x76\x03\x8c\x0a\x6b\xc2\xfa\xba\x4c\x49\x7e\x62\xb9\xf1\xf1\x94\xb8\xa5\x99\xb0\x77\x01\x81\x4b\x6d\xfb\x7d\x84\xbc\xdd\x5b\x7b\x5b\xc2\x24\x9f\x1d\x38\x45\xef\xf9\xef\x8c\xc7\x32\x85\x35\xd7\x0d\x53\xc7\xaa\x0c\x73\x05\x90\x1d\xe7\xc4\xed\x2f\xe1\x83\x82\x65\xd4\xa4\x17\xb8\x76\xad\xbd\x88\xeb\x93\x3f\x27\xc9\xaa\x48\xc8\xc7\xe3\x4e\x48\x14\x7c\xcf\xfb\x2f\xb6\x1a\x34\x8f\xea\x13\xef\x67\xcd\xf2\xe0\x39\xe3\x3f\xd8\x9e\x2c\x1a\xd2\xa4\x25\x4e\x3b\xf7\x48\x45\x2a\xa8\x3e\xfe\xca\x46\xe7\x80\xed\xe1\xd1\x3f\xf4\xcc\x5e\x7d\x01\xed\x45\xeb\x8c\x74\x81\x8d\x48\x60\xaf\x47\x59\xa8\x3e\x14\x88\x96\xab\x68\x73\x43\x95\x76\x0e\x00\x14\x6b\x79\x3c\x3e\x72\x89\x8a\xa0\xb3\xc5\xe0\xc1\xd3\xfd\xf1\x21\x58\xd2\xe8\xff\x11\x23\xa3\xa0\xc6\x4c\xf6\x37\x4a\x7f\x44\xf1\x1a\x57\x5e\x48\xa3\x79\x18\x1b\x30\xa4\x86\x5c\xfd\x02\x2a\xa9\x83\x27\x56\x35\xce\x4f\x2c\xc4\x0b\xfe\x06\x60\x67\xec\x4f\xe2\x41\xfa\x04\x7b\x55\x27\x0a\x1a\xd0\x77\x6c\x5f\x96\x86\x10\x14\xcb\xf4\x0a\x04\x32\xc5\x59\xf2\x2d\x79\x34\x2b\x79\xf8\xe7\x04\x2d\xcc\xfb\x1c\xf5\x0f\x83\x08\x5f\x80\x63\xfb\x18\x87\xed\x2d\xfc\x9d\xb7\xef\xc9\x6d\xaa\x0f\xf2\xbc\x4f\x52\x33\x5b\x02\x11\x2d\x16\x39\x2e\x13\x4c\x02\x23\xde\x45\x8f\xc0\x72\xcc\x22\xbf\x9e\x7e\xab\xc0\x62\x08\x18\x0a\x57\xe7\xce\x48\x05\xee\x4e\x0f\xc0\x15\x84\x09\x98\xfd\x56\x86\x44\xa0\x38\x6b\x3d\x8e\x7d\xda\x52\xab\xf6\x4f\x7d\xd0\x08\x68\xfc\x84\xf0\x36\xca\x8a\x78\xe9\xba\x81\x71\xca\x90\x26\x7c\x74\xe6\x15\x9a\xca\xc7\xaf\x5b\xf2\x37\x59\xab\xc5\x3d\x82\xe7\x93\xdb\x87\xfd\xad\xe1\x36\x33\x54\xff\xdc\xb0\xbd\x4c\xc9\x21\x3f\x5c\x84\x54\x45\xfc\x64\x9b\x2a\x1f\x32\x9f\x9d\x41\xd8\xa0\x31\xab\x46\xb4\x72\x16\x0f\x03\x43\x4b\x4b\x6b\xc5\xa4\x01\x52\x4d\x61\x79\xad\x66\xf9\xe2\x21\xc9\x06\x7f\xc8\x7f\xe4\xa7\x7e\x21\xe8\x02\x3b\x61\x69\xeb\xf1\x09\x0c\xd5\x56\xa9\xbe\x50\xb9\x18\x7f\xe4\x60\x7c\x59\x25\xe6\x0b\x41\x4f\x6a\x5c\xbf\x8a\xfa\x15\xed\x0e\xb3\x4b\x67\xb4\xc9\xc5\xd5\x4a\xdb\xe6\x40"},
+{{0xb5,0x69,0xf7,0xc1,0xaa,0xdf,0x56,0xed,0x1b,0x5f,0xa1,0xb6,0xfa,0xd6,0x48,0xd0,0xdc,0x54,0x4f,0xf8,0xfc,0xd1,0x73,0x78,0x0d,0xe4,0x1a,0x7d,0x4d,0xe6,0x0c,0xb6,},{0x9e,0xff,0xa4,0xae,0xd9,0xc6,0x58,0xe4,0x34,0x60,0x71,0x43,0x44,0x68,0xa0,0xb8,0xa0,0x4e,0xcf,0x78,0x41,0x69,0x9d,0x63,0xe8,0x88,0x7c,0xe2,0x05,0x57,0x0c,0xea,},{0x2e,0x32,0xba,0x05,0x56,0xbd,0xe9,0x74,0xd7,0xa1,0x9b,0x3b,0x9a,0x1e,0x92,0xf1,0x83,0x92,0x4c,0x4b,0x74,0xc5,0xd7,0x51,0xb5,0xab,0x3d,0x00,0x79,0x67,0x01,0x6e,0xc0,0x3a,0xfe,0x91,0xd7,0x42,0xfb,0x22,0xb6,0x3e,0x5e,0x55,0xb2,0xfc,0xb6,0xc6,0x1a,0x46,0xe9,0xdc,0xe7,0xfe,0x9f,0xa3,0x0b,0xbf,0x66,0xae,0xf4,0xb8,0x5f,0x09,},"\x7c\x5a\xa4\xdc\x80\x78\xaa\x77\xe8\xb3\xb7\xfe\xe6\x10\x84\xcf\xad\x76\x47\x62\xf1\xef\x26\xd8\xde\xb7\xf2\xf3\xb1\x86\xdf\xc7\x72\x48\x75\x50\x19\x78\x45\xfb\xa2\xf4\xc2\x3c\x83\x5b\x9b\x58\xdd\x0b\x63\x5c\x64\x91\x35\x13\x7f\x24\x8f\x5e\xf7\x13\x56\x4d\xe3\xc9\x66\xef\xa5\xf6\xdb\x6b\xea\x9e\x30\x97\x07\x49\xf8\xe8\x72\xd8\xd7\xae\x45\x35\xb7\x5e\x17\x6e\xa0\x48\x9b\x91\x5f\x34\x71\xd8\x27\xeb\x5b\x44\x45\x86\x48\x8c\xfc\x3f\xa6\xa4\x50\x82\xda\xcb\x82\x64\x95\xe5\x0a\x3b\x5d\xc6\xbb\x93\x0a\x33\x1f\x30\xc3\x85\xbc\x3b\x24\xce\x70\xb8\x95\x96\xdb\x6b\xfb\x68\x7d\x99\xa5\x81\x98\x7c\xa8\x76\xea\x0e\x75\x76\x96\xb3\xfc\x03\x77\x9a\x65\x81\x30\xc4\x10\xb3\x44\xed\xac\xc4\x27\x7d\x44\x84\x54\x99\xd6\x78\xe1\x41\x4f\x15\xf3\x6e\x16\x63\x35\x18\x95\x69\xce\xf3\x56\x7a\xc2\xe3\xab\x82\x1c\x91\xc9\x32\x74\xf5\xc2\x8a\x5d\x1f\x7c\x1b\xf5\x09\x9b\x10\xf8\x4e\xcb\x13\xa4\xe4\x53\x8f\x66\x49\xbf\x74\xf7\x39\x4b\x70\x3e\xf5\x36\x49\xd8\x15\x16\xcb\x1d\xb5\x21\x41\x60\x65\xcf\x9f\x27\x6a\xb8\x0c\x93\x08\x89\x7a\x27\xdf\xe3\x7e\x5e\x14\x2f\x18\x19\xb8\xd3\x48\xdf\x50\xa0\x46\xa1\x28\x88\xe3\xb7\xf2\xdc\xc7\x0f\x52\x18\xd1\x5e\xbb\x9a\xa7\x29\x1a\x1a\x92\xac\x44\x5c\x51\xd3\xa5\x3d\xd6\x91\xef\xff\xcf\x5a\x01\xe8\x76\xa7\x2a\xa4\x81\xeb\x4f\x12\x1a\x07\x23\x97\xd8\xcc\x93\xbb\xc2\xc9\xa6\xc2\x8c\xc8\x9b\x11\xff\xc0\xe9\x10\xd8\x2d\x9d\x62\x98\xa3\x67\xa0\xe1\xe3\xe8\xc8\x65\xe4\x32\x6a\x31\x9b\x22\x66\x6e\x52\x9f\x19\x98\xf1\xb3\xc8\xef\xb5\xfc\x21\xcc\xe9\x70\x40\xfb\x62\x47\xda\xa0\x00\x0a\xc5\x55\x4d\x89\xe7\xb2\x71\x59\xdd\x0b\x18\x00\xb7\x60\xb7\x9c\x91\xef\x6e\x97\x0b\x1e\x6c\x5f\xf4\x24\x42\xb1\xb3\xae\x4d\x3c\x43\x9e\x08\xec\x2f\x6b\x94\x17\x73\x87\xca\x5c\x01\xdf\x6f\x07\xf8\xe3\x4d\x25\xed\xbd\x49\xd8\xb7\x4e\x31\xa5\xe6\x5d\xec\x1f\x87\x60\xfa\x22\xc0\x0e\x6f\xb1\xcd\x55\x5b\xe6\x8b\x0a\xb4\x35\x99\xf0\xb9\xf4\xa5\x4a\x7c\xcb\x06\x26\x83\x89\x5d\x5e\xf6\x6d\x24\xdf\xb1\x67\x8c\xb0\xd0\xe8\xc8\x01\xd8\xe5\xff\xe7\x9b\x91\x39\xfc\x96\xd1\x18\xeb\x39\xb9\xc8\xd4\x40\x44\x89\x32\x5d\x45\xb4\xa3\x20\x2b\xea\xdc\xa6\x6f\x83\x1c\x68\xef\xb8\x15\x94\x15\x81\x93\x0e\xad\x29\xfd\x5f\x21\x1b\x90\xe7\xa3\x9f\x0d\x4f\xf4\x8c\x62\xa5\x45\xe2\x8a\xc2\xce\x29\xbe\xdc\x35\x6d\x92\xfc\x00\x34\x71\x76\xd7\x76\x23\xe0\xe1\x80\x9e\xff\x3f\xe6\x2b\x75\xa7\xd9\xde\xb7\x27\xd8\x61\x72\xd1\x4e\xdb\xf2\x78\x9a\x57\x14\x3c\x69\x92\x5c\x91\x7d\x43\x3b\x46\x83\xb0\x69\x3b\x3c\xd9\xe7\xe3\x77\x99\x64\x10\x72\x7f\x5e\x6f\xb8\xf5\xcc\xd1\x86\x0a\x20\x29\x4e\xcf\x33\xfa\xf9\x7a\x1e\x0f\x85\xb7\x61\x44\x7d\x47\x61\xb9\x6e\x4d\xf1\xb3\x12\xbd\x41\x4c\xab\xcf\x49\x84\x97\xb0\xea\xd6\x7c\xd1\xe5\x90\x1b\xbf\x3a\x16\xa8\x89\x1c\xcc\xed\x8a\x90\x7d\xf8\x87\x26\x95\x2d\x4a\xb3\x70\xa6\xb7\xdf\x29\x42\xcf\x13\x61\x5a\x5b\xc1\x2b\x4e\x10\x6d\xc3\x01\x3c\x68\xb8\xfb\x90\x63\x99\xdf\x15\xf1\xaa\x90\xd5\x6a\xa9\x74\xb1\xd2\xb2\x8c\x1a\x84\x53\xb9\xbf\x07\x92\xa5\x1c\x97\xce\x8a\x12\xaf\xc9\x34\x1b\xb4\xc0\xc3\x7b\x12\xdc\xb1\x2c\x63\x94\x49\x77\x5d\x9a\xc5\xc2\xec\x49\x67\x3d\xa5\xaa\xf7\x49\x3e\xd5\xf1\xf2\x11\x6e\xae\xf7\x2b\xb7\xfb\x1e\x09\x3e\xde\x2c\x26\x31\x7f\x4f\x4b\x6a\xd5\x85\x34\x62\x05\xdf\x91\xa6\xe9\x6b\xc6\x6d\x30\x64\xbc\xe9\x52\x39\x8f\xfc\xe8\x80\x71\xed\x9f\xf2\x75\x0c\x65\xc0\xc3\x04\x12\x5a\xc2\xca\xdc\x4f\xef\x71\xa8\x18\x73\x24\x96\xa8\x4c\xa5\x74\xd4\x82\xd5\xa3\xbb\xa2\x0e\x16\xdd\x2f\xa2\x4d\x32\x70\xf6\xc6\x09\x92\xf7\xf6\x3e\x88\xf5\x2e\xff\x62\x22\x99\x8e\xb4\x41\x67\x27\x38\x43\x75\xf5\x9f\x00\xe4\x75\x12\xee\x46\x4c\x31\x84\xac\xea\xff\x3c\xcf\xb0\x6b\xd1\x5c\x18\x3c\x5e\x48\x59\x26\x28\x8b\x99\x7b\xfa\xaa\xec\xf6\xec\xbb\xf7\xd2\xab\xf4\x90\x6d\xf7\x6b\x12\x77\xc5\xf5\xa8\x7e\x68\x17\xb1\xc6\x36\xe9\x1e\xfd\x7e\xcc\xf6\x4f"},
+{{0x32,0x34,0x65,0xd0,0x31,0x3d,0x10,0x01,0xa2,0x61,0xab,0xfd,0x44,0xfe,0x65,0xc3,0x8c,0x9a,0x00,0xca,0x0f,0x20,0x33,0x5d,0x65,0x53,0xde,0x49,0x26,0x99,0xfc,0x46,},{0xe2,0x2f,0x16,0xbd,0x4c,0xc7,0xe9,0x4c,0x46,0xba,0x31,0x96,0x1a,0xf8,0xc5,0x83,0xf9,0xd2,0x71,0x8c,0x68,0xf7,0x3d,0x85,0x06,0x9f,0x60,0x8e,0x15,0xba,0x87,0x66,},{0xda,0x3a,0xad,0xb3,0x43,0x60,0xb2,0xda,0x0c,0x26,0x54,0x2e,0xa7,0x1d,0xef,0xa8,0xa0,0xbf,0x7f,0xbd,0xae,0x3e,0xe9,0xe1,0x1c,0x84,0x08,0x4a,0xd0,0x5c,0xce,0x7b,0xa7,0xd9,0x4d,0xe2,0x5d,0x85,0x63,0x98,0x26,0x16,0xbc,0xdb,0x5b,0xb6,0x39,0x5f,0xac,0x4a,0x7e,0x84,0xbc,0x77,0xe2,0x1e,0xd3,0x6d,0xf7,0x5d,0xec,0x99,0x0b,0x06,},"\xbb\x10\x82\xe1\xcf\xdc\xd2\x9b\xfc\xa2\x46\x4d\x5c\xe4\x46\xb5\xba\x65\x4b\xa5\x8c\x22\x53\x8d\xa9\x26\xb8\x30\x3c\xab\xfd\x28\x4a\x7b\xd5\x99\x4a\x78\x6f\xa6\x6a\xed\xf0\xe1\x5f\x20\xc3\x82\xcd\xac\xf3\xd1\x45\x57\xff\x7a\x82\x67\xfa\x04\x67\x2c\xac\xab\x76\x70\x08\x65\x0a\xa9\xb4\xa7\xc9\x07\x1c\x47\x99\xf1\xff\xa4\x5c\xa4\xd5\x86\xe0\x20\x47\x44\x4c\x14\x23\x19\x43\x46\x7a\x3a\xba\xef\xa5\x39\x59\xda\x22\x6e\xb0\xc1\x53\x92\x01\x97\x60\x15\x96\x97\x74\x82\x93\xc0\x25\x56\x87\x83\x58\x8a\x39\x10\xe7\x8e\x5e\xa4\x27\xc4\x40\x7a\x89\x01\x06\x1b\x8b\x99\x2b\x82\xa2\xdf\x58\xc0\x4a\x1b\x2c\x5f\xad\x11\xc6\xb3\x79\x85\x6c\x2e\x0f\xef\x8a\x95\x0d\xe7\xe0\xfc\x22\x31\x03\x09\xe0\x8b\x13\x2b\x0c\xce\x4f\xc1\xec\xbf\x94\x57\x4a\x38\x8d\x4a\xe3\x66\x75\xd3\x29\x9a\x95\x15\x54\xeb\xf1\x80\xeb\x38\x1e\x1b\x5d\xf9\x77\xd9\x38\x43\x38\x91\xbc\x47\x8d\x76\x81\x85\x0b\x9d\xc9\xc5\xc7\x69\xd4\x05\xf5\xd8\x83\x9f\xc9\x73\x61\xd6\xcb\x30\x6c\x20\x30\x26\xcf\x2e\x2b\x3d\x39\x84\x9e\x1f\x4b\x12\x25\xeb\x25\xef\x8a\xcd\x40\xb0\x06\xf2\x0c\x64\x4d\xb6\x50\xc7\x5d\x38\xc0\xfc\xdd\x48\xf5\x98\xc7\xb4\xa6\x01\x06\xe6\x9e\x19\xcd\x71\x25\x89\xce\xdc\xcf\x50\x86\x4e\xa5\xf9\xe9\x5e\x01\xf1\xdd\x85\xc7\x51\x4f\x2c\x94\xb2\x83\x59\xde\x41\x32\xb8\x8c\x3e\xe1\xd1\x0a\x80\xa9\xfa\xdf\xb6\x90\xe3\xd8\x86\x41\xb3\x16\x8f\x0b\x89\x6a\xf8\x99\x0a\xdb\xf0\xe4\xf8\xe9\xd3\xf9\xd4\xcd\x31\x4e\x12\xc3\xbc\xe0\xcc\x87\x38\xe0\xcf\xc1\x90\x5b\xe5\xef\xa0\x71\xf7\x10\xb3\x2f\x8e\x58\x98\xc6\x0e\xb1\xbb\x8f\xee\xb7\x40\x00\x56\x0f\x41\xcb\x2e\xbc\x32\xb2\x60\x0b\x69\x80\xa2\xa4\x06\x4d\xfa\xa3\x79\x7e\xc4\x4c\xfb\x72\xd3\x79\xf8\x09\x73\x79\xca\xd6\x7e\xcd\xc0\xc3\x24\x14\xfa\x41\xc7\x2b\x1b\x9e\x4e\xdf\x55\x18\xcb\x39\xfe\x90\x92\xb4\x39\xaf\x3a\x4e\xbd\x5a\xfe\x79\xbe\xdc\x0e\xa8\xbf\x17\x47\x9a\x28\x21\xf5\xe9\xbd\x91\xd7\xf4\xaa\x5e\x38\x46\x99\x52\x37\x19\xb6\x95\x7f\x82\x36\x7c\xd8\x5f\xea\x9d\xed\x62\x36\xa2\x07\xc9\x4c\xb3\x73\xe3\x39\x3c\xb4\xfe\x11\xf9\x0a\x1b\x87\x79\xe4\xab\x4c\x34\x66\x13\x6b\xf2\x1e\x2a\xab\x78\xf7\xd2\x72\x6d\xb6\x41\x4f\xa5\xc4\xa3\xf7\x31\x3a\xd2\x11\x6a\x6d\x7c\xe4\x0a\xaa\x10\x01\xc2\x70\x4d\x5b\x05\xae\x54\xc7\xcc\x6f\x56\x72\x17\xf1\xa4\x7b\xfd\x0e\xe7\x38\xea\xea\x5e\xad\xb5\x37\x10\x75\xbe\x07\x6c\x87\x50\xae\xce\xfc\x41\x7e\xa7\xbf\xda\xac\x3c\xc3\x8b\xf1\x6c\xc2\x6d\xf7\x60\x0e\x3c\x7e\x8e\x43\x1f\x26\x76\xfc\x2a\x8c\x43\xa6\xa1\x43\x68\xba\x62\xbb\x32\x43\x9a\x06\xbe\xac\x38\xa0\x47\xb3\x74\x5e\x26\xf4\x07\xad\x82\x3d\x6a\xd1\xc0\xb6\xa4\x43\x41\xe1\x5f\xc9\xb3\x31\x21\x4f\xfc\x89\x69\x82\x11\xb0\x51\x33\xd6\xd3\x43\x3b\x5d\x59\xf7\xab\x4d\x10\x9e\x54\xe4\xc5\xd6\xf3\x2f\xcf\x72\x30\xfa\x4e\x25\x28\xc8\x61\xbb\x21\xcc\xc9\xe3\x10\xe9\x49\x7e\x07\x7e\xa6\x75\x51\x0d\xa7\x12\xb1\xa5\xdf\x57\x5c\x5d\x1b\xf7\x36\x2d\x07\x11\x80\x03\x9a\xec\xfa\xa5\xc8\x57\x3c\x24\xc0\xf4\xeb\xe8\x1c\x2f\x88\x9a\xed\x3d\xe5\xa0\x00\xbe\x12\xfe\x3d\x0a\xf2\xdc\x2c\xd4\x24\x0e\x31\x4a\x17\x6c\x55\x3e\xfd\x5c\xba\x79\x8d\x9f\xf1\xe3\xd4\xbd\x9e\x90\xbb\x81\x13\xe3\x84\x9d\x73\x5a\xfa\x4a\xf6\x94\x5c\xc5\x7d\x4c\x37\x8d\xb8\x4f\x20\x6e\xf7\xea\xb1\x1c\x63\x7a\x7f\x72\x60\xf1\x22\xa9\x7d\xff\x67\x47\xe9\xb4\xc1\x74\xed\x0d\x64\xf9\xef\xd7\xfc\xcc\xf9\x81\x51\x9e\xc5\x80\xa8\x18\x25\x47\xd1\x79\x68\xc4\x01\x51\xfd\xf6\xd5\x4b\xc5\x7a\x91\x15\xf0\x40\xfa\xb5\xc1\x00\xde\xb0\x39\x12\x2b\x7d\x2b\xfd\x98\xb6\xad\xf3\x8f\x42\xb2\x96\xea\x3b\x37\x8a\x90\x42\x59\xb7\x5d\x60\x70\x3b\x48\x40\xb3\xf5\xda\x09\x62\x0a\x54\x77\x62\x80\xe9\xca\x9e\x8c\xd9\x24\xae\xd2\xb5\xdd\x2b\x49\x83\x4e\x58\x1c\xae\xd5\x27\x1c\xd7\x8c\xe0\x8e\x4b\xba\x49\xb5\x9c\xd7\x7c\x1b\x62\x76\x64\x91\x48\xab\x72\x47\xf9\x7f\xc0\x13\x16\x35\xde\x47\x4d\x3c\x23\x49\x3c\xa9\x8d"},
+{{0x60,0xff,0xdb,0xae,0x00,0x3f,0xa2,0x79,0x4f,0xca,0xbb,0xf8,0xf5,0xb4,0x16,0x44,0xfe,0x3a,0x7f,0x44,0xed,0x6c,0x83,0x41,0x93,0xda,0x07,0xa9,0xdc,0x5e,0x26,0x65,},{0x35,0xb5,0xeb,0x31,0xab,0x55,0x64,0x92,0x57,0x8b,0x3d,0xbd,0x6c,0xf1,0x68,0x7d,0x1f,0xdb,0x21,0x6a,0x72,0x58,0x18,0x07,0x96,0x63,0x48,0x2f,0x22,0x1c,0xe4,0x21,},{0xb8,0xf3,0xe1,0xf3,0x78,0x5a,0x2a,0x39,0xbb,0x08,0x6c,0xa4,0x65,0xc0,0xab,0xf0,0xa3,0xe8,0x74,0x43,0x22,0x5a,0xc6,0xe9,0x66,0xed,0x9b,0x45,0x31,0xc5,0x4a,0x89,0x4a,0x9a,0xbd,0x01,0xac,0x31,0xb8,0x57,0x57,0xfe,0x75,0x30,0x8c,0x95,0x94,0xff,0x65,0xf9,0x7c,0xdd,0x91,0xe8,0xd8,0xa9,0x3c,0xf1,0x2b,0x9e,0x6d,0xbe,0xe9,0x0b,},"\x3f\x8f\xf2\x0b\xb4\xf0\x08\x34\xc8\x0f\x2e\xe6\x89\x3d\x6f\x73\xbf\x7a\xce\x27\x29\x60\x1b\xb2\x6a\x0f\xb2\x72\xa4\xd0\xee\xa1\xfa\xe1\xd3\x06\xac\x2c\x5f\x32\xad\xd6\x01\x35\x85\x1d\xa2\x7e\x4f\x12\xe6\x4e\xa5\xe9\xe9\x96\x0b\x13\x83\xb0\x4c\xe0\x5a\x98\xb0\x41\x4d\xad\x97\x1e\xa9\x89\x44\x87\x1d\x41\x5c\xc2\xc4\x6d\xa4\x03\x97\x6d\x9f\x21\x93\x89\x58\xd4\xea\x8c\x79\x03\xb1\x4f\x2a\x44\x85\xfd\x69\xaf\xb2\x4a\xbe\x10\x2d\x8f\xec\x26\x6f\xb4\x68\xb4\x11\xeb\x20\xa3\x39\x67\x7d\x88\xeb\x31\xc9\x97\xb4\xdc\x88\x56\x13\xf0\xbe\x7c\x70\xda\xf8\x56\xa3\xdf\x92\xda\x96\x02\xfb\xa2\xe6\x74\x9d\x2f\x42\x6b\xee\xf6\x86\x62\xd5\xb0\xc2\xfd\x31\x32\x1b\x22\xb5\xec\x59\x7d\xa5\xd7\xe6\xa2\x88\xeb\xd9\x44\x3c\x5f\x39\xeb\x87\xdc\xf4\xa5\xad\x9d\x56\xc6\xba\xf6\x08\x09\x96\xa7\x79\x36\xbd\x87\xdc\x3c\xb4\x2e\xd4\xc4\xd4\x26\x88\xa9\xe1\x93\x82\x9b\x76\x1f\xf3\x20\xe2\xa6\x6c\xc6\x76\x48\xe7\x0e\xea\x3a\x1f\x2f\x9b\x9d\x5b\x42\x02\xfb\x5a\x39\xe9\xad\xc6\x09\x08\x6a\x9b\xe2\xa8\x32\x3a\xc6\x69\x31\xbd\xf6\xc5\x04\xd3\x33\x62\x11\xe4\x6f\xde\xfc\x48\x1f\xbf\x17\xf6\x13\xda\xb1\xfc\x5c\x09\x7c\x92\xdb\x06\x09\x90\x6d\x78\xb2\x5a\x45\x5a\x30\x45\x71\x8e\xfd\x3e\x3b\x14\xe2\x52\xb1\xae\x59\xc7\xc3\x89\x3e\x31\x91\x3b\x2c\x26\x4c\x0f\xfc\x3b\x60\x6c\xa1\xb0\x1d\xc4\x7e\xe8\x28\xa0\x8e\x46\xaf\x60\x4e\x59\x0d\xef\x44\xd2\x7a\xab\x93\xa4\x03\x25\x1f\xca\x07\x72\xe9\xdf\x0f\xab\x7a\xf0\xcb\xc5\x18\x1e\xfd\xa4\xda\x91\x3d\x8e\xb6\x45\x2f\x6c\xec\xbd\xa2\x04\xbc\x72\xd7\xc9\x90\xf6\x0c\xe0\xdd\x83\xc6\x34\xe9\x12\x23\x60\x91\xb0\xa6\x67\x3a\x7c\x89\xea\x59\x30\x8d\x55\xbd\x7e\x63\xa8\x52\x67\x74\xcb\xdd\x7a\x13\x39\xfa\xc2\x12\x4c\x90\x22\xab\xd6\xfe\xce\x7f\x2d\xae\xdf\xd8\x7f\xa6\x83\xdc\x0e\x3e\xf4\x08\x06\xa0\xab\x19\x87\x69\xd3\xa9\x9f\xe8\x1a\x99\xb6\x86\x00\x31\x90\x87\xaf\xa4\xea\x79\xd7\xee\x45\xda\x9c\xd4\x08\x09\xf4\xee\x8f\x4e\x25\xa0\x17\x75\x21\xee\x9d\xba\x8b\x56\x21\x2e\x88\x71\x9b\xb7\x36\x73\x36\xf4\xa7\xbc\x71\x22\xb4\x1a\x7d\xfa\xa2\x67\x2f\x92\xf2\x34\x03\xa1\x0c\x4f\xb2\x53\x88\xc6\xb2\x00\x81\x09\x3d\x49\xf3\xbe\x8a\x9e\x1c\x63\x4e\xf7\xba\x96\xb6\xd5\x23\xdd\x6f\xf6\x13\xc0\xa2\x3b\x60\x45\x70\x26\xcd\x48\x5b\xa8\xdb\x61\xd8\x0a\x0d\xc6\x59\xd9\xaf\x42\xa3\x8c\xae\x77\x7f\xec\x68\xe3\x9c\x52\x98\x6f\xf9\xfc\x20\x78\x9c\x10\x58\x51\x07\xc0\x40\x47\xb6\x6b\xa1\x4e\x93\xfb\x90\x4e\xa9\x0d\xf7\xac\x9f\x01\x54\xc9\x6f\x32\x36\xac\xf6\xdc\x8b\x44\xf5\x54\xc0\xcd\x51\x31\x93\xe5\xdf\xd8\x7e\x08\x5a\xd4\xb3\x8a\xa4\xc5\xe3\x6b\x24\x27\x72\x20\x88\x81\x6e\xcd\x2b\xc3\xa3\xdd\xa0\x1e\x4f\xb3\xff\x5e\xec\x7a\x64\x17\x32\x2b\xa6\xa2\x77\x73\xd2\x44\x95\xa8\x39\x19\x4a\x4a\x58\x2f\xe5\xab\xdb\x8b\x5d\x53\x3a\x24\x26\x25\x89\x24\x1f\xc8\x1f\xdf\x5e\x79\xfd\x26\x77\x64\x28\xf8\xe1\xce\x9e\x92\x6c\xf2\x72\x71\x6e\x75\x83\xab\xfc\x67\xa9\x4a\xae\x08\x16\xc1\x00\x0a\x19\x61\x70\xbb\xff\x1f\x45\xe5\xed\x9e\x26\x7a\xce\x1e\x4d\x91\x5d\xce\x72\x16\xc5\xf4\x04\xde\xf6\xfe\x2b\xd8\xb2\x8b\x2e\xcc\xf3\xe2\xae\xa0\xc0\xd6\x62\x63\x90\x27\x4e\x47\xe7\x45\xed\x3a\x23\xbc\xfd\x21\xd2\x84\xc3\x95\x37\x9d\xc0\x20\x80\xf0\x79\x36\xbc\x15\x4e\x7b\x99\xee\x73\xdb\x18\x8b\xd2\xa3\x94\xe0\x3a\x01\xff\xe2\xd1\xb3\x30\xce\xb7\x21\x58\xf9\x58\xc7\x16\xa8\x17\x11\xdb\xf6\x5a\xff\x8c\xd1\x2f\x5d\xfa\x53\xb3\x76\xeb\xb8\xb9\x8f\x86\x28\xf1\x7e\xf8\xb2\xab\x9c\x0b\xb6\x84\x12\xf4\xe3\x47\xa6\x33\xe2\xf8\xda\x1a\x55\x6d\x96\xf4\xaf\x72\x11\xc0\x78\x07\x9c\x10\x54\x1c\x07\xdc\x37\x22\xd1\x8d\xab\x8f\xa8\xbc\x49\x25\xab\xa5\xc9\x66\xf8\x05\x04\x03\x22\xdf\xbb\xbe\x87\xfb\xfe\xb1\x96\x1f\x5c\xcd\x40\xa9\x1b\x99\x7e\x54\x31\x5a\x7e\xef\xc3\xa4\x7b\xb0\xc8\x7d\xc2\x37\x55\xce\x72\x27\x57\x49\x96\xf4\xbe\x7a\xa3\x44\xfe\x0d\x17\xb9\x7b\xc5\x0c\x58\x38\xf9\x92\x92"},
+{{0x17,0x4e,0x99,0x3d,0x9b,0x81,0xf2,0xaf,0x67,0xe9,0xff,0xb8,0xeb,0xd5,0xda,0x41,0x79,0x66,0xa9,0xe7,0x7f,0x66,0xc6,0x5c,0x76,0x77,0x38,0xfe,0x83,0x57,0xd0,0x7c,},{0x3b,0xb7,0x38,0x6f,0x1b,0x1c,0xbf,0xae,0x55,0x37,0x03,0x83,0x3e,0xbc,0xbf,0xe2,0xdf,0xff,0x8c,0x89,0x9a,0x07,0x92,0xd7,0xce,0x23,0x22,0xb5,0xba,0x64,0x5a,0x5f,},{0xe6,0x07,0xbc,0x9a,0x53,0x60,0xb3,0x1d,0xa5,0x6b,0xe1,0xc5,0x44,0xc2,0x00,0x02,0x84,0x95,0x1d,0x86,0x89,0xf4,0xb7,0x22,0xbc,0x46,0x73,0xa0,0xc8,0x48,0x9b,0x84,0x48,0x3e,0xd8,0xe7,0x6e,0x29,0x7e,0xa0,0x46,0xe8,0x5b,0x37,0xba,0x56,0x30,0x58,0x5e,0x53,0x75,0x56,0x6a,0x18,0x7a,0xfb,0x56,0x96,0x66,0x1e,0x5b,0xfd,0xc1,0x0e,},"\xa4\x01\x75\x0a\xfc\x48\x37\xdf\xe3\xaa\xcc\x28\x4a\x59\x71\x45\xdf\xef\x02\x62\x9e\xf8\x7b\xd0\x93\x8d\x44\x39\x79\xdf\x76\xf2\x9f\xcd\x66\xa5\xb7\x1e\xa8\xab\x78\x72\x77\xe3\x05\x6f\x6e\xa1\x1b\x08\xbd\x23\x89\x79\xf9\xd3\xb0\x62\x53\x8c\x4d\x60\x40\xa8\x6b\x6e\x32\x04\x7a\xec\xc5\x9c\x23\x77\xad\x0e\xa4\xc4\x0c\x79\xff\x9f\xe9\x8c\x95\x8b\x2b\xf2\x5f\x2f\xd6\x34\x24\x32\x63\x6f\x5f\x7d\x5b\xb0\xd2\xec\xf1\x81\x83\x42\x6c\x73\x14\x79\x84\xd9\x5b\xbe\x16\x2e\x11\x97\x2d\xdb\x78\xa2\xa7\xc3\x45\xc5\xc0\xbb\xba\xba\x9c\xf3\x8a\x2d\x5d\xd5\x09\xa7\xdf\x8b\x84\x28\x74\xa9\x6e\x64\xb5\xd6\x4f\x5c\x41\xa2\x1d\x20\x8d\x14\xce\xa7\x06\x6c\xf2\x2d\xee\x0c\xa4\x1a\xa4\x6a\xb9\x21\xd4\xce\xec\x89\xec\x87\x3f\x77\x96\x0e\xda\x60\xd9\x67\x6c\xfd\x0d\xbf\xae\xc8\x72\xc2\xad\xe8\xfb\xa4\x28\x5a\xac\xd5\x27\x14\x3a\xe0\x34\x1d\x67\xd0\x07\x81\x19\x65\x3b\x5d\x23\xd4\x6e\x6e\xf7\x02\x64\xb1\xb0\x91\x38\x70\x87\x76\x23\x71\x6d\x0f\x1a\x59\x02\x1b\xe7\x4c\x91\x4b\x43\x24\x71\xa4\x3a\x29\xf2\xb6\xdb\xeb\x6a\x22\x3e\x2d\xba\xab\xb8\x20\xb4\xad\xbe\x33\x78\x29\xe1\xde\x0c\x18\x4d\xd0\xd0\x9f\x9d\x01\xd4\x25\x27\xe5\xd4\x0a\xbb\xda\xcc\x8a\xc0\xf1\xb2\xc5\xc1\xcb\x2f\x23\x87\x6d\x2d\x1b\x6b\x43\xdf\xe4\x82\xf9\xd4\x5a\x18\xf5\xc2\x2b\x15\xf1\xfe\x52\x1e\xf5\x7b\x08\xae\xc6\xa3\x03\x39\x25\xc7\x45\x4c\x93\xe6\x31\x9e\x77\x8a\xc4\x94\xfb\x14\x0a\xe5\xf1\xa3\x1c\xc8\x32\xca\x24\x88\x65\x10\x04\x06\x3b\xcf\xf8\xfd\x9a\xe9\x26\x6a\xf5\x27\xf2\xc3\x1f\x6a\xcb\x8f\x3d\xeb\xd9\x97\x8e\xf9\xdf\x01\x08\xe3\xd5\x0c\x49\x19\x90\xc9\x0d\xd8\xee\x9d\x64\xea\x4e\xbf\xd7\x11\xc9\x9d\x90\x44\xec\x11\x34\x2c\x53\x83\xca\x39\x23\x2e\xd9\x7a\x07\xe4\xdc\x51\xdb\x4c\x1f\xe9\x47\x34\x8d\xff\xe7\x0a\x95\xc9\x9d\xb1\x47\x51\x31\x48\x01\xf1\x3f\xa2\xbf\x42\xd8\x67\x37\x5a\x08\xee\x9b\x3b\x79\x9e\x0b\x15\x27\x8e\x95\xe9\x1a\x89\x68\x06\x4d\x6d\xfd\x8f\x51\x15\x43\x8c\xcb\x8b\x51\x6c\xa0\xc4\x1d\xbb\x19\x87\x3c\x6e\x10\xa2\x36\xec\xc2\xda\xd5\x22\xf8\x0f\x01\xc1\x4e\x2f\xa1\x4a\x0d\x79\x2b\x9f\xc4\x86\xc6\xfb\x0e\xfb\xdf\x21\x30\xf0\x2d\xf1\x49\x7d\xb5\xab\xa8\xbe\x61\xca\x70\xb2\x93\x88\xe4\xee\xc7\xe0\x69\x4a\x38\xc0\xd0\x3c\x59\xbb\x6a\x2d\xc3\xcc\xd6\xdd\xe1\xe2\x9e\xe2\xc1\xb3\x25\xac\x72\xaa\x8e\x6f\xab\x91\x38\xf8\xb6\xf5\xd3\x24\xd4\x6a\xf3\xa3\x54\x2c\x8b\xd8\x7c\xb0\x4f\xaf\xc5\x4b\x5d\xb8\x27\xde\x60\x67\x62\xa0\x97\xb6\x22\x79\x9c\xa8\x27\xbd\xa9\xc1\xc0\xbb\x26\x7e\xba\x82\x54\xa8\x1c\x6b\x85\x8a\x37\x5b\x94\xbd\x09\xf3\x9e\xeb\x88\xcb\x14\xb8\xd4\x6e\x47\x40\xdc\x1a\xb4\x2a\x89\x5f\x86\xd2\xc5\x7f\xc2\x8b\x07\xb7\xf6\x0f\xc4\xf8\x84\x7b\x8b\xc8\xad\x83\xa2\x48\x1a\x28\xf2\x9b\xca\x35\x10\xff\x8b\xf1\xdd\x75\x81\xe3\x35\x71\x64\xf4\xfe\x92\x0f\x9d\xe8\x39\x37\x6d\xe0\x64\x90\x0d\xc7\xf8\xbc\xf5\x11\xdc\x57\x2e\x0f\x0f\x6a\x75\xb9\x29\x79\x7d\xa4\x1c\x52\xea\xe6\xfe\x13\x75\x0c\xe3\x51\xe8\x76\x76\x30\xba\xdf\x6d\x7d\x4e\xab\x90\xcd\x19\x04\xc9\x6c\x04\x8a\x9a\xcb\x21\x3a\x9e\x5b\x86\x46\x15\x73\x8a\x84\xf2\x22\x98\x6a\xc2\x35\x54\xcf\x4c\xe5\x4e\x80\xab\x57\x33\xc0\x65\xb8\x04\x59\x92\x1d\xd3\xd8\x37\x2d\x0e\x85\x94\xd4\x36\x43\x51\xbf\x04\x1c\x14\x6f\xa8\xd2\x3a\x19\x3e\xb8\x07\xec\xe2\x3f\x24\xab\x65\x95\xe9\x32\xc9\xce\x1a\x75\x9b\xf7\x88\x91\x4d\xb0\x08\xe8\x70\x98\xdd\x81\x46\x5e\x26\x10\x64\x7a\xc3\x8e\x08\x86\x66\xf6\x0e\xc5\xd0\xe2\x17\x33\x20\xa4\x0c\xd9\x85\xf0\xe0\x0d\xbc\x2b\x45\x70\x72\x74\x83\xa8\xc2\x5f\x6f\xc1\xe0\x93\xbb\x57\xcc\xaf\xd1\xca\x20\x2f\x29\x86\xc7\xc5\x54\x0a\x7c\x3e\x10\xc4\xa6\xfc\x26\xd1\xd6\x2c\x2c\xa5\xaf\x83\x05\xce\xeb\xe4\x2f\xf9\x6e\x7d\xc5\x48\x21\x43\x75\xe8\xa7\xf9\xf7\x12\xba\x8b\xd8\x75\xe4\x3c\xa1\x0c\xf9\xb1\x83\xf0\xc8\x51\x95\x12\x92\x85\x38\xa4\x78\xcb\x98\x25\x9b\xd8\xb3\xe3\x34\xbc\xc4\x63\x55\x95\xca\xd3"},
+{{0xe5,0x37,0x15,0xfe,0xc9,0xd3,0xb2,0x0e,0x9c,0x29,0x91,0xe5,0x4b,0x5e,0xb0,0xa8,0xcc,0x81,0x87,0x55,0x69,0xc9,0x5e,0x22,0xa2,0x00,0x13,0x60,0x02,0x17,0x60,0x04,},{0x53,0x51,0x89,0x9b,0x69,0xb2,0x11,0x6b,0xc7,0xf8,0xa8,0x81,0x4d,0x1e,0x5b,0x9f,0xc7,0x85,0x69,0x8b,0xeb,0xd9,0xab,0x14,0x27,0x7c,0x3e,0xcc,0x01,0xef,0x8b,0x1d,},{0x3d,0x0a,0xdc,0xe7,0x7a,0x4e,0x04,0x6f,0xcb,0x9b,0x49,0xad,0x5e,0x6c,0x68,0x09,0xc8,0xac,0x33,0x6c,0x73,0x34,0x04,0xe5,0xd3,0xf0,0x15,0xc9,0x22,0x5c,0x3d,0xf4,0x6e,0xf2,0x1e,0xa3,0x4c,0xff,0xb3,0xaf,0x69,0x97,0x4f,0x8b,0x7e,0xab,0x2d,0x23,0xfc,0xd5,0xa1,0xe1,0x75,0x3a,0x40,0x23,0xde,0xb3,0x81,0x86,0x29,0xa9,0x8a,0x0b,},"\x84\x31\xcd\x16\xd5\xc0\x93\x77\x5e\x18\xc0\x82\x52\xc4\x3f\x95\xb1\x01\x7e\xb7\x11\xfc\xaf\x73\xe1\xe0\x0c\x0c\xd6\xf3\x44\x87\x44\xab\x9b\x0e\x64\x33\x55\x18\xc4\x83\xae\x94\xde\xb9\x76\x77\xf8\x18\xf0\xe8\x1a\x74\x90\x61\x5b\x71\x41\xb9\xc3\x5f\x80\x55\x6e\x69\x71\xce\xa2\x8e\x9a\x32\xc3\x28\xcc\x26\x69\xfc\xa5\xb1\x23\xcb\x66\x2d\xeb\xab\x2b\x98\x15\x77\x64\x66\x80\x70\xe1\x8e\xdf\x76\x1a\xe1\x96\xbd\x4b\x24\x4f\xea\x7b\x74\x98\x45\x16\xbe\x2c\x00\x73\x9e\x76\xe6\xc4\xb6\x21\xcb\x39\x83\x76\x5a\x20\xd8\x47\x78\xd5\xa4\x35\x0b\x16\x8f\x6a\x0f\x71\x2a\x98\x20\xa8\x5a\x63\x6f\xaf\x92\xc7\x89\xc4\x28\xcf\xd2\x96\x2e\xd2\x07\xc3\xac\x88\x99\xc2\x58\xca\xc1\xad\xb5\x15\x9f\x76\x4b\xa3\x72\x29\xc5\xcb\xf7\x83\xfc\x9a\xa4\xd1\xea\x46\xec\xc8\x5f\xe0\x96\x14\x85\xd4\xfc\x5c\xb2\x1d\xf0\x01\x2a\xc9\xb9\x55\x37\x3b\x14\x22\xe5\x1a\xfa\x1c\x55\x09\x88\x86\x2c\x86\x13\x3b\x76\x0a\xa6\x30\xfc\x0a\xce\xe8\x98\x91\x17\xd1\xdd\x96\xe3\xe6\x28\x7b\x69\x28\x7c\x59\x0b\xdc\xa9\xcb\xc8\xee\xce\xf2\x81\xee\x6d\x1c\x8d\x88\x82\x2b\xfe\xa5\xfa\x0f\x53\x0f\x23\x27\x80\x93\xc7\xc8\x5a\x0d\x44\xc3\xa7\x74\x04\xee\x79\xf1\xc8\x36\x8c\xd7\x32\x1b\xf1\x48\xfd\xa4\xdc\xf2\xeb\x07\xe4\x63\x0e\xa4\x22\x58\x75\x86\x37\x17\x80\x51\x45\x36\xb8\x94\xc5\x24\xe6\xb8\x3d\x5a\x76\xa1\x5c\x83\xe9\x5a\xb3\x14\xe0\x7b\x34\xb9\x8c\xd9\x9e\x07\x70\xb4\xeb\x9b\x3f\x3f\x50\x5b\xae\x8a\x06\xf7\xf9\x50\x25\x8d\x79\x07\x48\x10\x71\x95\xeb\x4f\x6b\x84\x84\x0f\x8c\x05\x90\x72\x73\x96\xed\x14\xe3\xf5\x32\x39\x47\x6c\x4d\x2a\x72\x69\xb2\xe1\xf9\x72\xfb\xff\x33\xe4\x72\x44\x26\x74\x5e\xc8\x86\xa3\x29\x16\x29\x5e\x70\xd4\x68\xd0\x6c\x7d\xbb\x5f\xf9\xa3\x54\xe1\xac\x90\x3b\xb4\x5c\xa5\x26\xf0\x8b\x49\xa6\x5e\x82\x29\x7d\x8d\xd3\xfb\x25\xaa\x42\x8f\x64\x34\x5b\xca\x97\x40\xd9\x07\x8d\xac\x9e\x11\x38\xc9\x21\xbd\xd7\x48\x81\x67\x3d\x49\xd0\xcd\x20\x06\x81\x17\x23\xde\x28\x7c\x6c\x95\x83\xe4\x56\xa0\x1a\xb1\xa3\x4d\xfa\x1e\xaa\x96\x3b\x71\xe8\xbc\x7f\xa8\xa9\x8c\xad\x4f\x94\x1e\x4b\x37\xb6\x0e\xef\x92\x3b\x32\x94\x88\x23\x50\xb3\x8e\xa4\xea\xc0\xe9\x23\x2e\x93\xc5\x32\xdb\x5d\x7e\xec\x8e\xcf\xae\x65\xe0\x80\x47\x30\x78\x77\x7d\xdf\xdd\x11\x50\x8a\x6e\x59\xf0\xeb\xaa\x3f\x60\x44\x1f\x82\xa7\x1a\x73\xc8\x4b\xca\x06\xa3\x71\xff\x5c\x9f\x77\x21\x3a\x2d\xb7\x95\xd4\xa8\x89\x78\x23\xd8\x8f\xd9\x2a\xe3\xe0\x57\xe8\xbb\xd8\x0c\x99\x0a\xf8\x38\x6b\xdf\x26\xf1\x2d\x97\x3c\x8c\x5f\xf9\xed\x6f\x7b\x2d\x8e\x61\x83\xcf\x6e\x68\xf3\xbb\x89\x8f\x59\xa9\x3e\xc4\xde\x3b\xea\x60\x5a\x5d\x8b\x15\xdf\xab\x71\x3f\x35\x85\xc4\x8d\xc9\xa5\x76\x82\x42\xb3\x31\x01\x43\x80\x30\xe7\x04\x48\x80\xd1\x7c\x2e\xe8\x4f\x89\xd2\x6a\x1f\x7b\x19\x86\x19\x3f\x96\x63\xc5\x87\xd5\x0c\xa9\xdd\xf6\x18\x6a\x51\x76\xaf\xef\x1a\xdb\x24\x81\xb7\x92\x54\xb7\x8d\x3b\x34\xc6\x97\x90\xeb\x28\xb9\x0b\x14\x61\x17\x0c\x3d\x73\x81\x83\x76\xcd\xf3\x71\xaf\x0a\x0f\xea\xf1\x4f\xdf\x70\x16\xed\x6e\x7f\x08\xc0\xc1\x4b\x52\x70\x5c\x86\xd4\xf0\x00\x3b\x5e\x45\xf9\x74\xc0\x64\x16\xcc\xb5\xca\x3e\x9d\x52\x9a\xa9\xd4\x15\xc2\x5a\x44\x6f\xa2\xd6\x9e\x82\xf4\x99\x4e\x57\xe9\x22\xc1\x7c\x1c\x34\x2d\xd7\x28\x1e\x41\x00\x52\xd9\xe4\xaa\x1b\x30\x9b\x7d\x47\x0d\x45\x8c\x66\x3e\x17\xff\x25\x00\xd0\xbb\x8e\x46\xa9\xc4\x36\x7e\x09\x1c\xaf\x87\xdd\xfc\x06\x2a\xae\x08\xa6\x5c\xb9\xe0\xea\xa7\x1c\x99\x45\x9c\x5e\x7c\xb1\x12\xa2\xee\x98\xa5\xe4\xcb\xee\x0d\xc5\x20\xf8\x7c\x30\x22\xda\x65\x49\xbe\x1e\xe7\x0a\x0a\x73\xad\x84\x99\xc9\x7d\xd0\x6a\xa1\x4c\x9f\xd8\x62\x8a\x92\xca\x6d\xb4\x87\x32\x2d\xb9\x59\x8a\xda\x1f\xce\x28\xf4\xb9\xfc\x1d\x3c\xc3\x9d\xcf\x2e\xd1\xdf\x3d\x86\x2d\x87\xf5\x5c\xc1\x01\x6f\xb9\xe7\x3e\x7c\xc8\x97\xb9\x70\xd5\xff\x35\xac\xfe\xb0\x5c\x1c\x89\x19\x28\x08\xae\xeb\xfb\x2c\xd1\x7c\xb1\xc9\x4f\xab\x05\x98\x98\xfe\xdc\x2f\xbd\x44\xcc\xef"},
+{{0xab,0xfd,0x69,0x7b,0xfb,0xc5,0xb6,0xff,0x2b,0xdf,0xf3,0xbc,0xe1,0xd7,0x77,0xe0,0x5f,0xbe,0x3e,0xc8,0xb9,0x5c,0xe6,0x93,0xd6,0x23,0x93,0x12,0x09,0x31,0x3d,0x4f,},{0xa7,0x09,0x32,0x1a,0x02,0x10,0xcb,0x80,0xab,0x58,0xbf,0x95,0x5e,0xcd,0xeb,0x8a,0xaf,0x9e,0xe4,0xc3,0x75,0xf9,0x59,0xc5,0x30,0x89,0xd4,0x37,0x48,0x8c,0x08,0x2d,},{0x8c,0x36,0xb5,0xa1,0x11,0xc5,0xa8,0x11,0x9f,0x2d,0x9d,0xb5,0x7e,0xbb,0x59,0x2d,0xae,0x86,0xad,0x4b,0xf6,0x78,0xc1,0x49,0x2e,0x26,0xf3,0xc1,0x0f,0xbe,0x03,0xf1,0x05,0xca,0xe0,0xdc,0x68,0xb5,0x52,0x59,0xb9,0xb5,0x98,0x92,0x89,0xdb,0x33,0xd9,0x5d,0x2e,0xe6,0xb7,0x56,0xc7,0x60,0xf9,0xd3,0xaa,0x0e,0x68,0xa1,0x89,0xde,0x02,},"\x89\x6b\x7a\xb8\x41\x3f\xfe\x43\x9a\x2f\x44\x87\xec\x49\xd6\x4e\x31\xc7\x4f\x50\xac\x83\xf5\x5d\xa6\x1a\x70\x03\xaa\x71\x6c\x2a\x9d\xf6\xb4\x38\xe6\x2f\x53\xd8\xf0\x19\x2f\x37\x36\x32\x47\x60\xd7\xe8\xc4\x4a\xc0\xba\xca\x3a\xe2\xa6\xfb\x93\xf1\x3d\x96\x88\x67\x99\xfd\x2c\x45\x51\xb0\xab\x36\xf1\x73\x08\x55\x55\x12\x65\xa5\xa3\xc3\xc2\x1d\x95\x16\xa2\x37\xf5\xdb\xc1\xc8\xe7\x29\x99\xb7\x82\xc5\xca\x41\xa4\xf6\xe9\x30\x8e\x64\xaf\xde\xe0\xbf\x47\x9e\x54\x6b\x89\xc5\x1b\xc5\xe4\xf7\x1e\x57\xfb\x24\xce\x43\x7a\x8b\x81\xb9\x1d\xc7\x98\xb5\xab\x36\xf2\x9a\xfd\x5b\x48\xe8\x1c\x17\x6a\xe5\xed\xf9\x53\x71\xba\x32\x46\xfb\x43\x94\x05\xbd\x10\xee\xd3\x67\x8e\x3e\xc6\x23\x07\xa3\xb3\xdc\x1b\xad\xba\x05\x1f\x16\x77\x4b\x85\x08\x81\x88\xc2\xa9\xe3\x20\xa1\x61\x8d\x5f\x26\xce\x94\xee\x2b\x93\x3c\x30\x5f\x6d\x95\x84\x95\x8e\xea\x31\x56\xc3\xd1\xe0\xef\x39\xa1\x86\x27\x5e\xe6\x2c\x40\xf3\xc1\xac\xd1\x5d\x8b\xe6\xe0\x74\x35\x1f\x53\x49\xce\x3d\xf6\x95\x17\x50\x5f\x45\xfa\x06\xa8\x15\xc6\x9c\xa1\x8f\x45\x0f\x42\xb5\xcf\x4e\xbd\x99\x26\x84\x45\xe0\xf6\x81\x04\xa7\xde\xeb\x0a\x11\x5b\x81\x7b\x99\xe1\xa7\x3e\x0f\xa9\xd8\x7d\xb7\x1f\x8e\xc9\x4f\x87\x08\xc9\xbc\x2e\x62\x2b\x96\x33\x65\xeb\xcf\xb9\x7c\xfe\x73\x32\x63\x00\x70\xe9\x65\x4e\xaa\x60\x36\x1a\x45\xd4\x02\xdc\x0a\xb2\x97\x66\x52\x42\x66\x7f\xbd\x99\x40\xf6\xcd\x33\x19\x52\x46\xa8\xc2\x86\x9a\xf7\x59\xa8\x62\xd4\xb6\x41\xdb\x14\x4d\x57\x32\x36\x6b\x20\x63\x6c\x40\x27\x78\x7f\x55\x80\x27\xd7\x6f\xcb\xf8\x43\x2e\xb9\x3e\x6d\x14\x56\x7d\xf8\xdb\xf2\x11\xda\xeb\x56\x55\xdb\x10\xac\xdd\xd0\x5e\xca\x06\xac\xce\xe9\xfd\xa8\xd3\xb7\x0c\xa1\xe6\xdc\x58\x7f\xa4\xb7\x8f\x63\xcd\x66\x3f\xf0\x24\x38\x70\x57\x0f\x4d\xcb\xaa\x3f\xb6\x26\xb4\xe1\x13\xbd\xe4\x7d\x5c\x9d\xb2\xb4\xba\x6e\xc6\xdb\xf9\x18\xac\x05\x69\x49\xef\x3c\xfc\xb1\x15\x56\x16\x15\x77\x1a\x03\x5a\x43\xd3\x3b\xa2\x65\x1d\xbe\xb4\x63\x48\x26\x1c\xe3\xc4\xc9\xf2\x46\xd2\x3f\x94\xdb\xc2\xd0\xc1\x9b\x92\x1e\x24\xc7\x7d\xa5\x99\x2f\x1b\x4b\xdf\x2e\xde\xa4\x99\xf5\x41\x11\x68\xac\x0c\x12\xe9\x6f\x3b\x15\xd2\xe1\x2a\xc8\xd7\xb3\xed\x8d\x1e\x07\xc4\x26\x7a\x25\xd3\xa3\xc3\x53\xa4\x20\x8b\x74\x06\x27\x8a\xab\x9e\x70\x0f\x7b\x20\x6f\x48\xe6\xea\x7c\xc9\x7e\x55\x4f\x15\xc9\xbe\x34\x9d\xd9\x15\x14\xdb\xe8\xd8\x89\xf2\xdc\xbb\xfa\x18\x2c\x9f\xaf\x58\x07\xa6\x9b\x2e\x97\xfa\x77\x1a\x6f\x23\x1a\x4c\x7b\x31\xd1\x17\xb8\xed\x0e\x63\x0c\xdf\x13\xe0\x82\xbb\x4f\x63\xc3\xf9\xac\xb3\x55\x32\x04\xcc\xd7\x6e\x18\x35\xc4\x6e\xec\x3d\x43\xc5\x61\xbb\xf1\x7c\x92\x21\x4a\x6d\xb1\x21\x2b\x60\x03\xcf\x2c\xc2\x6c\x7a\xe6\x75\xfc\xd0\x53\xb9\x47\xe7\x22\xf9\xe8\x57\x62\xce\x8a\x16\xe4\x65\x4e\xc6\x34\x2f\xc6\x46\xe5\xca\xb4\x72\x79\x7e\xab\xf6\x58\xba\x4a\xfd\x14\x2f\xc8\xfc\x4c\x8f\x98\xf2\x3c\x24\xdc\x99\x84\x7a\xe8\xce\xf0\x87\x9e\x1a\xb3\xbb\x80\x97\xe4\xc3\x52\x9a\xdd\x2d\x8e\x8e\x2c\x20\x69\x21\x0f\x50\xac\xe1\xae\x32\xa6\xc8\xe6\x38\x4a\x2b\xf7\xd7\x9c\x66\xc7\x46\x14\x9c\x84\xad\x75\xa3\xa1\x76\xe4\x5e\x13\x6d\x94\x69\x5a\xed\x4b\xfd\x08\xb4\x26\xea\x8c\x4b\x93\x79\xf3\x74\x25\x50\xe1\xcf\x5a\xc8\x4c\x18\x17\x4d\x68\x0e\x92\xaf\x2c\x18\x74\xac\x1c\x13\xd2\x82\x32\xde\x19\x37\x68\xe5\x61\x94\x7c\xbd\x6b\x79\xe9\xb9\x9d\xa6\x5c\xfb\x74\xff\xb3\x2f\x7d\x3d\x20\x25\xc6\x07\x63\xdc\x07\xf5\x55\x39\xb4\xd2\x53\xde\x1e\x6c\x25\x82\x3a\x62\x58\xc7\xa9\xce\xd1\x50\x1d\xce\x27\x86\x89\x8a\x3e\x05\xc9\xbf\xf8\xfc\x5b\x21\x25\xd0\xf4\x71\x08\x8a\x13\x4b\x48\x73\xc8\xd5\x5c\x04\x45\xf6\xca\x39\x6b\x3d\x7b\x4b\xc2\xbf\x5c\x4d\x22\x40\xda\x41\x82\x93\xaf\x6a\x3e\xd8\x53\xde\xdd\x3b\xf6\x68\xd9\x37\xb3\x5a\xa0\xc2\xac\xbf\x23\x76\x6f\x9f\x3e\x96\x82\x84\x75\xab\x08\x64\x96\x61\x7a\x6e\x81\xd6\x53\x58\x9b\x2f\xe5\x0b\x7b\xa8\xf0\xcf\x1e\x5a\x44\xd8\xd6\x2f\x08\x37\x7a\xbf\xc2\x62\x97"},
+{{0xdc,0xfa,0xd5,0x9f,0xc6,0xb6,0x97,0x10,0x9e,0x72,0x7f,0xf6,0x6a,0x5f,0xe9,0x3a,0x6a,0x22,0x6f,0x63,0x1a,0x64,0xe5,0x79,0x7a,0xd8,0xd8,0xc8,0xb6,0x35,0x87,0x34,},{0xe7,0x9f,0x4f,0x51,0x13,0x72,0xe3,0x55,0xe7,0xe9,0xe0,0xe8,0xb5,0x34,0x6f,0xdb,0xcd,0x2d,0xf1,0xfc,0x5c,0x3a,0x18,0x90,0xd2,0x7f,0xa1,0xfa,0x92,0x8d,0x27,0xa6,},{0x05,0x2f,0xf7,0x95,0x40,0x73,0x74,0x56,0xc6,0xa4,0x2c,0x41,0xc9,0x7d,0x6b,0xf5,0x17,0xb8,0xcf,0x28,0x9b,0xc7,0x8b,0x50,0x3d,0xee,0x6a,0x30,0xef,0x51,0x68,0xb3,0x8f,0x75,0xbe,0xac,0xa1,0xe1,0x4d,0x97,0x1f,0x87,0x73,0xe3,0x94,0x1b,0xd6,0xdf,0x5c,0xb9,0x77,0x8d,0xea,0x12,0x5a,0x4c,0x4f,0xe0,0x11,0x6b,0x70,0xee,0x84,0x0b,},"\x7d\x92\xdd\xd8\x13\x3c\x61\xc6\x10\xc1\x30\x8c\x23\xae\xaf\x99\x38\x84\xa4\xe6\x7f\x7b\x94\xbb\x88\x6d\xad\x50\x98\x69\xa9\x32\xec\x4a\x27\xd4\x10\xd2\xc2\x9c\xa7\xae\xae\x6f\x92\x80\xcf\x6c\x4b\x06\x7e\xc7\x51\xe5\xe8\xc3\x9f\xf4\x44\xd4\x22\xce\xab\xae\x14\x5d\x42\xf0\x47\x45\x3d\xd4\x02\xd1\x79\x74\x05\x03\x34\x09\xe7\x2c\xc1\x9f\x79\x3d\x5d\x26\x8f\xb3\xfd\x2c\x11\xea\x2c\xb0\xd7\x04\x36\xe1\x8f\x9e\x88\xa0\x15\x15\xdc\x86\x5f\x6a\x1e\xb2\x36\x90\x32\x8f\xd7\x5d\xe2\x63\x21\xa3\x8f\x12\x19\x7a\x97\x20\x1b\x1d\x84\x52\x94\x4f\xbc\x54\x1c\xb6\x8c\x77\xd4\x95\x15\xdb\x53\x26\xf2\xb1\xd0\x76\x3e\xda\x06\xd2\x50\xce\x2a\x5e\x0b\xbd\x7d\x16\x76\xd7\xd4\x1f\xb3\xab\xe8\x8b\xdb\xe3\x72\xf9\x6b\xf7\xbb\x52\x6d\x6b\x65\xa2\x51\x5e\x83\xa5\x77\x04\x5b\x54\x79\xb3\x8b\x85\x2f\xe4\xab\x01\x1c\xbf\x21\xc0\x85\xef\x5f\x0a\x7c\x1b\xed\x76\x57\x2b\x0f\x86\x02\x28\x06\x7a\x89\x9f\x89\x5a\xe7\xf6\x25\x6e\xb6\x51\x40\x87\xf9\xd6\xf5\xc3\x55\x96\xc1\xf4\x80\xc7\x31\x13\x54\x6c\xb9\xcc\x30\xf5\x6a\xb0\x74\xa9\xff\x28\xac\xab\x7e\x42\x65\x0a\x96\x1d\xa3\x25\xac\x5b\x65\x94\xb8\x1c\x93\x25\x0a\xe7\xd3\x92\x67\xa1\x9c\x97\x62\x54\x07\xed\xda\x04\x04\xcb\xe5\xa3\x6e\x95\x9f\xc8\x20\xb2\x7e\xf5\xca\xd7\x96\xc1\x1e\xaf\xf1\xc0\xe2\xf9\xd4\xb3\xc6\x49\x15\x02\x19\x5d\xe0\x36\x59\xb3\x64\xe4\xe8\x7b\x2b\x2d\x73\x3e\xc2\x5e\x6f\x9b\x63\xd5\xf6\x91\x79\xe0\xd2\x7b\xd4\xae\xcc\x8f\x12\xa5\x07\xa9\x1b\xaa\x48\xd9\x9b\x3a\x42\x6c\xec\xeb\xae\xf3\x7d\x73\x61\x10\x6a\x84\x90\x64\x43\x09\xf6\xeb\x4d\x25\x96\x44\x3b\x6b\x01\x18\xb9\x45\xac\xec\xc6\x44\x3e\xa6\x1f\xcd\x15\x5b\x54\x32\x5b\xc2\xc3\x1b\xe0\x25\x0f\x94\x82\xe1\x3f\xd8\xeb\x44\xe2\xae\xd7\x6b\xe8\x12\xaf\x54\x53\xcb\x7f\x86\x32\x45\x8f\xc8\xa0\x2a\x2f\x45\x48\x0d\x79\xb0\x6c\x7d\xda\x38\xb4\x69\x5d\x08\xb5\xa4\x30\x50\x4f\x1a\xe2\x27\x5b\x05\xc9\x1e\x79\x9d\x44\x70\xf3\x8a\xbe\x77\x73\x6d\xfa\x89\x5c\x19\x7e\xa4\xb6\x3c\x2d\xf1\x8e\xfe\xb1\x41\x84\x83\x7b\x8d\xdf\x48\x90\x95\x20\xd9\x10\x45\xb9\xd9\x65\x5c\x22\x5a\x83\x17\x39\x60\xb4\xd7\xcd\x0d\x8b\xae\x30\x23\x75\x57\xf8\x69\x70\x8b\xe1\x38\xad\x52\x46\xc8\x66\xc6\xc0\x59\xdc\x59\x7a\xbf\xd4\x94\x32\x37\x37\x68\x96\x73\x6b\x97\xb7\xe0\x28\x9e\xf9\xbb\xd2\x94\x77\x74\x5c\xb6\x0f\x46\x20\x2f\x1d\xe9\x84\xf5\x09\xb1\x80\x88\x33\xf5\x80\x18\xcd\xe8\xc2\x6b\xef\x4c\x00\x5b\xdc\xa3\x85\xb0\x57\x35\x11\x0c\xa0\x2e\x56\x2b\x50\xed\xdf\xf6\xfd\xe9\xfb\xb8\xd0\x30\xce\xdf\x70\x31\xbb\xeb\x32\xb1\x2b\x24\x2b\xe4\x9f\xde\x01\x60\xc1\xfb\xde\x99\xb0\x3c\x06\x2a\x1a\x47\x06\x23\x45\xc9\x2e\x0b\x60\x4d\x08\x0f\xac\xce\x92\x43\x48\x15\x29\xc7\x05\x97\xdf\xd6\x43\x82\xcb\x54\x06\x91\xb5\x9b\x71\xb0\x94\x33\x2b\xaf\x0b\xbb\x12\x5b\x63\xa4\x46\xbb\x97\x49\x1c\x04\x64\x32\x8c\xab\xd7\x62\x7c\x46\xf3\x92\xf3\xb1\x24\x82\x2f\x20\x13\xc6\xe1\x6d\x3c\xa8\x7c\xc5\xbe\xcf\x56\xb0\xfc\x6e\xb2\xbf\x99\x23\xb3\x01\x2b\xa2\xb6\x12\x50\xa6\x33\xa4\xd2\xee\x39\x12\x56\xc5\x20\x95\x73\x82\xaf\xf9\x70\xc5\xd2\x23\x85\xc3\x34\x4c\x6d\x4b\x45\x61\x57\x1c\x96\x32\x9b\xf7\x56\x15\x29\x75\x16\xb9\xf2\xce\xb9\xf9\x97\xa3\x95\x23\xaa\x0f\x58\xb4\x88\x77\x2d\x82\xfc\x0d\x78\xc5\xdd\x52\xec\xfa\x6b\xfa\xc6\x3a\x76\xe1\x48\x08\x8b\x36\xf2\x4a\x88\xe6\x83\x85\x49\x6d\xda\xdf\x30\x23\xf7\x2d\x87\xc2\xef\xa2\x6e\x87\x7d\x32\xf1\xda\x97\xcd\xb4\x2c\x8f\x15\x71\x89\x88\xe4\x28\xcd\x02\xf4\xd0\x95\x43\xbd\x0b\xd5\xb2\xf4\x09\x96\x3d\x0f\xa3\x73\x53\x1f\x78\xb5\x92\xbd\x13\x7e\xea\xea\x0b\x4e\x7f\x91\x82\x08\xe1\xd5\x90\x08\xa8\xaf\x50\x58\xf5\xd9\x23\xc4\xf3\x2d\xf1\x99\x90\xf1\x0d\xd3\xf0\xeb\x20\x62\x93\xb2\xb3\x44\x3f\x4a\x5d\x2d\xcc\x5f\x7d\x3b\xba\xf6\xaf\x43\xfe\x45\xf5\xdb\xbe\x53\xec\xf4\xbf\x1b\x4a\x13\xe2\xd4\x6e\xf8\x02\x98\xd4\xf0\x1c\x40\x2e\x21\x0f\xcb\x9f\xf2\x08\x4e\xc0\x3e\x42\x00\x8d"},
+{{0x69,0x6d,0xc4,0x81,0xf6,0x19,0xa9,0x49,0x85,0x63,0xc8,0x3d,0x0d,0x0e,0x55,0x56,0x5c,0x14,0xa0,0x78,0x45,0xfe,0x4a,0x66,0xab,0xa2,0x24,0x7b,0x11,0x3f,0xf8,0xef,},{0xc9,0xd7,0x37,0xab,0xc4,0xa9,0xe7,0x3c,0x14,0x9e,0xad,0xc1,0x95,0xa8,0x37,0x89,0x9f,0x2c,0xd5,0x01,0x93,0x73,0xc3,0x0e,0xca,0xf6,0x2e,0x5f,0x8e,0x14,0xb6,0x45,},{0xde,0xd5,0xd9,0x91,0x93,0x5c,0xd1,0xf9,0x39,0x0f,0x1e,0x85,0x92,0x9c,0xa1,0x6d,0xab,0xfc,0x83,0xe6,0x5e,0x43,0x27,0x2e,0xb1,0x75,0x16,0x71,0xaa,0x31,0x93,0x0c,0x72,0x85,0x55,0x34,0x14,0x30,0xce,0x7c,0x80,0x48,0x5d,0xe5,0x80,0x06,0x42,0x71,0x29,0xa4,0xd3,0x4f,0xd6,0x81,0xd5,0x2d,0x84,0x0a,0x16,0xba,0xfa,0x15,0x30,0x02,},"\x2d\x4b\x3a\xd0\xcc\x99\xf9\x83\xe4\x1f\x9b\x48\xc4\xa8\x18\xef\xf7\x5f\xcf\xb9\x3a\x12\x29\xec\x27\x40\xed\x19\xc1\x07\xd6\x21\xdf\x78\x05\x8d\xe7\xc2\xdd\x72\x51\xf5\xff\x45\x43\x40\x86\x5f\x6c\x86\xda\x65\x83\x1f\x66\x72\xdb\x23\x17\x26\xfd\xfe\x4b\x9e\xe3\x15\xd9\x3c\x72\x44\xa9\x20\xdf\x37\x05\x4c\x82\x44\x9d\x31\x0f\x89\x29\x32\xdd\xba\xd9\x4c\xc9\xbb\x39\xac\x89\x37\xcc\x76\xc9\x65\x21\xd3\xfd\xc0\x28\xba\x23\x41\x0b\x29\x02\x3e\x81\x38\xfd\x3f\x52\x43\x19\x88\x4e\xe5\xda\xd0\xd2\x34\xc8\xdf\x66\x1f\x88\x24\xbe\x47\x7e\x21\x69\x9f\x63\x69\xb1\x5f\xf3\xff\xef\xc1\x51\xaa\x55\x5b\x3c\x3d\x76\xad\xb4\x5f\x25\x67\x2d\x38\x0d\x47\x2b\x31\x48\xda\xbd\xef\x42\x45\xb6\x8e\x82\x85\x62\xf2\x5c\xc5\xb8\x1d\x9b\xbb\x24\x1b\xca\x9d\x19\x34\xea\x35\x3f\x95\xf7\xdb\xf3\x64\x64\x33\xe8\x1a\x35\x4e\x1e\x20\x56\xb8\x1c\x15\xaa\x1f\xa8\xed\x7a\x9d\x1a\xf9\x92\x38\xcd\x5a\x5a\xe9\xe8\x41\xc4\x8d\xc3\x48\xae\x1d\xe7\xc4\x1a\xca\x23\x32\x82\x36\xbc\x38\xb4\x7f\x47\xc7\x36\xb2\x57\xa3\x07\x8d\x57\xd5\x74\xb6\x47\xa7\xfc\x8c\x4d\x01\xbc\x50\x30\x21\x50\xd5\x03\x2b\xfa\xcb\x04\xbb\x0f\xd1\x55\xd9\x4d\x92\x06\x66\x77\x20\xe1\x80\xa6\x45\xaf\x46\x24\x59\xe3\x32\x6d\x46\x0d\xa3\xc4\x8e\x75\x72\x67\x8e\x19\x19\x26\x8d\x3e\x47\x40\xd6\x2a\x26\xf7\xc8\x55\x9c\x1c\x43\x9b\x4b\x0b\x0c\x59\x42\xa6\x20\xcf\xdb\x93\xcc\x68\xaa\x15\x52\x0f\xf2\x86\x42\x69\xd7\xa0\xc1\x55\x78\x0a\xdc\x6c\x18\x8e\x0b\x56\x5f\xb9\x59\x43\x19\xe6\xf5\x1d\x15\xca\xf6\xb2\x80\xe7\x15\x8f\x25\x79\x94\x07\xf3\xba\x0d\xd1\xce\xea\x64\xb9\x32\x6d\x2c\xfd\xef\x01\x7e\x1f\x17\x2f\x4d\xde\x0f\x7e\x46\x13\x50\x1a\xf0\x1e\xe0\xac\x30\x09\x5f\x48\xb5\x95\x90\x90\x2b\x1a\xec\xfe\x09\x34\x13\x91\x8d\x83\x5a\xdf\x96\x2e\xcf\x18\x58\x0d\x16\xf9\xfd\x4f\x6f\xa1\x09\x8a\xf1\xd8\xa2\xbc\x24\xdc\x86\xf7\x1d\x0a\x61\xff\x15\x00\x10\x86\x7d\x08\x69\x87\xb5\x1d\xd0\x30\xf5\x0a\xb6\xe3\x74\xb8\xe0\x11\x84\xb3\xe2\xb2\x14\xab\x1c\x7f\xdf\xae\xdb\xc5\x45\xe3\x8c\x3c\xd2\xf6\x98\x29\x79\x54\x1f\xe0\xff\x88\xbe\xd6\x75\x06\xda\x95\x72\x7a\xf1\xa2\x03\x8f\x32\x40\xae\x5b\xfd\x30\xee\x09\x21\x0e\x00\xfd\xcf\x2a\x06\x4d\x5d\xb4\x61\x49\x46\xbd\xa9\x72\xc6\x70\x08\x1a\x6e\xe6\xa1\x0b\x63\xf6\x73\xc8\x3c\x91\x5c\xa5\x57\x3e\x0e\xd6\x87\xb0\x06\x7c\x40\x07\x92\xa9\xbc\xc3\x34\x4e\x0e\x43\xf5\xdf\x63\xfe\xd5\xef\xa8\x5e\x9a\xaf\x85\xe4\xd7\xa2\xc5\x3a\x6c\x92\x82\x8e\x07\xfe\x63\xe2\xd2\x3f\x1b\xdf\x97\xd8\x4a\xdc\x36\xe9\xfc\x95\xfa\xad\xf0\x3e\x06\xd6\x5a\x19\xc5\xe2\x85\xef\xfd\x0e\xa0\xcf\xa8\x39\xd5\x5a\x0a\x0d\xbf\x6d\xa2\x87\x85\xc7\x7f\x5c\x04\xbf\xd5\x99\x74\xef\x37\x93\xcd\xc3\x98\xdf\x7a\x1b\xbc\x9c\xfc\xfc\x3a\x51\xff\xa9\xa2\x0d\x60\xc4\x7b\x24\x5d\xaf\xa3\xe4\x46\x23\xcd\x71\x1d\x77\x62\xc5\x0a\x67\xd6\x50\xc7\xe8\xc4\xfd\x3b\xeb\xc0\xc4\x98\xd2\x15\x2a\xb9\x82\x7c\x70\x0c\x7b\x28\x61\x56\x57\x49\xb5\x86\x4f\xec\x95\xb7\xf6\xb1\x99\x4e\x78\xd8\xf8\x5d\x06\x9c\xc1\x1f\x85\xbe\xd9\x71\x2f\x7a\x9f\x06\x0b\x0b\xf6\x75\x32\xe8\x8e\xb9\xdf\x3e\xb4\xa8\xd2\xfb\xba\xa8\x5e\xda\x92\x6d\x81\xc4\x9f\xb8\x6e\x73\x73\x1b\x7e\xd2\xa1\x90\x50\x78\x51\x3f\x7c\xa0\xfd\xcc\x3b\x1d\x57\x6e\x6a\x60\x12\x4c\x44\x61\x8d\xf1\x89\x0e\x16\x97\x94\x95\x6c\xb1\xec\x50\x1b\xa2\x04\x99\x70\xc8\xe7\x4c\xc1\x80\x06\x4c\x18\x44\x68\xbe\x4f\x08\x9a\x3a\xe2\x26\x3c\x85\x58\x63\xb6\x2c\x28\x31\x3d\xdf\x9c\xa8\x5b\xf6\x6b\x08\xa2\x64\x15\x5a\xd7\xc3\x28\x23\x8d\xfe\x61\x4a\x07\xed\xe9\x15\x5a\x09\xcc\xaf\xf9\x22\x92\x24\x93\x41\xba\xed\xcb\xe0\xe6\x46\x6e\x2c\x76\x04\x5e\x46\xda\xd2\xfc\x89\x9a\x17\x82\xe0\x09\x98\xe7\x9a\x83\xab\xfa\xe9\xb7\x06\xf7\x07\xf5\x8e\x73\x02\x03\xe1\xd2\xcc\xa0\x28\xc9\x22\xbe\xb6\xd1\x57\xfa\x7a\x98\x13\x2a\x92\x1a\x3d\xa2\x1f\x2f\x76\x9b\xb6\xc1\xf5\xf1\x9e\x9e\x85\xa1\x3b\x78\x1a\xf1\x41\x03\x9d\x51\x4e\xe1\x07"},
+{{0xf3,0xf8,0xd6,0x2f,0xee,0x3a,0xf3,0x75,0x66,0x96,0x30,0xcb,0xf0,0x63,0xbf,0xa9,0x30,0x18,0x9a,0xf1,0x36,0xcd,0x75,0x91,0xe2,0x4d,0x57,0x8d,0x73,0x66,0xbf,0x61,},{0x47,0x14,0xc6,0x04,0xaa,0x95,0xe1,0x82,0x8a,0x28,0x36,0x7b,0xa7,0x87,0x60,0xb5,0x89,0x64,0x31,0x68,0x3e,0xe9,0x96,0xcf,0xf9,0x68,0x71,0x77,0x32,0x91,0x95,0x3c,},{0x8d,0x6f,0x7c,0xee,0xb9,0x30,0x8b,0x4a,0x30,0x38,0x79,0xfc,0x6c,0xfa,0x5c,0xa8,0xe0,0x5d,0xfc,0x3d,0xef,0xc2,0xb2,0xcd,0x29,0x10,0xdd,0x4b,0x17,0xc9,0x4e,0xae,0xe8,0x45,0xab,0xe6,0x5f,0xd7,0x15,0xdf,0x05,0xb0,0x12,0x8e,0x43,0x16,0xe2,0x33,0x47,0x99,0xc6,0xe8,0xfa,0x74,0x7e,0xbc,0x8a,0x04,0x0c,0x74,0xf5,0xa1,0x48,0x0c,},"\xe1\xdd\x1f\xfd\x73\x7a\xc6\xdc\x24\xb3\xb9\xce\x3b\x79\xe8\x35\xbf\x69\x8e\x93\x13\x03\xd8\x09\xce\xa1\x78\x2d\xc3\xaf\x63\xa0\xd5\xe6\x73\x92\x82\x3d\x14\x39\xe7\xb6\xe3\x37\xb0\x1c\x8b\x21\x54\x34\xc2\x78\x2b\x3b\xe7\x44\x3c\xb5\xc8\x81\xe5\xfb\x6c\xf3\xbb\x24\x41\x28\xb4\xda\x6a\x6f\x42\xb2\xbb\x2c\xd7\x51\x29\xd5\x64\x18\x85\x43\x48\xc3\x39\xdc\xd9\x12\xb4\x55\x57\xa9\x15\xe9\xfd\x7f\x37\x91\x62\x36\x51\x0c\xb6\xc3\x31\xc1\x40\xb8\x7d\x22\x53\x11\x60\x0b\x8d\x13\x2a\xc4\x74\x73\x83\x9c\x72\x0f\x9f\xf0\xf9\xc1\xdc\xaa\x85\x81\x5a\x9d\x27\xb9\x75\x8c\xd9\x1d\xc5\xd3\xe5\x33\x26\xfc\xdf\xb2\x73\x0e\x52\xbe\x31\x03\x95\x7a\xc8\x91\x49\xa4\xc3\x00\x4c\xb6\x03\x8c\x0d\x80\xfa\x72\xac\x63\x0d\x33\x3b\xe5\xad\x4a\xdb\x58\x5a\xeb\x71\xae\xf1\xcd\xfd\x57\xb9\x15\xfa\xc4\xf1\xaf\x78\xe7\xa5\x97\xf8\xd1\xba\x06\x67\x2b\x19\xc0\xb6\x58\x08\xa8\xa0\x71\xff\x84\x09\x03\x43\x79\x58\x9f\x3d\x41\x30\x2d\x2d\x39\xb3\x31\x8e\x8c\x00\x90\xfa\x36\xcb\x95\x88\x57\xff\x5b\x21\x1c\x96\x66\xe2\x7b\xc8\x95\xab\x9d\x00\x6a\xba\xf5\x95\x0a\x03\xff\x17\xea\x98\x21\x78\xa4\x46\xdd\xa2\x46\x6f\x5a\x40\xb8\xf8\x95\x50\x9e\x4f\x4d\x4a\x6a\x27\x39\x99\x7f\xbd\x49\x68\xf8\x94\x36\xce\xe3\xd8\xed\xb8\xa6\xda\x9b\xd3\xd5\x5b\x06\x64\x90\xe8\x33\x9c\x78\x93\x5b\x77\x88\x3f\x95\xb9\x32\xfa\x5e\x6b\xb7\xdf\x30\x3b\xe3\x0f\xa5\x67\x24\x9f\xff\xb4\x73\xa1\xe4\x64\x32\x2d\x7c\x10\x3f\xe8\x22\x4c\x7e\xc5\x7b\xd3\x9b\xcd\x03\x0b\x96\x78\x7a\xeb\xcd\x20\xe9\xad\x65\x1c\xfa\x2b\xf0\x4b\xa7\x0a\x1c\xf6\x48\xe0\xa5\x44\x95\x67\x20\x2a\x93\x7a\x45\xbe\xcb\xb6\xfc\xde\xd3\x0c\xf9\xb5\xc7\x48\xf8\x82\xb5\xdc\x2a\x4d\x65\xbe\x69\xfd\x7d\x9c\x38\x1e\x83\xd0\xdc\x2a\x34\xb6\xde\xe9\x12\x20\xba\x90\x6e\x51\x2f\xcd\x63\x36\x8e\x2c\xe7\x33\xe4\x66\xb4\xb8\x2b\x84\xfb\x0c\x71\x7d\xc8\x94\x5c\xaf\x6d\x46\xac\x1c\x2f\x64\x18\xf7\x72\x9e\xf4\xc3\x5e\x40\x24\x22\xd6\x4b\x1c\x3e\xbd\x1b\x32\xa3\x0f\xc4\xc5\xee\xce\x7d\x44\x08\xff\x67\x9f\xf0\x1a\x1c\x7b\x03\xca\x51\x7b\xe5\x2e\x6a\xe7\x65\x0f\x7b\xad\x38\x90\x1e\x34\x8a\x55\x93\xbc\x99\x8f\x7c\xf2\xea\x97\x72\x9c\xb0\x04\xf5\x61\xb3\xb5\x8f\xe5\x98\x09\xa4\x1f\xd4\xb3\xb7\x66\x60\x90\x6a\xd9\xed\xa2\x3b\xf9\x25\x43\x7e\xf4\x52\xb1\x6f\x54\x0b\x3b\x80\xa3\x5a\x70\x93\xc2\x73\x4e\xef\xe6\xfa\x97\xd8\x81\xd7\x9e\xf5\xb7\x67\xd9\x88\x9f\x11\x84\x77\xb7\x3f\x58\xa4\xc0\xcb\x15\xe0\xac\x81\x01\x12\x05\x71\xca\x32\xce\x87\x1f\x30\x8a\xd9\x05\x7a\x80\xc8\x28\x15\x4f\xb1\xbc\x2b\x20\x1d\x0c\xd1\x00\x6e\x02\x2d\x44\x4d\xc9\x3f\x1b\xcf\x22\x4d\xb7\x4a\x5b\x37\x3e\x15\x3e\x85\x18\x54\x94\x8b\x6d\xa1\x47\xb7\x32\x87\xcf\x17\xd1\xfb\x72\xb4\x82\x76\x11\x10\x36\x09\xca\xb2\xa1\x77\x9e\x97\x93\xb9\xa7\x08\x20\xfc\x6f\x38\x28\xa6\x4c\x9e\xac\x35\xef\x7a\xa7\xb1\x76\x09\xd8\xef\xf8\xa9\xe5\x2e\x4e\xbc\xd8\x6b\x1e\x14\xfd\x14\x0b\xea\x47\xc6\xb8\xdd\xc4\x1e\x8c\xd2\x71\xeb\x92\x28\x7c\xbd\x06\x10\x51\x22\x42\xf7\x6a\x1e\xf3\xea\xc1\xe4\xbb\xbc\x1a\xda\xe5\x00\x34\xa7\xa2\x64\x7e\x08\xb2\xfd\x20\xaa\x93\xa9\x3c\xb2\xff\xde\xbf\x2e\x46\x1e\xcc\xef\xbb\xd1\xfe\x89\x4c\xe7\x0a\xdf\x79\x01\x73\xba\xe9\x6f\x5a\x55\xa1\x88\x7e\x9a\xe0\x9f\xce\xd1\xd4\x30\x6c\x29\x1c\x6b\x19\xec\xac\x47\x07\xe9\xef\x71\x3e\xa1\x8a\x75\x62\xc6\x67\x83\x26\x22\x89\x92\x07\x7a\x46\x69\x73\x49\x66\x10\x80\x00\xb4\x14\x4f\x45\xa0\xc3\xa2\x86\x3a\x4c\x6a\x3c\x07\x63\x2c\xb9\x3e\xb1\x97\xd2\x94\x88\x4d\x9c\xa3\xdd\x4b\x21\xf3\x9d\xb7\x07\xf6\x3a\x7f\x9a\x57\x0f\x7f\x0f\xeb\x99\xb2\xca\x7d\xa7\xdf\x92\xa1\x77\xab\xcf\xe8\x6e\xc6\x61\xd3\x0b\xcd\xcf\x15\x22\xbd\xb1\xfe\x11\x67\x32\x58\xdf\x7e\x46\xef\x4d\x32\x66\x65\x09\x31\x56\x55\x3f\x28\xb3\x56\x3f\xe7\x19\x2f\x72\xf5\xf9\xb3\x90\x3d\x79\xfe\xa0\x4e\x2c\x48\x8b\x46\x5b\x49\x78\xd6\x9f\x26\xe0\x5a\x59\xd5\xed\x4e\xf4\xca\xb2\x32\xac\xfd\x56\x4f\xc6"},
+{{0x86,0x5a,0x43,0x2e,0xcc,0xe7,0xe7,0x8c,0x42,0x70,0x9f,0xc1,0xe5,0x31,0xdf,0x5e,0x39,0x59,0x13,0x2b,0x2b,0x6f,0x31,0x8f,0xd1,0xc3,0x45,0x21,0xf9,0xa2,0x6e,0x3b,},{0xc7,0xa8,0xca,0xf8,0x93,0x0b,0x62,0x2a,0x50,0x13,0x37,0xf9,0x28,0x40,0xed,0x96,0x61,0x1a,0x32,0x20,0x80,0xfd,0xe5,0xe4,0x9f,0x0a,0x2f,0x6e,0x33,0xb8,0x82,0x83,},{0x32,0xbb,0x75,0x20,0xe2,0x63,0x9c,0x6c,0xca,0x19,0xa2,0xb9,0x83,0x6b,0x08,0xf8,0xb0,0x83,0xca,0x33,0x36,0x9d,0xdf,0x5f,0x9a,0x87,0x7d,0x4c,0x7a,0x9e,0xb0,0x5f,0x9c,0x3d,0xc3,0x4e,0xd4,0xcf,0xa4,0xb2,0x83,0xe5,0x19,0x22,0xb0,0x94,0x06,0x6c,0xe9,0xff,0xa4,0xd9,0xdf,0x62,0x19,0x10,0xca,0x37,0xb0,0xb3,0x7f,0xba,0xbb,0x0e,},"\xb2\x31\xb6\xd2\xec\xde\x49\xf5\x13\xb0\xdf\x25\xaa\xfc\x3e\x5d\xa4\x5b\x6a\x99\x58\xd6\x0f\x54\x64\xca\x59\x3c\x03\x00\x5e\xcf\x36\x1e\xf1\x69\x6b\xb6\xe5\x5d\x65\x38\xe3\x4b\x38\xf3\x24\xc2\x1c\xea\x5c\xc8\x1a\x00\x73\x27\x8b\xb9\x27\x27\xef\xf8\x1a\xf5\x61\x80\x2d\xce\xf3\x3b\xec\x10\xad\x65\x94\xe2\x2d\x9c\x44\x18\xaf\x39\x88\xa4\x3e\xd0\x87\xb9\x95\x4b\xf8\xd6\x28\x3e\x4b\xea\xe8\xc0\x96\xde\x66\x06\x75\x1c\xbe\xd6\x85\x84\x6c\x66\x30\xb9\x52\x8f\xf3\x64\xa7\xc4\x84\x64\x11\x34\x72\xc9\x86\x0b\x33\x71\x96\x3c\x91\x14\x95\xa9\xc6\x28\xa3\xe3\xe4\x7a\xb0\x99\x1f\x10\xdd\x1d\xd3\x31\x61\x52\x52\x62\xd6\x3b\xab\x64\x88\x19\xd5\x7d\x12\x69\xe1\x14\x82\x5c\x54\x34\xe6\xb2\x84\x5f\x42\x79\x5d\x4f\xb0\x83\xad\x79\x40\x1f\x2a\x07\x61\xc6\x34\xa5\x45\xae\xc7\xcd\xb1\x3b\x5b\xe4\x49\xf1\xd8\x29\x32\x63\x78\xed\x1f\x49\x3f\xe8\xc8\xe9\xb0\x68\xcc\x1d\xbc\xf1\x65\x55\x0b\x81\x32\xc3\x19\xda\xc4\x87\xb8\x7b\xb2\x2a\x54\xcd\xf6\x0a\xac\x71\x51\x61\x82\xa4\xe6\x9b\xa0\x83\xf6\xe8\x6d\x1a\x4f\x05\x08\x3a\x77\x61\x9e\xf2\x39\xf7\x02\x39\x6d\x7e\x46\x96\x8c\xc0\x4a\x3b\x34\xdf\x32\x65\xec\xf1\x61\x57\xab\xe1\x5c\x64\x2c\xd7\x42\x70\x96\xd8\xd4\x0d\xb0\x02\xd1\x96\xca\xb1\xbe\x30\x4b\xcf\x32\x2d\x9d\x1a\x24\x51\xb6\xc1\x1e\xea\xf3\xe8\xe3\xd9\x29\xf4\x80\xb6\xb7\x78\x04\xfe\x84\x49\x6c\xa7\x57\xe0\x43\x37\x91\x4c\xe9\x44\x75\xd7\x99\x0c\x74\x57\xc8\xe6\x06\xf8\xbc\x20\x7d\x2d\x48\x11\x9c\x80\xa6\xb4\xa9\xe0\x7b\x22\x92\x26\x57\x0d\xcd\x99\x49\x89\xfe\xcc\x69\x4c\x6c\x2f\xb5\x97\x5c\x9a\x6a\x9b\x74\xe8\x15\x9c\x27\xdd\x36\x77\xdf\xd5\xcb\x65\x1f\x1e\x32\xad\xfa\xfd\x81\x0b\x6e\x5d\x5e\xfb\xac\xe3\x1a\xe6\xd9\xb1\x21\x91\xe8\x93\x98\xda\x06\x3f\x13\x8b\x75\x84\xc5\x8e\x77\xe7\xf9\xfd\xd7\xfb\x9e\xf5\xd6\x8a\xe4\x9c\x6c\xca\xd2\x8d\x18\xbc\x60\x09\xd4\x18\x7e\xd1\x42\x02\x24\xa5\x65\x8a\xad\xf1\x35\xb5\xa9\x53\xf2\xdc\x3c\x8b\xfc\xaf\x66\x9e\xd5\xda\x38\xd0\x14\x4f\xd9\x66\x5e\x6f\x06\x77\xd3\xfc\x88\x04\xe2\x1c\xc2\x5f\xd5\xe0\x1a\x3f\x3f\xa8\x3e\x57\x1e\xb2\xf8\x82\xa7\x65\x9c\xe5\xd8\x64\xd8\xbb\x54\x07\x2b\x09\x86\xa8\x54\xf1\xa7\xf2\xd2\x72\x0d\xf8\x57\xe6\xd4\x21\x96\x30\x84\x1b\x1c\xcd\xcf\xc6\x72\x6b\x91\xbf\xc1\x7e\x18\xc3\xe3\x48\x0c\x23\xa2\xc0\x5e\x4b\xfe\xdd\xd4\xdb\x9e\xf4\x23\x88\xf2\x34\xfd\x3e\x4f\x3d\xad\x66\x60\x26\xe2\x78\x06\x12\x37\x41\x61\x31\x6a\xfc\x76\x65\xf9\x41\x1b\x6c\x5a\xa7\x89\x33\xb1\x80\x21\xc0\x12\xb0\x84\xf3\x24\x47\x60\xa4\xea\x1b\xcf\x31\xcc\x9f\x5c\x40\x44\xa9\xbc\xc7\x5a\x98\x67\x07\xf3\x8f\x45\xac\x1c\x7f\xa1\x39\xee\x95\xa6\xd8\xf1\x6c\x3c\x1e\x12\x76\x4c\x4b\x0b\x11\x94\xc0\xfc\x5f\x7e\xef\xf9\xa8\x48\xc4\x05\x0b\x0e\x65\x16\x84\x71\x9d\x43\x8a\xad\x56\x01\x91\x64\xfa\xe4\xf4\x88\x82\x20\x5e\xce\x0b\x99\x73\x67\x91\x08\x4a\x75\x3b\xa7\xd5\x6e\x88\xfc\xee\xa5\x33\x56\x6c\x3a\x2c\xa4\x8d\xd6\xef\xc4\x9b\x27\xdb\xf1\x4f\x26\x16\xce\xd6\x52\xe1\x38\x33\xab\x90\x28\xad\xa4\x54\x43\x1c\x89\xb3\xcb\x74\x41\xfd\xb8\xf2\x3e\x12\xb6\x0a\x1a\x10\x4a\x2a\x8c\xf4\xa6\x4e\x87\x8a\xa2\x6f\x54\xe8\x88\x1a\x4b\x15\x1a\x16\xa9\x6d\xe8\xb9\x80\x7e\x72\x93\x96\xeb\xe3\xe3\xd3\x94\xf8\x08\xbd\x74\xb7\x31\x2f\xe6\xb8\x4b\x13\x12\xaf\x8a\x1e\x41\x33\x59\x9d\x07\xbd\xf3\x3d\xb2\x1e\x01\x6b\x5c\x19\x6c\x1b\xa3\x11\x57\x08\xf5\x81\xbb\x82\xf4\xb5\x7a\x6c\xa1\xa5\x29\xe6\x4d\x19\x30\x42\xc1\xdc\x5f\xaa\x0a\x03\xab\xf5\x38\x49\xe1\xbd\xef\xba\xb6\x4b\x1c\xb6\x0f\xe1\x0a\x3f\xc1\x82\x3a\x23\x4c\x45\xf3\xb0\xdc\xe6\x6a\x46\x73\x9c\x01\xae\xad\x12\xde\x6f\x03\x13\xc7\xbe\x71\x40\x5f\x3f\xdc\x4a\x50\x7a\x9d\x84\xe8\x68\x6f\x6f\xc9\x26\x35\xdb\x0f\x78\x56\xc7\x37\x3a\x61\x8a\x72\x52\xc1\x29\xa7\x76\x0e\x20\x29\x54\x3d\x72\x62\x28\xc2\x1d\x00\xad\x4a\xc5\x2e\x5b\x1a\x6e\x31\x20\x09\x17\xf1\x5a\xf5\x15\x85\x9e\x08\xf2\xa7\x9a\xce\x67\x99\x1e\xd6\x90\x44"},
+{{0x2b,0xe1,0xf9,0x8c,0xe6,0x55,0x3c,0x91,0x5b,0x6a,0x09,0x33,0xec,0x0d,0xe3,0x47,0xb3,0x70,0xe2,0x9c,0xa2,0x94,0xe8,0x00,0x55,0x41,0x23,0x9f,0x63,0xb4,0x30,0xd0,},{0x7a,0x6f,0x44,0x69,0xc3,0x0a,0x63,0xf5,0x60,0xf9,0x87,0x34,0xfc,0x19,0x06,0xeb,0xd1,0x37,0x1e,0xd8,0x01,0x25,0xfa,0x3e,0x4c,0x86,0xb4,0x3f,0x26,0x2c,0xab,0xbc,},{0x8e,0x65,0x9a,0x3f,0x53,0x5a,0x58,0x9a,0x5f,0xd2,0xd2,0x17,0xcb,0xcb,0x8b,0x77,0x7e,0x5a,0xf2,0x0b,0x23,0x44,0x32,0xf7,0xda,0xc2,0x9f,0x81,0x0a,0x2b,0x47,0x37,0xc5,0xca,0xb1,0x0b,0x59,0xdf,0xd0,0x14,0x4f,0x30,0x90,0xf5,0xf9,0xe0,0xe6,0x67,0xf0,0xe2,0x1a,0x9f,0x57,0x3f,0xe1,0x3b,0x1c,0x28,0xec,0xcb,0xb5,0x31,0xa2,0x05,},"\x62\x68\x20\x1f\x93\x2a\x7c\xd3\xf8\x79\xae\x6a\xb8\x38\x55\xa2\xf5\x02\x91\xde\x78\x4d\x7d\x9e\x9a\xda\xa1\xb9\xaf\xed\x6f\x5a\xea\x20\x24\x0e\x59\xfe\x93\xe5\xa7\x08\x8c\x95\xec\x8e\x15\x74\x5f\xb8\xfd\xeb\x91\xdf\x01\x51\xc7\xb4\x60\x50\x67\x56\x1e\xa0\x8d\xbf\x00\xc4\xff\xe1\xfd\x0a\xcf\x10\x36\x56\xa7\xb5\x4f\xad\x0f\x25\xab\x16\xb4\xbd\xa3\x47\x17\x9e\xd1\xca\xdb\x7b\x98\xbe\x08\x95\xe0\x50\xdc\xbc\x37\x9d\x1f\xd5\x53\xe9\x97\x95\x92\x8b\x67\xa7\x52\xf8\xd2\xec\x1b\x9d\x66\xbf\x6a\xc9\x97\xe7\x44\xdc\x32\x7f\x24\x22\x30\xf9\x2e\x79\xae\x31\x27\x45\xa5\xab\x6d\xde\xc1\x99\x8f\xb6\x3d\xc4\xf6\xb0\x5f\x14\x72\x22\xd4\xb6\x5a\xce\x90\x17\xdc\x1b\xcd\x67\x5e\x49\x5f\x9e\xab\xb5\xf6\x02\x13\x3f\x6c\x72\xe0\x53\xe9\xf4\xae\x30\xd8\x72\xd7\x8b\xf7\x1f\xeb\xa3\x7a\xcc\x59\x50\x55\xc3\xbe\xa5\x3a\x05\xef\x0c\x7f\x21\x2d\xcf\x4e\x0a\xf8\x38\xea\x29\x28\xf4\xcd\xc9\xfd\xc8\x37\xda\x25\xf2\x69\x66\xb2\x45\x6a\xbe\xa6\x6a\x5d\xfb\x8f\xaa\x8f\xa0\x91\xf7\x33\x1d\x54\x36\xe9\x8a\x8d\x63\x23\xcc\x9e\x9a\x91\xd5\xa0\x2a\x49\x51\x17\x14\x84\x9b\x47\x45\x4b\xaf\x99\xc5\xf8\x50\xa0\x8d\x3d\x98\x41\x0e\x93\x9a\x9e\x89\xb1\x50\x53\x82\x5f\x3e\x9a\xee\x71\x44\x74\x16\x14\x07\x82\xe1\xbf\x3b\x0d\x8b\x4f\xf6\x2e\x77\xa4\xa0\x3f\x71\x0a\x8a\xb7\x6c\xf6\x35\x92\xc0\x5c\x44\x0c\x8f\x06\x47\x70\x09\x91\x63\xc1\x22\x70\xf3\xd5\xec\x9a\x6b\xc9\x71\x5b\xff\xfe\xc7\x69\x61\x1d\x21\xfa\x00\x3c\x3c\xc8\x35\x6c\x97\x5d\x37\xb6\x2b\x88\xaa\xbb\x85\x97\xda\xca\x19\x6c\x96\x48\xa3\x1d\x15\xbb\x0b\x86\xcf\x07\x0e\xe0\x1e\x51\x1e\xf3\x73\xb4\xa4\x4c\x6a\x00\x16\x0a\x79\x7f\x2e\x82\x0b\x71\x6f\x5c\xa6\x44\x64\xe4\x18\x9a\x00\xfe\xe9\x78\xd3\x5b\xf2\x04\xf7\x1d\xb1\xf5\x01\xf9\xb6\xe5\xdf\xc8\x21\xa8\xaf\x5d\xbf\xef\xd3\x53\xad\x36\x81\xf9\xbc\x3c\x22\xc6\x7c\xb2\x11\xb4\x30\xb6\xa5\x5f\x3e\x73\xda\x7c\x3a\x07\xce\xb7\xd2\xfe\x25\x4b\x10\xc2\x70\x3a\xb2\xe2\x29\x4d\xd0\xd3\x15\x2d\xc7\xb2\x1a\xab\x87\xb1\x50\xf7\x37\xa9\x47\x46\x3f\xb2\x04\x17\x5d\xe8\x54\x32\x36\xfb\xb0\xda\x5c\x7d\x48\xc5\x7f\x61\x74\x4d\xe6\xf9\x84\xaa\x8e\x61\xb9\x70\xc6\x2d\x0e\xeb\x84\x9d\xa7\xe8\x9a\x61\x22\x2d\x43\x20\x79\xcb\xcf\x5f\x8a\x2b\xa9\x30\x30\x16\x83\xc0\x78\x5c\x26\xfd\xf8\x5d\xa3\x02\x08\x74\x60\x45\x99\xac\x6c\x84\x7e\xc2\x60\x86\x58\xb5\x78\x8c\x7b\x8d\x3a\x37\x44\xfd\x54\x42\xe2\x4c\x8e\xec\xcd\x42\x07\x56\xbd\xd8\xb8\xa7\x7c\xfd\x80\x58\x96\x05\xdc\xed\x9a\xfd\xa2\xbd\xb6\x30\xa0\xcb\x61\x2f\x73\x9c\xe6\x17\xd5\x4e\xde\x6c\xcf\x36\xaa\x31\xe7\xe3\x73\xd8\xa0\xfb\x1b\x7c\x99\x06\xf7\x6b\x5f\x9d\xe8\xc2\x68\x91\xde\x00\x6e\xb7\x97\xea\xd4\xa8\x6f\x70\x16\xf3\x4b\xcd\xe9\x2f\x94\xac\x3e\x92\x0b\xa5\x8d\x6d\xff\x77\x20\x78\xd8\x02\xa9\x4f\x56\xcb\x26\xbf\x79\x4f\xd9\x0c\xa0\xad\x4f\x2e\x7a\xcd\xc5\x92\x9b\xc7\x36\x49\x97\xde\xd9\x8c\xa6\x9c\x57\x39\x91\xbb\x9a\xb8\x5f\x23\x5b\x63\xe7\x6f\x77\xe0\xab\x45\xe7\x89\x12\x38\x98\x69\xaf\x21\xe7\x4e\x66\xf7\xc4\x56\xb8\x27\xe6\x70\xbe\xb0\xf0\x72\x66\x88\xbb\x1f\x90\x36\xd3\x8d\xa0\x7d\x69\xea\x36\x66\xf7\x6b\xd6\x05\xd8\x2e\x2d\xd6\x38\x7e\xce\x6e\x82\x4a\x56\x97\x00\xf0\x1b\x19\x5d\x1a\x9b\xdc\xb0\xf9\x6a\xb5\xc5\x4e\x06\xc2\x11\x9b\x40\x6b\xc4\x88\x84\x80\x66\x04\x18\xbb\x42\x88\xea\x2f\xda\x96\x63\x1b\x0e\x1f\x60\xac\x86\x1d\x6c\xcc\x4c\x84\x4b\x64\x7a\x7d\x74\x03\xbc\x2d\x15\xba\xfe\x4a\xf6\x77\xe8\x56\xfe\x0d\x2b\x5f\x66\x3b\xe4\xe4\x80\xb3\x8f\x6b\x76\x6a\xdc\xd3\xd0\x52\x98\xef\x13\x98\xd0\x4d\x15\x23\xa6\x8b\x91\xdd\x31\xcf\x5d\xc4\xb7\x3d\xec\xbf\xd7\x21\x3f\x98\x1b\x20\x7e\x1f\x6e\xf2\x25\xd7\x94\x8a\x1a\xa1\x7d\x8d\x57\xa1\x12\xf1\xd4\x46\x8d\x2d\x28\xf7\xec\x2e\x54\xb7\x4a\x69\x2c\x59\x58\x02\x2e\x82\x03\x1a\x41\xb3\x15\x09\x0e\xd4\xd5\xbd\x7b\xd0\xb4\x51\x47\x63\x38\xf7\x39\xa7\xd7\x03\x1a\xf2\xd3\x6c\xaa\x09\xff\xdb\xb7\xc3\x96\x50\x7c\x75"},
+{{0x10,0xbb,0xe6,0xe7,0x61,0xa7,0x5c,0x93,0x5b,0x51,0x7f,0x09,0x36,0xfe,0xcb,0x9e,0xc6,0xfc,0x21,0x5e,0x58,0x13,0x08,0x00,0xea,0x18,0xd1,0xff,0x44,0x2a,0x4f,0x13,},{0x86,0x43,0xdd,0xf8,0xaa,0x8d,0x9c,0x8a,0x78,0xb6,0xeb,0x69,0x9f,0xd2,0x0a,0x57,0xf6,0xf1,0x86,0x36,0xb0,0x6c,0xe6,0x9d,0xac,0xdc,0xa1,0x26,0x7a,0xcb,0x39,0x54,},{0xf0,0xf3,0x57,0x41,0x03,0x73,0x31,0x3b,0x7c,0x62,0x52,0xd6,0xd9,0x66,0x00,0x36,0x0c,0x23,0x75,0x2d,0x43,0x1c,0xa8,0x07,0x5b,0xcf,0xb7,0x72,0xd4,0x9c,0xd6,0x09,0xb6,0x5c,0x9c,0xd8,0x38,0xd6,0x34,0xd8,0xd9,0xb9,0x5d,0x1e,0xe3,0x0e,0xde,0xcc,0x13,0xe3,0xca,0x99,0x7b,0x24,0x37,0x30,0x3f,0x8a,0x33,0xa1,0xff,0xc8,0x33,0x06,},"\xe8\x10\x8c\x6d\xe4\x13\x37\x33\xdc\x19\x9a\x73\x39\x2e\x22\x6f\x71\x2c\x36\xa2\x4f\xa9\x1d\x6f\xb0\x9f\x92\xdf\x21\x8d\xeb\x2d\x28\x30\xa6\x68\xfd\x69\x4b\x48\x09\xd0\x25\x35\x07\x23\x12\x47\xc7\xf2\x58\xb4\xd6\x5c\x56\xbb\x69\x34\x5e\xf6\xaa\x97\xe7\xc5\x9e\x81\x53\x77\x5a\x5a\x3c\xf1\x09\xc4\xbc\xa9\x81\x55\x69\xda\x69\x32\xe8\x21\x83\x42\x5b\x42\xd7\x48\x3c\x9d\xbf\xcb\xd8\xeb\x38\xc8\x47\x29\x57\x1e\x8e\xc9\x39\x82\xc3\x17\x71\x67\x59\x59\x8c\x4f\x6a\x1b\x7f\x8d\xa7\x30\x6a\x78\x15\x72\x1c\xaf\x02\xe7\x02\x46\x71\x23\x14\xf7\x66\xbe\x9c\xb1\x77\xcd\x2f\xa3\xbd\xa2\x2c\xd6\x76\xc5\xd2\xe8\x6e\x8d\x79\x8f\xd3\x4f\x54\x3c\x9b\xe3\x12\x96\x51\xf2\x73\xf4\x84\xf0\xb9\x46\x7b\x14\x09\x55\xcd\x29\x81\xff\x26\x03\xc0\xbd\xbb\x43\x6a\xc0\x95\x5a\x11\x6c\x5e\x5f\xc3\x04\x25\xe1\xfe\x78\xf6\x41\x0f\x6e\xf7\x57\xf6\x04\x66\x88\x54\xba\xe7\x9b\xfe\x22\xe1\xa8\x5c\xe5\xee\x5d\x64\x34\xb4\x61\x01\x20\xea\x7e\x5d\x3d\x13\x7c\xe2\x07\x51\x4f\x85\x34\xad\x9b\xf3\x92\xb7\xdc\x53\x55\x51\x4b\x59\xf8\x35\x46\x6c\x8e\xb5\x6f\x44\xed\xdc\x5b\xad\x20\xcf\x0b\x48\x0b\x2e\x82\x2a\x6f\x46\xfd\x95\xf3\x0f\x18\x3c\x7b\xb3\x14\x3e\x4e\x61\x00\xe2\xdb\xc9\xf2\xbf\x0d\x43\x07\x3e\x0f\xe6\x5f\x01\xbc\xce\x6a\x1a\xe4\x01\xc1\x25\x41\xbe\x3a\xe6\x8c\xde\xac\x2a\x4a\xc7\x1f\x16\x63\xb5\xfd\xfc\x2e\x50\xf0\xe0\x77\xfb\x3a\x0a\x8b\x8e\xee\xad\x62\x7c\x1c\x3e\x79\xdd\x73\x61\x04\x6f\x7e\x57\xc1\x74\x36\xc3\x2d\xc4\x43\x2f\x05\x00\x28\xcc\x7a\xa4\x40\x8c\x2d\x29\xd1\xd7\x99\x8f\xdc\xdd\xa3\x2b\xb3\x2f\x70\x4d\xc2\x63\xdb\x9b\x8e\x06\xc5\x76\x30\x87\x0f\x8b\xb6\xec\x66\x1f\xde\x1b\x7d\xa9\x4d\x53\xb0\x47\x70\x1a\x45\x88\x47\x8c\x1c\x66\x23\x46\x74\x1a\xea\xc4\xc2\x53\x38\x55\x6a\x3d\x84\x8d\xe5\xb2\xa2\x3e\xce\xa6\x1b\x77\x6b\xd0\xe8\x03\x7e\xfb\x85\x01\xef\xf2\x39\xc7\xfa\xcc\xa6\xc8\x36\x7e\xd7\xc8\xad\xce\x91\x9f\xef\x1a\x15\x5a\xe0\xd5\x47\x8a\x98\x00\x2c\x95\xa1\x6f\xbf\x4c\x0e\xd0\x16\xea\x5d\x38\x66\xfe\x1d\xe4\x54\x83\x2a\x4e\x95\x65\x97\x6b\x60\xb3\xdd\x2e\xaf\x7f\xee\x61\x2f\x2b\xc0\x40\xd9\x39\x75\x43\x5e\xeb\xd1\x2f\x06\xeb\x09\xec\xea\x2c\x66\x76\x83\x08\xf5\x8c\x77\xac\x51\xed\x7b\xd2\x16\x36\xfc\x9c\xc3\xfd\x14\x87\x0b\xd0\x6b\xdf\x12\x8a\x81\xb1\x47\x92\xe6\x08\xc4\x7e\xa2\xd5\x35\xca\x7a\xa2\x1e\xb8\xa8\xa5\x6d\x76\x99\x16\x63\xa8\x19\x0a\x95\x05\x7d\x33\x67\x1e\x73\xc7\xcb\xce\x5a\x98\xd3\x1e\xf0\xd7\x3b\xd0\xb1\x63\x78\x7b\x7f\xdc\xd2\xdd\xfc\x72\x96\x0f\x2b\xe3\x20\x84\x6d\x4b\x29\x08\x0d\x7a\xeb\x5b\x7e\xa6\x45\xa2\xad\x5a\x59\xc0\x12\xbf\x7b\x95\x15\xd8\x59\xe1\xc1\x47\x2e\xf8\xa4\xd3\xc9\x5e\x71\x1a\xf9\x7a\xe4\x61\x8e\xfb\xab\x3d\xff\xe8\x8c\x9f\x6a\xf4\xa0\x9b\x0e\x73\x38\x7e\x25\x1b\x77\xd7\xbf\xf5\x21\x4f\x79\x18\x62\xdb\x69\x88\x41\x1e\x2a\xe2\xc7\x5b\xf2\x8d\x28\x60\x2a\x63\x7c\x26\xf4\x9c\x18\xd3\x09\xd2\xfc\x58\xa1\x26\x66\x7a\xd3\xc2\xec\x16\x0c\x99\xba\x40\xfb\xda\xc1\x7e\x7e\x4c\x21\xa5\xd5\x07\x85\x97\x62\xeb\xa0\x9c\x41\x60\xdf\x66\xf5\xfe\xef\xe6\x71\x5a\x28\xc5\x29\x6c\xf4\x3e\x5e\x77\x1f\x31\xfc\xe5\x13\x3b\xe9\x7c\xab\x57\x30\x1b\x4c\x9d\xf9\xcd\x9a\x4a\xcf\x1c\x33\xfa\xc9\x46\xfa\x15\x96\xfa\x65\xc8\xf3\x65\x8b\xe4\x7a\x47\x3a\x62\xc5\x21\x81\xec\xa1\x83\xe4\x24\x6c\xd6\x24\xd8\x78\x3d\xcc\xe5\xfd\xcc\x1f\xea\x17\x3f\x80\x71\xf7\x07\x4f\x55\x89\x7d\xe9\xbf\xe8\x4a\x6c\x4f\xdf\x80\x2d\x50\x26\xb8\x14\x5e\x6c\x8c\x89\x50\xaf\xc5\xb4\x0f\xd0\x35\x6f\xc5\x5e\xe1\x7e\x1f\x85\x3a\x4c\x2f\xcc\x34\xa1\x36\x9b\x87\xd2\x8d\xc2\xfd\x20\x10\xf1\x99\x03\xaf\xf8\xe4\x6d\xe0\x49\x38\xf4\x94\x82\x45\xd5\xb4\x25\xd0\x74\xac\xdf\x2b\xd8\x0b\xfc\x37\x35\xcc\x34\xa2\x25\x90\xf1\x94\xaf\x93\x13\xee\xf4\xab\x5f\xde\x61\xf1\xf9\xb5\x85\x78\x63\x8f\xcb\x4f\x28\x50\xb2\xfc\xe6\xe0\x3d\xb4\xd0\xa8\x34\x84\x81\x63\xc4\xb2\x7e\x12\x9f\x5c\xc7\x4f\x67\xf0\x08\xa2\x71\x2d\x1d"},
+{{0x18,0x6d,0xcc,0x7e,0xfc,0x5e,0xd7,0xe6,0x1a,0xe5,0x3d,0xc4,0x20,0x93,0xba,0xe8,0xf1,0x5d,0xd9,0x9f,0x0f,0x03,0x33,0x26,0xc5,0x76,0xff,0x75,0x69,0x50,0xd0,0x6d,},{0xc8,0xd1,0x41,0xac,0xb6,0x42,0xaa,0x9b,0xfb,0xd5,0x43,0x27,0x7c,0x2d,0xca,0x8a,0xa9,0x88,0x8e,0xef,0xf0,0x45,0x43,0xb3,0x78,0x9b,0x21,0xf2,0x6a,0xeb,0x0f,0x71,},{0x89,0x45,0x06,0x97,0x87,0xc1,0xc6,0x76,0xa8,0x4a,0x70,0x3c,0xae,0x1e,0x0b,0xac,0xae,0xff,0xd3,0x3e,0x91,0xbe,0xc3,0x60,0x3e,0x1f,0x13,0xfb,0x17,0x0e,0x31,0xe6,0xd7,0x04,0x9e,0xda,0x2b,0xf6,0x27,0x18,0x0f,0x45,0x6c,0x3f,0x7a,0xab,0xfc,0xd3,0x6c,0x49,0xa8,0xc0,0x4f,0x8a,0xe6,0x92,0x9e,0xc5,0xad,0xa0,0x7b,0x65,0x72,0x08,},"\x97\x43\x64\xd6\xc8\x38\x84\x2c\xcc\x4e\x74\x9e\x6a\xfd\x53\x71\x70\xdc\xd8\xcc\x50\xd6\x66\x54\xd1\x05\x48\x23\x39\xca\xbd\xf7\x4e\x32\x93\x5e\xe2\x19\x27\x2e\xa1\x68\x4f\xb9\x3c\x1f\xab\x42\xb5\x63\x18\x39\x24\x35\x91\xbd\x07\xd3\xbe\x94\x9b\x0d\xd1\x5e\x31\x96\xdf\x19\x6b\xa7\x52\xad\x11\x21\xac\x71\x12\xd5\x66\x94\x4e\x15\x3a\x4e\x06\x19\xb3\xa2\x32\x24\x1f\x02\x0b\xe0\x71\x9f\x6b\xec\x91\x8b\x26\x82\x8e\xb1\x67\x0e\xcf\xc7\x3c\x66\x84\x4e\xa3\xe4\x04\xc6\xa2\xfc\x01\xbe\xb4\x03\xc9\xd6\xca\x55\x1a\xd8\xa6\xe7\x1f\x46\x64\x7f\xa6\x05\x3f\x03\x14\xf8\x12\x4d\x8d\x2b\xc1\x2c\xc8\xfa\x8d\xb9\x5f\x2b\x73\x53\x75\x20\x1b\x81\x6a\x9c\xf4\x0f\x83\xee\x4b\x86\x71\x61\x80\x32\xde\x22\x9c\xe7\x62\x71\xd0\x3d\x26\x72\xa1\xae\x4a\x28\x8c\x85\xdc\xd2\x7f\xb8\x45\x2a\x81\x32\xe9\xff\x29\xe1\xe8\x9b\xf1\x1b\x1c\x83\x51\x92\xc0\x4b\x13\xbe\x14\xf3\xcd\xe5\xd3\x7c\xe9\x6f\x1d\xc2\xa9\xcc\xda\x0c\x4d\x73\x7b\xca\x1f\xa2\x20\xd2\x1b\xf3\x60\xb9\x05\x15\xbb\xd2\x26\xbb\x2a\x6c\x8d\x5f\x2a\xb0\x18\xd4\x08\x4e\x24\xee\x33\x3c\xe4\xe3\x9b\xcb\x6b\x46\xe7\xae\xb4\xdb\x9b\x6c\x65\xb2\x44\xd9\x82\x82\x3a\x77\x0f\x9c\x62\xa0\xbd\xe2\xcb\xb7\xec\x36\x84\x0d\x45\x51\x87\xfa\xff\x4e\x48\x8a\x5c\x60\x8e\xbd\xb7\xdb\x84\xd8\x7d\xad\x38\x67\xe3\xb0\xd0\x4b\x64\x71\x5e\x16\x56\x0a\x62\xf1\xee\x03\xdf\x61\x83\xfd\x5e\x37\x55\x5d\xa1\x97\x2f\xca\x06\x2d\x12\xbb\x84\x20\xe0\x82\xda\xcb\x8d\xeb\xb9\xc1\x43\x85\x41\xd0\xda\x24\x64\xef\x7e\xc5\x22\x63\xfb\x9b\x9a\x4c\x46\x9c\x83\x32\x3e\x48\x19\xdf\xdf\x4f\xa0\xa7\x70\xc3\xa7\x09\x25\x4e\x05\x31\x48\x30\xe8\x7f\xbb\x67\x36\xc7\x2d\x9d\xab\xe0\x1a\x31\x0e\x91\xeb\xbf\xae\x76\x7a\x1f\xcb\x62\xf6\x4f\xa3\xba\x8d\x53\x40\x0d\x64\x69\xad\x1c\xcb\x81\x1f\xb9\xe1\x15\xf1\x41\x27\xb1\x3e\x83\x64\xaa\x2f\xe8\x0b\xbc\x88\x6a\x10\xdf\x1b\x9c\xc4\xae\x46\x01\xf5\x46\x1a\xf0\x91\xf5\x26\xd2\x72\xda\x9b\x20\x38\x57\xa4\x44\x7e\xab\xde\xf4\x39\x83\x04\x96\xa5\x75\x9c\x21\xde\x65\xba\x3a\x3c\x8b\x8e\x93\x9c\x46\x13\x32\xa9\x24\x85\x2c\x20\x5c\x77\x11\xf3\xa6\x8a\x23\x67\xa9\x45\xde\xf4\xfb\xe5\xf8\x1c\x60\xcb\xb7\xe3\x94\xa2\xa4\x9b\xe9\xec\x2a\xae\xb1\xf3\x30\x57\x59\x79\x44\x6a\xd9\xd0\xd5\x4a\xbd\x43\x6f\x28\x60\xf0\x42\x34\x26\xf4\xbb\xc2\x6b\x3b\x9f\x65\x0d\x69\xb1\x00\x72\xd7\x47\xa3\x9e\x47\x8f\x45\x5e\xaa\x12\xc7\xc6\xe1\x2b\xfc\x45\x36\xa3\x59\x43\x44\xbd\x02\xb6\x20\xe3\xe2\xb4\xe0\xd5\x34\x08\x9d\xd7\xb0\x4f\xa6\x34\x80\x45\x67\x58\x6c\x62\xbe\x03\x91\xc7\xbd\xb0\xa9\xfb\xc1\xef\x3b\x33\x21\x1e\xdb\xf8\xef\x58\xc2\xb7\xa4\x9d\x06\x66\x79\x59\xd7\xe5\xd4\x46\x71\xee\x73\x57\xa1\x0b\xa0\xcb\x1a\x44\x5a\xe5\xd7\x09\xce\x25\x5e\x92\xde\x71\x59\x75\xaf\x94\xb8\x9d\x4a\x29\xc7\x1f\x9d\x88\xc8\x5b\x6c\xd1\x1d\x8b\x33\x5b\xf8\xf2\xc6\x58\xe6\xdd\x7c\x3f\x6c\x80\xad\x4d\x0e\x5a\x6c\x87\xdb\xa7\xb5\xb8\xa8\xa4\x7e\x72\xf4\xd1\xd3\xc7\x43\x63\x1d\xf9\xad\xfc\xfa\x45\xce\xe0\x49\x8d\x5a\x44\xa9\xf7\x5c\x83\xb7\x5b\x2a\x3c\x23\x0f\xf0\x76\x7d\x38\x88\xf9\x41\xee\x1b\x66\x24\xdd\x0e\x12\xd0\x6e\xd1\xab\x8b\xb1\x35\xff\xd3\x79\xe9\xde\x37\x88\xbe\x54\x1a\xad\xb2\xd6\xa7\xcc\x60\x13\x16\xf2\x1e\xb9\xaa\xa9\x22\xf5\x6a\x8e\x35\x26\xc9\xbd\x11\x77\xfe\xfc\x2f\xbe\x3e\x43\x0b\x62\x8e\xeb\xd6\x66\x1e\x3b\xa2\xd6\x31\xc6\xa8\x42\x2c\x24\x1e\xcd\x96\x99\x72\x41\x2f\x74\xda\x6b\x12\x43\xbf\x0f\xbe\xe8\xa8\x4d\x52\xe4\x0a\xee\x3f\x1e\x4f\xc8\x31\x40\x2c\x62\xf3\x57\x6b\x22\xe8\xe3\xc3\xdc\x4e\x16\x0b\xc3\xb6\xb9\xd2\xce\x00\x58\x53\x81\x2e\xaf\xc0\xa4\xe2\x5b\xa7\x12\x27\x9b\x00\xba\x3f\x91\x30\xff\x36\xe3\xef\x19\x71\xdd\xe7\x50\x8b\x27\x92\xfe\x64\xd4\x75\x68\x8f\xc6\xf3\x31\x3a\xad\xb7\x85\x30\x2e\x6b\x7f\x9a\x84\xf2\xdb\xc2\xf3\xcf\x06\x0e\xe0\x8b\x46\x37\x36\xf8\x36\xdb\xb2\x62\xd3\x29\x68\x4c\x20\x84\x92\xd1\x7d\x81\x12\x21\xbe\x02\xb6\x5e\xe2\x8e\x11\xb5\x46\x92"},
+{{0x07,0x05,0xb3,0x36,0xc8,0x9c,0xa3,0x5f,0xfd,0xde,0x0a,0xf0,0xf9,0x06,0xea,0xcf,0x62,0x3c,0x56,0xc3,0xf7,0x67,0x38,0x16,0x8e,0x76,0xfc,0xd5,0x88,0x2d,0xf7,0x9e,},{0xea,0xaa,0xf2,0xa1,0x5f,0x44,0xb6,0x34,0xce,0xf1,0x5a,0x63,0x8b,0x80,0x20,0x7f,0x61,0x09,0x9a,0x07,0x96,0xf5,0xd4,0x3f,0x3e,0x9d,0x04,0x8e,0x6a,0xe7,0x96,0xc1,},{0xd4,0xa9,0xba,0xe8,0xec,0xc4,0x72,0xc3,0x76,0xba,0xb8,0x05,0xc2,0xce,0x0c,0x1c,0x2e,0xd5,0xfc,0x77,0x37,0x15,0x46,0x8c,0xb1,0xa4,0x93,0x45,0x64,0xda,0xce,0xcf,0x43,0x8b,0x1d,0xd2,0xac,0x1b,0x5c,0x5e,0x33,0x6a,0x1e,0x20,0x70,0x1d,0x5d,0xcf,0x3c,0x8e,0xe3,0xad,0x22,0x3b,0x13,0x9f,0xa9,0x0a,0x1b,0x55,0x2e,0x1b,0x77,0x07,},"\x61\x6f\xe1\x5f\xcc\xb3\x31\x0f\x9e\xc7\x45\x64\x47\xda\xda\xf8\xe0\xa5\xfb\x26\x9b\xe1\x69\xb0\xc3\xea\x2c\xfd\xaa\xa5\x5d\x37\x93\x7f\xe7\x5b\x78\x32\x4a\xc2\x78\xa6\x50\x47\xe0\xae\x4f\x32\x7e\x97\xef\xfc\xb7\xbe\xd9\x1d\x09\xda\x72\x0b\x0a\x10\x1b\xe9\xe9\x6d\x0b\xa8\x5b\x1f\xf4\x9d\x8d\x1d\xf3\x62\xd3\x45\x4f\x0d\xb6\x82\x55\x96\x10\x1c\x97\xe5\xda\xca\xd0\x7e\xc4\x92\xd3\x0f\x2d\x0c\xb7\xe7\xde\x4e\x74\x4b\xb6\xa6\x10\x0b\x75\x4d\xa8\x47\x41\x1d\x09\xaa\xce\x8d\x5d\x41\x07\x58\xb8\x30\x87\xdb\x4b\x5e\x62\x97\x97\x9a\x21\xfb\x65\xaf\x39\x09\x52\xc4\xf9\x36\x26\x0e\x72\xd7\xc7\x83\x27\xb9\x4a\xa6\xcd\x61\x72\x78\xb0\xce\x9e\x1b\xd3\xfb\xed\x93\xb6\x9b\xc6\x49\x85\xdd\xe0\xe2\xc4\x35\x7b\x50\x2f\x05\x5e\xe7\xb0\xa0\x38\x84\x74\xda\xe0\x2d\x6c\x1a\x73\x1f\x87\x78\x5d\x75\x3a\xeb\x0d\x9c\xfd\xf8\x50\x02\xdf\x56\x6f\xc2\x50\x7d\xe7\xba\x6f\xd0\x35\xbe\xe1\x7a\x2e\x80\x8b\x4a\x75\x88\xc5\x83\x37\x5c\x82\x40\x7a\x40\xae\x9e\xeb\xdf\x94\xdf\x2f\xb8\xca\xbf\x17\x60\x6c\x43\x9e\xa7\x04\x59\xb2\x12\xaa\xe4\xa3\xf5\x30\xec\xad\xc5\xe8\x8e\x25\x48\xfa\x64\x3c\x7d\xdf\x50\x63\xb2\xe1\x06\x73\xe5\x9d\x07\xfe\x90\x68\x92\xb6\x7e\xb5\x8f\x93\x88\xa5\x6b\x37\x04\x52\xe9\x97\x77\x55\xfc\x04\xdf\xbc\x77\xda\x6c\x05\xbe\xdd\xeb\xf0\x36\x52\x56\xb5\x2c\x9a\xef\x8a\x82\x17\x3b\x8c\x89\xfb\xd9\x8c\xea\x36\xa8\xb8\x96\xfe\x66\xd3\x7c\xa7\x9b\xec\x7f\xbf\xe9\x58\xfe\x89\xf6\x76\x50\x85\xb3\x35\xdc\x77\x03\x43\xe2\x30\xca\xdd\xfa\x28\x33\xda\xa6\x62\xfe\x82\x08\xdd\x88\x5a\x6f\xdf\x72\xe3\x6e\xcf\x22\xbb\xbb\xcb\xe7\x9d\x37\x06\x50\x23\x69\x40\xbc\x2e\x6d\x4a\xc7\x4f\xe4\xd5\x54\xc9\xbc\x23\x2f\x07\xd2\xaf\x62\x20\xd1\x57\xbd\x2d\xa6\xa6\x61\x2a\x08\x1b\x4c\x99\x04\xa2\x86\x9b\x13\x7e\xe3\xa0\x85\x6f\x12\xb2\xeb\x87\x62\xdb\x94\xed\x0b\xa1\x36\xf2\x3e\x7f\xb4\xbd\x1f\xcd\xee\x10\xdd\x84\xe2\xcd\x3b\x0a\x49\x14\x8a\xc7\x4d\xb4\x66\xdb\xee\xf8\x1e\x6a\x8c\xe0\x86\x11\x02\xde\x9b\x1a\x3e\x1d\xcf\x5c\x6b\x03\x08\xa8\x2e\x3a\xc7\xc2\x28\x3c\x7c\xc2\xf3\x4f\xfa\x14\x5b\x9f\x74\xb7\x99\x04\xb3\x2b\x79\xe9\x60\xb8\x14\xaa\xde\x63\xa0\xdf\x01\x67\xdc\xd2\x4e\xd9\x0a\x8d\xa7\xb9\x34\xc7\x72\x93\x2f\x5a\x47\x8f\xe2\xa7\x2f\x94\x5a\x13\x09\x6e\xc3\x7c\xe7\x64\xb5\x81\xeb\x89\xe5\xf6\xb2\xbd\x7e\xb8\x8b\x85\xa8\x95\x87\x77\x4d\x45\x8c\x58\xcd\x87\x94\x57\x97\x3d\x64\x8e\xf7\x71\xc5\xf1\xde\xb2\x7a\x0c\xc5\xb2\x92\x46\xac\x2f\xa1\x2d\x18\xdd\xc6\xb9\xf9\xac\x9c\xf1\x46\xc3\xf2\x2b\x1e\x44\x99\xad\xee\xfb\xcd\x22\x49\x74\x0e\x13\xa2\x24\xe7\xb6\xb3\xef\x15\x60\x5e\x7e\x74\xe6\x8d\x7b\x72\x64\x24\x09\xb9\x0c\x4e\xc1\x61\xeb\x24\xc9\xb4\x0f\xf9\xc7\xe6\xe5\xda\x98\x32\x2a\xca\x52\xc4\x6a\x8d\xdc\x19\x0f\x1c\xab\x15\x7c\x4c\x76\x19\x60\x1a\x6b\x33\xdf\x6a\x50\xda\x66\x1b\xc7\x53\x60\xdf\xf6\x97\x50\xd3\x45\x74\x09\xcc\x02\x41\xc3\xe8\xc4\xb3\xe5\x06\xd4\x26\xaf\x52\xb7\x02\x31\xcd\x6c\x91\x26\x0c\xc4\x31\xe4\xcc\xfd\x49\x6c\xa1\x4c\xea\xae\x1c\xda\x78\x72\x1e\x16\x33\x9d\x52\x68\x2b\x69\x51\xf9\x66\xc7\xda\x5c\x6e\x10\xd9\x19\xae\x66\xa9\xf5\x2d\xec\x10\x86\x75\x38\xd3\xdf\x6d\x59\x3a\x32\xdb\x69\x5a\x8d\x77\x45\x70\x35\x16\xea\x56\xf8\xc1\xc8\xf0\xef\x53\xbd\xeb\x7f\x53\xc2\xd9\x44\xf5\x11\x94\x0c\xcb\x90\x62\x49\x22\xac\x59\x9f\x46\x19\xc3\x04\x62\x07\xd6\x05\xf6\xff\x94\xde\x78\x8d\x25\x34\x22\x29\xdc\x8a\xf9\x2b\x5f\xdf\x0d\xd7\x1d\xf2\xb4\x46\xcd\xf1\xd9\xa2\x05\x24\x33\x9e\xe1\xc3\x18\x26\x28\x7e\xf7\x27\x81\xa7\xa3\x52\x89\xf8\x5a\x15\xba\x57\xc7\xfd\x5d\x88\x5b\xd0\x55\x3a\xb4\x08\x05\xf5\x17\xe8\xf1\xb1\xb3\xc4\xfc\x67\x71\xe6\xf2\x24\xbc\x03\x11\x24\xb9\xc9\xae\xb1\x9c\x5a\x96\xbf\x14\x88\xe1\xe6\x6c\x6e\x88\x80\x92\x30\xc8\x3a\x74\x15\x55\x54\xa2\x19\xec\x37\x9a\xe5\x4a\x9f\xe7\x9d\xbe\xde\x3d\x57\x60\x42\xa6\x35\xd1\x97\xf4\xd8\x18\xc7\x78\x75\x5b\x8b\x45\xe5\x13\xde\xac\x88\xf6\x04\x25"},
+{{0x95,0x17,0x4a,0x09,0x15,0x68,0x4c,0xdb,0xb6,0x19,0xb0,0x55,0x49,0x5b,0x00,0xf1,0x92,0x82,0xcf,0xfc,0x3b,0x05,0x01,0x9e,0x6a,0xb7,0x09,0xa4,0xa1,0x74,0x2b,0xab,},{0xaa,0x8c,0x87,0x2d,0x7e,0x10,0xb6,0x7f,0x7f,0xf2,0x41,0x72,0xc3,0x63,0x7e,0x80,0x82,0x5a,0x0a,0x71,0xee,0x0c,0x48,0x86,0x3a,0x2a,0xcd,0xcb,0xe8,0xda,0x45,0x9a,},{0x78,0x0f,0x40,0xc2,0x0f,0xea,0x3b,0x11,0xc9,0x42,0x2a,0x43,0xb9,0xa6,0xf7,0x96,0x11,0xe7,0xf1,0xf5,0x9d,0x14,0x88,0xc1,0x5a,0x5f,0xd2,0xd3,0x2c,0x07,0xda,0xdc,0x39,0x1c,0x38,0x95,0x3e,0xdf,0x0d,0xe4,0x8b,0xe5,0x2d,0xa2,0xaf,0x33,0x5c,0x47,0xb8,0xd2,0xe4,0x4a,0xb9,0xd3,0xdf,0xb7,0x6b,0xa5,0x38,0xb0,0x66,0x49,0x52,0x08,},"\x5e\x1a\x74\x00\x45\x6c\xad\x4f\x9b\xa8\x66\x43\xbc\x7c\xbf\x3b\x35\x68\xdc\xb5\x22\xb3\x70\x55\xe8\xc3\x9d\x3c\x80\xf2\x28\x42\x38\xe5\x72\x7f\xd7\x51\x3c\xc8\xb3\x1c\x57\xae\x7b\x40\x50\xaa\x81\x9f\xc2\x36\x09\x30\xeb\x0d\xd6\x77\xa5\xb2\xc7\x29\xfe\xb2\xda\x3a\xd7\x9a\xe7\xfc\xcd\xdd\xb6\xc0\x84\x46\x26\x1e\xc9\xbb\xe5\x9c\x64\xe9\x9a\xbb\xc8\x6d\x3c\x48\x35\xf0\x0f\xef\xe5\x27\x43\x3a\x50\x1a\x3b\x6d\x57\x2c\xf5\xe1\x2a\x88\x01\x0b\x46\xa4\x72\xb9\xbd\x86\x91\xa4\x07\xc3\x65\xf9\xf7\x16\x34\xb4\xd9\x7e\xdf\xdf\xf0\x63\x14\xc0\xc1\xb4\xeb\x93\xc7\x60\x7f\x1d\x6f\xa3\x54\x65\x93\x22\xc2\x84\x07\x3f\x42\x60\x25\x18\xc5\x4f\xdf\x26\xea\x2c\x27\xc8\x0a\x6d\xfa\x20\x56\x83\x91\xab\x35\x72\x82\xc0\x6b\x23\xbe\xdc\x1d\xf1\x26\x4b\x61\x1c\x1e\x9c\xf1\x8a\xeb\xe2\x49\xfd\x86\x17\xc6\xe3\xee\x98\xc5\x3c\x0f\x6f\x21\x75\xc5\x7e\xf8\xe2\x06\xbd\x3c\xf1\x05\x62\x7a\x98\x92\xeb\x68\x99\x20\x21\x3a\xae\xb6\x3d\x87\x66\x3d\xbf\xa5\x3f\x0f\xb2\x81\x62\x69\x48\x29\x6b\x2d\xbc\xdd\xe1\xc5\x1a\xf8\x62\xee\xcf\x1c\xfe\x8a\x46\xa2\xc4\xb2\x8c\xfe\x71\x30\x33\x0a\xd1\x73\xf8\x71\x27\xaa\xca\xff\x43\xc0\xbd\xde\xa4\x8b\x00\x38\x97\x6e\x66\x2c\x04\xb6\xb0\x4a\xd0\x3d\xe1\x24\x62\xc2\x76\x5d\xb5\x35\x04\x95\x20\xcc\x11\x4a\xfd\xb6\xc9\x25\x49\xb0\x54\x6a\x90\x27\xd4\x49\x75\x5b\xeb\x8d\x4c\x17\xe6\xa2\xa4\x75\xf9\x67\x6a\x33\x7b\x4e\x86\x6d\x96\x32\x5e\x38\x9a\x52\xc1\x6c\x51\xe1\x8e\x0d\x81\x03\x34\x0c\x84\x17\xb2\xc5\x7a\x55\xd0\x42\xff\x5e\x5f\xc6\x5d\xf4\x23\xe0\x09\x2b\x0e\xa8\x8b\x96\xa9\x07\xc9\x51\x21\xc5\x47\xa6\x80\x61\xf2\x7b\xcf\xb5\x8c\xe6\xc0\x77\x28\xd4\x84\x6b\xdc\xbf\x0c\x62\x54\x10\xed\xf8\xde\xa8\xcb\x4c\x9d\x0b\xbe\xef\xcd\xe1\x92\x73\x36\x5f\x48\xd7\x5a\xec\x07\xd1\xc2\x2c\xcd\x23\x06\x8a\x97\xc3\xfe\x75\x2e\x87\xa3\x01\x18\xfe\x2d\xfd\x52\x18\xb6\xb1\x25\x15\x4e\x0e\xa3\x86\xcf\x23\x9e\x31\x37\xf8\xca\x6d\x8b\x74\x6b\x6a\x67\xd5\x08\xcf\x8c\x1a\xb6\x3e\x57\x15\xe6\x72\x1e\xda\x5c\x2b\xc3\x93\xa4\x93\xdb\xd2\xf9\xa1\xfa\x92\x6b\x9a\x59\xe4\x5a\x18\x0a\xee\xb0\x25\x99\xa8\xcd\xd6\x86\xf8\x89\xb4\x85\x27\x23\xcb\x6d\xbf\xb5\x01\x4c\xab\x5f\x65\x8a\x30\x9a\x47\x22\x39\x36\x0e\xea\xf6\x4f\xc8\x20\x3a\x3c\x70\x89\x70\xe1\x5c\xbc\xf1\x36\x25\x5d\x96\x44\x6c\x39\xa9\x27\x03\x1d\x26\x7d\x69\xec\xd5\x1d\x7a\xf6\xe9\x1f\xb4\xae\xf9\xd7\x8c\x33\x35\xe9\x07\x11\x33\xcf\xb8\xe2\x12\x99\x90\xc6\x46\x37\xc7\xad\xf1\xda\xef\x2d\xc2\x6c\x11\x63\x39\x9f\x3f\xe1\xe7\x92\x33\x80\x92\xef\x6f\x8d\xfa\xf2\x57\x30\xdd\x2f\xe8\xd9\x78\xf6\xf7\x70\xf5\x2b\x68\x23\x81\x76\x56\x4c\xee\x5f\xbb\x98\x50\xb3\xb3\xa0\x4d\x94\x84\x60\x41\x78\x26\xeb\x2e\xb2\x4f\xcc\x5f\xe3\x53\x34\xbb\x95\x21\xe8\x7b\xc4\xdb\xde\x2a\xc9\xe1\xc9\x89\x49\xdc\x2d\x29\xad\x27\x9e\x38\x84\xb9\x05\x26\x8e\xbd\x08\x08\xbf\x41\x82\x57\xe7\x5e\x26\x2b\x4d\x01\xb0\x24\xa6\xe9\xaa\x7b\xd5\x01\xdb\xa9\x4f\xf5\x06\x39\x4b\x4b\x0a\xe6\x08\x1e\xa7\x30\x30\xc4\x3a\x6a\x91\x76\x6e\x80\xf9\xf4\x2c\x0b\x68\xb9\x84\x19\xad\x4e\xee\x4e\x9a\x72\x8a\xde\xfb\xd7\x9e\x83\x1f\x70\xf4\x1e\x62\xb4\x3f\x0b\xf4\x2b\x3b\x2c\xd5\x3b\x55\x89\x11\x76\x64\xbc\xeb\xc4\x09\xa7\x64\x5b\x1e\xed\xda\x48\x2f\x6b\x68\x95\xa6\x57\xba\x78\x9b\x89\xe5\x02\xd6\x99\x87\x51\xd6\x30\x3d\xed\x5f\xa1\x56\xee\x7c\x7e\xaf\xe5\x46\x26\xd1\x03\x2c\x4d\x7d\xff\x97\x7f\x1d\xcc\x86\xaf\x89\xb1\xe6\x46\xa4\xaf\xc2\x42\x7e\xd0\x2c\x0a\xf5\xd3\x28\x90\xf9\x5f\x13\xf9\x8c\x1a\x5b\x1d\x9f\xbb\x78\x1a\x9a\x89\xb2\xd7\x90\xc1\x46\x5c\x2d\x15\x20\x92\x6f\xdf\x28\xc1\x7d\x9b\xa1\x58\x7a\xd7\x61\xf0\x65\xd3\x39\xbd\xbe\x38\xf4\x13\x3f\x45\xbb\x59\x78\x74\x26\x42\xf9\x0c\x06\x5e\xe4\x89\x25\x73\xf6\x05\x9f\x8b\x4c\xe2\xc1\x3e\x73\xb8\x91\xcd\x05\xf2\x37\x31\xed\x9a\x07\xe2\xb8\xff\xdc\x96\x3b\x06\xa5\x10\x20\x9c\x32\x99\x80\x94\x9f\x40\xd8\x07\x3a\x01\x3e\xf8\x43\xdf\xcc\x4a\x33\x94"},
+{{0x5a,0x84,0xaf,0x28,0xa5,0xdf,0xbb,0x32,0x33,0xa1,0x2f,0x08,0x37,0xf6,0xe8,0x65,0x4e,0x7b,0x0d,0xe1,0x6b,0x02,0xab,0x3c,0xd1,0x78,0x64,0x43,0x1e,0x27,0x46,0x67,},{0x80,0xd4,0xba,0x78,0x9f,0x8a,0x4b,0x20,0x47,0xad,0xaf,0xa5,0xed,0x26,0xcd,0x8c,0x54,0x67,0x33,0x29,0x2e,0x8b,0xf6,0x93,0xcf,0xd1,0x7e,0x28,0x4e,0xfc,0x68,0x71,},{0xa0,0xb8,0x4c,0xa5,0xaf,0x76,0x46,0xe6,0xf6,0x2a,0x69,0x35,0x37,0x94,0x73,0xfa,0x6e,0x4c,0x27,0x69,0x58,0x51,0xfc,0xbd,0xae,0x29,0x17,0xb2,0xdc,0x68,0xd7,0x96,0xe2,0x78,0xd7,0x0c,0xd6,0x7f,0xce,0xdf,0x6c,0xa6,0x29,0xb8,0x81,0xf7,0xc4,0xf2,0xaa,0x25,0x59,0xb2,0x0d,0x67,0x06,0x11,0x76,0x6b,0xd6,0x5a,0xa4,0xfe,0xf2,0x04,},"\x8a\xac\xd1\xb8\xa3\x9b\xf0\x8f\xd5\xc9\x18\x44\x6b\xe5\x76\xe6\xa3\xf2\x7f\x36\x11\x16\x07\xf2\x7b\x56\xa9\x12\x14\xe7\x63\xf9\xa8\x7f\xb1\xd1\x84\x48\x98\x96\x17\x97\x64\x44\x60\xbf\xf5\x48\x8c\x10\x3a\xf6\x05\xe8\x74\x0e\x46\x58\x8f\xb9\x3e\x44\x3c\x3b\xb2\x3b\x92\xc0\x98\x70\xa5\x57\x65\x3a\x1f\x22\xc2\x18\xcc\xbc\x2f\x07\x3a\x27\x2d\x17\xa8\x42\x23\xef\x14\x3f\x4c\x7c\xa2\x58\x46\x0b\x79\x81\x69\x67\x3d\xa1\x07\xd7\x1d\x53\x56\xce\x9f\x75\x59\xa9\xb0\x38\x39\x99\x51\xf5\x75\xc7\x7e\x5b\x9d\x05\x29\x57\x8e\xca\xa2\xe2\x08\x92\x66\xfc\x52\x6c\x5d\x40\x9f\xbd\x46\xbb\x86\x84\x1c\xb5\x54\xf5\xbd\x3c\x99\x71\x3b\x04\x3e\x40\x46\x53\xa7\xd0\x13\x44\xd4\xdb\x83\x1a\x21\x72\x82\xc4\xb3\x36\x40\x56\x53\xb8\x5d\x27\xa4\x6b\x25\x9c\x85\x5c\xdd\x85\xad\x6f\x7a\xed\xd8\x35\xff\x55\x00\xcc\x8b\xaf\x0f\xb2\xf0\x18\x09\x10\xc6\x46\x72\xb8\xa8\xd4\x9d\x98\x4a\x78\x29\x3c\xf5\x77\x9c\x91\x0c\x3a\xcb\xbc\xa4\x55\xa8\x54\x66\xe5\x35\x04\x4f\x34\x80\x26\x2c\x09\x0f\xbf\x4e\x0b\x0d\xb4\xd1\xef\x87\x59\xda\xaf\xdd\x8d\x05\x90\x74\x82\x46\x1f\xf9\x10\xc4\x37\x19\x5d\x5c\x7f\xed\x9d\x82\xcb\x94\xe7\xe4\xec\x24\xda\x05\x3e\x47\xf6\x2b\x48\x8e\xb7\xb2\x44\x65\x5c\x7d\xbb\x20\xed\x60\x7e\xed\x45\x31\x44\x9e\x07\x80\xe6\x1c\xfd\x57\x40\x86\xff\xc5\xdc\x52\x42\x83\x77\x5c\x44\xf7\x54\x7c\xda\xb0\x4a\x51\xee\xe4\xe1\xb7\xb6\x5a\x57\x57\x3a\x92\x48\x4a\x35\x90\x0a\x90\x9f\x81\xe4\x15\x02\x9d\x22\xca\x93\x7a\x3a\xcd\x9e\x61\xf8\xc0\xe6\x86\xb2\xd2\xad\x03\x77\xaf\x8e\xe1\x66\xe4\xa2\x0a\x82\xaf\xf4\x51\xe1\x51\x10\x3e\x0a\x17\x67\xb2\x71\xfa\x9c\x2b\x1d\xd1\x20\xf8\x05\x85\x3b\x3b\x8a\x56\x0f\xc8\xb9\x37\x62\x83\xb5\x11\x24\x32\x4a\x28\x4a\x0e\x9a\xc4\x9d\xf6\x9f\x52\x4c\x8e\x04\x2d\xf8\x2e\xfb\xcd\x16\x88\x1e\xc1\x31\xa1\x52\x10\xdf\x73\xde\x02\x94\x34\x47\xf2\x2a\x2e\xa1\xdc\x8b\xf9\x68\x29\x8e\xe9\x7f\x3a\xd5\x46\xd7\x8b\xc6\x60\x89\x7e\x08\xd2\xa2\x8b\x2b\xa6\x8b\x54\xb9\x54\xf1\x47\x64\x51\xc6\x92\x07\xe5\xdd\x24\x8a\xe4\x7e\xf3\x56\x94\x99\x0e\x6f\x05\x8b\xc0\x01\x7b\x74\x95\x10\x5c\xc8\x73\x90\x66\xaf\xb1\x1e\x1f\x26\x60\x19\x42\x54\x6a\xe8\x49\xff\x2f\x56\x73\x0f\x13\x26\xbb\xee\xa6\x40\xee\x17\x8f\xa2\x47\xad\xff\xef\xc0\x46\x49\x4f\xc7\xff\xc0\x77\x7d\x5d\xbe\x8a\x55\xda\xee\x61\x40\x6f\xe3\xc7\x08\x8d\x43\xd9\xe1\x4d\xa2\x1c\xa5\x2f\xd8\xc1\x60\x09\x1c\x8f\x99\xa6\x7d\xad\x65\xc6\x4f\xea\x9d\x18\xb1\x53\x7d\x06\x1f\x5d\xce\x87\x9e\x0b\xc4\x26\x48\xd2\xea\xa0\x2d\x97\x21\x85\x75\x3c\xb2\xf6\x22\x5d\x8d\x03\xbb\x07\xf9\x44\xb1\x0c\xf4\xea\x22\x27\x5c\x3d\x70\x84\x80\x20\xf3\x0c\x82\x3b\x76\x14\x3a\xcf\x54\x59\x99\xa2\xcc\x4b\x58\x98\xd9\x4b\x4a\x25\xef\xbe\x5a\x60\x33\x1c\xc0\x09\xfe\xc0\xa2\x5b\xc9\x89\x47\xb1\xb7\x13\x9e\x22\xd2\x32\x80\xff\x88\x54\xa1\xec\x76\x22\x1b\x1b\xf3\xd1\x08\x32\x8c\x8a\xc4\x63\xc6\x52\x63\xa2\xd7\xca\x74\x33\x48\x29\x31\xa1\xd8\xfc\x14\x4b\xbe\x9b\xef\x67\x8c\x92\xe1\xc2\xd1\x09\x21\xb6\xad\x43\xa7\x5c\x53\xbc\x07\x58\x54\xed\x2d\x99\xd8\x25\xf3\x0a\x5e\x10\xd5\x17\x43\x8e\x4d\x4f\x71\x13\x42\x9f\x1e\xdb\x38\x7d\x6b\xd7\xaa\xd2\x92\x74\xf8\xd2\xdc\x88\x9b\x7e\xfb\xeb\x58\x68\x6f\x8d\x66\x9c\xea\xef\x92\xc7\x5e\xd5\x30\x7f\x0c\x03\xf5\x90\x01\x81\xce\x57\x3c\x8f\xa2\x86\x75\x20\x5f\xb1\x05\x7f\x62\x6a\xa2\x30\xd0\x3e\x2e\xaa\x8c\xff\xcd\xe2\x00\x81\x47\x5d\x80\xb2\x45\xa1\xca\x60\x45\xba\x20\x4a\xb0\x00\x69\x07\x9c\x63\x7f\xc3\xfb\x3e\x80\xca\x04\x62\xe7\xa4\xcd\xd9\x28\x3f\xf9\x00\x85\x30\x36\x48\x16\x79\x2f\xdf\x3b\x9a\x4e\x4d\xc8\x37\x92\x28\xed\xcb\xb1\x54\xbe\xf3\x87\xd3\x77\x60\xd7\x9a\xfb\xb7\x36\x26\x0a\x1d\xb1\x01\x38\x36\x1f\x24\xb8\x26\xdb\xcd\x5f\x0f\xc9\xe7\x83\x0d\x26\xd8\x0c\x52\xa7\x92\x18\x92\x76\xbc\xe3\x47\x60\xfb\x77\xbe\x13\x12\xac\x8c\xf9\x7d\x92\xcb\xf3\xd0\x77\x80\x28\xdb\x5e\x8e\xae\x89\xe0\xb9\xbc\x87\x78\xae\xb1\x27\x8f\x04\x71\xcb"},
+{{0x79,0x3a,0xc8,0x8d,0x7d,0x3b,0x6f,0xa7,0xf4,0x7d,0xee,0xc3,0x1f,0x68,0xdd,0xcc,0xb7,0x01,0x82,0x0f,0x1b,0x13,0xdd,0xc6,0x52,0xf7,0xc6,0xa8,0x5b,0x60,0x52,0xa5,},{0x91,0xb6,0x22,0x7a,0xcd,0xd1,0x83,0xda,0x62,0xc5,0x19,0x65,0xc6,0x35,0x35,0x8b,0x20,0x4d,0x68,0x3e,0xe0,0x64,0x43,0xcb,0xd4,0x0e,0x71,0xc1,0xf7,0x6a,0xd1,0x02,},{0xa8,0x4f,0x55,0x2b,0xf4,0x43,0x22,0xa6,0xdb,0x24,0x5c,0xa0,0x06,0xd1,0xcf,0x78,0x0c,0x61,0x68,0x0f,0xe7,0x42,0x9a,0x89,0x47,0xc3,0x5f,0x21,0xbc,0x4b,0x44,0x22,0x8b,0xa3,0x0a,0xea,0x0c,0x74,0x4b,0x86,0x64,0x59,0xd3,0xb8,0xac,0xad,0x45,0x3b,0x06,0xac,0xe2,0x47,0xba,0x69,0x52,0x8c,0x6b,0x3b,0xc4,0xb2,0x0e,0x75,0x63,0x0e,},"\xec\x50\xaf\xad\x8a\xde\x74\x05\xe2\xc6\xf5\xc6\x24\x7b\xbb\xcc\xfb\x2c\x17\x16\x6f\x78\x84\xfe\xae\x10\xd9\x0f\x5d\x83\xc4\xb6\xf0\xbf\x76\xde\x2f\x78\x97\xba\x11\x94\xd6\xd3\x44\x9d\xdb\x80\xae\x74\xeb\x8e\xd6\x8f\x04\x9b\x35\xc6\xf2\x19\x16\xdb\x4d\xfc\x27\x24\xdc\x3a\xf7\xad\x8d\xd5\xc4\x4f\x60\xd2\xf4\x9f\xad\xd7\x00\x4d\xa1\x59\x30\x93\x94\x2c\xae\x52\x08\xbf\x54\xcf\x90\x3b\xee\x64\x69\x05\xfc\xe2\xeb\x2e\x37\x0d\x0d\xca\x48\xd8\x20\xad\xea\xb1\x6a\x3b\x67\x5e\x5a\x4a\x8e\x26\x7e\x34\xff\x96\xf3\x12\x2b\x18\xde\x0c\xad\x92\x92\xab\x63\xd2\x6e\x5f\x31\x0f\xa2\x16\x8c\x29\x66\xbd\xb6\x3b\x0d\xe0\x86\x26\x76\x7b\x37\x9d\xe4\x63\x3b\x9f\x3e\xda\x79\x17\x28\x1d\xad\x66\x1e\x9f\x77\x2b\x84\x4a\x79\xe8\x00\xfd\x84\x27\x02\x44\x6e\x4a\xa7\x31\x75\x71\x07\xf3\xfd\x65\x47\xbf\x40\x75\x96\x3d\x5f\xd5\xf5\x8e\x80\x85\x3f\xc4\x27\x51\xdc\xa0\x78\xa9\xfa\x8d\x5b\xb3\xd9\xa3\x4a\xbc\xab\x02\x93\xd6\xce\xae\xc4\x89\x67\xa1\xe6\x22\x43\x98\xca\xd0\xf6\x05\xa3\xbe\x8e\x67\x58\xea\x8f\x29\x20\x9d\x8e\x4c\x4c\xa1\x89\x3b\xaa\xd9\x1e\x37\x9b\xa3\xb1\x73\x30\xc1\x2a\x5b\x6f\x21\x9b\x38\x4a\x8a\xb9\x78\xbf\x1b\x37\xc3\x73\x1a\x1b\x47\x4b\x24\xb5\xd6\x7d\x4c\xec\x28\xaa\xc6\x51\x0b\x11\xf2\xcf\x21\xbc\x16\x96\x3d\x51\xf5\x53\x87\x27\x71\x8f\xc4\xe2\xe5\x17\x2e\x3c\x0c\xda\xbc\x27\x7f\x0d\x70\x37\xc3\x4c\xa6\x8f\x73\x28\x88\x48\xb9\x26\xbd\xe0\xcf\x47\xab\xfa\x66\x60\x09\x16\x94\x6f\x07\x65\x1c\x28\x0a\x20\x86\xb1\x4d\x52\x57\x0c\xc8\xa4\xb7\x43\x58\xb5\x9c\x30\x2b\x9d\x00\xe1\xb4\x98\xf3\xbc\x33\xee\x4e\xcf\x2b\xce\x2c\x65\xed\x7e\x8b\xa7\x4d\x35\xb7\x51\xd3\xc9\x9f\x40\x86\x19\x68\xc2\xb7\xf3\xa5\xbe\x34\x8c\x57\xd9\x3b\x40\xff\xd0\x51\xed\xd7\xca\xca\x6e\xe6\xbc\xa7\x21\xdc\xba\x8d\xb8\xd0\x06\x4f\x54\xd3\x6e\xc5\xe8\xd6\x2a\x71\xfd\x1c\x90\xf1\x49\x24\xf4\x1c\x16\x3f\x00\x7a\xfc\x6f\xbb\xfe\x86\x45\xfa\x47\xc3\xc9\x80\x24\x6d\x1b\x92\x27\x43\x85\x95\x3c\x53\x41\xcd\x64\xc3\x4a\xe9\x71\x7c\xc2\xc3\x7f\x58\x35\x9c\x0a\x99\x91\xc2\x3f\xe6\x37\xde\x6c\xdf\x08\x62\xf7\xd0\x32\x9f\xe7\x58\xaa\x89\x2a\xd4\x58\x3b\x9d\xf2\xf3\x33\x7d\x5b\xe5\x70\xba\x65\x49\x98\xed\x29\x2f\x11\xf0\x17\x72\x38\x2a\x04\x34\x2f\xdd\x99\xe6\x9e\x0d\x97\xc4\x3f\x10\xac\x9b\x96\xf1\x40\xa6\xf8\x3c\x47\x29\xe7\xa9\x00\x47\x1f\x2b\x1d\xf2\x40\x1b\xc5\xc6\x80\x42\x2b\x13\xb0\xc8\x00\x7d\x63\x68\x1f\x66\xa0\x59\x5a\x1c\x5d\x3a\xcd\xe5\xb7\x79\x42\x6e\x73\x6b\xc1\x00\xc5\xe6\xf5\x26\x08\xdc\x39\x1e\x3e\xf9\xb1\xbb\x6a\xf1\x3d\x24\x9b\x7d\x32\xce\x06\x80\xc3\x68\xf5\x4d\x5f\xe0\x39\xcf\xe1\x01\x30\x25\x1e\x4d\xb1\x4c\x79\xc8\xd0\x44\x06\x04\x65\x82\x29\x90\xd8\x80\x93\xcd\x73\x65\x32\x85\x2e\x44\x78\x89\xdb\x89\xcc\x60\x05\x29\x96\xa3\x2a\x64\x36\x5c\x07\x26\x05\x1c\x11\x9e\xda\x90\x1d\xe5\x76\xb3\x34\xfc\x70\x49\x48\x23\x92\xe2\x62\x0b\x0a\x3a\x13\xfa\xb1\xd3\x6f\xc0\xa5\xf2\x3d\xb1\x47\xfd\x85\x7b\x26\xa6\x98\x04\x8f\x8b\x81\x1e\x23\xd7\x22\xe2\xe9\x02\x7e\xd4\x12\x4b\x48\xdc\x5e\x57\x8a\x7a\xeb\x19\xa1\xb4\xf9\x48\xee\x5b\x46\xf6\x5b\x97\x96\x46\xe2\xbe\x07\x47\x14\x11\x8b\xaa\x4b\xfc\x15\xb0\x89\xa0\xe0\x66\x27\xda\x46\xe4\xbb\x06\xaa\x3c\x7c\x5d\xd6\x48\xe0\x3c\x9c\x2d\xec\x3f\xac\xd9\x56\x26\x56\x2f\x30\x00\x88\x32\x30\xd2\xb0\xa1\xf8\xa7\x47\x8c\xb7\x7f\x93\x9a\x5f\x18\x8f\x45\x8d\x10\x37\xb9\x01\x76\x66\x4d\x86\xea\x85\x0b\x8a\xf5\x08\x7f\x86\x60\x5a\x77\xe0\x25\xef\x6c\x7e\x6a\x2a\x59\xf0\x06\xcb\xa1\x89\xfa\xd9\x33\xf4\x2c\x53\x27\x08\x10\x9b\xc1\xaf\x81\x48\x19\x59\x5f\xfc\xb9\x5f\xbf\x5b\x7e\x93\xa7\x11\x97\xe4\x77\xee\x7c\x04\xb8\x51\xc1\xc3\x66\x22\xcd\xd8\xe6\xc8\x60\xd9\xab\x2c\xac\x56\xd2\xdc\x98\xfa\x69\x12\x4f\x2b\xb2\xa6\x47\x1e\x1c\x73\xb6\x61\xf0\x71\xf5\xd8\x6d\xe7\xd1\xde\xaf\xa4\xed\xcd\xc7\xbf\x1f\x70\x5c\x56\x30\x0a\xff\xd0\x58\xb9\x69\x77\x91\x41\x9e\x5f\xb2\xa5\xb7\xf7\x8c\xe3\x40\x1f\xf5\x50"},
+{{0x89,0xde,0x74,0x42,0xd7,0x4b,0xa9,0x38,0x59,0x69,0xc9,0x65,0x1a,0x88,0xfe,0x28,0xe0,0x40,0xd5,0x93,0x90,0x7d,0xac,0x1a,0x39,0x87,0x41,0x8b,0xdf,0xdb,0xad,0x89,},{0xfd,0x3b,0xa9,0xfa,0xd3,0x20,0xeb,0xa4,0x5d,0x07,0xb8,0x4a,0x49,0x7b,0xe1,0x7d,0x3f,0xc7,0xdd,0x99,0x99,0xc9,0x68,0x88,0x3c,0xd6,0xac,0x13,0xb0,0x66,0x9b,0x17,},{0xba,0xb5,0x72,0x84,0xd2,0x0e,0xe5,0x4c,0xc7,0xf9,0x70,0x8d,0x71,0x77,0x06,0xd8,0xfa,0xf6,0xe4,0x63,0x32,0xb0,0x69,0x1d,0x6f,0x21,0x3a,0x8d,0xb8,0x01,0x15,0x5b,0x4e,0x33,0x8c,0x13,0x61,0xb5,0x92,0xbe,0x75,0x85,0x01,0xb1,0x82,0x17,0x93,0xae,0x52,0x27,0xcc,0x3b,0xa8,0xdf,0x8a,0xdf,0xc6,0xed,0x9a,0xca,0xb5,0x4c,0xc4,0x01,},"\x9d\x52\x72\xf0\xb7\x84\x88\x2b\x94\xc7\x6d\xfb\x9d\x46\x0c\xa4\x95\x02\x5e\x0a\xec\x5d\x52\xcc\xff\xfe\xce\x9f\x81\x73\xc1\x05\x58\x26\x6c\x49\x85\x25\x89\x1a\x97\xbf\x38\x78\xe3\x3c\x3d\xe2\xfc\x2e\x52\x55\x0b\x43\x15\x62\xcb\xe4\xa3\xd0\x11\xec\xc9\xe7\x7e\xc3\x6a\xd3\x83\x41\x35\x8c\x88\x32\x1c\x03\xd0\x8b\xb4\x26\xa7\xd5\x85\x41\x71\xc0\x27\xec\x48\xd5\x78\x19\xa9\x1a\xfd\x02\xa6\x18\xcc\xbc\x25\xe6\x8e\x53\x09\xd0\x47\xb1\x56\xe3\x57\x05\x37\x3a\xda\x2e\xb8\x31\x32\x1a\x20\x3e\x1b\xd8\xf0\xef\xec\xc0\x96\x18\x64\x7b\x41\xdf\xf2\x2b\x39\xd0\x22\x35\xf8\x71\x53\x2f\x60\x85\xe9\xcc\x52\xec\x00\x9b\x33\xee\xbc\xdc\x26\x7d\x77\x67\xc9\x0c\x92\x7e\x15\x4f\x72\xf3\xf4\x8a\x34\x95\x63\x19\xb2\x93\xc8\xa8\xb3\xe3\x4e\xfc\x5f\x62\xf2\xb4\xe8\x01\x9b\x50\xa0\x8f\x5c\xcf\x95\xbc\x83\x1b\xaf\x40\x81\x1d\x87\xe5\xed\xbd\x2f\xd5\x36\x5b\x26\xa4\x31\xae\x95\x80\x0f\xf3\x81\xcd\x62\xca\x40\xe1\x86\x6d\x95\x0d\xce\x14\xf0\x30\x91\x8a\xba\xc6\x8e\x79\x16\xdd\xb9\x5a\xdc\x19\x71\x28\x78\x74\xd0\x7e\xb0\xed\xef\x64\x29\x66\x52\xc4\x80\x44\xb0\xc5\x52\x1a\x8d\x27\x0d\x53\xd7\x4e\xc6\x3b\x89\x0f\x33\x63\xf9\x20\x7f\x66\x52\xae\x8e\x78\x35\xc3\x82\x0a\xd6\xd9\xe3\x63\x3f\x4b\xfd\x53\x79\xa4\x4f\x29\xd6\x5f\x36\x09\xfe\x35\x58\x17\xdc\xa5\x51\x8d\xfe\x3b\xd7\x69\x32\x0a\x03\x19\x02\xe9\xcf\x66\x69\xc2\x4f\x88\xb0\x1e\xb3\x69\x95\xbd\xb8\xdb\xed\x6e\xe0\xc9\xb7\xf3\x22\x95\xc6\x1b\xa8\x90\x5e\x55\x98\xf3\xc9\xe1\xc8\xbf\x72\x64\xf9\x82\x93\xfa\xea\x17\x74\x7f\x88\x44\x0c\x31\x81\x8c\x43\x3e\xa3\xd2\x3c\x01\xf4\xf7\xe9\xc3\xdd\x3d\x5f\x32\xec\x9e\xac\xd7\x1a\x09\xe3\xa9\x97\x38\x1f\x1c\xbf\xfd\xf4\xb5\xba\x49\x79\xde\xb7\xb0\x98\x41\xaf\xa3\xb0\x3d\x1c\x93\x11\x09\x7b\x86\x2c\xae\x11\x70\x7c\xbd\x3a\x4a\xe6\xc8\xa2\x6a\x30\x6a\x68\x7c\x41\x4a\x4e\xa1\xe8\x12\xf1\x15\xf6\x0f\x70\xbd\xa7\xf8\xfb\xe7\xbc\x2d\x50\xcc\x55\x0b\xba\x29\x1d\x5e\xc5\x23\x22\x9a\x08\xed\x56\x8b\x5c\xee\x18\xfe\x6f\x46\x78\x2c\x17\xcd\x82\x88\x01\x63\x92\x15\xbc\x5e\x9b\xe4\x55\x5c\x9a\x18\x00\x97\x67\xa6\xc5\xc7\x4a\x82\x29\xd2\xff\xaa\x39\x9d\x8e\x64\x32\x4e\x88\x42\x23\xd5\x07\x0f\x73\x5a\x75\xd8\x5f\xf6\xc9\x4a\x9f\xbc\x2b\x36\x51\x38\x6d\xe5\xa2\x3c\xce\x95\xc8\x78\x81\xc7\x93\x99\xae\x71\xf0\x90\x73\x7e\x21\x87\xfe\x90\x4a\xab\x1d\x92\xd6\x18\x67\x95\xc9\xb4\x6c\x62\xa5\x91\x4f\x36\x30\xfd\xcb\xac\x3b\xd4\xb0\xda\x4e\xc3\x13\x6a\x1f\xb2\xba\x40\x32\x2d\x7c\xc4\x08\x5e\x16\x70\x09\xcf\x74\x50\xfc\x6a\x28\x6c\x2f\x79\x51\xd5\x1a\xae\x23\xb8\xf3\x30\x20\xef\xb5\xe3\x24\x5b\xa6\xa3\x54\x3a\x2b\xde\xc4\x47\xd5\x1a\xe0\x0b\x5e\x16\x78\xb7\x60\x93\xcf\x21\x6b\x95\x07\xc9\x63\xeb\xfc\x02\x4c\xcd\x6e\xf6\xc7\x8c\x45\x72\x27\x3b\xea\xaf\x55\x07\x6d\xc4\x4a\x22\x4b\x58\x61\x57\x05\x79\x19\x65\x30\x7c\xef\xd4\x86\x72\xc0\x81\xbc\xcf\xbc\x1d\x15\xb0\x62\xb3\x8b\x4f\xba\x9b\x9b\xec\x95\x6c\xd1\x44\x44\xee\x43\x7e\x79\x60\xcc\x60\x1e\xdd\xc0\x2f\x1a\x76\xb6\x85\x74\xd5\xf8\x84\x31\x50\xc0\xb9\x00\x99\x34\xa2\xbf\xaf\x60\x57\x70\xc1\x36\xba\x29\xf3\xdc\x7e\x29\x59\x7a\x24\x80\xdb\x23\xe2\xb2\x67\x7e\xc6\xc5\x1b\xd3\x01\xf2\xb5\xa3\x9d\xfd\xa7\xb4\x77\xbe\xdd\x1c\xda\xed\x10\xe2\x9d\x29\x54\x62\x9b\x98\x76\xf8\xee\x54\xe4\x04\x73\x69\xd5\x34\xca\xb5\x4a\xea\x44\x1d\xc9\x47\xeb\x3f\x59\x38\x2b\x21\x83\x60\x57\x2f\x26\x59\x58\x31\x53\xc0\xe2\xb9\x12\xcf\x30\xc8\x15\xb2\x6f\x05\x85\x3d\xd3\x05\x51\xee\xcf\x64\xb8\x58\xa4\x41\xbb\x8c\x6d\xb8\xa9\xfd\xe7\x7a\x32\xa7\xb4\x6a\xf6\x6f\x8c\xb9\xf3\x5e\xe0\xfa\xfb\x0b\xd4\x2d\x9e\x65\xb2\xa9\x05\x82\x41\xa3\x1b\x8c\xa1\x11\x54\x34\x23\x76\x70\xaa\xb4\xef\xf3\x60\x10\xed\x03\x71\xf4\x65\x95\xda\x1b\xdd\x57\x9b\xbb\x67\xaa\xdb\x68\xe7\x7a\xd3\xa3\x8c\x8f\x26\xd2\xaf\x5a\x71\x03\xba\x5f\x22\xb4\x2c\xc1\x2a\x8c\x3c\xe5\xc9\x21\xc9\x1c\xfc\x0e\x63\xdf\x90\x27\xd2\x62\x29\xb1\x04\x7c\xbc\x18\xf6\xb0"},
+{{0x26,0x22,0xbd,0x9b,0xbe,0xf7,0xff,0x4a,0x87,0x62,0x9e,0xa0,0x15,0x3d,0xc4,0xd6,0x08,0xc3,0x1f,0xa5,0x84,0x79,0x88,0xff,0x50,0x0d,0x88,0x06,0x81,0xf1,0x13,0x72,},{0x19,0x97,0x58,0xa9,0xc3,0xd0,0xee,0x3e,0xeb,0xcb,0xbd,0xa3,0xe1,0xef,0x54,0x55,0xff,0x46,0xd7,0x36,0xbb,0x4e,0xf0,0xc0,0x6a,0x73,0x9f,0x9a,0xc5,0x84,0x83,0x95,},{0x43,0x78,0x96,0x6b,0x78,0x31,0xde,0xf4,0xae,0xcb,0x49,0x89,0xbc,0xaf,0x9c,0xae,0x99,0x46,0x1c,0xb9,0xb5,0x9d,0x19,0x51,0x8c,0xc1,0xec,0x7b,0x83,0x51,0xbc,0xd1,0xf7,0x23,0xaa,0xc5,0xf0,0x61,0xb3,0x83,0x63,0x57,0x4f,0xf9,0x6b,0xa1,0x0e,0x19,0x6b,0x1b,0x05,0x31,0xe1,0x18,0x30,0x36,0xa4,0x25,0xe6,0x9c,0x45,0x98,0x04,0x0c,},"\x89\x1e\x82\x12\x25\x47\xd6\x1e\x83\xb0\xab\xaf\x27\xc7\x30\x3f\x05\x22\xa2\xec\x4a\xf4\x4e\xf0\xac\x19\x6a\x99\x78\xb1\xc6\x23\xef\x1f\xa7\x2b\xaf\x70\x91\x0a\x5c\x51\xc4\xf7\x8e\x0f\xe9\xfe\x37\xe2\x43\x9c\x47\x95\x91\x6c\xfa\x22\xab\x47\x1a\x25\x57\xcc\x7b\xa6\xb6\x69\x56\x06\x3d\xde\xb3\x9c\x50\xf1\x4f\x06\x34\x8f\xa6\x6b\x60\x64\xdc\xff\xca\x50\x43\x96\x7f\x05\x25\x4d\x57\x7a\xbf\x22\xae\x8c\x90\x00\x0c\xe2\xe6\xa1\xa8\xb2\xe3\xa6\xb3\xab\xc5\x63\xeb\xff\xb2\x04\x45\xf0\x91\x1c\xc4\x2a\x98\x7f\x84\x56\xef\xba\x41\x30\xe6\x8f\x01\xfc\xdf\x7b\xf7\x71\xfc\x1d\x35\x37\x1a\x0d\x75\xdd\x5f\x90\x00\x2c\x90\xb6\xcb\xad\xe4\x0d\x5b\x23\xfd\xb4\x9a\xba\xcb\x72\x19\xae\x27\x56\x1a\xa2\xa8\x79\xda\x88\xdf\x34\xa8\xc5\x81\xf0\xc6\x71\x98\xff\xc6\x08\xfe\x91\x95\xb5\x55\x5c\x8a\xe9\x34\xc8\x30\xaa\xe2\x88\x5b\xea\x87\x48\x74\x48\xe1\x1b\x4f\x2f\x17\x2e\x4d\x5c\xfe\x4f\xd1\x13\xf9\xd2\x01\x6c\x24\xa7\x34\x51\x2b\xb9\x18\xf5\x75\xe7\x54\x13\x97\x18\xe3\xd2\x0e\x79\x0a\xbb\x94\x2c\xba\x3e\xc8\xb2\xdb\x59\x07\x96\xdc\x43\x5f\x13\x9f\xc6\x4d\xdc\x85\xa2\x24\x94\xef\x2b\xfa\x1f\x5c\x0f\x18\x75\xea\x58\xe8\x4e\xb3\x74\xec\xf8\xce\xc6\x46\x8b\x6b\x09\xd1\xe7\x4f\x15\x41\xed\x45\x4a\x28\x07\xd3\xf4\x05\x35\x66\xb0\xe4\xe2\xc6\xae\xce\xd1\x0d\xc0\x07\xe9\xdf\x41\x6f\x26\x7f\xcb\x3f\xe1\x7b\x8b\xac\xe0\x3f\x07\x43\xe0\xe6\xd4\xa4\x8c\xe7\x6e\xdf\xf6\x0c\x0e\x3a\x30\x84\x56\x99\x54\x13\xc1\x07\x6f\xf3\x7e\xcf\x23\x81\xa0\xd4\xe9\xe4\xa9\x13\xa2\x58\xd9\x83\xb9\x69\x6b\x5c\x45\xaf\x37\xc8\x68\x40\x70\xe4\x00\xb8\xf8\x65\xa5\x04\x04\x3f\x45\xd7\x8b\x97\x13\xf3\x35\xaa\x41\x6a\x46\x16\x64\x10\x73\x5f\xb5\xd8\x22\x10\x45\x8d\x5a\x08\xa1\x04\xd4\x00\x2a\xb6\x11\x88\xf9\xdf\x45\x7d\xd7\xed\x59\x37\xca\x50\x77\x60\x6b\x41\x8b\xbc\x86\x84\xa1\xd5\x25\xbf\xa5\x51\x08\x76\x40\xb1\xd1\x77\xca\x6d\x4f\x64\x71\xb3\x9b\x2c\xe4\x3a\xfb\xf8\x28\x5e\xcd\x68\x7e\x43\x8f\x44\x25\xdf\x56\x8a\xb8\x6f\xa2\x31\x63\x49\xa1\x10\x2b\x41\x43\xd7\x1e\xf4\xe2\x4f\x5c\x53\x0c\x77\xaf\xb0\x10\x07\x88\x63\x64\x40\xe7\x40\x67\x5a\x61\x74\xc5\xf0\x57\x10\xb2\x53\xa4\x11\x17\x3f\x9e\x82\xce\x6e\x22\xf4\x09\x5e\x77\x14\xb8\x73\x7e\x14\x7a\xa0\xf2\x31\x91\x57\x8f\xfd\x93\x82\x3c\xe4\xbf\x91\xc1\xd1\x10\x98\x2a\x5d\xa0\xe4\xb8\x1b\xd2\x5b\x9b\x9c\x21\x42\xa7\x67\x1e\xe9\x37\xc9\x0f\xd0\x71\x5e\xc9\xaf\xa4\x4d\x86\x04\x68\x98\xb4\x2f\x75\x35\x89\xd2\x26\x8d\x2a\xaa\xa9\x85\xcc\x90\xe0\xf9\xe8\x27\xa3\x92\x3e\x77\x16\x34\x6f\x4f\x89\x31\xc7\x28\x21\xb3\xeb\x64\x5d\xaa\x74\x52\xc8\xaf\xc8\x98\xd7\x97\x55\x45\xc1\x2d\xa1\xbd\xb2\x09\x04\x5c\xb0\x0f\x4b\xfd\x53\x83\xdf\x01\xf0\x03\x68\x0b\x97\x34\x40\xf1\xa3\x9c\x9d\x82\x09\x59\xef\x6f\x85\xbd\x33\x63\x90\x65\xae\xfd\xc8\xbc\xfe\xcb\xd9\xb9\x55\x40\x49\x73\x8a\xf2\x9f\x12\x94\x63\x9d\x39\x15\xd6\x32\x99\x5e\x8f\xaf\x71\x3e\xf2\xee\x3c\x29\x8b\x55\x96\xfa\x10\xc9\x9f\x94\x6d\xdb\x32\x34\x06\x95\xdf\x1c\x19\x45\x94\xea\xf3\x77\x8d\x73\xc8\xba\x60\x40\xc0\x4e\xb3\xa4\xff\x86\x77\x93\x6b\x88\xe0\xc5\xf0\x44\x14\x80\xd1\x07\xd7\xac\x22\x02\xb3\xb6\x94\xe5\x7c\xcc\xa6\xd8\x25\xe2\xa0\x7e\x81\x2e\xd2\x9b\x2c\x20\xd5\xc6\x05\x47\x15\x79\xe3\xed\xff\xc2\x23\xf2\x42\xc5\x93\x91\xdb\x41\xe9\x8d\x5f\x3d\x6c\x5b\x1e\x32\xac\x82\x37\xfc\xfd\x10\x20\x54\x3a\x40\x41\xe0\x3d\x92\xad\x3e\x2e\xc5\x52\x91\x47\x07\xc7\x7c\xd0\x1f\x3e\x48\x01\x14\x44\x28\x3f\x09\x68\xfa\x4d\xee\xee\x55\xc4\x56\xed\x1f\x87\x7a\xde\x04\xac\x8e\x8d\x2c\xb6\xc8\x58\x20\xb4\x92\x9b\x25\xbf\x31\xe9\x25\x43\x5d\x6b\xcc\x50\xd3\xe2\xe9\xb8\x51\x02\xe9\x70\xd7\x89\x5c\x25\xad\xe5\x21\x61\xa3\xb6\xbf\x50\x1a\xb0\x19\x61\xcb\x63\xed\x99\x0a\xeb\x93\xed\xa3\x82\x8b\xf0\x4c\xa5\x28\x53\xc7\xb6\xb8\xe9\xe4\x9e\x34\x9d\x69\xb5\x3b\xe0\x74\x85\xf5\x42\xb7\xcd\xd0\x6b\x52\x7d\x41\xdd\x11\x9c\x70\xb5\x64\xf1\xa9\x3a\xec\x62\xae\x74\xe6\xe8\xf8\x55"},
+{{0xae,0xb1,0x3c,0xcb,0x90,0xc8,0xcb,0xef,0x90,0xd5,0x53,0xda,0x3f,0x69,0x01,0xb3,0xd7,0x5c,0x13,0x01,0x1f,0x02,0x49,0x74,0xda,0xf7,0x9a,0x17,0x89,0xc8,0xc6,0x32,},{0x5f,0xaa,0xfe,0xb5,0x95,0xf1,0x6d,0x33,0x8f,0x1c,0x72,0xa9,0xf3,0xe4,0x98,0xf3,0x8b,0xab,0x69,0xa8,0x1b,0x37,0xd2,0xd0,0x92,0xb7,0xbf,0x7e,0x50,0x5d,0x82,0x0d,},{0x06,0x11,0xb1,0x9a,0x74,0x72,0xa4,0x43,0xe8,0x7e,0x54,0xd7,0xc6,0x64,0x7f,0xaa,0xb1,0xb7,0x9a,0x83,0xfd,0x43,0x71,0xc9,0x2b,0x97,0x54,0x00,0xfd,0x62,0x8a,0xcf,0xc3,0x25,0x77,0xcc,0xbb,0xaf,0x03,0xd8,0x8f,0x89,0x3c,0x88,0xf2,0xca,0xc7,0x84,0xc7,0x22,0xa0,0x8f,0x38,0x7a,0xbc,0x31,0x9a,0x70,0x2c,0x86,0x84,0x79,0x65,0x0b,},"\x86\x1a\x10\x18\xd6\xbd\xc4\x80\x5a\x5c\x4d\xf8\x7e\xfa\xa4\x62\xc6\x8b\x4b\xf4\x06\x5c\x68\x4c\x2a\xf1\x31\xc6\x37\x73\x88\xba\xee\x58\xc6\xc8\xf8\x84\x23\x62\xec\x6e\x3b\xce\x07\xc8\xaf\x55\x88\x5e\x82\xdb\x87\xa1\x52\x27\x80\x0d\xd3\x3a\xfc\x5e\x5f\xd1\x57\x01\xe9\x5f\x53\x50\x1b\x1a\x6f\xf8\x3c\x64\xe8\x51\x71\x49\xbf\x3f\xf0\x11\xb0\x94\xa0\x9c\x67\x3d\x0f\xc4\xa3\x9e\xe5\x5e\x69\xf0\x71\x17\x7b\x8a\xa3\x64\xe1\xe2\x56\x06\x4c\xf7\x02\x79\xcc\x76\x69\x5a\xe4\x9d\xaf\xcd\x80\xca\x0a\x14\xe1\x69\x1d\xb9\x46\x42\x2e\xc7\x5a\xb4\xf7\x86\x59\x15\xa6\x9b\xd4\x8d\x89\xb1\x2a\xdf\x48\x7d\x4d\xb9\xbe\x87\xcd\xdc\xa2\x11\xaa\x88\xe9\xbb\xe8\x49\xda\x21\x39\x89\xeb\x08\x44\x59\x2a\xd6\x3e\x28\x1b\x2e\x4a\xfe\x6a\x88\x36\x00\x66\x09\x92\x6c\x0f\x78\x7e\x84\xf2\xa9\x5b\x46\xb6\x6f\x0e\x45\x55\xc9\x48\x3c\xe2\x17\x6f\xc6\x3f\x7c\xc9\xf4\xf2\xa2\x2d\xb0\x55\xaa\xe2\xe6\x8b\x30\xa0\xda\x5f\xeb\x80\xc2\xa6\x0e\xa1\x0d\xbf\x67\xfb\xbc\xdb\xe0\xbe\x33\xf2\xe9\xc1\x3c\x46\x9e\x77\x68\xf2\xff\x59\x60\xa5\x5e\xb4\x82\xec\x11\xd4\x7e\x15\x4b\x7c\x42\xa5\xfb\x75\x6c\x8a\xd5\x39\xb3\x3d\x12\x5a\x4a\x65\x19\x2c\x6c\x9b\xd5\x76\x23\x8c\xa7\x2a\x73\xcd\x17\x9e\x8c\xf5\xcd\x04\x8e\xd3\x30\x21\x38\x23\xab\xba\xfc\x36\x82\xb2\xb7\xf6\x8c\x5b\xc4\x6f\xd0\x9a\x8c\xb2\xa3\xfd\x09\x95\x73\xee\x2e\x6f\x28\xc8\x2e\x27\x1b\xb5\xef\x93\x4b\x0b\x0c\x38\x1c\xfa\xae\xc6\x66\xd7\x17\x10\x6a\x87\x4a\xf3\x0a\xa7\x41\x25\xea\xe9\xac\xc2\xf1\xf2\x41\x18\xcb\x4e\x68\x3a\x73\x1e\x37\xe5\xe4\x64\xa1\xea\x3d\x2a\x53\xcc\x0d\xca\xd4\xc1\x7c\xea\x9a\x43\xe2\x36\x5f\x3a\xe3\xdd\x89\xeb\x39\x97\x74\x20\x04\x55\x50\x74\x5f\xc2\x67\xfc\x7d\xcc\x56\x02\xe9\x14\x97\x2a\x4d\xa6\xeb\xeb\x68\x7f\x68\xa0\xcd\x7d\x8b\x4f\xdd\x73\x72\x21\x06\xa8\xe4\x36\xb9\x3e\x5b\x58\xf5\x98\x2a\xce\xcd\xec\xfd\xb3\x82\xfe\x98\x53\x82\x61\x42\x6b\xa6\x40\x52\x55\x76\x43\xce\x9f\xec\x71\xea\x43\xcf\x5b\x6c\xba\xde\xb4\x95\x31\x93\xff\x3e\xd1\xa1\xf9\x22\xa9\xaf\x2e\xc6\xf3\x38\xe7\xfb\x0a\xff\xe3\xd1\x3c\x33\xe3\x95\x87\x3e\x4a\x7a\x7f\xb0\x44\x98\x1e\x05\xa6\x71\x97\xb9\x96\xb1\x99\xb4\x30\x11\x11\x93\x63\xe5\x61\xd5\xb8\xa5\x17\x84\xfd\xff\x58\xab\x80\xed\x4c\x49\xe9\x3f\x0c\xf4\x19\x24\xf9\x83\x5e\xfb\x09\xf6\x44\x63\xb6\x55\x17\xb6\x7b\x15\xdc\x3f\x28\xad\x9a\x9b\x2d\x29\x46\x8d\xe2\xc6\x3e\x62\x00\x4b\x6a\x3f\xd0\xc5\xc2\xe2\xaa\xa6\xcf\xa1\x5e\x4f\xaa\xfa\x1e\x2c\x71\x3e\x98\xd3\xfd\x25\xca\xb9\xe5\x17\x03\x59\xc8\x36\x51\x52\xb4\x74\x27\x6e\xd0\x03\x7c\xdf\x77\x18\x28\xe2\xfb\x7c\xce\xc4\x89\x5f\x21\xad\xcc\x5b\x68\x87\xc8\x6e\x51\xad\x05\xf2\x55\xf6\xe9\xda\xd2\xc4\x1f\x56\xb9\x8b\x7b\xbb\xf9\xfc\xb6\xba\x8c\xad\xfd\x38\xad\x8c\x62\xf9\x2d\xd8\x77\x40\xfa\x1e\x1b\xd1\x70\xc0\x0b\x20\x49\xc5\x13\x0f\xe7\x33\xf1\x6b\x1f\x2c\x7f\x00\xb2\xef\x97\xb3\xa9\x54\x58\xc5\x3f\x19\x9d\x46\x53\x36\xd5\xff\x59\x77\x80\x6e\x1a\xfd\xe3\xea\xa2\x46\xd8\x5c\xab\xf7\xe1\x23\x48\x1e\x23\x92\x99\x76\xed\x19\xc4\x0e\x29\xff\x33\xd8\x0e\x7d\xea\xb1\x92\x71\xde\xcd\x5e\xe0\x61\x72\xb0\xb0\xa1\x39\xbd\x62\xa2\xe7\xc8\x3a\x8a\x65\x60\x1d\x0a\x05\xd6\x1a\xf9\xc6\x03\x2d\xf5\x80\x01\xd4\x73\xe2\x0d\xd6\xc6\xaf\xd7\x8d\xdb\xd7\xcd\x17\x8e\x9c\x27\x1e\x05\x72\xf8\x59\x82\x82\x3c\xe6\xc4\x02\x93\x0c\xf8\x0f\x5e\x0c\x7c\xda\x85\x12\x2a\x76\xd1\xce\x02\x1b\x1e\x3d\xe2\x55\x6d\x1b\x45\xac\x7b\x01\xb5\x9c\xad\xa2\x52\x91\xd6\x38\xa5\x2a\x5e\x7d\xbc\xdd\xf9\x6b\xb1\x77\x4a\xb0\xb0\x77\xe4\xb3\xda\x5a\x95\x8f\xe1\x1d\xee\x4a\x02\xe6\x9b\x91\x8d\xdb\xfa\x1c\x5b\x3b\x7d\xca\x9f\x87\x84\xbb\x6b\x0b\x9d\x5a\x7f\xee\x74\xbb\x03\x74\x7f\x61\xc2\xb2\xf1\xb4\x92\x45\x2d\x3b\x56\x0b\x48\xd3\x9d\x87\x21\xe9\x83\x75\x25\x56\xd4\x4d\xa6\xb0\x28\xd9\xae\xf8\xbf\xf9\xaa\x37\x9c\x8e\x2b\x0a\x63\x6d\x74\x88\x60\xab\xd8\xe6\x4f\xc8\xe9\x65\x20\xa3\x4a\x27\xf7\x67\xaa\x97\xa8\xf7\x7b\x60\x95\x21\x8e\xad"},
+{{0x73,0x87,0x2b,0x14,0x76,0x2f,0x68,0xda,0xe4,0xfc,0x10,0xdf,0xd6,0xf4,0x2d,0x3f,0x96,0x22,0xbf,0x2a,0xfe,0x6b,0x34,0xa9,0x56,0x49,0xaa,0x38,0x74,0x24,0xee,0x6c,},{0xdf,0xab,0x2c,0xe1,0xab,0x99,0x81,0xaa,0x7c,0xbf,0x32,0x07,0x35,0x00,0x07,0xfa,0x6c,0xe6,0xca,0x60,0xa2,0xed,0x7b,0x59,0x0f,0x3c,0x2f,0x62,0x92,0x2d,0x8f,0x61,},{0x85,0x25,0xc3,0x46,0xca,0x3a,0x6a,0x6c,0x5f,0x65,0xc4,0x17,0x78,0x59,0x93,0x77,0x65,0x98,0x70,0xcb,0x6d,0xf9,0xa4,0xa0,0xe5,0x5b,0x40,0xc3,0x5b,0xeb,0xa5,0x5c,0x8e,0x00,0x9e,0x56,0x00,0xb6,0x44,0x7d,0xc7,0x40,0x2b,0xa2,0x77,0x49,0x29,0x7e,0x8f,0x95,0x28,0x69,0x18,0x56,0xf7,0x2d,0x2a,0xd7,0x61,0xed,0x1b,0xc1,0x53,0x09,},"\x43\x3d\x71\x78\x1c\xea\xb2\xb4\x7d\x82\x6e\x67\xd3\x9f\x9b\x80\xd2\xff\xd7\x25\xf8\xc5\xae\xb4\x0c\xbe\x4f\x9b\x5f\x48\xef\x93\x52\x1c\xce\xc6\x04\x36\x0b\x96\x47\x32\x31\x90\xbf\xef\x75\xac\x93\x15\x62\xd2\x7f\x4a\x4e\x31\xf4\x6e\x57\xbc\x99\xfa\x51\x58\xc8\x2e\x12\xb7\x37\xe4\x5c\x5d\xe9\xf7\xdd\x7c\x86\x22\xd4\xa7\xea\xad\xf7\x20\x2f\xb4\x9d\x81\x9c\x9a\xd2\x4f\x88\x07\x31\x3c\x5f\x37\xdc\x20\x45\x3b\xdf\x05\xc9\xbf\x1a\x3c\x21\x17\xc9\x3e\x7f\x3c\xc8\xa2\x54\x20\x98\xe8\xfc\x1c\x64\x2f\xa4\x7b\x05\x54\x36\x57\xb8\x5f\x48\x0b\xc8\x6e\xc4\x28\x00\xbb\x14\x22\x35\x9c\x7c\x3e\x8f\xf4\xbe\x59\x8b\xd5\x4f\x1d\xc5\x86\xac\xae\x45\xa4\x74\x06\x22\xb9\x62\x74\x2b\xc8\x6e\x17\xcf\xa6\x3e\x77\x53\x54\xe7\x70\x7e\x50\x79\x58\x9e\x8d\x10\x8b\x1f\x11\xda\xce\x05\x75\xcb\x9a\x6d\x26\xb5\x9f\xce\x98\x14\x65\xd9\xbc\x34\x4e\xa6\x94\x5a\x95\xb8\x62\x79\x63\x84\xfa\x81\x70\x56\x08\x57\x45\x7b\xef\xf9\x5a\x9b\x5a\xc3\xd6\xad\x28\x2d\x44\x92\x9a\x30\x30\x26\xb4\xbb\xed\xd6\x0e\x2e\xf0\x55\xa3\x1f\x52\xd7\xce\x8d\xf2\xca\x5d\x18\x51\xc5\xb1\x67\xdb\x08\x09\x25\x9b\xb8\x12\x56\x90\x74\x10\x5c\x73\x4c\x85\xd6\x23\x12\x73\x75\x5f\x3a\x8b\x56\xdc\x50\x8d\xb5\xc2\x3d\xac\xb7\xa0\x61\x67\xbd\xa5\x1b\xc0\x13\x50\xf0\x16\xcd\x41\xb2\x1e\x8c\xc5\xbc\x93\x34\x3a\x9b\xb6\xea\x47\x38\xc5\xc8\x4b\x78\xfa\x96\x3c\x41\x0e\x43\x3d\xc5\x98\x19\x6c\x22\xe5\xb7\x91\xe1\x2a\x4b\x34\x3f\x7c\xd4\x7b\xbb\x0e\xb0\x78\x2b\xdb\x1a\x4e\x46\x68\x46\xa0\x30\x52\x8e\xeb\x89\x05\x6f\x73\x25\x71\x93\xad\xaa\xbc\x1b\x22\x98\x62\x03\x48\x78\xc3\x25\x8a\x53\x25\x48\x76\x2e\x29\xec\xc0\x01\xab\xd9\x89\x64\x9d\xa5\xe1\x44\xcf\x35\xd4\x86\x99\xf2\x3b\xc4\x6c\x5b\x34\xe0\x4a\x53\xe7\x27\x24\xb2\xb0\xb8\x78\x98\x25\x75\xd6\x88\xe2\x3c\xbe\x3a\x34\x06\x7f\x49\x71\xe5\x55\x97\x2e\xc2\x90\x8a\xe5\xf0\x3e\x88\x31\xec\x67\x75\x5b\xe9\x56\x87\xce\x63\x72\x93\x9e\x1e\x2f\xb6\x95\x1e\xc9\xec\xf4\xbf\x7d\x15\x35\x43\x1e\x25\x9f\x29\xad\x43\x12\x22\xb5\x4b\x65\xaa\x7d\x07\xcf\xb5\xdf\x16\x2a\x87\xc4\xd0\x34\x81\xeb\x44\x1f\x22\x1d\x7f\x58\x62\x7a\x14\x16\x4e\x7f\x4c\x2e\x3a\x1d\x50\x7e\x89\x9d\x53\x58\xe0\x08\x29\xb0\x8c\xf3\xae\xcb\x8a\x75\xb2\xa3\x1c\x31\x85\xa5\x80\xe1\x2b\x13\xf0\x64\x28\x69\xff\xfb\x05\x67\x23\xe9\x61\xaa\xf6\xfe\xfe\x67\xb4\xa7\xc4\xc9\x3d\xb3\xfe\x1f\x61\xad\xcc\x76\x55\x69\xa9\x9c\x09\xa3\xc8\x24\xed\x4a\x98\xba\xbe\xae\x43\xef\xb1\xf3\x51\xba\x13\x0e\x22\xaa\x97\x81\x19\x86\xbe\x92\x3c\xc4\x18\x0a\x7c\x4b\x78\xbc\xc1\x40\xce\xc1\x55\x74\x65\x4a\xa6\xd6\x5a\x06\xb9\x7e\xcf\xa5\xf3\xa9\x35\x5f\x96\xe4\xee\xaa\x76\x89\x21\x7b\x66\x3f\xba\x4d\xab\x0d\x99\xb1\x9c\x8d\x8d\xbf\x47\xa1\x57\xe5\xd5\x96\x9a\x35\xef\x84\xdf\xf9\x56\x2e\xdd\x43\x4e\x73\xae\xe7\xd0\xd8\x92\xdd\xa7\x2a\x36\x2a\x22\xa7\xe9\xfa\x86\x34\xa5\x7e\xeb\xd1\xa9\x07\x48\x5c\xa8\x92\x1b\xdc\x19\xee\x9e\xe5\x88\xf3\x95\x68\x7d\x3f\xc8\xf8\xc2\x5f\x2e\x95\x76\xca\x60\x31\x3f\xbb\x2c\x26\x5a\x99\xf2\xcd\xd5\x57\x5b\x1d\xd5\x30\x60\x4e\x9a\xd6\x69\x5c\x9f\xb3\x59\x94\xa8\xb8\x7d\x5c\x85\x70\x54\x9a\x4d\x32\x9b\x9f\xe0\x87\x06\x9a\xb7\xeb\x0d\x71\x4a\x94\xe1\x92\x61\xf8\x6e\x44\x8f\x2d\xa9\xb1\xcb\x0c\x0d\xbe\x41\xd4\x4c\x3a\x82\x47\x83\xd1\xbd\xbd\x73\x26\x05\x1a\xeb\x10\xad\xab\x80\x5c\x5c\x59\xd0\xe8\x3b\x1c\x11\xa2\xfd\xd3\x5e\x44\x4a\x49\x9e\xd1\x5d\xaf\xd8\x38\x62\x77\x5f\x6c\xdf\xc6\x75\x95\x81\x84\x07\xbe\x55\xec\xbf\x7b\xf8\x6c\x73\x06\x9a\xac\xe5\x77\x62\x6a\x85\x63\x53\x6f\x60\x50\x42\xcf\x7c\xaa\xf6\xfc\x8e\x3b\x54\x5b\x77\x41\x4d\xf8\xd9\xf6\x49\xb9\x9e\xe4\x25\x41\xda\x38\xc3\xaa\xe6\x27\x20\x78\x45\xb8\xf4\x14\xa8\x07\x4d\x70\x86\x8a\x5c\x0b\x07\xb0\x70\xc3\xc6\x53\xbe\x04\x07\x6b\x83\xca\xd7\xb0\x30\x5d\x95\x00\xaa\x44\x45\x5c\xb8\x60\xdc\xc7\x64\x00\xaf\x93\xc3\xd2\xef\xb4\x2a\xe0\x56\xf1\x42\x8b\x65\xf1\x22\xe1\xc7\xb9\x58\x4d\x81\x4d\x50\xac\x72\xef\xdb"},
+{{0x67,0xcf,0x27,0x15,0x52,0x87,0xbe,0x6b,0xfa,0xb6,0x62,0x15,0xe0,0x17,0xc3,0x46,0x63,0x22,0xf2,0x1e,0x6e,0xb1,0x40,0xbe,0x4f,0x1b,0xde,0xcf,0x55,0xab,0xfd,0xc1,},{0xd0,0x70,0xaa,0xb2,0x95,0xa8,0xaf,0x93,0x57,0x27,0xc3,0xbe,0x44,0x2b,0x25,0x1d,0xb9,0xe7,0x74,0xd2,0xf4,0x4b,0x3c,0x24,0x24,0xc5,0x2f,0xc8,0x96,0x56,0xe1,0x69,},{0xc9,0x34,0xa3,0xa1,0xaa,0xab,0x78,0xd9,0x26,0x9d,0x1e,0x9d,0x13,0x39,0x2f,0x72,0xc6,0x37,0xbc,0x5d,0xe5,0x4f,0x04,0x69,0x1e,0xfc,0x29,0xd4,0x73,0xb4,0x75,0x02,0x5d,0x8d,0x8f,0xe3,0xc5,0x23,0xd2,0xd2,0x9c,0x41,0xc5,0xf3,0xde,0xc6,0xca,0x38,0xce,0x6d,0x68,0xd7,0xff,0x09,0xb6,0x13,0x5b,0xa2,0x4d,0x0d,0x32,0xcc,0x15,0x02,},"\x0f\xf0\x52\x97\x03\x1c\x89\x27\x74\xcb\x2c\x01\xe8\xca\x60\xdd\xd0\xce\xac\xc0\xb8\xd5\x91\xa8\x91\xe3\x3b\x19\xe1\xbe\x9e\x36\x3b\xc6\x42\x0d\x6f\x52\x9f\x04\x84\x0b\x3b\x08\x85\x3c\x83\x5a\x03\xe0\x36\x97\x8b\x04\xa4\xf9\xec\x6b\xe4\xae\xf3\x31\x95\x61\x90\x99\x6d\xea\x27\x26\x19\xf1\x68\x6d\x33\xbe\xf0\x3d\xbc\x08\x5a\x92\x3a\x0f\x11\x5b\x78\xf6\x53\xfe\xeb\x60\xbb\x9e\x45\xf3\x4f\xb8\xbe\x5a\x4c\xbb\x64\x8c\x7d\x29\x95\x6f\x0d\x0e\x96\xbd\xd3\xc8\xd0\x64\x97\x20\x62\x4c\xbc\x20\x79\xe8\x4f\xd6\xd0\x10\x24\x11\x24\x09\x84\x59\xf1\x2a\xf2\x99\x1d\x38\x28\x77\x0f\x50\xb1\x04\xea\x6e\x5f\x51\xfd\xad\x30\xa9\xb8\x07\x9d\x21\x59\xe4\x6d\x64\xaf\x91\xd0\x7c\x10\xed\x19\x81\x4d\xf2\xaf\xe6\x60\xd7\xd8\xf2\x40\x35\x34\xe9\x2c\x62\xe1\xea\x6d\x68\x82\x03\xbc\xa3\xd9\x7c\x2a\xfd\xa8\x3b\x25\x55\x20\xff\xe9\x2a\x33\x62\x57\x72\x51\x3b\x1f\xe3\x4f\xaf\xe3\x2b\x6a\x9b\x8c\xf9\x94\xdf\x7e\x63\x4e\x68\x65\x91\xe5\xf0\x07\x3a\xba\xbc\x64\xa8\x92\x10\xba\x53\xa4\x99\x1c\x11\x55\x7e\x03\x34\xe6\xc6\xa5\x03\x6c\x64\x2a\x31\x8f\x22\x95\x11\x71\x39\x08\x5f\xb3\x40\x75\x64\x70\x06\x75\x8e\x32\xbc\x00\xad\x10\x9f\xe8\x03\xf7\xee\x9f\x5e\xc2\xaf\x4d\x25\xc3\x07\x0a\xbc\x51\xcf\x4d\x78\xe1\x3a\x7c\xe2\x83\xd4\xfb\x4e\xb4\x1d\x3e\x8c\xe9\x02\x38\x50\x0a\xe0\xce\xda\x32\x0e\xc5\x92\x2e\xfa\x10\xb9\x03\x74\x8e\x1e\x85\x3a\x37\x29\xd2\x4c\x10\x54\x39\xdf\x2f\x70\x00\x12\x3d\xb9\xb2\xc0\x15\x33\xbb\xf0\xd0\x28\xeb\xb2\xfc\x00\xdc\xe3\x8a\xd0\x63\x28\xee\x9e\xcd\x84\x9a\x6e\xfc\x3a\xe8\x84\xef\x69\x33\xcf\xeb\xed\x05\x5b\xb2\x96\x8a\x0b\x06\x76\xb5\x72\x92\x16\x17\x8c\x75\x19\xef\x07\x88\x59\x3f\xc0\xdc\xff\x50\xd7\xe0\xb1\xeb\xb3\xcf\x49\xbb\xd1\xbf\xa5\xc3\x0e\xa7\xb8\x8c\x36\xe1\xa1\x59\x3a\xef\x0b\xb3\xf9\xe2\x09\x1c\x85\x89\xf7\x41\x4b\xee\xd8\xdf\x46\x6a\x2e\xd8\x7b\x2c\xb5\xf3\x5f\x1d\x31\x24\x6c\xeb\x96\x86\x09\x25\x36\x15\xd7\x80\x43\x51\x73\x79\xee\x69\x74\xa6\x69\xcb\x48\xda\x6a\xc2\xf9\x6d\x70\x0b\x7e\x44\xa4\x35\xcf\xef\xec\x40\x2a\x1e\x31\x10\xe7\x69\x81\x92\x4f\x26\x01\xc0\x1d\xc0\x35\x46\xfd\x4f\x51\x16\x49\x30\x2f\x06\x33\xdf\xbd\x25\x65\x1c\x5a\x59\x9c\x90\x95\x44\x89\xc7\x6a\x65\xec\x05\xa7\xe4\xcc\x74\x61\x6c\xe2\x56\x01\xcc\x37\xb8\x04\xe1\xf0\xbc\xc8\x65\x10\x23\xb1\x2e\x13\x56\x84\x41\xe8\xb8\xef\x4c\x30\x5f\xcd\xad\x3d\x2b\x13\xfa\x08\x03\x24\xb2\xfd\x6b\x61\x99\x8c\xf8\x64\xb6\x58\xbc\x7f\xef\xcc\x48\xa5\xa7\x68\x1d\x7c\x86\x6c\x34\x2c\x7f\x5d\x6c\xf1\x08\x81\x52\x2c\xc7\x10\x25\x7d\x25\xa4\xc1\xe3\x52\xd2\x70\xe9\x02\x08\x2a\xb9\x54\x1d\x59\x00\xce\xff\xa0\x91\x4b\x16\xb5\x5e\x0d\xd3\x78\x6e\x98\xd4\x17\x20\x87\x5a\x14\x8e\xb4\xab\xdb\x01\x53\x85\x66\x79\xfb\x98\xc0\xec\x48\x5e\x5f\x45\x8d\x63\x5b\x78\x61\xa2\xb3\xa8\xba\x5e\xc2\xc1\x44\x4d\x35\x39\x80\x20\x0e\x5e\x07\x18\x08\x85\x4a\x26\x8c\xc7\x6c\x60\x5c\x94\xf3\x73\x29\xc3\x61\x87\xa4\x1f\xdd\xf9\x2a\xab\xdb\x49\x96\xa0\xe1\x0b\x31\x55\x26\xaf\xea\xc8\x0e\xb2\xfa\x32\xaf\x78\x6a\x34\x31\x6b\x36\x11\x1e\xe9\x35\x21\x08\x14\x4d\x70\xf7\xd1\x72\x3b\x32\xf4\xdb\xaa\x82\x20\x13\x53\x41\x1d\x65\x77\x13\xe5\x5e\x35\xdf\x78\x58\x0b\x1b\xc0\x86\x80\xf0\x15\x9f\xa1\x16\xfa\xf4\x63\x56\x6a\xaf\xe8\xae\xa6\x98\x57\xe7\x2e\x44\xac\x80\x9a\xc4\x3f\x5c\x45\x93\x9d\x85\xa1\xa5\xf4\xa3\x70\xa1\x89\x96\xc8\x51\x4a\x46\xf3\x43\x71\xef\x9e\x5f\xb2\x04\x42\x2c\x93\x4a\x1d\x29\x3d\x10\x1b\x8c\x16\xf9\x9c\xc0\x73\xea\x36\x6a\x13\xa4\x5c\x43\x7d\x62\x0d\x13\x2b\x74\x40\x9c\xbf\x8b\x9c\x07\x5b\x41\x63\xf7\x26\xaa\x67\xe5\x09\xa2\x48\x74\xfc\x1b\x1f\xb6\xfb\x7c\x73\x55\x15\x9c\x02\xaa\x13\xe6\x4b\xad\xf1\x50\x35\x6b\x18\x41\xb3\x21\xf8\x04\x1e\x13\xed\x77\xe8\x46\x1c\xfb\xb8\xe8\x28\x48\x8b\xf5\x17\xa5\xd2\x9f\xf8\x2e\x73\x67\x48\x0a\x8e\xdd\xde\xb5\x35\x0e\x7a\x83\x42\x3b\xd0\xb1\xc5\x5f\x7b\xb4\x24\xca\x04\xc2\x05\x72\x3c\xd5\x40\x56\x71\xe7\x33\xf3\x91\x60\x0a"},
+{{0x18,0xc2,0x1c,0x0d,0x0d,0xe1,0x3d,0x4c,0x64,0x49,0x7e,0xf0,0x26,0x0d,0x66,0xcf,0xd3,0x42,0x16,0x98,0x1a,0x1b,0x49,0x39,0x1a,0xe5,0xcb,0x0e,0x41,0x43,0x6e,0x9f,},{0xf7,0xd4,0xdd,0x1e,0x05,0x9c,0x36,0xf6,0xd1,0x21,0xc0,0xaf,0xfe,0xb2,0x1f,0x0c,0x57,0x2b,0x45,0x99,0x2f,0x84,0x94,0x8b,0x09,0xaa,0xfb,0xcd,0x86,0xbb,0x53,0x5c,},{0xc9,0xc0,0x99,0xe2,0x1d,0x09,0x5a,0xfa,0xdd,0x4e,0x71,0xc9,0xab,0xf6,0xb7,0x08,0x33,0x24,0x77,0x62,0x25,0xb5,0x87,0xb6,0x0a,0x0e,0x60,0x92,0xec,0xb3,0xd3,0x3c,0xff,0x39,0xc6,0x7d,0x34,0x77,0x6a,0xe9,0x9d,0xda,0x75,0x4a,0x3c,0x2b,0x3f,0x78,0x11,0x35,0xa3,0x8c,0x78,0xed,0x64,0x55,0xaa,0xf0,0xae,0x0c,0x31,0x3b,0x62,0x05,},"\x68\xab\xca\x7c\x16\x6a\xfe\x06\x3e\x47\x7b\x80\xe3\x7d\xb2\x24\xe1\xa2\x35\xde\x8f\xcd\xeb\x7f\x42\x7a\xf6\x7e\x00\x12\x47\xcc\x5e\x05\x71\x82\xfd\x9b\x6d\xb8\xba\xba\xa6\x58\xcf\x3b\x3f\xe4\xb0\x76\x3b\xf8\x8d\x67\x31\x1b\x11\x90\xbe\x83\x40\x18\xcf\x57\xa3\x32\x92\x24\x13\x76\x46\x20\xac\xe0\x54\x45\xee\x01\x9a\x06\xdf\xf9\x8b\x23\x89\x79\xad\x6d\x30\x90\x1b\xef\xa3\xc6\x4f\x6b\xd8\xc6\xeb\x09\x2c\x2e\x62\x84\x13\x88\xfd\x8c\x4e\x84\x19\xe2\x77\x89\x84\x89\x67\x37\xed\x90\xa2\xcd\xb2\x19\x96\xae\xf7\xc2\x16\x38\xd6\xcb\xe6\x80\x32\x2d\x08\x99\x65\x97\xa9\xe3\x03\xf6\xf5\xf4\x79\x40\xf8\xc5\xba\x5f\x5f\x76\x38\x3e\x7e\x18\x06\x4a\x3d\x2d\xff\x5f\xdf\x95\xe9\x0c\x5e\xb3\x0f\x4d\x8d\x45\x9e\xe1\xd5\x06\xa8\xcd\x29\xcd\xc6\x9b\x67\x54\x96\x3b\x84\xd6\x74\x94\xb3\x53\x05\xd1\x0d\x12\xb9\x48\x74\x17\xb2\xce\x28\xad\xcb\x10\xb6\x5c\xc9\x31\xfb\x33\x81\xae\x02\xe7\xaf\x79\xa0\x2b\xf9\x9e\x25\x8a\x56\x36\x10\x90\xe0\xb7\x12\x22\xb3\xac\x60\xbf\x2f\xb7\xba\x83\x2d\x03\x4f\x5b\x6b\xc6\xfa\x66\x3a\xe7\x41\xf7\x6d\x97\xc1\xac\x32\xbc\xb7\x41\x15\x07\xd5\x18\xd2\xf6\x05\x4b\x57\x83\x28\xc5\xf6\x7f\x75\x8a\xc0\x1b\xfe\x6f\x4d\x35\x90\x0f\x50\xa5\xdc\xd3\x0d\x2f\x92\x61\xb6\xbb\xec\x4c\x1d\x1f\xc1\x8d\x2a\x7e\x70\xc4\xd3\x6c\x21\xfa\xf8\xcf\x94\xa5\x87\xc3\xa0\xd1\xa9\xcd\xe7\x83\x1a\xe6\x26\x77\x54\x68\xdd\xcd\x40\xa8\xba\x18\xf4\x2b\x34\x18\x8d\xe5\x74\x1e\x1b\xe8\x30\x7b\x10\x84\x58\x65\x15\xec\x01\x5e\x4e\x37\x1d\x29\x44\x3a\x40\xb0\xc0\x69\xc6\x41\xd8\xce\xe5\xe4\x61\x18\x62\x98\x7c\x3e\x35\x6b\x12\x93\xb0\x51\x8b\x4a\x4c\x8e\xa9\x7f\xc5\xa4\xdb\x1f\x01\x29\xab\xee\x72\xfb\x80\x92\xea\x35\xc2\xda\xb6\x75\x73\x85\x02\x07\xb8\xe8\x27\x18\x99\x9a\xd9\x9c\x4c\x83\x9e\xac\x14\x63\x6b\xd5\xe4\xd8\x43\x6a\x27\x0d\xd9\x0b\x8e\x32\x13\x02\xe5\x2a\x92\xd8\x91\xff\x18\x91\x54\x2a\xe2\xca\xa0\xd6\x6e\x0f\x66\x1e\xae\x37\xb2\x5b\x08\xbb\x2e\x0e\xee\xc4\x83\x80\x09\x77\x8c\xd5\x25\x98\x43\x80\x98\x3b\x2b\xaa\xdd\x71\x02\xa1\xe3\x56\x73\x4e\x41\xd7\x61\x83\x82\x9e\xa9\xab\x82\x44\xc3\x36\x59\x7c\xa2\xd6\x79\x88\xf2\x81\x43\x84\x67\xe4\x53\xf5\x62\xc6\x7b\x22\xd0\xa4\xdd\x9f\xcb\x46\xa5\xf8\x0d\x29\x9d\xb5\xf0\x1f\x59\x16\x0a\x19\xd7\x4c\x64\x4f\xa5\xa9\x40\xe3\x2c\x9d\x8d\x98\x3b\xab\x7e\xfb\x0d\x7c\x7d\xa4\xe3\xfd\xa1\xcd\x0d\x18\xa4\x55\x8e\xb9\xfe\x46\x40\x8a\xab\x50\x85\x91\x2b\xf2\xf4\x6a\xb6\x3a\x93\x54\xf9\x02\x7c\x93\x69\x12\x23\xff\xaa\xb8\x46\x3b\xac\x4c\x4b\xc3\xb1\x1a\xbc\x46\xba\x68\x71\x7c\x91\x78\x0d\x3f\x30\x47\x0d\xbd\xd8\x8b\x37\x80\xa1\x94\xc8\xa4\x0a\x2c\x0a\x81\xa4\xd5\x6d\xec\x2d\x89\x62\xc3\x4d\x2a\xb7\x33\x69\x02\x8e\x1b\xfe\xaa\x6b\xb5\x82\x41\xff\x4f\x89\x8f\x80\xad\x3b\xb1\xc6\x91\xb8\x64\x7f\x2c\x69\x83\x95\x4c\x1c\x77\x95\x74\x58\xee\xbf\x1c\x50\x55\xc3\x16\x93\xab\xce\xd0\x53\x84\x73\x5a\x4f\x74\x19\x68\xbd\x6a\xc3\x15\x65\xcf\xee\x71\xc8\x84\xc1\xe2\x9e\x9e\x7a\xe0\xf7\xec\xd0\x4d\x46\x3b\x1d\xc3\x89\xc3\x60\x37\xe8\x14\x58\xdc\xec\x61\xd0\x76\x40\x32\xdd\x58\x9b\x92\xaf\xda\x2f\xc9\x02\x8f\x41\xab\x53\xcc\xa2\xd0\x4e\xc6\xa9\x56\x59\x55\xcb\xcf\x1a\x34\x63\x98\x9c\x71\x39\xbb\x90\x2a\x59\x21\xe8\xb2\xc9\x9c\x48\xe1\x37\x11\xf0\xbc\xc3\x99\x25\x95\x16\xc8\x1a\xe9\x42\xa6\x79\xd4\xba\x33\x97\x9e\xb1\x2f\xcd\x28\x60\x60\x2e\x47\x24\xb1\x33\x0f\x1c\xd2\x57\xb5\xb2\x89\x1d\xae\xe8\xef\x4c\x92\xfc\x3b\xfd\xb3\x4e\x53\x2d\x58\x70\xf3\x80\x59\x86\xac\x97\xb5\x03\xfd\x85\x87\x35\x48\xe3\x09\x50\x00\x0f\x8a\x70\xbe\x51\xfa\x75\x76\x03\x50\x1f\x2d\x30\xe8\x52\xef\xea\xc4\x82\x68\x62\xae\xd7\xf6\xd2\x0c\x9a\x8c\x8d\xbe\x36\x2d\xfe\xe4\x18\x93\xf2\x7e\x6f\xd5\xe9\x1d\x0e\x7e\x3d\x4f\xd8\x15\x5f\x44\xfd\x8e\xf1\x7a\xf1\x4a\x84\x8d\x44\xa8\x76\x31\xae\xee\x75\x14\x62\xb2\xa5\x40\x87\x06\x8d\xae\xab\x3e\xa3\x28\x9e\xce\x62\x12\xb3\xb5\x2c\xe7\xa8\x88\x6d\xf2\xa7\x27\xb7\x2a\x57\x0c\x2f\xb9\xc5\x03\x41"},
+{{0xdb,0x9a,0xae,0xe1,0x98,0xcd,0x26,0xa5,0x2b,0x11,0x81,0xfa,0x3f,0xd9,0x2a,0xbe,0x42,0x5e,0x66,0x6d,0x89,0x0b,0xf9,0x69,0x46,0x7d,0xd2,0xce,0x28,0x0e,0xd4,0xa7,},{0x3c,0x89,0x7c,0xaf,0xe2,0xb4,0x99,0xec,0xb2,0xe1,0xdd,0x01,0xea,0x55,0xf3,0xfc,0x88,0xf6,0x8c,0x25,0xb6,0x4a,0x63,0x6b,0x31,0xa1,0xfd,0x1c,0x78,0xf3,0x7f,0x3f,},{0xb2,0xe3,0xd9,0xc5,0xd0,0xff,0x32,0x99,0x96,0xbc,0x89,0xd2,0x6f,0xb3,0xac,0x12,0x6b,0xde,0xd3,0x13,0xcb,0xf8,0xdf,0x86,0x71,0x86,0x38,0xc1,0x99,0xe0,0x57,0x27,0x3d,0x09,0xeb,0x16,0x3c,0x6c,0x18,0x1f,0xd8,0xbc,0xe5,0x1f,0x72,0xd4,0xd9,0xd2,0xe8,0x4a,0xbb,0xe0,0x83,0x30,0x77,0x3b,0x9f,0xcc,0x21,0x66,0xf1,0x40,0xd6,0x0e,},"\x47\xfb\x62\x15\x61\xf8\xb7\xee\xce\xc6\x03\x3f\x2b\xcb\x6f\x43\xac\x68\xc9\x58\xdf\xd2\x65\x6f\x52\xa0\xc2\x9b\x4a\xcd\x44\xf4\x30\x4c\x6b\xf7\x7e\xea\xa0\xc5\xf6\xd3\xb2\x2d\xb1\x96\x99\xc3\xdc\xde\xde\x69\x8a\xbd\xe6\x23\xec\x4b\x2b\x90\x91\x0c\x80\xac\x3a\xf3\x9c\x55\x0b\x6d\xd4\x09\xe6\x3d\x77\x70\x66\x55\xa9\x19\x9c\xb5\xc0\x25\x8f\x5b\xa3\x82\x85\xff\xdc\x64\xb8\xa8\xf3\x73\xd1\xfb\x29\xba\x87\xf8\x4d\xdf\x5f\x34\xd8\xf1\x40\xbb\xc1\x7b\x39\x61\x68\x2d\xf5\xd0\xa8\xf9\x10\x2e\x37\x9a\x99\x98\x13\x9d\xfe\x40\xab\x8c\xe7\x53\xbf\x56\x26\x10\x82\x37\x77\x1a\x7d\x8e\x10\x9e\x9e\x0a\xfe\x9b\x66\xd0\x42\x09\x42\xe1\x63\xa4\xf3\xc0\x3f\x71\x81\x3e\xe0\x78\xbd\x09\x0a\xc3\xd0\x77\x2e\x26\x22\xc2\x59\xe6\x82\x55\x2c\x75\xb0\x8d\xd0\x55\xa4\xa5\xeb\x5e\x60\x94\x40\xbc\xd3\xf3\xa6\xfe\xb8\x76\xfd\x16\x92\x15\x20\xc6\xcb\x68\x84\x71\x0d\x2e\x15\xcd\xad\x6d\xaa\xee\xd9\x59\x62\xdd\xa2\x1c\x67\x88\xf7\x84\x91\x79\x17\x98\x2e\x1c\xcb\xb5\xfd\xd9\xbd\xc1\x76\x9d\xb6\xb6\xdb\x57\xca\x35\x4e\x01\xa1\x33\x9d\x8e\x77\xe9\xdb\xbb\x58\x12\xfb\xab\x6a\x14\xc5\x40\x85\xc0\x65\x95\x99\xf1\x50\xe2\x24\x72\x47\x0f\x1e\x5e\x67\x2c\x42\x5f\x37\x5f\x9e\x0d\x6e\x8d\x52\xfa\x17\xb7\xa8\xd7\xa4\xd7\xca\x3e\x12\xf4\xdb\x53\x83\x6a\xed\x2b\xeb\xd7\x45\x89\xba\xca\x8c\xe9\x10\x02\x91\xbf\xb7\xe4\x56\xdb\x7f\x2f\x0a\x84\xdc\x0a\x74\x88\x85\x13\x66\xa9\xa5\xfe\xa0\xe3\xef\xc7\x4b\x9c\xdd\x4b\xd9\x7b\x65\xab\xf3\x61\x39\x3c\xe1\x70\x3d\x85\x71\x80\x5e\xe6\x8a\x13\xd3\x65\x4f\x03\xdc\xec\xfb\x77\xa5\x34\x30\xd0\x94\x96\xad\x73\xec\x01\x75\x99\x57\xe5\x10\x46\xaa\x73\x96\xf5\x92\x33\x86\x50\x11\x7a\xc7\xb4\xdd\x35\x73\xeb\x53\xd9\xc9\xf9\xdf\xa6\x2e\x23\x69\xc7\x7a\xf9\xc0\xd4\x2f\x61\xba\xe7\x4b\x28\x7d\xdf\xa2\x7b\x7f\x1c\x1b\xe9\x88\x3a\x04\x46\x91\xd5\x6d\xc1\x37\x34\xad\x4e\xe3\xa3\x2a\x9f\x40\xe3\x28\xc5\x00\xd0\xfe\xd8\xea\x05\x10\xe9\x38\xf2\x75\x80\x04\x02\x2b\xca\xa6\x90\x2b\xda\x10\x14\xb8\xae\x33\x65\x27\x28\x29\xed\x94\xfa\xba\x63\xcb\x14\xa3\x6c\xf8\x13\x90\xec\xa8\x3f\xc1\xc6\x27\x17\x20\x13\x26\x1b\x39\x93\x77\x9a\xa0\x76\xa5\xc5\xd8\x1d\x90\xd2\x70\x62\xe1\xa6\xd9\x0b\x5c\xf1\x00\x5c\x70\x19\x17\xb7\xad\xac\x18\x0c\xb7\x5b\xbc\xe0\xf2\x7f\x2f\x18\x0e\x2c\xb9\x01\x40\xc1\x4c\xc6\x00\x9d\x2d\x41\xaa\xb1\xdb\x94\x18\xf9\x1d\x4c\xf3\x94\x00\x2c\xd7\x0a\xc9\xdc\x11\xce\x86\x53\x47\xfa\x3f\x56\xf8\x7c\x14\x9e\x2b\x17\xd2\xc7\x2b\x66\x3a\x58\xe3\x18\x7b\xb1\x9b\x9b\xac\x2d\x11\x48\x3b\xa1\x2f\x77\x0a\xc0\x4d\xc4\x6d\x38\x85\x18\xfa\x54\xdc\x15\x2e\x9a\x9d\xfb\xff\x14\xf1\x4c\x61\xcb\x37\x58\x97\xe3\x0c\x53\xe6\xde\x42\xd5\xe1\x40\x1d\xae\x1b\x22\xba\xaa\x0e\x8a\x41\xc6\xaf\x9d\x0e\x0b\x13\xa9\x1a\x23\xd9\xb7\xd5\x55\x20\x47\x02\x9a\x35\x21\x94\x6c\x71\x20\xd3\xd2\x58\xb3\xae\xfc\xf7\x54\xd1\x95\x94\x87\xa1\xfe\x77\x43\xac\x7e\x1c\xc8\x9e\x36\x8b\x19\x78\x09\xc3\xa2\x73\x17\xe0\xec\x48\xd5\x46\xdb\x1e\x21\xeb\x62\x9a\x29\xbc\x62\x47\xcd\xd4\xa1\x37\x14\x37\x56\x3e\xdd\x12\xfa\xea\x2c\x5c\xb7\x7e\xed\xed\xbf\xc5\x80\x08\xfa\xd1\xf6\x5a\xf3\x58\x43\xfa\x27\x4c\x73\x4e\x3f\xbb\xaa\x9c\xc5\x0d\x68\x37\x48\xb7\x5a\x48\x5f\x94\xd6\x30\xb0\x32\xa5\xf1\x06\x7d\x1d\xeb\x30\xe9\xd2\x21\x8c\x93\x5c\x98\x1d\x01\xc0\xc5\x47\xfd\x68\x41\x31\x36\xed\xf4\xc0\xc7\x70\x28\x6e\x82\x34\x42\xe1\xc5\x13\x65\x19\x29\x21\x3c\x12\x1c\x1d\xe7\x00\x98\x91\x41\xab\x4a\xf3\xb3\xfe\x74\x04\xb4\xd2\xa3\x8c\x53\x0b\xaf\xb4\x98\xe6\x49\x53\xce\x1c\x0f\xb7\xd3\x40\xe2\x11\x35\xbf\x8a\xfd\xd8\xdd\x65\xb1\xb1\x8c\xf1\xc8\xfb\x9f\x40\x2b\x26\x70\x40\x0b\x86\xdd\xaf\xb1\x84\xcc\x51\xd5\xfd\xa2\x73\xb8\x0c\x26\x52\x1f\x91\x2f\x35\x83\xb4\xae\x30\x1d\xae\x15\x1c\xb5\x5c\x75\x70\x3a\xad\xef\x03\x24\x15\x22\x7d\x53\xe3\x95\xdb\x6c\x15\x0a\x1e\xe8\x39\xad\x26\xba\xe5\x52\xe1\xab\x73\x62\x14\xdc\x04\xb0\xf3\xc4\x1b\x7c\xfb\xd0\x49\x68\x1b\xc8\x4c\x3d\x16\x53\x07\x68"},
+{{0xa8,0x04,0xc3,0x3b,0x4d,0x38,0xcb,0x3c,0xe3,0x1c,0xf3,0xba,0xc1,0x04,0x9e,0x0d,0x4e,0xc6,0x3a,0x1a,0x0b,0x7b,0x59,0xfd,0x8a,0x36,0xee,0x37,0x54,0x16,0x56,0xaa,},{0x60,0x72,0x25,0x6d,0x65,0x74,0xa2,0x93,0xbd,0x7c,0x22,0x1c,0x55,0x1c,0x32,0xcf,0x2f,0x77,0x15,0xe1,0x9e,0x43,0x3a,0x49,0xd9,0xb8,0xb0,0x49,0x0e,0x56,0xef,0x62,},{0xb1,0xb4,0x4a,0x14,0x2a,0x7c,0x4c,0x3d,0x0b,0xf4,0x66,0x1e,0xda,0xc5,0xb7,0x67,0x00,0x57,0x26,0xc1,0x4a,0x27,0x69,0xb7,0xc2,0x14,0xfb,0x58,0x73,0x7e,0xc2,0xe4,0xbc,0x51,0xc3,0xa1,0x95,0xd2,0xba,0x1b,0x74,0xa5,0x4e,0xff,0x4c,0x33,0xa9,0x0f,0x41,0xcc,0xde,0xfa,0x9e,0x93,0x65,0xfd,0xe8,0xdd,0x85,0x9f,0xd3,0x97,0x8c,0x0a,},"\xdb\xfe\x30\x7f\x2a\xae\x9e\x07\xec\x7c\x4b\x68\x21\x06\xd2\xc9\x36\x7b\x0c\x4a\xaa\x58\xae\x80\x4e\x0a\x39\x04\x75\x4e\x6c\xf8\xfe\xe7\x3c\xf9\xe2\xd4\x5d\x02\x89\xe5\x07\x82\x93\xdf\xc4\x69\xd4\x6e\xa6\x70\x26\xc5\xaa\x69\x2d\x2f\x2c\x9f\xb4\xec\x57\xcd\xab\x4c\x04\x3f\xf9\xae\x61\x85\xf2\x7a\x70\x44\x54\xe5\xf5\x39\x50\xaa\xbd\x25\xc9\x91\x04\x74\xd4\x5a\xf8\x83\x68\x62\x72\x3e\x0e\x6a\x27\x82\x3d\x82\xbc\xbb\x68\xa9\x60\x52\x42\x2a\x18\x19\x51\x2e\x3b\x43\x40\x8c\xf4\x89\x57\xad\x6a\xe2\x35\xb7\x23\x3d\xf1\x82\x84\x74\x91\x53\xdf\xa5\x7d\xe3\x50\x74\xa3\x0e\xdf\xab\x8a\x56\xdf\x28\xab\x2e\x29\x40\x30\x6c\x22\x1a\xa5\x54\x90\xcc\x66\x4e\x14\x68\x3f\x30\xee\x61\x5e\x2d\x93\xfd\xf9\x71\xf5\x96\x66\x34\x65\x84\x3b\x3a\xdd\x63\x92\xba\x33\x90\x31\x1e\xf8\xdc\x59\xf2\x51\x44\x5d\x66\x9e\x10\xa0\x06\x19\x91\xe1\x13\x56\x19\x23\xaa\x21\x52\x44\x46\x3d\x82\x64\x19\x9a\xc5\x88\x92\x4e\x23\x1e\x84\x19\xd8\x68\x5f\x33\x8e\x59\x9b\x5f\x40\xbf\x9b\xd1\xae\xce\x77\x25\x35\xbb\xbc\xb8\xf6\x88\x1c\x2e\x80\x04\x91\xab\x3b\x57\xb4\x4b\x8a\xe4\x3a\xeb\x5c\x4a\xe5\xe7\xed\xeb\x22\x8f\xed\xc9\xf6\xb9\xca\xde\xa1\x76\xe1\x34\x93\x6d\xed\x60\xaf\x1c\x22\x87\x34\xfb\x00\x57\x0f\x23\x74\xbb\xbf\xa1\xbb\x17\x07\x85\x80\x5d\x6b\x6c\x70\x1e\x82\x09\x52\xea\xe4\x5b\x8c\x23\x66\x11\x3a\x1d\xfb\x2e\x35\x85\x2a\xf4\x19\xb7\x54\xf9\xcf\x7a\x08\x1c\x3d\xde\x6c\x80\x53\xbf\x1c\xe0\xc8\x53\x39\xd5\x69\x9c\x42\x24\x76\xfc\x21\xf2\x6c\xe7\x5d\x2a\x7f\xed\x09\xfc\x0f\x41\x75\x78\x98\x47\xd8\x76\xc5\x1a\xa4\xe0\xbf\x7c\xe8\x42\xb8\x30\x8d\xc7\xa2\x8c\x82\x39\x52\x07\x14\xdc\x23\x31\x36\xe0\x9f\x55\x7c\x7e\xf3\xe0\xf8\x3b\xad\x63\xcb\x28\xac\x61\x6d\x39\x28\xf3\x83\x7d\xce\x1d\xd5\x8a\xcb\x8d\xdb\xc7\x2e\x82\x2d\xee\xe4\x5f\x00\x77\x6a\xcc\x88\xe0\x0c\xd3\xa9\xdb\x48\x6d\x92\xd5\x35\xa5\x7a\x0f\xdc\x4f\x90\x3b\x62\xe5\x17\x22\x1c\x30\x8c\xba\x2e\x30\xff\xe7\xb9\x19\x37\xa9\x94\x17\x72\x1f\x56\xfe\x6d\xf4\x48\x40\xe9\xe4\x11\x36\x92\x9c\x0c\xa3\xdc\x28\xdd\xf2\x37\x9e\x4d\xcf\xde\x83\x72\x3e\x2d\x4c\x9e\x23\x29\x9c\x05\x6a\xfb\x31\xd3\xe7\x0d\x08\x5d\x0a\x31\x2c\x5c\xd5\x70\xb6\x99\xde\xa8\x71\x74\x58\x53\x13\x48\xc9\x6f\x6e\xb5\x2d\x7e\xe6\x1d\x56\x60\xf6\x5e\x90\x9a\x14\xce\x10\x33\xdc\x85\x3f\x2f\x25\xd0\x9c\xf4\xe4\x0d\x07\xef\xf7\x2e\x15\xa3\x90\x56\x4a\x2b\xe3\xc0\x42\xd8\x9a\x68\x66\x0a\x97\xff\xac\xec\x49\x67\xa4\xb6\x18\x71\x2d\x70\x60\x75\x65\x20\xc2\x9e\xe8\xd9\x22\x0a\xd8\x61\x5c\x4f\xcf\x39\x69\xbd\x3b\x2e\x09\x47\xe1\xf0\xbe\x7e\x2d\x80\xe0\xa6\x14\x80\xc3\x16\x6d\xb5\x58\x22\x18\xbb\x0a\x8b\xe9\x84\x8e\xfd\x41\xb6\xce\x0c\xd7\x95\xc4\x86\xab\xb6\x72\x10\xbe\xb6\x0c\xd0\x78\xb4\x6a\xeb\x7f\x4f\x48\x50\x31\x90\x2b\xcd\x71\x31\xe0\x0b\x70\x35\xaa\x2d\x43\xfe\xe0\x63\xf7\xf3\x0b\xd5\x70\xda\x1d\xbb\x65\xc0\xca\x92\xa4\x81\x26\x32\xe4\x32\x77\x85\x53\xe3\x5e\x85\x6c\xaa\x82\x18\x22\x1f\xd6\x31\x6a\xb0\x86\x91\x73\xb3\x84\x09\xbc\xef\xe6\xd2\xdb\x92\x10\xf9\x02\x41\x73\xb6\x6d\xbb\x92\x67\x7c\xbc\x71\xc8\xa1\xcd\x58\x3f\xa6\xf3\x54\xd3\xc9\x3f\xa8\xb1\x6c\x71\x37\x4f\x25\xa0\x0c\x33\x2f\x85\xa8\xbe\xfd\x54\x03\x88\xfb\x50\xdb\x9f\x5d\x96\xe4\xe4\xe6\x98\x83\x3c\xe3\xd6\x3c\x10\xb8\xee\xc7\x0a\x24\x3b\x90\x15\xdb\x45\x94\x31\xb6\x2f\x56\x68\xbb\xa6\x0f\x07\x04\xf6\xbd\xfe\x95\x46\xea\x47\x5c\xef\x2e\xbc\xcb\xa4\xb7\x68\x08\x48\xe8\x2b\xef\xf5\x85\x4e\x49\xf6\x5b\xb7\x73\xa4\x92\x2e\x90\xf9\xb8\xaf\xc7\xcf\x81\x87\x30\x58\x8e\xd5\xaa\x7b\x39\x98\x26\xaa\xdd\x54\x37\x2f\xcb\x76\x14\x58\xb6\x4d\xe6\x68\x57\xf4\xad\xac\xd4\xc3\x29\x00\xcb\x77\x13\x6a\x53\x5d\x7b\xbb\xb5\x54\x59\x7a\xec\xf3\x9f\xf6\x98\xb4\x5e\x6a\x21\x8d\xf1\xd2\xab\xe6\x15\xeb\x8d\x9e\x18\x24\xc0\xbe\xcc\xe9\x07\x67\x89\x9e\xbf\xd2\xc7\x30\x14\x4b\x32\xc7\x46\x04\xc0\xe5\x3e\x25\x05\xbb\x15\xd2\x80\x07\xa8\x7b\x99\x31\xd6\xee\xc0\xa6\xcb\x5b\x0f\x96\xd3\x19\x4b\x24\x23"},
+{{0xf8,0x20,0xe6,0xf2,0x4a,0x84,0x18,0xb6,0xac,0xda,0x16,0x5f,0x29,0xa3,0x60,0xf7,0x67,0xcd,0xed,0xde,0x8f,0x64,0xd7,0x68,0xb9,0x5f,0xc2,0xa5,0xf3,0xf4,0x04,0xe7,},{0x79,0xc4,0xb2,0x63,0xb2,0xe5,0x8f,0x67,0x86,0x28,0xd4,0xea,0x82,0xb1,0x75,0xac,0xa2,0x30,0xb9,0xa2,0x02,0x85,0xc8,0x28,0xf9,0x4e,0x1f,0xfd,0x63,0xd7,0x5b,0x23,},{0xf9,0xfd,0x72,0xf3,0x21,0xca,0x21,0x33,0xbf,0x85,0x85,0x90,0x8d,0x9c,0xa7,0xb8,0xe3,0x36,0x22,0x7e,0x3f,0xfb,0x37,0x49,0xa1,0xfb,0xe8,0xc9,0xb1,0xe5,0xd5,0x0e,0xf0,0x1f,0x9d,0xb5,0xf0,0xd2,0xa7,0xc7,0xc1,0x39,0x9b,0x97,0xc9,0x04,0x4e,0x1b,0xc1,0xad,0xc3,0x2b,0x8b,0xea,0x46,0xda,0xd7,0xb8,0x10,0x26,0x46,0x96,0x03,0x03,},"\xab\x6b\xd4\x5b\xb0\x6d\xfb\x90\x69\x11\x8f\xf9\x98\xf3\xbd\x39\x3e\xa8\xe9\x44\x97\x9e\x89\xe0\x49\xf2\x50\x5c\xd8\x93\x1b\x93\x08\x6b\x7e\x9d\x8e\xe7\x64\xe9\xb4\x47\xea\x4e\xa1\x21\x38\xbb\x45\x27\x5a\x21\xa1\x98\x43\xf7\x5d\xc5\x42\x1d\x61\xff\xd8\x61\x83\x8e\x58\x33\x82\x5d\x67\x16\x2f\x32\x59\xc2\x64\x47\xbe\x51\xdc\x18\x02\xef\x5a\x04\xba\x73\xb7\x83\x93\x57\x06\xab\xb4\x2c\x51\x3b\x65\xf2\xbb\xc4\x4f\x83\xda\x10\x61\x24\x2f\x2d\x5e\x51\x98\xf3\x8c\x10\x71\x7a\x86\xa3\xa1\x97\xe7\xcd\x90\x34\xf6\x36\x11\x44\x99\x03\x72\x77\xac\xb4\x72\x2c\x06\xa9\x1c\xb2\xf6\x5e\x21\xeb\x8d\x22\xd3\x6a\xd7\x3b\x42\x65\xf7\xa7\x94\x7e\x00\xe7\x22\xbd\xa6\x70\x43\xcd\x12\x81\xbc\xd8\x7e\x76\x3f\xc9\x7b\x54\xc8\xf8\x68\x36\xcd\xbf\x08\xc9\xa1\xf7\x00\xf4\xea\xed\x9e\xa5\x9a\x6f\xc1\xbc\x0d\xf8\xc9\xec\x1f\xc2\x97\x7c\xad\x60\xf9\x78\xab\xc0\xc8\x38\x1a\xa9\xfb\x06\x0e\x3f\x99\x37\x8a\x51\xb2\xd9\xaf\xbe\xf3\x58\xd5\x51\x62\xa3\x89\x22\xeb\xb8\x7d\x2a\x3e\x0f\x0f\x40\x00\xb1\xc3\x9b\x15\x02\xe9\x59\x45\xe8\xac\x9f\x4a\x3e\xa7\xc9\xdd\xb5\x81\xa5\xec\x06\xc0\x0b\xa8\x7a\x73\x70\x84\xb3\x84\xfa\xba\x09\xc8\x48\x71\xdd\xd6\x7d\xc1\xbe\xbb\x2f\x7f\xbd\x94\xa5\x59\x7d\x01\x9f\xe6\x29\xe5\xbf\x12\xbe\xa2\xe3\x3c\xa8\x4c\x68\x0d\xc5\xa3\x98\x9b\xbf\x3a\xf9\xee\xec\xe8\xab\x8f\xc8\x61\xe3\xb8\xbf\xc1\xe6\x7e\x2a\xee\x32\x6b\x37\xfb\x9b\x51\xcf\xa0\xb5\xf5\xfc\x16\x00\x69\xb4\x50\xb7\x04\xe0\xfa\xb7\xfb\x6c\x5a\xb3\xc4\x0b\x8f\x0b\x3d\x09\x30\xb9\x11\x2d\x64\xb9\xda\xca\xb4\xdd\x87\x5f\x29\xd8\xc5\x8c\x5d\x20\x53\xad\x91\x48\xff\xde\x22\xd9\x0b\xc0\xd5\x0f\x5d\xec\xa6\x8d\x3e\xa2\x5c\x5b\x4c\x76\x88\x87\x1c\x0c\x77\xdb\xce\xea\xcb\xd0\xa4\x22\x9f\x49\x70\xec\x87\xb3\x44\x99\xe2\x78\x30\x3c\x06\x69\x4c\x30\xac\x68\x52\x4d\x11\xb1\x72\x79\x4b\x48\x12\x73\xa5\xda\xc4\x61\x22\xd2\x47\x20\x95\xa5\x63\xa4\x35\xd1\x85\xd5\xe9\x1d\xa7\x26\xe7\x45\x92\x99\x9c\xda\xc6\x88\xa3\x3f\x38\xf7\xc0\x35\x58\x8f\x62\x5d\xc6\xac\x73\xd0\x04\x7a\xb3\xd6\xd1\x2f\x1a\xe3\x3d\x8b\x62\xd6\xd6\xc6\xca\xcf\xf0\xbd\xd8\x94\xb5\x7e\x31\x89\x12\xac\x0c\xf4\xa5\x34\x76\x2b\x2f\x6d\x26\x3c\x93\x58\x04\x42\x3e\xd8\x68\xcf\x8c\xfb\xb8\xbe\x8f\x6d\x8a\x71\x4a\x26\x8a\x39\x0e\xdc\x2d\xd5\x09\xd2\xdc\x96\x85\x1d\x1b\xd4\x32\x49\xbd\x0f\x69\xb0\xc4\xcb\x2f\xf4\x08\x0d\x1f\xd5\x62\x2b\xc2\x38\xdd\xa6\xe9\x30\x02\x5d\x8a\x2b\x12\xb9\x72\xf9\xeb\xa1\x74\x21\xd4\xce\xa6\x42\xf4\x0a\xd9\xea\x85\x47\xae\x59\x49\x8c\x3a\xd1\xb9\xa0\xc3\x4e\xd8\xc0\x1a\xae\x3b\xd2\x1a\xc1\x77\x43\xb5\x77\xf9\x51\x5c\xfb\xdd\xe2\x70\x4d\xc5\x7e\x80\xf1\x25\x32\x3d\x55\x10\x0b\x9f\x69\x79\x27\xd4\x31\xdf\xe7\x36\x31\xb5\x8e\x52\xaa\x6a\xeb\x04\x78\xbf\x45\x95\x52\x43\x86\x89\xfb\xeb\x9c\x60\xd8\x7a\xae\x09\x95\x43\x62\xcd\x02\xa2\xb0\xb4\x79\xef\xd3\x8f\x17\x82\x1a\xf3\x9b\x21\x92\x6e\xe0\x2f\x7d\x97\x2a\xd0\xf5\x4e\xa6\x57\x2c\xc3\xeb\xd0\x20\xb1\xee\x26\x88\x25\x33\xbd\x19\x11\x43\x23\x81\x5f\x67\x2e\xc8\xc9\x05\x68\x73\x0a\x58\xe4\xe1\xe3\x5f\x68\x21\x21\x9a\x32\xb8\xa6\xc5\x2c\xed\x6f\x95\x73\xd9\xf3\xbe\xb2\x85\x13\xba\x62\xfb\x20\x1f\x7f\xd4\x1b\xb1\x0c\xa3\x4b\xb1\xc7\x0f\x2f\xd7\xbb\x92\x99\xa7\xc5\xf7\xf2\xe0\xfa\x1d\x1a\xf0\xe9\xae\xf5\xed\xe7\xc1\x69\x50\xe8\x60\xec\xd6\x1f\x18\x42\xa1\xa2\x2c\x98\x31\xc0\xc0\xd4\xed\xa8\x40\xb0\x88\xa5\x45\x20\xc9\xb1\x8c\x76\xeb\xa9\xbe\xbc\xd5\x91\x38\x1c\x18\x0d\x7f\x86\xa0\xe5\x8a\xdd\x92\xb9\xb0\xc8\x07\x6a\x7c\xdc\xab\x60\xde\xa4\xc1\xaf\xb1\x8c\x8b\x94\xb1\xb3\x92\xcc\xfb\x4d\xae\x27\x11\xe7\xd1\x2d\x2b\xc7\xc7\x82\x5f\x63\x99\x2e\xc3\x24\x71\x63\xc2\x83\xb1\x07\x5e\x32\x24\x5f\x69\xcf\x47\x24\x0a\xef\x0d\xb4\x3e\xfa\xe8\x6f\xc1\xfd\x3b\xb9\x9c\xf5\xb7\x89\xf5\xbc\xba\x95\x04\x65\x7d\x9e\x62\x2a\x4a\xa1\x6f\x01\xd4\xd8\x44\x41\x31\x24\x44\x7d\x6d\x1a\x44\x23\xe7\xb5\x5d\xb7\xe6\xa3\x1a\x31\x9f\x4b\xac\xae\x43\x0a\x33\xa9\xbd\xd4\xef\x36\x80"},
+{{0x0a,0x05,0x6b,0xe0,0x39,0xfd,0x55,0xda,0xda,0x44,0x1d,0x03,0x73,0x61,0x27,0x3f,0x20,0x6e,0x00,0x0a,0x74,0xa0,0x5c,0x51,0xc0,0xcb,0xb6,0x27,0x43,0xf1,0xf3,0x40,},{0x73,0x14,0x02,0x17,0xa4,0x93,0xa1,0x78,0x66,0xff,0xf5,0x15,0x48,0x32,0x27,0x3d,0xf7,0x9d,0x58,0x11,0x54,0x3c,0x22,0x2a,0x39,0xd0,0x56,0xb8,0xc9,0x70,0xdb,0xfa,},{0xfa,0xb8,0xe5,0xd9,0x3d,0x7d,0x46,0xc6,0x5e,0xe1,0x17,0xc5,0x37,0x5e,0x73,0xc9,0x70,0x5f,0x87,0x54,0x17,0x7f,0xdd,0x46,0xef,0xed,0x47,0x37,0xc2,0x87,0x68,0xcc,0x4b,0x95,0xa9,0xc8,0x4c,0x52,0x9b,0x4b,0x91,0x6b,0x28,0xda,0xbd,0x87,0x41,0x18,0x31,0x44,0xbc,0xdb,0x48,0x3d,0xf9,0x8a,0xf8,0x9d,0x82,0x40,0xcf,0x09,0x46,0x04,},"\xa5\xab\x14\x76\x84\xe4\xd4\xa7\xbc\xb5\xa9\x6f\xb3\x98\x18\xe2\x3f\x56\xc2\xd8\xa7\x44\xe9\x12\x3d\x62\x08\x39\x30\xab\x1d\x0b\xb5\x32\xe6\x87\x14\xfc\xec\x7e\x6c\x41\x13\x4b\x6b\x19\xdd\xd8\x67\xfe\x63\x5c\x9e\xd6\x53\x93\xee\x39\xc5\xe8\xfa\xb4\x56\xcb\x5b\x32\x79\x78\x83\xf3\xcd\x9a\x09\x02\xb9\x79\x63\x48\xee\x66\xc6\x91\xfb\x4f\x2b\xb1\x47\x64\x41\x06\x57\xc7\x4a\xb3\x64\x56\x78\x79\xb6\xfa\x0a\x6f\x4d\xaf\xd9\x30\xd9\x23\x4c\xd7\x83\x4f\xb9\xd0\xee\xdf\xbb\x5a\x39\x4b\xf0\x84\x6e\xc6\x96\x9c\x2e\xf7\xce\x39\xe3\x85\x38\x95\xff\x5b\x4d\xa3\x1e\x54\x34\x1b\x42\x72\xe4\xa2\x60\x49\x18\x9f\xf2\x82\x41\xce\xef\xfb\x7d\x2e\x1f\xaf\x4f\x77\x9f\xa6\x5c\xac\x0f\x57\x83\xc6\x0a\xe7\x7d\xe3\x0a\xd4\x46\x5f\xdb\x39\x0d\x42\x57\x1e\xff\x4a\x63\x13\x63\x49\x93\x7d\x6c\xae\xef\xcd\xae\x22\x9e\x2f\x28\xce\xa8\xab\xf3\xff\xae\x3c\x3e\xcc\xd9\x06\x70\xa4\x21\x2a\x2b\xee\x1c\xa6\xa5\xb5\x4f\x09\x4f\xc3\x23\x10\x58\xf5\xcb\x9e\xce\xb9\x99\x3b\xe4\x70\x27\xd5\x1c\x18\xde\xca\x41\xcd\xda\xf4\xe8\xbc\x56\xa9\x9f\xd2\x70\x35\x5f\xf4\x59\x71\x95\x0e\x34\x37\xa1\x98\xcc\xc3\x25\x41\x68\xdf\xc1\x57\x40\x80\x80\x2e\xe1\x01\xa6\x17\xfb\x60\x4e\x86\x8f\x8f\xa8\xfb\x30\xda\xeb\x43\x07\x4d\xe1\x1f\x24\x83\xd9\x16\xde\x56\x43\xb7\xca\xc2\x3d\x93\x40\x50\x8a\x3f\xd6\x21\xec\xd2\x50\x04\x35\x6a\x53\x55\x4a\xd3\xad\x7d\x5d\x25\x81\x7a\xd7\xc9\xa6\x10\x00\x8c\x67\xac\x16\xba\x42\x11\xc4\x2f\x5d\xad\xf8\x6c\x2c\x3a\xed\x82\x5c\xf2\xa9\xb5\x23\xbf\xc0\x3d\xd7\xde\x40\x0c\x67\x80\x7e\x13\x9e\xa5\xdb\xce\x4e\xe1\xf7\xd3\x18\x88\x9b\x01\xa9\xf4\x48\x03\xc3\x22\xac\x3b\x61\xe2\x0e\x63\x12\xd0\xa0\x3b\xf9\x92\x7f\xa3\x3f\x04\xed\x7e\x20\x7b\x16\xf2\x65\x02\xc2\x98\x3a\x3a\x96\x1f\x22\x44\x61\xfe\x9b\x64\x92\x3b\x1d\x09\x18\x94\x76\xae\x8d\x00\x1d\x0e\xca\xae\x4d\xf6\x0d\xb3\x5f\x44\x8b\xb6\x12\xf9\x65\x5a\x5f\xb1\x44\xdf\x11\xd8\x3a\xa6\x93\x68\x86\xc3\x04\x94\x9e\x59\xaa\x46\xdf\x65\xc2\x2c\xe7\xbf\x28\x9b\x3c\x77\xc2\x5d\x89\x6b\xe6\xd5\x1d\xee\x10\x74\x82\x61\x68\x8c\x8b\x07\x1c\x85\x6f\x99\x62\xc6\x67\x75\xdd\xf1\x60\x83\xda\xe0\x65\x87\xe3\x2a\x63\x61\x19\x9d\x72\x09\x7e\x38\x3a\xd7\x43\x94\x91\xb5\xa5\x63\xa3\xe6\xd5\x8d\xa3\xd5\xab\xb1\xde\x84\x89\x0a\x36\xb4\x21\xce\x03\xd4\x84\xdf\xd6\x00\x39\x63\x8d\x46\xed\xfb\x60\x65\x9e\x3a\x25\xac\x6e\x9a\x93\x5a\xd6\xda\xd5\x0f\x92\x7b\xcc\x2f\xf9\x9f\x99\x24\xa5\xb7\x99\x5d\xc2\x3c\x8f\x30\x1c\xcc\x77\x69\xf7\x1c\x18\x26\x09\x04\xa3\xdc\xfb\x81\x7d\x2d\x80\x5c\xb1\xf1\x96\xbe\x8b\x6e\xcf\x35\x2b\xc2\x96\xbc\x3f\x76\xea\x91\x35\x3f\x8c\xf3\x5b\xcd\x2b\x57\xeb\x59\x42\x77\x3d\x68\x34\xac\x50\xee\xad\xc7\xe6\x64\x61\xd1\xda\x09\x8c\xce\xc7\x5f\xf7\x20\x52\x15\xf5\x24\x59\xd9\x76\x20\xf9\xf0\x28\x9e\x93\x91\x1d\xb3\x9b\x21\xdf\x81\x8f\xdf\x0b\xed\x45\x50\x92\x44\x63\x3d\xf0\x1c\xdd\xdb\x4b\x75\x97\x2f\xa7\xea\x6f\x73\x28\x1c\xbd\xbb\xd1\xbc\xb0\x0c\x3b\xc1\xb1\x72\x8e\xea\xe0\xbb\xa1\x72\xb1\x31\xf5\xd3\x08\x90\xa3\x41\xe6\xb7\x2f\x7e\x89\xdd\x4b\x6d\xb3\xe7\x9b\x69\x27\x58\x6c\xf2\xc8\xac\x38\xdd\x14\xf3\x74\xd7\xf5\xbb\xa9\xf4\x35\x3d\xef\x10\xdd\xc9\x4d\x3d\x11\x18\xc5\x69\x9e\x38\xb6\xb5\x04\x91\x8e\x58\x9e\xfe\x3f\x7e\x97\x3f\xb4\x0e\x2e\xbd\x05\x7d\xe1\x38\x5e\x39\xd6\x99\xa8\xf6\x83\xb9\x62\xfa\xe4\xf3\x90\x28\x81\xf1\xaf\xbe\xd7\xc7\x83\x82\x35\x58\xc3\x6d\x68\xc6\x87\x5d\x16\x6f\xa2\x43\xeb\x2a\xe1\x4f\x7e\x63\x15\xa6\xd2\xab\x4e\x79\xea\x8e\x16\xe6\x9d\x30\xed\xc7\x08\xf1\xe7\xaf\x7a\xda\xfe\xdc\xd3\x16\x88\x98\xb3\x31\x87\x81\x78\xc4\xba\x88\x33\xd2\x0b\x3c\xac\x9d\x32\xb8\x88\x8c\xc6\x78\x32\x06\x39\x74\x70\xa2\xe7\xcc\x4c\x98\x09\xff\x79\xce\xac\x9d\xc2\x4c\xa1\x43\x8c\x91\x9c\x8a\x41\x5e\x82\xf0\x90\x2b\x4d\x9c\xf4\xcc\xd5\x76\x96\x8d\x5b\xee\x81\xc5\xf1\x9c\x7d\x57\xb9\xba\xda\x8e\xab\x47\x56\xea\x27\x0d\xd2\x61\x29\xe6\x12\x2e\xe2\xd6\x15\x24\x2b\xc7\xfa\xbf\xf4\xf8\x31\x2e\x68\x6c\x8f"},
+{{0x22,0x05,0x24,0x86,0x0c,0xb8,0x9a,0xb2,0x95,0xbd,0x88,0x4f,0x98,0x8a,0x57,0x91,0x18,0x68,0x69,0x3d,0x6b,0x10,0x5a,0x80,0xb2,0x30,0xf2,0x1e,0x57,0x80,0x5a,0x7d,},{0x4a,0xb3,0x2b,0xc1,0x56,0x6a,0x76,0x77,0xe7,0x99,0x73,0x4d,0xc8,0x41,0x81,0xfb,0xb6,0x54,0xb8,0x13,0x37,0x91,0x80,0xf1,0xdd,0x35,0xae,0xf2,0xd3,0x24,0xc1,0x2c,},{0xdb,0x1c,0xc0,0xc5,0xdb,0x77,0x3e,0xc5,0x16,0x89,0xbe,0x28,0x84,0x2f,0xa6,0x79,0x1a,0x7d,0x75,0xe2,0x9c,0x22,0x8a,0xe9,0x59,0x3a,0x58,0x0e,0x08,0x75,0xb1,0x67,0x0f,0x09,0xb0,0x34,0x42,0x92,0x9a,0x18,0xf1,0xe9,0x41,0x4e,0xa3,0x43,0x15,0xff,0x09,0xd9,0x1d,0x92,0x2e,0xe4,0x7f,0x10,0xf7,0x1d,0xa4,0xab,0x13,0xb7,0xd9,0x01,},"\x02\x4a\x54\xac\x5e\x01\x63\xb3\xa4\xfd\xd0\x2f\x59\x36\x88\x8a\xe2\xf9\xb7\x4a\x64\x14\xb5\x3c\x63\x81\x17\x3b\x09\x5a\x4d\xda\xcf\xc3\xa6\x9f\x19\x16\x7d\x0f\x1a\xe0\xc1\x20\xbb\xa7\xe9\xfc\xb7\xcc\xfc\x79\x6d\x89\xea\x46\xef\x80\x58\x86\x6e\xf6\xda\x7d\x01\xa6\xa1\x42\xea\x69\xd7\x20\xc4\xf8\x05\xac\x54\x05\xa8\x01\x2c\x3c\x2a\x82\x63\xb5\x37\x2d\x59\xbf\x7f\x40\x99\x29\x90\x13\xd2\x62\x59\xdf\xd5\x19\x3e\xce\x56\x17\x97\x77\xbe\x51\xb8\x6b\xd1\xce\x5f\x1f\xc9\x15\x6f\x2b\x3a\x32\xc0\x9d\x86\xbc\x61\x32\xde\x57\x61\x02\xe2\xf0\x3c\x71\x6d\xb5\x36\x6c\xcb\xe7\x42\xae\xe3\x55\x2a\xc3\xb3\x9d\x0e\xc7\xd4\xe4\xe9\x62\x6b\xf8\xec\xe0\x31\xd6\x78\xd3\x48\x09\x05\xc0\xe3\x38\xfb\x7c\xc0\x26\xe3\xe7\x9c\xf2\xc2\x78\x1a\xc2\xa5\xa4\x0d\xf4\x28\x4e\x23\x5a\x03\x89\xe9\x28\xfc\x63\x55\x7d\xc6\xf1\x99\xfc\xec\x5f\x36\x1e\xa2\x47\x59\xfa\x7c\x5f\x71\x97\x8c\x0b\xa2\x45\xe4\xb0\x3a\xe4\x35\x94\x1c\x86\xc8\x1a\x51\x43\x0c\x2d\xc9\x92\x7e\x3b\x0f\x4e\xc4\xeb\xa7\xc2\x74\x5b\x49\x39\x87\x15\x4d\x7d\xa8\x5b\x67\xde\x21\xc5\x98\x40\x7f\xb2\xa7\x60\x80\x4a\xd0\x5b\xfd\xfa\x45\xa6\x13\x22\x4b\x22\xa0\x85\x88\xcc\xea\x3c\xbd\xf4\x7a\x19\x8b\xeb\xf8\xcf\xed\x86\x49\xd6\xd5\xf3\xfa\x50\x13\x76\xbd\xfb\xa4\x00\x3d\xac\x22\x37\xdc\xac\xe5\x31\x5b\x7f\xef\xb8\x79\xa8\x9a\x85\xbc\xe6\xda\x52\x6f\xc3\x60\xcb\xb4\xfd\x55\x4e\xf0\x13\xf3\x3b\x73\x84\xcd\x2b\x22\xa8\x85\x77\xf3\xa2\xd3\x66\x42\x2a\xae\x46\x41\x7b\xa9\x16\xe1\x64\x6e\x24\x40\x4a\x88\xb5\xd5\x3f\xf1\xae\xd2\xa4\x7b\xaf\x81\xfc\xb4\x28\x63\x97\x99\x13\x94\xb2\xec\xc3\x96\x67\xac\x46\xc2\xbd\xb6\xd0\x23\xb3\x3d\xb0\x13\x45\x7c\x40\x05\xd8\x39\x01\x5d\x88\x51\xf0\x28\xac\x33\x4f\xb2\x4b\xba\xd2\x90\x2a\x4d\x63\xae\x68\xe0\xec\xa7\xea\xea\x1e\x85\x65\x29\x64\x7b\xaf\x14\x12\x21\x37\x54\xed\x50\xaf\x3f\x43\x6e\x9b\xaf\xc1\x60\x16\x39\xb3\x9d\x3e\x52\xa9\x3a\x89\x8f\xb6\x01\x9f\xd5\xed\x6e\x7d\xfc\x05\x0e\x7c\xe5\xf3\xd3\x5c\xeb\x50\x67\x02\x1c\x0f\xbd\xc7\x08\xd3\xf2\x6b\xd6\x05\x68\xd1\xed\x2b\x61\x2b\x69\x62\x35\xd5\x33\x33\x18\xf9\xa6\xc9\x87\x23\x5a\x7a\x07\xf8\xc6\xa9\x35\x4f\xb8\xe7\x34\x76\x30\x65\xaf\xcd\x4d\x93\x77\x64\xa4\xf0\x37\xcc\x7e\x7e\x2b\x93\x21\x7f\x16\x41\x68\x4f\xa8\x1b\x7f\xf7\x98\x6a\x28\xb3\x8e\x95\xb3\x32\xe7\x46\x49\xe8\x3d\x0d\xed\x79\x5c\x57\xf2\x4c\xf2\x76\xe0\x14\x39\x01\xba\xfe\xf0\xf1\x69\x3f\xe7\xcf\x10\x90\x4f\xb0\xd8\x80\xd7\x2e\x44\x71\x6a\x70\x69\xda\xaa\xe7\x42\xcf\x0f\xf3\xed\x92\xf5\xf7\xd1\xe1\x0e\x04\x9d\x8d\xf0\x43\x63\x1e\xd0\xed\x4c\x4a\xc4\x02\x2d\x84\x03\xcb\x04\x21\xb4\x54\xcb\xfb\x6f\x48\xa3\x0e\x9e\xe1\x60\x9a\xd7\xb6\x82\x11\x97\x7a\xcb\x33\xb9\xc1\xa1\xbe\x73\x58\x14\xc5\x8f\x66\xdb\x5f\x0b\x8a\xc7\x73\xb1\xd5\x8d\x4e\x6b\xc4\x5d\xfd\x48\xa2\x94\xbb\xd2\x5e\x92\x67\x1f\x56\xf3\x02\xf2\x9b\x50\xd8\x04\x31\xc8\xf2\xea\x33\x99\x62\x57\xb2\x08\xe0\x57\xea\x76\x72\xcc\x2d\x1c\xd4\x20\x4b\x85\xb2\xab\x50\x90\x27\x13\x13\x59\xae\xb4\x2e\x3e\xcc\xdb\xae\xcf\xe2\xcd\x3e\x5a\x33\x13\x26\x6e\x76\x11\x94\xff\x69\xca\xe9\xe3\x7e\x51\xcc\x0a\x54\xf0\x86\xdd\xe1\x3c\xb3\x31\x18\xe3\x4f\xe3\x3c\x74\xd7\x35\x58\x27\x52\xd6\x8d\x21\xc7\x9e\x5c\x3a\xae\xa9\x4b\xa1\x07\xcb\x7e\xe8\xa7\x0a\x3f\x9a\x01\xe9\x80\x8c\x0a\xeb\xa6\x66\x53\x15\xb4\x56\x25\x84\x0a\x03\x3a\x6e\x2a\x87\x54\x95\x05\x79\x42\xed\x9b\xb2\xce\x6e\x4e\xe6\x0b\xed\x47\xcd\x9d\x58\x4b\xc2\x45\x24\x39\x7a\x10\x94\x98\xee\x2a\x97\x3a\xad\x6a\x29\xb7\x0a\x1c\xfb\xfe\x9a\xa5\xc7\xcb\x9f\x35\xf0\xfa\x00\x22\x7f\x43\x98\x8d\x07\x61\x9b\x6f\xb2\xf6\xd3\xbe\xe2\x8e\x10\xee\x70\x53\x47\x01\x5a\x92\x2e\x2e\x88\xd3\x4f\xb0\xce\x51\x5b\x08\xdf\x3a\x1b\x63\x4f\xf9\xec\x15\xd0\x59\x41\x82\xc8\x6e\xbb\x0d\xb7\x83\x61\x2a\x7d\x19\xe4\xb2\x2e\x82\x2d\x56\x62\x45\xae\xd7\x2e\x69\x4c\x3d\x10\x1b\xfa\x4c\xa8\x79\x86\x2e\x5f\x99\xc2\x3a\x5d\x66\x08\x3c\xe0\x6d\x87\xf3\x99\xaa\x78\x88\xab\x83\xb8\x66\x44\x72"},
+{{0x4e,0xf6,0x0f,0x06,0x91,0xd7,0x37,0xe6,0x4d,0x43,0x7b,0xfd,0x33,0x98,0x33,0x0e,0x55,0xe3,0xc0,0x94,0xcf,0x41,0xfc,0x55,0x7b,0x0f,0xe0,0xb6,0x43,0x90,0x9a,0xb8,},{0x30,0x6a,0xb1,0x46,0xe5,0xc8,0xcd,0x63,0x0f,0x9b,0x48,0xbf,0x8b,0x68,0x5d,0xb0,0xb6,0xb5,0x53,0xef,0x69,0x68,0x68,0x53,0xb6,0xb5,0x31,0x96,0x01,0x18,0x54,0x8c,},{0xcb,0xf7,0xcf,0x22,0x08,0x1c,0x5f,0x23,0x5d,0xba,0x35,0x63,0x0f,0xb3,0xf0,0x40,0x8f,0xce,0xcc,0xef,0xeb,0x28,0xb9,0x9d,0x74,0xdb,0xd9,0x8c,0x90,0x2c,0x7d,0x99,0xba,0x9c,0xa7,0xfa,0xb3,0x74,0x7c,0x50,0x4c,0xc2,0x19,0xf4,0xdd,0x10,0x10,0x81,0xf5,0x8c,0xe6,0x16,0xe2,0x92,0x80,0xe3,0x62,0x53,0x9f,0xe4,0x9f,0x34,0xd7,0x05,},"\x0a\x18\x8a\xc2\x6f\x3c\x5d\x89\xf3\xd5\x88\x37\x4f\xac\x5e\xcf\x9a\x46\x7e\x21\x65\xb3\x1d\x0b\x0f\x23\x50\x1b\xd2\x2e\x62\xbf\x35\x55\xff\xba\x94\x63\x1d\xe7\x4a\x6a\x3c\x3c\xf6\x3b\x03\xac\x1b\xbb\x37\xd2\x33\xec\xa5\x99\x3b\x09\x70\xa0\x22\x0d\xe8\xd6\xc4\x1a\x97\x03\x07\x30\x9a\x52\xda\x05\x76\xdc\x33\x4d\x80\x64\x47\xaa\x09\xd0\xb2\x45\xea\xcd\x0b\x42\xc4\xe1\x9f\xa3\xd6\xfb\xdc\x22\x94\x30\xeb\x3c\x75\x58\xaf\x53\x31\xc6\xe7\xfc\xc2\xe5\x52\xce\x35\xd5\x79\x07\x3b\x54\x8d\xc1\x15\xbb\xd2\x7e\x5a\x33\xce\x1c\x47\xfc\x84\x61\xe3\x91\xb6\xd7\x67\x95\x34\x87\xcc\x52\xee\x67\x3b\xc4\xbe\x96\x56\x9c\x85\x57\x36\x9e\xbb\x6e\x02\xf7\x92\x38\x10\x8c\x3b\x58\x56\xee\x38\x1a\x79\xff\x46\x4c\x8f\x60\x09\xfd\x47\xe6\x7b\x4c\x80\x20\x1e\x11\xe6\x1a\xb8\xf5\x9b\xa5\xd0\x7b\x15\xac\xe3\xfb\x37\x4c\x64\xb6\xb4\xc3\x45\xe2\xb0\x0e\x91\x51\xab\x8e\x1c\x5c\x98\x56\x8b\xc5\x8d\xd0\x81\x2a\xaa\x3b\xee\xe1\x65\xe7\xea\xe5\x8f\xbd\xe6\x30\x77\x20\x3c\x4f\xd6\xe1\x60\x68\xd7\x6e\x3d\x3a\x13\xf1\xcd\xd7\x32\x88\xbd\x5e\x4d\xa4\x4e\xb1\x19\xa0\x4c\x4d\x32\xef\xa2\xf1\x3e\x74\x26\xa2\xf4\x1c\x56\x23\xc9\xb0\x66\xb1\x30\x36\x39\xb8\xfc\xea\x0d\x87\x74\xcc\x08\x04\x5f\x7e\x34\x63\x65\xff\x31\xd3\xb1\xed\x99\xe9\x7b\xca\x5f\x25\xc9\x2b\x28\x43\xac\x58\x5d\x02\x19\x3a\x2f\xd3\x94\x66\xf7\x3a\xaa\x98\x9b\x1f\xa0\x5b\x9a\x15\x7f\xd0\x27\x7c\x5e\x74\x5d\x25\x8e\x02\x78\x03\xa5\x24\xad\x94\x30\x94\x25\xc3\xf4\xde\xc3\x1c\x0e\xfc\x54\x77\x52\xf4\xc7\x19\x4c\xbb\x27\x2f\x84\x9a\x52\x16\x9c\x6a\x07\x8d\x20\xed\xe1\x43\x20\x16\x52\x84\x77\xb5\x8c\x2b\xdf\x60\x63\xf9\x44\x7e\x33\x83\x7c\xcb\x43\x7d\x8d\x6b\x95\xcf\x4c\x44\xbe\x70\xc8\x19\x3a\xd9\x80\xa1\x05\xf3\xdb\x6f\x99\x30\xba\xb4\x67\x8c\x77\x63\x42\xfa\xf1\x70\xed\xf7\x42\x48\xd3\xb1\xca\x96\xf7\x31\xb9\xd0\x26\xd8\xf0\xf7\xc3\x4e\xd3\x72\xc1\xcd\xe1\x76\xf5\x5f\x55\x86\x75\xcc\x31\x80\xc2\x39\x02\xf4\xba\x95\x08\xd1\xc9\x1c\x3c\x9e\x68\x87\x30\x32\x7f\x3f\x7b\x63\x7a\x8f\xee\x54\x37\x37\x59\xfc\xb1\x7c\x92\x17\xea\x44\xce\x43\x69\x1a\x8f\x64\x63\x64\x0a\x4a\x5e\x15\x1e\x62\x54\xc4\xef\x12\x62\x3b\x49\x39\x4d\xa7\xcc\x79\x45\x26\x93\x81\x7d\x6b\xae\xa9\xa0\xa7\x58\x76\x94\x8b\x1f\x8d\x3b\x71\x7f\x9e\xc3\x67\x53\xf5\x32\x63\x71\x03\x83\xb9\x82\x62\xae\x63\x54\xff\x2a\x22\x83\x22\x0a\xd4\x2c\x5c\xb2\xcb\xbd\xf1\x2c\x87\x95\x13\x71\x0b\x16\xbe\x85\x6f\x3b\x13\x55\xb3\x6f\x4b\x80\xc0\x17\xc2\x1b\xe8\x5e\x96\x05\x3d\xa0\x50\xc4\x03\x12\x10\x0a\xbb\x64\x0b\x87\x3d\x88\xfb\x6e\xe0\xd1\x9e\x9e\x61\xb0\x4c\x97\x0b\xd1\xf0\x60\xdd\x31\x1b\xbb\x9a\x6e\x35\xb9\x85\xfd\xca\x17\xca\xee\x8c\xd5\xdb\x63\x7a\xcd\x90\xcb\x8e\x82\x32\x55\xc0\x56\x01\x8f\xef\x59\x20\xdb\x64\x0d\x22\x01\xc5\xed\xdb\xd8\xa9\xc9\x47\x4d\xa8\xde\xf7\xe1\x32\x5b\x3c\xc4\x36\xc7\x4f\x81\x5d\xb1\xe4\x2b\x42\x1f\xaa\xb6\x26\xa4\x37\x8c\x2d\x84\x26\x1b\xf6\x49\xa5\x3b\x32\x1f\x59\x8c\x44\xbb\xd3\x00\x2b\x06\xcf\x7f\x1f\xde\xf8\x4a\xb3\x5f\x73\xed\x7d\xc6\x50\x96\xcb\x1d\xc0\xcc\x0e\x34\xc5\x61\xc8\xa1\x5c\xf5\x27\x9a\xbb\xed\x9b\x16\xff\x24\xa9\x74\x4e\x3f\x5e\x64\x9c\xc9\xd8\x88\x4f\x89\x1c\x3f\xb7\x89\x02\x03\x1f\xfe\x0e\x01\x21\xc7\x20\x80\xad\x10\xc2\x47\xb7\xc9\x3a\x9e\xbb\x2d\x84\xd4\xf8\x77\x75\x0d\x7b\x34\x16\x39\x3d\x03\x04\x52\x26\xbb\x79\x94\xee\xa5\x8e\x27\x2d\xc1\x8c\x46\xb3\x82\xd1\xf9\x7b\x23\x76\x5f\xda\x7a\x8c\xe2\x1f\xc6\xb9\x8d\x72\x3f\xfc\xcd\x99\xac\x46\x55\xcc\x5d\x10\x10\x5a\x2a\x5b\x7c\x8c\xfb\xfb\x90\xe2\x7a\x9a\x80\x9e\x41\xae\x64\x00\x63\x28\x64\x05\xa9\xbe\x83\xac\x5d\x29\x07\xa4\x5f\x16\x3c\x77\x64\xb0\x9f\x99\xa5\x55\x93\x22\x0d\x69\x01\x29\x2b\x9b\x58\x03\xa0\xfe\x71\xb0\xe4\x44\x1c\xbf\xef\x84\x1c\x33\xce\xbc\x98\x36\x4d\x66\x6e\x5a\x9f\x5e\x7e\x69\xa1\x50\x8e\x43\x80\xed\x36\x13\x45\xb7\x24\x8a\x4c\x1c\x1c\xe0\x87\x69\xbc\x71\x52\xdd\xb3\x32\xfb\xa1\x76\x20\x0f\x5a\xbb\xae\x38\x12\xf4\x06\xda\x72\xdd\xe5\xdb"},
+{{0x19,0x7e,0x15,0xdc,0xe4,0xc4,0x7d,0x73,0x4d,0xbc,0xe4,0x68,0x8a,0x7a,0xd5,0xfe,0x41,0xeb,0xf2,0xaa,0x29,0xa2,0xbd,0xdb,0x2b,0xee,0x62,0x84,0x29,0xc1,0xbc,0x02,},{0x30,0xfa,0xc3,0x23,0x04,0x8b,0x0c,0x78,0x1a,0x9f,0x63,0xc1,0xee,0x69,0xf2,0xb9,0xe7,0x5a,0x27,0x06,0xd2,0x49,0x51,0x2a,0x27,0x39,0x60,0x7f,0x26,0xdb,0x13,0x8f,},{0x2c,0x3c,0x8c,0xd2,0x99,0xc9,0x06,0x0b,0x65,0x99,0x9b,0x03,0xa6,0x57,0x9b,0xc5,0x0e,0xf1,0xfe,0x0d,0x85,0x1f,0x23,0xbe,0x9c,0xb5,0x8f,0x8f,0xb8,0xc6,0x72,0xee,0x08,0x6a,0x53,0x9e,0xad,0x94,0x9e,0x08,0x7d,0xf0,0x91,0x12,0x2d,0x26,0xfa,0xaa,0xd2,0x06,0xa5,0xc5,0x2f,0xcd,0x58,0xb5,0x14,0xd7,0xa9,0x35,0xbe,0x01,0x79,0x08,},"\xfd\x97\x1d\x48\x94\x6b\x51\xff\xed\x7b\x62\xc5\xd0\x99\xc1\xe5\x6b\x13\x58\xb9\x22\x35\xe1\x01\x0e\x3f\x23\x84\x4d\xdb\x73\xbc\xee\x8d\x2e\x1c\x99\x77\x35\x3b\xc9\x6a\x22\x1c\x05\x60\x29\x31\xfa\x16\xcc\xc2\xab\x6d\x0f\x01\xc8\x46\xc2\x92\x0e\x99\xde\x02\x6d\xc2\x89\x7f\x3d\x5f\x3c\xee\x17\x4c\xe7\x51\xd4\xa8\x05\xee\x19\x59\xa3\xc6\x9c\xfd\x42\xd7\xc9\xaf\xd3\x1f\xa9\xb1\xcf\x05\x78\x6d\x8f\x90\x42\xa4\xf9\xf8\x1c\xf7\xac\x9c\x1c\x39\xb3\x6f\x1e\xe9\x5b\x98\xcf\x7e\xe3\xf4\x3e\x2c\x34\x37\x33\xd1\xd8\x2c\xc0\x8b\x2c\xde\xb7\x8d\x98\x20\x34\x08\x5f\xf4\xdc\x65\x36\xcd\x15\x4a\x79\x0c\x85\xc8\x61\x3e\xc4\xe5\xe1\xdc\x37\x7d\x38\xa7\x45\xd9\x38\xcf\xb1\x5c\x8b\x8a\xa8\x61\x21\x83\x5f\x2e\x25\xe9\xe6\xd0\xde\x68\x02\x5d\x81\x0c\x3d\xc9\xdf\x99\x1d\xad\xad\x39\xdc\x69\x81\xfd\xba\xc1\xff\x9b\x7a\x79\x1c\x39\x60\xd8\x56\x43\x66\xe5\xaa\x39\xa9\xe9\xc7\xcb\xf1\xd3\xf0\xf8\x20\xd1\xb9\x01\x08\x75\x1a\xc7\x64\xda\xbe\x05\xc5\x1c\x18\x52\x9d\xa1\xb0\x34\x96\x14\x66\x84\x24\xab\x4e\x93\x64\x40\xc4\xa2\x51\x3b\xe5\x28\x53\x93\x72\xee\xe7\x87\x54\x58\x9d\xbe\x79\x94\xfa\xa1\xf6\x22\x91\x24\xf8\x39\x95\x0e\xd0\x92\x3f\x43\x23\x31\x5a\xc9\x63\xbb\xe4\xc8\xe1\x77\xda\xc5\x16\xe7\x34\x22\x38\xf1\xcd\xf1\x40\xbe\xfc\x8a\xcd\xca\x3d\x00\x2b\x16\xc1\x39\x8d\x86\x86\x00\x30\x4c\x7e\x98\x53\xb2\x3a\x51\xb1\x7d\x9f\xd0\x61\x56\xe1\xd1\xd0\x8a\x28\x46\x09\x09\xfa\x20\x9c\xcc\xcc\x4c\xec\xbd\xb1\xa4\x63\x48\x08\x91\x15\x31\x86\x81\xa9\x5a\xe5\x80\xab\x67\x66\x04\x13\x84\x65\x1c\xc4\xe6\x14\x51\x03\x92\x3b\xdf\x4a\x32\xa9\x3d\x93\xee\xd3\x18\x79\x1f\x20\x80\x5f\x7e\xa8\x4b\x74\x3e\xe1\x1e\xad\x9e\x4c\xa0\x3d\xa7\x6d\xdd\x24\x9f\xd4\x47\x5f\xc1\xa3\x53\xc7\x0a\x83\x38\x9b\xfa\xc5\x20\x98\xdb\x06\x6d\x10\x29\xc4\xef\xfb\xed\x86\x4e\xbe\x7f\x10\x7e\x01\x03\xb3\xa8\xf3\xfd\x1d\x6a\xb4\x36\x0b\x99\xe8\xb1\x40\xc5\xea\x13\x3e\x92\x3c\x39\x2b\x8e\x40\x63\xaa\x6e\x52\x26\x38\xf6\x1d\x7a\x71\xc9\x22\x58\x97\xd9\xf8\xa1\xe1\x6c\xfc\xc8\x01\xe7\xd5\x41\x04\xeb\x10\xe6\x1a\x5a\xe6\x3c\x5c\x85\xa5\xb2\x93\x92\xab\x3a\xb8\xe5\xc0\x39\xf1\x00\xd0\xf4\x60\x0c\x61\x0e\x02\x09\x43\x6e\xf2\xec\xe4\xd0\xbd\xb0\xba\xb4\x37\xb2\xdb\x5f\x37\x08\xfd\xdf\x96\x66\x0f\x6f\xb1\xa9\x0d\x60\x48\xd3\x95\xaf\xaf\xa7\x60\xcc\xaf\x15\xde\xaa\x0e\xff\xeb\x26\xec\x17\x68\x1d\x17\x2c\x13\x30\xf7\x8e\x78\xa8\x73\x6b\x28\x5f\x61\x5f\x15\xd4\xf2\xc3\x13\xd2\x5f\x30\xae\xe9\xd1\xdb\x39\xf5\x35\xfc\xdd\x0e\xbc\x8e\x71\xb8\x9c\xe6\xb3\xfc\xb5\x67\xcd\x0f\xa2\x88\xf4\x8e\xd3\xa7\x59\xbb\x2e\xd2\x00\xfd\xc2\x30\x91\x50\x2f\xd9\xca\x65\x1c\xe5\xe3\x42\x2a\x98\x33\x5a\x81\xd7\x4a\x65\xcc\x15\x00\xe9\x07\x0a\xbb\x60\x9c\x1c\x1f\x68\xfc\x2c\xa9\x4c\xdd\x55\x0f\x99\xbc\xb2\xd0\x92\x41\x6b\x9b\xd3\x88\x41\x0b\x8f\xe7\x48\xfb\x8c\x9a\x5a\xb8\x61\x5f\x2e\xd9\x68\xf8\x5d\xcb\x27\x27\x72\x69\x84\xbe\xad\xa7\xa1\x8a\xfd\xb0\xc7\x2a\xa6\x5d\xe7\xab\xb7\xa8\x6f\x11\x16\x9a\x6e\xad\xf1\xc2\x1d\x61\x4e\x52\xc0\xc8\xf0\x19\x74\x7d\x34\x1a\x05\xd8\x5e\x37\xbf\x58\xd8\x32\x7e\x99\x39\xc2\x38\x7c\x27\x44\xed\xf8\x38\x56\x3c\xb3\x7f\x0b\x16\xe8\xa0\x6f\xc6\x28\xa9\x72\x30\x50\x6f\xa4\x18\x39\x54\xdc\x74\x81\x5f\x3b\xe2\xeb\x2a\xff\x4a\x13\xc0\x65\xf7\x43\xb7\xd8\x5d\xe8\x04\xeb\x28\xef\xe5\x70\xed\x5e\xcc\x71\xab\xa9\x7f\x97\x63\xb4\x36\x17\x32\x47\xf3\x8e\x0c\xf6\x29\x72\x09\xb6\x51\x28\x46\x5a\x38\x26\x64\xce\xd8\x01\x1f\xcc\x3d\x0e\x56\x3f\x15\x5b\xc6\x3c\x94\xdd\xe7\x3c\x7b\x17\x24\x7b\x8c\x3a\x4e\x80\x34\xeb\xd4\x36\x46\x35\x18\x5c\xe9\xc7\x08\x1d\xbd\xbe\x85\x45\xf7\x9d\x01\xaa\x53\x2a\x0d\xc5\x2c\xb7\x90\xa3\x1f\xc2\xff\x41\xac\xeb\xad\x27\xcc\xe9\x24\x45\x54\xdb\x65\x2f\xa2\x87\xba\xe7\xde\xcb\xcc\x8c\xe9\xe0\x1d\x1a\x88\xab\x41\x2b\x6c\x65\x78\x20\x3b\x42\xde\xc9\x82\xb7\xf3\xb8\x23\x14\xdb\x2c\xc7\xc5\xc3\xdc\x1d\x3d\x8b\x17\x14\x4d\xa7\xfe\x60\xe7\xa8\x72\x5f\xd0\xa9\x7c\x61\x06\x07\xcf\x41\x3c\x72"},
+{{0x08,0xb5,0xfd,0x4e,0x41,0x9d,0x23,0x70,0xc0,0xfc,0xd6,0xc3,0xb9,0x2f,0x8d,0xb3,0xaf,0xd4,0x22,0x68,0xf5,0x33,0x08,0x5d,0x9f,0xce,0x32,0xb5,0x22,0x82,0x4e,0x34,},{0xcd,0x0d,0xa6,0x99,0x37,0x9e,0x4f,0x94,0x25,0xe8,0x4b,0x97,0x57,0x30,0x0a,0x51,0xa1,0x63,0xf3,0x58,0x73,0x4c,0xc3,0x7a,0x91,0xff,0x0e,0xa4,0x88,0xd2,0x97,0x79,},{0x42,0xa1,0x37,0x56,0xb7,0x5c,0x67,0x22,0x48,0x5f,0xa3,0xf6,0x94,0x04,0x1b,0x39,0xb7,0xd7,0xc5,0xfd,0x40,0xeb,0xc0,0x6a,0x52,0xe0,0xff,0x34,0xce,0x14,0xd8,0xd4,0x0f,0xa8,0x2a,0x95,0x08,0xb5,0x68,0x53,0x7d,0x26,0xd0,0xdd,0x7c,0x0a,0x31,0xbe,0x71,0x0d,0xa8,0x0a,0xab,0x35,0x19,0x6a,0x03,0x9b,0x60,0x64,0x1d,0xb1,0xe1,0x01,},"\x3c\xee\xee\xa3\x0f\xa4\x01\x56\x3d\xf3\x6b\x19\x8b\x9b\x59\x69\x8c\x10\xe1\x00\xa2\xf3\x0e\x6f\x78\xfe\x62\xb9\x2e\xca\xc9\x89\xe8\xaa\x09\xec\x76\x0e\x89\xca\xc0\xa1\x6b\xde\x3c\xac\x73\x62\x2a\x86\x27\xef\xed\xfa\x4e\xc0\x9b\x87\x3f\x7e\x10\x00\xe7\x69\x82\x91\x0c\xa0\xaa\x4a\xfb\x1f\xf5\xa8\x44\x8b\x76\xf7\xb0\xd2\xa2\xd5\x2a\x7f\x40\xde\xde\xfc\x68\xd6\x0c\xe6\x62\x2c\xa0\x80\xd6\x69\x8e\xa6\xc3\xbd\x72\x10\xb3\xb6\x48\xf5\x32\x52\x29\x14\x94\xb3\x5a\x55\xff\x40\xfa\x1a\x63\x1a\x57\xc5\x10\x01\x1a\x46\xbf\xb9\xe2\x71\xba\xe1\xe7\x8c\xe6\xc6\xea\x60\xc5\x5b\xa0\xcc\xe3\x60\x59\xbf\xb0\x1e\x39\x45\x56\x98\x7f\x74\x4b\x72\xae\xbb\xdb\x4b\x1b\xdb\xb3\xbb\xaa\xee\x1b\x8b\x2f\x31\x74\x50\x6a\x79\x3f\x0a\x51\x1b\x2b\x56\x90\x49\xb3\x0a\x2e\x08\x41\x42\x41\x84\xa4\x8e\xca\x9e\x2d\x83\x78\x3a\xc5\xb6\x1e\xb9\x47\xcb\xd8\xba\xb7\xad\x38\xb0\xc6\x84\x27\xd8\xf9\x4a\xe2\x85\x19\x0d\xbb\x6e\x0c\x6d\x58\x0a\x25\x14\x23\x94\xbe\x94\x81\x58\xd8\xda\x83\xb4\xf3\x4a\x8d\x25\x8b\x97\x07\x56\x32\xb3\xc2\x8b\xfa\xe3\x10\x5e\xd1\x87\x2e\x35\x6e\x43\xae\xd5\x93\x97\xb9\x11\x0b\xbf\x9d\x8c\xa2\xa0\x44\xd5\x27\x1e\x6c\xc3\x61\xe1\x4e\x69\xa9\x32\x51\x76\x83\xec\x81\x81\x8f\x02\xcf\xa0\x29\x5e\x56\x61\xce\xa3\xe5\x86\xaf\xc0\xdb\x41\xba\x95\x55\x3e\xe7\x5b\x20\x0b\x0f\x97\x90\x11\x1d\x37\x57\xa7\x39\xe5\x63\x55\x7a\xff\x9b\x70\xca\x14\xe8\x7b\x79\x54\x37\xba\x91\xa9\x5d\xd0\x7e\xa6\x9a\x11\x35\x9f\x36\xca\x03\x29\x8e\x0b\xfa\x4f\x91\x2f\x64\xa2\x92\x4a\xd9\x01\x97\x5a\x2a\x96\x0b\xa1\xbe\x89\x92\x1b\x1f\x54\x85\x49\x6b\x7e\xa5\xda\x6d\x8a\x69\x37\xac\x10\x5b\xf3\x76\x0e\x48\x76\x99\x0a\x0f\x5c\x5a\x63\x4f\x74\xcb\x57\xdf\x7c\x17\x2c\x8a\x41\x53\x72\xe6\xd9\x03\x29\x87\x17\x49\x96\x16\xf8\x97\x1c\x68\xbb\xec\xe9\x2e\xa8\x78\xa1\x8e\x23\xf3\x27\xc3\x64\x9b\x6a\x85\x2e\xf2\x3b\x7b\x3e\x60\x3c\xdf\x80\x45\x2d\xbf\x1b\xe2\xfb\x77\xe8\x14\xd2\x52\x54\x96\xbb\x31\xfb\x6e\x4e\xd2\x53\x32\x48\xb3\x9d\x5f\xbe\x23\x90\xa9\xb6\xfc\xca\xba\x99\x7e\x8b\x49\xb5\x98\x36\xe3\xe0\x95\x29\xea\x5e\x41\x13\xee\xe4\x51\xc9\xc6\xbb\x26\x74\x1d\x0e\x4c\x58\x6f\x53\xd6\x04\xc6\xea\x0c\x0e\x60\xdb\x02\xe5\x10\x9f\x37\x34\xf5\x1c\xdd\x89\x85\xaf\xeb\x3e\xca\xff\x65\xe0\x59\xe3\x12\xcd\x50\xfa\x34\x9f\xf2\x8b\xdc\x9b\x70\xb7\xf5\x32\xdb\xab\x1d\xf4\x3b\x03\x16\x7c\x1d\x2e\x3f\xa6\xee\x8c\x9b\x17\x4a\x0b\x2c\xf8\xaa\x9f\xfa\x40\x6b\xf5\xbd\x72\x88\x78\x0c\x9c\x4a\x6b\x69\x79\x49\xb4\x86\x38\xd4\x20\x79\xc8\xc6\x6e\x14\xd9\xb5\x72\xa2\x10\xa0\x93\xea\xf1\xd2\xf7\xa7\x03\xb5\xcd\x20\xad\xc4\xf9\x92\x7a\x6e\xa8\xea\x78\xfa\xa6\x1b\xc6\x2b\x3c\x5c\xbd\x3a\x53\x25\x25\x66\xd0\x43\xba\x55\x65\x90\xd9\xa7\x63\xbe\x7f\xea\x4b\x20\xe1\xe9\xcf\xbe\xbf\xae\x15\x43\x9b\x33\x4d\xc5\x39\xb1\x7d\xad\xa2\xe4\x34\xe9\xc8\x32\x25\xb1\xe8\xf6\xbe\xb7\xd5\x56\xb4\x7d\x7f\x69\xf7\xeb\x7d\xf5\xed\xe2\xee\xbd\x84\xe2\x50\xb7\xc9\x46\x8c\x21\xfd\xc0\x17\x0e\xa8\xdf\x66\x2d\x61\x80\x58\x1f\x65\x7f\xe7\x6c\xef\x18\x58\xb6\xb0\x2f\x73\x25\xc7\x21\x96\x43\xfb\xa2\xf7\xe9\x96\x3a\x33\x32\x2d\x65\x04\xab\x91\xbf\x10\xa9\x78\xfa\x07\xb4\x7d\x5d\xb0\xbe\x00\x0d\xcd\x00\x2b\xdd\xaf\x67\x6b\x77\x25\x9c\x9f\x60\xad\x0b\x11\x67\x1c\xd5\x77\x7c\x1e\x80\xb1\x3f\x82\xeb\x0f\xb6\xa1\x80\xb5\x66\x62\x93\xa4\x32\x40\x86\x2f\xbf\xa3\x97\x8d\x95\x31\x19\x71\xaf\xab\x9e\x1c\xc8\xab\x14\xa8\x76\xb6\x57\x2a\xc8\xa4\xb7\xe0\xb4\x0a\xaf\x6b\x52\xa1\xcf\x4c\x1e\xbc\x6c\x1c\x48\x7d\xf5\xa3\xcb\xc4\x00\x5a\x0e\xe3\x29\xca\xbc\x28\x6d\xb1\x0f\x17\xd0\xf1\x78\x2e\x07\xd3\x32\x4f\x0c\x73\xef\xbd\x3c\x2f\xb5\x2b\x71\xf9\x8a\xd9\x5d\xb9\x50\x62\xd9\x14\x25\xe7\x34\x67\xbc\x1e\x4e\x9b\xf5\x52\xe8\xa2\x44\x29\xd9\x7d\xb1\xd6\x6d\xd4\xd9\x95\xe5\xf8\xd2\x4e\x9c\x91\x0b\x2e\xb1\x75\x8e\xf7\x55\x25\xc3\xd6\x5a\x3f\x43\x0a\x02\x73\x48\x82\x0c\xe3\x05\x3b\x6f\x3a\xf4\xec\x96\xd0\x49\x37\x31\xc8\x18\xc6\xb1\xa7\x0c\x25\x0a\xc6\x86\xa4\xfc"},
+{{0x1e,0x85,0xc9,0xe4,0x51,0xb7,0xac,0xf8,0x01,0xd1,0x6b,0xc8,0x26,0x8e,0xb4,0x2a,0xe8,0x5c,0x72,0xc6,0x8e,0x9f,0x90,0x92,0x7a,0xa0,0xf3,0xb5,0x0b,0xef,0xd2,0x29,},{0xa6,0x9d,0x05,0x7f,0x4b,0x74,0x38,0x11,0xe0,0x7a,0xc7,0x45,0x61,0xc2,0x25,0xbe,0x03,0x81,0xc7,0xd5,0x84,0x9e,0x60,0x18,0x79,0x37,0x01,0xa8,0xcb,0x6c,0x99,0xb5,},{0x6c,0x36,0xda,0x9a,0xd6,0xc4,0x56,0x34,0x3c,0xe6,0x42,0xac,0xa4,0x54,0x92,0x3a,0x52,0xa2,0x84,0x4c,0xe5,0xee,0x58,0x94,0x7c,0x8d,0xf7,0xba,0xb2,0xeb,0xe4,0x67,0x82,0x3c,0x56,0x33,0xe5,0x30,0xb1,0x67,0xd7,0x1c,0x47,0xad,0x95,0x49,0xdf,0x05,0x94,0x3f,0x99,0x42,0x1e,0x17,0x47,0x5c,0x4d,0x4f,0x08,0xde,0xdf,0x6f,0x32,0x05,},"\x18\x9e\xa9\xc8\xd9\xed\x14\xb0\xde\x82\xb4\x4c\xbd\xd5\x87\x57\xa2\x7c\x68\x38\x3f\xba\x59\x77\x61\xf9\xe8\x62\xe0\x8d\xe1\x5b\x1e\x44\xc3\xdb\x1b\xad\xbd\xe7\x69\x80\xee\x39\xe6\x99\x62\x9f\x6f\xcf\xef\x32\xd3\x6b\x33\x93\xda\x2c\xa5\xa8\x1f\x95\x9c\x8b\x0f\x1b\x80\x1b\x5f\xa4\xc4\x7c\xa3\x95\x91\xe6\x12\xa2\x43\x5c\x5b\xaf\xd7\x7a\x5c\x7a\xb7\x43\x59\x21\x09\x06\xf4\x75\x33\xb1\x87\x9e\x2a\x5a\xf5\x86\x4d\x96\x1c\x81\x46\xe2\x5d\xac\x77\x25\x55\xe0\x42\xa8\x87\x26\x14\x19\xab\x8c\x9f\x6f\x62\x56\x25\x48\x1d\xa5\xb9\x35\x26\xa1\x31\xf3\x7b\x53\x4a\x00\x50\xa8\xa4\x62\xb3\x3f\x20\xa7\xe9\x4b\x89\x15\x30\xb1\x9b\xf6\x54\xee\x95\x34\xc9\xa8\x36\x1d\x03\x63\x5d\x8d\x27\xd4\x6b\xe7\xbf\x84\x78\x1a\xd0\xd4\x2d\x1e\x7c\x48\x54\xa4\x9b\xa1\xba\x45\x82\x62\xfe\x5e\xa1\x90\x21\xb9\x35\xa6\x94\x94\x92\xd7\x0b\x60\x5e\x15\x19\x89\xef\x26\x41\xb2\xbf\x81\xec\x4b\x92\x02\x0f\xc7\x07\x4c\x2a\x63\x22\x9d\x51\xa9\x44\x18\x6a\x28\x89\x5e\x8e\xa9\x52\x92\xc2\xf8\x72\xbb\x21\xa3\x14\x93\x99\xe2\x3c\xcd\x8e\x2f\xc4\xf1\x7a\x46\xb5\x9c\x28\x2c\x51\xb5\x8d\x00\x26\x6a\x5c\x16\xb1\xce\x35\x0d\x54\x85\xe8\xd8\x01\x6d\xd0\xa5\x0a\x59\x84\xcc\x94\x81\x54\xcd\x5c\xe7\xcd\xa0\xee\x0a\xb1\xd7\x25\x1b\xdc\x70\xa1\x78\x5b\x8e\x91\x03\x91\x7f\x4b\x91\x7a\xb2\xb4\x94\xf3\x48\x33\x89\xa2\xf9\x23\x75\x41\x84\x9e\xd3\xbd\x56\x5c\xff\xac\x9e\x75\x6d\xb5\x6e\xf5\xe2\x34\x95\xbc\x77\x1e\x88\xbf\xfa\x87\x07\xce\xea\x5c\x09\xbe\xca\xdd\x05\x9a\xb8\x89\xd1\xdf\x7e\x88\x7b\x71\xa9\xe6\xc2\x38\x37\x8f\xbe\x0c\x36\x30\x38\x66\x16\x36\x3f\x20\x7b\x16\xc3\x27\x0d\x39\xac\xde\xd5\x11\x52\x99\x92\xf4\xe5\x98\x78\x91\x21\xd3\x16\x13\x58\x10\x63\x6b\xaa\xde\x8a\x28\xed\xc6\x6b\xbf\x5e\xde\x3f\x40\x4a\x70\xb4\x7d\x35\x98\x8b\xe7\x06\xb4\xea\xa0\x30\x23\xa3\x90\x93\xd5\x83\xcd\x4c\xd8\xbf\x4c\x74\x34\x1a\x02\x8c\x19\xd6\x0d\xa3\x1b\x6a\x7a\x03\x4c\x08\x1a\x2b\x03\x0f\xeb\x3c\xd2\xf0\x3d\x0f\xaa\xbf\xfb\x58\xe3\xfc\x36\xc0\x06\xcf\xb9\x29\x47\xa7\xde\x5b\xa8\x74\x76\xc1\xb0\x51\xe1\x82\x83\xc0\x3e\x9c\x6e\x5a\x5c\x3c\x27\x77\xd9\xa0\x75\x73\x72\x37\x96\x64\xe8\x2f\x84\x85\x82\x4f\xed\xb7\x0a\x4b\xc4\xe3\x56\xed\xd1\xb5\xce\x0f\xb6\xe4\x1d\xe0\x17\x16\x21\xb8\x4f\xaf\xa0\x01\x89\xaf\xa8\xa6\xa9\x00\xb1\x4c\x70\x75\x8f\x7a\xa4\xfb\x82\x40\x0e\x0d\x18\xab\x3c\xd7\xe4\x8a\xcf\xd4\x89\xca\xb0\xe7\x2e\x71\x9f\x79\xa0\x7d\x06\x6c\x53\x1a\x89\x1c\x55\x29\x1f\x22\x45\xdb\xbe\xe4\x4e\x52\xb1\xdf\xc8\x72\x7a\xae\x38\x7a\xb9\xe7\x19\x94\xa3\x85\x4e\x1a\xdd\x73\xd9\xa7\x96\x5c\x77\x55\x21\xc2\xf5\x40\x84\x22\x76\xdd\x30\x9e\x2f\x6a\x34\x1e\x7f\x0f\x37\xf2\x2b\xb6\x62\x7b\x6e\x9c\xb2\x5b\xa2\x4c\x6c\x4f\x4e\xb9\xf5\xe7\x62\x2d\x88\xda\x19\x84\xe2\x9c\x5d\xa0\x01\x03\x9c\x44\x04\x2b\x59\x35\x14\x06\xa4\x13\x36\xdd\x77\x2d\x49\x7d\x3f\xc8\xaa\xc4\x11\x72\xeb\x5a\xa6\x41\x7f\xe4\x22\xec\x7c\x15\x0b\x96\xb0\x45\x4e\xe3\x31\x24\x7c\xb1\x53\x8a\xef\xf3\xec\xa2\xd5\x0e\x53\xd6\xd1\x31\x70\xa7\x6a\x00\x49\xea\x0c\x05\x90\x4a\x63\x90\xed\x14\xce\x74\x91\xe9\x7f\x75\x4c\x52\x22\xda\xc4\xb6\x11\x8b\xa3\x81\xf5\x52\xe7\x3e\xa8\x49\x1e\x3b\x7a\xc9\x49\x56\x9b\x56\x9c\xf2\xd2\x9a\x80\x41\x0e\x06\x5b\x5c\xc4\xa4\x66\xbb\x04\xeb\x7a\x15\xf5\x96\x79\x2e\x84\x90\xba\x70\x02\xec\x36\x15\x71\xaf\x5d\x8f\x57\x67\x5c\x95\x64\x49\x47\x0a\x2f\x99\x55\x40\x73\x67\xe4\x09\xa2\x32\x89\x95\x53\x12\x0a\x27\x7d\xb8\x63\xe9\xa8\x2d\xda\xba\xe8\x7b\x78\x91\x45\xba\x89\x8d\xf3\xc2\x8b\x96\xfb\xe3\x01\x4c\xd0\x85\xc6\xe6\x0e\xe8\x83\x17\x01\x03\x6d\x99\xc5\x42\x5d\x58\xe8\xbc\xc9\xfd\x92\x71\xd4\x6a\xec\x1e\xb9\x55\x13\x01\x02\xea\xaa\xb4\x4e\x07\x70\xc3\x0b\x2b\x12\x7e\xfb\x0e\x5f\x8a\x3f\x7a\x0c\xa3\x4e\xc9\x98\x4a\x46\x01\x1b\xc2\x6b\xfd\xe0\xc0\x81\x9b\xb5\x47\x06\xb5\x65\x63\x8b\x75\x42\xdc\x4b\x8b\xf8\x09\x8d\xc0\x1f\x16\x1b\x3b\x12\x96\x18\xb5\x9a\xde\xd3\x3c\xb5\x9c\xe9\x18\x9a\x67\x62\xdb\xae\x5b\x0d\x34\xb7\x1c\x8d\xbf"},
+{{0x51,0xcf,0x86,0x8f,0x82,0x0e,0xed,0xa0,0xdb,0xd1,0x01,0x80,0xf7,0x77,0xe6,0x06,0x5c,0x93,0xa4,0x83,0xc5,0x8a,0x77,0x8b,0x67,0xe7,0xd8,0x42,0x30,0x2f,0xb7,0x67,},{0xab,0x08,0x8f,0x50,0x2f,0xbc,0xf2,0x15,0x0e,0x48,0x46,0xb3,0x4d,0x2c,0x80,0x97,0xff,0x01,0x3c,0x02,0xa8,0xb9,0x7c,0xfc,0xf2,0xb9,0x5a,0x1c,0x72,0xdf,0x3e,0x24,},{0xe1,0x53,0x42,0xa1,0x1c,0xaf,0x89,0x28,0x95,0xe4,0x66,0x22,0x88,0x63,0xd0,0x83,0xb0,0x69,0x2f,0x01,0x06,0x10,0x74,0x8c,0x23,0xdf,0x2f,0x11,0xd2,0x94,0x75,0xba,0xfc,0xe9,0x27,0xca,0xfe,0x7f,0x07,0xef,0xb8,0xc3,0x47,0xed,0x56,0x63,0xe7,0x3b,0xea,0x89,0x53,0x1c,0xed,0xc0,0xc3,0x48,0xe7,0x9b,0x6e,0x58,0xa7,0x57,0x49,0x07,},"\x7c\x2d\x8e\xe8\x2d\x9a\xbf\x8a\xa9\xc7\x24\xc7\x5b\x90\x99\x04\x73\xf1\x31\x76\x3f\xe9\x3b\x30\xcb\x04\x72\x35\x88\x62\x1d\xa2\xa3\x27\x92\x8b\x22\x64\x9f\xa0\x62\xcd\xea\xbd\x77\x76\x15\x38\xb2\x70\x9b\x8f\xb7\xa2\x00\x6e\x50\x35\x09\x13\x4c\x92\x9c\x30\x11\xe1\xd7\x28\xa5\x7a\x4e\x17\x51\x98\x07\x5e\x21\x42\x53\xf3\xf3\x0e\x01\xb6\xe0\x4e\xab\xd4\xde\x06\x78\x95\x58\xe6\x98\xb1\x86\xef\xe3\x4b\x32\x12\x95\x68\xb3\xe8\xd0\xd7\xea\x3f\xf0\x0b\x3f\x25\xa4\x22\x36\x89\x3a\xa8\xa4\x1b\x67\x4a\x0a\xb5\xf4\x1e\x7b\x28\xcf\x5a\x7c\xb7\x65\xe1\x8e\xad\x6d\xe6\xa3\x53\xa7\x82\x4a\x3c\x49\x78\x60\x38\xd6\xf4\x93\x7f\x32\x64\xd6\xcc\xf0\xc0\xa2\x46\x5b\xb6\x93\xe5\x2b\x3d\x1e\x6e\xb9\xae\x4c\xb6\x5d\x09\xcf\xf5\x48\x42\xe8\x53\x62\x85\x7a\x59\xf7\x19\x8a\x68\x8a\x3d\xf3\x85\x13\xcd\xd6\x1e\x21\xdf\xd8\x59\x14\x2c\x83\x44\xa3\xb8\xb2\xa7\xc7\xdb\x17\x0f\x39\xf8\x7c\xa3\xff\x8e\xd4\x27\x96\x2b\x2b\x1a\x14\xd1\x22\xfa\x2d\x5a\xea\x2a\x66\x40\x11\x7d\xd2\x58\xfa\x0f\xc5\x4a\xc6\xe9\x40\xbc\x16\xd2\x11\xec\x9a\xdf\x91\x4a\xb1\x65\x78\xf5\x21\xf6\x55\xd2\x12\x7e\x79\xe8\x71\xbf\x7f\xa7\x54\x47\x19\xd5\x8e\xd8\x47\x85\x0c\xb2\x7b\x99\xeb\x8f\x29\xb1\x6c\xdc\xc2\x8b\x15\xc1\x25\x9a\xb4\xd5\x89\x70\x5a\x40\x66\x88\xf6\x05\xa2\xeb\xf5\x80\x51\xc4\x3a\x77\xc4\xe0\x1f\xd6\xf7\x49\xd3\x2d\xb4\xe8\x9f\x26\x3c\x2c\x16\xde\x18\x1f\x0e\x6b\xdd\x0a\x6a\x64\xff\xe6\xf1\x82\x94\x44\x09\x6d\x9f\x3e\x2b\x67\xe4\xbb\x00\x66\x50\xb5\x92\x9d\x1f\x82\xeb\x11\xbb\xed\x24\xe8\xf1\x01\x8a\x73\x84\x60\x5a\x3c\xf2\x9a\xb5\x98\x33\x79\x39\xc7\x6a\x3b\xe8\x61\xe4\x83\xc5\x80\x5e\xc3\xce\xe4\x5e\x34\x24\x84\x7a\x08\x55\x8d\xcc\x99\x49\x9f\xb9\x38\x2a\xca\xe5\x6c\xdc\x87\xfb\xd5\xb2\x6f\xf9\x4c\x86\xf2\xe1\x08\x79\x43\x83\x50\x1c\x8b\x33\x36\x68\x50\xa7\x6a\x0d\xfc\x0a\x7c\xd7\x89\xa0\x3f\x01\xa3\xe9\xd9\xe9\xae\x39\xfd\x72\x45\xdc\x29\x29\x9d\x24\xf3\xb4\xb1\x67\xca\xcc\xd2\x23\xa9\x9b\x6b\x20\xa3\xb6\x73\xdc\x5f\x74\x66\xd0\xb2\xf8\x15\x09\x8a\x49\x7c\xca\xf8\x04\x20\x16\x8e\xdd\xbf\x4d\xa5\x7b\x86\x66\xe9\xd3\x3c\x48\xeb\x30\x4b\x4c\xfc\xf4\x57\xcd\x76\x59\x54\x3f\x6d\x1e\x66\x18\x90\xf5\x62\xb4\x3b\x8b\x6d\x1c\x4d\xcc\x07\x7b\x60\xbf\xa5\x33\xff\xab\x92\x8d\xbf\xd9\x55\xdc\x51\x16\xd7\x70\x95\x0b\x69\x0e\x21\x06\xad\x52\xd4\x2c\x31\xc2\x2b\x88\x48\x89\x43\x32\xb5\xc6\x99\xe5\xc3\x31\xfb\x38\x1e\x58\x12\xe7\x52\x6f\xdf\x4b\x8a\xa2\xda\xaa\x2c\xa2\xcf\xb9\xc9\x21\x11\xb6\x1c\xbc\x3d\x1e\xef\x6c\x8c\x67\x37\xf0\x55\x88\xf0\x44\x67\xdb\x83\x30\x84\x3a\xcc\x98\xdc\x1a\x16\xfb\xd9\xd9\xd9\x4b\xd8\xbf\xde\x26\xc3\xf7\x1d\xee\x72\xb5\x09\x10\xc3\x6b\x24\x0f\x80\x2a\x61\xca\x16\x37\x2f\x6f\xfa\xad\xb2\xbe\x4e\x85\x3c\x5e\xd6\x9a\x3d\x1f\x6c\x7b\x2d\xe5\x13\xc5\x3a\x3f\xdd\x0a\x67\x6f\x83\xd0\x9d\x5c\x51\x17\x60\x47\xd9\x20\x07\x16\xbf\x22\xba\xe4\x5f\xe0\x1b\x3e\x0c\x2c\x51\xc1\x6e\x46\xad\x06\x37\xf7\x9f\x9b\x4d\x83\x86\x77\x04\xfe\xda\x9f\x22\x78\x31\xde\xa2\x63\x39\x9c\xa2\x77\x1a\x4e\x78\xb4\xdf\x8a\xc0\xde\x6a\x94\x1e\xab\x37\x0b\x1f\xdb\x47\xda\xf6\x64\x2a\xae\xaa\x63\x17\x0f\xa9\xb3\xd1\xe1\x62\x8f\x7c\x4e\x7c\xf0\xea\x8b\x8a\x8e\x51\x8c\xba\xce\xf9\xad\xe8\x4d\xf0\x32\x48\x48\x47\xff\xb6\x1b\xbd\x07\xe8\x72\x7c\xc4\xc2\x5d\xa5\x77\xb2\x64\x51\x9b\x49\x99\xfa\x7c\x0b\xc3\x23\xd4\xf3\xf9\x73\x9f\x78\x0b\x9b\x2c\x23\xc7\x78\x55\xee\x5f\x6d\xcc\x40\x15\x44\xd6\xb6\x4b\x27\x70\x15\x8f\xdc\x6c\x12\xf4\xd8\x9b\xeb\x04\x4e\x0e\x85\xac\x7a\x68\xd4\x29\x17\xb1\x34\x51\x14\xb9\xa6\x72\xd1\x23\x1b\x2c\x6c\x0f\x96\x9f\x20\x35\x31\xe7\x1b\xbb\x40\x05\xb1\x03\xa7\xdc\x3a\x58\xb5\xb8\x24\xa7\xe0\x1b\x6e\xb9\xf4\x96\xdf\xa6\x4d\x64\xd8\xc6\x77\x7f\x53\xaa\x58\xd5\xda\x04\x6d\x72\x6f\x55\x45\x4c\x88\xb6\xd7\xd4\xab\x0d\x21\x98\xa8\x97\x09\xf1\x18\xa6\xb3\x24\x60\xb9\xeb\xce\xff\x3f\xdd\xc6\x05\xda\x77\xef\x3d\x1b\xa3\x0f\xec\xf0\x7b\xe2\xf5\x31\x3f\x4e\xe6\x35\xaf\x5e\x95\x61\xd8\x77\xe9\x9c"},
+{{0x54,0x3d,0x5f,0x1d,0x4a,0x6e,0x10,0x29,0xb1,0x91,0x41,0x38,0xfb,0x1f,0x46,0x59,0xe6,0x94,0x56,0x55,0x72,0x07,0x40,0x66,0x88,0xa2,0x03,0x5c,0xbb,0xb2,0xa6,0x8a,},{0x3c,0x83,0x79,0x0c,0x3b,0x45,0x53,0xde,0xae,0x4f,0x84,0x3b,0x50,0x1d,0x26,0xf6,0x16,0x70,0x93,0xee,0x54,0xe2,0x79,0x75,0x9f,0xfa,0xd8,0xcb,0xc0,0x61,0xe7,0x20,},{0x55,0x20,0x11,0x94,0x02,0x6f,0xd6,0x44,0x8b,0x1d,0x52,0xf8,0x3e,0xd2,0x0a,0xc2,0x84,0xe7,0xe7,0x7f,0xa9,0x2d,0x52,0x95,0xd3,0x38,0x25,0xce,0xa3,0xac,0xa4,0x7e,0xc7,0xaa,0xca,0x2f,0xc0,0x86,0x79,0xf9,0xac,0xfc,0xed,0xb3,0x76,0xfd,0xa4,0x61,0x9b,0xe3,0x27,0x2c,0x74,0x45,0xe8,0x70,0x5c,0x30,0x61,0x41,0xcd,0xe1,0x6c,0x0f,},"\xfe\x00\x57\xf0\x62\xfc\x87\x13\x24\xb8\xbd\x5d\x42\x7e\x9a\x52\x76\x23\x1b\xd3\x09\x90\x7e\x58\x81\xd7\xae\x53\xb1\xf3\x70\xc2\xa4\x33\x02\xa1\x65\x10\xb4\x60\x64\xa3\x07\x36\xba\xc9\x09\x51\xf1\xd9\x88\x1a\xf6\x2c\x70\x14\x83\xeb\xb9\x27\x2a\xd7\x72\x12\xee\xb5\xfc\xbc\x7e\xc2\x28\xd9\x69\xf8\x90\x27\x32\x11\x3b\x98\xe3\xbf\x82\xdf\xea\xdd\x0d\xe5\xe7\x65\xd2\x87\x0b\x12\xd1\xf9\xb5\xa2\x82\x97\xc9\xfd\xd1\x49\x5c\xf8\x77\x89\x19\x6a\x7d\x64\x4e\xec\xd9\x35\x87\xdb\xf2\x0c\x28\xeb\x09\xda\x28\x66\x03\xc5\x82\xd2\x12\x9a\x65\x7d\xb2\xd1\x7a\xdd\x35\x58\xdd\xe0\x29\xce\x27\xb8\x83\x52\xde\x3f\x95\xab\xa1\x7e\x1e\xd1\x91\x37\x22\xdb\x08\xa7\x95\xdf\xbb\x70\xd6\x2a\x88\x02\x72\x4c\xb0\xf5\x35\xf8\x48\xd0\x52\xaa\x3d\xde\x91\x66\x96\x3a\x80\x41\xfc\xcc\x4e\x60\xbf\xb1\x1d\xe2\xbf\x28\x6e\xb6\x02\xa4\xaf\x84\x2f\x4d\x1a\x34\x0d\x78\xbb\xbc\xb2\x85\x7f\x0c\x30\x8f\x44\xbb\x10\x1e\x7b\xc8\xb7\x41\xd5\x06\x09\x4e\x27\xbb\xaf\xa7\x24\x28\xef\x66\x6e\xa6\xea\x16\xf7\x99\xb4\xee\x58\x27\x8f\x04\x59\x74\xd8\x6d\xc7\x2c\xf5\x26\x0d\x96\xf9\xc0\x9b\x2f\x11\x81\xe1\xa4\x50\x0f\x92\x83\xdc\x67\x7f\x38\x4f\xf6\x4e\x51\xe8\x9f\x76\x58\x20\x20\x32\x6c\x38\x8c\x08\xa0\xfd\x00\xde\x73\xd5\xd4\x9c\x06\xc0\xc6\x84\x19\x1a\x26\x4f\xff\x72\x6d\x87\x2d\xc3\xae\x49\x6c\x7b\x47\x8c\xfc\x61\xb5\x17\x14\x19\x2f\x76\x46\x3e\x3d\x0a\xab\x41\x0e\xa1\x15\xe8\xbe\xfe\xdb\x99\x7d\xdd\x16\x99\x21\xb3\x20\x7e\xa6\x6c\x1f\x59\x45\x0b\x76\x23\x12\x9f\xd1\xe2\xdd\x3d\xa8\xf5\x20\x63\x91\x17\x13\x38\xea\x0e\xc8\xef\x3c\x59\xed\x8a\xfc\x69\xf3\x86\x5c\x29\xa0\x72\x3a\x9b\xbe\x95\xa7\x42\x68\x1e\xf9\x85\x7e\x81\xab\xc8\x0c\x92\xd2\xa7\x18\xa8\x04\xf5\x30\x4f\xef\x3c\x63\xd7\x99\xa6\xef\x87\x82\xa7\xdb\x46\x68\x1d\x0d\xe3\x50\x64\x46\x98\x22\x67\xb2\x15\x2b\x0c\x32\x18\x69\xe2\x3c\xce\x8c\x4e\xbe\xbe\xaf\x4a\xa1\xeb\xe9\x28\x3b\x69\x26\x05\x26\x0f\xf6\x21\xb0\x3c\x10\x82\x2a\xa5\xf6\xd0\x3b\xde\xf4\x9c\x46\x2a\x68\xd4\x71\xe8\x49\xe1\x64\xe3\x87\x4f\x6e\x9f\x6c\xb3\xb5\xf2\x93\xeb\x38\xae\x52\x45\xa1\x59\xec\x42\x61\xa9\xbf\x6b\x5f\x7b\x76\x15\xfd\x33\x9e\xa1\x27\x33\x11\x3c\xe7\x67\xf8\x83\xae\x66\x75\x41\x7f\xc7\x70\xb5\x0b\xd6\x0e\x6f\x20\xad\xdb\x29\xc1\xf7\x50\x62\x33\xe3\x2a\x7e\xbf\xad\xab\xff\x98\xcf\xd0\x9b\x2b\x3b\xbd\x3e\xae\x00\x69\x54\x8b\x9d\x89\x87\xaf\x46\xca\x98\xeb\x09\x5b\xac\xbd\x87\x47\x24\xba\x10\xf3\x63\x3a\xa0\x8a\xb6\xec\x26\x49\x4d\xdf\x68\x54\x30\x9b\x55\xd4\x3b\xdb\xd2\x9a\x75\x56\xf1\x2d\xfb\x23\xcd\x0d\xb4\xeb\x39\x37\xa6\x5c\x4a\xed\x96\xe8\x7b\x34\x65\x55\xf9\xfc\x68\x97\x94\x3a\x0f\xae\xe6\x5c\xcf\x39\x4b\xd8\x9b\x38\x1b\xee\xce\x25\xd1\xba\x68\xf8\xfe\x32\xc2\x3b\x33\x54\xf5\xbe\x7e\x3e\xa3\xc0\xde\xc0\xf7\xec\x2d\xd8\x3f\x92\xb7\x30\x58\x89\x2b\x63\x8d\x4c\x3b\x72\x42\xbb\x8f\x55\xbf\x08\x7b\xa4\x5a\x19\x0a\x69\x8b\xae\x67\x5e\x0c\xd5\xe8\x44\x6f\x2b\x21\xae\xb6\x3d\x2c\xae\xa0\xf6\x79\xa8\x37\xe7\x93\x57\x30\x8d\x9f\x0b\x8a\xf3\x1f\x9d\x08\x00\x8c\x39\xee\x8d\x34\x75\x28\x71\x3c\x88\x50\x01\x7a\x7f\x4a\xb9\x8a\x35\xc7\x53\x19\x40\xfa\x76\x21\xe6\x72\x03\xee\x78\x2d\xb3\xa2\xfa\xa3\x0f\x3a\xa8\x50\xa5\xff\x7a\xae\xd8\x4c\x00\xff\xd2\x14\xf2\xc9\x26\x17\x35\xfa\xc3\x25\x9d\x50\xe0\x3c\x26\x52\x50\x52\x79\xd9\x12\x51\x92\x7d\xe5\xe5\x6a\x8b\x90\x64\xcc\xf9\xf4\x5d\xcb\xef\x46\xe1\x18\x9c\xed\x2b\xc7\x9e\x6f\xf6\x52\xe6\x90\x97\xac\xe5\x56\x8b\xb2\xd5\xbe\xf3\xce\x21\xa2\x5b\x3f\x79\xee\x27\x5e\xa3\x4e\x62\x13\x80\x56\x6d\x70\x4c\xd9\x3f\x24\xdd\x90\x20\x93\x2c\xc0\x52\x18\xc2\x3b\x5b\x22\xff\xfa\x7e\x99\xee\x7f\xe4\x57\x87\x6a\x5e\x33\x64\xc9\xa8\xe8\xb0\x49\xcf\xa2\x09\x69\x77\x4f\x50\x6d\x19\x96\xcb\xe6\xef\x5a\x37\x79\x3e\xcd\xb0\x4c\xfd\xea\xed\x7d\xcf\x79\xab\x27\x84\x74\xdd\x77\x08\x22\xd4\xb3\x6f\xc6\x8e\x4b\x2d\xd6\x61\xef\x99\xde\x01\xde\x6e\xec\x57\xfa\x57\x3e\xde\x10\xfb\xbd\x5a\xc6\xfd\x6c\xd8\xbb\x4e\xee\x50\x9d\xbb\x46\x10\x37\x44\x01"},
+{{0xf8,0xd2,0x57,0xfd,0xfc,0xf9,0x97,0x96,0xf8,0xce,0x4d,0x8a,0xad,0xe3,0xb2,0x25,0xa5,0x3c,0x26,0xfe,0xec,0xef,0x39,0x5b,0x95,0x61,0xd9,0xd5,0x87,0xf5,0xa3,0x3c,},{0xf6,0x6b,0xd4,0x87,0x7d,0xf7,0x8a,0xec,0x04,0xca,0x7e,0x77,0x73,0x28,0x99,0xde,0x06,0x77,0x7e,0x69,0x86,0x29,0xf2,0x99,0x69,0xf8,0xfa,0x9c,0x2f,0x47,0xab,0x9e,},{0x92,0x35,0xd4,0x48,0x07,0x86,0x98,0x16,0xe2,0x8e,0x42,0xc8,0x1c,0x80,0x1f,0xfb,0x12,0x1d,0xe8,0x26,0xc0,0xd3,0x3d,0xcc,0x4a,0x4e,0x1c,0x93,0x2d,0x52,0x28,0xb6,0x39,0xbb,0x29,0x4e,0x16,0x09,0x0a,0x93,0xd1,0xf6,0x90,0x4a,0x70,0x04,0x22,0x2f,0xda,0x0a,0x55,0x44,0x6d,0x99,0x01,0xc7,0x23,0x40,0x00,0x7b,0xb4,0x5a,0xe1,0x03,},"\x23\x3e\x1e\xf9\x01\xab\xcb\x69\xfb\x48\x60\x85\xd8\xdb\x02\x33\xff\x78\xf3\x7b\x13\x6f\x0a\xfe\x24\xf7\xda\xc1\x94\x4c\x36\x78\xe7\x4f\xed\x58\xa1\xad\x54\x83\x5b\x7d\xbc\xb4\x6f\xff\x6c\x35\x24\x31\x22\x73\x30\x0b\x6d\x87\x8a\x93\xe0\x60\x8a\x4a\xba\xca\x4e\x31\x94\x72\x2b\xb9\xe2\x3d\x17\x19\x4d\x86\x67\xb8\x4f\x2d\xb0\x38\xc2\x4e\xfb\x8f\x53\x40\x9c\xf5\x59\x4f\xdd\xb8\xbc\xd6\x1f\x74\xcf\x07\x26\xb5\x1c\x65\x1c\xe0\x1e\xb6\x6a\x59\xb4\x55\xf7\xd8\xa7\xd6\x0d\x39\x27\xe0\xc6\xc5\x4b\x13\x8e\x01\x92\x53\x71\xd2\xd9\xd9\x62\xaa\x98\x2f\x5e\x60\x85\x28\x0c\xc0\x5f\x35\x69\x93\x91\x1f\xd2\x03\x9d\xfc\x34\x21\x17\x97\x02\x91\x38\x1d\x82\x02\x7d\xb3\x6c\x79\x91\x00\x05\x7d\x93\x52\xb2\xcd\x87\x9d\x9c\x82\xaf\x73\x4b\x7f\xa2\x97\xd2\x11\x49\xc9\x78\xaa\x5e\x12\x5b\x20\x37\x2a\x9b\x2e\x0e\xd3\x57\x33\x7e\xfa\xea\x13\x91\xf3\xb9\xef\x11\xe3\xe5\x13\x5b\xb7\x0b\xdb\xe3\x2a\x9b\xdb\x7c\x3c\x42\xd5\xd5\x7c\xc8\xda\xb6\x81\x16\x28\xa0\x10\x89\x49\x5c\xb8\xa4\xa7\x6a\x48\x29\x6c\xd8\xdf\xaf\xc0\x05\xad\x49\xd7\x0b\xb1\x9f\xac\xa2\x08\x4a\x1b\x6f\x5e\x48\xd2\x3c\x03\xfb\xcf\x6f\x10\x6d\xb7\x70\xf0\x7c\x33\xe8\xe7\xf4\x75\x7d\xa9\x04\xa4\x4d\xd0\xe7\x38\xf3\xd5\x73\x3a\x32\x93\x75\xce\xd7\x4f\x3c\x42\xbf\xcd\xbb\x91\x01\x00\x45\x5d\x6a\xa7\xd2\xe3\xe3\xaa\xa5\x8a\x82\x96\x30\xd3\x76\xb0\xb4\x66\xdc\x85\xaa\xc4\x8f\xe2\x69\x94\x6a\x7b\xc7\x2d\x91\xeb\x37\xde\xd2\xf4\xa7\x7c\x68\x4b\xe0\x10\x93\xfd\x12\xde\x9d\x9d\x83\x19\x9c\xcc\x50\x95\x9a\x48\xd6\xe9\xa4\x14\x27\x56\x60\x92\xf0\x4a\x0f\x95\xca\x52\x37\x2e\x07\x62\xb9\x66\xce\x62\x32\x05\x5a\x4f\xd7\x57\xc6\x1b\x8b\xad\x83\xba\xef\x91\xa3\xc2\x77\x2f\xb3\x2e\xad\x8f\x59\x1a\xc1\xe0\x2b\xbf\x90\xa7\xf6\xc3\x90\x79\xb8\x6f\xb8\x14\xcc\x24\x2e\x98\x0f\x0b\x8b\x1a\x2c\xec\xb8\xe6\xd4\xe8\xa5\x21\x1b\xf8\xba\xbf\x38\xe8\x29\xab\x98\x83\x60\x8b\xd6\xd5\x9e\xa5\xe8\x36\xa9\xb4\xa4\xfb\xed\xed\x1b\xea\x2f\xfe\x97\x7e\x8c\xf3\x61\x5c\xa4\xa5\x0f\xea\x1f\x05\xf1\xfe\x53\xc8\xea\xc5\x00\x32\x3e\x1f\x52\xa8\x06\x83\x15\x39\x95\x79\x88\xd7\x9a\xcc\x7b\x54\xf7\xd0\x2b\x48\x0c\x46\x9f\xd6\x95\x40\xfe\xa4\xbd\xd6\x8c\xbd\xc6\x8c\xf9\xc7\x87\x2f\xd7\x92\x59\x1b\x01\xe9\xd9\x90\x2d\x8a\x61\x4f\x4c\x21\x82\x3f\x23\x50\x8f\xfd\x49\xff\x21\x8b\xea\x92\x2e\xc1\x41\xef\xf6\x0d\xa1\x77\xcc\xad\x7d\x7b\x9d\x44\x4f\x3b\x03\x45\x81\x15\xf1\x16\xcc\x6e\x37\x62\x5c\x39\xcb\xad\xf0\x93\x62\xf3\x1d\x33\xf4\xc1\x3c\x33\xb6\x29\x20\x07\xf2\xca\xfd\x19\x4f\x62\xc6\x43\xe7\xa2\x55\x71\x56\x4f\xeb\xad\x7d\x33\xe3\x64\xb6\x33\xd0\x08\xb0\x90\xd7\xa0\x91\x35\x8b\xc6\x9c\x56\x7b\x95\x22\xb5\xc1\xcd\x01\x21\x8d\x38\x52\x9a\xeb\xb0\x3d\x9c\x2a\x5e\xb2\x28\x5a\x71\x76\xf9\x8c\x28\x03\x6f\x21\xe1\x9e\x92\xb4\x06\xe9\x48\x95\xfa\x28\x1b\x35\x22\x8f\xbf\x76\xe7\x3e\x17\x58\xaf\x1b\x43\x4a\x4d\xf9\x8e\x8c\xc5\x56\xb9\xd8\x3f\x6b\x0b\x7f\xf5\x2c\x68\x0f\x65\xef\xe4\xe0\x0c\x59\xb4\x6c\xe5\x93\xbf\x98\x89\x98\x05\xd0\x2b\x91\x65\xb7\x42\x98\x49\xe7\x39\x53\x77\x0a\xe3\x93\xe4\xf1\xf9\x7c\xb9\x0c\xd6\x15\x9c\xc9\x39\x52\xae\x8a\x4d\x3d\x56\xa9\xa9\x5d\xf7\xcf\xab\xac\xd4\xd0\x30\xd7\x36\xea\x45\x4d\xfa\x4b\x4a\xed\x1b\xcd\x88\x5d\x2f\xbe\xa5\xff\xa2\xcf\x29\x27\xc1\x37\xc8\x6b\xe4\xfe\x01\x64\x12\x62\x8f\xe7\xa0\xa0\xf0\x2b\x6b\x6a\x9a\x21\x68\x93\x2b\x94\x3f\xf8\xb2\x8d\xd5\x87\xe7\x72\x87\x79\x0a\xaa\xa6\x9a\x98\x50\x6c\x76\x4e\x6f\x5b\xa6\x33\x8c\x09\xf3\x82\xe1\xb9\x87\xd9\x9f\x14\xa3\xe1\x95\x8c\xb6\x2a\xe6\x70\x5a\x57\x7f\x9f\xfc\x67\x30\x64\x01\x12\x87\x41\xa8\xd0\xaf\x03\xc0\xaa\xaf\x6a\xf0\x6b\xd8\x8e\xe4\xb0\xaf\x67\x03\xe0\xea\x60\xb0\x40\x9a\xce\x24\x57\x2f\xb3\x86\xe0\x7e\x9c\x22\xc9\x68\x6b\xdc\x66\xd4\xfc\xf3\xc7\x46\x1d\x38\x33\xa4\xc3\x01\x32\x43\x60\x7d\x4d\x15\x82\x17\x18\x73\x26\xdf\x51\x72\x5a\x6b\xc5\x11\x6e\x99\x0b\xef\x8a\x5a\x95\x79\x60\x02\x07\x20\x6b\xfc\x3a\x6d\xcf\x07\x46\xef\x75\x6f\xd9\x39\xe1\x87\xf6\x68\x75\x07\x16\xc0"},
+{{0x8d,0xa9,0xf5,0x4d,0xa0,0xb6,0xa5,0xa3,0x89,0x85,0xb8,0x8b,0x71,0x33,0x9d,0xc7,0x38,0x4c,0xfd,0x5a,0x60,0xbe,0xe1,0x59,0xc3,0x94,0xc2,0x23,0x63,0xbc,0x7e,0xdd,},{0x1a,0xc1,0xa8,0xed,0xeb,0x21,0x7a,0xe9,0xb3,0xa3,0xde,0x53,0x0d,0x24,0xd8,0x3e,0x11,0xfb,0x65,0x38,0xcc,0x70,0x9b,0x52,0x99,0x4f,0xa9,0xc3,0xf1,0xfa,0xdd,0xc8,},{0xf6,0xdc,0xc2,0xd2,0x7b,0xaf,0x16,0xc4,0xf4,0x81,0x7f,0x87,0x49,0x91,0x57,0xd3,0xac,0x1f,0x84,0xed,0x39,0x8a,0x5e,0x8b,0x0d,0x50,0xf4,0x2e,0xdd,0x73,0x85,0xcf,0x06,0x33,0x7a,0x02,0x36,0x10,0x99,0x70,0xb7,0x9c,0xa0,0x9d,0x7c,0x98,0x31,0xc8,0x76,0xa8,0x02,0x79,0x94,0x21,0xc2,0xab,0xd0,0x75,0x87,0xf5,0xeb,0x66,0x16,0x0f,},"\xbd\x53\xba\xba\x66\x57\xd8\xdb\x8b\xec\xae\x6e\xab\xff\xa5\x2b\x01\x5a\x5a\x05\xfd\xd2\xe0\x70\x64\x7d\xe9\x6f\x9c\xa4\xdd\x21\x9f\xe0\xda\x60\x8f\xa0\x44\x7f\x46\xd1\x7c\x9a\x35\x82\x44\xcd\x54\x08\x59\x65\x82\xcc\xd3\xcd\xd0\x15\x1d\x6f\x09\x23\xe6\x3d\x16\x68\x37\x84\x5f\x27\x3f\xca\x7a\xf6\xc8\x9d\x8d\x52\x46\x17\x5c\x21\x67\xfb\xb9\xc2\xeb\xf6\xa7\x59\x54\x91\xf9\x7a\x97\x13\xb0\x2b\xdf\x41\x3e\x20\x9a\xb2\x2d\xb7\xdd\x2b\x37\xfc\x49\x43\x69\x18\xcc\xeb\xe5\x74\x6b\xc6\x4d\xdd\x6d\xce\x19\xec\x45\x58\xc4\x0e\x08\x96\xe2\x19\x09\x28\x0c\xba\x06\xd1\x6b\x72\xf3\x1d\x98\x76\x85\xd0\x71\xdb\x81\x55\xe9\x9e\xbc\xc6\xc8\x21\xd9\x26\x83\xfd\xce\xe0\x86\x68\xa5\xed\x58\xf8\x39\xd9\xed\xaf\xb9\xf1\x45\x9d\x48\xde\x8e\x1b\xb6\xf7\xce\x84\xda\x0b\xe4\x11\xc8\xf7\xbe\x1b\x9a\x24\xbc\x5d\x0f\xe3\xa9\x6b\x02\x35\x07\x50\xa5\xcb\x25\x0b\x49\x55\x5a\x48\x76\x72\xbd\xff\x3c\x3f\x78\x4e\x3f\xb6\x3c\x1c\x97\xba\x6a\xe4\x3a\x10\xe1\x96\xf1\x88\xdc\xc6\x35\xe2\x14\xe2\x9d\xf5\x09\xe5\x60\x8a\x53\x67\xaa\x28\x00\xc1\xa9\x6a\xd9\x36\xa9\xe2\xa5\x79\xb8\x59\x2e\xc1\x3a\x35\x93\x36\xa6\x27\x88\xc3\xec\x55\xc0\xff\xd6\xa7\xd4\x9e\xcb\x7c\x68\x2e\xfa\x30\x81\x99\xf7\x08\xd7\x9d\x0e\x88\x56\x36\x6d\x26\x9f\xab\x24\xeb\x1a\x07\x5c\x96\xc8\x81\xca\xb8\x97\x08\xce\xd2\x79\x23\x0d\x3f\x1f\x3e\xe1\x73\x67\x22\x83\xeb\x8d\x8a\x82\x40\x38\xf6\x48\xac\x43\x72\x75\xd7\x5a\x0e\x15\xf7\x1c\xe5\x6a\x8a\xeb\x77\x1f\x07\xa7\xf3\x2a\xfc\x9d\x61\x2a\x13\xbd\x83\xb7\xf9\x39\x90\xd3\x8f\xc3\xf4\xf4\xab\x8a\xa9\x43\x0c\x65\x73\x6e\xb6\x4b\x16\x80\x6e\x99\x5c\x1c\xe9\xdc\xf4\xc5\x54\x4e\x7b\x3d\x01\x54\x1c\x57\x21\xbb\x4b\xe4\xcf\x0a\xe3\x82\xa0\xc1\xb1\x69\xd8\xe4\x18\xde\xfd\x55\x94\x42\xac\xea\x14\xb0\x0d\x70\x5b\xcf\xa7\x8b\xe0\x75\x6a\x8f\x37\x7c\xbf\x18\x3b\xf2\x59\x06\x87\x41\x15\xd8\xce\x4c\x3b\xa8\x74\x10\x29\x38\xa4\xea\x16\x03\x6d\x91\xa4\x2c\x5f\x8f\x18\x86\x55\xca\xcb\x00\xc8\x8e\x3a\x68\x50\x88\x16\xe5\xe1\xc3\x1d\x27\x18\x0b\xbb\xa9\x51\x8a\x96\x30\x72\x6d\x7d\x04\x7d\xd8\xd2\xc0\x40\x12\x19\xe1\x4e\x6b\xad\xfc\x9b\x95\xb7\x7a\x6a\xce\x9b\xea\x71\xd1\xb4\x7c\x21\x89\x03\xa1\x15\xad\x02\x9e\x7f\x20\x39\xea\x23\xcf\xd1\xfa\x6a\x44\xd0\x89\xfc\xac\xb6\x78\x15\x3d\x67\x4c\x0e\x08\x17\x64\x99\x55\x95\xcb\x68\x94\x89\x5f\x08\xe2\x5b\x98\x4e\x3a\x69\x4c\x92\xfc\x7c\xbe\x0f\xfc\x46\x97\x23\x0b\xcb\x0c\xa4\x08\xc2\xd7\x08\x5c\x11\xba\xde\xb3\xe6\xc0\xe7\x5e\x6c\x49\x8d\xb1\xbe\xc1\xed\x2a\x3e\x24\x45\xc3\x2b\x19\x13\xa8\x95\x00\xf6\x9e\x7f\x23\xf4\x1d\x62\xe5\xc1\x89\xf3\x9a\x05\x6c\xb9\xfc\x68\xa4\x52\x02\x3a\x33\x3f\x75\x22\x0c\xb9\xb9\x44\x84\xac\xac\x6b\xbc\x67\x1f\x59\xff\xa0\x72\xb7\x1a\x18\x96\xa1\xb3\x06\xe9\xdc\x55\x8d\xa0\xec\x20\xf3\x73\xe4\xc3\x55\xe0\xc5\xec\xcb\xbf\x13\x50\xc8\xc0\x79\x14\x89\x2c\x45\x4d\xef\xce\xfb\x71\x7b\xe3\x4d\x08\x7a\xeb\x24\x4a\x86\xff\x49\xa6\xc4\x70\xaf\xb3\x6b\x40\xfe\x8b\x71\xc5\x05\xa4\xff\x7a\xf2\x98\x4c\x65\x28\x49\x38\xec\x0e\x40\x52\x31\x52\x1f\x48\x10\x14\x7d\xc4\xe3\x73\xfd\xab\x66\x47\xb8\x6f\x79\x82\x75\x02\xfd\x08\x7e\x27\xf3\x10\xd6\xb3\x12\x36\x31\x13\x84\x21\x55\xc5\x7a\x32\xba\x03\xb6\xcf\xf9\x65\x53\x0b\xd7\x95\xfc\x29\x2e\x24\x1c\x9b\x6c\xa0\x85\x14\x00\x32\xef\xe7\x46\xf3\x7d\x57\xe9\x58\x42\x11\x84\xb8\xa4\xc1\xa6\xa1\xe3\x7d\x45\xe0\x77\x31\x98\x33\x06\x8d\xdc\xb8\x9d\x38\xc7\x5b\xeb\xa1\xa6\xe8\xe4\x05\x28\x88\xec\x18\x16\x2d\xd6\xff\x0c\x59\xa2\xfd\x0b\x47\xf3\x11\x91\x95\x68\x0f\xfc\xcd\xdf\x5f\x76\xb3\x5f\x02\x2a\xa6\x6b\xd1\xac\x56\xf1\xae\x33\x3e\x9b\x9d\x04\x6f\x0b\x79\xa8\x92\xec\xc4\xf8\xd2\xf3\x1e\x17\x53\x6c\x4c\x62\xa9\xb5\xe0\x63\xdd\x2d\xce\x37\xd3\xd0\xac\xb4\x20\x23\xeb\x2f\x2e\xa3\x29\xd3\x87\x6c\x23\x86\xa0\x22\x76\xff\xf9\xd3\x08\xab\xba\xdb\x72\x74\x30\x1a\x69\x62\xec\xae\xeb\x20\xbe\xf5\xe3\x6a\xff\xfc\x38\x7c\xa8\xe1\x85\xe5\x62\xb8\x65\xb4\x92\x04\xc1\x7b\x2a\x70\x11\x9b\x06\x1c\x29\xc0\xfe\x90\x04"},
+{{0x7a,0x2e,0xfd,0x39,0x01,0x24,0xd3,0xfb,0xef,0xc5,0x4a,0x57,0x71,0x06,0xe7,0x4b,0x2d,0x1f,0x5d,0xd5,0x04,0xc0,0x50,0xd0,0xd3,0x59,0xe5,0x3c,0x0f,0x5c,0x87,0x2b,},{0xef,0xc3,0x03,0xd9,0x22,0xe8,0x8f,0x70,0xf3,0x8c,0x1a,0x2b,0x92,0x06,0x84,0xef,0x66,0x30,0x34,0xa1,0xb2,0x3a,0xb9,0xd6,0x9b,0x6c,0xe8,0xed,0x87,0x06,0xf7,0xf7,},{0xc2,0x8b,0x34,0x80,0x48,0x05,0xd8,0x1f,0x7a,0xef,0x78,0x49,0x70,0x67,0x0e,0xda,0xa4,0x17,0x23,0x2b,0xcc,0x67,0xda,0x9b,0x51,0xe9,0xc3,0xd7,0x4f,0xc4,0x99,0x1b,0xde,0x97,0xa0,0x6b,0xd5,0x3f,0xa0,0x0b,0xb4,0x40,0xfd,0x56,0x16,0xcd,0x0d,0xe6,0xe9,0xb0,0xd1,0x9f,0x2f,0x68,0xbf,0xaf,0x9d,0x4c,0x51,0x72,0xc4,0xe5,0x20,0x0a,},"\x23\x8f\xbe\x9f\xb3\x5c\x72\x5c\x6c\x1f\x32\x92\x48\x09\x4b\xc7\xda\x1b\x27\x3e\xdc\x76\x99\xa7\xe3\x45\x2b\x57\x88\xd8\x78\x67\xde\xfc\x40\xa0\x05\x90\xe8\x75\x80\xd2\xc0\x27\x5d\xf5\xab\xcc\xe0\xe1\xaa\xa1\x82\x90\xbf\x93\xb4\x4e\x5a\xd9\xd7\x60\xdd\x21\xf1\xaa\xca\x38\x31\x78\xf9\xff\xf9\x13\x0f\x73\x18\x7b\xa9\xd3\x1e\xa3\x60\x4a\x1c\xdf\x39\x11\xe1\x43\x77\xa0\xce\x8b\x44\x18\x9a\xda\xa7\xaa\xc2\x3b\x6c\xdc\x7a\x42\x5b\x7e\xa7\x45\x50\x84\x55\x70\x4f\x9a\xd7\xa8\x95\x27\x18\xc3\x98\xb4\x21\xb6\xe0\x9c\xb7\x8c\xb5\x2a\x18\x14\xee\x2e\x96\x39\xec\x68\xd3\x61\xf0\xa3\x20\x41\xd6\xe7\x42\x5b\x4b\xb3\x3c\x70\x19\x6e\x24\x00\xeb\x81\x2d\xb8\x50\x6c\x9f\x32\x45\xbd\x98\x8f\xbc\x89\x1b\xe2\x0c\xb0\x69\x15\x59\xfc\x91\x6b\x57\xff\x96\xc9\xb1\x44\x89\xe0\x99\x3c\xb7\x39\xa3\x9d\xa2\x46\xd0\x1a\x6e\xbd\x07\x58\x35\x81\xf2\x50\xbf\x48\x0b\xc4\x4b\x2c\x33\x91\x54\x2d\x59\x5e\x4d\x39\x94\x90\x19\x5f\x84\x45\xdf\x63\x8f\x34\x69\x8f\x1a\x96\xed\x27\xb3\x53\x3e\x3e\xb6\x7e\x8f\x86\x58\x65\xfa\x95\x55\xed\x34\xdf\x11\x15\x76\x41\xa0\x0e\x6d\x60\xcf\x62\x3f\xec\x1a\x92\xb8\x7a\x15\xd7\x65\x18\x5f\xd9\x05\x5a\xcb\x38\xd7\x5c\x99\xdb\x4f\xce\x7b\x0e\x39\xfd\xc3\xf8\x51\xda\xf6\x5c\x7a\x33\xf4\x64\x81\x69\x31\x83\x9f\xef\xe8\xe5\x8d\x9a\xb7\x42\xb8\x61\x87\x3f\xd2\x29\x18\x9e\x59\xcd\x4c\xe8\x23\x9f\xc9\x54\x3f\x53\x9d\x2d\x29\x61\x14\x26\x6e\xa8\xc6\xfd\x15\x2a\xc6\xb3\x42\xe5\xd1\xa5\x57\xab\x35\xca\xc5\x1e\x2d\x12\x12\xee\x31\x7c\x4d\x26\x71\x68\x29\xe2\x57\x46\xdf\x17\xd2\xa6\x22\xc2\x43\xf3\xec\xbb\x65\xf5\x7a\xb0\xf4\x27\x0e\x3d\x06\x68\xa9\x62\x50\x22\x45\xb9\x4c\x06\xdf\x0c\x5e\x39\xe3\x53\xaa\x84\x2e\xa0\x80\xcf\x50\x27\x08\xb1\xdd\xa2\xd0\x01\x82\x4d\xe4\x58\xd3\x77\x62\xaf\x2c\xdf\xd5\xa6\xd3\xf3\x5e\x08\xa1\x8e\x14\xaa\x7a\x64\x2c\x51\xe4\x04\x7e\x63\x75\x17\x84\x6d\xf6\x46\xd0\x73\x36\xfb\x17\x24\x34\xe0\x88\x3e\x2b\x77\xd8\xed\x1c\x52\xc9\xcc\x63\x6a\x56\xa1\x9e\x57\xa5\xf1\x61\xb9\x2d\x1d\xcb\xfa\x49\x6f\x34\x4a\xe6\xd4\xdf\xdc\x95\x69\xad\xe4\x57\xa4\x90\x91\x36\x2e\x5a\x0c\xdd\x81\xb3\x75\x32\x43\xfd\xac\x30\xa2\xd2\x7e\xa0\x26\xa5\xe6\x01\x44\x1e\xcd\x55\x37\xa7\x20\x1b\xdc\xb7\xfd\x58\xb2\x40\xd0\x22\x9f\xdd\x9b\xab\xf1\x12\xb5\x69\x48\x12\x25\x0e\x76\x8d\x7c\x0c\xe6\xca\x56\x5a\xd0\x6a\xb8\xf7\x8a\x5c\x99\x50\xee\xf5\x38\x72\x6f\x57\x6c\x4b\xd2\xe0\x75\x5c\x7f\x98\x39\x29\x37\x2a\x5f\xe1\x1c\x73\xf9\xe1\xfa\x45\x3a\xb5\x4b\x58\x17\xaa\xd3\x59\x67\x56\x12\x7d\x84\xe3\x11\x94\x53\xe8\x82\x5b\xb8\x46\x0d\x85\x1f\x1f\x7e\x4a\x28\x38\xa2\xbe\x78\x6b\x23\x35\x04\xa6\x91\xdb\x0f\xa2\x2a\x5f\x41\xfe\x3f\xd3\xc9\xb5\x38\xb0\x4f\x40\x9e\x09\x18\x09\x48\x6b\x28\xad\x0d\xed\xa7\xb3\x8a\x42\xce\xfc\x48\xde\x7d\x86\x79\xc0\x3b\xf8\x77\x23\x85\x11\x82\x0d\x07\x70\xcc\x8d\x7b\x41\x72\x37\x78\x23\xa0\xb9\x91\x49\xab\xb8\x91\x8b\xfb\x66\xd5\xab\xfc\xd1\x00\x60\xb0\x5c\xb4\xf2\x39\xdd\x42\x81\xd9\x34\x83\x50\x4b\x73\x1e\xaf\x5a\xdd\x51\x5f\x1f\x3c\x3b\x52\xb4\xe3\xbd\xaf\x97\x6a\x17\xb3\xc9\xec\x61\xbf\xc8\xe7\x71\x16\x71\x58\x04\x53\x2c\xf2\xdb\xf2\x0b\x7b\xa5\xea\xd8\x5a\xfb\x95\x2b\xee\xc2\xfc\xcf\xf8\x5f\xf5\x07\x2b\xa4\xed\x6b\x54\x38\xab\x15\x20\xc6\xef\x4b\x0b\x26\xf1\x2e\x84\xae\xdd\x65\xce\x5c\x7b\xbe\x6a\xcb\x67\x72\xf5\x93\xa6\xb4\xf8\x1d\xdd\x9d\x50\x27\x46\x50\x50\x47\xc8\x12\xa0\x06\x7a\xfc\xeb\x8d\xc9\xbf\xf3\x0d\x40\x87\xf8\xd5\xa3\x75\xec\xa6\x05\xa0\x62\x27\x84\xd8\xfe\xa2\x78\xcd\x1a\x52\x41\xad\x4b\x3f\x1b\x91\x4f\x74\xf7\x3b\xc3\x6e\xe7\xcc\x82\xd9\x6e\xfd\xa6\x3a\x3b\x67\x99\x73\x0f\x20\x65\x6c\x12\x35\x6c\x79\x06\x9b\x2b\xe6\xf9\xb7\x7b\xe1\x01\x98\x31\x18\x82\x3e\xa6\x6e\x7c\x20\x98\xfb\xc7\x2f\xc9\xc0\x39\xdf\xe3\x0f\x2d\xab\xa1\x3c\x3b\xde\xfb\x8a\x78\x0b\xeb\x5c\xb1\xb6\xc2\x86\xa6\xb3\xef\x48\xfd\x15\xc6\x6c\x04\x5b\xa2\x9f\x09\x70\x41\x3b\x98\x8d\x0e\xa0\x04\xab\x84\xc9\x39\x19\xf0\x4f\x9b\xf8\xca\xf5\x8c\x4e\xb4\x78\xf3\x58\xef\x8b\x68"},
+{{0xef,0x36,0x48,0xcb,0xe7,0x34,0x02,0xab,0x45,0x0c,0xd6,0xec,0x37,0xe5,0x45,0xd0,0xcd,0x2c,0x99,0x9e,0xcc,0x1f,0xa3,0x81,0xa4,0x5c,0x66,0x0e,0x18,0x53,0x30,0x32,},{0x52,0xa1,0xa4,0x52,0x73,0x87,0x26,0x76,0x58,0x2c,0xc7,0x67,0x33,0x99,0x26,0x41,0x4c,0xd5,0xd0,0x3d,0x98,0x0c,0xf6,0x29,0xdd,0xa2,0xd1,0xa2,0x05,0xe9,0x83,0x0a,},{0xf6,0x70,0x79,0x29,0x42,0xec,0x41,0x44,0x28,0x47,0x56,0x38,0x85,0x3c,0x42,0x72,0x8e,0x86,0xba,0x12,0xbb,0xe8,0x59,0x48,0xb3,0x91,0x34,0xcf,0x6e,0x2b,0xd1,0x28,0x13,0xe0,0xd8,0x3e,0x51,0xe6,0x57,0xc9,0x01,0x07,0xad,0x93,0xa4,0x78,0x8a,0xa3,0x83,0x13,0xfa,0x96,0x2f,0x67,0x67,0xa8,0xf7,0x80,0x5b,0xde,0x65,0xca,0x42,0x0d,},"\x6a\x93\x37\x8f\x88\x0c\xf0\xff\xdb\x8e\x07\xd6\x83\xcc\x35\x2e\x2a\x10\x33\xc4\x50\xba\xa0\xe8\xc4\xe1\x62\x05\xfd\x0c\x02\x74\x3b\x0e\xa0\x64\x97\x1d\x91\x1e\x49\x47\x13\xe6\xd9\x4a\x02\x17\x2e\xd0\x14\xd5\x06\x59\x2e\xc6\xc7\x0a\x9c\x97\x85\x52\x46\xbf\x3d\x26\xf3\xcf\x74\xf4\x93\xc1\xb6\x97\xa0\xc4\x14\x16\x0c\x34\x14\x12\x83\x09\x85\x43\x08\x06\xa0\xcb\x3c\x84\x75\xe7\xe5\xa9\x73\x68\x6c\x24\xd5\xef\x1b\xe7\xd0\x06\x50\x96\xfe\xb5\x2e\xab\x26\x0b\x5c\x48\x8a\xf0\x92\x70\xde\x6d\xec\xd3\x3f\xea\x85\x89\xdd\x10\x21\xba\xf4\x1e\x3f\x25\x5f\xb8\xfa\x19\x16\xeb\xd8\x53\x1e\xeb\x2f\x88\x6b\xb3\xb3\xb0\x4f\x9a\xf6\xb2\x76\xc3\x59\x23\xf1\x0d\x3a\x0a\xf1\xe3\xf5\x8b\x0d\x15\xae\xd1\x65\x04\x5f\x20\x6f\x3f\x43\x0a\xbd\xff\x09\x44\x90\x97\xe4\xb2\x6d\x00\xa8\xf9\xf1\xe8\xf7\xa1\x9f\x38\x58\x81\x24\xc3\x28\xec\x43\xa9\xcf\xb4\x3d\x3b\x2c\x6b\xdf\x6a\x3c\x1a\x10\x2e\x0e\x33\x3d\xe1\xac\x21\x4a\x6d\xf7\x6d\xab\x44\xba\x76\xbf\x03\x52\x73\xb7\xff\x62\x38\xec\x82\x48\x3b\x2d\x2d\x9d\x54\x29\x1a\x72\x27\x0f\x88\x93\x3b\x78\x6c\xac\x05\x1d\x99\x0b\x3c\xf7\x40\x84\x5f\xed\x3a\x67\x86\x7d\x7c\x7c\x05\x67\x4e\x7c\xb0\x2c\xa5\xb7\xac\xdf\xba\x38\x52\x80\x3a\x3d\x56\xc4\xd5\xc1\x3b\xb1\xd7\x72\x34\x67\x74\x1e\xac\x1f\x2a\x7a\xcd\x3a\x95\xf3\xa5\x16\x10\xa4\x86\xfc\x53\xa9\x85\x16\x28\xc5\x57\xd3\x6d\x8a\x4c\xd3\x7a\xae\x9c\x41\x74\xdb\xbd\xb6\xbd\x88\x5c\xf4\x0b\x38\x2b\x8d\xed\x24\xa4\x52\x2a\x27\x8f\xef\x76\xc4\x53\x19\x06\x7e\x55\x28\x6e\x7b\x08\xc6\x03\x48\x6e\x38\xa0\xac\xf4\x7e\xde\xf8\x48\xec\xbe\x94\x2e\xce\xad\xb8\x63\x6c\x83\x3f\xeb\x88\x2a\x51\xa4\x59\x5e\x24\xf6\x07\xca\x3c\x9d\xa1\xb2\x40\x4c\xe5\xc7\x47\xe0\x62\x64\x17\x4d\x64\x50\x43\x31\x70\x9b\xef\x30\x05\x5a\x5d\x69\x5e\x09\x53\x7c\x8f\x8c\x1e\x5a\x3a\x5d\xb0\x65\x99\xe3\x19\xdf\xdb\x28\x72\x96\x65\x27\x3b\xf8\x68\x95\x5e\xa5\x64\x27\xf0\x8b\xac\xd7\x77\xf1\x79\xb3\x02\xf3\xf6\x8d\x04\xf3\xf3\x88\x3d\x34\x49\x55\xb6\x55\xdd\xc6\xd5\x28\x2b\x6d\x4d\xf1\xd8\x36\x30\x21\x0e\x69\x91\x78\xe1\x1f\x72\x2e\x9e\x5c\xda\x67\x28\x92\xae\x9b\x23\xe8\x16\x9c\xbb\x54\x80\x93\xb8\x3e\x64\x3e\xb4\x99\xd9\x37\xd2\x8f\x38\x11\x59\x7b\x64\x84\x10\x2f\x0c\x8e\xb8\xc8\x88\x8c\xda\xc2\x29\xae\xbf\x89\x08\x6a\x64\x95\xac\x55\x1f\x3b\xbd\xf2\xd1\xc9\xa9\x3e\xd1\xd3\xa8\x61\xee\xcd\x9e\xb8\x39\x94\x9b\xfb\xe6\xa4\xf6\xe6\x48\x6e\xde\xda\xb5\x22\x9d\x53\x2b\x58\x97\x6d\x67\x51\x2f\x9f\x71\xae\x79\xb4\x14\x5c\xa2\xfa\x49\x7a\x16\x5f\x11\x07\x17\x66\x6c\xa3\x34\x0b\xbd\xa8\xdf\x1f\x82\xb8\xc0\x54\xcf\x76\x54\xc3\x56\x90\x16\x8f\x96\x27\x7d\x41\xc1\xc2\x36\xb6\x81\x98\x17\x3c\x6e\x2b\x0a\x20\x8e\xf8\x3c\x02\xa4\x3e\x47\x3d\x90\x68\x6a\xce\x75\xb5\xbd\x32\x1b\x3f\x54\x28\x13\x27\xa6\x73\xca\xd4\xd4\xad\x30\x40\xd4\x8c\xf4\x93\xea\x23\x1b\x3f\xec\x06\xf3\x99\x32\xd7\xf7\x0a\x38\x42\x8d\xf8\xfe\xe4\x37\x05\x32\xae\x5f\xb1\x12\x05\x9f\x0a\x1d\x4f\xbe\x11\xb5\xa2\x3b\xb8\x76\x35\x42\x9e\xd3\x3a\xd1\xf6\x14\x80\x14\xcb\xc1\x60\xd9\x3c\xa2\x59\x20\x53\xa6\xe9\x53\x78\xd6\xcd\x3f\x50\xdb\x52\xbe\x92\x8e\x40\x92\xfe\x5d\x2b\x70\x95\xa9\x56\x68\x64\xad\xfd\xa5\x9f\xd5\xf2\xfb\x62\x54\xbd\x59\x17\xb7\x0f\xa1\x46\x99\x66\x5a\x37\x29\x7c\x98\x3c\x1b\xb9\xef\xe1\xc6\x7b\x41\x3d\xd1\xa8\x53\x0c\xbf\x22\x72\x97\xa8\xbb\xf9\x3a\x8a\x02\x45\x4e\x8e\x46\x1a\xc2\x12\xb8\x46\xa7\x0d\x5d\x56\xd6\xc3\xa6\xe6\x5a\x03\xbe\x05\x80\x21\x9b\xdd\xec\x88\xd4\x03\x89\x11\xfd\x95\x74\x56\x3f\x33\xe0\xf9\xe6\x04\x46\x88\xd3\xdd\x48\xfa\xc7\x03\x86\x9a\xa0\x9d\x96\xef\xee\x7d\x6c\x68\x07\x1d\x99\x22\xd5\xe8\xed\x8d\xc4\x0f\x1b\x79\x8f\x1c\x58\x0f\x78\x59\xcb\x84\xf1\xe1\x4b\x5e\x74\xdd\xea\x16\xad\x5c\xbe\xea\x4c\x48\xfb\xcf\xfd\x29\x53\x1a\xcc\xc0\x63\x39\x38\xe3\xbc\xb2\x21\x26\x76\xb6\x1e\xf9\x01\xe9\xc8\x31\xa4\x17\x74\xd8\x31\x7e\xf3\x5a\xf7\x69\x90\xbd\x24\x93\x1f\xde\x6d\x40\x7e\x22\xe7\x63\xcf\x6a\x57\x90\xb2\x37\x61\x90\x8e\xee\x60\x96\x37\xa2\xc1\x10\x59"},
+{{0x2c,0x8e,0xe7,0xfa,0x9b,0xa2,0x8c,0xe7,0x04,0x96,0x76,0x08,0x7b,0x11,0x63,0xb2,0x41,0x11,0x8d,0x34,0xcd,0xf5,0x34,0xae,0xbe,0x8b,0xa5,0x92,0x82,0xa6,0x2a,0xc2,},{0x24,0x4c,0x24,0xf5,0xec,0xb2,0xdd,0x1d,0x14,0x63,0x51,0x22,0x21,0x32,0x5d,0x73,0xc8,0x1e,0xe4,0xd8,0xad,0xb8,0xe0,0x1e,0x23,0x34,0x5c,0xaf,0x9c,0xa5,0x35,0x3b,},{0xca,0x0b,0xb6,0xc1,0x23,0x56,0x55,0x5f,0x6e,0x1d,0x8f,0x5c,0x8a,0xa7,0xb5,0xe8,0x0c,0xd2,0x80,0xe8,0xb1,0xb9,0xba,0x2e,0xc9,0x55,0x0f,0x62,0x2f,0x48,0x2c,0x3a,0x9a,0xd3,0xbe,0x03,0xa4,0xc9,0xdf,0xc1,0x0d,0x01,0x12,0xb0,0x18,0x9d,0xe9,0x4b,0xff,0xaf,0xd7,0x03,0x41,0x14,0xe0,0xe0,0xd4,0x2c,0x23,0xf3,0x2d,0xc8,0x18,0x07,},"\x07\x66\x9a\x89\x64\xf0\x63\x80\xd2\xd4\x98\x2c\xb6\x34\x9d\xe5\x50\xb3\x8c\xbc\x35\xdb\x2c\xe5\x72\xde\x88\x7f\x66\x30\x55\x73\x6f\xaa\xc7\xec\x07\xc3\x2d\xf6\x0e\xe2\x59\x84\x22\xbf\x37\xe7\xcf\x31\x9a\xb3\xc9\x05\x56\x08\xca\x0c\x49\x75\x7d\x76\x88\xe2\x01\x3b\x82\x44\xf3\x54\x04\xf4\x5a\xc2\x19\x49\x7f\xe9\x24\xde\x93\xa5\x8d\x0f\x72\x1a\xed\x78\x25\xf6\x3b\x26\x67\x07\x7c\x16\x1e\xb4\xdd\x8b\xf7\xdd\xbd\xbb\xc1\x9a\x9e\xae\x59\x78\x97\x8d\x5a\xeb\x33\xa0\x6d\xde\x18\xe6\x12\xe0\x5b\xdb\xca\xe0\x16\x1a\xa2\x38\x90\x38\x02\x64\x29\x96\x0d\xda\x3a\xa1\x7e\x96\x7d\x10\x77\x3c\xa4\x97\x35\xd8\xec\xd7\x40\x9b\xe1\x65\xc0\x9b\xb0\xb5\x09\x69\x1d\x59\x1c\x18\x5c\x93\xcd\xee\xae\x95\x35\x23\x16\x54\x46\x80\x52\x38\x21\x45\x8c\xac\xcf\x52\x8a\xc0\x45\x4e\x4c\xdd\xc6\xdf\x0d\x1e\xa5\xf1\xf5\xcc\x1e\xee\xe0\x5e\x19\xa2\xad\x0b\x6a\x49\x73\x6e\xd8\x55\x23\x36\xfc\xfc\xad\xbd\x93\x1b\x0b\x8e\x96\x3b\xe0\x5c\x8e\x70\x37\x38\x85\x52\x51\x2b\x68\x23\x58\x3e\x4a\x14\x38\x4c\xef\x50\x29\x23\x2d\x3e\x0b\xaf\xe4\x66\x35\x1b\x4b\xb3\xf5\x67\x54\x5a\xb4\x1f\xa4\x6b\xff\xaf\xa8\x77\xa1\x2b\x38\xa2\x7a\xbd\x64\xf7\x7f\xbb\x4d\xb4\x66\xff\x7f\x70\x65\x04\x14\x1d\x3a\xdd\x0d\x73\x72\xf1\x6f\xe3\xd8\xc6\x9f\x62\x99\xd9\x39\x66\xd6\x24\xa3\x07\x0e\xad\xb8\xb4\x9f\x29\xfa\xb4\x84\x4c\x75\x28\xa2\xa4\x0b\x66\x98\x70\x60\x69\x5c\xaa\x66\xb8\x67\x18\xc5\x10\x49\xac\xf4\xcf\xad\x38\x53\xed\xb4\x92\xe3\x68\xcb\xd0\x73\x96\x8e\xca\xa4\xa1\xee\x60\x46\xb5\xe8\x26\xe9\x01\xf4\xa8\x08\xc0\x42\x7c\x02\x6f\xe2\xf7\xb2\xe1\x96\x86\x67\xb5\x3a\x7d\x36\xd7\x02\xf2\xff\x82\xc6\x42\xd3\x49\x19\xf8\xe9\xaa\xaf\xe4\x62\xa3\xd4\xf9\x26\x92\xde\xac\x75\x2b\xe3\x48\xf5\x4c\xf0\x89\xdd\x9c\xd0\x51\x84\x6b\x04\xb7\x19\x31\xe1\x9e\x89\xd1\x25\x86\x4b\xfa\x89\x48\xac\xe0\xef\xf3\x3c\x45\x11\x05\x69\xa0\xdf\x37\x53\xf4\xc5\x8d\x80\x02\xb5\xbc\x38\x10\x2e\xc2\xec\xf6\x95\xfa\xfa\x89\x16\xda\x90\x02\x38\x7e\x44\xf9\x6d\xab\xf8\xa9\x82\xc5\x3c\x9b\xad\xbc\x37\xbd\xe4\x37\xf1\x46\xf7\x7d\x8f\x7b\xaf\x12\x87\x31\x96\xb0\xc3\x61\x93\xaf\x55\xf5\x42\xd9\x96\x8a\xed\x80\x69\xab\x9f\xbc\xd6\x81\x4e\xc4\x72\x79\x9a\xd0\x9c\x73\x0d\x41\xed\xde\xca\x3b\x62\x69\xd3\x1a\xb5\x23\xb5\x95\x47\x07\x73\x76\x34\x5b\x05\xf2\xae\x69\xb4\xee\x72\x8c\x86\x3d\x1b\xc0\x4e\x9b\x7d\x3d\x0f\xcc\xeb\x35\x9c\xbd\x08\x58\x59\x7a\xf2\xd6\x06\x3e\x25\x3f\xae\x2c\x3f\x25\x03\x4c\x33\xed\x59\xed\xd2\x78\x28\x68\x29\x86\x81\xca\xf5\x64\xdb\x8d\x19\x36\x6f\x34\xea\xe8\x5b\xa7\x3c\x1e\x23\x89\xb0\xdd\x78\xa9\xd2\xca\xa0\xf2\x3c\x9a\xd5\xf6\xcd\x9f\x2c\x4a\xd5\xd5\x89\x46\xad\xb7\x18\xcb\x83\xda\x58\xe2\xfc\xbb\x60\x25\xbe\xf4\x66\x0a\x83\xe0\xaf\x55\xe2\x03\x08\x02\x93\x2f\x2a\x89\x6a\x09\x60\x79\xb7\x54\xc9\x9f\x7b\x64\x23\xb4\x5a\x86\x47\x2e\x67\x23\xef\x88\x96\xc4\x32\x4c\x73\xd3\x4a\xd5\x8a\x4c\x01\xb3\x8a\x97\xc7\x3b\xe5\xaa\x7f\x74\xa2\xfa\x4d\x07\x95\xaf\x6d\xbf\xcd\x6d\x4e\xb4\x42\xa7\xe2\x04\xdb\x4e\xcb\x1f\x8a\x22\x6b\xdf\xa2\x1b\x6e\xb1\x71\xc9\xe5\x9f\x1a\x19\x2e\x23\xa7\x6c\x35\x2b\x04\xd8\xa8\x02\x33\x98\x5b\x77\xa2\x9c\x02\x01\x19\xce\x65\x1c\x7f\x41\x83\xd0\xe9\xc1\x9f\xe1\x8a\xa1\x02\x0c\x25\xe4\x58\x9d\xee\x34\xb9\x01\xbd\xaf\x9f\xf9\x45\x0c\x91\xaf\x3c\x1d\xb6\x70\xb4\x77\xe0\xac\x21\x07\x69\x6c\x9e\xc0\xd3\x1d\x82\x64\x7b\x68\xea\x19\x49\x9f\xe3\x4a\x8e\x2e\x7b\x37\x8d\xc7\xe7\x54\x24\xe8\xc4\x56\x45\xb0\xc2\x81\x8e\x9f\x88\x5a\x1c\x58\x41\x5b\xba\x1c\x3f\x2a\x77\x54\x9b\xdc\x46\x80\xdb\xcd\x16\x50\xc7\x5d\x0f\x45\x2a\x6b\x20\x85\x91\xdf\x0f\xa6\xe1\x81\xda\x2a\xbf\xab\x44\x46\x21\xd5\xf7\x7c\x2c\xd7\x95\x56\x46\x72\x46\x44\x7a\x89\xf0\xaa\xac\xad\x66\x0c\x9a\x92\x5e\xba\xfb\xad\x43\xc4\x78\xa3\xc8\x50\xa2\x7e\x01\x01\x9d\x88\xa5\xb1\xdc\x81\xb5\xd2\xe9\xf7\x40\xa0\x28\xcc\xb7\x2c\x1a\xcf\x89\x7e\xa5\xad\x89\xe0\xf9\x44\x88\x88\xd5\xb1\x5c\xe6\xe4\x29\x77\xf7\xa7\x29\x15\x5a\x28\x4d\x11\x87\x58\xac\x65\xf3\xfb\xb9\x8d\xeb\x65"},
+{{0xdd,0xd8,0xe9,0xff,0x85,0x56,0x79,0x89,0x6a,0x13,0x97,0xb4,0x27,0xdb,0x85,0x43,0xab,0xe8,0xbb,0x5d,0xd1,0x22,0xe3,0xe3,0x02,0xcc,0xfc,0xe5,0xfd,0xc6,0x3e,0x12,},{0x5a,0x9a,0x31,0x2e,0x89,0x2a,0x10,0xb9,0x8d,0x0d,0xcd,0xd2,0x8d,0xb3,0x48,0x1c,0x3c,0x28,0xad,0xd5,0xad,0x0b,0x19,0x46,0x16,0xda,0x4a,0x3d,0xf7,0x66,0x01,0x09,},{0xdf,0x84,0x9b,0x7b,0xd2,0x97,0x45,0xf8,0xbe,0xcd,0xdd,0xf6,0xc9,0xba,0xf0,0x94,0xd7,0xa9,0x8c,0xc9,0x33,0x8c,0x34,0x4e,0xca,0x17,0xfd,0xe0,0x75,0xfd,0xa8,0xd1,0x54,0x32,0x99,0xf6,0x25,0x98,0x23,0x17,0xdb,0x7b,0x3c,0x77,0x3b,0x64,0xf7,0xd1,0xf2,0x86,0x92,0xac,0x45,0x3b,0x81,0xd7,0xec,0x7b,0x7e,0xc3,0x41,0x7a,0xce,0x04,},"\x5e\x8f\xee\xc5\x09\x35\x0d\x2e\xe7\x95\x5b\x6f\x3e\x27\x82\x78\xa4\xcb\x48\xae\x72\xb4\x65\x89\xe4\x78\xbe\x59\x74\x7d\xf5\x39\x4a\x16\x9f\x19\xe1\x0d\xb5\x32\x02\xa6\xa5\x23\x20\xb6\x3a\x9a\x2b\x72\x3f\xd3\x1a\xa2\xdb\x6d\x58\xc5\x73\x32\xda\x31\x78\xbc\xf9\x66\xc5\x3a\xbd\xa3\x5f\x12\xda\xef\x9e\xdc\xf3\x99\xe4\xa8\xc5\xf8\x3d\x36\xf4\x4a\x17\xd7\x98\x46\xbf\xc9\x6c\xe6\x90\x19\x4c\x21\x9a\x29\x89\x2f\x03\x67\xa7\xab\x38\x44\x83\x78\x79\xe3\x81\x8d\xb8\xd7\x0c\x4e\x3f\xba\x4d\x28\x07\x34\x64\xdf\x20\x85\x95\x10\x38\xfe\xa4\x32\x81\xb6\xb6\x06\xdc\x88\x46\xb3\x0b\x07\x63\xf2\xca\x82\xbd\x50\x21\xf9\x11\x70\x35\xa7\x7b\xcd\x10\x75\x47\x7c\x5f\x43\x21\x43\x34\xd4\xd4\xce\xdd\x18\xf7\x38\xd6\x76\xc7\xb5\x1a\x18\x5f\xfa\x8d\x04\x10\x11\x86\xa4\x95\x2b\xbd\x87\x22\xf5\x39\x90\xb6\x06\x37\x04\x1e\x11\x4a\xeb\x8c\xe7\x11\x11\x31\xd4\xdb\x3f\xb4\xd3\x5d\x99\x5a\xd8\xd6\x65\x0c\x0c\x4c\xcd\xce\x9d\xcc\x39\xdb\x18\x8a\x68\x78\x55\x62\x74\x06\x26\xb3\xae\x3e\x02\x3f\x40\x77\x2d\xed\x87\x6a\x45\xcb\xef\x74\xa0\x58\xfd\x78\xc1\xa1\xff\x2c\x24\x51\xe1\x11\xac\x1b\x4b\x7e\xe4\xc8\x1c\xd7\x63\x10\xd4\xd2\x98\xfb\x3c\x49\xf5\xe6\x40\x19\x08\xa6\x30\xfa\x85\xdb\x74\x71\x80\x4f\xe9\x90\x84\x7f\x0f\x75\x94\x72\xf5\x93\xdc\xf0\x2e\x11\x3e\x15\xe5\x64\xd3\x0d\x59\x84\x69\x2d\xa5\x5b\x0b\x7f\x22\x19\xc4\xac\x16\x26\x51\x1a\xcf\x19\x4d\xc7\x02\x6e\xb9\xd3\x67\xa4\xa2\xf1\xdf\xb5\x15\xcb\x2c\x08\xda\x4f\xe5\x95\xc8\x58\x11\x12\x0c\xba\x2a\xe7\xb6\x6e\x67\xc9\x1f\xb8\xfb\xcb\x9d\x99\xf1\x3e\x50\xfd\x67\x46\x4d\x90\xc8\xdc\xf6\x93\x55\x23\xcf\x6d\x13\xfd\xd1\x06\x35\xb9\x23\x2b\x7a\x61\xdc\xec\x9a\x2b\x92\x10\x61\x41\x0d\xf1\xde\x6a\x45\x16\x7f\xb9\xf6\xf1\x09\xdc\xc0\x88\x91\xf2\x03\xb2\x74\xa3\xb6\x82\x71\xb3\xf3\x5e\x74\xf9\x4b\xdc\xed\x0c\x5f\xf8\x63\x71\x73\xa1\x76\xe7\xda\xcc\x81\xf2\xcd\xc4\xfb\x0d\x52\xd1\xdf\xa7\xf2\x7b\x55\x2f\xd8\xd8\x7a\x1c\x55\xd6\x94\x7f\xd9\x2e\xd3\x25\x3f\x95\x94\xdb\x7d\xf1\x7a\x7f\xc6\xa7\x5e\xcf\x4f\xaa\x4d\x1e\x21\xb6\x76\xb3\x72\x7d\x77\xfb\xd4\x3f\xa7\xbe\x76\xbf\xb5\x8f\xc3\x09\xe5\x67\x5f\x0a\x85\x9c\xc4\x7f\x37\xb1\xbf\x45\x59\x32\xd8\x24\xe8\x63\x78\xde\x7a\x7e\x8c\x40\xce\xd2\x20\x90\x04\x4d\xbb\xf9\x1c\x70\xe5\x28\xea\xcd\xef\x37\x85\xba\x3c\x69\xa3\x73\x5a\xf6\x70\x9c\xd7\x6a\xab\x28\xa6\xac\xa6\xe8\x44\x97\x4b\x10\xb3\xfb\x7b\x09\x86\x00\x7a\x72\x7c\x2c\x8f\xc9\x5b\x25\xf3\x1f\x14\x6b\x36\xac\xd4\xc5\x37\x07\x49\x20\xaf\xf2\x47\xde\x0f\x17\x9c\x13\xca\x57\x79\x0a\x6a\x71\xd6\x2e\x23\x32\x1c\xcc\x75\xb7\xf3\xb0\xaf\xa0\xd0\x35\x27\xc9\x11\x4a\x7d\x4e\x30\xc1\xac\xe6\xd7\x71\x20\x13\xde\xe6\x66\x99\xaf\x9c\x56\x1c\x44\xae\x61\x98\xed\x39\x10\x4e\x60\x61\xae\x2c\x45\xa9\xa3\xc7\x4b\x5d\x0f\xbc\x4a\x33\xe8\xdf\xe2\xa8\xac\xc9\x51\x1e\xf7\xe6\x56\x71\x33\xf9\xfe\x35\x54\x28\x4a\x75\xa0\x59\xa6\x49\xdd\x24\xec\x04\xa5\x77\x30\xc6\xd2\xe9\xbf\x11\x4e\xa5\x8a\x89\x94\xab\xdb\x0c\x19\x43\x24\x15\x72\xc7\x9e\xad\x04\x3a\xd1\xc8\xca\xaf\x5c\x9d\xa5\x3d\xd0\x55\x22\xfe\xbc\x40\x33\x54\xd6\x2f\xe3\xff\x93\x88\x2d\xf7\x5f\xb2\x94\x58\xd2\x2e\x69\x96\xc3\x5b\x69\xfa\xae\xf2\xe0\xc4\x16\x38\x86\xcb\x3c\x3d\x0f\x60\xe1\x50\xd3\x63\xd6\xdb\x59\xfe\xfc\x62\x6b\x1b\xbb\x1e\x05\x2a\x62\x41\x4c\x4b\x78\x56\xd7\x20\x93\x43\x2b\x08\xf8\x21\xbc\x78\x4a\x5a\x6b\x0b\xc2\x64\x9c\x2d\xaa\x50\x86\x58\x98\x0d\x80\x22\x91\xe7\x34\xab\xaf\xf0\x6a\xfb\xf2\x79\x5e\x4e\x35\x4d\x52\x21\xdc\x4f\x52\xcc\x96\xd6\xb8\xcf\x18\x08\xb1\xa8\x20\x8d\xb7\xda\xa8\x0a\xb7\x10\xc5\x6a\x8b\x0e\x9c\xb8\x08\x1d\xee\x93\xf5\xf0\x15\xf0\x76\x64\x46\x3a\x3d\xcc\xff\x7c\x8a\xd1\x99\x23\xa9\x7e\x39\x04\x5b\xcc\x4d\xce\x0a\x73\xd4\x9c\x56\xd5\xe9\x37\xbd\x11\xe6\x18\x23\x40\x1c\x06\x62\x06\xe3\x13\xe6\x0b\x47\x53\x7e\x34\x70\x4d\x7d\x35\x15\x55\x9b\xb9\xd0\x53\x2d\x02\x8e\x28\xa5\x7a\x87\x9f\xd6\x17\xcc\x61\xf7\xf7\x76\xbd\x6a\x00\x8c\xd4\xf8\x12\x37\x8e\xd3\x7f\x39\x4b\xb9\x7e\x6e\x75\x6d\xa8\x19"},
+{{0xa8,0x86,0xf4,0xd3,0xf3,0x4e,0x32,0x0e,0xc6,0xd5,0xf4,0xca,0xa8,0x63,0xf8,0x14,0x77,0xdf,0x77,0x2e,0xff,0x97,0xe6,0x4a,0x37,0xa0,0x5f,0x42,0x11,0xd1,0x90,0xa8,},{0xe9,0xbc,0x96,0xc8,0x1e,0x87,0x81,0x10,0x26,0x8b,0x55,0xde,0xf7,0xea,0x40,0x07,0xa4,0xef,0x9f,0x54,0xd3,0x83,0xd5,0xfb,0x0f,0x6d,0x43,0x43,0xe1,0x01,0x0f,0x38,},{0xab,0xf2,0x83,0xdb,0x1f,0x80,0xc5,0x4c,0x58,0x3b,0x49,0x9d,0xbe,0x20,0xaa,0x04,0x24,0x8c,0x1d,0xce,0x12,0x1f,0x39,0x11,0x67,0x78,0x13,0xac,0x3e,0x01,0x1f,0xd1,0x59,0xad,0x0b,0xf7,0x6b,0x1a,0xa7,0xcc,0x7b,0x14,0xd7,0xb5,0x50,0x84,0x86,0x88,0x25,0x2a,0xcc,0x7f,0xec,0xe9,0x04,0x87,0x24,0x0c,0x3d,0x39,0x9d,0xd3,0x43,0x08,},"\x8b\x83\x1b\x87\x7b\xc3\xa9\x9f\x61\x3c\x89\xcd\xa6\x98\xb3\x75\x9d\x64\x38\x22\xb5\xa8\x8f\xaf\x38\x22\xec\xb2\xce\x98\xf6\x71\xd7\x55\x43\x21\xb2\x4b\x74\xb4\xe3\x0a\x66\x3f\x7a\x55\x70\xae\x91\x7f\x47\x9b\xda\x29\x89\x4b\x1a\x8c\x02\x8c\x9d\x19\x3e\x4e\x7a\xc1\x19\x16\xdd\x8e\x9c\x3f\x0e\xc0\xef\x80\xbd\x27\xfd\xfe\xee\x80\xc1\x70\xc7\x81\x40\xb2\x4c\x15\x27\x14\x15\xac\xf7\x5c\x26\x95\x6a\x4d\x4b\xf9\x9d\x40\xe8\x61\xe9\x07\x83\x20\xd0\x97\xe1\x25\x9e\x5e\xc1\x7b\x58\x3a\x95\xe5\x24\x30\xdd\x8c\x00\x8e\xd8\xc7\xdd\x1d\xe1\xbe\xcd\xd1\xe6\xbf\xec\x4b\xf3\x34\x7a\x22\xdd\x24\x9f\x3a\xc3\x07\xa2\x94\x5e\x91\x37\xfa\x4a\x8c\x26\xc8\x02\x10\x77\x23\x9c\xb3\x24\x81\x6a\x8d\xad\x32\xb0\x1e\xe3\x4a\x08\x90\x30\x98\xcb\x9c\x42\x45\x29\x1b\x90\x3c\x96\x27\x07\x40\x95\x24\x9e\x78\x28\x13\x47\x70\x32\xba\x32\xef\x04\x1a\x07\x48\x6e\xb4\x47\x8c\x57\xb9\xd5\x32\x26\x9a\x4a\x47\xcb\x5e\x97\x4d\xf7\xe0\x10\x96\xfb\xe4\xf1\xcc\xd4\xe6\x63\x66\x34\x87\x97\x4c\x62\xcd\xd9\x4d\x77\x71\x6c\x84\x79\xd7\x9f\x6b\x6a\x7d\x9c\x15\x59\x88\xcf\x39\x02\xfb\x69\x74\x24\x96\x3e\xc4\xec\x34\xff\x2a\x35\xd7\x42\xc4\x45\x5a\x59\x3b\xac\xff\xc4\xd9\x69\x9b\xa7\x62\x6c\x76\xcb\x1a\x61\x62\x53\x75\x18\x87\xf6\xff\xe2\xbe\x20\x8c\x71\x3d\xf1\xab\x63\x6d\x72\x2e\xa0\x6c\x1c\x03\xa5\x7f\x2c\xec\x08\x03\x86\x6c\xca\x33\x35\xc2\x8b\xf4\x1c\x7d\xef\x81\xac\xb3\x88\x58\xdc\x10\xe5\x94\x67\x20\x86\x24\x96\x7e\x2e\x22\xd9\xe5\x66\x1b\xb9\x45\xf9\xe0\x51\x76\x87\xdc\x80\xf9\xb8\xfd\xec\xc8\xa9\x76\x00\xb6\xc2\x19\xa3\xb2\x3a\x90\xb6\xd1\x8a\xaa\xce\x2c\x78\x40\x0f\xf3\x8c\x8c\x05\x96\x7f\x54\x4b\x6a\x60\x6c\x71\xac\x19\x9e\xaf\xd0\x7e\xb5\x84\x8d\xf1\x65\x7e\xfb\x23\x3f\xba\xba\xe6\x3a\x05\x63\x81\x91\xa0\xaf\x74\x84\xa1\xba\xe1\x58\x13\x75\x67\x2c\x57\x1e\x26\x4f\x60\x42\x25\x17\x3a\x54\xa3\x8d\xd6\x2a\xe7\x13\x0d\x05\xdd\x29\x1a\xd1\x23\x54\xde\x86\xa6\xe1\x13\xe8\x3f\x6d\x66\x85\x16\x15\x7b\x79\x67\x02\x0d\xc6\x51\x7d\x8c\xf4\x2d\xd7\xb1\xa8\x97\xfe\x1b\x4e\x04\x55\x3c\xe2\x6e\x29\x99\x80\xaa\x5f\x7c\xe0\x17\x9b\xf4\x95\x4f\x01\xc2\xa2\x36\x54\xe5\xe9\x73\x1e\x14\x47\x34\x7f\xa4\x3a\xa8\xb2\xcb\xd6\xd4\xb2\xdf\x93\xfa\x54\xaf\x71\xe5\x02\x8a\x6d\xa8\xc7\x1e\xf3\xc5\x0c\x0d\xe2\x4d\xca\xee\x78\x56\x78\xe9\x2a\xaf\xab\xeb\x23\x3b\x01\x1f\x45\xc1\x06\x49\x65\x08\x5d\x25\x47\x05\x0f\x21\xc6\x52\xaa\x53\x3a\xfe\x91\x8a\xa0\xf9\xbd\xaa\x26\x07\xb8\x73\xcc\xd3\xdb\xd1\xd3\xa8\xcc\x62\x17\x2c\xeb\x43\xb9\x21\xef\x6b\x25\xc0\x6b\x09\x92\xe4\xdf\x2b\x91\xe3\x71\xb0\xef\x2b\x39\x47\x38\x8d\xae\xc8\xec\x6f\x7e\x38\x67\xd1\xf6\x10\x72\xaf\x59\x01\x54\xfa\x61\x9a\x07\xf8\x7e\x02\xbd\xdc\x74\x06\x31\x42\x70\xaf\x1c\x15\xe8\xee\x88\xb3\x9c\x01\xbe\x60\x2e\x4f\x0b\x52\xd9\xa0\x72\x4e\x71\xed\xdd\x7f\xa9\x13\x41\x69\xc5\xfa\xab\x91\x59\x79\xee\xa9\x36\x2d\x0f\x1f\x91\x60\x26\x81\x62\xdd\x38\xdb\x02\xfc\xfb\x41\x35\x0a\xa0\x8e\x1e\x14\x09\xb2\x28\x8d\xb1\xfe\x4a\x0e\x58\x6b\x59\x10\xf4\xde\x89\x4b\xf9\x97\x4f\x6a\x49\x83\x01\x3a\x19\x0e\x7a\x73\x6d\x14\xec\x54\xc3\x64\x4a\x3e\xe9\x58\xa5\xbd\xfb\xcb\x62\x97\xab\xa4\x3a\xf6\xc7\x27\x46\xbb\x13\x54\x10\x50\x7d\x8f\xdd\xe7\x3a\x2a\x48\xb7\x46\xf9\x18\xbe\xf9\xed\x92\xc5\xbe\x62\xdd\x55\x23\xfe\x14\xb1\x6d\x63\x84\xca\x46\xef\x59\xb2\x18\x5f\xe9\x33\x38\x3a\x2c\x7a\x9b\xf0\x2d\xa9\xd0\xfd\x8b\x0c\x7d\x7b\xde\x6b\x43\x9f\x99\x60\x15\x5e\x34\x5d\x68\x5d\x4d\xc3\xc7\x14\x04\xd6\x56\x81\x19\x23\xaa\x3c\x47\xd4\xb0\x9a\x0b\xae\xf0\xa1\x2e\x75\xb6\x43\x9b\xa8\x13\x5d\xb1\x58\x65\x87\x42\x22\xcd\x7a\xa4\x28\xf5\xca\x5c\xe5\x14\x0e\x22\xff\x92\x69\x7f\x37\xfc\x70\xb5\xb4\xc9\x4d\x33\x14\xe6\xaa\x16\xb2\x14\x6b\xca\x4f\xc9\x41\x57\x95\x1f\xc4\x92\x45\xda\x53\xf6\xc4\x3d\x1b\xeb\xd8\x94\xe3\x1a\x13\x49\x88\x4d\x71\x1b\x55\xdb\xe7\x78\xff\xa7\x27\x16\x5c\xf7\xcb\x67\x64\x35\x86\x6c\x2d\x2c\xb8\x39\x74\x5c\xa4\x01\x66\xa2\xf7\xcf\xc7\x7a\x84\x24\x68\xb5\x1a\x8e\x76\x57\x5f\xc9\xdd\xfb\x5f"},
+{{0x49,0x7e,0x3e,0xbd,0x9e,0x4c,0xaa,0x81,0xc5,0xa8,0x97,0x3d,0x52,0xf1,0xd2,0x3f,0x60,0xc1,0x34,0xca,0x53,0xf6,0x2a,0x85,0x3a,0x0a,0xc0,0x43,0xe5,0x1c,0xb5,0x17,},{0x71,0xc0,0xca,0x7c,0xfa,0x05,0xca,0xfa,0xbb,0x14,0x3d,0x84,0xae,0x41,0xde,0x83,0x84,0x6f,0x42,0xc7,0x7c,0xaa,0x7a,0x91,0xa2,0xe3,0x48,0x39,0x7d,0x07,0xd5,0x2f,},{0x12,0x74,0x08,0x39,0xb3,0xc9,0xf1,0xba,0x87,0x98,0x96,0xdf,0xf6,0xd7,0x25,0xe8,0x4e,0x04,0x43,0xef,0x96,0xc3,0x49,0xef,0xf9,0x4d,0xc4,0x83,0x31,0x43,0xe5,0xb4,0x19,0x80,0x4d,0xa9,0xdb,0x11,0x8a,0x95,0x92,0xb1,0xb1,0xca,0x48,0xaf,0x18,0xf7,0x5b,0xef,0x1c,0xa4,0x68,0xa1,0xa5,0xc7,0x4c,0x7a,0xc8,0x13,0xbb,0x2c,0xf3,0x06,},"\xe1\x32\xf9\xd6\x7b\x17\x29\x38\x9b\x82\x8a\x9f\xae\x05\xa6\x7a\xa5\x7f\x0e\xf7\xe7\xd4\xd1\xba\x24\x4d\xec\x87\x04\xdb\x96\x95\x65\xd1\xca\xb8\x09\xe4\x8f\xc0\xab\xf9\x50\xbc\xd4\xa3\x7d\x97\xae\xac\xe6\xda\x54\x6d\x49\x14\xcb\x5b\x86\xd6\xab\x18\x1d\x83\x18\x70\xc3\x09\xbc\xa6\x16\x46\x8f\x2a\x34\xd3\xdf\xaf\xcd\xbb\x75\x80\xb0\xc5\xd9\xff\x98\xe2\xc5\x4e\xc8\x03\xbe\x0d\x3f\xda\x1d\x4b\x8c\x0d\x77\x09\xc8\x9e\x68\x0b\x00\x8b\xf9\xb8\xd9\x03\xb5\xe9\x34\xb0\x19\x70\x5f\xe0\xb0\xc8\xcf\xbc\x3c\x09\x67\x84\x3b\x0a\x1f\xa1\xb3\xf1\x62\x77\x6e\xbe\x96\xb7\x40\xed\xd6\x4a\xd7\xc3\x5b\x3f\xd1\xa0\x85\xc9\x9d\x16\xf5\x41\x67\x82\xde\x17\x35\x85\x87\x47\x0d\xd1\x3b\x51\x94\xf2\x0f\x23\x23\x2b\x2f\x70\x2f\x10\xaa\xfc\xaa\x59\xc7\x06\x6f\x24\xc4\xc4\x71\xe4\x2f\xa8\x6c\x6b\x9c\x5c\x3e\x1e\x8f\x83\x65\xf4\xdd\x75\xac\xb3\x2f\xff\xc0\x53\xc9\xaf\x41\xc6\xfd\x2e\xfa\xc3\x0e\xcf\x6a\x2d\xd0\x08\x5d\xe9\xb1\xd8\xcd\xc5\x0b\x16\x60\xa8\x66\xdf\x77\x67\x19\x8b\xd9\xc8\x73\x70\x61\x5d\x2b\xca\x99\xf7\x7b\x84\xd9\x8d\x7b\x24\xc9\xc2\x0f\xd7\x76\x8f\xd0\x38\x0d\x6b\x37\x36\x03\x40\xd1\x35\x98\x04\x78\x20\xdc\xed\x88\xa8\xd4\x2d\x57\x29\x37\xb6\xef\xa1\x69\x21\xa1\xb2\xb2\xd0\xeb\x93\x16\x73\x07\x08\x38\xe6\x11\xe6\xc0\x23\x29\x0d\x86\xfe\x90\x2f\x14\xac\x3a\xcd\x02\x9e\x33\x97\xfe\xb9\x7b\x17\x16\x62\x45\xab\x40\x7a\x76\x6d\x2e\x09\x04\x42\x4d\x33\xcd\x3d\x6e\x2e\x62\xa5\x2c\x65\xdf\x7c\xf0\x04\xd1\x41\x5c\x0b\x43\x0c\x11\x27\x62\x3d\xab\x27\x2a\x2c\x2e\x2b\x43\xe0\x2b\x48\x1b\xe9\x28\xe8\x99\x54\x27\x28\x32\xbe\x09\x8b\x50\x2b\x8b\x56\x43\xc6\x74\x82\xf5\xde\x44\x03\x03\x25\x81\xf0\x8a\xfb\x0a\xea\x48\x86\x85\x82\x60\x7b\xb3\x91\x98\xc1\xbf\x13\xa8\x69\xb6\x32\x58\xa7\x58\x90\xb6\x94\x45\xff\xd3\x45\x64\x02\x3e\x47\xf8\xb1\x88\x4a\x5e\x49\xb7\xd9\x42\x5f\x28\xd5\x15\x30\x13\xfe\x37\x55\xc6\xcb\x11\x4d\xb1\x80\xe6\x0b\x3d\xc4\xad\xb3\x6a\x21\x42\x81\x28\x00\x5a\x77\x2f\xb5\x71\x89\x34\x55\x65\xbb\xd1\x75\x98\x13\x52\x3b\xad\x62\x85\x5e\x79\x28\xee\xf5\x88\x0d\x3b\xff\xf1\xd0\xec\x65\xc2\x45\x92\x33\x5c\xda\x47\xcf\xcc\x5b\x5f\xa6\x52\xb4\x72\x63\x22\x52\x24\x84\x6a\x20\x9a\x3d\xd7\x76\x66\x61\xfc\xa4\xcc\xca\x59\xc4\x56\xfc\x9c\xc3\xe1\xcf\x80\x42\x55\xaa\x5f\x39\x7b\xab\x19\x98\x04\x33\x6b\xde\x29\xe5\x5c\x6c\x37\x7d\x58\x3f\x08\x2c\xe6\x47\x23\x73\x9e\x4f\x02\x46\x06\xf9\x06\xc1\x10\xd0\xa5\xb6\x10\xe5\xfe\xd9\x6d\xab\x5f\x08\xf4\xcb\x3c\xfc\x40\xa3\x55\x57\xe1\xa7\x40\xb8\xc7\xc0\x1f\x7d\x32\x79\xdd\x9c\x4e\x87\x64\xc9\x0b\xc1\x4f\x41\x61\xdb\x5a\x37\xf0\x98\x9b\x7b\xd8\x03\x5f\x8b\xea\x39\x4e\xa1\xd6\x00\x2c\xe9\xc3\x4f\x1e\x9c\x52\xc6\xa1\x5d\x15\xbc\x5b\x25\xc6\xc1\x5a\xb0\x0d\xfd\x6a\x5b\x1b\xc9\x17\xaf\x0b\x1b\x05\xfd\x10\xd0\x61\xb3\x68\x3d\x75\xb5\xf9\xef\xfb\x22\xae\x72\x08\x5b\xe4\xf6\x79\x7b\x58\xcb\x0c\xab\x56\x18\x44\x12\x1f\x98\xbf\xd9\x58\x3e\x0b\xcc\xb7\x0f\xad\x76\x98\x0a\x7a\x73\xb2\x3c\x70\xb3\xfd\x02\xf7\x75\x7c\x11\xa3\xc2\x1d\x19\xe0\x56\x50\xff\xb8\x2b\x9e\x0d\xf8\xa6\x73\x5d\x48\x01\x56\xf4\x79\x49\xd4\x45\x85\x1b\xae\xaa\x5e\xe2\x38\x14\xa4\x1b\x25\x23\x4f\xb9\x2c\xc0\xdf\x19\x80\xd0\x23\xd5\x1b\x5c\xf4\xc3\x11\x85\xc1\x18\xe3\xee\x3c\x0c\x0a\x46\xe0\xa2\xbe\x6f\x1d\x3a\xe4\x52\xcb\xb6\x6f\x0f\xd9\x19\x71\x34\x2d\xa7\xb1\xb9\x96\x58\x9d\x94\x09\x67\x81\x55\x21\x95\xc4\x33\xca\xf1\x9c\x37\xf9\xf1\x4f\xa0\xae\x15\xae\x0b\x02\xb9\x39\xe4\x02\x03\x4f\xf8\x18\x85\x93\x9d\x94\x4e\x60\x4f\x47\x4f\x21\x52\x43\x89\x39\x0f\xda\xda\x06\xe3\x0d\x69\x06\x8c\x88\x48\xcf\x0a\x95\x1e\xab\x25\xc4\x91\x25\x62\x94\x4f\x40\x24\x68\x18\x7a\x23\x23\x9d\x33\x63\x2f\x29\x12\x3d\x49\xb7\xde\x13\x08\x33\x98\xdb\xa9\x7d\xed\xe1\x2f\x79\x59\xb9\x52\x47\xa0\x8f\xc8\xe4\xb5\x39\x9d\x1c\x03\x5c\x08\x94\xcc\x75\xae\x98\x1c\x2d\xd4\x93\x54\x13\xbb\xeb\x68\x53\xfe\x04\x65\x5c\x77\xd1\x58\xc1\x23\x7b\x3e\x0d\xec\xa5\x63\x6d\x69\xe0\xdb\xc5\xac\xaf\x72\xb6\x0c\x10\xbb\x98\xcc\xdd\x60\x09\x8a\x03"},
+{{0x85,0xb4,0xd7,0x64,0x16,0x91,0x28,0x62,0x6f,0xd9,0xc7,0x82,0xad,0x61,0x16,0x22,0x9e,0xdd,0x77,0x63,0x1c,0x2b,0xc9,0xb8,0xee,0x54,0xb3,0x65,0x42,0xc1,0x49,0xeb,},{0x6a,0x09,0x89,0x7e,0x62,0x9b,0xb4,0x37,0x04,0xde,0xbb,0x67,0x15,0xc9,0xde,0xa5,0xd8,0x92,0xb6,0x34,0x30,0x64,0x40,0x99,0x7c,0x3c,0x9e,0x94,0xbe,0x8a,0xb5,0x47,},{0x4a,0x79,0xc4,0x42,0xa4,0xc3,0x9c,0x62,0x89,0x26,0x17,0xef,0x8e,0x80,0xb4,0x09,0x11,0xc4,0xb9,0xd3,0xff,0x0a,0x56,0x73,0xb5,0x7b,0xdb,0x84,0x54,0xad,0x73,0x67,0x69,0xdf,0x27,0xc7,0x8a,0x4b,0xf7,0xad,0x56,0x60,0x40,0xe7,0x47,0x27,0x8b,0x11,0xeb,0x65,0xcf,0x9e,0xc7,0xeb,0xa8,0x66,0x12,0x0a,0x36,0x54,0xf4,0x71,0x6e,0x00,},"\xb2\xa0\x49\x3d\x47\x1c\x33\x91\xf7\xad\xd1\xe2\xcf\x0b\xfb\x32\xab\x05\xdb\xcb\x14\xf6\xe4\xf5\xf3\x46\x3a\xa8\xd9\x95\x52\xf4\x33\x02\x20\x46\xd2\xf8\xeb\x76\x3c\x01\x71\xfc\xb1\xe7\x4a\x04\x9f\xfe\xb4\xb8\xf0\x10\x0b\x82\x10\xfc\xe8\x56\xb2\xe1\xa8\xe7\x39\xd2\xf9\x36\x73\xef\x8f\x8f\x40\x49\x8b\x30\x81\xfa\x1f\xd7\x85\x19\x8c\x6d\x37\x0e\x16\x2d\x41\xab\xe8\x31\x86\xf2\x32\x97\x83\x40\x8b\x9b\x88\x0d\x00\xf8\x1d\x53\x10\x0b\x42\xd2\x7a\x26\x1f\x20\xcd\xee\xd1\x9c\xc5\x8c\xb8\x63\x12\x81\xd8\x0d\xb1\x92\x53\x10\xe2\x35\xe4\x49\x66\x30\x9b\x87\x9b\xdf\xc2\x32\x22\x14\x33\xba\xe5\xca\xe4\x66\x90\xcb\x52\x7b\x67\x79\xe1\x1f\x1b\xd2\xa5\x6b\x59\xc5\x6e\xd4\xd9\x4f\xdf\x7a\xa8\x9d\xfa\x9b\xf2\x0d\xbf\xa6\xa4\x39\x8b\x98\x38\x45\x17\xe1\xdd\x5d\x2c\xd9\xce\x52\x4a\x47\x36\x2e\xf3\x2a\xc7\x92\x74\x2a\x12\x9c\x9e\x06\x13\x08\x76\xab\x5a\xd5\x51\x8e\xab\xc5\xe8\x0b\x02\x2d\x8f\xa1\x3e\x50\xd5\x5d\xed\x58\x95\x33\xe6\xea\x32\x24\x2c\x1b\x3f\xd7\xe6\x5f\x80\xde\xe7\x20\xb6\xd8\x7d\xcf\xf3\xe3\xdf\x04\xc8\x02\xd2\xe9\x14\xa8\x7a\x36\x29\xc9\x0b\xb6\x9e\x0a\x6f\x8b\xbb\x5e\xe5\x05\xf1\x43\xc9\x97\x73\x75\xad\xb0\x65\xc3\xe3\xd3\x91\xf9\x05\xfa\x3c\x33\x6c\x9d\xa4\x1e\x4a\x23\x20\xbc\xf4\x60\x97\x6f\xc7\xeb\x1f\xb6\xc6\xa3\xc3\x95\xdb\xd1\xd2\x8a\x1b\x09\xcd\xb9\xae\x9f\x9a\xae\xe4\xd9\xc5\x66\xa2\xac\x40\xad\xd8\x70\x47\x9f\xaf\x54\xad\x1b\x76\x97\x71\x0b\x4e\xb6\xf7\x32\x02\x44\xb5\x97\x57\xd1\xea\xc3\xd9\x22\xb7\xa7\x30\xb1\xac\xf0\xde\x9a\x45\xd4\xac\x87\x9d\x21\xfc\x61\x6e\xf3\x96\x5d\x74\x34\x5e\xd7\x07\x79\xeb\x68\x32\x80\xce\xe2\x5b\xf3\x73\x9b\xeb\x6b\x4c\xdf\xa2\x5d\x20\x2d\xa1\x3a\x4a\x67\x30\x40\xd9\x70\x48\x65\x8b\x92\x05\x47\x95\x05\xd0\xbe\xe4\x88\x0a\x73\x99\x7c\x70\x82\x5a\x6e\xc5\xfd\x9f\x95\x2e\x65\xfa\x02\x22\x54\x45\xfc\x3b\xdf\x4a\xde\xa3\xd4\xd2\x25\x51\xcb\xac\xeb\x38\x74\x79\x8d\x6a\x33\xa6\x66\x3f\xe3\x75\x70\x81\xd6\x24\x3d\xfd\x7c\xd2\xee\xbf\x60\xa3\x89\x9f\xa1\xf8\xf6\xc9\x56\xa3\xb1\x83\xf8\x9b\x9e\x7d\x2c\xa3\x64\x48\x58\x4d\x53\xaa\x8b\x44\xe6\x5a\xd3\xe5\x27\xf7\x87\x23\xfa\x6f\x59\x22\x42\x98\xdf\x31\xd5\xe8\xad\xa5\x67\xc8\xd1\xb1\x1f\x3b\x13\x14\x75\x53\x31\xc1\x73\x2d\xc5\x4a\x12\xa4\x35\x6e\xdd\xa4\x7e\x3c\x13\x0b\x32\x52\x82\xa3\x54\xbf\xe1\x5c\x30\x00\xd2\x07\x82\x29\x31\x79\x41\x87\xe0\x97\x3a\xb8\xef\x87\xbf\x89\xc3\x54\xa0\x35\xa8\x1f\x45\x91\x12\x23\x56\x3b\xfd\x99\xf9\x0a\x75\xe5\x3d\x01\x0d\x89\x29\xf4\xf8\x5a\x5a\x5a\x4f\x9f\xcc\x1c\x78\xf0\xa2\xfc\x46\x6f\x5f\x1c\x65\x22\xcf\x62\xa7\xbe\x37\x88\x07\x96\xe9\xb3\xca\x09\x11\xec\xca\x3f\x22\xc3\xb2\x4d\x5d\x9d\xaa\x68\x88\xf8\x9a\x8f\x71\xa1\x58\x59\x35\x9c\xea\x46\x8e\xf2\x38\xec\xf6\x46\x19\x27\x83\xa2\x57\xad\xda\xde\x90\x47\xe1\x3e\xdd\x8b\xcc\x1f\xd4\x17\x7c\xb2\x0f\x88\xd1\x19\x98\xd9\xc7\x26\x2d\x64\x8c\x2b\xf6\x6f\xb2\x27\xb9\xb3\xa9\xed\x46\x96\x2d\x22\x57\xa4\x20\xf6\x4b\xea\xd9\xe2\x86\x57\xb5\x21\xdb\x2e\x22\x16\x52\x87\x79\x1f\x3a\x1b\xec\x4c\x78\x22\xa6\xca\xbd\xe5\xec\x77\x01\x88\xcb\x74\x49\x8a\x4f\x08\xe5\xa3\xa7\x63\x9d\x24\x0a\xe3\xf4\xfd\x03\x53\xc0\xdd\xa8\xae\x41\x0b\x9f\xa7\xf4\x3f\xee\xd1\x3e\x9f\x13\xe6\xc9\x41\x0a\x1d\x24\xcd\xfc\x2c\x8e\x64\xa1\x5a\x12\xf7\x55\x45\xb0\xa5\x75\x71\x35\x23\xd4\xdf\xa1\xa4\x74\x27\xa8\x85\x1b\xa9\xac\xcc\xad\x78\xb4\xef\x6a\x18\x5f\x5c\x3b\x00\x11\x90\xdd\x8f\x37\x08\x8a\x00\x0a\xcc\xf4\x48\xbe\x8d\x49\x37\x1d\x9d\xa2\xe1\xcb\x5f\xfe\x07\xd4\x1a\x5c\x22\xe9\x46\x60\xac\x37\x13\x5a\xc8\x58\xcb\x17\x69\xcb\x66\xe8\x26\x9f\xd5\x33\x58\xec\xac\xf5\xdd\x92\xc7\xeb\x61\x86\xb4\xd4\xd6\x13\x0a\x73\x2d\xc1\x0b\xbb\x2b\xe3\x2f\x9b\x1d\x69\x51\x01\x4a\x63\x5c\x12\xd2\x2f\x0d\xc5\xbd\x5c\x2a\x3f\x96\xae\xc6\x2e\x77\x77\x94\x7e\xaa\x02\x28\x12\xca\xce\xd3\x3a\x5b\xef\x9f\xf8\x83\x5f\x88\x03\x67\xa3\x7b\x0b\x76\xd2\xdd\xe3\x96\xc6\x14\xe1\xa4\x72\x1e\x00\x0c\x00\xf1\x61\x93\x5b\x14\xa7\x38\xa1\xb7\x0f\x6e\xa5\x42\x55\xb7\x95\x18\x69\x64\x62\x12"},
+{{0x33,0xd4,0x77,0x60,0x2f,0x29,0x63,0x05,0xa6,0x71,0x9e,0xa6,0x94,0xc0,0x44,0xe9,0x0d,0x23,0x3c,0x2d,0xea,0x85,0xc4,0x6a,0xbe,0x19,0x20,0xe8,0x8c,0x31,0x78,0x49,},{0xff,0x6f,0xee,0xa0,0x28,0xec,0x34,0x6d,0xd4,0x91,0x07,0xbb,0x71,0x3f,0xdd,0xbb,0x28,0x2e,0xbc,0xd0,0x34,0xe2,0xea,0xfc,0x7c,0xdb,0x1c,0x5a,0xdf,0x92,0x63,0x90,},{0xca,0xa2,0x87,0x98,0x95,0xd4,0xf6,0x20,0xb9,0xeb,0x5f,0xed,0x22,0xb4,0x56,0x2e,0xeb,0x1a,0xd6,0x38,0x22,0x96,0x8f,0x76,0xad,0x91,0x07,0x6b,0x16,0x6c,0x05,0xee,0x20,0x86,0x4d,0x98,0xbb,0xbc,0x6e,0x79,0xdd,0x03,0x62,0xca,0xcf,0x7a,0x21,0xb4,0xcf,0xc2,0x30,0xd6,0x35,0x5d,0x43,0x12,0x0c,0xff,0xfb,0x94,0x8b,0x8f,0x6c,0x0e,},"\xcf\xea\x07\xa7\x79\xf1\x53\x7e\x49\x81\x23\xc6\x76\x29\x05\x73\xef\xcc\x5d\xb7\x02\x45\xd9\x3d\xea\x5c\x05\x72\x6f\x87\x13\xd0\x02\xae\x66\xc1\xc9\x69\x07\x47\xca\x92\x30\xb1\x62\x9d\x36\x62\xab\x73\xd6\x6b\x94\x98\x79\x16\x4b\x21\xa3\x5f\x40\xcf\x37\x99\x04\x19\x08\xed\x6f\x92\x29\xec\xb3\x90\xc5\xf2\x22\x34\xe1\xc5\xf2\x6b\x3a\xb5\xba\x59\xe7\x8c\x64\x96\x98\x71\xb4\x28\xb7\x85\x16\x77\x75\x55\xaf\x4e\x89\xc6\xfb\xc1\x93\xa9\x46\x95\x22\x6c\x6d\x32\x99\x91\xa1\x1b\xd5\x80\xd1\x89\x56\x08\x9b\x58\xa0\xe4\x2c\xa3\x5f\x6c\x6d\x26\x09\xad\xe0\xd0\xb6\x19\xd4\x89\x25\xc6\x8c\xd9\xd2\x25\x0d\xff\x27\xcf\x2f\x0d\x44\x44\x87\x09\xb6\x79\xf3\x5b\xbd\xce\x0f\x49\x6b\x0a\x16\xca\x67\xea\xce\xec\x25\x8b\x1a\xec\x91\x77\x5a\x3a\x2e\xe8\x01\xb1\xc9\xa2\x26\xa6\xb0\x01\x92\x6a\x05\x7a\x06\x30\x67\x27\xee\xda\xe8\xc5\x77\x53\x1d\xf0\x4a\xc0\x9b\x5b\x49\xbc\xde\xab\xde\xb8\xac\x4e\x8e\x82\xcf\x1e\x7a\xf8\x35\xfc\x61\x1c\xa7\xa6\x84\xb8\x35\x26\x04\x24\x15\xb1\xd6\x65\x2e\x86\x34\x31\x1e\x19\x46\x27\xea\xe7\x8d\x01\x1e\x6f\x40\xf6\x45\x79\x4e\x36\x89\x5a\x23\xe1\xbd\x84\x88\x3a\x39\x3e\xcf\xe5\xa2\x48\x02\x6a\xea\x86\x44\x70\x59\xf7\xa4\x29\x36\x8f\x21\xc8\x9e\x01\x45\x20\x79\x78\xb9\x13\xc8\x0a\x22\xd7\xca\xf2\x67\x3f\x7c\x76\xf6\xc2\x6c\xf8\x84\x41\x2e\x17\xd0\xc2\x55\x43\x0f\x50\x2b\xce\x74\xe3\xa3\x10\xd1\x7f\x6f\x4d\x48\x5d\xa2\x80\xed\x5b\x5e\xea\x6c\x49\xba\x74\x8d\x76\x48\x14\xb9\xe3\xda\xf6\xfc\xc2\x18\xc2\x74\x0c\xa7\x70\x18\xf7\x13\x44\x51\x9d\xa8\x2a\xda\x31\xe0\x01\x92\x4f\xc7\x76\x79\xe3\xe9\xff\x9f\xab\x67\xdd\x09\xa6\x19\x24\xc8\x21\xa1\xfd\x99\x9f\x74\xdf\xa3\xf8\x19\xad\xb3\x1d\x15\xe5\xed\x8a\xaa\x52\xc1\xbd\x7c\xca\x26\x67\x11\xa7\x4d\xd6\x21\x04\xef\x3c\x2b\xf7\x37\xfc\xe6\x94\x2b\x34\x8a\x33\xc3\xdf\xd6\xd9\x2a\x72\x4b\x6d\x58\x78\x42\x1a\xeb\x23\x0a\x53\x3f\xe2\x1c\x8b\x2f\xd3\xda\x59\x6a\x61\x80\xa4\x5c\x98\x6d\x7e\xce\x4c\xdc\x8a\xd6\x81\xea\xd6\x90\x64\xbb\xdd\xfc\x20\xf3\xc5\x21\x25\xf8\x33\x95\xbe\xd1\x55\x7f\x67\x18\x2b\x9f\xe9\x91\x38\xaf\x3c\x35\x6c\x5e\x65\x29\x78\xdd\x23\x8b\x76\x1c\x74\x2f\x81\x58\xe2\x31\x4b\x96\x42\x08\x33\x09\x78\xb0\x62\x0a\x13\xa1\x6d\x76\x1d\x52\xf0\x6e\x46\x6a\x40\x94\xb6\x5c\xd6\xf2\x68\x54\xae\xd6\xf9\xa8\xc2\xa8\x84\xa0\xd0\xbf\x4e\xe5\x87\xee\xb8\xb6\x02\x48\x72\x39\xa7\xe5\x81\x72\xc8\x09\x98\x3a\x8d\xb1\xc1\xfc\x7c\xe8\xc4\x8b\xc8\xa6\xfb\x81\x2d\x6a\xa9\xe8\x3a\x3a\xb4\xdd\xf7\xa8\xd4\x0d\x3f\xe0\x0e\xa1\x6e\x04\x06\x2b\x8a\xce\xb9\xc9\x9e\xef\xa4\x1f\x4f\x87\x44\x78\x28\x12\x6d\x0d\x9c\x9f\x86\x05\xe8\x46\x7c\x5e\x4d\x67\x1d\x5c\x6d\x9f\xa7\x0d\x74\x70\x98\xd9\x41\x21\x12\x23\xb9\xbc\xf2\x61\x93\x8d\x67\x04\xa3\x2d\x22\xc6\x1e\x30\xf3\x57\x0a\x1f\x5d\x09\x98\xb4\x79\x10\x80\x88\x2a\xa5\x62\x31\x67\xb6\x3a\x23\xf3\x40\xf0\xe7\xc6\xf9\xa8\x30\xa7\x5b\x74\x63\x1f\xa5\xb5\x7a\xfd\xb1\xe6\xbc\x22\x69\x9b\xb0\x31\x56\x67\x5d\x59\x83\x53\xa5\xd1\xb5\x58\x97\xe4\xc1\x10\x61\xdd\x14\x5f\x23\xe8\x53\x7c\x63\x2f\x75\xc1\x0d\xf0\x5b\x25\x54\x72\x38\x57\x40\x17\xfe\x7b\x64\xb8\xe9\x98\x69\x15\x7f\xee\x35\xf7\xad\x7e\x63\xe9\x95\x93\x30\x29\x29\x50\x3a\x96\x76\x80\x23\xb4\x12\x5a\xd7\x49\xdf\xf4\xb9\x92\xee\x5c\x2b\x4f\x3a\xda\x48\x89\xe4\xae\x62\xec\x15\xd2\xdb\x59\x69\xd7\x30\xdb\x30\x75\x47\xf6\x38\xc3\x18\x50\x32\xb1\x2f\x75\xfb\xb3\x17\xe4\x7d\xf7\xb9\x29\x2a\xe9\xe7\x6a\x2c\x0a\x06\xfc\xad\x10\x8c\xdd\x23\x5f\x6e\x38\xd9\x67\xb6\x37\x95\x11\xff\x69\x65\xc2\x2f\x2c\x66\x80\xa1\x2b\x03\x04\xeb\x2b\x29\x6c\x99\xa7\x6c\x27\x29\xd9\x8e\x0a\x78\x24\xb6\x7f\x3f\xe8\x42\xd6\xf6\xab\x27\x3e\x89\x48\x45\xb3\x2d\xc6\xdd\xfc\x7a\x22\x0f\x76\xbd\x96\x5c\x69\x85\x81\x83\xc8\xf3\x57\x39\x5f\xc5\x7d\xc8\x29\xde\xfa\xac\xb5\x60\x3a\x75\x78\x68\xd5\xe5\x62\xf9\x78\x1e\xe3\x9e\x0e\x94\x68\x8a\xd3\x54\x5b\x32\xdd\x73\x66\xb6\xb0\x47\xe8\xd1\xd3\xd5\x65\x99\x7b\x23\x6e\x7f\x75\x96\xc5\xf8\xd7\xc1\xc1\x1b\xcf\x4a\x24\x46\x20\xcb\xd2\x1d\x55\x9a\x7c\x9b\x3f"},
+{{0x70,0x74,0x56,0x86,0x11,0xa6,0x6d,0xfc,0xa8,0x30,0x7c,0xae,0x60,0x8b,0xb2,0x69,0x95,0x84,0x4d,0xf4,0x35,0xe5,0x30,0x0e,0x5b,0x4d,0x72,0x91,0xcc,0x22,0x90,0x7f,},{0xdd,0xab,0xdd,0xd1,0x5e,0xaf,0x83,0x11,0x5d,0xdd,0x06,0x5d,0x7e,0x22,0x0b,0x1e,0xfc,0x26,0x2a,0x61,0xc5,0x2e,0x91,0x43,0x47,0x44,0x2b,0xde,0x6d,0x00,0x25,0x06,},{0x7f,0x65,0x31,0x34,0xc0,0xb9,0x0f,0x44,0xa4,0x89,0xf0,0xb0,0x5f,0xc4,0x07,0x07,0xad,0x9f,0x13,0x98,0xf3,0x40,0xb4,0x47,0xa3,0xc9,0x86,0x1f,0x51,0x1c,0x9f,0x15,0x68,0x80,0x3b,0x76,0x84,0xa0,0x4a,0x89,0x8c,0x45,0x15,0x4d,0xd4,0x86,0xbd,0x50,0x75,0x89,0x98,0xe1,0x26,0x43,0x93,0x78,0xb3,0xf5,0x9f,0xf3,0x67,0x49,0x2a,0x0a,},"\x6c\x13\x74\x23\xea\xc7\x90\xb8\xe8\xe4\x18\xb2\x90\xe0\x57\x9c\x7b\x86\xb1\x4a\xed\x81\x8d\xe8\xce\x53\xce\xa3\xf3\x40\xa1\xa9\x53\x91\xf9\x84\x96\x8f\x2b\x42\x29\x28\x2a\x81\x61\xc0\x9a\xb1\x49\xcd\xac\xd6\x69\x70\xb4\x01\x3f\x52\xe5\xe6\x8e\xa8\xc9\xdb\x68\x5b\x2c\x53\x07\x35\x00\xe5\xb3\x5e\x29\xea\x0b\xa1\xf4\xd1\x59\xa5\x58\xd3\x61\xb0\x65\x16\x83\x6c\xf7\xb9\xea\x50\x1f\xa0\x50\x6b\x98\x5f\x03\x6a\x82\xd9\xe0\x84\x48\x9d\x3b\xfe\xd3\x40\x93\xe2\xd6\xd9\xed\xf5\x57\x85\xed\x35\xa9\x0c\xe5\x6c\x76\x16\x86\xcc\x3e\xa1\xa2\xc7\x6a\xda\x5e\xc8\xc1\x45\xd8\x18\xb0\x47\xcc\x51\x6e\xec\x5d\x2d\x6a\x93\xa5\x55\x92\xd8\x92\xe3\xd5\xcd\x10\xc2\x50\xc0\x4b\x04\x9b\x38\xfc\x7e\xc0\xf3\x9a\xba\x15\x82\x40\x07\x33\x6c\x2b\x0f\x7f\x81\xd6\x4d\x5c\xa3\xe2\x9d\x6f\xda\x4c\x23\xd9\xba\x65\xd9\xfe\x3c\xb4\xe0\x39\x13\x69\x72\x87\xb4\x6a\x0b\x1f\xcc\xd2\x62\x4e\x39\x7a\xe9\x5c\x52\x54\xbc\xd8\x8d\x2c\x7c\x8f\x70\xfd\xc8\x17\x3f\x64\xc1\xde\x32\x28\x1a\xb4\x18\x46\x93\xb4\x8a\x34\x9e\x67\x82\xbc\x89\x92\xb4\x3c\x7d\xe7\xcb\x9d\x33\x92\x9b\xf9\x53\x06\xc2\xaf\x7e\x93\x8d\x84\x86\xb3\x86\xf9\xfd\x3f\x0f\x71\x61\xe0\xe6\x86\x2d\x4f\x92\x81\x44\x68\x65\xa1\xc9\xbe\x24\x60\xef\xbc\x20\x15\x1b\x06\xe7\x9d\x01\x46\x17\xd0\x30\x0e\x67\x1d\x48\x76\x74\x58\x59\x66\x25\xb7\x6d\xff\xc5\x58\xaa\x9b\x40\x61\x21\x96\xec\x82\x7e\x1c\x6f\xff\x51\x8f\xb7\xad\x4b\xf8\xc4\x6f\xcb\x27\x88\x85\xaa\x49\x1b\x77\xa2\x89\x95\xcf\xb9\xd7\x96\x40\xaa\xd1\x74\xc6\xdf\x43\x93\x8e\x3f\x13\x85\x20\x5c\x54\x59\x5b\x33\xde\xde\x50\x14\x37\x46\xa1\x70\x5e\x7e\x0b\x69\xaf\x4a\x26\xc3\xb7\x65\x15\x05\x18\x92\xb1\x5c\xa6\xe4\x8c\x3d\x91\xfb\xc7\x5e\x8f\xe4\xa0\xfe\x8e\xd2\xc2\x6c\x10\x73\xbe\xb7\x0e\xa3\x8d\x09\x27\x02\x92\x78\x40\x67\x55\xae\x6e\x11\xda\x37\x86\x53\x64\x95\x15\xe0\x08\x5b\x5e\xa7\xdb\x32\x49\x20\x8e\x33\xa6\xc8\xb6\xae\x8c\xd8\x0c\x9b\xd6\xb9\x83\xe7\x3e\x9b\x91\xdb\xec\x09\x1f\xae\x99\x5f\x80\x32\x42\x7e\xde\xc0\x2c\xad\x90\x55\xeb\x8b\x7d\xbc\xfa\x80\xd4\xf6\x4f\x57\x27\xa1\x52\xf1\x1c\x47\xe5\x2d\x75\x3a\x57\xb6\xe5\xfd\xdf\x77\x4c\xea\x4d\xa9\x10\x02\x68\x19\xc4\x1e\x32\xb4\xf1\x99\x72\x7e\x23\xc5\x4a\xb5\xd7\x01\x42\xb8\x54\xa2\x7b\x04\xe6\x4c\xf4\x4a\xf2\xa8\x99\x5e\x12\x00\xbd\x11\x7c\x7a\x16\x74\xed\xef\x59\xbc\x53\xf7\x3a\xda\xf6\x38\xe0\x77\x3b\x85\xb5\x63\x34\xaf\xf6\xe1\x17\x43\xe3\xa3\xd3\x61\x4a\xa8\xa3\x75\xb3\x78\x1e\xc8\x14\xcc\x08\xe7\x1e\xfa\x78\x18\x51\x9c\xb2\x4a\xf8\x2c\x33\x1d\xfd\x6a\xc7\x8e\xc1\x7f\xd7\x17\x4b\x61\x02\x1e\x8c\xf9\x01\xa2\xaa\xa6\xad\xbc\x90\x2a\x91\x6b\x2a\x2f\x4f\x79\xe5\x51\x50\x1f\xbf\x01\xdf\x6b\x85\x18\x50\x4c\x1e\x94\x64\x69\x38\xbe\xd1\xa8\x50\x9c\x2a\x38\xfb\x6a\x79\x8a\x78\x58\xf4\x09\xb0\xf2\xfb\x9b\x3f\x48\x17\xe5\x68\xc5\x2d\x9a\xbf\xe2\x16\x8c\xc3\x65\x0f\xc4\x3e\x0f\x99\x75\xfe\x29\xe3\x3a\xed\x1a\x7b\xf3\x0d\x86\x31\x15\x07\x90\x65\x0a\x3c\xb7\x8c\x36\x8f\x1a\xea\x9a\xc6\x0c\x5e\xeb\x96\x9a\x45\xf8\x4a\xa3\x73\x66\xa8\x39\x77\x19\x0f\x41\xae\x42\x1e\x0c\x46\xfd\xa3\xfa\x01\xb9\x26\xfc\xef\x82\x24\xfd\xa3\x6d\xf4\xf8\xa8\x77\x01\xfe\x79\xfe\x06\x28\xef\x0c\xc0\x2d\xf2\xbd\x78\x32\x07\xc7\xdb\x87\x11\x9a\x03\x69\xfe\x16\xee\xb3\x8f\xdc\x9f\xb3\x5d\x9e\x19\x5f\xe1\x4f\x8c\x10\x38\x20\x8a\xb9\x77\x00\xaf\x79\xf2\xe2\xe0\x54\x96\x83\x02\x07\xc7\xda\x8d\xbe\x8e\x9b\xb7\x3b\xc4\x71\xa4\x3f\x1b\xe6\x50\xfa\x92\x81\x9a\xeb\x5d\xc7\xee\xd7\xee\xd8\x17\x12\x70\xd2\x19\x25\x7d\x19\x61\x0b\x89\xd2\xd6\x2d\x3f\x5b\x64\x8e\x13\x9e\xed\xf1\xff\x74\xbe\x01\xa5\xef\x1d\x95\xf8\x12\x92\x26\x01\xee\x92\x51\x51\x57\xc4\xec\xad\xfa\x3e\xef\x9f\x2a\x67\x7c\x00\x3c\xa4\xab\x9b\x2c\x45\x47\x2c\xe5\x5e\x18\xf4\x0a\x21\xfe\x1b\x0d\x45\xb5\x0b\x50\xc5\x2a\x0b\x1a\x5d\x7c\x37\xd8\xeb\xc1\x5e\x02\x05\x84\xd9\xed\xd7\xb5\x65\x05\xf8\x20\x78\xe0\xf8\x99\x38\x91\x35\x01\x4c\x86\xd1\xe2\xed\x49\xf9\xcd\x31\x90\x76\x94\x35\x53\xa3\x12\xae\x05\xab\x33\x35\x26\xe1\x36\x71\x4f\x09\xa4\x02\xb3\xc8"},
+{{0x7d,0x7c,0xa8,0xe8,0xd3,0xb8,0x43,0x44,0xa5,0xe4,0xde,0xa0,0x8b,0x33,0x8d,0x8f,0xaa,0x5f,0xfc,0x11,0x9c,0xe5,0x66,0xef,0x65,0x6f,0x0f,0x45,0x84,0x77,0x5b,0x21,},{0x0b,0xde,0x34,0xb7,0x46,0xd2,0xc5,0x49,0x08,0x53,0x06,0x4d,0x48,0xc6,0xb4,0xc1,0xcb,0xbc,0x3e,0xe7,0xbe,0xff,0x5e,0x8f,0x68,0x4c,0x12,0x0f,0x31,0x5d,0x7e,0x4e,},{0xd0,0xc3,0xe2,0x48,0xa8,0xcb,0x2d,0xdc,0x7e,0x9f,0x21,0xc9,0xc5,0xb0,0x09,0xf7,0x0e,0xa2,0x9d,0xa6,0x89,0x7c,0xd9,0x2c,0x26,0x0f,0x04,0x7e,0xd6,0x8a,0xa1,0xc8,0xb9,0x65,0x7f,0x9d,0x82,0x6e,0x88,0xf4,0xa5,0x12,0xc5,0x00,0x3b,0xe6,0x40,0x68,0x80,0x74,0x12,0x63,0xae,0x7c,0xe6,0x86,0x0e,0xfe,0x73,0xad,0x54,0xd4,0x82,0x04,},"\x0b\x72\x70\x75\x34\x5d\x61\x9f\x5c\xdc\x7f\xc4\xc4\x3c\xdc\x19\x10\x58\x11\xd9\x5d\x06\x9f\x81\xc0\xa6\x2f\xe1\xe1\x17\x8c\xf1\xc3\x5d\xb0\x5e\x2d\xe8\x7d\x11\xae\x1a\x6f\x53\xef\x38\xb3\x9b\xf4\xed\x8f\xbf\x56\xef\x01\x7a\x1d\x3c\x15\xb6\x4f\xe4\xb2\x61\x0b\xf6\x9b\xd1\x9a\xc7\xaf\xd4\x6a\x2b\x87\xb4\x88\xb6\xc7\x8a\xd4\x56\x81\x1c\x1d\xd6\xbd\x4a\x6b\x5d\xa6\x98\x73\x9f\xd1\xa1\x4c\xeb\x9f\x27\xf1\x24\xb6\x9f\x6b\xd1\x6d\xe5\x53\x7a\xad\x80\x68\x1c\x56\x33\x58\x03\x94\xda\x3b\x84\xe9\xb7\xa5\x5e\xba\xb8\x52\x2d\x2d\x6b\xf1\xaa\x4e\x7b\x15\x9c\xbf\x4e\x20\xb5\x0b\xfe\x9c\x71\x1a\xa0\x47\x11\x9f\x1d\xad\x87\x49\x26\x0b\x87\x63\x9e\x9c\x14\x1d\xef\x62\x02\x6a\x99\x03\x73\xdc\xfd\x99\xf7\x7b\x0f\x5e\xa6\xad\xfd\x8f\x59\x4b\x9c\xe4\x10\x64\xa5\xed\x30\x7b\xf2\xd8\xd1\x73\x70\x49\x8a\xd7\xf4\x5f\x9c\x4d\xd2\x6c\x42\x0f\x45\x0f\x53\x62\x3b\xb6\xd7\xf3\xf4\x6a\x14\x9d\x8f\x13\x5b\xc2\x91\x33\x10\xfb\x8f\x90\x43\xd0\x99\x27\x8b\xbe\xba\x39\x17\x9f\xa3\x67\xb0\x16\x73\xe1\xc9\x53\xef\xfd\x2c\xae\xa7\x31\x1c\x47\xc0\x37\x27\x44\x09\x5b\x1c\x8f\x90\xee\xf5\xf1\x92\x9d\xb1\x99\x6c\xd5\x84\xf6\x15\xd5\x6f\xae\x3a\xec\xac\x3e\xe8\x8b\xd0\xb2\x96\xf4\x49\xcc\x27\x13\xc5\x2d\xa6\x95\x24\x8f\xaa\x8e\x38\x9b\x05\xa0\xbc\xac\x69\xdc\xe9\x71\x97\x23\x19\x4f\x43\x3b\x02\x97\xeb\x08\x59\x01\x9f\x14\x1a\x20\x7c\xe8\xcc\xb5\x98\x82\xca\xa6\xe1\x8f\x0b\x43\xbd\xdd\xb9\x0a\x0a\x85\xff\xd5\x77\xd6\x39\x4a\x1d\x80\x48\x94\x10\xf9\x2a\xfb\x85\xba\x50\x6a\xa9\xf3\xf4\x27\x44\x5d\x21\x22\x4b\x9c\xb0\x46\xc0\x5f\x1b\xac\xd7\xb7\x49\xfb\x7b\x10\x24\xd0\x92\xe4\xee\x4b\x30\xa4\x6e\xdf\x71\x84\x70\xc9\x94\x91\xc6\x8f\x48\x79\xd6\x2b\xfc\xe7\x04\x6d\x81\x38\xcb\xb9\xe7\x21\x29\x99\xa4\x49\x8b\x45\x5f\xc9\x0a\xc2\x83\xe9\x35\xde\x04\xdf\x6f\xc9\x99\xe4\x43\x4b\xe1\x10\x63\xd6\xe4\xee\x9e\x09\x6a\x87\xbc\x71\x6d\x2c\x81\x99\x16\xc3\x7a\x4e\x62\x98\xc4\x99\x45\x36\x6e\xc3\xf5\x00\x72\x0b\x06\xdc\x99\xd3\xd8\xac\x30\x3e\x6c\x26\x4e\x28\xa7\xc2\xd4\x19\xec\x62\x2a\x97\xa7\x11\x54\x4f\xb1\xf4\x73\x5b\x11\xf8\xbb\x1d\x7e\x2c\x81\x6a\x15\x62\x87\xb4\xcc\x0c\x65\xaa\xa2\x80\xb8\x37\x73\x7f\x0a\x84\xe3\x6d\xe2\xdf\x2f\xc3\xa5\x0d\xf9\x80\x91\x8f\xb9\xe5\x83\x4b\x42\xac\x0e\x0c\x72\x78\xd7\xfe\x8d\xb4\xdb\xde\xca\x01\x41\xd5\xfe\xf5\xdc\x61\x51\xf8\x7b\x86\x34\xc2\x41\xa8\xfa\x0a\x82\x71\x78\x99\x77\x3a\xe8\x9f\x53\x78\x90\xb9\x15\x5a\x7a\x05\xbc\xe4\x78\x66\xec\x20\x28\xa4\x78\x98\xd4\x85\x82\x3a\x2e\x99\x23\x19\x68\x0e\xb6\x99\xb0\xdd\x53\x58\xf5\x46\xfc\x53\x7c\x73\xd3\xa4\xb2\x23\xa0\x94\x15\x18\xb6\xd1\xe6\x6b\x27\x67\x6c\x1b\x1f\xc7\x6a\x08\x32\x05\x24\xa7\x2e\x29\x7f\xce\x17\xaa\x80\xd8\xea\x7b\x38\x8a\x55\x16\x8e\x7d\xad\xb8\x36\xe9\xde\xe7\x07\xed\x25\xc0\xee\x4d\xb2\x5b\xee\x3c\x48\x5b\x39\x64\x92\x04\xef\xaf\x28\x20\xb2\x73\x63\x68\xfc\x77\x3c\xe0\x90\xc3\x85\x37\x80\x02\xc4\x71\xb0\x94\x79\x5c\xb2\x66\xd3\x9e\xb7\x58\x0d\x70\x1b\xe4\xc8\x91\x6f\x6b\x38\xbf\xe2\x5f\xdf\x36\xd6\xc4\xad\xaf\xa9\xae\x98\x64\xc5\x7b\xb7\x37\xb4\x95\x06\xed\x38\xd6\x2d\xe6\x0c\xc0\x59\x9e\xc6\xbb\x1a\xcf\x24\xb1\xd3\x7d\x60\xef\xde\xb7\xd9\x42\xc5\x36\x03\xa2\xf0\x47\x6e\x95\x12\xc9\x38\xb2\x8d\x49\x5a\x6f\x26\xa9\x07\xc3\x96\xb8\x41\xae\xdd\x8e\x14\xac\x44\x7b\x49\x5d\xf1\xf6\x76\xda\xcc\xd5\xa7\x40\xc0\x42\xf5\x77\x2b\x7d\xb1\x7f\x4f\x1a\x3a\x1c\x8e\x7c\x48\x83\x70\xe7\x36\xb5\x1e\x69\x0f\xd2\xdd\xcb\x5a\xa6\x19\x57\xa7\xc7\x97\x5a\xcb\x2d\xcb\x91\x5d\x07\x4d\x74\x42\x79\xea\x1c\x41\x69\xf8\x68\x87\x3a\xc5\xc2\x08\x90\x16\x2c\x1d\xf9\x65\x64\x19\x97\x5a\x43\xd3\x19\x8e\x18\xc3\x09\xa1\xeb\x7c\x1d\x87\x87\x3f\xb1\x5c\x6d\xa4\x7f\x54\x8a\x01\xf6\x9b\xda\xb9\xc3\x9e\xf0\x0d\x41\x8a\x6f\x61\x9d\xd7\x3d\x7d\xb4\x5c\xbb\x6a\xd2\x25\xa2\xde\x78\x7b\xa7\x77\xbc\x73\xd2\x8f\xc3\x04\xf1\x00\x09\xf4\x02\x2c\x2c\xf8\x4d\xe0\x08\xd7\x0f\xcd\xc8\xba\x7f\x10\x7c\x36\x98\x59\xe9\xc9\x0c\xa8\xa3\x93\xb5\x53\xf2\x66\x05\xff\xd7\x23\x0c\x92\x14\x90\x70\x0f"},
+{{0xd2,0x1f,0xdd,0x7b,0x10,0xe5,0x4a,0x8b,0x6b,0xe9,0x5a,0x02,0x24,0xad,0x70,0x66,0x4d,0xd9,0x21,0x12,0xe2,0x68,0x3a,0x4f,0xd2,0x79,0xc4,0x07,0xdb,0x38,0x71,0xbb,},{0xf8,0x9c,0x27,0x2e,0x7d,0x1c,0xc9,0x3d,0x69,0xf6,0x94,0xde,0xc9,0xcc,0xe0,0x5a,0xc2,0x47,0x73,0x45,0x04,0x82,0x9c,0x56,0x99,0x74,0x13,0xc8,0x95,0x8b,0x93,0x30,},{0x6d,0x69,0xe8,0x3b,0x3e,0x7e,0xd5,0x5a,0x85,0xf9,0xfc,0x9d,0x25,0x19,0xda,0x0b,0x0a,0x1e,0xb4,0xda,0xae,0xe9,0x91,0xa6,0x65,0x1f,0x5c,0x89,0x19,0x0c,0x0d,0xe7,0x23,0x73,0xcd,0x98,0x9d,0x46,0xbe,0x13,0x67,0xf9,0xda,0xf1,0xb9,0x2f,0xed,0x3b,0x52,0xbb,0xa5,0x4a,0x1e,0x4c,0xca,0x5b,0xc8,0x72,0x6e,0xd0,0x7f,0x30,0x25,0x01,},"\xb8\x64\x4a\xdb\xef\x9c\x7c\xab\x91\x20\xac\xed\xc8\xe7\x5c\x43\x3d\x03\x6f\xfa\xe0\xf9\x55\xbe\x6a\x48\x8f\x1f\x42\x7a\x68\xa8\x90\x2d\x02\x6e\x63\xdd\x6c\x9b\xf9\xd9\x7d\xe7\x86\xb3\x1d\xd4\xf4\xc9\xa4\xf8\xa6\x22\xf1\xff\xc8\x4d\xa6\x96\x7c\xa7\x74\x33\xc3\x98\xf4\xd3\xf1\xc4\x43\x49\x89\xb7\xac\x9d\x0f\x3b\x1b\xe0\xc8\xb3\x52\x82\x4f\x4e\x7a\x08\x3f\x34\x2e\xc1\xbe\x1d\xa8\xfb\x75\x52\x42\xa6\x54\x88\x0e\xf2\x98\xf0\x59\x79\xff\x02\x6d\xdc\xc0\x44\x86\x0e\x67\x57\xa2\x9c\xfa\xa2\x22\xa3\x59\x7e\x38\xf1\x77\x99\x62\xa4\x1a\x4c\x8c\xe6\xa6\x5b\x87\x81\x99\xb4\xd8\x0f\x4a\x03\x90\xca\xc1\x9c\x22\x6e\xea\x4b\x60\x36\xe5\x7a\xd8\x30\xec\xfc\x00\x69\x3e\x26\x13\xd3\xed\xf4\x65\xfc\x8c\x4f\xa2\x93\xfd\x8c\xfc\x36\xdc\x8e\x37\xbc\xeb\xab\xec\x03\x49\xeb\xd8\x84\xe1\xb2\x8b\xce\x82\x4e\x0d\x55\xb6\xd0\x15\x38\x38\x01\x66\x8b\x34\xf5\xba\x72\x3d\x2a\xc0\xa2\x64\xfa\xb2\xc7\x28\x60\x8f\x16\x2d\xe0\x11\x79\x25\x9b\xe2\xcc\xb0\x81\x50\x02\xfd\xed\x8e\x0d\x78\xb0\x28\x07\x31\x3e\x91\x0e\xb3\xa7\x33\x7c\x53\x4e\x84\x6f\x9e\xe1\x55\x42\x6e\x4a\xef\x64\x36\x61\xb0\xed\xb4\x45\x96\xfd\xdc\xd0\xb3\xe8\x14\xc1\x37\x81\x7a\x42\x2b\xaa\x40\xc9\x05\x3d\x03\x86\xc6\xec\xdb\x58\x90\x52\x59\x47\x42\x67\x7c\x48\xdc\xfc\x8c\xd4\xa9\x36\x67\xed\x4d\x87\x64\x60\x01\xed\xa0\x79\xe8\xb9\x9d\x52\xba\x21\xc5\xec\x56\x69\xfe\xdf\x6f\x40\x44\x7a\x7f\xf8\x90\x1d\xb0\xef\x18\x47\xd3\xca\xcf\x01\x98\xa2\xf3\xbd\x7b\xcf\x2d\xd8\x11\xa0\x97\xfc\x5e\x51\x88\xb0\x3f\xdf\x54\xe5\x17\x63\x7a\x14\x50\x10\x00\xd0\xd3\x55\x16\xca\xf0\x69\x94\x02\xb4\x8f\x8d\x8c\xc3\xaf\xb1\x7a\x56\x13\x2d\x08\x23\x70\x35\xa0\xc9\x54\x90\xbf\xe5\xd7\xb7\xfb\x40\x17\x8f\x28\x1e\x4d\x87\x2e\x47\xa0\xe9\x55\xce\x97\x36\xf3\xc3\x33\xa6\xad\xf5\x0a\xd3\x19\x94\xeb\x9f\x45\x32\x7f\xac\xc8\xc5\xd1\x13\xfa\xd4\x71\x3f\xe7\xf1\x98\x01\x0d\x42\x04\x6b\xbf\xe6\x8b\x0d\xaa\x79\xdc\xb8\x75\x59\x29\xbe\x92\xf9\xca\xa1\x50\xdf\xbd\xe3\xfc\x9e\x39\x2b\x2b\x70\x1c\x30\x21\xc2\x40\xe4\x67\x9d\xe4\x11\x24\xb1\x88\x8e\x5d\xb5\xa8\x3d\x05\xce\xaf\x49\xeb\x44\x0d\xc4\x50\x26\xd4\x50\xbc\x98\x4b\x8d\x6f\x02\x85\x0e\xcb\x57\x0e\xee\x0a\x38\x19\xb1\x2b\xc2\x63\x67\xb5\xb9\x8e\x1b\x14\x1c\x9b\x0a\x96\x90\xea\x4a\x37\x00\xda\xd1\x23\x95\xf9\x75\xd1\x1c\xd7\x7f\x96\x36\x88\x31\xf2\x1f\x4e\x96\x8c\xc5\xba\x9e\xf8\x24\x74\x03\x8b\xc7\xaa\x26\x12\x2d\x21\x8b\x74\x30\x41\x50\x6a\xeb\xbd\x1f\x98\x79\x59\xfd\x16\x0d\x6e\xb7\xd5\x8d\x4f\x57\x6f\x8c\x0c\xa8\xaf\x86\x8e\x39\xb5\xea\x87\x20\x39\x37\xe0\x30\x8a\xcb\xea\xe9\x1e\x10\x60\x7e\x44\xe8\xab\x49\x5b\xc0\x1d\xd5\x73\xfb\xad\xc9\x44\x79\xff\x92\x08\x2c\x7b\xb7\x51\x34\x79\xc7\x0f\x04\x07\x76\x90\x25\xd3\x4d\x72\x14\x0c\x25\xd8\x21\xf0\x34\xa3\x98\x51\xa9\x3c\x62\x3b\x71\xc9\x40\x0e\x94\x26\x39\xf2\x8b\xbd\x03\x2e\x1d\x8d\x3c\x05\x9f\x7c\x2c\xd3\x1d\x74\x76\x46\x2d\x27\x76\x03\x5d\x07\x88\x02\x02\xdb\xfe\x9e\x07\xd1\x54\x62\x2d\x7a\xc6\x17\x5a\x5a\xfa\x79\xfe\xd4\xdc\xc1\x37\x12\x62\x0c\x41\x99\x4e\x11\xd9\x24\x30\x8f\xb2\xff\x3a\x1e\xda\x44\xc7\x61\xbc\x73\x6f\x34\x51\x22\xf0\x2a\x40\xae\x6f\x7d\xbd\x03\xd9\xfe\x96\xee\x3d\x7a\x3b\x4a\x5e\xef\xbf\xcc\x56\xdc\x42\xef\x27\xbd\x80\x85\x17\x60\x38\xb9\xeb\xae\x63\xaa\x75\x03\x52\x75\xec\x34\xe4\x18\x57\x39\xd6\x36\x24\x67\x70\xac\xcc\xc6\xdc\x62\x0e\x2f\xc9\x15\x6f\xa9\x48\x3e\x0d\x9c\xae\x0e\x8c\x46\x39\x48\xa3\xd9\x7a\xe8\xdd\xa5\x96\x6c\x88\xf0\x70\x93\x29\x2c\xce\x22\xbb\xda\x06\x2b\xaa\xfa\x7f\xe8\x4d\x0b\xa2\xd2\xdd\x29\x5b\x23\x45\x8b\xca\xeb\x2e\xf7\x42\xa2\xed\x1c\x83\x44\x83\xcd\x70\x93\x85\xaf\xea\xdc\xbc\x0a\x9c\x6a\x4f\x38\x7b\xab\xf7\xe3\xdc\x36\xc8\x10\xdb\x20\x9b\xeb\x66\xc8\x66\x64\x04\xc6\x61\xdf\xe9\xd3\x2c\x4c\x08\xaf\xc6\xf3\xb1\x25\x7d\x64\x84\xa7\x55\xf5\xac\x70\x1e\xb1\x3f\x87\x76\x3f\xee\x33\x0f\xfa\x04\x22\xcd\x80\xa9\x20\x38\xc6\xf4\x52\x92\xbd\xee\x5f\x89\xe9\x4c\x7a\x65\x21\x97\xfc\x19\x06\xb4\x82\x58\x37\x24\x49\xb1\x08\x1c\x6b\x97\x13\x4c\x43\xc8\x9e\xe2"},
+{{0xd3,0x36,0xfd,0x84,0x08,0x19,0x6d,0x22,0xfb,0x69,0x8e,0xb2,0x5b,0x76,0x54,0xfd,0xa4,0x6f,0x5d,0xe4,0xc9,0xb4,0xd0,0x49,0x50,0xc3,0x98,0xb5,0x9a,0x44,0x29,0x0a,},{0xf3,0xcd,0x96,0x34,0x7c,0xea,0x63,0xe5,0x00,0xa4,0xc9,0x2c,0x3b,0xf2,0x15,0x66,0x2d,0xd0,0x40,0x07,0x84,0xdb,0xf8,0xb5,0x95,0xdd,0x3d,0x39,0x5f,0x90,0xcc,0x12,},{0xaf,0x7e,0x2d,0xf7,0x52,0x9f,0xd1,0x8d,0x1b,0x21,0xb8,0xfd,0x4c,0x06,0x81,0x50,0x59,0x18,0xe2,0x51,0x14,0x34,0xfe,0x4e,0x49,0x54,0xe7,0x43,0xc1,0xcf,0xa4,0x5e,0x41,0x09,0xd3,0x6c,0x3e,0xec,0xf2,0xe2,0x5d,0x20,0x9b,0x9b,0x5d,0x25,0xf7,0xcb,0xc3,0x80,0x29,0x6d,0x64,0x77,0x52,0xe3,0x0d,0x3b,0xea,0x3b,0x92,0x9b,0x09,0x03,},"\xfb\x49\xc1\x9b\xc4\x44\x4c\x28\xeb\x26\x25\xf3\x1d\x99\x6d\x5e\x36\xc5\x7f\xa6\xfd\xd7\x72\xe6\x7b\x71\x99\xce\xc6\x7e\xda\x54\x51\x71\x2d\xf7\xa6\x9d\xbb\xd5\x6e\x7c\x39\x87\x96\xb2\x00\x1d\xef\x65\x1c\x4b\x9c\x05\xee\x31\xd9\x56\x79\x53\x5c\x81\x2a\x37\xd3\x1d\xdb\x30\x73\x19\x9c\xd7\x04\xff\x7c\xa2\x98\x1f\x7b\x9c\x92\x7a\x7f\x7d\x77\x6f\xb6\xf6\x09\xf7\x27\xe6\xea\x70\x9c\xe7\xf4\x3a\x60\x79\x35\x04\x16\x9a\x89\x05\xd9\xb2\x31\x09\xf0\xd8\x67\x96\x6a\xa3\xe3\x00\xc7\xe1\x1d\xde\xdb\x9c\xc1\x17\xb9\x04\xf6\x29\x27\xe4\x8e\x4d\x73\xfe\x1a\x6c\xec\xcc\x4c\xeb\x08\xe6\x4a\xb5\x5f\x25\xc9\x82\x16\xce\xc9\x37\x60\x8a\xd7\x93\x14\x69\x98\xf1\x4c\x29\x85\xe6\xc2\x91\x0d\xf7\xb1\x38\x8f\x9d\xd8\x63\xf1\xe4\xd7\xd1\x62\x14\x79\xb8\x51\x2c\xdb\x34\xe6\x73\xeb\x02\xa4\x89\x34\xe3\x9c\x2d\x18\xd7\x0f\x96\x6d\x67\x6a\x2b\xd7\x5d\xb5\x43\xd2\x5c\x5d\xcd\xc3\xef\x3b\x8b\xc8\x20\x18\x48\xc3\x09\x61\xe9\x15\xd9\x68\xbd\xc3\x19\x46\xb0\xd1\x8e\xde\x7c\xb0\x16\x6d\xbe\x1f\xfe\xff\x94\x39\xc9\xc3\x40\x4a\xf6\x01\x6c\x73\xed\xeb\x25\x3d\x93\xf5\x62\xa1\xa6\xcd\xd5\x78\x98\xa9\xb3\x42\x25\x87\xd5\xf5\x6a\xf3\xd0\x6b\x3f\x6c\x25\x75\x1f\x44\x46\x0f\xb3\x29\x96\x56\xdc\x11\x22\x7e\xf4\x83\x7a\xab\xdd\xee\x40\x0f\xa5\x3f\x69\xe5\xce\xd0\x53\xc7\x6d\xce\xcd\xf0\xad\xc9\xef\x80\xf4\xb3\x30\x54\x2f\xf1\xfa\x2d\xf0\xb8\xd4\x3c\xd1\xc3\x11\xb1\xb9\x95\x5c\x63\x2c\x8e\x5f\x04\x91\x93\x1c\x04\xde\x43\x4d\xf8\xf7\xa3\x94\xe5\xfe\xf0\x16\xdb\x2e\xb7\xc8\x7b\x2a\xc7\xa4\xa7\x30\x43\xbd\x7f\x98\xad\x0a\x4d\x45\x3a\xbf\xb0\xbe\x8b\xe4\xcb\x14\x57\x42\xaa\x56\xaa\x5e\xf2\xdf\xf1\x22\x30\xa5\x10\xe3\xb7\xf8\x2f\x78\x47\x70\x0e\xee\xa5\x90\x5b\x02\x89\x69\x6c\x4c\x14\x2b\xf3\x4b\xcf\x81\xa9\x62\xd7\x5b\x8d\x09\x10\x55\x73\x37\x79\x33\x5b\x7f\xd4\x7a\x20\xd1\x7c\x94\x8a\xb7\x32\x94\x78\x32\x67\x43\x71\xe2\x2e\x71\x11\x34\xf5\xc9\x19\x79\x23\x57\xf7\x9b\xf7\x0c\x44\x70\x78\x75\x28\x43\x4f\xc0\xb4\xca\x09\x3e\xe9\x25\x43\x42\x0d\x1c\xa8\x11\x24\xf5\x58\x53\x17\xe2\x50\x82\x1a\x4f\x3d\x8c\xe0\xf9\x19\xde\x9f\xbf\x01\x27\x08\x7e\x67\x69\x03\xf6\xcb\x39\x02\x5b\xcc\x73\xa0\x76\x29\x54\xb7\x2e\x66\xa6\xbe\x9b\x96\xc9\x7b\x6f\x60\x30\xbf\x5c\xa0\xbc\x27\x27\xa9\xa1\x79\xcf\x9d\x94\x05\xf3\xfe\x18\xf3\x49\x23\x89\x07\x9a\x5b\x65\xbc\xb1\x3a\x0d\x5e\xf4\x1c\x2c\xd9\x7e\x70\x2c\xee\x4a\x2f\xeb\x1e\x67\x02\xbd\x4c\x63\xfe\x0a\x4a\xe9\x94\xc4\x28\x7a\x83\x7b\xc3\xf6\x4c\x2d\x89\x88\x57\xcd\xb3\x2a\xcd\x4b\xd1\x33\x67\x6e\x51\xf7\x7b\xc7\x11\x0e\x3c\xe5\x2d\x92\x04\xfd\x26\x91\xa6\xd3\x70\x78\xf6\x8e\x7b\xce\xf3\x0f\xc9\xc4\x83\x98\x58\x22\xb6\x61\x11\x92\x38\xe4\x0f\x9c\xfd\xca\xbe\xf2\xd7\xb1\x6b\x05\x9a\xb2\x4a\xdc\x05\x00\x37\x12\xbb\xb1\x28\x09\x6e\x37\xf9\x1b\xc4\xc5\xc8\x15\x08\xbe\x27\xfa\x0b\x84\x94\x0b\xe3\x6b\xce\xd2\xe6\x5c\xd3\x6b\x39\xfb\xdc\x5e\xa6\x86\x14\x15\x92\x28\xca\x65\xc5\xd8\x40\x7b\xaf\x66\x3b\x52\x8e\x7d\x87\x73\x4c\x7b\xc7\x7d\xc8\x43\x1a\x1d\xd6\x87\x3c\xfd\xdf\xc3\xe7\x57\xd9\xad\x1f\xed\xd3\xc7\x98\xf1\xfe\x60\xe7\x15\xee\x48\xa6\xbc\xbb\x13\xb6\x16\xa8\x9a\x38\xe3\x36\x48\x9d\x3d\x6c\xcb\x72\x69\x14\x11\x2a\x1b\xc5\xd9\x77\xc9\xb2\xa3\xfa\xc1\x07\xad\x09\x4b\x03\x8a\xb7\x54\x68\x26\x3c\x34\xbd\xa8\x17\xc0\x56\xe0\x7a\x6c\x56\x69\x7c\xb6\x4a\x0b\x1f\x96\x6f\x6d\xe0\xbb\x1c\x0a\x71\xc8\xa5\xfe\x13\x3b\xa2\x03\x6d\x24\xda\xcc\xad\x3f\xa0\x3b\x39\xcd\x27\xf8\x32\x75\x27\x51\x05\x5a\x81\x55\x91\x3d\x04\x0f\x51\xda\xe7\x8d\x71\x94\x6c\xa0\x4d\x83\xc7\xc8\x94\xc2\x80\xaa\xec\x28\x55\x43\xe5\xfd\x5e\x32\x7a\xcc\xca\x9a\xbe\xf1\x56\xa1\x3b\x95\x71\x44\x6b\xd8\x00\x7f\xf9\x2d\xbc\x0f\xba\xf2\x3a\x94\x41\xb5\x3c\x1c\xd7\x40\xc3\x4c\x28\x29\x29\x10\x1a\xd2\xea\x8b\x85\xd7\x00\x52\x99\x1b\x77\x4e\x92\xff\x75\xcc\x85\x11\x3e\x09\x00\xb5\x1b\x86\x3e\x1f\x2a\xda\xab\x2d\xbc\xf4\x6a\xf4\x79\xea\x24\x8e\xc2\x88\x9a\xfb\xfe\x73\x74\x08\x39\x3a\x2b\x1b\x33\x01\xf6\x5c\x1f\xac\x8b\x67\x67\x95\xab\x5b\xf4\x47\xf0\x5e\x0d\xaf\x67\x76"},
+{{0x65,0x73,0x22,0x78,0x41,0xf6,0xf9,0x28,0x31,0x14,0x6c,0x44,0xc0,0xe4,0x80,0xcd,0xf5,0x44,0xbb,0x87,0x65,0x52,0xcc,0x5f,0x9d,0x42,0xf1,0x5b,0xdc,0xc0,0x44,0xb8,},{0x19,0x22,0x57,0xa5,0x4c,0xe5,0xd0,0x4c,0x19,0x43,0x9f,0xdc,0x9e,0xde,0x18,0xec,0x85,0x6e,0x29,0x87,0x0e,0x24,0xd3,0x73,0x1f,0xe2,0x22,0x47,0x99,0x94,0x9b,0x7e,},{0x53,0x8e,0xac,0xe4,0x93,0xde,0x53,0x38,0x4b,0x1e,0x98,0x5b,0xb9,0x07,0xc0,0x94,0xf8,0x16,0x84,0x30,0xda,0xb1,0x4d,0x37,0x79,0x1b,0xe6,0xe7,0x8f,0xf3,0xf5,0xa3,0x06,0xec,0x70,0xdc,0xac,0x86,0xd9,0x93,0xa4,0xc1,0xf7,0x58,0x50,0x78,0x6d,0x79,0x5f,0x02,0x2b,0x79,0xbe,0x6a,0x54,0x77,0x69,0xe4,0x15,0x69,0xc5,0xa9,0xa3,0x0a,},"\x6e\x7c\x6b\x12\x2a\xb3\x6b\xd1\x35\xf6\x9e\x2b\x85\xe7\xfc\xce\xfb\x07\x2c\x12\xcf\x08\x8a\x32\x29\xd8\x76\xef\xf5\x32\x38\x9f\x05\x77\x11\x6f\x7a\xf2\x9f\x11\x95\xe3\x82\x88\x39\x38\x13\x80\x46\x71\x78\xb2\x29\xc5\xa1\x8d\x7c\x49\x43\xec\x97\x0d\xd1\x8b\xce\x72\x3b\xd0\xca\x91\xff\xa9\x55\x63\x54\x6a\x32\x4f\xe0\xb9\xbf\x6c\x04\x55\xd4\x27\x60\x39\xe8\xd2\x91\xfc\x72\x76\xaa\x55\xa1\xcd\x3e\xa0\x52\x82\x65\x4a\x7f\x97\x00\xad\xcb\xc7\x80\x77\xc5\xdd\x0f\xc8\x6e\xce\xd4\x8f\x4a\x60\xcc\xb7\x6b\xfb\x8b\x45\x62\xba\xc2\x2a\x02\xd1\x9e\x44\x89\x39\x4a\xb9\x71\x9f\xc1\x44\xf5\xdb\x2e\xf0\x39\xb3\x7f\x3b\x51\xd1\xd6\x57\xa0\xcf\x83\x5d\x71\xf1\xa4\xaf\x01\xeb\x9f\xd8\x85\xc6\x04\xa6\x24\xcb\xe9\x10\xbf\xde\x09\x3a\xd3\xf0\xcb\xfd\x9a\x48\x30\x73\x29\xd4\x42\x34\xbd\x01\x19\x1d\x56\xe5\x22\xd7\x2b\x54\xe1\xfe\x47\x33\xda\x3a\xec\x68\x27\xea\xb3\x55\x48\x98\xe0\x3e\x57\x7b\x4e\x7b\x9d\xd3\xf3\x08\xe6\x16\x80\x8d\x02\x94\x49\x9f\x28\x86\x29\x5e\x54\xc3\x60\x19\x9c\xa8\x3a\x83\xff\x46\x19\x5e\xa3\xc4\x84\xa6\x68\x38\xd5\x1a\xcb\xe9\x61\x1e\xee\x03\x6a\xe2\x81\xc6\x79\x3c\xbd\x45\x1f\x92\x71\xfb\x5d\x25\xea\x7c\x18\x99\xab\x5d\x43\xed\x8b\x9d\x06\x7b\xc5\x6d\x8d\x4a\x15\xf1\xda\xb8\xd8\xd9\x5d\x1b\x17\xaf\x64\xcb\x18\xc1\x14\x75\x51\x14\x7a\xdd\xcb\xdd\x53\xfb\xcc\xd9\x02\x6f\x85\x55\x47\x13\x1b\xee\x95\x07\x16\x39\xf6\x49\xf2\xd0\x35\xa2\x5a\x3e\x42\xe3\x8e\x22\xbb\xf0\x38\x10\x6c\xe8\xbc\x4a\xd6\x76\x8a\xb9\x2c\xd5\x7a\xfa\xcd\x04\xee\x55\xcf\x07\x14\xb7\x68\x95\x2d\xac\x24\x0b\x1e\x9b\x28\x35\xec\xf7\xb0\xd6\xc4\x07\xc8\x25\x24\xa9\x23\xb9\xf5\x4d\x1b\x8f\x12\x56\x4a\x87\x21\x44\xef\xad\x3f\x3a\x7d\x23\x97\xcd\x12\x17\xdc\x5a\x9c\x96\xe4\x3b\x29\x60\xa8\x42\x5e\x97\xe0\x7a\x02\xb0\xda\xc9\x0f\x34\x6b\x91\xa3\x46\xa2\x3e\xd2\xbb\x7f\xe6\x91\x9c\x22\xdf\xf0\x3f\x62\xda\x7d\xba\x17\x6e\x8d\xdb\x22\xf3\xf3\xa6\x68\x89\x1d\x3f\x4e\x69\x54\x8d\x0a\xc4\xe7\x1e\x6d\x28\xed\x5a\x67\xab\x5a\xc6\x11\xd4\x60\xb6\x7a\x20\x1f\x4f\x56\xa5\x00\x3c\xa7\xa7\xd1\xcd\x1d\xb6\xc1\x00\x75\xb0\x92\x27\xcb\x8c\x5d\xc1\x66\x6f\x8b\xe7\x10\xb4\xb7\xbc\x2b\x95\xae\x60\xda\x4f\x64\x17\x9a\x50\xd2\xf8\x87\x44\x36\x15\x91\x67\x1d\x36\xb7\x29\x63\x15\xf6\x99\x64\x39\xad\x79\x82\x1d\xa8\xe7\x72\xdf\xbf\x55\xa9\x0d\x5d\x52\xef\x7d\x76\xb3\x5f\xfe\xbd\x42\xe3\x52\x5f\x45\x30\xc5\x4a\x0f\x23\xb4\xd0\x7c\x5f\x59\x74\x47\x0e\x89\x40\x4d\x17\x6e\xef\xf9\xef\x23\x33\x61\x96\x91\xc5\x9b\x7a\xad\xd4\x2c\x29\x6b\x1d\x0d\x32\x8d\x9a\x3b\xd5\x9a\x54\xbb\xa9\x3a\x0c\x1f\x1d\x62\x41\x8c\x21\x90\xc3\x81\x74\xb6\xab\xea\x02\xdb\x66\xe8\x18\x32\x0e\xc4\xb8\xba\xc1\xc1\x2f\x18\xf3\x0d\xad\xe2\x7e\x63\xc5\x8f\x9e\x7c\xaf\x4b\xf6\x9b\x26\x5a\x2f\x9d\x91\x80\x08\x61\xac\xf4\x79\xe6\x5e\xc1\x7e\x68\x05\x77\xe0\x58\xcb\x16\xc1\x09\xbc\xf9\xb2\x90\x9f\xce\x33\x61\xa2\xc2\x68\x5c\x10\xbe\x85\x40\xa1\x22\x2d\xb5\xec\xf0\xcc\x4d\x53\xa4\x21\x4b\x7b\xf6\x24\x8a\xdc\x3a\x86\x1e\x34\x84\x1a\x37\x79\xc4\x60\x46\xc5\x36\x4f\x1e\xa9\x1a\x78\xc9\x70\x0d\x46\x2e\xcf\xaa\xe3\x6b\xa7\x60\xc1\xbd\x6a\x23\x7c\x96\x1e\xdf\x40\x22\xce\xde\xfe\x5e\x93\x7b\xbe\xd7\x05\x1a\xe6\x1b\x96\xd0\x8b\x04\x87\xce\x05\x68\xff\x0d\x32\x74\x0b\xbd\x49\xad\x0d\xb8\x6e\x09\x10\x2a\xb2\x1a\x91\x56\x16\xe9\xdf\xdd\xc8\x1e\xbf\xb3\x6c\x90\x3e\x07\xa4\x0c\xd2\xdd\x11\x9f\xf4\xa5\x0b\x93\xfc\x6f\xdf\xc0\xf3\x6e\x59\xe0\x14\x8f\xcf\xf3\xfe\x8e\x2c\xd6\xd3\x0a\x9e\x4b\x8f\x01\x55\x67\xd1\x18\xb6\x27\x4e\x1e\xd7\x5b\x22\xe4\x4c\xa9\xd9\xdb\xfc\x16\x07\x42\xcf\xac\x58\x1e\x1a\x0b\xf5\xff\x33\x26\xbc\x5f\x78\x96\xb9\xca\x05\xa8\x11\xd5\x5e\x97\xc8\x34\xd3\x7a\x64\x95\xcc\x26\xcf\x44\x2b\xd2\xd9\x01\x29\x89\x5e\x9c\xc0\xed\x01\xe2\x15\x52\x93\xf4\x7a\x07\xab\x58\x80\xc6\xca\x29\xed\x44\xd9\xcc\xbc\xaa\xda\x7f\x3e\xb6\x04\x02\x18\x14\x88\x65\x4e\x04\x91\x15\x78\xb1\xaa\x9c\xdd\x4b\x86\xb0\xdd\x24\x50\xdf\x3a\x43\x08\x1e\x41\x10\xab\x58\xde\x76\x39\x24\xd3\xc8\x91\x52\xe9\x92\x93\xe6\x38\xf9\xac\xd8\xd7"},
+{{0xa6,0x3c,0x1f,0x54,0xb2,0xca,0x05,0x8f,0xed,0x2e,0xe2,0x50,0x4b,0x98,0x3f,0xf3,0x3d,0x57,0x0a,0x9b,0xab,0xa5,0x83,0xc0,0x86,0xce,0xfe,0x19,0xf4,0x3e,0xc4,0x9d,},{0x32,0x9b,0x86,0x6b,0xca,0x41,0x94,0x29,0x7f,0xc1,0xad,0x5a,0x0e,0xba,0x0d,0xf9,0x56,0x69,0x9c,0x74,0xab,0x7d,0xa5,0xfa,0x54,0x62,0xbd,0x06,0x61,0x47,0x10,0x20,},{0x28,0x33,0x59,0xbe,0x41,0x29,0x0a,0x51,0xe6,0xa7,0xc5,0xd5,0x72,0x5c,0xa4,0xea,0x0a,0x68,0xf1,0x4a,0xca,0x14,0xb0,0xf0,0x25,0x66,0xde,0xe2,0x1f,0x49,0x0d,0xa3,0xc7,0xe9,0x5f,0x7a,0xb7,0x39,0xbc,0x35,0xa7,0xf4,0xf2,0x32,0xe9,0x71,0xaa,0x15,0x76,0x57,0xa6,0x33,0xeb,0xa0,0xe7,0x2d,0xc9,0x7a,0xf3,0x2c,0xdb,0x92,0x87,0x02,},"\x79\x1b\x86\xfd\x58\x77\x13\x47\x8f\x92\x34\xff\x30\xce\xfc\x12\x3c\xd7\xc3\xeb\x12\x5f\xa7\x4e\x4c\x6d\xb6\x4e\x78\x44\xf7\xc8\x5b\x16\x86\xe7\x1e\xd0\x8d\x1a\x6a\x04\xe0\xeb\xbd\xff\x4a\xb1\x60\xc9\x76\xc8\xab\x9b\x50\x5f\x6a\x7e\xb0\xa1\x84\x27\xe9\x99\xa8\x82\x8d\xf1\x06\x84\xf8\xc7\x5b\x6a\x6b\x0a\x64\xc0\xaf\xa4\xbb\x22\xbe\xd1\xcb\x93\x25\x35\x9c\xac\x3b\x8c\x50\x8d\x98\xbc\xb0\xeb\xcd\x74\x8d\xc1\x32\xf1\xd6\xa3\x60\xa4\x45\x0d\x12\x92\xa1\xfe\xfc\x4e\x57\xe4\x10\x7a\x22\x3f\x42\x1e\x7d\x14\xa3\x84\xb8\x5c\x18\x84\x4d\x0b\x9e\xed\x2e\xcb\x81\xbb\x74\xe8\xa1\x26\x52\xd9\x85\x05\x79\x5a\x01\x31\x16\xa7\x07\x6c\xcb\x54\x93\xd6\xa7\x11\xf7\x63\x7e\x97\xa7\x80\xe7\x4d\xa1\xb3\x9b\x15\xcc\x7b\xbd\xe2\xe6\xc4\xd0\xd3\xe8\x30\x05\x97\xc8\x36\xe8\x0b\xcb\x8d\x80\x81\xd9\x74\xe0\x24\x32\xea\xc8\x83\x68\x21\x1d\x3a\xaa\xe8\x9a\x14\x41\x71\x08\xe1\xff\x67\x37\x08\x38\x49\xc6\x25\xb4\x0d\x63\x1f\x6c\x83\x57\x22\x0c\x7f\x37\x38\x0b\x3b\x2c\xc5\xd0\xe2\xdf\x6b\x4d\x11\x96\x57\x9d\xbc\x57\xb6\xc9\xea\x0d\x41\xf4\xfa\x0e\x55\x6f\x94\x3c\x94\x48\xef\x42\xfc\x78\xdf\x59\x96\x64\x8c\xe2\xf3\xde\x04\xd8\xa6\x63\xf9\x67\xf3\xd9\x33\xd4\xf6\x53\x57\xab\x29\xba\x5b\x64\x05\xfb\x16\x29\x72\x57\x8d\xdb\xb2\x36\x7b\xed\x14\x3c\x85\x4c\x10\x88\xde\x92\x1d\x79\xf5\xa9\x2a\x85\x48\x37\xeb\x77\x02\xe1\xba\x92\x5c\x6e\xac\x23\xd1\x34\xba\x1b\xaf\xc5\xd4\x6d\xe2\xa1\x94\x2c\x7f\x36\x6f\x70\x1b\x0a\xfa\xbb\x75\xcb\x1d\x80\x8e\x1a\x1e\x4e\x3a\xe5\xde\x88\xe8\xe9\x98\x97\x57\x45\x8b\xdd\xd8\xa8\x06\xc1\x10\xcc\x3a\x73\x3d\x1d\x4a\xc5\x8a\x40\x5c\x4d\x81\x13\x4f\xbc\x24\xcc\xde\x7d\x5a\xfe\x42\x0f\x9f\x17\x85\xf0\xa5\x02\x0f\xaf\xbb\x22\x61\x22\x25\x08\xaa\x05\x28\xb7\xb4\x8b\x56\x72\x00\x95\x84\x25\xef\xcb\x42\x93\x4a\x88\x0b\x13\x34\x44\xbb\x10\x9f\x2a\x95\x4c\xfa\x35\xa2\xd1\x7c\xb0\x5e\xe3\xf1\x6d\x06\xb3\x21\xa1\x5f\x91\x33\x9a\xbe\xda\x24\x3a\xd6\xc0\x91\x9f\xac\x51\xe9\x07\xe0\x53\xfd\xee\xd1\xcf\x03\x00\x37\x34\x13\x77\x93\x94\x1b\x8a\xdf\x9a\xb6\xaf\x81\x9c\x24\x5d\x6d\x56\xf1\x69\x64\xc8\xa7\x5b\x07\x56\xa8\xcb\x0c\xa8\xc1\x2a\xc6\xe6\xb3\x94\x2e\xeb\xec\x2f\x86\x88\x35\xf8\x1b\x10\x9d\xb4\x98\xa4\xca\x2e\x02\x1f\xa7\x65\x60\x8d\x23\xd8\x03\xde\xdc\x9e\x51\x45\x3f\xc1\xd2\xa6\xa3\x8a\x4a\xab\x25\x7c\x0f\xe7\xd6\x7d\x32\xa5\x41\xe0\x14\xb6\x0e\x10\x13\xa9\x2c\x1b\x3a\xd9\xe6\xf1\x1b\xe2\x93\xb2\x46\xf9\xa0\xc6\x44\x0b\x0b\x54\xfe\xe7\x5f\xed\x2f\xb7\x5c\xc9\x1e\xcb\x32\x73\x8c\x49\x58\x31\x58\x6a\x11\x24\x2d\x87\xdc\xb4\x88\x3e\xdf\x67\x57\xa5\x0b\x18\x84\x37\x59\xb9\x8d\xd0\xce\xf4\xa3\xfe\x10\xd7\x63\x70\xec\xda\x8c\x83\xfa\xb8\x7e\xee\x26\x56\xc5\xf2\x61\xc3\x40\xea\x91\xa5\x60\xd0\xe2\xc6\x42\x89\x26\x7f\x00\x36\xba\x35\x94\x48\x00\xa5\xa0\xae\xf3\xf1\xdf\x83\x9a\x72\x4e\x18\x1d\x79\xb8\xa3\xc1\x6f\x65\xae\x27\x95\x3c\x4a\xae\x8c\xcd\x30\xff\x5a\xcc\x4b\x31\xe4\x76\x5c\x68\xfb\x38\x31\x9f\x10\xac\xf8\x92\x47\xb5\xa3\x9b\x3b\x08\xa1\x91\x75\x4a\x24\xac\xa9\x59\x6a\x1f\x8a\x70\xb6\xe4\xf0\x3a\x20\x04\xa9\x08\x6f\xf6\xed\x07\x65\x2a\x92\x6e\x1e\x2d\xf7\xbd\xcc\xd5\xbe\xc1\x6e\x5c\x4e\x96\x83\x64\xa0\x9a\xbf\x9d\xed\x93\xdf\x5f\xca\x0b\xcc\xa5\xc8\x12\x97\x6e\x5c\xfb\x3c\x34\x93\xfc\x17\x5d\x1d\x92\xee\x8d\x1c\x98\xfb\x33\x82\xb3\xab\x90\xc5\xc0\xe4\xbd\xf6\xa3\xac\x94\x76\x7b\x68\xd4\x7e\x6b\x9c\x24\x42\x65\xe3\xb1\xab\x06\x23\xa8\xf0\x10\x02\x73\xf2\xc6\x07\xde\x89\x61\x2c\x72\xd3\x9b\xe4\xc0\xb4\xd7\x7a\x3c\x61\x36\x8d\xf4\x0b\x36\x08\x65\x29\x89\xd1\xe1\x9c\x0a\xaf\x0e\x3c\x25\x3e\x56\x2c\x64\x09\xfe\x64\x48\x92\x9b\x33\x75\x3d\xe1\x62\xe6\xde\x5b\xd4\x66\xa5\x11\x4f\xc0\xe5\xf5\x71\x02\x75\x5e\x29\x54\x4f\x03\xb2\x8d\x4f\x78\xde\x9a\x02\x4d\xd4\xc4\xe8\xc3\xc2\xd4\x41\x15\xa7\xae\x15\xed\xb4\xf5\x58\xaa\x7d\xba\x64\x26\xe7\xe3\x72\xc5\x4f\x79\x40\xbd\x77\x14\x46\x7f\x8c\x3a\x1a\xdd\x3c\x64\x01\x89\xc3\x16\x60\xd8\xcc\x01\xd3\xc5\x38\x2e\x42\xab\xc1\x04\xc7\x23\xf9\x48\xa8\x04\xca\x85\x30\x47\xb6\xb8\x7b\x5b\x6e\xf4"},
+{{0x5b,0x67,0xa6,0xd7,0xc6,0x50,0xdd,0x92,0xdd,0xd0,0x36,0xce,0x7a,0x30,0x5b,0xc9,0x59,0xa4,0x97,0xc5,0xe5,0x15,0xa6,0x84,0x93,0x03,0x5c,0xb3,0x85,0x0e,0xe0,0x3d,},{0x4c,0x6f,0xc1,0x64,0x05,0x05,0xfb,0x46,0x66,0x9f,0x93,0x04,0x8f,0x8e,0xf5,0x57,0x09,0x9f,0x3f,0xd9,0x2a,0x53,0x06,0x4b,0x16,0x33,0x63,0xa3,0x1b,0x7f,0x00,0xaa,},{0x0f,0x07,0x3c,0x9a,0x58,0x6f,0x6f,0x5e,0x08,0x38,0x9a,0x2a,0x5e,0x18,0x08,0xe2,0x70,0xf0,0xed,0xb6,0xaf,0x10,0x44,0x96,0xf9,0x37,0x57,0x62,0x3f,0xea,0x53,0x13,0x3a,0x73,0x1c,0x44,0x5a,0xc2,0x35,0x78,0xcd,0x56,0xa3,0x88,0x3c,0x08,0x95,0x86,0x68,0x63,0x1f,0xed,0xf1,0x44,0x6c,0xe3,0x4f,0x85,0x7f,0x90,0x82,0x2b,0xa8,0x0a,},"\x62\xcc\xde\x31\x77\x2c\x57\xe4\x85\x3a\xaf\x2a\x81\x81\xfd\xb5\x3f\xb8\x27\x90\xea\x65\x01\xbf\xc8\xf5\xd4\xae\x8d\xbd\x52\xde\x42\xce\x2e\x89\x61\xac\x17\x31\xf4\xbc\x08\x5f\xb5\x61\xef\x09\xa2\x44\x29\x70\xb6\x29\x79\x01\xae\xaa\x2e\xe5\x55\xb7\xd5\xe3\x95\x1c\x7c\x35\x12\x39\xdd\xee\x95\xff\x54\xf9\x24\xda\x95\xca\xe7\xb1\x5b\xa6\xa9\xa1\x33\x7b\x8c\xe4\x92\x1e\xd9\x13\xcd\x79\x1c\x1c\x69\x41\x08\x0e\x54\x8f\x3c\x36\xe8\x45\xac\xbf\xd8\xd8\xce\x35\xe2\xfd\xc2\xa2\xad\x6c\x7e\x24\x61\xbf\xcb\xf1\xaa\xbc\x55\xcf\x0f\xae\x42\x88\x85\xbe\x5e\x86\x53\x33\x08\xc9\x75\x68\x05\x21\x9a\xbd\x7f\xfc\x16\x57\xb6\xf4\x63\x29\x20\xa0\xc1\x0e\x0e\x36\x33\x19\xd9\x00\xfc\xd6\x1e\x7d\xdb\xcd\x6e\x76\x2a\x7d\xb9\x24\x80\xc3\x63\xb2\xc0\x64\x0c\x6b\xf3\x2d\x69\x0d\xd8\x29\xd8\x40\x5f\xa6\x6e\x47\x83\xeb\xe1\xcb\xde\x95\x47\x95\x4a\x90\xba\xad\x9f\x77\x4e\x94\x54\x9a\xbb\xff\x2c\x1f\x5c\xae\xc2\xbf\xd2\x8e\x41\x5d\x36\x42\x9d\x58\x51\x8c\x3e\x17\xe8\x69\x9e\x19\x89\xd4\x7b\x8d\x62\x7e\xf9\xab\x4d\x1e\x7d\x12\x0b\x37\x2c\x21\x41\x30\x4f\x7f\xab\xd0\x26\x5b\x8b\xe4\x1f\x54\x67\xf4\xde\x9e\x65\xc1\x25\xee\x1f\x27\xa2\x89\xc4\xf7\xc9\xa1\xfb\xf2\x5b\xfc\x2f\x8d\x30\x8e\x7f\xf5\x21\x91\xcb\x76\x44\xc6\xaf\x20\x45\x22\xf2\xac\x87\xb5\xf4\x05\x25\xfd\x43\xd3\x08\xc8\xdb\xc6\xa8\x61\xd2\x5d\xb2\x3e\xe2\x76\x67\x8a\x1b\x6e\x8e\x91\x28\x3b\xe0\x24\x70\x48\x2e\xd6\xcc\x9f\x6e\x39\x63\x51\xd1\x1b\x1c\x7e\x22\x32\x9c\x09\x1f\xe7\xd3\x68\xf6\x06\x53\xf9\x3b\x0f\x6a\x3f\x71\x2c\x20\xf9\xd2\xd8\xa9\xa0\x81\x98\x72\xf0\xc7\x1d\x7b\x1c\x0b\xc1\x68\x3a\x15\x2b\x48\x4b\xc2\x1c\xf5\x56\x09\x3a\xb4\xc0\xac\x16\xd3\x22\xff\x0b\xf4\x52\xe5\x58\x1e\x1e\x72\x41\x67\x38\x84\x02\x3c\x7d\x6e\x17\xe2\xde\x80\x59\xf6\x0e\x4c\x18\xe1\x3b\xd5\x5f\xcf\xee\x62\x3f\xd0\x46\x9c\x0d\x09\x11\x61\x1d\x09\x9a\x25\x70\x20\xf2\xf3\x1b\xf5\x07\x8e\x6e\x65\xa1\x35\xd5\xbf\x40\x76\x20\x23\x6d\x6c\xc7\x59\x31\x0f\xa7\x28\xff\x8b\xb5\xec\x56\xab\xbe\x1a\x3c\xd1\x51\x53\xf8\x92\xd9\x58\xd3\x0d\x16\x2d\x01\xee\x66\x5f\x5b\x56\x27\x81\xd8\xdc\xf8\x42\x80\x59\xe5\xfd\x22\x5a\xd7\x8a\x99\xea\x76\x0f\xe5\xd9\xee\x82\x19\xc9\x5a\xcb\x18\xd0\x56\x22\xe1\x0a\x9b\x6c\x67\xf6\xd4\xf6\xed\x11\x63\x5c\x5e\x2e\x0f\x85\xdd\x5d\x3c\xbd\xa6\x5a\xa4\x23\xd5\x94\xa8\x0b\x40\x42\x7b\xc3\x21\xe0\xee\xf9\xaf\xd2\xbc\x87\x46\xab\x73\x99\xff\x6d\x0e\x12\x87\xb6\x61\xdd\xc4\x06\x2d\x07\x20\x18\xf4\xc1\x0e\x86\xcf\xae\xd7\x2d\x9e\x68\x6e\xd0\x9d\x52\x55\xd3\x60\xe3\xee\xa2\xc2\x9b\x9e\xae\xa0\x5f\xc7\x8c\x8c\xdb\x8c\x9d\x4a\xfc\x7a\xdc\x6d\x4a\xa0\x67\xb7\xab\xfb\x0a\x4e\x94\x0a\x77\x58\x0e\xc2\x06\x45\x6c\xb9\xe9\xf9\x5f\x6d\x56\x5d\x53\x6e\x53\x5a\x16\x7e\xde\x8e\x20\xec\x36\x08\x1e\x2f\xc5\x5a\xef\xaf\x24\xd2\x27\xff\xfe\x5e\x6c\xb0\x30\x93\xf4\x43\xb4\xc5\x16\x55\xd9\x1c\xa6\xf2\x75\x95\x9d\x1a\x80\x2a\xde\xab\x44\x70\x1b\x31\xe8\xb0\xfd\x02\x22\xc4\x99\x96\x6c\x72\xd1\x02\x0a\xd9\x37\x0e\x28\x02\xbe\x04\xc9\x93\x3f\x6b\x77\x4f\x6e\x8c\x69\xfc\x0b\xfd\x31\x59\x39\xa1\x27\xb4\xe0\x6d\x0f\x6f\x5e\xde\x67\x1c\xe1\x16\x12\x12\x6b\x51\x87\xb5\x33\x29\xb0\xa9\xcb\x7d\xa3\xb1\xcc\xd6\x7b\x8c\x07\xba\xb9\x9a\x66\x2d\xf8\xce\x85\x1f\x50\x2f\xc4\xe1\xed\x16\x32\xb6\xba\x55\x55\x44\x01\x8f\x75\x27\xe3\x62\xef\xc7\xe3\xb2\xba\x6f\x75\xa1\x25\x4f\x42\x8b\x3b\x7e\x0b\xea\x69\x54\x9e\x7f\x9c\x73\x62\x75\x55\x00\x80\xae\xe3\xaf\x59\x14\xe3\xa3\x4b\xe6\x56\xc7\x7f\x6b\x29\x42\x0e\x54\x33\xf3\xdf\xf3\x81\x1f\x35\x28\x20\x8e\x9d\x85\x0a\xa3\xc2\x9b\x0f\x77\x8a\x24\x27\xd5\xfd\xe3\x07\x32\xdf\xe5\x04\x43\xa9\xc1\xad\x55\xc7\x2a\x08\xab\x26\xff\xaf\x8e\xfb\x90\xbc\xaf\xd3\x72\x6b\x00\xc0\x05\xc8\xc0\xf0\xdb\xf2\xa1\x35\x30\x86\x72\x1e\x44\x65\x45\xb8\x13\x44\x11\x94\xa7\x55\xfd\x26\xb9\x63\xaf\xd9\x77\x27\x8d\x1b\x10\xf0\x90\x01\xc7\xed\x97\x54\x03\xc1\x5c\xbe\x7f\x99\x2a\xb0\x7b\x84\x70\xc9\x39\xf8\x66\xf4\x20\xf7\x7d\xb7\x79\xaf\x83\x97\x00\x32\x9e\x07\x77\xa6\x11\x63\x65\xd7\x6c\x36\xd0\x9d\x86\x04\x72\xa5"},
+{{0x26,0x31,0xc8,0xc3,0x4d,0x29,0x48,0xdd,0xd5,0x99,0x6b,0x41,0x49,0xce,0xfd,0x23,0x8e,0xa7,0x45,0x2e,0xc2,0x2e,0x24,0x61,0x24,0xdf,0xa2,0x79,0xcc,0xc2,0x7d,0xb8,},{0xc3,0x90,0x67,0x86,0xff,0xb8,0xa7,0xc2,0x7c,0x44,0xc2,0x44,0x7f,0x9d,0xde,0x7d,0x66,0x6d,0xfe,0x58,0x8c,0xfc,0x54,0xf2,0xd2,0x50,0x40,0x51,0x2a,0x37,0x1b,0xc1,},{0x0a,0xdc,0x6f,0xa4,0x0f,0xfb,0x81,0xf6,0xef,0x4e,0x41,0x87,0x55,0x49,0x17,0x77,0x5c,0xf4,0x65,0xe7,0xb5,0xe8,0x57,0xf2,0xe1,0xe7,0xf4,0x00,0x97,0x71,0x06,0xd2,0x37,0x7e,0xbc,0x76,0xab,0xb1,0xdb,0x92,0x4c,0x64,0x86,0x7e,0x3c,0x6f,0xe3,0x8c,0x0b,0x4f,0xcb,0x1d,0x0f,0x94,0x68,0xe8,0xfb,0x23,0x50,0x29,0xa8,0x1c,0xe6,0x04,},"\x6f\x9b\xdc\xe1\x44\x3f\x28\x56\xd4\xa2\xf2\x27\x82\x83\x50\x12\xb7\x81\x8a\x0e\x02\x0d\xbc\xc2\x2a\x82\x16\x58\x30\x5f\x13\x42\x34\xd1\x4c\xea\x63\x61\x00\xed\x89\x6c\x2a\x8f\xb0\xe8\x70\x48\xec\x6f\x8b\x31\x48\x4f\x78\xeb\x17\x10\x45\xad\xd7\x2c\x85\x71\x0e\xc9\xf9\xb5\xd4\x36\x23\x41\x7b\x56\x53\xbe\x86\xe7\xfb\xf8\xb4\xff\x91\x11\x0a\x80\x8c\xb4\x1a\xcf\x66\xd4\x36\xe8\x9a\x73\x7f\xae\xa4\xef\xf3\x54\x49\x60\xf1\x14\xb8\x33\xb0\xb4\xeb\xc2\xc1\x40\x70\xb0\xbf\xb7\xb0\x05\x7e\xeb\xb8\x42\xbd\x1c\x1e\xd4\x58\xad\x34\x28\xf8\xf7\x2a\x1d\x1d\xb3\xc4\xcb\x47\x97\xa3\x99\xd4\x7a\x1e\x6d\xb7\x4d\xcb\x2e\xe2\x4a\xe8\x15\x85\xcf\x66\xef\x6d\x9b\xd2\x23\xf0\xf5\x4b\xc8\xc1\xce\xc1\xbb\x44\x60\xbe\xf4\xff\xd3\x2e\xe8\x05\xc3\xca\x5e\xe9\x76\xff\x9c\x14\x55\x9f\x8d\x75\x66\x62\xa2\xbc\x19\xe4\xc5\x98\x54\x06\xa0\x73\x05\xc9\x95\x0d\x86\x6c\x9a\x79\xa3\xe5\xf6\xc5\x96\x97\x53\xa1\x70\xe0\xfc\x4c\xc0\x9c\x6d\x87\xa1\x2b\x44\xcd\xf3\xbe\x16\x23\x15\x9e\x90\xca\xb7\xa8\xa3\xe6\xf0\x1f\x26\x85\x95\xb0\x21\xb1\xef\x7d\x00\x76\x94\x77\x27\x0d\x55\x84\xc9\x12\xe2\x2a\x36\x74\x38\x27\x7f\x59\xdf\x20\xc5\x62\x0d\xd5\xbe\xaa\x9b\xb6\x0b\xee\x47\xf4\xaf\x52\x7d\x89\x29\x57\xb2\xd1\x2b\x67\x8b\x52\x79\xa3\xf8\x32\x64\x65\x4c\x0a\x0f\x8d\x21\xe7\x09\x66\x8f\x30\xfb\x6e\x68\xf0\x47\xd0\xd9\xa7\xc2\xae\x9a\x28\xf7\xcb\x9d\xbf\x18\xf6\x3f\xc1\x66\x1f\x07\xd3\x10\xe5\x40\xc7\x76\x31\xf5\xbd\xac\x58\x24\x68\x5d\x7c\x9a\xba\x0f\xe1\xd0\x94\x07\xa9\x66\x2e\xf1\x8e\xb3\xe2\x8f\xd1\xe8\xbc\x89\x26\x57\xbc\x38\x24\x3a\x2e\x64\x53\xbd\xae\xab\xb2\x79\x1f\xc5\x48\x95\x21\x29\x54\x57\xad\x04\x18\x0c\xa8\x71\xf6\x31\x87\x92\xbd\x15\xfd\x18\x00\xce\x59\xdd\x3e\xcc\x7e\x0b\x72\x97\x92\x67\xd8\x18\x3e\x80\x4f\xdd\x45\xda\xad\x84\xfc\x4c\xaf\xeb\x56\x1e\xa8\xd6\xa7\x4a\x7c\xde\x72\x2d\x96\x25\x3a\xb3\xe7\x5f\x0a\xdd\xe0\x2a\x61\xfd\x5e\x1f\x59\xcb\x1f\x5f\x1b\x2e\x05\x26\x43\x58\x9a\x9e\x4b\xe4\xdd\x6e\xe6\x45\x38\xcb\x0b\x10\x9a\x11\x3f\x30\xa5\x8b\x35\x65\x62\x40\x43\x66\x2a\xbe\x17\xf6\x0e\x31\xe8\x9c\x36\xc9\x95\xe0\x0a\xe0\x7f\x56\xa9\x11\x8a\x31\xae\xc2\x4a\xd5\x44\xbc\x96\x58\x11\x21\x8d\xf8\x27\xc1\x73\x0b\xb9\x04\xbb\x79\xb6\x86\x13\xf6\xc9\x94\x67\x9b\x69\x90\xd7\x75\xb5\xcb\x32\xdb\x97\x19\x4b\xd8\x10\x19\xbe\xa4\x1f\x3a\x7e\xef\x50\x1b\xf8\x49\x1b\x0e\xa8\x59\x38\x84\x52\xe3\xec\xbe\x16\xaa\x7d\x56\x91\x51\x0a\x66\x06\xc4\x93\xe4\xc2\x93\x96\x1b\xf4\x0b\x4c\xd3\x00\xd9\xd2\x2e\xa1\xa7\x72\x4c\x07\x8b\x8b\xab\x1f\xd1\x65\x04\xe9\x89\xb1\x36\xd9\x25\x1a\xc9\xf1\xed\x94\xa5\xe9\xac\xbd\x9c\x04\xf8\x05\x8a\xfe\x03\x04\x9a\xed\x8b\xa2\x9f\xa2\xe8\xfb\x44\xf8\xe8\xc0\x4e\x87\x27\xf3\x99\xe7\x35\xe6\xc1\x49\x6a\x91\xa9\xb2\xcd\x2a\xb0\x2d\x43\xb2\x85\xe9\xd7\x61\x02\x93\xb6\x74\x9d\xf1\x04\x4b\x30\xe2\xda\x99\xa5\x64\x42\x9a\x23\xe6\x8c\x96\xfc\xe9\x2b\x08\xa0\x0b\x7b\x74\x2b\xa9\x7a\x62\xee\x58\x77\x6d\x7d\xd5\x65\xa4\x90\x07\x1d\x4b\x19\xdc\x64\x8e\x03\x32\x9c\xc5\xc8\x25\xd3\x87\xeb\xa4\x9e\x2e\xff\x6c\x43\x41\x86\x5c\x46\x4f\x13\xf1\xbe\xb1\x82\x7a\x7f\x26\x8c\xc1\x5a\x98\x24\x80\xbf\x08\x4f\xe3\x65\x2c\x1b\x0e\x0b\x4a\xd2\x62\x55\x85\x9a\xbf\x1c\x8a\x7f\x9b\x3b\xef\x09\x8a\x94\x07\xfd\xea\x0a\x53\x9e\xb0\x08\xfd\xd7\x49\xfa\x01\x86\xcc\x01\x69\xd9\xd9\xe6\x8f\xe5\xe5\x4c\xac\x32\xce\x57\xb5\xc8\x4c\x2d\x80\x5e\xca\x39\xc2\xdb\xbd\xd2\xe0\x2f\x7d\x22\x88\x26\x71\x2f\xf4\xa6\x14\x11\xca\x0a\xeb\x6f\x01\xa1\xf8\x0e\xf2\x9e\xeb\x07\x1a\x43\x22\x2d\x94\x97\x18\x4b\xd8\x5d\x9e\x44\xb1\x66\xbe\x97\xcf\xd2\xa7\x32\xaf\x4a\x23\x34\x63\xd3\xab\x54\x3a\x7a\x3c\x7a\xec\x55\x56\x56\x56\x88\x40\xf4\xdf\xea\x21\x7f\x65\x53\xaa\x98\xaf\x32\x4c\x12\xb2\xc3\x21\x4e\xe7\x6e\xec\x70\x06\x70\xaf\x68\xc8\xc1\xf3\x69\x46\xef\xd7\xff\x09\x33\xe5\x45\x3f\x12\x8e\x97\x15\xfd\xb3\x34\x4a\xc1\x0c\x4b\xb7\xec\x8f\x10\xdd\xf5\xdb\x71\xf1\xcf\x0e\xfe\x40\xf7\x5e\x5b\x63\x34\xef\x8c\xf8\x42\x9b\x32\x91\xe6\xe4\xce\x37\x9c\x17\x8a\xff\xcb\xc6\x10\x30\xeb\x89\x6d\x74\x4d"},
+{{0x39,0x76,0x9a,0x66,0xf0,0xca,0x12,0x90,0xfd,0xa1,0x43,0x75,0xb3,0x5c,0x66,0x3f,0x6a,0x4b,0x2a,0xb3,0x60,0x71,0x79,0xab,0xd9,0x90,0x63,0xe2,0xef,0xa2,0xc6,0xa8,},{0xf9,0xfd,0x4c,0x19,0x1f,0x38,0xf1,0x21,0x90,0xd3,0x28,0x5e,0x20,0xc6,0xce,0xe5,0x4c,0xfd,0x6f,0xf3,0x15,0x30,0x0a,0x4e,0xfd,0xc8,0xa9,0x0e,0x80,0xaf,0x40,0x83,},{0x14,0x42,0xde,0xa2,0x80,0x7e,0x03,0x11,0x59,0xec,0x6a,0x41,0x2d,0x8e,0x07,0xbb,0x3e,0x29,0x93,0x08,0x09,0x0f,0x21,0x8f,0xa7,0xc1,0x0a,0x9c,0x50,0x68,0xef,0x9b,0x64,0xef,0x11,0xca,0x9f,0xb9,0x2b,0xe1,0xd0,0x21,0x6b,0x99,0x31,0x8f,0xf0,0xf0,0x3c,0xb8,0x71,0xcd,0x7d,0xd6,0x3a,0x38,0xae,0x17,0x02,0x31,0x3e,0x5b,0x25,0x0c,},"\xff\x4d\x89\x87\xe3\xfa\x36\x01\x2b\x75\x86\x73\x6b\x79\x3d\x65\x97\x54\x69\x8c\xd1\x2b\x65\xe5\xba\x9d\x75\x8c\xac\x16\x49\x28\x8d\x20\x22\x43\x77\x28\x3e\xa5\x42\x5d\xec\x10\xab\x99\x17\xd1\x8c\xd1\x3d\x1b\xdf\x4a\x76\x9f\x37\x04\x4c\x84\xfa\xa2\xa4\x49\xc6\x89\xe0\x04\xc1\x4e\x00\x5c\x49\xda\x41\x06\xff\x75\xce\x13\x03\x36\x1c\x6e\x3e\x34\xcc\xfe\xe7\x5e\xe9\xc3\x1c\xbd\x06\xa4\xbc\xdb\xb4\x2f\xd6\x49\xbe\x4d\xfc\xd6\x64\x00\x6d\x6a\x5f\x61\x07\x7c\x04\xa6\xa8\x1d\xb3\x6b\xe8\x6b\xa4\x2c\x29\x51\xf0\x51\xae\xda\x64\xac\xea\x49\x6c\xb9\x24\x98\x2b\x9f\x7d\x23\x4a\xc9\x72\x3f\xef\x98\xa8\xe1\x27\x55\xe3\x26\xa5\x2f\xbe\x35\x85\x1f\x41\x1e\xeb\x86\x76\x06\xd4\x5b\x51\x3f\x54\x52\x63\x91\xc5\x54\x63\x5c\x18\x0b\x8f\xd0\xee\x45\x1a\xfc\x96\xe4\xef\xd3\x60\xb6\x1e\x6b\xaf\x03\xdd\x6d\x19\xba\x51\x5c\x31\xec\x1c\xdd\x3a\xff\xff\xdb\x27\x35\x4e\x3e\x6b\x56\xe9\xe1\xa1\xa1\xb7\xd4\xb5\x7d\x9d\x76\x89\xbb\x2f\xea\x6c\x8d\x3f\x9c\xe0\xdf\x2d\x9e\xe9\x19\xc4\x23\x0a\x1f\x20\xb8\x5d\xfe\xfe\x1e\xa3\xd7\xf7\x7d\xb4\x70\xe4\x02\x24\x29\xef\x60\x9b\x0f\xf4\x49\x46\x44\x0a\xcb\x44\xcd\x13\x44\x5b\xcf\xa3\xf2\x05\x03\xc2\x6c\x2f\xb6\x63\xc8\x90\x65\xfb\x93\x34\xa6\x03\xeb\x9a\xb7\x15\x2e\x62\x62\x92\x33\xc4\x4c\xb0\x0e\x77\x71\x6d\x9b\x72\xc8\x4f\xd1\xb3\x40\x63\x4f\xf1\xce\xa3\x47\x50\x15\x76\x10\x0e\xcb\x0f\xd1\xbb\x76\xae\x0d\xff\x1c\x2b\x09\x48\xeb\x71\xee\x2c\xc3\x1e\x79\xd3\x01\x5d\x72\xdb\xee\x22\x4a\x98\x0e\x0f\x95\xa6\x9f\x79\x3d\xa8\x3a\x2d\xaa\x56\xef\xe5\x7b\x2f\x8c\xea\xac\x9e\x55\xf4\x43\xca\x9e\x73\x2b\x48\xc7\x5f\xac\x21\xc3\x6f\xa7\x72\x73\xc3\xf3\x48\x35\xff\xd8\x3c\x96\xf0\x0a\xc6\xe8\x6c\xff\xed\x08\x15\x36\x46\xc1\xce\xa2\x23\xda\x9c\xa3\x60\xca\xb9\x7e\x03\xb2\xb6\xc8\xfb\xa7\xc1\x95\xa3\x9a\xe5\x2e\xb2\xee\x86\x43\x00\xae\x56\xa1\x0f\x54\x7f\x99\xa3\x16\x98\x72\x24\x9f\x97\x77\x4b\x17\x98\x93\x55\x36\xf2\xf5\xf0\x11\xce\x57\x61\x3a\x94\xfc\xb7\xe7\x28\x6a\x6d\x49\xc1\x0f\xd9\x29\xd7\x67\x1c\xbb\x8c\xf1\x7d\xfc\xad\x4b\x24\x85\xc3\xd8\xfd\x79\x12\x87\x21\xe5\x5d\x84\x80\x87\x63\xc2\xaf\xa9\xc5\x5e\x3b\x0c\xd7\xbf\x2f\x0a\x66\xb5\xe4\x67\xbe\xc5\xee\x89\xad\x57\x0b\x60\xf1\x88\xb3\xf7\xb4\xa5\x11\xff\x85\x93\x12\xde\xd0\x78\xd8\xd0\x09\x11\x34\xfd\x49\xbc\x79\x2d\x2d\x7d\x60\xb3\x04\x94\x1c\x7f\x23\x20\x6f\x99\xe8\x63\xb1\xe2\xd8\xc9\xec\xff\xd2\xff\x0a\x3a\x3c\x75\x49\x85\x61\x5a\x9a\x92\xed\xce\xad\x00\xfe\x0e\x05\x49\x3b\x19\x8d\x1f\x7c\x90\x08\x84\x46\xbb\xa4\x60\x38\xa7\x1f\x32\x65\x3b\x59\x12\xb2\x4f\x43\x13\x77\x48\xb7\x5a\xec\x2c\x15\xfe\x4b\xf5\xa6\xf8\x6b\x8a\x6c\xdd\x9c\x74\x47\xf2\xeb\xb0\xf4\x3b\x01\xca\x15\x23\xe0\xd4\x96\x24\x00\x06\xad\x7f\xff\xfa\xfe\x0d\xf5\x75\x4b\x34\x2c\xaf\xf3\x55\x5d\x72\xa2\x7d\x0b\x92\xca\x16\x67\x66\x5c\xec\x43\xbf\xb5\x83\x07\x7a\x9c\x17\x41\xfa\x49\x2c\xe3\xdc\x2c\x75\x29\xcd\xed\x81\xb8\x28\x1a\x3f\x37\x59\x48\xb8\xa7\xce\xd0\x96\xb2\xfa\xcc\x25\xe3\x90\x29\xe2\x21\xb6\x6a\x53\xd3\x97\x9e\x1f\x40\x5f\xd8\x8a\xfc\x06\xec\x6e\x43\x09\xdc\x85\xe6\x9d\x6e\xf2\xb4\xb4\x92\x66\x16\x4a\x9d\x9d\x1c\x31\xee\x39\x21\x12\x7b\x13\x38\x1b\xfb\x74\x0d\xd3\x8d\xc1\xc7\x31\x59\x21\xf9\xc2\xfe\x58\xb6\x1b\x63\x1a\x7d\x9f\xde\x2d\xd8\xa4\xbe\x3d\xed\x04\x90\xae\x3b\x83\x76\x79\x19\x55\xc1\xc4\xb4\xfe\xd0\x0b\x9f\x4c\x38\xab\x73\x50\xfc\x2e\x37\xa3\x15\x0c\x18\x16\x2b\x1f\xaf\x03\x37\x89\x4b\xc2\x3e\x74\xf5\x95\xe4\xbe\x33\x46\x6d\xea\xb3\x54\x58\xbe\x97\xb4\xf7\x56\x58\x97\xf0\x68\x52\xf7\x1c\x60\xfe\xf9\x10\x1d\x72\x6b\x72\xe0\x10\x2a\x97\xb2\xca\x52\x11\xe3\x80\x68\x34\xb0\xac\x1a\x7d\xf8\x7c\x2a\x07\x8d\xf2\x63\xef\x8b\xa4\x57\xdc\x89\x1b\x7f\x2e\x62\x78\x11\xab\x62\x2b\x99\x46\xf8\xc6\xb7\x31\xf2\x40\x78\xd1\x7b\x06\xb2\x00\xc3\x44\x7f\x80\x32\xaa\x3e\x7a\x24\x3e\xe4\x22\xdd\xa2\xe6\x52\xfd\x75\x71\x3a\xfb\xce\x8a\x59\xef\x85\x36\x65\x3a\x48\xdc\xf4\x2a\x70\xe7\x62\x1f\x9b\x28\x02\x40\x9b\xe1\xc1\xa6\x1f\x32\xe3\x67\x89\xa5\xc5\x05\x5e\x1a\x82\x68\xe9\xdc\x43\x8c\x2e\x15\x27"},
+{{0x0c,0x80,0x8b,0x06,0x6f,0x0c,0x8e,0x8d,0xbb,0x1c,0x23,0xd6,0xc2,0xce,0xdd,0x0b,0xe8,0x66,0xd8,0x42,0x5f,0x24,0x1a,0x92,0x85,0x70,0x0e,0xa5,0x45,0x36,0xcf,0x6d,},{0x44,0xee,0x72,0x90,0x04,0x50,0xc5,0x6a,0xb2,0x1f,0x26,0x86,0xd2,0x95,0x25,0xd0,0x66,0x3e,0x0b,0xdd,0x87,0x72,0x5b,0xea,0xc5,0xd6,0x8b,0xac,0xeb,0x69,0xf1,0xd2,},{0x38,0xc6,0x82,0xce,0xde,0xfb,0x13,0xe4,0x6b,0x11,0xf7,0xb5,0xf8,0x00,0xcc,0x81,0x20,0xd4,0x5a,0x83,0xcd,0x8d,0x8d,0xec,0x10,0xc5,0x77,0xbb,0x01,0x53,0xd5,0x09,0xba,0x4f,0xdf,0x40,0x09,0x98,0x78,0x8b,0x70,0x60,0x07,0xce,0x16,0x2b,0x96,0x94,0x5c,0x71,0x40,0xbe,0xee,0x74,0xe1,0x9d,0x07,0x43,0xaf,0xa4,0xec,0xfd,0x25,0x0a,},"\xc9\x45\x71\x41\x00\x58\x1f\x4e\x24\xda\x11\xfc\x0f\x6c\x6d\x02\x10\x43\x3f\x97\x77\x52\x51\x24\xc5\x5e\xe0\x72\xd8\x5d\x79\x8b\x70\x5f\x9d\x31\xc8\xf9\x77\xdb\x6e\xdf\xb7\xa6\x5c\x78\xad\x2d\x7d\x31\xd6\xb7\xb5\xbe\x40\xff\x11\x78\xd3\x03\xb6\x83\x9b\xb0\xc6\x32\x10\xc1\xd3\x38\xc1\x03\xaf\xa0\xd4\x53\xec\xa1\xbc\xa2\x77\xd9\x30\x77\x8a\xd5\x08\x02\x27\x2f\x03\xdb\xe2\x18\x4f\xc3\x1e\xf8\xea\x6a\xbe\x21\x69\x97\x19\x9f\x7c\x1b\x33\x77\x37\x96\x89\x07\x27\x2a\xa5\x1b\xd4\x9c\x07\x38\x9c\x95\x46\x8c\xef\x4f\xd9\x9a\xe7\x8c\xa4\x54\x2a\x2b\xbc\x0e\x8a\xa9\x52\x14\xad\x1c\xff\xf9\xd5\x08\x5a\x43\x43\x94\x47\x3b\x84\xb7\x4b\xe9\xbf\x2f\x02\x02\xad\x1e\xe4\x61\x66\x04\xca\x1d\xd7\x5f\x4a\x19\x53\x42\xeb\xbf\x8f\xc5\x9f\x3f\x79\x61\x65\x54\xdc\x7b\xfd\xd5\x56\xbe\x43\x72\x21\xc1\x0b\xfa\xd3\x9e\x11\x9e\x06\x04\x5b\xe5\xfe\xd6\x83\xd3\x53\x4f\xb6\xcf\xed\x33\x89\x1c\x96\xf9\xc3\x30\xf2\x8b\x68\x4f\x8f\xba\xd4\x7c\x01\x41\x8e\xab\x6c\xee\xcc\x2e\xd7\x77\xf4\xc2\x18\xa2\x7a\xc2\x25\x82\x39\x23\x15\xc5\x3a\xa7\x30\x9e\xc5\x4c\x61\x75\x23\x6e\x44\x24\xdc\x97\x84\x65\xab\x62\x8d\x95\x44\xb0\xbe\x84\x10\x3e\xb5\x6f\x1b\xaf\xe5\xe5\xea\xed\x04\xc9\x8b\xfe\x2e\x8a\x24\x18\xc6\xc5\x2a\x61\xea\xce\x85\x23\x6b\x66\xc7\xb3\xb8\x70\x7e\xd5\x56\x41\xdd\x9d\x5d\xa9\x7c\x99\xc1\x1c\xbe\xb9\xaa\x2d\xb1\x47\x82\x0d\xc7\x24\x80\x0a\x9d\x80\xf5\x05\xfa\x5a\xf2\x09\x21\xca\xd2\x43\x56\x83\xbb\x4f\xc6\x0b\xdd\xd4\x75\xf8\x63\xe2\xf5\x95\x0d\x23\x63\x99\xd8\xd7\x5b\x40\x4b\x39\x4a\x54\x67\x37\xf9\x3a\x62\x40\x87\x00\xb3\xab\x3c\x1e\x92\x2b\x1a\x85\x9a\x29\x15\xc2\xd3\x53\x68\x81\x5c\xd4\x5b\x85\xb2\xac\x08\x31\x21\xff\x00\x0f\x05\x0d\xcd\xf4\x15\xe5\x27\x5a\x5c\x42\xda\xe3\xb1\x54\x00\xf3\xdd\xaf\x93\x39\xf2\x0a\x12\x61\xa8\x8c\xd9\x02\x05\x63\x97\x63\x21\x11\x52\xdf\x41\x4a\x9a\x6a\x62\x18\xf5\x6b\x35\xa2\xde\x9e\x84\x82\x44\x9f\x6d\xa7\x7c\x9e\x3d\x4a\xf0\x49\x30\x15\xa7\x26\x21\x7f\x82\xac\x58\x95\x4f\xe3\xe2\xe3\x44\x40\x35\x6b\x11\x2e\x06\xa6\xf6\x71\xfb\x5a\x6e\xf4\x61\x9a\x6e\xa7\xb4\xe0\x4d\xb3\x75\x7f\xb6\x64\xc3\x96\xb3\x41\xca\x89\x00\x1d\xc1\x60\x4b\x51\xfa\x91\x53\xf9\x13\x0c\x10\x20\xff\x88\x90\x92\x87\x82\x3a\xb3\x91\x5c\xcc\x85\xc4\xe3\x5d\xf6\xc2\xf8\xe6\xf9\x02\xbe\x82\xba\x21\x29\x7f\xd3\x83\x5a\xff\x5c\xe0\x2f\x3c\x07\xdc\x09\x3f\xcb\x1a\xba\x26\xe0\x6d\xfe\x6f\x02\xdf\x79\x29\x1a\xac\xa0\x69\xec\xab\x93\x81\x40\x4c\x9c\x3e\xa1\xad\x40\x9a\xdf\x29\x2a\x91\xe3\xa5\x82\xd5\xa7\xb6\x8f\xfb\xe1\x0a\x03\x05\x24\x8e\x09\x67\xe6\xdf\x37\x2f\x28\x1b\xd1\x92\xe1\x39\x97\x9c\x98\x66\xca\x8f\xe1\xe1\x0e\x06\x16\xdc\x2d\x4f\x85\xe1\x19\xe0\xcb\x4b\xfe\x8c\xc3\x1d\x9f\x5c\x01\x8b\x65\x40\x85\x24\x00\x0a\x30\x16\xa2\x3d\x99\x14\xd5\x7e\x95\x55\x76\xe2\x66\x0b\x0e\x0d\x96\xc8\x49\x5a\x12\xc3\xd7\x31\x22\xd2\x00\xb0\xf0\xe5\xeb\xd4\x46\x56\x2b\x08\xf4\x79\x34\xab\x49\x9a\x96\x99\x1d\xcf\x99\xc9\x6a\x62\x88\x07\x39\x84\x5d\x29\x82\x01\x50\x55\x3e\xae\x9b\xe0\xbb\x41\xd5\x3d\x3a\xf0\x1d\x98\x67\xbb\x47\x32\xc9\x0b\xf6\xe1\x37\x31\x6e\x3b\x1e\xdc\xc2\x09\xa8\xa0\x9f\xb0\x62\xa6\xef\x05\xf3\x7e\x57\xf2\xc5\xd1\xd0\xca\xba\xf0\x7a\x8e\xd7\xd4\x14\x55\x40\x7b\x09\x67\x54\x18\x0a\xa9\x6d\x3d\x96\x59\x19\x45\xdd\x7a\x10\x40\xa2\xde\x60\xd8\xe1\xc0\x54\xf7\x85\x46\x52\xb7\x32\xe7\xa8\xf5\xb6\x47\x4c\x3b\xaa\x18\x40\xfb\xe8\x1b\x1e\x6b\x54\xe2\x01\xef\x0b\xc8\xd0\xf2\x13\xd7\xce\xc1\xd8\x24\xd2\x22\x09\xac\x72\x52\x5a\x64\xb9\x03\xe7\x73\xb8\x3f\x1b\x68\xf6\x40\x27\x9f\x15\x05\x3d\x21\xec\x15\xce\x2f\xf7\x59\x22\x17\x6b\x75\x84\xa1\x6b\xf1\xa1\xf0\xd6\x36\xb7\x94\x2a\x3d\x61\x86\x2f\x6f\xd1\x30\x99\x72\xd3\x14\x1e\xb7\x69\x31\x4c\xa9\x75\xd0\x20\xbf\x02\xbf\xdd\xf1\x7d\x14\xb6\x0e\xb7\x86\xbf\x9f\x55\x98\x9f\xe4\x73\x32\x0d\x44\x29\x67\x7e\x30\x1c\x68\x26\x33\xf8\x13\xff\x26\xc0\xa3\xda\x92\xf6\xd0\x68\x06\x16\x10\x5b\x04\x25\xaf\x33\x8c\x2e\xa6\x15\x3b\xdd\x52\x16\xfa\xe2\xaf\xe4\x61\xe9\x24\x9c\x05\xe3\x2f\x76\xad\x7c\x42\x9d\x92\x53\x4b\x68\x6d\xd1"},
+{{0x04,0x9d,0xac,0x3c,0x97,0x7d,0x9d,0xf5,0x03,0x49,0x6b,0x43,0xd7,0x6e,0x55,0x40,0xe3,0x15,0x00,0x1a,0xd5,0x7f,0x15,0xea,0x9f,0x08,0x70,0xca,0xd2,0xd4,0xf9,0xe9,},{0xfc,0x6f,0x4b,0x7e,0xb3,0x9a,0x71,0x16,0x80,0xf9,0x66,0xd4,0x68,0xa6,0x1a,0xbb,0x13,0xa9,0xb6,0x44,0x9b,0xb9,0x9f,0xda,0x3d,0x12,0xce,0x1b,0x50,0x6d,0x1b,0x4b,},{0x75,0x32,0xd1,0xa6,0x1a,0x98,0x1f,0x30,0x3d,0x7c,0x24,0x54,0x35,0x4f,0x99,0x54,0x0c,0xd4,0x84,0xcd,0xe9,0xab,0x33,0x7d,0x6f,0x7b,0x51,0xf1,0x79,0x22,0x0f,0x7f,0xa2,0x07,0x34,0x76,0xb4,0x1c,0x71,0x52,0x9f,0x98,0x36,0xdb,0x6b,0x1d,0x0f,0x5a,0x48,0x2b,0xbb,0x4c,0x68,0x36,0x61,0x76,0xed,0x14,0xd4,0xd8,0xee,0xfa,0xde,0x0d,},"\x7f\x31\xe3\x46\xf6\x8d\xa7\x37\x16\xaa\xcb\x16\xee\xa1\x9b\xb2\x41\x42\xdc\x28\x3e\x72\x63\xff\xc3\xf7\x04\xa2\x2a\xe5\x27\x5a\x0e\xf9\x5f\x06\x69\xba\xe5\xa5\x4c\x7f\xeb\x84\xbc\x74\x87\x3c\xca\x0f\x33\x5d\x6c\xff\x3d\x8b\x4a\x20\x05\x6c\x64\xf5\xe8\x82\xcb\xbb\xd2\xac\x74\x20\x76\x76\x46\x7e\x54\x66\xdd\xd5\x6a\xed\xf5\x6e\x09\x7c\x7f\x59\xd9\x45\x91\x5e\xb0\xeb\xd0\xc3\xc8\x3d\x48\x88\x8d\x3e\x9e\xde\x51\xad\x2d\xd8\xa0\xee\x1e\xab\x4c\xf8\x7f\xfa\x78\x63\x5a\xfc\x4d\x6e\xf3\xe8\x7d\xda\x3b\x65\x56\x5c\x29\x85\xa4\xad\x0a\xcf\xdf\xb8\x1c\xb0\xe6\x1c\x67\x82\x6a\x6e\xa0\xbe\xd4\xc0\x8a\xa1\xa5\x41\xde\x60\x45\x87\x04\xac\x21\xca\x12\xf1\xc8\x11\x8b\xb3\x09\x2c\x35\xa4\x0c\x92\x1e\x68\x45\x64\x56\x2c\x2c\x10\x49\xdc\xdc\x2b\x8d\x6a\x97\xe3\x56\x7d\x35\x6b\xff\xb5\x69\x2a\x41\xd8\x9d\xdd\xa0\xec\x35\x52\x15\x2a\x27\x57\x7f\x1c\xce\x57\xd0\x09\x86\xdc\xa7\x7e\xdf\x5e\x25\x18\x15\x82\x00\xad\xf6\x90\xaf\xfb\x31\xaa\xf2\xb5\x74\x83\x68\x39\x44\x09\x99\xf1\x57\x91\xce\xa8\x53\x42\xac\x94\xa9\x6c\x7a\xf7\xa1\x9e\x49\x43\x10\xae\x26\x67\x5f\x43\xc3\x52\x58\xe8\x5b\x68\x40\xb9\x9c\x6b\x09\xcf\xa5\x8d\x19\xf1\xe4\x3a\x77\xe3\x97\xb0\x8c\x0d\xb1\x83\x0b\xca\x67\xb3\x9e\xcd\x87\x52\xda\x61\x1e\x08\x32\xc6\xca\xe7\xbb\x8c\xe7\x4a\x82\xe7\xe7\x33\x0b\xe5\x06\x2e\xd0\x5a\xa5\xc8\x44\x57\xb0\x07\xfb\x5c\xcd\xc2\x0a\x55\xd5\x4d\x8e\x04\x09\xc8\xbd\x83\x88\x3d\x2e\x02\x9d\xff\x26\xea\x5d\xb2\x75\xdc\xe0\x99\xe4\x18\x65\x9a\x04\x00\xf1\x3b\xe9\xff\xdc\x14\xe7\xd6\x45\xa9\x46\x77\xca\x84\x69\x70\xb7\xe6\xac\x52\x7f\xa0\x09\xa3\x59\x45\x4b\x3c\x49\x36\x49\x05\x18\x9f\xb4\x9c\x9b\xac\xb6\x50\xc0\x3c\xd8\x28\x75\x89\x4e\x35\x46\xba\x03\xc3\x2e\x33\x6f\xc6\x51\x6a\x87\x67\x6c\x50\xd5\xb8\x0b\x30\x54\x27\x3b\x15\x7c\x5d\x76\x75\x14\xe5\x45\x74\xb8\xa1\x01\x98\x5a\x8e\x96\x7e\x95\xda\x8f\x92\x98\x00\x26\x0e\x08\x14\x8b\xee\xe2\xd7\x78\x1e\x9e\x85\xd4\x63\xa9\x4f\xfe\xfd\xbb\x75\xc2\x8f\xa8\x89\x80\x15\x68\x09\x99\x42\x9c\xee\x79\x8b\x3f\xd2\xd9\x67\x37\x86\x8a\x26\x3f\xba\x9f\xb6\xf4\xaa\xd5\x6a\x15\xc6\x41\x2f\xf8\x5e\x7d\x37\x52\x10\x2d\xaa\xf2\x5e\x74\x5f\xa5\xf6\xf1\x74\xa2\x31\xfc\xce\x86\x24\xdd\x70\x85\x6f\x9b\xab\xcc\x20\x91\x44\xff\x68\x64\x64\x8d\xea\x0d\x68\x84\x56\x6a\x4c\x39\x14\x78\x05\xbe\x08\x4e\x47\x40\xbc\x50\x93\x09\xbc\xb1\x42\x96\x4b\xb0\xcf\xcf\x67\x26\xa0\xe0\x4b\xbf\x32\xae\x68\x34\x73\x2b\xda\x03\x84\xce\xa8\xf4\xa4\x84\x9b\xba\x0d\x18\x64\x6c\x1c\x34\x47\x18\x96\xb5\xbe\xf1\x49\xf8\xca\xb9\xec\x83\x72\x2b\x0f\xb2\x09\xef\xe8\xa0\x4c\x4a\x23\x5d\xc8\xdd\xb2\x0a\xcd\x92\x76\x5a\xfb\xf3\x05\x87\x40\xea\x70\xb9\xc1\x0d\x9c\x5a\xef\x86\x06\x29\x8f\xe4\x15\x15\x93\xb2\x1f\x79\x7d\x92\xae\x9f\x1e\x08\x81\xb0\xd2\x71\xb0\xd5\xb1\x0c\x6e\xd8\x3c\x34\x9e\xc2\x47\x3f\xbf\x2f\xf7\x80\xdc\xd0\x76\xd8\xcf\x0a\xea\xfa\x71\xfe\x2b\x8c\x51\x28\x01\x5f\x8f\xbb\xcf\xec\xd5\x28\x1c\xd5\xea\xcb\x6f\xe9\xac\x6e\xaa\x6e\x47\xd6\x67\xb9\xad\x4b\x7e\x41\x1e\x6c\xb7\x46\x3d\x56\x76\x07\xaf\xbf\xd0\x41\x8c\x4e\xb0\x6a\xfe\x84\x7f\x5e\x40\xb4\x99\x44\x38\x28\xd5\xa2\x73\xa4\xa8\x7e\x46\xde\xf2\x1a\x91\x9d\x73\x86\x3a\xf0\x05\x4a\x09\x9e\x3a\xdc\x54\x50\xb8\xe3\x2f\x51\xea\x52\xc5\x99\xa4\xa2\xa3\x53\x51\x78\x8a\xf7\xcb\x71\xe5\xc4\x4b\xcb\x8d\xf5\x4a\x60\x1e\x6e\xc2\xc1\x82\x8b\x48\xc4\xb1\xae\x44\x63\x10\x6f\x10\xef\xa5\xca\xf3\x09\x1a\xbf\x99\xaa\xba\x52\x52\xf4\x84\xd3\xbb\xc6\x2b\xfa\x6b\x2a\x80\x6d\x23\xc6\x33\x1a\x62\xfc\x46\xbc\x62\x76\x79\xe7\x3e\xc8\x2d\xcc\x08\xf7\x91\x43\xf4\xb7\x1e\xcf\x35\x7e\xa2\xf0\xd7\x4e\x6d\x30\x58\xe6\x06\x04\x3f\x6e\x8f\xed\x70\x42\x82\xc1\x6b\x1f\x98\x8f\xfa\x36\x5c\xfa\xe9\xa3\xcf\x79\x2e\x0c\x5b\xaa\xd7\x0c\xa7\xe2\x57\x76\x01\x8b\x5e\x7f\x0e\x95\x44\xe1\xd7\x3f\x3e\x5d\x1e\x41\x6a\x5e\x50\xfb\xed\x29\x6d\xc1\xbf\x4b\x29\xa3\xfb\xe3\x2e\xfb\xd7\xe9\x9c\x83\x01\x5d\x27\xf5\x35\xad\xec\xf1\x75\xfc\x36\xc1\xea\x4f\x44\x23\xb3\x6d\xcd\xc0\x54\xba\x99\x32\x78\xe8\x5a\xc3\x62\x2d\x43\x5f\x52\x37\xba\x61\xb4\x9a"},
+{{0xf0,0x7d,0x61,0xb5,0xca,0x1c,0x27,0x00,0xcb,0x50,0xf9,0x00,0xc2,0x6b,0x7c,0x28,0xf6,0xc6,0x94,0x08,0x08,0xc7,0xba,0xff,0xf7,0x4f,0xca,0x4b,0x11,0xf4,0x25,0xd4,},{0xeb,0x24,0x3d,0xfa,0xcc,0x2d,0xc6,0x43,0x57,0x76,0xd5,0x54,0xec,0xed,0x8b,0xf9,0x23,0x90,0x60,0x4b,0x35,0x55,0x7c,0xda,0x51,0xfd,0x20,0x3e,0xdd,0xb4,0x93,0xfa,},{0xc1,0x9b,0x53,0x2b,0x82,0x48,0x56,0x39,0x32,0x63,0x97,0x01,0xbf,0x15,0xbc,0x01,0x5f,0xae,0xbb,0x17,0xbb,0x98,0xd8,0x71,0x61,0x6e,0x10,0x48,0xd6,0x4c,0xa5,0xf9,0x55,0xf5,0x58,0xf6,0x3b,0x53,0x53,0xa1,0x57,0x6f,0xa1,0xac,0xae,0xf3,0x9b,0xcb,0xc9,0x02,0x17,0x56,0xdf,0x5d,0x1a,0xb3,0xbc,0x74,0x1a,0xcc,0xf9,0x05,0x9b,0x04,},"\xc1\xc6\x78\x43\xd6\x9a\x0e\x62\xe7\xbf\x71\xf9\x02\x06\xa3\xd5\x59\x5c\xa3\xc4\x82\xaa\xa7\x67\xe9\x31\xb0\xd6\xc2\xf4\x75\x2a\xb8\x69\x91\xf0\x35\x83\xbb\x13\x8e\x9f\x72\xfa\xb5\x8f\xd6\x02\xa4\xb6\xb2\x96\x02\xcf\x89\x14\x08\xaf\x5a\x1b\xfd\x33\x98\xc0\x17\x8c\x44\x14\x61\xe3\xf4\x9b\xc8\x1d\x64\xc0\xd9\x7f\x5d\xed\x69\x2c\x75\xd4\xd6\x4d\xac\x5d\x80\xd6\x3b\xd4\xdc\x52\x10\xc1\xd9\x35\x0b\x14\x2b\xa6\xe7\x68\xf1\x50\x80\x7a\xb8\xa8\x6c\xac\xdb\x59\xd8\x4d\xdf\x66\x0b\xe5\x62\x03\xc0\x14\xfb\xa1\xe0\xdc\x16\xfa\x6d\x32\x69\x4e\x14\xb1\x28\xed\xd1\xf6\xc6\xab\x44\x5a\x3a\xd3\x41\x74\xfa\x9e\x4b\x01\xf2\x5b\x1d\x5e\x6e\xb7\x69\x83\xb4\x29\x5c\xe4\x91\x4d\x3a\xe4\x8c\x70\x4a\x30\xe5\x54\xfc\x1f\x86\x8b\x62\x72\xef\xf0\x6d\xa2\x4b\xfe\x17\xe4\xe0\xf0\xfa\x46\xbb\x08\xff\xb9\x07\xcb\x61\xbe\xbe\x52\xdf\x31\x1a\x64\xcb\x57\x8b\x30\xfd\x62\x7d\xf1\x12\x21\xae\x40\x03\xa0\xb0\xc6\x8e\x3c\x6f\x95\xa2\x1c\x85\x00\xd4\x1b\x2c\x58\x9c\xc4\x6a\x13\x9c\xac\xff\x57\xdc\xf0\x07\x59\xf5\x2e\x9c\xa3\xda\xbd\xb1\x78\x8a\xb6\xb3\x8a\x50\x48\xf5\x8e\x08\xe0\x5c\x39\x4f\x9d\x3c\x72\x11\x3d\x45\x2b\x70\x84\xc5\x19\xf8\x6c\x16\x89\xff\xdb\xae\x50\x6e\xd8\x45\x05\x22\xcb\xe4\x3d\xe2\x7a\xa3\xbf\xdd\x92\xa9\x1b\x71\xe5\x2a\x3c\xbf\x77\xc1\xbd\x28\x93\xea\xbd\x40\x7a\x57\xfe\x5e\x14\x68\x73\xbf\xb2\x04\x3f\x4a\x61\x47\xdf\x08\x3e\x54\xa2\x20\x8d\x19\x25\x81\x3f\xa4\x04\xe4\xc4\x74\x06\xe7\x72\x86\x43\xeb\xfb\x0b\x10\x14\x2f\x90\x9e\xf8\x56\xfd\x3a\x91\x6b\xc0\x85\x15\x43\xb8\x2a\x55\xf8\xcd\x52\x9b\xd2\x1d\x9e\x29\x09\xd6\xd7\xe7\x7b\xdc\xea\x46\x73\xe5\x45\xff\x4a\x67\xfa\x37\xd6\x5f\x1f\x63\xf1\x1d\x5d\x0d\x55\x97\x4a\x30\xab\xe1\x88\x33\x5d\xb5\xdc\xbd\x35\x66\x58\xf9\xb7\x76\x82\xd9\x6d\xab\xb2\x58\xea\x95\x95\x1a\x05\x59\xae\xa4\x06\x4d\x5e\xa1\x68\x05\x01\xdc\xb4\x22\x8f\x2c\x95\x6f\x81\xd2\x10\x11\x44\xaf\x74\xc7\x16\xbc\x8b\xf4\x29\x6d\xc3\xb8\x31\x72\x5c\xc1\x7d\x3b\xfd\x90\x66\xa2\x99\x53\xb2\xec\xd7\x50\x59\x43\x5b\x49\xa2\x5a\xc5\x25\xb4\xfb\xab\x17\x79\x02\x2d\xfb\x6d\xe5\x25\x14\x9d\xcd\x90\x2a\xc8\xa7\xe2\x1f\x34\x4f\x5f\x01\x01\x48\x06\x92\xd6\x16\x08\x95\x2c\x71\x41\x3e\x30\x03\x79\x45\xe2\x06\xc5\xee\xad\xfc\x3e\xdc\x4b\xae\x0d\x79\x6c\xa0\xc5\xf5\x6d\x6f\xfb\x3f\x09\x69\xdf\x9d\xf8\xa7\x94\xf5\xdc\x83\xa3\xb2\xf5\xc3\xab\x36\xbb\x90\x1b\xcc\x31\x55\x1c\x55\x0c\x63\xfa\x41\xd6\xa8\xd5\x7b\xdb\x9b\x5c\x65\xbc\x61\x0c\x3a\x98\x97\x52\xab\x28\xa0\x15\xe7\xc2\xf6\xb2\xfb\xf1\x99\xa7\x6b\x97\x50\xc0\xd3\xd5\x92\x11\x9c\x8b\x40\x22\xfa\x45\xba\xde\x2f\xbb\x41\x43\x26\x79\xb5\x2a\xcb\x46\x08\xa9\x5c\x34\xaa\x40\xbf\xfe\xc1\x0b\xc9\x8f\x47\x29\xdf\xcc\xb6\x50\xb2\xa0\x52\xdf\xb0\x68\x95\x9e\x64\x8a\x92\xd5\xaa\x4d\xd2\xd1\x7d\xde\x67\xcd\xf2\xe6\x37\x7a\xf0\xd4\xae\x37\x96\x07\x38\x9d\x7e\x35\x96\x44\x1b\x9f\x42\x22\xcf\xf6\xaf\x73\xb3\x30\x02\x70\xce\x54\x80\x0b\xd9\x34\xa9\x10\x9a\x02\x56\x3a\xdc\x56\xae\x46\x58\x44\x51\xcd\xaf\x4a\x77\x53\x81\x57\xe5\x87\x0f\x4a\xe1\x2d\xbc\x81\x87\x0f\x5d\xb4\x1a\x2c\xb5\x5e\x00\xdb\x3d\x22\x31\x62\x8f\x17\x27\xc3\xac\xb9\x9e\xd3\xac\xd8\xb6\x71\x56\xa8\x00\x5a\x4c\xc8\xf3\xd3\x55\x5b\x79\xa0\x37\x73\xa9\x31\xf1\x4e\xeb\xce\x40\xb9\xfe\x46\xed\xe5\xda\x08\x81\xfb\x22\x07\x17\xe4\x18\xe8\xb5\xa0\xfe\x5e\x47\x7e\x72\x85\xc5\x54\xe8\x59\xe1\x64\x41\x67\x2b\x48\x99\x34\xa3\xa9\xee\xb8\x8d\x78\xfc\xc5\xc1\xdb\x2d\x1f\xbd\xde\x39\x27\x73\xf6\xc9\x39\x97\x2e\xe8\xfa\x31\x89\xf4\xe9\x87\x2b\x4a\xbd\xc8\x3b\x37\x9c\x0c\x10\xe8\x18\xdc\xff\x75\xc8\x3d\x68\x70\x72\x92\x84\xce\xd4\x1f\x2f\xf5\x5a\x87\xc9\x60\xe6\x3d\x12\x11\xf0\x80\x71\x29\x3f\x6a\xc6\x3f\x9b\xde\xf3\x8f\xd5\x91\x9c\xa9\x0b\x3f\x5e\x25\xa6\xc0\xc6\x64\xc4\xec\xf8\x31\xc6\x4e\x2d\x4c\x6e\x79\x8a\x98\xa3\xa0\xf7\xbe\x7a\x24\x63\xea\xda\xa6\xa2\xa3\x48\xf9\xa4\x94\x71\x71\x23\xcc\x0a\x28\xc0\xa5\xea\xe3\xf5\xb5\x85\xf2\xcb\x8c\xb2\x60\xc2\xc5\x03\xe4\x15\x78\x57\x3c\xd9\xb7\xcb\xa1\x40\x8d\xca\x9d\x86\x0a\xe4\xf8\xc3\xd3\xf3\x22\xa4\x5b\x58\xa2\xc4"},
+{{0x50,0x86,0x4a,0x75,0xaa,0x0c,0x69,0xb5,0x93,0x50,0x07,0x7c,0x20,0x4b,0x20,0x75,0x7f,0x2b,0x8b,0x68,0x55,0xc3,0x7e,0xd7,0x21,0xb4,0x9f,0x2a,0xc9,0x17,0xd6,0xb2,},{0xcf,0xf3,0xeb,0xd5,0xea,0x0c,0x8b,0x55,0x31,0xd9,0x21,0x1e,0x22,0x19,0xe4,0xcf,0xe5,0xde,0xd9,0x91,0xd8,0xec,0x42,0x4d,0xf5,0x4c,0xf5,0x3c,0x83,0x76,0xf9,0xbd,},{0x17,0x74,0x55,0xa7,0x16,0x94,0xf1,0x2b,0x76,0x2f,0xd1,0x7e,0x08,0xbd,0xf0,0x10,0xa7,0xfc,0x91,0xd1,0x91,0x41,0xd7,0xae,0x23,0x99,0xbd,0x24,0x1a,0x99,0x8a,0x6a,0x50,0xa9,0x72,0x2a,0xc1,0x23,0x2c,0x59,0xe4,0xe2,0xaa,0xa8,0x28,0x07,0x8b,0x2b,0x92,0xf4,0xa5,0x4c,0xdf,0x0e,0xfe,0xbb,0xa2,0xc1,0x6d,0xbe,0xaf,0x07,0x22,0x03,},"\xb3\x65\xf4\x76\xac\x92\xe7\x60\x12\xa7\xff\xd8\x78\x2a\xf1\x5a\x3f\x5e\xe1\x47\xf6\x03\xa3\x67\xad\xf2\xf9\x72\x46\x13\xe8\x76\x5b\x03\x7a\xc0\xeb\x1f\x67\x37\x36\xe1\x13\x63\xe3\x52\xed\x5a\xe9\xeb\x5a\x67\x12\x5e\xd8\x18\x90\x03\x42\xae\x93\x37\x1c\x43\x3b\x91\xf6\x02\x1d\x4b\xe2\xa0\x52\xb0\xda\x43\xb3\x68\x2e\x7f\x74\x0a\xe8\x01\xd0\x54\x10\x57\x85\x8e\xb0\xc9\xc2\x8d\x98\xf0\x3b\x45\xe1\x28\xaa\xa3\x42\xc6\xb6\x02\x77\x67\x92\xaa\x81\x24\x1c\xad\x06\xf1\x33\x8f\xa0\xc7\x17\x57\x18\x0f\x58\x8c\x83\x01\xd9\x1c\x27\x67\x9b\x50\x21\xcd\x75\xd7\xf6\x17\x1e\xe9\xf8\xd5\x6e\x43\x77\x67\x98\x12\xf6\xec\x5e\xd4\x65\x38\xca\xed\x50\x0c\x1d\x15\xf5\xfc\x86\xea\xf9\xed\x9c\xf9\xa0\x60\x6b\x22\x61\x4f\xaf\x67\x64\x62\x13\x4e\x3d\xb3\x58\x23\x32\xb4\x83\xdf\xa5\x4c\xa2\x9a\x5e\xb0\xd6\xba\xe3\x38\x0e\x19\xd0\x60\x11\x34\x53\xf3\x2b\xba\xb7\xe1\x18\x62\x7b\x40\xbc\xab\xf1\x71\x1b\xcf\xea\xb8\x95\x7d\xe3\x39\x43\x6c\x70\x88\xbb\x88\x31\x01\x53\x9a\x09\xd3\xbe\xf0\x88\xfc\x1f\x84\x07\x64\x03\x6f\xfb\xb3\x3d\xec\xd1\x2a\xac\x57\xfd\x26\xf8\x48\x23\xe1\x95\x53\xd4\xd6\x7e\x00\x0e\x94\x36\xca\x32\x3d\xe0\x99\xbc\x1c\xe7\x5e\xbf\x5d\xdc\xcb\x44\x8c\xd7\xa2\xe4\xbb\xd6\xb3\x2e\x3f\x20\x24\xf9\x6c\xc5\xc7\x15\x2b\x8b\xe8\xed\x0b\xd8\xe4\x36\xd3\x24\xd1\xce\x1d\xd3\xcf\xcc\x45\x2a\x28\xc7\x3a\x95\xaf\x84\x82\xaa\x77\x2a\xe5\x3d\x5b\xe1\x29\x2e\x39\xd1\x71\x6b\x43\x75\x8f\xe5\x63\xc8\xaa\x3b\x74\xbb\xa5\xc0\x2d\x04\x77\x8d\x91\xe3\xd4\x3d\xcc\x72\xbb\x7c\x7b\x04\x3c\x05\xc8\x74\x5b\x70\x5e\xe7\x5b\x5a\x4e\xc7\xb9\x5b\x65\x43\x59\xfb\x5e\x85\x33\x38\x21\x98\x51\xd4\x0a\x8a\xfb\xb4\xf9\x1e\xcb\xb4\x1e\xb8\x15\x34\x19\x6c\xc0\xcc\x9d\x3e\xb7\x14\x39\x6c\xaf\x04\x5b\x23\x17\x22\xd4\x48\x65\x03\x64\x04\x19\x98\x84\x80\xa7\x81\x58\x08\xbe\x97\x42\x87\x37\x2c\xfc\x48\x99\x65\xaa\xc5\xb8\x09\x5c\x63\x75\x81\xeb\x91\x0f\x90\x55\xcd\x1c\x0a\x0a\x3b\x0b\x33\xac\xa9\x0f\x7c\x5b\x8e\x6e\xf6\x83\xab\xf0\xce\x53\xae\xba\x51\xbe\xc4\xfc\x7b\x42\x7a\x23\x47\x36\x0f\xca\x86\x36\xd3\xf1\x46\x92\x84\xf2\x69\xa9\xab\xf0\xcb\x1a\x24\x4a\x15\xd6\xb4\x04\x65\xe7\x5c\xf8\x90\x92\x47\x4a\x8b\xed\xa0\x33\x39\x1d\xd3\x11\xc4\x99\x51\x9a\x08\xc4\xf0\x34\xe7\x19\x18\xd7\xca\xd4\x18\x45\x32\x7c\x89\xe7\xb1\xe9\x4a\xfb\x07\x23\x78\x2c\xe5\xc5\x53\xef\x36\x79\x1b\xba\x63\xde\x17\xd7\x46\x49\x18\x94\x01\x2c\xeb\xd8\x7b\x18\x37\xa8\x21\xef\x5c\x62\x4b\xbc\x84\xcc\x50\x35\xf5\xe7\x0c\xd9\xf2\x1b\x42\x21\x9a\x2d\xce\x30\xe0\xe6\x5c\x25\x0d\x0d\x19\x4d\x2b\x52\x48\x6b\x03\xee\x66\x33\x29\x81\xa5\x22\x51\x74\xdb\x17\xe5\xa8\xbb\x4a\x10\xed\x9c\x8a\x44\x5c\x41\x44\x2f\x3b\xcd\xb6\xb4\xf4\x9e\x4e\x1d\xc8\x76\x61\xa7\xb6\xe4\x1f\x35\xf5\x5d\xd6\x7b\xd4\xcb\xc6\xff\x58\xbf\xbf\xfa\xff\xd2\xc3\x82\xfc\xad\x0c\xae\x8f\x0d\xf9\xaf\x6a\xcf\x09\x40\x00\x76\x18\xa5\x4a\xee\x31\xd9\x32\xcb\xd8\xe8\xb4\x1c\xa0\x38\x21\xc4\x28\xa0\xef\x8e\x58\xd2\x43\x5e\xec\xd5\x03\xc5\x4d\xa9\xc1\x62\x8f\x3c\x74\x9b\x77\x05\x19\xf5\x3b\xf2\xd5\x7e\xd7\x12\xd0\x75\xd3\x73\x37\xb7\x7a\x2b\x10\xa7\x2d\x2d\x59\x0c\x20\xd5\xce\xc2\xca\xcc\x6c\x3a\x8d\xc1\x13\xe2\xd1\x6e\xf2\xd1\xb3\x90\xed\x96\xe4\x03\x6a\xcd\x30\x4e\x0c\x7c\xef\x9d\x43\x1f\x88\x21\x8a\xa1\xf8\x38\x28\xdd\xa6\x36\xb9\x4a\xa7\x61\xc7\x31\x7e\xcf\x11\x6c\xbf\xc6\x11\xe5\xba\x6d\x94\xc5\x0e\x99\x46\x93\x02\x3b\xdf\x2d\x24\x8e\xd6\x03\xf8\x5b\xe7\x3a\x00\x08\xb7\x5a\xde\xf9\x51\xdc\xcf\xa3\x0e\x42\xe9\xf5\xbb\x05\x02\x3a\xde\x79\x75\x06\xcb\xf9\x0b\xb6\xdc\xe4\x3c\xf3\xa1\xc3\x14\x1a\x5c\xc5\xfd\x9a\x4f\x3c\xc5\x57\xb9\x0e\x18\x04\x9b\x3c\x13\x0f\x46\x1e\x4f\x32\x29\x9f\xa1\xd1\xcf\x9c\x7f\x2e\xa2\x05\x35\x65\xe8\x16\x0a\x34\x1c\xdd\xf9\x9a\xcd\xdd\x49\x16\x97\xfa\x70\x51\x24\xab\xda\xb4\x2a\x5e\x8f\xcf\x04\x8d\xd9\xf1\x79\x38\x4e\xc9\x2a\x46\x9a\xeb\x11\xe8\xbc\x62\xb6\x9d\xbc\xfc\xec\x66\x81\x75\x47\x57\xe4\xc5\xd0\xfd\xd9\xb9\xcf\xda\x49\xaf\x09\xb8\x3a\x5a\x4a\x10\xae\xd9\xa4\xcf\x7d\xdf\xa2\x89\x20\x9d\x47\x5a\xb3\x31\x8c\xd4\xb9\x65\xe0\x07\xdc\xe1"},
+{{0xe5,0x5f,0x22,0x0f,0xff,0x80,0x79,0x14,0x8b,0x25,0x41,0x89,0xbb,0x29,0x41,0x74,0xf8,0xe2,0xc5,0x75,0xe5,0x7f,0x39,0xd4,0xba,0xc8,0x16,0x5c,0x5e,0x56,0xe7,0x69,},{0x7f,0xd5,0x07,0xd0,0x3f,0xe1,0xd6,0xe3,0xf9,0x11,0xf0,0x59,0x59,0x7b,0x0e,0x29,0x2e,0xa0,0x96,0xf5,0xbc,0x85,0x18,0x52,0x91,0x6b,0xf1,0x21,0x7c,0xaf,0xdc,0x6c,},{0xc1,0x02,0x3a,0x70,0x68,0x74,0x3e,0xc4,0x66,0x8f,0x49,0x5e,0xb7,0xbd,0x4d,0xb5,0x81,0x29,0xc1,0x1e,0x58,0x29,0x9e,0xa8,0x7d,0x6f,0xac,0xd3,0x02,0xbf,0x29,0x6a,0x98,0xe2,0x98,0xfd,0xb4,0x8e,0xdd,0xf9,0xc4,0x4e,0x79,0xae,0x86,0x41,0xf7,0x34,0x50,0x3b,0xb8,0x3d,0xc0,0xb3,0x1f,0x61,0x0d,0xf1,0xd1,0xe9,0xd6,0x19,0xa7,0x05,},"\x1e\x2c\xe8\xbf\x0e\xa7\x87\x5d\xf2\x85\xb1\xdb\xd3\x4b\xbe\x67\x30\x7f\x2e\x8a\xc8\xbc\x14\x2c\x3b\xa3\x14\xc1\x64\x2c\x65\xa2\xd6\x2e\xb2\xc7\x83\xf9\x16\x28\x3c\xa4\xec\x3e\x53\x6d\x3e\xeb\x65\xcf\xdc\xc0\x54\x9a\xc4\xf6\xa4\x5f\x53\x9a\xc5\xdf\x79\xa6\xd5\x76\x82\x19\x73\x9d\x0c\x9a\x0c\xdb\xb3\x12\x42\x29\x6c\x33\x12\xb7\xed\x56\x00\x43\xf5\x36\xcd\x1d\xe9\xa9\xc2\xb2\x89\x64\x1a\x1c\x2d\x84\xf9\xa6\x8b\x7c\x03\xb8\xb8\x56\x7e\x5d\xc7\x13\x8c\x2c\xb9\x67\xc6\x28\xaa\x25\xb2\xea\xb4\x34\xd4\x49\x0b\x23\x50\x74\x09\x71\x7c\xde\x94\xda\x59\xdc\x1d\xc2\x5c\x7b\xe4\x2a\x8a\xa0\x2e\xdc\xf4\xd9\x95\x36\x8e\x6b\xa0\xee\x1f\x95\x36\x00\xdb\x98\xd2\x2d\xe0\xf8\xd2\x57\x02\x0e\x0a\x40\x6e\xe1\x66\x9b\xd5\x27\xb9\xfe\x1c\x61\x1f\x9b\xe5\xa3\xd7\x52\x8e\x8b\x61\x51\x67\x0a\x86\x63\xd2\xed\x1a\x58\xd3\xe3\x69\xbb\x72\x2a\x63\x02\xd7\xc1\x72\xa1\x9b\xda\xf3\x57\xee\xdb\x02\x27\x91\x56\xe3\xb9\x03\x44\x31\xa7\xd6\x8a\x39\x52\x8e\xb4\x02\x35\x87\x57\x3e\xb8\x8f\x30\xf9\x4e\x83\x3e\x8a\x23\xb9\xd0\xac\x7b\x5c\xa8\x78\x24\x59\x6b\xbb\x0a\x3d\x0c\xa1\xb1\x6a\x68\x78\xfd\xf7\xe2\xce\xa3\x4a\x6f\xfb\x95\xa9\xff\x4e\x88\x8a\x97\x59\x37\x35\xb8\x68\xda\x75\xd8\x70\x7b\xbf\xdb\x1d\x93\xeb\x86\xa5\x1e\x2d\x21\x5f\x1d\xd9\xdc\xf7\x83\x88\x72\x9a\x3e\xb0\xf0\x66\xdd\xc9\x41\xe9\x50\xc9\x21\x27\x19\x8b\xce\x63\xa5\x48\x68\xd9\x97\x02\x95\x72\xff\xa6\xf6\xfe\xa1\xd3\xa6\x91\x64\xc9\x99\x69\x53\xdc\x8b\x6f\x9d\xad\x06\x35\xc9\xb0\x81\xf5\x5f\x98\x33\x40\xf0\x81\x4b\xf5\x47\x08\x03\x09\x0e\x79\x97\xf7\xab\x79\x6c\x2b\x15\xad\xaf\x40\x21\xd6\x7c\xff\xaf\x6e\x1e\xf6\x28\x67\x50\x39\x45\xc2\x1a\x32\x96\x64\xe0\x8a\x95\xa4\x15\x82\x30\x0d\xa9\xbe\xd2\x08\x44\x4c\xe6\xaa\x12\xb3\xf8\x67\x79\x5c\x6e\xe4\xc4\xc9\x25\x70\x18\x62\x73\x61\x29\x3b\xd5\x27\x82\x1a\x29\xa3\x39\xb4\x04\xa2\xda\x4b\xd9\x94\x4f\x87\x70\x40\x79\x8b\xb5\x4a\xbd\x2d\x76\xcb\xb1\x8d\xf4\x29\x7f\x4c\xe3\x33\x7f\x64\xd2\x05\x80\xaa\x64\xbd\xec\xac\x37\x6a\x6a\x4f\xf7\x4d\x01\x44\xb2\xfe\x74\xce\xf8\x2d\x50\xa5\xe6\xbd\xd7\x99\xe5\x5f\xf6\x96\x62\xba\xc5\x37\xad\xcb\x68\x81\x22\x8c\xb6\x37\x04\x50\x0c\x14\x3a\x4f\x4d\x1d\xb2\x8d\x45\x56\xbe\xe6\x04\xa3\x99\xff\xd2\x06\x54\x65\x97\xde\xe9\x22\x52\x54\x7f\x6c\x65\x7f\x36\x84\x1a\x87\xd5\x65\xf6\x55\x27\x16\xc2\x5a\x21\x15\x14\x77\xbe\xe9\xef\x96\x18\x55\xfb\x1a\xf2\xda\x80\x68\xf2\x8c\xe9\xff\x70\xd5\x25\x2c\x7a\x63\xa2\xe1\x4d\xed\x6b\x89\x77\xb1\xd7\x69\x1a\x77\xed\x2e\x57\xd2\x2f\xf2\xe1\xfc\x4c\xdb\xce\xb5\xe8\x05\x85\x8d\x90\x38\x96\xea\x67\x07\xe4\x8b\x34\x5f\x60\xe2\x81\x8b\x2f\xce\xc4\xdb\xa4\x8c\xae\xa9\xef\xa3\x82\x79\xfb\x83\xd5\xb0\xf4\x6a\x45\xe4\x2c\x41\x76\x5d\x01\x71\xba\xac\xd8\xd6\xdd\xa7\x99\x13\x14\xb3\x4e\x15\xfd\x36\x12\x7c\x46\x7d\x1d\xe0\x1c\x01\xa3\xa7\x8a\x8c\x1b\x10\x3b\xee\x17\xa7\xa0\xb7\xac\x55\x76\xfd\xc2\x26\xdd\x24\x59\x77\x31\x46\xcf\x38\x26\x14\x17\xca\x19\x13\x5d\xbd\xa9\xbd\xbe\x54\xcd\x17\xaa\x7d\xdd\x38\xfd\xca\xc2\xab\xa3\x96\xb3\x65\xce\xae\x98\x91\x9f\x6c\x51\x77\xfc\x58\x3f\x5b\xee\x3f\x48\x70\x49\x14\x30\x6a\xa1\x9e\xe9\x0e\x3f\xd0\xde\x55\x91\xc6\x69\xff\x35\xab\x16\xfe\xf3\x8d\xee\x18\x7b\xae\x1e\x5a\xaa\x56\x6d\xf1\x05\x44\xb7\xd6\xd4\xeb\x00\xda\x7e\xbe\xb4\xec\xdc\xc4\xd8\xe3\x2b\x49\xcb\xbd\xc6\xe6\x66\x40\xbd\xb0\xf7\x2e\x05\x91\x8a\x05\xc3\x5d\x9b\xff\x7e\x0e\x88\xf2\x41\xd7\xc6\xc8\xcb\x2f\xed\xcc\xdf\x65\x56\x0a\xf0\xe7\x83\x3e\xfe\x34\xaf\x79\x0d\xb6\x31\x89\x02\x2c\xfd\x71\xfc\x8a\xcf\x88\x86\x01\x27\xbd\x4f\xbf\x02\x6b\xcb\xe3\x60\xe3\x3a\x89\x95\xe6\x36\xd0\x3b\xb8\x6d\xfd\x01\x98\xad\xa9\x59\x34\x2d\x8e\x9c\x9e\xd9\x3e\x23\x29\x7d\xa9\x8d\x66\xa0\xd4\xfc\x96\x51\x62\x73\x3b\xc8\x65\x41\xb9\x5a\x6c\x90\x97\xcb\x55\xa9\x73\xc6\xfa\xc1\x94\xe8\xf8\xa1\x64\x27\x4c\x47\x9c\x51\x0e\x62\xd8\xa0\x35\xeb\x75\x11\x81\xb5\x02\xaf\xb6\x14\xd8\xc4\x46\x7b\x54\x45\xc2\x68\xdc\x3d\xd0\xab\xbd\x57\x70\x04\xc0\xbc\x47\xb1\x5f\xcb\x80\x1b\x79\x35\x97\x57\xb5\xea\x89\xcf\x8c\xf7\x7f\xc6\xd1\x60\xe6\xcd\x73\xc4"},
+{{0xd5,0xe3,0xa4,0x06,0x71,0xbd,0x45,0xf0,0x88,0x42,0xdd,0xc7,0x8a,0xbe,0x57,0xde,0x3b,0x9c,0xe5,0x64,0x6b,0x73,0x0d,0x2e,0x59,0xfe,0xcf,0x5a,0x7d,0xf8,0x0f,0x40,},{0x41,0x6c,0x37,0xae,0x1a,0xd1,0x5b,0x63,0x2b,0x0e,0xa4,0x39,0x32,0xc1,0x76,0x37,0x28,0x2c,0xd9,0x1d,0x59,0x79,0x55,0x2e,0x5e,0xeb,0xb9,0x9a,0x41,0x9d,0x5c,0x97,},{0x63,0xde,0x6a,0x98,0x11,0x42,0x36,0x5a,0x3e,0x59,0x26,0x31,0xc8,0x27,0x72,0x37,0x80,0x97,0x39,0xd1,0xc9,0x8f,0x5a,0x1c,0xb2,0xcc,0xcd,0x34,0x06,0x7d,0x1c,0xa5,0xdc,0x8f,0x2f,0xc6,0x3b,0x8a,0xe1,0xa6,0x89,0xdc,0xaa,0x29,0x1b,0xa6,0xb6,0x9b,0x1a,0x67,0x95,0xc5,0x79,0xa5,0xdb,0x6d,0xcc,0xee,0x73,0xf6,0xa4,0x20,0xac,0x0a,},"\x09\xfe\x6f\xfa\x8b\xf0\x94\x2a\x64\x92\x13\x57\x65\x9d\xbc\x6e\x4f\x8b\x63\xca\x3b\x9e\xa4\x75\xea\x39\xd7\x92\x52\x90\xa1\x48\xd8\x7b\xb1\x55\x74\x1d\xfa\x28\xae\x1b\xea\xdc\x1f\x3e\x1a\xb7\x67\x37\xeb\x5d\x5d\xda\xde\xd0\xbb\x38\x2d\x7e\x11\xea\x81\xa5\xe7\x80\x16\x12\x69\x62\x60\xba\x3b\xd0\x9c\x80\xb6\x23\xf6\x36\x38\x0a\xa0\x20\x8f\xee\x0a\xff\x70\x81\x2d\x53\x07\xb2\x71\x83\x83\x23\x43\xde\xba\xa3\x60\x5d\xda\xd1\x7d\xdd\x70\xd6\x11\x40\x0d\xdd\x10\xd6\x38\xaa\x3d\x6c\x68\xa2\x8c\xf0\xe9\x7c\x1d\xed\xf6\xcc\xd9\xc7\x31\xa8\x4f\xf0\x40\x5a\x3a\x22\xdc\xba\x00\xab\x44\xd5\xb2\x18\x44\xf1\x4d\x13\x74\xac\x0c\xb1\xe5\x8d\xf4\xa9\x0c\x41\x25\x63\xcf\xe6\x9d\x88\x2d\x35\x0f\x6a\xaf\xbf\xa6\x4f\xa2\xf9\xff\x82\x60\x32\x32\x67\x80\xae\xcf\x93\x05\xd8\x21\x7c\x17\x9d\xbb\x63\xc1\x51\x54\x12\x32\xeb\x65\x97\x92\x65\xd8\x76\xc4\xbc\x43\x05\xc0\x2f\x40\xbc\x1d\x05\xdb\xaf\x7d\xcf\x4f\x7d\xd9\x23\x2c\x17\xee\x0f\x7a\x05\x55\xf5\x04\xba\x37\x74\x54\x84\x88\x93\x3e\x75\x71\xeb\x3f\x71\xc4\xcb\xb2\x0c\xc4\xe4\xa7\x32\x2f\x35\xac\x0e\x79\xa5\x91\x55\x79\x8d\xd0\xf5\xb3\xc1\x13\x19\xb7\xd8\xf3\xea\x79\xee\x3a\xcc\x68\xbd\xb9\xf3\x7c\x7d\x4c\x8f\x9c\xab\xa1\xeb\xf8\xeb\x7f\x43\xb4\x62\xae\xfd\x38\xe8\xc0\xd4\xc6\x39\x79\xcf\x66\x31\xde\xc3\x1a\xb5\xce\xd3\x93\x7e\xf5\xb2\x36\x2c\xb0\x9c\x71\xdd\x09\x66\x57\x70\x0f\xd9\x6b\xda\x55\x5e\x22\x71\x2f\x71\xae\xc1\x1a\xe5\xe9\x1b\x24\xbd\x16\x49\x49\x8b\x8d\x9f\x86\x7f\xb6\xc4\x1e\x07\x60\x80\xf7\x40\xd0\x74\xc2\xa2\x55\x72\xd3\x4e\x66\x6b\x63\x67\xbf\x7c\xbb\x3d\xd4\x2a\x23\x82\xdc\x19\x73\x96\x12\x68\x60\x53\x96\x81\x0a\x45\x6a\xc0\x81\xbb\xfd\x3a\x54\xb4\x48\x81\xfc\xfc\x45\xb4\x24\x5e\xe7\x24\x65\xb4\x87\xd0\x7f\x2e\xf3\xf7\x4a\xdd\x71\xcd\xfd\xd1\x6e\x92\xfe\x25\x7d\x33\x46\x45\xb0\xa9\xbc\x7d\x07\x26\x13\xfb\x9c\x0c\xde\xa9\xdb\x4c\x72\xbc\x87\x10\x9e\x10\x2d\x7c\xba\xf3\x66\xec\xd6\x7f\xbe\x3d\xed\x32\x74\x73\x07\xa7\xae\xef\x61\x73\x5a\xd3\xaa\x5c\xe9\x5d\xee\xcc\x16\xa1\x6e\xb2\xa0\xbc\xc7\xad\xc0\xa1\x1d\x88\x80\x32\x26\x0e\x7c\x7e\xc9\xe5\x4f\x5a\x25\x31\x70\x2a\x7e\x5d\xfb\x87\xc3\x6c\xe3\x13\xa3\x14\x75\x88\xae\xf9\x62\xc7\x2f\xa9\x66\xd2\x41\x63\x7c\x38\x8b\x83\xdd\xec\x93\x43\xbb\x86\x34\x3e\x92\x0b\x12\xce\x1c\xc9\x15\xc8\x3b\x31\xe9\x98\x62\x69\x06\x74\xea\x49\x35\xa4\x88\x09\xd4\xd2\x79\x05\x41\x37\x54\x63\x92\xad\x9f\x08\xe7\xb8\xde\x61\xae\x73\xe8\x1e\x48\x3d\x3c\x63\xb5\xae\x73\x4e\x18\xe7\xa2\x2f\xee\xd1\x23\x3d\x0c\xa6\x33\x55\xf3\xa4\x8a\x33\x06\x7e\x1a\x0e\x19\x71\xf3\x6a\xa9\x29\xfe\x06\x13\xc2\x1c\x4a\xef\xf9\x41\x84\x29\xc3\xb0\x72\xa5\x98\x49\x59\x28\x7a\x5e\x5c\x40\xbe\x02\xbd\x22\xb9\xa7\x9c\x7f\x3f\x53\x59\xd2\xbb\xe4\x93\xf5\x56\xda\xcb\xb0\xcb\x4c\x29\x3c\x7d\x94\x12\x65\xe7\x77\x39\x2d\x14\x8d\x68\xc0\x7a\x13\xc8\xde\xc8\xe5\xd1\xe1\xc7\xf0\x41\xe8\x98\x3e\xdd\xda\xa4\x64\x9d\xac\x15\x72\xa3\x9a\xe4\xc6\x48\x0c\xa5\x50\xe2\xe4\x46\x2d\xcc\x84\x9c\x1b\xab\x78\x1d\x28\xa3\x55\x2b\x2d\x98\xe0\x2e\x15\x18\xe6\x55\x53\x40\xfb\x76\xd6\x8d\xb5\x89\x16\xd5\x56\xa7\xb8\x15\x63\xab\xa8\x1d\x9a\x57\xae\x50\xf0\x4c\xf5\x68\x60\x21\x84\x7d\x79\xb6\xbb\x3d\xa8\x01\x7a\x60\xb1\xc3\xbe\xef\xd4\x8d\x2b\x3c\xd3\x9c\x6f\x53\xc0\x8b\xcc\x96\x7d\x93\x06\x9f\x56\x2b\xb3\x6e\x0c\x4f\x4c\xa6\xbc\xcc\x5e\x57\xd3\x59\x03\xcd\x80\x0a\x61\x78\x5a\x93\x77\x0e\x37\x7f\x4f\xe8\xe9\xf4\xb6\x66\x80\x98\x49\x68\xf9\x64\x9e\x10\x5e\x7a\x11\x9d\x97\x63\x6f\x3a\x05\xca\xea\xb1\xd7\xea\x0b\xc8\x13\x34\xb4\x2d\x5c\xc0\x80\x83\x0e\xc2\x4d\x36\x9c\xf8\x67\x3a\x49\x0d\x59\xeb\x4c\xb0\x81\x81\xda\x39\xa4\x6d\x96\x6e\x23\xfe\xd8\xd3\x8a\x5f\xab\xc7\xe8\x43\xbc\xfb\x01\x5a\x44\x74\xbf\xd4\x6d\x4a\x43\xff\x4a\x51\xa9\x56\x76\x61\xe2\x69\x6d\xb8\x7c\x37\x58\xd3\xb5\x4c\xe7\x84\x6d\x13\x91\xd7\xf4\x65\x26\xef\x30\x84\x4d\x49\x32\x00\x18\xd7\x49\xb5\xd4\xdf\xd3\x0d\x38\x0c\x6e\x57\x3f\xc4\x14\xd8\xfe\xfc\x5d\x71\x04\x70\x75\x6b\xec\x00\xd8\x8a\xc4\xaf\xc9\x25\xd1\xed\xe3\x7e\xae\xe6\x00\x4a\x23\xea\x0e\xf8\xb6\x0e\x48"},
+{{0x4e,0xd7,0x04,0x8a,0xa1,0x28,0x4d,0xbb,0xcc,0x24,0x89,0x38,0xb4,0x0c,0x35,0x74,0x21,0x93,0x59,0x7a,0xdd,0xaf,0xdd,0xe0,0x64,0x13,0xb8,0xd4,0xcc,0xfb,0xe1,0x37,},{0xbf,0x84,0x1f,0xe4,0x44,0xad,0xd1,0xf7,0xc3,0xea,0xcd,0xfd,0x07,0x84,0xb4,0xe8,0x55,0xd2,0x40,0x5f,0x40,0x21,0xcd,0x9d,0x82,0x66,0x07,0x1c,0x32,0xc8,0xa2,0x73,},{0x10,0x6a,0x9d,0xeb,0x23,0x27,0xf3,0x38,0xcc,0xb7,0x1b,0xcc,0x94,0xe2,0xfe,0x3d,0x2e,0x97,0x3c,0xe6,0xdd,0x8f,0xa7,0xba,0xca,0x80,0x8b,0x41,0x11,0x81,0x3e,0x3b,0xc3,0xb4,0xd8,0x8e,0xfa,0x6a,0x00,0xc4,0x71,0x0b,0xbf,0xe5,0x31,0x96,0xf9,0xab,0x3a,0x15,0x0b,0x16,0x54,0xb9,0x08,0xfe,0xac,0xf9,0xc1,0x3d,0xf2,0xd6,0x38,0x02,},"\xdc\xff\x95\x87\xd6\x04\x6c\x11\x32\xbe\x07\xdf\x26\xdf\x63\x82\xff\x92\xcf\xc8\xeb\x53\x45\xc5\x1d\xd5\x0d\xd1\x88\xee\x76\x9f\x10\xa4\xde\x5e\x88\x83\xd1\x16\x96\x7b\xea\x97\xd3\xb3\x2b\xc8\xae\xbb\x9f\x01\x3d\x6d\xf9\x52\xf2\x51\xc1\xa3\x12\x34\x6e\x72\xce\xe1\x35\xa1\xbf\xd7\x6b\xf3\x08\x0a\x35\xc8\x38\xb4\x4d\x75\x5f\x26\x3d\x21\x03\x10\xfa\x8d\x28\xc4\xca\x52\xf0\x8c\xac\x5b\x83\xa8\xa3\xb1\xdf\xc4\x6d\x9b\x75\x2d\x9f\xc7\x36\x49\xd0\x0b\xb9\xee\x99\x26\x50\x63\x9c\x22\x5d\xea\xc1\xf3\x9b\x9e\x80\x36\x89\xd1\x9e\x6d\x9f\x8e\xf4\xf5\x1f\x1d\x11\x60\x1f\xac\xf4\x10\xdb\x64\x8b\xcc\x82\xbf\x64\x87\x69\xa7\xdd\x59\xc6\xe8\xa2\x37\xdb\x23\x9d\x3f\x66\x1d\x78\x52\xc4\x26\xd3\x94\xa9\x05\x09\x52\x6a\x85\x9b\x47\x64\x59\xde\xdb\xe6\xd8\x99\x36\xc0\xf3\x98\x99\x95\x51\x1d\x4a\x57\x6e\x54\x2c\xce\x5e\x0d\xd7\xee\xef\xeb\x03\x26\xd3\x3f\x25\xc2\x2a\xb6\xe7\x69\x06\x33\xf4\xc9\xed\x2a\xad\xf1\xd2\x4f\x94\x86\x21\x23\xa4\x64\x04\x2c\xea\x19\x3a\x2f\x04\x79\xd3\x9b\xcd\x1b\xbd\x1c\x7a\x0c\xa7\xe6\x25\x8e\xd3\x73\x23\x72\xf5\x4e\x0e\xd5\xe3\xf1\xe2\xe4\xd4\xa0\x4c\x51\x0b\xee\x08\xd1\xc6\xd5\x70\xcf\xd6\x3a\xbf\x14\xb4\xee\xf0\xb9\x6f\x39\xca\x29\xe4\x3c\x52\xf2\xca\x3d\xfd\x46\x0f\x66\xe3\x02\x35\xb1\x59\xaa\xef\x2c\xc1\x56\x01\x29\x69\xfd\x3d\x15\x99\x78\xd6\xca\xa0\xa9\x45\x22\x29\x1f\x79\x89\xd8\xaf\x10\x83\x19\x96\x13\x7b\x68\xd9\x7f\xc1\x7f\x6a\x9b\xc2\x84\x5e\xf3\xdd\x47\xcb\xc3\x86\xe8\x97\x7a\x86\x54\x36\x34\x12\xda\xc3\xac\x51\xc6\x38\x17\xb7\xc0\x51\x87\x8d\xcf\x45\x8a\xb3\x63\x0d\xd7\xae\xf6\x8d\x27\x0f\x8d\xa7\x88\x0a\x46\x7b\x33\x04\xf5\xba\xed\xfb\xa9\x17\x3e\x7e\xfd\x00\x7c\x41\x2d\x17\x20\x9c\x56\xd2\x39\x68\xe3\x40\xb8\xa0\xed\xb4\x1b\x7e\x2a\x40\x88\xbe\xc0\x1b\x53\x2d\xf8\x9b\x52\x15\x81\x31\x31\x10\x7b\x7b\x47\x4f\x03\xc2\xe4\x7d\x43\x17\xf1\x1c\x4f\x51\x60\x90\x43\x04\x99\x7e\x76\xa1\x21\xa9\x56\x02\x35\x20\x8d\x79\xb2\xda\xb4\xf7\xe1\x96\x79\x32\x02\xc0\x90\x2c\xe9\xc4\xbf\xc1\x0b\x8f\xe3\x97\xe3\x5c\xa0\x25\x64\x54\x66\x2a\xe8\x78\xef\xb0\xa0\xa6\x06\xfa\xc0\xa9\x52\xc9\xf6\xba\xae\xb2\xd4\x5b\x25\x8c\x61\x75\x59\xc0\xed\x25\x28\xa8\x8b\x49\xaa\x44\xee\x43\x03\x5b\x0d\x79\x3a\xad\x39\x53\xc1\xa5\xa3\x46\x38\x66\xbc\x81\x5b\x1f\xfc\xe2\xff\x2b\x65\xe0\xfd\x47\xdb\xc1\x5f\x4e\x7a\x06\xbf\xab\xc2\x90\xfc\x62\x09\x0b\xf7\xd9\x48\x53\xf7\x7c\x04\x44\xa9\xb9\x0e\xfe\x77\xd1\xce\xb4\xbd\x39\xe2\x03\xbc\x88\x40\x11\x62\x4e\x68\x46\xe2\xa3\x71\x05\x8d\xab\xa6\x3c\x23\xf8\x6c\x42\xc3\xe3\x1e\xaa\x4b\xd7\xd7\xa4\x2a\xf2\xd5\x24\x89\x6e\x31\xba\xa3\xe2\x07\x63\xf8\x5d\xcf\xd5\x27\x75\xf2\x80\x72\xd8\x9f\x0b\xd4\xfa\xe3\x0d\x0b\x13\x7e\xe3\x7a\xb0\x63\xba\x06\xfe\x9d\x4e\xc6\x2a\xbb\x2f\xea\x0f\x81\xb8\xcb\xee\xfc\x03\x00\x80\xb8\x02\x6a\x58\xfd\x18\x67\xf6\x6b\xe1\x15\x4e\x65\xbf\xea\x7d\xce\xc5\x5f\xe3\x2d\x51\xfb\x0b\x4a\x8a\x5a\x8a\x04\x42\x63\x94\x3d\x6a\xc8\x01\x1c\x6e\x67\x01\xbe\xec\x3a\x88\x65\x58\x40\xc4\x89\x2d\x45\x0d\x31\x2b\x76\x52\xd2\x51\x47\x69\xf2\x3b\xfd\x6e\x70\x46\x46\x7d\xf2\x9a\x28\x7f\xf3\xc4\xc9\xd0\xe6\x4e\x6d\x9e\x4e\xde\xe1\xb9\x35\xd0\x76\x81\xd4\x70\x04\x35\x28\x86\xe8\x47\xb0\xc6\xd5\x76\x2f\xd4\x5a\x81\xa5\x3c\xce\x94\x76\xc8\x87\x22\x1a\xea\x6c\x0c\x82\xbb\xf3\xb2\x97\x93\x2e\x5b\x11\xe5\x38\xa3\x24\x5d\x63\xd7\xb7\xb0\x91\xdf\xa1\xd7\xb9\xa0\xe2\xdb\x66\x98\xa4\xc5\xe9\xfe\x93\x16\x62\xd7\xc6\xec\x6d\x9d\x5b\x92\xbc\x7e\x04\x15\x55\xdf\x4d\xf0\xca\x11\xca\xbc\x48\x5f\x9c\x55\x61\x38\xa7\x17\x45\xf0\x3b\x97\x83\xbb\x20\x0b\x72\xd2\x33\x69\x7e\x8b\xcf\x6b\x41\x17\xee\x67\x63\xd7\x92\xd7\x42\x22\x64\x85\x2f\x4f\x30\xf8\xd1\x89\x0e\x2e\xa0\x80\x98\x04\x0f\x7f\x28\x8e\x4a\xbe\x90\xb6\x3c\xab\x2c\x14\x37\x30\x60\x84\x0e\xf8\x27\xec\xc8\x46\xcd\x56\x0e\x90\xa2\x0b\x83\x05\xf4\x63\xc3\x6e\xa0\x38\x84\xa5\xdf\x4c\x25\xf1\xba\x9e\xa1\x25\x95\x2d\xc0\x91\xb9\x75\x16\xde\x1d\x28\x7c\x0e\x2b\xf5\x29\x77\x5b\xa6\xd2\xf8\xed\xe0\x3c\xb4\x2c\x1e\x40\x0e\xc8\x04\xa9\xdf\x08\xe4\x6f\x44\xb5\x06\x63\x46\xe3\xf7\xc7\xa1\xa8"},
+{{0xc7,0xec,0xa8,0x3e,0x94,0x85,0x76,0xbd,0x9f,0x27,0x8f,0xd7,0xb8,0x28,0x00,0xa4,0x1d,0x92,0xda,0x9b,0x72,0xd5,0xa1,0xcc,0xdb,0xbc,0x65,0x58,0x10,0x52,0x56,0x8b,},{0x07,0x6b,0x83,0x52,0xdc,0xa8,0x03,0x1e,0x85,0x3c,0x8d,0x90,0x99,0xc2,0xef,0x57,0x93,0x37,0xcc,0x7b,0x2b,0x4c,0x75,0xd1,0xa0,0x63,0xea,0x3e,0xc7,0x25,0xb7,0xfd,},{0x86,0x99,0x6a,0x1b,0x8e,0x49,0x5d,0x42,0x52,0x77,0xe9,0x7c,0xc0,0x83,0x05,0x49,0x34,0x9b,0xc2,0xb6,0xf3,0xdc,0xda,0x60,0xf3,0xb7,0xd3,0x50,0x1b,0x8b,0x50,0xb5,0xb4,0x58,0xcd,0xa5,0x8b,0x43,0x6e,0x23,0xc0,0x2c,0xd4,0xa2,0x2b,0x23,0x48,0x13,0xaa,0x9b,0xcc,0x3c,0x61,0xf9,0x83,0xc0,0xb7,0xef,0xec,0xa0,0xf1,0xbe,0xc2,0x0d,},"\x8d\x8c\xef\xd6\x73\x85\x5c\xcd\x8e\xb8\x53\x4c\x31\x2d\x33\x80\x05\xbb\x05\xf5\xb9\x50\x7d\x58\x85\x9e\x1e\x95\x3b\x0a\x4d\x91\x3b\xe7\x59\xd8\xed\xfa\x92\x89\x8c\x6e\x70\xa5\x3f\x81\x95\x4f\xc3\x44\xb4\xad\x62\x46\xb0\x10\x94\x81\xba\x6f\x73\xae\x63\x31\xab\xf2\xdf\x10\x8e\xb2\xe8\x5c\xeb\x08\x7c\x1f\x6f\xcf\xc9\xde\x2c\x1f\x13\x9b\xa1\x77\x1b\x72\x68\x03\x02\xd8\x11\xcc\xd0\xcc\xd4\xe0\xc7\xfe\xb0\x13\x2e\xb2\x0b\x33\x4e\x5a\xab\xe5\xf6\x11\x9f\xd8\x94\x7d\x9e\x88\x52\xe1\xeb\x1b\x74\x10\x7e\x17\x41\x00\xe3\xe6\xdf\x0c\x3a\x68\x13\x0c\xa6\x30\x94\x02\x59\x4b\xb5\x0c\x1c\x8e\x27\x74\xf1\x32\x14\x49\x6a\x7b\x1f\x34\x83\x85\xea\xbf\xbc\xcb\xac\x16\x5a\x5a\x2e\x7d\x9d\xea\x5f\xfd\x58\xb0\xbd\x88\xb4\x9c\xb3\x31\xec\xb7\xf4\xe9\xd6\xba\xe9\x79\x1a\xd7\x88\xe6\xab\x89\x26\xc1\xcc\x16\x15\xde\xaf\x4c\xc4\x00\xc7\x7a\x31\x61\x97\xbc\xa1\x90\x49\x95\xe1\x36\x5d\x1b\x97\x02\x64\x83\x76\x11\x69\x30\xf6\xf9\x11\x66\xe6\x14\x86\x29\xe7\x5b\xe2\xd0\x68\x95\xf6\xa8\xd1\x5d\x5a\x94\xca\x69\xb7\x12\xf3\x3b\xcf\x95\xbe\x0c\x1b\xe6\x90\x2b\xb7\x8b\x8a\x23\x0d\x7a\x85\x60\xc4\xd8\x4e\x23\x89\x55\x2a\x81\x57\x1a\xa6\x65\xc1\x9c\x2e\x93\xb0\xd4\x3e\x8c\x2c\xbd\x9e\x88\x5d\x70\x52\x51\x8b\x77\xc4\x7e\x84\x1d\x11\x9d\xc2\x8b\x65\xa7\x50\x4f\x66\x42\x71\xf0\x6c\x7f\xf3\x93\xf8\x25\xb1\xe5\x93\x0d\x02\xb9\xc7\x00\x35\xe2\x92\x41\x1c\x4a\xed\xf6\x60\x47\x00\x69\x70\xe3\x49\xdf\xca\x7f\xb4\x1c\x10\xfd\x53\x7e\x35\x25\x2e\x10\x9e\x33\x36\xd7\xa8\x2a\x14\xde\x5d\x55\x40\xc6\xfc\x65\x71\xd5\x77\x4f\x39\xb7\xc4\x03\xe7\xb8\x87\x5e\xc2\x15\x87\x7e\xfc\x6c\xc8\xea\x48\xb1\x86\xb4\x68\x21\xea\x5e\xf2\xba\x8b\xac\xd4\x0d\x79\x7e\x6a\xdd\x06\x41\x32\x83\x14\x5b\x60\x46\x2b\x35\x03\xc5\xb8\x81\xd7\x9a\x59\x29\x55\xd1\x8a\xfa\x08\x96\x9e\x31\x45\x7f\x5b\x27\xda\xec\x01\x03\x38\xed\x86\x7f\x30\x08\x78\xfd\x87\xce\x32\x18\x80\xb8\x60\xa0\xc6\x42\x84\xca\x2d\xc1\x5f\x5e\x53\x10\xe1\x0e\x6a\x73\xa7\xea\x65\x0e\xa9\xd3\x73\x69\x4d\xa4\xdd\x42\x9a\xe7\x41\x2e\xf9\xb2\x9c\x83\xb3\xb0\x68\xc7\x47\x69\xf4\x31\xce\x06\x15\xf9\xff\x4f\x82\xba\xac\x47\xb4\xbc\xe9\x04\x49\xec\x41\xc2\xa2\xd5\x73\xd9\x2b\x92\xe0\x56\x31\x48\x61\x65\xbc\x71\x0e\xf5\x84\x0f\x80\xda\xe9\xf9\xdd\x5c\xff\xd4\xeb\xf5\xd1\x07\x46\x51\x0c\x5f\xcb\xfe\x62\xcb\x97\x03\xc0\xb1\x54\xc8\x6f\x10\x81\x66\x72\x49\x76\x70\xa3\xb0\x15\x0b\xb4\xe1\xb0\x3b\x3b\xd5\x44\xc1\x2a\x90\xc3\xed\xcc\xd7\x90\x0e\xbb\x5b\x31\xc9\x11\x17\xcc\x82\x81\xa3\xc4\xed\x04\x99\x8e\x99\xae\xd4\x1b\xb4\x1f\xce\x99\x90\xa4\x06\x48\x5b\x14\xdb\xe3\xbc\x1a\x5f\xcf\x77\x19\x50\x79\x90\xda\x3b\x0b\x3c\x68\xad\x40\xd8\x95\x0c\x0d\x49\xce\xd1\x01\x93\x19\xa3\xf3\x6a\xff\x6c\xaf\x75\xd7\xf9\xa0\x93\x3d\xd3\xab\xdd\x76\x92\xa1\x56\x2f\x06\x13\xfe\x4a\x27\x8d\x5c\xe4\xc8\xda\xfb\xb5\x5b\x2e\xc2\xaf\x2b\x24\xe8\x39\x6f\x58\x7b\x17\x0c\x9c\xa6\x54\x75\x08\xfa\xcd\xe7\x34\x90\xdf\xb0\x1e\xb6\x65\x7e\x3f\x4f\x27\x23\x04\xb7\x0b\xf0\x47\xa4\x3a\x2b\x58\xe5\x56\x8b\xc5\x2b\x2c\x8d\x4c\x03\x21\x9a\x5a\x8b\xd3\xdc\x06\x43\x18\x59\x13\xc0\xaf\x74\x11\xf8\x1b\x77\xbe\x2a\x9b\xfd\x5c\xb2\x69\x77\x11\x3d\x26\x58\xa9\x71\x92\xb4\x1c\xf6\xc7\x01\x1b\x0f\xf6\xa1\x1c\xbf\xf3\x50\x55\x46\x32\x2f\x0b\xef\x60\x97\xe4\x6b\x36\x49\x2b\x01\x6a\x45\x62\xe0\x92\xb6\x7c\x3f\xcc\xc7\x78\x0e\xa2\x74\xd9\x6d\x59\x58\x49\xf7\xe2\xa5\x6d\x79\xed\xcb\x32\xd7\x84\x04\x9f\xc1\x32\x4a\x5b\xee\xfc\x24\x19\x3a\x66\xe1\xca\xc4\xa1\x3a\x81\x1b\x90\x95\x83\xcc\x91\x0c\xf0\x8d\x4b\x10\x4d\xbd\xb8\xa6\xf2\xb2\x1f\xbc\x1d\xb1\x17\x5a\x1a\x23\x56\xa6\x3d\x3e\xea\x9d\xbb\x85\x37\xd2\xc6\x86\x27\x54\x3d\xf0\xd1\xf8\xfd\x8d\x57\xa1\x8b\x0d\xbd\x69\xb9\x20\xcb\x9b\x28\x6e\x3c\x07\xae\x44\xae\x2e\x1b\xee\xc0\x1c\xee\x6b\xa9\x88\xb5\xd1\xaf\xb9\x97\x90\xb1\xdd\x91\x06\x55\xc4\x3d\x7f\x2a\x3e\xd3\x75\x4b\xa4\x65\x16\xd2\x78\x70\x55\x59\xf5\x74\x16\x22\xa9\xab\xb5\xc8\xf2\x3f\xa9\x76\xa9\xd1\x46\x94\x8a\xde\x6b\xa6\x60\x8a\x35\xe4\xe0\xd3\x30\xe8\x2e\x96\xa2\xbe\x6c\x78\xad\x0c\xd4\xd8\x70\x4e\x57\xce\xa1\x46"},
+{{0x7b,0x46,0x9d,0xf9,0xc8,0xf7,0x84,0x89,0xab,0x47,0xcc,0x70,0xa8,0x85,0x03,0xf1,0xb8,0xf3,0xd9,0x29,0xc3,0x3f,0xea,0xb1,0xc5,0x03,0xf0,0x96,0x9a,0x3a,0xc3,0x7b,},{0xa8,0x14,0xc7,0xe3,0x73,0xd0,0x11,0x3b,0x90,0x62,0x4a,0x8a,0xb2,0xbc,0xa5,0xcf,0x53,0xbf,0x52,0x8e,0x39,0xfc,0x3d,0x36,0x7d,0xe1,0x54,0xb9,0x4b,0xb2,0x2f,0x1d,},{0x18,0xfa,0xf8,0x2d,0x08,0xe1,0x06,0x8e,0x9f,0x98,0x3d,0x81,0x2f,0x05,0xfd,0xb6,0x92,0x9d,0x27,0x23,0xdb,0x1f,0x77,0xc4,0x5a,0x74,0xbb,0x09,0xcf,0xf2,0x77,0x73,0xb5,0x4c,0xe8,0xf4,0x3b,0x30,0x15,0x41,0x91,0x12,0xe7,0x25,0xea,0x7a,0xcd,0xa4,0xb2,0x3b,0x81,0x20,0xe7,0xb0,0xcf,0x42,0x01,0x53,0xe5,0xb0,0x3d,0xd0,0x61,0x09,},"\x1c\x0f\xd7\x45\x0e\x29\x67\x5c\x93\x09\x16\x38\xc2\xac\x93\x3c\xa9\x97\x76\x6e\x38\x0e\xc3\x3a\x92\xb8\xa7\xe1\xa1\xed\x98\x21\xc7\x5f\xcc\xb5\xc5\xf3\x76\x0e\x76\xd0\xe8\x81\x03\x11\xdd\xc6\x24\xea\x87\x42\x13\x1c\x1c\x43\x08\xf4\x17\x8e\x04\xd0\x49\x60\x69\x3d\x84\x6c\x1f\x51\xd8\x77\x3b\x6d\xeb\x34\x43\xd8\x74\xb9\xe2\xde\x3b\x77\x78\x51\x85\x51\x8b\x2e\x9e\xe7\x36\xc6\x3a\x39\xc8\x21\x2c\xa8\x66\x9e\x16\x1d\x13\x1b\x1a\xb2\x26\x4f\xdd\x72\xdc\x56\x28\xb1\x1c\x06\xf2\xaf\x9f\x07\x89\x04\x7b\xdd\x4e\xbb\x5d\x55\x89\x9f\x74\xdc\x4e\x12\xe7\x97\x53\x63\xf6\x3a\x8d\xa7\x6b\x55\x85\xc1\x6b\xb6\xd5\x5b\x05\xfa\xde\x87\x13\xd1\x9c\xad\x1a\x21\x16\x40\x26\x26\x91\xaa\xc9\xb4\x37\xa9\xec\xf8\x9a\x92\x46\xec\xdb\xa1\xff\x0b\xea\x78\x49\x4c\xee\x15\x29\x62\x16\xea\x6b\xb8\x82\x47\x9d\x24\x37\xc9\x49\x4a\xc7\xfa\x4f\x30\x15\xd1\xd3\x14\x9d\x55\x64\xd7\xc1\x1a\x7e\x7b\x61\x4f\x7d\x3e\x9d\x45\x4f\x0a\x05\xb0\x40\xa1\xe0\x6f\xe7\x83\x7c\x2a\x9d\xa2\x79\x4d\x91\x8b\xff\xa9\xe6\x1a\x0c\x3f\x08\x9f\x6c\x9f\x7e\xea\xc5\x86\xe3\x4b\xf9\x44\x70\xd9\x13\xda\x41\x37\x1c\xac\xdf\xc7\xee\x8b\xd1\x13\x56\x55\x56\x69\x24\xea\xdf\x09\x6a\xc0\x30\xa6\x59\x02\xc1\x03\xb1\x72\xd1\x2e\x88\xf0\x53\xfc\x56\xee\x73\xf3\x18\x70\x81\x70\x83\xaf\xa8\x02\xf7\x66\x8b\x81\x5e\xe7\x90\xf7\xd4\x0b\x43\x7a\x2e\x6d\xb2\xf0\xfb\x26\x83\x6b\x4b\x23\x31\xeb\xa5\x55\x39\x61\x4c\x0f\xe1\x72\x40\x24\x2d\xd3\xaf\x73\x83\xbc\xff\x7d\x3f\x47\xd6\x54\x4b\x08\x72\x0c\x0a\x52\x44\x1f\x74\x11\x93\x5d\xd4\xa9\x52\xd3\x86\x51\xa8\x00\x05\xfa\x3e\xb0\xea\xec\xc7\x35\xd2\x90\xe8\xbd\x5e\x31\xb7\x40\x14\x0e\x13\x6b\x2c\x00\x25\x23\xd8\xeb\x2a\x0a\xb5\xbd\x68\x70\x02\xb3\xb9\x26\xf7\x5e\xb6\x90\xd1\xda\x73\xad\x23\x58\x92\xf3\xb2\x3a\x75\x6b\x60\x5a\x43\x7c\x00\xe0\x62\x13\x04\xe8\x10\xf9\x9e\x31\x4c\x4d\x63\xe3\x22\xd9\xb6\x98\x15\xf3\x82\xff\xa1\xec\x62\x80\xfc\x0e\x64\x1c\x8a\x6f\x6f\x7f\x61\x98\x5b\xd3\x56\x7e\x0f\x44\x0d\xe9\xf7\x62\x17\x15\xda\xcd\x07\x42\x8c\x00\x90\x15\x4d\x59\xce\x6d\xb4\x01\x69\xc6\x58\xac\x5b\xf4\x4b\x67\x67\x1f\xe1\x9e\x4b\x5b\x38\xaa\xd2\xd3\xd4\xe1\x90\xa5\x50\xaa\xd4\x18\x83\x52\xf7\x98\x1a\x6d\x88\x06\x25\x02\xdf\x86\x79\x13\x50\x39\x2d\x41\xce\xfa\xcb\x24\xe3\x7b\xc7\x00\xcb\x02\x91\x90\xc3\xb1\x82\x14\x77\xe1\x17\xd5\xa4\x62\xfb\x3e\x79\x13\x3b\x10\x73\x59\x89\x66\xf5\x2b\x63\x25\x6d\xbf\x32\x6a\xce\x14\xdb\x0c\x80\x05\x8c\xf0\x0d\x68\x9a\x0a\x58\x11\x1a\xf1\x69\x27\x44\xbf\x79\x1b\xcb\xb4\x27\xa3\x72\x24\x6e\x95\x01\xa8\x5c\xd5\x20\xc6\x1a\x1e\x59\xee\x18\x0e\x8c\x97\x19\x2f\x60\xfa\x5d\x3a\xb0\x5d\xf8\xd8\x55\x1c\x1a\xc6\xca\x0a\x9a\x01\x2f\xfe\xce\xb3\xc1\xf5\x21\x41\x1e\xdb\x65\x09\xbc\x27\x8a\x65\x1e\x12\x9e\x96\xb0\xad\xc7\xae\xd7\x07\x22\x1c\xae\xac\x22\x98\x84\x41\x3d\xaa\x10\x59\x5d\x22\xd1\xdb\x70\x82\x12\x5f\x4f\x96\x95\x00\xa1\xd4\x8d\xac\xda\xe8\x0f\x40\x29\xc1\x63\xdc\xd7\x9d\xdc\x64\x68\xfc\xda\x16\x37\xb8\x7d\xdc\xf2\xa3\xd9\xb4\xd2\x99\xa0\xe5\x39\x4d\xf9\x0e\xd0\x3b\x62\x13\x7b\xa6\x7b\x9f\xea\x8a\xe1\xf0\xd2\x2f\x91\xc6\x3a\x24\xb5\x93\x4f\x74\xc2\x65\xc4\x3f\x1b\x92\x3d\xb9\x80\xad\xfc\xee\x83\x13\xda\x52\x01\x76\x73\x0e\xf9\x73\x6b\x27\xe6\xba\x32\xd1\x7e\xa6\x9d\xca\xc6\xf4\xa0\x16\xed\xfe\x2d\xb5\xa5\xbb\x3b\x64\x93\x2f\x70\x11\xf1\xc4\x53\xbb\xe8\x8b\xba\xc8\xc7\x03\x5f\x93\xfe\x39\xb5\x81\xfc\xaa\x7a\xaf\x08\x2f\xbe\xd0\x04\xfd\x1f\xd5\xa4\xe2\xd9\xc1\x97\x16\x60\x4b\x19\xce\x19\x9e\x21\x69\xa7\xbe\x51\x8d\x5f\xad\xd2\xac\x31\xb9\x54\x78\x08\x2a\xc9\x13\x06\x00\x8d\xe4\xec\x0e\xf4\xc9\xf9\xd6\xf9\x6d\x2f\x66\xd6\x2f\xaf\xc2\x19\x40\x82\x80\x8a\xf0\xd6\x7b\x9f\xba\x0d\x18\x9b\x05\x5f\x06\x1c\xca\xc2\x4b\x27\x61\x0b\xfb\xd5\xa2\x23\x2d\xd6\xf3\xc8\x90\xa9\xb1\x26\x64\x71\xb3\x22\xe9\xe1\xbf\x97\x75\x7b\xef\x72\xab\xce\xe9\x3b\x05\x1f\xc9\x23\xcf\xd4\xe7\x23\xbe\x3e\x17\x14\x3f\x38\xee\xbb\x90\x0b\x5b\xbc\xf7\x30\x47\x32\xb9\xc0\xa1\xc5\xfc\x95\x09\xa6\x93\x58\x0a\xe7\x3a\x4c\xdf\xc5\xfb\xf2\x0c\xe8\x1e\xbc\x83\x5c\x6c\x90\x9d\x83\x11\x41\xb1\x94\xf6"},
+{{0xdf,0xec,0xde,0x7a,0x56,0xa1,0x8c,0x1f,0x19,0xd8,0x0a,0x19,0xa4,0xf1,0xda,0xdd,0xd0,0xbc,0xec,0xb0,0x1e,0xec,0xad,0x6d,0xfc,0xa0,0xf9,0x57,0xa9,0x14,0xed,0x7a,},{0xaf,0xba,0xa6,0xe7,0x3e,0x85,0xb0,0x2b,0x25,0xa4,0xb5,0x87,0xec,0xb8,0xc4,0xdf,0xb7,0x9a,0xa9,0x20,0x27,0x61,0xef,0xa8,0xd1,0xdf,0x2c,0xd0,0xaa,0x63,0x16,0xc4,},{0xb4,0xfd,0xe5,0x5b,0x91,0x6c,0xf6,0x00,0x68,0xf1,0x9b,0x25,0x35,0x1c,0x14,0x10,0xdc,0xf6,0x6b,0xfc,0x40,0xf9,0x6d,0x1b,0xa2,0x36,0x8b,0xc2,0xb9,0x11,0x5a,0xaa,0x5b,0x2d,0x1c,0xf0,0xe3,0xdf,0xca,0x02,0xac,0x90,0x2a,0x94,0x3e,0x24,0x89,0xa5,0x68,0x1b,0xba,0xfe,0xd3,0x9c,0x6e,0x33,0x21,0x1a,0x9c,0xb2,0xff,0x6e,0x54,0x09,},"\xae\x6e\x8f\xf6\x5c\xcd\xe6\xf2\x64\x84\x95\x08\x26\xb4\x36\x23\x05\x8a\x5e\xfe\x02\x0b\xb1\x9b\x7d\x8b\x4e\x25\x76\x8b\x69\x27\x34\xfe\x07\xc9\x13\xb9\xe8\x81\x26\xbe\xcb\xf1\x4a\x0f\xd0\x20\x5b\x39\xfc\xc2\xae\xc3\x73\xf8\xc1\x84\xc6\xa9\xbb\xbb\x84\x44\x9a\x7c\xa3\xb9\x20\xad\xa0\x88\x01\xdf\xc6\x6f\xf1\x9a\xeb\x92\xf2\x55\x53\x99\xa4\x30\x27\x7a\xe2\x2d\x23\x75\x4e\xaa\xce\x3c\x73\x84\x67\x97\x53\x6d\xd7\x1a\x56\xf4\xb5\x84\x2c\x0f\x41\x0d\x19\x89\xac\xac\x5d\x80\x5d\x26\x57\x2c\x0f\x3a\x64\xdd\x20\x71\x66\x22\x12\xd5\x2f\xe9\x9e\x59\xd9\x66\x04\x77\x77\xf9\x03\x0f\xa4\xfd\x2e\xe7\x4b\x7a\x7c\x9f\x7c\x34\xa6\xdc\x7e\x03\x59\x3a\x13\xd6\x4c\xe6\x24\x53\xee\x3c\xa3\x0d\x84\x67\x28\x39\xf1\x9f\x1c\x15\xd0\xc4\x5d\x27\x55\xbb\x39\x4a\xcf\x4d\xcb\x7f\x7f\x07\x11\xac\x40\xea\x46\x61\x2e\xa3\x7a\x76\x07\xad\x32\xe8\x18\x26\x5f\xab\x19\x33\xf5\x09\x4e\x2d\x03\xbc\xfa\xa5\xf6\x16\x67\xf3\xb3\x7f\x00\xc4\xc5\x8d\x9b\x41\xb9\xaf\x39\x00\x48\x2b\x0f\xfb\x4f\xa4\x37\x6a\xa0\x40\x00\x9d\xec\x2f\x45\x25\x79\x9c\xb0\x05\xf3\x9d\x74\xcb\x2d\x8d\xce\x8c\x20\xc2\xc3\xf5\x40\x97\x03\xaf\x15\x6c\xfb\xa2\x8a\x9d\x91\x64\x39\xcb\x29\xf8\x3d\x24\x29\xce\x62\x23\x51\x9e\x75\xe1\x5c\x7c\x7f\xa2\x15\x11\x9e\x07\x3f\xa7\x97\x4d\xb1\x4f\x7a\x01\x09\x3f\xaa\x94\xad\x52\xab\x1e\xad\xce\x1a\x89\x36\x6c\xa1\x3a\xdb\x89\x06\x64\x38\xa2\xbe\xb7\x30\x34\x17\x0a\xa4\x2d\x9c\x2d\xdb\x97\xc1\x4a\x17\xc3\x09\x43\x76\xd2\xa3\xff\xd8\x09\x5f\xc4\x05\x3d\x91\xd1\x6e\x06\xd2\x76\x93\xa1\x31\x0f\x01\xa7\x51\x11\xcf\xed\xa8\x92\xc3\x97\x2a\x13\x3a\x09\xad\xda\xa8\xf7\x41\x45\xf8\x86\x81\xb6\xd2\x77\x96\x4b\xfe\x38\x55\x1a\x2c\x61\x9f\xa3\xca\xe3\x94\xac\xb2\x9c\x94\x10\xb4\x5e\x10\x1b\x17\x40\xe8\xb2\xaa\x6f\xeb\xc3\xa4\x5d\xad\xb9\xd9\x58\x9d\x59\x7e\x57\xcd\x94\x7b\x68\x4c\xc3\x55\x24\x6c\xe6\xc3\x26\xdd\x98\xcf\x92\xb6\xee\xa3\xba\x5a\xb0\x37\x00\x62\x26\x36\x32\x4d\xc1\x22\x2c\xd7\x48\xfa\x07\xbf\xd3\x9a\x1e\x06\x98\x09\xe5\x67\x14\x1a\x61\x3e\x2e\x8b\xe9\xdd\x39\x8a\xb6\xbe\xaa\xfd\x85\xff\x36\x28\xee\x2a\xa3\x2d\x0a\x57\xbb\xac\xf9\x56\x19\x0b\x5c\x42\x42\xeb\x5b\x85\x87\xd2\xfd\xcb\x07\x41\xb9\x41\x6a\x05\xf5\xfe\xcb\x1f\xb2\xd6\x47\x88\xdc\xe7\x83\xc1\xf6\x3e\x60\x64\x1f\xce\x5e\x1d\x2b\x18\xa9\x50\x0c\xd6\xa1\xfd\x33\x5c\xc1\xdb\x46\xef\x04\x75\x2b\x2d\x22\x07\x2e\x6d\xfc\xfc\xfa\x56\x9b\xb2\x5e\x45\x7a\xfe\xb6\x3a\x4f\xbe\xdc\x29\x3a\xd9\xd1\xab\xa4\xe3\x94\xaa\x10\x97\xe1\x2b\x0f\xc9\x0c\x89\xf7\x6d\xf0\xd6\x44\x1f\xa9\x98\x08\xb6\x0b\xe0\x7d\xfc\xc7\xf9\x01\x0b\xbf\x90\x33\x55\x6d\x5e\xe2\xd4\x48\x93\x7b\x78\x34\x93\x92\x0f\x68\x1e\x4d\xa7\x08\x67\x10\x97\xe1\x99\x48\x1b\x8e\xf0\xe0\x15\x0d\x7c\x28\x51\xdf\x44\xc5\x45\x12\x2f\x9b\x0e\x5b\xa2\xee\xff\x2d\x98\x8d\x56\xd9\xbb\xb5\x5d\x98\x96\x11\x11\x51\xa4\x36\xaf\x06\x5e\x0c\xad\x17\x8a\x2c\x9f\xa8\xf6\x97\x4e\xcd\xf0\x9a\xdf\x01\x33\x00\xcf\xfe\xda\xf4\xb8\x79\x1b\x46\x7b\xa7\x93\x3a\xda\x5d\x63\x2d\xb4\x4e\xd6\xdc\xf2\xaa\x64\x89\x17\xbe\x63\x37\xd2\xe2\xd2\x06\x85\x6d\x08\xf9\xee\x7b\x5e\x2f\x14\xdd\xc6\xd3\xac\x42\x92\x15\xa8\x79\x23\xad\x32\xd5\xdc\xfe\xe3\x68\x63\x16\xdd\xd1\xb2\x7b\xb1\x93\xa5\xfc\x05\xc8\x93\xa9\x39\xa5\xb9\x89\x87\x36\x6c\x82\x9e\x39\x2f\x48\x5e\xa1\x5e\x22\xcd\x8f\x85\x7a\x13\x4a\xfa\x98\xf3\x72\x15\x57\x6d\xdc\x5a\xab\x4f\x2d\x10\xca\xaf\x05\x00\x59\xa3\x35\xf2\x4b\xcd\xcb\xac\x81\x9f\x66\xdb\x07\xaa\xbd\xfb\x76\x27\x1d\x17\xbc\xe2\x2c\xba\x46\x3a\x80\xaa\x89\x2d\x0d\x8e\x05\x5f\x94\x8d\xf7\xf6\xe6\xc3\x00\xda\xef\xfd\x3a\x23\x6d\xdd\xcf\x23\x8f\xe1\x06\x66\xa5\x7c\x6e\x3a\xe7\xe3\x67\x3d\x35\x57\x8f\x8b\x8e\xa6\x9d\x3c\x08\xe0\x14\x0a\xfd\x3e\xe0\x30\xb2\x2a\x37\x21\x60\xf9\x08\xa3\x78\xf8\x10\x1b\x5f\x59\x69\xfe\xa3\x10\xee\xd3\x7a\x00\xd9\x73\x02\xd5\xc2\xdb\xe8\xcc\x60\x00\x75\xdc\xcd\x33\xad\x63\xd2\x65\xaa\xf6\x0e\x24\x1c\xe3\x11\xbe\xd7\xdd\x5e\x27\x45\x24\x1a\xe0\x2a\xe5\x32\xd1\x5c\x18\x88\x6e\x81\x81\x38\x75\x1a\xfc\x51\x85\x0e\x50\x6c\x6d\x31\xa8\xee\xf4\x51\xad\xfd\x4b\x3d\x26\x6b\x41\x5a\x7e"},
+{{0x07,0x82,0x8c,0x58,0x0e,0xbf,0x9e,0x1d,0x82,0x5a,0x59,0xc3,0xbf,0x35,0xf0,0x72,0xae,0x12,0x33,0x55,0xbd,0xcc,0x24,0x9e,0xec,0x7f,0x2f,0xc5,0x75,0x5e,0x29,0xb5,},{0x58,0xe5,0xed,0x85,0x10,0x0b,0xbd,0x9b,0x22,0x21,0xaf,0xc9,0xc9,0x31,0x84,0x33,0x0a,0xd5,0x9e,0x13,0x85,0x60,0x62,0x44,0xbf,0x00,0x3b,0x8d,0x20,0x18,0x50,0x1b,},{0xbb,0x09,0x36,0x04,0x39,0xa8,0x2d,0xee,0x5c,0x7d,0x85,0x77,0x9e,0x54,0xc1,0x3f,0x88,0xe0,0x6d,0x38,0xf4,0xb9,0x49,0x60,0xfe,0x17,0xa1,0xeb,0xca,0xa3,0xee,0x2f,0x33,0x0c,0x64,0x91,0x54,0xbb,0xc8,0x75,0xa4,0x07,0x6c,0xf0,0xbb,0xf7,0xee,0xbf,0x7b,0x8d,0x08,0xd5,0xaa,0x4b,0xe7,0x41,0x38,0x81,0x24,0x5f,0xc2,0xd2,0xb6,0x01,},"\x0e\xda\xd5\xca\xe6\xed\x98\x43\xe9\x1c\x50\xd9\x34\xcf\x55\xdd\x65\x8f\x3d\x25\x20\x39\xcd\x6c\x75\xbe\x4f\x6b\x86\x6f\xb7\x5f\x35\xc8\xf9\x8f\x17\x21\xd7\xe6\xd9\xd9\x8a\x22\xe0\xb4\x93\x4d\xcc\x12\x92\x61\xbf\x67\x23\xb2\xfa\x7a\x99\x5e\x35\xc4\xbd\x79\xc5\x81\x6a\x32\x16\x07\xd9\xdc\xce\x39\xfe\xfa\x1d\x55\xde\x4e\x76\x17\x54\x8e\xc3\x85\xc3\xde\x01\xe3\x66\xbf\x50\xc4\x57\xa5\x55\xe9\x32\x07\x0e\x2a\x5a\x01\x97\xb7\x9e\xfb\xe7\x00\x6f\x0c\xec\x78\xb6\x0e\xbb\x8f\xa8\x78\x1d\x8e\xb7\x32\x6e\xdc\x30\xe6\x2d\x32\x97\xa1\xe0\xa1\x11\x71\x08\xc4\x6e\xe5\xdb\xef\xc6\x59\x42\x89\x33\x5e\x78\x0d\x55\xa0\x84\xf5\x52\xda\x3f\x36\xd3\xc4\xc6\x17\x8b\xa7\x4d\x4d\xec\xef\xc5\xa3\xb8\xc4\x7c\x16\xf5\x34\xbd\xb6\x08\x95\xd3\xd5\x4c\xd2\xbb\x26\x6b\x39\x9e\x4d\x4f\xb4\x8d\x7a\x8c\xde\x17\xf4\x24\x12\x56\x07\x37\xd3\xc0\x6e\x29\xdf\x52\x4d\x0c\xbd\x30\x93\xef\xca\x1c\x8f\xed\xca\xa1\x24\xab\xb2\x7a\xbd\xac\x6a\x29\xe0\xe8\x24\x6a\xbd\x6f\x5f\x53\x19\x50\x03\x7f\x76\x32\x3a\xa5\x6c\xc3\xfe\xfa\x60\x30\x41\xd5\x5f\x19\x29\xe2\x77\xe7\x2c\xda\x1f\x96\x54\x1d\x2a\xf3\xe9\x0c\x0f\x0e\x28\xbe\x19\x6d\x8f\x69\x21\xf3\xcd\x57\xa7\x92\x6b\x86\x0a\xa1\xbc\x40\x35\x76\x89\x2a\x96\xb9\x31\x90\xae\x38\x3f\x63\x1b\x72\x80\x26\x58\xb2\xe8\x45\x1d\x52\xa2\xf4\x5d\xb4\xf8\xbc\x3b\x0e\x4e\x50\xb6\xd6\x03\xa5\xbd\xd3\x0c\x23\x42\x00\xad\x7d\xeb\xb9\x63\xf5\x8a\x4f\xa2\x03\x30\xb3\x69\x64\x49\x44\x5a\xa3\x71\x82\x48\x42\xfb\xf3\x26\xd9\x01\xdf\xe3\xbe\x04\x54\x52\xa3\x74\x0d\xd1\x60\xe7\x27\x33\xf6\xe2\x73\x35\x25\xa2\x9a\x86\x5f\x6f\x50\xd5\x3b\xf7\x19\x1c\x59\x9c\x87\x6f\x5c\x9c\xa1\xe3\xfa\xd7\x96\x06\x48\xe0\xd4\x71\xf7\xd5\xc0\x1c\x67\x3f\x42\xd6\x59\xbc\x3d\x98\xdb\xf0\x7d\x8f\xeb\xfb\x99\x5d\x17\xf9\xa0\x2c\xd6\xc3\x9f\x2d\xdc\xd0\xf1\xd2\x22\xb9\xe1\x1f\x2d\xd7\xd3\xc7\x51\x82\x24\xbb\x6b\xfb\x8b\x7c\x58\xfe\x8a\xc1\x05\x40\x59\x03\xa1\xb9\xda\x75\x16\x71\x5b\x7a\xfc\x38\xa5\x55\xe6\xbb\xcd\xba\xd4\x6e\x34\xe5\x76\xfe\xa3\x4c\xe3\x57\x34\xed\x20\xaf\x5d\x88\xee\xb1\x04\x7a\x26\x60\x64\x8b\xbb\x11\x3a\xd9\xdb\x8c\x53\xed\xb6\xed\x98\x71\xa1\xe4\x4c\x9e\xd2\xdf\x56\x56\xfb\x2b\x28\x06\xec\xf0\x3b\x1e\xca\x9e\xab\x50\xa6\xea\xab\x55\xb9\x33\xb2\xdd\x1f\x21\xd4\x50\xde\x9d\x5c\xb2\x23\x2f\x07\xa3\x92\x08\x1b\x0b\x4b\x88\x5d\x54\x78\x9e\x2f\x75\xbf\x2c\x4c\xda\xd8\x78\x98\x9b\x1d\x6d\xab\xd9\xed\x23\xc7\xc5\xb0\x35\x6a\x7d\x9e\x73\x35\x29\x0d\x7c\x85\xb9\x66\xe8\x01\x84\xbd\x07\x99\x86\x02\x88\x6d\x70\x76\x19\x35\x65\xc8\x1c\xcc\xda\x4c\xc7\xd3\x3c\x85\xd9\x05\xb1\xbe\xb6\xe8\xe7\x41\x8e\x8a\xca\xed\xf0\xd9\xa3\x2a\x7d\x29\xd0\x7c\xf4\x4d\x31\x19\xd4\xe7\x89\x68\x20\xb7\x7d\xe6\x4b\x65\x5e\x4f\x14\x88\x00\x43\x4a\xf7\xbd\xb2\xa5\x6b\x25\xeb\x94\xea\x39\xf2\x16\x95\x96\xbb\x2b\x11\x76\x1f\x08\x2b\xae\xc0\x88\x85\xf4\xa0\xeb\x6c\x95\x76\x71\x35\xa7\xf7\xcd\x72\xe7\x43\xd2\xdf\xf1\x44\xdd\x8b\xaf\xb1\xb3\x18\x00\x6e\x58\x76\xf8\xe2\xcb\x44\xaa\x58\x8f\x90\x62\x66\xac\x67\x11\x9c\x17\xf5\xde\x11\x4e\x72\xe4\x2a\x1f\xb3\x99\x44\x32\x1a\x11\x1f\xa7\x95\xff\x70\x17\xf2\xfb\x8c\xaf\x48\x2f\x55\xd7\x7a\x80\x85\x54\x28\xde\xd7\xec\x20\xac\xec\xca\x83\xf8\xd1\xeb\x13\x7b\x58\x8c\xcb\x74\x5c\x10\x5f\x2b\x2c\xa4\x1c\x3a\x9f\x49\xd3\xc6\xe9\xd7\xc6\x48\xb0\x03\xb9\x70\x7c\x90\x64\x62\xed\xad\x61\x7a\x8c\xfb\xf9\xbc\xc6\xc5\xfb\x6f\xa9\x84\x32\x5d\x65\x82\xe2\x8f\x62\x00\x53\x83\xf3\x38\xdf\x5b\x38\xfa\x9d\x19\xc2\x2a\x2a\x7e\xa1\xd6\x8a\x92\xd1\xd9\x3b\x7f\xb0\xb8\xf3\x3b\xc8\x76\x0f\x28\xae\xb1\x43\x9a\x8b\x07\xf3\xda\x58\xdd\xb1\x55\xb4\x98\xcb\x09\xc7\x5a\x55\x96\x83\x8a\x65\x01\x3e\x24\xd5\x64\x0d\x08\x42\xa7\x69\x93\x22\xcf\x3f\xfc\xb5\x70\x3f\x41\x4f\xfd\x16\x88\x60\xba\xd3\xe3\x08\xb2\xb5\xbf\x3c\xdf\x7f\x36\x3b\xf9\xaa\xf4\xb3\xbc\x42\x4c\x14\x6c\x6f\x54\x21\x43\x0f\x9f\x47\x6a\xa3\x4a\x0c\x6e\xe8\x01\x31\xfc\x4d\x4d\x97\x07\x23\xa2\x18\x6a\xe3\x62\x5e\x28\x6d\x17\xdd\xdc\x43\x5c\xcb\x00\x83\x16\x78\xab\xa5\x84\xa6\x2d\xbf\xf0\x02\xbe\xad\x6e\x11\xe2\x3c\x54\xd3\x3c\xf3\xa4\xb2\x31\xa9\x08"},
+{{0xf0,0x8e,0xe8,0xda,0xa7,0x3e,0x1f,0xeb,0x61,0xa8,0x8e,0x06,0x2d,0xfb,0x10,0x03,0xc8,0x57,0x8a,0x0d,0x53,0xbd,0x3b,0xc9,0xe5,0x89,0xef,0xb9,0x2f,0x68,0xbe,0x14,},{0x76,0x69,0x2c,0xe8,0xd1,0x16,0xec,0xcb,0x89,0x70,0x77,0xed,0xca,0xaf,0xdd,0x3e,0xb4,0x4e,0xa1,0xa4,0x86,0xb9,0x0e,0x49,0xe9,0x7f,0x96,0x69,0x01,0x01,0x55,0x02,},{0x66,0xdf,0xa4,0xc1,0x57,0x5b,0xef,0xf2,0xf5,0xa2,0x30,0xb2,0x8c,0x58,0xc3,0xee,0xa0,0x73,0x6d,0xf3,0x79,0xd7,0x55,0x59,0xbc,0x9d,0x37,0xa9,0x57,0x9d,0x12,0x1c,0x05,0xc3,0x73,0xe8,0x48,0x4c,0x97,0x47,0xef,0x44,0x77,0xe8,0x0c,0x4b,0x2c,0xb4,0xdd,0xf1,0x6a,0xe9,0xfd,0xfa,0x08,0xa0,0x75,0x47,0xd1,0x07,0xdc,0xea,0x12,0x03,},"\x64\xde\x90\x04\x4d\x0e\x76\xbc\x02\xfc\xff\xcb\x75\x26\x36\x67\xb3\xbd\x73\x3b\x40\xbf\xb2\x6c\x6c\x52\xfd\xb4\xb0\x78\x22\x78\xca\xba\xe4\x1e\x21\x29\xea\x40\x17\xe9\x4d\xe8\x60\x87\x96\x4f\x66\xd8\x62\x07\x98\x74\x67\xa1\x68\x8f\x9f\xab\x3f\xfb\x2f\x1d\x00\x63\xbf\x62\x6c\x94\x13\x67\xc1\x2e\x31\x9a\xb7\xca\x30\x20\xc9\xb3\xa7\x21\x5a\x19\x30\x3e\x2d\x0e\x89\x88\x79\x1d\xe0\xd8\xe1\x63\x2d\xaa\x38\xc7\xf3\xe7\xf6\xe4\x8c\xe1\x22\x14\x3d\x1e\x2c\xb6\x61\xba\x77\xc6\x9e\x6a\x71\x09\x11\x64\x4b\xc1\x10\xff\x58\xbb\x00\xb5\x29\x08\x20\xce\x30\x97\x0e\x7f\xde\x18\x9e\x14\x0e\x5c\x70\xc7\x83\xee\xd5\x3f\x0e\x2a\xc7\xec\xae\x4f\x27\xdb\x81\xd1\x5b\x86\x46\xfa\xa9\xc5\xa3\xae\x2b\x7f\x47\xcd\x58\x0d\x77\x07\xb0\x02\x49\x9b\x4c\xfe\xb8\xc5\x91\xaf\xdf\x1c\xc6\x2a\xf2\x59\x5c\x18\x4a\xbc\xf0\xb2\x62\x3a\x1b\xae\x60\xaf\x70\x26\xb2\x8d\x05\x40\xb4\x15\x26\xe3\x02\x0f\x81\xb8\x94\xeb\x3f\xe3\x1b\x72\xb2\x1a\x32\x60\xda\xe3\x21\x0c\x4c\xe4\xfd\x69\xe2\xe5\xea\x0c\x86\x32\xa5\x83\x26\x2a\x12\xb3\xa8\xb1\x6c\x9c\x12\x06\xad\x73\x02\x30\x37\xcf\x30\x65\x3c\xb8\x0a\xa7\xdf\x83\x14\xb0\xf5\xbc\x6e\x9d\x5f\xa0\x0b\x00\x9d\x55\x52\xd8\x3b\x79\x70\xb5\xbc\x4b\x99\x84\xf6\x9d\x1c\xca\x9c\xe4\xcb\x74\xdd\xd2\xd8\x79\xd3\x73\x12\xa0\xe1\x59\xd7\xa6\xaf\xb7\x7a\xc5\x85\xe6\xb4\x59\xc5\x51\x30\x4e\x1e\xeb\xfb\xca\xb4\x3a\x10\xb5\x05\x92\x4e\x03\xea\x33\x2f\x5d\x02\x0a\x55\xc7\xaa\x68\x3c\x54\x1d\xcf\x77\x90\xa2\x40\xaf\x07\x9b\xab\xa9\x40\x96\xb4\x60\x60\xfd\x7a\xfe\x90\x56\xca\x99\xe6\x88\xdf\x28\x0a\x9b\xe8\xc8\xc7\x3e\x6e\x6f\xb0\x52\xa3\x3e\xb3\x32\x8a\x7f\x60\x25\x42\xfe\x28\x0c\x89\x0e\x3c\xca\xf2\x2c\x7f\x34\xf8\x7b\x5e\x5b\xa7\x84\xb4\x72\xb1\xe1\xa9\x93\x47\xa9\xe0\xd2\x40\x85\x8d\x12\x77\xa5\xc6\xb3\x49\x38\x3f\xe4\xfd\x55\xcf\x92\xe6\x9f\xaa\xd3\x26\xb8\xd6\xdb\x46\x23\x30\x26\x22\x1e\xe6\xd0\xa1\xc4\x24\x65\x33\xc4\xa0\xe5\xbd\x17\x2e\xb8\x93\x6a\x9c\x0d\x30\x06\x65\x38\xe3\xeb\x4a\xd5\xcb\x98\x77\xfd\x86\x1b\x48\x2b\x30\x15\x0a\x06\x10\x41\x61\x64\x7e\x01\xd0\x04\xd9\x97\x40\x3e\xe0\x67\x26\xcb\x97\xe2\xe2\x5f\x18\xc6\x68\xee\xe4\xc5\xbf\x72\x52\x98\x03\x18\x9e\xe6\xa7\xae\xc2\x38\xd5\x90\x6e\xa5\xae\x10\x72\x2c\x9a\x61\xa7\x8a\xea\x52\xaf\x33\xea\xac\x75\x40\x6b\x1a\x60\xbe\xfb\xaa\xd4\x84\x76\xd9\xff\x88\x7f\xd2\x83\xeb\x16\x55\xbc\xc0\x7c\xf7\x53\x33\x14\x36\xdb\x5b\x3b\x13\x03\x2f\xf9\xc3\xd6\x96\x38\x0e\x9f\x5a\xbf\x50\xd3\x55\x6f\xda\x0d\xf0\xb5\x38\x97\xa7\x37\xac\x7a\x3b\x87\xc2\xa8\x32\xb0\xc7\x27\x3e\xa9\xfc\x54\xa7\x67\xf1\xa8\x12\xbf\x01\x64\xbf\x75\x21\x63\x0b\x81\xb9\xdd\x93\x0d\x92\xee\x2c\xa2\x8e\x32\x03\xb7\x7b\xc0\x82\xce\xb3\x7d\x55\xed\xbc\xb7\x1d\xf0\xb7\x92\x36\x78\x9a\x25\xd4\x18\xcb\xb9\x55\x44\xe2\xce\xf3\x3b\xbd\xeb\x27\xa3\xf7\x90\x9c\x1f\x49\x8f\x47\x13\x5a\xe9\x03\x3a\xdf\x25\x0a\xd4\xf6\x57\x53\x61\xe4\xcf\xcc\x9b\xcf\x4b\x90\xc3\xad\x47\xa3\x44\x22\x97\xa2\x23\xcc\xa8\x43\xd7\x20\x5e\xd0\x8a\x9b\x87\x16\x0a\x6d\x01\xb4\x6a\x7d\x1c\x84\x4e\x8d\x1f\x18\xf6\x18\x68\x2b\xfb\x22\x95\x5f\x39\x5b\x2a\x57\x90\xa5\x1a\x69\x64\x99\xd9\xe7\x1a\x50\x1f\x3f\xa5\x46\xde\x9b\x10\xae\x47\xbc\xee\x42\xba\x7f\x86\x9f\xb9\xce\x4e\xd7\xc6\x45\x33\x26\xc0\x34\xcf\x05\xd9\xf1\xe3\xc2\x00\x70\x1b\xa7\x52\xda\xbb\xd8\x68\x52\x1c\x3d\x8f\x80\x67\x2d\x42\xf6\xcf\x45\x64\xf0\x8c\xd7\xb3\x90\xe6\xd4\x9d\xd9\x00\x90\xaf\xdb\x84\x48\x6f\xfc\xaa\x4e\x84\xd8\x86\x82\x74\x4d\xc0\xa8\x78\xfa\xa7\xcd\x44\x0a\x8b\x27\x67\x10\x90\x20\x81\xf4\xdc\x84\x17\x46\x19\xa6\x6e\xa3\xa3\x71\xf9\x55\x05\x40\x0d\x99\xfa\x99\x90\x17\x71\x0c\x8e\x27\x14\xbe\x60\x94\x9d\x46\x13\x10\xf7\xd4\x3a\x0d\xc1\x23\x51\x6d\x77\xd3\x62\x21\x3f\x9f\x75\xa5\xa1\xc3\x93\xaf\xfc\x49\xea\x15\x1d\x46\xa8\x1f\xfa\xd2\x39\xf2\x8c\x07\xf6\x5f\x59\xea\x07\x7d\x9a\x4d\x9c\x75\x2d\xe4\x9b\x9e\xf3\x6b\xe6\x0d\x11\x2d\x79\x5f\x58\x8b\x00\xef\x6e\x77\x30\xde\xa6\x5e\x10\x16\xda\x0d\xd4\x62\x37\x0e\x0b\xa5\xc6\x60\x00\x1e\x45\x7c\x08\xb4\x36\xda\x29\x03\xb6\x29\x06\x93\x20\x84\x72\x8c\x81\x67\x1c\xbf\xb0\x79\xbb\x29"},
+{{0x27,0x2d,0x64,0xde,0x50,0xb1,0x31,0x2b,0xee,0x23,0xd7,0xf4,0xce,0xa5,0x08,0xa8,0xfc,0xcf,0x3e,0x9b,0x32,0x4e,0x97,0xb1,0xc8,0xe7,0x25,0x02,0xf6,0x1f,0xbf,0x45,},{0x33,0x49,0x8c,0x3b,0x71,0x2a,0xb9,0xc0,0x1e,0xc7,0x6b,0x2e,0xfe,0x2b,0x83,0xad,0xd1,0xe1,0xf2,0xb5,0xeb,0x78,0xf2,0x16,0x92,0x32,0x34,0x51,0x82,0x0c,0xbe,0x10,},{0x33,0x81,0x4c,0x6e,0xf3,0x75,0xab,0x96,0x37,0x69,0xb2,0xde,0x4a,0x25,0xe7,0x02,0x0f,0xcd,0x97,0xf7,0x8f,0x8f,0xc9,0x34,0x55,0xc4,0xb1,0xc2,0xbd,0x45,0xd4,0xb0,0x1e,0x19,0x29,0x00,0xe3,0x12,0x22,0x65,0xfc,0x55,0x2c,0xd5,0xc5,0xf0,0x0e,0x93,0x1e,0x3a,0x18,0x3c,0xca,0x5b,0xa0,0x80,0x2d,0xaf,0xde,0xbb,0x79,0xeb,0xeb,0x03,},"\xd6\x26\x0d\x7e\xec\x5d\x43\x62\x08\xe7\xe7\x37\x65\x5e\x09\x71\x81\x42\x70\x19\x44\x05\xe3\x6e\x39\xf8\xf1\x7b\x64\x9f\xbc\x16\xc0\xf3\xd7\xf2\xbe\xf5\xeb\xc0\x2b\xb1\xc4\xdf\x48\xe8\x47\x0a\x3e\xae\x8a\x3c\xca\xf6\x40\xab\xcc\x09\x4a\xa9\x11\x50\xff\x1a\x8c\xf1\x16\x96\x93\xeb\xf5\xac\x00\x34\xb9\xb9\x19\xec\xf1\x7d\xb7\x91\xdf\xe5\xfe\xdc\x90\x91\x8b\x23\xe5\x4e\x90\x04\xa1\xae\x77\x1c\x21\x3e\xd7\xed\x73\x34\x43\x4e\x5b\xc0\x2c\x0d\xda\x2b\xd1\xa8\x76\xfb\x82\x4a\x19\x7b\xc9\x96\x13\xb1\x40\x9e\x70\x52\x31\x0b\x08\x20\xda\x71\x44\x69\x29\xae\x7c\xfd\x3a\xfb\xa0\x42\xde\x54\x57\x8a\x5b\xfd\x94\xc1\x54\x43\x91\xa3\xd9\xac\xbd\x56\x63\xef\x65\xc6\x92\x0d\x78\x51\x6d\xec\x1c\xd5\x5f\x6e\xb7\x29\x0b\xa0\xaa\xf9\xa1\x71\x65\x82\x00\xb2\x4a\x47\xa0\x71\xb9\x6f\xea\x03\xc6\xca\x7e\xd0\xd6\xfe\x67\x5d\xd6\x37\x61\x83\x3d\x75\xbc\x5e\x58\xa9\x58\x58\x2d\xb0\x2a\x60\xc6\xce\x0a\x63\xf4\x2b\xa8\x37\xae\x77\xc1\x7a\x32\x70\x5f\xd9\xca\xfa\x58\x7b\x55\x5d\xd4\x61\x98\x51\x07\x97\x94\xe2\x4e\xb4\x46\x08\x83\x5a\x6f\x48\x24\x92\x0d\x57\x7a\x27\x03\x96\xc9\x57\x3b\xc7\xd8\x2f\xe2\xaa\x04\x65\x95\x66\x13\xa2\xc5\x08\xcf\x24\x32\x33\x7a\x36\x5e\x6c\x98\x4c\xba\x91\x7f\x0c\xf8\x42\xaf\x12\x2d\xc8\x9d\xea\x95\x8d\x41\x8c\xae\x44\xa6\xe4\xed\x26\x3a\x41\x5f\xf9\x94\xa5\xff\xb2\xff\x13\x91\x3d\xf2\x14\xbb\xfe\x90\xa3\x4b\x24\x7e\x71\xab\x73\xf7\xff\x00\x4c\x23\xac\xfd\x90\xc7\x67\x61\x1a\xa5\x58\x14\xc6\x69\x64\x16\x8e\x56\x8b\xa7\x5b\xf3\x49\x03\x59\x7c\xdc\xac\x78\xc2\x4b\xb9\xf1\x4f\x5c\x86\xa5\x1f\x36\x4f\x9a\xb4\x1e\x46\x4a\xee\x64\xfa\x50\xa1\xc1\x59\xcb\xd8\x50\x83\x2c\x50\x4a\xb4\x2a\x58\x4a\x96\xd5\xae\xe0\x82\xd8\x2c\x1e\xdd\xa1\x93\x38\x16\x0b\x8d\xcf\xa3\x41\x9b\x3a\xf6\x4d\x9c\xfb\x10\x4f\x98\xf9\xd3\x5e\x53\x94\xe2\x32\x28\xe2\x75\xc8\x7d\xb5\x0c\xa8\x67\x54\x0b\x88\x0c\x7a\xf2\x9f\xbf\x53\x42\x94\x58\x1c\x22\x24\x0b\xcd\x4d\x7d\x2c\x20\xff\xc3\x67\x33\xad\xa2\x76\x53\xd3\xae\x1a\x8c\x22\x03\xea\xc6\x26\xe2\xe9\xbb\x4b\x52\xce\x52\x3e\x5a\xdb\x3b\x2c\x10\xdc\xf7\x8c\x2a\x1e\x62\x6a\x16\xeb\xfa\x1b\xdb\x8c\x16\x14\x93\xa5\xaa\xa2\xd8\x4b\xfa\xa0\xf2\x02\x7f\xfe\x4e\x9e\xae\xb3\x32\xeb\xda\x7c\xbb\xb6\x77\x76\x9d\x78\x51\x7a\xdf\x72\xf8\x23\xa7\xf8\x44\x16\x5a\x07\x98\x78\xd2\x58\xfd\x95\x22\x5c\x21\x17\x78\x37\xe6\x9c\x19\x68\x5a\x05\x1c\xa9\x2b\x12\x0b\x7d\x86\xd7\x85\x95\x47\x1f\xfc\x42\xa5\xe6\xe6\x43\x1b\xe7\xb6\x4f\x80\x76\x45\x8b\xac\xd6\xc7\x29\x03\xcc\x34\xfc\x63\xa4\x0c\xf3\xdf\x00\xef\xf9\xd6\xee\x9a\x8f\x39\xd2\x5e\xad\x81\xa8\x12\x88\x88\xb0\xa1\xac\x0e\x5e\x3a\xd9\x27\x71\x2c\x14\x14\x6a\xdf\x82\x87\x70\xff\x95\x87\x09\xeb\x19\x28\x8e\x77\xbb\x70\x73\x48\x81\xe9\xe0\x16\xcd\x29\xe7\xd0\x89\x93\x41\xff\x6b\x29\x7a\xc7\x96\xbb\xde\x48\x6e\xc3\x59\x49\xf6\xa3\x2b\x2c\xa6\x47\x38\x59\x15\xec\xba\x3b\x9f\x02\x25\x08\x71\x45\xc1\x8d\x65\x59\xd3\xa3\x1d\x6f\x22\xfc\x49\xf8\xa6\x31\x5f\x1d\x32\xab\xee\xb7\xcf\x2c\x2c\x77\x6e\xa7\x35\x0f\xd5\xeb\xc0\xe0\xf2\x65\xba\xcc\xc2\x69\x7a\x7c\x8c\xa4\x0c\x13\x5f\x6c\xfc\xb0\xb5\x8a\x61\x43\x19\x60\xff\xa9\x06\x57\x09\xa9\x61\xa6\x33\xd5\x70\xb7\x3f\xb4\x49\x1d\xe5\x2a\xd0\xd7\xb2\x04\xb6\xe9\x97\xb0\x37\xed\xe3\xf7\xec\xa8\x20\xa7\xcd\xb2\xc6\x9a\xc2\x91\x48\xbe\x35\x23\x50\x8a\xe7\xe4\xc3\xd1\xa7\x17\xf5\x5a\x82\x1d\x14\xc3\xb6\x4f\x08\xca\x9a\xe4\x96\x13\xb1\x15\x77\x3e\xf6\x18\xd3\x21\xc9\x08\xbd\x21\x56\x71\x7a\x43\x4e\x50\x89\xa5\x94\x8c\x04\x5c\x8d\xa8\xa4\xbd\x86\xed\x5f\xab\xc6\xb1\x34\x66\xe6\xde\xda\x58\x32\x07\xd2\xad\xa2\xb2\xab\x9c\xb1\x54\x3d\xf7\xa3\x73\x4d\xfb\xc6\xfc\x42\x81\x06\xd4\x84\x47\x24\xa1\x3d\xf4\x2f\xaa\xb1\x8c\xa8\x9d\xb2\x0a\xc9\xbc\x27\xb8\x53\x94\x66\x7c\x5a\x27\x79\xca\x63\xed\x7a\xc2\xb7\xc0\xd4\x12\x23\x91\xee\x46\x02\xd6\x1e\xa0\x38\x17\x64\xfb\x72\xdc\xc2\x24\xe6\x5e\xae\x2b\xc4\x50\x6b\x0f\x09\xe2\x32\x05\xd0\xbb\x21\xc7\x7d\x82\x87\xc1\x65\xe0\xb4\x2c\x55\x15\x79\x77\x8a\xcb\x72\x58\xa2\x47\x9d\x7c\xf2\x5b\x90\x2e\x8d\x0d\xa4\x29\xbd\xe3\x6b\x45\x90\xda\xe9\x6f\x52\x54\x81\xac\x83\x78"},
+{{0x0c,0x9f,0xe5,0x59,0xad,0x1e,0xd3,0xba,0x16,0x4d,0xac,0xea,0xcb,0x02,0x35,0x67,0xb2,0x43,0x03,0x20,0xb6,0x71,0x5d,0xe7,0x32,0xa0,0x3c,0x59,0xc7,0x30,0x31,0x30,},{0xe7,0x0f,0xc4,0x66,0xfb,0x2a,0xcd,0x74,0xe0,0x99,0xc3,0x6e,0x2c,0x22,0xfa,0x51,0x29,0x0b,0xdd,0xe9,0x6d,0xf9,0xc3,0x1b,0x6d,0xfb,0xfd,0xc2,0xe2,0xc1,0x4a,0x40,},{0x6c,0xd8,0xae,0xd9,0x7d,0x9c,0x62,0xd5,0xfd,0xae,0x59,0x7d,0x06,0x1c,0x0c,0x2b,0xc3,0x7e,0x42,0xdf,0x06,0xb8,0x32,0x7a,0x46,0x8f,0x92,0xb3,0xf4,0x38,0xa1,0xe6,0xb6,0xb1,0xef,0x2b,0xe7,0x85,0x49,0xa2,0x89,0xfd,0x3f,0xc1,0xa6,0x29,0x9e,0x5a,0x33,0xd5,0x39,0x6c,0xb4,0xfa,0xc1,0xe8,0xe9,0x98,0x2f,0x0c,0xb3,0xd2,0x0d,0x07,},"\x26\xeb\xc6\x48\xcf\x8c\x79\x65\xec\x6e\xbe\x96\x5d\x9c\x79\x2b\xed\x90\x65\x5a\xd4\x40\x18\x3c\x6d\x70\xea\x64\x67\xbb\x8e\x6f\x04\xec\x84\x3f\x33\x31\x56\x91\x7b\xf4\xc5\x1d\x0e\xd0\xf2\x8b\x7c\xd3\x1b\xc1\x2c\xf8\x40\x68\x6b\x82\xb0\xc2\xc3\x50\xbb\xda\xc8\x05\x33\x37\x25\xd6\xb6\x9c\x2a\xb7\xf3\x4e\xe5\x93\xfa\x1c\xcc\xed\xf3\xf0\x64\x2a\x68\x8f\xcc\x1c\xd9\x8b\x09\x87\xd0\x1f\x71\x3a\x2f\xa6\x41\x6c\x96\x19\x21\xde\x0c\xc2\xc9\xec\x7a\x55\x58\x55\xe7\xfc\xd4\xc7\xdd\xaa\x14\xfd\x91\xec\xb0\x42\x24\xe1\x76\x1b\x7d\x6b\x35\xf4\xaa\x56\x18\xa5\x00\xca\x00\xd1\xca\x24\x51\xb5\xd3\x68\xaf\xde\x3a\x40\x7e\x78\x31\x35\xf3\x90\x19\xa5\xb9\x84\xe8\x2a\xc2\x79\xc0\x5e\x48\xc2\x95\xeb\xd1\x56\x38\x21\xa0\x74\x3c\x52\x24\x6b\x5d\x2b\x20\x34\xe3\xae\xb6\xce\x7c\x5c\xf9\x19\xe7\x4a\x9c\x7b\xbc\x9e\x25\xda\x30\x43\x0e\xb1\x6e\xcf\x38\x37\xeb\x38\xa0\xf5\x59\x79\x2a\x72\x98\x90\xba\x83\x10\x26\x0f\x8a\xeb\x9b\x5a\xf0\x0e\xb6\x33\xc1\x2d\xee\x02\x26\x28\xba\x41\x8d\x75\xcf\x18\xde\x2f\x2e\x65\xe4\x9b\x1a\x69\x68\x4d\x61\x27\xef\x48\x1c\xa8\x61\xec\xbc\xe3\xbe\x86\x49\x7e\x65\xdf\x4c\x5f\xcd\x08\x17\xc9\x71\x6b\x59\xf2\xa2\x63\xd5\xe9\xeb\x60\x68\x39\xf8\x5c\x5a\x36\x58\x37\xb0\xfb\xe2\xc4\x27\x4d\x66\xcb\x2c\x65\xed\x36\x5f\xab\xf5\x8f\x15\xbe\x52\xb5\x1c\xb6\x01\x18\xca\x4f\x73\x0d\x44\x73\x59\xf7\xef\x34\x6b\x75\x02\x17\xd4\x7b\x2e\x79\xc8\x6c\x0c\x62\x81\x6a\x0c\x7c\x18\xa2\xce\x2b\x68\x8e\x0c\xce\x0d\x75\x23\x21\xe7\x9b\x42\x38\x57\xda\xc5\x9f\x8f\xbe\xb0\x94\x11\xe7\x16\x69\xef\x9a\x26\x43\xf2\xe9\x9f\x38\x7a\xc1\x83\xe0\xb0\xac\x72\xc5\x9a\x0c\x3c\x18\xc0\xde\x8b\x01\x08\x78\x07\x4a\xcc\x1a\x2b\x39\xf9\xdf\x99\xd9\xf8\xf8\xb5\x2f\xef\xe4\x94\x3c\x52\x5f\xd4\xd0\x6a\xd8\x78\xe4\x66\x08\xab\xf2\x7a\x54\xbc\x50\x06\xf6\x47\xdb\x72\x48\x51\xdb\x7c\x45\x78\xae\x66\x58\x3d\xc4\xbb\x51\x8e\xf0\x28\x89\x03\x47\xe8\xfc\xe0\x92\x7d\x7d\x9a\xf3\xab\x5d\x0d\x2d\x20\x2a\x40\x26\xaa\x2e\xa7\x48\x79\x62\x67\x6a\x60\x32\x98\xe7\xd2\xe7\xb9\x09\x21\xee\x1b\x52\x80\x6d\x71\xa7\x64\xe0\x3e\x25\xdd\xd6\x84\x8f\x61\xd4\x6f\xad\x3d\x00\x8e\x10\xee\x5c\xd5\xa3\x39\x0f\x9d\x15\x8a\x44\x37\xef\x61\x5f\xc9\x0a\xc5\xbf\x3a\x9d\x68\x2e\x12\xc3\x39\x8a\xc7\x76\x80\xd2\x2c\xd1\xa6\xa5\x6e\xc3\xb2\x5c\xed\xe8\x67\xed\xd3\x83\x15\x9c\x61\x64\xd6\x3e\x9c\xd1\xc9\x56\xac\x72\x35\xff\xfa\xe9\x36\x16\x6c\xcd\x35\x89\x8e\x29\xc9\xb4\xca\x4e\x29\x25\xda\x32\x3b\x6f\xbf\x67\xcf\xd5\x96\xc8\x8a\x1a\x35\xa8\x35\x98\x51\xdd\xcb\xa8\xf6\x13\x4a\x9f\xaa\x24\x4d\xcb\x47\xe6\x91\x27\x6e\xe6\x25\xcc\x20\xad\xce\xc2\x1c\xbe\x77\xa3\xac\xb9\xba\x72\xf0\xc9\xd3\xda\x7e\x9c\xd5\xbe\x3b\x95\x99\x0b\xa5\x4a\x9f\x31\xaf\x17\x1f\x95\xae\xea\xd3\x33\x1c\xb1\x88\xa5\xb2\xc6\xf5\x39\xac\xb4\x8b\x98\xb3\xf7\x34\x1f\x60\x25\x1c\xb6\x04\x29\xcc\xd9\xcf\x32\xf0\x09\x20\x5f\x27\x53\xfb\xbb\x26\xaa\x53\x17\x43\x42\xad\x18\x4d\xab\x68\x70\xc0\xfb\x52\x93\x01\x19\xd9\xf9\x7d\x84\x89\xa6\x00\x76\xaa\xdb\x2e\x96\x05\x4a\xc7\xcb\x7f\x84\xe1\x3c\x75\xbb\xf9\xe4\xd9\x24\xd2\x27\x2a\xfe\xf0\x87\x19\x15\xe2\x43\xce\x66\xfc\x2a\x88\x88\x51\x35\x35\xb1\x0b\xb4\x07\x9c\x80\x6b\xd9\x49\x28\x1e\x28\x28\x35\x23\xd0\xd2\x10\xb3\x1e\xf6\x2a\x95\xdc\xae\x0c\xd2\x52\x90\xc7\xed\xf2\xc2\x4b\x43\x28\x22\xde\xbe\x34\x7f\x1c\xae\x94\x5f\x57\x28\xc7\x1b\x54\x03\xef\x14\xe7\x2c\x3d\x83\x42\xe1\x98\xb3\x62\xee\x20\xf8\x09\xe4\x6a\xca\x01\x5f\x35\x47\x7f\xf8\x9a\xc4\xb3\x7e\x66\x15\x85\x6f\x7e\xa2\x51\xfb\xfe\x13\xf9\x06\x52\x59\xb0\x94\x6a\xae\xf2\x49\x43\x27\x0a\x85\x4d\xe8\x89\x78\x00\x33\xd6\x3d\xda\x54\x47\x99\x8a\x3e\xd7\xe5\x06\xae\xb5\x1e\xa3\x7b\x68\x1a\xc3\x07\x67\x97\xac\xdb\xfc\xc2\x78\x83\x63\x0a\xdb\x72\x26\x0a\x46\xaf\x0a\x60\xd5\x3f\x66\x54\x56\x6e\x20\xd6\x08\x8c\xd4\x8e\x23\xb2\x8d\x81\xf0\xee\xd2\x05\xb9\x2a\xaf\xd9\x61\x64\xd6\xd3\xca\x3f\xc8\xb1\x71\x80\x4e\xe9\xfc\xe7\xab\xae\xd2\xea\x4d\xdf\x9c\xb2\xb3\xae\x73\xa7\x0e\xd6\x3d\xe4\x5e\x14\x10\x14\x28\xd0\xa7\xa2\x26\xdb\x39\xab\x6c\xd0\x43\x74\x08\x0e\x69\x83\xf0\x18\xce\x93\xda\x4c\x89\xac"},
+{{0x15,0xd7,0x5a,0xd8,0xe4,0xaf,0xb1,0x26,0x34,0xcc,0x8e,0x60,0x0f,0x1a,0x42,0x67,0xef,0x95,0x84,0xf4,0xc4,0xac,0x44,0xff,0xfe,0x4b,0x9f,0xcb,0x88,0x5c,0x9d,0x2a,},{0x09,0xd1,0x26,0xf0,0x17,0xe0,0x16,0x97,0x74,0xe8,0xc3,0x7a,0xb3,0x79,0x26,0x3a,0x80,0x75,0x74,0x61,0x27,0xc2,0xd1,0x1e,0xcb,0x0e,0x4c,0xb4,0x54,0x70,0x9f,0xf1,},{0xa8,0xf2,0xf4,0xb9,0xe2,0x07,0x2c,0xa9,0xfa,0xde,0x37,0xfd,0xd6,0x2d,0x8d,0x02,0x42,0xfd,0x4d,0xaa,0x09,0xfd,0x85,0x6e,0x75,0xf4,0xe3,0x43,0xc7,0x26,0x0e,0xa6,0x77,0xf7,0x53,0xa6,0x27,0xae,0xd0,0x8c,0xb9,0x6c,0x44,0x4e,0x29,0xbd,0xb5,0xb5,0x38,0x5d,0x43,0x84,0x3b,0xbe,0x79,0xa3,0xdd,0xa3,0x6e,0x1e,0x11,0x01,0xc5,0x0f,},"\xd1\xce\xa2\xb7\xe9\xaf\xc1\xf0\xfa\xb8\x90\xd2\x70\x0a\x5a\xe4\x1e\x15\xe7\xd3\x4d\x3b\xf1\x9d\x0f\x34\xd9\xf9\xf0\xab\x98\x12\xdc\x7c\x2a\x8d\xc4\x4c\x8e\xe7\xf3\x78\x87\x61\xec\xd9\x88\xee\x72\xc7\x36\xb6\x2a\x7c\xac\x3c\xc9\xb7\x38\xe9\x38\xdf\x77\x87\x37\x7e\xb9\xff\xd1\x20\xd4\xff\x58\xcf\x1c\x06\x75\x63\x3f\x7e\x83\xc4\xb1\x15\x54\x8f\x14\xd2\xf7\x0c\x6d\x48\x22\x11\x44\x3a\x84\x99\x59\x95\x58\xc1\x42\x77\x98\x0f\xa4\x2a\x78\x42\x79\x07\xf7\x3a\x41\xf5\xf6\x69\x3b\x2f\x75\xfe\x5e\x7a\x6f\xf0\xa6\xc3\xa4\xe2\xed\x1d\x0d\x96\x8d\x5c\xc9\xd6\xf1\x3d\x41\xc3\xd2\x91\x39\x6a\xe7\xe4\x34\xe6\x64\xb2\xff\x24\x3e\x7f\x6d\x88\x01\x02\x10\x07\x8c\x39\xb5\xa5\x76\xca\xf4\x09\xbb\x47\x11\xb3\xee\xfc\x48\x6b\x67\xb7\xff\xea\xe0\xcb\xac\x6a\x0f\xbd\xf5\x34\x3f\xb2\xae\x4e\x05\x7e\xdc\x8c\x9d\x2e\xd3\x1e\xae\x9e\xc8\x3d\x2b\xed\xd2\x19\xeb\x98\x9b\x2d\x44\x19\x61\x8c\x2d\x3c\xe4\x49\x0e\x35\xfb\xca\xd4\x32\xb0\x12\x47\x95\xf9\xc5\xcb\xdc\x1e\xb0\xc3\x07\x2b\x4a\xa8\x01\xd2\x6f\xbc\xc7\xb0\x7b\x82\x57\xf5\xfe\x47\xac\xd9\xbc\x58\x7b\x56\x57\xcf\x07\xca\x54\x5b\xb5\x68\xc9\xe4\xe7\x3c\xdd\xf6\x25\x4e\x22\xf7\x8a\xb2\xf8\x06\x45\x19\xf8\xab\xfd\x16\xfc\xfa\x90\xf8\x76\x87\xdb\x0c\x42\x09\xbe\x2c\x6c\x79\xa5\x52\x1f\x44\x18\x96\x78\xd9\x32\xc5\x45\x85\x70\x0a\x24\x37\x70\x2e\x56\xaa\xb5\x88\xa1\x7c\xb2\xcc\x94\xc0\x0e\x87\x57\x0e\xf3\xac\x51\x33\xd7\x53\x03\x8a\xa4\x65\x10\xa2\x60\xc1\xfe\x80\x47\x9b\xc0\x2e\xed\x9a\x8d\x1d\xe9\x93\x54\xac\x26\x48\xb4\x8b\x96\xab\x1b\x80\xcc\xa6\xca\xe1\x87\x7f\x37\xd7\x04\x28\xbb\x50\x85\x0e\x03\x08\xdb\x0b\x42\x30\x87\xbf\x7d\xde\x27\x9e\x09\x67\x66\xf2\xab\x3a\xb2\x38\x5b\x04\x64\xa5\xbe\xd7\xbb\xd8\xd4\x57\xe9\x35\xe2\x00\xaa\xaa\x8d\x95\x15\x70\xe0\x53\x07\x6d\xb1\x8a\x6a\x62\xf7\x2b\x31\x95\x79\x88\x4a\x08\x26\xba\x2b\x43\x63\x71\xdd\x21\x8b\x01\xa0\xc5\xe5\x8d\x0c\xd5\xff\x98\x25\xe4\x46\x6f\xe9\x66\xdf\x05\xcc\x31\xc8\x03\xe5\x21\x21\x83\xdd\xf2\x9c\xef\x7f\xb9\x16\x48\xa4\xf8\xee\x19\xfd\x5f\x8d\xbd\x8a\x56\xbe\x7a\xbf\x33\x65\x9a\x92\x24\xa1\xe2\x7a\x10\x24\xef\xfd\xfb\x88\xe8\x80\x61\x48\xd0\xd1\x78\x09\x06\xaf\x1e\xbe\x3e\x5f\x14\x36\x31\x90\xd8\x8c\xc6\xe5\x08\x94\x44\xf1\x25\xd0\x63\x15\x5d\xcf\x86\xca\x92\x63\xf2\xf5\xf1\x83\xc2\x69\x74\xfe\x00\x0b\x93\x42\xd2\x4c\x78\x1e\x20\x58\x28\x7c\xb6\xf3\xf1\xe3\x27\x0c\x22\xb7\x70\x7b\x83\x23\xa5\xcc\x8d\xb8\x1a\xa9\x06\xbb\x59\xd6\x96\xcb\x97\xcc\x74\xe3\x59\x59\x5f\xfb\x83\x73\xca\xd3\x71\x0e\xa0\x9e\xa9\x74\x4c\x20\xe9\xa1\x2e\x05\xbe\x5a\x95\xf0\x85\xac\x56\x16\x78\xd7\xda\x43\x2e\x4c\x7c\xb5\x3e\x12\x71\xdf\x5c\xd5\xa3\x39\xd2\xd7\x52\x0f\x1c\x18\x48\xd1\x50\x71\xd8\xc6\x98\x46\xb2\x3c\x5d\x24\x32\xc7\x38\x90\xf2\xed\xed\x37\xc3\xd2\x96\x4a\x4b\x5b\x55\x22\x58\x88\xe8\x92\xf5\x26\xd1\xca\xc3\x1e\xac\x35\x6f\x36\x1c\x2b\xf3\x36\xc4\x62\xd6\x0c\x82\xe8\x2b\x61\x6f\x2a\x51\x9c\x2f\x67\xbf\x01\x29\x03\x69\xbe\x9b\x55\xe9\xf5\xc8\xce\xc4\xf2\xe1\xb2\xab\x30\x25\x06\xc9\x03\xdc\x3e\x7b\x9c\x97\x81\x41\xdc\x90\x4b\x01\xb1\xc2\x3d\x25\x00\x43\x99\xbf\x8b\x73\xd6\x9c\xd5\x39\xc7\x9a\xf5\xe9\xa0\xa5\x11\xec\xa2\x21\x07\x8a\x1f\xf7\xb0\xf6\x04\xae\xa8\x42\x46\xc3\xcb\x32\xdb\x93\x81\xbe\x12\x17\x67\xe0\x97\xbe\xa5\x17\xbf\xcd\x82\xdf\xe9\x21\x37\x98\x40\xef\xb4\xb6\xf0\x2a\x48\xec\xda\xf1\x2d\x2c\xd3\x89\x30\xd4\x47\x3a\xdf\x97\xcd\x71\xdc\x4e\xa1\x03\x82\xf4\xf5\xd1\xdd\x75\x62\xcd\x4b\xf5\x11\x59\x32\xf6\xc4\x70\x0a\xa8\xfe\x8d\xec\xa9\xd5\xe7\x27\x79\x02\xb8\xf8\x86\x52\x97\x65\xdb\x24\x86\x07\x4b\x23\xa1\x9f\xd4\xb0\x43\x56\xbf\xa6\x22\x6c\x82\xba\xf6\x9a\x08\x7d\x9c\xa1\x88\x23\xf8\xe3\xe6\x83\x08\xe1\x6b\x80\x4c\x36\x3d\xf5\xb6\x30\x7e\x76\x24\x0d\xb1\xed\x84\x1b\x61\x2d\x65\x54\x8d\xdf\xbe\x83\x67\xda\x60\x77\x2c\x6a\xff\x55\x4d\xc8\x5d\x04\x19\x48\x34\x5e\x56\x7d\xa9\x33\x31\x51\x85\x8f\xdf\x69\x93\x27\x39\x25\xbf\xdc\x71\x81\xb5\xf6\x46\xd0\x63\xa8\xc8\xf3\x10\x56\x9b\x0e\xd0\x93\xbd\x9d\xff\x04\xfe\xbf\x0b\x41\xc6\xdc\x55\x16\x9a\x14\xa3\xc8\x62\xe5\x41\x6f\x1e\x58\x2f\xde\xe8\xfe\x87\xdc"},
+{{0xbf,0x3c,0x0c,0xbb,0xbe,0x20,0xbe,0x2a,0xcf,0xaf,0xb2,0x7a,0x36,0x11,0xb4,0x89,0x21,0xa7,0x28,0xab,0x17,0x33,0x4b,0x8a,0xfd,0xee,0x83,0x05,0x17,0x8f,0x61,0x3b,},{0x45,0x00,0xa0,0x3c,0x3a,0x3f,0xc7,0x8a,0xc7,0x9d,0x0c,0x6e,0x03,0xdf,0xc2,0x7c,0xfc,0x36,0x16,0xa4,0x2e,0xd2,0xc8,0xc1,0x87,0x88,0x6d,0x4e,0x6e,0x0c,0x27,0xfd,},{0x8f,0x87,0x03,0xbc,0xf4,0xc0,0x32,0x94,0x17,0x33,0x9e,0xb0,0x26,0xf2,0xb7,0x2d,0x31,0x4d,0x92,0x2e,0x9a,0xcc,0xb5,0xd8,0xbb,0x7e,0xec,0x87,0xe0,0x7e,0x61,0x38,0x55,0x16,0x72,0xa6,0x13,0x2c,0xb4,0xf8,0x75,0x50,0x8e,0xd3,0x29,0x95,0x67,0xb4,0xa7,0x41,0x34,0xd2,0xbd,0xf0,0xd8,0x57,0xf9,0x80,0x86,0x1d,0x18,0xbe,0x7e,0x01,},"\x8f\x30\xba\x2f\x79\x2e\x9a\x97\xf6\xea\xfe\x29\xf9\x76\xa4\x80\x28\xcb\x88\x57\xb5\xc7\x98\xbc\x2b\x61\x68\xc4\x64\x44\xc0\xce\x69\x60\x70\x37\x4c\x5e\x6a\x40\xc3\xd1\x8a\x5d\xc7\x66\x9f\xc4\x1d\xb9\xa8\x1c\xff\x75\x9b\x8c\xa0\x15\x98\x71\xc3\x44\x2e\x8c\x75\x12\x69\x8f\xa4\x47\xb5\x78\x3e\xe0\x1d\x1b\x61\x14\x49\xab\xad\x23\x71\x62\x92\x2b\x02\xd1\xae\xc5\xde\x1d\x66\x6f\x17\xda\x16\x13\x10\x63\x01\xd3\x05\x86\xd1\x16\xe2\xac\x09\x00\x7d\xd7\x1e\x81\x23\xed\xe4\xc5\xa6\xa9\xac\x07\x7f\xe3\xd9\x39\x09\xda\x62\x8e\x86\x58\x70\xa4\xe2\x5c\xb3\x55\x91\x67\x5a\x06\x90\xbe\xc4\xaf\x02\x81\x71\x4f\xe6\x66\x1b\xd5\xc0\x0a\x27\xd7\x9f\x95\x9f\xb4\xd4\xfb\x16\x36\xa6\xa3\x57\x5f\x4f\x01\x47\x06\x63\x89\x9d\x73\x74\x72\xb0\x96\xbe\x4d\xb7\x23\x71\x53\x67\xa4\x1a\x3a\x4c\x13\xf7\x42\xd9\x08\xf4\xd9\x21\xcf\xdd\x15\x6e\x75\x86\x82\x61\xba\x9c\x10\xd8\x58\x74\xca\x2d\x6c\x0c\x9e\x72\x95\xe5\x66\x2b\xd9\x16\xa3\x63\xc7\xa7\x96\xea\xd6\x17\xc4\x25\x1e\x67\x94\xda\x06\xc3\xd0\x8f\x2f\xdc\x38\x86\x94\x4a\x75\x09\xe6\x40\x9c\x90\x6b\x59\x31\x13\xb4\xb1\xf9\x85\x01\x32\x96\x0d\x9f\x3a\x4e\xeb\x73\x86\xfa\x59\x2f\x61\x93\xbe\xab\x8e\x0f\xf0\xf2\x89\x08\xa0\xd5\x48\xdb\x87\xba\xe9\x78\xb0\x5a\xbb\xca\x9b\x3e\x96\xd8\x79\x5b\x88\x07\x7f\x62\x0f\x21\x24\xe3\x15\x90\xeb\x09\x9e\x94\xe0\xe6\xe3\xcd\x62\x0a\xe6\x29\x0f\x3e\x2d\x01\x46\x7e\x5b\xef\x4f\xab\xde\xf7\x9d\x9a\xb9\x23\x9e\x75\x3e\xc4\xfa\x0b\xb1\x10\xff\x1d\x39\x3f\xca\x02\x24\x35\x02\xd7\xe9\x87\x99\x1e\xb7\x6d\x08\xf8\xbe\x7e\xb2\xb1\xee\x00\xc3\xb6\x8b\xbf\x72\xa6\x23\xba\xa1\x5b\xe8\x96\xb3\x21\x5e\xbe\x8a\x82\x31\x31\x09\xfc\x62\x9b\x0c\xce\x64\x91\xf8\x13\xc2\x49\x70\xe4\xff\xe6\x86\x9e\x40\xb4\x6b\x4e\xd2\x29\x86\xd0\x04\x21\x55\x27\x6c\x23\x0d\xe4\xc0\x5d\x67\x85\x52\xf2\xe8\x51\xca\xcf\x5a\x47\x21\x57\xdb\xb1\xa9\x9a\x2b\x42\xff\x40\x37\xf0\xdc\x63\x80\x67\x29\x21\xc9\x09\x20\x6e\x80\x05\x0e\x61\xa6\xb3\x05\x6b\x17\xe3\xae\x83\x50\x09\xb2\x04\x19\xa3\xb9\x84\x6d\x37\x48\x92\xe7\x19\xf1\xb3\x5b\xc1\x25\x7d\xa9\x3c\xcc\x6d\x8f\x8f\xca\xa8\xe6\x09\xa8\xd2\x04\xdf\x10\x8b\xe7\x19\x34\x67\xe7\xf1\x05\x93\x52\x82\xc3\xfe\x66\x70\xa5\x32\x94\x42\xea\x3e\xdd\xa2\x37\x6a\x03\xa1\xcf\xe8\x72\x3a\x90\x9c\x06\x4d\x30\xfe\x9b\xb0\x21\x2c\x33\xaf\xe2\xbe\xa3\x0c\x91\x43\xc0\x01\xda\x01\xc7\xed\x50\x45\x59\xb9\x7f\xe2\xce\xa0\x9b\xeb\x9d\xb5\x19\x00\xdc\x13\x67\x05\x92\x1e\x20\x29\x78\x45\xba\x72\xa9\x7a\xa7\xc9\x53\x81\x45\x71\xbe\x3f\x08\xce\xf9\x68\x04\x5a\x5a\xc3\x40\x04\xf6\x7f\xbf\xa5\x4e\x99\x6b\x31\x1b\xd8\xdc\x52\x7d\x89\xe1\xd4\xf5\x34\x53\xa6\x71\x37\x20\x10\x1c\x45\xa6\x0e\xe3\xa0\x5c\x2e\xe6\x6f\x13\x4b\x5a\xf4\x0e\x4b\x70\xef\x37\xba\x3f\x0a\xfd\xef\xc0\x39\xf3\x42\xc2\x8a\xf9\x19\x82\x51\x38\x1a\x10\x79\xa5\xdd\x03\x5a\x8c\x28\x97\x6c\x6b\x7f\x4d\xb0\x9e\xa3\x83\xa3\xa8\x7f\x0f\x85\x1f\xd3\x31\xae\xa7\xfa\x4b\xfc\xd9\x56\x31\xd6\x52\xfa\x2f\x50\xf1\xc2\x3f\xf2\xbc\x13\x7a\x06\x04\xe3\xd9\xf3\x9c\xcb\x96\x51\x45\xbc\xa4\x8b\x06\xdc\x8a\x81\x75\x47\xb6\x25\xef\xfa\x79\x6d\x00\x0c\x37\x74\xba\xd1\x98\xdb\x12\x41\xbe\x7a\x2c\x0d\xc4\xa4\x64\x1b\x9a\x8c\xb9\xcb\x8c\x8c\x38\x87\x57\x6f\x52\x72\xc3\x3a\xaf\xfe\x45\x61\x5f\x51\xa9\x6f\xae\x76\xcf\x51\x25\xbc\x69\xad\x0a\x40\x38\x79\x07\x99\xb5\xc2\x62\x44\x21\xa6\x43\x3d\xba\xb3\x9c\xcc\xb0\xb1\x78\x7b\x5b\xce\x28\x95\x94\x48\x9d\x17\xed\xb5\xf9\x31\x03\x74\x80\x7d\x36\xc6\xe6\x73\x47\x26\xbb\x33\x00\x4e\xca\xe8\xbb\x69\x1d\xcd\x38\x76\x01\xf4\xea\x91\x1b\x4b\x90\xeb\xff\x75\x6d\x7d\x8d\x9e\xb4\x22\xcb\xb9\xaa\xf7\xf4\x77\x2e\x0a\x54\x36\x43\x06\x85\xe5\x7b\x69\x74\x54\xe8\x2e\xea\xdc\xe4\xab\xa0\x62\xb7\x76\x82\xcf\x21\x9b\xe1\xfd\x9b\x00\xf1\xcb\x11\x35\xa1\x02\x13\x49\x53\x9a\x4b\x93\xae\x21\x3f\x19\x3d\x29\x32\x73\x8e\xf7\x29\x20\x49\x9b\x7b\xe2\xa8\x1c\x9b\xaa\xed\x17\xc5\x46\x41\xa5\x97\x4d\x27\x22\x32\x41\xe3\xc6\xa0\x95\x22\x6b\xd2\x37\xe0\x59\x1e\x00\x2b\x3a\xf0\x56\x5d\xf3\xe9\x76\x42\x0f\x97\x64\xa0\x9a\xe8\xbf\xa2\x79\x5f\x8f\xad\x7f\xc6\x87\xbd\x2d\xe2\x3d\x14\x88\xf4\x49\xd8"},
+{{0x28,0x7f,0xaf,0xd2,0x13,0x74,0x57,0x2f,0x57,0x81,0x00,0x47,0xd0,0xd9,0x8c,0xb1,0xff,0x3d,0x01,0x20,0xfa,0xa4,0x88,0x61,0x32,0x24,0x57,0x32,0xc1,0xa6,0xab,0x78,},{0xe8,0x25,0x20,0x63,0xf5,0xad,0x7e,0x95,0xbd,0x05,0xc5,0x02,0xa8,0xbc,0x4a,0x17,0x55,0x63,0x60,0x86,0x9b,0x9d,0xe0,0xa3,0xb8,0x58,0x93,0x8e,0x11,0x11,0x76,0x19,},{0x62,0x01,0xe3,0x05,0x91,0xd3,0x6b,0x7b,0x22,0x6e,0x36,0xfd,0xf5,0x64,0x34,0xc4,0x7c,0xd3,0x05,0x18,0x37,0xaf,0x31,0x31,0x3a,0x99,0x17,0xfd,0x02,0xdd,0xed,0x2b,0x5b,0xbb,0x4b,0xbc,0x36,0x8b,0x3b,0xd1,0x5d,0x06,0x20,0x45,0xf1,0x05,0xb6,0xe7,0x34,0x1b,0x15,0x15,0x0d,0x36,0xf9,0x00,0x87,0x59,0x1d,0x83,0x99,0x01,0xb8,0x01,},"\xb3\xc4\x43\xe4\xe5\x89\x9c\x16\xd3\x9e\x81\xb4\xf8\x07\x40\x42\xa9\x04\xa7\x35\x07\x4b\x27\x95\xd9\xac\x06\xb1\x37\x9e\xf7\x61\x8d\x2a\x53\x4b\x6b\xef\x81\x56\x9e\x60\x71\x92\x67\xbf\x29\xcd\x9d\x16\xac\xc9\xa1\x74\xd8\x02\x6b\x14\xb1\x27\xd0\xd2\xd8\xb4\x58\x39\x98\x89\x5a\xd7\xef\x72\xfe\xdc\x53\xb8\xf0\x8a\x22\x50\x10\x0e\x1f\x1f\x0a\xab\x48\xbc\x70\x74\x64\x34\x88\xe6\xb6\x70\xe1\xb0\x72\x7c\x38\x5a\x34\xff\x65\xa0\xd7\xe8\x3b\xa8\x60\x83\xb8\x73\xdf\xf0\x55\x92\x09\xb1\x4b\x2a\xc4\x2b\xf7\xc5\x72\xd0\xc5\x91\x7a\xc4\x2e\x4a\xe4\xda\xe1\xdd\x42\x35\x79\x52\x76\xa0\x76\x13\x2c\xfe\x3e\x0c\x35\x0b\x26\x58\x0f\xbb\x3a\xf8\x17\x77\xb9\x3a\xd9\x5c\xb7\xff\x17\xc2\xd9\x80\xce\x0d\x49\x2f\x6d\x40\xfa\x90\xba\x3f\xca\xa2\x1b\xb6\x87\x35\xee\x1e\xf2\x08\x49\x5e\xbf\x7b\x02\x27\x6f\xfa\x1e\xfc\x08\x16\x58\xbb\x44\xcd\x27\x61\xef\x5e\x3e\x1c\xa6\x0e\xc8\xb5\xd8\x16\xd4\xab\xac\xd0\xbc\xc8\x02\x68\xd8\xf4\xdf\x8b\x3a\x52\x04\x9d\xb0\x15\x7e\x2b\x6e\x81\xac\xd6\xf3\xf2\x89\x47\xc0\x76\x27\x95\x5c\xda\xc9\xea\xa1\xde\x17\xd4\xb9\xda\xa3\x61\xfb\x49\x78\x26\x64\xd7\xd6\xd2\xca\x5c\xec\x6d\x14\x89\x3c\x3e\x80\xb6\xd1\x6d\xaa\xcf\xfc\xc0\xb7\x59\x37\xe8\xbe\xf6\xf9\xe1\x12\xa8\x7f\x4b\x03\x5f\x90\x36\x07\x0a\x2c\xcc\x55\xc2\xaa\xd9\x39\xdf\x67\x4f\x7e\x4e\x12\x68\x5e\x01\x6e\xa0\xe4\x90\x2a\xaa\xaf\xaf\xfe\x38\xdd\xb2\xf9\x0d\x9c\xf7\x85\x37\xf6\x13\x91\x69\x6f\xf0\x33\x0a\xe8\xf7\x9a\x1c\x1e\xd5\xd5\x2b\x4e\xe2\xa6\x2d\x90\xfb\x82\xd9\xa4\x83\x93\xfa\x33\x81\x0b\x40\xd0\x45\x59\x02\xd5\x74\xff\x05\x20\x03\xe0\x16\x0c\x0f\x47\xb5\xe5\x80\xa0\x78\xbc\xee\xf0\x60\x73\xdd\xa8\xb2\xd1\xf1\x04\xa5\x95\xe9\x0b\xb6\xa4\x8e\xdd\xd8\x65\xf1\xca\xe4\xf1\x78\xfe\x22\xe7\x5f\x2f\x61\x24\xa9\xda\x06\x82\x44\x71\x12\xb3\xdb\x5b\xe8\xc4\x24\x72\xb2\x41\xe9\x44\xfd\x23\x70\xc2\xdc\x27\x15\xc0\x5a\x41\xbd\xbc\x89\x0c\x41\xc6\x5f\xb0\x8c\x2f\x59\x31\x74\x39\x1a\xc8\x80\xf3\xcb\x67\xd1\xb7\x4f\xf8\x02\xef\x96\x2a\xfe\xf7\xb9\xf3\xea\x32\x6f\x95\x27\xe7\xfb\xa6\x98\x18\x79\x24\xb6\x4c\xcd\xd0\x86\x62\x48\xc7\x6e\xe6\x4c\x79\x06\x9b\xe0\xa0\x57\xb1\x0a\xe1\x90\xf3\x8f\xf5\xab\xa8\x44\xe3\x93\x31\xcf\x1d\xb1\x3c\x90\x09\x06\xbe\xe0\xd7\xe7\x54\x6e\xf5\x23\x24\xe3\x7c\x59\x06\x75\xf1\x39\xf5\x8f\x57\x3a\x49\x4f\x4a\xe8\x2c\x4e\xc8\x10\x66\xa6\x8e\x2d\x92\x90\x01\x91\xc4\x7d\x30\x62\xf0\xf9\xaa\xed\x19\x11\x37\xcd\xa9\xb8\x3c\xd1\x30\xe8\x26\x29\x60\xe6\x24\x4f\x8f\x6e\xf3\x9f\x15\xa4\xfe\xd1\x3c\xb6\x69\xed\xc1\x9f\x5c\xe1\x62\xce\xb8\xd2\x42\xb9\xad\xdb\xfb\xa8\x77\x2c\xe7\x49\x85\xa5\xf3\x72\x0d\x59\x0a\x92\x0e\x1d\xca\x75\xa8\x79\xb1\xaa\x45\x9f\x74\x62\xff\xf2\xe9\x50\x72\x76\x1b\x20\x92\x54\xfe\x38\xc5\x4d\x83\x3a\x8e\x2c\xb8\xfc\x40\xc5\x98\xf3\xc7\xf7\xd6\xc5\x70\x57\x15\xd0\x30\x8d\xc3\x0e\xaa\x84\x67\x6d\x20\x9d\x7b\x7b\x31\x34\x47\x56\xe6\x9a\x9a\x4c\xb4\xe4\xa2\x51\x81\x7a\x37\x86\xfe\xa6\x72\x8d\xd6\x08\x22\x33\x6b\x45\xae\x5d\x47\xc7\x04\xb4\x5c\x4c\xad\x38\xc1\xe0\x1a\xb9\x3d\x14\x16\x92\xd5\x5d\x12\xfd\xb9\x74\x0f\x1d\x18\x15\x82\xf1\xc4\x8c\xe5\x43\x48\x60\xd9\x30\xf0\xe7\xe7\x0e\xdc\xff\xb8\x55\x60\xa5\x3d\xba\x95\xd5\x7b\x31\xe8\x92\x41\x37\xbc\x2c\x19\xe3\x4b\xb9\xc9\x86\x68\x77\x17\x42\x80\xe8\x0c\x23\x97\x8d\x57\x79\x58\x64\xa7\x37\x4a\xef\x38\x3f\x3b\xf6\x37\x53\x59\xbf\x63\x56\x47\x40\x09\x84\x61\xa6\xc7\x6e\x8f\x23\x89\x13\x28\x87\x69\xa1\xcb\x1c\x95\xb2\x2c\x32\xa9\xeb\xb3\xec\xeb\x04\x8e\xe3\x24\xcf\x0d\x7e\x85\xa3\x89\xb0\x4d\xed\xbb\xcb\xee\xf2\x98\xd0\x52\x78\x16\x08\x5c\x0c\x83\xef\xaa\x29\x85\x46\xe8\x39\x0b\xd1\xbf\xe4\x65\xec\x1b\xaf\xae\x69\xee\x52\x18\xe7\x2c\xae\xdb\x9b\x64\x9c\xf7\x3e\xec\x45\x4a\x2b\x48\x49\x65\x17\x96\x72\xde\xbc\xf9\x44\x13\x63\x99\x5a\x8a\x90\x7d\xe1\x7d\xc0\x68\x4f\x2a\xea\x57\x9a\x2f\xb4\x48\x41\x95\xdb\x41\x15\xca\x32\xe9\x70\x52\x6d\xc0\x0a\x5c\xac\xaf\x58\x87\x11\xdb\xd4\x69\xce\x80\xbd\x29\x7c\x4f\x41\xd6\xfa\x28\xa5\x97\xc6\x37\x2c\x0d\x21\x49\x60\xb5\x45\x98\xcd\x8b\xc8\x49\xeb\xdc\xa3\x6d\x62\x25\xb2\x0d\xec\x0d\x03\x11\x69\xce\xbb\x36\xea\xdc\x3a"},
+{{0x9a,0xd0,0x49,0x10,0x08,0x51,0xd0,0xf7,0x9b,0x71,0x12,0x25,0xc9,0x88,0x47,0x79,0x5a,0xcf,0xc3,0x60,0x1c,0x14,0xb8,0xa9,0x77,0x8d,0x62,0x70,0xcd,0x4c,0x05,0xed,},{0xe7,0xca,0xcf,0x4f,0x37,0x14,0x54,0x3c,0x27,0xa3,0xe9,0xed,0x83,0x3b,0xaf,0x3b,0xde,0x4c,0x09,0x56,0x3b,0xef,0x59,0xe7,0x63,0xfa,0xb7,0x1f,0xb5,0xe4,0xff,0x56,},{0xfe,0xc0,0xaf,0x34,0xcb,0xc5,0xcf,0xfc,0x56,0xe9,0x6d,0xd5,0xed,0x59,0x68,0xe5,0x2c,0xbd,0x42,0x69,0x84,0x4f,0xc3,0x0e,0x3a,0xb0,0xd3,0x47,0x2b,0x5d,0x18,0x0c,0x8d,0x1b,0x76,0x90,0x51,0x8f,0x41,0xf1,0x44,0x38,0xe7,0xf3,0xa8,0x3d,0x5e,0x89,0x76,0xcb,0x9a,0x26,0x15,0x1f,0xc4,0x14,0x9a,0x32,0x98,0xd7,0xe4,0x2c,0x05,0x03,},"\xc2\x84\xbd\xd8\xf8\x27\x5b\x49\xac\x80\x8c\x39\x04\x5e\x50\xe1\xed\x50\xc8\xa1\xaf\xd0\x11\xaf\xe5\xdb\x3d\xda\x62\x0b\xe8\xae\xc3\x7f\x45\x60\x57\x62\xe2\x25\xd0\x41\x11\xf2\x1b\x49\xfc\xef\xca\x3f\x3d\x5f\x81\x3b\x20\x20\xa5\x2c\x49\xf9\x5c\x4a\xd6\x1c\xa2\x14\x61\x8a\xde\x7e\xed\x6c\xd8\xd3\x14\xdc\x4c\x63\x55\x95\x52\x77\xd4\x57\x46\x2f\x03\xb9\xfb\xa2\xe2\x25\xb1\xb5\x37\xcd\x4b\x52\x37\x50\x5c\x90\xd4\x32\x05\xe1\x71\x5c\x39\x63\xcc\xfb\xec\x37\x9e\x6c\x17\x05\xe0\x80\x34\xa3\x1a\xfc\xe6\x46\x72\x7e\x78\xa2\x0e\xed\x88\xae\xb0\xdc\xda\xbc\x5c\x86\xe8\x69\x79\xe6\x3a\x5c\x26\xc3\xe2\x17\x79\x73\xb6\x98\x3c\xeb\xfe\xda\x9f\x31\x47\x93\x61\xb6\x61\x76\x3a\xa7\x26\x1c\x09\x39\xca\xd4\x8b\x71\x90\x8e\xa9\x07\x68\xbb\x6c\x95\x83\xd8\xea\xeb\x9e\x03\x38\x51\x5a\xca\x12\x42\x62\x6d\xc6\xbe\x04\xec\xc4\x42\x9e\x4c\xbb\x4f\xf3\x36\x09\x61\x92\xf7\x50\x1e\xc4\x71\xb5\x96\xa9\x9d\x4c\x02\x75\x82\xcc\x69\xe2\x04\xb6\xfb\xcd\xdf\x59\xf5\xbf\x74\x62\xdd\xcd\x59\x89\x12\x1f\xd1\x0f\x11\xa0\x67\x5b\x6c\x4e\x4f\x65\x20\xd2\x7d\x7c\x61\x43\x1b\xa7\xd1\x74\xf5\x73\x95\xa0\xbf\x72\xd3\x8c\x11\x42\x73\x6d\xed\x6b\x91\xe4\x81\x1c\x0e\x85\x41\xa6\xc0\xd9\x96\xc5\xa1\x7d\xc9\x7d\xb3\x88\xf7\x21\xd2\x35\x7d\x3c\x6a\xf5\xc8\x6b\x1d\x5e\x47\x6e\xa0\xac\x0b\x1c\x11\xd4\x38\x7f\x76\x90\x39\xbd\xf5\x38\xa0\x21\x6e\xdd\x00\x45\xee\x6d\xd8\x9e\xef\x82\xa4\x25\xa8\x3f\xaa\x1b\x12\x80\x70\x38\xca\x19\xeb\xec\x00\x2e\x8b\x3c\x15\x34\x4c\x61\xcf\xd1\xe5\xf0\xe3\xb0\x27\x3d\xeb\x37\x27\x8c\xf1\x97\xd8\xa8\x3b\x13\xd9\x92\x30\x8a\x51\x37\x3e\xb3\x81\x14\xc9\xe4\x5b\x43\x87\x80\x27\x7d\x1e\x32\xf3\x97\x29\x62\xa3\xe1\x4a\x8d\x08\xdb\x9f\x09\xae\xc3\xdd\x32\xa5\xb9\x94\x23\xe6\x1f\x5e\x79\x94\x4a\xb5\x7a\x36\xf6\xec\x07\xcc\x32\x04\xf9\x16\x5e\xe0\x21\xad\xa9\x3e\x6f\xec\xb7\xec\x45\x6a\xa0\x28\x8c\x37\x8a\x75\xaf\xd6\xe9\xda\xd6\xc6\xf8\x8e\x95\x9a\x2c\xf2\x8b\xfe\x56\xd2\xe6\x1b\x2a\xda\xec\xf0\xd8\x6d\xd8\x92\x8b\xce\xda\x26\xb0\x54\x02\x46\xb7\x33\x7f\x5c\xdc\xec\x11\xfb\x0c\x1a\x59\xd6\x31\xfc\xca\x19\x40\x8f\x95\x22\xb6\x8a\x39\xf8\x6e\xf9\x70\xb8\x83\xa0\xf0\xbd\x6b\x7b\x14\x15\xec\x9a\xa0\x43\xb5\x2e\x19\xba\xc1\x76\xd6\x7b\x79\xe2\xa5\xdc\xa8\xbf\xd2\x91\x02\xac\x60\x8e\x47\x3e\x9f\x98\x2c\x3e\xc8\x93\x2d\x8a\xa8\xcd\x56\x52\x84\x49\x1d\xe5\x2f\x51\x6b\x9e\xbf\xb7\xdb\xe1\x29\x95\x11\xae\x73\x2c\x2a\xd1\xee\x49\x92\xb0\x77\xfa\xff\xc6\x5f\x48\x8f\x1b\xa2\x15\xda\x69\x79\x60\x09\x71\x19\x6d\x0f\xf3\xa0\x8a\xd9\xf0\x0e\x82\x9c\x1d\xe1\xaf\xca\x10\xca\x47\x6b\xe6\x64\xaa\xd2\x61\x88\x9b\x0e\xb7\xae\xb6\xed\x86\x37\x61\x89\x00\xac\xf4\x81\xe2\xd2\x24\xec\x64\xa6\xe6\xcf\x4f\xa4\xdf\x73\x1b\x7a\x4f\xee\xff\x25\x80\xc9\x9b\x6d\x75\xb4\xdc\xd0\x97\x69\x65\xcb\x2b\x0b\x56\x35\x22\x78\x42\xd0\x8a\x7d\x90\x7a\xae\xbc\x2f\xde\xd8\x00\x98\x11\xdc\xdd\x73\x35\x49\x21\x75\x3b\xc5\xde\xc0\x17\x68\x93\x35\xf5\x6d\x0f\xb7\xae\x21\x3b\x41\x79\x2b\x1f\x4e\xb1\x4a\x24\x53\x59\x77\xa3\x05\xb1\x9e\xb9\x83\x8d\xc6\xb5\x15\x28\xb9\x8a\x39\xbd\xa0\x60\x10\x71\x7a\x20\x8c\x34\x7a\xa1\x58\xee\xcd\xfd\x9a\x04\x72\xd3\xb8\xd9\x20\xf9\x69\xe1\x2b\x65\x91\x9b\xda\x38\xb4\x61\x94\x98\x50\xcc\x9c\xc1\x8d\x8e\x3b\xaa\x8c\x88\x6d\x93\xcd\x09\x6a\x20\x9d\x54\x3c\xa3\x37\x5f\xc4\xe7\xd6\x51\x03\xcb\x64\x24\xbe\xab\x44\xe8\xbc\x4a\x5b\x62\xc2\x9a\x01\xbc\xf4\x4d\xcc\x61\xe7\x67\x5c\x02\x5d\xec\x07\x24\x20\x01\x94\xbd\xe7\x4d\x72\xc0\x2e\x94\xa9\x46\xa7\x52\xf3\x60\x84\x57\xfd\x91\xf2\x92\x71\x57\x71\x48\x7d\x26\xca\xd4\xe5\xcf\x6e\xf7\xc6\xf7\x16\x27\xa4\xda\xf8\xa4\xc9\xb8\x91\xc1\xee\x8f\x04\xae\xaa\x99\xfe\x0c\x8b\x4e\x83\x3b\x76\x09\x06\x6b\x61\x32\xa9\x68\x89\x0e\x26\x95\xda\x22\xb2\xd8\x57\xc8\xc0\xad\x91\x87\xc9\x60\x69\xe4\x76\xe2\x7e\x46\x32\xc4\x47\xee\x76\x71\x4a\x31\xd1\xe5\x14\x9e\xcb\x33\x7e\xe1\x32\xf3\x55\x2d\xa3\x3a\xb2\xd6\xfa\x9d\x7e\x93\xf6\x8a\x77\xcb\xf1\x91\xcb\x06\xbc\x22\xf3\x47\x0a\xf6\xd7\x58\x1e\x3a\xcc\xbe\xca\x0b\x6f\xeb\x08\xa1\x4b\x9a\x80\xc1\xef\x59\x37\x4c\xcd\xc0\x52\x3c\x36\x84\x50\x4c\x01\x04\xbb\xa2\x2c\x10"},
+{{0xde,0x54,0xe1,0x3f,0x9e,0x2c,0xc7,0x54,0x54,0x6c,0x99,0xb3,0x3b,0x3d,0x72,0xf4,0xd1,0xf7,0x71,0x50,0x38,0xa9,0x65,0x9f,0x33,0x63,0x65,0x77,0xbb,0x52,0x6a,0xdb,},{0x36,0x33,0x8d,0xb3,0x32,0x6b,0x00,0x5e,0x5c,0x61,0xff,0x78,0x2b,0xe2,0xea,0xb1,0x66,0xd4,0xeb,0x72,0x34,0xa9,0x8e,0xa1,0xcd,0x85,0x5e,0x1a,0xd5,0x35,0xe9,0x4c,},{0x37,0xac,0xa8,0xf2,0x48,0x39,0x4a,0x9e,0x04,0xd0,0x6a,0x7d,0xa8,0x4a,0x7d,0xef,0xa3,0x9d,0xe4,0xda,0x2b,0xcb,0x18,0xd5,0xf6,0x4c,0xc3,0x4d,0xb0,0x86,0x51,0xaf,0x4a,0xbb,0x19,0xfa,0x2a,0x92,0xa7,0xdd,0xa5,0x6e,0xc9,0x93,0x0b,0x81,0xae,0xbd,0x23,0x99,0x05,0x11,0xf6,0x84,0xc6,0xd1,0x5b,0xa5,0x95,0xf7,0xd4,0xa2,0x74,0x0e,},"\xdc\x40\x41\xad\x61\x42\x3a\x12\xa0\x41\x13\x18\xa6\xe6\x2a\x5e\xf6\x4a\x19\xab\xe2\xd9\x85\x22\x97\xbe\x2d\x4a\x35\xeb\x86\x70\xca\x36\xc5\x21\x53\x1b\x30\x38\xac\xda\xee\xa2\xea\x01\xa0\xb6\x18\x78\x62\xa4\xe1\xa8\x9d\x4b\x81\xc5\x31\x8e\xd4\xd6\x71\x31\xbc\x38\xf8\x41\xa1\x42\xa2\xf6\xf3\x16\xdf\xf0\x76\x93\x9d\xc0\xeb\x81\xb2\x30\xfe\xa9\x88\x1f\x8f\x0f\xf7\xed\x0b\x29\x3f\x69\xb2\x89\xfe\x77\x08\x81\xfb\x37\x10\x80\x8e\x8e\x59\xe6\x4e\x19\x0c\x1e\x37\x9b\x9d\xd3\x48\xb0\x2c\x23\x47\xd7\xe2\x06\x96\x79\x0b\x62\x77\x6a\x2e\x82\x5b\xed\x69\x17\x03\x7c\xb6\x35\xc9\x2f\xbc\x76\xb4\xc5\x85\x10\x27\xe7\xf1\x38\x52\xee\x7e\x7c\x52\x57\x3a\x90\x30\xb7\x9f\x22\xb6\x0d\x58\x69\xef\xe6\x80\xc0\x16\x64\x92\x9f\xe9\xa0\x6f\xa3\x33\x05\x2b\xe1\xd6\xaf\x3a\x0b\x48\x2c\x33\x2e\x18\x05\x1e\x78\xb3\x33\x83\x9d\x6c\xb9\x3d\x93\xeb\xfb\x27\x7e\x42\x68\xfb\xee\xee\xba\x1e\x8f\x96\xa5\xc9\xe3\x28\xc4\x26\x72\x12\xca\xc2\x51\x21\x5b\xfa\xa7\x8f\xd8\x8a\x87\x41\x7a\x80\x60\x2d\xcd\x88\x28\xe8\x04\x00\xda\x30\x4e\x98\x98\x62\xd1\x32\x01\x08\x2d\xe3\x53\x09\x25\xe0\xed\xc2\xc1\x30\xa9\xa4\x19\x07\x1b\x31\x08\x8d\xa6\xf6\xff\x40\x56\x30\x1c\x12\x9f\xc2\x13\x52\x33\x62\x8d\x16\xd8\xbf\x16\x0f\x6c\xe8\x6d\x83\xcd\x4e\x29\xae\x0c\x73\x84\x3d\x70\xb5\x30\x56\xc5\xaf\x3f\x3d\xc5\x61\x27\x1c\xb5\xaf\xf3\x93\xf0\x80\x3a\xde\x07\x2d\x9c\xeb\x74\x5b\x61\x87\xb2\x8d\x24\x69\x67\x67\xd5\xc2\x1f\x4d\x4a\xc5\x8d\x5b\xb6\x6c\x5c\xad\xfe\xfb\x16\x26\xef\x93\xf7\x14\xc7\x82\xb6\xef\x3c\xcf\x4b\x44\xee\x75\xf0\xbb\x75\x7a\x25\xd9\xb4\x6a\x9d\x93\x1a\x03\x72\x7d\x49\x6a\x22\x81\x0c\x63\x4f\x5c\x1a\xe6\x0c\xbd\xf2\xf1\xea\x29\xb5\x46\x07\xcf\xf5\x0d\x9f\x8e\x03\xa0\xa4\x51\x3c\xf6\x8d\xfb\x61\x97\x73\x41\x1b\x61\x80\x95\x9a\x8a\xac\x30\xb2\xee\xe4\xad\x32\x79\x15\xf6\x0a\xe5\x2b\x90\xe0\x4a\x9b\xce\xf8\xdc\x67\xe7\x1e\xa1\x0a\xca\x55\x3d\xb9\x89\x5c\xd8\x00\x84\x57\xd7\x6f\x02\xce\xb5\x35\x00\x21\x11\x09\xe8\x96\x03\xf3\x04\xd8\x80\xaa\xf0\x28\x61\xfe\x37\xc9\x53\x4a\x9d\x67\x2d\x83\x71\x3c\xd3\x26\xc9\xab\x81\xc3\x53\x76\x4c\xa5\xad\x5a\xc0\xe7\xf1\xff\x88\x0f\xb4\x8a\xcd\x9c\xbb\x94\x90\x64\xe2\x11\x83\xbc\x38\xfb\x1d\x90\xcf\xe6\x19\xa8\xb8\xfb\xf5\x32\x18\x89\xbb\x15\xc0\x2a\x53\xe4\xd3\x67\xfc\x66\x88\x77\xb6\x62\x28\x1c\x4a\x2a\xf6\x78\xf8\x6e\x69\x1d\xaa\x8a\xfd\xca\xc1\xb8\x20\x18\x9f\xe5\xc2\x50\x8c\xe3\x6e\xdd\x9c\x6f\x8f\x51\x57\x50\x71\x83\x94\x39\xa0\x03\x35\x2c\x15\x73\xe1\x27\x68\xdd\x6d\xeb\xdf\x1e\xd4\xf9\x4a\xc7\x9d\xf1\xab\x6a\x0b\xc2\x50\x79\xc0\x93\x54\x77\xd9\x14\x99\x88\xec\x3b\x87\x93\xef\xcd\xa8\x59\xac\xc3\x92\xab\x3f\xa9\x94\x93\xd7\xae\x0a\x65\x75\xb6\x95\xa1\xce\x07\x65\x32\x86\x02\x87\xdd\x49\x89\x67\xc4\x6f\x7a\xdd\x49\x49\x4c\x02\xe7\x44\xc4\x02\x80\x19\x57\x82\xe2\x42\x44\x76\x16\x5e\x72\xce\xe2\x36\x42\xe5\x1c\xec\x43\x21\x91\x11\x6a\xec\x59\xb5\x9f\xcf\x0a\x36\x83\xb9\x5f\x76\x07\x60\xa2\x0b\xd6\x74\x54\xd8\xde\x64\x7c\x0f\x9f\xfc\x4f\x90\xf6\xe4\x5a\xc9\x3d\x80\x2f\x33\x82\x99\xef\x28\x0d\x3b\xb7\xa4\xa8\x9d\xb8\xc5\x9a\x12\x52\x6f\x27\x83\x02\x4c\x8a\xde\x90\x02\xf0\x0e\x3d\x52\x9b\x78\xdc\xdd\x49\x03\xda\xf5\x76\x7a\x2b\xed\x75\x14\x53\x96\xef\xb6\x97\x90\x71\x2d\xe6\xa5\x90\x1e\x6d\x8c\x15\x28\x01\x82\x38\x82\x85\x02\x1d\x0e\x70\x92\x92\x15\xd9\xf2\xb7\x99\xbb\x92\xf2\xca\x56\xf4\x8e\x8c\xbb\xa2\xf1\x9b\x08\x58\x45\x12\x65\x67\xcf\xaf\xa6\x03\xc2\x94\x6e\xa1\xe7\xd2\x74\x55\x4a\x38\xbf\x7d\x86\x51\x1f\x3e\x47\x4f\x9f\xa5\xcb\x11\x10\x5f\xb5\x2f\xc6\x81\x77\xf3\x38\x5f\xe1\x39\x7b\xe5\x84\xa7\x00\x89\xdc\x74\x1b\x4b\x00\x95\xbf\x7e\xb2\x99\x3b\x41\x8d\xf8\x7b\x14\xa1\xf9\x79\x26\xe8\x68\xdf\x6e\x56\x8b\xec\xa2\x21\x5f\x2d\xd7\xce\x8a\x3c\x9e\xe8\x49\xcb\x41\x34\x6c\x68\x4f\x7f\xfe\xf0\xa7\x92\xed\xf4\x33\xca\x99\xef\x34\xc7\x3f\x92\x72\xa7\xeb\x97\x58\x7c\x8f\xce\x4a\x51\x36\x44\x47\x37\x13\x8d\x53\xea\xdf\x3a\x84\xf5\x01\xbb\x10\x45\x6e\x8e\x4a\x40\x47\x08\x2c\x9e\x14\x35\xf5\x76\x52\x6c\x21\x64\x71\x4d\x70\xb3\xd0\xa6\xe9\xc0\x8a\x53\xe3\x23\x84\x0f\x4d\xcf\xe8\xf2\xd1\x9f\x0b\xe2\xc8\x8e"},
+{{0x85,0x04,0xfb,0xca,0xab,0xa6,0x76,0x83,0xf8,0x15,0x49,0x92,0x82,0xb6,0xeb,0xd4,0x97,0xa8,0x1a,0x91,0x56,0xf5,0x3e,0x02,0x5c,0x2d,0x3e,0xce,0xe0,0xdb,0x65,0x59,},{0xe6,0x2d,0xa8,0x64,0x93,0xa0,0xca,0xf5,0x29,0x21,0xd5,0x60,0x2f,0xbd,0xc3,0xdd,0x3a,0x84,0x36,0x94,0x1f,0x6b,0xe2,0x40,0xb3,0x15,0x09,0x68,0x12,0x38,0x74,0x6d,},{0xc0,0xea,0x07,0x4b,0xf9,0xad,0xde,0xe2,0xe3,0x35,0x0a,0x96,0x9e,0x7c,0x56,0x9e,0x3a,0xea,0x1a,0x41,0x88,0xee,0x5a,0xf3,0x4c,0xb7,0x3f,0x38,0x82,0x98,0x65,0x3d,0x29,0x9b,0x5d,0xbd,0x94,0x16,0x3f,0xba,0x20,0x9e,0x8f,0x7d,0xc2,0xe2,0x63,0x4d,0x3a,0x52,0xa0,0x28,0x10,0xa8,0x8c,0x61,0x52,0x94,0x5b,0xc1,0x6b,0xbd,0xfb,0x0c,},"\x6c\x63\xed\xbd\x40\xa0\x38\x74\xec\xae\xf8\x16\x02\xcd\x68\x50\xc0\x9f\x49\x15\xb7\xaa\xf4\x18\x25\x8c\x56\x83\x64\x53\x8e\x83\x92\xa8\xc3\x79\x83\x8b\x0c\x95\x34\x5b\xf6\x4c\x3d\xbc\x17\x58\x53\xfb\x64\x1f\x35\x0f\x0b\x53\xa0\x5a\x8e\xc2\x90\x28\x8c\x03\x26\xd4\x35\xff\x77\x6f\x86\x83\xa2\x73\x33\x3f\x9b\xb2\x80\x21\x84\xec\xc5\x3b\x06\xb2\x8c\x2c\x40\x2a\x54\xbf\x13\x4c\x1a\x23\x29\x97\x49\xa6\xce\x2b\x51\xa7\xba\x22\x23\x21\x48\x79\x7e\x99\x3f\xf2\x58\x28\x6e\x94\x77\x78\xa8\x74\x2d\x3f\x36\xcc\x78\x42\x97\x60\x43\xfc\x23\xda\x8a\x97\xec\xb9\x71\x5f\xc0\x5f\xb0\xf2\x3f\xa7\x32\x1d\xdc\x19\x32\x86\x16\x31\x60\x4e\xba\x2e\xf2\x5d\x8b\x75\x6c\xe4\x73\x36\x56\xbf\xd1\xe1\x47\x08\x92\x3a\xc7\xc6\x0a\x79\x84\x61\x36\xd7\x41\x97\x3b\xa5\x51\x41\x89\x72\x0b\xc0\xf7\x77\x4b\x7b\xd3\x57\x45\x95\xbd\xe2\x51\x50\x31\xb2\x5b\x62\x65\x4b\x16\x10\x35\x77\x80\x70\xac\xe1\x49\x71\xdf\x1f\xe0\xbe\x4e\xa1\xef\x55\xcf\x87\x47\xd3\x71\x6c\x1c\xe7\x07\xb1\xa7\xc8\x52\x0e\x6d\xeb\x33\x4e\xb1\x86\x33\x8f\xc9\x30\x00\x76\x8e\xb2\xbe\x40\xc6\xe0\xdc\x3f\x5d\xf8\x31\xb3\x2c\x3a\x2c\x33\xe2\x88\x98\xd6\x76\x2a\x15\x22\xd3\xd4\x8d\xae\xe5\x6a\x02\x69\xbd\xdf\x6c\xfc\x9d\x73\xf8\xd1\x78\xae\xcc\xbf\xfe\xf7\xce\x16\x4f\x98\xaf\xea\x22\x4a\x9b\x60\xed\xe4\x6a\x95\xfa\xdc\x9f\xc5\xd9\x4d\x20\x9c\x16\x6d\x9b\x8d\xe2\x53\x38\x1e\xa2\x24\x88\x62\x94\x6b\x9c\xf5\x34\x94\x74\x55\xc2\x44\x58\xcf\x56\x68\x3a\x0e\xc4\x7a\x2c\x65\x07\x5c\x69\x4c\x7c\x3d\x6a\xdf\x9a\xe5\xe8\xad\x31\xac\x76\x9f\x83\xaa\x26\xe3\x12\xc5\xb0\x1a\x9a\x09\x40\x4b\x15\xb8\x14\xba\xa7\x66\x6b\x3e\x03\xf0\x6a\x8d\x63\x48\xab\x8c\xcb\x9b\x60\xa4\xa4\xfa\xf8\x6f\x71\x35\xdf\x03\x9d\x95\x5c\x07\xbd\x92\xe7\xb8\xe3\x27\xee\x6c\x1b\x40\x19\x6a\x28\xb4\x44\x6a\xa5\xa9\xb2\xb9\x77\x3a\xb7\x6e\x3c\xe2\x11\x80\xf0\x9d\x6c\x08\xd2\x77\xc6\x77\x1d\x67\xe2\x2d\x84\x54\x0f\xa4\x3b\x38\xf6\x34\xcf\xc4\x6e\x5b\x8c\x33\xf1\x5a\x56\x8a\x77\xe4\x91\x4a\xad\x9a\xb8\xc9\xf7\xfe\xa4\x7f\x76\x77\xc0\x18\x80\xb3\xe8\x5d\x2d\x0e\x3f\xbd\x6d\xc6\xe9\x9e\x43\x7d\xdc\x73\x6f\x92\xb5\xa2\xff\x29\x27\xe0\xb4\x42\x14\x2f\x08\x97\xd0\xb8\xa1\x9a\xc2\x03\x63\x3d\xf4\x13\xfe\xaf\x8e\xf5\x0a\x5f\x76\x7b\xed\xaf\x20\xf1\xc1\x3f\x3b\x89\xd1\xe8\xb7\xbd\x18\xd5\x91\xf9\xde\x11\x6e\xe3\x4f\x98\x24\xe4\xea\xd1\xae\x9d\xa2\xe8\xca\xae\xf8\x8b\x29\x51\x6a\xa9\x42\xde\x77\xa7\x46\x7b\x6f\xb2\x6a\x66\x6f\x30\x64\x8c\x71\x5a\x2e\xe9\xf9\x46\x74\x3b\x54\x3a\x44\x28\xe0\xdf\xd0\x61\x78\xe7\xe9\x3e\xc6\xf2\x6e\x00\x3e\x05\x8b\xec\x14\xa4\xaa\x2e\x3b\x8d\xe1\x12\x95\xa7\x64\xca\xb3\x0b\x31\x3f\xcc\x57\x43\xb2\xfb\x89\x96\x2d\xdc\x5c\xdc\x6a\xa0\xd2\xe4\xa3\x06\xe7\x7a\xf7\x6a\x05\xa5\x98\x92\x3f\x62\x8a\x85\xdf\x1c\xc7\x3a\xd3\xbc\x01\xc4\xb9\x79\xbd\x7c\xb2\x96\x59\x0a\x88\xb0\xa4\x1b\x44\x5d\x50\xa0\x84\x23\xe4\xed\x80\xf1\x76\x3c\x71\x6b\x6c\x45\x7d\x84\x5d\xfa\xa6\x8d\x12\xb0\xd0\x3c\x55\xfd\xe8\xae\x6b\x2b\x92\xbc\x63\x22\x94\x3d\xbe\x54\xc7\x06\xbc\x8e\x5f\xce\xe7\x06\x54\xb2\x6f\x3b\xfd\x87\x7f\x5f\x53\x39\xac\x18\x2d\x54\x17\xbd\x4c\x07\x35\xd8\x25\xbf\x70\xe8\x5e\xab\x82\x16\xed\xda\x63\x2a\xe7\xe2\x2b\x3e\x53\xd0\x78\xa8\xb2\x0b\x5a\x7e\x23\x85\x33\x7c\xf9\x2b\x3c\x16\xb0\x23\x56\x3e\x11\xcb\x50\x43\xb7\x04\xd3\x7e\xb5\xed\x9e\x85\xfc\xdc\x95\xcf\x7a\x6e\xad\xe4\x08\x03\x17\x5a\x00\x8e\xf6\x53\xac\x61\x36\xf1\x61\x29\xab\xae\x11\x37\xc5\x82\x34\x00\x74\x8a\x81\x25\x62\x54\xd3\x17\xcf\xc9\x39\xe2\x6e\xa0\xce\xf9\xf6\x54\x8d\xb4\x28\x90\xc4\x8b\xeb\x04\x79\x10\x3b\xa0\x89\xe5\x14\x11\x80\x38\xb1\xb9\x09\x43\xd7\x16\xf7\xa8\xd4\xcd\xa5\x98\x3a\x67\x4b\x83\xa0\x02\xd8\xac\x9c\x65\x73\x4a\x28\xb7\x7b\x76\x0c\x8e\x38\x03\xf8\x78\x1e\xa9\x19\x9f\x79\x7c\xe7\x29\xe0\x6b\xff\xfe\x8c\x29\xb2\x0b\xc8\x52\x27\xc0\x9c\xc0\x52\x19\xff\x2b\xa3\x8e\x18\x05\x10\x83\x73\x2f\x83\xcb\xfc\xcc\x31\x07\x56\x45\x0b\x26\x1d\x5b\xe1\x83\xd9\xfb\x44\xec\x18\x52\x9f\x2c\xc9\x84\x8c\x40\x11\x9c\x60\x76\x76\xbc\x4d\x90\x15\xfd\x4b\xd2\xfc\x91\x8d\xc8\x03\x1e\xc1\x9a\x05\xff\x36\x2c\x18\x40\x43\xbe\x7f\xe0\x66\x01\x9a\xc5"},
+{{0xea,0xc0,0xf0,0x6c,0x2c,0x14,0xf3,0x7d,0x43,0x4b,0xc9,0x98,0x97,0x22,0x5d,0xd2,0xe3,0xf1,0xed,0x74,0xaa,0x74,0x42,0xc5,0x50,0x33,0x9d,0xf7,0x7d,0x0b,0x7b,0x32,},{0x43,0xe6,0x20,0x55,0xdb,0x6e,0x13,0x49,0xc9,0x4d,0x89,0x02,0x91,0x87,0x88,0x20,0x20,0xcb,0xcf,0x9d,0x75,0xe0,0x3e,0xb6,0x56,0xfa,0x0a,0x15,0xb1,0x90,0x02,0xd7,},{0x45,0xf2,0x80,0x3a,0xfe,0xb0,0xfc,0x44,0xd3,0xaa,0x96,0x5b,0x12,0x65,0x9b,0xf5,0x02,0xe4,0x72,0x95,0x70,0x61,0x84,0xb2,0xa1,0xc6,0xf1,0x6d,0x05,0x06,0x13,0xf5,0x96,0xa2,0x00,0x13,0x94,0xe0,0x0e,0x2a,0x44,0xc4,0x6c,0xf6,0x50,0x5d,0x5c,0xf5,0xb8,0xab,0x84,0x12,0xf0,0x7e,0xda,0x95,0x1a,0x15,0x00,0x5e,0x33,0x8f,0x3c,0x0e,},"\x27\xb7\xfd\x0e\x71\xad\xf1\x94\xcf\x54\x07\xb6\x77\x17\x93\x06\x0d\xe0\xfc\xa7\xca\x0a\xe6\x48\x35\xc4\x31\x87\x40\x8a\x70\x4f\x53\x3d\x5e\xa0\xc8\x3a\x65\x43\x87\xba\x7d\xb1\x6e\xd5\x8e\xc8\x37\x22\x6d\xf5\x7c\x1f\xe6\x38\x2c\x59\x19\xe9\x22\x13\xf6\xf1\x8c\xbb\x57\x35\xd1\x78\xa4\x76\xaf\x35\xd3\x90\xb7\xcd\x25\x56\x21\x7c\x53\x0f\x3a\x1f\x8a\xb2\x33\x9c\x1a\x5e\x8d\x96\x93\x87\xef\xd3\x94\x14\xb5\x6b\xb7\x84\xdf\xd5\xeb\x89\xb8\x59\xe1\xf4\x03\xa2\x38\xec\xa2\xa9\x41\xe6\xdb\x56\xac\x45\x6b\x73\x45\x06\x98\xd1\x45\x5e\xc1\xe9\xb3\x9a\x1e\x90\x7d\x6b\xc7\xe6\xcf\xf4\x24\xa2\x8e\xed\x57\x9a\xf1\x63\x10\x11\x5b\x67\xf5\xfc\xf7\xf8\x34\x6b\x3f\xa0\x26\x0c\x6d\xa2\xe2\x77\x55\xac\xa5\x70\xba\xbb\x3d\x30\x3c\xc8\x32\x46\x0c\x96\x3b\xfd\xd5\xc1\xff\xb2\xfc\x19\x92\x19\x29\xdd\xa2\xa7\x17\xfb\xcb\xeb\x2b\x85\x25\x76\x1b\xd6\x60\xce\x4a\x0f\x76\x85\x28\x5d\x7f\xad\x61\x15\xab\x09\xf8\xe6\x3f\x5f\x77\x39\x14\x49\x4e\x20\xbe\x1b\x51\x2d\x11\x14\xcc\xe3\xf0\xf6\x8c\x7d\x94\xf5\x48\x57\x69\x4f\x22\xaf\x4c\x69\x8d\x78\x2c\xe8\x37\xb0\xc1\x72\x2b\xb7\x31\x3b\xb2\xc4\x1f\x6d\x3d\xd1\xa0\x28\x77\xfb\x42\x96\xd8\x66\x2a\x9e\x86\x25\x98\x4d\xc1\xfd\x1a\x95\x10\xeb\xa9\xd6\x43\xac\x58\xa8\x86\xa0\x45\xcd\x0e\x53\xc0\x56\xa8\x33\xf9\x68\xb3\x5d\x01\x32\x0e\x9c\xc0\xb4\x35\xd3\xf6\xbf\xad\x26\xf9\xeb\x57\x54\xd3\x8d\xdf\x6d\x5c\x4b\xf6\x15\xa7\x64\x4a\x23\xf9\x82\x6b\xcc\x97\x60\x92\xd8\x2d\x81\xd5\x47\x00\x0d\xe0\x08\x1b\x7a\x40\xa9\x3f\xbd\xda\xc1\x3f\x7d\x99\x70\x8c\xcd\xee\xb9\x40\x5c\xd6\x34\xca\x07\x48\xca\xd2\xc1\xd8\xf1\x64\xf5\xd7\x7a\x4f\x36\x4a\xe4\x88\xbe\xdc\xf1\xf2\x0e\xb9\x54\xbc\x8a\x27\x8a\xf8\x14\x32\x41\x78\x56\xa9\x00\xf8\xf1\x52\x92\x1a\xfb\xe1\x79\x14\x22\x9a\x51\x3b\xd7\x1a\xb7\xe6\x61\xcd\xe1\x29\xaf\x93\xe2\x50\x94\xc5\x61\x18\xed\x1f\x22\xdb\x64\x44\x28\xb4\x74\x65\x1f\xe3\x6b\xe8\x2f\xa3\x69\x5c\x41\xfc\x86\x99\x66\x7e\x05\x37\x43\xb0\xa4\x11\x55\xc3\x1f\x1e\x26\x79\xc6\xe8\xcb\x9c\x9d\x1f\x5f\x4b\x40\xa3\x20\xa9\xfd\x9f\x47\xda\x9b\x94\x21\x1b\xa6\x01\xb2\x2a\x11\x52\x10\xd9\xf5\x59\xc4\x49\x6f\x01\x73\x24\x58\xf4\x9a\xc3\x4e\xb3\x86\x63\x6c\x8b\x6c\x68\xc7\xbb\xc0\x07\x8a\xb6\xf3\x98\xa6\x24\xb8\xba\xfb\x1c\x62\x29\x58\x56\x2d\x23\x1d\xff\xd4\xdb\x09\x61\x96\xbb\x87\x47\x9e\x42\xea\x22\xac\xbd\xcd\xe8\xde\xb1\x0e\x31\x16\x32\xf0\x2f\xca\x14\x78\x7f\xd3\x14\x05\x69\xb9\x42\x89\x91\x54\x3e\xc6\xe8\x34\xe1\x0b\x14\x9f\x23\xc7\x4b\xb9\x9a\xc7\xb3\x79\x9a\x20\x96\xd2\x2e\x38\x7a\x71\x2b\x6f\x90\x11\xea\x34\xc5\xbe\x4c\x46\x85\x81\xac\x62\xce\x66\x20\x63\x25\x2e\x06\x6a\x9a\x3b\x15\xc9\x57\x0d\x06\x5d\xc1\x61\x99\x29\xf0\x6b\xc7\x5a\x31\x79\x46\x8b\xc8\xa1\x6e\x3d\xdc\x4f\xe1\x85\xce\xba\x0a\x92\xa5\x46\xb8\x67\x5f\xc1\xad\xe5\x63\x07\x15\x0c\x7e\x4c\x84\x4f\x6a\xa5\xf1\xed\xbf\xb5\x4a\xc6\x32\xca\x2b\x25\x9c\x32\xa3\x3e\xe2\x86\x78\x56\xc3\x39\x0a\x67\x40\x36\x4c\xb0\xdf\xb9\x76\xe5\x3d\x0c\xc6\xc4\x2a\x10\x6a\x1c\x26\x91\x8c\x8a\x6a\x03\x3b\x2a\xa3\xc7\xf2\xe4\x39\x2e\x79\xf8\xec\xa5\xb3\x36\xba\xc5\x06\x1d\x76\x98\xa3\xbf\xe7\xc2\xc2\x92\x89\x25\x54\x03\x0d\xe6\xce\x7c\x0d\x06\xee\xfc\x54\x90\x6f\x81\xe0\x09\x7f\xcf\xf2\x7d\x14\xb9\xb7\x99\x4a\x79\x70\xe1\xa5\xf5\xc6\xb6\x40\x5d\xca\x22\x03\x3d\xff\x0e\xae\x13\x8a\xd8\x99\xf6\xee\x68\x12\x0b\x8f\x22\x74\x4b\x02\x69\xa9\xa8\x98\x9b\x6f\x7e\x08\xaf\xfa\xe7\x7b\xca\x21\x68\xad\xe2\x40\x58\xae\x68\xa7\xf8\x00\xe0\x2e\x7c\x38\x39\x1b\xaf\x56\x5d\xd4\x0b\x55\xfa\x3a\xb3\xc2\x47\xb9\xce\xb4\xd9\x67\x47\x17\x75\xe6\x63\xd6\xa1\xc6\xc7\xe1\x73\x50\xbb\xd6\xb9\xa3\xeb\x1e\x48\x4a\xc2\xe7\xa7\xa5\xc8\x4f\x50\x83\xe5\xac\xe8\x73\x0d\xe8\x9c\x47\xe8\xdc\xf8\x34\x1e\x40\xba\x34\x5d\xbd\x66\xba\xe0\xf7\xf0\x76\xa7\x05\xb1\xbb\x7f\x47\x0e\x3e\xdf\xb2\xb7\x8e\x4d\x63\x59\x41\x3d\x18\xd3\x32\x80\xb4\x54\xa0\xdb\xb8\x81\xd8\x60\x67\x26\xfa\x9b\xea\x27\x24\x75\xe7\x9f\xea\x6a\x54\xcb\x4c\x06\x19\x54\x1b\x4e\x77\xc1\x70\xc8\x61\x68\x74\xb9\x54\xbe\xb8\xd1\x05\xb8\x6b\xd1\x91\x7e\x25\xcf\xba\x92\x67\x18\x7e\xe2\x03\x8b\x3f\x00\x78\xf4\xc3\x18\xb5\x87\xcf\x44"},
+{{0xe6,0x08,0xd5,0xde,0x97,0x97,0x90,0x7d,0xb6,0xd9,0x8e,0x03,0x45,0xd5,0xca,0xf2,0xad,0x33,0xe0,0xed,0xde,0xbf,0x18,0xb8,0x1d,0x61,0xe8,0x37,0x3e,0xcf,0xb4,0x99,},{0x60,0xe0,0xc1,0x6a,0xda,0x58,0x6e,0x36,0x46,0x91,0x2a,0x5f,0x2b,0xb3,0x18,0xfb,0xc3,0xd5,0x0b,0x57,0xd3,0x6f,0xab,0xb6,0x37,0x69,0x6f,0x9d,0x8d,0x4d,0xc7,0x61,},{0x0d,0x8f,0x09,0x5e,0x42,0xa2,0x73,0x0a,0x3c,0x7b,0xed,0xf4,0x2d,0x5c,0x83,0x39,0x8b,0x5c,0x0e,0xe9,0xc7,0x7c,0x5a,0x61,0xd9,0x82,0x29,0x13,0x96,0xa9,0x18,0x2a,0x08,0x02,0xa3,0x7f,0x32,0x4b,0xc4,0xfb,0x5d,0x4a,0xa4,0xed,0x60,0x44,0x4b,0x66,0x14,0x4b,0xac,0xbc,0x86,0x51,0x05,0xd7,0x69,0x0f,0x14,0x06,0x50,0x69,0x1d,0x03,},"\xe6\x10\xfa\x7d\x83\x85\xc0\x9c\x78\x98\x9e\xd5\xef\x7a\x23\x05\x47\xf0\x13\xcb\x7e\x8d\xdf\x31\x74\x9f\xfc\x31\xce\xe1\x0a\xb3\xef\xac\xa3\xf1\x4e\xa1\x94\x51\x0f\x09\x85\xa8\x18\xef\x8b\x04\x0e\x10\xc3\xa5\x11\x4d\xe1\xac\x08\x0f\x14\xc3\xd6\x5d\x3c\x24\x4f\x92\x42\xf7\x54\x92\xca\xba\xe8\x00\xfc\xfc\x9b\xc2\x75\xea\x1f\x27\x72\x8c\x92\x0c\x25\x8f\xe7\xaa\x73\x94\x80\x60\x29\x9c\xb8\x78\x35\x79\x2e\xdc\xc0\x72\x15\x0b\x73\xce\xfe\xb0\xd5\x15\x62\xe5\x3b\x46\x81\x0e\x27\xa4\xd7\xf6\xab\xd3\x2e\x95\x9f\x7d\x73\x1d\xde\x01\xd9\x4b\xc4\x1e\xd8\x35\xef\xcd\x42\xc9\x22\x43\x70\x37\xa8\x7d\xd3\x66\xff\xad\x2e\xec\xab\x6a\xba\xeb\x4f\xcf\x07\x39\x2b\x3a\xb4\x0c\xfa\xef\xea\xa4\x26\x6b\xc5\x37\x67\x16\x93\xc9\x09\x3d\xab\xe8\xa0\x53\x8c\xaf\xd1\x2c\x63\x9a\x04\xbd\x2b\xa8\x0c\xe0\xf2\x9a\xdb\xfc\x66\xbd\x46\x37\xca\x05\x43\xa5\x3b\x0e\x37\x1d\x0e\x2e\x47\x0d\x31\xba\x36\x06\x42\xa4\x5a\xb4\xcf\xe3\xe7\x90\xf5\x87\xf6\xc5\xa5\x58\x3f\xd1\x5b\x18\x99\x78\x38\xa2\x00\x92\x1c\x1c\x39\x9c\x0b\x16\x27\x8b\x7d\xd6\xd3\xaa\xab\x6f\x32\x5b\x16\xaf\xdf\x76\x1a\x1b\xbf\x86\x7d\xe2\xbd\xd4\x86\x15\xf1\x5b\x52\x67\x70\xed\x20\xd7\x9f\x0f\x30\x71\x4b\xee\xed\xa5\x8f\x52\xa3\xcc\x0c\x5a\x61\x83\x15\xe5\x22\xb9\xeb\xe7\xcd\x99\xb6\x5e\xd5\x32\xa6\x2e\x0f\x0d\xf7\x27\x64\xd6\xec\x6d\x6d\x1b\xa4\x0e\xf4\x0e\x05\x42\x63\x60\x79\x5d\x6d\xd8\x5b\xb3\x9f\x73\x21\xd3\xfb\x06\x27\x5d\xe0\x96\xaa\xe4\xa2\xfa\x22\x93\xf3\x1b\x33\xf4\xad\x4d\x7c\x25\x1a\xc1\x3e\x8e\x15\xc2\xbf\xb1\xf9\x8f\x49\x62\xc5\x4b\x6c\xe0\x33\xb0\x8a\xa6\x26\xf2\x90\x5d\x46\x3f\x55\xb7\x1c\xbd\xad\xec\xdb\x3e\x0b\x36\x5d\xae\x07\xb1\x70\x30\x19\x83\xae\xb8\x3b\x1e\x9f\x2f\x28\xcf\x65\x41\x9f\xd6\xb0\xa1\xa9\xc2\x6c\xb5\x4b\x59\x49\xf4\xbc\x01\xa9\x86\x81\x84\x4b\x43\x03\x4c\x37\x2a\x45\x3d\x38\xf0\x47\x3d\x0d\xdc\x70\x9d\x9f\x49\xc8\x75\x3a\x75\xb8\x56\xc7\xe9\x77\x55\x17\xdf\x57\x4a\x09\xa3\x95\x3b\xde\x5d\xae\xdf\x8e\x4a\x8d\xa9\xd7\x73\xa2\x15\x12\x0e\x26\x9f\xa1\x86\x11\x33\xcd\x4c\xea\xeb\x91\xd5\xcc\xa2\x60\x63\x25\x45\x8e\x50\xcb\x96\x6d\x14\x05\x5b\x22\x44\x7e\xb6\x5d\xc1\x01\x18\xda\x08\x31\xdf\x28\xc3\xb4\xee\x8b\x11\xf0\x73\x2f\x15\x21\xbb\x94\x82\xb1\x1f\x5a\x86\xb2\x2f\x18\xe8\x3d\xd1\xd9\x67\xd3\x94\x42\x85\xe5\xd6\x3a\x5a\x98\x98\x17\xab\x24\x18\xbc\x7e\xd8\x91\xa3\x73\x84\x67\x47\xa1\x2b\x52\x7c\x2f\x44\xee\x01\x97\xb9\x46\xc6\x7e\x67\xfa\x4a\xa1\xc2\x9f\x33\x79\xd4\x6f\xe0\x7d\x3a\xab\x83\xda\x17\xf9\xd7\x6b\xed\xd3\x84\x36\xa0\x55\xe3\x4c\xa1\xd3\xaf\x5a\x87\x54\xd3\x8c\x17\xb9\xba\x4e\x64\x19\xcb\xab\x51\x5f\x43\x1a\x25\x95\x95\x4e\x42\x8c\x26\x70\xfa\xe3\xbe\xd6\x2b\x45\x96\x17\x9c\xb5\x9e\x21\x10\x87\x08\xd0\x71\xbc\xf9\xc6\x21\xc6\xdf\xf0\x3d\x3c\xdc\x92\x02\x02\x94\x54\x01\x3b\x9d\x13\x38\x47\xf2\x65\x44\x81\x1c\x01\x69\x77\x0f\xdc\x6f\xe5\x63\x8b\xfd\x7a\x72\x0d\x8b\x38\xf7\xe3\x0a\x7e\x68\x79\x06\x0b\x5f\x28\xc8\xab\x17\xb0\x02\x00\x71\x32\x07\xe8\x63\x7b\xff\x48\x44\xd8\x42\xd9\xca\x78\x83\x91\x34\x01\x98\xa3\xfe\x01\x72\xdf\xa7\x4d\xe1\xe5\x5a\xde\xfb\xc2\xe9\xbc\x7e\x88\x54\x76\xd1\xb9\xc0\x55\x81\x34\x08\xa4\x75\x28\x43\x43\x55\xbf\x03\xfd\xd4\xe2\x7d\x8b\x34\x61\xb0\xfb\x66\xab\x3e\x15\xa8\x79\xa1\x84\x45\x7e\x9e\xd9\xea\x6c\x51\xb6\x63\xb3\x1e\xdc\x8c\x4a\x3c\xd4\x54\xf6\x9d\x9c\xe5\x18\xd1\xb8\x78\x88\xee\x3d\x9d\xd5\x41\x6e\x43\xe1\x14\xac\x05\x72\x13\x52\xdf\xfc\x2c\xa8\x85\x97\x37\x7b\xbc\x41\x40\x09\xb0\xc2\xfd\x36\x9b\xe5\xba\x35\xa6\xdc\xe3\x47\x8b\x6c\x11\xb3\x3c\x0a\x33\x91\x8b\x6e\xe5\xac\x4c\xd4\xc2\xf1\xca\x6b\xd1\x90\xa0\x00\xa8\x38\xda\x38\xf5\x30\x77\x56\x03\x35\x59\x6d\x13\x58\x93\x77\x93\x96\x38\x10\xa7\x9a\x21\xb8\xd4\x61\x40\xe7\x68\x89\x8d\xcd\xa8\x8a\x0f\xaf\x8d\xdd\x0d\x63\x38\x47\xaa\xea\x0e\x03\x0b\xe6\x45\x5b\x41\xe3\xed\xe1\xe2\x87\x37\x30\xeb\x84\x81\xac\xaa\x7a\x51\x9c\xf9\x19\x58\x47\xa8\x6a\xfa\x57\xf9\x07\x1d\x44\xf4\xaf\x4c\xa0\xd3\x43\xc9\x0c\x0d\x22\xd9\x46\x14\x65\x85\xf0\x0e\xf3\xae\xf5\x7f\x0f\x9e\x55\xe8\x18\xc0\x12\x8a\xe2\x55\xdb\xc3\x11\x6c\xf0\xfe\x02\x16\x6d\x54\x85\x9d\xec\xbf\xdc\xcc"},
+{{0x0e,0x86,0x87,0x2c,0x78,0x62,0x0f,0x10,0xcb,0x6d,0xfc,0x46,0x3d,0x2c,0x28,0x72,0xc4,0xda,0x66,0x07,0x48,0xc9,0xcd,0xa0,0x1a,0xb1,0x45,0x69,0x58,0xaf,0xba,0x7f,},{0xde,0x49,0x89,0x98,0x92,0x69,0xca,0xbd,0x8f,0x4f,0x40,0x9c,0xf1,0xa4,0xd9,0x74,0x03,0x8b,0x27,0x55,0x02,0x27,0x35,0x57,0xf3,0x12,0xd5,0x55,0x3f,0xab,0x93,0xc3,},{0x20,0x37,0xe9,0x77,0x41,0xc3,0xe6,0x40,0x9c,0x66,0xfc,0x67,0x82,0xaa,0xb3,0x89,0xc5,0xd7,0x78,0x09,0x7a,0xc7,0x78,0x99,0x9e,0x85,0x76,0xe4,0x9e,0xf4,0xf6,0xa0,0xc7,0x73,0x0b,0xd9,0xe0,0x93,0xdd,0x3c,0x0a,0xe7,0xec,0x76,0x20,0x33,0x80,0xda,0x65,0x71,0x47,0xd3,0x3a,0x8d,0x9d,0xd6,0x5e,0xd0,0x0c,0xf7,0x62,0x24,0xd6,0x01,},"\xa9\x00\xf3\xe9\xc6\x43\xa5\x64\x9b\x07\x6f\xb6\x9c\x3b\x2a\xc0\x84\xd5\x2c\xcb\xaf\xcd\xca\x5a\x9d\xb1\xda\xa7\x05\x00\xde\x99\x33\xd2\x3d\x15\x3f\x74\x95\x4e\x1b\xd5\xf5\x7b\x89\x9f\xe8\xa4\xb1\x34\xc1\x95\x41\x2b\x49\x83\x3b\x6e\x50\x95\xa6\x55\x4e\xaa\x6d\x84\x4b\x11\xf1\x58\x4c\x85\x05\x5b\x87\xf4\x1c\x99\x96\x69\x04\x6c\x71\xae\xb5\xc0\x45\x3f\xd6\xa3\xc4\x37\xf8\x15\xf0\x68\x98\x7c\x38\x68\xcc\x07\xaa\x2a\xf6\x58\x19\x04\x6c\x30\x7b\xaf\xb7\x53\x0d\xe8\x4f\x71\x30\xae\xa7\x8e\xf0\x05\xd5\xff\xf5\x2f\x8d\xea\xf1\xd5\xe9\xc3\x26\xd3\x21\x7f\xc5\x5b\x94\xf6\x28\xaa\x10\x4f\x6a\x24\xa3\x95\xe6\x2d\x1b\x62\xbd\x9c\x0d\x82\x43\x63\x19\xc5\xd7\x3e\x57\x65\x43\x5f\x3b\xa8\x56\xa4\x73\x4f\xd6\x0a\xe6\x17\xf7\xf0\xc3\xba\x57\x22\xa7\x33\x66\xc8\x8a\x6d\xfe\xca\x85\xc4\x44\x63\x9f\x44\x1f\x2c\x55\xfd\xc4\x64\xec\xb2\x99\xee\xe3\x6d\x8e\xae\x06\x3b\xb9\x4b\xb2\x43\x9d\xa0\x4f\xa5\xeb\xc5\x09\x23\x38\xa5\x03\x5e\x48\x0f\x08\x34\xae\xee\x8d\x71\x1f\x28\xc4\x6d\xc9\x60\xde\x1b\xe9\xdf\x30\x7c\x18\xc5\xc1\x78\xb2\x62\x96\xdc\x56\x7f\x15\xbf\x60\x86\x3a\x36\x71\x08\x67\xe9\x2f\xd5\x10\x48\x86\x56\x74\xc2\xaf\x0c\x53\xb2\xe7\xa2\x48\xae\x5b\xd0\x9a\x49\xaa\x03\x06\x18\x49\x5f\x82\x48\x0c\x42\x0a\xe1\x06\x88\x9b\xec\x00\x62\x78\xb9\x22\x72\x07\x57\x09\xfe\xc9\x54\x87\xcf\xb1\x00\x61\xe6\x72\x2b\x93\xee\xbf\xc0\xbc\x58\x7b\xf7\xba\x5f\x66\x92\xb0\x74\xf5\x5a\x98\xd5\xc3\x02\x76\x0b\x1b\xf1\xd0\x9f\x7e\x86\x68\x47\x9c\xa6\xf0\x1e\xed\xa2\xfd\xaf\x58\x4a\xc2\x05\x8f\xbf\x7c\xf3\x10\x0d\x06\xb8\x09\x1b\xfe\xab\x51\xc0\xc0\xb1\xd4\xee\x3a\x82\x57\xf6\x9b\x16\x17\x60\x4f\xce\x95\x3b\xb5\xf7\xf2\x71\xc6\xa1\x88\x0e\xa1\xb3\xf6\x62\x67\xe2\x43\x9f\x34\x58\x06\x28\x91\x78\x77\xc6\x6e\xc0\xfe\xd7\x6e\x44\xe8\xbb\x2b\x91\xa8\x80\x6d\xf4\xba\xca\x6c\xc9\x28\x89\xb8\x80\x50\x70\xc9\xa6\x17\xf8\x07\x15\x75\x30\x75\x1c\xc1\x7c\x47\xb0\x9e\xeb\xa9\x4d\x22\xb4\xe5\x47\xc3\x70\xce\x7a\x49\x6f\xca\xa3\x41\x2a\xff\xff\xb8\xc9\xb4\xde\x89\xb9\xf1\x21\xaa\xec\x5f\x54\x4b\x0c\x72\x5e\xc5\xee\x9d\x4b\x34\x76\xad\xc9\xd0\x50\xed\xb0\xfd\xba\xf0\x2c\xa9\xe3\x8a\xf1\x5f\x51\x50\x15\xa2\x67\x29\x2e\xc9\xaa\x54\x44\xed\x1d\xec\xd9\xcd\x9e\x1e\xad\x64\x87\xa0\xcc\xef\x99\x5b\x1c\x60\x0a\x03\x69\x35\x83\x86\x60\xac\xab\x27\x6d\x8b\x0e\x5b\x07\xd9\xf3\x63\x53\x21\x4b\xf8\x0f\x94\x1a\xc8\x8c\xf4\x0a\x08\xaf\x91\x79\x26\x23\x41\x12\xec\xcd\xaa\x16\x2d\xc9\x9d\xe3\xe2\x5b\xaf\xf6\x5b\xb0\x1e\x49\x89\x89\x86\x33\x2b\xdc\x2d\x70\x5d\x5a\xea\x40\xf9\xbc\x4f\xbb\x28\x06\x89\x44\x96\x03\x8d\xa2\x36\xe9\xdc\x29\x60\x0c\x9c\xed\xea\xc3\xb6\x16\xcc\x56\xd8\x9e\xc2\xfa\x67\x38\x96\x66\xc6\xc4\xfe\x23\x3b\x63\x91\x05\x02\x3e\x10\x1b\x87\x4a\x63\x30\xfe\x57\x3f\x80\xac\xe5\x5d\x03\x7c\xc6\x12\xe6\xdf\xd5\xa6\xe6\x86\xf9\xa8\x30\x54\xfc\x46\xe1\x5b\xb6\xda\x45\x3d\x81\x0c\xf1\x38\xa1\x78\xbf\x03\x9d\x1e\x18\x16\x14\xff\x40\xcb\xe6\xbb\x3b\x47\x36\x63\x75\x2e\xa8\x02\x5f\xf7\xf7\x39\xee\x4b\x67\x11\x0f\x96\x80\x89\xb2\x47\x3c\xd0\x44\xd4\x8b\x00\x9d\x06\x77\xf7\x91\xf5\x4e\x2d\xf6\xaf\xdc\x3a\xcb\x9e\x99\xdd\x69\x58\xa4\x50\xc0\xe1\xb6\xdd\x5e\x97\xa2\xcc\x46\x29\x8b\x4f\x48\xac\x6a\xda\xf0\x13\xd7\x5b\x2c\x42\x07\x2d\x2e\xe1\x3f\x73\x36\x87\xee\x83\xc3\xf7\x0c\x4f\xdd\x97\x20\xfd\x17\x98\xc6\x62\xfe\xf3\xba\x01\x2b\xed\xd4\x45\xc4\x72\x9f\x21\x30\x48\x4f\xe7\x7a\xc1\xb4\xc4\xdd\xeb\x81\xfa\xf6\x0f\x76\xe3\xbd\x7d\x21\xa9\xa6\xc5\x7a\x69\xa9\xcd\x9c\xc2\x03\xfc\x63\xb5\x9e\xe8\x4b\x89\x15\xb3\xc1\x8a\x59\x54\xe2\x27\xc8\x6e\xbb\xb7\xd4\xc4\xc1\xa0\x8d\x0c\x5e\x46\x7c\x68\xa0\x69\x70\x75\x1e\xf5\x84\xbd\xd6\x11\xe1\xdd\x1b\x48\x90\x0a\xb3\x54\xb9\x9c\xec\x6e\x1d\xf3\xbd\x41\x46\xea\x07\x55\x35\x0d\xc1\x1c\x3a\x3f\x60\x0d\x47\x0a\x74\xf4\x75\xe4\xfe\xed\xaf\x08\x65\x27\x6f\xa8\xa9\x77\x13\x47\x1d\x0c\xa9\x95\x5c\x71\x35\x88\x33\x9d\xee\x79\x65\x6e\x56\x7e\x6a\xb1\xdb\xf9\x83\x07\x03\x81\x7a\xe6\x20\x92\x9a\x06\x84\xa5\xca\xf2\x0f\xef\x81\xa8\xee\x89\x7b\xe7\xe5\x05\xad\xe6\x49\x6b\x9a\xef\x02\x72\xbd\x8f\x35\x08\x60\x23\x3b\x33\x8c\x2e\x36\xd3\x13\x8d\xb6\x95\x38"},
+{{0x52,0x03,0x54,0xd8,0x5a,0x87,0xd7,0xc2,0x2c,0xa6,0xf7,0x84,0x71,0x44,0x10,0xec,0x98,0xbf,0x6a,0x65,0xf8,0x03,0xef,0x93,0x79,0xbd,0xc8,0x04,0x35,0x9b,0x23,0x49,},{0xd8,0x51,0x1c,0xea,0xc2,0xfd,0x66,0x1a,0xcb,0xff,0xb0,0x1b,0xa2,0x74,0x1c,0xad,0x88,0x99,0x34,0xde,0x63,0x92,0x96,0x1b,0xde,0xc6,0xfa,0x46,0x12,0x3b,0x7f,0x0f,},{0x75,0x4e,0x60,0xd3,0xf6,0xf4,0xab,0x4f,0x5d,0x0d,0xdb,0xb0,0x01,0x53,0x20,0x09,0x16,0x63,0x88,0x48,0x7f,0x78,0x0b,0x76,0xf6,0x0b,0xd0,0xbc,0x9f,0xef,0xab,0xfa,0xab,0x6b,0xe2,0xae,0x78,0x69,0x57,0x3a,0x64,0x79,0x6e,0xf2,0x84,0x6e,0x85,0xe5,0xcd,0xae,0x52,0xdb,0x10,0x44,0xfe,0xfa,0x79,0x6b,0xac,0xf4,0x8b,0x96,0x8b,0x0d,},"\xa1\xd4\xad\x48\x6e\xbb\x7c\x1a\x0a\xcb\x8f\x11\x70\x13\xe8\xe4\x74\x67\x89\xc6\x24\x4a\x56\xc9\xed\xfb\xf1\xef\x37\xac\x13\x09\xaa\xf5\x1c\x93\x75\xfc\x12\xca\xcd\x68\x97\xa4\x47\x95\x45\xf2\xbf\x39\x0a\xb7\xc0\xc0\xe5\xc5\x92\xf5\x50\x6e\x99\x38\x37\x8a\x11\xb6\x36\xbf\x85\x70\x29\xb9\x68\x54\x7a\xa5\x06\xc4\xa0\x82\x9a\x15\xfd\x39\x95\xfe\xad\x4f\x86\x0f\xd7\xc6\x23\xc6\x3e\x86\x95\x43\x6e\xae\x55\x81\x64\x14\x77\x83\x47\x09\x2f\x5f\x4d\x42\x2b\xb1\xb5\xe5\xa0\x69\x66\x24\x1e\xfe\xc1\x4f\x1e\x4f\xca\x06\x63\x91\x14\x71\x8c\x30\xeb\xca\xdd\x4c\x6d\x8a\xbe\x7f\xe9\x3b\x25\xd1\x71\x73\x53\x39\x54\x18\x8b\x1a\xb0\x3f\xcb\x77\x92\xcb\x63\x5c\xe3\x6e\x9b\xdb\xdd\xe7\xa5\x61\xc5\xf6\x69\x20\xd9\x10\xcb\x26\x9c\x8c\x1c\x3f\x59\x32\x65\x09\x00\x72\xc4\x89\x32\xe6\x92\xa9\xc7\x38\xc7\x04\x89\x74\x89\xa7\x15\xc2\xb3\x94\xd5\xa8\x6f\x70\x36\xa4\xca\xc5\xdc\xb5\xb8\x5c\xfa\x16\x21\x56\xe0\xbc\x6b\xfe\x02\xfb\x4c\x38\x60\x8c\xfb\x23\xc9\x2b\x8b\x6a\x3c\xb4\x6e\x48\x7d\x60\xe0\xdc\x97\xaa\x2e\x33\xe3\xda\xda\x92\x5e\x4e\x66\x12\xcc\x5a\xf1\x25\xe5\xac\xa4\x58\x17\xa2\xfd\x6c\x3f\xf1\x0b\x18\x93\x8b\x44\xbd\x4d\xd2\x0d\x7f\xcc\xf7\xf2\x6b\x40\xa6\x6f\x48\xaa\xff\xc9\xa5\x41\xe6\xd3\x71\x38\xfc\x55\x46\x98\x68\xe2\xd1\x03\x65\xef\xf3\x7f\xac\x36\x0f\xab\x3d\xc5\x54\x37\xac\x2d\x8f\xea\x74\x74\x40\x5f\xb3\x63\x0f\x79\x63\xd2\xd4\x59\x58\xf9\x09\xd1\x48\x30\x28\x6f\xf1\x52\xaa\x75\x2f\x51\x0c\xe9\x80\xbd\x57\x54\xe3\xfa\x32\xc6\x99\x24\xdd\x95\xd5\xc1\x52\xa7\x37\xa8\xfa\xdc\xfd\x0a\x45\x60\xe0\xb1\x14\xf8\xe8\xaa\xa6\x18\xd4\x38\xb9\x87\x71\x11\xda\x17\x40\xef\x81\x7c\x44\x19\x39\xec\xec\x79\x9b\xa1\x6b\x1b\x17\x1c\xa9\xb6\x49\xb7\xd7\x8f\xa0\x52\xd1\x49\x7a\x50\x76\x88\xbe\xde\x49\x00\xab\xc5\x3a\x96\x48\xda\x59\x17\x03\x5c\xef\xfe\x0d\xa2\x1c\x25\xc0\x9b\x06\xd6\x18\x5b\xdd\xa2\xd7\x78\xf7\xed\xe6\x15\x3e\x3e\xaf\xf4\x95\xc9\x79\x6d\x4d\x16\x6d\x2d\x2e\xa4\x18\xe4\xa4\xaa\x6e\x67\x8f\xaf\x06\x96\xe7\x52\xa0\x9e\x02\xea\xad\xe7\x63\x07\x0e\x08\x8e\x99\x64\x91\x9f\xf4\xaa\x4c\x82\xf8\x62\x9a\x3d\x5c\x79\x7c\x2a\x64\x59\x4d\x20\x68\x35\xda\x0b\xfa\x43\xcc\xd9\xdd\xfc\xdb\x6a\xac\x4d\x48\x6e\x03\xc8\x41\x22\x37\x59\x39\xa5\x27\x0b\xc1\x51\x9e\x07\x07\xe5\x1c\x3f\x46\xf1\xe5\xc5\x66\xb3\x3a\x24\x5f\xa0\xc2\x02\x83\x84\x72\x36\x3d\xe9\xf0\xed\xde\x2e\x79\x1d\x82\x29\x30\x95\xf7\x50\xbf\xf5\x45\xe6\xc3\x47\x39\xdc\xc5\x4d\xb0\xa3\x6a\xe2\xe2\xaa\x39\xb0\x7c\xb4\xf6\xa9\x64\x62\x40\xd2\xd3\x14\x88\xf6\x78\x15\xb2\x95\x45\xd2\x20\xbe\x92\x9e\x33\x39\xf8\x28\x1a\x93\x7e\x05\xa8\xc5\xc3\x88\x7e\x06\x04\x8e\xa7\xb1\x8a\x48\xf8\xd9\x1b\x1e\x3a\xf5\xca\xb5\xce\xda\x0e\xbd\x71\xbf\x54\xed\xec\x20\x3d\x37\x16\x5e\x4c\x9f\x9f\x80\x46\x1c\xd2\x9f\xcd\x99\xdd\xea\x43\x96\x93\x94\x1b\x5d\x53\xff\x94\x37\x9c\xf6\x42\x57\x1d\xd5\x59\xa1\x1f\x8f\x38\x3d\x94\x3f\x22\x55\xcf\x71\x58\x00\xaf\x77\x6b\x10\x45\xbf\x19\xa9\xc9\xbb\x09\x51\x55\xdf\xb6\x46\xb6\x5f\x4a\x28\x0f\x2a\x97\xef\x92\x7d\xda\xbe\x24\xa2\xf9\x71\xa8\x17\x0d\xd4\x2a\x08\x92\x76\x82\x5c\xb9\x14\x8c\x01\x5a\xae\x1e\x9d\xad\xf2\x2c\x10\xe7\x54\x8c\x59\xbf\x6b\x86\x8b\x20\xe8\x6c\x83\xa9\xe7\x34\x3a\xec\x27\x54\xee\x62\x25\xf9\xfd\xce\xaf\x8e\x51\xc4\x0e\x95\x5b\xda\x49\xc3\x5d\xed\x38\xfa\x8b\xcc\x1e\x6c\x8f\xc9\xc2\x41\x2e\x91\x04\xc5\xc2\x36\x8b\x1f\x99\x23\xe0\x10\xfa\x2e\xde\x91\x1d\x42\xb1\x39\xf4\x00\x7e\x34\x26\x92\x2f\xfb\x61\x58\xec\xa9\x7b\x47\xcf\xc9\x97\x85\x35\x12\xbb\x9d\x4c\xa2\xf0\x17\xc2\xc2\x63\xdc\x19\x9f\x3b\xf1\xeb\x4f\x15\x08\xef\x82\x8b\x0e\x00\xdb\x21\x00\x27\x36\xa7\xf2\x2e\xc9\x12\x98\x19\x45\x83\x13\x9a\xd7\x5f\x58\xe2\x1b\x51\x8d\xaa\x49\xa4\x07\x6c\x63\x75\xfa\xa6\x08\x91\xa6\x9e\x52\xa6\x56\x69\x9d\x80\x34\xa7\xab\x7f\xcb\xe4\x21\x75\x49\x14\x41\xfe\x61\xb1\x78\x3e\x83\x78\x57\x52\x22\x15\xa5\xfa\xc5\x59\x0b\xed\x2e\x9d\x20\x66\x06\x09\x6d\x3b\xe8\xee\x92\x87\x3b\xfc\x30\xca\xb1\x5c\xe9\xf9\x91\x0d\x01\xa1\x17\xf8\x99\x26\xcc\x3a\xfa\x8d\x10\x4f\x79\x9f\xf3\x80\x98\xde\x28\xb8\xff\x0f\x03\x87\x25\xc2\x90\x3b\x24\xc1\x42\x9c\xea\x49\x25\x24\x9d\x87\x81"},
+{{0x06,0x1b,0xcf,0x1a,0xa6,0xfd,0x98,0x98,0x97,0xb3,0x22,0xe5,0x91,0xcc,0xef,0x54,0x54,0xef,0x4a,0x5a,0xdb,0x1a,0x48,0x00,0xf3,0x26,0x11,0xcf,0xf2,0xb5,0xbc,0x78,},{0x73,0xc8,0x0b,0x73,0x4b,0xfc,0x94,0x17,0xd5,0x76,0x89,0x0c,0x20,0x16,0x6d,0xa5,0xc7,0xfa,0xbd,0x61,0x3f,0x75,0x47,0x4f,0x76,0x49,0x73,0x2e,0x00,0x29,0x5b,0xe2,},{0x5a,0xda,0xa9,0x43,0x30,0xa0,0x35,0x37,0x12,0xa3,0x4d,0xbe,0x97,0x3b,0x75,0x18,0xf9,0xa2,0xc7,0x13,0xf8,0xaa,0xd1,0x00,0x25,0x1b,0x08,0x6a,0xe8,0xde,0x26,0xf6,0xd2,0xb6,0xcc,0xf0,0x52,0x8c,0xc5,0xde,0xdc,0xa3,0x18,0xdf,0x19,0xcc,0x7e,0x45,0xde,0xae,0x28,0x1e,0x13,0x24,0xb9,0x6e,0x32,0xfe,0xf4,0x5a,0xaf,0x60,0xb1,0x0c,},"\xd6\x3b\xb9\x20\x8c\x1f\x4c\x7d\x43\x32\x6c\xf3\x5f\xa5\xd8\x39\x33\x15\x18\x04\xab\x89\x1d\x49\xb0\xbd\xaf\x42\x9e\x4c\x39\xa3\x21\x42\x8e\x0d\x90\xaa\x00\x31\x8b\x97\xe0\x8c\x70\x24\xc9\x12\xcf\x38\x88\x79\xf3\xcf\x97\x4b\xb2\x53\xa1\xe7\xa4\xc8\xee\xc1\x93\xbf\x4c\x14\xaf\x6f\xb9\x79\x4d\xf0\xd4\x97\x85\x0e\xdb\x04\xd5\x74\xc9\x7e\xd7\x6c\x70\x21\x39\x96\x84\x01\xb4\x0e\xb5\x43\x94\xef\x4c\xfa\xa7\xe5\xd3\xcd\x94\x3a\xf1\x21\x92\x53\x8d\xde\xe5\x93\xc2\xa2\x4a\x26\x7a\xfa\x13\x71\xfd\x77\xfe\xee\x20\x71\xf4\x36\x9f\xbe\xf8\x79\x76\xe7\xeb\xd8\x1d\x1e\x5b\x31\xd6\xe0\x9e\x02\xd8\x30\x35\x7d\x36\xbf\xf8\x59\x67\x03\xe4\x14\x6d\x08\x27\xbe\xc9\xc0\xf8\x7b\x26\xf3\x11\x95\xc9\x6c\x93\xb6\xd8\xc4\x67\x67\xec\x1b\xc6\xde\x39\xf0\x00\x8a\x41\xff\x87\x5d\xa0\x50\xa3\xf8\x65\xab\x92\xcb\xf2\x9c\x38\xa2\x80\xf3\xbf\x69\xf6\x8e\x92\xb5\xf4\x30\xcd\xee\x35\x01\x98\x1d\x0b\x3d\x18\x90\x96\xe0\xae\xac\xd6\x4c\x33\x10\x24\x21\x34\x88\x12\x15\x8b\xb6\x1e\x51\xae\x93\x65\x92\xb2\xf8\xf1\xb9\x10\x94\x9e\xf3\x72\x32\x58\xa9\xb4\x4e\x4e\x1b\xda\xdf\x1a\xe2\xcf\xc1\x8e\x37\xd2\xed\x0d\xd1\x73\x44\x04\xb8\xba\xa5\xf3\x93\xcd\x56\x06\x9e\xce\xbf\x7e\xdd\x7c\x06\xcf\x6c\x8a\xa3\xe8\xe1\x2f\xbf\x94\x6d\x7b\x32\xd8\x45\x3b\x6f\xbb\x65\x35\x52\x6c\x8f\xb8\xfc\x1d\x58\x15\x56\x0b\xb3\x1b\x99\x5d\xf2\xad\xbd\x83\x6a\xdd\x92\x9a\x56\xfd\xd9\x3a\x17\x47\xd9\x3a\x40\xc0\x5e\x12\x9e\xb6\xf8\x58\x3c\x29\x21\xcc\x9d\xbd\xda\x42\x25\xe1\x76\xdb\x38\x6a\x02\xec\x40\xaf\x10\x32\xc9\xb6\x2e\x95\x14\x70\x25\xf4\xac\x8d\xd5\x84\x33\xb6\x4a\xc0\x73\x15\x0c\x69\xb9\xc4\x15\x4d\xcb\xb0\x03\x44\xf3\x08\x11\x3c\xd9\x19\x9c\xcf\xb5\x07\x58\x01\xc7\x05\xb8\xfc\x43\xb7\xc8\xbc\x16\x73\x65\xe4\x62\x93\xd0\x6c\x4f\x48\x35\xc6\x4e\xe5\xd5\x38\x3f\x68\x90\xca\x35\xa8\x0a\xf9\x17\x74\x81\x62\xdf\x25\x18\xab\x14\x68\xf1\x53\x62\x98\x99\x40\x6c\xde\x66\xce\x07\xfa\x7d\x29\x93\xda\xbe\x0c\x60\x08\x9c\x91\x89\x24\x88\xf3\xbc\xaa\xec\x40\x8a\x0c\xd0\x8c\x9a\xa9\x8e\x09\x37\xe0\x2c\x41\xad\x52\xd2\x41\xa9\x98\x33\xe3\xb8\x3f\x7d\x3f\x1b\x07\x8c\x31\xd4\x5c\x34\xfa\x01\x75\xab\xbd\x0f\x32\x2b\x8f\xd2\xdc\x83\x49\x1d\xa2\x92\xad\x00\x76\x2e\x3e\x57\x7b\x9e\xee\x0a\xae\x08\x72\x90\x70\xac\x25\xe3\x3b\xc9\x45\x25\xbc\x0d\x2a\xb5\x97\x04\xef\xec\x5c\x01\x48\x42\x1a\x47\x92\x8d\x34\xb1\xe4\x5c\xe7\x21\xee\x64\x47\xfb\x08\x2a\xc4\x00\xb3\xe6\x84\x6d\x20\x4f\x7f\x9d\xb6\xf0\xa3\x2b\x2a\x69\x73\x8b\x3e\xe9\xdd\xbb\x0d\xbd\x7e\x0f\x04\x1d\x7e\xa5\x3a\x5d\x64\x7f\xb5\x0b\x39\xae\x24\xd7\x8c\x8b\x07\xcf\xc4\xe0\x52\x71\x1f\x0d\x46\x39\xe7\x21\xd5\xc3\x6f\x31\xb5\x88\x86\x67\x12\xb7\x57\x10\x8a\x40\xcc\x7a\xbb\xb9\x91\x30\x83\x30\x3a\xae\x05\xa0\xf1\xaf\x0e\xc6\x87\x84\x41\xa2\x5c\xf8\x72\x9a\xba\x42\xa3\xa9\x4c\xe9\xb7\x38\x88\xa0\xf5\xc9\xe4\x0c\x9f\xc4\x54\x10\xf0\x68\x1f\xa7\xf9\x08\x98\x56\x2c\xcb\x4b\xbc\x55\xf0\xab\x1f\xe9\xc7\x0e\xa6\x60\x26\xdd\xa8\xd7\x09\x0f\x7b\x38\xed\xb5\xae\xc1\x55\x7b\x11\x66\x98\x7c\xd4\x1a\x70\x59\xcd\xee\x60\x9b\x74\xd8\xfe\x06\xb7\x05\x9b\x77\x24\xbf\xf5\x30\x07\xf7\xe1\x10\x46\x2f\x06\xad\x14\xd0\x7e\xe1\xb4\xd6\x9a\xc8\x23\xbc\xf5\x76\xd2\xfa\x9e\x2e\x8e\xd7\xf3\x19\x80\x40\xd4\x71\x29\x60\x63\x13\x7c\x98\x1a\xdb\xf3\x64\xcb\x20\xf0\xa1\xad\x20\x54\x47\x2f\x7c\xee\x25\x27\xf9\x98\x09\x61\x5d\x2e\x4b\x73\x4b\x06\xf3\x5d\xee\xcb\xd6\x26\x19\x66\x3d\xde\x81\xd6\xe2\x35\x28\xb0\xc9\x71\x32\xaf\x0a\x23\xba\xd6\x3d\x9c\x08\x14\x2a\x26\xe2\x74\x3f\x86\x18\xec\xfe\x72\x3b\x19\xff\xdd\x0b\x19\xab\xd9\xa3\xf4\xfe\x21\x0b\x1e\x71\xac\xdf\xe3\x8a\xbe\xbe\x23\xf7\xfd\xef\x66\x38\x1c\xbc\x75\xf3\x07\xe5\x57\x72\x35\xb0\x2e\x4c\xd9\xcf\xaa\x15\x03\x08\x68\xed\x14\x53\xda\x58\xf7\x83\xb7\x35\x2b\x04\x65\x68\x44\xc0\x42\x44\x1e\xfe\x6a\x3b\x4f\x8f\xec\x8f\x7d\xe8\x07\x44\x54\x0c\x4f\xc7\xa1\x07\xf4\xe1\xbf\xcb\xd9\x9d\xa2\x5b\x97\x46\x09\x5d\xdf\x01\x25\xd5\x6d\xa7\xe7\xf8\x60\x3f\x04\xd3\x59\xa0\x88\xb4\xc0\x44\xf9\x36\xcc\xb7\xd8\xf8\x9e\xd5\x3c\xc9\x91\xa3\x49\x7c\xa9\x52\x09\x4f\xf3\xc3\x30\x46\xf2\x60\x9d\x07\xb2\x9b\x63\x39\x81\x36\x9c\xb2\xf0\xee\xcd"},
+{{0x2e,0x19,0xcd,0x44,0x2f,0x22,0xa4,0xa9,0x9d,0xff,0xc5,0x5e,0x7b,0xf6,0x25,0xf8,0x9d,0x13,0x44,0xb5,0x63,0xf6,0x78,0x53,0x13,0xa7,0xee,0xe9,0x73,0xb4,0xaa,0x36,},{0xee,0x3d,0xa7,0x6a,0x8f,0xcf,0x40,0x3a,0x29,0x58,0xd4,0x55,0x1d,0xa0,0xa7,0x2b,0x2e,0x73,0x85,0x22,0xb2,0xe6,0xb2,0x0f,0xba,0x6a,0xa2,0x6b,0x32,0x30,0x73,0x57,},{0x28,0x32,0x6b,0x5b,0x97,0x8e,0x0d,0xbd,0xab,0x5d,0xde,0x70,0x37,0x85,0xa6,0x67,0xa7,0xef,0x43,0x9d,0x81,0xea,0x47,0xe0,0x66,0xb0,0x89,0xd1,0x16,0xc2,0x5a,0x34,0xbb,0x63,0x3f,0x26,0x0d,0x55,0xf4,0x5b,0xdf,0x6b,0xcd,0xa7,0x48,0x03,0xd7,0x62,0x4b,0x19,0x27,0xce,0xc1,0x8e,0xb1,0x99,0x22,0x60,0xbe,0xef,0xc3,0x99,0xd9,0x0e,},"\x1b\xfc\x5c\x6a\xa6\xa5\x35\x4f\xbb\x86\x14\x69\x79\x63\x48\xac\x63\x19\x12\x4d\xa3\xf1\x0d\x20\xd5\x0b\xbd\xc7\x15\x9d\x41\xb5\xab\xb1\x36\xc7\x99\x6a\x77\x37\x97\x12\x2b\x52\x5e\x8e\x2d\xca\x19\x54\xf6\x39\x17\x07\x30\x1d\x90\xf2\x10\x1b\x46\xc7\xb0\x86\xef\xa1\x58\x77\xca\xdc\xd0\x58\x12\xdb\x34\xb9\x96\xcb\x4f\x53\x1a\xbc\xd1\xe9\x8d\xb0\x8a\x5c\xf1\x36\x8e\x8f\x4b\x11\x09\x14\x2e\x95\x62\xbd\x00\x85\xff\xae\x5e\x66\x0f\x59\xc9\x30\x79\x3e\xbd\xb6\xe8\x0b\x0a\x2f\x4f\x3f\x59\xbf\x9d\x39\x5c\x48\xd2\x6e\x0a\x72\xa6\x0f\x9d\x1f\xf8\x7f\xd2\xd7\xa3\xf5\x38\x3a\xa9\x02\xad\xed\xed\xeb\xc6\xcd\x1b\xef\xd0\x38\x33\x61\x62\x74\x9d\x91\xa9\x57\xca\x2e\x3d\xd4\x70\x91\xc5\x59\x31\x13\xda\x87\xc3\xd6\x6a\x02\xc8\x0a\x6e\xdd\xb5\x35\xc4\x8c\xa1\xf3\x4a\x97\xfd\x1c\x95\xeb\xc2\xe5\x70\xfc\x8f\xaf\xe6\xe5\xd6\x54\x6d\x1f\x3a\x9b\xa8\xda\xac\x33\x4c\xf4\x7b\xf1\x17\xe1\x28\x0d\x0e\xbd\xf1\x4b\x0f\xcd\xbb\x43\xb8\xd2\x48\xcc\x6b\x61\x32\x0f\xdb\x04\x49\xed\x5f\x5d\xe8\xba\xb1\x21\xaf\x0d\x85\x54\x95\x6e\x6a\x12\x01\x6b\x42\x67\x7b\x44\x36\x78\x92\xc3\xb2\x0a\xfc\xc2\xcb\x9c\xfb\x5b\x10\x0a\x95\xb5\x1e\x8b\x07\xda\x9f\x51\x41\x5f\x4c\xd7\x78\x1a\x31\x37\x65\xe2\x0d\xb2\x7f\x23\x43\xe0\xf7\x19\xec\xea\x9a\xf0\x26\x95\x6f\x33\x87\xe9\xea\x7e\xd0\xa2\x93\x75\x9b\x4a\x26\x22\x02\x80\x7b\x41\x30\x9f\xb8\x0f\x50\x18\x5d\xb6\xa5\xf8\xbd\xca\x17\x88\x41\xbe\xc0\x6a\xdd\xc7\x61\x0d\xf7\x60\x17\xb5\x14\xbc\x41\x42\xf2\x6a\x36\xbf\x5b\xac\xec\xb0\x12\xfa\x41\x71\x0d\xd8\x49\xbe\xf7\xa7\xe4\x51\x43\x28\x36\xfe\x9b\x32\x65\xfd\x5b\x59\xee\x40\xb0\x4d\xad\x85\xcf\x48\xf8\x91\x46\x5a\x84\x2c\xd4\x50\x0a\x10\x24\xee\xfd\xf0\xf5\x54\xf0\xca\x17\xec\x9f\x7b\x71\x52\x56\xa9\xb9\xdb\xe2\x79\x66\x38\x6d\x8a\xc3\x7d\x3c\x51\x58\x96\xde\x0f\x7c\xdf\x7c\xf5\xb3\x20\xff\x7a\x8e\xf6\xb3\x4b\xa8\x20\xab\xa9\x06\x6d\xd2\x53\xc5\xb7\x76\x37\x77\xf9\x4b\x2d\x6a\xd8\xc7\x10\x22\x1e\x11\x37\x53\x5d\xff\x8a\x1b\x75\x65\xec\x81\xbd\x8d\xde\xb5\x02\xe3\xd5\x8f\xf8\xf1\xfe\x6e\x86\xb8\xdc\x15\xa3\xaa\xec\x68\x8b\xbb\xec\xd4\x68\x82\x81\xdb\x0f\x81\x8d\xe0\xf7\x26\x1b\xa9\xcc\x58\xc8\xbc\x0d\x02\xe0\x66\x32\xef\xe7\x28\x7a\xd7\xa8\x43\x31\xa8\x24\xd9\x28\x73\x44\xef\xaa\xa7\x4f\x1f\xc5\x76\xd0\x26\x94\x30\xf8\x56\xa8\x56\x52\x65\xb9\xd6\xef\x71\xfe\x13\x4d\x25\x10\xab\x06\xb6\x0b\xf3\xc1\x53\xb5\x7e\xcf\xd2\xe6\x34\x24\x03\xfe\x67\x8b\x58\x86\xb6\xb7\x34\xb7\xd3\x69\x06\x62\xb6\xc8\xc6\xf6\xe2\x50\xe5\xaf\x6a\x81\x83\x16\x6d\xdc\xd0\xa1\x7f\x0c\xdd\xc8\x63\x6e\xf1\xa6\x84\x98\xbe\x50\xb6\x59\x95\x39\xd4\x6b\x4c\xea\x97\x13\x0e\x08\xf9\x4c\xa5\x3e\x88\x46\x44\xed\xa7\x5d\x23\xcd\x2c\x03\x8a\x5f\x17\xb5\x91\xe2\x13\x69\x37\x8c\xd3\xfb\x57\x62\xd1\xa7\xc3\xe6\x6a\x11\xae\x6e\x91\xcb\xae\x61\x6a\xd0\x55\xe3\x9d\xc4\x1e\x15\x4f\x4f\xce\xd7\xb2\x69\x6d\x9d\xc6\x73\x80\xbb\x8e\xef\x47\x4e\x9a\xa8\x3c\xec\x47\xfa\xfa\xfb\x94\x1d\x62\x65\x64\xb2\x07\x5b\xcc\x08\x56\xda\x8d\x6e\x1b\x0b\x8f\x18\xba\xf7\x51\x3b\xbd\x14\xe4\x91\xed\x51\x79\x68\xc4\xf7\x24\x1a\xf2\x50\x98\xee\x8d\xf1\x30\xb7\xa3\x4d\x59\x73\x6d\x78\x36\xd3\x23\xfe\x3f\x43\xf5\x08\xcd\xcb\x75\x58\x95\xf5\x9a\x00\xc8\x04\xed\x16\x4c\xc3\x39\x92\xf3\xae\xe9\x62\xae\x9e\x99\x0b\x74\x27\x2e\xb9\x87\xb1\x2d\x90\xb2\x73\x14\xd5\x74\x00\xe7\x37\xd1\x34\x3e\x97\x09\x85\xc4\x27\x10\x60\x87\x6a\xbc\xd7\x04\x9e\x7c\x9f\xe2\x44\xff\x3e\xf9\x85\x60\x99\x5b\x74\x82\xd3\x1b\xc7\xc0\x9d\x99\x69\xf7\xcd\x41\xf4\xe4\xe2\x52\x75\x0d\xc1\x6c\xcd\xb2\x9b\x98\x53\x14\xa0\xb6\xe7\x49\xc9\x5f\x9b\xd2\x83\x8d\x5a\xc4\x9e\xe0\x31\xfd\x07\x9b\xec\x30\x28\xdd\x9d\xd0\x7d\xb6\xfa\x62\x2a\xd6\x21\xb3\xb1\xe1\x27\xe8\xfc\xa3\x7b\xd1\x46\xe3\xcf\x70\x3e\x91\x17\x01\xb7\xa1\x6c\x2d\x30\x36\x9c\x94\x64\x8e\xcc\x03\xdf\x10\xd7\xdd\x5c\x05\x58\xfa\x95\x93\x42\x5d\x94\x87\x27\xd6\x86\x0c\x3a\x14\xf8\x11\x24\x51\x06\x61\x6d\x2a\x5f\xa9\x81\xc6\xb7\xf4\x7e\xc9\xde\xf6\x54\x12\xd1\x32\xac\xc6\x91\x9d\xa4\xe8\x85\x97\xaa\x91\x90\xca\x61\x4b\x21\x80\x66\xa0\xf7\xb1\x69\x97\xee\x74\x7c\x5a\x09\x78\x5e\x50\xd0\xa8\x91\xd9\x59\x37\x86\x3d\x61\x3c\xef\xf7"},
+{{0x82,0x10,0x90,0x99,0xd1,0xea,0xfe,0xed,0x5a,0x85,0x20,0x60,0x46,0x49,0x1b,0x34,0xd0,0x6d,0xcd,0xe3,0x3f,0x08,0x09,0x60,0x28,0x7b,0x10,0xfb,0x23,0xff,0x9f,0x78,},{0x08,0x1c,0xfd,0xf2,0xd7,0x58,0x65,0x4c,0x41,0xc4,0x47,0xe1,0xe6,0x27,0x38,0x10,0xf8,0xa7,0x38,0xa7,0x33,0xaf,0xc4,0x22,0x94,0xa2,0xb1,0xbb,0xb7,0x69,0xef,0xce,},{0xb3,0x98,0x7f,0x32,0x4b,0xc7,0xe7,0x76,0xc0,0xf2,0x87,0xfa,0x13,0xad,0x28,0x74,0x16,0x95,0xe2,0xe7,0xbc,0xe8,0xd1,0x43,0xe2,0x9f,0xad,0x5d,0x00,0x99,0x47,0x58,0xe2,0x25,0xfb,0x80,0x21,0x00,0xd2,0x3f,0xd6,0xcc,0xaf,0xee,0x8e,0x0a,0x95,0xbc,0x47,0x9b,0xe8,0xc2,0x3a,0x11,0x31,0x97,0x45,0x76,0x5b,0x7c,0xd4,0x7e,0x70,0x06,},"\x84\xf4\x7d\xd7\x94\x97\x7a\x6c\x15\x05\xac\x8c\x05\x68\x0c\x56\x15\xa2\xd5\xb0\x57\xe3\x9b\x04\xf8\x5e\x3f\x9f\xf0\x49\x60\xe0\xe0\x16\x68\x5a\x86\xee\xbc\xec\xf6\xfb\xce\x5f\xdd\xcd\xac\x1a\x47\x4c\x8a\x0d\x50\x2c\x40\xe1\x0f\x94\x86\x46\xfd\xac\x6c\x81\xf1\xff\xbb\x17\x7a\x2a\x49\x63\xb6\x78\x25\x90\x3c\xde\x65\xb5\xdb\xe0\xd8\x94\x1d\x54\x6c\xff\xa2\xbf\x8a\x8c\xa8\xd6\xc6\x40\x85\x30\xa6\x29\x0f\x5d\x08\x82\xf1\xa1\x67\x2d\xbf\x97\x8e\x10\xc5\xc8\xaf\x5e\x0a\x62\x39\xf0\x65\x5e\xe7\xfd\x9e\x66\x96\x30\x77\xa0\xe8\x47\x13\x73\x97\xd1\xf0\x69\x99\xdc\x6f\x8a\x94\x5c\x60\x03\xea\x4e\xa7\xfd\x58\x37\x8a\xcb\x44\xed\x57\x80\xea\xa3\x67\x79\x6b\xee\xa3\x7d\xdc\x23\x69\x99\xd0\x12\xd6\xa7\x16\xd7\x91\x56\x49\xcc\x28\xe5\x88\x75\x64\x7e\x9f\x5a\xc0\x55\x3c\x0f\x54\x4d\xf5\x64\x69\xc6\x70\x81\xd5\xe3\x03\x95\xf3\xe9\x60\xe6\xa5\x2f\x08\x33\x19\x2c\x54\x8c\xd5\x7c\x92\x6b\x82\xdb\x48\xc3\x61\xbd\xe7\x03\x33\xa3\x70\x08\x3e\xaa\xa0\x68\xdc\x2a\xe4\x52\xd2\x1e\xf1\x33\x1a\xed\x19\x0b\xd3\xe1\x28\x9a\x10\x4c\xf6\x67\x83\x43\x77\xcf\x7b\x5a\x29\x77\x48\x07\xc3\xf1\xea\x9e\x7b\x28\x83\x1d\x0f\x6c\x42\x94\x78\x58\x67\xb1\x37\xb6\x50\x28\xc1\x4f\x93\x2a\x1b\xa8\xe6\xf9\xf5\x96\x24\xfe\x0c\x39\x68\x43\xea\x19\xe4\x6f\xba\x09\x14\x2c\xf9\xd4\x24\x97\x31\x2f\x36\x02\x44\x03\x2f\x1e\x00\xf3\x8d\xd0\xde\x29\xf9\x63\xb5\xcc\xc1\xef\x12\xb2\xcc\x62\x04\xb9\x94\xaf\x1f\x3b\xaf\x19\x6d\x9e\x21\xe8\xfa\x4f\x09\x73\x20\xc6\x44\x04\xd0\xb7\xd5\xab\x38\x56\x0c\xa0\x65\x53\x64\xb0\xb0\x9c\xd6\xdc\x0f\x0e\x05\xb8\xc9\x11\x03\x64\xf1\x42\x4a\x96\x72\xb7\xef\xdf\x7e\x1f\x37\x8e\x23\x45\x50\x56\x6d\xbe\x13\xb0\x15\x78\xb0\x41\x53\xe9\xc3\x7b\x55\x3e\x32\xa4\x44\x1b\xc9\x7e\x29\x53\xbe\xc2\xe4\x14\x55\x51\x0f\x98\x02\xef\x94\x8d\xcb\xf1\x3f\xad\xdd\x72\x2e\xde\x57\x36\x27\xb2\x58\xd5\x5e\x83\xc0\x89\x5b\x22\x91\x9e\x4b\xe5\xce\x8d\x81\x9c\xe6\xad\x84\x3b\x2d\xd0\x9d\xf6\x40\x04\xc8\x26\xc1\xdd\xe7\xce\x64\x80\xa2\x71\xa8\x58\xa1\xdb\x16\x9e\x14\x94\xd4\x46\x90\x32\xbc\xc1\xcc\xd8\x96\x53\x19\x8b\x7c\x07\x3f\x76\xa2\x6a\x29\x99\xb5\x64\x8c\xba\xdc\x15\x74\xc7\x8e\xad\x8e\xec\xe8\x3b\x91\xe1\x29\xc4\x37\xf9\xee\xec\x04\xc8\x07\x45\x90\x02\xe6\x6d\xcc\xa9\xbf\xc2\xca\xed\x9e\x6c\x0b\xa2\x3d\x23\x55\xde\xf7\x56\x65\x74\x94\x30\xee\x92\xc5\x32\xa6\x95\x47\x9f\xec\x92\x91\x74\xf4\x40\xec\xb6\x1a\x5a\xe8\xb2\xb7\xe9\x58\x92\x05\x58\x26\x89\x78\xf7\xfb\x4d\xa1\xb3\x8b\x12\x01\x4f\x5d\x61\xb0\xfd\xd7\xf6\x13\x6b\xa4\x28\x1b\x41\xa3\xa3\xcd\x18\x80\x52\xb6\x98\x76\x5b\x6f\x05\xe4\x1e\x78\x37\x3e\xa8\x30\x46\x97\x87\xa3\x75\x10\x99\x3d\x12\xf9\x3e\x96\xc7\x2d\x72\xf4\x46\x19\x84\xf6\x91\xa4\x1c\x7d\x33\x97\xdd\xd5\xa1\xb3\x92\x37\xd1\x30\x88\x64\xd4\x15\xfc\x6c\x22\xb6\x3f\x37\x6c\xed\xde\x37\xf5\x25\x2b\x51\xec\x72\xe5\x15\x5f\x3b\xdb\x4f\xcd\x54\x12\x49\x8b\xd2\xe0\xc1\xf9\x85\x0b\x3a\x85\xd1\xdf\xd2\x51\x67\xa3\xcd\x77\x1e\x8e\x4c\x9d\x86\x8c\x95\xa7\x17\x5e\x37\x75\xf6\xce\xf1\x7e\x4e\x36\x49\x7c\xe9\xe4\x55\x32\xbd\x7f\x44\xb2\x77\x6e\x40\xf9\x1a\x07\xca\x4f\xa1\xb9\x5d\xbe\x81\xcf\x8f\x49\xe4\x6b\x6c\x82\xa6\xee\x43\x47\x91\x8a\x76\x43\xb0\xd9\xa3\x88\x57\x21\x2c\x69\x3e\xad\xac\xfd\x37\xa5\xf1\xd9\x15\x58\xf5\x45\x4d\xcd\xd0\x59\x35\xf2\x90\xe6\x2d\x7e\x65\x00\x6c\xd5\x49\xf6\x55\x3c\xe7\x41\xdf\x44\xd3\x96\x44\x00\x1e\xb4\x79\xca\x69\x56\x8a\xd1\xf2\x3b\xba\x09\x9a\x41\xa4\x72\x94\xdb\x93\x87\x31\xc5\x30\xaf\x1c\xeb\x92\x17\xd2\x9b\xc2\x70\x56\x13\xc1\xa1\xfe\x9c\x20\x8d\x0b\x01\xba\x6f\x4d\x9b\x4c\x7b\xa8\xf0\x21\xdf\x91\xea\x2d\x57\x8c\xe0\x83\x12\x3e\x83\xba\x4b\x9c\x50\x40\x7f\x66\x66\xfb\xe6\x11\x58\xb0\xd1\xb9\x57\x77\x72\xe3\xea\xff\x8f\xb4\x29\xd0\xf6\xd2\xe3\x84\x12\x61\x30\xf2\x1b\x44\x9f\xb1\xdc\x17\x0d\xb4\x5a\xf5\x05\xbd\x31\x82\x67\x8a\x9b\x5f\x9f\xdf\xf6\x5f\x04\x13\xb6\x72\xc4\x78\x63\x40\xfc\xf2\x52\x2e\xa7\xf3\xd8\xad\xe8\xa0\x59\x52\x96\x49\xdb\xda\x9c\xe5\x1f\xf0\x5a\x2a\x2a\x3d\x66\xd2\x16\x6b\xf2\xc9\xc6\x77\x2b\xa0\xef\x41\x05\xe6\x8c\x05\x5e\x02\x13\xd4\x2c\x1e\xe1\x23\xb3\xc1\x21\x78\x43\xe6\xec\x57\x5d\x75\x4d\xf3\xc9\x0a\x75"},
+{{0x65,0xfc,0xbd,0x62,0x6d,0x00,0x21,0x11,0x33,0x4b,0xaa,0xd4,0xe6,0xa8,0x00,0x6e,0x47,0xa1,0xf9,0x13,0x97,0xbe,0xe6,0xdd,0x6c,0xd7,0xda,0x5a,0x0e,0x02,0x48,0xa4,},{0x20,0x40,0x9a,0x14,0x6b,0x42,0xc9,0x6b,0xea,0xb0,0xb4,0x2e,0xa7,0xf2,0xc2,0x51,0x93,0x11,0x9d,0x0d,0xf4,0x4d,0xc2,0xbf,0x14,0xd1,0x1a,0x32,0xfd,0x73,0x36,0x15,},{0xbc,0x78,0xe1,0x6b,0xa6,0x74,0xe0,0xa7,0xdb,0xa5,0x7a,0x19,0x09,0x4f,0x97,0x33,0xc5,0x5d,0x74,0xb9,0xd1,0x5f,0x8a,0x44,0xd1,0xbb,0xc0,0xa0,0x23,0xf7,0x01,0x55,0xde,0x29,0x77,0x11,0x1a,0x41,0x7e,0xef,0xa8,0xcb,0x30,0xec,0x12,0xab,0xc8,0x38,0x42,0x28,0x16,0x7c,0x70,0x98,0x2a,0x82,0x06,0xb1,0xff,0xb7,0x21,0x74,0xaf,0x01,},"\xe4\xc0\x94\x7f\xc8\xca\x78\xfa\x88\x63\xf4\xd0\x44\x49\x9d\x03\x6e\x2e\x7e\xf8\xc1\x7e\x83\x8f\x2f\xac\x02\x67\x5b\x7b\x53\x81\xe5\xf9\xab\xce\xaf\xd0\xd8\x88\x6a\x92\x9d\x9d\x9b\x49\xfc\xb7\x38\x61\xb2\x9d\x15\x18\xac\x5f\x83\xf7\xf8\xfc\x26\xbd\x1c\xeb\xc2\x2d\x87\x3a\x9a\x08\x23\x14\x06\xfb\x03\x2e\x48\x66\xe5\xf5\x5c\x7c\x04\x41\xc5\x19\x04\x1b\xb2\xcc\x73\xf9\x22\x6d\xd5\xd0\x7e\xce\xb6\x60\xd6\xc9\x67\xdb\x23\x36\x55\x74\xbe\xe8\xfc\x10\x22\x29\x28\x76\x77\x13\x57\x1a\x71\xc9\x3a\x85\x27\x8d\x42\x29\x9a\x70\x59\x9c\xa9\x93\x26\xcc\x86\xf6\xd9\x8d\xaa\xc0\x00\xfd\xfa\x71\x05\x62\xf4\x81\xfa\xa0\x20\xc7\x2a\x76\xe2\x06\x7d\x15\x4c\x23\x5a\x7a\x4f\x29\x70\x8c\xc5\x44\x53\x3b\xd7\x99\xed\x63\x63\xeb\x3b\x56\xaa\x4a\x6d\x0e\x37\x9b\xbf\x07\x60\x05\x95\xc2\x3a\xb1\xf3\xf9\xf1\x70\x8e\x00\x70\x26\x1b\xbb\xf4\xbf\xea\xf6\xd6\xce\xd4\xd7\xff\x72\x2c\x9c\xc5\x2d\x91\x33\xea\x68\xd4\x95\xdc\x94\x89\xc3\xed\xf6\x83\x02\x31\x35\x1f\x65\xcb\x52\x72\xf5\x39\x6e\x2c\x4a\x1a\x5c\x88\x66\x1a\x10\x18\x92\x24\x9e\x23\xd6\xce\x9f\xdb\x6a\x9a\xbf\x74\x27\x2c\x2f\x59\xc3\xd8\xfd\x87\x43\xcc\xe4\x61\x12\x6c\xa0\xa8\xb8\x32\xb4\xb2\x18\x33\x6b\x1a\xe1\x4d\xa6\x77\xba\x7f\x1b\x2c\xc5\xca\x3c\x71\x58\xf7\x27\xa9\xe1\xb8\xfd\xd9\xed\xf5\xc2\x18\x7f\xcb\x83\xdb\x86\x2a\xd0\xc6\xb3\x92\x16\xde\x31\x16\x91\x95\x56\x46\x51\x00\xad\xe0\xa4\x2b\xd6\xba\x10\xd9\x54\x18\xb6\x9a\x3e\x00\x5e\x9f\x10\x45\x89\xea\x59\x48\xb2\xb5\x1b\xc7\xb1\xa9\xa0\x74\x9d\xa8\xf0\x13\x78\x1b\xc0\x5c\x80\x5b\xb5\x1e\x18\x77\x61\xac\x24\xc7\x64\x14\xf6\x68\xeb\x45\xfb\x0a\x50\x24\xdf\xe5\xa5\xca\x06\xf0\x40\x3a\x02\xe3\xb2\xfe\xf7\xa2\xc4\xbc\xfb\x1d\x07\x5d\x31\x0d\x51\x97\xe6\x59\xcd\x14\x02\x3f\xae\xc2\x0e\x04\x5c\xab\xcb\x86\xb2\x21\xa1\xd4\x82\x71\x13\xff\x32\x67\xa6\x4d\xeb\xe9\x93\x90\x04\xca\xba\xc8\x5e\x5c\x74\x61\xe7\xe8\x2a\x97\x5a\xcf\xae\x0b\x6c\x51\x6a\x1c\x60\x53\x74\xcf\xea\x7d\x81\x90\x44\xef\xd6\xd7\x46\x54\x42\x4f\xd5\xc9\x0f\xf2\x57\x4f\xcd\x8e\x00\x77\x40\xd9\x75\x86\x1d\x0d\xf5\x25\x9f\xe4\x3e\x43\x63\x9e\x36\xe5\x28\x95\x43\x9b\xa2\xc2\x7c\x1e\x88\x9c\x93\x09\x41\x04\xfe\x91\x49\x21\xbd\x6f\x25\xd3\x98\x5a\xb1\xf2\x2c\xa5\x57\xb0\xe4\x9a\xfc\x73\x75\x24\x3c\x52\x1c\x6d\x5f\xaf\xe0\x38\x1c\xce\xa8\x28\xe8\x8e\x64\x7f\xd9\x09\x76\xb3\xfb\xec\x19\xfe\x9a\xdb\x11\x3c\x64\x04\xbd\x35\x2b\xfc\x00\x04\x46\xd2\x10\x05\xb5\xf9\x50\xae\x07\xe5\x1c\x76\x8c\xa3\xff\x61\x77\xb2\xea\xc5\x0f\x10\xdd\x2e\x64\x61\x0f\xa8\xab\x57\x88\xfa\xee\xe2\x9d\x12\x90\x09\xd7\xfe\x46\xaa\x3d\xa6\xb9\xd8\x6c\x73\x06\x5e\xb5\x16\x1f\xbd\xbd\xfa\xc5\x77\x7c\x4e\x75\x45\x2e\x6e\x16\xae\x9f\xd6\x6b\xb7\xd9\xaa\xa4\x26\xbc\xb7\xa6\x91\x5f\x0f\xf4\x4a\x1f\x8e\xc7\x13\x94\xe9\x35\x2f\xdf\x20\xe0\x2f\xaf\xe1\xe0\xce\xfe\x50\x74\x4c\x31\x94\x95\x6f\x92\x8f\x82\x53\x37\x55\x37\x38\x38\xdc\xc1\x29\x6a\x89\x1a\xdf\x64\x1c\x73\x82\xd6\x9b\x4f\x5a\x43\xd4\xaf\x77\x72\xa4\xa1\xee\x87\x92\x92\xd7\xa4\xf3\x2a\xc3\x5e\xe1\x21\xc6\xc3\x4c\xa5\xf9\x84\x87\xa9\x41\xfc\xb1\xe6\x5b\x44\xd4\x45\x61\x27\xee\xdb\x2f\xcc\x1c\x3f\x48\xef\xf9\x30\x09\x81\xe5\x2a\xc3\x8b\x49\x6a\xb8\xbb\xce\x14\x4a\x85\xeb\x9c\x07\x63\x8b\x31\xfd\xaa\x78\x17\x44\xbc\xe1\x7e\x8d\x93\xdc\xdc\x60\xaf\xed\xa4\x88\x80\x76\x17\xf8\x8d\x6a\xa5\x44\x22\xfd\x34\x7d\xda\xdd\xef\xf3\x7a\x56\x3d\xbf\x19\x97\x4b\x2a\x23\xbe\x30\x0f\xbf\xa6\xc7\xfc\x41\xf8\x4c\x69\x05\x41\x52\x69\xf1\x95\x99\x0b\x5b\x4d\xe1\x26\x68\xc7\x1c\x87\xb5\x04\xf4\x11\x24\xbf\x94\x43\x6f\x33\x30\x45\x63\x15\x18\x15\x2c\x51\x62\xa2\x47\x5c\x40\xef\xb6\xcb\xda\xaf\x9a\xf4\x28\xfe\xd3\x25\xb3\xa7\xd9\x4c\x17\x52\x0f\xd8\x9e\x00\xdd\xf0\x8b\x22\xad\xf6\x61\xf0\xac\xd7\x23\xb3\x96\x9d\xc6\x43\x4e\xa6\xf9\x2e\xf5\x8e\x8d\xfa\xe5\xb0\xcc\x28\x85\xba\x98\x7e\xa1\xd1\x6c\x39\xb3\x4e\xf6\x50\x23\x00\x9d\x63\x45\xe4\x8e\x36\x91\xa4\x1f\x02\xa7\x7b\x7f\xe1\x33\xea\x9d\xe7\x56\x5f\x15\x7a\x20\x78\xae\x98\x8b\xbb\x26\x6d\x22\xd5\xfa\x91\xa7\xb2\x63\xe9\x8a\xd2\xdc\x07\x31\xfe\x5a\x29\x02\x5a\x0c\xb4\x36\x86\x4a\x5a\x60\xdb\x25\x7f\x1e\x76\xb5\xc6\x08\xf2\x5c\xde\xcc\x87\xea\xe6"},
+{{0xb5,0x00,0x76,0x8a,0x28,0x23,0x91,0x5c,0x4a,0x68,0x48,0xd3,0x5f,0x64,0x87,0xd4,0x3b,0xd7,0x66,0xd2,0xce,0x09,0x45,0xf8,0xa3,0xcc,0xdb,0x8d,0x82,0xa3,0x89,0x2b,},{0xb8,0xce,0xa2,0x15,0xa0,0x12,0x4e,0xed,0x27,0x00,0x57,0x25,0xd8,0x97,0x78,0x1e,0xa0,0x64,0xdc,0xef,0xb2,0x14,0x22,0xc8,0xbd,0x24,0x02,0xc5,0x6a,0x10,0x57,0x1c,},{0xe3,0xdb,0x47,0xa1,0x1e,0x10,0xe7,0x88,0x92,0x5d,0x14,0xb1,0xe2,0x8b,0x54,0xc9,0xfc,0xf9,0xb6,0xac,0xc1,0xdf,0x8c,0x14,0xf6,0x83,0xa5,0x67,0x2f,0xd5,0x04,0xdd,0x4a,0x47,0x5a,0x33,0x93,0xb3,0xef,0x8b,0xce,0xac,0x23,0x61,0xdb,0xba,0x35,0x30,0xaf,0x25,0xc2,0x46,0xc3,0xec,0x4c,0x05,0x89,0x9b,0x51,0x7f,0x6c,0xd3,0x4f,0x0a,},"\x0a\x9f\xda\x8b\x8c\xfc\xa7\xa5\xb0\x5d\x78\x11\x6f\xce\xe1\x9a\xb8\x03\xc1\xc6\x01\x0c\xe1\x1d\xaa\x8e\x93\xa6\x6d\x12\xc1\x2e\x47\x4e\xb9\x1c\x26\x40\xd9\x7a\x81\x3d\x9a\x83\x0d\x26\x88\x68\xeb\x2e\x37\x70\x42\x5f\x10\xc7\x58\x40\x46\x8e\x66\x9d\xc7\xf6\x1d\x3b\xe2\xde\x88\xae\x0e\x54\x2b\xc8\x09\x67\x91\x13\x95\x7a\x14\xda\x4e\xaf\xf5\x49\xbf\xde\x63\x7d\x7c\xaf\xdc\x6a\xa8\x39\x94\x83\x73\x97\xf8\x6e\x4f\xde\x86\xd4\x02\xfa\x9a\xef\x7f\x65\x54\x9a\x21\x43\x73\xe5\x60\xe6\xd7\xa1\xc2\x76\x9e\x0c\x7d\x5a\x01\x71\xe7\xcc\x00\xdf\xf3\x6e\x04\x29\x79\x8b\x53\xaa\x62\x16\x24\xbd\xa7\x4d\x6d\xf0\xbf\xff\xfb\xd8\xfd\x7b\xef\x1a\x64\xf3\x6c\x00\x07\x82\xf6\xed\x03\x1a\xf5\xc2\xa7\x4a\x18\x96\x35\x98\xc9\xba\x06\x23\x92\xde\x96\x02\x03\x67\x94\xb7\xb5\xe6\x8c\x25\xc9\x3f\xe7\xcf\xad\x47\xa7\xc5\xb9\x79\xd4\x76\xcd\x51\x3a\x12\xbf\x03\x07\xcb\x16\x31\x74\x00\x42\xa9\xfb\xf3\xeb\x0b\xe5\x17\x06\x20\xda\xfd\x5f\x16\xed\x89\x34\x2c\x26\x25\xd7\x83\xe7\x4e\xe0\xd7\x84\xbf\x05\x19\x43\x74\x0c\x88\xb0\xbe\xf7\xbc\x85\xe1\xa6\xa4\xa5\x17\xd4\x92\xfb\x73\x7e\x77\x66\x99\x59\x0c\x93\x22\x4c\xd4\xd9\x24\x5d\x4e\x93\x71\xa3\x67\xc0\x71\x2f\x87\x49\x0f\x92\x47\xc4\x9a\xdd\x93\x13\xf2\x77\xa4\xd9\xf2\x6b\x75\xaa\xe4\xde\xd6\xa3\xde\xf8\x5f\x83\xfc\x99\x59\x10\x40\x55\x48\xaf\x67\x0e\xd8\xaa\xa3\x05\x24\xab\x82\x9c\xcb\x56\xa5\x00\x5b\x58\xbc\xe8\x68\xc9\xe8\x07\x4f\x07\xdd\x7f\x38\x18\xf2\x99\xe4\xe0\x86\xbe\xd9\xea\xb9\x02\xcf\x11\xb3\x98\xd5\x31\xb8\x63\x2e\x7d\x52\x3a\x8f\x87\x76\x95\xf4\x6c\xcf\x9c\xe2\x4e\x62\xca\xb2\xc7\xcd\x0a\xae\xe1\x7d\xb5\x26\x76\xa4\xb5\x05\x8e\x9c\x1d\x7c\x47\xbf\xfc\xb6\x41\xb0\xea\x2b\x09\x44\xf3\x9a\x75\x66\x5a\x7e\xf2\x9b\x7f\x02\xa8\x78\xdb\x82\x38\x83\xbd\xac\xfb\x0f\xbe\x5d\xfe\x5a\x9b\xed\x9f\xda\xc7\xe4\x14\x2e\x3e\xb5\x0d\x5e\x84\x0b\xd0\xac\x0b\xec\xf4\xfa\x97\xe1\xfc\x48\x27\xc3\x97\xa5\x24\x65\xd9\x16\x88\x99\x54\xb3\x70\x1b\x0f\xac\x61\x15\x9b\x23\x09\x2f\x46\x85\xf4\x78\x8b\xad\x35\xd0\x0d\xa2\x67\x9e\xcc\x54\x92\x1f\x1a\x86\x47\x10\x16\x57\xab\x49\x47\x74\x20\x56\x7a\xed\x67\xc8\x60\x59\x30\x44\x4b\x5d\x07\x92\x7c\x17\xef\xf1\xf8\x57\x0c\xf2\xaf\x29\xe7\x19\xf8\x5c\xa7\x84\x9b\x89\x55\x49\xf1\x3d\xfe\xca\x68\xbb\xef\x71\xe3\xce\x8b\x6c\xed\xd2\xff\x68\xd3\x2b\x02\xca\xf5\x95\x1a\x0b\x3e\x6b\x0b\xae\x6a\x96\xc0\x20\x58\x19\x1f\x30\x5e\x09\x07\x11\xc4\x6d\xad\xdc\xd5\xae\xee\x76\x9c\x3a\x10\x5e\x9a\x82\x7b\xbd\x19\x5d\x32\x92\x31\xc2\x62\x38\x47\x9a\x9b\xb0\x07\x1a\xfb\x16\x0e\xf9\x55\xe8\x74\xd7\xa4\x20\xc5\x67\x85\xf4\x4a\xe0\xa1\x8c\x52\xd8\x28\x0c\x59\x98\xcf\x38\x88\xfe\xaf\x89\x89\x81\x34\xbc\x8d\x41\x1f\xc9\xf6\xc5\x76\x8e\xa7\xa2\x49\x72\x94\x13\x73\x9e\x53\x2b\x64\x39\x37\x15\x2c\xdf\xb8\xd2\xff\x87\xfd\x48\x08\x4d\xd8\xae\xeb\xea\xf0\xf7\xb1\x0d\x87\xb6\xe4\x42\x32\x28\xc9\xfc\x8d\xc5\xe3\x85\x2a\xa8\xb8\xac\xc5\x45\xd1\x8f\x25\xc5\x5d\x73\xda\x1b\xb8\x2e\x3e\xb3\x76\xf9\xef\x05\xb2\x74\xd7\xec\xb1\x84\x5d\x65\xca\x0c\xd2\x62\x9f\x03\x8a\x2d\x66\x4d\x7a\x69\x78\x1c\x84\xe9\x8d\xe2\xc2\x09\xc4\x6e\xfc\x51\x16\x21\x72\x85\x66\x49\x46\x9e\x67\x33\x08\xdc\xc1\x45\xea\xf7\x83\xf5\xcb\x5b\x4b\xe7\xd9\xfd\x58\xee\x09\x74\xc9\x81\xa3\x8f\xea\x8e\x31\x26\x7a\xbf\xa4\x10\xe6\x9e\x46\x48\x2f\x51\x34\xf3\xda\x1f\xfe\x38\x1b\xd6\x9d\x8d\x0b\x78\xea\x90\x9b\x4a\xf9\x39\x6d\xca\xff\x89\x96\x0a\x04\x9e\xda\x69\x46\x61\x6f\xc2\x7c\xcf\x9a\x9e\x5b\xa1\xa0\x13\x57\x64\xf3\x77\x19\xda\x4d\x28\x07\x81\x85\xd0\x4d\x72\x41\x9c\x2c\x70\xf2\x90\xd9\x7e\x1f\x82\xb8\x79\xf7\x1b\x9e\x19\xd5\x04\xd3\x64\xcd\x3b\xa2\x2c\xf9\x05\x25\x0f\xd3\x7d\x58\xe5\xfe\x40\x20\x9f\x60\x72\xa0\x6d\x8b\x5b\xa7\x01\x96\x23\x05\x77\x87\x7e\xc4\x61\x53\x16\x7a\x7c\x7a\xea\x27\x0f\xa1\x09\x8a\xba\x9e\x3a\x74\xac\xb3\x6a\x11\xb0\x9b\xd0\x7a\x3b\x88\xea\x65\x4e\x26\x83\x65\x62\x5b\x58\x9b\x22\x06\xc7\x10\xd9\x60\xf4\x2e\xa4\x19\xb7\xe4\xe3\xda\x47\x59\xfc\xbc\xa5\x0e\x4b\xf4\xcc\x55\xcf\x88\xf7\x0b\x31\x80\xc8\x05\xa7\x04\x50\x86\xaf\xa0\x4c\x6b\xe2\x32\x23\xec\xae\x5f\x82\xc1\x46\xd5\x43\x11\xd1\x80\x7c\x2e\x4a\x53\xf9\xe0\xa4\x48\x2b\x4e\x1e"},
+{{0x9e,0xb5,0xc9,0xef,0x13,0x53,0x5f,0x80,0x81,0x09,0xf4,0xa4,0x3c,0xfa,0xd5,0x68,0x4f,0x80,0xda,0xf0,0x2e,0xed,0x54,0x10,0xac,0x0b,0x0a,0x09,0xa6,0x08,0x2d,0x69,},{0x36,0x7e,0xea,0x1e,0xcb,0x4e,0x5e,0xec,0xdf,0x7e,0x47,0x1b,0x90,0xbb,0x34,0xf9,0xb7,0x98,0x2c,0x8c,0xd6,0x6d,0x42,0x55,0x5c,0x24,0x0b,0x41,0xcd,0x87,0x39,0xdb,},{0x42,0x9c,0xe1,0xfe,0x84,0x6d,0x25,0x08,0x49,0xec,0xa7,0xd4,0x56,0xf8,0xc5,0x9f,0x86,0x75,0xb1,0xf4,0xc1,0x3f,0x2b,0xe4,0x16,0x88,0xdf,0xb8,0xca,0x2a,0x3b,0x24,0xae,0x29,0xd5,0xb6,0xbf,0x47,0x11,0x57,0xbc,0xb6,0xe2,0xec,0x9d,0x4a,0x26,0xb0,0x38,0xe6,0xec,0x28,0x58,0x4c,0xc2,0x3f,0x2a,0x03,0x55,0x6d,0xbb,0x37,0xe9,0x00,},"\x2d\x7c\xb0\x5e\x61\xdb\xae\x26\x25\x8e\x38\x61\xc6\x39\xef\x0e\x1d\x17\xfc\x71\x1a\x00\xf3\x35\xba\x3c\x02\x71\x37\xe0\x07\x08\xd7\x08\xc1\xff\x45\x7f\xf2\xc6\x51\x12\xf7\xdc\xd7\xd0\x2f\x24\xd5\x6f\x07\x21\x58\xea\x1c\x71\x83\x25\x50\xa5\x83\x66\xfd\x91\x97\x29\x6b\xbe\x61\xaa\x4d\x00\xde\x18\xa4\x53\xef\x91\x74\xfa\x81\x96\x83\x05\xc4\x1c\x34\x55\xf4\x2d\x44\x7a\x92\x34\xf0\x6e\x13\xbf\x8b\xca\xa1\xba\xbb\x11\x69\x5f\xaf\xdc\x08\xf7\xa5\x84\xb2\xea\x1f\x61\xe9\x38\x92\x60\xce\x73\x35\xa0\x7d\xe7\x2c\x89\x11\xa5\x8a\x31\x3f\x10\x88\xdc\xdf\x5c\x8d\x4c\x45\x6c\xba\x2d\xcb\x4f\x2d\x15\x6b\x49\x43\xb9\x5b\xd4\x93\xea\x4f\xe1\xa8\x2d\x4e\x3e\xa0\x2a\xa0\x29\x72\x40\x0b\x5e\xe1\x78\x42\x83\x2d\x59\x97\x9f\xc1\x79\xf8\x43\xc4\x4b\x03\xeb\x3c\x30\x24\x16\xd0\xcd\xaf\x11\xc4\xca\x8a\x66\xcc\xbb\x69\x97\x39\x5e\xdf\x6f\xca\x2e\xa0\x04\xcf\x34\x86\x97\x10\x04\xa4\x20\x42\xaf\x8e\xce\x00\x5b\x94\x46\x1d\x86\xdc\xde\x21\x2a\x2e\xb1\xbe\x3b\x91\x4c\x78\x3e\x48\xac\x1a\xd4\x6c\xac\xd7\x3e\x1e\xb4\x48\x36\x83\x22\xd2\x67\x8e\xfc\xb2\xab\xff\x52\x09\x3d\xb0\xf2\x59\xdc\xe5\xc1\xe1\x9a\x51\x28\x20\xf2\x35\xd6\xae\xaf\x0e\x1a\x72\x3c\x2c\x65\x0c\xff\x1e\xe3\xb6\xb4\xf4\xcc\x98\x9c\x0b\x7d\x6d\xe3\xcd\x7e\x6d\xaa\x39\xbb\x69\x07\x10\xdf\x00\xa7\x19\x4c\x17\x20\x1f\x0e\x81\xbe\x64\xb6\x73\x9e\x1c\x1e\x81\x76\xb7\xe1\x2a\x35\x34\x27\xc0\x67\xc1\x93\x14\xdb\x64\x2e\x5c\x76\x26\x6b\x64\x0e\xb1\xcc\x0c\x73\xf8\x4f\xc0\x22\x7e\x5a\x96\x06\x0d\x81\x40\x71\xcd\xe2\xfe\xd9\x44\x76\x7b\x74\x66\xf9\x00\x1d\xfc\x22\x36\x85\x42\x9b\xc4\xe5\xe4\x8f\x5c\x13\xa6\x3a\x4e\x0d\x82\x61\x33\xad\x92\x0d\x11\x77\x21\x45\xad\x6e\x13\xc9\x38\x97\x39\x8a\x8a\x40\x1f\x93\xdb\xd1\x03\x00\x5c\x7d\xae\x44\x38\x7f\x3e\x80\xb7\x93\x60\x7d\x05\xd2\xd8\xbc\x0d\x03\x51\xa3\xa4\x52\xb8\xce\x75\x9c\x1a\xd4\x8d\xf7\xb9\xba\x9e\x4a\x17\xdf\x61\xfd\xab\xb9\xb5\x77\xb5\xce\xc3\xe9\x46\x1f\xbb\x5e\x12\x81\x55\xa3\xc9\xc8\x9f\x8f\x6b\xeb\xb7\x32\x2a\x16\x67\x8e\x8e\xcb\x98\x95\x3d\x95\x83\x10\xdb\x1b\x06\x34\x48\xc3\x49\xf3\x6e\x16\x8f\xac\x48\x4c\xb3\xc0\xd4\xcb\x2c\x25\x1b\xd9\x2e\xf8\xe9\x26\x2b\x44\x09\x3d\x7e\x65\x0a\x7d\x3b\xed\x37\x91\xfa\x88\x10\x0f\xee\x6e\xf0\xd5\xe2\x3d\x1e\x9a\x80\x99\xcc\x03\x35\x20\x2a\x4f\x10\x6c\x24\x77\x7e\x98\xf8\x1d\x26\xef\xba\x15\xc9\xad\x15\x41\xe0\xad\xbf\x1d\x1d\x76\x07\x6b\x0d\xfd\x7b\x7d\x6c\x8b\x82\xf9\xc0\x93\x46\x8c\xd1\x96\x67\x2d\xc5\x47\x8e\x91\xce\x70\x1c\xdd\x7b\x68\xb3\x53\xc9\x71\x11\xf0\x42\x97\x60\x63\x57\x62\xf8\x68\x3a\xe9\x70\x56\x4b\xce\xba\x91\x20\x51\x76\x42\xe8\xb3\xa2\xba\xaa\x85\xc2\x5b\x54\xa9\x43\x76\x61\x84\x90\x4c\x72\xd9\x29\x63\x4e\xc5\xf0\xc2\x84\x73\x41\x5f\x12\x53\x89\x06\xc6\x78\xfc\xa4\xe6\x82\xdb\x48\x79\x75\x84\x92\x53\x7e\x78\x50\xb9\xbf\xef\x3e\xb9\x05\x3b\x43\x92\x0d\x81\x0e\x55\xbe\x96\x6a\xec\x68\xc9\xdd\x3b\x62\xcc\xf5\x7e\x81\x78\xcb\x5e\xf6\xd1\x6d\x17\x2a\x56\xdd\x92\x4f\x00\xf2\xd3\xb5\xe9\x3a\xaa\x92\xb2\x9f\xb8\x33\x6d\x73\xe2\x9e\x59\xd1\xc4\x7e\xa6\x23\x0c\xda\x1d\x5b\x03\xbb\xa5\xdf\xdb\x33\x1f\xeb\x19\x44\x3f\x12\x3d\x2a\x03\xff\x4f\x10\xec\xa1\x66\xc2\x99\x85\x88\xf1\xe5\x84\xed\x19\x4d\xd6\xf7\x3c\x8a\xca\x84\x66\x31\x90\x4d\x9f\xe4\xa9\x8b\x36\x78\x23\xe4\x6e\xdb\xa2\x88\x51\x29\x87\x9e\x92\x77\xe1\x50\xf0\x29\xb8\xfa\x7b\xd1\x1e\xab\x9c\xe1\x33\x67\x77\xc8\x0b\x56\xb3\xa1\xf0\x81\x1a\xdb\xca\x0f\x5b\x40\x25\xa5\x50\x3c\x81\x96\x66\x1a\xee\x90\x00\x6e\x9c\x85\xbb\xfa\x4c\x5a\x0e\x90\x28\x85\xc8\xce\x51\x21\x2e\xe6\x7f\x0f\xe0\xb6\xaf\xbc\x8b\xad\x45\x37\x27\x54\x3b\x3c\x68\xb8\x90\xdd\xab\xa2\x69\xd2\x5f\xc1\x64\x3f\x54\x83\x51\x36\xa1\xa2\x5b\xa1\x8d\x91\x6c\xed\xd6\xa4\x7f\xc0\x7a\xdf\x6f\xc6\x9f\xa5\x08\x94\x9d\xc1\x0d\x9d\xc5\xe0\x26\x1b\x52\xf3\x65\x71\x70\x38\x4e\xcc\xd9\xc8\x05\x41\x35\x4b\x1c\xe0\xf6\xfb\x5e\xd3\xe8\xd5\x4a\xf0\xb5\xbf\x0a\x92\x83\x51\x25\xc7\xd9\xbc\x4f\x09\x2f\xf3\x80\xe5\xe8\x96\xfb\xf3\x02\x55\x2b\x14\xd5\xb6\x1a\x22\x4d\x86\xe3\x01\xc7\xa6\x6a\x66\xe4\xe4\x32\x9a\xac\x0a\x66\xb1\x56\x77\x23\x74\xdc\x1c\x71\x68\xd5\xb5\x61\x65\x2f\x8f\x43\x87\xe4\xf2\x89\xb6\x36\x6a"},
+{{0xef,0x09,0x48,0xe1,0x32,0x81,0xf3,0xcf,0x35,0x2c,0xbf,0xaf,0x8d,0x89,0xd1,0x17,0x76,0x85,0x52,0xd5,0xa1,0x54,0x8e,0xcb,0xaf,0x37,0x41,0x2e,0x97,0x67,0x0f,0xac,},{0x58,0xc2,0x45,0x7f,0x5a,0x5e,0x3c,0xfb,0xf4,0x71,0x19,0xa8,0x7f,0x2a,0xff,0x19,0x18,0xf1,0xe6,0x7a,0xe6,0xfa,0x91,0x71,0xd3,0xf4,0x1e,0xee,0x07,0xa8,0x68,0x72,},{0xcc,0x12,0xf6,0x9d,0xb6,0x3a,0x67,0x8e,0xc4,0x77,0xa6,0x05,0xa5,0x05,0xc5,0x7d,0xc2,0xb8,0x10,0xef,0x85,0xe3,0xe3,0x45,0x19,0xcb,0x25,0xc5,0x10,0x63,0xaa,0x66,0x35,0x5d,0x3f,0x1e,0x29,0x74,0x69,0x58,0x66,0xed,0xf6,0xf1,0x71,0x71,0xce,0x37,0x84,0x2f,0xba,0xb5,0x07,0x5f,0xc8,0x95,0xd1,0x8e,0xd7,0x43,0xc5,0x46,0x08,0x0c,},"\x7e\xc4\x7f\x2f\x1f\xe3\xb7\x0a\x6d\x1d\x82\xc7\xcd\x92\x4b\x4b\xf9\xb2\x02\x9f\xc1\x2c\x52\xa6\xe1\xcc\x06\xcf\x5a\xbf\xc0\xa4\x42\xe7\xcf\x14\x5c\x15\x42\xb9\xb1\x35\x04\x96\x65\x71\x10\x35\xe3\xc2\x9a\x91\xd4\xfd\xae\xd6\x12\x70\x57\xa8\x12\xc2\x2c\xd7\x5a\xd1\x87\x9b\xe1\xd2\xc6\x11\x0e\x79\xe9\x87\x52\x4e\x4e\x8f\x27\xf1\x6e\xda\x90\xcb\xd4\x73\x3f\x11\x18\x25\xb5\x16\xd1\x06\x7f\x81\xec\xa5\xe6\x94\x85\x76\xd5\xbf\xed\xb3\x27\x7c\x1a\xbc\x1e\x60\xf3\x74\xd0\x70\x1b\x32\xcc\xfd\x6a\x5e\x9c\x8d\x16\x59\xaa\xf3\xd0\x81\x86\x13\x61\x3b\x7e\x28\x8d\x84\x5e\x9a\xaa\xba\x2e\x3e\x9b\x41\x1d\x50\x1d\xff\xe8\x56\xfd\x31\x3e\x9f\xcc\x9e\x74\x30\xb9\x98\x3f\x20\xab\x4e\xbf\x4e\xb6\x16\xbd\x63\xe2\xc5\x77\x43\x65\x89\x95\xed\x0a\x14\x9a\xe6\x20\xa3\x95\x61\x37\x19\xb3\xed\x7c\xed\x45\x88\xd5\x91\x5d\x70\xa2\xf0\xc6\x87\x68\x0e\xc3\x4f\xe3\xe9\xf7\x23\x92\xe1\x89\xe1\x3a\x47\x49\xd5\xca\x9f\xac\x65\x1b\x92\xc0\x84\xc4\x06\x6f\xdf\x98\xa8\x69\x22\x3e\x4e\x0c\x9b\xec\x58\x12\xb5\xc1\x90\x0e\x6e\x60\xd3\xa1\x88\xd4\x8a\x74\xdf\xd4\x15\xb5\xca\xd2\xe9\x1f\xf7\x6d\xf7\x50\x89\xd2\x0a\x75\x5f\x26\x07\x56\xc8\xf1\x38\x2a\x29\xf7\xb9\x37\x26\xe7\x31\x07\x1c\xd4\x77\x45\x8c\x6f\x20\x22\xdf\xad\x7d\x4f\xc7\xab\x23\x80\x54\x18\x64\xf6\xb5\x87\x74\xf9\xae\x8e\x5f\x07\x7c\x1a\x8d\xa0\x73\xc3\x98\x53\xeb\x2f\xd4\x77\x22\x0b\x45\xa3\xd9\x22\x63\xdc\x7e\x14\xd3\xbb\x2b\x36\xfc\xa4\x66\xc7\xef\x8a\x24\x75\x38\x72\x5f\x2f\xce\x5c\x72\x21\xbc\x75\x1c\xde\x13\x94\x60\x4f\x59\x31\xd7\x33\x36\x0c\xcd\x47\xce\x08\x77\x12\x95\x81\x80\xad\x84\xfa\xe7\x13\xb5\x43\xf0\x5e\xef\x6a\xbc\x06\x61\x43\x31\x21\xed\x3b\x45\x06\xa1\x46\x50\x25\x31\x6f\xb8\xf9\xd6\x45\x35\xcc\x45\x38\xac\xd4\x06\x4d\xd5\x76\xb0\x74\x0e\x1b\xeb\x13\xbc\xea\xf1\x55\x54\x3d\xc8\x90\x97\xca\x5c\xa1\xcf\xfa\x0a\xd6\x5a\x10\xbc\xb7\x59\x35\x4e\xab\x8a\x42\xde\x73\x4a\xf9\x09\xc2\xfe\xba\x38\x0d\x66\x40\x9f\x32\x5d\x5f\x17\xaf\x9c\xa7\xf8\xcb\x41\x34\xfd\x6a\x2b\x6a\x52\x8d\x9e\x60\xd9\x61\x2b\x8e\x8b\x40\x62\xf8\xe0\xfa\xd1\xe7\xee\xb9\xcb\xfe\xf6\xe9\x73\x8e\xc7\x97\x3e\x1c\xb2\xba\x23\x27\xde\xca\x4e\xa4\x65\x68\xf3\x1e\x12\xf7\x30\xe2\x47\xc1\xd0\x70\x29\xfd\x44\x22\xb2\x98\xff\x23\x98\x02\x3b\x41\x20\xa3\xa4\x25\xff\xb6\x52\x88\x0c\x19\xea\x69\xf3\x63\x9e\x0f\x6d\xf4\xf0\x08\x76\xcc\x45\x28\xe2\x67\xe8\x1d\x59\x43\x19\x9d\x0f\xeb\x6c\xb4\xe1\xba\xf4\x04\xbb\x6f\x8b\x39\xb1\x2d\xbc\xe9\xfd\xc3\x5d\xc1\x58\x06\x6e\x99\x75\xae\x5b\xd3\xb5\x5f\x2a\x41\xa7\x91\xba\xf3\xe8\x35\x1e\xc6\x04\x94\x47\x90\xa2\x2c\x93\x3c\x80\xb1\x59\x0b\xa1\x97\xa4\x70\x6f\x7f\x51\x28\x68\x2e\xdc\xd7\x4d\xd7\x8d\x43\x5e\x78\x7c\x2b\x76\xa5\x7b\x3f\x4e\x7d\x7b\xe2\xef\xd2\x6d\xa5\xf9\xa8\x29\x11\x9b\x01\x50\x8b\x70\x72\xc7\x69\x9c\xe5\x2b\xb5\x78\xcc\x5b\x1b\x93\x66\x1b\x51\x72\xfb\x84\xda\xf1\xba\x36\x4d\x2c\xbd\x80\xe2\xc9\x9b\xca\x9c\xae\xa8\x73\xcc\x0a\x16\x29\xea\xc3\x84\xe9\xb2\x06\x84\x2a\x6e\x61\x83\x38\x75\x91\xb4\xaa\x34\xa9\x5f\xd8\x9b\x49\xd8\xd1\x5d\x91\xe2\x19\x40\xe1\x7d\xca\xf1\xef\xf8\xa0\xa4\x7a\x0d\x7a\x95\xda\xea\xd8\x2a\xa3\xdf\x82\x04\xa0\xcd\x20\x69\x24\xae\x51\x0f\xec\x8a\x9c\x4e\x8d\x85\xd4\x66\xfd\xb4\xdd\x36\x5d\xc9\x93\x36\xb2\x2c\xe0\xb9\x56\xb5\xee\x00\x17\xf2\x9d\x25\xee\x66\xfb\xdc\xec\xb0\xd9\x96\xff\xb9\x7c\x8d\xef\xde\x40\xa9\xff\x99\x93\x19\x3c\xa8\xf1\x68\x50\x67\xc1\x9c\x52\x6e\x0e\xfe\xd2\x36\xf8\xed\xb8\xde\xf6\xc2\xa0\x3e\x21\x95\x2c\x86\x12\xd6\x24\xe6\x88\x6a\x31\x1f\xfb\x9e\x2f\x15\xda\x44\xab\xe1\x80\xd2\x6a\x14\xb1\x5f\x63\x56\x1e\x09\x7a\x73\x0e\xca\xbb\x79\x2c\x7c\x23\x5f\xdd\x36\x0f\x57\x1f\x27\xef\x68\x67\x7a\x7d\x63\xbe\xb4\x97\x59\x82\xcb\x19\x9a\x56\x0f\x81\x6e\xe1\x29\x89\x44\x5f\x7f\x75\xb8\x3e\xb2\x78\xd6\x28\x25\x94\x7d\x84\x09\x9a\xf2\xa6\xff\x2e\xad\xbb\xf5\x89\xb5\xeb\x2f\x72\xed\x11\x4c\x73\x15\x11\x53\xae\x00\x22\xbc\x95\x64\xd1\x5c\x2d\x5c\xdb\xba\xab\xbe\xf6\x38\xf0\x30\x95\xf5\x3e\xeb\xac\x96\x83\x40\x9a\xd3\x06\x0c\xfb\x7c\x70\x37\xb9\xb0\xbe\xfe\x06\x9c\x92\xa0\x2b\xe9\x53\x38\x8e\x9e\xa4\x5d\x36\xdd\xf4\xf5\xa8\x38\x94\x32\xcc\xf5\x04\xc5\x08\x08\xb0\x7f\x69"},
+{{0x90,0x3f,0x3b,0x53,0x99,0x89,0x2e,0x29,0xcc,0xfa,0xfb,0xaf,0xbd,0x7c,0xc4,0x53,0x3c,0x15,0x4a,0x62,0x56,0x82,0x40,0x6c,0x89,0xbf,0x89,0x4c,0x88,0x9e,0x43,0xf4,},{0x8f,0xa5,0xff,0x5b,0x6b,0x26,0xbd,0x67,0xdf,0x86,0x40,0x46,0x42,0x9d,0xf1,0x24,0xb5,0x23,0x00,0x5d,0xd8,0x94,0x44,0x27,0x5c,0x8a,0xb7,0xeb,0xdd,0xb6,0xf4,0xdb,},{0x49,0x5a,0x8f,0x99,0x19,0x41,0xc6,0x29,0xbd,0x64,0x1a,0x67,0x47,0x1a,0xb8,0x60,0xbf,0xd3,0x9b,0x72,0xf2,0x33,0x55,0xf7,0x27,0x09,0x09,0xd5,0x30,0x7c,0x77,0xb1,0xb9,0x4b,0xae,0x3e,0xd1,0x94,0x50,0x78,0x0e,0x90,0x85,0x30,0x5f,0x31,0xb1,0xe1,0x68,0x3f,0xac,0xf0,0xd1,0xfc,0x88,0x40,0xae,0xc7,0x7d,0xf6,0x7a,0xea,0xb3,0x02,},"\xa2\xc1\x1b\x5f\xb8\x84\xa8\x22\xfa\xe6\x4d\xa8\xdc\xb4\x45\x2c\xfd\x7a\x04\xca\x6d\x7a\x5a\xbc\x8d\x82\x71\xe9\x3f\x93\x44\x9e\x1f\xeb\x8e\x02\x97\x5f\x49\x6b\x90\x34\x40\x0d\x35\x99\xab\x97\xaa\x39\x97\xda\xd1\xc9\xff\xab\x5b\x9f\x8d\xf4\xaa\xa5\xb8\x40\xd9\x0d\x86\x2f\xff\x7f\xf0\xcf\x73\xa6\x0c\x66\x15\x00\x09\xe0\x1c\x93\x7b\xd1\xaf\x68\x07\xb5\xba\x2e\xf6\x12\xee\x13\xd6\xde\xf4\x0b\xb0\x9c\x46\x81\x1a\x2d\x4e\x46\x8e\x03\x8b\x32\x30\x55\xf9\xdf\xbd\x01\x82\x9a\xe2\xf1\xa5\x35\xef\x02\x95\xca\x1e\xd1\x76\xe4\x6d\xe9\x96\xcc\x87\xba\xce\x45\x35\x62\x33\x21\x18\x35\xb6\xf4\x75\x7c\x99\xbd\x52\x7e\x76\x6a\x5f\x0b\x12\x7c\x8c\xff\x8e\x6d\x66\xf8\xba\xb8\x6d\x00\x00\x45\x2c\xd7\xf6\x7b\xe5\x57\x78\x85\x13\xec\x07\x09\xb5\x37\xb0\x07\xb4\x20\x16\xe7\xa8\x96\x83\x46\x9b\xd8\xff\x8d\x21\xeb\x10\xc1\x49\x17\xd4\x7f\x2d\xc4\xf8\x26\x32\x4f\x7c\x01\xb2\x4f\x8d\xcf\xf0\x4a\xa6\xd8\x50\x95\xd9\xab\x15\x4b\xa5\xc3\xbd\x91\x9c\x9d\x72\x8d\xbd\xc9\x90\xd1\x9c\xeb\x23\x7b\x45\x29\x07\xbd\xbe\x21\xf9\xf0\x8c\xdd\xae\x5b\xe4\x79\x27\x67\x09\xb8\xae\x73\xf8\x97\x4c\x4b\x11\x38\x41\xad\x53\x5d\x6f\xf6\x22\x3e\xea\x47\xd1\x85\xc8\xe8\xa6\x5f\xde\xe2\xc2\xd4\x58\x00\xc1\x7c\xb5\x56\xea\xfd\x67\x66\x47\xd9\x96\x8e\x55\xca\x9c\x59\x23\x2b\x97\x70\xad\x10\xf9\x55\xfc\xb5\x85\x8e\xdf\x0b\x74\x83\xad\xc1\x81\x7c\x0f\x8d\x02\x24\x04\x82\xca\xa7\x6f\x43\xc6\xd2\xe9\x6a\x4f\xf9\x59\x1c\xd7\xb8\x78\xea\x61\x9e\xa5\x6d\x1b\x58\x86\x31\xe7\x63\x3c\x5e\xcb\x2b\xa6\x99\x83\x98\xcb\x06\xe3\xcf\x75\xae\xb3\xe0\x8d\xab\x19\x63\x2d\x45\x4f\xf7\xdc\x0e\x2a\x41\xf0\x97\x37\xe8\xee\x82\x3d\x1b\x9e\x24\xdd\xa8\x4a\x2c\xe0\x31\x3c\xb9\xfc\xe3\x1c\xb6\x63\xc5\x5c\x05\x64\x5e\x63\x40\x17\x56\xe8\xad\x38\xf5\x17\x4c\x02\xa6\x63\xd8\x15\xad\x64\x42\x2f\xf7\x72\x7d\x4f\xda\x16\xe4\x8d\x4b\xf8\xf6\x60\x2e\x72\x60\xda\x62\x33\x0e\x68\x78\xc3\x47\x64\xe1\x29\xaf\xbd\x55\x22\x08\xf6\xbe\xd4\xf7\xce\xe9\xb6\x71\xf4\x88\x38\x88\x15\xd7\x4b\x49\x51\xb8\x68\x2c\xe7\x6c\xfe\x31\xe9\x38\xc4\x70\xb8\xf7\xa4\x5f\xd6\x3a\x96\x91\xf4\x26\xa7\x5c\x58\xed\x3d\xbc\xe3\xae\x8f\xd9\xd1\x0a\x83\x52\xe4\x7c\xc1\xb1\x2c\x91\x92\xac\x86\x26\xd1\xb3\x84\xb7\x7a\x18\xb9\x86\xe7\x1a\x99\x86\x46\xc1\x37\x99\x2b\x67\xc4\x81\x7e\x34\x63\x45\xfa\xf5\x0a\x26\x59\xfd\xc5\xca\xd5\xc7\x19\x64\x8e\xfe\xe3\x84\x7c\x0f\xf6\xbd\x70\x95\xc2\x8b\x4c\x51\x95\x96\x7c\x90\xcf\x84\xe1\xef\x68\xa1\xad\xa0\x1f\x62\x74\xed\xe3\x63\xfb\x82\xe0\xb5\x49\xa8\x70\x24\x5d\x60\x8c\xae\x82\x34\xf6\xd8\x4a\xbe\xb6\x1b\x71\x84\x66\x09\x36\x20\xd8\x5c\x58\x4a\xb0\x1e\xed\xa0\x91\xee\x8a\xff\x1c\xf6\x7a\x46\x75\x67\x9a\x1f\x40\x03\xe6\x6a\xaf\x43\x87\x1b\x88\xec\xda\x6a\x16\xdc\x5a\xcb\x05\x39\x5f\x2d\xa9\xdf\x70\xd3\xbd\xb6\x14\x38\xe1\xc3\xd4\x09\x81\xe0\x34\x62\x7d\x02\x6e\xe1\xd2\xe7\x9f\x65\xcb\xb8\x18\x9f\xcb\xb3\xcc\x8b\x5c\x2e\x7e\x79\x6b\x5d\x28\x89\x41\x1d\x56\x41\xfb\x86\x9c\x7b\x0a\x58\x9c\x43\x25\x4f\x8c\x54\x38\xaa\xf5\xac\x42\x38\x32\xf0\x18\xd7\x9a\x51\xb9\x6f\x24\x2e\x2d\xe0\xc8\x51\xcc\x5f\xc2\xb2\x06\xbc\xa4\xb5\xbe\x83\x61\x25\xac\xa1\x44\xbb\xc3\x8c\x8c\x63\x8b\xe0\xd3\xbb\xe0\x25\xa1\xbe\x8b\x3d\x03\xd5\x92\x9b\xaa\x64\x9c\x35\x44\xa3\x2a\x91\x5e\x92\x6a\x38\x79\x1b\x13\x4a\x97\x1b\xc5\x2d\x1b\x6c\xa6\x25\xef\xb7\xc2\xf3\xbb\x47\xab\x51\xd4\x3c\x8e\x37\x4d\x16\xcd\xa8\x82\x20\x4b\x71\xca\xfe\x90\x93\xcb\x60\x78\xef\x2b\xdf\xad\x59\xed\xea\xf3\x6d\x0c\x1a\x4d\xc4\x25\xb9\xe7\x18\xc4\x51\x85\x22\x5a\x9c\x30\x84\xb7\x82\xbf\xe1\x63\x49\x2f\x8e\x84\x82\xec\x9a\xa0\x73\xf6\x90\x1f\xf3\xd1\x11\x7c\xe9\x17\xe1\x91\x22\xfa\x67\x65\x0d\x85\x8f\x8f\x82\xb3\x76\x69\x72\x3c\x22\x6d\x72\x16\x97\xe7\xae\x33\x59\xf5\xa6\xb0\x24\x24\xee\x87\x94\xcb\xea\xa6\x41\xed\xbb\xf7\x53\xb1\x03\xa5\xfe\x15\x8b\xe0\xba\x60\xd8\xa2\x12\xd4\x2f\x8c\x5c\x2a\xf2\x54\xbf\x1b\x9c\x80\xdf\x6f\x1c\xf0\x9d\x70\x79\x3c\xae\x1a\xbb\x46\x27\xb1\x78\x0f\x1b\xce\x7f\x61\x7e\xe5\x0f\x6b\xd4\xb0\x83\xb2\xfc\x7c\xd8\x44\xaf\xb7\x23\x80\xd5\xcb\x6b\x25\x5b\xf4\x7e\xa7\x1c\xad\x6c\x6c\x4d\xf0\x21\xf8\x1b\x54\x8f\x43\x2c\x18\xac\x36\x6c\x6a\xec\xd0\x3b\x6c\x8c\xe2"},
+{{0xee,0x81,0xe0,0xfb,0x05,0x2e,0x23,0xad,0x75,0x9d,0xe6,0xaa,0x98,0x38,0xde,0x98,0xe3,0x6d,0x48,0x20,0xdc,0x0e,0x1b,0x7b,0x3e,0xf1,0x14,0x1a,0xb9,0xde,0x33,0x40,},{0x98,0xf3,0xc9,0x88,0x07,0x94,0xde,0x64,0xfa,0x26,0x9b,0xdf,0x33,0x60,0x95,0xe0,0xe0,0x1b,0x1a,0x3b,0x37,0x5f,0x96,0x5b,0x93,0x70,0x0b,0xbd,0xf4,0xb9,0x68,0x69,},{0xf0,0xd8,0x73,0xbe,0x15,0xcf,0x45,0x4c,0x74,0x34,0xde,0xab,0x71,0xde,0x25,0xcf,0xe9,0x9e,0x81,0xa4,0x8d,0x2d,0xce,0x6a,0x35,0xd1,0x63,0x37,0x14,0xdf,0x0f,0x8b,0x40,0x29,0xe0,0x58,0x25,0x11,0xef,0xc4,0xd0,0x68,0x92,0xf6,0x72,0x85,0x02,0x46,0xbc,0xf0,0x70,0xc4,0x6f,0xad,0xc2,0xfa,0xab,0x44,0xdc,0x43,0x50,0x45,0xde,0x00,},"\x28\xd9\x9e\x95\x18\xb8\x82\x83\xc2\x20\xe7\x6d\xe2\x05\xd7\xb6\x16\x23\x59\xb1\xdf\xec\x1f\xba\xab\x98\xec\x0e\xf1\xdf\x8d\xa4\x0b\x6b\x7a\x77\x5e\x97\x28\x45\x0a\xeb\x23\x51\xfe\x5c\x16\xaf\xda\x3a\xec\x0d\x71\x04\x9d\xa4\xcb\x7d\x4c\x63\x71\x3a\x24\x10\xab\xb0\x22\xf8\x16\x11\xcc\x06\x45\x87\xc8\x04\x7d\x43\x83\xc0\x0c\x3c\x56\x2e\x9c\xee\xa3\x57\x75\x09\x53\x91\xb5\xf3\xdd\xa0\xe3\x73\xc4\xa7\x7f\xf6\x18\xa2\x8e\xf6\x87\x87\xeb\xfc\x3e\xbc\xcc\xc5\xd1\xce\x32\xdd\xf4\x3b\xfc\xe5\x72\x03\xda\x76\xa8\x66\x4b\x3c\x61\x6a\x88\x69\x28\x2d\xb0\xb7\x28\x11\xb5\xfd\x5a\x2a\x03\xa4\xff\x66\x72\x4b\x04\x89\xea\x2e\x10\x73\xd7\x81\xc3\xf1\x89\x11\x5d\x79\xba\x20\xa4\x6d\x1d\xfa\xf5\xb1\xa5\x84\x7b\x2a\x2e\x31\xb2\x80\x87\x37\x56\x9e\x60\xb5\x72\x31\xe6\xa9\x9a\xf2\x6f\x58\xaf\xeb\x15\x77\x08\x10\x47\x48\x12\xfe\x4a\xfa\xcf\x88\x45\x06\xb8\xc3\x14\xbc\x67\x51\xbb\x42\xb4\xbd\x6e\x87\xd2\xe5\xde\x70\xfe\xc5\xf0\x01\x4c\x42\x57\xb1\x34\x72\xa3\xb0\x11\x1a\x7a\x8c\xf8\x3b\x1d\xc0\xcf\x96\x20\x22\xcd\x44\x46\x8a\x3a\xb1\xf0\x01\x6b\x70\xca\xfb\x1d\x02\x46\xac\xd7\x05\x39\x37\xc9\xac\x40\x20\x7c\xf1\x3b\x50\xdd\x15\xe2\xa2\xe1\x5f\x50\xa0\x5b\xca\x2f\x28\xe7\x70\x26\x23\x71\xda\xce\xe0\x2e\x25\xb2\xa5\x96\x58\xed\x90\xc0\x60\x0f\xa2\x65\xb7\xde\x3d\x44\xf8\xef\x07\x21\xbf\x39\xec\x4d\x4e\xca\x58\x88\x52\x7b\x77\x80\x67\xb1\xd6\x59\xc0\x05\x14\xc8\xd7\x05\x62\x73\xa2\x94\xcb\xaf\xe4\x50\x90\xd0\x69\xbb\xd0\x9f\x92\xf4\x61\xe6\x48\xf3\xe6\x82\x88\x2c\x71\x57\x6e\x97\x4d\xeb\xb0\xcb\x7e\x0e\x83\x16\x40\x66\x60\x15\x0d\xab\xb5\x8e\x76\x24\x66\x14\xa2\x91\xc1\x2c\xe9\xe0\x34\x6c\x02\x77\x4d\x4d\x09\xce\xcc\x23\x69\x67\x12\xfe\xe2\x50\xc0\xbb\x5d\xf7\xa2\xa4\xc4\x3a\x55\x63\x33\x1b\xcb\xbf\x84\xbe\x3f\x2e\xeb\x06\x54\x53\x2e\x85\xec\x59\x7b\x53\xb3\x2f\x39\x54\xcc\xaf\x0c\xd4\x26\xde\xf9\x1e\xc4\xb2\x08\x41\x69\x48\xaf\x27\xde\x04\xd8\x32\x70\x58\x97\xa0\x4c\x5e\x24\xa2\xe8\x8b\x20\x04\x0f\xd4\xec\xa3\x08\x9f\xdb\x91\x8a\x92\xe3\x5c\x4d\x31\xda\x26\x85\x0b\x9d\xd3\x41\x18\xc7\x44\x49\xa8\x55\xff\x4b\xc9\xff\xf0\xd1\x44\x78\x39\x65\x4b\x00\x41\x79\x99\xfa\x4e\xb8\x91\x02\x13\x3c\xd3\x20\x40\x91\x53\x58\x49\x57\xc1\x04\x89\xdb\x4b\x72\x44\xc9\x59\x07\x98\x8e\x83\xdc\x82\x12\x71\xdc\x1a\xb6\x43\xd6\x99\x2d\x0f\xd8\x20\x49\x2a\xe6\x42\xe2\x4d\x19\xa1\x79\xfa\x75\xd9\x36\x3b\x32\x16\x62\x60\x6f\xd9\x4a\x47\xfd\xb2\xe6\x8d\x3f\x30\xc0\x46\x73\xf8\x09\xde\x01\x44\x94\x5e\xa4\xd4\x18\x3d\x48\xf1\x75\x07\x9e\xed\x50\x32\x3c\x6b\x19\x2e\x02\x0e\x16\x2a\x35\x03\xaa\x58\x2f\xb0\x8b\x40\x36\x24\xa2\x3e\x35\x7e\xed\xa0\x8d\x90\x43\x86\xf3\x58\xc3\x6c\x64\xd3\x14\xc7\x7c\xd9\xd4\xd2\x3d\x58\x1e\xe5\x3d\x81\xff\x97\xad\xa0\x19\xcf\xcf\x04\xeb\x9d\xcc\x1d\xe9\xb7\x4c\x3d\xb6\xb8\x11\x57\x8b\xd4\xf2\x19\xc5\xca\x48\xef\x4c\x82\x6b\x09\xe6\xc9\x6d\x03\x1f\x65\xdd\x48\xb6\xe7\x3d\x0c\x10\x05\x86\xb2\x1d\xf0\x29\x3a\x03\xd2\xed\x7e\x50\x09\xad\x02\x53\x40\xc2\x1d\x09\x06\x06\x91\xf5\xcd\x8a\xf2\xab\x12\xf9\xb8\x60\xee\x87\x81\x5e\x1a\x9f\x40\x0c\x2a\x6f\x63\x4e\xa8\xf9\xb3\x42\x5a\x08\xd1\x0b\x3c\x81\x53\x67\x38\x8f\x4d\x1b\xe3\x56\x31\x8e\xcf\x90\x35\xd0\xee\x97\x5a\xff\xa8\x59\xca\xac\x28\xeb\xcc\xd0\x59\x9b\xb2\xf6\xf3\x52\x36\x61\xbd\x17\x8f\xc9\xe4\xca\xc3\x78\xbb\x9d\xd4\x71\x6b\xb0\x69\x23\xfd\x2b\xbd\x56\xc9\x59\xc4\x2b\x95\xd5\x01\x93\xf8\xbf\x29\x9f\xcc\xa3\xb2\xee\xa9\x4e\xc5\xf9\x85\x83\x92\x4c\x08\x04\x16\xe2\x8b\x54\xfe\x57\x65\x84\x58\xb0\x55\xce\x4d\xe8\xa7\x5f\xc8\x27\x15\xca\xe9\x1d\x37\x5c\xf6\x92\x81\x37\x80\x51\xbb\x61\xfd\xd7\xbb\x00\x68\xf6\x3e\xfa\x6d\x6e\x83\xd8\xfd\x42\x57\xaf\x80\x97\x0f\x4a\x9e\x69\x24\xb2\xde\x0a\xd9\x66\xdf\xfe\x6f\xa4\xa1\x13\xb0\xe7\x72\xf1\x76\x87\x85\xb3\xb4\x20\x49\xf7\x6c\x48\xad\x80\xf2\xc6\x7f\xb0\xf9\x1a\x5f\xc4\x10\x79\x12\x52\x0d\x8d\x68\x3c\x06\x2c\x3a\x22\x2b\xcd\xa7\xe7\x10\xba\xcd\x47\x8e\xe8\x83\x67\xb6\xa0\x59\xa4\x52\xfd\x26\xf1\x14\xa5\xac\xbd\x69\x79\xba\x01\x9f\x7d\xa6\x8a\xc0\x4a\x19\x30\x26\xbc\x1c\x27\xe4\x83\x7b\x1d\xe2\x9c\xce\x09\x0e\x33\x80\xd5\x05\x1a\x58\x64\x09\xe6\x28\xe3\x14\x56\x65\xbb\x1d\x84\xec\xd8"},
+{{0x69,0xd0,0x1d,0x82,0x91,0x13,0x08,0x1c,0xbf,0x5d,0x0c,0x6e,0xf7,0x7b,0x21,0x77,0x5c,0x8d,0x9b,0x68,0x00,0x00,0x05,0x6f,0x03,0xc7,0x5a,0x7d,0x0a,0x05,0x87,0xd2,},{0xee,0x84,0x69,0xdd,0x61,0xcf,0x5d,0xe4,0x00,0xda,0x7d,0x7a,0x47,0x9a,0x44,0x18,0xe6,0x77,0x2e,0x69,0xff,0x53,0x30,0xce,0x5c,0xa7,0x78,0x59,0xfe,0x27,0x17,0x55,},{0x40,0x8c,0xef,0xcf,0x01,0x41,0x7e,0x2d,0xc6,0xa8,0xa1,0x82,0x84,0xe4,0x11,0x65,0x7f,0x03,0x92,0x50,0xc3,0x12,0x78,0xdb,0x28,0x19,0xf9,0xea,0xea,0x42,0x93,0xfb,0xf6,0x83,0x1a,0x28,0x01,0xfc,0x1e,0xa6,0x87,0x16,0x57,0xb8,0x41,0xe1,0x73,0xf4,0x51,0xb0,0xd5,0x75,0xa9,0x37,0x9e,0x35,0x85,0x7e,0x8c,0x72,0x97,0xfa,0x14,0x04,},"\x0b\x9e\x11\x0f\x29\xd1\x98\x16\xa1\x7b\x2c\x75\x47\x8f\x13\xce\xe9\x53\x81\x1a\x19\x83\x01\x4c\xb7\xeb\x0f\x75\x52\x69\x12\x04\x4c\x3e\xa6\x82\x97\x80\xe6\x57\xf8\x17\xc5\x59\x7d\x46\x61\x08\x0d\x90\x34\xc9\x77\x87\x22\x41\x8f\x2c\x3a\xee\xca\xef\x6b\x69\x0c\x5b\xd3\xb5\x93\x70\x10\x86\x98\x8e\x43\x40\xae\xc3\x4e\x01\x72\x75\x8e\xb2\x40\x87\xd0\x3a\x8f\x76\xe7\xcb\xca\x53\xaa\xaf\xc4\xd2\x15\x5c\x75\x32\xab\x54\xbe\x48\x87\x26\x53\x06\x6f\xa1\xfd\xd5\x4a\xcf\xe9\xda\xae\xca\x35\x6c\x29\x0e\x6b\xe6\x33\x55\xb6\xd9\xfc\x52\xeb\x5e\x4f\xcc\xbb\xc6\x08\x35\x07\x13\x2d\xe4\x85\xbf\xae\x9f\x42\xe1\x97\x12\x23\x2b\x71\x64\x02\xc2\x3f\xea\x74\xef\xa6\x9d\x73\xc8\xc2\xe3\xa8\x66\x2b\x8b\x65\xb0\xfd\x00\x77\x41\x01\x3e\x1f\x6e\x3c\xfe\x43\x45\xd5\xc8\x30\x68\x2f\xe6\x00\x21\xd7\x08\xe1\x0a\x9e\x9f\x40\x52\xff\x7a\x6a\xbf\x28\xac\xb1\xd6\xb5\xfb\x03\x8e\xed\x3f\x72\x51\x3c\x35\x5b\xbf\xd5\xc2\x27\x4f\xa8\x5f\xc4\xf4\x46\x97\x4b\x2d\x1b\xc0\x36\x50\x7a\x1e\xb5\xfc\xf5\x5d\xbd\x44\x21\x0e\x53\x82\x74\xde\x80\x8b\x90\x0b\xf1\xc0\xfc\xc0\x24\x12\x70\xdb\x8d\xbd\xcd\x88\x34\x9d\x67\x22\x4f\x08\x7e\x5f\x07\xf6\x99\xb0\xba\xe6\x8b\x2e\xbc\x9a\x4e\x27\xc7\x0d\x3a\xc7\xd9\x96\xfa\x7d\x4d\xab\xd5\x68\x37\x8e\x3f\x93\x90\x5b\x1c\x89\xc6\x52\xd3\x84\xc1\x6c\x2b\xcb\x1c\x98\x44\xc3\x8f\x71\xbb\x13\xe0\xc6\xa2\xea\x95\xb6\x12\xe3\x90\xc5\xf8\x6d\x24\x8e\xa5\x31\xf2\xec\x6f\x63\x9a\x40\x2d\xfa\xcc\xf3\x72\x17\x00\x53\x44\x03\x07\x45\xd1\xf1\xe5\x20\xcc\x19\x5d\xaf\xdd\x7f\x29\x5f\x37\x7b\x8d\x61\x47\x16\x70\x38\x36\x21\x9b\xb7\xb0\x9f\xea\x7a\xae\x9a\xc3\x3e\x42\xdc\xab\x65\xcc\x61\x42\xfc\xd8\xce\x15\xe9\x77\x17\xfd\xb3\x3e\x95\x38\xc4\x4f\x6c\xd9\xc1\xc6\x5d\xb6\x27\x51\xf5\x52\xf8\x70\xf1\x01\x42\xc9\x6f\x9d\xf1\x85\x5a\xbb\x39\xe4\x27\x06\xa5\x63\xab\x15\x45\x11\xfd\xce\x68\x7c\x95\x76\xf9\xed\xc3\xb4\xba\x55\x34\x6c\xe6\x68\x02\xff\xfe\xf4\xb1\xb5\xe1\x20\x15\xce\x8b\x57\xde\x54\x58\xca\xa0\xda\xf3\x41\x96\x81\x28\x58\x42\x88\xc2\xf2\x7c\xbf\xb7\x6e\xab\x28\x6b\xac\x5f\x66\xaa\xd0\x04\x9e\x0c\xa6\x0a\x90\x14\xe1\x79\x01\xc4\x13\x0e\x83\xce\xae\xb4\xc2\x71\x3e\x97\x1a\x23\x5e\xff\x99\x5a\x81\x3a\xe4\xea\x64\xa5\x83\xff\xde\xfd\xac\x82\xac\x76\xea\xf4\xd4\x7c\x4a\xc8\x25\x0f\xcb\xaf\xd6\xb8\x8f\xae\xb4\x80\x15\xf5\xb4\x2b\x53\x34\xa5\x0b\x31\xd4\x50\x2e\xa4\x91\xda\x90\xdc\xe9\x3c\x08\xfd\x56\xf5\xc5\x8e\xed\xb3\x79\x16\x6a\x23\x76\x2b\xe5\xe4\xad\xea\xa6\xf4\xae\x1c\x24\xe0\xca\xc4\xdd\xca\x03\x83\x45\x85\x60\xcd\xc4\x8b\x8c\xd1\xf4\x2a\x3b\xa2\xf6\xff\xb6\x07\x79\x09\xfc\xb2\x94\xad\x1e\xf4\xa4\x4c\x22\xec\x4b\x39\x87\xdd\xbe\xef\x32\x5b\x98\xce\xd5\x68\x15\xea\x7d\x5f\xcc\xf5\xaf\xdf\xe9\x8e\x0e\x6d\x92\x0f\x7a\xda\x2e\xb5\xc9\x16\x24\xc7\x6c\xbb\xa2\x99\x3a\x9c\x7a\x55\x02\x1d\x12\x7a\x66\x7b\x39\xe2\x35\xdf\x4f\x81\xde\xe7\xdd\x14\x28\x98\x77\x8d\xbd\x92\x13\x5b\x70\xb3\xac\xf5\x9f\x6c\x29\xa2\xc9\xd4\xa7\x00\x6e\xf1\x1a\x91\x8b\x3a\x29\x06\x26\x4a\x15\xd6\xb5\x29\x30\x8c\xbc\x89\xf8\x56\x01\xfc\x1e\xa1\x31\x4d\x67\xf7\x56\x6c\xf1\x09\x16\x5c\x7f\x92\xde\x1a\x18\xd7\x0d\xeb\xe0\x24\x34\x9d\xb3\x56\x0a\x6e\x52\x7e\x2a\xc3\xe0\x67\x89\x46\x87\x04\xe6\xb8\xf1\x87\x1f\x16\xba\xe9\x82\x73\x92\xb4\x18\xf1\x08\x6c\xc4\x97\x08\x6c\xed\x14\xb1\x24\x9d\x6d\x87\x94\xf2\x3b\xb8\x77\x9d\x41\x86\x48\xf2\x15\x56\x56\xa6\xfd\xa7\x44\x0c\x56\x28\x4d\x9b\x21\x88\xfa\x7d\x17\x36\xbc\xcc\x9c\xff\x0b\xe5\xb1\xe1\xf5\x51\xff\x81\x37\xff\x59\x66\xed\x9d\x0f\x7f\x01\xc3\xdf\xf2\x98\xe9\x10\x2f\xfb\xd3\x24\xbf\xca\x5f\xfe\x09\x68\xe6\x6f\x9d\x82\xf4\x87\xd3\x03\x93\x4f\x27\xf7\x8b\x28\x37\x8e\xb7\x2c\x38\x27\x29\x62\xa5\xf7\x35\xd7\x39\x2e\x5d\x33\x3f\xd8\x6d\xe1\x67\x26\x9c\x17\xa1\x65\xb9\x2d\x31\xa4\x88\x0a\x41\xe1\x36\xf7\x18\x96\x0a\x91\x9b\x3d\x7c\x4e\x74\xcb\xd7\x3c\x73\xf9\x21\xbe\x51\x3f\x73\x9a\xff\xb2\xe4\x1f\x80\x42\x6b\xb8\xcf\xb4\x56\x4b\x98\xfc\x4d\xe5\x32\x55\xce\x3f\x98\xb4\xd2\x2a\xe6\xfc\xe9\x19\x0b\x55\xbf\x2c\x93\x86\x1c\x1d\xca\xc1\x01\xb5\xe1\x6c\xf0\x99\x91\xc5\xde\xfa\x33\xf8\xd5\x10\x56\xd9\x34\xbb\x4b\x47\x7b\x65\x20\xd4\xc7\xae\x22\xea\x7f\xb3\x10\x9d\xe7\xf4"},
+{{0x4b,0x8e,0xd2,0x97,0x31,0xf1,0x04,0x79,0x5e,0x97,0xde,0xe7,0xc8,0xb4,0x01,0xa0,0x2a,0xfa,0xa9,0xa7,0x95,0xe6,0x13,0x35,0x3d,0x2b,0x95,0x00,0x17,0x65,0x02,0x7a,},{0xf2,0x22,0x98,0x21,0x0b,0x09,0xfd,0x61,0x7f,0xc8,0xb3,0x50,0x74,0xca,0x18,0x01,0xe6,0x07,0x5d,0xc9,0x2a,0x8f,0x50,0x34,0x4b,0x80,0xe8,0x54,0x05,0xa0,0x38,0xf5,},{0x23,0x45,0x88,0x66,0x86,0xeb,0x39,0xb5,0x19,0x9c,0xaa,0xa9,0x61,0x5b,0xc6,0xb4,0x89,0x6f,0x07,0x6e,0x8b,0xd7,0x36,0xc0,0x03,0x8a,0x65,0x17,0xf9,0xc2,0xb1,0x67,0xe7,0x59,0xf3,0x73,0x72,0x26,0x8a,0x69,0x7e,0x9b,0x78,0x60,0x5f,0x2e,0xd9,0x47,0x25,0xf6,0x90,0x5a,0x79,0x00,0x15,0x3f,0xc9,0xe8,0xbe,0xed,0x31,0xff,0xae,0x05,},"\xcb\xb5\xf1\x3a\x0e\xf2\x83\x7b\x80\x5d\x3b\x78\x51\x09\xf9\xf2\xe0\xd0\xa0\x17\xbf\xe7\x69\x2d\x91\xec\x23\xdd\xab\x78\x17\x33\x0b\xef\x24\x7f\xd9\x1a\xb2\xc7\x7d\xd4\x41\x25\x19\xcb\xd3\x84\x75\xce\x0c\xb3\x9b\x14\x80\x09\x2b\xc7\x38\xd4\x15\x2b\x8a\x6d\x55\x24\x8e\x3b\x9f\x32\xcd\xcd\x15\xec\x5d\x05\x9e\xc3\xc8\x84\x75\x54\xee\x47\x00\x53\x94\x97\x4d\x8e\xb2\x35\x92\xd1\x7f\x5a\x39\x6e\x3c\x19\xf8\xe8\x98\x37\x06\x79\xfe\xf5\x31\x8c\x4d\xd2\x99\xc6\x21\x7d\x6a\xbc\xc9\xb6\x1a\x5b\x2d\x0c\xfe\xf6\x95\xd1\x70\xca\x20\xa8\x3d\x6f\xd3\xc6\x66\xc8\xfd\x1c\x10\xad\x97\x0e\x2f\xa6\xaf\x10\xff\x0e\xd0\xcb\xfe\x75\x22\x46\xd0\x3f\x3a\x3c\x60\x32\xdb\xb3\x19\xbc\xfd\xac\x4d\xaf\xc5\x0b\xc3\xe6\xbf\x59\x5f\x49\x1d\xec\x38\x8b\x34\x41\xb8\xce\xe0\xdf\x91\xf5\x5c\xc7\x80\x7d\x07\xf8\xf5\x41\xed\x73\x22\xff\xc3\x9d\x18\xf8\x95\x60\xe4\x12\x3a\xec\x1d\x77\x96\x9c\xf1\x87\x77\x86\xf4\xcf\x94\xb1\x77\x0b\x10\x90\x65\x5e\x8c\x72\xee\xce\xa4\x57\x2e\x46\xf5\x80\xf9\x63\x96\x6d\xb2\xa1\x08\x5e\xea\xbc\x57\xbf\x4a\x84\x72\x4b\x9c\x85\x99\xa4\x33\xab\xf5\x8b\xca\x80\x40\x91\xd3\xd5\xe6\xe5\x04\x8e\xc2\x7b\xf8\x12\x9b\x67\x0c\xc2\xc8\x8d\x9c\xac\x47\x18\x59\xf4\x69\xb9\x18\xf3\xf6\xd7\x0f\x7d\x66\x63\x50\x1f\xfb\xef\xef\x02\x6d\x79\xea\x70\x92\x7c\xcf\x60\x75\xee\x51\x05\x42\x33\x21\xe1\x1a\xee\x9a\xd1\x6f\x98\x7e\xfb\xdd\x00\xb6\x2a\xff\x69\x8e\x52\x1a\xdf\x92\x03\xb1\x5e\x9f\x0f\x3a\xd0\x7d\xca\xd9\xdd\xcc\xaa\xe9\xb4\x90\x24\x7f\x12\xc3\x11\xde\xe6\xb7\x3b\x8f\x91\x24\xfd\xce\x12\x99\xb4\x7f\xb1\x91\x4c\xee\x7e\x3a\x07\x81\x4e\x31\x2c\x3c\xe5\x69\x27\x67\x2c\x51\xb3\x18\x59\x80\xcd\xe5\x7f\x3a\x75\x9b\x50\xbc\xfc\x4c\xb0\x75\x3b\x95\x4d\x97\x13\x5d\xeb\x2a\x05\x32\xe9\x8b\x66\xf3\x9a\x7c\x08\xcf\x4d\x54\x85\x39\xe2\xeb\x9f\x42\x2f\x66\x49\x65\x88\x93\xa7\xc3\xc2\x5a\x4f\xc9\x01\xf8\xc3\x98\xb8\xc7\x27\x33\x91\x1a\x00\x72\xed\x6b\xd2\xf4\x18\x93\x89\xae\x10\xa8\x14\xf6\x48\xd7\x1f\x69\xc3\x7e\x82\x95\x78\x44\x28\x18\x3b\x93\xc8\x01\x3b\x96\x4a\x9f\xef\x86\xb4\x8f\x48\x93\x16\xbc\x22\x2e\x96\xb3\xbd\x15\xff\x14\x9b\x96\x82\x03\x29\x55\x1c\x15\xe0\xd0\x95\xd1\x56\x9b\x1e\x21\x31\xc7\x87\x51\x56\x5c\x30\x41\xf2\x97\x85\x39\x5b\x97\x15\x13\x17\xf6\x2e\x35\x82\xe4\x07\xb1\x64\x9e\x60\xd0\x3a\x85\x99\x12\x0a\x30\x2a\x46\x95\xfa\x86\x2b\x41\x20\xf9\x4d\x22\xec\xae\x72\x39\x8d\x20\x94\xd1\x08\xad\x2d\xbc\x1b\x95\x97\x35\x90\x21\x42\xaa\x5f\xe6\xe7\x99\x65\x59\xf6\xf6\x01\x44\x8a\xea\x02\xf3\x56\xf8\xdc\xdd\x14\x43\x40\xeb\x36\x19\xf9\x86\x5b\xf7\x67\x2a\xea\x32\x6c\x4e\x93\xc9\x9f\x0e\xd1\xf9\xed\x86\x6b\xe1\x5d\x3a\xf2\x67\x5f\x6d\xd6\xe2\x96\x60\x2c\xa3\x73\xa8\x15\xb0\xbe\x46\xbc\x2a\x3f\xbb\xa0\x6b\x88\x05\xc7\x31\xfe\x08\x00\x7d\xaa\x06\x05\x09\x61\xb2\x4d\x14\x69\x3a\x72\x89\x8c\xcf\xb8\xb8\xfe\xdc\x60\xa4\xee\xf8\xff\x79\xb6\xdd\x75\x92\x59\x18\x33\xb5\x76\xef\x48\x29\x4e\x5e\x04\x85\x94\x2e\x57\xc1\x19\x60\x2e\xdd\xf8\x8b\x1f\xae\xa5\x17\xf2\xfc\x2e\x3d\x14\xd2\x46\xa5\x2c\xbd\x71\xa1\x08\xc6\x6b\x6c\xc4\xf2\xd4\x58\x04\xa2\x82\xec\xed\xb1\xb0\xad\x3d\xc3\xb4\x88\x0a\xb2\xff\x78\xb8\xdd\xde\x48\xf7\x46\x6c\x14\xfe\xd3\x49\xe9\x5b\x50\x53\xab\xf1\xbf\x09\x91\x12\x60\x31\xd9\x75\x47\xd1\x43\xc2\xae\x16\x49\x28\xb6\x1c\x07\x08\xaf\x8c\xa3\xe4\xf5\x51\x54\xd1\x3d\x75\xe9\x7d\xb4\xba\x3e\x69\xd3\x6e\x9b\x37\x08\x23\x68\xc2\xf7\x21\xbd\x3f\x95\x12\x6a\x1e\x00\x4e\xb2\xa1\xbf\x26\x83\x43\xae\x21\xd2\x99\x50\x44\xa2\xca\xdd\x67\xff\xac\x9e\x15\x38\x17\x5b\x3c\xc4\x4d\xb5\xd2\x6f\x1d\x5c\xc8\x9c\xa0\xe1\xc1\xee\x85\x37\xa8\xa9\x1d\x32\x4c\x2e\x02\xe1\x8b\x9f\xb9\x73\x0d\x6d\xda\x55\xf7\x2d\x84\x33\x89\x69\x3e\xbf\xcb\xa7\xfb\xe1\xa0\xbc\xff\xb9\xaa\x28\x4f\x4a\xe6\x6f\x44\xa8\xb8\x93\x02\x98\x3b\x22\x73\x6d\x0c\x72\xd6\xa0\x44\xe4\x29\x16\x24\x24\x3a\x4e\x0c\xe6\x5d\x5e\x53\x46\xd6\x7f\xed\x37\x60\xdd\xb0\xc5\x10\xb5\x0f\xf3\xee\xf0\xa1\x8a\x26\x7d\xe7\x30\x47\x6d\xd8\x2d\xff\x70\x72\xcb\xa0\x98\x48\x25\xa0\x04\xdd\x4b\xcd\x8c\x37\xfd\xaf\x1f\x68\x3d\x1d\x93\x80\xe1\x35\xa9\x5d\x24\xb8\x9f\xad\x0b\xe9\x41\xc5\x48\x25\x1b\xec\x90\xcc\xae\x01\x5b\xc0\x56\x7d\xa8\x4b\x37\x1e\x50"},
+{{0x08,0x0d,0x7f,0x76,0x18,0x2e,0xe6,0xbc,0xea,0x89,0x4b,0x1e,0x00,0x60,0x55,0x8b,0x3b,0x12,0x5a,0x34,0x99,0xdf,0x39,0x73,0xb8,0xdd,0x66,0x93,0x40,0x8e,0xe4,0x69,},{0x41,0x24,0x71,0x3d,0x7c,0x2d,0xf5,0x0f,0x93,0x05,0x57,0x30,0xd1,0xb2,0x81,0xda,0xec,0x30,0x28,0xcf,0x2c,0x1e,0x48,0x58,0xd1,0x28,0x70,0x7a,0x23,0xd6,0xde,0xb0,},{0x18,0x5f,0xb1,0xb6,0xd8,0x6d,0xc4,0x44,0x48,0x10,0xcf,0x5e,0xc6,0xfe,0xf0,0xab,0xda,0xfa,0x2a,0x6f,0xcc,0xb4,0x5d,0x11,0xcf,0xb5,0x4b,0xa1,0x6a,0x68,0x43,0xf2,0x80,0xd3,0x80,0x47,0x10,0x02,0xae,0x0d,0x71,0x50,0x85,0x56,0xc7,0x8e,0xd5,0x41,0x5e,0x42,0x33,0x8c,0x16,0x1f,0x2b,0x62,0x1e,0x74,0xcb,0xa4,0xf6,0xa1,0xd4,0x02,},"\xab\x0a\x6d\xe2\x35\x1b\x9a\x84\x98\xf6\x82\x72\xd9\xa0\xa7\xa0\x57\x36\x5d\x34\xef\xa0\xfd\x34\xcc\x3b\xf8\x62\xe4\x9c\xdc\x30\x2b\x2b\xd5\xa3\x0d\x60\x1a\x13\x0e\xc4\x03\x2f\x54\x1a\xe6\xcb\x7b\xa9\x7f\x84\x18\x3d\x2d\x25\x81\x28\x7c\xa7\x01\xd7\xd7\xa9\xab\xa1\x10\xce\x58\xb9\x46\xac\x08\x24\x30\x5d\xf7\x92\x9f\x3d\xd7\xfc\x9c\x87\x32\x23\x86\x37\xe2\xb1\x81\xd6\xe1\x16\xc7\xf6\x6e\x32\x26\xaa\xe3\xce\xd1\x61\x02\x62\xda\x1a\x0a\x4a\xa5\x0a\x1b\x94\x43\xec\x82\x83\x29\xe4\x73\x4d\x28\xfc\x25\xab\x9c\x1d\xe9\xb8\x98\x7e\x5d\xc0\xc8\x13\x19\x16\xc5\xf1\x89\x28\x70\x4a\x71\xe8\x06\x22\xb1\x49\x2b\xf2\xfe\xc5\xd4\xb6\xdb\xe4\x15\xc8\xaf\x2c\xe3\xef\x10\x9b\x34\xdd\x5e\x64\xd5\x68\x46\xf0\x85\x93\x5a\x4a\x5d\x10\x73\x49\x7f\xb3\xfb\x8f\xb7\x7e\x8f\x5d\x5e\x3f\xd0\x0c\x30\x65\x2e\x3c\x5c\xde\x40\xa3\x35\xd1\x4e\x54\x25\xff\xba\x94\x28\x85\xed\x17\xbd\x36\xdf\x50\x69\x24\x23\x7e\x75\xbe\x84\xda\x82\x19\x50\xb9\x14\x24\xfd\x9f\x16\xc1\xb2\xc7\x83\xe9\x0f\x8c\xc2\xcc\xc7\x98\x0c\xe9\x15\xc7\x69\x6b\x06\xa5\x86\x73\x02\x59\xe6\xd1\x45\x88\x58\x2b\xab\x9d\x2a\x39\xf6\x9e\x98\xe7\xf2\xae\x9b\xc0\xc2\x61\x0d\x7e\x04\x57\xf2\x6a\x5d\x66\x54\x3b\xe1\xd6\x5b\x79\xc4\xb7\xc0\xd8\xee\x73\xd0\xc2\xb6\x7b\xf5\x0d\x80\x82\xf0\x06\xf9\x6d\x11\x95\x05\x87\x31\x93\xdf\xdb\xd4\x32\xbb\x1c\x9e\xe0\xd0\x3e\xe5\x4c\xf9\x5d\x20\xe9\x1f\x7f\x3a\x06\x9b\x62\x56\xf4\x21\x59\xcd\xc1\xe6\x00\xa9\xa1\xc2\xf5\xa8\xe4\x67\xd5\xc2\xa9\xdf\xf8\x73\x0e\x6b\xe8\x26\xfb\x2a\x1e\x64\x48\xbf\xc4\xfc\xaa\xaa\xcd\xaa\x76\x62\x35\x1f\xaa\xdc\x91\xf7\xca\xa7\x73\x7d\xc8\x2e\xc3\xd4\xb2\x19\x36\xbc\xa1\xbd\x7c\xe3\x73\xad\x66\x26\x4a\xf1\x32\x41\x16\x75\x49\x31\x8c\xdd\x78\xe5\x63\x82\x7f\x85\xea\xb2\x0e\x0b\x42\xbc\x55\x4a\x71\x2c\x00\x51\xa5\x01\x0d\xc2\xf2\xc7\xdb\x85\xac\xf6\x54\x9f\x9d\x10\x2c\x90\x3c\x1b\xe5\xa0\x52\x92\xc3\x0f\x21\xab\x1b\x2b\x8a\xbc\xbb\xf1\x04\x72\x3c\x63\xf0\xeb\xc5\x54\xfb\xee\x42\x02\x0c\xcb\x14\xf4\x43\x47\x8d\xf7\x7c\x6a\xa4\x4d\xb9\xa5\x7f\x8f\xd4\x4d\x97\xea\x09\x9e\x47\x74\x82\x3e\xbe\x12\x3f\xcf\x50\x16\xa6\x6e\x83\x7b\x2f\x65\xc1\x84\x5e\x68\x1e\xe2\xa7\x05\x9f\xb1\x29\x0c\xd0\xa9\x33\x12\x98\x55\xcc\x83\xc8\x7e\x0b\x3b\xb6\x1e\x44\x13\x4a\xdd\xd3\x63\x78\x50\x24\x6c\xdc\xda\xa2\x9f\x15\xc4\x1a\x3d\x4d\xd2\xc1\xd7\x60\x06\x21\x24\x33\x31\x24\xcf\x09\x14\x35\xfd\xce\x71\x1f\x52\x31\x63\x68\x99\x9b\xef\xa4\xc8\x0a\x39\xb3\x75\x0e\x4e\x38\x62\x89\xe4\xe2\x85\x5e\x97\xb6\x19\xb0\xa2\x57\x99\x91\x24\x08\xb7\xd5\x8a\x4d\xd9\x81\x95\x71\xe9\x01\x43\x0f\x6d\x55\x55\x29\xdd\x63\x0a\x18\x67\x45\x9b\x80\x22\xd0\xe0\xad\xd6\xab\x4f\x12\xf6\x0b\xaa\xc7\x59\x79\xbb\xff\x7f\x62\x58\xd2\x8d\x67\x60\xb1\xff\x24\x3c\x39\xe4\xbb\xd6\xcf\x9b\xea\x57\x2a\x9c\x08\x2d\x05\xad\xcf\xd4\xcc\xf9\xfa\x02\x6f\x2c\x90\x4b\x6e\x78\x2e\xd7\x09\xdf\x77\x48\xa3\x07\xcd\x2d\xc3\xa0\xfc\x41\x23\xdf\x58\x0c\xbf\x49\xe0\x5c\xee\xab\xc9\xf3\x9e\x57\xb7\xf3\x00\x90\x5d\x8b\x31\x00\x91\xfb\x95\x3f\x3d\xef\x36\xde\xb3\xe8\xbf\x37\x2f\x59\x16\xb5\x15\x97\xdf\x02\x4c\xe8\x5c\xc4\xc3\x6e\xab\xdc\x58\x0b\x5c\xf1\x52\x99\x46\x48\xf1\xd7\xf3\x5f\xed\x5c\xd1\x0f\x6e\x29\x49\x16\x1a\x33\x59\xb3\x03\x4d\x45\x0e\xa6\xf6\x1c\xdf\x1d\x5a\xf7\x6d\x40\x10\x2b\x60\x29\x4f\x4e\x49\x07\x82\x49\x02\x6d\x62\xfe\x35\xfd\xf2\x24\x92\x8b\x0c\x49\xba\x2b\x53\x39\xeb\xb1\x92\xc5\xab\x7f\x05\xcd\xb9\x46\xe3\x7d\x67\x1a\x4a\x5e\xf2\xa5\x82\x72\x20\xb4\x43\x8c\xbd\xa0\x57\x36\x29\x28\x06\x64\x8f\x5b\xdd\x52\x42\x0f\xa7\x6b\x84\xa6\xad\xdb\x12\x63\xeb\x0c\x50\x0e\x81\x56\x6d\x71\x8d\x50\x66\x02\x6d\xa0\x97\x05\x4a\x86\x63\x10\x16\xdd\xfb\x70\x6a\x56\x77\xd5\x02\xef\x84\xaa\x73\xb5\x86\x3b\xc4\x0f\xdc\x42\xcb\x73\x21\xac\x5f\x00\xe2\x92\x8f\xed\x7b\x04\x18\x59\x6d\xb4\xb6\x15\x1d\xd6\xbc\x6e\x81\x8f\x02\x53\x55\x2b\xf1\x37\x41\xe6\x96\x80\xe9\x66\xc9\x2c\x29\x3e\x13\xc9\x0f\x7c\x99\x99\xbd\x1e\xc6\xaf\xe3\xb4\xaf\xfb\x47\x34\x0c\x89\x85\x98\x29\xfe\xb5\x99\xdb\x3a\x8c\x3d\x33\xfc\x8d\x45\xfa\x53\x81\x07\x8a\xe9\xf7\x5d\x85\xc1\x49\x6f\x5f\xb5\xad\xdf\x4e\x40\x09\xb7\x64\xbc\xc9\x11\x8e\x92\x75\xdc\x72\x19\xf2\x81\xd0\xd1\xef\x71\x58"},
+{{0x49,0x84,0x6a,0xda,0x7a,0xe6,0x84,0x97,0x1d,0xd9,0x17,0x10,0x79,0x90,0x90,0xb3,0x7f,0xe5,0xad,0x56,0x1d,0x72,0xa3,0x5f,0x2e,0xfb,0x40,0x5f,0x19,0x6a,0xb0,0xec,},{0x4d,0x37,0x0a,0x81,0x94,0xa3,0x04,0x5b,0x09,0xb3,0xbd,0xaf,0xa2,0x7f,0xb9,0xac,0xd5,0x99,0x43,0xa5,0x4a,0xe1,0x4c,0xba,0xaa,0x22,0x00,0xeb,0x0f,0x3d,0xa7,0x1b,},{0xa5,0xc8,0x09,0xd1,0xca,0x4c,0xfb,0xb3,0xdc,0x70,0xa2,0xa3,0xa1,0xf2,0x67,0xc2,0x73,0x30,0x42,0x07,0x19,0xe3,0x60,0x62,0x18,0xa1,0x47,0x1c,0xac,0x57,0xcb,0x67,0x4b,0x9b,0x42,0x82,0x7c,0x5e,0x9a,0x7b,0x25,0xc8,0x13,0x9c,0x13,0xdf,0xf6,0x0b,0xde,0x6c,0x2d,0xba,0xd3,0xa8,0x36,0x11,0x97,0xc1,0xfb,0x19,0xd2,0xcd,0x52,0x0b,},"\xab\x39\x8d\x94\xf9\x28\xb1\xd4\x21\x02\xa3\xe5\x13\xcc\xd1\xcb\x10\x89\x90\x11\x03\x94\x10\xa8\x88\x8b\xba\x26\xdf\x1a\x03\x72\xbd\xba\x0c\xe8\xd8\x54\xaf\x51\xe9\x33\x0a\x8d\xaa\x93\xc1\x05\x80\x90\x6a\x8a\xc7\x2d\x29\x4a\xeb\x95\x66\xfe\x1c\x78\xba\x84\x71\xc0\x6c\x4a\x8a\x75\x11\x3b\x34\x89\x3f\x62\x76\xed\x81\x32\x92\x05\x3b\x95\x6a\x46\x5d\x84\x7d\x2e\xce\x86\xe2\xda\x8a\x9f\x0f\xe3\xdb\x52\xa5\xaa\xc7\x46\xef\x96\x48\x5e\xf8\x1f\x13\x62\xb5\xa4\x2e\xaa\xee\x1f\xbb\x06\x46\x70\x44\x71\xa2\x1b\xf7\x63\x67\xbe\xaa\x07\x81\x2b\x3d\x32\xad\xcd\xed\xde\xd7\x53\x9e\x3a\x50\x1b\x83\xc0\x5b\x19\xa4\x9b\x52\x0e\xde\xdc\x9a\x78\xa5\xfc\x2d\x50\x12\xf1\xd4\xe3\x81\x84\x4e\x79\x2e\xd9\x0b\x0f\x57\xbc\xe3\x75\xc7\x5a\x65\x8b\x2c\x78\xc6\xff\x7d\x9e\xfc\xd4\xbf\xa3\x5c\x47\x68\xcb\xb1\x95\xe4\x82\x3d\x9b\xbd\x83\x5a\x37\x4f\xa0\x4c\xa1\xea\xae\x9c\x56\x6d\x8f\xd5\xaa\x7c\xa5\xef\xe0\xdf\xc3\x17\xff\xfa\x40\x9e\xf1\x02\x2f\x1c\x3b\x37\x6a\x93\x5a\xf5\x57\x08\x3e\x95\x28\x7b\x07\xa9\x8a\xc6\xc1\xb7\xbd\x8b\xb2\x6b\x60\xfa\x7c\x4b\xc9\x19\x73\xb2\x01\xb2\x99\x22\xb4\xb9\xd0\x3d\xd6\x88\x2a\x0b\xd3\xb7\xd9\xe5\xb8\x1e\xe7\x4c\x36\xbe\xc6\x65\xe4\x34\x3c\x8c\x9a\xd3\x36\xda\x38\x50\xc9\xb2\x69\x7f\xe1\xcc\xe2\x9c\x37\x86\x22\xa3\x3c\x24\x8f\x44\x8c\x88\xf4\x8d\xf0\x26\x01\x43\xb2\xa3\x42\xf1\xdd\xee\x74\xd3\xb9\x7c\xa3\xe1\x16\x6b\x15\x69\x93\xda\xd3\x0c\x49\xd8\x10\xd7\x40\x48\xbc\x6d\x46\x76\x52\x00\x4d\x7e\xdb\x65\xc6\xda\xc3\xa2\xc5\xd3\x00\xb9\x7e\xe3\xa1\x0a\x9e\x14\xb6\x9f\x3c\xad\x67\x59\x72\x96\x2e\x1f\x8e\xd9\x75\x47\xad\xed\xc4\x7d\x1c\xf3\x47\x1e\xf3\xb2\x2f\xdb\xf7\x8e\x34\xf3\x1a\x3b\xb7\x66\x9c\x41\xbd\x92\x92\xc3\x80\xbc\xe9\xa4\x2d\x84\xbc\x27\xac\x92\x8b\x8b\xfc\x3c\x63\xd2\x0c\xcd\xb4\x78\xdf\x7d\xdf\x42\x1f\xb1\xcd\x90\x5f\xfc\x4c\x04\x78\x6f\xd9\xae\xf0\x6b\x89\x38\xab\x8e\xf5\x22\x21\x7b\x2c\x04\x51\x5f\x61\xa1\xc3\x12\xea\x83\x25\x3f\x84\x58\xc0\x91\x8f\xcf\xe8\x74\xe6\xe7\xfb\x11\x27\x5d\xb2\xa2\xec\x79\xa2\xd8\x68\x30\x32\x33\xc1\xb6\x97\x95\x2a\x3b\xfd\x3a\xd0\xa6\xf6\xcd\xd5\xe7\x2c\xc9\x40\x9f\x74\x10\xa4\x0d\x5b\x45\x36\xdd\x46\xeb\x16\x11\xae\x86\x70\x36\x71\xb3\xa0\x51\x5a\x03\x77\xbe\xa1\x56\x54\xba\x0a\x0d\x1e\x4e\x96\x02\x63\x28\x42\xf2\xac\xd4\xef\x99\x32\x36\xe9\x93\xf2\x65\x0d\x59\x92\x3f\x24\xe2\xcd\x30\x93\x2d\x8b\xf8\xae\xec\x64\x44\x72\xba\x46\xa0\x78\x81\x49\x6c\x92\xa0\x13\x5c\x67\x5a\xeb\x0c\xe6\x18\x10\x88\xdb\x8f\x15\x6c\xfe\x74\x35\xca\xc6\xc9\x7d\xa6\x37\xdb\x4a\x89\xf5\x13\x31\xda\x13\x73\x1e\x74\x1f\xcc\xc0\x35\x55\x42\xce\x11\xef\xa6\x9d\x05\x38\xd3\xef\x12\x7a\xa6\x87\x45\xed\x30\x85\xd2\x9d\xa9\x0d\xc5\x83\x70\x1b\x6b\x3a\x70\xa3\xef\x3e\x16\xa9\x24\xb3\x32\x03\xb9\x23\x96\xc4\xb9\x45\xf1\x27\xa7\x88\x8f\xa0\x50\x15\xc0\x60\x30\x07\x56\x67\x29\x23\x7c\xc0\x78\x2b\x30\xc0\x20\xd9\x95\x95\x47\xfe\xec\x9f\x4d\x67\x64\x60\xbf\xe0\xc5\xc1\x9c\xea\xba\xee\x06\x82\xdb\x8b\xe6\x91\x35\x18\x1e\xc0\xfd\xd9\xf7\xa6\x6d\x50\xbd\xc3\x79\xe4\xa2\xc5\x98\x17\x8f\x95\x93\x94\x6a\xca\x64\x05\xb1\x77\xfc\xad\xe0\xf8\x64\x21\x58\x3e\xd6\x7e\xba\x18\x72\x22\xa1\xe4\x44\x95\xb3\xae\x54\x4f\xdc\xa2\x8e\x2c\x14\x48\x5e\xab\x04\x71\xaa\xa8\x03\xc2\x9a\x9d\x8a\x48\x92\x67\x64\xfc\xa1\xdf\x51\x40\x7a\xd3\x3e\xc1\x7e\x94\x1e\x6e\x26\x17\x23\x7a\x84\x30\x98\x73\xdc\x71\x36\x55\x87\xbd\xe4\x27\x4b\x5d\xc3\x27\xcc\xb1\xe1\xe9\xc8\x57\xe0\x42\xcc\xca\x8d\x85\x52\xba\x28\x8c\x97\x8c\xfa\x0a\xf9\x9d\x67\xcd\x03\x40\x60\x62\x8e\x23\x52\x5d\xbc\xa2\x07\x67\x9c\xe2\x96\x90\x87\x84\x48\x55\x3c\xd3\x86\x75\xbc\xe0\x7b\xf9\x7b\x93\x17\xdc\x44\x46\x8b\x76\x8b\x15\x8b\x0c\x11\x1d\x63\xa5\x72\x23\x56\x55\xc4\x0e\x16\x59\x7c\xa0\x59\xf4\x0c\x3d\x8a\xc5\xbd\x61\xa4\x87\xc1\x53\x13\x84\x6a\x70\x4a\x78\x11\xb8\xbc\x0c\xee\x61\xe3\x47\x62\xb6\xc1\xb7\xce\xa1\xc4\x6e\x60\x87\xe9\xa3\x6f\x89\x91\x8a\x25\x8b\x3f\xa7\x76\x20\xbe\x10\xc1\x84\xc3\xfc\x39\x73\x90\x24\xe9\x82\x78\xfd\x65\xb8\x2c\xad\x83\x69\x9f\x3a\xd8\xc6\xec\xcb\xec\x8b\x7b\x1b\xd7\x91\x4d\x3f\x6c\x3d\x02\xbf\x40\x28\x3b\x1c\x1f\x1e\x98\xe3\x08\xbe\xae\xbb\xf8\x94\xb8\xf5\xe9\x1b\xbb\xc6\x25\x35\xf9\x23"},
+{{0x83,0x34,0x3e,0x37,0xad,0x09,0x1a,0x85,0xee,0xc3,0x70,0x70,0x1b,0x81,0xa5,0x8f,0x93,0x70,0xa4,0xb0,0x42,0x3a,0x07,0x0d,0x60,0xf9,0x2d,0x8d,0x18,0x09,0x84,0x4e,},{0x50,0xb6,0x8b,0xf7,0x26,0xea,0xbc,0xa5,0x3a,0xc6,0xc9,0x0d,0x4e,0xac,0x55,0x47,0x03,0x71,0x2d,0x22,0x10,0x55,0x54,0xf0,0x5b,0xf7,0x9f,0x9d,0x08,0xfc,0xc4,0x93,},{0x9c,0x69,0x89,0xcb,0xe1,0x7e,0x16,0xca,0xa2,0x53,0xff,0xb1,0xa6,0x4a,0x10,0x6f,0xb0,0x17,0x82,0xc9,0x9b,0x17,0x22,0xba,0xf1,0xac,0xaa,0x42,0xae,0x5b,0x36,0xb7,0x9b,0x2a,0x2c,0xd8,0xfc,0x91,0xf5,0xad,0x89,0x23,0x81,0x70,0x25,0xa7,0x78,0x25,0xa0,0x5d,0xf8,0xc4,0x17,0xec,0x53,0xc4,0xa3,0xaa,0x1c,0x0e,0xfd,0x5b,0xbe,0x0f,},"\xc7\xda\xdc\xac\x5d\x87\x95\xe1\x74\xb6\x91\x38\x91\x2e\x70\xff\x41\xe7\xa7\x25\xfa\xf3\x85\xb7\x73\xed\x15\x09\x89\x72\xb3\x0d\x9b\x73\x93\x72\xd9\x75\xb4\x80\xcc\xfd\xfc\x58\x0e\x2e\x2d\xdf\x5e\x3c\x27\xee\x79\x12\x79\xab\x95\xe4\x38\x2b\x14\x59\xdd\x8d\x41\xae\x36\x0d\x4a\x87\x88\x46\x69\x29\x24\xfe\xef\x39\x0c\x0d\xbb\xfa\x35\xe4\xb8\x2d\x7c\xbc\x33\xee\x15\x81\xc5\x2b\xd9\x49\x38\x5b\x2e\xe4\x02\x63\xa5\x7d\xa1\x17\x4b\xb4\xac\xad\x37\xcd\x8a\xe2\xa6\xb4\x5f\x7a\x6d\x6b\xbe\xf5\xa7\x98\xce\x85\xb9\xe0\x5e\x76\x47\xe3\x34\xec\xfc\x77\x63\x78\xde\x17\x4c\x49\x7c\x0f\x40\x75\xe6\x25\xaf\x7a\xed\x50\x2c\xd1\xcf\x7f\x58\x8d\x0d\x80\x7f\x02\xe3\x2f\x43\x00\xf2\x28\xa5\x0a\x66\x7b\x5a\xd1\xfb\xbc\x17\xe0\xb3\xc5\x70\x51\xdd\xc6\x02\xf5\x76\x07\x9f\x6f\xc5\x88\x9b\x7f\x29\x00\x71\x13\x34\x42\x0f\xc6\x66\xf6\x6d\xba\xff\x41\x26\x33\x6c\x35\x3f\x1e\x5b\x56\x4a\x66\x45\x37\xf8\x37\x86\xda\x5c\x56\x27\x74\x54\x06\xd7\xb2\xfe\x32\x33\xbf\xd5\x8e\xf4\x64\xa0\x6c\x95\xcf\xd0\xb9\x88\xa7\x6d\x05\x3a\x64\x4b\xcc\x15\x9c\xad\x53\xa7\xc5\xdb\xb4\x0e\xef\x5c\xd0\x47\x05\x6a\x3f\x09\x26\x5b\x13\x25\x69\x9c\x7d\x15\x9d\x5c\x90\x24\x40\x17\x33\x57\xff\xab\x8f\x7a\x5e\x38\x9f\x46\x8c\x33\x3b\x78\x2f\x80\x17\x0a\xe9\x09\x83\xaf\x15\x3f\x2e\x73\xbd\x2b\xef\x12\x5e\x3d\x38\x68\xc2\xab\x9e\xcf\x03\xaf\xf7\x6e\xcb\xeb\x18\x16\x7c\xa2\xf7\x11\xcd\x56\x58\x51\xd7\xf0\x4e\xe9\xd9\xb0\x1b\x6d\x83\xa7\x60\x57\x22\x62\x0d\x28\xc8\x4d\x6c\x1a\xf4\x2f\x6a\x76\x92\x58\xf5\x3c\x1f\x66\xda\x36\x66\x6d\xa5\xca\xa9\xbd\x9e\x8f\xbc\x16\x92\x11\xb1\xae\xd9\xc2\x55\x8f\x6a\xaf\x5b\x14\x5a\xbc\x72\x1a\xbb\x00\x72\x01\x94\xe0\x27\x03\x54\x68\xbd\xe3\xfe\x0b\x88\x88\x4f\x4e\x9b\x26\xe7\x71\xe6\xc7\xa0\xa5\x5e\xa3\x6f\xc5\x0d\xec\x8c\xef\x16\x2f\x9b\xba\x5b\x4b\x16\x10\x5a\xfd\x6e\x37\x4e\x03\x8d\x5c\x85\x87\xcf\xd7\xdd\x88\x29\x0b\x2c\x9c\xab\x45\xa2\x64\xd6\x54\x0e\xa1\x41\x6e\x6e\x4e\x74\xa1\x2f\x45\xa2\xef\x13\xcc\x8a\x36\xe7\xb0\xa2\x6b\x90\x2c\x3d\x96\xe2\xe2\x22\x92\x02\xe2\x57\x65\x69\x4b\x94\x33\x73\xd1\x6e\x60\x0b\xd7\x86\xd9\x55\xa4\xb3\xf1\x02\x16\x40\xc3\x9a\x0b\x6c\x69\x15\x00\x28\x1a\xe0\xd0\x98\xcc\x7f\x38\x5e\x18\xa0\x7e\x62\xfa\x4a\x10\x1e\xf5\xb7\x85\x51\xfa\x29\xbd\x15\xee\x03\x53\xa1\xa5\xef\x9b\x21\x6e\x8b\x0f\xa5\x07\x50\xa3\x41\x62\xb6\x35\xa0\xbc\x5e\x5d\x72\x30\xaa\x19\xaf\xa1\x28\xab\xa6\x42\x2d\x38\xeb\x77\xa3\xf0\xbb\x9d\xd8\xe4\x65\x2f\x12\x07\x0a\x37\x36\x1c\x37\x25\x50\x3c\x9d\x22\xe2\xfa\xce\x2e\xa7\x4a\x70\x02\x40\x62\x47\xdd\x86\x97\x5f\x07\x57\x5c\x9e\x7c\x6f\x41\xb5\x3b\x26\xd5\xcf\x52\xc5\xac\xc2\xc5\xd9\x82\x71\x43\x4e\x9f\xa5\x09\xc6\xdf\xbd\x72\x43\x72\xaa\x5c\x13\x45\x1a\xae\x39\x3d\xe0\xa1\x86\x46\x4f\x5d\x33\x7e\x9f\x62\x7b\x4f\x1c\x29\x09\x46\x70\x65\xe8\x9a\x42\x2e\xc4\x0e\xe1\xd8\x0a\x13\x39\x00\xa6\x2f\x4e\x4f\x7e\x94\xeb\x72\x61\x5e\x7e\xc2\x99\x6c\x6c\x24\x30\xc3\xe9\x57\xce\xae\x21\x05\xa1\xe9\x0e\xae\xac\x0d\x31\xaf\xfa\x9f\x57\x92\x6d\x71\xd9\x72\xa9\xa2\xde\x11\x25\x8c\xc1\xe7\x28\x59\x9c\x9f\xb3\x87\x24\x91\x84\x7e\x10\xc6\x7e\xfa\xef\x6b\x69\x6a\x03\x0f\xf0\x53\x3a\x58\x3b\xea\x1d\x04\xdf\x25\xf7\xee\xf3\xa1\x3b\x8e\x31\xaa\xd1\x33\x85\x7d\xf1\xb4\xe5\xff\xbd\xee\x37\xf4\x0f\x38\xd2\x24\xc7\x0a\xe0\x4e\xf3\x3b\x41\xb0\x2e\x71\x91\xa8\x66\x56\xb0\xd7\x2b\x2c\xbb\x53\xc4\x90\x8c\xa2\x06\xf7\x57\x34\xb2\x77\x08\x15\x4f\xcd\x8a\x97\x42\x9c\xfd\x1f\x2d\xa2\x42\x97\x78\x43\x80\x03\xf5\xb5\xb9\xc2\x1d\x9e\xd2\x3b\x8a\xd8\xa2\x28\xeb\x4f\x65\xc2\x4c\x1c\x59\x69\x9a\x5c\x90\xaf\xf7\x73\xe5\xc6\x76\xdb\x36\x2a\x19\x30\xba\x16\xab\xa7\x6e\xf8\xda\xa4\x2b\x3e\xb2\xcc\xc4\x5c\x93\x4d\x23\xd4\x92\x9a\x7a\xd9\xe3\xef\x46\x8b\x06\xa4\x99\x5c\x80\xdd\x23\x6a\x7b\xcf\x38\x79\xd8\xb7\x94\x67\xf7\x2b\x33\x84\xc1\x60\xcc\x18\x17\x14\xe9\x2f\x20\x35\xe7\xb9\x72\xa2\xcc\x52\x42\xd9\x32\x52\x5e\xae\x7c\x50\xbd\x26\x3b\x0f\xa0\x9c\xbd\x9d\x6f\x98\x4b\x9c\xf6\x15\x2d\x9a\x13\x3c\x27\x84\x32\x02\xd1\xe8\x7f\xa5\xa6\xe1\x23\x5d\x9c\x75\x6b\xb8\xe6\x8b\x05\xb9\x8d\xa5\x41\x95\x22\x3f\xdf\x02\x10\x25\x32\x50\x63\x3c\x11\xc5\xf6\x0b\x5e\x67\xd7\xee\xfc\xaa\x6c\x2d\xaa\x52\x31\x37"},
+{{0xda,0x01,0x32,0x21,0xb2,0xf5,0x88,0xaf,0x40,0xe2,0x11,0xa0,0xf9,0x75,0xd4,0x4f,0x9d,0x65,0x02,0x81,0x60,0x51,0x4c,0x39,0x61,0x89,0xf2,0x7c,0x7b,0x06,0x66,0xea,},{0x07,0x11,0x7c,0x6b,0x0d,0xb5,0xb6,0xfd,0xa1,0xed,0xc4,0x39,0x6c,0x47,0xc2,0x2b,0x54,0xee,0x0c,0xe5,0x37,0x5c,0x3e,0xc6,0x33,0xc8,0x3a,0xfc,0x53,0xad,0x6c,0xe4,},{0x10,0xcb,0x52,0xd6,0x10,0xe4,0xa8,0x1d,0x32,0x86,0x9b,0xff,0xce,0x38,0x07,0xe6,0x39,0x1f,0x78,0x2f,0xcd,0x53,0x8b,0x55,0x4d,0x09,0x03,0x7f,0xda,0x72,0x28,0x5b,0x96,0x62,0xb1,0xb1,0x10,0x7c,0x40,0x81,0x78,0xac,0x00,0x9f,0x05,0x25,0x96,0x73,0x88,0xa7,0xd8,0x5f,0xa1,0x23,0x59,0xd3,0xce,0x38,0x75,0x03,0x7d,0xcf,0x6a,0x04,},"\xbc\x93\xee\x1e\xc4\x72\x8a\xc6\x36\xa6\x24\x8f\xcc\x45\x51\xc9\xd1\x59\x80\xdb\x8e\x5f\x54\xb0\xef\x07\x5a\x71\x97\x0e\x17\x6a\x3c\xb9\x18\x2e\x32\xda\x7a\x8c\x2a\xc0\xcd\x7e\x59\x57\x74\x57\x5f\x9c\x83\x50\x6a\x60\x6f\xac\xe8\x95\x12\x13\x5d\x03\x2a\xb0\x5e\x39\xff\xf9\xc8\xca\x6c\x25\xcd\x5d\x78\xec\xc3\xac\x32\x32\x90\xc9\xc8\x16\x26\x73\x5e\x19\x0e\xb5\xae\x34\x5c\xa7\xa9\x58\x40\x9f\x77\x43\xb0\xb1\x61\x49\x16\x83\x22\x17\xc5\x7e\xee\x1b\x4f\x8e\x62\x2a\xc0\x52\xa9\x3d\xd5\xb3\x9d\x07\x61\xe4\x0e\x9f\xbd\x83\x96\xf6\x0a\x3b\xf6\x66\x0c\x5f\xa9\x9c\xd8\x13\x9f\x68\xcb\xe0\x89\x4e\x5c\x67\xe1\x68\xcc\x74\xb2\x72\x4e\x9d\x91\xd6\x00\x0a\x0c\xec\x58\x7a\x11\x46\x3f\x72\xee\x6e\xd2\x55\xbd\x87\xeb\x30\xfd\x45\x75\x96\xf6\x88\xca\x0e\xa7\x3f\x30\x49\x72\x38\xde\x21\xc9\x3f\xbb\x12\x94\xdb\x61\xe4\xa5\x60\x89\x10\x6d\x1c\xf7\xce\x5a\x65\xec\x3d\x12\x17\x0c\xe7\x84\x0f\x08\x8a\x8d\x0e\x3a\xef\x17\xe5\x31\xde\x47\x80\x03\x57\x02\x58\xe9\x27\xf1\x56\xe7\x96\x10\x65\xaf\xa6\x66\xaf\x38\x58\x2b\x35\x3c\xc4\x77\xba\x77\x5c\xae\x45\x94\x6d\x08\xdb\x75\x21\x59\x14\xda\x32\x61\xb6\x22\x94\xe9\x2a\xfb\x38\x14\x59\xc2\x1d\xda\x4e\xa6\xed\x79\x5f\x79\x25\x7c\x09\x4d\xd6\x08\xdc\x8e\x1b\x7c\x40\xcd\x29\xfe\xa2\x22\x08\x8f\x65\x69\x7e\xa8\x88\x95\xd1\x0a\xce\xa8\x79\x73\x60\xdc\xba\xce\xe2\x69\xc6\x06\x60\x0a\xdf\xfd\xcf\x9c\x7c\x38\x1d\x0a\xd6\x69\x69\x67\xd9\xff\x03\xe6\x1a\x24\x90\x65\x02\xb2\x95\xe7\x6f\x4d\x08\x75\x65\x5b\x01\xe6\xff\xca\xcc\x8e\xf0\x11\x29\xc7\x2a\x58\x46\xb6\x0e\xc8\x00\x17\x37\x4e\x75\xd3\x06\x40\x3d\x9e\xcc\xf2\x64\x95\xd2\x98\x12\x0a\x06\x33\x83\x5c\x5d\x1e\xff\x17\xc9\xc6\x24\x76\xf7\x52\xc8\x97\x10\xad\xfa\x4d\x51\x61\x7b\x59\x18\x17\x3c\xba\x72\x25\x40\xe3\x88\xff\xbf\xfb\x96\x68\x74\xdb\x00\x40\x4d\x06\xb0\xce\x11\x39\xba\x74\x14\x3c\x76\xb8\xf4\xd3\x3b\x21\x16\xe1\xcc\xe1\x75\x17\x3a\x96\xfc\x15\x1e\xa2\x39\xbf\xc2\x0d\x66\xfb\xb6\xf5\x2a\x66\x6c\x0e\x81\xcc\x2b\x80\x20\x91\x06\xe2\x48\x0e\x41\x11\xc7\x0e\x7b\xe4\xaa\xbb\x68\x42\x2f\x0b\x8c\x6b\xa1\x5c\x14\x2f\x82\xe6\xc7\xf3\x78\xd7\x80\x0a\x09\xea\xa4\xda\x25\x3c\x2f\xd9\x1e\x12\x63\xc6\xb6\x55\xbf\x70\x25\x5d\x7e\x3b\xb4\x77\x55\x23\xa0\xa9\xe7\xff\x03\x79\x7e\xe3\xff\xca\x8a\x50\xd1\x0f\x20\xd5\xe5\xa8\x89\xec\x5e\x33\x4e\xf2\x6c\xf7\x99\x8b\x08\x36\xf6\x56\x45\x68\x88\xe1\x37\xf3\x9d\x3e\x43\xe2\xce\x3c\x6e\xf5\x40\xd9\x5d\x9a\x20\xc4\x2c\xb8\xae\x2d\x9d\x0f\x25\xa8\x91\xc3\x63\xea\xd9\xcc\x42\x3f\x9a\x32\x3f\xe2\x32\x28\x1f\xb6\x7f\x5b\xe1\xc0\x78\x43\x61\x46\x04\x68\xa8\x7e\x95\xdf\xa3\x5d\x7f\x0f\xfa\x22\x11\xbe\x6b\x5f\xb3\x2d\x42\xba\x65\x18\xab\x6e\xa9\x37\x80\xf4\x31\xd3\x00\x67\x31\xbe\x44\x40\xe7\x12\x97\x4f\x74\xba\xea\x41\x9f\x40\x22\xfa\x25\x02\xe1\xb2\x39\x8e\x93\x86\x16\x7d\x93\xec\xa9\x2c\xa6\x0d\xd7\xd9\x1f\xe8\x23\x24\xf6\x82\xd9\x4a\xa7\xa8\x6a\xb0\x34\xf8\xa9\xe9\x52\xe8\xfc\x95\xbf\xf4\xdf\xed\x6a\x43\x31\x3a\xbb\x92\x40\x1b\x30\xc3\x3c\x79\xa7\xba\x3e\xfd\xbe\x16\x28\x04\x0f\xba\xf4\x43\xf3\xf9\x80\x84\x6f\xdb\x28\x3d\xcc\xd9\x3f\xab\x09\x70\x8b\x7d\x54\x86\x1d\x74\xb1\xfe\x8f\x10\x70\x1f\x21\x1b\xa3\xd3\x90\xe8\xa6\xae\x40\x77\x39\x64\x6a\x79\xa5\x83\x37\xa7\x17\xa8\x72\x00\x9c\x2d\xf6\x76\x1c\x24\x25\xa3\x2a\x00\x18\xaa\xf9\x64\x64\x70\xcb\xc8\x7c\x3a\x65\xc0\xe0\xef\xfb\xaa\x52\x8f\xe4\x78\x3c\x77\x2a\xb2\x66\xb8\xf2\x82\x68\xcf\x14\xaf\x23\x4b\x15\x81\x6d\x1a\x3a\x49\x1a\xf5\xf2\x97\xe3\x3d\x57\x29\x71\x5d\x51\x2c\x37\x3f\xef\x5e\xcc\x3f\x39\x54\xa6\x0a\x2a\x0f\x64\xd8\x29\x47\x41\x19\xca\x1a\x18\xf1\x05\x78\xd0\x4d\x63\x8d\x5e\xea\xfc\x37\x1a\x94\x6f\x6c\xe7\xef\xbd\x2a\xcc\xe3\x4e\x20\x44\x1c\xde\x9a\x37\xd5\xa8\x7d\xc6\x19\xb0\xa7\x27\x59\x6c\xd1\x2e\x15\xcd\x97\x84\xbb\x91\xf1\x39\x9a\x59\xfc\x0a\x7a\x4a\xf6\x8b\x0d\x57\x5d\x93\x38\x71\x72\x97\x33\x75\xc4\x65\xdf\x5d\x2d\x5e\x06\x1a\x2a\x9b\x23\xb4\x91\x5a\x0a\x8b\x8c\x1f\x09\x42\x09\x4a\xf7\x28\xc8\xc3\x11\x45\xfa\x7a\xaf\x74\xa2\x1a\x3b\x03\x2b\xb0\x9c\x39\x22\x05\xbf\x09\x5b\xda\x98\x6e\x5d\xd6\x62\x7c\x1e\x41\x7f\x65\x03\x26\xdf\xe3\xa9\xc9\x99\x4c\x6e\x0e\x01\x27\x6f\x91\xf2\x98\x7d\x2b\x85\xde\xda\x96\x54\x91"},
+{{0x5a,0x86,0x8f,0xb7,0x5e,0xa0,0x72,0x1f,0x7e,0x86,0xc7,0xbc,0x10,0x6d,0x74,0x13,0xc8,0xcf,0x4d,0x03,0x3c,0xe1,0x40,0x05,0xdf,0x23,0xce,0x4c,0x15,0x5b,0xbd,0x27,},{0x6d,0x1e,0x29,0xf3,0x9d,0xed,0xa2,0xbb,0xfb,0xb5,0x7c,0xb0,0x1c,0xb3,0x9e,0x58,0x80,0x82,0x78,0xe5,0x19,0x6a,0xda,0x1c,0x02,0x76,0x46,0xf2,0x04,0x87,0xd2,0x52,},{0x38,0xc4,0x8d,0xba,0x99,0xa6,0x52,0x4a,0x18,0x8d,0x5c,0xd7,0x8a,0x98,0xe6,0x77,0xdd,0x26,0x3e,0xf6,0xb4,0xdf,0x44,0x6b,0x31,0x0b,0x3d,0xd8,0x9c,0xaf,0xdd,0xb9,0xb1,0x7a,0x65,0xbb,0xa8,0xe1,0x39,0x68,0xbd,0xc2,0x5b,0x1d,0x84,0xb6,0xe2,0x43,0x6e,0xdf,0x31,0xaa,0x75,0x6e,0x3a,0x48,0x72,0x6d,0x6f,0x91,0xc8,0x08,0xee,0x0e,},"\xd5\xaa\x11\x82\x5b\x99\x44\x8c\x80\x63\x06\x23\xd8\xc7\x46\x01\x7c\xfe\x3d\xe6\xfa\x8a\x0c\x6e\xd6\x62\x71\x27\xcf\xc1\xf8\x4d\x4e\x0a\x54\xe6\xa7\xd9\x08\xd3\x71\x9f\x14\x21\xd1\xd4\xc7\x8b\x3c\xdd\x94\x76\x9a\xb6\x03\x3b\xce\x97\x9d\xd9\x0e\x10\x68\x02\xeb\xa9\xa0\x32\x95\xd4\x8f\x9b\x9a\x95\xd5\x7e\xe7\x74\x54\x02\xa4\x80\x23\xbf\x3b\xdd\xd5\xc6\xb9\x1c\x77\x3e\x49\x19\x13\xa3\x8a\xc3\x46\x26\x05\xcf\x28\x2d\xea\xc7\x57\x42\xfb\xd2\x75\x29\x27\x6e\x81\xdc\xce\x8d\xff\x96\x05\x03\x5e\x8c\xf0\x5d\xf6\xa4\x3d\xb1\x51\xf0\x41\x57\x65\xbc\xbd\x1f\x1b\xb6\x68\xad\x62\x73\xb8\x91\xc0\xdc\x4f\x3d\xba\x59\x0e\xa8\x2f\x83\x63\x76\x9b\x9c\x77\x51\x19\x47\x11\x73\x75\xdc\x49\x04\xd4\x8b\x88\xb6\x8a\x25\x5b\x28\x01\x1b\x11\x04\x81\x94\x09\x3e\x98\x20\x7a\xb1\xcf\x75\x6a\xb8\x33\x1f\x8d\x6f\x9d\x5b\xe2\xe1\x19\x05\x73\xe9\x5e\x71\x0f\x2a\x35\x01\xb5\x3a\xa0\x82\x5d\x6c\x12\xdc\xfb\x94\xac\x80\xdc\x10\x82\xcb\x4a\xd2\x62\xe6\xd4\x93\xad\xce\xb6\xbc\x19\x14\x5f\xbf\x73\x8d\xf7\x6f\x21\x34\xfa\x04\xcb\xbe\x44\xff\xc5\x5f\xfe\x5f\x9d\x3e\x9b\xeb\xd1\x59\xa0\x01\xaa\x9b\xf7\x88\x92\xa1\x65\x38\xa5\x20\x82\x3c\xde\x5d\x61\xe2\x9a\x56\xa7\x7a\xb9\x6e\x49\xe3\x00\xd9\x86\x59\x62\xc7\xe7\xfb\x8b\xcf\x5d\xe0\xb9\x38\x29\x7c\x3f\x4d\x6f\x60\x21\xe2\x4d\xfd\xad\x98\x61\x65\x2f\x34\x0f\x42\x1e\x7a\xf2\xc7\x1e\xd9\xa7\x15\x87\xfc\x75\x3b\x11\x55\x49\xb2\xf7\xf7\xcb\x29\x69\x0e\xa2\xb1\x58\xa9\x4c\xd2\xbc\x42\xe7\x06\x3d\x61\x9b\x93\x9d\x52\x3e\x3c\x23\x7e\xb1\xf4\x08\x10\xde\x0b\x44\xaa\x69\x37\x86\x3d\x62\x9e\xdd\x55\x75\xe6\xc0\x47\x52\x61\xb6\x27\x47\x30\x92\x77\x5c\x84\x36\x00\x11\xd5\x7c\x57\x20\x9c\x2e\x87\x5a\x3f\x89\x63\xe8\xb2\x41\xa7\xaa\x75\xef\x30\xc4\xa7\x18\xac\x4d\xd4\x66\xdc\x7a\x3e\x40\xe5\x87\x4f\x15\x7a\x84\x9e\xd3\xa3\xa9\xd4\xae\xb7\xd9\x4d\xf0\x9b\xb5\x5a\x0b\x2b\xc9\xf8\xb6\x95\xc3\x71\x79\x30\x23\x67\x60\x63\x67\xc5\xf3\x24\x82\x8c\xe7\x5a\x94\x4f\x50\x70\x3a\x47\x90\x6a\x80\x88\xf3\xa1\x1c\xfe\x4a\x85\x4e\x01\xf1\x74\x12\x52\xc4\x86\x33\x7d\x06\xb1\xcc\x6c\x6b\x9b\x12\x95\x43\x1e\xe0\x73\x59\x35\x7b\x3a\x78\xef\x50\x75\xb6\x5d\x7f\xed\x5e\xb7\x42\xe5\x10\x15\x98\x44\x4b\x46\x62\x3f\x89\xa3\x03\xac\xc1\x0c\x73\x24\x49\x51\x3b\x70\xdc\x45\x6a\x79\xd3\x7c\x48\xe5\xe7\x26\xc2\xf5\x58\xda\x0a\x1c\x46\xef\xbd\x2d\x92\x03\x26\xa6\x78\xb8\xa2\x2f\x09\x44\xbe\x4a\xf5\x5b\x6c\x71\xf4\x53\xfb\xae\x40\x0e\x6a\xcc\x04\xe0\xe9\x5c\xa2\x00\x16\x7e\x96\xee\x98\xea\x83\x93\x16\xda\x93\xa1\x2c\x2d\x76\xf1\x1a\xee\xbe\xb7\x8e\x65\xea\x48\xf7\xfe\xeb\xbb\x13\x7b\x2a\xc6\x7e\xae\xf0\x2a\x2d\x9e\x64\x71\xdd\x63\x4a\x03\x7d\x4f\x5d\x35\xa2\xf7\x8a\xf4\x1a\x8e\xa5\xaf\x5b\xc8\x15\x0a\x99\xed\x68\xa6\xa0\xcc\xff\x2b\x1d\x79\x65\xd8\xbc\x3e\xf9\x28\x5b\xa6\x42\x1d\x87\xc3\x3a\xad\x81\x03\xa5\x87\xbe\x01\x92\x68\x45\xbf\xbd\xdb\xaf\xc6\x9c\x4b\x92\x52\x88\x67\x20\xd4\x18\x50\x9f\x40\xf3\xdc\xf5\x57\x65\xdc\xcc\x3d\xee\xd8\x27\x72\x15\xe6\x9f\x05\x6b\xa3\x1b\x8a\x30\xb5\x00\x94\xea\x8f\x14\x47\x20\x76\x0c\x8f\x8c\x05\x5c\xf1\xa8\x69\x64\xff\xcb\xb8\xee\x1b\xb2\x18\x12\x76\xea\x99\xa7\xb8\xe7\x10\x67\xfa\x31\x0b\xa4\x47\x1e\x84\x27\x90\x37\xbc\x49\x2a\x55\xde\x20\x55\x48\xe7\x7b\x01\x45\x04\xee\x66\x64\xc4\x98\x8c\xbb\x9e\xd9\x1f\xf3\x2e\x22\x59\xed\x4c\xfd\x61\xa1\x97\xd0\xdb\xc3\x2c\x68\xf6\x54\x9c\x0d\x29\xfc\x45\xf3\x6a\xcb\x26\xb1\x64\xde\x97\xcc\xdc\x37\x90\x0d\x93\xcd\xbc\xf9\x68\x7e\xf5\x3f\x1f\x4d\xa1\xb1\xae\x42\x25\xb8\x84\x20\x9e\x81\xba\x43\x11\x52\x04\x77\xed\x42\x11\xb0\x92\x40\xbd\x7b\x82\x5e\x54\x73\x9f\xe2\x5d\x86\x24\xaf\x04\xb8\x6f\x6d\x11\x06\xd1\x81\x70\xe5\x06\x4d\x1a\x73\xc1\xfb\x1a\x27\xb2\x89\xa9\x48\xd7\x71\xa2\xf6\xb8\xb0\x9a\x63\x5d\xb9\x6c\x62\x51\xc3\x5a\x18\x76\xd3\x69\x62\x66\x99\x41\x6c\x0e\x40\x29\x8a\x68\x1f\xda\xf5\x25\x5f\x58\xc2\x55\x77\x59\xd8\xf5\xdf\x14\x8d\xec\x9d\xbe\x1c\xe6\xdf\x04\x1c\x36\xf8\x3e\x69\xcc\xfb\x4a\xac\xa5\xcb\x48\xfa\x6a\x85\xc8\xff\x66\x06\x15\x24\xd8\xb1\x1b\xd7\xff\xae\xd9\x9d\x0c\xd4\x5c\x42\x01\x0f\x21\xd3\x6c\xc3\x16\xca\x86\x09\x55\x63\x5b\xff\xaa\x7d\x9a\xac\x57\x2d\xcc\xf3\x15\x3d\x42\xee\x8a\x2b\x12\xba\xa5\x7c\x16\x0b\xd0\xad"},
+{{0xc5,0x4b,0xd3,0x43,0x1f,0x26,0x59,0x28,0x1d,0x31,0xe9,0x3b,0x30,0x78,0x76,0x68,0xbc,0xba,0x6e,0x5e,0xe4,0x7d,0xb4,0x6e,0x50,0xde,0xab,0xe3,0xf4,0x8c,0x9e,0xd8,},{0x1e,0xba,0x6e,0xb3,0xf7,0xf2,0x4c,0xdf,0x80,0xab,0xf8,0xa1,0x9d,0x30,0x8c,0x24,0xf1,0xe2,0x5b,0xa1,0x59,0x70,0xed,0xa7,0x11,0x67,0x07,0xb0,0xf1,0x2c,0xf9,0x32,},{0xdf,0x45,0x41,0xdf,0xf1,0xa9,0x79,0x7f,0xeb,0x61,0x7f,0x98,0xe4,0xb5,0x7a,0xa7,0x71,0x41,0x31,0xee,0x8f,0xf5,0x45,0xed,0x50,0x82,0xe3,0x56,0x8e,0xfd,0x1c,0x39,0x9c,0xdc,0x56,0xf5,0x58,0x29,0x91,0xeb,0x87,0x85,0xfb,0x33,0x86,0x4e,0xef,0x7f,0x55,0x3f,0x3e,0x24,0x82,0x62,0xed,0x54,0x8a,0x1a,0x68,0x88,0xf9,0x2e,0x92,0x0e,},"\x6f\x8c\xdd\x75\xe1\xb8\x56\xbb\xbe\x9c\xdc\x25\x53\x7f\xdf\x7e\x82\x36\xcb\x02\x9a\xcd\x39\x84\x49\x21\x10\xd0\xc3\x04\x41\xd4\x21\x84\xb5\xfb\x18\x3d\xa9\xf3\x14\x03\x78\xdf\xa7\xd7\x4c\xcc\x9e\xf5\x00\x19\x3c\xc9\x57\x9f\xff\xa6\x0b\xd2\xa8\xab\x9e\x09\x58\x15\x00\xcf\x06\xcd\x35\xab\xc1\x71\xd9\xd1\x2c\x65\x80\xd9\x68\x2f\x9f\x49\xfe\x36\xd0\xa3\x17\x72\x38\xfa\x50\xe7\xeb\x4c\x27\xe4\x60\xf5\xe4\x58\x0a\x56\x56\x8a\x19\xe0\x3d\x95\xb0\xff\x4f\x4a\x23\x18\x24\xcd\x2f\x34\x42\xe0\xba\x40\x0b\xc1\x1b\x7a\x98\x9d\x50\x1f\x5d\xf3\x5e\x43\x01\x50\x8f\x72\xa8\x52\x01\x4b\xfb\xf4\x00\x1e\x28\x09\x54\x73\xd9\x65\x9e\xed\x60\x67\xba\xf6\x8f\x92\xbe\xf3\x12\xc0\x9b\x19\xaa\xf7\xc4\xfb\xa3\xd9\x02\xb9\xf6\xcf\x95\x2e\xb9\xb9\xa5\x3c\xa8\xbc\xbd\x04\x2d\x84\x2e\x98\x53\xb6\x72\xa1\xd0\x09\xd8\x23\x83\x8b\xeb\xe5\x63\x7c\x4c\x07\xed\x1b\x19\x48\x55\x4b\x23\xb3\x2d\xe1\xd6\xc1\x16\xf9\x33\xb3\x54\xf2\x8b\xbb\x77\x9f\xa6\x54\x8c\x48\x29\x2b\x61\x2c\x7f\x55\x1a\x75\xfb\xc4\x6c\x02\x73\x6b\xf9\x9e\x9c\x8e\xad\x56\xf0\x5a\xb0\x42\x7a\x6e\xc6\x16\xe3\xdc\xc7\x75\x7e\xfd\xb7\x62\x8d\x4e\x96\x32\x5f\xe0\xae\x25\x4c\xef\x5c\xb7\xa7\x04\xb3\x5a\x92\x0c\xb3\xfa\x2a\x03\xe9\x61\xda\xf3\x71\x82\x1b\xe0\xb3\x0f\x19\xae\x49\x52\x44\x1e\x08\xa7\xd2\x2f\x54\x31\x39\x0a\x5b\xe8\x09\x7f\xd5\x79\x7a\x1a\x62\x97\x66\x4d\xa4\x2c\x20\x08\xd0\x32\x10\x60\xeb\xe3\x18\x1e\xb7\x95\xa7\x28\x92\x58\x08\xda\x78\x67\x29\x3b\x72\x08\xf3\x77\xd3\xa7\x71\x18\x5e\x6d\x2c\x1c\x8c\xe1\x83\x76\xfe\x3c\x0c\x14\x58\xc7\xf5\xbe\x34\xf4\x28\xa0\xd5\x75\x93\x10\x74\xc9\x7c\xbf\xce\x8a\xd8\x13\x13\xec\xca\x73\xa9\xf3\xdb\x43\x4f\xba\xd4\xbb\xbf\xf5\x02\xbf\x72\x97\xe1\x7a\x97\xa8\x86\x42\x11\xe6\x78\x9b\xa1\x92\x03\x6e\xa5\x9a\x34\xd8\x4f\xf2\xa1\x11\x07\x4c\x3f\x23\x73\xb1\x01\x11\xb5\xda\xa7\x89\x56\x0c\xb3\x54\x90\x95\x4c\x88\xea\x00\xc4\x10\xdf\x85\x0a\xd0\x0c\xae\x2f\x28\xe7\x19\xfb\x06\x71\x69\x88\xa9\xbb\x0b\xfc\x6c\x98\x9d\x58\x7e\x56\x85\xae\x88\x3c\x2c\x2e\x74\xdd\xbf\x91\x5c\x98\x56\xaa\xe8\xf3\x28\x8f\xc6\x25\xbf\xb2\xfe\x26\x8d\x74\xf5\x9f\x8b\x7d\x83\x63\x74\x97\x69\x16\x90\x07\xd5\xe6\x7b\x7d\x0b\x8c\x8f\x5a\x9d\x9f\x9c\x7b\x74\x5c\x0a\x42\x94\x76\x2c\xbe\xca\x42\xd5\x38\x49\x61\xe9\x21\xa7\xef\xb6\x5d\xa8\xd1\xe0\x3b\x67\x45\xcd\xf3\x08\x09\x7f\xb1\x3d\x64\xfd\x2f\x8c\x10\xfa\x95\x09\xeb\x2d\x91\x38\x7f\x00\x64\x5c\xa7\xd0\x48\x3b\x2c\xd1\x4c\x20\x6b\x8d\x7a\xe0\xa3\xfb\x7c\x09\xbc\x68\x43\xd1\x02\xad\xcd\xa1\x9f\x8b\xbd\x85\x1e\xb6\x83\xc4\x43\x5c\xeb\x4b\x3d\x23\xd3\x8f\x56\xd4\xd1\x11\x4e\xef\x0f\xc6\xf2\x4d\xf5\x27\x70\xd8\xf1\xf3\xf8\x2f\x47\x20\xe8\x92\xb3\x15\x24\x4e\xf5\x6c\x36\xb2\x3f\xcd\x40\x79\x78\x52\x41\x40\x38\x2e\x11\x74\x0f\xd4\x6f\xe4\x29\x99\x23\xf5\x2b\x88\xb4\xa9\xcf\xf4\xb2\xb4\xb2\x3a\x2e\x76\x0a\xd8\x1c\x78\xba\x87\x69\x31\xd9\xaa\xa4\xbe\xed\x40\xfb\x10\xa7\x99\xeb\x30\xd3\x7f\x75\x47\x78\xba\xc8\x5b\xf0\x63\x1d\x85\x2b\xe7\xd7\x4a\x64\x31\xf3\x84\xa4\x02\x5c\x10\x91\x42\x1d\x67\xa4\xe9\xc9\x4c\x1b\xe3\x69\x0c\x6b\xf8\x1d\x06\xbd\xaf\x32\xfe\xab\xba\xf1\xdc\x26\x3f\x27\x3a\x0b\x9e\xd6\x54\x60\xba\xef\xce\xfc\xf6\xac\xcc\xda\x0e\xdd\x23\xdf\x9e\x05\x12\x8e\x29\xd6\x61\xc4\xb4\x4b\xd9\x2d\x64\x0f\xaa\x85\x3a\xfd\x83\x70\xe5\x63\xb4\x0a\xe0\x14\x9a\x14\x28\xe0\x6e\x3d\xd8\xe6\x6b\x79\xda\x21\xcc\x75\x3d\xdc\x47\x6e\x3d\x76\xe2\xf3\x6f\x2b\x6c\x6b\xc1\xb6\x50\x87\xd5\xf8\x6c\x8a\xc3\x54\x71\x1a\x8c\x08\xf3\x48\x6e\x47\x9d\x6a\xe9\x43\xf8\x84\x63\x32\xd4\xe5\xb4\xbb\x2e\x82\x57\xe3\x08\x3d\xf4\xf8\x1d\xd4\xf0\xc1\xee\x1d\x97\x18\x21\x66\x16\x1a\x18\x59\x7e\xe0\xb9\x59\xde\x1c\x45\x59\x1a\xbf\x7c\x51\x03\x3d\x7c\x66\x35\x2d\xee\xb6\x82\xe7\x77\xae\xae\x2f\xa8\xd3\xa7\x7f\x47\x0d\xb7\x8d\xdc\x1b\x1f\xc8\x28\x40\xc4\x06\x57\x76\xd9\xbf\xca\x9d\x39\x2d\x92\x88\xee\x91\x32\xaa\x3e\x4f\x2d\x19\xd0\xd9\x3e\x01\xb6\x66\xf3\x64\x7a\xba\xf2\x25\xc2\x92\x41\x9c\x8a\x82\xeb\xa3\xe1\x1a\xb1\x03\x84\x6f\xcd\x49\x35\xf4\x12\x41\x47\x7c\x0f\x15\x2b\x79\x65\xad\x54\xbb\x72\xbc\x3d\xe2\xe0\xb7\x9d\x62\x25\xe8\xfa\x7a\x62\x86\xb5\xfc\xcb\xb3\x58\x22\xe8\x0c\x8b\xfe\xa7\x4c\xb4\x8a\x22\xd2\x41\x38\x53\x95\xc2"},
+{{0xea,0x60,0xda,0x01,0x79,0xbc,0xaf,0x6b,0x21,0x81,0x42,0xb1,0x11,0x90,0x46,0xff,0xe6,0xd8,0x5a,0x74,0x1b,0x0d,0x16,0x62,0x30,0xbc,0x6d,0xe3,0x30,0x4f,0x67,0x73,},{0x50,0x6b,0x2e,0xbb,0x49,0xbd,0x9b,0x9f,0xf6,0x6e,0x6b,0x7b,0x1f,0xab,0x96,0x68,0xcb,0x18,0x1b,0x4f,0xb5,0xe4,0x34,0x3d,0xdd,0xd3,0xf8,0xa9,0xd7,0x02,0x03,0x1c,},{0x27,0xfb,0x6b,0x5f,0x06,0x52,0x8a,0x64,0x19,0x8a,0x3e,0x7d,0x67,0xc7,0x38,0x84,0x0a,0x8c,0xff,0x4b,0x48,0x2b,0x4d,0x52,0x4b,0x12,0x2d,0x17,0xd2,0xae,0xbc,0xc0,0x38,0x9b,0xe2,0xc6,0xe2,0x8e,0x2c,0xdf,0xc4,0x84,0xc1,0x8d,0xe4,0x25,0xdb,0x56,0xcd,0xfa,0x56,0x1c,0x50,0x7c,0xd9,0x70,0x60,0x2d,0x3a,0x38,0x5d,0x3a,0xea,0x0f,},"\x61\x2d\x6e\xf6\xe4\x34\x9f\xfa\xe5\x16\xe9\x83\xe8\xfa\x7b\x52\xd9\xfd\x13\x42\x82\x24\x0d\x95\x14\x38\x24\xbd\x4a\xae\x03\x23\x4b\x76\xa8\xcd\x6d\x40\x68\xcf\x00\x9e\x48\x1c\x26\x85\x36\x1c\x75\x50\x42\xc4\xe6\xab\x87\x03\xec\xbf\x8f\x02\x0c\xf5\x73\x9a\x4c\x2a\x03\xc3\x73\x1e\x9c\xf7\x5a\xee\x25\x96\x61\x53\xb9\x71\x15\x15\xc6\xc3\x9a\xfa\x95\xf2\x21\xac\x33\x95\xb0\x89\xc9\x7a\xc9\xb5\x14\xe1\x7d\x55\xf7\x96\xa3\xec\xc1\x35\xfa\xaa\xee\x90\x7a\xab\x10\x29\x64\x7b\x48\xac\x81\x74\x9b\xab\x26\x62\x7c\xf7\x09\x5d\x74\xc2\xfc\xee\x35\x67\x1c\x8b\xb4\x60\x53\xf5\x15\x1b\x0c\x2e\x5d\xab\xe0\xf2\xd6\xaa\x20\x41\x33\x05\x02\x0b\x2a\xfd\x9e\xe3\x38\x7b\x2c\x9e\xd0\xbc\x3f\xe2\x90\x2a\xf4\x10\x0c\xec\x23\x32\x7b\x0f\x1e\x4c\xa3\x9e\xf6\xea\xf6\xfd\xf5\xd5\xac\xf9\x3f\xc8\x68\x53\x6d\x8c\xba\x40\x17\x69\x32\x9f\xbe\x93\xef\xfc\x7e\xe6\xbf\x93\xa6\xe5\x88\xbd\x55\x1e\xaa\x51\x28\x53\x95\x2c\x81\xb2\x45\xe5\xd2\x29\xd2\x94\xe4\x13\x70\xb8\x67\x80\x86\x67\x88\x7a\x6f\x9e\xba\x2a\x8d\x56\xa7\xa7\x04\xe6\x6b\x1c\x02\xf9\x6e\x73\x89\x5f\x48\x3e\x44\xa5\xc5\x66\xcb\x1a\xf2\x65\x73\xbf\xe2\xaf\xce\x06\xb1\xfb\x58\x77\xe5\x1e\xf3\x12\x6a\x3f\x21\x0f\xbf\x21\x3e\xd6\x5d\x5c\xa4\x6c\x46\xce\x4a\xa9\x45\xbd\x8c\xa6\x11\xe3\x83\x62\x50\xf5\x64\xf7\xea\x35\x42\x39\x82\xf9\x70\x5f\xcd\x6b\xef\x46\xae\x16\xcb\x0f\x6b\xc9\x12\xc3\xf2\x86\x42\xb8\xd8\x77\x75\xb8\x18\xe4\xe4\xe8\x06\x11\x67\x89\x9b\xd2\x7a\x7e\x2f\xb8\x18\x7e\xe9\x91\x7d\x2d\x58\x6b\xf9\xd4\x99\xe8\xfa\xbc\xa8\x3d\xdf\x58\xc7\x43\x7e\xaa\xce\xc4\xf4\x44\xfb\x2b\xf7\x45\xdc\xcd\x8c\xae\x38\x94\x45\x71\xde\xde\x20\x37\xdc\x41\xf0\x81\x8a\x3d\x91\xe3\x02\x0a\x72\x74\xc6\x67\x42\x47\x87\x60\x83\xd0\xe3\x97\x46\xc9\x68\x40\x61\xbf\x74\xad\x58\x84\x36\xce\x1b\x76\x3d\xbf\x4b\xfc\xf8\xde\x6e\x35\xc5\xa7\x62\x66\x75\xc1\x27\x29\x2b\x21\xdf\x3c\x16\xf8\x10\x63\x32\x2a\x75\xf3\x43\x88\x86\xf1\xf0\xce\xbf\xc1\xa9\x6f\x41\x38\x4c\xbd\xd8\x61\xb0\x4f\x51\x9f\xf6\xa9\x34\x4d\x94\xf3\xd3\xa0\xab\xa8\x40\x9d\xfc\xf1\x8d\x01\xf2\xb5\xb4\x55\x17\x16\x39\xee\xa7\x7d\xee\x70\x6e\xa8\x3d\xcd\x2b\x8b\x1f\xc5\xec\x0d\x74\x07\x61\xa5\xf0\x5f\x7e\xc8\xd8\x7a\xd1\xf2\x92\xa5\x0c\x8b\xae\x0a\xd3\x2b\x03\x41\x9a\x95\x0d\x9f\xe3\xb3\xec\xc4\xd8\xd3\xaa\x95\xe0\x2b\x51\xb1\x83\x1d\x83\xea\xde\xaa\x44\x23\x86\x35\xf9\xc6\x5e\xfe\x2f\x67\x44\xa7\x0b\x9a\xe4\x1e\xf1\x5d\x97\x90\x8c\x05\x33\x93\x44\x12\xf7\x95\x83\xd0\xe9\xb3\xd7\x06\xa1\x28\xe8\x8f\xb5\x1e\xed\xb6\x5e\x46\xd8\xa2\xb3\x8b\xbd\xd6\x45\x55\x54\x96\x7a\x8d\xc0\xc6\x8b\xdd\xfe\xae\x0f\x8f\x72\xf0\xb8\x86\xc3\xc7\x41\xfa\xc4\xf9\x1e\x5c\x49\x1d\xba\xe9\xda\x45\x94\x83\x6c\xf1\xd9\xfb\x6e\xe1\x30\x02\x50\x89\xae\xd3\x50\xef\x24\x7b\xc9\x88\x7a\x20\x50\x15\x9d\xde\xd1\x42\x8f\xfd\x9b\x07\xb9\xec\x2e\x3d\x4b\xbd\xc2\xdd\xb5\x4e\x87\x3b\x63\xf2\x47\x52\x33\xe1\x91\x33\xa1\x4b\x66\x58\x50\x94\x57\x00\x81\x86\xd6\x22\x59\x95\xa9\x67\x26\xb5\x29\xf4\x42\x81\xaa\x24\xfe\xfd\x1c\xff\x8f\x81\x5d\x93\xa5\x98\x69\x31\x66\x22\x90\xb3\xee\x16\x83\x3c\x60\xf0\xaf\xce\xf2\xcb\xc0\x00\x62\x3f\x39\x31\x90\x9c\xa9\x76\xa0\x94\xe2\xb0\xfd\xb7\xdc\xf7\xc4\x85\xe1\x49\x88\xa3\x6f\x19\xb6\x64\x25\x38\x5f\x56\x32\xce\xf6\x5d\x1d\x34\x14\x62\x3a\xe3\xee\x81\x6e\x76\x3a\x5f\x60\x64\x66\x62\x2b\xe6\x60\x21\x14\x50\x29\x51\xcf\x0c\x09\x7c\x16\x48\xa7\x2e\x2c\x43\xd9\xaf\xa9\x68\x9f\x2c\x3c\xfe\x02\x6c\xdc\xe3\xbd\x1b\xf9\xeb\xf7\x77\x56\x2e\xcd\x8f\xf1\xb0\xd7\x75\x30\x6d\x90\x04\x43\xf3\x0a\x84\x33\x10\xb8\xde\x6a\x38\xff\x10\x8b\x72\x39\x13\xd7\x89\x9b\x9f\xbe\x7c\x3d\x76\x6e\xf8\xbd\xfb\x6d\x8b\x0b\x52\x95\x6c\xb1\xce\xc9\x93\x6d\x70\xb4\x87\xc0\x14\x40\xa8\x42\xb2\xfa\xbe\x38\xe7\xb8\x85\x1a\x38\x7d\x35\x8b\xe7\xef\x12\xa7\xe4\xf2\xb5\x27\xe8\x30\x90\xd6\x7e\xb0\x13\xc9\xc2\xcf\xd3\xde\x5a\x1a\x3f\x99\x74\x8a\x41\xf4\x81\x9d\x90\x36\xe5\x00\xc5\x04\xc9\x88\xbf\xd2\x4f\x61\x7d\x6e\xbd\xca\xb2\xdd\xea\xa6\x15\x79\x41\x4f\x36\x0b\x46\x9a\x33\xa6\xde\xd9\x6b\xa1\xd8\xc1\x40\xc4\xff\xc9\x49\x90\xd8\xad\xf7\x8c\xd3\x87\x80\xbd\x68\x66\x3d\x1a\x0e\xe3\x3f\x53\x7c\xdf\x89\x2d\x56\x2e\x82\xdc\xd1\xd9\x12\xca\xd3\x8d\x65\x56\x7d\x29\x14\x06"},
+{{0xb6,0x2c,0x24,0x18,0x78,0x27,0x35,0x13,0xe0,0xbf,0x6f,0x33,0xd2,0x10,0x43,0x65,0xb2,0xce,0x9c,0x5a,0x1b,0x78,0x60,0x58,0xe9,0xc5,0xb4,0xd1,0xd1,0x92,0xf8,0x7f,},{0xbb,0xf6,0xfc,0x51,0x98,0xf3,0xfb,0xa5,0xab,0x00,0x7f,0x8a,0x63,0x2d,0x28,0xd1,0xaf,0x86,0x5d,0x29,0x0f,0xa0,0xa9,0x0f,0xaa,0x9a,0x9b,0x5b,0x9c,0x13,0xf3,0xfb,},{0xc5,0x90,0x39,0x58,0x7b,0x38,0xdc,0x14,0x1e,0x05,0x5a,0x93,0x85,0x01,0x04,0xd6,0x29,0xe3,0x80,0x70,0x5b,0x8f,0xc9,0x18,0x84,0x7c,0x5e,0x2a,0x35,0x2d,0xa3,0xa0,0x2f,0xce,0x7f,0x71,0x99,0xf4,0xae,0x2b,0x1e,0x2a,0x59,0x48,0x34,0x18,0x93,0x2e,0x18,0x5f,0x7e,0x45,0xb5,0x05,0x0c,0x64,0x2c,0xec,0xc7,0xe7,0x81,0x99,0x85,0x07,},"\x26\xa3\xc2\x6a\x5a\x18\x9c\xad\x40\x7c\xba\xa3\xa6\x86\x7a\xc0\xa2\x60\x88\xc7\x5f\x9d\x0f\xa1\x9b\xd5\x02\x74\xce\xc5\x75\x5a\x49\x71\x09\xa4\x73\x28\x4d\x6f\xc8\x1a\xd4\xb9\xec\x29\xfa\x7e\xc9\x76\x4f\xd3\x09\x9f\x06\x0e\x36\x83\x65\x52\xff\x24\x13\xe3\xd5\x09\x5f\xe0\xb1\xa8\xbf\xcf\x67\xee\x06\xaa\x90\x32\xe7\xbb\x32\x49\x69\x80\x47\x71\x4d\x28\x14\x15\x27\x3c\x98\x34\xad\x9e\xb6\x65\xa7\xd9\x72\x20\xe7\x2d\x9c\xa7\x3f\x31\xaf\xa7\x73\x86\x75\xba\x31\x62\xef\xef\xe7\x47\x9a\x5b\xc4\xbc\xe2\xe8\xb7\xaf\x47\x41\xd7\x03\xdc\x9b\xbd\x60\xb4\xcf\x4b\x90\x87\xf6\xcf\x86\xcf\x53\xae\xd0\x2b\xf4\xca\x6a\x18\xf6\x07\xcb\x52\xa3\x03\xd7\x8e\x85\xad\x88\xfd\xfc\x86\xdc\xb7\x18\x77\x27\xb0\x3b\xe2\x27\x74\x5b\xea\x74\x4f\xd0\x06\x52\x5b\xc5\x9a\x4d\xdd\xab\x91\x5c\xef\x40\xa8\xf3\x08\x02\x91\x3b\x79\x13\xea\xf9\x74\x33\x65\x52\xe2\xf1\x45\x6a\xd8\x03\xdc\x58\xc9\xb4\xb1\x8e\xfa\xf7\xf7\xe3\x57\xe2\xcd\x77\xd1\x38\xd9\x00\x80\xe2\x96\xd1\x36\x4a\x2f\x32\x4d\x3e\x0d\x6e\xdc\x20\xb8\xbd\xaa\x9d\x2e\x87\x1f\x5e\x7b\x05\x1f\xb6\xfc\xdb\x55\x95\xf2\x1d\x3f\x8d\xe2\x9f\xb7\x86\x78\xfa\x47\x9e\xaa\x32\x57\x9c\x78\x4d\x51\x3a\xc5\xf8\x36\xd9\x54\xd0\xd3\xfc\x0e\x5f\xc8\xa6\xee\xab\x90\x20\x2b\x4c\x4a\x2b\xec\x24\xcf\x63\xea\x67\xc4\x70\x09\x62\x18\xcd\x43\x1e\x88\x31\x05\xfc\x9c\x27\xf9\xea\x77\xc1\x8e\xda\x69\xbc\x00\xa2\x24\x2b\xd4\x20\xf0\x95\xc9\xb9\xa9\x2d\x95\x6c\xcc\x5a\x85\x72\xb0\x57\xa7\xfe\x17\x3e\xeb\x2a\x31\x66\xcb\x20\x89\xd1\x13\xa8\x16\x46\x2b\x25\x80\x5b\x8a\xba\xff\x5b\x0b\x22\x87\xc5\x08\xec\x2b\x8c\x34\xb2\x19\x5c\x33\x28\x70\xd3\xcc\x39\x60\x17\xa1\x6b\x9e\x0d\xa6\x18\x2d\x07\x1d\x3b\xf3\x63\xd3\xf1\xe7\xb7\xda\x11\xd7\x11\x25\x0a\x58\xaf\xd7\x4e\xd3\xe3\x15\x8d\x47\x18\xba\xd4\xd2\x74\xbb\x34\x44\xcf\xc3\x18\x07\x4b\x53\xbe\xba\x44\xa2\xa3\x4f\xf8\xeb\x72\x6e\x4a\x1d\xaa\x91\x10\x51\x62\x16\x51\x89\x8b\x88\x71\x69\xf6\x2b\x9c\x0f\x40\x20\x48\x3e\xf5\x44\xf8\xf5\x72\xfa\x6a\x66\x40\xa4\xcf\xfc\xe9\x76\xcb\x70\x24\xf8\x47\xbd\xc9\x5d\x1d\x7c\xe6\x53\x50\x5d\xeb\xfc\x69\x88\xed\x28\x9d\xd4\x7a\x9e\xb2\x61\x25\x9e\x3e\x65\xe4\x5f\xc9\xd7\x14\x94\x69\x35\xcd\x8e\xa1\x3b\xc6\xdb\x5e\xaa\xb9\xe8\xb1\x0d\xae\x0f\xdd\x69\x79\xc2\x03\x5c\xfb\x80\x98\x25\x2f\x22\x05\x44\x3b\x80\x88\x16\xbf\x77\x87\xb7\xf1\xe7\x8b\xc9\x8a\x72\x85\xe7\x33\xd4\x5f\xc4\x61\x0c\x20\x97\x7c\xa3\x22\x98\x89\xbb\x8c\xd2\xb6\x94\xce\x9e\x3f\xe7\x83\x03\xaf\x83\xe1\x06\x42\x25\x42\xfb\x79\x61\xd3\x2e\xb1\xd2\xc5\xfb\xe6\x07\x51\x67\x4b\x07\x47\x73\xee\x06\x16\xe0\x29\x73\xf6\xa7\x4a\x3a\xe4\x66\x4a\x26\x50\x91\x5a\x3e\x10\x49\x3b\x9e\x66\xa3\x9f\xa5\xc8\x9c\x61\xd4\x47\x35\xf1\x07\xd3\x37\x57\xae\x67\x9b\x43\xa8\xd4\x3a\x01\x75\x7a\xe1\xf3\x27\x9e\x86\x24\x42\xe1\x50\x71\x55\x50\xee\x82\xe4\x9c\x0d\x49\x43\xfa\xf1\x3f\x22\x79\x1f\x0e\x66\xf2\x4a\xc5\x0a\xb3\xc0\x03\x85\x2b\x21\xe1\x5b\x2f\x00\x6e\xdc\x2c\xd6\xa8\x79\xc4\x76\xab\x5b\x35\x2e\xb1\x09\x9d\xad\x4c\x50\x37\x24\x00\xfa\xa5\x49\x8d\x78\xc6\xb8\x57\x03\x4c\x25\xca\xf7\xb9\x33\xfa\xf6\xbd\x7c\x59\xfa\x3d\xa5\x73\x97\xb6\x03\xde\x9c\xb9\xd8\x0e\x51\xf7\x99\x7b\xaa\x46\x2a\xcd\x53\x7e\x2c\x41\x94\xc7\x6c\x7e\x0b\xe6\x51\x2b\xce\x4d\x63\x66\x0b\x36\xc7\xcc\x46\x63\x1f\xb9\x67\x1a\xd8\xc5\xd2\x8e\x2f\x2e\xe2\xed\xce\x81\x95\x44\x21\xb8\xa3\xd9\xff\x6f\x66\x69\x9f\x4b\xce\x88\xbc\xb8\xef\x19\x2c\x26\x2a\x74\xab\x7e\x19\x1e\xee\x91\x01\xa2\x8d\x4b\x66\x28\x2b\x51\x22\x09\x3d\x14\x1c\x64\x96\xc7\xab\xa4\xd3\x52\xe4\x72\xee\x74\x40\xe0\x5a\xf6\x0d\xa0\xcf\xc9\x3e\x30\x36\x42\xba\x8f\xb8\xe5\xc5\x68\x68\x7a\xbd\x63\xaf\xb3\xed\x6a\x32\xb6\xda\xe5\x6a\x7e\x5d\x73\xde\xba\xf4\x1d\x35\xca\x36\xad\xb9\x7a\x22\xc0\xad\xbe\x71\x8b\xec\x1f\xa5\x19\x98\xde\x9b\x4b\x96\xa7\x9c\x5b\x96\x55\xb0\x16\x5d\x5e\x1b\x9a\x8c\xc5\x52\xe8\xc9\x32\x9e\xde\x58\xdf\x74\xc6\x7b\x2b\xa1\xa8\x42\xfd\x3e\x81\x58\xc1\xfe\xa3\xa9\x9b\x56\xa2\xc2\xa9\x62\x07\x85\x3d\x26\x02\x2c\xec\x17\x0d\x7e\x79\x94\x4d\x2f\x56\xaa\xb1\xf1\x91\xbf\xd4\x8d\x72\x54\x90\xca\x82\xb8\xd9\x06\xf0\x68\x0e\x69\xee\xb9\x57\x57\x74\xfb\x9d\x60\x45\x13\xfb\xc2\x6f\x5d\x30\x3b\x68\x85\xca\xc0\xbf\x8e\xfe\xe0\x53\x8f\x92"},
+{{0x0f,0x77,0xf7,0x7a,0x1c,0x7e,0x04,0xbd,0xa8,0xe5,0x34,0xf4,0xe3,0xef,0xf9,0xa2,0x38,0xcc,0x14,0x87,0x6b,0x7e,0x3e,0xca,0x8b,0xed,0xe1,0x92,0x3a,0x33,0x64,0x06,},{0x10,0x45,0xea,0x9f,0xe2,0x14,0x58,0x3a,0x0c,0xdb,0xc4,0x94,0x93,0x2b,0xc4,0x4a,0xfe,0xeb,0x08,0x0b,0xec,0x48,0x5c,0xc2,0x34,0xfd,0xdc,0xff,0x13,0x9c,0xce,0x00,},{0xb2,0x0b,0x9c,0x42,0x46,0xf0,0xd2,0x97,0x01,0x38,0xaf,0x7d,0xc9,0xaf,0x62,0x9b,0x68,0xfb,0xc3,0x7d,0xf8,0x7a,0xfd,0xca,0xdc,0xb5,0x45,0xc1,0x76,0x83,0x76,0xa0,0x9c,0x3b,0xab,0xc3,0xeb,0x1a,0xf3,0xb7,0x51,0x98,0x52,0xf7,0x5f,0xab,0x1c,0x9c,0x11,0x9c,0x66,0x2c,0x58,0x77,0xfb,0x2f,0x72,0x99,0xca,0xb5,0x7f,0xad,0x3d,0x0e,},"\x0e\xcb\x74\x6d\xbd\xb0\x16\x14\x21\xaf\xeb\x7a\xde\xa7\xa3\x7c\x2e\xa4\x40\x8a\x59\x2c\x9d\x78\x1e\xd6\xac\x6f\x4e\xe5\xcc\x65\xd5\x27\x0e\x4c\xf2\x76\x32\xf7\xc5\xc1\x33\xd4\x39\xb7\x8d\x1f\x71\xaa\x6d\xd8\x07\x13\xd9\x0b\x15\x1e\x19\x12\x1b\xfa\x87\x71\x0e\x84\xa4\x85\x0a\x3b\x5b\x02\x65\xba\x26\x03\xd0\x71\x6e\x9b\x7e\x11\x22\x10\x9c\x39\xc6\xf1\x02\x7f\xce\x18\x79\x8c\xbb\x4f\x6b\xc5\xe4\xd7\xac\xa4\x70\x46\x90\xf5\xc9\x81\x51\x08\x71\xc3\x13\x59\x57\x98\x33\x86\x81\x10\x7f\x2b\x57\x94\xd4\x6f\x6e\x0b\xde\x2c\xd0\x64\xb3\xb1\xfc\x00\xca\x47\x18\x8b\xbb\xc1\xf4\xa0\xce\x30\x5c\xc6\xd8\xa8\x96\x92\x0e\xb9\xeb\xae\x57\x9f\xd3\x38\x5f\x8f\x1f\x35\x97\x62\x88\xf4\xc5\x8f\xfc\x47\x60\xf3\x59\xb0\x03\xc8\x72\xe9\xa2\x40\x55\x35\x5e\xa9\x58\x5e\x95\x10\x69\xdc\xa2\x5f\xd0\xcc\x0b\x9d\xb5\x2a\xae\xaf\x19\xd4\x3f\x2e\xab\x4f\x83\x56\x03\xad\x12\xd2\xdc\x49\xb3\x10\x25\x6b\x94\xbe\xd5\x48\x96\xa1\x6b\x69\xb0\x9c\xb4\xc8\xff\x5c\x23\xcc\xe5\x59\x3d\x87\xad\xe2\xa8\x2a\xda\x50\x85\x9e\x15\x44\xc1\x86\x18\xa6\x5c\x00\x7e\xf4\x24\xc9\x85\x4a\x17\x5b\x6e\x6c\x0e\x64\xb2\xc8\xeb\x8a\xd4\xd2\x8b\x97\x7d\x68\xe7\x81\x69\x91\x51\x98\x97\x53\x94\xd3\xb9\xb2\x69\xca\xb0\xd3\x26\x1b\x2b\x56\xcd\x2c\xc4\xbd\xdb\xd4\xf1\x43\x9e\x0d\xbe\x2c\x9b\x3f\x3f\x75\x14\xed\xac\x5e\xbb\x46\x22\xb9\x2a\x69\xa8\x40\xa9\x02\x85\x50\xb2\x21\xdb\x59\xdd\xfb\x00\x13\x96\xf8\x63\x92\xa1\x7f\x08\xcc\xb1\x94\xcd\x9e\x1a\x00\x81\xd7\xdd\x9c\xca\x23\x57\xfe\xb8\xb7\x95\xe5\x17\x02\x9f\x79\xc8\x2a\x3b\xe6\xf9\xa0\x31\xdd\x1a\xf1\xe7\x9e\x49\x82\xbf\x8e\x76\xb3\x10\xf9\xd3\x55\xef\xcd\x5b\x1e\xfa\x9f\x35\x9c\x17\xcf\x3b\x51\x0d\x51\x3e\x8c\xd5\x78\x6a\x0d\x34\x45\xdc\x59\xa8\x43\x3a\x46\x48\x86\x87\xb0\xf5\x8b\x1b\xd6\x56\x7c\x2a\xf4\x87\x3b\x51\xfc\x84\x5e\x76\x7e\x24\x30\x05\x19\x2f\x8f\x06\x74\xf2\x81\x26\x5a\x55\xd7\x6c\xea\x32\x22\x60\xc9\x32\xce\xa6\x71\x7a\xdb\x98\xa2\xdd\xa8\xc6\x98\xe2\xe8\x92\x55\xfe\xb7\x7d\xa7\x64\x81\x67\xbc\x1e\x58\x87\x7f\xeb\x72\xd1\xd1\x4b\x0c\x30\x4f\x07\x37\x2d\x95\x56\x75\x23\x7c\x49\xf7\xa6\xdb\xc9\x15\xe6\x81\x4a\xba\xe6\xcc\xe4\xca\xf9\xf4\x80\x87\xe9\xdf\xb2\x82\xd8\xf3\x40\x37\x7c\x1e\x29\xc6\x73\x1c\xcc\x26\x67\xda\x66\x95\xb7\x12\xbe\x03\x12\xd8\x65\x11\x19\x34\xf1\x68\xd5\x54\x43\x65\xdd\xae\x27\xab\xc6\x4a\xef\xbc\xb3\x22\xdb\x7d\x97\xd9\x0d\x95\x7a\x63\x7b\xd8\x26\xc2\x27\xe9\xeb\x18\x0b\x45\xa4\x31\x62\x6a\x6f\xd8\x90\xc0\xe5\xf4\xed\x7e\x85\x64\x74\x75\x2f\x80\xb5\xae\xf6\xe7\x3e\xfd\xaa\x6c\x2c\x45\x1b\xd7\x4c\x1e\xf4\x66\xca\x3a\xaa\x25\x73\xbb\x52\xcb\x2b\x1c\xa9\x6a\x1b\x57\x44\x03\xce\xae\x1c\xf0\x5f\xfc\x53\x43\x0e\x1e\x4c\xd5\x59\x3b\xd1\xef\x84\xbc\xbf\xe2\x19\xf0\x81\x60\xd1\x66\xf2\x73\x1d\x99\xb8\xd7\xa3\x2b\x12\x99\x1f\x77\x77\x5a\x26\x7e\xc0\x82\x97\xec\x51\x2d\x7b\x72\x43\x56\x32\x52\x5c\x04\x00\x0f\xb0\x0a\x79\x3f\x8b\x5f\x8f\x37\x47\xb5\x53\x59\xdf\x21\xb7\xe2\xc4\x9f\x2b\x0b\x9a\xe0\x82\xaf\xc7\x0a\x14\x68\x71\x37\x0b\x8d\x50\x08\x6d\xe0\x0f\x94\x48\xbe\x89\x02\x17\x4b\xa2\xcc\x85\x1f\xa3\x79\xdd\x70\x31\xca\x45\x7a\x88\x69\xaf\x4b\x6c\x27\x29\xda\xc5\x19\x55\x6b\x8b\xb4\xab\x51\x9e\xf1\xbb\x02\x4e\xa8\xb7\xf0\x17\x71\xc9\xaa\xb7\x48\xe5\x73\x81\xa0\x19\x2a\x6e\x39\x8c\xbe\x6d\xd9\xf3\x67\xcc\x7b\x33\x54\xf8\x3b\x79\xbc\xda\x46\xb7\x93\xa4\xad\xa8\x55\x49\xc8\xd6\xbd\xd6\x16\x81\x24\x36\x2f\xf9\x08\xaa\x1a\x0c\xb7\x8a\xa3\x30\xc4\x2d\x5a\x5d\x48\x12\x35\xac\xac\x3a\x91\x9b\x96\x9c\x50\x98\x72\x66\xd4\x04\xd1\x5d\x0e\x70\x6f\xd9\x00\x76\x34\xf6\x9e\x13\xc5\x6e\xc4\x71\x33\x88\x4f\xca\xdd\xc1\x6b\xee\xee\xd1\x9e\x0c\xd9\x17\xaa\x49\x63\x67\x86\x7d\xfc\xea\x27\x4e\x1a\x47\xda\x77\x4f\x3c\x93\x63\x02\x1e\x7c\x8d\x6b\xf8\xf0\x00\x53\xfa\xcc\x11\xcb\x68\xa9\xd6\xe1\xfc\x2d\x6d\x19\x17\x5d\x63\x24\xff\x7c\xa6\xc2\x30\x58\xb8\xb6\x93\xd8\xfd\x4e\x0b\x51\xdc\xbb\x11\x35\x43\xf2\xfc\xc0\x45\x2e\xb9\xd9\x67\xac\x0f\xa9\xb2\x3e\x9e\x0b\x1d\xa8\xd8\x3a\x3c\x1f\xc9\xe9\xec\x97\x1f\x0f\x67\xfc\x74\x5b\xb1\x73\x76\xbc\x46\x24\x5f\x52\x8c\xb6\xe5\xfe\xe1\x1b\xcd\xda\x86\x7b\x7f\x79\x01\x9c\xf9\xdb\x59\x18\x58\x23\x0a\xec\xb4\xd1\xe9\x3d\x16\x7c\xd8\x6b\x42\xdd\x87\x9a\x13\xfa\x0e"},
+{{0xc5,0xa5,0x05,0x34,0x77,0xae,0x31,0x15,0x8e,0x74,0x69,0xdd,0x15,0x04,0x86,0x76,0x50,0xd4,0x6f,0x15,0x89,0x06,0x7f,0x5c,0xd8,0x81,0xca,0xf2,0x5c,0x26,0xcb,0x21,},{0x70,0xf8,0x5d,0xb9,0x80,0x7b,0x26,0xfc,0xf3,0xe6,0x69,0x0b,0x91,0x72,0x4f,0x7a,0xe3,0xd2,0x0e,0xc3,0x60,0x4a,0xb7,0xd6,0x30,0x8d,0x90,0x94,0x30,0x8b,0x2d,0x59,},{0xf5,0x19,0x1b,0x44,0xbd,0x6c,0xc3,0xea,0x28,0x17,0x71,0xdf,0x12,0x54,0x9b,0xa2,0xbe,0x22,0x8b,0x51,0xeb,0x79,0x1b,0x9e,0x5e,0xd2,0x81,0x5f,0x86,0x2a,0xa6,0x30,0xb5,0x69,0x67,0xcd,0xef,0x8b,0x6a,0xf0,0xb9,0xd2,0x1a,0xb8,0xc9,0x7a,0x6d,0xff,0x68,0x1c,0xce,0xd9,0xf5,0x01,0x97,0x13,0xd4,0x35,0x7c,0xb3,0xe5,0x4c,0x0d,0x08,},"\x85\x71\xff\x39\x03\x48\x6a\x43\xa6\x12\x6c\x32\x3e\x7b\x3a\x74\x14\x1d\x13\x85\xd4\xbd\x70\x3f\x19\xe2\xd1\xb6\x4b\x50\x28\x1d\x27\x16\x8a\xe3\xe7\x69\xc6\xdd\x9d\xf7\xd9\x78\x64\xfb\x37\x82\x2f\x00\x21\x85\x2e\x31\x68\xab\x7d\x84\x5a\x65\x45\xed\x0c\x37\x7d\x9f\x7c\x04\x8a\x2b\x96\xe8\xdc\xf4\x45\x77\x96\x84\xa0\x58\xc2\xb9\xc2\x1a\xc6\x8a\x0c\x34\x1d\x1d\x6c\x09\x81\x45\x64\x57\x45\x8e\xb7\xce\xbf\x66\x67\x87\x40\x77\x7e\xca\x26\xe0\x1e\x1c\x8f\x53\xb5\xd4\x75\x6c\xc5\xf0\xb9\x0f\x0c\x5d\xb0\x53\x93\xcd\x4b\x8e\x44\xf6\x81\x0c\xaa\x5a\x11\x6a\x33\x57\x77\x24\x39\x5d\x41\x3a\xf6\x19\x63\x2a\x6f\xed\x14\xe2\x15\xc2\xf1\x9d\x10\x5c\xe2\xbf\x14\x98\xe6\xd2\xab\x4f\x65\x0f\x61\xba\x5c\xf6\xd0\xc7\x3b\xbb\xde\x98\xe3\x04\x29\x91\x0a\x4e\x67\xdf\xbc\x71\x7c\xb0\x91\x18\x2d\x59\x70\x58\xb5\xd7\x65\xd0\x97\xe6\x87\x58\x31\xb5\x88\xaa\xeb\x3e\x73\x27\xe8\x56\xb4\x2f\xa9\x83\xfd\x25\x4e\xf1\xf9\x18\xb0\x43\xd1\xdd\x3d\x7b\x7e\x30\xb3\x15\x38\x6e\xec\x91\xe7\xf9\x4d\x59\x8f\x4b\xeb\x3b\x27\xb4\x2f\x4e\xe1\xfb\xf7\xaf\xb4\x86\xbd\xcc\x60\x81\xcc\xb8\x67\xf0\x41\x11\x04\x4f\x4b\xbb\xe3\xc8\x12\x2e\xde\xad\xef\xa9\xd6\x93\x90\x6e\x0d\x6e\x13\x3b\xf6\xf2\xda\x61\x58\xfe\xed\xbd\xa0\x24\x41\x0f\x12\x08\x6e\x7a\xcc\xf1\xc6\x8e\x15\x57\xf0\x0c\x14\xe9\xc7\xea\x76\xa5\xed\x13\x37\xa0\x54\xac\x2c\x94\x9c\x05\x97\x7e\x03\x02\x74\xf6\xa4\xf2\xa6\xb3\x0a\x15\xc5\x70\xec\x94\x33\xf7\x4f\x47\x52\x80\x87\xc9\xce\x9a\x62\x92\x95\x1c\x54\x35\x49\x96\xfb\x28\x3c\x0d\xc4\xcf\x33\xc0\x01\xbc\x96\x87\x5e\xa6\xe1\xf4\x6f\x83\x7f\xf1\x8d\xd9\x54\x5f\xb9\x93\x46\x55\x34\x2b\x12\xc2\x99\x0b\x9f\x1c\x6f\xf4\xd6\x64\x89\xd6\xae\xdc\xe7\x5c\x7c\xb0\x3a\xc1\x34\xbf\xd3\x9b\x18\x1d\xfb\x7f\x9a\x97\xce\x73\x7f\xe5\x70\xad\x5f\x81\x34\x59\x39\xa6\xde\x5a\x40\xa3\x3a\x0e\x44\xbf\x95\x75\x03\xd5\xca\x02\x83\x51\x2e\x57\xfb\xa8\xa3\xa6\xf2\xc3\x90\x68\x7b\x1b\x77\x08\x67\x6e\x0f\xd0\x3b\x7c\x18\x8d\x45\x61\xc1\x87\x91\x63\xea\xf2\xb5\x96\xdd\xd5\xf3\xc1\xf4\xda\xdb\xc1\x39\xc2\x16\x48\x92\x82\x0b\x2f\xe0\x9c\xbc\x3d\x19\x08\x80\x76\x36\x45\x10\x25\x4f\x2b\x6d\x41\x03\x29\xe7\x0f\x2e\x5a\x94\x5b\xba\xcd\x2c\xa8\x9b\xd4\xb6\xe1\xf5\xe2\xe1\xd4\xf4\xed\x2f\xe0\x11\x3b\xcf\x32\x96\x2f\x00\xd5\xc3\x3b\x1d\xf9\x88\x40\x2b\xa0\xdc\x88\x04\xc1\xaf\x66\xcc\xae\x26\x70\xef\xa3\x13\x4c\x67\xfc\x90\xfe\xed\x8d\x8d\xee\xdc\xcf\x6a\x46\xf2\x29\x40\x45\x4a\xf2\xbb\x67\x54\xcf\x23\x5d\xdb\xb0\x00\x1c\x6c\x74\x1b\xf8\x74\xbc\xd8\xd4\x1d\x9d\xba\x81\x62\x58\x1c\x37\x46\xd7\xf3\x0e\x73\xde\xf6\x94\x15\xaf\x51\x81\xc1\x49\x91\x42\x95\x12\x2d\x45\x98\x2f\x94\x94\x3e\x20\xb0\xff\xc7\xfe\x6d\xdf\x19\xa0\x22\xe8\x7a\x52\x13\x33\x57\xa1\xe8\x0f\x37\xf2\x8a\x4c\x4a\x8a\x61\xc1\x48\xdd\x87\x5c\x1e\x8e\xcd\xcd\x84\x0d\xd8\x63\xe4\x4d\x9b\xcb\x16\xb6\xe5\xaf\x01\x47\xb3\x4a\x7a\x90\x52\xc8\xd3\xf4\x52\x01\x3d\x2d\x35\x4f\x68\x03\xf9\xea\xf6\x05\x6f\x3b\x01\x3c\x61\x6e\x47\xf3\x98\x81\x91\x46\x32\x0a\x5e\x3d\xbd\xf1\x68\x43\xea\x29\xde\xf2\x62\xcc\x9a\x34\x36\x72\xcf\x96\xbc\xcc\x6e\x87\xe6\xa6\xba\xf0\x71\x2e\x6e\xe8\x9a\xa6\x04\x89\xf1\x7c\xb7\x2d\xdc\x44\xba\xd1\x61\x58\x7d\x87\xf5\x4d\x67\xcc\x0a\x27\x78\x49\x7d\x83\x10\x88\x31\x5f\xfe\xee\x3d\x26\x8c\x59\xbe\xfe\x88\x4c\x3a\xa0\xe0\xae\x22\x96\xbb\xb6\x0e\xac\x90\x97\xcd\xf8\xdc\x09\x87\xce\xb1\x74\x2b\x05\x86\xdf\xce\x79\xec\x10\x42\x5b\x28\xf4\xe6\x45\x20\xd7\x12\xe3\xf4\x6e\xa8\x3b\xe2\xde\x6a\x15\x74\x07\x3b\xc5\xc7\x55\x7b\x8e\x25\xb6\x41\x11\x84\xea\x28\x3d\x88\x00\x23\x2c\x79\x06\x94\x21\x81\x1f\x88\x3c\x29\x94\xe7\xb7\xe2\xad\x9f\x8d\xc4\x89\xc9\x34\x77\x24\x39\x46\x09\xc9\x89\x09\xa6\xc2\x60\x17\xb5\x0f\x20\xd5\x0c\xca\xcb\xde\x36\xb7\x6b\xa6\x46\xa7\x6d\xc6\xa5\xb0\xf5\x06\x49\xc5\x65\x8b\xbd\xfd\xd3\xb5\xca\xfc\x54\x79\xa2\xf4\x8e\xe5\x15\x42\xf2\x3e\x9f\xc9\x21\x32\x06\x0f\xd6\x35\xef\xf4\x52\x11\x1c\xda\xf3\xef\xbd\xb7\xdb\x9e\x7d\x47\x16\xd0\xd6\x01\x1c\x29\x11\x8a\x55\xd4\xc1\xa4\x36\xab\xe2\x4e\x3c\xbf\x40\x23\x5b\x76\xdd\x19\x23\x50\x3c\x5f\x35\x98\x12\x4e\x2d\xf5\x5a\x2d\x1f\x24\x6e\x90\xde\x4b\x71\x64\x5d\x51\x75\xb6\x1b\x01\x74\xe7\xe5\x7d\xf1\x28\x5c\xcf\x8c\x86\xb8\x38\x2c\x25\x80\x79"},
+{{0x05,0xc7,0x19,0xca,0xe0,0x6e,0x2b,0xb7,0xd8,0x78,0x63,0xab,0x31,0x50,0x27,0x2c,0xb2,0xf8,0xc3,0xaa,0x24,0x21,0x91,0x2d,0x87,0xf9,0x8e,0x75,0x89,0x63,0x8c,0xe9,},{0x90,0x21,0x17,0x96,0xfe,0xd3,0xd5,0x3b,0x81,0xf8,0xfe,0xeb,0x1b,0xad,0x1f,0xfc,0x93,0x3e,0x5f,0x10,0xd3,0xbc,0x1b,0x36,0xdd,0xf2,0x10,0xa4,0x79,0x23,0xdf,0x03,},{0xba,0x6e,0xb7,0x51,0x37,0x1d,0xf7,0x21,0xb7,0x70,0x7a,0x5b,0x33,0x39,0xed,0xb5,0x5f,0x13,0x86,0x40,0xb9,0x7b,0xe6,0x33,0x4d,0x6c,0xda,0x51,0x91,0xa3,0xff,0x63,0x67,0x91,0x17,0x61,0x88,0x2a,0x4a,0x00,0x7f,0x16,0x1b,0x74,0x8c,0xec,0x95,0xb1,0x9e,0x99,0x5f,0x28,0x58,0xc2,0x57,0xcd,0x61,0x69,0x25,0x66,0x62,0x30,0x11,0x02,},"\xec\x24\x19\x18\x41\x8e\x60\x52\x20\x42\xe6\x73\x39\xe6\x64\x94\x99\xf3\x1a\x6c\x7c\xf8\x92\x5f\x1f\x61\xdd\xe8\x94\x60\x36\x02\xae\x8b\xb5\xf5\x88\x09\x82\x1f\x83\x34\x4f\x23\xcd\x31\xe6\x4e\xc9\xff\xe7\x9a\x98\x6b\x7e\x29\xe4\x31\x9a\x63\x41\x43\x16\xbd\x6e\xe2\x0e\x02\xa5\x0d\xa4\x40\x12\xbd\x2d\x6f\x9f\x67\x9e\x88\xed\x0c\x8b\xb1\xe2\xca\xd5\x5e\x56\x57\x89\x88\x33\x45\xb7\x54\x6f\x3d\x54\xb1\xb3\x62\xb1\xc6\x50\x50\x2c\x01\x9d\x73\x13\xaf\xbc\x82\x68\x9b\x23\xa3\xa5\x2d\x8f\x1a\xf9\xf8\x1e\x18\x8d\xbd\xf2\x03\xfb\x53\x00\xb4\x22\x5b\xfb\x67\x73\x33\x7b\xe6\x75\x0b\x3d\xb8\x8c\xe0\x97\x34\x3f\x62\xee\x2c\x11\x85\x74\xef\x15\x0c\xbd\x4c\x62\x76\x0c\x3e\x43\xdc\xbc\x39\x21\x8b\xd6\xd9\x85\x65\xfa\x38\x98\x11\xb1\xa6\x74\xf6\x17\xfd\x75\x67\x33\xdc\xb5\x67\xa9\x2d\xbf\x38\x55\xb5\x7b\x1f\x4a\x46\xd5\xb8\x97\x4b\x39\xac\x0d\x0e\x24\xd9\x9d\x20\x37\xc0\x4f\x60\xd9\x14\x0f\x64\xb0\x7a\x77\xd7\xea\xa1\xce\x8a\x78\xe8\x44\xb1\xdc\xf0\xe3\x74\x24\xf3\xf9\xd2\x53\xa5\x48\x56\x1a\x03\x75\xa8\xd4\x34\x12\x97\xbf\xed\xb7\x04\x8c\x79\x35\xe1\x48\x14\x18\xf9\xbb\xa9\x27\x1f\x9f\xd6\x02\x62\x24\xe7\x8e\x05\x5d\x8a\x09\x39\xfa\x2f\xe1\xdb\xc0\xfc\x7b\x58\x3e\x4c\xff\x34\x90\xe1\xd0\xf6\x10\xb2\x52\xe3\x0d\x84\x97\xd0\x0e\x4a\xac\xb3\x75\xf1\x9a\x47\x19\xf7\x9c\xa1\xea\x58\x3a\x2f\x8b\x14\x06\xa4\xaa\x5c\xb5\x5c\x08\xb6\x59\x3b\x67\x6e\xb5\xc3\x4a\xbe\x89\x39\x2d\x62\xd2\x33\x08\xa3\x34\x8b\x57\xaf\xfb\xba\x77\x39\xcd\xe8\xe1\x90\x9d\x34\x25\xee\xb2\x09\x26\xa9\x77\xd3\xa9\x4a\x86\xe0\xba\x10\xb3\x86\x92\x66\x98\x82\x7e\x86\xb4\xfd\x6c\x61\x80\x04\x7c\x87\xec\x3b\x31\x61\x9d\x05\xa9\xdf\x34\xef\xd3\xd7\x6a\x83\x69\x62\xb2\xef\x60\x4d\x07\xaf\x09\x75\xeb\x8f\x3d\xd2\x25\x94\x32\x38\x02\x56\x4c\x92\x9b\x3f\x65\xda\xcb\x57\x2b\x32\x55\x3d\x69\xb3\x1a\x19\x76\x90\xa9\xbb\x86\x0b\x08\x0a\x77\xcf\xbb\x3c\x17\x5a\xaf\xce\x01\x46\xa8\x2a\x4d\x06\xe8\xc7\x50\x52\x1b\x72\x6e\xf1\xcb\x29\xd0\x21\xe5\x91\x5e\x5e\x84\x62\xed\xe5\x39\x54\x45\x24\x5c\x9a\xe8\x82\xee\xc4\xb1\x74\x5e\x11\x79\x1f\x76\x21\xd3\xfe\x70\x2c\xac\x15\x25\xe1\xf7\xb4\x6e\x11\x05\xcd\xd0\x6d\xa2\xaf\xde\x26\x47\x5d\xc1\xf7\x8d\xf8\xe2\xd7\x2b\x0e\xc3\xef\x7d\xd9\x56\x19\x3c\x99\x68\x42\xa4\x32\x69\x65\x38\xcf\x12\x3d\x76\x87\x21\x1f\xfc\xd0\x90\xb9\x38\x1e\xab\xec\x87\x9f\x76\x9a\xac\x0d\x35\x64\xe1\x6d\xf7\x94\xfa\x24\x72\x8d\x71\x72\xfd\x07\x73\x2e\xab\x07\x7e\xd8\x1c\x22\x08\x4f\x6f\x78\x1b\x62\x6d\xac\x67\x42\x8a\x9d\xdf\x3b\x0d\xb0\x46\x52\x51\x22\x0d\x18\xb8\xbf\x62\x04\x64\xc5\x1a\x57\x8d\xec\xcc\xbb\xab\xa5\x45\xed\x44\x2c\xf1\x2c\x4c\x66\xf6\xcb\x6e\x69\x01\xea\x54\xae\xda\x23\x6e\xc4\x5e\xef\x88\x6a\x7d\xdd\x2c\x04\x1c\xab\xa3\xa6\xce\xe3\x39\x71\x5b\x6c\xe9\x7e\x76\x5e\xc3\x47\x9f\x3d\x52\x82\x4a\x81\x94\xbe\xc2\xa8\x96\x47\xe8\xc6\x3f\xf7\x64\x5f\xf6\xd0\x53\x67\xc7\x67\xbc\x48\xcc\x96\xba\xf0\x5d\x6a\x41\x5b\x2a\x5a\xff\x9b\xfb\x21\x79\x48\xfa\xd3\x57\xb9\x8f\x47\xdf\xed\x62\xff\x12\x85\xeb\x9f\x46\x8f\x0f\x29\xed\xd7\x5a\xdc\x0c\x8c\x2f\xf6\xa5\x65\xed\xb8\xed\xfb\x48\xbe\xa0\x3b\x70\xc4\x47\x36\x9c\x52\xd8\x81\xee\xa0\xee\xdb\x08\xc3\x15\xcd\xf0\xbf\xeb\x97\x9c\x1c\x02\x50\x94\x6b\xb1\x00\xc2\x86\x6b\x41\x69\xb8\xcb\xd4\x4d\x65\x8f\x02\x36\xe1\xe9\xf3\xaa\x13\xbb\x8e\x80\x22\xa3\x8c\xe9\x97\xc9\x4b\x5b\xaf\x97\xe0\xba\x62\x1f\x7e\x09\x67\x1c\xe6\x38\xc2\xa3\x9e\xe6\xc6\xe2\x5a\x68\x80\x19\xdd\x16\x76\x75\xce\xae\xc2\x1c\x6b\x42\xa7\xc8\xc4\x76\xd1\x29\xdc\xc6\x93\xc3\x92\xa0\x2b\xe9\x1b\x87\x43\x7a\x08\xa0\xeb\xf1\xa7\xbd\x97\x6b\xa2\x37\x74\x76\x68\x38\xb8\xd6\x02\x4f\x5b\xb9\xb0\x7f\x3c\x6b\x71\x9b\x4d\xe1\x5b\x72\x44\x80\x48\xab\x70\xdb\x3d\x4b\xea\x77\xba\x35\x9b\x51\xb1\xec\x17\xdb\xe8\x01\x0a\xef\x02\x44\xa8\x07\x9c\xa8\xb9\xa2\xa7\x97\xf3\xb1\xfe\x04\x7c\x8d\xd5\xca\xb7\xfb\x48\x68\x29\x23\x9c\x4e\xf6\xd9\xa3\x83\x70\xd4\x88\xc4\x7b\x7c\x03\x0e\x49\xa5\x50\x0c\x9a\xbb\x39\xa9\xa5\xab\xfe\x72\xe9\x18\xb7\x63\x84\xec\xaa\xfe\x16\x27\x26\x6c\xd1\x4e\x69\x6c\x09\xd2\x51\x2e\x31\x25\x82\xa8\xa9\x11\xe7\xb7\xbf\xa0\x4c\x21\x81\x9a\xf6\x87\xf0\x4c\x5e\x0c\xbe\x9a\x2c\xe2\x4d\x4d\x3f\xd1\x21\x90\xb2\x53\xda\xbc\x12\xc6\x3c\xab\xfa\x94"},
+{{0x53,0x11,0xf3,0xc9,0x61,0x01,0xcb,0x8b,0x7a,0xbc,0x62,0x2b,0xb9,0x32,0x6b,0x8f,0x51,0x3c,0x2b,0x16,0xd2,0x94,0xdf,0x79,0x7f,0x56,0xdf,0xd8,0x20,0x3d,0xda,0x27,},{0x23,0x0b,0x70,0x02,0xf5,0x7c,0x79,0xae,0x2e,0x6b,0xfd,0xb8,0xdf,0x30,0xdb,0x3e,0x90,0x07,0x56,0xb5,0x4a,0xf3,0x96,0x8c,0x67,0x0e,0xe2,0xf3,0x2b,0xb1,0x1e,0x0a,},{0x3c,0xbb,0xb2,0x60,0x88,0x70,0xde,0xa1,0xef,0xee,0xbb,0x3f,0xbf,0x68,0x1e,0x27,0x70,0x5c,0x35,0xe4,0xdd,0xee,0xa8,0x6c,0x1b,0x34,0x2a,0x77,0xdc,0x29,0x6b,0x49,0x84,0x19,0x80,0x8e,0xac,0xbc,0x78,0x85,0x56,0x11,0xff,0xbc,0x92,0x65,0xa7,0x47,0x98,0xe5,0x18,0x27,0xe6,0xe5,0xd8,0x11,0x81,0x6d,0x3c,0xa2,0x1e,0x8b,0x9c,0x06,},"\x61\xb1\x5b\xe3\x7c\x4e\xb3\x97\xd9\xe7\x7e\x00\x15\x1a\x28\xed\x3e\x86\xd5\x0a\x95\x52\xbb\x48\x50\xb6\x21\x76\x3f\x01\x2e\x7e\x77\xbb\x5d\xb8\xf3\xdf\x7d\xcf\x76\x9f\x2d\x1d\x46\xd8\xd6\x0b\xae\x40\xc8\xca\x6e\x25\xc6\x41\x0b\x60\x07\x8a\x93\xfd\x05\x90\x21\x14\xbd\x91\x04\x5c\x06\x19\x2c\x70\xc4\x2c\x9f\x41\xf8\x16\x1c\xa4\x65\x64\xeb\xc2\x1a\x4b\xdd\x81\x90\xeb\xa2\xae\xb3\x09\x82\x30\x72\xec\x2c\x02\x00\xce\x64\x98\xf9\xd7\x2b\x37\xb3\xfb\x46\x67\x74\x32\x6d\xf3\x7a\xd8\x80\xd8\xed\xdb\x32\xaf\x67\x3e\x45\xd8\x8e\xec\x49\xb1\x57\x7b\x43\xb8\x63\x91\x11\xc2\xe0\xb9\x41\x87\xd2\xd4\xe0\x17\x3c\x00\x0f\x4c\x37\xbe\x84\x5d\x68\x81\x0b\x78\x89\xff\x2a\x04\x9f\x3f\x9f\x24\x5e\xc7\x0f\x21\xde\xf9\x77\x80\xb6\x11\x40\x0a\x83\xc3\x1a\x79\xd9\x3a\x8e\x98\xb6\x08\xfd\xcf\x24\x88\xb0\x68\xfe\x1a\xe4\x21\x72\x93\xa9\x36\x7b\xb7\x34\xb5\xbc\x7b\xd8\x81\x9b\x37\x7f\x09\x0b\x4f\x8f\xdb\xff\x50\x79\x9c\x76\x88\x0d\x19\x13\x35\x80\xe1\xdd\xfc\x2b\x9b\xaa\xdd\xba\xb3\x4f\xc6\xfd\xc0\x78\x01\x4b\xd1\xff\x73\x9d\xaa\xfe\x54\x76\xf3\xf7\x9d\x4d\xbe\xc2\x16\xfa\x76\x80\xee\x8e\x84\x00\x2d\xcb\x9d\xdb\xc7\xfc\x1e\x1c\x8e\xf4\xf1\xb2\xa2\x08\x1b\x92\x82\x24\x3d\xa6\x15\x3c\x1f\xce\x09\x05\xcf\x35\xf8\x3a\x68\x4c\x01\xb0\x45\x57\xec\x84\xf7\xe9\xa9\x4f\xc2\x88\x2e\x2f\xf1\x9f\xea\x21\xd2\xce\x61\x67\x86\x1c\xe0\x1d\xf8\xb8\xd3\xc3\xe8\xd2\x55\x61\x0b\x7a\xf2\x59\x6c\xd5\xcf\x00\x16\x73\x49\x42\xcc\x71\x4c\x27\x2c\x05\xfd\xa9\xd3\x47\x23\x62\x66\x46\xa4\x61\x30\x18\x2c\xeb\xcf\x17\x9e\xc0\x0a\x6a\x17\x3b\xd8\x57\x7f\xa8\x45\xc4\x4d\x19\xc6\x99\x79\x44\x75\x5f\x2b\x4e\x46\x85\x63\xa7\x5e\x90\x16\x52\x3b\x87\xdd\xac\x3e\xee\x21\xbc\xbc\xa0\x8f\xcc\x29\x54\x6a\x43\xcb\xe0\xd8\xd1\x0a\x0e\x8d\xdc\xba\x17\x2d\x1d\xed\x15\x03\x78\xe1\x8b\x36\x8c\x77\x63\x91\x3e\x4b\x40\x70\x12\xfd\x76\xa8\x72\xd2\xcb\x04\x93\x0b\x8e\x22\xb3\x08\x24\x3d\x4c\xc2\x78\xfd\xf2\xe1\xf9\x40\xae\x89\xac\x89\x1b\x9e\x06\x61\xae\xe5\x53\x93\x7b\xf3\x50\xb4\x07\x07\x0a\x1b\xdf\xc4\xf7\xa3\x78\x7e\xf3\x99\xd2\xca\xf4\xec\x74\x43\x9c\x58\x73\x76\xc7\x7b\xe0\xc3\xde\x53\x9d\x3a\xc2\x60\x89\x76\x5b\x9b\xe1\x0b\x90\x38\x69\x46\x36\xe2\x62\xd7\xba\xa0\xb3\xa8\x94\x1a\x20\x15\x96\x76\x39\xf6\x04\x4c\x67\xe5\x9b\xc8\x1c\xf2\xfb\xa7\x04\xac\x0d\xf4\x8d\xa6\x03\x74\x05\xa8\xe8\xb8\xa7\xce\x3c\x58\xef\x38\xa8\x83\x53\x8b\x24\x7f\xfe\x18\x09\x7a\xf0\x95\x24\x2b\x05\x8b\xdd\x1e\x3e\x24\x5e\xec\xe0\xa7\x1b\x75\xb9\x7d\x52\xf2\x0d\x6d\x51\xbb\x97\x66\xb0\xda\x0f\xc0\x9c\x8a\xc2\xa3\x0f\xb6\xe7\xb3\x2e\xe0\x6d\xad\xf4\x6d\x73\x59\xcc\x06\x6a\xa9\x47\x85\xd8\xa8\x82\xff\x09\x7d\x78\xa8\x6b\xe2\xd4\x56\x00\xdd\x3d\x30\x60\x12\x5f\x01\xc0\x63\xe4\x88\xd5\xc3\xef\xee\x1b\xca\x1e\x58\x51\x64\x55\xff\xca\xec\x1b\x81\xef\x43\x38\x76\xbf\x09\xff\xa5\x1d\x6f\x50\x18\x58\x52\x24\x57\x9c\xb6\x7b\x56\xce\x1c\x21\x6e\xc0\xa8\x83\xe0\x6c\x8e\x15\x63\x42\x1e\xa7\x2b\x0c\x10\xd4\xbb\x31\xe4\x91\xc2\xae\x2f\xe8\x13\x9f\x24\x9e\xc9\x27\xd8\x06\xba\x08\xdb\x52\xb1\xb5\x06\x66\x90\x47\xf0\xc1\x16\xff\x37\xac\x5b\xa6\xcd\xb1\xea\xaf\x33\xfd\xad\xb0\x70\x5c\x79\x9d\x35\xac\x6d\x9c\x80\xda\x90\xc1\x43\x8b\x58\x5f\xfd\x59\x35\x0a\x26\x86\xb1\xec\x35\x16\x6c\xb9\xb6\x9a\xd0\xf5\x65\x86\xaa\x03\x27\x4d\x78\x2e\x3f\x85\x8d\xb6\x4a\xdf\xbf\x04\xd5\x22\x8a\x7b\x1c\x4a\x20\x48\xbb\xcd\xb9\x41\x15\x3a\x43\x6d\x74\x2c\x38\xb5\x8b\x4d\x7d\x13\xc9\xf1\xd6\x0e\x15\x2a\xa2\x79\x23\x49\xa3\xd9\x4e\x7e\x6b\x11\x04\xaa\x1b\x87\x09\x98\xc1\x8d\xd7\x06\x56\x54\xa8\x52\x81\xbb\x6f\x02\x7f\xaa\xd5\x56\xb1\xf5\x32\xe7\xa1\xe2\x2d\x56\x40\x69\x28\x95\x87\xa0\xef\xc9\xc1\x58\x5d\x13\x5f\x31\x23\x3c\x41\xf4\x40\x46\x6e\x71\xfe\x90\x12\xe5\xf9\xa0\xd7\x4a\x72\x82\xee\x39\x2f\xb0\x16\x5d\xb7\x9f\xf1\xd3\x17\x6e\xd0\x8a\xfe\x1d\xaa\x66\xcf\xbf\x43\x05\xae\x16\xac\x17\x92\x33\x43\x99\xf7\x1b\x19\x17\xdd\xec\x27\x0a\xcf\xf6\x65\xea\x05\xd1\x84\xc2\xc5\xcd\x2c\xcd\x90\x2b\x22\xf9\xb7\x19\x5e\x66\xa6\x55\x56\xca\x88\x4b\xa6\xf5\xda\x04\xdc\xd4\x61\x7f\x33\xdc\x2b\x44\xa0\xea\x74\x2a\xeb\x2b\x93\xf3\xa4\x1d\xf7\x95\x7a\x02\x67\x97\xa5\x85\xce\xee\x81\x4b\x19\x75\xf5\x23\xd2\xdb\x5d\xbb\x9b\xe0\xca\x64\x9d\x1d\x45\xdc\xfd"},
+{{0xd2,0x90,0xff,0xd9,0x33,0x95,0xbd,0x5f,0xc5,0x87,0xd1,0xab,0x51,0x18,0x66,0xe7,0x2b,0x37,0x1a,0x17,0x35,0x73,0x2d,0x9d,0x5c,0x6a,0x18,0xdd,0x46,0x5e,0x93,0x63,},{0xfd,0x4a,0xad,0x73,0xb0,0x32,0x46,0x1c,0xa0,0xaa,0xe8,0x71,0xca,0x70,0x16,0x38,0x3b,0x2b,0xe0,0x16,0x90,0x53,0xfd,0xbf,0x6c,0x59,0x14,0xfd,0xd6,0xdd,0x6f,0x92,},{0x21,0x70,0x4d,0x5e,0x62,0x6d,0xcf,0x6a,0x9d,0xcd,0xef,0x93,0x54,0x29,0xeb,0x7f,0xb5,0xb2,0x57,0xee,0xcd,0x7b,0xf7,0x4a,0xcb,0x0c,0xd3,0x0e,0xcf,0xcf,0x60,0x8d,0x0c,0x5b,0x63,0x3a,0x4a,0x8a,0x9b,0xa2,0xcc,0x82,0xa2,0x1e,0x03,0x35,0x5e,0x01,0xd8,0x5d,0xae,0x7e,0xca,0xc8,0x89,0x6d,0xc1,0x5d,0xae,0x04,0x85,0x70,0x71,0x04,},"\xeb\xd9\x00\xbc\x91\x0c\x5e\xcc\x4d\x97\xda\xf7\xcb\x5e\xbb\x54\x91\x50\x0b\x7a\xd1\x16\xe3\x06\x60\x95\x07\x09\xd8\x08\x4b\xb6\x43\x4c\x5b\xea\x4a\x8c\xcc\x1e\xd5\xa8\x01\xbe\xbb\x1a\x11\x78\x78\xc0\x37\x47\x00\x3e\x14\x8e\xd9\x14\x34\x83\x2e\x89\x66\x24\x1a\x7f\xff\x22\xfe\x1d\x6d\x8c\x3c\x3d\xdd\x72\x15\xa1\xef\xaf\x4b\x07\xaf\xee\x1b\x25\x67\x3a\x14\x39\xea\xac\x32\x4e\x89\x5d\x4b\xe8\x39\xe9\x76\xc0\x3a\xc0\x01\x25\x48\x76\x88\x8c\xca\xaf\x39\x12\x72\x7a\x60\x10\x6a\x87\xbe\x69\x24\x7c\x9e\x43\x8c\x31\xfc\xa8\xd9\xc6\x1b\xae\x36\x8c\x83\xe4\x09\x01\xa9\x97\x00\xdf\xf8\x39\xb5\x13\xba\x8d\xc4\x2d\x93\xce\x09\x87\xa2\x33\x34\x70\xa9\xf9\x83\x31\x3f\x91\x98\x86\x59\xda\x54\x03\x9e\x49\x9c\xd1\xaf\x2b\x8f\xa0\xeb\xe7\x50\xe2\x4d\x55\xc2\xa5\xbd\x1a\xde\x3f\x68\x00\x92\x54\x2b\xd1\xbe\x0b\x97\x35\xba\x39\x3a\xd5\x69\x7d\x24\x1e\x8e\x8b\x28\x64\x6d\xb2\x7d\x2f\xb5\xa9\x40\xe8\xfa\xea\xf0\xb6\xc9\xef\xda\x88\x61\x5d\xec\x89\x1c\xe7\x32\x93\x08\x13\xbf\xbb\xd0\xbc\x5f\x82\x10\xab\xe8\x43\xbe\xb5\xe4\xf0\x28\xf4\x9b\xea\x34\xf1\xe5\xb0\x9e\xac\x4c\x66\x62\xc7\x4f\xba\x39\xde\x4a\x96\x02\xa9\x69\x4a\x85\xc7\xc1\x37\x5f\xda\xdf\xda\x6a\x19\x57\xfc\x5b\x59\x87\xa6\x87\xb0\x39\x95\xe5\x16\x97\xa1\xab\x5b\xb6\xcb\x11\xb6\x63\xc1\x37\x2f\xad\xe4\xc0\xac\xa8\xfb\xeb\xb4\xeb\x54\xce\x7c\xe3\x6c\x69\x04\xea\xf6\xea\xb2\xf3\x4f\xac\xd8\xc7\x68\xc8\xd3\x6d\xa2\x39\x7b\x1a\x02\x73\x5a\xea\x72\xcf\xaa\xd0\x39\x34\x10\xdb\x52\x7a\x8a\xb2\x36\xd4\xcd\xab\xdc\x88\x8f\xac\x6f\x18\x21\x48\xb1\x32\x61\x44\x25\xd3\x90\xff\x03\x6e\x54\x85\x5e\x42\x03\xc5\x12\x03\xc1\xf4\x3e\x37\xbb\xf6\xb9\xbf\x27\xf5\xb7\xe7\xc6\x65\x15\x14\x65\x40\x1a\xc3\x2c\xbe\x9e\x33\x50\x53\x5e\xdf\x48\xa7\xbc\x36\x03\xe2\x23\x2e\x93\x8f\x9a\x81\x5a\xc4\xd1\xde\xec\x99\x1e\xf9\x62\x09\x48\x44\x1f\x7a\x2f\x4a\x46\xe2\xc4\x00\xab\x91\x4c\x4b\xe5\x1d\xca\xad\x8e\xd8\x23\x9c\xbb\xe9\x77\xa9\xf0\x9c\x02\x69\x83\x19\xd9\xfe\x2a\x8c\x6e\xb6\x0b\x79\x9f\x29\xae\x76\x59\x97\x0d\x2e\xbd\xff\x3c\x6c\xf7\x09\xbb\xf6\xf4\xbb\x55\xb9\xdf\x4f\x61\xa2\x41\xde\xc1\x44\xb5\x99\x3f\x08\x7e\x78\x4b\x97\xbe\x1e\x53\x60\x8c\x2e\x81\x7c\xe3\xd9\xaa\xf9\x14\xe6\xb7\x23\xf5\xb4\xaf\xff\xd2\xa6\xb9\xfe\x9d\x2d\x73\x91\x5c\x7a\xd1\xff\xb1\x3e\xfc\xb7\x3c\x56\x23\x81\x95\x64\x52\x03\x98\x4c\x99\xaa\xfd\x02\x35\xf7\x3b\x3f\x88\x2e\x07\x39\x39\xbf\x78\x66\x57\x28\x01\x38\xdb\x05\xb8\x6f\xcc\x94\x60\xb3\x85\xef\x45\x59\x20\x4e\xcd\x81\xe2\xf1\x2f\x5f\x06\x2a\xa4\x48\xdc\xcc\x82\xea\x8d\x89\x46\x6d\xd1\xbe\x46\xf8\x2c\x4f\x87\xbf\x0d\xb2\xb8\x78\xac\xbb\x0d\x91\x12\xc8\xdb\x6f\x51\xd3\x5f\x6d\x42\xf7\x49\x85\x6b\x99\xe5\x50\xb6\xc4\x54\xe9\xe8\xbe\x4d\xa1\x75\xf0\xb5\xe8\x6b\xe6\x6c\x97\x9f\xd8\x78\x23\x7e\x57\xf6\x91\xf0\xd2\xac\xd0\x28\xfb\xff\xa5\xb0\x66\x87\x75\x03\x4d\xb1\xf2\x1d\xdb\xe7\x11\x4e\xe3\xdc\x0b\x44\xda\xca\x64\xc5\xa0\x3a\x2f\xee\xae\xab\xeb\x70\x63\xbf\xcc\xcc\x55\x9b\xaf\x27\xf1\xcc\xb2\x20\x2f\xa4\xd1\xb2\xbf\x44\xc0\x4b\x2c\x2f\x81\xf9\x4e\x28\x1b\x1a\x5a\xdc\x85\x0d\xa1\xb9\x47\x9f\xca\xbd\xda\xde\xa5\x6a\x11\x5b\xb5\xf0\x6c\xc0\x16\xf1\x41\xc0\xfc\xb5\xe8\x3a\xb2\x48\xea\xec\x90\x15\x8d\x8b\xe6\x47\xaf\xf1\x2e\x7e\xeb\x5e\x57\xdb\xcc\x29\x3c\xb3\xb6\xaa\xcb\x55\x23\x6d\x4a\x83\x9a\x06\x20\xf4\x76\x23\x87\xdd\x17\x14\xdf\x5c\x13\x5e\x3d\x9d\x68\x24\xf9\x3b\x7c\x90\xd3\xae\x38\xc5\x18\xd6\x07\x12\x0c\x83\x95\x70\x41\x3b\x46\xb8\xcc\xd7\x37\x04\x92\xd8\xae\x5c\x60\x9e\x00\xcf\x82\x51\xe2\xe7\xdf\x81\xe5\xb4\xf9\xc1\x6a\x5a\x53\x9f\x0a\xfc\xce\x41\xbb\x43\x62\xe5\xea\xa5\xf9\x40\xa1\x70\x6f\x4a\xfb\x6b\x14\x43\x2c\x81\xd4\xba\x1a\x33\xd3\x22\xdb\xf1\x06\x45\xab\x63\x73\x7e\xad\xc8\x6f\xe6\xe0\x97\x6f\x76\x33\x97\xfb\x89\x86\x37\x59\x5d\xfd\x36\x93\x47\x92\xd7\x79\xe2\x4c\x2a\x3f\x0b\xac\xf5\x3e\x04\x73\xc5\xfd\xa9\xc6\x12\x84\xe4\x41\x9b\xdc\x0e\xef\x5d\x22\xf4\xd9\xbf\x42\xe8\xc0\x49\x33\xbb\x93\xb5\x3c\x29\x5d\x7a\xc9\x39\x5a\xbb\x6d\xcb\xd7\x42\xb1\xe1\xbc\x3b\x0e\xa4\x43\x4e\xa2\x1b\x8e\xca\x9a\xe6\x82\xd3\x31\x5a\x41\xe9\xc3\xc3\x37\x18\x40\x76\x1d\xc5\x9c\xac\x45\xda\x7e\x38\x13\xe2\x87\x88\xdc\x89\xde\x35\x5b\x5a\xee\x08\x80\x90\xa3\x8d\xd3\x9d\x83\xe5\xe4"},
+{{0xd7,0xfd,0x73,0xd1,0xd2,0x29,0xa6,0x58,0x94,0x42,0x0e,0x4b,0xa7,0x34,0x27,0x0d,0x5a,0x20,0x75,0x83,0x64,0xde,0x89,0x7d,0x85,0x55,0xe2,0x41,0x97,0x45,0x3c,0x19,},{0x3c,0x22,0x77,0x2a,0xec,0x0a,0x0c,0x15,0x59,0x07,0x7f,0x2c,0xfd,0x1f,0x24,0x65,0xd4,0xb4,0x84,0x95,0xc5,0xd0,0x5f,0x1f,0x83,0x7c,0x31,0x84,0x5f,0x34,0xca,0xd1,},{0x40,0x0c,0x35,0x05,0xf1,0xdf,0xa8,0x0d,0xf4,0xb2,0x6d,0xb2,0x4c,0x02,0x7e,0xb8,0x19,0x77,0xf0,0xfb,0x9b,0x5a,0xca,0x52,0x4a,0xd5,0x12,0x00,0xf4,0xbf,0xb1,0x33,0xdb,0x83,0x48,0x23,0x31,0x41,0x95,0xf4,0xed,0xc2,0x92,0xd5,0xf5,0x30,0xd0,0x85,0x56,0xe7,0x80,0x9c,0xaf,0x23,0x39,0x76,0x8a,0xa3,0x80,0x29,0xfd,0xbc,0x28,0x0f,},"\xc9\x22\x58\x59\xd5\x55\xbc\x42\x01\x1a\xf1\xb4\xf1\x49\x98\xe6\xe9\xb0\xa6\x5e\x21\x72\x71\x3e\x96\x83\x80\xfb\x6c\xee\xdd\xa2\x2e\x02\x2c\x51\x30\x30\x31\xd9\x93\x1c\xce\xf2\xf7\xbc\x70\x5c\x9e\x21\x5c\x1d\x08\x9d\x48\x8d\xad\xda\xee\x15\x5c\x93\x9b\x62\x02\xca\x53\xbf\xc7\xf6\xe8\x8e\x15\x29\xd8\x2f\xb4\x5e\x02\xb5\xd0\x5a\x82\xbb\xb9\xdb\x5f\x41\x5c\x58\xba\x8b\xd5\x6c\xff\xd9\x22\x70\xb2\x47\x49\xe5\x6d\x12\xc9\x9a\xe9\x0c\x78\x00\xf5\x4f\x55\x25\x4e\xa4\x2d\xa5\xdc\xfb\xe0\xe1\xd9\x89\xcd\x2f\x68\x97\xe2\x32\xdf\x04\x70\x7b\x34\xaf\x75\xfa\x7f\xec\x33\xe5\x5e\xd5\x6a\xee\x39\xc2\x2b\x04\x5b\xed\xd1\x61\x08\x3b\xc5\x51\x4c\x1f\x81\xca\x90\x7b\x7c\x76\x03\x17\xa7\xfd\x5a\x5a\x02\xa5\xd4\x0e\x2e\x82\x3e\x24\xad\x96\xae\xf6\xda\x8e\xa9\x82\xb5\x16\x1c\xc3\x9d\x84\xaa\x2f\xfd\x95\x44\xc1\x1b\x63\x40\x37\xab\x0a\x1c\x8e\x36\xac\x63\x01\x9d\xa1\xb2\xd9\x95\xcb\x7b\xd3\xd6\x2f\xe5\x74\xde\xab\xcc\xbd\x0d\x3a\xe7\xa5\x6e\x5b\xec\x91\xe4\xba\x3f\x3d\xb8\xbf\xea\x88\xe6\x7d\xa6\x2e\x88\x27\x8a\x6e\x3b\x41\x8d\xce\xea\x05\x89\xf2\x5f\x7d\xd8\xad\x19\xdd\x84\x50\x89\x41\x9b\x47\x2e\xfc\xcc\x87\x9c\x17\x2b\x32\xee\x4a\x4d\xbc\x2e\x6c\x2e\x86\x5b\xb3\xb8\xca\x0a\xdc\xb7\x1f\xdf\x89\xe1\x97\x39\x10\xef\x24\x29\x15\xf3\x3e\x23\x6d\x2f\x7c\x8e\x9f\x1e\xe5\xb0\x7c\x6e\x3c\x25\x36\x0f\x8c\xb1\x46\x0b\xe8\x7d\xb3\x1a\x29\x1d\x4d\xee\x34\x95\x3e\x75\xc6\x75\xbf\x18\x1b\xb7\xa0\xb7\xb5\xc1\xbe\xfd\xc8\x6a\xda\x07\x2a\x48\xf6\xac\x75\x5d\x49\x9b\xd6\x8d\x62\x5d\x85\x14\x52\x5c\xc3\xab\x8f\x54\xce\x15\xa8\x71\x29\x17\x78\xde\x13\x05\xd2\x21\x93\x61\xaa\x30\xe3\x32\xa2\xe0\x69\x07\x7c\x5c\x53\x45\x75\x20\x37\x9d\x8b\x90\xd2\x4b\xd8\xa3\xa7\x70\x0f\xf7\x66\x23\x1c\xb5\x69\x7f\x9a\xce\x52\x1a\x99\xe8\x96\xda\x54\xc4\x07\x93\xbc\x7c\x1f\xb1\x58\x4b\xb1\xc8\x61\x94\xd2\xfb\x7a\x4b\x80\x2f\x30\x88\x5e\x0e\xe8\xaf\x88\xd6\x88\x6e\x3a\x3a\x4d\x4c\x85\x46\x49\xcc\x01\xab\xdf\x35\x31\x9a\x08\x56\xcc\x65\xd0\x92\xa3\x86\xf8\x86\x96\x25\xcd\x0a\xca\xc0\x87\xe9\x35\x17\x90\xcc\xb4\xa8\x65\xf6\x51\xa8\x81\xc3\xeb\xf1\x09\x07\x27\x74\xf9\x40\xf5\xaa\x98\xa2\xa2\xaa\x3d\xd3\x66\x47\xd0\xde\x83\x00\x1a\xa7\xcd\xc0\x31\xcc\x4a\x4d\x75\xdc\x11\xce\x55\x16\x76\xa2\xad\x43\xa3\xf6\xa1\x6a\x4b\xc5\xae\xe8\x0e\x53\x64\x20\x60\x87\x36\x4e\xb8\xb2\xb1\x5f\xb7\x05\x38\x0a\x07\x2d\x7c\x8b\x51\x99\x59\x43\xaa\x76\x2e\x8d\xeb\x4c\x56\x8c\xda\xa1\x41\x1a\xb6\x8f\x28\x48\x9e\x13\x23\xbb\x61\x56\xce\x25\x00\xb0\x6e\x77\x93\xc5\x10\xa3\xde\x29\x15\x08\x40\xbf\xdb\x0b\x2b\x7b\x21\xc2\xbb\x8a\x77\x46\x16\x7c\x92\x9d\xd0\xad\xad\x44\xfe\xd8\xf3\x6e\x83\x81\xb3\x42\x08\x0b\x2a\x7d\x82\xa3\xf8\x1f\xf7\x26\x30\xcb\x78\xdf\x91\xf7\xb6\x5a\x44\xef\xf6\xed\x64\xd4\x8a\xfe\xd1\x09\xdd\x7a\x69\x3a\x1b\xa8\xc3\x7e\x00\x8f\xcb\x15\x7e\x37\x29\x7d\x32\xeb\xa7\x65\xa6\xc7\x19\x3e\x73\xbd\x97\x64\x79\x85\xb1\x60\x38\xc7\x4a\x08\x4a\x8f\x25\x65\x4c\xd8\xcd\x2c\xdd\x27\xff\x17\x33\x4e\x06\xad\xaa\x05\x82\x64\x01\x7a\x3b\x2d\xa7\x8e\x57\x38\xa2\x7e\x35\x0d\x88\x2f\x5f\xae\x19\x92\x78\xd4\xe5\x0b\x8b\xad\xf5\x7c\x21\x41\xdf\xdc\x3c\xff\x99\xdf\x5d\xe8\x6f\xec\x29\x3c\x76\xcb\x94\xb6\xb1\x9b\xa3\x03\x4e\x46\x0f\x84\xc2\x80\xa2\xe6\x41\x2f\xab\x56\x98\xce\x89\x02\x07\xca\xba\xbc\xa0\xa9\x5b\x5a\xd5\x33\xce\x11\x4b\xf7\x1a\x40\x4a\x87\x59\x0d\x35\xfa\x7c\xed\xba\x43\x13\x1c\x4e\xe9\x23\x44\x83\x9f\x25\xcb\xfa\xeb\x12\xae\xeb\xc8\x04\x08\x93\x95\x1a\x34\x6b\xd2\x8f\xdd\x16\x7b\xd2\x0f\x71\xa1\xe5\x9f\xb6\x0d\x55\xe1\xc5\x67\xf4\x78\xf0\x27\xcf\x67\x9a\x37\xd1\xd9\xdb\x86\x7e\x17\xbf\xdd\x60\xb3\x47\xd8\x9d\x32\x26\x39\xd3\x15\xbb\x7a\x2c\x91\x34\xf0\x0e\xa0\x3a\x36\x7f\x30\x5e\xa4\xd6\x0d\xc9\xd5\x67\xcf\x92\x48\x51\xe4\x69\xea\x95\x4e\xd3\xea\x63\xea\x86\x06\xf7\x9f\x07\x73\x39\xbf\xa2\xb5\x1a\xe4\x9b\xaa\x0f\xb2\x53\x77\x82\x1d\x7c\x11\xef\x9a\xd4\xbb\x4c\x0f\xe4\x89\xac\xba\xb0\xef\x00\x0d\x61\x8c\x7a\xf5\xef\xd2\x05\xd6\x85\x99\xfc\xbd\xd9\x5e\x28\xf8\x36\xe0\x91\x6f\x9f\xf5\x48\xd0\xba\x17\xda\x62\x53\x6e\x74\x64\x68\x01\xee\xb6\x12\x2b\xa3\x2c\x41\x07\x3a\xe0\x4e\x42\xc6\xc1\xd5\xd8\xd2\x29\x76\xa5\x62\x26\xdd\xf4\xb6\xac\x95\x45\x5f\xb5\x30\x99\xf2\x02\x15\xb2\xeb\xc9\x07"},
+{{0xfd,0xa7,0xcb,0x08,0x40,0x16,0xba,0x51,0x3c,0x7c,0x4f,0x8f,0x71,0x80,0x48,0x0b,0xb1,0x81,0xe9,0x56,0x95,0xea,0x68,0x73,0x7f,0xa3,0x4a,0x40,0xec,0xbd,0xf3,0xef,},{0xa2,0xde,0x3a,0x0e,0xf9,0x72,0x98,0xfd,0x71,0x61,0x06,0xe2,0xf3,0xf5,0x45,0x13,0x05,0x7a,0x40,0x07,0x2d,0x23,0x4c,0x35,0x18,0x15,0x4c,0x1b,0xd1,0x2d,0xe0,0x37,},{0x33,0x61,0x4b,0x7a,0x94,0xf7,0x5e,0x03,0x65,0x34,0xd7,0x6e,0x30,0x14,0x7e,0xcc,0xdd,0x2a,0x04,0xe0,0x0c,0xd4,0x70,0x4a,0xb6,0xe8,0x07,0xd6,0xa2,0xac,0xc1,0xe1,0xd9,0x63,0xb8,0xee,0xe0,0x81,0x0d,0x41,0x2d,0x9d,0x56,0xe5,0x45,0x56,0x30,0x2b,0x10,0x73,0x0c,0x15,0xab,0xf8,0x9c,0x29,0xa0,0x27,0x30,0x3e,0xa8,0x8a,0xe7,0x01,},"\xc2\x1b\xb3\xf8\xe3\x7b\xef\xa3\x67\xc9\x13\x67\x31\x01\xba\x30\xd3\xb5\xc7\x4b\xd8\xbd\xb0\x9c\xd2\x86\x40\x01\x2d\xb4\x11\x20\xc2\xbc\xc4\x08\x5d\xe2\xa0\xf9\x5c\x92\x15\xdd\xef\x8c\xb5\xfc\x8d\x8b\x12\x51\xb4\x15\x27\xc6\x7d\xfa\xa3\xf9\x5b\xa3\x57\x83\x91\xea\x5a\x66\x29\xa7\x33\x09\x5f\xd0\xa4\x3f\xdb\xa4\x0f\xfe\x26\x0f\xff\x82\xac\xee\x2e\xbe\x98\x0e\x9e\xce\xcc\xfe\x7e\x10\xb2\xed\x8c\x2e\x6b\x41\x0d\x54\x7a\x12\x86\x57\x1d\xf3\xd7\x01\x17\x4e\x57\x9f\xcf\x19\xd3\xbd\x80\x86\xc0\x42\x3f\x37\x11\x77\x89\xf3\x05\xd9\x67\x0a\xd2\x8c\x99\x67\x4f\x52\xcf\x64\x21\x1a\x08\x1d\x0c\x6c\x30\x96\xda\x2c\x71\xbf\x5f\x57\x99\xa7\x91\x0e\x6f\x38\x10\x4a\x37\xa6\x55\x7c\x2d\xae\xf3\x40\x81\x4a\x1f\x83\x0d\x59\x37\x73\xc6\xcf\x48\xd8\x3e\xa0\x72\x94\xb9\x4e\xb0\x80\xb8\x5d\x69\x70\xe2\x8f\x40\x51\xd5\x06\x6d\xb1\x0e\x96\x19\x73\xa6\x26\xa8\x26\xae\xaf\x8a\x06\xec\x0d\x56\x6b\x7e\x0c\x4e\xf6\x0f\x0c\x56\x78\xfc\xbb\x5b\x2a\xc6\x3f\x7b\xed\x06\x44\x8a\x24\x7b\x3d\x42\x7b\x87\x08\x6d\x33\x57\x3f\xb2\xd7\x22\x8c\x5c\x34\xea\x66\x40\xee\xfa\x95\x64\x48\x5a\x79\x63\x8e\x9c\x97\xc0\xaf\x84\xcf\xee\x7c\xe4\xa7\x39\x22\x0c\x84\x29\xe0\x67\x14\x39\x53\xd5\x50\x66\x8d\xad\xc8\x4e\x7b\xed\x9a\xb0\x70\xa5\x94\x33\x90\xc6\x11\xd7\x5b\x1c\xb1\x28\x73\xa3\x7d\x98\x50\x66\x1a\x00\x77\xbf\xa9\xca\x9b\x8b\x26\x37\x66\xc1\x49\xff\x0e\xe4\xb4\xad\xba\x25\xea\xf7\xd7\xf5\x01\xf3\x62\x45\x42\x56\xbc\x12\x69\x37\x8e\xf3\x35\x9a\x8e\xd6\xb9\x60\xb8\x66\x21\xfa\x3b\x61\x3e\xb1\x32\x12\x2f\x49\xf2\xeb\x2c\xeb\x68\x32\xa3\x99\x1e\x96\x1c\xb0\xe7\x8b\x74\x2e\xf4\xd6\x5e\x8d\xe3\x46\x96\x66\xfe\xc7\xc5\xb8\x74\x78\x95\x71\xc5\xc9\x9a\x2c\x02\xa0\x53\xff\x7d\x2f\xc9\x00\x76\xba\xfe\x1f\x26\x7f\xa8\x1a\x39\x90\xf2\x7f\xf1\x4f\x03\x00\x0a\xf0\x0c\x59\x28\x6c\xb9\xbb\x98\xe2\x04\xe9\x01\x90\xae\x2a\x50\xed\xef\x04\x9e\xa9\x2a\x1f\x78\x50\x88\xf9\x4a\xdf\x65\x88\xfb\x43\xbb\x40\xfb\xe2\x32\x42\x35\xcc\x7e\x16\x8b\x80\x26\x4b\x06\x9f\x94\x4f\x50\x36\x92\xc9\x49\x23\x4d\x5b\x76\xbc\xff\xab\xe2\x9f\xf9\x06\x4b\xd7\xcb\xed\x9e\x00\xe5\xb7\xfd\xda\x43\x12\xeb\x80\x14\x65\xf1\x27\xd0\xca\x68\x83\x2a\x7f\x4e\xd0\xea\xed\x8f\x55\x9c\x16\x31\xcd\x4d\x34\xf0\xdc\x41\x4d\x9f\xcf\xe8\x49\xa9\x1e\x25\xf3\xe0\xff\x01\x3a\x8c\xff\xa8\x06\xed\x8e\x93\xd0\x8a\x1e\x5a\x75\x76\x82\xca\x3d\x26\xab\xc8\x69\xc7\x6f\x1c\x79\x00\x7d\x55\x9d\xfe\x67\xe7\x8d\x8a\xf0\x19\x58\x08\xb0\xe7\x71\xc7\x1e\x64\xb5\x71\x6f\xb3\x63\x09\xc2\x50\x25\xfa\xe6\x41\x4c\x28\xbb\xdb\xd4\xde\x59\x7a\x74\x99\x6c\x9d\xa9\x74\x92\x0d\x59\xe6\xf4\xc2\xed\xfe\x11\x0f\xf8\x17\xfd\x48\x0a\x50\x80\x97\x80\x48\x86\x57\x12\x05\x8c\x5f\xe7\xb5\x60\xb1\x2b\x67\xf7\x37\xea\x6e\x2a\xf9\x24\x2c\xf0\x7a\xd0\xa8\xa6\x79\xf2\x64\x30\x04\x6a\xdc\x3e\x70\x66\x4c\xc9\xc0\xee\x5a\xbc\xef\x6d\x72\x6b\x4e\x04\x17\x60\x48\xb7\x95\xbe\x12\x85\x1b\xdb\x74\x00\x3a\x13\x20\x41\x19\xb8\x68\x64\xd6\x53\x5b\xa0\x95\x04\x0a\x85\xd9\x78\x1c\xf4\xf3\x48\x0a\x30\x4e\x22\x7f\x78\x7a\xd5\x38\xe6\x8f\x4b\xab\x01\x41\x79\xe3\x0d\x3f\xde\xf9\xef\xf1\x1b\xcf\x47\x1f\xa3\xa0\xbc\x74\xb5\x57\x6f\x30\x2d\x3a\x6b\x49\x9f\x11\xf2\xef\x32\x6a\xc0\x26\xc9\x8d\xb1\x0e\x27\x41\x41\x3f\x32\x22\x28\xb3\xcf\xf0\xf3\x37\xba\x2f\x29\x4c\x78\xef\x73\xf0\xe8\x77\x87\x8f\x8f\xc7\xff\x6d\x10\xbc\xe6\x6a\xd6\x28\x43\x79\xb8\x0c\xa8\x93\x27\xd4\xdb\x0b\xf1\x4e\x6d\x8f\x01\xb2\x2a\xb2\x02\xb7\x16\xcc\x07\xe3\xc8\x86\x6d\x16\x8a\x50\x94\xba\xc5\xa4\x95\xe7\x38\x68\xee\xdc\x27\x22\x2e\x64\x44\xf8\x3b\xcf\x65\xac\xdc\x3e\xc8\x91\x20\xbb\x50\xe8\xab\xfc\x28\xb7\x8e\x6d\x98\x0c\x77\x5f\x48\x49\xa0\xe8\xca\xda\x80\x24\x0b\xca\x24\x5e\x39\x96\x6e\x89\xa0\x34\x4d\xf8\x36\x3a\x7d\xcc\x81\xb2\x01\xce\x9c\x75\x3a\xd5\x44\xe1\x12\x4e\x21\x02\x0d\x4c\x62\xde\xda\x9e\xd9\xb9\xd1\xf2\xfb\x7c\x54\xca\x7a\xb0\x9f\x38\x3b\xef\x48\xcf\xc6\x84\x8c\x27\x13\x02\xa1\x0f\xa6\x87\xf5\x6e\x00\xe0\xa7\xd0\x93\xc9\x27\xb4\xfd\xd8\xf1\xbe\xdf\x62\x88\xa0\xe3\x02\x84\x8a\x80\x12\xf1\x27\xa7\x9d\x2d\x30\xa0\x6c\xe1\x7d\x94\xaa\x6f\x7f\x8a\x1e\x6e\xb9\xd0\x68\x1c\x37\x74\xf6\x14\xcc\x6d\xbc\xb2\xa8\x13\xf9\x25\xc6\x30\x6a\x63\x05\x72\xa8\x3e\xc1\x09\xd5\xf5\x33\xc0\x58\x4c\xb4\x21\xd9\x19"},
+{{0xa1,0xac,0x48,0xaa,0x5f,0xfa,0x3d,0x80,0x08,0x19,0xd0,0x3b,0x7f,0x62,0xba,0xbf,0x29,0x1f,0x20,0x90,0x4c,0x11,0xa6,0x40,0x0e,0x4f,0x45,0x20,0x5f,0x10,0x3e,0x38,},{0x08,0x54,0xe0,0x34,0x0f,0x81,0x49,0x85,0xfb,0x12,0x2b,0x78,0x72,0x94,0x79,0xe3,0xfd,0xe8,0x55,0xc2,0x11,0xca,0xde,0xae,0x56,0xf0,0xd4,0xdc,0x08,0x28,0xd5,0xfa,},{0xc5,0x7e,0x3c,0x09,0x1e,0xd2,0x4e,0x5e,0x84,0x66,0x5b,0xd9,0xbb,0x10,0x2d,0xb4,0x97,0x97,0xdf,0x90,0x08,0xf0,0x55,0x57,0xfa,0x0d,0x5a,0xd7,0xa2,0x95,0xe5,0xe4,0xd2,0xa4,0x71,0x6b,0x17,0xf8,0xc9,0x1c,0xb1,0x2f,0x5a,0xbf,0xb1,0xaf,0x02,0x7f,0xb0,0x41,0x11,0x99,0xac,0xc5,0xd2,0x85,0xd8,0x42,0xa4,0xb6,0x5b,0xde,0x49,0x02,},"\xd6\xf1\x24\xed\x75\x20\x21\xc1\x09\x26\x97\x2a\x0c\x26\xf3\xb1\x83\x8b\x3c\x7a\xf2\x47\xc1\x80\x09\xa2\x31\xec\xce\x96\x4b\xf6\x69\x86\x37\x83\x3f\x60\x7d\xca\x83\x6f\x8a\x60\x6c\x72\xae\x3c\xb1\x70\x17\x44\x47\xa2\xcc\xe5\x83\xf6\xe2\x44\xdb\xc1\x63\xe2\x15\xb9\x82\x0d\xe7\x49\x6f\xfc\x5b\x70\x50\xc4\x8f\x28\x30\x24\x66\x78\xcb\xa4\xdc\x5c\xaa\x07\xc1\x45\x85\x63\xaa\x2d\x10\xdc\xb7\x77\x0e\xf8\xfe\xde\x02\x7d\xd7\xf2\x0d\xdc\x8c\xc7\x8c\x3a\x2e\x2e\x95\x8b\xd1\x8c\x00\x06\xcf\x8f\xb8\x2d\x44\xe5\x3e\x1d\xa7\xaa\x80\xfd\x10\x06\xf3\xb2\x30\x0c\x9b\x07\x9d\x8a\x66\xf1\xe4\xa3\xf4\x70\x61\xf9\xe2\xf4\x5d\xae\x35\xdc\x29\x52\x04\xb1\x94\x60\xca\x57\x07\xab\x57\xce\x21\x5a\x24\xc1\x0f\xaa\xb3\xfa\x20\xbc\xcd\x10\x1e\x7a\x7d\x70\x07\x75\x99\xf3\xd6\x72\x57\x07\x55\x21\x29\xca\xd7\x57\xd6\x51\x4c\x1b\x28\x99\x7e\x47\x1f\x94\xb0\xfd\xed\x8f\xbb\xd0\x65\xde\xad\x19\x6d\x2c\x07\xd3\xdf\xa7\xb9\xfb\x3b\xae\x76\x80\xf7\x66\x21\x20\x0d\x09\x9e\xeb\xeb\xbe\xa0\xe8\x95\x7d\xf5\xb5\xe2\x04\xca\x3e\x9e\x29\x52\xb8\xa3\x0f\x0a\x13\x1a\x68\x67\xb1\x38\x1e\x39\x4b\x1b\x44\x43\x10\xf0\x76\x32\x66\x56\xcf\x93\x41\x67\x80\x08\xe9\x52\x51\x47\xd8\xd6\x1c\xe9\x3d\x3b\xf5\x39\x00\xca\xb9\x12\x66\x37\x17\xe0\x98\x72\x93\x83\x3d\x19\x02\xd7\xfb\x04\x7b\x99\x7b\x86\x02\x6c\x46\x7d\x7b\xb1\x7c\xf4\x57\x96\x73\x8f\x7a\x77\x4a\xc1\x26\x76\x4e\xd4\xeb\x45\x12\x43\x09\xf4\x58\x62\x60\x17\x6b\xa4\x65\x91\x8d\x48\x33\x0a\x9c\xc1\x8c\x4e\xce\xa0\xdd\xaf\x38\x94\x6a\xcc\x0e\x36\x1d\xd4\x0a\x7e\x91\x33\xce\xb5\x0e\x1c\x31\x7e\xa4\x2b\xd0\x98\x0a\x72\xb8\xba\x3d\x8a\x6c\x76\x93\xdd\x56\x02\xf3\x74\xf2\x66\x4d\xf4\xba\x56\xdf\x01\xe8\x82\xfc\xa4\x2c\xb4\xdb\x62\x1f\x47\x6c\x76\xe1\xea\x9f\xd1\x05\x91\x1a\x74\xb7\x79\x52\xd9\x91\x4a\x5a\xc0\xf9\x8a\x90\x0c\x1b\x2e\x1a\x56\xc4\xea\x85\x18\xa9\xee\x47\xc4\xed\x14\xd0\xbd\x35\xec\xa5\x60\x31\x9c\x8e\xa2\x47\x55\xd7\x1a\x4e\x03\x08\x50\xbc\x4d\xc6\x03\x89\xf3\x25\x80\x40\x21\x20\x4c\xce\xbc\x25\xfe\xdb\xd3\x2e\xdd\x8d\x84\x46\xaa\x23\xce\x56\xa8\x5f\x77\x9e\x85\x8d\x36\xaf\x7c\x07\x3c\x11\x5e\x34\x1f\x41\x2c\x66\x0f\xab\x80\x0f\xe7\x4c\x50\xe7\x14\xee\x08\x6e\x2f\xbc\x8d\x7a\xbb\xf3\xe9\x8f\xb4\x0c\xa2\x7f\x1f\x01\xa9\xaa\xdd\x8c\xc2\x27\x5c\x2d\xd3\xf7\x6e\x4c\x1d\x81\xc4\xb7\x92\xda\xec\xc9\xfe\x66\x04\x49\x41\xb8\xb2\x91\x84\x86\xdd\x4a\xcb\x56\x2a\x7b\x58\xad\x8c\x60\xc2\x1b\x83\xcf\x48\xae\xfa\x72\x56\xa1\xed\x80\x9e\x66\x98\x11\xf4\x84\x36\x49\x70\xbc\x56\x95\x08\x99\x19\xbc\x32\xd2\x8e\xa7\x52\xe8\xe3\x18\xce\xff\x46\x7f\x77\xae\x19\x77\xc5\xff\xd7\x9c\x17\xc2\xda\x8b\xc7\xf8\x23\xdd\x94\x39\x86\x83\x18\x99\x45\xf8\xb7\x92\x38\xa4\xe8\x15\xb1\x42\xb8\x66\xac\xbd\xbc\xb7\xae\xa7\xf1\x43\xff\xfb\x7c\xc2\xb4\xb5\x4b\xbf\x36\x1a\xfd\xa9\x13\xad\x6d\xf1\xe4\x9d\xfd\x6b\x53\x26\x42\xe6\x3f\x55\xd8\x93\xa4\x70\xd4\x03\x70\x66\x5c\xfb\x74\xef\xd3\xf5\x9c\xb0\xff\x60\x06\x17\x4c\xa3\x5f\x53\xb9\x7c\x54\x3e\x08\xaf\x4b\xf5\xbb\x75\xff\x90\x31\x61\x06\x52\xa3\xf6\xf2\xa0\xcf\xe9\x7e\x7a\x52\x1f\x3d\x2a\x28\x91\x14\xde\xd3\x47\x72\xb0\xe4\x98\x17\xbd\xe1\xcb\x92\x4f\xf5\x14\xe2\x86\x6a\x09\xe3\xed\xe0\x78\x2d\x2c\x0c\x98\xe6\x81\x4b\x8c\x1e\x77\x8c\xf8\x30\x63\x48\xc9\x33\xad\xb2\xe4\x72\xdb\xa0\x9d\xb9\x54\xff\x49\x64\x83\x73\x39\x5a\x2f\x01\x81\x95\x8f\xeb\x1e\xa2\x83\x4c\x99\x53\x28\x73\xdb\x5c\x88\xeb\x52\x89\xc7\x7e\x90\x01\x52\x03\xef\x50\x2a\xc8\xe1\xc4\x8f\xa1\xa0\x6d\xaf\xa6\x51\x9d\x52\xda\xe3\xc5\x56\x75\x70\xdd\x24\x34\xe6\x71\x92\x7c\x66\x36\x3f\x78\x31\x56\x89\x3f\x13\x8a\x84\xc7\x56\x64\xb3\x0a\xe4\x27\x51\x12\x73\x6d\x53\xd4\xf3\x99\xdd\xda\x3d\x23\x06\x7c\x07\x3f\x52\x1a\xfb\xa1\xf7\xbe\x58\x55\x13\xc2\xce\xc9\xc8\xf0\x8d\x2a\x22\xc3\xc8\x53\x92\xcd\x2a\xe5\x0f\x39\x28\x25\x1f\x86\xb3\x10\xc6\x9a\x0f\x8c\x4e\x85\x3a\xb3\xf3\xe8\x12\x9b\x05\x66\xef\x4b\xbb\xe8\x0b\x8c\x02\xc8\x92\x8a\x4d\xe5\x6c\x0d\x11\x9a\x45\xbb\xf5\xaf\x18\x08\xd4\x88\x85\x2d\x8a\x45\xbe\xb0\xd6\x83\x24\x8a\x4d\x65\xde\x15\x26\xb3\xd1\xd2\xff\xc1\xf2\x22\x15\xb6\x08\x46\x8c\xbc\x3b\xd3\x95\x14\xb3\x97\xfc\x0d\xb0\xf1\x13\xdb\xe6\xfc\xe4\x65\x2e\x82\xff\x89\x5b\x2b\x43\x87\xe0\x41\xd7\xe4\xe7\xbd\xe4\x69\x47\x69\x66\x5e\x81"},
+{{0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5,},{0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e,},{0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03,},"\x08\xb8\xb2\xb7\x33\x42\x42\x43\x76\x0f\xe4\x26\xa4\xb5\x49\x08\x63\x21\x10\xa6\x6c\x2f\x65\x91\xea\xbd\x33\x45\xe3\xe4\xeb\x98\xfa\x6e\x26\x4b\xf0\x9e\xfe\x12\xee\x50\xf8\xf5\x4e\x9f\x77\xb1\xe3\x55\xf6\xc5\x05\x44\xe2\x3f\xb1\x43\x3d\xdf\x73\xbe\x84\xd8\x79\xde\x7c\x00\x46\xdc\x49\x96\xd9\xe7\x73\xf4\xbc\x9e\xfe\x57\x38\x82\x9a\xdb\x26\xc8\x1b\x37\xc9\x3a\x1b\x27\x0b\x20\x32\x9d\x65\x86\x75\xfc\x6e\xa5\x34\xe0\x81\x0a\x44\x32\x82\x6b\xf5\x8c\x94\x1e\xfb\x65\xd5\x7a\x33\x8b\xbd\x2e\x26\x64\x0f\x89\xff\xbc\x1a\x85\x8e\xfc\xb8\x55\x0e\xe3\xa5\xe1\x99\x8b\xd1\x77\xe9\x3a\x73\x63\xc3\x44\xfe\x6b\x19\x9e\xe5\xd0\x2e\x82\xd5\x22\xc4\xfe\xba\x15\x45\x2f\x80\x28\x8a\x82\x1a\x57\x91\x16\xec\x6d\xad\x2b\x3b\x31\x0d\xa9\x03\x40\x1a\xa6\x21\x00\xab\x5d\x1a\x36\x55\x3e\x06\x20\x3b\x33\x89\x0c\xc9\xb8\x32\xf7\x9e\xf8\x05\x60\xcc\xb9\xa3\x9c\xe7\x67\x96\x7e\xd6\x28\xc6\xad\x57\x3c\xb1\x16\xdb\xef\xef\xd7\x54\x99\xda\x96\xbd\x68\xa8\xa9\x7b\x92\x8a\x8b\xbc\x10\x3b\x66\x21\xfc\xde\x2b\xec\xa1\x23\x1d\x20\x6b\xe6\xcd\x9e\xc7\xaf\xf6\xf6\xc9\x4f\xcd\x72\x04\xed\x34\x55\xc6\x8c\x83\xf4\xa4\x1d\xa4\xaf\x2b\x74\xef\x5c\x53\xf1\xd8\xac\x70\xbd\xcb\x7e\xd1\x85\xce\x81\xbd\x84\x35\x9d\x44\x25\x4d\x95\x62\x9e\x98\x55\xa9\x4a\x7c\x19\x58\xd1\xf8\xad\xa5\xd0\x53\x2e\xd8\xa5\xaa\x3f\xb2\xd1\x7b\xa7\x0e\xb6\x24\x8e\x59\x4e\x1a\x22\x97\xac\xbb\xb3\x9d\x50\x2f\x1a\x8c\x6e\xb6\xf1\xce\x22\xb3\xde\x1a\x1f\x40\xcc\x24\x55\x41\x19\xa8\x31\xa9\xaa\xd6\x07\x9c\xad\x88\x42\x5d\xe6\xbd\xe1\xa9\x18\x7e\xbb\x60\x92\xcf\x67\xbf\x2b\x13\xfd\x65\xf2\x70\x88\xd7\x8b\x7e\x88\x3c\x87\x59\xd2\xc4\xf5\xc6\x5a\xdb\x75\x53\x87\x8a\xd5\x75\xf9\xfa\xd8\x78\xe8\x0a\x0c\x9b\xa6\x3b\xcb\xcc\x27\x32\xe6\x94\x85\xbb\xc9\xc9\x0b\xfb\xd6\x24\x81\xd9\x08\x9b\xec\xcf\x80\xcf\xe2\xdf\x16\xa2\xcf\x65\xbd\x92\xdd\x59\x7b\x07\x07\xe0\x91\x7a\xf4\x8b\xbb\x75\xfe\xd4\x13\xd2\x38\xf5\x55\x5a\x7a\x56\x9d\x80\xc3\x41\x4a\x8d\x08\x59\xdc\x65\xa4\x61\x28\xba\xb2\x7a\xf8\x7a\x71\x31\x4f\x31\x8c\x78\x2b\x23\xeb\xfe\x80\x8b\x82\xb0\xce\x26\x40\x1d\x2e\x22\xf0\x4d\x83\xd1\x25\x5d\xc5\x1a\xdd\xd3\xb7\x5a\x2b\x1a\xe0\x78\x45\x04\xdf\x54\x3a\xf8\x96\x9b\xe3\xea\x70\x82\xff\x7f\xc9\x88\x8c\x14\x4d\xa2\xaf\x58\x42\x9e\xc9\x60\x31\xdb\xca\xd3\xda\xd9\xaf\x0d\xcb\xaa\xaf\x26\x8c\xb8\xfc\xff\xea\xd9\x4f\x3c\x7c\xa4\x95\xe0\x56\xa9\xb4\x7a\xcd\xb7\x51\xfb\x73\xe6\x66\xc6\xc6\x55\xad\xe8\x29\x72\x97\xd0\x7a\xd1\xba\x5e\x43\xf1\xbc\xa3\x23\x01\x65\x13\x39\xe2\x29\x04\xcc\x8c\x42\xf5\x8c\x30\xc0\x4a\xaf\xdb\x03\x8d\xda\x08\x47\xdd\x98\x8d\xcd\xa6\xf3\xbf\xd1\x5c\x4b\x4c\x45\x25\x00\x4a\xa0\x6e\xef\xf8\xca\x61\x78\x3a\xac\xec\x57\xfb\x3d\x1f\x92\xb0\xfe\x2f\xd1\xa8\x5f\x67\x24\x51\x7b\x65\xe6\x14\xad\x68\x08\xd6\xf6\xee\x34\xdf\xf7\x31\x0f\xdc\x82\xae\xbf\xd9\x04\xb0\x1e\x1d\xc5\x4b\x29\x27\x09\x4b\x2d\xb6\x8d\x6f\x90\x3b\x68\x40\x1a\xde\xbf\x5a\x7e\x08\xd7\x8f\xf4\xef\x5d\x63\x65\x3a\x65\x04\x0c\xf9\xbf\xd4\xac\xa7\x98\x4a\x74\xd3\x71\x45\x98\x67\x80\xfc\x0b\x16\xac\x45\x16\x49\xde\x61\x88\xa7\xdb\xdf\x19\x1f\x64\xb5\xfc\x5e\x2a\xb4\x7b\x57\xf7\xf7\x27\x6c\xd4\x19\xc1\x7a\x3c\xa8\xe1\xb9\x39\xae\x49\xe4\x88\xac\xba\x6b\x96\x56\x10\xb5\x48\x01\x09\xc8\xb1\x7b\x80\xe1\xb7\xb7\x50\xdf\xc7\x59\x8d\x5d\x50\x11\xfd\x2d\xcc\x56\x00\xa3\x2e\xf5\xb5\x2a\x1e\xcc\x82\x0e\x30\x8a\xa3\x42\x72\x1a\xac\x09\x43\xbf\x66\x86\xb6\x4b\x25\x79\x37\x65\x04\xcc\xc4\x93\xd9\x7e\x6a\xed\x3f\xb0\xf9\xcd\x71\xa4\x3d\xd4\x97\xf0\x1f\x17\xc0\xe2\xcb\x37\x97\xaa\x2a\x2f\x25\x66\x56\x16\x8e\x6c\x49\x6a\xfc\x5f\xb9\x32\x46\xf6\xb1\x11\x63\x98\xa3\x46\xf1\xa6\x41\xf3\xb0\x41\xe9\x89\xf7\x91\x4f\x90\xcc\x2c\x7f\xff\x35\x78\x76\xe5\x06\xb5\x0d\x33\x4b\xa7\x7c\x22\x5b\xc3\x07\xba\x53\x71\x52\xf3\xf1\x61\x0e\x4e\xaf\xe5\x95\xf6\xd9\xd9\x0d\x11\xfa\xa9\x33\xa1\x5e\xf1\x36\x95\x46\x86\x8a\x7f\x3a\x45\xa9\x67\x68\xd4\x0f\xd9\xd0\x34\x12\xc0\x91\xc6\x31\x5c\xf4\xfd\xe7\xcb\x68\x60\x69\x37\x38\x0d\xb2\xea\xaa\x70\x7b\x4c\x41\x85\xc3\x2e\xdd\xcd\xd3\x06\x70\x5e\x4d\xc1\xff\xc8\x72\xee\xee\x47\x5a\x64\xdf\xac\x86\xab\xa4\x1c\x06\x18\x98\x3f\x87\x41\xc5\xef\x68\xd3\xa1\x01\xe8\xa3\xb8\xca\xc6\x0c\x90\x5c\x15\xfc\x91\x08\x40\xb9\x4c\x00\xa0\xb9\xd0"},
diff --git a/src/ext/ed25519/donna/test-internals.c b/src/ext/ed25519/donna/test-internals.c
new file mode 100644
index 0000000000..fe9db9d669
--- /dev/null
+++ b/src/ext/ed25519/donna/test-internals.c
@@ -0,0 +1,190 @@
+/* Tor: Removed, file is inclued in ed25519.c instead. */
+/* #include <stdio.h> */
+/* #include "ed25519-donna.h" */
+
+static int
+test_adds(void) {
+#if defined(HAVE_UINT128) && !defined(ED25519_SSE2)
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 max_bignum = {
+		0x7ffffffffffff,0x8000000001230,0x7ffffffffffff,0x7ffffffffffff,0x7ffffffffffff
+	};
+
+#if 0
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum_raw[32] = {
+		0x12,0x00,0x00,0x00,0x00,0x00,0x88,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+	};
+#endif
+
+	/* (max_bignum + max_bignum)^2 */
+	static const unsigned char max_bignum2_squared_raw[32] = {
+		0x10,0x05,0x00,0x00,0x00,0x00,0x80,0xdc,0x51,0x00,0x00,0x00,0x00,0x61,0xed,0x4a,
+		0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+	/* ((max_bignum + max_bignum) + max_bignum)^2 */
+	static const unsigned char max_bignum3_squared_raw[32] = {
+		0x64,0x0b,0x00,0x00,0x00,0x00,0x20,0x30,0xb8,0x00,0x00,0x00,0x40,0x1a,0x96,0xe8,
+		0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+#else
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 ALIGN(16) max_bignum = {
+		0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
+		0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum2_squared_raw[32] = {
+		0x10,0x05,0x00,0x40,0xc2,0x06,0x40,0x80,0x41,0x02,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+	/* (max_bignum * max_bignum) */
+	static const unsigned char max_bignum3_squared_raw[32] = {
+		0x64,0x0b,0x00,0x10,0x35,0x0f,0x90,0x60,0x13,0x05,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+#endif
+	unsigned char result[32];
+	/* static const bignum25519 ALIGN(16) zero = {0}; */
+	bignum25519 ALIGN(16) a, b /* , c */;
+	/* size_t i; */
+
+	/* a = (max_bignum + max_bignum) */
+	curve25519_add(a, max_bignum, max_bignum);
+
+	/* b = ((max_bignum + max_bignum) * (max_bignum + max_bignum)) */
+	curve25519_mul(b, a, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum2_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(b, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum2_squared_raw, 32) != 0)
+		return -1;
+
+	/* b = (max_bignum + max_bignum + max_bignum) */
+	curve25519_add_after_basic(b, a, max_bignum);
+
+	/* a = ((max_bignum + max_bignum + max_bignum) * (max_bignum + max_bignum + max_bignum)) */
+	curve25519_mul(a, b, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum3_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(a, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum3_squared_raw, 32) != 0)
+		return -1;
+
+	return 0;
+}
+
+static int
+test_subs(void) {
+#if defined(HAVE_UINT128) && !defined(ED25519_SSE2)
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 max_bignum = {
+		0x7ffffffffffff,0x8000000001230,0x7ffffffffffff,0x7ffffffffffff,0x7ffffffffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum_raw[32] = {
+		0x12,0x00,0x00,0x00,0x00,0x00,0x88,0x91,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+	};
+
+	/* (max_bignum * max_bignum) */
+	static const unsigned char max_bignum_squared_raw[32] = {
+		0x44,0x01,0x00,0x00,0x00,0x00,0x20,0x77,0x14,0x00,0x00,0x00,0x40,0x58,0xbb,0x52,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
+	};
+#else
+	/* largest result for each limb from a mult or square: all elements except r1 reduced, r1 overflowed as far as possible */
+	static const bignum25519 ALIGN(16) max_bignum = {
+		0x3ffffff,0x2000300,0x3ffffff,0x1ffffff,0x3ffffff,
+		0x1ffffff,0x3ffffff,0x1ffffff,0x3ffffff,0x1ffffff
+	};
+
+	/* what max_bignum should fully reduce to */
+	static const unsigned char max_bignum_raw[32] = {
+		0x12,0x00,0x00,0x04,0x0c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+
+	/* (max_bignum * max_bignum) */
+	static const unsigned char max_bignum_squared_raw[32] = {
+		0x44,0x01,0x00,0x90,0xb0,0x01,0x10,0x60,0x90,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+		0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	};
+#endif
+	unsigned char result[32];
+	static const bignum25519 ALIGN(16) zero = {0};
+	bignum25519 ALIGN(16) a, b /* , c */;
+	/* size_t i; */
+
+	/* a = max_bignum - 0, which expands to 2p + max_bignum - 0 */
+	curve25519_sub(a, max_bignum, zero);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum_raw, 32) != 0)
+		return -1;
+
+	/* b = (max_bignum * max_bignum) */
+	curve25519_mul(b, a, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(b, a);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+
+	/* b = ((a - 0) - 0) */
+	curve25519_sub_after_basic(b, a, zero);
+	curve25519_contract(result, b);
+	if (memcmp(result, max_bignum_raw, 32) != 0)
+		return -1;
+
+	/* a = (max_bignum * max_bignum) */
+	curve25519_mul(a, b, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+	curve25519_square(a, b);
+	curve25519_contract(result, a);
+	if (memcmp(result, max_bignum_squared_raw, 32) != 0)
+		return -1;
+
+
+	return 0;
+}
+
+/* Tor: Removed, tests are invoked as a function instead. */
+#if 0
+int
+main() {
+	int ret = 0;
+	int single;
+	single = test_adds();
+	if (single) printf("test_adds: FAILED\n");
+	ret |= single;
+	single = test_subs();
+	if (single) printf("test_subs: FAILED\n");
+	ret |= single;
+	if (!ret) printf("success\n");
+	return ret;
+}
+#endif
+
+/* Tor: Added for initialization self-testing. */
+int
+ed25519_donna_selftest(void)
+{
+	int ret = 0;
+	ret |= test_adds();
+	ret |= test_subs();
+	return (ret == 0) ? 0 : -1;
+}
+
diff --git a/src/ext/ed25519/donna/test-ticks.h b/src/ext/ed25519/donna/test-ticks.h
new file mode 100644
index 0000000000..0103e03dde
--- /dev/null
+++ b/src/ext/ed25519/donna/test-ticks.h
@@ -0,0 +1,50 @@
+#include "ed25519-donna-portable-identify.h"
+
+/* ticks - not tested on anything other than x86 */
+static uint64_t
+get_ticks(void) {
+#if defined(CPU_X86) || defined(CPU_X86_64)
+	#if defined(COMPILER_INTEL)
+		return _rdtsc();
+	#elif defined(COMPILER_MSVC)
+		return __rdtsc();
+	#elif defined(COMPILER_GCC)
+		uint32_t lo, hi;
+		__asm__ __volatile__("rdtsc" : "=a" (lo), "=d" (hi));
+		return ((uint64_t)lo | ((uint64_t)hi << 32));
+	#else
+		need rdtsc for this compiler
+	#endif
+#elif defined(OS_SOLARIS)
+	return (uint64_t)gethrtime();
+#elif defined(CPU_SPARC) && !defined(OS_OPENBSD)
+	uint64_t t;
+	__asm__ __volatile__("rd %%tick, %0" : "=r" (t));
+	return t;
+#elif defined(CPU_PPC)
+	uint32_t lo = 0, hi = 0;
+	__asm__ __volatile__("mftbu %0; mftb %1" : "=r" (hi), "=r" (lo));
+	return ((uint64_t)lo | ((uint64_t)hi << 32));
+#elif defined(CPU_IA64)
+	uint64_t t;
+	__asm__ __volatile__("mov %0=ar.itc" : "=r" (t));
+	return t;
+#elif defined(OS_NIX)
+	timeval t2;
+	gettimeofday(&t2, NULL);
+	t = ((uint64_t)t2.tv_usec << 32) | (uint64_t)t2.tv_sec;
+	return t;
+#else
+	need ticks for this platform
+#endif
+}
+
+#define timeit(x,minvar)         \
+	ticks = get_ticks();         \
+ 	x;                           \
+	ticks = get_ticks() - ticks; \
+	if (ticks < minvar)          \
+		minvar = ticks;
+
+#define maxticks 0xffffffffffffffffull
+
diff --git a/src/ext/ed25519/donna/test.c b/src/ext/ed25519/donna/test.c
new file mode 100644
index 0000000000..6154492503
--- /dev/null
+++ b/src/ext/ed25519/donna/test.c
@@ -0,0 +1,260 @@
+/*
+	Validate ed25519 implementation against the official test vectors from 
+	http://ed25519.cr.yp.to/software.html
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include "ed25519.h"
+
+#include "test-ticks.h"
+
+static void
+edassert(int check, int round, const char *failreason) {
+	if (check)
+		return;
+	printf("round %d, %s\n", round, failreason);
+	exit(1);
+}
+
+static void
+edassert_die(const unsigned char *a, const unsigned char *b, size_t len, int round, const char *failreason) {
+	size_t i;
+	if (round > 0)
+		printf("round %d, %s\n", round, failreason);
+	else
+		printf("%s\n", failreason);
+	printf("want: "); for (i = 0; i < len; i++) printf("%02x,", a[i]); printf("\n");
+	printf("got : "); for (i = 0; i < len; i++) printf("%02x,", b[i]); printf("\n");
+	printf("diff: "); for (i = 0; i < len; i++) if (a[i] ^ b[i]) printf("%02x,", a[i] ^ b[i]); else printf("  ,"); printf("\n\n");
+	exit(1);
+}
+
+static void
+edassert_equal(const unsigned char *a, const unsigned char *b, size_t len, const char *failreason) {
+	if (memcmp(a, b, len) == 0)
+		return;
+	edassert_die(a, b, len, -1, failreason);
+}
+
+static void
+edassert_equal_round(const unsigned char *a, const unsigned char *b, size_t len, int round, const char *failreason) {
+	if (memcmp(a, b, len) == 0)
+		return;
+	edassert_die(a, b, len, round, failreason);
+}
+
+
+/* test data */
+typedef struct test_data_t {
+	unsigned char sk[32], pk[32], sig[64];
+	const char *m;
+} test_data;
+
+
+test_data dataset[] = {
+#include "regression.h"
+};
+
+/* result of the curve25519 scalarmult ((|255| * basepoint) * basepoint)... 1024 times */
+const curved25519_key curved25519_expected = {
+	0xac,0xce,0x24,0xb1,0xd4,0xa2,0x36,0x21,
+	0x15,0xe2,0x3e,0x84,0x3c,0x23,0x2b,0x5f,
+	0x95,0x6c,0xc0,0x7b,0x95,0x82,0xd7,0x93,
+	0xd5,0x19,0xb6,0xf1,0xfb,0x96,0xd6,0x04
+};
+
+
+/* from ed25519-donna-batchverify.h */
+extern unsigned char batch_point_buffer[3][32];
+
+/* y coordinate of the final point from 'amd64-51-30k' with the same random generator */
+static const unsigned char batch_verify_y[32] = {
+	0x51,0xe7,0x68,0xe0,0xf7,0xa1,0x88,0x45,
+	0xde,0xa1,0xcb,0xd9,0x37,0xd4,0x78,0x53,
+	0x1b,0x95,0xdb,0xbe,0x66,0x59,0x29,0x3b,
+	0x94,0x51,0x2f,0xbc,0x0d,0x66,0xba,0x3f
+};
+
+/*
+static const unsigned char batch_verify_y[32] = {
+	0x5c,0x63,0x96,0x26,0xca,0xfe,0xfd,0xc4,
+	0x2d,0x11,0xa8,0xe4,0xc4,0x46,0x42,0x97,
+	0x97,0x92,0xbe,0xe0,0x3c,0xef,0x96,0x01,
+	0x50,0xa1,0xcc,0x8f,0x50,0x85,0x76,0x7d
+};
+
+Introducing the 128 bit r scalars to the heap _before_ the largest scalar
+fits in to 128 bits alters the heap shape and produces a different,
+yet still neutral/valid y/z value.
+
+This was the value of introducing the r scalars when the largest scalar fit
+in to 135-256 bits. You can produce it with amd64-64-24k / amd64-51-32k
+with the random sequence used in the first pass by changing
+
+    unsigned long long hlen=((npoints+1)/2)|1;
+
+to
+
+    unsigned long long hlen=npoints;
+
+in ge25519_multi_scalarmult.c
+
+ed25519-donna-batchverify.h has been modified to match the 
+default amd64-64-24k / amd64-51-32k behaviour
+*/
+
+
+
+/* batch test */
+#define test_batch_count 64
+#define test_batch_rounds 96
+
+typedef enum batch_test_t {
+	batch_no_errors = 0,
+	batch_wrong_message = 1,
+	batch_wrong_pk = 2,
+	batch_wrong_sig = 3
+} batch_test;
+
+static int
+test_batch_instance(batch_test type, uint64_t *ticks) {
+	ed25519_secret_key sks[test_batch_count];
+	ed25519_public_key pks[test_batch_count];
+	ed25519_signature sigs[test_batch_count];
+	unsigned char messages[test_batch_count][128];
+	size_t message_lengths[test_batch_count];
+	const unsigned char *message_pointers[test_batch_count];
+	const unsigned char *pk_pointers[test_batch_count];
+	const unsigned char *sig_pointers[test_batch_count];
+	int valid[test_batch_count], ret, validret;
+	size_t i;
+	uint64_t t;
+
+	/* generate keys */
+	for (i = 0; i < test_batch_count; i++) {
+		ed25519_randombytes_unsafe(sks[i], sizeof(sks[i]));
+		ed25519_publickey(sks[i], pks[i]);
+		pk_pointers[i] = pks[i];
+	}
+
+	/* generate messages */
+	ed25519_randombytes_unsafe(messages, sizeof(messages));
+	for (i = 0; i < test_batch_count; i++) {
+		message_pointers[i] = messages[i];
+		message_lengths[i] = (i & 127) + 1;
+	}
+
+	/* sign messages */
+	for (i = 0; i < test_batch_count; i++) {
+		ed25519_sign(message_pointers[i], message_lengths[i], sks[i], pks[i], sigs[i]);
+		sig_pointers[i] = sigs[i];
+	}
+
+	validret = 0;
+	if (type == batch_wrong_message) {
+		message_pointers[0] = message_pointers[1];
+		validret = 1|2;
+	} else if (type == batch_wrong_pk) {
+		pk_pointers[0] = pk_pointers[1];
+		validret = 1|2;
+	} else if (type == batch_wrong_sig) {
+		sig_pointers[0] = sig_pointers[1];
+		validret = 1|2;
+	}
+
+	/* batch verify */
+	t = get_ticks();
+	ret = ed25519_sign_open_batch(message_pointers, message_lengths, pk_pointers, sig_pointers, test_batch_count, valid);
+	*ticks = get_ticks() - t;
+	edassert_equal((unsigned char *)&validret, (unsigned char *)&ret, sizeof(int), "batch return code");
+	for (i = 0; i < test_batch_count; i++) {
+		validret = ((type == batch_no_errors) || (i != 0)) ? 1 : 0;
+		edassert_equal((unsigned char *)&validret, (unsigned char *)&valid[i], sizeof(int), "individual batch return code");
+	}
+	return ret;
+}
+
+static void
+test_batch(void) {
+	uint64_t dummy_ticks, ticks[test_batch_rounds], best = maxticks, sum;
+	size_t i, count;
+
+	/* check the first pass for the expected result */
+	test_batch_instance(batch_no_errors, &dummy_ticks);
+	edassert_equal(batch_verify_y, batch_point_buffer[1], 32, "failed to generate expected result");
+
+	/* make sure ge25519_multi_scalarmult_vartime throws an error on the entire batch with wrong data */
+	for (i = 0; i < 4; i++) {
+		test_batch_instance(batch_wrong_message, &dummy_ticks);
+		test_batch_instance(batch_wrong_pk, &dummy_ticks);
+		test_batch_instance(batch_wrong_sig, &dummy_ticks);
+	}
+
+	/* speed test */
+	for (i = 0; i < test_batch_rounds; i++) {
+		test_batch_instance(batch_no_errors, &ticks[i]);
+		if (ticks[i] < best)
+			best = ticks[i];
+	}
+
+	/* take anything within 1% of the best time */
+	for (i = 0, sum = 0, count = 0; i < test_batch_rounds; i++) {
+		if (ticks[i] < (best * 1.01)) {
+			sum += ticks[i];
+			count++;
+		}
+	}
+	printf("%.0f ticks/verification\n", (double)sum / (count * test_batch_count));
+}
+
+static void
+test_main(void) {
+	int i, res;
+	ed25519_public_key pk;
+	ed25519_signature sig;
+	unsigned char forge[1024] = {'x'};
+	curved25519_key csk[2] = {{255}};
+	uint64_t ticks, pkticks = maxticks, signticks = maxticks, openticks = maxticks, curvedticks = maxticks;
+
+	for (i = 0; i < 1024; i++) {
+		ed25519_publickey(dataset[i].sk, pk);
+		edassert_equal_round(dataset[i].pk, pk, sizeof(pk), i, "public key didn't match");
+		ed25519_sign((unsigned char *)dataset[i].m, i, dataset[i].sk, pk, sig);
+		edassert_equal_round(dataset[i].sig, sig, sizeof(sig), i, "signature didn't match");
+		edassert(!ed25519_sign_open((unsigned char *)dataset[i].m, i, pk, sig), i, "failed to open message");
+
+		memcpy(forge, dataset[i].m, i);
+		if (i)
+			forge[i - 1] += 1;
+
+		edassert(ed25519_sign_open(forge, (i) ? i : 1, pk, sig), i, "opened forged message");
+	}
+
+	for (i = 0; i < 1024; i++)
+		curved25519_scalarmult_basepoint(csk[(i & 1) ^ 1], csk[i & 1]);
+	edassert_equal(curved25519_expected, csk[0], sizeof(curved25519_key), "curve25519 failed to generate correct value");
+
+	for (i = 0; i < 2048; i++) {
+		timeit(ed25519_publickey(dataset[0].sk, pk), pkticks)
+		edassert_equal_round(dataset[0].pk, pk, sizeof(pk), i, "public key didn't match");
+		timeit(ed25519_sign((unsigned char *)dataset[0].m, 0, dataset[0].sk, pk, sig), signticks)
+		edassert_equal_round(dataset[0].sig, sig, sizeof(sig), i, "signature didn't match");
+		timeit(res = ed25519_sign_open((unsigned char *)dataset[0].m, 0, pk, sig), openticks)
+		edassert(!res, 0, "failed to open message");
+		timeit(curved25519_scalarmult_basepoint(csk[1], csk[0]), curvedticks);
+	}
+
+	printf("%.0f ticks/public key generation\n", (double)pkticks);
+	printf("%.0f ticks/signature\n", (double)signticks);
+	printf("%.0f ticks/signature verification\n", (double)openticks);
+	printf("%.0f ticks/curve25519 basepoint scalarmult\n", (double)curvedticks);
+}
+
+int
+main(void) {
+	test_main();
+	test_batch();
+	return 0;
+}
+
diff --git a/src/ext/ed25519/ref10/Makefile b/src/ext/ed25519/ref10/Makefile
new file mode 100644
index 0000000000..9b0ba7ad45
--- /dev/null
+++ b/src/ext/ed25519/ref10/Makefile
@@ -0,0 +1,41 @@
+all: d.h d2.h sqrtm1.h base.h base2.h \
+ge_add.h ge_sub.h \
+ge_madd.h ge_msub.h \
+ge_p2_dbl.h \
+pow225521.h pow22523.h
+
+d.h: d.py
+	python d.py > d.h
+
+d2.h: d2.py
+	python d2.py > d2.h
+
+sqrtm1.h: sqrtm1.py
+	python sqrtm1.py > sqrtm1.h
+
+base.h: base.py
+	python base.py > base.h
+
+base2.h: base2.py
+	python base2.py > base2.h
+
+ge_add.h: ge_add.q q2h.sh
+	./q2h.sh < ge_add.q > ge_add.h
+
+ge_sub.h: ge_sub.q q2h.sh
+	./q2h.sh < ge_sub.q > ge_sub.h
+
+ge_madd.h: ge_madd.q q2h.sh
+	./q2h.sh < ge_madd.q > ge_madd.h
+
+ge_msub.h: ge_msub.q q2h.sh
+	./q2h.sh < ge_msub.q > ge_msub.h
+
+ge_p2_dbl.h: ge_p2_dbl.q q2h.sh
+	./q2h.sh < ge_p2_dbl.q > ge_p2_dbl.h
+
+pow22523.h: pow22523.q q2h.sh
+	./q2h.sh < pow22523.q > pow22523.h
+
+pow225521.h: pow225521.q q2h.sh
+	./q2h.sh < pow225521.q > pow225521.h
diff --git a/src/ext/ed25519/ref10/README.tor b/src/ext/ed25519/ref10/README.tor
new file mode 100644
index 0000000000..38ed97ba05
--- /dev/null
+++ b/src/ext/ed25519/ref10/README.tor
@@ -0,0 +1,23 @@
+
+We've made the following changes to the stock ed25519_ref10 from
+supercop-20140622:
+
+   * We added the necessary glue to provide integers of fixed bit
+     sizes, SHA512, and to compile without warnings everywhere we need
+     to build.
+
+   * Secret keys are stored in expanded format.  There are functions
+     to expand them from the 32-byte seed.
+
+   * Signatures are made and processed detached from the messages that
+     they sign.  (In other words, we support "make signature" and
+     "check signature", not "create signed message" and "check and
+     unpack signed message".)
+
+   * There's an implementation of 'convert a curve25519 key to an
+     ed25519 key' so we can do cross-certification with curve25519 keys.
+     (keyconv.c)
+
+   * There's an implementation of multiplicative key blinding so we
+     can use it for next-gen hidden srevice descriptors. (blinding.c)
+
diff --git a/src/ext/ed25519/ref10/api.h b/src/ext/ed25519/ref10/api.h
new file mode 100644
index 0000000000..d88dae0c32
--- /dev/null
+++ b/src/ext/ed25519/ref10/api.h
@@ -0,0 +1,4 @@
+#define CRYPTO_SECRETKEYBYTES 64
+#define CRYPTO_PUBLICKEYBYTES 32
+#define CRYPTO_BYTES 64
+#define CRYPTO_DETERMINISTIC 1
diff --git a/src/ext/ed25519/ref10/base.h b/src/ext/ed25519/ref10/base.h
new file mode 100644
index 0000000000..573bd8a05c
--- /dev/null
+++ b/src/ext/ed25519/ref10/base.h
@@ -0,0 +1,1344 @@
+{
+ {
+  { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
+  { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
+  { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
+ },
+ {
+  { -12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303 },
+  { -21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081 },
+  { 26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697 },
+ },
+ {
+  { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
+  { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
+  { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
+ },
+ {
+  { -17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540 },
+  { 23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397 },
+  { 7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325 },
+ },
+ {
+  { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
+  { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
+  { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
+ },
+ {
+  { -15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777 },
+  { -8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737 },
+  { -18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652 },
+ },
+ {
+  { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
+  { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
+  { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
+ },
+ {
+  { 14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726 },
+  { -7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955 },
+  { 27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425 },
+ },
+},
+{
+ {
+  { -13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171 },
+  { 27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510 },
+  { 17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660 },
+ },
+ {
+  { -10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639 },
+  { 29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963 },
+  { 5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950 },
+ },
+ {
+  { -27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568 },
+  { 12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335 },
+  { 25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628 },
+ },
+ {
+  { -26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007 },
+  { -2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772 },
+  { -22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653 },
+ },
+ {
+  { 2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567 },
+  { 13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686 },
+  { 21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372 },
+ },
+ {
+  { -13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887 },
+  { -23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954 },
+  { -29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953 },
+ },
+ {
+  { 24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833 },
+  { -16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532 },
+  { -22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876 },
+ },
+ {
+  { 2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268 },
+  { 33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214 },
+  { 1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038 },
+ },
+},
+{
+ {
+  { 6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800 },
+  { 4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645 },
+  { -4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664 },
+ },
+ {
+  { 1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933 },
+  { -25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182 },
+  { -17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222 },
+ },
+ {
+  { -18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991 },
+  { 20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880 },
+  { 9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092 },
+ },
+ {
+  { -16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295 },
+  { 19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788 },
+  { 8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553 },
+ },
+ {
+  { -15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026 },
+  { 11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347 },
+  { -18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033 },
+ },
+ {
+  { -23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395 },
+  { -27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278 },
+  { 1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890 },
+ },
+ {
+  { 32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995 },
+  { -30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596 },
+  { -11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891 },
+ },
+ {
+  { 31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060 },
+  { 11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608 },
+  { -20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606 },
+ },
+},
+{
+ {
+  { 7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389 },
+  { -19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016 },
+  { -11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341 },
+ },
+ {
+  { -22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505 },
+  { 14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553 },
+  { -28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655 },
+ },
+ {
+  { 15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220 },
+  { 12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631 },
+  { -4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099 },
+ },
+ {
+  { 26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556 },
+  { 14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749 },
+  { 236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930 },
+ },
+ {
+  { 1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391 },
+  { 5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253 },
+  { 20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066 },
+ },
+ {
+  { 24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958 },
+  { -11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082 },
+  { -28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383 },
+ },
+ {
+  { -30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521 },
+  { -11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807 },
+  { 23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948 },
+ },
+ {
+  { 9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134 },
+  { -32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455 },
+  { 27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629 },
+ },
+},
+{
+ {
+  { -8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069 },
+  { -32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746 },
+  { 24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919 },
+ },
+ {
+  { 11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837 },
+  { 8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906 },
+  { -28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771 },
+ },
+ {
+  { -25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817 },
+  { 10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098 },
+  { 10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409 },
+ },
+ {
+  { -12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504 },
+  { -26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727 },
+  { 28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420 },
+ },
+ {
+  { -32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003 },
+  { -1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605 },
+  { -30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384 },
+ },
+ {
+  { -26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701 },
+  { -23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683 },
+  { 29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708 },
+ },
+ {
+  { -3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563 },
+  { -19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260 },
+  { -5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387 },
+ },
+ {
+  { -19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672 },
+  { 23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686 },
+  { -24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665 },
+ },
+},
+{
+ {
+  { 11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182 },
+  { -31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277 },
+  { 14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628 },
+ },
+ {
+  { -4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474 },
+  { -26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539 },
+  { -25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822 },
+ },
+ {
+  { -10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970 },
+  { 19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756 },
+  { -24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508 },
+ },
+ {
+  { -26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683 },
+  { -10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655 },
+  { -20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158 },
+ },
+ {
+  { -4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125 },
+  { -15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839 },
+  { -20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664 },
+ },
+ {
+  { 27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294 },
+  { -18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899 },
+  { -11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070 },
+ },
+ {
+  { 3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294 },
+  { -15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949 },
+  { -21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083 },
+ },
+ {
+  { 31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420 },
+  { -5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940 },
+  { 29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396 },
+ },
+},
+{
+ {
+  { -12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567 },
+  { 20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127 },
+  { -16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294 },
+ },
+ {
+  { -12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887 },
+  { 22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964 },
+  { 16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195 },
+ },
+ {
+  { 9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244 },
+  { 24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999 },
+  { -1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762 },
+ },
+ {
+  { -18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274 },
+  { -33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236 },
+  { -16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605 },
+ },
+ {
+  { -13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761 },
+  { -22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884 },
+  { -6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482 },
+ },
+ {
+  { -24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638 },
+  { -11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490 },
+  { -32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170 },
+ },
+ {
+  { 5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736 },
+  { 10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124 },
+  { -17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392 },
+ },
+ {
+  { 8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029 },
+  { 6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048 },
+  { 28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958 },
+ },
+},
+{
+ {
+  { 24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593 },
+  { 26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071 },
+  { -11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692 },
+ },
+ {
+  { 11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687 },
+  { -160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441 },
+  { -20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001 },
+ },
+ {
+  { -938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460 },
+  { -19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007 },
+  { -21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762 },
+ },
+ {
+  { 15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005 },
+  { -9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674 },
+  { 4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035 },
+ },
+ {
+  { 7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590 },
+  { -2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957 },
+  { -30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812 },
+ },
+ {
+  { 33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740 },
+  { -18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122 },
+  { -27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158 },
+ },
+ {
+  { 8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885 },
+  { 26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140 },
+  { 19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857 },
+ },
+ {
+  { 801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155 },
+  { 19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260 },
+  { 19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483 },
+ },
+},
+{
+ {
+  { -3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677 },
+  { 32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815 },
+  { 22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751 },
+ },
+ {
+  { -16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203 },
+  { -11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208 },
+  { 1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230 },
+ },
+ {
+  { 16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850 },
+  { -21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389 },
+  { -9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968 },
+ },
+ {
+  { -11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689 },
+  { 14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880 },
+  { 5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304 },
+ },
+ {
+  { 30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632 },
+  { -3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412 },
+  { 20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566 },
+ },
+ {
+  { -20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038 },
+  { -26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232 },
+  { -1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943 },
+ },
+ {
+  { 17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856 },
+  { 23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738 },
+  { 15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971 },
+ },
+ {
+  { -27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718 },
+  { -13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697 },
+  { -11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883 },
+ },
+},
+{
+ {
+  { 5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912 },
+  { -26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358 },
+  { 3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849 },
+ },
+ {
+  { 29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307 },
+  { -14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977 },
+  { -6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335 },
+ },
+ {
+  { -29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644 },
+  { -22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616 },
+  { -27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735 },
+ },
+ {
+  { -21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099 },
+  { 29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341 },
+  { -936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336 },
+ },
+ {
+  { -23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646 },
+  { 31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425 },
+  { -17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388 },
+ },
+ {
+  { -31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743 },
+  { -16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822 },
+  { -8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462 },
+ },
+ {
+  { 18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985 },
+  { 9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702 },
+  { -22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797 },
+ },
+ {
+  { 21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293 },
+  { 27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100 },
+  { 19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688 },
+ },
+},
+{
+ {
+  { 12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186 },
+  { 2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610 },
+  { -2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707 },
+ },
+ {
+  { 7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220 },
+  { 915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025 },
+  { 32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044 },
+ },
+ {
+  { 32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992 },
+  { -4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027 },
+  { 21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197 },
+ },
+ {
+  { 8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901 },
+  { 31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952 },
+  { 19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878 },
+ },
+ {
+  { -28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390 },
+  { 32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730 },
+  { 2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730 },
+ },
+ {
+  { -19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180 },
+  { -30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272 },
+  { -15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715 },
+ },
+ {
+  { -22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970 },
+  { -31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772 },
+  { -17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865 },
+ },
+ {
+  { 15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750 },
+  { 20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373 },
+  { 32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348 },
+ },
+},
+{
+ {
+  { 9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144 },
+  { -22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195 },
+  { 5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086 },
+ },
+ {
+  { -13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684 },
+  { -8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518 },
+  { -2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233 },
+ },
+ {
+  { -5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793 },
+  { -2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794 },
+  { 580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435 },
+ },
+ {
+  { 23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921 },
+  { 13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518 },
+  { 2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563 },
+ },
+ {
+  { 14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278 },
+  { -27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024 },
+  { 4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030 },
+ },
+ {
+  { 10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783 },
+  { 27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717 },
+  { 6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844 },
+ },
+ {
+  { 14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333 },
+  { 16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048 },
+  { 22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760 },
+ },
+ {
+  { -4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760 },
+  { -15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757 },
+  { -2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112 },
+ },
+},
+{
+ {
+  { -19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468 },
+  { 3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184 },
+  { 10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289 },
+ },
+ {
+  { 15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066 },
+  { 24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882 },
+  { 13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226 },
+ },
+ {
+  { 16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101 },
+  { 29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279 },
+  { -6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811 },
+ },
+ {
+  { 27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709 },
+  { 20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714 },
+  { -2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121 },
+ },
+ {
+  { 9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464 },
+  { 12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847 },
+  { 13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400 },
+ },
+ {
+  { 4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414 },
+  { -15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158 },
+  { 17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045 },
+ },
+ {
+  { -461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415 },
+  { -5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459 },
+  { -31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079 },
+ },
+ {
+  { 21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412 },
+  { -20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743 },
+  { -14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836 },
+ },
+},
+{
+ {
+  { 12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022 },
+  { 18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429 },
+  { -6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065 },
+ },
+ {
+  { 30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861 },
+  { 10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000 },
+  { -33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101 },
+ },
+ {
+  { 32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815 },
+  { 29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642 },
+  { 10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966 },
+ },
+ {
+  { 25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574 },
+  { -21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742 },
+  { -18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689 },
+ },
+ {
+  { 12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020 },
+  { -10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772 },
+  { 3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982 },
+ },
+ {
+  { -14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953 },
+  { -16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218 },
+  { -17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265 },
+ },
+ {
+  { 29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073 },
+  { -3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325 },
+  { -11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798 },
+ },
+ {
+  { -4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870 },
+  { -7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863 },
+  { -13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927 },
+ },
+},
+{
+ {
+  { -2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267 },
+  { -9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663 },
+  { 22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862 },
+ },
+ {
+  { -25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673 },
+  { 15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943 },
+  { 15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020 },
+ },
+ {
+  { -4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238 },
+  { 11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064 },
+  { 14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795 },
+ },
+ {
+  { 15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052 },
+  { -10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904 },
+  { 29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531 },
+ },
+ {
+  { -13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979 },
+  { -5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841 },
+  { 10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431 },
+ },
+ {
+  { 10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324 },
+  { -31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940 },
+  { 10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320 },
+ },
+ {
+  { -15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184 },
+  { 14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114 },
+  { 30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878 },
+ },
+ {
+  { 12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784 },
+  { -2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091 },
+  { -16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585 },
+ },
+},
+{
+ {
+  { -8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208 },
+  { 10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864 },
+  { 17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661 },
+ },
+ {
+  { 7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233 },
+  { 26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212 },
+  { -12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525 },
+ },
+ {
+  { -24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068 },
+  { 9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397 },
+  { -8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988 },
+ },
+ {
+  { 5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889 },
+  { 32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038 },
+  { 14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697 },
+ },
+ {
+  { 20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875 },
+  { -25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905 },
+  { -25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656 },
+ },
+ {
+  { 11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818 },
+  { 27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714 },
+  { 10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203 },
+ },
+ {
+  { 20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931 },
+  { -30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024 },
+  { -23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084 },
+ },
+ {
+  { -1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204 },
+  { 20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817 },
+  { 27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667 },
+ },
+},
+{
+ {
+  { 11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504 },
+  { -12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768 },
+  { -19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255 },
+ },
+ {
+  { 6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790 },
+  { 1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438 },
+  { -22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333 },
+ },
+ {
+  { 17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971 },
+  { 31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905 },
+  { 29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409 },
+ },
+ {
+  { 12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409 },
+  { 6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499 },
+  { -8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363 },
+ },
+ {
+  { 28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664 },
+  { -11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324 },
+  { -21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940 },
+ },
+ {
+  { 13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990 },
+  { -17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914 },
+  { -25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290 },
+ },
+ {
+  { 24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257 },
+  { -6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433 },
+  { -16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236 },
+ },
+ {
+  { -12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045 },
+  { 11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093 },
+  { -1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347 },
+ },
+},
+{
+ {
+  { -28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191 },
+  { -15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507 },
+  { -12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906 },
+ },
+ {
+  { 3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018 },
+  { -16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109 },
+  { -23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926 },
+ },
+ {
+  { -24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528 },
+  { 8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625 },
+  { -32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286 },
+ },
+ {
+  { 2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033 },
+  { 27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866 },
+  { 21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896 },
+ },
+ {
+  { 30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075 },
+  { 26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347 },
+  { -22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437 },
+ },
+ {
+  { -5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165 },
+  { -18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588 },
+  { -32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193 },
+ },
+ {
+  { -19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017 },
+  { -28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883 },
+  { 21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961 },
+ },
+ {
+  { 8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043 },
+  { 29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663 },
+  { -20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362 },
+ },
+},
+{
+ {
+  { -33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860 },
+  { 2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466 },
+  { -24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063 },
+ },
+ {
+  { -26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997 },
+  { -1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295 },
+  { -13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369 },
+ },
+ {
+  { 9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385 },
+  { 18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109 },
+  { 2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906 },
+ },
+ {
+  { 4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424 },
+  { -19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185 },
+  { 7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962 },
+ },
+ {
+  { -7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325 },
+  { 10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593 },
+  { 696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404 },
+ },
+ {
+  { -11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644 },
+  { 17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801 },
+  { 26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804 },
+ },
+ {
+  { -31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884 },
+  { -586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577 },
+  { -9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849 },
+ },
+ {
+  { 32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473 },
+  { -8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644 },
+  { -2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319 },
+ },
+},
+{
+ {
+  { -11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599 },
+  { -9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768 },
+  { -27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084 },
+ },
+ {
+  { -27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328 },
+  { -15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369 },
+  { 20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920 },
+ },
+ {
+  { 12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815 },
+  { -32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025 },
+  { -21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397 },
+ },
+ {
+  { -20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448 },
+  { 6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981 },
+  { 30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165 },
+ },
+ {
+  { 32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501 },
+  { 17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073 },
+  { -1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861 },
+ },
+ {
+  { 14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845 },
+  { -1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211 },
+  { 18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870 },
+ },
+ {
+  { 10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096 },
+  { 33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803 },
+  { -32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168 },
+ },
+ {
+  { 30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965 },
+  { -14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505 },
+  { 18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598 },
+ },
+},
+{
+ {
+  { 5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782 },
+  { 5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900 },
+  { -31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479 },
+ },
+ {
+  { -12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208 },
+  { 8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232 },
+  { 17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719 },
+ },
+ {
+  { 16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271 },
+  { -4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326 },
+  { -8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132 },
+ },
+ {
+  { 14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300 },
+  { 8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570 },
+  { 15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670 },
+ },
+ {
+  { -2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994 },
+  { -12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913 },
+  { 31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317 },
+ },
+ {
+  { -25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730 },
+  { 842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096 },
+  { -4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078 },
+ },
+ {
+  { -15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411 },
+  { -19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905 },
+  { -9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654 },
+ },
+ {
+  { -28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870 },
+  { -23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498 },
+  { 12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579 },
+ },
+},
+{
+ {
+  { 14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677 },
+  { 10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647 },
+  { -2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743 },
+ },
+ {
+  { -25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468 },
+  { 21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375 },
+  { -25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155 },
+ },
+ {
+  { 6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725 },
+  { -12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612 },
+  { -10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943 },
+ },
+ {
+  { -30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944 },
+  { 30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928 },
+  { 9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406 },
+ },
+ {
+  { 22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139 },
+  { -8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963 },
+  { -31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693 },
+ },
+ {
+  { 1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734 },
+  { -448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680 },
+  { -24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410 },
+ },
+ {
+  { -9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931 },
+  { -16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654 },
+  { 22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710 },
+ },
+ {
+  { 29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180 },
+  { -26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684 },
+  { -10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895 },
+ },
+},
+{
+ {
+  { 22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501 },
+  { -11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413 },
+  { 6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880 },
+ },
+ {
+  { -8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874 },
+  { 22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962 },
+  { -7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899 },
+ },
+ {
+  { 21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152 },
+  { 9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063 },
+  { 7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080 },
+ },
+ {
+  { -9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146 },
+  { -17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183 },
+  { -19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133 },
+ },
+ {
+  { -32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421 },
+  { -3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622 },
+  { -4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197 },
+ },
+ {
+  { 2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663 },
+  { 31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753 },
+  { 4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755 },
+ },
+ {
+  { -9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862 },
+  { -26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118 },
+  { 26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171 },
+ },
+ {
+  { 15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380 },
+  { 16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824 },
+  { 28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270 },
+ },
+},
+{
+ {
+  { -817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438 },
+  { -31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584 },
+  { -594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562 },
+ },
+ {
+  { 30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471 },
+  { 18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610 },
+  { 19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269 },
+ },
+ {
+  { -30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650 },
+  { 14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369 },
+  { 19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461 },
+ },
+ {
+  { 30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462 },
+  { -5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793 },
+  { -2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218 },
+ },
+ {
+  { -24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226 },
+  { 18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019 },
+  { -15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037 },
+ },
+ {
+  { 31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171 },
+  { -17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132 },
+  { -28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841 },
+ },
+ {
+  { 21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181 },
+  { -33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210 },
+  { -1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040 },
+ },
+ {
+  { 3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935 },
+  { 24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105 },
+  { -28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814 },
+ },
+},
+{
+ {
+  { 793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852 },
+  { 5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581 },
+  { -4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646 },
+ },
+ {
+  { 10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844 },
+  { 10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025 },
+  { 27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453 },
+ },
+ {
+  { -23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068 },
+  { 4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192 },
+  { -17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921 },
+ },
+ {
+  { -9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259 },
+  { -12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426 },
+  { -5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072 },
+ },
+ {
+  { -17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305 },
+  { 13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832 },
+  { 28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943 },
+ },
+ {
+  { -16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011 },
+  { 24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447 },
+  { 17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494 },
+ },
+ {
+  { -28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245 },
+  { -20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859 },
+  { 28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915 },
+ },
+ {
+  { 16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707 },
+  { 10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848 },
+  { -11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224 },
+ },
+},
+{
+ {
+  { -25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391 },
+  { 15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215 },
+  { -23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101 },
+ },
+ {
+  { 23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713 },
+  { 21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849 },
+  { -7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930 },
+ },
+ {
+  { -29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940 },
+  { -21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031 },
+  { -17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404 },
+ },
+ {
+  { -25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243 },
+  { -23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116 },
+  { -24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525 },
+ },
+ {
+  { -23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509 },
+  { -10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883 },
+  { 15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865 },
+ },
+ {
+  { -3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660 },
+  { 4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273 },
+  { -28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138 },
+ },
+ {
+  { -25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560 },
+  { -10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135 },
+  { 2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941 },
+ },
+ {
+  { -4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739 },
+  { 18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756 },
+  { -30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819 },
+ },
+},
+{
+ {
+  { -6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347 },
+  { -27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028 },
+  { 21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075 },
+ },
+ {
+  { 16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799 },
+  { -2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609 },
+  { -25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817 },
+ },
+ {
+  { -23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989 },
+  { -30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523 },
+  { 4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278 },
+ },
+ {
+  { 31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045 },
+  { 19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377 },
+  { 24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480 },
+ },
+ {
+  { 17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016 },
+  { 510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426 },
+  { 18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525 },
+ },
+ {
+  { 13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396 },
+  { 9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080 },
+  { 12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892 },
+ },
+ {
+  { 15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275 },
+  { 11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074 },
+  { 20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140 },
+ },
+ {
+  { -16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717 },
+  { -1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101 },
+  { 24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127 },
+ },
+},
+{
+ {
+  { -12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632 },
+  { -26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415 },
+  { -31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160 },
+ },
+ {
+  { 31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876 },
+  { 22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625 },
+  { -15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478 },
+ },
+ {
+  { 27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164 },
+  { 26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595 },
+  { -7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248 },
+ },
+ {
+  { -16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858 },
+  { 15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193 },
+  { 8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184 },
+ },
+ {
+  { -18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942 },
+  { -1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635 },
+  { 21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948 },
+ },
+ {
+  { 11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935 },
+  { -25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415 },
+  { -15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416 },
+ },
+ {
+  { -7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018 },
+  { 4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778 },
+  { 366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659 },
+ },
+ {
+  { -24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385 },
+  { 18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503 },
+  { 476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329 },
+ },
+},
+{
+ {
+  { 20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056 },
+  { -13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838 },
+  { 24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948 },
+ },
+ {
+  { -3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691 },
+  { -15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118 },
+  { -23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517 },
+ },
+ {
+  { -20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269 },
+  { -6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904 },
+  { -23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589 },
+ },
+ {
+  { -28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193 },
+  { -7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910 },
+  { -30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930 },
+ },
+ {
+  { -7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667 },
+  { 25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481 },
+  { -9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876 },
+ },
+ {
+  { 22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640 },
+  { -8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278 },
+  { -21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112 },
+ },
+ {
+  { 26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272 },
+  { 17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012 },
+  { -10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221 },
+ },
+ {
+  { 30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046 },
+  { 13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345 },
+  { -19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310 },
+ },
+},
+{
+ {
+  { 19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937 },
+  { 31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636 },
+  { -9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008 },
+ },
+ {
+  { -2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429 },
+  { -15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576 },
+  { 31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066 },
+ },
+ {
+  { -9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490 },
+  { -12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104 },
+  { 33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053 },
+ },
+ {
+  { 31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275 },
+  { -20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511 },
+  { 22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095 },
+ },
+ {
+  { -28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439 },
+  { 23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939 },
+  { -23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424 },
+ },
+ {
+  { 2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310 },
+  { 3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608 },
+  { -32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079 },
+ },
+ {
+  { -23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101 },
+  { 21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418 },
+  { 18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576 },
+ },
+ {
+  { 30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356 },
+  { 9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996 },
+  { -26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099 },
+ },
+},
+{
+ {
+  { -26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728 },
+  { -13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658 },
+  { -10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242 },
+ },
+ {
+  { -21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001 },
+  { -4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766 },
+  { 18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373 },
+ },
+ {
+  { 26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458 },
+  { -17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628 },
+  { -13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657 },
+ },
+ {
+  { -23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062 },
+  { 25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616 },
+  { 31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014 },
+ },
+ {
+  { 24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383 },
+  { -25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814 },
+  { -20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718 },
+ },
+ {
+  { 30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417 },
+  { 2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222 },
+  { 33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444 },
+ },
+ {
+  { -20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597 },
+  { 23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970 },
+  { 1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799 },
+ },
+ {
+  { -5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647 },
+  { 13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511 },
+  { -29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032 },
+ },
+},
+{
+ {
+  { 9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834 },
+  { -23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461 },
+  { 29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062 },
+ },
+ {
+  { -25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516 },
+  { -20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547 },
+  { -24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240 },
+ },
+ {
+  { -17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038 },
+  { -33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741 },
+  { 16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103 },
+ },
+ {
+  { -19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747 },
+  { -1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323 },
+  { 31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016 },
+ },
+ {
+  { -14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373 },
+  { 15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228 },
+  { -2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141 },
+ },
+ {
+  { 16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399 },
+  { 11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831 },
+  { -185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376 },
+ },
+ {
+  { -32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313 },
+  { -18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958 },
+  { -6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577 },
+ },
+ {
+  { -22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743 },
+  { 29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684 },
+  { -20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476 },
+ },
+},
diff --git a/src/ext/ed25519/ref10/base.py b/src/ext/ed25519/ref10/base.py
new file mode 100644
index 0000000000..84accc8580
--- /dev/null
+++ b/src/ext/ed25519/ref10/base.py
@@ -0,0 +1,65 @@
+b = 256
+q = 2**255 - 19
+l = 2**252 + 27742317777372353535851937790883648493
+
+def expmod(b,e,m):
+  if e == 0: return 1
+  t = expmod(b,e/2,m)**2 % m
+  if e & 1: t = (t*b) % m
+  return t
+
+def inv(x):
+  return expmod(x,q-2,q)
+
+d = -121665 * inv(121666)
+I = expmod(2,(q-1)/4,q)
+
+def xrecover(y):
+  xx = (y*y-1) * inv(d*y*y+1)
+  x = expmod(xx,(q+3)/8,q)
+  if (x*x - xx) % q != 0: x = (x*I) % q
+  if x % 2 != 0: x = q-x
+  return x
+
+By = 4 * inv(5)
+Bx = xrecover(By)
+B = [Bx % q,By % q]
+
+def edwards(P,Q):
+  x1 = P[0]
+  y1 = P[1]
+  x2 = Q[0]
+  y2 = Q[1]
+  x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
+  y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
+  return [x3 % q,y3 % q]
+
+def radix255(x):
+  x = x % q
+  if x + x > q: x -= q
+  x = [x,0,0,0,0,0,0,0,0,0]
+  bits = [26,25,26,25,26,25,26,25,26,25]
+  for i in range(9):
+    carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
+    x[i] -= carry * 2**bits[i]
+    x[i + 1] += carry
+  result = ""
+  for i in range(9):
+    result = result+str(x[i])+","
+  result = result+str(x[9])
+  return result
+
+Bi = B
+for i in range(32):
+  print "{"
+  Bij = Bi
+  for j in range(8):
+    print " {"
+    print "  {",radix255(Bij[1]+Bij[0]),"},"
+    print "  {",radix255(Bij[1]-Bij[0]),"},"
+    print "  {",radix255(2*d*Bij[0]*Bij[1]),"},"
+    Bij = edwards(Bij,Bi)
+    print " },"
+  print "},"
+  for k in range(8):
+    Bi = edwards(Bi,Bi)
diff --git a/src/ext/ed25519/ref10/base2.h b/src/ext/ed25519/ref10/base2.h
new file mode 100644
index 0000000000..8c538440ff
--- /dev/null
+++ b/src/ext/ed25519/ref10/base2.h
@@ -0,0 +1,40 @@
+ {
+  { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
+  { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
+  { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
+ },
+ {
+  { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
+  { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
+  { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
+ },
+ {
+  { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
+  { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
+  { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
+ },
+ {
+  { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
+  { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
+  { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
+ },
+ {
+  { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
+  { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
+  { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
+ },
+ {
+  { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
+  { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
+  { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
+ },
+ {
+  { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
+  { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
+  { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
+ },
+ {
+  { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
+  { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
+  { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
+ },
diff --git a/src/ext/ed25519/ref10/base2.py b/src/ext/ed25519/ref10/base2.py
new file mode 100644
index 0000000000..5e4e8739d0
--- /dev/null
+++ b/src/ext/ed25519/ref10/base2.py
@@ -0,0 +1,60 @@
+b = 256
+q = 2**255 - 19
+l = 2**252 + 27742317777372353535851937790883648493
+
+def expmod(b,e,m):
+  if e == 0: return 1
+  t = expmod(b,e/2,m)**2 % m
+  if e & 1: t = (t*b) % m
+  return t
+
+def inv(x):
+  return expmod(x,q-2,q)
+
+d = -121665 * inv(121666)
+I = expmod(2,(q-1)/4,q)
+
+def xrecover(y):
+  xx = (y*y-1) * inv(d*y*y+1)
+  x = expmod(xx,(q+3)/8,q)
+  if (x*x - xx) % q != 0: x = (x*I) % q
+  if x % 2 != 0: x = q-x
+  return x
+
+By = 4 * inv(5)
+Bx = xrecover(By)
+B = [Bx % q,By % q]
+
+def edwards(P,Q):
+  x1 = P[0]
+  y1 = P[1]
+  x2 = Q[0]
+  y2 = Q[1]
+  x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
+  y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
+  return [x3 % q,y3 % q]
+
+def radix255(x):
+  x = x % q
+  if x + x > q: x -= q
+  x = [x,0,0,0,0,0,0,0,0,0]
+  bits = [26,25,26,25,26,25,26,25,26,25]
+  for i in range(9):
+    carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
+    x[i] -= carry * 2**bits[i]
+    x[i + 1] += carry
+  result = ""
+  for i in range(9):
+    result = result+str(x[i])+","
+  result = result+str(x[9])
+  return result
+
+Bi = B
+
+for i in range(8):
+  print " {"
+  print "  {",radix255(Bi[1]+Bi[0]),"},"
+  print "  {",radix255(Bi[1]-Bi[0]),"},"
+  print "  {",radix255(2*d*Bi[0]*Bi[1]),"},"
+  print " },"
+  Bi = edwards(B,edwards(B,Bi))
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c
new file mode 100644
index 0000000000..4d9a9cbbe7
--- /dev/null
+++ b/src/ext/ed25519/ref10/blinding.c
@@ -0,0 +1,76 @@
+/* Added to ref10 for Tor. We place this in the public domain.  Alternatively,
+ * you may have it under the Creative Commons 0 "CC0" license. */
+//#include "fe.h"
+#include "ge.h"
+#include "sc.h"
+#include "crypto_hash_sha512.h"
+#include "ed25519_ref10.h"
+
+#include <string.h>
+#include "crypto.h"
+
+static void
+gettweak(unsigned char *out, const unsigned char *param)
+{
+  const char str[] = "Derive temporary signing key";
+  crypto_hash_sha512_2(out, (const unsigned char*)str, strlen(str), param, 32);
+  out[0] &= 248;  /* Is this necessary necessary ? */
+  out[31] &= 63;
+  out[31] |= 64;
+}
+
+int ed25519_ref10_blind_secret_key(unsigned char *out,
+                              const unsigned char *inp,
+                              const unsigned char *param)
+{
+  const char str[] = "Derive temporary signing key hash input";
+  unsigned char tweak[64];
+  unsigned char zero[32];
+  gettweak(tweak, param);
+
+  memset(zero, 0, 32);
+  sc_muladd(out, inp, tweak, zero);
+
+  crypto_hash_sha512_2(tweak, (const unsigned char *)str, strlen(str),
+                       inp+32, 32);
+  memcpy(out+32, tweak, 32);
+
+  memwipe(tweak, 0, sizeof(tweak));
+
+  return 0;
+}
+
+int ed25519_ref10_blind_public_key(unsigned char *out,
+                              const unsigned char *inp,
+                              const unsigned char *param)
+{
+  unsigned char tweak[64];
+  unsigned char zero[32];
+  unsigned char pkcopy[32];
+  ge_p3 A;
+  ge_p2 Aprime;
+
+  gettweak(tweak, param);
+
+  memset(zero, 0, sizeof(zero));
+  /* Not the greatest implementation of all of this.  I wish I had
+   * better-suited primitives to work with here... (but I don't wish that so
+   * strongly that I'm about to code my own ge_scalarmult_vartime). */
+
+  /* We negate the public key first, so that we can pass it to
+   * frombytes_negate_vartime, which negates it again. If there were a
+   * "ge_frombytes", we'd use that, but there isn't. */
+  memcpy(pkcopy, inp, 32);
+  pkcopy[31] ^= (1<<7);
+  ge_frombytes_negate_vartime(&A, pkcopy);
+  /* There isn't a regular ge_scalarmult -- we have to do tweak*A + zero*B. */
+  ge_double_scalarmult_vartime(&Aprime, tweak, &A, zero);
+  ge_tobytes(out, &Aprime);
+
+  memwipe(tweak, 0, sizeof(tweak));
+  memwipe(&A, 0, sizeof(A));
+  memwipe(&Aprime, 0, sizeof(Aprime));
+  memwipe(pkcopy, 0, sizeof(pkcopy));
+
+  return 0;
+}
diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h
new file mode 100644
index 0000000000..0278571522
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h
@@ -0,0 +1,30 @@
+/* Added for Tor. */
+#include <openssl/sha.h>
+
+/* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */
+#define crypto_hash_sha512(out, inp, len) \
+  SHA512((inp), (len), (out))
+
+/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
+ * concatenated with the 'len2'-byte string in 'inp2'. */
+#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2)               \
+  do {                                                                  \
+      SHA512_CTX sha_ctx_;                                              \
+      SHA512_Init(&sha_ctx_);                                           \
+      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
+      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
+      SHA512_Final((out), &sha_ctx_);                                   \
+ } while(0)
+
+/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
+ * concatenated with the 'len2'-byte string in 'inp2', concatenated with
+ * the 'len3'-byte string in 'len3'. */
+#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3)   \
+  do {                                                                  \
+      SHA512_CTX sha_ctx_;                                              \
+      SHA512_Init(&sha_ctx_);                                           \
+      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
+      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
+      SHA512_Update(&sha_ctx_, (inp3), (len3));                         \
+      SHA512_Final((out), &sha_ctx_);                                   \
+ } while(0)
diff --git a/src/ext/ed25519/ref10/crypto_int32.h b/src/ext/ed25519/ref10/crypto_int32.h
new file mode 100644
index 0000000000..dd13c91bd0
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_int32.h
@@ -0,0 +1,25 @@
+/* Added for Tor. */
+
+#ifndef CRYPTO_INT32_H
+#define CRYPTO_INT32_H
+
+#include "torint.h"
+#define crypto_int32 int32_t
+#define crypto_uint32 uint32_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+  ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL32(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint32, crypto_int32)
+#define SHL8(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, unsigned char, signed char)
+
+#endif /* CRYPTO_INT32_H */
diff --git a/src/ext/ed25519/ref10/crypto_int64.h b/src/ext/ed25519/ref10/crypto_int64.h
new file mode 100644
index 0000000000..46e8852ed0
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_int64.h
@@ -0,0 +1,23 @@
+/* Added for Tor. */
+
+#ifndef CRYPTO_INT64_H
+#define CRYPTO_INT64_H
+
+#include "torint.h"
+#define crypto_int64 int64_t
+#define crypto_uint64 uint64_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+  ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL64(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint64, crypto_int64)
+
+#endif /* CRYPTO_INT64_H */
diff --git a/src/ext/ed25519/ref10/crypto_sign.h b/src/ext/ed25519/ref10/crypto_sign.h
new file mode 100644
index 0000000000..549626793a
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_sign.h
@@ -0,0 +1,9 @@
+/* Added for Tor */
+#define crypto_sign ed25519_ref10_sign
+#define crypto_sign_keypair ed25519_ref10_keygen
+#define crypto_sign_seckey ed25519_ref10_seckey
+#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand
+#define crypto_sign_pubkey ed25519_ref10_pubkey
+#define crypto_sign_open ed25519_ref10_open
+
+#include "ed25519_ref10.h"
diff --git a/src/ext/ed25519/ref10/crypto_uint32.h b/src/ext/ed25519/ref10/crypto_uint32.h
new file mode 100644
index 0000000000..62655a5b66
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_uint32.h
@@ -0,0 +1,3 @@
+/* Added for Tor. */
+#include "torint.h"
+#define crypto_uint32 uint32_t
diff --git a/src/ext/ed25519/ref10/crypto_uint64.h b/src/ext/ed25519/ref10/crypto_uint64.h
new file mode 100644
index 0000000000..cbda882a6a
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_uint64.h
@@ -0,0 +1,3 @@
+/* Added for Tor. */
+#include "torint.h"
+#define crypto_uint64 uint64_t
diff --git a/src/ext/ed25519/ref10/crypto_verify_32.h b/src/ext/ed25519/ref10/crypto_verify_32.h
new file mode 100644
index 0000000000..0f63efc7a3
--- /dev/null
+++ b/src/ext/ed25519/ref10/crypto_verify_32.h
@@ -0,0 +1,5 @@
+/* Added for Tor. */
+#include "di_ops.h"
+#define crypto_verify_32(a,b) \
+  (! tor_memeq((a), (b), 32))
+
diff --git a/src/ext/ed25519/ref10/d.h b/src/ext/ed25519/ref10/d.h
new file mode 100644
index 0000000000..e25f578350
--- /dev/null
+++ b/src/ext/ed25519/ref10/d.h
@@ -0,0 +1 @@
+-10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
diff --git a/src/ext/ed25519/ref10/d.py b/src/ext/ed25519/ref10/d.py
new file mode 100644
index 0000000000..8995bb86a3
--- /dev/null
+++ b/src/ext/ed25519/ref10/d.py
@@ -0,0 +1,28 @@
+q = 2**255 - 19
+
+def expmod(b,e,m):
+  if e == 0: return 1
+  t = expmod(b,e/2,m)**2 % m
+  if e & 1: t = (t*b) % m
+  return t
+
+def inv(x):
+  return expmod(x,q-2,q)
+
+def radix255(x):
+  x = x % q
+  if x + x > q: x -= q
+  x = [x,0,0,0,0,0,0,0,0,0]
+  bits = [26,25,26,25,26,25,26,25,26,25]
+  for i in range(9):
+    carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
+    x[i] -= carry * 2**bits[i]
+    x[i + 1] += carry
+  result = ""
+  for i in range(9):
+    result = result+str(x[i])+","
+  result = result+str(x[9])
+  return result
+
+d = -121665 * inv(121666)
+print radix255(d)
diff --git a/src/ext/ed25519/ref10/d2.h b/src/ext/ed25519/ref10/d2.h
new file mode 100644
index 0000000000..01aaec7512
--- /dev/null
+++ b/src/ext/ed25519/ref10/d2.h
@@ -0,0 +1 @@
+-21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
diff --git a/src/ext/ed25519/ref10/d2.py b/src/ext/ed25519/ref10/d2.py
new file mode 100644
index 0000000000..79841758be
--- /dev/null
+++ b/src/ext/ed25519/ref10/d2.py
@@ -0,0 +1,28 @@
+q = 2**255 - 19
+
+def expmod(b,e,m):
+  if e == 0: return 1
+  t = expmod(b,e/2,m)**2 % m
+  if e & 1: t = (t*b) % m
+  return t
+
+def inv(x):
+  return expmod(x,q-2,q)
+
+def radix255(x):
+  x = x % q
+  if x + x > q: x -= q
+  x = [x,0,0,0,0,0,0,0,0,0]
+  bits = [26,25,26,25,26,25,26,25,26,25]
+  for i in range(9):
+    carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
+    x[i] -= carry * 2**bits[i]
+    x[i + 1] += carry
+  result = ""
+  for i in range(9):
+    result = result+str(x[i])+","
+  result = result+str(x[9])
+  return result
+
+d = -121665 * inv(121666)
+print radix255(d*2)
diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h
new file mode 100644
index 0000000000..af7e21a2ad
--- /dev/null
+++ b/src/ext/ed25519/ref10/ed25519_ref10.h
@@ -0,0 +1,30 @@
+/* Added for Tor */
+#ifndef SRC_EXT_ED25519_REF10_H_INCLUDED_
+#define SRC_EXT_ED25519_REF10_H_INCLUDED_
+#include <torint.h>
+
+int ed25519_ref10_seckey(unsigned char *sk);
+int ed25519_ref10_seckey_expand(unsigned char *sk, const unsigned char *sk_seed);
+int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk);
+int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk);
+int ed25519_ref10_open(
+  const unsigned char *signature,
+  const unsigned char *m, size_t mlen,
+  const unsigned char *pk);
+int ed25519_ref10_sign(
+  unsigned char *sig,
+  const unsigned char *m, size_t mlen,
+  const unsigned char *sk, const unsigned char *pk);
+
+/* Added in Tor */
+int ed25519_ref10_pubkey_from_curve25519_pubkey(unsigned char *out,
+                                                const unsigned char *inp,
+                                                int signbit);
+int ed25519_ref10_blind_secret_key(unsigned char *out,
+                              const unsigned char *inp,
+                              const unsigned char *param);
+int ed25519_ref10_blind_public_key(unsigned char *out,
+                              const unsigned char *inp,
+                              const unsigned char *param);
+
+#endif
diff --git a/src/ext/ed25519/ref10/fe.h b/src/ext/ed25519/ref10/fe.h
new file mode 100644
index 0000000000..60c308ba46
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe.h
@@ -0,0 +1,56 @@
+#ifndef FE_H
+#define FE_H
+
+#include "crypto_int32.h"
+
+typedef crypto_int32 fe[10];
+
+/*
+fe means field element.
+Here the field is \Z/(2^255-19).
+An element t, entries t[0]...t[9], represents the integer
+t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
+Bounds on each t[i] vary depending on context.
+*/
+
+#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
+#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
+#define fe_copy crypto_sign_ed25519_ref10_fe_copy
+#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
+#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
+#define fe_0 crypto_sign_ed25519_ref10_fe_0
+#define fe_1 crypto_sign_ed25519_ref10_fe_1
+#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
+#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
+#define fe_add crypto_sign_ed25519_ref10_fe_add
+#define fe_sub crypto_sign_ed25519_ref10_fe_sub
+#define fe_neg crypto_sign_ed25519_ref10_fe_neg
+#define fe_mul crypto_sign_ed25519_ref10_fe_mul
+#define fe_sq crypto_sign_ed25519_ref10_fe_sq
+#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
+#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
+#define fe_invert crypto_sign_ed25519_ref10_fe_invert
+#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
+
+extern void fe_frombytes(fe,const unsigned char *);
+extern void fe_tobytes(unsigned char *,const fe);
+
+extern void fe_copy(fe,const fe);
+extern int fe_isnonzero(const fe);
+extern int fe_isnegative(const fe);
+extern void fe_0(fe);
+extern void fe_1(fe);
+extern void fe_cswap(fe,fe,unsigned int);
+extern void fe_cmov(fe,const fe,unsigned int);
+
+extern void fe_add(fe,const fe,const fe);
+extern void fe_sub(fe,const fe,const fe);
+extern void fe_neg(fe,const fe);
+extern void fe_mul(fe,const fe,const fe);
+extern void fe_sq(fe,const fe);
+extern void fe_sq2(fe,const fe);
+extern void fe_mul121666(fe,const fe);
+extern void fe_invert(fe,const fe);
+extern void fe_pow22523(fe,const fe);
+
+#endif
diff --git a/src/ext/ed25519/ref10/fe_0.c b/src/ext/ed25519/ref10/fe_0.c
new file mode 100644
index 0000000000..ec879d7337
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_0.c
@@ -0,0 +1,19 @@
+#include "fe.h"
+
+/*
+h = 0
+*/
+
+void fe_0(fe h)
+{
+  h[0] = 0;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
diff --git a/src/ext/ed25519/ref10/fe_1.c b/src/ext/ed25519/ref10/fe_1.c
new file mode 100644
index 0000000000..8cf7784844
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_1.c
@@ -0,0 +1,19 @@
+#include "fe.h"
+
+/*
+h = 1
+*/
+
+void fe_1(fe h)
+{
+  h[0] = 1;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
diff --git a/src/ext/ed25519/ref10/fe_add.c b/src/ext/ed25519/ref10/fe_add.c
new file mode 100644
index 0000000000..e6a81da202
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_add.c
@@ -0,0 +1,57 @@
+#include "fe.h"
+
+/*
+h = f + g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+void fe_add(fe h,const fe f,const fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 + g0;
+  crypto_int32 h1 = f1 + g1;
+  crypto_int32 h2 = f2 + g2;
+  crypto_int32 h3 = f3 + g3;
+  crypto_int32 h4 = f4 + g4;
+  crypto_int32 h5 = f5 + g5;
+  crypto_int32 h6 = f6 + g6;
+  crypto_int32 h7 = f7 + g7;
+  crypto_int32 h8 = f8 + g8;
+  crypto_int32 h9 = f9 + g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_cmov.c b/src/ext/ed25519/ref10/fe_cmov.c
new file mode 100644
index 0000000000..8ca584fb19
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_cmov.c
@@ -0,0 +1,63 @@
+#include "fe.h"
+
+/*
+Replace (f,g) with (g,g) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+
+Preconditions: b in {0,1}.
+*/
+
+void fe_cmov(fe f,const fe g,unsigned int b)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 x0 = f0 ^ g0;
+  crypto_int32 x1 = f1 ^ g1;
+  crypto_int32 x2 = f2 ^ g2;
+  crypto_int32 x3 = f3 ^ g3;
+  crypto_int32 x4 = f4 ^ g4;
+  crypto_int32 x5 = f5 ^ g5;
+  crypto_int32 x6 = f6 ^ g6;
+  crypto_int32 x7 = f7 ^ g7;
+  crypto_int32 x8 = f8 ^ g8;
+  crypto_int32 x9 = f9 ^ g9;
+  b = -b;
+  x0 &= b;
+  x1 &= b;
+  x2 &= b;
+  x3 &= b;
+  x4 &= b;
+  x5 &= b;
+  x6 &= b;
+  x7 &= b;
+  x8 &= b;
+  x9 &= b;
+  f[0] = f0 ^ x0;
+  f[1] = f1 ^ x1;
+  f[2] = f2 ^ x2;
+  f[3] = f3 ^ x3;
+  f[4] = f4 ^ x4;
+  f[5] = f5 ^ x5;
+  f[6] = f6 ^ x6;
+  f[7] = f7 ^ x7;
+  f[8] = f8 ^ x8;
+  f[9] = f9 ^ x9;
+}
diff --git a/src/ext/ed25519/ref10/fe_copy.c b/src/ext/ed25519/ref10/fe_copy.c
new file mode 100644
index 0000000000..9c5bf865a2
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_copy.c
@@ -0,0 +1,29 @@
+#include "fe.h"
+
+/*
+h = f
+*/
+
+void fe_copy(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  h[0] = f0;
+  h[1] = f1;
+  h[2] = f2;
+  h[3] = f3;
+  h[4] = f4;
+  h[5] = f5;
+  h[6] = f6;
+  h[7] = f7;
+  h[8] = f8;
+  h[9] = f9;
+}
diff --git a/src/ext/ed25519/ref10/fe_frombytes.c b/src/ext/ed25519/ref10/fe_frombytes.c
new file mode 100644
index 0000000000..98b8e5f7c1
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_frombytes.c
@@ -0,0 +1,73 @@
+#include "fe.h"
+#include "crypto_int64.h"
+#include "crypto_uint64.h"
+
+static crypto_uint64 load_3(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  return result;
+}
+
+static crypto_uint64 load_4(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  result |= ((crypto_uint64) in[3]) << 24;
+  return result;
+}
+
+/*
+Ignores top bit of h.
+*/
+
+void fe_frombytes(fe h,const unsigned char *s)
+{
+  crypto_int64 h0 = load_4(s);
+  crypto_int64 h1 = load_3(s + 4) << 6;
+  crypto_int64 h2 = load_3(s + 7) << 5;
+  crypto_int64 h3 = load_3(s + 10) << 3;
+  crypto_int64 h4 = load_3(s + 13) << 2;
+  crypto_int64 h5 = load_4(s + 16);
+  crypto_int64 h6 = load_3(s + 20) << 7;
+  crypto_int64 h7 = load_3(s + 23) << 5;
+  crypto_int64 h8 = load_3(s + 26) << 4;
+  crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= SHL64(carry9,25);
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= SHL64(carry1,25);
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= SHL64(carry3,25);
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= SHL64(carry5,25);
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= SHL64(carry7,25);
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= SHL64(carry2,26);
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= SHL64(carry6,26);
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= SHL64(carry8,26);
+
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_invert.c b/src/ext/ed25519/ref10/fe_invert.c
new file mode 100644
index 0000000000..bcfdb8ff87
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_invert.c
@@ -0,0 +1,14 @@
+#include "fe.h"
+
+void fe_invert(fe out,const fe z)
+{
+  fe t0;
+  fe t1;
+  fe t2;
+  fe t3;
+  int i;
+
+#include "pow225521.h"
+
+  return;
+}
diff --git a/src/ext/ed25519/ref10/fe_isnegative.c b/src/ext/ed25519/ref10/fe_isnegative.c
new file mode 100644
index 0000000000..3b2c8b8d52
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_isnegative.c
@@ -0,0 +1,16 @@
+#include "fe.h"
+
+/*
+return 1 if f is in {1,3,5,...,q-2}
+return 0 if f is in {0,2,4,...,q-1}
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+int fe_isnegative(const fe f)
+{
+  unsigned char s[32];
+  fe_tobytes(s,f);
+  return s[0] & 1;
+}
diff --git a/src/ext/ed25519/ref10/fe_isnonzero.c b/src/ext/ed25519/ref10/fe_isnonzero.c
new file mode 100644
index 0000000000..47568001ce
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_isnonzero.c
@@ -0,0 +1,19 @@
+#include "fe.h"
+#include "crypto_verify_32.h"
+
+/*
+return 1 if f == 0
+return 0 if f != 0
+
+Preconditions:
+   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+static const unsigned char zero[32];
+
+int fe_isnonzero(const fe f)
+{
+  unsigned char s[32];
+  fe_tobytes(s,f);
+  return crypto_verify_32(s,zero);
+}
diff --git a/src/ext/ed25519/ref10/fe_mul.c b/src/ext/ed25519/ref10/fe_mul.c
new file mode 100644
index 0000000000..ace63e64c1
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_mul.c
@@ -0,0 +1,253 @@
+#include "fe.h"
+#include "crypto_int64.h"
+
+/*
+h = f * g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+   |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+*/
+
+/*
+Notes on implementation strategy:
+
+Using schoolbook multiplication.
+Karatsuba would save a little in some cost models.
+
+Most multiplications by 2 and 19 are 32-bit precomputations;
+cheaper than 64-bit postcomputations.
+
+There is one remaining multiplication by 19 in the carry chain;
+one *19 precomputation can be merged into this,
+but the resulting data flow is considerably less clean.
+
+There are 12 carries below.
+10 of them are 2-way parallelizable and vectorizable.
+Can get away with 11 carries, but then data flow is much deeper.
+
+With tighter constraints on inputs can squeeze carries into int32.
+*/
+
+void fe_mul(fe h,const fe f,const fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 g1_19 = 19 * g1; /* 1.959375*2^29 */
+  crypto_int32 g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+  crypto_int32 g3_19 = 19 * g3;
+  crypto_int32 g4_19 = 19 * g4;
+  crypto_int32 g5_19 = 19 * g5;
+  crypto_int32 g6_19 = 19 * g6;
+  crypto_int32 g7_19 = 19 * g7;
+  crypto_int32 g8_19 = 19 * g8;
+  crypto_int32 g9_19 = 19 * g9;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f9_2 = 2 * f9;
+  crypto_int64 f0g0    = f0   * (crypto_int64) g0;
+  crypto_int64 f0g1    = f0   * (crypto_int64) g1;
+  crypto_int64 f0g2    = f0   * (crypto_int64) g2;
+  crypto_int64 f0g3    = f0   * (crypto_int64) g3;
+  crypto_int64 f0g4    = f0   * (crypto_int64) g4;
+  crypto_int64 f0g5    = f0   * (crypto_int64) g5;
+  crypto_int64 f0g6    = f0   * (crypto_int64) g6;
+  crypto_int64 f0g7    = f0   * (crypto_int64) g7;
+  crypto_int64 f0g8    = f0   * (crypto_int64) g8;
+  crypto_int64 f0g9    = f0   * (crypto_int64) g9;
+  crypto_int64 f1g0    = f1   * (crypto_int64) g0;
+  crypto_int64 f1g1_2  = f1_2 * (crypto_int64) g1;
+  crypto_int64 f1g2    = f1   * (crypto_int64) g2;
+  crypto_int64 f1g3_2  = f1_2 * (crypto_int64) g3;
+  crypto_int64 f1g4    = f1   * (crypto_int64) g4;
+  crypto_int64 f1g5_2  = f1_2 * (crypto_int64) g5;
+  crypto_int64 f1g6    = f1   * (crypto_int64) g6;
+  crypto_int64 f1g7_2  = f1_2 * (crypto_int64) g7;
+  crypto_int64 f1g8    = f1   * (crypto_int64) g8;
+  crypto_int64 f1g9_38 = f1_2 * (crypto_int64) g9_19;
+  crypto_int64 f2g0    = f2   * (crypto_int64) g0;
+  crypto_int64 f2g1    = f2   * (crypto_int64) g1;
+  crypto_int64 f2g2    = f2   * (crypto_int64) g2;
+  crypto_int64 f2g3    = f2   * (crypto_int64) g3;
+  crypto_int64 f2g4    = f2   * (crypto_int64) g4;
+  crypto_int64 f2g5    = f2   * (crypto_int64) g5;
+  crypto_int64 f2g6    = f2   * (crypto_int64) g6;
+  crypto_int64 f2g7    = f2   * (crypto_int64) g7;
+  crypto_int64 f2g8_19 = f2   * (crypto_int64) g8_19;
+  crypto_int64 f2g9_19 = f2   * (crypto_int64) g9_19;
+  crypto_int64 f3g0    = f3   * (crypto_int64) g0;
+  crypto_int64 f3g1_2  = f3_2 * (crypto_int64) g1;
+  crypto_int64 f3g2    = f3   * (crypto_int64) g2;
+  crypto_int64 f3g3_2  = f3_2 * (crypto_int64) g3;
+  crypto_int64 f3g4    = f3   * (crypto_int64) g4;
+  crypto_int64 f3g5_2  = f3_2 * (crypto_int64) g5;
+  crypto_int64 f3g6    = f3   * (crypto_int64) g6;
+  crypto_int64 f3g7_38 = f3_2 * (crypto_int64) g7_19;
+  crypto_int64 f3g8_19 = f3   * (crypto_int64) g8_19;
+  crypto_int64 f3g9_38 = f3_2 * (crypto_int64) g9_19;
+  crypto_int64 f4g0    = f4   * (crypto_int64) g0;
+  crypto_int64 f4g1    = f4   * (crypto_int64) g1;
+  crypto_int64 f4g2    = f4   * (crypto_int64) g2;
+  crypto_int64 f4g3    = f4   * (crypto_int64) g3;
+  crypto_int64 f4g4    = f4   * (crypto_int64) g4;
+  crypto_int64 f4g5    = f4   * (crypto_int64) g5;
+  crypto_int64 f4g6_19 = f4   * (crypto_int64) g6_19;
+  crypto_int64 f4g7_19 = f4   * (crypto_int64) g7_19;
+  crypto_int64 f4g8_19 = f4   * (crypto_int64) g8_19;
+  crypto_int64 f4g9_19 = f4   * (crypto_int64) g9_19;
+  crypto_int64 f5g0    = f5   * (crypto_int64) g0;
+  crypto_int64 f5g1_2  = f5_2 * (crypto_int64) g1;
+  crypto_int64 f5g2    = f5   * (crypto_int64) g2;
+  crypto_int64 f5g3_2  = f5_2 * (crypto_int64) g3;
+  crypto_int64 f5g4    = f5   * (crypto_int64) g4;
+  crypto_int64 f5g5_38 = f5_2 * (crypto_int64) g5_19;
+  crypto_int64 f5g6_19 = f5   * (crypto_int64) g6_19;
+  crypto_int64 f5g7_38 = f5_2 * (crypto_int64) g7_19;
+  crypto_int64 f5g8_19 = f5   * (crypto_int64) g8_19;
+  crypto_int64 f5g9_38 = f5_2 * (crypto_int64) g9_19;
+  crypto_int64 f6g0    = f6   * (crypto_int64) g0;
+  crypto_int64 f6g1    = f6   * (crypto_int64) g1;
+  crypto_int64 f6g2    = f6   * (crypto_int64) g2;
+  crypto_int64 f6g3    = f6   * (crypto_int64) g3;
+  crypto_int64 f6g4_19 = f6   * (crypto_int64) g4_19;
+  crypto_int64 f6g5_19 = f6   * (crypto_int64) g5_19;
+  crypto_int64 f6g6_19 = f6   * (crypto_int64) g6_19;
+  crypto_int64 f6g7_19 = f6   * (crypto_int64) g7_19;
+  crypto_int64 f6g8_19 = f6   * (crypto_int64) g8_19;
+  crypto_int64 f6g9_19 = f6   * (crypto_int64) g9_19;
+  crypto_int64 f7g0    = f7   * (crypto_int64) g0;
+  crypto_int64 f7g1_2  = f7_2 * (crypto_int64) g1;
+  crypto_int64 f7g2    = f7   * (crypto_int64) g2;
+  crypto_int64 f7g3_38 = f7_2 * (crypto_int64) g3_19;
+  crypto_int64 f7g4_19 = f7   * (crypto_int64) g4_19;
+  crypto_int64 f7g5_38 = f7_2 * (crypto_int64) g5_19;
+  crypto_int64 f7g6_19 = f7   * (crypto_int64) g6_19;
+  crypto_int64 f7g7_38 = f7_2 * (crypto_int64) g7_19;
+  crypto_int64 f7g8_19 = f7   * (crypto_int64) g8_19;
+  crypto_int64 f7g9_38 = f7_2 * (crypto_int64) g9_19;
+  crypto_int64 f8g0    = f8   * (crypto_int64) g0;
+  crypto_int64 f8g1    = f8   * (crypto_int64) g1;
+  crypto_int64 f8g2_19 = f8   * (crypto_int64) g2_19;
+  crypto_int64 f8g3_19 = f8   * (crypto_int64) g3_19;
+  crypto_int64 f8g4_19 = f8   * (crypto_int64) g4_19;
+  crypto_int64 f8g5_19 = f8   * (crypto_int64) g5_19;
+  crypto_int64 f8g6_19 = f8   * (crypto_int64) g6_19;
+  crypto_int64 f8g7_19 = f8   * (crypto_int64) g7_19;
+  crypto_int64 f8g8_19 = f8   * (crypto_int64) g8_19;
+  crypto_int64 f8g9_19 = f8   * (crypto_int64) g9_19;
+  crypto_int64 f9g0    = f9   * (crypto_int64) g0;
+  crypto_int64 f9g1_38 = f9_2 * (crypto_int64) g1_19;
+  crypto_int64 f9g2_19 = f9   * (crypto_int64) g2_19;
+  crypto_int64 f9g3_38 = f9_2 * (crypto_int64) g3_19;
+  crypto_int64 f9g4_19 = f9   * (crypto_int64) g4_19;
+  crypto_int64 f9g5_38 = f9_2 * (crypto_int64) g5_19;
+  crypto_int64 f9g6_19 = f9   * (crypto_int64) g6_19;
+  crypto_int64 f9g7_38 = f9_2 * (crypto_int64) g7_19;
+  crypto_int64 f9g8_19 = f9   * (crypto_int64) g8_19;
+  crypto_int64 f9g9_38 = f9_2 * (crypto_int64) g9_19;
+  crypto_int64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
+  crypto_int64 h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
+  crypto_int64 h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
+  crypto_int64 h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
+  crypto_int64 h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
+  crypto_int64 h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
+  crypto_int64 h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
+  crypto_int64 h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
+  crypto_int64 h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
+  crypto_int64 h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  /*
+  |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+    i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+  |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+    i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
+  */
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+  /* |h0| <= 2^25 */
+  /* |h4| <= 2^25 */
+  /* |h1| <= 1.71*2^59 */
+  /* |h5| <= 1.71*2^59 */
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= SHL64(carry1,25);
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= SHL64(carry5,25);
+  /* |h1| <= 2^24; from now on fits into int32 */
+  /* |h5| <= 2^24; from now on fits into int32 */
+  /* |h2| <= 1.41*2^60 */
+  /* |h6| <= 1.41*2^60 */
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= SHL64(carry2,26);
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= SHL64(carry6,26);
+  /* |h2| <= 2^25; from now on fits into int32 unchanged */
+  /* |h6| <= 2^25; from now on fits into int32 unchanged */
+  /* |h3| <= 1.71*2^59 */
+  /* |h7| <= 1.71*2^59 */
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= SHL64(carry3,25);
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= SHL64(carry7,25);
+  /* |h3| <= 2^24; from now on fits into int32 unchanged */
+  /* |h7| <= 2^24; from now on fits into int32 unchanged */
+  /* |h4| <= 1.72*2^34 */
+  /* |h8| <= 1.41*2^60 */
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= SHL64(carry8,26);
+  /* |h4| <= 2^25; from now on fits into int32 unchanged */
+  /* |h8| <= 2^25; from now on fits into int32 unchanged */
+  /* |h5| <= 1.01*2^24 */
+  /* |h9| <= 1.71*2^59 */
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= SHL64(carry9,25);
+  /* |h9| <= 2^24; from now on fits into int32 unchanged */
+  /* |h0| <= 1.1*2^39 */
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+  /* |h0| <= 2^25; from now on fits into int32 unchanged */
+  /* |h1| <= 1.01*2^24 */
+
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_neg.c b/src/ext/ed25519/ref10/fe_neg.c
new file mode 100644
index 0000000000..2078ce5284
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_neg.c
@@ -0,0 +1,45 @@
+#include "fe.h"
+
+/*
+h = -f
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+*/
+
+void fe_neg(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 h0 = -f0;
+  crypto_int32 h1 = -f1;
+  crypto_int32 h2 = -f2;
+  crypto_int32 h3 = -f3;
+  crypto_int32 h4 = -f4;
+  crypto_int32 h5 = -f5;
+  crypto_int32 h6 = -f6;
+  crypto_int32 h7 = -f7;
+  crypto_int32 h8 = -f8;
+  crypto_int32 h9 = -f9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_pow22523.c b/src/ext/ed25519/ref10/fe_pow22523.c
new file mode 100644
index 0000000000..56675a5902
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_pow22523.c
@@ -0,0 +1,13 @@
+#include "fe.h"
+
+void fe_pow22523(fe out,const fe z)
+{
+  fe t0;
+  fe t1;
+  fe t2;
+  int i;
+
+#include "pow22523.h"
+
+  return;
+}
diff --git a/src/ext/ed25519/ref10/fe_sq.c b/src/ext/ed25519/ref10/fe_sq.c
new file mode 100644
index 0000000000..0022a17510
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_sq.c
@@ -0,0 +1,149 @@
+#include "fe.h"
+#include "crypto_int64.h"
+
+/*
+h = f * f
+Can overlap h with f.
+
+Preconditions:
+   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+*/
+
+/*
+See fe_mul.c for discussion of implementation strategy.
+*/
+
+void fe_sq(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 f0_2 = 2 * f0;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f2_2 = 2 * f2;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f4_2 = 2 * f4;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f6_2 = 2 * f6;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
+  crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
+  crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
+  crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
+  crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
+  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
+  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
+  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
+  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
+  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
+  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
+  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
+  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
+  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
+  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
+  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
+  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
+  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
+  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
+  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
+  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
+  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
+  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
+  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
+  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
+  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
+  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
+  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
+  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
+  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
+  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
+  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
+  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
+  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
+  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
+  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
+  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
+  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
+  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
+  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
+  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
+  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
+  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
+  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
+  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
+  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
+  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
+  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
+  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
+  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
+  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
+  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
+  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
+  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
+  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
+  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
+  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
+  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
+  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
+  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
+  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= SHL64(carry1,25);
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= SHL64(carry5,25);
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= SHL64(carry2,26);
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= SHL64(carry6,26);
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= SHL64(carry3,25);
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= SHL64(carry7,25);
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= SHL64(carry8,26);
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= SHL64(carry9,25);
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_sq2.c b/src/ext/ed25519/ref10/fe_sq2.c
new file mode 100644
index 0000000000..e8faa69ec9
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_sq2.c
@@ -0,0 +1,160 @@
+#include "fe.h"
+#include "crypto_int64.h"
+
+/*
+h = 2 * f * f
+Can overlap h with f.
+
+Preconditions:
+   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+
+Postconditions:
+   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+*/
+
+/*
+See fe_mul.c for discussion of implementation strategy.
+*/
+
+void fe_sq2(fe h,const fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 f0_2 = 2 * f0;
+  crypto_int32 f1_2 = 2 * f1;
+  crypto_int32 f2_2 = 2 * f2;
+  crypto_int32 f3_2 = 2 * f3;
+  crypto_int32 f4_2 = 2 * f4;
+  crypto_int32 f5_2 = 2 * f5;
+  crypto_int32 f6_2 = 2 * f6;
+  crypto_int32 f7_2 = 2 * f7;
+  crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
+  crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
+  crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
+  crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
+  crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
+  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
+  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
+  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
+  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
+  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
+  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
+  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
+  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
+  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
+  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
+  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
+  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
+  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
+  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
+  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
+  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
+  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
+  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
+  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
+  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
+  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
+  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
+  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
+  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
+  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
+  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
+  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
+  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
+  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
+  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
+  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
+  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
+  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
+  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
+  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
+  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
+  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
+  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
+  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
+  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
+  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
+  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
+  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
+  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
+  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
+  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
+  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
+  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
+  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
+  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
+  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
+  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
+  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
+  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
+  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
+  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
+  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
+  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
+  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
+  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
+  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
+  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
+  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
+  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
+  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+
+  h0 += h0;
+  h1 += h1;
+  h2 += h2;
+  h3 += h3;
+  h4 += h4;
+  h5 += h5;
+  h6 += h6;
+  h7 += h7;
+  h8 += h8;
+  h9 += h9;
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+
+  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= SHL64(carry1,25);
+  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= SHL64(carry5,25);
+
+  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= SHL64(carry2,26);
+  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= SHL64(carry6,26);
+
+  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= SHL64(carry3,25);
+  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= SHL64(carry7,25);
+
+  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= SHL64(carry4,26);
+  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= SHL64(carry8,26);
+
+  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= SHL64(carry9,25);
+
+  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= SHL64(carry0,26);
+
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_sub.c b/src/ext/ed25519/ref10/fe_sub.c
new file mode 100644
index 0000000000..6e26b7df8f
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_sub.c
@@ -0,0 +1,57 @@
+#include "fe.h"
+
+/*
+h = f - g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+void fe_sub(fe h,const fe f,const fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 - g0;
+  crypto_int32 h1 = f1 - g1;
+  crypto_int32 h2 = f2 - g2;
+  crypto_int32 h3 = f3 - g3;
+  crypto_int32 h4 = f4 - g4;
+  crypto_int32 h5 = f5 - g5;
+  crypto_int32 h6 = f6 - g6;
+  crypto_int32 h7 = f7 - g7;
+  crypto_int32 h8 = f8 - g8;
+  crypto_int32 h9 = f9 - g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
diff --git a/src/ext/ed25519/ref10/fe_tobytes.c b/src/ext/ed25519/ref10/fe_tobytes.c
new file mode 100644
index 0000000000..3c7f389622
--- /dev/null
+++ b/src/ext/ed25519/ref10/fe_tobytes.c
@@ -0,0 +1,119 @@
+#include "fe.h"
+
+/*
+Preconditions:
+  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+
+Write p=2^255-19; q=floor(h/p).
+Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+
+Proof:
+  Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+  Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
+
+  Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+  Then 0<y<1.
+
+  Write r=h-pq.
+  Have 0<=r<=p-1=2^255-20.
+  Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+
+  Write x=r+19(2^-255)r+y.
+  Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+
+  Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+  so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+*/
+
+void fe_tobytes(unsigned char *s,const fe h)
+{
+  crypto_int32 h0 = h[0];
+  crypto_int32 h1 = h[1];
+  crypto_int32 h2 = h[2];
+  crypto_int32 h3 = h[3];
+  crypto_int32 h4 = h[4];
+  crypto_int32 h5 = h[5];
+  crypto_int32 h6 = h[6];
+  crypto_int32 h7 = h[7];
+  crypto_int32 h8 = h[8];
+  crypto_int32 h9 = h[9];
+  crypto_int32 q;
+  crypto_int32 carry0;
+  crypto_int32 carry1;
+  crypto_int32 carry2;
+  crypto_int32 carry3;
+  crypto_int32 carry4;
+  crypto_int32 carry5;
+  crypto_int32 carry6;
+  crypto_int32 carry7;
+  crypto_int32 carry8;
+  crypto_int32 carry9;
+
+  q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
+  q = (h0 + q) >> 26;
+  q = (h1 + q) >> 25;
+  q = (h2 + q) >> 26;
+  q = (h3 + q) >> 25;
+  q = (h4 + q) >> 26;
+  q = (h5 + q) >> 25;
+  q = (h6 + q) >> 26;
+  q = (h7 + q) >> 25;
+  q = (h8 + q) >> 26;
+  q = (h9 + q) >> 25;
+
+  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+  h0 += 19 * q;
+  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+  carry0 = h0 >> 26; h1 += carry0; h0 -= SHL32(carry0,26);
+  carry1 = h1 >> 25; h2 += carry1; h1 -= SHL32(carry1,25);
+  carry2 = h2 >> 26; h3 += carry2; h2 -= SHL32(carry2,26);
+  carry3 = h3 >> 25; h4 += carry3; h3 -= SHL32(carry3,25);
+  carry4 = h4 >> 26; h5 += carry4; h4 -= SHL32(carry4,26);
+  carry5 = h5 >> 25; h6 += carry5; h5 -= SHL32(carry5,25);
+  carry6 = h6 >> 26; h7 += carry6; h6 -= SHL32(carry6,26);
+  carry7 = h7 >> 25; h8 += carry7; h7 -= SHL32(carry7,25);
+  carry8 = h8 >> 26; h9 += carry8; h8 -= SHL32(carry8,26);
+  carry9 = h9 >> 25;               h9 -= SHL32(carry9,25);
+                  /* h10 = carry9 */
+
+  /*
+  Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+  Have h0+...+2^230 h9 between 0 and 2^255-1;
+  evidently 2^255 h10-2^255 q = 0.
+  Goal: Output h0+...+2^230 h9.
+  */
+
+  s[0] = h0 >> 0;
+  s[1] = h0 >> 8;
+  s[2] = h0 >> 16;
+  s[3] = (h0 >> 24) | SHL32(h1,2);
+  s[4] = h1 >> 6;
+  s[5] = h1 >> 14;
+  s[6] = (h1 >> 22) | SHL32(h2,3);
+  s[7] = h2 >> 5;
+  s[8] = h2 >> 13;
+  s[9] = (h2 >> 21) | SHL32(h3,5);
+  s[10] = h3 >> 3;
+  s[11] = h3 >> 11;
+  s[12] = (h3 >> 19) | SHL32(h4,6);
+  s[13] = h4 >> 2;
+  s[14] = h4 >> 10;
+  s[15] = h4 >> 18;
+  s[16] = h5 >> 0;
+  s[17] = h5 >> 8;
+  s[18] = h5 >> 16;
+  s[19] = (h5 >> 24) | SHL32(h6,1);
+  s[20] = h6 >> 7;
+  s[21] = h6 >> 15;
+  s[22] = (h6 >> 23) | SHL32(h7,3);
+  s[23] = h7 >> 5;
+  s[24] = h7 >> 13;
+  s[25] = (h7 >> 21) | SHL32(h8,4);
+  s[26] = h8 >> 4;
+  s[27] = h8 >> 12;
+  s[28] = (h8 >> 20) | SHL32(h9,6);
+  s[29] = h9 >> 2;
+  s[30] = h9 >> 10;
+  s[31] = h9 >> 18;
+}
diff --git a/src/ext/ed25519/ref10/ge.h b/src/ext/ed25519/ref10/ge.h
new file mode 100644
index 0000000000..55e95f95b6
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge.h
@@ -0,0 +1,95 @@
+#ifndef GE_H
+#define GE_H
+
+/*
+ge means group element.
+
+Here the group is the set of pairs (x,y) of field elements (see fe.h)
+satisfying -x^2 + y^2 = 1 + d x^2y^2
+where d = -121665/121666.
+
+Representations:
+  ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+  ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+  ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+  ge_precomp (Duif): (y+x,y-x,2dxy)
+*/
+
+#include "fe.h"
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+} ge_p2;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p3;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p1p1;
+
+typedef struct {
+  fe yplusx;
+  fe yminusx;
+  fe xy2d;
+} ge_precomp;
+
+typedef struct {
+  fe YplusX;
+  fe YminusX;
+  fe Z;
+  fe T2d;
+} ge_cached;
+
+#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime
+#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes
+#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes
+
+#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0
+#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0
+#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0
+#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2
+#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached
+#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2
+#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3
+#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl
+#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl
+
+#define ge_madd crypto_sign_ed25519_ref10_ge_madd
+#define ge_msub crypto_sign_ed25519_ref10_ge_msub
+#define ge_add crypto_sign_ed25519_ref10_ge_add
+#define ge_sub crypto_sign_ed25519_ref10_ge_sub
+#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base
+#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime
+
+extern void ge_tobytes(unsigned char *,const ge_p2 *);
+extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
+extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
+
+extern void ge_p2_0(ge_p2 *);
+extern void ge_p3_0(ge_p3 *);
+extern void ge_precomp_0(ge_precomp *);
+extern void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
+extern void ge_p3_to_cached(ge_cached *,const ge_p3 *);
+extern void ge_p1p1_to_p2(ge_p2 *,const ge_p1p1 *);
+extern void ge_p1p1_to_p3(ge_p3 *,const ge_p1p1 *);
+extern void ge_p2_dbl(ge_p1p1 *,const ge_p2 *);
+extern void ge_p3_dbl(ge_p1p1 *,const ge_p3 *);
+
+extern void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
+extern void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
+extern void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
+extern void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
+extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
+extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
+
+#endif
diff --git a/src/ext/ed25519/ref10/ge_add.c b/src/ext/ed25519/ref10/ge_add.c
new file mode 100644
index 0000000000..da7ff5d2eb
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_add.c
@@ -0,0 +1,11 @@
+#include "ge.h"
+
+/*
+r = p + q
+*/
+
+void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
+{
+  fe t0;
+#include "ge_add.h"
+}
diff --git a/src/ext/ed25519/ref10/ge_add.h b/src/ext/ed25519/ref10/ge_add.h
new file mode 100644
index 0000000000..7481f8ffbe
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_add.h
@@ -0,0 +1,97 @@
+
+/* qhasm: enter ge_add */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe Z2 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ZZ */
+
+/* qhasm: fe YpX2 */
+
+/* qhasm: fe YmX2 */
+
+/* qhasm: fe T2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*YpX2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YpX2=fe#15); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YpX2=q->YplusX); */
+fe_mul(r->Z,r->X,q->YplusX);
+
+/* qhasm: B = YmX1*YmX2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YmX2=fe#16); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YmX2=q->YminusX); */
+fe_mul(r->Y,r->Y,q->YminusX);
+
+/* qhasm: C = T2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
+fe_mul(r->T,q->T2d,p->T);
+
+/* qhasm: ZZ = Z1*Z2 */
+/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
+/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
+fe_mul(r->X,p->Z,q->Z);
+
+/* qhasm: D = 2*ZZ */
+/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
+/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
+fe_add(t0,r->X,r->X);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D+C */
+/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_add(r->Z,t0,r->T);
+
+/* qhasm: T3 = D-C */
+/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
+fe_sub(r->T,t0,r->T);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/ge_add.q b/src/ext/ed25519/ref10/ge_add.q
new file mode 100644
index 0000000000..a6572ab0f8
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_add.q
@@ -0,0 +1,49 @@
+:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d:
+fe r:var/r=fe:
+
+enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18:
+return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
+
+h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
+h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
+h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
+
+:
+
+enter ge_add
+
+fe X1
+fe Y1
+fe Z1
+fe Z2
+fe T1
+fe ZZ
+fe YpX2
+fe YmX2
+fe T2d2
+fe X3
+fe Y3
+fe Z3
+fe T3
+fe YpX1
+fe YmX1
+fe A
+fe B
+fe C
+fe D
+
+YpX1 = Y1+X1
+YmX1 = Y1-X1
+A = YpX1*YpX2
+B = YmX1*YmX2
+C = T2d2*T1
+ZZ = Z1*Z2
+D = 2*ZZ
+X3 = A-B
+Y3 = A+B
+Z3 = D+C
+T3 = D-C
+
+return
diff --git a/src/ext/ed25519/ref10/ge_double_scalarmult.c b/src/ext/ed25519/ref10/ge_double_scalarmult.c
new file mode 100644
index 0000000000..f8bf4bf775
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_double_scalarmult.c
@@ -0,0 +1,96 @@
+#include "ge.h"
+
+static void slide(signed char *r,const unsigned char *a)
+{
+  int i;
+  int b;
+  int k;
+
+  for (i = 0;i < 256;++i)
+    r[i] = 1 & (a[i >> 3] >> (i & 7));
+
+  for (i = 0;i < 256;++i)
+    if (r[i]) {
+      for (b = 1;b <= 6 && i + b < 256;++b) {
+        if (r[i + b]) {
+          if (r[i] + (r[i + b] << b) <= 15) {
+            r[i] += r[i + b] << b; r[i + b] = 0;
+          } else if (r[i] - (r[i + b] << b) >= -15) {
+            r[i] -= r[i + b] << b;
+            for (k = i + b;k < 256;++k) {
+              if (!r[k]) {
+                r[k] = 1;
+                break;
+              }
+              r[k] = 0;
+            }
+          } else
+            break;
+        }
+      }
+    }
+
+}
+
+static ge_precomp Bi[8] = {
+#include "base2.h"
+} ;
+
+/*
+r = a * A + b * B
+where a = a[0]+256*a[1]+...+256^31 a[31].
+and b = b[0]+256*b[1]+...+256^31 b[31].
+B is the Ed25519 base point (x,4/5) with x positive.
+*/
+
+void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
+{
+  signed char aslide[256];
+  signed char bslide[256];
+  ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+  ge_p1p1 t;
+  ge_p3 u;
+  ge_p3 A2;
+  int i;
+
+  slide(aslide,a);
+  slide(bslide,b);
+
+  ge_p3_to_cached(&Ai[0],A);
+  ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
+  ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
+  ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
+  ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
+  ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
+  ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
+  ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
+  ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
+
+  ge_p2_0(r);
+
+  for (i = 255;i >= 0;--i) {
+    if (aslide[i] || bslide[i]) break;
+  }
+
+  for (;i >= 0;--i) {
+    ge_p2_dbl(&t,r);
+
+    if (aslide[i] > 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_add(&t,&u,&Ai[aslide[i]/2]);
+    } else if (aslide[i] < 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
+    }
+
+    if (bslide[i] > 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_madd(&t,&u,&Bi[bslide[i]/2]);
+    } else if (bslide[i] < 0) {
+      ge_p1p1_to_p3(&u,&t);
+      ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
+    }
+
+    ge_p1p1_to_p2(r,&t);
+  }
+}
diff --git a/src/ext/ed25519/ref10/ge_frombytes.c b/src/ext/ed25519/ref10/ge_frombytes.c
new file mode 100644
index 0000000000..1a059ee93f
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_frombytes.c
@@ -0,0 +1,50 @@
+#include "ge.h"
+
+static const fe d = {
+#include "d.h"
+} ;
+
+static const fe sqrtm1 = {
+#include "sqrtm1.h"
+} ;
+
+int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
+{
+  fe u;
+  fe v;
+  fe v3;
+  fe vxx;
+  fe check;
+
+  fe_frombytes(h->Y,s);
+  fe_1(h->Z);
+  fe_sq(u,h->Y);
+  fe_mul(v,u,d);
+  fe_sub(u,u,h->Z);       /* u = y^2-1 */
+  fe_add(v,v,h->Z);       /* v = dy^2+1 */
+
+  fe_sq(v3,v);
+  fe_mul(v3,v3,v);        /* v3 = v^3 */
+  fe_sq(h->X,v3);
+  fe_mul(h->X,h->X,v);
+  fe_mul(h->X,h->X,u);    /* x = uv^7 */
+
+  fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */
+  fe_mul(h->X,h->X,v3);
+  fe_mul(h->X,h->X,u);    /* x = uv^3(uv^7)^((q-5)/8) */
+
+  fe_sq(vxx,h->X);
+  fe_mul(vxx,vxx,v);
+  fe_sub(check,vxx,u);    /* vx^2-u */
+  if (fe_isnonzero(check)) {
+    fe_add(check,vxx,u);  /* vx^2+u */
+    if (fe_isnonzero(check)) return -1;
+    fe_mul(h->X,h->X,sqrtm1);
+  }
+
+  if (fe_isnegative(h->X) == (s[31] >> 7))
+    fe_neg(h->X,h->X);
+
+  fe_mul(h->T,h->X,h->Y);
+  return 0;
+}
diff --git a/src/ext/ed25519/ref10/ge_madd.c b/src/ext/ed25519/ref10/ge_madd.c
new file mode 100644
index 0000000000..622571774b
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_madd.c
@@ -0,0 +1,11 @@
+#include "ge.h"
+
+/*
+r = p + q
+*/
+
+void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
+{
+  fe t0;
+#include "ge_madd.h"
+}
diff --git a/src/ext/ed25519/ref10/ge_madd.h b/src/ext/ed25519/ref10/ge_madd.h
new file mode 100644
index 0000000000..ecae84952b
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_madd.h
@@ -0,0 +1,88 @@
+
+/* qhasm: enter ge_madd */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ypx2 */
+
+/* qhasm: fe ymx2 */
+
+/* qhasm: fe xy2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*ypx2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ypx2=fe#15); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ypx2=q->yplusx); */
+fe_mul(r->Z,r->X,q->yplusx);
+
+/* qhasm: B = YmX1*ymx2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ymx2=fe#16); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ymx2=q->yminusx); */
+fe_mul(r->Y,r->Y,q->yminusx);
+
+/* qhasm: C = xy2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
+fe_mul(r->T,q->xy2d,p->T);
+
+/* qhasm: D = 2*Z1 */
+/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
+/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
+fe_add(t0,p->Z,p->Z);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D+C */
+/* asm 1: fe_add(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_add(r->Z,t0,r->T);
+
+/* qhasm: T3 = D-C */
+/* asm 1: fe_sub(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>T3=r->T,<D=t0,<C=r->T); */
+fe_sub(r->T,t0,r->T);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/ge_madd.q b/src/ext/ed25519/ref10/ge_madd.q
new file mode 100644
index 0000000000..aa3db454e6
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_madd.q
@@ -0,0 +1,46 @@
+:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d:
+fe r:var/r=fe:
+
+enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17:
+return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
+
+h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
+h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
+h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
+
+:
+
+enter ge_madd
+
+fe X1
+fe Y1
+fe Z1
+fe T1
+fe ypx2
+fe ymx2
+fe xy2d2
+fe X3
+fe Y3
+fe Z3
+fe T3
+fe YpX1
+fe YmX1
+fe A
+fe B
+fe C
+fe D
+
+YpX1 = Y1+X1
+YmX1 = Y1-X1
+A = YpX1*ypx2
+B = YmX1*ymx2
+C = xy2d2*T1
+D = 2*Z1
+X3 = A-B
+Y3 = A+B
+Z3 = D+C
+T3 = D-C
+
+return
diff --git a/src/ext/ed25519/ref10/ge_msub.c b/src/ext/ed25519/ref10/ge_msub.c
new file mode 100644
index 0000000000..741ecbf113
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_msub.c
@@ -0,0 +1,11 @@
+#include "ge.h"
+
+/*
+r = p - q
+*/
+
+void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
+{
+  fe t0;
+#include "ge_msub.h"
+}
diff --git a/src/ext/ed25519/ref10/ge_msub.h b/src/ext/ed25519/ref10/ge_msub.h
new file mode 100644
index 0000000000..500f986ba0
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_msub.h
@@ -0,0 +1,88 @@
+
+/* qhasm: enter ge_msub */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ypx2 */
+
+/* qhasm: fe ymx2 */
+
+/* qhasm: fe xy2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*ymx2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<ymx2=fe#16); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<ymx2=q->yminusx); */
+fe_mul(r->Z,r->X,q->yminusx);
+
+/* qhasm: B = YmX1*ypx2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<ypx2=fe#15); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<ypx2=q->yplusx); */
+fe_mul(r->Y,r->Y,q->yplusx);
+
+/* qhasm: C = xy2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<xy2d2=fe#17,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<xy2d2=q->xy2d,<T1=p->T); */
+fe_mul(r->T,q->xy2d,p->T);
+
+/* qhasm: D = 2*Z1 */
+/* asm 1: fe_add(>D=fe#5,<Z1=fe#13,<Z1=fe#13); */
+/* asm 2: fe_add(>D=t0,<Z1=p->Z,<Z1=p->Z); */
+fe_add(t0,p->Z,p->Z);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D-C */
+/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_sub(r->Z,t0,r->T);
+
+/* qhasm: T3 = D+C */
+/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
+fe_add(r->T,t0,r->T);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/ge_msub.q b/src/ext/ed25519/ref10/ge_msub.q
new file mode 100644
index 0000000000..e3cadd882d
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_msub.q
@@ -0,0 +1,46 @@
+:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->yplusx:q->yminusx:q->xy2d:
+fe r:var/r=fe:
+
+enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>ypx2=fe#15:>ymx2=fe#16:>xy2d2=fe#17:
+return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
+
+h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
+h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
+h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
+
+:
+
+enter ge_msub
+
+fe X1
+fe Y1
+fe Z1
+fe T1
+fe ypx2
+fe ymx2
+fe xy2d2
+fe X3
+fe Y3
+fe Z3
+fe T3
+fe YpX1
+fe YmX1
+fe A
+fe B
+fe C
+fe D
+
+YpX1 = Y1+X1
+YmX1 = Y1-X1
+A = YpX1*ymx2
+B = YmX1*ypx2
+C = xy2d2*T1
+D = 2*Z1
+X3 = A-B
+Y3 = A+B
+Z3 = D-C
+T3 = D+C
+
+return
diff --git a/src/ext/ed25519/ref10/ge_p1p1_to_p2.c b/src/ext/ed25519/ref10/ge_p1p1_to_p2.c
new file mode 100644
index 0000000000..9bb5013d66
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p1p1_to_p2.c
@@ -0,0 +1,12 @@
+#include "ge.h"
+
+/*
+r = p
+*/
+
+extern void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
+{
+  fe_mul(r->X,p->X,p->T);
+  fe_mul(r->Y,p->Y,p->Z);
+  fe_mul(r->Z,p->Z,p->T);
+}
diff --git a/src/ext/ed25519/ref10/ge_p1p1_to_p3.c b/src/ext/ed25519/ref10/ge_p1p1_to_p3.c
new file mode 100644
index 0000000000..2f57b10968
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p1p1_to_p3.c
@@ -0,0 +1,13 @@
+#include "ge.h"
+
+/*
+r = p
+*/
+
+extern void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
+{
+  fe_mul(r->X,p->X,p->T);
+  fe_mul(r->Y,p->Y,p->Z);
+  fe_mul(r->Z,p->Z,p->T);
+  fe_mul(r->T,p->X,p->Y);
+}
diff --git a/src/ext/ed25519/ref10/ge_p2_0.c b/src/ext/ed25519/ref10/ge_p2_0.c
new file mode 100644
index 0000000000..6191d1e6e4
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p2_0.c
@@ -0,0 +1,8 @@
+#include "ge.h"
+
+void ge_p2_0(ge_p2 *h)
+{
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+}
diff --git a/src/ext/ed25519/ref10/ge_p2_dbl.c b/src/ext/ed25519/ref10/ge_p2_dbl.c
new file mode 100644
index 0000000000..2e332b5cee
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p2_dbl.c
@@ -0,0 +1,11 @@
+#include "ge.h"
+
+/*
+r = 2 * p
+*/
+
+void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
+{
+  fe t0;
+#include "ge_p2_dbl.h"
+}
diff --git a/src/ext/ed25519/ref10/ge_p2_dbl.h b/src/ext/ed25519/ref10/ge_p2_dbl.h
new file mode 100644
index 0000000000..128efed907
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p2_dbl.h
@@ -0,0 +1,73 @@
+
+/* qhasm: enter ge_p2_dbl */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe AA */
+
+/* qhasm: fe XX */
+
+/* qhasm: fe YY */
+
+/* qhasm: fe B */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: XX=X1^2 */
+/* asm 1: fe_sq(>XX=fe#1,<X1=fe#11); */
+/* asm 2: fe_sq(>XX=r->X,<X1=p->X); */
+fe_sq(r->X,p->X);
+
+/* qhasm: YY=Y1^2 */
+/* asm 1: fe_sq(>YY=fe#3,<Y1=fe#12); */
+/* asm 2: fe_sq(>YY=r->Z,<Y1=p->Y); */
+fe_sq(r->Z,p->Y);
+
+/* qhasm: B=2*Z1^2 */
+/* asm 1: fe_sq2(>B=fe#4,<Z1=fe#13); */
+/* asm 2: fe_sq2(>B=r->T,<Z1=p->Z); */
+fe_sq2(r->T,p->Z);
+
+/* qhasm: A=X1+Y1 */
+/* asm 1: fe_add(>A=fe#2,<X1=fe#11,<Y1=fe#12); */
+/* asm 2: fe_add(>A=r->Y,<X1=p->X,<Y1=p->Y); */
+fe_add(r->Y,p->X,p->Y);
+
+/* qhasm: AA=A^2 */
+/* asm 1: fe_sq(>AA=fe#5,<A=fe#2); */
+/* asm 2: fe_sq(>AA=t0,<A=r->Y); */
+fe_sq(t0,r->Y);
+
+/* qhasm: Y3=YY+XX */
+/* asm 1: fe_add(>Y3=fe#2,<YY=fe#3,<XX=fe#1); */
+/* asm 2: fe_add(>Y3=r->Y,<YY=r->Z,<XX=r->X); */
+fe_add(r->Y,r->Z,r->X);
+
+/* qhasm: Z3=YY-XX */
+/* asm 1: fe_sub(>Z3=fe#3,<YY=fe#3,<XX=fe#1); */
+/* asm 2: fe_sub(>Z3=r->Z,<YY=r->Z,<XX=r->X); */
+fe_sub(r->Z,r->Z,r->X);
+
+/* qhasm: X3=AA-Y3 */
+/* asm 1: fe_sub(>X3=fe#1,<AA=fe#5,<Y3=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<AA=t0,<Y3=r->Y); */
+fe_sub(r->X,t0,r->Y);
+
+/* qhasm: T3=B-Z3 */
+/* asm 1: fe_sub(>T3=fe#4,<B=fe#4,<Z3=fe#3); */
+/* asm 2: fe_sub(>T3=r->T,<B=r->T,<Z3=r->Z); */
+fe_sub(r->T,r->T,r->Z);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/ge_p2_dbl.q b/src/ext/ed25519/ref10/ge_p2_dbl.q
new file mode 100644
index 0000000000..170d42f9a7
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p2_dbl.q
@@ -0,0 +1,41 @@
+:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:
+fe r:var/r=fe:
+
+enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:
+return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
+
+h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
+h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
+h=2*f^2:<f=fe:>h=fe:asm/fe_sq2(>h,<f);:
+h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
+
+:
+
+enter ge_p2_dbl
+
+fe X1
+fe Y1
+fe Z1
+fe A
+fe AA
+fe XX
+fe YY
+fe B
+fe X3
+fe Y3
+fe Z3
+fe T3
+
+XX=X1^2
+YY=Y1^2
+B=2*Z1^2
+A=X1+Y1
+AA=A^2
+Y3=YY+XX
+Z3=YY-XX
+X3=AA-Y3
+T3=B-Z3
+
+return
diff --git a/src/ext/ed25519/ref10/ge_p3_0.c b/src/ext/ed25519/ref10/ge_p3_0.c
new file mode 100644
index 0000000000..401b2935a1
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p3_0.c
@@ -0,0 +1,9 @@
+#include "ge.h"
+
+void ge_p3_0(ge_p3 *h)
+{
+  fe_0(h->X);
+  fe_1(h->Y);
+  fe_1(h->Z);
+  fe_0(h->T);
+}
diff --git a/src/ext/ed25519/ref10/ge_p3_dbl.c b/src/ext/ed25519/ref10/ge_p3_dbl.c
new file mode 100644
index 0000000000..0d8a05915d
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p3_dbl.c
@@ -0,0 +1,12 @@
+#include "ge.h"
+
+/*
+r = 2 * p
+*/
+
+void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
+{
+  ge_p2 q;
+  ge_p3_to_p2(&q,p);
+  ge_p2_dbl(r,&q);
+}
diff --git a/src/ext/ed25519/ref10/ge_p3_to_cached.c b/src/ext/ed25519/ref10/ge_p3_to_cached.c
new file mode 100644
index 0000000000..bde64228cf
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p3_to_cached.c
@@ -0,0 +1,17 @@
+#include "ge.h"
+
+/*
+r = p
+*/
+
+static const fe d2 = {
+#include "d2.h"
+} ;
+
+extern void ge_p3_to_cached(ge_cached *r,const ge_p3 *p)
+{
+  fe_add(r->YplusX,p->Y,p->X);
+  fe_sub(r->YminusX,p->Y,p->X);
+  fe_copy(r->Z,p->Z);
+  fe_mul(r->T2d,p->T,d2);
+}
diff --git a/src/ext/ed25519/ref10/ge_p3_to_p2.c b/src/ext/ed25519/ref10/ge_p3_to_p2.c
new file mode 100644
index 0000000000..e532a9e4cb
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p3_to_p2.c
@@ -0,0 +1,12 @@
+#include "ge.h"
+
+/*
+r = p
+*/
+
+extern void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p)
+{
+  fe_copy(r->X,p->X);
+  fe_copy(r->Y,p->Y);
+  fe_copy(r->Z,p->Z);
+}
diff --git a/src/ext/ed25519/ref10/ge_p3_tobytes.c b/src/ext/ed25519/ref10/ge_p3_tobytes.c
new file mode 100644
index 0000000000..21cb2fc656
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_p3_tobytes.c
@@ -0,0 +1,14 @@
+#include "ge.h"
+
+void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
+{
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip,h->Z);
+  fe_mul(x,h->X,recip);
+  fe_mul(y,h->Y,recip);
+  fe_tobytes(s,y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
diff --git a/src/ext/ed25519/ref10/ge_precomp_0.c b/src/ext/ed25519/ref10/ge_precomp_0.c
new file mode 100644
index 0000000000..2e218861d8
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_precomp_0.c
@@ -0,0 +1,8 @@
+#include "ge.h"
+
+void ge_precomp_0(ge_precomp *h)
+{
+  fe_1(h->yplusx);
+  fe_1(h->yminusx);
+  fe_0(h->xy2d);
+}
diff --git a/src/ext/ed25519/ref10/ge_scalarmult_base.c b/src/ext/ed25519/ref10/ge_scalarmult_base.c
new file mode 100644
index 0000000000..5292f83221
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_scalarmult_base.c
@@ -0,0 +1,109 @@
+#include "ge.h"
+#include "crypto_uint32.h"
+
+/* Rename this so as not to interfere with select() which torint.h apparently
+ * grabs. :p */
+#define select ed25519_ref10_select
+
+static unsigned char equal(signed char b,signed char c)
+{
+  unsigned char ub = b;
+  unsigned char uc = c;
+  unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
+  crypto_uint32 y = x; /* 0: yes; 1..255: no */
+  y -= 1; /* 4294967295: yes; 0..254: no */
+  y >>= 31; /* 1: yes; 0: no */
+  return y;
+}
+
+static unsigned char negative(signed char b)
+{
+  uint64_t x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+  x >>= 63; /* 1: yes; 0: no */
+  return x;
+}
+
+static void cmov(ge_precomp *t,ge_precomp *u,unsigned char b)
+{
+  fe_cmov(t->yplusx,u->yplusx,b);
+  fe_cmov(t->yminusx,u->yminusx,b);
+  fe_cmov(t->xy2d,u->xy2d,b);
+}
+
+/* base[i][j] = (j+1)*256^i*B */
+static ge_precomp base[32][8] = {
+#include "base.h"
+} ;
+
+static void select(ge_precomp *t,int pos,signed char b)
+{
+  ge_precomp minust;
+  unsigned char bnegative = negative(b);
+  unsigned char babs = b - SHL8( (-bnegative) & (unsigned char)b, 1);
+
+  ge_precomp_0(t);
+  cmov(t,&base[pos][0],equal(babs,1));
+  cmov(t,&base[pos][1],equal(babs,2));
+  cmov(t,&base[pos][2],equal(babs,3));
+  cmov(t,&base[pos][3],equal(babs,4));
+  cmov(t,&base[pos][4],equal(babs,5));
+  cmov(t,&base[pos][5],equal(babs,6));
+  cmov(t,&base[pos][6],equal(babs,7));
+  cmov(t,&base[pos][7],equal(babs,8));
+  fe_copy(minust.yplusx,t->yminusx);
+  fe_copy(minust.yminusx,t->yplusx);
+  fe_neg(minust.xy2d,t->xy2d);
+  cmov(t,&minust,bnegative);
+}
+
+/*
+h = a * B
+where a = a[0]+256*a[1]+...+256^31 a[31]
+B is the Ed25519 base point (x,4/5) with x positive.
+
+Preconditions:
+  a[31] <= 127
+*/
+
+void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
+{
+  signed char e[64];
+  signed char carry;
+  ge_p1p1 r;
+  ge_p2 s;
+  ge_precomp t;
+  int i;
+
+  for (i = 0;i < 32;++i) {
+    e[2 * i + 0] = (a[i] >> 0) & 15;
+    e[2 * i + 1] = (a[i] >> 4) & 15;
+  }
+  /* each e[i] is between 0 and 15 */
+  /* e[63] is between 0 and 7 */
+
+  carry = 0;
+  for (i = 0;i < 63;++i) {
+    e[i] += carry;
+    carry = e[i] + 8;
+    carry >>= 4;
+    e[i] -= SHL8(carry,4);
+  }
+  e[63] += carry;
+  /* each e[i] is between -8 and 8 */
+
+  ge_p3_0(h);
+  for (i = 1;i < 64;i += 2) {
+    select(&t,i / 2,e[i]);
+    ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
+  }
+
+  ge_p3_dbl(&r,h);  ge_p1p1_to_p2(&s,&r);
+  ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
+  ge_p2_dbl(&r,&s); ge_p1p1_to_p2(&s,&r);
+  ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
+
+  for (i = 0;i < 64;i += 2) {
+    select(&t,i / 2,e[i]);
+    ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
+  }
+}
diff --git a/src/ext/ed25519/ref10/ge_sub.c b/src/ext/ed25519/ref10/ge_sub.c
new file mode 100644
index 0000000000..69f3d54062
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_sub.c
@@ -0,0 +1,11 @@
+#include "ge.h"
+
+/*
+r = p - q
+*/
+
+void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
+{
+  fe t0;
+#include "ge_sub.h"
+}
diff --git a/src/ext/ed25519/ref10/ge_sub.h b/src/ext/ed25519/ref10/ge_sub.h
new file mode 100644
index 0000000000..b4ef1f5dd0
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_sub.h
@@ -0,0 +1,97 @@
+
+/* qhasm: enter ge_sub */
+
+/* qhasm: fe X1 */
+
+/* qhasm: fe Y1 */
+
+/* qhasm: fe Z1 */
+
+/* qhasm: fe Z2 */
+
+/* qhasm: fe T1 */
+
+/* qhasm: fe ZZ */
+
+/* qhasm: fe YpX2 */
+
+/* qhasm: fe YmX2 */
+
+/* qhasm: fe T2d2 */
+
+/* qhasm: fe X3 */
+
+/* qhasm: fe Y3 */
+
+/* qhasm: fe Z3 */
+
+/* qhasm: fe T3 */
+
+/* qhasm: fe YpX1 */
+
+/* qhasm: fe YmX1 */
+
+/* qhasm: fe A */
+
+/* qhasm: fe B */
+
+/* qhasm: fe C */
+
+/* qhasm: fe D */
+
+/* qhasm: YpX1 = Y1+X1 */
+/* asm 1: fe_add(>YpX1=fe#1,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_add(>YpX1=r->X,<Y1=p->Y,<X1=p->X); */
+fe_add(r->X,p->Y,p->X);
+
+/* qhasm: YmX1 = Y1-X1 */
+/* asm 1: fe_sub(>YmX1=fe#2,<Y1=fe#12,<X1=fe#11); */
+/* asm 2: fe_sub(>YmX1=r->Y,<Y1=p->Y,<X1=p->X); */
+fe_sub(r->Y,p->Y,p->X);
+
+/* qhasm: A = YpX1*YmX2 */
+/* asm 1: fe_mul(>A=fe#3,<YpX1=fe#1,<YmX2=fe#16); */
+/* asm 2: fe_mul(>A=r->Z,<YpX1=r->X,<YmX2=q->YminusX); */
+fe_mul(r->Z,r->X,q->YminusX);
+
+/* qhasm: B = YmX1*YpX2 */
+/* asm 1: fe_mul(>B=fe#2,<YmX1=fe#2,<YpX2=fe#15); */
+/* asm 2: fe_mul(>B=r->Y,<YmX1=r->Y,<YpX2=q->YplusX); */
+fe_mul(r->Y,r->Y,q->YplusX);
+
+/* qhasm: C = T2d2*T1 */
+/* asm 1: fe_mul(>C=fe#4,<T2d2=fe#18,<T1=fe#14); */
+/* asm 2: fe_mul(>C=r->T,<T2d2=q->T2d,<T1=p->T); */
+fe_mul(r->T,q->T2d,p->T);
+
+/* qhasm: ZZ = Z1*Z2 */
+/* asm 1: fe_mul(>ZZ=fe#1,<Z1=fe#13,<Z2=fe#17); */
+/* asm 2: fe_mul(>ZZ=r->X,<Z1=p->Z,<Z2=q->Z); */
+fe_mul(r->X,p->Z,q->Z);
+
+/* qhasm: D = 2*ZZ */
+/* asm 1: fe_add(>D=fe#5,<ZZ=fe#1,<ZZ=fe#1); */
+/* asm 2: fe_add(>D=t0,<ZZ=r->X,<ZZ=r->X); */
+fe_add(t0,r->X,r->X);
+
+/* qhasm: X3 = A-B */
+/* asm 1: fe_sub(>X3=fe#1,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_sub(>X3=r->X,<A=r->Z,<B=r->Y); */
+fe_sub(r->X,r->Z,r->Y);
+
+/* qhasm: Y3 = A+B */
+/* asm 1: fe_add(>Y3=fe#2,<A=fe#3,<B=fe#2); */
+/* asm 2: fe_add(>Y3=r->Y,<A=r->Z,<B=r->Y); */
+fe_add(r->Y,r->Z,r->Y);
+
+/* qhasm: Z3 = D-C */
+/* asm 1: fe_sub(>Z3=fe#3,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_sub(>Z3=r->Z,<D=t0,<C=r->T); */
+fe_sub(r->Z,t0,r->T);
+
+/* qhasm: T3 = D+C */
+/* asm 1: fe_add(>T3=fe#4,<D=fe#5,<C=fe#4); */
+/* asm 2: fe_add(>T3=r->T,<D=t0,<C=r->T); */
+fe_add(r->T,t0,r->T);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/ge_sub.q b/src/ext/ed25519/ref10/ge_sub.q
new file mode 100644
index 0000000000..2779a4a201
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_sub.q
@@ -0,0 +1,49 @@
+:name:fe:r->X:r->Y:r->Z:r->T:t0:t1:t2:t3:t4:t5:p->X:p->Y:p->Z:p->T:q->YplusX:q->YminusX:q->Z:q->T2d:
+fe r:var/r=fe:
+
+enter f:enter/f:>X1=fe#11:>Y1=fe#12:>Z1=fe#13:>T1=fe#14:>YpX2=fe#15:>YmX2=fe#16:>Z2=fe#17:>T2d2=fe#18:
+return:nofallthrough:<X3=fe#1:<Y3=fe#2:<Z3=fe#3:<T3=fe#4:leave:
+
+h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
+h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
+h=2*g:<g=fe:>h=fe:asm/fe_add(>h,<g,<g);:
+
+:
+
+enter ge_sub
+
+fe X1
+fe Y1
+fe Z1
+fe Z2
+fe T1
+fe ZZ
+fe YpX2
+fe YmX2
+fe T2d2
+fe X3
+fe Y3
+fe Z3
+fe T3
+fe YpX1
+fe YmX1
+fe A
+fe B
+fe C
+fe D
+
+YpX1 = Y1+X1
+YmX1 = Y1-X1
+A = YpX1*YmX2
+B = YmX1*YpX2
+C = T2d2*T1
+ZZ = Z1*Z2
+D = 2*ZZ
+X3 = A-B
+Y3 = A+B
+Z3 = D-C
+T3 = D+C
+
+return
diff --git a/src/ext/ed25519/ref10/ge_tobytes.c b/src/ext/ed25519/ref10/ge_tobytes.c
new file mode 100644
index 0000000000..31b3d33e09
--- /dev/null
+++ b/src/ext/ed25519/ref10/ge_tobytes.c
@@ -0,0 +1,14 @@
+#include "ge.h"
+
+void ge_tobytes(unsigned char *s,const ge_p2 *h)
+{
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(recip,h->Z);
+  fe_mul(x,h->X,recip);
+  fe_mul(y,h->Y,recip);
+  fe_tobytes(s,y);
+  s[31] ^= fe_isnegative(x) << 7;
+}
diff --git a/src/ext/ed25519/ref10/keyconv.c b/src/ext/ed25519/ref10/keyconv.c
new file mode 100644
index 0000000000..854b150d69
--- /dev/null
+++ b/src/ext/ed25519/ref10/keyconv.c
@@ -0,0 +1,37 @@
+/* Added to ref10 for Tor. We place this in the public domain.  Alternatively,
+ * you may have it under the Creative Commons 0 "CC0" license. */
+#include "fe.h"
+#include "ed25519_ref10.h"
+
+int ed25519_ref10_pubkey_from_curve25519_pubkey(unsigned char *out,
+                                                const unsigned char *inp,
+                                                int signbit)
+{
+  fe u;
+  fe one;
+  fe y;
+  fe uplus1;
+  fe uminus1;
+  fe inv_uplus1;
+
+  /* From prop228:
+
+   Given a curve25519 x-coordinate (u), we can get the y coordinate
+   of the ed25519 key using
+
+         y = (u-1)/(u+1)
+  */
+  fe_frombytes(u, inp);
+  fe_1(one);
+  fe_sub(uminus1, u, one);
+  fe_add(uplus1, u, one);
+  fe_invert(inv_uplus1, uplus1);
+  fe_mul(y, uminus1, inv_uplus1);
+
+  fe_tobytes(out, y);
+
+  /* propagate sign. */
+  out[31] |= (!!signbit) << 7;
+
+  return 0;
+}
diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c
new file mode 100644
index 0000000000..7ddbaa971e
--- /dev/null
+++ b/src/ext/ed25519/ref10/keypair.c
@@ -0,0 +1,51 @@
+/* Modified for Tor: new API, 64-byte secret keys. */
+#include <string.h>
+#include "randombytes.h"
+#include "crypto_sign.h"
+#include "crypto_hash_sha512.h"
+#include "ge.h"
+
+int
+crypto_sign_seckey(unsigned char *sk)
+{
+  unsigned char seed[32];
+
+  if (randombytes(seed,32) < 0)
+    return -1;
+
+  crypto_sign_seckey_expand(sk, seed);
+
+  memwipe(seed, 0, 32);
+
+  return 0;
+}
+
+int crypto_sign_seckey_expand(unsigned char *sk, const unsigned char *skseed)
+{
+  crypto_hash_sha512(sk,skseed,32);
+  sk[0] &= 248;
+  sk[31] &= 63;
+  sk[31] |= 64;
+
+  return 0;
+}
+
+int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk)
+{
+  ge_p3 A;
+
+  ge_scalarmult_base(&A,sk);
+  ge_p3_tobytes(pk,&A);
+
+  return 0;
+}
+
+
+int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
+{
+  crypto_sign_seckey(sk);
+  crypto_sign_pubkey(pk, sk);
+
+  return 0;
+}
+
diff --git a/src/ext/ed25519/ref10/open.c b/src/ext/ed25519/ref10/open.c
new file mode 100644
index 0000000000..9dbeb4cdd0
--- /dev/null
+++ b/src/ext/ed25519/ref10/open.c
@@ -0,0 +1,42 @@
+/* (Modified by Tor to verify signature separately from message) */
+#include <string.h>
+#include "crypto_sign.h"
+#include "crypto_hash_sha512.h"
+#include "crypto_verify_32.h"
+#include "ge.h"
+#include "sc.h"
+
+/* 'signature' must be 64-bytes long. */
+int crypto_sign_open(
+  const unsigned char *signature,
+  const unsigned char *m, size_t mlen,
+  const unsigned char *pk
+)
+{
+  unsigned char pkcopy[32];
+  unsigned char rcopy[32];
+  unsigned char scopy[32];
+  unsigned char h[64];
+  unsigned char rcheck[32];
+  ge_p3 A;
+  ge_p2 R;
+
+  if (signature[63] & 224) goto badsig;
+  if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;
+
+  memmove(pkcopy,pk,32);
+  memmove(rcopy,signature,32);
+  memmove(scopy,signature + 32,32);
+
+  crypto_hash_sha512_3(h, rcopy, 32, pkcopy, 32, m, mlen);
+  sc_reduce(h);
+
+  ge_double_scalarmult_vartime(&R,h,&A,scopy);
+  ge_tobytes(rcheck,&R);
+  if (crypto_verify_32(rcheck,rcopy) == 0) {
+    return 0;
+  }
+
+badsig:
+  return -1;
+}
diff --git a/src/ext/ed25519/ref10/pow22523.h b/src/ext/ed25519/ref10/pow22523.h
new file mode 100644
index 0000000000..9204ff838f
--- /dev/null
+++ b/src/ext/ed25519/ref10/pow22523.h
@@ -0,0 +1,161 @@
+/* Modified by Tor: pointless loops removed to appease analysis tools */
+
+/* qhasm: fe z1 */
+
+/* qhasm: fe z2 */
+
+/* qhasm: fe z8 */
+
+/* qhasm: fe z9 */
+
+/* qhasm: fe z11 */
+
+/* qhasm: fe z22 */
+
+/* qhasm: fe z_5_0 */
+
+/* qhasm: fe z_10_5 */
+
+/* qhasm: fe z_10_0 */
+
+/* qhasm: fe z_20_10 */
+
+/* qhasm: fe z_20_0 */
+
+/* qhasm: fe z_40_20 */
+
+/* qhasm: fe z_40_0 */
+
+/* qhasm: fe z_50_10 */
+
+/* qhasm: fe z_50_0 */
+
+/* qhasm: fe z_100_50 */
+
+/* qhasm: fe z_100_0 */
+
+/* qhasm: fe z_200_100 */
+
+/* qhasm: fe z_200_0 */
+
+/* qhasm: fe z_250_50 */
+
+/* qhasm: fe z_250_0 */
+
+/* qhasm: fe z_252_2 */
+
+/* qhasm: fe z_252_3 */
+
+/* qhasm: enter pow22523 */
+
+/* qhasm: z2 = z1^2^1 */
+/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
+/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
+fe_sq(t0,z); /* DEADCODE This loop has no effect:  for (i = 1;i < 1;++i) fe_sq(t0,t0); */
+
+/* qhasm: z8 = z2^2^2 */
+/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
+/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
+fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
+
+/* qhasm: z9 = z1*z8 */
+/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
+/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
+fe_mul(t1,z,t1);
+
+/* qhasm: z11 = z2*z9 */
+/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
+/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
+fe_mul(t0,t0,t1);
+
+/* qhasm: z22 = z11^2^1 */
+/* asm 1: fe_sq(>z22=fe#1,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#1,>z22=fe#1); */
+/* asm 2: fe_sq(>z22=t0,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t0,>z22=t0); */
+fe_sq(t0,t0); /* DEADCODE This loop has no effect:  for (i = 1;i < 1;++i) fe_sq(t0,t0); */
+
+/* qhasm: z_5_0 = z9*z22 */
+/* asm 1: fe_mul(>z_5_0=fe#1,<z9=fe#2,<z22=fe#1); */
+/* asm 2: fe_mul(>z_5_0=t0,<z9=t1,<z22=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_10_5 = z_5_0^2^5 */
+/* asm 1: fe_sq(>z_10_5=fe#2,<z_5_0=fe#1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#2,>z_10_5=fe#2); */
+/* asm 2: fe_sq(>z_10_5=t1,<z_5_0=t0); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t1,>z_10_5=t1); */
+fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
+
+/* qhasm: z_10_0 = z_10_5*z_5_0 */
+/* asm 1: fe_mul(>z_10_0=fe#1,<z_10_5=fe#2,<z_5_0=fe#1); */
+/* asm 2: fe_mul(>z_10_0=t0,<z_10_5=t1,<z_5_0=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_20_10 = z_10_0^2^10 */
+/* asm 1: fe_sq(>z_20_10=fe#2,<z_10_0=fe#1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#2,>z_20_10=fe#2); */
+/* asm 2: fe_sq(>z_20_10=t1,<z_10_0=t0); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t1,>z_20_10=t1); */
+fe_sq(t1,t0); for (i = 1;i < 10;++i) fe_sq(t1,t1);
+
+/* qhasm: z_20_0 = z_20_10*z_10_0 */
+/* asm 1: fe_mul(>z_20_0=fe#2,<z_20_10=fe#2,<z_10_0=fe#1); */
+/* asm 2: fe_mul(>z_20_0=t1,<z_20_10=t1,<z_10_0=t0); */
+fe_mul(t1,t1,t0);
+
+/* qhasm: z_40_20 = z_20_0^2^20 */
+/* asm 1: fe_sq(>z_40_20=fe#3,<z_20_0=fe#2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#3,>z_40_20=fe#3); */
+/* asm 2: fe_sq(>z_40_20=t2,<z_20_0=t1); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t2,>z_40_20=t2); */
+fe_sq(t2,t1); for (i = 1;i < 20;++i) fe_sq(t2,t2);
+
+/* qhasm: z_40_0 = z_40_20*z_20_0 */
+/* asm 1: fe_mul(>z_40_0=fe#2,<z_40_20=fe#3,<z_20_0=fe#2); */
+/* asm 2: fe_mul(>z_40_0=t1,<z_40_20=t2,<z_20_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_50_10 = z_40_0^2^10 */
+/* asm 1: fe_sq(>z_50_10=fe#2,<z_40_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#2,>z_50_10=fe#2); */
+/* asm 2: fe_sq(>z_50_10=t1,<z_40_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t1,>z_50_10=t1); */
+fe_sq(t1,t1); for (i = 1;i < 10;++i) fe_sq(t1,t1);
+
+/* qhasm: z_50_0 = z_50_10*z_10_0 */
+/* asm 1: fe_mul(>z_50_0=fe#1,<z_50_10=fe#2,<z_10_0=fe#1); */
+/* asm 2: fe_mul(>z_50_0=t0,<z_50_10=t1,<z_10_0=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_100_50 = z_50_0^2^50 */
+/* asm 1: fe_sq(>z_100_50=fe#2,<z_50_0=fe#1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#2,>z_100_50=fe#2); */
+/* asm 2: fe_sq(>z_100_50=t1,<z_50_0=t0); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t1,>z_100_50=t1); */
+fe_sq(t1,t0); for (i = 1;i < 50;++i) fe_sq(t1,t1);
+
+/* qhasm: z_100_0 = z_100_50*z_50_0 */
+/* asm 1: fe_mul(>z_100_0=fe#2,<z_100_50=fe#2,<z_50_0=fe#1); */
+/* asm 2: fe_mul(>z_100_0=t1,<z_100_50=t1,<z_50_0=t0); */
+fe_mul(t1,t1,t0);
+
+/* qhasm: z_200_100 = z_100_0^2^100 */
+/* asm 1: fe_sq(>z_200_100=fe#3,<z_100_0=fe#2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#3,>z_200_100=fe#3); */
+/* asm 2: fe_sq(>z_200_100=t2,<z_100_0=t1); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t2,>z_200_100=t2); */
+fe_sq(t2,t1); for (i = 1;i < 100;++i) fe_sq(t2,t2);
+
+/* qhasm: z_200_0 = z_200_100*z_100_0 */
+/* asm 1: fe_mul(>z_200_0=fe#2,<z_200_100=fe#3,<z_100_0=fe#2); */
+/* asm 2: fe_mul(>z_200_0=t1,<z_200_100=t2,<z_100_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_250_50 = z_200_0^2^50 */
+/* asm 1: fe_sq(>z_250_50=fe#2,<z_200_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#2,>z_250_50=fe#2); */
+/* asm 2: fe_sq(>z_250_50=t1,<z_200_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t1,>z_250_50=t1); */
+fe_sq(t1,t1); for (i = 1;i < 50;++i) fe_sq(t1,t1);
+
+/* qhasm: z_250_0 = z_250_50*z_50_0 */
+/* asm 1: fe_mul(>z_250_0=fe#1,<z_250_50=fe#2,<z_50_0=fe#1); */
+/* asm 2: fe_mul(>z_250_0=t0,<z_250_50=t1,<z_50_0=t0); */
+fe_mul(t0,t1,t0);
+
+/* qhasm: z_252_2 = z_250_0^2^2 */
+/* asm 1: fe_sq(>z_252_2=fe#1,<z_250_0=fe#1); for (i = 1;i < 2;++i) fe_sq(>z_252_2=fe#1,>z_252_2=fe#1); */
+/* asm 2: fe_sq(>z_252_2=t0,<z_250_0=t0); for (i = 1;i < 2;++i) fe_sq(>z_252_2=t0,>z_252_2=t0); */
+fe_sq(t0,t0); for (i = 1;i < 2;++i) fe_sq(t0,t0);
+
+/* qhasm: z_252_3 = z_252_2*z1 */
+/* asm 1: fe_mul(>z_252_3=fe#12,<z_252_2=fe#1,<z1=fe#11); */
+/* asm 2: fe_mul(>z_252_3=out,<z_252_2=t0,<z1=z); */
+fe_mul(out,t0,z);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/pow22523.q b/src/ext/ed25519/ref10/pow22523.q
new file mode 100644
index 0000000000..2ce1da9d4d
--- /dev/null
+++ b/src/ext/ed25519/ref10/pow22523.q
@@ -0,0 +1,61 @@
+:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
+fe r:var/r=fe:
+
+enter f:enter/f:>z1=fe#11:
+return:nofallthrough:<z_252_3=fe#12:leave:
+
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
+
+:
+
+fe z1
+fe z2
+fe z8
+fe z9
+fe z11
+fe z22
+fe z_5_0
+fe z_10_5
+fe z_10_0
+fe z_20_10
+fe z_20_0
+fe z_40_20
+fe z_40_0
+fe z_50_10
+fe z_50_0
+fe z_100_50
+fe z_100_0
+fe z_200_100
+fe z_200_0
+fe z_250_50
+fe z_250_0
+fe z_252_2
+fe z_252_3
+
+enter pow22523
+
+z2 = z1^2^1
+z8 = z2^2^2
+z9 = z1*z8
+z11 = z2*z9
+z22 = z11^2^1
+z_5_0 = z9*z22
+z_10_5 = z_5_0^2^5
+z_10_0 = z_10_5*z_5_0
+z_20_10 = z_10_0^2^10
+z_20_0 = z_20_10*z_10_0
+z_40_20 = z_20_0^2^20
+z_40_0 = z_40_20*z_20_0
+z_50_10 = z_40_0^2^10
+z_50_0 = z_50_10*z_10_0
+z_100_50 = z_50_0^2^50
+z_100_0 = z_100_50*z_50_0
+z_200_100 = z_100_0^2^100
+z_200_0 = z_200_100*z_100_0
+z_250_50 = z_200_0^2^50
+z_250_0 = z_250_50*z_50_0
+z_252_2 = z_250_0^2^2
+z_252_3 = z_252_2*z1
+
+return
diff --git a/src/ext/ed25519/ref10/pow225521.h b/src/ext/ed25519/ref10/pow225521.h
new file mode 100644
index 0000000000..fe2af94c03
--- /dev/null
+++ b/src/ext/ed25519/ref10/pow225521.h
@@ -0,0 +1,161 @@
+/* Modified by Tor: pointless loops removed to appease analysis tools */
+
+/* qhasm: fe z1 */
+
+/* qhasm: fe z2 */
+
+/* qhasm: fe z8 */
+
+/* qhasm: fe z9 */
+
+/* qhasm: fe z11 */
+
+/* qhasm: fe z22 */
+
+/* qhasm: fe z_5_0 */
+
+/* qhasm: fe z_10_5 */
+
+/* qhasm: fe z_10_0 */
+
+/* qhasm: fe z_20_10 */
+
+/* qhasm: fe z_20_0 */
+
+/* qhasm: fe z_40_20 */
+
+/* qhasm: fe z_40_0 */
+
+/* qhasm: fe z_50_10 */
+
+/* qhasm: fe z_50_0 */
+
+/* qhasm: fe z_100_50 */
+
+/* qhasm: fe z_100_0 */
+
+/* qhasm: fe z_200_100 */
+
+/* qhasm: fe z_200_0 */
+
+/* qhasm: fe z_250_50 */
+
+/* qhasm: fe z_250_0 */
+
+/* qhasm: fe z_255_5 */
+
+/* qhasm: fe z_255_21 */
+
+/* qhasm: enter pow225521 */
+
+/* qhasm: z2 = z1^2^1 */
+/* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
+/* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
+fe_sq(t0,z); /* DEADCODE This loop has no effect:  for (i = 1;i < 1;++i) fe_sq(t0,t0); */
+
+/* qhasm: z8 = z2^2^2 */
+/* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
+/* asm 2: fe_sq(>z8=t1,<z2=t0); for (i = 1;i < 2;++i) fe_sq(>z8=t1,>z8=t1); */
+fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
+
+/* qhasm: z9 = z1*z8 */
+/* asm 1: fe_mul(>z9=fe#2,<z1=fe#11,<z8=fe#2); */
+/* asm 2: fe_mul(>z9=t1,<z1=z,<z8=t1); */
+fe_mul(t1,z,t1);
+
+/* qhasm: z11 = z2*z9 */
+/* asm 1: fe_mul(>z11=fe#1,<z2=fe#1,<z9=fe#2); */
+/* asm 2: fe_mul(>z11=t0,<z2=t0,<z9=t1); */
+fe_mul(t0,t0,t1);
+
+/* qhasm: z22 = z11^2^1 */
+/* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
+/* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
+fe_sq(t2,t0); /* DEADCODE This loop has no effect   for (i = 1;i < 1;++i) fe_sq(t2,t2); */
+
+/* qhasm: z_5_0 = z9*z22 */
+/* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
+/* asm 2: fe_mul(>z_5_0=t1,<z9=t1,<z22=t2); */
+fe_mul(t1,t1,t2);
+
+/* qhasm: z_10_5 = z_5_0^2^5 */
+/* asm 1: fe_sq(>z_10_5=fe#3,<z_5_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_10_5=fe#3,>z_10_5=fe#3); */
+/* asm 2: fe_sq(>z_10_5=t2,<z_5_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_10_5=t2,>z_10_5=t2); */
+fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
+
+/* qhasm: z_10_0 = z_10_5*z_5_0 */
+/* asm 1: fe_mul(>z_10_0=fe#2,<z_10_5=fe#3,<z_5_0=fe#2); */
+/* asm 2: fe_mul(>z_10_0=t1,<z_10_5=t2,<z_5_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_20_10 = z_10_0^2^10 */
+/* asm 1: fe_sq(>z_20_10=fe#3,<z_10_0=fe#2); for (i = 1;i < 10;++i) fe_sq(>z_20_10=fe#3,>z_20_10=fe#3); */
+/* asm 2: fe_sq(>z_20_10=t2,<z_10_0=t1); for (i = 1;i < 10;++i) fe_sq(>z_20_10=t2,>z_20_10=t2); */
+fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
+
+/* qhasm: z_20_0 = z_20_10*z_10_0 */
+/* asm 1: fe_mul(>z_20_0=fe#3,<z_20_10=fe#3,<z_10_0=fe#2); */
+/* asm 2: fe_mul(>z_20_0=t2,<z_20_10=t2,<z_10_0=t1); */
+fe_mul(t2,t2,t1);
+
+/* qhasm: z_40_20 = z_20_0^2^20 */
+/* asm 1: fe_sq(>z_40_20=fe#4,<z_20_0=fe#3); for (i = 1;i < 20;++i) fe_sq(>z_40_20=fe#4,>z_40_20=fe#4); */
+/* asm 2: fe_sq(>z_40_20=t3,<z_20_0=t2); for (i = 1;i < 20;++i) fe_sq(>z_40_20=t3,>z_40_20=t3); */
+fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
+
+/* qhasm: z_40_0 = z_40_20*z_20_0 */
+/* asm 1: fe_mul(>z_40_0=fe#3,<z_40_20=fe#4,<z_20_0=fe#3); */
+/* asm 2: fe_mul(>z_40_0=t2,<z_40_20=t3,<z_20_0=t2); */
+fe_mul(t2,t3,t2);
+
+/* qhasm: z_50_10 = z_40_0^2^10 */
+/* asm 1: fe_sq(>z_50_10=fe#3,<z_40_0=fe#3); for (i = 1;i < 10;++i) fe_sq(>z_50_10=fe#3,>z_50_10=fe#3); */
+/* asm 2: fe_sq(>z_50_10=t2,<z_40_0=t2); for (i = 1;i < 10;++i) fe_sq(>z_50_10=t2,>z_50_10=t2); */
+fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
+
+/* qhasm: z_50_0 = z_50_10*z_10_0 */
+/* asm 1: fe_mul(>z_50_0=fe#2,<z_50_10=fe#3,<z_10_0=fe#2); */
+/* asm 2: fe_mul(>z_50_0=t1,<z_50_10=t2,<z_10_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_100_50 = z_50_0^2^50 */
+/* asm 1: fe_sq(>z_100_50=fe#3,<z_50_0=fe#2); for (i = 1;i < 50;++i) fe_sq(>z_100_50=fe#3,>z_100_50=fe#3); */
+/* asm 2: fe_sq(>z_100_50=t2,<z_50_0=t1); for (i = 1;i < 50;++i) fe_sq(>z_100_50=t2,>z_100_50=t2); */
+fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
+
+/* qhasm: z_100_0 = z_100_50*z_50_0 */
+/* asm 1: fe_mul(>z_100_0=fe#3,<z_100_50=fe#3,<z_50_0=fe#2); */
+/* asm 2: fe_mul(>z_100_0=t2,<z_100_50=t2,<z_50_0=t1); */
+fe_mul(t2,t2,t1);
+
+/* qhasm: z_200_100 = z_100_0^2^100 */
+/* asm 1: fe_sq(>z_200_100=fe#4,<z_100_0=fe#3); for (i = 1;i < 100;++i) fe_sq(>z_200_100=fe#4,>z_200_100=fe#4); */
+/* asm 2: fe_sq(>z_200_100=t3,<z_100_0=t2); for (i = 1;i < 100;++i) fe_sq(>z_200_100=t3,>z_200_100=t3); */
+fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
+
+/* qhasm: z_200_0 = z_200_100*z_100_0 */
+/* asm 1: fe_mul(>z_200_0=fe#3,<z_200_100=fe#4,<z_100_0=fe#3); */
+/* asm 2: fe_mul(>z_200_0=t2,<z_200_100=t3,<z_100_0=t2); */
+fe_mul(t2,t3,t2);
+
+/* qhasm: z_250_50 = z_200_0^2^50 */
+/* asm 1: fe_sq(>z_250_50=fe#3,<z_200_0=fe#3); for (i = 1;i < 50;++i) fe_sq(>z_250_50=fe#3,>z_250_50=fe#3); */
+/* asm 2: fe_sq(>z_250_50=t2,<z_200_0=t2); for (i = 1;i < 50;++i) fe_sq(>z_250_50=t2,>z_250_50=t2); */
+fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
+
+/* qhasm: z_250_0 = z_250_50*z_50_0 */
+/* asm 1: fe_mul(>z_250_0=fe#2,<z_250_50=fe#3,<z_50_0=fe#2); */
+/* asm 2: fe_mul(>z_250_0=t1,<z_250_50=t2,<z_50_0=t1); */
+fe_mul(t1,t2,t1);
+
+/* qhasm: z_255_5 = z_250_0^2^5 */
+/* asm 1: fe_sq(>z_255_5=fe#2,<z_250_0=fe#2); for (i = 1;i < 5;++i) fe_sq(>z_255_5=fe#2,>z_255_5=fe#2); */
+/* asm 2: fe_sq(>z_255_5=t1,<z_250_0=t1); for (i = 1;i < 5;++i) fe_sq(>z_255_5=t1,>z_255_5=t1); */
+fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
+
+/* qhasm: z_255_21 = z_255_5*z11 */
+/* asm 1: fe_mul(>z_255_21=fe#12,<z_255_5=fe#2,<z11=fe#1); */
+/* asm 2: fe_mul(>z_255_21=out,<z_255_5=t1,<z11=t0); */
+fe_mul(out,t1,t0);
+
+/* qhasm: return */
diff --git a/src/ext/ed25519/ref10/pow225521.q b/src/ext/ed25519/ref10/pow225521.q
new file mode 100644
index 0000000000..45be57c08a
--- /dev/null
+++ b/src/ext/ed25519/ref10/pow225521.q
@@ -0,0 +1,61 @@
+:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
+fe r:var/r=fe:
+
+enter f:enter/f:>z1=fe#11:
+return:nofallthrough:<z_255_21=fe#12:leave:
+
+h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
+h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
+
+:
+
+fe z1
+fe z2
+fe z8
+fe z9
+fe z11
+fe z22
+fe z_5_0
+fe z_10_5
+fe z_10_0
+fe z_20_10
+fe z_20_0
+fe z_40_20
+fe z_40_0
+fe z_50_10
+fe z_50_0
+fe z_100_50
+fe z_100_0
+fe z_200_100
+fe z_200_0
+fe z_250_50
+fe z_250_0
+fe z_255_5
+fe z_255_21
+
+enter pow225521
+
+z2 = z1^2^1
+z8 = z2^2^2
+z9 = z1*z8
+z11 = z2*z9
+z22 = z11^2^1
+z_5_0 = z9*z22
+z_10_5 = z_5_0^2^5
+z_10_0 = z_10_5*z_5_0
+z_20_10 = z_10_0^2^10
+z_20_0 = z_20_10*z_10_0
+z_40_20 = z_20_0^2^20
+z_40_0 = z_40_20*z_20_0
+z_50_10 = z_40_0^2^10
+z_50_0 = z_50_10*z_10_0
+z_100_50 = z_50_0^2^50
+z_100_0 = z_100_50*z_50_0
+z_200_100 = z_100_0^2^100
+z_200_0 = z_200_100*z_100_0
+z_250_50 = z_200_0^2^50
+z_250_0 = z_250_50*z_50_0
+z_255_5 = z_250_0^2^5
+z_255_21 = z_255_5*z11
+
+return
diff --git a/src/ext/ed25519/ref10/q2h.sh b/src/ext/ed25519/ref10/q2h.sh
new file mode 100755
index 0000000000..47ec5110e8
--- /dev/null
+++ b/src/ext/ed25519/ref10/q2h.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+sed 's/^#.*//' \
+| qhasm-generic \
+| sed 's_//\(.*\)$_/*\1 */_'
diff --git a/src/ext/ed25519/ref10/randombytes.h b/src/ext/ed25519/ref10/randombytes.h
new file mode 100644
index 0000000000..8bf31631f0
--- /dev/null
+++ b/src/ext/ed25519/ref10/randombytes.h
@@ -0,0 +1,4 @@
+/* Added for Tor. */
+#include "crypto.h"
+#define randombytes(b, n) \
+  (crypto_strongest_rand((b), (n)), 0)
diff --git a/src/ext/ed25519/ref10/sc.h b/src/ext/ed25519/ref10/sc.h
new file mode 100644
index 0000000000..d32ed2e8ca
--- /dev/null
+++ b/src/ext/ed25519/ref10/sc.h
@@ -0,0 +1,15 @@
+#ifndef SC_H
+#define SC_H
+
+/*
+The set of scalars is \Z/l
+where l = 2^252 + 27742317777372353535851937790883648493.
+*/
+
+#define sc_reduce crypto_sign_ed25519_ref10_sc_reduce
+#define sc_muladd crypto_sign_ed25519_ref10_sc_muladd
+
+extern void sc_reduce(unsigned char *);
+extern void sc_muladd(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+
+#endif
diff --git a/src/ext/ed25519/ref10/sc_muladd.c b/src/ext/ed25519/ref10/sc_muladd.c
new file mode 100644
index 0000000000..20b94c1049
--- /dev/null
+++ b/src/ext/ed25519/ref10/sc_muladd.c
@@ -0,0 +1,368 @@
+#include "sc.h"
+#include "crypto_int64.h"
+#include "crypto_uint32.h"
+#include "crypto_uint64.h"
+
+static crypto_uint64 load_3(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  return result;
+}
+
+static crypto_uint64 load_4(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  result |= ((crypto_uint64) in[3]) << 24;
+  return result;
+}
+
+/*
+Input:
+  a[0]+256*a[1]+...+256^31*a[31] = a
+  b[0]+256*b[1]+...+256^31*b[31] = b
+  c[0]+256*c[1]+...+256^31*c[31] = c
+
+Output:
+  s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+  where l = 2^252 + 27742317777372353535851937790883648493.
+*/
+
+void sc_muladd(unsigned char *s,const unsigned char *a,const unsigned char *b,const unsigned char *c)
+{
+  crypto_int64 a0 = 2097151 & load_3(a);
+  crypto_int64 a1 = 2097151 & (load_4(a + 2) >> 5);
+  crypto_int64 a2 = 2097151 & (load_3(a + 5) >> 2);
+  crypto_int64 a3 = 2097151 & (load_4(a + 7) >> 7);
+  crypto_int64 a4 = 2097151 & (load_4(a + 10) >> 4);
+  crypto_int64 a5 = 2097151 & (load_3(a + 13) >> 1);
+  crypto_int64 a6 = 2097151 & (load_4(a + 15) >> 6);
+  crypto_int64 a7 = 2097151 & (load_3(a + 18) >> 3);
+  crypto_int64 a8 = 2097151 & load_3(a + 21);
+  crypto_int64 a9 = 2097151 & (load_4(a + 23) >> 5);
+  crypto_int64 a10 = 2097151 & (load_3(a + 26) >> 2);
+  crypto_int64 a11 = (load_4(a + 28) >> 7);
+  crypto_int64 b0 = 2097151 & load_3(b);
+  crypto_int64 b1 = 2097151 & (load_4(b + 2) >> 5);
+  crypto_int64 b2 = 2097151 & (load_3(b + 5) >> 2);
+  crypto_int64 b3 = 2097151 & (load_4(b + 7) >> 7);
+  crypto_int64 b4 = 2097151 & (load_4(b + 10) >> 4);
+  crypto_int64 b5 = 2097151 & (load_3(b + 13) >> 1);
+  crypto_int64 b6 = 2097151 & (load_4(b + 15) >> 6);
+  crypto_int64 b7 = 2097151 & (load_3(b + 18) >> 3);
+  crypto_int64 b8 = 2097151 & load_3(b + 21);
+  crypto_int64 b9 = 2097151 & (load_4(b + 23) >> 5);
+  crypto_int64 b10 = 2097151 & (load_3(b + 26) >> 2);
+  crypto_int64 b11 = (load_4(b + 28) >> 7);
+  crypto_int64 c0 = 2097151 & load_3(c);
+  crypto_int64 c1 = 2097151 & (load_4(c + 2) >> 5);
+  crypto_int64 c2 = 2097151 & (load_3(c + 5) >> 2);
+  crypto_int64 c3 = 2097151 & (load_4(c + 7) >> 7);
+  crypto_int64 c4 = 2097151 & (load_4(c + 10) >> 4);
+  crypto_int64 c5 = 2097151 & (load_3(c + 13) >> 1);
+  crypto_int64 c6 = 2097151 & (load_4(c + 15) >> 6);
+  crypto_int64 c7 = 2097151 & (load_3(c + 18) >> 3);
+  crypto_int64 c8 = 2097151 & load_3(c + 21);
+  crypto_int64 c9 = 2097151 & (load_4(c + 23) >> 5);
+  crypto_int64 c10 = 2097151 & (load_3(c + 26) >> 2);
+  crypto_int64 c11 = (load_4(c + 28) >> 7);
+  crypto_int64 s0;
+  crypto_int64 s1;
+  crypto_int64 s2;
+  crypto_int64 s3;
+  crypto_int64 s4;
+  crypto_int64 s5;
+  crypto_int64 s6;
+  crypto_int64 s7;
+  crypto_int64 s8;
+  crypto_int64 s9;
+  crypto_int64 s10;
+  crypto_int64 s11;
+  crypto_int64 s12;
+  crypto_int64 s13;
+  crypto_int64 s14;
+  crypto_int64 s15;
+  crypto_int64 s16;
+  crypto_int64 s17;
+  crypto_int64 s18;
+  crypto_int64 s19;
+  crypto_int64 s20;
+  crypto_int64 s21;
+  crypto_int64 s22;
+  crypto_int64 s23;
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+  crypto_int64 carry10;
+  crypto_int64 carry11;
+  crypto_int64 carry12;
+  crypto_int64 carry13;
+  crypto_int64 carry14;
+  crypto_int64 carry15;
+  crypto_int64 carry16;
+  crypto_int64 carry17;
+  crypto_int64 carry18;
+  crypto_int64 carry19;
+  crypto_int64 carry20;
+  crypto_int64 carry21;
+  crypto_int64 carry22;
+
+  s0 = c0 + a0*b0;
+  s1 = c1 + a0*b1 + a1*b0;
+  s2 = c2 + a0*b2 + a1*b1 + a2*b0;
+  s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
+  s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
+  s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
+  s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
+  s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
+  s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
+  s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
+  s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
+  s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
+  s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
+  s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
+  s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
+  s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
+  s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
+  s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
+  s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
+  s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
+  s20 = a9*b11 + a10*b10 + a11*b9;
+  s21 = a10*b11 + a11*b10;
+  s22 = a11*b11;
+  s23 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= SHL64(carry12,21);
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= SHL64(carry14,21);
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= SHL64(carry16,21);
+  carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= SHL64(carry18,21);
+  carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= SHL64(carry20,21);
+  carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= SHL64(carry22,21);
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= SHL64(carry13,21);
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= SHL64(carry15,21);
+  carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= SHL64(carry17,21);
+  carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= SHL64(carry19,21);
+  carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= SHL64(carry21,21);
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= SHL64(carry12,21);
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= SHL64(carry14,21);
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= SHL64(carry16,21);
+
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= SHL64(carry13,21);
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= SHL64(carry15,21);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry1 = s1 >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry2 = s2 >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry3 = s3 >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry4 = s4 >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry5 = s5 >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry6 = s6 >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry7 = s7 >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry8 = s8 >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry9 = s9 >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry10 = s10 >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+  carry11 = s11 >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry1 = s1 >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry2 = s2 >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry3 = s3 >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry4 = s4 >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry5 = s5 >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry6 = s6 >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry7 = s7 >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry8 = s8 >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry9 = s9 >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry10 = s10 >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | SHL64(s1,5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | SHL64(s2,2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | SHL64(s3,7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | SHL64(s4,4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | SHL64(s5,1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | SHL64(s6,6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | SHL64(s7,3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | SHL64(s9,5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | SHL64(s10,2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | SHL64(s11,7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+}
diff --git a/src/ext/ed25519/ref10/sc_reduce.c b/src/ext/ed25519/ref10/sc_reduce.c
new file mode 100644
index 0000000000..c5afa53741
--- /dev/null
+++ b/src/ext/ed25519/ref10/sc_reduce.c
@@ -0,0 +1,275 @@
+#include "sc.h"
+#include "crypto_int64.h"
+#include "crypto_uint32.h"
+#include "crypto_uint64.h"
+
+static crypto_uint64 load_3(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  return result;
+}
+
+static crypto_uint64 load_4(const unsigned char *in)
+{
+  crypto_uint64 result;
+  result = (crypto_uint64) in[0];
+  result |= ((crypto_uint64) in[1]) << 8;
+  result |= ((crypto_uint64) in[2]) << 16;
+  result |= ((crypto_uint64) in[3]) << 24;
+  return result;
+}
+
+/*
+Input:
+  s[0]+256*s[1]+...+256^63*s[63] = s
+
+Output:
+  s[0]+256*s[1]+...+256^31*s[31] = s mod l
+  where l = 2^252 + 27742317777372353535851937790883648493.
+  Overwrites s in place.
+*/
+
+void sc_reduce(unsigned char *s)
+{
+  crypto_int64 s0 = 2097151 & load_3(s);
+  crypto_int64 s1 = 2097151 & (load_4(s + 2) >> 5);
+  crypto_int64 s2 = 2097151 & (load_3(s + 5) >> 2);
+  crypto_int64 s3 = 2097151 & (load_4(s + 7) >> 7);
+  crypto_int64 s4 = 2097151 & (load_4(s + 10) >> 4);
+  crypto_int64 s5 = 2097151 & (load_3(s + 13) >> 1);
+  crypto_int64 s6 = 2097151 & (load_4(s + 15) >> 6);
+  crypto_int64 s7 = 2097151 & (load_3(s + 18) >> 3);
+  crypto_int64 s8 = 2097151 & load_3(s + 21);
+  crypto_int64 s9 = 2097151 & (load_4(s + 23) >> 5);
+  crypto_int64 s10 = 2097151 & (load_3(s + 26) >> 2);
+  crypto_int64 s11 = 2097151 & (load_4(s + 28) >> 7);
+  crypto_int64 s12 = 2097151 & (load_4(s + 31) >> 4);
+  crypto_int64 s13 = 2097151 & (load_3(s + 34) >> 1);
+  crypto_int64 s14 = 2097151 & (load_4(s + 36) >> 6);
+  crypto_int64 s15 = 2097151 & (load_3(s + 39) >> 3);
+  crypto_int64 s16 = 2097151 & load_3(s + 42);
+  crypto_int64 s17 = 2097151 & (load_4(s + 44) >> 5);
+  crypto_int64 s18 = 2097151 & (load_3(s + 47) >> 2);
+  crypto_int64 s19 = 2097151 & (load_4(s + 49) >> 7);
+  crypto_int64 s20 = 2097151 & (load_4(s + 52) >> 4);
+  crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
+  crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
+  crypto_int64 s23 = (load_4(s + 60) >> 3);
+  crypto_int64 carry0;
+  crypto_int64 carry1;
+  crypto_int64 carry2;
+  crypto_int64 carry3;
+  crypto_int64 carry4;
+  crypto_int64 carry5;
+  crypto_int64 carry6;
+  crypto_int64 carry7;
+  crypto_int64 carry8;
+  crypto_int64 carry9;
+  crypto_int64 carry10;
+  crypto_int64 carry11;
+  crypto_int64 carry12;
+  crypto_int64 carry13;
+  crypto_int64 carry14;
+  crypto_int64 carry15;
+  crypto_int64 carry16;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= SHL64(carry12,21);
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= SHL64(carry14,21);
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= SHL64(carry16,21);
+
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= SHL64(carry13,21);
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= SHL64(carry15,21);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry1 = s1 >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry2 = s2 >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry3 = s3 >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry4 = s4 >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry5 = s5 >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry6 = s6 >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry7 = s7 >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry8 = s8 >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry9 = s9 >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry10 = s10 >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+  carry11 = s11 >> 21; s12 += carry11; s11 -= SHL64(carry11,21);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= SHL64(carry0,21);
+  carry1 = s1 >> 21; s2 += carry1; s1 -= SHL64(carry1,21);
+  carry2 = s2 >> 21; s3 += carry2; s2 -= SHL64(carry2,21);
+  carry3 = s3 >> 21; s4 += carry3; s3 -= SHL64(carry3,21);
+  carry4 = s4 >> 21; s5 += carry4; s4 -= SHL64(carry4,21);
+  carry5 = s5 >> 21; s6 += carry5; s5 -= SHL64(carry5,21);
+  carry6 = s6 >> 21; s7 += carry6; s6 -= SHL64(carry6,21);
+  carry7 = s7 >> 21; s8 += carry7; s7 -= SHL64(carry7,21);
+  carry8 = s8 >> 21; s9 += carry8; s8 -= SHL64(carry8,21);
+  carry9 = s9 >> 21; s10 += carry9; s9 -= SHL64(carry9,21);
+  carry10 = s10 >> 21; s11 += carry10; s10 -= SHL64(carry10,21);
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | SHL64(s1,5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | SHL64(s2,2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | SHL64(s3,7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | SHL64(s4,4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | SHL64(s5,1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | SHL64(s6,6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | SHL64(s7,3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | SHL64(s9,5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | SHL64(s10,2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | SHL64(s11,7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+}
diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c
new file mode 100644
index 0000000000..1190a0fc99
--- /dev/null
+++ b/src/ext/ed25519/ref10/sign.c
@@ -0,0 +1,29 @@
+/* (Modified by Tor to generate detached signatures.) */
+#include <string.h>
+#include "crypto_sign.h"
+#include "crypto_hash_sha512.h"
+#include "ge.h"
+#include "sc.h"
+
+int crypto_sign(
+  unsigned char *sig,
+  const unsigned char *m, size_t mlen,
+  const unsigned char *sk,const unsigned char *pk
+)
+{
+  unsigned char nonce[64];
+  unsigned char hram[64];
+  ge_p3 R;
+
+  crypto_hash_sha512_2(nonce, sk+32, 32, m, mlen);
+
+  sc_reduce(nonce);
+  ge_scalarmult_base(&R,nonce);
+  ge_p3_tobytes(sig,&R);
+
+  crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen);
+  sc_reduce(hram);
+  sc_muladd(sig + 32,hram,sk,nonce);
+
+  return 0;
+}
diff --git a/src/ext/ed25519/ref10/sqrtm1.h b/src/ext/ed25519/ref10/sqrtm1.h
new file mode 100644
index 0000000000..d8caa23b6a
--- /dev/null
+++ b/src/ext/ed25519/ref10/sqrtm1.h
@@ -0,0 +1 @@
+-32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
diff --git a/src/ext/ed25519/ref10/sqrtm1.py b/src/ext/ed25519/ref10/sqrtm1.py
new file mode 100644
index 0000000000..9a47fbc12a
--- /dev/null
+++ b/src/ext/ed25519/ref10/sqrtm1.py
@@ -0,0 +1,28 @@
+q = 2**255 - 19
+
+def expmod(b,e,m):
+  if e == 0: return 1
+  t = expmod(b,e/2,m)**2 % m
+  if e & 1: t = (t*b) % m
+  return t
+
+def inv(x):
+  return expmod(x,q-2,q)
+
+def radix255(x):
+  x = x % q
+  if x + x > q: x -= q
+  x = [x,0,0,0,0,0,0,0,0,0]
+  bits = [26,25,26,25,26,25,26,25,26,25]
+  for i in range(9):
+    carry = (x[i] + 2**(bits[i]-1)) / 2**bits[i]
+    x[i] -= carry * 2**bits[i]
+    x[i + 1] += carry
+  result = ""
+  for i in range(9):
+    result = result+str(x[i])+","
+  result = result+str(x[9])
+  return result
+
+I = expmod(2,(q-1)/4,q)
+print radix255(I)
diff --git a/src/ext/eventdns.c b/src/ext/eventdns.c
index 2b2988f1ec..fc5657cbb4 100644
--- a/src/ext/eventdns.c
+++ b/src/ext/eventdns.c
@@ -37,7 +37,7 @@
  */
 
 #include "eventdns_tor.h"
-#include "../common/util.h"
+#include "util.h"
 #include <sys/types.h>
 /* #define NDEBUG */
 
@@ -388,7 +388,7 @@ debug_ntoa(u32 address)
 {
 	static char buf[32];
 	u32 a = ntohl(address);
-	snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
+	tor_snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
 			(int)(u8)((a>>24)&0xff),
 			(int)(u8)((a>>16)&0xff),
 			(int)(u8)((a>>8 )&0xff),
@@ -436,12 +436,7 @@ evdns_log(int warn, const char *fmt, ...)
 	if (!evdns_log_fn)
 		return;
 	va_start(args,fmt);
-#ifdef _WIN32
-	_vsnprintf(buf, sizeof(buf), fmt, args);
-#else
-	vsnprintf(buf, sizeof(buf), fmt, args);
-#endif
-	buf[sizeof(buf)-1] = '\0';
+	tor_vsnprintf(buf, sizeof(buf), fmt, args);
 	evdns_log_fn(warn, buf);
 	va_end(args);
 }
@@ -762,7 +757,7 @@ reply_handle(struct evdns_request *const req, u16 flags, u32 ttl, struct reply *
 			/* we regard these errors as marking a bad nameserver */
 			if (req->reissue_count < global_max_reissues) {
 				char msg[64];
-				snprintf(msg, sizeof(msg), "Bad response %d (%s)",
+				tor_snprintf(msg, sizeof(msg), "Bad response %d (%s)",
 						 error, evdns_err_to_string(error));
 				nameserver_failed(req->ns, msg);
 				if (!request_reissue(req)) return;
@@ -805,7 +800,7 @@ reply_handle(struct evdns_request *const req, u16 flags, u32 ttl, struct reply *
 	}
 }
 
-static INLINE int
+static inline int
 name_parse(u8 *packet, int length, int *idx, char *name_out, size_t name_out_len) {
 	int name_end = -1;
 	int j = *idx;
@@ -1705,7 +1700,7 @@ evdns_server_request_add_ptr_reply(struct evdns_server_request *req, struct in_a
 	assert(!(in && inaddr_name));
 	if (in) {
 		a = ntohl(in->s_addr);
-		snprintf(buf, sizeof(buf), "%d.%d.%d.%d.in-addr.arpa",
+		tor_snprintf(buf, sizeof(buf), "%d.%d.%d.%d.in-addr.arpa",
 				(int)(u8)((a	)&0xff),
 				(int)(u8)((a>>8 )&0xff),
 				(int)(u8)((a>>16)&0xff),
@@ -2638,7 +2633,7 @@ int evdns_resolve_reverse(const struct in_addr *in, int flags, evdns_callback_ty
 	u32 a;
 	assert(in);
 	a = ntohl(in->s_addr);
-	snprintf(buf, sizeof(buf), "%d.%d.%d.%d.in-addr.arpa",
+	tor_snprintf(buf, sizeof(buf), "%d.%d.%d.%d.in-addr.arpa",
 			(int)(u8)((a	)&0xff),
 			(int)(u8)((a>>8 )&0xff),
 			(int)(u8)((a>>16)&0xff),
diff --git a/src/ext/ht.h b/src/ext/ht.h
index 838710784f..28d1fe49d5 100644
--- a/src/ext/ht.h
+++ b/src/ext/ht.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2002, Christopher Clark.
  * Copyright (c) 2005-2006, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See license at end. */
 
 /* Based on ideas by Christopher Clark and interfaces from Niels Provos. */
@@ -38,8 +38,9 @@
   }
 #endif
 
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
 #define HT_EMPTY(head)                          \
-  ((head)->hth_n_entries == 0)
+  (((head)->hth_n_entries == 0) || 0)
 
 /* How many elements in 'head'? */
 #define HT_SIZE(head)                           \
@@ -60,7 +61,7 @@
 #define HT_INIT(name, head)          name##_HT_INIT(head)
 #define HT_REP_IS_BAD_(name, head)    name##_HT_REP_IS_BAD_(head)
 /* Helper: */
-static INLINE unsigned
+static inline unsigned
 ht_improve_hash(unsigned h)
 {
   /* Aim to protect against poor hash functions by adding logic here
@@ -74,7 +75,7 @@ ht_improve_hash(unsigned h)
 
 #if 0
 /** Basic string hash function, from Java standard String.hashCode(). */
-static INLINE unsigned
+static inline unsigned
 ht_string_hash(const char *s)
 {
   unsigned h = 0;
@@ -89,7 +90,7 @@ ht_string_hash(const char *s)
 
 #if 0
 /** Basic string hash function, from Python's str.__hash__() */
-static INLINE unsigned
+static inline unsigned
 ht_string_hash(const char *s)
 {
   unsigned h;
@@ -120,21 +121,29 @@ ht_string_hash(const char *s)
         ((void)0)
 #endif
 
+#define HT_BUCKET_NUM_(head, field, elm, hashfn)                        \
+  (HT_ELT_HASH_(elm,field,hashfn) % head->hth_table_length)
+
 /* Helper: alias for the bucket containing 'elm'. */
 #define HT_BUCKET_(head, field, elm, hashfn)                            \
-    ((head)->hth_table[HT_ELT_HASH_(elm,field,hashfn)                   \
-        % head->hth_table_length])
+  ((head)->hth_table[HT_BUCKET_NUM_(head, field, elm, hashfn)])
 
 #define HT_FOREACH(x, name, head)                 \
   for ((x) = HT_START(name, head);                \
        (x) != NULL;                               \
        (x) = HT_NEXT(name, head, x))
 
+#ifndef HT_NDEBUG
+#define HT_ASSERT_(x) tor_assert(x)
+#else
+#define HT_ASSERT_(x) (void)0
+#endif
+
 #define HT_PROTOTYPE(name, type, field, hashfn, eqfn)                   \
   int name##_HT_GROW(struct name *ht, unsigned min_capacity);           \
   void name##_HT_CLEAR(struct name *ht);                                \
   int name##_HT_REP_IS_BAD_(const struct name *ht);                     \
-  static INLINE void                                                    \
+  static inline void                                                    \
   name##_HT_INIT(struct name *head) {                                   \
     head->hth_table_length = 0;                                         \
     head->hth_table = NULL;                                             \
@@ -144,7 +153,7 @@ ht_string_hash(const char *s)
   }                                                                     \
   /* Helper: returns a pointer to the right location in the table       \
    * 'head' to find or insert the element 'elm'. */                     \
-  static INLINE struct type **                                          \
+  static inline struct type **                                          \
   name##_HT_FIND_P_(struct name *head, struct type *elm)                \
   {                                                                     \
     struct type **p;                                                    \
@@ -160,7 +169,7 @@ ht_string_hash(const char *s)
   }                                                                     \
   /* Return a pointer to the element in the table 'head' matching 'elm', \
    * or NULL if no such element exists */                               \
-  ATTR_UNUSED static INLINE struct type *                               \
+  ATTR_UNUSED static inline struct type *                               \
   name##_HT_FIND(const struct name *head, struct type *elm)             \
   {                                                                     \
     struct type **p;                                                    \
@@ -171,7 +180,7 @@ ht_string_hash(const char *s)
   }                                                                     \
   /* Insert the element 'elm' into the table 'head'.  Do not call this  \
    * function if the table might already contain a matching element. */ \
-  ATTR_UNUSED static INLINE void                                        \
+  ATTR_UNUSED static inline void                                        \
   name##_HT_INSERT(struct name *head, struct type *elm)                 \
   {                                                                     \
     struct type **p;                                                    \
@@ -186,7 +195,7 @@ ht_string_hash(const char *s)
   /* Insert the element 'elm' into the table 'head'. If there already   \
    * a matching element in the table, replace that element and return   \
    * it. */                                                             \
-  ATTR_UNUSED static INLINE struct type *                               \
+  ATTR_UNUSED static inline struct type *                               \
   name##_HT_REPLACE(struct name *head, struct type *elm)                \
   {                                                                     \
     struct type **p, *r;                                                \
@@ -207,7 +216,7 @@ ht_string_hash(const char *s)
   }                                                                     \
   /* Remove any element matching 'elm' from the table 'head'.  If such  \
    * an element is found, return it; otherwise return NULL. */          \
-  ATTR_UNUSED static INLINE struct type *                               \
+  ATTR_UNUSED static inline struct type *                               \
   name##_HT_REMOVE(struct name *head, struct type *elm)                 \
   {                                                                     \
     struct type **p, *r;                                                \
@@ -225,7 +234,7 @@ ht_string_hash(const char *s)
    * using 'data' as its second argument.  If the function returns      \
    * nonzero, remove the most recently examined element before invoking \
    * the function again. */                                             \
-  ATTR_UNUSED static INLINE void                                        \
+  ATTR_UNUSED static inline void                                        \
   name##_HT_FOREACH_FN(struct name *head,                               \
                        int (*fn)(struct type *, void *),                \
                        void *data)                                      \
@@ -251,13 +260,16 @@ ht_string_hash(const char *s)
   /* Return a pointer to the first element in the table 'head', under   \
    * an arbitrary order.  This order is stable under remove operations, \
    * but not under others. If the table is empty, return NULL. */       \
-  ATTR_UNUSED static INLINE struct type **                              \
+  ATTR_UNUSED static inline struct type **                              \
   name##_HT_START(struct name *head)                                    \
   {                                                                     \
     unsigned b = 0;                                                     \
     while (b < head->hth_table_length) {                                \
-      if (head->hth_table[b])                                           \
+      if (head->hth_table[b]) {                                         \
+        HT_ASSERT_(b ==                                                 \
+                HT_BUCKET_NUM_(head,field,head->hth_table[b],hashfn));  \
         return &head->hth_table[b];                                     \
+      }                                                                 \
       ++b;                                                              \
     }                                                                   \
     return NULL;                                                        \
@@ -267,23 +279,27 @@ ht_string_hash(const char *s)
    * NULL.  If 'elm' is to be removed from the table, you must call     \
    * this function for the next value before you remove it.             \
    */                                                                   \
-  ATTR_UNUSED static INLINE struct type **                              \
+  ATTR_UNUSED static inline struct type **                              \
   name##_HT_NEXT(struct name *head, struct type **elm)                  \
   {                                                                     \
     if ((*elm)->field.hte_next) {                                       \
+      HT_ASSERT_(HT_BUCKET_NUM_(head,field,*elm,hashfn) ==              \
+             HT_BUCKET_NUM_(head,field,(*elm)->field.hte_next,hashfn)); \
       return &(*elm)->field.hte_next;                                   \
     } else {                                                            \
-      unsigned b = (HT_ELT_HASH_(*elm, field, hashfn)                   \
-      % head->hth_table_length)+1;                                      \
+      unsigned b = HT_BUCKET_NUM_(head,field,*elm,hashfn)+1;            \
       while (b < head->hth_table_length) {                              \
-        if (head->hth_table[b])                                         \
+        if (head->hth_table[b]) {                                       \
+          HT_ASSERT_(b ==                                               \
+                 HT_BUCKET_NUM_(head,field,head->hth_table[b],hashfn)); \
           return &head->hth_table[b];                                   \
+        }                                                               \
         ++b;                                                            \
       }                                                                 \
       return NULL;                                                      \
     }                                                                   \
   }                                                                     \
-  ATTR_UNUSED static INLINE struct type **                              \
+  ATTR_UNUSED static inline struct type **                              \
   name##_HT_NEXT_RMV(struct name *head, struct type **elm)              \
   {                                                                     \
     unsigned h = HT_ELT_HASH_(*elm, field, hashfn);                     \
@@ -302,8 +318,8 @@ ht_string_hash(const char *s)
     }                                                                   \
   }
 
-#define HT_GENERATE(name, type, field, hashfn, eqfn, load, mallocfn,    \
-                    reallocfn, freefn)                                  \
+#define HT_GENERATE2(name, type, field, hashfn, eqfn, load, reallocarrayfn, \
+                     freefn)                                            \
   /* Primes that aren't too far from powers of two. We stop at */       \
   /* P=402653189 because P*sizeof(void*) is less than SSIZE_MAX */      \
   /* even on a 32-bit platform. */                                      \
@@ -336,7 +352,7 @@ ht_string_hash(const char *s)
       new_load_limit = (unsigned)(load*new_len);                        \
     } while (new_load_limit <= size &&                                  \
              prime_idx < (int)name##_N_PRIMES);                         \
-    if ((new_table = mallocfn(new_len*sizeof(struct type*)))) {         \
+    if ((new_table = reallocarrayfn(NULL, new_len, sizeof(struct type*)))) { \
       unsigned b;                                                       \
       memset(new_table, 0, new_len*sizeof(struct type*));               \
       for (b = 0; b < head->hth_table_length; ++b) {                    \
@@ -356,7 +372,7 @@ ht_string_hash(const char *s)
       head->hth_table = new_table;                                      \
     } else {                                                            \
       unsigned b, b2;                                                   \
-      new_table = reallocfn(head->hth_table, new_len*sizeof(struct type*)); \
+      new_table = reallocarrayfn(head->hth_table, new_len, sizeof(struct type*)); \
       if (!new_table) return -1;                                        \
       memset(new_table + head->hth_table_length, 0,                     \
              (new_len - head->hth_table_length)*sizeof(struct type*));  \
@@ -417,7 +433,7 @@ ht_string_hash(const char *s)
       for (elm = head->hth_table[i]; elm; elm = elm->field.hte_next) {  \
         if (HT_ELT_HASH_(elm, field, hashfn) != hashfn(elm))            \
           return 1000 + i;                                              \
-        if ((HT_ELT_HASH_(elm, field, hashfn) % head->hth_table_length) != i) \
+        if (HT_BUCKET_NUM_(head,field,elm,hashfn) != i)                 \
           return 10000 + i;                                             \
         ++n;                                                            \
       }                                                                 \
@@ -427,6 +443,21 @@ ht_string_hash(const char *s)
     return 0;                                                           \
   }
 
+#define HT_GENERATE(name, type, field, hashfn, eqfn, load, mallocfn,    \
+                    reallocfn, freefn)                                  \
+  static void *                                                         \
+  name##_reallocarray(void *arg, size_t a, size_t b)                    \
+  {                                                                     \
+    if ((b) && (a) > SIZE_MAX / (b))                                    \
+      return NULL;                                                      \
+    if (arg)                                                            \
+      return reallocfn((arg),(a)*(b));                                  \
+    else                                                                \
+      return mallocfn((a)*(b));                                         \
+  }                                                                     \
+  HT_GENERATE2(name, type, field, hashfn, eqfn, load,                   \
+               name##_reallocarray, freefn)
+
 /** Implements an over-optimized "find and insert if absent" block;
  * not meant for direct usage by typical code, or usage outside the critical
  * path.*/
diff --git a/src/ext/include.am b/src/ext/include.am
index 26e194e88e..bf678f2c9d 100644
--- a/src/ext/include.am
+++ b/src/ext/include.am
@@ -7,6 +7,7 @@ EXTHEADERS = \
   src/ext/ht.h		\
   src/ext/eventdns.h	\
   src/ext/tinytest.h	\
+  src/ext/tor_readpassphrase.h \
   src/ext/strlcat.c	\
   src/ext/strlcpy.c	\
   src/ext/tinytest_macros.h \
@@ -15,4 +16,135 @@ EXTHEADERS = \
 
 noinst_HEADERS+= $(EXTHEADERS)
 
+src_ext_ed25519_ref10_libed25519_ref10_a_CFLAGS=
+
+src_ext_ed25519_ref10_libed25519_ref10_a_SOURCES= \
+	src/ext/ed25519/ref10/fe_0.c \
+	src/ext/ed25519/ref10/fe_1.c \
+	src/ext/ed25519/ref10/fe_add.c \
+	src/ext/ed25519/ref10/fe_cmov.c \
+	src/ext/ed25519/ref10/fe_copy.c \
+	src/ext/ed25519/ref10/fe_frombytes.c \
+	src/ext/ed25519/ref10/fe_invert.c \
+	src/ext/ed25519/ref10/fe_isnegative.c \
+	src/ext/ed25519/ref10/fe_isnonzero.c \
+	src/ext/ed25519/ref10/fe_mul.c \
+	src/ext/ed25519/ref10/fe_neg.c \
+	src/ext/ed25519/ref10/fe_pow22523.c \
+	src/ext/ed25519/ref10/fe_sq.c \
+	src/ext/ed25519/ref10/fe_sq2.c \
+	src/ext/ed25519/ref10/fe_sub.c \
+	src/ext/ed25519/ref10/fe_tobytes.c \
+	src/ext/ed25519/ref10/ge_add.c \
+	src/ext/ed25519/ref10/ge_double_scalarmult.c \
+	src/ext/ed25519/ref10/ge_frombytes.c \
+	src/ext/ed25519/ref10/ge_madd.c \
+	src/ext/ed25519/ref10/ge_msub.c \
+	src/ext/ed25519/ref10/ge_p1p1_to_p2.c \
+	src/ext/ed25519/ref10/ge_p1p1_to_p3.c \
+	src/ext/ed25519/ref10/ge_p2_0.c \
+	src/ext/ed25519/ref10/ge_p2_dbl.c \
+	src/ext/ed25519/ref10/ge_p3_0.c \
+	src/ext/ed25519/ref10/ge_p3_dbl.c \
+	src/ext/ed25519/ref10/ge_p3_to_cached.c \
+	src/ext/ed25519/ref10/ge_p3_to_p2.c \
+	src/ext/ed25519/ref10/ge_p3_tobytes.c \
+	src/ext/ed25519/ref10/ge_precomp_0.c \
+	src/ext/ed25519/ref10/ge_scalarmult_base.c \
+	src/ext/ed25519/ref10/ge_sub.c \
+	src/ext/ed25519/ref10/ge_tobytes.c \
+	src/ext/ed25519/ref10/keypair.c \
+	src/ext/ed25519/ref10/open.c \
+	src/ext/ed25519/ref10/sc_muladd.c \
+	src/ext/ed25519/ref10/sc_reduce.c \
+	src/ext/ed25519/ref10/sign.c \
+	src/ext/ed25519/ref10/keyconv.c \
+	src/ext/ed25519/ref10/blinding.c
+
+ED25519_REF10_HDRS = \
+	src/ext/ed25519/ref10/api.h \
+	src/ext/ed25519/ref10/base.h \
+	src/ext/ed25519/ref10/base2.h \
+	src/ext/ed25519/ref10/crypto_hash_sha512.h \
+	src/ext/ed25519/ref10/crypto_int32.h \
+	src/ext/ed25519/ref10/crypto_int64.h \
+	src/ext/ed25519/ref10/crypto_sign.h \
+	src/ext/ed25519/ref10/crypto_uint32.h \
+	src/ext/ed25519/ref10/crypto_uint64.h \
+	src/ext/ed25519/ref10/crypto_verify_32.h \
+	src/ext/ed25519/ref10/d.h \
+	src/ext/ed25519/ref10/d2.h \
+	src/ext/ed25519/ref10/ed25519_ref10.h \
+	src/ext/ed25519/ref10/fe.h \
+	src/ext/ed25519/ref10/ge.h \
+	src/ext/ed25519/ref10/ge_add.h \
+	src/ext/ed25519/ref10/ge_madd.h \
+	src/ext/ed25519/ref10/ge_msub.h \
+	src/ext/ed25519/ref10/ge_p2_dbl.h \
+	src/ext/ed25519/ref10/ge_sub.h \
+	src/ext/ed25519/ref10/pow22523.h \
+	src/ext/ed25519/ref10/pow225521.h \
+	src/ext/ed25519/ref10/randombytes.h \
+	src/ext/ed25519/ref10/sc.h \
+	src/ext/ed25519/ref10/sqrtm1.h
+
+noinst_HEADERS += $(ED25519_REF10_HDRS)
+
+LIBED25519_REF10=src/ext/ed25519/ref10/libed25519_ref10.a
+noinst_LIBRARIES += $(LIBED25519_REF10)
+
+src_ext_ed25519_donna_libed25519_donna_a_CFLAGS= \
+  -DED25519_CUSTOMRANDOM \
+  -DED25519_SUFFIX=_donna
+
+src_ext_ed25519_donna_libed25519_donna_a_SOURCES= \
+	src/ext/ed25519/donna/ed25519_tor.c
+
+ED25519_DONNA_HDRS = \
+	src/ext/ed25519/donna/curve25519-donna-32bit.h \
+	src/ext/ed25519/donna/curve25519-donna-64bit.h \
+	src/ext/ed25519/donna/curve25519-donna-helpers.h \
+	src/ext/ed25519/donna/curve25519-donna-sse2.h \
+	src/ext/ed25519/donna/ed25519-donna-32bit-sse2.h \
+	src/ext/ed25519/donna/ed25519-donna-32bit-tables.h \
+	src/ext/ed25519/donna/ed25519-donna-64bit-sse2.h \
+	src/ext/ed25519/donna/ed25519-donna-64bit-tables.h \
+	src/ext/ed25519/donna/ed25519-donna-64bit-x86-32bit.h \
+	src/ext/ed25519/donna/ed25519-donna-64bit-x86.h \
+	src/ext/ed25519/donna/ed25519-donna-basepoint-table.h \
+	src/ext/ed25519/donna/ed25519-donna-batchverify.h \
+	src/ext/ed25519/donna/ed25519-donna.h \
+	src/ext/ed25519/donna/ed25519-donna-impl-base.h \
+	src/ext/ed25519/donna/ed25519-donna-impl-sse2.h \
+	src/ext/ed25519/donna/ed25519-donna-portable.h \
+	src/ext/ed25519/donna/ed25519-donna-portable-identify.h \
+	src/ext/ed25519/donna/ed25519_donna_tor.h \
+	src/ext/ed25519/donna/ed25519.h \
+	src/ext/ed25519/donna/ed25519-hash-custom.h \
+	src/ext/ed25519/donna/ed25519-hash.h \
+	src/ext/ed25519/donna/ed25519-randombytes-custom.h \
+	src/ext/ed25519/donna/ed25519-randombytes.h \
+	src/ext/ed25519/donna/modm-donna-32bit.h \
+	src/ext/ed25519/donna/modm-donna-64bit.h \
+	src/ext/ed25519/donna/regression.h \
+	src/ext/ed25519/donna/test-ticks.h \
+	src/ext/ed25519/donna/test-internals.c
+
+noinst_HEADERS += $(ED25519_DONNA_HDRS)
+
+LIBED25519_DONNA=src/ext/ed25519/donna/libed25519_donna.a
+noinst_LIBRARIES += $(LIBED25519_DONNA)
+
+src_ext_keccak_tiny_libkeccak_tiny_a_CFLAGS=
+
+src_ext_keccak_tiny_libkeccak_tiny_a_SOURCES= \
+	src/ext/keccak-tiny/keccak-tiny-unrolled.c
+
+LIBKECCAK_TINY_HDRS = \
+	src/ext/keccak-tiny/keccak-tiny.h
+
+noinst_HEADERS += $(LIBKECCAK_TINY_HDRS)
+
+LIBKECCAK_TINY=src/ext/keccak-tiny/libkeccak-tiny.a
+noinst_LIBRARIES += $(LIBKECCAK_TINY)
 
diff --git a/src/ext/keccak-tiny/README.markdown b/src/ext/keccak-tiny/README.markdown
new file mode 100644
index 0000000000..784d6f6bdb
--- /dev/null
+++ b/src/ext/keccak-tiny/README.markdown
@@ -0,0 +1,82 @@
+# libkeccak-tiny
+
+An implementation of the FIPS-202-defined SHA-3 and SHAKE functions
+in 120 cloc (156 lines). One C file, one header.
+
+The `Keccak-f[1600]` permutation is fully unrolled; it's nearly as fast
+as the Keccak team's optimized permutation.
+
+## Building
+
+    > clang -O3 -march=native -std=c11 -Wextra -dynamic -shared keccak-tiny.c -o libkeccak-tiny.dylib
+
+If you don't have a modern libc that includes the `memset_s` function,
+you can just add `-D"memset_s(W,WL,V,OL)=memset(W,V,OL)` to the command
+line.
+
+## Using
+
+Build the library, include the header, and do, e.g.,
+
+    shake256(out, 256, in, inlen);
+
+That's it.
+
+(Note: You can request less output from the fixed-output-length
+functions, but not more.)
+
+## TweetShake
+
+The relevant tweets:
+
+```C
+// @hashbreaker Inspired by TweetNaCl!
+// Keccak and SHA-3 are supposedly hard to implement. So, how many tweets does it take to get to the center of a sponge...?
+#define decshake(bits) int shake##bits(unsigned char* o, unsigned long, unsigned char*, unsigned long);                   /*begin keccak.h*/
+#define decsha3(bits) int sha3_##bits(unsigned char*,unsigned long,unsigned char*,unsigned long);
+decshake(128) decshake(256) decsha3(224) decsha3(256) decsha3(384) decsha3(512)                                             /*end keccak.h*/
+#define K static const /* Keccak constants: rho rotations, pi lanes, and iota RCs */                                      /*begin keccak.c*/
+typedef unsigned char byte;typedef byte*bytes;typedef unsigned long z;typedef unsigned long long u8;K u8 V=1ULL<<63;K u8 W=1ULL<<31;/*!gcc*/
+#define V (1ULL<<63)
+#define W (1ULL<31)
+K byte rho[24]={1,3,6,10,15,21,28,36,45,55,2,14,27,41,56,8,25,43,62,18,39,61,20,44};K u8 RC[24]={1,0x8082,V|0x808a,V|W|0x8000,0x808b,W|1,V|W
+|0x8081,V|0x8009,138,136,W|0x8009,W|10,W|0x808b,V|0x8b,V|0x8089,V|0x8003,V|0x8002,V|0x80,0x800a,V|W|0xa,V|W|0x8081,V|0x8080,W|1,V|W|0x8008};
+K byte pi[25]={10,7,11,17,18,3,5,16,8,21,24,4,15,23,19,13,12,2,20,14,22,9,6,1}; /**helpers:*/static inline z min(z a,z b){return (a<b)?a:b;}
+#define ROL(x, s) /* rotary shift */ (((x) << s) | ((x) >> (64-s)))              /**macros to fully unroll the Keccak-f[1600] permutation:*/
+#define R24(e) /* repeat 24 times */ e e e e e e e e e e e e e e e e e e e e e e e e
+#define L5(v,s,e) /* 5-unroll a loop */ v=0; e; v+=s; e; v+=s; e; v+=s; e; v+=s; e; v+=s;                              /**the permutation:*/
+static inline void keccakf(u8* a){u8 b[5]={0};u8 t=0;byte x,y,i=0; /*24 rounds:*/R24( L5(x,1,b[x]=0;L5(y,5, /*parity*/ b[x] ^= a[x+y]))
+L5(x,1,L5(y,5,/*theta*/a[y+x] ^= b[(x+4)%5] ^ ROL(b[(x+1)%5],1))) t=a[1];x=0;R24(b[0]=a[pi[x]];/*rho*/a[pi[x]]=ROL(t, rho[x]);t=b[0];x++;)
+L5(y,5,L5(x,1, /*chi*/ b[x] = a[y+x]) L5(x,1, a[y+x] = b[x] ^ ~b[(x+1)%5] & b[(x+2)%5])) /*iota*/ a[0] ^= RC[i]; i++; )}     /**keccak-f!**/
+#define FOR(i, ST, L, S) /*obvious*/ do { for (z i = 0; i < L; i += ST) { S; } } while (0)   /**now, the sponge construction in hash mode**/
+#define appl(NAME, S) /*macro to define array comprehensions*/ static inline void NAME(bytes dst, bytes src, z len) { FOR(i, 1, len, S); }
+/*helpers:*/ static inline void clear(bytes a) { FOR(i,1,200,a[i]=0); } appl(xorin, dst[i] ^= src[i])  appl(set, src[i] = dst[i])
+#define foldP(I, L, F) /* macro to fold app P F */ while (L >= r) { /*apply F*/ F(a, I, r); /*permute*/ keccakf(A); I += r; L -= r; }
+static inline int hash(bytes o,z olen,bytes in,z ilen,z r,byte D){ if((o == (void*)0)||((in == (void*)0)&&ilen != 0)||(r >= 200))return -1;
+/*absorb*/u8 A[25]={0};bytes a=(bytes)A;/*full blocks*/foldP(in,ilen,xorin);/*last block*/xorin(a,in,ilen);/**ds+padstart*/a[ilen]^=D;
+/*padend:*/a[r-1]^=0x80; /**permute**/keccakf(A); /**squeeze:**/foldP(o,olen,set);/*last bytes*/set(a,o,olen);/*done!*/clear(a);return 0;}
+#define defshake(bits) int shake##bits(bytes o, z olen, bytes in, z ilen) {return hash(o,olen,in,ilen,200-(bits/4),0x1f);}
+#define defsha3(bits) int sha3_##bits(bytes o,z olen,bytes in,z ilen) {return hash(o,min(olen,200-(bits/4)),in,ilen,200-(bits/4),0x06);}
+/*define the SHA3 and SHAKE instances:*/defshake(128) defshake(256) defsha3(224) defsha3(256) defsha3(384) defsha3(512)/*end keccak.c*/
+// ...chomp. 24 kinda legible tweets (3232 bytes). And a simple interface: shake256(digest, digestlen, in, inlen)
+// Clang recommended. GCC users will need to insert "#define V (1ULL<<63)" and "#define W (1ULL<31)" at the point marked "/*!gcc*/"
+// If you're using as a prefix MAC, you MUST replace the body of "clear" with "memset_s(a, 200, 0, 200)" to avoid misoptimization.
+// @everyone_who_is_still_using_sha1 Please stop using SHA-1.
+// Oh, one more thing: a C11-threaded, memmapped shake256sum in 10 tweets. (Your libc may need a shim for C11 thread support.)
+// echo -n string stdio stdint fcntl sys/mman sys/stat sys/types unistd threads|tr ' ' \\n|xargs -n1 -I_ echo '#include <_.h>'
+#include "kcksum_tweet.h"
+#define E(LABEL, MSG) if (err != 0) { strerror_r(err, serr, 1024); fprintf(stderr, "%s: '%s' %s\n", serr, fn, MSG); goto LABEL;}
+static mtx_t iomtx;void h(void* v);void h(void* v){char* fn=(char*)v;int err=0;char serr[1024]={0};/*open file*/int fd=open(fn, O_RDONLY);
+err=!fd;E(ret,"couldn't be opened.");/*stat it*/struct stat stat;err=fstat(fd,&stat);E(close,"doesn't exist.");err=!!(stat.st_mode&S_IFDIR);
+E(close,"not a regular file.");z length=(size_t)stat.st_size;/*mmap the file*/bytes in=length?mmap(0,length,PROT_READ,MAP_SHARED,fd,0):NULL;
+if(length&&(in==MAP_FAILED)){E(close,"mmap-ing failed.");}byte out[64]={0};/*hash it*/shake256(out,64,in,length);length&&munmap(in,length);
+/*lock io*/mtx_lock(&iomtx);printf("SHAKE256('%s') = ", fn);FOR(i,1,64,printf("%02x",out[i]));printf("\n");mtx_unlock(&iomtx);/*unlock io*/
+close:close(fd);ret:thrd_exit(err);}int main(int argc,char** argv){int err=0; mtx_init(&iomtx, mtx_plain); thrd_t t[4]; int res[4],i,j,k;
+for(i=1;i<argc;i+=4){for(j=0;j<4;j++){if((j+i)==argc){/*out of files*/goto join;} /*spawn*/ thrd_create(t + j,h,argv[i + j]);}
+join: for (k = 0; k < j; k++) { /*wait*/ err |= thrd_join(t[k], res + k); err |= res[k];} } mtx_destroy(&iomtx); return err; } /* done! */
+```
+
+
+## License
+
+[CC0](http://creativecommons.org/publicdomain/zero/1.0/)
diff --git a/src/ext/keccak-tiny/do.sh b/src/ext/keccak-tiny/do.sh
new file mode 100644
index 0000000000..cf99f249e7
--- /dev/null
+++ b/src/ext/keccak-tiny/do.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+cc=$(which clang-3.6||which gcc-4.9||which clang||||which gcc)
+so=$(test -f /etc/asl.conf && printf dylib|| printf so)
+$cc "-Dinline=__attribute__((__always_inline__))" -O3 -march=native -std=c11 -Wextra -Wpedantic -Wall -dynamic -shared keccak-tiny.c -o libkeccak-tiny.$so
+$cc -Os -march=native -std=c11 -Wextra -Wpedantic -Wall -dynamic -shared keccak-tiny.c -o libkeccak-tiny-small.$so
diff --git a/src/ext/keccak-tiny/keccak-tiny-unrolled.c b/src/ext/keccak-tiny/keccak-tiny-unrolled.c
new file mode 100644
index 0000000000..d1342c3601
--- /dev/null
+++ b/src/ext/keccak-tiny/keccak-tiny-unrolled.c
@@ -0,0 +1,398 @@
+/** libkeccak-tiny
+ *
+ * A single-file implementation of SHA-3 and SHAKE.
+ *
+ * Implementor: David Leon Gil
+ * License: CC0, attribution kindly requested. Blame taken too,
+ * but not liability.
+ */
+#include "keccak-tiny.h"
+
+#include <string.h>
+#include "crypto.h"
+
+/******** Endianness conversion helpers ********/
+
+static inline uint64_t
+loadu64le(const unsigned char *x) {
+  uint64_t r = 0;
+  size_t i;
+
+  for (i = 0; i < 8; ++i) {
+    r |= (uint64_t)x[i] << 8 * i;
+  }
+  return r;
+}
+
+static inline void
+storeu64le(uint8_t *x, uint64_t u) {
+  size_t i;
+
+  for(i=0; i<8; ++i) {
+    x[i] = u;
+    u >>= 8;
+  }
+}
+
+/******** The Keccak-f[1600] permutation ********/
+
+/*** Constants. ***/
+static const uint8_t rho[24] = \
+  { 1,  3,   6, 10, 15, 21,
+    28, 36, 45, 55,  2, 14,
+    27, 41, 56,  8, 25, 43,
+    62, 18, 39, 61, 20, 44};
+static const uint8_t pi[24] = \
+  {10,  7, 11, 17, 18, 3,
+    5, 16,  8, 21, 24, 4,
+   15, 23, 19, 13, 12, 2,
+   20, 14, 22,  9, 6,  1};
+static const uint64_t RC[24] = \
+  {1ULL, 0x8082ULL, 0x800000000000808aULL, 0x8000000080008000ULL,
+   0x808bULL, 0x80000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL,
+   0x8aULL, 0x88ULL, 0x80008009ULL, 0x8000000aULL,
+   0x8000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL,
+   0x8000000000008002ULL, 0x8000000000000080ULL, 0x800aULL, 0x800000008000000aULL,
+   0x8000000080008081ULL, 0x8000000000008080ULL, 0x80000001ULL, 0x8000000080008008ULL};
+
+/*** Helper macros to unroll the permutation. ***/
+#define rol(x, s) (((x) << s) | ((x) >> (64 - s)))
+#define REPEAT6(e) e e e e e e
+#define REPEAT24(e) REPEAT6(e e e e)
+#define REPEAT5(e) e e e e e
+#define FOR5(v, s, e) \
+  v = 0;            \
+  REPEAT5(e; v += s;)
+
+/*** Keccak-f[1600] ***/
+static inline void keccakf(void* state) {
+  uint64_t* a = (uint64_t*)state;
+  uint64_t b[5] = {0};
+  uint64_t t = 0;
+  uint8_t x, y, i = 0;
+
+  REPEAT24(
+      // Theta
+      FOR5(x, 1,
+           b[x] = 0;
+           FOR5(y, 5,
+                b[x] ^= a[x + y]; ))
+      FOR5(x, 1,
+           FOR5(y, 5,
+                a[y + x] ^= b[(x + 4) % 5] ^ rol(b[(x + 1) % 5], 1); ))
+      // Rho and pi
+      t = a[1];
+      x = 0;
+      REPEAT24(b[0] = a[pi[x]];
+               a[pi[x]] = rol(t, rho[x]);
+               t = b[0];
+               x++; )
+      // Chi
+      FOR5(y,
+         5,
+         FOR5(x, 1,
+              b[x] = a[y + x];)
+         FOR5(x, 1,
+              a[y + x] = b[x] ^ ((~b[(x + 1) % 5]) & b[(x + 2) % 5]); ))
+      // Iota
+      a[0] ^= RC[i];
+      i++; )
+}
+
+/******** The FIPS202-defined functions. ********/
+
+/*** Some helper macros. ***/
+
+// `xorin` modified to handle Big Endian systems, `buf` being unaligned on
+// systems that care about such things.  Assumes that len is a multiple of 8,
+// which is always true for the rates we use, and the modified finalize.
+static inline void
+xorin8(uint8_t *dst, const uint8_t *src, size_t len) {
+  uint64_t* a = (uint64_t*)dst; // Always aligned.
+  for (size_t i = 0; i < len; i += 8) {
+    a[i/8] ^= loadu64le(src + i);
+  }
+}
+
+// `setout` likewise modified to handle Big Endian systems.  Assumes that len
+// is a multiple of 8, which is true for every rate we use.
+static inline void
+setout8(const uint8_t *src, uint8_t *dst, size_t len) {
+  const uint64_t *si = (const uint64_t*)src; // Always aligned.
+  for (size_t i = 0; i < len; i+= 8) {
+    storeu64le(dst+i, si[i/8]);
+  }
+}
+
+#define P keccakf
+#define Plen KECCAK_MAX_RATE
+
+#define KECCAK_DELIM_DIGEST 0x06
+#define KECCAK_DELIM_XOF 0x1f
+
+// Fold P*F over the full blocks of an input.
+#define foldP(I, L, F) \
+  while (L >= s->rate) {  \
+    F(s->a, I, s->rate);  \
+    P(s->a);              \
+    I += s->rate;         \
+    L -= s->rate;         \
+  }
+
+static inline void
+keccak_absorb_blocks(keccak_state *s, const uint8_t *buf, size_t nr_blocks)
+{
+  size_t blen = nr_blocks * s->rate;
+  foldP(buf, blen, xorin8);
+}
+
+static int
+keccak_update(keccak_state *s, const uint8_t *buf, size_t len)
+{
+  if (s->finalized)
+    return -1;
+  if ((buf == NULL) && len != 0)
+    return -1;
+
+  size_t remaining = len;
+  while (remaining > 0) {
+    if (s->offset == 0) {
+      const size_t blocks = remaining / s->rate;
+      size_t direct_bytes = blocks * s->rate;
+      if (direct_bytes > 0) {
+        keccak_absorb_blocks(s, buf, blocks);
+        remaining -= direct_bytes;
+        buf += direct_bytes;
+      }
+    }
+
+    const size_t buf_avail = s->rate - s->offset;
+    const size_t buf_bytes = (buf_avail > remaining) ? remaining : buf_avail;
+    if (buf_bytes > 0) {
+      memcpy(&s->block[s->offset], buf, buf_bytes);
+      s->offset += buf_bytes;
+      remaining -= buf_bytes;
+      buf += buf_bytes;
+    }
+    if (s->offset == s->rate) {
+      keccak_absorb_blocks(s, s->block, 1);
+      s->offset = 0;
+    }
+  }
+  return 0;
+}
+
+static void
+keccak_finalize(keccak_state *s)
+{
+  // Xor in the DS and pad frame.
+  s->block[s->offset++] = s->delim; // DS.
+  for (size_t i = s->offset; i < s->rate; i++) {
+    s->block[i] = 0;
+  }
+  s->block[s->rate - 1] |= 0x80; // Pad frame.
+
+  // Xor in the last block.
+  xorin8(s->a, s->block, s->rate);
+
+  memwipe(s->block, 0, sizeof(s->block));
+  s->finalized = 1;
+  s->offset = s->rate;
+}
+
+static inline void
+keccak_squeeze_blocks(keccak_state *s, uint8_t *out, size_t nr_blocks)
+{
+  for (size_t n = 0; n < nr_blocks; n++) {
+    keccakf(s->a);
+    setout8(s->a, out, s->rate);
+    out += s->rate;
+  }
+}
+
+static int
+keccak_squeeze(keccak_state *s, uint8_t *out, size_t outlen)
+{
+  if (!s->finalized)
+    return -1;
+
+  size_t remaining = outlen;
+  while (remaining > 0) {
+    if (s->offset == s->rate) {
+      const size_t blocks = remaining / s->rate;
+      const size_t direct_bytes = blocks * s->rate;
+      if (blocks > 0) {
+        keccak_squeeze_blocks(s, out, blocks);
+        out += direct_bytes;
+        remaining -= direct_bytes;
+      }
+
+      if (remaining > 0) {
+        keccak_squeeze_blocks(s, s->block, 1);
+        s->offset = 0;
+      }
+    }
+
+    const size_t buf_bytes = s->rate - s->offset;
+    const size_t indirect_bytes = (buf_bytes > remaining) ? remaining : buf_bytes;
+    if (indirect_bytes > 0) {
+      memcpy(out, &s->block[s->offset], indirect_bytes);
+      out += indirect_bytes;
+      s->offset += indirect_bytes;
+      remaining -= indirect_bytes;
+    }
+  }
+  return 0;
+}
+
+int
+keccak_digest_init(keccak_state *s, size_t bits)
+{
+  if (s == NULL)
+    return -1;
+  if (bits != 224 && bits != 256 && bits != 384 && bits != 512)
+    return -1;
+
+  keccak_cleanse(s);
+  s->rate = KECCAK_RATE(bits);
+  s->delim = KECCAK_DELIM_DIGEST;
+  return 0;
+}
+
+int
+keccak_digest_update(keccak_state *s, const uint8_t *buf, size_t len)
+{
+  if (s == NULL)
+    return -1;
+  if (s->delim != KECCAK_DELIM_DIGEST)
+    return -1;
+
+  return keccak_update(s, buf, len);
+}
+
+int
+keccak_digest_sum(const keccak_state *s, uint8_t *out, size_t outlen)
+{
+  if (s == NULL)
+    return -1;
+  if (s->delim != KECCAK_DELIM_DIGEST)
+    return -1;
+  if (out == NULL || outlen > 4 * (KECCAK_MAX_RATE - s->rate) / 8)
+    return -1;
+
+  // Work in a copy so that incremental/rolling hashes are easy.
+  keccak_state s_tmp;
+  keccak_clone(&s_tmp, s);
+  keccak_finalize(&s_tmp);
+  int ret = keccak_squeeze(&s_tmp, out, outlen);
+  keccak_cleanse(&s_tmp);
+  return ret;
+}
+
+int
+keccak_xof_init(keccak_state *s, size_t bits)
+{
+  if (s == NULL)
+    return -1;
+  if (bits != 128 && bits != 256)
+    return -1;
+
+  keccak_cleanse(s);
+  s->rate = KECCAK_RATE(bits);
+  s->delim = KECCAK_DELIM_XOF;
+  return 0;
+}
+
+int
+keccak_xof_absorb(keccak_state *s, const uint8_t *buf, size_t len)
+{
+  if (s == NULL)
+    return -1;
+  if (s->delim != KECCAK_DELIM_XOF)
+    return -1;
+
+  return keccak_update(s, buf, len);
+}
+
+int
+keccak_xof_squeeze(keccak_state *s, uint8_t *out, size_t outlen)
+{
+  if (s == NULL)
+    return -1;
+  if (s->delim != KECCAK_DELIM_XOF)
+    return -1;
+
+  if (!s->finalized)
+    keccak_finalize(s);
+
+  return keccak_squeeze(s, out, outlen);
+}
+
+void
+keccak_clone(keccak_state *out, const keccak_state *in)
+{
+  memcpy(out, in, sizeof(keccak_state));
+}
+
+void
+keccak_cleanse(keccak_state *s)
+{
+  memwipe(s, 0, sizeof(keccak_state));
+}
+
+/** The sponge-based hash construction. **/
+static inline int hash(uint8_t* out, size_t outlen,
+                       const uint8_t* in, size_t inlen,
+                       size_t bits, uint8_t delim) {
+  if ((out == NULL) || ((in == NULL) && inlen != 0)) {
+    return -1;
+  }
+
+  int ret = 0;
+  keccak_state s;
+  keccak_cleanse(&s);
+
+  switch (delim) {
+    case KECCAK_DELIM_DIGEST:
+      ret |= keccak_digest_init(&s, bits);
+      ret |= keccak_digest_update(&s, in, inlen);
+      // Use the internal API instead of sum to avoid the memcpy.
+      keccak_finalize(&s);
+      ret |= keccak_squeeze(&s, out, outlen);
+      break;
+    case KECCAK_DELIM_XOF:
+      ret |= keccak_xof_init(&s, bits);
+      ret |= keccak_xof_absorb(&s, in, inlen);
+      ret |= keccak_xof_squeeze(&s, out, outlen);
+      break;
+    default:
+      return -1;
+  }
+  keccak_cleanse(&s);
+  return ret;
+}
+
+/*** Helper macros to define SHA3 and SHAKE instances. ***/
+#define defshake(bits)                                            \
+  int shake##bits(uint8_t* out, size_t outlen,                    \
+                  const uint8_t* in, size_t inlen) {              \
+    return hash(out, outlen, in, inlen, bits, KECCAK_DELIM_XOF);  \
+  }
+#define defsha3(bits)                                             \
+  int sha3_##bits(uint8_t* out, size_t outlen,                    \
+                  const uint8_t* in, size_t inlen) {              \
+    if (outlen > (bits/8)) {                                      \
+      return -1;                                                  \
+    }                                                             \
+    return hash(out, outlen, in, inlen, bits, KECCAK_DELIM_DIGEST);  \
+  }
+
+/*** FIPS202 SHAKE VOFs ***/
+defshake(128)
+defshake(256)
+
+/*** FIPS202 SHA3 FOFs ***/
+defsha3(224)
+defsha3(256)
+defsha3(384)
+defsha3(512)
diff --git a/src/ext/keccak-tiny/keccak-tiny.c b/src/ext/keccak-tiny/keccak-tiny.c
new file mode 100644
index 0000000000..76d89fa78c
--- /dev/null
+++ b/src/ext/keccak-tiny/keccak-tiny.c
@@ -0,0 +1,163 @@
+/** libkeccak-tiny
+ *
+ * A single-file implementation of SHA-3 and SHAKE.
+ *
+ * Implementor: David Leon Gil
+ * License: CC0, attribution kindly requested. Blame taken too,
+ * but not liability.
+ */
+#include "keccak-tiny.h"
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/******** The Keccak-f[1600] permutation ********/
+
+/*** Constants. ***/
+static const uint8_t rho[24] = \
+  { 1,  3,   6, 10, 15, 21,
+    28, 36, 45, 55,  2, 14,
+    27, 41, 56,  8, 25, 43,
+    62, 18, 39, 61, 20, 44};
+static const uint8_t pi[24] = \
+  {10,  7, 11, 17, 18, 3,
+    5, 16,  8, 21, 24, 4,
+   15, 23, 19, 13, 12, 2,
+   20, 14, 22,  9, 6,  1};
+static const uint64_t RC[24] = \
+  {1ULL, 0x8082ULL, 0x800000000000808aULL, 0x8000000080008000ULL,
+   0x808bULL, 0x80000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL,
+   0x8aULL, 0x88ULL, 0x80008009ULL, 0x8000000aULL,
+   0x8000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL,
+   0x8000000000008002ULL, 0x8000000000000080ULL, 0x800aULL, 0x800000008000000aULL,
+   0x8000000080008081ULL, 0x8000000000008080ULL, 0x80000001ULL, 0x8000000080008008ULL};
+
+/*** Helper macros to unroll the permutation. ***/
+#define rol(x, s) (((x) << s) | ((x) >> (64 - s)))
+#define REPEAT6(e) e e e e e e
+#define REPEAT24(e) REPEAT6(e e e e)
+#define REPEAT5(e) e e e e e
+#define FOR5(v, s, e) \
+  v = 0;            \
+  REPEAT5(e; v += s;)
+
+/*** Keccak-f[1600] ***/
+static inline void keccakf(void* state) {
+  uint64_t* a = (uint64_t*)state;
+  uint64_t b[5] = {0};
+  uint64_t t = 0;
+  uint8_t x, y;
+
+  for (int i = 0; i < 24; i++) {
+    // Theta
+    FOR5(x, 1,
+         b[x] = 0;
+         FOR5(y, 5,
+              b[x] ^= a[x + y]; ))
+    FOR5(x, 1,
+         FOR5(y, 5,
+              a[y + x] ^= b[(x + 4) % 5] ^ rol(b[(x + 1) % 5], 1); ))
+    // Rho and pi
+    t = a[1];
+    x = 0;
+    REPEAT24(b[0] = a[pi[x]];
+             a[pi[x]] = rol(t, rho[x]);
+             t = b[0];
+             x++; )
+    // Chi
+    FOR5(y,
+       5,
+       FOR5(x, 1,
+            b[x] = a[y + x];)
+       FOR5(x, 1,
+            a[y + x] = b[x] ^ ((~b[(x + 1) % 5]) & b[(x + 2) % 5]); ))
+    // Iota
+    a[0] ^= RC[i];
+  }
+}
+
+/******** The FIPS202-defined functions. ********/
+
+/*** Some helper macros. ***/
+
+#define _(S) do { S } while (0)
+#define FOR(i, ST, L, S) \
+  _(for (size_t i = 0; i < L; i += ST) { S; })
+#define mkapply_ds(NAME, S)                                          \
+  static inline void NAME(uint8_t* dst,                              \
+                          const uint8_t* src,                        \
+                          size_t len) {                              \
+    FOR(i, 1, len, S);                                               \
+  }
+#define mkapply_sd(NAME, S)                                          \
+  static inline void NAME(const uint8_t* src,                        \
+                          uint8_t* dst,                              \
+                          size_t len) {                              \
+    FOR(i, 1, len, S);                                               \
+  }
+
+mkapply_ds(xorin, dst[i] ^= src[i])  // xorin
+mkapply_sd(setout, dst[i] = src[i])  // setout
+
+#define P keccakf
+#define Plen 200
+
+// Fold P*F over the full blocks of an input.
+#define foldP(I, L, F) \
+  while (L >= rate) {  \
+    F(a, I, rate);     \
+    P(a);              \
+    I += rate;         \
+    L -= rate;         \
+  }
+
+/** The sponge-based hash construction. **/
+static inline int hash(uint8_t* out, size_t outlen,
+                       const uint8_t* in, size_t inlen,
+                       size_t rate, uint8_t delim) {
+  if ((out == NULL) || ((in == NULL) && inlen != 0) || (rate >= Plen)) {
+    return -1;
+  }
+  uint8_t a[Plen] = {0};
+  // Absorb input.
+  foldP(in, inlen, xorin);
+  // Xor in the DS and pad frame.
+  a[inlen] ^= delim;
+  a[rate - 1] ^= 0x80;
+  // Xor in the last block.
+  xorin(a, in, inlen);
+  // Apply P
+  P(a);
+  // Squeeze output.
+  foldP(out, outlen, setout);
+  setout(a, out, outlen);
+  memset_s(a, 200, 0, 200);
+  return 0;
+}
+
+/*** Helper macros to define SHA3 and SHAKE instances. ***/
+#define defshake(bits)                                            \
+  int shake##bits(uint8_t* out, size_t outlen,                    \
+                  const uint8_t* in, size_t inlen) {              \
+    return hash(out, outlen, in, inlen, 200 - (bits / 4), 0x1f);  \
+  }
+#define defsha3(bits)                                             \
+  int sha3_##bits(uint8_t* out, size_t outlen,                    \
+                  const uint8_t* in, size_t inlen) {              \
+    if (outlen > (bits/8)) {                                      \
+      return -1;                                                  \
+    }                                                             \
+    return hash(out, outlen, in, inlen, 200 - (bits / 4), 0x06);  \
+  }
+
+/*** FIPS202 SHAKE VOFs ***/
+defshake(128)
+defshake(256)
+
+/*** FIPS202 SHA3 FOFs ***/
+defsha3(224)
+defsha3(256)
+defsha3(384)
+defsha3(512)
diff --git a/src/ext/keccak-tiny/keccak-tiny.h b/src/ext/keccak-tiny/keccak-tiny.h
new file mode 100644
index 0000000000..7efea2319e
--- /dev/null
+++ b/src/ext/keccak-tiny/keccak-tiny.h
@@ -0,0 +1,66 @@
+#ifndef KECCAK_FIPS202_H
+#define KECCAK_FIPS202_H
+
+#include <stddef.h>
+#include "torint.h"
+
+#define KECCAK_MAX_RATE 200
+
+/* Calculate the rate (block size) from the security target. */
+#define KECCAK_RATE(bits) (KECCAK_MAX_RATE - (bits / 4))
+
+/* The internal structure of a FIPS202 hash/xof instance.  Most callers
+ * should treat this as an opaque structure.
+ */
+typedef struct keccak_state {
+  uint8_t a[KECCAK_MAX_RATE];
+  size_t rate;
+  uint8_t delim;
+
+  uint8_t block[KECCAK_MAX_RATE];
+  size_t offset;
+
+  uint8_t finalized : 1;
+} keccak_state;
+
+/* Initialize a Keccak instance suitable for SHA-3 hash functions. */
+int keccak_digest_init(keccak_state *s, size_t bits);
+
+/* Feed more data into the SHA-3 hash instance. */
+int keccak_digest_update(keccak_state *s, const uint8_t *buf, size_t len);
+
+/* Calculate the SHA-3 hash digest.  The state is unmodified to support
+ * calculating multiple/rolling digests.
+ */
+int keccak_digest_sum(const keccak_state *s, uint8_t *out, size_t outlen);
+
+/* Initialize a Keccak instance suitable for XOFs (SHAKE-128/256). */
+int keccak_xof_init(keccak_state *s, size_t bits);
+
+/* Absorb more data into the XOF.  Must not be called after a squeeze call. */
+int keccak_xof_absorb(keccak_state *s, const uint8_t *buf, size_t len);
+
+/* Squeeze data out of the XOF. Must not attempt to absorb additional data,
+ * after a squeeze has been called.
+ */
+int keccak_xof_squeeze(keccak_state *s, uint8_t *out, size_t outlen);
+
+/* Clone an existing hash/XOF instance. */
+void keccak_clone(keccak_state *out, const keccak_state *in);
+
+/* Cleanse sensitive data from a given hash instance. */
+void keccak_cleanse(keccak_state *s);
+
+#define decshake(bits) \
+  int shake##bits(uint8_t*, size_t, const uint8_t*, size_t);
+
+#define decsha3(bits) \
+  int sha3_##bits(uint8_t*, size_t, const uint8_t*, size_t);
+
+decshake(128)
+decshake(256)
+decsha3(224)
+decsha3(256)
+decsha3(384)
+decsha3(512)
+#endif
diff --git a/src/ext/readpassphrase.c b/src/ext/readpassphrase.c
new file mode 100644
index 0000000000..e0df05d7b7
--- /dev/null
+++ b/src/ext/readpassphrase.c
@@ -0,0 +1,222 @@
+/*	$OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $	*/
+
+/*
+ * Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
+
+#include "orconfig.h"
+
+#ifndef HAVE_READPASSPHRASE
+
+#include <termios.h>
+#include <signal.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include "tor_readpassphrase.h"
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifndef _PATH_TTY
+# define _PATH_TTY "/dev/tty"
+#endif
+
+#ifdef TCSASOFT
+# define _T_FLUSH	(TCSAFLUSH|TCSASOFT)
+#else
+# define _T_FLUSH	(TCSAFLUSH)
+#endif
+
+/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
+#if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
+#  define _POSIX_VDISABLE       VDISABLE
+#endif
+
+#ifndef _NSIG
+# ifdef NSIG
+#  define _NSIG NSIG
+# else
+#  define _NSIG 128
+# endif
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t bytes_written = 0;
+	ssize_t nr;
+	int input, output, save_errno, i, need_restart;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	for (i = 0; i < _NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((flags & RPP_STDIN) ||
+	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGALRM, &sa, &savealrm);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGPIPE, &sa, &savepipe);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	/* Turn off echo if possible. */
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, _T_FLUSH, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
+		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
+	}
+
+	/* No I/O if we are already backgrounded. */
+	if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) {
+		if (!(flags & RPP_STDIN))
+			bytes_written = write(output, prompt, strlen(prompt));
+		end = buf + bufsiz - 1;
+		p = buf;
+		while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+			if (p < end) {
+#if 0
+				if ((flags & RPP_SEVENBIT))
+					ch &= 0x7f;
+				if (isalpha(ch)) {
+					if ((flags & RPP_FORCELOWER))
+						ch = (char)tolower(ch);
+					if ((flags & RPP_FORCEUPPER))
+						ch = (char)toupper(ch);
+				}
+#endif
+				*p++ = ch;
+			}
+		}
+		*p = '\0';
+		save_errno = errno;
+		if (!(term.c_lflag & ECHO))
+			bytes_written = write(output, "\n", 1);
+	}
+
+	(void) bytes_written;
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
+		    errno == EINTR)
+			continue;
+	}
+	(void)sigaction(SIGALRM, &savealrm, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGPIPE, &savepipe, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	for (i = 0; i < _NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
+			case SIGTSTP:
+			case SIGTTIN:
+			case SIGTTOU:
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
+		goto restart;
+
+	if (save_errno)
+		errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+
+#if 0
+char *
+getpass(const char *prompt)
+{
+	static char buf[_PASSWORD_LEN + 1];
+
+	return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+}
+#endif
+
+static void handler(int s)
+{
+
+	signo[s] = 1;
+}
+#endif /* HAVE_READPASSPHRASE */
diff --git a/src/ext/tinytest.c b/src/ext/tinytest.c
index cc054ad340..f6baeeb9a5 100644
--- a/src/ext/tinytest.c
+++ b/src/ext/tinytest.c
@@ -490,7 +490,7 @@ tinytest_format_hex_(const void *val_, unsigned long len)
 		return strdup("<allocation failure>");
 	cp = result;
 	for (i=0;i<len;++i) {
-		*cp++ = "0123456789ABCDEF"[val[i] >> 4];
+		*cp++ = "0123456789ABCDEF"[(val[i] >> 4)&0x0f];
 		*cp++ = "0123456789ABCDEF"[val[i] & 0x0f];
 	}
 	while (ellipses--)
diff --git a/src/ext/tinytest_demo.c b/src/ext/tinytest_demo.c
index 634e112cb8..c07f099791 100644
--- a/src/ext/tinytest_demo.c
+++ b/src/ext/tinytest_demo.c
@@ -74,13 +74,13 @@ test_strcmp(void *data)
 	   values of the failing things.
 
 	   Fail unless strcmp("abc, "abc") == 0 */
-	tt_int_op(strcmp("abc", "abc"), ==, 0);
+	tt_int_op(strcmp("abc", "abc"), OP_EQ, 0);
 
 	/* Fail unless strcmp("abc, "abcd") is less than 0 */
-	tt_int_op(strcmp("abc", "abcd"), < , 0);
+	tt_int_op(strcmp("abc", "abcd"), OP_LT, 0);
 
 	/* Incidentally, there's a test_str_op that uses strcmp internally. */
-	tt_str_op("abc", <, "abcd");
+	tt_str_op("abc", OP_LT, "abcd");
 
 
 	/* Every test-case function needs to finish with an "end:"
@@ -153,11 +153,11 @@ test_memcpy(void *ptr)
 	/* Let's make sure that memcpy does what we'd like. */
 	strcpy(db->buffer1, "String 0");
 	memcpy(db->buffer2, db->buffer1, sizeof(db->buffer1));
-	tt_str_op(db->buffer1, ==, db->buffer2);
+	tt_str_op(db->buffer1, OP_EQ, db->buffer2);
 
         /* tt_mem_op() does a memcmp, as opposed to the strcmp in tt_str_op() */
         db->buffer2[100] = 3; /* Make the buffers unequal */
-        tt_mem_op(db->buffer1, <, db->buffer2, sizeof(db->buffer1));
+        tt_mem_op(db->buffer1, OP_LT, db->buffer2, sizeof(db->buffer1));
 
 	/* Now we've allocated memory that's referenced by a local variable.
 	   The end block of the function will clean it up. */
@@ -165,7 +165,7 @@ test_memcpy(void *ptr)
 	tt_assert(mem);
 
 	/* Another rather trivial test. */
-	tt_str_op(db->buffer1, !=, mem);
+	tt_str_op(db->buffer1, OP_NE, mem);
 
  end:
 	/* This time our end block has something to do. */
@@ -186,9 +186,9 @@ test_timeout(void *ptr)
 #endif
 	t2 = time(NULL);
 
-	tt_int_op(t2-t1, >=, 4);
+	tt_int_op(t2-t1, OP_GE, 4);
 
-	tt_int_op(t2-t1, <=, 6);
+	tt_int_op(t2-t1, OP_LE, 6);
 
  end:
 	;
diff --git a/src/ext/tor_queue.h b/src/ext/tor_queue.h
index f05e48c18e..a6530c2b9b 100644
--- a/src/ext/tor_queue.h
+++ b/src/ext/tor_queue.h
@@ -109,7 +109,8 @@ struct {								\
  */
 #define	TOR_SLIST_FIRST(head)	((head)->slh_first)
 #define	TOR_SLIST_END(head)		NULL
-#define	TOR_SLIST_EMPTY(head)	(SLIST_FIRST(head) == TOR_SLIST_END(head))
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define	TOR_SLIST_EMPTY(head)	((SLIST_FIRST(head) == TOR_SLIST_END(head)) || 0)
 #define	TOR_SLIST_NEXT(elm, field)	((elm)->field.sle_next)
 
 #define	TOR_SLIST_FOREACH(var, head, field)					\
@@ -181,9 +182,11 @@ struct {								\
 /*
  * List access methods
  */
-#define	TOR_LIST_FIRST(head)		((head)->lh_first)
-#define	TOR_LIST_END(head)			NULL
-#define	TOR_LIST_EMPTY(head)		(TOR_LIST_FIRST(head) == TOR_LIST_END(head))
+#define	TOR_LIST_FIRST(head)    ((head)->lh_first)
+#define	TOR_LIST_END(head)		  NULL
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define	TOR_LIST_EMPTY(head)	  \
+          ((TOR_LIST_FIRST(head) == TOR_LIST_END(head)) || 0)
 #define	TOR_LIST_NEXT(elm, field)		((elm)->field.le_next)
 
 #define TOR_LIST_FOREACH(var, head, field)					\
@@ -265,8 +268,10 @@ struct {								\
  * Simple queue access methods.
  */
 #define	TOR_SIMPLEQ_FIRST(head)	    ((head)->sqh_first)
-#define	TOR_SIMPLEQ_END(head)	    NULL
-#define	TOR_SIMPLEQ_EMPTY(head)	    (TOR_SIMPLEQ_FIRST(head) == TOR_SIMPLEQ_END(head))
+#define	TOR_SIMPLEQ_END(head)	      NULL
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define	TOR_SIMPLEQ_EMPTY(head)	    \
+          ((TOR_SIMPLEQ_FIRST(head) == TOR_SIMPLEQ_END(head)) || 0)
 #define	TOR_SIMPLEQ_NEXT(elm, field)    ((elm)->field.sqe_next)
 
 #define TOR_SIMPLEQ_FOREACH(var, head, field)				\
@@ -345,8 +350,9 @@ struct {								\
 /* XXX */
 #define TOR_TAILQ_PREV(elm, headname, field)				\
 	(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
 #define	TOR_TAILQ_EMPTY(head)						\
-	(TOR_TAILQ_FIRST(head) == TOR_TAILQ_END(head))
+	((TOR_TAILQ_FIRST(head) == TOR_TAILQ_END(head)) || 0)
 
 #define TOR_TAILQ_FOREACH(var, head, field)					\
 	for((var) = TOR_TAILQ_FIRST(head);					\
@@ -462,8 +468,9 @@ struct {								\
 #define	TOR_CIRCLEQ_END(head)		((void *)(head))
 #define	TOR_CIRCLEQ_NEXT(elm, field)	((elm)->field.cqe_next)
 #define	TOR_CIRCLEQ_PREV(elm, field)	((elm)->field.cqe_prev)
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
 #define	TOR_CIRCLEQ_EMPTY(head)						\
-	(TOR_CIRCLEQ_FIRST(head) == TOR_CIRCLEQ_END(head))
+	((TOR_CIRCLEQ_FIRST(head) == TOR_CIRCLEQ_END(head)) || 0)
 
 #define TOR_CIRCLEQ_FOREACH(var, head, field)				\
 	for((var) = TOR_CIRCLEQ_FIRST(head);				\
diff --git a/src/ext/tor_readpassphrase.h b/src/ext/tor_readpassphrase.h
new file mode 100644
index 0000000000..64f5668cad
--- /dev/null
+++ b/src/ext/tor_readpassphrase.h
@@ -0,0 +1,48 @@
+/*	$OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/* OPENBSD ORIGINAL: include/readpassphrase.h */
+
+#ifndef _READPASSPHRASE_H_
+#define _READPASSPHRASE_H_
+
+#include "orconfig.h"
+
+#ifndef HAVE_READPASSPHRASE
+
+#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01		/* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
+#if 0
+#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
+#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+#endif
+#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */
+
+char * readpassphrase(const char *, char *, size_t, int);
+
+#define HAVE_READPASSPHRASE
+
+#endif /* HAVE_READPASSPHRASE */
+
+#endif /* !_READPASSPHRASE_H_ */
diff --git a/src/ext/trunnel/trunnel-impl.h b/src/ext/trunnel/trunnel-impl.h
new file mode 100644
index 0000000000..dfe5f89e1a
--- /dev/null
+++ b/src/ext/trunnel/trunnel-impl.h
@@ -0,0 +1,310 @@
+/* trunnel-impl.h -- copied from Trunnel v1.4.4
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+/* trunnel-impl.h -- Implementation helpers for trunnel, included by
+ * generated trunnel files
+ *
+ * Copyright 2014-2015, The Tor Project, Inc.
+ * See license at the end of this file for copying information.
+ */
+
+#ifndef TRUNNEL_IMPL_H_INCLUDED_
+#define TRUNNEL_IMPL_H_INCLUDED_
+#include "trunnel.h"
+#include <assert.h>
+#include <string.h>
+#ifdef TRUNNEL_LOCAL_H
+#include "trunnel-local.h"
+#endif
+
+#if defined(_MSC_VER) && (_MSC_VER < 1600)
+#define uint8_t unsigned char
+#define uint16_t unsigned short
+#define uint32_t unsigned int
+#define uint64_t unsigned __int64
+#define inline __inline
+#else
+#include <stdint.h>
+#endif
+
+#ifdef _WIN32
+uint32_t trunnel_htonl(uint32_t a);
+uint32_t trunnel_ntohl(uint32_t a);
+uint16_t trunnel_htons(uint16_t a);
+uint16_t trunnel_ntohs(uint16_t a);
+#else
+#include <arpa/inet.h>
+#define trunnel_htonl(x) htonl(x)
+#define trunnel_htons(x) htons(x)
+#define trunnel_ntohl(x) ntohl(x)
+#define trunnel_ntohs(x) ntohs(x)
+#endif
+uint64_t trunnel_htonll(uint64_t a);
+uint64_t trunnel_ntohll(uint64_t a);
+
+#ifndef trunnel_assert
+#define trunnel_assert(x) assert(x)
+#endif
+
+static inline void
+trunnel_set_uint64(void *p, uint64_t v) {
+  memcpy(p, &v, 8);
+}
+static inline void
+trunnel_set_uint32(void *p, uint32_t v) {
+  memcpy(p, &v, 4);
+}
+static inline void
+trunnel_set_uint16(void *p, uint16_t v) {
+  memcpy(p, &v, 2);
+}
+static inline void
+trunnel_set_uint8(void *p, uint8_t v) {
+  memcpy(p, &v, 1);
+}
+
+static inline uint64_t
+trunnel_get_uint64(const void *p) {
+  uint64_t x;
+  memcpy(&x, p, 8);
+  return x;
+}
+static inline uint32_t
+trunnel_get_uint32(const void *p) {
+  uint32_t x;
+  memcpy(&x, p, 4);
+  return x;
+}
+static inline uint16_t
+trunnel_get_uint16(const void *p) {
+  uint16_t x;
+  memcpy(&x, p, 2);
+  return x;
+}
+static inline uint8_t
+trunnel_get_uint8(const void *p) {
+  return *(const uint8_t*)p;
+}
+
+
+#ifdef TRUNNEL_DEBUG_FAILING_ALLOC
+extern int trunnel_provoke_alloc_failure;
+
+static inline void *
+trunnel_malloc(size_t n)
+{
+   if (trunnel_provoke_alloc_failure) {
+     if (--trunnel_provoke_alloc_failure == 0)
+       return NULL;
+   }
+   return malloc(n);
+}
+static inline void *
+trunnel_calloc(size_t a, size_t b)
+{
+   if (trunnel_provoke_alloc_failure) {
+     if (--trunnel_provoke_alloc_failure == 0)
+       return NULL;
+   }
+   return calloc(a,b);
+}
+static inline char *
+trunnel_strdup(const char *s)
+{
+   if (trunnel_provoke_alloc_failure) {
+     if (--trunnel_provoke_alloc_failure == 0)
+       return NULL;
+   }
+   return strdup(s);
+}
+#else
+#ifndef trunnel_malloc
+#define trunnel_malloc(x) (malloc((x)))
+#endif
+#ifndef trunnel_calloc
+#define trunnel_calloc(a,b) (calloc((a),(b)))
+#endif
+#ifndef trunnel_strdup
+#define trunnel_strdup(s) (strdup((s)))
+#endif
+#endif
+
+#ifndef trunnel_realloc
+#define trunnel_realloc(a,b) realloc((a),(b))
+#endif
+
+#ifndef trunnel_free_
+#define trunnel_free_(x) (free(x))
+#endif
+#define trunnel_free(x) ((x) ? (trunnel_free_(x),0) : (0))
+
+#ifndef trunnel_abort
+#define trunnel_abort() abort()
+#endif
+
+#ifndef trunnel_memwipe
+#define trunnel_memwipe(mem, len) ((void)0)
+#define trunnel_wipestr(s) ((void)0)
+#else
+#define trunnel_wipestr(s) do {                 \
+    if (s)                                      \
+      trunnel_memwipe(s, strlen(s));            \
+  } while (0)
+#endif
+
+/* ====== dynamic arrays ======== */
+
+#ifdef NDEBUG
+#define TRUNNEL_DYNARRAY_GET(da, n)             \
+  ((da)->elts_[(n)])
+#else
+/** Return the 'n'th element of 'da'. */
+#define TRUNNEL_DYNARRAY_GET(da, n)             \
+  (((n) >= (da)->n_ ? (trunnel_abort(),0) : 0), (da)->elts_[(n)])
+#endif
+
+/** Change the 'n'th element of 'da' to 'v'. */
+#define TRUNNEL_DYNARRAY_SET(da, n, v) do {                    \
+    trunnel_assert((n) < (da)->n_);                            \
+    (da)->elts_[(n)] = (v);                                    \
+  } while (0)
+
+/** Expand the dynamic array 'da' of 'elttype' so that it can hold at least
+ * 'howmanymore' elements than its current capacity. Always tries to increase
+ * the length of the array. On failure, run the code in 'on_fail' and goto
+ * trunnel_alloc_failed. */
+#define TRUNNEL_DYNARRAY_EXPAND(elttype, da, howmanymore, on_fail) do { \
+    elttype *newarray;                                               \
+    newarray = trunnel_dynarray_expand(&(da)->allocated_,            \
+                                       (da)->elts_, (howmanymore),   \
+                                       sizeof(elttype));             \
+    if (newarray == NULL) {                                          \
+      on_fail;                                                       \
+      goto trunnel_alloc_failed;                                     \
+    }                                                                \
+    (da)->elts_ = newarray;                                          \
+  } while (0)
+
+/** Add 'v' to the end of the dynamic array 'da' of 'elttype', expanding it if
+ * necessary.  code in 'on_fail' and goto trunnel_alloc_failed. */
+#define TRUNNEL_DYNARRAY_ADD(elttype, da, v, on_fail) do { \
+      if ((da)->n_ == (da)->allocated_) {                  \
+        TRUNNEL_DYNARRAY_EXPAND(elttype, da, 1, on_fail);  \
+      }                                                    \
+      (da)->elts_[(da)->n_++] = (v);                       \
+    } while (0)
+
+/** Return the number of elements in 'da'. */
+#define TRUNNEL_DYNARRAY_LEN(da) ((da)->n_)
+
+/** Remove all storage held by 'da' and set it to be empty.  Does not free
+ * storage held by the elements themselves. */
+#define TRUNNEL_DYNARRAY_CLEAR(da) do {           \
+    trunnel_free((da)->elts_);                    \
+    (da)->elts_ = NULL;                           \
+    (da)->n_ = (da)->allocated_ = 0;              \
+  } while (0)
+
+/** Remove all storage held by 'da' and set it to be empty.  Does not free
+ * storage held by the elements themselves. */
+#define TRUNNEL_DYNARRAY_WIPE(da) do {                                  \
+    trunnel_memwipe((da)->elts_, (da)->allocated_ * sizeof((da)->elts_[0])); \
+  } while (0)
+
+/** Helper: wraps or implements an OpenBSD-style reallocarray.  Behaves
+ * as realloc(a, x*y), but verifies that no overflow will occur in the
+ * multiplication. Returns NULL on failure. */
+#ifndef trunnel_reallocarray
+void *trunnel_reallocarray(void *a, size_t x, size_t y);
+#endif
+
+/** Helper to expand a dynamic array. Behaves as TRUNNEL_DYNARRAY_EXPAND(),
+ * taking the array of elements in 'ptr', a pointer to thethe current number
+ * of allocated elements in allocated_p, the minimum numbeer of elements to
+ * add in 'howmanymore', and the size of a single element in 'eltsize'.
+ *
+ * On success, adjust *allocated_p, and return the new value for the array of
+ * elements.  On failure, adjust nothing and return NULL.
+ */
+void *trunnel_dynarray_expand(size_t *allocated_p, void *ptr,
+                              size_t howmanymore, size_t eltsize);
+
+/** Type for a function to free members of a dynarray of pointers. */
+typedef void (*trunnel_free_fn_t)(void *);
+
+/**
+ * Helper to change the length of a dynamic array. Takes pointers to the
+ * current allocated and n fields of the array in 'allocated_p' and 'len_p',
+ * and the current array of elements in 'ptr'; takes the length of a single
+ * element in 'eltsize'.  Changes the length to 'newlen'.  If 'newlen' is
+ * greater than the current length, pads the new elements with 0.  If newlen
+ * is less than the current length, and free_fn is non-NULL, treat the
+ * array as an array of void *, and invoke free_fn() on each removed element.
+ *
+ * On success, adjust *allocated_p and *len_p, and return the new value for
+ * the array of elements.  On failure, adjust nothing, set *errcode_ptr to 1,
+ * and return NULL.
+ */
+void *trunnel_dynarray_setlen(size_t *allocated_p, size_t *len_p,
+                              void *ptr, size_t newlen,
+                              size_t eltsize, trunnel_free_fn_t free_fn,
+                              uint8_t *errcode_ptr);
+
+/**
+ * Helper: return a pointer to the value of 'str' as a NUL-terminated string.
+ * Might have to reallocate the storage for 'str' in order to fit in the final
+ * NUL character.  On allocation failure, return NULL.
+ */
+const char *trunnel_string_getstr(trunnel_string_t *str);
+
+/**
+ * Helper: change the contents of 'str' to hold the 'len'-byte string in
+ * 'inp'.  Adjusts the storage to have a terminating NUL that doesn't count
+ * towards the length of the string.  On success, return 0.  On failure, set
+ * *errcode_ptr to 1 and return -1.
+ */
+int trunnel_string_setstr0(trunnel_string_t *str, const char *inp, size_t len,
+                           uint8_t *errcode_ptr);
+
+/**
+ * As trunnel_dynarray_setlen, but adjusts a string rather than a dynamic
+ * array, and ensures that the new string is NUL-terminated.
+ */
+int trunnel_string_setlen(trunnel_string_t *str, size_t newlen,
+                           uint8_t *errcode_ptr);
+
+#endif
+
+
+/*
+Copyright 2014  The Tor Project, Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+    * Neither the names of the copyright owners nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
diff --git a/src/ext/trunnel/trunnel.c b/src/ext/trunnel/trunnel.c
new file mode 100644
index 0000000000..0ed75aa9a4
--- /dev/null
+++ b/src/ext/trunnel/trunnel.c
@@ -0,0 +1,247 @@
+/* trunnel.c -- copied from Trunnel v1.4.4
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+/* trunnel.c -- Helper functions to implement trunnel.
+ *
+ * Copyright 2014-2015, The Tor Project, Inc.
+ * See license at the end of this file for copying information.
+ *
+ * See trunnel-impl.h for documentation of these functions.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include "trunnel-impl.h"
+
+#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+	__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+#  define IS_LITTLE_ENDIAN 1
+#elif defined(BYTE_ORDER) && defined(ORDER_LITTLE_ENDIAN) &&     \
+	BYTE_ORDER == __ORDER_LITTLE_ENDIAN
+#  define IS_LITTLE_ENDIAN 1
+#elif defined(_WIN32)
+#  define IS_LITTLE_ENDIAN 1
+#elif defined(__APPLE__)
+#  include <libkern/OSByteOrder.h>
+#  define BSWAP64(x) OSSwapLittleToHostInt64(x)
+#elif defined(sun) || defined(__sun)
+#  include <sys/byteorder.h>
+#  ifndef _BIG_ENDIAN
+#    define IS_LITTLE_ENDIAN
+#  endif
+#else
+# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#  include <sys/endian.h>
+# else
+#  include <endian.h>
+# endif
+#  if defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
+	__BYTE_ORDER == __LITTLE_ENDIAN
+#    define IS_LITTLE_ENDIAN
+#  endif
+#endif
+
+#ifdef _WIN32
+uint16_t
+trunnel_htons(uint16_t s)
+{
+  return (s << 8) | (s >> 8);
+}
+uint16_t
+trunnel_ntohs(uint16_t s)
+{
+  return (s << 8) | (s >> 8);
+}
+uint32_t
+trunnel_htonl(uint32_t s)
+{
+  return (s << 24) |
+         ((s << 8)&0xff0000) |
+         ((s >> 8)&0xff00) |
+         (s >> 24);
+}
+uint32_t
+trunnel_ntohl(uint32_t s)
+{
+  return (s << 24) |
+         ((s << 8)&0xff0000) |
+         ((s >> 8)&0xff00) |
+         (s >> 24);
+}
+#endif
+
+uint64_t
+trunnel_htonll(uint64_t a)
+{
+#ifdef IS_LITTLE_ENDIAN
+  return trunnel_htonl((uint32_t)(a>>32))
+    | (((uint64_t)trunnel_htonl((uint32_t)a))<<32);
+#else
+  return a;
+#endif
+}
+
+uint64_t
+trunnel_ntohll(uint64_t a)
+{
+  return trunnel_htonll(a);
+}
+
+#ifdef TRUNNEL_DEBUG_FAILING_ALLOC
+/** Used for debugging and running tricky test cases: Makes the nth
+ * memoryation allocation call from now fail.
+ */
+int trunnel_provoke_alloc_failure = 0;
+#endif
+
+void *
+trunnel_dynarray_expand(size_t *allocated_p, void *ptr,
+                        size_t howmanymore, size_t eltsize)
+{
+  size_t newsize = howmanymore + *allocated_p;
+  void *newarray = NULL;
+  if (newsize < 8)
+    newsize = 8;
+  if (newsize < *allocated_p * 2)
+    newsize = *allocated_p * 2;
+  if (newsize <= *allocated_p || newsize < howmanymore)
+    return NULL;
+  newarray = trunnel_reallocarray(ptr, newsize, eltsize);
+  if (newarray == NULL)
+    return NULL;
+
+  *allocated_p = newsize;
+  return newarray;
+}
+
+#ifndef trunnel_reallocarray
+void *
+trunnel_reallocarray(void *a, size_t x, size_t y)
+{
+#ifdef TRUNNEL_DEBUG_FAILING_ALLOC
+   if (trunnel_provoke_alloc_failure) {
+     if (--trunnel_provoke_alloc_failure == 0)
+       return NULL;
+   }
+#endif
+   if (x > SIZE_MAX / y)
+     return NULL;
+   return trunnel_realloc(a, x * y);
+}
+#endif
+
+const char *
+trunnel_string_getstr(trunnel_string_t *str)
+{
+  trunnel_assert(str->allocated_ >= str->n_);
+  if (str->allocated_ == str->n_) {
+    TRUNNEL_DYNARRAY_EXPAND(char, str, 1, {});
+  }
+  str->elts_[str->n_] = 0;
+  return str->elts_;
+trunnel_alloc_failed:
+  return NULL;
+}
+
+int
+trunnel_string_setstr0(trunnel_string_t *str, const char *val, size_t len,
+                       uint8_t *errcode_ptr)
+{
+  if (len == SIZE_MAX)
+    goto trunnel_alloc_failed;
+  if (str->allocated_ <= len) {
+    TRUNNEL_DYNARRAY_EXPAND(char, str, len + 1 - str->allocated_, {});
+  }
+  memcpy(str->elts_, val, len);
+  str->n_ = len;
+  str->elts_[len] = 0;
+  return 0;
+trunnel_alloc_failed:
+  *errcode_ptr = 1;
+  return -1;
+}
+
+int
+trunnel_string_setlen(trunnel_string_t *str, size_t newlen,
+                      uint8_t *errcode_ptr)
+{
+  if (newlen == SIZE_MAX)
+    goto trunnel_alloc_failed;
+  if (str->allocated_ < newlen + 1) {
+    TRUNNEL_DYNARRAY_EXPAND(char, str, newlen + 1 - str->allocated_, {});
+  }
+  if (str->n_ < newlen) {
+    memset(& (str->elts_[str->n_]), 0, (newlen - str->n_));
+  }
+  str->n_ = newlen;
+  str->elts_[newlen] = 0;
+  return 0;
+
+ trunnel_alloc_failed:
+  *errcode_ptr = 1;
+  return -1;
+}
+
+void *
+trunnel_dynarray_setlen(size_t *allocated_p, size_t *len_p,
+                        void *ptr, size_t newlen,
+                        size_t eltsize, trunnel_free_fn_t free_fn,
+                        uint8_t *errcode_ptr)
+{
+  if (*allocated_p < newlen) {
+    void *newptr = trunnel_dynarray_expand(allocated_p, ptr,
+                                           newlen - *allocated_p, eltsize);
+    if (newptr == NULL)
+      goto trunnel_alloc_failed;
+    ptr = newptr;
+  }
+  if (free_fn && *len_p > newlen) {
+    size_t i;
+    void **elts = (void **) ptr;
+    for (i = newlen; i < *len_p; ++i) {
+      free_fn(elts[i]);
+      elts[i] = NULL;
+    }
+  }
+  if (*len_p < newlen) {
+    memset( ((char*)ptr) + (eltsize * *len_p), 0, (newlen - *len_p) * eltsize);
+  }
+  *len_p = newlen;
+  return ptr;
+ trunnel_alloc_failed:
+  *errcode_ptr = 1;
+  return NULL;
+}
+
+/*
+Copyright 2014  The Tor Project, Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+    * Neither the names of the copyright owners nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
diff --git a/src/ext/trunnel/trunnel.h b/src/ext/trunnel/trunnel.h
new file mode 100644
index 0000000000..62e87ee50c
--- /dev/null
+++ b/src/ext/trunnel/trunnel.h
@@ -0,0 +1,64 @@
+/* trunnel.h -- copied from Trunnel v1.4.4
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+/* trunnel.h -- Public declarations for trunnel, to be included
+ * in trunnel header files.
+
+ * Copyright 2014-2015, The Tor Project, Inc.
+ * See license at the end of this file for copying information.
+ */
+
+#ifndef TRUNNEL_H_INCLUDED_
+#define TRUNNEL_H_INCLUDED_
+
+#include <sys/types.h>
+
+/** Macro to declare a variable-length dynamically allocated array.  Trunnel
+ * uses these to store all variable-length arrays. */
+#define TRUNNEL_DYNARRAY_HEAD(name, elttype)       \
+  struct name {                                    \
+    size_t n_;                                     \
+    size_t allocated_;                             \
+    elttype *elts_;                                \
+  }
+
+/** Initializer for a dynamic array of a given element type. */
+#define TRUNNEL_DYNARRAY_INIT(elttype) { 0, 0, (elttype*)NULL }
+
+/** Typedef used for storing variable-length arrays of char. */
+typedef TRUNNEL_DYNARRAY_HEAD(trunnel_string_st, char) trunnel_string_t;
+
+#endif
+
+/*
+Copyright 2014  The Tor Project, Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+    * Neither the names of the copyright owners nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
diff --git a/src/include.am b/src/include.am
index d0693e25b0..c468af3649 100644
--- a/src/include.am
+++ b/src/include.am
@@ -1,7 +1,9 @@
 include src/ext/include.am
+include src/trunnel/include.am
 include src/common/include.am
 include src/or/include.am
 include src/test/include.am
 include src/tools/include.am
 include src/win32/include.am
 include src/config/include.am
+
diff --git a/src/or/Makefile.nmake b/src/or/Makefile.nmake
index 523bf3306b..2ac98cd372 100644
--- a/src/or/Makefile.nmake
+++ b/src/or/Makefile.nmake
@@ -63,6 +63,7 @@ LIBTOR_OBJECTS = \
   routerlist.obj \
   routerparse.obj \
   routerset.obj \
+  scheduler.obj \
   statefile.obj \
   status.obj \
   transports.obj
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index d4b7acf274..047a863ef5 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -1,9 +1,18 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file addressmap.c
+ *
+ * \brief The addressmap module manages the processes by which we rewrite
+ * addresses in client requess.  It handles the MapAddress controller and
+ * torrc commands, and the TrackHostExits feature, and the client-side DNS
+ * cache (deprecated).
+ */
+
 #define ADDRESSMAP_PRIVATE
 
 #include "or.h"
@@ -94,7 +103,7 @@ addressmap_ent_free(void *_ent)
   tor_free(ent);
 }
 
-/** Free storage held by a virtaddress_entry_t* entry in <b>ent</b>. */
+/** Free storage held by a virtaddress_entry_t* entry in <b>_ent</b>. */
 static void
 addressmap_virtaddress_ent_free(void *_ent)
 {
@@ -104,11 +113,13 @@ addressmap_virtaddress_ent_free(void *_ent)
 
   ent = _ent;
   tor_free(ent->ipv4_address);
+  tor_free(ent->ipv6_address);
   tor_free(ent->hostname_address);
   tor_free(ent);
 }
 
-/** Free storage held by a virtaddress_entry_t* entry in <b>ent</b>. */
+/** Remove <b>address</b> (which must map to <b>ent</b>) from the
+ * virtual address map. */
 static void
 addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent)
 {
@@ -120,9 +131,11 @@ addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent)
     if (ve) {
       if (!strcmp(address, ve->ipv4_address))
         tor_free(ve->ipv4_address);
+      if (!strcmp(address, ve->ipv6_address))
+        tor_free(ve->ipv6_address);
       if (!strcmp(address, ve->hostname_address))
         tor_free(ve->hostname_address);
-      if (!ve->ipv4_address && !ve->hostname_address) {
+      if (!ve->ipv4_address && !ve->ipv6_address && !ve->hostname_address) {
         tor_free(ve);
         strmap_remove(virtaddress_reversemap, ent->new_address);
       }
@@ -131,7 +144,7 @@ addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent)
 }
 
 /** Remove <b>ent</b> (which must be mapped to by <b>address</b>) from the
- * client address maps. */
+ * client address maps, and then free it. */
 static void
 addressmap_ent_remove(const char *address, addressmap_entry_t *ent)
 {
@@ -226,6 +239,8 @@ addressmap_address_should_automap(const char *address,
     return 0;
 
   SMARTLIST_FOREACH_BEGIN(suffix_list, const char *, suffix) {
+    if (!strcmp(suffix, "."))
+      return 1;
     if (!strcasecmpend(address, suffix))
       return 1;
   } SMARTLIST_FOREACH_END(suffix);
@@ -384,13 +399,35 @@ addressmap_rewrite(char *address, size_t maxlen,
       goto done;
     }
 
-    if (ent && ent->source == ADDRMAPSRC_DNS) {
-      sa_family_t f;
-      tor_addr_t tmp;
-      f = tor_addr_parse(&tmp, ent->new_address);
-      if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
-        goto done;
-      else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
+    switch (ent->source) {
+      case ADDRMAPSRC_DNS:
+        {
+          sa_family_t f;
+          tor_addr_t tmp;
+          f = tor_addr_parse(&tmp, ent->new_address);
+          if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
+            goto done;
+          else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
+            goto done;
+        }
+        break;
+      case ADDRMAPSRC_CONTROLLER:
+      case ADDRMAPSRC_TORRC:
+        if (!(flags & AMR_FLAG_USE_MAPADDRESS))
+          goto done;
+        break;
+      case ADDRMAPSRC_AUTOMAP:
+        if (!(flags & AMR_FLAG_USE_AUTOMAP))
+          goto done;
+        break;
+      case ADDRMAPSRC_TRACKEXIT:
+        if (!(flags & AMR_FLAG_USE_TRACKEXIT))
+          goto done;
+        break;
+      case ADDRMAPSRC_NONE:
+      default:
+        log_warn(LD_BUG, "Unknown addrmap source value %d. Ignoring it.",
+                 (int) ent->source);
         goto done;
     }
 
@@ -425,7 +462,7 @@ addressmap_rewrite(char *address, size_t maxlen,
   if (exit_source_out)
     *exit_source_out = exit_source;
   if (expires_out)
-    *expires_out = TIME_MAX;
+    *expires_out = expires;
   return (rewrites > 0);
 }
 
@@ -449,6 +486,8 @@ addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
       return 0;
     else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
       return 0;
+    /* FFFF we should reverse-map virtual addresses even if we haven't
+     * enabled DNS cacheing. */
   }
 
   tor_asprintf(&s, "REVERSE[%s]", address);
@@ -496,7 +535,7 @@ addressmap_have_mapping(const char *address, int update_expiry)
  * equal to <b>address</b>, or any address ending with a period followed by
  * <b>address</b>.  If <b>wildcard_addr</b> and <b>wildcard_new_addr</b> are
  * both true, the mapping will rewrite addresses that end with
- * ".<b>address</b>" into ones that end with ".<b>new_address</b>."
+ * ".<b>address</b>" into ones that end with ".<b>new_address</b>".
  *
  * If <b>new_address</b> is NULL, or <b>new_address</b> is equal to
  * <b>address</b> and <b>wildcard_addr</b> is equal to
@@ -535,9 +574,9 @@ addressmap_register(const char *address, char *new_address, time_t expires,
     if (expires > 1) {
       log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, "
                "since it's already mapped to '%s'",
-      safe_str_client(address),
-      safe_str_client(new_address),
-      safe_str_client(ent->new_address));
+               safe_str_client(address),
+               safe_str_client(new_address),
+               safe_str_client(ent->new_address));
       tor_free(new_address);
       return;
     }
@@ -670,10 +709,10 @@ client_dns_set_addressmap(entry_connection_t *for_conn,
     return; /* If address was an IP address already, don't add a mapping. */
 
   if (tor_addr_family(val) == AF_INET) {
-    if (! for_conn->cache_ipv4_answers)
+    if (! for_conn->entry_cfg.cache_ipv4_answers)
       return;
   } else if (tor_addr_family(val) == AF_INET6) {
-    if (! for_conn->cache_ipv6_answers)
+    if (! for_conn->entry_cfg.cache_ipv6_answers)
       return;
   }
 
@@ -702,8 +741,8 @@ client_dns_set_reverse_addressmap(entry_connection_t *for_conn,
   {
     tor_addr_t tmp_addr;
     sa_family_t f = tor_addr_parse(&tmp_addr, address);
-    if ((f == AF_INET && ! for_conn->cache_ipv4_answers) ||
-        (f == AF_INET6 && ! for_conn->cache_ipv6_answers))
+    if ((f == AF_INET && ! for_conn->entry_cfg.cache_ipv4_answers) ||
+        (f == AF_INET6 && ! for_conn->entry_cfg.cache_ipv6_answers))
       return;
   }
   tor_asprintf(&s, "REVERSE[%s]", address);
@@ -845,8 +884,8 @@ get_random_virtual_addr(const virtual_addr_conf_t *conf, tor_addr_t *addr_out)
 }
 
 /** Return a newly allocated string holding an address of <b>type</b>
- * (one of RESOLVED_TYPE_{IPV4|HOSTNAME}) that has not yet been mapped,
- * and that is very unlikely to be the address of any real host.
+ * (one of RESOLVED_TYPE_{IPV4|IPV6|HOSTNAME}) that has not yet been
+ * mapped, and that is very unlikely to be the address of any real host.
  *
  * May return NULL if we have run out of virtual addresses.
  */
@@ -894,7 +933,7 @@ addressmap_get_virtual_address(int type)
         /* XXXX This code is to make sure I didn't add an undecorated version
          * by mistake. I hope it's needless. */
         char tmp[TOR_ADDR_BUF_LEN];
-        tor_addr_to_str(buf, &addr, sizeof(tmp), 0);
+        tor_addr_to_str(tmp, &addr, sizeof(tmp), 0);
         if (strmap_get(addressmap, tmp)) {
           log_warn(LD_BUG, "%s wasn't in the addressmap, but %s was.",
                    buf, tmp);
@@ -975,6 +1014,8 @@ addressmap_register_virtual_address(int type, char *new_address)
     strmap_set(virtaddress_reversemap, new_address, vent);
   addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_AUTOMAP, 0, 0);
 
+  /* FFFF register corresponding reverse mapping. */
+
 #if 0
   {
     /* Try to catch possible bugs */
diff --git a/src/or/addressmap.h b/src/or/addressmap.h
index 417832b31f..67648d0518 100644
--- a/src/or/addressmap.h
+++ b/src/or/addressmap.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_ADDRESSMAP_H
@@ -16,8 +16,11 @@ void addressmap_clean(time_t now);
 void addressmap_clear_configured(void);
 void addressmap_clear_transient(void);
 void addressmap_free_all(void);
-#define AMR_FLAG_USE_IPV4_DNS (1u<<0)
-#define AMR_FLAG_USE_IPV6_DNS (1u<<1)
+#define AMR_FLAG_USE_IPV4_DNS   (1u<<0)
+#define AMR_FLAG_USE_IPV6_DNS   (1u<<1)
+#define AMR_FLAG_USE_MAPADDRESS (1u<<2)
+#define AMR_FLAG_USE_AUTOMAP    (1u<<3)
+#define AMR_FLAG_USE_TRACKEXIT  (1u<<4)
 int addressmap_rewrite(char *address, size_t maxlen, unsigned flags,
                        time_t *expires_out,
                        addressmap_entry_source_t *exit_source_out);
diff --git a/src/or/buffers.c b/src/or/buffers.c
index a60c7c0f02..a41af5f429 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1,14 +1,15 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file buffers.c
  * \brief Implements a generic interface buffer.  Buffers are
  * fairly opaque string holders that can read to or flush from:
- * memory, file descriptors, or TLS connections.
+ * memory, file descriptors, or TLS connections.  Buffers are implemented
+ * as linked lists of memory chunks.
  **/
 #define BUFFERS_PRIVATE
 #include "or.h"
@@ -20,8 +21,8 @@
 #include "control.h"
 #include "reasons.h"
 #include "ext_orport.h"
-#include "../common/util.h"
-#include "../common/torlog.h"
+#include "util.h"
+#include "torlog.h"
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -55,6 +56,9 @@
  * forever.
  */
 
+static void socks_request_set_socks5_error(socks_request_t *req,
+                              socks5_reply_status_t reason);
+
 static int parse_socks(const char *data, size_t datalen, socks_request_t *req,
                        int log_sockstype, int safe_socks, ssize_t *drain_out,
                        size_t *want_length_out);
@@ -96,7 +100,7 @@ static int parse_socks_client(const uint8_t *data, size_t datalen,
 
 /** Return the next character in <b>chunk</b> onto which data can be appended.
  * If the chunk is full, this might be off the end of chunk->mem. */
-static INLINE char *
+static inline char *
 CHUNK_WRITE_PTR(chunk_t *chunk)
 {
   return chunk->data + chunk->datalen;
@@ -104,7 +108,7 @@ CHUNK_WRITE_PTR(chunk_t *chunk)
 
 /** Return the number of bytes that can be written onto <b>chunk</b> without
  * running out of space. */
-static INLINE size_t
+static inline size_t
 CHUNK_REMAINING_CAPACITY(const chunk_t *chunk)
 {
   return (chunk->mem + chunk->memlen) - (chunk->data + chunk->datalen);
@@ -112,7 +116,7 @@ CHUNK_REMAINING_CAPACITY(const chunk_t *chunk)
 
 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
  * to free up space at the end. */
-static INLINE void
+static inline void
 chunk_repack(chunk_t *chunk)
 {
   if (chunk->datalen && chunk->data != &chunk->mem[0]) {
@@ -123,115 +127,6 @@ chunk_repack(chunk_t *chunk)
 
 /** Keep track of total size of allocated chunks for consistency asserts */
 static size_t total_bytes_allocated_in_chunks = 0;
-
-#if defined(ENABLE_BUF_FREELISTS) || defined(RUNNING_DOXYGEN)
-/** A freelist of chunks. */
-typedef struct chunk_freelist_t {
-  size_t alloc_size; /**< What size chunks does this freelist hold? */
-  int max_length; /**< Never allow more than this number of chunks in the
-                   * freelist. */
-  int slack; /**< When trimming the freelist, leave this number of extra
-              * chunks beyond lowest_length.*/
-  int cur_length; /**< How many chunks on the freelist now? */
-  int lowest_length; /**< What's the smallest value of cur_length since the
-                      * last time we cleaned this freelist? */
-  uint64_t n_alloc;
-  uint64_t n_free;
-  uint64_t n_hit;
-  chunk_t *head; /**< First chunk on the freelist. */
-} chunk_freelist_t;
-
-/** Macro to help define freelists. */
-#define FL(a,m,s) { a, m, s, 0, 0, 0, 0, 0, NULL }
-
-/** Static array of freelists, sorted by alloc_len, terminated by an entry
- * with alloc_size of 0. */
-static chunk_freelist_t freelists[] = {
-  FL(4096, 256, 8), FL(8192, 128, 4), FL(16384, 64, 4), FL(32768, 32, 2),
-  FL(0, 0, 0)
-};
-#undef FL
-/** How many times have we looked for a chunk of a size that no freelist
- * could help with? */
-static uint64_t n_freelist_miss = 0;
-
-static void assert_freelist_ok(chunk_freelist_t *fl);
-
-/** Return the freelist to hold chunks of size <b>alloc</b>, or NULL if
- * no freelist exists for that size. */
-static INLINE chunk_freelist_t *
-get_freelist(size_t alloc)
-{
-  int i;
-  for (i=0; (freelists[i].alloc_size <= alloc &&
-             freelists[i].alloc_size); ++i ) {
-    if (freelists[i].alloc_size == alloc) {
-      return &freelists[i];
-    }
-  }
-  return NULL;
-}
-
-/** Deallocate a chunk or put it on a freelist */
-static void
-chunk_free_unchecked(chunk_t *chunk)
-{
-  size_t alloc;
-  chunk_freelist_t *freelist;
-
-  alloc = CHUNK_ALLOC_SIZE(chunk->memlen);
-  freelist = get_freelist(alloc);
-  if (freelist && freelist->cur_length < freelist->max_length) {
-    chunk->next = freelist->head;
-    freelist->head = chunk;
-    ++freelist->cur_length;
-  } else {
-    if (freelist)
-      ++freelist->n_free;
-#ifdef DEBUG_CHUNK_ALLOC
-    tor_assert(alloc  == chunk->DBG_alloc);
-#endif
-    tor_assert(total_bytes_allocated_in_chunks >= alloc);
-    total_bytes_allocated_in_chunks -= alloc;
-    tor_free(chunk);
-  }
-}
-
-/** Allocate a new chunk with a given allocation size, or get one from the
- * freelist.  Note that a chunk with allocation size A can actually hold only
- * CHUNK_SIZE_WITH_ALLOC(A) bytes in its mem field. */
-static INLINE chunk_t *
-chunk_new_with_alloc_size(size_t alloc)
-{
-  chunk_t *ch;
-  chunk_freelist_t *freelist;
-  tor_assert(alloc >= sizeof(chunk_t));
-  freelist = get_freelist(alloc);
-  if (freelist && freelist->head) {
-    ch = freelist->head;
-    freelist->head = ch->next;
-    if (--freelist->cur_length < freelist->lowest_length)
-      freelist->lowest_length = freelist->cur_length;
-    ++freelist->n_hit;
-  } else {
-    if (freelist)
-      ++freelist->n_alloc;
-    else
-      ++n_freelist_miss;
-    ch = tor_malloc(alloc);
-#ifdef DEBUG_CHUNK_ALLOC
-    ch->DBG_alloc = alloc;
-#endif
-    total_bytes_allocated_in_chunks += alloc;
-  }
-  ch->next = NULL;
-  ch->datalen = 0;
-  ch->memlen = CHUNK_SIZE_WITH_ALLOC(alloc);
-  ch->data = &ch->mem[0];
-  CHUNK_SET_SENTINEL(ch, alloc);
-  return ch;
-}
-#else
 static void
 chunk_free_unchecked(chunk_t *chunk)
 {
@@ -245,7 +140,7 @@ chunk_free_unchecked(chunk_t *chunk)
   total_bytes_allocated_in_chunks -= CHUNK_ALLOC_SIZE(chunk->memlen);
   tor_free(chunk);
 }
-static INLINE chunk_t *
+static inline chunk_t *
 chunk_new_with_alloc_size(size_t alloc)
 {
   chunk_t *ch;
@@ -261,11 +156,10 @@ chunk_new_with_alloc_size(size_t alloc)
   CHUNK_SET_SENTINEL(ch, alloc);
   return ch;
 }
-#endif
 
 /** Expand <b>chunk</b> until it can hold <b>sz</b> bytes, and return a
  * new pointer to <b>chunk</b>.  Old pointers are no longer valid. */
-static INLINE chunk_t *
+static inline chunk_t *
 chunk_grow(chunk_t *chunk, size_t sz)
 {
   off_t offset;
@@ -296,7 +190,7 @@ chunk_grow(chunk_t *chunk, size_t sz)
 
 /** Return the allocation size we'd like to use to hold <b>target</b>
  * bytes. */
-static INLINE size_t
+static inline size_t
 preferred_chunk_size(size_t target)
 {
   size_t sz = MIN_CHUNK_ALLOC;
@@ -306,125 +200,13 @@ preferred_chunk_size(size_t target)
   return sz;
 }
 
-/** Remove from the freelists most chunks that have not been used since the
- * last call to buf_shrink_freelists().   Return the amount of memory
- * freed. */
-size_t
-buf_shrink_freelists(int free_all)
-{
-#ifdef ENABLE_BUF_FREELISTS
-  int i;
-  size_t total_freed = 0;
-  disable_control_logging();
-  for (i = 0; freelists[i].alloc_size; ++i) {
-    int slack = freelists[i].slack;
-    assert_freelist_ok(&freelists[i]);
-    if (free_all || freelists[i].lowest_length > slack) {
-      int n_to_free = free_all ? freelists[i].cur_length :
-        (freelists[i].lowest_length - slack);
-      int n_to_skip = freelists[i].cur_length - n_to_free;
-      int orig_length = freelists[i].cur_length;
-      int orig_n_to_free = n_to_free, n_freed=0;
-      int orig_n_to_skip = n_to_skip;
-      int new_length = n_to_skip;
-      chunk_t **chp = &freelists[i].head;
-      chunk_t *chunk;
-      while (n_to_skip) {
-        if (!(*chp) || ! (*chp)->next) {
-          log_warn(LD_BUG, "I wanted to skip %d chunks in the freelist for "
-                   "%d-byte chunks, but only found %d. (Length %d)",
-                   orig_n_to_skip, (int)freelists[i].alloc_size,
-                   orig_n_to_skip-n_to_skip, freelists[i].cur_length);
-          assert_freelist_ok(&freelists[i]);
-          goto done;
-        }
-        // tor_assert((*chp)->next);
-        chp = &(*chp)->next;
-        --n_to_skip;
-      }
-      chunk = *chp;
-      *chp = NULL;
-      while (chunk) {
-        chunk_t *next = chunk->next;
-#ifdef DEBUG_CHUNK_ALLOC
-        tor_assert(chunk->DBG_alloc == CHUNK_ALLOC_SIZE(chunk->memlen));
-#endif
-        tor_assert(total_bytes_allocated_in_chunks >=
-                   CHUNK_ALLOC_SIZE(chunk->memlen));
-        total_bytes_allocated_in_chunks -= CHUNK_ALLOC_SIZE(chunk->memlen);
-        total_freed += CHUNK_ALLOC_SIZE(chunk->memlen);
-        tor_free(chunk);
-        chunk = next;
-        --n_to_free;
-        ++n_freed;
-        ++freelists[i].n_free;
-      }
-      if (n_to_free) {
-        log_warn(LD_BUG, "Freelist length for %d-byte chunks may have been "
-                 "messed up somehow.", (int)freelists[i].alloc_size);
-        log_warn(LD_BUG, "There were %d chunks at the start.  I decided to "
-                 "keep %d. I wanted to free %d.  I freed %d.  I somehow think "
-                 "I have %d left to free.",
-                 freelists[i].cur_length, n_to_skip, orig_n_to_free,
-                 n_freed, n_to_free);
-      }
-      // tor_assert(!n_to_free);
-      freelists[i].cur_length = new_length;
-      tor_assert(orig_n_to_skip == new_length);
-      log_info(LD_MM, "Cleaned freelist for %d-byte chunks: original "
-               "length %d, kept %d, dropped %d. New length is %d",
-               (int)freelists[i].alloc_size, orig_length,
-               orig_n_to_skip, orig_n_to_free, new_length);
-    }
-    freelists[i].lowest_length = freelists[i].cur_length;
-    assert_freelist_ok(&freelists[i]);
-  }
- done:
-  enable_control_logging();
-  return total_freed;
-#else
-  (void) free_all;
-  return 0;
-#endif
-}
-
-/** Describe the current status of the freelists at log level <b>severity</b>.
- */
-void
-buf_dump_freelist_sizes(int severity)
-{
-#ifdef ENABLE_BUF_FREELISTS
-  int i;
-  tor_log(severity, LD_MM, "====== Buffer freelists:");
-  for (i = 0; freelists[i].alloc_size; ++i) {
-    uint64_t total = ((uint64_t)freelists[i].cur_length) *
-      freelists[i].alloc_size;
-    tor_log(severity, LD_MM,
-        U64_FORMAT" bytes in %d %d-byte chunks ["U64_FORMAT
-        " misses; "U64_FORMAT" frees; "U64_FORMAT" hits]",
-        U64_PRINTF_ARG(total),
-        freelists[i].cur_length, (int)freelists[i].alloc_size,
-        U64_PRINTF_ARG(freelists[i].n_alloc),
-        U64_PRINTF_ARG(freelists[i].n_free),
-        U64_PRINTF_ARG(freelists[i].n_hit));
-  }
-  tor_log(severity, LD_MM, U64_FORMAT" allocations in non-freelist sizes",
-      U64_PRINTF_ARG(n_freelist_miss));
-#else
-  (void)severity;
-#endif
-}
-
 /** Collapse data from the first N chunks from <b>buf</b> into buf->head,
  * growing it as necessary, until buf->head has the first <b>bytes</b> bytes
  * of data from the buffer, or until buf->head has all the data in <b>buf</b>.
- *
- * If <b>nulterminate</b> is true, ensure that there is a 0 byte in
- * buf->head->mem right after all the data. */
+ */
 STATIC void
-buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
+buf_pullup(buf_t *buf, size_t bytes)
 {
-  /* XXXX nothing uses nulterminate; remove it. */
   chunk_t *dest, *src;
   size_t capacity;
   if (!buf->head)
@@ -434,17 +216,9 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
   if (buf->datalen < bytes)
     bytes = buf->datalen;
 
-  if (nulterminate) {
-    capacity = bytes + 1;
-    if (buf->head->datalen >= bytes && CHUNK_REMAINING_CAPACITY(buf->head)) {
-      *CHUNK_WRITE_PTR(buf->head) = '\0';
-      return;
-    }
-  } else {
-    capacity = bytes;
-    if (buf->head->datalen >= bytes)
-      return;
-  }
+  capacity = bytes;
+  if (buf->head->datalen >= bytes)
+    return;
 
   if (buf->head->memlen >= capacity) {
     /* We don't need to grow the first chunk, but we might need to repack it.*/
@@ -488,11 +262,6 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
     }
   }
 
-  if (nulterminate) {
-    tor_assert(CHUNK_REMAINING_CAPACITY(buf->head));
-    *CHUNK_WRITE_PTR(buf->head) = '\0';
-  }
-
   check();
 }
 
@@ -510,17 +279,8 @@ buf_get_first_chunk_data(const buf_t *buf, const char **cp, size_t *sz)
 }
 #endif
 
-/** Resize buf so it won't hold extra memory that we haven't been
- * using lately.
- */
-void
-buf_shrink(buf_t *buf)
-{
-  (void)buf;
-}
-
 /** Remove the first <b>n</b> bytes from buf. */
-static INLINE void
+static inline void
 buf_remove_from_front(buf_t *buf, size_t n)
 {
   tor_assert(buf->datalen >= n);
@@ -584,8 +344,8 @@ buf_clear(buf_t *buf)
 }
 
 /** Return the number of bytes stored in <b>buf</b> */
-size_t
-buf_datalen(const buf_t *buf)
+MOCK_IMPL(size_t,
+buf_datalen, (const buf_t *buf))
 {
   return buf->datalen;
 }
@@ -717,7 +477,7 @@ buf_get_total_allocation(void)
  * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
  * *<b>reached_eof</b> to 1.  Return -1 on error, 0 on eof or blocking,
  * and the number of bytes read otherwise. */
-static INLINE int
+static inline int
 read_to_chunk(buf_t *buf, chunk_t *chunk, tor_socket_t fd, size_t at_most,
               int *reached_eof, int *socket_error)
 {
@@ -753,7 +513,7 @@ read_to_chunk(buf_t *buf, chunk_t *chunk, tor_socket_t fd, size_t at_most,
 
 /** As read_to_chunk(), but return (negative) error code on error, blocking,
  * or TLS, and the number of bytes read otherwise. */
-static INLINE int
+static inline int
 read_to_chunk_tls(buf_t *buf, chunk_t *chunk, tor_tls_t *tls,
                   size_t at_most)
 {
@@ -864,7 +624,7 @@ read_to_buf_tls(tor_tls_t *tls, size_t at_most, buf_t *buf)
     if (r < 0)
       return r; /* Error */
     tor_assert(total_read+r < INT_MAX);
-     total_read += r;
+    total_read += r;
     if ((size_t)r < readlen) /* eof, block, or no more to read. */
       break;
   }
@@ -876,7 +636,7 @@ read_to_buf_tls(tor_tls_t *tls, size_t at_most, buf_t *buf)
  * the bytes written from *<b>buf_flushlen</b>.  Return the number of bytes
  * written on success, 0 on blocking, -1 on failure.
  */
-static INLINE int
+static inline int
 flush_chunk(tor_socket_t s, buf_t *buf, chunk_t *chunk, size_t sz,
             size_t *buf_flushlen)
 {
@@ -911,7 +671,7 @@ flush_chunk(tor_socket_t s, buf_t *buf, chunk_t *chunk, size_t sz,
  * bytes written from *<b>buf_flushlen</b>.  Return the number of bytes
  * written on success, and a TOR_TLS error code on failure or blocking.
  */
-static INLINE int
+static inline int
 flush_chunk_tls(tor_tls_t *tls, buf_t *buf, chunk_t *chunk,
                 size_t sz, size_t *buf_flushlen)
 {
@@ -1062,7 +822,7 @@ write_to_buf(const char *string, size_t string_len, buf_t *buf)
 /** Helper: copy the first <b>string_len</b> bytes from <b>buf</b>
  * onto <b>string</b>.
  */
-static INLINE void
+static inline void
 peek_from_buf(char *string, size_t string_len, const buf_t *buf)
 {
   chunk_t *chunk;
@@ -1107,7 +867,7 @@ fetch_from_buf(char *string, size_t string_len, buf_t *buf)
 
 /** True iff the cell command <b>command</b> is one that implies a
  * variable-length cell in Tor link protocol <b>linkproto</b>. */
-static INLINE int
+static inline int
 cell_command_is_var_length(uint8_t command, int linkproto)
 {
   /* If linkproto is v2 (2), CELL_VERSIONS is the only variable-length cells
@@ -1348,7 +1108,7 @@ buf_find_pos_of_char(char ch, buf_pos_t *out)
 
 /** Advance <b>pos</b> by a single character, if there are any more characters
  * in the buffer.  Returns 0 on success, -1 on failure. */
-static INLINE int
+static inline int
 buf_pos_inc(buf_pos_t *pos)
 {
   ++pos->pos;
@@ -1452,7 +1212,7 @@ fetch_from_buf_http(buf_t *buf,
   /* Okay, we have a full header.  Make sure it all appears in the first
    * chunk. */
   if ((int)buf->head->datalen < crlf_offset + 4)
-    buf_pullup(buf, crlf_offset+4, 0);
+    buf_pullup(buf, crlf_offset+4);
   headerlen = crlf_offset + 4;
 
   headers = buf->head->data;
@@ -1700,7 +1460,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
 
   do {
     n_drain = 0;
-    buf_pullup(buf, want_length, 0);
+    buf_pullup(buf, want_length);
     tor_assert(buf->head && buf->head->datalen >= 2);
     want_length = 0;
 
@@ -1856,6 +1616,21 @@ fetch_ext_or_command_from_evbuffer(struct evbuffer *buf, ext_or_cmd_t **out)
 }
 #endif
 
+/** Create a SOCKS5 reply message with <b>reason</b> in its REP field and
+ * have Tor send it as error response to <b>req</b>.
+ */
+static void
+socks_request_set_socks5_error(socks_request_t *req,
+                  socks5_reply_status_t reason)
+{
+   req->replylen = 10;
+   memset(req->reply,0,10);
+
+   req->reply[0] = 0x05;   // VER field.
+   req->reply[1] = reason; // REP field.
+   req->reply[3] = 0x01;   // ATYP field.
+}
+
 /** Implementation helper to implement fetch_from_*_socks.  Instead of looking
  * at a buffer's contents, we look at the <b>datalen</b> bytes of data in
  * <b>data</b>. Instead of removing data from the buffer, we set
@@ -1919,7 +1694,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
       }
       *drain_out = 2u + usernamelen + 1u + passlen;
       req->got_auth = 1;
-      *want_length_out = 7; /* Minimal socks5 sommand. */
+      *want_length_out = 7; /* Minimal socks5 command. */
       return 0;
     } else if (req->auth_type == SOCKS_USER_PASS) {
       /* unknown version byte */
@@ -1991,6 +1766,8 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
           req->command != SOCKS_COMMAND_RESOLVE &&
           req->command != SOCKS_COMMAND_RESOLVE_PTR) {
         /* not a connect or resolve or a resolve_ptr? we don't support it. */
+        socks_request_set_socks5_error(req,SOCKS5_COMMAND_NOT_SUPPORTED);
+
         log_warn(LD_APP,"socks5: command %d not recognized. Rejecting.",
                  req->command);
         return -1;
@@ -2014,6 +1791,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
           tor_addr_to_str(tmpbuf, &destaddr, sizeof(tmpbuf), 1);
 
           if (strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN) {
+            socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
             log_warn(LD_APP,
                      "socks5 IP takes %d bytes, which doesn't fit in %d. "
                      "Rejecting.",
@@ -2026,14 +1804,18 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
           if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
               !addressmap_have_mapping(req->address,0)) {
             log_unsafe_socks_warning(5, req->address, req->port, safe_socks);
-            if (safe_socks)
+            if (safe_socks) {
+              socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
               return -1;
+            }
           }
           return 1;
         }
         case 3: /* fqdn */
           log_debug(LD_APP,"socks5: fqdn address type");
           if (req->command == SOCKS_COMMAND_RESOLVE_PTR) {
+            socks_request_set_socks5_error(req,
+                                           SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED);
             log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "
                      "hostname type. Rejecting.");
             return -1;
@@ -2044,6 +1826,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
             return 0; /* not yet */
           }
           if (len+1 > MAX_SOCKS_ADDR_LEN) {
+            socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
             log_warn(LD_APP,
                      "socks5 hostname is %d bytes, which doesn't fit in "
                      "%d. Rejecting.", len+1,MAX_SOCKS_ADDR_LEN);
@@ -2053,11 +1836,22 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
           req->address[len] = 0;
           req->port = ntohs(get_uint16(data+5+len));
           *drain_out = 5+len+2;
-          if (!tor_strisprint(req->address) || strchr(req->address,'\"')) {
+
+          if (string_is_valid_ipv4_address(req->address) ||
+              string_is_valid_ipv6_address(req->address)) {
+            log_unsafe_socks_warning(5,req->address,req->port,safe_socks);
+
+            if (safe_socks) {
+              socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
+              return -1;
+            }
+          } else if (!string_is_valid_hostname(req->address)) {
+            socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
+
             log_warn(LD_PROTOCOL,
                      "Your application (using socks5 to port %d) gave Tor "
                      "a malformed hostname: %s. Rejecting the connection.",
-                     req->port, escaped(req->address));
+                     req->port, escaped_safe_str_client(req->address));
             return -1;
           }
           if (log_sockstype)
@@ -2067,6 +1861,8 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
                   "necessary. This is good.", req->port);
           return 1;
         default: /* unsupported */
+          socks_request_set_socks5_error(req,
+                                         SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED);
           log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.",
                    (int) *(data+3));
           return -1;
@@ -2083,7 +1879,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
         *want_length_out = SOCKS4_NETWORK_LEN;
         return 0; /* not yet */
       }
-      // buf_pullup(buf, 1280, 0);
+      // buf_pullup(buf, 1280);
       req->command = (unsigned char) *(data+1);
       if (req->command != SOCKS_COMMAND_CONNECT &&
           req->command != SOCKS_COMMAND_RESOLVE) {
@@ -2174,7 +1970,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
         log_warn(LD_PROTOCOL,
                  "Your application (using socks4 to port %d) gave Tor "
                  "a malformed hostname: %s. Rejecting the connection.",
-                 req->port, escaped(req->address));
+                 req->port, escaped_safe_str_client(req->address));
         return -1;
       }
       if (authend != authstart) {
@@ -2251,7 +2047,7 @@ fetch_from_buf_socks_client(buf_t *buf, int state, char **reason)
   if (buf->datalen < 2)
     return 0;
 
-  buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN, 0);
+  buf_pullup(buf, MAX_SOCKS_MESSAGE_LEN);
   tor_assert(buf->head && buf->head->datalen >= 2);
 
   r = parse_socks_client((uint8_t*)buf->head->data, buf->head->datalen,
@@ -2665,23 +2461,3 @@ assert_buf_ok(buf_t *buf)
   }
 }
 
-#ifdef ENABLE_BUF_FREELISTS
-/** Log an error and exit if <b>fl</b> is corrupted.
- */
-static void
-assert_freelist_ok(chunk_freelist_t *fl)
-{
-  chunk_t *ch;
-  int n;
-  tor_assert(fl->alloc_size > 0);
-  n = 0;
-  for (ch = fl->head; ch; ch = ch->next) {
-    tor_assert(CHUNK_ALLOC_SIZE(ch->memlen) == fl->alloc_size);
-    ++n;
-  }
-  tor_assert(n == fl->cur_length);
-  tor_assert(n >= fl->lowest_length);
-  tor_assert(n <= fl->max_length);
-}
-#endif
-
diff --git a/src/or/buffers.h b/src/or/buffers.h
index c90e14750e..2b43ea14b1 100644
--- a/src/or/buffers.h
+++ b/src/or/buffers.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -20,11 +20,8 @@ size_t buf_get_default_chunk_size(const buf_t *buf);
 void buf_free(buf_t *buf);
 void buf_clear(buf_t *buf);
 buf_t *buf_copy(const buf_t *buf);
-void buf_shrink(buf_t *buf);
-size_t buf_shrink_freelists(int free_all);
-void buf_dump_freelist_sizes(int severity);
 
-size_t buf_datalen(const buf_t *buf);
+MOCK_DECL(size_t, buf_datalen, (const buf_t *buf));
 size_t buf_allocation(const buf_t *buf);
 size_t buf_slack(const buf_t *buf);
 
@@ -104,13 +101,13 @@ void assert_buf_ok(buf_t *buf);
 
 #ifdef BUFFERS_PRIVATE
 STATIC int buf_find_string_offset(const buf_t *buf, const char *s, size_t n);
-STATIC void buf_pullup(buf_t *buf, size_t bytes, int nulterminate);
+STATIC void buf_pullup(buf_t *buf, size_t bytes);
 void buf_get_first_chunk_data(const buf_t *buf, const char **cp, size_t *sz);
 
 #define DEBUG_CHUNK_ALLOC
-/** A single chunk on a buffer or in a freelist. */
+/** A single chunk on a buffer. */
 typedef struct chunk_t {
-  struct chunk_t *next; /**< The next chunk on the buffer or freelist. */
+  struct chunk_t *next; /**< The next chunk on the buffer. */
   size_t datalen; /**< The number of bytes stored in this chunk */
   size_t memlen; /**< The number of usable bytes of storage in <b>mem</b>. */
 #ifdef DEBUG_CHUNK_ALLOC
diff --git a/src/or/channel.c b/src/or/channel.c
index b2b670e4fb..5f69a0864b 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -1,9 +1,13 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file channel.c
- * \brief OR-to-OR channel abstraction layer
+ *
+ * \brief OR/OP-to-OR channel abstraction layer. A channel's job is to
+ * transfer cells from Tor instance to Tor instance.
+ * Currently, there is only one implementation of the channel abstraction: in
+ * channeltls.c.
  **/
 
 /*
@@ -13,6 +17,9 @@
 
 #define TOR_CHANNEL_INTERNAL_
 
+/* This one's for stuff only channel.c and the test suite should see */
+#define CHANNEL_PRIVATE_
+
 #include "or.h"
 #include "channel.h"
 #include "channeltls.h"
@@ -29,29 +36,7 @@
 #include "rephist.h"
 #include "router.h"
 #include "routerlist.h"
-
-/* Cell queue structure */
-
-typedef struct cell_queue_entry_s cell_queue_entry_t;
-struct cell_queue_entry_s {
-  TOR_SIMPLEQ_ENTRY(cell_queue_entry_s) next;
-  enum {
-    CELL_QUEUE_FIXED,
-    CELL_QUEUE_VAR,
-    CELL_QUEUE_PACKED
-  } type;
-  union {
-    struct {
-      cell_t *cell;
-    } fixed;
-    struct {
-      var_cell_t *var_cell;
-    } var;
-    struct {
-      packed_cell_t *packed_cell;
-    } packed;
-  } u;
-};
+#include "scheduler.h"
 
 /* Global lists of channels */
 
@@ -75,6 +60,59 @@ static smartlist_t *finished_listeners = NULL;
 
 /* Counter for ID numbers */
 static uint64_t n_channels_allocated = 0;
+/*
+ * Channel global byte/cell counters, for statistics and for scheduler high
+ * /low-water marks.
+ */
+
+/*
+ * Total number of cells ever given to any channel with the
+ * channel_write_*_cell() functions.
+ */
+
+static uint64_t n_channel_cells_queued = 0;
+
+/*
+ * Total number of cells ever passed to a channel lower layer with the
+ * write_*_cell() methods.
+ */
+
+static uint64_t n_channel_cells_passed_to_lower_layer = 0;
+
+/*
+ * Current number of cells in all channel queues; should be
+ * n_channel_cells_queued - n_channel_cells_passed_to_lower_layer.
+ */
+
+static uint64_t n_channel_cells_in_queues = 0;
+
+/*
+ * Total number of bytes for all cells ever queued to a channel and
+ * counted in n_channel_cells_queued.
+ */
+
+static uint64_t n_channel_bytes_queued = 0;
+
+/*
+ * Total number of bytes for all cells ever passed to a channel lower layer
+ * and counted in n_channel_cells_passed_to_lower_layer.
+ */
+
+static uint64_t n_channel_bytes_passed_to_lower_layer = 0;
+
+/*
+ * Current number of bytes in all channel queues; should be
+ * n_channel_bytes_queued - n_channel_bytes_passed_to_lower_layer.
+ */
+
+static uint64_t n_channel_bytes_in_queues = 0;
+
+/*
+ * Current total estimated queue size *including lower layer queues and
+ * transmit overhead*
+ */
+
+STATIC uint64_t estimated_total_queue_size = 0;
 
 /* Digest->channel map
  *
@@ -93,13 +131,13 @@ typedef struct channel_idmap_entry_s {
   TOR_LIST_HEAD(channel_list_s, channel_s) channel_list;
 } channel_idmap_entry_t;
 
-static INLINE unsigned
+static inline unsigned
 channel_idmap_hash(const channel_idmap_entry_t *ent)
 {
   return (unsigned) siphash24g(ent->digest, DIGEST_LEN);
 }
 
-static INLINE int
+static inline int
 channel_idmap_eq(const channel_idmap_entry_t *a,
                   const channel_idmap_entry_t *b)
 {
@@ -108,11 +146,10 @@ channel_idmap_eq(const channel_idmap_entry_t *a,
 
 HT_PROTOTYPE(channel_idmap, channel_idmap_entry_s, node, channel_idmap_hash,
              channel_idmap_eq);
-HT_GENERATE(channel_idmap, channel_idmap_entry_s, node, channel_idmap_hash,
-            channel_idmap_eq, 0.5, tor_malloc, tor_realloc, tor_free_);
+HT_GENERATE2(channel_idmap, channel_idmap_entry_s, node, channel_idmap_hash,
+             channel_idmap_eq, 0.5,  tor_reallocarray_, tor_free_);
 
 static cell_queue_entry_t * cell_queue_entry_dup(cell_queue_entry_t *q);
-static void cell_queue_entry_free(cell_queue_entry_t *q, int handed_off);
 #if 0
 static int cell_queue_entry_is_padding(cell_queue_entry_t *q);
 #endif
@@ -123,6 +160,8 @@ cell_queue_entry_new_var(var_cell_t *var_cell);
 static int is_destroy_cell(channel_t *chan,
                            const cell_queue_entry_t *q, circid_t *circid_out);
 
+static void channel_assert_counter_consistency(void);
+
 /* Functions to maintain the digest map */
 static void channel_add_to_digest_map(channel_t *chan);
 static void channel_remove_from_digest_map(channel_t *chan);
@@ -140,6 +179,8 @@ channel_free_list(smartlist_t *channels, int mark_for_close);
 static void
 channel_listener_free_list(smartlist_t *channels, int mark_for_close);
 static void channel_listener_force_free(channel_listener_t *chan_l);
+static size_t channel_get_cell_queue_entry_size(channel_t *chan,
+                                                cell_queue_entry_t *q);
 static void
 channel_write_cell_queue_entry(channel_t *chan, cell_queue_entry_t *q);
 
@@ -378,8 +419,7 @@ channel_register(channel_t *chan)
   smartlist_add(all_channels, chan);
 
   /* Is it finished? */
-  if (chan->state == CHANNEL_STATE_CLOSED ||
-      chan->state == CHANNEL_STATE_ERROR) {
+  if (CHANNEL_FINISHED(chan)) {
     /* Put it in the finished list, creating it if necessary */
     if (!finished_channels) finished_channels = smartlist_new();
     smartlist_add(finished_channels, chan);
@@ -388,7 +428,7 @@ channel_register(channel_t *chan)
     if (!active_channels) active_channels = smartlist_new();
     smartlist_add(active_channels, chan);
 
-    if (chan->state != CHANNEL_STATE_CLOSING) {
+    if (!CHANNEL_IS_CLOSING(chan)) {
       /* It should have a digest set */
       if (!tor_digest_is_zero(chan->identity_digest)) {
         /* Yeah, we're good, add it to the map */
@@ -423,8 +463,7 @@ channel_unregister(channel_t *chan)
   if (!(chan->registered)) return;
 
   /* Is it finished? */
-  if (chan->state == CHANNEL_STATE_CLOSED ||
-      chan->state == CHANNEL_STATE_ERROR) {
+  if (CHANNEL_FINISHED(chan)) {
     /* Get it out of the finished list */
     if (finished_channels) smartlist_remove(finished_channels, chan);
   } else {
@@ -440,9 +479,7 @@ channel_unregister(channel_t *chan)
 
   /* Should it be in the digest map? */
   if (!tor_digest_is_zero(chan->identity_digest) &&
-      !(chan->state == CHANNEL_STATE_CLOSING ||
-        chan->state == CHANNEL_STATE_CLOSED ||
-        chan->state == CHANNEL_STATE_ERROR)) {
+      !(CHANNEL_CONDEMNED(chan))) {
     /* Remove it */
     channel_remove_from_digest_map(chan);
   }
@@ -542,9 +579,7 @@ channel_add_to_digest_map(channel_t *chan)
   tor_assert(chan);
 
   /* Assert that the state makes sense */
-  tor_assert(!(chan->state == CHANNEL_STATE_CLOSING ||
-               chan->state == CHANNEL_STATE_CLOSED ||
-               chan->state == CHANNEL_STATE_ERROR));
+  tor_assert(!CHANNEL_CONDEMNED(chan));
 
   /* Assert that there is a digest */
   tor_assert(!tor_digest_is_zero(chan->identity_digest));
@@ -746,6 +781,9 @@ channel_init(channel_t *chan)
 
   /* It hasn't been open yet. */
   chan->has_been_open = 0;
+
+  /* Scheduler state is idle */
+  chan->scheduler_state = SCHED_CHAN_IDLE;
 }
 
 /**
@@ -779,8 +817,8 @@ channel_free(channel_t *chan)
   if (!chan) return;
 
   /* It must be closed or errored */
-  tor_assert(chan->state == CHANNEL_STATE_CLOSED ||
-             chan->state == CHANNEL_STATE_ERROR);
+  tor_assert(CHANNEL_FINISHED(chan));
+
   /* It must be deregistered */
   tor_assert(!(chan->registered));
 
@@ -788,6 +826,9 @@ channel_free(channel_t *chan)
             "Freeing channel " U64_FORMAT " at %p",
             U64_PRINTF_ARG(chan->global_identifier), chan);
 
+  /* Get this one out of the scheduler */
+  scheduler_release_channel(chan);
+
   /*
    * Get rid of cmux policy before we do anything, so cmux policies don't
    * see channels in weird half-freed states.
@@ -863,6 +904,9 @@ channel_force_free(channel_t *chan)
             "Force-freeing channel " U64_FORMAT " at %p",
             U64_PRINTF_ARG(chan->global_identifier), chan);
 
+  /* Get this one out of the scheduler */
+  scheduler_release_channel(chan);
+
   /*
    * Get rid of cmux policy before we do anything, so cmux policies don't
    * see channels in weird half-freed states.
@@ -988,9 +1032,7 @@ channel_get_cell_handler(channel_t *chan)
 {
   tor_assert(chan);
 
-  if (chan->state == CHANNEL_STATE_OPENING ||
-      chan->state == CHANNEL_STATE_OPEN ||
-      chan->state == CHANNEL_STATE_MAINT)
+  if (CHANNEL_CAN_HANDLE_CELLS(chan))
     return chan->cell_handler;
 
   return NULL;
@@ -1008,9 +1050,7 @@ channel_get_var_cell_handler(channel_t *chan)
 {
   tor_assert(chan);
 
-  if (chan->state == CHANNEL_STATE_OPENING ||
-      chan->state == CHANNEL_STATE_OPEN ||
-      chan->state == CHANNEL_STATE_MAINT)
+  if (CHANNEL_CAN_HANDLE_CELLS(chan))
     return chan->var_cell_handler;
 
   return NULL;
@@ -1033,9 +1073,7 @@ channel_set_cell_handlers(channel_t *chan,
   int try_again = 0;
 
   tor_assert(chan);
-  tor_assert(chan->state == CHANNEL_STATE_OPENING ||
-             chan->state == CHANNEL_STATE_OPEN ||
-             chan->state == CHANNEL_STATE_MAINT);
+  tor_assert(CHANNEL_CAN_HANDLE_CELLS(chan));
 
   log_debug(LD_CHANNEL,
            "Setting cell_handler callback for channel %p to %p",
@@ -1089,9 +1127,8 @@ channel_mark_for_close(channel_t *chan)
   tor_assert(chan->close != NULL);
 
   /* If it's already in CLOSING, CLOSED or ERROR, this is a no-op */
-  if (chan->state == CHANNEL_STATE_CLOSING ||
-      chan->state == CHANNEL_STATE_CLOSED ||
-      chan->state == CHANNEL_STATE_ERROR) return;
+  if (CHANNEL_CONDEMNED(chan))
+    return;
 
   log_debug(LD_CHANNEL,
             "Closing channel %p (global ID " U64_FORMAT ") "
@@ -1170,9 +1207,8 @@ channel_close_from_lower_layer(channel_t *chan)
   tor_assert(chan != NULL);
 
   /* If it's already in CLOSING, CLOSED or ERROR, this is a no-op */
-  if (chan->state == CHANNEL_STATE_CLOSING ||
-      chan->state == CHANNEL_STATE_CLOSED ||
-      chan->state == CHANNEL_STATE_ERROR) return;
+  if (CHANNEL_CONDEMNED(chan))
+    return;
 
   log_debug(LD_CHANNEL,
             "Closing channel %p (global ID " U64_FORMAT ") "
@@ -1230,9 +1266,8 @@ channel_close_for_error(channel_t *chan)
   tor_assert(chan != NULL);
 
   /* If it's already in CLOSING, CLOSED or ERROR, this is a no-op */
-  if (chan->state == CHANNEL_STATE_CLOSING ||
-      chan->state == CHANNEL_STATE_CLOSED ||
-      chan->state == CHANNEL_STATE_ERROR) return;
+  if (CHANNEL_CONDEMNED(chan))
+    return;
 
   log_debug(LD_CHANNEL,
             "Closing channel %p due to lower-layer error",
@@ -1288,18 +1323,16 @@ void
 channel_closed(channel_t *chan)
 {
   tor_assert(chan);
-  tor_assert(chan->state == CHANNEL_STATE_CLOSING ||
-             chan->state == CHANNEL_STATE_CLOSED ||
-             chan->state == CHANNEL_STATE_ERROR);
+  tor_assert(CHANNEL_CONDEMNED(chan));
 
   /* No-op if already inactive */
-  if (chan->state == CHANNEL_STATE_CLOSED ||
-      chan->state == CHANNEL_STATE_ERROR) return;
+  if (CHANNEL_FINISHED(chan))
+    return;
 
   /* Inform any pending (not attached) circs that they should
    * give up. */
   if (! chan->has_been_open)
-    circuit_n_chan_done(chan, 0);
+    circuit_n_chan_done(chan, 0, 0);
 
   /* Now close all the attached circuits on it. */
   circuit_unlink_all_from_channel(chan, END_CIRC_REASON_CHANNEL_CLOSED);
@@ -1357,10 +1390,7 @@ channel_clear_identity_digest(channel_t *chan)
             "global ID " U64_FORMAT,
             chan, U64_PRINTF_ARG(chan->global_identifier));
 
-  state_not_in_map =
-    (chan->state == CHANNEL_STATE_CLOSING ||
-     chan->state == CHANNEL_STATE_CLOSED ||
-     chan->state == CHANNEL_STATE_ERROR);
+  state_not_in_map = CHANNEL_CONDEMNED(chan);
 
   if (!state_not_in_map && chan->registered &&
       !tor_digest_is_zero(chan->identity_digest))
@@ -1393,10 +1423,8 @@ channel_set_identity_digest(channel_t *chan,
             identity_digest ?
               hex_str(identity_digest, DIGEST_LEN) : "(null)");
 
-  state_not_in_map =
-    (chan->state == CHANNEL_STATE_CLOSING ||
-     chan->state == CHANNEL_STATE_CLOSED ||
-     chan->state == CHANNEL_STATE_ERROR);
+  state_not_in_map = CHANNEL_CONDEMNED(chan);
+
   was_in_digest_map =
     !state_not_in_map &&
     chan->registered &&
@@ -1446,10 +1474,7 @@ channel_clear_remote_end(channel_t *chan)
             "global ID " U64_FORMAT,
             chan, U64_PRINTF_ARG(chan->global_identifier));
 
-  state_not_in_map =
-    (chan->state == CHANNEL_STATE_CLOSING ||
-     chan->state == CHANNEL_STATE_CLOSED ||
-     chan->state == CHANNEL_STATE_ERROR);
+  state_not_in_map = CHANNEL_CONDEMNED(chan);
 
   if (!state_not_in_map && chan->registered &&
       !tor_digest_is_zero(chan->identity_digest))
@@ -1485,10 +1510,8 @@ channel_set_remote_end(channel_t *chan,
             identity_digest ?
               hex_str(identity_digest, DIGEST_LEN) : "(null)");
 
-  state_not_in_map =
-    (chan->state == CHANNEL_STATE_CLOSING ||
-     chan->state == CHANNEL_STATE_CLOSED ||
-     chan->state == CHANNEL_STATE_ERROR);
+  state_not_in_map = CHANNEL_CONDEMNED(chan);
+
   was_in_digest_map =
     !state_not_in_map &&
     chan->registered &&
@@ -1548,7 +1571,7 @@ cell_queue_entry_dup(cell_queue_entry_t *q)
  * them) or not (we should free).
  */
 
-static void
+STATIC void
 cell_queue_entry_free(cell_queue_entry_t *q, int handed_off)
 {
   if (!q) return;
@@ -1666,6 +1689,36 @@ cell_queue_entry_new_var(var_cell_t *var_cell)
 }
 
 /**
+ * Ask how big the cell contained in a cell_queue_entry_t is
+ */
+
+static size_t
+channel_get_cell_queue_entry_size(channel_t *chan, cell_queue_entry_t *q)
+{
+  size_t rv = 0;
+
+  tor_assert(chan);
+  tor_assert(q);
+
+  switch (q->type) {
+    case CELL_QUEUE_FIXED:
+      rv = get_cell_network_size(chan->wide_circ_ids);
+      break;
+    case CELL_QUEUE_VAR:
+      rv = get_var_cell_header_size(chan->wide_circ_ids) +
+           (q->u.var.var_cell ? q->u.var.var_cell->payload_len : 0);
+      break;
+    case CELL_QUEUE_PACKED:
+      rv = get_cell_network_size(chan->wide_circ_ids);
+      break;
+    default:
+      tor_assert(1);
+  }
+
+  return rv;
+}
+
+/**
  * Write to a channel based on a cell_queue_entry_t
  *
  * Given a cell_queue_entry_t filled out by the caller, try to send the cell
@@ -1677,14 +1730,13 @@ channel_write_cell_queue_entry(channel_t *chan, cell_queue_entry_t *q)
 {
   int result = 0, sent = 0;
   cell_queue_entry_t *tmp = NULL;
+  size_t cell_bytes;
 
   tor_assert(chan);
   tor_assert(q);
 
   /* Assert that the state makes sense for a cell write */
-  tor_assert(chan->state == CHANNEL_STATE_OPENING ||
-             chan->state == CHANNEL_STATE_OPEN ||
-             chan->state == CHANNEL_STATE_MAINT);
+  tor_assert(CHANNEL_CAN_HANDLE_CELLS(chan));
 
   {
     circid_t circ_id;
@@ -1693,9 +1745,12 @@ channel_write_cell_queue_entry(channel_t *chan, cell_queue_entry_t *q)
     }
   }
 
+  /* For statistical purposes, figure out how big this cell is */
+  cell_bytes = channel_get_cell_queue_entry_size(chan, q);
+
   /* Can we send it right out?  If so, try */
   if (TOR_SIMPLEQ_EMPTY(&chan->outgoing_queue) &&
-      chan->state == CHANNEL_STATE_OPEN) {
+      CHANNEL_IS_OPEN(chan)) {
     /* Pick the right write function for this cell type and save the result */
     switch (q->type) {
       case CELL_QUEUE_FIXED:
@@ -1726,6 +1781,13 @@ channel_write_cell_queue_entry(channel_t *chan, cell_queue_entry_t *q)
       channel_timestamp_drained(chan);
       /* Update the counter */
       ++(chan->n_cells_xmitted);
+      chan->n_bytes_xmitted += cell_bytes;
+      /* Update global counters */
+      ++n_channel_cells_queued;
+      ++n_channel_cells_passed_to_lower_layer;
+      n_channel_bytes_queued += cell_bytes;
+      n_channel_bytes_passed_to_lower_layer += cell_bytes;
+      channel_assert_counter_consistency();
     }
   }
 
@@ -1737,8 +1799,16 @@ channel_write_cell_queue_entry(channel_t *chan, cell_queue_entry_t *q)
      */
     tmp = cell_queue_entry_dup(q);
     TOR_SIMPLEQ_INSERT_TAIL(&chan->outgoing_queue, tmp, next);
+    /* Update global counters */
+    ++n_channel_cells_queued;
+    ++n_channel_cells_in_queues;
+    n_channel_bytes_queued += cell_bytes;
+    n_channel_bytes_in_queues += cell_bytes;
+    channel_assert_counter_consistency();
+    /* Update channel queue size */
+    chan->bytes_in_queue += cell_bytes;
     /* Try to process the queue? */
-    if (chan->state == CHANNEL_STATE_OPEN) channel_flush_cells(chan);
+    if (CHANNEL_IS_OPEN(chan)) channel_flush_cells(chan);
   }
 }
 
@@ -1759,7 +1829,7 @@ channel_write_cell(channel_t *chan, cell_t *cell)
   tor_assert(chan);
   tor_assert(cell);
 
-  if (chan->state == CHANNEL_STATE_CLOSING) {
+  if (CHANNEL_IS_CLOSING(chan)) {
     log_debug(LD_CHANNEL, "Discarding cell_t %p on closing channel %p with "
               "global ID "U64_FORMAT, cell, chan,
               U64_PRINTF_ARG(chan->global_identifier));
@@ -1775,6 +1845,9 @@ channel_write_cell(channel_t *chan, cell_t *cell)
   q.type = CELL_QUEUE_FIXED;
   q.u.fixed.cell = cell;
   channel_write_cell_queue_entry(chan, &q);
+
+  /* Update the queue size estimate */
+  channel_update_xmit_queue_size(chan);
 }
 
 /**
@@ -1793,7 +1866,7 @@ channel_write_packed_cell(channel_t *chan, packed_cell_t *packed_cell)
   tor_assert(chan);
   tor_assert(packed_cell);
 
-  if (chan->state == CHANNEL_STATE_CLOSING) {
+  if (CHANNEL_IS_CLOSING(chan)) {
     log_debug(LD_CHANNEL, "Discarding packed_cell_t %p on closing channel %p "
               "with global ID "U64_FORMAT, packed_cell, chan,
               U64_PRINTF_ARG(chan->global_identifier));
@@ -1810,6 +1883,9 @@ channel_write_packed_cell(channel_t *chan, packed_cell_t *packed_cell)
   q.type = CELL_QUEUE_PACKED;
   q.u.packed.packed_cell = packed_cell;
   channel_write_cell_queue_entry(chan, &q);
+
+  /* Update the queue size estimate */
+  channel_update_xmit_queue_size(chan);
 }
 
 /**
@@ -1829,7 +1905,7 @@ channel_write_var_cell(channel_t *chan, var_cell_t *var_cell)
   tor_assert(chan);
   tor_assert(var_cell);
 
-  if (chan->state == CHANNEL_STATE_CLOSING) {
+  if (CHANNEL_IS_CLOSING(chan)) {
     log_debug(LD_CHANNEL, "Discarding var_cell_t %p on closing channel %p "
               "with global ID "U64_FORMAT, var_cell, chan,
               U64_PRINTF_ARG(chan->global_identifier));
@@ -1846,6 +1922,9 @@ channel_write_var_cell(channel_t *chan, var_cell_t *var_cell)
   q.type = CELL_QUEUE_VAR;
   q.u.var.var_cell = var_cell;
   channel_write_cell_queue_entry(chan, &q);
+
+  /* Update the queue size estimate */
+  channel_update_xmit_queue_size(chan);
 }
 
 /**
@@ -1941,6 +2020,41 @@ channel_change_state(channel_t *chan, channel_state_t to_state)
     }
   }
 
+  /*
+   * If we're going to a closed/closing state, we don't need scheduling any
+   * more; in CHANNEL_STATE_MAINT we can't accept writes.
+   */
+  if (to_state == CHANNEL_STATE_CLOSING ||
+      to_state == CHANNEL_STATE_CLOSED ||
+      to_state == CHANNEL_STATE_ERROR) {
+    scheduler_release_channel(chan);
+  } else if (to_state == CHANNEL_STATE_MAINT) {
+    scheduler_channel_doesnt_want_writes(chan);
+  }
+
+  /*
+   * If we're closing, this channel no longer counts toward the global
+   * estimated queue size; if we're open, it now does.
+   */
+  if ((to_state == CHANNEL_STATE_CLOSING ||
+       to_state == CHANNEL_STATE_CLOSED ||
+       to_state == CHANNEL_STATE_ERROR) &&
+      (from_state == CHANNEL_STATE_OPEN ||
+       from_state == CHANNEL_STATE_MAINT)) {
+    estimated_total_queue_size -= chan->bytes_in_queue;
+  }
+
+  /*
+   * If we're opening, this channel now does count toward the global
+   * estimated queue size.
+   */
+  if ((to_state == CHANNEL_STATE_OPEN ||
+       to_state == CHANNEL_STATE_MAINT) &&
+      !(from_state == CHANNEL_STATE_OPEN ||
+        from_state == CHANNEL_STATE_MAINT)) {
+    estimated_total_queue_size += chan->bytes_in_queue;
+  }
+
   /* Tell circuits if we opened and stuff */
   if (to_state == CHANNEL_STATE_OPEN) {
     channel_do_open_actions(chan);
@@ -2056,12 +2170,13 @@ channel_listener_change_state(channel_listener_t *chan_l,
 
 #define MAX_CELLS_TO_GET_FROM_CIRCUITS_FOR_UNLIMITED 256
 
-ssize_t
-channel_flush_some_cells(channel_t *chan, ssize_t num_cells)
+MOCK_IMPL(ssize_t,
+channel_flush_some_cells, (channel_t *chan, ssize_t num_cells))
 {
   unsigned int unlimited = 0;
   ssize_t flushed = 0;
   int num_cells_from_circs, clamped_num_cells;
+  int q_len_before, q_len_after;
 
   tor_assert(chan);
 
@@ -2069,7 +2184,7 @@ channel_flush_some_cells(channel_t *chan, ssize_t num_cells)
   if (!unlimited && num_cells <= flushed) goto done;
 
   /* If we aren't in CHANNEL_STATE_OPEN, nothing goes through */
-  if (chan->state == CHANNEL_STATE_OPEN) {
+  if (CHANNEL_IS_OPEN(chan)) {
     /* Try to flush as much as we can that's already queued */
     flushed += channel_flush_some_cells_from_outgoing_queue(chan,
         (unlimited ? -1 : num_cells - flushed));
@@ -2087,14 +2202,45 @@ channel_flush_some_cells(channel_t *chan, ssize_t num_cells)
           clamped_num_cells = (int)(num_cells - flushed);
         }
       }
+
+      /*
+       * Keep track of the change in queue size; we have to count cells
+       * channel_flush_from_first_active_circuit() writes out directly,
+       * but not double-count ones we might get later in
+       * channel_flush_some_cells_from_outgoing_queue()
+       */
+      q_len_before = chan_cell_queue_len(&(chan->outgoing_queue));
+
       /* Try to get more cells from any active circuits */
       num_cells_from_circs = channel_flush_from_first_active_circuit(
           chan, clamped_num_cells);
 
-      /* If it claims we got some, process the queue again */
+      q_len_after = chan_cell_queue_len(&(chan->outgoing_queue));
+
+      /*
+       * If it claims we got some, adjust the flushed counter and consider
+       * processing the queue again
+       */
       if (num_cells_from_circs > 0) {
-        flushed += channel_flush_some_cells_from_outgoing_queue(chan,
-          (unlimited ? -1 : num_cells - flushed));
+        /*
+         * Adjust flushed by the number of cells counted in
+         * num_cells_from_circs that didn't go to the cell queue.
+         */
+
+        if (q_len_after > q_len_before) {
+          num_cells_from_circs -= (q_len_after - q_len_before);
+          if (num_cells_from_circs < 0) num_cells_from_circs = 0;
+        }
+
+        flushed += num_cells_from_circs;
+
+        /* Now process the queue if necessary */
+
+        if ((q_len_after > q_len_before) &&
+            (unlimited || (flushed < num_cells))) {
+          flushed += channel_flush_some_cells_from_outgoing_queue(chan,
+            (unlimited ? -1 : num_cells - flushed));
+        }
       }
     }
   }
@@ -2117,6 +2263,8 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
   unsigned int unlimited = 0;
   ssize_t flushed = 0;
   cell_queue_entry_t *q = NULL;
+  size_t cell_size;
+  int free_q = 0, handed_off = 0;
 
   tor_assert(chan);
   tor_assert(chan->write_cell);
@@ -2127,11 +2275,15 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
   if (!unlimited && num_cells <= flushed) return 0;
 
   /* If we aren't in CHANNEL_STATE_OPEN, nothing goes through */
-  if (chan->state == CHANNEL_STATE_OPEN) {
+  if (CHANNEL_IS_OPEN(chan)) {
     while ((unlimited || num_cells > flushed) &&
            NULL != (q = TOR_SIMPLEQ_FIRST(&chan->outgoing_queue))) {
+      free_q = 0;
+      handed_off = 0;
 
       if (1) {
+        /* Figure out how big it is for statistical purposes */
+        cell_size = channel_get_cell_queue_entry_size(chan, q);
         /*
          * Okay, we have a good queue entry, try to give it to the lower
          * layer.
@@ -2144,8 +2296,9 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                 ++flushed;
                 channel_timestamp_xmit(chan);
                 ++(chan->n_cells_xmitted);
-                cell_queue_entry_free(q, 1);
-                q = NULL;
+                chan->n_bytes_xmitted += cell_size;
+                free_q = 1;
+                handed_off = 1;
               }
               /* Else couldn't write it; leave it on the queue */
             } else {
@@ -2156,8 +2309,8 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                        "(global ID " U64_FORMAT ").",
                        chan, U64_PRINTF_ARG(chan->global_identifier));
               /* Throw it away */
-              cell_queue_entry_free(q, 0);
-              q = NULL;
+              free_q = 1;
+              handed_off = 0;
             }
             break;
          case CELL_QUEUE_PACKED:
@@ -2167,8 +2320,9 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                 ++flushed;
                 channel_timestamp_xmit(chan);
                 ++(chan->n_cells_xmitted);
-                cell_queue_entry_free(q, 1);
-                q = NULL;
+                chan->n_bytes_xmitted += cell_size;
+                free_q = 1;
+                handed_off = 1;
               }
               /* Else couldn't write it; leave it on the queue */
             } else {
@@ -2179,8 +2333,8 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                        "(global ID " U64_FORMAT ").",
                        chan, U64_PRINTF_ARG(chan->global_identifier));
               /* Throw it away */
-              cell_queue_entry_free(q, 0);
-              q = NULL;
+              free_q = 1;
+              handed_off = 0;
             }
             break;
          case CELL_QUEUE_VAR:
@@ -2190,8 +2344,9 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                 ++flushed;
                 channel_timestamp_xmit(chan);
                 ++(chan->n_cells_xmitted);
-                cell_queue_entry_free(q, 1);
-                q = NULL;
+                chan->n_bytes_xmitted += cell_size;
+                free_q = 1;
+                handed_off = 1;
               }
               /* Else couldn't write it; leave it on the queue */
             } else {
@@ -2202,8 +2357,8 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                        "(global ID " U64_FORMAT ").",
                        chan, U64_PRINTF_ARG(chan->global_identifier));
               /* Throw it away */
-              cell_queue_entry_free(q, 0);
-              q = NULL;
+              free_q = 1;
+              handed_off = 0;
             }
             break;
           default:
@@ -2213,12 +2368,32 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
                      "(global ID " U64_FORMAT "; ignoring it."
                      "  Someone should fix this.",
                      q->type, chan, U64_PRINTF_ARG(chan->global_identifier));
-            cell_queue_entry_free(q, 0);
-            q = NULL;
+            free_q = 1;
+            handed_off = 0;
         }
 
-        /* if q got NULLed out, we used it and should remove the queue entry */
-        if (!q) TOR_SIMPLEQ_REMOVE_HEAD(&chan->outgoing_queue, next);
+        /*
+         * if free_q is set, we used it and should remove the queue entry;
+         * we have to do the free down here so TOR_SIMPLEQ_REMOVE_HEAD isn't
+         * accessing freed memory
+         */
+        if (free_q) {
+          TOR_SIMPLEQ_REMOVE_HEAD(&chan->outgoing_queue, next);
+          /*
+           * ...and we handed a cell off to the lower layer, so we should
+           * update the counters.
+           */
+          ++n_channel_cells_passed_to_lower_layer;
+          --n_channel_cells_in_queues;
+          n_channel_bytes_passed_to_lower_layer += cell_size;
+          n_channel_bytes_in_queues -= cell_size;
+          channel_assert_counter_consistency();
+          /* Update the channel's queue size too */
+          chan->bytes_in_queue -= cell_size;
+          /* Finally, free q */
+          cell_queue_entry_free(q, handed_off);
+          q = NULL;
+        }
         /* No cell removed from list, so we can't go on any further */
         else break;
       }
@@ -2230,6 +2405,9 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan,
     channel_timestamp_drained(chan);
   }
 
+  /* Update the estimate queue size */
+  channel_update_xmit_queue_size(chan);
+
   return flushed;
 }
 
@@ -2352,8 +2530,9 @@ void
 channel_do_open_actions(channel_t *chan)
 {
   tor_addr_t remote_addr;
-  int started_here, not_using = 0;
+  int started_here;
   time_t now = time(NULL);
+  int close_origin_circuits = 0;
 
   tor_assert(chan);
 
@@ -2370,8 +2549,7 @@ channel_do_open_actions(channel_t *chan)
       log_debug(LD_OR,
                 "New entry guard was reachable, but closing this "
                 "connection so we can retry the earlier entry guards.");
-      circuit_n_chan_done(chan, 0);
-      not_using = 1;
+      close_origin_circuits = 1;
     }
     router_set_status(chan->identity_digest, 1);
   } else {
@@ -2391,7 +2569,7 @@ channel_do_open_actions(channel_t *chan)
     }
   }
 
-  if (!not_using) circuit_n_chan_done(chan, 1);
+  circuit_n_chan_done(chan, 1, close_origin_circuits);
 }
 
 /**
@@ -2462,9 +2640,8 @@ channel_process_cells(channel_t *chan)
 {
   cell_queue_entry_t *q;
   tor_assert(chan);
-  tor_assert(chan->state == CHANNEL_STATE_CLOSING ||
-             chan->state == CHANNEL_STATE_MAINT ||
-             chan->state == CHANNEL_STATE_OPEN);
+  tor_assert(CHANNEL_IS_CLOSING(chan) || CHANNEL_IS_MAINT(chan) ||
+             CHANNEL_IS_OPEN(chan));
 
   log_debug(LD_CHANNEL,
             "Processing as many incoming cells as we can for channel %p",
@@ -2479,6 +2656,11 @@ channel_process_cells(channel_t *chan)
   /*
    * Process cells until we're done or find one we have no current handler
    * for.
+   *
+   * We must free the cells here after calling the handler, since custody
+   * of the buffer was given to the channel layer when they were queued;
+   * see comments on memory management in channel_queue_cell() and in
+   * channel_queue_var_cell() below.
    */
   while (NULL != (q = TOR_SIMPLEQ_FIRST(&chan->incoming_queue))) {
     tor_assert(q);
@@ -2496,6 +2678,7 @@ channel_process_cells(channel_t *chan)
                 q->u.fixed.cell, chan,
                 U64_PRINTF_ARG(chan->global_identifier));
       chan->cell_handler(chan, q->u.fixed.cell);
+      tor_free(q->u.fixed.cell);
       tor_free(q);
     } else if (q->type == CELL_QUEUE_VAR &&
                chan->var_cell_handler) {
@@ -2508,6 +2691,7 @@ channel_process_cells(channel_t *chan)
                 q->u.var.var_cell, chan,
                 U64_PRINTF_ARG(chan->global_identifier));
       chan->var_cell_handler(chan, q->u.var.var_cell);
+      tor_free(q->u.var.var_cell);
       tor_free(q);
     } else {
       /* Can't handle this one */
@@ -2528,10 +2712,11 @@ channel_queue_cell(channel_t *chan, cell_t *cell)
 {
   int need_to_queue = 0;
   cell_queue_entry_t *q;
+  cell_t *cell_copy = NULL;
 
   tor_assert(chan);
   tor_assert(cell);
-  tor_assert(chan->state == CHANNEL_STATE_OPEN);
+  tor_assert(CHANNEL_IS_OPEN(chan));
 
   /* Do we need to queue it, or can we just call the handler right away? */
   if (!(chan->cell_handler)) need_to_queue = 1;
@@ -2541,8 +2726,9 @@ channel_queue_cell(channel_t *chan, cell_t *cell)
   /* Timestamp for receiving */
   channel_timestamp_recv(chan);
 
-  /* Update the counter */
+  /* Update the counters */
   ++(chan->n_cells_recved);
+  chan->n_bytes_recved += get_cell_network_size(chan->wide_circ_ids);
 
   /* If we don't need to queue we can just call cell_handler */
   if (!need_to_queue) {
@@ -2554,8 +2740,19 @@ channel_queue_cell(channel_t *chan, cell_t *cell)
               U64_PRINTF_ARG(chan->global_identifier));
     chan->cell_handler(chan, cell);
   } else {
-    /* Otherwise queue it and then process the queue if possible. */
-    q = cell_queue_entry_new_fixed(cell);
+    /*
+     * Otherwise queue it and then process the queue if possible.
+     *
+     * We queue a copy, not the original pointer - it might have been on the
+     * stack in connection_or_process_cells_from_inbuf() (or another caller
+     * if we ever have a subclass other than channel_tls_t), or be freed
+     * there after we return.  This is the uncommon case; the non-copying
+     * fast path occurs in the if (!need_to_queue) case above when the
+     * upper layer has installed cell handlers.
+     */
+    cell_copy = tor_malloc_zero(sizeof(cell_t));
+    memcpy(cell_copy, cell, sizeof(cell_t));
+    q = cell_queue_entry_new_fixed(cell_copy);
     log_debug(LD_CHANNEL,
               "Queueing incoming cell_t %p for channel %p "
               "(global ID " U64_FORMAT ")",
@@ -2581,10 +2778,11 @@ channel_queue_var_cell(channel_t *chan, var_cell_t *var_cell)
 {
   int need_to_queue = 0;
   cell_queue_entry_t *q;
+  var_cell_t *cell_copy = NULL;
 
   tor_assert(chan);
   tor_assert(var_cell);
-  tor_assert(chan->state == CHANNEL_STATE_OPEN);
+  tor_assert(CHANNEL_IS_OPEN(chan));
 
   /* Do we need to queue it, or can we just call the handler right away? */
   if (!(chan->var_cell_handler)) need_to_queue = 1;
@@ -2596,6 +2794,8 @@ channel_queue_var_cell(channel_t *chan, var_cell_t *var_cell)
 
   /* Update the counter */
   ++(chan->n_cells_recved);
+  chan->n_bytes_recved += get_var_cell_header_size(chan->wide_circ_ids) +
+    var_cell->payload_len;
 
   /* If we don't need to queue we can just call cell_handler */
   if (!need_to_queue) {
@@ -2607,8 +2807,18 @@ channel_queue_var_cell(channel_t *chan, var_cell_t *var_cell)
               U64_PRINTF_ARG(chan->global_identifier));
     chan->var_cell_handler(chan, var_cell);
   } else {
-    /* Otherwise queue it and then process the queue if possible. */
-    q = cell_queue_entry_new_var(var_cell);
+    /*
+     * Otherwise queue it and then process the queue if possible.
+     *
+     * We queue a copy, not the original pointer - it might have been on the
+     * stack in connection_or_process_cells_from_inbuf() (or another caller
+     * if we ever have a subclass other than channel_tls_t), or be freed
+     * there after we return.  This is the uncommon case; the non-copying
+     * fast path occurs in the if (!need_to_queue) case above when the
+     * upper layer has installed cell handlers.
+     */
+    cell_copy = var_cell_copy(var_cell);
+    q = cell_queue_entry_new_var(cell_copy);
     log_debug(LD_CHANNEL,
               "Queueing incoming var_cell_t %p for channel %p "
               "(global ID " U64_FORMAT ")",
@@ -2645,7 +2855,20 @@ packed_cell_is_destroy(channel_t *chan,
   return 0;
 }
 
-/** DOCDOC */
+/**
+ * Assert that the global channel stats counters are internally consistent
+ */
+
+static void
+channel_assert_counter_consistency(void)
+{
+  tor_assert(n_channel_cells_queued ==
+      (n_channel_cells_in_queues + n_channel_cells_passed_to_lower_layer));
+  tor_assert(n_channel_bytes_queued ==
+      (n_channel_bytes_in_queues + n_channel_bytes_passed_to_lower_layer));
+}
+
+/* DOCDOC */
 static int
 is_destroy_cell(channel_t *chan,
                 const cell_queue_entry_t *q, circid_t *circid_out)
@@ -2692,10 +2915,7 @@ channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
   }
 
   /* Check to make sure we can send on this channel first */
-  if (!(chan->state == CHANNEL_STATE_CLOSING ||
-        chan->state == CHANNEL_STATE_CLOSED ||
-        chan->state == CHANNEL_STATE_ERROR) &&
-      chan->cmux) {
+  if (!CHANNEL_CONDEMNED(chan) && chan->cmux) {
     channel_note_destroy_pending(chan, circ_id);
     circuitmux_append_destroy_cell(chan, chan->cmux, circ_id, reason);
     log_debug(LD_OR,
@@ -2727,6 +2947,19 @@ channel_dumpstats(int severity)
 {
   if (all_channels && smartlist_len(all_channels) > 0) {
     tor_log(severity, LD_GENERAL,
+        "Channels have queued " U64_FORMAT " bytes in " U64_FORMAT " cells, "
+        "and handed " U64_FORMAT " bytes in " U64_FORMAT " cells to the lower"
+        " layer.",
+        U64_PRINTF_ARG(n_channel_bytes_queued),
+        U64_PRINTF_ARG(n_channel_cells_queued),
+        U64_PRINTF_ARG(n_channel_bytes_passed_to_lower_layer),
+        U64_PRINTF_ARG(n_channel_cells_passed_to_lower_layer));
+    tor_log(severity, LD_GENERAL,
+        "There are currently " U64_FORMAT " bytes in " U64_FORMAT " cells "
+        "in channel queues.",
+        U64_PRINTF_ARG(n_channel_bytes_in_queues),
+        U64_PRINTF_ARG(n_channel_cells_in_queues));
+    tor_log(severity, LD_GENERAL,
         "Dumping statistics about %d channels:",
         smartlist_len(all_channels));
     tor_log(severity, LD_GENERAL,
@@ -2870,11 +3103,10 @@ channel_free_list(smartlist_t *channels, int mark_for_close)
     if (curr->cmux) {
       circuitmux_detach_all_circuits(curr->cmux, NULL);
     }
+    SMARTLIST_DEL_CURRENT(channels, curr);
     channel_unregister(curr);
     if (mark_for_close) {
-      if (!(curr->state == CHANNEL_STATE_CLOSING ||
-            curr->state == CHANNEL_STATE_CLOSED ||
-            curr->state == CHANNEL_STATE_ERROR)) {
+      if (!CHANNEL_CONDEMNED(curr)) {
         channel_mark_for_close(curr);
       }
       channel_force_free(curr);
@@ -3088,9 +3320,7 @@ channel_get_for_extend(const char *digest,
     tor_assert(tor_memeq(chan->identity_digest,
                          digest, DIGEST_LEN));
 
-    if (chan->state == CHANNEL_STATE_CLOSING ||
-        chan->state == CHANNEL_STATE_CLOSED ||
-        chan->state == CHANNEL_STATE_ERROR)
+   if (CHANNEL_CONDEMNED(chan))
       continue;
 
     /* Never return a channel on which the other end appears to be
@@ -3100,7 +3330,7 @@ channel_get_for_extend(const char *digest,
     }
 
     /* Never return a non-open connection. */
-    if (chan->state != CHANNEL_STATE_OPEN) {
+    if (!CHANNEL_IS_OPEN(chan)) {
       /* If the address matches, don't launch a new connection for this
        * circuit. */
       if (channel_matches_target_addr_for_extend(chan, target_addr))
@@ -3200,7 +3430,7 @@ channel_listener_describe_transport(channel_listener_t *chan_l)
 /**
  * Return the number of entries in <b>queue</b>
  */
-static int
+STATIC int
 chan_cell_queue_len(const chan_cell_queue_t *queue)
 {
   int r = 0;
@@ -3216,8 +3446,8 @@ chan_cell_queue_len(const chan_cell_queue_t *queue)
  * Dump statistics for one channel to the log
  */
 
-void
-channel_dump_statistics(channel_t *chan, int severity)
+MOCK_IMPL(void,
+channel_dump_statistics, (channel_t *chan, int severity))
 {
   double avg, interval, age;
   time_t now = time(NULL);
@@ -3369,12 +3599,22 @@ channel_dump_statistics(channel_t *chan, int severity)
   /* Describe counters and rates */
   tor_log(severity, LD_GENERAL,
       " * Channel " U64_FORMAT " has received "
-      U64_FORMAT " cells and transmitted " U64_FORMAT,
+      U64_FORMAT " bytes in " U64_FORMAT " cells and transmitted "
+      U64_FORMAT " bytes in " U64_FORMAT " cells",
       U64_PRINTF_ARG(chan->global_identifier),
+      U64_PRINTF_ARG(chan->n_bytes_recved),
       U64_PRINTF_ARG(chan->n_cells_recved),
+      U64_PRINTF_ARG(chan->n_bytes_xmitted),
       U64_PRINTF_ARG(chan->n_cells_xmitted));
   if (now > chan->timestamp_created &&
       chan->timestamp_created > 0) {
+    if (chan->n_bytes_recved > 0) {
+      avg = (double)(chan->n_bytes_recved) / age;
+      tor_log(severity, LD_GENERAL,
+          " * Channel " U64_FORMAT " has averaged %f "
+          "bytes received per second",
+          U64_PRINTF_ARG(chan->global_identifier), avg);
+    }
     if (chan->n_cells_recved > 0) {
       avg = (double)(chan->n_cells_recved) / age;
       if (avg >= 1.0) {
@@ -3390,6 +3630,13 @@ channel_dump_statistics(channel_t *chan, int severity)
             U64_PRINTF_ARG(chan->global_identifier), interval);
       }
     }
+    if (chan->n_bytes_xmitted > 0) {
+      avg = (double)(chan->n_bytes_xmitted) / age;
+      tor_log(severity, LD_GENERAL,
+          " * Channel " U64_FORMAT " has averaged %f "
+          "bytes transmitted per second",
+          U64_PRINTF_ARG(chan->global_identifier), avg);
+    }
     if (chan->n_cells_xmitted > 0) {
       avg = (double)(chan->n_cells_xmitted) / age;
       if (avg >= 1.0) {
@@ -3807,6 +4054,50 @@ channel_mark_outgoing(channel_t *chan)
   chan->is_incoming = 0;
 }
 
+/************************
+ * Flow control queries *
+ ***********************/
+
+/*
+ * Get the latest estimate for the total queue size of all open channels
+ */
+
+uint64_t
+channel_get_global_queue_estimate(void)
+{
+  return estimated_total_queue_size;
+}
+
+/*
+ * Estimate the number of writeable cells
+ *
+ * Ask the lower layer for an estimate of how many cells it can accept, and
+ * then subtract the length of our outgoing_queue, if any, to produce an
+ * estimate of the number of cells this channel can accept for writes.
+ */
+
+int
+channel_num_cells_writeable(channel_t *chan)
+{
+  int result;
+
+  tor_assert(chan);
+  tor_assert(chan->num_cells_writeable);
+
+  if (chan->state == CHANNEL_STATE_OPEN) {
+    /* Query lower layer */
+    result = chan->num_cells_writeable(chan);
+    /* Subtract cell queue length, if any */
+    result -= chan_cell_queue_len(&chan->outgoing_queue);
+    if (result < 0) result = 0;
+  } else {
+    /* No cells are writeable in any other state */
+    result = 0;
+  }
+
+  return result;
+}
+
 /*********************
  * Timestamp updates *
  ********************/
@@ -4175,10 +4466,10 @@ channel_num_circuits(channel_t *chan)
  * This is called when setting up a channel and replaces the old
  * connection_or_set_circid_type()
  */
-void
-channel_set_circid_type(channel_t *chan,
-                        crypto_pk_t *identity_rcvd,
-                        int consider_identity)
+MOCK_IMPL(void,
+channel_set_circid_type,(channel_t *chan,
+                         crypto_pk_t *identity_rcvd,
+                         int consider_identity))
 {
   int started_here;
   crypto_pk_t *our_identity;
@@ -4209,3 +4500,87 @@ channel_set_circid_type(channel_t *chan,
   }
 }
 
+/**
+ * Update the estimated number of bytes queued to transmit for this channel,
+ * and notify the scheduler.  The estimate includes both the channel queue and
+ * the queue size reported by the lower layer, and an overhead estimate
+ * optionally provided by the lower layer.
+ */
+
+void
+channel_update_xmit_queue_size(channel_t *chan)
+{
+  uint64_t queued, adj;
+  double overhead;
+
+  tor_assert(chan);
+  tor_assert(chan->num_bytes_queued);
+
+  /*
+   * First, get the number of bytes we have queued without factoring in
+   * lower-layer overhead.
+   */
+  queued = chan->num_bytes_queued(chan) + chan->bytes_in_queue;
+  /* Next, adjust by the overhead factor, if any is available */
+  if (chan->get_overhead_estimate) {
+    overhead = chan->get_overhead_estimate(chan);
+    if (overhead >= 1.0f) {
+      queued *= overhead;
+    } else {
+      /* Ignore silly overhead factors */
+      log_notice(LD_CHANNEL, "Ignoring silly overhead factor %f", overhead);
+    }
+  }
+
+  /* Now, compare to the previous estimate */
+  if (queued > chan->bytes_queued_for_xmit) {
+    adj = queued - chan->bytes_queued_for_xmit;
+    log_debug(LD_CHANNEL,
+              "Increasing queue size for channel " U64_FORMAT " by " U64_FORMAT
+              " from " U64_FORMAT " to " U64_FORMAT,
+              U64_PRINTF_ARG(chan->global_identifier),
+              U64_PRINTF_ARG(adj),
+              U64_PRINTF_ARG(chan->bytes_queued_for_xmit),
+              U64_PRINTF_ARG(queued));
+    /* Update the channel's estimate */
+    chan->bytes_queued_for_xmit = queued;
+
+    /* Update the global queue size estimate if appropriate */
+    if (chan->state == CHANNEL_STATE_OPEN ||
+        chan->state == CHANNEL_STATE_MAINT) {
+      estimated_total_queue_size += adj;
+      log_debug(LD_CHANNEL,
+                "Increasing global queue size by " U64_FORMAT " for channel "
+                U64_FORMAT ", new size is " U64_FORMAT,
+                U64_PRINTF_ARG(adj), U64_PRINTF_ARG(chan->global_identifier),
+                U64_PRINTF_ARG(estimated_total_queue_size));
+      /* Tell the scheduler we're increasing the queue size */
+      scheduler_adjust_queue_size(chan, 1, adj);
+    }
+  } else if (queued < chan->bytes_queued_for_xmit) {
+    adj = chan->bytes_queued_for_xmit - queued;
+    log_debug(LD_CHANNEL,
+              "Decreasing queue size for channel " U64_FORMAT " by " U64_FORMAT
+              " from " U64_FORMAT " to " U64_FORMAT,
+              U64_PRINTF_ARG(chan->global_identifier),
+              U64_PRINTF_ARG(adj),
+              U64_PRINTF_ARG(chan->bytes_queued_for_xmit),
+              U64_PRINTF_ARG(queued));
+    /* Update the channel's estimate */
+    chan->bytes_queued_for_xmit = queued;
+
+    /* Update the global queue size estimate if appropriate */
+    if (chan->state == CHANNEL_STATE_OPEN ||
+        chan->state == CHANNEL_STATE_MAINT) {
+      estimated_total_queue_size -= adj;
+      log_debug(LD_CHANNEL,
+                "Decreasing global queue size by " U64_FORMAT " for channel "
+                U64_FORMAT ", new size is " U64_FORMAT,
+                U64_PRINTF_ARG(adj), U64_PRINTF_ARG(chan->global_identifier),
+                U64_PRINTF_ARG(estimated_total_queue_size));
+      /* Tell the scheduler we're decreasing the queue size */
+      scheduler_adjust_queue_size(chan, -1, adj);
+    }
+  }
+}
+
diff --git a/src/or/channel.h b/src/or/channel.h
index 148199235a..129c0c2013 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -1,4 +1,4 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -57,6 +57,32 @@ struct channel_s {
     CHANNEL_CLOSE_FOR_ERROR
   } reason_for_closing;
 
+  /** State variable for use by the scheduler */
+  enum {
+    /*
+     * The channel is not open, or it has a full output buffer but no queued
+     * cells.
+     */
+    SCHED_CHAN_IDLE = 0,
+    /*
+     * The channel has space on its output buffer to write, but no queued
+     * cells.
+     */
+    SCHED_CHAN_WAITING_FOR_CELLS,
+    /*
+     * The scheduler has queued cells but no output buffer space to write.
+     */
+    SCHED_CHAN_WAITING_TO_WRITE,
+    /*
+     * The scheduler has both queued cells and output buffer space, and is
+     * eligible for the scheduler loop.
+     */
+    SCHED_CHAN_PENDING
+  } scheduler_state;
+
+  /** Heap index for use by the scheduler */
+  int sched_heap_idx;
+
   /** Timestamps for both cell channels and listeners */
   time_t timestamp_created; /* Channel created */
   time_t timestamp_active; /* Any activity */
@@ -79,6 +105,11 @@ struct channel_s {
   /* Methods implemented by the lower layer */
 
   /**
+   * Ask the lower layer for an estimate of the average overhead for
+   * transmissions on this channel.
+   */
+  double (*get_overhead_estimate)(channel_t *);
+  /*
    * Ask the underlying transport what the remote endpoint address is, in
    * a tor_addr_t.  This is optional and subclasses may leave this NULL.
    * If they implement it, they should write the address out to the
@@ -110,7 +141,11 @@ struct channel_s {
   int (*matches_extend_info)(channel_t *, extend_info_t *);
   /** Check if this channel matches a target address when extending */
   int (*matches_target)(channel_t *, const tor_addr_t *);
-  /** Write a cell to an open channel */
+  /* Ask the lower layer how many bytes it has queued but not yet sent */
+  size_t (*num_bytes_queued)(channel_t *);
+  /* Ask the lower layer how many cells can be written */
+  int (*num_cells_writeable)(channel_t *);
+  /* Write a cell to an open channel */
   int (*write_cell)(channel_t *, cell_t *);
   /** Write a packed cell to an open channel */
   int (*write_packed_cell)(channel_t *, packed_cell_t *);
@@ -147,7 +182,7 @@ struct channel_s {
    * space should we use?
    */
   circ_id_type_bitfield_t circ_id_type:2;
-  /** DOCDOC*/
+  /* DOCDOC */
   unsigned wide_circ_ids:1;
 
   /** For how many circuits are we n_chan?  What about p_chan? */
@@ -198,8 +233,16 @@ struct channel_s {
   uint64_t dirreq_id;
 
   /** Channel counters for cell channels */
-  uint64_t n_cells_recved;
-  uint64_t n_cells_xmitted;
+  uint64_t n_cells_recved, n_bytes_recved;
+  uint64_t n_cells_xmitted, n_bytes_xmitted;
+
+  /** Our current contribution to the scheduler's total xmit queue */
+  uint64_t bytes_queued_for_xmit;
+
+  /** Number of bytes in this channel's cell queue; does not include
+   * lower-layer queueing.
+   */
+  uint64_t bytes_in_queue;
 };
 
 struct channel_listener_s {
@@ -311,6 +354,36 @@ void channel_set_cmux_policy_everywhere(circuitmux_policy_t *pol);
 
 #ifdef TOR_CHANNEL_INTERNAL_
 
+#ifdef CHANNEL_PRIVATE_
+/* Cell queue structure (here rather than channel.c for test suite use) */
+
+typedef struct cell_queue_entry_s cell_queue_entry_t;
+struct cell_queue_entry_s {
+  TOR_SIMPLEQ_ENTRY(cell_queue_entry_s) next;
+  enum {
+    CELL_QUEUE_FIXED,
+    CELL_QUEUE_VAR,
+    CELL_QUEUE_PACKED
+  } type;
+  union {
+    struct {
+      cell_t *cell;
+    } fixed;
+    struct {
+      var_cell_t *var_cell;
+    } var;
+    struct {
+      packed_cell_t *packed_cell;
+    } packed;
+  } u;
+};
+
+/* Cell queue functions for benefit of test suite */
+STATIC int chan_cell_queue_len(const chan_cell_queue_t *queue);
+
+STATIC void cell_queue_entry_free(cell_queue_entry_t *q, int handed_off);
+#endif
+
 /* Channel operations for subclasses and internal use only */
 
 /* Initialize a newly allocated channel - do this first in subclass
@@ -384,7 +457,8 @@ void channel_queue_var_cell(channel_t *chan, var_cell_t *var_cell);
 void channel_flush_cells(channel_t *chan);
 
 /* Request from lower layer for more cells if available */
-ssize_t channel_flush_some_cells(channel_t *chan, ssize_t num_cells);
+MOCK_DECL(ssize_t, channel_flush_some_cells,
+          (channel_t *chan, ssize_t num_cells));
 
 /* Query if data available on this channel */
 int channel_more_to_flush(channel_t *chan);
@@ -431,11 +505,44 @@ channel_t * channel_find_by_remote_digest(const char *identity_digest);
 channel_t * channel_next_with_digest(channel_t *chan);
 
 /*
+ * Helper macros to lookup state of given channel.
+ */
+
+#define CHANNEL_IS_CLOSED(chan) (channel_is_in_state((chan), \
+                                 CHANNEL_STATE_CLOSED))
+#define CHANNEL_IS_OPENING(chan) (channel_is_in_state((chan), \
+                                  CHANNEL_STATE_OPENING))
+#define CHANNEL_IS_OPEN(chan) (channel_is_in_state((chan), \
+                               CHANNEL_STATE_OPEN))
+#define CHANNEL_IS_MAINT(chan) (channel_is_in_state((chan), \
+                                CHANNEL_STATE_MAINT))
+#define CHANNEL_IS_CLOSING(chan) (channel_is_in_state((chan), \
+                                  CHANNEL_STATE_CLOSING))
+#define CHANNEL_IS_ERROR(chan) (channel_is_in_state((chan), \
+                                CHANNEL_STATE_ERROR))
+
+#define CHANNEL_FINISHED(chan) (CHANNEL_IS_CLOSED(chan) || \
+                                CHANNEL_IS_ERROR(chan))
+
+#define CHANNEL_CONDEMNED(chan) (CHANNEL_IS_CLOSING(chan) || \
+                                 CHANNEL_FINISHED(chan))
+
+#define CHANNEL_CAN_HANDLE_CELLS(chan) (CHANNEL_IS_OPENING(chan) || \
+                                        CHANNEL_IS_OPEN(chan) || \
+                                        CHANNEL_IS_MAINT(chan))
+
+static inline int
+channel_is_in_state(channel_t *chan, channel_state_t state)
+{
+  return chan->state == state;
+}
+
+/*
  * Metadata queries/updates
  */
 
 const char * channel_describe_transport(channel_t *chan);
-void channel_dump_statistics(channel_t *chan, int severity);
+MOCK_DECL(void, channel_dump_statistics, (channel_t *chan, int severity));
 void channel_dump_transport_statistics(channel_t *chan, int severity);
 const char * channel_get_actual_remote_descr(channel_t *chan);
 const char * channel_get_actual_remote_address(channel_t *chan);
@@ -455,9 +562,11 @@ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info);
 int channel_matches_target_addr_for_extend(channel_t *chan,
                                            const tor_addr_t *target);
 unsigned int channel_num_circuits(channel_t *chan);
-void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd,
-                             int consider_identity);
+MOCK_DECL(void,channel_set_circid_type,(channel_t *chan,
+                                        crypto_pk_t *identity_rcvd,
+                                        int consider_identity));
 void channel_timestamp_client(channel_t *chan);
+void channel_update_xmit_queue_size(channel_t *chan);
 
 const char * channel_listener_describe_transport(channel_listener_t *chan_l);
 void channel_listener_dump_statistics(channel_listener_t *chan_l,
@@ -465,6 +574,10 @@ void channel_listener_dump_statistics(channel_listener_t *chan_l,
 void channel_listener_dump_transport_statistics(channel_listener_t *chan_l,
                                                 int severity);
 
+/* Flow control queries */
+uint64_t channel_get_global_queue_estimate(void);
+int channel_num_cells_writeable(channel_t *chan);
+
 /* Timestamp queries */
 time_t channel_when_created(channel_t *chan);
 time_t channel_when_last_active(channel_t *chan);
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 245e33583b..c65af5d040 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1,9 +1,11 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file channeltls.c
- * \brief channel_t concrete subclass using or_connection_t
+ *
+ * \brief A concrete subclass of channel_t using or_connection_t to transfer
+ * cells between Tor instances.
  **/
 
 /*
@@ -13,6 +15,8 @@
 
 #define TOR_CHANNEL_INTERNAL_
 
+#define CHANNELTLS_PRIVATE
+
 #include "or.h"
 #include "channel.h"
 #include "channeltls.h"
@@ -22,9 +26,12 @@
 #include "connection.h"
 #include "connection_or.h"
 #include "control.h"
+#include "link_handshake.h"
 #include "relay.h"
+#include "rephist.h"
 #include "router.h"
 #include "routerlist.h"
+#include "scheduler.h"
 
 /** How many CELL_PADDING cells have we received, ever? */
 uint64_t stats_n_padding_cells_processed = 0;
@@ -46,14 +53,12 @@ uint64_t stats_n_authorize_cells_processed = 0;
 /** Active listener, if any */
 channel_listener_t *channel_tls_listener = NULL;
 
-/* Utility function declarations */
-static void channel_tls_common_init(channel_tls_t *tlschan);
-
 /* channel_tls_t method declarations */
 
 static void channel_tls_close_method(channel_t *chan);
 static const char * channel_tls_describe_transport_method(channel_t *chan);
 static void channel_tls_free_method(channel_t *chan);
+static double channel_tls_get_overhead_estimate_method(channel_t *chan);
 static int
 channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
 static int
@@ -67,6 +72,8 @@ channel_tls_matches_extend_info_method(channel_t *chan,
                                        extend_info_t *extend_info);
 static int channel_tls_matches_target_method(channel_t *chan,
                                              const tor_addr_t *target);
+static int channel_tls_num_cells_writeable_method(channel_t *chan);
+static size_t channel_tls_num_bytes_queued_method(channel_t *chan);
 static int channel_tls_write_cell_method(channel_t *chan,
                                          cell_t *cell);
 static int channel_tls_write_packed_cell_method(channel_t *chan,
@@ -87,12 +94,6 @@ static void channel_tls_process_versions_cell(var_cell_t *cell,
                                               channel_tls_t *tlschan);
 static void channel_tls_process_netinfo_cell(cell_t *cell,
                                              channel_tls_t *tlschan);
-static void channel_tls_process_certs_cell(var_cell_t *cell,
-                                           channel_tls_t *tlschan);
-static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
-                                                    channel_tls_t *tlschan);
-static void channel_tls_process_authenticate_cell(var_cell_t *cell,
-                                                  channel_tls_t *tlschan);
 static int command_allowed_before_handshake(uint8_t command);
 static int enter_v3_handshake_with_cell(var_cell_t *cell,
                                         channel_tls_t *tlschan);
@@ -102,7 +103,7 @@ static int enter_v3_handshake_with_cell(var_cell_t *cell,
  * and channel_tls_handle_incoming().
  */
 
-static void
+STATIC void
 channel_tls_common_init(channel_tls_t *tlschan)
 {
   channel_t *chan;
@@ -116,6 +117,7 @@ channel_tls_common_init(channel_tls_t *tlschan)
   chan->close = channel_tls_close_method;
   chan->describe_transport = channel_tls_describe_transport_method;
   chan->free = channel_tls_free_method;
+  chan->get_overhead_estimate = channel_tls_get_overhead_estimate_method;
   chan->get_remote_addr = channel_tls_get_remote_addr_method;
   chan->get_remote_descr = channel_tls_get_remote_descr_method;
   chan->get_transport_name = channel_tls_get_transport_name_method;
@@ -123,6 +125,8 @@ channel_tls_common_init(channel_tls_t *tlschan)
   chan->is_canonical = channel_tls_is_canonical_method;
   chan->matches_extend_info = channel_tls_matches_extend_info_method;
   chan->matches_target = channel_tls_matches_target_method;
+  chan->num_bytes_queued = channel_tls_num_bytes_queued_method;
+  chan->num_cells_writeable = channel_tls_num_cells_writeable_method;
   chan->write_cell = channel_tls_write_cell_method;
   chan->write_packed_cell = channel_tls_write_packed_cell_method;
   chan->write_var_cell = channel_tls_write_var_cell_method;
@@ -435,6 +439,40 @@ channel_tls_free_method(channel_t *chan)
 }
 
 /**
+ * Get an estimate of the average TLS overhead for the upper layer
+ */
+
+static double
+channel_tls_get_overhead_estimate_method(channel_t *chan)
+{
+  double overhead = 1.0f;
+  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+
+  tor_assert(tlschan);
+  tor_assert(tlschan->conn);
+
+  /* Just return 1.0f if we don't have sensible data */
+  if (tlschan->conn->bytes_xmitted > 0 &&
+      tlschan->conn->bytes_xmitted_by_tls >=
+      tlschan->conn->bytes_xmitted) {
+    overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
+      ((double)(tlschan->conn->bytes_xmitted));
+
+    /*
+     * Never estimate more than 2.0; otherwise we get silly large estimates
+     * at the very start of a new TLS connection.
+     */
+    if (overhead > 2.0f) overhead = 2.0f;
+  }
+
+  log_debug(LD_CHANNEL,
+            "Estimated overhead ratio for TLS chan " U64_FORMAT " is %f",
+            U64_PRINTF_ARG(chan->global_identifier), overhead);
+
+  return overhead;
+}
+
+/**
  * Get the remote address of a channel_tls_t
  *
  * This implements the get_remote_addr method for channel_tls_t; copy the
@@ -673,6 +711,53 @@ channel_tls_matches_target_method(channel_t *chan,
 }
 
 /**
+ * Tell the upper layer how many bytes we have queued and not yet
+ * sent.
+ */
+
+static size_t
+channel_tls_num_bytes_queued_method(channel_t *chan)
+{
+  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+
+  tor_assert(tlschan);
+  tor_assert(tlschan->conn);
+
+  return connection_get_outbuf_len(TO_CONN(tlschan->conn));
+}
+
+/**
+ * Tell the upper layer how many cells we can accept to write
+ *
+ * This implements the num_cells_writeable method for channel_tls_t; it
+ * returns an estimate of the number of cells we can accept with
+ * channel_tls_write_*_cell().
+ */
+
+static int
+channel_tls_num_cells_writeable_method(channel_t *chan)
+{
+  size_t outbuf_len;
+  ssize_t n;
+  channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+  size_t cell_network_size;
+
+  tor_assert(tlschan);
+  tor_assert(tlschan->conn);
+
+  cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
+  outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
+  /* Get the number of cells */
+  n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size);
+  if (n < 0) n = 0;
+#if SIZEOF_SIZE_T > SIZEOF_INT
+  if (n > INT_MAX) n = INT_MAX;
+#endif
+
+  return (int)n;
+}
+
+/**
  * Write a cell to a channel_tls_t
  *
  * This implements the write_cell method for channel_tls_t; given a
@@ -847,18 +932,18 @@ channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
   tor_assert(conn);
   tor_assert(conn->chan == chan);
   tor_assert(chan->conn == conn);
-  /* -Werror appeasement */
-  tor_assert(old_state == old_state);
+  /* Shut the compiler up without triggering -Wtautological-compare */
+  (void)old_state;
 
   base_chan = TLS_CHAN_TO_BASE(chan);
 
-  /* Make sure the base connection state makes sense - shouldn't be error,
-   * closed or listening. */
+  /* Make sure the base connection state makes sense - shouldn't be error
+   * or closed. */
 
-  tor_assert(base_chan->state == CHANNEL_STATE_OPENING ||
-             base_chan->state == CHANNEL_STATE_OPEN ||
-             base_chan->state == CHANNEL_STATE_MAINT ||
-             base_chan->state == CHANNEL_STATE_CLOSING);
+  tor_assert(CHANNEL_IS_OPENING(base_chan) ||
+             CHANNEL_IS_OPEN(base_chan) ||
+             CHANNEL_IS_MAINT(base_chan) ||
+             CHANNEL_IS_CLOSING(base_chan));
 
   /* Did we just go to state open? */
   if (state == OR_CONN_STATE_OPEN) {
@@ -867,69 +952,21 @@ channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
      * CHANNEL_STATE_MAINT on this.
      */
     channel_change_state(base_chan, CHANNEL_STATE_OPEN);
+    /* We might have just become writeable; check and tell the scheduler */
+    if (connection_or_num_cells_writeable(conn) > 0) {
+      scheduler_channel_wants_writes(base_chan);
+    }
   } else {
     /*
      * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
      * otherwise no change.
      */
-    if (base_chan->state == CHANNEL_STATE_OPEN) {
+    if (CHANNEL_IS_OPEN(base_chan)) {
       channel_change_state(base_chan, CHANNEL_STATE_MAINT);
     }
   }
 }
 
-/**
- * Flush cells from a channel_tls_t
- *
- * Try to flush up to about num_cells cells, and return how many we flushed.
- */
-
-ssize_t
-channel_tls_flush_some_cells(channel_tls_t *chan, ssize_t num_cells)
-{
-  ssize_t flushed = 0;
-
-  tor_assert(chan);
-
-  if (flushed >= num_cells) goto done;
-
-  /*
-   * If channel_tls_t ever buffers anything below the channel_t layer, flush
-   * that first here.
-   */
-
-  flushed += channel_flush_some_cells(TLS_CHAN_TO_BASE(chan),
-                                      num_cells - flushed);
-
-  /*
-   * If channel_tls_t ever buffers anything below the channel_t layer, check
-   * how much we actually got and push it on down here.
-   */
-
- done:
-  return flushed;
-}
-
-/**
- * Check if a channel_tls_t has anything to flush
- *
- * Return true if there is any more to flush on this channel (cells in queue
- * or active circuits).
- */
-
-int
-channel_tls_more_to_flush(channel_tls_t *chan)
-{
-  tor_assert(chan);
-
-  /*
-   * If channel_tls_t ever buffers anything below channel_t, the
-   * check for that should go here first.
-   */
-
-  return channel_more_to_flush(TLS_CHAN_TO_BASE(chan));
-}
-
 #ifdef KEEP_TIMING_STATS
 
 /**
@@ -974,6 +1011,11 @@ channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
  * for cell types specific to the handshake for this transport protocol and
  * handles them, and queues all other cells to the channel_t layer, which
  * eventually will hand them off to command.c.
+ *
+ * The channel layer itself decides whether the cell should be queued or
+ * can be handed off immediately to the upper-layer code.  It is responsible
+ * for copying in the case that it queues; we merely pass pointers through
+ * which we get from connection_or_process_cells_from_inbuf().
  */
 
 void
@@ -1071,6 +1113,12 @@ channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
  * related and live below the channel_t layer, so no variable-length
  * cells ever get delivered in the current implementation, but I've left
  * the mechanism in place for future use.
+ *
+ * If we were handing them off to the upper layer, the channel_t queueing
+ * code would be responsible for memory management, and we'd just be passing
+ * pointers through from connection_or_process_cells_from_inbuf().  That
+ * caller always frees them after this function returns, so this function
+ * should never free var_cell.
  */
 
 void
@@ -1423,6 +1471,8 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
     return;
   }
 
+  rep_hist_note_negotiated_link_proto(highest_supported_version, started_here);
+
   chan->conn->link_proto = highest_supported_version;
   chan->conn->handshake_state->received_versions = 1;
 
@@ -1626,30 +1676,9 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
 #define NETINFO_NOTICE_SKEW 3600
   if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
       router_get_by_id_digest(chan->conn->identity_digest)) {
-    char dbuf[64];
-    int severity;
-    /*XXXX be smarter about when everybody says we are skewed. */
-    if (router_digest_is_trusted_dir(chan->conn->identity_digest))
-      severity = LOG_WARN;
-    else
-      severity = LOG_INFO;
-    format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
-    log_fn(severity, LD_GENERAL,
-           "Received NETINFO cell with skewed time from "
-           "server at %s:%d.  It seems that our clock is %s by %s, or "
-           "that theirs is %s. Tor requires an accurate clock to work: "
-           "please check your time and date settings.",
-           chan->conn->base_.address,
-           (int)(chan->conn->base_.port),
-           apparent_skew > 0 ? "ahead" : "behind",
-           dbuf,
-           apparent_skew > 0 ? "behind" : "ahead");
-    if (severity == LOG_WARN) /* only tell the controller if an authority */
-      control_event_general_status(LOG_WARN,
-                          "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
-                          apparent_skew,
-                          chan->conn->base_.address,
-                          chan->conn->base_.port);
+    int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
+    clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
+                       "NETINFO cell", "OR");
   }
 
   /* XXX maybe act on my_apparent_addr, if the source is sufficiently
@@ -1704,16 +1733,17 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
  * If it's the server side, wait for an AUTHENTICATE cell.
  */
 
-static void
+STATIC void
 channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
 {
-  tor_cert_t *link_cert = NULL;
-  tor_cert_t *id_cert = NULL;
-  tor_cert_t *auth_cert = NULL;
-  uint8_t *ptr;
+#define MAX_CERT_TYPE_WANTED OR_CERT_TYPE_AUTH_1024
+  tor_x509_cert_t *certs[MAX_CERT_TYPE_WANTED + 1];
   int n_certs, i;
+  certs_cell_t *cc = NULL;
+
   int send_netinfo = 0;
 
+  memset(certs, 0, sizeof(certs));
   tor_assert(cell);
   tor_assert(chan);
   tor_assert(chan->conn);
@@ -1743,63 +1773,41 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
   if (cell->circ_id)
     ERR("It had a nonzero circuit ID");
 
-  n_certs = cell->payload[0];
-  ptr = cell->payload + 1;
+  if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0)
+    ERR("It couldn't be parsed.");
+
+  n_certs = cc->n_certs;
+
   for (i = 0; i < n_certs; ++i) {
-    uint8_t cert_type;
-    uint16_t cert_len;
-    if (cell->payload_len < 3)
-      goto truncated;
-    if (ptr > cell->payload + cell->payload_len - 3) {
-      goto truncated;
-    }
-    cert_type = *ptr;
-    cert_len = ntohs(get_uint16(ptr+1));
-    if (cell->payload_len < 3 + cert_len)
-      goto truncated;
-    if (ptr > cell->payload + cell->payload_len - cert_len - 3) {
-      goto truncated;
-    }
-    if (cert_type == OR_CERT_TYPE_TLS_LINK ||
-        cert_type == OR_CERT_TYPE_ID_1024 ||
-        cert_type == OR_CERT_TYPE_AUTH_1024) {
-      tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
-      if (!cert) {
-        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-               "Received undecodable certificate in CERTS cell from %s:%d",
-               safe_str(chan->conn->base_.address),
-               chan->conn->base_.port);
+    certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
+
+    uint16_t cert_type = c->cert_type;
+    uint16_t cert_len = c->cert_len;
+    uint8_t *cert_body = certs_cell_cert_getarray_body(c);
+
+    if (cert_type > MAX_CERT_TYPE_WANTED)
+      continue;
+
+    tor_x509_cert_t *cert = tor_x509_cert_decode(cert_body, cert_len);
+    if (!cert) {
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+             "Received undecodable certificate in CERTS cell from %s:%d",
+             safe_str(chan->conn->base_.address),
+             chan->conn->base_.port);
+    } else {
+      if (certs[cert_type]) {
+        tor_x509_cert_free(cert);
+        ERR("Duplicate x509 certificate");
       } else {
-        if (cert_type == OR_CERT_TYPE_TLS_LINK) {
-          if (link_cert) {
-            tor_cert_free(cert);
-            ERR("Too many TLS_LINK certificates");
-          }
-          link_cert = cert;
-        } else if (cert_type == OR_CERT_TYPE_ID_1024) {
-          if (id_cert) {
-            tor_cert_free(cert);
-            ERR("Too many ID_1024 certificates");
-          }
-          id_cert = cert;
-        } else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
-          if (auth_cert) {
-            tor_cert_free(cert);
-            ERR("Too many AUTH_1024 certificates");
-          }
-          auth_cert = cert;
-        } else {
-          tor_cert_free(cert);
-        }
+        certs[cert_type] = cert;
       }
     }
-    ptr += 3 + cert_len;
-    continue;
-
-  truncated:
-    ERR("It ends in the middle of a certificate");
   }
 
+  tor_x509_cert_t *id_cert = certs[OR_CERT_TYPE_ID_1024];
+  tor_x509_cert_t *auth_cert = certs[OR_CERT_TYPE_AUTH_1024];
+  tor_x509_cert_t *link_cert = certs[OR_CERT_TYPE_TLS_LINK];
+
   if (chan->conn->handshake_state->started_here) {
     int severity;
     if (! (id_cert && link_cert))
@@ -1824,7 +1832,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
 
     chan->conn->handshake_state->authenticated = 1;
     {
-      const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
+      const common_digests_t *id_digests =
+        tor_x509_cert_get_id_digests(id_cert);
       crypto_pk_t *identity_rcvd;
       if (!id_digests)
         ERR("Couldn't compute digests for key in ID cert");
@@ -1848,7 +1857,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
              safe_str(chan->conn->base_.address), chan->conn->base_.port);
 
     chan->conn->handshake_state->id_cert = id_cert;
-    id_cert = NULL;
+    certs[OR_CERT_TYPE_ID_1024] = NULL;
 
     if (!public_server_mode(get_options())) {
       /* If we initiated the connection and we are not a public server, we
@@ -1875,7 +1884,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
 
     chan->conn->handshake_state->id_cert = id_cert;
     chan->conn->handshake_state->auth_cert = auth_cert;
-    id_cert = auth_cert = NULL;
+    certs[OR_CERT_TYPE_ID_1024] = certs[OR_CERT_TYPE_AUTH_1024] = NULL;
   }
 
   chan->conn->handshake_state->received_certs_cell = 1;
@@ -1889,9 +1898,10 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
   }
 
  err:
-  tor_cert_free(id_cert);
-  tor_cert_free(link_cert);
-  tor_cert_free(auth_cert);
+  for (unsigned i = 0; i < ARRAY_LENGTH(certs); ++i) {
+    tor_x509_cert_free(certs[i]);
+  }
+  certs_cell_free(cc);
 #undef ERR
 }
 
@@ -1906,11 +1916,11 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
  * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
  */
 
-static void
+STATIC void
 channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
 {
   int n_types, i, use_type = -1;
-  uint8_t *cp;
+  auth_challenge_cell_t *ac = NULL;
 
   tor_assert(cell);
   tor_assert(chan);
@@ -1923,7 +1933,7 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
            safe_str(chan->conn->base_.address),                 \
            chan->conn->base_.port, (s));                        \
     connection_or_close_for_error(chan->conn, 0);               \
-    return;                                                     \
+    goto done;                                                  \
   } while (0)
 
   if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
@@ -1936,19 +1946,17 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
     ERR("We already received one");
   if (!(chan->conn->handshake_state->received_certs_cell))
     ERR("We haven't gotten a CERTS cell yet");
-  if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
-    ERR("It was too short");
   if (cell->circ_id)
     ERR("It had a nonzero circuit ID");
 
-  n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
-  if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
-    ERR("It looks truncated");
+  if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0)
+    ERR("It was not well-formed.");
+
+  n_types = ac->n_methods;
 
   /* Now see if there is an authentication type we can use */
-  cp = cell->payload+OR_AUTH_CHALLENGE_LEN + 2;
-  for (i = 0; i < n_types; ++i, cp += 2) {
-    uint16_t authtype = ntohs(get_uint16(cp));
+  for (i = 0; i < n_types; ++i) {
+    uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
     if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
       use_type = authtype;
   }
@@ -1959,7 +1967,7 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
     /* If we're not a public server then we don't want to authenticate on a
        connection we originated, and we already sent a NETINFO cell when we
        got the CERTS cell. We have nothing more to do. */
-    return;
+    goto done;
   }
 
   if (use_type >= 0) {
@@ -1973,7 +1981,7 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
       log_warn(LD_OR,
                "Couldn't send authenticate cell");
       connection_or_close_for_error(chan->conn, 0);
-      return;
+      goto done;
     }
   } else {
     log_info(LD_OR,
@@ -1986,9 +1994,12 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
   if (connection_or_send_netinfo(chan->conn) < 0) {
     log_warn(LD_OR, "Couldn't send netinfo cell");
     connection_or_close_for_error(chan->conn, 0);
-    return;
+    goto done;
   }
 
+ done:
+  auth_challenge_cell_free(ac);
+
 #undef ERR
 }
 
@@ -2002,10 +2013,10 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
  * the identity of the router on the other side of the connection.
  */
 
-static void
+STATIC void
 channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
 {
-  uint8_t expected[V3_AUTH_FIXED_PART_LEN];
+  uint8_t expected[V3_AUTH_FIXED_PART_LEN+256];
   const uint8_t *auth;
   int authlen;
 
@@ -2061,11 +2072,13 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
   if (authlen < V3_AUTH_BODY_LEN + 1)
     ERR("Authenticator was too short");
 
-  if (connection_or_compute_authenticate_cell_body(
-                        chan->conn, expected, sizeof(expected), NULL, 1) < 0)
+  ssize_t bodylen =
+    connection_or_compute_authenticate_cell_body(
+                        chan->conn, expected, sizeof(expected), NULL, 1);
+  if (bodylen < 0 || bodylen != V3_AUTH_FIXED_PART_LEN)
     ERR("Couldn't compute expected AUTHENTICATE cell body");
 
-  if (tor_memneq(expected, auth, sizeof(expected)))
+  if (tor_memneq(expected, auth, bodylen))
     ERR("Some field in the AUTHENTICATE cell body was not as expected");
 
   {
@@ -2110,8 +2123,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
   {
     crypto_pk_t *identity_rcvd =
       tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
-    const digests_t *id_digests =
-      tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);
+    const common_digests_t *id_digests =
+      tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert);
 
     /* This must exist; we checked key type when reading the cert. */
     tor_assert(id_digests);
diff --git a/src/or/channeltls.h b/src/or/channeltls.h
index c872a09d79..a4d9c7a095 100644
--- a/src/or/channeltls.h
+++ b/src/or/channeltls.h
@@ -1,4 +1,4 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -40,8 +40,6 @@ channel_t * channel_tls_to_base(channel_tls_t *tlschan);
 channel_tls_t * channel_tls_from_base(channel_t *chan);
 
 /* Things for connection_or.c to call back into */
-ssize_t channel_tls_flush_some_cells(channel_tls_t *chan, ssize_t num_cells);
-int channel_tls_more_to_flush(channel_tls_t *chan);
 void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn);
 void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
                                                or_connection_t *conn,
@@ -54,5 +52,15 @@ void channel_tls_update_marks(or_connection_t *conn);
 /* Cleanup at shutdown */
 void channel_tls_free_all(void);
 
+#ifdef CHANNELTLS_PRIVATE
+STATIC void channel_tls_process_certs_cell(var_cell_t *cell,
+                                           channel_tls_t *tlschan);
+STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
+                                                    channel_tls_t *tlschan);
+STATIC void channel_tls_common_init(channel_tls_t *tlschan);
+STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell,
+                                                  channel_tls_t *tlschan);
+#endif
+
 #endif
 
diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c
index 51a75cf502..552947eba2 100644
--- a/src/or/circpathbias.c
+++ b/src/or/circpathbias.c
@@ -1,9 +1,18 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file circpathbias.c
+ *
+ * \brief Code to track success/failure rates of circuits built through
+ * different tor nodes, in an attempt to detect attacks where
+ * an attacker deliberately causes circuits to fail until the client
+ * choses a path they like.
+ */
+
 #include "or.h"
 #include "channel.h"
 #include "circpathbias.h"
@@ -768,8 +777,8 @@ pathbias_send_usable_probe(circuit_t *circ)
 
   /* Can't probe if the channel isn't open */
   if (circ->n_chan == NULL ||
-      (circ->n_chan->state != CHANNEL_STATE_OPEN
-       && circ->n_chan->state != CHANNEL_STATE_MAINT)) {
+      (!CHANNEL_IS_OPEN(circ->n_chan)
+       && !CHANNEL_IS_MAINT(circ->n_chan))) {
     log_info(LD_CIRC,
              "Skipping pathbias probe for circuit %d: Channel is not open.",
              ocirc->global_identifier);
@@ -1140,11 +1149,10 @@ pathbias_count_circs_in_states(entry_guard_t *guard,
                               path_state_t from,
                               path_state_t to)
 {
-  circuit_t *circ;
   int open_circuits = 0;
 
   /* Count currently open circuits. Give them the benefit of the doubt. */
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     origin_circuit_t *ocirc = NULL;
     if (!CIRCUIT_IS_ORIGIN(circ) || /* didn't originate here */
         circ->marked_for_close) /* already counted */
@@ -1167,6 +1175,7 @@ pathbias_count_circs_in_states(entry_guard_t *guard,
       open_circuits++;
     }
   }
+  SMARTLIST_FOREACH_END(circ);
 
   return open_circuits;
 }
diff --git a/src/or/circpathbias.h b/src/or/circpathbias.h
index c95d801a4b..ce76689d5f 100644
--- a/src/or/circpathbias.h
+++ b/src/or/circpathbias.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 897f90fe4c..28d286cd72 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1,12 +1,14 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file circuitbuild.c
- * \brief The actual details of building circuits.
+ *
+ * \brief Implements the details of building circuits (by chosing paths,
+ * constructing/sending create/extend cells, and so on).
  **/
 
 #define CIRCUITBUILD_PRIVATE
@@ -14,6 +16,7 @@
 #include "or.h"
 #include "channel.h"
 #include "circpathbias.h"
+#define CIRCUITBUILD_PRIVATE
 #include "circuitbuild.h"
 #include "circuitlist.h"
 #include "circuitstats.h"
@@ -59,9 +62,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
 static int onion_extend_cpath(origin_circuit_t *circ);
 static int count_acceptable_nodes(smartlist_t *routers);
 static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
-#ifdef CURVE25519_ENABLED
 static int circuits_can_use_ntor(void);
-#endif
 
 /** This function tries to get a channel to the specified endpoint,
  * and then calls command_setup_channel() to give it the right
@@ -368,7 +369,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ)
   } while (hop!=circ->cpath);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return 1 iff at least one node in circ's cpath supports ntor. */
 static int
 circuit_cpath_supports_ntor(const origin_circuit_t *circ)
@@ -388,9 +388,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ)
 
   return 0;
 }
-#else
-#define circuit_cpath_supports_ntor(circ) 0
-#endif
 
 /** Pick all the entries in our cpath. Stop and return 0 when we're
  * happy, or return -1 if an error occurs. */
@@ -398,11 +395,7 @@ static int
 onion_populate_cpath(origin_circuit_t *circ)
 {
   int n_tries = 0;
-#ifdef CURVE25519_ENABLED
   const int using_ntor = circuits_can_use_ntor();
-#else
-  const int using_ntor = 0;
-#endif
 
 #define MAX_POPULATE_ATTEMPTS 32
 
@@ -502,11 +495,26 @@ circuit_handle_first_hop(origin_circuit_t *circ)
   int err_reason = 0;
   const char *msg = NULL;
   int should_launch = 0;
+  const or_options_t *options = get_options();
 
   firsthop = onion_next_hop_in_cpath(circ->cpath);
   tor_assert(firsthop);
   tor_assert(firsthop->extend_info);
 
+  /* Some bridges are on private addresses. Others pass a dummy private
+   * address to the pluggable transport, which ignores it.
+   * Deny the connection if:
+   * - the address is internal, and
+   * - we're not connecting to a configured bridge, and
+   * - we're not configured to allow extends to private addresses. */
+  if (tor_addr_is_internal(&firsthop->extend_info->addr, 0) &&
+      !extend_info_is_a_configured_bridge(firsthop->extend_info) &&
+      !options->ExtendAllowPrivateAddresses) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Client asked me to connect directly to a private address");
+    return -END_CIRC_REASON_TORPROTOCOL;
+  }
+
   /* now see if we're already connected to the first OR in 'route' */
   log_debug(LD_CIRC,"Looking for firsthop '%s'",
             fmt_addrport(&firsthop->extend_info->addr,
@@ -560,9 +568,13 @@ circuit_handle_first_hop(origin_circuit_t *circ)
  * open and get them to send their create cells forward.
  *
  * Status is 1 if connect succeeded, or 0 if connect failed.
+ *
+ * Close_origin_circuits is 1 if we should close all the origin circuits
+ * through this channel, or 0 otherwise.  (This happens when we want to retry
+ * an older guard.)
  */
 void
-circuit_n_chan_done(channel_t *chan, int status)
+circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits)
 {
   smartlist_t *pending_circs;
   int err_reason = 0;
@@ -600,6 +612,11 @@ circuit_n_chan_done(channel_t *chan, int status)
         circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED);
         continue;
       }
+      if (close_origin_circuits && CIRCUIT_IS_ORIGIN(circ)) {
+        log_info(LD_CIRC,"Channel deprecated for origin circs; closing circ.");
+        circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED);
+        continue;
+      }
       log_debug(LD_CIRC, "Found circ, sending create cell.");
       /* circuit_deliver_create_cell will set n_circ_id and add us to
        * chan_circuid_circuit_map, so we don't need to call
@@ -681,7 +698,7 @@ circuit_deliver_create_cell(circuit_t *circ, const create_cell_t *create_cell,
   if (CIRCUIT_IS_ORIGIN(circ)) {
     /* Update began timestamp for circuits starting their first hop */
     if (TO_ORIGIN_CIRCUIT(circ)->cpath->state == CPATH_STATE_CLOSED) {
-      if (circ->n_chan->state != CHANNEL_STATE_OPEN) {
+      if (!CHANNEL_IS_OPEN(circ->n_chan)) {
         log_warn(LD_CIRC,
                  "Got first hop for a circuit without an opened channel. "
                  "State: %s.", channel_state_to_string(circ->n_chan->state));
@@ -737,7 +754,7 @@ inform_testing_reachability(void)
 
 /** Return true iff we should send a create_fast cell to start building a given
  * circuit */
-static INLINE int
+static inline int
 should_use_create_fast_for_circuit(origin_circuit_t *circ)
 {
   const or_options_t *options = get_options();
@@ -772,7 +789,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ)
           && circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return true if the ntor handshake is enabled in the configuration, or if
  * it's been set to "auto" in the configuration and it's enabled in the
  * consensus. */
@@ -784,7 +800,6 @@ circuits_can_use_ntor(void)
     return options->UseNTorHandshake;
   return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1);
 }
-#endif
 
 /** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
  * directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
@@ -794,7 +809,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
                               uint16_t *handshake_type_out,
                               const extend_info_t *ei)
 {
-#ifdef CURVE25519_ENABLED
   if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key,
                        CURVE25519_PUBKEY_LEN) &&
       circuits_can_use_ntor()) {
@@ -802,9 +816,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
     *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
     return;
   }
-#else
-  (void) ei;
-#endif
 
   *cell_type_out = CELL_CREATE;
   *handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
@@ -959,17 +970,21 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
       circuit_rep_hist_note_result(circ);
       circuit_has_opened(circ); /* do other actions as necessary */
 
-      if (!can_complete_circuit && !circ->build_state->onehop_tunnel) {
+      if (!have_completed_a_circuit() && !circ->build_state->onehop_tunnel) {
         const or_options_t *options = get_options();
-        can_complete_circuit=1;
+        note_that_we_completed_a_circuit();
         /* FFFF Log a count of known routers here */
         log_notice(LD_GENERAL,
             "Tor has successfully opened a circuit. "
             "Looks like client functionality is working.");
-        control_event_bootstrap(BOOTSTRAP_STATUS_DONE, 0);
+        if (control_event_bootstrap(BOOTSTRAP_STATUS_DONE, 0) == 0) {
+          log_notice(LD_GENERAL,
+                     "Tor has successfully opened a circuit. "
+                     "Looks like client functionality is working.");
+        }
         control_event_client_status(LOG_NOTICE, "CIRCUIT_ESTABLISHED");
         clear_broken_connection_map(1);
-        if (server_mode(options) && !check_whether_orport_reachable()) {
+        if (server_mode(options) && !check_whether_orport_reachable(options)) {
           inform_testing_reachability();
           consider_testing_reachability(1, 1);
         }
@@ -1049,11 +1064,16 @@ circuit_note_clock_jumped(int seconds_elapsed)
       seconds_elapsed >=0 ? "forward" : "backward");
   control_event_general_status(LOG_WARN, "CLOCK_JUMPED TIME=%d",
                                seconds_elapsed);
-  can_complete_circuit=0; /* so it'll log when it works again */
+  /* so we log when it works again */
+  note_that_we_maybe_cant_complete_circuits();
   control_event_client_status(severity, "CIRCUIT_NOT_ESTABLISHED REASON=%s",
                               "CLOCK_JUMPED");
   circuit_mark_all_unused_circs();
   circuit_mark_all_dirty_circs_as_unusable();
+  if (seconds_elapsed < 0) {
+    /* Restart all the timers in case we jumped a long way into the past. */
+    reset_all_main_loop_timers();
+  }
 }
 
 /** Take the 'extend' <b>cell</b>, pull out addr/port plus the onion
@@ -1256,8 +1276,10 @@ circuit_finish_handshake(origin_circuit_t *circ,
   crypt_path_t *hop;
   int rv;
 
-  if ((rv = pathbias_count_build_attempt(circ)) < 0)
+  if ((rv = pathbias_count_build_attempt(circ)) < 0) {
+    log_warn(LD_CIRC, "pathbias_count_build_attempt failed: %d", rv);
     return rv;
+  }
 
   if (circ->cpath->state == CPATH_STATE_AWAITING_KEYS) {
     hop = circ->cpath;
@@ -1271,12 +1293,15 @@ circuit_finish_handshake(origin_circuit_t *circ,
   tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS);
 
   {
+    const char *msg = NULL;
     if (onion_skin_client_handshake(hop->handshake_state.tag,
                                     &hop->handshake_state,
                                     reply->reply, reply->handshake_len,
                                     (uint8_t*)keys, sizeof(keys),
-                                    (uint8_t*)hop->rend_circ_nonce) < 0) {
-      log_warn(LD_CIRC,"onion_skin_client_handshake failed.");
+                                    (uint8_t*)hop->rend_circ_nonce,
+                                    &msg) < 0) {
+      if (msg)
+        log_warn(LD_CIRC,"onion_skin_client_handshake failed: %s", msg);
       return -END_CIRC_REASON_TORPROTOCOL;
     }
   }
@@ -1392,8 +1417,13 @@ onionskin_answer(or_circuit_t *circ,
   log_debug(LD_CIRC,"Finished sending '%s' cell.",
             circ->is_first_hop ? "created_fast" : "created");
 
-  if (!channel_is_local(circ->p_chan) &&
-      !channel_is_outgoing(circ->p_chan)) {
+  /* Ignore the local bit when ExtendAllowPrivateAddresses is set:
+   * it violates the assumption that private addresses are local.
+   * Also, many test networks run on local addresses, and
+   * TestingTorNetwork sets ExtendAllowPrivateAddresses. */
+  if ((!channel_is_local(circ->p_chan)
+       || get_options()->ExtendAllowPrivateAddresses)
+      && !channel_is_outgoing(circ->p_chan)) {
     /* record that we could process create cells from a non-local conn
      * that we didn't initiate; presumably this means that create cells
      * can reach us too. */
@@ -1564,7 +1594,7 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
    * -1 means "Don't use this router at all."
    */
   the_nodes = nodelist_get_list();
-  n_supported = tor_malloc(sizeof(int)*smartlist_len(the_nodes));
+  n_supported = tor_calloc(smartlist_len(the_nodes), sizeof(int));
   SMARTLIST_FOREACH_BEGIN(the_nodes, const node_t *, node) {
     const int i = node_sl_idx;
     if (router_digest_is_me(node->identity)) {
@@ -1735,6 +1765,87 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
   return NULL;
 }
 
+#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
+/* The config option Tor2webRendezvousPoints has been set and we need
+ * to pick an RP out of that set. Make sure that the RP we choose is
+ * alive, and return it. Return NULL if no usable RP could be found in
+ * Tor2webRendezvousPoints. */
+STATIC const node_t *
+pick_tor2web_rendezvous_node(router_crn_flags_t flags,
+                             const or_options_t *options)
+{
+  const node_t *rp_node = NULL;
+  const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0;
+  const int need_desc = (flags & CRN_NEED_DESC) != 0;
+  const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
+  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
+
+  smartlist_t *whitelisted_live_rps = smartlist_new();
+  smartlist_t *all_live_nodes = smartlist_new();
+
+  tor_assert(options->Tor2webRendezvousPoints);
+
+  /* Add all running nodes to all_live_nodes */
+  router_add_running_nodes_to_smartlist(all_live_nodes,
+                                        allow_invalid,
+                                        0, 0, 0,
+                                        need_desc,
+                                        pref_addr,
+                                        direct_conn);
+
+  /* Filter all_live_nodes to only add live *and* whitelisted RPs to
+   * the list whitelisted_live_rps. */
+  SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
+    if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) {
+      smartlist_add(whitelisted_live_rps, live_node);
+    }
+  } SMARTLIST_FOREACH_END(live_node);
+
+  /* Honor ExcludeNodes */
+  if (options->ExcludeNodes) {
+    routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes);
+  }
+
+  /* Now pick randomly amongst the whitelisted RPs. No need to waste time
+     doing bandwidth load balancing, for most use cases
+     'whitelisted_live_rps' contains a single OR anyway. */
+  rp_node = smartlist_choose(whitelisted_live_rps);
+
+  if (!rp_node) {
+    log_warn(LD_REND, "Could not find a Rendezvous Point that suits "
+             "the purposes of Tor2webRendezvousPoints. Choosing random one.");
+  }
+
+  smartlist_free(whitelisted_live_rps);
+  smartlist_free(all_live_nodes);
+
+  return rp_node;
+}
+#endif
+
+/* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
+static const node_t *
+pick_rendezvous_node(router_crn_flags_t flags)
+{
+  const or_options_t *options = get_options();
+
+  if (options->AllowInvalid_ & ALLOW_INVALID_RENDEZVOUS)
+    flags |= CRN_ALLOW_INVALID;
+
+#ifdef ENABLE_TOR2WEB_MODE
+  /* The user wants us to pick specific RPs. */
+  if (options->Tor2webRendezvousPoints) {
+    const node_t *tor2web_rp = pick_tor2web_rendezvous_node(flags, options);
+    if (tor2web_rp) {
+      return tor2web_rp;
+    }
+    /* Else, if no tor2web RP was found, fall back to choosing a random node */
+  }
+#endif
+
+  return router_choose_random_node(NULL, options->ExcludeNodes, flags);
+}
+
 /** Return a pointer to a suitable router to be the exit node for the
  * circuit of purpose <b>purpose</b> that we're about to build (or NULL
  * if no router is suitable).
@@ -1765,9 +1876,13 @@ choose_good_exit_server(uint8_t purpose,
       else
         return choose_good_exit_server_general(need_uptime,need_capacity);
     case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
-      if (options->AllowInvalid_ & ALLOW_INVALID_RENDEZVOUS)
-        flags |= CRN_ALLOW_INVALID;
-      return router_choose_random_node(NULL, options->ExcludeNodes, flags);
+      {
+        /* Pick a new RP */
+        const node_t *rendezvous_node = pick_rendezvous_node(flags);
+        log_info(LD_REND, "Picked new RP: %s",
+                 safe_str_client(node_describe(rendezvous_node)));
+        return rendezvous_node;
+      }
   }
   log_warn(LD_BUG,"Unhandled purpose %d", purpose);
   tor_fragile_assert();
@@ -1877,7 +1992,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
       choose_good_exit_server(circ->base_.purpose, state->need_uptime,
                               state->need_capacity, state->is_internal);
     if (!node) {
-      log_warn(LD_CIRC,"failed to choose an exit server");
+      log_warn(LD_CIRC,"Failed to choose an exit server");
       return -1;
     }
     exit = extend_info_from_node(node, 0);
@@ -2004,7 +2119,8 @@ choose_good_middle_server(uint8_t purpose,
   tor_assert(CIRCUIT_PURPOSE_MIN_ <= purpose &&
              purpose <= CIRCUIT_PURPOSE_MAX_);
 
-  log_debug(LD_CIRC, "Contemplating intermediate hop: random choice.");
+  log_debug(LD_CIRC, "Contemplating intermediate hop %d: random choice.",
+            cur_len);
   excluded = smartlist_new();
   if ((r = build_state_get_exit_node(state))) {
     nodelist_add_node_and_family(excluded, r);
@@ -2041,7 +2157,10 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state)
   const node_t *choice;
   smartlist_t *excluded;
   const or_options_t *options = get_options();
-  router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC;
+  /* If possible, choose an entry server with a preferred address,
+   * otherwise, choose one with an allowed address */
+  router_crn_flags_t flags = (CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR|
+                              CRN_DIRECT_CONN);
   const node_t *node;
 
   if (state && options->UseEntryGuards &&
@@ -2058,17 +2177,18 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state)
      * family. */
     nodelist_add_node_and_family(excluded, node);
   }
-  if (firewall_is_fascist_or()) {
-    /* Exclude all ORs that we can't reach through our firewall */
-    smartlist_t *nodes = nodelist_get_list();
-    SMARTLIST_FOREACH(nodes, const node_t *, node, {
-      if (!fascist_firewall_allows_node(node))
-        smartlist_add(excluded, (void*)node);
-    });
-  }
-  /* and exclude current entry guards and their families, if applicable */
+  /* and exclude current entry guards and their families,
+   * unless we're in a test network, and excluding guards
+   * would exclude all nodes (i.e. we're in an incredibly small tor network,
+   * or we're using TestingAuthVoteGuard *).
+   * This is an incomplete fix, but is no worse than the previous behaviour,
+   * and only applies to minimal, testing tor networks
+   * (so it's no less secure) */
   /*XXXX025 use the using_as_guard flag to accomplish this.*/
-  if (options->UseEntryGuards) {
+  if (options->UseEntryGuards
+      && (!options->TestingTorNetwork ||
+         smartlist_len(nodelist_get_list()) > smartlist_len(get_entry_guards())
+     )) {
     SMARTLIST_FOREACH(get_entry_guards(), const entry_guard_t *, entry,
       {
         if ((node = node_get_by_id(entry->identity))) {
@@ -2135,9 +2255,11 @@ onion_extend_cpath(origin_circuit_t *circ)
     if (r) {
       /* If we're a client, use the preferred address rather than the
          primary address, for potentially connecting to an IPv6 OR
-         port. */
-      info = extend_info_from_node(r, server_mode(get_options()) == 0);
-      tor_assert(info);
+         port. Servers always want the primary (IPv4) address. */
+      int client = (server_mode(get_options()) == 0);
+      info = extend_info_from_node(r, client);
+      /* Clients can fail to find an allowed address */
+      tor_assert(info || client);
     }
   } else {
     const node_t *r =
@@ -2198,13 +2320,9 @@ extend_info_new(const char *nickname, const char *digest,
     strlcpy(info->nickname, nickname, sizeof(info->nickname));
   if (onion_key)
     info->onion_key = crypto_pk_dup_key(onion_key);
-#ifdef CURVE25519_ENABLED
   if (curve25519_key)
     memcpy(&info->curve25519_onion_key, curve25519_key,
            sizeof(curve25519_public_key_t));
-#else
-  (void)curve25519_key;
-#endif
   tor_addr_copy(&info->addr, addr);
   info->port = port;
   return info;
@@ -2216,33 +2334,43 @@ extend_info_new(const char *nickname, const char *digest,
  * <b>for_direct_connect</b> is true, in which case the preferred
  * address is used instead. May return NULL if there is not enough
  * info about <b>node</b> to extend to it--for example, if there is no
- * routerinfo_t or microdesc_t.
+ * routerinfo_t or microdesc_t, or if for_direct_connect is true and none of
+ * the node's addresses are allowed by tor's firewall and IP version config.
  **/
 extend_info_t *
 extend_info_from_node(const node_t *node, int for_direct_connect)
 {
   tor_addr_port_t ap;
+  int valid_addr = 0;
 
   if (node->ri == NULL && (node->rs == NULL || node->md == NULL))
     return NULL;
 
+  /* Choose a preferred address first, but fall back to an allowed address.
+   * choose_address returns 1 on success, but get_prim_orport returns 0. */
   if (for_direct_connect)
-    node_get_pref_orport(node, &ap);
+    valid_addr = fascist_firewall_choose_address_node(node,
+                                                      FIREWALL_OR_CONNECTION,
+                                                      0, &ap);
   else
-    node_get_prim_orport(node, &ap);
+    valid_addr = !node_get_prim_orport(node, &ap);
 
-  log_debug(LD_CIRC, "using %s for %s",
-            fmt_addrport(&ap.addr, ap.port),
-            node->ri ? node->ri->nickname : node->rs->nickname);
+  if (valid_addr)
+    log_debug(LD_CIRC, "using %s for %s",
+              fmt_addrport(&ap.addr, ap.port),
+              node->ri ? node->ri->nickname : node->rs->nickname);
+  else
+    log_warn(LD_CIRC, "Could not choose valid address for %s",
+              node->ri ? node->ri->nickname : node->rs->nickname);
 
-  if (node->ri)
+  if (valid_addr && node->ri)
     return extend_info_new(node->ri->nickname,
                              node->identity,
                              node->ri->onion_pkey,
                              node->ri->onion_curve25519_pkey,
                              &ap.addr,
                              ap.port);
-  else if (node->rs && node->md)
+  else if (valid_addr && node->rs && node->md)
     return extend_info_new(node->rs->nickname,
                              node->identity,
                              node->md->onion_pkey,
@@ -2303,3 +2431,20 @@ build_state_get_exit_nickname(cpath_build_state_t *state)
   return state->chosen_exit->nickname;
 }
 
+/** Return true iff the given address can be used to extend to. */
+int
+extend_info_addr_is_allowed(const tor_addr_t *addr)
+{
+  tor_assert(addr);
+
+  /* Check if we have a private address and if we can extend to it. */
+  if ((tor_addr_is_internal(addr, 0) || tor_addr_is_multicast(addr)) &&
+      !get_options()->ExtendAllowPrivateAddresses) {
+    goto disallow;
+  }
+  /* Allowed! */
+  return 1;
+ disallow:
+  return 0;
+}
+
diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h
index 71caea94ed..7f5fd511a9 100644
--- a/src/or/circuitbuild.h
+++ b/src/or/circuitbuild.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -22,7 +22,8 @@ origin_circuit_t *circuit_establish_circuit(uint8_t purpose,
                                             extend_info_t *exit,
                                             int flags);
 int circuit_handle_first_hop(origin_circuit_t *circ);
-void circuit_n_chan_done(channel_t *chan, int status);
+void circuit_n_chan_done(channel_t *chan, int status,
+                         int close_origin_circuits);
 int inform_testing_reachability(void);
 int circuit_timeout_want_to_count_circ(origin_circuit_t *circ);
 int circuit_send_next_onion_skin(origin_circuit_t *circ);
@@ -52,6 +53,7 @@ extend_info_t *extend_info_new(const char *nickname, const char *digest,
 extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect);
 extend_info_t *extend_info_dup(extend_info_t *info);
 void extend_info_free(extend_info_t *info);
+int extend_info_addr_is_allowed(const tor_addr_t *addr);
 const node_t *build_state_get_exit_node(cpath_build_state_t *state);
 const char *build_state_get_exit_nickname(cpath_build_state_t *state);
 
@@ -60,6 +62,11 @@ const node_t *choose_good_entry_server(uint8_t purpose,
 
 #ifdef CIRCUITBUILD_PRIVATE
 STATIC circid_t get_unique_circ_id_by_chan(channel_t *chan);
+#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
+STATIC const node_t *pick_tor2web_rendezvous_node(router_crn_flags_t flags,
+                                                  const or_options_t *options);
+#endif
+
 #endif
 
 #endif
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index f3a83503ef..b710485908 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1,12 +1,13 @@
 /* Copyright 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file circuitlist.c
- * \brief Manage the global circuit list.
+ *
+ * \brief Manage the global circuit list, and looking up circuits within it.
  **/
 #define CIRCUITLIST_PRIVATE
 #include "or.h"
@@ -21,6 +22,7 @@
 #include "connection_edge.h"
 #include "connection_or.h"
 #include "control.h"
+#include "main.h"
 #include "networkstatus.h"
 #include "nodelist.h"
 #include "onion.h"
@@ -38,17 +40,22 @@
 /********* START VARIABLES **********/
 
 /** A global list of all circuits at this hop. */
-struct global_circuitlist_s global_circuitlist =
-  TOR_LIST_HEAD_INITIALIZER(global_circuitlist);
+static smartlist_t *global_circuitlist = NULL;
 
 /** A list of all the circuits in CIRCUIT_STATE_CHAN_WAIT. */
 static smartlist_t *circuits_pending_chans = NULL;
 
+/** A list of all the circuits that have been marked with
+ * circuit_mark_for_close and which are waiting for circuit_about_to_free. */
+static smartlist_t *circuits_pending_close = NULL;
+
 static void circuit_free_cpath_node(crypt_path_t *victim);
 static void cpath_ref_decref(crypt_path_reference_t *cpath_ref);
 //static void circuit_set_rend_token(or_circuit_t *circ, int is_rend_circ,
 //                                   const uint8_t *token);
 static void circuit_clear_rend_token(or_circuit_t *circ);
+static void circuit_about_to_free_atexit(circuit_t *circ);
+static void circuit_about_to_free(circuit_t *circ);
 
 /********* END VARIABLES ************/
 
@@ -66,7 +73,7 @@ typedef struct chan_circid_circuit_map_t {
 /** Helper for hash tables: compare the channel and circuit ID for a and
  * b, and return less than, equal to, or greater than zero appropriately.
  */
-static INLINE int
+static inline int
 chan_circid_entries_eq_(chan_circid_circuit_map_t *a,
                         chan_circid_circuit_map_t *b)
 {
@@ -75,7 +82,7 @@ chan_circid_entries_eq_(chan_circid_circuit_map_t *a,
 
 /** Helper: return a hash based on circuit ID and the pointer value of
  * chan in <b>a</b>. */
-static INLINE unsigned int
+static inline unsigned int
 chan_circid_entry_hash_(chan_circid_circuit_map_t *a)
 {
   /* Try to squeze the siphash input into 8 bytes to save any extra siphash
@@ -94,9 +101,9 @@ static HT_HEAD(chan_circid_map, chan_circid_circuit_map_t)
      chan_circid_map = HT_INITIALIZER();
 HT_PROTOTYPE(chan_circid_map, chan_circid_circuit_map_t, node,
              chan_circid_entry_hash_, chan_circid_entries_eq_)
-HT_GENERATE(chan_circid_map, chan_circid_circuit_map_t, node,
-            chan_circid_entry_hash_, chan_circid_entries_eq_, 0.6,
-            malloc, realloc, free)
+HT_GENERATE2(chan_circid_map, chan_circid_circuit_map_t, node,
+             chan_circid_entry_hash_, chan_circid_entries_eq_, 0.6,
+             tor_reallocarray_, tor_free_)
 
 /** The most recently returned entry from circuit_get_by_circid_chan;
  * used to improve performance when many cells arrive in a row from the
@@ -302,8 +309,8 @@ channel_note_destroy_pending(channel_t *chan, circid_t id)
 
 /** Called to indicate that a DESTROY is no longer pending on <b>chan</b> with
  * circuit ID <b>id</b> -- typically, because it has been sent. */
-void
-channel_note_destroy_not_pending(channel_t *chan, circid_t id)
+MOCK_IMPL(void, channel_note_destroy_not_pending,
+          (channel_t *chan, circid_t id))
 {
   circuit_t *circ = circuit_get_by_circid_channel_even_if_marked(id,chan);
   if (circ) {
@@ -451,17 +458,36 @@ circuit_count_pending_on_channel(channel_t *chan)
 void
 circuit_close_all_marked(void)
 {
-  circuit_t *circ, *tmp;
-  TOR_LIST_FOREACH_SAFE(circ, &global_circuitlist, head, tmp)
-    if (circ->marked_for_close)
-      circuit_free(circ);
+  if (circuits_pending_close == NULL)
+    return;
+
+  smartlist_t *lst = circuit_get_global_list();
+  SMARTLIST_FOREACH_BEGIN(circuits_pending_close, circuit_t *, circ) {
+    tor_assert(circ->marked_for_close);
+
+    /* Remove it from the circuit list. */
+    int idx = circ->global_circuitlist_idx;
+    smartlist_del(lst, idx);
+    if (idx < smartlist_len(lst)) {
+      circuit_t *replacement = smartlist_get(lst, idx);
+      replacement->global_circuitlist_idx = idx;
+    }
+    circ->global_circuitlist_idx = -1;
+
+    circuit_about_to_free(circ);
+    circuit_free(circ);
+  } SMARTLIST_FOREACH_END(circ);
+
+  smartlist_clear(circuits_pending_close);
 }
 
 /** Return the head of the global linked list of circuits. */
-MOCK_IMPL(struct global_circuitlist_s *,
+MOCK_IMPL(smartlist_t *,
 circuit_get_global_list,(void))
 {
-  return &global_circuitlist;
+  if (NULL == global_circuitlist)
+    global_circuitlist = smartlist_new();
+  return global_circuitlist;
 }
 
 /** Function to make circ-\>state human-readable */
@@ -678,7 +704,8 @@ init_circuit_base(circuit_t *circ)
   circ->deliver_window = CIRCWINDOW_START;
   cell_queue_init(&circ->n_chan_cells);
 
-  TOR_LIST_INSERT_HEAD(&global_circuitlist, circ, head);
+  smartlist_add(circuit_get_global_list(), circ);
+  circ->global_circuitlist_idx = smartlist_len(circuit_get_global_list()) - 1;
 }
 
 /** Allocate space for a new circuit, initializing with <b>p_circ_id</b>
@@ -707,8 +734,8 @@ origin_circuit_new(void)
   return circ;
 }
 
-/** Allocate a new or_circuit_t, connected to <b>p_conn</b> as
- * <b>p_circ_id</b>.  If <b>p_conn</b> is NULL, the circuit is unattached. */
+/** Allocate a new or_circuit_t, connected to <b>p_chan</b> as
+ * <b>p_circ_id</b>.  If <b>p_chan</b> is NULL, the circuit is unattached. */
 or_circuit_t *
 or_circuit_new(circid_t p_circ_id, channel_t *p_chan)
 {
@@ -729,6 +756,18 @@ or_circuit_new(circid_t p_circ_id, channel_t *p_chan)
   return circ;
 }
 
+/** Free all storage held in circ->testing_cell_stats */
+void
+circuit_clear_testing_cell_stats(circuit_t *circ)
+{
+  if (!circ || !circ->testing_cell_stats)
+    return;
+  SMARTLIST_FOREACH(circ->testing_cell_stats, testing_cell_stats_entry_t *,
+                    ent, tor_free(ent));
+  smartlist_free(circ->testing_cell_stats);
+  circ->testing_cell_stats = NULL;
+}
+
 /** Deallocate space associated with circ.
  */
 STATIC void
@@ -736,9 +775,12 @@ circuit_free(circuit_t *circ)
 {
   void *mem;
   size_t memlen;
+  int should_free = 1;
   if (!circ)
     return;
 
+  circuit_clear_testing_cell_stats(circ);
+
   if (CIRCUIT_IS_ORIGIN(circ)) {
     origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
     mem = ocirc;
@@ -775,6 +817,8 @@ circuit_free(circuit_t *circ)
     memlen = sizeof(or_circuit_t);
     tor_assert(circ->magic == OR_CIRCUIT_MAGIC);
 
+    should_free = (ocirc->workqueue_entry == NULL);
+
     crypto_cipher_free(ocirc->p_crypto);
     crypto_digest_free(ocirc->p_digest);
     crypto_cipher_free(ocirc->n_crypto);
@@ -799,7 +843,16 @@ circuit_free(circuit_t *circ)
   extend_info_free(circ->n_hop);
   tor_free(circ->n_chan_create_cell);
 
-  TOR_LIST_REMOVE(circ, head);
+  if (circ->global_circuitlist_idx != -1) {
+    int idx = circ->global_circuitlist_idx;
+    circuit_t *c2 = smartlist_get(global_circuitlist, idx);
+    tor_assert(c2 == circ);
+    smartlist_del(global_circuitlist, idx);
+    if (idx < smartlist_len(global_circuitlist)) {
+      c2 = smartlist_get(global_circuitlist, idx);
+      c2->global_circuitlist_idx = idx;
+    }
+  }
 
   /* Remove from map. */
   circuit_set_n_circid_chan(circ, 0, NULL);
@@ -808,8 +861,18 @@ circuit_free(circuit_t *circ)
    * "active" checks will be violated. */
   cell_queue_clear(&circ->n_chan_cells);
 
-  memwipe(mem, 0xAA, memlen); /* poison memory */
-  tor_free(mem);
+  if (should_free) {
+    memwipe(mem, 0xAA, memlen); /* poison memory */
+    tor_free(mem);
+  } else {
+    /* If we made it here, this is an or_circuit_t that still has a pending
+     * cpuworker request which we weren't able to cancel.  Instead, set up
+     * the magic value so that when the reply comes back, we'll know to discard
+     * the reply and free this structure.
+     */
+    memwipe(mem, 0xAA, memlen);
+    circ->magic = DEAD_CIRCUIT_MAGIC;
+  }
 }
 
 /** Deallocate the linked list circ-><b>cpath</b>, and remove the cpath from
@@ -841,9 +904,9 @@ circuit_clear_cpath(origin_circuit_t *circ)
 void
 circuit_free_all(void)
 {
-  circuit_t *tmp, *tmp2;
+  smartlist_t *lst = circuit_get_global_list();
 
-  TOR_LIST_FOREACH_SAFE(tmp, &global_circuitlist, head, tmp2) {
+  SMARTLIST_FOREACH_BEGIN(lst, circuit_t *, tmp) {
     if (! CIRCUIT_IS_ORIGIN(tmp)) {
       or_circuit_t *or_circ = TO_OR_CIRCUIT(tmp);
       while (or_circ->resolving_streams) {
@@ -853,12 +916,21 @@ circuit_free_all(void)
         or_circ->resolving_streams = next_conn;
       }
     }
+    tmp->global_circuitlist_idx = -1;
+    circuit_about_to_free_atexit(tmp);
     circuit_free(tmp);
-  }
+    SMARTLIST_DEL_CURRENT(lst, tmp);
+  } SMARTLIST_FOREACH_END(tmp);
+
+  smartlist_free(lst);
+  global_circuitlist = NULL;
 
   smartlist_free(circuits_pending_chans);
   circuits_pending_chans = NULL;
 
+  smartlist_free(circuits_pending_close);
+  circuits_pending_close = NULL;
+
   {
     chan_circid_circuit_map_t **elt, **next, *c;
     for (elt = HT_START(chan_circid_map, &chan_circid_map);
@@ -932,10 +1004,9 @@ circuit_dump_conn_details(int severity,
 void
 circuit_dump_by_conn(connection_t *conn, int severity)
 {
-  circuit_t *circ;
   edge_connection_t *tmpconn;
 
-  TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     circid_t n_circ_id = circ->n_circ_id, p_circ_id = 0;
 
     if (circ->marked_for_close) {
@@ -966,6 +1037,7 @@ circuit_dump_by_conn(connection_t *conn, int severity)
       }
     }
   }
+  SMARTLIST_FOREACH_END(circ);
 }
 
 /** Return the circuit whose global ID is <b>id</b>, or NULL if no
@@ -973,8 +1045,7 @@ circuit_dump_by_conn(connection_t *conn, int severity)
 origin_circuit_t *
 circuit_get_by_global_id(uint32_t id)
 {
-  circuit_t *circ;
-  TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (CIRCUIT_IS_ORIGIN(circ) &&
         TO_ORIGIN_CIRCUIT(circ)->global_identifier == id) {
       if (circ->marked_for_close)
@@ -983,6 +1054,7 @@ circuit_get_by_global_id(uint32_t id)
         return TO_ORIGIN_CIRCUIT(circ);
     }
   }
+  SMARTLIST_FOREACH_END(circ);
   return NULL;
 }
 
@@ -994,7 +1066,7 @@ circuit_get_by_global_id(uint32_t id)
  * If <b>found_entry_out</b> is provided, set it to true if we have a
  * placeholder entry for circid/chan, and leave it unset otherwise.
  */
-static INLINE circuit_t *
+static inline circuit_t *
 circuit_get_by_circid_channel_impl(circid_t circ_id, channel_t *chan,
                                    int *found_entry_out)
 {
@@ -1151,17 +1223,17 @@ circuit_unlink_all_from_channel(channel_t *chan, int reason)
 
 #ifdef DEBUG_CIRCUIT_UNLINK_ALL
   {
-    circuit_t *circ;
     smartlist_t *detached_2 = smartlist_new();
     int mismatch = 0, badlen = 0;
 
-    TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+    SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
       if (circ->n_chan == chan ||
           (!CIRCUIT_IS_ORIGIN(circ) &&
            TO_OR_CIRCUIT(circ)->p_chan == chan)) {
         smartlist_add(detached_2, circ);
       }
     }
+    SMARTLIST_FOREACH_END(circ);
 
     if (smartlist_len(detached) != smartlist_len(detached_2)) {
        log_warn(LD_BUG, "List of detached circuits had the wrong length! "
@@ -1235,8 +1307,7 @@ circuit_unlink_all_from_channel(channel_t *chan, int reason)
 origin_circuit_t *
 circuit_get_ready_rend_circ_by_rend_data(const rend_data_t *rend_data)
 {
-  circuit_t *circ;
-  TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (!circ->marked_for_close &&
         circ->purpose == CIRCUIT_PURPOSE_C_REND_READY) {
       origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
@@ -1249,6 +1320,7 @@ circuit_get_ready_rend_circ_by_rend_data(const rend_data_t *rend_data)
         return ocirc;
     }
   }
+  SMARTLIST_FOREACH_END(circ);
   return NULL;
 }
 
@@ -1261,14 +1333,17 @@ origin_circuit_t *
 circuit_get_next_by_pk_and_purpose(origin_circuit_t *start,
                                    const char *digest, uint8_t purpose)
 {
-  circuit_t *circ;
+  int idx;
+  smartlist_t *lst = circuit_get_global_list();
   tor_assert(CIRCUIT_PURPOSE_IS_ORIGIN(purpose));
   if (start == NULL)
-    circ = TOR_LIST_FIRST(&global_circuitlist);
+    idx = 0;
   else
-    circ = TOR_LIST_NEXT(TO_CIRCUIT(start), head);
+    idx = TO_CIRCUIT(start)->global_circuitlist_idx + 1;
+
+  for ( ; idx < smartlist_len(lst); ++idx) {
+    circuit_t *circ = smartlist_get(lst, idx);
 
-  for ( ; circ; circ = TOR_LIST_NEXT(circ, head)) {
     if (circ->marked_for_close)
       continue;
     if (circ->purpose != purpose)
@@ -1469,7 +1544,6 @@ origin_circuit_t *
 circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
                             int flags)
 {
-  circuit_t *circ_;
   origin_circuit_t *best=NULL;
   int need_uptime = (flags & CIRCLAUNCH_NEED_UPTIME) != 0;
   int need_capacity = (flags & CIRCLAUNCH_NEED_CAPACITY) != 0;
@@ -1485,7 +1559,7 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
             "capacity %d, internal %d",
             purpose, need_uptime, need_capacity, internal);
 
-  TOR_LIST_FOREACH(circ_, &global_circuitlist, head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ_) {
     if (CIRCUIT_IS_ORIGIN(circ_) &&
         circ_->state == CIRCUIT_STATE_OPEN &&
         !circ_->marked_for_close &&
@@ -1507,7 +1581,7 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
           do {
             const node_t *ri2;
             if (tor_memeq(hop->extend_info->identity_digest,
-                        info->identity_digest, DIGEST_LEN))
+                          info->identity_digest, DIGEST_LEN))
               goto next;
             if (ri1 &&
                 (ri2 = node_get_by_id(hop->extend_info->identity_digest))
@@ -1535,6 +1609,7 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
       }
     }
   }
+  SMARTLIST_FOREACH_END(circ_);
   return best;
 }
 
@@ -1574,13 +1649,13 @@ circuit_get_cpath_hop(origin_circuit_t *circ, int hopnum)
 void
 circuit_mark_all_unused_circs(void)
 {
-  circuit_t *circ;
-  TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (CIRCUIT_IS_ORIGIN(circ) &&
         !circ->marked_for_close &&
         !circ->timestamp_dirty)
       circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
   }
+  SMARTLIST_FOREACH_END(circ);
 }
 
 /** Go through the circuitlist; for each circuit that starts at us
@@ -1593,14 +1668,14 @@ circuit_mark_all_unused_circs(void)
 void
 circuit_mark_all_dirty_circs_as_unusable(void)
 {
-  circuit_t *circ;
-  TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (CIRCUIT_IS_ORIGIN(circ) &&
         !circ->marked_for_close &&
         circ->timestamp_dirty) {
       mark_circuit_unusable_for_new_conns(TO_ORIGIN_CIRCUIT(circ));
     }
   }
+  SMARTLIST_FOREACH_END(circ);
 }
 
 /** Mark <b>circ</b> to be closed next time we call
@@ -1664,6 +1739,65 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line,
     reason = END_CIRC_REASON_NONE;
   }
 
+  circ->marked_for_close = line;
+  circ->marked_for_close_file = file;
+  circ->marked_for_close_reason = reason;
+  circ->marked_for_close_orig_reason = orig_reason;
+
+  if (!CIRCUIT_IS_ORIGIN(circ)) {
+    or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
+    if (or_circ->rend_splice) {
+      if (!or_circ->rend_splice->base_.marked_for_close) {
+        /* do this after marking this circuit, to avoid infinite recursion. */
+        circuit_mark_for_close(TO_CIRCUIT(or_circ->rend_splice), reason);
+      }
+      or_circ->rend_splice = NULL;
+    }
+  }
+
+  if (circuits_pending_close == NULL)
+    circuits_pending_close = smartlist_new();
+
+  smartlist_add(circuits_pending_close, circ);
+}
+
+/** Called immediately before freeing a marked circuit <b>circ</b> from
+ * circuit_free_all() while shutting down Tor; this is a safe-at-shutdown
+ * version of circuit_about_to_free().  It's important that it at least
+ * do circuitmux_detach_circuit() when appropriate.
+ */
+static void
+circuit_about_to_free_atexit(circuit_t *circ)
+{
+
+  if (circ->n_chan) {
+    circuit_clear_cell_queue(circ, circ->n_chan);
+    circuitmux_detach_circuit(circ->n_chan->cmux, circ);
+    circuit_set_n_circid_chan(circ, 0, NULL);
+  }
+
+  if (! CIRCUIT_IS_ORIGIN(circ)) {
+    or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
+
+    if (or_circ->p_chan) {
+      circuit_clear_cell_queue(circ, or_circ->p_chan);
+      circuitmux_detach_circuit(or_circ->p_chan->cmux, circ);
+      circuit_set_p_circid_chan(or_circ, 0, NULL);
+    }
+  }
+}
+
+/** Called immediately before freeing a marked circuit <b>circ</b>.
+ * Disconnects the circuit from other data structures, launches events
+ * as appropriate, and performs other housekeeping.
+ */
+static void
+circuit_about_to_free(circuit_t *circ)
+{
+
+  int reason = circ->marked_for_close_reason;
+  int orig_reason = circ->marked_for_close_orig_reason;
+
   if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
     onion_pending_remove(TO_OR_CIRCUIT(circ));
   }
@@ -1687,42 +1821,47 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line,
      (circ->state == CIRCUIT_STATE_OPEN)?CIRC_EVENT_CLOSED:CIRC_EVENT_FAILED,
      orig_reason);
   }
+
   if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
     origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
     int timed_out = (reason == END_CIRC_REASON_TIMEOUT);
     tor_assert(circ->state == CIRCUIT_STATE_OPEN);
     tor_assert(ocirc->build_state->chosen_exit);
     tor_assert(ocirc->rend_data);
-    /* treat this like getting a nack from it */
-    log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). %s",
-           safe_str_client(ocirc->rend_data->onion_address),
-           safe_str_client(build_state_get_exit_nickname(ocirc->build_state)),
-           timed_out ? "Recording timeout." : "Removing from descriptor.");
-    rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit,
-                                           ocirc->rend_data,
-                                           timed_out ?
-                                           INTRO_POINT_FAILURE_TIMEOUT :
-                                           INTRO_POINT_FAILURE_GENERIC);
+    if (orig_reason != END_CIRC_REASON_IP_NOW_REDUNDANT) {
+      /* treat this like getting a nack from it */
+      log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). %s",
+          safe_str_client(ocirc->rend_data->onion_address),
+          safe_str_client(build_state_get_exit_nickname(ocirc->build_state)),
+          timed_out ? "Recording timeout." : "Removing from descriptor.");
+      rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit,
+                                             ocirc->rend_data,
+                                             timed_out ?
+                                             INTRO_POINT_FAILURE_TIMEOUT :
+                                             INTRO_POINT_FAILURE_GENERIC);
+    }
   } else if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCING &&
              reason != END_CIRC_REASON_TIMEOUT) {
     origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
     if (ocirc->build_state->chosen_exit && ocirc->rend_data) {
-      log_info(LD_REND, "Failed intro circ %s to %s "
-               "(building circuit to intro point). "
-               "Marking intro point as possibly unreachable.",
-               safe_str_client(ocirc->rend_data->onion_address),
-           safe_str_client(build_state_get_exit_nickname(ocirc->build_state)));
-      rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit,
-                                             ocirc->rend_data,
-                                             INTRO_POINT_FAILURE_UNREACHABLE);
+      if (orig_reason != END_CIRC_REASON_IP_NOW_REDUNDANT) {
+        log_info(LD_REND, "Failed intro circ %s to %s "
+            "(building circuit to intro point). "
+            "Marking intro point as possibly unreachable.",
+            safe_str_client(ocirc->rend_data->onion_address),
+            safe_str_client(build_state_get_exit_nickname(
+                                              ocirc->build_state)));
+        rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit,
+                                              ocirc->rend_data,
+                                              INTRO_POINT_FAILURE_UNREACHABLE);
+      }
     }
   }
+
   if (circ->n_chan) {
     circuit_clear_cell_queue(circ, circ->n_chan);
     /* Only send destroy if the channel isn't closing anyway */
-    if (!(circ->n_chan->state == CHANNEL_STATE_CLOSING ||
-          circ->n_chan->state == CHANNEL_STATE_CLOSED ||
-          circ->n_chan->state == CHANNEL_STATE_ERROR)) {
+    if (!CHANNEL_CONDEMNED(circ->n_chan)) {
       channel_send_destroy(circ->n_circ_id, circ->n_chan, reason);
     }
     circuitmux_detach_circuit(circ->n_chan->cmux, circ);
@@ -1754,9 +1893,7 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line,
     if (or_circ->p_chan) {
       circuit_clear_cell_queue(circ, or_circ->p_chan);
       /* Only send destroy if the channel isn't closing anyway */
-      if (!(or_circ->p_chan->state == CHANNEL_STATE_CLOSING ||
-            or_circ->p_chan->state == CHANNEL_STATE_CLOSED ||
-            or_circ->p_chan->state == CHANNEL_STATE_ERROR)) {
+      if (!CHANNEL_CONDEMNED(or_circ->p_chan)) {
         channel_send_destroy(or_circ->p_circ_id, or_circ->p_chan, reason);
       }
       circuitmux_detach_circuit(or_circ->p_chan->cmux, circ);
@@ -1769,20 +1906,6 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line,
       connection_edge_destroy(circ->n_circ_id, conn);
     ocirc->p_streams = NULL;
   }
-
-  circ->marked_for_close = line;
-  circ->marked_for_close_file = file;
-
-  if (!CIRCUIT_IS_ORIGIN(circ)) {
-    or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
-    if (or_circ->rend_splice) {
-      if (!or_circ->rend_splice->base_.marked_for_close) {
-        /* do this after marking this circuit, to avoid infinite recursion. */
-        circuit_mark_for_close(TO_CIRCUIT(or_circ->rend_splice), reason);
-      }
-      or_circ->rend_splice = NULL;
-    }
-  }
 }
 
 /** Given a marked circuit <b>circ</b>, aggressively free its cell queues to
@@ -1795,8 +1918,38 @@ marked_circuit_free_cells(circuit_t *circ)
     return;
   }
   cell_queue_clear(&circ->n_chan_cells);
-  if (! CIRCUIT_IS_ORIGIN(circ))
-    cell_queue_clear(& TO_OR_CIRCUIT(circ)->p_chan_cells);
+  if (circ->n_mux)
+    circuitmux_clear_num_cells(circ->n_mux, circ);
+  if (! CIRCUIT_IS_ORIGIN(circ)) {
+    or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
+    cell_queue_clear(&orcirc->p_chan_cells);
+    if (orcirc->p_mux)
+      circuitmux_clear_num_cells(orcirc->p_mux, circ);
+  }
+}
+
+static size_t
+single_conn_free_bytes(connection_t *conn)
+{
+  size_t result = 0;
+  if (conn->inbuf) {
+    result += buf_allocation(conn->inbuf);
+    buf_clear(conn->inbuf);
+  }
+  if (conn->outbuf) {
+    result += buf_allocation(conn->outbuf);
+    buf_clear(conn->outbuf);
+    conn->outbuf_flushlen = 0;
+  }
+  if (conn->type == CONN_TYPE_DIR) {
+    dir_connection_t *dir_conn = TO_DIR_CONN(conn);
+    if (dir_conn->zlib_state) {
+      result += tor_zlib_state_size(dir_conn->zlib_state);
+      tor_zlib_free(dir_conn->zlib_state);
+      dir_conn->zlib_state = NULL;
+    }
+  }
+  return result;
 }
 
 /** Aggressively free buffer contents on all the buffers of all streams in the
@@ -1807,13 +1960,9 @@ marked_circuit_streams_free_bytes(edge_connection_t *stream)
   size_t result = 0;
   for ( ; stream; stream = stream->next_stream) {
     connection_t *conn = TO_CONN(stream);
-    if (conn->inbuf) {
-      result += buf_allocation(conn->inbuf);
-      buf_clear(conn->inbuf);
-    }
-    if (conn->outbuf) {
-      result += buf_allocation(conn->outbuf);
-      buf_clear(conn->outbuf);
+    result += single_conn_free_bytes(conn);
+    if (conn->linked_conn) {
+      result += single_conn_free_bytes(conn->linked_conn);
     }
   }
   return result;
@@ -1871,6 +2020,28 @@ circuit_max_queued_cell_age(const circuit_t *c, uint32_t now)
   return age;
 }
 
+/** Return the age in milliseconds of the oldest buffer chunk on <b>conn</b>,
+ * where age is taken in milliseconds before the time <b>now</b> (in truncated
+ * milliseconds since the epoch).  If the connection has no data, treat
+ * it as having age zero.
+ **/
+static uint32_t
+conn_get_buffer_age(const connection_t *conn, uint32_t now)
+{
+  uint32_t age = 0, age2;
+  if (conn->outbuf) {
+    age2 = buf_get_oldest_chunk_timestamp(conn->outbuf, now);
+    if (age2 > age)
+      age = age2;
+  }
+  if (conn->inbuf) {
+    age2 = buf_get_oldest_chunk_timestamp(conn->inbuf, now);
+    if (age2 > age)
+      age = age2;
+  }
+  return age;
+}
+
 /** Return the age in milliseconds of the oldest buffer chunk on any stream in
  * the linked list <b>stream</b>, where age is taken in milliseconds before
  * the time <b>now</b> (in truncated milliseconds since the epoch). */
@@ -1880,18 +2051,15 @@ circuit_get_streams_max_data_age(const edge_connection_t *stream, uint32_t now)
   uint32_t age = 0, age2;
   for (; stream; stream = stream->next_stream) {
     const connection_t *conn = TO_CONN(stream);
-    if (conn->outbuf) {
-      age2 = buf_get_oldest_chunk_timestamp(conn->outbuf, now);
-      if (age2 > age)
-        age = age2;
-    }
-    if (conn->inbuf) {
-      age2 = buf_get_oldest_chunk_timestamp(conn->inbuf, now);
+    age2 = conn_get_buffer_age(conn, now);
+    if (age2 > age)
+      age = age2;
+    if (conn->linked_conn) {
+      age2 = conn_get_buffer_age(conn->linked_conn, now);
       if (age2 > age)
         age = age2;
     }
   }
-
   return age;
 }
 
@@ -1942,6 +2110,26 @@ circuits_compare_by_oldest_queued_item_(const void **a_, const void **b_)
     return -1;
 }
 
+static uint32_t now_ms_for_buf_cmp;
+
+/** Helper to sort a list of circuit_t by age of oldest item, in descending
+ * order. */
+static int
+conns_compare_by_buffer_age_(const void **a_, const void **b_)
+{
+  const connection_t *a = *a_;
+  const connection_t *b = *b_;
+  time_t age_a = conn_get_buffer_age(a, now_ms_for_buf_cmp);
+  time_t age_b = conn_get_buffer_age(b, now_ms_for_buf_cmp);
+
+  if (age_a < age_b)
+    return 1;
+  else if (age_a == age_b)
+    return 0;
+  else
+    return -1;
+}
+
 #define FRACTION_OF_DATA_TO_RETAIN_ON_OOM 0.90
 
 /** We're out of memory for cells, having allocated <b>current_allocation</b>
@@ -1950,12 +2138,13 @@ circuits_compare_by_oldest_queued_item_(const void **a_, const void **b_)
 void
 circuits_handle_oom(size_t current_allocation)
 {
-  /* Let's hope there's enough slack space for this allocation here... */
-  smartlist_t *circlist = smartlist_new();
-  circuit_t *circ;
+  smartlist_t *circlist;
+  smartlist_t *connection_array = get_connection_array();
+  int conn_idx;
   size_t mem_to_recover;
   size_t mem_recovered=0;
   int n_circuits_killed=0;
+  int n_dirconns_killed=0;
   struct timeval now;
   uint32_t now_ms;
   log_notice(LD_GENERAL, "We're low on memory.  Killing circuits with "
@@ -1963,17 +2152,6 @@ circuits_handle_oom(size_t current_allocation)
              "MaxMemInQueues.)");
 
   {
-    const size_t recovered = buf_shrink_freelists(1);
-    if (recovered >= current_allocation) {
-      log_warn(LD_BUG, "We somehow recovered more memory from freelists "
-               "than we thought we had allocated");
-      current_allocation = 0;
-    } else {
-      current_allocation -= recovered;
-    }
-  }
-
-  {
     size_t mem_target = (size_t)(get_options()->MaxMemInQueues *
                                  FRACTION_OF_DATA_TO_RETAIN_ON_OOM);
     if (current_allocation <= mem_target)
@@ -1984,22 +2162,61 @@ circuits_handle_oom(size_t current_allocation)
   tor_gettimeofday_cached_monotonic(&now);
   now_ms = (uint32_t)tv_to_msec(&now);
 
-  /* This algorithm itself assumes that you've got enough memory slack
-   * to actually run it. */
-  TOR_LIST_FOREACH(circ, &global_circuitlist, head) {
+  circlist = circuit_get_global_list();
+  SMARTLIST_FOREACH_BEGIN(circlist, circuit_t *, circ) {
     circ->age_tmp = circuit_max_queued_item_age(circ, now_ms);
-    smartlist_add(circlist, circ);
-  }
+  } SMARTLIST_FOREACH_END(circ);
 
   /* This is O(n log n); there are faster algorithms we could use instead.
    * Let's hope this doesn't happen enough to be in the critical path. */
   smartlist_sort(circlist, circuits_compare_by_oldest_queued_item_);
 
-  /* Okay, now the worst circuits are at the front of the list. Let's mark
-   * them, and reclaim their storage aggressively. */
+  /* Fix up the indices before we run into trouble */
+  SMARTLIST_FOREACH_BEGIN(circlist, circuit_t *, circ) {
+    circ->global_circuitlist_idx = circ_sl_idx;
+  } SMARTLIST_FOREACH_END(circ);
+
+  /* Now sort the connection array ... */
+  now_ms_for_buf_cmp = now_ms;
+  smartlist_sort(connection_array, conns_compare_by_buffer_age_);
+  now_ms_for_buf_cmp = 0;
+
+  /* Fix up the connection array to its new order. */
+  SMARTLIST_FOREACH_BEGIN(connection_array, connection_t *, conn) {
+    conn->conn_array_index = conn_sl_idx;
+  } SMARTLIST_FOREACH_END(conn);
+
+  /* Okay, now the worst circuits and connections are at the front of their
+   * respective lists. Let's mark them, and reclaim their storage
+   * aggressively. */
+  conn_idx = 0;
   SMARTLIST_FOREACH_BEGIN(circlist, circuit_t *, circ) {
-    size_t n = n_cells_in_circ_queues(circ);
+    size_t n;
     size_t freed;
+
+    /* Free storage in any non-linked directory connections that have buffered
+     * data older than this circuit. */
+    while (conn_idx < smartlist_len(connection_array)) {
+      connection_t *conn = smartlist_get(connection_array, conn_idx);
+      uint32_t conn_age = conn_get_buffer_age(conn, now_ms);
+      if (conn_age < circ->age_tmp) {
+        break;
+      }
+      if (conn->type == CONN_TYPE_DIR && conn->linked_conn == NULL) {
+        if (!conn->marked_for_close)
+          connection_mark_for_close(conn);
+        mem_recovered += single_conn_free_bytes(conn);
+
+        ++n_dirconns_killed;
+
+        if (mem_recovered >= mem_to_recover)
+          goto done_recovering_mem;
+      }
+      ++conn_idx;
+    }
+
+    /* Now, kill the circuit. */
+    n = n_cells_in_circ_queues(circ);
     if (! circ->marked_for_close) {
       circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
     }
@@ -2012,22 +2229,18 @@ circuits_handle_oom(size_t current_allocation)
     mem_recovered += freed;
 
     if (mem_recovered >= mem_to_recover)
-      break;
+      goto done_recovering_mem;
   } SMARTLIST_FOREACH_END(circ);
 
-#ifdef ENABLE_MEMPOOLS
-  clean_cell_pool(); /* In case this helps. */
-#endif /* ENABLE_MEMPOOLS */
-  buf_shrink_freelists(1); /* This is necessary to actually release buffer
-                              chunks. */
+ done_recovering_mem:
 
   log_notice(LD_GENERAL, "Removed "U64_FORMAT" bytes by killing %d circuits; "
-             "%d circuits remain alive.",
+             "%d circuits remain alive. Also killed %d non-linked directory "
+             "connections.",
              U64_PRINTF_ARG(mem_recovered),
              n_circuits_killed,
-             smartlist_len(circlist) - n_circuits_killed);
-
-  smartlist_free(circlist);
+             smartlist_len(circlist) - n_circuits_killed,
+             n_dirconns_killed);
 }
 
 /** Verify that cpath layer <b>cp</b> has all of its invariants
diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h
index d48d7c3963..2707b426ab 100644
--- a/src/or/circuitlist.h
+++ b/src/or/circuitlist.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -14,9 +14,7 @@
 
 #include "testsupport.h"
 
-TOR_LIST_HEAD(global_circuitlist_s, circuit_t);
-
-MOCK_DECL(struct global_circuitlist_s*, circuit_get_global_list, (void));
+MOCK_DECL(smartlist_t *, circuit_get_global_list, (void));
 const char *circuit_state_to_string(int state);
 const char *circuit_purpose_to_controller_string(uint8_t purpose);
 const char *circuit_purpose_to_controller_hs_state_string(uint8_t purpose);
@@ -73,8 +71,11 @@ void assert_circuit_ok(const circuit_t *c);
 void circuit_free_all(void);
 void circuits_handle_oom(size_t current_allocation);
 
+void circuit_clear_testing_cell_stats(circuit_t *circ);
+
 void channel_note_destroy_pending(channel_t *chan, circid_t id);
-void channel_note_destroy_not_pending(channel_t *chan, circid_t id);
+MOCK_DECL(void, channel_note_destroy_not_pending,
+          (channel_t *chan, circid_t id));
 
 #ifdef CIRCUITLIST_PRIVATE
 STATIC void circuit_free(circuit_t *circ);
diff --git a/src/or/circuitmux.c b/src/or/circuitmux.c
index e4571ff944..cc1c4cd401 100644
--- a/src/or/circuitmux.c
+++ b/src/or/circuitmux.c
@@ -1,4 +1,4 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -186,10 +186,10 @@ struct chanid_circid_muxinfo_t {
  * Static function declarations
  */
 
-static INLINE int
+static inline int
 chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
                          chanid_circid_muxinfo_t *b);
-static INLINE unsigned int
+static inline unsigned int
 chanid_circid_entry_hash(chanid_circid_muxinfo_t *a);
 static chanid_circid_muxinfo_t *
 circuitmux_find_map_entry(circuitmux_t *cmux, circuit_t *circ);
@@ -199,12 +199,12 @@ circuitmux_make_circuit_active(circuitmux_t *cmux, circuit_t *circ,
 static void
 circuitmux_make_circuit_inactive(circuitmux_t *cmux, circuit_t *circ,
                                  cell_direction_t direction);
-static INLINE void
+static inline void
 circuitmux_move_active_circ_to_tail(circuitmux_t *cmux, circuit_t *circ,
                                     cell_direction_t direction);
-static INLINE circuit_t **
+static inline circuit_t **
 circuitmux_next_active_circ_p(circuitmux_t *cmux, circuit_t *circ);
-static INLINE circuit_t **
+static inline circuit_t **
 circuitmux_prev_active_circ_p(circuitmux_t *cmux, circuit_t *circ);
 static void circuitmux_assert_okay_pass_one(circuitmux_t *cmux);
 static void circuitmux_assert_okay_pass_two(circuitmux_t *cmux);
@@ -226,7 +226,7 @@ static int64_t global_destroy_ctr = 0;
  * used by circuitmux_notify_xmit_cells().
  */
 
-static INLINE void
+static inline void
 circuitmux_move_active_circ_to_tail(circuitmux_t *cmux, circuit_t *circ,
                                     cell_direction_t direction)
 {
@@ -306,7 +306,7 @@ circuitmux_move_active_circ_to_tail(circuitmux_t *cmux, circuit_t *circ,
   circuitmux_assert_okay_paranoid(cmux);
 }
 
-static INLINE circuit_t **
+static inline circuit_t **
 circuitmux_next_active_circ_p(circuitmux_t *cmux, circuit_t *circ)
 {
   tor_assert(cmux);
@@ -319,7 +319,7 @@ circuitmux_next_active_circ_p(circuitmux_t *cmux, circuit_t *circ)
   }
 }
 
-static INLINE circuit_t **
+static inline circuit_t **
 circuitmux_prev_active_circ_p(circuitmux_t *cmux, circuit_t *circ)
 {
   tor_assert(cmux);
@@ -338,7 +338,7 @@ circuitmux_prev_active_circ_p(circuitmux_t *cmux, circuit_t *circ)
  * than zero appropriately.
  */
 
-static INLINE int
+static inline int
 chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
                          chanid_circid_muxinfo_t *b)
 {
@@ -349,7 +349,7 @@ chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
  * Helper: return a hash based on circuit ID and channel ID in a.
  */
 
-static INLINE unsigned int
+static inline unsigned int
 chanid_circid_entry_hash(chanid_circid_muxinfo_t *a)
 {
     return (((unsigned int)(a->circ_id) << 8) ^
@@ -363,9 +363,9 @@ HT_HEAD(chanid_circid_muxinfo_map, chanid_circid_muxinfo_t);
 /* Emit a bunch of hash table stuff */
 HT_PROTOTYPE(chanid_circid_muxinfo_map, chanid_circid_muxinfo_t, node,
              chanid_circid_entry_hash, chanid_circid_entries_eq);
-HT_GENERATE(chanid_circid_muxinfo_map, chanid_circid_muxinfo_t, node,
-            chanid_circid_entry_hash, chanid_circid_entries_eq, 0.6,
-            malloc, realloc, free);
+HT_GENERATE2(chanid_circid_muxinfo_map, chanid_circid_muxinfo_t, node,
+             chanid_circid_entry_hash, chanid_circid_entries_eq, 0.6,
+             tor_reallocarray_, tor_free_)
 
 /*
  * Circuitmux alloc/free functions
@@ -621,8 +621,8 @@ circuitmux_clear_policy(circuitmux_t *cmux)
  * Return the policy currently installed on a circuitmux_t
  */
 
-const circuitmux_policy_t *
-circuitmux_get_policy(circuitmux_t *cmux)
+MOCK_IMPL(const circuitmux_policy_t *,
+circuitmux_get_policy, (circuitmux_t *cmux))
 {
   tor_assert(cmux);
 
@@ -896,8 +896,8 @@ circuitmux_num_cells_for_circuit(circuitmux_t *cmux, circuit_t *circ)
  * Query total number of available cells on a circuitmux
  */
 
-unsigned int
-circuitmux_num_cells(circuitmux_t *cmux)
+MOCK_IMPL(unsigned int,
+circuitmux_num_cells, (circuitmux_t *cmux))
 {
   tor_assert(cmux);
 
@@ -1951,3 +1951,51 @@ circuitmux_count_queued_destroy_cells(const channel_t *chan,
   return n_destroy_cells;
 }
 
+/**
+ * Compare cmuxes to see which is more preferred; return < 0 if
+ * cmux_1 has higher priority (i.e., cmux_1 < cmux_2 in the scheduler's
+ * sort order), > 0 if cmux_2 has higher priority, or 0 if they are
+ * equally preferred.
+ *
+ * If the cmuxes have different cmux policies or the policy does not
+ * support the cmp_cmux method, return 0.
+ */
+
+MOCK_IMPL(int,
+circuitmux_compare_muxes, (circuitmux_t *cmux_1, circuitmux_t *cmux_2))
+{
+  const circuitmux_policy_t *policy;
+
+  tor_assert(cmux_1);
+  tor_assert(cmux_2);
+
+  if (cmux_1 == cmux_2) {
+    /* Equivalent because they're the same cmux */
+    return 0;
+  }
+
+  if (cmux_1->policy && cmux_2->policy) {
+    if (cmux_1->policy == cmux_2->policy) {
+      policy = cmux_1->policy;
+
+      if (policy->cmp_cmux) {
+        /* Okay, we can compare! */
+        return policy->cmp_cmux(cmux_1, cmux_1->policy_data,
+                                cmux_2, cmux_2->policy_data);
+      } else {
+        /*
+         * Equivalent because the policy doesn't know how to compare between
+         * muxes.
+         */
+        return 0;
+      }
+    } else {
+      /* Equivalent because they have different policies */
+      return 0;
+    }
+  } else {
+    /* Equivalent because one or both are missing a policy */
+    return 0;
+  }
+}
+
diff --git a/src/or/circuitmux.h b/src/or/circuitmux.h
index 2b5fb7e51e..00745ac4a1 100644
--- a/src/or/circuitmux.h
+++ b/src/or/circuitmux.h
@@ -1,4 +1,4 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -57,6 +57,9 @@ struct circuitmux_policy_s {
   /* Choose a circuit */
   circuit_t * (*pick_active_circuit)(circuitmux_t *cmux,
                                      circuitmux_policy_data_t *pol_data);
+  /* Optional: channel comparator for use by the scheduler */
+  int (*cmp_cmux)(circuitmux_t *cmux_1, circuitmux_policy_data_t *pol_data_1,
+                  circuitmux_t *cmux_2, circuitmux_policy_data_t *pol_data_2);
 };
 
 /*
@@ -105,7 +108,8 @@ void circuitmux_free(circuitmux_t *cmux);
 
 /* Policy control */
 void circuitmux_clear_policy(circuitmux_t *cmux);
-const circuitmux_policy_t * circuitmux_get_policy(circuitmux_t *cmux);
+MOCK_DECL(const circuitmux_policy_t *,
+          circuitmux_get_policy, (circuitmux_t *cmux));
 void circuitmux_set_policy(circuitmux_t *cmux,
                            const circuitmux_policy_t *pol);
 
@@ -117,7 +121,7 @@ int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ);
 int circuitmux_is_circuit_active(circuitmux_t *cmux, circuit_t *circ);
 unsigned int circuitmux_num_cells_for_circuit(circuitmux_t *cmux,
                                               circuit_t *circ);
-unsigned int circuitmux_num_cells(circuitmux_t *cmux);
+MOCK_DECL(unsigned int, circuitmux_num_cells, (circuitmux_t *cmux));
 unsigned int circuitmux_num_circuits(circuitmux_t *cmux);
 unsigned int circuitmux_num_active_circuits(circuitmux_t *cmux);
 
@@ -148,5 +152,9 @@ void circuitmux_append_destroy_cell(channel_t *chan,
 void circuitmux_mark_destroyed_circids_usable(circuitmux_t *cmux,
                                               channel_t *chan);
 
+/* Optional interchannel comparisons for scheduling */
+MOCK_DECL(int, circuitmux_compare_muxes,
+          (circuitmux_t *cmux_1, circuitmux_t *cmux_2));
+
 #endif /* TOR_CIRCUITMUX_H */
 
diff --git a/src/or/circuitmux_ewma.c b/src/or/circuitmux_ewma.c
index 3f37d7b9a0..b784a140ac 100644
--- a/src/or/circuitmux_ewma.c
+++ b/src/or/circuitmux_ewma.c
@@ -1,4 +1,4 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -115,7 +115,7 @@ TO_EWMA_POL_CIRC_DATA(circuitmux_policy_circ_data_t *);
  * if the cast is impossible.
  */
 
-static INLINE ewma_policy_data_t *
+static inline ewma_policy_data_t *
 TO_EWMA_POL_DATA(circuitmux_policy_data_t *pol)
 {
   if (!pol) return NULL;
@@ -130,7 +130,7 @@ TO_EWMA_POL_DATA(circuitmux_policy_data_t *pol)
  * and assert if the cast is impossible.
  */
 
-static INLINE ewma_policy_circ_data_t *
+static inline ewma_policy_circ_data_t *
 TO_EWMA_POL_CIRC_DATA(circuitmux_policy_circ_data_t *pol)
 {
   if (!pol) return NULL;
@@ -147,7 +147,7 @@ static int compare_cell_ewma_counts(const void *p1, const void *p2);
 static unsigned cell_ewma_tick_from_timeval(const struct timeval *now,
                                             double *remainder_out);
 static circuit_t * cell_ewma_to_circuit(cell_ewma_t *ewma);
-static INLINE double get_scale_factor(unsigned from_tick, unsigned to_tick);
+static inline double get_scale_factor(unsigned from_tick, unsigned to_tick);
 static cell_ewma_t * pop_first_cell_ewma(ewma_policy_data_t *pol);
 static void remove_cell_ewma(ewma_policy_data_t *pol, cell_ewma_t *ewma);
 static void scale_single_cell_ewma(cell_ewma_t *ewma, unsigned cur_tick);
@@ -187,6 +187,9 @@ ewma_notify_xmit_cells(circuitmux_t *cmux,
 static circuit_t *
 ewma_pick_active_circuit(circuitmux_t *cmux,
                          circuitmux_policy_data_t *pol_data);
+static int
+ewma_cmp_cmux(circuitmux_t *cmux_1, circuitmux_policy_data_t *pol_data_1,
+              circuitmux_t *cmux_2, circuitmux_policy_data_t *pol_data_2);
 
 /*** EWMA global variables ***/
 
@@ -209,7 +212,8 @@ circuitmux_policy_t ewma_policy = {
   /*.notify_circ_inactive =*/ ewma_notify_circ_inactive,
   /*.notify_set_n_cells =*/ NULL, /* EWMA doesn't need this */
   /*.notify_xmit_cells =*/ ewma_notify_xmit_cells,
-  /*.pick_active_circuit =*/ ewma_pick_active_circuit
+  /*.pick_active_circuit =*/ ewma_pick_active_circuit,
+  /*.cmp_cmux =*/ ewma_cmp_cmux
 };
 
 /*** EWMA method implementations using the below EWMA helper functions ***/
@@ -273,8 +277,8 @@ ewma_alloc_circ_data(circuitmux_t *cmux,
   tor_assert(circ);
   tor_assert(direction == CELL_DIRECTION_OUT ||
              direction == CELL_DIRECTION_IN);
-  /* Shut the compiler up */
-  tor_assert(cell_count == cell_count);
+  /* Shut the compiler up without triggering -Wtautological-compare */
+  (void)cell_count;
 
   cdata = tor_malloc_zero(sizeof(*cdata));
   cdata->base_.magic = EWMA_POL_CIRC_DATA_MAGIC;
@@ -453,6 +457,58 @@ ewma_pick_active_circuit(circuitmux_t *cmux,
   return circ;
 }
 
+/**
+ * Compare two EWMA cmuxes, and return -1, 0 or 1 to indicate which should
+ * be more preferred - see circuitmux_compare_muxes() of circuitmux.c.
+ */
+
+static int
+ewma_cmp_cmux(circuitmux_t *cmux_1, circuitmux_policy_data_t *pol_data_1,
+              circuitmux_t *cmux_2, circuitmux_policy_data_t *pol_data_2)
+{
+  ewma_policy_data_t *p1 = NULL, *p2 = NULL;
+  cell_ewma_t *ce1 = NULL, *ce2 = NULL;
+
+  tor_assert(cmux_1);
+  tor_assert(pol_data_1);
+  tor_assert(cmux_2);
+  tor_assert(pol_data_2);
+
+  p1 = TO_EWMA_POL_DATA(pol_data_1);
+  p2 = TO_EWMA_POL_DATA(pol_data_1);
+
+  if (p1 != p2) {
+    /* Get the head cell_ewma_t from each queue */
+    if (smartlist_len(p1->active_circuit_pqueue) > 0) {
+      ce1 = smartlist_get(p1->active_circuit_pqueue, 0);
+    }
+
+    if (smartlist_len(p2->active_circuit_pqueue) > 0) {
+      ce2 = smartlist_get(p2->active_circuit_pqueue, 0);
+    }
+
+    /* Got both of them? */
+    if (ce1 != NULL && ce2 != NULL) {
+      /* Pick whichever one has the better best circuit */
+      return compare_cell_ewma_counts(ce1, ce2);
+    } else {
+      if (ce1 != NULL ) {
+        /* We only have a circuit on cmux_1, so prefer it */
+        return -1;
+      } else if (ce2 != NULL) {
+        /* We only have a circuit on cmux_2, so prefer it */
+        return 1;
+      } else {
+        /* No circuits at all; no preference */
+        return 0;
+      }
+    }
+  } else {
+    /* We got identical params */
+    return 0;
+  }
+}
+
 /** Helper for sorting cell_ewma_t values in their priority queue. */
 static int
 compare_cell_ewma_counts(const void *p1, const void *p2)
@@ -588,7 +644,7 @@ cell_ewma_set_scale_factor(const or_options_t *options,
 
 /** Return the multiplier necessary to convert the value of a cell sent in
  * 'from_tick' to one sent in 'to_tick'. */
-static INLINE double
+static inline double
 get_scale_factor(unsigned from_tick, unsigned to_tick)
 {
   /* This math can wrap around, but that's okay: unsigned overflow is
diff --git a/src/or/circuitmux_ewma.h b/src/or/circuitmux_ewma.h
index a512745c77..58aac1e196 100644
--- a/src/or/circuitmux_ewma.h
+++ b/src/or/circuitmux_ewma.h
@@ -1,4 +1,4 @@
-/* * Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* * Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c
index e362b1b49e..9ac2d565b5 100644
--- a/src/or/circuitstats.c
+++ b/src/or/circuitstats.c
@@ -1,9 +1,16 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file circuitstats.c
+ *
+ * \brief Maintains and analyzes statistics about circuit built times, so we
+ * can tell how long we may need to wait for a fast circuit to be constructed.
+ */
+
 #define CIRCUITSTATS_PRIVATE
 
 #include "or.h"
@@ -404,7 +411,7 @@ circuit_build_times_new_consensus_params(circuit_build_times_t *cbt,
          * distress anyway, so memory correctness here is paramount over
          * doing acrobatics to preserve the array.
          */
-        recent_circs = tor_malloc_zero(sizeof(int8_t)*num);
+        recent_circs = tor_calloc(num, sizeof(int8_t));
         if (cbt->liveness.timeouts_after_firsthop &&
             cbt->liveness.num_recent_circs > 0) {
           memcpy(recent_circs, cbt->liveness.timeouts_after_firsthop,
@@ -508,7 +515,7 @@ circuit_build_times_init(circuit_build_times_t *cbt)
     cbt->liveness.num_recent_circs =
       circuit_build_times_recent_circuit_count(NULL);
     cbt->liveness.timeouts_after_firsthop =
-      tor_malloc_zero(sizeof(int8_t)*cbt->liveness.num_recent_circs);
+      tor_calloc(cbt->liveness.num_recent_circs, sizeof(int8_t));
   } else {
     cbt->liveness.num_recent_circs = 0;
     cbt->liveness.timeouts_after_firsthop = NULL;
@@ -649,7 +656,7 @@ circuit_build_times_create_histogram(const circuit_build_times_t *cbt,
   int i, c;
 
   *nbins = 1 + (max_build_time / CBT_BIN_WIDTH);
-  histogram = tor_malloc_zero(*nbins * sizeof(build_time_t));
+  histogram = tor_calloc(*nbins, sizeof(build_time_t));
 
   // calculate histogram
   for (i = 0; i < CBT_NCIRCUITS_TO_OBSERVE; i++) {
@@ -691,7 +698,7 @@ circuit_build_times_get_xm(circuit_build_times_t *cbt)
   if (cbt->total_build_times < CBT_NCIRCUITS_TO_OBSERVE)
     num_modes = 1;
 
-  nth_max_bin = (build_time_t*)tor_malloc_zero(num_modes*sizeof(build_time_t));
+  nth_max_bin = tor_calloc(num_modes, sizeof(build_time_t));
 
   /* Determine the N most common build times */
   for (i = 0; i < nbins; i++) {
@@ -873,7 +880,7 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt,
   }
 
   /* build_time_t 0 means uninitialized */
-  loaded_times = tor_malloc_zero(sizeof(build_time_t)*state->TotalBuildTimes);
+  loaded_times = tor_calloc(state->TotalBuildTimes, sizeof(build_time_t));
 
   for (line = state->BuildtimeHistogram; line; line = line->next) {
     smartlist_t *args = smartlist_new();
@@ -1074,7 +1081,7 @@ circuit_build_times_update_alpha(circuit_build_times_t *cbt)
  *     random_sample_from_Pareto_distribution
  * That's right. I'll cite wikipedia all day long.
  *
- * Return value is in milliseconds.
+ * Return value is in milliseconds, clamped to INT32_MAX.
  */
 STATIC double
 circuit_build_times_calculate_timeout(circuit_build_times_t *cbt,
@@ -1085,7 +1092,21 @@ circuit_build_times_calculate_timeout(circuit_build_times_t *cbt,
   tor_assert(1.0-quantile > 0);
   tor_assert(cbt->Xm > 0);
 
-  ret = cbt->Xm/pow(1.0-quantile,1.0/cbt->alpha);
+  /* If either alpha or p are 0, we would divide by zero, yielding an
+   * infinite (double) result; which would be clamped to INT32_MAX.
+   * Instead, initialise ret to INT32_MAX, and skip over these
+   * potentially illegal/trapping divides by zero.
+   */
+  ret = INT32_MAX;
+
+  if (cbt->alpha > 0) {
+    double p;
+    p = pow(1.0-quantile,1.0/cbt->alpha);
+    if (p > 0) {
+      ret = cbt->Xm/p;
+    }
+  }
+
   if (ret > INT32_MAX) {
     ret = INT32_MAX;
   }
@@ -1218,6 +1239,9 @@ circuit_build_times_network_is_live(circuit_build_times_t *cbt)
   }
   cbt->liveness.network_last_live = now;
   cbt->liveness.nonlive_timeouts = 0;
+
+  /* Tell control.c */
+  control_event_network_liveness_update(1);
 }
 
 /**
@@ -1302,6 +1326,9 @@ circuit_build_times_network_close(circuit_build_times_t *cbt,
                  "Tor has not observed any network activity for the past %d "
                  "seconds. Disabling circuit build timeout recording.",
                  (int)(now - cbt->liveness.network_last_live));
+
+      /* Tell control.c */
+      control_event_network_liveness_update(0);
     } else {
       log_info(LD_CIRC,
              "Got non-live timeout. Current count is: %d",
@@ -1371,10 +1398,11 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt)
   }
   cbt->liveness.after_firsthop_idx = 0;
 
+#define MAX_TIMEOUT ((int32_t) (INT32_MAX/2))
   /* Check to see if this has happened before. If so, double the timeout
    * to give people on abysmally bad network connections a shot at access */
   if (cbt->timeout_ms >= circuit_build_times_get_initial_timeout()) {
-    if (cbt->timeout_ms > INT32_MAX/2 || cbt->close_ms > INT32_MAX/2) {
+    if (cbt->timeout_ms > MAX_TIMEOUT || cbt->close_ms > MAX_TIMEOUT) {
       log_warn(LD_CIRC, "Insanely large circuit build timeout value. "
               "(timeout = %fmsec, close = %fmsec)",
                cbt->timeout_ms, cbt->close_ms);
@@ -1386,6 +1414,7 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt)
     cbt->close_ms = cbt->timeout_ms
                   = circuit_build_times_get_initial_timeout();
   }
+#undef MAX_TIMEOUT
 
   cbt_control_event_buildtimeout_set(cbt, BUILDTIMEOUT_SET_EVENT_RESET);
 
diff --git a/src/or/circuitstats.h b/src/or/circuitstats.h
index 3343310b8e..72b160983f 100644
--- a/src/or/circuitstats.h
+++ b/src/or/circuitstats.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 714754a672..2c724dee05 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -92,7 +92,7 @@ circuit_is_acceptable(const origin_circuit_t *origin_circ,
   /* decide if this circ is suitable for this conn */
 
   /* for rend circs, circ->cpath->prev is not the last router in the
-   * circuit, it's the magical extra bob hop. so just check the nickname
+   * circuit, it's the magical extra service hop. so just check the nickname
    * of the one we meant to finish at.
    */
   build_state = origin_circ->build_state;
@@ -200,7 +200,7 @@ circuit_is_better(const origin_circuit_t *oa, const origin_circuit_t *ob,
           return 1;
       } else {
         if (a->timestamp_dirty ||
-            timercmp(&a->timestamp_began, &b->timestamp_began, >))
+            timercmp(&a->timestamp_began, &b->timestamp_began, OP_GT))
           return 1;
         if (ob->build_state->is_internal)
           /* XXX023 what the heck is this internal thing doing here. I
@@ -268,7 +268,6 @@ circuit_get_best(const entry_connection_t *conn,
                  int must_be_open, uint8_t purpose,
                  int need_uptime, int need_internal)
 {
-  circuit_t *circ;
   origin_circuit_t *best=NULL;
   struct timeval now;
   int intro_going_on_but_too_old = 0;
@@ -281,7 +280,7 @@ circuit_get_best(const entry_connection_t *conn,
 
   tor_gettimeofday(&now);
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     origin_circuit_t *origin_circ;
     if (!CIRCUIT_IS_ORIGIN(circ))
       continue;
@@ -305,6 +304,7 @@ circuit_get_best(const entry_connection_t *conn,
     if (!best || circuit_is_better(origin_circ,best,conn))
       best = origin_circ;
   }
+  SMARTLIST_FOREACH_END(circ);
 
   if (!best && intro_going_on_but_too_old)
     log_info(LD_REND|LD_CIRC, "There is an intro circuit being created "
@@ -318,11 +318,9 @@ circuit_get_best(const entry_connection_t *conn,
 static int
 count_pending_general_client_circuits(void)
 {
-  const circuit_t *circ;
-
   int count = 0;
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (circ->marked_for_close ||
         circ->state == CIRCUIT_STATE_OPEN ||
         circ->purpose != CIRCUIT_PURPOSE_C_GENERAL ||
@@ -331,6 +329,7 @@ count_pending_general_client_circuits(void)
 
     ++count;
   }
+  SMARTLIST_FOREACH_END(circ);
 
   return count;
 }
@@ -370,7 +369,6 @@ circuit_conforms_to_options(const origin_circuit_t *circ,
 void
 circuit_expire_building(void)
 {
-  circuit_t *victim, *next_circ;
   /* circ_times.timeout_ms and circ_times.close_ms are from
    * circuit_build_times_get_initial_timeout() if we haven't computed
    * custom timeouts yet */
@@ -388,7 +386,7 @@ circuit_expire_building(void)
    * we want to be more lenient with timeouts, in case the
    * user has relocated and/or changed network connections.
    * See bug #3443. */
-  TOR_LIST_FOREACH(next_circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, next_circ) {
     if (!CIRCUIT_IS_ORIGIN(next_circ) || /* didn't originate here */
         next_circ->marked_for_close) { /* don't mess with marked circs */
       continue;
@@ -402,7 +400,7 @@ circuit_expire_building(void)
       any_opened_circs = 1;
       break;
     }
-  }
+  } SMARTLIST_FOREACH_END(next_circ);
 
 #define SET_CUTOFF(target, msec) do {                       \
     long ms = tor_lround(msec);                             \
@@ -473,9 +471,8 @@ circuit_expire_building(void)
              MAX(get_circuit_build_close_time_ms()*2 + 1000,
                  options->SocksTimeout * 1000));
 
-  TOR_LIST_FOREACH(next_circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *,victim) {
     struct timeval cutoff;
-    victim = next_circ;
     if (!CIRCUIT_IS_ORIGIN(victim) || /* didn't originate here */
         victim->marked_for_close)     /* don't mess with marked circs */
       continue;
@@ -517,7 +514,7 @@ circuit_expire_building(void)
     if (TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)
       cutoff = hs_extremely_old_cutoff;
 
-    if (timercmp(&victim->timestamp_began, &cutoff, >))
+    if (timercmp(&victim->timestamp_began, &cutoff, OP_GT))
       continue; /* it's still young, leave it alone */
 
     /* We need to double-check the opened state here because
@@ -527,7 +524,7 @@ circuit_expire_building(void)
      * aren't either. */
     if (!any_opened_circs && victim->state != CIRCUIT_STATE_OPEN) {
       /* It's still young enough that we wouldn't close it, right? */
-      if (timercmp(&victim->timestamp_began, &close_cutoff, >)) {
+      if (timercmp(&victim->timestamp_began, &close_cutoff, OP_GT)) {
         if (!TO_ORIGIN_CIRCUIT(victim)->relaxed_timeout) {
           int first_hop_succeeded = TO_ORIGIN_CIRCUIT(victim)->cpath->state
                                       == CPATH_STATE_OPEN;
@@ -675,7 +672,7 @@ circuit_expire_building(void)
          * it off at, we probably had a suspend event along this codepath,
          * and we should discard the value.
          */
-        if (timercmp(&victim->timestamp_began, &extremely_old_cutoff, <)) {
+        if (timercmp(&victim->timestamp_began, &extremely_old_cutoff, OP_LT)) {
           log_notice(LD_CIRC,
                      "Extremely large value for circuit build timeout: %lds. "
                      "Assuming clock jump. Purpose %d (%s)",
@@ -780,7 +777,7 @@ circuit_expire_building(void)
       circuit_mark_for_close(victim, END_CIRC_REASON_TIMEOUT);
 
     pathbias_count_timeout(TO_ORIGIN_CIRCUIT(victim));
-  }
+  } SMARTLIST_FOREACH_END(victim);
 }
 
 /** For debugging #8387: track when we last called
@@ -800,9 +797,8 @@ circuit_log_ancient_one_hop_circuits(int age)
   time_t cutoff = now - age;
   int n_found = 0;
   smartlist_t *log_these = smartlist_new();
-  const circuit_t *circ;
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     const origin_circuit_t *ocirc;
     if (! CIRCUIT_IS_ORIGIN(circ))
       continue;
@@ -817,6 +813,7 @@ circuit_log_ancient_one_hop_circuits(int age)
         smartlist_add(log_these, (origin_circuit_t*) ocirc);
     }
   }
+  SMARTLIST_FOREACH_END(circ);
 
   if (n_found == 0)
     goto done;
@@ -831,7 +828,7 @@ circuit_log_ancient_one_hop_circuits(int age)
     int stream_num;
     const edge_connection_t *conn;
     char *dirty = NULL;
-    circ = TO_CIRCUIT(ocirc);
+    const circuit_t *circ = TO_CIRCUIT(ocirc);
 
     format_local_iso_time(created,
                           (time_t)circ->timestamp_created.tv_sec);
@@ -848,12 +845,14 @@ circuit_log_ancient_one_hop_circuits(int age)
     }
 
     log_notice(LD_HEARTBEAT, "  #%d created at %s. %s, %s. %s for close. "
+               "Package window: %d. "
                "%s for new conns. %s.",
                ocirc_sl_idx,
                created,
                circuit_state_to_string(circ->state),
                circuit_purpose_to_string(circ->purpose),
                circ->marked_for_close ? "Marked" : "Not marked",
+               circ->package_window,
                ocirc->unusable_for_new_conns ? "Not usable" : "usable",
                dirty);
     tor_free(dirty);
@@ -869,12 +868,18 @@ circuit_log_ancient_one_hop_circuits(int age)
 
       log_notice(LD_HEARTBEAT, "     Stream#%d created at %s. "
                  "%s conn in state %s. "
+                 "It is %slinked and %sreading from a linked connection %p. "
+                 "Package window %d. "
                  "%s for close (%s:%d). Hold-open is %sset. "
                  "Has %ssent RELAY_END. %s on circuit.",
                  stream_num,
                  stream_created,
                  conn_type_to_string(c->type),
                  conn_state_to_string(c->type, c->state),
+                 c->linked ? "" : "not ",
+                 c->reading_from_linked_conn ? "": "not",
+                 c->linked_conn,
+                 conn->package_window,
                  c->marked_for_close ? "Marked" : "Not marked",
                  c->marked_for_close_file ? c->marked_for_close_file : "--",
                  c->marked_for_close,
@@ -938,7 +943,6 @@ int
 circuit_stream_is_being_handled(entry_connection_t *conn,
                                 uint16_t port, int min)
 {
-  circuit_t *circ;
   const node_t *exitnode;
   int num=0;
   time_t now = time(NULL);
@@ -946,7 +950,7 @@ circuit_stream_is_being_handled(entry_connection_t *conn,
                                    get_options()->LongLivedPorts,
                                    conn ? conn->socks_request->port : port);
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (CIRCUIT_IS_ORIGIN(circ) &&
         !circ->marked_for_close &&
         circ->purpose == CIRCUIT_PURPOSE_C_GENERAL &&
@@ -976,6 +980,7 @@ circuit_stream_is_being_handled(entry_connection_t *conn,
       }
     }
   }
+  SMARTLIST_FOREACH_END(circ);
   return 0;
 }
 
@@ -989,7 +994,6 @@ circuit_stream_is_being_handled(entry_connection_t *conn,
 static void
 circuit_predict_and_launch_new(void)
 {
-  circuit_t *circ;
   int num=0, num_internal=0, num_uptime_internal=0;
   int hidserv_needs_uptime=0, hidserv_needs_capacity=1;
   int port_needs_uptime=0, port_needs_capacity=1;
@@ -997,7 +1001,7 @@ circuit_predict_and_launch_new(void)
   int flags = 0;
 
   /* First, count how many of each type of circuit we have already. */
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     cpath_build_state_t *build_state;
     origin_circuit_t *origin_circ;
     if (!CIRCUIT_IS_ORIGIN(circ))
@@ -1020,6 +1024,7 @@ circuit_predict_and_launch_new(void)
     if (build_state->need_uptime && build_state->is_internal)
       num_uptime_internal++;
   }
+  SMARTLIST_FOREACH_END(circ);
 
   /* If that's enough, then stop now. */
   if (num >= MAX_UNUSED_OPEN_CIRCUITS)
@@ -1027,9 +1032,11 @@ circuit_predict_and_launch_new(void)
 
   /* Second, see if we need any more exit circuits. */
   /* check if we know of a port that's been requested recently
-   * and no circuit is currently available that can handle it. */
+   * and no circuit is currently available that can handle it.
+   * Exits (obviously) require an exit circuit. */
   if (!circuit_all_predicted_ports_handled(now, &port_needs_uptime,
-                                           &port_needs_capacity)) {
+                                           &port_needs_capacity)
+      && router_have_consensus_path() == CONSENSUS_PATH_EXIT) {
     if (port_needs_uptime)
       flags |= CIRCLAUNCH_NEED_UPTIME;
     if (port_needs_capacity)
@@ -1041,8 +1048,10 @@ circuit_predict_and_launch_new(void)
     return;
   }
 
-  /* Third, see if we need any more hidden service (server) circuits. */
-  if (num_rend_services() && num_uptime_internal < 3) {
+  /* Third, see if we need any more hidden service (server) circuits.
+   * HS servers only need an internal circuit. */
+  if (num_rend_services() && num_uptime_internal < 3
+      && router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
     flags = (CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_NEED_UPTIME |
              CIRCLAUNCH_IS_INTERNAL);
     log_info(LD_CIRC,
@@ -1053,11 +1062,13 @@ circuit_predict_and_launch_new(void)
     return;
   }
 
-  /* Fourth, see if we need any more hidden service (client) circuits. */
+  /* Fourth, see if we need any more hidden service (client) circuits.
+   * HS clients only need an internal circuit. */
   if (rep_hist_get_predicted_internal(now, &hidserv_needs_uptime,
                                       &hidserv_needs_capacity) &&
       ((num_uptime_internal<2 && hidserv_needs_uptime) ||
-        num_internal<2)) {
+        num_internal<2)
+        && router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
     if (hidserv_needs_uptime)
       flags |= CIRCLAUNCH_NEED_UPTIME;
     if (hidserv_needs_capacity)
@@ -1074,15 +1085,23 @@ circuit_predict_and_launch_new(void)
   /* Finally, check to see if we still need more circuits to learn
    * a good build timeout. But if we're close to our max number we
    * want, don't do another -- we want to leave a few slots open so
-   * we can still build circuits preemptively as needed. */
-  if (num < MAX_UNUSED_OPEN_CIRCUITS-2 &&
-      ! circuit_build_times_disabled() &&
-      circuit_build_times_needs_circuits_now(get_circuit_build_times())) {
-    flags = CIRCLAUNCH_NEED_CAPACITY;
-    log_info(LD_CIRC,
-             "Have %d clean circs need another buildtime test circ.", num);
-    circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, flags);
-    return;
+   * we can still build circuits preemptively as needed.
+   * XXXX make the assumption that build timeout streams should be
+   * created whenever we can build internal circuits. */
+  if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
+    if (num < MAX_UNUSED_OPEN_CIRCUITS-2 &&
+        ! circuit_build_times_disabled() &&
+        circuit_build_times_needs_circuits_now(get_circuit_build_times())) {
+      flags = CIRCLAUNCH_NEED_CAPACITY;
+      /* if there are no exits in the consensus, make timeout
+       * circuits internal */
+      if (router_have_consensus_path() == CONSENSUS_PATH_INTERNAL)
+        flags |= CIRCLAUNCH_IS_INTERNAL;
+      log_info(LD_CIRC,
+               "Have %d clean circs need another buildtime test circ.", num);
+      circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, flags);
+      return;
+    }
   }
 }
 
@@ -1099,11 +1118,17 @@ circuit_build_needed_circs(time_t now)
 {
   const or_options_t *options = get_options();
 
-  /* launch a new circ for any pending streams that need one */
-  connection_ap_attach_pending();
+  /* launch a new circ for any pending streams that need one
+   * XXXX make the assumption that (some) AP streams (i.e. HS clients)
+   * don't require an exit circuit, review in #13814.
+   * This allows HSs to function in a consensus without exits. */
+  if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN)
+    connection_ap_rescan_and_attach_pending();
 
-  /* make sure any hidden services have enough intro points */
-  rend_services_introduce();
+  /* make sure any hidden services have enough intro points
+   * HS intro point streams only require an internal circuit */
+  if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN)
+    rend_consider_services_intro_points();
 
   circuit_expire_old_circs_as_needed(now);
 
@@ -1164,17 +1189,31 @@ circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
 
   if (CIRCUIT_IS_ORIGIN(circ)) {
     origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
+    int removed = 0;
     if (conn == origin_circ->p_streams) {
       origin_circ->p_streams = conn->next_stream;
-      return;
+      removed = 1;
+    } else {
+      for (prevconn = origin_circ->p_streams;
+           prevconn && prevconn->next_stream && prevconn->next_stream != conn;
+           prevconn = prevconn->next_stream)
+        ;
+      if (prevconn && prevconn->next_stream) {
+        prevconn->next_stream = conn->next_stream;
+        removed = 1;
+      }
     }
+    if (removed) {
+      log_debug(LD_APP, "Removing stream %d from circ %u",
+                conn->stream_id, (unsigned)circ->n_circ_id);
 
-    for (prevconn = origin_circ->p_streams;
-         prevconn && prevconn->next_stream && prevconn->next_stream != conn;
-         prevconn = prevconn->next_stream)
-      ;
-    if (prevconn && prevconn->next_stream) {
-      prevconn->next_stream = conn->next_stream;
+      /* If the stream was removed, and it was a rend stream, decrement the
+       * number of streams on the circuit associated with the rend service.
+       */
+      if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
+        tor_assert(origin_circ->rend_data);
+        origin_circ->rend_data->nr_streams--;
+      }
       return;
     }
   } else {
@@ -1223,7 +1262,6 @@ circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
 static void
 circuit_expire_old_circuits_clientside(void)
 {
-  circuit_t *circ;
   struct timeval cutoff, now;
 
   tor_gettimeofday(&now);
@@ -1239,7 +1277,7 @@ circuit_expire_old_circuits_clientside(void)
     cutoff.tv_sec -= get_options()->CircuitIdleTimeout;
   }
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (circ->marked_for_close || !CIRCUIT_IS_ORIGIN(circ))
       continue;
     /* If the circuit has been dirty for too long, and there are no streams
@@ -1259,7 +1297,7 @@ circuit_expire_old_circuits_clientside(void)
       if (circ->purpose != CIRCUIT_PURPOSE_PATH_BIAS_TESTING)
         circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
     } else if (!circ->timestamp_dirty && circ->state == CIRCUIT_STATE_OPEN) {
-      if (timercmp(&circ->timestamp_began, &cutoff, <)) {
+      if (timercmp(&circ->timestamp_began, &cutoff, OP_LT)) {
         if (circ->purpose == CIRCUIT_PURPOSE_C_GENERAL ||
                 circ->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT ||
                 circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
@@ -1291,7 +1329,7 @@ circuit_expire_old_circuits_clientside(void)
         }
       }
     }
-  }
+  } SMARTLIST_FOREACH_END(circ);
 }
 
 /** How long do we wait before killing circuits with the properties
@@ -1318,11 +1356,10 @@ circuit_expire_old_circuits_clientside(void)
 void
 circuit_expire_old_circuits_serverside(time_t now)
 {
-  circuit_t *circ;
   or_circuit_t *or_circ;
   time_t cutoff = now - IDLE_ONE_HOP_CIRC_TIMEOUT;
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (circ->marked_for_close || CIRCUIT_IS_ORIGIN(circ))
       continue;
     or_circ = TO_OR_CIRCUIT(circ);
@@ -1339,6 +1376,7 @@ circuit_expire_old_circuits_serverside(time_t now)
       circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
     }
   }
+  SMARTLIST_FOREACH_END(circ);
 }
 
 /** Number of testing circuits we want open before testing our bandwidth. */
@@ -1363,18 +1401,18 @@ reset_bandwidth_test(void)
 int
 circuit_enough_testing_circs(void)
 {
-  circuit_t *circ;
   int num = 0;
 
   if (have_performed_bandwidth_test)
     return 1;
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (!circ->marked_for_close && CIRCUIT_IS_ORIGIN(circ) &&
         circ->purpose == CIRCUIT_PURPOSE_TESTING &&
         circ->state == CIRCUIT_STATE_OPEN)
       num++;
   }
+  SMARTLIST_FOREACH_END(circ);
   return num >= NUM_PARALLEL_TESTING_CIRCS;
 }
 
@@ -1388,7 +1426,7 @@ static void
 circuit_testing_opened(origin_circuit_t *circ)
 {
   if (have_performed_bandwidth_test ||
-      !check_whether_orport_reachable()) {
+      !check_whether_orport_reachable(get_options())) {
     /* either we've already done everything we want with testing circuits,
      * or this testing circuit became open due to a fluke, e.g. we picked
      * a last hop where we already had the connection open due to an
@@ -1405,7 +1443,8 @@ circuit_testing_opened(origin_circuit_t *circ)
 static void
 circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
 {
-  if (server_mode(get_options()) && check_whether_orport_reachable())
+  const or_options_t *options = get_options();
+  if (server_mode(options) && check_whether_orport_reachable(options))
     return;
 
   log_info(LD_GENERAL,
@@ -1437,7 +1476,7 @@ circuit_has_opened(origin_circuit_t *circ)
     case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
       rend_client_rendcirc_has_opened(circ);
       /* Start building an intro circ if we don't have one yet. */
-      connection_ap_attach_pending();
+      connection_ap_attach_pending(1);
       /* This isn't a call to circuit_try_attaching_streams because a
        * circuit in _C_ESTABLISH_REND state isn't connected to its
        * hidden service yet, thus we can't attach streams to it yet,
@@ -1455,11 +1494,11 @@ circuit_has_opened(origin_circuit_t *circ)
       circuit_try_attaching_streams(circ);
       break;
     case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
-      /* at Bob, waiting for introductions */
+      /* at the service, waiting for introductions */
       rend_service_intro_has_opened(circ);
       break;
     case CIRCUIT_PURPOSE_S_CONNECT_REND:
-      /* at Bob, connecting to rend point */
+      /* at the service, connecting to rend point */
       rend_service_rendezvous_has_opened(circ);
       break;
     case CIRCUIT_PURPOSE_TESTING:
@@ -1499,14 +1538,14 @@ void
 circuit_try_attaching_streams(origin_circuit_t *circ)
 {
   /* Attach streams to this circuit if we can. */
-  connection_ap_attach_pending();
+  connection_ap_attach_pending(1);
 
   /* The call to circuit_try_clearing_isolation_state here will do
    * nothing and return 0 if we didn't attach any streams to circ
    * above. */
   if (circuit_try_clearing_isolation_state(circ)) {
     /* Maybe *now* we can attach some streams to this circuit. */
-    connection_ap_attach_pending();
+    connection_ap_attach_pending(1);
   }
 }
 
@@ -1579,32 +1618,32 @@ circuit_build_failed(origin_circuit_t *circ)
       circuit_testing_failed(circ, failed_at_last_hop);
       break;
     case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
-      /* at Bob, waiting for introductions */
+      /* at the service, waiting for introductions */
       if (circ->base_.state != CIRCUIT_STATE_OPEN) {
         circuit_increment_failure_count();
       }
-      /* no need to care here, because bob will rebuild intro
+      /* no need to care here, because the service will rebuild intro
        * points periodically. */
       break;
     case CIRCUIT_PURPOSE_C_INTRODUCING:
-      /* at Alice, connecting to intro point */
-      /* Don't increment failure count, since Bob may have picked
+      /* at the client, connecting to intro point */
+      /* Don't increment failure count, since the service may have picked
        * the introduction point maliciously */
-      /* Alice will pick a new intro point when this one dies, if
+      /* The client will pick a new intro point when this one dies, if
        * the stream in question still cares. No need to act here. */
       break;
     case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
-      /* at Alice, waiting for Bob */
+      /* at the client, waiting for the service */
       circuit_increment_failure_count();
-      /* Alice will pick a new rend point when this one dies, if
+      /* the client will pick a new rend point when this one dies, if
        * the stream in question still cares. No need to act here. */
       break;
     case CIRCUIT_PURPOSE_S_CONNECT_REND:
-      /* at Bob, connecting to rend point */
-      /* Don't increment failure count, since Alice may have picked
+      /* at the service, connecting to rend point */
+      /* Don't increment failure count, since the client may have picked
        * the rendezvous point maliciously */
       log_info(LD_REND,
-               "Couldn't connect to Alice's chosen rend point %s "
+               "Couldn't connect to the client's chosen rend point %s "
                "(%s hop failed).",
                escaped(build_state_get_exit_nickname(circ->build_state)),
                failed_at_last_hop?"last":"non-last");
@@ -1636,6 +1675,20 @@ circuit_launch(uint8_t purpose, int flags)
   return circuit_launch_by_extend_info(purpose, NULL, flags);
 }
 
+/* Do we have enough descriptors to build paths?
+ * If need_exit is true, return 1 if we can build exit paths.
+ * (We need at least one Exit in the consensus to build exit paths.)
+ * If need_exit is false, return 1 if we can build internal paths.
+ */
+static int
+have_enough_path_info(int need_exit)
+{
+  if (need_exit)
+    return router_have_consensus_path() == CONSENSUS_PATH_EXIT;
+  else
+    return router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN;
+}
+
 /** Launch a new circuit with purpose <b>purpose</b> and exit node
  * <b>extend_info</b> (or NULL to select a random exit node).  If flags
  * contains CIRCLAUNCH_NEED_UPTIME, choose among routers with high uptime.  If
@@ -1650,15 +1703,29 @@ circuit_launch_by_extend_info(uint8_t purpose,
 {
   origin_circuit_t *circ;
   int onehop_tunnel = (flags & CIRCLAUNCH_ONEHOP_TUNNEL) != 0;
-
-  if (!onehop_tunnel && !router_have_minimum_dir_info()) {
-    log_debug(LD_CIRC,"Haven't fetched enough directory info yet; canceling "
-              "circuit launch.");
+  int have_path = have_enough_path_info(! (flags & CIRCLAUNCH_IS_INTERNAL) );
+  int need_specific_rp = 0;
+
+  if (!onehop_tunnel && (!router_have_minimum_dir_info() || !have_path)) {
+    log_debug(LD_CIRC,"Haven't %s yet; canceling "
+              "circuit launch.",
+              !router_have_minimum_dir_info() ?
+              "fetched enough directory info" :
+              "received a consensus with exits");
     return NULL;
   }
 
+  /* If Tor2webRendezvousPoints is enabled and we are dealing with an
+     RP circuit, we want a specific RP node so we shouldn't canibalize
+     an already existing circuit. */
+  if (get_options()->Tor2webRendezvousPoints &&
+      purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
+    need_specific_rp = 1;
+  }
+
   if ((extend_info || purpose != CIRCUIT_PURPOSE_C_GENERAL) &&
-      purpose != CIRCUIT_PURPOSE_TESTING && !onehop_tunnel) {
+      purpose != CIRCUIT_PURPOSE_TESTING &&
+      !onehop_tunnel && !need_specific_rp) {
     /* see if there are appropriate circs available to cannibalize. */
     /* XXX if we're planning to add a hop, perhaps we want to look for
      * internal circs rather than exit circs? -RD */
@@ -1707,12 +1774,12 @@ circuit_launch_by_extend_info(uint8_t purpose,
 
       switch (purpose) {
         case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
-        case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
           /* it's ready right now */
           break;
         case CIRCUIT_PURPOSE_C_INTRODUCING:
         case CIRCUIT_PURPOSE_S_CONNECT_REND:
         case CIRCUIT_PURPOSE_C_GENERAL:
+        case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
           /* need to add a new hop */
           tor_assert(extend_info);
           if (circuit_extend_to_new_exit(circ, extend_info) < 0)
@@ -1784,6 +1851,12 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
 
   tor_assert(conn);
   tor_assert(circp);
+  if (ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_CIRCUIT_WAIT) {
+    connection_t *c = ENTRY_TO_CONN(conn);
+    log_err(LD_BUG, "Connection state mismatch: wanted "
+            "AP_CONN_STATE_CIRCUIT_WAIT, but got %d (%s)",
+            c->state, conn_state_to_string(c->type, c->state));
+  }
   tor_assert(ENTRY_TO_CONN(conn)->state == AP_CONN_STATE_CIRCUIT_WAIT);
   check_exit_policy =
       conn->socks_request->command == SOCKS_COMMAND_CONNECT &&
@@ -1810,7 +1883,9 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
     return 1; /* we're happy */
   }
 
-  if (!want_onehop && !router_have_minimum_dir_info()) {
+  int have_path = have_enough_path_info(!need_internal);
+
+  if (!want_onehop && (!router_have_minimum_dir_info() || !have_path)) {
     if (!connection_get_by_type(CONN_TYPE_DIR)) {
       int severity = LOG_NOTICE;
       /* FFFF if this is a tunneled directory fetch, don't yell
@@ -1818,14 +1893,20 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
       if (entry_list_is_constrained(options) &&
           entries_known_but_down(options)) {
         log_fn(severity, LD_APP|LD_DIR,
-               "Application request when we haven't used client functionality "
-               "lately. Optimistically trying known %s again.",
+               "Application request when we haven't %s. "
+               "Optimistically trying known %s again.",
+               !router_have_minimum_dir_info() ?
+               "used client functionality lately" :
+               "received a consensus with exits",
                options->UseBridges ? "bridges" : "entrynodes");
         entries_retry_all(options);
       } else if (!options->UseBridges || any_bridge_descriptors_known()) {
         log_fn(severity, LD_APP|LD_DIR,
-               "Application request when we haven't used client functionality "
-               "lately. Optimistically trying directory fetches again.");
+               "Application request when we haven't %s. "
+               "Optimistically trying directory fetches again.",
+               !router_have_minimum_dir_info() ?
+               "used client functionality lately" :
+               "received a consensus with exits");
         routerlist_retry_directory_downloads(time(NULL));
       }
     }
@@ -1910,6 +1991,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
                  "No intro points for '%s': re-fetching service descriptor.",
                  safe_str_client(rend_data->onion_address));
         rend_client_refetch_v2_renddesc(rend_data);
+        connection_ap_mark_as_non_pending_circuit(conn);
         ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_RENDDESC_WAIT;
         return 0;
       }
@@ -1929,8 +2011,13 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
         if (r && node_has_descriptor(r)) {
           /* We might want to connect to an IPv6 bridge for loading
              descriptors so we use the preferred address rather than
-             the primary.  */
+             the primary. */
           extend_info = extend_info_from_node(r, conn->want_onehop ? 1 : 0);
+          if (!extend_info) {
+            log_warn(LD_CIRC,"Could not make a one-hop connection to %s. "
+                     "Discarding this circuit.", conn->chosen_exit_name);
+            return -1;
+          }
         } else {
           log_debug(LD_DIR, "considering %d, %s",
                     want_onehop, conn->chosen_exit_name);
@@ -1980,11 +2067,13 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
     else
       new_circ_purpose = desired_circuit_purpose;
 
+#ifdef ENABLE_TOR2WEB_MODE
     if (options->Tor2webMode &&
         (new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
          new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) {
       want_onehop = 1;
     }
+#endif
 
     {
       int flags = CIRCLAUNCH_NEED_CAPACITY;
@@ -2016,7 +2105,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
         circ->rend_data = rend_data_dup(ENTRY_TO_EDGE_CONN(conn)->rend_data);
         if (circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND &&
             circ->base_.state == CIRCUIT_STATE_OPEN)
-          rend_client_rendcirc_has_opened(circ);
+          circuit_has_opened(circ);
       }
     }
   } /* endif (!circ) */
@@ -2074,7 +2163,7 @@ static void
 link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ,
                     crypt_path_t *cpath)
 {
-  const node_t *exitnode;
+  const node_t *exitnode = NULL;
 
   /* add it into the linked list of streams on this circuit */
   log_debug(LD_APP|LD_CIRC, "attaching new conn to circ. n_circ_id %u.",
@@ -2091,7 +2180,7 @@ link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ,
      * that an attempt to connect to a hidden service just
      * succeeded.  Tell rendclient.c. */
     rend_client_note_connection_attempt_ended(
-                    ENTRY_TO_EDGE_CONN(apconn)->rend_data->onion_address);
+                    ENTRY_TO_EDGE_CONN(apconn)->rend_data);
   }
 
   if (cpath) { /* we were given one; use it */
@@ -2108,23 +2197,25 @@ link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ,
   circ->isolation_any_streams_attached = 1;
   connection_edge_update_circuit_isolation(apconn, circ, 0);
 
+  /* Compute the exitnode if possible, for logging below */
+  if (cpath->extend_info)
+    exitnode = node_get_by_id(cpath->extend_info->identity_digest);
+
   /* See if we can use optimistic data on this circuit */
-  if (cpath->extend_info &&
-      (exitnode = node_get_by_id(cpath->extend_info->identity_digest)) &&
-      exitnode->rs) {
-    /* Okay; we know what exit node this is. */
-    if (optimistic_data_enabled() &&
-        circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL &&
-        exitnode->rs->version_supports_optimistic_data)
-      apconn->may_use_optimistic_data = 1;
-    else
-      apconn->may_use_optimistic_data = 0;
-    log_info(LD_APP, "Looks like completed circuit to %s %s allow "
-             "optimistic data for connection to %s",
-             safe_str_client(node_describe(exitnode)),
-             apconn->may_use_optimistic_data ? "does" : "doesn't",
-             safe_str_client(apconn->socks_request->address));
-  }
+  if (optimistic_data_enabled() &&
+      (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
+       circ->base_.purpose == CIRCUIT_PURPOSE_C_REND_JOINED))
+    apconn->may_use_optimistic_data = 1;
+  else
+    apconn->may_use_optimistic_data = 0;
+  log_info(LD_APP, "Looks like completed circuit to %s %s allow "
+           "optimistic data for connection to %s",
+           circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ?
+             /* node_describe() does the right thing if exitnode is NULL */
+             safe_str_client(node_describe(exitnode)) :
+             "hidden service",
+           apconn->may_use_optimistic_data ? "does" : "doesn't",
+           safe_str_client(apconn->socks_request->address));
 }
 
 /** Return true iff <b>address</b> is matched by one of the entries in
@@ -2160,7 +2251,7 @@ consider_recording_trackhost(const entry_connection_t *conn,
   char fp[HEX_DIGEST_LEN+1];
 
   /* Search the addressmap for this conn's destination. */
-  /* If he's not in the address map.. */
+  /* If they're not in the address map.. */
   if (!options->TrackHostExits ||
       addressmap_have_mapping(conn->socks_request->address,
                               options->TrackHostExitsExpire))
@@ -2204,8 +2295,15 @@ connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn,
 
   base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
 
-  if (!circ->base_.timestamp_dirty)
-    circ->base_.timestamp_dirty = time(NULL);
+  if (!circ->base_.timestamp_dirty ||
+      ((conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
+       (conn->entry_cfg.socks_iso_keep_alive) &&
+       (conn->socks_request->usernamelen ||
+        conn->socks_request->passwordlen))) {
+    /* When stream isolation is in use and controlled by an application
+     * we are willing to keep using the stream. */
+    circ->base_.timestamp_dirty = approx_time();
+  }
 
   pathbias_count_use_attempt(circ);
 
@@ -2262,6 +2360,25 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn)
     /* we're a general conn */
     origin_circuit_t *circ=NULL;
 
+    /* Are we linked to a dir conn that aims to fetch a consensus?
+     * We check here because this conn might no longer be needed. */
+    if (base_conn->linked_conn &&
+        base_conn->linked_conn->type == CONN_TYPE_DIR &&
+        base_conn->linked_conn->purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
+
+      /* Yes we are. Is there a consensus fetch farther along than us? */
+      if (networkstatus_consensus_is_already_downloading(
+            TO_DIR_CONN(base_conn->linked_conn)->requested_resource)) {
+        /* We're doing the "multiple consensus fetch attempts" game from
+         * proposal 210, and we're late to the party. Just close this conn.
+         * The circuit and TLS conn that we made will time out after a while
+         * if nothing else wants to use them. */
+        log_info(LD_DIR, "Closing extra consensus fetch (to %s) since one "
+                 "is already downloading.", base_conn->linked_conn->address);
+        return -1;
+      }
+    }
+
     if (conn->chosen_exit_name) {
       const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 1);
       int opt = conn->chosen_exit_optional;
@@ -2326,7 +2443,7 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn)
       tor_assert(rendcirc);
       /* one is already established, attach */
       log_info(LD_REND,
-               "rend joined circ %d already here. attaching. "
+               "rend joined circ %u already here. attaching. "
                "(stream %d sec old)",
                (unsigned)rendcirc->base_.n_circ_id, conn_age);
       /* Mark rendezvous circuits as 'newly dirty' every time you use
@@ -2346,6 +2463,18 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn)
       return 1;
     }
 
+    /* At this point we need to re-check the state, since it's possible that
+     * our call to circuit_get_open_circ_or_launch() changed the connection's
+     * state from "CIRCUIT_WAIT" to "RENDDESC_WAIT" because we decided to
+     * re-fetch the descriptor.
+     */
+    if (ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_CIRCUIT_WAIT) {
+      log_info(LD_REND, "This connection is no longer ready to attach; its "
+               "state changed."
+               "(We probably have to re-fetch its descriptor.)");
+      return 0;
+    }
+
     if (rendcirc && (rendcirc->base_.purpose ==
                      CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED)) {
       log_info(LD_REND,
diff --git a/src/or/circuituse.h b/src/or/circuituse.h
index 4c5977bee0..5973978c45 100644
--- a/src/or/circuituse.h
+++ b/src/or/circuituse.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/command.c b/src/or/command.c
index 1f6f93a868..5ad92bed1e 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -310,7 +310,7 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
     /* hand it off to the cpuworkers, and then return. */
     if (connection_or_digest_is_known_relay(chan->identity_digest))
       rep_hist_note_circuit_handshake_requested(create_cell->handshake_type);
-    if (assign_onionskin_to_cpuworker(NULL, circ, create_cell) < 0) {
+    if (assign_onionskin_to_cpuworker(circ, create_cell) < 0) {
       log_debug(LD_GENERAL,"Failed to hand off onionskin. Closing.");
       circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_RESOURCELIMIT);
       return;
@@ -340,7 +340,6 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
     if (len < 0) {
       log_warn(LD_OR,"Failed to generate key material. Closing.");
       circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
-      tor_free(create_cell);
       return;
     }
     created_cell.cell_type = CELL_CREATED_FAST;
@@ -398,7 +397,6 @@ command_process_created_cell(cell_t *cell, channel_t *chan)
     log_debug(LD_OR,"at OP. Finishing handshake.");
     if ((err_reason = circuit_finish_handshake(origin_circ,
                                         &extended_cell.created_cell)) < 0) {
-      log_warn(LD_OR,"circuit_finish_handshake failed.");
       circuit_mark_for_close(circ, -err_reason);
       return;
     }
@@ -438,6 +436,7 @@ command_process_created_cell(cell_t *cell, channel_t *chan)
 static void
 command_process_relay_cell(cell_t *cell, channel_t *chan)
 {
+  const or_options_t *options = get_options();
   circuit_t *circ;
   int reason, direction;
 
@@ -511,6 +510,14 @@ command_process_relay_cell(cell_t *cell, channel_t *chan)
            direction==CELL_DIRECTION_OUT?"forward":"backward");
     circuit_mark_for_close(circ, -reason);
   }
+
+  /* If this is a cell in an RP circuit, count it as part of the
+     hidden service stats */
+  if (options->HiddenServiceStatistics &&
+      !CIRCUIT_IS_ORIGIN(circ) &&
+      TO_OR_CIRCUIT(circ)->circuit_carries_hs_traffic_stats) {
+    rep_hist_seen_new_rp_cell();
+  }
 }
 
 /** Process a 'destroy' <b>cell</b> that just arrived from
diff --git a/src/or/command.h b/src/or/command.h
index adea6adeaa..12cda6a463 100644
--- a/src/or/command.h
+++ b/src/or/command.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/config.c b/src/or/config.c
index bd168bef17..dd0eaa8713 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -11,6 +11,7 @@
 
 #define CONFIG_PRIVATE
 #include "or.h"
+#include "compat.h"
 #include "addressmap.h"
 #include "channel.h"
 #include "circuitbuild.h"
@@ -43,6 +44,7 @@
 #include "util.h"
 #include "routerlist.h"
 #include "routerset.h"
+#include "scheduler.h"
 #include "statefile.h"
 #include "transports.h"
 #include "ext_orport.h"
@@ -53,9 +55,22 @@
 
 #include "procmon.h"
 
+#ifdef HAVE_SYSTEMD
+#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
+/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
+ * Coverity. Here's a kludge to unconfuse it.
+ */
+#   define __INCLUDE_LEVEL__ 2
+#   endif
+#include <systemd/sd-daemon.h>
+#endif
+
 /* From main.c */
 extern int quiet_level;
 
+/* Prefix used to indicate a Unix socket in a FooPort configuration. */
+static const char unix_socket_prefix[] = "unix:";
+
 /** A list of abbreviations and aliases to map command-line options, obsolete
  * option names, or alternative option names, to their current values. */
 static config_abbrev_t option_abbrevs_[] = {
@@ -63,15 +78,16 @@ static config_abbrev_t option_abbrevs_[] = {
   PLURAL(AuthDirBadExitCC),
   PLURAL(AuthDirInvalidCC),
   PLURAL(AuthDirRejectCC),
-  PLURAL(ExitNode),
   PLURAL(EntryNode),
   PLURAL(ExcludeNode),
+  PLURAL(Tor2webRendezvousPoint),
   PLURAL(FirewallPort),
   PLURAL(LongLivedPort),
   PLURAL(HiddenServiceNode),
   PLURAL(HiddenServiceExcludeNode),
   PLURAL(NumCPU),
   PLURAL(RendNode),
+  PLURAL(RecommendedPackage),
   PLURAL(RendExcludeNode),
   PLURAL(StrictEntryNode),
   PLURAL(StrictExitNode),
@@ -99,8 +115,6 @@ static config_abbrev_t option_abbrevs_[] = {
   { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
   { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
   { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
-  { "StrictEntryNodes", "StrictNodes", 0, 1},
-  { "StrictExitNodes", "StrictNodes", 0, 1},
   { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
   { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
   { NULL, NULL, 0, 0},
@@ -127,8 +141,8 @@ static config_abbrev_t option_abbrevs_[] = {
  * be chosen first.
  */
 static config_var_t option_vars_[] = {
-  OBSOLETE("AccountingMaxKB"),
   V(AccountingMax,               MEMUNIT,  "0 bytes"),
+  VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
   V(AccountingStart,             STRING,   NULL),
   V(Address,                     STRING,   NULL),
   V(AllowDotExit,                BOOL,     "0"),
@@ -140,18 +154,19 @@ static config_var_t option_vars_[] = {
   V(AlternateDirAuthority,       LINELIST, NULL),
   OBSOLETE("AlternateHSAuthority"),
   V(AssumeReachable,             BOOL,     "0"),
-  V(AuthDirBadDir,               LINELIST, NULL),
-  V(AuthDirBadDirCCs,            CSV,      ""),
+  OBSOLETE("AuthDirBadDir"),
+  OBSOLETE("AuthDirBadDirCCs"),
   V(AuthDirBadExit,              LINELIST, NULL),
   V(AuthDirBadExitCCs,           CSV,      ""),
   V(AuthDirInvalid,              LINELIST, NULL),
   V(AuthDirInvalidCCs,           CSV,      ""),
   V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
   V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
+  V(AuthDirPinKeys,              BOOL,     "0"),
   V(AuthDirReject,               LINELIST, NULL),
   V(AuthDirRejectCCs,            CSV,      ""),
-  V(AuthDirRejectUnlisted,       BOOL,     "0"),
-  V(AuthDirListBadDirs,          BOOL,     "0"),
+  OBSOLETE("AuthDirRejectUnlisted"),
+  OBSOLETE("AuthDirListBadDirs"),
   V(AuthDirListBadExits,         BOOL,     "0"),
   V(AuthDirMaxServersPerAddr,    UINT,     "2"),
   V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
@@ -175,10 +190,12 @@ static config_var_t option_vars_[] = {
   V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
   V(ClientDNSRejectInternalAddresses, BOOL,"1"),
   V(ClientOnly,                  BOOL,     "0"),
-  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
+  V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
+  V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
   V(ClientRejectInternalAddresses, BOOL,   "1"),
   V(ClientTransportPlugin,       LINELIST, NULL),
   V(ClientUseIPv6,               BOOL,     "0"),
+  V(ClientUseIPv4,               BOOL,     "1"),
   V(ConsensusParams,             STRING,   NULL),
   V(ConnLimit,                   UINT,     "1000"),
   V(ConnDirectionStatistics,     BOOL,     "0"),
@@ -191,33 +208,29 @@ static config_var_t option_vars_[] = {
   V(ControlPortWriteToFile,      FILENAME, NULL),
   V(ControlSocket,               LINELIST, NULL),
   V(ControlSocketsGroupWritable, BOOL,     "0"),
+  V(SocksSocketsGroupWritable,   BOOL,     "0"),
   V(CookieAuthentication,        BOOL,     "0"),
   V(CookieAuthFileGroupReadable, BOOL,     "0"),
   V(CookieAuthFile,              STRING,   NULL),
   V(CountPrivateBandwidth,       BOOL,     "0"),
   V(DataDirectory,               FILENAME, NULL),
-  OBSOLETE("DebugLogFile"),
+  V(DataDirectoryGroupReadable,  BOOL,     "0"),
   V(DisableNetwork,              BOOL,     "0"),
   V(DirAllowPrivateAddresses,    BOOL,     "0"),
   V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
   V(DirListenAddress,            LINELIST, NULL),
-  OBSOLETE("DirFetchPeriod"),
   V(DirPolicy,                   LINELIST, NULL),
   VPORT(DirPort,                     LINELIST, NULL),
   V(DirPortFrontPage,            FILENAME, NULL),
-  OBSOLETE("DirPostPeriod"),
-  OBSOLETE("DirRecordUsageByCountry"),
-  OBSOLETE("DirRecordUsageGranularity"),
-  OBSOLETE("DirRecordUsageRetainIPs"),
-  OBSOLETE("DirRecordUsageSaveInterval"),
-  V(DirReqStatistics,            BOOL,     "1"),
+  VAR("DirReqStatistics",        BOOL,     DirReqStatistics_option, "1"),
   VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
+  V(DirCache,                    BOOL,     "1"),
   V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
   V(DisableAllSwap,              BOOL,     "0"),
   V(DisableDebuggerAttachment,   BOOL,     "1"),
   V(DisableIOCP,                 BOOL,     "1"),
   OBSOLETE("DisableV2DirectoryInfo_"),
-  V(DynamicDHGroups,             BOOL,     "0"),
+  OBSOLETE("DynamicDHGroups"),
   VPORT(DNSPort,                     LINELIST, NULL),
   V(DNSListenAddress,            LINELIST, NULL),
   V(DownloadExtraInfo,           BOOL,     "0"),
@@ -236,11 +249,13 @@ static config_var_t option_vars_[] = {
   V(ExitPolicyRejectPrivate,     BOOL,     "1"),
   V(ExitPortStatistics,          BOOL,     "0"),
   V(ExtendAllowPrivateAddresses, BOOL,     "0"),
+  V(ExitRelay,                   AUTOBOOL, "auto"),
   VPORT(ExtORPort,               LINELIST, NULL),
   V(ExtORPortCookieAuthFile,     STRING,   NULL),
   V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
   V(ExtraInfoStatistics,         BOOL,     "1"),
   V(FallbackDir,                 LINELIST, NULL),
+  V(UseDefaultFallbackDirs,      BOOL,     "1"),
 
   OBSOLETE("FallbackNetworkstatusFile"),
   V(FascistFirewall,             BOOL,     "0"),
@@ -262,7 +277,6 @@ static config_var_t option_vars_[] = {
   V(GeoIPv6File,                 FILENAME,
     SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
 #endif
-  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
   OBSOLETE("Group"),
   V(GuardLifetime,               INTERVAL, "0 minutes"),
   V(HardwareAccel,               BOOL,     "0"),
@@ -270,17 +284,19 @@ static config_var_t option_vars_[] = {
   V(AccelName,                   STRING,   NULL),
   V(AccelDir,                    FILENAME, NULL),
   V(HashedControlPassword,       LINELIST, NULL),
-  V(HidServDirectoryV2,          BOOL,     "1"),
+  OBSOLETE("HidServDirectoryV2"),
   VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
-  OBSOLETE("HiddenServiceExcludeNodes"),
-  OBSOLETE("HiddenServiceNodes"),
+  VAR("HiddenServiceDirGroupReadable",  LINELIST_S, RendConfigLines, NULL),
   VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
   VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
   VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
   VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
+  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
+  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
+  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
+  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
+  V(HiddenServiceStatistics,     BOOL,     "1"),
   V(HidServAuth,                 LINELIST, NULL),
-  OBSOLETE("HSAuthoritativeDir"),
-  OBSOLETE("HSAuthorityRecordStats"),
   V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
   V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
   V(HTTPProxy,                   STRING,   NULL),
@@ -291,18 +307,18 @@ static config_var_t option_vars_[] = {
   VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
   V(ServerTransportListenAddr,   LINELIST, NULL),
   V(ServerTransportOptions,      LINELIST, NULL),
+  V(SigningKeyLifetime,          INTERVAL, "30 days"),
   V(Socks4Proxy,                 STRING,   NULL),
   V(Socks5Proxy,                 STRING,   NULL),
   V(Socks5ProxyUsername,         STRING,   NULL),
   V(Socks5ProxyPassword,         STRING,   NULL),
-  OBSOLETE("IgnoreVersion"),
   V(KeepalivePeriod,             INTERVAL, "5 minutes"),
+  V(KeepBindCapabilities,            AUTOBOOL, "auto"),
   VAR("Log",                     LINELIST, Logs,             NULL),
   V(LogMessageDomains,           BOOL,     "0"),
-  OBSOLETE("LinkPadding"),
-  OBSOLETE("LogLevel"),
-  OBSOLETE("LogFile"),
   V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
+  V(TruncateLogFile,             BOOL,     "0"),
+  V(SyslogIdentityTag,           STRING,   NULL),
   V(LongLivedPorts,              CSV,
         "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
   VAR("MapAddress",              LINELIST, AddressMap,           NULL),
@@ -313,20 +329,19 @@ static config_var_t option_vars_[] = {
   OBSOLETE("MaxOnionsPending"),
   V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
   V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
-  OBSOLETE("MonthlyAccountingStart"),
   V(MyFamily,                    STRING,   NULL),
   V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
-  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
+  OBSOLETE("NamingAuthoritativeDirectory"),
   V(NATDListenAddress,           LINELIST, NULL),
   VPORT(NATDPort,                    LINELIST, NULL),
   V(Nickname,                    STRING,   NULL),
   V(PredictedPortsRelevanceTime,  INTERVAL, "1 hour"),
   V(WarnUnsafeSocks,              BOOL,     "1"),
-  OBSOLETE("NoPublish"),
   VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
   V(NumCPUs,                     UINT,     "0"),
   V(NumDirectoryGuards,          UINT,     "0"),
   V(NumEntryGuards,              UINT,     "0"),
+  V(OfflineMasterKey,            BOOL,     "0"),
   V(ORListenAddress,             LINELIST, NULL),
   VPORT(ORPort,                      LINELIST, NULL),
   V(OutboundBindAddress,         LINELIST,   NULL),
@@ -348,13 +363,19 @@ static config_var_t option_vars_[] = {
   V(PathBiasScaleUseThreshold,      INT,      "-1"),
 
   V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
-  OBSOLETE("PathlenCoinWeight"),
   V(PerConnBWBurst,              MEMUNIT,  "0"),
   V(PerConnBWRate,               MEMUNIT,  "0"),
   V(PidFile,                     STRING,   NULL),
   V(TestingTorNetwork,           BOOL,     "0"),
   V(TestingMinExitFlagThreshold, MEMUNIT,  "0"),
   V(TestingMinFastFlagThreshold, MEMUNIT,  "0"),
+
+  V(TestingLinkCertLifetime,          INTERVAL, "2 days"),
+  V(TestingAuthKeyLifetime,          INTERVAL, "2 days"),
+  V(TestingLinkKeySlop,              INTERVAL, "3 hours"),
+  V(TestingAuthKeySlop,              INTERVAL, "3 hours"),
+  V(TestingSigningKeySlop,           INTERVAL, "1 day"),
+
   V(OptimisticData,              AUTOBOOL, "auto"),
   V(PortForwarding,              BOOL,     "0"),
   V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
@@ -368,18 +389,14 @@ static config_var_t option_vars_[] = {
   V(RecommendedVersions,         LINELIST, NULL),
   V(RecommendedClientVersions,   LINELIST, NULL),
   V(RecommendedServerVersions,   LINELIST, NULL),
-  OBSOLETE("RedirectExit"),
+  V(RecommendedPackages,         LINELIST, NULL),
   V(RefuseUnknownExits,          AUTOBOOL, "auto"),
   V(RejectPlaintextPorts,        CSV,      ""),
   V(RelayBandwidthBurst,         MEMUNIT,  "0"),
   V(RelayBandwidthRate,          MEMUNIT,  "0"),
-  OBSOLETE("RendExcludeNodes"),
-  OBSOLETE("RendNodes"),
   V(RendPostPeriod,              INTERVAL, "1 hour"),
   V(RephistTrackTime,            INTERVAL, "24 hours"),
-  OBSOLETE("RouterFile"),
   V(RunAsDaemon,                 BOOL,     "0"),
-//  V(RunTesting,                  BOOL,     "0"),
   OBSOLETE("RunTesting"), // currently unused
   V(Sandbox,                     BOOL,     "0"),
   V(SafeLogging,                 STRING,   "1"),
@@ -392,24 +409,26 @@ static config_var_t option_vars_[] = {
   V(ServerDNSSearchDomains,      BOOL,     "0"),
   V(ServerDNSTestAddresses,      CSV,
       "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
+  V(SchedulerLowWaterMark__,     MEMUNIT,  "100 MB"),
+  V(SchedulerHighWaterMark__,    MEMUNIT,  "101 MB"),
+  V(SchedulerMaxFlushCells__,    UINT,     "1000"),
   V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
   V(SocksListenAddress,          LINELIST, NULL),
   V(SocksPolicy,                 LINELIST, NULL),
   VPORT(SocksPort,                   LINELIST, NULL),
   V(SocksTimeout,                INTERVAL, "2 minutes"),
   V(SSLKeyLifetime,              INTERVAL, "0"),
-  OBSOLETE("StatusFetchPeriod"),
+  OBSOLETE("StrictEntryNodes"),
+  OBSOLETE("StrictExitNodes"),
   V(StrictNodes,                 BOOL,     "0"),
-  V(Support022HiddenServices,    AUTOBOOL, "auto"),
-  OBSOLETE("SysLog"),
+  OBSOLETE("Support022HiddenServices"),
   V(TestSocks,                   BOOL,     "0"),
-  OBSOLETE("TestVia"),
   V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
   V(Tor2webMode,                 BOOL,     "0"),
+  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
   V(TLSECGroup,                  STRING,   NULL),
   V(TrackHostExits,              CSV,      NULL),
   V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
-  OBSOLETE("TrafficShaping"),
   V(TransListenAddress,          LINELIST, NULL),
   VPORT(TransPort,                   LINELIST, NULL),
   V(TransProxyType,              STRING,   "default"),
@@ -418,6 +437,7 @@ static config_var_t option_vars_[] = {
   V(UseBridges,                  BOOL,     "0"),
   V(UseEntryGuards,              BOOL,     "1"),
   V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
+  V(UseGuardFraction,            AUTOBOOL, "auto"),
   V(UseMicrodescriptors,         AUTOBOOL, "auto"),
   V(UseNTorHandshake,            AUTOBOOL, "1"),
   V(User,                        STRING,   NULL),
@@ -435,7 +455,9 @@ static config_var_t option_vars_[] = {
   V(V3AuthNIntervalsValid,       UINT,     "3"),
   V(V3AuthUseLegacyKey,          BOOL,     "0"),
   V(V3BandwidthsFile,            FILENAME, NULL),
+  V(GuardfractionFile,           FILENAME, NULL),
   VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
+  OBSOLETE("VoteOnHidServDirectoriesV2"),
   V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
   V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
   V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
@@ -447,8 +469,7 @@ static config_var_t option_vars_[] = {
   VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
       NULL),
   VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
-  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
-  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
+  V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"),
   V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                  "300, 900, 2147483647"),
   V(TestingClientDownloadSchedule, CSV_INTERVAL, "0, 0, 60, 300, 600, "
@@ -459,14 +480,49 @@ static config_var_t option_vars_[] = {
   V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 60, "
                                  "300, 600, 1800, 3600, 3600, 3600, "
                                  "10800, 21600, 43200"),
+  /* With the ClientBootstrapConsensus*Download* below:
+   * Clients with only authorities will try:
+   *  - 3 authorities over 10 seconds, then wait 60 minutes.
+   * Clients with authorities and fallbacks will try:
+   *  - 2 authorities and 4 fallbacks over 21 seconds, then wait 60 minutes.
+   * Clients will also retry when an application request arrives.
+   * After a number of failed reqests, clients retry every 3 days + 1 hour.
+   *
+   * Clients used to try 2 authorities over 10 seconds, then wait for
+   * 60 minutes or an application request.
+   *
+   * When clients have authorities and fallbacks available, they use these
+   * schedules: (we stagger the times to avoid thundering herds) */
+  V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL,
+    "10, 11, 3600, 10800, 25200, 54000, 111600, 262800" /* 3 days + 1 hour */),
+  V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL,
+    "0, 1, 4, 11, 3600, 10800, 25200, 54000, 111600, 262800"),
+  /* When clients only have authorities available, they use this schedule: */
+  V(ClientBootstrapConsensusAuthorityOnlyDownloadSchedule, CSV_INTERVAL,
+    "0, 3, 7, 3600, 10800, 25200, 54000, 111600, 262800"),
+  /* We don't want to overwhelm slow networks (or mirrors whose replies are
+   * blocked), but we also don't want to fail if only some mirrors are
+   * blackholed. Clients will try 3 directories simultaneously.
+   * (Relays never use simultaneous connections.) */
+  V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
   V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "3600, 900, 900, 3600"),
   V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
   V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
   V(TestingConsensusMaxDownloadTries, UINT, "8"),
+  /* Since we try connections rapidly and simultaneously, we can afford
+   * to give up earlier. (This protects against overloading directories.) */
+  V(ClientBootstrapConsensusMaxDownloadTries, UINT, "7"),
+  /* We want to give up much earlier if we're only using authorities. */
+  V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "4"),
   V(TestingDescriptorMaxDownloadTries, UINT, "8"),
   V(TestingMicrodescMaxDownloadTries, UINT, "8"),
   V(TestingCertMaxDownloadTries, UINT, "8"),
+  V(TestingDirAuthVoteExit, ROUTERSET, NULL),
+  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
   V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
+  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
+  V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
+  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
   VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
 
   { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
@@ -481,6 +537,14 @@ static const config_var_t testing_tor_network_defaults[] = {
   V(AssumeReachable,             BOOL,     "1"),
   V(AuthDirMaxServersPerAddr,    UINT,     "0"),
   V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
+  V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL,
+    "0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
+  V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL,
+    "0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
+  V(ClientBootstrapConsensusAuthorityOnlyDownloadSchedule, CSV_INTERVAL,
+    "0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
+  V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"),
+  V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"),
   V(ClientDNSRejectInternalAddresses, BOOL,"0"),
   V(ClientRejectInternalAddresses, BOOL,   "0"),
   V(CountPrivateBandwidth,       BOOL,     "1"),
@@ -489,7 +553,7 @@ static const config_var_t testing_tor_network_defaults[] = {
   V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
   V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
   V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
-  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
+  V(TestingV3AuthInitialVotingInterval, INTERVAL, "150 seconds"),
   V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
   V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
   V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
@@ -515,6 +579,7 @@ static const config_var_t testing_tor_network_defaults[] = {
   V(TestingEnableCellStatsEvent, BOOL,     "1"),
   V(TestingEnableTbEmptyEvent,   BOOL,     "1"),
   VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
+  V(RendPostPeriod,              INTERVAL, "2 minutes"),
 
   { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
 };
@@ -527,7 +592,6 @@ static const config_var_t testing_tor_network_defaults[] = {
 static char *get_windows_conf_root(void);
 #endif
 static int options_act_reversible(const or_options_t *old_options, char **msg);
-static int options_act(const or_options_t *old_options);
 static int options_transition_allowed(const or_options_t *old,
                                       const or_options_t *new,
                                       char **msg);
@@ -536,29 +600,20 @@ static int options_transition_affects_workers(
 static int options_transition_affects_descriptor(
       const or_options_t *old_options, const or_options_t *new_options);
 static int check_nickname_list(char **lst, const char *name, char **msg);
-
-static int parse_client_transport_line(const or_options_t *options,
-                                       const char *line, int validate_only);
-
-static int parse_server_transport_line(const or_options_t *options,
-                                       const char *line, int validate_only);
 static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                      const char *transport);
-static int parse_dir_authority_line(const char *line,
-                                 dirinfo_type_t required_type,
-                                 int validate_only);
-static int parse_dir_fallback_line(const char *line,
-                                   int validate_only);
-static void port_cfg_free(port_cfg_t *port);
 static int parse_ports(or_options_t *options, int validate_only,
-                              char **msg_out, int *n_ports_out);
+                              char **msg_out, int *n_ports_out,
+                              int *world_writable_control_socket);
 static int check_server_ports(const smartlist_t *ports,
-                              const or_options_t *options);
+                              const or_options_t *options,
+                              int *num_low_ports_out);
 
 static int validate_data_directory(or_options_t *options);
 static int write_configuration_file(const char *fname,
                                     const or_options_t *options);
-static int options_init_logs(or_options_t *options, int validate_only);
+static int options_init_logs(const or_options_t *old_options,
+                             or_options_t *options, int validate_only);
 
 static void init_libevent(const or_options_t *options);
 static int opt_streq(const char *s1, const char *s2);
@@ -611,15 +666,15 @@ static char *global_dirfrontpagecontents = NULL;
 static smartlist_t *configured_ports = NULL;
 
 /** Return the contents of our frontpage string, or NULL if not configured. */
-const char *
-get_dirportfrontpage(void)
+MOCK_IMPL(const char*,
+get_dirportfrontpage, (void))
 {
   return global_dirfrontpagecontents;
 }
 
-/** Return the currently configured options. */
-or_options_t *
-get_options_mutable(void)
+/** Returns the currently configured options. */
+MOCK_IMPL(or_options_t *,
+get_options_mutable, (void))
 {
   tor_assert(global_options);
   return global_options;
@@ -750,6 +805,7 @@ or_options_free(or_options_t *options)
   }
   tor_free(options->BridgePassword_AuthDigest_);
   tor_free(options->command_arg);
+  tor_free(options->master_key_fname);
   config_free(&options_format, options);
 }
 
@@ -778,7 +834,6 @@ config_free_all(void)
 
   tor_free(torrc_fname);
   tor_free(torrc_defaults_fname);
-  tor_free(the_tor_version);
   tor_free(global_dirfrontpagecontents);
 
   tor_free(the_short_tor_version);
@@ -842,63 +897,78 @@ escaped_safe_str(const char *address)
     return escaped(address);
 }
 
+/** List of default directory authorities */
+
+static const char *default_authorities[] = {
+  "moria1 orport=9101 "
+    "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
+    "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
+  "tor26 orport=443 "
+    "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
+    "ipv6=[2001:858:2:2:aabb:0:563b:1526]:443 "
+    "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
+  "dizum orport=443 "
+    "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
+    "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
+  "Bifroest orport=443 bridge "
+    "37.218.247.217:80 1D8F 3A91 C37C 5D1C 4C19 B1AD 1D0C FBE8 BF72 D8E1",
+  "gabelmoo orport=443 "
+    "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
+    "ipv6=[2001:638:a000:4140::ffff:189]:443 "
+    "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
+  "dannenberg orport=443 "
+    "v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E "
+    "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
+  "maatuska orport=80 "
+    "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
+    "ipv6=[2001:67c:289c::9]:80 "
+    "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
+  "Faravahar orport=443 "
+    "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
+    "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
+  "longclaw orport=443 "
+    "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
+    "199.58.81.140:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
+  "bastet orport=443 "
+    "v3ident=27102BC123E7AF1D4741AE047E160C91ADC76B21 "
+    "204.13.164.118:80 24E2 F139 121D 4394 C54B 5BCC 368B 3B41 1857 C413",
+  NULL
+};
+
+/** List of fallback directory authorities. The list is generated by opt-in of
+ * relays that meet certain stability criteria.
+ */
+static const char *default_fallbacks[] = {
+#include "fallback_dirs.inc"
+  NULL
+};
+
 /** Add the default directory authorities directly into the trusted dir list,
- * but only add them insofar as they share bits with <b>type</b>. */
-static void
+ * but only add them insofar as they share bits with <b>type</b>.
+ * Each authority's bits are restricted to the bits shared with <b>type</b>.
+ * If <b>type</b> is ALL_DIRINFO or NO_DIRINFO (zero), add all authorities. */
+STATIC void
 add_default_trusted_dir_authorities(dirinfo_type_t type)
 {
   int i;
-  const char *authorities[] = {
-    "moria1 orport=9101 "
-      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
-      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
-    "tor26 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
-      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
-    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
-      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
-    "Bifroest orport=443 bridge "
-      "37.218.247.217:80 1D8F 3A91 C37C 5D1C 4C19 B1AD 1D0C FBE8 BF72 D8E1",
-    "gabelmoo orport=443 "
-      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
-      "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
-    "dannenberg orport=443 "
-      "v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E "
-      "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
-    "maatuska orport=80 "
-      "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
-      "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
-    "Faravahar orport=443 "
-      "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
-      "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
-    "longclaw orport=443 "
-      "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
-      "199.58.81.140:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
-    "bastet orport=443 "
-      "v3ident=27102BC123E7AF1D4741AE047E160C91ADC76B21 "
-      "204.13.164.118:80 24E2 F139 121D 4394 C54B 5BCC 368B 3B41 1857 C413",
-    NULL
-  };
-  for (i=0; authorities[i]; i++) {
-    if (parse_dir_authority_line(authorities[i], type, 0)<0) {
+  for (i=0; default_authorities[i]; i++) {
+    if (parse_dir_authority_line(default_authorities[i], type, 0)<0) {
       log_err(LD_BUG, "Couldn't parse internal DirAuthority line %s",
-              authorities[i]);
+              default_authorities[i]);
     }
   }
 }
 
 /** Add the default fallback directory servers into the fallback directory
  * server list. */
-static void
-add_default_fallback_dir_servers(void)
+MOCK_IMPL(void,
+add_default_fallback_dir_servers,(void))
 {
   int i;
-  const char *fallback[] = {
-    NULL
-  };
-  for (i=0; fallback[i]; i++) {
-    if (parse_dir_fallback_line(fallback[i], 0)<0) {
+  for (i=0; default_fallbacks[i]; i++) {
+    if (parse_dir_fallback_line(default_fallbacks[i], 0)<0) {
       log_err(LD_BUG, "Couldn't parse internal FallbackDir line %s",
-              fallback[i]);
+              default_fallbacks[i]);
     }
   }
 }
@@ -958,7 +1028,7 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
 /** Look at all the config options and assign new dir authorities
  * as appropriate.
  */
-static int
+int
 consider_adding_dir_servers(const or_options_t *options,
                             const or_options_t *old_options)
 {
@@ -968,6 +1038,7 @@ consider_adding_dir_servers(const or_options_t *options,
     !smartlist_len(router_get_fallback_dir_servers()) || !old_options ||
     !config_lines_eq(options->DirAuthorities, old_options->DirAuthorities) ||
     !config_lines_eq(options->FallbackDir, old_options->FallbackDir) ||
+    (options->UseDefaultFallbackDirs != old_options->UseDefaultFallbackDirs) ||
     !config_lines_eq(options->AlternateBridgeAuthority,
                      old_options->AlternateBridgeAuthority) ||
     !config_lines_eq(options->AlternateDirAuthority,
@@ -976,20 +1047,36 @@ consider_adding_dir_servers(const or_options_t *options,
   if (!need_to_update)
     return 0; /* all done */
 
+  /* "You cannot set both DirAuthority and Alternate*Authority."
+   * Checking that this restriction holds allows us to simplify
+   * the unit tests. */
+  tor_assert(!(options->DirAuthorities &&
+               (options->AlternateDirAuthority
+                || options->AlternateBridgeAuthority)));
+
   /* Start from a clean slate. */
   clear_dir_servers();
 
   if (!options->DirAuthorities) {
     /* then we may want some of the defaults */
     dirinfo_type_t type = NO_DIRINFO;
-    if (!options->AlternateBridgeAuthority)
+    if (!options->AlternateBridgeAuthority) {
       type |= BRIDGE_DIRINFO;
-    if (!options->AlternateDirAuthority)
+    }
+    if (!options->AlternateDirAuthority) {
       type |= V3_DIRINFO | EXTRAINFO_DIRINFO | MICRODESC_DIRINFO;
-    add_default_trusted_dir_authorities(type);
+      /* Only add the default fallback directories when the DirAuthorities,
+       * AlternateDirAuthority, and FallbackDir directory config options
+       * are set to their defaults, and when UseDefaultFallbackDirs is 1. */
+      if (!options->FallbackDir && options->UseDefaultFallbackDirs) {
+        add_default_fallback_dir_servers();
+      }
+    }
+    /* if type == NO_DIRINFO, we don't want to add any of the
+     * default authorities, because we've replaced them all */
+    if (type != NO_DIRINFO)
+      add_default_trusted_dir_authorities(type);
   }
-  if (!options->FallbackDir)
-    add_default_fallback_dir_servers();
 
   for (cl = options->DirAuthorities; cl; cl = cl->next)
     if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
@@ -1006,6 +1093,9 @@ consider_adding_dir_servers(const or_options_t *options,
   return 0;
 }
 
+/* Helps determine flags to pass to switch_id. */
+static int have_low_ports = -1;
+
 /** Fetch the active option list, and take actions based on it. All of the
  * things we do should survive being done repeatedly.  If present,
  * <b>old_options</b> contains the previous value of the options.
@@ -1022,7 +1112,7 @@ options_act_reversible(const or_options_t *old_options, char **msg)
   int running_tor = options->command == CMD_RUN_TOR;
   int set_conn_limit = 0;
   int r = -1;
-  int logs_marked = 0;
+  int logs_marked = 0, logs_initialized = 0;
   int old_min_log_level = get_min_log_level();
 
   /* Daemonize _first_, since we only want to open most of this stuff in
@@ -1033,6 +1123,11 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     start_daemon();
   }
 
+#ifdef HAVE_SYSTEMD
+  /* Our PID may have changed, inform supervisor */
+  sd_notifyf(0, "MAINPID=%ld\n", (long int)getpid());
+#endif
+
 #ifndef HAVE_SYS_UN_H
   if (options->ControlSocket || options->ControlSocketsGroupWritable) {
     *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported "
@@ -1068,10 +1163,21 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     if (running_tor && !libevent_initialized) {
       init_libevent(options);
       libevent_initialized = 1;
+
+      /* This has to come up after libevent is initialized. */
+      control_initialize_event_queue();
+
+      /*
+       * Initialize the scheduler - this has to come after
+       * options_init_from_torrc() sets up libevent - why yes, that seems
+       * completely sensible to hide the libevent setup in the option parsing
+       * code!  It also needs to happen before init_keys(), so it needs to
+       * happen here too.  How yucky. */
+      scheduler_init();
     }
 
     /* Adjust the port configuration so we can launch listeners. */
-    if (parse_ports(options, 0, msg, &n_ports)) {
+    if (parse_ports(options, 0, msg, &n_ports, NULL)) {
       if (!*msg)
         *msg = tor_strdup("Unexpected problem parsing port config");
       goto rollback;
@@ -1097,6 +1203,8 @@ options_act_reversible(const or_options_t *old_options, char **msg)
                  "non-control network connections. Shutting down all existing "
                  "connections.");
       connection_mark_all_noncontrol_connections();
+      /* We can't complete circuits until the network is re-enabled. */
+      note_that_we_maybe_cant_complete_circuits();
     }
   }
 
@@ -1122,7 +1230,16 @@ options_act_reversible(const or_options_t *old_options, char **msg)
 
   /* Setuid/setgid as appropriate */
   if (options->User) {
-    if (switch_id(options->User) != 0) {
+    tor_assert(have_low_ports != -1);
+    unsigned switch_id_flags = 0;
+    if (options->KeepBindCapabilities == 1) {
+      switch_id_flags |= SWITCH_ID_KEEP_BINDLOW;
+      switch_id_flags |= SWITCH_ID_WARN_IF_NO_CAPS;
+    }
+    if (options->KeepBindCapabilities == -1 && have_low_ports) {
+      switch_id_flags |= SWITCH_ID_KEEP_BINDLOW;
+    }
+    if (switch_id(options->User, switch_id_flags) != 0) {
       /* No need to roll back, since you can't change the value. */
       *msg = tor_strdup("Problem with User value. See logs for details.");
       goto done;
@@ -1130,16 +1247,30 @@ options_act_reversible(const or_options_t *old_options, char **msg)
   }
 
   /* Ensure data directory is private; create if possible. */
+  cpd_check_t cpd_opts = running_tor ? CPD_CREATE : CPD_CHECK;
+  if (options->DataDirectoryGroupReadable)
+      cpd_opts |= CPD_GROUP_READ;
   if (check_private_dir(options->DataDirectory,
-                        running_tor ? CPD_CREATE : CPD_CHECK,
+                        cpd_opts,
                         options->User)<0) {
     tor_asprintf(msg,
               "Couldn't access/create private data directory \"%s\"",
               options->DataDirectory);
+
     goto done;
     /* No need to roll back, since you can't change the value. */
   }
 
+#ifndef _WIN32
+  if (options->DataDirectoryGroupReadable) {
+    /* Only new dirs created get new opts, also enforce group read. */
+    if (chmod(options->DataDirectory, 0750)) {
+      log_warn(LD_FS,"Unable to make %s group-readable: %s",
+               options->DataDirectory, strerror(errno));
+    }
+  }
+#endif
+
   /* Bail out at this point if we're not going to be a client or server:
    * we don't run Tor itself. */
   if (!running_tor)
@@ -1147,10 +1278,12 @@ options_act_reversible(const or_options_t *old_options, char **msg)
 
   mark_logs_temp(); /* Close current logs once new logs are open. */
   logs_marked = 1;
-  if (options_init_logs(options, 0)<0) { /* Configure the tor_log(s) */
+  /* Configure the tor_log(s) */
+  if (options_init_logs(old_options, options, 0)<0) {
     *msg = tor_strdup("Failed to init Log options. See logs for details.");
     goto rollback;
   }
+  logs_initialized = 1;
 
  commit:
   r = 0;
@@ -1163,6 +1296,9 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     tor_free(severity);
     tor_log_update_sigsafe_err_fds();
   }
+  if (logs_initialized) {
+    flush_log_messages_from_startup();
+  }
 
   {
     const char *badness = NULL;
@@ -1240,7 +1376,8 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
     routerset_needs_geoip(options->EntryNodes) ||
     routerset_needs_geoip(options->ExitNodes) ||
     routerset_needs_geoip(options->ExcludeExitNodes) ||
-    routerset_needs_geoip(options->ExcludeNodes);
+    routerset_needs_geoip(options->ExcludeNodes) ||
+    routerset_needs_geoip(options->Tor2webRendezvousPoints);
 
   if (routerset_usage && reason_out) {
     *reason_out = "We've been configured to use (or avoid) nodes in certain "
@@ -1291,10 +1428,6 @@ options_transition_requires_fresh_tls_context(const or_options_t *old_options,
   if (!old_options)
     return 0;
 
-  if ((old_options->DynamicDHGroups != new_options->DynamicDHGroups)) {
-    return 1;
-  }
-
   if (!opt_streq(old_options->TLSECGroup, new_options->TLSECGroup))
     return 1;
 
@@ -1310,7 +1443,7 @@ options_transition_requires_fresh_tls_context(const or_options_t *old_options,
  * Note: We haven't moved all the "act on new configuration" logic
  * here yet.  Some is still in do_hup() and other places.
  */
-static int
+STATIC int
 options_act(const or_options_t *old_options)
 {
   config_line_t *cl;
@@ -1332,10 +1465,12 @@ options_act(const or_options_t *old_options)
     if (options->DisableDebuggerAttachment && !disabled_debugger_attach &&
         running_tor) {
       int ok = tor_disable_debugger_attach();
+      /* LCOV_EXCL_START the warned_debugger_attach is 0 can't reach inside. */
       if (warned_debugger_attach && ok == 1) {
         log_notice(LD_CONFIG, "Disabled attaching debuggers for unprivileged "
                    "users.");
       }
+      /* LCOV_EXCL_STOP */
       disabled_debugger_attach = (ok == 1);
     } else if (!options->DisableDebuggerAttachment &&
                !warned_debugger_attach) {
@@ -1362,24 +1497,26 @@ options_act(const or_options_t *old_options)
 #endif
 
 #ifdef ENABLE_TOR2WEB_MODE
+/* LCOV_EXCL_START */
   if (!options->Tor2webMode) {
     log_err(LD_CONFIG, "This copy of Tor was compiled to run in "
             "'tor2web mode'. It can only be run with the Tor2webMode torrc "
             "option enabled.");
     return -1;
   }
+/* LCOV_EXCL_STOP */
 #else
   if (options->Tor2webMode) {
     log_err(LD_CONFIG, "This copy of Tor was not compiled to run in "
             "'tor2web mode'. It cannot be run with the Tor2webMode torrc "
             "option enabled. To enable Tor2webMode recompile with the "
-            "--enable-tor2webmode option.");
+            "--enable-tor2web-mode option.");
     return -1;
   }
 #endif
 
   /* If we are a bridge with a pluggable transport proxy but no
-     Extended ORPort, inform the user that she is missing out. */
+     Extended ORPort, inform the user that they are missing out. */
   if (server_mode(options) && options->ServerTransportPlugin &&
       !options->ExtORPort_lines) {
     log_notice(LD_CONFIG, "We use pluggable transports but the Extended "
@@ -1424,26 +1561,35 @@ options_act(const or_options_t *old_options)
     rep_hist_load_mtbf_data(time(NULL));
   }
 
+  /* If we have an ExtORPort, initialize its auth cookie. */
+  if (running_tor &&
+      init_ext_or_cookie_authentication(!!options->ExtORPort_lines) < 0) {
+    log_warn(LD_CONFIG,"Error creating Extended ORPort cookie file.");
+    return -1;
+  }
+
   mark_transport_list();
   pt_prepare_proxy_list_for_config_read();
-  if (options->ClientTransportPlugin) {
-    for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
-      if (parse_client_transport_line(options, cl->value, 0)<0) {
-        log_warn(LD_BUG,
-                 "Previously validated ClientTransportPlugin line "
-                 "could not be added!");
-        return -1;
+  if (!options->DisableNetwork) {
+    if (options->ClientTransportPlugin) {
+      for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
+        if (parse_transport_line(options, cl->value, 0, 0) < 0) {
+          log_warn(LD_BUG,
+                   "Previously validated ClientTransportPlugin line "
+                   "could not be added!");
+          return -1;
+        }
       }
     }
-  }
 
-  if (options->ServerTransportPlugin && server_mode(options)) {
-    for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
-      if (parse_server_transport_line(options, cl->value, 0)<0) {
-        log_warn(LD_BUG,
-                 "Previously validated ServerTransportPlugin line "
-                 "could not be added!");
-        return -1;
+    if (options->ServerTransportPlugin && server_mode(options)) {
+      for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
+        if (parse_transport_line(options, cl->value, 0, 1) < 0) {
+          log_warn(LD_BUG,
+                   "Previously validated ServerTransportPlugin line "
+                   "could not be added!");
+          return -1;
+        }
       }
     }
   }
@@ -1467,24 +1613,6 @@ options_act(const or_options_t *old_options)
     finish_daemon(options->DataDirectory);
   }
 
-  /* If needed, generate a new TLS DH prime according to the current torrc. */
-  if (server_mode(options) && options->DynamicDHGroups) {
-    char *keydir = get_datadir_fname("keys");
-    if (check_private_dir(keydir, CPD_CREATE, options->User)) {
-      tor_free(keydir);
-      return -1;
-    }
-    tor_free(keydir);
-
-    if (!old_options || !old_options->DynamicDHGroups) {
-      char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
-      crypto_set_tls_dh_prime(fname);
-      tor_free(fname);
-    }
-  } else { /* clients don't need a dynamic DH prime. */
-    crypto_set_tls_dh_prime(NULL);
-  }
-
   /* We want to reinit keys as needed before we do much of anything else:
      keys are important, and other things can depend on them. */
   if (transition_affects_workers ||
@@ -1526,12 +1654,6 @@ options_act(const or_options_t *old_options)
     return -1;
   }
 
-  /* If we have an ExtORPort, initialize its auth cookie. */
-  if (init_ext_or_cookie_authentication(!!options->ExtORPort_lines) < 0) {
-    log_warn(LD_CONFIG,"Error creating Extended ORPort cookie file.");
-    return -1;
-  }
-
   monitor_owning_controller_process(options->OwningControllerProcess);
 
   /* reload keys as needed for rendezvous services. */
@@ -1540,6 +1662,12 @@ options_act(const or_options_t *old_options)
     return -1;
   }
 
+  /* Set up scheduler thresholds */
+  scheduler_set_watermarks((uint32_t)options->SchedulerLowWaterMark__,
+                           (uint32_t)options->SchedulerHighWaterMark__,
+                           (options->SchedulerMaxFlushCells__ > 0) ?
+                           options->SchedulerMaxFlushCells__ : 1000);
+
   /* Set up accounting */
   if (accounting_parse_options(options, 0)<0) {
     log_warn(LD_CONFIG,"Error in accounting options");
@@ -1589,11 +1717,25 @@ options_act(const or_options_t *old_options)
   }
 
   if (parse_outbound_addresses(options, 0, &msg) < 0) {
-    log_warn(LD_BUG, "Failed parsing oubound bind addresses: %s", msg);
+    log_warn(LD_BUG, "Failed parsing outbound bind addresses: %s", msg);
     tor_free(msg);
     return -1;
   }
 
+  config_maybe_load_geoip_files_(options, old_options);
+
+  if (geoip_is_loaded(AF_INET) && options->GeoIPExcludeUnknown) {
+    /* ExcludeUnknown is true or "auto" */
+    const int is_auto = options->GeoIPExcludeUnknown == -1;
+    int changed;
+
+    changed  = routerset_add_unknown_ccs(&options->ExcludeNodes, is_auto);
+    changed += routerset_add_unknown_ccs(&options->ExcludeExitNodes, is_auto);
+
+    if (changed)
+      routerset_add_unknown_ccs(&options->ExcludeExitNodesUnion_, is_auto);
+  }
+
   /* Check for transitions that need action. */
   if (old_options) {
     int revise_trackexithosts = 0;
@@ -1607,6 +1749,8 @@ options_act(const or_options_t *old_options)
                          options->ExcludeExitNodes) ||
         !routerset_equal(old_options->EntryNodes, options->EntryNodes) ||
         !routerset_equal(old_options->ExitNodes, options->ExitNodes) ||
+        !routerset_equal(old_options->Tor2webRendezvousPoints,
+                         options->Tor2webRendezvousPoints) ||
         options->StrictNodes != old_options->StrictNodes) {
       log_info(LD_CIRC,
                "Changed to using entry guards or bridges, or changed "
@@ -1624,8 +1768,8 @@ options_act(const or_options_t *old_options)
     if (revise_trackexithosts)
       addressmap_clear_excluded_trackexithosts(options);
 
-    if (!options->AutomapHostsOnResolve) {
-      if (old_options->AutomapHostsOnResolve)
+    if (!options->AutomapHostsOnResolve &&
+        old_options->AutomapHostsOnResolve) {
         revise_automap_entries = 1;
     } else {
       if (!smartlist_strings_eq(old_options->AutomapHostsSuffixes,
@@ -1672,11 +1816,12 @@ options_act(const or_options_t *old_options)
                "Worker-related options changed. Rotating workers.");
 
       if (server_mode(options) && !server_mode(old_options)) {
+        cpu_init();
         ip_address_changed(0);
-        if (can_complete_circuit || !any_predicted_circuits(time(NULL)))
+        if (have_completed_a_circuit() || !any_predicted_circuits(time(NULL)))
           inform_testing_reachability();
       }
-      cpuworkers_rotate();
+      cpuworkers_rotate_keyinfo();
       if (dns_reset())
         return -1;
     } else {
@@ -1689,36 +1834,24 @@ options_act(const or_options_t *old_options)
       connection_or_update_token_buckets(get_connection_array(), options);
   }
 
-  config_maybe_load_geoip_files_(options, old_options);
-
-  if (geoip_is_loaded(AF_INET) && options->GeoIPExcludeUnknown) {
-    /* ExcludeUnknown is true or "auto" */
-    const int is_auto = options->GeoIPExcludeUnknown == -1;
-    int changed;
-
-    changed  = routerset_add_unknown_ccs(&options->ExcludeNodes, is_auto);
-    changed += routerset_add_unknown_ccs(&options->ExcludeExitNodes, is_auto);
-
-    if (changed)
-      routerset_add_unknown_ccs(&options->ExcludeExitNodesUnion_, is_auto);
-  }
+  /* Only collect directory-request statistics on relays and bridges. */
+  options->DirReqStatistics = options->DirReqStatistics_option &&
+    server_mode(options);
 
   if (options->CellStatistics || options->DirReqStatistics ||
       options->EntryStatistics || options->ExitPortStatistics ||
       options->ConnDirectionStatistics ||
+      options->HiddenServiceStatistics ||
       options->BridgeAuthoritativeDir) {
     time_t now = time(NULL);
     int print_notice = 0;
 
-    /* Only collect directory-request statistics on relays and bridges. */
-    if (!server_mode(options)) {
-      options->DirReqStatistics = 0;
-    }
-
     /* Only collect other relay-only statistics on relays. */
     if (!public_server_mode(options)) {
       options->CellStatistics = 0;
       options->EntryStatistics = 0;
+      options->ConnDirectionStatistics = 0;
+      options->HiddenServiceStatistics = 0;
       options->ExitPortStatistics = 0;
     }
 
@@ -1733,8 +1866,8 @@ options_act(const or_options_t *old_options)
         geoip_dirreq_stats_init(now);
         print_notice = 1;
       } else {
+        /* disable statistics collection since we have no geoip file */
         options->DirReqStatistics = 0;
-        /* Don't warn Tor clients, they don't use statistics */
         if (options->ORPort_set)
           log_notice(LD_CONFIG, "Configured to measure directory request "
                                 "statistics, but no GeoIP database found. "
@@ -1764,17 +1897,24 @@ options_act(const or_options_t *old_options)
         options->ConnDirectionStatistics) {
       rep_hist_conn_stats_init(now);
     }
+    if ((!old_options || !old_options->HiddenServiceStatistics) &&
+        options->HiddenServiceStatistics) {
+      log_info(LD_CONFIG, "Configured to measure hidden service statistics.");
+      rep_hist_hs_stats_init(now);
+    }
     if ((!old_options || !old_options->BridgeAuthoritativeDir) &&
         options->BridgeAuthoritativeDir) {
       rep_hist_desc_stats_init(now);
       print_notice = 1;
     }
     if (print_notice)
-      log_notice(LD_CONFIG, "Configured to measure statistics. Look for "
-                 "the *-stats files that will first be written to the "
+        log_notice(LD_CONFIG, "Configured to measure statistics. Look for "
+                "the *-stats files that will first be written to the "
                  "data directory in 24 hours from now.");
   }
 
+  /* If we used to have statistics enabled but we just disabled them,
+     stop gathering them.  */
   if (old_options && old_options->CellStatistics &&
       !options->CellStatistics)
     rep_hist_buffer_stats_term();
@@ -1784,6 +1924,9 @@ options_act(const or_options_t *old_options)
   if (old_options && old_options->EntryStatistics &&
       !options->EntryStatistics)
     geoip_entry_stats_term();
+  if (old_options && old_options->HiddenServiceStatistics &&
+      !options->HiddenServiceStatistics)
+    rep_hist_hs_stats_term();
   if (old_options && old_options->ExitPortStatistics &&
       !options->ExitPortStatistics)
     rep_hist_exit_stats_term();
@@ -1816,7 +1959,7 @@ options_act(const or_options_t *old_options)
                  directory_fetches_dir_info_early(old_options)) ||
         !bool_eq(directory_fetches_dir_info_later(options),
                  directory_fetches_dir_info_later(old_options))) {
-      /* Make sure update_router_have_min_dir_info gets called. */
+      /* Make sure update_router_have_minimum_dir_info() gets called. */
       router_dir_info_changed();
       /* We might need to download a new consensus status later or sooner than
        * we had expected. */
@@ -1840,28 +1983,42 @@ options_act(const or_options_t *old_options)
   return 0;
 }
 
+typedef enum {
+  TAKES_NO_ARGUMENT = 0,
+  ARGUMENT_NECESSARY = 1,
+  ARGUMENT_OPTIONAL = 2
+} takes_argument_t;
+
 static const struct {
   const char *name;
-  int takes_argument;
+  takes_argument_t takes_argument;
 } CMDLINE_ONLY_OPTIONS[] = {
-  { "-f",                     1 },
-  { "--allow-missing-torrc",  0 },
-  { "--defaults-torrc",       1 },
-  { "--hash-password",        1 },
-  { "--dump-config",          1 },
-  { "--list-fingerprint",     0 },
-  { "--verify-config",        0 },
-  { "--ignore-missing-torrc", 0 },
-  { "--quiet",                0 },
-  { "--hush",                 0 },
-  { "--version",              0 },
-  { "--library-versions",     0 },
-  { "-h",                     0 },
-  { "--help",                 0 },
-  { "--list-torrc-options",   0 },
-  { "--digests",              0 },
-  { "--nt-service",           0 },
-  { "-nt-service",            0 },
+  { "-f",                     ARGUMENT_NECESSARY },
+  { "--allow-missing-torrc",  TAKES_NO_ARGUMENT },
+  { "--defaults-torrc",       ARGUMENT_NECESSARY },
+  { "--hash-password",        ARGUMENT_NECESSARY },
+  { "--dump-config",          ARGUMENT_OPTIONAL },
+  { "--list-fingerprint",     TAKES_NO_ARGUMENT },
+  { "--keygen",               TAKES_NO_ARGUMENT },
+  { "--newpass",              TAKES_NO_ARGUMENT },
+#if 0
+/* XXXX028: This is not working yet in 0.2.7, so disabling with the
+ * minimal code modification. */
+  { "--master-key",           ARGUMENT_NECESSARY },
+#endif
+  { "--no-passphrase",        TAKES_NO_ARGUMENT },
+  { "--passphrase-fd",        ARGUMENT_NECESSARY },
+  { "--verify-config",        TAKES_NO_ARGUMENT },
+  { "--ignore-missing-torrc", TAKES_NO_ARGUMENT },
+  { "--quiet",                TAKES_NO_ARGUMENT },
+  { "--hush",                 TAKES_NO_ARGUMENT },
+  { "--version",              TAKES_NO_ARGUMENT },
+  { "--library-versions",     TAKES_NO_ARGUMENT },
+  { "-h",                     TAKES_NO_ARGUMENT },
+  { "--help",                 TAKES_NO_ARGUMENT },
+  { "--list-torrc-options",   TAKES_NO_ARGUMENT },
+  { "--nt-service",           TAKES_NO_ARGUMENT },
+  { "-nt-service",            TAKES_NO_ARGUMENT },
   { NULL, 0 },
 };
 
@@ -1888,7 +2045,7 @@ config_parse_commandline(int argc, char **argv, int ignore_errors,
 
   while (i < argc) {
     unsigned command = CONFIG_LINE_NORMAL;
-    int want_arg = 1;
+    takes_argument_t want_arg = ARGUMENT_NECESSARY;
     int is_cmdline = 0;
     int j;
 
@@ -1918,7 +2075,9 @@ config_parse_commandline(int argc, char **argv, int ignore_errors,
       want_arg = 0;
     }
 
-    if (want_arg && i == argc-1) {
+    const int is_last = (i == argc-1);
+
+    if (want_arg == ARGUMENT_NECESSARY && is_last) {
       if (ignore_errors) {
         arg = strdup("");
       } else {
@@ -1928,8 +2087,11 @@ config_parse_commandline(int argc, char **argv, int ignore_errors,
         config_free_lines(front_cmdline);
         return -1;
       }
+    } else if (want_arg == ARGUMENT_OPTIONAL && is_last) {
+      arg = tor_strdup("");
     } else {
-      arg = want_arg ? tor_strdup(argv[i+1]) : strdup("");
+      arg = (want_arg != TAKES_NO_ARGUMENT) ? tor_strdup(argv[i+1]) :
+                                              tor_strdup("");
     }
 
     param = tor_malloc_zero(sizeof(config_line_t));
@@ -2030,7 +2192,7 @@ print_usage(void)
   printf(
 "Copyright (c) 2001-2004, Roger Dingledine\n"
 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
-"Copyright (c) 2007-2013, The Tor Project, Inc.\n\n"
+"Copyright (c) 2007-2016, The Tor Project, Inc.\n\n"
 "tor -f <torrc> [args]\n"
 "See man page for options, or https://www.torproject.org/ for "
 "documentation.\n");
@@ -2062,8 +2224,41 @@ get_last_resolved_addr(void)
   return last_resolved_addr;
 }
 
+/** Reset last_resolved_addr from outside this file. */
+void
+reset_last_resolved_addr(void)
+{
+  last_resolved_addr = 0;
+}
+
 /**
- * Use <b>options-\>Address</b> to guess our public IP address.
+ * Attempt getting our non-local (as judged by tor_addr_is_internal()
+ * function) IP address using following techniques, listed in
+ * order from best (most desirable, try first) to worst (least
+ * desirable, try if everything else fails).
+ *
+ * First, attempt using <b>options-\>Address</b> to get our
+ * non-local IP address.
+ *
+ * If <b>options-\>Address</b> represents a non-local IP address,
+ * consider it ours.
+ *
+ * If <b>options-\>Address</b> is a DNS name that resolves to
+ * a non-local IP address, consider this IP address ours.
+ *
+ * If <b>options-\>Address</b> is NULL, fall back to getting local
+ * hostname and using it in above-described ways to try and
+ * get our IP address.
+ *
+ * In case local hostname cannot be resolved to a non-local IP
+ * address, try getting an IP address of network interface
+ * in hopes it will be non-local one.
+ *
+ * Fail if one or more of the following is true:
+ *   - DNS name in <b>options-\>Address</b> cannot be resolved.
+ *   - <b>options-\>Address</b> is a local host address.
+ *   - Attempt to getting local hostname fails.
+ *   - Attempt to getting network interface address fails.
  *
  * Return 0 if all is well, or -1 if we can't find a suitable
  * public IP address.
@@ -2072,6 +2267,11 @@ get_last_resolved_addr(void)
  *   - Put our public IP address (in host order) into *<b>addr_out</b>.
  *   - If <b>method_out</b> is non-NULL, set *<b>method_out</b> to a static
  *     string describing how we arrived at our answer.
+ *      - "CONFIGURED" - parsed from IP address string in
+ *        <b>options-\>Address</b>
+ *      - "RESOLVED" - resolved from DNS name in <b>options-\>Address</b>
+ *      - "GETHOSTNAME" - resolved from a local hostname.
+ *      - "INTERFACE" - retrieved from a network interface.
  *   - If <b>hostname_out</b> is non-NULL, and we resolved a hostname to
  *     get our address, set *<b>hostname_out</b> to a newly allocated string
  *     holding that hostname. (If we didn't get our address by resolving a
@@ -2110,7 +2310,7 @@ resolve_my_address(int warn_severity, const or_options_t *options,
     explicit_ip = 0; /* it's implicit */
     explicit_hostname = 0; /* it's implicit */
 
-    if (gethostname(hostname, sizeof(hostname)) < 0) {
+    if (tor_gethostname(hostname, sizeof(hostname)) < 0) {
       log_fn(warn_severity, LD_NET,"Error obtaining local hostname");
       return -1;
     }
@@ -2277,8 +2477,8 @@ resolve_my_address(int warn_severity, const or_options_t *options,
 /** Return true iff <b>addr</b> is judged to be on the same network as us, or
  * on a private network.
  */
-int
-is_local_addr(const tor_addr_t *addr)
+MOCK_IMPL(int,
+is_local_addr, (const tor_addr_t *addr))
 {
   if (tor_addr_is_internal(addr, 0))
     return 1;
@@ -2437,6 +2637,7 @@ compute_publishserverdescriptor(or_options_t *options)
 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
  * services can overload the directory system. */
 #define MIN_REND_POST_PERIOD (10*60)
+#define MIN_REND_POST_PERIOD_TESTING (5)
 
 /** Higest allowable value for PredictedPortsRelevanceTime; if this is
  * too high, our selection of exits will decrease for an extended
@@ -2477,6 +2678,66 @@ options_validate_cb(void *old_options, void *options, void *default_options,
                           from_setconf, msg);
 }
 
+#define REJECT(arg) \
+  STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
+#ifdef __GNUC__
+#define COMPLAIN(args...) \
+  STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
+#else
+#define COMPLAIN(args, ...)                                     \
+  STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
+#endif
+
+/** Log a warning message iff <b>filepath</b> is not absolute.
+ * Warning message must contain option name <b>option</b> and
+ * an absolute path that <b>filepath</b> will resolve to.
+ *
+ * In case <b>filepath</b> is absolute, do nothing.
+ */
+static void
+warn_if_option_path_is_relative(const char *option,
+                                char *filepath)
+{
+  if (filepath && path_is_relative(filepath)) {
+    char *abs_path = make_path_absolute(filepath);
+    COMPLAIN("Path for %s (%s) is relative and will resolve to %s."
+             " Is this what you wanted?", option, filepath, abs_path);
+    tor_free(abs_path);
+  }
+}
+
+/** Scan <b>options</b> for occurances of relative file/directory
+ * path and log a warning whenever it is found.
+ */
+static void
+warn_about_relative_paths(or_options_t *options)
+{
+  tor_assert(options);
+
+  warn_if_option_path_is_relative("CookieAuthFile",
+                                  options->CookieAuthFile);
+  warn_if_option_path_is_relative("ExtORPortCookieAuthFile",
+                                  options->ExtORPortCookieAuthFile);
+  warn_if_option_path_is_relative("DirPortFrontPage",
+                                  options->DirPortFrontPage);
+  warn_if_option_path_is_relative("V3BandwidthsFile",
+                                  options->V3BandwidthsFile);
+  warn_if_option_path_is_relative("ControlPortWriteToFile",
+                                  options->ControlPortWriteToFile);
+  warn_if_option_path_is_relative("GeoIPFile",options->GeoIPFile);
+  warn_if_option_path_is_relative("GeoIPv6File",options->GeoIPv6File);
+  warn_if_option_path_is_relative("Log",options->DebugLogFile);
+  warn_if_option_path_is_relative("AccelDir",options->AccelDir);
+  warn_if_option_path_is_relative("DataDirectory",options->DataDirectory);
+  warn_if_option_path_is_relative("PidFile",options->PidFile);
+
+  for (config_line_t *hs_line = options->RendConfigLines; hs_line;
+       hs_line = hs_line->next) {
+    if (!strcasecmp(hs_line->key, "HiddenServiceDir"))
+      warn_if_option_path_is_relative("HiddenServiceDir",hs_line->value);
+  }
+}
+
 /** Return 0 if every setting in <b>options</b> is reasonable, is a
  * permissible transition from <b>old_options</b>, and none of the
  * testing-only settings differ from <b>default_options</b> unless in
@@ -2498,13 +2759,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
   config_line_t *cl;
   const char *uname = get_uname();
   int n_ports=0;
-#define REJECT(arg) \
-  STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
-#define COMPLAIN(arg) STMT_BEGIN log_warn(LD_CONFIG, arg); STMT_END
+  int world_writable_control_socket=0;
 
   tor_assert(msg);
   *msg = NULL;
 
+  warn_about_relative_paths(options);
+
   if (server_mode(options) &&
       (!strcmpstart(uname, "Windows 95") ||
        !strcmpstart(uname, "Windows 98") ||
@@ -2515,7 +2776,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
         "for details.", uname);
   }
 
-  if (parse_ports(options, 1, msg, &n_ports) < 0)
+  if (parse_ports(options, 1, msg, &n_ports,
+                  &world_writable_control_socket) < 0)
     return -1;
 
   if (parse_outbound_addresses(options, 1, msg) < 0)
@@ -2550,7 +2812,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
         config_line_append(&options->Logs, "Log", "warn stdout");
   }
 
-  if (options_init_logs(options, 1)<0) /* Validate the tor_log(s) */
+  /* Validate the tor_log(s) */
+  if (options_init_logs(old_options, options, 1)<0)
     REJECT("Failed to validate Log options. See logs for details.");
 
   if (authdir_mode(options)) {
@@ -2560,11 +2823,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
       REJECT("Failed to resolve/guess local address. See logs for details.");
   }
 
-#ifndef _WIN32
-  if (options->RunAsDaemon && torrc_fname && path_is_relative(torrc_fname))
-    REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
-#endif
-
   if (server_mode(options) && options->RendConfigLines)
     log_warn(LD_CONFIG,
         "Tor is currently configured as a relay and a hidden service. "
@@ -2586,20 +2844,24 @@ options_validate(or_options_t *old_options, or_options_t *options,
     if (!strcasecmp(options->TransProxyType, "default")) {
       options->TransProxyType_parsed = TPT_DEFAULT;
     } else if (!strcasecmp(options->TransProxyType, "pf-divert")) {
-#ifndef __OpenBSD__
-      REJECT("pf-divert is a OpenBSD-specific feature.");
+#if !defined(__OpenBSD__) && !defined( DARWIN )
+      /* Later versions of OS X have pf */
+      REJECT("pf-divert is a OpenBSD-specific "
+             "and OS X/Darwin-specific feature.");
 #else
       options->TransProxyType_parsed = TPT_PF_DIVERT;
 #endif
     } else if (!strcasecmp(options->TransProxyType, "tproxy")) {
-#ifndef __linux__
+#if !defined(__linux__)
       REJECT("TPROXY is a Linux-specific feature.");
 #else
       options->TransProxyType_parsed = TPT_TPROXY;
 #endif
     } else if (!strcasecmp(options->TransProxyType, "ipfw")) {
-#ifndef __FreeBSD__
-      REJECT("ipfw is a FreeBSD-specific feature.");
+#ifndef KERNEL_MAY_SUPPORT_IPFW
+      /* Earlier versions of OS X have ipfw */
+      REJECT("ipfw is a FreeBSD-specific"
+             "and OS X/Darwin-specific feature.");
 #else
       options->TransProxyType_parsed = TPT_IPFW;
 #endif
@@ -2630,6 +2892,17 @@ options_validate(or_options_t *old_options, or_options_t *options,
     routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeNodes);
   }
 
+  if (options->SchedulerLowWaterMark__ == 0 ||
+      options->SchedulerLowWaterMark__ > UINT32_MAX) {
+    log_warn(LD_GENERAL, "Bad SchedulerLowWaterMark__ option");
+    return -1;
+  } else if (options->SchedulerHighWaterMark__ <=
+             options->SchedulerLowWaterMark__ ||
+             options->SchedulerHighWaterMark__ > UINT32_MAX) {
+    log_warn(LD_GENERAL, "Bad SchedulerHighWaterMark option");
+    return -1;
+  }
+
   if (options->NodeFamilies) {
     options->NodeFamilySets = smartlist_new();
     for (cl = options->NodeFamilies; cl; cl = cl->next) {
@@ -2647,6 +2920,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
     COMPLAIN("Unrecognized TLSECGroup: Falling back to the default.");
     tor_free(options->TLSECGroup);
   }
+  if (!evaluate_ecgroup_for_tls(options->TLSECGroup)) {
+    REJECT("Unsupported TLSECGroup.");
+  }
 
   if (options->ExcludeNodes && options->StrictNodes) {
     COMPLAIN("You have asked to exclude certain relays from all positions "
@@ -2654,6 +2930,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
              "features to be broken in unpredictable ways.");
   }
 
+  for (cl = options->RecommendedPackages; cl; cl = cl->next) {
+    if (! validate_recommended_package_line(cl->value)) {
+      log_warn(LD_CONFIG, "Invalid RecommendedPackage line %s will be ignored",
+               escaped(cl->value));
+    }
+  }
+
   if (options->AuthoritativeDir) {
     if (!options->ContactInfo && !options->TestingTorNetwork)
       REJECT("Authoritative directory servers must set ContactInfo");
@@ -2686,6 +2969,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
     if (options->V3BandwidthsFile && !old_options) {
       dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
     }
+    /* same for guardfraction file */
+    if (options->GuardfractionFile && !old_options) {
+      dirserv_read_guardfraction_file(options->GuardfractionFile, NULL);
+    }
   }
 
   if (options->AuthoritativeDir && !options->DirPort_set)
@@ -2790,6 +3077,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
     }
   }
 
+  /* Terminate Reachable*Addresses with reject *
+   */
   for (i=0; i<3; i++) {
     config_line_t **linep =
       (i==0) ? &options->ReachableAddresses :
@@ -2799,8 +3088,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
       continue;
     /* We need to end with a reject *:*, not an implicit accept *:* */
     for (;;) {
-      if (!strcmp((*linep)->value, "reject *:*")) /* already there */
-        break;
       linep = &((*linep)->next);
       if (!*linep) {
         *linep = tor_malloc_zero(sizeof(config_line_t));
@@ -2816,11 +3103,29 @@ options_validate(or_options_t *old_options, or_options_t *options,
 
   if ((options->ReachableAddresses ||
        options->ReachableORAddresses ||
-       options->ReachableDirAddresses) &&
+       options->ReachableDirAddresses ||
+       options->ClientUseIPv4 == 0) &&
       server_mode(options))
     REJECT("Servers must be able to freely connect to the rest "
            "of the Internet, so they must not set Reachable*Addresses "
-           "or FascistFirewall.");
+           "or FascistFirewall or FirewallPorts or ClientUseIPv4 0.");
+
+  /* We check if Reachable*Addresses blocks all addresses in
+   * parse_reachable_addresses(). */
+
+#define WARN_PLEASE_USE_IPV6_LOG_MSG \
+        "ClientPreferIPv6%sPort 1 is ignored unless tor is using IPv6. " \
+        "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges."
+
+  if (!fascist_firewall_use_ipv6(options)
+      && options->ClientPreferIPv6ORPort == 1)
+    log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "OR");
+
+  if (!fascist_firewall_use_ipv6(options)
+      && options->ClientPreferIPv6DirPort == 1)
+    log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "Dir");
+
+#undef WARN_PLEASE_USE_IPV6_LOG_MSG
 
   if (options->UseBridges &&
       server_mode(options))
@@ -2840,6 +3145,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
   options->MaxMemInQueues =
     compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
                                    server_mode(options));
+  options->MaxMemInQueues_low_threshold = (options->MaxMemInQueues / 4) * 3;
 
   options->AllowInvalid_ = 0;
 
@@ -2904,10 +3210,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
     options->MinUptimeHidServDirectoryV2 = 0;
   }
 
-  if (options->RendPostPeriod < MIN_REND_POST_PERIOD) {
+  const int min_rendpostperiod =
+    options->TestingTorNetwork ?
+    MIN_REND_POST_PERIOD_TESTING : MIN_REND_POST_PERIOD;
+  if (options->RendPostPeriod < min_rendpostperiod) {
     log_warn(LD_CONFIG, "RendPostPeriod option is too short; "
-             "raising to %d seconds.", MIN_REND_POST_PERIOD);
-    options->RendPostPeriod = MIN_REND_POST_PERIOD;
+             "raising to %d seconds.", min_rendpostperiod);
+    options->RendPostPeriod = min_rendpostperiod;;
   }
 
   if (options->RendPostPeriod > MAX_DIR_PERIOD) {
@@ -2923,6 +3232,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
     options->PredictedPortsRelevanceTime = MAX_PREDICTED_CIRCS_RELEVANCE;
   }
 
+#ifdef ENABLE_TOR2WEB_MODE
   if (options->Tor2webMode && options->LearnCircuitBuildTimeout) {
     /* LearnCircuitBuildTimeout and Tor2webMode are incompatible in
      * two ways:
@@ -2954,6 +3264,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
                "Tor2WebMode is enabled; disabling UseEntryGuards.");
     options->UseEntryGuards = 0;
   }
+#endif
+
+  if (options->Tor2webRendezvousPoints && !options->Tor2webMode) {
+    REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode.");
+  }
 
   if (!(options->UseEntryGuards) &&
       (options->RendConfigLines != NULL)) {
@@ -2964,6 +3279,21 @@ options_validate(or_options_t *old_options, or_options_t *options,
              "http://freehaven.net/anonbib/#hs-attack06 for details.");
   }
 
+  if (options->EntryNodes &&
+      routerset_is_list(options->EntryNodes) &&
+      (routerset_len(options->EntryNodes) == 1) &&
+      (options->RendConfigLines != NULL)) {
+    tor_asprintf(msg,
+             "You have one single EntryNodes and at least one hidden service "
+             "configured. This is bad because it's very easy to locate your "
+             "entry guard which can then lead to the deanonymization of your "
+             "hidden service -- for more details, see "
+             "https://trac.torproject.org/projects/tor/ticket/14917. "
+             "For this reason, the use of one EntryNodes with an hidden "
+             "service is prohibited until a better solution is found.");
+    return -1;
+  }
+
   if (!options->LearnCircuitBuildTimeout && options->CircuitBuildTimeout &&
       options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
     log_warn(LD_CONFIG,
@@ -3078,29 +3408,34 @@ options_validate(or_options_t *old_options, or_options_t *options,
     options->RelayBandwidthRate = options->RelayBandwidthBurst;
 
   if (server_mode(options)) {
-    if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
+    const unsigned required_min_bw =
+      public_server_mode(options) ?
+       RELAY_REQUIRED_MIN_BANDWIDTH : BRIDGE_REQUIRED_MIN_BANDWIDTH;
+    const char * const optbridge =
+      public_server_mode(options) ? "" : "bridge ";
+    if (options->BandwidthRate < required_min_bw) {
       tor_asprintf(msg,
                        "BandwidthRate is set to %d bytes/second. "
-                       "For servers, it must be at least %d.",
-                       (int)options->BandwidthRate,
-                       ROUTER_REQUIRED_MIN_BANDWIDTH);
+                       "For %sservers, it must be at least %u.",
+                       (int)options->BandwidthRate, optbridge,
+                       required_min_bw);
       return -1;
     } else if (options->MaxAdvertisedBandwidth <
-               ROUTER_REQUIRED_MIN_BANDWIDTH/2) {
+               required_min_bw/2) {
       tor_asprintf(msg,
                        "MaxAdvertisedBandwidth is set to %d bytes/second. "
-                       "For servers, it must be at least %d.",
-                       (int)options->MaxAdvertisedBandwidth,
-                       ROUTER_REQUIRED_MIN_BANDWIDTH/2);
+                       "For %sservers, it must be at least %u.",
+                       (int)options->MaxAdvertisedBandwidth, optbridge,
+                       required_min_bw/2);
       return -1;
     }
     if (options->RelayBandwidthRate &&
-      options->RelayBandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
+      options->RelayBandwidthRate < required_min_bw) {
       tor_asprintf(msg,
                        "RelayBandwidthRate is set to %d bytes/second. "
-                       "For servers, it must be at least %d.",
-                       (int)options->RelayBandwidthRate,
-                       ROUTER_REQUIRED_MIN_BANDWIDTH);
+                       "For %sservers, it must be at least %u.",
+                       (int)options->RelayBandwidthRate, optbridge,
+                       required_min_bw);
       return -1;
     }
   }
@@ -3136,6 +3471,38 @@ options_validate(or_options_t *old_options, or_options_t *options,
     }
   }
 
+  options->AccountingRule = ACCT_MAX;
+  if (options->AccountingRule_option) {
+    if (!strcmp(options->AccountingRule_option, "sum"))
+      options->AccountingRule = ACCT_SUM;
+    else if (!strcmp(options->AccountingRule_option, "max"))
+      options->AccountingRule = ACCT_MAX;
+    else if (!strcmp(options->AccountingRule_option, "in"))
+      options->AccountingRule = ACCT_IN;
+    else if (!strcmp(options->AccountingRule_option, "out"))
+      options->AccountingRule = ACCT_OUT;
+    else
+      REJECT("AccountingRule must be 'sum', 'max', 'in', or 'out'");
+  }
+
+  if (options->DirPort_set && !options->DirCache) {
+    REJECT("DirPort configured but DirCache disabled. DirPort requires "
+           "DirCache.");
+  }
+
+  if (options->BridgeRelay && !options->DirCache) {
+    REJECT("We're a bridge but DirCache is disabled. BridgeRelay requires "
+           "DirCache.");
+  }
+
+  if (server_mode(options)) {
+    char *msg = NULL;
+    if (have_enough_mem_for_dircache(options, 0, &msg)) {
+      log_warn(LD_CONFIG, "%s", msg);
+      tor_free(msg);
+    }
+  }
+
   if (options->HTTPProxy) { /* parse it now */
     if (tor_addr_port_lookup(options->HTTPProxy,
                         &options->HTTPProxyAddr, &options->HTTPProxyPort) < 0)
@@ -3184,11 +3551,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
     }
   }
 
-  /* Check if more than one proxy type has been enabled. */
+  /* Check if more than one exclusive proxy type has been enabled. */
   if (!!options->Socks4Proxy + !!options->Socks5Proxy +
-      !!options->HTTPSProxy + !!options->ClientTransportPlugin > 1)
+      !!options->HTTPSProxy > 1)
     REJECT("You have configured more than one proxy type. "
-           "(Socks4Proxy|Socks5Proxy|HTTPSProxy|ClientTransportPlugin)");
+           "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
 
   /* Check if the proxies will give surprising behavior. */
   if (options->HTTPProxy && !(options->Socks4Proxy ||
@@ -3246,13 +3613,16 @@ options_validate(or_options_t *old_options, or_options_t *options,
     }
   }
 
-  if (options->ControlPort_set && !options->HashedControlPassword &&
+  if ((options->ControlPort_set || world_writable_control_socket) &&
+      !options->HashedControlPassword &&
       !options->HashedControlSessionPassword &&
       !options->CookieAuthentication) {
-    log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
+    log_warn(LD_CONFIG, "Control%s is %s, but no authentication method "
              "has been configured.  This means that any program on your "
              "computer can reconfigure your Tor.  That's bad!  You should "
-             "upgrade your Tor controller as soon as possible.");
+             "upgrade your Tor controller as soon as possible.",
+             options->ControlPort_set ? "Port" : "Socket",
+             options->ControlPort_set ? "open" : "world writable");
   }
 
   if (options->CookieAuthFileGroupReadable && !options->CookieAuthFile) {
@@ -3281,6 +3651,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
   if (validate_addr_policies(options, msg) < 0)
     return -1;
 
+  /* If FallbackDir is set, we don't UseDefaultFallbackDirs */
+  if (options->UseDefaultFallbackDirs && options->FallbackDir) {
+    log_info(LD_CONFIG, "You have set UseDefaultFallbackDirs 1 and "
+             "FallbackDir(s). Ignoring UseDefaultFallbackDirs, and "
+             "using the FallbackDir(s) you have set.");
+  }
+
   if (validate_dir_servers(options, old_options) < 0)
     REJECT("Directory authority/fallback line did not parse. See logs "
            "for details.");
@@ -3296,12 +3673,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
   }
 
   for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
-    if (parse_client_transport_line(options, cl->value, 1)<0)
+    if (parse_transport_line(options, cl->value, 1, 0) < 0)
       REJECT("Invalid client transport line. See logs for details.");
   }
 
   for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
-    if (parse_server_transport_line(options, cl->value, 1)<0)
+    if (parse_transport_line(options, cl->value, 1, 1) < 0)
       REJECT("Invalid server transport line. See logs for details.");
   }
 
@@ -3365,19 +3742,68 @@ options_validate(or_options_t *old_options, or_options_t *options,
 
   if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
       options->V3AuthVotingInterval/2) {
-    REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
-           "V3AuthVotingInterval");
+    /*
+    This doesn't work, but it seems like it should:
+     what code is preventing the interval being less than twice the lead-up?
+    if (options->TestingTorNetwork) {
+      if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
+          options->V3AuthVotingInterval) {
+        REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than "
+               "V3AuthVotingInterval");
+      } else {
+        COMPLAIN("V3AuthVoteDelay plus V3AuthDistDelay is more than half "
+                 "V3AuthVotingInterval. This may lead to "
+                 "consensus instability, particularly if clocks drift.");
+      }
+    } else {
+     */
+      REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
+             "V3AuthVotingInterval");
+    /*
+    }
+     */
+  }
+
+  if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS) {
+    if (options->TestingTorNetwork) {
+      if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS_TESTING) {
+        REJECT("V3AuthVoteDelay is way too low.");
+      } else {
+        COMPLAIN("V3AuthVoteDelay is very low. "
+                 "This may lead to failure to vote for a consensus.");
+      }
+    } else {
+      REJECT("V3AuthVoteDelay is way too low.");
+    }
+  }
+
+  if (options->V3AuthDistDelay < MIN_DIST_SECONDS) {
+    if (options->TestingTorNetwork) {
+      if (options->V3AuthDistDelay < MIN_DIST_SECONDS_TESTING) {
+        REJECT("V3AuthDistDelay is way too low.");
+      } else {
+        COMPLAIN("V3AuthDistDelay is very low. "
+                 "This may lead to missing votes in a consensus.");
+      }
+    } else {
+      REJECT("V3AuthDistDelay is way too low.");
+    }
   }
-  if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS)
-    REJECT("V3AuthVoteDelay is way too low.");
-  if (options->V3AuthDistDelay < MIN_DIST_SECONDS)
-    REJECT("V3AuthDistDelay is way too low.");
 
   if (options->V3AuthNIntervalsValid < 2)
     REJECT("V3AuthNIntervalsValid must be at least 2.");
 
   if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL) {
-    REJECT("V3AuthVotingInterval is insanely low.");
+    if (options->TestingTorNetwork) {
+      if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL_TESTING) {
+        REJECT("V3AuthVotingInterval is insanely low.");
+      } else {
+        COMPLAIN("V3AuthVotingInterval is very low. "
+                 "This may lead to failure to synchronise for a consensus.");
+      }
+    } else {
+      REJECT("V3AuthVotingInterval is insanely low.");
+    }
   } else if (options->V3AuthVotingInterval > 24*60*60) {
     REJECT("V3AuthVotingInterval is insanely high.");
   } else if (((24*60*60) % options->V3AuthVotingInterval) != 0) {
@@ -3399,15 +3825,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
                                  AF_INET6, 1, msg)<0)
     return -1;
 
-  if (options->AutomapHostsSuffixes) {
-    SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf,
-    {
-      size_t len = strlen(suf);
-      if (len && suf[len-1] == '.')
-        suf[len-1] = '\0';
-    });
-  }
-
   if (options->TestingTorNetwork &&
       !(options->DirAuthorities ||
         (options->AlternateDirAuthority &&
@@ -3450,28 +3867,41 @@ options_validate(or_options_t *old_options, or_options_t *options,
   CHECK_DEFAULT(TestingDescriptorMaxDownloadTries);
   CHECK_DEFAULT(TestingMicrodescMaxDownloadTries);
   CHECK_DEFAULT(TestingCertMaxDownloadTries);
+  CHECK_DEFAULT(TestingAuthKeyLifetime);
+  CHECK_DEFAULT(TestingLinkCertLifetime);
+  CHECK_DEFAULT(TestingSigningKeySlop);
+  CHECK_DEFAULT(TestingAuthKeySlop);
+  CHECK_DEFAULT(TestingLinkKeySlop);
 #undef CHECK_DEFAULT
 
-  if (options->TestingV3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
+  if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
+    REJECT("SigningKeyLifetime is too short.");
+  if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)
+    REJECT("LinkCertLifetime is too short.");
+  if (options->TestingAuthKeyLifetime < options->TestingLinkKeySlop*2)
+    REJECT("TestingAuthKeyLifetime is too short.");
+
+  if (options->TestingV3AuthInitialVotingInterval
+      < MIN_VOTE_INTERVAL_TESTING_INITIAL) {
     REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
   } else if (((30*60) % options->TestingV3AuthInitialVotingInterval) != 0) {
     REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
            "30 minutes.");
   }
 
-  if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
+  if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS_TESTING) {
     REJECT("TestingV3AuthInitialVoteDelay is way too low.");
   }
 
-  if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS) {
+  if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS_TESTING) {
     REJECT("TestingV3AuthInitialDistDelay is way too low.");
   }
 
   if (options->TestingV3AuthInitialVoteDelay +
       options->TestingV3AuthInitialDistDelay >=
-      options->TestingV3AuthInitialVotingInterval/2) {
+      options->TestingV3AuthInitialVotingInterval) {
     REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
-           "must be less than half TestingV3AuthInitialVotingInterval");
+           "must be less than TestingV3AuthInitialVotingInterval");
   }
 
   if (options->TestingV3AuthVotingStartOffset >
@@ -3479,6 +3909,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
           options->V3AuthVotingInterval)) {
     REJECT("TestingV3AuthVotingStartOffset is higher than the voting "
            "interval.");
+  } else if (options->TestingV3AuthVotingStartOffset < 0) {
+    REJECT("TestingV3AuthVotingStartOffset must be non-negative.");
   }
 
   if (options->TestingAuthDirTimeToLearnReachability < 0) {
@@ -3506,11 +3938,41 @@ options_validate(or_options_t *old_options, or_options_t *options,
   }
 
   if (options->TestingConsensusMaxDownloadTries < 2) {
-    REJECT("TestingConsensusMaxDownloadTries must be greater than 1.");
+    REJECT("TestingConsensusMaxDownloadTries must be greater than 2.");
   } else if (options->TestingConsensusMaxDownloadTries > 800) {
     COMPLAIN("TestingConsensusMaxDownloadTries is insanely high.");
   }
 
+  if (options->ClientBootstrapConsensusMaxDownloadTries < 2) {
+    REJECT("ClientBootstrapConsensusMaxDownloadTries must be greater "
+           "than 2."
+           );
+  } else if (options->ClientBootstrapConsensusMaxDownloadTries > 800) {
+    COMPLAIN("ClientBootstrapConsensusMaxDownloadTries is insanely "
+             "high.");
+  }
+
+  if (options->ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries
+      < 2) {
+    REJECT("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries must "
+           "be greater than 2."
+           );
+  } else if (
+        options->ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries
+        > 800) {
+    COMPLAIN("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries is "
+             "insanely high.");
+  }
+
+  if (options->ClientBootstrapConsensusMaxInProgressTries < 1) {
+    REJECT("ClientBootstrapConsensusMaxInProgressTries must be greater "
+           "than 0.");
+  } else if (options->ClientBootstrapConsensusMaxInProgressTries
+             > 100) {
+    COMPLAIN("ClientBootstrapConsensusMaxInProgressTries is insanely "
+             "high.");
+  }
+
   if (options->TestingDescriptorMaxDownloadTries < 2) {
     REJECT("TestingDescriptorMaxDownloadTries must be greater than 1.");
   } else if (options->TestingDescriptorMaxDownloadTries > 800) {
@@ -3576,9 +4038,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
              "combination.");
 
   return 0;
+}
+
 #undef REJECT
 #undef COMPLAIN
-}
 
 /* Given the value that the user has set for MaxMemInQueues, compute the
  * actual maximum value.  We clip this value if it's too low, and autodetect
@@ -3642,6 +4105,52 @@ compute_real_max_mem_in_queues(const uint64_t val, int log_guess)
   }
 }
 
+/* If we have less than 300 MB suggest disabling dircache */
+#define DIRCACHE_MIN_MB_BANDWIDTH 300
+#define DIRCACHE_MIN_BANDWIDTH (DIRCACHE_MIN_MB_BANDWIDTH*ONE_MEGABYTE)
+#define STRINGIFY(val) #val
+
+/** Create a warning message for emitting if we are a dircache but may not have
+ * enough system memory, or if we are not a dircache but probably should be.
+ * Return -1 when a message is returned in *msg*, else return 0. */
+STATIC int
+have_enough_mem_for_dircache(const or_options_t *options, size_t total_mem,
+                             char **msg)
+{
+  *msg = NULL;
+  /* XXX We should possibly be looking at MaxMemInQueues here
+   * unconditionally.  Or we should believe total_mem unconditionally. */
+  if (total_mem == 0) {
+    if (get_total_system_memory(&total_mem) < 0) {
+      total_mem = options->MaxMemInQueues >= SIZE_MAX ?
+        SIZE_MAX : (size_t)options->MaxMemInQueues;
+    }
+  }
+  if (options->DirCache) {
+    if (total_mem < DIRCACHE_MIN_BANDWIDTH) {
+      if (options->BridgeRelay) {
+        *msg = strdup("Running a Bridge with less than "
+                      STRINGIFY(DIRCACHE_MIN_MB_BANDWIDTH) " MB of memory is "
+                      "not recommended.");
+      } else {
+        *msg = strdup("Being a directory cache (default) with less than "
+                      STRINGIFY(DIRCACHE_MIN_MB_BANDWIDTH) " MB of memory is "
+                      "not recommended and may consume most of the available "
+                      "resources, consider disabling this functionality by "
+                      "setting the DirCache option to 0.");
+      }
+    }
+  } else {
+    if (total_mem >= DIRCACHE_MIN_BANDWIDTH) {
+      *msg = strdup("DirCache is disabled and we are configured as a "
+               "relay. This may disqualify us from becoming a guard in the "
+               "future.");
+    }
+  }
+  return *msg == NULL ? 0 : -1;
+}
+#undef STRINGIFY
+
 /** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
  * equal strings. */
 static int
@@ -3689,6 +4198,18 @@ options_transition_allowed(const or_options_t *old,
     return -1;
   }
 
+  if (old->KeepBindCapabilities != new_val->KeepBindCapabilities) {
+    *msg = tor_strdup("While Tor is running, changing KeepBindCapabilities is "
+                      "not allowed.");
+    return -1;
+  }
+
+  if (!opt_streq(old->SyslogIdentityTag, new_val->SyslogIdentityTag)) {
+    *msg = tor_strdup("While Tor is running, changing "
+                      "SyslogIdentityTag is not allowed.");
+    return -1;
+  }
+
   if ((old->HardwareAccel != new_val->HardwareAccel)
       || !opt_streq(old->AccelName, new_val->AccelName)
       || !opt_streq(old->AccelDir, new_val->AccelDir)) {
@@ -3737,6 +4258,7 @@ options_transition_allowed(const or_options_t *old,
       }                                                                 \
     } while (0)
 
+    SB_NOCHANGE_STR(Address);
     SB_NOCHANGE_STR(PidFile);
     SB_NOCHANGE_STR(ServerDNSResolvConfFile);
     SB_NOCHANGE_STR(DirPortFrontPage);
@@ -3799,6 +4321,7 @@ options_transition_affects_descriptor(const or_options_t *old_options,
       !opt_streq(old_options->Nickname,new_options->Nickname) ||
       !opt_streq(old_options->Address,new_options->Address) ||
       !config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
+      old_options->ExitRelay != new_options->ExitRelay ||
       old_options->ExitPolicyRejectPrivate !=
         new_options->ExitPolicyRejectPrivate ||
       old_options->IPv6Exit != new_options->IPv6Exit ||
@@ -3817,7 +4340,10 @@ options_transition_affects_descriptor(const or_options_t *old_options,
       !opt_streq(old_options->MyFamily, new_options->MyFamily) ||
       !opt_streq(old_options->AccountingStart, new_options->AccountingStart) ||
       old_options->AccountingMax != new_options->AccountingMax ||
-      public_server_mode(old_options) != public_server_mode(new_options))
+      old_options->AccountingRule != new_options->AccountingRule ||
+      public_server_mode(old_options) != public_server_mode(new_options) ||
+      old_options->DirCache != new_options->DirCache ||
+      old_options->AssumeReachable != new_options->AssumeReachable)
     return 1;
 
   return 0;
@@ -3887,7 +4413,10 @@ get_windows_conf_root(void)
 static const char *
 get_default_conf_file(int defaults_file)
 {
-#ifdef _WIN32
+#ifdef DISABLE_SYSTEM_TORRC
+  (void) defaults_file;
+  return NULL;
+#elif defined(_WIN32)
   if (defaults_file) {
     static char defaults_path[MAX_PATH+1];
     tor_snprintf(defaults_path, MAX_PATH, "%s\\torrc-defaults",
@@ -4014,27 +4543,45 @@ find_torrc_filename(config_line_t *cmd_arg,
   if (*using_default_fname) {
     /* didn't find one, try CONFDIR */
     const char *dflt = get_default_conf_file(defaults_file);
-    if (dflt && file_status(dflt) == FN_FILE) {
+    file_status_t st = file_status(dflt);
+    if (dflt && (st == FN_FILE || st == FN_EMPTY)) {
       fname = tor_strdup(dflt);
     } else {
 #ifndef _WIN32
       char *fn = NULL;
-      if (!defaults_file)
+      if (!defaults_file) {
         fn = expand_filename("~/.torrc");
-      if (fn && file_status(fn) == FN_FILE) {
-        fname = fn;
+      }
+      if (fn) {
+        file_status_t hmst = file_status(fn);
+        if (hmst == FN_FILE || hmst == FN_EMPTY || dflt == NULL) {
+          fname = fn;
+        } else {
+          tor_free(fn);
+          fname = tor_strdup(dflt);
+        }
       } else {
-        tor_free(fn);
-        fname = tor_strdup(dflt);
+        fname = dflt ? tor_strdup(dflt) : NULL;
       }
 #else
-      fname = tor_strdup(dflt);
+      fname = dflt ? tor_strdup(dflt) : NULL;
 #endif
     }
   }
   return fname;
 }
 
+/** Read the torrc from standard input and return it as a string.
+ * Upon failure, return NULL.
+ */
+static char *
+load_torrc_from_stdin(void)
+{
+   size_t sz_out;
+
+   return read_file_to_str_until_eof(STDIN_FILENO,SIZE_MAX,&sz_out);
+}
+
 /** Load a configuration file from disk, setting torrc_fname or
  * torrc_defaults_fname if successful.
  *
@@ -4051,16 +4598,20 @@ load_torrc_from_disk(config_line_t *cmd_arg, int defaults_file)
   int ignore_missing_torrc = 0;
   char **fname_var = defaults_file ? &torrc_defaults_fname : &torrc_fname;
 
-  fname = find_torrc_filename(cmd_arg, defaults_file,
-                              &using_default_torrc, &ignore_missing_torrc);
-  tor_assert(fname);
-  log_debug(LD_CONFIG, "Opening config file \"%s\"", fname);
-
-  tor_free(*fname_var);
-  *fname_var = fname;
+  if (*fname_var == NULL) {
+    fname = find_torrc_filename(cmd_arg, defaults_file,
+                                &using_default_torrc, &ignore_missing_torrc);
+    tor_free(*fname_var);
+    *fname_var = fname;
+  } else {
+    fname = *fname_var;
+  }
+  log_debug(LD_CONFIG, "Opening config file \"%s\"", fname?fname:"<NULL>");
 
   /* Open config file */
-  if (file_status(fname) != FN_FILE ||
+  file_status_t st = fname ? file_status(fname) : FN_EMPTY;
+  if (fname == NULL ||
+      !(st == FN_FILE || st == FN_EMPTY) ||
       !(cf = read_file_to_str(fname,0,NULL))) {
     if (using_default_torrc == 1 || ignore_missing_torrc) {
       if (!defaults_file)
@@ -4128,13 +4679,6 @@ options_init_from_torrc(int argc, char **argv)
     exit(0);
   }
 
-  if (config_line_find(cmdline_only_options, "--digests")) {
-    printf("Tor version %s.\n",get_version());
-    printf("%s", libor_get_digests());
-    printf("%s", tor_get_digests());
-    exit(0);
-  }
-
   if (config_line_find(cmdline_only_options, "--library-versions")) {
     printf("Tor version %s. \n", get_version());
     printf("Library versions\tCompiled\t\tRuntime\n");
@@ -4153,7 +4697,9 @@ options_init_from_torrc(int argc, char **argv)
 
   command = CMD_RUN_TOR;
   for (p_index = cmdline_only_options; p_index; p_index = p_index->next) {
-    if (!strcmp(p_index->key,"--list-fingerprint")) {
+    if (!strcmp(p_index->key,"--keygen")) {
+      command = CMD_KEYGEN;
+    } else if (!strcmp(p_index->key,"--list-fingerprint")) {
       command = CMD_LIST_FINGERPRINT;
     } else if (!strcmp(p_index->key, "--hash-password")) {
       command = CMD_HASH_PASSWORD;
@@ -4171,7 +4717,19 @@ options_init_from_torrc(int argc, char **argv)
     cf = tor_strdup("");
   } else {
     cf_defaults = load_torrc_from_disk(cmdline_only_options, 1);
-    cf = load_torrc_from_disk(cmdline_only_options, 0);
+
+    const config_line_t *f_line = config_line_find(cmdline_only_options,
+                                                   "-f");
+
+    const int read_torrc_from_stdin =
+    (f_line != NULL && strcmp(f_line->value, "-") == 0);
+
+    if (read_torrc_from_stdin) {
+      cf = load_torrc_from_stdin();
+    } else {
+      cf = load_torrc_from_disk(cmdline_only_options, 0);
+    }
+
     if (!cf) {
       if (config_line_find(cmdline_only_options, "--allow-missing-torrc")) {
         cf = tor_strdup("");
@@ -4184,6 +4742,65 @@ options_init_from_torrc(int argc, char **argv)
   retval = options_init_from_string(cf_defaults, cf, command, command_arg,
                                     &errmsg);
 
+  if (retval < 0)
+    goto err;
+
+  if (config_line_find(cmdline_only_options, "--no-passphrase")) {
+    if (command == CMD_KEYGEN) {
+      get_options_mutable()->keygen_force_passphrase = FORCE_PASSPHRASE_OFF;
+    } else {
+      log_err(LD_CONFIG, "--no-passphrase specified without --keygen!");
+      exit(1);
+    }
+  }
+
+  if (config_line_find(cmdline_only_options, "--newpass")) {
+    if (command == CMD_KEYGEN) {
+      get_options_mutable()->change_key_passphrase = 1;
+    } else {
+      log_err(LD_CONFIG, "--newpass specified without --keygen!");
+      exit(1);
+    }
+  }
+
+  {
+    const config_line_t *fd_line = config_line_find(cmdline_only_options,
+                                                    "--passphrase-fd");
+    if (fd_line) {
+      if (get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_OFF) {
+        log_err(LD_CONFIG, "--no-passphrase specified with --passphrase-fd!");
+        exit(1);
+      } else if (command != CMD_KEYGEN) {
+        log_err(LD_CONFIG, "--passphrase-fd specified without --keygen!");
+        exit(1);
+      } else {
+        const char *v = fd_line->value;
+        int ok = 1;
+        long fd = tor_parse_long(v, 10, 0, INT_MAX, &ok, NULL);
+        if (fd < 0 || ok == 0) {
+          log_err(LD_CONFIG, "Invalid --passphrase-fd value %s", escaped(v));
+          exit(1);
+        }
+        get_options_mutable()->keygen_passphrase_fd = (int)fd;
+        get_options_mutable()->use_keygen_passphrase_fd = 1;
+        get_options_mutable()->keygen_force_passphrase = FORCE_PASSPHRASE_ON;
+      }
+    }
+  }
+
+  {
+    const config_line_t *key_line = config_line_find(cmdline_only_options,
+                                                     "--master-key");
+    if (key_line) {
+      if (command != CMD_KEYGEN) {
+        log_err(LD_CONFIG, "--master-key without --keygen!");
+        exit(1);
+      } else {
+        get_options_mutable()->master_key_fname = tor_strdup(key_line->value);
+      }
+    }
+  }
+
  err:
 
   tor_free(cf);
@@ -4349,7 +4966,7 @@ options_init_from_string(const char *cf_defaults, const char *cf,
   return err;
 }
 
-/** Return the location for our configuration file.
+/** Return the location for our configuration file.  May return NULL.
  */
 const char *
 get_torrc_fname(int defaults_fname)
@@ -4456,7 +5073,8 @@ addressmap_register_auto(const char *from, const char *to,
  * Initialize the logs based on the configuration file.
  */
 static int
-options_init_logs(or_options_t *options, int validate_only)
+options_init_logs(const or_options_t *old_options, or_options_t *options,
+                  int validate_only)
 {
   config_line_t *opt;
   int ok;
@@ -4537,7 +5155,7 @@ options_init_logs(or_options_t *options, int validate_only)
         !strcasecmp(smartlist_get(elts,0), "syslog")) {
 #ifdef HAVE_SYSLOG_H
       if (!validate_only) {
-        add_syslog_log(severity);
+        add_syslog_log(severity, options->SyslogIdentityTag);
       }
 #else
       log_warn(LD_CONFIG, "Syslog is not supported on this system. Sorry.");
@@ -4549,7 +5167,21 @@ options_init_logs(or_options_t *options, int validate_only)
         !strcasecmp(smartlist_get(elts,0), "file")) {
       if (!validate_only) {
         char *fname = expand_filename(smartlist_get(elts, 1));
-        if (add_file_log(severity, fname) < 0) {
+        /* Truncate if TruncateLogFile is set and we haven't seen this option
+           line before. */
+        int truncate = 0;
+        if (options->TruncateLogFile) {
+          truncate = 1;
+          if (old_options) {
+            config_line_t *opt2;
+            for (opt2 = old_options->Logs; opt2; opt2 = opt2->next)
+              if (!strcmp(opt->value, opt2->value)) {
+                truncate = 0;
+                break;
+              }
+          }
+        }
+        if (add_file_log(severity, fname, truncate) < 0) {
           log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s",
                    opt->value, strerror(errno));
           ok = 0;
@@ -4742,46 +5374,52 @@ parse_bridge_line(const char *line)
   return bridge_line;
 }
 
-/** Read the contents of a ClientTransportPlugin line from
- * <b>line</b>. Return 0 if the line is well-formed, and -1 if it
- * isn't.
+/** Read the contents of a ClientTransportPlugin or ServerTransportPlugin
+ * line from <b>line</b>, depending on the value of <b>server</b>. Return 0
+ * if the line is well-formed, and -1 if it isn't.
  *
- * If <b>validate_only</b> is 0, the line is well-formed, and the
- * transport is needed by some bridge:
+ * If <b>validate_only</b> is 0, the line is well-formed, and the transport is
+ * needed by some bridge:
  * - If it's an external proxy line, add the transport described in the line to
  * our internal transport list.
- * - If it's a managed proxy line, launch the managed proxy. */
-static int
-parse_client_transport_line(const or_options_t *options,
-                            const char *line, int validate_only)
+ * - If it's a managed proxy line, launch the managed proxy.
+ */
+
+STATIC int
+parse_transport_line(const or_options_t *options,
+                     const char *line, int validate_only,
+                     int server)
 {
+
   smartlist_t *items = NULL;
   int r;
-  char *field2=NULL;
-
-  const char *transports=NULL;
-  smartlist_t *transport_list=NULL;
-  char *addrport=NULL;
+  const char *transports = NULL;
+  smartlist_t *transport_list = NULL;
+  char *type = NULL;
+  char *addrport = NULL;
   tor_addr_t addr;
   uint16_t port = 0;
-  int socks_ver=PROXY_NONE;
+  int socks_ver = PROXY_NONE;
 
   /* managed proxy options */
-  int is_managed=0;
-  char **proxy_argv=NULL;
-  char **tmp=NULL;
+  int is_managed = 0;
+  char **proxy_argv = NULL;
+  char **tmp = NULL;
   int proxy_argc, i;
-  int is_useless_proxy=1;
+  int is_useless_proxy = 1;
 
   int line_length;
 
+  /* Split the line into space-separated tokens */
   items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
+  line_length = smartlist_len(items);
 
-  line_length =  smartlist_len(items);
   if (line_length < 3) {
-    log_warn(LD_CONFIG, "Too few arguments on ClientTransportPlugin line.");
+    log_warn(LD_CONFIG,
+             "Too few arguments on %sTransportPlugin line.",
+             server ? "Server" : "Client");
     goto err;
   }
 
@@ -4805,64 +5443,97 @@ parse_client_transport_line(const or_options_t *options,
       is_useless_proxy = 0;
   } SMARTLIST_FOREACH_END(transport_name);
 
-  /* field2 is either a SOCKS version or "exec" */
-  field2 = smartlist_get(items, 1);
-
-  if (!strcmp(field2,"socks4")) {
+  type = smartlist_get(items, 1);
+  if (!strcmp(type, "exec")) {
+    is_managed = 1;
+  } else if (server && !strcmp(type, "proxy")) {
+    /* 'proxy' syntax only with ServerTransportPlugin */
+    is_managed = 0;
+  } else if (!server && !strcmp(type, "socks4")) {
+    /* 'socks4' syntax only with ClientTransportPlugin */
+    is_managed = 0;
     socks_ver = PROXY_SOCKS4;
-  } else if (!strcmp(field2,"socks5")) {
+  } else if (!server && !strcmp(type, "socks5")) {
+    /* 'socks5' syntax only with ClientTransportPlugin */
+    is_managed = 0;
     socks_ver = PROXY_SOCKS5;
-  } else if (!strcmp(field2,"exec")) {
-    is_managed=1;
   } else {
-    log_warn(LD_CONFIG, "Strange ClientTransportPlugin field '%s'.",
-             field2);
+    log_warn(LD_CONFIG,
+             "Strange %sTransportPlugin type '%s'",
+             server ? "Server" : "Client", type);
     goto err;
   }
 
   if (is_managed && options->Sandbox) {
-    log_warn(LD_CONFIG, "Managed proxies are not compatible with Sandbox mode."
-             "(ClientTransportPlugin line was %s)", escaped(line));
+    log_warn(LD_CONFIG,
+             "Managed proxies are not compatible with Sandbox mode."
+             "(%sTransportPlugin line was %s)",
+             server ? "Server" : "Client", escaped(line));
     goto err;
   }
 
-  if (is_managed) { /* managed */
-    if (!validate_only && is_useless_proxy) {
-      log_info(LD_GENERAL, "Pluggable transport proxy (%s) does not provide "
-               "any needed transports and will not be launched.", line);
+  if (is_managed) {
+    /* managed */
+
+    if (!server && !validate_only && is_useless_proxy) {
+      log_info(LD_GENERAL,
+               "Pluggable transport proxy (%s) does not provide "
+               "any needed transports and will not be launched.",
+               line);
     }
 
-    /* If we are not just validating, use the rest of the line as the
-       argv of the proxy to be launched. Also, make sure that we are
-       only launching proxies that contribute useful transports.  */
-    if (!validate_only && !is_useless_proxy) {
-      proxy_argc = line_length-2;
+    /*
+     * If we are not just validating, use the rest of the line as the
+     * argv of the proxy to be launched. Also, make sure that we are
+     * only launching proxies that contribute useful transports.
+     */
+
+    if (!validate_only && (server || !is_useless_proxy)) {
+      proxy_argc = line_length - 2;
       tor_assert(proxy_argc > 0);
-      proxy_argv = tor_malloc_zero(sizeof(char*)*(proxy_argc+1));
+      proxy_argv = tor_calloc((proxy_argc + 1), sizeof(char *));
       tmp = proxy_argv;
-      for (i=0;i<proxy_argc;i++) { /* store arguments */
+
+      for (i = 0; i < proxy_argc; i++) {
+        /* store arguments */
         *tmp++ = smartlist_get(items, 2);
         smartlist_del_keeporder(items, 2);
       }
-      *tmp = NULL; /*terminated with NULL, just like execve() likes it*/
+      *tmp = NULL; /* terminated with NULL, just like execve() likes it */
 
       /* kickstart the thing */
-      pt_kickstart_client_proxy(transport_list, proxy_argv);
+      if (server) {
+        pt_kickstart_server_proxy(transport_list, proxy_argv);
+      } else {
+        pt_kickstart_client_proxy(transport_list, proxy_argv);
+      }
+    }
+  } else {
+    /* external */
+
+    /* ClientTransportPlugins connecting through a proxy is managed only. */
+    if (!server && (options->Socks4Proxy || options->Socks5Proxy ||
+                    options->HTTPSProxy)) {
+      log_warn(LD_CONFIG, "You have configured an external proxy with another "
+                          "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy)");
+      goto err;
     }
-  } else { /* external */
+
     if (smartlist_len(transport_list) != 1) {
-      log_warn(LD_CONFIG, "You can't have an external proxy with "
-               "more than one transports.");
+      log_warn(LD_CONFIG,
+               "You can't have an external proxy with more than "
+               "one transport.");
       goto err;
     }
 
     addrport = smartlist_get(items, 2);
 
-    if (tor_addr_port_lookup(addrport, &addr, &port)<0) {
-      log_warn(LD_CONFIG, "Error parsing transport "
-               "address '%s'", addrport);
+    if (tor_addr_port_lookup(addrport, &addr, &port) < 0) {
+      log_warn(LD_CONFIG,
+               "Error parsing transport address '%s'", addrport);
       goto err;
     }
+
     if (!port) {
       log_warn(LD_CONFIG,
                "Transport address '%s' has no port.", addrport);
@@ -4870,11 +5541,15 @@ parse_client_transport_line(const or_options_t *options,
     }
 
     if (!validate_only) {
-      transport_add_from_config(&addr, port, smartlist_get(transport_list, 0),
-                                socks_ver);
-
-      log_info(LD_DIR, "Transport '%s' found at %s",
+      log_info(LD_DIR, "%s '%s' at %s.",
+               server ? "Server transport" : "Transport",
                transports, fmt_addrport(&addr, port));
+
+      if (!server) {
+        transport_add_from_config(&addr, port,
+                                  smartlist_get(transport_list, 0),
+                                  socks_ver);
+      }
     }
   }
 
@@ -5046,146 +5721,21 @@ get_options_for_server_transport(const char *transport)
   return NULL;
 }
 
-/** Read the contents of a ServerTransportPlugin line from
- * <b>line</b>. Return 0 if the line is well-formed, and -1 if it
- * isn't.
- * If <b>validate_only</b> is 0, the line is well-formed, and it's a
- * managed proxy line, launch the managed proxy. */
-static int
-parse_server_transport_line(const or_options_t *options,
-                            const char *line, int validate_only)
-{
-  smartlist_t *items = NULL;
-  int r;
-  const char *transports=NULL;
-  smartlist_t *transport_list=NULL;
-  char *type=NULL;
-  char *addrport=NULL;
-  tor_addr_t addr;
-  uint16_t port = 0;
-
-  /* managed proxy options */
-  int is_managed=0;
-  char **proxy_argv=NULL;
-  char **tmp=NULL;
-  int proxy_argc,i;
-
-  int line_length;
-
-  items = smartlist_new();
-  smartlist_split_string(items, line, NULL,
-                         SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
-
-  line_length =  smartlist_len(items);
-  if (line_length < 3) {
-    log_warn(LD_CONFIG, "Too few arguments on ServerTransportPlugin line.");
-    goto err;
-  }
-
-  /* Get the first line element, split it to commas into
-     transport_list (in case it's multiple transports) and validate
-     the transport names. */
-  transports = smartlist_get(items, 0);
-  transport_list = smartlist_new();
-  smartlist_split_string(transport_list, transports, ",",
-                         SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) {
-    if (!string_is_C_identifier(transport_name)) {
-      log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).",
-               transport_name);
-      goto err;
-    }
-  } SMARTLIST_FOREACH_END(transport_name);
-
-  type = smartlist_get(items, 1);
-
-  if (!strcmp(type, "exec")) {
-    is_managed=1;
-  } else if (!strcmp(type, "proxy")) {
-    is_managed=0;
-  } else {
-    log_warn(LD_CONFIG, "Strange ServerTransportPlugin type '%s'", type);
-    goto err;
-  }
-
-  if (is_managed && options->Sandbox) {
-    log_warn(LD_CONFIG, "Managed proxies are not compatible with Sandbox mode."
-             "(ServerTransportPlugin line was %s)", escaped(line));
-    goto err;
-  }
-
-  if (is_managed) { /* managed */
-    if (!validate_only) {
-      proxy_argc = line_length-2;
-      tor_assert(proxy_argc > 0);
-      proxy_argv = tor_malloc_zero(sizeof(char*)*(proxy_argc+1));
-      tmp = proxy_argv;
-
-      for (i=0;i<proxy_argc;i++) { /* store arguments */
-        *tmp++ = smartlist_get(items, 2);
-        smartlist_del_keeporder(items, 2);
-      }
-      *tmp = NULL; /*terminated with NULL, just like execve() likes it*/
-
-      /* kickstart the thing */
-      pt_kickstart_server_proxy(transport_list, proxy_argv);
-    }
-  } else { /* external */
-    if (smartlist_len(transport_list) != 1) {
-      log_warn(LD_CONFIG, "You can't have an external proxy with "
-               "more than one transports.");
-      goto err;
-    }
-
-    addrport = smartlist_get(items, 2);
-
-    if (tor_addr_port_lookup(addrport, &addr, &port)<0) {
-      log_warn(LD_CONFIG, "Error parsing transport "
-               "address '%s'", addrport);
-      goto err;
-    }
-    if (!port) {
-      log_warn(LD_CONFIG,
-               "Transport address '%s' has no port.", addrport);
-      goto err;
-    }
-
-    if (!validate_only) {
-      log_info(LD_DIR, "Server transport '%s' at %s.",
-               transports, fmt_addrport(&addr, port));
-    }
-  }
-
-  r = 0;
-  goto done;
-
- err:
-  r = -1;
-
- done:
-  SMARTLIST_FOREACH(items, char*, s, tor_free(s));
-  smartlist_free(items);
-  if (transport_list) {
-    SMARTLIST_FOREACH(transport_list, char*, s, tor_free(s));
-    smartlist_free(transport_list);
-  }
-
-  return r;
-}
-
 /** Read the contents of a DirAuthority line from <b>line</b>. If
  * <b>validate_only</b> is 0, and the line is well-formed, and it
  * shares any bits with <b>required_type</b> or <b>required_type</b>
- * is 0, then add the dirserver described in the line (minus whatever
- * bits it's missing) as a valid authority. Return 0 on success,
+ * is NO_DIRINFO (zero), then add the dirserver described in the line
+ * (minus whatever bits it's missing) as a valid authority.
+ * Return 0 on success or filtering out by type,
  * or -1 if the line isn't well-formed or if we can't add it. */
-static int
+STATIC int
 parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
                          int validate_only)
 {
   smartlist_t *items = NULL;
   int r;
   char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
+  tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL;
   uint16_t dir_port = 0, or_port = 0;
   char digest[DIGEST_LEN];
   char v3_digest[DIGEST_LEN];
@@ -5242,6 +5792,20 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
       } else {
         type |= V3_DIRINFO|EXTRAINFO_DIRINFO|MICRODESC_DIRINFO;
       }
+    } else if (!strcasecmpstart(flag, "ipv6=")) {
+      if (ipv6_addrport_ptr) {
+        log_warn(LD_CONFIG, "Redundant ipv6 addr/port on DirAuthority line");
+      } else {
+        if (tor_addr_port_parse(LOG_WARN, flag+strlen("ipv6="),
+                                &ipv6_addrport.addr, &ipv6_addrport.port,
+                                -1) < 0
+            || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) {
+          log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on DirAuthority line",
+                   escaped(flag));
+          goto err;
+        }
+        ipv6_addrport_ptr = &ipv6_addrport;
+      }
     } else {
       log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line",
                flag);
@@ -5271,14 +5835,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
              fingerprint, (int)strlen(fingerprint));
     goto err;
   }
-  if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
-    /* a known bad fingerprint. refuse to use it. We can remove this
-     * clause once Tor 0.1.2.17 is obsolete. */
-    log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
-             "torrc file (%s), or reinstall Tor and use the default torrc.",
-             get_torrc_fname(0));
-    goto err;
-  }
   if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
     log_warn(LD_CONFIG, "Unable to decode DirAuthority key digest.");
     goto err;
@@ -5292,6 +5848,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
     log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type,
               address, (int)dir_port, (char*)smartlist_get(items,0));
     if (!(ds = trusted_dir_server_new(nickname, address, dir_port, or_port,
+                                      ipv6_addrport_ptr,
                                       digest, v3_digest, type, weight)))
       goto err;
     dir_server_add(ds);
@@ -5317,7 +5874,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
  * <b>validate_only</b> is 0, and the line is well-formed, then add the
  * dirserver described in the line as a fallback directory. Return 0 on
  * success, or -1 if the line isn't well-formed or if we can't add it. */
-static int
+int
 parse_dir_fallback_line(const char *line,
                         int validate_only)
 {
@@ -5329,6 +5886,7 @@ parse_dir_fallback_line(const char *line,
   int ok;
   char id[DIGEST_LEN];
   char *address=NULL;
+  tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL;
   double weight=1.0;
 
   memset(id, 0, sizeof(id));
@@ -5347,6 +5905,20 @@ parse_dir_fallback_line(const char *line,
     } else if (!strcmpstart(cp, "id=")) {
       ok = !base16_decode(id, DIGEST_LEN,
                           cp+strlen("id="), strlen(cp)-strlen("id="));
+    } else if (!strcasecmpstart(cp, "ipv6=")) {
+      if (ipv6_addrport_ptr) {
+        log_warn(LD_CONFIG, "Redundant ipv6 addr/port on FallbackDir line");
+      } else {
+        if (tor_addr_port_parse(LOG_WARN, cp+strlen("ipv6="),
+                                &ipv6_addrport.addr, &ipv6_addrport.port,
+                                -1) < 0
+            || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) {
+          log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on FallbackDir line",
+                   escaped(cp));
+          goto end;
+        }
+        ipv6_addrport_ptr = &ipv6_addrport;
+      }
     } else if (!strcmpstart(cp, "weight=")) {
       int ok;
       const char *wstring = cp + strlen("weight=");
@@ -5388,7 +5960,8 @@ parse_dir_fallback_line(const char *line,
 
   if (!validate_only) {
     dir_server_t *ds;
-    ds = fallback_dir_server_new(&addr, dirport, orport, id, weight);
+    ds = fallback_dir_server_new(&addr, dirport, orport, ipv6_addrport_ptr,
+                                 id, weight);
     if (!ds) {
       log_warn(LD_CONFIG, "Couldn't create FallbackDir %s", escaped(line));
       goto end;
@@ -5407,18 +5980,19 @@ parse_dir_fallback_line(const char *line,
 }
 
 /** Allocate and return a new port_cfg_t with reasonable defaults. */
-static port_cfg_t *
-port_cfg_new(void)
+STATIC port_cfg_t *
+port_cfg_new(size_t namelen)
 {
-  port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t));
-  cfg->ipv4_traffic = 1;
-  cfg->cache_ipv4_answers = 1;
-  cfg->prefer_ipv6_virtaddr = 1;
+  tor_assert(namelen <= SIZE_T_CEILING - sizeof(port_cfg_t) - 1);
+  port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1);
+  cfg->entry_cfg.ipv4_traffic = 1;
+  cfg->entry_cfg.cache_ipv4_answers = 1;
+  cfg->entry_cfg.prefer_ipv6_virtaddr = 1;
   return cfg;
 }
 
 /** Free all storage held in <b>port</b> */
-static void
+STATIC void
 port_cfg_free(port_cfg_t *port)
 {
   tor_free(port);
@@ -5472,12 +6046,12 @@ warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
   } SMARTLIST_FOREACH_END(port);
 }
 
-/** Given a list of port_cfg_t in <b>ports</b>, warn any controller port there
- * is listening on any non-loopback address.  If <b>forbid</b> is true,
- * then emit a stronger warning and remove the port from the list.
+/** Given a list of port_cfg_t in <b>ports</b>, warn if any controller port
+ * there is listening on any non-loopback address.  If <b>forbid_nonlocal</b>
+ * is true, then emit a stronger warning and remove the port from the list.
  */
 static void
-warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
+warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)
 {
   int warned = 0;
   SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
@@ -5486,7 +6060,7 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
     if (port->is_unix_addr)
       continue;
     if (!tor_addr_is_loopback(&port->addr)) {
-      if (forbid) {
+      if (forbid_nonlocal) {
         if (!warned)
           log_warn(LD_CONFIG,
                  "You have a ControlPort set to accept "
@@ -5514,12 +6088,54 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
   } SMARTLIST_FOREACH_END(port);
 }
 
-#define CL_PORT_NO_OPTIONS (1u<<0)
-#define CL_PORT_WARN_NONLOCAL (1u<<1)
-#define CL_PORT_ALLOW_EXTRA_LISTENADDR (1u<<2)
-#define CL_PORT_SERVER_OPTIONS (1u<<3)
-#define CL_PORT_FORBID_NONLOCAL (1u<<4)
-#define CL_PORT_TAKES_HOSTNAMES (1u<<5)
+#ifdef HAVE_SYS_UN_H
+
+/** Parse the given <b>addrport</b> and set <b>path_out</b> if a Unix socket
+ * path is found. Return 0 on success. On error, a negative value is
+ * returned, -ENOENT if no Unix statement found, -EINVAL if the socket path
+ * is empty and -ENOSYS if AF_UNIX is not supported (see function in the
+ * #else statement below). */
+
+int
+config_parse_unix_port(const char *addrport, char **path_out)
+{
+  tor_assert(path_out);
+  tor_assert(addrport);
+
+  if (strcmpstart(addrport, unix_socket_prefix)) {
+    /* Not a Unix socket path. */
+    return -ENOENT;
+  }
+
+  if (strlen(addrport + strlen(unix_socket_prefix)) == 0) {
+    /* Empty socket path, not very usable. */
+    return -EINVAL;
+  }
+
+  *path_out = tor_strdup(addrport + strlen(unix_socket_prefix));
+  return 0;
+}
+
+#else /* defined(HAVE_SYS_UN_H) */
+
+int
+config_parse_unix_port(const char *addrport, char **path_out)
+{
+  tor_assert(path_out);
+  tor_assert(addrport);
+
+  if (strcmpstart(addrport, unix_socket_prefix)) {
+    /* Not a Unix socket path. */
+    return -ENOENT;
+  }
+
+  log_warn(LD_CONFIG,
+           "Port configuration %s is for an AF_UNIX socket, but we have no"
+           "support available on this platform",
+           escaped(addrport));
+  return -ENOSYS;
+}
+#endif /* defined(HAVE_SYS_UN_H) */
 
 /**
  * Parse port configuration for a single port type.
@@ -5538,12 +6154,12 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
  * If no address is specified, default to <b>defaultaddr</b>.  If no
  * FooPort is given, default to defaultport (if 0, there is no default).
  *
- * If CL_PORT_NO_OPTIONS is set in <b>flags</b>, do not allow stream
+ * If CL_PORT_NO_STREAM_OPTIONS is set in <b>flags</b>, do not allow stream
  * isolation options in the FooPort entries.
  *
  * If CL_PORT_WARN_NONLOCAL is set in <b>flags</b>, warn if any of the
  * ports are not on a local address.  If CL_PORT_FORBID_NONLOCAL is set,
- * this is a contrl port with no password set: don't even allow it.
+ * this is a control port with no password set: don't even allow it.
  *
  * Unless CL_PORT_ALLOW_EXTRA_LISTENADDR is set in <b>flags</b>, warn
  * if FooListenAddress is set but FooPort is 0.
@@ -5559,7 +6175,7 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
  * <b>out</b> for every port that the client should listen on.  Return 0
  * on success, -1 on failure.
  */
-static int
+STATIC int
 parse_port_config(smartlist_t *out,
                   const config_line_t *ports,
                   const config_line_t *listenaddrs,
@@ -5567,20 +6183,24 @@ parse_port_config(smartlist_t *out,
                   int listener_type,
                   const char *defaultaddr,
                   int defaultport,
-                  unsigned flags)
+                  const unsigned flags)
 {
   smartlist_t *elts;
   int retval = -1;
   const unsigned is_control = (listener_type == CONN_TYPE_CONTROL_LISTENER);
   const unsigned is_ext_orport = (listener_type == CONN_TYPE_EXT_OR_LISTENER);
-  const unsigned allow_no_options = flags & CL_PORT_NO_OPTIONS;
+  const unsigned allow_no_stream_options = flags & CL_PORT_NO_STREAM_OPTIONS;
   const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
   const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
   const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
+  const unsigned default_to_group_writable =
+    flags & CL_PORT_DFLT_GROUP_WRITABLE;
   const unsigned allow_spurious_listenaddr =
     flags & CL_PORT_ALLOW_EXTRA_LISTENADDR;
   const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
+  const unsigned is_unix_socket = flags & CL_PORT_IS_UNIXSOCKET;
   int got_zero_port=0, got_nonzero_port=0;
+  char *unix_socket_path = NULL;
 
   /* FooListenAddress is deprecated; let's make it work like it used to work,
    * though. */
@@ -5616,14 +6236,14 @@ parse_port_config(smartlist_t *out,
 
     if (use_server_options && out) {
       /* Add a no_listen port. */
-      port_cfg_t *cfg = port_cfg_new();
+      port_cfg_t *cfg = port_cfg_new(0);
       cfg->type = listener_type;
       cfg->port = mainport;
       tor_addr_make_unspec(&cfg->addr); /* Server ports default to 0.0.0.0 */
-      cfg->no_listen = 1;
-      cfg->bind_ipv4_only = 1;
-      cfg->ipv4_traffic = 1;
-      cfg->prefer_ipv6_virtaddr = 1;
+      cfg->server_cfg.no_listen = 1;
+      cfg->server_cfg.bind_ipv4_only = 1;
+      cfg->entry_cfg.ipv4_traffic = 1;
+      cfg->entry_cfg.prefer_ipv6_virtaddr = 1;
       smartlist_add(out, cfg);
     }
 
@@ -5636,13 +6256,13 @@ parse_port_config(smartlist_t *out,
         return -1;
       }
       if (out) {
-        port_cfg_t *cfg = port_cfg_new();
+        port_cfg_t *cfg = port_cfg_new(0);
         cfg->type = listener_type;
         cfg->port = port ? port : mainport;
         tor_addr_copy(&cfg->addr, &addr);
-        cfg->session_group = SESSION_GROUP_UNSET;
-        cfg->isolation_flags = ISO_DEFAULT;
-        cfg->no_advertise = 1;
+        cfg->entry_cfg.session_group = SESSION_GROUP_UNSET;
+        cfg->entry_cfg.isolation_flags = ISO_DEFAULT;
+        cfg->server_cfg.no_advertise = 1;
         smartlist_add(out, cfg);
       }
     }
@@ -5661,13 +6281,19 @@ parse_port_config(smartlist_t *out,
   /* No ListenAddress lines. If there's no FooPort, then maybe make a default
    * one. */
   if (! ports) {
-    if (defaultport && out) {
-       port_cfg_t *cfg = port_cfg_new();
+    if (defaultport && defaultaddr && out) {
+      port_cfg_t *cfg = port_cfg_new(is_unix_socket ? strlen(defaultaddr) : 0);
        cfg->type = listener_type;
-       cfg->port = defaultport;
-       tor_addr_parse(&cfg->addr, defaultaddr);
-       cfg->session_group = SESSION_GROUP_UNSET;
-       cfg->isolation_flags = ISO_DEFAULT;
+       if (is_unix_socket) {
+         tor_addr_make_unspec(&cfg->addr);
+         memcpy(cfg->unix_addr, defaultaddr, strlen(defaultaddr) + 1);
+         cfg->is_unix_addr = 1;
+       } else {
+         cfg->port = defaultport;
+         tor_addr_parse(&cfg->addr, defaultaddr);
+       }
+       cfg->entry_cfg.session_group = SESSION_GROUP_UNSET;
+       cfg->entry_cfg.isolation_flags = ISO_DEFAULT;
        smartlist_add(out, cfg);
     }
     return 0;
@@ -5679,10 +6305,11 @@ parse_port_config(smartlist_t *out,
 
   for (; ports; ports = ports->next) {
     tor_addr_t addr;
-    int port;
+    int port, ret;
     int sessiongroup = SESSION_GROUP_UNSET;
     unsigned isolation = ISO_DEFAULT;
     int prefer_no_auth = 0;
+    int socks_iso_keep_alive = 0;
 
     char *addrport;
     uint16_t ptmp=0;
@@ -5692,7 +6319,9 @@ parse_port_config(smartlist_t *out,
       ipv4_traffic = 1, ipv6_traffic = 0, prefer_ipv6 = 0,
       cache_ipv4 = 1, use_cached_ipv4 = 0,
       cache_ipv6 = 0, use_cached_ipv6 = 0,
-      prefer_ipv6_automap = 1;
+      prefer_ipv6_automap = 1, world_writable = 0, group_writable = 0,
+      relax_dirmode_check = 0,
+      has_used_unix_socket_only_option = 0;
 
     smartlist_split_string(elts, ports->value, NULL,
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -5701,16 +6330,36 @@ parse_port_config(smartlist_t *out,
       goto err;
     }
 
-    if (allow_no_options && smartlist_len(elts) > 1) {
-      log_warn(LD_CONFIG, "Too many options on %sPort line", portname);
+    /* Now parse the addr/port value */
+    addrport = smartlist_get(elts, 0);
+
+    /* Let's start to check if it's a Unix socket path. */
+    ret = config_parse_unix_port(addrport, &unix_socket_path);
+    if (ret < 0 && ret != -ENOENT) {
+      if (ret == -EINVAL) {
+        log_warn(LD_CONFIG, "Empty Unix socket path.");
+      }
       goto err;
     }
 
-    /* Now parse the addr/port value */
-    addrport = smartlist_get(elts, 0);
-    if (!strcmp(addrport, "auto")) {
+    if (unix_socket_path &&
+        ! conn_listener_type_supports_af_unix(listener_type)) {
+      log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname);
+      goto err;
+    }
+
+    if (unix_socket_path) {
+      port = 1;
+    } else if (is_unix_socket) {
+      unix_socket_path = tor_strdup(addrport);
+      if (!strcmp(addrport, "0"))
+        port = 0;
+      else
+        port = 1;
+    } else if (!strcmp(addrport, "auto")) {
       port = CFG_AUTO_PORT;
-      tor_addr_parse(&addr, defaultaddr);
+      int af = tor_addr_parse(&addr, defaultaddr);
+      tor_assert(af >= 0);
     } else if (!strcasecmpend(addrport, ":auto")) {
       char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
       port = CFG_AUTO_PORT;
@@ -5720,12 +6369,14 @@ parse_port_config(smartlist_t *out,
         tor_free(addrtmp);
         goto err;
       }
+      tor_free(addrtmp);
     } else {
       /* Try parsing integer port before address, because, who knows?
          "9050" might be a valid address. */
       port = (int) tor_parse_long(addrport, 10, 0, 65535, &ok, NULL);
       if (ok) {
-        tor_addr_parse(&addr, defaultaddr);
+        int af = tor_addr_parse(&addr, defaultaddr);
+        tor_assert(af >= 0);
       } else if (tor_addr_port_lookup(addrport, &addr, &ptmp) == 0) {
         if (ptmp == 0) {
           log_warn(LD_CONFIG, "%sPort line has address but no port", portname);
@@ -5733,12 +6384,15 @@ parse_port_config(smartlist_t *out,
         }
         port = ptmp;
       } else {
-        log_warn(LD_CONFIG, "Couldn't parse address '%s' for %sPort",
+        log_warn(LD_CONFIG, "Couldn't parse address %s for %sPort",
                  escaped(addrport), portname);
         goto err;
       }
     }
 
+    if (unix_socket_path && default_to_group_writable)
+      group_writable = 1;
+
     /* Now parse the rest of the options, if any. */
     if (use_server_options) {
       /* This is a server port; parse advertising options */
@@ -5795,10 +6449,11 @@ parse_port_config(smartlist_t *out,
         const char *elt_orig = elt;
         if (elt_sl_idx == 0)
           continue; /* Skip addr:port */
+
         if (!strcasecmpstart(elt, "SessionGroup=")) {
           int group = (int)tor_parse_long(elt+strlen("SessionGroup="),
                                           10, 0, INT_MAX, &ok, NULL);
-          if (!ok) {
+          if (!ok || !allow_no_stream_options) {
             log_warn(LD_CONFIG, "Invalid %sPort option '%s'",
                      portname, escaped(elt));
             goto err;
@@ -5817,6 +6472,26 @@ parse_port_config(smartlist_t *out,
           elt += 2;
         }
 
+        if (!strcasecmp(elt, "GroupWritable")) {
+          group_writable = !no;
+          has_used_unix_socket_only_option = 1;
+          continue;
+        } else if (!strcasecmp(elt, "WorldWritable")) {
+          world_writable = !no;
+          has_used_unix_socket_only_option = 1;
+          continue;
+        } else if (!strcasecmp(elt, "RelaxDirModeCheck")) {
+          relax_dirmode_check = !no;
+          has_used_unix_socket_only_option = 1;
+          continue;
+        }
+
+        if (allow_no_stream_options) {
+          log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
+                   portname, escaped(elt));
+          continue;
+        }
+
         if (takes_hostnames) {
           if (!strcasecmp(elt, "IPv4Traffic")) {
             ipv4_traffic = ! no;
@@ -5853,6 +6528,9 @@ parse_port_config(smartlist_t *out,
         } else if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
           prefer_no_auth = ! no;
           continue;
+        } else if (!strcasecmp(elt, "KeepAliveIsolateSOCKSAuth")) {
+          socks_iso_keep_alive = ! no;
+          continue;
         }
 
         if (!strcasecmpend(elt, "s"))
@@ -5892,29 +6570,55 @@ parse_port_config(smartlist_t *out,
       goto err;
     }
 
+    if ( has_used_unix_socket_only_option && ! unix_socket_path) {
+      log_warn(LD_CONFIG, "You have a %sPort entry with GroupWritable, "
+               "WorldWritable, or RelaxDirModeCheck, but it is not a "
+               "unix socket.", portname);
+      goto err;
+    }
+
+    if (!(isolation & ISO_SOCKSAUTH) && socks_iso_keep_alive) {
+      log_warn(LD_CONFIG, "You have a %sPort entry with both "
+               "NoIsolateSOCKSAuth and KeepAliveIsolateSOCKSAuth set.",
+               portname);
+      goto err;
+    }
+
     if (out && port) {
-      port_cfg_t *cfg = port_cfg_new();
-      tor_addr_copy(&cfg->addr, &addr);
-      cfg->port = port;
+      size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
+      port_cfg_t *cfg = port_cfg_new(namelen);
+      if (unix_socket_path) {
+        tor_addr_make_unspec(&cfg->addr);
+        memcpy(cfg->unix_addr, unix_socket_path, namelen + 1);
+        cfg->is_unix_addr = 1;
+        tor_free(unix_socket_path);
+      } else {
+        tor_addr_copy(&cfg->addr, &addr);
+        cfg->port = port;
+      }
       cfg->type = listener_type;
-      cfg->isolation_flags = isolation;
-      cfg->session_group = sessiongroup;
-      cfg->no_advertise = no_advertise;
-      cfg->no_listen = no_listen;
-      cfg->all_addrs = all_addrs;
-      cfg->bind_ipv4_only = bind_ipv4_only;
-      cfg->bind_ipv6_only = bind_ipv6_only;
-      cfg->ipv4_traffic = ipv4_traffic;
-      cfg->ipv6_traffic = ipv6_traffic;
-      cfg->prefer_ipv6 = prefer_ipv6;
-      cfg->cache_ipv4_answers = cache_ipv4;
-      cfg->cache_ipv6_answers = cache_ipv6;
-      cfg->use_cached_ipv4_answers = use_cached_ipv4;
-      cfg->use_cached_ipv6_answers = use_cached_ipv6;
-      cfg->prefer_ipv6_virtaddr = prefer_ipv6_automap;
-      cfg->socks_prefer_no_auth = prefer_no_auth;
+      cfg->is_world_writable = world_writable;
+      cfg->is_group_writable = group_writable;
+      cfg->relax_dirmode_check = relax_dirmode_check;
+      cfg->entry_cfg.isolation_flags = isolation;
+      cfg->entry_cfg.session_group = sessiongroup;
+      cfg->server_cfg.no_advertise = no_advertise;
+      cfg->server_cfg.no_listen = no_listen;
+      cfg->server_cfg.all_addrs = all_addrs;
+      cfg->server_cfg.bind_ipv4_only = bind_ipv4_only;
+      cfg->server_cfg.bind_ipv6_only = bind_ipv6_only;
+      cfg->entry_cfg.ipv4_traffic = ipv4_traffic;
+      cfg->entry_cfg.ipv6_traffic = ipv6_traffic;
+      cfg->entry_cfg.prefer_ipv6 = prefer_ipv6;
+      cfg->entry_cfg.cache_ipv4_answers = cache_ipv4;
+      cfg->entry_cfg.cache_ipv6_answers = cache_ipv6;
+      cfg->entry_cfg.use_cached_ipv4_answers = use_cached_ipv4;
+      cfg->entry_cfg.use_cached_ipv6_answers = use_cached_ipv6;
+      cfg->entry_cfg.prefer_ipv6_virtaddr = prefer_ipv6_automap;
+      cfg->entry_cfg.socks_prefer_no_auth = prefer_no_auth;
       if (! (isolation & ISO_SOCKSAUTH))
-        cfg->socks_prefer_no_auth = 1;
+        cfg->entry_cfg.socks_prefer_no_auth = 1;
+      cfg->entry_cfg.socks_iso_keep_alive = socks_iso_keep_alive;
 
       smartlist_add(out, cfg);
     }
@@ -5942,32 +6646,10 @@ parse_port_config(smartlist_t *out,
  err:
   SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
   smartlist_free(elts);
+  tor_free(unix_socket_path);
   return retval;
 }
 
-/** Parse a list of config_line_t for an AF_UNIX unix socket listener option
- * from <b>cfg</b> and add them to <b>out</b>.  No fancy options are
- * supported: the line contains nothing but the path to the AF_UNIX socket. */
-static int
-parse_unix_socket_config(smartlist_t *out, const config_line_t *cfg,
-                         int listener_type)
-{
-
-  if (!out)
-    return 0;
-
-  for ( ; cfg; cfg = cfg->next) {
-    size_t len = strlen(cfg->value);
-    port_cfg_t *port = tor_malloc_zero(sizeof(port_cfg_t) + len + 1);
-    port->is_unix_addr = 1;
-    memcpy(port->unix_addr, cfg->value, len+1);
-    port->type = listener_type;
-    smartlist_add(out, port);
-  }
-
-  return 0;
-}
-
 /** Return the number of ports which are actually going to listen with type
  * <b>listenertype</b>.  Do not count no_listen ports.  Do not count unix
  * sockets. */
@@ -5976,7 +6658,7 @@ count_real_listeners(const smartlist_t *ports, int listenertype)
 {
   int n = 0;
   SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
-    if (port->no_listen || port->is_unix_addr)
+    if (port->server_cfg.no_listen || port->is_unix_addr)
       continue;
     if (port->type != listenertype)
       continue;
@@ -5996,7 +6678,8 @@ count_real_listeners(const smartlist_t *ports, int listenertype)
  **/
 static int
 parse_ports(or_options_t *options, int validate_only,
-            char **msg, int *n_ports_out)
+            char **msg, int *n_ports_out,
+            int *world_writable_control_socket)
 {
   smartlist_t *ports;
   int retval = -1;
@@ -6005,12 +6688,14 @@ parse_ports(or_options_t *options, int validate_only,
 
   *n_ports_out = 0;
 
+  const unsigned gw_flag = options->SocksSocketsGroupWritable ?
+    CL_PORT_DFLT_GROUP_WRITABLE : 0;
   if (parse_port_config(ports,
              options->SocksPort_lines, options->SocksListenAddress,
              "Socks", CONN_TYPE_AP_LISTENER,
              "127.0.0.1", 9050,
              CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR|
-             CL_PORT_TAKES_HOSTNAMES) < 0) {
+             CL_PORT_TAKES_HOSTNAMES|gw_flag) < 0) {
     *msg = tor_strdup("Invalid SocksPort/SocksListenAddress configuration");
     goto err;
   }
@@ -6039,12 +6724,15 @@ parse_ports(or_options_t *options, int validate_only,
     goto err;
   }
   {
-    unsigned control_port_flags = CL_PORT_NO_OPTIONS | CL_PORT_WARN_NONLOCAL;
+    unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS |
+      CL_PORT_WARN_NONLOCAL;
     const int any_passwords = (options->HashedControlPassword ||
                                options->HashedControlSessionPassword ||
                                options->CookieAuthentication);
     if (! any_passwords)
       control_port_flags |= CL_PORT_FORBID_NONLOCAL;
+    if (options->ControlSocketsGroupWritable)
+      control_port_flags |= CL_PORT_DFLT_GROUP_WRITABLE;
 
     if (parse_port_config(ports,
                           options->ControlPort_lines,
@@ -6056,9 +6744,11 @@ parse_ports(or_options_t *options, int validate_only,
                         "configuration");
       goto err;
     }
-    if (parse_unix_socket_config(ports,
-                                 options->ControlSocket,
-                                 CONN_TYPE_CONTROL_LISTENER) < 0) {
+
+    if (parse_port_config(ports, options->ControlSocket, NULL,
+                          "ControlSocket",
+                          CONN_TYPE_CONTROL_LISTENER, NULL, 0,
+                          control_port_flags | CL_PORT_IS_UNIXSOCKET) < 0) {
       *msg = tor_strdup("Invalid ControlSocket configuration");
       goto err;
     }
@@ -6090,10 +6780,13 @@ parse_ports(or_options_t *options, int validate_only,
     }
   }
 
-  if (check_server_ports(ports, options) < 0) {
+  int n_low_ports = 0;
+  if (check_server_ports(ports, options, &n_low_ports) < 0) {
     *msg = tor_strdup("Misconfigured server ports");
     goto err;
   }
+  if (have_low_ports < 0)
+    have_low_ports = (n_low_ports > 0);
 
   *n_ports_out = smartlist_len(ports);
 
@@ -6118,6 +6811,16 @@ parse_ports(or_options_t *options, int validate_only,
   options->ExtORPort_set =
     !! count_real_listeners(ports, CONN_TYPE_EXT_OR_LISTENER);
 
+  if (world_writable_control_socket) {
+    SMARTLIST_FOREACH(ports, port_cfg_t *, p,
+      if (p->type == CONN_TYPE_CONTROL_LISTENER &&
+          p->is_unix_addr &&
+          p->is_world_writable) {
+        *world_writable_control_socket = 1;
+        break;
+      });
+  }
+
   if (!validate_only) {
     if (configured_ports) {
       SMARTLIST_FOREACH(configured_ports,
@@ -6137,10 +6840,12 @@ parse_ports(or_options_t *options, int validate_only,
 }
 
 /** Given a list of <b>port_cfg_t</b> in <b>ports</b>, check them for internal
- * consistency and warn as appropriate. */
+ * consistency and warn as appropriate.  Set *<b>n_low_ports_out</b> to the
+ * number of sub-1024 ports we will be binding. */
 static int
 check_server_ports(const smartlist_t *ports,
-                   const or_options_t *options)
+                   const or_options_t *options,
+                   int *n_low_ports_out)
 {
   int n_orport_advertised = 0;
   int n_orport_advertised_ipv4 = 0;
@@ -6152,25 +6857,25 @@ check_server_ports(const smartlist_t *ports,
 
   SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
     if (port->type == CONN_TYPE_DIR_LISTENER) {
-      if (! port->no_advertise)
+      if (! port->server_cfg.no_advertise)
         ++n_dirport_advertised;
-      if (! port->no_listen)
+      if (! port->server_cfg.no_listen)
         ++n_dirport_listeners;
     } else if (port->type == CONN_TYPE_OR_LISTENER) {
-      if (! port->no_advertise) {
+      if (! port->server_cfg.no_advertise) {
         ++n_orport_advertised;
         if (tor_addr_family(&port->addr) == AF_INET ||
             (tor_addr_family(&port->addr) == AF_UNSPEC &&
-                !port->bind_ipv6_only))
+                !port->server_cfg.bind_ipv6_only))
           ++n_orport_advertised_ipv4;
       }
-      if (! port->no_listen)
+      if (! port->server_cfg.no_listen)
         ++n_orport_listeners;
     } else {
       continue;
     }
 #ifndef _WIN32
-    if (!port->no_listen && port->port < 1024)
+    if (!port->server_cfg.no_listen && port->port < 1024)
       ++n_low_port;
 #endif
   } SMARTLIST_FOREACH_END(port);
@@ -6203,23 +6908,31 @@ check_server_ports(const smartlist_t *ports,
     r = -1;
   }
 
-  if (n_low_port && options->AccountingMax) {
+  if (n_low_port && options->AccountingMax &&
+      (!have_capability_support() || options->KeepBindCapabilities == 0)) {
+    const char *extra = "";
+    if (options->KeepBindCapabilities == 0 && have_capability_support())
+      extra = ", and you have disabled KeepBindCapabilities.";
     log_warn(LD_CONFIG,
           "You have set AccountingMax to use hibernation. You have also "
-          "chosen a low DirPort or OrPort. This combination can make Tor stop "
+          "chosen a low DirPort or OrPort%s."
+          "This combination can make Tor stop "
           "working when it tries to re-attach the port after a period of "
           "hibernation. Please choose a different port or turn off "
           "hibernation unless you know this combination will work on your "
-          "platform.");
+          "platform.", extra);
   }
 
+  if (n_low_ports_out)
+    *n_low_ports_out = n_low_port;
+
   return r;
 }
 
 /** Return a list of port_cfg_t for client ports parsed from the
  * options. */
-const smartlist_t *
-get_configured_ports(void)
+MOCK_IMPL(const smartlist_t *,
+get_configured_ports,(void))
 {
   if (!configured_ports)
     configured_ports = smartlist_new();
@@ -6248,7 +6961,7 @@ get_first_listener_addrport_string(int listener_type)
     return NULL;
 
   SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
-    if (cfg->no_listen)
+    if (cfg->server_cfg.no_listen)
       continue;
 
     if (cfg->type == listener_type &&
@@ -6291,16 +7004,15 @@ get_first_listener_addrport_string(int listener_type)
 int
 get_first_advertised_port_by_type_af(int listener_type, int address_family)
 {
-  if (!configured_ports)
-    return 0;
-  SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
+  const smartlist_t *conf_ports = get_configured_ports();
+  SMARTLIST_FOREACH_BEGIN(conf_ports, const port_cfg_t *, cfg) {
     if (cfg->type == listener_type &&
-        !cfg->no_advertise &&
+        !cfg->server_cfg.no_advertise &&
         (tor_addr_family(&cfg->addr) == address_family ||
          tor_addr_family(&cfg->addr) == AF_UNSPEC)) {
       if (tor_addr_family(&cfg->addr) != AF_UNSPEC ||
-          (address_family == AF_INET && !cfg->bind_ipv6_only) ||
-          (address_family == AF_INET6 && !cfg->bind_ipv4_only)) {
+          (address_family == AF_INET && !cfg->server_cfg.bind_ipv6_only) ||
+          (address_family == AF_INET6 && !cfg->server_cfg.bind_ipv4_only)) {
         return cfg->port;
       }
     }
@@ -6384,10 +7096,13 @@ write_configuration_file(const char *fname, const or_options_t *options)
   char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
   int rename_old = 0, r;
 
-  tor_assert(fname);
+  if (!fname)
+    return -1;
 
   switch (file_status(fname)) {
+    /* create backups of old config files, even if they're empty */
     case FN_FILE:
+    case FN_EMPTY:
       old_val = read_file_to_str(fname, 0, NULL);
       if (!old_val || strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
         rename_old = 1;
@@ -6480,7 +7195,6 @@ get_num_cpus(const or_options_t *options)
 static void
 init_libevent(const or_options_t *options)
 {
-  const char *badness=NULL;
   tor_libevent_cfg cfg;
 
   tor_assert(options);
@@ -6501,17 +7215,6 @@ init_libevent(const or_options_t *options)
   tor_libevent_initialize(&cfg);
 
   suppress_libevent_log_msg(NULL);
-
-  tor_check_libevent_version(tor_libevent_get_method(),
-                             server_mode(get_options()),
-                             &badness);
-  if (badness) {
-    const char *v = tor_libevent_get_version_str();
-    const char *m = tor_libevent_get_method();
-    control_event_general_status(LOG_WARN,
-        "BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
-                                 v, m, badness);
-  }
 }
 
 /** Return a newly allocated string holding a filename relative to the data
@@ -6712,15 +7415,67 @@ getinfo_helper_config(control_connection_t *conn,
     smartlist_free(sl);
   } else if (!strcmp(question, "config/defaults")) {
     smartlist_t *sl = smartlist_new();
-    int i;
+    int i, dirauth_lines_seen = 0, fallback_lines_seen = 0;
     for (i = 0; option_vars_[i].name; ++i) {
       const config_var_t *var = &option_vars_[i];
       if (var->initvalue != NULL) {
-          char *val = esc_for_log(var->initvalue);
-          smartlist_add_asprintf(sl, "%s %s\n",var->name,val);
-          tor_free(val);
+        if (strcmp(option_vars_[i].name, "DirAuthority") == 0) {
+          /*
+           * Count dirauth lines we have a default for; we'll use the
+           * count later to decide whether to add the defaults manually
+           */
+          ++dirauth_lines_seen;
+        }
+        if (strcmp(option_vars_[i].name, "FallbackDir") == 0) {
+          /*
+           * Similarly count fallback lines, so that we can decided later
+           * to add the defaults manually.
+           */
+          ++fallback_lines_seen;
+        }
+        char *val = esc_for_log(var->initvalue);
+        smartlist_add_asprintf(sl, "%s %s\n",var->name,val);
+        tor_free(val);
       }
     }
+
+    if (dirauth_lines_seen == 0) {
+      /*
+       * We didn't see any directory authorities with default values,
+       * so add the list of default authorities manually.
+       */
+      const char **i;
+
+      /*
+       * default_authorities is defined earlier in this file and
+       * is a const char ** NULL-terminated array of dirauth config
+       * lines.
+       */
+      for (i = default_authorities; *i != NULL; ++i) {
+        char *val = esc_for_log(*i);
+        smartlist_add_asprintf(sl, "DirAuthority %s\n", val);
+        tor_free(val);
+      }
+    }
+
+    if (fallback_lines_seen == 0 &&
+        get_options()->UseDefaultFallbackDirs == 1) {
+      /*
+       * We didn't see any explicitly configured fallback mirrors,
+       * so add the defaults to the list manually.
+       *
+       * default_fallbacks is included earlier in this file and
+       * is a const char ** NULL-terminated array of fallback config lines.
+       */
+      const char **i;
+
+      for (i = default_fallbacks; *i != NULL; ++i) {
+        char *val = esc_for_log(*i);
+        smartlist_add_asprintf(sl, "FallbackDir %s\n", val);
+        tor_free(val);
+      }
+    }
+
     *answer = smartlist_join_strings(sl, "", 0, NULL);
     SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
     smartlist_free(sl);
@@ -6863,8 +7618,7 @@ init_cookie_authentication(const char *fname, const char *header,
 
   /* Generate the cookie */
   *cookie_out = tor_malloc(cookie_len);
-  if (crypto_rand((char *)*cookie_out, cookie_len) < 0)
-    goto done;
+  crypto_rand((char *)*cookie_out, cookie_len);
 
   /* Create the string that should be written on the file. */
   memcpy(cookie_file_str, header, strlen(header));
diff --git a/src/or/config.h b/src/or/config.h
index 8a1919c2ed..02121cf95c 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -14,9 +14,13 @@
 
 #include "testsupport.h"
 
-const char *get_dirportfrontpage(void);
-MOCK_DECL(const or_options_t *,get_options,(void));
-or_options_t *get_options_mutable(void);
+#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(DARWIN)
+#define KERNEL_MAY_SUPPORT_IPFW
+#endif
+
+MOCK_DECL(const char*, get_dirportfrontpage, (void));
+MOCK_DECL(const or_options_t *, get_options, (void));
+MOCK_DECL(or_options_t *, get_options_mutable, (void));
 int set_options(or_options_t *new_val, char **msg);
 void config_free_all(void);
 const char *safe_str_client(const char *address);
@@ -29,10 +33,11 @@ setopt_err_t options_trial_assign(config_line_t *list, int use_defaults,
                                   int clear_first, char **msg);
 
 uint32_t get_last_resolved_addr(void);
+void reset_last_resolved_addr(void);
 int resolve_my_address(int warn_severity, const or_options_t *options,
                        uint32_t *addr_out,
                        const char **method_out, char **hostname_out);
-int is_local_addr(const tor_addr_t *addr);
+MOCK_DECL(int, is_local_addr, (const tor_addr_t *addr));
 void options_init(or_options_t *options);
 
 #define OPTIONS_DUMP_MINIMAL 1
@@ -60,6 +65,10 @@ char *options_get_datadir_fname2_suffix(const or_options_t *options,
  * get_datadir_fname2_suffix.  */
 #define get_datadir_fname2(sub1,sub2) \
   get_datadir_fname2_suffix((sub1), (sub2), NULL)
+/** Return a newly allocated string containing datadir/sub1/sub2 relative to
+ * opts.  See get_datadir_fname2_suffix.  */
+#define options_get_datadir_fname2(opts,sub1,sub2)                      \
+  options_get_datadir_fname2_suffix((opts),(sub1), (sub2), NULL)
 /** Return a newly allocated string containing datadir/sub1suffix.  See
  * get_datadir_fname2_suffix. */
 #define get_datadir_fname_suffix(sub1, suffix) \
@@ -71,7 +80,7 @@ int write_to_data_subdir(const char* subdir, const char* fname,
 
 int get_num_cpus(const or_options_t *options);
 
-const smartlist_t *get_configured_ports(void);
+MOCK_DECL(const smartlist_t *,get_configured_ports,(void));
 int get_first_advertised_port_by_type_af(int listener_type,
                                          int address_family);
 #define get_primary_or_port() \
@@ -90,7 +99,6 @@ int getinfo_helper_config(control_connection_t *conn,
                           const char *question, char **answer,
                           const char **errmsg);
 
-const char *tor_get_digests(void);
 uint32_t get_effective_bwrate(const or_options_t *options);
 uint32_t get_effective_bwburst(const or_options_t *options);
 
@@ -112,6 +120,7 @@ int addressmap_register_auto(const char *from, const char *to,
                              time_t expires,
                              addressmap_entry_source_t addrmap_source,
                              const char **msg);
+int config_parse_unix_port(const char *addrport, char **path_out);
 
 /** Represents the information stored in a torrc Bridge line. */
 typedef struct bridge_line_t {
@@ -131,15 +140,49 @@ smartlist_t *get_options_from_transport_options_line(const char *line,
 smartlist_t *get_options_for_server_transport(const char *transport);
 
 #ifdef CONFIG_PRIVATE
+
+#define CL_PORT_NO_STREAM_OPTIONS (1u<<0)
+#define CL_PORT_WARN_NONLOCAL (1u<<1)
+#define CL_PORT_ALLOW_EXTRA_LISTENADDR (1u<<2)
+#define CL_PORT_SERVER_OPTIONS (1u<<3)
+#define CL_PORT_FORBID_NONLOCAL (1u<<4)
+#define CL_PORT_TAKES_HOSTNAMES (1u<<5)
+#define CL_PORT_IS_UNIXSOCKET (1u<<6)
+#define CL_PORT_DFLT_GROUP_WRITABLE (1u<<7)
+
+STATIC int options_act(const or_options_t *old_options);
 #ifdef TOR_UNIT_TESTS
 extern struct config_format_t options_format;
 #endif
 
+STATIC port_cfg_t *port_cfg_new(size_t namelen);
+STATIC void port_cfg_free(port_cfg_t *port);
 STATIC void or_options_free(or_options_t *options);
 STATIC int options_validate(or_options_t *old_options,
                             or_options_t *options,
                             or_options_t *default_options,
                             int from_setconf, char **msg);
+STATIC int parse_transport_line(const or_options_t *options,
+                                const char *line, int validate_only,
+                                int server);
+STATIC int consider_adding_dir_servers(const or_options_t *options,
+                                       const or_options_t *old_options);
+STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type);
+MOCK_DECL(STATIC void, add_default_fallback_dir_servers, (void));
+STATIC int parse_dir_authority_line(const char *line,
+                                    dirinfo_type_t required_type,
+                                    int validate_only);
+STATIC int parse_dir_fallback_line(const char *line, int validate_only);
+STATIC int have_enough_mem_for_dircache(const or_options_t *options,
+                                        size_t total_mem, char **msg);
+STATIC int parse_port_config(smartlist_t *out,
+                  const config_line_t *ports,
+                  const config_line_t *listenaddrs,
+                  const char *portname,
+                  int listener_type,
+                  const char *defaultaddr,
+                  int defaultport,
+                  const unsigned flags);
 #endif
 
 #endif
diff --git a/src/or/config_codedigest.c b/src/or/config_codedigest.c
deleted file mode 100644
index 86d14bacef..0000000000
--- a/src/or/config_codedigest.c
+++ /dev/null
@@ -1,13 +0,0 @@
-
-const char *tor_get_digests(void);
-
-/** Return a string describing the digest of the source files in src/or/
- */
-const char *
-tor_get_digests(void)
-{
-  return ""
-#include "or_sha1.i"
-    ;
-}
-
diff --git a/src/or/confparse.c b/src/or/confparse.c
index c5400a6512..4f446d07c3 100644
--- a/src/or/confparse.c
+++ b/src/or/confparse.c
@@ -1,9 +1,16 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file confparse.c
+ *
+ * \brief Back-end for parsing and generating key-value files, used to
+ *   implement the torrc file format and the state file.
+ */
+
 #include "or.h"
 #include "confparse.h"
 #include "routerset.h"
diff --git a/src/or/confparse.h b/src/or/confparse.h
index 2cd6c49a2a..885c615202 100644
--- a/src/or/confparse.h
+++ b/src/or/confparse.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CONFPARSE_H
diff --git a/src/or/connection.c b/src/or/connection.c
index 276dca2818..4fbbaf1abd 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -19,6 +19,7 @@
  */
 #define TOR_CHANNEL_INTERNAL_
 #define CONNECTION_PRIVATE
+#include "backtrace.h"
 #include "channel.h"
 #include "channeltls.h"
 #include "circuitbuild.h"
@@ -29,7 +30,6 @@
 #include "connection_edge.h"
 #include "connection_or.h"
 #include "control.h"
-#include "cpuworker.h"
 #include "directory.h"
 #include "dirserv.h"
 #include "dns.h"
@@ -38,6 +38,7 @@
 #include "ext_orport.h"
 #include "geoip.h"
 #include "main.h"
+#include "nodelist.h"
 #include "policies.h"
 #include "reasons.h"
 #include "relay.h"
@@ -45,8 +46,10 @@
 #include "rendcommon.h"
 #include "rephist.h"
 #include "router.h"
+#include "routerlist.h"
 #include "transports.h"
 #include "routerparse.h"
+#include "sandbox.h"
 #include "transports.h"
 
 #ifdef USE_BUFFEREVENTS
@@ -57,6 +60,11 @@
 #include <pwd.h>
 #endif
 
+#ifdef HAVE_SYS_UN_H
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif
+
 static connection_t *connection_listener_new(
                                const struct sockaddr *listensockaddr,
                                socklen_t listensocklen, int type,
@@ -130,7 +138,6 @@ conn_type_to_string(int type)
     case CONN_TYPE_AP: return "Socks";
     case CONN_TYPE_DIR_LISTENER: return "Directory listener";
     case CONN_TYPE_DIR: return "Directory";
-    case CONN_TYPE_CPUWORKER: return "CPU worker";
     case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
     case CONN_TYPE_CONTROL: return "Control";
     case CONN_TYPE_EXT_OR: return "Extended OR";
@@ -213,12 +220,6 @@ conn_state_to_string(int type, int state)
         case DIR_CONN_STATE_SERVER_WRITING: return "writing";
       }
       break;
-    case CONN_TYPE_CPUWORKER:
-      switch (state) {
-        case CPUWORKER_STATE_IDLE: return "idle";
-        case CPUWORKER_STATE_BUSY_ONION: return "busy with onion";
-      }
-      break;
     case CONN_TYPE_CONTROL:
       switch (state) {
         case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
@@ -248,7 +249,6 @@ connection_type_uses_bufferevent(connection_t *conn)
     case CONN_TYPE_CONTROL:
     case CONN_TYPE_OR:
     case CONN_TYPE_EXT_OR:
-    case CONN_TYPE_CPUWORKER:
       return 1;
     default:
       return 0;
@@ -305,9 +305,11 @@ entry_connection_new(int type, int socket_family)
    * in a little while.  Otherwise, we're doing this as a linked connection
    * of some kind, and we should set it up here based on the socket family */
   if (socket_family == AF_INET)
-    entry_conn->ipv4_traffic_ok = 1;
+    entry_conn->entry_cfg.ipv4_traffic = 1;
   else if (socket_family == AF_INET6)
-    entry_conn->ipv6_traffic_ok = 1;
+    entry_conn->entry_cfg.ipv6_traffic = 1;
+  else if (socket_family == AF_UNIX)
+    entry_conn->is_socks_socket = 1;
   return entry_conn;
 }
 
@@ -451,6 +453,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b)
   conn_b->linked_conn = conn_a;
 }
 
+/** Return true iff the provided connection listener type supports AF_UNIX
+ * sockets. */
+int
+conn_listener_type_supports_af_unix(int type)
+{
+  /* For now only control ports or SOCKS ports can be Unix domain sockets
+   * and listeners at the same time */
+  switch (type) {
+    case CONN_TYPE_CONTROL_LISTENER:
+    case CONN_TYPE_AP_LISTENER:
+      return 1;
+    default:
+      return 0;
+  }
+}
+
 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
  * necessary, close its socket if necessary, and mark the directory as dirty
  * if <b>conn</b> is an OR or OP connection.
@@ -516,9 +534,9 @@ connection_free_(connection_t *conn)
     buf_free(conn->outbuf);
   } else {
     if (conn->socket_family == AF_UNIX) {
-      /* For now only control ports can be Unix domain sockets
+      /* For now only control and SOCKS ports can be Unix domain sockets
        * and listeners at the same time */
-      tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
+      tor_assert(conn_listener_type_supports_af_unix(conn->type));
 
       if (unlink(conn->address) < 0 && errno != ENOENT) {
         log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
@@ -544,8 +562,7 @@ connection_free_(connection_t *conn)
                or_conn, TLS_CHAN_TO_BASE(or_conn->chan),
                U64_PRINTF_ARG(
                  TLS_CHAN_TO_BASE(or_conn->chan)->global_identifier));
-      if (!(TLS_CHAN_TO_BASE(or_conn->chan)->state == CHANNEL_STATE_CLOSED ||
-            TLS_CHAN_TO_BASE(or_conn->chan)->state == CHANNEL_STATE_ERROR)) {
+      if (!CHANNEL_FINISHED(TLS_CHAN_TO_BASE(or_conn->chan))) {
         channel_close_for_error(TLS_CHAN_TO_BASE(or_conn->chan));
       }
 
@@ -573,10 +590,19 @@ connection_free_(connection_t *conn)
     control_connection_t *control_conn = TO_CONTROL_CONN(conn);
     tor_free(control_conn->safecookie_client_hash);
     tor_free(control_conn->incoming_cmd);
+    if (control_conn->ephemeral_onion_services) {
+      SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
+        memwipe(cp, 0, strlen(cp));
+        tor_free(cp);
+      });
+      smartlist_free(control_conn->ephemeral_onion_services);
+    }
   }
 
-  tor_free(conn->read_event); /* Probably already freed by connection_free. */
-  tor_free(conn->write_event); /* Probably already freed by connection_free. */
+  /* Probably already freed by connection_free. */
+  tor_event_free(conn->read_event);
+  tor_event_free(conn->write_event);
+  conn->read_event = conn->write_event = NULL;
   IF_HAS_BUFFEREVENT(conn, {
       /* This was a workaround to handle bugs in some old versions of libevent
        * where callbacks can occur after calling bufferevent_free().  Setting
@@ -632,8 +658,8 @@ connection_free_(connection_t *conn)
 
 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
  */
-void
-connection_free(connection_t *conn)
+MOCK_IMPL(void,
+connection_free,(connection_t *conn))
 {
   if (!conn)
     return;
@@ -656,6 +682,13 @@ connection_free(connection_t *conn)
   if (conn->type == CONN_TYPE_CONTROL) {
     connection_control_closed(TO_CONTROL_CONN(conn));
   }
+#if 1
+  /* DEBUGGING */
+  if (conn->type == CONN_TYPE_AP) {
+    connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
+                                                  "connection_free");
+  }
+#endif
   connection_unregister_events(conn);
   connection_free_(conn);
 }
@@ -894,9 +927,9 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address,
 }
 #endif /* HAVE_SYS_UN_H */
 
-/** Warn that an accept or a connect has failed because we're running up
- * against our ulimit.  Rate-limit these warnings so that we don't spam
- * the log. */
+/** Warn that an accept or a connect has failed because we're running out of
+ * TCP sockets we can use on current system.  Rate-limit these warnings so
+ * that we don't spam the log. */
 static void
 warn_too_many_conns(void)
 {
@@ -906,7 +939,7 @@ warn_too_many_conns(void)
   if ((m = rate_limit_log(&last_warned, approx_time()))) {
     int n_conns = get_n_open_sockets();
     log_warn(LD_NET,"Failing because we have %d connections already. Please "
-             "raise your ulimit -n.%s", n_conns, m);
+             "read doc/TUNING for guidance.%s", n_conns, m);
     tor_free(m);
     control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
                                  n_conns);
@@ -914,13 +947,57 @@ warn_too_many_conns(void)
 }
 
 #ifdef HAVE_SYS_UN_H
+
+#define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
+#define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
+
+/** Check if the purpose isn't one of the ones we know what to do with */
+
+static int
+is_valid_unix_socket_purpose(int purpose)
+{
+  int valid = 0;
+
+  switch (purpose) {
+    case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
+    case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
+      valid = 1;
+      break;
+  }
+
+  return valid;
+}
+
+/** Return a string description of a unix socket purpose */
+static const char *
+unix_socket_purpose_to_string(int purpose)
+{
+  const char *s = "unknown-purpose socket";
+
+  switch (purpose) {
+    case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
+      s = "control socket";
+      break;
+    case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
+      s = "SOCKS socket";
+      break;
+  }
+
+  return s;
+}
+
 /** Check whether we should be willing to open an AF_UNIX socket in
  * <b>path</b>.  Return 0 if we should go ahead and -1 if we shouldn't. */
 static int
-check_location_for_unix_socket(const or_options_t *options, const char *path)
+check_location_for_unix_socket(const or_options_t *options, const char *path,
+                               int purpose, const port_cfg_t *port)
 {
   int r = -1;
-  char *p = tor_strdup(path);
+  char *p = NULL;
+
+  tor_assert(is_valid_unix_socket_purpose(purpose));
+
+  p = tor_strdup(path);
   cpd_check_t flags = CPD_CHECK_MODE_ONLY;
   if (get_parent_directory(p)<0 || p[0] != '/') {
     log_warn(LD_GENERAL, "Bad unix socket address '%s'.  Tor does not support "
@@ -928,19 +1005,31 @@ check_location_for_unix_socket(const or_options_t *options, const char *path)
     goto done;
   }
 
-  if (options->ControlSocketsGroupWritable)
+  if (port->is_world_writable) {
+    /* World-writable sockets can go anywhere. */
+    r = 0;
+    goto done;
+  }
+
+  if (port->is_group_writable) {
     flags |= CPD_GROUP_OK;
+  }
+
+  if (port->relax_dirmode_check) {
+    flags |= CPD_RELAX_DIRMODE_CHECK;
+  }
 
   if (check_private_dir(p, flags, options->User) < 0) {
     char *escpath, *escdir;
     escpath = esc_for_log(path);
     escdir = esc_for_log(p);
-    log_warn(LD_GENERAL, "Before Tor can create a control socket in %s, the "
-             "directory %s needs to exist, and to be accessible only by the "
-             "user%s account that is running Tor.  (On some Unix systems, "
-             "anybody who can list a socket can connect to it, so Tor is "
-             "being careful.)", escpath, escdir,
-             options->ControlSocketsGroupWritable ? " and group" : "");
+    log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
+             "%s needs to exist, and to be accessible only by the user%s "
+             "account that is running Tor.  (On some Unix systems, anybody "
+             "who can list a socket can connect to it, so Tor is being "
+             "careful.)",
+             unix_socket_purpose_to_string(purpose), escpath, escdir,
+             port->is_group_writable ? " and group" : "");
     tor_free(escpath);
     tor_free(escdir);
     goto done;
@@ -977,6 +1066,31 @@ make_socket_reuseable(tor_socket_t sock)
 #endif
 }
 
+#ifdef _WIN32
+/** Tell the Windows TCP stack to prevent other applications from receiving
+ * traffic from tor's open ports. Return 0 on success, -1 on failure. */
+static int
+make_win32_socket_exclusive(tor_socket_t sock)
+{
+#ifdef SO_EXCLUSIVEADDRUSE
+  int one=1;
+
+  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
+   * somebody else already has it bound_, and _even if the original socket
+   * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
+   * on win32. */
+  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
+                 (socklen_t)sizeof(one))) {
+    return -1;
+  }
+  return 0;
+#else
+  (void) sock;
+  return 0;
+#endif
+}
+#endif
+
 /** Max backlog to pass to listen.  We start at */
 static int listen_limit = INT_MAX;
 
@@ -1014,6 +1128,7 @@ connection_listener_new(const struct sockaddr *listensockaddr,
   connection_t *conn = NULL;
   tor_socket_t s = TOR_INVALID_SOCKET;  /* the socket we're going to make */
   or_options_t const *options = get_options();
+  (void) options; /* Windows doesn't use this. */
 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
   const struct passwd *pw = NULL;
 #endif
@@ -1022,28 +1137,27 @@ connection_listener_new(const struct sockaddr *listensockaddr,
   static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
   tor_addr_t addr;
 
-  if (get_n_open_sockets() >= get_options()->ConnLimit_-1) {
-    warn_too_many_conns();
-    return NULL;
-  }
-
   if (listensockaddr->sa_family == AF_INET ||
       listensockaddr->sa_family == AF_INET6) {
-    int is_tcp = (type != CONN_TYPE_AP_DNS_LISTENER);
-    if (is_tcp)
+    int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
+    if (is_stream)
       start_reading = 1;
 
     tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
-
     log_notice(LD_NET, "Opening %s on %s",
                conn_type_to_string(type), fmt_addrport(&addr, usePort));
 
     s = tor_open_socket_nonblocking(tor_addr_family(&addr),
-                        is_tcp ? SOCK_STREAM : SOCK_DGRAM,
-                        is_tcp ? IPPROTO_TCP: IPPROTO_UDP);
+      is_stream ? SOCK_STREAM : SOCK_DGRAM,
+      is_stream ? IPPROTO_TCP: IPPROTO_UDP);
     if (!SOCKET_OK(s)) {
-      log_warn(LD_NET,"Socket creation failed: %s",
-               tor_socket_strerror(tor_socket_errno(-1)));
+      int e = tor_socket_errno(s);
+      if (ERRNO_IS_RESOURCE_LIMIT(e)) {
+        warn_too_many_conns();
+      } else {
+        log_warn(LD_NET, "Socket creation failed: %s",
+                 tor_socket_strerror(e));
+      }
       goto err;
     }
 
@@ -1053,11 +1167,20 @@ connection_listener_new(const struct sockaddr *listensockaddr,
                tor_socket_strerror(errno));
     }
 
-#if defined USE_TRANSPARENT && defined(IP_TRANSPARENT)
+#ifdef _WIN32
+    if (make_win32_socket_exclusive(s) < 0) {
+      log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
+               conn_type_to_string(type),
+               tor_socket_strerror(errno));
+    }
+#endif
+
+#if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
     if (options->TransProxyType_parsed == TPT_TPROXY &&
         type == CONN_TYPE_AP_TRANS_LISTENER) {
       int one = 1;
-      if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
+      if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
+                     (socklen_t)sizeof(one)) < 0) {
         const char *extra = "";
         int e = tor_socket_errno(s);
         if (e == EPERM)
@@ -1071,16 +1194,11 @@ connection_listener_new(const struct sockaddr *listensockaddr,
 
 #ifdef IPV6_V6ONLY
     if (listensockaddr->sa_family == AF_INET6) {
-#ifdef _WIN32
-      /* In Redmond, this kind of thing passes for standards-conformance. */
-      DWORD one = 1;
-#else
       int one = 1;
-#endif
       /* We need to set IPV6_V6ONLY so that this socket can't get used for
        * IPv4 connections. */
       if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
-                     (void*)&one, sizeof(one)) < 0) {
+                     (void*)&one, (socklen_t)sizeof(one)) < 0) {
         int e = tor_socket_errno(s);
         log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
                  tor_socket_strerror(e));
@@ -1099,7 +1217,7 @@ connection_listener_new(const struct sockaddr *listensockaddr,
       goto err;
     }
 
-    if (is_tcp) {
+    if (is_stream) {
       if (tor_listen(s) < 0) {
         log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
                  tor_socket_strerror(tor_socket_errno(s)));
@@ -1122,15 +1240,21 @@ connection_listener_new(const struct sockaddr *listensockaddr,
       tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
     }
 #ifdef HAVE_SYS_UN_H
+  /*
+   * AF_UNIX generic setup stuff
+   */
   } else if (listensockaddr->sa_family == AF_UNIX) {
+    /* We want to start reading for both AF_UNIX cases */
     start_reading = 1;
 
-    /* For now only control ports can be Unix domain sockets
-     * and listeners at the same time */
-    tor_assert(type == CONN_TYPE_CONTROL_LISTENER);
+    tor_assert(conn_listener_type_supports_af_unix(type));
 
-    if (check_location_for_unix_socket(options, address) < 0)
-      goto err;
+    if (check_location_for_unix_socket(options, address,
+          (type == CONN_TYPE_CONTROL_LISTENER) ?
+           UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
+           UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
+        goto err;
+    }
 
     log_notice(LD_NET, "Opening %s on %s",
                conn_type_to_string(type), address);
@@ -1142,36 +1266,65 @@ connection_listener_new(const struct sockaddr *listensockaddr,
                        strerror(errno));
       goto err;
     }
+
     s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
     if (! SOCKET_OK(s)) {
-      log_warn(LD_NET,"Socket creation failed: %s.", strerror(errno));
+      int e = tor_socket_errno(s);
+      if (ERRNO_IS_RESOURCE_LIMIT(e)) {
+        warn_too_many_conns();
+      } else {
+        log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
+      }
       goto err;
     }
 
-    if (bind(s, listensockaddr, (socklen_t)sizeof(struct sockaddr_un)) == -1) {
+    if (bind(s, listensockaddr,
+             (socklen_t)sizeof(struct sockaddr_un)) == -1) {
       log_warn(LD_NET,"Bind to %s failed: %s.", address,
                tor_socket_strerror(tor_socket_errno(s)));
       goto err;
     }
+
 #ifdef HAVE_PWD_H
     if (options->User) {
       pw = tor_getpwnam(options->User);
+      struct stat st;
       if (pw == NULL) {
         log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
                  address, options->User);
         goto err;
-      } else if (chown(address, pw->pw_uid, pw->pw_gid) < 0) {
+      } else if (fstat(s, &st) == 0 &&
+                 st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
+        /* No change needed */
+      } else if (chown(sandbox_intern_string(address),
+                       pw->pw_uid, pw->pw_gid) < 0) {
         log_warn(LD_NET,"Unable to chown() %s socket: %s.",
                  address, strerror(errno));
         goto err;
       }
     }
 #endif
-    if (options->ControlSocketsGroupWritable) {
+
+    {
+      unsigned mode;
+      const char *status;
+      struct stat st;
+      if (port_cfg->is_world_writable) {
+        mode = 0666;
+        status = "world-writable";
+      } else if (port_cfg->is_group_writable) {
+        mode = 0660;
+        status = "group-writable";
+      } else {
+        mode = 0600;
+        status = "private";
+      }
       /* We need to use chmod; fchmod doesn't work on sockets on all
        * platforms. */
-      if (chmod(address, 0660) < 0) {
-        log_warn(LD_FS,"Unable to make %s group-writable.", address);
+      if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
+        /* no change needed */
+      } else if (chmod(sandbox_intern_string(address), mode) < 0) {
+        log_warn(LD_FS,"Unable to make %s %s.", address, status);
         goto err;
       }
     }
@@ -1181,8 +1334,6 @@ connection_listener_new(const struct sockaddr *listensockaddr,
                tor_socket_strerror(tor_socket_errno(s)));
       goto err;
     }
-#else
-    (void)options;
 #endif /* HAVE_SYS_UN_H */
   } else {
     log_err(LD_BUG, "Got unexpected address family %d.",
@@ -1199,10 +1350,12 @@ connection_listener_new(const struct sockaddr *listensockaddr,
   conn->port = gotPort;
   tor_addr_copy(&conn->addr, &addr);
 
-  if (port_cfg->isolation_flags) {
-    lis_conn->isolation_flags = port_cfg->isolation_flags;
-    if (port_cfg->session_group >= 0) {
-      lis_conn->session_group = port_cfg->session_group;
+  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
+
+  if (port_cfg->entry_cfg.isolation_flags) {
+    lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
+    if (port_cfg->entry_cfg.session_group >= 0) {
+      lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
     } else {
       /* This can wrap after around INT_MAX listeners are opened.  But I don't
        * believe that matters, since you would need to open a ridiculous
@@ -1210,23 +1363,15 @@ connection_listener_new(const struct sockaddr *listensockaddr,
        * hit this.  An OR with a dozen ports open, for example, would have to
        * close and re-open its listeners every second for 4 years nonstop.
        */
-      lis_conn->session_group = global_next_session_group--;
+      lis_conn->entry_cfg.session_group = global_next_session_group--;
     }
   }
-  if (type == CONN_TYPE_AP_LISTENER) {
-    lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
-    lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
-    lis_conn->socks_prefer_ipv6 = port_cfg->prefer_ipv6;
-  } else {
-    lis_conn->socks_ipv4_traffic = 1;
-    lis_conn->socks_ipv6_traffic = 1;
+
+  if (type != CONN_TYPE_AP_LISTENER) {
+    lis_conn->entry_cfg.ipv4_traffic = 1;
+    lis_conn->entry_cfg.ipv6_traffic = 1;
+    lis_conn->entry_cfg.prefer_ipv6 = 0;
   }
-  lis_conn->cache_ipv4_answers = port_cfg->cache_ipv4_answers;
-  lis_conn->cache_ipv6_answers = port_cfg->cache_ipv6_answers;
-  lis_conn->use_cached_ipv4_answers = port_cfg->use_cached_ipv4_answers;
-  lis_conn->use_cached_ipv6_answers = port_cfg->use_cached_ipv6_answers;
-  lis_conn->prefer_ipv6_virtaddr = port_cfg->prefer_ipv6_virtaddr;
-  lis_conn->socks_prefer_no_auth = port_cfg->socks_prefer_no_auth;
 
   if (connection_add(conn) < 0) { /* no space, forget it */
     log_warn(LD_NET,"connection_add for listener failed. Giving up.");
@@ -1293,6 +1438,8 @@ check_sockaddr(const struct sockaddr *sa, int len, int level)
              "Address for new connection has address/port equal to zero.");
       ok = 0;
     }
+  } else if (sa->sa_family == AF_UNIX) {
+    ok = 1;
   } else {
     ok = 0;
   }
@@ -1326,7 +1473,7 @@ static int
 connection_handle_listener_read(connection_t *conn, int new_type)
 {
   tor_socket_t news; /* the new socket */
-  connection_t *newconn;
+  connection_t *newconn = 0;
   /* information about the remote peer when connecting to other routers */
   struct sockaddr_storage addrbuf;
   struct sockaddr *remote = (struct sockaddr*)&addrbuf;
@@ -1341,8 +1488,8 @@ connection_handle_listener_read(connection_t *conn, int new_type)
   if (!SOCKET_OK(news)) { /* accept() error */
     int e = tor_socket_errno(conn->s);
     if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
-      return 0; /* he hung up before we could accept(). that's fine. */
-    } else if (ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e)) {
+      return 0; /* they hung up before we could accept(). that's fine. */
+    } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
       warn_too_many_conns();
       return 0;
     }
@@ -1377,7 +1524,8 @@ connection_handle_listener_read(connection_t *conn, int new_type)
     return 0;
   }
 
-  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6) {
+  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
+     (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
     tor_addr_t addr;
     uint16_t port;
     if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
@@ -1418,18 +1566,21 @@ connection_handle_listener_read(connection_t *conn, int new_type)
     newconn->port = port;
     newconn->address = tor_dup_addr(&addr);
 
-    if (new_type == CONN_TYPE_AP) {
-      TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth =
-        TO_LISTENER_CONN(conn)->socks_prefer_no_auth;
+    if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
+      log_info(LD_NET, "New SOCKS connection opened from %s.",
+               fmt_and_decorate_addr(&addr));
+    }
+    if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
+      newconn->port = 0;
+      newconn->address = tor_strdup(conn->address);
+      log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
     }
     if (new_type == CONN_TYPE_CONTROL) {
       log_notice(LD_CONTROL, "New control connection opened from %s.",
                  fmt_and_decorate_addr(&addr));
     }
 
-  } else if (conn->socket_family == AF_UNIX) {
-    /* For now only control ports can be Unix domain sockets
-     * and listeners at the same time */
+  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
     tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
     tor_assert(new_type == CONN_TYPE_CONTROL);
     log_notice(LD_CONTROL, "New control connection opened.");
@@ -1484,28 +1635,21 @@ connection_init_accepted_conn(connection_t *conn,
       return rv;
       break;
     case CONN_TYPE_AP:
-      TO_ENTRY_CONN(conn)->isolation_flags = listener->isolation_flags;
-      TO_ENTRY_CONN(conn)->session_group = listener->session_group;
+      memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
+             sizeof(entry_port_cfg_t));
       TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
       TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
-      TO_ENTRY_CONN(conn)->ipv4_traffic_ok = listener->socks_ipv4_traffic;
-      TO_ENTRY_CONN(conn)->ipv6_traffic_ok = listener->socks_ipv6_traffic;
-      TO_ENTRY_CONN(conn)->prefer_ipv6_traffic = listener->socks_prefer_ipv6;
-      TO_ENTRY_CONN(conn)->cache_ipv4_answers = listener->cache_ipv4_answers;
-      TO_ENTRY_CONN(conn)->cache_ipv6_answers = listener->cache_ipv6_answers;
-      TO_ENTRY_CONN(conn)->use_cached_ipv4_answers =
-        listener->use_cached_ipv4_answers;
-      TO_ENTRY_CONN(conn)->use_cached_ipv6_answers =
-        listener->use_cached_ipv6_answers;
-      TO_ENTRY_CONN(conn)->prefer_ipv6_virtaddr =
-        listener->prefer_ipv6_virtaddr;
 
       switch (TO_CONN(listener)->type) {
         case CONN_TYPE_AP_LISTENER:
           conn->state = AP_CONN_STATE_SOCKS_WAIT;
+          TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
+            listener->entry_cfg.socks_prefer_no_auth;
           break;
         case CONN_TYPE_AP_TRANS_LISTENER:
           TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
+          /* XXXX028 -- is this correct still, with the addition of
+           * pending_entry_connections ? */
           conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
           return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
         case CONN_TYPE_AP_NATD_LISTENER:
@@ -1526,36 +1670,25 @@ connection_init_accepted_conn(connection_t *conn,
 }
 
 /** Take conn, make a nonblocking socket; try to connect to
- * addr:port (they arrive in *host order*). If fail, return -1 and if
+ * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
  * applicable put your best guess about errno into *<b>socket_error</b>.
- * Else assign s to conn-\>s: if connected return 1, if EAGAIN return 0.
- *
- * address is used to make the logs useful.
- *
- * On success, add conn to the list of polled connections.
+ * If connected return 1, if EAGAIN return 0.
  */
-int
-connection_connect(connection_t *conn, const char *address,
-                   const tor_addr_t *addr, uint16_t port, int *socket_error)
+MOCK_IMPL(STATIC int,
+connection_connect_sockaddr,(connection_t *conn,
+                            const struct sockaddr *sa,
+                            socklen_t sa_len,
+                            const struct sockaddr *bindaddr,
+                            socklen_t bindaddr_len,
+                            int *socket_error))
 {
   tor_socket_t s;
   int inprogress = 0;
-  struct sockaddr_storage addrbuf;
-  struct sockaddr *dest_addr;
-  int dest_addr_len;
   const or_options_t *options = get_options();
-  int protocol_family;
 
-  if (get_n_open_sockets() >= get_options()->ConnLimit_-1) {
-    warn_too_many_conns();
-    *socket_error = SOCK_ERRNO(ENOBUFS);
-    return -1;
-  }
-
-  if (tor_addr_family(addr) == AF_INET6)
-    protocol_family = PF_INET6;
-  else
-    protocol_family = PF_INET;
+  tor_assert(conn);
+  tor_assert(sa);
+  tor_assert(socket_error);
 
   if (get_options()->DisableNetwork) {
     /* We should never even try to connect anyplace if DisableNetwork is set.
@@ -1568,11 +1701,19 @@ connection_connect(connection_t *conn, const char *address,
     return -1;
   }
 
-  s = tor_open_socket_nonblocking(protocol_family,SOCK_STREAM,IPPROTO_TCP);
+  const int protocol_family = sa->sa_family;
+  const int proto = (sa->sa_family == AF_INET6 ||
+                     sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
+
+  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
   if (! SOCKET_OK(s)) {
-    *socket_error = tor_socket_errno(-1);
-    log_warn(LD_NET,"Error creating network socket: %s",
-             tor_socket_strerror(*socket_error));
+    *socket_error = tor_socket_errno(s);
+    if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
+      warn_too_many_conns();
+    } else {
+      log_warn(LD_NET,"Error creating network socket: %s",
+               tor_socket_strerror(*socket_error));
+    }
     return -1;
   }
 
@@ -1581,6 +1722,153 @@ connection_connect(connection_t *conn, const char *address,
              tor_socket_strerror(errno));
   }
 
+  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
+    *socket_error = tor_socket_errno(s);
+    log_warn(LD_NET,"Error binding network socket: %s",
+             tor_socket_strerror(*socket_error));
+    tor_close_socket(s);
+    return -1;
+  }
+
+  tor_assert(options);
+  if (options->ConstrainedSockets)
+    set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize);
+
+  if (connect(s, sa, sa_len) < 0) {
+    int e = tor_socket_errno(s);
+    if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
+      /* yuck. kill it. */
+      *socket_error = e;
+      log_info(LD_NET,
+               "connect() to socket failed: %s",
+               tor_socket_strerror(e));
+      tor_close_socket(s);
+      return -1;
+    } else {
+      inprogress = 1;
+    }
+  }
+
+  /* it succeeded. we're connected. */
+  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
+         "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
+         inprogress ? "in progress" : "established", s);
+  conn->s = s;
+  if (connection_add_connecting(conn) < 0) {
+    /* no space, forget it */
+    *socket_error = SOCK_ERRNO(ENOBUFS);
+    return -1;
+  }
+
+  return inprogress ? 0 : 1;
+}
+
+/* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
+ * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
+ * or ClientPreferIPv6ORPort. */
+static void
+connection_connect_log_client_use_ip_version(const connection_t *conn)
+{
+  const or_options_t *options = get_options();
+
+  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
+   * on connections we don't care about */
+  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
+    return;
+  }
+
+  /* We're only prepared to log OR and DIR connections here */
+  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
+    return;
+  }
+
+  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
+  const int must_ipv6 = (options->ClientUseIPv4 == 0);
+  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
+                         ? fascist_firewall_prefer_ipv6_orport(options)
+                         : fascist_firewall_prefer_ipv6_dirport(options));
+  tor_addr_t real_addr;
+  tor_addr_make_null(&real_addr, AF_UNSPEC);
+
+  /* OR conns keep the original address in real_addr, as addr gets overwritten
+   * with the descriptor address */
+  if (conn->type == CONN_TYPE_OR) {
+    const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
+    tor_addr_copy(&real_addr, &or_conn->real_addr);
+  } else if (conn->type == CONN_TYPE_DIR) {
+    tor_addr_copy(&real_addr, &conn->addr);
+  }
+
+  /* Check if we broke a mandatory address family restriction */
+  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
+      || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
+    static int logged_backtrace = 0;
+    log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
+             conn->type == CONN_TYPE_OR ? "OR" : "Dir",
+             fmt_addr(&real_addr),
+             options->ClientUseIPv4 == 0 ? "4" : "6");
+    if (!logged_backtrace) {
+      log_backtrace(LOG_INFO, LD_BUG, "Address came from");
+      logged_backtrace = 1;
+    }
+  }
+
+  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
+   * the node's configured address when ClientPreferIPv6ORPort is auto */
+  if (options->UseBridges && conn->type == CONN_TYPE_OR
+      && options->ClientPreferIPv6ORPort == -1) {
+    return;
+  }
+
+  /* Check if we couldn't satisfy an address family preference */
+  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
+      || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
+    log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
+             "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
+             "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
+             "%d).",
+             fmt_addr(&real_addr),
+             conn->type == CONN_TYPE_OR ? "OR" : "Dir",
+             conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
+                                        : options->ClientPreferIPv6DirPort,
+             options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
+             options->ClientUseIPv6, options->UseBridges);
+  }
+}
+
+/** Take conn, make a nonblocking socket; try to connect to
+ * addr:port (port arrives in *host order*). If fail, return -1 and if
+ * applicable put your best guess about errno into *<b>socket_error</b>.
+ * Else assign s to conn-\>s: if connected return 1, if EAGAIN return 0.
+ *
+ * addr:port can be different to conn->addr:conn->port if connecting through
+ * a proxy.
+ *
+ * address is used to make the logs useful.
+ *
+ * On success, add conn to the list of polled connections.
+ */
+int
+connection_connect(connection_t *conn, const char *address,
+                   const tor_addr_t *addr, uint16_t port, int *socket_error)
+{
+  struct sockaddr_storage addrbuf;
+  struct sockaddr_storage bind_addr_ss;
+  struct sockaddr *bind_addr = NULL;
+  struct sockaddr *dest_addr;
+  int dest_addr_len, bind_addr_len = 0;
+  const or_options_t *options = get_options();
+  int protocol_family;
+
+  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
+   */
+  connection_connect_log_client_use_ip_version(conn);
+
+  if (tor_addr_family(addr) == AF_INET6)
+    protocol_family = PF_INET6;
+  else
+    protocol_family = PF_INET;
+
   if (!tor_addr_is_loopback(addr)) {
     const tor_addr_t *ext_addr = NULL;
     if (protocol_family == AF_INET &&
@@ -1590,33 +1878,20 @@ connection_connect(connection_t *conn, const char *address,
              !tor_addr_is_null(&options->OutboundBindAddressIPv6_))
       ext_addr = &options->OutboundBindAddressIPv6_;
     if (ext_addr) {
-      struct sockaddr_storage ext_addr_sa;
-      socklen_t ext_addr_len = 0;
-      memset(&ext_addr_sa, 0, sizeof(ext_addr_sa));
-      ext_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
-                                          (struct sockaddr *) &ext_addr_sa,
-                                          sizeof(ext_addr_sa));
-      if (ext_addr_len == 0) {
+      memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
+      bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
+                                           (struct sockaddr *) &bind_addr_ss,
+                                           sizeof(bind_addr_ss));
+      if (bind_addr_len == 0) {
         log_warn(LD_NET,
                  "Error converting OutboundBindAddress %s into sockaddr. "
                  "Ignoring.", fmt_and_decorate_addr(ext_addr));
       } else {
-        if (bind(s, (struct sockaddr *) &ext_addr_sa, ext_addr_len) < 0) {
-          *socket_error = tor_socket_errno(s);
-          log_warn(LD_NET,"Error binding network socket to %s: %s",
-                   fmt_and_decorate_addr(ext_addr),
-                   tor_socket_strerror(*socket_error));
-          tor_close_socket(s);
-          return -1;
-        }
+        bind_addr = (struct sockaddr *)&bind_addr_ss;
       }
     }
   }
 
-  tor_assert(options);
-  if (options->ConstrainedSockets)
-    set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize);
-
   memset(&addrbuf,0,sizeof(addrbuf));
   dest_addr = (struct sockaddr*) &addrbuf;
   dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
@@ -1625,36 +1900,51 @@ connection_connect(connection_t *conn, const char *address,
   log_debug(LD_NET, "Connecting to %s:%u.",
             escaped_safe_str_client(address), port);
 
-  if (connect(s, dest_addr, (socklen_t)dest_addr_len) < 0) {
-    int e = tor_socket_errno(s);
-    if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
-      /* yuck. kill it. */
-      *socket_error = e;
-      log_info(LD_NET,
-               "connect() to %s:%u failed: %s",
-               escaped_safe_str_client(address),
-               port, tor_socket_strerror(e));
-      tor_close_socket(s);
-      return -1;
-    } else {
-      inprogress = 1;
-    }
-  }
+  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
+                                     bind_addr, bind_addr_len, socket_error);
+}
 
-  /* it succeeded. we're connected. */
-  log_fn(inprogress?LOG_DEBUG:LOG_INFO, LD_NET,
-         "Connection to %s:%u %s (sock "TOR_SOCKET_T_FORMAT").",
-         escaped_safe_str_client(address),
-         port, inprogress?"in progress":"established", s);
-  conn->s = s;
-  if (connection_add_connecting(conn) < 0) {
-    /* no space, forget it */
-    *socket_error = SOCK_ERRNO(ENOBUFS);
+#ifdef HAVE_SYS_UN_H
+
+/** Take conn, make a nonblocking socket; try to connect to
+ * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
+ * put your best guess about errno into *<b>socket_error</b>. Else assign s
+ * to conn-\>s: if connected return 1, if EAGAIN return 0.
+ *
+ * On success, add conn to the list of polled connections.
+ */
+int
+connection_connect_unix(connection_t *conn, const char *socket_path,
+                        int *socket_error)
+{
+  struct sockaddr_un dest_addr;
+
+  tor_assert(socket_path);
+
+  /* Check that we'll be able to fit it into dest_addr later */
+  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
+    log_warn(LD_NET,
+             "Path %s is too long for an AF_UNIX socket\n",
+             escaped_safe_str_client(socket_path));
+    *socket_error = SOCK_ERRNO(ENAMETOOLONG);
     return -1;
   }
-  return inprogress ? 0 : 1;
+
+  memset(&dest_addr, 0, sizeof(dest_addr));
+  dest_addr.sun_family = AF_UNIX;
+  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
+
+  log_debug(LD_NET,
+            "Connecting to AF_UNIX socket at %s.",
+            escaped_safe_str_client(socket_path));
+
+  return connection_connect_sockaddr(conn,
+                       (struct sockaddr *)&dest_addr, sizeof(dest_addr),
+                       NULL, 0, socket_error);
 }
 
+#endif /* defined(HAVE_SYS_UN_H) */
+
 /** Convert state number to string representation for logging purposes.
  */
 static const char *
@@ -1688,14 +1978,14 @@ get_proxy_type(void)
 {
   const or_options_t *options = get_options();
 
-  if (options->HTTPSProxy)
+  if (options->ClientTransportPlugin)
+    return PROXY_PLUGGABLE;
+  else if (options->HTTPSProxy)
     return PROXY_CONNECT;
   else if (options->Socks4Proxy)
     return PROXY_SOCKS4;
   else if (options->Socks5Proxy)
     return PROXY_SOCKS5;
-  else if (options->ClientTransportPlugin)
-    return PROXY_PLUGGABLE;
   else
     return PROXY_NONE;
 }
@@ -2185,7 +2475,7 @@ retry_listener_ports(smartlist_t *old_conns,
           (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
         continue;
 
-      if (wanted->no_listen)
+      if (wanted->server_cfg.no_listen)
         continue; /* We don't want to open a listener for this one */
 
       if (wanted->is_unix_addr) {
@@ -2226,8 +2516,17 @@ retry_listener_ports(smartlist_t *old_conns,
     connection_t *conn;
     int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
     tor_assert(real_port <= UINT16_MAX);
-    if (port->no_listen)
+    if (port->server_cfg.no_listen)
+      continue;
+
+#ifndef _WIN32
+    /* We don't need to be root to create a UNIX socket, so defer until after
+     * setuid. */
+    const or_options_t *options = get_options();
+    if (port->is_unix_addr && !geteuid() && (options->User) &&
+        strcmp(options->User, "root"))
       continue;
+#endif
 
     if (port->is_unix_addr) {
       listensockaddr = (struct sockaddr *)
@@ -2348,7 +2647,6 @@ connection_mark_all_noncontrol_connections(void)
     if (conn->marked_for_close)
       continue;
     switch (conn->type) {
-      case CONN_TYPE_CPUWORKER:
       case CONN_TYPE_CONTROL_LISTENER:
       case CONN_TYPE_CONTROL:
         break;
@@ -2391,6 +2689,7 @@ connection_is_rate_limited(connection_t *conn)
     return 0; /* Internal connection */
   else if (! options->CountPrivateBandwidth &&
            (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
+            tor_addr_family(&conn->addr) == AF_UNIX ||   /* no address */
             tor_addr_is_internal(&conn->addr, 0)))
     return 0; /* Internal address */
   else
@@ -3433,7 +3732,7 @@ connection_read_to_buf(connection_t *conn, ssize_t *max_to_read,
   }
 
   /* Call even if result is 0, since the global read bucket may
-   * have reached 0 on a different conn, and this guy needs to
+   * have reached 0 on a different conn, and this connection needs to
    * know to stop reading. */
   connection_consider_empty_read_buckets(conn);
   if (n_written > 0 && connection_is_writing(conn))
@@ -3635,7 +3934,7 @@ connection_fetch_from_buf_line(connection_t *conn, char *data,
   }
 }
 
-/** As fetch_from_buf_http, but fetches from a conncetion's input buffer_t or
+/** As fetch_from_buf_http, but fetches from a connection's input buffer_t or
  * its bufferevent as appropriate. */
 int
 connection_fetch_from_buf_http(connection_t *conn,
@@ -3716,9 +4015,15 @@ connection_handle_write_impl(connection_t *conn, int force)
   if (connection_state_is_connecting(conn)) {
     if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
       log_warn(LD_BUG, "getsockopt() syscall failed");
-      if (CONN_IS_EDGE(conn))
-        connection_edge_end_errno(TO_EDGE_CONN(conn));
-      connection_mark_for_close(conn);
+      if (conn->type == CONN_TYPE_OR) {
+        or_connection_t *orconn = TO_OR_CONN(conn);
+        connection_or_close_for_error(orconn, 0);
+      } else {
+        if (CONN_IS_EDGE(conn)) {
+          connection_edge_end_errno(TO_EDGE_CONN(conn));
+        }
+        connection_mark_for_close(conn);
+      }
       return -1;
     }
     if (e) {
@@ -3833,6 +4138,8 @@ connection_handle_write_impl(connection_t *conn, int force)
     tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
     log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
               result, (long)n_read, (long)n_written);
+    or_conn->bytes_xmitted += result;
+    or_conn->bytes_xmitted_by_tls += n_written;
     /* So we notice bytes were written even on error */
     /* XXXX024 This cast is safe since we can never write INT_MAX bytes in a
      * single set of TLS operations. But it looks kinda ugly. If we refactor
@@ -3921,7 +4228,7 @@ connection_handle_write_impl(connection_t *conn, int force)
   }
 
   /* Call even if result is 0, since the global write bucket may
-   * have reached 0 on a different conn, and this guy needs to
+   * have reached 0 on a different conn, and this connection needs to
    * know to stop writing. */
   connection_consider_empty_write_buckets(conn);
   if (n_read > 0 && connection_is_reading(conn))
@@ -4046,55 +4353,35 @@ connection_write_to_buf_impl_,(const char *string, size_t len,
     conn->outbuf_flushlen += buf_datalen(conn->outbuf) - old_datalen;
   } else {
     conn->outbuf_flushlen += len;
-
-    /* Should we try flushing the outbuf now? */
-    if (conn->in_flushed_some) {
-      /* Don't flush the outbuf when the reason we're writing more stuff is
-       * _because_ we flushed the outbuf.  That's unfair. */
-      return;
-    }
-
-    if (conn->type == CONN_TYPE_CONTROL &&
-               !connection_is_rate_limited(conn) &&
-               conn->outbuf_flushlen-len < 1<<16 &&
-               conn->outbuf_flushlen >= 1<<16) {
-      /* just try to flush all of it */
-    } else
-      return; /* no need to try flushing */
-
-    if (connection_handle_write(conn, 0) < 0) {
-      if (!conn->marked_for_close) {
-        /* this connection is broken. remove it. */
-        log_warn(LD_BUG, "unhandled error on write for "
-                 "conn (type %d, fd %d); removing",
-                 conn->type, (int)conn->s);
-        tor_fragile_assert();
-        /* do a close-immediate here, so we don't try to flush */
-        connection_close_immediate(conn);
-      }
-      return;
-    }
   }
 }
 
+/** Return a connection_t * from get_connection_array() that satisfies test on
+ * var, and that is not marked for close. */
+#define CONN_GET_TEMPLATE(var, test)               \
+  STMT_BEGIN                                       \
+    smartlist_t *conns = get_connection_array();   \
+    SMARTLIST_FOREACH(conns, connection_t *, var,  \
+    {                                              \
+      if (var && (test) && !var->marked_for_close) \
+        return var;                                \
+    });                                            \
+    return NULL;                                   \
+  STMT_END
+
 /** Return a connection with given type, address, port, and purpose;
- * or NULL if no such connection exists. */
-connection_t *
-connection_get_by_type_addr_port_purpose(int type,
+ * or NULL if no such connection exists (or if all such connections are marked
+ * for close). */
+MOCK_IMPL(connection_t *,
+connection_get_by_type_addr_port_purpose,(int type,
                                          const tor_addr_t *addr, uint16_t port,
-                                         int purpose)
+                                         int purpose))
 {
-  smartlist_t *conns = get_connection_array();
-  SMARTLIST_FOREACH(conns, connection_t *, conn,
-  {
-    if (conn->type == type &&
+  CONN_GET_TEMPLATE(conn,
+       (conn->type == type &&
         tor_addr_eq(&conn->addr, addr) &&
         conn->port == port &&
-        conn->purpose == purpose &&
-        !conn->marked_for_close)
-      return conn;
-  });
-  return NULL;
+        conn->purpose == purpose));
 }
 
 /** Return the stream with id <b>id</b> if it is not already marked for
@@ -4103,13 +4390,7 @@ connection_get_by_type_addr_port_purpose(int type,
 connection_t *
 connection_get_by_global_id(uint64_t id)
 {
-  smartlist_t *conns = get_connection_array();
-  SMARTLIST_FOREACH(conns, connection_t *, conn,
-  {
-    if (conn->global_identifier == id)
-      return conn;
-  });
-  return NULL;
+  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
 }
 
 /** Return a connection of type <b>type</b> that is not marked for close.
@@ -4117,13 +4398,7 @@ connection_get_by_global_id(uint64_t id)
 connection_t *
 connection_get_by_type(int type)
 {
-  smartlist_t *conns = get_connection_array();
-  SMARTLIST_FOREACH(conns, connection_t *, conn,
-  {
-    if (conn->type == type && !conn->marked_for_close)
-      return conn;
-  });
-  return NULL;
+  CONN_GET_TEMPLATE(conn, conn->type == type);
 }
 
 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
@@ -4132,13 +4407,7 @@ connection_get_by_type(int type)
 connection_t *
 connection_get_by_type_state(int type, int state)
 {
-  smartlist_t *conns = get_connection_array();
-  SMARTLIST_FOREACH(conns, connection_t *, conn,
-  {
-    if (conn->type == type && conn->state == state && !conn->marked_for_close)
-      return conn;
-  });
-  return NULL;
+  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
 }
 
 /** Return a connection of type <b>type</b> that has rendquery equal
@@ -4149,55 +4418,96 @@ connection_t *
 connection_get_by_type_state_rendquery(int type, int state,
                                        const char *rendquery)
 {
-  smartlist_t *conns = get_connection_array();
-
   tor_assert(type == CONN_TYPE_DIR ||
              type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
   tor_assert(rendquery);
 
-  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
-    if (conn->type == type &&
-        !conn->marked_for_close &&
-        (!state || state == conn->state)) {
-      if (type == CONN_TYPE_DIR &&
+  CONN_GET_TEMPLATE(conn,
+       (conn->type == type &&
+        (!state || state == conn->state)) &&
+        (
+         (type == CONN_TYPE_DIR &&
           TO_DIR_CONN(conn)->rend_data &&
           !rend_cmp_service_ids(rendquery,
                                 TO_DIR_CONN(conn)->rend_data->onion_address))
-        return conn;
-      else if (CONN_IS_EDGE(conn) &&
+         ||
+              (CONN_IS_EDGE(conn) &&
                TO_EDGE_CONN(conn)->rend_data &&
                !rend_cmp_service_ids(rendquery,
                             TO_EDGE_CONN(conn)->rend_data->onion_address))
-        return conn;
-    }
-  } SMARTLIST_FOREACH_END(conn);
-  return NULL;
+         ));
 }
 
-/** Return a directory connection (if any one exists) that is fetching
- * the item described by <b>state</b>/<b>resource</b> */
-dir_connection_t *
-connection_dir_get_by_purpose_and_resource(int purpose,
-                                           const char *resource)
+/** Return a new smartlist of dir_connection_t * from get_connection_array()
+ * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
+ * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
+ * marked for close to be included in the list. */
+#define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test,             \
+                               dirconn_var, dirconn_test)       \
+  STMT_BEGIN                                                    \
+    smartlist_t *conns = get_connection_array();                \
+    smartlist_t *dir_conns = smartlist_new();                   \
+    SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) {  \
+      if (conn_var && (conn_test)                               \
+          && conn_var->type == CONN_TYPE_DIR                    \
+          && !conn_var->marked_for_close) {                     \
+        dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var);  \
+        if (dirconn_var && (dirconn_test)) {                    \
+          smartlist_add(dir_conns, dirconn_var);                \
+        }                                                       \
+      }                                                         \
+    } SMARTLIST_FOREACH_END(conn_var);                          \
+    return dir_conns;                                           \
+  STMT_END
+
+/** Return a list of directory connections that are fetching the item
+ * described by <b>purpose</b>/<b>resource</b>. If there are none,
+ * return an empty list. This list must be freed using smartlist_free,
+ * but the pointers in it must not be freed.
+ * Note that this list should not be cached, as the pointers in it can be
+ * freed if their connections close. */
+smartlist_t *
+connection_dir_list_by_purpose_and_resource(
+                                            int purpose,
+                                            const char *resource)
 {
-  smartlist_t *conns = get_connection_array();
+  DIR_CONN_LIST_TEMPLATE(conn,
+                         conn->purpose == purpose,
+                         dirconn,
+                         0 == strcmp_opt(resource,
+                                         dirconn->requested_resource));
+}
 
-  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
-    dir_connection_t *dirconn;
-    if (conn->type != CONN_TYPE_DIR || conn->marked_for_close ||
-        conn->purpose != purpose)
-      continue;
-    dirconn = TO_DIR_CONN(conn);
-    if (dirconn->requested_resource == NULL) {
-      if (resource == NULL)
-        return dirconn;
-    } else if (resource) {
-      if (0 == strcmp(resource, dirconn->requested_resource))
-        return dirconn;
-    }
-  } SMARTLIST_FOREACH_END(conn);
+/** Return a list of directory connections that are fetching the item
+ * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
+ * none, return an empty list. This list must be freed using smartlist_free,
+ * but the pointers in it must not be freed.
+ * Note that this list should not be cached, as the pointers in it can be
+ * freed if their connections close. */
+smartlist_t *
+connection_dir_list_by_purpose_resource_and_state(
+                                                  int purpose,
+                                                  const char *resource,
+                                                  int state)
+{
+  DIR_CONN_LIST_TEMPLATE(conn,
+                         conn->purpose == purpose && conn->state == state,
+                         dirconn,
+                         0 == strcmp_opt(resource,
+                                         dirconn->requested_resource));
+}
 
-  return NULL;
+#undef DIR_CONN_LIST_TEMPLATE
+
+/** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
+ *
+ * We use this to guess if we should tell the controller that we
+ * didn't manage to connect to any of our bridges. */
+static connection_t *
+connection_get_another_active_or_conn(const or_connection_t *this_conn)
+{
+  CONN_GET_TEMPLATE(conn,
+                    conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
 }
 
 /** Return 1 if there are any active OR connections apart from
@@ -4208,23 +4518,18 @@ connection_dir_get_by_purpose_and_resource(int purpose,
 int
 any_other_active_or_conns(const or_connection_t *this_conn)
 {
-  smartlist_t *conns = get_connection_array();
-  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
-    if (conn == TO_CONN(this_conn)) { /* don't consider this conn */
-      continue;
-    }
-
-    if (conn->type == CONN_TYPE_OR &&
-        !conn->marked_for_close) {
-      log_debug(LD_DIR, "%s: Found an OR connection: %s",
-                __func__, conn->address);
-      return 1;
-    }
-  } SMARTLIST_FOREACH_END(conn);
+  connection_t *conn = connection_get_another_active_or_conn(this_conn);
+  if (conn != NULL) {
+    log_debug(LD_DIR, "%s: Found an OR connection: %s",
+              __func__, conn->address);
+    return 1;
+  }
 
   return 0;
 }
 
+#undef CONN_GET_TEMPLATE
+
 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
 int
 connection_is_listener(connection_t *conn)
@@ -4293,25 +4598,12 @@ alloc_http_authenticator(const char *authenticator)
   /* an authenticator in Basic authentication
    * is just the string "username:password" */
   const size_t authenticator_length = strlen(authenticator);
-  /* The base64_encode function needs a minimum buffer length
-   * of 66 bytes. */
-  const size_t base64_authenticator_length = (authenticator_length/48+1)*66;
+  const size_t base64_authenticator_length =
+      base64_encode_size(authenticator_length, 0) + 1;
   char *base64_authenticator = tor_malloc(base64_authenticator_length);
   if (base64_encode(base64_authenticator, base64_authenticator_length,
-                    authenticator, authenticator_length) < 0) {
+                    authenticator, authenticator_length, 0) < 0) {
     tor_free(base64_authenticator); /* free and set to null */
-  } else {
-    int i = 0, j = 0;
-    ssize_t len = strlen(base64_authenticator);
-
-    /* remove all newline occurrences within the string */
-    for (i=0; i < len; ++i) {
-      if ('\n' != base64_authenticator[i]) {
-        base64_authenticator[j] = base64_authenticator[i];
-        ++j;
-      }
-    }
-    base64_authenticator[j]='\0';
   }
   return base64_authenticator;
 }
@@ -4380,6 +4672,8 @@ client_check_address_changed(tor_socket_t sock)
     SMARTLIST_FOREACH(outgoing_addrs, tor_addr_t*, a_ptr, tor_free(a_ptr));
     smartlist_clear(outgoing_addrs);
     smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
+    /* We'll need to resolve ourselves again. */
+    reset_last_resolved_addr();
     /* Okay, now change our keys. */
     ip_address_changed(1);
   }
@@ -4431,8 +4725,6 @@ connection_process_inbuf(connection_t *conn, int package_partial)
                                            package_partial);
     case CONN_TYPE_DIR:
       return connection_dir_process_inbuf(TO_DIR_CONN(conn));
-    case CONN_TYPE_CPUWORKER:
-      return connection_cpu_process_inbuf(conn);
     case CONN_TYPE_CONTROL:
       return connection_control_process_inbuf(TO_CONTROL_CONN(conn));
     default:
@@ -4492,8 +4784,6 @@ connection_finished_flushing(connection_t *conn)
       return connection_edge_finished_flushing(TO_EDGE_CONN(conn));
     case CONN_TYPE_DIR:
       return connection_dir_finished_flushing(TO_DIR_CONN(conn));
-    case CONN_TYPE_CPUWORKER:
-      return connection_cpu_finished_flushing(conn);
     case CONN_TYPE_CONTROL:
       return connection_control_finished_flushing(TO_CONTROL_CONN(conn));
     default:
@@ -4549,8 +4839,6 @@ connection_reached_eof(connection_t *conn)
       return connection_edge_reached_eof(TO_EDGE_CONN(conn));
     case CONN_TYPE_DIR:
       return connection_dir_reached_eof(TO_DIR_CONN(conn));
-    case CONN_TYPE_CPUWORKER:
-      return connection_cpu_reached_eof(conn);
     case CONN_TYPE_CONTROL:
       return connection_control_reached_eof(TO_CONTROL_CONN(conn));
     default:
@@ -4756,10 +5044,6 @@ assert_connection_ok(connection_t *conn, time_t now)
       tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
       tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
       break;
-    case CONN_TYPE_CPUWORKER:
-      tor_assert(conn->state >= CPUWORKER_STATE_MIN_);
-      tor_assert(conn->state <= CPUWORKER_STATE_MAX_);
-      break;
     case CONN_TYPE_CONTROL:
       tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
       tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
@@ -4781,6 +5065,27 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
 {
   const or_options_t *options = get_options();
 
+  /* Client Transport Plugins can use another proxy, but that should be hidden
+   * from the rest of tor (as the plugin is responsible for dealing with the
+   * proxy), check it first, then check the rest of the proxy types to allow
+   * the config to have unused ClientTransportPlugin entries.
+   */
+  if (options->ClientTransportPlugin) {
+    const transport_t *transport = NULL;
+    int r;
+    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
+    if (r<0)
+      return -1;
+    if (transport) { /* transport found */
+      tor_addr_copy(addr, &transport->addr);
+      *port = transport->port;
+      *proxy_type = transport->socks_version;
+      return 0;
+    }
+
+    /* Unused ClientTransportPlugin. */
+  }
+
   if (options->HTTPSProxy) {
     tor_addr_copy(addr, &options->HTTPSProxyAddr);
     *port = options->HTTPSProxyPort;
@@ -4796,19 +5101,6 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
     *port = options->Socks5ProxyPort;
     *proxy_type = PROXY_SOCKS5;
     return 0;
-  } else if (options->ClientTransportPlugin ||
-             options->Bridges) {
-    const transport_t *transport = NULL;
-    int r;
-    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-    if (r<0)
-      return -1;
-    if (transport) { /* transport found */
-      tor_addr_copy(addr, &transport->addr);
-      *port = transport->port;
-      *proxy_type = transport->socks_version;
-      return 0;
-    }
   }
 
   tor_addr_make_unspec(addr);
@@ -4832,7 +5124,7 @@ log_failed_proxy_connection(connection_t *conn)
   log_warn(LD_NET,
            "The connection to the %s proxy server at %s just failed. "
            "Make sure that the proxy server is up and running.",
-           proxy_type_to_string(get_proxy_type()),
+           proxy_type_to_string(proxy_type),
            fmt_addrport(&proxy_addr, proxy_port));
 }
 
@@ -4852,9 +5144,7 @@ proxy_type_to_string(int proxy_type)
 }
 
 /** Call connection_free_() on every connection in our array, and release all
- * storage held by connection.c. This is used by cpuworkers and dnsworkers
- * when they fork, so they don't keep resources held open (especially
- * sockets).
+ * storage held by connection.c.
  *
  * Don't do the checks in connection_free(), because they will
  * fail.
@@ -4895,3 +5185,34 @@ connection_free_all(void)
 #endif
 }
 
+/** Log a warning, and possibly emit a control event, that <b>received</b> came
+ * at a skewed time.  <b>trusted</b> indicates that the <b>source</b> was one
+ * that we had more faith in and therefore the warning level should have higher
+ * severity.
+ */
+void
+clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted,
+                   log_domain_mask_t domain, const char *received,
+                   const char *source)
+{
+  char dbuf[64];
+  char *ext_source = NULL;
+  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
+  if (conn)
+    tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
+  else
+    ext_source = tor_strdup(source);
+  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
+         "Received %s with skewed time (%s): "
+         "It seems that our clock is %s by %s, or that theirs is %s%s. "
+         "Tor requires an accurate clock to work: please check your time, "
+         "timezone, and date settings.", received, ext_source,
+         apparent_skew > 0 ? "ahead" : "behind", dbuf,
+         apparent_skew > 0 ? "behind" : "ahead",
+         (!conn || trusted) ? "" : ", or they are sending us the wrong time");
+  if (trusted)
+    control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
+                                 apparent_skew, ext_source);
+  tor_free(ext_source);
+}
+
diff --git a/src/or/connection.h b/src/or/connection.h
index 13dcbcd919..4835235fba 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -17,6 +17,7 @@
 
 const char *conn_type_to_string(int type);
 const char *conn_state_to_string(int type, int state);
+int conn_listener_type_supports_af_unix(int type);
 
 dir_connection_t *dir_connection_new(int socket_family);
 or_connection_t *or_connection_new(int type, int socket_family);
@@ -27,7 +28,7 @@ listener_connection_t *listener_connection_new(int type, int socket_family);
 connection_t *connection_new(int type, int socket_family);
 
 void connection_link_connections(connection_t *conn_a, connection_t *conn_b);
-void connection_free(connection_t *conn);
+MOCK_DECL(void,connection_free,(connection_t *conn));
 void connection_free_all(void);
 void connection_about_to_close_connection(connection_t *conn);
 void connection_close_immediate(connection_t *conn);
@@ -89,6 +90,13 @@ int connection_connect(connection_t *conn, const char *address,
                        const tor_addr_t *addr,
                        uint16_t port, int *socket_error);
 
+#ifdef HAVE_SYS_UN_H
+
+int connection_connect_unix(connection_t *conn, const char *socket_path,
+                            int *socket_error);
+
+#endif /* defined(HAVE_SYS_UN_H) */
+
 /** Maximum size of information that we can fit into SOCKS5 username
     or password fields. */
 #define MAX_SOCKS5_AUTH_FIELD_SIZE 255
@@ -138,12 +146,12 @@ static void connection_write_to_buf(const char *string, size_t len,
 /* DOCDOC connection_write_to_buf_zlib */
 static void connection_write_to_buf_zlib(const char *string, size_t len,
                                          dir_connection_t *conn, int done);
-static INLINE void
+static inline void
 connection_write_to_buf(const char *string, size_t len, connection_t *conn)
 {
   connection_write_to_buf_impl_(string, len, conn, 0);
 }
-static INLINE void
+static inline void
 connection_write_to_buf_zlib(const char *string, size_t len,
                              dir_connection_t *conn, int done)
 {
@@ -155,7 +163,7 @@ static size_t connection_get_inbuf_len(connection_t *conn);
 /* DOCDOC connection_get_outbuf_len */
 static size_t connection_get_outbuf_len(connection_t *conn);
 
-static INLINE size_t
+static inline size_t
 connection_get_inbuf_len(connection_t *conn)
 {
   IF_HAS_BUFFEREVENT(conn, {
@@ -165,7 +173,7 @@ connection_get_inbuf_len(connection_t *conn)
   }
 }
 
-static INLINE size_t
+static inline size_t
 connection_get_outbuf_len(connection_t *conn)
 {
   IF_HAS_BUFFEREVENT(conn, {
@@ -178,18 +186,62 @@ connection_get_outbuf_len(connection_t *conn)
 connection_t *connection_get_by_global_id(uint64_t id);
 
 connection_t *connection_get_by_type(int type);
-connection_t *connection_get_by_type_addr_port_purpose(int type,
-                                                   const tor_addr_t *addr,
-                                                   uint16_t port, int purpose);
+MOCK_DECL(connection_t *,connection_get_by_type_addr_port_purpose,(int type,
+                                                  const tor_addr_t *addr,
+                                                  uint16_t port, int purpose));
 connection_t *connection_get_by_type_state(int type, int state);
 connection_t *connection_get_by_type_state_rendquery(int type, int state,
                                                      const char *rendquery);
-dir_connection_t *connection_dir_get_by_purpose_and_resource(
-                                           int state, const char *resource);
+smartlist_t *connection_dir_list_by_purpose_and_resource(
+                                                  int purpose,
+                                                  const char *resource);
+smartlist_t *connection_dir_list_by_purpose_resource_and_state(
+                                                  int purpose,
+                                                  const char *resource,
+                                                  int state);
+
+#define CONN_LEN_AND_FREE_TEMPLATE(sl) \
+  STMT_BEGIN                           \
+    int len = smartlist_len(sl);       \
+    smartlist_free(sl);                \
+    return len;                        \
+  STMT_END
+
+/** Return a count of directory connections that are fetching the item
+ * described by <b>purpose</b>/<b>resource</b>. */
+static inline int
+connection_dir_count_by_purpose_and_resource(
+                                             int purpose,
+                                             const char *resource)
+{
+  smartlist_t *conns = connection_dir_list_by_purpose_and_resource(
+                                                                   purpose,
+                                                                   resource);
+  CONN_LEN_AND_FREE_TEMPLATE(conns);
+}
+
+/** Return a count of directory connections that are fetching the item
+ * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. */
+static inline int
+connection_dir_count_by_purpose_resource_and_state(
+                                                   int purpose,
+                                                   const char *resource,
+                                                   int state)
+{
+  smartlist_t *conns =
+    connection_dir_list_by_purpose_resource_and_state(
+                                                      purpose,
+                                                      resource,
+                                                      state);
+  CONN_LEN_AND_FREE_TEMPLATE(conns);
+}
+
+#undef CONN_LEN_AND_FREE_TEMPLATE
 
 int any_other_active_or_conns(const or_connection_t *this_conn);
 
-#define connection_speaks_cells(conn) ((conn)->type == CONN_TYPE_OR)
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define connection_speaks_cells(conn) (((conn)->type == CONN_TYPE_OR) || 0)
 int connection_is_listener(connection_t *conn);
 int connection_state_is_open(connection_t *conn);
 int connection_state_is_connecting(connection_t *conn);
@@ -201,6 +253,10 @@ int connection_or_nonopen_was_started_here(or_connection_t *conn);
 void connection_dump_buffer_mem_stats(int severity);
 void remove_file_if_very_old(const char *fname, time_t now);
 
+void clock_skew_warning(const connection_t *conn, long apparent_skew,
+                        int trusted, log_domain_mask_t domain,
+                        const char *received, const char *source);
+
 #ifdef USE_BUFFEREVENTS
 int connection_type_uses_bufferevent(connection_t *conn);
 void connection_configure_bufferevent_callbacks(connection_t *conn);
@@ -226,6 +282,13 @@ void connection_buckets_note_empty_ts(uint32_t *timestamp_var,
                                       int tokens_before,
                                       size_t tokens_removed,
                                       const struct timeval *tvnow);
+MOCK_DECL(STATIC int,connection_connect_sockaddr,
+                                            (connection_t *conn,
+                                             const struct sockaddr *sa,
+                                             socklen_t sa_len,
+                                             const struct sockaddr *bindaddr,
+                                             socklen_t bindaddr_len,
+                                             int *socket_error));
 #endif
 
 #endif
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index d210f93fa1..8098fb017b 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -11,6 +11,9 @@
 #define CONNECTION_EDGE_PRIVATE
 
 #include "or.h"
+
+#include "backtrace.h"
+
 #include "addressmap.h"
 #include "buffers.h"
 #include "channel.h"
@@ -46,6 +49,19 @@
 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
 #include <linux/netfilter_ipv4.h>
 #define TRANS_NETFILTER
+#define TRANS_NETFILTER_IPV4
+#endif
+
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif
+
+#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#if defined(IP6T_SO_ORIGINAL_DST)
+#define TRANS_NETFILTER
+#define TRANS_NETFILTER_IPV6
+#endif
 #endif
 
 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
@@ -54,6 +70,10 @@
 #define TRANS_PF
 #endif
 
+#ifdef IP_TRANSPARENT
+#define TRANS_TPROXY
+#endif
+
 #define SOCKS4_GRANTED          90
 #define SOCKS4_REJECT           91
 
@@ -85,8 +105,7 @@ connection_mark_unattached_ap_,(entry_connection_t *conn, int endreason,
    * but we should fix it someday anyway. */
   if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) &&
       connection_edge_is_rendezvous_stream(edge_conn)) {
-    rend_client_note_connection_attempt_ended(
-                                    edge_conn->rend_data->onion_address);
+    rend_client_note_connection_attempt_ended(edge_conn->rend_data);
   }
 
   if (base_conn->marked_for_close) {
@@ -487,6 +506,16 @@ connection_edge_finished_connecting(edge_connection_t *edge_conn)
   return connection_edge_process_inbuf(edge_conn, 1);
 }
 
+/** A list of all the entry_connection_t * objects that are not marked
+ * for close, and are in AP_CONN_STATE_CIRCUIT_WAIT.
+ *
+ * (Right now, we check in several places to make sure that this list is
+ * correct.  When it's incorrect, we'll fix it, and log a BUG message.)
+ */
+static smartlist_t *pending_entry_connections = NULL;
+
+static int untried_pending_connections = 0;
+
 /** Common code to connection_(ap|exit)_about_to_close. */
 static void
 connection_edge_about_to_close(edge_connection_t *edge_conn)
@@ -509,6 +538,8 @@ connection_ap_about_to_close(entry_connection_t *entry_conn)
   edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
   connection_t *conn = ENTRY_TO_CONN(entry_conn);
 
+  connection_edge_about_to_close(edge_conn);
+
   if (entry_conn->socks_request->has_finished == 0) {
     /* since conn gets removed right after this function finishes,
      * there's no point trying to send back a reply at this point. */
@@ -527,6 +558,20 @@ connection_ap_about_to_close(entry_connection_t *entry_conn)
              conn->marked_for_close_file, conn->marked_for_close);
     dnsserv_reject_request(entry_conn);
   }
+
+  if (TO_CONN(edge_conn)->state == AP_CONN_STATE_CIRCUIT_WAIT) {
+    smartlist_remove(pending_entry_connections, entry_conn);
+  }
+
+#if 1
+  /* Check to make sure that this isn't in pending_entry_connections if it
+   * didn't actually belong there. */
+  if (TO_CONN(edge_conn)->type == CONN_TYPE_AP) {
+    connection_ap_warn_and_unmark_if_pending_circ(entry_conn,
+                                                  "about_to_close");
+  }
+#endif
+
   control_event_stream_bandwidth(edge_conn);
   control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
                               edge_conn->end_reason);
@@ -695,26 +740,190 @@ connection_ap_expire_beginning(void)
   } SMARTLIST_FOREACH_END(base_conn);
 }
 
-/** Tell any AP streams that are waiting for a new circuit to try again,
- * either attaching to an available circ or launching a new one.
+/**
+ * As connection_ap_attach_pending, but first scans the entire connection
+ * array to see if any elements are missing.
  */
 void
-connection_ap_attach_pending(void)
+connection_ap_rescan_and_attach_pending(void)
 {
   entry_connection_t *entry_conn;
   smartlist_t *conns = get_connection_array();
+
+  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
+    pending_entry_connections = smartlist_new();
+
   SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
     if (conn->marked_for_close ||
         conn->type != CONN_TYPE_AP ||
         conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
       continue;
+
     entry_conn = TO_ENTRY_CONN(conn);
+    tor_assert(entry_conn);
+    if (! smartlist_contains(pending_entry_connections, entry_conn)) {
+      log_warn(LD_BUG, "Found a connection %p that was supposed to be "
+               "in pending_entry_connections, but wasn't. No worries; "
+               "adding it.",
+               pending_entry_connections);
+      untried_pending_connections = 1;
+      connection_ap_mark_as_pending_circuit(entry_conn);
+    }
+
+  } SMARTLIST_FOREACH_END(conn);
+
+  connection_ap_attach_pending(1);
+}
+
+#ifdef DEBUGGING_17659
+#define UNMARK() do {                           \
+    entry_conn->marked_pending_circ_line = 0;   \
+    entry_conn->marked_pending_circ_file = 0;   \
+  } while (0)
+#else
+#define UNMARK() do { } while (0)
+#endif
+
+/** Tell any AP streams that are listed as waiting for a new circuit to try
+ * again, either attaching to an available circ or launching a new one.
+ *
+ * If <b>retry</b> is false, only check the list if it contains at least one
+ * streams that we have not yet tried to attach to a circuit.
+ */
+void
+connection_ap_attach_pending(int retry)
+{
+  if (PREDICT_UNLIKELY(!pending_entry_connections)) {
+    return;
+  }
+
+  if (untried_pending_connections == 0 && !retry)
+    return;
+
+  /* Don't allow modifications to pending_entry_connections while we are
+   * iterating over it. */
+  smartlist_t *pending = pending_entry_connections;
+  pending_entry_connections = smartlist_new();
+
+  SMARTLIST_FOREACH_BEGIN(pending,
+                          entry_connection_t *, entry_conn) {
+    connection_t *conn = ENTRY_TO_CONN(entry_conn);
+    tor_assert(conn && entry_conn);
+    if (conn->marked_for_close) {
+      UNMARK();
+      continue;
+    }
+    if (conn->magic != ENTRY_CONNECTION_MAGIC) {
+      log_warn(LD_BUG, "%p has impossible magic value %u.",
+               entry_conn, (unsigned)conn->magic);
+      UNMARK();
+      continue;
+    }
+    if (conn->state != AP_CONN_STATE_CIRCUIT_WAIT) {
+      log_warn(LD_BUG, "%p is no longer in circuit_wait. Its current state "
+               "is %s. Why is it on pending_entry_connections?",
+               entry_conn,
+               conn_state_to_string(conn->type, conn->state));
+      UNMARK();
+      continue;
+    }
+
     if (connection_ap_handshake_attach_circuit(entry_conn) < 0) {
       if (!conn->marked_for_close)
         connection_mark_unattached_ap(entry_conn,
                                       END_STREAM_REASON_CANT_ATTACH);
     }
-  } SMARTLIST_FOREACH_END(conn);
+
+    if (! conn->marked_for_close &&
+        conn->type == CONN_TYPE_AP &&
+        conn->state == AP_CONN_STATE_CIRCUIT_WAIT) {
+      if (!smartlist_contains(pending_entry_connections, entry_conn)) {
+        smartlist_add(pending_entry_connections, entry_conn);
+        continue;
+      }
+    }
+
+    UNMARK();
+  } SMARTLIST_FOREACH_END(entry_conn);
+
+  smartlist_free(pending);
+  untried_pending_connections = 0;
+}
+
+/** Mark <b>entry_conn</b> as needing to get attached to a circuit.
+ *
+ * And <b>entry_conn</b> must be in AP_CONN_STATE_CIRCUIT_WAIT,
+ * should not already be pending a circuit.  The circuit will get
+ * launched or the connection will get attached the next time we
+ * call connection_ap_attach_pending().
+ */
+void
+connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn,
+                                       const char *fname, int lineno)
+{
+  connection_t *conn = ENTRY_TO_CONN(entry_conn);
+  tor_assert(conn->state == AP_CONN_STATE_CIRCUIT_WAIT);
+  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
+  if (conn->marked_for_close)
+    return;
+
+  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
+    pending_entry_connections = smartlist_new();
+
+  if (PREDICT_UNLIKELY(smartlist_contains(pending_entry_connections,
+                                          entry_conn))) {
+    log_warn(LD_BUG, "What?? pending_entry_connections already contains %p! "
+             "(Called from %s:%d.)",
+             entry_conn, fname, lineno);
+#ifdef DEBUGGING_17659
+    const char *f2 = entry_conn->marked_pending_circ_file;
+    log_warn(LD_BUG, "(Previously called from %s:%d.)\n",
+             f2 ? f2 : "<NULL>",
+             entry_conn->marked_pending_circ_line);
+#endif
+    log_backtrace(LOG_WARN, LD_BUG, "To debug, this may help");
+    return;
+  }
+
+#ifdef DEBUGGING_17659
+  entry_conn->marked_pending_circ_line = (uint16_t) lineno;
+  entry_conn->marked_pending_circ_file = fname;
+#endif
+
+  untried_pending_connections = 1;
+  smartlist_add(pending_entry_connections, entry_conn);
+
+  /* Work-around for bug 19969: we handle pending_entry_connections at
+   * the end of run_main_loop_once(), but in many cases that function will
+   * take a very long time, if ever, to finish its call to event_base_loop().
+   *
+   * So the fix is to tell it right now that it ought to finish its loop at
+   * its next available opportunity.
+   */
+  tell_event_loop_to_finish();
+}
+
+/** Mark <b>entry_conn</b> as no longer waiting for a circuit. */
+void
+connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
+{
+  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
+    return;
+  UNMARK();
+  smartlist_remove(pending_entry_connections, entry_conn);
+}
+
+/* DOCDOC */
+void
+connection_ap_warn_and_unmark_if_pending_circ(entry_connection_t *entry_conn,
+                                              const char *where)
+{
+  if (pending_entry_connections &&
+      smartlist_contains(pending_entry_connections, entry_conn)) {
+    log_warn(LD_BUG, "What was %p doing in pending_entry_connections in %s?",
+             entry_conn, where);
+    connection_ap_mark_as_non_pending_circuit(entry_conn);
+  }
 }
 
 /** Tell any AP streams that are waiting for a one-hop tunnel to
@@ -744,8 +953,9 @@ connection_ap_fail_onehop(const char *failed_digest,
       /* we don't know the digest; have to compare addr:port */
       tor_addr_t addr;
       if (!build_state || !build_state->chosen_exit ||
-          !entry_conn->socks_request)
+          !entry_conn->socks_request) {
         continue;
+      }
       if (tor_addr_parse(&addr, entry_conn->socks_request->address)<0 ||
           !tor_addr_eq(&build_state->chosen_exit->addr, &addr) ||
           build_state->chosen_exit->port != entry_conn->socks_request->port)
@@ -834,12 +1044,13 @@ connection_ap_detach_retriable(entry_connection_t *conn,
      * a tunneled directory connection, then just attach it. */
     ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_CIRCUIT_WAIT;
     circuit_detach_stream(TO_CIRCUIT(circ),ENTRY_TO_EDGE_CONN(conn));
-    return connection_ap_handshake_attach_circuit(conn);
+    connection_ap_mark_as_pending_circuit(conn);
   } else {
+    CONNECTION_AP_EXPECT_NONPENDING(conn);
     ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_CONTROLLER_WAIT;
     circuit_detach_stream(TO_CIRCUIT(circ),ENTRY_TO_EDGE_CONN(conn));
-    return 0;
   }
+  return 0;
 }
 
 /** Check if <b>conn</b> is using a dangerous port. Then warn and/or
@@ -888,84 +1099,109 @@ connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn,
   const or_options_t *options = get_options();
 
   if (options->LeaveStreamsUnattached) {
+    CONNECTION_AP_EXPECT_NONPENDING(conn);
     ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_CONTROLLER_WAIT;
     return 0;
   }
   return connection_ap_handshake_rewrite_and_attach(conn, circ, cpath);
 }
 
-/** Connection <b>conn</b> just finished its socks handshake, or the
- * controller asked us to take care of it. If <b>circ</b> is defined,
- * then that's where we'll want to attach it. Otherwise we have to
- * figure it out ourselves.
- *
- * First, parse whether it's a .exit address, remap it, and so on. Then
- * if it's for a general circuit, try to attach it to a circuit (or launch
- * one as needed), else if it's for a rendezvous circuit, fetch a
- * rendezvous descriptor first (or attach/launch a circuit if the
- * rendezvous descriptor is already here and fresh enough).
- *
- * The stream will exit from the hop
- * indicated by <b>cpath</b>, or from the last hop in circ's cpath if
- * <b>cpath</b> is NULL.
+/* Try to perform any map-based rewriting of the target address in
+ * <b>conn</b>, filling in the fields of <b>out</b> as we go, and modifying
+ * conn->socks_request.address as appropriate.
  */
-int
-connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
-                                           origin_circuit_t *circ,
-                                           crypt_path_t *cpath)
+STATIC void
+connection_ap_handshake_rewrite(entry_connection_t *conn,
+                                rewrite_result_t *out)
 {
   socks_request_t *socks = conn->socks_request;
-  hostname_type_t addresstype;
   const or_options_t *options = get_options();
   tor_addr_t addr_tmp;
-  /* We set this to true if this is an address we should automatically
-   * remap to a local address in VirtualAddrNetwork */
-  int automap = 0;
-  char orig_address[MAX_SOCKS_ADDR_LEN];
-  time_t map_expires = TIME_MAX;
-  time_t now = time(NULL);
-  connection_t *base_conn = ENTRY_TO_CONN(conn);
-  addressmap_entry_source_t exit_source = ADDRMAPSRC_NONE;
 
-  tor_strlower(socks->address); /* normalize it */
-  strlcpy(orig_address, socks->address, sizeof(orig_address));
+  /* Initialize all the fields of 'out' to reasonable defaults */
+  out->automap = 0;
+  out->exit_source = ADDRMAPSRC_NONE;
+  out->map_expires = TIME_MAX;
+  out->end_reason = 0;
+  out->should_close = 0;
+  out->orig_address[0] = 0;
+
+  /* We convert all incoming addresses to lowercase. */
+  tor_strlower(socks->address);
+  /* Remember the original address. */
+  strlcpy(out->orig_address, socks->address, sizeof(out->orig_address));
   log_debug(LD_APP,"Client asked for %s:%d",
             safe_str_client(socks->address),
             socks->port);
 
+  /* Check for whether this is a .exit address.  By default, those are
+   * disallowed when they're coming straight from the client, but you're
+   * allowed to have them in MapAddress commands and so forth. */
   if (!strcmpend(socks->address, ".exit") && !options->AllowDotExit) {
     log_warn(LD_APP, "The  \".exit\" notation is disabled in Tor due to "
              "security risks. Set AllowDotExit in your torrc to enable "
              "it (at your own risk).");
     control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                 escaped(socks->address));
-    connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
-    return -1;
+    out->end_reason = END_STREAM_REASON_TORPROTOCOL;
+    out->should_close = 1;
+    return;
   }
 
-  if (! conn->original_dest_address)
+  /* Remember the original address so we can tell the user about what
+   * they actually said, not just what it turned into. */
+  if (! conn->original_dest_address) {
+    /* Is the 'if' necessary here? XXXX */
     conn->original_dest_address = tor_strdup(conn->socks_request->address);
+  }
 
+  /* First, apply MapAddress and MAPADDRESS mappings. We need to do
+   * these only for non-reverse lookups, since they don't exist for those.
+   * We need to do this before we consider automapping, since we might
+   * e.g. resolve irc.oftc.net into irconionaddress.onion, at which point
+   * we'd need to automap it. */
+  if (socks->command != SOCKS_COMMAND_RESOLVE_PTR) {
+    const unsigned rewrite_flags = AMR_FLAG_USE_MAPADDRESS;
+    if (addressmap_rewrite(socks->address, sizeof(socks->address),
+                       rewrite_flags, &out->map_expires, &out->exit_source)) {
+      control_event_stream_status(conn, STREAM_EVENT_REMAP,
+                                  REMAP_STREAM_SOURCE_CACHE);
+    }
+  }
+
+  /* Now, handle automapping.  Automapping happens when we're asked to
+   * resolve a hostname, and AutomapHostsOnResolve is set, and
+   * the hostname has a suffix listed in AutomapHostsSuffixes.
+   */
   if (socks->command == SOCKS_COMMAND_RESOLVE &&
       tor_addr_parse(&addr_tmp, socks->address)<0 &&
       options->AutomapHostsOnResolve) {
-    automap = addressmap_address_should_automap(socks->address, options);
-    if (automap) {
+    /* Check the suffix... */
+    out->automap = addressmap_address_should_automap(socks->address, options);
+    if (out->automap) {
+      /* If we get here, then we should apply an automapping for this. */
       const char *new_addr;
+      /* We return an IPv4 address by default, or an IPv6 address if we
+       * are allowed to do so. */
       int addr_type = RESOLVED_TYPE_IPV4;
       if (conn->socks_request->socks_version != 4) {
-        if (!conn->ipv4_traffic_ok ||
-            (conn->ipv6_traffic_ok && conn->prefer_ipv6_traffic) ||
-            conn->prefer_ipv6_virtaddr)
+        if (!conn->entry_cfg.ipv4_traffic ||
+            (conn->entry_cfg.ipv6_traffic && conn->entry_cfg.prefer_ipv6) ||
+            conn->entry_cfg.prefer_ipv6_virtaddr)
           addr_type = RESOLVED_TYPE_IPV6;
       }
+      /* Okay, register the target address as automapped, and find the new
+       * address we're supposed to give as a resolve answer.  (Return a cached
+       * value if we've looked up this address before.
+       */
       new_addr = addressmap_register_virtual_address(
                                     addr_type, tor_strdup(socks->address));
       if (! new_addr) {
         log_warn(LD_APP, "Unable to automap address %s",
                  escaped_safe_str(socks->address));
-        connection_mark_unattached_ap(conn, END_STREAM_REASON_INTERNAL);
-        return -1;
+        out->end_reason = END_STREAM_REASON_INTERNAL;
+        out->should_close = 1;
+        return;
       }
       log_info(LD_APP, "Automapping %s to %s",
                escaped_safe_str_client(socks->address),
@@ -974,28 +1210,35 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
     }
   }
 
+  /* Now handle reverse lookups, if they're in the cache.  This doesn't
+   * happen too often, since client-side DNS caching is off by default. */
   if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
     unsigned rewrite_flags = 0;
-    if (conn->use_cached_ipv4_answers)
+    if (conn->entry_cfg.use_cached_ipv4_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
-    if (conn->use_cached_ipv6_answers)
+    if (conn->entry_cfg.use_cached_ipv6_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
 
     if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
-                                   rewrite_flags, &map_expires)) {
+                                   rewrite_flags, &out->map_expires)) {
       char *result = tor_strdup(socks->address);
       /* remember _what_ is supposed to have been resolved. */
       tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
-                  orig_address);
+                   out->orig_address);
       connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME,
                                              strlen(result), (uint8_t*)result,
                                              -1,
-                                             map_expires);
-      connection_mark_unattached_ap(conn,
-                                END_STREAM_REASON_DONE |
-                                END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
-      return 0;
+                                             out->map_expires);
+      tor_free(result);
+      out->end_reason = END_STREAM_REASON_DONE |
+                        END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED;
+      out->should_close = 1;
+      return;
     }
+
+    /* Hang on, did we find an answer saying that this is a reverse lookup for
+     * an internal address?  If so, we should reject it if we're condigured to
+     * do so. */
     if (options->ClientDNSRejectInternalAddresses) {
       /* Don't let people try to do a reverse lookup on 10.0.0.1. */
       tor_addr_t addr;
@@ -1005,43 +1248,108 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       if (ok == 1 && tor_addr_is_internal(&addr, 0)) {
         connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
                                                0, NULL, -1, TIME_MAX);
-        connection_mark_unattached_ap(conn,
-                                 END_STREAM_REASON_SOCKSPROTOCOL |
-                                 END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
-        return -1;
+        out->end_reason = END_STREAM_REASON_SOCKSPROTOCOL |
+                          END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED;
+        out->should_close = 1;
+        return;
       }
     }
-  } else if (!automap) {
-    /* For address map controls, remap the address. */
-    unsigned rewrite_flags = 0;
-    if (conn->use_cached_ipv4_answers)
+  }
+
+  /* If we didn't automap it before, then this is still the address
+   * that came straight from the user, mapped according to any
+   * MapAddress/MAPADDRESS commands.  Now other mappings, including
+   * previously registered Automap entries, TrackHostExits entries,
+   * and client-side DNS cache entries (not recommended).
+   */
+  if (socks->command != SOCKS_COMMAND_RESOLVE_PTR &&
+      !out->automap) {
+    unsigned rewrite_flags = AMR_FLAG_USE_AUTOMAP | AMR_FLAG_USE_TRACKEXIT;
+    addressmap_entry_source_t exit_source2;
+    if (conn->entry_cfg.use_cached_ipv4_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
-    if (conn->use_cached_ipv6_answers)
+    if (conn->entry_cfg.use_cached_ipv6_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
     if (addressmap_rewrite(socks->address, sizeof(socks->address),
-                           rewrite_flags, &map_expires, &exit_source)) {
+                        rewrite_flags, &out->map_expires, &exit_source2)) {
       control_event_stream_status(conn, STREAM_EVENT_REMAP,
                                   REMAP_STREAM_SOURCE_CACHE);
     }
+    if (out->exit_source == ADDRMAPSRC_NONE) {
+      /* If it wasn't a .exit before, maybe it turned into a .exit. Remember
+       * the original source of a .exit. */
+      out->exit_source = exit_source2;
+    }
   }
 
-  if (!automap && address_is_in_virtual_range(socks->address)) {
-    /* This address was probably handed out by client_dns_get_unmapped_address,
-     * but the mapping was discarded for some reason.  We *don't* want to send
-     * the address through Tor; that's likely to fail, and may leak
-     * information.
+  /* Check to see whether we're about to use an address in the virtual
+   * range without actually having gotten it from an Automap. */
+  if (!out->automap && address_is_in_virtual_range(socks->address)) {
+    /* This address was probably handed out by
+     * client_dns_get_unmapped_address, but the mapping was discarded for some
+     * reason.  Or the user typed in a virtual address range manually.  We
+     * *don't* want to send the address through Tor; that's likely to fail,
+     * and may leak information.
      */
     log_warn(LD_APP,"Missing mapping for virtual address '%s'. Refusing.",
              safe_str_client(socks->address));
-    connection_mark_unattached_ap(conn, END_STREAM_REASON_INTERNAL);
-    return -1;
+    out->end_reason = END_STREAM_REASON_INTERNAL;
+    out->should_close = 1;
+    return;
+  }
+}
+
+/** Connection <b>conn</b> just finished its socks handshake, or the
+ * controller asked us to take care of it. If <b>circ</b> is defined,
+ * then that's where we'll want to attach it. Otherwise we have to
+ * figure it out ourselves.
+ *
+ * First, parse whether it's a .exit address, remap it, and so on. Then
+ * if it's for a general circuit, try to attach it to a circuit (or launch
+ * one as needed), else if it's for a rendezvous circuit, fetch a
+ * rendezvous descriptor first (or attach/launch a circuit if the
+ * rendezvous descriptor is already here and fresh enough).
+ *
+ * The stream will exit from the hop
+ * indicated by <b>cpath</b>, or from the last hop in circ's cpath if
+ * <b>cpath</b> is NULL.
+ */
+int
+connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
+                                           origin_circuit_t *circ,
+                                           crypt_path_t *cpath)
+{
+  socks_request_t *socks = conn->socks_request;
+  const or_options_t *options = get_options();
+  connection_t *base_conn = ENTRY_TO_CONN(conn);
+  time_t now = time(NULL);
+  rewrite_result_t rr;
+
+  memset(&rr, 0, sizeof(rr));
+  connection_ap_handshake_rewrite(conn,&rr);
+
+  if (rr.should_close) {
+    /* connection_ap_handshake_rewrite told us to close the connection,
+     * either because it sent back an answer, or because it sent back an
+     * error */
+    connection_mark_unattached_ap(conn, rr.end_reason);
+    if (END_STREAM_REASON_DONE == (rr.end_reason & END_STREAM_REASON_MASK))
+      return 0;
+    else
+      return -1;
   }
 
+  const time_t map_expires = rr.map_expires;
+  const int automap = rr.automap;
+  const addressmap_entry_source_t exit_source = rr.exit_source;
+
   /* Parse the address provided by SOCKS.  Modify it in-place if it
    * specifies a hidden-service (.onion) or particular exit node (.exit).
    */
-  addresstype = parse_extended_hostname(socks->address);
+  const hostname_type_t addresstype = parse_extended_hostname(socks->address);
 
+  /* Now see whether the hostname is bogus.  This could happen because of an
+   * onion hostname whose format we don't recognize. */
   if (addresstype == BAD_HOSTNAME) {
     control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                 escaped(socks->address));
@@ -1049,16 +1357,21 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
     return -1;
   }
 
+  /* If this is a .exit hostname, strip off the .name.exit part, and
+   * see whether we're going to connect there, and otherwise handle it.
+   * (The ".exit" part got stripped off by "parse_extended_hostname").
+   *
+   * We'll set chosen_exit_name and/or close the connection as appropriate.
+   */
   if (addresstype == EXIT_HOSTNAME) {
-    /* foo.exit -- modify conn->chosen_exit_node to specify the exit
-     * node, and conn->address to hold only the address portion. */
-    char *s = strrchr(socks->address,'.');
-
-    /* If StrictNodes is not set, then .exit overrides ExcludeNodes. */
+    /* If StrictNodes is not set, then .exit overrides ExcludeNodes but
+     * not ExcludeExitNodes. */
     routerset_t *excludeset = options->StrictNodes ?
       options->ExcludeExitNodesUnion_ : options->ExcludeExitNodes;
-    const node_t *node;
+    const node_t *node = NULL;
 
+    /* If this .exit was added by an AUTOMAP, then it came straight from
+     * a user.  Make sure that options->AllowDotExit permits that. */
     if (exit_source == ADDRMAPSRC_AUTOMAP && !options->AllowDotExit) {
       /* Whoops; this one is stale.  It must have gotten added earlier,
        * when AllowDotExit was on. */
@@ -1071,6 +1384,8 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       return -1;
     }
 
+    /* Double-check to make sure there are no .exits coming from
+     * impossible/weird sources. */
     if (exit_source == ADDRMAPSRC_DNS ||
         (exit_source == ADDRMAPSRC_NONE && !options->AllowDotExit)) {
       /* It shouldn't be possible to get a .exit address from any of these
@@ -1085,9 +1400,12 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
     }
 
     tor_assert(!automap);
+    /* Now, find the character before the .(name) part. */
+    char *s = strrchr(socks->address,'.');
     if (s) {
       /* The address was of the form "(stuff).(name).exit */
       if (s[1] != '\0') {
+        /* Looks like a real .exit one. */
         conn->chosen_exit_name = tor_strdup(s+1);
         node = node_get_by_nickname(conn->chosen_exit_name, 1);
 
@@ -1106,7 +1424,8 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
         return -1;
       }
     } else {
-      /* It looks like they just asked for "foo.exit". */
+      /* It looks like they just asked for "foo.exit".  That's a special
+       * form that means (foo's address).foo.exit. */
 
       conn->chosen_exit_name = tor_strdup(socks->address);
       node = node_get_by_nickname(conn->chosen_exit_name, 1);
@@ -1115,6 +1434,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
         node_get_address_string(node, socks->address, sizeof(socks->address));
       }
     }
+
     /* Now make sure that the chosen exit exists... */
     if (!node) {
       log_warn(LD_APP,
@@ -1136,8 +1456,12 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
        implies no. */
   }
 
+  /* Now, handle everything that isn't a .onion address. */
   if (addresstype != ONION_HOSTNAME) {
-    /* not a hidden-service request (i.e. normal or .exit) */
+    /* Not a hidden-service request.  It's either a hostname or an IP,
+     * possibly with a .exit that we stripped off. */
+
+    /* Check for funny characters in the address. */
     if (address_is_invalid_destination(socks->address, 1)) {
       control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                   escaped(socks->address));
@@ -1148,6 +1472,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       return -1;
     }
 
+#ifdef ENABLE_TOR2WEB_MODE
+    /* If we're running in Tor2webMode, we don't allow anything BUT .onion
+     * addresses. */
     if (options->Tor2webMode) {
       log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname %s "
                "because tor2web mode is enabled.",
@@ -1155,13 +1482,17 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
       return -1;
     }
+#endif
 
+    /* See if this is a hostname lookup that we can answer immediately.
+     * (For example, an attempt to look up the IP address for an IP address.)
+     */
     if (socks->command == SOCKS_COMMAND_RESOLVE) {
       tor_addr_t answer;
       /* Reply to resolves immediately if we can. */
       if (tor_addr_parse(&answer, socks->address) >= 0) {/* is it an IP? */
         /* remember _what_ is supposed to have been resolved. */
-        strlcpy(socks->address, orig_address, sizeof(socks->address));
+        strlcpy(socks->address, rr.orig_address, sizeof(socks->address));
         connection_ap_handshake_socks_resolved_addr(conn, &answer, -1,
                                                     map_expires);
         connection_mark_unattached_ap(conn,
@@ -1172,14 +1503,22 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       tor_assert(!automap);
       rep_hist_note_used_resolve(now); /* help predict this next time */
     } else if (socks->command == SOCKS_COMMAND_CONNECT) {
+      /* Special handling for attempts to connect */
       tor_assert(!automap);
+      /* Don't allow connections to port 0. */
       if (socks->port == 0) {
         log_notice(LD_APP,"Application asked to connect to port 0. Refusing.");
         connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
         return -1;
       }
+      /* You can't make connections to internal addresses, by default.
+       * Exceptions are begindir requests (where the address is meaningless,
+       * or cases where you've hand-configured a particular exit, thereby
+       * making the local address meaningful. */
       if (options->ClientRejectInternalAddresses &&
           !conn->use_begindir && !conn->chosen_exit_name && !circ) {
+        /* If we reach this point then we don't want to allow internal
+         * addresses.  Check if we got one. */
         tor_addr_t addr;
         if (tor_addr_hostname_is_local(socks->address) ||
             (tor_addr_parse(&addr, socks->address) >= 0 &&
@@ -1214,39 +1553,58 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
           connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
           return -1;
         }
-      }
+      } /* end "if we should check for internal addresses" */
 
+      /* Okay.  We're still doing a CONNECT, and it wasn't a private
+       * address.  Do special handling for literal IP addresses */
       {
         tor_addr_t addr;
         /* XXX Duplicate call to tor_addr_parse. */
         if (tor_addr_parse(&addr, socks->address) >= 0) {
+          /* If we reach this point, it's an IPv4 or an IPv6 address. */
           sa_family_t family = tor_addr_family(&addr);
-          if ((family == AF_INET && ! conn->ipv4_traffic_ok) ||
-              (family == AF_INET6 && ! conn->ipv4_traffic_ok)) {
+
+          if ((family == AF_INET && ! conn->entry_cfg.ipv4_traffic) ||
+              (family == AF_INET6 && ! conn->entry_cfg.ipv6_traffic)) {
+            /* You can't do an IPv4 address on a v6-only socks listener,
+             * or vice versa. */
             log_warn(LD_NET, "Rejecting SOCKS request for an IP address "
                      "family that this listener does not support.");
             connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
             return -1;
           } else if (family == AF_INET6 && socks->socks_version == 4) {
+            /* You can't make a socks4 request to an IPv6 address. Socks4
+             * doesn't support that. */
             log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address.");
             connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
             return -1;
-          } else if (socks->socks_version == 4 && !conn->ipv4_traffic_ok) {
+          } else if (socks->socks_version == 4 &&
+                     !conn->entry_cfg.ipv4_traffic) {
+            /* You can't do any kind of Socks4 request when IPv4 is forbidden.
+             *
+             * XXX raise this check outside the enclosing block? */
             log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with "
                      "no IPv4 traffic supported.");
             connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
             return -1;
           } else if (family == AF_INET6) {
-            conn->ipv4_traffic_ok = 0;
+            /* Tell the exit: we won't accept any ipv4 connection to an IPv6
+             * address. */
+            conn->entry_cfg.ipv4_traffic = 0;
           } else if (family == AF_INET) {
-            conn->ipv6_traffic_ok = 0;
+            /* Tell the exit: we won't accept any ipv6 connection to an IPv4
+             * address. */
+            conn->entry_cfg.ipv6_traffic = 0;
           }
         }
       }
 
       if (socks->socks_version == 4)
-        conn->ipv6_traffic_ok = 0;
+        conn->entry_cfg.ipv6_traffic = 0;
 
+      /* Still handling CONNECT. Now, check for exit enclaves.  (Which we
+       * don't do on BEGINDIR, or there is a chosen exit.)
+       */
       if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
         /* see if we can find a suitable enclave exit */
         const node_t *r =
@@ -1263,11 +1621,13 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
         }
       }
 
-      /* warn or reject if it's using a dangerous port */
+      /* Still handling CONNECT: warn or reject if it's using a dangerous
+       * port. */
       if (!conn->use_begindir && !conn->chosen_exit_name && !circ)
         if (consider_plaintext_ports(conn, socks->port) < 0)
           return -1;
 
+      /* Remember the port so that we do predicted requests there. */
       if (!conn->use_begindir) {
         /* help predict this next time */
         rep_hist_note_used_port(now, socks->port);
@@ -1276,25 +1636,43 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       rep_hist_note_used_resolve(now); /* help predict this next time */
       /* no extra processing needed */
     } else {
+      /* We should only be doing CONNECT or RESOLVE! */
       tor_fragile_assert();
     }
+
+    /* Okay. At this point we've set chosen_exit_name if needed, rewritten the
+     * address, and decided not to reject it for any number of reasons. Now
+     * mark the connection as waiting for a circuit, and try to attach it!
+     */
     base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
-    if ((circ && connection_ap_handshake_attach_chosen_circuit(
-                   conn, circ, cpath) < 0) ||
-        (!circ &&
-         connection_ap_handshake_attach_circuit(conn) < 0)) {
+
+    /* If we were given a circuit to attach to, try to attach. Otherwise,
+     * try to find a good one and attach to that. */
+    int rv;
+    if (circ) {
+      rv = connection_ap_handshake_attach_chosen_circuit(conn, circ, cpath);
+    } else {
+      connection_ap_mark_as_pending_circuit(conn);
+      rv = 0;
+    }
+
+    /* If the above function returned 0 then we're waiting for a circuit.
+     * if it returned 1, we're attached.  Both are okay.  But if it returned
+     * -1, there was an error, so make sure the connection is marked, and
+     * return -1. */
+    if (rv < 0) {
       if (!base_conn->marked_for_close)
         connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
       return -1;
     }
+
     return 0;
   } else {
-    /* it's a hidden-service request */
-    rend_cache_entry_t *entry;
-    int r;
-    rend_service_authorization_t *client_auth;
-    rend_data_t *rend_data;
+    /* If we get here, it's a request for a .onion address! */
     tor_assert(!automap);
+
+    /* Check whether it's RESOLVE or RESOLVE_PTR.  We don't handle those
+     * for hidden service addresses. */
     if (SOCKS_COMMAND_IS_RESOLVE(socks->command)) {
       /* if it's a resolve request, fail it right now, rather than
        * building all the circuits and then realizing it won't work. */
@@ -1308,6 +1686,8 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       return -1;
     }
 
+    /* If we were passed a circuit, then we need to fail.  .onion addresses
+     * only work when we launch our own circuits for now. */
     if (circ) {
       log_warn(LD_CONTROL, "Attachstream to a circuit is not "
                "supported for .onion addresses currently. Failing.");
@@ -1315,51 +1695,77 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       return -1;
     }
 
-    ENTRY_TO_EDGE_CONN(conn)->rend_data = rend_data =
-      tor_malloc_zero(sizeof(rend_data_t));
-    strlcpy(rend_data->onion_address, socks->address,
-            sizeof(rend_data->onion_address));
+    /* Look up if we have client authorization configured for this hidden
+     * service.  If we do, associate it with the rend_data. */
+    rend_service_authorization_t *client_auth =
+      rend_client_lookup_service_authorization(socks->address);
+
+    const char *cookie = NULL;
+    rend_auth_type_t auth_type = REND_NO_AUTH;
+    if (client_auth) {
+      log_info(LD_REND, "Using previously configured client authorization "
+               "for hidden service request.");
+      auth_type = client_auth->auth_type;
+      cookie = client_auth->descriptor_cookie;
+    }
+
+    /* Fill in the rend_data field so we can start doing a connection to
+     * a hidden service. */
+    rend_data_t *rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data =
+      rend_data_client_create(socks->address, NULL, cookie, auth_type);
+    if (rend_data == NULL) {
+      return -1;
+    }
     log_info(LD_REND,"Got a hidden service request for ID '%s'",
              safe_str_client(rend_data->onion_address));
-    /* see if we already have it cached */
-    r = rend_cache_lookup_entry(rend_data->onion_address, -1, &entry);
-    if (r<0) {
-      log_warn(LD_BUG,"Invalid service name '%s'",
-               safe_str_client(rend_data->onion_address));
-      connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
-      return -1;
+
+    /* Lookup the given onion address. If invalid, stop right now else we
+     * might have it in the cache or not, it will be tested later on. */
+    unsigned int refetch_desc = 0;
+    rend_cache_entry_t *entry = NULL;
+    const int rend_cache_lookup_result =
+      rend_cache_lookup_entry(rend_data->onion_address, -1, &entry);
+    if (rend_cache_lookup_result < 0) {
+      switch (-rend_cache_lookup_result) {
+      case EINVAL:
+        /* We should already have rejected this address! */
+        log_warn(LD_BUG,"Invalid service name '%s'",
+            safe_str_client(rend_data->onion_address));
+        connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
+        return -1;
+      case ENOENT:
+        refetch_desc = 1;
+        break;
+      default:
+        log_warn(LD_BUG, "Unknown cache lookup error %d",
+            rend_cache_lookup_result);
+        return -1;
+      }
     }
 
     /* Help predict this next time. We're not sure if it will need
      * a stable circuit yet, but we know we'll need *something*. */
     rep_hist_note_used_internal(now, 0, 1);
 
-    /* Look up if we have client authorization for it. */
-    client_auth = rend_client_lookup_service_authorization(
-                                          rend_data->onion_address);
-    if (client_auth) {
-      log_info(LD_REND, "Using previously configured client authorization "
-                        "for hidden service request.");
-      memcpy(rend_data->descriptor_cookie,
-             client_auth->descriptor_cookie, REND_DESC_COOKIE_LEN);
-      rend_data->auth_type = client_auth->auth_type;
-    }
-    if (r==0) {
+    /* Now we have a descriptor but is it usable or not? If not, refetch.
+     * Also, a fetch could have been requested if the onion address was not
+     * found in the cache previously. */
+    if (refetch_desc || !rend_client_any_intro_points_usable(entry)) {
+      connection_ap_mark_as_non_pending_circuit(conn);
       base_conn->state = AP_CONN_STATE_RENDDESC_WAIT;
       log_info(LD_REND, "Unknown descriptor %s. Fetching.",
-               safe_str_client(rend_data->onion_address));
+          safe_str_client(rend_data->onion_address));
       rend_client_refetch_v2_renddesc(rend_data);
-    } else { /* r > 0 */
-      base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
-      log_info(LD_REND, "Descriptor is here. Great.");
-      if (connection_ap_handshake_attach_circuit(conn) < 0) {
-        if (!base_conn->marked_for_close)
-          connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
-        return -1;
-      }
+      return 0;
     }
+
+    /* We have the descriptor so launch a connection to the HS. */
+    base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
+    log_info(LD_REND, "Descriptor is here. Great.");
+    connection_ap_mark_as_pending_circuit(conn);
     return 0;
   }
+
   return 0; /* unreached but keeps the compiler happy */
 }
 
@@ -1391,7 +1797,7 @@ get_pf_socket(void)
 }
 #endif
 
-#if defined(TRANS_NETFILTER) || defined(TRANS_PF)
+#if defined(TRANS_NETFILTER) || defined(TRANS_PF) || defined(TRANS_TPROXY)
 /** Try fill in the address of <b>req</b> from the socket configured
  * with <b>conn</b>. */
 static int
@@ -1401,13 +1807,45 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
   socklen_t orig_dst_len = sizeof(orig_dst);
   tor_addr_t addr;
 
+#ifdef TRANS_TRPOXY
+  if (options->TransProxyType_parsed == TPT_TPROXY) {
+    if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
+                    &orig_dst_len) < 0) {
+      int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
+      log_warn(LD_NET, "getsockname() failed: %s", tor_socket_strerror(e));
+      return -1;
+    }
+    goto done;
+  }
+#endif
+
 #ifdef TRANS_NETFILTER
-  if (getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
-                 (struct sockaddr*)&orig_dst, &orig_dst_len) < 0) {
+  int rv = -1;
+  switch (ENTRY_TO_CONN(conn)->socket_family) {
+#ifdef TRANS_NETFILTER_IPV4
+    case AF_INET:
+      rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
+                  (struct sockaddr*)&orig_dst, &orig_dst_len);
+      break;
+#endif
+#ifdef TRANS_NETFILTER_IPV6
+    case AF_INET6:
+      rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IPV6, IP6T_SO_ORIGINAL_DST,
+                  (struct sockaddr*)&orig_dst, &orig_dst_len);
+      break;
+#endif
+    default:
+      log_warn(LD_BUG,
+               "Received transparent data from an unsuported socket family %d",
+               ENTRY_TO_CONN(conn)->socket_family);
+      return -1;
+  }
+  if (rv < 0) {
     int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
     log_warn(LD_NET, "getsockopt() failed: %s", tor_socket_strerror(e));
     return -1;
   }
+  goto done;
 #elif defined(TRANS_PF)
   if (getsockname(ENTRY_TO_CONN(conn)->s, (struct sockaddr*)&orig_dst,
                   &orig_dst_len) < 0) {
@@ -1415,6 +1853,7 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
     log_warn(LD_NET, "getsockname() failed: %s", tor_socket_strerror(e));
     return -1;
   }
+  goto done;
 #else
   (void)conn;
   (void)req;
@@ -1422,6 +1861,7 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
   return -1;
 #endif
 
+ done:
   tor_addr_from_sockaddr(&addr, (struct sockaddr*)&orig_dst, &req->port);
   tor_addr_to_str(req->address, &addr, sizeof(req->address), 1);
 
@@ -1531,7 +1971,8 @@ connection_ap_get_original_destination(entry_connection_t *conn,
   if (options->TransProxyType_parsed == TPT_PF_DIVERT)
     return destination_from_socket(conn, req);
 
-  if (options->TransProxyType_parsed == TPT_DEFAULT)
+  if (options->TransProxyType_parsed == TPT_DEFAULT ||
+      options->TransProxyType_parsed == TPT_IPFW)
     return destination_from_pf(conn, req);
 
   (void)conn;
@@ -1767,7 +2208,8 @@ connection_ap_supports_optimistic_data(const entry_connection_t *conn)
      general circuit. */
   if (edge_conn->on_circuit == NULL ||
       edge_conn->on_circuit->state != CIRCUIT_STATE_OPEN ||
-      edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_GENERAL)
+      (edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
+       edge_conn->on_circuit->purpose != CIRCUIT_PURPOSE_C_REND_JOINED))
     return 0;
 
   return conn->may_use_optimistic_data;
@@ -1792,19 +2234,19 @@ connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
     return 0;
 
   /* If only IPv4 is supported, no flags */
-  if (ap_conn->ipv4_traffic_ok && !ap_conn->ipv6_traffic_ok)
+  if (ap_conn->entry_cfg.ipv4_traffic && !ap_conn->entry_cfg.ipv6_traffic)
     return 0;
 
   if (! cpath_layer ||
       ! cpath_layer->extend_info)
     return 0;
 
-  if (!ap_conn->ipv4_traffic_ok)
+  if (!ap_conn->entry_cfg.ipv4_traffic)
     flags |= BEGIN_FLAG_IPV4_NOT_OK;
 
   exitnode = node_get_by_id(cpath_layer->extend_info->identity_digest);
 
-  if (ap_conn->ipv6_traffic_ok && exitnode) {
+  if (ap_conn->entry_cfg.ipv6_traffic && exitnode) {
     tor_addr_t a;
     tor_addr_make_null(&a, AF_INET6);
     if (compare_tor_addr_to_node_policy(&a, ap_conn->socks_request->port,
@@ -1819,7 +2261,7 @@ connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
   if (flags == BEGIN_FLAG_IPV6_OK) {
     /* When IPv4 and IPv6 are both allowed, consider whether to say we
      * prefer IPv6.  Otherwise there's no point in declaring a preference */
-    if (ap_conn->prefer_ipv6_traffic)
+    if (ap_conn->entry_cfg.prefer_ipv6)
       flags |= BEGIN_FLAG_IPV6_PREFERRED;
   }
 
@@ -1880,8 +2322,9 @@ connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
   }
 
   log_info(LD_APP,
-           "Sending relay cell %d to begin stream %d.",
+           "Sending relay cell %d on circ %u to begin stream %d.",
            (int)ap_conn->use_begindir,
+           (unsigned)circ->base_.n_circ_id,
            edge_conn->stream_id);
 
   begin_type = ap_conn->use_begindir ?
@@ -2056,8 +2499,8 @@ connection_ap_make_link(connection_t *partner,
   /* Populate isolation fields. */
   conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
   conn->original_dest_address = tor_strdup(address);
-  conn->session_group = session_group;
-  conn->isolation_flags = isolation_flags;
+  conn->entry_cfg.session_group = session_group;
+  conn->entry_cfg.isolation_flags = isolation_flags;
 
   base_conn->address = tor_strdup("(Tor_internal)");
   tor_addr_make_unspec(&base_conn->addr);
@@ -2075,12 +2518,7 @@ connection_ap_make_link(connection_t *partner,
   control_event_stream_status(conn, STREAM_EVENT_NEW, 0);
 
   /* attaching to a dirty circuit is fine */
-  if (connection_ap_handshake_attach_circuit(conn) < 0) {
-    if (!base_conn->marked_for_close)
-      connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
-    return NULL;
-  }
-
+  connection_ap_mark_as_pending_circuit(conn);
   log_info(LD_APP,"... application connection created and linked.");
   return conn;
 }
@@ -2460,7 +2898,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
 
   relay_header_unpack(&rh, cell->payload);
   if (rh.length > RELAY_PAYLOAD_SIZE)
-    return -1;
+    return -END_CIRC_REASON_TORPROTOCOL;
 
   /* Note: we have to use relay_send_command_from_edge here, not
    * connection_edge_end or connection_edge_send_command, since those require
@@ -2478,7 +2916,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
 
   r = begin_cell_parse(cell, &bcell, &end_reason);
   if (r < -1) {
-    return -1;
+    return -END_CIRC_REASON_TORPROTOCOL;
   } else if (r == -1) {
     tor_free(bcell.address);
     relay_send_end_cell_from_edge(rh.stream_id, circ, end_reason, NULL);
@@ -2522,8 +2960,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
       return 0;
     }
     /* Make sure to get the 'real' address of the previous hop: the
-     * caller might want to know whether his IP address has changed, and
-     * we might already have corrected base_.addr[ess] for the relay's
+     * caller might want to know whether the remote IP address has changed,
+     * and we might already have corrected base_.addr[ess] for the relay's
      * canonical IP address. */
     if (or_circ && or_circ->p_chan)
       address = tor_strdup(channel_get_actual_remote_address(or_circ->p_chan));
@@ -2576,15 +3014,31 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
     n_stream->rend_data = rend_data_dup(origin_circ->rend_data);
     tor_assert(connection_edge_is_rendezvous_stream(n_stream));
     assert_circuit_ok(circ);
-    if (rend_service_set_connection_addr_port(n_stream, origin_circ) < 0) {
+
+    const int r = rend_service_set_connection_addr_port(n_stream, origin_circ);
+    if (r < 0) {
       log_info(LD_REND,"Didn't find rendezvous service (port %d)",
                n_stream->base_.port);
+      /* Send back reason DONE because we want to make hidden service port
+       * scanning harder thus instead of returning that the exit policy
+       * didn't match, which makes it obvious that the port is closed,
+       * return DONE and kill the circuit. That way, a user (malicious or
+       * not) needs one circuit per bad port unless it matches the policy of
+       * the hidden service. */
       relay_send_end_cell_from_edge(rh.stream_id, circ,
-                                    END_STREAM_REASON_EXITPOLICY,
+                                    END_STREAM_REASON_DONE,
                                     origin_circ->cpath->prev);
       connection_free(TO_CONN(n_stream));
       tor_free(address);
-      return 0;
+
+      /* Drop the circuit here since it might be someone deliberately
+       * scanning the hidden service ports. Note that this mitigates port
+       * scanning by adding more work on the attacker side to successfully
+       * scan but does not fully solve it. */
+      if (r < -1)
+        return END_CIRC_AT_ORIGIN;
+      else
+        return 0;
     }
     assert_circuit_ok(circ);
     log_debug(LD_REND,"Finished assigning addr/port");
@@ -2596,6 +3050,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
     origin_circ->p_streams = n_stream;
     assert_circuit_ok(circ);
 
+    origin_circ->rend_data->nr_streams++;
+
     connection_exit_connect(n_stream);
 
     /* For path bias: This circuit was used successfully */
@@ -2712,7 +3168,7 @@ connection_exit_connect(edge_connection_t *edge_conn)
   const tor_addr_t *addr;
   uint16_t port;
   connection_t *conn = TO_CONN(edge_conn);
-  int socket_error = 0;
+  int socket_error = 0, result;
 
   if ( (!connection_edge_is_rendezvous_stream(edge_conn) &&
         router_compare_to_my_exit_policy(&edge_conn->base_.addr,
@@ -2727,14 +3183,36 @@ connection_exit_connect(edge_connection_t *edge_conn)
     return;
   }
 
-  addr = &conn->addr;
-  port = conn->port;
+#ifdef HAVE_SYS_UN_H
+  if (conn->socket_family != AF_UNIX) {
+#else
+  {
+#endif /* defined(HAVE_SYS_UN_H) */
+    addr = &conn->addr;
+    port = conn->port;
+
+    if (tor_addr_family(addr) == AF_INET6)
+      conn->socket_family = AF_INET6;
+
+    log_debug(LD_EXIT, "about to try connecting");
+    result = connection_connect(conn, conn->address,
+                                addr, port, &socket_error);
+#ifdef HAVE_SYS_UN_H
+  } else {
+    /*
+     * In the AF_UNIX case, we expect to have already had conn->port = 1,
+     * tor_addr_make_unspec(conn->addr) (cf. the way we mark in the incoming
+     * case in connection_handle_listener_read()), and conn->address should
+     * have the socket path to connect to.
+     */
+    tor_assert(conn->address && strlen(conn->address) > 0);
 
-  if (tor_addr_family(addr) == AF_INET6)
-    conn->socket_family = AF_INET6;
+    log_debug(LD_EXIT, "about to try connecting");
+    result = connection_connect_unix(conn, conn->address, &socket_error);
+#endif /* defined(HAVE_SYS_UN_H) */
+  }
 
-  log_debug(LD_EXIT,"about to try connecting");
-  switch (connection_connect(conn, conn->address, addr, port, &socket_error)) {
+  switch (result) {
     case -1: {
       int reason = errno_to_stream_end_reason(socket_error);
       connection_edge_end(edge_conn, reason);
@@ -2764,7 +3242,6 @@ connection_exit_connect(edge_connection_t *edge_conn)
 
   /* also, deliver a 'connected' cell back through the circuit. */
   if (connection_edge_is_rendezvous_stream(edge_conn)) {
-    /* rendezvous stream */
     /* don't send an address back! */
     connection_edge_send_command(edge_conn,
                                  RELAY_COMMAND_CONNECTED,
@@ -2903,10 +3380,10 @@ connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit)
     addr_policy_result_t r;
     if (0 == tor_addr_parse(&addr, conn->socks_request->address)) {
       addrp = &addr;
-    } else if (!conn->ipv4_traffic_ok && conn->ipv6_traffic_ok) {
+    } else if (!conn->entry_cfg.ipv4_traffic && conn->entry_cfg.ipv6_traffic) {
       tor_addr_make_null(&addr, AF_INET6);
       addrp = &addr;
-    } else if (conn->ipv4_traffic_ok && !conn->ipv6_traffic_ok) {
+    } else if (conn->entry_cfg.ipv4_traffic && !conn->entry_cfg.ipv6_traffic) {
       tor_addr_make_null(&addr, AF_INET);
       addrp = &addr;
     }
@@ -3012,7 +3489,7 @@ int
 connection_edge_compatible_with_circuit(const entry_connection_t *conn,
                                         const origin_circuit_t *circ)
 {
-  const uint8_t iso = conn->isolation_flags;
+  const uint8_t iso = conn->entry_cfg.isolation_flags;
   const socks_request_t *sr = conn->socks_request;
 
   /* If circ has never been used for an isolated connection, we can
@@ -3061,7 +3538,8 @@ connection_edge_compatible_with_circuit(const entry_connection_t *conn,
   if ((iso & ISO_CLIENTADDR) &&
       !tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
     return 0;
-  if ((iso & ISO_SESSIONGRP) && conn->session_group != circ->session_group)
+  if ((iso & ISO_SESSIONGRP) &&
+      conn->entry_cfg.session_group != circ->session_group)
     return 0;
   if ((iso & ISO_NYM_EPOCH) && conn->nym_epoch != circ->nym_epoch)
     return 0;
@@ -3100,7 +3578,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
     circ->client_proto_type = conn->socks_request->listener_type;
     circ->client_proto_socksver = conn->socks_request->socks_version;
     tor_addr_copy(&circ->client_addr, &ENTRY_TO_CONN(conn)->addr);
-    circ->session_group = conn->session_group;
+    circ->session_group = conn->entry_cfg.session_group;
     circ->nym_epoch = conn->nym_epoch;
     circ->socks_username = sr->username ?
       tor_memdup(sr->username, sr->usernamelen) : NULL;
@@ -3127,7 +3605,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
       mixed |= ISO_CLIENTPROTO;
     if (!tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
       mixed |= ISO_CLIENTADDR;
-    if (conn->session_group != circ->session_group)
+    if (conn->entry_cfg.session_group != circ->session_group)
       mixed |= ISO_SESSIONGRP;
     if (conn->nym_epoch != circ->nym_epoch)
       mixed |= ISO_NYM_EPOCH;
@@ -3135,7 +3613,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
     if (dry_run)
       return mixed;
 
-    if ((mixed & conn->isolation_flags) != 0) {
+    if ((mixed & conn->entry_cfg.isolation_flags) != 0) {
       log_warn(LD_BUG, "Updating a circuit with seemingly incompatible "
                "isolation flags.");
     }
@@ -3189,3 +3667,12 @@ circuit_clear_isolation(origin_circuit_t *circ)
   circ->socks_username_len = circ->socks_password_len = 0;
 }
 
+/** Free all storage held in module-scoped variables for connection_edge.c */
+void
+connection_edge_free_all(void)
+{
+  untried_pending_connections = 0;
+  smartlist_free(pending_entry_connections);
+  pending_entry_connections = NULL;
+}
+
diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h
index 3c0e30a973..5dfc8af901 100644
--- a/src/or/connection_edge.h
+++ b/src/or/connection_edge.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -64,7 +64,20 @@ int connection_edge_is_rendezvous_stream(edge_connection_t *conn);
 int connection_ap_can_use_exit(const entry_connection_t *conn,
                                const node_t *exit);
 void connection_ap_expire_beginning(void);
-void connection_ap_attach_pending(void);
+void connection_ap_rescan_and_attach_pending(void);
+void connection_ap_attach_pending(int retry);
+void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn,
+                                           const char *file, int line);
+#define connection_ap_mark_as_pending_circuit(c) \
+  connection_ap_mark_as_pending_circuit_((c), __FILE__, __LINE__)
+void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn);
+#define CONNECTION_AP_EXPECT_NONPENDING(c) do {                         \
+    if (ENTRY_TO_CONN(c)->state == AP_CONN_STATE_CIRCUIT_WAIT) {        \
+      log_warn(LD_BUG, "At %s:%d: %p was unexpectedly in circuit_wait.", \
+               __FILE__, __LINE__, (c));                                \
+      connection_ap_mark_as_non_pending_circuit(c);                     \
+    }                                                                   \
+  } while (0)
 void connection_ap_fail_onehop(const char *failed_digest,
                                cpath_build_state_t *build_state);
 void circuit_discard_optional_exit_enclaves(extend_info_t *info);
@@ -100,6 +113,12 @@ int connection_edge_update_circuit_isolation(const entry_connection_t *conn,
 void circuit_clear_isolation(origin_circuit_t *circ);
 streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ);
 
+void connection_edge_free_all(void);
+
+void connection_ap_warn_and_unmark_if_pending_circ(
+                                             entry_connection_t *entry_conn,
+                                             const char *where);
+
 /** @name Begin-cell flags
  *
  * These flags are used in RELAY_BEGIN cells to change the default behavior
@@ -143,6 +162,30 @@ STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
 STATIC int connected_cell_format_payload(uint8_t *payload_out,
                                   const tor_addr_t *addr,
                                   uint32_t ttl);
+
+typedef struct {
+  /** Original address, after we lowercased it but before we started
+   * mapping it.
+   */
+  char orig_address[MAX_SOCKS_ADDR_LEN];
+  /** True iff the address has been automatically remapped to a local
+   * address in VirtualAddrNetwork.  (Only set true when we do a resolve
+   * and get a virtual address; not when we connect to the address.) */
+  int automap;
+  /** If this connection has a .exit address, who put it there? */
+  addressmap_entry_source_t exit_source;
+  /** If we've rewritten the address, when does this map expire? */
+  time_t map_expires;
+  /** If we should close the connection, this is the end_reason to pass
+   * to connection_mark_unattached_ap */
+  int end_reason;
+  /** True iff we should close the connection, either because of error or
+   * because of successful early RESOLVED reply. */
+  int should_close;
+} rewrite_result_t;
+
+STATIC void connection_ap_handshake_rewrite(entry_connection_t *conn,
+                                            rewrite_result_t *out);
 #endif
 
 #endif
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 8c8094b440..3892ac02fb 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -30,6 +30,8 @@
 #include "entrynodes.h"
 #include "geoip.h"
 #include "main.h"
+#include "link_handshake.h"
+#include "microdesc.h"
 #include "networkstatus.h"
 #include "nodelist.h"
 #include "reasons.h"
@@ -38,6 +40,8 @@
 #include "router.h"
 #include "routerlist.h"
 #include "ext_orport.h"
+#include "scheduler.h"
+
 #ifdef USE_BUFFEREVENTS
 #include <event2/bufferevent_ssl.h>
 #endif
@@ -487,6 +491,28 @@ var_cell_new(uint16_t payload_len)
   return cell;
 }
 
+/**
+ * Copy a var_cell_t
+ */
+
+var_cell_t *
+var_cell_copy(const var_cell_t *src)
+{
+  var_cell_t *copy = NULL;
+  size_t size = 0;
+
+  if (src != NULL) {
+    size = STRUCT_OFFSET(var_cell_t, payload) + src->payload_len;
+    copy = tor_malloc_zero(size);
+    copy->payload_len = src->payload_len;
+    copy->command = src->command;
+    copy->circ_id = src->circ_id;
+    memcpy(copy->payload, src->payload, copy->payload_len);
+  }
+
+  return copy;
+}
+
 /** Release all space held by <b>cell</b>. */
 void
 var_cell_free(var_cell_t *cell)
@@ -576,48 +602,51 @@ connection_or_process_inbuf(or_connection_t *conn)
   return ret;
 }
 
-/** When adding cells to an OR connection's outbuf, keep adding until the
- * outbuf is at least this long, or we run out of cells. */
-#define OR_CONN_HIGHWATER (32*1024)
-
-/** Add cells to an OR connection's outbuf whenever the outbuf's data length
- * drops below this size. */
-#define OR_CONN_LOWWATER (16*1024)
-
 /** Called whenever we have flushed some data on an or_conn: add more data
  * from active circuits. */
 int
 connection_or_flushed_some(or_connection_t *conn)
 {
-  size_t datalen, temp;
-  ssize_t n, flushed;
-  size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
+  size_t datalen;
+
+  /* The channel will want to update its estimated queue size */
+  channel_update_xmit_queue_size(TLS_CHAN_TO_BASE(conn->chan));
 
   /* If we're under the low water mark, add cells until we're just over the
    * high water mark. */
   datalen = connection_get_outbuf_len(TO_CONN(conn));
   if (datalen < OR_CONN_LOWWATER) {
-    while ((conn->chan) && channel_tls_more_to_flush(conn->chan)) {
-      /* Compute how many more cells we want at most */
-      n = CEIL_DIV(OR_CONN_HIGHWATER - datalen, cell_network_size);
-      /* Bail out if we don't want any more */
-      if (n <= 0) break;
-      /* We're still here; try to flush some more cells */
-      flushed = channel_tls_flush_some_cells(conn->chan, n);
-      /* Bail out if it says it didn't flush anything */
-      if (flushed <= 0) break;
-      /* How much in the outbuf now? */
-      temp = connection_get_outbuf_len(TO_CONN(conn));
-      /* Bail out if we didn't actually increase the outbuf size */
-      if (temp <= datalen) break;
-      /* Update datalen for the next iteration */
-      datalen = temp;
-    }
+    /* Let the scheduler know */
+    scheduler_channel_wants_writes(TLS_CHAN_TO_BASE(conn->chan));
   }
 
   return 0;
 }
 
+/** This is for channeltls.c to ask how many cells we could accept if
+ * they were available. */
+ssize_t
+connection_or_num_cells_writeable(or_connection_t *conn)
+{
+  size_t datalen, cell_network_size;
+  ssize_t n = 0;
+
+  tor_assert(conn);
+
+  /*
+   * If we're under the high water mark, we're potentially
+   * writeable; note this is different from the calculation above
+   * used to trigger when to start writing after we've stopped.
+   */
+  datalen = connection_get_outbuf_len(TO_CONN(conn));
+  if (datalen < OR_CONN_HIGHWATER) {
+    cell_network_size = get_cell_network_size(conn->wide_circ_ids);
+    n = CEIL_DIV(OR_CONN_HIGHWATER - datalen, cell_network_size);
+  }
+
+  return n;
+}
+
 /** Connection <b>conn</b> has finished writing and has no bytes left on
  * its outbuf.
  *
@@ -910,18 +939,11 @@ connection_or_init_conn_from_address(or_connection_t *conn,
     tor_free(conn->base_.address);
     conn->base_.address = tor_dup_addr(&node_ap.addr);
   } else {
-    const char *n;
-    /* If we're an authoritative directory server, we may know a
-     * nickname for this router. */
-    n = dirserv_get_nickname_by_digest(id_digest);
-    if (n) {
-      conn->nickname = tor_strdup(n);
-    } else {
-      conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
-      conn->nickname[0] = '$';
-      base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
-                    conn->identity_digest, DIGEST_LEN);
-    }
+    conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
+    conn->nickname[0] = '$';
+    base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
+                  conn->identity_digest, DIGEST_LEN);
+
     tor_free(conn->base_.address);
     conn->base_.address = tor_dup_addr(addr);
   }
@@ -1153,9 +1175,7 @@ connection_or_notify_error(or_connection_t *conn,
   if (conn->chan) {
     chan = TLS_CHAN_TO_BASE(conn->chan);
     /* Don't transition if we're already in closing, closed or error */
-    if (!(chan->state == CHANNEL_STATE_CLOSING ||
-          chan->state == CHANNEL_STATE_CLOSED ||
-          chan->state == CHANNEL_STATE_ERROR)) {
+    if (!CHANNEL_CONDEMNED(chan)) {
       channel_close_for_error(chan);
     }
   }
@@ -1178,10 +1198,10 @@ connection_or_notify_error(or_connection_t *conn,
  *
  * Return the launched conn, or NULL if it failed.
  */
-or_connection_t *
-connection_or_connect(const tor_addr_t *_addr, uint16_t port,
-                      const char *id_digest,
-                      channel_tls_t *chan)
+
+MOCK_IMPL(or_connection_t *,
+connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
+                        const char *id_digest, channel_tls_t *chan))
 {
   or_connection_t *conn;
   const or_options_t *options = get_options();
@@ -1314,9 +1334,7 @@ connection_or_close_normally(or_connection_t *orconn, int flush)
   if (orconn->chan) {
     chan = TLS_CHAN_TO_BASE(orconn->chan);
     /* Don't transition if we're already in closing, closed or error */
-    if (!(chan->state == CHANNEL_STATE_CLOSING ||
-          chan->state == CHANNEL_STATE_CLOSED ||
-          chan->state == CHANNEL_STATE_ERROR)) {
+    if (!CHANNEL_CONDEMNED(chan)) {
       channel_close_from_lower_layer(chan);
     }
   }
@@ -1326,8 +1344,8 @@ connection_or_close_normally(or_connection_t *orconn, int flush)
  * the error state.
  */
 
-void
-connection_or_close_for_error(or_connection_t *orconn, int flush)
+MOCK_IMPL(void,
+connection_or_close_for_error,(or_connection_t *orconn, int flush))
 {
   channel_t *chan = NULL;
 
@@ -1337,9 +1355,7 @@ connection_or_close_for_error(or_connection_t *orconn, int flush)
   if (orconn->chan) {
     chan = TLS_CHAN_TO_BASE(orconn->chan);
     /* Don't transition if we're already in closing, closed or error */
-    if (!(chan->state == CHANNEL_STATE_CLOSING ||
-          chan->state == CHANNEL_STATE_CLOSED ||
-          chan->state == CHANNEL_STATE_ERROR)) {
+    if (!CHANNEL_CONDEMNED(chan)) {
       channel_close_for_error(chan);
     }
   }
@@ -1459,17 +1475,12 @@ connection_tls_continue_handshake(or_connection_t *conn)
 {
   int result;
   check_no_tls_errors();
- again:
-  if (conn->base_.state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) {
-    // log_notice(LD_OR, "Renegotiate with %p", conn->tls);
-    result = tor_tls_renegotiate(conn->tls);
-    // log_notice(LD_OR, "Result: %d", result);
-  } else {
-    tor_assert(conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING);
-    // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
-    result = tor_tls_handshake(conn->tls);
-    // log_notice(LD_OR, "Result: %d", result);
-  }
+
+  tor_assert(conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING);
+  // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
+  result = tor_tls_handshake(conn->tls);
+  // log_notice(LD_OR, "Result: %d", result);
+
   switch (result) {
     CASE_TOR_TLS_ERROR_ANY:
     log_info(LD_OR,"tls error [%s]. breaking connection.",
@@ -1478,23 +1489,10 @@ connection_tls_continue_handshake(or_connection_t *conn)
     case TOR_TLS_DONE:
       if (! tor_tls_used_v1_handshake(conn->tls)) {
         if (!tor_tls_is_server(conn->tls)) {
-          if (conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING) {
-            if (tor_tls_received_v3_certificate(conn->tls)) {
-              log_info(LD_OR, "Client got a v3 cert!  Moving on to v3 "
-                       "handshake with ciphersuite %s",
-                       tor_tls_get_ciphersuite_name(conn->tls));
-              return connection_or_launch_v3_or_handshake(conn);
-            } else {
-              log_debug(LD_OR, "Done with initial SSL handshake (client-side)."
-                        " Requesting renegotiation.");
-              connection_or_change_state(conn,
-                  OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING);
-              goto again;
-            }
-          }
-          // log_notice(LD_OR,"Done. state was %d.", conn->base_.state);
+          tor_assert(conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING);
+          return connection_or_launch_v3_or_handshake(conn);
         } else {
-          /* v2/v3 handshake, but not a client. */
+          /* v2/v3 handshake, but we are not a client. */
           log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
                            "Expecting renegotiation or VERSIONS cell");
           tor_tls_set_renegotiate_callback(conn->tls,
@@ -1507,6 +1505,7 @@ connection_tls_continue_handshake(or_connection_t *conn)
           return 0;
         }
       }
+      tor_assert(tor_tls_is_server(conn->tls));
       return connection_tls_finish_handshake(conn);
     case TOR_TLS_WANTWRITE:
       connection_start_writing(TO_CONN(conn));
@@ -1542,22 +1541,8 @@ connection_or_handle_event_cb(struct bufferevent *bufev, short event,
     if (! tor_tls_used_v1_handshake(conn->tls)) {
       if (!tor_tls_is_server(conn->tls)) {
         if (conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING) {
-          if (tor_tls_received_v3_certificate(conn->tls)) {
-            log_info(LD_OR, "Client got a v3 cert!");
-            if (connection_or_launch_v3_or_handshake(conn) < 0)
-              connection_or_close_for_error(conn, 0);
-            return;
-          } else {
-            connection_or_change_state(conn,
-                OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING);
-            tor_tls_unblock_renegotiation(conn->tls);
-            if (bufferevent_ssl_renegotiate(conn->base_.bufev)<0) {
-              log_warn(LD_OR, "Start_renegotiating went badly.");
-              connection_or_close_for_error(conn, 0);
-            }
-            tor_tls_unblock_renegotiation(conn->tls);
-            return; /* ???? */
-          }
+          if (connection_or_launch_v3_or_handshake(conn) < 0)
+            connection_or_close_for_error(conn, 0);
         }
       } else {
         const int handshakes = tor_tls_get_num_server_handshakes(conn->tls);
@@ -1621,11 +1606,11 @@ connection_or_nonopen_was_started_here(or_connection_t *conn)
 }
 
 /** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
- * return -1 if he is lying, broken, or otherwise something is wrong.
+ * return -1 if they are lying, broken, or otherwise something is wrong.
  *
  * If we initiated this connection (<b>started_here</b> is true), make sure
  * the other side sent a correctly formed certificate. If I initiated the
- * connection, make sure it's the right guy.
+ * connection, make sure it's the right relay by checking the certificate.
  *
  * Otherwise (if we _didn't_ initiate this connection), it's okay for
  * the certificate to be weird or absent.
@@ -1641,7 +1626,7 @@ connection_or_nonopen_was_started_here(or_connection_t *conn)
  * 1) Set conn->circ_id_type according to tor-spec.txt.
  * 2) If we're an authdirserver and we initiated the connection: drop all
  *    descriptors that claim to be on that IP/port but that aren't
- *    this guy; and note that this guy is reachable.
+ *    this relay; and note that this relay is reachable.
  * 3) If this is a bridge and we didn't configure its identity
  *    fingerprint, remember the keyid we just learned.
  */
@@ -1716,9 +1701,17 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
  * or renegotiation.  For v3 handshakes, this is right after we get a
  * certificate chain in a CERTS cell.
  *
- * If we want any particular ID before, record the one we got.
+ * If we did not know the ID before, record the one we got.
  *
- * If we wanted an ID, but we didn't get it, log a warning and return -1.
+ * If we wanted an ID, but we didn't get the one we expected, log a message
+ * and return -1.
+ * On relays:
+ *  - log a protocol warning whenever the fingerprints don't match;
+ * On clients:
+ *  - if a relay's fingerprint doesn't match, log a warning;
+ *  - if we don't have updated relay fingerprints from a recent consensus, and
+ *    a fallback directory mirror's hard-coded fingerprint has changed, log an
+ *    info explaining that we will try another fallback.
  *
  * If we're testing reachability, remember what we learned.
  *
@@ -1729,7 +1722,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
                                      const uint8_t *peer_id)
 {
   const or_options_t *options = get_options();
-  int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
 
   if (tor_digest_is_zero(conn->identity_digest)) {
     connection_or_set_identity_digest(conn, (const char*)peer_id);
@@ -1754,10 +1746,43 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
     base16_encode(seen, sizeof(seen), (const char*)peer_id, DIGEST_LEN);
     base16_encode(expected, sizeof(expected), conn->identity_digest,
                   DIGEST_LEN);
+    const int using_hardcoded_fingerprints =
+      !networkstatus_get_reasonably_live_consensus(time(NULL),
+                                                   usable_consensus_flavor());
+    const int is_fallback_fingerprint = router_digest_is_fallback_dir(
+                                                   conn->identity_digest);
+    const int is_authority_fingerprint = router_digest_is_trusted_dir(
+                                                   conn->identity_digest);
+    int severity;
+    const char *extra_log = "";
+
+    if (server_mode(options)) {
+      severity = LOG_PROTOCOL_WARN;
+    } else {
+      if (using_hardcoded_fingerprints) {
+        /* We need to do the checks in this order, because the list of
+         * fallbacks includes the list of authorities */
+        if (is_authority_fingerprint) {
+          severity = LOG_WARN;
+        } else if (is_fallback_fingerprint) {
+          /* we expect a small number of fallbacks to change from their
+           * hard-coded fingerprints over the life of a release */
+          severity = LOG_INFO;
+          extra_log = " Tor will try a different fallback.";
+        } else {
+          /* it's a bridge, it's either a misconfiguration, or unexpected */
+          severity = LOG_WARN;
+        }
+      } else {
+        /* a relay has changed its fingerprint from the one in the consensus */
+        severity = LOG_WARN;
+      }
+    }
+
     log_fn(severity, LD_HANDSHAKE,
            "Tried connecting to router at %s:%d, but identity key was not "
-           "as expected: wanted %s but got %s.",
-           conn->base_.address, conn->base_.port, expected, seen);
+           "as expected: wanted %s but got %s.%s",
+           conn->base_.address, conn->base_.port, expected, seen, extra_log);
     entry_guard_register_connect_status(conn->identity_digest, 0, 1,
                                         time(NULL));
     control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED,
@@ -1794,7 +1819,7 @@ connection_or_client_used(or_connection_t *conn)
  *
  * Make sure we are happy with the person we just handshaked with.
  *
- * If he initiated the connection, make sure he's not already connected,
+ * If they initiated the connection, make sure they're not already connected,
  * then initialize conn from the information in router.
  *
  * If all is successful, call circuit_n_conn_done() to handle events
@@ -1809,6 +1834,8 @@ connection_tls_finish_handshake(or_connection_t *conn)
   char digest_rcvd[DIGEST_LEN];
   int started_here = connection_or_nonopen_was_started_here(conn);
 
+  tor_assert(!started_here);
+
   log_debug(LD_HANDSHAKE,"%s tls handshake on %p with %s done, using "
             "ciphersuite %s. verifying.",
             started_here?"outgoing":"incoming",
@@ -1824,20 +1851,17 @@ connection_tls_finish_handshake(or_connection_t *conn)
 
   if (tor_tls_used_v1_handshake(conn->tls)) {
     conn->link_proto = 1;
-    if (!started_here) {
-      connection_or_init_conn_from_address(conn, &conn->base_.addr,
-                                           conn->base_.port, digest_rcvd, 0);
-    }
+    connection_or_init_conn_from_address(conn, &conn->base_.addr,
+                                         conn->base_.port, digest_rcvd, 0);
     tor_tls_block_renegotiation(conn->tls);
+    rep_hist_note_negotiated_link_proto(1, started_here);
     return connection_or_set_state_open(conn);
   } else {
     connection_or_change_state(conn, OR_CONN_STATE_OR_HANDSHAKING_V2);
     if (connection_init_or_handshake_state(conn, started_here) < 0)
       return -1;
-    if (!started_here) {
-      connection_or_init_conn_from_address(conn, &conn->base_.addr,
-                                           conn->base_.port, digest_rcvd, 0);
-    }
+    connection_or_init_conn_from_address(conn, &conn->base_.addr,
+                                         conn->base_.port, digest_rcvd, 0);
     return connection_or_send_versions(conn, 0);
   }
 }
@@ -1852,7 +1876,6 @@ static int
 connection_or_launch_v3_or_handshake(or_connection_t *conn)
 {
   tor_assert(connection_or_nonopen_was_started_here(conn));
-  tor_assert(tor_tls_received_v3_certificate(conn->tls));
 
   circuit_build_times_network_is_live(get_circuit_build_times_mutable());
 
@@ -1888,8 +1911,8 @@ or_handshake_state_free(or_handshake_state_t *state)
     return;
   crypto_digest_free(state->digest_sent);
   crypto_digest_free(state->digest_received);
-  tor_cert_free(state->auth_cert);
-  tor_cert_free(state->id_cert);
+  tor_x509_cert_free(state->auth_cert);
+  tor_x509_cert_free(state->id_cert);
   memwipe(state, 0xBE, sizeof(or_handshake_state_t));
   tor_free(state);
 }
@@ -2022,9 +2045,9 @@ connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
  * <b>conn</b>'s outbuf.  Right now, this <em>DOES NOT</em> support cells that
  * affect a circuit.
  */
-void
-connection_or_write_var_cell_to_buf(const var_cell_t *cell,
-                                    or_connection_t *conn)
+MOCK_IMPL(void,
+connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
+                                     or_connection_t *conn))
 {
   int n;
   char hdr[VAR_CELL_MAX_HEADER_SIZE];
@@ -2068,6 +2091,19 @@ connection_or_process_cells_from_inbuf(or_connection_t *conn)
 {
   var_cell_t *var_cell;
 
+  /*
+   * Note on memory management for incoming cells: below the channel layer,
+   * we shouldn't need to consider its internal queueing/copying logic.  It
+   * is safe to pass cells to it on the stack or on the heap, but in the
+   * latter case we must be sure we free them later.
+   *
+   * The incoming cell queue code in channel.c will (in the common case)
+   * decide it can pass them to the upper layer immediately, in which case
+   * those functions may run directly on the cell pointers we pass here, or
+   * it may decide to queue them, in which case it will allocate its own
+   * buffer and copy the cell.
+   */
+
   while (1) {
     log_debug(LD_OR,
               TOR_SOCKET_T_FORMAT": starting, inbuf_datalen %d "
@@ -2167,8 +2203,8 @@ connection_or_send_versions(or_connection_t *conn, int v3_plus)
 
 /** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
  * about their address, our address, and the current time. */
-int
-connection_or_send_netinfo(or_connection_t *conn)
+MOCK_IMPL(int,
+connection_or_send_netinfo,(or_connection_t *conn))
 {
   cell_t cell;
   time_t now = time(NULL);
@@ -2237,7 +2273,7 @@ connection_or_send_netinfo(or_connection_t *conn)
 int
 connection_or_send_certs_cell(or_connection_t *conn)
 {
-  const tor_cert_t *link_cert = NULL, *id_cert = NULL;
+  const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;
   const uint8_t *link_encoded = NULL, *id_encoded = NULL;
   size_t link_len, id_len;
   var_cell_t *cell;
@@ -2252,8 +2288,8 @@ connection_or_send_certs_cell(or_connection_t *conn)
   server_mode = ! conn->handshake_state->started_here;
   if (tor_tls_get_my_certs(server_mode, &link_cert, &id_cert) < 0)
     return -1;
-  tor_cert_get_der(link_cert, &link_encoded, &link_len);
-  tor_cert_get_der(id_cert, &id_encoded, &id_len);
+  tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
+  tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
 
   cell_len = 1 /* 1 byte: num certs in cell */ +
              2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
@@ -2289,28 +2325,36 @@ connection_or_send_certs_cell(or_connection_t *conn)
 int
 connection_or_send_auth_challenge_cell(or_connection_t *conn)
 {
-  var_cell_t *cell;
-  uint8_t *cp;
-  uint8_t challenge[OR_AUTH_CHALLENGE_LEN];
+  var_cell_t *cell = NULL;
+  int r = -1;
   tor_assert(conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3);
 
   if (! conn->handshake_state)
     return -1;
 
-  if (crypto_rand((char*)challenge, OR_AUTH_CHALLENGE_LEN) < 0)
-    return -1;
-  cell = var_cell_new(OR_AUTH_CHALLENGE_LEN + 4);
+  auth_challenge_cell_t *ac = auth_challenge_cell_new();
+
+  crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
+
+  auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
+  auth_challenge_cell_set_n_methods(ac,
+                                    auth_challenge_cell_getlen_methods(ac));
+
+  cell = var_cell_new(auth_challenge_cell_encoded_len(ac));
+  ssize_t len = auth_challenge_cell_encode(cell->payload, cell->payload_len,
+                                           ac);
+  if (len != cell->payload_len)
+    goto done;
   cell->command = CELL_AUTH_CHALLENGE;
-  memcpy(cell->payload, challenge, OR_AUTH_CHALLENGE_LEN);
-  cp = cell->payload + OR_AUTH_CHALLENGE_LEN;
-  set_uint16(cp, htons(1)); /* We recognize one authentication type. */
-  set_uint16(cp+2, htons(AUTHTYPE_RSA_SHA256_TLSSECRET));
 
   connection_or_write_var_cell_to_buf(cell, conn);
+  r = 0;
+
+ done:
   var_cell_free(cell);
-  memwipe(challenge, 0, sizeof(challenge));
+  auth_challenge_cell_free(ac);
 
-  return 0;
+  return r;
 }
 
 /** Compute the main body of an AUTHENTICATE cell that a client can use
@@ -2337,28 +2381,28 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                              crypto_pk_t *signing_key,
                                              int server)
 {
-  uint8_t *ptr;
+  auth1_t *auth = NULL;
+  auth_ctx_t *ctx = auth_ctx_new();
+  int result;
 
   /* assert state is reasonable XXXX */
 
-  if (outlen < V3_AUTH_FIXED_PART_LEN ||
-      (!server && outlen < V3_AUTH_BODY_LEN))
-    return -1;
+  ctx->is_ed = 0;
 
-  ptr = out;
+  auth = auth1_new();
 
   /* Type: 8 bytes. */
-  memcpy(ptr, "AUTH0001", 8);
-  ptr += 8;
+  memcpy(auth1_getarray_type(auth), "AUTH0001", 8);
 
   {
-    const tor_cert_t *id_cert=NULL, *link_cert=NULL;
-    const digests_t *my_digests, *their_digests;
+    const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
+    const common_digests_t *my_digests, *their_digests;
     const uint8_t *my_id, *their_id, *client_id, *server_id;
     if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
-      return -1;
-    my_digests = tor_cert_get_id_digests(id_cert);
-    their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);
+      goto err;
+    my_digests = tor_x509_cert_get_id_digests(id_cert);
+    their_digests =
+      tor_x509_cert_get_id_digests(conn->handshake_state->id_cert);
     tor_assert(my_digests);
     tor_assert(their_digests);
     my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
@@ -2368,12 +2412,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     server_id = server ? my_id : their_id;
 
     /* Client ID digest: 32 octets. */
-    memcpy(ptr, client_id, 32);
-    ptr += 32;
+    memcpy(auth->cid, client_id, 32);
 
     /* Server ID digest: 32 octets. */
-    memcpy(ptr, server_id, 32);
-    ptr += 32;
+    memcpy(auth->sid, server_id, 32);
   }
 
   {
@@ -2387,73 +2429,101 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     }
 
     /* Server log digest : 32 octets */
-    crypto_digest_get_digest(server_d, (char*)ptr, 32);
-    ptr += 32;
+    crypto_digest_get_digest(server_d, (char*)auth->slog, 32);
 
     /* Client log digest : 32 octets */
-    crypto_digest_get_digest(client_d, (char*)ptr, 32);
-    ptr += 32;
+    crypto_digest_get_digest(client_d, (char*)auth->clog, 32);
   }
 
   {
     /* Digest of cert used on TLS link : 32 octets. */
-    const tor_cert_t *cert = NULL;
-    tor_cert_t *freecert = NULL;
+    const tor_x509_cert_t *cert = NULL;
+    tor_x509_cert_t *freecert = NULL;
     if (server) {
       tor_tls_get_my_certs(1, &cert, NULL);
     } else {
       freecert = tor_tls_get_peer_cert(conn->tls);
       cert = freecert;
     }
-    if (!cert)
-      return -1;
-    memcpy(ptr, tor_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
+    if (!cert) {
+      log_warn(LD_OR, "Unable to find cert when making AUTH1 data.");
+      goto err;
+    }
+
+    memcpy(auth->scert,
+           tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
 
     if (freecert)
-      tor_cert_free(freecert);
-    ptr += 32;
+      tor_x509_cert_free(freecert);
   }
 
   /* HMAC of clientrandom and serverrandom using master key : 32 octets */
-  tor_tls_get_tlssecrets(conn->tls, ptr);
-  ptr += 32;
-
-  tor_assert(ptr - out == V3_AUTH_FIXED_PART_LEN);
-
-  if (server)
-    return V3_AUTH_FIXED_PART_LEN; // ptr-out
+  tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets);
 
   /* 8 octets were reserved for the current time, but we're trying to get out
    * of the habit of sending time around willynilly.  Fortunately, nothing
    * checks it.  That's followed by 16 bytes of nonce. */
-  crypto_rand((char*)ptr, 24);
-  ptr += 24;
+  crypto_rand((char*)auth->rand, 24);
+
+  ssize_t len;
+  if ((len = auth1_encode(out, outlen, auth, ctx)) < 0) {
+    log_warn(LD_OR, "Unable to encode signed part of AUTH1 data.");
+    goto err;
+  }
 
-  tor_assert(ptr - out == V3_AUTH_BODY_LEN);
+  if (server) {
+    auth1_t *tmp = NULL;
+    ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
+    if (!tmp) {
+      log_warn(LD_OR, "Unable to parse signed part of AUTH1 data.");
+      goto err;
+    }
+    result = (int) (tmp->end_of_fixed_part - out);
+    auth1_free(tmp);
+    if (len2 != len) {
+      log_warn(LD_OR, "Mismatched length when re-parsing AUTH1 data.");
+      goto err;
+    }
+    goto done;
+  }
 
-  if (!signing_key)
-    return V3_AUTH_BODY_LEN; // ptr - out
+  if (signing_key) {
+    auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));
 
-  {
-    int siglen;
     char d[32];
-    crypto_digest256(d, (char*)out, ptr-out, DIGEST_SHA256);
-    siglen = crypto_pk_private_sign(signing_key,
-                                    (char*)ptr, outlen - (ptr-out),
+    crypto_digest256(d, (char*)out, len, DIGEST_SHA256);
+    int siglen = crypto_pk_private_sign(signing_key,
+                                    (char*)auth1_getarray_sig(auth),
+                                    auth1_getlen_sig(auth),
                                     d, 32);
-    if (siglen < 0)
-      return -1;
+    if (siglen < 0) {
+      log_warn(LD_OR, "Unable to sign AUTH1 data.");
+      goto err;
+    }
 
-    ptr += siglen;
-    tor_assert(ptr <= out+outlen);
-    return (int)(ptr - out);
+    auth1_setlen_sig(auth, siglen);
+
+    len = auth1_encode(out, outlen, auth, ctx);
+    if (len < 0) {
+      log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
+      goto err;
+    }
   }
+  result = (int) len;
+  goto done;
+
+ err:
+  result = -1;
+ done:
+  auth1_free(auth);
+  auth_ctx_free(ctx);
+  return result;
 }
 
 /** Send an AUTHENTICATE cell on the connection <b>conn</b>.  Return 0 on
  * success, -1 on failure */
-int
-connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
+MOCK_IMPL(int,
+connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
 {
   var_cell_t *cell;
   crypto_pk_t *pk = tor_tls_get_my_client_auth_key();
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 143540edd9..e2ec47a4f2 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -24,6 +24,7 @@ void connection_or_set_bad_connections(const char *digest, int force);
 void connection_or_block_renegotiation(or_connection_t *conn);
 int connection_or_reached_eof(or_connection_t *conn);
 int connection_or_process_inbuf(or_connection_t *conn);
+ssize_t connection_or_num_cells_writeable(or_connection_t *conn);
 int connection_or_flushed_some(or_connection_t *conn);
 int connection_or_finished_flushing(or_connection_t *conn);
 int connection_or_finished_connecting(or_connection_t *conn);
@@ -36,12 +37,14 @@ void connection_or_connect_failed(or_connection_t *conn,
                                   int reason, const char *msg);
 void connection_or_notify_error(or_connection_t *conn,
                                 int reason, const char *msg);
-or_connection_t *connection_or_connect(const tor_addr_t *addr, uint16_t port,
-                                       const char *id_digest,
-                                       channel_tls_t *chan);
+MOCK_DECL(or_connection_t *,
+          connection_or_connect,
+          (const tor_addr_t *addr, uint16_t port,
+           const char *id_digest, channel_tls_t *chan));
 
 void connection_or_close_normally(or_connection_t *orconn, int flush);
-void connection_or_close_for_error(or_connection_t *orconn, int flush);
+MOCK_DECL(void,connection_or_close_for_error,
+          (or_connection_t *orconn, int flush));
 
 void connection_or_report_broken_states(int severity, int domain);
 
@@ -75,17 +78,18 @@ void or_handshake_state_record_var_cell(or_connection_t *conn,
 int connection_or_set_state_open(or_connection_t *conn);
 void connection_or_write_cell_to_buf(const cell_t *cell,
                                      or_connection_t *conn);
-void connection_or_write_var_cell_to_buf(const var_cell_t *cell,
-                                         or_connection_t *conn);
+MOCK_DECL(void,connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
+                                                   or_connection_t *conn));
 int connection_or_send_versions(or_connection_t *conn, int v3_plus);
-int connection_or_send_netinfo(or_connection_t *conn);
+MOCK_DECL(int,connection_or_send_netinfo,(or_connection_t *conn));
 int connection_or_send_certs_cell(or_connection_t *conn);
 int connection_or_send_auth_challenge_cell(or_connection_t *conn);
 int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                                  uint8_t *out, size_t outlen,
                                                  crypto_pk_t *signing_key,
                                                  int server);
-int connection_or_send_authenticate_cell(or_connection_t *conn, int type);
+MOCK_DECL(int,connection_or_send_authenticate_cell,
+          (or_connection_t *conn, int type));
 
 int is_or_protocol_version_known(uint16_t version);
 
@@ -93,9 +97,10 @@ void cell_pack(packed_cell_t *dest, const cell_t *src, int wide_circ_ids);
 int var_cell_pack_header(const var_cell_t *cell, char *hdr_out,
                          int wide_circ_ids);
 var_cell_t *var_cell_new(uint16_t payload_len);
+var_cell_t *var_cell_copy(const var_cell_t *src);
 void var_cell_free(var_cell_t *cell);
 
-/** DOCDOC */
+/* DOCDOC */
 #define MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS 4
 
 #endif
diff --git a/src/or/control.c b/src/or/control.c
index 2ff1cc8442..e2ad8cc6dc 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -20,6 +20,7 @@
 #include "circuitstats.h"
 #include "circuituse.h"
 #include "command.h"
+#include "compat_libevent.h"
 #include "config.h"
 #include "confparse.h"
 #include "connection.h"
@@ -37,6 +38,9 @@
 #include "nodelist.h"
 #include "policies.h"
 #include "reasons.h"
+#include "rendclient.h"
+#include "rendcommon.h"
+#include "rendservice.h"
 #include "rephist.h"
 #include "router.h"
 #include "routerlist.h"
@@ -47,6 +51,13 @@
 #include <sys/resource.h>
 #endif
 
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#else
+#include <event.h>
+#endif
+
+#include "crypto_s2k.h"
 #include "procmon.h"
 
 /** Yield true iff <b>s</b> is the state of a control_connection_t that has
@@ -71,7 +82,7 @@ static int disable_log_messages = 0;
 /** Macro: true if any control connection is interested in events of type
  * <b>e</b>. */
 #define EVENT_IS_INTERESTING(e) \
-  (!! (global_event_mask & (((uint64_t)1)<<(e))))
+  (!! (global_event_mask & EVENT_MASK_(e)))
 
 /** If we're using cookie-type authentication, how long should our cookies be?
  */
@@ -91,6 +102,11 @@ static uint8_t *authentication_cookie = NULL;
   "Tor safe cookie authentication controller-to-server hash"
 #define SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN
 
+/** The list of onion services that have been added via ADD_ONION that do not
+ * belong to any particular control connection.
+ */
+static smartlist_t *detached_onion_services = NULL;
+
 /** A sufficiently large size to record the last bootstrap phase string. */
 #define BOOTSTRAP_MSG_LEN 1024
 
@@ -101,17 +117,17 @@ static char last_sent_bootstrap_message[BOOTSTRAP_MSG_LEN];
 static void connection_printf_to_buf(control_connection_t *conn,
                                      const char *format, ...)
   CHECK_PRINTF(2,3);
-static void send_control_event_impl(uint16_t event, event_format_t which,
+static void send_control_event_impl(uint16_t event,
                                     const char *format, va_list ap)
-  CHECK_PRINTF(3,0);
+  CHECK_PRINTF(2,0);
 static int control_event_status(int type, int severity, const char *format,
                                 va_list args)
   CHECK_PRINTF(3,0);
 
 static void send_control_done(control_connection_t *conn);
-static void send_control_event(uint16_t event, event_format_t which,
+static void send_control_event(uint16_t event,
                                const char *format, ...)
-  CHECK_PRINTF(3,4);
+  CHECK_PRINTF(2,3);
 static int handle_control_setconf(control_connection_t *conn, uint32_t len,
                                   char *body);
 static int handle_control_resetconf(control_connection_t *conn, uint32_t len,
@@ -156,14 +172,27 @@ static int handle_control_resolve(control_connection_t *conn, uint32_t len,
 static int handle_control_usefeature(control_connection_t *conn,
                                      uint32_t len,
                                      const char *body);
+static int handle_control_hsfetch(control_connection_t *conn, uint32_t len,
+                                  const char *body);
+static int handle_control_hspost(control_connection_t *conn, uint32_t len,
+                                 const char *body);
+static int handle_control_add_onion(control_connection_t *conn, uint32_t len,
+                                    const char *body);
+static int handle_control_del_onion(control_connection_t *conn, uint32_t len,
+                                    const char *body);
 static int write_stream_target_to_buf(entry_connection_t *conn, char *buf,
                                       size_t len);
 static void orconn_target_get_name(char *buf, size_t len,
                                    or_connection_t *conn);
 
+static int get_cached_network_liveness(void);
+static void set_cached_network_liveness(int liveness);
+
+static void flush_queued_events_cb(evutil_socket_t fd, short what, void *arg);
+
 /** Given a control event code for a message event, return the corresponding
  * log severity. */
-static INLINE int
+static inline int
 event_to_log_severity(int event)
 {
   switch (event) {
@@ -177,7 +206,7 @@ event_to_log_severity(int event)
 }
 
 /** Given a log severity, return the corresponding control event code. */
-static INLINE int
+static inline int
 log_severity_to_event(int severity)
 {
   switch (severity) {
@@ -194,14 +223,14 @@ log_severity_to_event(int severity)
 static void
 clear_circ_bw_fields(void)
 {
-  circuit_t *circ;
   origin_circuit_t *ocirc;
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (!CIRCUIT_IS_ORIGIN(circ))
       continue;
     ocirc = TO_ORIGIN_CIRCUIT(circ);
     ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
   }
+  SMARTLIST_FOREACH_END(circ);
 }
 
 /** Set <b>global_event_mask*</b> to the bitwise OR of each live control
@@ -296,7 +325,7 @@ control_event_is_interesting(int event)
 /** Append a NUL-terminated string <b>s</b> to the end of
  * <b>conn</b>-\>outbuf.
  */
-static INLINE void
+static inline void
 connection_write_str_to_buf(const char *s, control_connection_t *conn)
 {
   size_t len = strlen(s);
@@ -399,7 +428,7 @@ read_escaped_data(const char *data, size_t len, char **out)
 /** If the first <b>in_len_max</b> characters in <b>start</b> contain a
  * double-quoted string with escaped characters, return the length of that
  * string (as encoded, including quotes).  Otherwise return -1. */
-static INLINE int
+static inline int
 get_escaped_string_length(const char *start, size_t in_len_max,
                           int *chars_out)
 {
@@ -558,46 +587,217 @@ send_control_done(control_connection_t *conn)
   connection_write_str_to_buf("250 OK\r\n", conn);
 }
 
-/** Send an event to all v1 controllers that are listening for code
- * <b>event</b>.  The event's body is given by <b>msg</b>.
+/** Represents an event that's queued to be sent to one or more
+ * controllers. */
+typedef struct queued_event_s {
+  uint16_t event;
+  char *msg;
+} queued_event_t;
+
+/** Pointer to int. If this is greater than 0, we don't allow new events to be
+ * queued. */
+static tor_threadlocal_t block_event_queue;
+
+/** Holds a smartlist of queued_event_t objects that may need to be sent
+ * to one or more controllers */
+static smartlist_t *queued_control_events = NULL;
+
+/** True if the flush_queued_events_event is pending. */
+static int flush_queued_event_pending = 0;
+
+/** Lock to protect the above fields. */
+static tor_mutex_t *queued_control_events_lock = NULL;
+
+/** An event that should fire in order to flush the contents of
+ * queued_control_events. */
+static struct event *flush_queued_events_event = NULL;
+
+void
+control_initialize_event_queue(void)
+{
+  if (queued_control_events == NULL) {
+    queued_control_events = smartlist_new();
+  }
+
+  if (flush_queued_events_event == NULL) {
+    struct event_base *b = tor_libevent_get_base();
+    if (b) {
+      flush_queued_events_event = tor_event_new(b,
+                                              -1, 0, flush_queued_events_cb,
+                                              NULL);
+      tor_assert(flush_queued_events_event);
+    }
+  }
+
+  if (queued_control_events_lock == NULL) {
+    queued_control_events_lock = tor_mutex_new();
+    tor_threadlocal_init(&block_event_queue);
+  }
+}
+
+static int *
+get_block_event_queue(void)
+{
+  int *val = tor_threadlocal_get(&block_event_queue);
+  if (PREDICT_UNLIKELY(val == NULL)) {
+    val = tor_malloc_zero(sizeof(int));
+    tor_threadlocal_set(&block_event_queue, val);
+  }
+  return val;
+}
+
+/** Helper: inserts an event on the list of events queued to be sent to
+ * one or more controllers, and schedules the events to be flushed if needed.
  *
- * If <b>which</b> & SHORT_NAMES, the event contains short-format names: send
- * it to controllers that haven't enabled the VERBOSE_NAMES feature.  If
- * <b>which</b> & LONG_NAMES, the event contains long-format names: send it
- * to controllers that <em>have</em> enabled VERBOSE_NAMES.
+ * This function takes ownership of <b>msg</b>, and may free it.
  *
- * The EXTENDED_FORMAT and NONEXTENDED_FORMAT flags behave similarly with
- * respect to the EXTENDED_EVENTS feature. */
+ * We queue these events rather than send them immediately in order to break
+ * the dependency in our callgraph from code that generates events for the
+ * controller, and the network layer at large.  Otherwise, nearly every
+ * interesting part of Tor would potentially call every other interesting part
+ * of Tor.
+ */
 MOCK_IMPL(STATIC void,
-send_control_event_string,(uint16_t event, event_format_t which,
-                           const char *msg))
+queue_control_event_string,(uint16_t event, char *msg))
 {
-  smartlist_t *conns = get_connection_array();
-  (void)which;
-  tor_assert(event >= EVENT_MIN_ && event <= EVENT_MAX_);
+  /* This is redundant with checks done elsewhere, but it's a last-ditch
+   * attempt to avoid queueing something we shouldn't have to queue. */
+  if (PREDICT_UNLIKELY( ! EVENT_IS_INTERESTING(event) )) {
+    tor_free(msg);
+    return;
+  }
+
+  int *block_event_queue = get_block_event_queue();
+  if (*block_event_queue) {
+    tor_free(msg);
+    return;
+  }
+
+  queued_event_t *ev = tor_malloc(sizeof(*ev));
+  ev->event = event;
+  ev->msg = msg;
+
+  /* No queueing an event while queueing an event */
+  ++*block_event_queue;
+
+  tor_mutex_acquire(queued_control_events_lock);
+  tor_assert(queued_control_events);
+  smartlist_add(queued_control_events, ev);
+
+  int activate_event = 0;
+  if (! flush_queued_event_pending && in_main_thread()) {
+    activate_event = 1;
+    flush_queued_event_pending = 1;
+  }
+
+  tor_mutex_release(queued_control_events_lock);
+
+  --*block_event_queue;
+
+  /* We just put an event on the queue; mark the queue to be
+   * flushed.  We only do this from the main thread for now; otherwise,
+   * we'd need to incur locking overhead in Libevent or use a socket.
+   */
+  if (activate_event) {
+    tor_assert(flush_queued_events_event);
+    event_active(flush_queued_events_event, EV_READ, 1);
+  }
+}
+
+/** Release all storage held by <b>ev</b>. */
+static void
+queued_event_free(queued_event_t *ev)
+{
+  if (ev == NULL)
+    return;
+
+  tor_free(ev->msg);
+  tor_free(ev);
+}
 
-  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
+/** Send every queued event to every controller that's interested in it,
+ * and remove the events from the queue.  If <b>force</b> is true,
+ * then make all controllers send their data out immediately, since we
+ * may be about to shut down. */
+static void
+queued_events_flush_all(int force)
+{
+  if (PREDICT_UNLIKELY(queued_control_events == NULL)) {
+    return;
+  }
+  smartlist_t *all_conns = get_connection_array();
+  smartlist_t *controllers = smartlist_new();
+  smartlist_t *queued_events;
+
+  int *block_event_queue = get_block_event_queue();
+  ++*block_event_queue;
+
+  tor_mutex_acquire(queued_control_events_lock);
+  /* No queueing an event while flushing events. */
+  flush_queued_event_pending = 0;
+  queued_events = queued_control_events;
+  queued_control_events = smartlist_new();
+  tor_mutex_release(queued_control_events_lock);
+
+  /* Gather all the controllers that will care... */
+  SMARTLIST_FOREACH_BEGIN(all_conns, connection_t *, conn) {
     if (conn->type == CONN_TYPE_CONTROL &&
         !conn->marked_for_close &&
         conn->state == CONTROL_CONN_STATE_OPEN) {
       control_connection_t *control_conn = TO_CONTROL_CONN(conn);
 
-      if (control_conn->event_mask & (((event_mask_t)1)<<event)) {
-        int is_err = 0;
-        connection_write_to_buf(msg, strlen(msg), TO_CONN(control_conn));
-        if (event == EVENT_ERR_MSG)
-          is_err = 1;
-        else if (event == EVENT_STATUS_GENERAL)
-          is_err = !strcmpstart(msg, "STATUS_GENERAL ERR ");
-        else if (event == EVENT_STATUS_CLIENT)
-          is_err = !strcmpstart(msg, "STATUS_CLIENT ERR ");
-        else if (event == EVENT_STATUS_SERVER)
-          is_err = !strcmpstart(msg, "STATUS_SERVER ERR ");
-        if (is_err)
-          connection_flush(TO_CONN(control_conn));
-      }
+      smartlist_add(controllers, control_conn);
     }
   } SMARTLIST_FOREACH_END(conn);
+
+  SMARTLIST_FOREACH_BEGIN(queued_events, queued_event_t *, ev) {
+    const event_mask_t bit = ((event_mask_t)1) << ev->event;
+    const size_t msg_len = strlen(ev->msg);
+    SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
+                            control_conn) {
+      if (control_conn->event_mask & bit) {
+        connection_write_to_buf(ev->msg, msg_len, TO_CONN(control_conn));
+      }
+    } SMARTLIST_FOREACH_END(control_conn);
+
+    queued_event_free(ev);
+  } SMARTLIST_FOREACH_END(ev);
+
+  if (force) {
+    SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
+                            control_conn) {
+      connection_flush(TO_CONN(control_conn));
+    } SMARTLIST_FOREACH_END(control_conn);
+  }
+
+  smartlist_free(queued_events);
+  smartlist_free(controllers);
+
+  --*block_event_queue;
+}
+
+/** Libevent callback: Flushes pending events to controllers that are
+ * interested in them */
+static void
+flush_queued_events_cb(evutil_socket_t fd, short what, void *arg)
+{
+  (void) fd;
+  (void) what;
+  (void) arg;
+  queued_events_flush_all(0);
+}
+
+/** Send an event to all v1 controllers that are listening for code
+ * <b>event</b>.  The event's body is given by <b>msg</b>.
+ *
+ * The EXTENDED_FORMAT and NONEXTENDED_FORMAT flags behave similarly with
+ * respect to the EXTENDED_EVENTS feature. */
+MOCK_IMPL(STATIC void,
+send_control_event_string,(uint16_t event,
+                           const char *msg))
+{
+  tor_assert(event >= EVENT_MIN_ && event <= EVENT_MAX_);
+  queue_control_event_string(event, tor_strdup(msg));
 }
 
 /** Helper for send_control_event and control_event_status:
@@ -605,8 +805,8 @@ send_control_event_string,(uint16_t event, event_format_t which,
  * <b>event</b>.  The event's body is created by the printf-style format in
  * <b>format</b>, and other arguments as provided. */
 static void
-send_control_event_impl(uint16_t event, event_format_t which,
-                         const char *format, va_list ap)
+send_control_event_impl(uint16_t event,
+                        const char *format, va_list ap)
 {
   char *buf = NULL;
   int len;
@@ -617,21 +817,19 @@ send_control_event_impl(uint16_t event, event_format_t which,
     return;
   }
 
-  send_control_event_string(event, which|ALL_FORMATS, buf);
-
-  tor_free(buf);
+  queue_control_event_string(event, buf);
 }
 
 /** Send an event to all v1 controllers that are listening for code
  * <b>event</b>.  The event's body is created by the printf-style format in
  * <b>format</b>, and other arguments as provided. */
 static void
-send_control_event(uint16_t event, event_format_t which,
+send_control_event(uint16_t event,
                    const char *format, ...)
 {
   va_list ap;
   va_start(ap, format);
-  send_control_event_impl(event, which, format, ap);
+  send_control_event_impl(event, format, ap);
   va_end(ap);
 }
 
@@ -932,7 +1130,7 @@ static const struct control_event_t control_event_table[] = {
   { EVENT_CLIENTS_SEEN, "CLIENTS_SEEN" },
   { EVENT_NEWCONSENSUS, "NEWCONSENSUS" },
   { EVENT_BUILDTIMEOUT_SET, "BUILDTIMEOUT_SET" },
-  { EVENT_SIGNAL, "SIGNAL" },
+  { EVENT_GOT_SIGNAL, "SIGNAL" },
   { EVENT_CONF_CHANGED, "CONF_CHANGED"},
   { EVENT_CONN_BW, "CONN_BW" },
   { EVENT_CELL_STATS, "CELL_STATS" },
@@ -940,6 +1138,8 @@ static const struct control_event_t control_event_table[] = {
   { EVENT_CIRC_BANDWIDTH_USED, "CIRC_BW" },
   { EVENT_TRANSPORT_LAUNCHED, "TRANSPORT_LAUNCHED" },
   { EVENT_HS_DESC, "HS_DESC" },
+  { EVENT_HS_DESC_CONTENT, "HS_DESC_CONTENT" },
+  { EVENT_NETWORK_LIVENESS, "NETWORK_LIVENESS" },
   { 0, NULL },
 };
 
@@ -949,7 +1149,7 @@ static int
 handle_control_setevents(control_connection_t *conn, uint32_t len,
                          const char *body)
 {
-  int event_code = -1;
+  int event_code;
   event_mask_t event_mask = 0;
   smartlist_t *events = smartlist_new();
 
@@ -963,6 +1163,8 @@ handle_control_setevents(control_connection_t *conn, uint32_t len,
         continue;
       } else {
         int i;
+        event_code = -1;
+
         for (i = 0; control_event_table[i].event_name != NULL; ++i) {
           if (!strcasecmp(ev, control_event_table[i].event_name)) {
             event_code = control_event_table[i].event_code;
@@ -993,7 +1195,8 @@ handle_control_setevents(control_connection_t *conn, uint32_t len,
 
 /** Decode the hashed, base64'd passwords stored in <b>passwords</b>.
  * Return a smartlist of acceptable passwords (unterminated strings of
- * length S2K_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure.
+ * length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on
+ * failure.
  */
 smartlist_t *
 decode_hashed_passwords(config_line_t *passwords)
@@ -1009,16 +1212,17 @@ decode_hashed_passwords(config_line_t *passwords)
 
     if (!strcmpstart(hashed, "16:")) {
       if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))<0
-          || strlen(hashed+3) != (S2K_SPECIFIER_LEN+DIGEST_LEN)*2) {
+          || strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) {
         goto err;
       }
     } else {
         if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed))
-            != S2K_SPECIFIER_LEN+DIGEST_LEN) {
+            != S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) {
           goto err;
         }
     }
-    smartlist_add(sl, tor_memdup(decoded, S2K_SPECIFIER_LEN+DIGEST_LEN));
+    smartlist_add(sl,
+                  tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN));
   }
 
   return sl;
@@ -1039,7 +1243,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
 {
   int used_quoted_string = 0;
   const or_options_t *options = get_options();
-  const char *errstr = NULL;
+  const char *errstr = "Unknown error";
   char *password;
   size_t password_len;
   const char *cp;
@@ -1160,22 +1364,27 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
     }
     if (bad) {
       if (!also_cookie) {
-        log_warn(LD_CONTROL,
+        log_warn(LD_BUG,
                  "Couldn't decode HashedControlPassword: invalid base16");
         errstr="Couldn't decode HashedControlPassword value in configuration.";
+        goto err;
       }
       bad_password = 1;
       SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
       smartlist_free(sl);
+      sl = NULL;
     } else {
       SMARTLIST_FOREACH(sl, char *, expected,
       {
-        secret_to_key(received,DIGEST_LEN,password,password_len,expected);
-        if (tor_memeq(expected+S2K_SPECIFIER_LEN, received, DIGEST_LEN))
+        secret_to_key_rfc2440(received,DIGEST_LEN,
+                              password,password_len,expected);
+        if (tor_memeq(expected + S2K_RFC2440_SPECIFIER_LEN,
+                      received, DIGEST_LEN))
           goto ok;
       });
       SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
       smartlist_free(sl);
+      sl = NULL;
 
       if (used_quoted_string)
         errstr = "Password did not match HashedControlPassword value from "
@@ -1198,9 +1407,12 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
 
  err:
   tor_free(password);
-  connection_printf_to_buf(conn, "515 Authentication failed: %s\r\n",
-                           errstr ? errstr : "Unknown reason.");
+  connection_printf_to_buf(conn, "515 Authentication failed: %s\r\n", errstr);
   connection_mark_for_close(TO_CONN(conn));
+  if (sl) { /* clean up */
+    SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
+    smartlist_free(sl);
+  }
   return 0;
  ok:
   log_info(LD_CONTROL, "Authenticated control connection ("TOR_SOCKET_T_FORMAT
@@ -1250,6 +1462,7 @@ static const struct signal_t signal_table[] = {
   { SIGTERM, "INT" },
   { SIGNEWNYM, "NEWNYM" },
   { SIGCLEARDNSCACHE, "CLEARDNSCACHE"},
+  { SIGHEARTBEAT, "HEARTBEAT"},
   { 0, NULL },
 };
 
@@ -1290,7 +1503,7 @@ handle_control_signal(control_connection_t *conn, uint32_t len,
   if (sig == SIGTERM || sig == SIGINT)
     connection_flush(TO_CONN(conn));
 
-  process_signal(sig);
+  activate_signal(sig);
 
   return 0;
 }
@@ -1427,9 +1640,13 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
   } else if (!strcmp(question, "bw-event-cache")) {
     *answer = get_bw_samples();
   } else if (!strcmp(question, "config-file")) {
-    *answer = tor_strdup(get_torrc_fname(0));
+    const char *a = get_torrc_fname(0);
+    if (a)
+      *answer = tor_strdup(a);
   } else if (!strcmp(question, "config-defaults-file")) {
-    *answer = tor_strdup(get_torrc_fname(1));
+    const char *a = get_torrc_fname(1);
+    if (a)
+      *answer = tor_strdup(a);
   } else if (!strcmp(question, "config-text")) {
     *answer = options_dump(get_options(), OPTIONS_DUMP_MINIMAL);
   } else if (!strcmp(question, "info/names")) {
@@ -1502,8 +1719,7 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
       }
     #endif
   } else if (!strcmp(question, "process/descriptor-limit")) {
-    int max_fds=-1;
-    set_max_file_descriptors(0, &max_fds);
+    int max_fds = get_max_sockets();
     tor_asprintf(answer, "%d", max_fds);
   } else if (!strcmp(question, "limits/max-mem-in-queues")) {
     tor_asprintf(answer, U64_FORMAT,
@@ -1695,6 +1911,38 @@ getinfo_helper_dir(control_connection_t *control_conn,
     *answer = smartlist_join_strings(sl, "", 0, NULL);
     SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
     smartlist_free(sl);
+  } else if (!strcmpstart(question, "hs/client/desc/id/")) {
+    rend_cache_entry_t *e = NULL;
+
+    question += strlen("hs/client/desc/id/");
+    if (strlen(question) != REND_SERVICE_ID_LEN_BASE32) {
+      *errmsg = "Invalid address";
+      return -1;
+    }
+
+    if (!rend_cache_lookup_entry(question, -1, &e)) {
+      /* Descriptor found in cache */
+      *answer = tor_strdup(e->desc);
+    } else {
+      *errmsg = "Not found in cache";
+      return -1;
+    }
+  } else if (!strcmpstart(question, "hs/service/desc/id/")) {
+    rend_cache_entry_t *e = NULL;
+
+    question += strlen("hs/service/desc/id/");
+    if (strlen(question) != REND_SERVICE_ID_LEN_BASE32) {
+      *errmsg = "Invalid address";
+      return -1;
+    }
+
+    if (!rend_cache_lookup_v2_desc_as_service(question, &e)) {
+      /* Descriptor found in cache */
+      *answer = tor_strdup(e->desc);
+    } else {
+      *errmsg = "Not found in cache";
+      return -1;
+    }
   } else if (!strcmpstart(question, "md/id/")) {
     const node_t *node = node_get_by_hex_id(question+strlen("md/id/"));
     const microdesc_t *md = NULL;
@@ -1763,6 +2011,11 @@ getinfo_helper_dir(control_connection_t *control_conn,
       char *filename = get_datadir_fname("cached-consensus");
       *answer = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
       tor_free(filename);
+      if (!*answer) { /* generate an error */
+        *errmsg = "Could not open cached consensus. "
+          "Make sure FetchUselessDescriptors is set to 1.";
+        return -1;
+      }
     }
   } else if (!strcmp(question, "network-status")) { /* v1 */
     routerlist_t *routerlist = router_get_routerlist();
@@ -1864,6 +2117,22 @@ circuit_describe_status_for_controller(origin_circuit_t *circ)
     smartlist_add_asprintf(descparts, "TIME_CREATED=%s", tbuf);
   }
 
+  // Show username and/or password if available.
+  if (circ->socks_username_len > 0) {
+    char* socks_username_escaped = esc_for_log_len(circ->socks_username,
+                                     (size_t) circ->socks_username_len);
+    smartlist_add_asprintf(descparts, "SOCKS_USERNAME=%s",
+                           socks_username_escaped);
+    tor_free(socks_username_escaped);
+  }
+  if (circ->socks_password_len > 0) {
+    char* socks_password_escaped = esc_for_log_len(circ->socks_password,
+                                     (size_t) circ->socks_password_len);
+    smartlist_add_asprintf(descparts, "SOCKS_PASSWORD=%s",
+                           socks_password_escaped);
+    tor_free(socks_password_escaped);
+  }
+
   rv = smartlist_join_strings(descparts, " ", 0, NULL);
 
   SMARTLIST_FOREACH(descparts, char *, cp, tor_free(cp));
@@ -1879,11 +2148,11 @@ getinfo_helper_events(control_connection_t *control_conn,
                       const char *question, char **answer,
                       const char **errmsg)
 {
+  const or_options_t *options = get_options();
   (void) control_conn;
   if (!strcmp(question, "circuit-status")) {
-    circuit_t *circ_;
     smartlist_t *status = smartlist_new();
-    TOR_LIST_FOREACH(circ_, circuit_get_global_list(), head) {
+    SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ_) {
       origin_circuit_t *circ;
       char *circdesc;
       const char *state;
@@ -1905,6 +2174,7 @@ getinfo_helper_events(control_connection_t *control_conn,
                    state, *circdesc ? " " : "", circdesc);
       tor_free(circdesc);
     }
+    SMARTLIST_FOREACH_END(circ_);
     *answer = smartlist_join_strings(status, "\r\n", 0, NULL);
     SMARTLIST_FOREACH(status, char *, cp, tor_free(cp));
     smartlist_free(status);
@@ -2004,7 +2274,7 @@ getinfo_helper_events(control_connection_t *control_conn,
     /* Note that status/ is not a catch-all for events; there's only supposed
      * to be a status GETINFO if there's a corresponding STATUS event. */
     if (!strcmp(question, "status/circuit-established")) {
-      *answer = tor_strdup(can_complete_circuit ? "1" : "0");
+      *answer = tor_strdup(have_completed_a_circuit() ? "1" : "0");
     } else if (!strcmp(question, "status/enough-dir-info")) {
       *answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
     } else if (!strcmp(question, "status/good-server-descriptor") ||
@@ -2015,17 +2285,19 @@ getinfo_helper_events(control_connection_t *control_conn,
       *answer = tor_strdup(directories_have_accepted_server_descriptor()
                            ? "1" : "0");
     } else if (!strcmp(question, "status/reachability-succeeded/or")) {
-      *answer = tor_strdup(check_whether_orport_reachable() ? "1" : "0");
+      *answer = tor_strdup(check_whether_orport_reachable(options) ?
+                            "1" : "0");
     } else if (!strcmp(question, "status/reachability-succeeded/dir")) {
-      *answer = tor_strdup(check_whether_dirport_reachable() ? "1" : "0");
+      *answer = tor_strdup(check_whether_dirport_reachable(options) ?
+                            "1" : "0");
     } else if (!strcmp(question, "status/reachability-succeeded")) {
       tor_asprintf(answer, "OR=%d DIR=%d",
-                   check_whether_orport_reachable() ? 1 : 0,
-                   check_whether_dirport_reachable() ? 1 : 0);
+                   check_whether_orport_reachable(options) ? 1 : 0,
+                   check_whether_dirport_reachable(options) ? 1 : 0);
     } else if (!strcmp(question, "status/bootstrap-phase")) {
       *answer = tor_strdup(last_sent_bootstrap_message);
     } else if (!strcmpstart(question, "status/version/")) {
-      int is_server = server_mode(get_options());
+      int is_server = server_mode(options);
       networkstatus_t *c = networkstatus_get_latest_consensus();
       version_status_t status;
       const char *recommended;
@@ -2066,6 +2338,46 @@ getinfo_helper_events(control_connection_t *control_conn,
         return -1;
       }
       *answer = bridge_stats;
+    } else if (!strcmp(question, "status/fresh-relay-descs")) {
+      if (!server_mode(options)) {
+        *errmsg = "Only relays have descriptors";
+        return -1;
+      }
+      routerinfo_t *r;
+      extrainfo_t *e;
+      if (router_build_fresh_descriptor(&r, &e) < 0) {
+        *errmsg = "Error generating descriptor";
+        return -1;
+      }
+      size_t size = r->cache_info.signed_descriptor_len + 1;
+      if (e) {
+        size += e->cache_info.signed_descriptor_len + 1;
+      }
+      tor_assert(r->cache_info.signed_descriptor_len);
+      char *descs = tor_malloc(size);
+      char *cp = descs;
+      memcpy(cp, signed_descriptor_get_body(&r->cache_info),
+             r->cache_info.signed_descriptor_len);
+      cp += r->cache_info.signed_descriptor_len - 1;
+      if (e) {
+        if (cp[0] == '\0') {
+          cp[0] = '\n';
+        } else if (cp[0] != '\n') {
+          cp[1] = '\n';
+          cp++;
+        }
+        memcpy(cp, signed_descriptor_get_body(&e->cache_info),
+               e->cache_info.signed_descriptor_len);
+        cp += e->cache_info.signed_descriptor_len - 1;
+      }
+      if (cp[0] == '\n') {
+        cp[0] = '\0';
+      } else if (cp[0] != '\0') {
+        cp[1] = '\0';
+      }
+      *answer = descs;
+      routerinfo_free(r);
+      extrainfo_free(e);
     } else {
       return 0;
     }
@@ -2073,6 +2385,55 @@ getinfo_helper_events(control_connection_t *control_conn,
   return 0;
 }
 
+/** Implementation helper for GETINFO: knows how to enumerate hidden services
+ * created via the control port. */
+static int
+getinfo_helper_onions(control_connection_t *control_conn,
+                      const char *question, char **answer,
+                      const char **errmsg)
+{
+  smartlist_t *onion_list = NULL;
+
+  if (control_conn && !strcmp(question, "onions/current")) {
+    onion_list = control_conn->ephemeral_onion_services;
+  } else if (!strcmp(question, "onions/detached")) {
+    onion_list = detached_onion_services;
+  } else {
+    return 0;
+  }
+  if (!onion_list || smartlist_len(onion_list) == 0) {
+    if (errmsg) {
+        *errmsg = "No onion services of the specified type.";
+    }
+    return -1;
+  }
+  if (answer) {
+      *answer = smartlist_join_strings(onion_list, "\r\n", 0, NULL);
+  }
+
+  return 0;
+}
+
+/** Implementation helper for GETINFO: answers queries about network
+ * liveness. */
+static int
+getinfo_helper_liveness(control_connection_t *control_conn,
+                      const char *question, char **answer,
+                      const char **errmsg)
+{
+  (void)control_conn;
+  (void)errmsg;
+  if (strcmp(question, "network-liveness") == 0) {
+    if (get_cached_network_liveness()) {
+      *answer = tor_strdup("up");
+    } else {
+      *answer = tor_strdup("down");
+    }
+  }
+
+  return 0;
+}
+
 /** Callback function for GETINFO: on a given control connection, try to
  * answer the question <b>q</b> and store the newly-allocated answer in
  * *<b>a</b>. If an internal error occurs, return -1 and optionally set
@@ -2142,6 +2503,10 @@ static const getinfo_item_t getinfo_items[] = {
   PREFIX("md/id/", dir, "Microdescriptors by ID"),
   PREFIX("md/name/", dir, "Microdescriptors by name"),
   PREFIX("extra-info/digest/", dir, "Extra-info documents by digest."),
+  PREFIX("hs/client/desc/id", dir,
+         "Hidden Service descriptor in client's cache by onion."),
+  PREFIX("hs/service/desc/id/", dir,
+         "Hidden Service descriptor in services's cache by onion."),
   PREFIX("net/listeners/", listeners, "Bound addresses by type"),
   ITEM("ns/all", networkstatus,
        "Brief summary of router status (v2 directory format)"),
@@ -2151,8 +2516,12 @@ static const getinfo_item_t getinfo_items[] = {
          "Brief summary of router status by nickname (v2 directory format)."),
   PREFIX("ns/purpose/", networkstatus,
          "Brief summary of router status by purpose (v2 directory format)."),
+  PREFIX("consensus/", networkstatus,
+         "Information about and from the ns consensus."),
   ITEM("network-status", dir,
        "Brief summary of router status (v1 directory format)"),
+  ITEM("network-liveness", liveness,
+       "Current opinion on whether the network is live"),
   ITEM("circuit-status", events, "List of current circuits originating here."),
   ITEM("stream-status", events,"List of current streams."),
   ITEM("orconn-status", events, "A list of current OR connections."),
@@ -2174,6 +2543,8 @@ static const getinfo_item_t getinfo_items[] = {
       "The last bootstrap phase status event that Tor sent."),
   DOC("status/clients-seen",
       "Breakdown of client countries seen by a bridge."),
+  DOC("status/fresh-relay-descs",
+      "A fresh relay/ei descriptor pair for Tor's current state. Not stored."),
   DOC("status/version/recommended", "List of currently recommended versions."),
   DOC("status/version/current", "Status of the current version."),
   DOC("status/version/num-versioning", "Number of versioning authorities."),
@@ -2199,10 +2570,20 @@ static const getinfo_item_t getinfo_items[] = {
        "v3 Networkstatus consensus as retrieved from a DirPort."),
   ITEM("exit-policy/default", policies,
        "The default value appended to the configured exit policy."),
+  ITEM("exit-policy/reject-private/default", policies,
+       "The default rules appended to the configured exit policy by"
+       " ExitPolicyRejectPrivate."),
+  ITEM("exit-policy/reject-private/relay", policies,
+       "The relay-specific rules appended to the configured exit policy by"
+       " ExitPolicyRejectPrivate."),
   ITEM("exit-policy/full", policies, "The entire exit policy of onion router"),
   ITEM("exit-policy/ipv4", policies, "IPv4 parts of exit policy"),
   ITEM("exit-policy/ipv6", policies, "IPv6 parts of exit policy"),
   PREFIX("ip-to-country/", geoip, "Perform a GEOIP lookup"),
+  ITEM("onions/current", onions,
+       "Onion services owned by the current control connection."),
+  ITEM("onions/detached", onions,
+       "Onion services detached from the control connection."),
   { NULL, NULL, NULL, 0 }
 };
 
@@ -2454,6 +2835,14 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len,
     goto done;
   }
 
+  if (smartlist_len(args) < 2) {
+    connection_printf_to_buf(conn,
+                             "512 syntax error: not enough arguments.\r\n");
+    SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
+    smartlist_free(args);
+    goto done;
+  }
+
   smartlist_split_string(router_nicknames, smartlist_get(args,1), ",", 0, 0);
 
   SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
@@ -2483,12 +2872,26 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len,
   }
 
   /* now circ refers to something that is ready to be extended */
+  int first_node = zero_circ;
   SMARTLIST_FOREACH(nodes, const node_t *, node,
   {
-    extend_info_t *info = extend_info_from_node(node, 0);
-    tor_assert(info); /* True, since node_has_descriptor(node) == true */
+    extend_info_t *info = extend_info_from_node(node, first_node);
+    if (first_node && !info) {
+      log_warn(LD_CONTROL,
+               "controller tried to connect to a node that doesn't have any "
+               "addresses that are allowed by the firewall configuration; "
+               "circuit marked for closing.");
+      circuit_mark_for_close(TO_CIRCUIT(circ), -END_CIRC_REASON_CONNECTFAILED);
+      connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn);
+      goto done;
+    } else {
+      /* True, since node_has_descriptor(node) == true and we are extending
+       * to the node's primary address */
+      tor_assert(info);
+    }
     circuit_append_new_exit(circ, info);
     extend_info_free(info);
+    first_node = 0;
   });
 
   /* now that we've populated the cpath, start extending */
@@ -2630,6 +3033,7 @@ handle_control_attachstream(control_connection_t *conn, uint32_t len,
     edge_conn->end_reason = 0;
     if (tmpcirc)
       circuit_detach_stream(tmpcirc, edge_conn);
+    CONNECTION_AP_EXPECT_NONPENDING(ap_conn);
     TO_CONN(edge_conn)->state = AP_CONN_STATE_CONTROLLER_WAIT;
   }
 
@@ -2689,12 +3093,14 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
   uint8_t purpose = ROUTER_PURPOSE_GENERAL;
   int cache = 0; /* eventually, we may switch this to 1 */
 
-  char *cp = memchr(body, '\n', len);
+  const char *cp = memchr(body, '\n', len);
   smartlist_t *args = smartlist_new();
   tor_assert(cp);
-  *cp++ = '\0';
+  ++cp;
 
-  smartlist_split_string(args, body, " ",
+  char *cmdline = tor_memdup_nulterm(body, cp-body);
+
+  smartlist_split_string(args, cmdline, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(args, char *, option) {
     if (!strcasecmpstart(option, "purpose=")) {
@@ -2743,6 +3149,7 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
  done:
   SMARTLIST_FOREACH(args, char *, arg, tor_free(arg));
   smartlist_free(args);
+  tor_free(cmdline);
   return 0;
 }
 
@@ -3058,8 +3465,7 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len,
     tor_free(client_nonce);
     return -1;
   }
-
-  tor_assert(!crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN));
+  crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
 
   /* Now compute and send the server-to-controller response, and the
    * server's nonce. */
@@ -3167,6 +3573,570 @@ handle_control_dropguards(control_connection_t *conn,
   return 0;
 }
 
+/** Implementation for the HSFETCH command. */
+static int
+handle_control_hsfetch(control_connection_t *conn, uint32_t len,
+                       const char *body)
+{
+  int i;
+  char digest[DIGEST_LEN], *hsaddress = NULL, *arg1 = NULL, *desc_id = NULL;
+  smartlist_t *args = NULL, *hsdirs = NULL;
+  (void) len; /* body is nul-terminated; it's safe to ignore the length */
+  static const char *hsfetch_command = "HSFETCH";
+  static const char *v2_str = "v2-";
+  const size_t v2_str_len = strlen(v2_str);
+  rend_data_t *rend_query = NULL;
+
+  /* Make sure we have at least one argument, the HSAddress. */
+  args = getargs_helper(hsfetch_command, conn, body, 1, -1);
+  if (!args) {
+    goto exit;
+  }
+
+  /* Extract the first argument (either HSAddress or DescID). */
+  arg1 = smartlist_get(args, 0);
+  /* Test if it's an HS address without the .onion part. */
+  if (rend_valid_service_id(arg1)) {
+    hsaddress = arg1;
+  } else if (strcmpstart(arg1, v2_str) == 0 &&
+             rend_valid_descriptor_id(arg1 + v2_str_len) &&
+             base32_decode(digest, sizeof(digest), arg1 + v2_str_len,
+                           REND_DESC_ID_V2_LEN_BASE32) == 0) {
+    /* We have a well formed version 2 descriptor ID. Keep the decoded value
+     * of the id. */
+    desc_id = digest;
+  } else {
+    connection_printf_to_buf(conn, "513 Unrecognized \"%s\"\r\n",
+                             arg1);
+    goto done;
+  }
+
+  static const char *opt_server = "SERVER=";
+
+  /* Skip first argument because it's the HSAddress or DescID. */
+  for (i = 1; i < smartlist_len(args); ++i) {
+    const char *arg = smartlist_get(args, i);
+    const node_t *node;
+
+    if (!strcasecmpstart(arg, opt_server)) {
+      const char *server;
+
+      server = arg + strlen(opt_server);
+      node = node_get_by_hex_id(server);
+      if (!node) {
+        connection_printf_to_buf(conn, "552 Server \"%s\" not found\r\n",
+                                 server);
+        goto done;
+      }
+      if (!hsdirs) {
+        /* Stores routerstatus_t object for each specified server. */
+        hsdirs = smartlist_new();
+      }
+      /* Valid server, add it to our local list. */
+      smartlist_add(hsdirs, node->rs);
+    } else {
+      connection_printf_to_buf(conn, "513 Unexpected argument \"%s\"\r\n",
+                               arg);
+      goto done;
+    }
+  }
+
+  rend_query = rend_data_client_create(hsaddress, desc_id, NULL,
+                                       REND_NO_AUTH);
+  if (rend_query == NULL) {
+    connection_printf_to_buf(conn, "551 Error creating the HS query\r\n");
+    goto done;
+  }
+
+  /* Using a descriptor ID, we force the user to provide at least one
+   * hsdir server using the SERVER= option. */
+  if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) {
+      connection_printf_to_buf(conn, "512 %s option is required\r\n",
+                               opt_server);
+      goto done;
+  }
+
+  /* We are about to trigger HSDir fetch so send the OK now because after
+   * that 650 event(s) are possible so better to have the 250 OK before them
+   * to avoid out of order replies. */
+  send_control_done(conn);
+
+  /* Trigger the fetch using the built rend query and possibly a list of HS
+   * directory to use. This function ignores the client cache thus this will
+   * always send a fetch command. */
+  rend_client_fetch_v2_desc(rend_query, hsdirs);
+
+ done:
+  SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
+  smartlist_free(args);
+  /* Contains data pointer that we don't own thus no cleanup. */
+  smartlist_free(hsdirs);
+  rend_data_free(rend_query);
+ exit:
+  return 0;
+}
+
+/** Implementation for the HSPOST command. */
+static int
+handle_control_hspost(control_connection_t *conn,
+                      uint32_t len,
+                      const char *body)
+{
+  static const char *opt_server = "SERVER=";
+  smartlist_t *args = smartlist_new();
+  smartlist_t *hs_dirs = NULL;
+  const char *encoded_desc = body;
+  size_t encoded_desc_len = len;
+
+  char *cp = memchr(body, '\n', len);
+  char *argline = tor_strndup(body, cp-body);
+
+  /* If any SERVER= options were specified, try parse the options line */
+  if (!strcasecmpstart(argline, opt_server)) {
+    /* encoded_desc begins after a newline character */
+    cp = cp + 1;
+    encoded_desc = cp;
+    encoded_desc_len = len-(cp-body);
+
+    smartlist_split_string(args, argline, " ",
+                           SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+    SMARTLIST_FOREACH_BEGIN(args, const char *, arg) {
+      if (!strcasecmpstart(arg, opt_server)) {
+        const char *server = arg + strlen(opt_server);
+        const node_t *node = node_get_by_hex_id(server);
+
+        if (!node || !node->rs) {
+          connection_printf_to_buf(conn, "552 Server \"%s\" not found\r\n",
+                                   server);
+          goto done;
+        }
+        if (!node->rs->is_hs_dir) {
+          connection_printf_to_buf(conn, "552 Server \"%s\" is not a HSDir"
+                                         "\r\n", server);
+          goto done;
+        }
+        /* Valid server, add it to our local list. */
+        if (!hs_dirs)
+          hs_dirs = smartlist_new();
+        smartlist_add(hs_dirs, node->rs);
+      } else {
+        connection_printf_to_buf(conn, "512 Unexpected argument \"%s\"\r\n",
+                                 arg);
+        goto done;
+      }
+    } SMARTLIST_FOREACH_END(arg);
+  }
+
+  /* Read the dot encoded descriptor, and parse it. */
+  rend_encoded_v2_service_descriptor_t *desc =
+      tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
+  read_escaped_data(encoded_desc, encoded_desc_len, &desc->desc_str);
+
+  rend_service_descriptor_t *parsed = NULL;
+  char *intro_content = NULL;
+  size_t intro_size;
+  size_t encoded_size;
+  const char *next_desc;
+  if (!rend_parse_v2_service_descriptor(&parsed, desc->desc_id, &intro_content,
+                                        &intro_size, &encoded_size,
+                                        &next_desc, desc->desc_str, 1)) {
+    /* Post the descriptor. */
+    char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
+    if (!rend_get_service_id(parsed->pk, serviceid)) {
+      smartlist_t *descs = smartlist_new();
+      smartlist_add(descs, desc);
+
+      /* We are about to trigger HS descriptor upload so send the OK now
+       * because after that 650 event(s) are possible so better to have the
+       * 250 OK before them to avoid out of order replies. */
+      send_control_done(conn);
+
+      /* Trigger the descriptor upload */
+      directory_post_to_hs_dir(parsed, descs, hs_dirs, serviceid, 0);
+      smartlist_free(descs);
+    }
+
+    rend_service_descriptor_free(parsed);
+  } else {
+    connection_printf_to_buf(conn, "554 Invalid descriptor\r\n");
+  }
+
+  tor_free(intro_content);
+  rend_encoded_v2_service_descriptor_free(desc);
+ done:
+  tor_free(argline);
+  smartlist_free(hs_dirs); /* Contents belong to the rend service code. */
+  SMARTLIST_FOREACH(args, char *, arg, tor_free(arg));
+  smartlist_free(args);
+  return 0;
+}
+
+/** Called when we get a ADD_ONION command; parse the body, and set up
+ * the new ephemeral Onion Service. */
+static int
+handle_control_add_onion(control_connection_t *conn,
+                         uint32_t len,
+                         const char *body)
+{
+  smartlist_t *args;
+  size_t arg_len;
+  (void) len; /* body is nul-terminated; it's safe to ignore the length */
+  args = getargs_helper("ADD_ONION", conn, body, 2, -1);
+  if (!args)
+    return 0;
+  arg_len = smartlist_len(args);
+
+  /* Parse all of the arguments that do not involve handling cryptographic
+   * material first, since there's no reason to touch that at all if any of
+   * the other arguments are malformed.
+   */
+  smartlist_t *port_cfgs = smartlist_new();
+  int discard_pk = 0;
+  int detach = 0;
+  int max_streams = 0;
+  int max_streams_close_circuit = 0;
+  for (size_t i = 1; i < arg_len; i++) {
+    static const char *port_prefix = "Port=";
+    static const char *flags_prefix = "Flags=";
+    static const char *max_s_prefix = "MaxStreams=";
+
+    const char *arg = smartlist_get(args, i);
+    if (!strcasecmpstart(arg, port_prefix)) {
+      /* "Port=VIRTPORT[,TARGET]". */
+      const char *port_str = arg + strlen(port_prefix);
+
+      rend_service_port_config_t *cfg =
+          rend_service_parse_port_config(port_str, ",", NULL);
+      if (!cfg) {
+        connection_printf_to_buf(conn, "512 Invalid VIRTPORT/TARGET\r\n");
+        goto out;
+      }
+      smartlist_add(port_cfgs, cfg);
+    } else if (!strcasecmpstart(arg, max_s_prefix)) {
+      /* "MaxStreams=[0..65535]". */
+      const char *max_s_str = arg + strlen(max_s_prefix);
+      int ok = 0;
+      max_streams = (int)tor_parse_long(max_s_str, 10, 0, 65535, &ok, NULL);
+      if (!ok) {
+        connection_printf_to_buf(conn, "512 Invalid MaxStreams\r\n");
+        goto out;
+      }
+    } else if (!strcasecmpstart(arg, flags_prefix)) {
+      /* "Flags=Flag[,Flag]", where Flag can be:
+       *   * 'DiscardPK' - If tor generates the keypair, do not include it in
+       *                   the response.
+       *   * 'Detach' - Do not tie this onion service to any particular control
+       *                connection.
+       *   * 'MaxStreamsCloseCircuit' - Close the circuit if MaxStreams is
+       *                                exceeded.
+       */
+      static const char *discard_flag = "DiscardPK";
+      static const char *detach_flag = "Detach";
+      static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
+
+      smartlist_t *flags = smartlist_new();
+      int bad = 0;
+
+      smartlist_split_string(flags, arg + strlen(flags_prefix), ",",
+                             SPLIT_IGNORE_BLANK, 0);
+      if (smartlist_len(flags) < 1) {
+        connection_printf_to_buf(conn, "512 Invalid 'Flags' argument\r\n");
+        bad = 1;
+      }
+      SMARTLIST_FOREACH_BEGIN(flags, const char *, flag)
+      {
+        if (!strcasecmp(flag, discard_flag)) {
+          discard_pk = 1;
+        } else if (!strcasecmp(flag, detach_flag)) {
+          detach = 1;
+        } else if (!strcasecmp(flag, max_s_close_flag)) {
+          max_streams_close_circuit = 1;
+        } else {
+          connection_printf_to_buf(conn,
+                                   "512 Invalid 'Flags' argument: %s\r\n",
+                                   escaped(flag));
+          bad = 1;
+          break;
+        }
+      } SMARTLIST_FOREACH_END(flag);
+      SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
+      smartlist_free(flags);
+      if (bad)
+        goto out;
+    } else {
+      connection_printf_to_buf(conn, "513 Invalid argument\r\n");
+      goto out;
+    }
+  }
+  if (smartlist_len(port_cfgs) == 0) {
+    connection_printf_to_buf(conn, "512 Missing 'Port' argument\r\n");
+    goto out;
+  }
+
+  /* Parse the "keytype:keyblob" argument. */
+  crypto_pk_t *pk = NULL;
+  const char *key_new_alg = NULL;
+  char *key_new_blob = NULL;
+  char *err_msg = NULL;
+
+  pk = add_onion_helper_keyarg(smartlist_get(args, 0), discard_pk,
+                               &key_new_alg, &key_new_blob,
+                               &err_msg);
+  if (!pk) {
+    if (err_msg) {
+      connection_write_str_to_buf(err_msg, conn);
+      tor_free(err_msg);
+    }
+    goto out;
+  }
+  tor_assert(!err_msg);
+
+  /* Create the HS, using private key pk, and port config port_cfg.
+   * rend_service_add_ephemeral() will take ownership of pk and port_cfg,
+   * regardless of success/failure.
+   */
+  char *service_id = NULL;
+  int ret = rend_service_add_ephemeral(pk, port_cfgs, max_streams,
+                                       max_streams_close_circuit,
+                                       &service_id);
+  port_cfgs = NULL; /* port_cfgs is now owned by the rendservice code. */
+  switch (ret) {
+  case RSAE_OKAY:
+  {
+    char *buf = NULL;
+    tor_assert(service_id);
+    if (key_new_alg) {
+      tor_assert(key_new_blob);
+      tor_asprintf(&buf,
+                   "250-ServiceID=%s\r\n"
+                   "250-PrivateKey=%s:%s\r\n"
+                   "250 OK\r\n",
+                   service_id,
+                   key_new_alg,
+                   key_new_blob);
+    } else {
+      tor_asprintf(&buf,
+                   "250-ServiceID=%s\r\n"
+                   "250 OK\r\n",
+                   service_id);
+    }
+    if (detach) {
+      if (!detached_onion_services)
+        detached_onion_services = smartlist_new();
+      smartlist_add(detached_onion_services, service_id);
+    } else {
+      if (!conn->ephemeral_onion_services)
+        conn->ephemeral_onion_services = smartlist_new();
+      smartlist_add(conn->ephemeral_onion_services, service_id);
+    }
+
+    connection_write_str_to_buf(buf, conn);
+    memwipe(buf, 0, strlen(buf));
+    tor_free(buf);
+    break;
+  }
+  case RSAE_BADPRIVKEY:
+    connection_printf_to_buf(conn, "551 Failed to generate onion address\r\n");
+    break;
+  case RSAE_ADDREXISTS:
+    connection_printf_to_buf(conn, "550 Onion address collision\r\n");
+    break;
+  case RSAE_BADVIRTPORT:
+    connection_printf_to_buf(conn, "512 Invalid VIRTPORT/TARGET\r\n");
+    break;
+  case RSAE_INTERNAL: /* FALLSTHROUGH */
+  default:
+    connection_printf_to_buf(conn, "551 Failed to add Onion Service\r\n");
+  }
+  if (key_new_blob) {
+    memwipe(key_new_blob, 0, strlen(key_new_blob));
+    tor_free(key_new_blob);
+  }
+
+ out:
+  if (port_cfgs) {
+    SMARTLIST_FOREACH(port_cfgs, rend_service_port_config_t*, p,
+                      rend_service_port_config_free(p));
+    smartlist_free(port_cfgs);
+  }
+
+  SMARTLIST_FOREACH(args, char *, cp, {
+    memwipe(cp, 0, strlen(cp));
+    tor_free(cp);
+  });
+  smartlist_free(args);
+  return 0;
+}
+
+/** Helper function to handle parsing the KeyType:KeyBlob argument to the
+ * ADD_ONION command. Return a new crypto_pk_t and if a new key was generated
+ * and the private key not discarded, the algorithm and serialized private key,
+ * or NULL and an optional control protocol error message on failure.  The
+ * caller is responsible for freeing the returned key_new_blob and err_msg.
+ *
+ * Note: The error messages returned are deliberately vague to avoid echoing
+ * key material.
+ */
+STATIC crypto_pk_t *
+add_onion_helper_keyarg(const char *arg, int discard_pk,
+                        const char **key_new_alg_out, char **key_new_blob_out,
+                        char **err_msg_out)
+{
+  smartlist_t *key_args = smartlist_new();
+  crypto_pk_t *pk = NULL;
+  const char *key_new_alg = NULL;
+  char *key_new_blob = NULL;
+  char *err_msg = NULL;
+  int ok = 0;
+
+  smartlist_split_string(key_args, arg, ":", SPLIT_IGNORE_BLANK, 0);
+  if (smartlist_len(key_args) != 2) {
+    err_msg = tor_strdup("512 Invalid key type/blob\r\n");
+    goto err;
+  }
+
+  /* The format is "KeyType:KeyBlob". */
+  static const char *key_type_new = "NEW";
+  static const char *key_type_best = "BEST";
+  static const char *key_type_rsa1024 = "RSA1024";
+
+  const char *key_type = smartlist_get(key_args, 0);
+  const char *key_blob = smartlist_get(key_args, 1);
+
+  if (!strcasecmp(key_type_rsa1024, key_type)) {
+    /* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */
+    pk = crypto_pk_base64_decode(key_blob, strlen(key_blob));
+    if (!pk) {
+      err_msg = tor_strdup("512 Failed to decode RSA key\r\n");
+      goto err;
+    }
+    if (crypto_pk_num_bits(pk) != PK_BYTES*8) {
+      err_msg = tor_strdup("512 Invalid RSA key size\r\n");
+      goto err;
+    }
+  } else if (!strcasecmp(key_type_new, key_type)) {
+    /* "NEW:<Algorithm>" - Generating a new key, blob as algorithm. */
+    if (!strcasecmp(key_type_rsa1024, key_blob) ||
+        !strcasecmp(key_type_best, key_blob)) {
+      /* "RSA1024", RSA 1024 bit, also currently "BEST" by default. */
+      pk = crypto_pk_new();
+      if (crypto_pk_generate_key(pk)) {
+        tor_asprintf(&err_msg, "551 Failed to generate %s key\r\n",
+                     key_type_rsa1024);
+        goto err;
+      }
+      if (!discard_pk) {
+        if (crypto_pk_base64_encode(pk, &key_new_blob)) {
+          tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n",
+                       key_type_rsa1024);
+          goto err;
+        }
+        key_new_alg = key_type_rsa1024;
+      }
+    } else {
+      err_msg = tor_strdup("513 Invalid key type\r\n");
+      goto err;
+    }
+  } else {
+    err_msg = tor_strdup("513 Invalid key type\r\n");
+    goto err;
+  }
+
+  /* Succeded in loading or generating a private key. */
+  tor_assert(pk);
+  ok = 1;
+
+ err:
+  SMARTLIST_FOREACH(key_args, char *, cp, {
+    memwipe(cp, 0, strlen(cp));
+    tor_free(cp);
+  });
+  smartlist_free(key_args);
+
+  if (!ok) {
+    crypto_pk_free(pk);
+    pk = NULL;
+  }
+  if (err_msg_out) {
+    *err_msg_out = err_msg;
+  } else {
+    tor_free(err_msg);
+  }
+  *key_new_alg_out = key_new_alg;
+  *key_new_blob_out = key_new_blob;
+
+  return pk;
+}
+
+/** Called when we get a DEL_ONION command; parse the body, and remove
+ * the existing ephemeral Onion Service. */
+static int
+handle_control_del_onion(control_connection_t *conn,
+                          uint32_t len,
+                          const char *body)
+{
+  smartlist_t *args;
+  (void) len; /* body is nul-terminated; it's safe to ignore the length */
+  args = getargs_helper("DEL_ONION", conn, body, 1, 1);
+  if (!args)
+    return 0;
+
+  const char *service_id = smartlist_get(args, 0);
+  if (!rend_valid_service_id(service_id)) {
+    connection_printf_to_buf(conn, "512 Malformed Onion Service id\r\n");
+    goto out;
+  }
+
+  /* Determine if the onion service belongs to this particular control
+   * connection, or if it is in the global list of detached services.  If it
+   * is in neither, either the service ID is invalid in some way, or it
+   * explicitly belongs to a different control connection, and an error
+   * should be returned.
+   */
+  smartlist_t *services[2] = {
+    conn->ephemeral_onion_services,
+    detached_onion_services
+  };
+  smartlist_t *onion_services = NULL;
+  int idx = -1;
+  for (size_t i = 0; i < ARRAY_LENGTH(services); i++) {
+    idx = smartlist_string_pos(services[i], service_id);
+    if (idx != -1) {
+      onion_services = services[i];
+      break;
+    }
+  }
+  if (onion_services == NULL) {
+    connection_printf_to_buf(conn, "552 Unknown Onion Service id\r\n");
+  } else {
+    int ret = rend_service_del_ephemeral(service_id);
+    if (ret) {
+      /* This should *NEVER* fail, since the service is on either the
+       * per-control connection list, or the global one.
+       */
+      log_warn(LD_BUG, "Failed to remove Onion Service %s.",
+               escaped(service_id));
+      tor_fragile_assert();
+    }
+
+    /* Remove/scrub the service_id from the appropriate list. */
+    char *cp = smartlist_get(onion_services, idx);
+    smartlist_del(onion_services, idx);
+    memwipe(cp, 0, strlen(cp));
+    tor_free(cp);
+
+    send_control_done(conn);
+  }
+
+ out:
+  SMARTLIST_FOREACH(args, char *, cp, {
+    memwipe(cp, 0, strlen(cp));
+    tor_free(cp);
+  });
+  smartlist_free(args);
+  return 0;
+}
+
 /** Called when <b>conn</b> has no more bytes left on its outbuf. */
 int
 connection_control_finished_flushing(control_connection_t *conn)
@@ -3186,10 +4156,6 @@ connection_control_reached_eof(control_connection_t *conn)
   return 0;
 }
 
-static void lost_owning_controller(const char *owner_type,
-                                   const char *loss_manner)
-  ATTR_NORETURN;
-
 /** Shut down this Tor instance in the same way that SIGINT would, but
  * with a log message appropriate for the loss of an owning controller. */
 static void
@@ -3198,10 +4164,7 @@ lost_owning_controller(const char *owner_type, const char *loss_manner)
   log_notice(LD_CONTROL, "Owning controller %s has %s -- exiting now.",
              owner_type, loss_manner);
 
-  /* XXXX Perhaps this chunk of code should be a separate function,
-   * called here and by process_signal(SIGINT). */
-  tor_cleanup();
-  exit(0);
+  activate_signal(SIGTERM);
 }
 
 /** Called when <b>conn</b> is being freed. */
@@ -3213,6 +4176,15 @@ connection_control_closed(control_connection_t *conn)
   conn->event_mask = 0;
   control_update_global_event_mask();
 
+  /* Close all ephemeral Onion Services if any.
+   * The list and it's contents are scrubbed/freed in connection_free_.
+   */
+  if (conn->ephemeral_onion_services) {
+    SMARTLIST_FOREACH(conn->ephemeral_onion_services, char *, cp, {
+      rend_service_del_ephemeral(cp);
+    });
+  }
+
   if (conn->is_owning_control_connection) {
     lost_owning_controller("connection", "closed");
   }
@@ -3464,6 +4436,22 @@ connection_control_process_inbuf(control_connection_t *conn)
   } else if (!strcasecmp(conn->incoming_cmd, "DROPGUARDS")) {
     if (handle_control_dropguards(conn, cmd_data_len, args))
       return -1;
+  } else if (!strcasecmp(conn->incoming_cmd, "HSFETCH")) {
+    if (handle_control_hsfetch(conn, cmd_data_len, args))
+      return -1;
+  } else if (!strcasecmp(conn->incoming_cmd, "+HSPOST")) {
+    if (handle_control_hspost(conn, cmd_data_len, args))
+      return -1;
+  } else if (!strcasecmp(conn->incoming_cmd, "ADD_ONION")) {
+    int ret = handle_control_add_onion(conn, cmd_data_len, args);
+    memwipe(args, 0, cmd_data_len); /* Scrub the private key. */
+    if (ret)
+      return -1;
+  } else if (!strcasecmp(conn->incoming_cmd, "DEL_ONION")) {
+    int ret = handle_control_del_onion(conn, cmd_data_len, args);
+    memwipe(args, 0, cmd_data_len); /* Scrub the service id/pk. */
+    if (ret)
+      return -1;
   } else {
     connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n",
                              conn->incoming_cmd);
@@ -3517,7 +4505,7 @@ control_event_circuit_status(origin_circuit_t *circ, circuit_status_event_t tp,
   {
     char *circdesc = circuit_describe_status_for_controller(circ);
     const char *sp = strlen(circdesc) ? " " : "";
-    send_control_event(EVENT_CIRCUIT_STATUS, ALL_FORMATS,
+    send_control_event(EVENT_CIRCUIT_STATUS,
                                 "650 CIRC %lu %s%s%s%s\r\n",
                                 (unsigned long)circ->global_identifier,
                                 status, sp,
@@ -3588,7 +4576,7 @@ control_event_circuit_status_minor(origin_circuit_t *circ,
   {
     char *circdesc = circuit_describe_status_for_controller(circ);
     const char *sp = strlen(circdesc) ? " " : "";
-    send_control_event(EVENT_CIRCUIT_STATUS_MINOR, ALL_FORMATS,
+    send_control_event(EVENT_CIRCUIT_STATUS_MINOR,
                        "650 CIRC_MINOR %lu %s%s%s%s\r\n",
                        (unsigned long)circ->global_identifier,
                        event_desc, sp,
@@ -3763,7 +4751,7 @@ control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp,
   circ = circuit_get_by_edge_conn(ENTRY_TO_EDGE_CONN(conn));
   if (circ && CIRCUIT_IS_ORIGIN(circ))
     origin_circ = TO_ORIGIN_CIRCUIT(circ);
-  send_control_event(EVENT_STREAM_STATUS, ALL_FORMATS,
+  send_control_event(EVENT_STREAM_STATUS,
                         "650 STREAM "U64_FORMAT" %s %lu %s%s%s%s\r\n",
                      U64_PRINTF_ARG(ENTRY_TO_CONN(conn)->global_identifier),
                      status,
@@ -3835,7 +4823,7 @@ control_event_or_conn_status(or_connection_t *conn, or_conn_status_event_t tp,
   }
 
   orconn_target_get_name(name, sizeof(name), conn);
-  send_control_event(EVENT_OR_CONN_STATUS, ALL_FORMATS,
+  send_control_event(EVENT_OR_CONN_STATUS,
                               "650 ORCONN %s %s%s%s%s ID="U64_FORMAT"\r\n",
                               name, status,
                               reason ? " REASON=" : "",
@@ -3858,7 +4846,7 @@ control_event_stream_bandwidth(edge_connection_t *edge_conn)
     if (!edge_conn->n_read && !edge_conn->n_written)
       return 0;
 
-    send_control_event(EVENT_STREAM_BANDWIDTH_USED, ALL_FORMATS,
+    send_control_event(EVENT_STREAM_BANDWIDTH_USED,
                        "650 STREAM_BW "U64_FORMAT" %lu %lu\r\n",
                        U64_PRINTF_ARG(edge_conn->base_.global_identifier),
                        (unsigned long)edge_conn->n_read,
@@ -3893,7 +4881,7 @@ control_event_stream_bandwidth_used(void)
         if (!edge_conn->n_read && !edge_conn->n_written)
           continue;
 
-        send_control_event(EVENT_STREAM_BANDWIDTH_USED, ALL_FORMATS,
+        send_control_event(EVENT_STREAM_BANDWIDTH_USED,
                            "650 STREAM_BW "U64_FORMAT" %lu %lu\r\n",
                            U64_PRINTF_ARG(edge_conn->base_.global_identifier),
                            (unsigned long)edge_conn->n_read,
@@ -3912,24 +4900,24 @@ control_event_stream_bandwidth_used(void)
 int
 control_event_circ_bandwidth_used(void)
 {
-  circuit_t *circ;
   origin_circuit_t *ocirc;
   if (!EVENT_IS_INTERESTING(EVENT_CIRC_BANDWIDTH_USED))
     return 0;
 
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (!CIRCUIT_IS_ORIGIN(circ))
       continue;
     ocirc = TO_ORIGIN_CIRCUIT(circ);
     if (!ocirc->n_read_circ_bw && !ocirc->n_written_circ_bw)
       continue;
-    send_control_event(EVENT_CIRC_BANDWIDTH_USED, ALL_FORMATS,
+    send_control_event(EVENT_CIRC_BANDWIDTH_USED,
                        "650 CIRC_BW ID=%d READ=%lu WRITTEN=%lu\r\n",
                        ocirc->global_identifier,
                        (unsigned long)ocirc->n_read_circ_bw,
                        (unsigned long)ocirc->n_written_circ_bw);
     ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
   }
+  SMARTLIST_FOREACH_END(circ);
 
   return 0;
 }
@@ -3958,7 +4946,7 @@ control_event_conn_bandwidth(connection_t *conn)
     default:
       return 0;
   }
-  send_control_event(EVENT_CONN_BW, ALL_FORMATS,
+  send_control_event(EVENT_CONN_BW,
                      "650 CONN_BW ID="U64_FORMAT" TYPE=%s "
                      "READ=%lu WRITTEN=%lu\r\n",
                      U64_PRINTF_ARG(conn->global_identifier),
@@ -3991,7 +4979,7 @@ sum_up_cell_stats_by_command(circuit_t *circ, cell_stats_t *cell_stats)
 {
   memset(cell_stats, 0, sizeof(cell_stats_t));
   SMARTLIST_FOREACH_BEGIN(circ->testing_cell_stats,
-                          testing_cell_stats_entry_t *, ent) {
+                          const testing_cell_stats_entry_t *, ent) {
     tor_assert(ent->command <= CELL_COMMAND_MAX_);
     if (!ent->removed && !ent->exitward) {
       cell_stats->added_cells_appward[ent->command] += 1;
@@ -4004,10 +4992,8 @@ sum_up_cell_stats_by_command(circuit_t *circ, cell_stats_t *cell_stats)
       cell_stats->removed_cells_exitward[ent->command] += 1;
       cell_stats->total_time_exitward[ent->command] += ent->waiting_time * 10;
     }
-    tor_free(ent);
   } SMARTLIST_FOREACH_END(ent);
-  smartlist_free(circ->testing_cell_stats);
-  circ->testing_cell_stats = NULL;
+  circuit_clear_testing_cell_stats(circ);
 }
 
 /** Helper: append a cell statistics string to <code>event_parts</code>,
@@ -4094,22 +5080,22 @@ format_cell_stats(char **event_string, circuit_t *circ,
 int
 control_event_circuit_cell_stats(void)
 {
-  circuit_t *circ;
   cell_stats_t *cell_stats;
   char *event_string;
   if (!get_options()->TestingEnableCellStatsEvent ||
       !EVENT_IS_INTERESTING(EVENT_CELL_STATS))
     return 0;
   cell_stats = tor_malloc(sizeof(cell_stats_t));;
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (!circ->testing_cell_stats)
       continue;
     sum_up_cell_stats_by_command(circ, cell_stats);
     format_cell_stats(&event_string, circ, cell_stats);
-    send_control_event(EVENT_CELL_STATS, ALL_FORMATS,
+    send_control_event(EVENT_CELL_STATS,
                        "650 CELL_STATS %s\r\n", event_string);
     tor_free(event_string);
   }
+  SMARTLIST_FOREACH_END(circ);
   tor_free(cell_stats);
   return 0;
 }
@@ -4127,7 +5113,7 @@ control_event_tb_empty(const char *bucket, uint32_t read_empty_time,
   if (get_options()->TestingEnableTbEmptyEvent &&
       EVENT_IS_INTERESTING(EVENT_TB_EMPTY) &&
       (read_empty_time > 0 || write_empty_time > 0)) {
-    send_control_event(EVENT_TB_EMPTY, ALL_FORMATS,
+    send_control_event(EVENT_TB_EMPTY,
                        "650 TB_EMPTY %s READ=%d WRITTEN=%d "
                        "LAST=%d\r\n",
                        bucket, read_empty_time, write_empty_time,
@@ -4160,7 +5146,7 @@ control_event_bandwidth_used(uint32_t n_read, uint32_t n_written)
     ++n_measurements;
 
   if (EVENT_IS_INTERESTING(EVENT_BANDWIDTH_USED)) {
-    send_control_event(EVENT_BANDWIDTH_USED, ALL_FORMATS,
+    send_control_event(EVENT_BANDWIDTH_USED,
                        "650 BW %lu %lu\r\n",
                        (unsigned long)n_read,
                        (unsigned long)n_written);
@@ -4175,12 +5161,12 @@ get_bw_samples(void)
   int i;
   int idx = (next_measurement_idx + N_BW_EVENTS_TO_CACHE - n_measurements)
     % N_BW_EVENTS_TO_CACHE;
-  smartlist_t *elements = smartlist_new();
   tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE);
 
+  smartlist_t *elements = smartlist_new();
+
   for (i = 0; i < n_measurements; ++i) {
     tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE);
-    {
     const struct cached_bw_event_s *bwe = &cached_bw_events[idx];
 
     smartlist_add_asprintf(elements, "%u,%u",
@@ -4188,17 +5174,14 @@ get_bw_samples(void)
                            (unsigned)bwe->n_written);
 
     idx = (idx + 1) % N_BW_EVENTS_TO_CACHE;
-    }
   }
 
-  {
   char *result = smartlist_join_strings(elements, " ", 0, NULL);
 
   SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
   smartlist_free(elements);
 
   return result;
-  }
 }
 
 /** Called when we are sending a log message to the controllers: suspend
@@ -4262,7 +5245,11 @@ control_event_logmsg(int severity, uint32_t domain, const char *msg)
       default: s = "UnknownLogSeverity"; break;
     }
     ++disable_log_messages;
-    send_control_event(event, ALL_FORMATS, "650 %s %s\r\n", s, b?b:msg);
+    send_control_event(event,  "650 %s %s\r\n", s, b?b:msg);
+    if (severity == LOG_ERR) {
+      /* Force a flush, since we may be about to die horribly */
+      queued_events_flush_all(1);
+    }
     --disable_log_messages;
     tor_free(b);
   }
@@ -4290,7 +5277,7 @@ control_event_descriptors_changed(smartlist_t *routers)
       });
     ids = smartlist_join_strings(names, " ", 0, NULL);
     tor_asprintf(&msg, "650 NEWDESC %s\r\n", ids);
-    send_control_event_string(EVENT_NEW_DESC, ALL_FORMATS, msg);
+    send_control_event_string(EVENT_NEW_DESC,  msg);
     tor_free(ids);
     tor_free(msg);
     SMARTLIST_FOREACH(names, char *, cp, tor_free(cp));
@@ -4312,7 +5299,7 @@ control_event_address_mapped(const char *from, const char *to, time_t expires,
     return 0;
 
   if (expires < 3 || expires == TIME_MAX)
-    send_control_event(EVENT_ADDRMAP, ALL_FORMATS,
+    send_control_event(EVENT_ADDRMAP,
                                 "650 ADDRMAP %s %s NEVER %s%s"
                                 "CACHED=\"%s\"\r\n",
                                   from, to, error?error:"", error?" ":"",
@@ -4322,7 +5309,7 @@ control_event_address_mapped(const char *from, const char *to, time_t expires,
     char buf2[ISO_TIME_LEN+1];
     format_local_iso_time(buf,expires);
     format_iso_time(buf2,expires);
-    send_control_event(EVENT_ADDRMAP, ALL_FORMATS,
+    send_control_event(EVENT_ADDRMAP,
                                 "650 ADDRMAP %s %s \"%s\""
                                 " %s%sEXPIRES=\"%s\" CACHED=\"%s\"\r\n",
                                 from, to, buf,
@@ -4364,9 +5351,9 @@ control_event_or_authdir_new_descriptor(const char *action,
   buf = tor_malloc(totallen);
   strlcpy(buf, firstline, totallen);
   strlcpy(buf+strlen(firstline), esc, totallen);
-  send_control_event_string(EVENT_AUTHDIR_NEWDESCS, ALL_FORMATS,
+  send_control_event_string(EVENT_AUTHDIR_NEWDESCS,
                             buf);
-  send_control_event_string(EVENT_AUTHDIR_NEWDESCS, ALL_FORMATS,
+  send_control_event_string(EVENT_AUTHDIR_NEWDESCS,
                             "650 OK\r\n");
   tor_free(esc);
   tor_free(buf);
@@ -4374,6 +5361,52 @@ control_event_or_authdir_new_descriptor(const char *action,
   return 0;
 }
 
+/** Cached liveness for network liveness events and GETINFO
+ */
+
+static int network_is_live = 0;
+
+static int
+get_cached_network_liveness(void)
+{
+  return network_is_live;
+}
+
+static void
+set_cached_network_liveness(int liveness)
+{
+  network_is_live = liveness;
+}
+
+/** The network liveness has changed; this is called from circuitstats.c
+ * whenever we receive a cell, or when timeout expires and we assume the
+ * network is down. */
+int
+control_event_network_liveness_update(int liveness)
+{
+  if (liveness > 0) {
+    if (get_cached_network_liveness() <= 0) {
+      /* Update cached liveness */
+      set_cached_network_liveness(1);
+      log_debug(LD_CONTROL, "Sending NETWORK_LIVENESS UP");
+      send_control_event_string(EVENT_NETWORK_LIVENESS,
+                                "650 NETWORK_LIVENESS UP\r\n");
+    }
+    /* else was already live, no-op */
+  } else {
+    if (get_cached_network_liveness() > 0) {
+      /* Update cached liveness */
+      set_cached_network_liveness(0);
+      log_debug(LD_CONTROL, "Sending NETWORK_LIVENESS DOWN");
+      send_control_event_string(EVENT_NETWORK_LIVENESS,
+                                "650 NETWORK_LIVENESS DOWN\r\n");
+    }
+    /* else was already dead, no-op */
+  }
+
+  return 0;
+}
+
 /** Helper function for NS-style events. Constructs and sends an event
  * of type <b>event</b> with string <b>event_string</b> out of the set of
  * networkstatuses <b>statuses</b>. Currently it is used for NS events
@@ -4404,8 +5437,8 @@ control_event_networkstatus_changed_helper(smartlist_t *statuses,
   SMARTLIST_FOREACH(strs, char *, cp, tor_free(cp));
   smartlist_free(strs);
   tor_free(s);
-  send_control_event_string(event, ALL_FORMATS, esc);
-  send_control_event_string(event, ALL_FORMATS,
+  send_control_event_string(event,  esc);
+  send_control_event_string(event,
                             "650 OK\r\n");
 
   tor_free(esc);
@@ -4462,7 +5495,7 @@ control_event_buildtimeout_set(buildtimeout_set_event_t type,
       break;
   }
 
-  send_control_event(EVENT_BUILDTIMEOUT_SET, ALL_FORMATS,
+  send_control_event(EVENT_BUILDTIMEOUT_SET,
                      "650 BUILDTIMEOUT_SET %s %s\r\n",
                      type_string, args);
 
@@ -4475,7 +5508,7 @@ control_event_signal(uintptr_t signal)
 {
   const char *signal_string = NULL;
 
-  if (!control_event_is_interesting(EVENT_SIGNAL))
+  if (!control_event_is_interesting(EVENT_GOT_SIGNAL))
     return 0;
 
   switch (signal) {
@@ -4494,13 +5527,16 @@ control_event_signal(uintptr_t signal)
     case SIGCLEARDNSCACHE:
       signal_string = "CLEARDNSCACHE";
       break;
+    case SIGHEARTBEAT:
+      signal_string = "HEARTBEAT";
+      break;
     default:
       log_warn(LD_BUG, "Unrecognized signal %lu in control_event_signal",
                (unsigned long)signal);
       return -1;
   }
 
-  send_control_event(EVENT_SIGNAL, ALL_FORMATS, "650 SIGNAL %s\r\n",
+  send_control_event(EVENT_GOT_SIGNAL,  "650 SIGNAL %s\r\n",
                      signal_string);
   return 0;
 }
@@ -4528,7 +5564,7 @@ control_event_networkstatus_changed_single(const routerstatus_t *rs)
 int
 control_event_my_descriptor_changed(void)
 {
-  send_control_event(EVENT_DESCCHANGED, ALL_FORMATS, "650 DESCCHANGED\r\n");
+  send_control_event(EVENT_DESCCHANGED,  "650 DESCCHANGED\r\n");
   return 0;
 }
 
@@ -4578,24 +5614,40 @@ control_event_status(int type, int severity, const char *format, va_list args)
   }
   tor_vasprintf(&user_buf, format, args);
 
-  send_control_event(type, ALL_FORMATS, "%s %s\r\n", format_buf, user_buf);
+  send_control_event(type,  "%s %s\r\n", format_buf, user_buf);
   tor_free(user_buf);
   return 0;
 }
 
+#define CONTROL_EVENT_STATUS_BODY(event, sev)                   \
+  int r;                                                        \
+  do {                                                          \
+    va_list ap;                                                 \
+    if (!EVENT_IS_INTERESTING(event))                           \
+      return 0;                                                 \
+                                                                \
+    va_start(ap, format);                                       \
+    r = control_event_status((event), (sev), format, ap);       \
+    va_end(ap);                                                 \
+  } while (0)
+
 /** Format and send an EVENT_STATUS_GENERAL event whose main text is obtained
  * by formatting the arguments using the printf-style <b>format</b>. */
 int
 control_event_general_status(int severity, const char *format, ...)
 {
-  va_list ap;
-  int r;
-  if (!EVENT_IS_INTERESTING(EVENT_STATUS_GENERAL))
-    return 0;
+  CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_GENERAL, severity);
+  return r;
+}
 
-  va_start(ap, format);
-  r = control_event_status(EVENT_STATUS_GENERAL, severity, format, ap);
-  va_end(ap);
+/** Format and send an EVENT_STATUS_GENERAL LOG_ERR event, and flush it to the
+ * controller(s) immediately. */
+int
+control_event_general_error(const char *format, ...)
+{
+  CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_GENERAL, LOG_ERR);
+  /* Force a flush, since we may be about to die horribly */
+  queued_events_flush_all(1);
   return r;
 }
 
@@ -4604,14 +5656,18 @@ control_event_general_status(int severity, const char *format, ...)
 int
 control_event_client_status(int severity, const char *format, ...)
 {
-  va_list ap;
-  int r;
-  if (!EVENT_IS_INTERESTING(EVENT_STATUS_CLIENT))
-    return 0;
+  CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_CLIENT, severity);
+  return r;
+}
 
-  va_start(ap, format);
-  r = control_event_status(EVENT_STATUS_CLIENT, severity, format, ap);
-  va_end(ap);
+/** Format and send an EVENT_STATUS_CLIENT LOG_ERR event, and flush it to the
+ * controller(s) immediately. */
+int
+control_event_client_error(const char *format, ...)
+{
+  CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_CLIENT, LOG_ERR);
+  /* Force a flush, since we may be about to die horribly */
+  queued_events_flush_all(1);
   return r;
 }
 
@@ -4620,14 +5676,18 @@ control_event_client_status(int severity, const char *format, ...)
 int
 control_event_server_status(int severity, const char *format, ...)
 {
-  va_list ap;
-  int r;
-  if (!EVENT_IS_INTERESTING(EVENT_STATUS_SERVER))
-    return 0;
+  CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_SERVER, severity);
+  return r;
+}
 
-  va_start(ap, format);
-  r = control_event_status(EVENT_STATUS_SERVER, severity, format, ap);
-  va_end(ap);
+/** Format and send an EVENT_STATUS_SERVER LOG_ERR event, and flush it to the
+ * controller(s) immediately. */
+int
+control_event_server_error(const char *format, ...)
+{
+  CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_SERVER, LOG_ERR);
+  /* Force a flush, since we may be about to die horribly */
+  queued_events_flush_all(1);
   return r;
 }
 
@@ -4651,7 +5711,7 @@ control_event_guard(const char *nickname, const char *digest,
     } else {
       tor_snprintf(buf, sizeof(buf), "$%s~%s", hbuf, nickname);
     }
-    send_control_event(EVENT_GUARD, ALL_FORMATS,
+    send_control_event(EVENT_GUARD,
                        "650 GUARD ENTRY %s %s\r\n", buf, status);
   }
   return 0;
@@ -4682,7 +5742,7 @@ control_event_conf_changed(const smartlist_t *elements)
     }
   }
   result = smartlist_join_strings(lines, "\r\n", 0, NULL);
-  send_control_event(EVENT_CONF_CHANGED, 0,
+  send_control_event(EVENT_CONF_CHANGED,
     "650-CONF_CHANGED\r\n%s\r\n650 OK\r\n", result);
   tor_free(result);
   SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
@@ -4735,8 +5795,6 @@ static char *owning_controller_process_spec = NULL;
  * if this Tor instance is not currently owned by a process. */
 static tor_process_monitor_t *owning_controller_process_monitor = NULL;
 
-static void owning_controller_procmon_cb(void *unused) ATTR_NORETURN;
-
 /** Process-termination monitor callback for Tor's owning controller
  * process. */
 static void
@@ -4843,23 +5901,43 @@ bootstrap_status_to_string(bootstrap_status_t s, const char **tag,
       break;
     case BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS:
       *tag = "requesting_descriptors";
-      *summary = "Asking for relay descriptors";
+      /* XXXX this appears to incorrectly report internal on most loads */
+      *summary = router_have_consensus_path() == CONSENSUS_PATH_INTERNAL ?
+        "Asking for relay descriptors for internal paths" :
+        "Asking for relay descriptors";
       break;
+    /* If we're sure there are no exits in the consensus,
+     * inform the controller by adding "internal"
+     * to the status summaries.
+     * (We only check this while loading descriptors,
+     * so we may not know in the earlier stages.)
+     * But if there are exits, we can't be sure whether
+     * we're creating internal or exit paths/circuits.
+     * XXXX Or should be use different tags or statuses
+     * for internal and exit/all? */
     case BOOTSTRAP_STATUS_LOADING_DESCRIPTORS:
       *tag = "loading_descriptors";
-      *summary = "Loading relay descriptors";
+      *summary = router_have_consensus_path() == CONSENSUS_PATH_INTERNAL ?
+        "Loading relay descriptors for internal paths" :
+        "Loading relay descriptors";
       break;
     case BOOTSTRAP_STATUS_CONN_OR:
       *tag = "conn_or";
-      *summary = "Connecting to the Tor network";
+      *summary = router_have_consensus_path() == CONSENSUS_PATH_INTERNAL ?
+        "Connecting to the Tor network internally" :
+        "Connecting to the Tor network";
       break;
     case BOOTSTRAP_STATUS_HANDSHAKE_OR:
       *tag = "handshake_or";
-      *summary = "Finishing handshake with first hop";
+      *summary = router_have_consensus_path() == CONSENSUS_PATH_INTERNAL ?
+        "Finishing handshake with first hop of internal circuit" :
+        "Finishing handshake with first hop";
       break;
     case BOOTSTRAP_STATUS_CIRCUIT_CREATE:
       *tag = "circuit_create";
-      *summary = "Establishing a Tor circuit";
+      *summary = router_have_consensus_path() == CONSENSUS_PATH_INTERNAL ?
+        "Establishing an internal Tor circuit" :
+        "Establishing a Tor circuit";
       break;
     case BOOTSTRAP_STATUS_DONE:
       *tag = "done";
@@ -4907,15 +5985,18 @@ static int bootstrap_problems = 0;
  *
  * <b>status</b> is the new status, that is, what task we will be doing
  * next. <b>progress</b> is zero if we just started this task, else it
- * represents progress on the task. */
-void
+ * represents progress on the task.
+ *
+ * Return true if we logged a message at level NOTICE, and false otherwise.
+ */
+int
 control_event_bootstrap(bootstrap_status_t status, int progress)
 {
   const char *tag, *summary;
   char buf[BOOTSTRAP_MSG_LEN];
 
   if (bootstrap_percent == BOOTSTRAP_STATUS_DONE)
-    return; /* already bootstrapped; nothing to be done here. */
+    return 0; /* already bootstrapped; nothing to be done here. */
 
   /* special case for handshaking status, since our TLS handshaking code
    * can't distinguish what the connection is going to be for. */
@@ -4962,7 +6043,10 @@ control_event_bootstrap(bootstrap_status_t status, int progress)
       /* Remember that we gave a notice at this level. */
       notice_bootstrap_percent = bootstrap_percent;
     }
+    return loglevel == LOG_NOTICE;
   }
+
+  return 0;
 }
 
 /** Called when Tor has failed to make bootstrapping progress in a way
@@ -5016,19 +6100,26 @@ MOCK_IMPL(void,
 
   log_fn(severity,
          LD_CONTROL, "Problem bootstrapping. Stuck at %d%%: %s. (%s; %s; "
-         "count %d; recommendation %s)",
+         "count %d; recommendation %s; host %s at %s:%d)",
          status, summary, warn,
          orconn_end_reason_to_control_string(reason),
-         bootstrap_problems, recommendation);
+         bootstrap_problems, recommendation,
+         hex_str(or_conn->identity_digest, DIGEST_LEN),
+         or_conn->base_.address,
+         or_conn->base_.port);
 
   connection_or_report_broken_states(severity, LD_HANDSHAKE);
 
   tor_snprintf(buf, sizeof(buf),
       "BOOTSTRAP PROGRESS=%d TAG=%s SUMMARY=\"%s\" WARNING=\"%s\" REASON=%s "
-      "COUNT=%d RECOMMENDATION=%s",
+      "COUNT=%d RECOMMENDATION=%s HOSTID=\"%s\" HOSTADDR=\"%s:%d\"",
       bootstrap_percent, tag, summary, warn,
       orconn_end_reason_to_control_string(reason), bootstrap_problems,
-      recommendation);
+      recommendation,
+      hex_str(or_conn->identity_digest, DIGEST_LEN),
+      or_conn->base_.address,
+      (int)or_conn->base_.port);
+
   tor_snprintf(last_sent_bootstrap_message,
                sizeof(last_sent_bootstrap_message),
                "WARN %s", buf);
@@ -5041,7 +6132,7 @@ MOCK_IMPL(void,
 void
 control_event_clients_seen(const char *controller_str)
 {
-  send_control_event(EVENT_CLIENTS_SEEN, 0,
+  send_control_event(EVENT_CLIENTS_SEEN,
     "650 CLIENTS_SEEN %s\r\n", controller_str);
 }
 
@@ -5055,7 +6146,7 @@ void
 control_event_transport_launched(const char *mode, const char *transport_name,
                                  tor_addr_t *addr, uint16_t port)
 {
-  send_control_event(EVENT_TRANSPORT_LAUNCHED, ALL_FORMATS,
+  send_control_event(EVENT_TRANSPORT_LAUNCHED,
                      "650 TRANSPORT_LAUNCHED %s %s %s %u\r\n",
                      mode, transport_name, fmt_addr(addr), port);
 }
@@ -5099,6 +6190,29 @@ node_describe_longname_by_id,(const char *id_digest))
   return longname;
 }
 
+/** Return either the onion address if the given pointer is a non empty
+ * string else the unknown string. */
+static const char *
+rend_hsaddress_str_or_unknown(const char *onion_address)
+{
+  static const char *str_unknown = "UNKNOWN";
+  const char *str_ret = str_unknown;
+
+  /* No valid pointer, unknown it is. */
+  if (!onion_address) {
+    goto end;
+  }
+  /* Empty onion address thus we don't know, unknown it is. */
+  if (onion_address[0] == '\0') {
+    goto end;
+  }
+  /* All checks are good so return the given onion address. */
+  str_ret = onion_address;
+
+ end:
+  return str_ret;
+}
+
 /** send HS_DESC requested event.
  *
  * <b>rend_query</b> is used to fetch requested onion address and auth type.
@@ -5117,14 +6231,102 @@ control_event_hs_descriptor_requested(const rend_data_t *rend_query,
     return;
   }
 
-  send_control_event(EVENT_HS_DESC, ALL_FORMATS,
+  send_control_event(EVENT_HS_DESC,
                      "650 HS_DESC REQUESTED %s %s %s %s\r\n",
-                     rend_query->onion_address,
+                     rend_hsaddress_str_or_unknown(rend_query->onion_address),
                      rend_auth_type_to_string(rend_query->auth_type),
                      node_describe_longname_by_id(id_digest),
                      desc_id_base32);
 }
 
+/** For an HS descriptor query <b>rend_data</b>, using the
+ * <b>onion_address</b> and HSDir fingerprint <b>hsdir_fp</b>, find out
+ * which descriptor ID in the query is the right one.
+ *
+ * Return a pointer of the binary descriptor ID found in the query's object
+ * or NULL if not found. */
+static const char *
+get_desc_id_from_query(const rend_data_t *rend_data, const char *hsdir_fp)
+{
+  int replica;
+  const char *desc_id = NULL;
+
+  /* Possible if the fetch was done using a descriptor ID. This means that
+   * the HSFETCH command was used. */
+  if (!tor_digest_is_zero(rend_data->desc_id_fetch)) {
+    desc_id = rend_data->desc_id_fetch;
+    goto end;
+  }
+
+  /* OK, we have an onion address so now let's find which descriptor ID
+   * is the one associated with the HSDir fingerprint. */
+  for (replica = 0; replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
+       replica++) {
+    const char *digest = rend_data->descriptor_id[replica];
+
+    SMARTLIST_FOREACH_BEGIN(rend_data->hsdirs_fp, char *, fingerprint) {
+      if (tor_memcmp(fingerprint, hsdir_fp, DIGEST_LEN) == 0) {
+        /* Found it! This descriptor ID is the right one. */
+        desc_id = digest;
+        goto end;
+      }
+    } SMARTLIST_FOREACH_END(fingerprint);
+  }
+
+ end:
+  return desc_id;
+}
+
+/** send HS_DESC CREATED event when a local service generates a descriptor.
+ *
+ * <b>service_id</b> is the descriptor onion address.
+ * <b>desc_id_base32</b> is the descriptor ID.
+ * <b>replica</b> is the the descriptor replica number.
+ */
+void
+control_event_hs_descriptor_created(const char *service_id,
+                                    const char *desc_id_base32,
+                                    int replica)
+{
+  if (!service_id || !desc_id_base32) {
+    log_warn(LD_BUG, "Called with service_digest==%p, "
+             "desc_id_base32==%p", service_id, desc_id_base32);
+    return;
+  }
+
+  send_control_event(EVENT_HS_DESC,
+                     "650 HS_DESC CREATED %s UNKNOWN UNKNOWN %s "
+                     "REPLICA=%d\r\n",
+                     service_id,
+                     desc_id_base32,
+                     replica);
+}
+
+/** send HS_DESC upload event.
+ *
+ * <b>service_id</b> is the descriptor onion address.
+ * <b>hs_dir</b> is the description of contacting hs directory.
+ * <b>desc_id_base32</b> is the ID of requested hs descriptor.
+ */
+void
+control_event_hs_descriptor_upload(const char *service_id,
+                                   const char *id_digest,
+                                   const char *desc_id_base32)
+{
+  if (!service_id || !id_digest || !desc_id_base32) {
+    log_warn(LD_BUG, "Called with service_digest==%p, "
+             "desc_id_base32==%p, id_digest==%p", service_id,
+             desc_id_base32, id_digest);
+    return;
+  }
+
+  send_control_event(EVENT_HS_DESC,
+                     "650 HS_DESC UPLOAD %s UNKNOWN %s %s\r\n",
+                     service_id,
+                     node_describe_longname_by_id(id_digest),
+                     desc_id_base32);
+}
+
 /** send HS_DESC event after got response from hs directory.
  *
  * NOTE: this is an internal function used by following functions:
@@ -5135,53 +6337,190 @@ control_event_hs_descriptor_requested(const rend_data_t *rend_query,
  */
 void
 control_event_hs_descriptor_receive_end(const char *action,
-                                        const rend_data_t *rend_query,
-                                        const char *id_digest)
+                                        const char *onion_address,
+                                        const rend_data_t *rend_data,
+                                        const char *id_digest,
+                                        const char *reason)
 {
-  if (!action || !rend_query || !id_digest) {
-    log_warn(LD_BUG, "Called with action==%p, rend_query==%p, "
-             "id_digest==%p", action, rend_query, id_digest);
+  char *desc_id_field = NULL;
+  char *reason_field = NULL;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  const char *desc_id = NULL;
+
+  if (!action || !id_digest || !rend_data || !onion_address) {
+    log_warn(LD_BUG, "Called with action==%p, id_digest==%p, "
+             "rend_data==%p, onion_address==%p", action, id_digest,
+             rend_data, onion_address);
     return;
   }
 
-  send_control_event(EVENT_HS_DESC, ALL_FORMATS,
-                     "650 HS_DESC %s %s %s %s\r\n",
+  desc_id = get_desc_id_from_query(rend_data, id_digest);
+  if (desc_id != NULL) {
+    /* Set the descriptor ID digest to base32 so we can send it. */
+    base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
+                  DIGEST_LEN);
+    /* Extra whitespace is needed before the value. */
+    tor_asprintf(&desc_id_field, " %s", desc_id_base32);
+  }
+
+  if (reason) {
+    tor_asprintf(&reason_field, " REASON=%s", reason);
+  }
+
+  send_control_event(EVENT_HS_DESC,
+                     "650 HS_DESC %s %s %s %s%s%s\r\n",
                      action,
-                     rend_query->onion_address,
-                     rend_auth_type_to_string(rend_query->auth_type),
-                     node_describe_longname_by_id(id_digest));
+                     rend_hsaddress_str_or_unknown(onion_address),
+                     rend_auth_type_to_string(rend_data->auth_type),
+                     node_describe_longname_by_id(id_digest),
+                     desc_id_field ? desc_id_field : "",
+                     reason_field ? reason_field : "");
+
+  tor_free(desc_id_field);
+  tor_free(reason_field);
+}
+
+/** send HS_DESC event after got response from hs directory.
+ *
+ * NOTE: this is an internal function used by following functions:
+ * control_event_hs_descriptor_uploaded
+ * control_event_hs_descriptor_upload_failed
+ *
+ * So do not call this function directly.
+ */
+void
+control_event_hs_descriptor_upload_end(const char *action,
+                                       const char *onion_address,
+                                       const char *id_digest,
+                                       const char *reason)
+{
+  char *reason_field = NULL;
+
+  if (!action || !id_digest) {
+    log_warn(LD_BUG, "Called with action==%p, id_digest==%p", action,
+             id_digest);
+    return;
+  }
+
+  if (reason) {
+    tor_asprintf(&reason_field, " REASON=%s", reason);
+  }
+
+  send_control_event(EVENT_HS_DESC,
+                     "650 HS_DESC %s %s UNKNOWN %s%s\r\n",
+                     action,
+                     rend_hsaddress_str_or_unknown(onion_address),
+                     node_describe_longname_by_id(id_digest),
+                     reason_field ? reason_field : "");
+
+  tor_free(reason_field);
 }
 
 /** send HS_DESC RECEIVED event
  *
- * called when a we successfully received a hidden service descriptor.
+ * called when we successfully received a hidden service descriptor.
  */
 void
-control_event_hs_descriptor_received(const rend_data_t *rend_query,
+control_event_hs_descriptor_received(const char *onion_address,
+                                     const rend_data_t *rend_data,
                                      const char *id_digest)
 {
-  if (!rend_query || !id_digest) {
-    log_warn(LD_BUG, "Called with rend_query==%p, id_digest==%p",
-             rend_query, id_digest);
+  if (!rend_data || !id_digest || !onion_address) {
+    log_warn(LD_BUG, "Called with rend_data==%p, id_digest==%p, "
+             "onion_address==%p", rend_data, id_digest, onion_address);
     return;
   }
-  control_event_hs_descriptor_receive_end("RECEIVED", rend_query, id_digest);
+  control_event_hs_descriptor_receive_end("RECEIVED", onion_address,
+                                          rend_data, id_digest, NULL);
 }
 
-/** send HS_DESC FAILED event
+/** send HS_DESC UPLOADED event
  *
- * called when request for hidden service descriptor returned failure.
+ * called when we successfully uploaded a hidden service descriptor.
+ */
+void
+control_event_hs_descriptor_uploaded(const char *id_digest,
+                                     const char *onion_address)
+{
+  if (!id_digest) {
+    log_warn(LD_BUG, "Called with id_digest==%p",
+             id_digest);
+    return;
+  }
+
+  control_event_hs_descriptor_upload_end("UPLOADED", onion_address,
+                                         id_digest, NULL);
+}
+
+/** Send HS_DESC event to inform controller that query <b>rend_query</b>
+ * failed to retrieve hidden service descriptor identified by
+ * <b>id_digest</b>. If <b>reason</b> is not NULL, add it to REASON=
+ * field.
+ */
+void
+control_event_hs_descriptor_failed(const rend_data_t *rend_data,
+                                   const char *id_digest,
+                                   const char *reason)
+{
+  if (!rend_data || !id_digest) {
+    log_warn(LD_BUG, "Called with rend_data==%p, id_digest==%p",
+             rend_data, id_digest);
+    return;
+  }
+  control_event_hs_descriptor_receive_end("FAILED",
+                                          rend_data->onion_address,
+                                          rend_data, id_digest, reason);
+}
+
+/** send HS_DESC_CONTENT event after completion of a successful fetch from
+ * hs directory. */
+void
+control_event_hs_descriptor_content(const char *onion_address,
+                                    const char *desc_id,
+                                    const char *hsdir_id_digest,
+                                    const char *content)
+{
+  static const char *event_name = "HS_DESC_CONTENT";
+  char *esc_content = NULL;
+
+  if (!onion_address || !desc_id || !hsdir_id_digest) {
+    log_warn(LD_BUG, "Called with onion_address==%p, desc_id==%p, "
+             "hsdir_id_digest==%p", onion_address, desc_id, hsdir_id_digest);
+    return;
+  }
+
+  if (content == NULL) {
+    /* Point it to empty content so it can still be escaped. */
+    content = "";
+  }
+  write_escaped_data(content, strlen(content), &esc_content);
+
+  send_control_event(EVENT_HS_DESC_CONTENT,
+                     "650+%s %s %s %s\r\n%s650 OK\r\n",
+                     event_name,
+                     rend_hsaddress_str_or_unknown(onion_address),
+                     desc_id,
+                     node_describe_longname_by_id(hsdir_id_digest),
+                     esc_content);
+  tor_free(esc_content);
+}
+
+/** Send HS_DESC event to inform controller upload of hidden service
+ * descriptor identified by <b>id_digest</b> failed. If <b>reason</b>
+ * is not NULL, add it to REASON= field.
  */
 void
-control_event_hs_descriptor_failed(const rend_data_t *rend_query,
-                                   const char *id_digest)
+control_event_hs_descriptor_upload_failed(const char *id_digest,
+                                          const char *onion_address,
+                                          const char *reason)
 {
-  if (!rend_query || !id_digest) {
-    log_warn(LD_BUG, "Called with rend_query==%p, id_digest==%p",
-             rend_query, id_digest);
+  if (!id_digest) {
+    log_warn(LD_BUG, "Called with id_digest==%p",
+             id_digest);
     return;
   }
-  control_event_hs_descriptor_receive_end("FAILED", rend_query, id_digest);
+  control_event_hs_descriptor_upload_end("UPLOAD_FAILED", onion_address,
+                                         id_digest, reason);
 }
 
 /** Free any leftover allocated memory of the control.c subsystem. */
@@ -5190,6 +6529,20 @@ control_free_all(void)
 {
   if (authentication_cookie) /* Free the auth cookie */
     tor_free(authentication_cookie);
+  if (detached_onion_services) { /* Free the detached onion services */
+    SMARTLIST_FOREACH(detached_onion_services, char *, cp, tor_free(cp));
+    smartlist_free(detached_onion_services);
+  }
+  if (queued_control_events) {
+    SMARTLIST_FOREACH(queued_control_events, queued_event_t *, ev,
+                      queued_event_free(ev));
+    smartlist_free(queued_control_events);
+    queued_control_events = NULL;
+  }
+  if (flush_queued_events_event) {
+    tor_event_free(flush_queued_events_event);
+    flush_queued_events_event = NULL;
+  }
 }
 
 #ifdef TOR_UNIT_TESTS
diff --git a/src/or/control.h b/src/or/control.h
index 8697262176..008bfb1c3b 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,6 +12,8 @@
 #ifndef TOR_CONTROL_H
 #define TOR_CONTROL_H
 
+void control_initialize_event_queue(void);
+
 void control_update_global_event_mask(void);
 void control_adjust_event_log_severity(void);
 
@@ -67,6 +69,7 @@ int control_event_or_authdir_new_descriptor(const char *action,
                                             size_t desclen,
                                             const char *msg);
 int control_event_my_descriptor_changed(void);
+int control_event_network_liveness_update(int liveness);
 int control_event_networkstatus_changed(smartlist_t *statuses);
 
 int control_event_newconsensus(const networkstatus_t *consensus);
@@ -77,6 +80,14 @@ int control_event_client_status(int severity, const char *format, ...)
   CHECK_PRINTF(2,3);
 int control_event_server_status(int severity, const char *format, ...)
   CHECK_PRINTF(2,3);
+
+int control_event_general_error(const char *format, ...)
+  CHECK_PRINTF(1,2);
+int control_event_client_error(const char *format, ...)
+  CHECK_PRINTF(1,2);
+int control_event_server_error(const char *format, ...)
+  CHECK_PRINTF(1,2);
+
 int control_event_guard(const char *nickname, const char *digest,
                         const char *status);
 int control_event_conf_changed(const smartlist_t *elements);
@@ -92,7 +103,7 @@ void enable_control_logging(void);
 
 void monitor_owning_controller_process(const char *process_spec);
 
-void control_event_bootstrap(bootstrap_status_t status, int progress);
+int control_event_bootstrap(bootstrap_status_t status, int progress);
 MOCK_DECL(void, control_event_bootstrap_problem,(const char *warn,
                                                  int reason,
                                                  or_connection_t *or_conn));
@@ -106,13 +117,36 @@ MOCK_DECL(const char *, node_describe_longname_by_id,(const char *id_digest));
 void control_event_hs_descriptor_requested(const rend_data_t *rend_query,
                                            const char *desc_id_base32,
                                            const char *hs_dir);
-void control_event_hs_descriptor_receive_end(const char *action,
-                                        const rend_data_t *rend_query,
-                                        const char *hs_dir);
-void control_event_hs_descriptor_received(const rend_data_t *rend_query,
-                                          const char *hs_dir);
-void control_event_hs_descriptor_failed(const rend_data_t *rend_query,
+void control_event_hs_descriptor_created(const char *service_id,
+                                         const char *desc_id_base32,
+                                         int replica);
+void control_event_hs_descriptor_upload(const char *service_id,
+                                        const char *desc_id_base32,
                                         const char *hs_dir);
+void control_event_hs_descriptor_receive_end(const char *action,
+                                             const char *onion_address,
+                                             const rend_data_t *rend_data,
+                                             const char *id_digest,
+                                             const char *reason);
+void control_event_hs_descriptor_upload_end(const char *action,
+                                            const char *onion_address,
+                                            const char *hs_dir,
+                                            const char *reason);
+void control_event_hs_descriptor_received(const char *onion_address,
+                                          const rend_data_t *rend_data,
+                                          const char *id_digest);
+void control_event_hs_descriptor_uploaded(const char *hs_dir,
+                                          const char *onion_address);
+void control_event_hs_descriptor_failed(const rend_data_t *rend_data,
+                                        const char *id_digest,
+                                        const char *reason);
+void control_event_hs_descriptor_upload_failed(const char *hs_dir,
+                                               const char *onion_address,
+                                               const char *reason);
+void control_event_hs_descriptor_content(const char *onion_address,
+                                         const char *desc_id,
+                                         const char *hsdir_fp,
+                                         const char *content);
 
 void control_free_all(void);
 
@@ -121,6 +155,7 @@ void control_free_all(void);
  * because it is used both as a list of v0 event types, and as indices
  * into the bitfield to determine which controllers want which events.
  */
+/* This bitfield has no event zero    0x0000 */
 #define EVENT_MIN_                    0x0001
 #define EVENT_CIRCUIT_STATUS          0x0001
 #define EVENT_STREAM_STATUS           0x0002
@@ -147,7 +182,7 @@ void control_free_all(void);
 #define EVENT_CLIENTS_SEEN            0x0015
 #define EVENT_NEWCONSENSUS            0x0016
 #define EVENT_BUILDTIMEOUT_SET        0x0017
-#define EVENT_SIGNAL                  0x0018
+#define EVENT_GOT_SIGNAL              0x0018
 #define EVENT_CONF_CHANGED            0x0019
 #define EVENT_CONN_BW                 0x001A
 #define EVENT_CELL_STATS              0x001B
@@ -155,25 +190,42 @@ void control_free_all(void);
 #define EVENT_CIRC_BANDWIDTH_USED     0x001D
 #define EVENT_TRANSPORT_LAUNCHED      0x0020
 #define EVENT_HS_DESC                 0x0021
-#define EVENT_MAX_                    0x0021
-/* If EVENT_MAX_ ever hits 0x003F, we need to make the mask into a
+#define EVENT_HS_DESC_CONTENT         0x0022
+#define EVENT_NETWORK_LIVENESS        0x0023
+#define EVENT_MAX_                    0x0023
+
+/* sizeof(control_connection_t.event_mask) in bits, currently a uint64_t */
+#define EVENT_CAPACITY_               0x0040
+
+/* If EVENT_MAX_ ever hits 0x0040, we need to make the mask into a
  * different structure, as it can only handle a maximum left shift of 1<<63. */
 
+#if EVENT_MAX_ >= EVENT_CAPACITY_
+#error control_connection_t.event_mask has an event greater than its capacity
+#endif
+
+#define EVENT_MASK_(e)               (((uint64_t)1)<<(e))
+
+#define EVENT_MASK_NONE_             ((uint64_t)0x0)
+
+#define EVENT_MASK_ABOVE_MIN_        ((~((uint64_t)0x0)) << EVENT_MIN_)
+#define EVENT_MASK_BELOW_MAX_        ((~((uint64_t)0x0)) \
+                                      >> (EVENT_CAPACITY_ - EVENT_MAX_ \
+                                          - EVENT_MIN_))
+
+#define EVENT_MASK_ALL_              (EVENT_MASK_ABOVE_MIN_ \
+                                      & EVENT_MASK_BELOW_MAX_)
+
 /* Used only by control.c and test.c */
 STATIC size_t write_escaped_data(const char *data, size_t len, char **out);
 STATIC size_t read_escaped_data(const char *data, size_t len, char **out);
-/** Flag for event_format_t.  Indicates that we should use the one standard
-    format.  (Other formats previous existed, and are now deprecated)
- */
-#define ALL_FORMATS 1
-/** Bit field of flags to select how to format a controller event.  Recognized
- * flag is ALL_FORMATS. */
-typedef int event_format_t;
 
 #ifdef TOR_UNIT_TESTS
 MOCK_DECL(STATIC void,
-send_control_event_string,(uint16_t event, event_format_t which,
-                           const char *msg));
+          send_control_event_string,(uint16_t event, const char *msg));
+
+MOCK_DECL(STATIC void,
+          queue_control_event_string,(uint16_t event, char *msg));
 
 void control_testing_set_global_event_mask(uint64_t mask);
 #endif
@@ -202,6 +254,11 @@ void append_cell_stats_by_command(smartlist_t *event_parts,
 void format_cell_stats(char **event_string, circuit_t *circ,
                        cell_stats_t *cell_stats);
 STATIC char *get_bw_samples(void);
+
+STATIC crypto_pk_t *add_onion_helper_keyarg(const char *arg, int discard_pk,
+                                            const char **key_new_alg_out,
+                                            char **key_new_blob_out,
+                                            char **err_msg_out);
 #endif
 
 #endif
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 61b2c29b38..3109d5a177 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -1,88 +1,103 @@
 /* Copyright (c) 2003-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
  * \file cpuworker.c
- * \brief Implements a farm of 'CPU worker' processes to perform
- * CPU-intensive tasks in another thread or process, to not
- * interrupt the main thread.
+ * \brief Uses the workqueue/threadpool code to farm CPU-intensive activities
+ * out to subprocesses.
  *
  * Right now, we only use this for processing onionskins.
  **/
 #include "or.h"
-#include "buffers.h"
 #include "channel.h"
-#include "channeltls.h"
 #include "circuitbuild.h"
 #include "circuitlist.h"
-#include "config.h"
-#include "connection.h"
 #include "connection_or.h"
+#include "config.h"
 #include "cpuworker.h"
 #include "main.h"
 #include "onion.h"
 #include "rephist.h"
 #include "router.h"
+#include "workqueue.h"
 
-/** The maximum number of cpuworker processes we will keep around. */
-#define MAX_CPUWORKERS 16
-/** The minimum number of cpuworker processes we will keep around. */
-#define MIN_CPUWORKERS 1
-
-/** The tag specifies which circuit this onionskin was from. */
-#define TAG_LEN 12
-
-/** How many cpuworkers we have running right now. */
-static int num_cpuworkers=0;
-/** How many of the running cpuworkers have an assigned task right now. */
-static int num_cpuworkers_busy=0;
-/** We need to spawn new cpuworkers whenever we rotate the onion keys
- * on platforms where execution contexts==processes.  This variable stores
- * the last time we got a key rotation event. */
-static time_t last_rotation_time=0;
-
-static void cpuworker_main(void *data) ATTR_NORETURN;
-static int spawn_cpuworker(void);
-static void spawn_enough_cpuworkers(void);
-static void process_pending_task(connection_t *cpuworker);
-
-/** Initialize the cpuworker subsystem.
- */
-void
-cpu_init(void)
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#else
+#include <event.h>
+#endif
+
+static void queue_pending_tasks(void);
+
+typedef struct worker_state_s {
+  int generation;
+  server_onion_keys_t *onion_keys;
+} worker_state_t;
+
+static void *
+worker_state_new(void *arg)
 {
-  cpuworkers_rotate();
+  worker_state_t *ws;
+  (void)arg;
+  ws = tor_malloc_zero(sizeof(worker_state_t));
+  ws->onion_keys = server_onion_keys_new();
+  return ws;
 }
-
-/** Called when we're done sending a request to a cpuworker. */
-int
-connection_cpu_finished_flushing(connection_t *conn)
+static void
+worker_state_free(void *arg)
 {
-  tor_assert(conn);
-  tor_assert(conn->type == CONN_TYPE_CPUWORKER);
-  return 0;
+  worker_state_t *ws = arg;
+  server_onion_keys_free(ws->onion_keys);
+  tor_free(ws);
 }
 
-/** Pack global_id and circ_id; set *tag to the result. (See note on
- * cpuworker_main for wire format.) */
+static replyqueue_t *replyqueue = NULL;
+static threadpool_t *threadpool = NULL;
+static struct event *reply_event = NULL;
+
+static tor_weak_rng_t request_sample_rng = TOR_WEAK_RNG_INIT;
+
+static int total_pending_tasks = 0;
+static int max_pending_tasks = 128;
+
 static void
-tag_pack(uint8_t *tag, uint64_t chan_id, circid_t circ_id)
+replyqueue_process_cb(evutil_socket_t sock, short events, void *arg)
 {
-  /*XXXX RETHINK THIS WHOLE MESS !!!! !NM NM NM NM*/
-  /*XXXX DOUBLEPLUSTHIS!!!! AS AS AS AS*/
-  set_uint64(tag, chan_id);
-  set_uint32(tag+8, circ_id);
+  replyqueue_t *rq = arg;
+  (void) sock;
+  (void) events;
+  replyqueue_process(rq);
 }
 
-/** Unpack <b>tag</b> into addr, port, and circ_id.
+/** Initialize the cpuworker subsystem. It is OK to call this more than once
+ * during Tor's lifetime.
  */
-static void
-tag_unpack(const uint8_t *tag, uint64_t *chan_id, circid_t *circ_id)
+void
+cpu_init(void)
 {
-  *chan_id = get_uint64(tag);
-  *circ_id = get_uint32(tag+8);
+  if (!replyqueue) {
+    replyqueue = replyqueue_new(0);
+  }
+  if (!reply_event) {
+    reply_event = tor_event_new(tor_libevent_get_base(),
+                                replyqueue_get_socket(replyqueue),
+                                EV_READ|EV_PERSIST,
+                                replyqueue_process_cb,
+                                replyqueue);
+    event_add(reply_event, NULL);
+  }
+  if (!threadpool) {
+    threadpool = threadpool_new(get_num_cpus(get_options()),
+                                replyqueue,
+                                worker_state_new,
+                                worker_state_free,
+                                NULL);
+  }
+  /* Total voodoo. Can we make this more sensible? */
+  max_pending_tasks = get_num_cpus(get_options()) * 64;
+  crypto_seed_weak_rng(&request_sample_rng);
 }
 
 /** Magic numbers to make sure our cpuworker_requests don't grow any
@@ -94,10 +109,6 @@ tag_unpack(const uint8_t *tag, uint64_t *chan_id, circid_t *circ_id)
 typedef struct cpuworker_request_t {
   /** Magic number; must be CPUWORKER_REQUEST_MAGIC. */
   uint32_t magic;
-  /** Opaque tag to identify the job */
-  uint8_t tag[TAG_LEN];
-  /** Task code. Must be one of CPUWORKER_TASK_* */
-  uint8_t task;
 
   /** Flag: Are we timing this request? */
   unsigned timed : 1;
@@ -114,8 +125,7 @@ typedef struct cpuworker_request_t {
 typedef struct cpuworker_reply_t {
   /** Magic number; must be CPUWORKER_REPLY_MAGIC. */
   uint32_t magic;
-  /** Opaque tag to identify the job; matches the request's tag.*/
-  uint8_t tag[TAG_LEN];
+
   /** True iff we got a successful request. */
   uint8_t success;
 
@@ -142,42 +152,45 @@ typedef struct cpuworker_reply_t {
   uint8_t rend_auth_material[DIGEST_LEN];
 } cpuworker_reply_t;
 
-/** Called when the onion key has changed and we need to spawn new
- * cpuworkers.  Close all currently idle cpuworkers, and mark the last
- * rotation time as now.
- */
-void
-cpuworkers_rotate(void)
+typedef struct cpuworker_job_u {
+  or_circuit_t *circ;
+  union {
+    cpuworker_request_t request;
+    cpuworker_reply_t reply;
+  } u;
+} cpuworker_job_t;
+
+static workqueue_reply_t
+update_state_threadfn(void *state_, void *work_)
 {
-  connection_t *cpuworker;
-  while ((cpuworker = connection_get_by_type_state(CONN_TYPE_CPUWORKER,
-                                                   CPUWORKER_STATE_IDLE))) {
-    connection_mark_for_close(cpuworker);
-    --num_cpuworkers;
-  }
-  last_rotation_time = time(NULL);
-  if (server_mode(get_options()))
-    spawn_enough_cpuworkers();
+  worker_state_t *state = state_;
+  worker_state_t *update = work_;
+  server_onion_keys_free(state->onion_keys);
+  state->onion_keys = update->onion_keys;
+  update->onion_keys = NULL;
+  ++state->generation;
+  return WQ_RPL_REPLY;
 }
 
-/** If the cpuworker closes the connection,
- * mark it as closed and spawn a new one as needed. */
-int
-connection_cpu_reached_eof(connection_t *conn)
+/** Called when the onion key has changed so update all CPU worker(s) with
+ * new function pointers with which a new state will be generated.
+ */
+void
+cpuworkers_rotate_keyinfo(void)
 {
-  log_warn(LD_GENERAL,"Read eof. CPU worker died unexpectedly.");
-  if (conn->state != CPUWORKER_STATE_IDLE) {
-    /* the circ associated with this cpuworker will have to wait until
-     * it gets culled in run_connection_housekeeping(), since we have
-     * no way to find out which circ it was. */
-    log_warn(LD_GENERAL,"...and it left a circuit queued; abandoning circ.");
-    num_cpuworkers_busy--;
+  if (!threadpool) {
+    /* If we're a client, then we won't have cpuworkers, and we won't need
+     * to tell them to rotate their state.
+     */
+    return;
+  }
+  if (threadpool_queue_update(threadpool,
+                              worker_state_new,
+                              update_state_threadfn,
+                              worker_state_free,
+                              NULL)) {
+    log_warn(LD_OR, "Failed to queue key update for worker threads.");
   }
-  num_cpuworkers--;
-  spawn_enough_cpuworkers(); /* try to regrow. hope we don't end up
-                                spinning. */
-  connection_mark_for_close(conn);
-  return 0;
 }
 
 /** Indexed by handshake type: how many onionskins have we processed and
@@ -197,8 +210,6 @@ static uint64_t onionskins_usec_roundtrip[MAX_ONION_HANDSHAKE_TYPE+1];
  * time. (microseconds) */
 #define MAX_BELIEVABLE_ONIONSKIN_DELAY (2*1000*1000)
 
-static tor_weak_rng_t request_sample_rng = TOR_WEAK_RNG_INIT;
-
 /** Return true iff we'd like to measure a handshake of type
  * <b>onionskin_type</b>. Call only from the main thread. */
 static int
@@ -286,438 +297,275 @@ cpuworker_log_onionskin_overhead(int severity, int onionskin_type,
          onionskin_type_name, (unsigned)overhead, relative_overhead*100);
 }
 
-/** Called when we get data from a cpuworker.  If the answer is not complete,
- * wait for a complete answer. If the answer is complete,
- * process it as appropriate.
- */
-int
-connection_cpu_process_inbuf(connection_t *conn)
-{
-  uint64_t chan_id;
-  circid_t circ_id;
-  channel_t *p_chan = NULL;
-  circuit_t *circ;
-
-  tor_assert(conn);
-  tor_assert(conn->type == CONN_TYPE_CPUWORKER);
-
-  if (!connection_get_inbuf_len(conn))
-    return 0;
-
-  if (conn->state == CPUWORKER_STATE_BUSY_ONION) {
-    cpuworker_reply_t rpl;
-    if (connection_get_inbuf_len(conn) < sizeof(cpuworker_reply_t))
-      return 0; /* not yet */
-    tor_assert(connection_get_inbuf_len(conn) == sizeof(cpuworker_reply_t));
-
-    connection_fetch_from_buf((void*)&rpl,sizeof(cpuworker_reply_t),conn);
-
-    tor_assert(rpl.magic == CPUWORKER_REPLY_MAGIC);
-
-    if (rpl.timed && rpl.success &&
-        rpl.handshake_type <= MAX_ONION_HANDSHAKE_TYPE) {
-      /* Time how long this request took. The handshake_type check should be
-         needless, but let's leave it in to be safe. */
-      struct timeval tv_end, tv_diff;
-      int64_t usec_roundtrip;
-      tor_gettimeofday(&tv_end);
-      timersub(&tv_end, &rpl.started_at, &tv_diff);
-      usec_roundtrip = ((int64_t)tv_diff.tv_sec)*1000000 + tv_diff.tv_usec;
-      if (usec_roundtrip >= 0 &&
-          usec_roundtrip < MAX_BELIEVABLE_ONIONSKIN_DELAY) {
-        ++onionskins_n_processed[rpl.handshake_type];
-        onionskins_usec_internal[rpl.handshake_type] += rpl.n_usec;
-        onionskins_usec_roundtrip[rpl.handshake_type] += usec_roundtrip;
-        if (onionskins_n_processed[rpl.handshake_type] >= 500000) {
-          /* Scale down every 500000 handshakes.  On a busy server, that's
-           * less impressive than it sounds. */
-          onionskins_n_processed[rpl.handshake_type] /= 2;
-          onionskins_usec_internal[rpl.handshake_type] /= 2;
-          onionskins_usec_roundtrip[rpl.handshake_type] /= 2;
-        }
-      }
-    }
-    /* parse out the circ it was talking about */
-    tag_unpack(rpl.tag, &chan_id, &circ_id);
-    circ = NULL;
-    log_debug(LD_OR,
-              "Unpacking cpuworker reply, chan_id is " U64_FORMAT
-              ", circ_id is %u",
-              U64_PRINTF_ARG(chan_id), (unsigned)circ_id);
-    p_chan = channel_find_by_global_id(chan_id);
-
-    if (p_chan)
-      circ = circuit_get_by_circid_channel(circ_id, p_chan);
-
-    if (rpl.success == 0) {
-      log_debug(LD_OR,
-                "decoding onionskin failed. "
-                "(Old key or bad software.) Closing.");
-      if (circ)
-        circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
-      goto done_processing;
-    }
-    if (!circ) {
-      /* This happens because somebody sends us a destroy cell and the
-       * circuit goes away, while the cpuworker is working. This is also
-       * why our tag doesn't include a pointer to the circ, because we'd
-       * never know if it's still valid.
-       */
-      log_debug(LD_OR,"processed onion for a circ that's gone. Dropping.");
-      goto done_processing;
-    }
-    tor_assert(! CIRCUIT_IS_ORIGIN(circ));
-    if (onionskin_answer(TO_OR_CIRCUIT(circ),
-                         &rpl.created_cell,
-                         (const char*)rpl.keys,
-                         rpl.rend_auth_material) < 0) {
-      log_warn(LD_OR,"onionskin_answer failed. Closing.");
-      circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
-      goto done_processing;
-    }
-    log_debug(LD_OR,"onionskin_answer succeeded. Yay.");
-  } else {
-    tor_assert(0); /* don't ask me to do handshakes yet */
-  }
-
- done_processing:
-  conn->state = CPUWORKER_STATE_IDLE;
-  num_cpuworkers_busy--;
-  if (conn->timestamp_created < last_rotation_time) {
-    connection_mark_for_close(conn);
-    num_cpuworkers--;
-    spawn_enough_cpuworkers();
-  } else {
-    process_pending_task(conn);
-  }
-  return 0;
-}
-
-/** Implement a cpuworker.  'data' is an fdarray as returned by socketpair.
- * Read and writes from fdarray[1].  Reads requests, writes answers.
- *
- *   Request format:
- *          cpuworker_request_t.
- *   Response format:
- *          cpuworker_reply_t
- */
+/** Handle a reply from the worker threads. */
 static void
-cpuworker_main(void *data)
+cpuworker_onion_handshake_replyfn(void *work_)
 {
-  /* For talking to the parent thread/process */
-  tor_socket_t *fdarray = data;
-  tor_socket_t fd;
-
-  /* variables for onion processing */
-  server_onion_keys_t onion_keys;
-  cpuworker_request_t req;
+  cpuworker_job_t *job = work_;
   cpuworker_reply_t rpl;
-
-  fd = fdarray[1]; /* this side is ours */
-#ifndef TOR_IS_MULTITHREADED
-  tor_close_socket(fdarray[0]); /* this is the side of the socketpair the
-                                 * parent uses */
-  tor_free_all(1); /* so the child doesn't hold the parent's fd's open */
-  handle_signals(0); /* ignore interrupts from the keyboard, etc */
-#endif
-  tor_free(data);
-
-  setup_server_onion_keys(&onion_keys);
-
-  for (;;) {
-    if (read_all(fd, (void *)&req, sizeof(req), 1) != sizeof(req)) {
-      log_info(LD_OR, "read request failed. Exiting.");
-      goto end;
-    }
-    tor_assert(req.magic == CPUWORKER_REQUEST_MAGIC);
-
-    memset(&rpl, 0, sizeof(rpl));
-
-    if (req.task == CPUWORKER_TASK_ONION) {
-      const create_cell_t *cc = &req.create_cell;
-      created_cell_t *cell_out = &rpl.created_cell;
-      struct timeval tv_start = {0,0}, tv_end;
-      int n;
-      rpl.timed = req.timed;
-      rpl.started_at = req.started_at;
-      rpl.handshake_type = cc->handshake_type;
-      if (req.timed)
-        tor_gettimeofday(&tv_start);
-      n = onion_skin_server_handshake(cc->handshake_type,
-                                      cc->onionskin, cc->handshake_len,
-                                      &onion_keys,
-                                      cell_out->reply,
-                                      rpl.keys, CPATH_KEY_MATERIAL_LEN,
-                                      rpl.rend_auth_material);
-      if (n < 0) {
-        /* failure */
-        log_debug(LD_OR,"onion_skin_server_handshake failed.");
-        memset(&rpl, 0, sizeof(rpl));
-        memcpy(rpl.tag, req.tag, TAG_LEN);
-        rpl.success = 0;
-      } else {
-        /* success */
-        log_debug(LD_OR,"onion_skin_server_handshake succeeded.");
-        memcpy(rpl.tag, req.tag, TAG_LEN);
-        cell_out->handshake_len = n;
-        switch (cc->cell_type) {
-        case CELL_CREATE:
-          cell_out->cell_type = CELL_CREATED; break;
-        case CELL_CREATE2:
-          cell_out->cell_type = CELL_CREATED2; break;
-        case CELL_CREATE_FAST:
-          cell_out->cell_type = CELL_CREATED_FAST; break;
-        default:
-          tor_assert(0);
-          goto end;
-        }
-        rpl.success = 1;
-      }
-      rpl.magic = CPUWORKER_REPLY_MAGIC;
-      if (req.timed) {
-        struct timeval tv_diff;
-        int64_t usec;
-        tor_gettimeofday(&tv_end);
-        timersub(&tv_end, &tv_start, &tv_diff);
-        usec = ((int64_t)tv_diff.tv_sec)*1000000 + tv_diff.tv_usec;
-        if (usec < 0 || usec > MAX_BELIEVABLE_ONIONSKIN_DELAY)
-          rpl.n_usec = MAX_BELIEVABLE_ONIONSKIN_DELAY;
-        else
-          rpl.n_usec = (uint32_t) usec;
+  or_circuit_t *circ = NULL;
+
+  tor_assert(total_pending_tasks > 0);
+  --total_pending_tasks;
+
+  /* Could avoid this, but doesn't matter. */
+  memcpy(&rpl, &job->u.reply, sizeof(rpl));
+
+  tor_assert(rpl.magic == CPUWORKER_REPLY_MAGIC);
+
+  if (rpl.timed && rpl.success &&
+      rpl.handshake_type <= MAX_ONION_HANDSHAKE_TYPE) {
+    /* Time how long this request took. The handshake_type check should be
+       needless, but let's leave it in to be safe. */
+    struct timeval tv_end, tv_diff;
+    int64_t usec_roundtrip;
+    tor_gettimeofday(&tv_end);
+    timersub(&tv_end, &rpl.started_at, &tv_diff);
+    usec_roundtrip = ((int64_t)tv_diff.tv_sec)*1000000 + tv_diff.tv_usec;
+    if (usec_roundtrip >= 0 &&
+        usec_roundtrip < MAX_BELIEVABLE_ONIONSKIN_DELAY) {
+      ++onionskins_n_processed[rpl.handshake_type];
+      onionskins_usec_internal[rpl.handshake_type] += rpl.n_usec;
+      onionskins_usec_roundtrip[rpl.handshake_type] += usec_roundtrip;
+      if (onionskins_n_processed[rpl.handshake_type] >= 500000) {
+        /* Scale down every 500000 handshakes.  On a busy server, that's
+         * less impressive than it sounds. */
+        onionskins_n_processed[rpl.handshake_type] /= 2;
+        onionskins_usec_internal[rpl.handshake_type] /= 2;
+        onionskins_usec_roundtrip[rpl.handshake_type] /= 2;
       }
-      if (write_all(fd, (void*)&rpl, sizeof(rpl), 1) != sizeof(rpl)) {
-        log_err(LD_BUG,"writing response buf failed. Exiting.");
-        goto end;
-      }
-      log_debug(LD_OR,"finished writing response.");
-    } else if (req.task == CPUWORKER_TASK_SHUTDOWN) {
-      log_info(LD_OR,"Clean shutdown: exiting");
-      goto end;
     }
-    memwipe(&req, 0, sizeof(req));
-    memwipe(&rpl, 0, sizeof(req));
   }
- end:
-  memwipe(&req, 0, sizeof(req));
-  memwipe(&rpl, 0, sizeof(req));
-  release_server_onion_keys(&onion_keys);
-  tor_close_socket(fd);
-  crypto_thread_cleanup();
-  spawn_exit();
-}
 
-/** Launch a new cpuworker. Return 0 if we're happy, -1 if we failed.
- */
-static int
-spawn_cpuworker(void)
-{
-  tor_socket_t *fdarray;
-  tor_socket_t fd;
-  connection_t *conn;
-  int err;
-
-  fdarray = tor_malloc(sizeof(tor_socket_t)*2);
-  if ((err = tor_socketpair(AF_UNIX, SOCK_STREAM, 0, fdarray)) < 0) {
-    log_warn(LD_NET, "Couldn't construct socketpair for cpuworker: %s",
-             tor_socket_strerror(-err));
-    tor_free(fdarray);
-    return -1;
-  }
+  circ = job->circ;
 
-  tor_assert(SOCKET_OK(fdarray[0]));
-  tor_assert(SOCKET_OK(fdarray[1]));
+  log_debug(LD_OR,
+            "Unpacking cpuworker reply %p, circ=%p, success=%d",
+            job, circ, rpl.success);
 
-  fd = fdarray[0];
-  if (spawn_func(cpuworker_main, (void*)fdarray) < 0) {
-    tor_close_socket(fdarray[0]);
-    tor_close_socket(fdarray[1]);
-    tor_free(fdarray);
-    return -1;
+  if (circ->base_.magic == DEAD_CIRCUIT_MAGIC) {
+    /* The circuit was supposed to get freed while the reply was
+     * pending. Instead, it got left for us to free so that we wouldn't freak
+     * out when the job->circ field wound up pointing to nothing. */
+    log_debug(LD_OR, "Circuit died while reply was pending. Freeing memory.");
+    circ->base_.magic = 0;
+    tor_free(circ);
+    goto done_processing;
   }
-  log_debug(LD_OR,"just spawned a cpu worker.");
-#ifndef TOR_IS_MULTITHREADED
-  tor_close_socket(fdarray[1]); /* don't need the worker's side of the pipe */
-  tor_free(fdarray);
-#endif
-
-  conn = connection_new(CONN_TYPE_CPUWORKER, AF_UNIX);
 
-  /* set up conn so it's got all the data we need to remember */
-  conn->s = fd;
-  conn->address = tor_strdup("localhost");
-  tor_addr_make_unspec(&conn->addr);
+  circ->workqueue_entry = NULL;
 
-  if (set_socket_nonblocking(fd) == -1) {
-    connection_free(conn); /* this closes fd */
-    return -1;
+  if (TO_CIRCUIT(circ)->marked_for_close) {
+    /* We already marked this circuit; we can't call it open. */
+    log_debug(LD_OR,"circuit is already marked.");
+    goto done_processing;
   }
 
-  if (connection_add(conn) < 0) { /* no space, forget it */
-    log_warn(LD_NET,"connection_add for cpuworker failed. Giving up.");
-    connection_free(conn); /* this closes fd */
-    return -1;
+  if (rpl.success == 0) {
+    log_debug(LD_OR,
+              "decoding onionskin failed. "
+              "(Old key or bad software.) Closing.");
+    circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
+    goto done_processing;
   }
 
-  conn->state = CPUWORKER_STATE_IDLE;
-  connection_start_reading(conn);
+  if (onionskin_answer(circ,
+                       &rpl.created_cell,
+                       (const char*)rpl.keys,
+                       rpl.rend_auth_material) < 0) {
+    log_warn(LD_OR,"onionskin_answer failed. Closing.");
+    circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
+    goto done_processing;
+  }
+  log_debug(LD_OR,"onionskin_answer succeeded. Yay.");
 
-  return 0; /* success */
+ done_processing:
+  memwipe(&rpl, 0, sizeof(rpl));
+  memwipe(job, 0, sizeof(*job));
+  tor_free(job);
+  queue_pending_tasks();
 }
 
-/** If we have too few or too many active cpuworkers, try to spawn new ones
- * or kill idle ones.
- */
-static void
-spawn_enough_cpuworkers(void)
+/** Implementation function for onion handshake requests. */
+static workqueue_reply_t
+cpuworker_onion_handshake_threadfn(void *state_, void *work_)
 {
-  int num_cpuworkers_needed = get_num_cpus(get_options());
-  int reseed = 0;
+  worker_state_t *state = state_;
+  cpuworker_job_t *job = work_;
 
-  if (num_cpuworkers_needed < MIN_CPUWORKERS)
-    num_cpuworkers_needed = MIN_CPUWORKERS;
-  if (num_cpuworkers_needed > MAX_CPUWORKERS)
-    num_cpuworkers_needed = MAX_CPUWORKERS;
+  /* variables for onion processing */
+  server_onion_keys_t *onion_keys = state->onion_keys;
+  cpuworker_request_t req;
+  cpuworker_reply_t rpl;
 
-  while (num_cpuworkers < num_cpuworkers_needed) {
-    if (spawn_cpuworker() < 0) {
-      log_warn(LD_GENERAL,"Cpuworker spawn failed. Will try again later.");
-      return;
+  memcpy(&req, &job->u.request, sizeof(req));
+
+  tor_assert(req.magic == CPUWORKER_REQUEST_MAGIC);
+  memset(&rpl, 0, sizeof(rpl));
+
+  const create_cell_t *cc = &req.create_cell;
+  created_cell_t *cell_out = &rpl.created_cell;
+  struct timeval tv_start = {0,0}, tv_end;
+  int n;
+  rpl.timed = req.timed;
+  rpl.started_at = req.started_at;
+  rpl.handshake_type = cc->handshake_type;
+  if (req.timed)
+    tor_gettimeofday(&tv_start);
+  n = onion_skin_server_handshake(cc->handshake_type,
+                                  cc->onionskin, cc->handshake_len,
+                                  onion_keys,
+                                  cell_out->reply,
+                                  rpl.keys, CPATH_KEY_MATERIAL_LEN,
+                                  rpl.rend_auth_material);
+  if (n < 0) {
+    /* failure */
+    log_debug(LD_OR,"onion_skin_server_handshake failed.");
+    memset(&rpl, 0, sizeof(rpl));
+    rpl.success = 0;
+  } else {
+    /* success */
+    log_debug(LD_OR,"onion_skin_server_handshake succeeded.");
+    cell_out->handshake_len = n;
+    switch (cc->cell_type) {
+    case CELL_CREATE:
+      cell_out->cell_type = CELL_CREATED; break;
+    case CELL_CREATE2:
+      cell_out->cell_type = CELL_CREATED2; break;
+    case CELL_CREATE_FAST:
+      cell_out->cell_type = CELL_CREATED_FAST; break;
+    default:
+      tor_assert(0);
+      return WQ_RPL_SHUTDOWN;
     }
-    num_cpuworkers++;
-    reseed++;
+    rpl.success = 1;
   }
+  rpl.magic = CPUWORKER_REPLY_MAGIC;
+  if (req.timed) {
+    struct timeval tv_diff;
+    int64_t usec;
+    tor_gettimeofday(&tv_end);
+    timersub(&tv_end, &tv_start, &tv_diff);
+    usec = ((int64_t)tv_diff.tv_sec)*1000000 + tv_diff.tv_usec;
+    if (usec < 0 || usec > MAX_BELIEVABLE_ONIONSKIN_DELAY)
+      rpl.n_usec = MAX_BELIEVABLE_ONIONSKIN_DELAY;
+    else
+      rpl.n_usec = (uint32_t) usec;
+  }
+
+  memcpy(&job->u.reply, &rpl, sizeof(rpl));
 
-  if (reseed)
-    crypto_seed_weak_rng(&request_sample_rng);
+  memwipe(&req, 0, sizeof(req));
+  memwipe(&rpl, 0, sizeof(req));
+  return WQ_RPL_REPLY;
 }
 
-/** Take a pending task from the queue and assign it to 'cpuworker'. */
+/** Take pending tasks from the queue and assign them to cpuworkers. */
 static void
-process_pending_task(connection_t *cpuworker)
+queue_pending_tasks(void)
 {
   or_circuit_t *circ;
   create_cell_t *onionskin = NULL;
 
-  tor_assert(cpuworker);
+  while (total_pending_tasks < max_pending_tasks) {
+    circ = onion_next_task(&onionskin);
 
-  /* for now only process onion tasks */
-
-  circ = onion_next_task(&onionskin);
-  if (!circ)
-    return;
-  if (assign_onionskin_to_cpuworker(cpuworker, circ, onionskin))
-    log_warn(LD_OR,"assign_to_cpuworker failed. Ignoring.");
-}
-
-/** How long should we let a cpuworker stay busy before we give
- * up on it and decide that we have a bug or infinite loop?
- * This value is high because some servers with low memory/cpu
- * sometimes spend an hour or more swapping, and Tor starves. */
-#define CPUWORKER_BUSY_TIMEOUT (60*60*12)
+    if (!circ)
+      return;
 
-/** We have a bug that I can't find. Sometimes, very rarely, cpuworkers get
- * stuck in the 'busy' state, even though the cpuworker process thinks of
- * itself as idle. I don't know why. But here's a workaround to kill any
- * cpuworker that's been busy for more than CPUWORKER_BUSY_TIMEOUT.
- */
-static void
-cull_wedged_cpuworkers(void)
-{
-  time_t now = time(NULL);
-  smartlist_t *conns = get_connection_array();
-  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
-    if (!conn->marked_for_close &&
-        conn->type == CONN_TYPE_CPUWORKER &&
-        conn->state == CPUWORKER_STATE_BUSY_ONION &&
-        conn->timestamp_lastwritten + CPUWORKER_BUSY_TIMEOUT < now) {
-      log_notice(LD_BUG,
-                 "closing wedged cpuworker. Can somebody find the bug?");
-      num_cpuworkers_busy--;
-      num_cpuworkers--;
-      connection_mark_for_close(conn);
-    }
-  } SMARTLIST_FOREACH_END(conn);
+    if (assign_onionskin_to_cpuworker(circ, onionskin))
+      log_warn(LD_OR,"assign_to_cpuworker failed. Ignoring.");
+  }
 }
 
 /** Try to tell a cpuworker to perform the public key operations necessary to
  * respond to <b>onionskin</b> for the circuit <b>circ</b>.
  *
- * If <b>cpuworker</b> is defined, assert that he's idle, and use him. Else,
- * look for an idle cpuworker and use him. If none idle, queue task onto the
- * pending onion list and return.  Return 0 if we successfully assign the
- * task, or -1 on failure.
+ * Return 0 if we successfully assign the task, or -1 on failure.
  */
 int
-assign_onionskin_to_cpuworker(connection_t *cpuworker,
-                              or_circuit_t *circ,
+assign_onionskin_to_cpuworker(or_circuit_t *circ,
                               create_cell_t *onionskin)
 {
+  workqueue_entry_t *queue_entry;
+  cpuworker_job_t *job;
   cpuworker_request_t req;
-  time_t now = approx_time();
-  static time_t last_culled_cpuworkers = 0;
   int should_time;
 
-  /* Checking for wedged cpuworkers requires a linear search over all
-   * connections, so let's do it only once a minute.
-   */
-#define CULL_CPUWORKERS_INTERVAL 60
+  tor_assert(threadpool);
 
-  if (last_culled_cpuworkers + CULL_CPUWORKERS_INTERVAL <= now) {
-    cull_wedged_cpuworkers();
-    spawn_enough_cpuworkers();
-    last_culled_cpuworkers = now;
+  if (!circ->p_chan) {
+    log_info(LD_OR,"circ->p_chan gone. Failing circ.");
+    tor_free(onionskin);
+    return -1;
   }
 
-  if (1) {
-    if (num_cpuworkers_busy == num_cpuworkers) {
-      log_debug(LD_OR,"No idle cpuworkers. Queuing.");
-      if (onion_pending_add(circ, onionskin) < 0) {
-        tor_free(onionskin);
-        return -1;
-      }
-      return 0;
-    }
-
-    if (!cpuworker)
-      cpuworker = connection_get_by_type_state(CONN_TYPE_CPUWORKER,
-                                               CPUWORKER_STATE_IDLE);
-
-    tor_assert(cpuworker);
-
-    if (!circ->p_chan) {
-      log_info(LD_OR,"circ->p_chan gone. Failing circ.");
+  if (total_pending_tasks >= max_pending_tasks) {
+    log_debug(LD_OR,"No idle cpuworkers. Queuing.");
+    if (onion_pending_add(circ, onionskin) < 0) {
       tor_free(onionskin);
       return -1;
     }
+    return 0;
+  }
 
-    if (connection_or_digest_is_known_relay(circ->p_chan->identity_digest))
-      rep_hist_note_circuit_handshake_assigned(onionskin->handshake_type);
+  if (connection_or_digest_is_known_relay(circ->p_chan->identity_digest))
+    rep_hist_note_circuit_handshake_assigned(onionskin->handshake_type);
 
-    should_time = should_time_request(onionskin->handshake_type);
-    memset(&req, 0, sizeof(req));
-    req.magic = CPUWORKER_REQUEST_MAGIC;
-    tag_pack(req.tag, circ->p_chan->global_identifier,
-             circ->p_circ_id);
-    req.timed = should_time;
+  should_time = should_time_request(onionskin->handshake_type);
+  memset(&req, 0, sizeof(req));
+  req.magic = CPUWORKER_REQUEST_MAGIC;
+  req.timed = should_time;
 
-    cpuworker->state = CPUWORKER_STATE_BUSY_ONION;
-    /* touch the lastwritten timestamp, since that's how we check to
-     * see how long it's been since we asked the question, and sometimes
-     * we check before the first call to connection_handle_write(). */
-    cpuworker->timestamp_lastwritten = now;
-    num_cpuworkers_busy++;
+  memcpy(&req.create_cell, onionskin, sizeof(create_cell_t));
 
-    req.task = CPUWORKER_TASK_ONION;
-    memcpy(&req.create_cell, onionskin, sizeof(create_cell_t));
+  tor_free(onionskin);
 
-    tor_free(onionskin);
+  if (should_time)
+    tor_gettimeofday(&req.started_at);
 
-    if (should_time)
-      tor_gettimeofday(&req.started_at);
+  job = tor_malloc_zero(sizeof(cpuworker_job_t));
+  job->circ = circ;
+  memcpy(&job->u.request, &req, sizeof(req));
+  memwipe(&req, 0, sizeof(req));
 
-    connection_write_to_buf((void*)&req, sizeof(req), cpuworker);
-    memwipe(&req, 0, sizeof(req));
+  ++total_pending_tasks;
+  queue_entry = threadpool_queue_work(threadpool,
+                                      cpuworker_onion_handshake_threadfn,
+                                      cpuworker_onion_handshake_replyfn,
+                                      job);
+  if (!queue_entry) {
+    log_warn(LD_BUG, "Couldn't queue work on threadpool");
+    tor_free(job);
+    return -1;
   }
+
+  log_debug(LD_OR, "Queued task %p (qe=%p, circ=%p)",
+            job, queue_entry, job->circ);
+
+  circ->workqueue_entry = queue_entry;
+
   return 0;
 }
 
+/** If <b>circ</b> has a pending handshake that hasn't been processed yet,
+ * remove it from the worker queue. */
+void
+cpuworker_cancel_circ_handshake(or_circuit_t *circ)
+{
+  cpuworker_job_t *job;
+  if (circ->workqueue_entry == NULL)
+    return;
+
+  job = workqueue_entry_cancel(circ->workqueue_entry);
+  if (job) {
+    /* It successfully cancelled. */
+    memwipe(job, 0xe0, sizeof(*job));
+    tor_free(job);
+    tor_assert(total_pending_tasks > 0);
+    --total_pending_tasks;
+    /* if (!job), this is done in cpuworker_onion_handshake_replyfn. */
+    circ->workqueue_entry = NULL;
+  }
+}
+
diff --git a/src/or/cpuworker.h b/src/or/cpuworker.h
index 317cef43ba..62cf0eb164 100644
--- a/src/or/cpuworker.h
+++ b/src/or/cpuworker.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -13,19 +13,17 @@
 #define TOR_CPUWORKER_H
 
 void cpu_init(void);
-void cpuworkers_rotate(void);
-int connection_cpu_finished_flushing(connection_t *conn);
-int connection_cpu_reached_eof(connection_t *conn);
-int connection_cpu_process_inbuf(connection_t *conn);
+void cpuworkers_rotate_keyinfo(void);
+
 struct create_cell_t;
-int assign_onionskin_to_cpuworker(connection_t *cpuworker,
-                                  or_circuit_t *circ,
+int assign_onionskin_to_cpuworker(or_circuit_t *circ,
                                   struct create_cell_t *onionskin);
 
 uint64_t estimated_usec_for_onionskins(uint32_t n_requests,
                                        uint16_t onionskin_type);
 void cpuworker_log_onionskin_overhead(int severity, int onionskin_type,
                                       const char *onionskin_type_name);
+void cpuworker_cancel_circ_handshake(or_circuit_t *circ);
 
 #endif
 
diff --git a/src/or/dircollate.c b/src/or/dircollate.c
new file mode 100644
index 0000000000..3f9d78f02d
--- /dev/null
+++ b/src/or/dircollate.c
@@ -0,0 +1,327 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file dircollate.c
+ *
+ * \brief Collation code for figuring out which identities to vote for in
+ *   the directory voting process.
+ */
+
+#define DIRCOLLATE_PRIVATE
+#include "dircollate.h"
+#include "dirvote.h"
+
+static void dircollator_collate_by_rsa(dircollator_t *dc);
+static void dircollator_collate_by_ed25519(dircollator_t *dc);
+
+/** Hashtable entry mapping a pair of digests (actually an ed25519 key and an
+ * RSA SHA1 digest) to an array of vote_routerstatus_t. */
+typedef struct ddmap_entry_s {
+  HT_ENTRY(ddmap_entry_s) node;
+  uint8_t d[DIGEST_LEN + DIGEST256_LEN];
+  /* The nth member of this array corresponds to the vote_routerstatus_t (if
+   * any) received for this digest pair from the nth voter. */
+  vote_routerstatus_t *vrs_lst[FLEXIBLE_ARRAY_MEMBER];
+} ddmap_entry_t;
+
+/** Release all storage held by e. */
+static void
+ddmap_entry_free(ddmap_entry_t *e)
+{
+  tor_free(e);
+}
+
+/** Return a new empty ddmap_entry, with <b>n_votes</b> elements in
+ * vrs_list. */
+static ddmap_entry_t *
+ddmap_entry_new(int n_votes)
+{
+  return tor_malloc_zero(STRUCT_OFFSET(ddmap_entry_t, vrs_lst) +
+                         sizeof(vote_routerstatus_t *) * n_votes);
+}
+
+static unsigned
+ddmap_entry_hash(const ddmap_entry_t *ent)
+{
+  return (unsigned) siphash24g(ent->d, sizeof(ent->d));
+}
+
+static unsigned
+ddmap_entry_eq(const ddmap_entry_t *a, const ddmap_entry_t *b)
+{
+  return fast_memeq(a->d, b->d, sizeof(a->d));
+}
+
+/** Record the RSA identity of <b>ent</b> as <b>rsa_sha1</b>, and the
+ * ed25519 identity as <b>ed25519</b>. */
+static void
+ddmap_entry_set_digests(ddmap_entry_t *ent,
+                        const uint8_t *rsa_sha1,
+                        const uint8_t *ed25519)
+{
+  memcpy(ent->d, rsa_sha1, DIGEST_LEN);
+  memcpy(ent->d + DIGEST_LEN, ed25519, DIGEST256_LEN);
+}
+
+HT_PROTOTYPE(double_digest_map, ddmap_entry_s, node, ddmap_entry_hash,
+             ddmap_entry_eq);
+HT_GENERATE2(double_digest_map, ddmap_entry_s, node, ddmap_entry_hash,
+             ddmap_entry_eq, 0.6, tor_reallocarray, tor_free_);
+
+/** Helper: add a single vote_routerstatus_t <b>vrs</b> to the collator
+ * <b>dc</b>, indexing it by its RSA key digest, and by the 2-tuple of
+ * its RSA key digest and Ed25519 key.  */
+static void
+dircollator_add_routerstatus(dircollator_t *dc,
+                             int vote_num,
+                             networkstatus_t *vote,
+                             vote_routerstatus_t *vrs)
+{
+  const char *id = vrs->status.identity_digest;
+
+  vrs->ed25519_reflects_consensus = 0;
+
+  (void) vote;
+  vote_routerstatus_t **vrs_lst = digestmap_get(dc->by_rsa_sha1, id);
+  if (NULL == vrs_lst) {
+    vrs_lst = tor_calloc(sizeof(vote_routerstatus_t *), dc->n_votes);
+    digestmap_set(dc->by_rsa_sha1, id, vrs_lst);
+  }
+  tor_assert(vrs_lst[vote_num] == NULL);
+  vrs_lst[vote_num] = vrs;
+
+  const uint8_t *ed = vrs->ed25519_id;
+
+  if (! vrs->has_ed25519_listing)
+    return;
+
+  ddmap_entry_t search, *found;
+  memset(&search, 0, sizeof(search));
+  ddmap_entry_set_digests(&search, (const uint8_t *)id, ed);
+  found = HT_FIND(double_digest_map, &dc->by_both_ids, &search);
+  if (NULL == found) {
+    found = ddmap_entry_new(dc->n_votes);
+    ddmap_entry_set_digests(found, (const uint8_t *)id, ed);
+    HT_INSERT(double_digest_map, &dc->by_both_ids, found);
+  }
+  vrs_lst = found->vrs_lst;
+  tor_assert(vrs_lst[vote_num] == NULL);
+  vrs_lst[vote_num] = vrs;
+}
+
+/** Create and return a new dircollator object to use when collating
+ * <b>n_votes</b> out of a total of <b>n_authorities</b>. */
+dircollator_t *
+dircollator_new(int n_votes, int n_authorities)
+{
+  dircollator_t *dc = tor_malloc_zero(sizeof(dircollator_t));
+
+  tor_assert(n_votes <= n_authorities);
+
+  dc->n_votes = n_votes;
+  dc->n_authorities = n_authorities;
+
+  dc->by_rsa_sha1 = digestmap_new();
+  HT_INIT(double_digest_map, &dc->by_both_ids);
+
+  return dc;
+}
+
+/** Release all storage held by <b>dc</b>. */
+void
+dircollator_free(dircollator_t *dc)
+{
+  if (!dc)
+    return;
+
+  if (dc->by_collated_rsa_sha1 != dc->by_rsa_sha1)
+    digestmap_free(dc->by_collated_rsa_sha1, NULL);
+
+  digestmap_free(dc->by_rsa_sha1, tor_free_);
+  smartlist_free(dc->all_rsa_sha1_lst);
+
+  ddmap_entry_t **e, **next, *this;
+  for (e = HT_START(double_digest_map, &dc->by_both_ids);
+       e != NULL; e = next) {
+    this = *e;
+    next = HT_NEXT_RMV(double_digest_map, &dc->by_both_ids, e);
+    ddmap_entry_free(this);
+  }
+  HT_CLEAR(double_digest_map, &dc->by_both_ids);
+
+  tor_free(dc);
+}
+
+/** Add a single vote <b>v</b> to a dircollator <b>dc</b>.  This function must
+ * be called exactly once for each vote to be used in the consensus. It may
+ * only be called before dircollator_collate().
+ */
+void
+dircollator_add_vote(dircollator_t *dc, networkstatus_t *v)
+{
+  tor_assert(v->type == NS_TYPE_VOTE);
+  tor_assert(dc->next_vote_num < dc->n_votes);
+  tor_assert(!dc->is_collated);
+
+  const int votenum = dc->next_vote_num++;
+
+  SMARTLIST_FOREACH_BEGIN(v->routerstatus_list, vote_routerstatus_t *, vrs) {
+    dircollator_add_routerstatus(dc, votenum, v, vrs);
+  } SMARTLIST_FOREACH_END(vrs);
+}
+
+/** Sort the entries in <b>dc</b> according to <b>consensus_method</b>, so
+ * that the consensus process can iterate over them with
+ * dircollator_n_routers() and dircollator_get_votes_for_router(). */
+void
+dircollator_collate(dircollator_t *dc, int consensus_method)
+{
+  tor_assert(!dc->is_collated);
+  dc->all_rsa_sha1_lst = smartlist_new();
+
+  if (consensus_method < MIN_METHOD_FOR_ED25519_ID_VOTING)
+    dircollator_collate_by_rsa(dc);
+  else
+    dircollator_collate_by_ed25519(dc);
+
+  smartlist_sort_digests(dc->all_rsa_sha1_lst);
+  dc->is_collated = 1;
+}
+
+/**
+ * Collation function for RSA-only consensuses: collate the votes for each
+ * entry in <b>dc</b> by their RSA keys.
+ *
+ * The rule is:
+ *    If an RSA identity key is listed by more than half of the authorities,
+ *    include that identity, and treat all descriptors with that RSA identity
+ *    as describing the same router.
+ */
+static void
+dircollator_collate_by_rsa(dircollator_t *dc)
+{
+  const int total_authorities = dc->n_authorities;
+
+  DIGESTMAP_FOREACH(dc->by_rsa_sha1, k, vote_routerstatus_t **, vrs_lst) {
+    int n = 0, i;
+    for (i = 0; i < dc->n_votes; ++i) {
+      if (vrs_lst[i] != NULL)
+        ++n;
+    }
+
+    if (n <= total_authorities / 2)
+      continue;
+
+    smartlist_add(dc->all_rsa_sha1_lst, (char *)k);
+  } DIGESTMAP_FOREACH_END;
+
+  dc->by_collated_rsa_sha1 = dc->by_rsa_sha1;
+}
+
+/**
+ * Collation function for ed25519 consensuses: collate the votes for each
+ * entry in <b>dc</b> by ed25519 key and by RSA key.
+ *
+ * The rule is, approximately:
+ *    If a (ed,rsa) identity is listed by more than half of authorities,
+ *    include it.  And include all (rsa)-only votes about that node as
+ *    matching.
+ *
+ *    Otherwise, if an (*,rsa) or (rsa) identity is listed by more than
+ *    half of the authorities, and no (ed,rsa) pair for the same RSA key
+ *    has been already been included based on the rule above, include
+ *    that RSA identity.
+ */
+static void
+dircollator_collate_by_ed25519(dircollator_t *dc)
+{
+  const int total_authorities = dc->n_authorities;
+  digestmap_t *rsa_digests = digestmap_new();
+
+  ddmap_entry_t **iter;
+
+  /* Go over all <ed,rsa> pairs */
+  HT_FOREACH(iter, double_digest_map, &dc->by_both_ids) {
+    ddmap_entry_t *ent = *iter;
+    int n = 0, i;
+    for (i = 0; i < dc->n_votes; ++i) {
+      if (ent->vrs_lst[i] != NULL)
+        ++n;
+    }
+
+    /* If not enough authorties listed this exact <ed,rsa> pair,
+     * don't include it. */
+    if (n <= total_authorities / 2)
+      continue;
+
+    /* Now consider whether there are any other entries with the same
+     * RSA key (but with possibly different or missing ed value). */
+    vote_routerstatus_t **vrs_lst2 = digestmap_get(dc->by_rsa_sha1,
+                                                   (char*)ent->d);
+    tor_assert(vrs_lst2);
+
+    for (i = 0; i < dc->n_votes; ++i) {
+      if (ent->vrs_lst[i] != NULL) {
+        ent->vrs_lst[i]->ed25519_reflects_consensus = 1;
+      } else if (vrs_lst2[i] && ! vrs_lst2[i]->has_ed25519_listing) {
+        ent->vrs_lst[i] = vrs_lst2[i];
+      }
+    }
+
+    /* Record that we have seen this RSA digest. */
+    digestmap_set(rsa_digests, (char*)ent->d, ent->vrs_lst);
+    smartlist_add(dc->all_rsa_sha1_lst, ent->d);
+  }
+
+  /* Now look over all entries with an RSA digest, looking for RSA digests
+   * we didn't put in yet.
+   */
+  DIGESTMAP_FOREACH(dc->by_rsa_sha1, k, vote_routerstatus_t **, vrs_lst) {
+    if (digestmap_get(rsa_digests, k) != NULL)
+      continue; /* We already included this RSA digest */
+
+    int n = 0, i;
+    for (i = 0; i < dc->n_votes; ++i) {
+      if (vrs_lst[i] != NULL)
+        ++n;
+    }
+
+    if (n <= total_authorities / 2)
+      continue; /* Not enough votes */
+
+    digestmap_set(rsa_digests, k, vrs_lst);
+    smartlist_add(dc->all_rsa_sha1_lst, (char *)k);
+  } DIGESTMAP_FOREACH_END;
+
+  dc->by_collated_rsa_sha1 = rsa_digests;
+}
+
+/** Return the total number of collated router entries.  This function may
+ * only be called after dircollator_collate. */
+int
+dircollator_n_routers(dircollator_t *dc)
+{
+  tor_assert(dc->is_collated);
+  return smartlist_len(dc->all_rsa_sha1_lst);
+}
+
+/** Return an array of vote_routerstatus_t entries for the <b>idx</b>th router
+ * in the collation order.  Each array contains n_votes elements, where the
+ * nth element of the array is the vote_routerstatus_t from the nth voter for
+ * this identity (or NULL if there is no such entry).
+ *
+ * The maximum value for <b>idx</b> is dircollator_n_routers().
+ *
+ * This function may only be called after dircollator_collate. */
+vote_routerstatus_t **
+dircollator_get_votes_for_router(dircollator_t *dc, int idx)
+{
+  tor_assert(dc->is_collated);
+  tor_assert(idx < smartlist_len(dc->all_rsa_sha1_lst));
+  return digestmap_get(dc->by_collated_rsa_sha1,
+                       smartlist_get(dc->all_rsa_sha1_lst, idx));
+}
+
diff --git a/src/or/dircollate.h b/src/or/dircollate.h
new file mode 100644
index 0000000000..358c730cbb
--- /dev/null
+++ b/src/or/dircollate.h
@@ -0,0 +1,68 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file dircollate.h
+ * \brief Header file for dircollate.c.
+ **/
+
+#ifndef TOR_DIRCOLLATE_H
+#define TOR_DIRCOLLATE_H
+
+#include "testsupport.h"
+#include "or.h"
+
+typedef struct dircollator_s dircollator_t;
+
+dircollator_t *dircollator_new(int n_votes, int n_authorities);
+void dircollator_free(dircollator_t *obj);
+void dircollator_add_vote(dircollator_t *dc, networkstatus_t *v);
+
+void dircollator_collate(dircollator_t *dc, int consensus_method);
+
+int dircollator_n_routers(dircollator_t *dc);
+vote_routerstatus_t **dircollator_get_votes_for_router(dircollator_t *dc,
+                                                       int idx);
+
+#ifdef DIRCOLLATE_PRIVATE
+struct ddmap_entry_s;
+typedef HT_HEAD(double_digest_map, ddmap_entry_s) double_digest_map_t;
+/** A dircollator keeps track of all the routerstatus entries in a
+ * set of networkstatus votes, and matches them by an appropriate rule. */
+struct dircollator_s {
+  /** True iff we have run the collation algorithm. */
+  int is_collated;
+  /** The total number of votes that we received. */
+  int n_votes;
+  /** The total number of authorities we acknowledge. */
+  int n_authorities;
+
+  /** The index which the next vote to be added to this collator should
+   * receive. */
+  int next_vote_num;
+  /** Map from RSA-SHA1 identity digest to an array of <b>n_votes</b>
+   * vote_routerstatus_t* pointers, such that the i'th member of the
+   * array is the i'th vote's entry for that RSA-SHA1 ID.*/
+  digestmap_t *by_rsa_sha1;
+  /** Map from <ed, RSA-SHA1> pair to an array similar to that used in
+   * by_rsa_sha1 above. We include <NULL,RSA-SHA1> entries for votes that
+   * say that there is no Ed key. */
+  struct double_digest_map by_both_ids;
+
+  /** One of two outputs created by collation: a map from RSA-SHA1
+   * identity digest to an array of the vote_routerstatus_t objects.  Entries
+   * only exist in this map for identities that we should include in the
+   * consensus. */
+  digestmap_t *by_collated_rsa_sha1;
+
+  /** One of two outputs created by collation: a sorted array of RSA-SHA1
+   * identity digests .*/
+  smartlist_t *all_rsa_sha1_lst;
+};
+#endif
+
+#endif
+
diff --git a/src/or/directory.c b/src/or/directory.c
index 50863d0c7e..89b08223d2 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1,9 +1,10 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "or.h"
+#include "backtrace.h"
 #include "buffers.h"
 #include "circuitbuild.h"
 #include "config.h"
@@ -20,8 +21,10 @@
 #include "networkstatus.h"
 #include "nodelist.h"
 #include "policies.h"
+#include "relay.h"
 #include "rendclient.h"
 #include "rendcommon.h"
+#include "rendservice.h"
 #include "rephist.h"
 #include "router.h"
 #include "routerlist.h"
@@ -63,8 +66,6 @@ static void directory_send_command(dir_connection_t *conn,
                              time_t if_modified_since);
 static int directory_handle_command(dir_connection_t *conn);
 static int body_is_plausible(const char *body, size_t body_len, int purpose);
-static int purpose_needs_anonymity(uint8_t dir_purpose,
-                                   uint8_t router_purpose);
 static char *http_get_header(const char *headers, const char *which);
 static void http_set_address_origin(const char *headers, connection_t *conn);
 static void connection_dir_download_routerdesc_failed(dir_connection_t *conn);
@@ -82,18 +83,21 @@ static void dir_microdesc_download_failed(smartlist_t *failed,
 static void note_client_request(int purpose, int compressed, size_t bytes);
 static int client_likes_consensus(networkstatus_t *v, const char *want_url);
 
-static void directory_initiate_command_rend(const tor_addr_t *addr,
-                                            uint16_t or_port,
-                                            uint16_t dir_port,
-                                            const char *digest,
-                                            uint8_t dir_purpose,
-                                            uint8_t router_purpose,
-                                            dir_indirection_t indirection,
-                                            const char *resource,
-                                            const char *payload,
-                                            size_t payload_len,
-                                            time_t if_modified_since,
-                                            const rend_data_t *rend_query);
+static void directory_initiate_command_rend(
+                                          const tor_addr_port_t *or_addr_port,
+                                          const tor_addr_port_t *dir_addr_port,
+                                          const char *digest,
+                                          uint8_t dir_purpose,
+                                          uint8_t router_purpose,
+                                          dir_indirection_t indirection,
+                                          const char *resource,
+                                          const char *payload,
+                                          size_t payload_len,
+                                          time_t if_modified_since,
+                                          const rend_data_t *rend_query);
+
+static void connection_dir_close_consensus_fetches(
+                   dir_connection_t *except_this_one, const char *resource);
 
 /********* START VARIABLES **********/
 
@@ -119,7 +123,7 @@ static void directory_initiate_command_rend(const tor_addr_t *addr,
 /** Return true iff the directory purpose <b>dir_purpose</b> (and if it's
  * fetching descriptors, it's fetching them for <b>router_purpose</b>)
  * must use an anonymous connection to a directory. */
-static int
+STATIC int
 purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose)
 {
   if (get_options()->AllDirActionsPrivate)
@@ -143,7 +147,7 @@ purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose)
 
 /** Return a newly allocated string describing <b>auth</b>. Only describes
  * authority features. */
-static char *
+STATIC char *
 authdir_type_to_string(dirinfo_type_t auth)
 {
   char *result;
@@ -162,7 +166,7 @@ authdir_type_to_string(dirinfo_type_t auth)
 }
 
 /** Return a string describing a given directory connection purpose. */
-static const char *
+STATIC const char *
 dir_conn_purpose_to_string(int purpose)
 {
   switch (purpose)
@@ -197,9 +201,49 @@ dir_conn_purpose_to_string(int purpose)
   return "(unknown)";
 }
 
-/** Return true iff <b>identity_digest</b> is the digest of a router we
- * believe to support extrainfo downloads.  (If <b>is_authority</b> we do
- * additional checking that's only valid for authorities.) */
+/** Return the requisite directory information types. */
+STATIC dirinfo_type_t
+dir_fetch_type(int dir_purpose, int router_purpose, const char *resource)
+{
+  dirinfo_type_t type;
+  switch (dir_purpose) {
+    case DIR_PURPOSE_FETCH_EXTRAINFO:
+      type = EXTRAINFO_DIRINFO;
+      if (router_purpose == ROUTER_PURPOSE_BRIDGE)
+        type |= BRIDGE_DIRINFO;
+      else
+        type |= V3_DIRINFO;
+      break;
+    case DIR_PURPOSE_FETCH_SERVERDESC:
+      if (router_purpose == ROUTER_PURPOSE_BRIDGE)
+        type = BRIDGE_DIRINFO;
+      else
+        type = V3_DIRINFO;
+      break;
+    case DIR_PURPOSE_FETCH_STATUS_VOTE:
+    case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
+    case DIR_PURPOSE_FETCH_CERTIFICATE:
+      type = V3_DIRINFO;
+      break;
+    case DIR_PURPOSE_FETCH_CONSENSUS:
+      type = V3_DIRINFO;
+      if (resource && !strcmp(resource, "microdesc"))
+        type |= MICRODESC_DIRINFO;
+      break;
+    case DIR_PURPOSE_FETCH_MICRODESC:
+      type = MICRODESC_DIRINFO;
+      break;
+    default:
+      log_warn(LD_BUG, "Unexpected purpose %d", (int)dir_purpose);
+      type = NO_DIRINFO;
+      break;
+  }
+  return type;
+}
+
+/** Return true iff <b>identity_digest</b> is the digest of a router which
+ * says that it caches extrainfos.  (If <b>is_authority</b> we always
+ * believe that to be true.) */
 int
 router_supports_extrainfo(const char *identity_digest, int is_authority)
 {
@@ -273,7 +317,6 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
   SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) {
       routerstatus_t *rs = &(ds->fake_status);
       size_t upload_len = payload_len;
-      tor_addr_t ds_addr;
 
       if ((type & ds->type) == 0)
         continue;
@@ -304,11 +347,12 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
         log_info(LD_DIR, "Uploading an extrainfo too (length %d)",
                  (int) extrainfo_len);
       }
-      tor_addr_from_ipv4h(&ds_addr, ds->addr);
       if (purpose_needs_anonymity(dir_purpose, router_purpose)) {
         indirection = DIRIND_ANONYMOUS;
-      } else if (!fascist_firewall_allows_address_dir(&ds_addr,ds->dir_port)) {
-        if (fascist_firewall_allows_address_or(&ds_addr,ds->or_port))
+      } else if (!fascist_firewall_allows_dir_server(ds,
+                                                     FIREWALL_DIR_CONNECTION,
+                                                     0)) {
+        if (fascist_firewall_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
           indirection = DIRIND_ONEHOP;
         else
           indirection = DIRIND_ANONYMOUS;
@@ -330,7 +374,7 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
 
 /** Return true iff, according to the values in <b>options</b>, we should be
  * using directory guards for direct downloads of directory information. */
-static int
+STATIC int
 should_use_directory_guards(const or_options_t *options)
 {
   /* Public (non-bridge) servers never use directory guards. */
@@ -385,47 +429,24 @@ directory_pick_generic_dirserver(dirinfo_type_t type, int pds_flags,
  * Use <b>pds_flags</b> as arguments to router_pick_directory_server()
  * or router_pick_trusteddirserver().
  */
-void
-directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
-                             const char *resource, int pds_flags)
+MOCK_IMPL(void, directory_get_from_dirserver, (
+                            uint8_t dir_purpose,
+                            uint8_t router_purpose,
+                            const char *resource,
+                            int pds_flags,
+                            download_want_authority_t want_authority))
 {
   const routerstatus_t *rs = NULL;
   const or_options_t *options = get_options();
-  int prefer_authority = directory_fetches_from_authorities(options);
+  int prefer_authority = (directory_fetches_from_authorities(options)
+                          || want_authority == DL_WANT_AUTHORITY);
   int require_authority = 0;
   int get_via_tor = purpose_needs_anonymity(dir_purpose, router_purpose);
-  dirinfo_type_t type;
+  dirinfo_type_t type = dir_fetch_type(dir_purpose, router_purpose, resource);
   time_t if_modified_since = 0;
 
-  /* FFFF we could break this switch into its own function, and call
-   * it elsewhere in directory.c. -RD */
-  switch (dir_purpose) {
-    case DIR_PURPOSE_FETCH_EXTRAINFO:
-      type = EXTRAINFO_DIRINFO |
-             (router_purpose == ROUTER_PURPOSE_BRIDGE ? BRIDGE_DIRINFO :
-                                                        V3_DIRINFO);
-      break;
-    case DIR_PURPOSE_FETCH_SERVERDESC:
-      type = (router_purpose == ROUTER_PURPOSE_BRIDGE ? BRIDGE_DIRINFO :
-                                                        V3_DIRINFO);
-      break;
-    case DIR_PURPOSE_FETCH_STATUS_VOTE:
-    case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
-    case DIR_PURPOSE_FETCH_CERTIFICATE:
-      type = V3_DIRINFO;
-      break;
-    case DIR_PURPOSE_FETCH_CONSENSUS:
-      type = V3_DIRINFO;
-      if (resource && !strcmp(resource,"microdesc"))
-        type |= MICRODESC_DIRINFO;
-      break;
-    case DIR_PURPOSE_FETCH_MICRODESC:
-      type = MICRODESC_DIRINFO;
-      break;
-    default:
-      log_warn(LD_BUG, "Unexpected purpose %d", (int)dir_purpose);
-      return;
-  }
+  if (type == NO_DIRINFO)
+    return;
 
   if (dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
     int flav = FLAV_NS;
@@ -433,18 +454,33 @@ directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
     if (resource)
       flav = networkstatus_parse_flavor_name(resource);
 
+    /* DEFAULT_IF_MODIFIED_SINCE_DELAY is 1/20 of the default consensus
+     * period of 1 hour.
+     */
+#define DEFAULT_IF_MODIFIED_SINCE_DELAY (180)
     if (flav != -1) {
       /* IF we have a parsed consensus of this type, we can do an
        * if-modified-time based on it. */
       v = networkstatus_get_latest_consensus_by_flavor(flav);
-      if (v)
-        if_modified_since = v->valid_after + 180;
+      if (v) {
+        /* In networks with particularly short V3AuthVotingIntervals,
+         * ask for the consensus if it's been modified since half the
+         * V3AuthVotingInterval of the most recent consensus. */
+        time_t ims_delay = DEFAULT_IF_MODIFIED_SINCE_DELAY;
+        if (v->fresh_until > v->valid_after
+            && ims_delay > (v->fresh_until - v->valid_after)/2) {
+          ims_delay = (v->fresh_until - v->valid_after)/2;
+        }
+        if_modified_since = v->valid_after + ims_delay;
+      }
     } else {
       /* Otherwise it might be a consensus we don't parse, but which we
        * do cache.  Look at the cached copy, perhaps. */
       cached_dir_t *cd = dirserv_get_consensus(resource);
+      /* We have no method of determining the voting interval from an
+       * unparsed consensus, so we use the default. */
       if (cd)
-        if_modified_since = cd->published + 180;
+        if_modified_since = cd->published + DEFAULT_IF_MODIFIED_SINCE_DELAY;
     }
   }
 
@@ -452,7 +488,7 @@ directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
     return;
 
   if (!get_via_tor) {
-    if (options->UseBridges && type != BRIDGE_DIRINFO) {
+    if (options->UseBridges && !(type & BRIDGE_DIRINFO)) {
       /* We want to ask a running bridge for which we have a descriptor.
        *
        * When we ask choose_random_entry() for a bridge, we specify what
@@ -464,11 +500,14 @@ directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
       const node_t *node = choose_random_dirguard(type);
       if (node && node->ri) {
         /* every bridge has a routerinfo. */
-        tor_addr_t addr;
         routerinfo_t *ri = node->ri;
-        node_get_addr(node, &addr);
-        directory_initiate_command(&addr,
-                                   ri->or_port, 0/*no dirport*/,
+        /* clients always make OR connections to bridges */
+        tor_addr_port_t or_ap;
+        /* we are willing to use a non-preferred address if we need to */
+        fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
+                                             &or_ap);
+        directory_initiate_command(&or_ap.addr, or_ap.port,
+                                   NULL, 0, /*no dirport*/
                                    ri->cache_info.identity_digest,
                                    dir_purpose,
                                    router_purpose,
@@ -479,7 +518,7 @@ directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
                            "nodes are available yet.");
       return;
     } else {
-      if (prefer_authority || type == BRIDGE_DIRINFO) {
+      if (prefer_authority || (type & BRIDGE_DIRINFO)) {
         /* only ask authdirservers, and don't ask myself */
         rs = router_pick_trusteddirserver(type, pds_flags);
         if (rs == NULL && (pds_flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
@@ -506,29 +545,25 @@ directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
           return;
         }
       }
-      if (!rs && type != BRIDGE_DIRINFO) {
+      if (!rs && !(type & BRIDGE_DIRINFO)) {
         /* */
         rs = directory_pick_generic_dirserver(type, pds_flags,
                                               dir_purpose);
-        if (!rs) {
-          /*XXXX024 I'm pretty sure this can never do any good, since
-           * rs isn't set. */
+        if (!rs)
           get_via_tor = 1; /* last resort: try routing it via Tor */
-        }
       }
     }
-  } else { /* get_via_tor */
+  }
+
+  if (get_via_tor) {
     /* Never use fascistfirewall; we're going via Tor. */
-    if (1) {
-      /* anybody with a non-zero dirport will do. Disregard firewalls. */
-      pds_flags |= PDS_IGNORE_FASCISTFIREWALL;
-      rs = router_pick_directory_server(type, pds_flags);
-      /* If we have any hope of building an indirect conn, we know some router
-       * descriptors.  If (rs==NULL), we can't build circuits anyway, so
-       * there's no point in falling back to the authorities in this case. */
-    }
+    pds_flags |= PDS_IGNORE_FASCISTFIREWALL;
+    rs = router_pick_directory_server(type, pds_flags);
   }
 
+  /* If we have any hope of building an indirect conn, we know some router
+   * descriptors.  If (rs==NULL), we can't build circuits anyway, so
+   * there's no point in falling back to the authorities in this case. */
   if (rs) {
     const dir_indirection_t indirection =
       get_via_tor ? DIRIND_ANONYMOUS : DIRIND_ONEHOP;
@@ -581,6 +616,95 @@ dirind_is_anon(dir_indirection_t ind)
   return ind == DIRIND_ANON_DIRPORT || ind == DIRIND_ANONYMOUS;
 }
 
+/* Choose reachable OR and Dir addresses and ports from status, copying them
+ * into use_or_ap and use_dir_ap. If indirection is anonymous, then we're
+ * connecting via another relay, so choose the primary IPv4 address and ports.
+ *
+ * status should have at least one reachable address, if we can't choose a
+ * reachable address, warn and return -1. Otherwise, return 0.
+ */
+static int
+directory_choose_address_routerstatus(const routerstatus_t *status,
+                                      dir_indirection_t indirection,
+                                      tor_addr_port_t *use_or_ap,
+                                      tor_addr_port_t *use_dir_ap)
+{
+  tor_assert(status != NULL);
+  tor_assert(use_or_ap != NULL);
+  tor_assert(use_dir_ap != NULL);
+
+  const or_options_t *options = get_options();
+  int have_or = 0, have_dir = 0;
+
+  /* We expect status to have at least one reachable address if we're
+   * connecting to it directly.
+   *
+   * Therefore, we can simply use the other address if the one we want isn't
+   * allowed by the firewall.
+   *
+   * (When Tor uploads and downloads a hidden service descriptor, it uses
+   * DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
+   * So this code will only modify the address for Tor2Web's HS descriptor
+   * fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
+   * HSDirs denying service by rejecting descriptors.)
+   */
+
+  /* Initialise the OR / Dir addresses */
+  tor_addr_make_null(&use_or_ap->addr, AF_UNSPEC);
+  use_or_ap->port = 0;
+  tor_addr_make_null(&use_dir_ap->addr, AF_UNSPEC);
+  use_dir_ap->port = 0;
+
+  /* ORPort connections */
+  if (indirection == DIRIND_ANONYMOUS) {
+    if (status->addr) {
+      /* Since we're going to build a 3-hop circuit and ask the 2nd relay
+       * to extend to this address, always use the primary (IPv4) OR address */
+      tor_addr_from_ipv4h(&use_or_ap->addr, status->addr);
+      use_or_ap->port = status->or_port;
+      have_or = 1;
+    }
+  } else if (indirection == DIRIND_ONEHOP) {
+    /* We use an IPv6 address if we have one and we prefer it.
+     * Use the preferred address and port if they are reachable, otherwise,
+     * use the alternate address and port (if any).
+     */
+    have_or = fascist_firewall_choose_address_rs(status,
+                                                 FIREWALL_OR_CONNECTION, 0,
+                                                 use_or_ap);
+  }
+
+  /* DirPort connections
+   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
+  if (indirection == DIRIND_DIRECT_CONN ||
+      indirection == DIRIND_ANON_DIRPORT ||
+      (indirection == DIRIND_ONEHOP
+       && !directory_must_use_begindir(options))) {
+    have_dir = fascist_firewall_choose_address_rs(status,
+                                                  FIREWALL_DIR_CONNECTION, 0,
+                                                  use_dir_ap);
+  }
+
+  /* We rejected all addresses in the relay's status. This means we can't
+   * connect to it. */
+  if (!have_or && !have_dir) {
+    static int logged_backtrace = 0;
+    log_info(LD_BUG, "Rejected all OR and Dir addresses from %s when "
+             "launching an outgoing directory connection to: IPv4 %s OR %d "
+             "Dir %d IPv6 %s OR %d Dir %d", routerstatus_describe(status),
+             fmt_addr32(status->addr), status->or_port,
+             status->dir_port, fmt_addr(&status->ipv6_addr),
+             status->ipv6_orport, status->dir_port);
+    if (!logged_backtrace) {
+      log_backtrace(LOG_INFO, LD_BUG, "Addresses came from");
+      logged_backtrace = 1;
+    }
+    return -1;
+  }
+
+  return 0;
+}
+
 /** Same as directory_initiate_command_routerstatus(), but accepts
  * rendezvous data to fetch a hidden service descriptor. */
 void
@@ -596,8 +720,11 @@ directory_initiate_command_routerstatus_rend(const routerstatus_t *status,
 {
   const or_options_t *options = get_options();
   const node_t *node;
-  tor_addr_t addr;
+  tor_addr_port_t use_or_ap, use_dir_ap;
   const int anonymized_connection = dirind_is_anon(indirection);
+
+  tor_assert(status != NULL);
+
   node = node_get_by_id(status->identity_digest);
 
   if (!node && anonymized_connection) {
@@ -606,7 +733,6 @@ directory_initiate_command_routerstatus_rend(const routerstatus_t *status,
              routerstatus_describe(status));
     return;
   }
-  tor_addr_from_ipv4h(&addr, status->addr);
 
   if (options->ExcludeNodes && options->StrictNodes &&
       routerset_contains_routerstatus(options->ExcludeNodes, status, -1)) {
@@ -618,13 +744,30 @@ directory_initiate_command_routerstatus_rend(const routerstatus_t *status,
     return;
   }
 
-  directory_initiate_command_rend(&addr,
-                             status->or_port, status->dir_port,
-                             status->identity_digest,
-                             dir_purpose, router_purpose,
-                             indirection, resource,
-                             payload, payload_len, if_modified_since,
-                             rend_query);
+  /* At this point, if we are a clients making a direct connection to a
+   * directory server, we have selected a server that has at least one address
+   * allowed by ClientUseIPv4/6 and Reachable{"",OR,Dir}Addresses. This
+   * selection uses the preference in ClientPreferIPv6{OR,Dir}Port, if
+   * possible. (If UseBridges is set, clients always use IPv6, and prefer it
+   * by default.)
+   *
+   * Now choose an address that we can use to connect to the directory server.
+   */
+  if (directory_choose_address_routerstatus(status, indirection, &use_or_ap,
+                                            &use_dir_ap) < 0) {
+    return;
+  }
+
+  /* We don't retry the alternate OR/Dir address for the same directory if
+   * the address we choose fails (#6772).
+   * Instead, we'll retry another directory on failure. */
+
+  directory_initiate_command_rend(&use_or_ap, &use_dir_ap,
+                                  status->identity_digest,
+                                  dir_purpose, router_purpose,
+                                  indirection, resource,
+                                  payload, payload_len, if_modified_since,
+                                  rend_query);
 }
 
 /** Launch a new connection to the directory server <b>status</b> to
@@ -641,15 +784,15 @@ directory_initiate_command_routerstatus_rend(const routerstatus_t *status,
  * When fetching a rendezvous descriptor, <b>resource</b> is the service ID we
  * want to fetch.
  */
-void
-directory_initiate_command_routerstatus(const routerstatus_t *status,
-                                        uint8_t dir_purpose,
-                                        uint8_t router_purpose,
-                                        dir_indirection_t indirection,
-                                        const char *resource,
-                                        const char *payload,
-                                        size_t payload_len,
-                                        time_t if_modified_since)
+MOCK_IMPL(void, directory_initiate_command_routerstatus,
+                (const routerstatus_t *status,
+                 uint8_t dir_purpose,
+                 uint8_t router_purpose,
+                 dir_indirection_t indirection,
+                 const char *resource,
+                 const char *payload,
+                 size_t payload_len,
+                 time_t if_modified_since))
 {
   directory_initiate_command_routerstatus_rend(status, dir_purpose,
                                           router_purpose,
@@ -687,7 +830,7 @@ connection_dir_request_failed(dir_connection_t *conn)
     return; /* this was a test fetch. don't retry. */
   }
   if (!entry_list_is_constrained(get_options()))
-    router_set_status(conn->identity_digest, 0); /* don't try him again */
+    router_set_status(conn->identity_digest, 0); /* don't try this one again */
   if (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
              conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO) {
     log_info(LD_DIR, "Giving up on serverdesc/extrainfo fetch from "
@@ -826,6 +969,16 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status)
   update_certificate_downloads(time(NULL));
 }
 
+/* Should this tor instance only use begindir for all its directory requests?
+ */
+int
+directory_must_use_begindir(const or_options_t *options)
+{
+  /* Clients, onion services, and bridges must use begindir,
+   * relays and authorities do not have to */
+  return !public_server_mode(options);
+}
+
 /** Evaluate the situation and decide if we should use an encrypted
  * "begindir-style" connection for this directory request.
  * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
@@ -833,40 +986,90 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status)
  * 2) If we prefer to avoid begindir conns, and we're not fetching or
  *    publishing a bridge relay descriptor, no.
  * 3) Else yes.
+ * If returning 0, return in *reason why we can't use begindir.
+ * reason must not be NULL.
  */
 static int
 directory_command_should_use_begindir(const or_options_t *options,
                                       const tor_addr_t *addr,
                                       int or_port, uint8_t router_purpose,
-                                      dir_indirection_t indirection)
+                                      dir_indirection_t indirection,
+                                      const char **reason)
 {
   (void) router_purpose;
-  if (!or_port)
+  tor_assert(reason);
+  *reason = NULL;
+
+  /* Reasons why we can't possibly use begindir */
+  if (!or_port) {
+    *reason = "directory with unknown ORPort";
     return 0; /* We don't know an ORPort -- no chance. */
-  if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT)
+  }
+  if (indirection == DIRIND_DIRECT_CONN ||
+      indirection == DIRIND_ANON_DIRPORT) {
+    *reason = "DirPort connection";
     return 0;
-  if (indirection == DIRIND_ONEHOP)
-    if (!fascist_firewall_allows_address_or(addr, or_port) ||
-        directory_fetches_from_authorities(options))
-      return 0; /* We're firewalled or are acting like a relay -- also no. */
+  }
+  if (indirection == DIRIND_ONEHOP) {
+    /* We're firewalled and want a direct OR connection */
+    if (!fascist_firewall_allows_address_addr(addr, or_port,
+                                              FIREWALL_OR_CONNECTION, 0, 0)) {
+      *reason = "ORPort not reachable";
+      return 0;
+    }
+  }
+  /* Reasons why we want to avoid using begindir */
+  if (indirection == DIRIND_ONEHOP) {
+    if (!directory_must_use_begindir(options)) {
+      *reason = "in relay mode";
+      return 0;
+    }
+  }
+  /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
+   */
+  *reason = "(using begindir)";
   return 1;
 }
 
-/** Helper for directory_initiate_command_routerstatus: send the
- * command to a server whose address is <b>address</b>, whose IP is
- * <b>addr</b>, whose directory port is <b>dir_port</b>, whose tor version
- * <b>supports_begindir</b>, and whose identity key digest is
- * <b>digest</b>. */
+/** Helper for directory_initiate_command_rend: send the
+ * command to a server whose OR address/port is <b>or_addr</b>/<b>or_port</b>,
+ * whose directory address/port is <b>dir_addr</b>/<b>dir_port</b>, whose
+ * identity key digest is <b>digest</b>, with purposes <b>dir_purpose</b> and
+ * <b>router_purpose</b>, making an (in)direct connection as specified in
+ * <b>indirection</b>, with command <b>resource</b>, <b>payload</b> of
+ * <b>payload_len</b>, and asking for a result only <b>if_modified_since</b>.
+ */
 void
-directory_initiate_command(const tor_addr_t *_addr,
-                           uint16_t or_port, uint16_t dir_port,
+directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
+                           const tor_addr_t *dir_addr, uint16_t dir_port,
                            const char *digest,
                            uint8_t dir_purpose, uint8_t router_purpose,
                            dir_indirection_t indirection, const char *resource,
                            const char *payload, size_t payload_len,
                            time_t if_modified_since)
 {
-  directory_initiate_command_rend(_addr, or_port, dir_port,
+  tor_addr_port_t or_ap, dir_ap;
+
+  /* Use the null tor_addr and 0 port if the address or port isn't valid. */
+  if (tor_addr_port_is_valid(or_addr, or_port, 0)) {
+    tor_addr_copy(&or_ap.addr, or_addr);
+    or_ap.port = or_port;
+  } else {
+    /* the family doesn't matter here, so make it IPv4 */
+    tor_addr_make_null(&or_ap.addr, AF_INET);
+    or_ap.port = or_port = 0;
+  }
+
+  if (tor_addr_port_is_valid(dir_addr, dir_port, 0)) {
+    tor_addr_copy(&dir_ap.addr, dir_addr);
+    dir_ap.port = dir_port;
+  } else {
+    /* the family doesn't matter here, so make it IPv4 */
+    tor_addr_make_null(&dir_ap.addr, AF_INET);
+    dir_ap.port = dir_port = 0;
+  }
+
+  directory_initiate_command_rend(&or_ap, &dir_ap,
                              digest, dir_purpose,
                              router_purpose, indirection,
                              resource, payload, payload_len,
@@ -886,10 +1089,11 @@ is_sensitive_dir_purpose(uint8_t dir_purpose)
 }
 
 /** Same as directory_initiate_command(), but accepts rendezvous data to
- * fetch a hidden service descriptor. */
+ * fetch a hidden service descriptor, and takes its address & port arguments
+ * as tor_addr_port_t. */
 static void
-directory_initiate_command_rend(const tor_addr_t *_addr,
-                                uint16_t or_port, uint16_t dir_port,
+directory_initiate_command_rend(const tor_addr_port_t *or_addr_port,
+                                const tor_addr_port_t *dir_addr_port,
                                 const char *digest,
                                 uint8_t dir_purpose, uint8_t router_purpose,
                                 dir_indirection_t indirection,
@@ -898,19 +1102,33 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
                                 time_t if_modified_since,
                                 const rend_data_t *rend_query)
 {
+  tor_assert(or_addr_port);
+  tor_assert(dir_addr_port);
+  tor_assert(or_addr_port->port || dir_addr_port->port);
+  tor_assert(digest);
+
   dir_connection_t *conn;
   const or_options_t *options = get_options();
   int socket_error = 0;
-  int use_begindir = directory_command_should_use_begindir(options, _addr,
-                                     or_port, router_purpose, indirection);
+  const char *begindir_reason = NULL;
+  /* Should the connection be to a relay's OR port (and inside that we will
+   * send our directory request)? */
+  const int use_begindir = directory_command_should_use_begindir(options,
+                                     &or_addr_port->addr, or_addr_port->port,
+                                     router_purpose, indirection,
+                                     &begindir_reason);
+  /* Will the connection go via a three-hop Tor circuit? Note that this
+   * is separate from whether it will use_begindir. */
   const int anonymized_connection = dirind_is_anon(indirection);
-  tor_addr_t addr;
 
-  tor_assert(_addr);
-  tor_assert(or_port || dir_port);
-  tor_assert(digest);
-
-  tor_addr_copy(&addr, _addr);
+  /* What is the address we want to make the directory request to? If
+   * we're making a begindir request this is the ORPort of the relay
+   * we're contacting; if not a begindir request, this is its DirPort.
+   * Note that if anonymized_connection is true, we won't be initiating
+   * a connection directly to this address. */
+  tor_addr_t addr;
+  tor_addr_copy(&addr, &(use_begindir ? or_addr_port : dir_addr_port)->addr);
+  uint16_t port = (use_begindir ? or_addr_port : dir_addr_port)->port;
 
   log_debug(LD_DIR, "anonymized %d, use_begindir %d.",
             anonymized_connection, use_begindir);
@@ -924,6 +1142,14 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
   (void)is_sensitive_dir_purpose;
 #endif
 
+  /* use encrypted begindir connections for everything except relays
+   * this provides better protection for directory fetches */
+  if (!use_begindir && directory_must_use_begindir(options)) {
+    log_warn(LD_BUG, "Client could not use begindir connection: %s",
+             begindir_reason ? begindir_reason : "(NULL)");
+    return;
+  }
+
   /* ensure that we don't make direct connections when a SOCKS server is
    * configured. */
   if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&
@@ -933,11 +1159,25 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
     return;
   }
 
+  /* Make sure that the destination addr and port we picked is viable. */
+  if (!port || tor_addr_is_null(&addr)) {
+    static int logged_backtrace = 0;
+    log_warn(LD_DIR,
+             "Cannot make an outgoing %sconnection without %sPort.",
+             use_begindir ? "begindir " : "",
+             use_begindir ? "an OR" : "a Dir");
+    if (!logged_backtrace) {
+      log_backtrace(LOG_INFO, LD_BUG, "Address came from");
+      logged_backtrace = 1;
+    }
+    return;
+  }
+
   conn = dir_connection_new(tor_addr_family(&addr));
 
   /* set up conn so it's got all the data we need to remember */
   tor_addr_copy(&conn->base_.addr, &addr);
-  conn->base_.port = use_begindir ? or_port : dir_port;
+  conn->base_.port = port;
   conn->base_.address = tor_dup_addr(&addr);
   memcpy(conn->identity_digest, digest, DIGEST_LEN);
 
@@ -960,16 +1200,13 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
 
     if (options->HTTPProxy) {
       tor_addr_copy(&addr, &options->HTTPProxyAddr);
-      dir_port = options->HTTPProxyPort;
+      port = options->HTTPProxyPort;
     }
 
     switch (connection_connect(TO_CONN(conn), conn->base_.address, &addr,
-                               dir_port, &socket_error)) {
+                               port, &socket_error)) {
       case -1:
-        connection_dir_request_failed(conn); /* retry if we want */
-        /* XXX we only pass 'conn' above, not 'resource', 'payload',
-         * etc. So in many situations it can't retry! -RD */
-        connection_free(TO_CONN(conn));
+        connection_mark_for_close(TO_CONN(conn));
         return;
       case 1:
         /* start flushing conn */
@@ -984,8 +1221,12 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
         /* writable indicates finish, readable indicates broken link,
            error indicates broken link in windowsland. */
     }
-  } else { /* we want to connect via a tor connection */
+  } else {
+    /* We will use a Tor circuit (maybe 1-hop, maybe 3-hop, maybe with
+     * begindir, maybe not with begindir) */
+
     entry_connection_t *linked_conn;
+
     /* Anonymized tunneled connections can never share a circuit.
      * One-hop directory connections can share circuits with each other
      * but nothing else. */
@@ -1007,7 +1248,7 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
                               conn->base_.address, conn->base_.port,
                               digest,
                               SESSION_GROUP_DIRCONN, iso_flags,
-                              use_begindir, conn->dirconn_direct);
+                              use_begindir, !anonymized_connection);
     if (!linked_conn) {
       log_warn(LD_NET,"Making tunnel to dirserver failed.");
       connection_mark_for_close(TO_CONN(conn));
@@ -1113,6 +1354,23 @@ directory_get_consensus_url(const char *resource)
   return url;
 }
 
+/**
+ * Copies the ipv6 from source to destination, subject to buffer size limit
+ * size. If decorate is true, makes sure the copied address is decorated.
+ */
+static void
+copy_ipv6_address(char* destination, const char* source, size_t len,
+                  int decorate) {
+  tor_assert(destination);
+  tor_assert(source);
+
+  if (decorate && source[0] != '[') {
+    tor_snprintf(destination, len, "[%s]", source);
+  } else {
+    strlcpy(destination, source, len);
+  }
+}
+
 /** Queue an appropriate HTTP command on conn-\>outbuf.  The other args
  * are as in directory_initiate_command().
  */
@@ -1124,6 +1382,9 @@ directory_send_command(dir_connection_t *conn,
 {
   char proxystring[256];
   char hoststring[128];
+  /* NEEDS to be the same size hoststring.
+   Will be decorated with brackets around it if it is ipv6. */
+  char decorated_address[128];
   smartlist_t *headers = smartlist_new();
   char *url;
   char request[8192];
@@ -1136,12 +1397,20 @@ directory_send_command(dir_connection_t *conn,
   if (resource)
     conn->requested_resource = tor_strdup(resource);
 
+  /* decorate the ip address if it is ipv6 */
+  if (strchr(conn->base_.address, ':')) {
+    copy_ipv6_address(decorated_address, conn->base_.address,
+                      sizeof(decorated_address), 1);
+  } else {
+    strlcpy(decorated_address, conn->base_.address, sizeof(decorated_address));
+  }
+
   /* come up with a string for which Host: we want */
   if (conn->base_.port == 80) {
-    strlcpy(hoststring, conn->base_.address, sizeof(hoststring));
+    strlcpy(hoststring, decorated_address, sizeof(hoststring));
   } else {
-    tor_snprintf(hoststring, sizeof(hoststring),"%s:%d",
-                 conn->base_.address, conn->base_.port);
+    tor_snprintf(hoststring, sizeof(hoststring), "%s:%d",
+                 decorated_address, conn->base_.port);
   }
 
   /* Format if-modified-since */
@@ -1255,7 +1524,8 @@ directory_send_command(dir_connection_t *conn,
       return;
   }
 
-  if (strlen(proxystring) + strlen(url) >= 4096) {
+  /* warn in the non-tunneled case */
+  if (direct && (strlen(proxystring) + strlen(url) >= 4096)) {
     log_warn(LD_BUG,
              "Squid does not like URLs longer than 4095 bytes, and this "
              "one is %d bytes long: %s%s",
@@ -1548,7 +1818,7 @@ load_downloaded_routers(const char *body, smartlist_t *which,
 
   added = router_load_routers_from_string(body, NULL, SAVED_NOWHERE, which,
                                   descriptor_digests, buf);
-  if (general)
+  if (added && general)
     control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
                             count_loading_descriptors_progress());
   return added;
@@ -1572,7 +1842,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
   size_t body_len = 0, orig_len = 0;
   int status_code;
   time_t date_header = 0;
-  long delta;
+  long apparent_skew;
   compress_method_t compression;
   int plausible;
   int skewed = 0;
@@ -1631,28 +1901,15 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
      * and the date header.  (We used to check now-date_header, but that's
      * inaccurate if we spend a lot of time downloading.)
      */
-    delta = conn->base_.timestamp_lastwritten - date_header;
-    if (labs(delta)>ALLOW_DIRECTORY_TIME_SKEW) {
-      char dbuf[64];
+    apparent_skew = conn->base_.timestamp_lastwritten - date_header;
+    if (labs(apparent_skew)>ALLOW_DIRECTORY_TIME_SKEW) {
       int trusted = router_digest_is_trusted_dir(conn->identity_digest);
-      format_time_interval(dbuf, sizeof(dbuf), delta);
-      log_fn(trusted ? LOG_WARN : LOG_INFO,
-             LD_HTTP,
-             "Received directory with skewed time (server '%s:%d'): "
-             "It seems that our clock is %s by %s, or that theirs is %s. "
-             "Tor requires an accurate clock to work: please check your time, "
-             "timezone, and date settings.",
-             conn->base_.address, conn->base_.port,
-             delta>0 ? "ahead" : "behind", dbuf,
-             delta>0 ? "behind" : "ahead");
+      clock_skew_warning(TO_CONN(conn), apparent_skew, trusted, LD_HTTP,
+                         "directory", "DIRSERV");
       skewed = 1; /* don't check the recommended-versions line */
-      if (trusted)
-        control_event_general_status(LOG_WARN,
-                                 "CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
-                                 delta, conn->base_.address, conn->base_.port);
     } else {
       log_debug(LD_HTTP, "Time on received directory is within tolerance; "
-                "we are %ld seconds skewed.  (That's okay.)", delta);
+                "we are %ld seconds skewed.  (That's okay.)", apparent_skew);
     }
   }
   (void) skewed; /* skewed isn't used yet. */
@@ -1758,11 +2015,15 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
       networkstatus_consensus_download_failed(0, flavname);
       return -1;
     }
+
+    /* If we launched other fetches for this consensus, cancel them. */
+    connection_dir_close_consensus_fetches(conn, flavname);
+
     /* launches router downloads as needed */
     routers_update_all_from_networkstatus(now, 3);
     update_microdescs_from_networkstatus(now);
     update_microdesc_downloads(now);
-    directory_info_has_arrived(now, 0);
+    directory_info_has_arrived(now, 0, 0);
     log_info(LD_DIR, "Successfully loaded consensus.");
   }
 
@@ -1798,7 +2059,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
          * ones got flushed to disk so it's safe to call this on them */
         connection_dir_download_cert_failed(conn, status_code);
       } else {
-        directory_info_has_arrived(now, 0);
+        directory_info_has_arrived(now, 0, 0);
         log_info(LD_DIR, "Successfully loaded certificates from fetch.");
       }
     } else {
@@ -1912,7 +2173,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
         if (load_downloaded_routers(body, which, descriptor_digests,
                                 conn->router_purpose,
                                 conn->base_.address))
-          directory_info_has_arrived(now, 0);
+          directory_info_has_arrived(now, 0, 0);
       }
     }
     if (which) { /* mark remaining ones as failed */
@@ -1963,8 +2224,11 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
         /* Mark remaining ones as failed. */
         dir_microdesc_download_failed(which, status_code);
       }
-      control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
-                              count_loading_descriptors_progress());
+      if (mds && smartlist_len(mds)) {
+        control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
+                                count_loading_descriptors_progress());
+        directory_info_has_arrived(now, 0, 1);
+      }
       SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
       smartlist_free(which);
       smartlist_free(mds);
@@ -2073,49 +2337,69 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
   }
 
   if (conn->base_.purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) {
-    #define SEND_HS_DESC_FAILED_EVENT() ( \
+    #define SEND_HS_DESC_FAILED_EVENT(reason) ( \
       control_event_hs_descriptor_failed(conn->rend_data, \
-                                         conn->identity_digest) )
+                                         conn->identity_digest, \
+                                         reason) )
+    #define SEND_HS_DESC_FAILED_CONTENT() ( \
+      control_event_hs_descriptor_content(conn->rend_data->onion_address, \
+                                          conn->requested_resource, \
+                                          conn->identity_digest, \
+                                          NULL) )
     tor_assert(conn->rend_data);
     log_info(LD_REND,"Received rendezvous descriptor (size %d, status %d "
              "(%s))",
              (int)body_len, status_code, escaped(reason));
     switch (status_code) {
       case 200:
-        switch (rend_cache_store_v2_desc_as_client(body, conn->rend_data)) {
-          case RCS_BADDESC:
-          case RCS_NOTDIR: /* Impossible */
-            log_warn(LD_REND,"Fetching v2 rendezvous descriptor failed. "
-                     "Retrying at another directory.");
-            /* We'll retry when connection_about_to_close_connection()
-             * cleans this dir conn up. */
-            SEND_HS_DESC_FAILED_EVENT();
-            break;
-          case RCS_OKAY:
-          default:
-            /* success. notify pending connections about this. */
-            log_info(LD_REND, "Successfully fetched v2 rendezvous "
-                     "descriptor.");
-            control_event_hs_descriptor_received(conn->rend_data,
-                                                 conn->identity_digest);
-            conn->base_.purpose = DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2;
-            rend_client_desc_trynow(conn->rend_data->onion_address);
-            break;
+      {
+        rend_cache_entry_t *entry = NULL;
+
+        if (rend_cache_store_v2_desc_as_client(body,
+            conn->requested_resource, conn->rend_data, &entry) < 0) {
+          log_warn(LD_REND,"Fetching v2 rendezvous descriptor failed. "
+                   "Retrying at another directory.");
+          /* We'll retry when connection_about_to_close_connection()
+           * cleans this dir conn up. */
+          SEND_HS_DESC_FAILED_EVENT("BAD_DESC");
+          SEND_HS_DESC_FAILED_CONTENT();
+        } else {
+          char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
+          /* Should never be NULL here if we found the descriptor. */
+          tor_assert(entry);
+          rend_get_service_id(entry->parsed->pk, service_id);
+
+          /* success. notify pending connections about this. */
+          log_info(LD_REND, "Successfully fetched v2 rendezvous "
+                   "descriptor.");
+          control_event_hs_descriptor_received(service_id,
+                                               conn->rend_data,
+                                               conn->identity_digest);
+          control_event_hs_descriptor_content(service_id,
+                                              conn->requested_resource,
+                                              conn->identity_digest,
+                                              body);
+          conn->base_.purpose = DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2;
+          rend_client_desc_trynow(service_id);
+          memwipe(service_id, 0, sizeof(service_id));
         }
         break;
+      }
       case 404:
         /* Not there. We'll retry when
          * connection_about_to_close_connection() cleans this conn up. */
         log_info(LD_REND,"Fetching v2 rendezvous descriptor failed: "
                          "Retrying at another directory.");
-        SEND_HS_DESC_FAILED_EVENT();
+        SEND_HS_DESC_FAILED_EVENT("NOT_FOUND");
+        SEND_HS_DESC_FAILED_CONTENT();
         break;
       case 400:
         log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: "
                  "http status 400 (%s). Dirserver didn't like our "
                  "v2 rendezvous query? Retrying at another directory.",
                  escaped(reason));
-        SEND_HS_DESC_FAILED_EVENT();
+        SEND_HS_DESC_FAILED_EVENT("QUERY_REJECTED");
+        SEND_HS_DESC_FAILED_CONTENT();
         break;
       default:
         log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: "
@@ -2124,31 +2408,45 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
                  "Retrying at another directory.",
                  status_code, escaped(reason), conn->base_.address,
                  conn->base_.port);
-        SEND_HS_DESC_FAILED_EVENT();
+        SEND_HS_DESC_FAILED_EVENT("UNEXPECTED");
+        SEND_HS_DESC_FAILED_CONTENT();
         break;
     }
   }
 
   if (conn->base_.purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) {
+    #define SEND_HS_DESC_UPLOAD_FAILED_EVENT(reason) ( \
+      control_event_hs_descriptor_upload_failed( \
+        conn->identity_digest, \
+        conn->rend_data->onion_address, \
+        reason) )
     log_info(LD_REND,"Uploaded rendezvous descriptor (status %d "
              "(%s))",
              status_code, escaped(reason));
+    /* Without the rend data, we'll have a problem identifying what has been
+     * uploaded for which service. */
+    tor_assert(conn->rend_data);
     switch (status_code) {
       case 200:
         log_info(LD_REND,
                  "Uploading rendezvous descriptor: finished with status "
                  "200 (%s)", escaped(reason));
+        control_event_hs_descriptor_uploaded(conn->identity_digest,
+                                             conn->rend_data->onion_address);
+        rend_service_desc_has_uploaded(conn->rend_data);
         break;
       case 400:
         log_warn(LD_REND,"http status 400 (%s) response from dirserver "
                  "'%s:%d'. Malformed rendezvous descriptor?",
                  escaped(reason), conn->base_.address, conn->base_.port);
+        SEND_HS_DESC_UPLOAD_FAILED_EVENT("UPLOAD_REJECTED");
         break;
       default:
         log_warn(LD_REND,"http status %d (%s) response unexpected (server "
                  "'%s:%d').",
                  status_code, escaped(reason), conn->base_.address,
                  conn->base_.port);
+        SEND_HS_DESC_UPLOAD_FAILED_EVENT("UNEXPECTED");
         break;
     }
   }
@@ -2215,8 +2513,10 @@ connection_dir_process_inbuf(dir_connection_t *conn)
     MAX_VOTE_DL_SIZE : MAX_DIRECTORY_OBJECT_SIZE;
 
   if (connection_get_inbuf_len(TO_CONN(conn)) > max_size) {
-    log_warn(LD_HTTP, "Too much data received from directory connection: "
-             "denial of service attempt, or you need to upgrade?");
+    log_warn(LD_HTTP,
+             "Too much data received from directory connection (%s): "
+             "denial of service attempt, or you need to upgrade?",
+             conn->base_.address);
     connection_mark_for_close(TO_CONN(conn));
     return -1;
   }
@@ -2261,6 +2561,7 @@ write_http_status_line(dir_connection_t *conn, int status,
     log_warn(LD_BUG,"status line too long.");
     return;
   }
+  log_debug(LD_DIRSERV,"Wrote status 'HTTP/1.0 %d %s'", status, reason_phrase);
   connection_write_to_buf(buf, strlen(buf), TO_CONN(conn));
 }
 
@@ -2526,12 +2827,30 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
   return (have >= need_at_least);
 }
 
+/** Return the compression level we should use for sending a compressed
+ * response of size <b>n_bytes</b>. */
+STATIC zlib_compression_level_t
+choose_compression_level(ssize_t n_bytes)
+{
+  if (! have_been_under_memory_pressure()) {
+    return HIGH_COMPRESSION; /* we have plenty of RAM. */
+  } else if (n_bytes < 0) {
+    return HIGH_COMPRESSION; /* unknown; might be big. */
+  } else if (n_bytes < 1024) {
+    return LOW_COMPRESSION;
+  } else if (n_bytes < 2048) {
+    return MEDIUM_COMPRESSION;
+  } else {
+    return HIGH_COMPRESSION;
+  }
+}
+
 /** Helper function: called when a dirserver gets a complete HTTP GET
  * request.  Look for a request for a directory or for a rendezvous
  * service descriptor.  On finding one, write a response into
  * conn-\>outbuf.  If the request is unrecognized, send a 400.
  * Always return 0. */
-static int
+STATIC int
 directory_handle_command_get(dir_connection_t *conn, const char *headers,
                              const char *req_body, size_t req_body_len)
 {
@@ -2557,8 +2876,11 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   if ((header = http_get_header(headers, "If-Modified-Since: "))) {
     struct tm tm;
     if (parse_http_time(header, &tm) == 0) {
-      if (tor_timegm(&tm, &if_modified_since)<0)
+      if (tor_timegm(&tm, &if_modified_since)<0) {
         if_modified_since = 0;
+      } else {
+        log_debug(LD_DIRSERV, "If-Modified-Since is '%s'.", escaped(header));
+      }
     }
     /* The correct behavior on a malformed If-Modified-Since header is to
      * act as if no If-Modified-Since header had been given. */
@@ -2684,10 +3006,8 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     }
 
     if (1) {
-      struct in_addr in;
       tor_addr_t addr;
-      if (tor_inet_aton((TO_CONN(conn))->address, &in)) {
-        tor_addr_from_ipv4h(&addr, ntohl(in.s_addr));
+      if (tor_addr_parse(&addr, (TO_CONN(conn))->address) >= 0) {
         geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS,
                                &addr, NULL,
                                time(NULL));
@@ -2708,7 +3028,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
                                smartlist_len(dir_fps) == 1 ? lifetime : 0);
     conn->fingerprint_stack = dir_fps;
     if (! compressed)
-      conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
+      conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD, HIGH_COMPRESSION);
 
     /* Prime the connection with some data. */
     conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
@@ -2788,7 +3108,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
       });
 
     if (global_write_bucket_low(TO_CONN(conn), estimated_len, 2)) {
-      write_http_status_line(conn, 503, "Directory busy, try again later.");
+      write_http_status_line(conn, 503, "Directory busy, try again later");
       goto vote_done;
     }
     write_http_response_header(conn, body_len ? body_len : -1, compressed,
@@ -2796,7 +3116,8 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
 
     if (smartlist_len(items)) {
       if (compressed) {
-        conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD);
+        conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
+                                    choose_compression_level(estimated_len));
         SMARTLIST_FOREACH(items, const char *, c,
                  connection_write_to_buf_zlib(c, strlen(c), conn, 0));
         connection_write_to_buf_zlib("", 0, conn, 1);
@@ -2845,7 +3166,8 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     conn->fingerprint_stack = fps;
 
     if (compressed)
-      conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD);
+      conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
+                                      choose_compression_level(dlen));
 
     connection_dirserv_flushed_some(conn);
     goto done;
@@ -2913,7 +3235,8 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
       }
       write_http_response_header(conn, -1, compressed, cache_lifetime);
       if (compressed)
-        conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD);
+        conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
+                                        choose_compression_level(dlen));
       /* Prime the connection with some data. */
       connection_dirserv_flushed_some(conn);
     }
@@ -2982,13 +3305,14 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
                       len += c->cache_info.signed_descriptor_len);
 
     if (global_write_bucket_low(TO_CONN(conn), compressed?len/2:len, 2)) {
-      write_http_status_line(conn, 503, "Directory busy, try again later.");
+      write_http_status_line(conn, 503, "Directory busy, try again later");
       goto keys_done;
     }
 
     write_http_response_header(conn, compressed?-1:len, compressed, 60*60);
     if (compressed) {
-      conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD);
+      conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
+                                      choose_compression_level(len));
       SMARTLIST_FOREACH(certs, authority_cert_t *, c,
             connection_write_to_buf_zlib(c->cache_info.signed_descriptor_body,
                                          c->cache_info.signed_descriptor_len,
@@ -3005,13 +3329,12 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     goto done;
   }
 
-  if (options->HidServDirectoryV2 &&
-      connection_dir_is_encrypted(conn) &&
+  if (connection_dir_is_encrypted(conn) &&
        !strcmpstart(url,"/tor/rendezvous2/")) {
     /* Handle v2 rendezvous descriptor fetch request. */
     const char *descp;
     const char *query = url + strlen("/tor/rendezvous2/");
-    if (strlen(query) == REND_DESC_ID_V2_LEN_BASE32) {
+    if (rend_valid_descriptor_id(query)) {
       log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'",
                safe_str(escaped(query)));
       switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) {
@@ -3143,6 +3466,13 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
 
   conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
 
+  if (!public_server_mode(options)) {
+    log_info(LD_DIR, "Rejected dir post request from %s "
+             "since we're not a public relay.", conn->base_.address);
+    write_http_status_line(conn, 503, "Not acting as a public relay");
+    goto done;
+  }
+
   if (parse_http_url(headers, &url) < 0) {
     write_http_status_line(conn, 400, "Bad request");
     return 0;
@@ -3150,27 +3480,16 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
   log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
 
   /* Handle v2 rendezvous service publish request. */
-  if (options->HidServDirectoryV2 &&
-      connection_dir_is_encrypted(conn) &&
+  if (connection_dir_is_encrypted(conn) &&
       !strcmpstart(url,"/tor/rendezvous2/publish")) {
-    switch (rend_cache_store_v2_desc_as_dir(body)) {
-      case RCS_NOTDIR:
-        log_info(LD_REND, "Rejected v2 rend descriptor (length %d) from %s "
-                 "since we're not currently a hidden service directory.",
-                 (int)body_len, conn->base_.address);
-        write_http_status_line(conn, 503, "Currently not acting as v2 "
-                               "hidden service directory");
-        break;
-      case RCS_BADDESC:
-        log_warn(LD_REND, "Rejected v2 rend descriptor (length %d) from %s.",
-                 (int)body_len, conn->base_.address);
-        write_http_status_line(conn, 400,
-                               "Invalid v2 service descriptor rejected");
-        break;
-      case RCS_OKAY:
-      default:
-        write_http_status_line(conn, 200, "Service descriptor (v2) stored");
-        log_info(LD_REND, "Handled v2 rendezvous descriptor post: accepted");
+    if (rend_cache_store_v2_desc_as_dir(body) < 0) {
+      log_warn(LD_REND, "Rejected v2 rend descriptor (length %d) from %s.",
+               (int)body_len, conn->base_.address);
+      write_http_status_line(conn, 400,
+                             "Invalid v2 service descriptor rejected");
+    } else {
+      write_http_status_line(conn, 200, "Service descriptor (v2) stored");
+      log_info(LD_REND, "Handled v2 rendezvous descriptor post: accepted");
     }
     goto done;
   }
@@ -3310,7 +3629,7 @@ connection_dir_finished_flushing(dir_connection_t *conn)
   tor_assert(conn->base_.type == CONN_TYPE_DIR);
 
   /* Note that we have finished writing the directory response. For direct
-   * connections this means we're done, for tunneled connections its only
+   * connections this means we're done; for tunneled connections it's only
    * an intermediate step. */
   if (conn->dirreq_id)
     geoip_change_dirreq_state(conn->dirreq_id, DIRREQ_TUNNELED,
@@ -3351,8 +3670,38 @@ connection_dir_finished_flushing(dir_connection_t *conn)
   return 0;
 }
 
+/* We just got a new consensus! If there are other in-progress requests
+ * for this consensus flavor (for example because we launched several in
+ * parallel), cancel them.
+ *
+ * We do this check here (not just in
+ * connection_ap_handshake_attach_circuit()) to handle the edge case where
+ * a consensus fetch begins and ends before some other one tries to attach to
+ * a circuit, in which case the other one won't know that we're all happy now.
+ *
+ * Don't mark the conn that just gave us the consensus -- otherwise we
+ * would end up double-marking it when it cleans itself up.
+ */
+static void
+connection_dir_close_consensus_fetches(dir_connection_t *except_this_one,
+                                       const char *resource)
+{
+  smartlist_t *conns_to_close =
+    connection_dir_list_by_purpose_and_resource(DIR_PURPOSE_FETCH_CONSENSUS,
+                                                resource);
+  SMARTLIST_FOREACH_BEGIN(conns_to_close, dir_connection_t *, d) {
+    if (d == except_this_one)
+      continue;
+    log_info(LD_DIR, "Closing consensus fetch (to %s) since one "
+             "has just arrived.", TO_CONN(d)->address);
+    connection_mark_for_close(TO_CONN(d));
+  } SMARTLIST_FOREACH_END(d);
+  smartlist_free(conns_to_close);
+}
+
 /** Connected handler for directory connections: begin sending data to the
- * server */
+ * server, and return 0.
+ * Only used when connections don't immediately connect. */
 int
 connection_dir_finished_connecting(dir_connection_t *conn)
 {
@@ -3363,84 +3712,229 @@ connection_dir_finished_connecting(dir_connection_t *conn)
   log_debug(LD_HTTP,"Dir connection to router %s:%u established.",
             conn->base_.address,conn->base_.port);
 
-  conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING; /* start flushing conn */
+  /* start flushing conn */
+  conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING;
   return 0;
 }
 
 /** Decide which download schedule we want to use based on descriptor type
- * in <b>dls</b> and whether we are acting as directory <b>server</b>, and
- * then return a list of int pointers defining download delays in seconds.
- * Helper function for download_status_increment_failure() and
- * download_status_reset(). */
-static const smartlist_t *
-find_dl_schedule_and_len(download_status_t *dls, int server)
+ * in <b>dls</b> and <b>options</b>.
+ * Then return a list of int pointers defining download delays in seconds.
+ * Helper function for download_status_increment_failure(),
+ * download_status_reset(), and download_status_increment_attempt(). */
+STATIC const smartlist_t *
+find_dl_schedule(download_status_t *dls, const or_options_t *options)
 {
+  const int dir_server = dir_server_mode(options);
+  const int multi_d = networkstatus_consensus_can_use_multiple_directories(
+                                                                    options);
+  const int we_are_bootstrapping = networkstatus_consensus_is_bootstrapping(
+                                                                 time(NULL));
+  const int use_fallbacks = networkstatus_consensus_can_use_extra_fallbacks(
+                                                                    options);
   switch (dls->schedule) {
     case DL_SCHED_GENERIC:
-      if (server)
-        return get_options()->TestingServerDownloadSchedule;
-      else
-        return get_options()->TestingClientDownloadSchedule;
+      if (dir_server) {
+        return options->TestingServerDownloadSchedule;
+      } else {
+        return options->TestingClientDownloadSchedule;
+      }
     case DL_SCHED_CONSENSUS:
-      if (server)
-        return get_options()->TestingServerConsensusDownloadSchedule;
-      else
-        return get_options()->TestingClientConsensusDownloadSchedule;
+      if (!multi_d) {
+        return options->TestingServerConsensusDownloadSchedule;
+      } else {
+        if (we_are_bootstrapping) {
+          if (!use_fallbacks) {
+            /* A bootstrapping client without extra fallback directories */
+            return
+             options->ClientBootstrapConsensusAuthorityOnlyDownloadSchedule;
+          } else if (dls->want_authority) {
+            /* A bootstrapping client with extra fallback directories, but
+             * connecting to an authority */
+            return
+             options->ClientBootstrapConsensusAuthorityDownloadSchedule;
+          } else {
+            /* A bootstrapping client connecting to extra fallback directories
+             */
+            return
+              options->ClientBootstrapConsensusFallbackDownloadSchedule;
+          }
+        } else {
+          return options->TestingClientConsensusDownloadSchedule;
+        }
+      }
     case DL_SCHED_BRIDGE:
-      return get_options()->TestingBridgeDownloadSchedule;
+      return options->TestingBridgeDownloadSchedule;
     default:
       tor_assert(0);
   }
+
+  /* Impossible, but gcc will fail with -Werror without a `return`. */
+  return NULL;
 }
 
-/** Called when an attempt to download <b>dls</b> has failed with HTTP status
+/* Find the current delay for dls based on schedule.
+ * Set dls->next_attempt_at based on now, and return the delay.
+ * Helper for download_status_increment_failure and
+ * download_status_increment_attempt. */
+STATIC int
+download_status_schedule_get_delay(download_status_t *dls,
+                                   const smartlist_t *schedule,
+                                   time_t now)
+{
+  tor_assert(dls);
+  tor_assert(schedule);
+
+  int delay = INT_MAX;
+  uint8_t dls_schedule_position = (dls->increment_on
+                                   == DL_SCHED_INCREMENT_ATTEMPT
+                                   ? dls->n_download_attempts
+                                   : dls->n_download_failures);
+
+  if (dls_schedule_position < smartlist_len(schedule))
+    delay = *(int *)smartlist_get(schedule, dls_schedule_position);
+  else if (dls_schedule_position == IMPOSSIBLE_TO_DOWNLOAD)
+    delay = INT_MAX;
+  else
+    delay = *(int *)smartlist_get(schedule, smartlist_len(schedule) - 1);
+
+  /* A negative delay makes no sense. Knowing that delay is
+   * non-negative allows us to safely do the wrapping check below. */
+  tor_assert(delay >= 0);
+
+  /* Avoid now+delay overflowing INT_MAX, by comparing with a subtraction
+   * that won't overflow (since delay is non-negative). */
+  if (delay < INT_MAX && now <= INT_MAX - delay) {
+    dls->next_attempt_at = now+delay;
+  } else {
+    dls->next_attempt_at = TIME_MAX;
+  }
+
+  return delay;
+}
+
+/* Log a debug message about item, which increments on increment_action, has
+ * incremented dls_n_download_increments times. The message varies based on
+ * was_schedule_incremented (if not, not_incremented_response is logged), and
+ * the values of increment, dls_next_attempt_at, and now.
+ * Helper for download_status_increment_failure and
+ * download_status_increment_attempt. */
+static void
+download_status_log_helper(const char *item, int was_schedule_incremented,
+                           const char *increment_action,
+                           const char *not_incremented_response,
+                           uint8_t dls_n_download_increments, int increment,
+                           time_t dls_next_attempt_at, time_t now)
+{
+  if (item) {
+    if (!was_schedule_incremented)
+      log_debug(LD_DIR, "%s %s %d time(s); I'll try again %s.",
+                item, increment_action, (int)dls_n_download_increments,
+                not_incremented_response);
+    else if (increment == 0)
+      log_debug(LD_DIR, "%s %s %d time(s); I'll try again immediately.",
+                item, increment_action, (int)dls_n_download_increments);
+    else if (dls_next_attempt_at < TIME_MAX)
+      log_debug(LD_DIR, "%s %s %d time(s); I'll try again in %d seconds.",
+                item, increment_action, (int)dls_n_download_increments,
+                (int)(dls_next_attempt_at-now));
+    else
+      log_debug(LD_DIR, "%s %s %d time(s); Giving up for a while.",
+                item, increment_action, (int)dls_n_download_increments);
+  }
+}
+
+/** Determine when a failed download attempt should be retried.
+ * Called when an attempt to download <b>dls</b> has failed with HTTP status
  * <b>status_code</b>.  Increment the failure count (if the code indicates a
- * real failure) and set <b>dls</b>-\>next_attempt_at to an appropriate time
- * in the future. */
+ * real failure, or if we're a server) and set <b>dls</b>-\>next_attempt_at to
+ * an appropriate time in the future and return it.
+ * If <b>dls->increment_on</b> is DL_SCHED_INCREMENT_ATTEMPT, increment the
+ * failure count, and return a time in the far future for the next attempt (to
+ * avoid an immediate retry). */
 time_t
 download_status_increment_failure(download_status_t *dls, int status_code,
                                   const char *item, int server, time_t now)
 {
-  const smartlist_t *schedule;
-  int increment;
+  int increment = -1;
   tor_assert(dls);
+
+  /* only count the failure if it's permanent, or we're a server */
   if (status_code != 503 || server) {
     if (dls->n_download_failures < IMPOSSIBLE_TO_DOWNLOAD-1)
       ++dls->n_download_failures;
   }
 
-  schedule = find_dl_schedule_and_len(dls, server);
+  if (dls->increment_on == DL_SCHED_INCREMENT_FAILURE) {
+    /* We don't find out that a failure-based schedule has attempted a
+     * connection until that connection fails.
+     * We'll never find out about successful connections, but this doesn't
+     * matter, because schedules are reset after a successful download.
+     */
+    if (dls->n_download_attempts < IMPOSSIBLE_TO_DOWNLOAD-1)
+      ++dls->n_download_attempts;
 
-  if (dls->n_download_failures < smartlist_len(schedule))
-    increment = *(int *)smartlist_get(schedule, dls->n_download_failures);
-  else if (dls->n_download_failures == IMPOSSIBLE_TO_DOWNLOAD)
-    increment = INT_MAX;
-  else
-    increment = *(int *)smartlist_get(schedule, smartlist_len(schedule) - 1);
+    /* only return a failure retry time if this schedule increments on failures
+     */
+    const smartlist_t *schedule = find_dl_schedule(dls, get_options());
+    increment = download_status_schedule_get_delay(dls, schedule, now);
+  }
 
-  if (increment < INT_MAX)
-    dls->next_attempt_at = now+increment;
-  else
-    dls->next_attempt_at = TIME_MAX;
+  download_status_log_helper(item, !dls->increment_on, "failed",
+                             "concurrently", dls->n_download_failures,
+                             increment, dls->next_attempt_at, now);
 
-  if (item) {
-    if (increment == 0)
-      log_debug(LD_DIR, "%s failed %d time(s); I'll try again immediately.",
-                item, (int)dls->n_download_failures);
-    else if (dls->next_attempt_at < TIME_MAX)
-      log_debug(LD_DIR, "%s failed %d time(s); I'll try again in %d seconds.",
-                item, (int)dls->n_download_failures,
-                (int)(dls->next_attempt_at-now));
-    else
-      log_debug(LD_DIR, "%s failed %d time(s); Giving up for a while.",
-                item, (int)dls->n_download_failures);
+  if (dls->increment_on == DL_SCHED_INCREMENT_ATTEMPT) {
+    /* stop this schedule retrying on failure, it will launch concurrent
+     * connections instead */
+    return TIME_MAX;
+  } else {
+    return dls->next_attempt_at;
+  }
+}
+
+/** Determine when the next download attempt should be made when using an
+ * attempt-based (potentially concurrent) download schedule.
+ * Called when an attempt to download <b>dls</b> is being initiated.
+ * Increment the attempt count and set <b>dls</b>-\>next_attempt_at to an
+ * appropriate time in the future and return it.
+ * If <b>dls->increment_on</b> is DL_SCHED_INCREMENT_FAILURE, don't increment
+ * the attempts, and return a time in the far future (to avoid launching a
+ * concurrent attempt). */
+time_t
+download_status_increment_attempt(download_status_t *dls, const char *item,
+                                  time_t now)
+{
+  int delay = -1;
+  tor_assert(dls);
+
+  if (dls->increment_on == DL_SCHED_INCREMENT_FAILURE) {
+    /* this schedule should retry on failure, and not launch any concurrent
+     attempts */
+    log_info(LD_BUG, "Tried to launch an attempt-based connection on a "
+             "failure-based schedule.");
+    return TIME_MAX;
   }
+
+  if (dls->n_download_attempts < IMPOSSIBLE_TO_DOWNLOAD-1)
+    ++dls->n_download_attempts;
+
+  const smartlist_t *schedule = find_dl_schedule(dls, get_options());
+  delay = download_status_schedule_get_delay(dls, schedule, now);
+
+  download_status_log_helper(item, dls->increment_on, "attempted",
+                             "on failure", dls->n_download_attempts,
+                             delay, dls->next_attempt_at, now);
+
   return dls->next_attempt_at;
 }
 
 /** Reset <b>dls</b> so that it will be considered downloadable
  * immediately, and/or to show that we don't need it anymore.
  *
+ * Must be called to initialise a download schedule, otherwise the zeroth item
+ * in the schedule will never be used.
+ *
  * (We find the zeroth element of the download schedule, and set
  * next_attempt_at to be the appropriate offset from 'now'. In most
  * cases this means setting it to 'now', so the item will be immediately
@@ -3449,11 +3943,16 @@ download_status_increment_failure(download_status_t *dls, int status_code,
 void
 download_status_reset(download_status_t *dls)
 {
-  const smartlist_t *schedule = find_dl_schedule_and_len(
-                          dls, get_options()->DirPort_set);
+  if (dls->n_download_failures == IMPOSSIBLE_TO_DOWNLOAD
+      || dls->n_download_attempts == IMPOSSIBLE_TO_DOWNLOAD)
+    return; /* Don't reset this. */
+
+  const smartlist_t *schedule = find_dl_schedule(dls, get_options());
 
   dls->n_download_failures = 0;
+  dls->n_download_attempts = 0;
   dls->next_attempt_at = time(NULL) + *(int *)smartlist_get(schedule, 0);
+  /* Don't reset dls->want_authority or dls->increment_on */
 }
 
 /** Return the number of failures on <b>dls</b> since the last success (if
@@ -3464,6 +3963,22 @@ download_status_get_n_failures(const download_status_t *dls)
   return dls->n_download_failures;
 }
 
+/** Return the number of attempts to download <b>dls</b> since the last success
+ * (if any). This can differ from download_status_get_n_failures() due to
+ * outstanding concurrent attempts. */
+int
+download_status_get_n_attempts(const download_status_t *dls)
+{
+  return dls->n_download_attempts;
+}
+
+/** Return the next time to attempt to download <b>dls</b>. */
+time_t
+download_status_get_next_attempt_at(const download_status_t *dls)
+{
+  return dls->next_attempt_at;
+}
+
 /** Called when one or more routerdesc (or extrainfo, if <b>was_extrainfo</b>)
  * fetches have failed (with uppercase fingerprints listed in <b>failed</b>,
  * either as descriptor digests or as identity digests based on
diff --git a/src/or/directory.h b/src/or/directory.h
index bc200797d4..7646cac03f 100644
--- a/src/or/directory.h
+++ b/src/or/directory.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -16,17 +16,20 @@ int directories_have_accepted_server_descriptor(void);
 void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
                                   dirinfo_type_t type, const char *payload,
                                   size_t payload_len, size_t extrainfo_len);
-void directory_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
-                                  const char *resource,
-                                  int pds_flags);
+MOCK_DECL(void, directory_get_from_dirserver, (
+                          uint8_t dir_purpose,
+                          uint8_t router_purpose,
+                          const char *resource,
+                          int pds_flags,
+                          download_want_authority_t want_authority));
 void directory_get_from_all_authorities(uint8_t dir_purpose,
                                         uint8_t router_purpose,
                                         const char *resource);
 
 /** Enumeration of ways to connect to a directory server */
 typedef enum {
-  /** Default: connect over a one-hop Tor circuit but fall back to direct
-   * connection */
+  /** Default: connect over a one-hop Tor circuit. Relays fall back to direct
+   * DirPort connections, clients, onion services, and bridges do not */
   DIRIND_ONEHOP=0,
   /** Connect over a multi-hop anonymizing Tor circuit */
   DIRIND_ANONYMOUS=1,
@@ -36,14 +39,18 @@ typedef enum {
   DIRIND_ANON_DIRPORT,
 } dir_indirection_t;
 
-void directory_initiate_command_routerstatus(const routerstatus_t *status,
-                                             uint8_t dir_purpose,
-                                             uint8_t router_purpose,
-                                             dir_indirection_t indirection,
-                                             const char *resource,
-                                             const char *payload,
-                                             size_t payload_len,
-                                             time_t if_modified_since);
+int directory_must_use_begindir(const or_options_t *options);
+
+MOCK_DECL(void, directory_initiate_command_routerstatus,
+                (const routerstatus_t *status,
+                 uint8_t dir_purpose,
+                 uint8_t router_purpose,
+                 dir_indirection_t indirection,
+                 const char *resource,
+                 const char *payload,
+                 size_t payload_len,
+                 time_t if_modified_since));
+
 void directory_initiate_command_routerstatus_rend(const routerstatus_t *status,
                                                   uint8_t dir_purpose,
                                                   uint8_t router_purpose,
@@ -63,8 +70,8 @@ int connection_dir_process_inbuf(dir_connection_t *conn);
 int connection_dir_finished_flushing(dir_connection_t *conn);
 int connection_dir_finished_connecting(dir_connection_t *conn);
 void connection_dir_about_to_close(dir_connection_t *dir_conn);
-void directory_initiate_command(const tor_addr_t *addr,
-                                uint16_t or_port, uint16_t dir_port,
+void directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
+                                const tor_addr_t *dir_addr, uint16_t dir_port,
                                 const char *digest,
                                 uint8_t dir_purpose, uint8_t router_purpose,
                                 dir_indirection_t indirection,
@@ -89,38 +96,64 @@ int router_supports_extrainfo(const char *identity_digest, int is_authority);
 time_t download_status_increment_failure(download_status_t *dls,
                                          int status_code, const char *item,
                                          int server, time_t now);
+time_t download_status_increment_attempt(download_status_t *dls,
+                                         const char *item,  time_t now);
 /** Increment the failure count of the download_status_t <b>dls</b>, with
  * the optional status code <b>sc</b>. */
 #define download_status_failed(dls, sc)                                 \
   download_status_increment_failure((dls), (sc), NULL,                  \
-                                    get_options()->DirPort_set, time(NULL))
+                                    dir_server_mode(get_options()), \
+                                    time(NULL))
 
 void download_status_reset(download_status_t *dls);
 static int download_status_is_ready(download_status_t *dls, time_t now,
                                     int max_failures);
 /** Return true iff, as of <b>now</b>, the resource tracked by <b>dls</b> is
  * ready to get its download reattempted. */
-static INLINE int
+static inline int
 download_status_is_ready(download_status_t *dls, time_t now,
                          int max_failures)
 {
-  return (dls->n_download_failures <= max_failures
-          && dls->next_attempt_at <= now);
+  int under_failure_limit = (dls->n_download_failures <= max_failures
+                             && dls->n_download_attempts <= max_failures);
+  return (under_failure_limit && dls->next_attempt_at <= now);
 }
 
 static void download_status_mark_impossible(download_status_t *dl);
 /** Mark <b>dl</b> as never downloadable. */
-static INLINE void
+static inline void
 download_status_mark_impossible(download_status_t *dl)
 {
   dl->n_download_failures = IMPOSSIBLE_TO_DOWNLOAD;
+  dl->n_download_attempts = IMPOSSIBLE_TO_DOWNLOAD;
 }
 
 int download_status_get_n_failures(const download_status_t *dls);
+int download_status_get_n_attempts(const download_status_t *dls);
+time_t download_status_get_next_attempt_at(const download_status_t *dls);
 
 #ifdef TOR_UNIT_TESTS
 /* Used only by directory.c and test_dir.c */
+
 STATIC int parse_http_url(const char *headers, char **url);
+STATIC int purpose_needs_anonymity(uint8_t dir_purpose,
+                                   uint8_t router_purpose);
+STATIC dirinfo_type_t dir_fetch_type(int dir_purpose, int router_purpose,
+                                     const char *resource);
+STATIC int directory_handle_command_get(dir_connection_t *conn,
+                                        const char *headers,
+                                        const char *req_body,
+                                        size_t req_body_len);
+STATIC int download_status_schedule_get_delay(download_status_t *dls,
+                                              const smartlist_t *schedule,
+                                              time_t now);
+
+STATIC char* authdir_type_to_string(dirinfo_type_t auth);
+STATIC const char * dir_conn_purpose_to_string(int purpose);
+STATIC int should_use_directory_guards(const or_options_t *options);
+STATIC zlib_compression_level_t choose_compression_level(ssize_t n_bytes);
+STATIC const smartlist_t *find_dl_schedule(download_status_t *dls,
+                                           const or_options_t *options);
 #endif
 
 #endif
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 03b32cb2f3..dafaed8bf2 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define DIRSERV_PRIVATE
@@ -18,6 +18,7 @@
 #include "dirserv.h"
 #include "dirvote.h"
 #include "hibernate.h"
+#include "keypin.h"
 #include "microdesc.h"
 #include "networkstatus.h"
 #include "nodelist.h"
@@ -27,6 +28,7 @@
 #include "routerlist.h"
 #include "routerparse.h"
 #include "routerset.h"
+#include "torcert.h"
 
 /**
  * \file dirserv.c
@@ -56,13 +58,11 @@ static int routers_with_measured_bw = 0;
 static void directory_remove_invalid(void);
 static char *format_versions_list(config_line_t *ln);
 struct authdir_config_t;
-static int add_fingerprint_to_dir(const char *nickname, const char *fp,
-                                  struct authdir_config_t *list);
 static uint32_t
 dirserv_get_status_impl(const char *fp, const char *nickname,
                         uint32_t addr, uint16_t or_port,
-                        const char *platform, const char *contact,
-                        const char **msg, int should_log);
+                        const char *platform, const char **msg,
+                        int severity);
 static void clear_cached_dir(cached_dir_t *d);
 static const signed_descriptor_t *get_signed_descriptor_by_fp(
                                                         const char *fp,
@@ -75,19 +75,19 @@ static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri);
 
 /************** Fingerprint handling code ************/
 
-#define FP_NAMED   1  /**< Listed in fingerprint file. */
+/*                 1  Historically used to indicate Named */
 #define FP_INVALID 2  /**< Believed invalid. */
 #define FP_REJECT  4  /**< We will not publish this router. */
-#define FP_BADDIR  8  /**< We'll tell clients to avoid using this as a dir. */
+/*                 8  Historically used to avoid using this as a dir. */
 #define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
-#define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
+/*                 32 Historically used to indicade Unnamed */
 
-/** Encapsulate a nickname and an FP_* status; target of status_by_digest
- * map. */
-typedef struct router_status_t {
-  char nickname[MAX_NICKNAME_LEN+1];
-  uint32_t status;
-} router_status_t;
+/** Target of status_by_digest map. */
+typedef uint32_t router_status_t;
+
+static void add_fingerprint_to_dir(const char *fp,
+                                   struct authdir_config_t *list,
+                                   router_status_t add_status);
 
 /** List of nickname-\>identity fingerprint mappings for all the routers
  * that we name.  Used to prevent router impersonation. */
@@ -109,18 +109,17 @@ authdir_config_new(void)
   return list;
 }
 
-/** Add the fingerprint <b>fp</b> for <b>nickname</b> to
- * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
- * new, or 1 if we replaced the old value.
+/** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
+ * <b>list</b>, or-ing the currently set status flags with
+ * <b>add_status</b>.
  */
-/* static */ int
-add_fingerprint_to_dir(const char *nickname, const char *fp,
-                       authdir_config_t *list)
+/* static */ void
+add_fingerprint_to_dir(const char *fp, authdir_config_t *list,
+                       router_status_t add_status)
 {
   char *fingerprint;
   char d[DIGEST_LEN];
   router_status_t *status;
-  tor_assert(nickname);
   tor_assert(fp);
   tor_assert(list);
 
@@ -130,14 +129,7 @@ add_fingerprint_to_dir(const char *nickname, const char *fp,
     log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
              escaped(fp));
     tor_free(fingerprint);
-    return 0;
-  }
-
-  if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
-    log_warn(LD_DIRSERV, "Tried to add a mapping for reserved nickname %s",
-             UNNAMED_ROUTER_NICKNAME);
-    tor_free(fingerprint);
-    return 0;
+    return;
   }
 
   status = digestmap_get(list->status_by_digest, d);
@@ -146,35 +138,15 @@ add_fingerprint_to_dir(const char *nickname, const char *fp,
     digestmap_set(list->status_by_digest, d, status);
   }
 
-  if (nickname[0] != '!') {
-    char *old_fp = strmap_get_lc(list->fp_by_name, nickname);
-    if (old_fp && !strcasecmp(fingerprint, old_fp)) {
-      tor_free(fingerprint);
-    } else {
-      tor_free(old_fp);
-      strmap_set_lc(list->fp_by_name, nickname, fingerprint);
-    }
-    status->status |= FP_NAMED;
-    strlcpy(status->nickname, nickname, sizeof(status->nickname));
-  } else {
-    tor_free(fingerprint);
-    if (!strcasecmp(nickname, "!reject")) {
-      status->status |= FP_REJECT;
-    } else if (!strcasecmp(nickname, "!invalid")) {
-      status->status |= FP_INVALID;
-    } else if (!strcasecmp(nickname, "!baddir")) {
-      status->status |= FP_BADDIR;
-    } else if (!strcasecmp(nickname, "!badexit")) {
-      status->status |= FP_BADEXIT;
-    }
-  }
-  return 0;
+  tor_free(fingerprint);
+  *status |= add_status;
+  return;
 }
 
-/** Add the nickname and fingerprint for this OR to the
- * global list of recognized identity key fingerprints. */
+/** Add the fingerprint for this OR to the global list of recognized
+ * identity key fingerprints. */
 int
-dirserv_add_own_fingerprint(const char *nickname, crypto_pk_t *pk)
+dirserv_add_own_fingerprint(crypto_pk_t *pk)
 {
   char fp[FINGERPRINT_LEN+1];
   if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
@@ -183,7 +155,7 @@ dirserv_add_own_fingerprint(const char *nickname, crypto_pk_t *pk)
   }
   if (!fingerprint_list)
     fingerprint_list = authdir_config_new();
-  add_fingerprint_to_dir(nickname, fp, fingerprint_list);
+  add_fingerprint_to_dir(fp, fingerprint_list, 0);
   return 0;
 }
 
@@ -201,7 +173,6 @@ dirserv_load_fingerprint_file(void)
   authdir_config_t *fingerprint_list_new;
   int result;
   config_line_t *front=NULL, *list;
-  const or_options_t *options = get_options();
 
   fname = get_datadir_fname("approved-routers");
   log_info(LD_GENERAL,
@@ -209,15 +180,9 @@ dirserv_load_fingerprint_file(void)
 
   cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
   if (!cf) {
-    if (options->NamingAuthoritativeDir) {
-      log_warn(LD_FS, "Cannot open fingerprint file '%s'. Failing.", fname);
-      tor_free(fname);
-      return -1;
-    } else {
-      log_info(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
-      tor_free(fname);
-      return 0;
-    }
+    log_warn(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
+    tor_free(fname);
+    return 0;
   }
   tor_free(fname);
 
@@ -232,22 +197,8 @@ dirserv_load_fingerprint_file(void)
 
   for (list=front; list; list=list->next) {
     char digest_tmp[DIGEST_LEN];
+    router_status_t add_status = 0;
     nickname = list->key; fingerprint = list->value;
-    if (strlen(nickname) > MAX_NICKNAME_LEN) {
-      log_notice(LD_CONFIG,
-                 "Nickname '%s' too long in fingerprint file. Skipping.",
-                 nickname);
-      continue;
-    }
-    if (!is_legal_nickname(nickname) &&
-        strcasecmp(nickname, "!reject") &&
-        strcasecmp(nickname, "!invalid") &&
-        strcasecmp(nickname, "!badexit")) {
-      log_notice(LD_CONFIG,
-                 "Invalid nickname '%s' in fingerprint file. Skipping.",
-                 nickname);
-      continue;
-    }
     tor_strstrip(fingerprint, " "); /* remove spaces */
     if (strlen(fingerprint) != HEX_DIGEST_LEN ||
         base16_decode(digest_tmp, sizeof(digest_tmp),
@@ -258,26 +209,14 @@ dirserv_load_fingerprint_file(void)
                  nickname, fingerprint);
       continue;
     }
-    if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
-      /* If you approved an OR called "client", then clients who use
-       * the default nickname could all be rejected.  That's no good. */
-      log_notice(LD_CONFIG,
-                 "Authorizing nickname '%s' would break "
-                 "many clients; skipping.",
-                 DEFAULT_CLIENT_NICKNAME);
-      continue;
-    }
-    if (0==strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) {
-      /* If you approved an OR called "unnamed", then clients will be
-       * confused. */
-      log_notice(LD_CONFIG,
-                 "Authorizing nickname '%s' is not allowed; skipping.",
-                 UNNAMED_ROUTER_NICKNAME);
-      continue;
+    if (!strcasecmp(nickname, "!reject")) {
+        add_status = FP_REJECT;
+    } else if (!strcasecmp(nickname, "!badexit")) {
+        add_status = FP_BADEXIT;
+    } else if (!strcasecmp(nickname, "!invalid")) {
+        add_status = FP_INVALID;
     }
-    if (add_fingerprint_to_dir(nickname, fingerprint, fingerprint_list_new)
-        != 0)
-      log_notice(LD_CONFIG, "Duplicate nickname '%s'.", nickname);
+    add_fingerprint_to_dir(fingerprint, fingerprint_list_new, add_status);
   }
 
   config_free_lines(front);
@@ -288,6 +227,16 @@ dirserv_load_fingerprint_file(void)
   return 0;
 }
 
+/* If this is set, then we don't allow routers that have advertised an Ed25519
+ * identity to stop doing so.  This is going to be essential for good identity
+ * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
+ * just sign fake descriptors missing the Ed25519 key.  But we won't actually
+ * be able to prevent that kind of thing until we're confident that there
+ * isn't actually a legit reason to downgrade to 0.2.5.  So for now, we have
+ * to leave this #undef.
+ */
+#undef DISABLE_DISABLING_ED25519
+
 /** Check whether <b>router</b> has a nickname/identity key combination that
  * we recognize from the fingerprint list, or an IP we automatically act on
  * according to our configuration.  Return the appropriate router status.
@@ -295,9 +244,11 @@ dirserv_load_fingerprint_file(void)
  * If the status is 'FP_REJECT' and <b>msg</b> is provided, set
  * *<b>msg</b> to an explanation of why. */
 uint32_t
-dirserv_router_get_status(const routerinfo_t *router, const char **msg)
+dirserv_router_get_status(const routerinfo_t *router, const char **msg,
+                          int severity)
 {
   char d[DIGEST_LEN];
+  const int key_pinning = get_options()->AuthDirPinKeys;
 
   if (crypto_pk_get_digest(router->identity_pkey, d)) {
     log_warn(LD_BUG,"Error computing fingerprint");
@@ -306,10 +257,45 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg)
     return FP_REJECT;
   }
 
+  if (router->cache_info.signing_key_cert) {
+    /* This has an ed25519 identity key. */
+    if (KEYPIN_MISMATCH ==
+        keypin_check((const uint8_t*)router->cache_info.identity_digest,
+                   router->cache_info.signing_key_cert->signing_key.pubkey)) {
+      log_fn(severity, LD_DIR,
+             "Descriptor from router %s has an Ed25519 key, "
+               "but the <rsa,ed25519> keys don't match what they were before.",
+               router_describe(router));
+      if (key_pinning) {
+        if (msg) {
+          *msg = "Ed25519 identity key or RSA identity key has changed.";
+        }
+        return FP_REJECT;
+      }
+    }
+  } else {
+    /* No ed25519 key */
+    if (KEYPIN_MISMATCH == keypin_check_lone_rsa(
+                        (const uint8_t*)router->cache_info.identity_digest)) {
+      log_fn(severity, LD_DIR,
+               "Descriptor from router %s has no Ed25519 key, "
+               "when we previously knew an Ed25519 for it. Ignoring for now, "
+               "since Ed25519 keys are fairly new.",
+               router_describe(router));
+#ifdef DISABLE_DISABLING_ED25519
+      if (key_pinning) {
+        if (msg) {
+          *msg = "Ed25519 identity key has disappeared.";
+        }
+        return FP_REJECT;
+      }
+#endif
+    }
+  }
+
   return dirserv_get_status_impl(d, router->nickname,
                                  router->addr, router->or_port,
-                                 router->platform, router->contact_info,
-                                 msg, 1);
+                                 router->platform, msg, severity);
 }
 
 /** Return true if there is no point in downloading the router described by
@@ -321,103 +307,45 @@ dirserv_would_reject_router(const routerstatus_t *rs)
 
   res = dirserv_get_status_impl(rs->identity_digest, rs->nickname,
                                 rs->addr, rs->or_port,
-                                NULL, NULL,
-                                NULL, 0);
+                                NULL, NULL, LOG_DEBUG);
 
   return (res & FP_REJECT) != 0;
 }
 
-/** Helper: Based only on the ID/Nickname combination,
- * return FP_UNNAMED (unnamed), FP_NAMED (named), or 0 (neither).
- */
-static uint32_t
-dirserv_get_name_status(const char *id_digest, const char *nickname)
-{
-  char fp[HEX_DIGEST_LEN+1];
-  char *fp_by_name;
-
-  base16_encode(fp, sizeof(fp), id_digest, DIGEST_LEN);
-
-  if ((fp_by_name =
-       strmap_get_lc(fingerprint_list->fp_by_name, nickname))) {
-    if (!strcasecmp(fp, fp_by_name)) {
-      return FP_NAMED;
-    } else {
-      return FP_UNNAMED; /* Wrong fingerprint. */
-    }
-  }
-  return 0;
-}
-
 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
  * (hex, no spaces), nickname, address (used for logging only), IP address, OR
- * port, platform (logging only) and contact info (logging only) as arguments.
+ * port and platform (logging only) as arguments.
  *
- * If should_log is false, do not log messages.  (There's not much point in
+ * Log messages at 'severity'. (There's not much point in
  * logging that we're rejecting servers we'll not download.)
  */
 static uint32_t
 dirserv_get_status_impl(const char *id_digest, const char *nickname,
                         uint32_t addr, uint16_t or_port,
-                        const char *platform, const char *contact,
-                        const char **msg, int should_log)
+                        const char *platform, const char **msg, int severity)
 {
-  int reject_unlisted = get_options()->AuthDirRejectUnlisted;
-  uint32_t result;
+  uint32_t result = 0;
   router_status_t *status_by_digest;
 
   if (!fingerprint_list)
     fingerprint_list = authdir_config_new();
 
-  if (should_log)
-    log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
-              strmap_size(fingerprint_list->fp_by_name),
-              digestmap_size(fingerprint_list->status_by_digest));
+  log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
+            strmap_size(fingerprint_list->fp_by_name),
+            digestmap_size(fingerprint_list->status_by_digest));
 
-  /* Versions before Tor 0.2.3.16-alpha are too old to support, and are
+  /* Versions before Tor 0.2.4.18-rc are too old to support, and are
    * missing some important security fixes too. Disable them. */
-  if (platform && !tor_version_as_new_as(platform,"0.2.3.16-alpha")) {
+  if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) {
     if (msg)
       *msg = "Tor version is insecure or unsupported. Please upgrade!";
     return FP_REJECT;
   }
-#if 0
-  else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) {
-    /* Versions from 0.2.3-alpha...0.2.3.9-alpha have known security
-     * issues that make them unusable for the current network */
-    if (!tor_version_as_new_as(platform, "0.2.3.10-alpha")) {
-      if (msg)
-        *msg = "Tor version is insecure or unsupported. Please upgrade!";
-      return FP_REJECT;
-    }
-  }
-#endif
-
-  result = dirserv_get_name_status(id_digest, nickname);
-  if (result & FP_NAMED) {
-    if (should_log)
-      log_debug(LD_DIRSERV,"Good fingerprint for '%s'",nickname);
-  }
-  if (result & FP_UNNAMED) {
-    if (should_log) {
-      char *esc_contact = esc_for_log(contact);
-      log_info(LD_DIRSERV,
-               "Mismatched fingerprint for '%s'. "
-               "ContactInfo '%s', platform '%s'.)",
-               nickname,
-               esc_contact,
-               platform ? escaped(platform) : "");
-      tor_free(esc_contact);
-    }
-    if (msg)
-      *msg = "Rejected: There is already a named server with this nickname "
-        "and a different fingerprint.";
-  }
 
   status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
                                    id_digest);
   if (status_by_digest)
-    result |= (status_by_digest->status & ~FP_NAMED);
+    result |= *status_by_digest;
 
   if (result & FP_REJECT) {
     if (msg)
@@ -428,61 +356,30 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
       *msg = "Fingerprint is marked invalid";
   }
 
-  if (authdir_policy_baddir_address(addr, or_port)) {
-    if (should_log)
-      log_info(LD_DIRSERV,
-               "Marking '%s' as bad directory because of address '%s'",
-               nickname, fmt_addr32(addr));
-    result |= FP_BADDIR;
-  }
-
   if (authdir_policy_badexit_address(addr, or_port)) {
-    if (should_log)
-      log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
+    log_fn(severity, LD_DIRSERV,
+           "Marking '%s' as bad exit because of address '%s'",
                nickname, fmt_addr32(addr));
     result |= FP_BADEXIT;
   }
 
-  if (!(result & FP_NAMED)) {
-    if (!authdir_policy_permits_address(addr, or_port)) {
-      if (should_log)
-        log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
-                 nickname, fmt_addr32(addr));
-      if (msg)
-        *msg = "Authdir is rejecting routers in this range.";
-      return FP_REJECT;
-    }
-    if (!authdir_policy_valid_address(addr, or_port)) {
-      if (should_log)
-        log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
-                 nickname, fmt_addr32(addr));
-      result |= FP_INVALID;
-    }
-    if (reject_unlisted) {
-      if (msg)
-        *msg = "Authdir rejects unknown routers.";
-      return FP_REJECT;
-    }
+  if (!authdir_policy_permits_address(addr, or_port)) {
+    log_fn(severity, LD_DIRSERV, "Rejecting '%s' because of address '%s'",
+               nickname, fmt_addr32(addr));
+    if (msg)
+      *msg = "Authdir is rejecting routers in this range.";
+    return FP_REJECT;
+  }
+  if (!authdir_policy_valid_address(addr, or_port)) {
+    log_fn(severity, LD_DIRSERV,
+           "Not marking '%s' valid because of address '%s'",
+               nickname, fmt_addr32(addr));
+    result |= FP_INVALID;
   }
 
   return result;
 }
 
-/** If we are an authoritative dirserver, and the list of approved
- * servers contains one whose identity key digest is <b>digest</b>,
- * return that router's nickname.  Otherwise return NULL. */
-const char *
-dirserv_get_nickname_by_digest(const char *digest)
-{
-  router_status_t *status;
-  if (!fingerprint_list)
-    return NULL;
-  tor_assert(digest);
-
-  status = digestmap_get(fingerprint_list->status_by_digest, digest);
-  return status ? status->nickname : NULL;
-}
-
 /** Clear the current fingerprint list. */
 void
 dirserv_free_fingerprint_list(void)
@@ -519,7 +416,7 @@ dirserv_router_has_valid_address(routerinfo_t *ri)
 }
 
 /** Check whether we, as a directory server, want to accept <b>ri</b>.  If so,
- * set its is_valid,named,running fields and return 0.  Otherwise, return -1.
+ * set its is_valid,running fields and return 0.  Otherwise, return -1.
  *
  * If the router is rejected, set *<b>msg</b> to an explanation of why.
  *
@@ -531,9 +428,9 @@ authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
                                int complain, int *valid_out)
 {
   /* Okay.  Now check whether the fingerprint is recognized. */
-  uint32_t status = dirserv_router_get_status(ri, msg);
   time_t now;
   int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
+  uint32_t status = dirserv_router_get_status(ri, msg, severity);
   tor_assert(msg);
   if (status & FP_REJECT)
     return -1; /* msg is already set. */
@@ -584,7 +481,6 @@ dirserv_set_node_flags_from_authoritative_status(node_t *node,
                                                  uint32_t authstatus)
 {
   node->is_valid = (authstatus & FP_INVALID) ? 0 : 1;
-  node->is_bad_directory = (authstatus & FP_BADDIR) ? 1 : 0;
   node->is_bad_exit = (authstatus & FP_BADEXIT) ? 1 : 0;
 }
 
@@ -630,7 +526,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
   s = desc;
   list = smartlist_new();
   if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
-                                     annotation_buf)) {
+                                     annotation_buf, NULL)) {
     SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
         msg_out = NULL;
         tor_assert(ri->purpose == purpose);
@@ -646,7 +542,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
 
   s = desc;
   if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
-                                     NULL)) {
+                                     NULL, NULL)) {
     SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
         msg_out = NULL;
 
@@ -664,7 +560,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
     if (!n_parsed) {
       *msg = "No descriptors found in your POST.";
       if (WRA_WAS_ADDED(r))
-        r = ROUTER_WAS_NOT_NEW;
+        r = ROUTER_IS_ALREADY_KNOWN;
     } else {
       *msg = "(no message)";
     }
@@ -689,7 +585,9 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
   was_router_added_t r;
   routerinfo_t *ri_old;
   char *desc, *nickname;
-  size_t desclen = 0;
+  const size_t desclen = ri->cache_info.signed_descriptor_len +
+      ri->cache_info.annotations_len;
+  const int key_pinning = get_options()->AuthDirPinKeys;
   *msg = NULL;
 
   /* If it's too big, refuse it now. Otherwise we'll cache it all over the
@@ -703,7 +601,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
     *msg = "Router descriptor was too large.";
     control_event_or_authdir_new_descriptor("REJECTED",
                ri->cache_info.signed_descriptor_body,
-               ri->cache_info.signed_descriptor_len, *msg);
+                                            desclen, *msg);
     routerinfo_free(ri);
     return ROUTER_AUTHDIR_REJECTS;
   }
@@ -724,14 +622,36 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
       "the last one with this identity.";
     control_event_or_authdir_new_descriptor("DROPPED",
                          ri->cache_info.signed_descriptor_body,
-                         ri->cache_info.signed_descriptor_len, *msg);
+                                            desclen, *msg);
     routerinfo_free(ri);
-    return ROUTER_WAS_NOT_NEW;
+    return ROUTER_IS_ALREADY_KNOWN;
+  }
+
+  /* Do keypinning again ... this time, to add the pin if appropriate */
+  int keypin_status;
+  if (ri->cache_info.signing_key_cert) {
+    keypin_status = keypin_check_and_add(
+      (const uint8_t*)ri->cache_info.identity_digest,
+      ri->cache_info.signing_key_cert->signing_key.pubkey,
+      ! key_pinning);
+  } else {
+    keypin_status = keypin_check_lone_rsa(
+      (const uint8_t*)ri->cache_info.identity_digest);
+#ifndef DISABLE_DISABLING_ED25519
+    if (keypin_status == KEYPIN_MISMATCH)
+      keypin_status = KEYPIN_NOT_FOUND;
+#endif
+  }
+  if (keypin_status == KEYPIN_MISMATCH && key_pinning) {
+    log_info(LD_DIRSERV, "Dropping descriptor from %s (source: %s) because "
+             "its key did not match an older RSA/Ed25519 keypair",
+             router_describe(ri), source);
+    *msg = "Looks like your keypair does not match its older value.";
+    return ROUTER_AUTHDIR_REJECTS;
   }
 
   /* Make a copy of desc, since router_add_to_routerlist might free
    * ri and its associated signed_descriptor_t. */
-  desclen = ri->cache_info.signed_descriptor_len;
   desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
   nickname = tor_strdup(ri->nickname);
 
@@ -771,12 +691,14 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
 static was_router_added_t
 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
 {
-  const routerinfo_t *ri;
+  routerinfo_t *ri;
   int r;
   tor_assert(msg);
   *msg = NULL;
 
-  ri = router_get_by_id_digest(ei->cache_info.identity_digest);
+  /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
+   * can mess with some of the flags in ri->cache_info. */
+  ri = router_get_mutable_by_digest(ei->cache_info.identity_digest);
   if (!ri) {
     *msg = "No corresponding router descriptor for extra-info descriptor";
     extrainfo_free(ei);
@@ -796,9 +718,10 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
     return ROUTER_BAD_EI;
   }
 
-  if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) {
+  if ((r = routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei,
+                                                  &ri->cache_info, msg))) {
     extrainfo_free(ei);
-    return r < 0 ? ROUTER_WAS_NOT_NEW : ROUTER_BAD_EI;
+    return r < 0 ? ROUTER_IS_ALREADY_KNOWN : ROUTER_BAD_EI;
   }
   router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
   return ROUTER_ADDED_SUCCESSFULLY;
@@ -816,13 +739,13 @@ directory_remove_invalid(void)
   smartlist_add_all(nodes, nodelist_get_list());
 
   SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
-    const char *msg;
+    const char *msg = NULL;
     routerinfo_t *ent = node->ri;
     char description[NODE_DESC_BUF_LEN];
     uint32_t r;
     if (!ent)
       continue;
-    r = dirserv_router_get_status(ent, &msg);
+    r = dirserv_router_get_status(ent, &msg, LOG_INFO);
     router_get_description(description, ent);
     if (r & FP_REJECT) {
       log_info(LD_DIRSERV, "Router %s is now rejected: %s",
@@ -830,30 +753,11 @@ directory_remove_invalid(void)
       routerlist_remove(rl, ent, 0, time(NULL));
       continue;
     }
-#if 0
-    if (bool_neq((r & FP_NAMED), ent->auth_says_is_named)) {
-      log_info(LD_DIRSERV,
-               "Router %s is now %snamed.", description,
-               (r&FP_NAMED)?"":"un");
-      ent->is_named = (r&FP_NAMED)?1:0;
-    }
-    if (bool_neq((r & FP_UNNAMED), ent->auth_says_is_unnamed)) {
-      log_info(LD_DIRSERV,
-               "Router '%s' is now %snamed. (FP_UNNAMED)", description,
-               (r&FP_NAMED)?"":"un");
-      ent->is_named = (r&FP_NUNAMED)?0:1;
-    }
-#endif
     if (bool_neq((r & FP_INVALID), !node->is_valid)) {
       log_info(LD_DIRSERV, "Router '%s' is now %svalid.", description,
                (r&FP_INVALID) ? "in" : "");
       node->is_valid = (r&FP_INVALID)?0:1;
     }
-    if (bool_neq((r & FP_BADDIR), node->is_bad_directory)) {
-      log_info(LD_DIRSERV, "Router '%s' is now a %s directory", description,
-               (r & FP_BADDIR) ? "bad" : "good");
-      node->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
-    }
     if (bool_neq((r & FP_BADEXIT), node->is_bad_exit)) {
       log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
                (r & FP_BADEXIT) ? "bad" : "good");
@@ -896,7 +800,7 @@ list_single_server_status(const routerinfo_t *desc, int is_live)
 }
 
 /* DOCDOC running_long_enough_to_decide_unreachable */
-static INLINE int
+static inline int
 running_long_enough_to_decide_unreachable(void)
 {
   return time_of_process_start
@@ -904,7 +808,7 @@ running_long_enough_to_decide_unreachable(void)
 }
 
 /** Each server needs to have passed a reachability test no more
- * than this number of seconds ago, or he is listed as down in
+ * than this number of seconds ago, or it is listed as down in
  * the directory. */
 #define REACHABLE_TIMEOUT (45*60)
 
@@ -1051,16 +955,33 @@ format_versions_list(config_line_t *ln)
 }
 
 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
- * not hibernating, and not too old. Else return 0.
+ * not hibernating, having observed bw greater 0, and not too old. Else
+ * return 0.
  */
 static int
 router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
 {
   time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
-  if (ri->cache_info.published_on < cutoff)
+  if (ri->cache_info.published_on < cutoff) {
     return 0;
-  if (!node->is_running || !node->is_valid || ri->is_hibernating)
+  }
+  if (!node->is_running || !node->is_valid || ri->is_hibernating) {
     return 0;
+  }
+  /* Only require bandwith capacity in non-test networks, or
+   * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
+  if (!ri->bandwidthcapacity) {
+    if (get_options()->TestingTorNetwork) {
+      if (get_options()->TestingMinExitFlagThreshold > 0) {
+        /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
+         * then require bandwidthcapacity */
+        return 0;
+      }
+    } else {
+      /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
+      return 0;
+    }
+  }
   return 1;
 }
 
@@ -1173,13 +1094,13 @@ directory_fetches_from_authorities(const or_options_t *options)
     return 1; /* we don't know our IP address; ask an authority. */
   refuseunknown = ! router_my_exit_policy_is_reject_star() &&
     should_refuse_unknown_exits(options);
-  if (!options->DirPort_set && !refuseunknown)
+  if (!dir_server_mode(options) && !refuseunknown)
     return 0;
   if (!server_mode(options) || !advertised_server_mode())
     return 0;
   me = router_get_my_routerinfo();
-  if (!me || (!me->dir_port && !refuseunknown))
-    return 0; /* if dirport not advertised, return 0 too */
+  if (!me || (!me->supports_tunnelled_dir_requests && !refuseunknown))
+    return 0; /* if we don't service directory requests, return 0 too */
   return 1;
 }
 
@@ -1205,21 +1126,24 @@ directory_fetches_dir_info_later(const or_options_t *options)
 }
 
 /** Return true iff we want to fetch and keep certificates for authorities
- * that we don't acknowledge as aurthorities ourself.
+ * that we don't acknowledge as authorities ourself.
  */
 int
 directory_caches_unknown_auth_certs(const or_options_t *options)
 {
-  return options->DirPort_set || options->BridgeRelay;
+  return dir_server_mode(options) || options->BridgeRelay;
 }
 
-/** Return 1 if we want to keep descriptors, networkstatuses, etc around
- * and we're willing to serve them to others. Else return 0.
+/** Return 1 if we want to keep descriptors, networkstatuses, etc around.
+ * Else return 0.
+ * Check options->DirPort_set and directory_permits_begindir_requests()
+ * to see if we are willing to serve these directory documents to others via
+ * the DirPort and begindir-over-ORPort, respectively.
  */
 int
 directory_caches_dir_info(const or_options_t *options)
 {
-  if (options->BridgeRelay || options->DirPort_set)
+  if (options->BridgeRelay || dir_server_mode(options))
     return 1;
   if (!server_mode(options) || !advertised_server_mode())
     return 0;
@@ -1235,7 +1159,7 @@ directory_caches_dir_info(const or_options_t *options)
 int
 directory_permits_begindir_requests(const or_options_t *options)
 {
-  return options->BridgeRelay != 0 || options->DirPort_set;
+  return options->BridgeRelay != 0 || dir_server_mode(options);
 }
 
 /** Return 1 if we have no need to fetch new descriptors. This generally
@@ -1312,7 +1236,7 @@ free_cached_dir_(void *_d)
 void
 dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
                                            const char *flavor_name,
-                                           const digests_t *digests,
+                                           const common_digests_t *digests,
                                            time_t published)
 {
   cached_dir_t *new_networkstatus;
@@ -1321,7 +1245,7 @@ dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
     cached_consensuses = strmap_new();
 
   new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
-  memcpy(&new_networkstatus->digests, digests, sizeof(digests_t));
+  memcpy(&new_networkstatus->digests, digests, sizeof(common_digests_t));
   old_networkstatus = strmap_set(cached_consensuses, flavor_name,
                                  new_networkstatus);
   if (old_networkstatus)
@@ -1384,7 +1308,7 @@ static uint32_t guard_bandwidth_excluding_exits_kb = 0;
 
 /** Helper: estimate the uptime of a router given its stated uptime and the
  * amount of time since it last stated its stated uptime. */
-static INLINE long
+static inline long
 real_uptime(const routerinfo_t *router, time_t now)
 {
   if (now < router->cache_info.published_on)
@@ -1432,8 +1356,10 @@ dirserv_thinks_router_is_unreliable(time_t now,
 }
 
 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
- * Right now this means it advertises support for it, it has a high
- * uptime, it has a DirPort open, and it's currently considered Running.
+ *
+ * Right now this means it advertises support for it, it has a high uptime,
+ * it's a directory cache, it has the Stable and Fast flags, and it's currently
+ * considered Running.
  *
  * This function needs to be called after router-\>is_running has
  * been set.
@@ -1459,16 +1385,11 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
   else
     uptime = real_uptime(router, now);
 
-  /* XXX We shouldn't need to check dir_port, but we do because of
-   * bug 1693. In the future, once relays set wants_to_be_hs_dir
-   * correctly, we can revert to only checking dir_port if router's
-   * version is too old. */
-  /* XXX Unfortunately, we need to keep checking dir_port until all
-   * *clients* suffering from bug 2722 are obsolete.  The first version
-   * to fix the bug was 0.2.2.25-alpha. */
-  return (router->wants_to_be_hs_dir && router->dir_port &&
+  return (router->wants_to_be_hs_dir &&
+          router->supports_tunnelled_dir_requests &&
+          node->is_stable && node->is_fast &&
           uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
-          node->is_running);
+          router_is_active(router, node, now));
 }
 
 /** Don't consider routers with less bandwidth than this when computing
@@ -1509,13 +1430,13 @@ router_counts_toward_thresholds(const node_t *node, time_t now,
  *
  * Also, set the is_exit flag of each router appropriately. */
 static void
-dirserv_compute_performance_thresholds(routerlist_t *rl,
-                                       digestmap_t *omit_as_sybil)
+dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
 {
   int n_active, n_active_nonexit, n_familiar;
   uint32_t *uptimes, *bandwidths_kb, *bandwidths_excluding_exits_kb;
   long *tks;
   double *mtbfs, *wfus;
+  smartlist_t *nodelist;
   time_t now = time(NULL);
   const or_options_t *options = get_options();
 
@@ -1533,27 +1454,28 @@ dirserv_compute_performance_thresholds(routerlist_t *rl,
   guard_tk = 0;
   guard_wfu = 0;
 
+  nodelist_assert_ok();
+  nodelist = nodelist_get_list();
+
   /* Initialize arrays that will hold values for each router.  We'll
    * sort them and use that to compute thresholds. */
   n_active = n_active_nonexit = 0;
   /* Uptime for every active router. */
-  uptimes = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
+  uptimes = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
   /* Bandwidth for every active router. */
-  bandwidths_kb = tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
+  bandwidths_kb = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
   /* Bandwidth for every active non-exit router. */
   bandwidths_excluding_exits_kb =
-    tor_malloc(sizeof(uint32_t)*smartlist_len(rl->routers));
+    tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
   /* Weighted mean time between failure for each active router. */
-  mtbfs = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
+  mtbfs = tor_calloc(smartlist_len(nodelist), sizeof(double));
   /* Time-known for each active router. */
-  tks = tor_malloc(sizeof(long)*smartlist_len(rl->routers));
+  tks = tor_calloc(smartlist_len(nodelist), sizeof(long));
   /* Weighted fractional uptime for each active router. */
-  wfus = tor_malloc(sizeof(double)*smartlist_len(rl->routers));
-
-  nodelist_assert_ok();
+  wfus = tor_calloc(smartlist_len(nodelist), sizeof(double));
 
   /* Now, fill in the arrays. */
-  SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
+  SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
     if (options->BridgeAuthoritativeDir &&
         node->ri &&
         node->ri->purpose != ROUTER_PURPOSE_BRIDGE)
@@ -1563,6 +1485,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl,
       routerinfo_t *ri = node->ri;
       const char *id = node->identity;
       uint32_t bw_kb;
+      /* resolve spurious clang shallow analysis null pointer errors */
+      tor_assert(ri);
       node->is_exit = (!router_exit_policy_rejects_all(ri) &&
                        exit_policy_is_general_exit(ri->exit_policy));
       uptimes[n_active] = (uint32_t)real_uptime(ri, now);
@@ -1586,9 +1510,10 @@ dirserv_compute_performance_thresholds(routerlist_t *rl,
     /* The 12.5th percentile bandwidth is fast. */
     fast_bandwidth_kb = find_nth_uint32(bandwidths_kb, n_active, n_active/8);
     /* (Now bandwidths is sorted.) */
-    if (fast_bandwidth_kb < ROUTER_REQUIRED_MIN_BANDWIDTH/(2 * 1000))
+    if (fast_bandwidth_kb < RELAY_REQUIRED_MIN_BANDWIDTH/(2 * 1000))
       fast_bandwidth_kb = bandwidths_kb[n_active/4];
-    guard_bandwidth_including_exits_kb = bandwidths_kb[n_active*3/4];
+    guard_bandwidth_including_exits_kb =
+      third_quartile_uint32(bandwidths_kb, n_active);
     guard_tk = find_nth_long(tks, n_active, n_active/8);
   }
 
@@ -1626,7 +1551,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl,
    * fill wfus with the wfu of every such "familiar" router. */
   n_familiar = 0;
 
-  SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
+  SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
       if (router_counts_toward_thresholds(node, now,
                                           omit_as_sybil, require_mbw)) {
         routerinfo_t *ri = node->ri;
@@ -1663,7 +1588,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl,
       (unsigned long)guard_tk,
       (unsigned long)guard_bandwidth_including_exits_kb,
       (unsigned long)guard_bandwidth_excluding_exits_kb,
-      enough_mtbf_info ? "" : " don't ");
+      enough_mtbf_info ? "" : " don't");
 
   tor_free(uptimes);
   tor_free(mtbfs);
@@ -1680,11 +1605,10 @@ dirserv_compute_performance_thresholds(routerlist_t *rl,
  * networkstatus_getinfo_by_purpose().
  */
 void
-dirserv_compute_bridge_flag_thresholds(routerlist_t *rl)
+dirserv_compute_bridge_flag_thresholds(void)
 {
-
   digestmap_t *omit_as_sybil = digestmap_new();
-  dirserv_compute_performance_thresholds(rl, omit_as_sybil);
+  dirserv_compute_performance_thresholds(omit_as_sybil);
   digestmap_free(omit_as_sybil, NULL);
 }
 
@@ -1837,16 +1761,13 @@ dirserv_get_bandwidth_for_router_kb(const routerinfo_t *ri)
  * how many measured bandwidths we know.  This is used to decide whether we
  * ever trust advertised bandwidths for purposes of assigning flags. */
 static void
-dirserv_count_measured_bws(routerlist_t *rl)
+dirserv_count_measured_bws(const smartlist_t *routers)
 {
   /* Initialize this first */
   routers_with_measured_bw = 0;
 
-  tor_assert(rl);
-  tor_assert(rl->routers);
-
   /* Iterate over the routerlist and count measured bandwidths */
-  SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, ri) {
+  SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
     /* Check if we know a measured bandwidth for this one */
     if (dirserv_has_measured_bw(ri->cache_info.identity_digest)) {
       ++routers_with_measured_bw;
@@ -1959,13 +1880,12 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
   char published[ISO_TIME_LEN+1];
   char identity64[BASE64_DIGEST_LEN+1];
   char digest64[BASE64_DIGEST_LEN+1];
-  smartlist_t *chunks = NULL;
+  smartlist_t *chunks = smartlist_new();
 
   format_iso_time(published, rs->published_on);
   digest_to_base64(identity64, rs->identity_digest);
   digest_to_base64(digest64, rs->descriptor_digest);
 
-  chunks = smartlist_new();
   smartlist_add_asprintf(chunks,
                    "r %s %s %s%s%s %s %d %d\n",
                    rs->nickname,
@@ -1996,20 +1916,17 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
     goto done;
 
   smartlist_add_asprintf(chunks,
-                   "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
+                   "s%s%s%s%s%s%s%s%s%s%s\n",
                   /* These must stay in alphabetical order. */
                    rs->is_authority?" Authority":"",
-                   rs->is_bad_directory?" BadDirectory":"",
                    rs->is_bad_exit?" BadExit":"",
                    rs->is_exit?" Exit":"",
                    rs->is_fast?" Fast":"",
                    rs->is_possible_guard?" Guard":"",
                    rs->is_hs_dir?" HSDir":"",
-                   rs->is_named?" Named":"",
                    rs->is_flagged_running?" Running":"",
                    rs->is_stable?" Stable":"",
-                   rs->is_unnamed?" Unnamed":"",
-                   (rs->dir_port!=0)?" V2Dir":"",
+                   rs->is_v2_dir?" V2Dir":"",
                    rs->is_valid?" Valid":"");
 
   /* length of "opt v \n" */
@@ -2077,6 +1994,13 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
       smartlist_add_asprintf(chunks,
                        " Measured=%d", vrs->measured_bw_kb);
     }
+    /* Write down guardfraction information if we have it. */
+    if (format == NS_V3_VOTE && vrs && vrs->status.has_guardfraction) {
+      smartlist_add_asprintf(chunks,
+                             " GuardFraction=%d",
+                             vrs->status.guardfraction_percentage);
+    }
+
     smartlist_add(chunks, tor_strdup("\n"));
 
     if (desc) {
@@ -2084,16 +2008,24 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
       smartlist_add_asprintf(chunks, "p %s\n", summary);
       tor_free(summary);
     }
+
+    if (format == NS_V3_VOTE && vrs) {
+      if (tor_mem_is_zero((char*)vrs->ed25519_id, ED25519_PUBKEY_LEN)) {
+        smartlist_add(chunks, tor_strdup("id ed25519 none\n"));
+      } else {
+        char ed_b64[BASE64_DIGEST256_LEN+1];
+        digest256_to_base64(ed_b64, (const char*)vrs->ed25519_id);
+        smartlist_add_asprintf(chunks, "id ed25519 %s\n", ed_b64);
+      }
+    }
   }
 
  done:
   result = smartlist_join_strings(chunks, "", 0, NULL);
 
  err:
-  if (chunks) {
-    SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
-    smartlist_free(chunks);
-  }
+  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
+  smartlist_free(chunks);
 
   return result;
 }
@@ -2199,78 +2131,52 @@ get_possible_sybil_list(const smartlist_t *routers)
   return omit_as_sybil;
 }
 
-/** Return non-zero iff a relay running the Tor version specified in
- * <b>platform</b> is suitable for use as a potential entry guard. */
-static int
-is_router_version_good_for_possible_guard(const char *platform)
+/** If there are entries in <b>routers</b> with exactly the same ed25519 keys,
+ * remove the older one.  If they are exactly the same age, remove the one
+ * with the greater descriptor digest. May alter the order of the list. */
+static void
+routers_make_ed_keys_unique(smartlist_t *routers)
 {
-  static int parsed_versions_initialized = 0;
-  static tor_version_t first_good_0_2_1_guard_version;
-  static tor_version_t first_good_0_2_2_guard_version;
-  static tor_version_t first_good_later_guard_version;
-
-  tor_version_t router_version;
-
-  /* XXX024 This block should be extracted into its own function. */
-  /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
-  {
-    char *s, *s2, *start;
-    char tmp[128];
-
-    tor_assert(platform);
-
-    /* nonstandard Tor; be safe and say yes */
-    if (strcmpstart(platform,"Tor "))
-      return 1;
-
-    start = (char *)eat_whitespace(platform+3);
-    if (!*start) return 0;
-    s = (char *)find_whitespace(start); /* also finds '\0', which is fine */
-    s2 = (char*)eat_whitespace(s);
-    if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-"))
-      s = (char*)find_whitespace(s2);
-
-    if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */
-      return 0;
-    strlcpy(tmp, start, s-start+1);
+  routerinfo_t *ri2;
+  digest256map_t *by_ed_key = digest256map_new();
 
-    if (tor_version_parse(tmp, &router_version)<0) {
-      log_info(LD_DIR,"Router version '%s' unparseable.",tmp);
-      return 1; /* be safe and say yes */
+  SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
+    ri->omit_from_vote = 0;
+    if (ri->cache_info.signing_key_cert == NULL)
+      continue; /* No ed key */
+    const uint8_t *pk = ri->cache_info.signing_key_cert->signing_key.pubkey;
+    if ((ri2 = digest256map_get(by_ed_key, pk))) {
+      /* Duplicate; must omit one.  Set the omit_from_vote flag in whichever
+       * one has the earlier published_on. */
+      const time_t ri_pub = ri->cache_info.published_on;
+      const time_t ri2_pub = ri2->cache_info.published_on;
+      if (ri2_pub < ri_pub ||
+          (ri2_pub == ri_pub &&
+           memcmp(ri->cache_info.signed_descriptor_digest,
+                  ri2->cache_info.signed_descriptor_digest,DIGEST_LEN)<0)) {
+        digest256map_set(by_ed_key, pk, ri);
+        ri2->omit_from_vote = 1;
+      } else {
+        ri->omit_from_vote = 1;
+      }
+    } else {
+      /* Add to map */
+      digest256map_set(by_ed_key, pk, ri);
     }
-  }
-  /* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */
-
-  if (!parsed_versions_initialized) {
-    /* CVE-2011-2769 was fixed on the relay side in Tor versions
-     * 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */
-    tor_assert(tor_version_parse("0.2.1.31",
-                                 &first_good_0_2_1_guard_version)>=0);
-    tor_assert(tor_version_parse("0.2.2.34",
-                                 &first_good_0_2_2_guard_version)>=0);
-    tor_assert(tor_version_parse("0.2.3.6-alpha",
-                                 &first_good_later_guard_version)>=0);
+  } SMARTLIST_FOREACH_END(ri);
 
-    /* Don't parse these constant version strings once for every relay
-     * for every vote. */
-    parsed_versions_initialized = 1;
-  }
+  digest256map_free(by_ed_key, NULL);
 
-  return ((tor_version_same_series(&first_good_0_2_1_guard_version,
-                                   &router_version) &&
-           tor_version_compare(&first_good_0_2_1_guard_version,
-                               &router_version) <= 0) ||
-          (tor_version_same_series(&first_good_0_2_2_guard_version,
-                                   &router_version) &&
-           tor_version_compare(&first_good_0_2_2_guard_version,
-                               &router_version) <= 0) ||
-          (tor_version_compare(&first_good_later_guard_version,
-                               &router_version) <= 0));
+  /* Now remove every router where the omit_from_vote flag got set. */
+  SMARTLIST_FOREACH_BEGIN(routers, const routerinfo_t *, ri) {
+    if (ri->omit_from_vote) {
+      SMARTLIST_DEL_CURRENT(routers, ri);
+    }
+  } SMARTLIST_FOREACH_END(ri);
 }
 
 /** Extract status information from <b>ri</b> and from other authority
- * functions and store it in <b>rs</b>>.  If <b>naming</b>, consider setting
- * the named flag in <b>rs</b>.
+ * functions and store it in <b>rs</b>>.
  *
  * We assume that ri-\>is_running has already been set, e.g. by
  *   dirserv_set_router_is_running(ri, now);
@@ -2280,8 +2186,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
                                  node_t *node,
                                  routerinfo_t *ri,
                                  time_t now,
-                                 int naming, int listbadexits,
-                                 int listbaddirs, int vote_on_hsdirs)
+                                 int listbadexits)
 {
   const or_options_t *options = get_options();
   uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri);
@@ -2294,27 +2199,18 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   /* Already set by compute_performance_thresholds. */
   rs->is_exit = node->is_exit;
   rs->is_stable = node->is_stable =
-    router_is_active(ri, node, now) &&
     !dirserv_thinks_router_is_unreliable(now, ri, 1, 0);
   rs->is_fast = node->is_fast =
-    router_is_active(ri, node, now) &&
     !dirserv_thinks_router_is_unreliable(now, ri, 0, 1);
   rs->is_flagged_running = node->is_running; /* computed above */
 
-  if (naming) {
-    uint32_t name_status = dirserv_get_name_status(
-                                              node->identity, ri->nickname);
-    rs->is_named = (naming && (name_status & FP_NAMED)) ? 1 : 0;
-    rs->is_unnamed = (naming && (name_status & FP_UNNAMED)) ? 1 : 0;
-  }
   rs->is_valid = node->is_valid;
 
   if (node->is_fast &&
       ((options->AuthDirGuardBWGuarantee &&
         routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) ||
        routerbw_kb >= MIN(guard_bandwidth_including_exits_kb,
-                       guard_bandwidth_excluding_exits_kb)) &&
-      is_router_version_good_for_possible_guard(ri->platform)) {
+                          guard_bandwidth_excluding_exits_kb))) {
     long tk = rep_hist_get_weighted_time_known(
                                       node->identity, now);
     double wfu = rep_hist_get_weighted_fractional_uptime(
@@ -2323,19 +2219,12 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   } else {
     rs->is_possible_guard = 0;
   }
-  if (options->TestingTorNetwork &&
-      routerset_contains_routerstatus(options->TestingDirAuthVoteGuard,
-                                      rs, 0)) {
-    rs->is_possible_guard = 1;
-  }
 
-  rs->is_bad_directory = listbaddirs && node->is_bad_directory;
   rs->is_bad_exit = listbadexits && node->is_bad_exit;
-  node->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, node, now);
-  rs->is_hs_dir = vote_on_hsdirs && node->is_hs_dir;
+  rs->is_hs_dir = node->is_hs_dir =
+    dirserv_thinks_router_is_hs_dir(ri, node, now);
 
-  if (!strcasecmp(ri->nickname, UNNAMED_ROUTER_NICKNAME))
-    rs->is_named = rs->is_unnamed = 0;
+  rs->is_named = rs->is_unnamed = 0;
 
   rs->published_on = ri->cache_info.published_on;
   memcpy(rs->identity_digest, node->identity, DIGEST_LEN);
@@ -2345,6 +2234,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname));
   rs->or_port = ri->or_port;
   rs->dir_port = ri->dir_port;
+  rs->is_v2_dir = ri->supports_tunnelled_dir_requests;
   if (options->AuthDirHasIPv6Connectivity == 1 &&
       !tor_addr_is_null(&ri->ipv6_addr) &&
       node->last_reachable6 >= now - REACHABLE_TIMEOUT) {
@@ -2353,6 +2243,43 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
     tor_addr_copy(&rs->ipv6_addr, &ri->ipv6_addr);
     rs->ipv6_orport = ri->ipv6_orport;
   }
+
+  if (options->TestingTorNetwork) {
+    dirserv_set_routerstatus_testing(rs);
+  }
+}
+
+/** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
+ * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
+ * respectively. But don't set the corresponding node flags.
+ * Should only be called if TestingTorNetwork is set. */
+STATIC void
+dirserv_set_routerstatus_testing(routerstatus_t *rs)
+{
+  const or_options_t *options = get_options();
+
+  tor_assert(options->TestingTorNetwork);
+
+  if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit,
+                                      rs, 0)) {
+    rs->is_exit = 1;
+  } else if (options->TestingDirAuthVoteExitIsStrict) {
+    rs->is_exit = 0;
+  }
+
+  if (routerset_contains_routerstatus(options->TestingDirAuthVoteGuard,
+                                      rs, 0)) {
+    rs->is_possible_guard = 1;
+  } else if (options->TestingDirAuthVoteGuardIsStrict) {
+    rs->is_possible_guard = 0;
+  }
+
+  if (routerset_contains_routerstatus(options->TestingDirAuthVoteHSDir,
+                                      rs, 0)) {
+    rs->is_hs_dir = 1;
+  } else if (options->TestingDirAuthVoteHSDirIsStrict) {
+    rs->is_hs_dir = 0;
+  }
 }
 
 /** Routerstatus <b>rs</b> is part of a group of routers that are on
@@ -2364,13 +2291,325 @@ clear_status_flags_on_sybil(routerstatus_t *rs)
 {
   rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
     rs->is_flagged_running = rs->is_named = rs->is_valid =
-    rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit =
-    rs->is_bad_directory = 0;
+    rs->is_hs_dir = rs->is_possible_guard = rs->is_bad_exit = 0;
   /* FFFF we might want some mechanism to check later on if we
    * missed zeroing any flags: it's easy to add a new flag but
    * forget to add it to this clause. */
 }
 
+/** The guardfraction of the guard with identity fingerprint <b>guard_id</b>
+ *  is <b>guardfraction_percentage</b>. See if we have a vote routerstatus for
+ *  this guard in <b>vote_routerstatuses</b>, and if we do, register the
+ *  information to it.
+ *
+ *  Return 1 if we applied the information and 0 if we couldn't find a
+ *  matching guard.
+ *
+ * Requires that <b>vote_routerstatuses</b> be sorted.
+ */
+static int
+guardfraction_line_apply(const char *guard_id,
+                      uint32_t guardfraction_percentage,
+                      smartlist_t *vote_routerstatuses)
+{
+  vote_routerstatus_t *vrs = NULL;
+
+  tor_assert(vote_routerstatuses);
+
+  vrs = smartlist_bsearch(vote_routerstatuses, guard_id,
+                         compare_digest_to_vote_routerstatus_entry);
+
+  if (!vrs) {
+    return 0;
+  }
+
+  vrs->status.has_guardfraction = 1;
+  vrs->status.guardfraction_percentage = guardfraction_percentage;
+
+  return 1;
+}
+
+/* Given a guard line from a guardfraction file, parse it and register
+ * its information to <b>vote_routerstatuses</b>.
+ *
+ * Return:
+ * * 1 if the line was proper and its information got registered.
+ * * 0 if the line was proper but no currently active guard was found
+ *     to register the guardfraction information to.
+ * * -1 if the line could not be parsed and set <b>err_msg</b> to a
+      newly allocated string containing the error message.
+ */
+static int
+guardfraction_file_parse_guard_line(const char *guard_line,
+                                    smartlist_t *vote_routerstatuses,
+                                    char **err_msg)
+{
+  char guard_id[DIGEST_LEN];
+  uint32_t guardfraction;
+  char *inputs_tmp = NULL;
+  int num_ok = 1;
+
+  smartlist_t *sl = smartlist_new();
+  int retval = -1;
+
+  tor_assert(err_msg);
+
+  /* guard_line should contain something like this:
+     <hex digest> <guardfraction> <appearances> */
+  smartlist_split_string(sl, guard_line, " ",
+                         SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
+  if (smartlist_len(sl) < 3) {
+    tor_asprintf(err_msg, "bad line '%s'", guard_line);
+    goto done;
+  }
+
+  inputs_tmp = smartlist_get(sl, 0);
+  if (strlen(inputs_tmp) != HEX_DIGEST_LEN ||
+      base16_decode(guard_id, DIGEST_LEN, inputs_tmp, HEX_DIGEST_LEN)) {
+    tor_asprintf(err_msg, "bad digest '%s'", inputs_tmp);
+    goto done;
+  }
+
+  inputs_tmp = smartlist_get(sl, 1);
+  /* Guardfraction is an integer in [0, 100]. */
+  guardfraction =
+    (uint32_t) tor_parse_long(inputs_tmp, 10, 0, 100, &num_ok, NULL);
+  if (!num_ok) {
+    tor_asprintf(err_msg, "wrong percentage '%s'", inputs_tmp);
+    goto done;
+  }
+
+  /* If routerstatuses were provided, apply this info to actual routers. */
+  if (vote_routerstatuses) {
+    retval = guardfraction_line_apply(guard_id, guardfraction,
+                                      vote_routerstatuses);
+  } else {
+    retval = 0; /* If we got this far, line was correctly formatted. */
+  }
+
+ done:
+
+  SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
+  smartlist_free(sl);
+
+  return retval;
+}
+
+/** Given an inputs line from a guardfraction file, parse it and
+ *  register its information to <b>total_consensuses</b> and
+ *  <b>total_days</b>.
+ *
+ *  Return 0 if it parsed well. Return -1 if there was an error, and
+ *  set <b>err_msg</b> to a newly allocated string containing the
+ *  error message.
+ */
+static int
+guardfraction_file_parse_inputs_line(const char *inputs_line,
+                                     int *total_consensuses,
+                                     int *total_days,
+                                     char **err_msg)
+{
+  int retval = -1;
+  char *inputs_tmp = NULL;
+  int num_ok = 1;
+  smartlist_t *sl = smartlist_new();
+
+  tor_assert(err_msg);
+
+  /* Second line is inputs information:
+   *   n-inputs <total_consensuses> <total_days>. */
+  smartlist_split_string(sl, inputs_line, " ",
+                         SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
+  if (smartlist_len(sl) < 2) {
+    tor_asprintf(err_msg, "incomplete line '%s'", inputs_line);
+    goto done;
+  }
+
+  inputs_tmp = smartlist_get(sl, 0);
+  *total_consensuses =
+    (int) tor_parse_long(inputs_tmp, 10, 0, INT_MAX, &num_ok, NULL);
+  if (!num_ok) {
+    tor_asprintf(err_msg, "unparseable consensus '%s'", inputs_tmp);
+    goto done;
+  }
+
+  inputs_tmp = smartlist_get(sl, 1);
+  *total_days =
+    (int) tor_parse_long(inputs_tmp, 10, 0, INT_MAX, &num_ok, NULL);
+  if (!num_ok) {
+    tor_asprintf(err_msg, "unparseable days '%s'", inputs_tmp);
+    goto done;
+  }
+
+  retval = 0;
+
+ done:
+  SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
+  smartlist_free(sl);
+
+  return retval;
+}
+
+/* Maximum age of a guardfraction file that we are willing to accept. */
+#define MAX_GUARDFRACTION_FILE_AGE (7*24*60*60) /* approx a week */
+
+/** Static strings of guardfraction files. */
+#define GUARDFRACTION_DATE_STR "written-at"
+#define GUARDFRACTION_INPUTS "n-inputs"
+#define GUARDFRACTION_GUARD "guard-seen"
+#define GUARDFRACTION_VERSION "guardfraction-file-version"
+
+/** Given a guardfraction file in a string, parse it and register the
+ *  guardfraction information to the provided vote routerstatuses.
+ *
+ *  This is the rough format of the guardfraction file:
+ *
+ *      guardfraction-file-version 1
+ *      written-at <date and time>
+ *      n-inputs <number of consesuses parsed> <number of days considered>
+ *
+ *      guard-seen <fpr 1> <guardfraction percentage> <consensus appearances>
+ *      guard-seen <fpr 2> <guardfraction percentage> <consensus appearances>
+ *      guard-seen <fpr 3> <guardfraction percentage> <consensus appearances>
+ *      guard-seen <fpr 4> <guardfraction percentage> <consensus appearances>
+ *      guard-seen <fpr 5> <guardfraction percentage> <consensus appearances>
+ *      ...
+ *
+ *  Return -1 if the parsing failed and 0 if it went smoothly. Parsing
+ *  should tolerate errors in all lines but the written-at header.
+ */
+STATIC int
+dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str,
+                                      smartlist_t *vote_routerstatuses)
+{
+  config_line_t *front=NULL, *line;
+  int ret_tmp;
+  int retval = -1;
+  int current_line_n = 0; /* line counter for better log messages */
+
+  /* Guardfraction info to be parsed */
+  int total_consensuses = 0;
+  int total_days = 0;
+
+  /* Stats */
+  int guards_read_n = 0;
+  int guards_applied_n = 0;
+
+  /* Parse file and split it in lines */
+  ret_tmp = config_get_lines(guardfraction_file_str, &front, 0);
+  if (ret_tmp < 0) {
+    log_warn(LD_CONFIG, "Error reading from guardfraction file");
+    goto done;
+  }
+
+  /* Sort routerstatuses (needed later when applying guardfraction info) */
+  if (vote_routerstatuses)
+    smartlist_sort(vote_routerstatuses, compare_vote_routerstatus_entries);
+
+  for (line = front; line; line=line->next) {
+    current_line_n++;
+
+    if (!strcmp(line->key, GUARDFRACTION_VERSION)) {
+      int num_ok = 1;
+      unsigned int version;
+
+      version =
+        (unsigned int) tor_parse_long(line->value,
+                                      10, 0, INT_MAX, &num_ok, NULL);
+
+      if (!num_ok || version != 1) {
+        log_warn(LD_GENERAL, "Got unknown guardfraction version %d.", version);
+        goto done;
+      }
+    } else if (!strcmp(line->key, GUARDFRACTION_DATE_STR)) {
+      time_t file_written_at;
+      time_t now = time(NULL);
+
+      /* First line is 'written-at <date>' */
+      if (parse_iso_time(line->value, &file_written_at) < 0) {
+        log_warn(LD_CONFIG, "Guardfraction:%d: Bad date '%s'. Ignoring",
+                 current_line_n, line->value);
+        goto done; /* don't tolerate failure here. */
+      }
+      if (file_written_at < now - MAX_GUARDFRACTION_FILE_AGE) {
+        log_warn(LD_CONFIG, "Guardfraction:%d: was written very long ago '%s'",
+                 current_line_n, line->value);
+        goto done; /* don't tolerate failure here. */
+      }
+    } else if (!strcmp(line->key, GUARDFRACTION_INPUTS)) {
+      char *err_msg = NULL;
+
+      if (guardfraction_file_parse_inputs_line(line->value,
+                                               &total_consensuses,
+                                               &total_days,
+                                               &err_msg) < 0) {
+        log_warn(LD_CONFIG, "Guardfraction:%d: %s",
+                 current_line_n, err_msg);
+        tor_free(err_msg);
+        continue;
+      }
+
+    } else if (!strcmp(line->key, GUARDFRACTION_GUARD)) {
+      char *err_msg = NULL;
+
+      ret_tmp = guardfraction_file_parse_guard_line(line->value,
+                                                    vote_routerstatuses,
+                                                    &err_msg);
+      if (ret_tmp < 0) { /* failed while parsing the guard line */
+        log_warn(LD_CONFIG, "Guardfraction:%d: %s",
+                 current_line_n, err_msg);
+        tor_free(err_msg);
+        continue;
+      }
+
+      /* Successfully parsed guard line. Check if it was applied properly. */
+      guards_read_n++;
+      if (ret_tmp > 0) {
+        guards_applied_n++;
+      }
+    } else {
+      log_warn(LD_CONFIG, "Unknown guardfraction line %d (%s %s)",
+               current_line_n, line->key, line->value);
+    }
+  }
+
+  retval = 0;
+
+  log_info(LD_CONFIG,
+           "Successfully parsed guardfraction file with %d consensuses over "
+           "%d days. Parsed %d nodes and applied %d of them%s.",
+           total_consensuses, total_days, guards_read_n, guards_applied_n,
+           vote_routerstatuses ? "" : " (no routerstatus provided)" );
+
+ done:
+  config_free_lines(front);
+
+  if (retval < 0) {
+    return retval;
+  } else {
+    return guards_read_n;
+  }
+}
+
+/** Read a guardfraction file at <b>fname</b> and load all its
+ *  information to <b>vote_routerstatuses</b>. */
+int
+dirserv_read_guardfraction_file(const char *fname,
+                             smartlist_t *vote_routerstatuses)
+{
+  char *guardfraction_file_str;
+
+  /* Read file to a string */
+  guardfraction_file_str = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
+  if (!guardfraction_file_str) {
+      log_warn(LD_FS, "Cannot open guardfraction file '%s'. Failing.", fname);
+      return -1;
+  }
+
+  return dirserv_read_guardfraction_file_from_str(guardfraction_file_str,
+                                               vote_routerstatuses);
+}
+
 /**
  * Helper function to parse out a line in the measured bandwidth file
  * into a measured_bw_line_t output structure. Returns -1 on failure
@@ -2563,10 +2802,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
   smartlist_t *routers, *routerstatuses;
   char identity_digest[DIGEST_LEN];
   char signing_key_digest[DIGEST_LEN];
-  int naming = options->NamingAuthoritativeDir;
   int listbadexits = options->AuthDirListBadExits;
-  int listbaddirs = options->AuthDirListBadDirs;
-  int vote_on_hsdirs = options->VoteOnHidServDirectoriesV2;
   routerlist_t *rl = router_get_routerlist();
   time_t now = time(NULL);
   time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
@@ -2629,6 +2865,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
 
   routers = smartlist_new();
   smartlist_add_all(routers, rl->routers);
+  routers_make_ed_keys_unique(routers);
+  /* After this point, don't use rl->routers; use 'routers' instead. */
   routers_sort_by_identity(routers);
   omit_as_sybil = get_possible_sybil_list(routers);
 
@@ -2639,9 +2877,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
 
   /* Count how many have measured bandwidths so we know how to assign flags;
    * this must come before dirserv_compute_performance_thresholds() */
-  dirserv_count_measured_bws(rl);
+  dirserv_count_measured_bws(routers);
 
-  dirserv_compute_performance_thresholds(rl, omit_as_sybil);
+  dirserv_compute_performance_thresholds(omit_as_sybil);
 
   routerstatuses = smartlist_new();
   microdescriptors = smartlist_new();
@@ -2657,8 +2895,13 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       set_routerstatus_from_routerinfo(rs, node, ri, now,
-                                       naming, listbadexits, listbaddirs,
-                                       vote_on_hsdirs);
+                                       listbadexits);
+
+      if (ri->cache_info.signing_key_cert) {
+        memcpy(vrs->ed25519_id,
+               ri->cache_info.signing_key_cert->signing_key.pubkey,
+               ED25519_PUBKEY_LEN);
+      }
 
       if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
         clear_status_flags_on_sybil(rs);
@@ -2685,6 +2928,12 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
   smartlist_free(routers);
   digestmap_free(omit_as_sybil, NULL);
 
+  /* Apply guardfraction information to routerstatuses. */
+  if (options->GuardfractionFile) {
+    dirserv_read_guardfraction_file(options->GuardfractionFile,
+                                    routerstatuses);
+  }
+
   /* This pass through applies the measured bw lines to the routerstatuses */
   if (options->V3BandwidthsFile) {
     dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
@@ -2733,22 +2982,23 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
 
   v3_out->client_versions = client_versions;
   v3_out->server_versions = server_versions;
+  v3_out->package_lines = smartlist_new();
+  {
+    config_line_t *cl;
+    for (cl = get_options()->RecommendedPackages; cl; cl = cl->next) {
+      if (validate_recommended_package_line(cl->value))
+        smartlist_add(v3_out->package_lines, tor_strdup(cl->value));
+    }
+  }
+
   v3_out->known_flags = smartlist_new();
   smartlist_split_string(v3_out->known_flags,
-                "Authority Exit Fast Guard Stable V2Dir Valid",
+                "Authority Exit Fast Guard Stable V2Dir Valid HSDir",
                 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   if (vote_on_reachability)
     smartlist_add(v3_out->known_flags, tor_strdup("Running"));
-  if (listbaddirs)
-    smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
   if (listbadexits)
     smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
-  if (naming) {
-    smartlist_add(v3_out->known_flags, tor_strdup("Named"));
-    smartlist_add(v3_out->known_flags, tor_strdup("Unnamed"));
-  }
-  if (vote_on_hsdirs)
-    smartlist_add(v3_out->known_flags, tor_strdup("HSDir"));
   smartlist_sort_strings(v3_out->known_flags);
 
   if (options->ConsensusParams) {
@@ -2903,7 +3153,7 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
                                          DSR_HEX|DSR_SORT_UNIQ);
     SMARTLIST_FOREACH_BEGIN(digests, const char *, d) {
          if (router_digest_is_me(d)) {
-           /* make sure desc_routerinfo exists */
+           /* calling router_get_my_routerinfo() to make sure it exists */
            const routerinfo_t *ri = router_get_my_routerinfo();
            if (ri)
              smartlist_add(descs_out, (void*) &(ri->cache_info));
@@ -2935,7 +3185,7 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
  * router listening at <b>address</b>:<b>or_port</b>, and has yielded
  * a certificate with digest <b>digest_rcvd</b>.
  *
- * Inform the reachability checker that we could get to this guy.
+ * Inform the reachability checker that we could get to this relay.
  */
 void
 dirserv_orconn_tls_done(const tor_addr_t *addr,
@@ -3431,7 +3681,7 @@ connection_dirserv_add_networkstatus_bytes_to_outbuf(dir_connection_t *conn)
         if (uncompressing && ! conn->zlib_state &&
             conn->fingerprint_stack &&
             smartlist_len(conn->fingerprint_stack)) {
-          conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
+          conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD, HIGH_COMPRESSION);
         }
       }
       if (r) return r;
@@ -3484,6 +3734,82 @@ connection_dirserv_flushed_some(dir_connection_t *conn)
   }
 }
 
+/** Return true iff <b>line</b> is a valid RecommendedPackages line.
+ */
+/*
+  The grammar is:
+
+    "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
+
+      PACKAGENAME = NONSPACE
+      VERSION = NONSPACE
+      URL = NONSPACE
+      DIGESTS = DIGEST | DIGESTS SP DIGEST
+      DIGEST = DIGESTTYPE "=" DIGESTVAL
+
+      NONSPACE = one or more non-space printing characters
+
+      DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
+
+      SP = " "
+      NL = a newline
+
+ */
+int
+validate_recommended_package_line(const char *line)
+{
+  const char *cp = line;
+
+#define WORD()                                  \
+  do {                                          \
+    if (*cp == ' ')                             \
+      return 0;                                 \
+    cp = strchr(cp, ' ');                       \
+    if (!cp)                                    \
+      return 0;                                 \
+  } while (0)
+
+  WORD(); /* skip packagename */
+  ++cp;
+  WORD(); /* skip version */
+  ++cp;
+  WORD(); /* Skip URL */
+  ++cp;
+
+  /* Skip digesttype=digestval + */
+  int n_entries = 0;
+  while (1) {
+    const char *start_of_word = cp;
+    const char *end_of_word = strchr(cp, ' ');
+    if (! end_of_word)
+      end_of_word = cp + strlen(cp);
+
+    if (start_of_word == end_of_word)
+      return 0;
+
+    const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
+
+    if (!eq)
+      return 0;
+    if (eq == start_of_word)
+      return 0;
+    if (eq == end_of_word - 1)
+      return 0;
+    if (memchr(eq+1, '=', end_of_word - (eq+1)))
+      return 0;
+
+    ++n_entries;
+    if (0 == *end_of_word)
+      break;
+
+    cp = end_of_word + 1;
+  }
+
+  /* If we reach this point, we have at least 1 entry. */
+  tor_assert(n_entries > 0);
+  return 1;
+}
+
 /** Release all storage used by the directory server. */
 void
 dirserv_free_all(void)
diff --git a/src/or/dirserv.h b/src/or/dirserv.h
index 858e6e3a07..9a9725ad6f 100644
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -34,10 +34,9 @@
 
 int connection_dirserv_flushed_some(dir_connection_t *conn);
 
-int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_t *pk);
+int dirserv_add_own_fingerprint(crypto_pk_t *pk);
 int dirserv_load_fingerprint_file(void);
 void dirserv_free_fingerprint_list(void);
-const char *dirserv_get_nickname_by_digest(const char *digest);
 enum was_router_added_t dirserv_add_multiple_descriptors(
                                      const char *desc, uint8_t purpose,
                                      const char *source,
@@ -51,7 +50,7 @@ int list_server_status_v1(smartlist_t *routers, char **router_status_out,
 int dirserv_dump_directory_to_string(char **dir_out,
                                      crypto_pk_t *private_key);
 char *dirserv_get_flag_thresholds_line(void);
-void dirserv_compute_bridge_flag_thresholds(routerlist_t *rl);
+void dirserv_compute_bridge_flag_thresholds(void);
 
 int directory_fetches_from_authorities(const or_options_t *options);
 int directory_fetches_dir_info_early(const or_options_t *options);
@@ -64,9 +63,9 @@ int directory_too_idle_to_fetch_descriptors(const or_options_t *options,
 
 cached_dir_t *dirserv_get_consensus(const char *flavor_name);
 void dirserv_set_cached_consensus_networkstatus(const char *consensus,
-                                                const char *flavor_name,
-                                                const digests_t *digests,
-                                                time_t published);
+                                              const char *flavor_name,
+                                              const common_digests_t *digests,
+                                              time_t published);
 void dirserv_clear_old_networkstatuses(time_t cutoff);
 int dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
                                         const char **msg,
@@ -85,7 +84,8 @@ int authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
                                    int complain,
                                    int *valid_out);
 uint32_t dirserv_router_get_status(const routerinfo_t *router,
-                                   const char **msg);
+                                   const char **msg,
+                                   int severity);
 void dirserv_set_node_flags_from_authoritative_status(node_t *node,
                                                       uint32_t authstatus);
 
@@ -105,8 +105,12 @@ void dirserv_free_all(void);
 void cached_dir_decref(cached_dir_t *d);
 cached_dir_t *new_cached_dir(char *s, time_t published);
 
+int validate_recommended_package_line(const char *line);
+
 #ifdef DIRSERV_PRIVATE
 
+STATIC void dirserv_set_routerstatus_testing(routerstatus_t *rs);
+
 /* Put the MAX_MEASUREMENT_AGE #define here so unit tests can see it */
 #define MAX_MEASUREMENT_AGE (3*24*60*60) /* 3 days */
 
@@ -124,10 +128,17 @@ STATIC int dirserv_query_measured_bw_cache_kb(const char *node_id,
                                               long *bw_out,
                                               time_t *as_of_out);
 STATIC int dirserv_has_measured_bw(const char *node_id);
+
+STATIC int
+dirserv_read_guardfraction_file_from_str(const char *guardfraction_file_str,
+                                      smartlist_t *vote_routerstatuses);
 #endif
 
 int dirserv_read_measured_bandwidths(const char *from_file,
                                      smartlist_t *routerstatuses);
 
+int dirserv_read_guardfraction_file(const char *fname,
+                                 smartlist_t *vote_routerstatuses);
+
 #endif
 
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 137d6c1a8c..62f85877fe 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -1,11 +1,12 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define DIRVOTE_PRIVATE
 #include "or.h"
 #include "config.h"
+#include "dircollate.h"
 #include "directory.h"
 #include "dirserv.h"
 #include "dirvote.h"
@@ -16,6 +17,8 @@
 #include "router.h"
 #include "routerlist.h"
 #include "routerparse.h"
+#include "entrynodes.h" /* needed for guardfraction methods */
+#include "torcert.h"
 
 /**
  * \file dirvote.c
@@ -51,7 +54,6 @@ static int dirvote_perform_vote(void);
 static void dirvote_clear_votes(int all_votes);
 static int dirvote_compute_consensuses(void);
 static int dirvote_publish_consensus(void);
-static char *make_consensus_method_list(int low, int high, const char *sep);
 
 /* =====
  * Voting
@@ -64,8 +66,9 @@ STATIC char *
 format_networkstatus_vote(crypto_pk_t *private_signing_key,
                           networkstatus_t *v3_ns)
 {
-  smartlist_t *chunks;
+  smartlist_t *chunks = smartlist_new();
   const char *client_versions = NULL, *server_versions = NULL;
+  char *packages = NULL;
   char fingerprint[FINGERPRINT_LEN+1];
   char digest[DIGEST_LEN];
   uint32_t addr;
@@ -98,7 +101,18 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
     server_versions_line = tor_strdup("");
   }
 
-  chunks = smartlist_new();
+  if (v3_ns->package_lines) {
+    smartlist_t *tmp = smartlist_new();
+    SMARTLIST_FOREACH(v3_ns->package_lines, const char *, p,
+                      if (validate_recommended_package_line(p))
+                        smartlist_add_asprintf(tmp, "package %s\n", p));
+    packages = smartlist_join_strings(tmp, "", 0, NULL);
+    SMARTLIST_FOREACH(tmp, char *, cp, tor_free(cp));
+    smartlist_free(tmp);
+  } else {
+    packages = tor_strdup("");
+  }
+
   {
     char published[ISO_TIME_LEN+1];
     char va[ISO_TIME_LEN+1];
@@ -110,7 +124,8 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
     char *params;
     authority_cert_t *cert = v3_ns->cert;
     char *methods =
-      make_consensus_method_list(1, MAX_SUPPORTED_CONSENSUS_METHOD, " ");
+      make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD,
+                                 MAX_SUPPORTED_CONSENSUS_METHOD, " ");
     format_iso_time(published, v3_ns->published);
     format_iso_time(va, v3_ns->valid_after);
     format_iso_time(fu, v3_ns->fresh_until);
@@ -132,6 +147,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
                  "valid-until %s\n"
                  "voting-delay %d %d\n"
                  "%s%s" /* versions */
+                 "%s" /* packages */
                  "known-flags %s\n"
                  "flag-thresholds %s\n"
                  "params %s\n"
@@ -143,6 +159,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
                  v3_ns->vote_seconds, v3_ns->dist_seconds,
                  client_versions_line,
                  server_versions_line,
+                 packages,
                  flags,
                  flag_thresholds,
                  params,
@@ -230,10 +247,10 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
  done:
   tor_free(client_versions_line);
   tor_free(server_versions_line);
-  if (chunks) {
-    SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
-    smartlist_free(chunks);
-  }
+  tor_free(packages);
+
+  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
+  smartlist_free(chunks);
   return status;
 }
 
@@ -458,10 +475,9 @@ compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
     smartlist_free(alt_orports);
   }
 
-  if (consensus_method >= MIN_METHOD_FOR_MICRODESC &&
-      microdesc_digest256_out) {
+  if (microdesc_digest256_out) {
     smartlist_t *digests = smartlist_new();
-    const char *best_microdesc_digest;
+    const uint8_t *best_microdesc_digest;
     SMARTLIST_FOREACH_BEGIN(votes, vote_routerstatus_t *, rs) {
         char d[DIGEST256_LEN];
         if (compare_vote_rs(rs, most))
@@ -541,12 +557,20 @@ compute_consensus_method(smartlist_t *votes)
 static int
 consensus_method_is_supported(int method)
 {
-  return (method >= 1) && (method <= MAX_SUPPORTED_CONSENSUS_METHOD);
+  if (method == MIN_METHOD_FOR_ED25519_ID_IN_MD) {
+    /* This method was broken due to buggy code accidently left in
+     * dircollate.c; do not actually use it.
+     */
+    return 0;
+  }
+
+  return (method >= MIN_SUPPORTED_CONSENSUS_METHOD) &&
+    (method <= MAX_SUPPORTED_CONSENSUS_METHOD);
 }
 
 /** Return a newly allocated string holding the numbers between low and high
  * (inclusive) that are supported consensus methods. */
-static char *
+STATIC char *
 make_consensus_method_list(int low, int high, const char *separator)
 {
   char *list;
@@ -605,13 +629,14 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
   const int n_votes = smartlist_len(votes);
   smartlist_t *output;
   smartlist_t *param_list = smartlist_new();
+  (void) method;
 
   /* We require that the parameter lists in the votes are well-formed: that
      is, that their keywords are unique and sorted, and that their values are
      between INT32_MIN and INT32_MAX inclusive.  This should be guaranteed by
      the parsing code. */
 
-  vals = tor_malloc(sizeof(int)*n_votes);
+  vals = tor_calloc(n_votes, sizeof(int));
 
   SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
     if (!v->net_params)
@@ -647,12 +672,13 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
       next_param = NULL;
     else
       next_param = smartlist_get(param_list, param_sl_idx+1);
+    /* resolve spurious clang shallow analysis null pointer errors */
+    tor_assert(param);
     if (!next_param || strncmp(next_param, param, cur_param_len)) {
       /* We've reached the end of a series. */
       /* Make sure enough authorities voted on this param, unless the
        * the consensus method we use is too old for that. */
-      if (method < MIN_METHOD_FOR_MAJORITY_PARAMS ||
-          i > total_authorities/2 ||
+      if (i > total_authorities/2 ||
           i >= MIN_VOTES_FOR_PARAM) {
         int32_t median = median_int32(vals, i);
         char *out_string = tor_malloc(64+cur_param_len);
@@ -1005,299 +1031,87 @@ networkstatus_compute_bw_weights_v10(smartlist_t *chunks, int64_t G,
              I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
   return 1;
 }
-/**
- * This function computes the bandwidth weights for consensus method 9.
- *
- * It has been obsoleted in favor of consensus method 10.
- */
+
+/** Update total bandwidth weights (G/M/E/D/T) with the bandwidth of
+ *  the router in <b>rs</b>. */
 static void
-networkstatus_compute_bw_weights_v9(smartlist_t *chunks, int64_t G, int64_t M,
-                              int64_t E, int64_t D, int64_t T,
-                              int64_t weight_scale)
+update_total_bandwidth_weights(const routerstatus_t *rs,
+                               int is_exit, int is_guard,
+                               int64_t *G, int64_t *M, int64_t *E, int64_t *D,
+                               int64_t *T)
 {
-  int64_t Wgg = -1, Wgd = -1;
-  int64_t Wmg = -1, Wme = -1, Wmd = -1;
-  int64_t Wed = -1, Wee = -1;
-  const char *casename;
+  int default_bandwidth = rs->bandwidth_kb;
+  int guardfraction_bandwidth = 0;
 
-  if (G <= 0 || M <= 0 || E <= 0 || D <= 0) {
-    log_warn(LD_DIR, "Consensus with empty bandwidth: "
-                     "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT
-                     " D="I64_FORMAT" T="I64_FORMAT,
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
+  if (!rs->has_bandwidth) {
+    log_info(LD_BUG, "Missing consensus bandwidth for router %s",
+             rs->nickname);
     return;
   }
 
-  /*
-   * Computed from cases in 3.4.3 of dir-spec.txt
+  /* If this routerstatus represents a guard that we have
+   * guardfraction information on, use it to calculate its actual
+   * bandwidth. From proposal236:
    *
-   * 1. Neither are scarce
-   * 2. Both Guard and Exit are scarce
-   *    a. R+D <= S
-   *    b. R+D > S
-   * 3. One of Guard or Exit is scarce
-   *    a. S+D < T/3
-   *    b. S+D >= T/3
+   *    Similarly, when calculating the bandwidth-weights line as in
+   *    section 3.8.3 of dir-spec.txt, directory authorities should treat N
+   *    as if fraction F of its bandwidth has the guard flag and (1-F) does
+   *    not.  So when computing the totals G,M,E,D, each relay N with guard
+   *    visibility fraction F and bandwidth B should be added as follows:
+   *
+   *    G' = G + F*B, if N does not have the exit flag
+   *    M' = M + (1-F)*B, if N does not have the exit flag
+   *
+   *    or
+   *
+   *    D' = D + F*B, if N has the exit flag
+   *    E' = E + (1-F)*B, if N has the exit flag
+   *
+   * In this block of code, we prepare the bandwidth values by setting
+   * the default_bandwidth to F*B and guardfraction_bandwidth to (1-F)*B.
    */
-  if (3*E >= T && 3*G >= T) { // E >= T/3 && G >= T/3
-    bw_weights_error_t berr = 0;
-    /* Case 1: Neither are scarce.
-     *
-     * Attempt to ensure that we have a large amount of exit bandwidth
-     * in the middle position.
-     */
-    casename = "Case 1 (Wme*E = Wmd*D)";
-    Wgg = (weight_scale*(D+E+G+M))/(3*G);
-    if (D==0) Wmd = 0;
-    else Wmd = (weight_scale*(2*D + 2*E - G - M))/(6*D);
-    Wme = (weight_scale*(2*D + 2*E - G - M))/(6*E);
-    Wee = (weight_scale*(-2*D + 4*E + G + M))/(6*E);
-    Wgd = 0;
-    Wmg = weight_scale - Wgg;
-    Wed = weight_scale - Wmd;
+  if (rs->has_guardfraction) {
+    guardfraction_bandwidth_t guardfraction_bw;
 
-    berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
-                                       weight_scale, G, M, E, D, T, 10, 1);
+    tor_assert(is_guard);
 
-    if (berr) {
-      log_warn(LD_DIR, "Bw Weights error %d for case %s. "
-                       "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT
-                       " D="I64_FORMAT" T="I64_FORMAT,
-               berr, casename,
-               I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-               I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    }
-  } else if (3*E < T && 3*G < T) { // E < T/3 && G < T/3
-    int64_t R = MIN(E, G);
-    int64_t S = MAX(E, G);
-    /*
-     * Case 2: Both Guards and Exits are scarce
-     * Balance D between E and G, depending upon
-     * D capacity and scarcity.
-     */
-    if (R+D < S) { // Subcase a
-      Wgg = weight_scale;
-      Wee = weight_scale;
-      Wmg = 0;
-      Wme = 0;
-      Wmd = 0;
-      if (E < G) {
-        casename = "Case 2a (E scarce)";
-        Wed = weight_scale;
-        Wgd = 0;
-      } else { /* E >= G */
-        casename = "Case 2a (G scarce)";
-        Wed = 0;
-        Wgd = weight_scale;
-      }
-    } else { // Subcase b: R+D > S
-      bw_weights_error_t berr = 0;
-      casename = "Case 2b (Wme*E == Wmd*D)";
-      if (D != 0) {
-        Wgg = weight_scale;
-        Wgd = (weight_scale*(D + E - 2*G + M))/(3*D); // T/3 >= G (Ok)
-        Wmd = (weight_scale*(D + E + G - 2*M))/(6*D); // T/3 >= M
-        Wme = (weight_scale*(D + E + G - 2*M))/(6*E);
-        Wee = (weight_scale*(-D + 5*E - G + 2*M))/(6*E); // 2E+M >= T/3
-        Wmg = 0;
-        Wed = weight_scale - Wgd - Wmd;
+    guard_get_guardfraction_bandwidth(&guardfraction_bw,
+                                      rs->bandwidth_kb,
+                                      rs->guardfraction_percentage);
 
-        berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed,
-                                       weight_scale, G, M, E, D, T, 10, 1);
-      }
+    default_bandwidth = guardfraction_bw.guard_bw;
+    guardfraction_bandwidth = guardfraction_bw.non_guard_bw;
+  }
 
-      if (D == 0 || berr) { // Can happen if M > T/3
-        casename = "Case 2b (E=G)";
-        Wgg = weight_scale;
-        Wee = weight_scale;
-        Wmg = 0;
-        Wme = 0;
-        Wmd = 0;
-        if (D == 0) Wgd = 0;
-        else Wgd = (weight_scale*(D+E-G))/(2*D);
-        Wed = weight_scale - Wgd;
-        berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
-                Wed, weight_scale, G, M, E, D, T, 10, 1);
-      }
-      if (berr != BW_WEIGHTS_NO_ERROR &&
-              berr != BW_WEIGHTS_BALANCE_MID_ERROR) {
-        log_warn(LD_DIR, "Bw Weights error %d for case %s. "
-                         "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT
-                         " D="I64_FORMAT" T="I64_FORMAT,
-                 berr, casename,
-                 I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-                 I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-      }
-    }
-  } else { // if (E < T/3 || G < T/3) {
-    int64_t S = MIN(E, G);
-    // Case 3: Exactly one of Guard or Exit is scarce
-    if (!(3*E < T || 3*G < T) || !(3*G >= T || 3*E >= T)) {
-      log_warn(LD_BUG,
-           "Bw-Weights Case 3 but with G="I64_FORMAT" M="
-           I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT" T="I64_FORMAT,
-               I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-               I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
+  /* Now calculate the total bandwidth weights with or without
+   * guardfraction. Depending on the flags of the relay, add its
+   * bandwidth to the appropriate weight pool. If it's a guard and
+   * guardfraction is enabled, add its bandwidth to both pools as
+   * indicated by the previous comment.
+   */
+  *T += default_bandwidth;
+  if (is_exit && is_guard) {
+
+    *D += default_bandwidth;
+    if (rs->has_guardfraction) {
+      *E += guardfraction_bandwidth;
     }
 
-    if (3*(S+D) < T) { // Subcase a: S+D < T/3
-      if (G < E) {
-        casename = "Case 3a (G scarce)";
-        Wgg = Wgd = weight_scale;
-        Wmd = Wed = Wmg = 0;
-        // Minor subcase, if E is more scarce than M,
-        // keep its bandwidth in place.
-        if (E < M) Wme = 0;
-        else Wme = (weight_scale*(E-M))/(2*E);
-        Wee = weight_scale-Wme;
-      } else { // G >= E
-        casename = "Case 3a (E scarce)";
-        Wee = Wed = weight_scale;
-        Wmd = Wgd = Wme = 0;
-        // Minor subcase, if G is more scarce than M,
-        // keep its bandwidth in place.
-        if (G < M) Wmg = 0;
-        else Wmg = (weight_scale*(G-M))/(2*G);
-        Wgg = weight_scale-Wmg;
-      }
-    } else { // Subcase b: S+D >= T/3
-      bw_weights_error_t berr = 0;
-      // D != 0 because S+D >= T/3
-      if (G < E) {
-        casename = "Case 3b (G scarce, Wme*E == Wmd*D)";
-        Wgd = (weight_scale*(D + E - 2*G + M))/(3*D);
-        Wmd = (weight_scale*(D + E + G - 2*M))/(6*D);
-        Wme = (weight_scale*(D + E + G - 2*M))/(6*E);
-        Wee = (weight_scale*(-D + 5*E - G + 2*M))/(6*E);
-        Wgg = weight_scale;
-        Wmg = 0;
-        Wed = weight_scale - Wgd - Wmd;
+  } else if (is_exit) {
 
-        berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
-                    Wed, weight_scale, G, M, E, D, T, 10, 1);
-      } else { // G >= E
-        casename = "Case 3b (E scarce, Wme*E == Wmd*D)";
-        Wgg = (weight_scale*(D + E + G + M))/(3*G);
-        Wmd = (weight_scale*(2*D + 2*E - G - M))/(6*D);
-        Wme = (weight_scale*(2*D + 2*E - G - M))/(6*E);
-        Wee = (weight_scale*(-2*D + 4*E + G + M))/(6*E);
-        Wgd = 0;
-        Wmg = weight_scale - Wgg;
-        Wed = weight_scale - Wmd;
+    *E += default_bandwidth;
 
-        berr = networkstatus_check_weights(Wgg, Wgd, Wmg, Wme, Wmd, Wee,
-                      Wed, weight_scale, G, M, E, D, T, 10, 1);
-      }
-      if (berr) {
-        log_warn(LD_DIR, "Bw Weights error %d for case %s. "
-                         "G="I64_FORMAT" M="I64_FORMAT
-                         " E="I64_FORMAT" D="I64_FORMAT" T="I64_FORMAT,
-                 berr, casename,
-               I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-               I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-      }
-    }
-  }
+  } else if (is_guard) {
 
-  /* We cast down the weights to 32 bit ints on the assumption that
-   * weight_scale is ~= 10000. We need to ensure a rogue authority
-   * doesn't break this assumption to rig our weights */
-  tor_assert(0 < weight_scale && weight_scale <= INT32_MAX);
+    *G += default_bandwidth;
+    if (rs->has_guardfraction) {
+      *M += guardfraction_bandwidth;
+    }
 
-  if (Wgg < 0 || Wgg > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wgg="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wgg),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
+  } else {
 
-    Wgg = MAX(MIN(Wgg, weight_scale), 0);
-  }
-  if (Wgd < 0 || Wgd > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wgd="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wgd),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    Wgd = MAX(MIN(Wgd, weight_scale), 0);
-  }
-  if (Wmg < 0 || Wmg > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wmg="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wmg),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    Wmg = MAX(MIN(Wmg, weight_scale), 0);
+    *M += default_bandwidth;
   }
-  if (Wme < 0 || Wme > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wme="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wme),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    Wme = MAX(MIN(Wme, weight_scale), 0);
-  }
-  if (Wmd < 0 || Wmd > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wmd="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wmd),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    Wmd = MAX(MIN(Wmd, weight_scale), 0);
-  }
-  if (Wee < 0 || Wee > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wee="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wee),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    Wee = MAX(MIN(Wee, weight_scale), 0);
-  }
-  if (Wed < 0 || Wed > weight_scale) {
-    log_warn(LD_DIR, "Bw %s: Wed="I64_FORMAT"! G="I64_FORMAT
-            " M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-            " T="I64_FORMAT,
-             casename, I64_PRINTF_ARG(Wed),
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
-    Wed = MAX(MIN(Wed, weight_scale), 0);
-  }
-
-  // Add consensus weight keywords
-  smartlist_add(chunks, tor_strdup("bandwidth-weights "));
-  /*
-   * Provide Wgm=Wgg, Wmm=1, Wem=Wee, Weg=Wed. May later determine
-   * that middle nodes need different bandwidth weights for dirport traffic,
-   * or that weird exit policies need special weight, or that bridges
-   * need special weight.
-   *
-   * NOTE: This list is sorted.
-   */
-  smartlist_add_asprintf(chunks,
-     "Wbd=%d Wbe=%d Wbg=%d Wbm=%d "
-     "Wdb=%d "
-     "Web=%d Wed=%d Wee=%d Weg=%d Wem=%d "
-     "Wgb=%d Wgd=%d Wgg=%d Wgm=%d "
-     "Wmb=%d Wmd=%d Wme=%d Wmg=%d Wmm=%d\n",
-     (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale,
-     (int)weight_scale,
-     (int)weight_scale, (int)Wed, (int)Wee, (int)Wed, (int)Wee,
-     (int)weight_scale, (int)Wgd, (int)Wgg, (int)Wgg,
-     (int)weight_scale, (int)Wmd, (int)Wme, (int)Wmg, (int)weight_scale);
-
-  log_notice(LD_CIRC, "Computed bandwidth weights for %s with v9: "
-             "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
-             " T="I64_FORMAT,
-             casename,
-             I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
-             I64_PRINTF_ARG(D), I64_PRINTF_ARG(T));
 }
 
 /** Given a list of vote networkstatus_t in <b>votes</b>, our public
@@ -1330,9 +1144,12 @@ networkstatus_compute_consensus(smartlist_t *votes,
   const routerstatus_format_type_t rs_format =
     flavor == FLAV_NS ? NS_V3_CONSENSUS : NS_V3_CONSENSUS_MICRODESC;
   char *params = NULL;
+  char *packages = NULL;
   int added_weights = 0;
+  dircollator_t *collator = NULL;
   tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
   tor_assert(total_authorities >= smartlist_len(votes));
+  tor_assert(total_authorities > 0);
 
   flavor_name = networkstatus_get_flavor_name(flavor);
 
@@ -1350,18 +1167,18 @@ networkstatus_compute_consensus(smartlist_t *votes,
     log_warn(LD_DIR, "The other authorities will use consensus method %d, "
              "which I don't support.  Maybe I should upgrade!",
              consensus_method);
-    consensus_method = 1;
+    consensus_method = MAX_SUPPORTED_CONSENSUS_METHOD;
   }
 
   /* Compute medians of time-related things, and figure out how many
    * routers we might need to talk about. */
   {
     int n_votes = smartlist_len(votes);
-    time_t *va_times = tor_malloc(n_votes * sizeof(time_t));
-    time_t *fu_times = tor_malloc(n_votes * sizeof(time_t));
-    time_t *vu_times = tor_malloc(n_votes * sizeof(time_t));
-    int *votesec_list = tor_malloc(n_votes * sizeof(int));
-    int *distsec_list = tor_malloc(n_votes * sizeof(int));
+    time_t *va_times = tor_calloc(n_votes, sizeof(time_t));
+    time_t *fu_times = tor_calloc(n_votes, sizeof(time_t));
+    time_t *vu_times = tor_calloc(n_votes, sizeof(time_t));
+    int *votesec_list = tor_calloc(n_votes, sizeof(int));
+    int *distsec_list = tor_calloc(n_votes, sizeof(int));
     int n_versioning_clients = 0, n_versioning_servers = 0;
     smartlist_t *combined_client_versions = smartlist_new();
     smartlist_t *combined_server_versions = smartlist_new();
@@ -1400,8 +1217,12 @@ networkstatus_compute_consensus(smartlist_t *votes,
     vote_seconds = median_int(votesec_list, n_votes);
     dist_seconds = median_int(distsec_list, n_votes);
 
-    tor_assert(valid_after+MIN_VOTE_INTERVAL <= fresh_until);
-    tor_assert(fresh_until+MIN_VOTE_INTERVAL <= valid_until);
+    tor_assert(valid_after +
+               (get_options()->TestingTorNetwork ?
+                MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) <= fresh_until);
+    tor_assert(fresh_until +
+               (get_options()->TestingTorNetwork ?
+                MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) <= valid_until);
     tor_assert(vote_seconds >= MIN_VOTE_SECONDS);
     tor_assert(dist_seconds >= MIN_DIST_SECONDS);
 
@@ -1409,12 +1230,20 @@ networkstatus_compute_consensus(smartlist_t *votes,
                                                       n_versioning_servers);
     client_versions = compute_consensus_versions_list(combined_client_versions,
                                                       n_versioning_clients);
+    if (consensus_method >= MIN_METHOD_FOR_PACKAGE_LINES) {
+      packages = compute_consensus_package_lines(votes);
+    } else {
+      packages = tor_strdup("");
+    }
 
     SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
     SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
     smartlist_free(combined_server_versions);
     smartlist_free(combined_client_versions);
 
+    if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_VOTING)
+      smartlist_add(flags, tor_strdup("NoEdConsensus"));
+
     smartlist_sort_strings(flags);
     smartlist_uniq_strings(flags);
 
@@ -1441,10 +1270,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
                  flavor == FLAV_NS ? "" : " ",
                  flavor == FLAV_NS ? "" : flavor_name);
 
-    if (consensus_method >= 2) {
-      smartlist_add_asprintf(chunks, "consensus-method %d\n",
-                   consensus_method);
-    }
+    smartlist_add_asprintf(chunks, "consensus-method %d\n",
+                           consensus_method);
 
     smartlist_add_asprintf(chunks,
                  "valid-after %s\n"
@@ -1453,22 +1280,23 @@ networkstatus_compute_consensus(smartlist_t *votes,
                  "voting-delay %d %d\n"
                  "client-versions %s\n"
                  "server-versions %s\n"
+                 "%s" /* packages */
                  "known-flags %s\n",
                  va_buf, fu_buf, vu_buf,
                  vote_seconds, dist_seconds,
-                 client_versions, server_versions, flaglist);
+                 client_versions, server_versions,
+                 packages,
+                 flaglist);
 
     tor_free(flaglist);
   }
 
-  if (consensus_method >= MIN_METHOD_FOR_PARAMS) {
-    params = dirvote_compute_params(votes, consensus_method,
-                                    total_authorities);
-    if (params) {
-      smartlist_add(chunks, tor_strdup("params "));
-      smartlist_add(chunks, params);
-      smartlist_add(chunks, tor_strdup("\n"));
-    }
+  params = dirvote_compute_params(votes, consensus_method,
+                                  total_authorities);
+  if (params) {
+    smartlist_add(chunks, tor_strdup("params "));
+    smartlist_add(chunks, params);
+    smartlist_add(chunks, tor_strdup("\n"));
   }
 
   /* Sort the votes. */
@@ -1482,8 +1310,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       e->digest = get_voter(v)->identity_digest;
       e->is_legacy = 0;
       smartlist_add(dir_sources, e);
-      if (consensus_method >= 3 &&
-          !tor_digest_is_zero(get_voter(v)->legacy_id_digest)) {
+      if (!tor_digest_is_zero(get_voter(v)->legacy_id_digest)) {
         dir_src_ent_t *e_legacy = tor_malloc_zero(sizeof(dir_src_ent_t));
         e_legacy->v = v;
         e_legacy->digest = get_voter(v)->legacy_id_digest;
@@ -1499,9 +1326,6 @@ networkstatus_compute_consensus(smartlist_t *votes,
       networkstatus_t *v = e->v;
       networkstatus_voter_info_t *voter = get_voter(v);
 
-      if (e->is_legacy)
-        tor_assert(consensus_method >= 2);
-
       base16_encode(fingerprint, sizeof(fingerprint), e->digest, DIGEST_LEN);
       base16_encode(votedigest, sizeof(votedigest), voter->vote_digest,
                     DIGEST_LEN);
@@ -1559,12 +1383,15 @@ networkstatus_compute_consensus(smartlist_t *votes,
     smartlist_t *chosen_flags = smartlist_new();
     smartlist_t *versions = smartlist_new();
     smartlist_t *exitsummaries = smartlist_new();
-    uint32_t *bandwidths_kb = tor_malloc(sizeof(uint32_t) *
-                                         smartlist_len(votes));
-    uint32_t *measured_bws_kb = tor_malloc(sizeof(uint32_t) *
-                                           smartlist_len(votes));
+    uint32_t *bandwidths_kb = tor_calloc(smartlist_len(votes),
+                                         sizeof(uint32_t));
+    uint32_t *measured_bws_kb = tor_calloc(smartlist_len(votes),
+                                           sizeof(uint32_t));
+    uint32_t *measured_guardfraction = tor_calloc(smartlist_len(votes),
+                                                  sizeof(uint32_t));
     int num_bandwidths;
     int num_mbws;
+    int num_guardfraction_inputs;
 
     int *n_voter_flags; /* n_voter_flags[j] is the number of flags that
                          * votes[j] knows about. */
@@ -1574,7 +1401,6 @@ networkstatus_compute_consensus(smartlist_t *votes,
                      * is the same flag as votes[j]->known_flags[b]. */
     int *named_flag; /* Index of the flag "Named" for votes[j] */
     int *unnamed_flag; /* Index of the flag "Unnamed" for votes[j] */
-    int chosen_named_idx;
     int n_authorities_measuring_bandwidth;
 
     strmap_t *name_to_id_map = strmap_new();
@@ -1583,16 +1409,15 @@ networkstatus_compute_consensus(smartlist_t *votes,
     memset(conflict, 0, sizeof(conflict));
     memset(unknown, 0xff, sizeof(conflict));
 
-    index = tor_malloc_zero(sizeof(int)*smartlist_len(votes));
-    size = tor_malloc_zero(sizeof(int)*smartlist_len(votes));
-    n_voter_flags = tor_malloc_zero(sizeof(int) * smartlist_len(votes));
-    n_flag_voters = tor_malloc_zero(sizeof(int) * smartlist_len(flags));
-    flag_map = tor_malloc_zero(sizeof(int*) * smartlist_len(votes));
-    named_flag = tor_malloc_zero(sizeof(int) * smartlist_len(votes));
-    unnamed_flag = tor_malloc_zero(sizeof(int) * smartlist_len(votes));
+    index = tor_calloc(smartlist_len(votes), sizeof(int));
+    size = tor_calloc(smartlist_len(votes), sizeof(int));
+    n_voter_flags = tor_calloc(smartlist_len(votes), sizeof(int));
+    n_flag_voters = tor_calloc(smartlist_len(flags), sizeof(int));
+    flag_map = tor_calloc(smartlist_len(votes), sizeof(int *));
+    named_flag = tor_calloc(smartlist_len(votes), sizeof(int));
+    unnamed_flag = tor_calloc(smartlist_len(votes), sizeof(int));
     for (i = 0; i < smartlist_len(votes); ++i)
       unnamed_flag[i] = named_flag[i] = -1;
-    chosen_named_idx = smartlist_string_pos(flags, "Named");
 
     /* Build the flag indexes. Note that no vote can have more than 64 members
      * for known_flags, so no value will be greater than 63, so it's safe to
@@ -1601,8 +1426,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
      * that they're actually set before doing U64_LITERAL(1) << index with
      * them.*/
     SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
-      flag_map[v_sl_idx] = tor_malloc_zero(
-                           sizeof(int)*smartlist_len(v->known_flags));
+      flag_map[v_sl_idx] = tor_calloc(smartlist_len(v->known_flags),
+                                      sizeof(int));
       if (smartlist_len(v->known_flags) > MAX_KNOWN_FLAGS_IN_VOTE) {
         log_warn(LD_BUG, "Somehow, a vote has %d entries in known_flags",
                  smartlist_len(v->known_flags));
@@ -1622,7 +1447,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
     } SMARTLIST_FOREACH_END(v);
 
     /* Named and Unnamed get treated specially */
-    if (consensus_method >= 2) {
+    {
       SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
         uint64_t nf;
         if (named_flag[v_sl_idx]<0)
@@ -1675,18 +1500,30 @@ networkstatus_compute_consensus(smartlist_t *votes,
 
     /* We need to know how many votes measure bandwidth. */
     n_authorities_measuring_bandwidth = 0;
-    SMARTLIST_FOREACH(votes, networkstatus_t *, v,
+    SMARTLIST_FOREACH(votes, const networkstatus_t *, v,
        if (v->has_measured_bws) {
          ++n_authorities_measuring_bandwidth;
        }
     );
 
+    /* Populate the collator */
+    collator = dircollator_new(smartlist_len(votes), total_authorities);
+    SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
+      dircollator_add_vote(collator, v);
+    } SMARTLIST_FOREACH_END(v);
+
+    dircollator_collate(collator, consensus_method);
+
     /* Now go through all the votes */
-    flag_counts = tor_malloc(sizeof(int) * smartlist_len(flags));
-    while (1) {
+    flag_counts = tor_calloc(smartlist_len(flags), sizeof(int));
+    const int num_routers = dircollator_n_routers(collator);
+    for (i = 0; i < num_routers; ++i) {
+      vote_routerstatus_t **vrs_lst =
+        dircollator_get_votes_for_router(collator, i);
+
       vote_routerstatus_t *rs;
       routerstatus_t rs_out;
-      const char *lowest_id = NULL;
+      const char *current_rsa_id = NULL;
       const char *chosen_version;
       const char *chosen_name = NULL;
       int exitsummary_disagreement = 0;
@@ -1694,54 +1531,39 @@ networkstatus_compute_consensus(smartlist_t *votes,
       int is_guard = 0, is_exit = 0, is_bad_exit = 0;
       int naming_conflict = 0;
       int n_listing = 0;
-      int i;
       char microdesc_digest[DIGEST256_LEN];
       tor_addr_port_t alt_orport = {TOR_ADDR_NULL, 0};
 
-      /* Of the next-to-be-considered digest in each voter, which is first? */
-      SMARTLIST_FOREACH(votes, networkstatus_t *, v, {
-        if (index[v_sl_idx] < size[v_sl_idx]) {
-          rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
-          if (!lowest_id ||
-              fast_memcmp(rs->status.identity_digest,
-                          lowest_id, DIGEST_LEN) < 0)
-            lowest_id = rs->status.identity_digest;
-        }
-      });
-      if (!lowest_id) /* we're out of routers. */
-        break;
-
       memset(flag_counts, 0, sizeof(int)*smartlist_len(flags));
       smartlist_clear(matching_descs);
       smartlist_clear(chosen_flags);
       smartlist_clear(versions);
       num_bandwidths = 0;
       num_mbws = 0;
+      num_guardfraction_inputs = 0;
+      int ed_consensus = 0;
+      const uint8_t *ed_consensus_val = NULL;
 
       /* Okay, go through all the entries for this digest. */
-      SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
-        if (index[v_sl_idx] >= size[v_sl_idx])
-          continue; /* out of entries. */
-        rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
-        if (fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN))
-          continue; /* doesn't include this router. */
-        /* At this point, we know that we're looking at a routerstatus with
-         * identity "lowest".
-         */
-        ++index[v_sl_idx];
+      for (int voter_idx = 0; voter_idx < smartlist_len(votes); ++voter_idx) {
+        if (vrs_lst[voter_idx] == NULL)
+          continue; /* This voter had nothing to say about this entry. */
+        rs = vrs_lst[voter_idx];
         ++n_listing;
 
+        current_rsa_id = rs->status.identity_digest;
+
         smartlist_add(matching_descs, rs);
         if (rs->version && rs->version[0])
           smartlist_add(versions, rs->version);
 
         /* Tally up all the flags. */
-        for (i = 0; i < n_voter_flags[v_sl_idx]; ++i) {
-          if (rs->flags & (U64_LITERAL(1) << i))
-            ++flag_counts[flag_map[v_sl_idx][i]];
+        for (int flag = 0; flag < n_voter_flags[voter_idx]; ++flag) {
+          if (rs->flags & (U64_LITERAL(1) << flag))
+            ++flag_counts[flag_map[voter_idx][flag]];
         }
-        if (named_flag[v_sl_idx] >= 0 &&
-            (rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx]))) {
+        if (named_flag[voter_idx] >= 0 &&
+            (rs->flags & (U64_LITERAL(1) << named_flag[voter_idx]))) {
           if (chosen_name && strcmp(chosen_name, rs->status.nickname)) {
             log_notice(LD_DIR, "Conflict on naming for router: %s vs %s",
                        chosen_name, rs->status.nickname);
@@ -1750,19 +1572,48 @@ networkstatus_compute_consensus(smartlist_t *votes,
           chosen_name = rs->status.nickname;
         }
 
+        /* Count guardfraction votes and note down the values. */
+        if (rs->status.has_guardfraction) {
+          measured_guardfraction[num_guardfraction_inputs++] =
+            rs->status.guardfraction_percentage;
+        }
+
         /* count bandwidths */
         if (rs->has_measured_bw)
           measured_bws_kb[num_mbws++] = rs->measured_bw_kb;
 
         if (rs->status.has_bandwidth)
           bandwidths_kb[num_bandwidths++] = rs->status.bandwidth_kb;
-      } SMARTLIST_FOREACH_END(v);
+
+        /* Count number for which ed25519 is canonical. */
+        if (rs->ed25519_reflects_consensus) {
+          ++ed_consensus;
+          if (ed_consensus_val) {
+            tor_assert(fast_memeq(ed_consensus_val, rs->ed25519_id,
+                                  ED25519_PUBKEY_LEN));
+          } else {
+            ed_consensus_val = rs->ed25519_id;
+          }
+        }
+      }
 
       /* We don't include this router at all unless more than half of
        * the authorities we believe in list it. */
       if (n_listing <= total_authorities/2)
         continue;
 
+      if (ed_consensus > 0) {
+        tor_assert(consensus_method >= MIN_METHOD_FOR_ED25519_ID_VOTING);
+        if (ed_consensus <= total_authorities / 2) {
+          log_warn(LD_BUG, "Not enough entries had ed_consensus set; how "
+                   "can we have a consensus of %d?", ed_consensus);
+        }
+      }
+
+      /* The clangalyzer can't figure out that this will never be NULL
+       * if n_listing is at least 1 */
+      tor_assert(current_rsa_id);
+
       /* Figure out the most popular opinion of what the most recent
        * routerinfo and its contents are. */
       memset(microdesc_digest, 0, sizeof(microdesc_digest));
@@ -1770,8 +1621,9 @@ networkstatus_compute_consensus(smartlist_t *votes,
                                           microdesc_digest, &alt_orport);
       /* Copy bits of that into rs_out. */
       memset(&rs_out, 0, sizeof(rs_out));
-      tor_assert(fast_memeq(lowest_id, rs->status.identity_digest,DIGEST_LEN));
-      memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN);
+      tor_assert(fast_memeq(current_rsa_id,
+                            rs->status.identity_digest,DIGEST_LEN));
+      memcpy(rs_out.identity_digest, current_rsa_id, DIGEST_LEN);
       memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
              DIGEST_LEN);
       rs_out.addr = rs->status.addr;
@@ -1791,14 +1643,11 @@ networkstatus_compute_consensus(smartlist_t *votes,
         strlcpy(rs_out.nickname, rs->status.nickname, sizeof(rs_out.nickname));
       }
 
-      if (consensus_method == 1) {
-        is_named = chosen_named_idx >= 0 &&
-          (!naming_conflict && flag_counts[chosen_named_idx]);
-      } else {
+      {
         const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
         if (!d) {
           is_named = is_unnamed = 0;
-        } else if (fast_memeq(d, lowest_id, DIGEST_LEN)) {
+        } else if (fast_memeq(d, current_rsa_id, DIGEST_LEN)) {
           is_named = 1; is_unnamed = 0;
         } else {
           is_named = 0; is_unnamed = 1;
@@ -1811,9 +1660,13 @@ networkstatus_compute_consensus(smartlist_t *votes,
         if (!strcmp(fl, "Named")) {
           if (is_named)
             smartlist_add(chosen_flags, (char*)fl);
-        } else if (!strcmp(fl, "Unnamed") && consensus_method >= 2) {
+        } else if (!strcmp(fl, "Unnamed")) {
           if (is_unnamed)
             smartlist_add(chosen_flags, (char*)fl);
+        } else if (!strcmp(fl, "NoEdConsensus") &&
+                   consensus_method >= MIN_METHOD_FOR_ED25519_ID_VOTING) {
+          if (ed_consensus <= total_authorities/2)
+            smartlist_add(chosen_flags, (char*)fl);
         } else {
           if (flag_counts[fl_sl_idx] > n_flag_voters[fl_sl_idx]/2) {
             smartlist_add(chosen_flags, (char*)fl);
@@ -1831,7 +1684,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
 
       /* Starting with consensus method 4 we do not list servers
        * that are not running in a consensus.  See Proposal 138 */
-      if (consensus_method >= 4 && !is_running)
+      if (!is_running)
         continue;
 
       /* Pick the version. */
@@ -1842,12 +1695,23 @@ networkstatus_compute_consensus(smartlist_t *votes,
         chosen_version = NULL;
       }
 
+      /* If it's a guard and we have enough guardfraction votes,
+         calculate its consensus guardfraction value. */
+      if (is_guard && num_guardfraction_inputs > 2 &&
+          consensus_method >= MIN_METHOD_FOR_GUARDFRACTION) {
+        rs_out.has_guardfraction = 1;
+        rs_out.guardfraction_percentage = median_uint32(measured_guardfraction,
+                                                     num_guardfraction_inputs);
+        /* final value should be an integer percentage! */
+        tor_assert(rs_out.guardfraction_percentage <= 100);
+      }
+
       /* Pick a bandwidth */
-      if (consensus_method >= 6 && num_mbws > 2) {
+      if (num_mbws > 2) {
         rs_out.has_bandwidth = 1;
         rs_out.bw_is_unmeasured = 0;
         rs_out.bandwidth_kb = median_uint32(measured_bws_kb, num_mbws);
-      } else if (consensus_method >= 5 && num_bandwidths > 0) {
+      } else if (num_bandwidths > 0) {
         rs_out.has_bandwidth = 1;
         rs_out.bw_is_unmeasured = 1;
         rs_out.bandwidth_kb = median_uint32(bandwidths_kb, num_bandwidths);
@@ -1861,25 +1725,13 @@ networkstatus_compute_consensus(smartlist_t *votes,
       }
 
       /* Fix bug 2203: Do not count BadExit nodes as Exits for bw weights */
-      if (consensus_method >= MIN_METHOD_TO_CUT_BADEXIT_WEIGHT) {
-        is_exit = is_exit && !is_bad_exit;
-      }
+      is_exit = is_exit && !is_bad_exit;
 
-      if (consensus_method >= MIN_METHOD_FOR_BW_WEIGHTS) {
-        if (rs_out.has_bandwidth) {
-          T += rs_out.bandwidth_kb;
-          if (is_exit && is_guard)
-            D += rs_out.bandwidth_kb;
-          else if (is_exit)
-            E += rs_out.bandwidth_kb;
-          else if (is_guard)
-            G += rs_out.bandwidth_kb;
-          else
-            M += rs_out.bandwidth_kb;
-        } else {
-          log_warn(LD_BUG, "Missing consensus bandwidth for router %s",
-              rs_out.nickname);
-        }
+      /* Update total bandwidth weights with the bandwidths of this router. */
+      {
+        update_total_bandwidth_weights(&rs_out,
+                                       is_exit, is_guard,
+                                       &G, &M, &E, &D, &T);
       }
 
       /* Ok, we already picked a descriptor digest we want to list
@@ -1896,7 +1748,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
        * the policy that was most often listed in votes, again breaking
        * ties like in the previous case.
        */
-      if (consensus_method >= 5) {
+      {
         /* Okay, go through all the votes for this router.  We prepared
          * that list previously */
         const char *chosen_exitsummary = NULL;
@@ -1967,7 +1819,6 @@ networkstatus_compute_consensus(smartlist_t *votes,
       }
 
       if (flavor == FLAV_MICRODESC &&
-          consensus_method >= MIN_METHOD_FOR_MANDATORY_MICRODESC &&
           tor_digest256_is_zero(microdesc_digest)) {
         /* With no microdescriptor digest, we omit the entry entirely. */
         continue;
@@ -1999,11 +1850,21 @@ networkstatus_compute_consensus(smartlist_t *votes,
       smartlist_add(chunks, tor_strdup("\n"));
       /*     Now the weight line. */
       if (rs_out.has_bandwidth) {
+        char *guardfraction_str = NULL;
         int unmeasured = rs_out.bw_is_unmeasured &&
           consensus_method >= MIN_METHOD_TO_CLIP_UNMEASURED_BW;
-        smartlist_add_asprintf(chunks, "w Bandwidth=%d%s\n",
+
+        /* If we have guardfraction info, include it in the 'w' line. */
+        if (rs_out.has_guardfraction) {
+          tor_asprintf(&guardfraction_str,
+                       " GuardFraction=%u", rs_out.guardfraction_percentage);
+        }
+        smartlist_add_asprintf(chunks, "w Bandwidth=%d%s%s\n",
                                rs_out.bandwidth_kb,
-                               unmeasured?" Unmeasured=1":"");
+                               unmeasured?" Unmeasured=1":"",
+                               guardfraction_str ? guardfraction_str : "");
+
+        tor_free(guardfraction_str);
       }
 
       /*     Now the exitpolicy summary line. */
@@ -2031,15 +1892,13 @@ networkstatus_compute_consensus(smartlist_t *votes,
     smartlist_free(exitsummaries);
     tor_free(bandwidths_kb);
     tor_free(measured_bws_kb);
+    tor_free(measured_guardfraction);
   }
 
-  if (consensus_method >= MIN_METHOD_FOR_FOOTER) {
-    /* Starting with consensus method 9, we clearly mark the directory
-     * footer region */
-    smartlist_add(chunks, tor_strdup("directory-footer\n"));
-  }
+  /* Mark the directory footer region */
+  smartlist_add(chunks, tor_strdup("directory-footer\n"));
 
-  if (consensus_method >= MIN_METHOD_FOR_BW_WEIGHTS) {
+  {
     int64_t weight_scale = BW_WEIGHT_SCALE;
     char *bw_weight_param = NULL;
 
@@ -2072,13 +1931,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
       }
     }
 
-    if (consensus_method < 10) {
-      networkstatus_compute_bw_weights_v9(chunks, G, M, E, D, T, weight_scale);
-      added_weights = 1;
-    } else {
-      added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
-                                                           T, weight_scale);
-    }
+    added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D,
+                                                         T, weight_scale);
   }
 
   /* Add a signature. */
@@ -2119,7 +1973,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
     }
     smartlist_add(chunks, signature);
 
-    if (legacy_id_key_digest && legacy_signing_key && consensus_method >= 3) {
+    if (legacy_id_key_digest && legacy_signing_key) {
       smartlist_add(chunks, tor_strdup("directory-signature "));
       base16_encode(fingerprint, sizeof(fingerprint),
                     legacy_id_key_digest, DIGEST_LEN);
@@ -2155,7 +2009,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       goto done;
     }
     // Verify balancing parameters
-    if (consensus_method >= MIN_METHOD_FOR_BW_WEIGHTS && added_weights) {
+    if (added_weights) {
       networkstatus_verify_bw_weights(c, consensus_method);
     }
     networkstatus_vote_free(c);
@@ -2163,8 +2017,10 @@ networkstatus_compute_consensus(smartlist_t *votes,
 
  done:
 
+  dircollator_free(collator);
   tor_free(client_versions);
   tor_free(server_versions);
+  tor_free(packages);
   SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
   smartlist_free(flags);
   SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
@@ -2173,6 +2029,78 @@ networkstatus_compute_consensus(smartlist_t *votes,
   return result;
 }
 
+/** Given a list of networkstatus_t for each vote, return a newly allocated
+ * string containing the "package" lines for the vote. */
+STATIC char *
+compute_consensus_package_lines(smartlist_t *votes)
+{
+  const int n_votes = smartlist_len(votes);
+
+  /* This will be a map from "packagename version" strings to arrays
+   * of const char *, with the i'th member of the array corresponding to the
+   * package line from the i'th vote.
+   */
+  strmap_t *package_status = strmap_new();
+
+  SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
+    if (! v->package_lines)
+      continue;
+    SMARTLIST_FOREACH_BEGIN(v->package_lines, const char *, line) {
+      if (! validate_recommended_package_line(line))
+        continue;
+
+      /* Skip 'cp' to the second space in the line. */
+      const char *cp = strchr(line, ' ');
+      if (!cp) continue;
+      ++cp;
+      cp = strchr(cp, ' ');
+      if (!cp) continue;
+
+      char *key = tor_strndup(line, cp - line);
+
+      const char **status = strmap_get(package_status, key);
+      if (!status) {
+        status = tor_calloc(n_votes, sizeof(const char *));
+        strmap_set(package_status, key, status);
+      }
+      status[v_sl_idx] = line; /* overwrite old value */
+      tor_free(key);
+    } SMARTLIST_FOREACH_END(line);
+  } SMARTLIST_FOREACH_END(v);
+
+  smartlist_t *entries = smartlist_new(); /* temporary */
+  smartlist_t *result_list = smartlist_new(); /* output */
+  STRMAP_FOREACH(package_status, key, const char **, values) {
+    int i, count=-1;
+    for (i = 0; i < n_votes; ++i) {
+      if (values[i])
+        smartlist_add(entries, (void*) values[i]);
+    }
+    smartlist_sort_strings(entries);
+    int n_voting_for_entry = smartlist_len(entries);
+    const char *most_frequent =
+      smartlist_get_most_frequent_string_(entries, &count);
+
+    if (n_voting_for_entry >= 3 && count > n_voting_for_entry / 2) {
+      smartlist_add_asprintf(result_list, "package %s\n", most_frequent);
+    }
+
+    smartlist_clear(entries);
+
+  } STRMAP_FOREACH_END;
+
+  smartlist_sort_strings(result_list);
+
+  char *result = smartlist_join_strings(result_list, "", 0, NULL);
+
+  SMARTLIST_FOREACH(result_list, char *, cp, tor_free(cp));
+  smartlist_free(result_list);
+  smartlist_free(entries);
+  strmap_free(package_status, tor_free_);
+
+  return result;
+}
+
 /** Given a consensus vote <b>target</b> and a set of detached signatures in
  * <b>sigs</b> that correspond to the same consensus, check whether there are
  * any new signatures in <b>src_voter_list</b> that should be added to
@@ -2221,14 +2149,14 @@ networkstatus_add_detached_signatures(networkstatus_t *target,
 
   /** Make sure all the digests we know match, and at least one matches. */
   {
-    digests_t *digests = strmap_get(sigs->digests, flavor);
+    common_digests_t *digests = strmap_get(sigs->digests, flavor);
     int n_matches = 0;
     int alg;
     if (!digests) {
       *msg_out = "No digests for given consensus flavor";
       return -1;
     }
-    for (alg = DIGEST_SHA1; alg < N_DIGEST_ALGORITHMS; ++alg) {
+    for (alg = DIGEST_SHA1; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
       if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
         if (fast_memeq(target->digests.d[alg], digests->d[alg],
                        DIGEST256_LEN)) {
@@ -2279,8 +2207,11 @@ networkstatus_add_detached_signatures(networkstatus_t *target,
     if (!sig->good_signature && !sig->bad_signature) {
       cert = authority_cert_get_by_digests(sig->identity_digest,
                                            sig->signing_key_digest);
-      if (cert)
-        networkstatus_check_document_signature(target, sig, cert);
+      if (cert) {
+        /* Not checking the return value here, since we are going to look
+         * at the status of sig->good_signature in a moment. */
+        (void) networkstatus_check_document_signature(target, sig, cert);
+      }
     }
 
     /* If this signature is good, or we don't have any signature yet,
@@ -2351,7 +2282,8 @@ networkstatus_format_signatures(networkstatus_t *consensus,
                      for_detached_signatures ? flavor_name : "",
                      digest_name, id, sk);
       }
-      base64_encode(buf, sizeof(buf), sig->signature, sig->signature_len);
+      base64_encode(buf, sizeof(buf), sig->signature, sig->signature_len,
+                    BASE64_ENCODE_MULTILINE);
       strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
       smartlist_add(elements, tor_strdup(buf));
     } SMARTLIST_FOREACH_END(sig);
@@ -2417,7 +2349,7 @@ networkstatus_get_detached_signatures(smartlist_t *consensuses)
 
     /* start with SHA256; we don't include SHA1 for anything but the basic
      * consensus. */
-    for (alg = DIGEST_SHA256; alg < N_DIGEST_ALGORITHMS; ++alg) {
+    for (alg = DIGEST_SHA256; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
       char d[HEX_DIGEST256_LEN+1];
       const char *alg_name =
         crypto_digest_algorithm_get_name(alg);
@@ -3020,7 +2952,7 @@ dirvote_add_vote(const char *vote_body, const char **msg_out, int *status_out)
           goto discard;
         } else if (v->vote->published < vote->published) {
           log_notice(LD_DIR, "Replacing an older pending vote from this "
-                     "directory.");
+                     "directory (%s)", vi->address);
           cached_dir_decref(v->vote_body);
           networkstatus_vote_free(v->vote);
           v->vote_body = new_cached_dir(tor_strndup(vote_body,
@@ -3475,8 +3407,8 @@ dirvote_free_all(void)
  * ==== */
 
 /** Return the body of the consensus that we're currently trying to build. */
-const char *
-dirvote_get_pending_consensus(consensus_flavor_t flav)
+MOCK_IMPL(const char *,
+dirvote_get_pending_consensus, (consensus_flavor_t flav))
 {
   tor_assert(((int)flav) >= 0 && (int)flav < N_CONSENSUS_FLAVORS);
   return pending_consensuses[flav].body;
@@ -3484,8 +3416,8 @@ dirvote_get_pending_consensus(consensus_flavor_t flav)
 
 /** Return the signatures that we know for the consensus that we're currently
  * trying to build. */
-const char *
-dirvote_get_pending_detached_signatures(void)
+MOCK_IMPL(const char *,
+dirvote_get_pending_detached_signatures, (void))
 {
   return pending_consensus_signatures;
 }
@@ -3566,7 +3498,7 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
     char kbuf[128];
     base64_encode(kbuf, sizeof(kbuf),
                   (const char*)ri->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN);
+                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
   }
 
@@ -3593,17 +3525,27 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
   }
 
   if (consensus_method >= MIN_METHOD_FOR_ID_HASH_IN_MD) {
-    char idbuf[BASE64_DIGEST_LEN+1];
-    digest_to_base64(idbuf, ri->cache_info.identity_digest);
-    smartlist_add_asprintf(chunks, "id rsa1024 %s\n", idbuf);
+    char idbuf[ED25519_BASE64_LEN+1];
+    const char *keytype;
+    if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_IN_MD &&
+        ri->cache_info.signing_key_cert &&
+        ri->cache_info.signing_key_cert->signing_key_included) {
+      keytype = "ed25519";
+      ed25519_public_to_base64(idbuf,
+                               &ri->cache_info.signing_key_cert->signing_key);
+    } else {
+      keytype = "rsa1024";
+      digest_to_base64(idbuf, ri->cache_info.identity_digest);
+    }
+    smartlist_add_asprintf(chunks, "id %s %s\n", keytype, idbuf);
   }
 
   output = smartlist_join_strings(chunks, "", 0, NULL);
 
   {
     smartlist_t *lst = microdescs_parse_from_string(output,
-                                                 output+strlen(output), 0,
-                                                    SAVED_NOWHERE);
+                                                    output+strlen(output), 0,
+                                                    SAVED_NOWHERE, NULL);
     if (smartlist_len(lst) != 1) {
       log_warn(LD_DIR, "We generated a microdescriptor we couldn't parse.");
       SMARTLIST_FOREACH(lst, microdesc_t *, md, microdesc_free(md));
@@ -3664,11 +3606,12 @@ static const struct consensus_method_range_t {
   int low;
   int high;
 } microdesc_consensus_methods[] = {
-  {MIN_METHOD_FOR_MICRODESC, MIN_METHOD_FOR_A_LINES - 1},
+  {MIN_SUPPORTED_CONSENSUS_METHOD, MIN_METHOD_FOR_A_LINES - 1},
   {MIN_METHOD_FOR_A_LINES, MIN_METHOD_FOR_P6_LINES - 1},
   {MIN_METHOD_FOR_P6_LINES, MIN_METHOD_FOR_NTOR_KEY - 1},
   {MIN_METHOD_FOR_NTOR_KEY, MIN_METHOD_FOR_ID_HASH_IN_MD - 1},
-  {MIN_METHOD_FOR_ID_HASH_IN_MD,  MAX_SUPPORTED_CONSENSUS_METHOD},
+  {MIN_METHOD_FOR_ID_HASH_IN_MD, MIN_METHOD_FOR_ED25519_ID_IN_MD - 1},
+  {MIN_METHOD_FOR_ED25519_ID_IN_MD, MAX_SUPPORTED_CONSENSUS_METHOD},
   {-1, -1}
 };
 
diff --git a/src/or/dirvote.h b/src/or/dirvote.h
index 4c57e43661..0b1d284060 100644
--- a/src/or/dirvote.h
+++ b/src/or/dirvote.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -14,34 +14,48 @@
 
 #include "testsupport.h"
 
+/*
+ * Ideally, assuming synced clocks, we should only need 1 second for each of:
+ *  - Vote
+ *  - Distribute
+ *  - Consensus Publication
+ * As we can gather descriptors continuously.
+ * (Could we even go as far as publishing the previous consensus,
+ *  in the same second that we vote for the next one?)
+ * But we're not there yet: these are the lowest working values at this time.
+ */
+
 /** Lowest allowable value for VoteSeconds. */
 #define MIN_VOTE_SECONDS 2
+/** Lowest allowable value for VoteSeconds when TestingTorNetwork is 1 */
+#define MIN_VOTE_SECONDS_TESTING 2
+
 /** Lowest allowable value for DistSeconds. */
 #define MIN_DIST_SECONDS 2
-/** Smallest allowable voting interval. */
+/** Lowest allowable value for DistSeconds when TestingTorNetwork is 1 */
+#define MIN_DIST_SECONDS_TESTING 2
+
+/** Lowest allowable voting interval. */
 #define MIN_VOTE_INTERVAL 300
+/** Lowest allowable voting interval when TestingTorNetwork is 1:
+ * Voting Interval can be:
+ *   10, 12, 15, 18, 20, 24, 25, 30, 36, 40, 45, 50, 60, ...
+ * Testing Initial Voting Interval can be:
+ *    5,  6,  8,  9, or any of the possible values for Voting Interval,
+ * as they both need to evenly divide 30 minutes.
+ * If clock desynchronisation is an issue, use an interval of at least:
+ *   18 * drift in seconds, to allow for a clock slop factor */
+#define MIN_VOTE_INTERVAL_TESTING \
+                (((MIN_VOTE_SECONDS_TESTING)+(MIN_DIST_SECONDS_TESTING)+1)*2)
+
+#define MIN_VOTE_INTERVAL_TESTING_INITIAL \
+                ((MIN_VOTE_SECONDS_TESTING)+(MIN_DIST_SECONDS_TESTING)+1)
+
+/** The lowest consensus method that we currently support. */
+#define MIN_SUPPORTED_CONSENSUS_METHOD 13
 
 /** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 18
-
-/** Lowest consensus method that contains a 'directory-footer' marker */
-#define MIN_METHOD_FOR_FOOTER 9
-
-/** Lowest consensus method that contains bandwidth weights */
-#define MIN_METHOD_FOR_BW_WEIGHTS 9
-
-/** Lowest consensus method that contains consensus params */
-#define MIN_METHOD_FOR_PARAMS 7
-
-/** Lowest consensus method that generates microdescriptors */
-#define MIN_METHOD_FOR_MICRODESC 8
-
-/** Lowest consensus method that doesn't count bad exits as exits for weight */
-#define MIN_METHOD_TO_CUT_BADEXIT_WEIGHT 11
-
-/** Lowest consensus method that ensures a majority of authorities voted
-  * for a param. */
-#define MIN_METHOD_FOR_MAJORITY_PARAMS 12
+#define MAX_SUPPORTED_CONSENSUS_METHOD 22
 
 /** Lowest consensus method where microdesc consensuses omit any entry
  * with no microdesc. */
@@ -65,8 +79,24 @@
  * microdescriptors. */
 #define MIN_METHOD_FOR_ID_HASH_IN_MD 18
 
+/** Lowest consensus method where we include "package" lines*/
+#define MIN_METHOD_FOR_PACKAGE_LINES 19
+
+/** Lowest consensus method where authorities may include
+ * GuardFraction information in microdescriptors. */
+#define MIN_METHOD_FOR_GUARDFRACTION 20
+
+/** Lowest consensus method where authorities may include an "id" line for
+ * ed25519 identities in microdescriptors. (Broken; see
+ * consensus_method_is_supported() for more info.) */
+#define MIN_METHOD_FOR_ED25519_ID_IN_MD 21
+/** Lowest consensus method where authorities vote on ed25519 ids and ensure
+ * ed25519 id consistency. */
+#define MIN_METHOD_FOR_ED25519_ID_VOTING 22
+
 /** Default bandwidth to clip unmeasured bandwidths to using method >=
- * MIN_METHOD_TO_CLIP_UNMEASURED_BW */
+ * MIN_METHOD_TO_CLIP_UNMEASURED_BW.  (This is not a consensus method; do not
+ * get confused with the above macros.) */
 #define DEFAULT_MAX_UNMEASURED_BW_KB 20
 
 void dirvote_free_all(void);
@@ -107,8 +137,10 @@ int dirvote_add_signatures(const char *detached_signatures_body,
                            const char **msg_out);
 
 /* Item access */
-const char *dirvote_get_pending_consensus(consensus_flavor_t flav);
-const char *dirvote_get_pending_detached_signatures(void);
+MOCK_DECL(const char*, dirvote_get_pending_consensus,
+          (consensus_flavor_t flav));
+MOCK_DECL(const char*, dirvote_get_pending_detached_signatures, (void));
+
 #define DGV_BY_ID 1
 #define DGV_INCLUDE_PENDING 2
 #define DGV_INCLUDE_PREVIOUS 4
@@ -116,8 +148,7 @@ const cached_dir_t *dirvote_get_vote(const char *fp, int flags);
 void set_routerstatus_from_routerinfo(routerstatus_t *rs,
                                       node_t *node,
                                       routerinfo_t *ri, time_t now,
-                                      int naming, int listbadexits,
-                                      int listbaddirs, int vote_on_hsdirs);
+                                      int listbadexits);
 networkstatus_t *
 dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
                                         authority_cert_t *cert);
@@ -146,6 +177,8 @@ STATIC char *format_networkstatus_vote(crypto_pk_t *private_key,
                                  networkstatus_t *v3_ns);
 STATIC char *dirvote_compute_params(smartlist_t *votes, int method,
                              int total_authorities);
+STATIC char *compute_consensus_package_lines(smartlist_t *votes);
+STATIC char *make_consensus_method_list(int low, int high, const char *sep);
 #endif
 
 #endif
diff --git a/src/or/dns.c b/src/or/dns.c
index b55bf7384e..c7adfbc971 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -11,6 +11,8 @@
  * be nonblocking.)
  **/
 
+#define DNS_PRIVATE
+
 #include "or.h"
 #include "circuitlist.h"
 #include "circuituse.h"
@@ -24,7 +26,7 @@
 #include "relay.h"
 #include "router.h"
 #include "ht.h"
-#include "../common/sandbox.h"
+#include "sandbox.h"
 #ifdef HAVE_EVENT2_DNS_H
 #include <event2/event.h>
 #include <event2/dns.h>
@@ -81,9 +83,6 @@ struct evdns_request;
 
 #endif
 
-/** Longest hostname we're willing to resolve. */
-#define MAX_ADDRESSLEN 256
-
 /** How long will we wait for an answer from the resolver before we decide
  * that the resolver is wedged? */
 #define RESOLVE_MAX_TIMEOUT 300
@@ -102,107 +101,15 @@ static char *resolv_conf_fname = NULL;
  * the nameservers?  Used to check whether we need to reconfigure. */
 static time_t resolv_conf_mtime = 0;
 
-/** Linked list of connections waiting for a DNS answer. */
-typedef struct pending_connection_t {
-  edge_connection_t *conn;
-  struct pending_connection_t *next;
-} pending_connection_t;
-
-/** Value of 'magic' field for cached_resolve_t.  Used to try to catch bad
- * pointers and memory stomping. */
-#define CACHED_RESOLVE_MAGIC 0x1234F00D
-
-/* Possible states for a cached resolve_t */
-/** We are waiting for the resolver system to tell us an answer here.
- * When we get one, or when we time out, the state of this cached_resolve_t
- * will become "DONE" and we'll possibly add a CACHED
- * entry. This cached_resolve_t will be in the hash table so that we will
- * know not to launch more requests for this addr, but rather to add more
- * connections to the pending list for the addr. */
-#define CACHE_STATE_PENDING 0
-/** This used to be a pending cached_resolve_t, and we got an answer for it.
- * Now we're waiting for this cached_resolve_t to expire.  This should
- * have no pending connections, and should not appear in the hash table. */
-#define CACHE_STATE_DONE 1
-/** We are caching an answer for this address. This should have no pending
- * connections, and should appear in the hash table. */
-#define CACHE_STATE_CACHED 2
-
-/** @name status values for a single DNS request.
- *
- * @{ */
-/** The DNS request is in progress. */
-#define RES_STATUS_INFLIGHT 1
-/** The DNS request finished and gave an answer */
-#define RES_STATUS_DONE_OK 2
-/** The DNS request finished and gave an error */
-#define RES_STATUS_DONE_ERR 3
-/**@}*/
-
-/** A DNS request: possibly completed, possibly pending; cached_resolve
- * structs are stored at the OR side in a hash table, and as a linked
- * list from oldest to newest.
- */
-typedef struct cached_resolve_t {
-  HT_ENTRY(cached_resolve_t) node;
-  uint32_t magic;  /**< Must be CACHED_RESOLVE_MAGIC */
-  char address[MAX_ADDRESSLEN]; /**< The hostname to be resolved. */
-
-  union {
-    uint32_t addr_ipv4; /**< IPv4 addr for <b>address</b>, if successful.
-                         * (In host order.) */
-    int err_ipv4; /**< One of DNS_ERR_*, if IPv4 lookup failed. */
-  } result_ipv4; /**< Outcome of IPv4 lookup */
-  union {
-    struct in6_addr addr_ipv6; /**< IPv6 addr for <b>address</b>, if
-                                * successful */
-    int err_ipv6; /**< One of DNS_ERR_*, if IPv6 lookup failed. */
-  } result_ipv6; /**< Outcome of IPv6 lookup, if any */
-  union {
-    char *hostname; /** A hostname, if PTR lookup happened successfully*/
-    int err_hostname; /** One of DNS_ERR_*, if PTR lookup failed. */
-  } result_ptr;
-  /** @name Status fields
-   *
-   * These take one of the RES_STATUS_* values, depending on the state
-   * of the corresponding lookup.
-   *
-   * @{ */
-  unsigned int res_status_ipv4 : 2;
-  unsigned int res_status_ipv6 : 2;
-  unsigned int res_status_hostname : 2;
-  /**@}*/
-  uint8_t state; /**< Is this cached entry pending/done/informative? */
-
-  time_t expire; /**< Remove items from cache after this time. */
-  uint32_t ttl_ipv4; /**< What TTL did the nameserver tell us? */
-  uint32_t ttl_ipv6; /**< What TTL did the nameserver tell us? */
-  uint32_t ttl_hostname; /**< What TTL did the nameserver tell us? */
-  /** Connections that want to know when we get an answer for this resolve. */
-  pending_connection_t *pending_connections;
-  /** Position of this element in the heap*/
-  int minheap_idx;
-} cached_resolve_t;
-
 static void purge_expired_resolves(time_t now);
 static void dns_found_answer(const char *address, uint8_t query_type,
                              int dns_answer,
                              const tor_addr_t *addr,
                              const char *hostname,
                              uint32_t ttl);
-static void send_resolved_cell(edge_connection_t *conn, uint8_t answer_type,
-                               const cached_resolve_t *resolve);
-static int launch_resolve(cached_resolve_t *resolve);
 static void add_wildcarded_test_address(const char *address);
 static int configure_nameservers(int force);
 static int answer_is_wildcarded(const char *ip);
-static int dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
-                            or_circuit_t *oncirc, char **resolved_to_hostname,
-                            int *made_connection_pending_out,
-                            cached_resolve_t **resolve_out);
-static int set_exitconn_info_from_resolve(edge_connection_t *exitconn,
-                                          const cached_resolve_t *resolve,
-                                          char **hostname_out);
 static int evdns_err_is_transient(int err);
 static void inform_pending_connections(cached_resolve_t *resolve);
 static void make_pending_resolve_cached(cached_resolve_t *cached);
@@ -227,7 +134,7 @@ static int dns_is_broken_for_ipv6 = 0;
 
 /** Function to compare hashed resolves on their addresses; used to
  * implement hash tables. */
-static INLINE int
+static inline int
 cached_resolves_eq(cached_resolve_t *a, cached_resolve_t *b)
 {
   /* make this smarter one day? */
@@ -236,7 +143,7 @@ cached_resolves_eq(cached_resolve_t *a, cached_resolve_t *b)
 }
 
 /** Hash function for cached_resolve objects */
-static INLINE unsigned int
+static inline unsigned int
 cached_resolve_hash(cached_resolve_t *a)
 {
   return (unsigned) siphash24g((const uint8_t*)a->address, strlen(a->address));
@@ -244,8 +151,8 @@ cached_resolve_hash(cached_resolve_t *a)
 
 HT_PROTOTYPE(cache_map, cached_resolve_t, node, cached_resolve_hash,
              cached_resolves_eq)
-HT_GENERATE(cache_map, cached_resolve_t, node, cached_resolve_hash,
-            cached_resolves_eq, 0.6, malloc, realloc, free)
+HT_GENERATE2(cache_map, cached_resolve_t, node, cached_resolve_hash,
+             cached_resolves_eq, 0.6, tor_reallocarray_, tor_free_)
 
 /** Initialize the DNS cache. */
 static void
@@ -367,7 +274,7 @@ dns_clip_ttl(uint32_t ttl)
 
 /** Helper: Given a TTL from a DNS response, determine how long to hold it in
  * our cache. */
-static uint32_t
+STATIC uint32_t
 dns_get_expiry_ttl(uint32_t ttl)
 {
   if (ttl < MIN_DNS_TTL)
@@ -605,9 +512,9 @@ purge_expired_resolves(time_t now)
  * answer back along circ; otherwise, send the answer back along
  * <b>conn</b>'s attached circuit.
  */
-static void
-send_resolved_cell(edge_connection_t *conn, uint8_t answer_type,
-                   const cached_resolve_t *resolved)
+MOCK_IMPL(STATIC void,
+send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type,
+                    const cached_resolve_t *resolved))
 {
   char buf[RELAY_PAYLOAD_SIZE], *cp = buf;
   size_t buflen = 0;
@@ -671,8 +578,9 @@ send_resolved_cell(edge_connection_t *conn, uint8_t answer_type,
  * answer back along circ; otherwise, send the answer back along
  * <b>conn</b>'s attached circuit.
  */
-static void
-send_resolved_hostname_cell(edge_connection_t *conn, const char *hostname)
+MOCK_IMPL(STATIC void,
+send_resolved_hostname_cell,(edge_connection_t *conn,
+                             const char *hostname))
 {
   char buf[RELAY_PAYLOAD_SIZE];
   size_t buflen;
@@ -800,11 +708,11 @@ dns_resolve(edge_connection_t *exitconn)
  *
  * Set *<b>resolve_out</b> to a cached resolve, if we found one.
  */
-static int
-dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
+MOCK_IMPL(STATIC int,
+dns_resolve_impl,(edge_connection_t *exitconn, int is_resolve,
                  or_circuit_t *oncirc, char **hostname_out,
                  int *made_connection_pending_out,
-                 cached_resolve_t **resolve_out)
+                 cached_resolve_t **resolve_out))
 {
   cached_resolve_t *resolve;
   cached_resolve_t search;
@@ -947,10 +855,10 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
  * Return -2 on a transient error, -1 on a permenent error, and 1 on
  * a successful lookup.
  */
-static int
-set_exitconn_info_from_resolve(edge_connection_t *exitconn,
-                               const cached_resolve_t *resolve,
-                               char **hostname_out)
+MOCK_IMPL(STATIC int,
+set_exitconn_info_from_resolve,(edge_connection_t *exitconn,
+                                const cached_resolve_t *resolve,
+                                char **hostname_out))
 {
   int ipv4_ok, ipv6_ok, answer_with_ipv4, r;
   uint32_t begincell_flags;
@@ -1145,8 +1053,8 @@ connection_dns_remove(edge_connection_t *conn)
  * the resolve for <b>address</b> itself, and remove any cached results for
  * <b>address</b> from the cache.
  */
-void
-dns_cancel_pending_resolve(const char *address)
+MOCK_IMPL(void,
+dns_cancel_pending_resolve,(const char *address))
 {
   pending_connection_t *pend;
   cached_resolve_t search;
@@ -1218,7 +1126,7 @@ dns_cancel_pending_resolve(const char *address)
 
 /** Return true iff <b>address</b> is one of the addresses we use to verify
  * that well-known sites aren't being hijacked by our DNS servers. */
-static INLINE int
+static inline int
 is_test_address(const char *address)
 {
   const or_options_t *options = get_options();
@@ -1752,8 +1660,8 @@ launch_one_resolve(const char *address, uint8_t query_type,
 /** For eventdns: start resolving as necessary to find the target for
  * <b>exitconn</b>.  Returns -1 on error, -2 on transient error,
  * 0 on "resolve launched." */
-static int
-launch_resolve(cached_resolve_t *resolve)
+MOCK_IMPL(STATIC int,
+launch_resolve,(cached_resolve_t *resolve))
 {
   tor_addr_t a;
   int r;
@@ -2206,5 +2114,18 @@ assert_cache_ok_(void)
       }
     });
 }
+
 #endif
 
+cached_resolve_t
+*dns_get_cache_entry(cached_resolve_t *query)
+{
+  return HT_FIND(cache_map, &cache_root, query);
+}
+
+void
+dns_insert_cache_entry(cached_resolve_t *new_entry)
+{
+  HT_INSERT(cache_map, &cache_root, new_entry);
+}
+
diff --git a/src/or/dns.h b/src/or/dns.h
index 022cd4ac63..b14f7dd29c 100644
--- a/src/or/dns.h
+++ b/src/or/dns.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -20,7 +20,7 @@ int dns_reset(void);
 void connection_dns_remove(edge_connection_t *conn);
 void assert_connection_edge_not_dns_pending(edge_connection_t *conn);
 void assert_all_pending_dns_resolves_ok(void);
-void dns_cancel_pending_resolve(const char *question);
+MOCK_DECL(void,dns_cancel_pending_resolve,(const char *question));
 int dns_resolve(edge_connection_t *exitconn);
 void dns_launch_correctness_checks(void);
 int dns_seems_to_be_broken(void);
@@ -28,5 +28,33 @@ int dns_seems_to_be_broken_for_ipv6(void);
 void dns_reset_correctness_checks(void);
 void dump_dns_mem_usage(int severity);
 
+#ifdef DNS_PRIVATE
+#include "dns_structs.h"
+
+STATIC uint32_t dns_get_expiry_ttl(uint32_t ttl);
+
+MOCK_DECL(STATIC int,dns_resolve_impl,(edge_connection_t *exitconn,
+int is_resolve,or_circuit_t *oncirc, char **hostname_out,
+int *made_connection_pending_out, cached_resolve_t **resolve_out));
+
+MOCK_DECL(STATIC void,send_resolved_cell,(edge_connection_t *conn,
+uint8_t answer_type,const cached_resolve_t *resolved));
+
+MOCK_DECL(STATIC void,send_resolved_hostname_cell,(edge_connection_t *conn,
+const char *hostname));
+
+cached_resolve_t *dns_get_cache_entry(cached_resolve_t *query);
+void dns_insert_cache_entry(cached_resolve_t *new_entry);
+
+MOCK_DECL(STATIC int,
+set_exitconn_info_from_resolve,(edge_connection_t *exitconn,
+                                const cached_resolve_t *resolve,
+                                char **hostname_out));
+
+MOCK_DECL(STATIC int,
+launch_resolve,(cached_resolve_t *resolve));
+
+#endif
+
 #endif
 
diff --git a/src/or/dns_structs.h b/src/or/dns_structs.h
new file mode 100644
index 0000000000..bb67459d7b
--- /dev/null
+++ b/src/or/dns_structs.h
@@ -0,0 +1,90 @@
+#ifndef TOR_DNS_STRUCTS_H
+#define TOR_DNS_STRUCTS_H
+
+/** Longest hostname we're willing to resolve. */
+#define MAX_ADDRESSLEN 256
+
+/** Linked list of connections waiting for a DNS answer. */
+typedef struct pending_connection_t {
+  edge_connection_t *conn;
+  struct pending_connection_t *next;
+} pending_connection_t;
+
+/** Value of 'magic' field for cached_resolve_t.  Used to try to catch bad
+ * pointers and memory stomping. */
+#define CACHED_RESOLVE_MAGIC 0x1234F00D
+
+/* Possible states for a cached resolve_t */
+/** We are waiting for the resolver system to tell us an answer here.
+ * When we get one, or when we time out, the state of this cached_resolve_t
+ * will become "DONE" and we'll possibly add a CACHED
+ * entry. This cached_resolve_t will be in the hash table so that we will
+ * know not to launch more requests for this addr, but rather to add more
+ * connections to the pending list for the addr. */
+#define CACHE_STATE_PENDING 0
+/** This used to be a pending cached_resolve_t, and we got an answer for it.
+ * Now we're waiting for this cached_resolve_t to expire.  This should
+ * have no pending connections, and should not appear in the hash table. */
+#define CACHE_STATE_DONE 1
+/** We are caching an answer for this address. This should have no pending
+ * connections, and should appear in the hash table. */
+#define CACHE_STATE_CACHED 2
+
+/** @name status values for a single DNS request.
+ *
+ * @{ */
+/** The DNS request is in progress. */
+#define RES_STATUS_INFLIGHT 1
+/** The DNS request finished and gave an answer */
+#define RES_STATUS_DONE_OK 2
+/** The DNS request finished and gave an error */
+#define RES_STATUS_DONE_ERR 3
+/**@}*/
+
+/** A DNS request: possibly completed, possibly pending; cached_resolve
+ * structs are stored at the OR side in a hash table, and as a linked
+ * list from oldest to newest.
+ */
+typedef struct cached_resolve_t {
+  HT_ENTRY(cached_resolve_t) node;
+  uint32_t magic;  /**< Must be CACHED_RESOLVE_MAGIC */
+  char address[MAX_ADDRESSLEN]; /**< The hostname to be resolved. */
+
+  union {
+    uint32_t addr_ipv4; /**< IPv4 addr for <b>address</b>, if successful.
+                         * (In host order.) */
+    int err_ipv4; /**< One of DNS_ERR_*, if IPv4 lookup failed. */
+  } result_ipv4; /**< Outcome of IPv4 lookup */
+  union {
+    struct in6_addr addr_ipv6; /**< IPv6 addr for <b>address</b>, if
+                                * successful */
+    int err_ipv6; /**< One of DNS_ERR_*, if IPv6 lookup failed. */
+  } result_ipv6; /**< Outcome of IPv6 lookup, if any */
+  union {
+    char *hostname; /** A hostname, if PTR lookup happened successfully*/
+    int err_hostname; /** One of DNS_ERR_*, if PTR lookup failed. */
+  } result_ptr;
+  /** @name Status fields
+   *
+   * These take one of the RES_STATUS_* values, depending on the state
+   * of the corresponding lookup.
+   *
+   * @{ */
+  unsigned int res_status_ipv4 : 2;
+  unsigned int res_status_ipv6 : 2;
+  unsigned int res_status_hostname : 2;
+  /**@}*/
+  uint8_t state; /**< Is this cached entry pending/done/informative? */
+
+  time_t expire; /**< Remove items from cache after this time. */
+  uint32_t ttl_ipv4; /**< What TTL did the nameserver tell us? */
+  uint32_t ttl_ipv6; /**< What TTL did the nameserver tell us? */
+  uint32_t ttl_hostname; /**< What TTL did the nameserver tell us? */
+  /** Connections that want to know when we get an answer for this resolve. */
+  pending_connection_t *pending_connections;
+  /** Position of this element in the heap*/
+  int minheap_idx;
+} cached_resolve_t;
+
+#endif
+
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index 9b0368dd09..74f17ce78c 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -1,8 +1,9 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
- * \file dnsserv.c \brief Implements client-side DNS proxy server code.  Note:
+ * \file dnsserv.c
+ * \brief Implements client-side DNS proxy server code.  Note:
  * this is the DNS Server code, not the Server DNS code.  Confused?  This code
  * runs on client-side, and acts as a DNS server.  The code in dns.c, on the
  * other hand, runs on Tor servers, and acts as a DNS client.
@@ -123,6 +124,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
   /* Make a new dummy AP connection, and attach the request to it. */
   entry_conn = entry_connection_new(CONN_TYPE_AP, AF_INET);
   conn = ENTRY_TO_EDGE_CONN(entry_conn);
+  CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
   TO_CONN(conn)->state = AP_CONN_STATE_RESOLVE_WAIT;
   conn->is_dns_request = 1;
 
@@ -139,13 +141,13 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
   }
 
   if (q->type == EVDNS_TYPE_A || q->type == EVDNS_QTYPE_ALL) {
-    entry_conn->ipv4_traffic_ok = 1;
-    entry_conn->ipv6_traffic_ok = 0;
-    entry_conn->prefer_ipv6_traffic = 0;
+    entry_conn->entry_cfg.ipv4_traffic = 1;
+    entry_conn->entry_cfg.ipv6_traffic = 0;
+    entry_conn->entry_cfg.prefer_ipv6 = 0;
   } else if (q->type == EVDNS_TYPE_AAAA) {
-    entry_conn->ipv4_traffic_ok = 0;
-    entry_conn->ipv6_traffic_ok = 1;
-    entry_conn->prefer_ipv6_traffic = 1;
+    entry_conn->entry_cfg.ipv4_traffic = 0;
+    entry_conn->entry_cfg.ipv6_traffic = 1;
+    entry_conn->entry_cfg.prefer_ipv6 = 1;
   }
 
   strlcpy(entry_conn->socks_request->address, q->name,
@@ -153,8 +155,8 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
 
   entry_conn->socks_request->listener_type = listener->base_.type;
   entry_conn->dns_server_request = req;
-  entry_conn->isolation_flags = listener->isolation_flags;
-  entry_conn->session_group = listener->session_group;
+  entry_conn->entry_cfg.isolation_flags = listener->entry_cfg.isolation_flags;
+  entry_conn->entry_cfg.session_group = listener->entry_cfg.session_group;
   entry_conn->nym_epoch = get_signewnym_epoch();
 
   if (connection_add(ENTRY_TO_CONN(entry_conn)) < 0) {
@@ -197,6 +199,7 @@ dnsserv_launch_request(const char *name, int reverse,
   /* Make a new dummy AP connection, and attach the request to it. */
   entry_conn = entry_connection_new(CONN_TYPE_AP, AF_INET);
   conn = ENTRY_TO_EDGE_CONN(entry_conn);
+  CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
   conn->base_.state = AP_CONN_STATE_RESOLVE_WAIT;
 
   tor_addr_copy(&TO_CONN(conn)->addr, &control_conn->base_.addr);
@@ -230,9 +233,9 @@ dnsserv_launch_request(const char *name, int reverse,
 
   entry_conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
   entry_conn->original_dest_address = tor_strdup(name);
-  entry_conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
+  entry_conn->entry_cfg.session_group = SESSION_GROUP_CONTROL_RESOLVE;
   entry_conn->nym_epoch = get_signewnym_epoch();
-  entry_conn->isolation_flags = ISO_DEFAULT;
+  entry_conn->entry_cfg.isolation_flags = ISO_DEFAULT;
 
   if (connection_add(TO_CONN(conn))<0) {
     log_warn(LD_APP, "Couldn't register dummy connection for RESOLVE request");
diff --git a/src/or/dnsserv.h b/src/or/dnsserv.h
index 687a77e59e..ad0e248c83 100644
--- a/src/or/dnsserv.h
+++ b/src/or/dnsserv.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 66b7201187..310a948b35 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,6 +12,8 @@
  * circumvention).
  **/
 
+#define ENTRYNODES_PRIVATE
+
 #include "or.h"
 #include "circpathbias.h"
 #include "circuitbuild.h"
@@ -85,7 +87,7 @@ get_entry_guards(void)
 
 /** Check whether the entry guard <b>e</b> is usable, given the directory
  * authorities' opinion about the router (stored in <b>ri</b>) and the user's
- * configuration (in <b>options</b>). Set <b>e</b>-&gt;bad_since
+ * configuration (in <b>options</b>). Set <b>e</b>->bad_since
  * accordingly. Return true iff the entry guard's status changes.
  *
  * If it's not usable, set *<b>reason</b> to a static string explaining why.
@@ -115,6 +117,9 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node,
     *reason = "not recommended as a guard";
   else if (routerset_contains_node(options->ExcludeNodes, node))
     *reason = "excluded";
+  /* We only care about OR connection connectivity for entry guards. */
+  else if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0))
+    *reason = "unreachable by config";
   else if (e->path_bias_disabled)
     *reason = "path-biased";
 
@@ -139,8 +144,7 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node,
   }
 
   if (node) {
-    int is_dir = node_is_dir(node) && node->rs &&
-      node->rs->version_supports_microdesc_cache;
+    int is_dir = node_is_dir(node);
     if (options->UseBridges && node_is_a_configured_bridge(node))
       is_dir = 1;
     if (e->is_dir_cache != is_dir) {
@@ -154,21 +158,41 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node,
 
 /** Return true iff enough time has passed since we last tried to connect
  * to the unreachable guard <b>e</b> that we're willing to try again. */
-static int
-entry_is_time_to_retry(entry_guard_t *e, time_t now)
+STATIC int
+entry_is_time_to_retry(const entry_guard_t *e, time_t now)
 {
-  long diff;
+  struct guard_retry_period_s {
+    time_t period_duration;
+    time_t interval_during_period;
+  };
+
+  struct guard_retry_period_s periods[] = {
+     {    6*60*60,    60*60 }, /* For first 6 hrs., retry hourly; */
+     { 3*24*60*60,  4*60*60 }, /* Then retry every 4 hrs. until the
+                                  3-day mark; */
+     { 7*24*60*60, 18*60*60 }, /* After 3 days, retry every 18 hours until
+                                  1 week mark. */
+     {   TIME_MAX, 36*60*60 }  /* After 1 week, retry every 36 hours. */
+  };
+
+  time_t ith_deadline_for_retry;
+  time_t unreachable_for;
+  unsigned i;
+
   if (e->last_attempted < e->unreachable_since)
     return 1;
-  diff = now - e->unreachable_since;
-  if (diff < 6*60*60)
-    return now > (e->last_attempted + 60*60);
-  else if (diff < 3*24*60*60)
-    return now > (e->last_attempted + 4*60*60);
-  else if (diff < 7*24*60*60)
-    return now > (e->last_attempted + 18*60*60);
-  else
-    return now > (e->last_attempted + 36*60*60);
+
+  unreachable_for = now - e->unreachable_since;
+
+  for (i = 0; i < ARRAY_LENGTH(periods); i++) {
+    if (unreachable_for <= periods[i].period_duration) {
+      ith_deadline_for_retry = e->last_attempted +
+                               periods[i].interval_during_period;
+
+      return (now > ith_deadline_for_retry);
+    }
+  }
+  return 0;
 }
 
 /** Return the node corresponding to <b>e</b>, if <b>e</b> is
@@ -188,12 +212,17 @@ entry_is_time_to_retry(entry_guard_t *e, time_t now)
  * If need_descriptor is true, only return the node if we currently have
  * a descriptor (routerinfo or microdesc) for it.
  */
-static INLINE const node_t *
-entry_is_live(entry_guard_t *e, int need_uptime, int need_capacity,
-              int assume_reachable, int need_descriptor, const char **msg)
+STATIC const node_t *
+entry_is_live(const entry_guard_t *e, entry_is_live_flags_t flags,
+              const char **msg)
 {
   const node_t *node;
   const or_options_t *options = get_options();
+  int need_uptime = (flags & ENTRY_NEED_UPTIME) != 0;
+  int need_capacity = (flags & ENTRY_NEED_CAPACITY) != 0;
+  const int assume_reachable = (flags & ENTRY_ASSUME_REACHABLE) != 0;
+  const int need_descriptor = (flags & ENTRY_NEED_DESCRIPTOR) != 0;
+
   tor_assert(msg);
 
   if (e->path_bias_disabled) {
@@ -242,7 +271,7 @@ entry_is_live(entry_guard_t *e, int need_uptime, int need_capacity,
     *msg = "not fast/stable";
     return NULL;
   }
-  if (!fascist_firewall_allows_node(node)) {
+  if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0)) {
     *msg = "unreachable by config";
     return NULL;
   }
@@ -255,12 +284,18 @@ num_live_entry_guards(int for_directory)
 {
   int n = 0;
   const char *msg;
+  /* Set the entry node attributes we are interested in. */
+  entry_is_live_flags_t entry_flags = ENTRY_NEED_CAPACITY;
+  if (!for_directory) {
+    entry_flags |= ENTRY_NEED_DESCRIPTOR;
+  }
+
   if (! entry_guards)
     return 0;
   SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, entry) {
       if (for_directory && !entry->is_dir_cache)
         continue;
-      if (entry_is_live(entry, 0, 1, 0, !for_directory, &msg))
+      if (entry_is_live(entry, entry_flags, &msg))
         ++n;
   } SMARTLIST_FOREACH_END(entry);
   return n;
@@ -289,7 +324,7 @@ log_entry_guards(int severity)
   SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e)
     {
       const char *msg = NULL;
-      if (entry_is_live(e, 0, 1, 0, 0, &msg))
+      if (entry_is_live(e, ENTRY_NEED_CAPACITY, &msg))
         smartlist_add_asprintf(elements, "%s [%s] (up %s)",
                      e->nickname,
                      hex_str(e->identity, DIGEST_LEN),
@@ -350,7 +385,7 @@ control_event_guard_deferred(void)
  * If <b>chosen</b> is defined, use that one, and if it's not
  * already in our entry_guards list, put it at the *beginning*.
  * Else, put the one we pick at the end of the list. */
-static const node_t *
+STATIC const node_t *
 add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
                    int for_discovery, int for_directory)
 {
@@ -365,10 +400,10 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
         entry->bad_since = 0;
         entry->can_retry = 1;
       }
-      entry->is_dir_cache = node->rs &&
-                            node->rs->version_supports_microdesc_cache;
+      entry->is_dir_cache = node_is_dir(node);
       if (get_options()->UseBridges && node_is_a_configured_bridge(node))
         entry->is_dir_cache = 1;
+
       return NULL;
     }
   } else if (!for_directory) {
@@ -399,8 +434,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
            node_describe(node));
   strlcpy(entry->nickname, node_get_nickname(node), sizeof(entry->nickname));
   memcpy(entry->identity, node->identity, DIGEST_LEN);
-  entry->is_dir_cache = node_is_dir(node) && node->rs &&
-                        node->rs->version_supports_microdesc_cache;
+  entry->is_dir_cache = node_is_dir(node);
   if (get_options()->UseBridges && node_is_a_configured_bridge(node))
     entry->is_dir_cache = 1;
 
@@ -409,7 +443,8 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
    * don't all select them on the same day, and b) avoid leaving a
    * precise timestamp in the state file about when we first picked
    * this guard. For details, see the Jan 2010 or-dev thread. */
-  entry->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30);
+  time_t now = time(NULL);
+  entry->chosen_on_date = crypto_rand_time_range(now - 3600*24*30, now);
   entry->chosen_by_version = tor_strdup(VERSION);
 
   /* Are we picking this guard because all of our current guards are
@@ -437,7 +472,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
 /** Choose how many entry guards or directory guards we'll use. If
  * <b>for_directory</b> is true, we return how many directory guards to
  * use; else we return how many entry guards to use. */
-static int
+STATIC int
 decide_num_guards(const or_options_t *options, int for_directory)
 {
   if (for_directory) {
@@ -538,22 +573,6 @@ remove_obsolete_entry_guards(time_t now)
     } else if (tor_version_parse(ver, &v)) {
       msg = "does not seem to be from any recognized version of Tor";
       version_is_bad = 1;
-    } else {
-      char *tor_ver = NULL;
-      tor_asprintf(&tor_ver, "Tor %s", ver);
-      if ((tor_version_as_new_as(tor_ver, "0.1.0.10-alpha") &&
-           !tor_version_as_new_as(tor_ver, "0.1.2.16-dev")) ||
-          (tor_version_as_new_as(tor_ver, "0.2.0.0-alpha") &&
-           !tor_version_as_new_as(tor_ver, "0.2.0.6-alpha")) ||
-          /* above are bug 440; below are bug 1217 */
-          (tor_version_as_new_as(tor_ver, "0.2.1.3-alpha") &&
-           !tor_version_as_new_as(tor_ver, "0.2.1.23")) ||
-          (tor_version_as_new_as(tor_ver, "0.2.2.0-alpha") &&
-           !tor_version_as_new_as(tor_ver, "0.2.2.7-alpha"))) {
-        msg = "was selected without regard for guard bandwidth";
-        version_is_bad = 1;
-      }
-      tor_free(tor_ver);
     }
     if (!version_is_bad && entry->chosen_on_date + guard_lifetime < now) {
       /* It's been too long since the date listed in our state file. */
@@ -676,7 +695,7 @@ entry_guards_compute_status(const or_options_t *options, time_t now)
     SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, entry) {
       const char *reason = digestmap_get(reasons, entry->identity);
       const char *live_msg = "";
-      const node_t *r = entry_is_live(entry, 0, 1, 0, 0, &live_msg);
+      const node_t *r = entry_is_live(entry, ENTRY_NEED_CAPACITY, &live_msg);
       log_info(LD_CIRC, "Summary: Entry %s [%s] is %s, %s%s%s, and %s%s.",
                entry->nickname,
                hex_str(entry->identity, DIGEST_LEN),
@@ -794,7 +813,9 @@ entry_guard_register_connect_status(const char *digest, int succeeded,
           break;
         if (e->made_contact) {
           const char *msg;
-          const node_t *r = entry_is_live(e, 0, 1, 1, 0, &msg);
+          const node_t *r = entry_is_live(e,
+                     ENTRY_NEED_CAPACITY | ENTRY_ASSUME_REACHABLE,
+                     &msg);
           if (r && e->unreachable_since) {
             refuse_conn = 1;
             e->can_retry = 1;
@@ -847,7 +868,7 @@ update_node_guard_status(void)
 
 /** Adjust the entry guards list so that it only contains entries from
  * EntryNodes, adding new entries from EntryNodes to the list as needed. */
-static void
+STATIC void
 entry_guards_set_from_config(const or_options_t *options)
 {
   smartlist_t *entry_nodes, *worse_entry_nodes, *entry_fps;
@@ -900,7 +921,8 @@ entry_guards_set_from_config(const or_options_t *options)
     } else if (routerset_contains_node(options->ExcludeNodes, node)) {
       SMARTLIST_DEL_CURRENT(entry_nodes, node);
       continue;
-    } else if (!fascist_firewall_allows_node(node)) {
+    } else if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
+                                             0)) {
       SMARTLIST_DEL_CURRENT(entry_nodes, node);
       continue;
     } else if (! node->is_possible_guard) {
@@ -954,49 +976,17 @@ entry_list_is_constrained(const or_options_t *options)
   return 0;
 }
 
-/** Return true iff this node can answer directory questions about
- * microdescriptors. */
-static int
-node_understands_microdescriptors(const node_t *node)
-{
-  tor_assert(node);
-  if (node->rs && node->rs->version_supports_microdesc_cache)
-    return 1;
-  if (node->ri && tor_version_supports_microdescriptors(node->ri->platform))
-    return 1;
-  return 0;
-}
-
-/** Return true iff <b>node</b> is able to answer directory questions
- * of type <b>dirinfo</b>. */
-static int
-node_can_handle_dirinfo(const node_t *node, dirinfo_type_t dirinfo)
-{
-  /* Checking dirinfo for any type other than microdescriptors isn't required
-     yet, since we only choose directory guards that can support microdescs,
-     routerinfos, and networkstatuses, AND we don't use directory guards if
-     we're configured to do direct downloads of anything else. The only case
-     where we might have a guard that doesn't know about a type of directory
-     information is when we're retrieving directory information from a
-     bridge. */
-
-  if ((dirinfo & MICRODESC_DIRINFO) &&
-      !node_understands_microdescriptors(node))
-    return 0;
-  return 1;
-}
-
 /** Pick a live (up and listed) entry guard from entry_guards. If
  * <b>state</b> is non-NULL, this is for a specific circuit --
  * make sure not to pick this circuit's exit or any node in the
  * exit's family. If <b>state</b> is NULL, we're looking for a random
- * guard (likely a bridge).  If <b>dirinfo</b> is not NO_DIRINFO, then
- * only select from nodes that know how to answer directory questions
+ * guard (likely a bridge).  If <b>dirinfo</b> is not NO_DIRINFO (zero),
+ * then only select from nodes that know how to answer directory questions
  * of that type. */
 const node_t *
 choose_random_entry(cpath_build_state_t *state)
 {
-  return choose_random_entry_impl(state, 0, 0, NULL);
+  return choose_random_entry_impl(state, 0, NO_DIRINFO, NULL);
 }
 
 /** Pick a live (up and listed) directory guard from entry_guards for
@@ -1007,47 +997,63 @@ choose_random_dirguard(dirinfo_type_t type)
   return choose_random_entry_impl(NULL, 1, type, NULL);
 }
 
-/** Helper for choose_random{entry,dirguard}. */
-static const node_t *
-choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
-                         dirinfo_type_t dirinfo_type, int *n_options_out)
+/** Filter <b>all_entry_guards</b> for usable entry guards and put them
+ * in <b>live_entry_guards</b>. We filter based on whether the node is
+ * currently alive, and on whether it satisfies the restrictions
+ * imposed by the other arguments of this function.
+ *
+ * We don't place more guards than NumEntryGuards in <b>live_entry_guards</b>.
+ *
+ * If <b>chosen_exit</b> is set, it contains the exit node of this
+ * circuit. Make sure to not use it or its family as an entry guard.
+ *
+ * If <b>need_uptime</b> is set, we are looking for a stable entry guard.
+ * if <b>need_capacity</b> is set, we are looking for a fast entry guard.
+ *
+ * The rest of the arguments are the same as in choose_random_entry_impl().
+ *
+ * Return 1 if we should choose a guard right away. Return 0 if we
+ * should try to add more nodes to our list before deciding on a
+ * guard.
+ */
+STATIC int
+populate_live_entry_guards(smartlist_t *live_entry_guards,
+                           const smartlist_t *all_entry_guards,
+                           const node_t *chosen_exit,
+                           dirinfo_type_t dirinfo_type,
+                           int for_directory,
+                           int need_uptime, int need_capacity)
 {
   const or_options_t *options = get_options();
-  smartlist_t *live_entry_guards = smartlist_new();
-  smartlist_t *exit_family = smartlist_new();
-  const node_t *chosen_exit =
-    state?build_state_get_exit_node(state) : NULL;
   const node_t *node = NULL;
-  int need_uptime = state ? state->need_uptime : 0;
-  int need_capacity = state ? state->need_capacity : 0;
-  int preferred_min, consider_exit_family = 0;
-  int need_descriptor = !for_directory;
   const int num_needed = decide_num_guards(options, for_directory);
+  smartlist_t *exit_family = smartlist_new();
+  int retval = 0;
+  entry_is_live_flags_t entry_flags = 0;
 
-  if (n_options_out)
-    *n_options_out = 0;
+  (void) dirinfo_type;
 
-  if (chosen_exit) {
-    nodelist_add_node_and_family(exit_family, chosen_exit);
-    consider_exit_family = 1;
+  { /* Set the flags we want our entry node to have */
+    if (need_uptime) {
+      entry_flags |= ENTRY_NEED_UPTIME;
+    }
+    if (need_capacity) {
+      entry_flags |= ENTRY_NEED_CAPACITY;
+    }
+    if (!for_directory) {
+      entry_flags |= ENTRY_NEED_DESCRIPTOR;
+    }
   }
 
-  if (!entry_guards)
-    entry_guards = smartlist_new();
-
-  if (should_add_entry_nodes)
-    entry_guards_set_from_config(options);
+  tor_assert(all_entry_guards);
 
-  if (!entry_list_is_constrained(options) &&
-      smartlist_len(entry_guards) < num_needed)
-    pick_entry_guards(options, for_directory);
+  if (chosen_exit) {
+    nodelist_add_node_and_family(exit_family, chosen_exit);
+  }
 
- retry:
-  smartlist_clear(live_entry_guards);
-  SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, entry) {
+  SMARTLIST_FOREACH_BEGIN(all_entry_guards, const entry_guard_t *, entry) {
       const char *msg;
-      node = entry_is_live(entry, need_uptime, need_capacity, 0,
-                           need_descriptor, &msg);
+      node = entry_is_live(entry, entry_flags, &msg);
       if (!node)
         continue; /* down, no point */
       if (for_directory) {
@@ -1056,39 +1062,93 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
       }
       if (node == chosen_exit)
         continue; /* don't pick the same node for entry and exit */
-      if (consider_exit_family && smartlist_contains(exit_family, node))
+      if (smartlist_contains(exit_family, node))
         continue; /* avoid relays that are family members of our exit */
-      if (dirinfo_type != NO_DIRINFO &&
-          !node_can_handle_dirinfo(node, dirinfo_type))
-        continue; /* this node won't be able to answer our dir questions */
-#if 0 /* since EntryNodes is always strict now, this clause is moot */
-      if (options->EntryNodes &&
-          !routerset_contains_node(options->EntryNodes, node)) {
-        /* We've come to the end of our preferred entry nodes. */
-        if (smartlist_len(live_entry_guards))
-          goto choose_and_finish; /* only choose from the ones we like */
-        if (options->StrictNodes) {
-          /* in theory this case should never happen, since
-           * entry_guards_set_from_config() drops unwanted relays */
-          tor_fragile_assert();
-        } else {
-          log_info(LD_CIRC,
-                   "No relays from EntryNodes available. Using others.");
-        }
-      }
-#endif
       smartlist_add(live_entry_guards, (void*)node);
       if (!entry->made_contact) {
         /* Always start with the first not-yet-contacted entry
          * guard. Otherwise we might add several new ones, pick
          * the second new one, and now we've expanded our entry
          * guard list without needing to. */
-        goto choose_and_finish;
+        retval = 1;
+        goto done;
+      }
+      if (smartlist_len(live_entry_guards) >= num_needed) {
+        retval = 1;
+        goto done; /* We picked enough entry guards. Done! */
       }
-      if (smartlist_len(live_entry_guards) >= num_needed)
-        goto choose_and_finish; /* we have enough */
   } SMARTLIST_FOREACH_END(entry);
 
+ done:
+  smartlist_free(exit_family);
+
+  return retval;
+}
+
+/** Pick a node to be used as the entry guard of a circuit.
+ *
+ * If <b>state</b> is set, it contains the information we know about
+ * the upcoming circuit.
+ *
+ * If <b>for_directory</b> is set, we are looking for a directory guard.
+ *
+ * <b>dirinfo_type</b> contains the kind of directory information we
+ * are looking for in our node, or NO_DIRINFO (zero) if we are not
+ * looking for any particular directory information (when set to
+ * NO_DIRINFO, the <b>dirinfo_type</b> filter is ignored).
+ *
+ * If <b>n_options_out</b> is set, we set it to the number of
+ * candidate guard nodes we had before picking a specific guard node.
+ *
+ * On success, return the node that should be used as the entry guard
+ * of the circuit.  Return NULL if no such node could be found.
+ *
+ * Helper for choose_random{entry,dirguard}.
+*/
+static const node_t *
+choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
+                         dirinfo_type_t dirinfo_type, int *n_options_out)
+{
+  const or_options_t *options = get_options();
+  smartlist_t *live_entry_guards = smartlist_new();
+  const node_t *chosen_exit =
+    state?build_state_get_exit_node(state) : NULL;
+  const node_t *node = NULL;
+  int need_uptime = state ? state->need_uptime : 0;
+  int need_capacity = state ? state->need_capacity : 0;
+  int preferred_min = 0;
+  const int num_needed = decide_num_guards(options, for_directory);
+  int retval = 0;
+
+  if (n_options_out)
+    *n_options_out = 0;
+
+  if (!entry_guards)
+    entry_guards = smartlist_new();
+
+  if (should_add_entry_nodes)
+    entry_guards_set_from_config(options);
+
+  if (!entry_list_is_constrained(options) &&
+      smartlist_len(entry_guards) < num_needed)
+    pick_entry_guards(options, for_directory);
+
+ retry:
+  smartlist_clear(live_entry_guards);
+
+  /* Populate the list of live entry guards so that we pick one of
+     them. */
+  retval = populate_live_entry_guards(live_entry_guards,
+                                      entry_guards,
+                                      chosen_exit,
+                                      dirinfo_type,
+                                      for_directory,
+                                      need_uptime, need_capacity);
+
+  if (retval == 1) { /* We should choose a guard right now. */
+    goto choose_and_finish;
+  }
+
   if (entry_list_is_constrained(options)) {
     /* If we prefer the entry nodes we've got, and we have at least
      * one choice, that's great. Use it. */
@@ -1096,7 +1156,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
   } else {
     /* Try to have at least 2 choices available. This way we don't
      * get stuck with a single live-but-crummy entry and just keep
-     * using him.
+     * using it.
      * (We might get 2 live-but-crummy entry guards, but so be it.) */
     preferred_min = 2;
   }
@@ -1127,18 +1187,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
       need_capacity = 0;
       goto retry;
     }
-#if 0
-    /* Removing this retry logic: if we only allow one exit, and it is in the
-       same family as all our entries, then we are just plain not going to win
-       here. */
-    if (!node && entry_list_is_constrained(options) && consider_exit_family) {
-      /* still no? if we're using bridges or have strictentrynodes
-       * set, and our chosen exit is in the same family as all our
-       * bridges/entry guards, then be flexible about families. */
-      consider_exit_family = 0;
-      goto retry;
-    }
-#endif
+
     /* live_entry_guards may be empty below. Oh well, we tried. */
   }
 
@@ -1156,7 +1205,6 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
   if (n_options_out)
     *n_options_out = smartlist_len(live_entry_guards);
   smartlist_free(live_entry_guards);
-  smartlist_free(exit_family);
   return node;
 }
 
@@ -1224,7 +1272,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
                "EntryGuardDownSince/UnlistedSince without EntryGuard");
         break;
       }
-      if (parse_iso_time(line->value, &when)<0) {
+      if (parse_iso_time_(line->value, &when, 0)<0) {
         *msg = tor_strdup("Unable to parse entry nodes: "
                           "Bad time in EntryGuardDownSince/UnlistedSince");
         break;
@@ -1396,8 +1444,9 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
        }
      } else {
        if (state_version) {
+         time_t now = time(NULL);
+         e->chosen_on_date = crypto_rand_time_range(now - 3600*24*30, now);
          e->chosen_by_version = tor_strdup(state_version);
-         e->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30);
        }
      }
      if (e->path_bias_disabled && !e->bad_since)
@@ -1428,6 +1477,13 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
   return *msg ? -1 : 0;
 }
 
+/** How long will we let a change in our guard nodes stay un-saved
+ * when we are trying to avoid disk writes? */
+#define SLOW_GUARD_STATE_FLUSH_TIME 600
+/** How long will we let a change in our guard nodes stay un-saved
+ * when we are not trying to avoid disk writes? */
+#define FAST_GUARD_STATE_FLUSH_TIME 30
+
 /** Our list of entry guards has changed, or some element of one
  * of our entry guards has changed. Write the changes to disk within
  * the next few minutes.
@@ -1438,8 +1494,12 @@ entry_guards_changed(void)
   time_t when;
   entry_guards_dirty = 1;
 
+  if (get_options()->AvoidDiskWrites)
+    when = time(NULL) + SLOW_GUARD_STATE_FLUSH_TIME;
+  else
+    when = time(NULL) + FAST_GUARD_STATE_FLUSH_TIME;
+
   /* or_state_save() will call entry_guards_update_state(). */
-  when = get_options()->AvoidDiskWrites ? time(NULL) + 3600 : time(NULL)+600;
   or_state_mark_dirty(get_or_state(), when);
 }
 
@@ -1560,6 +1620,9 @@ getinfo_helper_entry_guards(control_connection_t *conn,
         } else if (e->bad_since) {
           when = e->bad_since;
           status = "unusable";
+        } else if (e->unreachable_since) {
+          when = e->unreachable_since;
+          status = "down";
         } else {
           status = "up";
         }
@@ -1588,6 +1651,63 @@ getinfo_helper_entry_guards(control_connection_t *conn,
   return 0;
 }
 
+/** Return 0 if we should apply guardfraction information found in the
+ *  consensus. A specific consensus can be specified with the
+ *  <b>ns</b> argument, if NULL the most recent one will be picked.*/
+int
+should_apply_guardfraction(const networkstatus_t *ns)
+{
+  /* We need to check the corresponding torrc option and the consensus
+   * parameter if we need to. */
+  const or_options_t *options = get_options();
+
+  /* If UseGuardFraction is 'auto' then check the same-named consensus
+   * parameter. If the consensus parameter is not present, default to
+   * "off". */
+  if (options->UseGuardFraction == -1) {
+    return networkstatus_get_param(ns, "UseGuardFraction",
+                                   0, /* default to "off" */
+                                   0, 1);
+  }
+
+  return options->UseGuardFraction;
+}
+
+/* Given the original bandwidth of a guard and its guardfraction,
+ * calculate how much bandwidth the guard should have as a guard and
+ * as a non-guard.
+ *
+ * Quoting from proposal236:
+ *
+ *   Let Wpf denote the weight from the 'bandwidth-weights' line a
+ *   client would apply to N for position p if it had the guard
+ *   flag, Wpn the weight if it did not have the guard flag, and B the
+ *   measured bandwidth of N in the consensus.  Then instead of choosing
+ *   N for position p proportionally to Wpf*B or Wpn*B, clients should
+ *   choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
+ *
+ * This function fills the <b>guardfraction_bw</b> structure. It sets
+ * <b>guard_bw</b> to F*B and <b>non_guard_bw</b> to (1-F)*B.
+ */
+void
+guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
+                                  int orig_bandwidth,
+                                  uint32_t guardfraction_percentage)
+{
+  double guardfraction_fraction;
+
+  /* Turn the percentage into a fraction. */
+  tor_assert(guardfraction_percentage <= 100);
+  guardfraction_fraction = guardfraction_percentage / 100.0;
+
+  long guard_bw = tor_lround(guardfraction_fraction * orig_bandwidth);
+  tor_assert(guard_bw <= INT_MAX);
+
+  guardfraction_bw->guard_bw = (int) guard_bw;
+
+  guardfraction_bw->non_guard_bw = orig_bandwidth - (int) guard_bw;
+}
+
 /** A list of configured bridges. Whenever we actually get a descriptor
  * for one, we add it as an entry guard.  Note that the order of bridges
  * in this list does not necessarily correspond to the order of bridges
@@ -1675,7 +1795,7 @@ get_configured_bridge_by_orports_digest(const char *digest,
 }
 
 /** If we have a bridge configured whose digest matches <b>digest</b>, or a
- * bridge with no known digest whose address matches <b>addr</b>:<b>/port</b>,
+ * bridge with no known digest whose address matches <b>addr</b>:<b>port</b>,
  * return that bridge.  Else return NULL. If <b>digest</b> is NULL, check for
  * address/port matches only. */
 static bridge_info_t *
@@ -1698,6 +1818,30 @@ get_configured_bridge_by_addr_port_digest(const tor_addr_t *addr,
   return NULL;
 }
 
+/** If we have a bridge configured whose digest matches <b>digest</b>, or a
+ * bridge with no known digest whose address matches <b>addr</b>:<b>port</b>,
+ * return 1.  Else return 0. If <b>digest</b> is NULL, check for
+ * address/port matches only. */
+int
+addr_is_a_configured_bridge(const tor_addr_t *addr,
+                                uint16_t port,
+                                const char *digest)
+{
+  tor_assert(addr);
+  return get_configured_bridge_by_addr_port_digest(addr, port, digest) ? 1 : 0;
+}
+
+/** If we have a bridge configured whose digest matches
+ * <b>ei->identity_digest</b>, or a bridge with no known digest whose address
+ * matches <b>ei->addr</b>:<b>ei->port</b>, return 1.  Else return 0.
+ * If <b>ei->onion_key</b> is NULL, check for address/port matches only. */
+int
+extend_info_is_a_configured_bridge(const extend_info_t *ei)
+{
+  const char *digest = ei->onion_key ? ei->identity_digest : NULL;
+  return addr_is_a_configured_bridge(&ei->addr, ei->port, digest);
+}
+
 /** Wrapper around get_configured_bridge_by_addr_port_digest() to look
  * it up via router descriptor <b>ri</b>. */
 static bridge_info_t *
@@ -1824,8 +1968,8 @@ bridge_resolve_conflicts(const tor_addr_t *addr, uint16_t port,
 
 /** Return True if we have a bridge that uses a transport with name
  *  <b>transport_name</b>. */
-int
-transport_is_needed(const char *transport_name)
+MOCK_IMPL(int,
+transport_is_needed, (const char *transport_name))
 {
   if (!bridge_list)
     return 0;
@@ -2000,8 +2144,18 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
     return;
   }
 
-  directory_initiate_command(&bridge->addr,
-                             bridge->port, 0/*no dirport*/,
+  /* Until we get a descriptor for the bridge, we only know one address for
+   * it. */
+  if (!fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
+                                            FIREWALL_OR_CONNECTION, 0, 0)) {
+    log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a "
+               "bridge, but that bridge is not reachable through our "
+               "firewall.");
+    return;
+  }
+
+  directory_initiate_command(&bridge->addr, bridge->port,
+                             NULL, 0, /*no dirport*/
                              bridge->identity,
                              DIR_PURPOSE_FETCH_SERVERDESC,
                              ROUTER_PURPOSE_BRIDGE,
@@ -2062,7 +2216,9 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now)
                 !options->UpdateBridgesFromAuthority, !num_bridge_auths);
 
       if (ask_bridge_directly &&
-          !fascist_firewall_allows_address_or(&bridge->addr, bridge->port)) {
+          !fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
+                                                FIREWALL_OR_CONNECTION, 0,
+                                                0)) {
         log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our "
                    "firewall policy. %s.",
                    fmt_addrport(&bridge->addr, bridge->port),
@@ -2089,7 +2245,7 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now)
         log_info(LD_DIR, "Fetching bridge info '%s' from bridge authority.",
                  resource);
         directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC,
-                ROUTER_PURPOSE_BRIDGE, resource, 0);
+                ROUTER_PURPOSE_BRIDGE, resource, 0, DL_WANT_AUTHORITY);
       }
     }
   SMARTLIST_FOREACH_END(bridge);
@@ -2110,6 +2266,7 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
    *   does so through an address from any source other than node_get_addr().
    */
   tor_addr_t addr;
+  const or_options_t *options = get_options();
 
   if (node->ri) {
     routerinfo_t *ri = node->ri;
@@ -2142,9 +2299,15 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
       }
     }
 
-    /* Mark which address to use based on which bridge_t we got. */
-    node->ipv6_preferred = (tor_addr_family(&bridge->addr) == AF_INET6 &&
-                            !tor_addr_is_null(&node->ri->ipv6_addr));
+    if (options->ClientPreferIPv6ORPort == -1) {
+      /* Mark which address to use based on which bridge_t we got. */
+      node->ipv6_preferred = (tor_addr_family(&bridge->addr) == AF_INET6 &&
+                              !tor_addr_is_null(&node->ri->ipv6_addr));
+    } else {
+      /* Mark which address to use based on user preference */
+      node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) &&
+                              !tor_addr_is_null(&node->ri->ipv6_addr));
+    }
 
     /* XXXipv6 we lack support for falling back to another address for
        the same relay, warn the user */
@@ -2153,10 +2316,13 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
       node_get_pref_orport(node, &ap);
       log_notice(LD_CONFIG,
                  "Bridge '%s' has both an IPv4 and an IPv6 address.  "
-                 "Will prefer using its %s address (%s).",
+                 "Will prefer using its %s address (%s) based on %s.",
                  ri->nickname,
-                 tor_addr_family(&ap.addr) == AF_INET6 ? "IPv6" : "IPv4",
-                 fmt_addrport(&ap.addr, ap.port));
+                 node->ipv6_preferred ? "IPv6" : "IPv4",
+                 fmt_addrport(&ap.addr, ap.port),
+                 options->ClientPreferIPv6ORPort == -1 ?
+                 "the configured Bridge address" :
+                 "ClientPreferIPv6ORPort");
     }
   }
   if (node->rs) {
@@ -2199,6 +2365,13 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
       node = node_get_mutable_by_id(ri->cache_info.identity_digest);
       tor_assert(node);
       rewrite_node_address_for_bridge(bridge, node);
+      if (tor_digest_is_zero(bridge->identity)) {
+        memcpy(bridge->identity,ri->cache_info.identity_digest, DIGEST_LEN);
+        log_notice(LD_DIR, "Learned identity %s for bridge at %s:%d",
+                   hex_str(bridge->identity, DIGEST_LEN),
+                   fmt_and_decorate_addr(&bridge->addr),
+                   (int) bridge->port);
+      }
       add_an_entry_guard(node, 1, 1, 0, 0);
 
       log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s", ri->nickname,
@@ -2255,7 +2428,9 @@ entries_retry_helper(const or_options_t *options, int act)
   SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) {
       node = node_get_by_id(e->identity);
       if (node && node_has_descriptor(node) &&
-          node_is_bridge(node) == need_bridges) {
+          node_is_bridge(node) == need_bridges &&
+          (!need_bridges || (!e->bad_since &&
+                             node_is_a_configured_bridge(node)))) {
         any_known = 1;
         if (node->is_running)
           any_running = 1; /* some entry is both known and running */
@@ -2309,11 +2484,9 @@ any_bridge_supports_microdescriptors(void)
   SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) {
     node = node_get_by_id(e->identity);
     if (node && node->is_running &&
-        node_is_bridge(node) && node_is_a_configured_bridge(node) &&
-        node_understands_microdescriptors(node)) {
+        node_is_bridge(node) && node_is_a_configured_bridge(node)) {
       /* This is one of our current bridges, and we know enough about
-       * it to know that it will be able to answer our microdescriptor
-       * questions. */
+       * it to know that it will be able to answer our questions. */
        return 1;
     }
   } SMARTLIST_FOREACH_END(e);
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index e229f3b79a..247c80940e 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -77,6 +77,38 @@ int num_live_entry_guards(int for_directory);
 
 #endif
 
+#ifdef ENTRYNODES_PRIVATE
+STATIC const node_t *add_an_entry_guard(const node_t *chosen,
+                                        int reset_status, int prepend,
+                                        int for_discovery, int for_directory);
+
+STATIC int populate_live_entry_guards(smartlist_t *live_entry_guards,
+                                      const smartlist_t *all_entry_guards,
+                                      const node_t *chosen_exit,
+                                      dirinfo_type_t dirinfo_type,
+                                      int for_directory,
+                                      int need_uptime, int need_capacity);
+STATIC int decide_num_guards(const or_options_t *options, int for_directory);
+
+STATIC void entry_guards_set_from_config(const or_options_t *options);
+
+/** Flags to be passed to entry_is_live() to indicate what kind of
+ * entry nodes we are looking for. */
+typedef enum {
+  ENTRY_NEED_UPTIME = 1<<0,
+  ENTRY_NEED_CAPACITY = 1<<1,
+  ENTRY_ASSUME_REACHABLE = 1<<2,
+  ENTRY_NEED_DESCRIPTOR = 1<<3,
+} entry_is_live_flags_t;
+
+STATIC const node_t *entry_is_live(const entry_guard_t *e,
+                                   entry_is_live_flags_t flags,
+                                   const char **msg);
+
+STATIC int entry_is_time_to_retry(const entry_guard_t *e, time_t now);
+
+#endif
+
 void remove_all_entry_guards(void);
 
 void entry_guards_compute_status(const or_options_t *options, time_t now);
@@ -95,6 +127,9 @@ int getinfo_helper_entry_guards(control_connection_t *conn,
 void mark_bridge_list(void);
 void sweep_bridge_list(void);
 
+int addr_is_a_configured_bridge(const tor_addr_t *addr, uint16_t port,
+                                const char *digest);
+int extend_info_is_a_configured_bridge(const extend_info_t *ei);
 int routerinfo_is_a_configured_bridge(const routerinfo_t *ri);
 int node_is_a_configured_bridge(const node_t *node);
 void learned_router_identity(const tor_addr_t *addr, uint16_t port,
@@ -122,11 +157,27 @@ struct transport_t;
 int get_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port,
                                       const struct transport_t **transport);
 
-int transport_is_needed(const char *transport_name);
+MOCK_DECL(int, transport_is_needed, (const char *transport_name));
 int validate_pluggable_transports_config(void);
 
 double pathbias_get_close_success_count(entry_guard_t *guard);
 double pathbias_get_use_success_count(entry_guard_t *guard);
 
+/** Contains the bandwidth of a relay as a guard and as a non-guard
+ *  after the guardfraction has been considered. */
+typedef struct guardfraction_bandwidth_t {
+  /** Bandwidth as a guard after guardfraction has been considered. */
+  int guard_bw;
+  /** Bandwidth as a non-guard after guardfraction has been considered. */
+  int non_guard_bw;
+} guardfraction_bandwidth_t;
+
+int should_apply_guardfraction(const networkstatus_t *ns);
+
+void
+guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
+                                  int orig_bandwidth,
+                                  uint32_t guardfraction_percentage);
+
 #endif
 
diff --git a/src/or/eventdns_tor.h b/src/or/eventdns_tor.h
index 69662281bc..5db09ae043 100644
--- a/src/or/eventdns_tor.h
+++ b/src/or/eventdns_tor.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_EVENTDNS_TOR_H
@@ -12,9 +12,6 @@ typedef unsigned int uint;
 #ifndef HAVE_U_CHAR
 typedef unsigned char u_char;
 #endif
-#ifdef _WIN32
-#define inline __inline
-#endif
 #include "torint.h"
 
 /* These are for debugging possible memory leaks. */
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 9b550ee90e..aa1b3e26fe 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -151,7 +151,7 @@ init_ext_or_cookie_authentication(int is_enabled)
 }
 
 /** Read data from <b>conn</b> and see if the client sent us the
- *  authentication type that she prefers to use in this session.
+ *  authentication type that they prefer to use in this session.
  *
  *  Return -1 if we received corrupted data or if we don't support the
  *  authentication type. Return 0 if we need more data in
@@ -178,7 +178,7 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
   return 1;
 }
 
-/** DOCDOC */
+/* DOCDOC */
 STATIC int
 handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
                          char **client_hash_out,
@@ -193,8 +193,7 @@ handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
     return -1;
 
   /* Get our nonce */
-  if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) < 0)
-    return -1;
+  crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
 
   { /* set up macs */
     size_t hmac_s_msg_len = strlen(EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST) +
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index ce45e5f418..33d954e8d0 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef EXT_ORPORT_H
diff --git a/src/or/fallback_dirs.inc b/src/or/fallback_dirs.inc
new file mode 100644
index 0000000000..cc37e5f9af
--- /dev/null
+++ b/src/or/fallback_dirs.inc
@@ -0,0 +1,370 @@
+/* Whitelist & blacklist excluded 1326 of 1513 candidates. */
+/* To comment-out entries in this file, use C comments, and add * to the start of each line. (stem finds fallback entries using " at the start of a line.) */
+/* Checked IPv4 DirPorts served a consensus within 15.0s. */
+/*
+Final Count: 151 (Eligible 187, Target 392 (1963 * 0.20), Max 200)
+Excluded: 36 (Same Operator 27, Failed/Skipped Download 9, Excess 0)
+Bandwidth Range: 1.3 - 40.0 MByte/s
+*/
+/*
+Onionoo Source: details Date: 2017-05-16 07:00:00 Version: 4.0
+URL: https:onionoo.torproject.orgdetails?fields=fingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&flag=V2Dir&type=relay&last_seen_days=-0&first_seen_days=30-
+*/
+/*
+Onionoo Source: uptime Date: 2017-05-16 07:00:00 Version: 4.0
+URL: https:onionoo.torproject.orguptime?first_seen_days=30-&flag=V2Dir&type=relay&last_seen_days=-0
+*/
+"176.10.104.240:80 orport=443 id=0111BA9B604669E636FFD5B503F382A4B7AD6E80"
+" weight=10",
+"193.171.202.146:9030 orport=9001 id=01A9258A46E97FF8B2CAC7910577862C14F2C524"
+" weight=10",
+"185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E"
+" weight=10",
+"185.97.32.18:9030 orport=9001 id=04250C3835019B26AA6764E85D836088BE441088"
+" weight=10",
+"5.9.110.236:9030 orport=9001 id=0756B7CD4DFC8182BE23143FAC0642F515182CEB"
+" ipv6=[2a01:4f8:162:51e2::2]:9001"
+" weight=10",
+"109.163.234.8:80 orport=443 id=0818DAE0E2DDF795AEDEAC60B15E71901084F281"
+" weight=10",
+"163.172.149.155:80 orport=443 id=0B85617241252517E8ECF2CFC7F4C1A32DCD153F"
+" weight=10",
+"5.39.92.199:80 orport=443 id=0BEA4A88D069753218EAAAD6D22EA87B9A1319D6"
+" ipv6=[2001:41d0:8:b1c7::1]:443"
+" weight=10",
+"178.62.197.82:80 orport=443 id=0D3EBA17E1C78F1E9900BABDB23861D46FCAF163"
+" weight=10",
+"185.100.86.100:80 orport=443 id=0E8C0C8315B66DB5F703804B3889A1DD66C67CE0"
+" weight=10",
+"95.85.8.226:80 orport=443 id=1211AC1BBB8A1AF7CBA86BCE8689AA3146B86423"
+" weight=10",
+"193.11.114.43:9030 orport=9001 id=12AD30E5D25AA67F519780E2111E611A455FDC89"
+" ipv6=[2001:6b0:30:1000::99]:9050"
+" weight=10",
+"37.157.195.87:8030 orport=443 id=12FD624EE73CEF37137C90D38B2406A66F68FAA2"
+" weight=10",
+"178.16.208.59:80 orport=443 id=136F9299A5009A4E0E96494E723BDB556FB0A26B"
+" ipv6=[2a00:1c20:4089:1234:bff6:e1bb:1ce3:8dc6]:443"
+" weight=10",
+"144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB"
+" ipv6=[2a01:4f8:190:9490::dead]:443"
+" weight=10",
+"178.62.60.37:80 orport=443 id=175921396C7C426309AB03775A9930B6F611F794"
+" weight=10",
+"204.11.50.131:9030 orport=9001 id=185F2A57B0C4620582602761097D17DB81654F70"
+" weight=10",
+"5.9.158.75:80 orport=443 id=1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA"
+" ipv6=[2a01:4f8:190:514a::2]:443"
+" weight=10",
+"46.101.151.222:80 orport=443 id=1DBAED235E3957DE1ABD25B4206BE71406FB61F8"
+" weight=10",
+"91.219.237.229:80 orport=443 id=1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7"
+" weight=10",
+"212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68"
+" ipv6=[2001:bc8:4400:2100::f03]:9001"
+" weight=10",
+"144.76.163.93:9030 orport=9001 id=22F08CF09764C4E8982640D77F71ED72FF26A9AC"
+" weight=10",
+"163.172.176.167:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207"
+" weight=10",
+"37.200.98.5:80 orport=443 id=231C2B9C8C31C295C472D031E06964834B745996"
+" ipv6=[2a00:1158:3::11a]:993"
+" weight=10",
+"212.47.240.10:82 orport=443 id=2A4C448784F5A83AFE6C78DA357D5E31F7989DEB"
+" weight=10",
+"144.76.26.175:9012 orport=9011 id=2BA2C8E96B2590E1072AECE2BDB5C48921BF8510"
+" weight=10",
+"97.74.237.196:9030 orport=9001 id=2F0F32AB1E5B943CA7D062C03F18960C86E70D94"
+" weight=10",
+"107.170.101.39:9030 orport=443 id=30973217E70AF00EBE51797FF6D9AA720A902EAA"
+" weight=10",
+"64.113.32.29:9030 orport=9001 id=30C19B81981F450C402306E2E7CFB6C3F79CB6B2"
+" weight=10",
+"212.83.154.33:8080 orport=8443 id=322C6E3A973BC10FC36DE3037AD27BC89F14723B"
+" weight=10",
+"109.105.109.162:52860 orport=60784 id=32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F"
+" ipv6=[2001:948:7:2::163]:5001"
+" weight=10",
+"163.172.13.165:9030 orport=9001 id=33DA0CAB7C27812EFF2E22C9705630A54D101FEB"
+" ipv6=[2001:bc8:38cb:201::8]:9001"
+" weight=10",
+"217.79.190.25:9030 orport=9090 id=361D33C96D0F161275EE67E2C91EE10B276E778B"
+" weight=10",
+"37.187.22.87:9030 orport=9001 id=36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400"
+" ipv6=[2001:41d0:a:1657::1]:9001"
+" weight=10",
+"62.210.92.11:9130 orport=9101 id=387B065A38E4DAA16D9D41C2964ECBC4B31D30FF"
+" ipv6=[2001:bc8:338c::1]:9101"
+" weight=10",
+"198.50.191.95:80 orport=443 id=39F096961ED2576975C866D450373A9913AFDC92"
+" weight=10",
+"164.132.77.175:9030 orport=9001 id=3B33F6FCA645AD4E91428A3AF7DC736AD9FB727B"
+" weight=10",
+"212.47.230.49:9030 orport=9001 id=3D6D0771E54056AEFC28BB1DE816951F11826E97"
+" weight=10",
+"176.10.107.180:9030 orport=9001 id=3D7E274A87D9A89AF064C13D1EE4CA1F184F2600"
+" weight=10",
+"217.79.179.177:9030 orport=9001 id=3E53D3979DB07EFD736661C934A1DED14127B684"
+" ipv6=[2001:4ba0:fff9:131:6c4f::90d3]:9001"
+" weight=10",
+"178.62.86.96:9030 orport=9001 id=439D0447772CB107B886F7782DBC201FA26B92D1"
+" ipv6=[2a03:b0c0:1:d0::3cf:7001]:9050"
+" weight=10",
+"163.172.157.213:8080 orport=443 id=4623A9EC53BFD83155929E56D6F7B55B5E718C24"
+" weight=10",
+"31.31.78.49:80 orport=443 id=46791D156C9B6C255C2665D4D8393EC7DBAA7798"
+" weight=10",
+"69.162.139.9:9030 orport=9001 id=4791FC0692EAB60DF2BCCAFF940B95B74E7654F6"
+" ipv6=[2607:f128:40:1212::45a2:8b09]:9001"
+" weight=10",
+"51.254.246.203:9030 orport=9001 id=47B596B81C9E6277B98623A84B7629798A16E8D5"
+" weight=10",
+"37.187.102.186:9030 orport=9001 id=489D94333DF66D57FFE34D9D59CC2D97E2CB0053"
+" ipv6=[2001:41d0:a:26ba::1]:9001"
+" weight=10",
+"188.165.194.195:9030 orport=9001 id=49E7AD01BB96F6FE3AB8C3B15BD2470B150354DF"
+" weight=10",
+"62.102.148.67:80 orport=443 id=4A0C3E177AF684581EF780981AEAF51A98A6B5CF"
+" weight=10",
+"51.254.101.242:9002 orport=9001 id=4CC9CC9195EC38645B699A33307058624F660CCF"
+" weight=10",
+"81.7.16.182:80 orport=443 id=51E1CF613FD6F9F11FE24743C91D6F9981807D82"
+" ipv6=[2a02:180:1:1::517:10b6]:993"
+" weight=10",
+"94.23.204.175:9030 orport=9001 id=5665A3904C89E22E971305EE8C1997BCA4123C69"
+" weight=10",
+"95.130.12.119:80 orport=443 id=587E0A9552E4274B251F29B5B2673D38442EE4BF"
+" weight=10",
+"185.21.100.50:9030 orport=9001 id=58ED9C9C35E433EE58764D62892B4FFD518A3CD0"
+" ipv6=[2a00:1158:2:cd00:0:74:6f:72]:443"
+" weight=10",
+"78.142.142.246:80 orport=443 id=5A5E03355C1908EBF424CAF1F3ED70782C0D2F74"
+" weight=10",
+"120.29.217.46:80 orport=443 id=5E853C94AB1F655E9C908924370A0A6707508C62"
+" weight=10",
+"109.163.234.5:80 orport=443 id=5EB8D862E70981B8690DEDEF546789E26AB2BD24"
+" weight=10",
+"95.128.43.164:80 orport=443 id=616081EC829593AF4232550DE6FFAA1D75B37A90"
+" ipv6=[2a02:ec0:209:10::4]:443"
+" weight=10",
+"163.172.139.104:8080 orport=443 id=68F175CCABE727AA2D2309BCD8789499CEE36ED7"
+" weight=10",
+"85.214.62.48:80 orport=443 id=6A7551EEE18F78A9813096E82BF84F740D32B911"
+" weight=10",
+"80.127.137.19:80 orport=443 id=6EF897645B79B6CB35E853B32506375014DE3621"
+" ipv6=[2001:981:47c1:1::6]:443"
+" weight=10",
+"95.183.48.12:80 orport=443 id=7187CED1A3871F837D0E60AC98F374AC541CB0DA"
+" weight=10",
+"85.214.151.72:9030 orport=9001 id=722D365140C8C52DBB3C9FF6986E3CEFFE2BA812"
+" weight=10",
+"85.235.250.88:80 orport=443 id=72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE"
+" weight=10",
+"176.31.191.26:80 orport=443 id=7350AB9ED7568F22745198359373C04AC783C37C"
+" weight=10",
+"134.119.36.135:80 orport=443 id=763C9556602BD6207771A7A3D958091D44C43228"
+" ipv6=[2a00:1158:3::2a8]:993"
+" weight=10",
+"188.166.133.133:9030 orport=9001 id=774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7"
+" ipv6=[2a03:b0c0:2:d0::5:f001]:9001"
+" weight=10",
+"81.30.158.213:9030 orport=9001 id=789EA6C9AE9ADDD8760903171CFA9AC5741B0C70"
+" ipv6=[2001:4ba0:cafe:e84::1]:9001"
+" weight=10",
+"171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576"
+" weight=10",
+"82.223.21.74:9030 orport=9001 id=7A32C9519D80CA458FC8B034A28F5F6815649A98"
+" ipv6=[2001:470:53e0::cafe]:9050"
+" weight=10",
+"51.254.136.195:80 orport=443 id=7BB70F8585DFC27E75D692970C0EEB0F22983A63"
+" weight=10",
+"193.11.114.45:9031 orport=9002 id=80AAF8D5956A43C197104CEF2550CD42D165C6FB"
+" weight=10",
+"192.160.102.164:80 orport=9001 id=823AA81E277F366505545522CEDC2F529CE4DC3F"
+" ipv6=[2605:e200:d00c:c01d::1111]:9002"
+" weight=10",
+"192.87.28.82:9030 orport=9001 id=844AE9CAD04325E955E2BE1521563B79FE7094B7"
+" weight=10",
+"188.166.23.127:80 orport=443 id=8672E8A01B4D3FA4C0BBE21C740D4506302EA487"
+" ipv6=[2a03:b0c0:2:d0::27b:7001]:9050"
+" weight=10",
+"93.180.156.84:9030 orport=9001 id=8844D87E9B038BE3270938F05AF797E1D3C74C0F"
+" weight=10",
+"212.47.241.21:80 orport=443 id=892F941915F6A0C6E0958E52E0A9685C190CF45C"
+" weight=10",
+"163.172.194.53:9030 orport=9001 id=8C00FA7369A7A308F6A137600F0FA07990D9D451"
+" ipv6=[2001:bc8:225f:142:6c69:7461:7669:73]:9001"
+" weight=10",
+"178.254.44.135:9030 orport=9001 id=8FA37B93397015B2BC5A525C908485260BE9F422"
+" weight=10",
+"151.80.42.103:9030 orport=9001 id=9007C1D8E4F03D506A4A011B907A9E8D04E3C605"
+" ipv6=[2001:41d0:e:f67::114]:9001"
+" weight=10",
+"173.255.245.116:9030 orport=9001 id=91E4015E1F82DAF0121D62267E54A1F661AB6DC7"
+" weight=10",
+"51.255.41.65:9030 orport=9001 id=9231DF741915AA1630031A93026D88726877E93A"
+" weight=10",
+"178.16.208.57:80 orport=443 id=92CFD9565B24646CAC2D172D3DB503D69E777B8A"
+" ipv6=[2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f]:443"
+" weight=10",
+"91.219.237.244:80 orport=443 id=92ECC9E0E2AF81BB954719B189AC362E254AD4A5"
+" weight=10",
+"204.8.156.142:80 orport=443 id=94C4B7B8C50C86A92B6A20107539EE2678CF9A28"
+" weight=10",
+"163.172.223.200:80 orport=443 id=998BF3ED7F70E33D1C307247B9626D9E7573C438"
+" weight=10",
+"81.7.10.93:31336 orport=31337 id=99E246DB480B313A3012BC3363093CC26CD209C7"
+" weight=10",
+"91.229.20.27:9030 orport=9001 id=9A0D54D3A6D2E0767596BF1515E6162A75B3293F"
+" weight=10",
+"66.111.2.20:9030 orport=9001 id=9A68B85A02318F4E7E87F2828039FBD5D75B0142"
+" weight=10",
+"185.100.86.128:9030 orport=9001 id=9B31F1F1C1554F9FFB3455911F82E818EF7C7883"
+" weight=10",
+"5.9.151.241:9030 orport=4223 id=9BF04559224F0F1C3C953D641F1744AF0192543A"
+" ipv6=[2a01:4f8:190:34f0::2]:4223"
+" weight=10",
+"86.105.212.130:9030 orport=443 id=9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022"
+" weight=10",
+"178.254.20.134:80 orport=443 id=9F5068310818ED7C70B0BC4087AB55CB12CB4377"
+" weight=10",
+"46.28.110.244:80 orport=443 id=9F7D6E6420183C2B76D3CE99624EBC98A21A967E"
+" weight=10",
+"91.121.84.137:4952 orport=4052 id=9FBEB75E8BC142565F12CBBE078D63310236A334"
+" ipv6=[2001:41d0:1:8989::1]:4052"
+" weight=10",
+"178.62.22.36:80 orport=443 id=A0766C0D3A667A3232C7D569DE94A28F9922FCB1"
+" ipv6=[2a03:b0c0:1:d0::174:1]:9050"
+" weight=10",
+"171.25.193.77:80 orport=443 id=A10C4F666D27364036B562823E5830BC448E046A"
+" ipv6=[2001:67c:289c:3::77]:443"
+" weight=10",
+"171.25.193.78:80 orport=443 id=A478E421F83194C114F41E94F95999672AED51FE"
+" ipv6=[2001:67c:289c:3::78]:443"
+" weight=10",
+"163.172.149.122:80 orport=443 id=A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2"
+" weight=10",
+"192.34.63.137:9030 orport=443 id=ABCB4965F1FEE193602B50A365425105C889D3F8"
+" weight=10",
+"109.163.234.9:80 orport=443 id=ABF7FBF389C9A747938B639B20E80620B460B2A9"
+" weight=10",
+"86.59.119.88:80 orport=443 id=ACD889D86E02EDDAB1AFD81F598C0936238DC6D0"
+" weight=10",
+"185.129.62.62:9030 orport=9001 id=ACDD9E85A05B127BA010466C13C8C47212E8A38F"
+" ipv6=[2a06:d380:0:3700::62]:9001"
+" weight=10",
+"163.172.131.88:80 orport=443 id=AD253B49E303C6AB1E048B014392AC569E8A7DAE"
+" ipv6=[2001:bc8:4400:2100::2:1009]:443"
+" weight=10",
+"31.185.104.20:80 orport=443 id=ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D"
+" weight=10",
+"37.187.7.74:80 orport=443 id=AEA43CB1E47BE5F8051711B2BF01683DB1568E05"
+" ipv6=[2001:41d0:a:74a::1]:443"
+" weight=10",
+"46.28.205.170:80 orport=443 id=AF322D83A4D2048B22F7F1AF5F38AFF4D09D0B76"
+" weight=10",
+"5.9.147.226:9030 orport=9001 id=B0553175AADB0501E5A61FC61CEA3970BE130FF2"
+" weight=10",
+"212.129.62.232:80 orport=443 id=B143D439B72D239A419F8DCE07B8A8EB1B486FA7"
+" weight=10",
+"198.199.64.217:80 orport=443 id=B1D81825CFD7209BD1B4520B040EF5653C204A23"
+" ipv6=[2604:a880:400:d0::1a9:b001]:9050"
+" weight=10",
+"136.243.214.137:80 orport=443 id=B291D30517D23299AD7CEE3E60DFE60D0E3A4664"
+" weight=10",
+"178.16.208.60:80 orport=443 id=B44FBE5366AD98B46D829754FA4AC599BAE41A6A"
+" ipv6=[2a00:1c20:4089:1234:67bc:79f3:61c0:6e49]:443"
+" weight=10",
+"93.115.97.242:9030 orport=9001 id=B5212DB685A2A0FCFBAE425738E478D12361710D"
+" weight=10",
+"81.2.209.10:443 orport=80 id=B6904ADD4C0D10CDA7179E051962350A69A63243"
+" ipv6=[2001:15e8:201:1::d10a]:80"
+" weight=10",
+"193.11.114.46:9032 orport=9003 id=B83DC1558F0D34353BB992EF93AFEAFDB226A73E"
+" weight=10",
+"85.248.227.164:444 orport=9002 id=B84F248233FEA90CAD439F292556A3139F6E1B82"
+" ipv6=[2a00:1298:8011:212::164]:9004"
+" weight=10",
+"89.163.247.43:9030 orport=9001 id=BC7ACFAC04854C77167C7D66B7E471314ED8C410"
+" ipv6=[2001:4ba0:fff7:25::5]:9001"
+" weight=10",
+"198.96.155.3:8080 orport=5001 id=BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E"
+" weight=10",
+"128.199.55.207:9030 orport=9001 id=BCEF908195805E03E92CCFE669C48738E556B9C5"
+" ipv6=[2a03:b0c0:2:d0::158:3001]:9001"
+" weight=10",
+"185.35.202.221:9030 orport=9001 id=C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08"
+" ipv6=[2a02:ed06::221]:9001"
+" weight=10",
+"213.239.217.18:1338 orport=1337 id=C37BC191AC389179674578C3E6944E925FE186C2"
+" ipv6=[2a01:4f8:a0:746a:101:1:1:1]:1337"
+" weight=10",
+"188.138.112.60:1433 orport=1521 id=C414F28FD2BEC1553024299B31D4E726BEB8E788"
+" weight=10",
+"85.248.227.163:443 orport=9001 id=C793AB88565DDD3C9E4C6F15CCB9D8C7EF964CE9"
+" ipv6=[2a00:1298:8011:212::163]:9003"
+" weight=10",
+"178.62.199.226:80 orport=443 id=CBEFF7BA4A4062045133C053F2D70524D8BBE5BE"
+" ipv6=[2a03:b0c0:2:d0::b7:5001]:443"
+" weight=10",
+"134.119.3.164:9030 orport=9001 id=D1B8AAA98C65F3DF7D8BB3AF881CAEB84A33D8EE"
+" weight=10",
+"31.171.155.108:9030 orport=9001 id=D3E5EDDBE5159388704D6785BE51930AAFACEC6F"
+" weight=10",
+"37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A"
+" weight=10",
+"166.82.21.200:9030 orport=9029 id=D5C33F3E203728EDF8361EA868B2939CCC43FAFB"
+" weight=10",
+"185.14.185.240:9030 orport=443 id=D62FB817B0288085FAC38A6DC8B36DCD85B70260"
+" weight=10",
+"46.101.169.151:9030 orport=9001 id=D760C5B436E42F93D77EF2D969157EEA14F9B39C"
+" ipv6=[2a03:b0c0:3:d0::74f:a001]:9001"
+" weight=10",
+"46.4.111.124:9030 orport=9001 id=D9065F9E57899B3D272AA212317AF61A9B14D204"
+" weight=10",
+"193.35.52.53:9030 orport=9001 id=DAA39FC00B196B353C2A271459C305C429AF09E4"
+" weight=10",
+"178.33.183.251:80 orport=443 id=DD823AFB415380A802DCAEB9461AE637604107FB"
+" ipv6=[2001:41d0:2:a683::251]:443"
+" weight=10",
+"178.62.173.203:9030 orport=9001 id=DD85503F2D1F52EF9EAD621E942298F46CD2FC10"
+" ipv6=[2a03:b0c0:0:1010::a4:b001]:9001"
+" weight=10",
+"5.34.183.205:80 orport=443 id=DDD7871C1B7FA32CB55061E08869A236E61BDDF8"
+" weight=10",
+"78.24.75.53:9030 orport=9001 id=DEB73705B2929AE9BE87091607388939332EF123"
+" weight=10",
+"92.222.38.67:80 orport=443 id=DED6892FF89DBD737BA689698A171B2392EB3E82"
+" weight=10",
+"166.70.207.2:9030 orport=9001 id=E3DB2E354B883B59E8DC56B3E7A353DDFD457812"
+" weight=10",
+"46.252.26.2:45212 orport=49991 id=E589316576A399C511A9781A73DA4545640B479D"
+" weight=10",
+"167.114.35.28:9030 orport=9001 id=E65D300F11E1DB12C534B0146BDAB6972F1A8A48"
+" weight=10",
+"131.188.40.188:443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8"
+" weight=10",
+"192.87.28.28:9030 orport=9001 id=ED2338CAC2711B3E331392E1ED2831219B794024"
+" weight=10",
+"192.99.212.139:80 orport=443 id=F10BDE279AE71515DDCCCC61DC19AC8765F8A3CC"
+" weight=10",
+"212.238.208.48:9030 orport=9001 id=F406219CDD339026D160E53FCA0EF6857C70F109"
+" ipv6=[2001:984:a8fb:1:ba27:ebff:feac:c109]:9001"
+" weight=10",
+"46.28.207.141:80 orport=443 id=F69BED36177ED727706512BA6A97755025EEA0FB"
+" weight=10",
+"78.47.18.110:443 orport=80 id=F8D27B163B9247B232A2EEE68DD8B698695C28DE"
+" weight=10",
+"178.254.13.126:80 orport=443 id=F9246DEF2B653807236DA134F2AEAB103D58ABFE"
+" weight=10",
+"185.96.180.29:80 orport=443 id=F93D8F37E35C390BCAD9F9069E13085B745EC216"
+" weight=10",
+"86.59.119.83:80 orport=443 id=FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B"
+" weight=10",
+"192.187.124.98:9030 orport=9001 id=FD1871854BFC06D7B02F10742073069F0528B5CC"
+" weight=10",
+"149.56.45.200:9030 orport=9001 id=FE296180018833AF03A8EACD5894A614623D3F76"
+" weight=10",
+"193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07"
+" ipv6=[2001:6b0:7:125::243]:9001"
+" weight=10",
diff --git a/src/or/fp_pair.c b/src/or/fp_pair.c
index 55e4c89a42..53b311e580 100644
--- a/src/or/fp_pair.c
+++ b/src/or/fp_pair.c
@@ -1,6 +1,14 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file fp_pair.c
+ *
+ * \brief Manages data structures for associating pairs of fingerprints. Used
+ * to handle combinations of identity/signing-key fingerprints for
+ * authorities.
+ **/
+
 #include "or.h"
 #include "fp_pair.h"
 
@@ -21,7 +29,7 @@ struct fp_pair_map_s {
  */
 
 /** Compare fp_pair_entry_t objects by key value. */
-static INLINE int
+static inline int
 fp_pair_map_entries_eq(const fp_pair_map_entry_t *a,
                        const fp_pair_map_entry_t *b)
 {
@@ -29,7 +37,7 @@ fp_pair_map_entries_eq(const fp_pair_map_entry_t *a,
 }
 
 /** Return a hash value for an fp_pair_entry_t. */
-static INLINE unsigned int
+static inline unsigned int
 fp_pair_map_entry_hash(const fp_pair_map_entry_t *a)
 {
   tor_assert(sizeof(a->key) == DIGEST_LEN*2);
@@ -42,9 +50,9 @@ fp_pair_map_entry_hash(const fp_pair_map_entry_t *a)
 
 HT_PROTOTYPE(fp_pair_map_impl, fp_pair_map_entry_s, node,
              fp_pair_map_entry_hash, fp_pair_map_entries_eq)
-HT_GENERATE(fp_pair_map_impl, fp_pair_map_entry_s, node,
-            fp_pair_map_entry_hash, fp_pair_map_entries_eq,
-            0.6, tor_malloc, tor_realloc, tor_free)
+HT_GENERATE2(fp_pair_map_impl, fp_pair_map_entry_s, node,
+             fp_pair_map_entry_hash, fp_pair_map_entries_eq,
+             0.6, tor_reallocarray_, tor_free_)
 
 /** Constructor to create a new empty map from fp_pair_t to void *
  */
diff --git a/src/or/fp_pair.h b/src/or/fp_pair.h
index 89f664a813..b1466581d2 100644
--- a/src/or/fp_pair.h
+++ b/src/or/fp_pair.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 68db5b9580..681cb900f2 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -18,7 +18,6 @@
 #include "geoip.h"
 #include "routerlist.h"
 
-static void clear_geoip_db(void);
 static void init_geoip_countries(void);
 
 /** An entry from the GeoIP IPv4 file: maps an IPv4 range to a country. */
@@ -58,8 +57,8 @@ static char geoip6_digest[DIGEST_LEN];
 /** Return the index of the <b>country</b>'s entry in the GeoIP
  * country list if it is a valid 2-letter country code, otherwise
  * return -1. */
-country_t
-geoip_get_country(const char *country)
+MOCK_IMPL(country_t,
+geoip_get_country,(const char *country))
 {
   void *idxplus1_;
   intptr_t idx;
@@ -126,7 +125,6 @@ geoip_parse_entry(const char *line, sa_family_t family)
   tor_addr_t low_addr, high_addr;
   char c[3];
   char *country = NULL;
-  char buf[512];
 
   if (!geoip_countries)
     init_geoip_countries();
@@ -146,6 +144,7 @@ geoip_parse_entry(const char *line, sa_family_t family)
   if (*line == '#')
     return 0;
 
+  char buf[512];
   if (family == AF_INET) {
     unsigned int low, high;
     if (tor_sscanf(line,"%u,%u,%2s", &low, &high, c) == 3 ||
@@ -396,8 +395,8 @@ geoip_get_country_by_ipv6(const struct in6_addr *addr)
  * the 'unknown country'.  The return value will always be less than
  * geoip_get_n_countries().  To decode it, call geoip_get_country_name().
  */
-int
-geoip_get_country_by_addr(const tor_addr_t *addr)
+MOCK_IMPL(int,
+geoip_get_country_by_addr,(const tor_addr_t *addr))
 {
   if (tor_addr_family(addr) == AF_INET) {
     return geoip_get_country_by_ipv4(tor_addr_to_ipv4h(addr));
@@ -409,8 +408,8 @@ geoip_get_country_by_addr(const tor_addr_t *addr)
 }
 
 /** Return the number of countries recognized by the GeoIP country list. */
-int
-geoip_get_n_countries(void)
+MOCK_IMPL(int,
+geoip_get_n_countries,(void))
 {
   if (!geoip_countries)
     init_geoip_countries();
@@ -430,8 +429,8 @@ geoip_get_country_name(country_t num)
 }
 
 /** Return true iff we have loaded a GeoIP database.*/
-int
-geoip_is_loaded(sa_family_t family)
+MOCK_IMPL(int,
+geoip_is_loaded,(sa_family_t family))
 {
   tor_assert(family == AF_INET || family == AF_INET6);
   if (geoip_countries == NULL)
@@ -483,7 +482,7 @@ static HT_HEAD(clientmap, clientmap_entry_t) client_history =
      HT_INITIALIZER();
 
 /** Hashtable helper: compute a hash of a clientmap_entry_t. */
-static INLINE unsigned
+static inline unsigned
 clientmap_entry_hash(const clientmap_entry_t *a)
 {
   unsigned h = (unsigned) tor_addr_hash(&a->addr);
@@ -494,7 +493,7 @@ clientmap_entry_hash(const clientmap_entry_t *a)
   return h;
 }
 /** Hashtable helper: compare two clientmap_entry_t values for equality. */
-static INLINE int
+static inline int
 clientmap_entries_eq(const clientmap_entry_t *a, const clientmap_entry_t *b)
 {
   if (strcmp_opt(a->transport_name, b->transport_name))
@@ -506,8 +505,8 @@ clientmap_entries_eq(const clientmap_entry_t *a, const clientmap_entry_t *b)
 
 HT_PROTOTYPE(clientmap, clientmap_entry_t, node, clientmap_entry_hash,
              clientmap_entries_eq);
-HT_GENERATE(clientmap, clientmap_entry_t, node, clientmap_entry_hash,
-            clientmap_entries_eq, 0.6, malloc, realloc, free);
+HT_GENERATE2(clientmap, clientmap_entry_t, node, clientmap_entry_hash,
+             clientmap_entries_eq, 0.6, tor_reallocarray_, tor_free_)
 
 /** Free all storage held by <b>ent</b>. */
 static void
@@ -720,8 +719,8 @@ dirreq_map_ent_hash(const dirreq_map_entry_t *entry)
 
 HT_PROTOTYPE(dirreqmap, dirreq_map_entry_t, node, dirreq_map_ent_hash,
              dirreq_map_ent_eq);
-HT_GENERATE(dirreqmap, dirreq_map_entry_t, node, dirreq_map_ent_hash,
-            dirreq_map_ent_eq, 0.6, malloc, realloc, free);
+HT_GENERATE2(dirreqmap, dirreq_map_entry_t, node, dirreq_map_ent_hash,
+             dirreq_map_ent_eq, 0.6, tor_reallocarray_, tor_free_)
 
 /** Helper: Put <b>entry</b> into map of directory requests using
  * <b>type</b> and <b>dirreq_id</b> as key parts. If there is
@@ -963,14 +962,14 @@ geoip_get_dirreq_history(dirreq_type_t type)
     /* We may have rounded 'completed' up.  Here we want to use the
      * real value. */
     complete = smartlist_len(dirreq_completed);
-    dltimes = tor_malloc_zero(sizeof(uint32_t) * complete);
+    dltimes = tor_calloc(complete, sizeof(uint32_t));
     SMARTLIST_FOREACH_BEGIN(dirreq_completed, dirreq_map_entry_t *, ent) {
       uint32_t bytes_per_second;
       uint32_t time_diff = (uint32_t) tv_mdiff(&ent->request_time,
                                                &ent->completion_time);
       if (time_diff == 0)
         time_diff = 1; /* Avoid DIV/0; "instant" answers are impossible
-                        * by law of nature or something, but a milisecond
+                        * by law of nature or something, but a millisecond
                         * is a bit greater than "instantly" */
       bytes_per_second = (uint32_t)(1000 * ent->response_size / time_diff);
       dltimes[ent_sl_idx] = bytes_per_second;
@@ -1033,7 +1032,7 @@ geoip_get_client_history(geoip_client_action_t action,
   if (!geoip_is_loaded(AF_INET) && !geoip_is_loaded(AF_INET6))
     return -1;
 
-  counts = tor_malloc_zero(sizeof(unsigned)*n_countries);
+  counts = tor_calloc(n_countries, sizeof(unsigned));
   HT_FOREACH(ent, clientmap, &client_history) {
     int country;
     if ((*ent)->action != (int)action)
@@ -1207,9 +1206,9 @@ geoip_format_dirreq_stats(time_t now)
 {
   char t[ISO_TIME_LEN+1];
   int i;
-  char *v3_ips_string, *v3_reqs_string, *v3_direct_dl_string,
-       *v3_tunneled_dl_string;
-  char *result;
+  char *v3_ips_string = NULL, *v3_reqs_string = NULL,
+       *v3_direct_dl_string = NULL, *v3_tunneled_dl_string = NULL;
+  char *result = NULL;
 
   if (!start_of_dirreq_stats_interval)
     return NULL; /* Not initialized. */
@@ -1280,6 +1279,8 @@ geoip_dirreq_stats_write(time_t now)
 
   /* Generate history string .*/
   str = geoip_format_dirreq_stats(now);
+  if (! str)
+    goto done;
 
   /* Write dirreq-stats string to disk. */
   if (!check_or_create_data_subdir("stats")) {
@@ -1436,6 +1437,39 @@ format_bridge_stats_controller(time_t now)
   return out;
 }
 
+/** Return a newly allocated string holding our bridge usage stats by
+ * country in a format suitable for inclusion in our heartbeat
+ * message. Return NULL on failure.  */
+char *
+format_client_stats_heartbeat(time_t now)
+{
+  const int n_hours = 6;
+  char *out = NULL;
+  int n_clients = 0;
+  clientmap_entry_t **ent;
+  unsigned cutoff = (unsigned)( (now-n_hours*3600)/60 );
+
+  if (!start_of_bridge_stats_interval)
+    return NULL; /* Not initialized. */
+
+  /* count unique IPs */
+  HT_FOREACH(ent, clientmap, &client_history) {
+    /* only count directly connecting clients */
+    if ((*ent)->action != GEOIP_CLIENT_CONNECT)
+      continue;
+    if ((*ent)->last_seen_in_minutes < cutoff)
+      continue;
+    n_clients++;
+  }
+
+  tor_asprintf(&out, "Heartbeat: "
+               "In the last %d hours, I have seen %d unique clients.",
+               n_hours,
+               n_clients);
+
+  return out;
+}
+
 /** Write bridge statistics to $DATADIR/stats/bridge-stats and return
  * when we should next try to write statistics. */
 time_t
@@ -1633,7 +1667,7 @@ getinfo_helper_geoip(control_connection_t *control_conn,
 }
 
 /** Release all storage held by the GeoIP databases and country list. */
-static void
+STATIC void
 clear_geoip_db(void)
 {
   if (geoip_countries) {
diff --git a/src/or/geoip.h b/src/or/geoip.h
index b9b53c3006..070296dd07 100644
--- a/src/or/geoip.h
+++ b/src/or/geoip.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -18,15 +18,16 @@
 STATIC int geoip_parse_entry(const char *line, sa_family_t family);
 STATIC int geoip_get_country_by_ipv4(uint32_t ipaddr);
 STATIC int geoip_get_country_by_ipv6(const struct in6_addr *addr);
+STATIC void clear_geoip_db(void);
 #endif
 int should_record_bridge_info(const or_options_t *options);
 int geoip_load_file(sa_family_t family, const char *filename);
-int geoip_get_country_by_addr(const tor_addr_t *addr);
-int geoip_get_n_countries(void);
+MOCK_DECL(int, geoip_get_country_by_addr, (const tor_addr_t *addr));
+MOCK_DECL(int, geoip_get_n_countries, (void));
 const char *geoip_get_country_name(country_t num);
-int geoip_is_loaded(sa_family_t family);
+MOCK_DECL(int, geoip_is_loaded, (sa_family_t family));
 const char *geoip_db_digest(sa_family_t family);
-country_t geoip_get_country(const char *countrycode);
+MOCK_DECL(country_t, geoip_get_country, (const char *countrycode));
 
 void geoip_note_client_seen(geoip_client_action_t action,
                             const tor_addr_t *addr, const char *transport_name,
@@ -64,6 +65,7 @@ time_t geoip_bridge_stats_write(time_t now);
 void geoip_bridge_stats_term(void);
 const char *geoip_get_bridge_stats_extrainfo(time_t);
 char *geoip_get_bridge_stats_controller(time_t);
+char *format_client_stats_heartbeat(time_t now);
 
 #endif
 
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index c433ac1be9..9408925d96 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -410,6 +410,21 @@ configure_accounting(time_t now)
   accounting_set_wakeup_time();
 }
 
+/** Return the relevant number of bytes sent/received this interval
+ * based on the set AccountingRule */
+uint64_t
+get_accounting_bytes(void)
+{
+  if (get_options()->AccountingRule == ACCT_SUM)
+    return n_bytes_read_in_interval+n_bytes_written_in_interval;
+  else if (get_options()->AccountingRule == ACCT_IN)
+    return n_bytes_read_in_interval;
+  else if (get_options()->AccountingRule == ACCT_OUT)
+    return n_bytes_written_in_interval;
+  else
+    return MAX(n_bytes_read_in_interval, n_bytes_written_in_interval);
+}
+
 /** Set expected_bandwidth_usage based on how much we sent/received
  * per minute last interval (if we were up for at least 30 minutes),
  * or based on our declared bandwidth otherwise. */
@@ -421,6 +436,11 @@ update_expected_bandwidth(void)
   uint64_t max_configured = (options->RelayBandwidthRate > 0 ?
                              options->RelayBandwidthRate :
                              options->BandwidthRate) * 60;
+  /* max_configured is the larger of bytes read and bytes written
+   * If we are accounting based on sum, worst case is both are
+   * at max, doubling the expected sum of bandwidth */
+  if (get_options()->AccountingRule == ACCT_SUM)
+    max_configured *= 2;
 
 #define MIN_TIME_FOR_MEASUREMENT (1800)
 
@@ -439,8 +459,7 @@ update_expected_bandwidth(void)
      * doesn't know to store soft-limit info.  Just take rate at which
      * we were reading/writing in the last interval as our expected rate.
      */
-    uint64_t used = MAX(n_bytes_written_in_interval,
-                        n_bytes_read_in_interval);
+    uint64_t used = get_accounting_bytes();
     expected = used / (n_seconds_active_in_interval / 60);
   } else {
     /* If we haven't gotten enough data last interval, set 'expected'
@@ -475,7 +494,7 @@ reset_accounting(time_t now)
 }
 
 /** Return true iff we should save our bandwidth usage to disk. */
-static INLINE int
+static inline int
 time_to_record_bandwidth_usage(time_t now)
 {
   /* Note every 600 sec */
@@ -715,8 +734,7 @@ hibernate_hard_limit_reached(void)
   uint64_t hard_limit = get_options()->AccountingMax;
   if (!hard_limit)
     return 0;
-  return n_bytes_read_in_interval >= hard_limit
-    || n_bytes_written_in_interval >= hard_limit;
+  return get_accounting_bytes() >= hard_limit;
 }
 
 /** Return true iff we have sent/received almost all the bytes we are willing
@@ -747,8 +765,7 @@ hibernate_soft_limit_reached(void)
 
   if (!soft_limit)
     return 0;
-  return n_bytes_read_in_interval >= soft_limit
-    || n_bytes_written_in_interval >= soft_limit;
+  return get_accounting_bytes() >= soft_limit;
 }
 
 /** Called when we get a SIGINT, or when bandwidth soft limit is
@@ -772,8 +789,7 @@ hibernate_begin(hibernate_state_t new_state, time_t now)
       hibernate_state == HIBERNATE_STATE_LIVE) {
     soft_limit_hit_at = now;
     n_seconds_to_hit_soft_limit = n_seconds_active_in_interval;
-    n_bytes_at_soft_limit = MAX(n_bytes_read_in_interval,
-                                n_bytes_written_in_interval);
+    n_bytes_at_soft_limit = get_accounting_bytes();
   }
 
   /* close listeners. leave control listener(s). */
@@ -998,18 +1014,39 @@ getinfo_helper_accounting(control_connection_t *conn,
     else
       *answer = tor_strdup("awake");
   } else if (!strcmp(question, "accounting/bytes")) {
-    tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
+      tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
                  U64_PRINTF_ARG(n_bytes_read_in_interval),
                  U64_PRINTF_ARG(n_bytes_written_in_interval));
   } else if (!strcmp(question, "accounting/bytes-left")) {
     uint64_t limit = get_options()->AccountingMax;
-    uint64_t read_left = 0, write_left = 0;
-    if (n_bytes_read_in_interval < limit)
-      read_left = limit - n_bytes_read_in_interval;
-    if (n_bytes_written_in_interval < limit)
-      write_left = limit - n_bytes_written_in_interval;
-    tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
-                 U64_PRINTF_ARG(read_left), U64_PRINTF_ARG(write_left));
+    if (get_options()->AccountingRule == ACCT_SUM) {
+      uint64_t total_left = 0;
+      uint64_t total_bytes = get_accounting_bytes();
+      if (total_bytes < limit)
+        total_left = limit - total_bytes;
+      tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
+                   U64_PRINTF_ARG(total_left), U64_PRINTF_ARG(total_left));
+    } else if (get_options()->AccountingRule == ACCT_IN) {
+      uint64_t read_left = 0;
+      if (n_bytes_read_in_interval < limit)
+        read_left = limit - n_bytes_read_in_interval;
+      tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
+                   U64_PRINTF_ARG(read_left), U64_PRINTF_ARG(limit));
+    } else if (get_options()->AccountingRule == ACCT_OUT) {
+      uint64_t write_left = 0;
+      if (n_bytes_written_in_interval < limit)
+        write_left = limit - n_bytes_written_in_interval;
+      tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
+                   U64_PRINTF_ARG(limit), U64_PRINTF_ARG(write_left));
+    } else {
+      uint64_t read_left = 0, write_left = 0;
+      if (n_bytes_read_in_interval < limit)
+        read_left = limit - n_bytes_read_in_interval;
+      if (n_bytes_written_in_interval < limit)
+        write_left = limit - n_bytes_written_in_interval;
+      tor_asprintf(answer, U64_FORMAT" "U64_FORMAT,
+                   U64_PRINTF_ARG(read_left), U64_PRINTF_ARG(write_left));
+    }
   } else if (!strcmp(question, "accounting/interval-start")) {
     *answer = tor_malloc(ISO_TIME_LEN+1);
     format_iso_time(*answer, interval_start_time);
diff --git a/src/or/hibernate.h b/src/or/hibernate.h
index 38ecb75129..fa9da6de39 100644
--- a/src/or/hibernate.h
+++ b/src/or/hibernate.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -19,6 +19,7 @@ MOCK_DECL(int, accounting_is_enabled, (const or_options_t *options));
 int accounting_get_interval_length(void);
 MOCK_DECL(time_t, accounting_get_end_time, (void));
 void configure_accounting(time_t now);
+uint64_t get_accounting_bytes(void);
 void accounting_run_housekeeping(time_t now);
 void accounting_add_bytes(size_t n_read, size_t n_written, int seconds);
 int accounting_record_bandwidth_usage(time_t now, or_state_t *state);
@@ -28,6 +29,7 @@ void consider_hibernation(time_t now);
 int getinfo_helper_accounting(control_connection_t *conn,
                               const char *question, char **answer,
                               const char **errmsg);
+uint64_t get_accounting_max_total(void);
 
 #ifdef HIBERNATE_PRIVATE
 /** Possible values of hibernate_state */
diff --git a/src/or/include.am b/src/or/include.am
index 47bdd09901..712ae18406 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -15,7 +15,7 @@ else
 tor_platform_source=
 endif
 
-EXTRA_DIST+= src/or/ntmain.c src/or/or_sha1.i src/or/Makefile.nmake
+EXTRA_DIST+= src/or/ntmain.c src/or/Makefile.nmake
 
 if USE_EXTERNAL_EVDNS
 evdns_source=
@@ -23,12 +23,6 @@ else
 evdns_source=src/ext/eventdns.c
 endif
 
-if CURVE25519_ENABLED
-onion_ntor_source=src/or/onion_ntor.c
-else
-onion_ntor_source=
-endif
-
 LIBTOR_A_SOURCES = \
 	src/or/addressmap.c				\
 	src/or/buffers.c				\
@@ -49,16 +43,18 @@ LIBTOR_A_SOURCES = \
 	src/or/connection_or.c				\
 	src/or/control.c				\
 	src/or/cpuworker.c				\
+	src/or/dircollate.c				\
 	src/or/directory.c				\
 	src/or/dirserv.c				\
 	src/or/dirvote.c				\
 	src/or/dns.c					\
 	src/or/dnsserv.c				\
-        src/or/fp_pair.c				\
+	src/or/fp_pair.c				\
 	src/or/geoip.c					\
 	src/or/entrynodes.c				\
 	src/or/ext_orport.c				\
 	src/or/hibernate.c				\
+	src/or/keypin.c					\
 	src/or/main.c					\
 	src/or/microdesc.c				\
 	src/or/networkstatus.c				\
@@ -67,9 +63,11 @@ LIBTOR_A_SOURCES = \
 	src/or/onion_fast.c				\
 	src/or/onion_tap.c				\
 	src/or/transports.c				\
+	src/or/periodic.c				\
 	src/or/policies.c				\
 	src/or/reasons.c				\
 	src/or/relay.c					\
+	src/or/rendcache.c				\
 	src/or/rendclient.c				\
 	src/or/rendcommon.c				\
 	src/or/rendmid.c				\
@@ -77,33 +75,32 @@ LIBTOR_A_SOURCES = \
 	src/or/rephist.c				\
 	src/or/replaycache.c				\
 	src/or/router.c					\
+	src/or/routerkeys.c				\
 	src/or/routerlist.c				\
 	src/or/routerparse.c				\
 	src/or/routerset.c				\
+	src/or/scheduler.c				\
 	src/or/statefile.c				\
 	src/or/status.c					\
+	src/or/torcert.c				\
+	src/or/onion_ntor.c				\
 	$(evdns_source)					\
-	$(tor_platform_source)				\
-	$(onion_ntor_source)				\
-	src/or/config_codedigest.c
+	$(tor_platform_source)
 
 src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)
 src_or_libtor_testing_a_SOURCES = $(LIBTOR_A_SOURCES)
 
-#libtor_a_LIBADD = ../common/libor.a ../common/libor-crypto.a \
-#	../common/libor-event.a
-
-
 src_or_tor_SOURCES = src/or/tor_main.c
 AM_CPPFLAGS += -I$(srcdir)/src/or -Isrc/or
 
-src/or/tor_main.o: micro-revision.i
+src/or/tor_main.$(OBJEXT) \
+  src/or/src_or_tor_cov-tor_main.$(OBJEXT): micro-revision.i
 
-AM_CPPFLAGS += -DSHARE_DATADIR="\"$(datadir)\"" \
-        -DLOCALSTATEDIR="\"$(localstatedir)\"" \
-        -DBINDIR="\"$(bindir)\""
+AM_CPPFLAGS += -DSHARE_DATADIR="\"$(datadir)\""		\
+		-DLOCALSTATEDIR="\"$(localstatedir)\""	\
+		-DBINDIR="\"$(bindir)\""
 
-src_or_libtor_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_or_libtor_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
 src_or_libtor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 
 # -L flags need to go in LDFLAGS. -l flags need to go in LDADD.
@@ -113,21 +110,21 @@ src_or_libtor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 
 src_or_tor_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
 src_or_tor_LDADD = src/or/libtor.a src/common/libor.a \
-	src/common/libor-crypto.a $(LIBDONNA) \
-	src/common/libor-event.a \
+	src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \
+	src/common/libor-event.a src/trunnel/libor-trunnel.a \
 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ @TOR_OPENSSL_LIBS@ \
-	@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+	@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@
 
 if COVERAGE_ENABLED
 src_or_tor_cov_SOURCES = src/or/tor_main.c
-src_or_tor_cov_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_or_tor_cov_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
 src_or_tor_cov_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 src_or_tor_cov_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
 src_or_tor_cov_LDADD = src/or/libtor-testing.a src/common/libor-testing.a \
-	src/common/libor-crypto-testing.a $(LIBDONNA) \
-	src/common/libor-event-testing.a \
+	src/common/libor-crypto-testing.a $(LIBKECCAK_TINY) $(LIBDONNA) \
+	src/common/libor-event-testing.a src/trunnel/libor-trunnel-testing.a \
 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ @TOR_OPENSSL_LIBS@ \
-	@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+	@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@
 endif
 
 ORHEADERS = \
@@ -150,17 +147,21 @@ ORHEADERS = \
 	src/or/connection_or.h				\
 	src/or/control.h				\
 	src/or/cpuworker.h				\
+	src/or/dircollate.h				\
 	src/or/directory.h				\
 	src/or/dirserv.h				\
 	src/or/dirvote.h				\
 	src/or/dns.h					\
+	src/or/dns_structs.h				\
 	src/or/dnsserv.h				\
 	src/or/eventdns_tor.h				\
 	src/or/ext_orport.h				\
+	src/or/fallback_dirs.inc			\
 	src/or/fp_pair.h				\
 	src/or/geoip.h					\
 	src/or/entrynodes.h				\
 	src/or/hibernate.h				\
+	src/or/keypin.h					\
 	src/or/main.h					\
 	src/or/microdesc.h				\
 	src/or/networkstatus.h				\
@@ -172,9 +173,11 @@ ORHEADERS = \
 	src/or/onion_tap.h				\
 	src/or/or.h					\
 	src/or/transports.h				\
+	src/or/periodic.h				\
 	src/or/policies.h				\
 	src/or/reasons.h				\
 	src/or/relay.h					\
+	src/or/rendcache.h				\
 	src/or/rendclient.h				\
 	src/or/rendcommon.h				\
 	src/or/rendmid.h				\
@@ -182,44 +185,36 @@ ORHEADERS = \
 	src/or/rephist.h				\
 	src/or/replaycache.h				\
 	src/or/router.h					\
+	src/or/routerkeys.h				\
 	src/or/routerlist.h				\
+	src/or/routerkeys.h				\
 	src/or/routerset.h				\
 	src/or/routerparse.h				\
+	src/or/scheduler.h				\
 	src/or/statefile.h				\
-	src/or/status.h
+	src/or/status.h					\
+	src/or/torcert.h
 
 noinst_HEADERS+= $(ORHEADERS) micro-revision.i
 
-src/or/config_codedigest.o: src/or/or_sha1.i
-
 micro-revision.i: FORCE
-	@rm -f micro-revision.tmp;				\
-	if test -d "$(top_srcdir)/.git" &&				\
-	  test -x "`which git 2>&1;true`"; then				\
-	  HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`";	\
-	  echo \"$$HASH\" > micro-revision.tmp; 			\
-        fi;								\
-	if test ! -f micro-revision.tmp ; then			\
-	  if test ! -f micro-revision.i ; then			\
-	    echo '""' > micro-revision.i;			\
-	  fi;								\
-	elif test ! -f micro-revision.i ||			\
-	  test x"`cat micro-revision.tmp`" != x"`cat micro-revision.i`"; then \
-	  mv micro-revision.tmp micro-revision.i;		\
-	fi; true
-
-src/or/or_sha1.i: $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS)
-	$(AM_V_GEN)if test "@SHA1SUM@" != none; then \
-	  (cd "$(srcdir)" && "@SHA1SUM@" $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS) ) | \
-	  "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > src/or/or_sha1.i; \
-	elif test "@OPENSSL@" != none; then \
-	  (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS)) | \
-	  "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2  \1\\n"/p' > src/or/or_sha1.i; \
-	else \
-	  rm src/or/or_sha1.i; \
-	  touch src/or/or_sha1.i; \
-	fi
-
-CLEANFILES+= micro-revision.i src/or/micro-revision.i
+	$(AM_V_at)rm -f micro-revision.tmp; \
+	if test -d "$(top_srcdir)/.git" && \
+			test -x "`which git 2>&1;true`"; then \
+		HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`"; \
+		echo \"$$HASH\" > micro-revision.tmp; \
+	fi; \
+	if test ! -f micro-revision.tmp; then \
+		if test ! -f micro-revision.i; then \
+			echo '""' > micro-revision.i; \
+		fi; \
+	elif test ! -f micro-revision.i || \
+			test x"`cat micro-revision.tmp`" != x"`cat micro-revision.i`"; then \
+		mv micro-revision.tmp micro-revision.i; \
+	fi; \
+	rm -f micro-revision.tmp; \
+	true
+
+CLEANFILES+= micro-revision.i src/or/micro-revision.i micro-revision.tmp
 
 FORCE:
diff --git a/src/or/keypin.c b/src/or/keypin.c
new file mode 100644
index 0000000000..1f82eccf86
--- /dev/null
+++ b/src/or/keypin.c
@@ -0,0 +1,486 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file keypin.c
+ *
+ * \brief Functions and structures for associating routers' RSA key
+ * fingerprints with their ED25519 keys.
+ */
+
+#define KEYPIN_PRIVATE
+
+#include "orconfig.h"
+#include "compat.h"
+#include "crypto.h"
+#include "crypto_format.h"
+#include "di_ops.h"
+#include "ht.h"
+#include "keypin.h"
+#include "siphash.h"
+#include "torint.h"
+#include "torlog.h"
+#include "util.h"
+#include "util_format.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef _WIN32
+#include <io.h>
+#endif
+
+/**
+ * @file keypin.c
+ * @brief Key-pinning for RSA and Ed25519 identity keys at directory
+ *  authorities.
+ *
+ * This module implements a key-pinning mechanism to ensure that it's safe
+ * to use RSA keys as identitifers even as we migrate to Ed25519 keys.  It
+ * remembers, for every Ed25519 key we've seen, what the associated Ed25519
+ * key is.  This way, if we see a different Ed25519 key with that RSA key,
+ * we'll know that there's a mismatch.
+ *
+ * We persist these entries to disk using a simple format, where each line
+ * has a base64-encoded RSA SHA1 hash, then a base64-endoded Ed25519 key.
+ * Empty lines, misformed lines, and lines beginning with # are
+ * ignored. Lines beginning with @ are reserved for future extensions.
+ */
+
+static int keypin_journal_append_entry(const uint8_t *rsa_id_digest,
+                                       const uint8_t *ed25519_id_key);
+static int keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
+                                     const uint8_t *ed25519_id_key,
+                                     const int do_not_add,
+                                     const int replace);
+static int keypin_add_or_replace_entry_in_map(keypin_ent_t *ent);
+
+static HT_HEAD(rsamap, keypin_ent_st) the_rsa_map = HT_INITIALIZER();
+static HT_HEAD(edmap, keypin_ent_st) the_ed_map = HT_INITIALIZER();
+
+/** Hashtable helper: compare two keypin table entries and return true iff
+ * they have the same RSA key IDs. */
+static inline int
+keypin_ents_eq_rsa(const keypin_ent_t *a, const keypin_ent_t *b)
+{
+  return tor_memeq(a->rsa_id, b->rsa_id, sizeof(a->rsa_id));
+}
+
+/** Hashtable helper: hash a keypin table entries based on its RSA key ID */
+static inline unsigned
+keypin_ent_hash_rsa(const keypin_ent_t *a)
+{
+return (unsigned) siphash24g(a->rsa_id, sizeof(a->rsa_id));
+}
+
+/** Hashtable helper: compare two keypin table entries and return true iff
+ * they have the same ed25519 keys */
+static inline int
+keypin_ents_eq_ed(const keypin_ent_t *a, const keypin_ent_t *b)
+{
+  return tor_memeq(a->ed25519_key, b->ed25519_key, sizeof(a->ed25519_key));
+}
+
+/** Hashtable helper: hash a keypin table entries based on its ed25519 key */
+static inline unsigned
+keypin_ent_hash_ed(const keypin_ent_t *a)
+{
+return (unsigned) siphash24g(a->ed25519_key, sizeof(a->ed25519_key));
+}
+
+HT_PROTOTYPE(rsamap, keypin_ent_st, rsamap_node, keypin_ent_hash_rsa,
+               keypin_ents_eq_rsa);
+HT_GENERATE2(rsamap, keypin_ent_st, rsamap_node, keypin_ent_hash_rsa,
+               keypin_ents_eq_rsa, 0.6, tor_reallocarray, tor_free_);
+
+HT_PROTOTYPE(edmap, keypin_ent_st, edmap_node, keypin_ent_hash_ed,
+               keypin_ents_eq_ed);
+HT_GENERATE2(edmap, keypin_ent_st, edmap_node, keypin_ent_hash_ed,
+               keypin_ents_eq_ed, 0.6, tor_reallocarray, tor_free_);
+
+/**
+ * Check whether we already have an entry in the key pinning table for a
+ * router with RSA ID digest <b>rsa_id_digest</b> or for ed25519 key
+ * <b>ed25519_id_key</b>.  If we have an entry that matches both keys,
+ * return KEYPIN_FOUND. If we find an entry that matches one key but
+ * not the other, return KEYPIN_MISMATCH.  If we have no entry for either
+ * key, add such an entry to the table and return KEYPIN_ADDED.
+ *
+ * If <b>replace_existing_entry</b> is true, then any time we would have said
+ * KEYPIN_FOUND, we instead add this entry anyway and return KEYPIN_ADDED.
+ */
+int
+keypin_check_and_add(const uint8_t *rsa_id_digest,
+                     const uint8_t *ed25519_id_key,
+                     const int replace_existing_entry)
+{
+  return keypin_check_and_add_impl(rsa_id_digest, ed25519_id_key, 0,
+                                   replace_existing_entry);
+}
+
+/**
+ * As keypin_check_and_add, but do not add.  Return KEYPIN_NOT_FOUND if
+ * we would add.
+ */
+int
+keypin_check(const uint8_t *rsa_id_digest,
+             const uint8_t *ed25519_id_key)
+{
+  return keypin_check_and_add_impl(rsa_id_digest, ed25519_id_key, 1, 0);
+}
+
+/**
+ * Helper: implements keypin_check and keypin_check_and_add.
+ */
+static int
+keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
+                          const uint8_t *ed25519_id_key,
+                          const int do_not_add,
+                          const int replace)
+{
+  keypin_ent_t search, *ent;
+  memset(&search, 0, sizeof(search));
+  memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
+  memcpy(search.ed25519_key, ed25519_id_key, sizeof(search.ed25519_key));
+
+  /* Search by RSA key digest first */
+  ent = HT_FIND(rsamap, &the_rsa_map, &search);
+  if (ent) {
+    tor_assert(fast_memeq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
+    if (tor_memeq(ent->ed25519_key, ed25519_id_key,sizeof(ent->ed25519_key))) {
+      return KEYPIN_FOUND; /* Match on both keys. Great. */
+    } else {
+      if (!replace)
+        return KEYPIN_MISMATCH; /* Found RSA with different Ed key */
+    }
+  }
+
+  /* See if we know a different RSA key for this ed key */
+  if (! replace) {
+    ent = HT_FIND(edmap, &the_ed_map, &search);
+    if (ent) {
+      /* If we got here, then the ed key matches and the RSA doesn't */
+      tor_assert(fast_memeq(ent->ed25519_key, ed25519_id_key,
+                            sizeof(ent->ed25519_key)));
+      tor_assert(fast_memneq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
+      return KEYPIN_MISMATCH;
+    }
+  }
+
+  /* Okay, this one is new to us. */
+  if (do_not_add)
+    return KEYPIN_NOT_FOUND;
+
+  ent = tor_memdup(&search, sizeof(search));
+  int r = keypin_add_or_replace_entry_in_map(ent);
+  if (! replace) {
+    tor_assert(r == 1);
+  } else {
+    tor_assert(r != 0);
+  }
+  keypin_journal_append_entry(rsa_id_digest, ed25519_id_key);
+  return KEYPIN_ADDED;
+}
+
+/**
+ * Helper: add <b>ent</b> to the hash tables.
+ */
+MOCK_IMPL(STATIC void,
+keypin_add_entry_to_map, (keypin_ent_t *ent))
+{
+  HT_INSERT(rsamap, &the_rsa_map, ent);
+  HT_INSERT(edmap, &the_ed_map, ent);
+}
+
+/**
+ * Helper: add 'ent' to the maps, replacing any entries that contradict it.
+ * Take ownership of 'ent', freeing it if needed.
+ *
+ * Return 0 if the entry was a duplicate, -1 if there was a conflict,
+ * and 1 if there was no conflict.
+ */
+static int
+keypin_add_or_replace_entry_in_map(keypin_ent_t *ent)
+{
+  int r = 1;
+  keypin_ent_t *ent2 = HT_FIND(rsamap, &the_rsa_map, ent);
+  keypin_ent_t *ent3 = HT_FIND(edmap, &the_ed_map, ent);
+  if (ent2 &&
+      fast_memeq(ent2->ed25519_key, ent->ed25519_key, DIGEST256_LEN)) {
+    /* We already have this mapping stored. Ignore it. */
+    tor_free(ent);
+    return 0;
+  } else if (ent2 || ent3) {
+    /* We have a conflict. (If we had no entry, we would have ent2 == ent3
+     * == NULL. If we had a non-conflicting duplicate, we would have found
+     * it above.)
+     *
+     * We respond by having this entry (ent) supersede all entries that it
+     * contradicts (ent2 and/or ent3). In other words, if we receive
+     * <rsa,ed>, we remove all <rsa,ed'> and all <rsa',ed>, for rsa'!=rsa
+     * and ed'!= ed.
+     */
+    const keypin_ent_t *t;
+    if (ent2) {
+      t = HT_REMOVE(rsamap, &the_rsa_map, ent2);
+      tor_assert(ent2 == t);
+      t = HT_REMOVE(edmap, &the_ed_map, ent2);
+      tor_assert(ent2 == t);
+    }
+    if (ent3 && ent2 != ent3) {
+      t = HT_REMOVE(rsamap, &the_rsa_map, ent3);
+      tor_assert(ent3 == t);
+      t = HT_REMOVE(edmap, &the_ed_map, ent3);
+      tor_assert(ent3 == t);
+      tor_free(ent3);
+    }
+    tor_free(ent2);
+    r = -1;
+    /* Fall through */
+  }
+
+  keypin_add_entry_to_map(ent);
+  return r;
+}
+
+/**
+ * Check whether we already have an entry in the key pinning table for a
+ * router with RSA ID digest <b>rsa_id_digest</b>.  If we have no such entry,
+ * return KEYPIN_NOT_FOUND.  If we find an entry that matches the RSA key but
+ * which has an ed25519 key, return KEYPIN_MISMATCH.
+ */
+int
+keypin_check_lone_rsa(const uint8_t *rsa_id_digest)
+{
+  keypin_ent_t search, *ent;
+  memset(&search, 0, sizeof(search));
+  memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
+
+  /* Search by RSA key digest first */
+  ent = HT_FIND(rsamap, &the_rsa_map, &search);
+  if (ent) {
+    return KEYPIN_MISMATCH;
+  } else {
+    return KEYPIN_NOT_FOUND;
+  }
+}
+
+/** Open fd to the keypinning journal file. */
+static int keypin_journal_fd = -1;
+
+/** Open the key-pinning journal to append to <b>fname</b>.  Return 0 on
+ * success, -1 on failure. */
+int
+keypin_open_journal(const char *fname)
+{
+  /* O_SYNC ??*/
+  int fd = tor_open_cloexec(fname, O_WRONLY|O_CREAT|O_BINARY, 0600);
+  if (fd < 0)
+    goto err;
+
+  if (tor_fd_seekend(fd) < 0)
+    goto err;
+
+  /* Add a newline in case the last line was only partially written */
+  if (write(fd, "\n", 1) < 1)
+    goto err;
+
+  /* Add something about when we opened this file. */
+  char buf[80];
+  char tbuf[ISO_TIME_LEN+1];
+  format_iso_time(tbuf, approx_time());
+  tor_snprintf(buf, sizeof(buf), "@opened-at %s\n", tbuf);
+  if (write_all(fd, buf, strlen(buf), 0) < 0)
+    goto err;
+
+  keypin_journal_fd = fd;
+  return 0;
+ err:
+  if (fd >= 0)
+    close(fd);
+  return -1;
+}
+
+/** Close the keypinning journal file. */
+int
+keypin_close_journal(void)
+{
+  if (keypin_journal_fd >= 0)
+    close(keypin_journal_fd);
+  keypin_journal_fd = -1;
+  return 0;
+}
+
+/** Length of a keypinning journal line, including terminating newline. */
+#define JOURNAL_LINE_LEN (BASE64_DIGEST_LEN + BASE64_DIGEST256_LEN + 2)
+
+/** Add an entry to the keypinning journal to map <b>rsa_id_digest</b> and
+ * <b>ed25519_id_key</b>. */
+static int
+keypin_journal_append_entry(const uint8_t *rsa_id_digest,
+                            const uint8_t *ed25519_id_key)
+{
+  if (keypin_journal_fd == -1)
+    return -1;
+  char line[JOURNAL_LINE_LEN];
+  digest_to_base64(line, (const char*)rsa_id_digest);
+  line[BASE64_DIGEST_LEN] = ' ';
+  digest256_to_base64(line + BASE64_DIGEST_LEN + 1,
+                      (const char*)ed25519_id_key);
+  line[BASE64_DIGEST_LEN+1+BASE64_DIGEST256_LEN] = '\n';
+
+  if (write_all(keypin_journal_fd, line, JOURNAL_LINE_LEN, 0)<0) {
+    log_warn(LD_DIRSERV, "Error while adding a line to the key-pinning "
+             "journal: %s", strerror(errno));
+    keypin_close_journal();
+    return -1;
+  }
+
+  return 0;
+}
+
+/** Load a journal from the <b>size</b>-byte region at <b>data</b>.  Return 0
+ * on success, -1 on failure. */
+STATIC int
+keypin_load_journal_impl(const char *data, size_t size)
+{
+  const char *start = data, *end = data + size, *next;
+
+  int n_corrupt_lines = 0;
+  int n_entries = 0;
+  int n_duplicates = 0;
+  int n_conflicts = 0;
+
+  for (const char *cp = start; cp < end; cp = next) {
+    const char *eol = memchr(cp, '\n', end-cp);
+    const char *eos = eol ? eol : end;
+    const size_t len = eos - cp;
+
+    next = eol ? eol + 1 : end;
+
+    if (len == 0) {
+      continue;
+    }
+
+    if (*cp == '@') {
+      /* Lines that start with @ are reserved. Ignore for now. */
+      continue;
+    }
+    if (*cp == '#') {
+      /* Lines that start with # are comments. */
+      continue;
+    }
+
+    /* Is it the right length?  (The -1 here is for the newline.) */
+    if (len != JOURNAL_LINE_LEN - 1) {
+      /* Lines with a bad length are corrupt unless they are empty.
+       * Ignore them either way */
+      for (const char *s = cp; s < eos; ++s) {
+        if (! TOR_ISSPACE(*s)) {
+          ++n_corrupt_lines;
+          break;
+        }
+      }
+      continue;
+    }
+
+    keypin_ent_t *ent = keypin_parse_journal_line(cp);
+
+    if (ent == NULL) {
+      ++n_corrupt_lines;
+      continue;
+    }
+
+    const int r = keypin_add_or_replace_entry_in_map(ent);
+    if (r == 0) {
+      ++n_duplicates;
+    } else if (r == -1) {
+      ++n_conflicts;
+    }
+
+    ++n_entries;
+  }
+
+  int severity = (n_corrupt_lines || n_duplicates) ? LOG_WARN : LOG_INFO;
+  tor_log(severity, LD_DIRSERV,
+          "Loaded %d entries from keypin journal. "
+          "Found %d corrupt lines, %d duplicates, and %d conflicts.",
+          n_entries, n_corrupt_lines, n_duplicates, n_conflicts);
+
+  return 0;
+}
+
+/**
+ * Load a journal from the file called <b>fname</b>. Return 0 on success,
+ * -1 on failure.
+ */
+int
+keypin_load_journal(const char *fname)
+{
+  tor_mmap_t *map = tor_mmap_file(fname);
+  if (!map) {
+    if (errno == ENOENT)
+      return 0;
+    else
+      return -1;
+  }
+  int r = keypin_load_journal_impl(map->data, map->size);
+  tor_munmap_file(map);
+  return r;
+}
+
+/** Parse a single keypinning journal line entry from <b>cp</b>.  The input
+ * does not need to be NUL-terminated, but it <em>does</em> need to have
+ * KEYPIN_JOURNAL_LINE_LEN -1 bytes available to read.  Return a new entry
+ * on success, and NULL on failure.
+ */
+STATIC keypin_ent_t *
+keypin_parse_journal_line(const char *cp)
+{
+  /* XXXX assumes !USE_OPENSSL_BASE64 */
+  keypin_ent_t *ent = tor_malloc_zero(sizeof(keypin_ent_t));
+
+  if (base64_decode((char*)ent->rsa_id, sizeof(ent->rsa_id),
+             cp, BASE64_DIGEST_LEN) != DIGEST_LEN ||
+      cp[BASE64_DIGEST_LEN] != ' ' ||
+      base64_decode((char*)ent->ed25519_key, sizeof(ent->ed25519_key),
+             cp+BASE64_DIGEST_LEN+1, BASE64_DIGEST256_LEN) != DIGEST256_LEN) {
+    tor_free(ent);
+    return NULL;
+  } else {
+    return ent;
+  }
+}
+
+/** Remove all entries from the keypinning table.*/
+void
+keypin_clear(void)
+{
+  int bad_entries = 0;
+  {
+    keypin_ent_t **ent, **next, *this;
+    for (ent = HT_START(rsamap, &the_rsa_map); ent != NULL; ent = next) {
+      this = *ent;
+      next = HT_NEXT_RMV(rsamap, &the_rsa_map, ent);
+
+      keypin_ent_t *other_ent = HT_REMOVE(edmap, &the_ed_map, this);
+      bad_entries += (other_ent != this);
+
+      tor_free(this);
+    }
+  }
+  bad_entries += HT_SIZE(&the_ed_map);
+
+  HT_CLEAR(edmap,&the_ed_map);
+  HT_CLEAR(rsamap,&the_rsa_map);
+
+  if (bad_entries) {
+    log_warn(LD_BUG, "Found %d discrepencies in the the keypin database.",
+             bad_entries);
+  }
+}
+
diff --git a/src/or/keypin.h b/src/or/keypin.h
new file mode 100644
index 0000000000..673f24d9e3
--- /dev/null
+++ b/src/or/keypin.h
@@ -0,0 +1,47 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_KEYPIN_H
+#define TOR_KEYPIN_H
+
+#include "testsupport.h"
+
+int keypin_check_and_add(const uint8_t *rsa_id_digest,
+                         const uint8_t *ed25519_id_key,
+                         const int replace_existing_entry);
+int keypin_check(const uint8_t *rsa_id_digest,
+                 const uint8_t *ed25519_id_key);
+
+int keypin_open_journal(const char *fname);
+int keypin_close_journal(void);
+int keypin_load_journal(const char *fname);
+void keypin_clear(void);
+int keypin_check_lone_rsa(const uint8_t *rsa_id_digest);
+
+#define KEYPIN_FOUND 0
+#define KEYPIN_ADDED 1
+#define KEYPIN_MISMATCH -1
+#define KEYPIN_NOT_FOUND -2
+
+#ifdef KEYPIN_PRIVATE
+
+/**
+ * In-memory representation of a key-pinning table entry.
+ */
+typedef struct keypin_ent_st {
+  HT_ENTRY(keypin_ent_st) rsamap_node;
+  HT_ENTRY(keypin_ent_st) edmap_node;
+  /** SHA1 hash of the RSA key */
+  uint8_t rsa_id[DIGEST_LEN];
+  /** Ed2219 key. */
+  uint8_t ed25519_key[DIGEST256_LEN];
+} keypin_ent_t;
+
+STATIC keypin_ent_t * keypin_parse_journal_line(const char *cp);
+STATIC int keypin_load_journal_impl(const char *data, size_t size);
+
+MOCK_DECL(STATIC void, keypin_add_entry_to_map, (keypin_ent_t *ent));
+#endif
+
+#endif
+
diff --git a/src/or/main.c b/src/or/main.c
index 31fbdcd433..d4d98ee317 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -28,6 +28,7 @@
 #include "connection_or.h"
 #include "control.h"
 #include "cpuworker.h"
+#include "crypto_s2k.h"
 #include "directory.h"
 #include "dirserv.h"
 #include "dirvote.h"
@@ -36,12 +37,14 @@
 #include "entrynodes.h"
 #include "geoip.h"
 #include "hibernate.h"
+#include "keypin.h"
 #include "main.h"
 #include "microdesc.h"
 #include "networkstatus.h"
 #include "nodelist.h"
 #include "ntmain.h"
 #include "onion.h"
+#include "periodic.h"
 #include "policies.h"
 #include "transports.h"
 #include "relay.h"
@@ -50,8 +53,10 @@
 #include "rendservice.h"
 #include "rephist.h"
 #include "router.h"
+#include "routerkeys.h"
 #include "routerlist.h"
 #include "routerparse.h"
+#include "scheduler.h"
 #include "statefile.h"
 #include "status.h"
 #include "util_process.h"
@@ -61,7 +66,7 @@
 #include <openssl/crypto.h>
 #endif
 #include "memarea.h"
-#include "../common/sandbox.h"
+#include "sandbox.h"
 
 #ifdef HAVE_EVENT2_EVENT_H
 #include <event2/event.h>
@@ -73,6 +78,16 @@
 #include <event2/bufferevent.h>
 #endif
 
+#ifdef HAVE_SYSTEMD
+#   if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
+/* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
+ * Coverity. Here's a kludge to unconfuse it.
+ */
+#   define __INCLUDE_LEVEL__ 2
+#   endif
+#include <systemd/sd-daemon.h>
+#endif
+
 void evdns_shutdown(int);
 
 /********* PROTOTYPES **********/
@@ -85,6 +100,8 @@ static void second_elapsed_callback(periodic_timer_t *timer, void *args);
 static int conn_close_if_marked(int i);
 static void connection_start_reading_from_linked_conn(connection_t *conn);
 static int connection_should_read_from_linked_conn(connection_t *conn);
+static int run_main_loop_until_done(void);
+static void process_signal(int sig);
 
 /********* START VARIABLES **********/
 
@@ -118,8 +135,6 @@ static uint64_t stats_n_bytes_written = 0;
 time_t time_of_process_start = 0;
 /** How many seconds have we been running? */
 long stats_n_seconds_working = 0;
-/** When do we next launch DNS wildcarding checks? */
-static time_t time_to_check_for_correct_dns = 0;
 
 /** How often will we honor SIGNEWNYM requests? */
 #define MAX_SIGNEWNYM_RATE 10
@@ -149,7 +164,7 @@ static int called_loop_once = 0;
  * any longer (a big time jump happened, when we notice our directory is
  * heinously out-of-date, etc.
  */
-int can_complete_circuit=0;
+static int can_complete_circuits = 0;
 
 /** How often do we check for router descriptors that we should download
  * when we have too little directory info? */
@@ -170,37 +185,11 @@ int quiet_level = 0;
 /********* END VARIABLES ************/
 
 /****************************************************************************
-*
-* This section contains accessors and other methods on the connection_array
-* variables (which are global within this file and unavailable outside it).
-*
-****************************************************************************/
-
-#if 0 && defined(USE_BUFFEREVENTS)
-static void
-free_old_inbuf(connection_t *conn)
-{
-  if (! conn->inbuf)
-    return;
-
-  tor_assert(conn->outbuf);
-  tor_assert(buf_datalen(conn->inbuf) == 0);
-  tor_assert(buf_datalen(conn->outbuf) == 0);
-  buf_free(conn->inbuf);
-  buf_free(conn->outbuf);
-  conn->inbuf = conn->outbuf = NULL;
-
-  if (conn->read_event) {
-    event_del(conn->read_event);
-    tor_event_free(conn->read_event);
-  }
-  if (conn->write_event) {
-    event_del(conn->read_event);
-    tor_event_free(conn->write_event);
-  }
-  conn->read_event = conn->write_event = NULL;
-}
-#endif
+ *
+ * This section contains accessors and other methods on the connection_array
+ * variables (which are global within this file and unavailable outside it).
+ *
+ ****************************************************************************/
 
 #if defined(_WIN32) && defined(USE_BUFFEREVENTS)
 /** Remove the kernel-space send and receive buffers for <b>s</b>. For use
@@ -210,11 +199,13 @@ set_buffer_lengths_to_zero(tor_socket_t s)
 {
   int zero = 0;
   int r = 0;
-  if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&zero, sizeof(zero))) {
+  if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&zero,
+                 (socklen_t)sizeof(zero))) {
     log_warn(LD_NET, "Unable to clear SO_SNDBUF");
     r = -1;
   }
-  if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&zero, sizeof(zero))) {
+  if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&zero,
+                 (socklen_t)sizeof(zero))) {
     log_warn(LD_NET, "Unable to clear SO_RCVBUF");
     r = -1;
   }
@@ -222,6 +213,31 @@ set_buffer_lengths_to_zero(tor_socket_t s)
 }
 #endif
 
+/** Return 1 if we have successfully built a circuit, and nothing has changed
+ * to make us think that maybe we can't.
+ */
+int
+have_completed_a_circuit(void)
+{
+  return can_complete_circuits;
+}
+
+/** Note that we have successfully built a circuit, so that reachability
+ * testing and introduction points and so on may be attempted. */
+void
+note_that_we_completed_a_circuit(void)
+{
+  can_complete_circuits = 1;
+}
+
+/** Note that something has happened (like a clock jump, or DisableNetwork) to
+ * make us think that maybe we can't complete circuits. */
+void
+note_that_we_maybe_cant_complete_circuits(void)
+{
+  can_complete_circuits = 0;
+}
+
 /** Add <b>conn</b> to the array of connections that we can poll on.  The
  * connection's socket must be set; the connection starts out
  * non-reading and non-writing.
@@ -354,6 +370,10 @@ connection_remove(connection_t *conn)
             (int)conn->s, conn_type_to_string(conn->type),
             smartlist_len(connection_array));
 
+  if (conn->type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
+    log_info(LD_NET, "Closing SOCKS SocksSocket connection");
+  }
+
   control_event_conn_bandwidth(conn);
 
   tor_assert(conn->conn_array_index >= 0);
@@ -456,8 +476,7 @@ connection_in_array(connection_t *conn)
   return smartlist_contains(connection_array, conn);
 }
 
-/** Set <b>*array</b> to an array of all connections, and <b>*n</b>
- * to the length of the array. <b>*array</b> and <b>*n</b> must not
+/** Set <b>*array</b> to an array of all connections. <b>*array</b> must not
  * be modified.
  */
 smartlist_t *
@@ -525,7 +544,7 @@ connection_is_reading(connection_t *conn)
 }
 
 /** Check whether <b>conn</b> is correct in having (or not having) a
- * read/write event (passed in <b>ev</b). On success, return 0. On failure,
+ * read/write event (passed in <b>ev</b>). On success, return 0. On failure,
  * log a warning and return -1. */
 static int
 connection_check_event(connection_t *conn, struct event *ev)
@@ -553,11 +572,12 @@ connection_check_event(connection_t *conn, struct event *ev)
              conn_type_to_string(conn->type),
              conn_state_to_string(conn->type, conn->state),
              (int)conn->s, (int)conn->linked,
-             (conn->type == CONN_TYPE_AP && TO_EDGE_CONN(conn)->is_dns_request),
+             (conn->type == CONN_TYPE_AP &&
+                               TO_EDGE_CONN(conn)->is_dns_request),
              conn->marked_for_close_file ? conn->marked_for_close_file : "-",
              conn->marked_for_close
              );
-    //log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached.");
+    log_backtrace(LOG_WARN, LD_BUG, "Backtrace attached.");
     return -1;
   }
   return 0;
@@ -706,6 +726,19 @@ connection_should_read_from_linked_conn(connection_t *conn)
   return 0;
 }
 
+/** If we called event_base_loop() and told it to never stop until it
+ * runs out of events, now we've changed our mind: tell it we want it to
+ * finish. */
+void
+tell_event_loop_to_finish(void)
+{
+  if (!called_loop_once) {
+    struct timeval tv = { 0, 0 };
+    tor_event_base_loopexit(tor_libevent_get_base(), &tv);
+    called_loop_once = 1; /* hack to avoid adding more exit events */
+  }
+}
+
 /** Helper: Tell the main loop to begin reading bytes into <b>conn</b> from
  * its linked connection, if it is not doing so already.  Called by
  * connection_start_reading and connection_start_writing as appropriate. */
@@ -718,14 +751,10 @@ connection_start_reading_from_linked_conn(connection_t *conn)
   if (!conn->active_on_link) {
     conn->active_on_link = 1;
     smartlist_add(active_linked_connection_lst, conn);
-    if (!called_loop_once) {
-      /* This is the first event on the list; we won't be in LOOP_ONCE mode,
-       * so we need to make sure that the event_base_loop() actually exits at
-       * the end of its run through the current connections and lets us
-       * activate read events for linked connections. */
-      struct timeval tv = { 0, 0 };
-      tor_event_base_loopexit(tor_libevent_get_base(), &tv);
-    }
+    /* make sure that the event_base_loop() function exits at
+     * the end of its run through the current connections, so we can
+     * activate read events for linked connections. */
+    tell_event_loop_to_finish();
   } else {
     tor_assert(smartlist_contains(active_linked_connection_lst, conn));
   }
@@ -948,18 +977,6 @@ conn_close_if_marked(int i)
            * would make much more sense to react in
            * connection_handle_read_impl, or to just stop reading in
            * mark_and_flush */
-#if 0
-#define MARKED_READING_RATE 180
-          static ratelim_t marked_read_lim = RATELIM_INIT(MARKED_READING_RATE);
-          char *m;
-          if ((m = rate_limit_log(&marked_read_lim, now))) {
-            log_warn(LD_BUG, "Marked connection (fd %d, type %s, state %s) "
-                     "is still reading; that shouldn't happen.%s",
-                     (int)conn->s, conn_type_to_string(conn->type),
-                     conn_state_to_string(conn->type, conn->state), m);
-            tor_free(m);
-          }
-#endif
           conn->read_blocked_on_bw = 1;
           connection_stop_reading(conn);
         }
@@ -987,19 +1004,18 @@ conn_close_if_marked(int i)
   return 1;
 }
 
-/** We've just tried every dirserver we know about, and none of
- * them were reachable. Assume the network is down. Change state
- * so next time an application connection arrives we'll delay it
- * and try another directory fetch. Kill off all the circuit_wait
- * streams that are waiting now, since they will all timeout anyway.
+/** Implementation for directory_all_unreachable.  This is done in a callback,
+ * since otherwise it would complicate Tor's control-flow graph beyond all
+ * reason.
  */
-void
-directory_all_unreachable(time_t now)
+static void
+directory_all_unreachable_cb(evutil_socket_t fd, short event, void *arg)
 {
-  connection_t *conn;
-  (void)now;
+  (void)fd;
+  (void)event;
+  (void)arg;
 
-  stats_n_seconds_working=0; /* reset it */
+  connection_t *conn;
 
   while ((conn = connection_get_by_type_state(CONN_TYPE_AP,
                                               AP_CONN_STATE_CIRCUIT_WAIT))) {
@@ -1012,18 +1028,43 @@ directory_all_unreachable(time_t now)
     connection_mark_unattached_ap(entry_conn,
                                   END_STREAM_REASON_NET_UNREACHABLE);
   }
-  control_event_general_status(LOG_ERR, "DIR_ALL_UNREACHABLE");
+  control_event_general_error("DIR_ALL_UNREACHABLE");
+}
+
+static struct event *directory_all_unreachable_cb_event = NULL;
+
+/** We've just tried every dirserver we know about, and none of
+ * them were reachable. Assume the network is down. Change state
+ * so next time an application connection arrives we'll delay it
+ * and try another directory fetch. Kill off all the circuit_wait
+ * streams that are waiting now, since they will all timeout anyway.
+ */
+void
+directory_all_unreachable(time_t now)
+{
+  (void)now;
+
+  stats_n_seconds_working=0; /* reset it */
+
+  if (!directory_all_unreachable_cb_event) {
+    directory_all_unreachable_cb_event =
+      tor_event_new(tor_libevent_get_base(),
+                    -1, EV_READ, directory_all_unreachable_cb, NULL);
+    tor_assert(directory_all_unreachable_cb_event);
+  }
+
+  event_active(directory_all_unreachable_cb_event, EV_READ, 1);
 }
 
 /** This function is called whenever we successfully pull down some new
  * network statuses or server descriptors. */
 void
-directory_info_has_arrived(time_t now, int from_cache)
+directory_info_has_arrived(time_t now, int from_cache, int suppress_logs)
 {
   const or_options_t *options = get_options();
 
   if (!router_have_minimum_dir_info()) {
-    int quiet = from_cache ||
+    int quiet = suppress_logs || from_cache ||
                 directory_too_idle_to_fetch_descriptors(options, now);
     tor_log(quiet ? LOG_INFO : LOG_NOTICE, LD_DIR,
         "I learned some more directory information, but not enough to "
@@ -1045,7 +1086,7 @@ directory_info_has_arrived(time_t now, int from_cache)
   }
 
   if (server_mode(options) && !net_is_disabled() && !from_cache &&
-      (can_complete_circuit || !any_predicted_circuits(now)))
+      (have_completed_a_circuit() || !any_predicted_circuits(now)))
     consider_testing_reachability(1, 1);
 }
 
@@ -1207,7 +1248,165 @@ get_signewnym_epoch(void)
   return newnym_epoch;
 }
 
-static time_t time_to_check_descriptor = 0;
+/** True iff we have initialized all the members of <b>periodic_events</b>.
+ * Used to prevent double-initialization. */
+static int periodic_events_initialized = 0;
+
+/* Declare all the timer callback functions... */
+#undef CALLBACK
+#define CALLBACK(name) \
+  static int name ## _callback(time_t, const or_options_t *)
+CALLBACK(rotate_onion_key);
+CALLBACK(check_ed_keys);
+CALLBACK(launch_descriptor_fetches);
+CALLBACK(reset_descriptor_failures);
+CALLBACK(rotate_x509_certificate);
+CALLBACK(add_entropy);
+CALLBACK(launch_reachability_tests);
+CALLBACK(downrate_stability);
+CALLBACK(save_stability);
+CALLBACK(check_authority_cert);
+CALLBACK(check_expired_networkstatus);
+CALLBACK(write_stats_file);
+CALLBACK(record_bridge_stats);
+CALLBACK(clean_caches);
+CALLBACK(rend_cache_failure_clean);
+CALLBACK(retry_dns);
+CALLBACK(check_descriptor);
+CALLBACK(check_for_reachability_bw);
+CALLBACK(fetch_networkstatus);
+CALLBACK(retry_listeners);
+CALLBACK(expire_old_ciruits_serverside);
+CALLBACK(check_dns_honesty);
+CALLBACK(write_bridge_ns);
+CALLBACK(check_fw_helper_app);
+CALLBACK(heartbeat);
+
+#undef CALLBACK
+
+/* Now we declare an array of periodic_event_item_t for each periodic event */
+#define CALLBACK(name) PERIODIC_EVENT(name)
+
+static periodic_event_item_t periodic_events[] = {
+  CALLBACK(rotate_onion_key),
+  CALLBACK(check_ed_keys),
+  CALLBACK(launch_descriptor_fetches),
+  CALLBACK(reset_descriptor_failures),
+  CALLBACK(rotate_x509_certificate),
+  CALLBACK(add_entropy),
+  CALLBACK(launch_reachability_tests),
+  CALLBACK(downrate_stability),
+  CALLBACK(save_stability),
+  CALLBACK(check_authority_cert),
+  CALLBACK(check_expired_networkstatus),
+  CALLBACK(write_stats_file),
+  CALLBACK(record_bridge_stats),
+  CALLBACK(clean_caches),
+  CALLBACK(rend_cache_failure_clean),
+  CALLBACK(retry_dns),
+  CALLBACK(check_descriptor),
+  CALLBACK(check_for_reachability_bw),
+  CALLBACK(fetch_networkstatus),
+  CALLBACK(retry_listeners),
+  CALLBACK(expire_old_ciruits_serverside),
+  CALLBACK(check_dns_honesty),
+  CALLBACK(write_bridge_ns),
+  CALLBACK(check_fw_helper_app),
+  CALLBACK(heartbeat),
+  END_OF_PERIODIC_EVENTS
+};
+#undef CALLBACK
+
+/* These are pointers to members of periodic_events[] that are used to
+ * implement particular callbacks.  We keep them separate here so that we
+ * can access them by name.  We also keep them inside periodic_events[]
+ * so that we can implement "reset all timers" in a reasonable way. */
+static periodic_event_item_t *check_descriptor_event=NULL;
+static periodic_event_item_t *fetch_networkstatus_event=NULL;
+static periodic_event_item_t *launch_descriptor_fetches_event=NULL;
+static periodic_event_item_t *check_dns_honesty_event=NULL;
+
+/** Reset all the periodic events so we'll do all our actions again as if we
+ * just started up.
+ * Useful if our clock just moved back a long time from the future,
+ * so we don't wait until that future arrives again before acting.
+ */
+void
+reset_all_main_loop_timers(void)
+{
+  int i;
+  for (i = 0; periodic_events[i].name; ++i) {
+    periodic_event_reschedule(&periodic_events[i]);
+  }
+}
+
+/** Return the member of periodic_events[] whose name is <b>name</b>.
+ * Return NULL if no such event is found.
+ */
+static periodic_event_item_t *
+find_periodic_event(const char *name)
+{
+  int i;
+  for (i = 0; periodic_events[i].name; ++i) {
+    if (strcmp(name, periodic_events[i].name) == 0)
+      return &periodic_events[i];
+  }
+  return NULL;
+}
+
+/** Helper, run one second after setup:
+ * Initializes all members of periodic_events and starts them running.
+ *
+ * (We do this one second after setup for backward-compatibility reasons;
+ * it might not actually be necessary.) */
+static void
+initialize_periodic_events_cb(evutil_socket_t fd, short events, void *data)
+{
+  (void) fd;
+  (void) events;
+  (void) data;
+  int i;
+  for (i = 0; periodic_events[i].name; ++i) {
+    periodic_event_launch(&periodic_events[i]);
+  }
+}
+
+/** Set up all the members of periodic_events[], and configure them all to be
+ * launched from a callback. */
+STATIC void
+initialize_periodic_events(void)
+{
+  tor_assert(periodic_events_initialized == 0);
+  periodic_events_initialized = 1;
+
+  int i;
+  for (i = 0; periodic_events[i].name; ++i) {
+    periodic_event_setup(&periodic_events[i]);
+  }
+
+#define NAMED_CALLBACK(name) \
+  STMT_BEGIN name ## _event = find_periodic_event( #name ); STMT_END
+
+  NAMED_CALLBACK(check_descriptor);
+  NAMED_CALLBACK(fetch_networkstatus);
+  NAMED_CALLBACK(launch_descriptor_fetches);
+  NAMED_CALLBACK(check_dns_honesty);
+
+  struct timeval one_second = { 1, 0 };
+  event_base_once(tor_libevent_get_base(), -1, EV_TIMEOUT,
+                  initialize_periodic_events_cb, NULL,
+                  &one_second);
+}
+
+STATIC void
+teardown_periodic_events(void)
+{
+  int i;
+  for (i = 0; periodic_events[i].name; ++i) {
+    periodic_event_destroy(&periodic_events[i]);
+  }
+}
+
 /**
  * Update our schedule so that we'll check whether we need to update our
  * descriptor immediately, rather than after up to CHECK_DESCRIPTOR_INTERVAL
@@ -1216,7 +1415,45 @@ static time_t time_to_check_descriptor = 0;
 void
 reschedule_descriptor_update_check(void)
 {
-  time_to_check_descriptor = 0;
+  tor_assert(check_descriptor_event);
+  periodic_event_reschedule(check_descriptor_event);
+}
+
+/**
+ * Update our schedule so that we'll check whether we need to fetch directory
+ * info immediately.
+ */
+void
+reschedule_directory_downloads(void)
+{
+  tor_assert(fetch_networkstatus_event);
+  tor_assert(launch_descriptor_fetches_event);
+
+  periodic_event_reschedule(fetch_networkstatus_event);
+  periodic_event_reschedule(launch_descriptor_fetches_event);
+}
+
+#define LONGEST_TIMER_PERIOD (30 * 86400)
+/** Helper: Return the number of seconds between <b>now</b> and <b>next</b>,
+ * clipped to the range [1 second, LONGEST_TIMER_PERIOD]. */
+static inline int
+safe_timer_diff(time_t now, time_t next)
+{
+  if (next > now) {
+    /* There were no computers at signed TIME_MIN (1902 on 32-bit systems),
+     * and nothing that could run Tor. It's a bug if 'next' is around then.
+     * On 64-bit systems with signed TIME_MIN, TIME_MIN is before the Big
+     * Bang. We cannot extrapolate past a singularity, but there was probably
+     * nothing that could run Tor then, either.
+     **/
+    tor_assert(next > TIME_MIN + LONGEST_TIMER_PERIOD);
+
+    if (next - LONGEST_TIMER_PERIOD > now)
+      return LONGEST_TIMER_PERIOD;
+    return (int)(next - now);
+  } else {
+    return 1;
+  }
 }
 
 /** Perform regular maintenance tasks.  This function gets run once per
@@ -1225,33 +1462,8 @@ reschedule_descriptor_update_check(void)
 static void
 run_scheduled_events(time_t now)
 {
-  static time_t last_rotated_x509_certificate = 0;
-  static time_t time_to_check_v3_certificate = 0;
-  static time_t time_to_check_listeners = 0;
-  static time_t time_to_download_networkstatus = 0;
-  static time_t time_to_shrink_memory = 0;
-  static time_t time_to_try_getting_descriptors = 0;
-  static time_t time_to_reset_descriptor_failures = 0;
-  static time_t time_to_add_entropy = 0;
-  static time_t time_to_write_bridge_status_file = 0;
-  static time_t time_to_downrate_stability = 0;
-  static time_t time_to_save_stability = 0;
-  static time_t time_to_clean_caches = 0;
-  static time_t time_to_recheck_bandwidth = 0;
-  static time_t time_to_check_for_expired_networkstatus = 0;
-  static time_t time_to_write_stats_files = 0;
-  static time_t time_to_write_bridge_stats = 0;
-  static time_t time_to_check_port_forwarding = 0;
-  static time_t time_to_launch_reachability_tests = 0;
-  static int should_init_bridge_stats = 1;
-  static time_t time_to_retry_dns_init = 0;
-  static time_t time_to_next_heartbeat = 0;
   const or_options_t *options = get_options();
 
-  int is_server = server_mode(options);
-  int i;
-  int have_dir_info;
-
   /* 0. See if we've been asked to shut down and our timeout has
    * expired; or if our bandwidth limits are exhausted and we
    * should hibernate; or if it's time to wake up from hibernation.
@@ -1269,202 +1481,378 @@ run_scheduled_events(time_t now)
   /* 0c. If we've deferred log messages for the controller, handle them now */
   flush_pending_log_callbacks();
 
+  if (options->UseBridges && !options->DisableNetwork) {
+    fetch_bridge_descriptors(options, now);
+  }
+
+  if (accounting_is_enabled(options)) {
+    accounting_run_housekeeping(now);
+  }
+
+  if (authdir_mode_v3(options)) {
+    dirvote_act(options, now);
+  }
+
+  /* 3a. Every second, we examine pending circuits and prune the
+   *    ones which have been pending for more than a few seconds.
+   *    We do this before step 4, so it can try building more if
+   *    it's not comfortable with the number of available circuits.
+   */
+  /* (If our circuit build timeout can ever become lower than a second (which
+   * it can't, currently), we should do this more often.) */
+  circuit_expire_building();
+
+  /* 3b. Also look at pending streams and prune the ones that 'began'
+   *     a long time ago but haven't gotten a 'connected' yet.
+   *     Do this before step 4, so we can put them back into pending
+   *     state to be picked up by the new circuit.
+   */
+  connection_ap_expire_beginning();
+
+  /* 3c. And expire connections that we've held open for too long.
+   */
+  connection_expire_held_open();
+
+  /* 4. Every second, we try a new circuit if there are no valid
+   *    circuits. Every NewCircuitPeriod seconds, we expire circuits
+   *    that became dirty more than MaxCircuitDirtiness seconds ago,
+   *    and we make a new circ if there are no clean circuits.
+   */
+  const int have_dir_info = router_have_minimum_dir_info();
+  if (have_dir_info && !net_is_disabled()) {
+    circuit_build_needed_circs(now);
+  } else {
+    circuit_expire_old_circs_as_needed(now);
+  }
+
+  if (!net_is_disabled()) {
+    /* This is usually redundant with circuit_build_needed_circs() above,
+     * but it is very fast when there is no work to do. */
+    connection_ap_attach_pending(0);
+  }
+
+  /* 5. We do housekeeping for each connection... */
+  connection_or_set_bad_connections(NULL, 0);
+  int i;
+  for (i=0;i<smartlist_len(connection_array);i++) {
+    run_connection_housekeeping(i, now);
+  }
+
+  /* 6. And remove any marked circuits... */
+  circuit_close_all_marked();
+
+  /* 7. And upload service descriptors if necessary. */
+  if (have_completed_a_circuit() && !net_is_disabled()) {
+    rend_consider_services_upload(now);
+    rend_consider_descriptor_republication();
+  }
+
+  /* 8. and blow away any connections that need to die. have to do this now,
+   * because if we marked a conn for close and left its socket -1, then
+   * we'll pass it to poll/select and bad things will happen.
+   */
+  close_closeable_connections();
+
+  /* 8b. And if anything in our state is ready to get flushed to disk, we
+   * flush it. */
+  or_state_save(now);
+
+  /* 8c. Do channel cleanup just like for connections */
+  channel_run_cleanup();
+  channel_listener_run_cleanup();
+
+  /* 11b. check pending unconfigured managed proxies */
+  if (!net_is_disabled() && pt_proxies_configuration_pending())
+    pt_configure_remaining_proxies();
+}
+
+static int
+rotate_onion_key_callback(time_t now, const or_options_t *options)
+{
   /* 1a. Every MIN_ONION_KEY_LIFETIME seconds, rotate the onion keys,
    *  shut down and restart all cpuworkers, and update the directory if
    *  necessary.
    */
-  if (is_server &&
-      get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME < now) {
+  if (server_mode(options)) {
+    time_t rotation_time = get_onion_key_set_at()+MIN_ONION_KEY_LIFETIME;
+    if (rotation_time > now) {
+      return safe_timer_diff(now, rotation_time);
+    }
+
     log_info(LD_GENERAL,"Rotating onion key.");
     rotate_onion_key();
-    cpuworkers_rotate();
+    cpuworkers_rotate_keyinfo();
     if (router_rebuild_descriptor(1)<0) {
       log_info(LD_CONFIG, "Couldn't rebuild router descriptor");
     }
     if (advertised_server_mode() && !options->DisableNetwork)
       router_upload_dir_desc_to_dirservers(0);
+    return MIN_ONION_KEY_LIFETIME;
   }
+  return PERIODIC_EVENT_NO_UPDATE;
+}
 
-  if (!should_delay_dir_fetches(options, NULL) &&
-      time_to_try_getting_descriptors < now) {
-    update_all_descriptor_downloads(now);
-    update_extrainfo_downloads(now);
-    if (router_have_minimum_dir_info())
-      time_to_try_getting_descriptors = now + LAZY_DESCRIPTOR_RETRY_INTERVAL;
-    else
-      time_to_try_getting_descriptors = now + GREEDY_DESCRIPTOR_RETRY_INTERVAL;
+static int
+check_ed_keys_callback(time_t now, const or_options_t *options)
+{
+  if (server_mode(options)) {
+    if (should_make_new_ed_keys(options, now)) {
+      if (load_ed_keys(options, now) < 0 ||
+          generate_ed_link_cert(options, now)) {
+        log_err(LD_OR, "Unable to update Ed25519 keys!  Exiting.");
+        tor_cleanup();
+        exit(0);
+      }
+    }
+    return 30;
   }
+  return PERIODIC_EVENT_NO_UPDATE;
+}
 
-  if (time_to_reset_descriptor_failures < now) {
-    router_reset_descriptor_download_failures();
-    time_to_reset_descriptor_failures =
-      now + DESCRIPTOR_FAILURE_RESET_INTERVAL;
-  }
+static int
+launch_descriptor_fetches_callback(time_t now, const or_options_t *options)
+{
+  if (should_delay_dir_fetches(options, NULL))
+      return PERIODIC_EVENT_NO_UPDATE;
 
-  if (options->UseBridges && !options->DisableNetwork)
-    fetch_bridge_descriptors(options, now);
+  update_all_descriptor_downloads(now);
+  update_extrainfo_downloads(now);
+  if (router_have_minimum_dir_info())
+    return LAZY_DESCRIPTOR_RETRY_INTERVAL;
+  else
+    return GREEDY_DESCRIPTOR_RETRY_INTERVAL;
+}
+
+static int
+reset_descriptor_failures_callback(time_t now, const or_options_t *options)
+{
+  (void)now;
+  (void)options;
+  router_reset_descriptor_download_failures();
+  return DESCRIPTOR_FAILURE_RESET_INTERVAL;
+}
+
+static int
+rotate_x509_certificate_callback(time_t now, const or_options_t *options)
+{
+  static int first = 1;
+  (void)now;
+  (void)options;
+  if (first) {
+    first = 0;
+    return MAX_SSL_KEY_LIFETIME_INTERNAL;
+  }
 
   /* 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our
    * TLS context. */
-  if (!last_rotated_x509_certificate)
-    last_rotated_x509_certificate = now;
-  if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME_INTERNAL < now) {
-    log_info(LD_GENERAL,"Rotating tls context.");
-    if (router_initialize_tls_context() < 0) {
-      log_warn(LD_BUG, "Error reinitializing TLS context");
-      /* XXX is it a bug here, that we just keep going? -RD */
-    }
-    last_rotated_x509_certificate = now;
-    /* We also make sure to rotate the TLS connections themselves if they've
-     * been up for too long -- but that's done via is_bad_for_new_circs in
-     * connection_run_housekeeping() above. */
+  log_info(LD_GENERAL,"Rotating tls context.");
+  if (router_initialize_tls_context() < 0) {
+    log_warn(LD_BUG, "Error reinitializing TLS context");
+    tor_assert(0);
   }
 
-  if (time_to_add_entropy < now) {
-    if (time_to_add_entropy) {
-      /* We already seeded once, so don't die on failure. */
-      crypto_seed_rng(0);
-    }
-/** How often do we add more entropy to OpenSSL's RNG pool? */
-#define ENTROPY_INTERVAL (60*60)
-    time_to_add_entropy = now + ENTROPY_INTERVAL;
+  /* We also make sure to rotate the TLS connections themselves if they've
+   * been up for too long -- but that's done via is_bad_for_new_circs in
+   * run_connection_housekeeping() above. */
+  return MAX_SSL_KEY_LIFETIME_INTERNAL;
+}
+
+static int
+add_entropy_callback(time_t now, const or_options_t *options)
+{
+  (void)now;
+  (void)options;
+  /* We already seeded once, so don't die on failure. */
+  if (crypto_seed_rng() < 0) {
+    log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already "
+             "seeded once, though, so we won't exit here.");
   }
 
-  /* 1c. If we have to change the accounting interval or record
-   * bandwidth used in this accounting interval, do so. */
-  if (accounting_is_enabled(options))
-    accounting_run_housekeeping(now);
+  /** How often do we add more entropy to OpenSSL's RNG pool? */
+#define ENTROPY_INTERVAL (60*60)
+  return ENTROPY_INTERVAL;
+}
 
-  if (time_to_launch_reachability_tests < now &&
-      (authdir_mode_tests_reachability(options)) &&
-       !net_is_disabled()) {
-    time_to_launch_reachability_tests = now + REACHABILITY_TEST_INTERVAL;
+static int
+launch_reachability_tests_callback(time_t now, const or_options_t *options)
+{
+  if (authdir_mode_tests_reachability(options) &&
+      !net_is_disabled()) {
     /* try to determine reachability of the other Tor relays */
     dirserv_test_reachability(now);
   }
+  return REACHABILITY_TEST_INTERVAL;
+}
 
+static int
+downrate_stability_callback(time_t now, const or_options_t *options)
+{
+  (void)options;
   /* 1d. Periodically, we discount older stability information so that new
    * stability info counts more, and save the stability information to disk as
    * appropriate. */
-  if (time_to_downrate_stability < now)
-    time_to_downrate_stability = rep_hist_downrate_old_runs(now);
+  time_t next = rep_hist_downrate_old_runs(now);
+  return safe_timer_diff(now, next);
+}
+
+static int
+save_stability_callback(time_t now, const or_options_t *options)
+{
   if (authdir_mode_tests_reachability(options)) {
-    if (time_to_save_stability < now) {
-      if (time_to_save_stability && rep_hist_record_mtbf_data(now, 1)<0) {
-        log_warn(LD_GENERAL, "Couldn't store mtbf data.");
-      }
-#define SAVE_STABILITY_INTERVAL (30*60)
-      time_to_save_stability = now + SAVE_STABILITY_INTERVAL;
+    if (rep_hist_record_mtbf_data(now, 1)<0) {
+      log_warn(LD_GENERAL, "Couldn't store mtbf data.");
     }
   }
+#define SAVE_STABILITY_INTERVAL (30*60)
+  return SAVE_STABILITY_INTERVAL;
+}
 
+static int
+check_authority_cert_callback(time_t now, const or_options_t *options)
+{
+  (void)now;
+  (void)options;
   /* 1e. Periodically, if we're a v3 authority, we check whether our cert is
    * close to expiring and warn the admin if it is. */
-  if (time_to_check_v3_certificate < now) {
-    v3_authority_check_key_expiry();
+  v3_authority_check_key_expiry();
 #define CHECK_V3_CERTIFICATE_INTERVAL (5*60)
-    time_to_check_v3_certificate = now + CHECK_V3_CERTIFICATE_INTERVAL;
-  }
+  return CHECK_V3_CERTIFICATE_INTERVAL;
+}
 
+static int
+check_expired_networkstatus_callback(time_t now, const or_options_t *options)
+{
+  (void)options;
   /* 1f. Check whether our networkstatus has expired.
    */
-  if (time_to_check_for_expired_networkstatus < now) {
-    networkstatus_t *ns = networkstatus_get_latest_consensus();
-    /*XXXX RD: This value needs to be the same as REASONABLY_LIVE_TIME in
-     * networkstatus_get_reasonably_live_consensus(), but that value is way
-     * way too high.  Arma: is the bridge issue there resolved yet? -NM */
+  networkstatus_t *ns = networkstatus_get_latest_consensus();
+  /*XXXX RD: This value needs to be the same as REASONABLY_LIVE_TIME in
+   * networkstatus_get_reasonably_live_consensus(), but that value is way
+   * way too high.  Arma: is the bridge issue there resolved yet? -NM */
 #define NS_EXPIRY_SLOP (24*60*60)
-    if (ns && ns->valid_until < now+NS_EXPIRY_SLOP &&
-        router_have_minimum_dir_info()) {
-      router_dir_info_changed();
-    }
-#define CHECK_EXPIRED_NS_INTERVAL (2*60)
-    time_to_check_for_expired_networkstatus = now + CHECK_EXPIRED_NS_INTERVAL;
+  if (ns && ns->valid_until < now+NS_EXPIRY_SLOP &&
+      router_have_minimum_dir_info()) {
+    router_dir_info_changed();
   }
+#define CHECK_EXPIRED_NS_INTERVAL (2*60)
+  return CHECK_EXPIRED_NS_INTERVAL;
+}
 
+static int
+write_stats_file_callback(time_t now, const or_options_t *options)
+{
   /* 1g. Check whether we should write statistics to disk.
    */
-  if (time_to_write_stats_files < now) {
 #define CHECK_WRITE_STATS_INTERVAL (60*60)
-    time_t next_time_to_write_stats_files = (time_to_write_stats_files > 0 ?
-           time_to_write_stats_files : now) + CHECK_WRITE_STATS_INTERVAL;
-    if (options->CellStatistics) {
-      time_t next_write =
-          rep_hist_buffer_stats_write(time_to_write_stats_files);
-      if (next_write && next_write < next_time_to_write_stats_files)
-        next_time_to_write_stats_files = next_write;
-    }
-    if (options->DirReqStatistics) {
-      time_t next_write = geoip_dirreq_stats_write(time_to_write_stats_files);
-      if (next_write && next_write < next_time_to_write_stats_files)
-        next_time_to_write_stats_files = next_write;
-    }
-    if (options->EntryStatistics) {
-      time_t next_write = geoip_entry_stats_write(time_to_write_stats_files);
-      if (next_write && next_write < next_time_to_write_stats_files)
-        next_time_to_write_stats_files = next_write;
-    }
-    if (options->ExitPortStatistics) {
-      time_t next_write = rep_hist_exit_stats_write(time_to_write_stats_files);
-      if (next_write && next_write < next_time_to_write_stats_files)
-        next_time_to_write_stats_files = next_write;
-    }
-    if (options->ConnDirectionStatistics) {
-      time_t next_write = rep_hist_conn_stats_write(time_to_write_stats_files);
-      if (next_write && next_write < next_time_to_write_stats_files)
-        next_time_to_write_stats_files = next_write;
-    }
-    if (options->BridgeAuthoritativeDir) {
-      time_t next_write = rep_hist_desc_stats_write(time_to_write_stats_files);
-      if (next_write && next_write < next_time_to_write_stats_files)
-        next_time_to_write_stats_files = next_write;
-    }
-    time_to_write_stats_files = next_time_to_write_stats_files;
-  }
+  time_t next_time_to_write_stats_files = now + CHECK_WRITE_STATS_INTERVAL;
+  if (options->CellStatistics) {
+    time_t next_write =
+      rep_hist_buffer_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+  if (options->DirReqStatistics) {
+    time_t next_write = geoip_dirreq_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+  if (options->EntryStatistics) {
+    time_t next_write = geoip_entry_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+  if (options->HiddenServiceStatistics) {
+    time_t next_write = rep_hist_hs_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+  if (options->ExitPortStatistics) {
+    time_t next_write = rep_hist_exit_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+  if (options->ConnDirectionStatistics) {
+    time_t next_write = rep_hist_conn_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+  if (options->BridgeAuthoritativeDir) {
+    time_t next_write = rep_hist_desc_stats_write(now);
+    if (next_write && next_write < next_time_to_write_stats_files)
+      next_time_to_write_stats_files = next_write;
+  }
+
+  return safe_timer_diff(now, next_time_to_write_stats_files);
+}
+
+static int
+record_bridge_stats_callback(time_t now, const or_options_t *options)
+{
+  static int should_init_bridge_stats = 1;
 
   /* 1h. Check whether we should write bridge statistics to disk.
    */
   if (should_record_bridge_info(options)) {
-    if (time_to_write_bridge_stats < now) {
-      if (should_init_bridge_stats) {
-        /* (Re-)initialize bridge statistics. */
+    if (should_init_bridge_stats) {
+      /* (Re-)initialize bridge statistics. */
         geoip_bridge_stats_init(now);
-        time_to_write_bridge_stats = now + WRITE_STATS_INTERVAL;
         should_init_bridge_stats = 0;
-      } else {
-        /* Possibly write bridge statistics to disk and ask when to write
-         * them next time. */
-        time_to_write_bridge_stats = geoip_bridge_stats_write(
-                                           time_to_write_bridge_stats);
-      }
+        return WRITE_STATS_INTERVAL;
+    } else {
+      /* Possibly write bridge statistics to disk and ask when to write
+       * them next time. */
+      time_t next = geoip_bridge_stats_write(now);
+      return safe_timer_diff(now, next);
     }
   } else if (!should_init_bridge_stats) {
     /* Bridge mode was turned off. Ensure that stats are re-initialized
      * next time bridge mode is turned on. */
     should_init_bridge_stats = 1;
   }
+  return PERIODIC_EVENT_NO_UPDATE;
+}
 
+static int
+clean_caches_callback(time_t now, const or_options_t *options)
+{
   /* Remove old information from rephist and the rend cache. */
-  if (time_to_clean_caches < now) {
-    rep_history_clean(now - options->RephistTrackTime);
-    rend_cache_clean(now);
-    rend_cache_clean_v2_descs_as_dir(now);
-    microdesc_cache_rebuild(NULL, 0);
+  rep_history_clean(now - options->RephistTrackTime);
+  rend_cache_clean(now, REND_CACHE_TYPE_CLIENT);
+  rend_cache_clean(now, REND_CACHE_TYPE_SERVICE);
+  rend_cache_clean_v2_descs_as_dir(now, 0);
+  microdesc_cache_rebuild(NULL, 0);
 #define CLEAN_CACHES_INTERVAL (30*60)
-    time_to_clean_caches = now + CLEAN_CACHES_INTERVAL;
-  }
+  return CLEAN_CACHES_INTERVAL;
+}
 
+static int
+rend_cache_failure_clean_callback(time_t now, const or_options_t *options)
+{
+  (void)options;
+  /* We don't keep entries that are more than five minutes old so we try to
+   * clean it as soon as we can since we want to make sure the client waits
+   * as little as possible for reachability reasons. */
+  rend_cache_failure_clean(now);
+  return 30;
+}
+
+static int
+retry_dns_callback(time_t now, const or_options_t *options)
+{
+  (void)now;
 #define RETRY_DNS_INTERVAL (10*60)
   /* If we're a server and initializing dns failed, retry periodically. */
-  if (time_to_retry_dns_init < now) {
-    time_to_retry_dns_init = now + RETRY_DNS_INTERVAL;
-    if (is_server && has_dns_init_failed())
-      dns_init();
-  }
+  if (server_mode(options) && has_dns_init_failed())
+    dns_init();
+  return RETRY_DNS_INTERVAL;
+}
 
   /* 2. Periodically, we consider force-uploading our descriptor
    * (if we've passed our internal checks). */
 
+static int
+check_descriptor_callback(time_t now, const or_options_t *options)
+{
 /** How often do we check whether part of our router info has changed in a
  * way that would require an upload? That includes checking whether our IP
  * address has changed. */
@@ -1472,200 +1860,184 @@ run_scheduled_events(time_t now)
 
   /* 2b. Once per minute, regenerate and upload the descriptor if the old
    * one is inaccurate. */
-  if (time_to_check_descriptor < now && !options->DisableNetwork) {
-    static int dirport_reachability_count = 0;
-    time_to_check_descriptor = now + CHECK_DESCRIPTOR_INTERVAL;
+  if (!options->DisableNetwork) {
     check_descriptor_bandwidth_changed(now);
     check_descriptor_ipaddress_changed(now);
     mark_my_descriptor_dirty_if_too_old(now);
     consider_publishable_server(0);
-    /* also, check religiously for reachability, if it's within the first
-     * 20 minutes of our uptime. */
-    if (is_server &&
-        (can_complete_circuit || !any_predicted_circuits(now)) &&
-        !we_are_hibernating()) {
-      if (stats_n_seconds_working < TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
-        consider_testing_reachability(1, dirport_reachability_count==0);
-        if (++dirport_reachability_count > 5)
-          dirport_reachability_count = 0;
-      } else if (time_to_recheck_bandwidth < now) {
-        /* If we haven't checked for 12 hours and our bandwidth estimate is
-         * low, do another bandwidth test. This is especially important for
-         * bridges, since they might go long periods without much use. */
-        const routerinfo_t *me = router_get_my_routerinfo();
-        if (time_to_recheck_bandwidth && me &&
-            me->bandwidthcapacity < me->bandwidthrate &&
-            me->bandwidthcapacity < 51200) {
-          reset_bandwidth_test();
-        }
-#define BANDWIDTH_RECHECK_INTERVAL (12*60*60)
-        time_to_recheck_bandwidth = now + BANDWIDTH_RECHECK_INTERVAL;
-      }
-    }
-
     /* If any networkstatus documents are no longer recent, we need to
      * update all the descriptors' running status. */
     /* Remove dead routers. */
+    /* XXXX This doesn't belong here, but it was here in the pre-
+     * XXXX refactoring code. */
     routerlist_remove_old_routers();
   }
 
-  /* 2c. Every minute (or every second if TestingTorNetwork), check
-   * whether we want to download any networkstatus documents. */
+  return CHECK_DESCRIPTOR_INTERVAL;
+}
 
-/* How often do we check whether we should download network status
- * documents? */
-#define networkstatus_dl_check_interval(o) ((o)->TestingTorNetwork ? 1 : 60)
+static int
+check_for_reachability_bw_callback(time_t now, const or_options_t *options)
+{
+  /* XXXX This whole thing was stuck in the middle of what is now
+   * XXXX check_descriptor_callback.  I'm not sure it's right. */
 
-  if (!should_delay_dir_fetches(options, NULL) &&
-      time_to_download_networkstatus < now) {
-    time_to_download_networkstatus =
-      now + networkstatus_dl_check_interval(options);
-    update_networkstatus_downloads(now);
+  static int dirport_reachability_count = 0;
+  /* also, check religiously for reachability, if it's within the first
+   * 20 minutes of our uptime. */
+  if (server_mode(options) &&
+      (have_completed_a_circuit() || !any_predicted_circuits(now)) &&
+      !we_are_hibernating()) {
+    if (stats_n_seconds_working < TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
+      consider_testing_reachability(1, dirport_reachability_count==0);
+      if (++dirport_reachability_count > 5)
+        dirport_reachability_count = 0;
+      return 1;
+    } else {
+      /* If we haven't checked for 12 hours and our bandwidth estimate is
+       * low, do another bandwidth test. This is especially important for
+       * bridges, since they might go long periods without much use. */
+      const routerinfo_t *me = router_get_my_routerinfo();
+      static int first_time = 1;
+      if (!first_time && me &&
+          me->bandwidthcapacity < me->bandwidthrate &&
+          me->bandwidthcapacity < 51200) {
+        reset_bandwidth_test();
+      }
+      first_time = 0;
+#define BANDWIDTH_RECHECK_INTERVAL (12*60*60)
+      return BANDWIDTH_RECHECK_INTERVAL;
+    }
   }
+  return CHECK_DESCRIPTOR_INTERVAL;
+}
 
-  /* 2c. Let directory voting happen. */
-  if (authdir_mode_v3(options))
-    dirvote_act(options, now);
-
-  /* 3a. Every second, we examine pending circuits and prune the
-   *    ones which have been pending for more than a few seconds.
-   *    We do this before step 4, so it can try building more if
-   *    it's not comfortable with the number of available circuits.
-   */
-  /* (If our circuit build timeout can ever become lower than a second (which
-   * it can't, currently), we should do this more often.) */
-  circuit_expire_building();
-
-  /* 3b. Also look at pending streams and prune the ones that 'began'
-   *     a long time ago but haven't gotten a 'connected' yet.
-   *     Do this before step 4, so we can put them back into pending
-   *     state to be picked up by the new circuit.
-   */
-  connection_ap_expire_beginning();
-
-  /* 3c. And expire connections that we've held open for too long.
-   */
-  connection_expire_held_open();
+static int
+fetch_networkstatus_callback(time_t now, const or_options_t *options)
+{
+  /* 2c. Every minute (or every second if TestingTorNetwork, or during
+   * client bootstrap), check whether we want to download any networkstatus
+   * documents. */
+
+  /* How often do we check whether we should download network status
+   * documents? */
+  const int we_are_bootstrapping = networkstatus_consensus_is_bootstrapping(
+                                                                        now);
+  const int prefer_mirrors = !directory_fetches_from_authorities(
+                                                              get_options());
+  int networkstatus_dl_check_interval = 60;
+  /* check more often when testing, or when bootstrapping from mirrors
+   * (connection limits prevent too many connections being made) */
+  if (options->TestingTorNetwork
+      || (we_are_bootstrapping && prefer_mirrors)) {
+    networkstatus_dl_check_interval = 1;
+  }
+
+  if (should_delay_dir_fetches(options, NULL))
+    return PERIODIC_EVENT_NO_UPDATE;
+
+  update_networkstatus_downloads(now);
+  return networkstatus_dl_check_interval;
+}
 
+static int
+retry_listeners_callback(time_t now, const or_options_t *options)
+{
+  (void)now;
+  (void)options;
   /* 3d. And every 60 seconds, we relaunch listeners if any died. */
-  if (!net_is_disabled() && time_to_check_listeners < now) {
+  if (!net_is_disabled()) {
     retry_all_listeners(NULL, NULL, 0);
-    time_to_check_listeners = now+60;
-  }
-
-  /* 4. Every second, we try a new circuit if there are no valid
-   *    circuits. Every NewCircuitPeriod seconds, we expire circuits
-   *    that became dirty more than MaxCircuitDirtiness seconds ago,
-   *    and we make a new circ if there are no clean circuits.
-   */
-  have_dir_info = router_have_minimum_dir_info();
-  if (have_dir_info && !net_is_disabled()) {
-    circuit_build_needed_circs(now);
-  } else {
-    circuit_expire_old_circs_as_needed(now);
-  }
-
-  /* every 10 seconds, but not at the same second as other such events */
-  if (now % 10 == 5)
-    circuit_expire_old_circuits_serverside(now);
-
-  /* 5. We do housekeeping for each connection... */
-  connection_or_set_bad_connections(NULL, 0);
-  for (i=0;i<smartlist_len(connection_array);i++) {
-    run_connection_housekeeping(i, now);
+    return 60;
   }
-  if (time_to_shrink_memory < now) {
-    SMARTLIST_FOREACH(connection_array, connection_t *, conn, {
-        if (conn->outbuf)
-          buf_shrink(conn->outbuf);
-        if (conn->inbuf)
-          buf_shrink(conn->inbuf);
-      });
-#ifdef ENABLE_MEMPOOL
-    clean_cell_pool();
-#endif /* ENABLE_MEMPOOL */
-    buf_shrink_freelists(0);
-/** How often do we check buffers and pools for empty space that can be
- * deallocated? */
-#define MEM_SHRINK_INTERVAL (60)
-    time_to_shrink_memory = now + MEM_SHRINK_INTERVAL;
-  }
-
-  /* 6. And remove any marked circuits... */
-  circuit_close_all_marked();
-
-  /* 7. And upload service descriptors if necessary. */
-  if (can_complete_circuit && !net_is_disabled()) {
-    rend_consider_services_upload(now);
-    rend_consider_descriptor_republication();
-  }
-
-  /* 8. and blow away any connections that need to die. have to do this now,
-   * because if we marked a conn for close and left its socket -1, then
-   * we'll pass it to poll/select and bad things will happen.
-   */
-  close_closeable_connections();
-
-  /* 8b. And if anything in our state is ready to get flushed to disk, we
-   * flush it. */
-  or_state_save(now);
+  return PERIODIC_EVENT_NO_UPDATE;
+}
 
-  /* 8c. Do channel cleanup just like for connections */
-  channel_run_cleanup();
-  channel_listener_run_cleanup();
+static int
+expire_old_ciruits_serverside_callback(time_t now, const or_options_t *options)
+{
+  (void)options;
+  /* every 11 seconds, so not usually the same second as other such events */
+  circuit_expire_old_circuits_serverside(now);
+  return 11;
+}
 
+static int
+check_dns_honesty_callback(time_t now, const or_options_t *options)
+{
+  (void)now;
   /* 9. and if we're an exit node, check whether our DNS is telling stories
    * to us. */
-  if (!net_is_disabled() &&
-      public_server_mode(options) &&
-      time_to_check_for_correct_dns < now &&
-      ! router_my_exit_policy_is_reject_star()) {
-    if (!time_to_check_for_correct_dns) {
-      time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120);
-    } else {
-      dns_launch_correctness_checks();
-      time_to_check_for_correct_dns = now + 12*3600 +
-        crypto_rand_int(12*3600);
-    }
+  if (net_is_disabled() ||
+      ! public_server_mode(options) ||
+      router_my_exit_policy_is_reject_star())
+    return PERIODIC_EVENT_NO_UPDATE;
+
+  static int first_time = 1;
+  if (first_time) {
+    /* Don't launch right when we start */
+    first_time = 0;
+    return crypto_rand_int_range(60, 180);
   }
 
+  dns_launch_correctness_checks();
+  return 12*3600 + crypto_rand_int(12*3600);
+}
+
+static int
+write_bridge_ns_callback(time_t now, const or_options_t *options)
+{
   /* 10. write bridge networkstatus file to disk */
-  if (options->BridgeAuthoritativeDir &&
-      time_to_write_bridge_status_file < now) {
+  if (options->BridgeAuthoritativeDir) {
     networkstatus_dump_bridge_status_to_file(now);
 #define BRIDGE_STATUSFILE_INTERVAL (30*60)
-    time_to_write_bridge_status_file = now+BRIDGE_STATUSFILE_INTERVAL;
+     return BRIDGE_STATUSFILE_INTERVAL;
   }
+  return PERIODIC_EVENT_NO_UPDATE;
+}
 
+static int
+check_fw_helper_app_callback(time_t now, const or_options_t *options)
+{
+  if (net_is_disabled() ||
+      ! server_mode(options) ||
+      ! options->PortForwarding) {
+    return PERIODIC_EVENT_NO_UPDATE;
+  }
   /* 11. check the port forwarding app */
-  if (!net_is_disabled() &&
-      time_to_check_port_forwarding < now &&
-      options->PortForwarding &&
-      is_server) {
+
 #define PORT_FORWARDING_CHECK_INTERVAL 5
-    smartlist_t *ports_to_forward = get_list_of_ports_to_forward();
-    if (ports_to_forward) {
-      tor_check_port_forwarding(options->PortForwardingHelper,
-                                ports_to_forward,
-                                now);
-
-      SMARTLIST_FOREACH(ports_to_forward, char *, cp, tor_free(cp));
-      smartlist_free(ports_to_forward);
-    }
-    time_to_check_port_forwarding = now+PORT_FORWARDING_CHECK_INTERVAL;
+  smartlist_t *ports_to_forward = get_list_of_ports_to_forward();
+  if (ports_to_forward) {
+    tor_check_port_forwarding(options->PortForwardingHelper,
+                              ports_to_forward,
+                              now);
+
+    SMARTLIST_FOREACH(ports_to_forward, char *, cp, tor_free(cp));
+    smartlist_free(ports_to_forward);
   }
+  return PORT_FORWARDING_CHECK_INTERVAL;
+}
 
-  /* 11b. check pending unconfigured managed proxies */
-  if (!net_is_disabled() && pt_proxies_configuration_pending())
-    pt_configure_remaining_proxies();
+/** Callback to write heartbeat message in the logs. */
+static int
+heartbeat_callback(time_t now, const or_options_t *options)
+{
+  static int first = 1;
+
+  /* Check if heartbeat is disabled */
+  if (!options->HeartbeatPeriod) {
+    return PERIODIC_EVENT_NO_UPDATE;
+  }
 
-  /* 12. write the heartbeat message */
-  if (options->HeartbeatPeriod &&
-      time_to_next_heartbeat <= now) {
-    if (time_to_next_heartbeat) /* don't log the first heartbeat */
-      log_heartbeat(now);
-    time_to_next_heartbeat = now+options->HeartbeatPeriod;
+  /* Write the heartbeat message */
+  if (first) {
+    first = 0; /* Skip the first one. */
+  } else {
+    log_heartbeat(now);
   }
+
+  return options->HeartbeatPeriod;
 }
 
 /** Timer: used to invoke second_elapsed_callback() once per second. */
@@ -1726,17 +2098,18 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg)
   if (server_mode(options) &&
       !net_is_disabled() &&
       seconds_elapsed > 0 &&
-      can_complete_circuit &&
+      have_completed_a_circuit() &&
       stats_n_seconds_working / TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT !=
       (stats_n_seconds_working+seconds_elapsed) /
         TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
     /* every 20 minutes, check and complain if necessary */
     const routerinfo_t *me = router_get_my_routerinfo();
-    if (me && !check_whether_orport_reachable()) {
+    if (me && !check_whether_orport_reachable(options)) {
       char *address = tor_dup_ip(me->addr);
       log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
-               "its ORPort is reachable. Please check your firewalls, ports, "
-               "address, /etc/hosts file, etc.",
+               "its ORPort is reachable. Relays do not publish descriptors "
+               "until their ORPort and DirPort are reachable. Please check "
+               "your firewalls, ports, address, /etc/hosts file, etc.",
                address, me->or_port);
       control_event_server_status(LOG_WARN,
                                   "REACHABILITY_FAILED ORADDRESS=%s:%d",
@@ -1744,12 +2117,13 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg)
       tor_free(address);
     }
 
-    if (me && !check_whether_dirport_reachable()) {
+    if (me && !check_whether_dirport_reachable(options)) {
       char *address = tor_dup_ip(me->addr);
       log_warn(LD_CONFIG,
                "Your server (%s:%d) has not managed to confirm that its "
-               "DirPort is reachable. Please check your firewalls, ports, "
-               "address, /etc/hosts file, etc.",
+               "DirPort is reachable. Relays do not publish descriptors "
+               "until their ORPort and DirPort are reachable. Please check "
+               "your firewalls, ports, address, /etc/hosts file, etc.",
                address, me->dir_port);
       control_event_server_status(LOG_WARN,
                                   "REACHABILITY_FAILED DIRADDRESS=%s:%d",
@@ -1764,8 +2138,6 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg)
   if (seconds_elapsed < -NUM_JUMPED_SECONDS_BEFORE_WARN ||
       seconds_elapsed >= NUM_JUMPED_SECONDS_BEFORE_WARN) {
     circuit_note_clock_jumped(seconds_elapsed);
-    /* XXX if the time jumps *back* many months, do our events in
-     * run_scheduled_events() recover? I don't think they do. -RD */
   } else if (seconds_elapsed > 0)
     stats_n_seconds_working += seconds_elapsed;
 
@@ -1774,6 +2146,19 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg)
   current_second = now; /* remember which second it is, for next time */
 }
 
+#ifdef HAVE_SYSTEMD_209
+static periodic_timer_t *systemd_watchdog_timer = NULL;
+
+/** Libevent callback: invoked to reset systemd watchdog. */
+static void
+systemd_watchdog_callback(periodic_timer_t *timer, void *arg)
+{
+  (void)timer;
+  (void)arg;
+  sd_notify(0, "WATCHDOG=1");
+}
+#endif
+
 #ifndef USE_BUFFEREVENTS
 /** Timer: used to invoke refill_callback(). */
 static periodic_timer_t *refill_timer = NULL;
@@ -1848,12 +2233,15 @@ got_libevent_error(void)
 void
 ip_address_changed(int at_interface)
 {
-  int server = server_mode(get_options());
+  const or_options_t *options = get_options();
+  int server = server_mode(options);
+  int exit_reject_private = (server && options->ExitRelay
+                             && options->ExitPolicyRejectPrivate);
 
   if (at_interface) {
     if (! server) {
       /* Okay, change our keys. */
-      if (init_keys()<0)
+      if (init_keys_client() < 0)
         log_warn(LD_GENERAL, "Unable to rotate keys after IP change!");
     }
   } else {
@@ -1862,10 +2250,15 @@ ip_address_changed(int at_interface)
         reset_bandwidth_test();
       stats_n_seconds_working = 0;
       router_reset_reachability();
-      mark_my_descriptor_dirty("IP address changed");
     }
   }
 
+  /* Exit relays incorporate interface addresses in their exit policies when
+   * ExitPolicyRejectPrivate is set */
+  if (exit_reject_private || (server && !at_interface)) {
+    mark_my_descriptor_dirty("IP address changed");
+  }
+
   dns_servers_relaunch_checks();
 }
 
@@ -1876,7 +2269,10 @@ dns_servers_relaunch_checks(void)
 {
   if (server_mode(get_options())) {
     dns_reset_correctness_checks();
-    time_to_check_for_correct_dns = 0;
+    if (periodic_events_initialized) {
+      tor_assert(check_dns_honesty_event);
+      periodic_event_reschedule(check_dns_honesty_event);
+    }
   }
 }
 
@@ -1908,6 +2304,10 @@ do_hup(void)
       return -1;
     }
     options = get_options(); /* they have changed now */
+    /* Logs are only truncated the first time they are opened, but were
+       probably intended to be cleaned up on signal. */
+    if (options->TruncateLogFile)
+      truncate_logs();
   } else {
     char *msg = NULL;
     log_notice(LD_GENERAL, "Not reloading config file: the controller told "
@@ -1944,9 +2344,17 @@ do_hup(void)
    * force a retry there. */
 
   if (server_mode(options)) {
-    /* Restart cpuworker and dnsworker processes, so they get up-to-date
+    /* Maybe we've been given a new ed25519 key or certificate?
+     */
+    time_t now = approx_time();
+    if (load_ed_keys(options, now) < 0 ||
+         generate_ed_link_cert(options, now)) {
+      log_warn(LD_OR, "Problem reloading Ed25519 keys; still using old keys.");
+    }
+
+    /* Update cpuworker and dnsworker processes, so they get up-to-date
      * configuration options. */
-    cpuworkers_rotate();
+    cpuworkers_rotate_keyinfo();
     dns_reset();
   }
   return 0;
@@ -1956,9 +2364,15 @@ do_hup(void)
 int
 do_main_loop(void)
 {
-  int loop_result;
   time_t now;
 
+  /* initialize the periodic events first, so that code that depends on the
+   * events being present does not assert.
+   */
+  if (! periodic_events_initialized) {
+    initialize_periodic_events();
+  }
+
   /* initialize dns resolve map, spawn workers if needed */
   if (dns_init() < 0) {
     if (get_options()->ServerDNSAllowBrokenConfig)
@@ -1983,16 +2397,11 @@ do_main_loop(void)
    * TLS context. */
   if (! client_identity_key_is_set()) {
     if (init_keys() < 0) {
-      log_err(LD_BUG,"Error initializing keys; exiting");
+      log_err(LD_OR, "Error initializing keys; exiting");
       return -1;
     }
   }
 
-#ifdef ENABLE_MEMPOOLS
-  /* Set up the packed_cell_t memory pool. */
-  init_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
-
   /* Set up our buckets */
   connection_bucket_init();
 #ifndef USE_BUFFEREVENTS
@@ -2003,6 +2412,34 @@ do_main_loop(void)
   /* initialize the bootstrap status events to know we're starting up */
   control_event_bootstrap(BOOTSTRAP_STATUS_STARTING, 0);
 
+  /* Initialize the keypinning log. */
+  if (authdir_mode_v3(get_options())) {
+    char *fname = get_datadir_fname("key-pinning-journal");
+    int r = 0;
+    if (keypin_load_journal(fname)<0) {
+      log_err(LD_DIR, "Error loading key-pinning journal: %s",strerror(errno));
+      r = -1;
+    }
+    if (keypin_open_journal(fname)<0) {
+      log_err(LD_DIR, "Error opening key-pinning journal: %s",strerror(errno));
+      r = -1;
+    }
+    tor_free(fname);
+    if (r)
+      return r;
+  }
+  {
+    /* This is the old name for key-pinning-journal.  These got corrupted
+     * in a couple of cases by #16530, so we started over. See #16580 for
+     * the rationale and for other options we didn't take.  We can remove
+     * this code once all the authorities that ran 0.2.7.1-alpha-dev are
+     * upgraded.
+     */
+    char *fname = get_datadir_fname("key-pinning-entries");
+    unlink(fname);
+    tor_free(fname);
+  }
+
   if (trusted_dirs_reload_certs()) {
     log_warn(LD_DIR,
              "Couldn't load all cached v3 certificates. Starting anyway.");
@@ -2018,7 +2455,7 @@ do_main_loop(void)
    * appropriate.)
    */
   now = time(NULL);
-  directory_info_has_arrived(now, 1);
+  directory_info_has_arrived(now, 1, 0);
 
   if (server_mode(get_options())) {
     /* launch cpuworkers. Need to do this *after* we've read the onion key. */
@@ -2038,6 +2475,28 @@ do_main_loop(void)
     tor_assert(second_timer);
   }
 
+#ifdef HAVE_SYSTEMD_209
+  uint64_t watchdog_delay;
+  /* set up systemd watchdog notification. */
+  if (sd_watchdog_enabled(1, &watchdog_delay) > 0) {
+    if (! systemd_watchdog_timer) {
+      struct timeval watchdog;
+      /* The manager will "act on" us if we don't send them a notification
+       * every 'watchdog_delay' microseconds.  So, send notifications twice
+       * that often.  */
+      watchdog_delay /= 2;
+      watchdog.tv_sec = watchdog_delay  / 1000000;
+      watchdog.tv_usec = watchdog_delay % 1000000;
+
+      systemd_watchdog_timer = periodic_timer_new(tor_libevent_get_base(),
+                                                  &watchdog,
+                                                  systemd_watchdog_callback,
+                                                  NULL);
+      tor_assert(systemd_watchdog_timer);
+    }
+  }
+#endif
+
 #ifndef USE_BUFFEREVENTS
   if (!refill_timer) {
     struct timeval refill_interval;
@@ -2054,70 +2513,115 @@ do_main_loop(void)
   }
 #endif
 
-  for (;;) {
-    if (nt_service_is_stopping())
-      return 0;
+#ifdef HAVE_SYSTEMD
+  {
+    const int r = sd_notify(0, "READY=1");
+    if (r < 0) {
+      log_warn(LD_GENERAL, "Unable to send readiness to systemd: %s",
+               strerror(r));
+    } else if (r > 0) {
+      log_notice(LD_GENERAL, "Signaled readiness to systemd");
+    } else {
+      log_info(LD_GENERAL, "Systemd NOTIFY_SOCKET not present.");
+    }
+  }
+#endif
+
+  return run_main_loop_until_done();
+}
+
+/**
+ * Run the main loop a single time. Return 0 for "exit"; -1 for "exit with
+ * error", and 1 for "run this again."
+ */
+static int
+run_main_loop_once(void)
+{
+  int loop_result;
+
+  if (nt_service_is_stopping())
+    return 0;
 
 #ifndef _WIN32
-    /* Make it easier to tell whether libevent failure is our fault or not. */
-    errno = 0;
+  /* Make it easier to tell whether libevent failure is our fault or not. */
+  errno = 0;
 #endif
-    /* All active linked conns should get their read events activated. */
-    SMARTLIST_FOREACH(active_linked_connection_lst, connection_t *, conn,
-                      event_active(conn->read_event, EV_READ, 1));
-    called_loop_once = smartlist_len(active_linked_connection_lst) ? 1 : 0;
-
-    update_approx_time(time(NULL));
-
-    /* poll until we have an event, or the second ends, or until we have
-     * some active linked connections to trigger events for. */
-    loop_result = event_base_loop(tor_libevent_get_base(),
-                                  called_loop_once ? EVLOOP_ONCE : 0);
-
-    /* let catch() handle things like ^c, and otherwise don't worry about it */
-    if (loop_result < 0) {
-      int e = tor_socket_errno(-1);
-      /* let the program survive things like ^z */
-      if (e != EINTR && !ERRNO_IS_EINPROGRESS(e)) {
-        log_err(LD_NET,"libevent call with %s failed: %s [%d]",
-                tor_libevent_get_method(), tor_socket_strerror(e), e);
-        return -1;
+  /* All active linked conns should get their read events activated. */
+  SMARTLIST_FOREACH(active_linked_connection_lst, connection_t *, conn,
+                    event_active(conn->read_event, EV_READ, 1));
+  called_loop_once = smartlist_len(active_linked_connection_lst) ? 1 : 0;
+
+  update_approx_time(time(NULL));
+
+  /* poll until we have an event, or the second ends, or until we have
+   * some active linked connections to trigger events for. */
+  loop_result = event_base_loop(tor_libevent_get_base(),
+                                called_loop_once ? EVLOOP_ONCE : 0);
+
+  /* let catch() handle things like ^c, and otherwise don't worry about it */
+  if (loop_result < 0) {
+    int e = tor_socket_errno(-1);
+    /* let the program survive things like ^z */
+    if (e != EINTR && !ERRNO_IS_EINPROGRESS(e)) {
+      log_err(LD_NET,"libevent call with %s failed: %s [%d]",
+              tor_libevent_get_method(), tor_socket_strerror(e), e);
+      return -1;
 #ifndef _WIN32
-      } else if (e == EINVAL) {
-        log_warn(LD_NET, "EINVAL from libevent: should you upgrade libevent?");
-        if (got_libevent_error())
-          return -1;
+    } else if (e == EINVAL) {
+      log_warn(LD_NET, "EINVAL from libevent: should you upgrade libevent?");
+      if (got_libevent_error())
+        return -1;
 #endif
-      } else {
-        if (ERRNO_IS_EINPROGRESS(e))
-          log_warn(LD_BUG,
-                   "libevent call returned EINPROGRESS? Please report.");
-        log_debug(LD_NET,"libevent call interrupted.");
-        /* You can't trust the results of this poll(). Go back to the
-         * top of the big for loop. */
-        continue;
-      }
+    } else {
+      if (ERRNO_IS_EINPROGRESS(e))
+        log_warn(LD_BUG,
+                 "libevent call returned EINPROGRESS? Please report.");
+      log_debug(LD_NET,"libevent call interrupted.");
+      /* You can't trust the results of this poll(). Go back to the
+       * top of the big for loop. */
+      return 1;
     }
   }
+
+  /* This will be pretty fast if nothing new is pending. Note that this gets
+   * called once per libevent loop, which will make it happen once per group
+   * of events that fire, or once per second. */
+  connection_ap_attach_pending(0);
+
+  return 1;
+}
+
+/** Run the run_main_loop_once() function until it declares itself done,
+ * and return its final return value.
+ *
+ * Shadow won't invoke this function, so don't fill it up with things.
+ */
+static int
+run_main_loop_until_done(void)
+{
+  int loop_result = 1;
+  do {
+    loop_result = run_main_loop_once();
+  } while (loop_result == 1);
+  return loop_result;
 }
 
-#ifndef _WIN32 /* Only called when we're willing to use signals */
 /** Libevent callback: invoked when we get a signal.
  */
 static void
-signal_callback(int fd, short events, void *arg)
+signal_callback(evutil_socket_t fd, short events, void *arg)
 {
-  uintptr_t sig = (uintptr_t)arg;
+  const int *sigptr = arg;
+  const int sig = *sigptr;
   (void)fd;
   (void)events;
 
   process_signal(sig);
 }
-#endif
 
 /** Do the work of acting on a signal received in <b>sig</b> */
-void
-process_signal(uintptr_t sig)
+static void
+process_signal(int sig)
 {
   switch (sig)
     {
@@ -2132,6 +2636,9 @@ process_signal(uintptr_t sig)
         tor_cleanup();
         exit(0);
       }
+#ifdef HAVE_SYSTEMD
+      sd_notify(0, "STOPPING=1");
+#endif
       hibernate_begin_shutdown();
       break;
 #ifdef SIGPIPE
@@ -2151,11 +2658,17 @@ process_signal(uintptr_t sig)
       control_event_signal(sig);
       break;
     case SIGHUP:
+#ifdef HAVE_SYSTEMD
+      sd_notify(0, "RELOADING=1");
+#endif
       if (do_hup() < 0) {
         log_warn(LD_CONFIG,"Restart failed (config error?). Exiting.");
         tor_cleanup();
         exit(1);
       }
+#ifdef HAVE_SYSTEMD
+      sd_notify(0, "READY=1");
+#endif
       control_event_signal(sig);
       break;
 #ifdef SIGCHLD
@@ -2179,6 +2692,10 @@ process_signal(uintptr_t sig)
       addressmap_clear_transient();
       control_event_signal(sig);
       break;
+    case SIGHEARTBEAT:
+      log_heartbeat(time(NULL));
+      control_event_signal(sig);
+      break;
   }
 }
 
@@ -2204,7 +2721,6 @@ dumpmemusage(int severity)
   dump_routerlist_mem_usage(severity);
   dump_cell_pool_usage(severity);
   dump_dns_mem_usage(severity);
-  buf_dump_freelist_sizes(severity);
   tor_log_mallinfo(severity);
 }
 
@@ -2246,12 +2762,13 @@ dumpstats(int severity)
       if (conn->type == CONN_TYPE_OR) {
         or_connection_t *or_conn = TO_OR_CONN(conn);
         if (or_conn->tls) {
-          tor_tls_get_buffer_sizes(or_conn->tls, &rbuf_cap, &rbuf_len,
-                                   &wbuf_cap, &wbuf_len);
-          tor_log(severity, LD_GENERAL,
-              "Conn %d: %d/%d bytes used on OpenSSL read buffer; "
-              "%d/%d bytes used on write buffer.",
-              i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
+          if (tor_tls_get_buffer_sizes(or_conn->tls, &rbuf_cap, &rbuf_len,
+                                       &wbuf_cap, &wbuf_len) == 0) {
+            tor_log(severity, LD_GENERAL,
+                "Conn %d: %d/%d bytes used on OpenSSL read buffer; "
+                "%d/%d bytes used on write buffer.",
+                i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
+          }
         }
       }
     }
@@ -2328,35 +2845,73 @@ exit_function(void)
 #endif
 }
 
-/** Set up the signal handlers for either parent or child. */
+#ifdef _WIN32
+#define UNIX_ONLY 0
+#else
+#define UNIX_ONLY 1
+#endif
+static struct {
+  int signal_value;
+  int try_to_register;
+  struct event *signal_event;
+} signal_handlers[] = {
+#ifdef SIGINT
+  { SIGINT, UNIX_ONLY, NULL }, /* do a controlled slow shutdown */
+#endif
+#ifdef SIGTERM
+  { SIGTERM, UNIX_ONLY, NULL }, /* to terminate now */
+#endif
+#ifdef SIGPIPE
+  { SIGPIPE, UNIX_ONLY, NULL }, /* otherwise SIGPIPE kills us */
+#endif
+#ifdef SIGUSR1
+  { SIGUSR1, UNIX_ONLY, NULL }, /* dump stats */
+#endif
+#ifdef SIGUSR2
+  { SIGUSR2, UNIX_ONLY, NULL }, /* go to loglevel debug */
+#endif
+#ifdef SIGHUP
+  { SIGHUP, UNIX_ONLY, NULL }, /* to reload config, retry conns, etc */
+#endif
+#ifdef SIGXFSZ
+  { SIGXFSZ, UNIX_ONLY, NULL }, /* handle file-too-big resource exhaustion */
+#endif
+#ifdef SIGCHLD
+  { SIGCHLD, UNIX_ONLY, NULL }, /* handle dns/cpu workers that exit */
+#endif
+  /* These are controller-only */
+  { SIGNEWNYM, 0, NULL },
+  { SIGCLEARDNSCACHE, 0, NULL },
+  { SIGHEARTBEAT, 0, NULL },
+  { -1, -1, NULL }
+};
+
+/** Set up the signal handlers for either parent or child process */
 void
 handle_signals(int is_parent)
 {
-#ifndef _WIN32 /* do signal stuff only on Unix */
   int i;
-  static const int signals[] = {
-    SIGINT,  /* do a controlled slow shutdown */
-    SIGTERM, /* to terminate now */
-    SIGPIPE, /* otherwise SIGPIPE kills us */
-    SIGUSR1, /* dump stats */
-    SIGUSR2, /* go to loglevel debug */
-    SIGHUP,  /* to reload config, retry conns, etc */
-#ifdef SIGXFSZ
-    SIGXFSZ, /* handle file-too-big resource exhaustion */
-#endif
-    SIGCHLD, /* handle dns/cpu workers that exit */
-    -1 };
-  static struct event *signal_events[16]; /* bigger than it has to be. */
   if (is_parent) {
-    for (i = 0; signals[i] >= 0; ++i) {
-      signal_events[i] = tor_evsignal_new(
-                       tor_libevent_get_base(), signals[i], signal_callback,
-                       (void*)(uintptr_t)signals[i]);
-      if (event_add(signal_events[i], NULL))
-        log_warn(LD_BUG, "Error from libevent when adding event for signal %d",
-                 signals[i]);
+    for (i = 0; signal_handlers[i].signal_value >= 0; ++i) {
+      if (signal_handlers[i].try_to_register) {
+        signal_handlers[i].signal_event =
+          tor_evsignal_new(tor_libevent_get_base(),
+                           signal_handlers[i].signal_value,
+                           signal_callback,
+                           &signal_handlers[i].signal_value);
+        if (event_add(signal_handlers[i].signal_event, NULL))
+          log_warn(LD_BUG, "Error from libevent when adding "
+                   "event for signal %d",
+                   signal_handlers[i].signal_value);
+      } else {
+        signal_handlers[i].signal_event =
+          tor_event_new(tor_libevent_get_base(), -1,
+                        EV_SIGNAL, signal_callback,
+                        &signal_handlers[i].signal_value);
+      }
     }
   } else {
+#ifndef _WIN32
     struct sigaction action;
     action.sa_flags = 0;
     sigemptyset(&action.sa_mask);
@@ -2370,10 +2925,21 @@ handle_signals(int is_parent)
 #ifdef SIGXFSZ
     sigaction(SIGXFSZ, &action, NULL);
 #endif
+#endif
+  }
+}
+
+/* Make sure the signal handler for signal_num will be called. */
+void
+activate_signal(int signal_num)
+{
+  int i;
+  for (i = 0; signal_handlers[i].signal_value >= 0; ++i) {
+    if (signal_handlers[i].signal_value == signal_num) {
+      event_active(signal_handlers[i].signal_event, EV_SIGNAL, 1);
+      return;
+    }
   }
-#else /* MS windows */
-  (void)is_parent;
-#endif /* signal stuff */
 }
 
 /** Main entry point for the Tor command-line client.
@@ -2415,10 +2981,11 @@ tor_init(int argc, char *argv[])
       if (!strcmp(cl->key, "--quiet") ||
           !strcmp(cl->key, "--dump-config"))
         quiet = 2;
-      /* --version, --digests, and --help imply --hush */
+      /* The following options imply --hush */
       if (!strcmp(cl->key, "--version") || !strcmp(cl->key, "--digests") ||
           !strcmp(cl->key, "--list-torrc-options") ||
           !strcmp(cl->key, "--library-versions") ||
+          !strcmp(cl->key, "--hash-password") ||
           !strcmp(cl->key, "-h") || !strcmp(cl->key, "--help")) {
         if (quiet < 1)
           quiet = 1;
@@ -2595,8 +3162,8 @@ tor_free_all(int postfork)
   channel_tls_free_all();
   channel_free_all();
   connection_free_all();
-  buf_shrink_freelists(1);
-  memarea_clear_freelist();
+  connection_edge_free_all();
+  scheduler_free_all();
   nodelist_free_all();
   microdesc_free_all();
   ext_orport_free_all();
@@ -2606,11 +3173,9 @@ tor_free_all(int postfork)
     config_free_all();
     or_state_free_all();
     router_free_all();
+    routerkeys_free_all();
     policies_free_all();
   }
-#ifdef ENABLE_MEMPOOLS
-  free_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
   if (!postfork) {
     tor_tls_free_all();
 #ifndef _WIN32
@@ -2623,6 +3188,7 @@ tor_free_all(int postfork)
   smartlist_free(closeable_connection_lst);
   smartlist_free(active_linked_connection_lst);
   periodic_timer_free(second_timer);
+  teardown_periodic_events();
 #ifndef USE_BUFFEREVENTS
   periodic_timer_free(refill_timer);
 #endif
@@ -2666,6 +3232,7 @@ tor_cleanup(void)
     or_state_save(now);
     if (authdir_mode_tests_reachability(options))
       rep_hist_record_mtbf_data(now, 0);
+    keypin_close_journal();
   }
 #ifdef USE_DMALLOC
   dmalloc_log_stats();
@@ -2688,6 +3255,7 @@ do_list_fingerprint(void)
   char buf[FINGERPRINT_LEN+1];
   crypto_pk_t *k;
   const char *nickname = get_options()->Nickname;
+  sandbox_disable_getaddrinfo_cache();
   if (!server_mode(get_options())) {
     log_err(LD_GENERAL,
             "Clients don't have long-term identity keys. Exiting.");
@@ -2695,7 +3263,7 @@ do_list_fingerprint(void)
   }
   tor_assert(nickname);
   if (init_keys() < 0) {
-    log_err(LD_BUG,"Error initializing keys; can't display fingerprint");
+    log_err(LD_GENERAL,"Error initializing keys; exiting.");
     return -1;
   }
   if (!(k = get_server_identity_key())) {
@@ -2717,11 +3285,11 @@ do_hash_password(void)
 {
 
   char output[256];
-  char key[S2K_SPECIFIER_LEN+DIGEST_LEN];
+  char key[S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN];
 
-  crypto_rand(key, S2K_SPECIFIER_LEN-1);
-  key[S2K_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */
-  secret_to_key(key+S2K_SPECIFIER_LEN, DIGEST_LEN,
+  crypto_rand(key, S2K_RFC2440_SPECIFIER_LEN-1);
+  key[S2K_RFC2440_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */
+  secret_to_key_rfc2440(key+S2K_RFC2440_SPECIFIER_LEN, DIGEST_LEN,
                 get_options()->command_arg, strlen(get_options()->command_arg),
                 key);
   base16_encode(output, sizeof(output), key, sizeof(key));
@@ -2737,6 +3305,7 @@ do_dump_config(void)
   const char *arg = options->command_arg;
   int how;
   char *opts;
+
   if (!strcmp(arg, "short")) {
     how = OPTIONS_DUMP_MINIMAL;
   } else if (!strcmp(arg, "non-builtin")) {
@@ -2744,8 +3313,9 @@ do_dump_config(void)
   } else if (!strcmp(arg, "full")) {
     how = OPTIONS_DUMP_ALL;
   } else {
-    printf("%s is not a recognized argument to --dump-config. "
-           "Please select 'short', 'non-builtin', or 'full'", arg);
+    fprintf(stderr, "No valid argument to --dump-config found!\n");
+    fprintf(stderr, "Please select 'short', 'non-builtin', or 'full'.\n");
+
     return -1;
   }
 
@@ -2756,34 +3326,16 @@ do_dump_config(void)
   return 0;
 }
 
-#if defined (WINCE)
-int
-find_flashcard_path(PWCHAR path, size_t size)
-{
-  WIN32_FIND_DATA d = {0};
-  HANDLE h = NULL;
-
-  if (!path)
-    return -1;
-
-  h = FindFirstFlashCard(&d);
-  if (h == INVALID_HANDLE_VALUE)
-    return -1;
-
-  if (wcslen(d.cFileName) == 0) {
-    FindClose(h);
-    return -1;
-  }
-
-  wcsncpy(path,d.cFileName,size);
-  FindClose(h);
-  return 0;
-}
-#endif
-
 static void
 init_addrinfo(void)
 {
+  if (! server_mode(get_options()) ||
+      (get_options()->Address && strlen(get_options()->Address) > 0)) {
+    /* We don't need to seed our own hostname, because we won't be calling
+     * resolve_my_address on it.
+     */
+    return;
+  }
   char hname[256];
 
   // host name to sandbox
@@ -2801,43 +3353,56 @@ sandbox_init_filter(void)
   sandbox_cfg_allow_openat_filename(&cfg,
       get_datadir_fname("cached-status"));
 
-  sandbox_cfg_allow_open_filename_array(&cfg,
-      get_datadir_fname("cached-certs"),
-      get_datadir_fname("cached-certs.tmp"),
-      get_datadir_fname("cached-consensus"),
-      get_datadir_fname("cached-consensus.tmp"),
-      get_datadir_fname("unverified-consensus"),
-      get_datadir_fname("unverified-consensus.tmp"),
-      get_datadir_fname("unverified-microdesc-consensus"),
-      get_datadir_fname("unverified-microdesc-consensus.tmp"),
-      get_datadir_fname("cached-microdesc-consensus"),
-      get_datadir_fname("cached-microdesc-consensus.tmp"),
-      get_datadir_fname("cached-microdescs"),
-      get_datadir_fname("cached-microdescs.tmp"),
-      get_datadir_fname("cached-microdescs.new"),
-      get_datadir_fname("cached-microdescs.new.tmp"),
-      get_datadir_fname("cached-descriptors"),
-      get_datadir_fname("cached-descriptors.new"),
-      get_datadir_fname("cached-descriptors.tmp"),
-      get_datadir_fname("cached-descriptors.new.tmp"),
-      get_datadir_fname("cached-descriptors.tmp.tmp"),
-      get_datadir_fname("cached-extrainfo"),
-      get_datadir_fname("cached-extrainfo.new"),
-      get_datadir_fname("cached-extrainfo.tmp"),
-      get_datadir_fname("cached-extrainfo.new.tmp"),
-      get_datadir_fname("cached-extrainfo.tmp.tmp"),
-      get_datadir_fname("state.tmp"),
-      get_datadir_fname("unparseable-desc.tmp"),
-      get_datadir_fname("unparseable-desc"),
-      get_datadir_fname("v3-status-votes"),
-      get_datadir_fname("v3-status-votes.tmp"),
-      tor_strdup("/dev/srandom"),
-      tor_strdup("/dev/urandom"),
-      tor_strdup("/dev/random"),
-      tor_strdup("/etc/hosts"),
-      tor_strdup("/proc/meminfo"),
-      NULL, 0
-  );
+#define OPEN(name)                              \
+  sandbox_cfg_allow_open_filename(&cfg, tor_strdup(name))
+
+#define OPEN_DATADIR(name)                      \
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname(name))
+
+#define OPEN_DATADIR2(name, name2)                       \
+  sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname2((name), (name2)))
+
+#define OPEN_DATADIR_SUFFIX(name, suffix) do {  \
+    OPEN_DATADIR(name);                         \
+    OPEN_DATADIR(name suffix);                  \
+  } while (0)
+
+#define OPEN_DATADIR2_SUFFIX(name, name2, suffix) do {  \
+    OPEN_DATADIR2(name, name2);                         \
+    OPEN_DATADIR2(name, name2 suffix);                  \
+  } while (0)
+
+  OPEN(options->DataDirectory);
+  OPEN_DATADIR("keys");
+  OPEN_DATADIR_SUFFIX("cached-certs", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-consensus", ".tmp");
+  OPEN_DATADIR_SUFFIX("unverified-consensus", ".tmp");
+  OPEN_DATADIR_SUFFIX("unverified-microdesc-consensus", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-microdesc-consensus", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-microdescs", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-microdescs.new", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-descriptors", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-descriptors.new", ".tmp");
+  OPEN_DATADIR("cached-descriptors.tmp.tmp");
+  OPEN_DATADIR_SUFFIX("cached-extrainfo", ".tmp");
+  OPEN_DATADIR_SUFFIX("cached-extrainfo.new", ".tmp");
+  OPEN_DATADIR("cached-extrainfo.tmp.tmp");
+  OPEN_DATADIR_SUFFIX("state", ".tmp");
+  OPEN_DATADIR_SUFFIX("unparseable-desc", ".tmp");
+  OPEN_DATADIR_SUFFIX("v3-status-votes", ".tmp");
+  OPEN_DATADIR("key-pinning-journal");
+  OPEN("/dev/srandom");
+  OPEN("/dev/urandom");
+  OPEN("/dev/random");
+  OPEN("/etc/hosts");
+  OPEN("/proc/meminfo");
+
+  if (options->BridgeAuthoritativeDir)
+    OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp");
+
+  if (authdir_mode_handles_descs(options, -1))
+    OPEN_DATADIR("approved-routers");
+
   if (options->ServerDNSResolvConfFile)
     sandbox_cfg_allow_open_filename(&cfg,
                                 tor_strdup(options->ServerDNSResolvConfFile));
@@ -2878,14 +3443,20 @@ sandbox_init_filter(void)
   RENAME_SUFFIX("unparseable-desc", ".tmp");
   RENAME_SUFFIX("v3-status-votes", ".tmp");
 
-  sandbox_cfg_allow_stat_filename_array(&cfg,
-      get_datadir_fname(NULL),
-      get_datadir_fname("lock"),
-      get_datadir_fname("state"),
-      get_datadir_fname("router-stability"),
-      get_datadir_fname("cached-extrainfo.new"),
-      NULL, 0
-  );
+  if (options->BridgeAuthoritativeDir)
+    RENAME_SUFFIX("networkstatus-bridges", ".tmp");
+
+#define STAT_DATADIR(name)                      \
+  sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name))
+
+#define STAT_DATADIR2(name, name2)                                      \
+  sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname2((name), (name2)))
+
+  STAT_DATADIR(NULL);
+  STAT_DATADIR("lock");
+  STAT_DATADIR("state");
+  STAT_DATADIR("router-stability");
+  STAT_DATADIR("cached-extrainfo.new");
 
   {
     smartlist_t *files = smartlist_new();
@@ -2907,7 +3478,8 @@ sandbox_init_filter(void)
       sandbox_cfg_allow_rename(&cfg,
                                tor_strdup(tmp_name), tor_strdup(file_name));
       /* steals references */
-      sandbox_cfg_allow_open_filename_array(&cfg, file_name, tmp_name, NULL);
+      sandbox_cfg_allow_open_filename(&cfg, file_name);
+      sandbox_cfg_allow_open_filename(&cfg, tmp_name);
     });
     SMARTLIST_FOREACH(dirs, char *, dir, {
       /* steals reference */
@@ -2927,6 +3499,20 @@ sandbox_init_filter(void)
     }
   }
 
+  SMARTLIST_FOREACH_BEGIN(get_configured_ports(), port_cfg_t *, port) {
+    if (!port->is_unix_addr)
+      continue;
+    /* When we open an AF_UNIX address, we want permission to open the
+     * directory that holds it. */
+    char *dirname = tor_strdup(port->unix_addr);
+    if (get_parent_directory(dirname) == 0) {
+      OPEN(dirname);
+    }
+    tor_free(dirname);
+    sandbox_cfg_allow_chmod_filename(&cfg, tor_strdup(port->unix_addr));
+    sandbox_cfg_allow_chown_filename(&cfg, tor_strdup(port->unix_addr));
+  } SMARTLIST_FOREACH_END(port);
+
   if (options->DirPortFrontPage) {
     sandbox_cfg_allow_open_filename(&cfg,
                                     tor_strdup(options->DirPortFrontPage));
@@ -2934,38 +3520,39 @@ sandbox_init_filter(void)
 
   // orport
   if (server_mode(get_options())) {
-    sandbox_cfg_allow_open_filename_array(&cfg,
-        get_datadir_fname2("keys", "secret_id_key"),
-        get_datadir_fname2("keys", "secret_onion_key"),
-        get_datadir_fname2("keys", "secret_onion_key_ntor"),
-        get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"),
-        get_datadir_fname2("keys", "secret_id_key.old"),
-        get_datadir_fname2("keys", "secret_onion_key.old"),
-        get_datadir_fname2("keys", "secret_onion_key_ntor.old"),
-        get_datadir_fname2("keys", "secret_onion_key.tmp"),
-        get_datadir_fname2("keys", "secret_id_key.tmp"),
-        get_datadir_fname2("stats", "bridge-stats"),
-        get_datadir_fname2("stats", "bridge-stats.tmp"),
-        get_datadir_fname2("stats", "dirreq-stats"),
-        get_datadir_fname2("stats", "dirreq-stats.tmp"),
-        get_datadir_fname2("stats", "entry-stats"),
-        get_datadir_fname2("stats", "entry-stats.tmp"),
-        get_datadir_fname2("stats", "exit-stats"),
-        get_datadir_fname2("stats", "exit-stats.tmp"),
-        get_datadir_fname2("stats", "buffer-stats"),
-        get_datadir_fname2("stats", "buffer-stats.tmp"),
-        get_datadir_fname2("stats", "conn-stats"),
-        get_datadir_fname2("stats", "conn-stats.tmp"),
-        get_datadir_fname("approved-routers"),
-        get_datadir_fname("fingerprint"),
-        get_datadir_fname("fingerprint.tmp"),
-        get_datadir_fname("hashed-fingerprint"),
-        get_datadir_fname("hashed-fingerprint.tmp"),
-        get_datadir_fname("router-stability"),
-        get_datadir_fname("router-stability.tmp"),
-        tor_strdup("/etc/resolv.conf"),
-        NULL, 0
-    );
+
+    OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp");
+    OPEN_DATADIR2("keys", "secret_id_key.old");
+    OPEN_DATADIR2("keys", "secret_onion_key.old");
+    OPEN_DATADIR2("keys", "secret_onion_key_ntor.old");
+
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_master_id_secret_key", ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_master_id_secret_key_encrypted",
+                         ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_master_id_public_key", ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_signing_secret_key", ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_signing_secret_key_encrypted",
+                         ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_signing_public_key", ".tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "ed25519_signing_cert", ".tmp");
+
+    OPEN_DATADIR2_SUFFIX("stats", "bridge-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "dirreq-stats", ".tmp");
+
+    OPEN_DATADIR2_SUFFIX("stats", "entry-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "exit-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "buffer-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "conn-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "hidserv-stats", ".tmp");
+
+    OPEN_DATADIR("approved-routers");
+    OPEN_DATADIR_SUFFIX("fingerprint", ".tmp");
+    OPEN_DATADIR_SUFFIX("hashed-fingerprint", ".tmp");
+    OPEN_DATADIR_SUFFIX("router-stability", ".tmp");
+
+    OPEN("/etc/resolv.conf");
 
     RENAME_SUFFIX("fingerprint", ".tmp");
     RENAME_SUFFIX2("keys", "secret_onion_key_ntor", ".tmp");
@@ -2979,9 +3566,16 @@ sandbox_init_filter(void)
     RENAME_SUFFIX2("stats", "exit-stats", ".tmp");
     RENAME_SUFFIX2("stats", "buffer-stats", ".tmp");
     RENAME_SUFFIX2("stats", "conn-stats", ".tmp");
+    RENAME_SUFFIX2("stats", "hidserv-stats", ".tmp");
     RENAME_SUFFIX("hashed-fingerprint", ".tmp");
     RENAME_SUFFIX("router-stability", ".tmp");
 
+    RENAME_SUFFIX2("keys", "ed25519_master_id_secret_key", ".tmp");
+    RENAME_SUFFIX2("keys", "ed25519_master_id_secret_key_encrypted", ".tmp");
+    RENAME_SUFFIX2("keys", "ed25519_master_id_public_key", ".tmp");
+    RENAME_SUFFIX2("keys", "ed25519_signing_secret_key", ".tmp");
+    RENAME_SUFFIX2("keys", "ed25519_signing_cert", ".tmp");
+
     sandbox_cfg_allow_rename(&cfg,
              get_datadir_fname2("keys", "secret_onion_key"),
              get_datadir_fname2("keys", "secret_onion_key.old"));
@@ -2989,12 +3583,10 @@ sandbox_init_filter(void)
              get_datadir_fname2("keys", "secret_onion_key_ntor"),
              get_datadir_fname2("keys", "secret_onion_key_ntor.old"));
 
-    sandbox_cfg_allow_stat_filename_array(&cfg,
-        get_datadir_fname("keys"),
-        get_datadir_fname("stats"),
-        get_datadir_fname2("stats", "dirreq-stats"),
-        NULL, 0
-    );
+    STAT_DATADIR("keys");
+    OPEN_DATADIR("stats");
+    STAT_DATADIR("stats");
+    STAT_DATADIR2("stats", "dirreq-stats");
   }
 
   init_addrinfo();
@@ -3009,31 +3601,6 @@ int
 tor_main(int argc, char *argv[])
 {
   int result = 0;
-#if defined (WINCE)
-  WCHAR path [MAX_PATH] = {0};
-  WCHAR fullpath [MAX_PATH] = {0};
-  PWCHAR p = NULL;
-  FILE* redir = NULL;
-  FILE* redirdbg = NULL;
-
-  // this is to facilitate debugging by opening
-  // a file on a folder shared by the wm emulator.
-  // if no flashcard (real or emulated) is present,
-  // log files will be written in the root folder
-  if (find_flashcard_path(path,MAX_PATH) == -1) {
-    redir = _wfreopen( L"\\stdout.log", L"w", stdout );
-    redirdbg = _wfreopen( L"\\stderr.log", L"w", stderr );
-  } else {
-    swprintf(fullpath,L"\\%s\\tor",path);
-    CreateDirectory(fullpath,NULL);
-
-    swprintf(fullpath,L"\\%s\\tor\\stdout.log",path);
-    redir = _wfreopen( fullpath, L"w", stdout );
-
-    swprintf(fullpath,L"\\%s\\tor\\stderr.log",path);
-    redirdbg = _wfreopen( fullpath, L"w", stderr );
-  }
-#endif
 
 #ifdef _WIN32
   /* Call SetProcessDEPPolicy to permanently enable DEP.
@@ -3052,7 +3619,7 @@ tor_main(int argc, char *argv[])
 
   update_approx_time(time(NULL));
   tor_threads_init();
-  init_logging();
+  init_logging(0);
 #ifdef USE_DMALLOC
   {
     /* Instruct OpenSSL to use our internal wrappers for malloc,
@@ -3093,6 +3660,9 @@ tor_main(int argc, char *argv[])
 #endif
     result = do_main_loop();
     break;
+  case CMD_KEYGEN:
+    result = load_ed_keys(get_options(), time(NULL));
+    break;
   case CMD_LIST_FINGERPRINT:
     result = do_list_fingerprint();
     break;
@@ -3101,7 +3671,8 @@ tor_main(int argc, char *argv[])
     result = 0;
     break;
   case CMD_VERIFY_CONFIG:
-    printf("Configuration was valid\n");
+    if (quiet_level == 0)
+      printf("Configuration was valid\n");
     result = 0;
     break;
   case CMD_DUMP_CONFIG:
diff --git a/src/or/main.h b/src/or/main.h
index a3bce3486f..6949376f3e 100644
--- a/src/or/main.h
+++ b/src/or/main.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,7 +12,9 @@
 #ifndef TOR_MAIN_H
 #define TOR_MAIN_H
 
-extern int can_complete_circuit;
+int have_completed_a_circuit(void);
+void note_that_we_completed_a_circuit(void);
+void note_that_we_maybe_cant_complete_circuits(void);
 
 int connection_add_impl(connection_t *conn, int is_connecting);
 #define connection_add(conn) connection_add_impl((conn), 0)
@@ -43,21 +45,25 @@ int connection_is_writing(connection_t *conn);
 MOCK_DECL(void,connection_stop_writing,(connection_t *conn));
 MOCK_DECL(void,connection_start_writing,(connection_t *conn));
 
+void tell_event_loop_to_finish(void);
+
 void connection_stop_reading_from_linked_conn(connection_t *conn);
 
 void directory_all_unreachable(time_t now);
-void directory_info_has_arrived(time_t now, int from_cache);
+void directory_info_has_arrived(time_t now, int from_cache, int suppress_logs);
 
 void ip_address_changed(int at_interface);
 void dns_servers_relaunch_checks(void);
+void reset_all_main_loop_timers(void);
 void reschedule_descriptor_update_check(void);
+void reschedule_directory_downloads(void);
 
 MOCK_DECL(long,get_uptime,(void));
 
 unsigned get_signewnym_epoch(void);
 
 void handle_signals(int is_parent);
-void process_signal(uintptr_t sig);
+void activate_signal(int signal_num);
 
 int try_locking(const or_options_t *options, int err_if_locked);
 int have_lockfile(void);
@@ -74,6 +80,8 @@ int tor_init(int argc, char **argv);
 #ifdef MAIN_PRIVATE
 STATIC void init_connection_lists(void);
 STATIC void close_closeable_connections(void);
+STATIC void initialize_periodic_events(void);
+STATIC void teardown_periodic_events(void);
 #endif
 
 #endif
diff --git a/src/or/microdesc.c b/src/or/microdesc.c
index fdb549a9ac..5b5c29a6d2 100644
--- a/src/or/microdesc.c
+++ b/src/or/microdesc.c
@@ -1,6 +1,13 @@
-/* Copyright (c) 2009-2013, The Tor Project, Inc. */
+/* Copyright (c) 2009-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file microdesc.c
+ *
+ * \brief Implements microdescriptors -- an abbreviated description of
+ *  less-frequently-changing router information.
+ */
+
 #include "or.h"
 #include "circuitbuild.h"
 #include "config.h"
@@ -39,17 +46,23 @@ struct microdesc_cache_t {
   uint64_t total_len_seen;
   /** Total number of microdescriptors we have added to this cache */
   unsigned n_seen;
+
+  /** True iff we have loaded this cache from disk ever. */
+  int is_loaded;
 };
 
+static microdesc_cache_t *get_microdesc_cache_noload(void);
+
 /** Helper: computes a hash of <b>md</b> to place it in a hash table. */
-static INLINE unsigned int
+static inline unsigned int
 microdesc_hash_(microdesc_t *md)
 {
   return (unsigned) siphash24g(md->digest, sizeof(md->digest));
 }
 
-/** Helper: compares <b>a</b> and </b> for equality for hash-table purposes. */
-static INLINE int
+/** Helper: compares <b>a</b> and <b>b</b> for equality for hash-table
+ * purposes. */
+static inline int
 microdesc_eq_(microdesc_t *a, microdesc_t *b)
 {
   return tor_memeq(a->digest, b->digest, DIGEST256_LEN);
@@ -57,9 +70,9 @@ microdesc_eq_(microdesc_t *a, microdesc_t *b)
 
 HT_PROTOTYPE(microdesc_map, microdesc_t, node,
              microdesc_hash_, microdesc_eq_);
-HT_GENERATE(microdesc_map, microdesc_t, node,
+HT_GENERATE2(microdesc_map, microdesc_t, node,
              microdesc_hash_, microdesc_eq_, 0.6,
-             malloc, realloc, free);
+             tor_reallocarray_, tor_free_)
 
 /** Write the body of <b>md</b> into <b>f</b>, with appropriate annotations.
  * On success, return the total number of bytes written, and set
@@ -113,12 +126,23 @@ static microdesc_cache_t *the_microdesc_cache = NULL;
 microdesc_cache_t *
 get_microdesc_cache(void)
 {
+  microdesc_cache_t *cache = get_microdesc_cache_noload();
+  if (PREDICT_UNLIKELY(cache->is_loaded == 0)) {
+    microdesc_cache_reload(cache);
+  }
+  return cache;
+}
+
+/** Return a pointer to the microdescriptor cache, creating (but not loading)
+ * it if necessary. */
+static microdesc_cache_t *
+get_microdesc_cache_noload(void)
+{
   if (PREDICT_UNLIKELY(the_microdesc_cache==NULL)) {
-    microdesc_cache_t *cache = tor_malloc_zero(sizeof(microdesc_cache_t));
+    microdesc_cache_t *cache = tor_malloc_zero(sizeof(*cache));
     HT_INIT(microdesc_map, &cache->map);
     cache->cache_fname = get_datadir_fname("cached-microdescs");
     cache->journal_fname = get_datadir_fname("cached-microdescs.new");
-    microdesc_cache_reload(cache);
     the_microdesc_cache = cache;
   }
   return the_microdesc_cache;
@@ -147,40 +171,82 @@ microdescs_add_to_cache(microdesc_cache_t *cache,
                         int no_save, time_t listed_at,
                         smartlist_t *requested_digests256)
 {
+  void * const DIGEST_REQUESTED = (void*)1;
+  void * const DIGEST_RECEIVED = (void*)2;
+  void * const DIGEST_INVALID = (void*)3;
+
   smartlist_t *descriptors, *added;
   const int allow_annotations = (where != SAVED_NOWHERE);
+  smartlist_t *invalid_digests = smartlist_new();
 
   descriptors = microdescs_parse_from_string(s, eos,
                                              allow_annotations,
-                                             where);
+                                             where, invalid_digests);
   if (listed_at != (time_t)-1) {
     SMARTLIST_FOREACH(descriptors, microdesc_t *, md,
                       md->last_listed = listed_at);
   }
   if (requested_digests256) {
-    digestmap_t *requested; /* XXXX actually we should just use a
-                               digest256map */
-    requested = digestmap_new();
-    SMARTLIST_FOREACH(requested_digests256, const char *, cp,
-      digestmap_set(requested, cp, (void*)1));
+    digest256map_t *requested;
+    requested = digest256map_new();
+    /* Set requested[d] to DIGEST_REQUESTED for every md we requested. */
+    SMARTLIST_FOREACH(requested_digests256, const uint8_t *, cp,
+      digest256map_set(requested, cp, DIGEST_REQUESTED));
+    /* Set requested[d] to DIGEST_INVALID for every md we requested which we
+     * will never be able to parse.  Remove the ones we didn't request from
+     * invalid_digests.
+     */
+    SMARTLIST_FOREACH_BEGIN(invalid_digests, uint8_t *, cp) {
+      if (digest256map_get(requested, cp)) {
+        digest256map_set(requested, cp, DIGEST_INVALID);
+      } else {
+        tor_free(cp);
+        SMARTLIST_DEL_CURRENT(invalid_digests, cp);
+      }
+    } SMARTLIST_FOREACH_END(cp);
+    /* Update requested[d] to 2 for the mds we asked for and got. Delete the
+     * ones we never requested from the 'descriptors' smartlist.
+     */
     SMARTLIST_FOREACH_BEGIN(descriptors, microdesc_t *, md) {
-      if (digestmap_get(requested, md->digest)) {
-        digestmap_set(requested, md->digest, (void*)2);
+      if (digest256map_get(requested, (const uint8_t*)md->digest)) {
+        digest256map_set(requested, (const uint8_t*)md->digest,
+                         DIGEST_RECEIVED);
       } else {
         log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Received non-requested microdesc");
         microdesc_free(md);
         SMARTLIST_DEL_CURRENT(descriptors, md);
       }
     } SMARTLIST_FOREACH_END(md);
-    SMARTLIST_FOREACH_BEGIN(requested_digests256, char *, cp) {
-      if (digestmap_get(requested, cp) == (void*)2) {
+    /* Remove the ones we got or the invalid ones from requested_digests256.
+     */
+    SMARTLIST_FOREACH_BEGIN(requested_digests256, uint8_t *, cp) {
+      void *status = digest256map_get(requested, cp);
+      if (status == DIGEST_RECEIVED || status == DIGEST_INVALID) {
         tor_free(cp);
         SMARTLIST_DEL_CURRENT(requested_digests256, cp);
       }
     } SMARTLIST_FOREACH_END(cp);
-    digestmap_free(requested, NULL);
+    digest256map_free(requested, NULL);
   }
 
+  /* For every requested microdescriptor that was unparseable, mark it
+   * as not to be retried. */
+  if (smartlist_len(invalid_digests)) {
+    networkstatus_t *ns =
+      networkstatus_get_latest_consensus_by_flavor(FLAV_MICRODESC);
+    if (ns) {
+      SMARTLIST_FOREACH_BEGIN(invalid_digests, char *, d) {
+        routerstatus_t *rs =
+          router_get_mutable_consensus_status_by_descriptor_digest(ns, d);
+        if (rs && tor_memeq(d, rs->descriptor_digest, DIGEST256_LEN)) {
+          download_status_mark_impossible(&rs->dl_status);
+        }
+      } SMARTLIST_FOREACH_END(d);
+    }
+  }
+  SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
+  smartlist_free(invalid_digests);
+
   added = microdescs_add_list_to_cache(cache, descriptors, where, no_save);
   smartlist_free(descriptors);
   return added;
@@ -311,6 +377,8 @@ microdesc_cache_reload(microdesc_cache_t *cache)
 
   microdesc_cache_clear(cache);
 
+  cache->is_loaded = 1;
+
   mm = cache->cache_content = tor_mmap_file(cache->cache_fname);
   if (mm) {
     added = microdescs_add_to_cache(cache, mm->data, mm->data+mm->size,
@@ -576,6 +644,7 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force)
         microdesc_wipe_body(md);
       }
     }
+    smartlist_free(wrote);
     return -1;
   }
 
@@ -654,7 +723,7 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
   /* Make sure that the microdesc was really removed from the appropriate data
      structures. */
   if (md->held_in_map) {
-    microdesc_cache_t *cache = get_microdesc_cache();
+    microdesc_cache_t *cache = get_microdesc_cache_noload();
     microdesc_t *md2 = HT_FIND(microdesc_map, &cache->map, md);
     if (md2 == md) {
       log_warn(LD_BUG, "microdesc_free() called from %s:%d, but md was still "
@@ -667,7 +736,7 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
     tor_fragile_assert();
   }
   if (md->held_by_nodes) {
-    microdesc_cache_t *cache = get_microdesc_cache();
+    microdesc_cache_t *cache = get_microdesc_cache_noload();
     int found=0;
     const smartlist_t *nodes = nodelist_get_list();
     const int ht_badness = HT_REP_IS_BAD_(microdesc_map, &cache->map);
@@ -695,6 +764,7 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
   if (md->onion_pkey)
     crypto_pk_free(md->onion_pkey);
   tor_free(md->onion_curve25519_pkey);
+  tor_free(md->ed25519_identity_pkey);
   if (md->body && md->saved_location != SAVED_IN_CACHE)
     tor_free(md->body);
 
@@ -751,7 +821,7 @@ microdesc_average_size(microdesc_cache_t *cache)
  * smartlist.  Omit all microdescriptors whose digest appear in <b>skip</b>. */
 smartlist_t *
 microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
-                                 int downloadable_only, digestmap_t *skip)
+                                 int downloadable_only, digest256map_t *skip)
 {
   smartlist_t *result = smartlist_new();
   time_t now = time(NULL);
@@ -763,7 +833,7 @@ microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
         !download_status_is_ready(&rs->dl_status, now,
                   get_options()->TestingMicrodescMaxDownloadTries))
       continue;
-    if (skip && digestmap_get(skip, rs->descriptor_digest))
+    if (skip && digest256map_get(skip, (const uint8_t*)rs->descriptor_digest))
       continue;
     if (tor_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN))
       continue;
@@ -778,7 +848,7 @@ microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
 /** Launch download requests for microdescriptors as appropriate.
  *
  * Specifically, we should launch download requests if we are configured to
- * download mirodescriptors, and there are some microdescriptors listed the
+ * download mirodescriptors, and there are some microdescriptors listed in the
  * current microdesc consensus that we don't have, and either we never asked
  * for them, or we failed to download them but we're willing to retry.
  */
@@ -788,7 +858,7 @@ update_microdesc_downloads(time_t now)
   const or_options_t *options = get_options();
   networkstatus_t *consensus;
   smartlist_t *missing;
-  digestmap_t *pending;
+  digest256map_t *pending;
 
   if (should_delay_dir_fetches(options, NULL))
     return;
@@ -802,14 +872,14 @@ update_microdesc_downloads(time_t now)
   if (!we_fetch_microdescriptors(options))
     return;
 
-  pending = digestmap_new();
+  pending = digest256map_new();
   list_pending_microdesc_downloads(pending);
 
   missing = microdesc_list_missing_digest256(consensus,
                                              get_microdesc_cache(),
                                              1,
                                              pending);
-  digestmap_free(pending, NULL);
+  digest256map_free(pending, NULL);
 
   launch_descriptor_downloads(DIR_PURPOSE_FETCH_MICRODESC,
                               missing, NULL, now);
@@ -885,8 +955,8 @@ we_fetch_router_descriptors(const or_options_t *options)
 }
 
 /** Return the consensus flavor we actually want to use to build circuits. */
-int
-usable_consensus_flavor(void)
+MOCK_IMPL(int,
+usable_consensus_flavor,(void))
 {
   if (we_use_microdescriptors_for_circuits(get_options())) {
     return FLAV_MICRODESC;
diff --git a/src/or/microdesc.h b/src/or/microdesc.h
index 7adb8c68af..40c83139e9 100644
--- a/src/or/microdesc.h
+++ b/src/or/microdesc.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -37,7 +37,7 @@ size_t microdesc_average_size(microdesc_cache_t *cache);
 smartlist_t *microdesc_list_missing_digest256(networkstatus_t *ns,
                                               microdesc_cache_t *cache,
                                               int downloadable_only,
-                                              digestmap_t *skip);
+                                              digest256map_t *skip);
 
 void microdesc_free_(microdesc_t *md, const char *fname, int line);
 #define microdesc_free(md) \
@@ -47,7 +47,7 @@ void microdesc_free_all(void);
 void update_microdesc_downloads(time_t now);
 void update_microdescs_from_networkstatus(time_t now);
 
-int usable_consensus_flavor(void);
+MOCK_DECL(int, usable_consensus_flavor,(void));
 int we_fetch_microdescriptors(const or_options_t *options);
 int we_fetch_router_descriptors(const or_options_t *options);
 int we_use_microdescriptors_for_circuits(const or_options_t *options);
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 890da0ad17..1cedfef9b7 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -83,7 +83,33 @@ static consensus_waiting_for_certs_t
  * before the current consensus becomes invalid. */
 static time_t time_to_download_next_consensus[N_CONSENSUS_FLAVORS];
 /** Download status for the current consensus networkstatus. */
-static download_status_t consensus_dl_status[N_CONSENSUS_FLAVORS];
+static download_status_t consensus_dl_status[N_CONSENSUS_FLAVORS] =
+  {
+    { 0, 0, 0, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER,
+                                   DL_SCHED_INCREMENT_FAILURE },
+    { 0, 0, 0, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER,
+                                   DL_SCHED_INCREMENT_FAILURE },
+  };
+
+#define N_CONSENSUS_BOOTSTRAP_SCHEDULES 2
+#define CONSENSUS_BOOTSTRAP_SOURCE_AUTHORITY 0
+#define CONSENSUS_BOOTSTRAP_SOURCE_ANY_DIRSERVER  1
+
+/* Using DL_SCHED_INCREMENT_ATTEMPT on these schedules means that
+ * download_status_increment_failure won't increment these entries.
+ * However, any bootstrap connection failures that occur after we have
+ * a valid consensus will count against the failure counts on the non-bootstrap
+ * schedules. There should only be one of these, as all the others will have
+ * been cancelled. (This doesn't seem to be a significant issue.) */
+static download_status_t
+              consensus_bootstrap_dl_status[N_CONSENSUS_BOOTSTRAP_SCHEDULES] =
+  {
+    { 0, 0, 0, DL_SCHED_CONSENSUS, DL_WANT_AUTHORITY,
+                                   DL_SCHED_INCREMENT_ATTEMPT },
+    /* During bootstrap, DL_WANT_ANY_DIRSERVER means "use fallbacks". */
+    { 0, 0, 0, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER,
+                                   DL_SCHED_INCREMENT_ATTEMPT },
+  };
 
 /** True iff we have logged a warning about this OR's version being older than
  * listed by the authorities. */
@@ -93,6 +119,9 @@ static int have_warned_about_old_version = 0;
 static int have_warned_about_new_version = 0;
 
 static void routerstatus_list_update_named_server_map(void);
+static void update_consensus_bootstrap_multiple_downloads(
+                                                  time_t now,
+                                                  const or_options_t *options);
 
 /** Forget that we've warned about anything networkstatus-related, so we will
  * give fresh warnings if the same behavior happens again. */
@@ -118,6 +147,9 @@ networkstatus_reset_download_failures(void)
 
   for (i=0; i < N_CONSENSUS_FLAVORS; ++i)
     download_status_reset(&consensus_dl_status[i]);
+
+  for (i=0; i < N_CONSENSUS_BOOTSTRAP_SCHEDULES; ++i)
+    download_status_reset(&consensus_bootstrap_dl_status[i]);
 }
 
 /** Read every cached v3 consensus networkstatus from the disk. */
@@ -253,6 +285,10 @@ networkstatus_vote_free(networkstatus_t *ns)
     SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
     smartlist_free(ns->supported_methods);
   }
+  if (ns->package_lines) {
+    SMARTLIST_FOREACH(ns->package_lines, char *, c, tor_free(c));
+    smartlist_free(ns->package_lines);
+  }
   if (ns->voters) {
     SMARTLIST_FOREACH_BEGIN(ns->voters, networkstatus_voter_info_t *, voter) {
       tor_free(voter->nickname);
@@ -591,10 +627,10 @@ networkstatus_vote_find_entry_idx(networkstatus_t *ns,
 
 /** As router_get_consensus_status_by_descriptor_digest, but does not return
  * a const pointer. */
-routerstatus_t *
-router_get_mutable_consensus_status_by_descriptor_digest(
+MOCK_IMPL(routerstatus_t *,
+router_get_mutable_consensus_status_by_descriptor_digest,(
                                                  networkstatus_t *consensus,
-                                                 const char *digest)
+                                                 const char *digest))
 {
   if (!consensus)
     consensus = current_consensus;
@@ -624,8 +660,8 @@ router_get_consensus_status_by_descriptor_digest(networkstatus_t *consensus,
 
 /** Given the digest of a router descriptor, return its current download
  * status, or NULL if the digest is unrecognized. */
-download_status_t *
-router_get_dl_status_by_descriptor_digest(const char *d)
+MOCK_IMPL(download_status_t *,
+router_get_dl_status_by_descriptor_digest,(const char *d))
 {
   routerstatus_t *rs;
   if (!current_ns_consensus)
@@ -726,6 +762,35 @@ we_want_to_fetch_flavor(const or_options_t *options, int flavor)
  * fetching certs before we check whether there is a better one? */
 #define DELAY_WHILE_FETCHING_CERTS (20*60)
 
+/* Check if a downloaded consensus flavor should still wait for certificates
+ * to download now.
+ * If so, return 1. If not, fail dls and return 0. */
+static int
+check_consensus_waiting_for_certs(int flavor, time_t now,
+                                  download_status_t *dls)
+{
+  consensus_waiting_for_certs_t *waiting;
+
+  /* We should always have a known flavor, because we_want_to_fetch_flavor()
+   * filters out unknown flavors. */
+  tor_assert(flavor >= 0 && flavor < N_CONSENSUS_FLAVORS);
+
+  waiting = &consensus_waiting_for_certs[flavor];
+  if (waiting->consensus) {
+    /* XXXX make sure this doesn't delay sane downloads. */
+    if (waiting->set_at + DELAY_WHILE_FETCHING_CERTS > now) {
+      return 1;
+    } else {
+      if (!waiting->dl_failed) {
+        download_status_failed(dls, 0);
+        waiting->dl_failed=1;
+      }
+    }
+  }
+
+  return 0;
+}
+
 /** If we want to download a fresh consensus, launch a new download as
  * appropriate. */
 static void
@@ -733,12 +798,19 @@ update_consensus_networkstatus_downloads(time_t now)
 {
   int i;
   const or_options_t *options = get_options();
+  const int we_are_bootstrapping = networkstatus_consensus_is_bootstrapping(
+                                                                        now);
+  const int use_multi_conn =
+    networkstatus_consensus_can_use_multiple_directories(options);
+
+  if (should_delay_dir_fetches(options, NULL))
+    return;
 
   for (i=0; i < N_CONSENSUS_FLAVORS; ++i) {
     /* XXXX need some way to download unknown flavors if we are caching. */
     const char *resource;
-    consensus_waiting_for_certs_t *waiting;
     networkstatus_t *c;
+    int max_in_progress_conns = 1;
 
     if (! we_want_to_fetch_flavor(options, i))
       continue;
@@ -754,32 +826,147 @@ update_consensus_networkstatus_downloads(time_t now)
 
     resource = networkstatus_get_flavor_name(i);
 
-    if (!download_status_is_ready(&consensus_dl_status[i], now,
-                             options->TestingConsensusMaxDownloadTries))
-      continue; /* We failed downloading a consensus too recently. */
-    if (connection_dir_get_by_purpose_and_resource(
-                                DIR_PURPOSE_FETCH_CONSENSUS, resource))
-      continue; /* There's an in-progress download.*/
+    /* Check if we already have enough connections in progress */
+    if (we_are_bootstrapping) {
+      max_in_progress_conns =
+        options->ClientBootstrapConsensusMaxInProgressTries;
+    }
+    if (connection_dir_count_by_purpose_and_resource(
+                                                  DIR_PURPOSE_FETCH_CONSENSUS,
+                                                  resource)
+        >= max_in_progress_conns) {
+      continue;
+    }
 
-    waiting = &consensus_waiting_for_certs[i];
-    if (waiting->consensus) {
-      /* XXXX make sure this doesn't delay sane downloads. */
-      if (waiting->set_at + DELAY_WHILE_FETCHING_CERTS > now) {
-        continue; /* We're still getting certs for this one. */
-      } else {
-        if (!waiting->dl_failed) {
-          download_status_failed(&consensus_dl_status[i], 0);
-          waiting->dl_failed=1;
-        }
+    /* Check if we want to launch another download for a usable consensus.
+     * Only used during bootstrap. */
+    if (we_are_bootstrapping && use_multi_conn
+        && i == usable_consensus_flavor()) {
+
+      /* Check if we're already downloading a usable consensus */
+      if (networkstatus_consensus_is_already_downloading(resource))
+        continue;
+
+      /* Make multiple connections for a bootstrap consensus download. */
+      update_consensus_bootstrap_multiple_downloads(now, options);
+    } else {
+      /* Check if we failed downloading a consensus too recently */
+      int max_dl_tries = options->TestingConsensusMaxDownloadTries;
+
+      /* Let's make sure we remembered to update consensus_dl_status */
+      tor_assert(consensus_dl_status[i].schedule == DL_SCHED_CONSENSUS);
+
+      if (!download_status_is_ready(&consensus_dl_status[i],
+                                    now,
+                                    max_dl_tries)) {
+        continue;
       }
+
+      /* Check if we're waiting for certificates to download */
+      if (check_consensus_waiting_for_certs(i, now, &consensus_dl_status[i]))
+        continue;
+
+      /* Try the requested attempt */
+      log_info(LD_DIR, "Launching %s standard networkstatus consensus "
+               "download.", networkstatus_get_flavor_name(i));
+      directory_get_from_dirserver(DIR_PURPOSE_FETCH_CONSENSUS,
+                                   ROUTER_PURPOSE_GENERAL, resource,
+                                   PDS_RETRY_IF_NO_SERVERS,
+                                   consensus_dl_status[i].want_authority);
     }
+  }
+}
 
-    log_info(LD_DIR, "Launching %s networkstatus consensus download.",
-             networkstatus_get_flavor_name(i));
+/** When we're bootstrapping, launch one or more consensus download
+ * connections, if schedule indicates connection(s) should be made after now.
+ * If is_authority, connect to an authority, otherwise, use a fallback
+ * directory mirror.
+ */
+static void
+update_consensus_bootstrap_attempt_downloads(
+                                      time_t now,
+                                      const or_options_t *options,
+                                      download_status_t *dls,
+                                      download_want_authority_t want_authority)
+{
+  int use_fallbacks = networkstatus_consensus_can_use_extra_fallbacks(options);
+  int max_dl_tries = options->ClientBootstrapConsensusMaxDownloadTries;
+  if (!use_fallbacks) {
+    max_dl_tries =
+              options->ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries;
+  }
+
+  const char *resource = networkstatus_get_flavor_name(
+                                                  usable_consensus_flavor());
+
+  /* Let's make sure we remembered to update schedule */
+  tor_assert(dls->schedule == DL_SCHED_CONSENSUS);
+
+  /* Allow for multiple connections in the same second, if the schedule value
+   * is 0. */
+  while (download_status_is_ready(dls, now, max_dl_tries)) {
+    log_info(LD_DIR, "Launching %s bootstrap %s networkstatus consensus "
+             "download.", resource, (want_authority == DL_WANT_AUTHORITY
+                                     ? "authority"
+                                     : "mirror"));
 
     directory_get_from_dirserver(DIR_PURPOSE_FETCH_CONSENSUS,
                                  ROUTER_PURPOSE_GENERAL, resource,
-                                 PDS_RETRY_IF_NO_SERVERS);
+                                 PDS_RETRY_IF_NO_SERVERS, want_authority);
+    /* schedule the next attempt */
+    download_status_increment_attempt(dls, resource, now);
+  }
+}
+
+/** If we're bootstrapping, check the connection schedules and see if we want
+ * to make additional, potentially concurrent, consensus download
+ * connections.
+ * Only call when bootstrapping, and when we want to make additional
+ * connections. Only nodes that satisfy
+ * networkstatus_consensus_can_use_multiple_directories make additional
+ * connections.
+ */
+static void
+update_consensus_bootstrap_multiple_downloads(time_t now,
+                                              const or_options_t *options)
+{
+  const int usable_flavor = usable_consensus_flavor();
+
+  /* make sure we can use multiple connections */
+  if (!networkstatus_consensus_can_use_multiple_directories(options)) {
+    return;
+  }
+
+  /* Launch concurrent consensus download attempt(s) based on the mirror and
+   * authority schedules. Try the mirror first - this makes it slightly more
+   * likely that we'll connect to the fallback first, and then end the
+   * authority connection attempt. */
+
+  /* If a consensus download fails because it's waiting for certificates,
+   * we'll fail both the authority and fallback schedules. This is better than
+   * failing only one of the schedules, and having the other continue
+   * unchecked.
+   */
+
+  /* If we don't have or can't use extra fallbacks, don't try them. */
+  if (networkstatus_consensus_can_use_extra_fallbacks(options)) {
+    download_status_t *dls_f =
+      &consensus_bootstrap_dl_status[CONSENSUS_BOOTSTRAP_SOURCE_ANY_DIRSERVER];
+
+    if (!check_consensus_waiting_for_certs(usable_flavor, now, dls_f)) {
+      /* During bootstrap, DL_WANT_ANY_DIRSERVER means "use fallbacks". */
+      update_consensus_bootstrap_attempt_downloads(now, options, dls_f,
+                                                   DL_WANT_ANY_DIRSERVER);
+    }
+  }
+
+  /* Now try an authority. */
+  download_status_t *dls_a =
+    &consensus_bootstrap_dl_status[CONSENSUS_BOOTSTRAP_SOURCE_AUTHORITY];
+
+  if (!check_consensus_waiting_for_certs(usable_flavor, now, dls_a)) {
+    update_consensus_bootstrap_attempt_downloads(now, options, dls_a,
+                                                 DL_WANT_AUTHORITY);
   }
 }
 
@@ -825,6 +1012,10 @@ update_consensus_networkstatus_fetch_time_impl(time_t now, int flav)
          a crazy-fast voting interval, though, 2 minutes may be too
          much. */
       min_sec_before_caching = interval/16;
+      /* make sure we always delay by at least a second before caching */
+      if (min_sec_before_caching == 0) {
+        min_sec_before_caching = 1;
+      }
     }
 
     if (directory_fetches_dir_info_early(options)) {
@@ -841,8 +1032,8 @@ update_consensus_networkstatus_fetch_time_impl(time_t now, int flav)
         dl_interval = interval/2;
       }
     } else {
-      /* We're an ordinary client or a bridge. Give all the caches enough
-       * time to download the consensus. */
+      /* We're an ordinary client, a bridge, or a hidden service.
+       * Give all the caches enough time to download the consensus. */
       start = (time_t)(c->fresh_until + (interval*3)/4);
       /* But download the next one well before this one is expired. */
       dl_interval = ((c->valid_until - start) * 7 )/ 8;
@@ -856,8 +1047,17 @@ update_consensus_networkstatus_fetch_time_impl(time_t now, int flav)
         dl_interval = (c->valid_until - start) - min_sec_before_caching;
       }
     }
+    /* catch low dl_interval in crazy-fast networks */
     if (dl_interval < 1)
       dl_interval = 1;
+    /* catch late start in crazy-fast networks */
+    if (start+dl_interval >= c->valid_until)
+      start = c->valid_until - dl_interval - 1;
+    log_debug(LD_DIR,
+              "fresh_until: %ld start: %ld "
+              "dl_interval: %ld valid_until: %ld ",
+              (long)c->fresh_until, (long)start, dl_interval,
+              (long)c->valid_until);
     /* We must not try to replace c while it's still fresh: */
     tor_assert(c->fresh_until < start);
     /* We must download the next one before c is invalid: */
@@ -988,8 +1188,8 @@ networkstatus_get_latest_consensus(void)
 
 /** Return the latest consensus we have whose flavor matches <b>f</b>, or NULL
  * if we don't have one. */
-networkstatus_t *
-networkstatus_get_latest_consensus_by_flavor(consensus_flavor_t f)
+MOCK_IMPL(networkstatus_t *,
+networkstatus_get_latest_consensus_by_flavor,(consensus_flavor_t f))
 {
   if (f == FLAV_NS)
     return current_ns_consensus;
@@ -1033,6 +1233,100 @@ networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
     return NULL;
 }
 
+/** Check if we need to download a consensus during tor's bootstrap phase.
+ * If we have no consensus, or our consensus is unusably old, return 1.
+ * As soon as we have received a consensus, return 0, even if we don't have
+ * enough certificates to validate it.
+ * If a fallback directory gives us a consensus we can never get certs for,
+ * check_consensus_waiting_for_certs() will wait 20 minutes before failing
+ * the cert downloads. After that, a new consensus will be fetched from a
+ * randomly chosen fallback. */
+MOCK_IMPL(int,
+networkstatus_consensus_is_bootstrapping,(time_t now))
+{
+  /* If we have a validated, reasonably live consensus, we're not
+   * bootstrapping a consensus at all. */
+  if (networkstatus_get_reasonably_live_consensus(
+                                                now,
+                                                usable_consensus_flavor())) {
+    return 0;
+  }
+
+  /* If we have a consensus, but we're waiting for certificates,
+   * we're not waiting for a consensus download while bootstrapping. */
+  if (consensus_is_waiting_for_certs()) {
+    return 0;
+  }
+
+  /* If we have no consensus, or our consensus is very old, we are
+   * bootstrapping, and we need to download a consensus. */
+  return 1;
+}
+
+/** Check if we can use multiple directories for a consensus download.
+ * Only clients (including bridge relays, which act like clients) benefit
+ * from multiple simultaneous consensus downloads. */
+int
+networkstatus_consensus_can_use_multiple_directories(
+                                                  const or_options_t *options)
+{
+  /* If we are a client, bridge, bridge client, or hidden service */
+  return !public_server_mode(options);
+}
+
+/** Check if we can use fallback directory mirrors for a consensus download.
+ * If we have fallbacks and don't want to fetch from the authorities,
+ * we can use them. */
+MOCK_IMPL(int,
+networkstatus_consensus_can_use_extra_fallbacks,(const or_options_t *options))
+{
+  /* The list length comparisons are a quick way to check if we have any
+   * non-authority fallback directories. If we ever have any authorities that
+   * aren't fallback directories, we will need to change this code. */
+  tor_assert(smartlist_len(router_get_fallback_dir_servers())
+             >= smartlist_len(router_get_trusted_dir_servers()));
+  /* If we don't fetch from the authorities, and we have additional mirrors,
+   * we can use them. */
+  return (!directory_fetches_from_authorities(options)
+          && (smartlist_len(router_get_fallback_dir_servers())
+              > smartlist_len(router_get_trusted_dir_servers())));
+}
+
+/* Is there a consensus fetch for flavor <b>resource</b> that's far
+ * enough along to be attached to a circuit? */
+int
+networkstatus_consensus_is_already_downloading(const char *resource)
+{
+  int answer = 0;
+
+  /* First, get a list of all the dir conns that are fetching a consensus,
+   * fetching *this* consensus, and are in state "reading" (meaning they
+   * have already flushed their request onto the socks connection). */
+  smartlist_t *fetching_conns =
+    connection_dir_list_by_purpose_resource_and_state(
+      DIR_PURPOSE_FETCH_CONSENSUS, resource, DIR_CONN_STATE_CLIENT_READING);
+
+  /* Then, walk through each conn, to see if its linked socks connection
+   * is in an attached state. We have to check this separately, since with
+   * the optimistic data feature, fetches can send their request to the
+   * socks connection and go into state 'reading', even before they're
+   * attached to any circuit. */
+  SMARTLIST_FOREACH_BEGIN(fetching_conns, dir_connection_t *, dirconn) {
+    /* Do any of these other dir conns have a linked socks conn that is
+     * attached to a circuit already? */
+    connection_t *base = TO_CONN(dirconn);
+    if (base->linked_conn &&
+        base->linked_conn->type == CONN_TYPE_AP &&
+        !AP_CONN_STATE_IS_UNATTACHED(base->linked_conn->state)) {
+      answer = 1;
+      break; /* stop looping, because we know the answer will be yes */
+    }
+  } SMARTLIST_FOREACH_END(dirconn);
+  smartlist_free(fetching_conns);
+
+  return answer;
+}
+
 /** Given two router status entries for the same router identity, return 1 if
  * if the contents have changed between them. Otherwise, return 0. */
 static int
@@ -1055,7 +1349,6 @@ routerstatus_has_changed(const routerstatus_t *a, const routerstatus_t *b)
          a->is_valid != b->is_valid ||
          a->is_possible_guard != b->is_possible_guard ||
          a->is_bad_exit != b->is_bad_exit ||
-         a->is_bad_directory != b->is_bad_directory ||
          a->is_hs_dir != b->is_hs_dir ||
          a->version_known != b->version_known;
 }
@@ -1117,13 +1410,45 @@ networkstatus_copy_old_consensus_info(networkstatus_t *new_c,
     rs_new->last_dir_503_at = rs_old->last_dir_503_at;
 
     if (tor_memeq(rs_old->descriptor_digest, rs_new->descriptor_digest,
-                DIGEST_LEN)) {
+                  DIGEST256_LEN)) {
       /* And the same descriptor too! */
       memcpy(&rs_new->dl_status, &rs_old->dl_status,sizeof(download_status_t));
     }
   } SMARTLIST_FOREACH_JOIN_END(rs_old, rs_new);
 }
 
+#ifdef TOR_UNIT_TESTS
+/**Accept a <b>flavor</b> consensus <b>c</b> without any additional
+ * validation. This is exclusively for unit tests.
+ * We copy any ancillary information from a pre-existing consensus
+ * and then free the current one and replace it with the newly
+ * provided instance. Returns -1 on unrecognized flavor, 0 otherwise.
+ */
+int
+networkstatus_set_current_consensus_from_ns(networkstatus_t *c,
+                                            const char *flavor)
+{
+  int flav = networkstatus_parse_flavor_name(flavor);
+  switch (flav) {
+    case FLAV_NS:
+      if (current_ns_consensus) {
+        networkstatus_copy_old_consensus_info(c, current_ns_consensus);
+        networkstatus_vote_free(current_ns_consensus);
+      }
+      current_ns_consensus = c;
+      break;
+    case FLAV_MICRODESC:
+      if (current_md_consensus) {
+        networkstatus_copy_old_consensus_info(c, current_md_consensus);
+        networkstatus_vote_free(current_md_consensus);
+      }
+      current_md_consensus = c;
+      break;
+  }
+  return current_md_consensus ? 0 : -1;
+}
+#endif //TOR_UNIT_TESTS
+
 /** Try to replace the current cached v3 networkstatus with the one in
  * <b>consensus</b>.  If we don't have enough certificates to validate it,
  * store it in consensus_waiting_for_certs and launch a certificate fetch.
@@ -1157,7 +1482,7 @@ networkstatus_set_current_consensus(const char *consensus,
   const unsigned dl_certs = !(flags & NSSET_DONT_DOWNLOAD_CERTS);
   const unsigned accept_obsolete = flags & NSSET_ACCEPT_OBSOLETE;
   const unsigned require_flavor = flags & NSSET_REQUIRE_FLAVOR;
-  const digests_t *current_digests = NULL;
+  const common_digests_t *current_digests = NULL;
   consensus_waiting_for_certs_t *waiting = NULL;
   time_t current_valid_after = 0;
   int free_consensus = 1; /* Free 'c' at the end of the function */
@@ -1306,7 +1631,9 @@ networkstatus_set_current_consensus(const char *consensus,
   if (r != 1 && dl_certs)
     authority_certs_fetch_missing(c, now);
 
-  if (flav == usable_consensus_flavor()) {
+  const int is_usable_flavor = flav == usable_consensus_flavor();
+
+  if (is_usable_flavor) {
     notify_control_networkstatus_changed(current_consensus, c);
   }
   if (flav == FLAV_NS) {
@@ -1349,20 +1676,12 @@ networkstatus_set_current_consensus(const char *consensus,
     }
   }
 
-  /* Reset the failure count only if this consensus is actually valid. */
-  if (c->valid_after <= now && now <= c->valid_until) {
-    download_status_reset(&consensus_dl_status[flav]);
-  } else {
-    if (!from_cache)
-      download_status_failed(&consensus_dl_status[flav], 0);
-  }
+  if (is_usable_flavor) {
+    nodelist_set_consensus(c);
 
-  if (flav == usable_consensus_flavor()) {
     /* XXXXNM Microdescs: needs a non-ns variant. ???? NM*/
     update_consensus_networkstatus_fetch_time(now);
 
-    nodelist_set_consensus(current_consensus);
-
     dirvote_recalculate_timing(options, now);
     routerstatus_list_update_named_server_map();
 
@@ -1386,6 +1705,14 @@ networkstatus_set_current_consensus(const char *consensus,
         current_consensus);
   }
 
+  /* Reset the failure count only if this consensus is actually valid. */
+  if (c->valid_after <= now && now <= c->valid_until) {
+    download_status_reset(&consensus_dl_status[flav]);
+  } else {
+    if (!from_cache)
+      download_status_failed(&consensus_dl_status[flav], 0);
+  }
+
   if (directory_caches_dir_info(options)) {
     dirserv_set_cached_consensus_networkstatus(consensus,
                                                flavor,
@@ -1655,7 +1982,7 @@ networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now)
     if (bridge_auth && ri->purpose == ROUTER_PURPOSE_BRIDGE)
       dirserv_set_router_is_running(ri, now);
     /* then generate and write out status lines for each of them */
-    set_routerstatus_from_routerinfo(&rs, node, ri, now, 0, 0, 0, 0);
+    set_routerstatus_from_routerinfo(&rs, node, ri, now, 0);
     smartlist_add(statuses, networkstatus_getinfo_helper_single(&rs));
   } SMARTLIST_FOREACH_END(ri);
 
@@ -1672,17 +1999,21 @@ networkstatus_dump_bridge_status_to_file(time_t now)
   char *status = networkstatus_getinfo_by_purpose("bridge", now);
   const or_options_t *options = get_options();
   char *fname = NULL;
-  char *thresholds = NULL, *thresholds_and_status = NULL;
-  routerlist_t *rl = router_get_routerlist();
-  dirserv_compute_bridge_flag_thresholds(rl);
+  char *thresholds = NULL;
+  char *published_thresholds_and_status = NULL;
+  char published[ISO_TIME_LEN+1];
+
+  format_iso_time(published, now);
+  dirserv_compute_bridge_flag_thresholds();
   thresholds = dirserv_get_flag_thresholds_line();
-  tor_asprintf(&thresholds_and_status, "flag-thresholds %s\n%s",
-               thresholds, status);
+  tor_asprintf(&published_thresholds_and_status,
+               "published %s\nflag-thresholds %s\n%s",
+               published, thresholds, status);
   tor_asprintf(&fname, "%s"PATH_SEPARATOR"networkstatus-bridges",
                options->DataDirectory);
-  write_str_to_file(fname,thresholds_and_status,0);
+  write_str_to_file(fname,published_thresholds_and_status,0);
   tor_free(thresholds);
-  tor_free(thresholds_and_status);
+  tor_free(published_thresholds_and_status);
   tor_free(fname);
   tor_free(status);
 }
@@ -1885,6 +2216,33 @@ getinfo_helper_networkstatus(control_connection_t *conn,
   } else if (!strcmpstart(question, "ns/purpose/")) {
     *answer = networkstatus_getinfo_by_purpose(question+11, time(NULL));
     return *answer ? 0 : -1;
+  } else if (!strcmp(question, "consensus/packages")) {
+    const networkstatus_t *ns = networkstatus_get_latest_consensus();
+    if (ns && ns->package_lines)
+      *answer = smartlist_join_strings(ns->package_lines, "\n", 0, NULL);
+    else
+      *errmsg = "No consensus available";
+    return *answer ? 0 : -1;
+  } else if (!strcmp(question, "consensus/valid-after") ||
+             !strcmp(question, "consensus/fresh-until") ||
+             !strcmp(question, "consensus/valid-until")) {
+    const networkstatus_t *ns = networkstatus_get_latest_consensus();
+    if (ns) {
+      time_t t;
+      if (!strcmp(question, "consensus/valid-after"))
+        t = ns->valid_after;
+      else if (!strcmp(question, "consensus/fresh-until"))
+        t = ns->fresh_until;
+      else
+        t = ns->valid_until;
+
+      char tbuf[ISO_TIME_LEN+1];
+      format_iso_time(tbuf, t);
+      *answer = tor_strdup(tbuf);
+    } else {
+      *errmsg = "No consensus available";
+    }
+    return *answer ? 0 : -1;
   } else {
     return 0;
   }
diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h
index be0a86cdd8..ac93e5de91 100644
--- a/src/or/networkstatus.h
+++ b/src/or/networkstatus.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,6 +12,8 @@
 #ifndef TOR_NETWORKSTATUS_H
 #define TOR_NETWORKSTATUS_H
 
+#include "testsupport.h"
+
 void networkstatus_reset_warnings(void);
 void networkstatus_reset_download_failures(void);
 int router_reload_consensus_networkstatus(void);
@@ -35,16 +37,19 @@ routerstatus_t *networkstatus_vote_find_mutable_entry(networkstatus_t *ns,
                                               const char *digest);
 int networkstatus_vote_find_entry_idx(networkstatus_t *ns,
                                       const char *digest, int *found_out);
-download_status_t *router_get_dl_status_by_descriptor_digest(const char *d);
+
+MOCK_DECL(download_status_t *,router_get_dl_status_by_descriptor_digest,
+          (const char *d));
+
 const routerstatus_t *router_get_consensus_status_by_id(const char *digest);
 routerstatus_t *router_get_mutable_consensus_status_by_id(
                                    const char *digest);
 const routerstatus_t *router_get_consensus_status_by_descriptor_digest(
                                    networkstatus_t *consensus,
                                    const char *digest);
-routerstatus_t *router_get_mutable_consensus_status_by_descriptor_digest(
-                                   networkstatus_t *consensus,
-                                   const char *digest);
+MOCK_DECL(routerstatus_t *,
+          router_get_mutable_consensus_status_by_descriptor_digest,
+          (networkstatus_t *consensus, const char *digest));
 const routerstatus_t *router_get_consensus_status_by_nickname(
                                    const char *nickname,
                                    int warn_if_unnamed);
@@ -60,11 +65,18 @@ int consensus_is_waiting_for_certs(void);
 int client_would_use_router(const routerstatus_t *rs, time_t now,
                             const or_options_t *options);
 networkstatus_t *networkstatus_get_latest_consensus(void);
-networkstatus_t *networkstatus_get_latest_consensus_by_flavor(
-                                                  consensus_flavor_t f);
+MOCK_DECL(networkstatus_t *,networkstatus_get_latest_consensus_by_flavor,
+          (consensus_flavor_t f));
 networkstatus_t *networkstatus_get_live_consensus(time_t now);
 networkstatus_t *networkstatus_get_reasonably_live_consensus(time_t now,
                                                              int flavor);
+MOCK_DECL(int, networkstatus_consensus_is_bootstrapping,(time_t now));
+int networkstatus_consensus_can_use_multiple_directories(
+                                                const or_options_t *options);
+MOCK_DECL(int, networkstatus_consensus_can_use_extra_fallbacks,(
+                                                const or_options_t *options));
+int networkstatus_consensus_is_already_downloading(const char *resource);
+
 #define NSSET_FROM_CACHE 1
 #define NSSET_WAS_WAITING_FOR_CERTS 2
 #define NSSET_DONT_DOWNLOAD_CERTS 4
@@ -101,6 +113,10 @@ int networkstatus_get_weight_scale_param(networkstatus_t *ns);
 
 #ifdef NETWORKSTATUS_PRIVATE
 STATIC void vote_routerstatus_free(vote_routerstatus_t *rs);
+#ifdef TOR_UNIT_TESTS
+STATIC int networkstatus_set_current_consensus_from_ns(networkstatus_t *c,
+                                                const char *flavor);
+#endif // TOR_UNIT_TESTS
 #endif
 
 #endif
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 7b1f338bd4..89b5355c8d 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -1,9 +1,17 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file nodelist.c
+ *
+ * \brief Structures and functions for tracking what we know about the routers
+ *   on the Tor network, and correlating information from networkstatus,
+ *   routerinfo, and microdescs.
+ */
+
 #include "or.h"
 #include "address.h"
 #include "config.h"
@@ -24,6 +32,23 @@
 
 static void nodelist_drop_node(node_t *node, int remove_from_ht);
 static void node_free(node_t *node);
+
+/** count_usable_descriptors counts descriptors with these flag(s)
+ */
+typedef enum {
+  /* All descriptors regardless of flags */
+  USABLE_DESCRIPTOR_ALL = 0,
+  /* Only descriptors with the Exit flag */
+  USABLE_DESCRIPTOR_EXIT_ONLY = 1
+} usable_descriptor_t;
+static void count_usable_descriptors(int *num_present,
+                                     int *num_usable,
+                                     smartlist_t *descs_out,
+                                     const networkstatus_t *consensus,
+                                     const or_options_t *options,
+                                     time_t now,
+                                     routerset_t *in_set,
+                                     usable_descriptor_t exit_only);
 static void update_router_have_minimum_dir_info(void);
 static double get_frac_paths_needed_for_circs(const or_options_t *options,
                                               const networkstatus_t *ns);
@@ -40,21 +65,21 @@ typedef struct nodelist_t {
 
 } nodelist_t;
 
-static INLINE unsigned int
+static inline unsigned int
 node_id_hash(const node_t *node)
 {
   return (unsigned) siphash24g(node->identity, DIGEST_LEN);
 }
 
-static INLINE unsigned int
+static inline unsigned int
 node_id_eq(const node_t *node1, const node_t *node2)
 {
   return tor_memeq(node1->identity, node2->identity, DIGEST_LEN);
 }
 
 HT_PROTOTYPE(nodelist_map, node_t, ht_ent, node_id_hash, node_id_eq);
-HT_GENERATE(nodelist_map, node_t, ht_ent, node_id_hash, node_id_eq,
-            0.6, malloc, realloc, free);
+HT_GENERATE2(nodelist_map, node_t, ht_ent, node_id_hash, node_id_eq,
+             0.6, tor_reallocarray_, tor_free_)
 
 /** The global nodelist. */
 static nodelist_t *the_nodelist=NULL;
@@ -159,7 +184,7 @@ nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out)
 
   if (authdir_mode(get_options()) && !had_router) {
     const char *discard=NULL;
-    uint32_t status = dirserv_router_get_status(ri, &discard);
+    uint32_t status = dirserv_router_get_status(ri, &discard, LOG_INFO);
     dirserv_set_node_flags_from_authoritative_status(node, status);
   }
 
@@ -207,7 +232,6 @@ nodelist_set_consensus(networkstatus_t *ns)
 {
   const or_options_t *options = get_options();
   int authdir = authdir_mode_v3(options);
-  int client = !server_mode(options);
 
   init_nodelist();
   if (ns->flavor == FLAV_MICRODESC)
@@ -241,11 +265,10 @@ nodelist_set_consensus(networkstatus_t *ns)
       node->is_stable = rs->is_stable;
       node->is_possible_guard = rs->is_possible_guard;
       node->is_exit = rs->is_exit;
-      node->is_bad_directory = rs->is_bad_directory;
       node->is_bad_exit = rs->is_bad_exit;
       node->is_hs_dir = rs->is_hs_dir;
       node->ipv6_preferred = 0;
-      if (client && options->ClientPreferIPv6ORPort == 1 &&
+      if (fascist_firewall_prefer_ipv6_orport(options) &&
           (tor_addr_is_null(&rs->ipv6_addr) == 0 ||
            (node->md && tor_addr_is_null(&node->md->ipv6_addr) == 0)))
         node->ipv6_preferred = 1;
@@ -267,8 +290,7 @@ nodelist_set_consensus(networkstatus_t *ns)
           node->is_valid = node->is_running = node->is_hs_dir =
             node->is_fast = node->is_stable =
             node->is_possible_guard = node->is_exit =
-            node->is_bad_exit = node->is_bad_directory =
-            node->ipv6_preferred = 0;
+            node->is_bad_exit = node->ipv6_preferred = 0;
         }
       }
     } SMARTLIST_FOREACH_END(node);
@@ -276,7 +298,7 @@ nodelist_set_consensus(networkstatus_t *ns)
 }
 
 /** Helper: return true iff a node has a usable amount of information*/
-static INLINE int
+static inline int
 node_is_usable(const node_t *node)
 {
   return (node->rs) || (node->ri);
@@ -474,8 +496,8 @@ nodelist_assert_ok(void)
 /** Return a list of a node_t * for every node we know about.  The caller
  * MUST NOT modify the list. (You can set and clear flags in the nodes if
  * you must, but you must not add or remove nodes.) */
-smartlist_t *
-nodelist_get_list(void)
+MOCK_IMPL(smartlist_t *,
+nodelist_get_list,(void))
 {
   init_nodelist();
   return the_nodelist->nodes;
@@ -517,8 +539,8 @@ node_get_by_hex_id(const char *hex_id)
  * the corresponding node_t, or NULL if none exists.  Warn the user if
  * <b>warn_if_unnamed</b> is set, and they have specified a router by
  * nickname, but the Named flag isn't set for that router. */
-const node_t *
-node_get_by_nickname(const char *nickname, int warn_if_unnamed)
+MOCK_IMPL(const node_t *,
+node_get_by_nickname,(const char *nickname, int warn_if_unnamed))
 {
   const node_t *node;
   if (!the_nodelist)
@@ -572,10 +594,10 @@ node_get_by_nickname(const char *nickname, int warn_if_unnamed)
                  "but none is listed as Named in the directory consensus. "
                  "Choosing one arbitrarily.", nickname);
       }
-    } else if (smartlist_len(matches)>1 && warn_if_unnamed) {
+    } else if (smartlist_len(matches)==1 && warn_if_unnamed) {
       char fp[HEX_DIGEST_LEN+1];
       node_t *node = smartlist_get(matches, 0);
-      if (node->name_lookup_warned) {
+      if (! node->name_lookup_warned) {
         base16_encode(fp, sizeof(fp), node->identity, DIGEST_LEN);
         log_warn(LD_CONFIG,
                  "You specified a server \"%s\" by name, but the directory "
@@ -629,12 +651,19 @@ node_is_named(const node_t *node)
 int
 node_is_dir(const node_t *node)
 {
-  if (node->rs)
-    return node->rs->dir_port != 0;
-  else if (node->ri)
-    return node->ri->dir_port != 0;
-  else
+  if (node->rs) {
+    routerstatus_t * rs = node->rs;
+    /* This is true if supports_tunnelled_dir_requests is true which
+     * indicates that we support directory request tunnelled or through the
+     * DirPort. */
+    return rs->is_v2_dir;
+  } else if (node->ri) {
+    routerinfo_t * ri = node->ri;
+    /* Both tunnelled request is supported or DirPort is set. */
+    return ri->supports_tunnelled_dir_requests;
+  } else {
     return 0;
+  }
 }
 
 /** Return true iff <b>node</b> has either kind of usable descriptor -- that
@@ -739,6 +768,40 @@ node_exit_policy_is_exact(const node_t *node, sa_family_t family)
   return 1;
 }
 
+/* Check if the "addr" and port_field fields from r are a valid non-listening
+ * address/port. If so, set valid to true and add a newly allocated
+ * tor_addr_port_t containing "addr" and port_field to sl.
+ * "addr" is an IPv4 host-order address and port_field is a uint16_t.
+ * r is typically a routerinfo_t or routerstatus_t.
+ */
+#define SL_ADD_NEW_IPV4_AP(r, port_field, sl, valid) \
+  STMT_BEGIN \
+    if (tor_addr_port_is_valid_ipv4h((r)->addr, (r)->port_field, 0)) { \
+      valid = 1; \
+      tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t)); \
+      tor_addr_from_ipv4h(&ap->addr, (r)->addr); \
+      ap->port = (r)->port_field; \
+      smartlist_add((sl), ap); \
+    } \
+  STMT_END
+
+/* Check if the "addr" and port_field fields from r are a valid non-listening
+ * address/port. If so, set valid to true and add a newly allocated
+ * tor_addr_port_t containing "addr" and port_field to sl.
+ * "addr" is a tor_addr_t and port_field is a uint16_t.
+ * r is typically a routerinfo_t or routerstatus_t.
+ */
+#define SL_ADD_NEW_IPV6_AP(r, port_field, sl, valid) \
+  STMT_BEGIN \
+    if (tor_addr_port_is_valid(&(r)->ipv6_addr, (r)->port_field, 0)) { \
+      valid = 1; \
+      tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t)); \
+      tor_addr_copy(&ap->addr, &(r)->ipv6_addr); \
+      ap->port = (r)->port_field; \
+      smartlist_add((sl), ap); \
+    } \
+  STMT_END
+
 /** Return list of tor_addr_port_t with all OR ports (in the sense IP
  * addr + TCP port) for <b>node</b>.  Caller must free all elements
  * using tor_free() and free the list using smartlist_free().
@@ -751,30 +814,38 @@ smartlist_t *
 node_get_all_orports(const node_t *node)
 {
   smartlist_t *sl = smartlist_new();
+  int valid = 0;
 
+  /* Find a valid IPv4 address and port */
   if (node->ri != NULL) {
-    if (node->ri->addr != 0) {
-      tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
-      tor_addr_from_ipv4h(&ap->addr, node->ri->addr);
-      ap->port = node->ri->or_port;
-      smartlist_add(sl, ap);
-    }
-    if (!tor_addr_is_null(&node->ri->ipv6_addr)) {
-      tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
-      tor_addr_copy(&ap->addr, &node->ri->ipv6_addr);
-      ap->port = node->ri->or_port;
-      smartlist_add(sl, ap);
-    }
-  } else if (node->rs != NULL) {
-      tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
-      tor_addr_from_ipv4h(&ap->addr, node->rs->addr);
-      ap->port = node->rs->or_port;
-      smartlist_add(sl, ap);
+    SL_ADD_NEW_IPV4_AP(node->ri, or_port, sl, valid);
+  }
+
+  /* If we didn't find a valid address/port in the ri, try the rs */
+  if (!valid && node->rs != NULL) {
+    SL_ADD_NEW_IPV4_AP(node->rs, or_port, sl, valid);
+  }
+
+  /* Find a valid IPv6 address and port */
+  valid = 0;
+  if (node->ri != NULL) {
+    SL_ADD_NEW_IPV6_AP(node->ri, ipv6_orport, sl, valid);
+  }
+
+  if (!valid && node->rs != NULL) {
+    SL_ADD_NEW_IPV6_AP(node->rs, ipv6_orport, sl, valid);
+  }
+
+  if (!valid && node->md != NULL) {
+    SL_ADD_NEW_IPV6_AP(node->md, ipv6_orport, sl, valid);
   }
 
   return sl;
 }
 
+#undef SL_ADD_NEW_IPV4_AP
+#undef SL_ADD_NEW_IPV6_AP
+
 /** Wrapper around node_get_prim_orport for backward
     compatibility.  */
 void
@@ -790,9 +861,13 @@ node_get_addr(const node_t *node, tor_addr_t *addr_out)
 uint32_t
 node_get_prim_addr_ipv4h(const node_t *node)
 {
-  if (node->ri) {
+  /* Don't check the ORPort or DirPort, as this function isn't port-specific,
+   * and the node might have a valid IPv4 address, yet have a zero
+   * ORPort or DirPort.
+   */
+  if (node->ri && tor_addr_is_valid_ipv4h(node->ri->addr, 0)) {
     return node->ri->addr;
-  } else if (node->rs) {
+  } else if (node->rs && tor_addr_is_valid_ipv4h(node->rs->addr, 0)) {
     return node->rs->addr;
   }
   return 0;
@@ -803,13 +878,13 @@ node_get_prim_addr_ipv4h(const node_t *node)
 void
 node_get_address_string(const node_t *node, char *buf, size_t len)
 {
-  if (node->ri) {
-    strlcpy(buf, fmt_addr32(node->ri->addr), len);
-  } else if (node->rs) {
+  uint32_t ipv4_addr = node_get_prim_addr_ipv4h(node);
+
+  if (tor_addr_is_valid_ipv4h(ipv4_addr, 0)) {
     tor_addr_t addr;
-    tor_addr_from_ipv4h(&addr, node->rs->addr);
+    tor_addr_from_ipv4h(&addr, ipv4_addr);
     tor_addr_to_str(buf, &addr, len, 0);
-  } else {
+  } else if (len > 0) {
     buf[0] = '\0';
   }
 }
@@ -868,30 +943,83 @@ node_get_declared_family(const node_t *node)
     return NULL;
 }
 
+/* Does this node have a valid IPv6 address?
+ * Prefer node_has_ipv6_orport() or node_has_ipv6_dirport() for
+ * checking specific ports. */
+int
+node_has_ipv6_addr(const node_t *node)
+{
+  /* Don't check the ORPort or DirPort, as this function isn't port-specific,
+   * and the node might have a valid IPv6 address, yet have a zero
+   * ORPort or DirPort.
+   */
+  if (node->ri && tor_addr_is_valid(&node->ri->ipv6_addr, 0))
+    return 1;
+  if (node->rs && tor_addr_is_valid(&node->rs->ipv6_addr, 0))
+    return 1;
+  if (node->md && tor_addr_is_valid(&node->md->ipv6_addr, 0))
+    return 1;
+
+  return 0;
+}
+
+/* Does this node have a valid IPv6 ORPort? */
+int
+node_has_ipv6_orport(const node_t *node)
+{
+  tor_addr_port_t ipv6_orport;
+  node_get_pref_ipv6_orport(node, &ipv6_orport);
+  return tor_addr_port_is_valid_ap(&ipv6_orport, 0);
+}
+
+/* Does this node have a valid IPv6 DirPort? */
+int
+node_has_ipv6_dirport(const node_t *node)
+{
+  tor_addr_port_t ipv6_dirport;
+  node_get_pref_ipv6_dirport(node, &ipv6_dirport);
+  return tor_addr_port_is_valid_ap(&ipv6_dirport, 0);
+}
+
 /** Return 1 if we prefer the IPv6 address and OR TCP port of
  * <b>node</b>, else 0.
  *
- *  We prefer the IPv6 address if the router has an IPv6 address and
+ *  We prefer the IPv6 address if the router has an IPv6 address,
+ *  and we can use IPv6 addresses, and:
  *  i) the node_t says that it prefers IPv6
  *  or
- *  ii) the router has no IPv4 address. */
+ *  ii) the router has no IPv4 OR address.
+ *
+ * If you don't have a node, consider looking it up.
+ * If there is no node, use fascist_firewall_prefer_ipv6_orport().
+ */
 int
-node_ipv6_preferred(const node_t *node)
+node_ipv6_or_preferred(const node_t *node)
 {
+  const or_options_t *options = get_options();
   tor_addr_port_t ipv4_addr;
   node_assert_ok(node);
 
-  if (node->ipv6_preferred || node_get_prim_orport(node, &ipv4_addr)) {
-    if (node->ri)
-      return !tor_addr_is_null(&node->ri->ipv6_addr);
-    if (node->md)
-      return !tor_addr_is_null(&node->md->ipv6_addr);
-    if (node->rs)
-      return !tor_addr_is_null(&node->rs->ipv6_addr);
+  /* XX/teor - node->ipv6_preferred is set from
+   * fascist_firewall_prefer_ipv6_orport() each time the consensus is loaded.
+   */
+  if (!fascist_firewall_use_ipv6(options)) {
+    return 0;
+  } else if (node->ipv6_preferred || node_get_prim_orport(node, &ipv4_addr)) {
+    return node_has_ipv6_orport(node);
   }
   return 0;
 }
 
+#define RETURN_IPV4_AP(r, port_field, ap_out) \
+  STMT_BEGIN \
+    if (r && tor_addr_port_is_valid_ipv4h((r)->addr, (r)->port_field, 0)) { \
+      tor_addr_from_ipv4h(&(ap_out)->addr, (r)->addr); \
+      (ap_out)->port = (r)->port_field; \
+      return 0; \
+    } \
+  STMT_END
+
 /** Copy the primary (IPv4) OR port (IP address and TCP port) for
  * <b>node</b> into *<b>ap_out</b>. Return 0 if a valid address and
  * port was copied, else return non-zero.*/
@@ -901,20 +1029,10 @@ node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
   node_assert_ok(node);
   tor_assert(ap_out);
 
-  if (node->ri) {
-    if (node->ri->addr == 0 || node->ri->or_port == 0)
-      return -1;
-    tor_addr_from_ipv4h(&ap_out->addr, node->ri->addr);
-    ap_out->port = node->ri->or_port;
-    return 0;
-  }
-  if (node->rs) {
-    if (node->rs->addr == 0 || node->rs->or_port == 0)
-      return -1;
-    tor_addr_from_ipv4h(&ap_out->addr, node->rs->addr);
-    ap_out->port = node->rs->or_port;
-    return 0;
-  }
+  RETURN_IPV4_AP(node->ri, or_port, ap_out);
+  RETURN_IPV4_AP(node->rs, or_port, ap_out);
+  /* Microdescriptors only have an IPv6 address */
+
   return -1;
 }
 
@@ -923,21 +1041,12 @@ node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
 void
 node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out)
 {
-  const or_options_t *options = get_options();
   tor_assert(ap_out);
 
-  /* Cheap implementation of config option ClientUseIPv6 -- simply
-     don't prefer IPv6 when ClientUseIPv6 is not set and we're not a
-     client running with bridges. See #4455 for more on this subject.
-
-     Note that this filter is too strict since we're hindering not
-     only clients! Erring on the safe side shouldn't be a problem
-     though. XXX move this check to where outgoing connections are
-     made? -LN */
-  if ((options->ClientUseIPv6 || options->UseBridges) &&
-      node_ipv6_preferred(node)) {
+  if (node_ipv6_or_preferred(node)) {
     node_get_pref_ipv6_orport(node, ap_out);
   } else {
+    /* the primary ORPort is always on IPv4 */
     node_get_prim_orport(node, ap_out);
   }
 }
@@ -950,20 +1059,115 @@ node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
   node_assert_ok(node);
   tor_assert(ap_out);
 
-  /* We prefer the microdesc over a potential routerstatus here. They
-     are not being synchronised atm so there might be a chance that
-     they differ at some point, f.ex. when flipping
-     UseMicrodescriptors? -LN */
+  /* Prefer routerstatus over microdesc for consistency with the
+   * fascist_firewall_* functions. Also check if the address or port are valid,
+   * and try another alternative if they are not. */
 
-  if (node->ri) {
+  if (node->ri && tor_addr_port_is_valid(&node->ri->ipv6_addr,
+                                         node->ri->ipv6_orport, 0)) {
     tor_addr_copy(&ap_out->addr, &node->ri->ipv6_addr);
     ap_out->port = node->ri->ipv6_orport;
-  } else if (node->md) {
+  } else if (node->rs && tor_addr_port_is_valid(&node->rs->ipv6_addr,
+                                                 node->rs->ipv6_orport, 0)) {
+    tor_addr_copy(&ap_out->addr, &node->rs->ipv6_addr);
+    ap_out->port = node->rs->ipv6_orport;
+  } else if (node->md && tor_addr_port_is_valid(&node->md->ipv6_addr,
+                                                 node->md->ipv6_orport, 0)) {
     tor_addr_copy(&ap_out->addr, &node->md->ipv6_addr);
     ap_out->port = node->md->ipv6_orport;
-  } else if (node->rs) {
+  } else {
+    tor_addr_make_null(&ap_out->addr, AF_INET6);
+    ap_out->port = 0;
+  }
+}
+
+/** Return 1 if we prefer the IPv6 address and Dir TCP port of
+ * <b>node</b>, else 0.
+ *
+ *  We prefer the IPv6 address if the router has an IPv6 address,
+ *  and we can use IPv6 addresses, and:
+ *  i) the router has no IPv4 Dir address.
+ *  or
+ *  ii) our preference is for IPv6 Dir addresses.
+ *
+ * If there is no node, use fascist_firewall_prefer_ipv6_dirport().
+ */
+int
+node_ipv6_dir_preferred(const node_t *node)
+{
+  const or_options_t *options = get_options();
+  tor_addr_port_t ipv4_addr;
+  node_assert_ok(node);
+
+  /* node->ipv6_preferred is set from fascist_firewall_prefer_ipv6_orport(),
+   * so we can't use it to determine DirPort IPv6 preference.
+   * This means that bridge clients will use IPv4 DirPorts by default.
+   */
+  if (!fascist_firewall_use_ipv6(options)) {
+    return 0;
+  } else if (node_get_prim_dirport(node, &ipv4_addr)
+      || fascist_firewall_prefer_ipv6_dirport(get_options())) {
+    return node_has_ipv6_dirport(node);
+  }
+  return 0;
+}
+
+/** Copy the primary (IPv4) Dir port (IP address and TCP port) for
+ * <b>node</b> into *<b>ap_out</b>. Return 0 if a valid address and
+ * port was copied, else return non-zero.*/
+int
+node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out)
+{
+  node_assert_ok(node);
+  tor_assert(ap_out);
+
+  RETURN_IPV4_AP(node->ri, dir_port, ap_out);
+  RETURN_IPV4_AP(node->rs, dir_port, ap_out);
+  /* Microdescriptors only have an IPv6 address */
+
+  return -1;
+}
+
+#undef RETURN_IPV4_AP
+
+/** Copy the preferred Dir port (IP address and TCP port) for
+ * <b>node</b> into *<b>ap_out</b>.  */
+void
+node_get_pref_dirport(const node_t *node, tor_addr_port_t *ap_out)
+{
+  tor_assert(ap_out);
+
+  if (node_ipv6_dir_preferred(node)) {
+    node_get_pref_ipv6_dirport(node, ap_out);
+  } else {
+    /* the primary DirPort is always on IPv4 */
+    node_get_prim_dirport(node, ap_out);
+  }
+}
+
+/** Copy the preferred IPv6 Dir port (IP address and TCP port) for
+ * <b>node</b> into *<b>ap_out</b>. */
+void
+node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out)
+{
+  node_assert_ok(node);
+  tor_assert(ap_out);
+
+  /* Check if the address or port are valid, and try another alternative if
+   * they are not. Note that microdescriptors have no dir_port. */
+
+  /* Assume IPv4 and IPv6 dirports are the same */
+  if (node->ri && tor_addr_port_is_valid(&node->ri->ipv6_addr,
+                                         node->ri->dir_port, 0)) {
+    tor_addr_copy(&ap_out->addr, &node->ri->ipv6_addr);
+    ap_out->port = node->ri->dir_port;
+  } else if (node->rs && tor_addr_port_is_valid(&node->rs->ipv6_addr,
+                                                node->rs->dir_port, 0)) {
     tor_addr_copy(&ap_out->addr, &node->rs->ipv6_addr);
-    ap_out->port = node->rs->ipv6_orport;
+    ap_out->port = node->rs->dir_port;
+  } else {
+    tor_addr_make_null(&ap_out->addr, AF_INET6);
+    ap_out->port = 0;
   }
 }
 
@@ -1006,7 +1210,7 @@ nodelist_refresh_countries(void)
 
 /** Return true iff router1 and router2 have similar enough network addresses
  * that we should treat them as being in the same family */
-static INLINE int
+static inline int
 addrs_in_same_network_family(const tor_addr_t *a1,
                              const tor_addr_t *a2)
 {
@@ -1030,7 +1234,7 @@ node_nickname_matches(const node_t *node, const char *nickname)
 }
 
 /** Return true iff <b>node</b> is named by some nickname in <b>lst</b>. */
-static INLINE int
+static inline int
 node_in_nickname_smartlist(const smartlist_t *lst, const node_t *node)
 {
   if (!lst) return 0;
@@ -1258,20 +1462,28 @@ router_set_status(const char *digest, int up)
 }
 
 /** True iff, the last time we checked whether we had enough directory info
- * to build circuits, the answer was "yes". */
+ * to build circuits, the answer was "yes". If there are no exits in the
+ * consensus, we act as if we have 100% of the exit directory info. */
 static int have_min_dir_info = 0;
+
+/** Does the consensus contain nodes that can exit? */
+static consensus_path_type_t have_consensus_path = CONSENSUS_PATH_UNKNOWN;
+
 /** True iff enough has changed since the last time we checked whether we had
  * enough directory info to build circuits that our old answer can no longer
  * be trusted. */
 static int need_to_update_have_min_dir_info = 1;
 /** String describing what we're missing before we have enough directory
  * info. */
-static char dir_info_status[256] = "";
-
-/** Return true iff we have enough networkstatus and router information to
- * start building circuits.  Right now, this means "more than half the
- * networkstatus documents, and at least 1/4 of expected routers." */
-//XXX should consider whether we have enough exiting nodes here.
+static char dir_info_status[512] = "";
+
+/** Return true iff we have enough consensus information to
+ * start building circuits.  Right now, this means "a consensus that's
+ * less than a day old, and at least 60% of router descriptors (configurable),
+ * weighted by bandwidth. Treat the exit fraction as 100% if there are
+ * no exits in the consensus."
+ * To obtain the final weighted bandwidth, we multiply the
+ * weighted bandwidth fraction for each position (guard, middle, exit). */
 int
 router_have_minimum_dir_info(void)
 {
@@ -1293,6 +1505,24 @@ router_have_minimum_dir_info(void)
   return have_min_dir_info;
 }
 
+/** Set to CONSENSUS_PATH_EXIT if there is at least one exit node
+ * in the consensus. We update this flag in compute_frac_paths_available if
+ * there is at least one relay that has an Exit flag in the consensus.
+ * Used to avoid building exit circuits when they will almost certainly fail.
+ * Set to CONSENSUS_PATH_INTERNAL if there are no exits in the consensus.
+ * (This situation typically occurs during bootstrap of a test network.)
+ * Set to CONSENSUS_PATH_UNKNOWN if we have never checked, or have
+ * reason to believe our last known value was invalid or has expired.
+ * If we're in a network with TestingDirAuthVoteExit set,
+ * this can cause router_have_consensus_path() to be set to
+ * CONSENSUS_PATH_EXIT, even if there are no nodes with accept exit policies.
+ */
+consensus_path_type_t
+router_have_consensus_path(void)
+{
+  return have_consensus_path;
+}
+
 /** Called when our internal view of the directory has changed.  This can be
  * when the authorities change, networkstatuses change, the list of routerdescs
  * changes, or number of running routers changes.
@@ -1313,22 +1543,26 @@ get_dir_info_status_string(void)
 }
 
 /** Iterate over the servers listed in <b>consensus</b>, and count how many of
- * them seem like ones we'd use, and how many of <em>those</em> we have
- * descriptors for.  Store the former in *<b>num_usable</b> and the latter in
- * *<b>num_present</b>.  If <b>in_set</b> is non-NULL, only consider those
- * routers in <b>in_set</b>.  If <b>exit_only</b> is true, only consider nodes
- * with the Exit flag.  If *descs_out is present, add a node_t for each
- * usable descriptor to it.
+ * them seem like ones we'd use (store this in *<b>num_usable</b>), and how
+ * many of <em>those</em> we have descriptors for (store this in
+ * *<b>num_present</b>).
+ *
+ * If <b>in_set</b> is non-NULL, only consider those routers in <b>in_set</b>.
+ * If <b>exit_only</b> is USABLE_DESCRIPTOR_EXIT_ONLY, only consider nodes
+ * with the Exit flag.
+ * If *<b>descs_out</b> is present, add a node_t for each usable descriptor
+ * to it.
  */
 static void
 count_usable_descriptors(int *num_present, int *num_usable,
                          smartlist_t *descs_out,
                          const networkstatus_t *consensus,
                          const or_options_t *options, time_t now,
-                         routerset_t *in_set, int exit_only)
+                         routerset_t *in_set,
+                         usable_descriptor_t exit_only)
 {
   const int md = (consensus->flavor == FLAV_MICRODESC);
-  *num_present = 0, *num_usable=0;
+  *num_present = 0, *num_usable = 0;
 
   SMARTLIST_FOREACH_BEGIN(consensus->routerstatus_list, routerstatus_t *, rs)
     {
@@ -1336,7 +1570,7 @@ count_usable_descriptors(int *num_present, int *num_usable,
        if (!node)
          continue; /* This would be a bug: every entry in the consensus is
                     * supposed to have a node. */
-       if (exit_only && ! rs->is_exit)
+       if (exit_only == USABLE_DESCRIPTOR_EXIT_ONLY && ! rs->is_exit)
          continue;
        if (in_set && ! routerset_contains_routerstatus(in_set, rs, -1))
          continue;
@@ -1360,11 +1594,22 @@ count_usable_descriptors(int *num_present, int *num_usable,
 
   log_debug(LD_DIR, "%d usable, %d present (%s%s).",
             *num_usable, *num_present,
-            md ? "microdesc" : "desc", exit_only ? " exits" : "s");
+            md ? "microdesc" : "desc",
+            exit_only == USABLE_DESCRIPTOR_EXIT_ONLY ? " exits" : "s");
 }
 
 /** Return an estimate of which fraction of usable paths through the Tor
- * network we have available for use. */
+ * network we have available for use.  Count how many routers seem like ones
+ * we'd use (store this in *<b>num_usable_out</b>), and how many of
+ * <em>those</em> we have descriptors for (store this in
+ * *<b>num_present_out</b>.)
+ *
+ * If **<b>status_out</b> is present, allocate a new string and print the
+ * available percentages of guard, middle, and exit nodes to it, noting
+ * whether there are exits in the consensus.
+ * If there are no guards in the consensus,
+ * we treat the exit fraction as 100%.
+ */
 static double
 compute_frac_paths_available(const networkstatus_t *consensus,
                              const or_options_t *options, time_t now,
@@ -1374,17 +1619,20 @@ compute_frac_paths_available(const networkstatus_t *consensus,
   smartlist_t *guards = smartlist_new();
   smartlist_t *mid    = smartlist_new();
   smartlist_t *exits  = smartlist_new();
-  smartlist_t *myexits= smartlist_new();
-  smartlist_t *myexits_unflagged = smartlist_new();
-  double f_guard, f_mid, f_exit, f_myexit, f_myexit_unflagged;
-  int np, nu; /* Ignored */
+  double f_guard, f_mid, f_exit;
+  double f_path = 0.0;
+  /* Used to determine whether there are any exits in the consensus */
+  int np = 0;
+  /* Used to determine whether there are any exits with descriptors */
+  int nu = 0;
   const int authdir = authdir_mode_v3(options);
 
   count_usable_descriptors(num_present_out, num_usable_out,
-                           mid, consensus, options, now, NULL, 0);
+                           mid, consensus, options, now, NULL,
+                           USABLE_DESCRIPTOR_ALL);
   if (options->EntryNodes) {
     count_usable_descriptors(&np, &nu, guards, consensus, options, now,
-                             options->EntryNodes, 0);
+                             options->EntryNodes, USABLE_DESCRIPTOR_ALL);
   } else {
     SMARTLIST_FOREACH(mid, const node_t *, node, {
       if (authdir) {
@@ -1397,60 +1645,148 @@ compute_frac_paths_available(const networkstatus_t *consensus,
     });
   }
 
-  /* All nodes with exit flag */
+  /* All nodes with exit flag
+   * If we're in a network with TestingDirAuthVoteExit set,
+   * this can cause false positives on have_consensus_path,
+   * incorrectly setting it to CONSENSUS_PATH_EXIT. This is
+   * an unavoidable feature of forcing authorities to declare
+   * certain nodes as exits.
+   */
   count_usable_descriptors(&np, &nu, exits, consensus, options, now,
-                           NULL, 1);
-  /* All nodes with exit flag in ExitNodes option */
-  count_usable_descriptors(&np, &nu, myexits, consensus, options, now,
-                           options->ExitNodes, 1);
-  /* Now compute the nodes in the ExitNodes option where which we don't know
-   * what their exit policy is, or we know it permits something. */
-  count_usable_descriptors(&np, &nu, myexits_unflagged,
-                           consensus, options, now,
-                           options->ExitNodes, 0);
-  SMARTLIST_FOREACH_BEGIN(myexits_unflagged, const node_t *, node) {
-    if (node_has_descriptor(node) && node_exit_policy_rejects_all(node))
-      SMARTLIST_DEL_CURRENT(myexits_unflagged, node);
-  } SMARTLIST_FOREACH_END(node);
+                           NULL, USABLE_DESCRIPTOR_EXIT_ONLY);
+  log_debug(LD_NET,
+            "%s: %d present, %d usable",
+            "exits",
+            np,
+            nu);
+
+  /* We need at least 1 exit present in the consensus to consider
+   * building exit paths */
+  /* Update our understanding of whether the consensus has exits */
+  consensus_path_type_t old_have_consensus_path = have_consensus_path;
+  have_consensus_path = ((nu > 0) ?
+                         CONSENSUS_PATH_EXIT :
+                         CONSENSUS_PATH_INTERNAL);
+
+  if (have_consensus_path == CONSENSUS_PATH_INTERNAL
+      && old_have_consensus_path != have_consensus_path) {
+    log_notice(LD_NET,
+               "The current consensus has no exit nodes. "
+               "Tor can only build internal paths, "
+               "such as paths to hidden services.");
+
+    /* However, exit nodes can reachability self-test using this consensus,
+     * join the network, and appear in a later consensus. This will allow
+     * the network to build exit paths, such as paths for world wide web
+     * browsing (as distinct from hidden service web browsing). */
+  }
 
   f_guard = frac_nodes_with_descriptors(guards, WEIGHT_FOR_GUARD);
   f_mid   = frac_nodes_with_descriptors(mid,    WEIGHT_FOR_MID);
   f_exit  = frac_nodes_with_descriptors(exits,  WEIGHT_FOR_EXIT);
-  f_myexit= frac_nodes_with_descriptors(myexits,WEIGHT_FOR_EXIT);
-  f_myexit_unflagged=
-            frac_nodes_with_descriptors(myexits_unflagged,WEIGHT_FOR_EXIT);
-
-  /* If our ExitNodes list has eliminated every possible Exit node, and there
-   * were some possible Exit nodes, then instead consider nodes that permit
-   * exiting to some ports. */
-  if (smartlist_len(myexits) == 0 &&
-      smartlist_len(myexits_unflagged)) {
-    f_myexit = f_myexit_unflagged;
-  }
+
+  log_debug(LD_NET,
+            "f_guard: %.2f, f_mid: %.2f, f_exit: %.2f",
+             f_guard,
+             f_mid,
+             f_exit);
 
   smartlist_free(guards);
   smartlist_free(mid);
   smartlist_free(exits);
-  smartlist_free(myexits);
-  smartlist_free(myexits_unflagged);
 
-  /* This is a tricky point here: we don't want to make it easy for a
-   * directory to trickle exits to us until it learns which exits we have
-   * configured, so require that we have a threshold both of total exits
-   * and usable exits. */
-  if (f_myexit < f_exit)
-    f_exit = f_myexit;
+  if (options->ExitNodes) {
+    double f_myexit, f_myexit_unflagged;
+    smartlist_t *myexits= smartlist_new();
+    smartlist_t *myexits_unflagged = smartlist_new();
+
+    /* All nodes with exit flag in ExitNodes option */
+    count_usable_descriptors(&np, &nu, myexits, consensus, options, now,
+                             options->ExitNodes, USABLE_DESCRIPTOR_EXIT_ONLY);
+    log_debug(LD_NET,
+              "%s: %d present, %d usable",
+              "myexits",
+              np,
+              nu);
+
+    /* Now compute the nodes in the ExitNodes option where which we don't know
+     * what their exit policy is, or we know it permits something. */
+    count_usable_descriptors(&np, &nu, myexits_unflagged,
+                             consensus, options, now,
+                             options->ExitNodes, USABLE_DESCRIPTOR_ALL);
+    log_debug(LD_NET,
+              "%s: %d present, %d usable",
+              "myexits_unflagged (initial)",
+              np,
+              nu);
+
+    SMARTLIST_FOREACH_BEGIN(myexits_unflagged, const node_t *, node) {
+      if (node_has_descriptor(node) && node_exit_policy_rejects_all(node)) {
+        SMARTLIST_DEL_CURRENT(myexits_unflagged, node);
+        /* this node is not actually an exit */
+        np--;
+        /* this node is unusable as an exit */
+        nu--;
+      }
+    } SMARTLIST_FOREACH_END(node);
+
+    log_debug(LD_NET,
+              "%s: %d present, %d usable",
+              "myexits_unflagged (final)",
+              np,
+              nu);
+
+    f_myexit= frac_nodes_with_descriptors(myexits,WEIGHT_FOR_EXIT);
+    f_myexit_unflagged=
+              frac_nodes_with_descriptors(myexits_unflagged,WEIGHT_FOR_EXIT);
+
+    log_debug(LD_NET,
+              "f_exit: %.2f, f_myexit: %.2f, f_myexit_unflagged: %.2f",
+              f_exit,
+              f_myexit,
+              f_myexit_unflagged);
+
+    /* If our ExitNodes list has eliminated every possible Exit node, and there
+     * were some possible Exit nodes, then instead consider nodes that permit
+     * exiting to some ports. */
+    if (smartlist_len(myexits) == 0 &&
+        smartlist_len(myexits_unflagged)) {
+      f_myexit = f_myexit_unflagged;
+    }
+
+    smartlist_free(myexits);
+    smartlist_free(myexits_unflagged);
+
+    /* This is a tricky point here: we don't want to make it easy for a
+     * directory to trickle exits to us until it learns which exits we have
+     * configured, so require that we have a threshold both of total exits
+     * and usable exits. */
+    if (f_myexit < f_exit)
+      f_exit = f_myexit;
+  }
+
+  /* if the consensus has no exits, treat the exit fraction as 100% */
+  if (router_have_consensus_path() != CONSENSUS_PATH_EXIT) {
+    f_exit = 1.0;
+  }
+
+  f_path = f_guard * f_mid * f_exit;
 
   if (status_out)
     tor_asprintf(status_out,
                  "%d%% of guards bw, "
                  "%d%% of midpoint bw, and "
-                 "%d%% of exit bw",
+                 "%d%% of exit bw%s = "
+                 "%d%% of path bw",
                  (int)(f_guard*100),
                  (int)(f_mid*100),
-                 (int)(f_exit*100));
+                 (int)(f_exit*100),
+                 (router_have_consensus_path() == CONSENSUS_PATH_EXIT ?
+                  "" :
+                  " (no exits in consensus)"),
+                 (int)(f_path*100));
 
-  return f_guard * f_mid * f_exit;
+  return f_path;
 }
 
 /** We just fetched a new set of descriptors. Compute how far through
@@ -1523,6 +1859,7 @@ update_router_have_minimum_dir_info(void)
 
   using_md = consensus->flavor == FLAV_MICRODESC;
 
+  /* Check fraction of available paths */
   {
     char *status = NULL;
     int num_present=0, num_usable=0;
@@ -1536,7 +1873,6 @@ update_router_have_minimum_dir_info(void)
                    "can only build %d%% of likely paths. (We have %s.)",
                    using_md?"micro":"", num_present, num_usable,
                    (int)(paths*100), status);
-      /* log_notice(LD_NET, "%s", dir_info_status); */
       tor_free(status);
       res = 0;
       control_event_bootstrap(BOOTSTRAP_STATUS_REQUESTING_DESCRIPTORS, 0);
@@ -1548,12 +1884,17 @@ update_router_have_minimum_dir_info(void)
   }
 
  done:
+
+  /* If paths have just become available in this update. */
   if (res && !have_min_dir_info) {
-    log_notice(LD_DIR,
-        "We now have enough directory information to build circuits.");
     control_event_client_status(LOG_NOTICE, "ENOUGH_DIR_INFO");
-    control_event_bootstrap(BOOTSTRAP_STATUS_CONN_OR, 0);
+    if (control_event_bootstrap(BOOTSTRAP_STATUS_CONN_OR, 0) == 0) {
+      log_notice(LD_DIR,
+              "We now have enough directory information to build circuits.");
+    }
   }
+
+  /* If paths have just become unavailable in this update. */
   if (!res && have_min_dir_info) {
     int quiet = directory_too_idle_to_fetch_descriptors(options, now);
     tor_log(quiet ? LOG_INFO : LOG_NOTICE, LD_DIR,
@@ -1564,8 +1905,8 @@ update_router_have_minimum_dir_info(void)
      * is back up and usable, and b) disable some activities that Tor
      * should only do while circuits are working, like reachability tests
      * and fetching bridge descriptors only over circuits. */
-    can_complete_circuit = 0;
-
+    note_that_we_maybe_cant_complete_circuits();
+    have_consensus_path = CONSENSUS_PATH_UNKNOWN;
     control_event_client_status(LOG_NOTICE, "NOT_ENOUGH_DIR_INFO");
   }
   have_min_dir_info = res;
diff --git a/src/or/nodelist.h b/src/or/nodelist.h
index 8e719e012d..71a91e107f 100644
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -31,7 +31,8 @@ smartlist_t *nodelist_find_nodes_with_microdesc(const microdesc_t *md);
 void nodelist_free_all(void);
 void nodelist_assert_ok(void);
 
-const node_t *node_get_by_nickname(const char *nickname, int warn_if_unnamed);
+MOCK_DECL(const node_t *, node_get_by_nickname,
+    (const char *nickname, int warn_if_unnamed));
 void node_get_verbose_nickname(const node_t *node,
                                char *verbose_name_out);
 void node_get_verbose_nickname_by_id(const char *id_digest,
@@ -54,13 +55,23 @@ void node_get_address_string(const node_t *node, char *cp, size_t len);
 long node_get_declared_uptime(const node_t *node);
 time_t node_get_published_on(const node_t *node);
 const smartlist_t *node_get_declared_family(const node_t *node);
-int node_ipv6_preferred(const node_t *node);
+
+int node_has_ipv6_addr(const node_t *node);
+int node_has_ipv6_orport(const node_t *node);
+int node_has_ipv6_dirport(const node_t *node);
+/* Deprecated - use node_ipv6_or_preferred or node_ipv6_dir_preferred */
+#define node_ipv6_preferred(node) node_ipv6_or_preferred(node)
+int node_ipv6_or_preferred(const node_t *node);
 int node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out);
 void node_get_pref_orport(const node_t *node, tor_addr_port_t *ap_out);
 void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out);
+int node_ipv6_dir_preferred(const node_t *node);
+int node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out);
+void node_get_pref_dirport(const node_t *node, tor_addr_port_t *ap_out);
+void node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out);
 int node_has_curve25519_onion_key(const node_t *node);
 
-smartlist_t *nodelist_get_list(void);
+MOCK_DECL(smartlist_t *, nodelist_get_list, (void));
 
 /* Temporary during transition to multiple addresses.  */
 void node_get_addr(const node_t *node, tor_addr_t *addr_out);
@@ -78,7 +89,37 @@ int node_is_unreliable(const node_t *router, int need_uptime,
 int router_exit_policy_all_nodes_reject(const tor_addr_t *addr, uint16_t port,
                                         int need_uptime);
 void router_set_status(const char *digest, int up);
+
+/** router_have_minimum_dir_info tests to see if we have enough
+ * descriptor information to create circuits.
+ * If there are exits in the consensus, we wait until we have enough
+ * info to create exit paths before creating any circuits. If there are
+ * no exits in the consensus, we wait for enough info to create internal
+ * paths, and should avoid creating exit paths, as they will simply fail.
+ * We make sure we create all available circuit types at the same time. */
 int router_have_minimum_dir_info(void);
+
+/** Set to CONSENSUS_PATH_EXIT if there is at least one exit node
+ * in the consensus. We update this flag in compute_frac_paths_available if
+ * there is at least one relay that has an Exit flag in the consensus.
+ * Used to avoid building exit circuits when they will almost certainly fail.
+ * Set to CONSENSUS_PATH_INTERNAL if there are no exits in the consensus.
+ * (This situation typically occurs during bootstrap of a test network.)
+ * Set to CONSENSUS_PATH_UNKNOWN if we have never checked, or have
+ * reason to believe our last known value was invalid or has expired.
+ */
+typedef enum {
+  /* we haven't checked yet, or we have invalidated our previous check */
+  CONSENSUS_PATH_UNKNOWN = -1,
+  /* The consensus only has internal relays, and we should only
+   * create internal paths, circuits, streams, ... */
+  CONSENSUS_PATH_INTERNAL = 0,
+  /* The consensus has at least one exit, and can therefore (potentially)
+   * create exit and internal paths, circuits, streams, ... */
+  CONSENSUS_PATH_EXIT = 1
+} consensus_path_type_t;
+consensus_path_type_t router_have_consensus_path(void);
+
 void router_dir_info_changed(void);
 const char *get_dir_info_status_string(void);
 int count_loading_descriptors_progress(void);
diff --git a/src/or/ntmain.c b/src/or/ntmain.c
index e848314043..ded0e0d307 100644
--- a/src/or/ntmain.c
+++ b/src/or/ntmain.c
@@ -1,8 +1,16 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file ntmain.c
+ *
+ * \brief Entry points for running/configuring Tor as Windows Service.
+ */
+
+#ifdef _WIN32
+
 #include "or.h"
 #include "config.h"
 #include "main.h"
@@ -315,8 +323,10 @@ nt_service_main(void)
       case CMD_HASH_PASSWORD:
       case CMD_VERIFY_CONFIG:
       case CMD_DUMP_CONFIG:
+      case CMD_KEYGEN:
         log_err(LD_CONFIG, "Unsupported command (--list-fingerprint, "
-                "--hash-password, or --verify-config) in NT service.");
+               "--hash-password, --keygen, --dump-config, or --verify-config) "
+                "in NT service.");
         break;
       case CMD_RUN_UNITTESTS:
       default:
@@ -762,3 +772,5 @@ nt_service_parse_options(int argc, char **argv, int *should_exit)
   return 0;
 }
 
+#endif
+
diff --git a/src/or/ntmain.h b/src/or/ntmain.h
index d3027936cd..31bf38c62c 100644
--- a/src/or/ntmain.h
+++ b/src/or/ntmain.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -13,10 +13,8 @@
 #define TOR_NTMAIN_H
 
 #ifdef _WIN32
-#if !defined (WINCE)
 #define NT_SERVICE
 #endif
-#endif
 
 #ifdef NT_SERVICE
 int nt_service_parse_options(int argc, char **argv, int *should_exit);
diff --git a/src/or/onion.c b/src/or/onion.c
index ae39f451f4..d6ef3673dd 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type)
        (uint64_t)options->MaxOnionQueueDelay)
     return 0;
 
-#ifdef CURVE25519_ENABLED
   /* If we support the ntor handshake, then don't let TAP handshakes use
    * more than 2/3 of the space on the queue. */
   if (type == ONION_HANDSHAKE_TYPE_TAP &&
       tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
     return 0;
-#else
-  (void) type;
-#endif
 
   return 1;
 }
@@ -299,6 +295,8 @@ onion_pending_remove(or_circuit_t *circ)
   victim = circ->onionqueue_entry;
   if (victim)
     onion_queue_entry_remove(victim);
+
+  cpuworker_cancel_circ_handshake(circ);
 }
 
 /** Remove a queue entry <b>victim</b> from the queue, unlinking it from
@@ -343,38 +341,35 @@ clear_pending_onions(void)
 
 /* ============================================================ */
 
-/** Fill in a server_onion_keys_t object at <b>keys</b> with all of the keys
+/** Return a new server_onion_keys_t object with all of the keys
  * and other info we might need to do onion handshakes.  (We make a copy of
  * our keys for each cpuworker to avoid race conditions with the main thread,
  * and to avoid locking) */
-void
-setup_server_onion_keys(server_onion_keys_t *keys)
+server_onion_keys_t *
+server_onion_keys_new(void)
 {
-  memset(keys, 0, sizeof(server_onion_keys_t));
+  server_onion_keys_t *keys = tor_malloc_zero(sizeof(server_onion_keys_t));
   memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
   dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
-#ifdef CURVE25519_ENABLED
   keys->curve25519_key_map = construct_ntor_key_map();
   keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
   curve25519_keypair_generate(keys->junk_keypair, 0);
-#endif
+  return keys;
 }
 
-/** Release all storage held in <b>keys</b>, but do not free <b>keys</b>
- * itself (as it's likely to be stack-allocated.) */
+/** Release all storage held in <b>keys</b>. */
 void
-release_server_onion_keys(server_onion_keys_t *keys)
+server_onion_keys_free(server_onion_keys_t *keys)
 {
   if (! keys)
     return;
 
   crypto_pk_free(keys->onion_key);
   crypto_pk_free(keys->last_onion_key);
-#ifdef CURVE25519_ENABLED
   ntor_key_map_free(keys->curve25519_key_map);
   tor_free(keys->junk_keypair);
-#endif
-  memset(keys, 0, sizeof(server_onion_keys_t));
+  memwipe(keys, 0, sizeof(server_onion_keys_t));
+  tor_free(keys);
 }
 
 /** Release whatever storage is held in <b>state</b>, depending on its
@@ -391,12 +386,10 @@ onion_handshake_state_release(onion_handshake_state_t *state)
     fast_handshake_state_free(state->u.fast);
     state->u.fast = NULL;
     break;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     ntor_handshake_state_free(state->u.ntor);
     state->u.ntor = NULL;
     break;
-#endif
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d",
              (int)state->tag);
@@ -436,7 +429,6 @@ onion_skin_create(int type,
     r = CREATE_FAST_LEN;
     break;
   case ONION_HANDSHAKE_TYPE_NTOR:
-#ifdef CURVE25519_ENABLED
     if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key,
                         CURVE25519_PUBKEY_LEN))
       return -1;
@@ -447,9 +439,6 @@ onion_skin_create(int type,
       return -1;
 
     r = NTOR_ONIONSKIN_LEN;
-#else
-    return -1;
-#endif
     break;
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@@ -501,7 +490,6 @@ onion_skin_server_handshake(int type,
     memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
     break;
   case ONION_HANDSHAKE_TYPE_NTOR:
-#ifdef CURVE25519_ENABLED
     if (onionskin_len < NTOR_ONIONSKIN_LEN)
       return -1;
     {
@@ -522,9 +510,6 @@ onion_skin_server_handshake(int type,
       tor_free(keys_tmp);
       r = NTOR_REPLY_LEN;
     }
-#else
-    return -1;
-#endif
     break;
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@@ -541,13 +526,15 @@ onion_skin_server_handshake(int type,
  * bytes worth of key material in <b>keys_out_len</b>, set
  * <b>rend_authenticator_out</b> to the "KH" field that can be used to
  * establish introduction points at this hop, and return 0. On failure,
- * return -1. */
+ * return -1, and set *msg_out to an error message if this is worth
+ * complaining to the usre about. */
 int
 onion_skin_client_handshake(int type,
                       const onion_handshake_state_t *handshake_state,
                       const uint8_t *reply, size_t reply_len,
                       uint8_t *keys_out, size_t keys_out_len,
-                      uint8_t *rend_authenticator_out)
+                      uint8_t *rend_authenticator_out,
+                      const char **msg_out)
 {
   if (handshake_state->tag != type)
     return -1;
@@ -555,12 +542,14 @@ onion_skin_client_handshake(int type,
   switch (type) {
   case ONION_HANDSHAKE_TYPE_TAP:
     if (reply_len != TAP_ONIONSKIN_REPLY_LEN) {
-      log_warn(LD_CIRC, "TAP reply was not of the correct length.");
+      if (msg_out)
+        *msg_out = "TAP reply was not of the correct length.";
       return -1;
     }
     if (onion_skin_TAP_client_handshake(handshake_state->u.tap,
                                         (const char*)reply,
-                                        (char *)keys_out, keys_out_len) < 0)
+                                        (char *)keys_out, keys_out_len,
+                                        msg_out) < 0)
       return -1;
 
     memcpy(rend_authenticator_out, reply+DH_KEY_LEN, DIGEST_LEN);
@@ -568,27 +557,28 @@ onion_skin_client_handshake(int type,
     return 0;
   case ONION_HANDSHAKE_TYPE_FAST:
     if (reply_len != CREATED_FAST_LEN) {
-      log_warn(LD_CIRC, "CREATED_FAST reply was not of the correct length.");
+      if (msg_out)
+        *msg_out = "TAP reply was not of the correct length.";
       return -1;
     }
     if (fast_client_handshake(handshake_state->u.fast, reply,
-                              keys_out, keys_out_len) < 0)
+                              keys_out, keys_out_len, msg_out) < 0)
       return -1;
 
     memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
     return 0;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     if (reply_len < NTOR_REPLY_LEN) {
-      log_warn(LD_CIRC, "ntor reply was not of the correct length.");
+      if (msg_out)
+        *msg_out = "ntor reply was not of the correct length.";
       return -1;
     }
     {
       size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
       uint8_t *keys_tmp = tor_malloc(keys_tmp_len);
       if (onion_skin_ntor_client_handshake(handshake_state->u.ntor,
-                                           reply,
-                                           keys_tmp, keys_tmp_len) < 0) {
+                                        reply,
+                                        keys_tmp, keys_tmp_len, msg_out) < 0) {
         tor_free(keys_tmp);
         return -1;
       }
@@ -598,7 +588,6 @@ onion_skin_client_handshake(int type,
       tor_free(keys_tmp);
     }
     return 0;
-#endif
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
     tor_fragile_assert();
@@ -637,12 +626,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok)
     if (cell->handshake_len != CREATE_FAST_LEN)
       return -1;
     break;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     if (cell->handshake_len != NTOR_ONIONSKIN_LEN)
       return -1;
     break;
-#endif
   default:
     if (! unknown_ok)
       return -1;
diff --git a/src/or/onion.h b/src/or/onion.h
index d62f032b87..0275fa00d2 100644
--- a/src/or/onion.h
+++ b/src/or/onion.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -23,17 +23,15 @@ typedef struct server_onion_keys_t {
   uint8_t my_identity[DIGEST_LEN];
   crypto_pk_t *onion_key;
   crypto_pk_t *last_onion_key;
-#ifdef CURVE25519_ENABLED
   di_digest256_map_t *curve25519_key_map;
   curve25519_keypair_t *junk_keypair;
-#endif
 } server_onion_keys_t;
 
 #define MAX_ONIONSKIN_CHALLENGE_LEN 255
 #define MAX_ONIONSKIN_REPLY_LEN 255
 
-void setup_server_onion_keys(server_onion_keys_t *keys);
-void release_server_onion_keys(server_onion_keys_t *keys);
+server_onion_keys_t *server_onion_keys_new(void);
+void server_onion_keys_free(server_onion_keys_t *keys);
 
 void onion_handshake_state_release(onion_handshake_state_t *state);
 
@@ -51,7 +49,8 @@ int onion_skin_client_handshake(int type,
                       const onion_handshake_state_t *handshake_state,
                       const uint8_t *reply, size_t reply_len,
                       uint8_t *keys_out, size_t key_out_len,
-                      uint8_t *rend_authenticator_out);
+                      uint8_t *rend_authenticator_out,
+                      const char **msg_out);
 
 /** A parsed CREATE, CREATE_FAST, or CREATE2 cell. */
 typedef struct create_cell_t {
diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c
index 38b62decc3..1f79860596 100644
--- a/src/or/onion_fast.c
+++ b/src/or/onion_fast.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -30,10 +30,7 @@ fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
 {
   fast_handshake_state_t *s;
   *handshake_state_out = s = tor_malloc(sizeof(fast_handshake_state_t));
-  if (crypto_rand((char*)s->state, sizeof(s->state)) < 0) {
-    tor_free(s);
-    return -1;
-  }
+  crypto_rand((char*)s->state, sizeof(s->state));
   memcpy(handshake_out, s->state, DIGEST_LEN);
   return 0;
 }
@@ -56,8 +53,7 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */
   size_t out_len;
   int r = -1;
 
-  if (crypto_rand((char*)handshake_reply_out, DIGEST_LEN)<0)
-    return -1;
+  crypto_rand((char*)handshake_reply_out, DIGEST_LEN);
 
   memcpy(tmp, key_in, DIGEST_LEN);
   memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
@@ -92,7 +88,8 @@ int
 fast_client_handshake(const fast_handshake_state_t *handshake_state,
                       const uint8_t *handshake_reply_out,/*DIGEST_LEN*2 bytes*/
                       uint8_t *key_out,
-                      size_t key_out_len)
+                      size_t key_out_len,
+                      const char **msg_out)
 {
   uint8_t tmp[DIGEST_LEN+DIGEST_LEN];
   uint8_t *out;
@@ -104,13 +101,14 @@ fast_client_handshake(const fast_handshake_state_t *handshake_state,
   out_len = key_out_len+DIGEST_LEN;
   out = tor_malloc(out_len);
   if (crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len)) {
-    log_warn(LD_CIRC, "Failed to expand key material");
+    if (msg_out)
+      *msg_out = "Failed to expand key material";
     goto done;
   }
   if (tor_memneq(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) {
     /* H(K) does *not* match. Something fishy. */
-    log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
-             "Bug or attack.");
+    if (msg_out)
+      *msg_out = "Digest DOES NOT MATCH on fast handshake. Bug or attack.";
     goto done;
   }
   memcpy(key_out, out+DIGEST_LEN, key_out_len);
diff --git a/src/or/onion_fast.h b/src/or/onion_fast.h
index 8c078378d2..b9626002c3 100644
--- a/src/or/onion_fast.h
+++ b/src/or/onion_fast.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -32,7 +32,8 @@ int fast_server_handshake(const uint8_t *message_in,
 int fast_client_handshake(const fast_handshake_state_t *handshake_state,
                           const uint8_t *handshake_reply_out,
                           uint8_t *key_out,
-                          size_t key_out_len);
+                          size_t key_out_len,
+                          const char **msg_out);
 
 #endif
 
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index ef501f69da..9f97a4cfbe 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -1,10 +1,16 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file onion_ntor.c
+ *
+ * \brief Implementation for the ntor handshake.
+ */
+
 #include "orconfig.h"
 
-#include "crypto.h"
 #define ONION_NTOR_PRIVATE
+#include "crypto.h"
 #include "onion_ntor.h"
 #include "torlog.h"
 #include "util.h"
@@ -226,7 +232,8 @@ onion_skin_ntor_client_handshake(
                              const ntor_handshake_state_t *handshake_state,
                              const uint8_t *handshake_reply,
                              uint8_t *key_out,
-                             size_t key_out_len)
+                             size_t key_out_len,
+                             const char **msg_out)
 {
   const tweakset_t *T = &proto1_tweaks;
   /* Sensitive stack-allocated material. Kept in an anonymous struct to make
@@ -292,7 +299,19 @@ onion_skin_ntor_client_handshake(
   memwipe(&s, 0, sizeof(s));
 
   if (bad) {
-    log_warn(LD_PROTOCOL, "Invalid result from curve25519 handshake: %d", bad);
+    if (bad & 4) {
+      if (msg_out)
+        *msg_out = NULL; /* Don't report this one; we probably just had the
+                          * wrong onion key.*/
+      log_fn(LOG_INFO, LD_PROTOCOL,
+             "Invalid result from curve25519 handshake: %d", bad);
+    }
+    if (bad & 3) {
+      if (msg_out)
+        *msg_out = "Zero output from curve25519 handshake";
+      log_fn(LOG_WARN, LD_PROTOCOL,
+             "Invalid result from curve25519 handshake: %d", bad);
+    }
   }
 
   return bad ? -1 : 0;
diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h
index c942e6e0f0..f637b437fd 100644
--- a/src/or/onion_ntor.h
+++ b/src/or/onion_ntor.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_ONION_NTOR_H
@@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t;
 /** Length of an ntor reply, as sent from server to client. */
 #define NTOR_REPLY_LEN 64
 
-#ifdef CURVE25519_ENABLED
 void ntor_handshake_state_free(ntor_handshake_state_t *state);
 
 int onion_skin_ntor_create(const uint8_t *router_id,
@@ -37,7 +36,8 @@ int onion_skin_ntor_client_handshake(
                              const ntor_handshake_state_t *handshake_state,
                              const uint8_t *handshake_reply,
                              uint8_t *key_out,
-                             size_t key_out_len);
+                             size_t key_out_len,
+                             const char **msg_out);
 
 #ifdef ONION_NTOR_PRIVATE
 
@@ -59,5 +59,3 @@ struct ntor_handshake_state_t {
 
 #endif
 
-#endif
-
diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c
index 65f8275f75..bfd472351f 100644
--- a/src/or/onion_tap.c
+++ b/src/or/onion_tap.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -183,7 +183,8 @@ int
 onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
             const char *handshake_reply, /* TAP_ONIONSKIN_REPLY_LEN bytes */
             char *key_out,
-            size_t key_out_len)
+            size_t key_out_len,
+            const char **msg_out)
 {
   ssize_t len;
   char *key_material=NULL;
@@ -196,14 +197,15 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
                                  handshake_reply, DH_KEY_LEN, key_material,
                                  key_material_len);
   if (len < 0) {
-    log_warn(LD_PROTOCOL,"DH computation failed.");
+    if (msg_out)
+      *msg_out = "DH computation failed.";
     goto err;
   }
 
   if (tor_memneq(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) {
     /* H(K) does *not* match. Something fishy. */
-    log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. "
-             "Bug or attack.");
+    if (msg_out)
+      *msg_out = "Digest DOES NOT MATCH on onion handshake. Bug or attack.";
     goto err;
   }
 
diff --git a/src/or/onion_tap.h b/src/or/onion_tap.h
index b978b66737..a2880f6e98 100644
--- a/src/or/onion_tap.h
+++ b/src/or/onion_tap.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -31,7 +31,8 @@ int onion_skin_TAP_server_handshake(const char *onion_skin,
 int onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
                                 const char *handshake_reply,
                                 char *key_out,
-                                size_t key_out_len);
+                                size_t key_out_len,
+                                const char **msg_out);
 
 #endif
 
diff --git a/src/or/or.h b/src/or/or.h
index adf3cfa866..da84128530 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -14,7 +14,7 @@
 
 #include "orconfig.h"
 
-#ifdef __COVERITY__
+#if defined(__clang_analyzer__) || defined(__COVERITY__)
 /* If we're building for a static analysis, turn on all the off-by-default
  * features. */
 #ifndef INSTRUMENT_DOWNLOADS
@@ -22,13 +22,6 @@
 #endif
 #endif
 
-#ifdef _WIN32
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
-#endif
-#define WIN32_LEAN_AND_MEAN
-#endif
-
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -74,6 +67,7 @@
 #endif
 
 #ifdef _WIN32
+#include <winsock2.h>
 #include <io.h>
 #include <process.h>
 #include <direct.h>
@@ -87,8 +81,9 @@
 #endif
 
 #include "crypto.h"
+#include "crypto_format.h"
 #include "tortls.h"
-#include "../common/torlog.h"
+#include "torlog.h"
 #include "container.h"
 #include "torgzip.h"
 #include "address.h"
@@ -96,7 +91,9 @@
 #include "ht.h"
 #include "replaycache.h"
 #include "crypto_curve25519.h"
+#include "crypto_ed25519.h"
 #include "tor_queue.h"
+#include "util_format.h"
 
 /* These signals are defined to help handle_control_signal work.
  */
@@ -119,6 +116,7 @@
  * conflict with system-defined signals. */
 #define SIGNEWNYM 129
 #define SIGCLEARDNSCACHE 130
+#define SIGHEARTBEAT 131
 
 #if (SIZEOF_CELL_T != 0)
 /* On Irix, stdlib.h defines a cell_t type, so we need to make sure
@@ -212,8 +210,7 @@ typedef enum {
 #define CONN_TYPE_DIR_LISTENER 8
 /** Type for HTTP connections to the directory server. */
 #define CONN_TYPE_DIR 9
-/** Connection from the main process to a CPU worker process. */
-#define CONN_TYPE_CPUWORKER 10
+/* Type 10 is unused. */
 /** Type for listening for connections from user interface process. */
 #define CONN_TYPE_CONTROL_LISTENER 11
 /** Type for connections from user interface process. */
@@ -241,7 +238,7 @@ typedef enum {
 #define PROXY_CONNECT 1
 #define PROXY_SOCKS4 2
 #define PROXY_SOCKS5 3
-/* !!!! If there is ever a PROXY_* type over 2, we must grow the proxy_type
+/* !!!! If there is ever a PROXY_* type over 3, we must grow the proxy_type
  * field in or_connection_t */
 
 /* Pluggable transport proxy type. Don't use this in or_connection_t,
@@ -275,17 +272,6 @@ typedef enum {
 /** State for any listener connection. */
 #define LISTENER_STATE_READY 0
 
-#define CPUWORKER_STATE_MIN_ 1
-/** State for a connection to a cpuworker process that's idle. */
-#define CPUWORKER_STATE_IDLE 1
-/** State for a connection to a cpuworker process that's processing a
- * handshake. */
-#define CPUWORKER_STATE_BUSY_ONION 2
-#define CPUWORKER_STATE_MAX_ 2
-
-#define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
-#define CPUWORKER_TASK_SHUTDOWN 255
-
 #define OR_CONN_STATE_MIN_ 1
 /** State for a connection to an OR: waiting for connect() to finish. */
 #define OR_CONN_STATE_CONNECTING 1
@@ -472,9 +458,11 @@ typedef enum {
 #define CIRCUIT_PURPOSE_OR_MIN_ 1
 /** OR-side circuit purpose: normal circuit, at OR. */
 #define CIRCUIT_PURPOSE_OR 1
-/** OR-side circuit purpose: At OR, from Bob, waiting for intro from Alices. */
+/** OR-side circuit purpose: At OR, from the service, waiting for intro from
+ * clients. */
 #define CIRCUIT_PURPOSE_INTRO_POINT 2
-/** OR-side circuit purpose: At OR, from Alice, waiting for Bob. */
+/** OR-side circuit purpose: At OR, from the client, waiting for the service.
+ */
 #define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
 /** OR-side circuit purpose: At OR, both circuits have this purpose. */
 #define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
@@ -493,43 +481,47 @@ typedef enum {
  *     to becoming open, or they are open and have sent the
  *     establish_rendezvous cell but haven't received an ack.
  *   circuits that are c_rend_ready are open and have received a
- *     rend ack, but haven't heard from bob yet. if they have a
+ *     rend ack, but haven't heard from the service yet. if they have a
  *     buildstate->pending_final_cpath then they're expecting a
- *     cell from bob, else they're not.
+ *     cell from the service, else they're not.
  *   circuits that are c_rend_ready_intro_acked are open, and
  *     some intro circ has sent its intro and received an ack.
  *   circuits that are c_rend_joined are open, have heard from
- *     bob, and are talking to him.
+ *     the service, and are talking to it.
  */
 /** Client-side circuit purpose: Normal circuit, with cpath. */
 #define CIRCUIT_PURPOSE_C_GENERAL 5
-/** Client-side circuit purpose: at Alice, connecting to intro point. */
+/** Client-side circuit purpose: at the client, connecting to intro point. */
 #define CIRCUIT_PURPOSE_C_INTRODUCING 6
-/** Client-side circuit purpose: at Alice, sent INTRODUCE1 to intro point,
+/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point,
  * waiting for ACK/NAK. */
 #define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
-/** Client-side circuit purpose: at Alice, introduced and acked, closing. */
+/** Client-side circuit purpose: at the client, introduced and acked, closing.
+ */
 #define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
-/** Client-side circuit purpose: at Alice, waiting for ack. */
+/** Client-side circuit purpose: at the client, waiting for ack. */
 #define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
-/** Client-side circuit purpose: at Alice, waiting for Bob. */
+/** Client-side circuit purpose: at the client, waiting for the service. */
 #define CIRCUIT_PURPOSE_C_REND_READY 10
-/** Client-side circuit purpose: at Alice, waiting for Bob, INTRODUCE
- * has been acknowledged. */
+/** Client-side circuit purpose: at the client, waiting for the service,
+ * INTRODUCE has been acknowledged. */
 #define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
-/** Client-side circuit purpose: at Alice, rendezvous established. */
+/** Client-side circuit purpose: at the client, rendezvous established. */
 #define CIRCUIT_PURPOSE_C_REND_JOINED 12
 /** This circuit is used for build time measurement only */
 #define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 13
 #define CIRCUIT_PURPOSE_C_MAX_ 13
-/** Hidden-service-side circuit purpose: at Bob, waiting for introductions. */
+/** Hidden-service-side circuit purpose: at the service, waiting for
+ * introductions. */
 #define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 14
-/** Hidden-service-side circuit purpose: at Bob, successfully established
- * intro. */
+/** Hidden-service-side circuit purpose: at the service, successfully
+ * established intro. */
 #define CIRCUIT_PURPOSE_S_INTRO 15
-/** Hidden-service-side circuit purpose: at Bob, connecting to rend point. */
+/** Hidden-service-side circuit purpose: at the service, connecting to rend
+ * point. */
 #define CIRCUIT_PURPOSE_S_CONNECT_REND 16
-/** Hidden-service-side circuit purpose: at Bob, rendezvous established. */
+/** Hidden-service-side circuit purpose: at the service, rendezvous
+ * established. */
 #define CIRCUIT_PURPOSE_S_REND_JOINED 17
 /** A testing circuit; not meant to be used for actual traffic. */
 #define CIRCUIT_PURPOSE_TESTING 18
@@ -676,6 +668,10 @@ typedef enum {
 
 /* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
  * call; they only go to the controller for tracking  */
+
+/* Closing introduction point that were opened in parallel. */
+#define END_CIRC_REASON_IP_NOW_REDUNDANT -4
+
 /** Our post-timeout circuit time measurement period expired.
  * We must give up now */
 #define END_CIRC_REASON_MEASUREMENT_EXPIRED -3
@@ -800,17 +796,34 @@ typedef struct rend_data_t {
   /** Onion address (without the .onion part) that a client requests. */
   char onion_address[REND_SERVICE_ID_LEN_BASE32+1];
 
+  /** Descriptor ID for each replicas computed from the onion address. If
+   * the onion address is empty, this array MUST be empty. We keep them so
+   * we know when to purge our entry in the last hsdir request table. */
+  char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN];
+
   /** (Optional) descriptor cookie that is used by a client. */
   char descriptor_cookie[REND_DESC_COOKIE_LEN];
 
   /** Authorization type for accessing a service used by a client. */
   rend_auth_type_t auth_type;
 
+  /** Descriptor ID for a client request. The control port command HSFETCH
+   * uses this. It's set if the descriptor query should only use this
+   * descriptor ID. */
+  char desc_id_fetch[DIGEST_LEN];
+
   /** Hash of the hidden service's PK used by a service. */
   char rend_pk_digest[DIGEST_LEN];
 
   /** Rendezvous cookie used by both, client and service. */
   char rend_cookie[REND_COOKIE_LEN];
+
+  /** List of HSDir fingerprints on which this request has been sent to.
+   * This contains binary identity digest of the directory. */
+  smartlist_t *hsdirs_fp;
+
+  /** Number of streams associated with this rendezvous circuit. */
+  int nr_streams;
 } rend_data_t;
 
 /** Time interval for tracking replays of DH public keys received in
@@ -908,18 +921,18 @@ typedef enum {
 #define VAR_CELL_MAX_HEADER_SIZE 7
 
 static int get_cell_network_size(int wide_circ_ids);
-static INLINE int get_cell_network_size(int wide_circ_ids)
+static inline int get_cell_network_size(int wide_circ_ids)
 {
   return wide_circ_ids ? CELL_MAX_NETWORK_SIZE : CELL_MAX_NETWORK_SIZE - 2;
 }
 static int get_var_cell_header_size(int wide_circ_ids);
-static INLINE int get_var_cell_header_size(int wide_circ_ids)
+static inline int get_var_cell_header_size(int wide_circ_ids)
 {
   return wide_circ_ids ? VAR_CELL_MAX_HEADER_SIZE :
     VAR_CELL_MAX_HEADER_SIZE - 2;
 }
 static int get_circ_id_size(int wide_circ_ids);
-static INLINE int get_circ_id_size(int wide_circ_ids)
+static inline int get_circ_id_size(int wide_circ_ids)
 {
   return wide_circ_ids ? 4 : 2;
 }
@@ -1138,6 +1151,53 @@ typedef struct socks_request_t socks_request_t;
 #define generic_buffer_t buf_t
 #endif
 
+typedef struct entry_port_cfg_t {
+  /* Client port types (socks, dns, trans, natd) only: */
+  uint8_t isolation_flags; /**< Zero or more isolation flags */
+  int session_group; /**< A session group, or -1 if this port is not in a
+                      * session group. */
+
+  /* Socks only: */
+  /** When both no-auth and user/pass are advertised by a SOCKS client, select
+   * no-auth. */
+  unsigned int socks_prefer_no_auth : 1;
+  /** When ISO_SOCKSAUTH is in use, Keep-Alive circuits indefinitely. */
+  unsigned int socks_iso_keep_alive : 1;
+
+  /* Client port types only: */
+  unsigned int ipv4_traffic : 1;
+  unsigned int ipv6_traffic : 1;
+  unsigned int prefer_ipv6 : 1;
+
+  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
+   * exit nodes tell us?
+   *
+   * @{ */
+  unsigned int cache_ipv4_answers : 1;
+  unsigned int cache_ipv6_answers : 1;
+  /** @} */
+  /** For a socks listeners: if we find an answer in our client-side DNS cache,
+   * should we use it?
+   *
+   * @{ */
+  unsigned int use_cached_ipv4_answers : 1;
+  unsigned int use_cached_ipv6_answers : 1;
+  /** @} */
+  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
+   * do we prefer IPv6? */
+  unsigned int prefer_ipv6_virtaddr : 1;
+
+} entry_port_cfg_t;
+
+typedef struct server_port_cfg_t {
+  /* Server port types (or, dir) only: */
+  unsigned int no_advertise : 1;
+  unsigned int no_listen : 1;
+  unsigned int all_addrs : 1;
+  unsigned int bind_ipv4_only : 1;
+  unsigned int bind_ipv6_only : 1;
+} server_port_cfg_t;
+
 /* Values for connection_t.magic: used to make sure that downcasts (casts from
 * connection_t to foo_connection_t) are safe. */
 #define BASE_CONNECTION_MAGIC 0x7C3C304Eu
@@ -1248,7 +1308,7 @@ typedef struct connection_t {
                               * marked.) */
   const char *marked_for_close_file; /**< For debugging: in which file were
                                       * we marked for close? */
-  char *address; /**< FQDN (or IP) of the guy on the other end.
+  char *address; /**< FQDN (or IP) of the other end.
                   * strdup into this, because free_connection() frees it. */
   /** Another connection that's connected to this one in lieu of a socket. */
   struct connection_t *linked_conn;
@@ -1273,52 +1333,7 @@ typedef struct listener_connection_t {
    * to the evdns_server_port it uses to listen to and answer connections. */
   struct evdns_server_port *dns_server_port;
 
-  /** @name Isolation parameters
-   *
-   * For an AP listener, these fields describe how to isolate streams that
-   * arrive on the listener.
-   *
-   * @{
-   */
-  /** The session group for this listener. */
-  int session_group;
-  /** One or more ISO_ flags to describe how to isolate streams. */
-  uint8_t isolation_flags;
-  /**@}*/
-  /** For SOCKS connections only: If this is set, we will choose "no
-   * authentication" instead of "username/password" authentication if both
-   * are offered. Used as input to parse_socks. */
-  unsigned int socks_prefer_no_auth : 1;
-
-  /** For a SOCKS listeners, these fields describe whether we should
-   * allow IPv4 and IPv6 addresses from our exit nodes, respectively.
-   *
-   * @{
-   */
-  unsigned int socks_ipv4_traffic : 1;
-  unsigned int socks_ipv6_traffic : 1;
-  /** @} */
-  /** For a socks listener: should we tell the exit that we prefer IPv6
-   * addresses? */
-  unsigned int socks_prefer_ipv6 : 1;
-
-  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
-   * exit nodes tell us?
-   *
-   * @{ */
-  unsigned int cache_ipv4_answers : 1;
-  unsigned int cache_ipv6_answers : 1;
-  /** @} */
-  /** For a socks listeners: if we find an answer in our client-side DNS cache,
-   * should we use it?
-   *
-   * @{ */
-  unsigned int use_cached_ipv4_answers : 1;
-  unsigned int use_cached_ipv6_answers : 1;
-  /** @} */
-  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
-   * do we prefer IPv6? */
-  unsigned int prefer_ipv6_virtaddr : 1;
+  entry_port_cfg_t entry_cfg;
 
 } listener_connection_t;
 
@@ -1343,6 +1358,8 @@ typedef struct listener_connection_t {
  * in the v3 handshake.  The subject key must be a 1024-bit RSA key; it
  * must be signed by the identity key */
 #define OR_CERT_TYPE_AUTH_1024 3
+/* DOCDOC */
+#define OR_CERT_TYPE_RSA_ED_CROSSCERT 7
 /**@}*/
 
 /** The one currently supported type of AUTHENTICATE cell.  It contains
@@ -1418,14 +1435,26 @@ typedef struct or_handshake_state_t {
    * @{
    */
   /** The cert for the key that's supposed to sign the AUTHENTICATE cell */
-  tor_cert_t *auth_cert;
+  tor_x509_cert_t *auth_cert;
   /** A self-signed identity certificate */
-  tor_cert_t *id_cert;
+  tor_x509_cert_t *id_cert;
   /**@}*/
 } or_handshake_state_t;
 
 /** Length of Extended ORPort connection identifier. */
 #define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */
+/*
+ * OR_CONN_HIGHWATER and OR_CONN_LOWWATER moved from connection_or.c so
+ * channeltls.c can see them too.
+ */
+
+/** When adding cells to an OR connection's outbuf, keep adding until the
+ * outbuf is at least this long, or we run out of cells. */
+#define OR_CONN_HIGHWATER (32*1024)
+
+/** Add cells to an OR connection's outbuf whenever the outbuf's data length
+ * drops below this size. */
+#define OR_CONN_LOWWATER (16*1024)
 
 /** Subtype of connection_t for an "OR connection" -- that is, one that speaks
  * cells over TLS. */
@@ -1517,6 +1546,12 @@ typedef struct or_connection_t {
   /** Last emptied write token bucket in msec since midnight; only used if
    * TB_EMPTY events are enabled. */
   uint32_t write_emptied_time;
+
+  /*
+   * Count the number of bytes flushed out on this orconn, and the number of
+   * bytes TLS actually sent - used for overhead estimation for scheduling.
+   */
+  uint64_t bytes_xmitted, bytes_xmitted_by_tls;
 } or_connection_t;
 
 /** Subtype of connection_t for an "edge connection" -- that is, an entry (ap)
@@ -1588,12 +1623,10 @@ typedef struct entry_connection_t {
                                    * only.) */
 
   /* === Isolation related, AP only. === */
-  /** AP only: based on which factors do we isolate this stream? */
-  uint8_t isolation_flags;
-  /** AP only: what session group is this stream in? */
-  int session_group;
+  entry_port_cfg_t entry_cfg;
   /** AP only: The newnym epoch in which we created this connection. */
   unsigned nym_epoch;
+
   /** AP only: The original requested address before we rewrote it. */
   char *original_dest_address;
   /* Other fields to isolate on already exist.  The ClientAddr is addr.  The
@@ -1619,6 +1652,13 @@ typedef struct entry_connection_t {
    * request that we're going to try to answer.  */
   struct evdns_server_request *dns_server_request;
 
+#define DEBUGGING_17659
+
+#ifdef DEBUGGING_17659
+  uint16_t marked_pending_circ_line;
+  const char *marked_pending_circ_file;
+#endif
+
 #define NUM_CIRCUITS_LAUNCHED_THRESHOLD 10
   /** Number of times we've launched a circuit to handle this stream. If
     * it gets too high, that could indicate an inconsistency between our
@@ -1652,33 +1692,8 @@ typedef struct entry_connection_t {
    */
   unsigned int may_use_optimistic_data : 1;
 
-  /** Should we permit IPv4 and IPv6 traffic to use this connection?
-   *
-   * @{ */
-  unsigned int ipv4_traffic_ok : 1;
-  unsigned int ipv6_traffic_ok : 1;
-  /** @} */
-  /** Should we say we prefer IPv6 traffic? */
-  unsigned int prefer_ipv6_traffic : 1;
-
-  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
-   * exit nodes tell us?
-   *
-   * @{ */
-  unsigned int cache_ipv4_answers : 1;
-  unsigned int cache_ipv6_answers : 1;
-  /** @} */
-  /** For a socks listeners: if we find an answer in our client-side DNS cache,
-   * should we use it?
-   *
-   * @{ */
-  unsigned int use_cached_ipv4_answers : 1;
-  unsigned int use_cached_ipv6_answers : 1;
-  /** @} */
-  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
-   * do we prefer IPv6? */
-  unsigned int prefer_ipv6_virtaddr : 1;
-
+  /** Are we a socks SocksSocket listener? */
+  unsigned int is_socks_socket:1;
 } entry_connection_t;
 
 typedef enum {
@@ -1747,6 +1762,9 @@ typedef struct control_connection_t {
    * connection. */
   unsigned int is_owning_control_connection:1;
 
+  /** List of ephemeral onion services belonging to this connection. */
+  smartlist_t *ephemeral_onion_services;
+
   /** If we have sent an AUTHCHALLENGE reply on this connection and
    * have not received a successful AUTHENTICATE command, points to
    * the value which the client must send to authenticate itself;
@@ -1794,38 +1812,38 @@ static control_connection_t *TO_CONTROL_CONN(connection_t *);
  * invalid. */
 static listener_connection_t *TO_LISTENER_CONN(connection_t *);
 
-static INLINE or_connection_t *TO_OR_CONN(connection_t *c)
+static inline or_connection_t *TO_OR_CONN(connection_t *c)
 {
   tor_assert(c->magic == OR_CONNECTION_MAGIC);
   return DOWNCAST(or_connection_t, c);
 }
-static INLINE dir_connection_t *TO_DIR_CONN(connection_t *c)
+static inline dir_connection_t *TO_DIR_CONN(connection_t *c)
 {
   tor_assert(c->magic == DIR_CONNECTION_MAGIC);
   return DOWNCAST(dir_connection_t, c);
 }
-static INLINE edge_connection_t *TO_EDGE_CONN(connection_t *c)
+static inline edge_connection_t *TO_EDGE_CONN(connection_t *c)
 {
   tor_assert(c->magic == EDGE_CONNECTION_MAGIC ||
              c->magic == ENTRY_CONNECTION_MAGIC);
   return DOWNCAST(edge_connection_t, c);
 }
-static INLINE entry_connection_t *TO_ENTRY_CONN(connection_t *c)
+static inline entry_connection_t *TO_ENTRY_CONN(connection_t *c)
 {
   tor_assert(c->magic == ENTRY_CONNECTION_MAGIC);
   return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_.base_);
 }
-static INLINE entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *c)
+static inline entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *c)
 {
   tor_assert(c->base_.magic == ENTRY_CONNECTION_MAGIC);
   return (entry_connection_t*) SUBTYPE_P(c, entry_connection_t, edge_);
 }
-static INLINE control_connection_t *TO_CONTROL_CONN(connection_t *c)
+static inline control_connection_t *TO_CONTROL_CONN(connection_t *c)
 {
   tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
   return DOWNCAST(control_connection_t, c);
 }
-static INLINE listener_connection_t *TO_LISTENER_CONN(connection_t *c)
+static inline listener_connection_t *TO_LISTENER_CONN(connection_t *c)
 {
   tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
   return DOWNCAST(listener_connection_t, c);
@@ -1917,7 +1935,7 @@ typedef struct cached_dir_t {
   size_t dir_len; /**< Length of <b>dir</b> (not counting its NUL). */
   size_t dir_z_len; /**< Length of <b>dir_z</b>. */
   time_t published; /**< When was this object published. */
-  digests_t digests; /**< Digests of this object (networkstatus only) */
+  common_digests_t digests; /**< Digests of this object (networkstatus only) */
   int refcnt; /**< Reference count for this cached_dir_t. */
 } cached_dir_t;
 
@@ -1941,8 +1959,8 @@ typedef enum {
 } saved_location_t;
 #define saved_location_bitfield_t ENUM_BF(saved_location_t)
 
-/** Enumeration: what kind of download schedule are we using for a given
- * object? */
+/** Enumeration: what directory object is being downloaded?
+ * This determines which schedule is selected to perform the download. */
 typedef enum {
   DL_SCHED_GENERIC = 0,
   DL_SCHED_CONSENSUS = 1,
@@ -1950,14 +1968,74 @@ typedef enum {
 } download_schedule_t;
 #define download_schedule_bitfield_t ENUM_BF(download_schedule_t)
 
+/** Enumeration: is the download schedule for downloading from an authority,
+ * or from any available directory mirror?
+ * During bootstrap, "any" means a fallback (or an authority, if there
+ * are no fallbacks).
+ * When we have a valid consensus, "any" means any directory server. */
+typedef enum {
+  DL_WANT_ANY_DIRSERVER = 0,
+  DL_WANT_AUTHORITY = 1,
+} download_want_authority_t;
+#define download_want_authority_bitfield_t \
+                                        ENUM_BF(download_want_authority_t)
+
+/** Enumeration: do we want to increment the schedule position each time a
+ * connection is attempted (these attempts can be concurrent), or do we want
+ * to increment the schedule position after a connection fails? */
+typedef enum {
+  DL_SCHED_INCREMENT_FAILURE = 0,
+  DL_SCHED_INCREMENT_ATTEMPT = 1,
+} download_schedule_increment_t;
+#define download_schedule_increment_bitfield_t \
+                                        ENUM_BF(download_schedule_increment_t)
+
 /** Information about our plans for retrying downloads for a downloadable
- * object. */
+ * directory object.
+ * Each type of downloadable directory object has a corresponding retry
+ * <b>schedule</b>, which can be different depending on whether the object is
+ * being downloaded from an authority or a mirror (<b>want_authority</b>).
+ * <b>next_attempt_at</b> contains the next time we will attempt to download
+ * the object.
+ * For schedules that <b>increment_on</b> failure, <b>n_download_failures</b>
+ * is used to determine the position in the schedule. (Each schedule is a
+ * smartlist of integer delays, parsed from a CSV option.) Every time a
+ * connection attempt fails, <b>n_download_failures</b> is incremented,
+ * the new delay value is looked up from the schedule, and
+ * <b>next_attempt_at</b> is set delay seconds from the time the previous
+ * connection failed. Therefore, at most one failure-based connection can be
+ * in progress for each download_status_t.
+ * For schedules that <b>increment_on</b> attempt, <b>n_download_attempts</b>
+ * is used to determine the position in the schedule. Every time a
+ * connection attempt is made, <b>n_download_attempts</b> is incremented,
+ * the new delay value is looked up from the schedule, and
+ * <b>next_attempt_at</b> is set delay seconds from the time the previous
+ * connection was attempted. Therefore, multiple concurrent attempted-based
+ * connections can be in progress for each download_status_t.
+ * After an object is successfully downloaded, any other concurrent connections
+ * are terminated. A new schedule which starts at position 0 is used for
+ * subsequent downloads of the same object.
+ */
 typedef struct download_status_t {
-  time_t next_attempt_at; /**< When should we try downloading this descriptor
+  time_t next_attempt_at; /**< When should we try downloading this object
                            * again? */
-  uint8_t n_download_failures; /**< Number of failures trying to download the
-                                * most recent descriptor. */
-  download_schedule_bitfield_t schedule : 8;
+  uint8_t n_download_failures; /**< Number of failed downloads of the most
+                                * recent object, since the last success. */
+  uint8_t n_download_attempts; /**< Number of (potentially concurrent) attempts
+                                * to download the most recent object, since
+                                * the last success. */
+  download_schedule_bitfield_t schedule : 8; /**< What kind of object is being
+                                              * downloaded? This determines the
+                                              * schedule used for the download.
+                                              */
+  download_want_authority_bitfield_t want_authority : 1; /**< Is the download
+                                              * happening from an authority
+                                              * or a mirror? This determines
+                                              * the schedule used for the
+                                              * download. */
+  download_schedule_increment_bitfield_t increment_on : 1; /**< does this
+                                        * schedule increment on each attempt,
+                                        * or after each failure? */
 } download_status_t;
 
 /** If n_download_failures is this high, the download can never happen. */
@@ -1987,6 +2065,10 @@ typedef struct signed_descriptor_t {
   time_t published_on;
   /** For routerdescs only: digest of the corresponding extrainfo. */
   char extra_info_digest[DIGEST_LEN];
+  /** For routerdescs only: A SHA256-digest of the extrainfo (if any) */
+  char extra_info_digest256[DIGEST256_LEN];
+  /** Certificate for ed25519 signing key. */
+  struct tor_cert_st *signing_key_cert;
   /** For routerdescs only: Status of downloading the corresponding
    * extrainfo. */
   download_status_t ei_dl_status;
@@ -2035,6 +2117,9 @@ typedef struct {
   crypto_pk_t *identity_pkey;  /**< Public RSA key for signing. */
   /** Public curve25519 key for onions */
   curve25519_public_key_t *onion_curve25519_pkey;
+  /** What's the earliest expiration time on all the certs in this
+   * routerinfo? */
+  time_t cert_expiration_time;
 
   char *platform; /**< What software/operating system is this OR using? */
 
@@ -2068,6 +2153,15 @@ typedef struct {
    * tests for it. */
   unsigned int needs_retest_if_added:1;
 
+  /** True iff this router included "tunnelled-dir-server" in its descriptor,
+   * implying it accepts tunnelled directory requests, or it advertised
+   * dir_port > 0. */
+  unsigned int supports_tunnelled_dir_requests:1;
+
+  /** Used during voting to indicate that we should not include an entry for
+   * this routerinfo. Used only during voting. */
+  unsigned int omit_from_vote:1;
+
 /** Tor can use this router for general positions in circuits; we got it
  * from a directory server as usual, or we're an authority and a server
  * uploaded it. */
@@ -2094,6 +2188,8 @@ typedef struct {
 /** Information needed to keep and cache a signed extra-info document. */
 typedef struct extrainfo_t {
   signed_descriptor_t cache_info;
+  /** SHA256 digest of this document */
+  uint8_t digest256[DIGEST256_LEN];
   /** The router's nickname. */
   char nickname[MAX_NICKNAME_LEN+1];
   /** True iff we found the right key for this extra-info, verified the
@@ -2117,7 +2213,7 @@ typedef struct routerstatus_t {
   /** Digest of the router's most recent descriptor or microdescriptor.
    * If it's a descriptor, we only use the first DIGEST_LEN bytes. */
   char descriptor_digest[DIGEST256_LEN];
-  uint32_t addr; /**< IPv4 address for this router. */
+  uint32_t addr; /**< IPv4 address for this router, in host order. */
   uint16_t or_port; /**< OR port for this router. */
   uint16_t dir_port; /**< Directory port for this router. */
   tor_addr_t ipv6_addr; /**< IPv6 address for this router. */
@@ -2139,21 +2235,16 @@ typedef struct routerstatus_t {
                                      * choice as an entry guard. */
   unsigned int is_bad_exit:1; /**< True iff this node is a bad choice for
                                * an exit node. */
-  unsigned int is_bad_directory:1; /**< Do we think this directory is junky,
-                                    * underpowered, or otherwise useless? */
   unsigned int is_hs_dir:1; /**< True iff this router is a v2-or-later hidden
                              * service directory. */
+  unsigned int is_v2_dir:1; /** True iff this router publishes an open DirPort
+                             * or it claims to accept tunnelled dir requests.
+                             */
   /** True iff we know version info for this router. (i.e., a "v" entry was
    * included.)  We'll replace all these with a big tor_version_t or a char[]
    * if the number of traits we care about ever becomes incredibly big. */
   unsigned int version_known:1;
 
-  /** True iff this router is a version that, if it caches directory info,
-   * we can get microdescriptors from. */
-  unsigned int version_supports_microdesc_cache:1;
-  /** True iff this router is a version that allows DATA cells to arrive on
-   * a stream before it has sent a CONNECTED cell. */
-  unsigned int version_supports_optimistic_data:1;
   /** True iff this router has a version that allows it to accept EXTEND2
    * cells */
   unsigned int version_supports_extend2_cells:1;
@@ -2165,6 +2256,12 @@ typedef struct routerstatus_t {
 
   uint32_t bandwidth_kb; /**< Bandwidth (capacity) of the router as reported in
                        * the vote/consensus, in kilobytes/sec. */
+
+  /** The consensus has guardfraction information for this router. */
+  unsigned int has_guardfraction:1;
+  /** The guardfraction value of this router. */
+  uint32_t guardfraction_percentage;
+
   char *exitsummary; /**< exit policy summary -
                       * XXX weasel: this probably should not stay a string. */
 
@@ -2242,7 +2339,9 @@ typedef struct microdesc_t {
   crypto_pk_t *onion_pkey;
   /** As routerinfo_t.onion_curve25519_pkey */
   curve25519_public_key_t *onion_curve25519_pkey;
-  /** As routerinfo_t.ipv6_add */
+  /** Ed25519 identity key, if included. */
+  ed25519_public_key_t *ed25519_identity_pkey;
+  /** As routerinfo_t.ipv6_addr */
   tor_addr_t ipv6_addr;
   /** As routerinfo_t.ipv6_orport */
   uint16_t ipv6_orport;
@@ -2260,7 +2359,7 @@ typedef struct microdesc_t {
  * Specifically, a node_t is a Tor router as we are using it: a router that
  * we are considering for circuits, connections, and so on.  A node_t is a
  * thin wrapper around the routerstatus, routerinfo, and microdesc for a
- * single wrapper, and provides a consistent interface for all of them.
+ * single router, and provides a consistent interface for all of them.
  *
  * Also, a node_t has mutable state.  While a routerinfo, a routerstatus,
  * and a microdesc have[*] only the information read from a router
@@ -2300,8 +2399,6 @@ typedef struct node_t {
   unsigned int is_exit:1; /**< Do we think this is an OK exit? */
   unsigned int is_bad_exit:1; /**< Do we think this exit is censored, borked,
                                * or otherwise nasty? */
-  unsigned int is_bad_directory:1; /**< Do we think this directory is junky,
-                                    * underpowered, or otherwise useless? */
   unsigned int is_hs_dir:1; /**< True iff this router is a hidden service
                              * directory according to the authorities. */
 
@@ -2319,7 +2416,8 @@ typedef struct node_t {
 
   /* Local info: derived. */
 
-  /** True if the IPv6 OR port is preferred over the IPv4 OR port.  */
+  /** True if the IPv6 OR port is preferred over the IPv4 OR port.
+   * XX/teor - can this become out of date if the torrc changes? */
   unsigned int ipv6_preferred:1;
 
   /** According to the geoip db what country is this router in? */
@@ -2358,9 +2456,18 @@ typedef struct vote_routerstatus_t {
   char *version; /**< The version that the authority says this router is
                   * running. */
   unsigned int has_measured_bw:1; /**< The vote had a measured bw */
+  /** True iff the vote included an entry for ed25519 ID, or included
+   * "id ed25519 none" to indicate that there was no ed25519 ID. */
+  unsigned int has_ed25519_listing:1;
+  /** True if the Ed25519 listing here is the consensus-opinion for the
+   * Ed25519 listing; false if there was no consensus on Ed25519 key status,
+   * or if this VRS doesn't reflect it. */
+  unsigned int ed25519_reflects_consensus:1;
   uint32_t measured_bw_kb; /**< Measured bandwidth (capacity) of the router */
   /** The hash or hashes that the authority claims this microdesc has. */
   vote_microdesc_hash_t *microdesc;
+  /** Ed25519 identity for this router, or zero if it has none. */
+  uint8_t ed25519_id[ED25519_PUBKEY_LEN];
 } vote_routerstatus_t;
 
 /** A signature of some document by an authority. */
@@ -2439,6 +2546,9 @@ typedef struct networkstatus_t {
   /** Vote only: what methods is this voter willing to use? */
   smartlist_t *supported_methods;
 
+  /** List of 'package' lines describing hashes of downloadable packages */
+  smartlist_t *package_lines;
+
   /** How long does this vote/consensus claim that authorities take to
    * distribute their votes to one another? */
   int vote_seconds;
@@ -2470,7 +2580,7 @@ typedef struct networkstatus_t {
   struct authority_cert_t *cert; /**< Vote only: the voter's certificate. */
 
   /** Digests of this document, as signed. */
-  digests_t digests;
+  common_digests_t digests;
 
   /** List of router statuses, sorted by identity digest.  For a vote,
    * the elements are vote_routerstatus_t; for a consensus, the elements
@@ -2560,9 +2670,7 @@ typedef struct extend_info_t {
   uint16_t port; /**< OR port. */
   tor_addr_t addr; /**< IP address. */
   crypto_pk_t *onion_key; /**< Current onionskin key. */
-#ifdef CURVE25519_ENABLED
   curve25519_public_key_t curve25519_onion_key;
-#endif
 } extend_info_t;
 
 /** Certificate for v3 directory protocol: binds long-term authority identity
@@ -2719,8 +2827,14 @@ typedef struct {
   time_t expiry_time;
 } cpath_build_state_t;
 
+/** "magic" value for an origin_circuit_t */
 #define ORIGIN_CIRCUIT_MAGIC 0x35315243u
+/** "magic" value for an or_circuit_t */
 #define OR_CIRCUIT_MAGIC 0x98ABC04Fu
+/** "magic" value for a circuit that would have been freed by circuit_free,
+ * but which we're keeping around until a cpuworker reply arrives.  See
+ * circuit_free() for more documentation. */
+#define DEAD_CIRCUIT_MAGIC 0xdeadc14c
 
 struct create_cell_t;
 
@@ -2853,6 +2967,11 @@ typedef struct circuit_t {
    * circuits entered certain states.  This usage probably won't
    * interfere with this field's primary purpose, but we should
    * document it more thoroughly to make sure of that.
+   *
+   * XXX027 The SocksPort option KeepaliveIsolateSOCKSAuth will artificially
+   * adjust this value forward each time a suitable stream is attached to an
+   * already constructed circuit, potentially keeping the circuit alive
+   * indefinitely.
    */
   time_t timestamp_dirty;
 
@@ -2861,12 +2980,20 @@ typedef struct circuit_t {
                               * where this circuit was marked.) */
   const char *marked_for_close_file; /**< For debugging: in which file was this
                                       * circuit marked for close? */
+  /** For what reason (See END_CIRC_REASON...) is this circuit being closed?
+   * This field is set in circuit_mark_for_close and used later in
+   * circuit_about_to_free. */
+  uint16_t marked_for_close_reason;
+  /** As marked_for_close_reason, but reflects the underlying reason for
+   * closing this circuit.
+   */
+  uint16_t marked_for_close_orig_reason;
 
   /** Unique ID for measuring tunneled network status requests. */
   uint64_t dirreq_id;
 
-  /** Next circuit in linked list of all circuits (global_circuitlist). */
-  TOR_LIST_ENTRY(circuit_t) head;
+  /** Index in smartlist of all circuits (global_circuitlist). */
+  int global_circuitlist_idx;
 
   /** Next circuit in the doubly-linked ring of circuits waiting to add
    * cells to n_conn.  NULL if we have no cells pending, or if we're not
@@ -3140,6 +3267,10 @@ typedef struct or_circuit_t {
   /** Pointer to an entry on the onion queue, if this circuit is waiting for a
    * chance to give an onionskin to a cpuworker. Used only in onion.c */
   struct onion_queue_t *onionqueue_entry;
+  /** Pointer to a workqueue entry, if this circuit has given an onionskin to
+   * a cpuworker and is waiting for a response. Used to decide whether it is
+   * safe to free a circuit or if it is still in use by a cpuworker. */
+  struct workqueue_entry_s *workqueue_entry;
 
   /** The circuit_id used in the previous (backward) hop of this circuit. */
   circid_t p_circ_id;
@@ -3192,6 +3323,10 @@ typedef struct or_circuit_t {
   /** True iff this circuit was made with a CREATE_FAST cell. */
   unsigned int is_first_hop : 1;
 
+  /** If set, this circuit carries HS traffic. Consider it in any HS
+   *  statistics. */
+  unsigned int circuit_carries_hs_traffic_stats : 1;
+
   /** Number of cells that were removed from circuit queue; reset every
    * time when writing buffer stats to disk. */
   uint32_t processed_cells;
@@ -3239,22 +3374,30 @@ static const or_circuit_t *CONST_TO_OR_CIRCUIT(const circuit_t *);
 static origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *);
 static const origin_circuit_t *CONST_TO_ORIGIN_CIRCUIT(const circuit_t *);
 
-static INLINE or_circuit_t *TO_OR_CIRCUIT(circuit_t *x)
+/** Return 1 iff <b>node</b> has Exit flag and no BadExit flag.
+ * Otherwise, return 0.
+ */
+static inline int node_is_good_exit(const node_t *node)
+{
+  return node->is_exit && ! node->is_bad_exit;
+}
+
+static inline or_circuit_t *TO_OR_CIRCUIT(circuit_t *x)
 {
   tor_assert(x->magic == OR_CIRCUIT_MAGIC);
   return DOWNCAST(or_circuit_t, x);
 }
-static INLINE const or_circuit_t *CONST_TO_OR_CIRCUIT(const circuit_t *x)
+static inline const or_circuit_t *CONST_TO_OR_CIRCUIT(const circuit_t *x)
 {
   tor_assert(x->magic == OR_CIRCUIT_MAGIC);
   return DOWNCAST(or_circuit_t, x);
 }
-static INLINE origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *x)
+static inline origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *x)
 {
   tor_assert(x->magic == ORIGIN_CIRCUIT_MAGIC);
   return DOWNCAST(origin_circuit_t, x);
 }
-static INLINE const origin_circuit_t *CONST_TO_ORIGIN_CIRCUIT(
+static inline const origin_circuit_t *CONST_TO_ORIGIN_CIRCUIT(
     const circuit_t *x)
 {
   tor_assert(x->magic == ORIGIN_CIRCUIT_MAGIC);
@@ -3318,44 +3461,13 @@ typedef struct port_cfg_t {
   uint8_t type; /**< One of CONN_TYPE_*_LISTENER */
   unsigned is_unix_addr : 1; /**< True iff this is an AF_UNIX address. */
 
-  /* Client port types (socks, dns, trans, natd) only: */
-  uint8_t isolation_flags; /**< Zero or more isolation flags */
-  int session_group; /**< A session group, or -1 if this port is not in a
-                      * session group. */
-  /* Socks only: */
-  /** When both no-auth and user/pass are advertised by a SOCKS client, select
-   * no-auth. */
-  unsigned int socks_prefer_no_auth : 1;
-
-  /* Server port types (or, dir) only: */
-  unsigned int no_advertise : 1;
-  unsigned int no_listen : 1;
-  unsigned int all_addrs : 1;
-  unsigned int bind_ipv4_only : 1;
-  unsigned int bind_ipv6_only : 1;
+  unsigned is_group_writable : 1;
+  unsigned is_world_writable : 1;
+  unsigned relax_dirmode_check : 1;
 
-  /* Client port types only: */
-  unsigned int ipv4_traffic : 1;
-  unsigned int ipv6_traffic : 1;
-  unsigned int prefer_ipv6 : 1;
+  entry_port_cfg_t entry_cfg;
 
-  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
-   * exit nodes tell us?
-   *
-   * @{ */
-  unsigned int cache_ipv4_answers : 1;
-  unsigned int cache_ipv6_answers : 1;
-  /** @} */
-  /** For a socks listeners: if we find an answer in our client-side DNS cache,
-   * should we use it?
-   *
-   * @{ */
-  unsigned int use_cached_ipv4_answers : 1;
-  unsigned int use_cached_ipv6_answers : 1;
-  /** @} */
-  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
-   * do we prefer IPv6? */
-  unsigned int prefer_ipv6_virtaddr : 1;
+  server_port_cfg_t server_cfg;
 
   /* Unix sockets only: */
   /** Path for an AF_UNIX address */
@@ -3396,7 +3508,8 @@ typedef struct {
   /** What should the tor process actually do? */
   enum {
     CMD_RUN_TOR=0, CMD_LIST_FINGERPRINT, CMD_HASH_PASSWORD,
-    CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG
+    CMD_VERIFY_CONFIG, CMD_RUN_UNITTESTS, CMD_DUMP_CONFIG,
+    CMD_KEYGEN
   } command;
   char *command_arg; /**< Argument for command-line option. */
 
@@ -3406,15 +3519,17 @@ typedef struct {
 
   int LogMessageDomains; /**< Boolean: Should we log the domain(s) in which
                           * each log message occurs? */
+  int TruncateLogFile; /**< Boolean: Should we truncate the log file
+                            before we start writing? */
+  char *SyslogIdentityTag; /**< Identity tag to add for syslog logging. */
 
   char *DebugLogFile; /**< Where to send verbose log messages. */
   char *DataDirectory; /**< OR only: where to store long-term data. */
+  int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
   char *Nickname; /**< OR only: nickname of this onion router. */
   char *Address; /**< OR only: configured address for this onion router. */
   char *PidFile; /**< Where to store PID of Tor process. */
 
-  int DynamicDHGroups; /**< Dynamic generation of prime moduli for use in DH.*/
-
   routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
                            * country codes and IP address patterns of ORs to
                            * consider as exits. */
@@ -3472,6 +3587,7 @@ typedef struct {
   config_line_t *RecommendedVersions;
   config_line_t *RecommendedClientVersions;
   config_line_t *RecommendedServerVersions;
+  config_line_t *RecommendedPackages;
   /** Whether dirservers allow router descriptors with private IPs. */
   int DirAllowPrivateAddresses;
   /** Whether routers accept EXTEND cells to routers with private IPs. */
@@ -3502,6 +3618,7 @@ typedef struct {
                                  * for control connections. */
 
   int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
+  int SocksSocketsGroupWritable; /**< Boolean: Are SOCKS sockets g+rw? */
   /** Ports to listen on for directory connections. */
   config_line_t *DirPort_lines;
   config_line_t *DNSPort_lines; /**< Ports to listen on for DNS requests. */
@@ -3511,6 +3628,8 @@ typedef struct {
   uint64_t MaxMemInQueues_raw;
   uint64_t MaxMemInQueues;/**< If we have more memory than this allocated
                             * for queues and buffers, run the OOM handler */
+  /** Above this value, consider ourselves low on RAM. */
+  uint64_t MaxMemInQueues_low_threshold;
 
   /** @name port booleans
    *
@@ -3534,8 +3653,6 @@ typedef struct {
   int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
   int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
                            * for version 3 directories? */
-  int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
-                               * that's willing to bind names? */
   int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
                                    * directory that's willing to recommend
                                    * versions? */
@@ -3584,10 +3701,7 @@ typedef struct {
   int PublishHidServDescriptors;
   int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */
   int FetchHidServDescriptors; /**< and hidden service descriptors? */
-  int HidServDirectoryV2; /**< Do we participate in the HS DHT? */
 
-  int VoteOnHidServDirectoriesV2; /**< As a directory authority, vote on
-                                   * assignment of the HSDir flag? */
   int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden
                                     * service directories after what time? */
 
@@ -3600,6 +3714,9 @@ typedef struct {
    * circuits.) */
   int Tor2webMode;
 
+  /** A routerset that should be used when picking RPs for HS circuits. */
+  routerset_t *Tor2webRendezvousPoints;
+
   /** Close hidden service client circuits immediately when they reach
    * the normal circuit-build timeout, even if they have already sent
    * an INTRODUCE1 cell on its way to the service. */
@@ -3649,8 +3766,9 @@ typedef struct {
                               * hostname ending with one of the suffixes in
                               * <b>AutomapHostsSuffixes</b>, map it to a
                               * virtual address. */
-  smartlist_t *AutomapHostsSuffixes; /**< List of suffixes for
-                                      * <b>AutomapHostsOnResolve</b>. */
+  /** List of suffixes for <b>AutomapHostsOnResolve</b>.  The special value
+   * "." means "match everything." */
+  smartlist_t *AutomapHostsSuffixes;
   int RendPostPeriod; /**< How often do we post each rendezvous service
                        * descriptor? Remember to publish them independently. */
   int KeepalivePeriod; /**< How often do we send padding cells to keep
@@ -3669,7 +3787,7 @@ typedef struct {
                              * and try a new circuit if the stream has been
                              * waiting for this many seconds. If zero, use
                              * our default internal timeout schedule. */
-  int MaxOnionQueueDelay; /**<DOCDOC*/
+  int MaxOnionQueueDelay; /*< DOCDOC */
   int NewCircuitPeriod; /**< How long do we use a circuit before building
                          * a new one? */
   int MaxCircuitDirtiness; /**< Never use circs that were first used more than
@@ -3729,6 +3847,8 @@ typedef struct {
 
   /** List of fallback directory servers */
   config_line_t *FallbackDir;
+  /** Whether to use the default hard-coded FallbackDirs */
+  int UseDefaultFallbackDirs;
 
   /** Weight to apply to all directory authority rates if considering them
    * along with fallbackdirs */
@@ -3745,8 +3865,6 @@ typedef struct {
   config_line_t *NodeFamilies; /**< List of config lines for
                                 * node families */
   smartlist_t *NodeFamilySets; /**< List of parsed NodeFamilies values. */
-  config_line_t *AuthDirBadDir; /**< Address policy for descriptors to
-                                 * mark as bad dir mirrors. */
   config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
                                   * mark as bad exits. */
   config_line_t *AuthDirReject; /**< Address policy for descriptors to
@@ -3755,29 +3873,25 @@ typedef struct {
                                   * never mark as valid. */
   /** @name AuthDir...CC
    *
-   * Lists of country codes to mark as BadDir, BadExit, or Invalid, or to
+   * Lists of country codes to mark as BadExit, or Invalid, or to
    * reject entirely.
    *
    * @{
    */
-  smartlist_t *AuthDirBadDirCCs;
   smartlist_t *AuthDirBadExitCCs;
   smartlist_t *AuthDirInvalidCCs;
   smartlist_t *AuthDirRejectCCs;
   /**@}*/
 
-  int AuthDirListBadDirs; /**< True iff we should list bad dirs,
-                           * and vote for all other dir mirrors as good. */
   int AuthDirListBadExits; /**< True iff we should list bad exits,
                             * and vote for all other exits as good. */
-  int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
-                              * aren't named in our fingerprint file? */
   int AuthDirMaxServersPerAddr; /**< Do not permit more than this
                                  * number of servers per IP address. */
   int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
                                      * number of servers per IP address shared
                                      * with an authority. */
   int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6?  */
+  int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
 
   /** If non-zero, always vote the Fast flag for any relay advertising
    * this amount of capacity or more. */
@@ -3792,6 +3906,13 @@ typedef struct {
   uint64_t AccountingMax; /**< How many bytes do we allow per accounting
                            * interval before hibernation?  0 for "never
                            * hibernate." */
+  /** How do we determine when our AccountingMax has been reached?
+   * "max" for when in or out reaches AccountingMax
+   * "sum" for when in plus out reaches AccountingMax
+   * "in"  for when in reaches AccountingMax
+   * "out" for when out reaches AccountingMax */
+  char *AccountingRule_option;
+  enum { ACCT_MAX, ACCT_SUM, ACCT_IN, ACCT_OUT } AccountingRule;
 
   /** Base64-encoded hash of accepted passwords for the control system. */
   config_line_t *HashedControlPassword;
@@ -3847,6 +3968,12 @@ typedef struct {
   int NumEntryGuards; /**< How many entry guards do we try to establish? */
   int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info
                                   * from a smallish number of fixed nodes? */
+
+  /** If 1, we use any guardfraction information we see in the
+   * consensus.  If 0, we don't.  If -1, let the consensus parameter
+   * decide. */
+  int UseGuardFraction;
+
   int NumDirectoryGuards; /**< How many dir guards do we try to establish?
                            * If 0, use value from NumEntryGuards. */
   int RephistTrackTime; /**< How many seconds do we keep rephist info? */
@@ -3859,6 +3986,10 @@ typedef struct {
   /** Should we fetch our dir info at the start of the consensus period? */
   int FetchDirInfoExtraEarly;
 
+  int DirCache; /**< Cache all directory documents and accept requests via
+                 * tunnelled dir conns from clients. If 1, enabled (default);
+                 * If 0, disabled. */
+
   char *VirtualAddrNetworkIPv4; /**< Address and mask to hand out for virtual
                                  * MAPADDRESS requests for IPv4 addresses */
   char *VirtualAddrNetworkIPv6; /**< Address and mask to hand out for virtual
@@ -3924,8 +4055,11 @@ typedef struct {
    * instead of a hostname. */
   int WarnUnsafeSocks;
 
-  /** If true, the user wants us to collect statistics on clients
+  /** If true, we're configured to collect statistics on clients
    * requesting network statuses from us as directory. */
+  int DirReqStatistics_option;
+  /** Internal variable to remember whether we're actually acting on
+   * DirReqStatistics_option -- yes if it's set and we're a server, else no. */
   int DirReqStatistics;
 
   /** If true, the user wants us to collect statistics on port usage. */
@@ -3940,6 +4074,10 @@ typedef struct {
   /** If true, the user wants us to collect statistics as entry node. */
   int EntryStatistics;
 
+  /** If true, the user wants us to collect statistics as hidden service
+   * directory, introduction point, or rendezvous point. */
+  int HiddenServiceStatistics;
+
   /** If true, include statistics file contents in extra-info documents. */
   int ExtraInfoStatistics;
 
@@ -3952,12 +4090,24 @@ typedef struct {
    * over randomly chosen exits. */
   int ClientRejectInternalAddresses;
 
-  /** If true, clients may connect over IPv6. XXX we don't really
-      enforce this -- clients _may_ set up outgoing IPv6 connections
-      even when this option is not set. */
+  /** If true, clients may connect over IPv4. If false, they will avoid
+   * connecting over IPv4. We enforce this for OR and Dir connections. */
+  int ClientUseIPv4;
+  /** If true, clients may connect over IPv6. If false, they will avoid
+   * connecting over IPv4. We enforce this for OR and Dir connections.
+   * Use fascist_firewall_use_ipv6() instead of accessing this value
+   * directly. */
   int ClientUseIPv6;
-  /** If true, prefer an IPv6 OR port over an IPv4 one. */
+  /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
+   * connections. If auto, bridge clients prefer IPv6, and other clients
+   * prefer IPv4. Use node_ipv6_or_preferred() instead of accessing this value
+   * directly. */
   int ClientPreferIPv6ORPort;
+  /** If true, prefer an IPv6 directory port over an IPv4 one for direct
+   * directory connections. If auto, bridge clients prefer IPv6, and other
+   * clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of
+   * accessing this value directly.  */
+  int ClientPreferIPv6DirPort;
 
   /** The length of time that we think a consensus should be fresh. */
   int V3AuthVotingInterval;
@@ -3975,12 +4125,15 @@ typedef struct {
   /** Location of bandwidth measurement file */
   char *V3BandwidthsFile;
 
+  /** Location of guardfraction file */
+  char *GuardfractionFile;
+
   /** Authority only: key=value pairs that we add to our networkstatus
    * consensus vote on the 'params' line. */
   char *ConsensusParams;
 
   /** Authority only: minimum number of measured bandwidths we must see
-   * before we only beliee measured bandwidths to assign flags. */
+   * before we only believe measured bandwidths to assign flags. */
   int MinMeasuredBWsForAuthToIgnoreAdvertised;
 
   /** The length of time that we think an initial consensus should be fresh.
@@ -4025,6 +4178,36 @@ typedef struct {
    * on testing networks. */
   smartlist_t *TestingClientConsensusDownloadSchedule;
 
+  /** Schedule for when clients should download consensuses from authorities
+   * if they are bootstrapping (that is, they don't have a usable, reasonably
+   * live consensus).  Only used by clients fetching from a list of fallback
+   * directory mirrors.
+   *
+   * This schedule is incremented by (potentially concurrent) connection
+   * attempts, unlike other schedules, which are incremented by connection
+   * failures.  Only altered on testing networks. */
+  smartlist_t *ClientBootstrapConsensusAuthorityDownloadSchedule;
+
+  /** Schedule for when clients should download consensuses from fallback
+   * directory mirrors if they are bootstrapping (that is, they don't have a
+   * usable, reasonably live consensus). Only used by clients fetching from a
+   * list of fallback directory mirrors.
+   *
+   * This schedule is incremented by (potentially concurrent) connection
+   * attempts, unlike other schedules, which are incremented by connection
+   * failures.  Only altered on testing networks. */
+  smartlist_t *ClientBootstrapConsensusFallbackDownloadSchedule;
+
+  /** Schedule for when clients should download consensuses from authorities
+   * if they are bootstrapping (that is, they don't have a usable, reasonably
+   * live consensus).  Only used by clients which don't have or won't fetch
+   * from a list of fallback directory mirrors.
+   *
+   * This schedule is incremented by (potentially concurrent) connection
+   * attempts, unlike other schedules, which are incremented by connection
+   * failures.  Only altered on testing networks. */
+  smartlist_t *ClientBootstrapConsensusAuthorityOnlyDownloadSchedule;
+
   /** Schedule for when clients should download bridge descriptors.  Only
    * altered on testing networks. */
   smartlist_t *TestingBridgeDownloadSchedule;
@@ -4042,6 +4225,21 @@ typedef struct {
    * up?  Only altered on testing networks. */
   int TestingConsensusMaxDownloadTries;
 
+  /** How many times will a client try to fetch a consensus while
+   * bootstrapping using a list of fallback directories, before it gives up?
+   * Only altered on testing networks. */
+  int ClientBootstrapConsensusMaxDownloadTries;
+
+  /** How many times will a client try to fetch a consensus while
+   * bootstrapping using only a list of authorities, before it gives up?
+   * Only altered on testing networks. */
+  int ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries;
+
+  /** How many simultaneous in-progress connections will we make when trying
+   * to fetch a consensus before we wait for one to complete, timeout, or
+   * error out?  Only altered on testing networks. */
+  int ClientBootstrapConsensusMaxInProgressTries;
+
   /** How many times will we try to download a router's descriptor before
    * giving up?  Only altered on testing networks. */
   int TestingDescriptorMaxDownloadTries;
@@ -4065,9 +4263,21 @@ typedef struct {
   /** Minimum value for the Fast flag threshold on testing networks. */
   uint64_t TestingMinFastFlagThreshold;
 
+  /** Relays in a testing network which should be voted Exit
+   * regardless of exit policy. */
+  routerset_t *TestingDirAuthVoteExit;
+  int TestingDirAuthVoteExitIsStrict;
+
   /** Relays in a testing network which should be voted Guard
    * regardless of uptime and bandwidth. */
   routerset_t *TestingDirAuthVoteGuard;
+  int TestingDirAuthVoteGuardIsStrict;
+
+  /** Relays in a testing network which should be voted HSDir
+   * regardless of uptime and DirPort.
+   * Respects VoteOnHidServDirectoriesV2. */
+  routerset_t *TestingDirAuthVoteHSDir;
+  int TestingDirAuthVoteHSDirIsStrict;
 
   /** Enable CONN_BW events.  Only altered on testing networks. */
   int TestingEnableConnBwEvent;
@@ -4223,8 +4433,56 @@ typedef struct {
   /** How long (seconds) do we keep a guard before picking a new one? */
   int GuardLifetime;
 
-  /** Should we send the timestamps that pre-023 hidden services want? */
-  int Support022HiddenServices;
+  /** Low-water mark for global scheduler - start sending when estimated
+   * queued size falls below this threshold.
+   */
+  uint64_t SchedulerLowWaterMark__;
+  /** High-water mark for global scheduler - stop sending when estimated
+   * queued size exceeds this threshold.
+   */
+  uint64_t SchedulerHighWaterMark__;
+  /** Flush size for global scheduler - flush this many cells at a time
+   * when sending.
+   */
+  int SchedulerMaxFlushCells__;
+
+  /** Is this an exit node?  This is a tristate, where "1" means "yes, and use
+   * the default exit policy if none is given" and "0" means "no; exit policy
+   * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
+   *
+   * XXXX Eventually, the default will be 0. */
+  int ExitRelay;
+
+  /** For how long (seconds) do we declare our singning keys to be valid? */
+  int SigningKeyLifetime;
+  /** For how long (seconds) do we declare our link keys to be valid? */
+  int TestingLinkCertLifetime;
+  /** For how long (seconds) do we declare our auth keys to be valid? */
+  int TestingAuthKeyLifetime;
+
+  /** How long before signing keys expire will we try to make a new one? */
+  int TestingSigningKeySlop;
+  /** How long before link keys expire will we try to make a new one? */
+  int TestingLinkKeySlop;
+  /** How long before auth keys expire will we try to make a new one? */
+  int TestingAuthKeySlop;
+
+  /** Force use of offline master key features: never generate a master
+   * ed25519 identity key except from tor --keygen */
+  int OfflineMasterKey;
+
+  enum {
+    FORCE_PASSPHRASE_AUTO=0,
+    FORCE_PASSPHRASE_ON,
+    FORCE_PASSPHRASE_OFF
+  } keygen_force_passphrase;
+  int use_keygen_passphrase_fd;
+  int keygen_passphrase_fd;
+  int change_key_passphrase;
+  char *master_key_fname;
+
+  /** Autobool: Do we try to retain capabilities if we can? */
+  int KeepBindCapabilities;
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */
@@ -4297,7 +4555,7 @@ typedef struct {
 /** Change the next_write time of <b>state</b> to <b>when</b>, unless the
  * state is already scheduled to be written to disk earlier than <b>when</b>.
  */
-static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
+static inline void or_state_mark_dirty(or_state_t *state, time_t when)
 {
   if (state->next_write > when)
     state->next_write = when;
@@ -4315,7 +4573,8 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
 /** Please turn this IP address into an FQDN, privately. */
 #define SOCKS_COMMAND_RESOLVE_PTR   0xF1
 
-#define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT)
+/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */
+#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0)
 #define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \
                                      (c)==SOCKS_COMMAND_RESOLVE_PTR)
 
@@ -4788,12 +5047,13 @@ typedef struct rend_encoded_v2_service_descriptor_t {
  * introduction point.  See also rend_intro_point_t.unreachable_count. */
 #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5
 
-/** The maximum number of distinct INTRODUCE2 cells which a hidden
- * service's introduction point will receive before it begins to
- * expire.
- *
- * XXX023 Is this number at all sane? */
-#define INTRO_POINT_LIFETIME_INTRODUCTIONS 16384
+/** The minimum and maximum number of distinct INTRODUCE2 cells which a
+ * hidden service's introduction point will receive before it begins to
+ * expire. */
+#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384
+/* Double the minimum value so the interval is [min, min * 2]. */
+#define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \
+  (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2)
 
 /** The minimum number of seconds that an introduction point will last
  * before expiring due to old age.  (If it receives
@@ -4808,6 +5068,11 @@ typedef struct rend_encoded_v2_service_descriptor_t {
  * XXX023 Should this be configurable? */
 #define INTRO_POINT_LIFETIME_MAX_SECONDS (24*60*60)
 
+/** The maximum number of circuit creation retry we do to an intro point
+ * before giving up. We try to reuse intro point that fails during their
+ * lifetime so this is a hard limit on the amount of time we do that. */
+#define MAX_INTRO_POINT_CIRCUIT_RETRIES 3
+
 /** Introduction point information.  Used both in rend_service_t (on
  * the service side) and in rend_service_descriptor_t (on both the
  * client and service side). */
@@ -4832,11 +5097,6 @@ typedef struct rend_intro_point_t {
    * included in the last HS descriptor we generated. */
   unsigned int listed_in_last_desc : 1;
 
-  /** (Service side only) Flag indicating that
-   * rend_service_note_removing_intro_point has been called for this
-   * intro point. */
-  unsigned int rend_service_note_removing_intro_point_called : 1;
-
   /** (Service side only) A replay cache recording the RSA-encrypted parts
    * of INTRODUCE2 cells this intro point's circuit has received.  This is
    * used to prevent replay attacks. */
@@ -4847,6 +5107,12 @@ typedef struct rend_intro_point_t {
    */
   int accepted_introduce2_count;
 
+  /** (Service side only) Number of maximum INTRODUCE2 cells that this IP
+   * will accept. This is a random value between
+   * INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS and
+   * INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS. */
+  int max_introductions;
+
   /** (Service side only) The time at which this intro point was first
    * published, or -1 if this intro point has not yet been
    * published. */
@@ -4857,15 +5123,16 @@ typedef struct rend_intro_point_t {
    * point should expire. */
   time_t time_to_expire;
 
-  /** (Service side only) The time at which we decided that this intro
-   * point should start expiring, or -1 if this intro point is not yet
-   * expiring.
-   *
-   * This field also serves as a flag to indicate that we have decided
-   * to expire this intro point, in case intro_point_should_expire_now
-   * flaps (perhaps due to a clock jump; perhaps due to other
-   * weirdness, or even a (present or future) bug). */
-  time_t time_expiring;
+  /** (Service side only) The amount of circuit creation we've made to this
+   * intro point. This is incremented every time we do a circuit relaunch on
+   * this object which is triggered when the circuit dies but the node is
+   * still in the consensus. After MAX_INTRO_POINT_CIRCUIT_RETRIES, we give
+   * up on it. */
+  unsigned int circuit_retries;
+
+  /** (Service side only) Set if this intro point has an established circuit
+   * and unset if it doesn't. */
+  unsigned int circuit_established:1;
 } rend_intro_point_t;
 
 #define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16
@@ -4891,14 +5158,6 @@ typedef struct rend_service_descriptor_t {
   smartlist_t *successful_uploads;
 } rend_service_descriptor_t;
 
-/** A cached rendezvous descriptor. */
-typedef struct rend_cache_entry_t {
-  size_t len; /**< Length of <b>desc</b> */
-  time_t received; /**< When was the descriptor received? */
-  char *desc; /**< Service descriptor */
-  rend_service_descriptor_t *parsed; /**< Parsed value of 'desc' */
-} rend_cache_entry_t;
-
 /********************************* routerlist.c ***************************/
 
 /** Represents information about a single trusted or fallback directory
@@ -4907,9 +5166,13 @@ typedef struct dir_server_t {
   char *description;
   char *nickname;
   char *address; /**< Hostname. */
+  /* XX/teor - why do we duplicate the address and port fields here and in
+   *           fake_status? Surely we could just use fake_status (#17867). */
+  tor_addr_t ipv6_addr; /**< IPv6 address if present; AF_UNSPEC if not */
   uint32_t addr; /**< IPv4 address. */
   uint16_t dir_port; /**< Directory port. */
   uint16_t or_port; /**< OR port: Used for tunneling connections. */
+  uint16_t ipv6_orport; /**< OR port corresponding to ipv6_addr. */
   double weight; /** Weight used when selecting this node at random */
   char digest[DIGEST_LEN]; /**< Digest of identity key. */
   char v3_identity_digest[DIGEST_LEN]; /**< Digest of v3 (authority only,
@@ -4936,7 +5199,8 @@ typedef struct dir_server_t {
                                **/
 } dir_server_t;
 
-#define ROUTER_REQUIRED_MIN_BANDWIDTH (20*1024)
+#define RELAY_REQUIRED_MIN_BANDWIDTH (75*1024)
+#define BRIDGE_REQUIRED_MIN_BANDWIDTH (50*1024)
 
 #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX
 
@@ -4960,14 +5224,13 @@ typedef struct dir_server_t {
  * or extrainfo documents.
  *
  * Passed to router_pick_directory_server (et al)
- *
- * [XXXX NOTE: This option is only implemented for pick_trusteddirserver,
- *  not pick_directory_server.  If we make it work on pick_directory_server
- *  too, we could conservatively make it only prevent multiple fetches to
- *  the same authority, or we could aggressively make it prevent multiple
- *  fetches to _any_ single directory server.]
  */
 #define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3)
+/** Flag to indicate that we should not use any directory authority to which
+ * we have an existing directory connection for downloading microdescs.
+ *
+ * Passed to router_pick_directory_server (et al)
+ */
 #define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4)
 
 /** This node is to be chosen as a directory guard, so don't choose any
@@ -4990,19 +5253,43 @@ typedef enum {
   CRN_ALLOW_INVALID = 1<<3,
   /* XXXX not used, apparently. */
   CRN_WEIGHT_AS_EXIT = 1<<5,
-  CRN_NEED_DESC = 1<<6
+  CRN_NEED_DESC = 1<<6,
+  /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
+  CRN_PREF_ADDR = 1<<7,
+  /* On clients, only provide nodes that we can connect to directly, based on
+   * our firewall rules */
+  CRN_DIRECT_CONN = 1<<8
 } router_crn_flags_t;
 
 /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */
 typedef enum was_router_added_t {
+  /* Router was added successfully. */
   ROUTER_ADDED_SUCCESSFULLY = 1,
+  /* Router descriptor was added with warnings to submitter. */
   ROUTER_ADDED_NOTIFY_GENERATOR = 0,
+  /* Extrainfo document was rejected because no corresponding router
+   * descriptor was found OR router descriptor was rejected because
+   * it was incompatible with its extrainfo document. */
   ROUTER_BAD_EI = -1,
-  ROUTER_WAS_NOT_NEW = -2,
+  /* Router descriptor was rejected because it is already known. */
+  ROUTER_IS_ALREADY_KNOWN = -2,
+  /* General purpose router was rejected, because it was not listed
+   * in consensus. */
   ROUTER_NOT_IN_CONSENSUS = -3,
+  /* Router was neither in directory consensus nor in any of
+   * networkstatus documents. Caching it to access later.
+   * (Applies to fetched descriptors only.) */
   ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4,
+  /* Router was rejected by directory authority. */
   ROUTER_AUTHDIR_REJECTS = -5,
-  ROUTER_WAS_NOT_WANTED = -6
+  /* Bridge descriptor was rejected because such bridge was not one
+   * of the bridges we have listed in our configuration. */
+  ROUTER_WAS_NOT_WANTED = -6,
+  /* Router descriptor was rejected because it was older than
+   * OLD_ROUTER_DESC_MAX_AGE. */
+  ROUTER_WAS_TOO_OLD = -7, /* note contrast with 'NOT_NEW' */
+  /* DOCDOC */
+  ROUTER_CERTS_EXPIRED = -8
 } was_router_added_t;
 
 /********************************* routerparse.c ************************/
diff --git a/src/or/periodic.c b/src/or/periodic.c
new file mode 100644
index 0000000000..057fcf672e
--- /dev/null
+++ b/src/or/periodic.c
@@ -0,0 +1,126 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file periodic.c
+ *
+ * \brief Generic backend for handling periodic events.
+ */
+
+#include "or.h"
+#include "compat_libevent.h"
+#include "config.h"
+#include "periodic.h"
+
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#else
+#include <event.h>
+#endif
+
+/** We disable any interval greater than this number of seconds, on the
+ * grounds that it is probably an absolute time mistakenly passed in as a
+ * relative time.
+ */
+static const int MAX_INTERVAL = 10 * 365 * 86400;
+
+/** Set the event <b>event</b> to run in <b>next_interval</b> seconds from
+ * now. */
+static void
+periodic_event_set_interval(periodic_event_item_t *event,
+                            time_t next_interval)
+{
+  tor_assert(next_interval < MAX_INTERVAL);
+  struct timeval tv;
+  tv.tv_sec = next_interval;
+  tv.tv_usec = 0;
+  event_add(event->ev, &tv);
+}
+
+/** Wraps dispatches for periodic events, <b>data</b> will be a pointer to the
+ * event that needs to be called */
+static void
+periodic_event_dispatch(evutil_socket_t fd, short what, void *data)
+{
+  (void)fd;
+  (void)what;
+  periodic_event_item_t *event = data;
+
+  time_t now = time(NULL);
+  const or_options_t *options = get_options();
+//  log_debug(LD_GENERAL, "Dispatching %s", event->name);
+  int r = event->fn(now, options);
+  int next_interval = 0;
+
+  /* update the last run time if action was taken */
+  if (r==0) {
+    log_err(LD_BUG, "Invalid return value for periodic event from %s.",
+                      event->name);
+    tor_assert(r != 0);
+  } else if (r > 0) {
+    event->last_action_time = now;
+    /* If the event is meant to happen after ten years, that's likely
+     * a bug, and somebody gave an absolute time rather than an interval.
+     */
+    tor_assert(r < MAX_INTERVAL);
+    next_interval = r;
+  } else {
+    /* no action was taken, it is likely a precondition failed,
+     * we should reschedule for next second incase the precondition
+     * passes then */
+    next_interval = 1;
+  }
+
+//  log_debug(LD_GENERAL, "Scheduling %s for %d seconds", event->name,
+//           next_interval);
+  struct timeval tv = { next_interval , 0 };
+  event_add(event->ev, &tv);
+}
+
+/** Schedules <b>event</b> to run as soon as possible from now. */
+void
+periodic_event_reschedule(periodic_event_item_t *event)
+{
+  periodic_event_set_interval(event, 1);
+}
+
+/** Initializes the libevent backend for a periodic event. */
+void
+periodic_event_setup(periodic_event_item_t *event)
+{
+  if (event->ev) { /* Already setup? This is a bug */
+    log_err(LD_BUG, "Initial dispatch should only be done once.");
+    tor_assert(0);
+  }
+
+  event->ev = tor_event_new(tor_libevent_get_base(),
+                            -1, 0,
+                            periodic_event_dispatch,
+                            event);
+  tor_assert(event->ev);
+}
+
+/** Handles initial dispatch for periodic events. It should happen 1 second
+ * after the events are created to mimic behaviour before #3199's refactor */
+void
+periodic_event_launch(periodic_event_item_t *event)
+{
+  if (! event->ev) { /* Not setup? This is a bug */
+    log_err(LD_BUG, "periodic_event_launch without periodic_event_setup");
+    tor_assert(0);
+  }
+
+  // Initial dispatch
+  periodic_event_dispatch(-1, EV_TIMEOUT, event);
+}
+
+/** Release all storage associated with <b>event</b> */
+void
+periodic_event_destroy(periodic_event_item_t *event)
+{
+  if (!event)
+    return;
+  tor_event_free(event->ev);
+  event->last_action_time = 0;
+}
+
diff --git a/src/or/periodic.h b/src/or/periodic.h
new file mode 100644
index 0000000000..021bb4ef5c
--- /dev/null
+++ b/src/or/periodic.h
@@ -0,0 +1,37 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_PERIODIC_H
+#define TOR_PERIODIC_H
+
+#define PERIODIC_EVENT_NO_UPDATE (-1)
+
+/** Callback function for a periodic event to take action.  The return value
+* influences the next time the function will get called.  Return
+* PERIODIC_EVENT_NO_UPDATE to not update <b>last_action_time</b> and be polled
+* again in the next second. If a positive value is returned it will update the
+* interval time. */
+typedef int (*periodic_event_helper_t)(time_t now,
+                                      const or_options_t *options);
+
+struct event;
+
+/** A single item for the periodic-events-function table. */
+typedef struct periodic_event_item_t {
+  periodic_event_helper_t fn; /**< The function to run the event */
+  time_t last_action_time; /**< The last time the function did something */
+  struct event *ev; /**< Libevent callback we're using to implement this */
+  const char *name; /**< Name of the function -- for debug */
+} periodic_event_item_t;
+
+/** events will get their interval from first execution */
+#define PERIODIC_EVENT(fn) { fn##_callback, 0, NULL, #fn }
+#define END_OF_PERIODIC_EVENTS { NULL, 0, NULL, NULL }
+
+void periodic_event_launch(periodic_event_item_t *event);
+void periodic_event_setup(periodic_event_item_t *event);
+void periodic_event_destroy(periodic_event_item_t *event);
+void periodic_event_reschedule(periodic_event_item_t *event);
+
+#endif
+
diff --git a/src/or/policies.c b/src/or/policies.c
index 8a91509a77..50fec3a773 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -8,9 +8,12 @@
  * \brief Code to parse and use address policies and exit policies.
  **/
 
+#define POLICIES_PRIVATE
+
 #include "or.h"
 #include "config.h"
 #include "dirserv.h"
+#include "networkstatus.h"
 #include "nodelist.h"
 #include "policies.h"
 #include "router.h"
@@ -29,9 +32,6 @@ static smartlist_t *authdir_reject_policy = NULL;
  * to be marked as valid in our networkstatus. */
 static smartlist_t *authdir_invalid_policy = NULL;
 /** Policy that addresses for incoming router descriptors must <b>not</b>
- * match in order to not be marked as BadDirectory. */
-static smartlist_t *authdir_baddir_policy = NULL;
-/** Policy that addresses for incoming router descriptors must <b>not</b>
  * match in order to not be marked as BadExit. */
 static smartlist_t *authdir_badexit_policy = NULL;
 
@@ -65,6 +65,16 @@ static const char *private_nets[] = {
   NULL
 };
 
+static int policies_parse_exit_policy_internal(
+                                      config_line_t *cfg,
+                                      smartlist_t **dest,
+                                      int ipv6_exit,
+                                      int rejectprivate,
+                                      const smartlist_t *configured_addresses,
+                                      int reject_interface_addresses,
+                                      int reject_configured_port_addresses,
+                                      int add_default_policy);
+
 /** Replace all "private" entries in *<b>policy</b> with their expanded
  * equivalents. */
 void
@@ -148,7 +158,7 @@ policy_expand_unspec(smartlist_t **policy)
 }
 
 /**
- * Given a linked list of config lines containing "allow" and "deny"
+ * Given a linked list of config lines containing "accept[6]" and "reject[6]"
  * tokens, parse them and append the result to <b>dest</b>. Return -1
  * if any tokens are malformed (and don't append any), else return 0.
  *
@@ -163,6 +173,7 @@ parse_addr_policy(config_line_t *cfg, smartlist_t **dest,
   smartlist_t *result;
   smartlist_t *entries;
   addr_policy_t *item;
+  int malformed_list;
   int r = 0;
 
   if (!cfg)
@@ -175,12 +186,22 @@ parse_addr_policy(config_line_t *cfg, smartlist_t **dest,
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
     SMARTLIST_FOREACH_BEGIN(entries, const char *, ent) {
       log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
-      item = router_parse_addr_policy_item_from_string(ent, assume_action);
+      malformed_list = 0;
+      item = router_parse_addr_policy_item_from_string(ent, assume_action,
+                                                       &malformed_list);
       if (item) {
         smartlist_add(result, item);
-      } else {
-        log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
+      } else if (malformed_list) {
+        /* the error is so severe the entire list should be discarded */
+        log_warn(LD_CONFIG, "Malformed policy '%s'. Discarding entire policy "
+                 "list.", ent);
         r = -1;
+      } else {
+        /* the error is minor: don't add the item, but keep processing the
+         * rest of the policies in the list */
+        log_debug(LD_CONFIG, "Ignored policy '%s' due to non-fatal error. "
+                  "The remainder of the policy list will be used.",
+                  ent);
       }
     } SMARTLIST_FOREACH_END(ent);
     SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
@@ -250,16 +271,76 @@ parse_reachable_addresses(void)
                "Error parsing ReachableDirAddresses entry; ignoring.");
     ret = -1;
   }
+
+  /* We ignore ReachableAddresses for relays */
+  if (!server_mode(options)) {
+    if ((reachable_or_addr_policy
+         && policy_is_reject_star(reachable_or_addr_policy, AF_UNSPEC))
+        || (reachable_dir_addr_policy
+            && policy_is_reject_star(reachable_dir_addr_policy, AF_UNSPEC))) {
+      log_warn(LD_CONFIG, "Tor cannot connect to the Internet if "
+               "ReachableAddresses, ReachableORAddresses, or "
+               "ReachableDirAddresses reject all addresses. Please accept "
+               "some addresses in these options.");
+    } else if (options->ClientUseIPv4 == 1
+       && ((reachable_or_addr_policy
+            && policy_is_reject_star(reachable_or_addr_policy, AF_INET))
+        || (reachable_dir_addr_policy
+            && policy_is_reject_star(reachable_dir_addr_policy, AF_INET)))) {
+          log_warn(LD_CONFIG, "You have set ClientUseIPv4 1, but "
+                   "ReachableAddresses, ReachableORAddresses, or "
+                   "ReachableDirAddresses reject all IPv4 addresses. "
+                   "Tor will not connect using IPv4.");
+    } else if (fascist_firewall_use_ipv6(options)
+       && ((reachable_or_addr_policy
+            && policy_is_reject_star(reachable_or_addr_policy, AF_INET6))
+        || (reachable_dir_addr_policy
+            && policy_is_reject_star(reachable_dir_addr_policy, AF_INET6)))) {
+          log_warn(LD_CONFIG, "You have configured tor to use IPv6 "
+                   "(ClientUseIPv6 1 or UseBridges 1), but "
+                   "ReachableAddresses, ReachableORAddresses, or "
+                   "ReachableDirAddresses reject all IPv6 addresses. "
+                   "Tor will not connect using IPv6.");
+    }
+  }
+
   return ret;
 }
 
-/** Return true iff the firewall options might block any address:port
- * combination.
+/* Return true iff ClientUseIPv4 0 or ClientUseIPv6 0 might block any OR or Dir
+ * address:port combination. */
+static int
+firewall_is_fascist_impl(void)
+{
+  const or_options_t *options = get_options();
+  /* Assume every non-bridge relay has an IPv4 address.
+   * Clients which use bridges may only know the IPv6 address of their
+   * bridge. */
+  return (options->ClientUseIPv4 == 0
+          || (!fascist_firewall_use_ipv6(options)
+              && options->UseBridges == 1));
+}
+
+/** Return true iff the firewall options, including ClientUseIPv4 0 and
+ * ClientUseIPv6 0, might block any OR address:port combination.
+ * Address preferences may still change which address is selected even if
+ * this function returns false.
  */
 int
 firewall_is_fascist_or(void)
 {
-  return reachable_or_addr_policy != NULL;
+  return (reachable_or_addr_policy != NULL || firewall_is_fascist_impl());
+}
+
+/** Return true iff the firewall options, including ClientUseIPv4 0 and
+ * ClientUseIPv6 0, might block any Dir address:port combination.
+ * Address preferences may still change which address is selected even if
+ * this function returns false.
+ */
+int
+firewall_is_fascist_dir(void)
+{
+  return (reachable_dir_addr_policy != NULL || firewall_is_fascist_impl());
 }
 
 /** Return true iff <b>policy</b> (possibly NULL) will allow a
@@ -297,49 +378,618 @@ addr_policy_permits_address(uint32_t addr, uint16_t port,
   return addr_policy_permits_tor_addr(&a, port, policy);
 }
 
-/** Return true iff we think our firewall will let us make an OR connection to
- * addr:port. */
-int
-fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port)
+/** Return true iff we think our firewall will let us make a connection to
+ * addr:port.
+ *
+ * If we are configured as a server, ignore any address family preference and
+ * just use IPv4.
+ * Otherwise:
+ *  - return false for all IPv4 addresses:
+ *    - if ClientUseIPv4 is 0, or
+ *      if pref_only and pref_ipv6 are both true;
+ *  - return false for all IPv6 addresses:
+ *    - if fascist_firewall_use_ipv6() is 0, or
+ *    - if pref_only is true and pref_ipv6 is false.
+ *
+ * Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */
+STATIC int
+fascist_firewall_allows_address(const tor_addr_t *addr,
+                                uint16_t port,
+                                smartlist_t *firewall_policy,
+                                int pref_only, int pref_ipv6)
 {
+  const or_options_t *options = get_options();
+  const int client_mode = !server_mode(options);
+
+  if (!addr || tor_addr_is_null(addr) || !port) {
+    return 0;
+  }
+
+  /* Clients stop using IPv4 if it's disabled. In most cases, clients also
+   * stop using IPv4 if it's not preferred.
+   * Servers must have IPv4 enabled and preferred. */
+  if (tor_addr_family(addr) == AF_INET && client_mode &&
+      (!options->ClientUseIPv4 || (pref_only && pref_ipv6))) {
+    return 0;
+  }
+
+  /* Clients and Servers won't use IPv6 unless it's enabled (and in most
+   * cases, IPv6 must also be preferred before it will be used). */
+  if (tor_addr_family(addr) == AF_INET6 &&
+      (!fascist_firewall_use_ipv6(options) || (pref_only && !pref_ipv6))) {
+    return 0;
+  }
+
   return addr_policy_permits_tor_addr(addr, port,
-                                     reachable_or_addr_policy);
+                                      firewall_policy);
 }
 
-/** Return true iff we think our firewall will let us make an OR connection to
- * <b>ri</b>. */
+/** Is this client configured to use IPv6?
+ * Use node_ipv6_or/dir_preferred() when checking a specific node and OR/Dir
+ * port: it supports bridge client per-node IPv6 preferences.
+ */
 int
-fascist_firewall_allows_or(const routerinfo_t *ri)
+fascist_firewall_use_ipv6(const or_options_t *options)
+{
+  /* Clients use IPv6 if it's set, or they use bridges, or they don't use
+   * IPv4 */
+  return (options->ClientUseIPv6 == 1 || options->UseBridges == 1
+          || options->ClientUseIPv4 == 0);
+}
+
+/** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and
+ * ClientPreferIPv6DirPort?
+ * If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
+ */
+static int
+fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
 {
-  /* XXXX proposal 118 */
-  tor_addr_t addr;
-  tor_addr_from_ipv4h(&addr, ri->addr);
-  return fascist_firewall_allows_address_or(&addr, ri->or_port);
+  /*
+   Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
+   If we're a server or IPv6 is disabled, use IPv4.
+   If IPv4 is disabled, use IPv6.
+   */
+
+  if (server_mode(options) || !fascist_firewall_use_ipv6(options)) {
+    return 0;
+  }
+
+  if (!options->ClientUseIPv4) {
+    return 1;
+  }
+
+  return -1;
 }
 
-/** Return true iff we think our firewall will let us make an OR connection to
- * <b>node</b>. */
+/** Do we prefer to connect to IPv6 ORPorts?
+ * Use node_ipv6_or_preferred() whenever possible: it supports bridge client
+ * per-node IPv6 preferences.
+ */
 int
-fascist_firewall_allows_node(const node_t *node)
+fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
 {
-  if (node->ri) {
-    return fascist_firewall_allows_or(node->ri);
-  } else if (node->rs) {
-    tor_addr_t addr;
-    tor_addr_from_ipv4h(&addr, node->rs->addr);
-    return fascist_firewall_allows_address_or(&addr, node->rs->or_port);
+  int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
+
+  if (pref_ipv6 >= 0) {
+    return pref_ipv6;
+  }
+
+  /* We can use both IPv4 and IPv6 - which do we prefer? */
+  if (options->ClientPreferIPv6ORPort == 1) {
+    return 1;
+  }
+
+  return 0;
+}
+
+/** Do we prefer to connect to IPv6 DirPorts?
+ *
+ * (node_ipv6_dir_preferred() doesn't support bridge client per-node IPv6
+ * preferences. There's no reason to use it instead of this function.)
+ */
+int
+fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
+{
+  int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
+
+  if (pref_ipv6 >= 0) {
+    return pref_ipv6;
+  }
+
+  /* We can use both IPv4 and IPv6 - which do we prefer? */
+  if (options->ClientPreferIPv6DirPort == 1) {
+    return 1;
+  }
+
+  return 0;
+}
+
+/** Return true iff we think our firewall will let us make a connection to
+ * addr:port. Uses ReachableORAddresses or ReachableDirAddresses based on
+ * fw_connection.
+ * If pref_only is true, return true if addr is in the client's preferred
+ * address family, which is IPv6 if pref_ipv6 is true, and IPv4 otherwise.
+ * If pref_only is false, ignore pref_ipv6, and return true if addr is allowed.
+ */
+int
+fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port,
+                                     firewall_connection_t fw_connection,
+                                     int pref_only, int pref_ipv6)
+{
+  if (fw_connection == FIREWALL_OR_CONNECTION) {
+    return fascist_firewall_allows_address(addr, port,
+                               reachable_or_addr_policy,
+                               pref_only, pref_ipv6);
+  } else if (fw_connection == FIREWALL_DIR_CONNECTION) {
+    return fascist_firewall_allows_address(addr, port,
+                               reachable_dir_addr_policy,
+                               pref_only, pref_ipv6);
+  } else {
+    log_warn(LD_BUG, "Bad firewall_connection_t value %d.",
+             fw_connection);
+    return 0;
+  }
+}
+
+/** Return true iff we think our firewall will let us make a connection to
+ * addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on
+ * fw_connection.
+ * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
+ */
+static int
+fascist_firewall_allows_address_ap(const tor_addr_port_t *ap,
+                                   firewall_connection_t fw_connection,
+                                   int pref_only, int pref_ipv6)
+{
+  tor_assert(ap);
+  return fascist_firewall_allows_address_addr(&ap->addr, ap->port,
+                                              fw_connection, pref_only,
+                                              pref_ipv6);
+}
+
+/* Return true iff we think our firewall will let us make a connection to
+ * ipv4h_or_addr:ipv4_or_port. ipv4h_or_addr is interpreted in host order.
+ * Uses ReachableORAddresses or ReachableDirAddresses based on
+ * fw_connection.
+ * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
+ */
+static int
+fascist_firewall_allows_address_ipv4h(uint32_t ipv4h_or_addr,
+                                          uint16_t ipv4_or_port,
+                                          firewall_connection_t fw_connection,
+                                          int pref_only, int pref_ipv6)
+{
+  tor_addr_t ipv4_or_addr;
+  tor_addr_from_ipv4h(&ipv4_or_addr, ipv4h_or_addr);
+  return fascist_firewall_allows_address_addr(&ipv4_or_addr, ipv4_or_port,
+                                              fw_connection, pref_only,
+                                              pref_ipv6);
+}
+
+/** Return true iff we think our firewall will let us make a connection to
+ * ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
+ * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
+ * <b>fw_connection</b>.
+ * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
+ */
+static int
+fascist_firewall_allows_base(uint32_t ipv4h_addr, uint16_t ipv4_orport,
+                             uint16_t ipv4_dirport,
+                             const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
+                             uint16_t ipv6_dirport,
+                             firewall_connection_t fw_connection,
+                             int pref_only, int pref_ipv6)
+{
+  if (fascist_firewall_allows_address_ipv4h(ipv4h_addr,
+                                      (fw_connection == FIREWALL_OR_CONNECTION
+                                       ? ipv4_orport
+                                       : ipv4_dirport),
+                                      fw_connection,
+                                      pref_only, pref_ipv6)) {
+    return 1;
+  }
+
+  if (fascist_firewall_allows_address_addr(ipv6_addr,
+                                      (fw_connection == FIREWALL_OR_CONNECTION
+                                       ? ipv6_orport
+                                       : ipv6_dirport),
+                                      fw_connection,
+                                      pref_only, pref_ipv6)) {
+    return 1;
+  }
+
+  return 0;
+}
+
+/** Like fascist_firewall_allows_base(), but takes ri. */
+static int
+fascist_firewall_allows_ri_impl(const routerinfo_t *ri,
+                                firewall_connection_t fw_connection,
+                                int pref_only, int pref_ipv6)
+{
+  if (!ri) {
+    return 0;
+  }
+
+  /* Assume IPv4 and IPv6 DirPorts are the same */
+  return fascist_firewall_allows_base(ri->addr, ri->or_port, ri->dir_port,
+                                      &ri->ipv6_addr, ri->ipv6_orport,
+                                      ri->dir_port, fw_connection, pref_only,
+                                      pref_ipv6);
+}
+
+/** Like fascist_firewall_allows_rs, but takes pref_ipv6. */
+static int
+fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
+                                firewall_connection_t fw_connection,
+                                int pref_only, int pref_ipv6)
+{
+  if (!rs) {
+    return 0;
+  }
+
+  /* Assume IPv4 and IPv6 DirPorts are the same */
+  return fascist_firewall_allows_base(rs->addr, rs->or_port, rs->dir_port,
+                                      &rs->ipv6_addr, rs->ipv6_orport,
+                                      rs->dir_port, fw_connection, pref_only,
+                                      pref_ipv6);
+}
+
+/** Like fascist_firewall_allows_base(), but takes rs.
+ * When rs is a fake_status from a dir_server_t, it can have a reachable
+ * address, even when the corresponding node does not.
+ * nodes can be missing addresses when there's no consensus (IPv4 and IPv6),
+ * or when there is a microdescriptor consensus, but no microdescriptors
+ * (microdescriptors have IPv6, the microdesc consensus does not). */
+int
+fascist_firewall_allows_rs(const routerstatus_t *rs,
+                           firewall_connection_t fw_connection, int pref_only)
+{
+  if (!rs) {
+    return 0;
+  }
+
+  /* We don't have access to the node-specific IPv6 preference, so use the
+   * generic IPv6 preference instead. */
+  const or_options_t *options = get_options();
+  int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
+                   ? fascist_firewall_prefer_ipv6_orport(options)
+                   : fascist_firewall_prefer_ipv6_dirport(options));
+
+  return fascist_firewall_allows_rs_impl(rs, fw_connection, pref_only,
+                                         pref_ipv6);
+}
+
+/** Return true iff we think our firewall will let us make a connection to
+ * ipv6_addr:ipv6_orport based on ReachableORAddresses.
+ * If <b>fw_connection</b> is FIREWALL_DIR_CONNECTION, returns 0.
+ * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
+ */
+static int
+fascist_firewall_allows_md_impl(const microdesc_t *md,
+                                firewall_connection_t fw_connection,
+                                int pref_only, int pref_ipv6)
+{
+  if (!md) {
+    return 0;
+  }
+
+  /* Can't check dirport, it doesn't have one */
+  if (fw_connection == FIREWALL_DIR_CONNECTION) {
+    return 0;
+  }
+
+  /* Also can't check IPv4, doesn't have that either */
+  return fascist_firewall_allows_address_addr(&md->ipv6_addr, md->ipv6_orport,
+                                              fw_connection, pref_only,
+                                              pref_ipv6);
+}
+
+/** Like fascist_firewall_allows_base(), but takes node, and looks up pref_ipv6
+ * from node_ipv6_or/dir_preferred(). */
+int
+fascist_firewall_allows_node(const node_t *node,
+                             firewall_connection_t fw_connection,
+                             int pref_only)
+{
+  if (!node) {
+    return 0;
+  }
+
+  node_assert_ok(node);
+
+  const int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
+                         ? node_ipv6_or_preferred(node)
+                         : node_ipv6_dir_preferred(node));
+
+  /* Sometimes, the rs is missing the IPv6 address info, and we need to go
+   * all the way to the md */
+  if (node->ri && fascist_firewall_allows_ri_impl(node->ri, fw_connection,
+                                                  pref_only, pref_ipv6)) {
+    return 1;
+  } else if (node->rs && fascist_firewall_allows_rs_impl(node->rs,
+                                                         fw_connection,
+                                                         pref_only,
+                                                         pref_ipv6)) {
+    return 1;
+  } else if (node->md && fascist_firewall_allows_md_impl(node->md,
+                                                         fw_connection,
+                                                         pref_only,
+                                                         pref_ipv6)) {
+    return 1;
+  } else {
+    /* If we know nothing, assume it's unreachable, we'll never get an address
+     * to connect to. */
+    return 0;
+  }
+}
+
+/** Like fascist_firewall_allows_rs(), but takes ds. */
+int
+fascist_firewall_allows_dir_server(const dir_server_t *ds,
+                                   firewall_connection_t fw_connection,
+                                   int pref_only)
+{
+  if (!ds) {
+    return 0;
+  }
+
+  /* A dir_server_t always has a fake_status. As long as it has the same
+   * addresses/ports in both fake_status and dir_server_t, this works fine.
+   * (See #17867.)
+   * fascist_firewall_allows_rs only checks the addresses in fake_status. */
+  return fascist_firewall_allows_rs(&ds->fake_status, fw_connection,
+                                    pref_only);
+}
+
+/** If a and b are both valid and allowed by fw_connection,
+ * choose one based on want_a and return it.
+ * Otherwise, return whichever is allowed.
+ * Otherwise, return NULL.
+ * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
+ */
+static const tor_addr_port_t *
+fascist_firewall_choose_address_impl(const tor_addr_port_t *a,
+                                     const tor_addr_port_t *b,
+                                     int want_a,
+                                     firewall_connection_t fw_connection,
+                                     int pref_only, int pref_ipv6)
+{
+  const tor_addr_port_t *use_a = NULL;
+  const tor_addr_port_t *use_b = NULL;
+
+  if (fascist_firewall_allows_address_ap(a, fw_connection, pref_only,
+                                         pref_ipv6)) {
+    use_a = a;
+  }
+
+  if (fascist_firewall_allows_address_ap(b, fw_connection, pref_only,
+                                         pref_ipv6)) {
+    use_b = b;
+  }
+
+  /* If both are allowed */
+  if (use_a && use_b) {
+    /* Choose a if we want it */
+    return (want_a ? use_a : use_b);
   } else {
+    /* Choose a if we have it */
+    return (use_a ? use_a : use_b);
+  }
+}
+
+/** If a and b are both valid and preferred by fw_connection,
+ * choose one based on want_a and return it.
+ * Otherwise, return whichever is preferred.
+ * If neither are preferred, and pref_only is false:
+ *  - If a and b are both allowed by fw_connection,
+ *    choose one based on want_a and return it.
+ *  - Otherwise, return whichever is preferred.
+ * Otherwise, return NULL. */
+STATIC const tor_addr_port_t *
+fascist_firewall_choose_address(const tor_addr_port_t *a,
+                                const tor_addr_port_t *b,
+                                int want_a,
+                                firewall_connection_t fw_connection,
+                                int pref_only, int pref_ipv6)
+{
+  const tor_addr_port_t *pref = fascist_firewall_choose_address_impl(
+                                                                a, b, want_a,
+                                                                fw_connection,
+                                                                1, pref_ipv6);
+  if (pref_only || pref) {
+    /* If there is a preferred address, use it. If we can only use preferred
+     * addresses, and neither address is preferred, pref will be NULL, and we
+     * want to return NULL, so return it. */
+    return pref;
+  } else {
+    /* If there's no preferred address, and we can return addresses that are
+     * not preferred, use an address that's allowed */
+    return fascist_firewall_choose_address_impl(a, b, want_a, fw_connection,
+                                                0, pref_ipv6);
+  }
+}
+
+/** Copy an address and port into <b>ap</b> that we think our firewall will
+ * let us connect to. Uses ipv4_addr/ipv6_addr and
+ * ipv4_orport/ipv6_orport/ReachableORAddresses or
+ * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
+ * <b>fw_connection</b>.
+ * If pref_only, only choose preferred addresses. In either case, choose
+ * a preferred address before an address that's not preferred.
+ * If both addresses could be chosen (they are both preferred or both allowed)
+ * choose IPv6 if pref_ipv6 is true, otherwise choose IPv4.
+ * If neither address is chosen, return 0, else return 1. */
+static int
+fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
+                                     uint16_t ipv4_orport,
+                                     uint16_t ipv4_dirport,
+                                     const tor_addr_t *ipv6_addr,
+                                     uint16_t ipv6_orport,
+                                     uint16_t ipv6_dirport,
+                                     firewall_connection_t fw_connection,
+                                     int pref_only,
+                                     int pref_ipv6,
+                                     tor_addr_port_t* ap)
+{
+  const tor_addr_port_t *result = NULL;
+  const int want_ipv4 = !pref_ipv6;
+
+  tor_assert(ipv6_addr);
+  tor_assert(ap);
+
+  tor_addr_port_t ipv4_ap;
+  tor_addr_copy(&ipv4_ap.addr, ipv4_addr);
+  ipv4_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
+                  ? ipv4_orport
+                  : ipv4_dirport);
+
+  tor_addr_port_t ipv6_ap;
+  tor_addr_copy(&ipv6_ap.addr, ipv6_addr);
+  ipv6_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
+                  ? ipv6_orport
+                  : ipv6_dirport);
+
+  result = fascist_firewall_choose_address(&ipv4_ap, &ipv6_ap,
+                                           want_ipv4,
+                                           fw_connection, pref_only,
+                                           pref_ipv6);
+
+  if (result) {
+    tor_addr_copy(&ap->addr, &result->addr);
+    ap->port = result->port;
     return 1;
+  } else {
+    return 0;
   }
 }
 
-/** Return true iff we think our firewall will let us make a directory
- * connection to addr:port. */
+/** Like fascist_firewall_choose_address_base(), but takes a host-order IPv4
+ * address as the first parameter. */
+static int
+fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
+                                      uint16_t ipv4_orport,
+                                      uint16_t ipv4_dirport,
+                                      const tor_addr_t *ipv6_addr,
+                                      uint16_t ipv6_orport,
+                                      uint16_t ipv6_dirport,
+                                      firewall_connection_t fw_connection,
+                                      int pref_only,
+                                      int pref_ipv6,
+                                      tor_addr_port_t* ap)
+{
+  tor_addr_t ipv4_addr;
+  tor_addr_from_ipv4h(&ipv4_addr, ipv4h_addr);
+  return fascist_firewall_choose_address_base(&ipv4_addr, ipv4_orport,
+                                              ipv4_dirport, ipv6_addr,
+                                              ipv6_orport, ipv6_dirport,
+                                              fw_connection, pref_only,
+                                              pref_ipv6, ap);
+}
+
+/** Like fascist_firewall_choose_address_base(), but takes <b>rs</b>.
+ * Consults the corresponding node, then falls back to rs if node is NULL.
+ * This should only happen when there's no valid consensus, and rs doesn't
+ * correspond to a bridge client's bridge.
+ */
 int
-fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port)
+fascist_firewall_choose_address_rs(const routerstatus_t *rs,
+                                   firewall_connection_t fw_connection,
+                                   int pref_only, tor_addr_port_t* ap)
 {
-  return addr_policy_permits_tor_addr(addr, port,
-                                      reachable_dir_addr_policy);
+  if (!rs) {
+    return 0;
+  }
+
+  tor_assert(ap);
+
+  const node_t *node = node_get_by_id(rs->identity_digest);
+
+  if (node) {
+    return fascist_firewall_choose_address_node(node, fw_connection, pref_only,
+                                                ap);
+  } else {
+    /* There's no node-specific IPv6 preference, so use the generic IPv6
+     * preference instead. */
+    const or_options_t *options = get_options();
+    int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
+                     ? fascist_firewall_prefer_ipv6_orport(options)
+                     : fascist_firewall_prefer_ipv6_dirport(options));
+
+    /* Assume IPv4 and IPv6 DirPorts are the same.
+     * Assume the IPv6 OR and Dir addresses are the same. */
+    return fascist_firewall_choose_address_ipv4h(rs->addr,
+                                                 rs->or_port,
+                                                 rs->dir_port,
+                                                 &rs->ipv6_addr,
+                                                 rs->ipv6_orport,
+                                                 rs->dir_port,
+                                                 fw_connection,
+                                                 pref_only,
+                                                 pref_ipv6,
+                                                 ap);
+  }
+}
+
+/** Like fascist_firewall_choose_address_base(), but takes <b>node</b>, and
+ * looks up the node's IPv6 preference rather than taking an argument
+ * for pref_ipv6. */
+int
+fascist_firewall_choose_address_node(const node_t *node,
+                                     firewall_connection_t fw_connection,
+                                     int pref_only, tor_addr_port_t *ap)
+{
+  if (!node) {
+    return 0;
+  }
+
+  node_assert_ok(node);
+
+  const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION
+                              ? node_ipv6_or_preferred(node)
+                              : node_ipv6_dir_preferred(node));
+
+  tor_addr_port_t ipv4_or_ap;
+  node_get_prim_orport(node, &ipv4_or_ap);
+  tor_addr_port_t ipv4_dir_ap;
+  node_get_prim_dirport(node, &ipv4_dir_ap);
+
+  tor_addr_port_t ipv6_or_ap;
+  node_get_pref_ipv6_orport(node, &ipv6_or_ap);
+  tor_addr_port_t ipv6_dir_ap;
+  node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
+
+  /* Assume the IPv6 OR and Dir addresses are the same. */
+  return fascist_firewall_choose_address_base(&ipv4_or_ap.addr,
+                                              ipv4_or_ap.port,
+                                              ipv4_dir_ap.port,
+                                              &ipv6_or_ap.addr,
+                                              ipv6_or_ap.port,
+                                              ipv6_dir_ap.port,
+                                              fw_connection,
+                                              pref_only,
+                                              pref_ipv6_node,
+                                              ap);
+}
+
+/** Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */
+int
+fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
+                                           firewall_connection_t fw_connection,
+                                           int pref_only,
+                                           tor_addr_port_t *ap)
+{
+  if (!ds) {
+    return 0;
+  }
+
+  /* A dir_server_t always has a fake_status. As long as it has the same
+   * addresses/ports in both fake_status and dir_server_t, this works fine.
+   * (See #17867.)
+   * This function relies on fascist_firewall_choose_address_rs looking up the
+   * node if it can, because that will get the latest info for the relay. */
+  return fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection,
+                                            pref_only, ap);
 }
 
 /** Return 1 if <b>addr</b> is permitted to connect to our dir port,
@@ -400,17 +1050,6 @@ authdir_policy_valid_address(uint32_t addr, uint16_t port)
   return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCCs);
 }
 
-/** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad dir,
- * based on <b>authdir_baddir_policy</b>. Else return 0.
- */
-int
-authdir_policy_baddir_address(uint32_t addr, uint16_t port)
-{
-  if (! addr_policy_permits_address(addr, port, authdir_baddir_policy))
-    return 1;
-  return addr_is_in_cc_list(addr, get_options()->AuthDirBadDirCCs);
-}
-
 /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
  * based on <b>authdir_badexit_policy</b>. Else return 0.
  */
@@ -437,11 +1076,36 @@ validate_addr_policies(const or_options_t *options, char **msg)
   smartlist_t *addr_policy=NULL;
   *msg = NULL;
 
-  if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
-                                 options->IPv6Exit,
-                                 options->ExitPolicyRejectPrivate, 0,
-                                 !options->BridgeRelay))
+  if (policies_parse_exit_policy_from_options(options,0,NULL,&addr_policy)) {
     REJECT("Error in ExitPolicy entry.");
+  }
+
+  static int warned_about_exitrelay = 0;
+
+  const int exitrelay_setting_is_auto = options->ExitRelay == -1;
+  const int policy_accepts_something =
+    ! (policy_is_reject_star(addr_policy, AF_INET) &&
+       policy_is_reject_star(addr_policy, AF_INET6));
+
+  if (server_mode(options) &&
+      ! warned_about_exitrelay &&
+      exitrelay_setting_is_auto &&
+      policy_accepts_something) {
+      /* Policy accepts something */
+    warned_about_exitrelay = 1;
+    log_warn(LD_CONFIG,
+             "Tor is running as an exit relay%s. If you did not want this "
+             "behavior, please set the ExitRelay option to 0. If you do "
+             "want to run an exit Relay, please set the ExitRelay option "
+             "to 1 to disable this warning, and for forward compatibility.",
+             options->ExitPolicy == NULL ?
+                 " with the default exit policy" : "");
+    if (options->ExitPolicy == NULL) {
+      log_warn(LD_CONFIG,
+               "In a future version of Tor, ExitRelay 0 may become the "
+               "default when no ExitPolicy is given.");
+    }
+  }
 
   /* The rest of these calls *append* to addr_policy. So don't actually
    * use the results for anything other than checking if they parse! */
@@ -455,9 +1119,6 @@ validate_addr_policies(const or_options_t *options, char **msg)
   if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
                         ADDR_POLICY_REJECT))
     REJECT("Error in AuthDirInvalid entry.");
-  if (parse_addr_policy(options->AuthDirBadDir, &addr_policy,
-                        ADDR_POLICY_REJECT))
-    REJECT("Error in AuthDirBadDir entry.");
   if (parse_addr_policy(options->AuthDirBadExit, &addr_policy,
                         ADDR_POLICY_REJECT))
     REJECT("Error in AuthDirBadExit entry.");
@@ -535,9 +1196,6 @@ policies_parse_from_options(const or_options_t *options)
   if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
                               &authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
     ret = -1;
-  if (load_policy_from_option(options->AuthDirBadDir, "AuthDirBadDir",
-                              &authdir_baddir_policy, ADDR_POLICY_REJECT) < 0)
-    ret = -1;
   if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
                               &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
     ret = -1;
@@ -556,6 +1214,8 @@ cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
     return r;
   if ((r=((int)a->is_private - (int)b->is_private)))
     return r;
+  /* refcnt and is_canonical are irrelevant to equality,
+   * they are hash table implementation details */
   if ((r=tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
     return r;
   if ((r=((int)a->maskbits - (int)b->maskbits)))
@@ -598,7 +1258,7 @@ typedef struct policy_map_ent_t {
 static HT_HEAD(policy_map, policy_map_ent_t) policy_root = HT_INITIALIZER();
 
 /** Return true iff a and b are equal. */
-static INLINE int
+static inline int
 policy_eq(policy_map_ent_t *a, policy_map_ent_t *b)
 {
   return cmp_single_addr_policy(a->policy, b->policy) == 0;
@@ -629,8 +1289,8 @@ policy_hash(const policy_map_ent_t *ent)
 
 HT_PROTOTYPE(policy_map, policy_map_ent_t, node, policy_hash,
              policy_eq)
-HT_GENERATE(policy_map, policy_map_ent_t, node, policy_hash,
-            policy_eq, 0.6, malloc, realloc, free)
+HT_GENERATE2(policy_map, policy_map_ent_t, node, policy_hash,
+             policy_eq, 0.6, tor_reallocarray_, tor_free_)
 
 /** Given a pointer to an addr_policy_t, return a copy of the pointer to the
  * "canonical" copy of that addr_policy_t; the canonical copy is a single
@@ -666,6 +1326,10 @@ compare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
   /* We know the address and port, and we know the policy, so we can just
    * compute an exact match. */
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+    if (tmpe->addr.family == AF_UNSPEC) {
+      log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+               "matches other AF_UNSPEC addresses.");
+    }
     /* Address is known */
     if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
                                  CMP_EXACT)) {
@@ -693,6 +1357,10 @@ compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr,
   int maybe_accept = 0, maybe_reject = 0;
 
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+    if (tmpe->addr.family == AF_UNSPEC) {
+      log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+               "matches other AF_UNSPEC addresses.");
+    }
     if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
                                  CMP_EXACT)) {
       if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
@@ -732,6 +1400,10 @@ compare_unknown_tor_addr_to_addr_policy(uint16_t port,
   int maybe_accept = 0, maybe_reject = 0;
 
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+    if (tmpe->addr.family == AF_UNSPEC) {
+      log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+               "matches other AF_UNSPEC addresses.");
+    }
     if (tmpe->prt_min <= port && port <= tmpe->prt_max) {
       if (tmpe->maskbits == 0) {
         /* Definitely matches, since it covers all addresses. */
@@ -769,9 +1441,9 @@ compare_unknown_tor_addr_to_addr_policy(uint16_t port,
  * We could do better by assuming that some ranges never match typical
  * addresses (127.0.0.1, and so on).  But we'll try this for now.
  */
-addr_policy_result_t
-compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
-                                const smartlist_t *policy)
+MOCK_IMPL(addr_policy_result_t,
+compare_tor_addr_to_addr_policy,(const tor_addr_t *addr, uint16_t port,
+                                 const smartlist_t *policy))
 {
   if (!policy) {
     /* no policy? accept all. */
@@ -837,7 +1509,7 @@ addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
 
 /** Add the exit policy described by <b>more</b> to <b>policy</b>.
  */
-static void
+STATIC void
 append_exit_policy_string(smartlist_t **policy, const char *more)
 {
   config_line_t tmp;
@@ -854,6 +1526,9 @@ append_exit_policy_string(smartlist_t **policy, const char *more)
 void
 addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
 {
+  tor_assert(dest);
+  tor_assert(addr);
+
   addr_policy_t p, *add;
   memset(&p, 0, sizeof(p));
   p.policy_type = ADDR_POLICY_REJECT;
@@ -866,6 +1541,71 @@ addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
   if (!*dest)
     *dest = smartlist_new();
   smartlist_add(*dest, add);
+  log_debug(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*'",
+            fmt_addr(addr));
+}
+
+/* Is addr public for the purposes of rejection? */
+static int
+tor_addr_is_public_for_reject(const tor_addr_t *addr)
+{
+  return (!tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0)
+          && !tor_addr_is_multicast(addr));
+}
+
+/* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed.
+ * Filter the address, only adding an IPv4 reject rule if ipv4_rules
+ * is true, and similarly for ipv6_rules. Check each address returns true for
+ * tor_addr_is_public_for_reject before adding it.
+ */
+static void
+addr_policy_append_reject_addr_filter(smartlist_t **dest,
+                                      const tor_addr_t *addr,
+                                      int ipv4_rules,
+                                      int ipv6_rules)
+{
+  tor_assert(dest);
+  tor_assert(addr);
+
+  /* Only reject IP addresses which are public */
+  if (tor_addr_is_public_for_reject(addr)) {
+
+    /* Reject IPv4 addresses and IPv6 addresses based on the filters */
+    int is_ipv4 = tor_addr_is_v4(addr);
+    if ((is_ipv4 && ipv4_rules) || (!is_ipv4 && ipv6_rules)) {
+      addr_policy_append_reject_addr(dest, addr);
+    }
+  }
+}
+
+/** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the
+  * list as needed. */
+void
+addr_policy_append_reject_addr_list(smartlist_t **dest,
+                                    const smartlist_t *addrs)
+{
+  tor_assert(dest);
+  tor_assert(addrs);
+
+  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {
+    addr_policy_append_reject_addr(dest, addr);
+  } SMARTLIST_FOREACH_END(addr);
+}
+
+/** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the
+ * list as needed. Filter using */
+static void
+addr_policy_append_reject_addr_list_filter(smartlist_t **dest,
+                                           const smartlist_t *addrs,
+                                           int ipv4_rules,
+                                           int ipv6_rules)
+{
+  tor_assert(dest);
+  tor_assert(addrs);
+
+  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {
+    addr_policy_append_reject_addr_filter(dest, addr, ipv4_rules, ipv6_rules);
+  } SMARTLIST_FOREACH_END(addr);
 }
 
 /** Detect and excise "dead code" from the policy *<b>dest</b>. */
@@ -952,41 +1692,197 @@ exit_policy_remove_redundancies(smartlist_t *dest)
   }
 }
 
+/** Reject private helper for policies_parse_exit_policy_internal: rejects
+ * publicly routable addresses on this exit relay.
+ *
+ * Add reject entries to the linked list *<b>dest</b>:
+ * <ul>
+ * <li>if configured_addresses is non-NULL, add entries that reject each
+ *     tor_addr_t in the list as a destination.
+ * <li>if reject_interface_addresses is true, add entries that reject each
+ *     public IPv4 and IPv6 address of each interface on this machine.
+ * <li>if reject_configured_port_addresses is true, add entries that reject
+ *     each IPv4 and IPv6 address configured for a port.
+ * </ul>
+ *
+ * IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are
+ * already blocked by policies_parse_exit_policy_internal if ipv6_exit is
+ * false.)
+ *
+ * The list in <b>dest</b> is created as needed.
+ */
+void
+policies_parse_exit_policy_reject_private(
+                                      smartlist_t **dest,
+                                      int ipv6_exit,
+                                      const smartlist_t *configured_addresses,
+                                      int reject_interface_addresses,
+                                      int reject_configured_port_addresses)
+{
+  tor_assert(dest);
+
+  /* Reject configured addresses, if they are from public netblocks. */
+  if (configured_addresses) {
+    addr_policy_append_reject_addr_list_filter(dest, configured_addresses,
+                                               1, ipv6_exit);
+  }
+
+  /* Reject configured port addresses, if they are from public netblocks. */
+  if (reject_configured_port_addresses) {
+    const smartlist_t *port_addrs = get_configured_ports();
+
+    SMARTLIST_FOREACH_BEGIN(port_addrs, port_cfg_t *, port) {
+
+      /* Only reject port IP addresses, not port unix sockets */
+      if (!port->is_unix_addr) {
+        addr_policy_append_reject_addr_filter(dest, &port->addr, 1, ipv6_exit);
+      }
+    } SMARTLIST_FOREACH_END(port);
+  }
+
+  /* Reject local addresses from public netblocks on any interface. */
+  if (reject_interface_addresses) {
+    smartlist_t *public_addresses = NULL;
+
+    /* Reject public IPv4 addresses on any interface */
+    public_addresses = get_interface_address6_list(LOG_INFO, AF_INET, 0);
+    addr_policy_append_reject_addr_list_filter(dest, public_addresses, 1, 0);
+    free_interface_address6_list(public_addresses);
+
+    /* Don't look for IPv6 addresses if we're configured as IPv4-only */
+    if (ipv6_exit) {
+      /* Reject public IPv6 addresses on any interface */
+      public_addresses = get_interface_address6_list(LOG_INFO, AF_INET6, 0);
+      addr_policy_append_reject_addr_list_filter(dest, public_addresses, 0, 1);
+      free_interface_address6_list(public_addresses);
+    }
+  }
+
+  /* If addresses were added multiple times, remove all but one of them. */
+  if (*dest) {
+    exit_policy_remove_redundancies(*dest);
+  }
+}
+
+/**
+ * Iterate through <b>policy</b> looking for redundant entries. Log a
+ * warning message with the first redundant entry, if any is found.
+ */
+static void
+policies_log_first_redundant_entry(const smartlist_t *policy)
+{
+  int found_final_effective_entry = 0;
+  int first_redundant_entry = 0;
+  tor_assert(policy);
+  SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {
+    sa_family_t family;
+    int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;
+    const int i = p_sl_idx;
+
+    /* Look for accept/reject *[4|6|]:* entires */
+    if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {
+      family = tor_addr_family(&p->addr);
+      /* accept/reject *:* may have already been expanded into
+       * accept/reject *4:*,accept/reject *6:*
+       * But handle both forms.
+       */
+      if (family == AF_INET || family == AF_UNSPEC) {
+        found_ipv4_wildcard = 1;
+      }
+      if (family == AF_INET6 || family == AF_UNSPEC) {
+        found_ipv6_wildcard = 1;
+      }
+    }
+
+    /* We also find accept *4:*,reject *6:* ; and
+     * accept *4:*,<other policies>,accept *6:* ; and similar.
+     * That's ok, because they make any subsequent entries redundant. */
+    if (found_ipv4_wildcard && found_ipv6_wildcard) {
+      found_final_effective_entry = 1;
+      /* if we're not on the final entry in the list */
+      if (i < smartlist_len(policy) - 1) {
+        first_redundant_entry = i + 1;
+      }
+      break;
+    }
+  } SMARTLIST_FOREACH_END(p);
+
+  /* Work out if there are redundant trailing entries in the policy list */
+  if (found_final_effective_entry && first_redundant_entry > 0) {
+    const addr_policy_t *p;
+    /* Longest possible policy is
+     * "accept6 ffff:ffff:..255/128:10000-65535",
+     * which contains a max-length IPv6 address, plus 24 characters. */
+    char line[TOR_ADDR_BUF_LEN + 32];
+
+    tor_assert(first_redundant_entry < smartlist_len(policy));
+    p = smartlist_get(policy, first_redundant_entry);
+    /* since we've already parsed the policy into an addr_policy_t struct,
+     * we might not log exactly what the user typed in */
+    policy_write_item(line, TOR_ADDR_BUF_LEN + 32, p, 0);
+    log_warn(LD_DIR, "Exit policy '%s' and all following policies are "
+             "redundant, as it follows accept/reject *:* rules for both "
+             "IPv4 and IPv6. They will be removed from the exit policy. (Use "
+             "accept/reject *:* as the last entry in any exit policy.)",
+             line);
+  }
+}
+
 #define DEFAULT_EXIT_POLICY                                         \
   "reject *:25,reject *:119,reject *:135-139,reject *:445,"         \
   "reject *:563,reject *:1214,reject *:4661-4666,"                  \
   "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
 
-/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
- * cfg doesn't end in an absolute accept or reject and if
+/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
+ *
+ * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
+ *
+ * If <b>rejectprivate</b> is true:
+ *   - prepend "reject private:*" to the policy.
+ *   - prepend entries that reject publicly routable addresses on this exit
+ *     relay by calling policies_parse_exit_policy_reject_private
+ *
+ * If cfg doesn't end in an absolute accept or reject and if
  * <b>add_default_policy</b> is true, add the default exit
- * policy afterwards. If <b>rejectprivate</b> is true, prepend
- * "reject private:*" to the policy. Return -1 if we can't parse cfg,
- * else return 0.
+ * policy afterwards.
+ *
+ * Return -1 if we can't parse cfg, else return 0.
  *
  * This function is used to parse the exit policy from our torrc. For
  * the functions used to parse the exit policy from a router descriptor,
  * see router_add_exit_policy.
  */
-int
-policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
-                           int ipv6_exit,
-                           int rejectprivate, uint32_t local_address,
-                           int add_default_policy)
+static int
+policies_parse_exit_policy_internal(config_line_t *cfg,
+                                    smartlist_t **dest,
+                                    int ipv6_exit,
+                                    int rejectprivate,
+                                    const smartlist_t *configured_addresses,
+                                    int reject_interface_addresses,
+                                    int reject_configured_port_addresses,
+                                    int add_default_policy)
 {
   if (!ipv6_exit) {
     append_exit_policy_string(dest, "reject *6:*");
   }
   if (rejectprivate) {
+    /* Reject IPv4 and IPv6 reserved private netblocks */
     append_exit_policy_string(dest, "reject private:*");
-    if (local_address) {
-      char buf[POLICY_BUF_LEN];
-      tor_snprintf(buf, sizeof(buf), "reject %s:*", fmt_addr32(local_address));
-      append_exit_policy_string(dest, buf);
-    }
+    /* Reject IPv4 and IPv6 publicly routable addresses on this exit relay */
+    policies_parse_exit_policy_reject_private(
+                                            dest, ipv6_exit,
+                                            configured_addresses,
+                                            reject_interface_addresses,
+                                            reject_configured_port_addresses);
   }
   if (parse_addr_policy(cfg, dest, -1))
     return -1;
+
+  /* Before we add the default policy and final rejects, check to see if
+   * there are any lines after accept *:* or reject *:*. These lines have no
+   * effect, and are most likely an error. */
+  policies_log_first_redundant_entry(*dest);
+
   if (add_default_policy) {
     append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
   } else {
@@ -998,6 +1894,157 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
   return 0;
 }
 
+/** Parse exit policy in <b>cfg</b> into <b>dest</b> smartlist.
+ *
+ * Prepend an entry that rejects all IPv6 destinations unless
+ * <b>EXIT_POLICY_IPV6_ENABLED</b> bit is set in <b>options</b> bitmask.
+ *
+ * If <b>EXIT_POLICY_REJECT_PRIVATE</b> bit is set in <b>options</b>:
+ *   - prepend an entry that rejects all destinations in all netblocks
+ *     reserved for private use.
+ *   - prepend entries that reject publicly routable addresses on this exit
+ *     relay by calling policies_parse_exit_policy_internal
+ *
+ * If <b>EXIT_POLICY_ADD_DEFAULT</b> bit is set in <b>options</b>, append
+ * default exit policy entries to <b>result</b> smartlist.
+ */
+int
+policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
+                           exit_policy_parser_cfg_t options,
+                           const smartlist_t *configured_addresses)
+{
+  int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0;
+  int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0;
+  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
+
+  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
+                                             reject_private,
+                                             configured_addresses,
+                                             reject_private,
+                                             reject_private,
+                                             add_default);
+}
+
+/** Helper function that adds a copy of addr to a smartlist as long as it is
+ * non-NULL and not tor_addr_is_null().
+ *
+ * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
+ */
+static void
+policies_copy_addr_to_smartlist(smartlist_t *addr_list, const tor_addr_t *addr)
+{
+  if (addr && !tor_addr_is_null(addr)) {
+    tor_addr_t *addr_copy = tor_malloc(sizeof(tor_addr_t));
+    tor_addr_copy(addr_copy, addr);
+    smartlist_add(addr_list, addr_copy);
+  }
+}
+
+/** Helper function that adds ipv4h_addr to a smartlist as a tor_addr_t *,
+ * as long as it is not tor_addr_is_null(), by converting it to a tor_addr_t
+ * and passing it to policies_add_addr_to_smartlist.
+ *
+ * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
+ */
+static void
+policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr)
+{
+  if (ipv4h_addr) {
+    tor_addr_t ipv4_tor_addr;
+    tor_addr_from_ipv4h(&ipv4_tor_addr, ipv4h_addr);
+    policies_copy_addr_to_smartlist(addr_list, &ipv4_tor_addr);
+  }
+}
+
+/** Helper function that adds copies of
+ * or_options->OutboundBindAddressIPv[4|6]_ to a smartlist as tor_addr_t *, as
+ * long as or_options is non-NULL, and the addresses are not
+ * tor_addr_is_null(), by passing them to policies_add_addr_to_smartlist.
+ *
+ * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
+ */
+static void
+policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list,
+                                              const or_options_t *or_options)
+{
+  if (or_options) {
+    policies_copy_addr_to_smartlist(addr_list,
+                                    &or_options->OutboundBindAddressIPv4_);
+    policies_copy_addr_to_smartlist(addr_list,
+                                    &or_options->OutboundBindAddressIPv6_);
+  }
+}
+
+/** Parse <b>ExitPolicy</b> member of <b>or_options</b> into <b>result</b>
+ * smartlist.
+ * If <b>or_options->IPv6Exit</b> is false, prepend an entry that
+ * rejects all IPv6 destinations.
+ *
+ * If <b>or_options->ExitPolicyRejectPrivate</b> is true:
+ *  - prepend an entry that rejects all destinations in all netblocks reserved
+ *    for private use.
+ *  - if local_address is non-zero, treat it as a host-order IPv4 address, and
+ *    add it to the list of configured addresses.
+ *  - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it
+ *    to the list of configured addresses.
+ *  - if or_options->OutboundBindAddressIPv4_ is not the null tor_addr_t, add
+ *    it to the list of configured addresses.
+ *  - if or_options->OutboundBindAddressIPv6_ is not the null tor_addr_t, add
+ *    it to the list of configured addresses.
+ *
+ * If <b>or_options->BridgeRelay</b> is false, append entries of default
+ * Tor exit policy into <b>result</b> smartlist.
+ *
+ * If or_options->ExitRelay is false, then make our exit policy into
+ * "reject *:*" regardless.
+ */
+int
+policies_parse_exit_policy_from_options(const or_options_t *or_options,
+                                        uint32_t local_address,
+                                        const tor_addr_t *ipv6_local_address,
+                                        smartlist_t **result)
+{
+  exit_policy_parser_cfg_t parser_cfg = 0;
+  smartlist_t *configured_addresses = NULL;
+  int rv = 0;
+
+  /* Short-circuit for non-exit relays */
+  if (or_options->ExitRelay == 0) {
+    append_exit_policy_string(result, "reject *4:*");
+    append_exit_policy_string(result, "reject *6:*");
+    return 0;
+  }
+
+  configured_addresses = smartlist_new();
+
+  /* Configure the parser */
+  if (or_options->IPv6Exit) {
+    parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
+  }
+
+  if (or_options->ExitPolicyRejectPrivate) {
+    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
+  }
+
+  if (!or_options->BridgeRelay) {
+    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
+  }
+
+  /* Copy the configured addresses into the tor_addr_t* list */
+  policies_copy_ipv4h_to_smartlist(configured_addresses, local_address);
+  policies_copy_addr_to_smartlist(configured_addresses, ipv6_local_address);
+  policies_copy_outbound_addresses_to_smartlist(configured_addresses,
+                                                or_options);
+
+  rv = policies_parse_exit_policy(or_options->ExitPolicy, result, parser_cfg,
+                                  configured_addresses);
+
+  SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
+  smartlist_free(configured_addresses);
+
+  return rv;
+}
+
 /** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
  * *<b>dest</b> as needed. */
 void
@@ -1103,7 +2150,7 @@ policy_is_reject_star(const smartlist_t *policy, sa_family_t family)
 /** Write a single address policy to the buf_len byte buffer at buf.  Return
  * the number of characters written, or -1 on failure. */
 int
-policy_write_item(char *buf, size_t buflen, addr_policy_t *policy,
+policy_write_item(char *buf, size_t buflen, const addr_policy_t *policy,
                   int format_for_desc)
 {
   size_t written = 0;
@@ -1139,9 +2186,9 @@ policy_write_item(char *buf, size_t buflen, addr_policy_t *policy,
   if (result < 0)
     return -1;
   written += strlen(buf);
-  /* If the maskbits is 32 we don't need to give it.  If the mask is 0,
-   * we already wrote "*". */
-  if (policy->maskbits < 32 && policy->maskbits > 0) {
+  /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it.  If
+     the mask is 0, we already wrote "*". */
+  if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) {
     if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)
       return -1;
     written += strlen(buf+written);
@@ -1334,9 +2381,9 @@ policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
  * The summary will either be an "accept" plus a comma-separated list of port
  * ranges or a "reject" plus port-ranges, depending on which is shorter.
  *
- * If no exits are allowed at all then NULL is returned, if no ports
- * are blocked instead of "reject " we return "accept 1-65535" (this
- * is an exception to the shorter-representation-wins rule).
+ * If no exits are allowed at all then "reject 1-65535" is returned. If no
+ * ports are blocked instead of "reject " we return "accept 1-65535". (These
+ * are an exception to the shorter-representation-wins rule).
  */
 char *
 policy_summarize(smartlist_t *policy, sa_family_t family)
@@ -1621,7 +2668,7 @@ compare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port,
    * allows exit enclaving. Trying it anyway would open up a cool attack
    * where the node refuses due to exitpolicy, the client reacts in
    * surprise by rewriting the node's exitpolicy to reject *:*, and then
-   * a bad guy targets users by causing them to attempt such connections
+   * an adversary targets users by causing them to attempt such connections
    * to 98% of the exits.
    *
    * Once microdescriptors can handle addresses in special cases (e.g. if
@@ -1682,6 +2729,53 @@ compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port,
   }
 }
 
+/**
+ * Given <b>policy_list</b>, a list of addr_policy_t, produce a string
+ * representation of the list.
+ * If <b>include_ipv4</b> is true, include IPv4 entries.
+ * If <b>include_ipv6</b> is true, include IPv6 entries.
+ */
+char *
+policy_dump_to_string(const smartlist_t *policy_list,
+                      int include_ipv4,
+                      int include_ipv6)
+{
+  smartlist_t *policy_string_list;
+  char *policy_string = NULL;
+
+  policy_string_list = smartlist_new();
+
+  SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t *, tmpe) {
+    char *pbuf;
+    int bytes_written_to_pbuf;
+    if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) {
+      continue; /* Don't include IPv6 parts of address policy */
+    }
+    if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) {
+      continue; /* Don't include IPv4 parts of address policy */
+    }
+
+    pbuf = tor_malloc(POLICY_BUF_LEN);
+    bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1);
+
+    if (bytes_written_to_pbuf < 0) {
+      log_warn(LD_BUG, "policy_dump_to_string ran out of room!");
+      tor_free(pbuf);
+      goto done;
+    }
+
+    smartlist_add(policy_string_list,pbuf);
+  } SMARTLIST_FOREACH_END(tmpe);
+
+  policy_string = smartlist_join_strings(policy_string_list, "\n", 0, NULL);
+
+ done:
+  SMARTLIST_FOREACH(policy_string_list, char *, str, tor_free(str));
+  smartlist_free(policy_string_list);
+
+  return policy_string;
+}
+
 /** Implementation for GETINFO control command: knows the answer for questions
  * about "exit-policy/..." */
 int
@@ -1693,6 +2787,57 @@ getinfo_helper_policies(control_connection_t *conn,
   (void) errmsg;
   if (!strcmp(question, "exit-policy/default")) {
     *answer = tor_strdup(DEFAULT_EXIT_POLICY);
+  } else if (!strcmp(question, "exit-policy/reject-private/default")) {
+    smartlist_t *private_policy_strings;
+    const char **priv = private_nets;
+
+    private_policy_strings = smartlist_new();
+
+    while (*priv != NULL) {
+      /* IPv6 addresses are in "[]" and contain ":",
+       * IPv4 addresses are not in "[]" and contain "." */
+      smartlist_add_asprintf(private_policy_strings, "reject %s:*", *priv);
+      priv++;
+    }
+
+    *answer = smartlist_join_strings(private_policy_strings,
+                                     ",", 0, NULL);
+
+    SMARTLIST_FOREACH(private_policy_strings, char *, str, tor_free(str));
+    smartlist_free(private_policy_strings);
+  } else if (!strcmp(question, "exit-policy/reject-private/relay")) {
+    const or_options_t *options = get_options();
+    const routerinfo_t *me = router_get_my_routerinfo();
+
+    if (!me) {
+      *errmsg = "router_get_my_routerinfo returned NULL";
+      return -1;
+    }
+
+    if (!options->ExitPolicyRejectPrivate) {
+      *answer = tor_strdup("");
+      return 0;
+    }
+
+    smartlist_t *private_policy_list = smartlist_new();
+    smartlist_t *configured_addresses = smartlist_new();
+
+    /* Copy the configured addresses into the tor_addr_t* list */
+    policies_copy_ipv4h_to_smartlist(configured_addresses, me->addr);
+    policies_copy_addr_to_smartlist(configured_addresses, &me->ipv6_addr);
+    policies_copy_outbound_addresses_to_smartlist(configured_addresses,
+                                                  options);
+
+    policies_parse_exit_policy_reject_private(
+                                            &private_policy_list,
+                                            options->IPv6Exit,
+                                            configured_addresses,
+                                            1, 1);
+    *answer = policy_dump_to_string(private_policy_list, 1, 1);
+
+    addr_policy_list_free(private_policy_list);
+    SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
+    smartlist_free(configured_addresses);
   } else if (!strcmpstart(question, "exit-policy/")) {
     const routerinfo_t *me = router_get_my_routerinfo();
 
@@ -1766,8 +2911,6 @@ policies_free_all(void)
   authdir_reject_policy = NULL;
   addr_policy_list_free(authdir_invalid_policy);
   authdir_invalid_policy = NULL;
-  addr_policy_list_free(authdir_baddir_policy);
-  authdir_baddir_policy = NULL;
   addr_policy_list_free(authdir_badexit_policy);
   authdir_badexit_policy = NULL;
 
diff --git a/src/or/policies.h b/src/or/policies.h
index 91ac427492..aaa6fa0a4e 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -18,16 +18,52 @@
  */
 #define POLICY_BUF_LEN 72
 
+#define EXIT_POLICY_IPV6_ENABLED   (1 << 0)
+#define EXIT_POLICY_REJECT_PRIVATE (1 << 1)
+#define EXIT_POLICY_ADD_DEFAULT    (1 << 2)
+
+typedef enum firewall_connection_t {
+  FIREWALL_OR_CONNECTION      = 0,
+  FIREWALL_DIR_CONNECTION     = 1
+} firewall_connection_t;
+
+typedef int exit_policy_parser_cfg_t;
+
 int firewall_is_fascist_or(void);
-int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port);
-int fascist_firewall_allows_or(const routerinfo_t *ri);
-int fascist_firewall_allows_node(const node_t *node);
-int fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port);
+int firewall_is_fascist_dir(void);
+int fascist_firewall_use_ipv6(const or_options_t *options);
+int fascist_firewall_prefer_ipv6_orport(const or_options_t *options);
+int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options);
+
+int fascist_firewall_allows_address_addr(const tor_addr_t *addr,
+                                         uint16_t port,
+                                         firewall_connection_t fw_connection,
+                                         int pref_only, int pref_ipv6);
+
+int fascist_firewall_allows_rs(const routerstatus_t *rs,
+                               firewall_connection_t fw_connection,
+                               int pref_only);
+int fascist_firewall_allows_node(const node_t *node,
+                                 firewall_connection_t fw_connection,
+                                 int pref_only);
+int fascist_firewall_allows_dir_server(const dir_server_t *ds,
+                                       firewall_connection_t fw_connection,
+                                       int pref_only);
+
+int fascist_firewall_choose_address_rs(const routerstatus_t *rs,
+                                       firewall_connection_t fw_connection,
+                                       int pref_only, tor_addr_port_t* ap);
+int fascist_firewall_choose_address_node(const node_t *node,
+                                         firewall_connection_t fw_connection,
+                                         int pref_only, tor_addr_port_t* ap);
+int fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
+                                          firewall_connection_t fw_connection,
+                                          int pref_only, tor_addr_port_t* ap);
+
 int dir_policy_permits_address(const tor_addr_t *addr);
 int socks_policy_permits_address(const tor_addr_t *addr);
 int authdir_policy_permits_address(uint32_t addr, uint16_t port);
 int authdir_policy_valid_address(uint32_t addr, uint16_t port);
-int authdir_policy_baddir_address(uint32_t addr, uint16_t port);
 int authdir_policy_badexit_address(uint32_t addr, uint16_t port);
 
 int validate_addr_policies(const or_options_t *options, char **msg);
@@ -37,26 +73,40 @@ int policies_parse_from_options(const or_options_t *options);
 
 addr_policy_t *addr_policy_get_canonical_entry(addr_policy_t *ent);
 int cmp_addr_policies(smartlist_t *a, smartlist_t *b);
-addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr,
-                              uint16_t port, const smartlist_t *policy);
-
+MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
 addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
                               uint16_t port, const node_t *node);
 
+int policies_parse_exit_policy_from_options(
+                                          const or_options_t *or_options,
+                                          uint32_t local_address,
+                                          const tor_addr_t *ipv6_local_address,
+                                          smartlist_t **result);
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
-                               int ipv6exit,
-                               int rejectprivate, uint32_t local_address,
-                               int add_default_policy);
+                               exit_policy_parser_cfg_t options,
+                               const smartlist_t *configured_addresses);
+void policies_parse_exit_policy_reject_private(
+                                      smartlist_t **dest,
+                                      int ipv6_exit,
+                                      const smartlist_t *configured_addresses,
+                                      int reject_interface_addresses,
+                                      int reject_configured_port_addresses);
 void policies_exit_policy_append_reject_star(smartlist_t **dest);
 void addr_policy_append_reject_addr(smartlist_t **dest,
                                     const tor_addr_t *addr);
+void addr_policy_append_reject_addr_list(smartlist_t **dest,
+                                         const smartlist_t *addrs);
 void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter);
 int exit_policy_is_general_exit(smartlist_t *policy);
 int policy_is_reject_star(const smartlist_t *policy, sa_family_t family);
+char * policy_dump_to_string(const smartlist_t *policy_list,
+                             int include_ipv4,
+                             int include_ipv6);
 int getinfo_helper_policies(control_connection_t *conn,
                             const char *question, char **answer,
                             const char **errmsg);
-int policy_write_item(char *buf, size_t buflen, addr_policy_t *item,
+int policy_write_item(char *buf, size_t buflen, const addr_policy_t *item,
                       int format_for_desc);
 
 void addr_policy_list_free(smartlist_t *p);
@@ -73,5 +123,20 @@ addr_policy_result_t compare_tor_addr_to_short_policy(
                           const tor_addr_t *addr, uint16_t port,
                           const short_policy_t *policy);
 
+#ifdef POLICIES_PRIVATE
+STATIC void append_exit_policy_string(smartlist_t **policy, const char *more);
+STATIC int fascist_firewall_allows_address(const tor_addr_t *addr,
+                                           uint16_t port,
+                                           smartlist_t *firewall_policy,
+                                           int pref_only, int pref_ipv6);
+STATIC const tor_addr_port_t * fascist_firewall_choose_address(
+                                          const tor_addr_port_t *a,
+                                          const tor_addr_port_t *b,
+                                          int want_a,
+                                          firewall_connection_t fw_connection,
+                                          int pref_only, int pref_ipv6);
+
+#endif
+
 #endif
 
diff --git a/src/or/reasons.c b/src/or/reasons.c
index 750e89bbe7..36921cafcd 100644
--- a/src/or/reasons.c
+++ b/src/or/reasons.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -350,6 +350,8 @@ circuit_end_reason_to_control_string(int reason)
       return "NOSUCHSERVICE";
     case END_CIRC_REASON_MEASUREMENT_EXPIRED:
       return "MEASUREMENT_EXPIRED";
+    case END_CIRC_REASON_IP_NOW_REDUNDANT:
+      return "IP_NOW_REDUNDANT";
     default:
       if (is_remote) {
         /*
@@ -367,7 +369,7 @@ circuit_end_reason_to_control_string(int reason)
   }
 }
 
-/** Return a string corresponding to a SOCKS4 reponse code. */
+/** Return a string corresponding to a SOCKS4 response code. */
 const char *
 socks4_response_code_to_string(uint8_t code)
 {
@@ -385,7 +387,7 @@ socks4_response_code_to_string(uint8_t code)
   }
 }
 
-/** Return a string corresponding to a SOCKS5 reponse code. */
+/** Return a string corresponding to a SOCKS5 response code. */
 const char *
 socks5_response_code_to_string(uint8_t code)
 {
diff --git a/src/or/reasons.h b/src/or/reasons.h
index fe7e67722a..2e12c93728 100644
--- a/src/or/reasons.h
+++ b/src/or/reasons.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/relay.c b/src/or/relay.c
index daf354c34c..9cd68cc440 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -26,19 +26,18 @@
 #include "control.h"
 #include "geoip.h"
 #include "main.h"
-#ifdef ENABLE_MEMPOOLS
-#include "mempool.h"
-#endif
 #include "networkstatus.h"
 #include "nodelist.h"
 #include "onion.h"
 #include "policies.h"
 #include "reasons.h"
 #include "relay.h"
+#include "rendcache.h"
 #include "rendcommon.h"
 #include "router.h"
 #include "routerlist.h"
 #include "routerparse.h"
+#include "scheduler.h"
 
 static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell,
                                             cell_direction_t cell_direction,
@@ -149,20 +148,15 @@ relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
  *
  * If <b>encrypt_mode</b> is 1 then encrypt, else decrypt.
  *
- * Return -1 if the crypto fails, else return 0.
+ * Returns 0.
  */
 static int
 relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in,
                         int encrypt_mode)
 {
-  int r;
   (void)encrypt_mode;
-  r = crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
+  crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
 
-  if (r) {
-    log_warn(LD_BUG,"Error during relay encryption");
-    return -1;
-  }
   return 0;
 }
 
@@ -210,8 +204,7 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
       return 0;
     }
 
-    conn = relay_lookup_conn(circ, cell, cell_direction,
-                                                layer_hint);
+    conn = relay_lookup_conn(circ, cell, cell_direction, layer_hint);
     if (cell_direction == CELL_DIRECTION_OUT) {
       ++stats_n_relay_cells_delivered;
       log_debug(LD_OR,"Sending away from origin.");
@@ -803,8 +796,10 @@ connection_ap_process_end_not_open(
             return 0;
           }
 
-          if ((tor_addr_family(&addr) == AF_INET && !conn->ipv4_traffic_ok) ||
-              (tor_addr_family(&addr) == AF_INET6 && !conn->ipv6_traffic_ok)) {
+          if ((tor_addr_family(&addr) == AF_INET &&
+                                          !conn->entry_cfg.ipv4_traffic) ||
+              (tor_addr_family(&addr) == AF_INET6 &&
+                                          !conn->entry_cfg.ipv6_traffic)) {
             log_fn(LOG_PROTOCOL_WARN, LD_APP,
                    "Got an EXITPOLICY failure on a connection with a "
                    "mismatched family. Closing.");
@@ -833,7 +828,7 @@ connection_ap_process_end_not_open(
             }
           }
         }
-        /* check if he *ought* to have allowed it */
+        /* check if the exit *ought* to have allowed it */
 
         adjust_exit_policy_from_exitpolicy_failure(circ,
                                                    conn,
@@ -1155,11 +1150,11 @@ connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
         addr_hostname = addr;
       }
     } else if (tor_addr_family(&addr->addr) == AF_INET) {
-      if (!addr_ipv4 && conn->ipv4_traffic_ok) {
+      if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
         addr_ipv4 = addr;
       }
     } else if (tor_addr_family(&addr->addr) == AF_INET6) {
-      if (!addr_ipv6 && conn->ipv6_traffic_ok) {
+      if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
         addr_ipv6 = addr;
       }
     }
@@ -1180,7 +1175,7 @@ connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
     return;
   }
 
-  if (conn->prefer_ipv6_traffic) {
+  if (conn->entry_cfg.prefer_ipv6) {
     addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
   } else {
     addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
@@ -1304,8 +1299,12 @@ connection_edge_process_relay_cell_not_open(
              "Got 'connected' while not in state connect_wait. Dropping.");
       return 0;
     }
+    CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
     conn->base_.state = AP_CONN_STATE_OPEN;
-    log_info(LD_APP,"'connected' received after %d seconds.",
+    log_info(LD_APP,"'connected' received for circid %u streamid %d "
+             "after %d seconds.",
+             (unsigned)circ->n_circ_id,
+             rh->stream_id,
              (int)(time(NULL) - conn->base_.timestamp_lastread));
     if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
       log_fn(LOG_PROTOCOL_WARN, LD_APP,
@@ -1326,8 +1325,8 @@ connection_edge_process_relay_cell_not_open(
         return 0;
       }
 
-      if ((family == AF_INET && ! entry_conn->ipv4_traffic_ok) ||
-          (family == AF_INET6 && ! entry_conn->ipv6_traffic_ok)) {
+      if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
+          (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
         log_fn(LOG_PROTOCOL_WARN, LD_APP,
                "Got a connected cell to %s with unsupported address family."
                " Closing.", fmt_addr(&addr));
@@ -1644,8 +1643,9 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
         }
         if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
                                          &extended_cell.created_cell)) < 0) {
-          log_warn(domain,"circuit_finish_handshake failed.");
-          return reason;
+          circuit_mark_for_close(circ, -reason);
+          return 0; /* We don't want to cause a warning, so we mark the circuit
+                     * here. */
         }
       }
       if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
@@ -1698,7 +1698,9 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
         return -END_CIRC_REASON_TORPROTOCOL;
       }
       log_info(domain,
-               "'connected' received, no conn attached anymore. Ignoring.");
+               "'connected' received on circid %u for streamid %d, "
+               "no conn attached anymore. Ignoring.",
+               (unsigned)circ->n_circ_id, rh.stream_id);
       return 0;
     case RELAY_COMMAND_SENDME:
       if (!rh.stream_id) {
@@ -2249,62 +2251,12 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
 /** The total number of cells we have allocated. */
 static size_t total_cells_allocated = 0;
 
-#ifdef ENABLE_MEMPOOLS
-/** A memory pool to allocate packed_cell_t objects. */
-static mp_pool_t *cell_pool = NULL;
-
-/** Allocate structures to hold cells. */
-void
-init_cell_pool(void)
-{
-  tor_assert(!cell_pool);
-  cell_pool = mp_pool_new(sizeof(packed_cell_t), 128*1024);
-}
-
-/** Free all storage used to hold cells (and insertion times/commands if we
- * measure cell statistics and/or if CELL_STATS events are enabled). */
-void
-free_cell_pool(void)
-{
-  /* Maybe we haven't called init_cell_pool yet; need to check for it. */
-  if (cell_pool) {
-    mp_pool_destroy(cell_pool);
-    cell_pool = NULL;
-  }
-}
-
-/** Free excess storage in cell pool. */
-void
-clean_cell_pool(void)
-{
-  tor_assert(cell_pool);
-  mp_pool_clean(cell_pool, 0, 1);
-}
-
-#define relay_alloc_cell() \
-  mp_pool_get(cell_pool)
-#define relay_free_cell(cell) \
-  mp_pool_release(cell)
-
-#define RELAY_CELL_MEM_COST (sizeof(packed_cell_t) + MP_POOL_ITEM_OVERHEAD)
-
-#else /* !ENABLE_MEMPOOLS case */
-
-#define relay_alloc_cell() \
-  tor_malloc_zero(sizeof(packed_cell_t))
-#define relay_free_cell(cell) \
-  tor_free(cell)
-
-#define RELAY_CELL_MEM_COST (sizeof(packed_cell_t))
-
-#endif /* ENABLE_MEMPOOLS */
-
 /** Release storage held by <b>cell</b>. */
-static INLINE void
+static inline void
 packed_cell_free_unchecked(packed_cell_t *cell)
 {
   --total_cells_allocated;
-  relay_free_cell(cell);
+  tor_free(cell);
 }
 
 /** Allocate and return a new packed_cell_t. */
@@ -2312,7 +2264,7 @@ STATIC packed_cell_t *
 packed_cell_new(void)
 {
   ++total_cells_allocated;
-  return relay_alloc_cell();
+  return tor_malloc_zero(sizeof(packed_cell_t));
 }
 
 /** Return a packed cell used outside by channel_t lower layer */
@@ -2329,25 +2281,22 @@ packed_cell_free(packed_cell_t *cell)
 void
 dump_cell_pool_usage(int severity)
 {
-  circuit_t *c;
   int n_circs = 0;
   int n_cells = 0;
-  TOR_LIST_FOREACH(c, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) {
     n_cells += c->n_chan_cells.n;
     if (!CIRCUIT_IS_ORIGIN(c))
       n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
     ++n_circs;
   }
+  SMARTLIST_FOREACH_END(c);
   tor_log(severity, LD_MM,
           "%d cells allocated on %d circuits. %d cells leaked.",
           n_cells, n_circs, (int)total_cells_allocated - n_cells);
-#ifdef ENABLE_MEMPOOLS
-  mp_pool_log_status(cell_pool, severity);
-#endif
 }
 
 /** Allocate a new copy of packed <b>cell</b>. */
-static INLINE packed_cell_t *
+static inline packed_cell_t *
 packed_cell_copy(const cell_t *cell, int wide_circ_ids)
 {
   packed_cell_t *c = packed_cell_new();
@@ -2423,16 +2372,22 @@ cell_queue_pop(cell_queue_t *queue)
 size_t
 packed_cell_mem_cost(void)
 {
-  return RELAY_CELL_MEM_COST;
+  return sizeof(packed_cell_t);
 }
 
-/** DOCDOC */
+/* DOCDOC */
 STATIC size_t
 cell_queues_get_total_allocation(void)
 {
   return total_cells_allocated * packed_cell_mem_cost();
 }
 
+/** How long after we've been low on memory should we try to conserve it? */
+#define MEMORY_PRESSURE_INTERVAL (30*60)
+
+/** The time at which we were last low on memory. */
+static time_t last_time_under_memory_pressure = 0;
+
 /** Check whether we've got too much space used for cells.  If so,
  * call the OOM handler and return 1.  Otherwise, return 0. */
 STATIC int
@@ -2440,13 +2395,38 @@ cell_queues_check_size(void)
 {
   size_t alloc = cell_queues_get_total_allocation();
   alloc += buf_get_total_allocation();
-  if (alloc >= get_options()->MaxMemInQueues) {
-    circuits_handle_oom(alloc);
-    return 1;
+  alloc += tor_zlib_get_total_allocation();
+  const size_t rend_cache_total = rend_cache_get_total_allocation();
+  alloc += rend_cache_total;
+  if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
+    last_time_under_memory_pressure = approx_time();
+    if (alloc >= get_options()->MaxMemInQueues) {
+      /* If we're spending over 20% of the memory limit on hidden service
+       * descriptors, free them until we're down to 10%.
+       */
+      if (rend_cache_total > get_options()->MaxMemInQueues / 5) {
+        const size_t bytes_to_remove =
+          rend_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
+        rend_cache_clean_v2_descs_as_dir(time(NULL), bytes_to_remove);
+        alloc -= rend_cache_total;
+        alloc += rend_cache_get_total_allocation();
+      }
+      circuits_handle_oom(alloc);
+      return 1;
+    }
   }
   return 0;
 }
 
+/** Return true if we've been under memory pressure in the last
+ * MEMORY_PRESSURE_INTERVAL seconds. */
+int
+have_been_under_memory_pressure(void)
+{
+  return last_time_under_memory_pressure + MEMORY_PRESSURE_INTERVAL
+    < approx_time();
+}
+
 /**
  * Update the number of cells available on the circuit's n_chan or p_chan's
  * circuit mux.
@@ -2591,8 +2571,8 @@ packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
  * queue of the first active circuit on <b>chan</b>, and write them to
  * <b>chan</b>-&gt;outbuf.  Return the number of cells written.  Advance
  * the active circuit pointer to the next active circuit in the ring. */
-int
-channel_flush_from_first_active_circuit(channel_t *chan, int max)
+MOCK_IMPL(int,
+channel_flush_from_first_active_circuit, (channel_t *chan, int max))
 {
   circuitmux_t *cmux = NULL;
   int n_flushed = 0;
@@ -2636,6 +2616,15 @@ channel_flush_from_first_active_circuit(channel_t *chan, int max)
     }
 
     /* Circuitmux told us this was active, so it should have cells */
+    if (/*BUG(*/ queue->n == 0 /*)*/) {
+      log_warn(LD_BUG, "Found a supposedly active circuit with no cells "
+               "to send. Trying to recover.");
+      circuitmux_set_num_cells(cmux, circ, 0);
+      if (! circ->marked_for_close)
+        circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
+      continue;
+    }
+
     tor_assert(queue->n > 0);
 
     /*
@@ -2868,14 +2857,8 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan,
     log_debug(LD_GENERAL, "Made a circuit active.");
   }
 
-  if (!channel_has_queued_writes(chan)) {
-    /* There is no data at all waiting to be sent on the outbuf.  Add a
-     * cell, so that we can notice when it gets flushed, flushed_some can
-     * get called, and we can start putting more data onto the buffer then.
-     */
-    log_debug(LD_GENERAL, "Primed a buffer.");
-    channel_flush_from_first_active_circuit(chan, 1);
-  }
+  /* New way: mark this as having waiting cells for the scheduler */
+  scheduler_channel_has_waiting_cells(chan);
 }
 
 /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
diff --git a/src/or/relay.h b/src/or/relay.h
index 969c6fb61d..e15551ca51 100644
--- a/src/or/relay.h
+++ b/src/or/relay.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -42,14 +42,11 @@ extern uint64_t stats_n_data_bytes_packaged;
 extern uint64_t stats_n_data_cells_received;
 extern uint64_t stats_n_data_bytes_received;
 
-#ifdef ENABLE_MEMPOOLS
-void init_cell_pool(void);
-void free_cell_pool(void);
-void clean_cell_pool(void);
-#endif /* ENABLE_MEMPOOLS */
 void dump_cell_pool_usage(int severity);
 size_t packed_cell_mem_cost(void);
 
+int have_been_under_memory_pressure(void);
+
 /* For channeltls.c */
 void packed_cell_free(packed_cell_t *cell);
 
@@ -64,7 +61,8 @@ void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan,
                                   cell_t *cell, cell_direction_t direction,
                                   streamid_t fromstream);
 void channel_unlink_all_circuits(channel_t *chan, smartlist_t *detached_out);
-int channel_flush_from_first_active_circuit(channel_t *chan, int max);
+MOCK_DECL(int, channel_flush_from_first_active_circuit,
+          (channel_t *chan, int max));
 void assert_circuit_mux_okay(channel_t *chan);
 void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction,
                              const char *file, int lineno);
diff --git a/src/or/rendcache.c b/src/or/rendcache.c
new file mode 100644
index 0000000000..f9ae6d1173
--- /dev/null
+++ b/src/or/rendcache.c
@@ -0,0 +1,1013 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file rendcache.c
+ * \brief Hidden service descriptor cache.
+ **/
+
+#define RENDCACHE_PRIVATE
+#include "rendcache.h"
+
+#include "config.h"
+#include "rephist.h"
+#include "routerlist.h"
+#include "routerparse.h"
+#include "rendcommon.h"
+
+/** Map from service id (as generated by rend_get_service_id) to
+ * rend_cache_entry_t. */
+STATIC strmap_t *rend_cache = NULL;
+
+/** Map from service id to rend_cache_entry_t; only for hidden services. */
+static strmap_t *rend_cache_local_service = NULL;
+
+/** Map from descriptor id to rend_cache_entry_t; only for hidden service
+ * directories. */
+STATIC digestmap_t *rend_cache_v2_dir = NULL;
+
+/** (Client side only) Map from service id to rend_cache_failure_t. This
+ * cache is used to track intro point(IP) failures so we know when to keep
+ * or discard a new descriptor we just fetched. Here is a description of the
+ * cache behavior.
+ *
+ * Everytime tor discards an IP (ex: receives a NACK), we add an entry to
+ * this cache noting the identity digest of the IP and it's failure type for
+ * the service ID. The reason we indexed this cache by service ID is to
+ * differentiate errors that can occur only for a specific service like a
+ * NACK for instance. It applies for one but maybe not for the others.
+ *
+ * Once a service descriptor is fetched and considered valid, each IP is
+ * looked up in this cache and if present, it is discarded from the fetched
+ * descriptor. At the end, all IP(s) in the cache, for a specific service
+ * ID, that were NOT present in the descriptor are removed from this cache.
+ * Which means that if at least one IP was not in this cache, thus usuable,
+ * it's considered a new descriptor so we keep it. Else, if all IPs were in
+ * this cache, we discard the descriptor as it's considered unsuable.
+ *
+ * Once a descriptor is removed from the rend cache or expires, the entry
+ * in this cache is also removed for the service ID.
+ *
+ * This scheme allows us to not realy on the descriptor's timestamp (which
+ * is rounded down to the hour) to know if we have a newer descriptor. We
+ * only rely on the usability of intro points from an internal state. */
+STATIC strmap_t *rend_cache_failure = NULL;
+
+/* DOCDOC */
+STATIC size_t rend_cache_total_allocation = 0;
+
+/** Initializes the service descriptor cache.
+*/
+void
+rend_cache_init(void)
+{
+  rend_cache = strmap_new();
+  rend_cache_v2_dir = digestmap_new();
+  rend_cache_local_service = strmap_new();
+  rend_cache_failure = strmap_new();
+}
+
+/** Return the approximate number of bytes needed to hold <b>e</b>. */
+STATIC size_t
+rend_cache_entry_allocation(const rend_cache_entry_t *e)
+{
+  if (!e)
+    return 0;
+
+  /* This doesn't count intro_nodes or key size */
+  return sizeof(*e) + e->len + sizeof(*e->parsed);
+}
+
+/* DOCDOC */
+size_t
+rend_cache_get_total_allocation(void)
+{
+  return rend_cache_total_allocation;
+}
+
+/** Decrement the total bytes attributed to the rendezvous cache by n. */
+STATIC void
+rend_cache_decrement_allocation(size_t n)
+{
+  static int have_underflowed = 0;
+
+  if (rend_cache_total_allocation >= n) {
+    rend_cache_total_allocation -= n;
+  } else {
+    rend_cache_total_allocation = 0;
+    if (! have_underflowed) {
+      have_underflowed = 1;
+      log_warn(LD_BUG, "Underflow in rend_cache_decrement_allocation");
+    }
+  }
+}
+
+/** Increase the total bytes attributed to the rendezvous cache by n. */
+STATIC void
+rend_cache_increment_allocation(size_t n)
+{
+  static int have_overflowed = 0;
+  if (rend_cache_total_allocation <= SIZE_MAX - n) {
+    rend_cache_total_allocation += n;
+  } else {
+    rend_cache_total_allocation = SIZE_MAX;
+    if (! have_overflowed) {
+      have_overflowed = 1;
+      log_warn(LD_BUG, "Overflow in rend_cache_increment_allocation");
+    }
+  }
+}
+
+/** Helper: free a rend cache failure intro object. */
+STATIC void
+rend_cache_failure_intro_entry_free(rend_cache_failure_intro_t *entry)
+{
+  if (entry == NULL) {
+    return;
+  }
+  tor_free(entry);
+}
+
+static void
+rend_cache_failure_intro_entry_free_(void *entry)
+{
+  rend_cache_failure_intro_entry_free(entry);
+}
+
+/** Allocate a rend cache failure intro object and return it. <b>failure</b>
+ * is set into the object. This function can not fail. */
+STATIC rend_cache_failure_intro_t *
+rend_cache_failure_intro_entry_new(rend_intro_point_failure_t failure)
+{
+  rend_cache_failure_intro_t *entry = tor_malloc(sizeof(*entry));
+  entry->failure_type = failure;
+  entry->created_ts = time(NULL);
+  return entry;
+}
+
+/** Helper: free a rend cache failure object. */
+STATIC void
+rend_cache_failure_entry_free(rend_cache_failure_t *entry)
+{
+  if (entry == NULL) {
+    return;
+  }
+
+  /* Free and remove every intro failure object. */
+  digestmap_free(entry->intro_failures,
+                 rend_cache_failure_intro_entry_free_);
+
+  tor_free(entry);
+}
+
+/** Helper: deallocate a rend_cache_failure_t. (Used with strmap_free(),
+ * which requires a function pointer whose argument is void*). */
+STATIC void
+rend_cache_failure_entry_free_(void *entry)
+{
+  rend_cache_failure_entry_free(entry);
+}
+
+/** Allocate a rend cache failure object and return it. This function can
+ * not fail. */
+STATIC rend_cache_failure_t *
+rend_cache_failure_entry_new(void)
+{
+  rend_cache_failure_t *entry = tor_malloc(sizeof(*entry));
+  entry->intro_failures = digestmap_new();
+  return entry;
+}
+
+/** Remove failure cache entry for the service ID in the given descriptor
+ * <b>desc</b>. */
+STATIC void
+rend_cache_failure_remove(rend_service_descriptor_t *desc)
+{
+  char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
+  rend_cache_failure_t *entry;
+
+  if (desc == NULL) {
+    return;
+  }
+  if (rend_get_service_id(desc->pk, service_id) < 0) {
+    return;
+  }
+  entry = strmap_get_lc(rend_cache_failure, service_id);
+  if (entry != NULL) {
+    strmap_remove_lc(rend_cache_failure, service_id);
+    rend_cache_failure_entry_free(entry);
+  }
+}
+
+/** Helper: free storage held by a single service descriptor cache entry. */
+STATIC void
+rend_cache_entry_free(rend_cache_entry_t *e)
+{
+  if (!e)
+    return;
+  rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+  /* We are about to remove a descriptor from the cache so remove the entry
+   * in the failure cache. */
+  rend_cache_failure_remove(e->parsed);
+  rend_service_descriptor_free(e->parsed);
+  tor_free(e->desc);
+  tor_free(e);
+}
+
+/** Helper: deallocate a rend_cache_entry_t.  (Used with strmap_free(), which
+ * requires a function pointer whose argument is void*). */
+static void
+rend_cache_entry_free_(void *p)
+{
+  rend_cache_entry_free(p);
+}
+
+/** Free all storage held by the service descriptor cache. */
+void
+rend_cache_free_all(void)
+{
+  strmap_free(rend_cache, rend_cache_entry_free_);
+  digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_);
+  strmap_free(rend_cache_local_service, rend_cache_entry_free_);
+  strmap_free(rend_cache_failure, rend_cache_failure_entry_free_);
+  rend_cache = NULL;
+  rend_cache_v2_dir = NULL;
+  rend_cache_local_service = NULL;
+  rend_cache_failure = NULL;
+  rend_cache_total_allocation = 0;
+}
+
+/** Remove all entries that re REND_CACHE_FAILURE_MAX_AGE old. This is
+ * called every second.
+ *
+ * We have to clean these regurlarly else if for whatever reasons an hidden
+ * service goes offline and a client tries to connect to it during that
+ * time, a failure entry is created and the client will be unable to connect
+ * for a while even though the service has return online.  */
+void
+rend_cache_failure_clean(time_t now)
+{
+  time_t cutoff = now - REND_CACHE_FAILURE_MAX_AGE;
+  STRMAP_FOREACH_MODIFY(rend_cache_failure, key,
+                        rend_cache_failure_t *, ent) {
+    /* Free and remove every intro failure object that match the cutoff. */
+    DIGESTMAP_FOREACH_MODIFY(ent->intro_failures, ip_key,
+                             rend_cache_failure_intro_t *, ip_ent) {
+      if (ip_ent->created_ts < cutoff) {
+        rend_cache_failure_intro_entry_free(ip_ent);
+        MAP_DEL_CURRENT(ip_key);
+      }
+    } DIGESTMAP_FOREACH_END;
+    /* If the entry is now empty of intro point failures, remove it. */
+    if (digestmap_isempty(ent->intro_failures)) {
+      rend_cache_failure_entry_free(ent);
+      MAP_DEL_CURRENT(key);
+    }
+  } STRMAP_FOREACH_END;
+}
+
+/** Removes all old entries from the client or service descriptor cache.
+*/
+void
+rend_cache_clean(time_t now, rend_cache_type_t cache_type)
+{
+  strmap_iter_t *iter;
+  const char *key;
+  void *val;
+  rend_cache_entry_t *ent;
+  time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
+  strmap_t *cache = NULL;
+
+  if (cache_type == REND_CACHE_TYPE_CLIENT) {
+    cache = rend_cache;
+  } else if (cache_type == REND_CACHE_TYPE_SERVICE)  {
+    cache = rend_cache_local_service;
+  }
+  tor_assert(cache);
+
+  for (iter = strmap_iter_init(cache); !strmap_iter_done(iter); ) {
+    strmap_iter_get(iter, &key, &val);
+    ent = (rend_cache_entry_t*)val;
+    if (ent->parsed->timestamp < cutoff) {
+      iter = strmap_iter_next_rmv(cache, iter);
+      rend_cache_entry_free(ent);
+    } else {
+      iter = strmap_iter_next(cache, iter);
+    }
+  }
+}
+
+/** Remove ALL entries from the rendezvous service descriptor cache.
+*/
+void
+rend_cache_purge(void)
+{
+  if (rend_cache) {
+    log_info(LD_REND, "Purging HS descriptor cache");
+    strmap_free(rend_cache, rend_cache_entry_free_);
+  }
+  rend_cache = strmap_new();
+}
+
+/** Remove ALL entries from the failure cache. This is also called when a
+ * NEWNYM signal is received. */
+void
+rend_cache_failure_purge(void)
+{
+  if (rend_cache_failure) {
+    log_info(LD_REND, "Purging HS failure cache");
+    strmap_free(rend_cache_failure, rend_cache_failure_entry_free_);
+  }
+  rend_cache_failure = strmap_new();
+}
+
+/** Lookup the rend failure cache using a relay identity digest in
+ * <b>identity</b> which has DIGEST_LEN bytes and service ID <b>service_id</b>
+ * which is a null-terminated string. If found, the intro failure is set in
+ * <b>intro_entry</b> else it stays untouched. Return 1 iff found else 0. */
+STATIC int
+cache_failure_intro_lookup(const uint8_t *identity, const char *service_id,
+                           rend_cache_failure_intro_t **intro_entry)
+{
+  rend_cache_failure_t *elem;
+  rend_cache_failure_intro_t *intro_elem;
+
+  tor_assert(rend_cache_failure);
+
+  if (intro_entry) {
+    *intro_entry = NULL;
+  }
+
+  /* Lookup descriptor and return it. */
+  elem = strmap_get_lc(rend_cache_failure, service_id);
+  if (elem == NULL) {
+    goto not_found;
+  }
+  intro_elem = digestmap_get(elem->intro_failures, (char *) identity);
+  if (intro_elem == NULL) {
+    goto not_found;
+  }
+  if (intro_entry) {
+    *intro_entry = intro_elem;
+  }
+  return 1;
+ not_found:
+  return 0;
+}
+
+/** Allocate a new cache failure intro object and copy the content from
+ * <b>entry</b> to this newly allocated object. Return it. */
+static rend_cache_failure_intro_t *
+cache_failure_intro_dup(const rend_cache_failure_intro_t *entry)
+{
+  rend_cache_failure_intro_t *ent_dup =
+    rend_cache_failure_intro_entry_new(entry->failure_type);
+  ent_dup->created_ts = entry->created_ts;
+  return ent_dup;
+}
+
+/** Add an intro point failure to the failure cache using the relay
+ * <b>identity</b> and service ID <b>service_id</b>. Record the
+ * <b>failure</b> in that object. */
+STATIC void
+cache_failure_intro_add(const uint8_t *identity, const char *service_id,
+                        rend_intro_point_failure_t failure)
+{
+  rend_cache_failure_t *fail_entry;
+  rend_cache_failure_intro_t *entry, *old_entry;
+
+  /* Make sure we have a failure object for this service ID and if not,
+   * create it with this new intro failure entry. */
+  fail_entry = strmap_get_lc(rend_cache_failure, service_id);
+  if (fail_entry == NULL) {
+    fail_entry = rend_cache_failure_entry_new();
+    /* Add failure entry to global rend failure cache. */
+    strmap_set_lc(rend_cache_failure, service_id, fail_entry);
+  }
+  entry = rend_cache_failure_intro_entry_new(failure);
+  old_entry = digestmap_set(fail_entry->intro_failures,
+                            (char *) identity, entry);
+  /* This _should_ be NULL, but in case it isn't, free it. */
+  rend_cache_failure_intro_entry_free(old_entry);
+}
+
+/** Using a parsed descriptor <b>desc</b>, check if the introduction points
+ * are present in the failure cache and if so they are removed from the
+ * descriptor and kept into the failure cache. Then, each intro points that
+ * are NOT in the descriptor but in the failure cache for the given
+ * <b>service_id</b> are removed from the failure cache. */
+STATIC void
+validate_intro_point_failure(const rend_service_descriptor_t *desc,
+                             const char *service_id)
+{
+  rend_cache_failure_t *new_entry, *cur_entry;
+  /* New entry for the service ID that will be replacing the one in the
+   * failure cache since we have a new descriptor. In the case where all
+   * intro points are removed, we are assured that the new entry is the same
+   * as the current one. */
+  new_entry = tor_malloc(sizeof(*new_entry));
+  new_entry->intro_failures = digestmap_new();
+
+  tor_assert(desc);
+
+  SMARTLIST_FOREACH_BEGIN(desc->intro_nodes, rend_intro_point_t *, intro) {
+    int found;
+    rend_cache_failure_intro_t *entry;
+    const uint8_t *identity =
+      (uint8_t *) intro->extend_info->identity_digest;
+
+    found = cache_failure_intro_lookup(identity, service_id, &entry);
+    if (found) {
+      /* Dup here since it will be freed at the end when removing the
+       * original entry in the cache. */
+      rend_cache_failure_intro_t *ent_dup = cache_failure_intro_dup(entry);
+      /* This intro point is in our cache, discard it from the descriptor
+       * because chances are that it's unusable. */
+      SMARTLIST_DEL_CURRENT(desc->intro_nodes, intro);
+      /* Keep it for our new entry. */
+      digestmap_set(new_entry->intro_failures, (char *) identity, ent_dup);
+      /* Only free it when we're done looking at it. */
+      rend_intro_point_free(intro);
+      continue;
+    }
+  } SMARTLIST_FOREACH_END(intro);
+
+  /* Swap the failure entry in the cache and free the current one. */
+  cur_entry = strmap_get_lc(rend_cache_failure, service_id);
+  if (cur_entry != NULL) {
+    rend_cache_failure_entry_free(cur_entry);
+  }
+  strmap_set_lc(rend_cache_failure, service_id, new_entry);
+}
+
+/** Note down an intro failure in the rend failure cache using the type of
+ * failure in <b>failure</b> for the relay identity digest in
+ * <b>identity</b> and service ID <b>service_id</b>. If an entry already
+ * exists in the cache, the failure type is changed with <b>failure</b>. */
+void
+rend_cache_intro_failure_note(rend_intro_point_failure_t failure,
+                              const uint8_t *identity,
+                              const char *service_id)
+{
+  int found;
+  rend_cache_failure_intro_t *entry;
+
+  found = cache_failure_intro_lookup(identity, service_id, &entry);
+  if (!found) {
+    cache_failure_intro_add(identity, service_id, failure);
+  } else {
+    /* Replace introduction point failure with this one. */
+    entry->failure_type = failure;
+  }
+}
+
+/** Remove all old v2 descriptors and those for which this hidden service
+ * directory is not responsible for any more.
+ *
+ * If at all possible, remove at least <b>force_remove</b> bytes of data.
+ */
+void
+rend_cache_clean_v2_descs_as_dir(time_t now, size_t force_remove)
+{
+  digestmap_iter_t *iter;
+  time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
+  const int LAST_SERVED_CUTOFF_STEP = 1800;
+  time_t last_served_cutoff = cutoff;
+  size_t bytes_removed = 0;
+  do {
+    for (iter = digestmap_iter_init(rend_cache_v2_dir);
+         !digestmap_iter_done(iter); ) {
+      const char *key;
+      void *val;
+      rend_cache_entry_t *ent;
+      digestmap_iter_get(iter, &key, &val);
+      ent = val;
+      if (ent->parsed->timestamp < cutoff ||
+          ent->last_served < last_served_cutoff) {
+        char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+        base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
+        log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
+                 safe_str_client(key_base32));
+        bytes_removed += rend_cache_entry_allocation(ent);
+        iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
+        rend_cache_entry_free(ent);
+      } else {
+        iter = digestmap_iter_next(rend_cache_v2_dir, iter);
+      }
+    }
+
+    /* In case we didn't remove enough bytes, advance the cutoff a little. */
+    last_served_cutoff += LAST_SERVED_CUTOFF_STEP;
+    if (last_served_cutoff > now)
+      break;
+  } while (bytes_removed < force_remove);
+}
+
+/** Lookup in the client cache the given service ID <b>query</b> for
+ * <b>version</b>.
+ *
+ * Return 0 if found and if <b>e</b> is non NULL, set it with the entry
+ * found. Else, a negative value is returned and <b>e</b> is untouched.
+ * -EINVAL means that <b>query</b> is not a valid service id.
+ * -ENOENT means that no entry in the cache was found. */
+int
+rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
+{
+  int ret = 0;
+  char key[REND_SERVICE_ID_LEN_BASE32 + 2]; /* <version><query>\0 */
+  rend_cache_entry_t *entry = NULL;
+  static const int default_version = 2;
+
+  tor_assert(rend_cache);
+  tor_assert(query);
+
+  if (!rend_valid_service_id(query)) {
+    ret = -EINVAL;
+    goto end;
+  }
+
+  switch (version) {
+    case 0:
+      log_warn(LD_REND, "Cache lookup of a v0 renddesc is deprecated.");
+      break;
+    case 2:
+      /* Default is version 2. */
+    default:
+      tor_snprintf(key, sizeof(key), "%d%s", default_version, query);
+      entry = strmap_get_lc(rend_cache, key);
+      break;
+  }
+  if (!entry) {
+    ret = -ENOENT;
+    goto end;
+  }
+  tor_assert(entry->parsed && entry->parsed->intro_nodes);
+
+  if (e) {
+    *e = entry;
+  }
+
+ end:
+  return ret;
+}
+
+/*
+ * Lookup the v2 service descriptor with the service ID <b>query</b> in the
+ * local service descriptor cache. Return 0 if found and if <b>e</b> is
+ * non NULL, set it with the entry found. Else, a negative value is returned
+ * and <b>e</b> is untouched.
+ * -EINVAL means that <b>query</b> is not a valid service id.
+ * -ENOENT means that no entry in the cache was found. */
+int
+rend_cache_lookup_v2_desc_as_service(const char *query, rend_cache_entry_t **e)
+{
+  int ret = 0;
+  rend_cache_entry_t *entry = NULL;
+
+  tor_assert(rend_cache_local_service);
+  tor_assert(query);
+
+  if (!rend_valid_service_id(query)) {
+    ret = -EINVAL;
+    goto end;
+  }
+
+  /* Lookup descriptor and return. */
+  entry = strmap_get_lc(rend_cache_local_service, query);
+  if (!entry) {
+    ret = -ENOENT;
+    goto end;
+  }
+
+  if (e) {
+    *e = entry;
+  }
+
+ end:
+  return ret;
+}
+
+/** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
+ * copy the pointer to it to *<b>desc</b>.  Return 1 on success, 0 on
+ * well-formed-but-not-found, and -1 on failure.
+ */
+int
+rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
+{
+  rend_cache_entry_t *e;
+  char desc_id_digest[DIGEST_LEN];
+  tor_assert(rend_cache_v2_dir);
+  if (base32_decode(desc_id_digest, DIGEST_LEN,
+                    desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
+    log_fn(LOG_PROTOCOL_WARN, LD_REND,
+           "Rejecting v2 rendezvous descriptor request -- descriptor ID "
+           "contains illegal characters: %s",
+           safe_str(desc_id));
+    return -1;
+  }
+  /* Lookup descriptor and return. */
+  e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
+  if (e) {
+    *desc = e->desc;
+    e->last_served = approx_time();
+    return 1;
+  }
+  return 0;
+}
+
+/** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
+ * local rend cache. Don't attempt to decrypt the included list of introduction
+ * points (as we don't have a descriptor cookie for it).
+ *
+ * If we have a newer descriptor with the same ID, ignore this one.
+ * If we have an older descriptor with the same ID, replace it.
+ *
+ * Return 0 on success, or -1 if we couldn't parse any of them.
+ *
+ * We should only call this function for public (e.g. non bridge) relays.
+ */
+int
+rend_cache_store_v2_desc_as_dir(const char *desc)
+{
+  const or_options_t *options = get_options();
+  rend_service_descriptor_t *parsed;
+  char desc_id[DIGEST_LEN];
+  char *intro_content;
+  size_t intro_size;
+  size_t encoded_size;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  int number_parsed = 0, number_stored = 0;
+  const char *current_desc = desc;
+  const char *next_desc;
+  rend_cache_entry_t *e;
+  time_t now = time(NULL);
+  tor_assert(rend_cache_v2_dir);
+  tor_assert(desc);
+  while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
+                                          &intro_size, &encoded_size,
+                                          &next_desc, current_desc, 1) >= 0) {
+    number_parsed++;
+    /* We don't care about the introduction points. */
+    tor_free(intro_content);
+    /* For pretty log statements. */
+    base32_encode(desc_id_base32, sizeof(desc_id_base32),
+                  desc_id, DIGEST_LEN);
+    /* Is descriptor too old? */
+    if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
+      log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
+               safe_str(desc_id_base32));
+      goto skip;
+    }
+    /* Is descriptor too far in the future? */
+    if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
+      log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
+               "future.",
+               safe_str(desc_id_base32));
+      goto skip;
+    }
+    /* Do we already have a newer descriptor? */
+    e = digestmap_get(rend_cache_v2_dir, desc_id);
+    if (e && e->parsed->timestamp > parsed->timestamp) {
+      log_info(LD_REND, "We already have a newer service descriptor with the "
+               "same desc ID %s and version.",
+               safe_str(desc_id_base32));
+      goto skip;
+    }
+    /* Do we already have this descriptor? */
+    if (e && !strcmp(desc, e->desc)) {
+      log_info(LD_REND, "We already have this service descriptor with desc "
+               "ID %s.", safe_str(desc_id_base32));
+      goto skip;
+    }
+    /* Store received descriptor. */
+    if (!e) {
+      e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+      digestmap_set(rend_cache_v2_dir, desc_id, e);
+      /* Treat something just uploaded as having been served a little
+       * while ago, so that flooding with new descriptors doesn't help
+       * too much.
+       */
+      e->last_served = approx_time() - 3600;
+    } else {
+      rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+      rend_service_descriptor_free(e->parsed);
+      tor_free(e->desc);
+    }
+    e->parsed = parsed;
+    e->desc = tor_strndup(current_desc, encoded_size);
+    e->len = encoded_size;
+    rend_cache_increment_allocation(rend_cache_entry_allocation(e));
+    log_info(LD_REND, "Successfully stored service descriptor with desc ID "
+             "'%s' and len %d.",
+             safe_str(desc_id_base32), (int)encoded_size);
+    /* Statistics: Note down this potentially new HS. */
+    if (options->HiddenServiceStatistics) {
+      rep_hist_stored_maybe_new_hs(e->parsed->pk);
+    }
+
+    number_stored++;
+    goto advance;
+ skip:
+    rend_service_descriptor_free(parsed);
+ advance:
+    /* advance to next descriptor, if available. */
+    current_desc = next_desc;
+    /* check if there is a next descriptor. */
+    if (!current_desc ||
+        strcmpstart(current_desc, "rendezvous-service-descriptor "))
+      break;
+  }
+  if (!number_parsed) {
+    log_info(LD_REND, "Could not parse any descriptor.");
+    return -1;
+  }
+  log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
+           number_parsed, number_stored, number_stored != 1 ? "s" : "");
+  return 0;
+}
+
+/** Parse the v2 service descriptor in <b>desc</b> and store it to the
+* local service rend cache. Don't attempt to decrypt the included list of
+* introduction points.
+*
+* If we have a newer descriptor with the same ID, ignore this one.
+* If we have an older descriptor with the same ID, replace it.
+*
+* Return 0 on success, or -1 if we couldn't understand the descriptor.
+*/
+int
+rend_cache_store_v2_desc_as_service(const char *desc)
+{
+  rend_service_descriptor_t *parsed = NULL;
+  char desc_id[DIGEST_LEN];
+  char *intro_content = NULL;
+  size_t intro_size;
+  size_t encoded_size;
+  const char *next_desc;
+  char service_id[REND_SERVICE_ID_LEN_BASE32+1];
+  rend_cache_entry_t *e;
+  int retval = -1;
+  tor_assert(rend_cache_local_service);
+  tor_assert(desc);
+
+  /* Parse the descriptor. */
+  if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
+                                       &intro_size, &encoded_size,
+                                       &next_desc, desc, 0) < 0) {
+    log_warn(LD_REND, "Could not parse descriptor.");
+    goto err;
+  }
+  /* Compute service ID from public key. */
+  if (rend_get_service_id(parsed->pk, service_id)<0) {
+    log_warn(LD_REND, "Couldn't compute service ID.");
+    goto err;
+  }
+
+  /* Do we already have a newer descriptor? Allow new descriptors with a
+     rounded timestamp equal to or newer than the current descriptor */
+  e = (rend_cache_entry_t*) strmap_get_lc(rend_cache_local_service,
+                                          service_id);
+  if (e && e->parsed->timestamp > parsed->timestamp) {
+    log_info(LD_REND, "We already have a newer service descriptor for "
+             "service ID %s.", safe_str_client(service_id));
+    goto okay;
+  }
+  /* We don't care about the introduction points. */
+  tor_free(intro_content);
+  if (!e) {
+    e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+    strmap_set_lc(rend_cache_local_service, service_id, e);
+  } else {
+    rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+    rend_service_descriptor_free(e->parsed);
+    tor_free(e->desc);
+  }
+  e->parsed = parsed;
+  e->desc = tor_malloc_zero(encoded_size + 1);
+  strlcpy(e->desc, desc, encoded_size + 1);
+  e->len = encoded_size;
+  rend_cache_increment_allocation(rend_cache_entry_allocation(e));
+  log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
+            safe_str_client(service_id), (int)encoded_size);
+  return 0;
+
+ okay:
+  retval = 0;
+
+ err:
+  rend_service_descriptor_free(parsed);
+  tor_free(intro_content);
+  return retval;
+}
+
+/** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
+ * of introduction points with <b>descriptor_cookie</b> (which may also be
+ * <b>NULL</b> if decryption is not necessary), and store the descriptor to
+ * the local cache under its version and service id.
+ *
+ * If we have a newer v2 descriptor with the same ID, ignore this one.
+ * If we have an older descriptor with the same ID, replace it.
+ * If the descriptor's service ID does not match
+ * <b>rend_query</b>-\>onion_address, reject it.
+ *
+ * If the descriptor's descriptor ID doesn't match <b>desc_id_base32</b>,
+ * reject it.
+ *
+ * Return 0 on success, or -1 if we rejected the descriptor.
+ * If entry is not NULL, set it with the cache entry pointer of the descriptor.
+ */
+int
+rend_cache_store_v2_desc_as_client(const char *desc,
+                                   const char *desc_id_base32,
+                                   const rend_data_t *rend_query,
+                                   rend_cache_entry_t **entry)
+{
+  /*XXXX this seems to have a bit of duplicate code with
+   * rend_cache_store_v2_desc_as_dir().  Fix that. */
+  /* Though having similar elements, both functions were separated on
+   * purpose:
+   * - dirs don't care about encoded/encrypted introduction points, clients
+   *   do.
+   * - dirs store descriptors in a separate cache by descriptor ID, whereas
+   *   clients store them by service ID; both caches are different data
+   *   structures and have different access methods.
+   * - dirs store a descriptor only if they are responsible for its ID,
+   *   clients do so in every way (because they have requested it before).
+   * - dirs can process multiple concatenated descriptors which is required
+   *   for replication, whereas clients only accept a single descriptor.
+   * Thus, combining both methods would result in a lot of if statements
+   * which probably would not improve, but worsen code readability. -KL */
+  rend_service_descriptor_t *parsed = NULL;
+  char desc_id[DIGEST_LEN];
+  char *intro_content = NULL;
+  size_t intro_size;
+  size_t encoded_size;
+  const char *next_desc;
+  time_t now = time(NULL);
+  char key[REND_SERVICE_ID_LEN_BASE32+2];
+  char service_id[REND_SERVICE_ID_LEN_BASE32+1];
+  char want_desc_id[DIGEST_LEN];
+  rend_cache_entry_t *e;
+  int retval = -1;
+  tor_assert(rend_cache);
+  tor_assert(desc);
+  tor_assert(desc_id_base32);
+  memset(want_desc_id, 0, sizeof(want_desc_id));
+  if (entry) {
+    *entry = NULL;
+  }
+  if (base32_decode(want_desc_id, sizeof(want_desc_id),
+                    desc_id_base32, strlen(desc_id_base32)) != 0) {
+    log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.",
+             escaped_safe_str_client(desc_id_base32));
+    goto err;
+  }
+  /* Parse the descriptor. */
+  if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
+                                       &intro_size, &encoded_size,
+                                       &next_desc, desc, 0) < 0) {
+    log_warn(LD_REND, "Could not parse descriptor.");
+    goto err;
+  }
+  /* Compute service ID from public key. */
+  if (rend_get_service_id(parsed->pk, service_id)<0) {
+    log_warn(LD_REND, "Couldn't compute service ID.");
+    goto err;
+  }
+  if (rend_query->onion_address[0] != '\0' &&
+      strcmp(rend_query->onion_address, service_id)) {
+    log_warn(LD_REND, "Received service descriptor for service ID %s; "
+             "expected descriptor for service ID %s.",
+             service_id, safe_str(rend_query->onion_address));
+    goto err;
+  }
+  if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) {
+    log_warn(LD_REND, "Received service descriptor for %s with incorrect "
+             "descriptor ID.", service_id);
+    goto err;
+  }
+
+  /* Decode/decrypt introduction points. */
+  if (intro_content && intro_size > 0) {
+    int n_intro_points;
+    if (rend_query->auth_type != REND_NO_AUTH &&
+        !tor_mem_is_zero(rend_query->descriptor_cookie,
+                         sizeof(rend_query->descriptor_cookie))) {
+      char *ipos_decrypted = NULL;
+      size_t ipos_decrypted_size;
+      if (rend_decrypt_introduction_points(&ipos_decrypted,
+                                           &ipos_decrypted_size,
+                                           rend_query->descriptor_cookie,
+                                           intro_content,
+                                           intro_size) < 0) {
+        log_warn(LD_REND, "Failed to decrypt introduction points. We are "
+                 "probably unable to parse the encoded introduction points.");
+      } else {
+        /* Replace encrypted with decrypted introduction points. */
+        log_info(LD_REND, "Successfully decrypted introduction points.");
+        tor_free(intro_content);
+        intro_content = ipos_decrypted;
+        intro_size = ipos_decrypted_size;
+      }
+    }
+    n_intro_points = rend_parse_introduction_points(parsed, intro_content,
+                                                    intro_size);
+    if (n_intro_points <= 0) {
+      log_warn(LD_REND, "Failed to parse introduction points. Either the "
+               "service has published a corrupt descriptor or you have "
+               "provided invalid authorization data, or (maybe!) the "
+               "server is deliberately serving broken data in an attempt "
+               "to crash you with bug 21018.");
+      goto err;
+    } else if (n_intro_points > MAX_INTRO_POINTS) {
+      log_warn(LD_REND, "Found too many introduction points on a hidden "
+               "service descriptor for %s. This is probably a (misguided) "
+               "attempt to improve reliability, but it could also be an "
+               "attempt to do a guard enumeration attack. Rejecting.",
+               safe_str_client(service_id));
+
+      goto err;
+    }
+  } else {
+    log_info(LD_REND, "Descriptor does not contain any introduction points.");
+    parsed->intro_nodes = smartlist_new();
+  }
+  /* We don't need the encoded/encrypted introduction points any longer. */
+  tor_free(intro_content);
+  /* Is descriptor too old? */
+  if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
+    log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
+             safe_str_client(service_id));
+    goto err;
+  }
+  /* Is descriptor too far in the future? */
+  if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
+    log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
+             "the future.", safe_str_client(service_id));
+    goto err;
+  }
+  /* Do we have the same exact copy already in our cache? */
+  tor_snprintf(key, sizeof(key), "2%s", service_id);
+  e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
+  if (e && !strcmp(desc, e->desc)) {
+    log_info(LD_REND,"We already have this service descriptor %s.",
+             safe_str_client(service_id));
+    goto okay;
+  }
+  /* Verify that we are not replacing an older descriptor. It's important to
+   * avoid an evil HSDir serving old descriptor. We validate if the
+   * timestamp is greater than and not equal because it's a rounded down
+   * timestamp to the hour so if the descriptor changed in the same hour,
+   * the rend cache failure will tells us if we have a new descriptor. */
+  if (e && e->parsed->timestamp > parsed->timestamp) {
+    log_info(LD_REND, "We already have a new enough service descriptor for "
+             "service ID %s with the same desc ID and version.",
+             safe_str_client(service_id));
+    goto okay;
+  }
+  /* Lookup our failure cache for intro point that might be unsuable. */
+  validate_intro_point_failure(parsed, service_id);
+  /* It's now possible that our intro point list is empty, this means that
+   * this descriptor is useless to us because intro points have all failed
+   * somehow before. Discard the descriptor. */
+  if (smartlist_len(parsed->intro_nodes) == 0) {
+    log_info(LD_REND, "Service descriptor with service ID %s, every "
+             "intro points are unusable. Discarding it.",
+             safe_str_client(service_id));
+    goto err;
+  }
+  /* Now either purge the current one and replace it's content or create a
+   * new one and add it to the rend cache. */
+  if (!e) {
+    e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+    strmap_set_lc(rend_cache, key, e);
+  } else {
+    rend_cache_decrement_allocation(rend_cache_entry_allocation(e));
+    rend_cache_failure_remove(e->parsed);
+    rend_service_descriptor_free(e->parsed);
+    tor_free(e->desc);
+  }
+  e->parsed = parsed;
+  e->desc = tor_malloc_zero(encoded_size + 1);
+  strlcpy(e->desc, desc, encoded_size + 1);
+  e->len = encoded_size;
+  rend_cache_increment_allocation(rend_cache_entry_allocation(e));
+  log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
+            safe_str_client(service_id), (int)encoded_size);
+  if (entry) {
+    *entry = e;
+  }
+  return 0;
+
+ okay:
+  if (entry) {
+    *entry = e;
+  }
+  retval = 0;
+
+ err:
+  rend_service_descriptor_free(parsed);
+  tor_free(intro_content);
+  return retval;
+}
+
diff --git a/src/or/rendcache.h b/src/or/rendcache.h
new file mode 100644
index 0000000000..0e8b918753
--- /dev/null
+++ b/src/or/rendcache.h
@@ -0,0 +1,108 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file rendcache.h
+ * \brief Header file for rendcache.c
+ **/
+
+#ifndef TOR_RENDCACHE_H
+#define TOR_RENDCACHE_H
+
+#include "or.h"
+#include "rendcommon.h"
+
+/** How old do we let hidden service descriptors get before discarding
+ * them as too old? */
+#define REND_CACHE_MAX_AGE (2*24*60*60)
+/** How wrong do we assume our clock may be when checking whether hidden
+ * services are too old or too new? */
+#define REND_CACHE_MAX_SKEW (24*60*60)
+/** How old do we keep an intro point failure entry in the failure cache? */
+#define REND_CACHE_FAILURE_MAX_AGE (5*60)
+
+/* Do not allow more than this many introduction points in a hidden service
+ * descriptor */
+#define MAX_INTRO_POINTS 10
+
+/** A cached rendezvous descriptor. */
+typedef struct rend_cache_entry_t {
+  size_t len; /**< Length of <b>desc</b> */
+  time_t last_served; /**< When did we last write this one to somebody?
+                       * (HSDir only) */
+  char *desc; /**< Service descriptor */
+  rend_service_descriptor_t *parsed; /**< Parsed value of 'desc' */
+} rend_cache_entry_t;
+
+/* Introduction point failure type. */
+typedef struct rend_cache_failure_intro_t {
+  /* When this intro point failure occured thus we allocated this object and
+   * cache it. */
+  time_t created_ts;
+  rend_intro_point_failure_t failure_type;
+} rend_cache_failure_intro_t;
+
+/** Cache failure object indexed by service ID. */
+typedef struct rend_cache_failure_t {
+  /* Contains rend_cache_failure_intro_t indexed by identity digest. */
+  digestmap_t *intro_failures;
+} rend_cache_failure_t;
+
+typedef enum {
+  REND_CACHE_TYPE_CLIENT  = 1,
+  REND_CACHE_TYPE_SERVICE = 2,
+} rend_cache_type_t;
+
+void rend_cache_init(void);
+void rend_cache_clean(time_t now, rend_cache_type_t cache_type);
+void rend_cache_failure_clean(time_t now);
+void rend_cache_clean_v2_descs_as_dir(time_t now, size_t min_to_remove);
+void rend_cache_purge(void);
+void rend_cache_free_all(void);
+int rend_cache_lookup_entry(const char *query, int version,
+                            rend_cache_entry_t **entry_out);
+int rend_cache_lookup_v2_desc_as_service(const char *query,
+                                         rend_cache_entry_t **entry_out);
+int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc);
+
+int rend_cache_store_v2_desc_as_dir(const char *desc);
+int rend_cache_store_v2_desc_as_service(const char *desc);
+int rend_cache_store_v2_desc_as_client(const char *desc,
+                                       const char *desc_id_base32,
+                                       const rend_data_t *rend_query,
+                                       rend_cache_entry_t **entry);
+size_t rend_cache_get_total_allocation(void);
+
+void rend_cache_intro_failure_note(rend_intro_point_failure_t failure,
+                                   const uint8_t *identity,
+                                   const char *service_id);
+void rend_cache_failure_purge(void);
+
+#ifdef RENDCACHE_PRIVATE
+
+STATIC size_t rend_cache_entry_allocation(const rend_cache_entry_t *e);
+STATIC void rend_cache_entry_free(rend_cache_entry_t *e);
+STATIC void rend_cache_failure_intro_entry_free(rend_cache_failure_intro_t
+                                                *entry);
+STATIC void rend_cache_failure_entry_free(rend_cache_failure_t *entry);
+STATIC int cache_failure_intro_lookup(const uint8_t *identity,
+                                      const char *service_id,
+                                      rend_cache_failure_intro_t
+                                      **intro_entry);
+STATIC void rend_cache_decrement_allocation(size_t n);
+STATIC void rend_cache_increment_allocation(size_t n);
+STATIC rend_cache_failure_intro_t *rend_cache_failure_intro_entry_new(
+                                      rend_intro_point_failure_t failure);
+STATIC rend_cache_failure_t *rend_cache_failure_entry_new(void);
+STATIC void rend_cache_failure_remove(rend_service_descriptor_t *desc);
+STATIC void cache_failure_intro_add(const uint8_t *identity,
+                                    const char *service_id,
+                                    rend_intro_point_failure_t failure);
+STATIC void validate_intro_point_failure(const rend_service_descriptor_t *desc,
+                                        const char *service_id);
+
+STATIC void rend_cache_failure_entry_free_(void *entry);
+#endif
+
+#endif /* TOR_RENDCACHE_H */
+
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 19a8cef1bf..609c45c71d 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -38,6 +38,7 @@ void
 rend_client_purge_state(void)
 {
   rend_cache_purge();
+  rend_cache_failure_purge();
   rend_client_cancel_descriptor_fetches();
   rend_client_purge_last_hid_serv_requests();
 }
@@ -51,7 +52,7 @@ rend_client_introcirc_has_opened(origin_circuit_t *circ)
   tor_assert(circ->cpath);
 
   log_info(LD_REND,"introcirc is open");
-  connection_ap_attach_pending();
+  connection_ap_attach_pending(1);
 }
 
 /** Send the establish-rendezvous cell along a rendezvous circuit. if
@@ -64,11 +65,7 @@ rend_client_send_establish_rendezvous(origin_circuit_t *circ)
   tor_assert(circ->rend_data);
   log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
 
-  if (crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN) < 0) {
-    log_warn(LD_BUG, "Internal error: Couldn't produce random cookie.");
-    circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
-    return -1;
-  }
+  crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN);
 
   /* Set timestamp_dirty, because circuit_expire_building expects it,
    * and the rend cookie also means we've used the circ. */
@@ -130,16 +127,6 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ)
   return result;
 }
 
-/** Return true iff we should send timestamps in our INTRODUCE1 cells */
-static int
-rend_client_should_send_timestamp(void)
-{
-  if (get_options()->Support022HiddenServices >= 0)
-    return get_options()->Support022HiddenServices;
-
-  return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1);
-}
-
 /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
  * down introcirc if possible.
  */
@@ -151,7 +138,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   int r, v3_shift = 0;
   char payload[RELAY_PAYLOAD_SIZE];
   char tmp[RELAY_PAYLOAD_SIZE];
-  rend_cache_entry_t *entry;
+  rend_cache_entry_t *entry = NULL;
   crypt_path_t *cpath;
   off_t dh_offset;
   crypto_pk_t *intro_key = NULL;
@@ -168,8 +155,13 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   tor_assert(!(rendcirc->build_state->onehop_tunnel));
 #endif
 
-  if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
-                              &entry) < 1) {
+  r = rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
+                              &entry);
+  /* An invalid onion address is not possible else we have a big issue. */
+  tor_assert(r != -EINVAL);
+  if (r < 0 || !rend_client_any_intro_points_usable(entry)) {
+    /* If the descriptor is not found or the intro points are not usable
+     * anymore, trigger a fetch. */
     log_info(LD_REND,
              "query %s didn't have valid rend desc in cache. "
              "Refetching descriptor.",
@@ -181,6 +173,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
       while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
                        AP_CONN_STATE_CIRCUIT_WAIT,
                        introcirc->rend_data->onion_address))) {
+        connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn));
         conn->state = AP_CONN_STATE_RENDDESC_WAIT;
       }
     }
@@ -189,7 +182,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
     goto cleanup;
   }
 
-  /* first 20 bytes of payload are the hash of Bob's pk */
+  /* first 20 bytes of payload are the hash of the service's pk */
   intro_key = NULL;
   SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
                     intro, {
@@ -251,14 +244,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
              REND_DESC_COOKIE_LEN);
       v3_shift += 2+REND_DESC_COOKIE_LEN;
     }
-    if (rend_client_should_send_timestamp()) {
-      uint32_t now = (uint32_t)time(NULL);
-      now += 300;
-      now -= now % 600;
-      set_uint32(tmp+v3_shift+1, htonl(now));
-    } else {
-      set_uint32(tmp+v3_shift+1, 0);
-    }
+    /* Once this held a timestamp. */
+    set_uint32(tmp+v3_shift+1, 0);
     v3_shift += 4;
   } /* if version 2 only write version number */
   else if (entry->parsed->protocols & (1<<2)) {
@@ -370,15 +357,13 @@ rend_client_rendcirc_has_opened(origin_circuit_t *circ)
 }
 
 /**
- * Called to close other intro circuits we launched in parallel
- * due to timeout.
+ * Called to close other intro circuits we launched in parallel.
  */
 static void
 rend_client_close_other_intros(const char *onion_address)
 {
-  circuit_t *c;
   /* abort parallel intro circs, if any */
-  TOR_LIST_FOREACH(c, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) {
     if ((c->purpose == CIRCUIT_PURPOSE_C_INTRODUCING ||
         c->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) &&
         !c->marked_for_close && CIRCUIT_IS_ORIGIN(c)) {
@@ -389,10 +374,11 @@ rend_client_close_other_intros(const char *onion_address)
         log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we "
                  "built in parallel (Purpose %d).", oc->global_identifier,
                  c->purpose);
-        circuit_mark_for_close(c, END_CIRC_REASON_TIMEOUT);
+        circuit_mark_for_close(c, END_CIRC_REASON_IP_NOW_REDUNDANT);
       }
     }
   }
+  SMARTLIST_FOREACH_END(c);
 }
 
 /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
@@ -468,6 +454,13 @@ rend_client_introduction_acked(origin_circuit_t *circ,
       /* XXXX If that call failed, should we close the rend circuit,
        * too? */
       return result;
+    } else {
+      /* Close circuit because no more intro points are usable thus not
+       * useful anymore. Change it's purpose before so we don't report an
+       * intro point failure again triggering an extra descriptor fetch. */
+      circuit_change_purpose(TO_CIRCUIT(circ),
+          CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
+      circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
     }
   }
   return 0;
@@ -479,9 +472,8 @@ rend_client_introduction_acked(origin_circuit_t *circ,
 
 /** Contains the last request times to hidden service directories for
  * certain queries; each key is a string consisting of the
- * concatenation of a base32-encoded HS directory identity digest, a
- * base32-encoded HS descriptor ID, and a hidden service address
- * (without the ".onion" part); each value is a pointer to a time_t
+ * concatenation of a base32-encoded HS directory identity digest and
+ * base32-encoded HS descriptor ID; each value is a pointer to a time_t
  * holding the time of the last request for that descriptor ID to that
  * HS directory. */
 static strmap_t *last_hid_serv_requests_ = NULL;
@@ -497,19 +489,16 @@ get_last_hid_serv_requests(void)
 }
 
 #define LAST_HID_SERV_REQUEST_KEY_LEN (REND_DESC_ID_V2_LEN_BASE32 + \
-                                       REND_DESC_ID_V2_LEN_BASE32 + \
-                                       REND_SERVICE_ID_LEN_BASE32)
+                                       REND_DESC_ID_V2_LEN_BASE32)
 
 /** Look up the last request time to hidden service directory <b>hs_dir</b>
- * for descriptor ID <b>desc_id_base32</b> for the service specified in
- * <b>rend_query</b>. If <b>set</b> is non-zero,
- * assign the current time <b>now</b> and return that. Otherwise, return
- * the most recent request time, or 0 if no such request has been sent
- * before. */
+ * for descriptor ID <b>desc_id_base32</b>. If <b>set</b> is non-zero,
+ * assign the current time <b>now</b> and return that. Otherwise, return the
+ * most recent request time, or 0 if no such request has been sent before.
+ */
 static time_t
 lookup_last_hid_serv_request(routerstatus_t *hs_dir,
                              const char *desc_id_base32,
-                             const rend_data_t *rend_query,
                              time_t now, int set)
 {
   char hsdir_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
@@ -518,10 +507,9 @@ lookup_last_hid_serv_request(routerstatus_t *hs_dir,
   strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
   base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32),
                 hs_dir->identity_digest, DIGEST_LEN);
-  tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s%s",
+  tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s",
                hsdir_id_base32,
-               desc_id_base32,
-               rend_query->onion_address);
+               desc_id_base32);
   /* XXX023 tor_assert(strlen(hsdir_desc_comb_id) ==
                        LAST_HID_SERV_REQUEST_KEY_LEN); */
   if (set) {
@@ -562,15 +550,23 @@ directory_clean_last_hid_serv_requests(time_t now)
   }
 }
 
-/** Remove all requests related to the hidden service named
- * <b>onion_address</b> from the history of times of requests to
- * hidden service directories. */
+/** Remove all requests related to the descriptor ID <b>desc_id</b> from the
+ * history of times of requests to hidden service directories.
+ * <b>desc_id</b> is an unencoded descriptor ID of size DIGEST_LEN.
+ *
+ * This is called from rend_client_note_connection_attempt_ended(), which
+ * must be idempotent, so any future changes to this function must leave it
+ * idempotent too. */
 static void
-purge_hid_serv_from_last_hid_serv_requests(const char *onion_address)
+purge_hid_serv_from_last_hid_serv_requests(const char *desc_id)
 {
   strmap_iter_t *iter;
   strmap_t *last_hid_serv_requests = get_last_hid_serv_requests();
-  /* XXX023 tor_assert(strlen(onion_address) == REND_SERVICE_ID_LEN_BASE32); */
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+
+  /* Key is stored with the base32 encoded desc_id. */
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
+                DIGEST_LEN);
   for (iter = strmap_iter_init(last_hid_serv_requests);
        !strmap_iter_done(iter); ) {
     const char *key;
@@ -578,9 +574,9 @@ purge_hid_serv_from_last_hid_serv_requests(const char *onion_address)
     strmap_iter_get(iter, &key, &val);
     /* XXX023 tor_assert(strlen(key) == LAST_HID_SERV_REQUEST_KEY_LEN); */
     if (tor_memeq(key + LAST_HID_SERV_REQUEST_KEY_LEN -
-                  REND_SERVICE_ID_LEN_BASE32,
-                  onion_address,
-                  REND_SERVICE_ID_LEN_BASE32)) {
+                  REND_DESC_ID_V2_LEN_BASE32,
+                  desc_id_base32,
+                  REND_DESC_ID_V2_LEN_BASE32)) {
       iter = strmap_iter_next_rmv(last_hid_serv_requests, iter);
       tor_free(val);
     } else {
@@ -609,59 +605,53 @@ rend_client_purge_last_hid_serv_requests(void)
   }
 }
 
-/** Determine the responsible hidden service directories for <b>desc_id</b>
- * and fetch the descriptor with that ID from one of them. Only
- * send a request to a hidden service directory that we have not yet tried
- * during this attempt to connect to this hidden service; on success, return 1,
- * in the case that no hidden service directory is left to ask for the
- * descriptor, return 0, and in case of a failure -1.  */
-static int
-directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
+/** This returns a good valid hs dir that should be used for the given
+ * descriptor id.
+ *
+ * Return NULL on error else the hsdir node pointer. */
+static routerstatus_t *
+pick_hsdir(const char *desc_id, const char *desc_id_base32)
 {
   smartlist_t *responsible_dirs = smartlist_new();
   smartlist_t *usable_responsible_dirs = smartlist_new();
   const or_options_t *options = get_options();
   routerstatus_t *hs_dir;
-  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
   time_t now = time(NULL);
-  char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
-  const int tor2web_mode = options->Tor2webMode;
   int excluded_some;
-  tor_assert(desc_id);
-  tor_assert(rend_query);
-  /* Determine responsible dirs. Even if we can't get all we want,
-   * work with the ones we have. If it's empty, we'll notice below. */
-  hid_serv_get_responsible_directories(responsible_dirs, desc_id);
 
-  base32_encode(desc_id_base32, sizeof(desc_id_base32),
-                desc_id, DIGEST_LEN);
+  tor_assert(desc_id);
+  tor_assert(desc_id_base32);
 
-  /* Only select those hidden service directories to which we did not send
-   * a request recently and for which we have a router descriptor here. */
+  /* Determine responsible dirs. Even if we can't get all we want, work with
+   * the ones we have. If it's empty, we'll notice below. */
+  hid_serv_get_responsible_directories(responsible_dirs, desc_id);
 
   /* Clean request history first. */
   directory_clean_last_hid_serv_requests(now);
 
-  SMARTLIST_FOREACH(responsible_dirs, routerstatus_t *, dir, {
-      time_t last = lookup_last_hid_serv_request(
-                            dir, desc_id_base32, rend_query, 0, 0);
-      const node_t *node = node_get_by_id(dir->identity_digest);
-      if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
-          !node || !node_has_descriptor(node)) {
-        SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
-        continue;
-      }
-      if (! routerset_contains_node(options->ExcludeNodes, node)) {
-        smartlist_add(usable_responsible_dirs, dir);
-      }
-  });
+  /* Only select those hidden service directories to which we did not send a
+   * request recently and for which we have a router descriptor here. */
+  SMARTLIST_FOREACH_BEGIN(responsible_dirs, routerstatus_t *, dir) {
+    time_t last = lookup_last_hid_serv_request(dir, desc_id_base32,
+                                               0, 0);
+    const node_t *node = node_get_by_id(dir->identity_digest);
+    if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
+        !node || !node_has_descriptor(node)) {
+      SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
+      continue;
+    }
+    if (!routerset_contains_node(options->ExcludeNodes, node)) {
+      smartlist_add(usable_responsible_dirs, dir);
+    }
+  } SMARTLIST_FOREACH_END(dir);
 
   excluded_some =
     smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
 
   hs_dir = smartlist_choose(usable_responsible_dirs);
-  if (! hs_dir && ! options->StrictNodes)
+  if (!hs_dir && !options->StrictNodes) {
     hs_dir = smartlist_choose(responsible_dirs);
+  }
 
   smartlist_free(responsible_dirs);
   smartlist_free(usable_responsible_dirs);
@@ -674,23 +664,69 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
                "requested hidden service: they are all either down or "
                "excluded, and StrictNodes is set.");
     }
-    return 0;
+  } else {
+    /* Remember that we are requesting a descriptor from this hidden service
+     * directory now. */
+    lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1);
+  }
+
+  return hs_dir;
+}
+
+/** Determine the responsible hidden service directories for <b>desc_id</b>
+ * and fetch the descriptor with that ID from one of them. Only
+ * send a request to a hidden service directory that we have not yet tried
+ * during this attempt to connect to this hidden service; on success, return 1,
+ * in the case that no hidden service directory is left to ask for the
+ * descriptor, return 0, and in case of a failure -1.  */
+static int
+directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query,
+                          routerstatus_t *rs_hsdir)
+{
+  routerstatus_t *hs_dir = rs_hsdir;
+  char *hsdir_fp;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
+#ifdef ENABLE_TOR2WEB_MODE
+  const int tor2web_mode = get_options()->Tor2webMode;
+  const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS;
+#else
+  const int how_to_fetch = DIRIND_ANONYMOUS;
+#endif
+
+  tor_assert(desc_id);
+
+  base32_encode(desc_id_base32, sizeof(desc_id_base32),
+                desc_id, DIGEST_LEN);
+
+  /* Automatically pick an hs dir if none given. */
+  if (!rs_hsdir) {
+    hs_dir = pick_hsdir(desc_id, desc_id_base32);
+    if (!hs_dir) {
+      /* No suitable hs dir can be found, stop right now. */
+      return 0;
+    }
   }
 
-  /* Remember that we are requesting a descriptor from this hidden service
-   * directory now. */
-  lookup_last_hid_serv_request(hs_dir, desc_id_base32, rend_query, now, 1);
+  /* Add a copy of the HSDir identity digest to the query so we can track it
+   * on the control port. */
+  hsdir_fp = tor_memdup(hs_dir->identity_digest,
+                        sizeof(hs_dir->identity_digest));
+  smartlist_add(rend_query->hsdirs_fp, hsdir_fp);
 
-  /* Encode descriptor cookie for logging purposes. */
+  /* Encode descriptor cookie for logging purposes. Also, if the cookie is
+   * malformed, no fetch is triggered thus this needs to be done before the
+   * fetch request. */
   if (rend_query->auth_type != REND_NO_AUTH) {
     if (base64_encode(descriptor_cookie_base64,
                       sizeof(descriptor_cookie_base64),
-                      rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN)<0) {
+                      rend_query->descriptor_cookie, REND_DESC_COOKIE_LEN,
+                      0)<0) {
       log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
       return 0;
     }
-    /* Remove == signs and newline. */
-    descriptor_cookie_base64[strlen(descriptor_cookie_base64)-3] = '\0';
+    /* Remove == signs. */
+    descriptor_cookie_base64[strlen(descriptor_cookie_base64)-2] = '\0';
   } else {
     strlcpy(descriptor_cookie_base64, "(none)",
             sizeof(descriptor_cookie_base64));
@@ -702,7 +738,7 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
   directory_initiate_command_routerstatus_rend(hs_dir,
                                           DIR_PURPOSE_FETCH_RENDDESC_V2,
                                           ROUTER_PURPOSE_GENERAL,
-                                   tor2web_mode?DIRIND_ONEHOP:DIRIND_ANONYMOUS,
+                                          how_to_fetch,
                                           desc_id_base32,
                                           NULL, 0, 0,
                                           rend_query);
@@ -721,16 +757,143 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
   return 1;
 }
 
+/** Fetch a v2 descriptor using the given descriptor id. If any hsdir(s) are
+ * given, they will be used instead.
+ *
+ * On success, 1 is returned. If no hidden service is left to ask, return 0.
+ * On error, -1 is returned. */
+static int
+fetch_v2_desc_by_descid(const char *desc_id, const rend_data_t *rend_query,
+                        smartlist_t *hsdirs)
+{
+  int ret;
+
+  tor_assert(rend_query);
+
+  if (!hsdirs) {
+    ret = directory_get_from_hs_dir(desc_id, rend_query, NULL);
+    goto end; /* either success or failure, but we're done */
+  }
+
+  /* Using the given hsdir list, trigger a fetch on each of them. */
+  SMARTLIST_FOREACH_BEGIN(hsdirs, routerstatus_t *, hs_dir) {
+    /* This should always be a success. */
+    ret = directory_get_from_hs_dir(desc_id, rend_query, hs_dir);
+    tor_assert(ret);
+  } SMARTLIST_FOREACH_END(hs_dir);
+
+  /* Everything went well. */
+  ret = 0;
+
+ end:
+  return ret;
+}
+
+/** Fetch a v2 descriptor using the onion address in the given query object.
+ * This will compute the descriptor id for each replicas and fetch it on the
+ * given hsdir(s) if any or the responsible ones that are choosen
+ * automatically.
+ *
+ * On success, 1 is returned. If no hidden service is left to ask, return 0.
+ * On error, -1 is returned. */
+static int
+fetch_v2_desc_by_addr(rend_data_t *query, smartlist_t *hsdirs)
+{
+  char descriptor_id[DIGEST_LEN];
+  int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
+  int i, tries_left, ret;
+
+  tor_assert(query);
+
+  /* Randomly iterate over the replicas until a descriptor can be fetched
+   * from one of the consecutive nodes, or no options are left. */
+  for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++) {
+    replicas_left_to_try[i] = i;
+  }
+
+  tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
+  while (tries_left > 0) {
+    int rand = crypto_rand_int(tries_left);
+    int chosen_replica = replicas_left_to_try[rand];
+    replicas_left_to_try[rand] = replicas_left_to_try[--tries_left];
+
+    ret = rend_compute_v2_desc_id(descriptor_id, query->onion_address,
+                                  query->auth_type == REND_STEALTH_AUTH ?
+                                  query->descriptor_cookie : NULL,
+                                  time(NULL), chosen_replica);
+    if (ret < 0) {
+      /* Normally, on failure the descriptor_id is untouched but let's be
+       * safe in general in case the function changes at some point. */
+      goto end;
+    }
+
+    if (tor_memcmp(descriptor_id, query->descriptor_id[chosen_replica],
+                   sizeof(descriptor_id)) != 0) {
+      /* Not equal from what we currently have so purge the last hid serv
+       * request cache and update the descriptor ID with the new value. */
+      purge_hid_serv_from_last_hid_serv_requests(
+                                        query->descriptor_id[chosen_replica]);
+      memcpy(query->descriptor_id[chosen_replica], descriptor_id,
+             sizeof(query->descriptor_id[chosen_replica]));
+    }
+
+    /* Trigger the fetch with the computed descriptor ID. */
+    ret = fetch_v2_desc_by_descid(descriptor_id, query, hsdirs);
+    if (ret != 0) {
+      /* Either on success or failure, as long as we tried a fetch we are
+       * done here. */
+      goto end;
+    }
+  }
+
+  /* If we come here, there are no hidden service directories left. */
+  log_info(LD_REND, "Could not pick one of the responsible hidden "
+                    "service directories to fetch descriptors, because "
+                    "we already tried them all unsuccessfully.");
+  ret = 0;
+
+ end:
+  memwipe(descriptor_id, 0, sizeof(descriptor_id));
+  return ret;
+}
+
+/** Fetch a v2 descriptor using the given query. If any hsdir are specified,
+ * use them for the fetch.
+ *
+ * On success, 1 is returned. If no hidden service is left to ask, return 0.
+ * On error, -1 is returned. */
+int
+rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs)
+{
+  int ret;
+
+  tor_assert(query);
+
+  /* Depending on what's available in the rend data query object, we will
+   * trigger a fetch by HS address or using a descriptor ID. */
+
+  if (query->onion_address[0] != '\0') {
+    ret = fetch_v2_desc_by_addr(query, hsdirs);
+  } else if (!tor_digest_is_zero(query->desc_id_fetch)) {
+    ret = fetch_v2_desc_by_descid(query->desc_id_fetch, query, hsdirs);
+  } else {
+    /* Query data is invalid. */
+    ret = -1;
+    goto error;
+  }
+
+ error:
+  return ret;
+}
+
 /** Unless we already have a descriptor for <b>rend_query</b> with at least
  * one (possibly) working introduction point in it, start a connection to a
  * hidden service directory to fetch a v2 rendezvous service descriptor. */
 void
-rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
+rend_client_refetch_v2_renddesc(rend_data_t *rend_query)
 {
-  char descriptor_id[DIGEST_LEN];
-  int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
-  int i, tries_left;
   rend_cache_entry_t *e = NULL;
+
   tor_assert(rend_query);
   /* Are we configured to fetch descriptors? */
   if (!get_options()->FetchHidServDescriptors) {
@@ -739,7 +902,7 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
     return;
   }
   /* Before fetching, check if we already have a usable descriptor here. */
-  if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) > 0 &&
+  if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) == 0 &&
       rend_client_any_intro_points_usable(e)) {
     log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
                       "already have a usable descriptor here. Not fetching.");
@@ -747,44 +910,11 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query)
   }
   log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
             safe_str_client(rend_query->onion_address));
-  /* Randomly iterate over the replicas until a descriptor can be fetched
-   * from one of the consecutive nodes, or no options are left. */
-  tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
-  for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++)
-    replicas_left_to_try[i] = i;
-  while (tries_left > 0) {
-    int rand = crypto_rand_int(tries_left);
-    int chosen_replica = replicas_left_to_try[rand];
-    replicas_left_to_try[rand] = replicas_left_to_try[--tries_left];
-
-    if (rend_compute_v2_desc_id(descriptor_id, rend_query->onion_address,
-                                rend_query->auth_type == REND_STEALTH_AUTH ?
-                                    rend_query->descriptor_cookie : NULL,
-                                time(NULL), chosen_replica) < 0) {
-      log_warn(LD_REND, "Internal error: Computing v2 rendezvous "
-                        "descriptor ID did not succeed.");
-      /*
-       * Hmm, can this write anything to descriptor_id and still fail?
-       * Let's clear it just to be safe.
-       *
-       * From here on, any returns should goto done which clears
-       * descriptor_id so we don't leave key-derived material on the stack.
-       */
-      goto done;
-    }
-    if (directory_get_from_hs_dir(descriptor_id, rend_query) != 0)
-      goto done; /* either success or failure, but we're done */
-  }
-  /* If we come here, there are no hidden service directories left. */
-  log_info(LD_REND, "Could not pick one of the responsible hidden "
-                    "service directories to fetch descriptors, because "
-                    "we already tried them all unsuccessfully.");
-  /* Close pending connections. */
-  rend_client_desc_trynow(rend_query->onion_address);
-
- done:
-  memwipe(descriptor_id, 0, sizeof(descriptor_id));
 
+  rend_client_fetch_v2_desc(rend_query, NULL);
+  /* We don't need to look the error code because either on failure or
+   * success, the necessary steps to continue the HS connection will be
+   * triggered once the descriptor arrives or if all fetch failed. */
   return;
 }
 
@@ -845,7 +975,7 @@ rend_client_cancel_descriptor_fetches(void)
  */
 int
 rend_client_report_intro_point_failure(extend_info_t *failed_intro,
-                                       const rend_data_t *rend_query,
+                                       rend_data_t *rend_query,
                                        unsigned int failure_type)
 {
   int i, r;
@@ -853,17 +983,26 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro,
   connection_t *conn;
 
   r = rend_cache_lookup_entry(rend_query->onion_address, -1, &ent);
-  if (r<0) {
-    log_warn(LD_BUG, "Malformed service ID %s.",
-             escaped_safe_str_client(rend_query->onion_address));
-    return -1;
-  }
-  if (r==0) {
-    log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
-             escaped_safe_str_client(rend_query->onion_address));
-    rend_client_refetch_v2_renddesc(rend_query);
-    return 0;
+  if (r < 0) {
+    /* Either invalid onion address or cache entry not found. */
+    switch (-r) {
+    case EINVAL:
+      log_warn(LD_BUG, "Malformed service ID %s.",
+          escaped_safe_str_client(rend_query->onion_address));
+      return -1;
+    case ENOENT:
+      log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
+          escaped_safe_str_client(rend_query->onion_address));
+      rend_client_refetch_v2_renddesc(rend_query);
+      return 0;
+    default:
+      log_warn(LD_BUG, "Unknown cache lookup returned code: %d", r);
+      return -1;
+    }
   }
+  /* The intro points are not checked here if they are usable or not because
+   * this is called when an intro point circuit is closed thus there must be
+   * at least one intro point that is usable and is about to be flagged. */
 
   for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
     rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
@@ -876,6 +1015,9 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro,
         tor_fragile_assert();
         /* fall through */
       case INTRO_POINT_FAILURE_GENERIC:
+        rend_cache_intro_failure_note(failure_type,
+                                      (uint8_t *)failed_intro->identity_digest,
+                                      rend_query->onion_address);
         rend_intro_point_free(intro);
         smartlist_del(ent->parsed->intro_nodes, i);
         break;
@@ -891,6 +1033,10 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro,
                    intro->unreachable_count,
                    zap_intro_point ? " Removing from descriptor.": "");
           if (zap_intro_point) {
+            rend_cache_intro_failure_note(
+                failure_type,
+                (uint8_t *) failed_intro->identity_digest,
+                rend_query->onion_address);
             rend_intro_point_free(intro);
             smartlist_del(ent->parsed->intro_nodes, i);
           }
@@ -908,9 +1054,11 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro,
     rend_client_refetch_v2_renddesc(rend_query);
 
     /* move all pending streams back to renddesc_wait */
+    /* NOTE: We can now do this faster, if we use pending_entry_connections */
     while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
                                    AP_CONN_STATE_CIRCUIT_WAIT,
                                    rend_query->onion_address))) {
+      connection_ap_mark_as_non_pending_circuit(TO_ENTRY_CONN(conn));
       conn->state = AP_CONN_STATE_RENDDESC_WAIT;
     }
 
@@ -946,9 +1094,9 @@ rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
   circ->base_.timestamp_dirty = time(NULL);
 
   /* From a path bias point of view, this circuit is now successfully used.
-   * Waiting any longer opens us up to attacks from Bob. He could induce
-   * Alice to attempt to connect to his hidden service and never reply
-   * to her rend requests */
+   * Waiting any longer opens us up to attacks from malicious hidden services.
+   * They could induce the client to attempt to connect to their hidden
+   * service and never reply to the client's rend requests */
   pathbias_mark_use_success(circ);
 
   /* XXXX This is a pretty brute-force approach. It'd be better to
@@ -956,11 +1104,11 @@ rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request,
    * than trying to attach them all. See comments bug 743. */
   /* If we already have the introduction circuit built, make sure we send
    * the INTRODUCE cell _now_ */
-  connection_ap_attach_pending();
+  connection_ap_attach_pending(1);
   return 0;
 }
 
-/** Bob sent us a rendezvous cell; join the circuits. */
+/** The service sent us a rendezvous cell; join the circuits. */
 int
 rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
                                size_t request_len)
@@ -985,7 +1133,8 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
 
   log_info(LD_REND,"Got RENDEZVOUS2 cell from hidden service.");
 
-  /* first DH_KEY_LEN bytes are g^y from bob. Finish the dh handshake...*/
+  /* first DH_KEY_LEN bytes are g^y from the service. Finish the dh
+   * handshake...*/
   tor_assert(circ->build_state);
   tor_assert(circ->build_state->pending_final_cpath);
   hop = circ->build_state->pending_final_cpath;
@@ -1014,7 +1163,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
   circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_JOINED);
   hop->state = CPATH_STATE_OPEN;
   /* set the windows to default. these are the windows
-   * that alice thinks bob has.
+   * that the client thinks the service has.
    */
   hop->package_window = circuit_initial_package_window();
   hop->deliver_window = CIRCWINDOW_START;
@@ -1062,7 +1211,7 @@ rend_client_desc_trynow(const char *query)
       continue;
     assert_connection_ok(base_conn, now);
     if (rend_cache_lookup_entry(rend_data->onion_address, -1,
-                                &entry) == 1 &&
+                                &entry) == 0 &&
         rend_client_any_intro_points_usable(entry)) {
       /* either this fetch worked, or it failed but there was a
        * valid entry from before which we should reuse */
@@ -1075,35 +1224,34 @@ rend_client_desc_trynow(const char *query)
       base_conn->timestamp_lastread = now;
       base_conn->timestamp_lastwritten = now;
 
-      if (connection_ap_handshake_attach_circuit(conn) < 0) {
-        /* it will never work */
-        log_warn(LD_REND,"Rendezvous attempt failed. Closing.");
-        if (!base_conn->marked_for_close)
-          connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
-      }
+      connection_ap_mark_as_pending_circuit(conn);
     } else { /* 404, or fetch didn't get that far */
       log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
                  "unavailable (try again later).",
                  safe_str_client(query));
       connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
-      rend_client_note_connection_attempt_ended(query);
+      rend_client_note_connection_attempt_ended(rend_data);
     }
   } SMARTLIST_FOREACH_END(base_conn);
 }
 
-/** Clear temporary state used only during an attempt to connect to
- * the hidden service named <b>onion_address</b>.  Called when a
- * connection attempt has ended; may be called occasionally at other
- * times, and should be reasonably harmless. */
+/** Clear temporary state used only during an attempt to connect to the
+ * hidden service with <b>rend_data</b>. Called when a connection attempt
+ * has ended; it is possible for this to be called multiple times while
+ * handling an ended connection attempt, and any future changes to this
+ * function must ensure it remains idempotent. */
 void
-rend_client_note_connection_attempt_ended(const char *onion_address)
+rend_client_note_connection_attempt_ended(const rend_data_t *rend_data)
 {
+  unsigned int have_onion = 0;
   rend_cache_entry_t *cache_entry = NULL;
-  rend_cache_lookup_entry(onion_address, -1, &cache_entry);
 
-  log_info(LD_REND, "Connection attempt for %s has ended; "
-           "cleaning up temporary state.",
-           safe_str_client(onion_address));
+  if (*rend_data->onion_address != '\0') {
+    /* Ignore return value; we find an entry, or we don't. */
+    (void) rend_cache_lookup_entry(rend_data->onion_address, -1,
+                                   &cache_entry);
+    have_onion = 1;
+  }
 
   /* Clear the timed_out flag on all remaining intro points for this HS. */
   if (cache_entry != NULL) {
@@ -1113,7 +1261,20 @@ rend_client_note_connection_attempt_ended(const char *onion_address)
   }
 
   /* Remove the HS's entries in last_hid_serv_requests. */
-  purge_hid_serv_from_last_hid_serv_requests(onion_address);
+  if (have_onion) {
+    unsigned int replica;
+    for (replica = 0; replica < ARRAY_LENGTH(rend_data->descriptor_id);
+         replica++) {
+      const char *desc_id = rend_data->descriptor_id[replica];
+      purge_hid_serv_from_last_hid_serv_requests(desc_id);
+    }
+    log_info(LD_REND, "Connection attempt for %s has ended; "
+             "cleaning up temporary state.",
+             safe_str_client(rend_data->onion_address));
+  } else {
+    /* We only have an ID for a fetch. Probably used by HSFETCH. */
+    purge_hid_serv_from_last_hid_serv_requests(rend_data->desc_id_fetch);
+  }
 }
 
 /** Return a newly allocated extend_info_t* for a randomly chosen introduction
@@ -1123,13 +1284,17 @@ rend_client_note_connection_attempt_ended(const char *onion_address)
 extend_info_t *
 rend_client_get_random_intro(const rend_data_t *rend_query)
 {
+  int ret;
   extend_info_t *result;
   rend_cache_entry_t *entry;
 
-  if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) {
-      log_warn(LD_REND,
-               "Query '%s' didn't have valid rend desc in cache. Failing.",
-               safe_str_client(rend_query->onion_address));
+  ret = rend_cache_lookup_entry(rend_query->onion_address, -1, &entry);
+  if (ret < 0 || !rend_client_any_intro_points_usable(entry)) {
+    log_warn(LD_REND,
+             "Query '%s' didn't have valid rend desc in cache. Failing.",
+             safe_str_client(rend_query->onion_address));
+    /* XXX: Should we refetch the descriptor here if the IPs are not usable
+     * anymore ?. */
     return NULL;
   }
 
@@ -1200,11 +1365,19 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
       smartlist_del(usable_nodes, i);
       goto again;
     }
+#ifdef ENABLE_TOR2WEB_MODE
+    new_extend_info = extend_info_from_node(node, options->Tor2webMode);
+#else
     new_extend_info = extend_info_from_node(node, 0);
+#endif
     if (!new_extend_info) {
+      const char *alternate_reason = "";
+#ifdef ENABLE_TOR2WEB_MODE
+      alternate_reason = ", or we cannot connect directly to it";
+#endif
       log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
-               "'%s'; trying another.",
-               extend_info_describe(intro->extend_info));
+               "'%s'%s; trying another.",
+               extend_info_describe(intro->extend_info), alternate_reason);
       smartlist_del(usable_nodes, i);
       goto again;
     } else {
diff --git a/src/or/rendclient.h b/src/or/rendclient.h
index 1f731d0ae5..e90dac07ab 100644
--- a/src/or/rendclient.h
+++ b/src/or/rendclient.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,6 +12,8 @@
 #ifndef TOR_RENDCLIENT_H
 #define TOR_RENDCLIENT_H
 
+#include "rendcache.h"
+
 void rend_client_purge_state(void);
 
 void rend_client_introcirc_has_opened(origin_circuit_t *circ);
@@ -19,16 +21,13 @@ void rend_client_rendcirc_has_opened(origin_circuit_t *circ);
 int rend_client_introduction_acked(origin_circuit_t *circ,
                                    const uint8_t *request,
                                    size_t request_len);
-void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query);
+void rend_client_refetch_v2_renddesc(rend_data_t *rend_query);
+int rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs);
 void rend_client_cancel_descriptor_fetches(void);
 void rend_client_purge_last_hid_serv_requests(void);
 
-#define INTRO_POINT_FAILURE_GENERIC 0
-#define INTRO_POINT_FAILURE_TIMEOUT 1
-#define INTRO_POINT_FAILURE_UNREACHABLE 2
-
 int rend_client_report_intro_point_failure(extend_info_t *failed_intro,
-                                           const rend_data_t *rend_query,
+                                           rend_data_t *rend_query,
                                            unsigned int failure_type);
 
 int rend_client_rendezvous_acked(origin_circuit_t *circ,
@@ -39,7 +38,7 @@ int rend_client_receive_rendezvous(origin_circuit_t *circ,
                                    size_t request_len);
 void rend_client_desc_trynow(const char *query);
 
-void rend_client_note_connection_attempt_ended(const char *onion_address);
+void rend_client_note_connection_attempt_ended(const rend_data_t *rend_data);
 
 extend_info_t *rend_client_get_random_intro(const rend_data_t *rend_query);
 int rend_client_any_intro_points_usable(const rend_cache_entry_t *entry);
@@ -51,7 +50,6 @@ int rend_parse_service_authorization(const or_options_t *options,
 rend_service_authorization_t *rend_client_lookup_service_authorization(
                                                 const char *onion_address);
 void rend_service_authorization_free_all(void);
-rend_data_t *rend_data_dup(const rend_data_t *request);
 
 #endif
 
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 9637d4d838..438fbc4d9a 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -11,13 +11,16 @@
 #include "or.h"
 #include "circuitbuild.h"
 #include "config.h"
+#include "control.h"
 #include "rendclient.h"
 #include "rendcommon.h"
 #include "rendmid.h"
 #include "rendservice.h"
 #include "rephist.h"
+#include "router.h"
 #include "routerlist.h"
 #include "routerparse.h"
+#include "networkstatus.h"
 
 /** Return 0 if one and two are the same service ids, else -1 or 1 */
 int
@@ -155,10 +158,10 @@ rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
   }
   /* Calculate current time-period. */
   time_period = get_time_period(now, 0, service_id_binary);
-  /* Calculate secret-id-part = h(time-period + replica). */
+  /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */
   get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
                            replica);
-  /* Calculate descriptor ID. */
+  /* Calculate descriptor ID: H(permanent-id | secret-id-part) */
   rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part);
   return 0;
 }
@@ -268,11 +271,7 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
   tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
 
   /* Generate session key. */
-  if (crypto_rand(session_key, CIPHER_KEY_LEN) < 0) {
-    log_warn(LD_REND, "Unable to generate random session key to encrypt "
-                      "introduction point string.");
-    goto done;
-  }
+  crypto_rand(session_key, CIPHER_KEY_LEN);
 
   /* Determine length of encrypted introduction points including session
    * keys. */
@@ -334,11 +333,7 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
            REND_BASIC_AUTH_CLIENT_MULTIPLE;
        i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) {
     client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
-    if (crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN) < 0) {
-      log_warn(LD_REND, "Unable to generate fake client entry.");
-      tor_free(client_part);
-      goto done;
-    }
+    crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
     smartlist_add(encrypted_session_keys, client_part);
   }
   /* Sort smartlist and put elements in result in order. */
@@ -411,7 +406,7 @@ rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc)
                                          &test_intro_content,
                                          &test_intro_size,
                                          &test_encoded_size,
-                                         &test_next, desc->desc_str);
+                                         &test_next, desc->desc_str, 1);
   rend_service_descriptor_free(test_parsed);
   tor_free(test_intro_content);
   return (res >= 0);
@@ -461,6 +456,7 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
                            smartlist_t *client_cookies)
 {
   char service_id[DIGEST_LEN];
+  char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
   uint32_t time_period;
   char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL,
        *descriptor_cookie = NULL;
@@ -528,8 +524,9 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
         return -1;
     }
     /* Base64-encode introduction points. */
-    ipos_base64 = tor_malloc_zero(ipos_len * 2);
-    if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len)<0) {
+    ipos_base64 = tor_calloc(ipos_len, 2);
+    if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len,
+                      BASE64_ENCODE_MULTILINE)<0) {
       log_warn(LD_REND, "Could not encode introduction point string to "
                "base64. length=%d", (int)ipos_len);
       tor_free(ipos_base64);
@@ -556,7 +553,7 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
     char desc_digest[DIGEST_LEN];
     rend_encoded_v2_service_descriptor_t *enc =
       tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
-    /* Calculate secret-id-part = h(time-period + cookie + replica). */
+    /* Calculate secret-id-part = h(time-period | cookie | replica). */
     get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie,
                              k);
     base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32),
@@ -646,7 +643,6 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
         rend_encoded_v2_service_descriptor_free(enc);
         goto err;
     }
-    desc_str[written++] = '\n';
     desc_str[written++] = 0;
     /* Check if we can parse our own descriptor. */
     if (!rend_desc_v2_is_parsable(enc)) {
@@ -655,6 +651,11 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
       goto err;
     }
     smartlist_add(descs_out, enc);
+    /* Add the uploaded descriptor to the local service's descriptor cache */
+    rend_cache_store_v2_desc_as_service(enc->desc_str);
+    base32_encode(service_id_base32, sizeof(service_id_base32),
+          service_id, REND_SERVICE_ID_LEN);
+    control_event_hs_descriptor_created(service_id_base32, desc_id_base32, k);
   }
 
   log_info(LD_REND, "Successfully encoded a v2 descriptor and "
@@ -687,154 +688,6 @@ rend_get_service_id(crypto_pk_t *pk, char *out)
   return 0;
 }
 
-/* ==== Rendezvous service descriptor cache. */
-
-/** How old do we let hidden service descriptors get before discarding
- * them as too old? */
-#define REND_CACHE_MAX_AGE (2*24*60*60)
-/** How wrong do we assume our clock may be when checking whether hidden
- * services are too old or too new? */
-#define REND_CACHE_MAX_SKEW (24*60*60)
-
-/** Map from service id (as generated by rend_get_service_id) to
- * rend_cache_entry_t. */
-static strmap_t *rend_cache = NULL;
-
-/** Map from descriptor id to rend_cache_entry_t; only for hidden service
- * directories. */
-static digestmap_t *rend_cache_v2_dir = NULL;
-
-/** Initializes the service descriptor cache.
- */
-void
-rend_cache_init(void)
-{
-  rend_cache = strmap_new();
-  rend_cache_v2_dir = digestmap_new();
-}
-
-/** Helper: free storage held by a single service descriptor cache entry. */
-static void
-rend_cache_entry_free(rend_cache_entry_t *e)
-{
-  if (!e)
-    return;
-  rend_service_descriptor_free(e->parsed);
-  tor_free(e->desc);
-  tor_free(e);
-}
-
-/** Helper: deallocate a rend_cache_entry_t.  (Used with strmap_free(), which
- * requires a function pointer whose argument is void*). */
-static void
-rend_cache_entry_free_(void *p)
-{
-  rend_cache_entry_free(p);
-}
-
-/** Free all storage held by the service descriptor cache. */
-void
-rend_cache_free_all(void)
-{
-  strmap_free(rend_cache, rend_cache_entry_free_);
-  digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_);
-  rend_cache = NULL;
-  rend_cache_v2_dir = NULL;
-}
-
-/** Removes all old entries from the service descriptor cache.
- */
-void
-rend_cache_clean(time_t now)
-{
-  strmap_iter_t *iter;
-  const char *key;
-  void *val;
-  rend_cache_entry_t *ent;
-  time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
-  for (iter = strmap_iter_init(rend_cache); !strmap_iter_done(iter); ) {
-    strmap_iter_get(iter, &key, &val);
-    ent = (rend_cache_entry_t*)val;
-    if (ent->parsed->timestamp < cutoff) {
-      iter = strmap_iter_next_rmv(rend_cache, iter);
-      rend_cache_entry_free(ent);
-    } else {
-      iter = strmap_iter_next(rend_cache, iter);
-    }
-  }
-}
-
-/** Remove ALL entries from the rendezvous service descriptor cache.
- */
-void
-rend_cache_purge(void)
-{
-  if (rend_cache) {
-    log_info(LD_REND, "Purging HS descriptor cache");
-    strmap_free(rend_cache, rend_cache_entry_free_);
-  }
-  rend_cache = strmap_new();
-}
-
-/** Remove all old v2 descriptors and those for which this hidden service
- * directory is not responsible for any more. */
-void
-rend_cache_clean_v2_descs_as_dir(time_t now)
-{
-  digestmap_iter_t *iter;
-  time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;
-  for (iter = digestmap_iter_init(rend_cache_v2_dir);
-       !digestmap_iter_done(iter); ) {
-    const char *key;
-    void *val;
-    rend_cache_entry_t *ent;
-    digestmap_iter_get(iter, &key, &val);
-    ent = val;
-    if (ent->parsed->timestamp < cutoff ||
-        !hid_serv_responsible_for_desc_id(key)) {
-      char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
-      base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN);
-      log_info(LD_REND, "Removing descriptor with ID '%s' from cache",
-               safe_str_client(key_base32));
-      iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter);
-      rend_cache_entry_free(ent);
-    } else {
-      iter = digestmap_iter_next(rend_cache_v2_dir, iter);
-    }
-  }
-}
-
-/** Determines whether <b>a</b> is in the interval of <b>b</b> (excluded) and
- * <b>c</b> (included) in a circular digest ring; returns 1 if this is the
- * case, and 0 otherwise.
- */
-int
-rend_id_is_in_interval(const char *a, const char *b, const char *c)
-{
-  int a_b, b_c, c_a;
-  tor_assert(a);
-  tor_assert(b);
-  tor_assert(c);
-
-  /* There are five cases in which a is outside the interval ]b,c]: */
-  a_b = tor_memcmp(a,b,DIGEST_LEN);
-  if (a_b == 0)
-    return 0; /* 1. a == b (b is excluded) */
-  b_c = tor_memcmp(b,c,DIGEST_LEN);
-  if (b_c == 0)
-    return 0; /* 2. b == c (interval is empty) */
-  else if (a_b <= 0 && b_c < 0)
-    return 0; /* 3. a b c */
-  c_a = tor_memcmp(c,a,DIGEST_LEN);
-  if (c_a < 0 && a_b <= 0)
-    return 0; /* 4. c a b */
-  else if (b_c < 0 && c_a < 0)
-    return 0; /* 5. b c a */
-
-  /* In the other cases (a c b; b a c; c b a), a is inside the interval. */
-  return 1;
-}
-
 /** Return true iff <b>query</b> is a syntactically valid service ID (as
  * generated by rend_get_service_id).  */
 int
@@ -849,343 +702,24 @@ rend_valid_service_id(const char *query)
   return 1;
 }
 
-/** If we have a cached rend_cache_entry_t for the service ID <b>query</b>
- * with <b>version</b>, set *<b>e</b> to that entry and return 1.
- * Else return 0. If <b>version</b> is nonnegative, only return an entry
- * in that descriptor format version. Otherwise (if <b>version</b> is
- * negative), return the most recent format we have.
- */
+/** Return true iff <b>query</b> is a syntactically valid descriptor ID.
+ * (as generated by rend_get_descriptor_id_bytes). */
 int
-rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e)
+rend_valid_descriptor_id(const char *query)
 {
-  char key[REND_SERVICE_ID_LEN_BASE32+2]; /* <version><query>\0 */
-  tor_assert(rend_cache);
-  if (!rend_valid_service_id(query))
-    return -1;
-  *e = NULL;
-  if (version != 0) {
-    tor_snprintf(key, sizeof(key), "2%s", query);
-    *e = strmap_get_lc(rend_cache, key);
+  if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) {
+    goto invalid;
   }
-  if (!*e && version != 2) {
-    tor_snprintf(key, sizeof(key), "0%s", query);
-    *e = strmap_get_lc(rend_cache, key);
+  if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
+    goto invalid;
   }
-  if (!*e)
-    return 0;
-  tor_assert((*e)->parsed && (*e)->parsed->intro_nodes);
-  /* XXX023 hack for now, to return "not found" if there are no intro
-   * points remaining. See bug 997. */
-  if (! rend_client_any_intro_points_usable(*e))
-    return 0;
+
   return 1;
-}
 
-/** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and
- * copy the pointer to it to *<b>desc</b>.  Return 1 on success, 0 on
- * well-formed-but-not-found, and -1 on failure.
- */
-int
-rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
-{
-  rend_cache_entry_t *e;
-  char desc_id_digest[DIGEST_LEN];
-  tor_assert(rend_cache_v2_dir);
-  if (base32_decode(desc_id_digest, DIGEST_LEN,
-                    desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
-    log_fn(LOG_PROTOCOL_WARN, LD_REND,
-           "Rejecting v2 rendezvous descriptor request -- descriptor ID "
-           "contains illegal characters: %s",
-           safe_str(desc_id));
-    return -1;
-  }
-  /* Lookup descriptor and return. */
-  e = digestmap_get(rend_cache_v2_dir, desc_id_digest);
-  if (e) {
-    *desc = e->desc;
-    return 1;
-  }
+ invalid:
   return 0;
 }
 
-/* Do not allow more than this many introduction points in a hidden service
- * descriptor */
-#define MAX_INTRO_POINTS 10
-
-/** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the
- * local rend cache. Don't attempt to decrypt the included list of introduction
- * points (as we don't have a descriptor cookie for it).
- *
- * If we have a newer descriptor with the same ID, ignore this one.
- * If we have an older descriptor with the same ID, replace it.
- *
- * Return an appropriate rend_cache_store_status_t.
- */
-rend_cache_store_status_t
-rend_cache_store_v2_desc_as_dir(const char *desc)
-{
-  rend_service_descriptor_t *parsed;
-  char desc_id[DIGEST_LEN];
-  char *intro_content;
-  size_t intro_size;
-  size_t encoded_size;
-  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
-  int number_parsed = 0, number_stored = 0;
-  const char *current_desc = desc;
-  const char *next_desc;
-  rend_cache_entry_t *e;
-  time_t now = time(NULL);
-  tor_assert(rend_cache_v2_dir);
-  tor_assert(desc);
-  if (!hid_serv_acting_as_directory()) {
-    /* Cannot store descs, because we are (currently) not acting as
-     * hidden service directory. */
-    log_info(LD_REND, "Cannot store descs: Not acting as hs dir");
-    return RCS_NOTDIR;
-  }
-  while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
-                                          &intro_size, &encoded_size,
-                                          &next_desc, current_desc) >= 0) {
-    number_parsed++;
-    /* We don't care about the introduction points. */
-    tor_free(intro_content);
-    /* For pretty log statements. */
-    base32_encode(desc_id_base32, sizeof(desc_id_base32),
-                  desc_id, DIGEST_LEN);
-    /* Is desc ID in the range that we are (directly or indirectly) responsible
-     * for? */
-    if (!hid_serv_responsible_for_desc_id(desc_id)) {
-      log_info(LD_REND, "Service descriptor with desc ID %s is not in "
-                        "interval that we are responsible for.",
-               safe_str_client(desc_id_base32));
-      goto skip;
-    }
-    /* Is descriptor too old? */
-    if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
-      log_info(LD_REND, "Service descriptor with desc ID %s is too old.",
-               safe_str(desc_id_base32));
-      goto skip;
-    }
-    /* Is descriptor too far in the future? */
-    if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
-      log_info(LD_REND, "Service descriptor with desc ID %s is too far in the "
-                        "future.",
-               safe_str(desc_id_base32));
-      goto skip;
-    }
-    /* Do we already have a newer descriptor? */
-    e = digestmap_get(rend_cache_v2_dir, desc_id);
-    if (e && e->parsed->timestamp > parsed->timestamp) {
-      log_info(LD_REND, "We already have a newer service descriptor with the "
-                        "same desc ID %s and version.",
-               safe_str(desc_id_base32));
-      goto skip;
-    }
-    /* Do we already have this descriptor? */
-    if (e && !strcmp(desc, e->desc)) {
-      log_info(LD_REND, "We already have this service descriptor with desc "
-                        "ID %s.", safe_str(desc_id_base32));
-      e->received = time(NULL);
-      goto skip;
-    }
-    /* Store received descriptor. */
-    if (!e) {
-      e = tor_malloc_zero(sizeof(rend_cache_entry_t));
-      digestmap_set(rend_cache_v2_dir, desc_id, e);
-    } else {
-      rend_service_descriptor_free(e->parsed);
-      tor_free(e->desc);
-    }
-    e->received = time(NULL);
-    e->parsed = parsed;
-    e->desc = tor_strndup(current_desc, encoded_size);
-    e->len = encoded_size;
-    log_info(LD_REND, "Successfully stored service descriptor with desc ID "
-                      "'%s' and len %d.",
-             safe_str(desc_id_base32), (int)encoded_size);
-    number_stored++;
-    goto advance;
-  skip:
-    rend_service_descriptor_free(parsed);
-  advance:
-    /* advance to next descriptor, if available. */
-    current_desc = next_desc;
-    /* check if there is a next descriptor. */
-    if (!current_desc ||
-        strcmpstart(current_desc, "rendezvous-service-descriptor "))
-      break;
-  }
-  if (!number_parsed) {
-    log_info(LD_REND, "Could not parse any descriptor.");
-    return RCS_BADDESC;
-  }
-  log_info(LD_REND, "Parsed %d and added %d descriptor%s.",
-           number_parsed, number_stored, number_stored != 1 ? "s" : "");
-  return RCS_OKAY;
-}
-
-/** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list
- * of introduction points with <b>descriptor_cookie</b> (which may also be
- * <b>NULL</b> if decryption is not necessary), and store the descriptor to
- * the local cache under its version and service id.
- *
- * If we have a newer v2 descriptor with the same ID, ignore this one.
- * If we have an older descriptor with the same ID, replace it.
- * If the descriptor's service ID does not match
- * <b>rend_query</b>-\>onion_address, reject it.
- *
- * Return an appropriate rend_cache_store_status_t.
- */
-rend_cache_store_status_t
-rend_cache_store_v2_desc_as_client(const char *desc,
-                                   const rend_data_t *rend_query)
-{
-  /*XXXX this seems to have a bit of duplicate code with
-   * rend_cache_store_v2_desc_as_dir().  Fix that. */
-  /* Though having similar elements, both functions were separated on
-   * purpose:
-   * - dirs don't care about encoded/encrypted introduction points, clients
-   *   do.
-   * - dirs store descriptors in a separate cache by descriptor ID, whereas
-   *   clients store them by service ID; both caches are different data
-   *   structures and have different access methods.
-   * - dirs store a descriptor only if they are responsible for its ID,
-   *   clients do so in every way (because they have requested it before).
-   * - dirs can process multiple concatenated descriptors which is required
-   *   for replication, whereas clients only accept a single descriptor.
-   * Thus, combining both methods would result in a lot of if statements
-   * which probably would not improve, but worsen code readability. -KL */
-  rend_service_descriptor_t *parsed = NULL;
-  char desc_id[DIGEST_LEN];
-  char *intro_content = NULL;
-  size_t intro_size;
-  size_t encoded_size;
-  const char *next_desc;
-  time_t now = time(NULL);
-  char key[REND_SERVICE_ID_LEN_BASE32+2];
-  char service_id[REND_SERVICE_ID_LEN_BASE32+1];
-  rend_cache_entry_t *e;
-  rend_cache_store_status_t retval = RCS_BADDESC;
-  tor_assert(rend_cache);
-  tor_assert(desc);
-  /* Parse the descriptor. */
-  if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content,
-                                       &intro_size, &encoded_size,
-                                       &next_desc, desc) < 0) {
-    log_warn(LD_REND, "Could not parse descriptor.");
-    goto err;
-  }
-  /* Compute service ID from public key. */
-  if (rend_get_service_id(parsed->pk, service_id)<0) {
-    log_warn(LD_REND, "Couldn't compute service ID.");
-    goto err;
-  }
-  if (strcmp(rend_query->onion_address, service_id)) {
-    log_warn(LD_REND, "Received service descriptor for service ID %s; "
-             "expected descriptor for service ID %s.",
-             service_id, safe_str(rend_query->onion_address));
-    goto err;
-  }
-  /* Decode/decrypt introduction points. */
-  if (intro_content && intro_size > 0) {
-    int n_intro_points;
-    if (rend_query->auth_type != REND_NO_AUTH &&
-        !tor_mem_is_zero(rend_query->descriptor_cookie,
-                         sizeof(rend_query->descriptor_cookie))) {
-      char *ipos_decrypted = NULL;
-      size_t ipos_decrypted_size;
-      if (rend_decrypt_introduction_points(&ipos_decrypted,
-                                           &ipos_decrypted_size,
-                                           rend_query->descriptor_cookie,
-                                           intro_content,
-                                           intro_size) < 0) {
-        log_warn(LD_REND, "Failed to decrypt introduction points. We are "
-                 "probably unable to parse the encoded introduction points.");
-      } else {
-        /* Replace encrypted with decrypted introduction points. */
-        log_info(LD_REND, "Successfully decrypted introduction points.");
-        tor_free(intro_content);
-        intro_content = ipos_decrypted;
-        intro_size = ipos_decrypted_size;
-      }
-    }
-    n_intro_points = rend_parse_introduction_points(parsed, intro_content,
-                                                    intro_size);
-    if (n_intro_points <= 0) {
-      log_warn(LD_REND, "Failed to parse introduction points. Either the "
-               "service has published a corrupt descriptor, or you have "
-               "provided invalid authorization data, or (maybe!) the "
-               "server is deliberately serving broken data in an attempt "
-               "to crash you with bug 21018.");
-      goto err;
-    } else if (n_intro_points > MAX_INTRO_POINTS) {
-      log_warn(LD_REND, "Found too many introduction points on a hidden "
-               "service descriptor for %s. This is probably a (misguided) "
-               "attempt to improve reliability, but it could also be an "
-               "attempt to do a guard enumeration attack. Rejecting.",
-               safe_str_client(rend_query->onion_address));
-
-      goto err;
-    }
-  } else {
-    log_info(LD_REND, "Descriptor does not contain any introduction points.");
-    parsed->intro_nodes = smartlist_new();
-  }
-  /* We don't need the encoded/encrypted introduction points any longer. */
-  tor_free(intro_content);
-  /* Is descriptor too old? */
-  if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
-    log_warn(LD_REND, "Service descriptor with service ID %s is too old.",
-             safe_str_client(service_id));
-    goto err;
-  }
-  /* Is descriptor too far in the future? */
-  if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) {
-    log_warn(LD_REND, "Service descriptor with service ID %s is too far in "
-                      "the future.", safe_str_client(service_id));
-    goto err;
-  }
-  /* Do we already have a newer descriptor? */
-  tor_snprintf(key, sizeof(key), "2%s", service_id);
-  e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key);
-  if (e && e->parsed->timestamp > parsed->timestamp) {
-    log_info(LD_REND, "We already have a newer service descriptor for "
-                      "service ID %s with the same desc ID and version.",
-             safe_str_client(service_id));
-    goto okay;
-  }
-  /* Do we already have this descriptor? */
-  if (e && !strcmp(desc, e->desc)) {
-    log_info(LD_REND,"We already have this service descriptor %s.",
-             safe_str_client(service_id));
-    e->received = time(NULL);
-    goto okay;
-  }
-  if (!e) {
-    e = tor_malloc_zero(sizeof(rend_cache_entry_t));
-    strmap_set_lc(rend_cache, key, e);
-  } else {
-    rend_service_descriptor_free(e->parsed);
-    tor_free(e->desc);
-  }
-  e->received = time(NULL);
-  e->parsed = parsed;
-  e->desc = tor_malloc_zero(encoded_size + 1);
-  strlcpy(e->desc, desc, encoded_size + 1);
-  e->len = encoded_size;
-  log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.",
-            safe_str_client(service_id), (int)encoded_size);
-  return RCS_OKAY;
-
- okay:
-  retval = RCS_OKAY;
-
- err:
-  rend_service_descriptor_free(parsed);
-  tor_free(intro_content);
-  return retval;
-}
-
 /** Called when we get a rendezvous-related relay cell on circuit
  * <b>circ</b>.  Dispatch on rendezvous relay command. */
 void
@@ -1223,7 +757,7 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
       break;
     case RELAY_COMMAND_INTRODUCE2:
       if (origin_circ)
-        r = rend_service_introduce(origin_circ,payload,length);
+        r = rend_service_receive_introduction(origin_circ,payload,length);
       break;
     case RELAY_COMMAND_INTRODUCE_ACK:
       if (origin_circ)
@@ -1259,7 +793,151 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
 rend_data_t *
 rend_data_dup(const rend_data_t *data)
 {
+  rend_data_t *data_dup;
   tor_assert(data);
-  return tor_memdup(data, sizeof(rend_data_t));
+  data_dup = tor_memdup(data, sizeof(rend_data_t));
+  data_dup->hsdirs_fp = smartlist_new();
+  SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp,
+                    smartlist_add(data_dup->hsdirs_fp,
+                                  tor_memdup(fp, DIGEST_LEN)));
+  return data_dup;
+}
+
+/** Compute descriptor ID for each replicas and save them. A valid onion
+ * address must be present in the <b>rend_data</b>.
+ *
+ * Return 0 on success else -1. */
+static int
+compute_desc_id(rend_data_t *rend_data)
+{
+  int ret = 0;
+  unsigned replica;
+  time_t now = time(NULL);
+
+  tor_assert(rend_data);
+
+  /* Compute descriptor ID for each replicas. */
+  for (replica = 0; replica < ARRAY_LENGTH(rend_data->descriptor_id);
+       replica++) {
+    ret = rend_compute_v2_desc_id(rend_data->descriptor_id[replica],
+                                  rend_data->onion_address,
+                                  rend_data->descriptor_cookie,
+                                  now, replica);
+    if (ret < 0) {
+      goto end;
+    }
+  }
+
+ end:
+  return ret;
+}
+
+/** Allocate and initialize a rend_data_t object for a service using the
+ * given arguments. Only the <b>onion_address</b> is not optional.
+ *
+ * Return a valid rend_data_t pointer. */
+rend_data_t *
+rend_data_service_create(const char *onion_address, const char *pk_digest,
+                         const uint8_t *cookie, rend_auth_type_t auth_type)
+{
+  rend_data_t *rend_data = tor_malloc_zero(sizeof(*rend_data));
+
+  /* We need at least one else the call is wrong. */
+  tor_assert(onion_address != NULL);
+
+  if (pk_digest) {
+    memcpy(rend_data->rend_pk_digest, pk_digest,
+           sizeof(rend_data->rend_pk_digest));
+  }
+  if (cookie) {
+    memcpy(rend_data->rend_cookie, cookie,
+           sizeof(rend_data->rend_cookie));
+  }
+
+  strlcpy(rend_data->onion_address, onion_address,
+          sizeof(rend_data->onion_address));
+  rend_data->auth_type = auth_type;
+  /* Won't be used but still need to initialize it for rend_data dup and
+   * free. */
+  rend_data->hsdirs_fp = smartlist_new();
+
+  return rend_data;
+}
+
+/** Allocate and initialize a rend_data_t object for a client request using
+ * the given arguments.  Either an onion address or a descriptor ID is
+ * needed. Both can be given but only the onion address will be used to make
+ * the descriptor fetch.
+ *
+ * Return a valid rend_data_t pointer or NULL on error meaning the
+ * descriptor IDs couldn't be computed from the given data. */
+rend_data_t *
+rend_data_client_create(const char *onion_address, const char *desc_id,
+                        const char *cookie, rend_auth_type_t auth_type)
+{
+  rend_data_t *rend_data = tor_malloc_zero(sizeof(*rend_data));
+
+  /* We need at least one else the call is wrong. */
+  tor_assert(onion_address != NULL || desc_id != NULL);
+
+  if (cookie) {
+    memcpy(rend_data->descriptor_cookie, cookie,
+           sizeof(rend_data->descriptor_cookie));
+  }
+  if (desc_id) {
+    memcpy(rend_data->desc_id_fetch, desc_id,
+           sizeof(rend_data->desc_id_fetch));
+  }
+  if (onion_address) {
+    strlcpy(rend_data->onion_address, onion_address,
+            sizeof(rend_data->onion_address));
+    if (compute_desc_id(rend_data) < 0) {
+      goto error;
+    }
+  }
+
+  rend_data->auth_type = auth_type;
+  rend_data->hsdirs_fp = smartlist_new();
+
+  return rend_data;
+
+ error:
+  rend_data_free(rend_data);
+  return NULL;
+}
+
+/** Determine the routers that are responsible for <b>id</b> (binary) and
+ * add pointers to those routers' routerstatus_t to <b>responsible_dirs</b>.
+ * Return -1 if we're returning an empty smartlist, else return 0.
+ */
+int
+hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
+                                     const char *id)
+{
+  int start, found, n_added = 0, i;
+  networkstatus_t *c = networkstatus_get_latest_consensus();
+  if (!c || !smartlist_len(c->routerstatus_list)) {
+    log_warn(LD_REND, "We don't have a consensus, so we can't perform v2 "
+             "rendezvous operations.");
+    return -1;
+  }
+  tor_assert(id);
+  start = networkstatus_vote_find_entry_idx(c, id, &found);
+  if (start == smartlist_len(c->routerstatus_list)) start = 0;
+  i = start;
+  do {
+    routerstatus_t *r = smartlist_get(c->routerstatus_list, i);
+    if (r->is_hs_dir) {
+      smartlist_add(responsible_dirs, r);
+      if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
+        return 0;
+    }
+    if (++i == smartlist_len(c->routerstatus_list))
+      i = 0;
+  } while (i != start);
+
+  /* Even though we don't have the desired number of hidden service
+   * directories, be happy if we got any. */
+  return smartlist_len(responsible_dirs) ? 0 : -1;
 }
 
diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h
index 07a47accfe..d67552e405 100644
--- a/src/or/rendcommon.h
+++ b/src/or/rendcommon.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -12,10 +12,22 @@
 #ifndef TOR_RENDCOMMON_H
 #define TOR_RENDCOMMON_H
 
+typedef enum rend_intro_point_failure_t {
+  INTRO_POINT_FAILURE_GENERIC     = 0,
+  INTRO_POINT_FAILURE_TIMEOUT     = 1,
+  INTRO_POINT_FAILURE_UNREACHABLE = 2,
+} rend_intro_point_failure_t;
+
 /** Free all storage associated with <b>data</b> */
-static INLINE void
+static inline void
 rend_data_free(rend_data_t *data)
 {
+  if (!data) {
+    return;
+  }
+  /* Cleanup the HSDir identity digest. */
+  SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d));
+  smartlist_free(data->hsdirs_fp);
   tor_free(data);
 }
 
@@ -31,26 +43,8 @@ void rend_encoded_v2_service_descriptor_free(
                                rend_encoded_v2_service_descriptor_t *desc);
 void rend_intro_point_free(rend_intro_point_t *intro);
 
-void rend_cache_init(void);
-void rend_cache_clean(time_t now);
-void rend_cache_clean_v2_descs_as_dir(time_t now);
-void rend_cache_purge(void);
-void rend_cache_free_all(void);
 int rend_valid_service_id(const char *query);
-int rend_cache_lookup_entry(const char *query, int version,
-                            rend_cache_entry_t **entry_out);
-int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc);
-/** Return value from rend_cache_store_v2_desc_as_{dir,client}. */
-typedef enum {
-  RCS_NOTDIR = -2, /**< We're not a directory */
-  RCS_BADDESC = -1, /**< This descriptor is no good. */
-  RCS_OKAY = 0 /**< All worked as expected */
-} rend_cache_store_status_t;
-
-rend_cache_store_status_t rend_cache_store_v2_desc_as_dir(const char *desc);
-rend_cache_store_status_t rend_cache_store_v2_desc_as_client(const char *desc,
-                                       const rend_data_t *rend_query);
-
+int rend_valid_descriptor_id(const char *query);
 int rend_encode_v2_descriptors(smartlist_t *descs_out,
                                rend_service_descriptor_t *desc, time_t now,
                                uint8_t period, rend_auth_type_t auth_type,
@@ -59,10 +53,20 @@ int rend_encode_v2_descriptors(smartlist_t *descs_out,
 int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
                             const char *descriptor_cookie,
                             time_t now, uint8_t replica);
-int rend_id_is_in_interval(const char *a, const char *b, const char *c);
 void rend_get_descriptor_id_bytes(char *descriptor_id_out,
                                   const char *service_id,
                                   const char *secret_id_part);
+int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
+                                         const char *id);
 
+rend_data_t *rend_data_dup(const rend_data_t *data);
+rend_data_t *rend_data_client_create(const char *onion_address,
+                                     const char *desc_id,
+                                     const char *cookie,
+                                     rend_auth_type_t auth_type);
+rend_data_t *rend_data_service_create(const char *onion_address,
+                                      const char *pk_digest,
+                                      const uint8_t *cookie,
+                                      rend_auth_type_t auth_type);
 #endif
 
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index 0e1f91c302..a33ad92966 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -80,7 +80,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
     goto err;
   }
 
-  /* The request is valid.  First, compute the hash of Bob's PK.*/
+  /* The request is valid.  First, compute the hash of the service's PK.*/
   if (crypto_pk_get_digest(pk, pk_digest)<0) {
     log_warn(LD_BUG, "Internal error: couldn't hash public key.");
     goto err;
@@ -178,7 +178,8 @@ rend_mid_introduce(or_circuit_t *circ, const uint8_t *request,
   base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
                 (char*)request, REND_SERVICE_ID_LEN);
 
-  /* The first 20 bytes are all we look at: they have a hash of Bob's PK. */
+  /* The first 20 bytes are all we look at: they have a hash of the service's
+   * PK. */
   intro_circ = circuit_get_intro_point((const uint8_t*)request);
   if (!intro_circ) {
     log_info(LD_REND,
@@ -202,7 +203,7 @@ rend_mid_introduce(or_circuit_t *circ, const uint8_t *request,
              "Unable to send INTRODUCE2 cell to Tor client.");
     goto err;
   }
-  /* And sent an ack down Alice's circuit.  Empty body means succeeded. */
+  /* And send an ack down the client's circuit.  Empty body means succeeded. */
   if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
                                    RELAY_COMMAND_INTRODUCE_ACK,
                                    NULL,0,NULL)) {
@@ -213,7 +214,7 @@ rend_mid_introduce(or_circuit_t *circ, const uint8_t *request,
 
   return 0;
  err:
-  /* Send the client an NACK */
+  /* Send the client a NACK */
   nak_body[0] = 1;
   if (relay_send_command_from_edge(0,TO_CIRCUIT(circ),
                                    RELAY_COMMAND_INTRODUCE_ACK,
@@ -295,6 +296,7 @@ int
 rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
                     size_t request_len)
 {
+  const or_options_t *options = get_options();
   or_circuit_t *rend_circ;
   char hexid[9];
   int reason = END_CIRC_REASON_INTERNAL;
@@ -330,7 +332,13 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
     goto err;
   }
 
-  /* Send the RENDEZVOUS2 cell to Alice. */
+  /* Statistics: Mark this circuit as an RP circuit so that we collect
+     stats from it. */
+  if (options->HiddenServiceStatistics) {
+    circ->circuit_carries_hs_traffic_stats = 1;
+  }
+
+  /* Send the RENDEZVOUS2 cell to the client. */
   if (relay_send_command_from_edge(0, TO_CIRCUIT(rend_circ),
                                    RELAY_COMMAND_RENDEZVOUS2,
                                    (char*)(request+REND_COOKIE_LEN),
diff --git a/src/or/rendmid.h b/src/or/rendmid.h
index 310276ac96..10d1287085 100644
--- a/src/or/rendmid.h
+++ b/src/or/rendmid.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index d958de9df9..0a5b5efd54 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -15,7 +15,9 @@
 #include "circuitlist.h"
 #include "circuituse.h"
 #include "config.h"
+#include "control.h"
 #include "directory.h"
+#include "main.h"
 #include "networkstatus.h"
 #include "nodelist.h"
 #include "rendclient.h"
@@ -29,21 +31,29 @@
 #include "routerparse.h"
 #include "routerset.h"
 
+struct rend_service_t;
 static origin_circuit_t *find_intro_circuit(rend_intro_point_t *intro,
                                             const char *pk_digest);
 static rend_intro_point_t *find_intro_point(origin_circuit_t *circ);
+static rend_intro_point_t *find_expiring_intro_point(
+    struct rend_service_t *service, origin_circuit_t *circ);
 
 static extend_info_t *find_rp_for_intro(
     const rend_intro_cell_t *intro,
-    uint8_t *need_free_out, char **err_msg_out);
+    char **err_msg_out);
 
 static int intro_point_accepted_intro_count(rend_intro_point_t *intro);
 static int intro_point_should_expire_now(rend_intro_point_t *intro,
                                          time_t now);
-struct rend_service_t;
+static int rend_service_derive_key_digests(struct rend_service_t *s);
 static int rend_service_load_keys(struct rend_service_t *s);
 static int rend_service_load_auth_keys(struct rend_service_t *s,
                                        const char *hfname);
+static struct rend_service_t *rend_service_get_by_pk_digest(
+    const char* digest);
+static struct rend_service_t *rend_service_get_by_service_id(const char *id);
+static const char *rend_service_escaped_dir(
+    const struct rend_service_t *s);
 
 static ssize_t rend_service_parse_intro_for_v0_or_v1(
     rend_intro_cell_t *intro,
@@ -64,16 +74,26 @@ static ssize_t rend_service_parse_intro_for_v3(
 /** Represents the mapping from a virtual port of a rendezvous service to
  * a real port on some IP.
  */
-typedef struct rend_service_port_config_t {
+struct rend_service_port_config_s {
+  /* The incoming HS virtual port we're mapping */
   uint16_t virtual_port;
+  /* Is this an AF_UNIX port? */
+  unsigned int is_unix_addr:1;
+  /* The outgoing TCP port to use, if !is_unix_addr */
   uint16_t real_port;
+  /* The outgoing IPv4 or IPv6 address to use, if !is_unix_addr */
   tor_addr_t real_addr;
-} rend_service_port_config_t;
+  /* The socket path to connect to, if is_unix_addr */
+  char unix_addr[FLEXIBLE_ARRAY_MEMBER];
+};
 
 /** Try to maintain this many intro points per service by default. */
 #define NUM_INTRO_POINTS_DEFAULT 3
-/** Maintain no more than this many intro points per hidden service. */
+/** Maximum number of intro points per service. */
 #define NUM_INTRO_POINTS_MAX 10
+/** Number of extra intro points we launch if our set of intro nodes is
+ * empty. See proposal 155, section 4. */
+#define NUM_INTRO_POINTS_EXTRA 2
 
 /** If we can't build our intro circuits, don't retry for this long. */
 #define INTRO_CIRC_RETRY_PERIOD (60*5)
@@ -82,19 +102,18 @@ typedef struct rend_service_port_config_t {
 #define MAX_INTRO_CIRCS_PER_PERIOD 10
 /** How many times will a hidden service operator attempt to connect to
  * a requested rendezvous point before giving up? */
-#define MAX_REND_FAILURES 8
+#define MAX_REND_FAILURES 1
 /** How many seconds should we spend trying to connect to a requested
  * rendezvous point before giving up? */
 #define MAX_REND_TIMEOUT 30
 
-/** How many seconds should we wait for new HS descriptors to reach
- * our clients before we close an expiring intro point? */
-#define INTRO_POINT_EXPIRATION_GRACE_PERIOD (5*60)
-
 /** Represents a single hidden service running at this OP. */
 typedef struct rend_service_t {
   /* Fields specified in config file */
-  char *directory; /**< where in the filesystem it stores it */
+  char *directory; /**< where in the filesystem it stores it. Will be NULL if
+                    * this service is ephemeral. */
+  int dir_group_readable; /**< if 1, allow group read
+                             permissions on directory */
   smartlist_t *ports; /**< List of rend_service_port_config_t */
   rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client
                                * authorization is performed. */
@@ -108,6 +127,10 @@ typedef struct rend_service_t {
   char pk_digest[DIGEST_LEN]; /**< Hash of permanent hidden-service key. */
   smartlist_t *intro_nodes; /**< List of rend_intro_point_t's we have,
                              * or are trying to establish. */
+  /** List of rend_intro_point_t that are expiring. They are removed once
+   * the new descriptor is successfully uploaded. A node in this list CAN
+   * NOT appear in the intro_nodes list. */
+  smartlist_t *expiring_nodes;
   time_t intro_period_started; /**< Start of the current period to build
                                 * introduction points. */
   int n_intro_circuits_launched; /**< Count of intro circuits we have
@@ -126,8 +149,26 @@ typedef struct rend_service_t {
    * when they do, this keeps us from launching multiple simultaneous attempts
    * to connect to the same rend point. */
   replaycache_t *accepted_intro_dh_parts;
+  /** If true, we don't close circuits for making requests to unsupported
+   * ports. */
+  int allow_unknown_ports;
+  /** The maximum number of simultanious streams-per-circuit that are allowed
+   * to be established, or 0 if no limit is set.
+   */
+  int max_streams_per_circuit;
+  /** If true, we close circuits that exceed the max_streams_per_circuit
+   * limit.  */
+  int max_streams_close_circuit;
 } rend_service_t;
 
+/** Returns a escaped string representation of the service, <b>s</b>.
+ */
+static const char *
+rend_service_escaped_dir(const struct rend_service_t *s)
+{
+  return (s->directory) ? escaped(s->directory) : "[EPHEMERAL]";
+}
+
 /** A list of rend_service_t's for services run on this OP.
  */
 static smartlist_t *rend_service_list = NULL;
@@ -141,17 +182,6 @@ num_rend_services(void)
   return smartlist_len(rend_service_list);
 }
 
-/** Return a string identifying <b>service</b>, suitable for use in a
- * log message.  The result does not need to be freed, but may be
- * overwritten by the next call to this function. */
-static const char *
-rend_service_describe_for_log(rend_service_t *service)
-{
-  /* XXX024 Use this function throughout rendservice.c. */
-  /* XXX024 Return a more useful description? */
-  return safe_str_client(service->service_id);
-}
-
 /** Helper: free storage held by a single service authorized client entry. */
 static void
 rend_authorized_client_free(rend_authorized_client_t *client)
@@ -160,7 +190,7 @@ rend_authorized_client_free(rend_authorized_client_t *client)
     return;
   if (client->client_key)
     crypto_pk_free(client->client_key);
-  tor_strclear(client->client_name);
+  memwipe(client->client_name, 0, strlen(client->client_name));
   tor_free(client->client_name);
   memwipe(client->descriptor_cookie, 0, sizeof(client->descriptor_cookie));
   tor_free(client);
@@ -182,7 +212,8 @@ rend_service_free(rend_service_t *service)
     return;
 
   tor_free(service->directory);
-  SMARTLIST_FOREACH(service->ports, void*, p, tor_free(p));
+  SMARTLIST_FOREACH(service->ports, rend_service_port_config_t*, p,
+                    rend_service_port_config_free(p));
   smartlist_free(service->ports);
   if (service->private_key)
     crypto_pk_free(service->private_key);
@@ -191,6 +222,11 @@ rend_service_free(rend_service_t *service)
       rend_intro_point_free(intro););
     smartlist_free(service->intro_nodes);
   }
+  if (service->expiring_nodes) {
+    SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *, intro,
+                      rend_intro_point_free(intro););
+    smartlist_free(service->expiring_nodes);
+  }
 
   rend_service_descriptor_free(service->desc);
   if (service->clients) {
@@ -219,29 +255,49 @@ rend_service_free_all(void)
 }
 
 /** Validate <b>service</b> and add it to rend_service_list if possible.
+ * Return 0 on success.  On failure, free <b>service</b> and return -1.
  */
-static void
+static int
 rend_add_service(rend_service_t *service)
 {
   int i;
   rend_service_port_config_t *p;
 
   service->intro_nodes = smartlist_new();
+  service->expiring_nodes = smartlist_new();
+
+  if (service->max_streams_per_circuit < 0) {
+    log_warn(LD_CONFIG, "Hidden service (%s) configured with negative max "
+                        "streams per circuit; ignoring.",
+             rend_service_escaped_dir(service));
+    rend_service_free(service);
+    return -1;
+  }
+
+  if (service->max_streams_close_circuit < 0 ||
+      service->max_streams_close_circuit > 1) {
+    log_warn(LD_CONFIG, "Hidden service (%s) configured with invalid "
+                        "max streams handling; ignoring.",
+             rend_service_escaped_dir(service));
+    rend_service_free(service);
+    return -1;
+  }
 
   if (service->auth_type != REND_NO_AUTH &&
       smartlist_len(service->clients) == 0) {
     log_warn(LD_CONFIG, "Hidden service (%s) with client authorization but no "
                         "clients; ignoring.",
-             escaped(service->directory));
+             rend_service_escaped_dir(service));
     rend_service_free(service);
-    return;
+    return -1;
   }
 
   if (!smartlist_len(service->ports)) {
     log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured; "
              "ignoring.",
-             escaped(service->directory));
+             rend_service_escaped_dir(service));
     rend_service_free(service);
+    return -1;
   } else {
     int dupe = 0;
     /* XXX This duplicate check has two problems:
@@ -259,56 +315,102 @@ rend_add_service(rend_service_t *service)
      * lock file.  But this is enough to detect a simple mistake that
      * at least one person has actually made.
      */
-    SMARTLIST_FOREACH(rend_service_list, rend_service_t*, ptr,
-                      dupe = dupe ||
-                             !strcmp(ptr->directory, service->directory));
-    if (dupe) {
-      log_warn(LD_REND, "Another hidden service is already configured for "
-               "directory %s, ignoring.", service->directory);
-      rend_service_free(service);
-      return;
+    if (service->directory != NULL) { /* Skip dupe for ephemeral services. */
+      SMARTLIST_FOREACH(rend_service_list, rend_service_t*, ptr,
+                        dupe = dupe ||
+                               !strcmp(ptr->directory, service->directory));
+      if (dupe) {
+        log_warn(LD_REND, "Another hidden service is already configured for "
+                 "directory %s, ignoring.",
+                 rend_service_escaped_dir(service));
+        rend_service_free(service);
+        return -1;
+      }
     }
     smartlist_add(rend_service_list, service);
     log_debug(LD_REND,"Configuring service with directory \"%s\"",
               service->directory);
     for (i = 0; i < smartlist_len(service->ports); ++i) {
       p = smartlist_get(service->ports, i);
-      log_debug(LD_REND,"Service maps port %d to %s",
-                p->virtual_port, fmt_addrport(&p->real_addr, p->real_port));
+      if (!(p->is_unix_addr)) {
+        log_debug(LD_REND,
+                  "Service maps port %d to %s",
+                  p->virtual_port,
+                  fmt_addrport(&p->real_addr, p->real_port));
+      } else {
+#ifdef HAVE_SYS_UN_H
+        log_debug(LD_REND,
+                  "Service maps port %d to socket at \"%s\"",
+                  p->virtual_port, p->unix_addr);
+#else
+        log_debug(LD_REND,
+                  "Service maps port %d to an AF_UNIX socket, but we "
+                  "have no AF_UNIX support on this platform.  This is "
+                  "probably a bug.",
+                  p->virtual_port);
+#endif /* defined(HAVE_SYS_UN_H) */
+      }
     }
+    return 0;
   }
+  /* NOTREACHED */
 }
 
-/** Parses a real-port to virtual-port mapping and returns a new
- * rend_service_port_config_t.
+/** Return a new rend_service_port_config_t with its path set to
+ * <b>socket_path</b> or empty if <b>socket_path</b> is NULL */
+static rend_service_port_config_t *
+rend_service_port_config_new(const char *socket_path)
+{
+  if (!socket_path)
+    return tor_malloc_zero(sizeof(rend_service_port_config_t) + 1);
+
+  const size_t pathlen = strlen(socket_path) + 1;
+  rend_service_port_config_t *conf =
+    tor_malloc_zero(sizeof(rend_service_port_config_t) + pathlen);
+  memcpy(conf->unix_addr, socket_path, pathlen);
+  conf->is_unix_addr = 1;
+  return conf;
+}
+
+/** Parses a real-port to virtual-port mapping separated by the provided
+ * separator and returns a new rend_service_port_config_t, or NULL and an
+ * optional error string on failure.
  *
- * The format is: VirtualPort (IP|RealPort|IP:RealPort)?
+ * The format is: VirtualPort SEP (IP|RealPort|IP:RealPort|'socket':path)?
  *
  * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
  */
-static rend_service_port_config_t *
-parse_port_config(const char *string)
+rend_service_port_config_t *
+rend_service_parse_port_config(const char *string, const char *sep,
+                               char **err_msg_out)
 {
   smartlist_t *sl;
   int virtport;
-  int realport;
+  int realport = 0;
   uint16_t p;
   tor_addr_t addr;
   const char *addrport;
   rend_service_port_config_t *result = NULL;
+  unsigned int is_unix_addr = 0;
+  char *socket_path = NULL;
+  char *err_msg = NULL;
 
   sl = smartlist_new();
-  smartlist_split_string(sl, string, " ",
+  smartlist_split_string(sl, string, sep,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   if (smartlist_len(sl) < 1 || smartlist_len(sl) > 2) {
-    log_warn(LD_CONFIG, "Bad syntax in hidden service port configuration.");
+    if (err_msg_out)
+      err_msg = tor_strdup("Bad syntax in hidden service port configuration.");
+
     goto err;
   }
 
   virtport = (int)tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL);
   if (!virtport) {
-    log_warn(LD_CONFIG, "Missing or invalid port %s in hidden service port "
-             "configuration", escaped(smartlist_get(sl,0)));
+    if (err_msg_out)
+      tor_asprintf(&err_msg, "Missing or invalid port %s in hidden service "
+                   "port configuration", escaped(smartlist_get(sl,0)));
+
     goto err;
   }
 
@@ -317,11 +419,27 @@ parse_port_config(const char *string)
     realport = virtport;
     tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */
   } else {
+    int ret;
+
     addrport = smartlist_get(sl,1);
-    if (strchr(addrport, ':') || strchr(addrport, '.')) {
+    ret = config_parse_unix_port(addrport, &socket_path);
+    if (ret < 0 && ret != -ENOENT) {
+      if (ret == -EINVAL)
+        if (err_msg_out)
+          err_msg = tor_strdup("Empty socket path in hidden service port "
+                               "configuration.");
+
+      goto err;
+    }
+    if (socket_path) {
+      is_unix_addr = 1;
+    } else if (strchr(addrport, ':') || strchr(addrport, '.')) {
+      /* else try it as an IP:port pair if it has a : or . in it */
       if (tor_addr_port_lookup(addrport, &addr, &p)<0) {
-        log_warn(LD_CONFIG,"Unparseable address in hidden service port "
-                 "configuration.");
+        if (err_msg_out)
+          err_msg = tor_strdup("Unparseable address in hidden service port "
+                               "configuration.");
+
         goto err;
       }
       realport = p?p:virtport;
@@ -329,24 +447,43 @@ parse_port_config(const char *string)
       /* No addr:port, no addr -- must be port. */
       realport = (int)tor_parse_long(addrport, 10, 1, 65535, NULL, NULL);
       if (!realport) {
-        log_warn(LD_CONFIG,"Unparseable or out-of-range port %s in hidden "
-                 "service port configuration.", escaped(addrport));
+        if (err_msg_out)
+          tor_asprintf(&err_msg, "Unparseable or out-of-range port %s in "
+                       "hidden service port configuration.",
+                       escaped(addrport));
+
         goto err;
       }
       tor_addr_from_ipv4h(&addr, 0x7F000001u); /* Default to 127.0.0.1 */
     }
   }
 
-  result = tor_malloc(sizeof(rend_service_port_config_t));
+  /* Allow room for unix_addr */
+  result = rend_service_port_config_new(socket_path);
   result->virtual_port = virtport;
-  result->real_port = realport;
-  tor_addr_copy(&result->real_addr, &addr);
+  result->is_unix_addr = is_unix_addr;
+  if (!is_unix_addr) {
+    result->real_port = realport;
+    tor_addr_copy(&result->real_addr, &addr);
+    result->unix_addr[0] = '\0';
+  }
+
  err:
+  if (err_msg_out) *err_msg_out = err_msg;
   SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
   smartlist_free(sl);
+  if (socket_path) tor_free(socket_path);
+
   return result;
 }
 
+/** Release all storage held in a rend_service_port_config_t. */
+void
+rend_service_port_config_free(rend_service_port_config_t *p)
+{
+  tor_free(p);
+}
+
 /** Set up rend_service_list, based on the values of HiddenServiceDir and
  * HiddenServicePort in <b>options</b>.  Return 0 on success and -1 on
  * failure.  (If <b>validate_only</b> is set, parse, warn and return as
@@ -359,6 +496,7 @@ rend_config_services(const or_options_t *options, int validate_only)
   rend_service_t *service = NULL;
   rend_service_port_config_t *portcfg;
   smartlist_t *old_service_list = NULL;
+  int ok = 0;
 
   if (!validate_only) {
     old_service_list = rend_service_list;
@@ -369,7 +507,7 @@ rend_config_services(const or_options_t *options, int validate_only)
     if (!strcasecmp(line->key, "HiddenServiceDir")) {
       if (service) { /* register the one we just finished parsing */
         if (validate_only)
-          rend_service_free(service);
+           rend_service_free(service);
         else
           rend_add_service(service);
       }
@@ -387,12 +525,87 @@ rend_config_services(const or_options_t *options, int validate_only)
       return -1;
     }
     if (!strcasecmp(line->key, "HiddenServicePort")) {
-      portcfg = parse_port_config(line->value);
+      char *err_msg = NULL;
+      portcfg = rend_service_parse_port_config(line->value, " ", &err_msg);
       if (!portcfg) {
+        if (err_msg)
+          log_warn(LD_CONFIG, "%s", err_msg);
+        tor_free(err_msg);
         rend_service_free(service);
         return -1;
       }
+      tor_assert(!err_msg);
       smartlist_add(service->ports, portcfg);
+    } else if (!strcasecmp(line->key, "HiddenServiceAllowUnknownPorts")) {
+      service->allow_unknown_ports = (int)tor_parse_long(line->value,
+                                                        10, 0, 1, &ok, NULL);
+      if (!ok) {
+        log_warn(LD_CONFIG,
+                 "HiddenServiceAllowUnknownPorts should be 0 or 1, not %s",
+                 line->value);
+        rend_service_free(service);
+        return -1;
+      }
+      log_info(LD_CONFIG,
+               "HiddenServiceAllowUnknownPorts=%d for %s",
+               (int)service->allow_unknown_ports, service->directory);
+    } else if (!strcasecmp(line->key,
+                           "HiddenServiceDirGroupReadable")) {
+        service->dir_group_readable = (int)tor_parse_long(line->value,
+                                                        10, 0, 1, &ok, NULL);
+        if (!ok) {
+            log_warn(LD_CONFIG,
+                     "HiddenServiceDirGroupReadable should be 0 or 1, not %s",
+                     line->value);
+            rend_service_free(service);
+            return -1;
+        }
+        log_info(LD_CONFIG,
+                 "HiddenServiceDirGroupReadable=%d for %s",
+                 service->dir_group_readable, service->directory);
+    } else if (!strcasecmp(line->key, "HiddenServiceMaxStreams")) {
+      service->max_streams_per_circuit = (int)tor_parse_long(line->value,
+                                                    10, 0, 65535, &ok, NULL);
+      if (!ok) {
+        log_warn(LD_CONFIG,
+                 "HiddenServiceMaxStreams should be between 0 and %d, not %s",
+                 65535, line->value);
+        rend_service_free(service);
+        return -1;
+      }
+      log_info(LD_CONFIG,
+               "HiddenServiceMaxStreams=%d for %s",
+               service->max_streams_per_circuit, service->directory);
+    } else if (!strcasecmp(line->key, "HiddenServiceMaxStreamsCloseCircuit")) {
+      service->max_streams_close_circuit = (int)tor_parse_long(line->value,
+                                                        10, 0, 1, &ok, NULL);
+      if (!ok) {
+        log_warn(LD_CONFIG,
+                 "HiddenServiceMaxStreamsCloseCircuit should be 0 or 1, "
+                 "not %s",
+                 line->value);
+        rend_service_free(service);
+        return -1;
+      }
+      log_info(LD_CONFIG,
+               "HiddenServiceMaxStreamsCloseCircuit=%d for %s",
+               (int)service->max_streams_close_circuit, service->directory);
+    } else if (!strcasecmp(line->key, "HiddenServiceNumIntroductionPoints")) {
+      service->n_intro_points_wanted =
+        (unsigned int) tor_parse_long(line->value, 10,
+                                      NUM_INTRO_POINTS_DEFAULT,
+                                      NUM_INTRO_POINTS_MAX, &ok, NULL);
+      if (!ok) {
+        log_warn(LD_CONFIG,
+                 "HiddenServiceNumIntroductionPoints "
+                 "should be between %d and %d, not %s",
+                 NUM_INTRO_POINTS_DEFAULT, NUM_INTRO_POINTS_MAX,
+                 line->value);
+        rend_service_free(service);
+        return -1;
+      }
+      log_info(LD_CONFIG, "HiddenServiceNumIntroductionPoints=%d for %s",
+               service->n_intro_points_wanted, service->directory);
     } else if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) {
       /* Parse auth type and comma-separated list of client names and add a
        * rend_authorized_client_t for each client to the service's list
@@ -513,10 +726,21 @@ rend_config_services(const or_options_t *options, int validate_only)
     }
   }
   if (service) {
-    if (validate_only)
+    cpd_check_t check_opts = CPD_CHECK_MODE_ONLY|CPD_CHECK;
+    if (service->dir_group_readable) {
+      check_opts |= CPD_GROUP_READ;
+    }
+
+    if (check_private_dir(service->directory, check_opts, options->User) < 0) {
       rend_service_free(service);
-    else
+      return -1;
+    }
+
+    if (validate_only) {
+      rend_service_free(service);
+    } else {
       rend_add_service(service);
+    }
   }
 
   /* If this is a reload and there were hidden services configured before,
@@ -524,16 +748,40 @@ rend_config_services(const or_options_t *options, int validate_only)
    * other ones. */
   if (old_service_list && !validate_only) {
     smartlist_t *surviving_services = smartlist_new();
-    circuit_t *circ;
+
+    /* Preserve the existing ephemeral services.
+     *
+     * This is the ephemeral service equivalent of the "Copy introduction
+     * points to new services" block, except there's no copy required since
+     * the service structure isn't regenerated.
+     *
+     * After this is done, all ephemeral services will be:
+     *  * Removed from old_service_list, so the equivalent non-ephemeral code
+     *    will not attempt to preserve them.
+     *  * Added to the new rend_service_list (that previously only had the
+     *    services listed in the configuration).
+     *  * Added to surviving_services, which is the list of services that
+     *    will NOT have their intro point closed.
+     */
+    SMARTLIST_FOREACH(old_service_list, rend_service_t *, old, {
+      if (!old->directory) {
+        SMARTLIST_DEL_CURRENT(old_service_list, old);
+        smartlist_add(surviving_services, old);
+        smartlist_add(rend_service_list, old);
+      }
+    });
 
     /* Copy introduction points to new services. */
     /* XXXX This is O(n^2), but it's only called on reconfigure, so it's
      * probably ok? */
     SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, new) {
       SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) {
-        if (!strcmp(old->directory, new->directory)) {
+        if (new->directory && old->directory &&
+            !strcmp(old->directory, new->directory)) {
           smartlist_add_all(new->intro_nodes, old->intro_nodes);
           smartlist_clear(old->intro_nodes);
+          smartlist_add_all(new->expiring_nodes, old->expiring_nodes);
+          smartlist_clear(old->expiring_nodes);
           smartlist_add(surviving_services, old);
           break;
         }
@@ -544,7 +792,7 @@ rend_config_services(const or_options_t *options, int validate_only)
     /* XXXX it would be nicer if we had a nicer abstraction to use here,
      * so we could just iterate over the list of services to close, but
      * once again, this isn't critical-path code. */
-    TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+    SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
       if (!circ->marked_for_close &&
           circ->state == CIRCUIT_STATE_OPEN &&
           (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
@@ -569,6 +817,7 @@ rend_config_services(const or_options_t *options, int validate_only)
         /* XXXX Is there another reason we should use here? */
       }
     }
+    SMARTLIST_FOREACH_END(circ);
     smartlist_free(surviving_services);
     SMARTLIST_FOREACH(old_service_list, rend_service_t *, ptr,
                       rend_service_free(ptr));
@@ -578,6 +827,124 @@ rend_config_services(const or_options_t *options, int validate_only)
   return 0;
 }
 
+/** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, with
+ * <b>max_streams_per_circuit</b> streams allowed per rendezvous circuit,
+ * and circuit closure on max streams being exceeded set by
+ * <b>max_streams_close_circuit</b>.
+ *
+ * Regardless of sucess/failure, callers should not touch pk/ports after
+ * calling this routine, and may assume that correct cleanup has been done
+ * on failure.
+ *
+ * Return an appropriate rend_service_add_ephemeral_status_t.
+ */
+rend_service_add_ephemeral_status_t
+rend_service_add_ephemeral(crypto_pk_t *pk,
+                           smartlist_t *ports,
+                           int max_streams_per_circuit,
+                           int max_streams_close_circuit,
+                           char **service_id_out)
+{
+  *service_id_out = NULL;
+  /* Allocate the service structure, and initialize the key, and key derived
+   * parameters.
+   */
+  rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t));
+  s->directory = NULL; /* This indicates the service is ephemeral. */
+  s->private_key = pk;
+  s->auth_type = REND_NO_AUTH;
+  s->ports = ports;
+  s->intro_period_started = time(NULL);
+  s->n_intro_points_wanted = NUM_INTRO_POINTS_DEFAULT;
+  s->max_streams_per_circuit = max_streams_per_circuit;
+  s->max_streams_close_circuit = max_streams_close_circuit;
+  if (rend_service_derive_key_digests(s) < 0) {
+    rend_service_free(s);
+    return RSAE_BADPRIVKEY;
+  }
+
+  if (!s->ports || smartlist_len(s->ports) == 0) {
+    log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified.");
+    rend_service_free(s);
+    return RSAE_BADVIRTPORT;
+  }
+
+  /* Enforcing pk/id uniqueness should be done by rend_service_load_keys(), but
+   * it's not, see #14828.
+   */
+  if (rend_service_get_by_pk_digest(s->pk_digest)) {
+    log_warn(LD_CONFIG, "Onion Service private key collides with an "
+             "existing service.");
+    rend_service_free(s);
+    return RSAE_ADDREXISTS;
+  }
+  if (rend_service_get_by_service_id(s->service_id)) {
+    log_warn(LD_CONFIG, "Onion Service id collides with an existing service.");
+    rend_service_free(s);
+    return RSAE_ADDREXISTS;
+  }
+
+  /* Initialize the service. */
+  if (rend_add_service(s)) {
+    return RSAE_INTERNAL;
+  }
+  *service_id_out = tor_strdup(s->service_id);
+
+  log_debug(LD_CONFIG, "Added ephemeral Onion Service: %s", s->service_id);
+  return RSAE_OKAY;
+}
+
+/** Remove the ephemeral service <b>service_id</b> if possible.  Returns 0 on
+ * success, and -1 on failure.
+ */
+int
+rend_service_del_ephemeral(const char *service_id)
+{
+  rend_service_t *s;
+  if (!rend_valid_service_id(service_id)) {
+    log_warn(LD_CONFIG, "Requested malformed Onion Service id for removal.");
+    return -1;
+  }
+  if ((s = rend_service_get_by_service_id(service_id)) == NULL) {
+    log_warn(LD_CONFIG, "Requested non-existent Onion Service id for "
+             "removal.");
+    return -1;
+  }
+  if (s->directory) {
+    log_warn(LD_CONFIG, "Requested non-ephemeral Onion Service for removal.");
+    return -1;
+  }
+
+  /* Kill the intro point circuit for the Onion Service, and remove it from
+   * the list.  Closing existing connections is the application's problem.
+   *
+   * XXX: As with the comment in rend_config_services(), a nice abstraction
+   * would be ideal here, but for now just duplicate the code.
+   */
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
+    if (!circ->marked_for_close &&
+        circ->state == CIRCUIT_STATE_OPEN &&
+        (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
+         circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
+      origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
+      tor_assert(oc->rend_data);
+      if (!tor_memeq(s->pk_digest, oc->rend_data->rend_pk_digest, DIGEST_LEN))
+        continue;
+      log_debug(LD_REND, "Closing intro point %s for service %s.",
+                safe_str_client(extend_info_describe(
+                                          oc->build_state->chosen_exit)),
+                oc->rend_data->onion_address);
+      circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
+    }
+  } SMARTLIST_FOREACH_END(circ);
+  smartlist_remove(rend_service_list, s);
+  rend_service_free(s);
+
+  log_debug(LD_CONFIG, "Removed ephemeral Onion Service: %s", service_id);
+
+  return 0;
+}
+
 /** Replace the old value of <b>service</b>-\>desc with one that reflects
  * the other fields in service.
  */
@@ -606,11 +973,6 @@ rend_service_update_descriptor(rend_service_t *service)
     /* This intro point won't be listed in the descriptor... */
     intro_svc->listed_in_last_desc = 0;
 
-    if (intro_svc->time_expiring != -1) {
-      /* This intro point is expiring.  Don't list it. */
-      continue;
-    }
-
     circ = find_intro_circuit(intro_svc, service->pk_digest);
     if (!circ || circ->base_.purpose != CIRCUIT_PURPOSE_S_INTRO) {
       /* This intro point's circuit isn't finished yet.  Don't list it. */
@@ -662,6 +1024,7 @@ rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
 {
   tor_assert(lst);
   tor_assert(s);
+  tor_assert(s->directory);
   smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"private_key",
                          s->directory);
   smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"hostname",
@@ -680,11 +1043,31 @@ rend_services_add_filenames_to_lists(smartlist_t *open_lst,
   if (!rend_service_list)
     return;
   SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
-    rend_service_add_filenames_to_list(open_lst, s);
-    smartlist_add(stat_lst, tor_strdup(s->directory));
+    if (s->directory) {
+      rend_service_add_filenames_to_list(open_lst, s);
+      smartlist_add(stat_lst, tor_strdup(s->directory));
+    }
   } SMARTLIST_FOREACH_END(s);
 }
 
+/** Derive all rend_service_t internal material based on the service's key.
+ * Returns 0 on sucess, -1 on failure.
+ */
+static int
+rend_service_derive_key_digests(struct rend_service_t *s)
+{
+  if (rend_get_service_id(s->private_key, s->service_id)<0) {
+    log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
+    return -1;
+  }
+  if (crypto_pk_get_digest(s->private_key, s->pk_digest)<0) {
+    log_warn(LD_BUG, "Couldn't compute hash of public key.");
+    return -1;
+  }
+
+  return 0;
+}
+
 /** Load and/or generate private keys for the hidden service <b>s</b>,
  * possibly including keys for client authorization.  Return 0 on success, -1
  * on failure. */
@@ -693,10 +1076,23 @@ rend_service_load_keys(rend_service_t *s)
 {
   char fname[512];
   char buf[128];
+  cpd_check_t  check_opts = CPD_CREATE;
 
+  if (s->dir_group_readable) {
+    check_opts |= CPD_GROUP_READ;
+  }
   /* Check/create directory */
-  if (check_private_dir(s->directory, CPD_CREATE, get_options()->User) < 0)
+  if (check_private_dir(s->directory, check_opts, get_options()->User) < 0) {
     return -1;
+  }
+#ifndef _WIN32
+  if (s->dir_group_readable) {
+    /* Only new dirs created get new opts, also enforce group read. */
+    if (chmod(s->directory, 0750)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", s->directory);
+    }
+  }
+#endif
 
   /* Load key */
   if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
@@ -706,19 +1102,14 @@ rend_service_load_keys(rend_service_t *s)
              s->directory);
     return -1;
   }
-  s->private_key = init_key_from_file(fname, 1, LOG_ERR);
+  s->private_key = init_key_from_file(fname, 1, LOG_ERR, 0);
   if (!s->private_key)
     return -1;
 
-  /* Create service file */
-  if (rend_get_service_id(s->private_key, s->service_id)<0) {
-    log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
+  if (rend_service_derive_key_digests(s) < 0)
     return -1;
-  }
-  if (crypto_pk_get_digest(s->private_key, s->pk_digest)<0) {
-    log_warn(LD_BUG, "Couldn't compute hash of public key.");
-    return -1;
-  }
+
+  /* Create service file */
   if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
       strlcat(fname,PATH_SEPARATOR"hostname",sizeof(fname))
       >= sizeof(fname)) {
@@ -733,6 +1124,15 @@ rend_service_load_keys(rend_service_t *s)
     memwipe(buf, 0, sizeof(buf));
     return -1;
   }
+#ifndef _WIN32
+  if (s->dir_group_readable) {
+    /* Also verify hostname file created with group read. */
+    if (chmod(fname, 0640))
+      log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.",
+               fname);
+  }
+#endif
+
   memwipe(buf, 0, sizeof(buf));
 
   /* If client authorization is configured, load or generate keys. */
@@ -812,7 +1212,7 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
     }
     if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
                       client->descriptor_cookie,
-                      REND_DESC_COOKIE_LEN) < 0) {
+                      REND_DESC_COOKIE_LEN, 0) < 0) {
       log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
       goto err;
     }
@@ -839,7 +1239,6 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
       client->client_key = prkey;
     }
     /* Add entry to client_keys file. */
-    desc_cook_out[strlen(desc_cook_out)-1] = '\0'; /* Remove newline. */
     written = tor_snprintf(buf, sizeof(buf),
                            "client-name %s\ndescriptor-cookie %s\n",
                            client->client_name, desc_cook_out);
@@ -894,12 +1293,11 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
         ((int)s->auth_type - 1) << 4;
       if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
                         extended_desc_cookie,
-                        REND_DESC_COOKIE_LEN+1) < 0) {
+                        REND_DESC_COOKIE_LEN+1, 0) < 0) {
         log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
         goto err;
       }
-      desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove A= and
-                                                        newline. */
+      desc_cook_out[strlen(desc_cook_out)-2] = '\0'; /* Remove A=. */
       tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n",
                    service_id, desc_cook_out, client->client_name);
     }
@@ -923,7 +1321,7 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
     abort_writing_to_file(open_hfile);
  done:
   if (client_keys_str) {
-    tor_strclear(client_keys_str);
+    memwipe(client_keys_str, 0, strlen(client_keys_str));
     tor_free(client_keys_str);
   }
   strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
@@ -951,6 +1349,20 @@ rend_service_get_by_pk_digest(const char* digest)
   return NULL;
 }
 
+/** Return the service whose service id is <b>id</b>, or NULL if no such
+ * service exists.
+ */
+static struct rend_service_t *
+rend_service_get_by_service_id(const char *id)
+{
+  tor_assert(strlen(id) == REND_SERVICE_ID_LEN_BASE32);
+  SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s, {
+    if (tor_memeq(s->service_id, id, REND_SERVICE_ID_LEN_BASE32))
+      return s;
+  });
+  return NULL;
+}
+
 /** Return 1 if any virtual port in <b>service</b> wants a circuit
  * to have good uptime. Else return 0.
  */
@@ -1004,7 +1416,7 @@ rend_check_authorization(rend_service_t *service,
   if (!auth_client) {
     char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
     base64_encode(descriptor_cookie_base64, sizeof(descriptor_cookie_base64),
-                  descriptor_cookie, REND_DESC_COOKIE_LEN);
+                  descriptor_cookie, REND_DESC_COOKIE_LEN, 0);
     log_info(LD_REND, "No authorization found for descriptor cookie '%s'! "
                       "Dropping cell!",
              descriptor_cookie_base64);
@@ -1012,111 +1424,11 @@ rend_check_authorization(rend_service_t *service,
   }
 
   /* Allow the request. */
-  log_debug(LD_REND, "Client %s authorized for service %s.",
-            auth_client->client_name, service->service_id);
+  log_info(LD_REND, "Client %s authorized for service %s.",
+           auth_client->client_name, service->service_id);
   return 1;
 }
 
-/** Called when <b>intro</b> will soon be removed from
- * <b>service</b>'s list of intro points. */
-static void
-rend_service_note_removing_intro_point(rend_service_t *service,
-                                       rend_intro_point_t *intro)
-{
-  time_t now = time(NULL);
-
-  /* Don't process an intro point twice here. */
-  if (intro->rend_service_note_removing_intro_point_called) {
-    return;
-  } else {
-    intro->rend_service_note_removing_intro_point_called = 1;
-  }
-
-  /* Update service->n_intro_points_wanted based on how long intro
-   * lasted and how many introductions it handled. */
-  if (intro->time_published == -1) {
-    /* This intro point was never used.  Don't change
-     * n_intro_points_wanted. */
-  } else {
-    /* We want to increase the number of introduction points service
-     * operates if intro was heavily used, or decrease the number of
-     * intro points if intro was lightly used.
-     *
-     * We consider an intro point's target 'usage' to be
-     * INTRO_POINT_LIFETIME_INTRODUCTIONS introductions in
-     * INTRO_POINT_LIFETIME_MIN_SECONDS seconds.  To calculate intro's
-     * fraction of target usage, we divide the fraction of
-     * _LIFETIME_INTRODUCTIONS introductions that it has handled by
-     * the fraction of _LIFETIME_MIN_SECONDS for which it existed.
-     *
-     * Then we multiply that fraction of desired usage by a fudge
-     * factor of 1.5, to decide how many new introduction points
-     * should ideally replace intro (which is now closed or soon to be
-     * closed).  In theory, assuming that introduction load is
-     * distributed equally across all intro points and ignoring the
-     * fact that different intro points are established and closed at
-     * different times, that number of intro points should bring all
-     * of our intro points exactly to our target usage.
-     *
-     * Then we clamp that number to a number of intro points we might
-     * be willing to replace this intro point with and turn it into an
-     * integer. then we clamp it again to the number of new intro
-     * points we could establish now, then we adjust
-     * service->n_intro_points_wanted and let rend_services_introduce
-     * create the new intro points we want (if any).
-     */
-    const double intro_point_usage =
-      intro_point_accepted_intro_count(intro) /
-      (double)(now - intro->time_published);
-    const double intro_point_target_usage =
-      INTRO_POINT_LIFETIME_INTRODUCTIONS /
-      (double)INTRO_POINT_LIFETIME_MIN_SECONDS;
-    const double fractional_n_intro_points_wanted_to_replace_this_one =
-      (1.5 * (intro_point_usage / intro_point_target_usage));
-    unsigned int n_intro_points_wanted_to_replace_this_one;
-    unsigned int n_intro_points_wanted_now;
-    unsigned int n_intro_points_really_wanted_now;
-    int n_intro_points_really_replacing_this_one;
-
-    if (fractional_n_intro_points_wanted_to_replace_this_one >
-        NUM_INTRO_POINTS_MAX) {
-      n_intro_points_wanted_to_replace_this_one = NUM_INTRO_POINTS_MAX;
-    } else if (fractional_n_intro_points_wanted_to_replace_this_one < 0) {
-      n_intro_points_wanted_to_replace_this_one = 0;
-    } else {
-      n_intro_points_wanted_to_replace_this_one = (unsigned)
-        fractional_n_intro_points_wanted_to_replace_this_one;
-    }
-
-    n_intro_points_wanted_now =
-      service->n_intro_points_wanted +
-      n_intro_points_wanted_to_replace_this_one - 1;
-
-    if (n_intro_points_wanted_now < NUM_INTRO_POINTS_DEFAULT) {
-      /* XXXX This should be NUM_INTRO_POINTS_MIN instead.  Perhaps
-       * another use of NUM_INTRO_POINTS_DEFAULT should be, too. */
-      n_intro_points_really_wanted_now = NUM_INTRO_POINTS_DEFAULT;
-    } else if (n_intro_points_wanted_now > NUM_INTRO_POINTS_MAX) {
-      n_intro_points_really_wanted_now = NUM_INTRO_POINTS_MAX;
-    } else {
-      n_intro_points_really_wanted_now = n_intro_points_wanted_now;
-    }
-
-    n_intro_points_really_replacing_this_one =
-      n_intro_points_really_wanted_now - service->n_intro_points_wanted + 1;
-
-    log_info(LD_REND, "Replacing closing intro point for service %s "
-             "with %d new intro points (wanted %g replacements); "
-             "service will now try to have %u intro points",
-             rend_service_describe_for_log(service),
-             n_intro_points_really_replacing_this_one,
-             fractional_n_intro_points_wanted_to_replace_this_one,
-             n_intro_points_really_wanted_now);
-
-    service->n_intro_points_wanted = n_intro_points_really_wanted_now;
-  }
-}
-
 /******
  * Handle cells
  ******/
@@ -1125,13 +1437,15 @@ rend_service_note_removing_intro_point(rend_service_t *service,
  * rendezvous point.
  */
 int
-rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
-                       size_t request_len)
+rend_service_receive_introduction(origin_circuit_t *circuit,
+                                  const uint8_t *request,
+                                  size_t request_len)
 {
   /* Global status stuff */
   int status = 0, result;
   const or_options_t *options = get_options();
   char *err_msg = NULL;
+  int err_msg_severity = LOG_WARN;
   const char *stage_descr = NULL;
   int reason = END_CIRC_REASON_TORPROTOCOL;
   /* Service/circuit/key stuff we can learn before parsing */
@@ -1143,13 +1457,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   rend_intro_cell_t *parsed_req = NULL;
   /* Rendezvous point */
   extend_info_t *rp = NULL;
-  /*
-   * We need to look up and construct the extend_info_t for v0 and v1,
-   * but all the info is in the cell and it's constructed by the parser
-   * for v2 and v3, so freeing it would be a double-free.  Use this to
-   * keep track of whether we should free it.
-   */
-  uint8_t need_rp_free = 0;
   /* XXX not handled yet */
   char buf[RELAY_PAYLOAD_SIZE];
   char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
@@ -1193,12 +1500,15 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
 
   intro_point = find_intro_point(circuit);
   if (intro_point == NULL) {
-    log_warn(LD_BUG,
-             "Internal error: Got an INTRODUCE2 cell on an "
-             "intro circ (for service %s) with no corresponding "
-             "rend_intro_point_t.",
-             escaped(serviceid));
-    goto err;
+    intro_point = find_expiring_intro_point(service, circuit);
+    if (intro_point == NULL) {
+      log_warn(LD_BUG,
+               "Internal error: Got an INTRODUCE2 cell on an "
+               "intro circ (for service %s) with no corresponding "
+               "rend_intro_point_t.",
+               escaped(serviceid));
+      goto err;
+    }
   }
 
   log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %u.",
@@ -1222,17 +1532,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     tor_free(err_msg);
   }
 
-  stage_descr = "early validation";
-  /* Early validation of pk/ciphertext part */
-  result = rend_service_validate_intro_early(parsed_req, &err_msg);
-  if (result < 0) {
-    goto log_error;
-  } else if (err_msg) {
-    log_info(LD_REND, "%s on circ %u.", err_msg,
-             (unsigned)circuit->base_.n_circ_id);
-    tor_free(err_msg);
-  }
-
   /* make sure service replay caches are present */
   if (!service->accepted_intro_dh_parts) {
     service->accepted_intro_dh_parts =
@@ -1297,9 +1596,11 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   ++(intro_point->accepted_introduce2_count);
 
   /* Find the rendezvous point */
-  rp = find_rp_for_intro(parsed_req, &need_rp_free, &err_msg);
-  if (!rp)
+  rp = find_rp_for_intro(parsed_req, &err_msg);
+  if (!rp) {
+    err_msg_severity = LOG_PROTOCOL_WARN;
     goto log_error;
+  }
 
   /* Check if we'd refuse to talk to this router */
   if (options->StrictNodes &&
@@ -1378,7 +1679,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   /* help predict this next time */
   rep_hist_note_used_internal(now, circ_needs_uptime, 1);
 
-  /* Launch a circuit to alice's chosen rendezvous point.
+  /* Launch a circuit to the client's chosen rendezvous point.
    */
   for (i=0;i<MAX_REND_FAILURES;i++) {
     int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL;
@@ -1404,13 +1705,11 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
            hexcookie, serviceid);
   tor_assert(launched->build_state);
   /* Fill in the circuit's state. */
-  launched->rend_data = tor_malloc_zero(sizeof(rend_data_t));
-  memcpy(launched->rend_data->rend_pk_digest,
-         circuit->rend_data->rend_pk_digest,
-         DIGEST_LEN);
-  memcpy(launched->rend_data->rend_cookie, parsed_req->rc, REND_COOKIE_LEN);
-  strlcpy(launched->rend_data->onion_address, service->service_id,
-          sizeof(launched->rend_data->onion_address));
+
+  launched->rend_data =
+    rend_data_service_create(service->service_id,
+                             circuit->rend_data->rend_pk_digest,
+                             parsed_req->rc, service->auth_type);
 
   launched->build_state->service_pending_final_cpath_ref =
     tor_malloc_zero(sizeof(crypt_path_reference_t));
@@ -1439,7 +1738,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     }
   }
 
-  log_warn(LD_REND, "%s on circ %u", err_msg,
+  log_fn(err_msg_severity, LD_REND, "%s on circ %u", err_msg,
            (unsigned)circuit->base_.n_circ_id);
  err:
   status = -1;
@@ -1456,32 +1755,27 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   memwipe(hexcookie, 0, sizeof(hexcookie));
 
   /* Free the parsed cell */
-  if (parsed_req) {
-    rend_service_free_intro(parsed_req);
-    parsed_req = NULL;
-  }
+  rend_service_free_intro(parsed_req);
 
-  /* Free rp if we must */
-  if (need_rp_free) extend_info_free(rp);
+  /* Free rp */
+  extend_info_free(rp);
 
   return status;
 }
 
 /** Given a parsed and decrypted INTRODUCE2, find the rendezvous point or
- * return NULL and an error string if we can't.
- */
-
+ * return NULL and an error string if we can't. Return a newly allocated
+ * extend_info_t* for the rendezvous point. */
 static extend_info_t *
 find_rp_for_intro(const rend_intro_cell_t *intro,
-                  uint8_t *need_free_out, char **err_msg_out)
+                  char **err_msg_out)
 {
   extend_info_t *rp = NULL;
   char *err_msg = NULL;
   const char *rp_nickname = NULL;
   const node_t *node = NULL;
-  uint8_t need_free = 0;
 
-  if (!intro || !need_free_out) {
+  if (!intro) {
     if (err_msg_out)
       err_msg = tor_strdup("Bad parameters to find_rp_for_intro()");
 
@@ -1489,8 +1783,7 @@ find_rp_for_intro(const rend_intro_cell_t *intro,
   }
 
   if (intro->version == 0 || intro->version == 1) {
-    if (intro->version == 1) rp_nickname = (const char *)(intro->u.v1.rp);
-    else rp_nickname = (const char *)(intro->u.v0.rp);
+    rp_nickname = (const char *)(intro->u.v0_v1.rp);
 
     node = node_get_by_nickname(rp_nickname, 0);
     if (!node) {
@@ -1507,19 +1800,17 @@ find_rp_for_intro(const rend_intro_cell_t *intro,
     if (!rp) {
       if (err_msg_out) {
         tor_asprintf(&err_msg,
-                     "Could build extend_info_t for router %s named "
+                     "Couldn't build extend_info_t for router %s named "
                      "in INTRODUCE2 cell",
                      escaped_safe_str_client(rp_nickname));
       }
 
       goto err;
-    } else {
-      need_free = 1;
     }
   } else if (intro->version == 2) {
-    rp = intro->u.v2.extend_info;
+    rp = extend_info_dup(intro->u.v2.extend_info);
   } else if (intro->version == 3) {
-    rp = intro->u.v3.extend_info;
+    rp = extend_info_dup(intro->u.v3.extend_info);
   } else {
     if (err_msg_out) {
       tor_asprintf(&err_msg,
@@ -1530,15 +1821,27 @@ find_rp_for_intro(const rend_intro_cell_t *intro,
     goto err;
   }
 
+  /* Make sure the RP we are being asked to connect to is _not_ a private
+   * address unless it's allowed. Let's avoid to build a circuit to our
+   * second middle node and fail right after when extending to the RP. */
+  if (!extend_info_addr_is_allowed(&rp->addr)) {
+    if (err_msg_out) {
+      tor_asprintf(&err_msg,
+                   "Relay IP in INTRODUCE2 cell is private address.");
+    }
+    extend_info_free(rp);
+    rp = NULL;
+    goto err;
+  }
   goto done;
 
  err:
-  if (err_msg_out) *err_msg_out = err_msg;
-  else tor_free(err_msg);
+  if (err_msg_out)
+    *err_msg_out = err_msg;
+  else
+    tor_free(err_msg);
 
  done:
-  if (rp && need_free_out) *need_free_out = need_free;
-
   return rp;
 }
 
@@ -1549,7 +1852,6 @@ void
 rend_service_free_intro(rend_intro_cell_t *request)
 {
   if (!request) {
-    log_info(LD_BUG, "rend_service_free_intro() called with NULL request!");
     return;
   }
 
@@ -1658,8 +1960,9 @@ rend_service_begin_parse_intro(const uint8_t *request,
   goto done;
 
  err:
-  if (rv) rend_service_free_intro(rv);
+  rend_service_free_intro(rv);
   rv = NULL;
+
   if (err_msg_out && !err_msg) {
     tor_asprintf(&err_msg,
                  "unknown INTRODUCE%d error",
@@ -1739,11 +2042,7 @@ rend_service_parse_intro_for_v0_or_v1(
     goto err;
   }
 
-  if (intro->version == 1) {
-    memcpy(intro->u.v1.rp, rp_nickname, endptr - rp_nickname + 1);
-  } else {
-    memcpy(intro->u.v0.rp, rp_nickname, endptr - rp_nickname + 1);
-  }
+  memcpy(intro->u.v0_v1.rp, rp_nickname, endptr - rp_nickname + 1);
 
   return ver_specific_len;
 
@@ -1767,7 +2066,7 @@ rend_service_parse_intro_for_v2(
 
   /*
    * We accept version 3 too so that the v3 parser can call this with
-   * and adjusted buffer for the latter part of a v3 cell, which is
+   * an adjusted buffer for the latter part of a v3 cell, which is
    * identical to a v2 cell.
    */
   if (!(intro->version == 2 ||
@@ -2005,7 +2304,7 @@ rend_service_decrypt_intro(
   char service_id[REND_SERVICE_ID_LEN_BASE32+1];
   ssize_t key_len;
   uint8_t buf[RELAY_PAYLOAD_SIZE];
-  int result, status = 0;
+  int result, status = -1;
 
   if (!intro || !key) {
     if (err_msg_out) {
@@ -2084,6 +2383,8 @@ rend_service_decrypt_intro(
   intro->plaintext = tor_malloc(intro->plaintext_len);
   memcpy(intro->plaintext, buf, intro->plaintext_len);
 
+  status = 0;
+
   goto done;
 
  err:
@@ -2092,7 +2393,6 @@ rend_service_decrypt_intro(
                  "unknown INTRODUCE%d error decrypting encrypted part",
                  intro ? (int)(intro->type) : -1);
   }
-  if (status >= 0) status = -1;
 
  done:
   if (err_msg_out) *err_msg_out = err_msg;
@@ -2119,7 +2419,7 @@ rend_service_parse_intro_plaintext(
   char *err_msg = NULL;
   ssize_t ver_specific_len, ver_invariant_len;
   uint8_t version;
-  int status = 0;
+  int status = -1;
 
   if (!intro) {
     if (err_msg_out) {
@@ -2178,6 +2478,7 @@ rend_service_parse_intro_plaintext(
         (int)(intro->type),
         (long)(intro->plaintext_len));
     status = -6;
+    goto err;
   } else {
     memcpy(intro->rc,
            intro->plaintext + ver_specific_len,
@@ -2190,6 +2491,7 @@ rend_service_parse_intro_plaintext(
   /* Flag it as being fully parsed */
   intro->parsed = 1;
 
+  status = 0;
   goto done;
 
  err:
@@ -2198,7 +2500,6 @@ rend_service_parse_intro_plaintext(
                  "unknown INTRODUCE%d error parsing encrypted part",
                  intro ? (int)(intro->type) : -1);
   }
-  if (status >= 0) status = -1;
 
  done:
   if (err_msg_out) *err_msg_out = err_msg;
@@ -2207,37 +2508,6 @@ rend_service_parse_intro_plaintext(
   return status;
 }
 
-/** Do validity checks on a parsed intro cell before decryption; some of
- * these are not done in rend_service_begin_parse_intro() itself because
- * they depend on a lot of other state and would make it hard to unit test.
- * Returns >= 0 if successful or < 0 if the intro cell is invalid, and
- * optionally writes out an error message for logging.  If an err_msg
- * pointer is provided, it is the caller's responsibility to free any
- * provided message.
- */
-
-int
-rend_service_validate_intro_early(const rend_intro_cell_t *intro,
-                                  char **err_msg_out)
-{
-  int status = 0;
-
-  if (!intro) {
-    if (err_msg_out)
-      *err_msg_out =
-        tor_strdup("NULL intro cell passed to "
-                   "rend_service_validate_intro_early()");
-
-    status = -1;
-    goto err;
-  }
-
-  /* TODO */
-
- err:
-  return status;
-}
-
 /** Do validity checks on a parsed intro cell after decryption; some of
  * these are not done in rend_service_parse_intro_plaintext() itself because
  * they depend on a lot of other state and would make it hard to unit test.
@@ -2372,50 +2642,54 @@ rend_service_launch_establish_intro(rend_service_t *service,
              safe_str_client(extend_info_describe(intro->extend_info)));
     return -1;
   }
+  /* We must have the same exit node even if cannibalized. */
+  tor_assert(tor_memeq(intro->extend_info->identity_digest,
+                       launched->build_state->chosen_exit->identity_digest,
+                       DIGEST_LEN));
 
-  if (tor_memneq(intro->extend_info->identity_digest,
-      launched->build_state->chosen_exit->identity_digest, DIGEST_LEN)) {
-    char cann[HEX_DIGEST_LEN+1], orig[HEX_DIGEST_LEN+1];
-    base16_encode(cann, sizeof(cann),
-                  launched->build_state->chosen_exit->identity_digest,
-                  DIGEST_LEN);
-    base16_encode(orig, sizeof(orig),
-                  intro->extend_info->identity_digest, DIGEST_LEN);
-    log_info(LD_REND, "The intro circuit we just cannibalized ends at $%s, "
-                      "but we requested an intro circuit to $%s. Updating "
-                      "our service.", cann, orig);
-    extend_info_free(intro->extend_info);
-    intro->extend_info = extend_info_dup(launched->build_state->chosen_exit);
-  }
-
-  launched->rend_data = tor_malloc_zero(sizeof(rend_data_t));
-  strlcpy(launched->rend_data->onion_address, service->service_id,
-          sizeof(launched->rend_data->onion_address));
-  memcpy(launched->rend_data->rend_pk_digest, service->pk_digest, DIGEST_LEN);
+  launched->rend_data = rend_data_service_create(service->service_id,
+                                                 service->pk_digest, NULL,
+                                                 service->auth_type);
   launched->intro_key = crypto_pk_dup_key(intro->intro_key);
   if (launched->base_.state == CIRCUIT_STATE_OPEN)
     rend_service_intro_has_opened(launched);
   return 0;
 }
 
-/** Return the number of introduction points that are or have been
- * established for the given service address in <b>query</b>. */
-static int
-count_established_intro_points(const char *query)
+/** Return the number of introduction points that are established for the
+ * given service. */
+static unsigned int
+count_established_intro_points(const rend_service_t *service)
 {
-  int num_ipos = 0;
-  circuit_t *circ;
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  unsigned int num = 0;
+
+  SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro,
+    num += intro->circuit_established
+  );
+  return num;
+}
+
+/** Return the number of introduction points that are or are being
+ * established for the given service. This function iterates over all
+ * circuit and count those that are linked to the service and are waiting
+ * for the intro point to respond. */
+static unsigned int
+count_intro_point_circuits(const rend_service_t *service)
+{
+  unsigned int num_ipos = 0;
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     if (!circ->marked_for_close &&
         circ->state == CIRCUIT_STATE_OPEN &&
         (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
          circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
       origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
       if (oc->rend_data &&
-          !rend_cmp_service_ids(query, oc->rend_data->onion_address))
+          !rend_cmp_service_ids(service->service_id,
+                                oc->rend_data->onion_address))
         num_ipos++;
     }
   }
+  SMARTLIST_FOREACH_END(circ);
   return num_ipos;
 }
 
@@ -2448,16 +2722,27 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
                 circuit->rend_data->rend_pk_digest);
   if (!service) {
     log_warn(LD_REND, "Unrecognized service ID %s on introduction circuit %u.",
-             serviceid, (unsigned)circuit->base_.n_circ_id);
+             safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id);
     reason = END_CIRC_REASON_NOSUCHSERVICE;
     goto err;
   }
 
   /* If we already have enough introduction circuits for this service,
-   * redefine this one as a general circuit or close it, depending. */
-  if (count_established_intro_points(serviceid) >
-      (int)service->n_intro_points_wanted) { /* XXX023 remove cast */
+   * redefine this one as a general circuit or close it, depending.
+   * Substract the amount of expiring nodes here since the circuits are
+   * still opened. */
+  if ((count_intro_point_circuits(service) -
+       smartlist_len(service->expiring_nodes)) >
+      service->n_intro_points_wanted) {
     const or_options_t *options = get_options();
+    /* Remove the intro point associated with this circuit, it's being
+     * repurposed or closed thus cleanup memory. */
+    rend_intro_point_t *intro = find_intro_point(circuit);
+    if (intro != NULL) {
+      smartlist_remove(service->intro_nodes, intro);
+      rend_intro_point_free(intro);
+    }
+
     if (options->ExcludeNodes) {
       /* XXXX in some future version, we can test whether the transition is
          allowed or not given the actual nodes in the circuit.  But for now,
@@ -2556,6 +2841,7 @@ rend_service_intro_established(origin_circuit_t *circuit,
                                size_t request_len)
 {
   rend_service_t *service;
+  rend_intro_point_t *intro;
   char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
   (void) request;
   (void) request_len;
@@ -2573,11 +2859,24 @@ rend_service_intro_established(origin_circuit_t *circuit,
              (unsigned)circuit->base_.n_circ_id);
     goto err;
   }
+  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
+                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
+  /* We've just successfully established a intro circuit to one of our
+   * introduction point, account for it. */
+  intro = find_intro_point(circuit);
+  if (intro == NULL) {
+    log_warn(LD_REND,
+             "Introduction circuit established without a rend_intro_point_t "
+             "object for service %s on circuit %u",
+             safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id);
+    goto err;
+  }
+  intro->circuit_established = 1;
+  /* We might not have every introduction point ready but at this point we
+   * know that the descriptor needs to be uploaded. */
   service->desc_is_dirty = time(NULL);
   circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO);
 
-  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
-                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
   log_info(LD_REND,
            "Received INTRO_ESTABLISHED cell on circuit %u for service %s",
            (unsigned)circuit->base_.n_circ_id, serviceid);
@@ -2688,7 +2987,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
   /* Append the cpath entry. */
   hop->state = CPATH_STATE_OPEN;
   /* set the windows to default. these are the windows
-   * that bob thinks alice has.
+   * that the service thinks the client has.
    */
   hop->package_window = circuit_initial_package_window();
   hop->deliver_window = CIRCWINDOW_START;
@@ -2747,6 +3046,24 @@ find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest)
   return NULL;
 }
 
+/** Return the corresponding introdution point using the circuit <b>circ</b>
+ * found in the <b>service</b>. NULL is returned if not found. */
+static rend_intro_point_t *
+find_expiring_intro_point(rend_service_t *service, origin_circuit_t *circ)
+{
+  tor_assert(service);
+  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
+             TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
+
+  SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *,
+                    intro_point,
+    if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
+      return intro_point;
+  });
+
+  return NULL;
+}
+
 /** Return a pointer to the rend_intro_point_t corresponding to the
  * service-side introduction circuit <b>circ</b>. */
 static rend_intro_point_t *
@@ -2776,14 +3093,16 @@ find_intro_point(origin_circuit_t *circ)
   return NULL;
 }
 
-/** Determine the responsible hidden service directories for the
- * rend_encoded_v2_service_descriptor_t's in <b>descs</b> and upload them;
- * <b>service_id</b> and <b>seconds_valid</b> are only passed for logging
- * purposes. */
-static void
+/** Upload the rend_encoded_v2_service_descriptor_t's in <b>descs</b>
+ * associated with the rend_service_descriptor_t <b>renddesc</b> to
+ * the responsible hidden service directories OR the hidden service
+ * directories specified by <b>hs_dirs</b>; <b>service_id</b> and
+ * <b>seconds_valid</b> are only passed for logging purposes.
+ */
+void
 directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
-                         smartlist_t *descs, const char *service_id,
-                         int seconds_valid)
+                         smartlist_t *descs, smartlist_t *hs_dirs,
+                         const char *service_id, int seconds_valid)
 {
   int i, j, failed_upload = 0;
   smartlist_t *responsible_dirs = smartlist_new();
@@ -2791,19 +3110,27 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
   routerstatus_t *hs_dir;
   for (i = 0; i < smartlist_len(descs); i++) {
     rend_encoded_v2_service_descriptor_t *desc = smartlist_get(descs, i);
-    /* Determine responsible dirs. */
-    if (hid_serv_get_responsible_directories(responsible_dirs,
-                                             desc->desc_id) < 0) {
-      log_warn(LD_REND, "Could not determine the responsible hidden service "
-                        "directories to post descriptors to.");
-      smartlist_free(responsible_dirs);
-      smartlist_free(successful_uploads);
-      return;
+    /** If any HSDirs are specified, they should be used instead of
+     *  the responsible directories */
+    if (hs_dirs && smartlist_len(hs_dirs) > 0) {
+      smartlist_add_all(responsible_dirs, hs_dirs);
+    } else {
+      /* Determine responsible dirs. */
+      if (hid_serv_get_responsible_directories(responsible_dirs,
+                                               desc->desc_id) < 0) {
+        log_warn(LD_REND, "Could not determine the responsible hidden service "
+                          "directories to post descriptors to.");
+        control_event_hs_descriptor_upload(service_id,
+                                           "UNKNOWN",
+                                           "UNKNOWN");
+        goto done;
+      }
     }
     for (j = 0; j < smartlist_len(responsible_dirs); j++) {
       char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
       char *hs_dir_ip;
       const node_t *node;
+      rend_data_t *rend_data;
       hs_dir = smartlist_get(responsible_dirs, j);
       if (smartlist_contains_digest(renddesc->successful_uploads,
                                 hs_dir->identity_digest))
@@ -2819,12 +3146,19 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
         continue;
       }
       /* Send publish request. */
-      directory_initiate_command_routerstatus(hs_dir,
+
+      /* We need the service ID to identify which service did the upload
+       * request. Lookup is made in rend_service_desc_has_uploaded(). */
+      rend_data = rend_data_client_create(service_id, desc->desc_id, NULL,
+                                          REND_NO_AUTH);
+      directory_initiate_command_routerstatus_rend(hs_dir,
                                               DIR_PURPOSE_UPLOAD_RENDDESC_V2,
-                                              ROUTER_PURPOSE_GENERAL,
-                                              DIRIND_ANONYMOUS, NULL,
-                                              desc->desc_str,
-                                              strlen(desc->desc_str), 0);
+                                                   ROUTER_PURPOSE_GENERAL,
+                                                   DIRIND_ANONYMOUS, NULL,
+                                                   desc->desc_str,
+                                                   strlen(desc->desc_str),
+                                                   0, rend_data);
+      rend_data_free(rend_data);
       base32_encode(desc_id_base32, sizeof(desc_id_base32),
                     desc->desc_id, DIGEST_LEN);
       hs_dir_ip = tor_dup_ip(hs_dir->addr);
@@ -2838,6 +3172,9 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
                hs_dir->nickname,
                hs_dir_ip,
                hs_dir->or_port);
+      control_event_hs_descriptor_upload(service_id,
+                                         hs_dir->identity_digest,
+                                         desc_id_base32);
       tor_free(hs_dir_ip);
       /* Remember successful upload to this router for next time. */
       if (!smartlist_contains_digest(successful_uploads,
@@ -2865,6 +3202,7 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
       }
     });
   }
+ done:
   smartlist_free(responsible_dirs);
   smartlist_free(successful_uploads);
 }
@@ -2882,39 +3220,72 @@ upload_service_descriptor(rend_service_t *service)
 
   rendpostperiod = get_options()->RendPostPeriod;
 
-  /* Upload descriptor? */
-  if (get_options()->PublishHidServDescriptors) {
-    networkstatus_t *c = networkstatus_get_latest_consensus();
-    if (c && smartlist_len(c->routerstatus_list) > 0) {
-      int seconds_valid, i, j, num_descs;
-      smartlist_t *descs = smartlist_new();
-      smartlist_t *client_cookies = smartlist_new();
-      /* Either upload a single descriptor (including replicas) or one
-       * descriptor for each authorized client in case of authorization
-       * type 'stealth'. */
-      num_descs = service->auth_type == REND_STEALTH_AUTH ?
-                      smartlist_len(service->clients) : 1;
-      for (j = 0; j < num_descs; j++) {
-        crypto_pk_t *client_key = NULL;
-        rend_authorized_client_t *client = NULL;
-        smartlist_clear(client_cookies);
-        switch (service->auth_type) {
-          case REND_NO_AUTH:
-            /* Do nothing here. */
-            break;
-          case REND_BASIC_AUTH:
-            SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *,
-                cl, smartlist_add(client_cookies, cl->descriptor_cookie));
-            break;
-          case REND_STEALTH_AUTH:
-            client = smartlist_get(service->clients, j);
-            client_key = client->client_key;
-            smartlist_add(client_cookies, client->descriptor_cookie);
-            break;
-        }
-        /* Encode the current descriptor. */
+  networkstatus_t *c = networkstatus_get_latest_consensus();
+  if (c && smartlist_len(c->routerstatus_list) > 0) {
+    int seconds_valid, i, j, num_descs;
+    smartlist_t *descs = smartlist_new();
+    smartlist_t *client_cookies = smartlist_new();
+    /* Either upload a single descriptor (including replicas) or one
+     * descriptor for each authorized client in case of authorization
+     * type 'stealth'. */
+    num_descs = service->auth_type == REND_STEALTH_AUTH ?
+                    smartlist_len(service->clients) : 1;
+    for (j = 0; j < num_descs; j++) {
+      crypto_pk_t *client_key = NULL;
+      rend_authorized_client_t *client = NULL;
+      smartlist_clear(client_cookies);
+      switch (service->auth_type) {
+        case REND_NO_AUTH:
+          /* Do nothing here. */
+          break;
+        case REND_BASIC_AUTH:
+          SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *,
+              cl, smartlist_add(client_cookies, cl->descriptor_cookie));
+          break;
+        case REND_STEALTH_AUTH:
+          client = smartlist_get(service->clients, j);
+          client_key = client->client_key;
+          smartlist_add(client_cookies, client->descriptor_cookie);
+          break;
+      }
+      /* Encode the current descriptor. */
+      seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
+                                                 now, 0,
+                                                 service->auth_type,
+                                                 client_key,
+                                                 client_cookies);
+      if (seconds_valid < 0) {
+        log_warn(LD_BUG, "Internal error: couldn't encode service "
+                 "descriptor; not uploading.");
+        smartlist_free(descs);
+        smartlist_free(client_cookies);
+        return;
+      }
+      rend_get_service_id(service->desc->pk, serviceid);
+      if (get_options()->PublishHidServDescriptors) {
+        /* Post the current descriptors to the hidden service directories. */
+        log_info(LD_REND, "Launching upload for hidden service %s",
+                     serviceid);
+        directory_post_to_hs_dir(service->desc, descs, NULL, serviceid,
+                                 seconds_valid);
+      }
+      /* Free memory for descriptors. */
+      for (i = 0; i < smartlist_len(descs); i++)
+        rend_encoded_v2_service_descriptor_free(smartlist_get(descs, i));
+      smartlist_clear(descs);
+      /* Update next upload time. */
+      if (seconds_valid - REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
+          > rendpostperiod)
+        service->next_upload_time = now + rendpostperiod;
+      else if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS)
+        service->next_upload_time = now + seconds_valid + 1;
+      else
+        service->next_upload_time = now + seconds_valid -
+            REND_TIME_PERIOD_OVERLAPPING_V2_DESCS + 1;
+      /* Post also the next descriptors, if necessary. */
+      if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) {
         seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
-                                                   now, 0,
+                                                   now, 1,
                                                    service->auth_type,
                                                    client_key,
                                                    client_cookies);
@@ -2925,51 +3296,23 @@ upload_service_descriptor(rend_service_t *service)
           smartlist_free(client_cookies);
           return;
         }
-        /* Post the current descriptors to the hidden service directories. */
-        rend_get_service_id(service->desc->pk, serviceid);
-        log_info(LD_REND, "Launching upload for hidden service %s",
-                     serviceid);
-        directory_post_to_hs_dir(service->desc, descs, serviceid,
-                                 seconds_valid);
+        if (get_options()->PublishHidServDescriptors) {
+          directory_post_to_hs_dir(service->desc, descs, NULL, serviceid,
+                                   seconds_valid);
+        }
         /* Free memory for descriptors. */
         for (i = 0; i < smartlist_len(descs); i++)
           rend_encoded_v2_service_descriptor_free(smartlist_get(descs, i));
         smartlist_clear(descs);
-        /* Update next upload time. */
-        if (seconds_valid - REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
-            > rendpostperiod)
-          service->next_upload_time = now + rendpostperiod;
-        else if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS)
-          service->next_upload_time = now + seconds_valid + 1;
-        else
-          service->next_upload_time = now + seconds_valid -
-              REND_TIME_PERIOD_OVERLAPPING_V2_DESCS + 1;
-        /* Post also the next descriptors, if necessary. */
-        if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) {
-          seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
-                                                     now, 1,
-                                                     service->auth_type,
-                                                     client_key,
-                                                     client_cookies);
-          if (seconds_valid < 0) {
-            log_warn(LD_BUG, "Internal error: couldn't encode service "
-                     "descriptor; not uploading.");
-            smartlist_free(descs);
-            smartlist_free(client_cookies);
-            return;
-          }
-          directory_post_to_hs_dir(service->desc, descs, serviceid,
-                                   seconds_valid);
-          /* Free memory for descriptors. */
-          for (i = 0; i < smartlist_len(descs); i++)
-            rend_encoded_v2_service_descriptor_free(smartlist_get(descs, i));
-          smartlist_clear(descs);
-        }
       }
-      smartlist_free(descs);
-      smartlist_free(client_cookies);
-      uploaded = 1;
+    }
+    smartlist_free(descs);
+    smartlist_free(client_cookies);
+    uploaded = 1;
+    if (get_options()->PublishHidServDescriptors) {
       log_info(LD_REND, "Successfully uploaded v2 rend descriptors!");
+    } else {
+      log_info(LD_REND, "Successfully stored created v2 rend descriptors!");
     }
   }
 
@@ -3003,14 +3346,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
     return 0;
   }
 
-  if (intro->time_expiring != -1) {
-    /* We've already started expiring this intro point.  *Don't* let
-     * this function's result 'flap'. */
-    return 1;
-  }
-
   if (intro_point_accepted_intro_count(intro) >=
-      INTRO_POINT_LIFETIME_INTRODUCTIONS) {
+      intro->max_introductions) {
     /* This intro point has been used too many times.  Expire it now. */
     return 1;
   }
@@ -3019,9 +3356,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
     /* This intro point has been published, but we haven't picked an
      * expiration time for it.  Pick one now. */
     int intro_point_lifetime_seconds =
-      INTRO_POINT_LIFETIME_MIN_SECONDS +
-      crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
-                      INTRO_POINT_LIFETIME_MIN_SECONDS);
+      crypto_rand_int_range(INTRO_POINT_LIFETIME_MIN_SECONDS,
+                            INTRO_POINT_LIFETIME_MAX_SECONDS);
 
     /* Start the expiration timer now, rather than when the intro
      * point was first published.  There shouldn't be much of a time
@@ -3035,43 +3371,160 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
   return (now >= intro->time_to_expire);
 }
 
+/** Iterate over intro points in the given service and remove the invalid
+ * ones. For an intro point object to be considered invalid, the circuit
+ * _and_ node need to have disappeared.
+ *
+ * If the intro point should expire, it's placed into the expiring_nodes
+ * list of the service and removed from the active intro nodes list.
+ *
+ * If <b>exclude_nodes</b> is not NULL, add the valid nodes to it.
+ *
+ * If <b>retry_nodes</b> is not NULL, add the valid node to it if the
+ * circuit disappeared but the node is still in the consensus. */
+static void
+remove_invalid_intro_points(rend_service_t *service,
+                            smartlist_t *exclude_nodes,
+                            smartlist_t *retry_nodes, time_t now)
+{
+  tor_assert(service);
+
+  SMARTLIST_FOREACH_BEGIN(service->intro_nodes, rend_intro_point_t *,
+                          intro) {
+    /* Find the introduction point node object. */
+    const node_t *node =
+      node_get_by_id(intro->extend_info->identity_digest);
+    /* Find the intro circuit, this might be NULL. */
+    origin_circuit_t *intro_circ =
+      find_intro_circuit(intro, service->pk_digest);
+
+    /* Add the valid node to the exclusion list so we don't try to establish
+     * an introduction point to it again. */
+    if (node && exclude_nodes) {
+      smartlist_add(exclude_nodes, (void*) node);
+    }
+
+    /* First, make sure we still have a valid circuit for this intro point.
+     * If we dont, we'll give up on it and make a new one. */
+    if (intro_circ == NULL) {
+      log_info(LD_REND, "Attempting to retry on %s as intro point for %s"
+               " (circuit disappeared).",
+               safe_str_client(extend_info_describe(intro->extend_info)),
+               safe_str_client(service->service_id));
+      /* We've lost the circuit for this intro point, flag it so it can be
+       * accounted for when considiring uploading a descriptor. */
+      intro->circuit_established = 0;
+
+      /* Node is gone or we've reached our maximum circuit creationg retry
+       * count, clean up everything, we'll find a new one. */
+      if (node == NULL ||
+          intro->circuit_retries >= MAX_INTRO_POINT_CIRCUIT_RETRIES) {
+        rend_intro_point_free(intro);
+        SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
+        /* We've just killed the intro point, nothing left to do. */
+        continue;
+      }
+
+      /* The intro point is still alive so let's try to use it again because
+       * we have a published descriptor containing it. Keep the intro point
+       * in the intro_nodes list because it's still valid, we are rebuilding
+       * a circuit to it. */
+      if (retry_nodes) {
+        smartlist_add(retry_nodes, intro);
+      }
+    }
+    /* else, the circuit is valid so in both cases, node being alive or not,
+     * we leave the circuit and intro point object as is. Closing the
+     * circuit here would leak new consensus timing and freeing the intro
+     * point object would make the intro circuit unusable. */
+
+    /* Now, check if intro point should expire. If it does, queue it so
+     * it can be cleaned up once it has been replaced properly. */
+    if (intro_point_should_expire_now(intro, now)) {
+      log_info(LD_REND, "Expiring %s as intro point for %s.",
+               safe_str_client(extend_info_describe(intro->extend_info)),
+               safe_str_client(service->service_id));
+      smartlist_add(service->expiring_nodes, intro);
+      SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
+      /* Intro point is expired, we need a new one thus don't consider it
+       * anymore has a valid established intro point. */
+      intro->circuit_established = 0;
+    }
+  } SMARTLIST_FOREACH_END(intro);
+}
+
+/** A new descriptor has been successfully uploaded for the given
+ * <b>rend_data</b>. Remove and free the expiring nodes from the associated
+ * service. */
+void
+rend_service_desc_has_uploaded(const rend_data_t *rend_data)
+{
+  rend_service_t *service;
+
+  tor_assert(rend_data);
+
+  service = rend_service_get_by_service_id(rend_data->onion_address);
+  if (service == NULL) {
+    return;
+  }
+
+  SMARTLIST_FOREACH_BEGIN(service->expiring_nodes, rend_intro_point_t *,
+                          intro) {
+    origin_circuit_t *intro_circ =
+      find_intro_circuit(intro, service->pk_digest);
+    if (intro_circ != NULL) {
+      circuit_mark_for_close(TO_CIRCUIT(intro_circ),
+                             END_CIRC_REASON_FINISHED);
+    }
+    SMARTLIST_DEL_CURRENT(service->expiring_nodes, intro);
+    rend_intro_point_free(intro);
+  } SMARTLIST_FOREACH_END(intro);
+}
+
 /** For every service, check how many intro points it currently has, and:
+ *  - Invalidate introdution points based on specific criteria, see
+ *  remove_invalid_intro_points comments.
  *  - Pick new intro points as necessary.
  *  - Launch circuits to any new intro points.
+ *
+ * This is called once a second by the main loop.
  */
 void
-rend_services_introduce(void)
+rend_consider_services_intro_points(void)
 {
-  int i,j,r;
-  const node_t *node;
-  rend_service_t *service;
-  rend_intro_point_t *intro;
-  int intro_point_set_changed, prev_intro_nodes;
-  unsigned int n_intro_points_unexpired;
-  unsigned int n_intro_points_to_open;
-  smartlist_t *intro_nodes;
+  int i;
   time_t now;
   const or_options_t *options = get_options();
+  /* List of nodes we need to _exclude_ when choosing a new node to
+   * establish an intro point to. */
+  smartlist_t *exclude_nodes;
+  /* List of nodes we need to retry to build a circuit on them because the
+   * node is valid but circuit died. */
+  smartlist_t *retry_nodes;
+
+  if (!have_completed_a_circuit())
+    return;
 
-  intro_nodes = smartlist_new();
+  exclude_nodes = smartlist_new();
+  retry_nodes = smartlist_new();
   now = time(NULL);
 
-  for (i=0; i < smartlist_len(rend_service_list); ++i) {
-    smartlist_clear(intro_nodes);
-    service = smartlist_get(rend_service_list, i);
-
-    tor_assert(service);
-
-    /* intro_point_set_changed becomes non-zero iff the set of intro
-     * points to be published in service's descriptor has changed. */
-    intro_point_set_changed = 0;
-
-    /* n_intro_points_unexpired collects the number of non-expiring
-     * intro points we have, so that we know how many new intro
-     * circuits we need to launch for this service. */
-    n_intro_points_unexpired = 0;
-
-    if (now > service->intro_period_started+INTRO_CIRC_RETRY_PERIOD) {
+  SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, service) {
+    int r;
+    /* Number of intro points we want to open and add to the intro nodes
+     * list of the service. */
+    unsigned int n_intro_points_to_open;
+    /* Have an unsigned len so we can use it to compare values else gcc is
+     * not happy with unmatching signed comparaison. */
+    unsigned int intro_nodes_len;
+    /* Different service are allowed to have the same introduction point as
+     * long as they are on different circuit thus why we clear this list. */
+    smartlist_clear(exclude_nodes);
+    smartlist_clear(retry_nodes);
+
+    /* This retry period is important here so we don't stress circuit
+     * creation. */
+    if (now > service->intro_period_started + INTRO_CIRC_RETRY_PERIOD) {
       /* One period has elapsed; we can try building circuits again. */
       service->intro_period_started = now;
       service->n_intro_circuits_launched = 0;
@@ -3082,160 +3535,108 @@ rend_services_introduce(void)
       continue;
     }
 
-    /* Find out which introduction points we have in progress for this
-       service. */
-    SMARTLIST_FOREACH_BEGIN(service->intro_nodes, rend_intro_point_t *,
-                            intro) {
-      origin_circuit_t *intro_circ =
-        find_intro_circuit(intro, service->pk_digest);
-
-      if (intro->time_expiring + INTRO_POINT_EXPIRATION_GRACE_PERIOD > now) {
-        /* This intro point has completely expired.  Remove it, and
-         * mark the circuit for close if it's still alive. */
-        if (intro_circ != NULL &&
-            intro_circ->base_.purpose != CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
-          circuit_mark_for_close(TO_CIRCUIT(intro_circ),
-                                 END_CIRC_REASON_FINISHED);
-        }
-        rend_intro_point_free(intro);
-        intro = NULL; /* SMARTLIST_DEL_CURRENT takes a name, not a value. */
-        SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
-        /* We don't need to set intro_point_set_changed here, because
-         * this intro point wouldn't have been published in a current
-         * descriptor anyway. */
-        continue;
-      }
+    /* Cleanup the invalid intro points and save the node objects, if apply,
+     * in the exclude_nodes and retry_nodes list. */
+    remove_invalid_intro_points(service, exclude_nodes, retry_nodes, now);
 
-      node = node_get_by_id(intro->extend_info->identity_digest);
-      if (!node || !intro_circ) {
-        int removing_this_intro_point_changes_the_intro_point_set = 1;
-        log_info(LD_REND, "Giving up on %s as intro point for %s"
-                 " (circuit disappeared).",
+    /* Let's try to rebuild circuit on the nodes we want to retry on. */
+    SMARTLIST_FOREACH_BEGIN(retry_nodes, rend_intro_point_t *, intro) {
+      r = rend_service_launch_establish_intro(service, intro);
+      if (r < 0) {
+        log_warn(LD_REND, "Error launching circuit to node %s for service %s.",
                  safe_str_client(extend_info_describe(intro->extend_info)),
                  safe_str_client(service->service_id));
-        rend_service_note_removing_intro_point(service, intro);
-        if (intro->time_expiring != -1) {
-          log_info(LD_REND, "We were already expiring the intro point; "
-                   "no need to mark the HS descriptor as dirty over this.");
-          removing_this_intro_point_changes_the_intro_point_set = 0;
-        } else if (intro->listed_in_last_desc) {
-          log_info(LD_REND, "The intro point we are giving up on was "
-                   "included in the last published descriptor. "
-                   "Marking current descriptor as dirty.");
-          service->desc_is_dirty = now;
-        }
+        /* Unable to launch a circuit to that intro point, remove it from
+         * the valid list so we can create a new one. */
+        smartlist_remove(service->intro_nodes, intro);
         rend_intro_point_free(intro);
-        intro = NULL; /* SMARTLIST_DEL_CURRENT takes a name, not a value. */
-        SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
-        if (removing_this_intro_point_changes_the_intro_point_set)
-          intro_point_set_changed = 1;
-      }
-
-      if (intro != NULL && intro_point_should_expire_now(intro, now)) {
-        log_info(LD_REND, "Expiring %s as intro point for %s.",
-                 safe_str_client(extend_info_describe(intro->extend_info)),
-                 safe_str_client(service->service_id));
-
-        rend_service_note_removing_intro_point(service, intro);
-
-        /* The polite (and generally Right) way to expire an intro
-         * point is to establish a new one to replace it, publish a
-         * new descriptor that doesn't list any expiring intro points,
-         * and *then*, once our upload attempts for the new descriptor
-         * have ended (whether in success or failure), close the
-         * expiring intro points.
-         *
-         * Unfortunately, we can't find out when the new descriptor
-         * has actually been uploaded, so we'll have to settle for a
-         * five-minute timer.  Start it.  XXXX024 This sucks. */
-        intro->time_expiring = now;
-
-        intro_point_set_changed = 1;
+        continue;
       }
-
-      if (intro != NULL && intro->time_expiring == -1)
-        ++n_intro_points_unexpired;
-
-      if (node)
-        smartlist_add(intro_nodes, (void*)node);
+      intro->circuit_retries++;
     } SMARTLIST_FOREACH_END(intro);
 
-    if (!intro_point_set_changed &&
-        (n_intro_points_unexpired >= service->n_intro_points_wanted)) {
+    /* Avoid mismatched signed comparaison below. */
+    intro_nodes_len = (unsigned int) smartlist_len(service->intro_nodes);
+
+    /* Quiescent state, no node expiring and we have more or the amount of
+     * wanted node for this service. Proceed to the next service. Could be
+     * more because we launch two preemptive circuits if our intro nodes
+     * list is empty. */
+    if (smartlist_len(service->expiring_nodes) == 0 &&
+        intro_nodes_len >= service->n_intro_points_wanted) {
       continue;
     }
 
-    /* Remember how many introduction circuits we started with.
-     *
-     * prev_intro_nodes serves a different purpose than
-     * n_intro_points_unexpired -- this variable tells us where our
-     * previously-created intro points end and our new ones begin in
-     * the intro-point list, so we don't have to launch the circuits
-     * at the same time as we create the intro points they correspond
-     * to.  XXXX This is daft. */
-    prev_intro_nodes = smartlist_len(service->intro_nodes);
-
-    /* We have enough directory information to start establishing our
-     * intro points. We want to end up with n_intro_points_wanted
-     * intro points, but if we're just starting, we launch two extra
-     * circuits and use the first n_intro_points_wanted that complete.
-     *
-     * The ones after the first three will be converted to 'general'
-     * internal circuits in rend_service_intro_has_opened(), and then
-     * we'll drop them from the list of intro points next time we
-     * go through the above "find out which introduction points we have
-     * in progress" loop. */
-    n_intro_points_to_open = (service->n_intro_points_wanted +
-                              (prev_intro_nodes == 0 ? 2 : 0));
-    for (j = (int)n_intro_points_unexpired;
-         j < (int)n_intro_points_to_open;
-         ++j) { /* XXXX remove casts */
+    /* Number of intro points we want to open which is the wanted amount
+     * minus the current amount of valid nodes. */
+    n_intro_points_to_open = service->n_intro_points_wanted - intro_nodes_len;
+    if (intro_nodes_len == 0) {
+      /* We want to end up with n_intro_points_wanted intro points, but if
+       * we have no intro points at all (chances are they all cycled or we
+       * are starting up), we launch NUM_INTRO_POINTS_EXTRA extra circuits
+       * and use the first n_intro_points_wanted that complete. See proposal
+       * #155, section 4 for the rationale of this which is purely for
+       * performance.
+       *
+       * The ones after the first n_intro_points_to_open will be converted
+       * to 'general' internal circuits in rend_service_intro_has_opened(),
+       * and then we'll drop them from the list of intro points. */
+      n_intro_points_to_open += NUM_INTRO_POINTS_EXTRA;
+    }
+
+    for (i = 0; i < (int) n_intro_points_to_open; i++) {
+      const node_t *node;
+      rend_intro_point_t *intro;
       router_crn_flags_t flags = CRN_NEED_UPTIME|CRN_NEED_DESC;
       if (get_options()->AllowInvalid_ & ALLOW_INVALID_INTRODUCTION)
         flags |= CRN_ALLOW_INVALID;
-      node = router_choose_random_node(intro_nodes,
+      node = router_choose_random_node(exclude_nodes,
                                        options->ExcludeNodes, flags);
       if (!node) {
         log_warn(LD_REND,
-                 "Could only establish %d introduction points for %s; "
+                 "We only have %d introduction points established for %s; "
                  "wanted %u.",
-                 smartlist_len(service->intro_nodes), service->service_id,
+                 smartlist_len(service->intro_nodes),
+                 safe_str_client(service->service_id),
                  n_intro_points_to_open);
         break;
       }
-      intro_point_set_changed = 1;
-      smartlist_add(intro_nodes, (void*)node);
+      /* Add the choosen node to the exclusion list in order to avoid to
+       * pick it again in the next iteration. */
+      smartlist_add(exclude_nodes, (void*)node);
       intro = tor_malloc_zero(sizeof(rend_intro_point_t));
       intro->extend_info = extend_info_from_node(node, 0);
       intro->intro_key = crypto_pk_new();
-      tor_assert(!crypto_pk_generate_key(intro->intro_key));
+      const int fail = crypto_pk_generate_key(intro->intro_key);
+      tor_assert(!fail);
       intro->time_published = -1;
       intro->time_to_expire = -1;
-      intro->time_expiring = -1;
+      intro->max_introductions =
+        crypto_rand_int_range(INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS,
+                              INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS);
       smartlist_add(service->intro_nodes, intro);
       log_info(LD_REND, "Picked router %s as an intro point for %s.",
                safe_str_client(node_describe(node)),
                safe_str_client(service->service_id));
-    }
-
-    /* If there's no need to launch new circuits, stop here. */
-    if (!intro_point_set_changed)
-      continue;
-
-    /* Establish new introduction points. */
-    for (j=prev_intro_nodes; j < smartlist_len(service->intro_nodes); ++j) {
-      intro = smartlist_get(service->intro_nodes, j);
+      /* Establish new introduction circuit to our chosen intro point. */
       r = rend_service_launch_establish_intro(service, intro);
-      if (r<0) {
+      if (r < 0) {
         log_warn(LD_REND, "Error launching circuit to node %s for service %s.",
                  safe_str_client(extend_info_describe(intro->extend_info)),
                  safe_str_client(service->service_id));
+        /* This funcion will be called again by the main loop so this intro
+         * point without a intro circuit will be retried on or removed after
+         * a maximum number of attempts. */
       }
     }
-  }
-  smartlist_free(intro_nodes);
+  } SMARTLIST_FOREACH_END(service);
+  smartlist_free(exclude_nodes);
+  smartlist_free(retry_nodes);
 }
 
+#define MIN_REND_INITIAL_POST_DELAY (30)
+#define MIN_REND_INITIAL_POST_DELAY_TESTING (5)
+
 /** Regenerate and upload rendezvous service descriptors for all
  * services, if necessary. If the descriptor has been dirty enough
  * for long enough, definitely upload; else only upload when the
@@ -3250,24 +3651,29 @@ rend_consider_services_upload(time_t now)
   int i;
   rend_service_t *service;
   int rendpostperiod = get_options()->RendPostPeriod;
-
-  if (!get_options()->PublishHidServDescriptors)
-    return;
+  int rendinitialpostdelay = (get_options()->TestingTorNetwork ?
+                              MIN_REND_INITIAL_POST_DELAY_TESTING :
+                              MIN_REND_INITIAL_POST_DELAY);
 
   for (i=0; i < smartlist_len(rend_service_list); ++i) {
     service = smartlist_get(rend_service_list, i);
     if (!service->next_upload_time) { /* never been uploaded yet */
-      /* The fixed lower bound of 30 seconds ensures that the descriptor
-       * is stable before being published. See comment below. */
+      /* The fixed lower bound of rendinitialpostdelay seconds ensures that
+       * the descriptor is stable before being published. See comment below. */
       service->next_upload_time =
-        now + 30 + crypto_rand_int(2*rendpostperiod);
+        now + rendinitialpostdelay + crypto_rand_int(2*rendpostperiod);
     }
-    if (service->next_upload_time < now ||
+    /* Does every introduction points have been established? */
+    unsigned int intro_points_ready =
+      count_established_intro_points(service) >=
+        service->n_intro_points_wanted;
+    if (intro_points_ready &&
+        (service->next_upload_time < now ||
         (service->desc_is_dirty &&
-         service->desc_is_dirty < now-30)) {
+         service->desc_is_dirty < now-rendinitialpostdelay))) {
       /* if it's time, or if the directory servers have a wrong service
-       * descriptor and ours has been stable for 30 seconds, upload a
-       * new one of each format. */
+       * descriptor and ours has been stable for rendinitialpostdelay seconds,
+       * upload a new one of each format. */
       rend_service_update_descriptor(service);
       upload_service_descriptor(service);
     }
@@ -3346,9 +3752,64 @@ rend_service_dump_stats(int severity)
   }
 }
 
+#ifdef HAVE_SYS_UN_H
+
+/** Given <b>ports</b>, a smarlist containing rend_service_port_config_t,
+ * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
+ * else return -ENOSYS if AF_UNIX is not supported (see function in the
+ * #else statement below). */
+static int
+add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
+{
+  tor_assert(ports);
+  tor_assert(p);
+  tor_assert(p->is_unix_addr);
+
+  smartlist_add(ports, p);
+  return 0;
+}
+
+/** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
+ * on success else return -ENOSYS if AF_UNIX is not supported (see function
+ * in the #else statement below). */
+static int
+set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
+{
+  tor_assert(conn);
+  tor_assert(p);
+  tor_assert(p->is_unix_addr);
+
+  conn->base_.socket_family = AF_UNIX;
+  tor_addr_make_unspec(&conn->base_.addr);
+  conn->base_.port = 1;
+  conn->base_.address = tor_strdup(p->unix_addr);
+  return 0;
+}
+
+#else /* defined(HAVE_SYS_UN_H) */
+
+static int
+set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
+{
+  (void) conn;
+  (void) p;
+  return -ENOSYS;
+}
+
+static int
+add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
+{
+  (void) ports;
+  (void) p;
+  return -ENOSYS;
+}
+
+#endif /* HAVE_SYS_UN_H */
+
 /** Given <b>conn</b>, a rendezvous exit stream, look up the hidden service for
  * 'circ', and look up the port and address based on conn-\>port.
- * Assign the actual conn-\>addr and conn-\>port. Return -1 if failure,
+ * Assign the actual conn-\>addr and conn-\>port. Return -2 on failure
+ * for which the circuit should be closed, -1 on other failure,
  * or 0 for success.
  */
 int
@@ -3359,6 +3820,7 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
   char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
   smartlist_t *matching_ports;
   rend_service_port_config_t *chosen_port;
+  unsigned int warn_once = 0;
 
   tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_S_REND_JOINED);
   tor_assert(circ->rend_data);
@@ -3371,24 +3833,72 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
     log_warn(LD_REND, "Couldn't find any service associated with pk %s on "
              "rendezvous circuit %u; closing.",
              serviceid, (unsigned)circ->base_.n_circ_id);
-    return -1;
+    return -2;
+  }
+  if (service->max_streams_per_circuit > 0) {
+    /* Enforce the streams-per-circuit limit, and refuse to provide a
+     * mapping if this circuit will exceed the limit. */
+#define MAX_STREAM_WARN_INTERVAL 600
+    static struct ratelim_t stream_ratelim =
+        RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
+    if (circ->rend_data->nr_streams >= service->max_streams_per_circuit) {
+      log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND,
+                     "Maximum streams per circuit limit reached on rendezvous "
+                     "circuit %u; %s.  Circuit has %d out of %d streams.",
+                     (unsigned)circ->base_.n_circ_id,
+                     service->max_streams_close_circuit ?
+                       "closing circuit" :
+                       "ignoring open stream request",
+                     circ->rend_data->nr_streams,
+                     service->max_streams_per_circuit);
+      return service->max_streams_close_circuit ? -2 : -1;
+    }
   }
   matching_ports = smartlist_new();
   SMARTLIST_FOREACH(service->ports, rend_service_port_config_t *, p,
   {
-    if (conn->base_.port == p->virtual_port) {
+    if (conn->base_.port != p->virtual_port) {
+      continue;
+    }
+    if (!(p->is_unix_addr)) {
       smartlist_add(matching_ports, p);
+    } else {
+      if (add_unix_port(matching_ports, p)) {
+        if (!warn_once) {
+         /* Unix port not supported so warn only once. */
+          log_warn(LD_REND,
+              "Saw AF_UNIX virtual port mapping for port %d on service "
+              "%s, which is unsupported on this platform. Ignoring it.",
+              conn->base_.port, serviceid);
+        }
+        warn_once++;
+      }
     }
   });
   chosen_port = smartlist_choose(matching_ports);
   smartlist_free(matching_ports);
   if (chosen_port) {
-    tor_addr_copy(&conn->base_.addr, &chosen_port->real_addr);
-    conn->base_.port = chosen_port->real_port;
+    if (!(chosen_port->is_unix_addr)) {
+      /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
+      tor_addr_copy(&conn->base_.addr, &chosen_port->real_addr);
+      conn->base_.port = chosen_port->real_port;
+    } else {
+      if (set_unix_port(conn, chosen_port)) {
+        /* Simply impossible to end up here else we were able to add a Unix
+         * port without AF_UNIX support... ? */
+        tor_assert(0);
+      }
+    }
     return 0;
   }
-  log_info(LD_REND, "No virtual port mapping exists for port %d on service %s",
-           conn->base_.port,serviceid);
-  return -1;
+
+  log_info(LD_REND,
+           "No virtual port mapping exists for port %d on service %s",
+           conn->base_.port, serviceid);
+
+  if (service->allow_unknown_ports)
+    return -1;
+  else
+    return -2;
 }
 
diff --git a/src/or/rendservice.h b/src/or/rendservice.h
index 40198b07ec..101b37e18d 100644
--- a/src/or/rendservice.h
+++ b/src/or/rendservice.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -15,6 +15,7 @@
 #include "or.h"
 
 typedef struct rend_intro_cell_s rend_intro_cell_t;
+typedef struct rend_service_port_config_s rend_service_port_config_t;
 
 #ifdef RENDSERVICE_PRIVATE
 
@@ -38,13 +39,9 @@ struct rend_intro_cell_s {
   /* Version-specific parts */
   union {
     struct {
-      /* Rendezvous point nickname */
-      uint8_t rp[20];
-    } v0;
-    struct {
       /* Rendezvous point nickname or hex-encoded key digest */
       uint8_t rp[42];
-    } v1;
+    } v0_v1;
     struct {
       /* The extend_info_t struct has everything v2 uses */
       extend_info_t *extend_info;
@@ -73,7 +70,7 @@ int rend_config_services(const or_options_t *options, int validate_only);
 int rend_service_load_all_keys(void);
 void rend_services_add_filenames_to_lists(smartlist_t *open_lst,
                                           smartlist_t *stat_lst);
-void rend_services_introduce(void);
+void rend_consider_services_intro_points(void);
 void rend_consider_services_upload(time_t now);
 void rend_hsdir_routers_changed(void);
 void rend_consider_descriptor_republication(void);
@@ -83,8 +80,9 @@ int rend_service_intro_established(origin_circuit_t *circuit,
                                    const uint8_t *request,
                                    size_t request_len);
 void rend_service_rendezvous_has_opened(origin_circuit_t *circuit);
-int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
-                           size_t request_len);
+int rend_service_receive_introduction(origin_circuit_t *circuit,
+                                      const uint8_t *request,
+                                      size_t request_len);
 int rend_service_decrypt_intro(rend_intro_cell_t *request,
                                crypto_pk_t *key,
                                char **err_msg_out);
@@ -95,8 +93,6 @@ rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request,
                                                    char **err_msg_out);
 int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro,
                                        char **err_msg_out);
-int rend_service_validate_intro_early(const rend_intro_cell_t *intro,
-                                      char **err_msg_out);
 int rend_service_validate_intro_late(const rend_intro_cell_t *intro,
                                      char **err_msg_out);
 void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc);
@@ -105,5 +101,30 @@ int rend_service_set_connection_addr_port(edge_connection_t *conn,
 void rend_service_dump_stats(int severity);
 void rend_service_free_all(void);
 
+rend_service_port_config_t *rend_service_parse_port_config(const char *string,
+                                                           const char *sep,
+                                                           char **err_msg_out);
+void rend_service_port_config_free(rend_service_port_config_t *p);
+
+/** Return value from rend_service_add_ephemeral. */
+typedef enum {
+  RSAE_BADVIRTPORT = -4, /**< Invalid VIRTPORT/TARGET(s) */
+  RSAE_ADDREXISTS = -3, /**< Onion address collision */
+  RSAE_BADPRIVKEY = -2, /**< Invalid public key */
+  RSAE_INTERNAL = -1, /**< Internal error */
+  RSAE_OKAY = 0 /**< Service added as expected */
+} rend_service_add_ephemeral_status_t;
+rend_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk,
+                               smartlist_t *ports,
+                               int max_streams_per_circuit,
+                               int max_streams_close_circuit,
+                               char **service_id_out);
+int rend_service_del_ephemeral(const char *service_id);
+
+void directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
+                              smartlist_t *descs, smartlist_t *hs_dirs,
+                              const char *service_id, int seconds_valid);
+void rend_service_desc_has_uploaded(const rend_data_t *rend_data);
+
 #endif
 
diff --git a/src/or/rephist.c b/src/or/rephist.c
index cedc56af07..04ed7aef0f 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -148,7 +148,7 @@ get_link_history(const char *from_id, const char *to_id)
     return NULL;
   if (tor_digest_is_zero(to_id))
     return NULL;
-  lhist = (link_history_t*) digestmap_get(orhist->link_history_map, to_id);
+  lhist = digestmap_get(orhist->link_history_map, to_id);
   if (!lhist) {
     lhist = tor_malloc_zero(sizeof(link_history_t));
     rephist_total_alloc += sizeof(link_history_t);
@@ -920,7 +920,7 @@ parse_possibly_bad_iso_time(const char *s, time_t *time_out)
  * that's about as much before <b>now</b> as <b>t</b> was before
  * <b>stored_at</b>.
  */
-static INLINE time_t
+static inline time_t
 correct_time(time_t t, time_t now, time_t stored_at, time_t started_measuring)
 {
   if (t < started_measuring - 24*60*60*365)
@@ -1190,7 +1190,7 @@ commit_max(bw_array_t *b)
 }
 
 /** Shift the current observation time of <b>b</b> forward by one second. */
-static INLINE void
+static inline void
 advance_obs(bw_array_t *b)
 {
   int nextidx;
@@ -1216,7 +1216,7 @@ advance_obs(bw_array_t *b)
 
 /** Add <b>n</b> bytes to the number of bytes in <b>b</b> for second
  * <b>when</b>. */
-static INLINE void
+static inline void
 add_obs(bw_array_t *b, time_t when, uint64_t n)
 {
   if (when < b->cur_obs_time)
@@ -1250,6 +1250,18 @@ bw_array_new(void)
   return b;
 }
 
+/** Free storage held by bandwidth array <b>b</b>. */
+static void
+bw_array_free(bw_array_t *b)
+{
+  if (!b) {
+    return;
+  }
+
+  rephist_total_alloc -= sizeof(bw_array_t);
+  tor_free(b);
+}
+
 /** Recent history of bandwidth observations for read operations. */
 static bw_array_t *read_array = NULL;
 /** Recent history of bandwidth observations for write operations. */
@@ -1266,10 +1278,11 @@ static bw_array_t *dir_write_array = NULL;
 static void
 bw_arrays_init(void)
 {
-  tor_free(read_array);
-  tor_free(write_array);
-  tor_free(dir_read_array);
-  tor_free(dir_write_array);
+  bw_array_free(read_array);
+  bw_array_free(write_array);
+  bw_array_free(dir_read_array);
+  bw_array_free(dir_write_array);
+
   read_array = bw_array_new();
   write_array = bw_array_new();
   dir_read_array = bw_array_new();
@@ -1780,6 +1793,7 @@ rep_hist_remove_predicted_ports(const smartlist_t *rmv_ports)
   SMARTLIST_FOREACH_BEGIN(predicted_ports_list, predicted_port_t *, pp) {
     if (bitarray_is_set(remove_ports, pp->port)) {
       tor_free(pp);
+      rephist_total_alloc -= sizeof(*pp);
       SMARTLIST_DEL_CURRENT(predicted_ports_list, pp);
     }
   } SMARTLIST_FOREACH_END(pp);
@@ -1853,14 +1867,17 @@ any_predicted_circuits(time_t now)
 int
 rep_hist_circbuilding_dormant(time_t now)
 {
+  const or_options_t *options = get_options();
+
   if (any_predicted_circuits(now))
     return 0;
 
   /* see if we'll still need to build testing circuits */
-  if (server_mode(get_options()) &&
-      (!check_whether_orport_reachable() || !circuit_enough_testing_circs()))
+  if (server_mode(options) &&
+      (!check_whether_orport_reachable(options) ||
+       !circuit_enough_testing_circs()))
     return 0;
-  if (!check_whether_dirport_reachable())
+  if (!check_whether_dirport_reachable(options))
     return 0;
 
   return 1;
@@ -1996,12 +2013,9 @@ void
 rep_hist_exit_stats_init(time_t now)
 {
   start_of_exit_stats_interval = now;
-  exit_bytes_read = tor_malloc_zero(EXIT_STATS_NUM_PORTS *
-                                    sizeof(uint64_t));
-  exit_bytes_written = tor_malloc_zero(EXIT_STATS_NUM_PORTS *
-                                       sizeof(uint64_t));
-  exit_streams = tor_malloc_zero(EXIT_STATS_NUM_PORTS *
-                                 sizeof(uint32_t));
+  exit_bytes_read = tor_calloc(EXIT_STATS_NUM_PORTS, sizeof(uint64_t));
+  exit_bytes_written = tor_calloc(EXIT_STATS_NUM_PORTS, sizeof(uint64_t));
+  exit_streams = tor_calloc(EXIT_STATS_NUM_PORTS, sizeof(uint32_t));
 }
 
 /** Reset counters for exit port statistics. */
@@ -2472,7 +2486,6 @@ rep_hist_format_buffer_stats(time_t now)
 time_t
 rep_hist_buffer_stats_write(time_t now)
 {
-  circuit_t *circ;
   char *str = NULL;
 
   if (!start_of_buffer_stats_interval)
@@ -2481,9 +2494,10 @@ rep_hist_buffer_stats_write(time_t now)
     goto done; /* Not ready to write */
 
   /* Add open circuits to the history. */
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head) {
+  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
     rep_hist_buffer_stats_add_circ(circ, now);
   }
+  SMARTLIST_FOREACH_END(circ);
 
   /* Generate history string. */
   str = rep_hist_format_buffer_stats(now);
@@ -2570,7 +2584,7 @@ rep_hist_format_desc_stats(time_t now)
 
   size = digestmap_size(served_descs);
   if (size > 0) {
-    vals = tor_malloc(size * sizeof(int));
+    vals = tor_calloc(size, sizeof(int));
     for (iter = digestmap_iter_init(served_descs);
          !digestmap_iter_done(iter);
          iter = digestmap_iter_next(served_descs, iter)) {
@@ -2725,8 +2739,8 @@ bidi_map_ent_hash(const bidi_map_entry_t *entry)
 
 HT_PROTOTYPE(bidimap, bidi_map_entry_t, node, bidi_map_ent_hash,
              bidi_map_ent_eq);
-HT_GENERATE(bidimap, bidi_map_entry_t, node, bidi_map_ent_hash,
-            bidi_map_ent_eq, 0.6, malloc, realloc, free);
+HT_GENERATE2(bidimap, bidi_map_entry_t, node, bidi_map_ent_hash,
+             bidi_map_ent_eq, 0.6, tor_reallocarray_, tor_free_)
 
 /* DOCDOC bidi_map_free */
 static void
@@ -2909,16 +2923,285 @@ rep_hist_log_circuit_handshake_stats(time_t now)
   memset(onion_handshakes_requested, 0, sizeof(onion_handshakes_requested));
 }
 
+/* Hidden service statistics section */
+
+/** Start of the current hidden service stats interval or 0 if we're
+ * not collecting hidden service statistics. */
+static time_t start_of_hs_stats_interval;
+
+/** Carries the various hidden service statistics, and any other
+ *  information needed. */
+typedef struct hs_stats_t {
+  /** How many relay cells have we seen as rendezvous points? */
+  int64_t rp_relay_cells_seen;
+
+  /** Set of unique public key digests we've seen this stat period
+   * (could also be implemented as sorted smartlist). */
+  digestmap_t *onions_seen_this_period;
+} hs_stats_t;
+
+/** Our statistics structure singleton. */
+static hs_stats_t *hs_stats = NULL;
+
+/** Allocate, initialize and return an hs_stats_t structure. */
+static hs_stats_t *
+hs_stats_new(void)
+{
+  hs_stats_t * hs_stats = tor_malloc_zero(sizeof(hs_stats_t));
+  hs_stats->onions_seen_this_period = digestmap_new();
+
+  return hs_stats;
+}
+
+/** Free an hs_stats_t structure. */
+static void
+hs_stats_free(hs_stats_t *hs_stats)
+{
+  if (!hs_stats) {
+    return;
+  }
+
+  digestmap_free(hs_stats->onions_seen_this_period, NULL);
+  tor_free(hs_stats);
+}
+
+/** Initialize hidden service statistics. */
+void
+rep_hist_hs_stats_init(time_t now)
+{
+  if (!hs_stats) {
+    hs_stats = hs_stats_new();
+  }
+
+  start_of_hs_stats_interval = now;
+}
+
+/** Clear history of hidden service statistics and set the measurement
+ * interval start to <b>now</b>. */
+static void
+rep_hist_reset_hs_stats(time_t now)
+{
+  if (!hs_stats) {
+    hs_stats = hs_stats_new();
+  }
+
+  hs_stats->rp_relay_cells_seen = 0;
+
+  digestmap_free(hs_stats->onions_seen_this_period, NULL);
+  hs_stats->onions_seen_this_period = digestmap_new();
+
+  start_of_hs_stats_interval = now;
+}
+
+/** Stop collecting hidden service stats in a way that we can re-start
+ * doing so in rep_hist_buffer_stats_init(). */
+void
+rep_hist_hs_stats_term(void)
+{
+  rep_hist_reset_hs_stats(0);
+}
+
+/** We saw a new HS relay cell, Count it! */
+void
+rep_hist_seen_new_rp_cell(void)
+{
+  if (!hs_stats) {
+    return; // We're not collecting stats
+  }
+
+  hs_stats->rp_relay_cells_seen++;
+}
+
+/** As HSDirs, we saw another hidden service with public key
+ *  <b>pubkey</b>. Check whether we have counted it before, if not
+ *  count it now! */
+void
+rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey)
+{
+  char pubkey_hash[DIGEST_LEN];
+
+  if (!hs_stats) {
+    return; // We're not collecting stats
+  }
+
+  /* Get the digest of the pubkey which will be used to detect whether
+     we've seen this hidden service before or not.  */
+  if (crypto_pk_get_digest(pubkey, pubkey_hash) < 0) {
+    /*  This fail should not happen; key has been validated by
+        descriptor parsing code first. */
+    return;
+  }
+
+  /* Check if this is the first time we've seen this hidden
+     service. If it is, count it as new. */
+  if (!digestmap_get(hs_stats->onions_seen_this_period,
+                     pubkey_hash)) {
+    digestmap_set(hs_stats->onions_seen_this_period,
+                  pubkey_hash, (void*)(uintptr_t)1);
+  }
+}
+
+/* The number of cells that are supposed to be hidden from the adversary
+ * by adding noise from the Laplace distribution.  This value, divided by
+ * EPSILON, is Laplace parameter b. It must be greather than 0. */
+#define REND_CELLS_DELTA_F 2048
+/* Security parameter for obfuscating number of cells with a value between
+ * ]0.0, 1.0]. Smaller values obfuscate observations more, but at the same
+ * time make statistics less usable. */
+#define REND_CELLS_EPSILON 0.3
+/* The number of cells that are supposed to be hidden from the adversary
+ * by rounding up to the next multiple of this number. */
+#define REND_CELLS_BIN_SIZE 1024
+/* The number of service identities that are supposed to be hidden from the
+ * adversary by adding noise from the Laplace distribution. This value,
+ * divided by EPSILON, is Laplace parameter b. It must be greater than 0. */
+#define ONIONS_SEEN_DELTA_F 8
+/* Security parameter for obfuscating number of service identities with a
+ * value between ]0.0, 1.0]. Smaller values obfuscate observations more, but
+ * at the same time make statistics less usable. */
+#define ONIONS_SEEN_EPSILON 0.3
+/* The number of service identities that are supposed to be hidden from
+ * the adversary by rounding up to the next multiple of this number. */
+#define ONIONS_SEEN_BIN_SIZE 8
+
+/** Allocate and return a string containing hidden service stats that
+ *  are meant to be placed in the extra-info descriptor. */
+static char *
+rep_hist_format_hs_stats(time_t now)
+{
+  char t[ISO_TIME_LEN+1];
+  char *hs_stats_string;
+  int64_t obfuscated_cells_seen;
+  int64_t obfuscated_onions_seen;
+
+  obfuscated_cells_seen = round_int64_to_next_multiple_of(
+                          hs_stats->rp_relay_cells_seen,
+                          REND_CELLS_BIN_SIZE);
+  obfuscated_cells_seen = add_laplace_noise(obfuscated_cells_seen,
+                          crypto_rand_double(),
+                          REND_CELLS_DELTA_F, REND_CELLS_EPSILON);
+  obfuscated_onions_seen = round_int64_to_next_multiple_of(digestmap_size(
+                           hs_stats->onions_seen_this_period),
+                           ONIONS_SEEN_BIN_SIZE);
+  obfuscated_onions_seen = add_laplace_noise(obfuscated_onions_seen,
+                           crypto_rand_double(), ONIONS_SEEN_DELTA_F,
+                           ONIONS_SEEN_EPSILON);
+
+  format_iso_time(t, now);
+  tor_asprintf(&hs_stats_string, "hidserv-stats-end %s (%d s)\n"
+               "hidserv-rend-relayed-cells "I64_FORMAT" delta_f=%d "
+                                           "epsilon=%.2f bin_size=%d\n"
+               "hidserv-dir-onions-seen "I64_FORMAT" delta_f=%d "
+                                        "epsilon=%.2f bin_size=%d\n",
+               t, (unsigned) (now - start_of_hs_stats_interval),
+               I64_PRINTF_ARG(obfuscated_cells_seen), REND_CELLS_DELTA_F,
+               REND_CELLS_EPSILON, REND_CELLS_BIN_SIZE,
+               I64_PRINTF_ARG(obfuscated_onions_seen),
+               ONIONS_SEEN_DELTA_F,
+               ONIONS_SEEN_EPSILON, ONIONS_SEEN_BIN_SIZE);
+
+  return hs_stats_string;
+}
+
+/** If 24 hours have passed since the beginning of the current HS
+ * stats period, write buffer stats to $DATADIR/stats/hidserv-stats
+ * (possibly overwriting an existing file) and reset counters.  Return
+ * when we would next want to write buffer stats or 0 if we never want to
+ * write. */
+time_t
+rep_hist_hs_stats_write(time_t now)
+{
+  char *str = NULL;
+
+  if (!start_of_hs_stats_interval) {
+    return 0; /* Not initialized. */
+  }
+
+  if (start_of_hs_stats_interval + WRITE_STATS_INTERVAL > now) {
+    goto done; /* Not ready to write */
+  }
+
+  /* Generate history string. */
+  str = rep_hist_format_hs_stats(now);
+
+  /* Reset HS history. */
+  rep_hist_reset_hs_stats(now);
+
+  /* Try to write to disk. */
+  if (!check_or_create_data_subdir("stats")) {
+    write_to_data_subdir("stats", "hidserv-stats", str,
+                         "hidden service stats");
+  }
+
+ done:
+  tor_free(str);
+  return start_of_hs_stats_interval + WRITE_STATS_INTERVAL;
+}
+
+#define MAX_LINK_PROTO_TO_LOG 4
+static uint64_t link_proto_count[MAX_LINK_PROTO_TO_LOG+1][2];
+
+/** Note that we negotiated link protocol version <b>link_proto</b>, on
+ * a connection that started here iff <b>started_here</b> is true.
+ */
+void
+rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here)
+{
+  started_here = !!started_here; /* force to 0 or 1 */
+  if (link_proto > MAX_LINK_PROTO_TO_LOG) {
+    log_warn(LD_BUG, "Can't log link protocol %u", link_proto);
+    return;
+  }
+
+  link_proto_count[link_proto][started_here]++;
+}
+
+/** Log a heartbeat message explaining how many connections of each link
+ * protocol version we have used.
+ */
+void
+rep_hist_log_link_protocol_counts(void)
+{
+  log_notice(LD_HEARTBEAT,
+             "Since startup, we have initiated "
+             U64_FORMAT" v1 connections, "
+             U64_FORMAT" v2 connections, "
+             U64_FORMAT" v3 connections, and "
+             U64_FORMAT" v4 connections; and received "
+             U64_FORMAT" v1 connections, "
+             U64_FORMAT" v2 connections, "
+             U64_FORMAT" v3 connections, and "
+             U64_FORMAT" v4 connections.",
+             U64_PRINTF_ARG(link_proto_count[1][1]),
+             U64_PRINTF_ARG(link_proto_count[2][1]),
+             U64_PRINTF_ARG(link_proto_count[3][1]),
+             U64_PRINTF_ARG(link_proto_count[4][1]),
+             U64_PRINTF_ARG(link_proto_count[1][0]),
+             U64_PRINTF_ARG(link_proto_count[2][0]),
+             U64_PRINTF_ARG(link_proto_count[3][0]),
+             U64_PRINTF_ARG(link_proto_count[4][0]));
+}
+
 /** Free all storage held by the OR/link history caches, by the
  * bandwidth history arrays, by the port history, or by statistics . */
 void
 rep_hist_free_all(void)
 {
+  hs_stats_free(hs_stats);
   digestmap_free(history_map, free_or_history);
-  tor_free(read_array);
-  tor_free(write_array);
-  tor_free(dir_read_array);
-  tor_free(dir_write_array);
+
+  bw_array_free(read_array);
+  read_array = NULL;
+
+  bw_array_free(write_array);
+  write_array = NULL;
+
+  bw_array_free(dir_read_array);
+  dir_read_array = NULL;
+
+  bw_array_free(dir_write_array);
+  dir_write_array = NULL;
+
   tor_free(exit_bytes_read);
   tor_free(exit_bytes_written);
   tor_free(exit_streams);
@@ -2933,5 +3216,8 @@ rep_hist_free_all(void)
   }
   rep_hist_desc_stats_term();
   total_descriptor_downloads = 0;
+
+  tor_assert(rephist_total_alloc == 0);
+  tor_assert(rephist_total_num == 0);
 }
 
diff --git a/src/or/rephist.h b/src/or/rephist.h
index cd6231e6e4..145da97d02 100644
--- a/src/or/rephist.h
+++ b/src/or/rephist.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -99,7 +99,18 @@ void rep_hist_note_circuit_handshake_requested(uint16_t type);
 void rep_hist_note_circuit_handshake_assigned(uint16_t type);
 void rep_hist_log_circuit_handshake_stats(time_t now);
 
+void rep_hist_hs_stats_init(time_t now);
+void rep_hist_hs_stats_term(void);
+time_t rep_hist_hs_stats_write(time_t now);
+char *rep_hist_get_hs_stats_string(void);
+void rep_hist_seen_new_rp_cell(void);
+void rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey);
+
 void rep_hist_free_all(void);
 
+void rep_hist_note_negotiated_link_proto(unsigned link_proto,
+                                         int started_here);
+void rep_hist_log_link_protocol_counts(void);
+
 #endif
 
diff --git a/src/or/replaycache.c b/src/or/replaycache.c
index 90f87c12d5..23a1737b18 100644
--- a/src/or/replaycache.c
+++ b/src/or/replaycache.c
@@ -1,4 +1,4 @@
- /* Copyright (c) 2012-2013, The Tor Project, Inc. */
+ /* Copyright (c) 2012-2016, The Tor Project, Inc. */
  /* See LICENSE for licensing information */
 
 /*
@@ -23,7 +23,7 @@ replaycache_free(replaycache_t *r)
     return;
   }
 
-  if (r->digests_seen) digestmap_free(r->digests_seen, tor_free_);
+  if (r->digests_seen) digest256map_free(r->digests_seen, tor_free_);
 
   tor_free(r);
 }
@@ -54,7 +54,7 @@ replaycache_new(time_t horizon, time_t interval)
   r->scrub_interval = interval;
   r->scrubbed = 0;
   r->horizon = horizon;
-  r->digests_seen = digestmap_new();
+  r->digests_seen = digest256map_new();
 
  err:
   return r;
@@ -69,7 +69,7 @@ replaycache_add_and_test_internal(
     time_t *elapsed)
 {
   int rv = 0;
-  char digest[DIGEST_LEN];
+  uint8_t digest[DIGEST256_LEN];
   time_t *access_time;
 
   /* sanity check */
@@ -80,10 +80,10 @@ replaycache_add_and_test_internal(
   }
 
   /* compute digest */
-  crypto_digest(digest, (const char *)data, len);
+  crypto_digest256((char *)digest, (const char *)data, len, DIGEST_SHA256);
 
   /* check map */
-  access_time = digestmap_get(r->digests_seen, digest);
+  access_time = digest256map_get(r->digests_seen, digest);
 
   /* seen before? */
   if (access_time != NULL) {
@@ -114,7 +114,7 @@ replaycache_add_and_test_internal(
     /* No, so no hit and update the digest map with the current time */
     access_time = tor_malloc(sizeof(*access_time));
     *access_time = present;
-    digestmap_set(r->digests_seen, digest, access_time);
+    digest256map_set(r->digests_seen, digest, access_time);
   }
 
   /* now scrub the cache if it's time */
@@ -130,8 +130,8 @@ replaycache_add_and_test_internal(
 STATIC void
 replaycache_scrub_if_needed_internal(time_t present, replaycache_t *r)
 {
-  digestmap_iter_t *itr = NULL;
-  const char *digest;
+  digest256map_iter_t *itr = NULL;
+  const uint8_t *digest;
   void *valp;
   time_t *access_time;
 
@@ -149,19 +149,19 @@ replaycache_scrub_if_needed_internal(time_t present, replaycache_t *r)
   if (r->horizon == 0) return;
 
   /* okay, scrub time */
-  itr = digestmap_iter_init(r->digests_seen);
-  while (!digestmap_iter_done(itr)) {
-    digestmap_iter_get(itr, &digest, &valp);
+  itr = digest256map_iter_init(r->digests_seen);
+  while (!digest256map_iter_done(itr)) {
+    digest256map_iter_get(itr, &digest, &valp);
     access_time = (time_t *)valp;
     /* aged out yet? */
     if (*access_time < present - r->horizon) {
       /* Advance the iterator and remove this one */
-      itr = digestmap_iter_next_rmv(r->digests_seen, itr);
+      itr = digest256map_iter_next_rmv(r->digests_seen, itr);
       /* Free the value removed */
       tor_free(access_time);
     } else {
       /* Just advance the iterator */
-      itr = digestmap_iter_next(r->digests_seen, itr);
+      itr = digest256map_iter_next(r->digests_seen, itr);
     }
   }
 
diff --git a/src/or/replaycache.h b/src/or/replaycache.h
index cd713fe891..64a6caf5f5 100644
--- a/src/or/replaycache.h
+++ b/src/or/replaycache.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -26,7 +26,7 @@ struct replaycache_s {
   /*
    * Digest map: keys are digests, values are times the digest was last seen
    */
-  digestmap_t *digests_seen;
+  digest256map_t *digests_seen;
 };
 
 #endif /* REPLAYCACHE_PRIVATE */
diff --git a/src/or/router.c b/src/or/router.c
index 2cdbb0c8bb..01316c1bc2 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define ROUTER_PRIVATE
@@ -26,9 +26,11 @@
 #include "relay.h"
 #include "rephist.h"
 #include "router.h"
+#include "routerkeys.h"
 #include "routerlist.h"
 #include "routerparse.h"
 #include "statefile.h"
+#include "torcert.h"
 #include "transports.h"
 #include "routerset.h"
 
@@ -55,13 +57,11 @@ static crypto_pk_t *onionkey=NULL;
 /** Previous private onionskin decryption key: used to decode CREATE cells
  * generated by clients that have an older version of our descriptor. */
 static crypto_pk_t *lastonionkey=NULL;
-#ifdef CURVE25519_ENABLED
 /** Current private ntor secret key: used to perform the ntor handshake. */
 static curve25519_keypair_t curve25519_onion_key;
 /** Previous private ntor secret key: used to perform the ntor handshake
  * with clients that have an older version of our descriptor. */
 static curve25519_keypair_t last_curve25519_onion_key;
-#endif
 /** Private server "identity key": used to sign directory info and TLS
  * certificates. Never changes. */
 static crypto_pk_t *server_identitykey=NULL;
@@ -134,7 +134,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
   tor_mutex_release(key_lock);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return the current secret onion key for the ntor handshake. Must only
  * be called from the main thread. */
 static const curve25519_keypair_t *
@@ -181,7 +180,6 @@ ntor_key_map_free(di_digest256_map_t *map)
     return;
   dimap_free(map, ntor_key_map_free_helper);
 }
-#endif
 
 /** Return the time when the onion key was last set.  This is either the time
  * when the process launched, or the time of the most recent key rotation since
@@ -208,6 +206,8 @@ set_server_identity_key(crypto_pk_t *k)
 static void
 assert_identity_keys_ok(void)
 {
+  if (1)
+    return;
   tor_assert(client_identitykey);
   if (public_server_mode(get_options())) {
     /* assert that we have set the client and server keys to be equal */
@@ -269,8 +269,8 @@ client_identity_key_is_set(void)
 
 /** Return the key certificate for this v3 (voting) authority, or NULL
  * if we have no such certificate. */
-authority_cert_t *
-get_my_v3_authority_cert(void)
+MOCK_IMPL(authority_cert_t *,
+get_my_v3_authority_cert, (void))
 {
   return authority_key_certificate;
 }
@@ -313,12 +313,11 @@ rotate_onion_key(void)
   char *fname, *fname_prev;
   crypto_pk_t *prkey = NULL;
   or_state_t *state = get_or_state();
-#ifdef CURVE25519_ENABLED
   curve25519_keypair_t new_curve25519_keypair;
-#endif
   time_t now;
   fname = get_datadir_fname2("keys", "secret_onion_key");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
+  /* There isn't much point replacing an old key with an empty file */
   if (file_status(fname) == FN_FILE) {
     if (replace_file(fname, fname_prev))
       goto error;
@@ -335,13 +334,13 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
     goto error;
   }
-#ifdef CURVE25519_ENABLED
   tor_free(fname);
   tor_free(fname_prev);
   fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key_ntor.old");
   if (curve25519_keypair_generate(&new_curve25519_keypair, 1) < 0)
     goto error;
+  /* There isn't much point replacing an old key with an empty file */
   if (file_status(fname) == FN_FILE) {
     if (replace_file(fname, fname_prev))
       goto error;
@@ -351,18 +350,15 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
     goto error;
   }
-#endif
   log_info(LD_GENERAL, "Rotating onion key");
   tor_mutex_acquire(key_lock);
   crypto_pk_free(lastonionkey);
   lastonionkey = onionkey;
   onionkey = prkey;
-#ifdef CURVE25519_ENABLED
   memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
          sizeof(curve25519_keypair_t));
   memcpy(&curve25519_onion_key, &new_curve25519_keypair,
          sizeof(curve25519_keypair_t));
-#endif
   now = time(NULL);
   state->LastRotatedOnionKey = onionkey_set_at = now;
   tor_mutex_release(key_lock);
@@ -374,20 +370,40 @@ rotate_onion_key(void)
   if (prkey)
     crypto_pk_free(prkey);
  done:
-#ifdef CURVE25519_ENABLED
   memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
-#endif
   tor_free(fname);
   tor_free(fname_prev);
 }
 
+/** Log greeting message that points to new relay lifecycle document the
+ * first time this function has been called.
+ */
+static void
+log_new_relay_greeting(void)
+{
+  static int already_logged = 0;
+
+  if (already_logged)
+    return;
+
+  tor_log(LOG_NOTICE, LD_GENERAL, "You are running a new relay. "
+         "Thanks for helping the Tor network! If you wish to know "
+         "what will happen in the upcoming weeks regarding its usage, "
+         "have a look at https://blog.torproject.org/blog/lifecycle-of"
+         "-a-new-relay");
+
+  already_logged = 1;
+}
+
 /** Try to read an RSA key from <b>fname</b>.  If <b>fname</b> doesn't exist
  * and <b>generate</b> is true, create a new RSA key and save it in
  * <b>fname</b>.  Return the read/created key, or NULL on error.  Log all
- * errors at level <b>severity</b>.
+ * errors at level <b>severity</b>. If <b>log_greeting</b> is non-zero and a
+ * new key was created, log_new_relay_greeting() is called.
  */
 crypto_pk_t *
-init_key_from_file(const char *fname, int generate, int severity)
+init_key_from_file(const char *fname, int generate, int severity,
+                   int log_greeting)
 {
   crypto_pk_t *prkey = NULL;
 
@@ -401,7 +417,11 @@ init_key_from_file(const char *fname, int generate, int severity)
     case FN_ERROR:
       tor_log(severity, LD_FS,"Can't read key from \"%s\"", fname);
       goto error;
+    /* treat empty key files as if the file doesn't exist, and,
+     * if generate is set, replace the empty file in
+     * crypto_pk_write_private_key_to_filename() */
     case FN_NOENT:
+    case FN_EMPTY:
       if (generate) {
         if (!have_lockfile()) {
           if (try_locking(get_options(), 0)<0) {
@@ -425,6 +445,9 @@ init_key_from_file(const char *fname, int generate, int severity)
           goto error;
         }
         log_info(LD_GENERAL, "Generated key seems valid");
+        if (log_greeting) {
+            log_new_relay_greeting();
+        }
         if (crypto_pk_write_private_key_to_filename(prkey, fname)) {
           tor_log(severity, LD_FS,
               "Couldn't write generated key to \"%s\".", fname);
@@ -450,12 +473,11 @@ init_key_from_file(const char *fname, int generate, int severity)
   return NULL;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Load a curve25519 keypair from the file <b>fname</b>, writing it into
- * <b>keys_out</b>.  If the file isn't found and <b>generate</b> is true,
- * create a new keypair and write it into the file.  If there are errors, log
- * them at level <b>severity</b>. Generate files using <b>tag</b> in their
- * ASCII wrapper. */
+ * <b>keys_out</b>.  If the file isn't found, or is empty, and <b>generate</b>
+ * is true, create a new keypair and write it into the file.  If there are
+ * errors, log them at level <b>severity</b>. Generate files using <b>tag</b>
+ * in their ASCII wrapper. */
 static int
 init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
                                   const char *fname,
@@ -468,7 +490,10 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
     case FN_ERROR:
       tor_log(severity, LD_FS,"Can't read key from \"%s\"", fname);
       goto error;
+    /* treat empty key files as if the file doesn't exist, and, if generate
+     * is set, replace the empty file in curve25519_keypair_write_to_file() */
     case FN_NOENT:
+    case FN_EMPTY:
       if (generate) {
         if (!have_lockfile()) {
           if (try_locking(get_options(), 0)<0) {
@@ -488,7 +513,7 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
         if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) {
           tor_log(severity, LD_FS,
               "Couldn't write generated key to \"%s\".", fname);
-          memset(keys_out, 0, sizeof(*keys_out));
+          memwipe(keys_out, 0, sizeof(*keys_out));
           goto error;
         }
       } else {
@@ -519,7 +544,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
  error:
   return -1;
 }
-#endif
 
 /** Try to load the vote-signing private key and certificate for being a v3
  * directory authority, and make sure they match.  If <b>legacy</b>, load a
@@ -538,7 +562,7 @@ load_authority_keyset(int legacy, crypto_pk_t **key_out,
 
   fname = get_datadir_fname2("keys",
                  legacy ? "legacy_signing_key" : "authority_signing_key");
-  signing_key = init_key_from_file(fname, 0, LOG_INFO);
+  signing_key = init_key_from_file(fname, 0, LOG_INFO, 0);
   if (!signing_key) {
     log_warn(LD_DIR, "No version 3 directory key found in %s", fname);
     goto done;
@@ -663,7 +687,9 @@ router_initialize_tls_context(void)
   if (!lifetime) { /* we should guess a good ssl cert lifetime */
 
     /* choose between 5 and 365 days, and round to the day */
-    lifetime = 5*24*3600 + crypto_rand_int(361*24*3600);
+    unsigned int five_days = 5*24*3600;
+    unsigned int one_year = 365*24*3600;
+    lifetime = crypto_rand_int_range(five_days, one_year);
     lifetime -= lifetime % (24*3600);
 
     if (crypto_rand_int(2)) {
@@ -741,6 +767,46 @@ router_write_fingerprint(int hashed)
   return result;
 }
 
+static int
+init_keys_common(void)
+{
+  if (!key_lock)
+    key_lock = tor_mutex_new();
+
+  /* There are a couple of paths that put us here before we've asked
+   * openssl to initialize itself. */
+  if (crypto_global_init(get_options()->HardwareAccel,
+                         get_options()->AccelName,
+                         get_options()->AccelDir)) {
+    log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
+    return -1;
+  }
+
+  return 0;
+}
+
+int
+init_keys_client(void)
+{
+  crypto_pk_t *prkey;
+  if (init_keys_common() < 0)
+    return -1;
+
+  if (!(prkey = crypto_pk_new()))
+    return -1;
+  if (crypto_pk_generate_key(prkey)) {
+    crypto_pk_free(prkey);
+    return -1;
+  }
+  set_client_identity_key(prkey);
+  /* Create a TLS context. */
+  if (router_initialize_tls_context() < 0) {
+    log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
+    return -1;
+  }
+  return 0;
+}
+
 /** Initialize all OR private keys, and the TLS context, as necessary.
  * On OPs, this only initializes the tls context. Return 0 on success,
  * or -1 if Tor should die.
@@ -760,35 +826,13 @@ init_keys(void)
   int v3_digest_set = 0;
   authority_cert_t *cert = NULL;
 
-  if (!key_lock)
-    key_lock = tor_mutex_new();
-
-  /* There are a couple of paths that put us here before we've asked
-   * openssl to initialize itself. */
-  if (crypto_global_init(get_options()->HardwareAccel,
-                         get_options()->AccelName,
-                         get_options()->AccelDir)) {
-    log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
-    return -1;
-  }
-
   /* OP's don't need persistent keys; just make up an identity and
    * initialize the TLS context. */
   if (!server_mode(options)) {
-    if (!(prkey = crypto_pk_new()))
-      return -1;
-    if (crypto_pk_generate_key(prkey)) {
-      crypto_pk_free(prkey);
-      return -1;
-    }
-    set_client_identity_key(prkey);
-    /* Create a TLS context. */
-    if (router_initialize_tls_context() < 0) {
-      log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
-      return -1;
-    }
-    return 0;
+    return init_keys_client();
   }
+  if (init_keys_common() < 0)
+    return -1;
   /* Make sure DataDirectory exists, and is private. */
   if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
     return -1;
@@ -821,7 +865,7 @@ init_keys(void)
   /* 1b. Read identity key. Make it if none is found. */
   keydir = get_datadir_fname2("keys", "secret_id_key");
   log_info(LD_GENERAL,"Reading/making identity key \"%s\"...",keydir);
-  prkey = init_key_from_file(keydir, 1, LOG_ERR);
+  prkey = init_key_from_file(keydir, 1, LOG_ERR, 1);
   tor_free(keydir);
   if (!prkey) return -1;
   set_server_identity_key(prkey);
@@ -841,10 +885,14 @@ init_keys(void)
     set_client_identity_key(prkey);
   }
 
+  /* 1d. Load all ed25519 keys */
+  if (load_ed_keys(options,now) < 0)
+    return -1;
+
   /* 2. Read onion key.  Make it if none is found. */
   keydir = get_datadir_fname2("keys", "secret_onion_key");
   log_info(LD_GENERAL,"Reading/making onion key \"%s\"...",keydir);
-  prkey = init_key_from_file(keydir, 1, LOG_ERR);
+  prkey = init_key_from_file(keydir, 1, LOG_ERR, 1);
   tor_free(keydir);
   if (!prkey) return -1;
   set_onion_key(prkey);
@@ -869,13 +917,14 @@ init_keys(void)
 
   keydir = get_datadir_fname2("keys", "secret_onion_key.old");
   if (!lastonionkey && file_status(keydir) == FN_FILE) {
-    prkey = init_key_from_file(keydir, 1, LOG_ERR); /* XXXX Why 1? */
+    /* Load keys from non-empty files only.
+     * Missing old keys won't be replaced with freshly generated keys. */
+    prkey = init_key_from_file(keydir, 0, LOG_ERR, 0);
     if (prkey)
       lastonionkey = prkey;
   }
   tor_free(keydir);
 
-#ifdef CURVE25519_ENABLED
   {
     /* 2b. Load curve25519 onion keys. */
     int r;
@@ -891,12 +940,13 @@ init_keys(void)
                            last_curve25519_onion_key.pubkey.public_key,
                         CURVE25519_PUBKEY_LEN) &&
         file_status(keydir) == FN_FILE) {
+      /* Load keys from non-empty files only.
+       * Missing old keys won't be replaced with freshly generated keys. */
       init_curve25519_keypair_from_file(&last_curve25519_onion_key,
                                         keydir, 0, LOG_ERR, "onion");
     }
     tor_free(keydir);
   }
-#endif
 
   /* 3. Initialize link key and TLS context. */
   if (router_initialize_tls_context() < 0) {
@@ -904,6 +954,13 @@ init_keys(void)
     return -1;
   }
 
+  /* 3b. Get an ed25519 link certificate.  Note that we need to do this
+   * after we set up the TLS context */
+  if (generate_ed_link_cert(options, now) < 0) {
+    log_err(LD_GENERAL,"Couldn't make link cert");
+    return -1;
+  }
+
   /* 4. Build our router descriptor. */
   /* Must be called after keys are initialized. */
   mydesc = router_get_my_descriptor();
@@ -911,14 +968,13 @@ init_keys(void)
     const char *m = NULL;
     routerinfo_t *ri;
     /* We need to add our own fingerprint so it gets recognized. */
-    if (dirserv_add_own_fingerprint(options->Nickname,
-                                    get_server_identity_key())) {
-      log_err(LD_GENERAL,"Error adding own fingerprint to approved set");
+    if (dirserv_add_own_fingerprint(get_server_identity_key())) {
+      log_err(LD_GENERAL,"Error adding own fingerprint to set of relays");
       return -1;
     }
     if (mydesc) {
       was_router_added_t added;
-      ri = router_parse_entry_from_string(mydesc, NULL, 1, 0, NULL);
+      ri = router_parse_entry_from_string(mydesc, NULL, 1, 0, NULL, NULL);
       if (!ri) {
         log_err(LD_GENERAL,"Generated a routerinfo we couldn't parse.");
         return -1;
@@ -970,6 +1026,7 @@ init_keys(void)
     ds = trusted_dir_server_new(options->Nickname, NULL,
                                 router_get_advertised_dir_port(options, 0),
                                 router_get_advertised_or_port(options),
+                                NULL,
                                 digest,
                                 v3_digest,
                                 type, 0.0);
@@ -1022,84 +1079,117 @@ router_reset_reachability(void)
   can_reach_or_port = can_reach_dir_port = 0;
 }
 
-/** Return 1 if ORPort is known reachable; else return 0. */
-int
-check_whether_orport_reachable(void)
+/** Return 1 if we won't do reachability checks, because:
+ *   - AssumeReachable is set, or
+ *   - the network is disabled.
+ * Otherwise, return 0.
+ */
+static int
+router_reachability_checks_disabled(const or_options_t *options)
 {
-  const or_options_t *options = get_options();
   return options->AssumeReachable ||
+         net_is_disabled();
+}
+
+/** Return 0 if we need to do an ORPort reachability check, because:
+ *   - no reachability check has been done yet, or
+ *   - we've initiated reachability checks, but none have succeeded.
+ *  Return 1 if we don't need to do an ORPort reachability check, because:
+ *   - we've seen a successful reachability check, or
+ *   - AssumeReachable is set, or
+ *   - the network is disabled.
+ */
+int
+check_whether_orport_reachable(const or_options_t *options)
+{
+  int reach_checks_disabled = router_reachability_checks_disabled(options);
+  return reach_checks_disabled ||
          can_reach_or_port;
 }
 
-/** Return 1 if we don't have a dirport configured, or if it's reachable. */
+/** Return 0 if we need to do a DirPort reachability check, because:
+ *   - no reachability check has been done yet, or
+ *   - we've initiated reachability checks, but none have succeeded.
+ *  Return 1 if we don't need to do a DirPort reachability check, because:
+ *   - we've seen a successful reachability check, or
+ *   - there is no DirPort set, or
+ *   - AssumeReachable is set, or
+ *   - the network is disabled.
+ */
 int
-check_whether_dirport_reachable(void)
+check_whether_dirport_reachable(const or_options_t *options)
 {
-  const or_options_t *options = get_options();
-  return !options->DirPort_set ||
-         options->AssumeReachable ||
-         net_is_disabled() ||
+  int reach_checks_disabled = router_reachability_checks_disabled(options) ||
+                              !options->DirPort_set;
+  return reach_checks_disabled ||
          can_reach_dir_port;
 }
 
-/** Look at a variety of factors, and return 0 if we don't want to
- * advertise the fact that we have a DirPort open. Else return the
- * DirPort we want to advertise.
- *
- * Log a helpful message if we change our mind about whether to publish
- * a DirPort.
+/** The lower threshold of remaining bandwidth required to advertise (or
+ * automatically provide) directory services */
+/* XXX Should this be increased? */
+#define MIN_BW_TO_ADVERTISE_DIRSERVER 51200
+
+/** Return true iff we have enough configured bandwidth to cache directory
+ * information. */
+static int
+router_has_bandwidth_to_be_dirserver(const or_options_t *options)
+{
+  if (options->BandwidthRate < MIN_BW_TO_ADVERTISE_DIRSERVER) {
+    return 0;
+  }
+  if (options->RelayBandwidthRate > 0 &&
+      options->RelayBandwidthRate < MIN_BW_TO_ADVERTISE_DIRSERVER) {
+    return 0;
+  }
+  return 1;
+}
+
+/** Helper: Return 1 if we have sufficient resources for serving directory
+ * requests, return 0 otherwise.
+ * dir_port is either 0 or the configured DirPort number.
+ * If AccountingMax is set less than our advertised bandwidth, then don't
+ * serve requests. Likewise, if our advertised bandwidth is less than
+ * MIN_BW_TO_ADVERTISE_DIRSERVER, don't bother trying to serve requests.
  */
 static int
-decide_to_advertise_dirport(const or_options_t *options, uint16_t dir_port)
+router_should_be_directory_server(const or_options_t *options, int dir_port)
 {
   static int advertising=1; /* start out assuming we will advertise */
   int new_choice=1;
   const char *reason = NULL;
 
-  /* Section one: reasons to publish or not publish that aren't
-   * worth mentioning to the user, either because they're obvious
-   * or because they're normal behavior. */
-
-  if (!dir_port) /* short circuit the rest of the function */
-    return 0;
-  if (authdir_mode(options)) /* always publish */
-    return dir_port;
-  if (net_is_disabled())
-    return 0;
-  if (!check_whether_dirport_reachable())
-    return 0;
-  if (!router_get_advertised_dir_port(options, dir_port))
-    return 0;
-
-  /* Section two: reasons to publish or not publish that the user
-   * might find surprising. These are generally config options that
-   * make us choose not to publish. */
-
-  if (accounting_is_enabled(options)) {
+  if (accounting_is_enabled(options) &&
+    get_options()->AccountingRule != ACCT_IN) {
     /* Don't spend bytes for directory traffic if we could end up hibernating,
      * but allow DirPort otherwise. Some people set AccountingMax because
-     * they're confused or to get statistics. */
+     * they're confused or to get statistics. Directory traffic has a much
+     * larger effect on output than input so there is no reason to turn it
+     * off if using AccountingRule in. */
     int interval_length = accounting_get_interval_length();
     uint32_t effective_bw = get_effective_bwrate(options);
+    uint64_t acc_bytes;
     if (!interval_length) {
       log_warn(LD_BUG, "An accounting interval is not allowed to be zero "
                        "seconds long. Raising to 1.");
       interval_length = 1;
     }
-    log_info(LD_GENERAL, "Calculating whether to disable dirport: effective "
+    log_info(LD_GENERAL, "Calculating whether to advertise %s: effective "
                          "bwrate: %u, AccountingMax: "U64_FORMAT", "
-                         "accounting interval length %d", effective_bw,
-                         U64_PRINTF_ARG(options->AccountingMax),
+                         "accounting interval length %d",
+                         dir_port ? "dirport" : "begindir",
+                         effective_bw, U64_PRINTF_ARG(options->AccountingMax),
                          interval_length);
+
+    acc_bytes = options->AccountingMax;
+    if (get_options()->AccountingRule == ACCT_SUM)
+      acc_bytes /= 2;
     if (effective_bw >=
-        options->AccountingMax / interval_length) {
+        acc_bytes / interval_length) {
       new_choice = 0;
       reason = "AccountingMax enabled";
     }
-#define MIN_BW_TO_ADVERTISE_DIRPORT 51200
-  } else if (options->BandwidthRate < MIN_BW_TO_ADVERTISE_DIRPORT ||
-             (options->RelayBandwidthRate > 0 &&
-              options->RelayBandwidthRate < MIN_BW_TO_ADVERTISE_DIRPORT)) {
+  } else if (! router_has_bandwidth_to_be_dirserver(options)) {
     /* if we're advertising a small amount */
     new_choice = 0;
     reason = "BandwidthRate under 50KB";
@@ -1107,15 +1197,91 @@ decide_to_advertise_dirport(const or_options_t *options, uint16_t dir_port)
 
   if (advertising != new_choice) {
     if (new_choice == 1) {
-      log_notice(LD_DIR, "Advertising DirPort as %d", dir_port);
+      if (dir_port > 0)
+        log_notice(LD_DIR, "Advertising DirPort as %d", dir_port);
+      else
+        log_notice(LD_DIR, "Advertising directory service support");
     } else {
       tor_assert(reason);
-      log_notice(LD_DIR, "Not advertising DirPort (Reason: %s)", reason);
+      log_notice(LD_DIR, "Not advertising Dir%s (Reason: %s)",
+                 dir_port ? "Port" : "ectory Service support", reason);
     }
     advertising = new_choice;
   }
 
-  return advertising ? dir_port : 0;
+  return advertising;
+}
+
+/** Return 1 if we are configured to accept either relay or directory requests
+ * from clients and we aren't at risk of exceeding our bandwidth limits, thus
+ * we should be a directory server. If not, return 0.
+ */
+int
+dir_server_mode(const or_options_t *options)
+{
+  if (!options->DirCache)
+    return 0;
+  return options->DirPort_set ||
+    (server_mode(options) && router_has_bandwidth_to_be_dirserver(options));
+}
+
+/** Look at a variety of factors, and return 0 if we don't want to
+ * advertise the fact that we have a DirPort open or begindir support, else
+ * return 1.
+ *
+ * Where dir_port or supports_tunnelled_dir_requests are not relevant, they
+ * must be 0.
+ *
+ * Log a helpful message if we change our mind about whether to publish.
+ */
+static int
+decide_to_advertise_dir_impl(const or_options_t *options,
+                             uint16_t dir_port,
+                             int supports_tunnelled_dir_requests)
+{
+  /* Part one: reasons to publish or not publish that aren't
+   * worth mentioning to the user, either because they're obvious
+   * or because they're normal behavior. */
+
+  /* short circuit the rest of the function */
+  if (!dir_port && !supports_tunnelled_dir_requests)
+    return 0;
+  if (authdir_mode(options)) /* always publish */
+    return 1;
+  if (net_is_disabled())
+    return 0;
+  if (dir_port && !router_get_advertised_dir_port(options, dir_port))
+    return 0;
+  if (supports_tunnelled_dir_requests &&
+      !router_get_advertised_or_port(options))
+    return 0;
+
+  /* Part two: consider config options that could make us choose to
+   * publish or not publish that the user might find surprising. */
+  return router_should_be_directory_server(options, dir_port);
+}
+
+/** Front-end to decide_to_advertise_dir_impl(): return 0 if we don't want to
+ * advertise the fact that we have a DirPort open, else return the
+ * DirPort we want to advertise.
+ */
+static int
+decide_to_advertise_dirport(const or_options_t *options, uint16_t dir_port)
+{
+  /* supports_tunnelled_dir_requests is not relevant, pass 0 */
+  return decide_to_advertise_dir_impl(options, dir_port, 0) ? dir_port : 0;
+}
+
+/** Front-end to decide_to_advertise_dir_impl(): return 0 if we don't want to
+ * advertise the fact that we support begindir requests, else return 1.
+ */
+static int
+decide_to_advertise_begindir(const or_options_t *options,
+                             int supports_tunnelled_dir_requests)
+{
+  /* dir_port is not relevant, pass 0 */
+  return decide_to_advertise_dir_impl(options, 0,
+                                      supports_tunnelled_dir_requests);
 }
 
 /** Allocate and return a new extend_info_t that can be used to build
@@ -1149,9 +1315,9 @@ void
 consider_testing_reachability(int test_or, int test_dir)
 {
   const routerinfo_t *me = router_get_my_routerinfo();
-  int orport_reachable = check_whether_orport_reachable();
-  tor_addr_t addr;
   const or_options_t *options = get_options();
+  int orport_reachable = check_whether_orport_reachable(options);
+  tor_addr_t addr;
   if (!me)
     return;
 
@@ -1182,14 +1348,15 @@ consider_testing_reachability(int test_or, int test_dir)
     extend_info_free(ei);
   }
 
+  /* XXX IPv6 self testing */
   tor_addr_from_ipv4h(&addr, me->addr);
-  if (test_dir && !check_whether_dirport_reachable() &&
+  if (test_dir && !check_whether_dirport_reachable(options) &&
       !connection_get_by_type_addr_port_purpose(
                 CONN_TYPE_DIR, &addr, me->dir_port,
                 DIR_PURPOSE_FETCH_SERVERDESC)) {
     /* ask myself, via tor, for my server descriptor. */
-    directory_initiate_command(&addr,
-                               me->or_port, me->dir_port,
+    directory_initiate_command(&addr, me->or_port,
+                               &addr, me->dir_port,
                                me->cache_info.identity_digest,
                                DIR_PURPOSE_FETCH_SERVERDESC,
                                ROUTER_PURPOSE_GENERAL,
@@ -1202,14 +1369,21 @@ void
 router_orport_found_reachable(void)
 {
   const routerinfo_t *me = router_get_my_routerinfo();
+  const or_options_t *options = get_options();
   if (!can_reach_or_port && me) {
     char *address = tor_dup_ip(me->addr);
     log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from "
                "the outside. Excellent.%s",
-               get_options()->PublishServerDescriptor_ != NO_DIRINFO ?
+               options->PublishServerDescriptor_ != NO_DIRINFO
+               && check_whether_dirport_reachable(options) ?
                  " Publishing server descriptor." : "");
     can_reach_or_port = 1;
     mark_my_descriptor_dirty("ORPort found reachable");
+    /* This is a significant enough change to upload immediately,
+     * at least in a test network */
+    if (options->TestingTorNetwork == 1) {
+      reschedule_descriptor_update_check();
+    }
     control_event_server_status(LOG_NOTICE,
                                 "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
                                 address, me->or_port);
@@ -1222,13 +1396,23 @@ void
 router_dirport_found_reachable(void)
 {
   const routerinfo_t *me = router_get_my_routerinfo();
+  const or_options_t *options = get_options();
   if (!can_reach_dir_port && me) {
     char *address = tor_dup_ip(me->addr);
     log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable "
-               "from the outside. Excellent.");
+               "from the outside. Excellent.%s",
+               options->PublishServerDescriptor_ != NO_DIRINFO
+               && check_whether_orport_reachable(options) ?
+               " Publishing server descriptor." : "");
     can_reach_dir_port = 1;
-    if (decide_to_advertise_dirport(get_options(), me->dir_port))
+    if (decide_to_advertise_dirport(options, me->dir_port)) {
       mark_my_descriptor_dirty("DirPort found reachable");
+      /* This is a significant enough change to upload immediately,
+       * at least in a test network */
+      if (options->TestingTorNetwork == 1) {
+        reschedule_descriptor_update_check();
+      }
+    }
     control_event_server_status(LOG_NOTICE,
                                 "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
                                 address, me->dir_port);
@@ -1384,8 +1568,8 @@ static int server_is_advertised=0;
 
 /** Return true iff we have published our descriptor lately.
  */
-int
-advertised_server_mode(void)
+MOCK_IMPL(int,
+advertised_server_mode,(void))
 {
   return server_is_advertised;
 }
@@ -1422,7 +1606,10 @@ proxy_mode(const or_options_t *options)
  * and
  * - We have ORPort set
  * and
- * - We believe we are reachable from the outside; or
+ * - We believe our ORPort and DirPort (if present) are reachable from
+ *   the outside; or
+ * - We believe our ORPort is reachable from the outside, and we can't
+ *   check our DirPort because the consensus has no exits; or
  * - We are an authoritative directory server.
  */
 static int
@@ -1440,8 +1627,15 @@ decide_if_publishable_server(void)
     return 1;
   if (!router_get_advertised_or_port(options))
     return 0;
-
-  return check_whether_orport_reachable();
+  if (!check_whether_orport_reachable(options))
+    return 0;
+  if (router_have_consensus_path() == CONSENSUS_PATH_INTERNAL) {
+    /* All set: there are no exits in the consensus (maybe this is a tiny
+     * test network), so we can't check our DirPort reachability. */
+    return 1;
+  } else {
+    return check_whether_dirport_reachable(options);
+  }
 }
 
 /** Initiate server descriptor upload as reasonable (if server is publishable,
@@ -1612,7 +1806,8 @@ router_upload_dir_desc_to_dirservers(int force)
 int
 router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
 {
-  if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */
+  const routerinfo_t *me = router_get_my_routerinfo();
+  if (!me) /* make sure routerinfo exists */
     return -1;
 
   /* make sure it's resolved to something. this way we can't get a
@@ -1620,20 +1815,21 @@ router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
   if (tor_addr_is_null(addr))
     return -1;
 
-  /* look at desc_routerinfo->exit_policy for both the v4 and the v6
-   * policies.  The exit_policy field in desc_routerinfo is a bit unusual,
-   * in that it contains IPv6 and IPv6 entries.  We don't want to look
-   * at desc_routerinfio->ipv6_exit_policy, since that's a port summary. */
+  /* look at router_get_my_routerinfo()->exit_policy for both the v4 and the
+   * v6 policies.  The exit_policy field in router_get_my_routerinfo() is a
+   * bit unusual, in that it contains IPv6 and IPv6 entries.  We don't want to
+   * look at router_get_my_routerinfo()->ipv6_exit_policy, since that's a port
+   * summary. */
   if ((tor_addr_family(addr) == AF_INET ||
        tor_addr_family(addr) == AF_INET6)) {
     return compare_tor_addr_to_addr_policy(addr, port,
-                    desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
+                               me->exit_policy) != ADDR_POLICY_ACCEPTED;
 #if 0
   } else if (tor_addr_family(addr) == AF_INET6) {
     return get_options()->IPv6Exit &&
       desc_routerinfo->ipv6_exit_policy &&
       compare_tor_addr_to_short_policy(addr, port,
-                  desc_routerinfo->ipv6_exit_policy) != ADDR_POLICY_ACCEPTED;
+                               me->ipv6_exit_policy) != ADDR_POLICY_ACCEPTED;
 #endif
   } else {
     return -1;
@@ -1642,13 +1838,13 @@ router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
 
 /** Return true iff my exit policy is reject *:*.  Return -1 if we don't
  * have a descriptor */
-int
-router_my_exit_policy_is_reject_star(void)
+MOCK_IMPL(int,
+router_my_exit_policy_is_reject_star,(void))
 {
-  if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */
+  if (!router_get_my_routerinfo()) /* make sure routerinfo exists */
     return -1;
 
-  return desc_routerinfo->policy_is_reject_star;
+  return router_get_my_routerinfo()->policy_is_reject_star;
 }
 
 /** Return true iff I'm a server and <b>digest</b> is equal to
@@ -1707,12 +1903,13 @@ const char *
 router_get_my_descriptor(void)
 {
   const char *body;
-  if (!router_get_my_routerinfo())
+  const routerinfo_t *me = router_get_my_routerinfo();
+  if (! me)
     return NULL;
+  tor_assert(me->cache_info.saved_location == SAVED_NOWHERE);
+  body = signed_descriptor_get_body(&me->cache_info);
   /* Make sure this is nul-terminated. */
-  tor_assert(desc_routerinfo->cache_info.saved_location == SAVED_NOWHERE);
-  body = signed_descriptor_get_body(&desc_routerinfo->cache_info);
-  tor_assert(!body[desc_routerinfo->cache_info.signed_descriptor_len]);
+  tor_assert(!body[me->cache_info.signed_descriptor_len]);
   log_debug(LD_GENERAL,"my desc is '%s'", body);
   return body;
 }
@@ -1747,8 +1944,8 @@ static int router_guess_address_from_dir_headers(uint32_t *guess);
  * it's configured in torrc, or because we've learned it from
  * dirserver headers. Place the answer in *<b>addr</b> and return
  * 0 on success, else return -1 if we have no guess. */
-int
-router_pick_published_address(const or_options_t *options, uint32_t *addr)
+MOCK_IMPL(int,
+router_pick_published_address,(const or_options_t *options, uint32_t *addr))
 {
   *addr = get_last_resolved_addr();
   if (!*addr &&
@@ -1765,12 +1962,15 @@ router_pick_published_address(const or_options_t *options, uint32_t *addr)
   return 0;
 }
 
-/** If <b>force</b> is true, or our descriptor is out-of-date, rebuild a fresh
- * routerinfo, signed server descriptor, and extra-info document for this OR.
- * Return 0 on success, -1 on temporary error.
+/** Build a fresh routerinfo, signed server descriptor, and extra-info document
+ * for this OR. Set r to the generated routerinfo, e to the generated
+ * extra-info document. Return 0 on success, -1 on temporary error. Failure to
+ * generate an extra-info document is not an error and is indicated by setting
+ * e to NULL. Caller is responsible for freeing generated documents if 0 is
+ * returned.
  */
 int
-router_rebuild_descriptor(int force)
+router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
 {
   routerinfo_t *ri;
   extrainfo_t *ei;
@@ -1779,44 +1979,39 @@ router_rebuild_descriptor(int force)
   int hibernating = we_are_hibernating();
   const or_options_t *options = get_options();
 
-  if (desc_clean_since && !force)
-    return 0;
-
-  if (router_pick_published_address(options, &addr) < 0 ||
-      router_get_advertised_or_port(options) == 0) {
-    /* Stop trying to rebuild our descriptor every second. We'll
-     * learn that it's time to try again when ip_address_changed()
-     * marks it dirty. */
-    desc_clean_since = time(NULL);
+  if (router_pick_published_address(options, &addr) < 0) {
+    log_warn(LD_CONFIG, "Don't know my address while generating descriptor");
     return -1;
   }
 
-  log_info(LD_OR, "Rebuilding relay descriptor%s", force ? " (forced)" : "");
-
   ri = tor_malloc_zero(sizeof(routerinfo_t));
   ri->cache_info.routerlist_index = -1;
   ri->nickname = tor_strdup(options->Nickname);
   ri->addr = addr;
   ri->or_port = router_get_advertised_or_port(options);
   ri->dir_port = router_get_advertised_dir_port(options, 0);
+  ri->supports_tunnelled_dir_requests =
+    directory_permits_begindir_requests(options);
   ri->cache_info.published_on = time(NULL);
   ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
                                                         * main thread */
-#ifdef CURVE25519_ENABLED
   ri->onion_curve25519_pkey =
     tor_memdup(&get_current_curve25519_keypair()->pubkey,
                sizeof(curve25519_public_key_t));
-#endif
 
   /* For now, at most one IPv6 or-address is being advertised. */
   {
     const port_cfg_t *ipv6_orport = NULL;
     SMARTLIST_FOREACH_BEGIN(get_configured_ports(), const port_cfg_t *, p) {
       if (p->type == CONN_TYPE_OR_LISTENER &&
-          ! p->no_advertise &&
-          ! p->bind_ipv4_only &&
+          ! p->server_cfg.no_advertise &&
+          ! p->server_cfg.bind_ipv4_only &&
           tor_addr_family(&p->addr) == AF_INET6) {
-        if (! tor_addr_is_internal(&p->addr, 0)) {
+        /* Like IPv4, if the relay is configured using the default
+         * authorities, disallow internal IPs. Otherwise, allow them. */
+        const int default_auth = (!options->DirAuthorities &&
+                                  !options->AlternateDirAuthority);
+        if (! tor_addr_is_internal(&p->addr, 0) || ! default_auth) {
           ipv6_orport = p;
           break;
         } else {
@@ -1824,7 +2019,7 @@ router_rebuild_descriptor(int force)
           log_warn(LD_CONFIG,
                    "Unable to use configured IPv6 address \"%s\" in a "
                    "descriptor. Skipping it. "
-                   "Try specifying a globally reachable address explicitly. ",
+                   "Try specifying a globally reachable address explicitly.",
                    tor_addr_to_str(addrbuf, &p->addr, sizeof(addrbuf), 1));
         }
       }
@@ -1841,6 +2036,9 @@ router_rebuild_descriptor(int force)
     routerinfo_free(ri);
     return -1;
   }
+  ri->cache_info.signing_key_cert =
+    tor_cert_dup(get_master_signing_key_cert());
+
   get_platform_str(platform, sizeof(platform));
   ri->platform = tor_strdup(platform);
 
@@ -1856,10 +2054,8 @@ router_rebuild_descriptor(int force)
     /* DNS is screwed up; don't claim to be an exit. */
     policies_exit_policy_append_reject_star(&ri->exit_policy);
   } else {
-    policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
-                               options->IPv6Exit,
-                               options->ExitPolicyRejectPrivate,
-                               ri->addr, !options->BridgeRelay);
+    policies_parse_exit_policy_from_options(options,ri->addr,&ri->ipv6_addr,
+                                            &ri->exit_policy);
   }
   ri->policy_is_reject_star =
     policy_is_reject_star(ri->exit_policy, AF_INET) &&
@@ -1879,7 +2075,7 @@ router_rebuild_descriptor(int force)
     family = smartlist_new();
     ri->declared_family = smartlist_new();
     smartlist_split_string(family, options->MyFamily, ",",
-      SPLIT_SKIP_SPACE|SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+      SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK|SPLIT_STRIP_SPACE, 0);
     SMARTLIST_FOREACH_BEGIN(family, char *, name) {
        const node_t *member;
        if (!strcasecmp(name, options->Nickname))
@@ -1933,10 +2129,14 @@ router_rebuild_descriptor(int force)
   ei->cache_info.is_extrainfo = 1;
   strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
   ei->cache_info.published_on = ri->cache_info.published_on;
+  ei->cache_info.signing_key_cert =
+    tor_cert_dup(get_master_signing_key_cert());
+
   memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
          DIGEST_LEN);
   if (extrainfo_dump_to_string(&ei->cache_info.signed_descriptor_body,
-                               ei, get_server_identity_key()) < 0) {
+                               ei, get_server_identity_key(),
+                               get_master_signing_keypair()) < 0) {
     log_warn(LD_BUG, "Couldn't generate extra-info descriptor.");
     extrainfo_free(ei);
     ei = NULL;
@@ -1946,6 +2146,10 @@ router_rebuild_descriptor(int force)
     router_get_extrainfo_hash(ei->cache_info.signed_descriptor_body,
                               ei->cache_info.signed_descriptor_len,
                               ei->cache_info.signed_descriptor_digest);
+    crypto_digest256((char*) ei->digest256,
+                     ei->cache_info.signed_descriptor_body,
+                     ei->cache_info.signed_descriptor_len,
+                     DIGEST_SHA256);
   }
 
   /* Now finish the router descriptor. */
@@ -1953,12 +2157,18 @@ router_rebuild_descriptor(int force)
     memcpy(ri->cache_info.extra_info_digest,
            ei->cache_info.signed_descriptor_digest,
            DIGEST_LEN);
+    memcpy(ri->cache_info.extra_info_digest256,
+           ei->digest256,
+           DIGEST256_LEN);
   } else {
     /* ri was allocated with tor_malloc_zero, so there is no need to
      * zero ri->cache_info.extra_info_digest here. */
   }
-  if (! (ri->cache_info.signed_descriptor_body = router_dump_router_to_string(
-                                           ri, get_server_identity_key()))) {
+  if (! (ri->cache_info.signed_descriptor_body =
+          router_dump_router_to_string(ri, get_server_identity_key(),
+                                       get_onion_key(),
+                                       get_current_curve25519_keypair(),
+                                       get_master_signing_keypair())) ) {
     log_warn(LD_BUG, "Couldn't generate router descriptor.");
     routerinfo_free(ri);
     extrainfo_free(ei);
@@ -1988,7 +2198,44 @@ router_rebuild_descriptor(int force)
                          ri->cache_info.signed_descriptor_digest);
 
   if (ei) {
-    tor_assert(! routerinfo_incompatible_with_extrainfo(ri, ei, NULL, NULL));
+    tor_assert(!
+          routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei,
+                                                 &ri->cache_info, NULL));
+  }
+
+  *r = ri;
+  *e = ei;
+  return 0;
+}
+
+/** If <b>force</b> is true, or our descriptor is out-of-date, rebuild a fresh
+ * routerinfo, signed server descriptor, and extra-info document for this OR.
+ * Return 0 on success, -1 on temporary error.
+ */
+int
+router_rebuild_descriptor(int force)
+{
+  routerinfo_t *ri;
+  extrainfo_t *ei;
+  uint32_t addr;
+  const or_options_t *options = get_options();
+
+  if (desc_clean_since && !force)
+    return 0;
+
+  if (router_pick_published_address(options, &addr) < 0 ||
+      router_get_advertised_or_port(options) == 0) {
+    /* Stop trying to rebuild our descriptor every second. We'll
+     * learn that it's time to try again when ip_address_changed()
+     * marks it dirty. */
+    desc_clean_since = time(NULL);
+    return -1;
+  }
+
+  log_info(LD_OR, "Rebuilding relay descriptor%s", force ? " (forced)" : "");
+
+  if (router_build_fresh_descriptor(&ri, &ei) < 0) {
+    return -1;
   }
 
   routerinfo_free(desc_routerinfo);
@@ -2063,7 +2310,8 @@ mark_my_descriptor_dirty(const char *reason)
 }
 
 /** How frequently will we republish our descriptor because of large (factor
- * of 2) shifts in estimated bandwidth? */
+ * of 2) shifts in estimated bandwidth? Note: We don't use this constant
+ * if our previous bandwidth estimate was exactly 0. */
 #define MAX_BANDWIDTH_CHANGE_FREQ (20*60)
 
 /** Check whether bandwidth has changed a lot since the last time we announced
@@ -2073,15 +2321,15 @@ check_descriptor_bandwidth_changed(time_t now)
 {
   static time_t last_changed = 0;
   uint64_t prev, cur;
-  if (!desc_routerinfo)
+  if (!router_get_my_routerinfo())
     return;
 
-  prev = desc_routerinfo->bandwidthcapacity;
+  prev = router_get_my_routerinfo()->bandwidthcapacity;
   cur = we_are_hibernating() ? 0 : rep_hist_bandwidth_assess();
   if ((prev != cur && (!prev || !cur)) ||
       cur > prev*2 ||
       cur < prev/2) {
-    if (last_changed+MAX_BANDWIDTH_CHANGE_FREQ < now) {
+    if (last_changed+MAX_BANDWIDTH_CHANGE_FREQ < now || !prev) {
       log_info(LD_GENERAL,
                "Measured bandwidth has changed; rebuilding descriptor.");
       mark_my_descriptor_dirty("bandwidth has changed");
@@ -2130,11 +2378,11 @@ check_descriptor_ipaddress_changed(time_t now)
 
   (void) now;
 
-  if (!desc_routerinfo)
+  if (router_get_my_routerinfo() == NULL)
     return;
 
   /* XXXX ipv6 */
-  prev = desc_routerinfo->addr;
+  prev = router_get_my_routerinfo()->addr;
   if (resolve_my_address(LOG_INFO, options, &cur, &method, &hostname) < 0) {
     log_info(LD_CONFIG,"options->Address didn't resolve into an IP.");
     return;
@@ -2206,7 +2454,7 @@ router_new_address_suggestion(const char *suggestion,
   if (tor_addr_eq(&d_conn->base_.addr, &addr)) {
     /* Don't believe anybody who says our IP is their IP. */
     log_debug(LD_DIR, "A directory server told us our IP address is %s, "
-              "but he's just reporting his own IP address. Ignoring.",
+              "but they are just reporting their own IP address. Ignoring.",
               suggestion);
     return;
   }
@@ -2263,22 +2511,29 @@ get_platform_str(char *platform, size_t len)
  */
 char *
 router_dump_router_to_string(routerinfo_t *router,
-                             crypto_pk_t *ident_key)
+                             const crypto_pk_t *ident_key,
+                             const crypto_pk_t *tap_key,
+                             const curve25519_keypair_t *ntor_keypair,
+                             const ed25519_keypair_t *signing_keypair)
 {
   char *address = NULL;
   char *onion_pkey = NULL; /* Onion key, PEM-encoded. */
   char *identity_pkey = NULL; /* Identity key, PEM-encoded. */
-  char digest[DIGEST_LEN];
+  char digest[DIGEST256_LEN];
   char published[ISO_TIME_LEN+1];
   char fingerprint[FINGERPRINT_LEN+1];
-  int has_extra_info_digest;
-  char extra_info_digest[HEX_DIGEST_LEN+1];
+  char *extra_info_line = NULL;
   size_t onion_pkeylen, identity_pkeylen;
   char *family_line = NULL;
   char *extra_or_address = NULL;
   const or_options_t *options = get_options();
   smartlist_t *chunks = NULL;
   char *output = NULL;
+  const int emit_ed_sigs = signing_keypair &&
+    router->cache_info.signing_key_cert;
+  char *ed_cert_line = NULL;
+  char *rsa_tap_cc_line = NULL;
+  char *ntor_cc_line = NULL;
 
   /* Make sure the identity key matches the one in the routerinfo. */
   if (!crypto_pk_eq_keys(ident_key, router->identity_pkey)) {
@@ -2286,6 +2541,16 @@ router_dump_router_to_string(routerinfo_t *router,
              "match router's public key!");
     goto err;
   }
+  if (emit_ed_sigs) {
+    if (!router->cache_info.signing_key_cert->signing_key_included ||
+        !ed25519_pubkey_eq(&router->cache_info.signing_key_cert->signed_key,
+                           &signing_keypair->pubkey)) {
+      log_warn(LD_BUG, "Tried to sign a router descriptor with a mismatched "
+               "ed25519 key chain %d",
+               router->cache_info.signing_key_cert->signing_key_included);
+      goto err;
+    }
+  }
 
   /* record our fingerprint, so we can include it in the descriptor */
   if (crypto_pk_get_fingerprint(router->identity_pkey, fingerprint, 1)<0) {
@@ -2293,6 +2558,30 @@ router_dump_router_to_string(routerinfo_t *router,
     goto err;
   }
 
+  if (emit_ed_sigs) {
+    /* Encode ed25519 signing cert */
+    char ed_cert_base64[256];
+    char ed_fp_base64[ED25519_BASE64_LEN+1];
+    if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
+                    (const char*)router->cache_info.signing_key_cert->encoded,
+                    router->cache_info.signing_key_cert->encoded_len,
+                    BASE64_ENCODE_MULTILINE) < 0) {
+      log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
+      goto err;
+    }
+    if (ed25519_public_to_base64(ed_fp_base64,
+                       &router->cache_info.signing_key_cert->signing_key)<0) {
+      log_err(LD_BUG,"Couldn't base64-encode identity key\n");
+      goto err;
+    }
+    tor_asprintf(&ed_cert_line, "identity-ed25519\n"
+                 "-----BEGIN ED25519 CERT-----\n"
+                 "%s"
+                 "-----END ED25519 CERT-----\n"
+                 "master-key-ed25519 %s\n",
+                 ed_cert_base64, ed_fp_base64);
+  }
+
   /* PEM-encode the onion key */
   if (crypto_pk_write_public_key_to_string(router->onion_pkey,
                                            &onion_pkey,&onion_pkeylen)<0) {
@@ -2307,6 +2596,69 @@ router_dump_router_to_string(routerinfo_t *router,
     goto err;
   }
 
+  /* Cross-certify with RSA key */
+  if (tap_key && router->cache_info.signing_key_cert &&
+      router->cache_info.signing_key_cert->signing_key_included) {
+    char buf[256];
+    int tap_cc_len = 0;
+    uint8_t *tap_cc =
+      make_tap_onion_key_crosscert(tap_key,
+                            &router->cache_info.signing_key_cert->signing_key,
+                            router->identity_pkey,
+                            &tap_cc_len);
+    if (!tap_cc) {
+      log_warn(LD_BUG,"make_tap_onion_key_crosscert failed!");
+      goto err;
+    }
+
+    if (base64_encode(buf, sizeof(buf), (const char*)tap_cc, tap_cc_len,
+                      BASE64_ENCODE_MULTILINE) < 0) {
+      log_warn(LD_BUG,"base64_encode(rsa_crosscert) failed!");
+      tor_free(tap_cc);
+      goto err;
+    }
+    tor_free(tap_cc);
+
+    tor_asprintf(&rsa_tap_cc_line,
+                 "onion-key-crosscert\n"
+                 "-----BEGIN CROSSCERT-----\n"
+                 "%s"
+                 "-----END CROSSCERT-----\n", buf);
+  }
+
+  /* Cross-certify with onion keys */
+  if (ntor_keypair && router->cache_info.signing_key_cert &&
+      router->cache_info.signing_key_cert->signing_key_included) {
+    int sign = 0;
+    char buf[256];
+    /* XXXX Base the expiration date on the actual onion key expiration time?*/
+    tor_cert_t *cert =
+      make_ntor_onion_key_crosscert(ntor_keypair,
+                         &router->cache_info.signing_key_cert->signing_key,
+                         router->cache_info.published_on,
+                         MIN_ONION_KEY_LIFETIME, &sign);
+    if (!cert) {
+      log_warn(LD_BUG,"make_ntor_onion_key_crosscert failed!");
+      goto err;
+    }
+    tor_assert(sign == 0 || sign == 1);
+
+    if (base64_encode(buf, sizeof(buf),
+                      (const char*)cert->encoded, cert->encoded_len,
+                      BASE64_ENCODE_MULTILINE)<0) {
+      log_warn(LD_BUG,"base64_encode(ntor_crosscert) failed!");
+      tor_cert_free(cert);
+      goto err;
+    }
+    tor_cert_free(cert);
+
+    tor_asprintf(&ntor_cc_line,
+                 "ntor-onion-key-crosscert %d\n"
+                 "-----BEGIN ED25519 CERT-----\n"
+                 "%s"
+                 "-----END ED25519 CERT-----\n", sign, buf);
+  }
+
   /* Encode the publication time. */
   format_iso_time(published, router->cache_info.published_on);
 
@@ -2319,12 +2671,19 @@ router_dump_router_to_string(routerinfo_t *router,
     family_line = tor_strdup("");
   }
 
-  has_extra_info_digest =
-    ! tor_digest_is_zero(router->cache_info.extra_info_digest);
-
-  if (has_extra_info_digest) {
+  if (!tor_digest_is_zero(router->cache_info.extra_info_digest)) {
+    char extra_info_digest[HEX_DIGEST_LEN+1];
     base16_encode(extra_info_digest, sizeof(extra_info_digest),
                   router->cache_info.extra_info_digest, DIGEST_LEN);
+    if (!tor_digest256_is_zero(router->cache_info.extra_info_digest256)) {
+      char d256_64[BASE64_DIGEST256_LEN+1];
+      digest256_to_base64(d256_64, router->cache_info.extra_info_digest256);
+      tor_asprintf(&extra_info_line, "extra-info-digest %s %s\n",
+                   extra_info_digest, d256_64);
+    } else {
+      tor_asprintf(&extra_info_line, "extra-info-digest %s\n",
+                   extra_info_digest);
+    }
   }
 
   if (router->ipv6_orport &&
@@ -2346,20 +2705,23 @@ router_dump_router_to_string(routerinfo_t *router,
   smartlist_add_asprintf(chunks,
                     "router %s %s %d 0 %d\n"
                     "%s"
+                    "%s"
                     "platform %s\n"
                     "protocols Link 1 2 Circuit 1\n"
                     "published %s\n"
                     "fingerprint %s\n"
                     "uptime %ld\n"
                     "bandwidth %d %d %d\n"
-                    "%s%s%s%s"
+                    "%s%s"
                     "onion-key\n%s"
                     "signing-key\n%s"
+                    "%s%s"
                     "%s%s%s%s",
     router->nickname,
     address,
     router->or_port,
     decide_to_advertise_dirport(options, router->dir_port),
+    ed_cert_line ? ed_cert_line : "",
     extra_or_address ? extra_or_address : "",
     router->platform,
     published,
@@ -2368,14 +2730,15 @@ router_dump_router_to_string(routerinfo_t *router,
     (int) router->bandwidthrate,
     (int) router->bandwidthburst,
     (int) router->bandwidthcapacity,
-    has_extra_info_digest ? "extra-info-digest " : "",
-    has_extra_info_digest ? extra_info_digest : "",
-    has_extra_info_digest ? "\n" : "",
-    options->DownloadExtraInfo ? "caches-extra-info\n" : "",
+    extra_info_line ? extra_info_line : "",
+    (options->DownloadExtraInfo || options->V3AuthoritativeDir) ?
+                         "caches-extra-info\n" : "",
     onion_pkey, identity_pkey,
+    rsa_tap_cc_line ? rsa_tap_cc_line : "",
+    ntor_cc_line ? ntor_cc_line : "",
     family_line,
     we_are_hibernating() ? "hibernating 1\n" : "",
-    options->HidServDirectoryV2 ? "hidden-service-dir\n" : "",
+    "hidden-service-dir\n",
     options->AllowSingleHopExits ? "allow-single-hop-exits\n" : "");
 
   if (options->ContactInfo && strlen(options->ContactInfo)) {
@@ -2385,15 +2748,13 @@ router_dump_router_to_string(routerinfo_t *router,
     smartlist_add_asprintf(chunks, "contact %s\n", ci);
   }
 
-#ifdef CURVE25519_ENABLED
   if (router->onion_curve25519_pkey) {
     char kbuf[128];
     base64_encode(kbuf, sizeof(kbuf),
                   (const char *)router->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN);
+                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
   }
-#endif
 
   /* Write the exit policy to the end of 's'. */
   if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
@@ -2417,7 +2778,29 @@ router_dump_router_to_string(routerinfo_t *router,
     tor_free(p6);
   }
 
-  /* Sign the descriptor */
+  if (decide_to_advertise_begindir(options,
+                                   router->supports_tunnelled_dir_requests)) {
+    smartlist_add(chunks, tor_strdup("tunnelled-dir-server\n"));
+  }
+
+  /* Sign the descriptor with Ed25519 */
+  if (emit_ed_sigs)  {
+    smartlist_add(chunks, tor_strdup("router-sig-ed25519 "));
+    crypto_digest_smartlist_prefix(digest, DIGEST256_LEN,
+                                   ED_DESC_SIGNATURE_PREFIX,
+                                   chunks, "", DIGEST_SHA256);
+    ed25519_signature_t sig;
+    char buf[ED25519_SIG_BASE64_LEN+1];
+    if (ed25519_sign(&sig, (const uint8_t*)digest, DIGEST256_LEN,
+                     signing_keypair) < 0)
+      goto err;
+    if (ed25519_signature_to_base64(buf, &sig) < 0)
+      goto err;
+
+    smartlist_add_asprintf(chunks, "%s\n", buf);
+  }
+
+  /* Sign the descriptor with RSA */
   smartlist_add(chunks, tor_strdup("router-signature\n"));
 
   crypto_digest_smartlist(digest, DIGEST_LEN, chunks, "", DIGEST_SHA1);
@@ -2443,7 +2826,7 @@ router_dump_router_to_string(routerinfo_t *router,
     const char *cp;
     routerinfo_t *ri_tmp;
     cp = s_dup = tor_strdup(output);
-    ri_tmp = router_parse_entry_from_string(cp, NULL, 1, 0, NULL);
+    ri_tmp = router_parse_entry_from_string(cp, NULL, 1, 0, NULL, NULL);
     if (!ri_tmp) {
       log_err(LD_BUG,
               "We just generated a router descriptor we can't parse.");
@@ -2469,6 +2852,10 @@ router_dump_router_to_string(routerinfo_t *router,
   tor_free(onion_pkey);
   tor_free(identity_pkey);
   tor_free(extra_or_address);
+  tor_free(ed_cert_line);
+  tor_free(rsa_tap_cc_line);
+  tor_free(ntor_cc_line);
+  tor_free(extra_info_line);
 
   return output;
 }
@@ -2483,44 +2870,13 @@ router_dump_exit_policy_to_string(const routerinfo_t *router,
                                   int include_ipv4,
                                   int include_ipv6)
 {
-  smartlist_t *exit_policy_strings;
-  char *policy_string = NULL;
-
   if ((!router->exit_policy) || (router->policy_is_reject_star)) {
     return tor_strdup("reject *:*");
   }
 
-  exit_policy_strings = smartlist_new();
-
-  SMARTLIST_FOREACH_BEGIN(router->exit_policy, addr_policy_t *, tmpe) {
-    char *pbuf;
-    int bytes_written_to_pbuf;
-    if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) {
-      continue; /* Don't include IPv6 parts of address policy */
-    }
-    if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) {
-      continue; /* Don't include IPv4 parts of address policy */
-    }
-
-    pbuf = tor_malloc(POLICY_BUF_LEN);
-    bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1);
-
-    if (bytes_written_to_pbuf < 0) {
-      log_warn(LD_BUG, "router_dump_exit_policy_to_string ran out of room!");
-      tor_free(pbuf);
-      goto done;
-    }
-
-    smartlist_add(exit_policy_strings,pbuf);
-  } SMARTLIST_FOREACH_END(tmpe);
-
-  policy_string = smartlist_join_strings(exit_policy_strings, "\n", 0, NULL);
-
- done:
-  SMARTLIST_FOREACH(exit_policy_strings, char *, str, tor_free(str));
-  smartlist_free(exit_policy_strings);
-
-  return policy_string;
+  return policy_dump_to_string(router->exit_policy,
+                               include_ipv4,
+                               include_ipv6);
 }
 
 /** Copy the primary (IPv4) OR port (IP address and TCP port) for
@@ -2557,8 +2913,9 @@ router_has_orport(const routerinfo_t *router, const tor_addr_port_t *orport)
  * <b>end_line</b>, ensure that its timestamp is not more than 25 hours in
  * the past or more than 1 hour in the future with respect to <b>now</b>,
  * and write the file contents starting with that line to *<b>out</b>.
- * Return 1 for success, 0 if the file does not exist, or -1 if the file
- * does not contain a line matching these criteria or other failure. */
+ * Return 1 for success, 0 if the file does not exist or is empty, or -1
+ * if the file does not contain a line matching these criteria or other
+ * failure. */
 static int
 load_stats_file(const char *filename, const char *end_line, time_t now,
                 char **out)
@@ -2592,7 +2949,9 @@ load_stats_file(const char *filename, const char *end_line, time_t now,
      notfound:
       tor_free(contents);
       break;
+    /* treat empty stats files as if the file doesn't exist */
     case FN_NOENT:
+    case FN_EMPTY:
       r = 0;
       break;
     case FN_ERROR:
@@ -2609,7 +2968,8 @@ load_stats_file(const char *filename, const char *end_line, time_t now,
  * success, negative on failure. */
 int
 extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
-                         crypto_pk_t *ident_key)
+                         crypto_pk_t *ident_key,
+                         const ed25519_keypair_t *signing_keypair)
 {
   const or_options_t *options = get_options();
   char identity[HEX_DIGEST_LEN+1];
@@ -2619,20 +2979,47 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
   int result;
   static int write_stats_to_extrainfo = 1;
   char sig[DIROBJ_MAX_SIG_LEN+1];
-  char *s, *pre, *contents, *cp, *s_dup = NULL;
+  char *s = NULL, *pre, *contents, *cp, *s_dup = NULL;
   time_t now = time(NULL);
   smartlist_t *chunks = smartlist_new();
   extrainfo_t *ei_tmp = NULL;
+  const int emit_ed_sigs = signing_keypair &&
+    extrainfo->cache_info.signing_key_cert;
+  char *ed_cert_line = NULL;
 
   base16_encode(identity, sizeof(identity),
                 extrainfo->cache_info.identity_digest, DIGEST_LEN);
   format_iso_time(published, extrainfo->cache_info.published_on);
   bandwidth_usage = rep_hist_get_bandwidth_lines();
+  if (emit_ed_sigs) {
+    if (!extrainfo->cache_info.signing_key_cert->signing_key_included ||
+        !ed25519_pubkey_eq(&extrainfo->cache_info.signing_key_cert->signed_key,
+                           &signing_keypair->pubkey)) {
+      log_warn(LD_BUG, "Tried to sign a extrainfo descriptor with a "
+               "mismatched ed25519 key chain %d",
+               extrainfo->cache_info.signing_key_cert->signing_key_included);
+      goto err;
+    }
+    char ed_cert_base64[256];
+    if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
+                 (const char*)extrainfo->cache_info.signing_key_cert->encoded,
+                 extrainfo->cache_info.signing_key_cert->encoded_len,
+                 BASE64_ENCODE_MULTILINE) < 0) {
+      log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
+      goto err;
+    }
+    tor_asprintf(&ed_cert_line, "identity-ed25519\n"
+                 "-----BEGIN ED25519 CERT-----\n"
+                 "%s"
+                 "-----END ED25519 CERT-----\n", ed_cert_base64);
+  } else {
+    ed_cert_line = tor_strdup("");
+  }
 
-  tor_asprintf(&pre, "extra-info %s %s\npublished %s\n%s",
+  tor_asprintf(&pre, "extra-info %s %s\n%spublished %s\n%s",
                extrainfo->nickname, identity,
+               ed_cert_line,
                published, bandwidth_usage);
-  tor_free(bandwidth_usage);
   smartlist_add(chunks, pre);
 
   if (geoip_is_loaded(AF_INET))
@@ -2649,6 +3036,11 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
                         "dirreq-stats-end", now, &contents) > 0) {
       smartlist_add(chunks, contents);
     }
+    if (options->HiddenServiceStatistics &&
+        load_stats_file("stats"PATH_SEPARATOR"hidserv-stats",
+                        "hidserv-stats-end", now, &contents) > 0) {
+      smartlist_add(chunks, contents);
+    }
     if (options->EntryStatistics &&
         load_stats_file("stats"PATH_SEPARATOR"entry-stats",
                         "entry-stats-end", now, &contents) > 0) {
@@ -2685,6 +3077,23 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
     }
   }
 
+  if (emit_ed_sigs) {
+    char digest[DIGEST256_LEN];
+    smartlist_add(chunks, tor_strdup("router-sig-ed25519 "));
+    crypto_digest_smartlist_prefix(digest, DIGEST256_LEN,
+                                   ED_DESC_SIGNATURE_PREFIX,
+                                   chunks, "", DIGEST_SHA256);
+    ed25519_signature_t sig;
+    char buf[ED25519_SIG_BASE64_LEN+1];
+    if (ed25519_sign(&sig, (const uint8_t*)digest, DIGEST256_LEN,
+                     signing_keypair) < 0)
+      goto err;
+    if (ed25519_signature_to_base64(buf, &sig) < 0)
+      goto err;
+
+    smartlist_add_asprintf(chunks, "%s\n", buf);
+  }
+
   smartlist_add(chunks, tor_strdup("router-signature\n"));
   s = smartlist_join_strings(chunks, "", 0, NULL);
 
@@ -2725,7 +3134,7 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
   s = smartlist_join_strings(chunks, "", 0, NULL);
 
   cp = s_dup = tor_strdup(s);
-  ei_tmp = extrainfo_parse_entry_from_string(cp, NULL, 1, NULL);
+  ei_tmp = extrainfo_parse_entry_from_string(cp, NULL, 1, NULL, NULL);
   if (!ei_tmp) {
     if (write_stats_to_extrainfo) {
       log_warn(LD_GENERAL, "We just generated an extra-info descriptor "
@@ -2733,7 +3142,8 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
                            "adding statistics to this or any future "
                            "extra-info descriptors.");
       write_stats_to_extrainfo = 0;
-      result = extrainfo_dump_to_string(s_out, extrainfo, ident_key);
+      result = extrainfo_dump_to_string(s_out, extrainfo, ident_key,
+                                        signing_keypair);
       goto done;
     } else {
       log_warn(LD_BUG, "We just generated an extrainfo descriptor we "
@@ -2755,7 +3165,9 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
   SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
   smartlist_free(chunks);
   tor_free(s_dup);
+  tor_free(ed_cert_line);
   extrainfo_free(ei_tmp);
+  tor_free(bandwidth_usage);
 
   return result;
 }
@@ -3069,10 +3481,8 @@ router_free_all(void)
   crypto_pk_free(legacy_signing_key);
   authority_cert_free(legacy_key_certificate);
 
-#ifdef CURVE25519_ENABLED
   memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
   memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
-#endif
 
   if (warned_nonexistent_family) {
     SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));
@@ -3082,28 +3492,16 @@ router_free_all(void)
 
 /** Return a smartlist of tor_addr_port_t's with all the OR ports of
     <b>ri</b>. Note that freeing of the items in the list as well as
-    the smartlist itself is the callers responsibility.
-
-    XXX duplicating code from node_get_all_orports(). */
+    the smartlist itself is the callers responsibility. */
 smartlist_t *
 router_get_all_orports(const routerinfo_t *ri)
 {
-  smartlist_t *sl = smartlist_new();
   tor_assert(ri);
-
-  if (ri->addr != 0) {
-    tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
-    tor_addr_from_ipv4h(&ap->addr, ri->addr);
-    ap->port = ri->or_port;
-    smartlist_add(sl, ap);
-  }
-  if (!tor_addr_is_null(&ri->ipv6_addr)) {
-    tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t));
-    tor_addr_copy(&ap->addr, &ri->ipv6_addr);
-    ap->port = ri->or_port;
-    smartlist_add(sl, ap);
-  }
-
-  return sl;
+  node_t fake_node;
+  memset(&fake_node, 0, sizeof(fake_node));
+  /* we don't modify ri, fake_node is passed as a const node_t *
+   */
+  fake_node.ri = (routerinfo_t *)ri;
+  return node_get_all_orports(&fake_node);
 }
 
diff --git a/src/or/router.h b/src/or/router.h
index d18ff065ea..73bfea1faa 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -22,26 +22,26 @@ int server_identity_key_is_set(void);
 void set_client_identity_key(crypto_pk_t *k);
 crypto_pk_t *get_tlsclient_identity_key(void);
 int client_identity_key_is_set(void);
-authority_cert_t *get_my_v3_authority_cert(void);
+MOCK_DECL(authority_cert_t *, get_my_v3_authority_cert, (void));
 crypto_pk_t *get_my_v3_authority_signing_key(void);
 authority_cert_t *get_my_v3_legacy_cert(void);
 crypto_pk_t *get_my_v3_legacy_signing_key(void);
 void dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last);
 void rotate_onion_key(void);
 crypto_pk_t *init_key_from_file(const char *fname, int generate,
-                                    int severity);
+                                    int severity, int log_greeting);
 void v3_authority_check_key_expiry(void);
 
-#ifdef CURVE25519_ENABLED
 di_digest256_map_t *construct_ntor_key_map(void);
 void ntor_key_map_free(di_digest256_map_t *map);
-#endif
 
 int router_initialize_tls_context(void);
 int init_keys(void);
+int init_keys_client(void);
 
-int check_whether_orport_reachable(void);
-int check_whether_dirport_reachable(void);
+int check_whether_orport_reachable(const or_options_t *options);
+int check_whether_dirport_reachable(const or_options_t *options);
+int dir_server_mode(const or_options_t *options);
 void consider_testing_reachability(int test_or, int test_dir);
 void router_orport_found_reachable(void);
 void router_dirport_found_reachable(void);
@@ -68,7 +68,7 @@ uint16_t router_get_advertised_dir_port(const or_options_t *options,
 
 MOCK_DECL(int, server_mode, (const or_options_t *options));
 MOCK_DECL(int, public_server_mode, (const or_options_t *options));
-int advertised_server_mode(void);
+MOCK_DECL(int, advertised_server_mode, (void));
 int proxy_mode(const or_options_t *options);
 void consider_publishable_server(int force);
 int should_refuse_unknown_exits(const or_options_t *options);
@@ -81,7 +81,7 @@ void check_descriptor_ipaddress_changed(time_t now);
 void router_new_address_suggestion(const char *suggestion,
                                    const dir_connection_t *d_conn);
 int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port);
-int router_my_exit_policy_is_reject_star(void);
+MOCK_DECL(int, router_my_exit_policy_is_reject_star,(void));
 MOCK_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
 extrainfo_t *router_get_my_extrainfo(void);
 const char *router_get_my_descriptor(void);
@@ -90,10 +90,15 @@ int router_digest_is_me(const char *digest);
 const uint8_t *router_get_my_id_digest(void);
 int router_extrainfo_digest_is_me(const char *digest);
 int router_is_me(const routerinfo_t *router);
-int router_pick_published_address(const or_options_t *options, uint32_t *addr);
+MOCK_DECL(int,router_pick_published_address,(const or_options_t *options,
+                                             uint32_t *addr));
+int router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e);
 int router_rebuild_descriptor(int force);
 char *router_dump_router_to_string(routerinfo_t *router,
-                                   crypto_pk_t *ident_key);
+                                   const crypto_pk_t *ident_key,
+                                   const crypto_pk_t *tap_key,
+                                   const curve25519_keypair_t *ntor_keypair,
+                                   const ed25519_keypair_t *signing_keypair);
 char *router_dump_exit_policy_to_string(const routerinfo_t *router,
                                          int include_ipv4,
                                          int include_ipv6);
@@ -108,7 +113,8 @@ int router_has_addr(const routerinfo_t *router, const tor_addr_t *addr);
 int router_has_orport(const routerinfo_t *router,
                       const tor_addr_port_t *orport);
 int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo,
-                             crypto_pk_t *ident_key);
+                             crypto_pk_t *ident_key,
+                             const ed25519_keypair_t *signing_keypair);
 int is_legal_nickname(const char *s);
 int is_legal_nickname_or_hexdigest(const char *s);
 int is_legal_hexdigest(const char *s);
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
new file mode 100644
index 0000000000..fba3491f2b
--- /dev/null
+++ b/src/or/routerkeys.c
@@ -0,0 +1,1147 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file routerkeys.c
+ *
+ * \brief Functions and structures to handle generating and maintaining the
+ *  set of keypairs necessary to be an OR. (Some of the code in router.c
+ *  belongs here.)
+ */
+
+#include "or.h"
+#include "config.h"
+#include "router.h"
+#include "crypto_pwbox.h"
+#include "routerkeys.h"
+#include "torcert.h"
+
+#define ENC_KEY_HEADER "Boxed Ed25519 key"
+#define ENC_KEY_TAG "master"
+
+static ssize_t
+do_getpass(const char *prompt, char *buf, size_t buflen,
+           int twice, const or_options_t *options)
+{
+  if (options->keygen_force_passphrase == FORCE_PASSPHRASE_OFF) {
+    tor_assert(buflen);
+    buf[0] = 0;
+    return 0;
+  }
+
+  char *prompt2 = NULL;
+  char *buf2 = NULL;
+  int fd = -1;
+  ssize_t length = -1;
+
+  if (options->use_keygen_passphrase_fd) {
+    twice = 0;
+    fd = options->keygen_passphrase_fd;
+    length = read_all(fd, buf, buflen-1, 0);
+    if (length >= 0)
+      buf[length] = 0;
+    goto done_reading;
+  }
+
+  if (twice) {
+    const char msg[] = "One more time:";
+    size_t p2len = strlen(prompt) + 1;
+    if (p2len < sizeof(msg))
+      p2len = sizeof(msg);
+    prompt2 = tor_malloc(strlen(prompt)+1);
+    memset(prompt2, ' ', p2len);
+    memcpy(prompt2 + p2len - sizeof(msg), msg, sizeof(msg));
+
+    buf2 = tor_malloc_zero(buflen);
+  }
+
+  while (1) {
+    length = tor_getpass(prompt, buf, buflen);
+    if (length < 0)
+      goto done_reading;
+
+    if (! twice)
+      break;
+
+    ssize_t length2 = tor_getpass(prompt2, buf2, buflen);
+
+    if (length != length2 || tor_memneq(buf, buf2, length)) {
+      fprintf(stderr, "That didn't match.\n");
+    } else {
+      break;
+    }
+  }
+
+ done_reading:
+  if (twice) {
+    tor_free(prompt2);
+    memwipe(buf2, 0, buflen);
+    tor_free(buf2);
+  }
+
+  if (options->keygen_force_passphrase == FORCE_PASSPHRASE_ON && length == 0)
+    return -1;
+
+  return length;
+}
+
+int
+read_encrypted_secret_key(ed25519_secret_key_t *out,
+                          const char *fname)
+{
+  int r = -1;
+  uint8_t *secret = NULL;
+  size_t secret_len = 0;
+  char pwbuf[256];
+  uint8_t encrypted_key[256];
+  char *tag = NULL;
+  int saved_errno = 0;
+
+  ssize_t encrypted_len = crypto_read_tagged_contents_from_file(fname,
+                                          ENC_KEY_HEADER,
+                                          &tag,
+                                          encrypted_key,
+                                          sizeof(encrypted_key));
+  if (encrypted_len < 0) {
+    saved_errno = errno;
+    log_info(LD_OR, "%s is missing", fname);
+    r = 0;
+    goto done;
+  }
+  if (strcmp(tag, ENC_KEY_TAG)) {
+    saved_errno = EINVAL;
+    goto done;
+  }
+
+  while (1) {
+    ssize_t pwlen =
+      do_getpass("Enter pasphrase for master key:", pwbuf, sizeof(pwbuf), 0,
+                 get_options());
+    if (pwlen < 0) {
+      saved_errno = EINVAL;
+      goto done;
+    }
+    const int r = crypto_unpwbox(&secret, &secret_len,
+                                 encrypted_key, encrypted_len,
+                                 pwbuf, pwlen);
+    if (r == UNPWBOX_CORRUPTED) {
+      log_err(LD_OR, "%s is corrupted.", fname);
+      saved_errno = EINVAL;
+      goto done;
+    } else if (r == UNPWBOX_OKAY) {
+      break;
+    }
+
+    /* Otherwise, passphrase is bad, so try again till user does ctrl-c or gets
+     * it right. */
+  }
+
+  if (secret_len != ED25519_SECKEY_LEN) {
+    log_err(LD_OR, "%s is corrupted.", fname);
+    saved_errno = EINVAL;
+    goto done;
+  }
+  memcpy(out->seckey, secret, ED25519_SECKEY_LEN);
+  r = 1;
+
+ done:
+  memwipe(encrypted_key, 0, sizeof(encrypted_key));
+  memwipe(pwbuf, 0, sizeof(pwbuf));
+  tor_free(tag);
+  if (secret) {
+    memwipe(secret, 0, secret_len);
+    tor_free(secret);
+  }
+  if (saved_errno)
+    errno = saved_errno;
+  return r;
+}
+
+int
+write_encrypted_secret_key(const ed25519_secret_key_t *key,
+                           const char *fname)
+{
+  int r = -1;
+  char pwbuf0[256];
+  uint8_t *encrypted_key = NULL;
+  size_t encrypted_len = 0;
+
+  if (do_getpass("Enter new passphrase:", pwbuf0, sizeof(pwbuf0), 1,
+                 get_options()) < 0) {
+    log_warn(LD_OR, "NO/failed passphrase");
+    return -1;
+  }
+
+  if (strlen(pwbuf0) == 0) {
+    if (get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_ON)
+      return -1;
+    else
+      return 0;
+  }
+
+  if (crypto_pwbox(&encrypted_key, &encrypted_len,
+                   key->seckey, sizeof(key->seckey),
+                   pwbuf0, strlen(pwbuf0),  0) < 0) {
+    log_warn(LD_OR, "crypto_pwbox failed!?");
+    goto done;
+  }
+  if (crypto_write_tagged_contents_to_file(fname,
+                                           ENC_KEY_HEADER,
+                                           ENC_KEY_TAG,
+                                           encrypted_key, encrypted_len) < 0)
+    goto done;
+  r = 1;
+ done:
+  if (encrypted_key) {
+    memwipe(encrypted_key, 0, encrypted_len);
+    tor_free(encrypted_key);
+  }
+  memwipe(pwbuf0, 0, sizeof(pwbuf0));
+  return r;
+}
+
+static int
+write_secret_key(const ed25519_secret_key_t *key, int encrypted,
+                 const char *fname,
+                 const char *fname_tag,
+                 const char *encrypted_fname)
+{
+  if (encrypted) {
+    int r = write_encrypted_secret_key(key, encrypted_fname);
+    if (r == 1) {
+      /* Success! */
+
+      /* Try to unlink the unencrypted key, if any existed before */
+      if (strcmp(fname, encrypted_fname))
+        unlink(fname);
+      return r;
+    } else if (r != 0) {
+      /* Unrecoverable failure! */
+      return r;
+    }
+
+    fprintf(stderr, "Not encrypting the secret key.\n");
+  }
+  return ed25519_seckey_write_to_file(key, fname, fname_tag);
+}
+
+/**
+ * Read an ed25519 key and associated certificates from files beginning with
+ * <b>fname</b>, with certificate type <b>cert_type</b>.  On failure, return
+ * NULL; on success return the keypair.
+ *
+ * If INIT_ED_KEY_CREATE is set in <b>flags</b>, then create the key (and
+ * certificate if requested) if it doesn't exist, and save it to disk.
+ *
+ * If INIT_ED_KEY_NEEDCERT is set in <b>flags</b>, load/create a certificate
+ * too and store it in *<b>cert_out</b>.  Fail if the cert can't be
+ * found/created.  To create a certificate, <b>signing_key</b> must be set to
+ * the key that should sign it; <b>now</b> to the current time, and
+ * <b>lifetime</b> to the lifetime of the key.
+ *
+ * If INIT_ED_KEY_REPLACE is set in <b>flags</b>, then create and save new key
+ * whether we can read the old one or not.
+ *
+ * If INIT_ED_KEY_EXTRA_STRONG is set in <b>flags</b>, set the extra_strong
+ * flag when creating the secret key.
+ *
+ * If INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT is set in <b>flags</b>, and
+ * we create a new certificate, create it with the signing key embedded.
+ *
+ * If INIT_ED_KEY_SPLIT is set in <b>flags</b>, and we create a new key,
+ * store the public key in a separate file from the secret key.
+ *
+ * If INIT_ED_KEY_MISSING_SECRET_OK is set in <b>flags</b>, and we find a
+ * public key file but no secret key file, return successfully anyway.
+ *
+ * If INIT_ED_KEY_OMIT_SECRET is set in <b>flags</b>, do not try to load a
+ * secret key unless no public key is found.  Do not return a secret key. (but
+ * create and save one if needed).
+ *
+ * If INIT_ED_KEY_NO_LOAD_SECRET is set in <b>flags</b>, don't try to load
+ * a secret key, no matter what.
+ *
+ * If INIT_ED_KEY_TRY_ENCRYPTED is set, we look for an encrypted secret key
+ * and consider encrypting any new secret key.
+ *
+ * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys
+ * from disk _other than their absence_ (full or partial), we do not try to
+ * replace them.
+ *
+ * If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures
+ * refer to the --keygen option.
+ *
+ * If INIT_ED_KEY_EXPLICIT_FNAME is set, use the provided file name for the
+ * secret key file, encrypted or not.
+ */
+ed25519_keypair_t *
+ed_key_init_from_file(const char *fname, uint32_t flags,
+                      int severity,
+                      const ed25519_keypair_t *signing_key,
+                      time_t now,
+                      time_t lifetime,
+                      uint8_t cert_type,
+                      struct tor_cert_st **cert_out)
+{
+  char *secret_fname = NULL;
+  char *encrypted_secret_fname = NULL;
+  char *public_fname = NULL;
+  char *cert_fname = NULL;
+  const char *loaded_secret_fname = NULL;
+  int created_pk = 0, created_sk = 0, created_cert = 0;
+  const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE);
+  const int encrypt_key = !! (flags & INIT_ED_KEY_TRY_ENCRYPTED);
+  const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR);
+  const int split = !! (flags & INIT_ED_KEY_SPLIT);
+  const int omit_secret = !! (flags & INIT_ED_KEY_OMIT_SECRET);
+  const int offline_secret = !! (flags & INIT_ED_KEY_OFFLINE_SECRET);
+  const int explicit_fname = !! (flags & INIT_ED_KEY_EXPLICIT_FNAME);
+
+  /* we don't support setting both of these flags at once. */
+  tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) !=
+                      (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT));
+
+  char tag[8];
+  tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);
+
+  tor_cert_t *cert = NULL;
+  char *got_tag = NULL;
+  ed25519_keypair_t *keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
+
+  if (explicit_fname) {
+    secret_fname = tor_strdup(fname);
+    encrypted_secret_fname = tor_strdup(fname);
+  } else {
+    tor_asprintf(&secret_fname, "%s_secret_key", fname);
+    tor_asprintf(&encrypted_secret_fname, "%s_secret_key_encrypted", fname);
+  }
+  tor_asprintf(&public_fname, "%s_public_key", fname);
+  tor_asprintf(&cert_fname, "%s_cert", fname);
+
+  /* Try to read the secret key. */
+  int have_secret = 0;
+  int load_secret = try_to_load &&
+    !offline_secret &&
+    (!omit_secret || file_status(public_fname)==FN_NOENT);
+  if (load_secret) {
+    int rv = ed25519_seckey_read_from_file(&keypair->seckey,
+                                           &got_tag, secret_fname);
+    if (rv == 0) {
+      have_secret = 1;
+      loaded_secret_fname = secret_fname;
+      tor_assert(got_tag);
+    } else {
+      if (errno != ENOENT && norepair) {
+        tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname,
+                strerror(errno));
+        goto err;
+      }
+    }
+  }
+
+  /* Should we try for an encrypted key? */
+  int have_encrypted_secret_file = 0;
+  if (!have_secret && try_to_load && encrypt_key) {
+    int r = read_encrypted_secret_key(&keypair->seckey,
+                                      encrypted_secret_fname);
+    if (r > 0) {
+      have_secret = 1;
+      have_encrypted_secret_file = 1;
+      tor_free(got_tag); /* convince coverity we aren't leaking */
+      got_tag = tor_strdup(tag);
+      loaded_secret_fname = encrypted_secret_fname;
+    } else if (errno != ENOENT && norepair) {
+      tor_log(severity, LD_OR, "Unable to read %s: %s",
+              encrypted_secret_fname, strerror(errno));
+      goto err;
+    }
+  } else {
+    if (try_to_load) {
+      /* Check if it's there anyway, so we don't replace it. */
+      if (file_status(encrypted_secret_fname) != FN_NOENT)
+        have_encrypted_secret_file = 1;
+    }
+  }
+
+  if (have_secret) {
+    if (strcmp(got_tag, tag)) {
+      tor_log(severity, LD_OR, "%s has wrong tag", loaded_secret_fname);
+      goto err;
+    }
+    /* Derive the public key */
+    if (ed25519_public_key_generate(&keypair->pubkey, &keypair->seckey)<0) {
+      tor_log(severity, LD_OR, "%s can't produce a public key",
+              loaded_secret_fname);
+      goto err;
+    }
+  }
+
+  /* If we do split keys here, try to read the pubkey. */
+  int found_public = 0;
+  if (try_to_load && (!have_secret || split)) {
+    ed25519_public_key_t pubkey_tmp;
+    tor_free(got_tag);
+    found_public = ed25519_pubkey_read_from_file(&pubkey_tmp,
+                                                 &got_tag, public_fname) == 0;
+    if (!found_public && errno != ENOENT && norepair) {
+      tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname,
+              strerror(errno));
+      goto err;
+    }
+    if (found_public && strcmp(got_tag, tag)) {
+      tor_log(severity, LD_OR, "%s has wrong tag", public_fname);
+      goto err;
+    }
+    if (found_public) {
+      if (have_secret) {
+        /* If we have a secret key and we're reloading the public key,
+         * the key must match! */
+        if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) {
+          tor_log(severity, LD_OR, "%s does not match %s!  If you are trying "
+                  "to restore from backup, make sure you didn't mix up the "
+                  "key files. If you are absolutely sure that %s is the right "
+                  "key for this relay, delete %s or move it out of the way.",
+                  public_fname, loaded_secret_fname,
+                  loaded_secret_fname, public_fname);
+          goto err;
+        }
+      } else {
+        /* We only have the public key; better use that. */
+        tor_assert(split);
+        memcpy(&keypair->pubkey, &pubkey_tmp, sizeof(pubkey_tmp));
+      }
+    } else {
+      /* We have no public key file, but we do have a secret key, make the
+       * public key file! */
+      if (have_secret) {
+        if (ed25519_pubkey_write_to_file(&keypair->pubkey, public_fname, tag)
+            < 0) {
+          tor_log(severity, LD_OR, "Couldn't repair %s", public_fname);
+          goto err;
+        } else {
+          tor_log(LOG_NOTICE, LD_OR,
+                  "Found secret key but not %s. Regenerating.",
+                  public_fname);
+        }
+      }
+    }
+  }
+
+  /* If the secret key is absent and it's not allowed to be, fail. */
+  if (!have_secret && found_public &&
+      !(flags & INIT_ED_KEY_MISSING_SECRET_OK)) {
+    if (have_encrypted_secret_file) {
+      tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
+              "but it was encrypted. Try 'tor --keygen' instead, so you "
+              "can enter the passphrase.",
+              secret_fname);
+    } else if (offline_secret) {
+      tor_log(severity, LD_OR, "We wanted to load a secret key from %s, "
+              "but you're keeping it offline. (OfflineMasterKey is set.)",
+              secret_fname);
+    } else {
+      tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
+              "but couldn't find it. %s", secret_fname,
+              (flags & INIT_ED_KEY_SUGGEST_KEYGEN) ?
+              "If you're keeping your master secret key offline, you will "
+              "need to run 'tor --keygen' to generate new signing keys." :
+              "Did you forget to copy it over when you copied the rest of the "
+              "signing key material?");
+    }
+    goto err;
+  }
+
+  /* If it's absent, and we're not supposed to make a new keypair, fail. */
+  if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE)) {
+    if (split) {
+      tor_log(severity, LD_OR, "No key found in %s or %s.",
+              secret_fname, public_fname);
+    } else {
+      tor_log(severity, LD_OR, "No key found in %s.", secret_fname);
+    }
+    goto err;
+  }
+
+  /* If the secret key is absent, but the encrypted key would be present,
+   * that's an error */
+  if (!have_secret && !found_public && have_encrypted_secret_file) {
+    tor_assert(!encrypt_key);
+    tor_log(severity, LD_OR, "Found an encrypted secret key, "
+            "but not public key file %s!", public_fname);
+    goto err;
+  }
+
+  /* if it's absent, make a new keypair... */
+  if (!have_secret && !found_public) {
+    tor_free(keypair);
+    keypair = ed_key_new(signing_key, flags, now, lifetime,
+                         cert_type, &cert);
+    if (!keypair) {
+      tor_log(severity, LD_OR, "Couldn't create keypair");
+      goto err;
+    }
+    created_pk = created_sk = created_cert = 1;
+  }
+
+  /* Write it to disk if we're supposed to do with a new passphrase, or if
+   * we just created it. */
+  if (created_sk || (have_secret && get_options()->change_key_passphrase)) {
+    if (write_secret_key(&keypair->seckey,
+                         encrypt_key,
+                         secret_fname, tag, encrypted_secret_fname) < 0
+        ||
+        (split &&
+         ed25519_pubkey_write_to_file(&keypair->pubkey, public_fname, tag) < 0)
+        ||
+        (cert &&
+         crypto_write_tagged_contents_to_file(cert_fname, "ed25519v1-cert",
+                                 tag, cert->encoded, cert->encoded_len) < 0)) {
+      tor_log(severity, LD_OR, "Couldn't write keys or cert to file.");
+      goto err;
+    }
+    goto done;
+  }
+
+  /* If we're not supposed to get a cert, we're done. */
+  if (! (flags & INIT_ED_KEY_NEEDCERT))
+    goto done;
+
+  /* Read a cert. */
+  tor_free(got_tag);
+  uint8_t certbuf[256];
+  ssize_t cert_body_len = crypto_read_tagged_contents_from_file(
+                 cert_fname, "ed25519v1-cert",
+                 &got_tag, certbuf, sizeof(certbuf));
+  if (cert_body_len >= 0 && !strcmp(got_tag, tag))
+    cert = tor_cert_parse(certbuf, cert_body_len);
+
+  /* If we got it, check it to the extent we can. */
+  int bad_cert = 0;
+
+  if (! cert) {
+    tor_log(severity, LD_OR, "Cert was unparseable");
+    bad_cert = 1;
+  } else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey,
+                        ED25519_PUBKEY_LEN)) {
+    tor_log(severity, LD_OR, "Cert was for wrong key");
+    bad_cert = 1;
+  } else if (signing_key &&
+             tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
+    tor_log(severity, LD_OR, "Can't check certificate");
+    bad_cert = 1;
+  } else if (cert->cert_expired) {
+    tor_log(severity, LD_OR, "Certificate is expired");
+    bad_cert = 1;
+  } else if (signing_key && cert->signing_key_included &&
+             ! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
+    tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");
+    bad_cert = 1;
+  }
+
+  if (bad_cert) {
+    tor_cert_free(cert);
+    cert = NULL;
+  }
+
+  /* If we got a cert, we're done. */
+  if (cert)
+    goto done;
+
+  /* If we didn't get a cert, and we're not supposed to make one, fail. */
+  if (!signing_key || !(flags & INIT_ED_KEY_CREATE)) {
+    tor_log(severity, LD_OR, "Without signing key, can't create certificate");
+    goto err;
+  }
+
+  /* We have keys but not a certificate, so make one. */
+  uint32_t cert_flags = 0;
+  if (flags & INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT)
+    cert_flags |= CERT_FLAG_INCLUDE_SIGNING_KEY;
+  cert = tor_cert_create(signing_key, cert_type,
+                         &keypair->pubkey,
+                         now, lifetime,
+                         cert_flags);
+
+  if (! cert) {
+    tor_log(severity, LD_OR, "Couldn't create certificate");
+    goto err;
+  }
+
+  /* Write it to disk. */
+  created_cert = 1;
+  if (crypto_write_tagged_contents_to_file(cert_fname, "ed25519v1-cert",
+                             tag, cert->encoded, cert->encoded_len) < 0) {
+    tor_log(severity, LD_OR, "Couldn't write cert to disk.");
+    goto err;
+  }
+
+ done:
+  if (cert_out)
+    *cert_out = cert;
+  else
+    tor_cert_free(cert);
+
+  goto cleanup;
+
+ err:
+  if (keypair)
+    memwipe(keypair, 0, sizeof(*keypair));
+  tor_free(keypair);
+  tor_cert_free(cert);
+  if (cert_out)
+    *cert_out = NULL;
+  if (created_sk)
+    unlink(secret_fname);
+  if (created_pk)
+    unlink(public_fname);
+  if (created_cert)
+    unlink(cert_fname);
+
+ cleanup:
+  tor_free(encrypted_secret_fname);
+  tor_free(secret_fname);
+  tor_free(public_fname);
+  tor_free(cert_fname);
+  tor_free(got_tag);
+
+  return keypair;
+}
+
+/**
+ * Create a new signing key and (optionally) certficiate; do not read or write
+ * from disk.  See ed_key_init_from_file() for more information.
+ */
+ed25519_keypair_t *
+ed_key_new(const ed25519_keypair_t *signing_key,
+           uint32_t flags,
+           time_t now,
+           time_t lifetime,
+           uint8_t cert_type,
+           struct tor_cert_st **cert_out)
+{
+  if (cert_out)
+    *cert_out = NULL;
+
+  const int extra_strong = !! (flags & INIT_ED_KEY_EXTRA_STRONG);
+  ed25519_keypair_t *keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
+  if (ed25519_keypair_generate(keypair, extra_strong) < 0)
+    goto err;
+
+  if (! (flags & INIT_ED_KEY_NEEDCERT))
+    return keypair;
+
+  tor_assert(signing_key);
+  tor_assert(cert_out);
+  uint32_t cert_flags = 0;
+  if (flags & INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT)
+    cert_flags |= CERT_FLAG_INCLUDE_SIGNING_KEY;
+  tor_cert_t *cert = tor_cert_create(signing_key, cert_type,
+                                     &keypair->pubkey,
+                                     now, lifetime,
+                                     cert_flags);
+  if (! cert)
+    goto err;
+
+  *cert_out = cert;
+  return keypair;
+
+ err:
+  tor_free(keypair);
+  return NULL;
+}
+
+static ed25519_keypair_t *master_identity_key = NULL;
+static ed25519_keypair_t *master_signing_key = NULL;
+static ed25519_keypair_t *current_auth_key = NULL;
+static tor_cert_t *signing_key_cert = NULL;
+static tor_cert_t *link_cert_cert = NULL;
+static tor_cert_t *auth_key_cert = NULL;
+
+static uint8_t *rsa_ed_crosscert = NULL;
+static size_t rsa_ed_crosscert_len = 0;
+
+/**
+ * Running as a server: load, reload, or refresh our ed25519 keys and
+ * certificates, creating and saving new ones as needed.
+ */
+int
+load_ed_keys(const or_options_t *options, time_t now)
+{
+  ed25519_keypair_t *id = NULL;
+  ed25519_keypair_t *sign = NULL;
+  ed25519_keypair_t *auth = NULL;
+  const ed25519_keypair_t *sign_signing_key_with_id = NULL;
+  const ed25519_keypair_t *use_signing = NULL;
+  const tor_cert_t *check_signing_cert = NULL;
+  tor_cert_t *sign_cert = NULL;
+  tor_cert_t *auth_cert = NULL;
+
+#define FAIL(msg) do {                          \
+    log_warn(LD_OR, (msg));                     \
+    goto err;                                   \
+  } while (0)
+#define SET_KEY(key, newval) do {               \
+    if ((key) != (newval))                      \
+      ed25519_keypair_free(key);                \
+    key = (newval);                             \
+  } while (0)
+#define SET_CERT(cert, newval) do {             \
+    if ((cert) != (newval))                     \
+      tor_cert_free(cert);                      \
+    cert = (newval);                            \
+  } while (0)
+#define EXPIRES_SOON(cert, interval)            \
+  (!(cert) || (cert)->valid_until < now + (interval))
+
+  /* XXXX support encrypted identity keys fully */
+
+  /* First try to get the signing key to see how it is. */
+  {
+    char *fname =
+      options_get_datadir_fname2(options, "keys", "ed25519_signing");
+    sign = ed_key_init_from_file(
+               fname,
+               INIT_ED_KEY_NEEDCERT|
+               INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT,
+               LOG_INFO,
+               NULL, 0, 0, CERT_TYPE_ID_SIGNING, &sign_cert);
+    tor_free(fname);
+    check_signing_cert = sign_cert;
+    use_signing = sign;
+  }
+
+  if (!use_signing && master_signing_key) {
+    check_signing_cert = signing_key_cert;
+    use_signing = master_signing_key;
+  }
+
+  const int offline_master =
+    options->OfflineMasterKey && options->command != CMD_KEYGEN;
+  const int need_new_signing_key =
+    NULL == use_signing ||
+    EXPIRES_SOON(check_signing_cert, 0) ||
+    (options->command == CMD_KEYGEN && ! options->change_key_passphrase);
+  const int want_new_signing_key =
+    need_new_signing_key ||
+    EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop);
+
+  /* We can only create a master key if we haven't been told that the
+   * master key will always be offline.  Also, if we have a signing key,
+   * then we shouldn't make a new master ID key. */
+  const int can_make_master_id_key = !offline_master &&
+    NULL == use_signing;
+
+  if (need_new_signing_key) {
+    log_notice(LD_OR, "It looks like I need to generate and sign a new "
+               "medium-term signing key, because %s. To do that, I need to "
+               "load%s the permanent master identity key.",
+            (NULL == use_signing) ? "I don't have one" :
+            EXPIRES_SOON(check_signing_cert, 0) ? "the one I have is expired" :
+               "you asked me to make one with --keygen",
+            can_make_master_id_key ? " (or create)" : "");
+  } else if (want_new_signing_key && !offline_master) {
+    log_notice(LD_OR, "It looks like I should try to generate and sign a "
+               "new medium-term signing key, because the one I have is "
+               "going to expire soon. To do that, I'm going to have to try to "
+               "load the permanent master identity key.");
+  } else if (want_new_signing_key) {
+    log_notice(LD_OR, "It looks like I should try to generate and sign a "
+               "new medium-term signing key, because the one I have is "
+               "going to expire soon. But OfflineMasterKey is set, so I "
+               "won't try to load a permanent master identity key is set. "
+               "You will need to use 'tor --keygen' make a new signing key "
+               "and certificate.");
+  }
+
+  {
+    uint32_t flags =
+      (INIT_ED_KEY_SPLIT|
+       INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR);
+    if (can_make_master_id_key)
+      flags |= INIT_ED_KEY_CREATE;
+    if (! need_new_signing_key)
+      flags |= INIT_ED_KEY_MISSING_SECRET_OK;
+    if (! want_new_signing_key || offline_master)
+      flags |= INIT_ED_KEY_OMIT_SECRET;
+    if (offline_master)
+      flags |= INIT_ED_KEY_OFFLINE_SECRET;
+    if (options->command == CMD_KEYGEN)
+      flags |= INIT_ED_KEY_TRY_ENCRYPTED;
+
+    /* Check the key directory */
+    if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
+      log_err(LD_OR, "Can't create/check datadirectory %s",
+              options->DataDirectory);
+      goto err;
+    }
+    char *fname = get_datadir_fname("keys");
+    if (check_private_dir(fname, CPD_CREATE, options->User) < 0) {
+      log_err(LD_OR, "Problem creating/checking key directory %s", fname);
+      tor_free(fname);
+      goto err;
+    }
+    tor_free(fname);
+    if (options->master_key_fname) {
+      fname = tor_strdup(options->master_key_fname);
+      flags |= INIT_ED_KEY_EXPLICIT_FNAME;
+    } else {
+      fname = options_get_datadir_fname2(options, "keys", "ed25519_master_id");
+    }
+    id = ed_key_init_from_file(
+             fname,
+             flags,
+             LOG_WARN, NULL, 0, 0, 0, NULL);
+    tor_free(fname);
+    if (!id) {
+      if (need_new_signing_key) {
+        if (offline_master)
+          FAIL("Can't load master identity key; OfflineMasterKey is set.");
+        else
+          FAIL("Missing identity key");
+      } else {
+        log_warn(LD_OR, "Master public key was absent; inferring from "
+                 "public key in signing certificate and saving to disk.");
+        tor_assert(check_signing_cert);
+        id = tor_malloc_zero(sizeof(*id));
+        memcpy(&id->pubkey, &check_signing_cert->signing_key,
+               sizeof(ed25519_public_key_t));
+        fname = options_get_datadir_fname2(options, "keys",
+                                           "ed25519_master_id_public_key");
+        if (ed25519_pubkey_write_to_file(&id->pubkey, fname, "type0") < 0) {
+          log_warn(LD_OR, "Error while attempting to write master public key "
+                   "to disk");
+          tor_free(fname);
+          goto err;
+        }
+        tor_free(fname);
+      }
+    }
+    if (tor_mem_is_zero((char*)id->seckey.seckey, sizeof(id->seckey)))
+      sign_signing_key_with_id = NULL;
+    else
+      sign_signing_key_with_id = id;
+  }
+
+  if (master_identity_key &&
+      !ed25519_pubkey_eq(&id->pubkey, &master_identity_key->pubkey)) {
+    FAIL("Identity key on disk does not match key we loaded earlier!");
+  }
+
+  if (need_new_signing_key && NULL == sign_signing_key_with_id)
+    FAIL("Can't load master key make a new signing key.");
+
+  if (sign_cert) {
+    if (! sign_cert->signing_key_included)
+      FAIL("Loaded a signing cert with no key included!");
+    if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey))
+      FAIL("The signing cert we have was not signed with the master key "
+           "we loaded!");
+    if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0)
+      FAIL("The signing cert we loaded was not signed correctly!");
+  }
+
+  if (want_new_signing_key && sign_signing_key_with_id) {
+    uint32_t flags = (INIT_ED_KEY_CREATE|
+                      INIT_ED_KEY_REPLACE|
+                      INIT_ED_KEY_EXTRA_STRONG|
+                      INIT_ED_KEY_NEEDCERT|
+                      INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT);
+    char *fname =
+      options_get_datadir_fname2(options, "keys", "ed25519_signing");
+    ed25519_keypair_free(sign);
+    tor_cert_free(sign_cert);
+    sign = ed_key_init_from_file(fname,
+                                 flags, LOG_WARN,
+                                 sign_signing_key_with_id, now,
+                                 options->SigningKeyLifetime,
+                                 CERT_TYPE_ID_SIGNING, &sign_cert);
+    tor_free(fname);
+    if (!sign)
+      FAIL("Missing signing key");
+    use_signing = sign;
+
+    tor_assert(sign_cert->signing_key_included);
+    tor_assert(ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey));
+    tor_assert(ed25519_pubkey_eq(&sign_cert->signed_key, &sign->pubkey));
+  } else if (want_new_signing_key) {
+    static ratelim_t missing_master = RATELIM_INIT(3600);
+    log_fn_ratelim(&missing_master, LOG_WARN, LD_OR,
+                   "Signing key will expire soon, but I can't load the "
+                   "master key to sign a new one!");
+  }
+
+  tor_assert(use_signing);
+
+  /* At this point we no longer need our secret identity key.  So wipe
+   * it, if we loaded it in the first place. */
+  memwipe(id->seckey.seckey, 0, sizeof(id->seckey));
+
+  if (options->command == CMD_KEYGEN)
+    goto end;
+
+  if (!rsa_ed_crosscert && server_mode(options)) {
+    uint8_t *crosscert;
+    ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey,
+                                                   get_server_identity_key(),
+                                                   now+10*365*86400,/*XXXX*/
+                                                   &crosscert);
+    rsa_ed_crosscert_len = crosscert_len;
+    rsa_ed_crosscert = crosscert;
+  }
+
+  if (!current_auth_key ||
+      EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)) {
+    auth = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
+                      now,
+                      options->TestingAuthKeyLifetime,
+                      CERT_TYPE_SIGNING_AUTH, &auth_cert);
+
+    if (!auth)
+      FAIL("Can't create auth key");
+  }
+
+  /* We've generated or loaded everything.  Put them in memory. */
+
+ end:
+  if (! master_identity_key) {
+    SET_KEY(master_identity_key, id);
+  } else {
+    tor_free(id);
+  }
+  if (sign) {
+    SET_KEY(master_signing_key, sign);
+    SET_CERT(signing_key_cert, sign_cert);
+  }
+  if (auth) {
+    SET_KEY(current_auth_key, auth);
+    SET_CERT(auth_key_cert, auth_cert);
+  }
+
+  return 0;
+ err:
+  ed25519_keypair_free(id);
+  ed25519_keypair_free(sign);
+  ed25519_keypair_free(auth);
+  tor_cert_free(sign_cert);
+  tor_cert_free(auth_cert);
+  return -1;
+}
+
+/* DOCDOC */
+int
+generate_ed_link_cert(const or_options_t *options, time_t now)
+{
+  const tor_x509_cert_t *link = NULL, *id = NULL;
+  tor_cert_t *link_cert = NULL;
+
+  if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL) {
+    log_warn(LD_OR, "Can't get my x509 link cert.");
+    return -1;
+  }
+
+  const common_digests_t *digests = tor_x509_cert_get_cert_digests(link);
+
+  if (link_cert_cert &&
+      ! EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop) &&
+      fast_memeq(digests->d[DIGEST_SHA256], link_cert_cert->signed_key.pubkey,
+                 DIGEST256_LEN)) {
+    return 0;
+  }
+
+  ed25519_public_key_t dummy_key;
+  memcpy(dummy_key.pubkey, digests->d[DIGEST_SHA256], DIGEST256_LEN);
+
+  link_cert = tor_cert_create(get_master_signing_keypair(),
+                              CERT_TYPE_SIGNING_LINK,
+                              &dummy_key,
+                              now,
+                              options->TestingLinkCertLifetime, 0);
+
+  if (link_cert) {
+    SET_CERT(link_cert_cert, link_cert);
+  }
+  return 0;
+}
+
+#undef FAIL
+#undef SET_KEY
+#undef SET_CERT
+
+int
+should_make_new_ed_keys(const or_options_t *options, const time_t now)
+{
+  if (!master_identity_key ||
+      !master_signing_key ||
+      !current_auth_key ||
+      !link_cert_cert ||
+      EXPIRES_SOON(signing_key_cert, options->TestingSigningKeySlop) ||
+      EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop) ||
+      EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop))
+    return 1;
+
+  const tor_x509_cert_t *link = NULL, *id = NULL;
+
+  if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL)
+    return 1;
+
+  const common_digests_t *digests = tor_x509_cert_get_cert_digests(link);
+
+  if (!fast_memeq(digests->d[DIGEST_SHA256],
+                  link_cert_cert->signed_key.pubkey,
+                  DIGEST256_LEN)) {
+    return 1;
+  }
+
+  return 0;
+}
+
+#undef EXPIRES_SOON
+
+const ed25519_public_key_t *
+get_master_identity_key(void)
+{
+  if (!master_identity_key)
+    return NULL;
+  return &master_identity_key->pubkey;
+}
+
+const ed25519_keypair_t *
+get_master_signing_keypair(void)
+{
+  return master_signing_key;
+}
+
+const struct tor_cert_st *
+get_master_signing_key_cert(void)
+{
+  return signing_key_cert;
+}
+
+const ed25519_keypair_t *
+get_current_auth_keypair(void)
+{
+  return current_auth_key;
+}
+
+const tor_cert_t *
+get_current_link_cert_cert(void)
+{
+  return link_cert_cert;
+}
+
+const tor_cert_t *
+get_current_auth_key_cert(void)
+{
+  return auth_key_cert;
+}
+
+void
+get_master_rsa_crosscert(const uint8_t **cert_out,
+                         size_t *size_out)
+{
+  *cert_out = rsa_ed_crosscert;
+  *size_out = rsa_ed_crosscert_len;
+}
+
+/** Construct cross-certification for the master identity key with
+ * the ntor onion key. Store the sign of the corresponding ed25519 public key
+ * in *<b>sign_out</b>. */
+tor_cert_t *
+make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key,
+      const ed25519_public_key_t *master_id_key, time_t now, time_t lifetime,
+      int *sign_out)
+{
+  tor_cert_t *cert = NULL;
+  ed25519_keypair_t ed_onion_key;
+
+  if (ed25519_keypair_from_curve25519_keypair(&ed_onion_key, sign_out,
+                                              onion_key) < 0)
+    goto end;
+
+  cert = tor_cert_create(&ed_onion_key, CERT_TYPE_ONION_ID, master_id_key,
+      now, lifetime, 0);
+
+ end:
+  memwipe(&ed_onion_key, 0, sizeof(ed_onion_key));
+  return cert;
+}
+
+/** Construct and return an RSA signature for the TAP onion key to
+ * cross-certify the RSA and Ed25519 identity keys. Set <b>len_out</b> to its
+ * length. */
+uint8_t *
+make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
+                             const ed25519_public_key_t *master_id_key,
+                             const crypto_pk_t *rsa_id_key,
+                             int *len_out)
+{
+  uint8_t signature[PK_BYTES];
+  uint8_t signed_data[DIGEST_LEN + ED25519_PUBKEY_LEN];
+
+  *len_out = 0;
+  crypto_pk_get_digest(rsa_id_key, (char*)signed_data);
+  memcpy(signed_data + DIGEST_LEN, master_id_key->pubkey, ED25519_PUBKEY_LEN);
+
+  int r = crypto_pk_private_sign(onion_key,
+                               (char*)signature, sizeof(signature),
+                               (const char*)signed_data, sizeof(signed_data));
+  if (r < 0)
+    return NULL;
+
+  *len_out = r;
+
+  return tor_memdup(signature, r);
+}
+
+/** Check whether an RSA-TAP cross-certification is correct. Return 0 if it
+ * is, -1 if it isn't. */
+int
+check_tap_onion_key_crosscert(const uint8_t *crosscert,
+                              int crosscert_len,
+                              const crypto_pk_t *onion_pkey,
+                              const ed25519_public_key_t *master_id_pkey,
+                              const uint8_t *rsa_id_digest)
+{
+  uint8_t *cc = tor_malloc(crypto_pk_keysize(onion_pkey));
+  int cc_len =
+    crypto_pk_public_checksig(onion_pkey,
+                              (char*)cc,
+                              crypto_pk_keysize(onion_pkey),
+                              (const char*)crosscert,
+                              crosscert_len);
+  if (cc_len < 0) {
+    goto err;
+  }
+  if (cc_len < DIGEST_LEN + ED25519_PUBKEY_LEN) {
+    log_warn(LD_DIR, "Short signature on cross-certification with TAP key");
+    goto err;
+  }
+  if (tor_memneq(cc, rsa_id_digest, DIGEST_LEN) ||
+      tor_memneq(cc + DIGEST_LEN, master_id_pkey->pubkey,
+                 ED25519_PUBKEY_LEN)) {
+    log_warn(LD_DIR, "Incorrect cross-certification with TAP key");
+    goto err;
+  }
+
+  tor_free(cc);
+  return 0;
+ err:
+  tor_free(cc);
+  return -1;
+}
+
+void
+routerkeys_free_all(void)
+{
+  ed25519_keypair_free(master_identity_key);
+  ed25519_keypair_free(master_signing_key);
+  ed25519_keypair_free(current_auth_key);
+  tor_cert_free(signing_key_cert);
+  tor_cert_free(link_cert_cert);
+  tor_cert_free(auth_key_cert);
+
+  master_identity_key = master_signing_key = NULL;
+  current_auth_key = NULL;
+  signing_key_cert = link_cert_cert = auth_key_cert = NULL;
+}
+
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h
new file mode 100644
index 0000000000..be9b19aea8
--- /dev/null
+++ b/src/or/routerkeys.h
@@ -0,0 +1,77 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_ROUTERKEYS_H
+#define TOR_ROUTERKEYS_H
+
+#include "crypto_ed25519.h"
+
+#define INIT_ED_KEY_CREATE                      (1u<<0)
+#define INIT_ED_KEY_REPLACE                     (1u<<1)
+#define INIT_ED_KEY_SPLIT                       (1u<<2)
+#define INIT_ED_KEY_MISSING_SECRET_OK           (1u<<3)
+#define INIT_ED_KEY_NEEDCERT                    (1u<<4)
+#define INIT_ED_KEY_EXTRA_STRONG                (1u<<5)
+#define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT (1u<<6)
+#define INIT_ED_KEY_OMIT_SECRET                 (1u<<7)
+#define INIT_ED_KEY_TRY_ENCRYPTED               (1u<<8)
+#define INIT_ED_KEY_NO_REPAIR                   (1u<<9)
+#define INIT_ED_KEY_SUGGEST_KEYGEN              (1u<<10)
+#define INIT_ED_KEY_OFFLINE_SECRET              (1u<<11)
+#define INIT_ED_KEY_EXPLICIT_FNAME              (1u<<12)
+
+struct tor_cert_st;
+ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,
+                                         int severity,
+                                         const ed25519_keypair_t *signing_key,
+                                         time_t now,
+                                         time_t lifetime,
+                                         uint8_t cert_type,
+                                         struct tor_cert_st **cert_out);
+ed25519_keypair_t *ed_key_new(const ed25519_keypair_t *signing_key,
+                              uint32_t flags,
+                              time_t now,
+                              time_t lifetime,
+                              uint8_t cert_type,
+                              struct tor_cert_st **cert_out);
+const ed25519_public_key_t *get_master_identity_key(void);
+const ed25519_keypair_t *get_master_signing_keypair(void);
+const struct tor_cert_st *get_master_signing_key_cert(void);
+
+const ed25519_keypair_t *get_current_auth_keypair(void);
+const struct tor_cert_st *get_current_link_cert_cert(void);
+const struct tor_cert_st *get_current_auth_key_cert(void);
+
+void get_master_rsa_crosscert(const uint8_t **cert_out,
+                              size_t *size_out);
+
+struct tor_cert_st *make_ntor_onion_key_crosscert(
+                                  const curve25519_keypair_t *onion_key,
+                                  const ed25519_public_key_t *master_id_key,
+                                  time_t now, time_t lifetime,
+                                  int *sign_out);
+uint8_t *make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
+                                  const ed25519_public_key_t *master_id_key,
+                                  const crypto_pk_t *rsa_id_key,
+                                  int *len_out);
+
+int check_tap_onion_key_crosscert(const uint8_t *crosscert,
+                                  int crosscert_len,
+                                  const crypto_pk_t *onion_pkey,
+                                  const ed25519_public_key_t *master_id_pkey,
+                                  const uint8_t *rsa_id_digest);
+
+int load_ed_keys(const or_options_t *options, time_t now);
+int should_make_new_ed_keys(const or_options_t *options, const time_t now);
+
+int generate_ed_link_cert(const or_options_t *options, time_t now);
+
+int read_encrypted_secret_key(ed25519_secret_key_t *out,
+                              const char *fname);
+int write_encrypted_secret_key(const ed25519_secret_key_t *out,
+                               const char *fname);
+
+void routerkeys_free_all(void);
+
+#endif
+
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 07e87724ba..64baf4d709 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -13,6 +13,8 @@
 
 #define ROUTERLIST_PRIVATE
 #include "or.h"
+#include "backtrace.h"
+#include "crypto_ed25519.h"
 #include "circuitstats.h"
 #include "config.h"
 #include "connection.h"
@@ -37,7 +39,9 @@
 #include "routerlist.h"
 #include "routerparse.h"
 #include "routerset.h"
-#include "../common/sandbox.h"
+#include "sandbox.h"
+#include "torcert.h"
+
 // #define DEBUG_ROUTERLIST
 
 /****************************************************************************/
@@ -64,8 +68,6 @@ typedef struct cert_list_t cert_list_t;
 static int compute_weighted_bandwidths(const smartlist_t *sl,
                                        bandwidth_weight_rule_t rule,
                                        u64_dbl_t **bandwidths_out);
-static const routerstatus_t *router_pick_directory_server_impl(
-                                           dirinfo_type_t auth, int flags);
 static const routerstatus_t *router_pick_trusteddirserver_impl(
                 const smartlist_t *sourcelist, dirinfo_type_t auth,
                 int flags, int *n_busy_out);
@@ -79,6 +81,7 @@ static const char *signed_descriptor_get_body_impl(
                                               const signed_descriptor_t *desc,
                                               int with_annotations);
 static void list_pending_downloads(digestmap_t *result,
+                                   digest256map_t *result256,
                                    int purpose, const char *prefix);
 static void list_pending_fpsk_downloads(fp_pair_map_t *result);
 static void launch_dummy_descriptor_download_as_needed(time_t now,
@@ -145,6 +148,22 @@ get_n_authorities(dirinfo_type_t type)
   return n;
 }
 
+/** Initialise schedule, want_authority, and increment on in the download
+ * status dlstatus, then call download_status_reset() on it.
+ * It is safe to call this function or download_status_reset() multiple times
+ * on a new dlstatus. But it should *not* be called after a dlstatus has been
+ * used to count download attempts or failures. */
+static void
+download_status_cert_init(download_status_t *dlstatus)
+{
+  dlstatus->schedule = DL_SCHED_CONSENSUS;
+  dlstatus->want_authority = DL_WANT_ANY_DIRSERVER;
+  dlstatus->increment_on = DL_SCHED_INCREMENT_FAILURE;
+
+  /* Use the new schedule to set next_attempt_at */
+  download_status_reset(dlstatus);
+}
+
 /** Reset the download status of a specified element in a dsmap */
 static void
 download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
@@ -165,6 +184,7 @@ download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
     /* Insert before we reset */
     dlstatus = tor_malloc_zero(sizeof(*dlstatus));
     dsmap_set(cl->dl_status_map, digest, dlstatus);
+    download_status_cert_init(dlstatus);
   }
   tor_assert(dlstatus);
   /* Go ahead and reset it */
@@ -203,7 +223,7 @@ download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
      * too.
      */
     dlstatus = tor_malloc_zero(sizeof(*dlstatus));
-    download_status_reset(dlstatus);
+    download_status_cert_init(dlstatus);
     dsmap_set(cl->dl_status_map, digest, dlstatus);
     rv = 1;
   }
@@ -222,7 +242,7 @@ get_cert_list(const char *id_digest)
   cl = digestmap_get(trusted_dir_certs, id_digest);
   if (!cl) {
     cl = tor_malloc_zero(sizeof(cert_list_t));
-    cl->dl_status_by_id.schedule = DL_SCHED_CONSENSUS;
+    download_status_cert_init(&cl->dl_status_by_id);
     cl->certs = smartlist_new();
     cl->dl_status_map = dsmap_new();
     digestmap_set(trusted_dir_certs, id_digest, cl);
@@ -274,7 +294,7 @@ trusted_dirs_reload_certs(void)
 
 /** Helper: return true iff we already have loaded the exact cert
  * <b>cert</b>. */
-static INLINE int
+static inline int
 already_have_cert(authority_cert_t *cert)
 {
   cert_list_t *cl = get_cert_list(cert->cache_info.identity_digest);
@@ -448,46 +468,69 @@ trusted_dirs_flush_certs_to_disk(void)
   trusted_dir_servers_certs_changed = 0;
 }
 
-/** Remove all v3 authority certificates that have been superseded for more
- * than 48 hours.  (If the most recent cert was published more than 48 hours
- * ago, then we aren't going to get any consensuses signed with older
+static int
+compare_certs_by_pubdates(const void **_a, const void **_b)
+{
+  const authority_cert_t *cert1 = *_a, *cert2=*_b;
+
+  if (cert1->cache_info.published_on < cert2->cache_info.published_on)
+    return -1;
+  else if (cert1->cache_info.published_on >  cert2->cache_info.published_on)
+    return 1;
+  else
+    return 0;
+}
+
+/** Remove all expired v3 authority certificates that have been superseded for
+ * more than 48 hours or, if not expired, that were published more than 7 days
+ * before being superseded. (If the most recent cert was published more than 48
+ * hours ago, then we aren't going to get any consensuses signed with older
  * keys.) */
 static void
 trusted_dirs_remove_old_certs(void)
 {
   time_t now = time(NULL);
 #define DEAD_CERT_LIFETIME (2*24*60*60)
-#define OLD_CERT_LIFETIME (7*24*60*60)
+#define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
   if (!trusted_dir_certs)
     return;
 
   DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
-    authority_cert_t *newest = NULL;
-    SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
-          if (!newest || (cert->cache_info.published_on >
-                          newest->cache_info.published_on))
-            newest = cert);
-    if (newest) {
-      const time_t newest_published = newest->cache_info.published_on;
-      SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
-        int expired;
-        time_t cert_published;
-        if (newest == cert)
-          continue;
-        expired = now > cert->expires;
-        cert_published = cert->cache_info.published_on;
-        /* Store expired certs for 48 hours after a newer arrives;
+    /* Sort the list from first-published to last-published */
+    smartlist_sort(cl->certs, compare_certs_by_pubdates);
+
+    SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
+      if (cert_sl_idx == smartlist_len(cl->certs) - 1) {
+        /* This is the most recently published cert.  Keep it. */
+        continue;
+      }
+      authority_cert_t *next_cert = smartlist_get(cl->certs, cert_sl_idx+1);
+      const time_t next_cert_published = next_cert->cache_info.published_on;
+      if (next_cert_published > now) {
+        /* All later certs are published in the future. Keep everything
+         * we didn't discard. */
+        break;
+      }
+      int should_remove = 0;
+      if (cert->expires + DEAD_CERT_LIFETIME < now) {
+        /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
+         * Remove it. */
+        should_remove = 1;
+      } else if (next_cert_published + SUPERSEDED_CERT_LIFETIME < now) {
+        /* Certificate has been superseded for OLD_CERT_LIFETIME.
+         * Remove it.
          */
-        if (expired ?
-            (newest_published + DEAD_CERT_LIFETIME < now) :
-            (cert_published + OLD_CERT_LIFETIME < newest_published)) {
-          SMARTLIST_DEL_CURRENT(cl->certs, cert);
-          authority_cert_free(cert);
-          trusted_dir_servers_certs_changed = 1;
-        }
-      } SMARTLIST_FOREACH_END(cert);
-    }
+        should_remove = 1;
+      }
+      if (should_remove) {
+        SMARTLIST_DEL_CURRENT_KEEPORDER(cl->certs, cert);
+        authority_cert_free(cert);
+        trusted_dir_servers_certs_changed = 1;
+      }
+    } SMARTLIST_FOREACH_END(cert);
+
   } DIGESTMAP_FOREACH_END;
+#undef DEAD_CERT_LIFETIME
 #undef OLD_CERT_LIFETIME
 
   trusted_dirs_flush_certs_to_disk();
@@ -636,7 +679,7 @@ static const char *BAD_SIGNING_KEYS[] = {
   NULL,
 };
 
-/** DOCDOC */
+/* DOCDOC */
 int
 authority_cert_is_blacklisted(const authority_cert_t *cert)
 {
@@ -713,7 +756,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
    * First, we get the lists of already pending downloads so we don't
    * duplicate effort.
    */
-  list_pending_downloads(pending_id, DIR_PURPOSE_FETCH_CERTIFICATE, "fp/");
+  list_pending_downloads(pending_id, NULL,
+                         DIR_PURPOSE_FETCH_CERTIFICATE, "fp/");
   list_pending_fpsk_downloads(pending_cert);
 
   /*
@@ -869,8 +913,11 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
 
     if (smartlist_len(fps) > 1) {
       resource = smartlist_join_strings(fps, "", 0, NULL);
+      /* We want certs from mirrors, because they will almost always succeed.
+       */
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
-                                   resource, PDS_RETRY_IF_NO_SERVERS);
+                                   resource, PDS_RETRY_IF_NO_SERVERS,
+                                   DL_WANT_ANY_DIRSERVER);
       tor_free(resource);
     }
     /* else we didn't add any: they were all pending */
@@ -913,8 +960,11 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
 
     if (smartlist_len(fp_pairs) > 1) {
       resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
+      /* We want certs from mirrors, because they will almost always succeed.
+       */
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
-                                   resource, PDS_RETRY_IF_NO_SERVERS);
+                                   resource, PDS_RETRY_IF_NO_SERVERS,
+                                   DL_WANT_ANY_DIRSERVER);
       tor_free(resource);
     }
     /* else they were all pending */
@@ -957,7 +1007,7 @@ router_should_rebuild_store(desc_store_t *store)
 
 /** Return the desc_store_t in <b>rl</b> that should be used to store
  * <b>sd</b>. */
-static INLINE desc_store_t *
+static inline desc_store_t *
 desc_get_store(routerlist_t *rl, const signed_descriptor_t *sd)
 {
   if (sd->is_extrainfo)
@@ -1200,6 +1250,7 @@ router_reload_router_list_impl(desc_store_t *store)
 
   tor_free(fname);
   fname = get_datadir_fname_suffix(store->fname_base, ".new");
+  /* don't load empty files - we wouldn't get any data, even if we tried */
   if (file_status(fname) == FN_FILE)
     contents = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
   if (contents) {
@@ -1266,8 +1317,8 @@ router_get_fallback_dir_servers(void)
 /** Try to find a running dirserver that supports operations of <b>type</b>.
  *
  * If there are no running dirservers in our routerlist and the
- * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the authoritative ones
- * as running again, and pick one.
+ * <b>PDS_RETRY_IF_NO_SERVERS</b> flag is set, set all the fallback ones
+ * (including authorities) as running again, and pick one.
  *
  * If the <b>PDS_IGNORE_FASCISTFIREWALL</b> flag is set, then include
  * dirservers that we can't reach.
@@ -1275,28 +1326,39 @@ router_get_fallback_dir_servers(void)
  * If the <b>PDS_ALLOW_SELF</b> flag is not set, then don't include ourself
  * (if we're a dirserver).
  *
- * Don't pick an authority if any non-authority is viable; try to avoid using
- * servers that have returned 503 recently.
+ * Don't pick a fallback directory mirror if any non-fallback is viable;
+ * (the fallback directory mirrors include the authorities)
+ * try to avoid using servers that have returned 503 recently.
  */
 const routerstatus_t *
 router_pick_directory_server(dirinfo_type_t type, int flags)
 {
+  int busy = 0;
   const routerstatus_t *choice;
 
   if (!routerlist)
     return NULL;
 
-  choice = router_pick_directory_server_impl(type, flags);
+  choice = router_pick_directory_server_impl(type, flags, &busy);
   if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS))
     return choice;
 
+  if (busy) {
+    /* If the reason that we got no server is that servers are "busy",
+     * we must be excluding good servers because we already have serverdesc
+     * fetches with them.  Do not mark down servers up because of this. */
+    tor_assert((flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
+                         PDS_NO_EXISTING_MICRODESC_FETCH)));
+    return NULL;
+  }
+
   log_info(LD_DIR,
            "No reachable router entries for dirservers. "
            "Trying them all again.");
-  /* mark all authdirservers as up again */
+  /* mark all fallback directory mirrors as up again */
   mark_all_dirservers_up(fallback_dir_servers);
   /* try again */
-  choice = router_pick_directory_server_impl(type, flags);
+  choice = router_pick_directory_server_impl(type, flags, NULL);
   return choice;
 }
 
@@ -1319,15 +1381,21 @@ router_get_trusteddirserver_by_digest(const char *digest)
 }
 
 /** Return the dir_server_t for the fallback dirserver whose identity
- * key hashes to <b>digest</b>, or NULL if no such authority is known.
+ * key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
+ * fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
+ * and UseDefaultFallbackDirs torrc options.)
+ * The list of fallback directories includes the list of authorities.
  */
 dir_server_t *
 router_get_fallback_dirserver_by_digest(const char *digest)
 {
-  if (!trusted_dir_servers)
+  if (!fallback_dir_servers)
     return NULL;
 
-  SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
+  if (!digest)
+    return NULL;
+
+  SMARTLIST_FOREACH(fallback_dir_servers, dir_server_t *, ds,
      {
        if (tor_memeq(ds->digest, digest, DIGEST_LEN))
          return ds;
@@ -1336,6 +1404,18 @@ router_get_fallback_dirserver_by_digest(const char *digest)
   return NULL;
 }
 
+/** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
+ * or 0 if no such fallback is in the list of fallback_dir_servers.
+ * (fallback_dir_servers is affected by the FallbackDir and
+ * UseDefaultFallbackDirs torrc options.)
+ * The list of fallback directories includes the list of authorities.
+ */
+int
+router_digest_is_fallback_dir(const char *digest)
+{
+  return (router_get_fallback_dirserver_by_digest(digest) != NULL);
+}
+
 /** Return the dir_server_t for the directory authority whose
  * v3 identity key hashes to <b>digest</b>, or NULL if no such authority
  * is known.
@@ -1402,15 +1482,200 @@ router_pick_dirserver_generic(smartlist_t *sourcelist,
   return router_pick_trusteddirserver_impl(sourcelist, type, flags, NULL);
 }
 
+/* Check if we already have a directory fetch from ap, for serverdesc
+ * (including extrainfo) or microdesc documents.
+ * If so, return 1, if not, return 0.
+ * Also returns 0 if addr is NULL, tor_addr_is_null(addr), or dir_port is 0.
+ */
+STATIC int
+router_is_already_dir_fetching(const tor_addr_port_t *ap, int serverdesc,
+                               int microdesc)
+{
+  if (!ap || tor_addr_is_null(&ap->addr) || !ap->port) {
+    return 0;
+  }
+
+  /* XX/teor - we're not checking tunnel connections here, see #17848
+   */
+  if (serverdesc && (
+     connection_get_by_type_addr_port_purpose(
+       CONN_TYPE_DIR, &ap->addr, ap->port, DIR_PURPOSE_FETCH_SERVERDESC)
+  || connection_get_by_type_addr_port_purpose(
+       CONN_TYPE_DIR, &ap->addr, ap->port, DIR_PURPOSE_FETCH_EXTRAINFO))) {
+    return 1;
+  }
+
+  if (microdesc && (
+     connection_get_by_type_addr_port_purpose(
+       CONN_TYPE_DIR, &ap->addr, ap->port, DIR_PURPOSE_FETCH_MICRODESC))) {
+    return 1;
+  }
+
+  return 0;
+}
+
+/* Check if we already have a directory fetch from ds, for serverdesc
+ * (including extrainfo) or microdesc documents.
+ * If so, return 1, if not, return 0.
+ */
+static int
+router_is_already_dir_fetching_ds(const dir_server_t *ds,
+                                  int serverdesc,
+                                  int microdesc)
+{
+  tor_addr_port_t ipv4_dir_ap, ipv6_dir_ap;
+
+  /* Assume IPv6 DirPort is the same as IPv4 DirPort */
+  tor_addr_from_ipv4h(&ipv4_dir_ap.addr, ds->addr);
+  ipv4_dir_ap.port = ds->dir_port;
+  tor_addr_copy(&ipv6_dir_ap.addr, &ds->ipv6_addr);
+  ipv6_dir_ap.port = ds->dir_port;
+
+  return (router_is_already_dir_fetching(&ipv4_dir_ap, serverdesc, microdesc)
+       || router_is_already_dir_fetching(&ipv6_dir_ap, serverdesc, microdesc));
+}
+
+/* Check if we already have a directory fetch from rs, for serverdesc
+ * (including extrainfo) or microdesc documents.
+ * If so, return 1, if not, return 0.
+ */
+static int
+router_is_already_dir_fetching_rs(const routerstatus_t *rs,
+                                  int serverdesc,
+                                  int microdesc)
+{
+  tor_addr_port_t ipv4_dir_ap, ipv6_dir_ap;
+
+  /* Assume IPv6 DirPort is the same as IPv4 DirPort */
+  tor_addr_from_ipv4h(&ipv4_dir_ap.addr, rs->addr);
+  ipv4_dir_ap.port = rs->dir_port;
+  tor_addr_copy(&ipv6_dir_ap.addr, &rs->ipv6_addr);
+  ipv6_dir_ap.port = rs->dir_port;
+
+  return (router_is_already_dir_fetching(&ipv4_dir_ap, serverdesc, microdesc)
+       || router_is_already_dir_fetching(&ipv6_dir_ap, serverdesc, microdesc));
+}
+
+#ifndef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
+#define LOG_FALSE_POSITIVES_DURING_BOOTSTRAP 0
+#endif
+
+/* Log a message if rs is not found or not a preferred address */
+static void
+router_picked_poor_directory_log(const routerstatus_t *rs)
+{
+  const networkstatus_t *usable_consensus;
+  usable_consensus = networkstatus_get_reasonably_live_consensus(time(NULL),
+                                                 usable_consensus_flavor());
+
+#if !LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
+  /* Don't log early in the bootstrap process, it's normal to pick from a
+   * small pool of nodes. Of course, this won't help if we're trying to
+   * diagnose bootstrap issues. */
+  if (!smartlist_len(nodelist_get_list()) || !usable_consensus
+      || !router_have_minimum_dir_info()) {
+    return;
+  }
+#endif
+
+  /* We couldn't find a node, or the one we have doesn't fit our preferences.
+   * Sometimes this is normal, sometimes it can be a reachability issue. */
+  if (!rs) {
+    /* This happens a lot, so it's at debug level */
+    log_debug(LD_DIR, "Wanted to make an outgoing directory connection, but "
+              "we couldn't find a directory that fit our criteria. "
+              "Perhaps we will succeed next time with less strict criteria.");
+  } else if (!fascist_firewall_allows_rs(rs, FIREWALL_OR_CONNECTION, 1)
+             && !fascist_firewall_allows_rs(rs, FIREWALL_DIR_CONNECTION, 1)
+             ) {
+    /* This is rare, and might be interesting to users trying to diagnose
+     * connection issues on dual-stack machines. */
+    log_info(LD_DIR, "Selected a directory %s with non-preferred OR and Dir "
+             "addresses for launching an outgoing connection: "
+             "IPv4 %s OR %d Dir %d IPv6 %s OR %d Dir %d",
+             routerstatus_describe(rs),
+             fmt_addr32(rs->addr), rs->or_port,
+             rs->dir_port, fmt_addr(&rs->ipv6_addr),
+             rs->ipv6_orport, rs->dir_port);
+  }
+}
+
+#undef LOG_FALSE_POSITIVES_DURING_BOOTSTRAP
+
 /** How long do we avoid using a directory server after it's given us a 503? */
 #define DIR_503_TIMEOUT (60*60)
 
+/* Common retry code for router_pick_directory_server_impl and
+ * router_pick_trusteddirserver_impl. Retry with the non-preferred IP version.
+ * Must be called before RETRY_WITHOUT_EXCLUDE().
+ *
+ * If we got no result, and we are applying IP preferences, and we are a
+ * client that could use an alternate IP version, try again with the
+ * opposite preferences. */
+#define RETRY_ALTERNATE_IP_VERSION(retry_label)                               \
+  STMT_BEGIN                                                                  \
+    if (result == NULL && try_ip_pref && options->ClientUseIPv4               \
+        && fascist_firewall_use_ipv6(options) && !server_mode(options)        \
+        && !n_busy) {                                                         \
+      n_excluded = 0;                                                         \
+      n_busy = 0;                                                             \
+      try_ip_pref = 0;                                                        \
+      goto retry_label;                                                       \
+    }                                                                         \
+  STMT_END                                                                    \
+
+/* Common retry code for router_pick_directory_server_impl and
+ * router_pick_trusteddirserver_impl. Retry without excluding nodes, but with
+ * the preferred IP version. Must be called after RETRY_ALTERNATE_IP_VERSION().
+ *
+ * If we got no result, and we are excluding nodes, and StrictNodes is
+ * not set, try again without excluding nodes. */
+#define RETRY_WITHOUT_EXCLUDE(retry_label)                                    \
+  STMT_BEGIN                                                                  \
+    if (result == NULL && try_excluding && !options->StrictNodes              \
+        && n_excluded && !n_busy) {                                           \
+      try_excluding = 0;                                                      \
+      n_excluded = 0;                                                         \
+      n_busy = 0;                                                             \
+      try_ip_pref = 1;                                                        \
+      goto retry_label;                                                       \
+    }                                                                         \
+  STMT_END
+
+/* When iterating through the routerlist, can OR address/port preference
+ * and reachability checks be skipped?
+ */
+static int
+router_skip_or_reachability(const or_options_t *options, int try_ip_pref)
+{
+  /* Servers always have and prefer IPv4.
+   * And if clients are checking against the firewall for reachability only,
+   * but there's no firewall, don't bother checking */
+  return server_mode(options) || (!try_ip_pref && !firewall_is_fascist_or());
+}
+
+/* When iterating through the routerlist, can Dir address/port preference
+ * and reachability checks be skipped?
+ */
+static int
+router_skip_dir_reachability(const or_options_t *options, int try_ip_pref)
+{
+  /* Servers always have and prefer IPv4.
+   * And if clients are checking against the firewall for reachability only,
+   * but there's no firewall, don't bother checking */
+  return server_mode(options) || (!try_ip_pref && !firewall_is_fascist_dir());
+}
+
 /** Pick a random running valid directory server/mirror from our
- * routerlist.  Arguments are as for router_pick_directory_server(), except
- * that RETRY_IF_NO_SERVERS is ignored.
+ * routerlist.  Arguments are as for router_pick_directory_server(), except:
+ *
+ * If <b>n_busy_out</b> is provided, set *<b>n_busy_out</b> to the number of
+ * directories that we excluded for no other reason than
+ * PDS_NO_EXISTING_SERVERDESC_FETCH or PDS_NO_EXISTING_MICRODESC_FETCH.
  */
-static const routerstatus_t *
-router_pick_directory_server_impl(dirinfo_type_t type, int flags)
+STATIC const routerstatus_t *
+router_pick_directory_server_impl(dirinfo_type_t type, int flags,
+                                  int *n_busy_out)
 {
   const or_options_t *options = get_options();
   const node_t *result;
@@ -1419,15 +1684,18 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
   smartlist_t *overloaded_direct, *overloaded_tunnel;
   time_t now = time(NULL);
   const networkstatus_t *consensus = networkstatus_get_latest_consensus();
-  int requireother = ! (flags & PDS_ALLOW_SELF);
-  int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
-  int for_guard = (flags & PDS_FOR_GUARD);
-  int try_excluding = 1, n_excluded = 0;
+  const int requireother = ! (flags & PDS_ALLOW_SELF);
+  const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
+  const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH);
+  const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH);
+  const int for_guard = (flags & PDS_FOR_GUARD);
+  int try_excluding = 1, n_excluded = 0, n_busy = 0;
+  int try_ip_pref = 1;
 
   if (!consensus)
     return NULL;
 
- retry_without_exclude:
+ retry_search:
 
   direct = smartlist_new();
   tunnel = smartlist_new();
@@ -1436,28 +1704,28 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
+
   /* Find all the running dirservers we know about. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
-    int is_trusted;
+    int is_trusted, is_trusted_extrainfo;
     int is_overloaded;
-    tor_addr_t addr;
     const routerstatus_t *status = node->rs;
     const country_t country = node->country;
     if (!status)
       continue;
 
-    if (!node->is_running || !status->dir_port || !node->is_valid)
-      continue;
-    if (node->is_bad_directory)
+    if (!node->is_running || !node_is_dir(node) || !node->is_valid)
       continue;
     if (requireother && router_digest_is_me(node->identity))
       continue;
     is_trusted = router_digest_is_trusted_dir(node->identity);
+    is_trusted_extrainfo = router_digest_is_trusted_dir_type(
+                           node->identity, EXTRAINFO_DIRINFO);
     if ((type & EXTRAINFO_DIRINFO) &&
-        !router_supports_extrainfo(node->identity, 0))
-      continue;
-    if ((type & MICRODESC_DIRINFO) && !is_trusted &&
-        !node->rs->version_supports_microdesc_cache)
+        !router_supports_extrainfo(node->identity, is_trusted_extrainfo))
       continue;
     /* Don't make the same node a guard twice */
     if (for_guard && node->using_as_guard) {
@@ -1474,17 +1742,30 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
       continue;
     }
 
-    /* XXXX IP6 proposal 118 */
-    tor_addr_from_ipv4h(&addr, node->rs->addr);
+    if (router_is_already_dir_fetching_rs(status,
+                                          no_serverdesc_fetching,
+                                          no_microdesc_fetching)) {
+      ++n_busy;
+      continue;
+    }
 
     is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now;
 
-    if ((!fascistfirewall ||
-         fascist_firewall_allows_address_or(&addr, status->or_port)))
+    /* Clients use IPv6 addresses if the server has one and the client
+     * prefers IPv6.
+     * Add the router if its preferred address and port are reachable.
+     * If we don't get any routers, we'll try again with the non-preferred
+     * address for each router (if any). (To ensure correct load-balancing
+     * we try routers that only have one address both times.)
+     */
+    if (!fascistfirewall || skip_or_fw ||
+        fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
+                                     try_ip_pref))
       smartlist_add(is_trusted ? trusted_tunnel :
                     is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-    else if (!fascistfirewall ||
-             fascist_firewall_allows_address_dir(&addr, status->dir_port))
+    else if (!must_have_or && (skip_dir_fw ||
+             fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION,
+                                          try_ip_pref)))
       smartlist_add(is_trusted ? trusted_direct :
                     is_overloaded ? overloaded_direct : direct, (void*)node);
   } SMARTLIST_FOREACH_END(node);
@@ -1515,13 +1796,14 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
   smartlist_free(overloaded_direct);
   smartlist_free(overloaded_tunnel);
 
-  if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) {
-    /* If we got no result, and we are excluding nodes, and StrictNodes is
-     * not set, try again without excluding nodes. */
-    try_excluding = 0;
-    n_excluded = 0;
-    goto retry_without_exclude;
-  }
+  RETRY_ALTERNATE_IP_VERSION(retry_search);
+
+  RETRY_WITHOUT_EXCLUDE(retry_search);
+
+  if (n_busy_out)
+    *n_busy_out = n_busy;
+
+  router_picked_poor_directory_log(result ? result->rs : NULL);
 
   return result ? result->rs : NULL;
 }
@@ -1536,7 +1818,7 @@ dirserver_choose_by_weight(const smartlist_t *servers, double authority_weight)
   u64_dbl_t *weights;
   const dir_server_t *ds;
 
-  weights = tor_malloc(sizeof(u64_dbl_t) * n);
+  weights = tor_calloc(n, sizeof(u64_dbl_t));
   for (i = 0; i < n; ++i) {
     ds = smartlist_get(servers, i);
     weights[i].dbl = ds->weight;
@@ -1573,30 +1855,36 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
   smartlist_t *pick_from;
   int n_busy = 0;
   int try_excluding = 1, n_excluded = 0;
+  int try_ip_pref = 1;
 
   if (!sourcelist)
     return NULL;
 
- retry_without_exclude:
+ retry_search:
 
   direct = smartlist_new();
   tunnel = smartlist_new();
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
+
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
     {
       int is_overloaded =
           d->fake_status.last_dir_503_at + DIR_503_TIMEOUT > now;
-      tor_addr_t addr;
       if (!d->is_running) continue;
       if ((type & d->type) == 0)
         continue;
+      int is_trusted_extrainfo = router_digest_is_trusted_dir_type(
+                                 d->digest, EXTRAINFO_DIRINFO);
       if ((type & EXTRAINFO_DIRINFO) &&
-          !router_supports_extrainfo(d->digest, 1))
+          !router_supports_extrainfo(d->digest, is_trusted_extrainfo))
         continue;
       if (requireother && me && router_digest_is_me(d->digest))
-          continue;
+        continue;
       if (try_excluding &&
           routerset_contains_routerstatus(options->ExcludeNodes,
                                           &d->fake_status, -1)) {
@@ -1604,34 +1892,26 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
         continue;
       }
 
-      /* XXXX IP6 proposal 118 */
-      tor_addr_from_ipv4h(&addr, d->addr);
-
-      if (no_serverdesc_fetching) {
-        if (connection_get_by_type_addr_port_purpose(
-            CONN_TYPE_DIR, &addr, d->dir_port, DIR_PURPOSE_FETCH_SERVERDESC)
-         || connection_get_by_type_addr_port_purpose(
-             CONN_TYPE_DIR, &addr, d->dir_port, DIR_PURPOSE_FETCH_EXTRAINFO)) {
-          //log_debug(LD_DIR, "We have an existing connection to fetch "
-          //           "descriptor from %s; delaying",d->description);
-          ++n_busy;
-          continue;
-        }
-      }
-      if (no_microdesc_fetching) {
-        if (connection_get_by_type_addr_port_purpose(
-             CONN_TYPE_DIR, &addr, d->dir_port, DIR_PURPOSE_FETCH_MICRODESC)) {
-          ++n_busy;
-          continue;
-        }
+      if (router_is_already_dir_fetching_ds(d, no_serverdesc_fetching,
+                                            no_microdesc_fetching)) {
+        ++n_busy;
+        continue;
       }
 
-      if (d->or_port &&
-          (!fascistfirewall ||
-           fascist_firewall_allows_address_or(&addr, d->or_port)))
+      /* Clients use IPv6 addresses if the server has one and the client
+       * prefers IPv6.
+       * Add the router if its preferred address and port are reachable.
+       * If we don't get any routers, we'll try again with the non-preferred
+       * address for each router (if any). (To ensure correct load-balancing
+       * we try routers that only have one address both times.)
+       */
+      if (!fascistfirewall || skip_or_fw ||
+          fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
+                                             try_ip_pref))
         smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-      else if (!fascistfirewall ||
-               fascist_firewall_allows_address_dir(&addr, d->dir_port))
+      else if (!must_have_or && (skip_dir_fw ||
+               fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
+                                                  try_ip_pref)))
         smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
     }
   SMARTLIST_FOREACH_END(d);
@@ -1654,22 +1934,19 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
       result = &selection->fake_status;
   }
 
-  if (n_busy_out)
-    *n_busy_out = n_busy;
-
   smartlist_free(direct);
   smartlist_free(tunnel);
   smartlist_free(overloaded_direct);
   smartlist_free(overloaded_tunnel);
 
-  if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) {
-    /* If we got no result, and we are excluding nodes, and StrictNodes is
-     * not set, try again without excluding nodes. */
-    try_excluding = 0;
-    n_excluded = 0;
-    goto retry_without_exclude;
-  }
+  RETRY_ALTERNATE_IP_VERSION(retry_search);
+
+  RETRY_WITHOUT_EXCLUDE(retry_search);
+
+  router_picked_poor_directory_log(result);
 
+  if (n_busy_out)
+    *n_busy_out = n_busy;
   return result;
 }
 
@@ -1736,11 +2013,15 @@ routerlist_add_node_and_family(smartlist_t *sl, const routerinfo_t *router)
 /** Add every suitable node from our nodelist to <b>sl</b>, so that
  * we can pick a node for a circuit.
  */
-static void
+void
 router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
                                       int need_uptime, int need_capacity,
-                                      int need_guard, int need_desc)
-{ /* XXXX MOVE */
+                                      int need_guard, int need_desc,
+                                      int pref_addr, int direct_conn)
+{
+  const int check_reach = !router_skip_or_reachability(get_options(),
+                                                       pref_addr);
+  /* XXXX MOVE */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
     if (!node->is_running ||
         (!node->is_valid && !allow_invalid))
@@ -1751,6 +2032,11 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
       continue;
     if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
       continue;
+    /* Choose a node with an OR address that matches the firewall rules,
+     * if we are making a direct connection */
+    if (direct_conn && check_reach &&
+        !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr))
+      continue;
 
     smartlist_add(sl, (void *)node);
   } SMARTLIST_FOREACH_END(node);
@@ -1808,15 +2094,16 @@ scale_array_elements_to_u64(u64_dbl_t *entries, int n_entries,
                             uint64_t *total_out)
 {
   double total = 0.0;
-  double scale_factor;
+  double scale_factor = 0.0;
   int i;
   /* big, but far away from overflowing an int64_t */
-#define SCALE_TO_U64_MAX (INT64_MAX / 4)
+#define SCALE_TO_U64_MAX ((int64_t) (INT64_MAX / 4))
 
   for (i = 0; i < n_entries; ++i)
     total += entries[i].dbl;
 
-  scale_factor = SCALE_TO_U64_MAX / total;
+  if (total > 0.0)
+    scale_factor = SCALE_TO_U64_MAX / total;
 
   for (i = 0; i < n_entries; ++i)
     entries[i].u64 = tor_llround(entries[i].dbl * scale_factor);
@@ -1832,7 +2119,7 @@ scale_array_elements_to_u64(u64_dbl_t *entries, int n_entries,
 #if SIZEOF_VOID_P == 8
 #define gt_i64_timei(a,b) ((a) > (b))
 #else
-static INLINE int
+static inline int
 gt_i64_timei(uint64_t a, uint64_t b)
 {
   int64_t diff = (int64_t) (b - a);
@@ -1910,7 +2197,7 @@ bridge_get_advertised_bandwidth_bounded(routerinfo_t *router)
 
 /** Return bw*1000, unless bw*1000 would overflow, in which case return
  * INT32_MAX. */
-static INLINE int32_t
+static inline int32_t
 kb_to_bytes(uint32_t bw)
 {
   return (bw > (INT32_MAX/1000)) ? INT32_MAX : bw*1000;
@@ -1963,6 +2250,7 @@ compute_weighted_bandwidths(const smartlist_t *sl,
   double Wg = -1, Wm = -1, We = -1, Wd = -1;
   double Wgb = -1, Wmb = -1, Web = -1, Wdb = -1;
   uint64_t weighted_bw = 0;
+  guardfraction_bandwidth_t guardfraction_bw;
   u64_dbl_t *bandwidths;
 
   /* Can't choose exit and guard at same time */
@@ -2029,9 +2317,10 @@ compute_weighted_bandwidths(const smartlist_t *sl,
   if (Wg < 0 || Wm < 0 || We < 0 || Wd < 0 || Wgb < 0 || Wmb < 0 || Wdb < 0
       || Web < 0) {
     log_debug(LD_CIRC,
-              "Got negative bandwidth weights. Defaulting to old selection"
+              "Got negative bandwidth weights. Defaulting to naive selection"
               " algorithm.");
-    return -1; // Use old algorithm.
+    Wg = Wm = We = Wd = weight_scale;
+    Wgb = Wmb = Web = Wdb = weight_scale;
   }
 
   Wg /= weight_scale;
@@ -2044,26 +2333,32 @@ compute_weighted_bandwidths(const smartlist_t *sl,
   Web /= weight_scale;
   Wdb /= weight_scale;
 
-  bandwidths = tor_malloc_zero(sizeof(u64_dbl_t)*smartlist_len(sl));
+  bandwidths = tor_calloc(smartlist_len(sl), sizeof(u64_dbl_t));
 
   // Cycle through smartlist and total the bandwidth.
+  static int warned_missing_bw = 0;
   SMARTLIST_FOREACH_BEGIN(sl, const node_t *, node) {
     int is_exit = 0, is_guard = 0, is_dir = 0, this_bw = 0;
     double weight = 1;
+    double weight_without_guard_flag = 0; /* Used for guardfraction */
+    double final_weight = 0;
     is_exit = node->is_exit && ! node->is_bad_exit;
     is_guard = node->is_possible_guard;
     is_dir = node_is_dir(node);
     if (node->rs) {
       if (!node->rs->has_bandwidth) {
-        tor_free(bandwidths);
         /* This should never happen, unless all the authorites downgrade
          * to 0.2.0 or rogue routerstatuses get inserted into our consensus. */
-        log_warn(LD_BUG,
-                 "Consensus is not listing bandwidths. Defaulting back to "
-                 "old router selection algorithm.");
-        return -1;
+        if (! warned_missing_bw) {
+          log_warn(LD_BUG,
+                 "Consensus is missing some bandwidths. Using a naive "
+                 "router selection algorithm");
+          warned_missing_bw = 1;
+        }
+        this_bw = 30000; /* Chosen arbitrarily */
+      } else {
+        this_bw = kb_to_bytes(node->rs->bandwidth_kb);
       }
-      this_bw = kb_to_bytes(node->rs->bandwidth_kb);
     } else if (node->ri) {
       /* bridge or other descriptor not in our consensus */
       this_bw = bridge_get_advertised_bandwidth_bounded(node->ri);
@@ -2074,8 +2369,10 @@ compute_weighted_bandwidths(const smartlist_t *sl,
 
     if (is_guard && is_exit) {
       weight = (is_dir ? Wdb*Wd : Wd);
+      weight_without_guard_flag = (is_dir ? Web*We : We);
     } else if (is_guard) {
       weight = (is_dir ? Wgb*Wg : Wg);
+      weight_without_guard_flag = (is_dir ? Wmb*Wm : Wm);
     } else if (is_exit) {
       weight = (is_dir ? Web*We : We);
     } else { // middle
@@ -2087,8 +2384,43 @@ compute_weighted_bandwidths(const smartlist_t *sl,
       this_bw = 0;
     if (weight < 0.0)
       weight = 0.0;
+    if (weight_without_guard_flag < 0.0)
+      weight_without_guard_flag = 0.0;
+
+    /* If guardfraction information is available in the consensus, we
+     * want to calculate this router's bandwidth according to its
+     * guardfraction. Quoting from proposal236:
+     *
+     *    Let Wpf denote the weight from the 'bandwidth-weights' line a
+     *    client would apply to N for position p if it had the guard
+     *    flag, Wpn the weight if it did not have the guard flag, and B the
+     *    measured bandwidth of N in the consensus.  Then instead of choosing
+     *    N for position p proportionally to Wpf*B or Wpn*B, clients should
+     *    choose N proportionally to F*Wpf*B + (1-F)*Wpn*B.
+     */
+    if (node->rs && node->rs->has_guardfraction && rule != WEIGHT_FOR_GUARD) {
+      /* XXX The assert should actually check for is_guard. However,
+       * that crashes dirauths because of #13297. This should be
+       * equivalent: */
+      tor_assert(node->rs->is_possible_guard);
+
+      guard_get_guardfraction_bandwidth(&guardfraction_bw,
+                                        this_bw,
+                                        node->rs->guardfraction_percentage);
+
+      /* Calculate final_weight = F*Wpf*B + (1-F)*Wpn*B */
+      final_weight =
+        guardfraction_bw.guard_bw * weight +
+        guardfraction_bw.non_guard_bw * weight_without_guard_flag;
+
+      log_debug(LD_GENERAL, "%s: Guardfraction weight %f instead of %f (%s)",
+                node->rs->nickname, final_weight, weight*this_bw,
+                bandwidth_weight_rule_to_string(rule));
+    } else { /* no guardfraction information. calculate the weight normally. */
+      final_weight = weight*this_bw;
+    }
 
-    bandwidths[node_sl_idx].dbl = weight*this_bw + 0.5;
+    bandwidths[node_sl_idx].dbl = final_weight + 0.5;
   } SMARTLIST_FOREACH_END(node);
 
   log_debug(LD_CIRC, "Generated weighted bandwidths for rule %s based "
@@ -2140,226 +2472,13 @@ frac_nodes_with_descriptors(const smartlist_t *sl,
   return present / total;
 }
 
-/** Helper function:
- * choose a random node_t element of smartlist <b>sl</b>, weighted by
- * the advertised bandwidth of each element.
- *
- * If <b>rule</b>==WEIGHT_FOR_EXIT. we're picking an exit node: consider all
- * nodes' bandwidth equally regardless of their Exit status, since there may
- * be some in the list because they exit to obscure ports. If
- * <b>rule</b>==NO_WEIGHTING, we're picking a non-exit node: weight
- * exit-node's bandwidth less depending on the smallness of the fraction of
- * Exit-to-total bandwidth.  If <b>rule</b>==WEIGHT_FOR_GUARD, we're picking a
- * guard node: consider all guard's bandwidth equally. Otherwise, weight
- * guards proportionally less.
- */
-static const node_t *
-smartlist_choose_node_by_bandwidth(const smartlist_t *sl,
-                                   bandwidth_weight_rule_t rule)
-{
-  unsigned int i;
-  u64_dbl_t *bandwidths;
-  int is_exit;
-  int is_guard;
-  int is_fast;
-  double total_nonexit_bw = 0, total_exit_bw = 0;
-  double total_nonguard_bw = 0, total_guard_bw = 0;
-  double exit_weight;
-  double guard_weight;
-  int n_unknown = 0;
-  bitarray_t *fast_bits;
-  bitarray_t *exit_bits;
-  bitarray_t *guard_bits;
-
-  // This function does not support WEIGHT_FOR_DIR
-  // or WEIGHT_FOR_MID
-  if (rule == WEIGHT_FOR_DIR || rule == WEIGHT_FOR_MID) {
-    rule = NO_WEIGHTING;
-  }
-
-  /* Can't choose exit and guard at same time */
-  tor_assert(rule == NO_WEIGHTING ||
-             rule == WEIGHT_FOR_EXIT ||
-             rule == WEIGHT_FOR_GUARD);
-
-  if (smartlist_len(sl) == 0) {
-    log_info(LD_CIRC,
-             "Empty routerlist passed in to old node selection for rule %s",
-             bandwidth_weight_rule_to_string(rule));
-    return NULL;
-  }
-
-  /* First count the total bandwidth weight, and make a list
-   * of each value.  We use UINT64_MAX to indicate "unknown". */
-  bandwidths = tor_malloc_zero(sizeof(u64_dbl_t)*smartlist_len(sl));
-  fast_bits = bitarray_init_zero(smartlist_len(sl));
-  exit_bits = bitarray_init_zero(smartlist_len(sl));
-  guard_bits = bitarray_init_zero(smartlist_len(sl));
-
-  /* Iterate over all the routerinfo_t or routerstatus_t, and */
-  SMARTLIST_FOREACH_BEGIN(sl, const node_t *, node) {
-    /* first, learn what bandwidth we think i has */
-    int is_known = 1;
-    uint32_t this_bw = 0;
-    i = node_sl_idx;
-
-    is_exit = node->is_exit;
-    is_guard = node->is_possible_guard;
-    if (node->rs) {
-      if (node->rs->has_bandwidth) {
-        this_bw = kb_to_bytes(node->rs->bandwidth_kb);
-      } else { /* guess */
-        is_known = 0;
-      }
-    } else if (node->ri) {
-      /* Must be a bridge if we're willing to use it */
-      this_bw = bridge_get_advertised_bandwidth_bounded(node->ri);
-    }
-
-    if (is_exit)
-      bitarray_set(exit_bits, i);
-    if (is_guard)
-      bitarray_set(guard_bits, i);
-    if (node->is_fast)
-      bitarray_set(fast_bits, i);
-
-    if (is_known) {
-      bandwidths[i].dbl = this_bw;
-      if (is_guard)
-        total_guard_bw += this_bw;
-      else
-        total_nonguard_bw += this_bw;
-      if (is_exit)
-        total_exit_bw += this_bw;
-      else
-        total_nonexit_bw += this_bw;
-    } else {
-      ++n_unknown;
-      bandwidths[i].dbl = -1.0;
-    }
-  } SMARTLIST_FOREACH_END(node);
-
-#define EPSILON .1
-
-  /* Now, fill in the unknown values. */
-  if (n_unknown) {
-    int32_t avg_fast, avg_slow;
-    if (total_exit_bw+total_nonexit_bw < EPSILON) {
-      /* if there's some bandwidth, there's at least one known router,
-       * so no worries about div by 0 here */
-      int n_known = smartlist_len(sl)-n_unknown;
-      avg_fast = avg_slow = (int32_t)
-        ((total_exit_bw+total_nonexit_bw)/((uint64_t) n_known));
-    } else {
-      avg_fast = 40000;
-      avg_slow = 20000;
-    }
-    for (i=0; i<(unsigned)smartlist_len(sl); ++i) {
-      if (bandwidths[i].dbl >= 0.0)
-        continue;
-      is_fast = bitarray_is_set(fast_bits, i);
-      is_exit = bitarray_is_set(exit_bits, i);
-      is_guard = bitarray_is_set(guard_bits, i);
-      bandwidths[i].dbl = is_fast ? avg_fast : avg_slow;
-      if (is_exit)
-        total_exit_bw += bandwidths[i].dbl;
-      else
-        total_nonexit_bw += bandwidths[i].dbl;
-      if (is_guard)
-        total_guard_bw += bandwidths[i].dbl;
-      else
-        total_nonguard_bw += bandwidths[i].dbl;
-    }
-  }
-
-  /* If there's no bandwidth at all, pick at random. */
-  if (total_exit_bw+total_nonexit_bw < EPSILON) {
-    tor_free(bandwidths);
-    tor_free(fast_bits);
-    tor_free(exit_bits);
-    tor_free(guard_bits);
-    return smartlist_choose(sl);
-  }
-
-  /* Figure out how to weight exits and guards */
-  {
-    double all_bw = U64_TO_DBL(total_exit_bw+total_nonexit_bw);
-    double exit_bw = U64_TO_DBL(total_exit_bw);
-    double guard_bw = U64_TO_DBL(total_guard_bw);
-    /*
-     * For detailed derivation of this formula, see
-     *   http://archives.seul.org/or/dev/Jul-2007/msg00056.html
-     */
-    if (rule == WEIGHT_FOR_EXIT || total_exit_bw<EPSILON)
-      exit_weight = 1.0;
-    else
-      exit_weight = 1.0 - all_bw/(3.0*exit_bw);
-
-    if (rule == WEIGHT_FOR_GUARD || total_guard_bw<EPSILON)
-      guard_weight = 1.0;
-    else
-      guard_weight = 1.0 - all_bw/(3.0*guard_bw);
-
-    if (exit_weight <= 0.0)
-      exit_weight = 0.0;
-
-    if (guard_weight <= 0.0)
-      guard_weight = 0.0;
-
-    for (i=0; i < (unsigned)smartlist_len(sl); i++) {
-      tor_assert(bandwidths[i].dbl >= 0.0);
-
-      is_exit = bitarray_is_set(exit_bits, i);
-      is_guard = bitarray_is_set(guard_bits, i);
-      if (is_exit && is_guard)
-        bandwidths[i].dbl *= exit_weight * guard_weight;
-      else if (is_guard)
-        bandwidths[i].dbl *= guard_weight;
-      else if (is_exit)
-        bandwidths[i].dbl *= exit_weight;
-    }
-  }
-
-#if 0
-  log_debug(LD_CIRC, "Total weighted bw = "U64_FORMAT
-            ", exit bw = "U64_FORMAT
-            ", nonexit bw = "U64_FORMAT", exit weight = %f "
-            "(for exit == %d)"
-            ", guard bw = "U64_FORMAT
-            ", nonguard bw = "U64_FORMAT", guard weight = %f "
-            "(for guard == %d)",
-            U64_PRINTF_ARG(total_bw),
-            U64_PRINTF_ARG(total_exit_bw), U64_PRINTF_ARG(total_nonexit_bw),
-            exit_weight, (int)(rule == WEIGHT_FOR_EXIT),
-            U64_PRINTF_ARG(total_guard_bw), U64_PRINTF_ARG(total_nonguard_bw),
-            guard_weight, (int)(rule == WEIGHT_FOR_GUARD));
-#endif
-
-  scale_array_elements_to_u64(bandwidths, smartlist_len(sl), NULL);
-
-  {
-    int idx = choose_array_element_by_weight(bandwidths,
-                                             smartlist_len(sl));
-    tor_free(bandwidths);
-    tor_free(fast_bits);
-    tor_free(exit_bits);
-    tor_free(guard_bits);
-    return idx < 0 ? NULL : smartlist_get(sl, idx);
-  }
-}
-
 /** Choose a random element of status list <b>sl</b>, weighted by
  * the advertised bandwidth of each node */
 const node_t *
 node_sl_choose_by_bandwidth(const smartlist_t *sl,
                             bandwidth_weight_rule_t rule)
 { /*XXXX MOVE */
-  const node_t *ret;
-  if ((ret = smartlist_choose_node_by_bandwidth_weights(sl, rule))) {
-    return ret;
-  } else {
-    return smartlist_choose_node_by_bandwidth(sl, rule);
-  }
+  return smartlist_choose_node_by_bandwidth_weights(sl, rule);
 }
 
 /** Return a random running node from the nodelist. Never
@@ -2379,6 +2498,10 @@ node_sl_choose_by_bandwidth(const smartlist_t *sl,
  * If <b>CRN_NEED_DESC</b> is set in flags, we only consider nodes that
  * have a routerinfo or microdescriptor -- that is, enough info to be
  * used to build a circuit.
+ * If <b>CRN_PREF_ADDR</b> is set in flags, we only consider nodes that
+ * have an address that is preferred by the ClientPreferIPv6ORPort setting
+ * (regardless of this flag, we exclude nodes that aren't allowed by the
+ * firewall, including ClientUseIPv4 0 and fascist_firewall_use_ipv6() == 0).
  */
 const node_t *
 router_choose_random_node(smartlist_t *excludedsmartlist,
@@ -2391,6 +2514,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
   const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0;
   const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0;
   const int need_desc = (flags & CRN_NEED_DESC) != 0;
+  const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
+  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
 
   smartlist_t *sl=smartlist_new(),
     *excludednodes=smartlist_new();
@@ -2416,18 +2541,37 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
 
   router_add_running_nodes_to_smartlist(sl, allow_invalid,
                                         need_uptime, need_capacity,
-                                        need_guard, need_desc);
+                                        need_guard, need_desc, pref_addr,
+                                        direct_conn);
+  log_debug(LD_CIRC,
+           "We found %d running nodes.",
+            smartlist_len(sl));
+
   smartlist_subtract(sl,excludednodes);
-  if (excludedsmartlist)
+  log_debug(LD_CIRC,
+            "We removed %d excludednodes, leaving %d nodes.",
+            smartlist_len(excludednodes),
+            smartlist_len(sl));
+
+  if (excludedsmartlist) {
     smartlist_subtract(sl,excludedsmartlist);
-  if (excludedset)
+    log_debug(LD_CIRC,
+              "We removed %d excludedsmartlist, leaving %d nodes.",
+              smartlist_len(excludedsmartlist),
+              smartlist_len(sl));
+  }
+  if (excludedset) {
     routerset_subtract_nodes(sl,excludedset);
+    log_debug(LD_CIRC,
+              "We removed excludedset, leaving %d nodes.",
+              smartlist_len(sl));
+  }
 
   // Always weight by bandwidth
   choice = node_sl_choose_by_bandwidth(sl, rule);
 
   smartlist_free(sl);
-  if (!choice && (need_uptime || need_capacity || need_guard)) {
+  if (!choice && (need_uptime || need_capacity || need_guard || pref_addr)) {
     /* try once more -- recurse but with fewer restrictions. */
     log_info(LD_CIRC,
              "We couldn't find any live%s%s%s routers; falling back "
@@ -2435,7 +2579,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
              need_capacity?", fast":"",
              need_uptime?", stable":"",
              need_guard?", guard":"");
-    flags &= ~ (CRN_NEED_UPTIME|CRN_NEED_CAPACITY|CRN_NEED_GUARD);
+    flags &= ~ (CRN_NEED_UPTIME|CRN_NEED_CAPACITY|CRN_NEED_GUARD|
+                CRN_PREF_ADDR);
     choice = router_choose_random_node(
                      excludedsmartlist, excludedset, flags);
   }
@@ -2535,7 +2680,7 @@ router_is_named(const routerinfo_t *router)
 
 /** Return true iff <b>digest</b> is the digest of the identity key of a
  * trusted directory matching at least one bit of <b>type</b>.  If <b>type</b>
- * is zero, any authority is okay. */
+ * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
 int
 router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type)
 {
@@ -2616,8 +2761,8 @@ router_get_by_descriptor_digest(const char *digest)
 /** Return the signed descriptor for the router in our routerlist whose
  * 20-byte extra-info digest is <b>digest</b>.  Return NULL if no such router
  * is known. */
-signed_descriptor_t *
-router_get_by_extrainfo_digest(const char *digest)
+MOCK_IMPL(signed_descriptor_t *,
+router_get_by_extrainfo_digest,(const char *digest))
 {
   tor_assert(digest);
 
@@ -2754,6 +2899,7 @@ routerinfo_free(routerinfo_t *router)
   tor_free(router->onion_curve25519_pkey);
   if (router->identity_pkey)
     crypto_pk_free(router->identity_pkey);
+  tor_cert_free(router->cache_info.signing_key_cert);
   if (router->declared_family) {
     SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
     smartlist_free(router->declared_family);
@@ -2772,6 +2918,7 @@ extrainfo_free(extrainfo_t *extrainfo)
 {
   if (!extrainfo)
     return;
+  tor_cert_free(extrainfo->cache_info.signing_key_cert);
   tor_free(extrainfo->cache_info.signed_descriptor_body);
   tor_free(extrainfo->pending_sig);
 
@@ -2787,11 +2934,25 @@ signed_descriptor_free(signed_descriptor_t *sd)
     return;
 
   tor_free(sd->signed_descriptor_body);
+  tor_cert_free(sd->signing_key_cert);
 
   memset(sd, 99, sizeof(signed_descriptor_t)); /* Debug bad mem usage */
   tor_free(sd);
 }
 
+/** Copy src into dest, and steal all references inside src so that when
+ * we free src, we don't mess up dest. */
+static void
+signed_descriptor_move(signed_descriptor_t *dest,
+                       signed_descriptor_t *src)
+{
+  tor_assert(dest != src);
+  memcpy(dest, src, sizeof(signed_descriptor_t));
+  src->signed_descriptor_body = NULL;
+  src->signing_key_cert = NULL;
+  dest->routerlist_index = -1;
+}
+
 /** Extract a signed_descriptor_t from a general routerinfo, and free the
  * routerinfo.
  */
@@ -2801,9 +2962,7 @@ signed_descriptor_from_routerinfo(routerinfo_t *ri)
   signed_descriptor_t *sd;
   tor_assert(ri->purpose == ROUTER_PURPOSE_GENERAL);
   sd = tor_malloc_zero(sizeof(signed_descriptor_t));
-  memcpy(sd, &(ri->cache_info), sizeof(signed_descriptor_t));
-  sd->routerlist_index = -1;
-  ri->cache_info.signed_descriptor_body = NULL;
+  signed_descriptor_move(sd, &ri->cache_info);
   routerinfo_free(ri);
   return sd;
 }
@@ -2873,7 +3032,7 @@ dump_routerlist_mem_usage(int severity)
  * in <b>sl</b> at position <b>idx</b>. Otherwise, search <b>sl</b> for
  * <b>ri</b>.  Return the index of <b>ri</b> in <b>sl</b>, or -1 if <b>ri</b>
  * is not in <b>sl</b>. */
-static INLINE int
+static inline int
 routerlist_find_elt_(smartlist_t *sl, void *ri, int idx)
 {
   if (idx < 0) {
@@ -2938,17 +3097,19 @@ routerlist_insert(routerlist_t *rl, routerinfo_t *ri)
 }
 
 /** Adds the extrainfo_t <b>ei</b> to the routerlist <b>rl</b>, if there is a
- * corresponding router in rl-\>routers or rl-\>old_routers.  Return true iff
- * we actually inserted <b>ei</b>.  Free <b>ei</b> if it isn't inserted. */
-static int
-extrainfo_insert(routerlist_t *rl, extrainfo_t *ei)
+ * corresponding router in rl-\>routers or rl-\>old_routers.  Return the status
+ * of inserting <b>ei</b>.  Free <b>ei</b> if it isn't inserted. */
+MOCK_IMPL(STATIC was_router_added_t,
+extrainfo_insert,(routerlist_t *rl, extrainfo_t *ei, int warn_if_incompatible))
 {
-  int r = 0;
+  was_router_added_t r;
+  const char *compatibility_error_msg;
   routerinfo_t *ri = rimap_get(rl->identity_map,
                                ei->cache_info.identity_digest);
   signed_descriptor_t *sd =
     sdmap_get(rl->desc_by_eid_map, ei->cache_info.signed_descriptor_digest);
   extrainfo_t *ei_tmp;
+  const int severity = warn_if_incompatible ? LOG_WARN : LOG_INFO;
 
   {
     extrainfo_t *ei_generated = router_get_my_extrainfo();
@@ -2957,9 +3118,41 @@ extrainfo_insert(routerlist_t *rl, extrainfo_t *ei)
 
   if (!ri) {
     /* This router is unknown; we can't even verify the signature. Give up.*/
+    r = ROUTER_NOT_IN_CONSENSUS;
+    goto done;
+  }
+  if (! sd) {
+    /* The extrainfo router doesn't have a known routerdesc to attach it to.
+     * This just won't work. */;
+    static ratelim_t no_sd_ratelim = RATELIM_INIT(1800);
+    r = ROUTER_BAD_EI;
+    log_fn_ratelim(&no_sd_ratelim, severity, LD_BUG,
+                   "No entry found in extrainfo map.");
+    goto done;
+  }
+  if (tor_memneq(ei->cache_info.signed_descriptor_digest,
+                 sd->extra_info_digest, DIGEST_LEN)) {
+    static ratelim_t digest_mismatch_ratelim = RATELIM_INIT(1800);
+    /* The sd we got from the map doesn't match the digest we used to look
+     * it up. This makes no sense. */
+    r = ROUTER_BAD_EI;
+    log_fn_ratelim(&digest_mismatch_ratelim, severity, LD_BUG,
+                     "Mismatch in digest in extrainfo map.");
     goto done;
   }
-  if (routerinfo_incompatible_with_extrainfo(ri, ei, sd, NULL)) {
+  if (routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei, sd,
+                                             &compatibility_error_msg)) {
+    char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
+    r = (ri->cache_info.extrainfo_is_bogus) ?
+      ROUTER_BAD_EI : ROUTER_NOT_IN_CONSENSUS;
+
+    base16_encode(d1, sizeof(d1), ri->cache_info.identity_digest, DIGEST_LEN);
+    base16_encode(d2, sizeof(d2), ei->cache_info.identity_digest, DIGEST_LEN);
+
+    log_fn(severity,LD_DIR,
+           "router info incompatible with extra info (ri id: %s, ei id %s, "
+           "reason: %s)", d1, d2, compatibility_error_msg);
+
     goto done;
   }
 
@@ -2969,7 +3162,7 @@ extrainfo_insert(routerlist_t *rl, extrainfo_t *ei)
   ei_tmp = eimap_set(rl->extra_info_map,
                      ei->cache_info.signed_descriptor_digest,
                      ei);
-  r = 1;
+  r = ROUTER_ADDED_SUCCESSFULLY;
   if (ei_tmp) {
     rl->extrainfo_store.bytes_dropped +=
       ei_tmp->cache_info.signed_descriptor_len;
@@ -2977,7 +3170,7 @@ extrainfo_insert(routerlist_t *rl, extrainfo_t *ei)
   }
 
  done:
-  if (r == 0)
+  if (r != ROUTER_ADDED_SUCCESSFULLY)
     extrainfo_free(ei);
 
 #ifdef DEBUG_ROUTERLIST
@@ -3252,19 +3445,21 @@ routerlist_reparse_old(routerlist_t *rl, signed_descriptor_t *sd)
 
   ri = router_parse_entry_from_string(body,
                          body+sd->signed_descriptor_len+sd->annotations_len,
-                         0, 1, NULL);
+                         0, 1, NULL, NULL);
   if (!ri)
     return NULL;
-  memcpy(&ri->cache_info, sd, sizeof(signed_descriptor_t));
-  sd->signed_descriptor_body = NULL; /* Steal reference. */
-  ri->cache_info.routerlist_index = -1;
+  signed_descriptor_move(&ri->cache_info, sd);
 
   routerlist_remove_old(rl, sd, -1);
 
   return ri;
 }
 
-/** Free all memory held by the routerlist module. */
+/** Free all memory held by the routerlist module.
+ * Note: Calling routerlist_free_all() should always be paired with
+ * a call to nodelist_free_all(). These should only be called during
+ * cleanup.
+ */
 void
 routerlist_free_all(void)
 {
@@ -3298,6 +3493,14 @@ routerlist_reset_warnings(void)
   networkstatus_reset_warnings();
 }
 
+/** Return 1 if the signed descriptor of this router is older than
+ *  <b>seconds</b> seconds.  Otherwise return 0. */
+MOCK_IMPL(int,
+router_descriptor_is_older_than,(const routerinfo_t *router, int seconds))
+{
+  return router->cache_info.published_on < approx_time() - seconds;
+}
+
 /** Add <b>router</b> to the routerlist, if we don't already have it.  Replace
  * older entries (if any) with the same key.  Note: Callers should not hold
  * their pointers to <b>router</b> if this function fails; <b>router</b>
@@ -3340,6 +3543,13 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
 
   old_router = router_get_mutable_by_digest(id_digest);
 
+  /* Make sure that it isn't expired. */
+  if (router->cert_expiration_time < approx_time()) {
+    routerinfo_free(router);
+    *msg = "Some certs on this router are expired.";
+    return ROUTER_CERTS_EXPIRED;
+  }
+
   /* Make sure that we haven't already got this exact descriptor. */
   if (sdmap_get(routerlist->desc_digest_map,
                 router->cache_info.signed_descriptor_digest)) {
@@ -3364,7 +3574,7 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
                router_describe(router));
       *msg = "Router descriptor was not new.";
       routerinfo_free(router);
-      return ROUTER_WAS_NOT_NEW;
+      return ROUTER_IS_ALREADY_KNOWN;
     }
   }
 
@@ -3449,7 +3659,7 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
                                       &routerlist->desc_store);
       routerlist_insert_old(routerlist, router);
       *msg = "Router descriptor was not new.";
-      return ROUTER_WAS_NOT_NEW;
+      return ROUTER_IS_ALREADY_KNOWN;
     } else {
       /* Same key, and either new, or listed in the consensus. */
       log_debug(LD_DIR, "Replacing entry for router %s",
@@ -3467,10 +3677,10 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
   }
 
   if (!in_consensus && from_cache &&
-      router->cache_info.published_on < time(NULL) - OLD_ROUTER_DESC_MAX_AGE) {
+      router_descriptor_is_older_than(router, OLD_ROUTER_DESC_MAX_AGE)) {
     *msg = "Router descriptor was really old.";
     routerinfo_free(router);
-    return ROUTER_WAS_NOT_NEW;
+    return ROUTER_WAS_TOO_OLD;
   }
 
   /* We haven't seen a router with this identity before. Add it to the end of
@@ -3491,21 +3701,18 @@ was_router_added_t
 router_add_extrainfo_to_routerlist(extrainfo_t *ei, const char **msg,
                                    int from_cache, int from_fetch)
 {
-  int inserted;
+  was_router_added_t inserted;
   (void)from_fetch;
   if (msg) *msg = NULL;
   /*XXXX023 Do something with msg */
 
-  inserted = extrainfo_insert(router_get_routerlist(), ei);
+  inserted = extrainfo_insert(router_get_routerlist(), ei, !from_cache);
 
-  if (inserted && !from_cache)
+  if (WRA_WAS_ADDED(inserted) && !from_cache)
     signed_desc_append_to_journal(&ei->cache_info,
                                   &routerlist->extrainfo_store);
 
-  if (inserted)
-    return ROUTER_ADDED_SUCCESSFULLY;
-  else
-    return ROUTER_BAD_EI;
+  return inserted;
 }
 
 /** Sorting helper: return &lt;0, 0, or &gt;0 depending on whether the
@@ -3575,9 +3782,9 @@ routerlist_remove_old_cached_routers_with_id(time_t now,
     n_extra = n - mdpr;
   }
 
-  lifespans = tor_malloc_zero(sizeof(struct duration_idx_t)*n);
-  rmv = tor_malloc_zero(sizeof(uint8_t)*n);
-  must_keep = tor_malloc_zero(sizeof(uint8_t)*n);
+  lifespans = tor_calloc(n, sizeof(struct duration_idx_t));
+  rmv = tor_calloc(n, sizeof(uint8_t));
+  must_keep = tor_calloc(n, sizeof(uint8_t));
   /* Set lifespans to contain the lifespan and index of each server. */
   /* Set rmv[i-lo]=1 if we're going to remove a server for being too old. */
   for (i = lo; i <= hi; ++i) {
@@ -3800,7 +4007,8 @@ router_load_single_router(const char *s, uint8_t purpose, int cache,
                "@source controller\n"
                "@purpose %s\n", router_purpose_to_string(purpose));
 
-  if (!(ri = router_parse_entry_from_string(s, NULL, 1, 0, annotation_buf))) {
+  if (!(ri = router_parse_entry_from_string(s, NULL, 1, 0,
+                                            annotation_buf, NULL))) {
     log_warn(LD_DIR, "Error parsing router descriptor; dropping.");
     *msg = "Couldn't parse router descriptor.";
     return -1;
@@ -3864,9 +4072,11 @@ router_load_routers_from_string(const char *s, const char *eos,
   int from_cache = (saved_location != SAVED_NOWHERE);
   int allow_annotations = (saved_location != SAVED_NOWHERE);
   int any_changed = 0;
+  smartlist_t *invalid_digests = smartlist_new();
 
   router_parse_list_from_string(&s, eos, routers, saved_location, 0,
-                                allow_annotations, prepend_annotations);
+                                allow_annotations, prepend_annotations,
+                                invalid_digests);
 
   routers_update_status_from_consensus_networkstatus(routers, !from_cache);
 
@@ -3902,7 +4112,7 @@ router_load_routers_from_string(const char *s, const char *eos,
       smartlist_add(changed, ri);
       routerlist_descriptors_added(changed, from_cache);
       smartlist_clear(changed);
-    } else if (WRA_WAS_REJECTED(r)) {
+    } else if (WRA_NEVER_DOWNLOADABLE(r)) {
       download_status_t *dl_status;
       dl_status = router_get_dl_status_by_descriptor_digest(d);
       if (dl_status) {
@@ -3913,6 +4123,27 @@ router_load_routers_from_string(const char *s, const char *eos,
     }
   } SMARTLIST_FOREACH_END(ri);
 
+  SMARTLIST_FOREACH_BEGIN(invalid_digests, const uint8_t *, bad_digest) {
+    /* This digest is never going to be parseable. */
+    base16_encode(fp, sizeof(fp), (char*)bad_digest, DIGEST_LEN);
+    if (requested_fingerprints && descriptor_digests) {
+      if (! smartlist_contains_string(requested_fingerprints, fp)) {
+        /* But we didn't ask for it, so we should assume shennanegans. */
+        continue;
+      }
+      smartlist_string_remove(requested_fingerprints, fp);
+    }
+    download_status_t *dls;
+    dls = router_get_dl_status_by_descriptor_digest((char*)bad_digest);
+    if (dls) {
+      log_info(LD_GENERAL, "Marking router with descriptor %s as unparseable, "
+               "and therefore undownloadable", fp);
+      download_status_mark_impossible(dls);
+    }
+  } SMARTLIST_FOREACH_END(bad_digest);
+  SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
+  smartlist_free(invalid_digests);
+
   routerlist_assert_ok(routerlist);
 
   if (any_changed)
@@ -3936,13 +4167,16 @@ router_load_extrainfo_from_string(const char *s, const char *eos,
   smartlist_t *extrainfo_list = smartlist_new();
   const char *msg;
   int from_cache = (saved_location != SAVED_NOWHERE);
+  smartlist_t *invalid_digests = smartlist_new();
 
   router_parse_list_from_string(&s, eos, extrainfo_list, saved_location, 1, 0,
-                                NULL);
+                                NULL, invalid_digests);
 
   log_info(LD_DIR, "%d elements to add", smartlist_len(extrainfo_list));
 
   SMARTLIST_FOREACH_BEGIN(extrainfo_list, extrainfo_t *, ei) {
+      uint8_t d[DIGEST_LEN];
+      memcpy(d, ei->cache_info.signed_descriptor_digest, DIGEST_LEN);
       was_router_added_t added =
         router_add_extrainfo_to_routerlist(ei, &msg, from_cache, !from_cache);
       if (WRA_WAS_ADDED(added) && requested_fingerprints) {
@@ -3956,9 +4190,39 @@ router_load_extrainfo_from_string(const char *s, const char *eos,
          * so long as we would have wanted them anyway.  Since we always fetch
          * all the extrainfos we want, and we never actually act on them
          * inside Tor, this should be harmless. */
+      } else if (WRA_NEVER_DOWNLOADABLE(added)) {
+        signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d);
+        if (sd) {
+          log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
+                   "unparseable, and therefore undownloadable",
+                   hex_str((char*)d,DIGEST_LEN));
+          download_status_mark_impossible(&sd->ei_dl_status);
+        }
       }
   } SMARTLIST_FOREACH_END(ei);
 
+  SMARTLIST_FOREACH_BEGIN(invalid_digests, const uint8_t *, bad_digest) {
+    /* This digest is never going to be parseable. */
+    char fp[HEX_DIGEST_LEN+1];
+    base16_encode(fp, sizeof(fp), (char*)bad_digest, DIGEST_LEN);
+    if (requested_fingerprints) {
+      if (! smartlist_contains_string(requested_fingerprints, fp)) {
+        /* But we didn't ask for it, so we should assume shennanegans. */
+        continue;
+      }
+      smartlist_string_remove(requested_fingerprints, fp);
+    }
+    signed_descriptor_t *sd =
+      router_get_by_extrainfo_digest((char*)bad_digest);
+    if (sd) {
+      log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
+               "unparseable, and therefore undownloadable", fp);
+      download_status_mark_impossible(&sd->ei_dl_status);
+    }
+  } SMARTLIST_FOREACH_END(bad_digest);
+  SMARTLIST_FOREACH(invalid_digests, uint8_t *, d, tor_free(d));
+  smartlist_free(invalid_digests);
+
   routerlist_assert_ok(routerlist);
   router_rebuild_store(0, &router_get_routerlist()->extrainfo_store);
 
@@ -3999,12 +4263,10 @@ update_all_descriptor_downloads(time_t now)
 void
 routerlist_retry_directory_downloads(time_t now)
 {
+  (void)now;
   router_reset_status_download_failures();
   router_reset_descriptor_download_failures();
-  if (get_options()->DisableNetwork)
-    return;
-  update_networkstatus_downloads(now);
-  update_all_descriptor_downloads(now);
+  reschedule_directory_downloads();
 }
 
 /** Return true iff <b>router</b> does not permit exit streams.
@@ -4016,15 +4278,16 @@ router_exit_policy_rejects_all(const routerinfo_t *router)
 }
 
 /** Create an directory server at <b>address</b>:<b>port</b>, with OR identity
- * key <b>digest</b>.  If <b>address</b> is NULL, add ourself.  If
- * <b>is_authority</b>, this is a directory authority.  Return the new
- * directory server entry on success or NULL on failure. */
+ * key <b>digest</b> which has DIGEST_LEN bytes.  If <b>address</b> is NULL,
+ * add ourself.  If <b>is_authority</b>, this is a directory authority.  Return
+ * the new directory server entry on success or NULL on failure. */
 static dir_server_t *
 dir_server_new(int is_authority,
                const char *nickname,
                const tor_addr_t *addr,
                const char *hostname,
                uint16_t dir_port, uint16_t or_port,
+               const tor_addr_port_t *addrport_ipv6,
                const char *digest, const char *v3_auth_digest,
                dirinfo_type_t type,
                double weight)
@@ -4033,13 +4296,15 @@ dir_server_new(int is_authority,
   uint32_t a;
   char *hostname_ = NULL;
 
+  tor_assert(digest);
+
   if (weight < 0)
     return NULL;
 
   if (tor_addr_family(addr) == AF_INET)
     a = tor_addr_to_ipv4h(addr);
   else
-    return NULL; /*XXXX Support IPv6 */
+    return NULL;
 
   if (!hostname)
     hostname_ = tor_dup_addr(addr);
@@ -4056,18 +4321,31 @@ dir_server_new(int is_authority,
   ent->is_authority = is_authority;
   ent->type = type;
   ent->weight = weight;
+  if (addrport_ipv6) {
+    if (tor_addr_family(&addrport_ipv6->addr) != AF_INET6) {
+      log_warn(LD_BUG, "Hey, I got a non-ipv6 addr as addrport_ipv6.");
+      tor_addr_make_unspec(&ent->ipv6_addr);
+    } else {
+      tor_addr_copy(&ent->ipv6_addr, &addrport_ipv6->addr);
+      ent->ipv6_orport = addrport_ipv6->port;
+    }
+  } else {
+    tor_addr_make_unspec(&ent->ipv6_addr);
+  }
+
   memcpy(ent->digest, digest, DIGEST_LEN);
   if (v3_auth_digest && (type & V3_DIRINFO))
     memcpy(ent->v3_identity_digest, v3_auth_digest, DIGEST_LEN);
 
   if (nickname)
     tor_asprintf(&ent->description, "directory server \"%s\" at %s:%d",
-                 nickname, hostname, (int)dir_port);
+                 nickname, hostname_, (int)dir_port);
   else
     tor_asprintf(&ent->description, "directory server at %s:%d",
-                 hostname, (int)dir_port);
+                 hostname_, (int)dir_port);
 
   ent->fake_status.addr = ent->addr;
+  tor_addr_copy(&ent->fake_status.ipv6_addr, &ent->ipv6_addr);
   memcpy(ent->fake_status.identity_digest, digest, DIGEST_LEN);
   if (nickname)
     strlcpy(ent->fake_status.nickname, nickname,
@@ -4076,6 +4354,7 @@ dir_server_new(int is_authority,
     ent->fake_status.nickname[0] = '\0';
   ent->fake_status.dir_port = ent->dir_port;
   ent->fake_status.or_port = ent->or_port;
+  ent->fake_status.ipv6_orport = ent->ipv6_orport;
 
   return ent;
 }
@@ -4087,6 +4366,7 @@ dir_server_new(int is_authority,
 dir_server_t *
 trusted_dir_server_new(const char *nickname, const char *address,
                        uint16_t dir_port, uint16_t or_port,
+                       const tor_addr_port_t *ipv6_addrport,
                        const char *digest, const char *v3_auth_digest,
                        dirinfo_type_t type, double weight)
 {
@@ -4117,7 +4397,9 @@ trusted_dir_server_new(const char *nickname, const char *address,
   tor_addr_from_ipv4h(&addr, a);
 
   result = dir_server_new(1, nickname, &addr, hostname,
-                          dir_port, or_port, digest,
+                          dir_port, or_port,
+                          ipv6_addrport,
+                          digest,
                           v3_auth_digest, type, weight);
   tor_free(hostname);
   return result;
@@ -4129,9 +4411,12 @@ trusted_dir_server_new(const char *nickname, const char *address,
 dir_server_t *
 fallback_dir_server_new(const tor_addr_t *addr,
                         uint16_t dir_port, uint16_t or_port,
+                        const tor_addr_port_t *addrport_ipv6,
                         const char *id_digest, double weight)
 {
-  return dir_server_new(0, NULL, addr, NULL, dir_port, or_port, id_digest,
+  return dir_server_new(0, NULL, addr, NULL, dir_port, or_port,
+                        addrport_ipv6,
+                        id_digest,
                         NULL, ALL_DIRINFO, weight);
 }
 
@@ -4200,11 +4485,11 @@ clear_dir_servers(void)
 /** For every current directory connection whose purpose is <b>purpose</b>,
  * and where the resource being downloaded begins with <b>prefix</b>, split
  * rest of the resource into base16 fingerprints (or base64 fingerprints if
- * purpose==DIR_PURPPOSE_FETCH_MICRODESC), decode them, and set the
+ * purpose==DIR_PURPOSE_FETCH_MICRODESC), decode them, and set the
  * corresponding elements of <b>result</b> to a nonzero value.
  */
 static void
-list_pending_downloads(digestmap_t *result,
+list_pending_downloads(digestmap_t *result, digest256map_t *result256,
                        int purpose, const char *prefix)
 {
   const size_t p_len = strlen(prefix);
@@ -4214,7 +4499,7 @@ list_pending_downloads(digestmap_t *result,
   if (purpose == DIR_PURPOSE_FETCH_MICRODESC)
     flags = DSR_DIGEST256|DSR_BASE64;
 
-  tor_assert(result);
+  tor_assert(result || result256);
 
   SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
     if (conn->type == CONN_TYPE_DIR &&
@@ -4227,11 +4512,19 @@ list_pending_downloads(digestmap_t *result,
     }
   } SMARTLIST_FOREACH_END(conn);
 
-  SMARTLIST_FOREACH(tmp, char *, d,
+  if (result) {
+    SMARTLIST_FOREACH(tmp, char *, d,
                     {
                       digestmap_set(result, d, (void*)1);
                       tor_free(d);
                     });
+  } else if (result256) {
+    SMARTLIST_FOREACH(tmp, uint8_t *, d,
+                    {
+                      digest256map_set(result256, d, (void*)1);
+                      tor_free(d);
+                    });
+  }
   smartlist_free(tmp);
 }
 
@@ -4243,20 +4536,16 @@ list_pending_descriptor_downloads(digestmap_t *result, int extrainfo)
 {
   int purpose =
     extrainfo ? DIR_PURPOSE_FETCH_EXTRAINFO : DIR_PURPOSE_FETCH_SERVERDESC;
-  list_pending_downloads(result, purpose, "d/");
+  list_pending_downloads(result, NULL, purpose, "d/");
 }
 
 /** For every microdescriptor we are currently downloading by descriptor
- * digest, set result[d] to (void*)1.   (Note that microdescriptor digests
- * are 256-bit, and digestmap_t only holds 160-bit digests, so we're only
- * getting the first 20 bytes of each digest here.)
- *
- * XXXX Let there be a digestmap256_t, and use that instead.
+ * digest, set result[d] to (void*)1.
  */
 void
-list_pending_microdesc_downloads(digestmap_t *result)
+list_pending_microdesc_downloads(digest256map_t *result)
 {
-  list_pending_downloads(result, DIR_PURPOSE_FETCH_MICRODESC, "d/");
+  list_pending_downloads(NULL, result, DIR_PURPOSE_FETCH_MICRODESC, "d/");
 }
 
 /** For every certificate we are currently downloading by (identity digest,
@@ -4299,73 +4588,100 @@ list_pending_fpsk_downloads(fp_pair_map_t *result)
  * range.)  If <b>source</b> is given, download from <b>source</b>;
  * otherwise, download from an appropriate random directory server.
  */
-static void
-initiate_descriptor_downloads(const routerstatus_t *source,
-                              int purpose,
-                              smartlist_t *digests,
-                              int lo, int hi, int pds_flags)
+MOCK_IMPL(STATIC void, initiate_descriptor_downloads,
+          (const routerstatus_t *source, int purpose, smartlist_t *digests,
+           int lo, int hi, int pds_flags))
 {
-  int i, n = hi-lo;
   char *resource, *cp;
-  size_t r_len;
-
-  int digest_len = DIGEST_LEN, enc_digest_len = HEX_DIGEST_LEN;
-  char sep = '+';
-  int b64_256 = 0;
+  int digest_len, enc_digest_len;
+  const char *sep;
+  int b64_256;
+  smartlist_t *tmp;
 
   if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
     /* Microdescriptors are downloaded by "-"-separated base64-encoded
      * 256-bit digests. */
     digest_len = DIGEST256_LEN;
-    enc_digest_len = BASE64_DIGEST256_LEN;
-    sep = '-';
+    enc_digest_len = BASE64_DIGEST256_LEN + 1;
+    sep = "-";
     b64_256 = 1;
+  } else {
+    digest_len = DIGEST_LEN;
+    enc_digest_len = HEX_DIGEST_LEN + 1;
+    sep = "+";
+    b64_256 = 0;
   }
 
-  if (n <= 0)
-    return;
   if (lo < 0)
     lo = 0;
   if (hi > smartlist_len(digests))
     hi = smartlist_len(digests);
 
-  r_len = 8 + (enc_digest_len+1)*n;
-  cp = resource = tor_malloc(r_len);
-  memcpy(cp, "d/", 2);
-  cp += 2;
-  for (i = lo; i < hi; ++i) {
+  if (hi-lo <= 0)
+    return;
+
+  tmp = smartlist_new();
+
+  for (; lo < hi; ++lo) {
+    cp = tor_malloc(enc_digest_len);
     if (b64_256) {
-      digest256_to_base64(cp, smartlist_get(digests, i));
+      digest256_to_base64(cp, smartlist_get(digests, lo));
     } else {
-      base16_encode(cp, r_len-(cp-resource),
-                    smartlist_get(digests,i), digest_len);
+      base16_encode(cp, enc_digest_len, smartlist_get(digests, lo),
+                    digest_len);
     }
-    cp += enc_digest_len;
-    *cp++ = sep;
+    smartlist_add(tmp, cp);
   }
-  memcpy(cp-1, ".z", 3);
+
+  cp = smartlist_join_strings(tmp, sep, 0, NULL);
+  tor_asprintf(&resource, "d/%s.z", cp);
+
+  SMARTLIST_FOREACH(tmp, char *, cp1, tor_free(cp1));
+  smartlist_free(tmp);
+  tor_free(cp);
 
   if (source) {
-    /* We know which authority we want. */
+    /* We know which authority or directory mirror we want. */
     directory_initiate_command_routerstatus(source, purpose,
                                             ROUTER_PURPOSE_GENERAL,
                                             DIRIND_ONEHOP,
                                             resource, NULL, 0, 0);
   } else {
     directory_get_from_dirserver(purpose, ROUTER_PURPOSE_GENERAL, resource,
-                                 pds_flags);
+                                 pds_flags, DL_WANT_ANY_DIRSERVER);
   }
   tor_free(resource);
 }
 
-/** Max amount of hashes to download per request.
- * Since squid does not like URLs >= 4096 bytes we limit it to 96.
- *   4096 - strlen(http://255.255.255.255/tor/server/d/.z) == 4058
- *   4058/41 (40 for the hash and 1 for the + that separates them) => 98
- *   So use 96 because it's a nice number.
+/** Return the max number of hashes to put in a URL for a given request.
  */
-#define MAX_DL_PER_REQUEST 96
-#define MAX_MICRODESC_DL_PER_REQUEST 92
+static int
+max_dl_per_request(const or_options_t *options, int purpose)
+{
+  /* Since squid does not like URLs >= 4096 bytes we limit it to 96.
+   *   4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
+   *                 /tor/server/d/.z) == 4026
+   *   4026/41 (40 for the hash and 1 for the + that separates them) => 98
+   *   So use 96 because it's a nice number.
+   *
+   * For microdescriptors, the calculation is
+   *   4096 - strlen(http://[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535
+   *                 /tor/micro/d/.z) == 4027
+   *   4027/44 (43 for the hash and 1 for the - that separates them) => 91
+   *   So use 90 because it's a nice number.
+   */
+  int max = 96;
+  if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
+    max = 90;
+  }
+  /* If we're going to tunnel our connections, we can ask for a lot more
+   * in a request. */
+  if (directory_must_use_begindir(options)) {
+    max = 500;
+  }
+  return max;
+}
+
 /** Don't split our requests so finely that we are requesting fewer than
  * this number per server. */
 #define MIN_DL_PER_REQUEST 4
@@ -4387,92 +4703,89 @@ launch_descriptor_downloads(int purpose,
                             smartlist_t *downloadable,
                             const routerstatus_t *source, time_t now)
 {
-  int should_delay = 0, n_downloadable;
   const or_options_t *options = get_options();
   const char *descname;
+  const int fetch_microdesc = (purpose == DIR_PURPOSE_FETCH_MICRODESC);
+  int n_downloadable = smartlist_len(downloadable);
 
-  tor_assert(purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
-             purpose == DIR_PURPOSE_FETCH_MICRODESC);
+  int i, n_per_request, max_dl_per_req;
+  const char *req_plural = "", *rtr_plural = "";
+  int pds_flags = PDS_RETRY_IF_NO_SERVERS;
 
-  descname = (purpose == DIR_PURPOSE_FETCH_SERVERDESC) ?
-    "routerdesc" : "microdesc";
+  tor_assert(fetch_microdesc || purpose == DIR_PURPOSE_FETCH_SERVERDESC);
+  descname = fetch_microdesc ? "microdesc" : "routerdesc";
+
+  if (!n_downloadable)
+    return;
 
-  n_downloadable = smartlist_len(downloadable);
   if (!directory_fetches_dir_info_early(options)) {
     if (n_downloadable >= MAX_DL_TO_DELAY) {
       log_debug(LD_DIR,
                 "There are enough downloadable %ss to launch requests.",
                 descname);
-      should_delay = 0;
     } else {
-      should_delay = (last_descriptor_download_attempted +
-                      options->TestingClientMaxIntervalWithoutRequest) > now;
-      if (!should_delay && n_downloadable) {
-        if (last_descriptor_download_attempted) {
-          log_info(LD_DIR,
-                   "There are not many downloadable %ss, but we've "
-                   "been waiting long enough (%d seconds). Downloading.",
-                   descname,
-                   (int)(now-last_descriptor_download_attempted));
-        } else {
-          log_info(LD_DIR,
-                   "There are not many downloadable %ss, but we haven't "
-                   "tried downloading descriptors recently. Downloading.",
-                   descname);
-        }
+
+      /* should delay */
+      if ((last_descriptor_download_attempted +
+          options->TestingClientMaxIntervalWithoutRequest) > now)
+        return;
+
+      if (last_descriptor_download_attempted) {
+        log_info(LD_DIR,
+                 "There are not many downloadable %ss, but we've "
+                 "been waiting long enough (%d seconds). Downloading.",
+                 descname,
+                 (int)(now-last_descriptor_download_attempted));
+      } else {
+        log_info(LD_DIR,
+                 "There are not many downloadable %ss, but we haven't "
+                 "tried downloading descriptors recently. Downloading.",
+                 descname);
       }
     }
   }
 
-  if (! should_delay && n_downloadable) {
-    int i, n_per_request;
-    const char *req_plural = "", *rtr_plural = "";
-    int pds_flags = PDS_RETRY_IF_NO_SERVERS;
-    if (! authdir_mode_any_nonhidserv(options)) {
-      /* If we wind up going to the authorities, we want to only open one
-       * connection to each authority at a time, so that we don't overload
-       * them.  We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
-       * regardless of whether we're a cache or not; it gets ignored if we're
-       * not calling router_pick_trusteddirserver.
-       *
-       * Setting this flag can make initiate_descriptor_downloads() ignore
-       * requests.  We need to make sure that we do in fact call
-       * update_router_descriptor_downloads() later on, once the connections
-       * have succeeded or failed.
-       */
-      pds_flags |= (purpose == DIR_PURPOSE_FETCH_MICRODESC) ?
-        PDS_NO_EXISTING_MICRODESC_FETCH :
-        PDS_NO_EXISTING_SERVERDESC_FETCH;
-    }
+  if (!authdir_mode_any_nonhidserv(options)) {
+    /* If we wind up going to the authorities, we want to only open one
+     * connection to each authority at a time, so that we don't overload
+     * them.  We do this by setting PDS_NO_EXISTING_SERVERDESC_FETCH
+     * regardless of whether we're a cache or not.
+     *
+     * Setting this flag can make initiate_descriptor_downloads() ignore
+     * requests.  We need to make sure that we do in fact call
+     * update_router_descriptor_downloads() later on, once the connections
+     * have succeeded or failed.
+     */
+    pds_flags |= fetch_microdesc ?
+      PDS_NO_EXISTING_MICRODESC_FETCH :
+      PDS_NO_EXISTING_SERVERDESC_FETCH;
+  }
 
-    n_per_request = CEIL_DIV(n_downloadable, MIN_REQUESTS);
-    if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
-      if (n_per_request > MAX_MICRODESC_DL_PER_REQUEST)
-        n_per_request = MAX_MICRODESC_DL_PER_REQUEST;
-    } else {
-      if (n_per_request > MAX_DL_PER_REQUEST)
-        n_per_request = MAX_DL_PER_REQUEST;
-    }
-    if (n_per_request < MIN_DL_PER_REQUEST)
-      n_per_request = MIN_DL_PER_REQUEST;
-
-    if (n_downloadable > n_per_request)
-      req_plural = rtr_plural = "s";
-    else if (n_downloadable > 1)
-      rtr_plural = "s";
-
-    log_info(LD_DIR,
-             "Launching %d request%s for %d %s%s, %d at a time",
-             CEIL_DIV(n_downloadable, n_per_request), req_plural,
-             n_downloadable, descname, rtr_plural, n_per_request);
-    smartlist_sort_digests(downloadable);
-    for (i=0; i < n_downloadable; i += n_per_request) {
-      initiate_descriptor_downloads(source, purpose,
-                                    downloadable, i, i+n_per_request,
-                                    pds_flags);
-    }
-    last_descriptor_download_attempted = now;
+  n_per_request = CEIL_DIV(n_downloadable, MIN_REQUESTS);
+  max_dl_per_req = max_dl_per_request(options, purpose);
+
+  if (n_per_request > max_dl_per_req)
+    n_per_request = max_dl_per_req;
+
+  if (n_per_request < MIN_DL_PER_REQUEST)
+    n_per_request = MIN_DL_PER_REQUEST;
+
+  if (n_downloadable > n_per_request)
+    req_plural = rtr_plural = "s";
+  else if (n_downloadable > 1)
+    rtr_plural = "s";
+
+  log_info(LD_DIR,
+           "Launching %d request%s for %d %s%s, %d at a time",
+           CEIL_DIV(n_downloadable, n_per_request), req_plural,
+           n_downloadable, descname, rtr_plural, n_per_request);
+  smartlist_sort_digests(downloadable);
+  for (i=0; i < n_downloadable; i += n_per_request) {
+    initiate_descriptor_downloads(source, purpose,
+                                  downloadable, i, i+n_per_request,
+                                  pds_flags);
   }
+  last_descriptor_download_attempted = now;
 }
 
 /** For any descriptor that we want that's currently listed in
@@ -4624,9 +4937,14 @@ launch_dummy_descriptor_download_as_needed(time_t now,
       last_descriptor_download_attempted + DUMMY_DOWNLOAD_INTERVAL < now &&
       last_dummy_download + DUMMY_DOWNLOAD_INTERVAL < now) {
     last_dummy_download = now;
+    /* XX/teor - do we want an authority here, because they are less likely
+     * to give us the wrong address? (See #17782)
+     * I'm leaving the previous behaviour intact, because I don't like
+     * the idea of some relays contacting an authority every 20 minutes. */
     directory_get_from_dirserver(DIR_PURPOSE_FETCH_SERVERDESC,
                                  ROUTER_PURPOSE_GENERAL, "authority.z",
-                                 PDS_RETRY_IF_NO_SERVERS);
+                                 PDS_RETRY_IF_NO_SERVERS,
+                                 DL_WANT_ANY_DIRSERVER);
   }
 }
 
@@ -4652,8 +4970,8 @@ update_extrainfo_downloads(time_t now)
   routerlist_t *rl;
   smartlist_t *wanted;
   digestmap_t *pending;
-  int old_routers, i;
-  int n_no_ei = 0, n_pending = 0, n_have = 0, n_delay = 0;
+  int old_routers, i, max_dl_per_req;
+  int n_no_ei = 0, n_pending = 0, n_have = 0, n_delay = 0, n_bogus[2] = {0,0};
   if (! options->DownloadExtraInfo)
     return;
   if (should_delay_dir_fetches(options, NULL))
@@ -4698,19 +5016,54 @@ update_extrainfo_downloads(time_t now)
         ++n_pending;
         continue;
       }
+
+      const signed_descriptor_t *sd2 = router_get_by_extrainfo_digest(d);
+      if (sd2 != sd) {
+        if (sd2 != NULL) {
+          char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
+          char d3[HEX_DIGEST_LEN+1], d4[HEX_DIGEST_LEN+1];
+          base16_encode(d1, sizeof(d1), sd->identity_digest, DIGEST_LEN);
+          base16_encode(d2, sizeof(d2), sd2->identity_digest, DIGEST_LEN);
+          base16_encode(d3, sizeof(d3), d, DIGEST_LEN);
+          base16_encode(d4, sizeof(d3), sd2->extra_info_digest, DIGEST_LEN);
+
+          log_info(LD_DIR, "Found an entry in %s with mismatched "
+                   "router_get_by_extrainfo_digest() value. This has ID %s "
+                   "but the entry in the map has ID %s. This has EI digest "
+                   "%s and the entry in the map has EI digest %s.",
+                   old_routers?"old_routers":"routers",
+                   d1, d2, d3, d4);
+        } else {
+          char d1[HEX_DIGEST_LEN+1], d2[HEX_DIGEST_LEN+1];
+          base16_encode(d1, sizeof(d1), sd->identity_digest, DIGEST_LEN);
+          base16_encode(d2, sizeof(d2), d, DIGEST_LEN);
+
+          log_info(LD_DIR, "Found an entry in %s with NULL "
+                   "router_get_by_extrainfo_digest() value. This has ID %s "
+                   "and EI digest %s.",
+                   old_routers?"old_routers":"routers",
+                   d1, d2);
+        }
+        ++n_bogus[old_routers];
+        continue;
+      }
       smartlist_add(wanted, d);
     }
   }
   digestmap_free(pending, NULL);
 
   log_info(LD_DIR, "Extrainfo download status: %d router with no ei, %d "
-           "with present ei, %d delaying, %d pending, %d downloadable.",
-           n_no_ei, n_have, n_delay, n_pending, smartlist_len(wanted));
+           "with present ei, %d delaying, %d pending, %d downloadable, %d "
+           "bogus in routers, %d bogus in old_routers",
+           n_no_ei, n_have, n_delay, n_pending, smartlist_len(wanted),
+           n_bogus[0], n_bogus[1]);
 
   smartlist_shuffle(wanted);
-  for (i = 0; i < smartlist_len(wanted); i += MAX_DL_PER_REQUEST) {
+
+  max_dl_per_req = max_dl_per_request(options, DIR_PURPOSE_FETCH_EXTRAINFO);
+  for (i = 0; i < smartlist_len(wanted); i += max_dl_per_req) {
     initiate_descriptor_downloads(NULL, DIR_PURPOSE_FETCH_EXTRAINFO,
-                                  wanted, i, i + MAX_DL_PER_REQUEST,
+                                  wanted, i, i+max_dl_per_req,
                 PDS_RETRY_IF_NO_SERVERS|PDS_NO_EXISTING_SERVERDESC_FETCH);
   }
 
@@ -4777,7 +5130,9 @@ router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2)
       (r1->contact_info && r2->contact_info &&
        strcasecmp(r1->contact_info, r2->contact_info)) ||
       r1->is_hibernating != r2->is_hibernating ||
-      cmp_addr_policies(r1->exit_policy, r2->exit_policy))
+      cmp_addr_policies(r1->exit_policy, r2->exit_policy) ||
+      (r1->supports_tunnelled_dir_requests !=
+       r2->supports_tunnelled_dir_requests))
     return 0;
   if ((r1->declared_family == NULL) != (r2->declared_family == NULL))
     return 0;
@@ -4822,25 +5177,32 @@ router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2)
   return 1;
 }
 
-/** Check whether <b>ri</b> (a.k.a. sd) is a router compatible with the
- * extrainfo document
- * <b>ei</b>.  If no router is compatible with <b>ei</b>, <b>ei</b> should be
+/** Check whether <b>sd</b> describes a router descriptor compatible with the
+ * extrainfo document <b>ei</b>.
+ *
+ * <b>identity_pkey</b> (which must also be provided) is RSA1024 identity key
+ * for the router. We use it to check the signature of the extrainfo document,
+ * if it has not already been checked.
+ *
+ * If no router is compatible with <b>ei</b>, <b>ei</b> should be
  * dropped.  Return 0 for "compatible", return 1 for "reject, and inform
  * whoever uploaded <b>ei</b>, and return -1 for "reject silently.".  If
  * <b>msg</b> is present, set *<b>msg</b> to a description of the
  * incompatibility (if any).
+ *
+ * Set the extrainfo_is_bogus field in <b>sd</b> if the digests matched
+ * but the extrainfo was nonetheless incompatible.
  **/
 int
-routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
+routerinfo_incompatible_with_extrainfo(const crypto_pk_t *identity_pkey,
                                        extrainfo_t *ei,
                                        signed_descriptor_t *sd,
                                        const char **msg)
 {
-  int digest_matches, r=1;
-  tor_assert(ri);
+  int digest_matches, digest256_matches, r=1;
+  tor_assert(identity_pkey);
+  tor_assert(sd);
   tor_assert(ei);
-  if (!sd)
-    sd = (signed_descriptor_t*)&ri->cache_info;
 
   if (ei->bad_sig) {
     if (msg) *msg = "Extrainfo signature was bad, or signed with wrong key.";
@@ -4849,19 +5211,31 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
 
   digest_matches = tor_memeq(ei->cache_info.signed_descriptor_digest,
                            sd->extra_info_digest, DIGEST_LEN);
+  /* Set digest256_matches to 1 if the digest is correct, or if no
+   * digest256 was in the ri. */
+  digest256_matches = tor_memeq(ei->digest256,
+                                sd->extra_info_digest256, DIGEST256_LEN);
+  digest256_matches |=
+    tor_mem_is_zero(sd->extra_info_digest256, DIGEST256_LEN);
 
   /* The identity must match exactly to have been generated at the same time
    * by the same router. */
-  if (tor_memneq(ri->cache_info.identity_digest,
+  if (tor_memneq(sd->identity_digest,
                  ei->cache_info.identity_digest,
                  DIGEST_LEN)) {
     if (msg) *msg = "Extrainfo nickname or identity did not match routerinfo";
     goto err; /* different servers */
   }
 
+  if (! tor_cert_opt_eq(sd->signing_key_cert,
+                        ei->cache_info.signing_key_cert)) {
+    if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
+    goto err; /* different servers */
+  }
+
   if (ei->pending_sig) {
     char signed_digest[128];
-    if (crypto_pk_public_checksig(ri->identity_pkey,
+    if (crypto_pk_public_checksig(identity_pkey,
                        signed_digest, sizeof(signed_digest),
                        ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
         tor_memneq(signed_digest, ei->cache_info.signed_descriptor_digest,
@@ -4872,7 +5246,7 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
       goto err; /* Bad signature, or no match. */
     }
 
-    ei->cache_info.send_unencrypted = ri->cache_info.send_unencrypted;
+    ei->cache_info.send_unencrypted = sd->send_unencrypted;
     tor_free(ei->pending_sig);
   }
 
@@ -4885,6 +5259,17 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
     goto err;
   }
 
+  if (!digest256_matches && !digest_matches) {
+    if (msg) *msg = "Neither digest256 or digest matched "
+               "digest from routerdesc";
+    goto err;
+  }
+
+  if (!digest256_matches) {
+    if (msg) *msg = "Extrainfo digest did not match digest256 from routerdesc";
+    goto err; /* Digest doesn't match declared value. */
+  }
+
   if (!digest_matches) {
     if (msg) *msg = "Extrainfo digest did not match value from routerdesc";
     goto err; /* Digest doesn't match declared value. */
@@ -5052,81 +5437,3 @@ refresh_all_country_info(void)
   nodelist_refresh_countries();
 }
 
-/** Determine the routers that are responsible for <b>id</b> (binary) and
- * add pointers to those routers' routerstatus_t to <b>responsible_dirs</b>.
- * Return -1 if we're returning an empty smartlist, else return 0.
- */
-int
-hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
-                                     const char *id)
-{
-  int start, found, n_added = 0, i;
-  networkstatus_t *c = networkstatus_get_latest_consensus();
-  if (!c || !smartlist_len(c->routerstatus_list)) {
-    log_warn(LD_REND, "We don't have a consensus, so we can't perform v2 "
-             "rendezvous operations.");
-    return -1;
-  }
-  tor_assert(id);
-  start = networkstatus_vote_find_entry_idx(c, id, &found);
-  if (start == smartlist_len(c->routerstatus_list)) start = 0;
-  i = start;
-  do {
-    routerstatus_t *r = smartlist_get(c->routerstatus_list, i);
-    if (r->is_hs_dir) {
-      smartlist_add(responsible_dirs, r);
-      if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS)
-        return 0;
-    }
-    if (++i == smartlist_len(c->routerstatus_list))
-      i = 0;
-  } while (i != start);
-
-  /* Even though we don't have the desired number of hidden service
-   * directories, be happy if we got any. */
-  return smartlist_len(responsible_dirs) ? 0 : -1;
-}
-
-/** Return true if this node is currently acting as hidden service
- * directory, false otherwise. */
-int
-hid_serv_acting_as_directory(void)
-{
-  const routerinfo_t *me = router_get_my_routerinfo();
-  if (!me)
-    return 0;
-  if (!get_options()->HidServDirectoryV2) {
-    log_info(LD_REND, "We are not acting as hidden service directory, "
-                      "because we have not been configured as such.");
-    return 0;
-  }
-  return 1;
-}
-
-/** Return true if this node is responsible for storing the descriptor ID
- * in <b>query</b> and false otherwise. */
-int
-hid_serv_responsible_for_desc_id(const char *query)
-{
-  const routerinfo_t *me;
-  routerstatus_t *last_rs;
-  const char *my_id, *last_id;
-  int result;
-  smartlist_t *responsible;
-  if (!hid_serv_acting_as_directory())
-    return 0;
-  if (!(me = router_get_my_routerinfo()))
-    return 0; /* This is redundant, but let's be paranoid. */
-  my_id = me->cache_info.identity_digest;
-  responsible = smartlist_new();
-  if (hid_serv_get_responsible_directories(responsible, query) < 0) {
-    smartlist_free(responsible);
-    return 0;
-  }
-  last_rs = smartlist_get(responsible, smartlist_len(responsible)-1);
-  last_id = last_rs->identity_digest;
-  result = rend_id_is_in_interval(my_id, query, last_id);
-  smartlist_free(responsible);
-  return result;
-}
-
diff --git a/src/or/routerlist.h b/src/or/routerlist.h
index 6e2f2eaea0..cb5b42a3b8 100644
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -50,6 +50,7 @@ const routerstatus_t *router_pick_directory_server(dirinfo_type_t type,
 dir_server_t *router_get_trusteddirserver_by_digest(const char *d);
 dir_server_t *router_get_fallback_dirserver_by_digest(
                                                    const char *digest);
+int router_digest_is_fallback_dir(const char *digest);
 dir_server_t *trusteddirserver_get_by_v3_auth_digest(const char *d);
 const routerstatus_t *router_pick_trusteddirserver(dirinfo_type_t type,
                                                    int flags);
@@ -58,6 +59,11 @@ const routerstatus_t *router_pick_fallback_dirserver(dirinfo_type_t type,
 int router_get_my_share_of_directory_requests(double *v3_share_out);
 void router_reset_status_download_failures(void);
 int routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2);
+void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
+                                           int need_uptime, int need_capacity,
+                                           int need_guard, int need_desc,
+                                           int pref_addr, int direct_conn);
+
 const routerinfo_t *routerlist_find_my_routerinfo(void);
 uint32_t router_get_advertised_bandwidth(const routerinfo_t *router);
 uint32_t router_get_advertised_bandwidth_capped(const routerinfo_t *router);
@@ -82,7 +88,8 @@ int hexdigest_to_digest(const char *hexdigest, char *digest);
 const routerinfo_t *router_get_by_id_digest(const char *digest);
 routerinfo_t *router_get_mutable_by_digest(const char *digest);
 signed_descriptor_t *router_get_by_descriptor_digest(const char *digest);
-signed_descriptor_t *router_get_by_extrainfo_digest(const char *digest);
+MOCK_DECL(signed_descriptor_t *,router_get_by_extrainfo_digest,
+          (const char *digest));
 signed_descriptor_t *extrainfo_get_by_descriptor_digest(const char *digest);
 const char *signed_descriptor_get_body(const signed_descriptor_t *desc);
 const char *signed_descriptor_get_annotations(const signed_descriptor_t *desc);
@@ -99,11 +106,12 @@ void routerlist_reset_warnings(void);
 static int WRA_WAS_ADDED(was_router_added_t s);
 static int WRA_WAS_OUTDATED(was_router_added_t s);
 static int WRA_WAS_REJECTED(was_router_added_t s);
+static int WRA_NEVER_DOWNLOADABLE(was_router_added_t s);
 /** Return true iff the outcome code in <b>s</b> indicates that the descriptor
  * was added. It might still be necessary to check whether the descriptor
  * generator should be notified.
  */
-static INLINE int
+static inline int
 WRA_WAS_ADDED(was_router_added_t s) {
   return s == ROUTER_ADDED_SUCCESSFULLY || s == ROUTER_ADDED_NOTIFY_GENERATOR;
 }
@@ -112,19 +120,31 @@ WRA_WAS_ADDED(was_router_added_t s) {
  * - not in the consensus
  * - neither in the consensus nor in any networkstatus document
  * - it was outdated.
+ * - its certificates were expired.
  */
-static INLINE int WRA_WAS_OUTDATED(was_router_added_t s)
+static inline int WRA_WAS_OUTDATED(was_router_added_t s)
 {
-  return (s == ROUTER_WAS_NOT_NEW ||
+  return (s == ROUTER_WAS_TOO_OLD ||
+          s == ROUTER_IS_ALREADY_KNOWN ||
           s == ROUTER_NOT_IN_CONSENSUS ||
-          s == ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS);
+          s == ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS ||
+          s == ROUTER_CERTS_EXPIRED);
 }
 /** Return true iff the outcome code in <b>s</b> indicates that the descriptor
  * was flat-out rejected. */
-static INLINE int WRA_WAS_REJECTED(was_router_added_t s)
+static inline int WRA_WAS_REJECTED(was_router_added_t s)
 {
   return (s == ROUTER_AUTHDIR_REJECTS);
 }
+/** Return true iff the outcome code in <b>s</b> indicates that the descriptor
+ * was flat-out rejected. */
+static inline int WRA_NEVER_DOWNLOADABLE(was_router_added_t s)
+{
+  return (s == ROUTER_AUTHDIR_REJECTS ||
+          s == ROUTER_BAD_EI ||
+          s == ROUTER_WAS_TOO_OLD ||
+          s == ROUTER_CERTS_EXPIRED);
+}
 was_router_added_t router_add_to_routerlist(routerinfo_t *router,
                                             const char **msg,
                                             int from_cache,
@@ -152,10 +172,12 @@ int router_exit_policy_rejects_all(const routerinfo_t *router);
 
 dir_server_t *trusted_dir_server_new(const char *nickname, const char *address,
                        uint16_t dir_port, uint16_t or_port,
+                       const tor_addr_port_t *addrport_ipv6,
                        const char *digest, const char *v3_auth_digest,
                        dirinfo_type_t type, double weight);
 dir_server_t *fallback_dir_server_new(const tor_addr_t *addr,
                                       uint16_t dir_port, uint16_t or_port,
+                                      const tor_addr_port_t *addrport_ipv6,
                                       const char *id_digest, double weight);
 void dir_server_add(dir_server_t *ent);
 
@@ -169,7 +191,7 @@ void update_extrainfo_downloads(time_t now);
 void router_reset_descriptor_download_failures(void);
 int router_differences_are_cosmetic(const routerinfo_t *r1,
                                     const routerinfo_t *r2);
-int routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
+int routerinfo_incompatible_with_extrainfo(const crypto_pk_t *ri,
                                            extrainfo_t *ei,
                                            signed_descriptor_t *sd,
                                            const char **msg);
@@ -180,12 +202,7 @@ void routers_sort_by_identity(smartlist_t *routers);
 
 void refresh_all_country_info(void);
 
-int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs,
-                                         const char *id);
-int hid_serv_acting_as_directory(void);
-int hid_serv_responsible_for_desc_id(const char *id);
-
-void list_pending_microdesc_downloads(digestmap_t *result);
+void list_pending_microdesc_downloads(digest256map_t *result);
 void launch_descriptor_downloads(int purpose,
                                  smartlist_t *downloadable,
                                  const routerstatus_t *source,
@@ -212,6 +229,21 @@ STATIC int choose_array_element_by_weight(const u64_dbl_t *entries,
                                           int n_entries);
 STATIC void scale_array_elements_to_u64(u64_dbl_t *entries, int n_entries,
                                         uint64_t *total_out);
+STATIC const routerstatus_t *router_pick_directory_server_impl(
+                                           dirinfo_type_t auth, int flags,
+                                           int *n_busy_out);
+
+MOCK_DECL(int, router_descriptor_is_older_than, (const routerinfo_t *router,
+                                                 int seconds));
+MOCK_DECL(STATIC was_router_added_t, extrainfo_insert,
+          (routerlist_t *rl, extrainfo_t *ei, int warn_if_incompatible));
+
+MOCK_DECL(STATIC void, initiate_descriptor_downloads,
+          (const routerstatus_t *source, int purpose, smartlist_t *digests,
+           int lo, int hi, int pds_flags));
+STATIC int router_is_already_dir_fetching(const tor_addr_port_t *ap,
+                                          int serverdesc, int microdesc);
+
 #endif
 
 #endif
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 524a575480..b6a90431a7 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -9,6 +9,8 @@
  * \brief Code to parse and validate router descriptors and directories.
  **/
 
+#define ROUTERPARSE_PRIVATE
+
 #include "or.h"
 #include "config.h"
 #include "circuitstats.h"
@@ -22,15 +24,20 @@
 #include "microdesc.h"
 #include "networkstatus.h"
 #include "rephist.h"
+#include "routerkeys.h"
 #include "routerparse.h"
+#include "entrynodes.h"
+#include "torcert.h"
+
 #undef log
 #include <math.h>
 
 /****************************************************************************/
 
 /** Enumeration of possible token types.  The ones starting with K_ correspond
- * to directory 'keywords'. ERR_ is an error in the tokenizing process, EOF_
- * is an end-of-file marker, and NIL_ is used to encode not-a-token.
+ * to directory 'keywords'. A_ is for an annotation, R or C is related to
+ * hidden services, ERR_ is an error in the tokenizing process, EOF_ is an
+ * end-of-file marker, and NIL_ is used to encode not-a-token.
  */
 typedef enum {
   K_ACCEPT = 0,
@@ -66,6 +73,7 @@ typedef enum {
   K_CLIENT_VERSIONS,
   K_SERVER_VERSIONS,
   K_OR_ADDRESS,
+  K_ID,
   K_P,
   K_P6,
   K_R,
@@ -80,6 +88,11 @@ typedef enum {
   K_HIDDEN_SERVICE_DIR,
   K_ALLOW_SINGLE_HOP_EXITS,
   K_IPV6_POLICY,
+  K_ROUTER_SIG_ED25519,
+  K_IDENTITY_ED25519,
+  K_MASTER_KEY_ED25519,
+  K_ONION_KEY_CROSSCERT,
+  K_NTOR_ONION_KEY_CROSSCERT,
 
   K_DIRREQ_END,
   K_DIRREQ_V2_IPS,
@@ -113,6 +126,7 @@ typedef enum {
   K_DIR_KEY_CERTIFICATION,
   K_DIR_KEY_CROSSCERT,
   K_DIR_ADDRESS,
+  K_DIR_TUNNELLED,
 
   K_VOTE_STATUS,
   K_VALID_AFTER,
@@ -131,6 +145,7 @@ typedef enum {
   K_CONSENSUS_METHOD,
   K_LEGACY_DIR_KEY,
   K_DIRECTORY_FOOTER,
+  K_PACKAGE,
 
   A_PURPOSE,
   A_LAST_LISTED,
@@ -289,6 +304,13 @@ static token_rule_t routerdesc_token_table[] = {
   T01("write-history",       K_WRITE_HISTORY,       ARGS,    NO_OBJ ),
   T01("extra-info-digest",   K_EXTRA_INFO_DIGEST,   GE(1),   NO_OBJ ),
   T01("hidden-service-dir",  K_HIDDEN_SERVICE_DIR,  NO_ARGS, NO_OBJ ),
+  T01("identity-ed25519",    K_IDENTITY_ED25519,    NO_ARGS, NEED_OBJ ),
+  T01("master-key-ed25519",  K_MASTER_KEY_ED25519,  GE(1),   NO_OBJ ),
+  T01("router-sig-ed25519",  K_ROUTER_SIG_ED25519,  GE(1),   NO_OBJ ),
+  T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
+  T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
+                                                    EQ(1),   NEED_OBJ ),
+
   T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS,    NO_ARGS, NO_OBJ ),
 
   T01("family",              K_FAMILY,              ARGS,    NO_OBJ ),
@@ -298,6 +320,7 @@ static token_rule_t routerdesc_token_table[] = {
   T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
   T1( "bandwidth",           K_BANDWIDTH,           GE(3),   NO_OBJ ),
   A01("@purpose",            A_PURPOSE,             GE(1),   NO_OBJ ),
+  T01("tunnelled-dir-server",K_DIR_TUNNELLED,       NO_ARGS, NO_OBJ ),
 
   END_OF_TABLE
 };
@@ -306,6 +329,8 @@ static token_rule_t routerdesc_token_table[] = {
 static token_rule_t extrainfo_token_table[] = {
   T1_END( "router-signature",    K_ROUTER_SIGNATURE,    NO_ARGS, NEED_OBJ ),
   T1( "published",           K_PUBLISHED,       CONCAT_ARGS, NO_OBJ ),
+  T01("identity-ed25519",    K_IDENTITY_ED25519,    NO_ARGS, NEED_OBJ ),
+  T01("router-sig-ed25519",  K_ROUTER_SIG_ED25519,  GE(1),   NO_OBJ ),
   T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
   T01("read-history",        K_READ_HISTORY,        ARGS,    NO_OBJ ),
   T01("write-history",       K_WRITE_HISTORY,       ARGS,    NO_OBJ ),
@@ -349,6 +374,7 @@ static token_rule_t rtrstatus_token_table[] = {
   T01("v",                   K_V,               CONCAT_ARGS, NO_OBJ ),
   T01("w",                   K_W,                   ARGS,    NO_OBJ ),
   T0N("m",                   K_M,               CONCAT_ARGS, NO_OBJ ),
+  T0N("id",                  K_ID,                  GE(2),   NO_OBJ ),
   T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
   END_OF_TABLE
 };
@@ -420,6 +446,7 @@ static token_rule_t networkstatus_token_table[] = {
   T1("known-flags",            K_KNOWN_FLAGS,      ARGS,        NO_OBJ ),
   T01("params",                K_PARAMS,           ARGS,        NO_OBJ ),
   T( "fingerprint",            K_FINGERPRINT,      CONCAT_ARGS, NO_OBJ ),
+  T0N("package",               K_PACKAGE,          CONCAT_ARGS, NO_OBJ ),
 
   CERTIFICATE_MEMBERS
 
@@ -485,6 +512,7 @@ static token_rule_t networkstatus_detached_signature_token_table[] = {
 static token_rule_t microdesc_token_table[] = {
   T1_START("onion-key",        K_ONION_KEY,        NO_ARGS,     NEED_KEY_1024),
   T01("ntor-onion-key",        K_ONION_KEY_NTOR,   GE(1),       NO_OBJ ),
+  T0N("id",                    K_ID,               GE(2),       NO_OBJ ),
   T0N("a",                     K_A,                GE(1),       NO_OBJ ),
   T01("family",                K_FAMILY,           ARGS,        NO_OBJ ),
   T01("p",                     K_P,                CONCAT_ARGS, NO_OBJ ),
@@ -501,12 +529,16 @@ static addr_policy_t *router_parse_addr_policy(directory_token_t *tok,
                                                unsigned fmt_flags);
 static addr_policy_t *router_parse_addr_policy_private(directory_token_t *tok);
 
+static int router_get_hash_impl_helper(const char *s, size_t s_len,
+                            const char *start_str,
+                            const char *end_str, char end_c,
+                            const char **start_out, const char **end_out);
 static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
                                 const char *start_str, const char *end_str,
                                 char end_char,
                                 digest_algorithm_t alg);
 static int router_get_hashes_impl(const char *s, size_t s_len,
-                                  digests_t *digests,
+                                  common_digests_t *digests,
                                   const char *start_str, const char *end_str,
                                   char end_char);
 static void token_clear(directory_token_t *tok);
@@ -606,7 +638,7 @@ router_get_router_hash(const char *s, size_t s_len, char *digest)
 /** Set <b>digests</b> to all the digests of the consensus document in
  * <b>s</b> */
 int
-router_get_networkstatus_v3_hashes(const char *s, digests_t *digests)
+router_get_networkstatus_v3_hashes(const char *s, common_digests_t *digests)
 {
   return router_get_hashes_impl(s,strlen(s),digests,
                                 "network-status-version",
@@ -632,7 +664,7 @@ router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
 char *
 router_get_dirobj_signature(const char *digest,
                             size_t digest_len,
-                            crypto_pk_t *private_key)
+                            const crypto_pk_t *private_key)
 {
   char *signature;
   size_t i, keysize;
@@ -659,7 +691,8 @@ router_get_dirobj_signature(const char *digest,
     goto truncated;
 
   i = strlen(buf);
-  if (base64_encode(buf+i, buf_len-i, signature, siglen) < 0) {
+  if (base64_encode(buf+i, buf_len-i, signature, siglen,
+                    BASE64_ENCODE_MULTILINE) < 0) {
     log_warn(LD_BUG,"couldn't base64-encode signature");
     goto err;
   }
@@ -852,8 +885,8 @@ check_signature_token(const char *digest,
     tor_free(signed_digest);
     return -1;
   }
-//  log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
-//            hex_str(signed_digest,4));
+  //  log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
+  //            hex_str(signed_digest,4));
   if (tor_memneq(digest, signed_digest, digest_len)) {
     log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
     tor_free(signed_digest);
@@ -911,7 +944,9 @@ find_start_of_next_router_or_extrainfo(const char **s_ptr,
  * descriptor in the signed_descriptor_body field of each routerinfo_t.  If it
  * isn't SAVED_NOWHERE, remember the offset of each descriptor.
  *
- * Returns 0 on success and -1 on failure.
+ * Returns 0 on success and -1 on failure.  Adds a digest to
+ * <b>invalid_digests_out</b> for every entry that was unparseable or
+ * invalid. (This may cause duplicate entries.)
  */
 int
 router_parse_list_from_string(const char **s, const char *eos,
@@ -919,7 +954,8 @@ router_parse_list_from_string(const char **s, const char *eos,
                               saved_location_t saved_location,
                               int want_extrainfo,
                               int allow_annotations,
-                              const char *prepend_annotations)
+                              const char *prepend_annotations,
+                              smartlist_t *invalid_digests_out)
 {
   routerinfo_t *router;
   extrainfo_t *extrainfo;
@@ -939,6 +975,9 @@ router_parse_list_from_string(const char **s, const char *eos,
   tor_assert(eos >= *s);
 
   while (1) {
+    char raw_digest[DIGEST_LEN];
+    int have_raw_digest = 0;
+    int dl_again = 0;
     if (find_start_of_next_router_or_extrainfo(s, eos, &have_extrainfo) < 0)
       break;
 
@@ -955,18 +994,20 @@ router_parse_list_from_string(const char **s, const char *eos,
 
     if (have_extrainfo && want_extrainfo) {
       routerlist_t *rl = router_get_routerlist();
+      have_raw_digest = router_get_extrainfo_hash(*s, end-*s, raw_digest) == 0;
       extrainfo = extrainfo_parse_entry_from_string(*s, end,
                                        saved_location != SAVED_IN_CACHE,
-                                       rl->identity_map);
+                                       rl->identity_map, &dl_again);
       if (extrainfo) {
         signed_desc = &extrainfo->cache_info;
         elt = extrainfo;
       }
     } else if (!have_extrainfo && !want_extrainfo) {
+      have_raw_digest = router_get_router_hash(*s, end-*s, raw_digest) == 0;
       router = router_parse_entry_from_string(*s, end,
                                               saved_location != SAVED_IN_CACHE,
                                               allow_annotations,
-                                              prepend_annotations);
+                                              prepend_annotations, &dl_again);
       if (router) {
         log_debug(LD_DIR, "Read router '%s', purpose '%s'",
                   router_describe(router),
@@ -975,6 +1016,9 @@ router_parse_list_from_string(const char **s, const char *eos,
         elt = router;
       }
     }
+    if (! elt && ! dl_again && have_raw_digest && invalid_digests_out) {
+      smartlist_add(invalid_digests_out, tor_memdup(raw_digest, DIGEST_LEN));
+    }
     if (!elt) {
       *s = end;
       continue;
@@ -1068,11 +1112,17 @@ find_single_ipv6_orport(const smartlist_t *list,
  * around when caching the router.
  *
  * Only one of allow_annotations and prepend_annotations may be set.
+ *
+ * If <b>can_dl_again_out</b> is provided, set *<b>can_dl_again_out</b> to 1
+ * if it's okay to try to download a descriptor with this same digest again,
+ * and 0 if it isn't.  (It might not be okay to download it again if part of
+ * the part covered by the digest is invalid.)
  */
 routerinfo_t *
 router_parse_entry_from_string(const char *s, const char *end,
                                int cache_copy, int allow_annotations,
-                               const char *prepend_annotations)
+                               const char *prepend_annotations,
+                               int *can_dl_again_out)
 {
   routerinfo_t *router = NULL;
   char digest[128];
@@ -1083,6 +1133,10 @@ router_parse_entry_from_string(const char *s, const char *end,
   size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
   int ok = 1;
   memarea_t *area = NULL;
+  tor_cert_t *ntor_cc_cert = NULL;
+  /* Do not set this to '1' until we have parsed everything that we intend to
+   * parse that's covered by the hash. */
+  int can_dl_again = 0;
 
   tor_assert(!allow_annotations || !prepend_annotations);
 
@@ -1152,9 +1206,11 @@ router_parse_entry_from_string(const char *s, const char *end,
   }
 
   tok = find_by_keyword(tokens, K_ROUTER);
+  const int router_token_pos = smartlist_pos(tokens, tok);
   tor_assert(tok->n_args >= 5);
 
   router = tor_malloc_zero(sizeof(routerinfo_t));
+  router->cert_expiration_time = TIME_MAX;
   router->cache_info.routerlist_index = -1;
   router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
   router->cache_info.signed_descriptor_len = end-s;
@@ -1285,6 +1341,173 @@ router_parse_entry_from_string(const char *s, const char *end,
     log_warn(LD_DIR, "Couldn't calculate key digest"); goto err;
   }
 
+  {
+    directory_token_t *ed_sig_tok, *ed_cert_tok, *cc_tap_tok, *cc_ntor_tok,
+      *master_key_tok;
+    ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
+    ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
+    master_key_tok = find_opt_by_keyword(tokens, K_MASTER_KEY_ED25519);
+    cc_tap_tok = find_opt_by_keyword(tokens, K_ONION_KEY_CROSSCERT);
+    cc_ntor_tok = find_opt_by_keyword(tokens, K_NTOR_ONION_KEY_CROSSCERT);
+    int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok +
+      !!cc_tap_tok + !!cc_ntor_tok;
+    if ((n_ed_toks != 0 && n_ed_toks != 4) ||
+        (n_ed_toks == 4 && !router->onion_curve25519_pkey)) {
+      log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
+               "cross-certification support");
+      goto err;
+    }
+    if (master_key_tok && !ed_sig_tok) {
+      log_warn(LD_DIR, "Router descriptor has ed25519 master key but no "
+               "certificate");
+      goto err;
+    }
+    if (ed_sig_tok) {
+      tor_assert(ed_cert_tok && cc_tap_tok && cc_ntor_tok);
+      const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
+      if (ed_cert_token_pos == -1 || router_token_pos == -1 ||
+          (ed_cert_token_pos != router_token_pos + 1 &&
+           ed_cert_token_pos != router_token_pos - 1)) {
+        log_warn(LD_DIR, "Ed25519 certificate in wrong position");
+        goto err;
+      }
+      if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
+        log_warn(LD_DIR, "Ed25519 signature in wrong position");
+        goto err;
+      }
+      if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
+        log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
+        goto err;
+      }
+      if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
+        log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
+                 "in decriptor");
+        goto err;
+      }
+      if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
+        log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
+                 "in decriptor");
+        goto err;
+      }
+      if (strcmp(cc_ntor_tok->args[0], "0") &&
+          strcmp(cc_ntor_tok->args[0], "1")) {
+        log_warn(LD_DIR, "Bad sign bit on ntor-onion-key-crosscert");
+        goto err;
+      }
+      int ntor_cc_sign_bit = !strcmp(cc_ntor_tok->args[0], "1");
+
+      uint8_t d256[DIGEST256_LEN];
+      const char *signed_start, *signed_end;
+      tor_cert_t *cert = tor_cert_parse(
+                       (const uint8_t*)ed_cert_tok->object_body,
+                       ed_cert_tok->object_size);
+      if (! cert) {
+        log_warn(LD_DIR, "Couldn't parse ed25519 cert");
+        goto err;
+      }
+      /* makes sure it gets freed. */
+      router->cache_info.signing_key_cert = cert;
+
+      if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
+          ! cert->signing_key_included) {
+        log_warn(LD_DIR, "Invalid form for ed25519 cert");
+        goto err;
+      }
+
+      if (master_key_tok) {
+        /* This token is optional, but if it's present, it must match
+         * the signature in the signing cert, or supplant it. */
+        tor_assert(master_key_tok->n_args >= 1);
+        ed25519_public_key_t pkey;
+        if (ed25519_public_from_base64(&pkey, master_key_tok->args[0])<0) {
+          log_warn(LD_DIR, "Can't parse ed25519 master key");
+          goto err;
+        }
+
+        if (fast_memneq(&cert->signing_key.pubkey,
+                        pkey.pubkey, ED25519_PUBKEY_LEN)) {
+          log_warn(LD_DIR, "Ed25519 master key does not match "
+                   "key in certificate");
+          goto err;
+        }
+      }
+      ntor_cc_cert = tor_cert_parse((const uint8_t*)cc_ntor_tok->object_body,
+                                    cc_ntor_tok->object_size);
+      if (!ntor_cc_cert) {
+        log_warn(LD_DIR, "Couldn't parse ntor-onion-key-crosscert cert");
+        goto err;
+      }
+      if (ntor_cc_cert->cert_type != CERT_TYPE_ONION_ID ||
+          ! ed25519_pubkey_eq(&ntor_cc_cert->signed_key, &cert->signing_key)) {
+        log_warn(LD_DIR, "Invalid contents for ntor-onion-key-crosscert cert");
+        goto err;
+      }
+
+      ed25519_public_key_t ntor_cc_pk;
+      if (ed25519_public_key_from_curve25519_public_key(&ntor_cc_pk,
+                                            router->onion_curve25519_pkey,
+                                            ntor_cc_sign_bit)<0) {
+        log_warn(LD_DIR, "Error converting onion key to ed25519");
+        goto err;
+      }
+
+      if (router_get_hash_impl_helper(s, end-s, "router ",
+                                      "\nrouter-sig-ed25519",
+                                      ' ', &signed_start, &signed_end) < 0) {
+        log_warn(LD_DIR, "Can't find ed25519-signed portion of descriptor");
+        goto err;
+      }
+      crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
+      crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
+        strlen(ED_DESC_SIGNATURE_PREFIX));
+      crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
+      crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
+      crypto_digest_free(d);
+
+      ed25519_checkable_t check[3];
+      int check_ok[3];
+      if (tor_cert_get_checkable_sig(&check[0], cert, NULL) < 0) {
+        log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
+        goto err;
+      }
+      if (tor_cert_get_checkable_sig(&check[1],
+                                     ntor_cc_cert, &ntor_cc_pk) < 0) {
+        log_err(LD_BUG, "Couldn't create 'checkable' for ntor_cc_cert.");
+        goto err;
+      }
+
+      if (ed25519_signature_from_base64(&check[2].signature,
+                                        ed_sig_tok->args[0])<0) {
+        log_warn(LD_DIR, "Couldn't decode ed25519 signature");
+        goto err;
+      }
+      check[2].pubkey = &cert->signed_key;
+      check[2].msg = d256;
+      check[2].len = DIGEST256_LEN;
+
+      if (ed25519_checksig_batch(check_ok, check, 3) < 0) {
+        log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
+        goto err;
+      }
+
+      if (check_tap_onion_key_crosscert(
+                      (const uint8_t*)cc_tap_tok->object_body,
+                      (int)cc_tap_tok->object_size,
+                      router->onion_pkey,
+                      &cert->signing_key,
+                      (const uint8_t*)router->cache_info.identity_digest)<0) {
+        log_warn(LD_DIR, "Incorrect TAP cross-verification");
+        goto err;
+      }
+
+      /* We check this before adding it to the routerlist. */
+      if (cert->valid_until < ntor_cc_cert->valid_until)
+        router->cert_expiration_time = cert->valid_until;
+      else
+        router->cert_expiration_time = ntor_cc_cert->valid_until;
+    }
+  }
+
   if ((tok = find_opt_by_keyword(tokens, K_FINGERPRINT))) {
     /* If there's a fingerprint line, it must match the identity digest. */
     char d[DIGEST_LEN];
@@ -1376,12 +1599,26 @@ router_parse_entry_from_string(const char *s, const char *end,
     } else {
       log_warn(LD_DIR, "Invalid extra info digest %s", escaped(tok->args[0]));
     }
+
+    if (tok->n_args >= 2) {
+      if (digest256_from_base64(router->cache_info.extra_info_digest256,
+                                tok->args[1]) < 0) {
+        log_warn(LD_DIR, "Invalid extra info digest256 %s",
+                 escaped(tok->args[1]));
+      }
+    }
   }
 
   if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
     router->wants_to_be_hs_dir = 1;
   }
 
+  /* This router accepts tunnelled directory requests via begindir if it has
+   * an open dirport or it included "tunnelled-dir-server". */
+  if (find_opt_by_keyword(tokens, K_DIR_TUNNELLED) || router->dir_port > 0) {
+    router->supports_tunnelled_dir_requests = 1;
+  }
+
   tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
   note_crypto_pk_op(VERIFY_RTR);
 #ifdef COUNT_DISTINCT_DIGESTS
@@ -1389,19 +1626,21 @@ router_parse_entry_from_string(const char *s, const char *end,
     verified_digests = digestmap_new();
   digestmap_set(verified_digests, signed_digest, (void*)(uintptr_t)1);
 #endif
-  if (check_signature_token(digest, DIGEST_LEN, tok, router->identity_pkey, 0,
-                            "router descriptor") < 0)
-    goto err;
 
   if (!router->or_port) {
     log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
     goto err;
   }
 
+  /* We've checked everything that's covered by the hash. */
+  can_dl_again = 1;
+  if (check_signature_token(digest, DIGEST_LEN, tok, router->identity_pkey, 0,
+                            "router descriptor") < 0)
+    goto err;
+
   if (!router->platform) {
     router->platform = tor_strdup("<unknown>");
   }
-
   goto done;
 
  err:
@@ -1409,6 +1648,7 @@ router_parse_entry_from_string(const char *s, const char *end,
   routerinfo_free(router);
   router = NULL;
  done:
+  tor_cert_free(ntor_cc_cert);
   if (tokens) {
     SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
     smartlist_free(tokens);
@@ -1418,6 +1658,8 @@ router_parse_entry_from_string(const char *s, const char *end,
     DUMP_AREA(area, "routerinfo");
     memarea_drop_all(area);
   }
+  if (can_dl_again_out)
+    *can_dl_again_out = can_dl_again;
   return router;
 }
 
@@ -1426,10 +1668,16 @@ router_parse_entry_from_string(const char *s, const char *end,
  * <b>cache_copy</b> is true, make a copy of the extra-info document in the
  * cache_info fields of the result.  If <b>routermap</b> is provided, use it
  * as a map from router identity to routerinfo_t when looking up signing keys.
+ *
+ * If <b>can_dl_again_out</b> is provided, set *<b>can_dl_again_out</b> to 1
+ * if it's okay to try to download an extrainfo with this same digest again,
+ * and 0 if it isn't.  (It might not be okay to download it again if part of
+ * the part covered by the digest is invalid.)
  */
 extrainfo_t *
 extrainfo_parse_entry_from_string(const char *s, const char *end,
-                           int cache_copy, struct digest_ri_map_t *routermap)
+                            int cache_copy, struct digest_ri_map_t *routermap,
+                            int *can_dl_again_out)
 {
   extrainfo_t *extrainfo = NULL;
   char digest[128];
@@ -1439,6 +1687,9 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
   routerinfo_t *router = NULL;
   memarea_t *area = NULL;
   const char *s_dup = s;
+  /* Do not set this to '1' until we have parsed everything that we intend to
+   * parse that's covered by the hash. */
+  int can_dl_again = 0;
 
   if (!end) {
     end = s + strlen(s);
@@ -1464,6 +1715,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
     goto err;
   }
 
+  /* XXXX Accept this in position 1 too, and ed identity in position 0. */
   tok = smartlist_get(tokens,0);
   if (tok->tp != K_EXTRA_INFO) {
     log_warn(LD_DIR,"Entry does not start with \"extra-info\"");
@@ -1476,6 +1728,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
     extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s,end-s);
   extrainfo->cache_info.signed_descriptor_len = end-s;
   memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
+  crypto_digest256((char*)extrainfo->digest256, s, end-s, DIGEST_SHA256);
 
   tor_assert(tok->n_args >= 2);
   if (!is_legal_nickname(tok->args[0])) {
@@ -1498,6 +1751,92 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
     goto err;
   }
 
+  {
+    directory_token_t *ed_sig_tok, *ed_cert_tok;
+    ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
+    ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
+    int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok;
+    if (n_ed_toks != 0 && n_ed_toks != 2) {
+      log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
+               "cross-certification support");
+      goto err;
+    }
+    if (ed_sig_tok) {
+      tor_assert(ed_cert_tok);
+      const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
+      if (ed_cert_token_pos != 1) {
+        /* Accept this in position 0 XXXX */
+        log_warn(LD_DIR, "Ed25519 certificate in wrong position");
+        goto err;
+      }
+      if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
+        log_warn(LD_DIR, "Ed25519 signature in wrong position");
+        goto err;
+      }
+      if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
+        log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
+        goto err;
+      }
+
+      uint8_t d256[DIGEST256_LEN];
+      const char *signed_start, *signed_end;
+      tor_cert_t *cert = tor_cert_parse(
+                       (const uint8_t*)ed_cert_tok->object_body,
+                       ed_cert_tok->object_size);
+      if (! cert) {
+        log_warn(LD_DIR, "Couldn't parse ed25519 cert");
+        goto err;
+      }
+      /* makes sure it gets freed. */
+      extrainfo->cache_info.signing_key_cert = cert;
+
+      if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
+          ! cert->signing_key_included) {
+        log_warn(LD_DIR, "Invalid form for ed25519 cert");
+        goto err;
+      }
+
+      if (router_get_hash_impl_helper(s, end-s, "extra-info ",
+                                      "\nrouter-sig-ed25519",
+                                      ' ', &signed_start, &signed_end) < 0) {
+        log_warn(LD_DIR, "Can't find ed25519-signed portion of extrainfo");
+        goto err;
+      }
+      crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
+      crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
+        strlen(ED_DESC_SIGNATURE_PREFIX));
+      crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
+      crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
+      crypto_digest_free(d);
+
+      ed25519_checkable_t check[2];
+      int check_ok[2];
+      if (tor_cert_get_checkable_sig(&check[0], cert, NULL) < 0) {
+        log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
+        goto err;
+      }
+
+      if (ed25519_signature_from_base64(&check[1].signature,
+                                        ed_sig_tok->args[0])<0) {
+        log_warn(LD_DIR, "Couldn't decode ed25519 signature");
+        goto err;
+      }
+      check[1].pubkey = &cert->signed_key;
+      check[1].msg = d256;
+      check[1].len = DIGEST256_LEN;
+
+      if (ed25519_checksig_batch(check_ok, check, 2) < 0) {
+        log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
+        goto err;
+      }
+      /* We don't check the certificate expiration time: checking that it
+       * matches the cert in the router descriptor is adequate. */
+    }
+  }
+
+  /* We've checked everything that's covered by the hash. */
+  can_dl_again = 1;
+
   if (routermap &&
       (router = digestmap_get((digestmap_t*)routermap,
                               extrainfo->cache_info.identity_digest))) {
@@ -1540,6 +1879,8 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
     DUMP_AREA(area, "extrainfo");
     memarea_drop_all(area);
   }
+  if (can_dl_again_out)
+    *can_dl_again_out = can_dl_again;
   return extrainfo;
 }
 
@@ -1732,7 +2073,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
  * object (starting with "r " at the start of a line).  If none is found,
  * return the start of the directory footer, or the next directory signature.
  * If none is found, return the end of the string. */
-static INLINE const char *
+static inline const char *
 find_start_of_next_routerstatus(const char *s)
 {
   const char *eos, *footer, *sig;
@@ -1754,6 +2095,63 @@ find_start_of_next_routerstatus(const char *s)
     return eos;
 }
 
+/** Parse the GuardFraction string from a consensus or vote.
+ *
+ *  If <b>vote</b> or <b>vote_rs</b> are set the document getting
+ *  parsed is a vote routerstatus. Otherwise it's a consensus. This is
+ *  the same semantic as in routerstatus_parse_entry_from_string(). */
+STATIC int
+routerstatus_parse_guardfraction(const char *guardfraction_str,
+                                 networkstatus_t *vote,
+                                 vote_routerstatus_t *vote_rs,
+                                 routerstatus_t *rs)
+{
+  int ok;
+  const char *end_of_header = NULL;
+  int is_consensus = !vote_rs;
+  uint32_t guardfraction;
+
+  tor_assert(bool_eq(vote, vote_rs));
+
+  /* If this info comes from a consensus, but we should't apply
+     guardfraction, just exit. */
+  if (is_consensus && !should_apply_guardfraction(NULL)) {
+    return 0;
+  }
+
+  end_of_header = strchr(guardfraction_str, '=');
+  if (!end_of_header) {
+    return -1;
+  }
+
+  guardfraction = (uint32_t)tor_parse_ulong(end_of_header+1,
+                                            10, 0, 100, &ok, NULL);
+  if (!ok) {
+    log_warn(LD_DIR, "Invalid GuardFraction %s", escaped(guardfraction_str));
+    return -1;
+  }
+
+  log_debug(LD_GENERAL, "[*] Parsed %s guardfraction '%s' for '%s'.",
+            is_consensus ? "consensus" : "vote",
+            guardfraction_str, rs->nickname);
+
+  if (!is_consensus) { /* We are parsing a vote */
+    vote_rs->status.guardfraction_percentage = guardfraction;
+    vote_rs->status.has_guardfraction = 1;
+  } else {
+    /* We are parsing a consensus. Only apply guardfraction to guards. */
+    if (rs->is_possible_guard) {
+      rs->guardfraction_percentage = guardfraction;
+      rs->has_guardfraction = 1;
+    } else {
+      log_warn(LD_BUG, "Got GuardFraction for non-guard %s. "
+               "This is not supposed to happen. Not applying. ", rs->nickname);
+    }
+  }
+
+  return 0;
+}
+
 /** Given a string at *<b>s</b>, containing a routerstatus object, and an
  * empty smartlist at <b>tokens</b>, parse and return the first router status
  * object in the string, and advance *<b>s</b> to just after the end of the
@@ -1900,8 +2298,6 @@ routerstatus_parse_entry_from_string(memarea_t *area,
         rs->is_possible_guard = 1;
       else if (!strcmp(tok->args[i], "BadExit"))
         rs->is_bad_exit = 1;
-      else if (!strcmp(tok->args[i], "BadDirectory"))
-        rs->is_bad_directory = 1;
       else if (!strcmp(tok->args[i], "Authority"))
         rs->is_authority = 1;
       else if (!strcmp(tok->args[i], "Unnamed") &&
@@ -1910,6 +2306,8 @@ routerstatus_parse_entry_from_string(memarea_t *area,
         rs->is_unnamed = 1;
       } else if (!strcmp(tok->args[i], "HSDir")) {
         rs->is_hs_dir = 1;
+      } else if (!strcmp(tok->args[i], "V2Dir")) {
+        rs->is_v2_dir = 1;
       }
     }
   }
@@ -1917,13 +2315,7 @@ routerstatus_parse_entry_from_string(memarea_t *area,
     tor_assert(tok->n_args == 1);
     rs->version_known = 1;
     if (strcmpstart(tok->args[0], "Tor ")) {
-      rs->version_supports_microdesc_cache = 1;
-      rs->version_supports_optimistic_data = 1;
     } else {
-      rs->version_supports_microdesc_cache =
-        tor_version_supports_microdescriptors(tok->args[0]);
-      rs->version_supports_optimistic_data =
-        tor_version_as_new_as(tok->args[0], "0.2.3.1-alpha");
       rs->version_supports_extend2_cells =
         tor_version_as_new_as(tok->args[0], "0.2.4.8-alpha");
     }
@@ -1961,6 +2353,11 @@ routerstatus_parse_entry_from_string(memarea_t *area,
         vote->has_measured_bws = 1;
       } else if (!strcmpstart(tok->args[i], "Unmeasured=1")) {
         rs->bw_is_unmeasured = 1;
+      } else if (!strcmpstart(tok->args[i], "GuardFraction=")) {
+        if (routerstatus_parse_guardfraction(tok->args[i],
+                                             vote, vote_rs, rs) < 0) {
+          goto err;
+        }
       }
     }
   }
@@ -1991,6 +2388,18 @@ routerstatus_parse_entry_from_string(memarea_t *area,
         line->microdesc_hash_line = tor_strdup(t->args[0]);
         vote_rs->microdesc = line;
       }
+      if (t->tp == K_ID) {
+        tor_assert(t->n_args >= 2);
+        if (!strcmp(t->args[0], "ed25519")) {
+          vote_rs->has_ed25519_listing = 1;
+          if (strcmp(t->args[1], "none") &&
+              digest256_from_base64((char*)vote_rs->ed25519_id,
+                                    t->args[1])<0) {
+            log_warn(LD_DIR, "Bogus ed25519 key in networkstatus vote");
+            goto err;
+          }
+        }
+      }
     } SMARTLIST_FOREACH_END(t);
   } else if (flav == FLAV_MICRODESC) {
     tok = find_opt_by_keyword(tokens, K_M);
@@ -2048,6 +2457,7 @@ networkstatus_verify_bw_weights(networkstatus_t *ns, int consensus_method)
   double Gtotal=0, Mtotal=0, Etotal=0;
   const char *casename = NULL;
   int valid = 1;
+  (void) consensus_method;
 
   weight_scale = networkstatus_get_weight_scale_param(ns);
   Wgg = networkstatus_get_bw_weight(ns, "Wgg", -1);
@@ -2127,12 +2537,8 @@ networkstatus_verify_bw_weights(networkstatus_t *ns, int consensus_method)
   // Then, gather G, M, E, D, T to determine case
   SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
     int is_exit = 0;
-    if (consensus_method >= MIN_METHOD_TO_CUT_BADEXIT_WEIGHT) {
-      /* Bug #2203: Don't count bad exits as exits for balancing */
-      is_exit = rs->is_exit && !rs->is_bad_exit;
-    } else {
-      is_exit = rs->is_exit;
-    }
+    /* Bug #2203: Don't count bad exits as exits for balancing */
+    is_exit = rs->is_exit && !rs->is_bad_exit;
     if (rs->has_bandwidth) {
       T += rs->bandwidth_kb;
       if (is_exit && rs->is_possible_guard) {
@@ -2444,7 +2850,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   smartlist_t *rs_tokens = NULL, *footer_tokens = NULL;
   networkstatus_voter_info_t *voter = NULL;
   networkstatus_t *ns = NULL;
-  digests_t ns_digests;
+  common_digests_t ns_digests;
   const char *cert, *end_of_header, *end_of_footer, *s_dup = s;
   directory_token_t *tok;
   int ok;
@@ -2470,7 +2876,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
                       (ns_type == NS_TYPE_CONSENSUS) ?
                       networkstatus_consensus_token_table :
                       networkstatus_token_table, 0)) {
-    log_warn(LD_DIR, "Error tokenizing network-status vote header");
+    log_warn(LD_DIR, "Error tokenizing network-status header");
     goto err;
   }
 
@@ -2568,11 +2974,15 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     (int) tor_parse_long(tok->args[1], 10, 0, INT_MAX, &ok, NULL);
   if (!ok)
     goto err;
-  if (ns->valid_after + MIN_VOTE_INTERVAL > ns->fresh_until) {
+  if (ns->valid_after +
+      (get_options()->TestingTorNetwork ?
+       MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL) > ns->fresh_until) {
     log_warn(LD_DIR, "Vote/consensus freshness interval is too short");
     goto err;
   }
-  if (ns->valid_after + MIN_VOTE_INTERVAL*2 > ns->valid_until) {
+  if (ns->valid_after +
+      (get_options()->TestingTorNetwork ?
+       MIN_VOTE_INTERVAL_TESTING : MIN_VOTE_INTERVAL)*2 > ns->valid_until) {
     log_warn(LD_DIR, "Vote/consensus liveness interval is too short");
     goto err;
   }
@@ -2592,6 +3002,16 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     ns->server_versions = tor_strdup(tok->args[0]);
   }
 
+  {
+    smartlist_t *package_lst = find_all_by_keyword(tokens, K_PACKAGE);
+    ns->package_lines = smartlist_new();
+    if (package_lst) {
+      SMARTLIST_FOREACH(package_lst, directory_token_t *, t,
+                    smartlist_add(ns->package_lines, tor_strdup(t->args[0])));
+    }
+    smartlist_free(package_lst);
+  }
+
   tok = find_by_keyword(tokens, K_KNOWN_FLAGS);
   ns->known_flags = smartlist_new();
   inorder = 1;
@@ -2679,7 +3099,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
           base16_decode(voter->identity_digest, sizeof(voter->identity_digest),
                         tok->args[1], HEX_DIGEST_LEN) < 0) {
         log_warn(LD_DIR, "Error decoding identity digest %s in "
-                 "network-status vote.", escaped(tok->args[1]));
+                 "network-status document.", escaped(tok->args[1]));
         goto err;
       }
       if (ns->type != NS_TYPE_CONSENSUS &&
@@ -2738,7 +3158,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     voter = NULL;
   }
   if (smartlist_len(ns->voters) == 0) {
-    log_warn(LD_DIR, "Missing dir-source elements in a vote networkstatus.");
+    log_warn(LD_DIR, "Missing dir-source elements in a networkstatus.");
     goto err;
   } else if (ns->type != NS_TYPE_CONSENSUS && smartlist_len(ns->voters) != 1) {
     log_warn(LD_DIR, "Too many dir-source elements in a vote networkstatus.");
@@ -2799,11 +3219,27 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     }
     if (fast_memcmp(rs1->identity_digest, rs2->identity_digest, DIGEST_LEN)
         >= 0) {
-      log_warn(LD_DIR, "Vote networkstatus entries not sorted by identity "
-               "digest");
+      log_warn(LD_DIR, "Networkstatus entries not sorted by identity digest");
       goto err;
     }
   }
+  if (ns_type != NS_TYPE_CONSENSUS) {
+    digest256map_t *ed_id_map = digest256map_new();
+    SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, vote_routerstatus_t *,
+                            vrs) {
+      if (! vrs->has_ed25519_listing ||
+          tor_mem_is_zero((const char *)vrs->ed25519_id, DIGEST256_LEN))
+        continue;
+      if (digest256map_get(ed_id_map, vrs->ed25519_id) != NULL) {
+        log_warn(LD_DIR, "Vote networkstatus ed25519 identities were not "
+                 "unique");
+        digest256map_free(ed_id_map, NULL);
+        goto err;
+      }
+      digest256map_set(ed_id_map, vrs->ed25519_id, (void*)1);
+    } SMARTLIST_FOREACH_END(vrs);
+    digest256map_free(ed_id_map, NULL);
+  }
 
   /* Parse footer; check signature. */
   footer_tokens = smartlist_new();
@@ -2896,12 +3332,12 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
         base16_decode(declared_identity, sizeof(declared_identity),
                       id_hexdigest, HEX_DIGEST_LEN) < 0) {
       log_warn(LD_DIR, "Error decoding declared identity %s in "
-               "network-status vote.", escaped(id_hexdigest));
+               "network-status document.", escaped(id_hexdigest));
       goto err;
     }
     if (!(v = networkstatus_get_voter_by_id(ns, declared_identity))) {
-      log_warn(LD_DIR, "ID on signature on network-status vote does not match "
-               "any declared directory source.");
+      log_warn(LD_DIR, "ID on signature on network-status document does "
+               "not match any declared directory source.");
       goto err;
     }
     sig = tor_malloc_zero(sizeof(document_signature_t));
@@ -2911,7 +3347,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
         base16_decode(sig->signing_key_digest, sizeof(sig->signing_key_digest),
                       sk_hexdigest, HEX_DIGEST_LEN) < 0) {
       log_warn(LD_DIR, "Error decoding declared signing key digest %s in "
-               "network-status vote.", escaped(sk_hexdigest));
+               "network-status document.", escaped(sk_hexdigest));
       tor_free(sig);
       goto err;
     }
@@ -2930,8 +3366,8 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
       /* We already parsed a vote with this algorithm from this voter. Use the
          first one. */
       log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
-             "that contains two votes from the same voter with the same "
-             "algorithm. Ignoring the second vote.");
+             "that contains two signatures from the same voter with the same "
+             "algorithm. Ignoring the second signature.");
       tor_free(sig);
       continue;
     }
@@ -2939,7 +3375,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     if (ns->type != NS_TYPE_CONSENSUS) {
       if (check_signature_token(ns_digests.d[DIGEST_SHA1], DIGEST_LEN,
                                 tok, ns->cert->signing_key, 0,
-                                "network-status vote")) {
+                                "network-status document")) {
         tor_free(sig);
         goto err;
       }
@@ -2958,7 +3394,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   } SMARTLIST_FOREACH_END(_tok);
 
   if (! n_signatures) {
-    log_warn(LD_DIR, "No signatures on networkstatus vote.");
+    log_warn(LD_DIR, "No signatures on networkstatus document.");
     goto err;
   } else if (ns->type == NS_TYPE_VOTE && n_signatures != 1) {
     log_warn(LD_DIR, "Received more than one signature on a "
@@ -3009,15 +3445,16 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   return ns;
 }
 
-/** Return the digests_t that holds the digests of the
+/** Return the common_digests_t that holds the digests of the
  * <b>flavor_name</b>-flavored networkstatus according to the detached
- * signatures document <b>sigs</b>, allocating a new digests_t as neeeded. */
-static digests_t *
+ * signatures document <b>sigs</b>, allocating a new common_digests_t as
+ * neeeded. */
+static common_digests_t *
 detached_get_digests(ns_detached_signatures_t *sigs, const char *flavor_name)
 {
-  digests_t *d = strmap_get(sigs->digests, flavor_name);
+  common_digests_t *d = strmap_get(sigs->digests, flavor_name);
   if (!d) {
-    d = tor_malloc_zero(sizeof(digests_t));
+    d = tor_malloc_zero(sizeof(common_digests_t));
     strmap_set(sigs->digests, flavor_name, d);
   }
   return d;
@@ -3025,7 +3462,7 @@ detached_get_digests(ns_detached_signatures_t *sigs, const char *flavor_name)
 
 /** Return the list of signatures of the <b>flavor_name</b>-flavored
  * networkstatus according to the detached signatures document <b>sigs</b>,
- * allocating a new digests_t as neeeded. */
+ * allocating a new common_digests_t as neeeded. */
 static smartlist_t *
 detached_get_signatures(ns_detached_signatures_t *sigs,
                         const char *flavor_name)
@@ -3047,7 +3484,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
    * networkstatus_parse_vote_from_string(). */
   directory_token_t *tok;
   memarea_t *area = NULL;
-  digests_t *digests;
+  common_digests_t *digests;
 
   smartlist_t *tokens = smartlist_new();
   ns_detached_signatures_t *sigs =
@@ -3243,24 +3680,43 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
  * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
  * ADDR_POLICY_REJECT) for items that specify no action.
  *
+ * Returns NULL on policy errors.
+ *
+ * Set *<b>malformed_list</b> to true if the entire policy list should be
+ * discarded. Otherwise, set it to false, and only this item should be ignored
+ * on error - the rest of the policy list can continue to be processed and
+ * used.
+ *
  * The addr_policy_t returned by this function can have its address set to
  * AF_UNSPEC for '*'.  Use policy_expand_unspec() to turn this into a pair
  * of AF_INET and AF_INET6 items.
  */
-addr_policy_t *
-router_parse_addr_policy_item_from_string(const char *s, int assume_action)
+MOCK_IMPL(addr_policy_t *,
+router_parse_addr_policy_item_from_string,(const char *s, int assume_action,
+                                           int *malformed_list))
 {
   directory_token_t *tok = NULL;
   const char *cp, *eos;
-  /* Longest possible policy is "accept ffff:ffff:..255/ffff:...255:0-65535".
+  /* Longest possible policy is
+   * "accept6 [ffff:ffff:..255]/128:10000-65535",
+   * which contains a max-length IPv6 address, plus 26 characters.
    * But note that there can be an arbitrary amount of space between the
-   * accept and the address:mask/port element. */
+   * accept and the address:mask/port element.
+   * We don't need to multiply TOR_ADDR_BUF_LEN by 2, as there is only one
+   * IPv6 address. But making the buffer shorter might cause valid long lines,
+   * which parsed in previous versions, to fail to parse in new versions.
+   * (These lines would have to have excessive amounts of whitespace.) */
   char line[TOR_ADDR_BUF_LEN*2 + 32];
   addr_policy_t *r;
   memarea_t *area = NULL;
 
+  tor_assert(malformed_list);
+  *malformed_list = 0;
+
   s = eat_whitespace(s);
-  if ((*s == '*' || TOR_ISDIGIT(*s)) && assume_action >= 0) {
+  /* We can only do assume_action on []-quoted IPv6, as "a" (accept)
+   * and ":" (port separator) are ambiguous */
+  if ((*s == '*' || *s == '[' || TOR_ISDIGIT(*s)) && assume_action >= 0) {
     if (tor_snprintf(line, sizeof(line), "%s %s",
                assume_action == ADDR_POLICY_ACCEPT?"accept":"reject", s)<0) {
       log_warn(LD_DIR, "Policy %s is too long.", escaped(s));
@@ -3285,9 +3741,34 @@ router_parse_addr_policy_item_from_string(const char *s, int assume_action)
     goto err;
   }
 
+  /* Use the extended interpretation of accept/reject *,
+   * expanding it into an IPv4 wildcard and an IPv6 wildcard.
+   * Also permit *4 and *6 for IPv4 and IPv6 only wildcards. */
   r = router_parse_addr_policy(tok, TAPMP_EXTENDED_STAR);
+  if (!r) {
+    goto err;
+  }
+
+  /* Ensure that accept6/reject6 fields are followed by IPv6 addresses.
+   * AF_UNSPEC addresses are only permitted on the accept/reject field type.
+   * Unlike descriptors, torrcs exit policy accept/reject can be followed by
+   * either an IPv4 or IPv6 address. */
+  if ((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
+       tor_addr_family(&r->addr) != AF_INET6) {
+    /* This is a non-fatal error, just ignore this one entry. */
+    *malformed_list = 0;
+    log_warn(LD_DIR, "IPv4 address '%s' with accept6/reject6 field type in "
+             "exit policy. Ignoring, but continuing to parse rules. (Use "
+             "accept/reject with IPv4 addresses.)",
+             tok->n_args == 1 ? tok->args[0] : "");
+    addr_policy_free(r);
+    r = NULL;
+    goto done;
+  }
+
   goto done;
  err:
+  *malformed_list = 1;
   r = NULL;
  done:
   token_clear(tok);
@@ -3304,19 +3785,27 @@ static int
 router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
 {
   addr_policy_t *newe;
+  /* Use the standard interpretation of accept/reject *, an IPv4 wildcard. */
   newe = router_parse_addr_policy(tok, 0);
   if (!newe)
     return -1;
   if (! router->exit_policy)
     router->exit_policy = smartlist_new();
 
+  /* Ensure that in descriptors, accept/reject fields are followed by
+   * IPv4 addresses, and accept6/reject6 fields are followed by
+   * IPv6 addresses. Unlike torrcs, descriptor exit policies do not permit
+   * accept/reject followed by IPv6. */
   if (((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
        tor_addr_family(&newe->addr) == AF_INET)
       ||
       ((tok->tp == K_ACCEPT || tok->tp == K_REJECT) &&
        tor_addr_family(&newe->addr) == AF_INET6)) {
+    /* There's nothing the user can do about other relays' descriptors,
+     * so we don't provide usage advice here. */
     log_warn(LD_DIR, "Mismatch between field type and address type in exit "
-             "policy");
+             "policy '%s'. Discarding entire router descriptor.",
+             tok->n_args == 1 ? tok->args[0] : "");
     addr_policy_free(newe);
     return -1;
   }
@@ -3326,8 +3815,11 @@ router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
   return 0;
 }
 
-/** Given a K_ACCEPT or K_REJECT token and a router, create and return
- * a new exit_policy_t corresponding to the token. */
+/** Given a K_ACCEPT[6] or K_REJECT[6] token and a router, create and return
+ * a new exit_policy_t corresponding to the token. If TAPMP_EXTENDED_STAR
+ * is set in fmt_flags, K_ACCEPT6 and K_REJECT6 tokens followed by *
+ * expand to IPv6-only policies, otherwise they expand to IPv4 and IPv6
+ * policies */
 static addr_policy_t *
 router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
 {
@@ -3351,6 +3843,13 @@ router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
   else
     newe.policy_type = ADDR_POLICY_ACCEPT;
 
+  /* accept6/reject6 * produces an IPv6 wildcard address only.
+   * (accept/reject * produces rules for IPv4 and IPv6 wildcard addresses.) */
+  if ((fmt_flags & TAPMP_EXTENDED_STAR)
+      && (tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6)) {
+    fmt_flags |= TAPMP_STAR_IPV6_ONLY;
+  }
+
   if (tor_addr_parse_mask_ports(arg, fmt_flags, &newe.addr, &newe.maskbits,
                                 &newe.prt_min, &newe.prt_max) < 0) {
     log_warn(LD_DIR,"Couldn't parse line %s. Dropping", escaped(arg));
@@ -3360,9 +3859,12 @@ router_parse_addr_policy(directory_token_t *tok, unsigned fmt_flags)
   return addr_policy_get_canonical_entry(&newe);
 }
 
-/** Parse an exit policy line of the format "accept/reject private:...".
+/** Parse an exit policy line of the format "accept[6]/reject[6] private:...".
  * This didn't exist until Tor 0.1.1.15, so nobody should generate it in
  * router descriptors until earlier versions are obsolete.
+ *
+ * accept/reject and accept6/reject6 private all produce rules for both
+ * IPv4 and IPv6 addresses.
  */
 static addr_policy_t *
 router_parse_addr_policy_private(directory_token_t *tok)
@@ -3392,6 +3894,13 @@ router_parse_addr_policy_private(directory_token_t *tok)
   result.prt_min = port_min;
   result.prt_max = port_max;
 
+  if (tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) {
+    log_warn(LD_GENERAL,
+             "'%s' expands into rules which apply to all private IPv4 and "
+             "IPv6 addresses. (Use accept/reject private:* for IPv4 and "
+             "IPv6.)", tok->n_args == 1 ? tok->args[0] : "");
+  }
+
   return addr_policy_get_canonical_entry(&result);
 }
 
@@ -3438,7 +3947,7 @@ token_clear(directory_token_t *tok)
  * Return <b>tok</b> on success, or a new ERR_ token if the token didn't
  * conform to the syntax we wanted.
  **/
-static INLINE directory_token_t *
+static inline directory_token_t *
 token_check_object(memarea_t *area, const char *kwd,
                    directory_token_t *tok, obj_syntax o_syn)
 {
@@ -3503,7 +4012,7 @@ token_check_object(memarea_t *area, const char *kwd,
  * number of parsed elements into the n_args field of <b>tok</b>.  Allocate
  * all storage in <b>area</b>.  Return the number of arguments parsed, or
  * return -1 if there was an insanely high number of arguments. */
-static INLINE int
+static inline int
 get_token_arguments(memarea_t *area, directory_token_t *tok,
                     const char *s, const char *eol)
 {
@@ -3938,7 +4447,7 @@ router_get_hash_impl(const char *s, size_t s_len, char *digest,
 
 /** As router_get_hash_impl, but compute all hashes. */
 static int
-router_get_hashes_impl(const char *s, size_t s_len, digests_t *digests,
+router_get_hashes_impl(const char *s, size_t s_len, common_digests_t *digests,
                        const char *start_str,
                        const char *end_str, char end_c)
 {
@@ -3947,7 +4456,7 @@ router_get_hashes_impl(const char *s, size_t s_len, digests_t *digests,
                                   &start,&end)<0)
     return -1;
 
-  if (crypto_digest_all(digests, start, end-start)) {
+  if (crypto_common_digests(digests, start, end-start)) {
     log_warn(LD_BUG,"couldn't compute digests");
     return -1;
   }
@@ -4014,12 +4523,15 @@ find_start_of_next_microdesc(const char *s, const char *eos)
  * If <b>saved_location</b> isn't SAVED_IN_CACHE, make a local copy of each
  * descriptor in the body field of each microdesc_t.
  *
- * Return all newly
- * parsed microdescriptors in a newly allocated smartlist_t. */
+ * Return all newly parsed microdescriptors in a newly allocated
+ * smartlist_t. If <b>invalid_disgests_out</b> is provided, add a SHA256
+ * microdesc digest to it for every microdesc that we found to be badly
+ * formed. (This may cause duplicates) */
 smartlist_t *
 microdescs_parse_from_string(const char *s, const char *eos,
                              int allow_annotations,
-                             saved_location_t where)
+                             saved_location_t where,
+                             smartlist_t *invalid_digests_out)
 {
   smartlist_t *tokens;
   smartlist_t *result;
@@ -4041,21 +4553,20 @@ microdescs_parse_from_string(const char *s, const char *eos,
   tokens = smartlist_new();
 
   while (s < eos) {
+    int okay = 0;
+
     start_of_next_microdesc = find_start_of_next_microdesc(s, eos);
     if (!start_of_next_microdesc)
       start_of_next_microdesc = eos;
 
-    if (tokenize_string(area, s, start_of_next_microdesc, tokens,
-                        microdesc_token_table, flags)) {
-      log_warn(LD_DIR, "Unparseable microdescriptor");
-      goto next;
-    }
-
     md = tor_malloc_zero(sizeof(microdesc_t));
     {
       const char *cp = tor_memstr(s, start_of_next_microdesc-s,
                                   "onion-key");
-      tor_assert(cp);
+      const int no_onion_key = (cp == NULL);
+      if (no_onion_key) {
+        cp = s; /* So that we have *some* junk to put in the body */
+      }
 
       md->bodylen = start_of_next_microdesc - cp;
       md->saved_location = where;
@@ -4064,6 +4575,17 @@ microdescs_parse_from_string(const char *s, const char *eos,
       else
         md->body = (char*)cp;
       md->off = cp - start;
+      crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);
+      if (no_onion_key) {
+        log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Malformed or truncated descriptor");
+        goto next;
+      }
+    }
+
+    if (tokenize_string(area, s, start_of_next_microdesc, tokens,
+                        microdesc_token_table, flags)) {
+      log_warn(LD_DIR, "Unparseable microdescriptor");
+      goto next;
     }
 
     if ((tok = find_opt_by_keyword(tokens, A_LAST_LISTED))) {
@@ -4093,6 +4615,26 @@ microdescs_parse_from_string(const char *s, const char *eos,
         tor_memdup(&k, sizeof(curve25519_public_key_t));
     }
 
+    smartlist_t *id_lines = find_all_by_keyword(tokens, K_ID);
+    if (id_lines) {
+      SMARTLIST_FOREACH_BEGIN(id_lines, directory_token_t *, t) {
+        tor_assert(t->n_args >= 2);
+        if (!strcmp(t->args[0], "ed25519")) {
+          if (md->ed25519_identity_pkey) {
+            log_warn(LD_DIR, "Extra ed25519 key in microdesc");
+            goto next;
+          }
+          ed25519_public_key_t k;
+          if (ed25519_public_from_base64(&k, t->args[1])<0) {
+            log_warn(LD_DIR, "Bogus ed25519 key in microdesc");
+            goto next;
+          }
+          md->ed25519_identity_pkey = tor_memdup(&k, sizeof(k));
+        }
+      } SMARTLIST_FOREACH_END(t);
+      smartlist_free(id_lines);
+    }
+
     {
       smartlist_t *a_lines = find_all_by_keyword(tokens, K_A);
       if (a_lines) {
@@ -4121,12 +4663,15 @@ microdescs_parse_from_string(const char *s, const char *eos,
       md->ipv6_exit_policy = parse_short_policy(tok->args[0]);
     }
 
-    crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);
-
     smartlist_add(result, md);
+    okay = 1;
 
     md = NULL;
   next:
+    if (! okay && invalid_digests_out) {
+      smartlist_add(invalid_digests_out,
+                    tor_memdup(md->digest, DIGEST256_LEN));
+    }
     microdesc_free(md);
     md = NULL;
 
@@ -4143,14 +4688,6 @@ microdescs_parse_from_string(const char *s, const char *eos,
   return result;
 }
 
-/** Return true iff this Tor version can answer directory questions
- * about microdescriptors. */
-int
-tor_version_supports_microdescriptors(const char *platform)
-{
-  return tor_version_as_new_as(platform, "0.2.3.1-alpha");
-}
-
 /** Parse the Tor version of the platform string <b>platform</b>,
  * and compare it to the version in <b>cutoff</b>. Return 1 if
  * the router is at least as new as the cutoff, else return 0.
@@ -4207,40 +4744,50 @@ tor_version_parse(const char *s, tor_version_t *out)
   char *eos=NULL;
   const char *cp=NULL;
   /* Format is:
-   *   "Tor " ? NUM dot NUM dot NUM [ ( pre | rc | dot ) NUM [ - tag ] ]
+   *   "Tor " ? NUM dot NUM [ dot NUM [ ( pre | rc | dot ) NUM ] ] [ - tag ]
    */
   tor_assert(s);
   tor_assert(out);
 
   memset(out, 0, sizeof(tor_version_t));
-
+  out->status = VER_RELEASE;
   if (!strcasecmpstart(s, "Tor "))
     s += 4;
 
-  /* Get major. */
-  out->major = (int)strtol(s,&eos,10);
-  if (!eos || eos==s || *eos != '.') return -1;
-  cp = eos+1;
-
-  /* Get minor */
-  out->minor = (int) strtol(cp,&eos,10);
-  if (!eos || eos==cp || *eos != '.') return -1;
-  cp = eos+1;
-
-  /* Get micro */
-  out->micro = (int) strtol(cp,&eos,10);
-  if (!eos || eos==cp) return -1;
-  if (!*eos) {
-    out->status = VER_RELEASE;
-    out->patchlevel = 0;
+  cp = s;
+
+#define NUMBER(m)                               \
+  do {                                          \
+    out->m = (int)strtol(cp, &eos, 10);         \
+    if (!eos || eos == cp)                      \
+      return -1;                                \
+    cp = eos;                                   \
+  } while (0)
+
+#define DOT()                                   \
+  do {                                          \
+    if (*cp != '.')                             \
+      return -1;                                \
+    ++cp;                                       \
+  } while (0)
+
+  NUMBER(major);
+  DOT();
+  NUMBER(minor);
+  if (*cp == 0)
     return 0;
-  }
-  cp = eos;
+  else if (*cp == '-')
+    goto status_tag;
+  DOT();
+  NUMBER(micro);
 
   /* Get status */
-  if (*cp == '.') {
-    out->status = VER_RELEASE;
+  if (*cp == 0) {
+    return 0;
+  } else if (*cp == '.') {
     ++cp;
+  } else if (*cp == '-') {
+    goto status_tag;
   } else if (0==strncmp(cp, "pre", 3)) {
     out->status = VER_PRE;
     cp += 3;
@@ -4251,11 +4798,9 @@ tor_version_parse(const char *s, tor_version_t *out)
     return -1;
   }
 
-  /* Get patchlevel */
-  out->patchlevel = (int) strtol(cp,&eos,10);
-  if (!eos || eos==cp) return -1;
-  cp = eos;
+  NUMBER(patchlevel);
 
+ status_tag:
   /* Get status tag. */
   if (*cp == '-' || *cp == '.')
     ++cp;
@@ -4291,6 +4836,8 @@ tor_version_parse(const char *s, tor_version_t *out)
   }
 
   return 0;
+#undef NUMBER
+#undef DOT
 }
 
 /** Compare two tor versions; Return <0 if a < b; 0 if a ==b, >0 if a >
@@ -4389,6 +4936,9 @@ sort_version_list(smartlist_t *versions, int remove_duplicates)
  * to *<b>encoded_size_out</b>, and a pointer to the possibly next
  * descriptor to *<b>next_out</b>; return 0 for success (including validation)
  * and -1 for failure.
+ *
+ * If <b>as_hsdir</b> is 1, we're parsing this as an HSDir, and we should
+ * be strict about time formats.
  */
 int
 rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
@@ -4396,7 +4946,8 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
                                  char **intro_points_encrypted_out,
                                  size_t *intro_points_encrypted_size_out,
                                  size_t *encoded_size_out,
-                                 const char **next_out, const char *desc)
+                                 const char **next_out, const char *desc,
+                                 int as_hsdir)
 {
   rend_service_descriptor_t *result =
                             tor_malloc_zero(sizeof(rend_service_descriptor_t));
@@ -4410,6 +4961,8 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
   char public_key_hash[DIGEST_LEN];
   char test_desc_id[DIGEST_LEN];
   memarea_t *area = NULL;
+  const int strict_time_fmt = as_hsdir;
+
   tor_assert(desc);
   /* Check if desc starts correctly. */
   if (strncmp(desc, "rendezvous-service-descriptor ",
@@ -4458,8 +5011,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
   tok = find_by_keyword(tokens, R_RENDEZVOUS_SERVICE_DESCRIPTOR);
   tor_assert(tok == smartlist_get(tokens, 0));
   tor_assert(tok->n_args == 1);
-  if (strlen(tok->args[0]) != REND_DESC_ID_V2_LEN_BASE32 ||
-      strspn(tok->args[0], BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) {
+  if (!rend_valid_descriptor_id(tok->args[0])) {
     log_warn(LD_REND, "Invalid descriptor ID: '%s'", tok->args[0]);
     goto err;
   }
@@ -4504,7 +5056,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
    * descriptor. */
   tok = find_by_keyword(tokens, R_PUBLICATION_TIME);
   tor_assert(tok->n_args == 1);
-  if (parse_iso_time(tok->args[0], &result->timestamp) < 0) {
+  if (parse_iso_time_(tok->args[0], &result->timestamp, strict_time_fmt) < 0) {
     log_warn(LD_REND, "Invalid publication time: '%s'", tok->args[0]);
     goto err;
   }
diff --git a/src/or/routerparse.h b/src/or/routerparse.h
index 5d5d9e59ef..c46eb1c0ae 100644
--- a/src/or/routerparse.h
+++ b/src/or/routerparse.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -14,12 +14,13 @@
 
 int router_get_router_hash(const char *s, size_t s_len, char *digest);
 int router_get_dir_hash(const char *s, char *digest);
-int router_get_networkstatus_v3_hashes(const char *s, digests_t *digests);
+int router_get_networkstatus_v3_hashes(const char *s,
+                                       common_digests_t *digests);
 int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest);
 #define DIROBJ_MAX_SIG_LEN 256
 char *router_get_dirobj_signature(const char *digest,
                                   size_t digest_len,
-                                  crypto_pk_t *private_key);
+                                  const crypto_pk_t *private_key);
 int router_append_dirobj_signature(char *buf, size_t buf_len,
                                    const char *digest,
                                    size_t digest_len,
@@ -29,19 +30,21 @@ int router_parse_list_from_string(const char **s, const char *eos,
                                   saved_location_t saved_location,
                                   int is_extrainfo,
                                   int allow_annotations,
-                                  const char *prepend_annotations);
+                                  const char *prepend_annotations,
+                                  smartlist_t *invalid_digests_out);
 
 routerinfo_t *router_parse_entry_from_string(const char *s, const char *end,
                                              int cache_copy,
                                              int allow_annotations,
-                                             const char *prepend_annotations);
+                                             const char *prepend_annotations,
+                                             int *can_dl_again_out);
 extrainfo_t *extrainfo_parse_entry_from_string(const char *s, const char *end,
-                         int cache_copy, struct digest_ri_map_t *routermap);
-addr_policy_t *router_parse_addr_policy_item_from_string(const char *s,
-                                                  int assume_action);
+                             int cache_copy, struct digest_ri_map_t *routermap,
+                             int *can_dl_again_out);
+MOCK_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string,
+         (const char *s, int assume_action, int *malformed_list));
 version_status_t tor_version_is_obsolete(const char *myversion,
                                          const char *versionlist);
-int tor_version_supports_microdescriptors(const char *platform);
 int tor_version_as_new_as(const char *platform, const char *cutoff);
 int tor_version_parse(const char *s, tor_version_t *out);
 int tor_version_compare(tor_version_t *a, tor_version_t *b);
@@ -60,7 +63,8 @@ ns_detached_signatures_t *networkstatus_parse_detached_signatures(
 
 smartlist_t *microdescs_parse_from_string(const char *s, const char *eos,
                                           int allow_annotations,
-                                          saved_location_t where);
+                                          saved_location_t where,
+                                          smartlist_t *invalid_digests_out);
 
 authority_cert_t *authority_cert_parse_from_string(const char *s,
                                                    const char **end_of_string);
@@ -69,7 +73,8 @@ int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
                                      char **intro_points_encrypted_out,
                                      size_t *intro_points_encrypted_size_out,
                                      size_t *encoded_size_out,
-                                     const char **next_out, const char *desc);
+                                     const char **next_out, const char *desc,
+                                     int as_hsdir);
 int rend_decrypt_introduction_points(char **ipos_decrypted,
                                      size_t *ipos_decrypted_size,
                                      const char *descriptor_cookie,
@@ -80,5 +85,14 @@ int rend_parse_introduction_points(rend_service_descriptor_t *parsed,
                                    size_t intro_points_encoded_size);
 int rend_parse_client_keys(strmap_t *parsed_clients, const char *str);
 
+#ifdef ROUTERPARSE_PRIVATE
+STATIC int routerstatus_parse_guardfraction(const char *guardfraction_str,
+                                            networkstatus_t *vote,
+                                            vote_routerstatus_t *vote_rs,
+                                            routerstatus_t *rs);
+#endif
+
+#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"
+
 #endif
 
diff --git a/src/or/routerset.c b/src/or/routerset.c
index 7aee90d6db..f260914f4b 100644
--- a/src/or/routerset.c
+++ b/src/or/routerset.c
@@ -1,9 +1,18 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file routerset.c
+ *
+ * \brief Functions and structures to handle set-type selection of routers
+ *  by name, ID, address, etc.
+ */
+
+#define ROUTERSET_PRIVATE
+
 #include "or.h"
 #include "geoip.h"
 #include "nodelist.h"
@@ -12,39 +21,6 @@
 #include "routerparse.h"
 #include "routerset.h"
 
-/** A routerset specifies constraints on a set of possible routerinfos, based
- * on their names, identities, or addresses.  It is optimized for determining
- * whether a router is a member or not, in O(1+P) time, where P is the number
- * of address policy constraints. */
-struct routerset_t {
-  /** A list of strings for the elements of the policy.  Each string is either
-   * a nickname, a hexadecimal identity fingerprint, or an address policy.  A
-   * router belongs to the set if its nickname OR its identity OR its address
-   * matches an entry here. */
-  smartlist_t *list;
-  /** A map from lowercase nicknames of routers in the set to (void*)1 */
-  strmap_t *names;
-  /** A map from identity digests routers in the set to (void*)1 */
-  digestmap_t *digests;
-  /** An address policy for routers in the set.  For implementation reasons,
-   * a router belongs to the set if it is _rejected_ by this policy. */
-  smartlist_t *policies;
-
-  /** A human-readable description of what this routerset is for.  Used in
-   * log messages. */
-  char *description;
-
-  /** A list of the country codes in this set. */
-  smartlist_t *country_names;
-  /** Total number of countries we knew about when we built <b>countries</b>.*/
-  int n_countries;
-  /** Bit array mapping the return value of geoip_get_country() to 1 iff the
-   * country is a member of this routerset.  Note that we MUST call
-   * routerset_refresh_countries() whenever the geoip country list is
-   * reloaded. */
-  bitarray_t *countries;
-};
-
 /** Return a new empty routerset. */
 routerset_t *
 routerset_new(void)
@@ -60,7 +36,7 @@ routerset_new(void)
 
 /** If <b>c</b> is a country code in the form {cc}, return a newly allocated
  * string holding the "cc" part.  Else, return NULL. */
-static char *
+STATIC char *
 routerset_get_countryname(const char *c)
 {
   char *country;
@@ -116,10 +92,13 @@ routerset_parse(routerset_t *target, const char *s, const char *description)
   int added_countries = 0;
   char *countryname;
   smartlist_t *list = smartlist_new();
+  int malformed_list;
   smartlist_split_string(list, s, ",",
                          SPLIT_SKIP_SPACE | SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(list, char *, nick) {
       addr_policy_t *p;
+      /* if it doesn't pass our validation, assume it's malformed */
+      malformed_list = 1;
       if (is_legal_hexdigest(nick)) {
         char d[DIGEST_LEN];
         if (*nick == '$')
@@ -135,17 +114,25 @@ routerset_parse(routerset_t *target, const char *s, const char *description)
                   description);
         smartlist_add(target->country_names, countryname);
         added_countries = 1;
-      } else if ((strchr(nick,'.') || strchr(nick, '*')) &&
-                 (p = router_parse_addr_policy_item_from_string(
-                                     nick, ADDR_POLICY_REJECT))) {
+      } else if ((strchr(nick,'.') || strchr(nick, ':') ||  strchr(nick, '*'))
+                 && (p = router_parse_addr_policy_item_from_string(
+                                     nick, ADDR_POLICY_REJECT,
+                                     &malformed_list))) {
+        /* IPv4 addresses contain '.', IPv6 addresses contain ':',
+         * and wildcard addresses contain '*'. */
         log_debug(LD_CONFIG, "Adding address %s to %s", nick, description);
         smartlist_add(target->policies, p);
-      } else {
-        log_warn(LD_CONFIG, "Entry '%s' in %s is malformed.", nick,
-                 description);
+      } else if (malformed_list) {
+        log_warn(LD_CONFIG, "Entry '%s' in %s is malformed. Discarding entire"
+                 " list.", nick, description);
         r = -1;
         tor_free(nick);
         SMARTLIST_DEL_CURRENT(list, nick);
+      } else {
+        log_notice(LD_CONFIG, "Entry '%s' in %s is ignored. Using the"
+                   " remainder of the list.", nick, description);
+        tor_free(nick);
+        SMARTLIST_DEL_CURRENT(list, nick);
       }
   } SMARTLIST_FOREACH_END(nick);
   policy_expand_unspec(&target->policies);
@@ -193,6 +180,17 @@ routerset_is_empty(const routerset_t *set)
   return !set || smartlist_len(set->list) == 0;
 }
 
+/** Return the number of entries in <b>set</b>. This does NOT return a
+ * negative value. */
+int
+routerset_len(const routerset_t *set)
+{
+  if (!set) {
+    return 0;
+  }
+  return smartlist_len(set->list);
+}
+
 /** Helper.  Return true iff <b>set</b> contains a router based on the other
  * provided fields.  Return higher values for more specific subentries: a
  * single router is more specific than an address range of routers, which is
@@ -200,7 +198,7 @@ routerset_is_empty(const routerset_t *set)
  *
  * (If country is -1, then we take the country
  * from addr.) */
-static int
+STATIC int
 routerset_contains(const routerset_t *set, const tor_addr_t *addr,
                    uint16_t orport,
                    const char *nickname, const char *id_digest,
diff --git a/src/or/routerset.h b/src/or/routerset.h
index 8261c7fb09..c2f7205c3e 100644
--- a/src/or/routerset.h
+++ b/src/or/routerset.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -38,6 +38,47 @@ void routerset_subtract_nodes(smartlist_t *out,
 char *routerset_to_string(const routerset_t *routerset);
 int routerset_equal(const routerset_t *old, const routerset_t *new);
 void routerset_free(routerset_t *routerset);
+int routerset_len(const routerset_t *set);
 
+#ifdef ROUTERSET_PRIVATE
+STATIC char * routerset_get_countryname(const char *c);
+STATIC int routerset_contains(const routerset_t *set, const tor_addr_t *addr,
+                   uint16_t orport,
+                   const char *nickname, const char *id_digest,
+                   country_t country);
+
+/** A routerset specifies constraints on a set of possible routerinfos, based
+ * on their names, identities, or addresses.  It is optimized for determining
+ * whether a router is a member or not, in O(1+P) time, where P is the number
+ * of address policy constraints. */
+struct routerset_t {
+  /** A list of strings for the elements of the policy.  Each string is either
+   * a nickname, a hexadecimal identity fingerprint, or an address policy.  A
+   * router belongs to the set if its nickname OR its identity OR its address
+   * matches an entry here. */
+  smartlist_t *list;
+  /** A map from lowercase nicknames of routers in the set to (void*)1 */
+  strmap_t *names;
+  /** A map from identity digests routers in the set to (void*)1 */
+  digestmap_t *digests;
+  /** An address policy for routers in the set.  For implementation reasons,
+   * a router belongs to the set if it is _rejected_ by this policy. */
+  smartlist_t *policies;
+
+  /** A human-readable description of what this routerset is for.  Used in
+   * log messages. */
+  char *description;
+
+  /** A list of the country codes in this set. */
+  smartlist_t *country_names;
+  /** Total number of countries we knew about when we built <b>countries</b>.*/
+  int n_countries;
+  /** Bit array mapping the return value of geoip_get_country() to 1 iff the
+   * country is a member of this routerset.  Note that we MUST call
+   * routerset_refresh_countries() whenever the geoip country list is
+   * reloaded. */
+  bitarray_t *countries;
+};
+#endif
 #endif
 
diff --git a/src/or/scheduler.c b/src/or/scheduler.c
new file mode 100644
index 0000000000..8e4810b199
--- /dev/null
+++ b/src/or/scheduler.c
@@ -0,0 +1,711 @@
+/* * Copyright (c) 2013-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file scheduler.c
+ * \brief Relay scheduling system
+ **/
+
+#include "or.h"
+
+#define TOR_CHANNEL_INTERNAL_ /* For channel_flush_some_cells() */
+#include "channel.h"
+
+#include "compat_libevent.h"
+#define SCHEDULER_PRIVATE_
+#include "scheduler.h"
+
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#else
+#include <event.h>
+#endif
+
+/*
+ * Scheduler high/low watermarks
+ */
+
+static uint32_t sched_q_low_water = 16384;
+static uint32_t sched_q_high_water = 32768;
+
+/*
+ * Maximum cells to flush in a single call to channel_flush_some_cells();
+ * setting this low means more calls, but too high and we could overshoot
+ * sched_q_high_water.
+ */
+
+static uint32_t sched_max_flush_cells = 16;
+
+/*
+ * Write scheduling works by keeping track of which channels can
+ * accept cells, and have cells to write.  From the scheduler's perspective,
+ * a channel can be in four possible states:
+ *
+ * 1.) Not open for writes, no cells to send
+ *     - Not much to do here, and the channel will have scheduler_state ==
+ *       SCHED_CHAN_IDLE
+ *     - Transitions from:
+ *       - Open for writes/has cells by simultaneously draining all circuit
+ *         queues and filling the output buffer.
+ *     - Transitions to:
+ *       - Not open for writes/has cells by arrival of cells on an attached
+ *         circuit (this would be driven from append_cell_to_circuit_queue())
+ *       - Open for writes/no cells by a channel type specific path;
+ *         driven from connection_or_flushed_some() for channel_tls_t.
+ *
+ * 2.) Open for writes, no cells to send
+ *     - Not much here either; this will be the state an idle but open channel
+ *       can be expected to settle in.  It will have scheduler_state ==
+ *       SCHED_CHAN_WAITING_FOR_CELLS
+ *     - Transitions from:
+ *       - Not open for writes/no cells by flushing some of the output
+ *         buffer.
+ *       - Open for writes/has cells by the scheduler moving cells from
+ *         circuit queues to channel output queue, but not having enough
+ *         to fill the output queue.
+ *     - Transitions to:
+ *       - Open for writes/has cells by arrival of new cells on an attached
+ *         circuit, in append_cell_to_circuit_queue()
+ *
+ * 3.) Not open for writes, cells to send
+ *     - This is the state of a busy circuit limited by output bandwidth;
+ *       cells have piled up in the circuit queues waiting to be relayed.
+ *       The channel will have scheduler_state == SCHED_CHAN_WAITING_TO_WRITE.
+ *     - Transitions from:
+ *       - Not open for writes/no cells by arrival of cells on an attached
+ *         circuit
+ *       - Open for writes/has cells by filling an output buffer without
+ *         draining all cells from attached circuits
+ *    - Transitions to:
+ *       - Opens for writes/has cells by draining some of the output buffer
+ *         via the connection_or_flushed_some() path (for channel_tls_t).
+ *
+ * 4.) Open for writes, cells to send
+ *     - This connection is ready to relay some cells and waiting for
+ *       the scheduler to choose it.  The channel will have scheduler_state ==
+ *       SCHED_CHAN_PENDING.
+ *     - Transitions from:
+ *       - Not open for writes/has cells by the connection_or_flushed_some()
+ *         path
+ *       - Open for writes/no cells by the append_cell_to_circuit_queue()
+ *         path
+ *     - Transitions to:
+ *       - Not open for writes/no cells by draining all circuit queues and
+ *         simultaneously filling the output buffer.
+ *       - Not open for writes/has cells by writing enough cells to fill the
+ *         output buffer
+ *       - Open for writes/no cells by draining all attached circuit queues
+ *         without also filling the output buffer
+ *
+ * Other event-driven parts of the code move channels between these scheduling
+ * states by calling scheduler functions; the scheduler only runs on open-for-
+ * writes/has-cells channels and is the only path for those to transition to
+ * other states.  The scheduler_run() function gives us the opportunity to do
+ * scheduling work, and is called from other scheduler functions whenever a
+ * state transition occurs, and periodically from the main event loop.
+ */
+
+/* Scheduler global data structures */
+
+/*
+ * We keep a list of channels that are pending - i.e, have cells to write
+ * and can accept them to send.  The enum scheduler_state in channel_t
+ * is reserved for our use.
+ */
+
+/* Pqueue of channels that can write and have cells (pending work) */
+STATIC smartlist_t *channels_pending = NULL;
+
+/*
+ * This event runs the scheduler from its callback, and is manually
+ * activated whenever a channel enters open for writes/cells to send.
+ */
+
+STATIC struct event *run_sched_ev = NULL;
+
+/*
+ * Queue heuristic; this is not the queue size, but an 'effective queuesize'
+ * that ages out contributions from stalled channels.
+ */
+
+STATIC uint64_t queue_heuristic = 0;
+
+/*
+ * Timestamp for last queue heuristic update
+ */
+
+STATIC time_t queue_heuristic_timestamp = 0;
+
+/* Scheduler static function declarations */
+
+static void scheduler_evt_callback(evutil_socket_t fd,
+                                   short events, void *arg);
+static int scheduler_more_work(void);
+static void scheduler_retrigger(void);
+#if 0
+static void scheduler_trigger(void);
+#endif
+
+/* Scheduler function implementations */
+
+/** Free everything and shut down the scheduling system */
+
+void
+scheduler_free_all(void)
+{
+  log_debug(LD_SCHED, "Shutting down scheduler");
+
+  if (run_sched_ev) {
+    if (event_del(run_sched_ev) < 0) {
+      log_warn(LD_BUG, "Problem deleting run_sched_ev");
+    }
+    tor_event_free(run_sched_ev);
+    run_sched_ev = NULL;
+  }
+
+  if (channels_pending) {
+    smartlist_free(channels_pending);
+    channels_pending = NULL;
+  }
+}
+
+/**
+ * Comparison function to use when sorting pending channels
+ */
+
+MOCK_IMPL(STATIC int,
+scheduler_compare_channels, (const void *c1_v, const void *c2_v))
+{
+  channel_t *c1 = NULL, *c2 = NULL;
+  /* These are a workaround for -Wbad-function-cast throwing a fit */
+  const circuitmux_policy_t *p1, *p2;
+  uintptr_t p1_i, p2_i;
+
+  tor_assert(c1_v);
+  tor_assert(c2_v);
+
+  c1 = (channel_t *)(c1_v);
+  c2 = (channel_t *)(c2_v);
+
+  tor_assert(c1);
+  tor_assert(c2);
+
+  if (c1 != c2) {
+    if (circuitmux_get_policy(c1->cmux) ==
+        circuitmux_get_policy(c2->cmux)) {
+      /* Same cmux policy, so use the mux comparison */
+      return circuitmux_compare_muxes(c1->cmux, c2->cmux);
+    } else {
+      /*
+       * Different policies; not important to get this edge case perfect
+       * because the current code never actually gives different channels
+       * different cmux policies anyway.  Just use this arbitrary but
+       * definite choice.
+       */
+      p1 = circuitmux_get_policy(c1->cmux);
+      p2 = circuitmux_get_policy(c2->cmux);
+      p1_i = (uintptr_t)p1;
+      p2_i = (uintptr_t)p2;
+
+      return (p1_i < p2_i) ? -1 : 1;
+    }
+  } else {
+    /* c1 == c2, so always equal */
+    return 0;
+  }
+}
+
+/*
+ * Scheduler event callback; this should get triggered once per event loop
+ * if any scheduling work was created during the event loop.
+ */
+
+static void
+scheduler_evt_callback(evutil_socket_t fd, short events, void *arg)
+{
+  (void)fd;
+  (void)events;
+  (void)arg;
+  log_debug(LD_SCHED, "Scheduler event callback called");
+
+  tor_assert(run_sched_ev);
+
+  /* Run the scheduler */
+  scheduler_run();
+
+  /* Do we have more work to do? */
+  if (scheduler_more_work()) scheduler_retrigger();
+}
+
+/** Mark a channel as no longer ready to accept writes */
+
+MOCK_IMPL(void,
+scheduler_channel_doesnt_want_writes,(channel_t *chan))
+{
+  tor_assert(chan);
+
+  tor_assert(channels_pending);
+
+  /* If it's already in pending, we can put it in waiting_to_write */
+  if (chan->scheduler_state == SCHED_CHAN_PENDING) {
+    /*
+     * It's in channels_pending, so it shouldn't be in any of
+     * the other lists.  It can't write any more, so it goes to
+     * channels_waiting_to_write.
+     */
+    smartlist_pqueue_remove(channels_pending,
+                            scheduler_compare_channels,
+                            STRUCT_OFFSET(channel_t, sched_heap_idx),
+                            chan);
+    chan->scheduler_state = SCHED_CHAN_WAITING_TO_WRITE;
+    log_debug(LD_SCHED,
+              "Channel " U64_FORMAT " at %p went from pending "
+              "to waiting_to_write",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+  } else {
+    /*
+     * It's not in pending, so it can't become waiting_to_write; it's
+     * either not in any of the lists (nothing to do) or it's already in
+     * waiting_for_cells (remove it, can't write any more).
+     */
+    if (chan->scheduler_state == SCHED_CHAN_WAITING_FOR_CELLS) {
+      chan->scheduler_state = SCHED_CHAN_IDLE;
+      log_debug(LD_SCHED,
+                "Channel " U64_FORMAT " at %p left waiting_for_cells",
+                U64_PRINTF_ARG(chan->global_identifier), chan);
+    }
+  }
+}
+
+/** Mark a channel as having waiting cells */
+
+MOCK_IMPL(void,
+scheduler_channel_has_waiting_cells,(channel_t *chan))
+{
+  int became_pending = 0;
+
+  tor_assert(chan);
+  tor_assert(channels_pending);
+
+  /* First, check if this one also writeable */
+  if (chan->scheduler_state == SCHED_CHAN_WAITING_FOR_CELLS) {
+    /*
+     * It's in channels_waiting_for_cells, so it shouldn't be in any of
+     * the other lists.  It has waiting cells now, so it goes to
+     * channels_pending.
+     */
+    chan->scheduler_state = SCHED_CHAN_PENDING;
+    smartlist_pqueue_add(channels_pending,
+                         scheduler_compare_channels,
+                         STRUCT_OFFSET(channel_t, sched_heap_idx),
+                         chan);
+    log_debug(LD_SCHED,
+              "Channel " U64_FORMAT " at %p went from waiting_for_cells "
+              "to pending",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+    became_pending = 1;
+  } else {
+    /*
+     * It's not in waiting_for_cells, so it can't become pending; it's
+     * either not in any of the lists (we add it to waiting_to_write)
+     * or it's already in waiting_to_write or pending (we do nothing)
+     */
+    if (!(chan->scheduler_state == SCHED_CHAN_WAITING_TO_WRITE ||
+          chan->scheduler_state == SCHED_CHAN_PENDING)) {
+      chan->scheduler_state = SCHED_CHAN_WAITING_TO_WRITE;
+      log_debug(LD_SCHED,
+                "Channel " U64_FORMAT " at %p entered waiting_to_write",
+                U64_PRINTF_ARG(chan->global_identifier), chan);
+    }
+  }
+
+  /*
+   * If we made a channel pending, we potentially have scheduling work
+   * to do.
+   */
+  if (became_pending) scheduler_retrigger();
+}
+
+/** Set up the scheduling system */
+
+void
+scheduler_init(void)
+{
+  log_debug(LD_SCHED, "Initting scheduler");
+
+  tor_assert(!run_sched_ev);
+  run_sched_ev = tor_event_new(tor_libevent_get_base(), -1,
+                               0, scheduler_evt_callback, NULL);
+
+  channels_pending = smartlist_new();
+  queue_heuristic = 0;
+  queue_heuristic_timestamp = approx_time();
+}
+
+/** Check if there's more scheduling work */
+
+static int
+scheduler_more_work(void)
+{
+  tor_assert(channels_pending);
+
+  return ((scheduler_get_queue_heuristic() < sched_q_low_water) &&
+          ((smartlist_len(channels_pending) > 0))) ? 1 : 0;
+}
+
+/** Retrigger the scheduler in a way safe to use from the callback */
+
+static void
+scheduler_retrigger(void)
+{
+  tor_assert(run_sched_ev);
+  event_active(run_sched_ev, EV_TIMEOUT, 1);
+}
+
+/** Notify the scheduler of a channel being closed */
+
+MOCK_IMPL(void,
+scheduler_release_channel,(channel_t *chan))
+{
+  tor_assert(chan);
+  tor_assert(channels_pending);
+
+  if (chan->scheduler_state == SCHED_CHAN_PENDING) {
+    smartlist_pqueue_remove(channels_pending,
+                            scheduler_compare_channels,
+                            STRUCT_OFFSET(channel_t, sched_heap_idx),
+                            chan);
+  }
+
+  chan->scheduler_state = SCHED_CHAN_IDLE;
+}
+
+/** Run the scheduling algorithm if necessary */
+
+MOCK_IMPL(void,
+scheduler_run, (void))
+{
+  int n_cells, n_chans_before, n_chans_after;
+  uint64_t q_len_before, q_heur_before, q_len_after, q_heur_after;
+  ssize_t flushed, flushed_this_time;
+  smartlist_t *to_readd = NULL;
+  channel_t *chan = NULL;
+
+  log_debug(LD_SCHED, "We have a chance to run the scheduler");
+
+  if (scheduler_get_queue_heuristic() < sched_q_low_water) {
+    n_chans_before = smartlist_len(channels_pending);
+    q_len_before = channel_get_global_queue_estimate();
+    q_heur_before = scheduler_get_queue_heuristic();
+
+    while (scheduler_get_queue_heuristic() <= sched_q_high_water &&
+           smartlist_len(channels_pending) > 0) {
+      /* Pop off a channel */
+      chan = smartlist_pqueue_pop(channels_pending,
+                                  scheduler_compare_channels,
+                                  STRUCT_OFFSET(channel_t, sched_heap_idx));
+      tor_assert(chan);
+
+      /* Figure out how many cells we can write */
+      n_cells = channel_num_cells_writeable(chan);
+      if (n_cells > 0) {
+        log_debug(LD_SCHED,
+                  "Scheduler saw pending channel " U64_FORMAT " at %p with "
+                  "%d cells writeable",
+                  U64_PRINTF_ARG(chan->global_identifier), chan, n_cells);
+
+        flushed = 0;
+        while (flushed < n_cells &&
+               scheduler_get_queue_heuristic() <= sched_q_high_water) {
+          flushed_this_time =
+            channel_flush_some_cells(chan,
+                                     MIN(sched_max_flush_cells,
+                                         (size_t) n_cells - flushed));
+          if (flushed_this_time <= 0) break;
+          flushed += flushed_this_time;
+        }
+
+        if (flushed < n_cells) {
+          /* We ran out of cells to flush */
+          chan->scheduler_state = SCHED_CHAN_WAITING_FOR_CELLS;
+          log_debug(LD_SCHED,
+                    "Channel " U64_FORMAT " at %p "
+                    "entered waiting_for_cells from pending",
+                    U64_PRINTF_ARG(chan->global_identifier),
+                    chan);
+        } else {
+          /* The channel may still have some cells */
+          if (channel_more_to_flush(chan)) {
+          /* The channel goes to either pending or waiting_to_write */
+            if (channel_num_cells_writeable(chan) > 0) {
+              /* Add it back to pending later */
+              if (!to_readd) to_readd = smartlist_new();
+              smartlist_add(to_readd, chan);
+              log_debug(LD_SCHED,
+                        "Channel " U64_FORMAT " at %p "
+                        "is still pending",
+                        U64_PRINTF_ARG(chan->global_identifier),
+                        chan);
+            } else {
+              /* It's waiting to be able to write more */
+              chan->scheduler_state = SCHED_CHAN_WAITING_TO_WRITE;
+              log_debug(LD_SCHED,
+                        "Channel " U64_FORMAT " at %p "
+                        "entered waiting_to_write from pending",
+                        U64_PRINTF_ARG(chan->global_identifier),
+                        chan);
+            }
+          } else {
+            /* No cells left; it can go to idle or waiting_for_cells */
+            if (channel_num_cells_writeable(chan) > 0) {
+              /*
+               * It can still accept writes, so it goes to
+               * waiting_for_cells
+               */
+              chan->scheduler_state = SCHED_CHAN_WAITING_FOR_CELLS;
+              log_debug(LD_SCHED,
+                        "Channel " U64_FORMAT " at %p "
+                        "entered waiting_for_cells from pending",
+                        U64_PRINTF_ARG(chan->global_identifier),
+                        chan);
+            } else {
+              /*
+               * We exactly filled up the output queue with all available
+               * cells; go to idle.
+               */
+              chan->scheduler_state = SCHED_CHAN_IDLE;
+              log_debug(LD_SCHED,
+                        "Channel " U64_FORMAT " at %p "
+                        "become idle from pending",
+                        U64_PRINTF_ARG(chan->global_identifier),
+                        chan);
+            }
+          }
+        }
+
+        log_debug(LD_SCHED,
+                  "Scheduler flushed %d cells onto pending channel "
+                  U64_FORMAT " at %p",
+                  (int)flushed, U64_PRINTF_ARG(chan->global_identifier),
+                  chan);
+      } else {
+        log_info(LD_SCHED,
+                 "Scheduler saw pending channel " U64_FORMAT " at %p with "
+                 "no cells writeable",
+                 U64_PRINTF_ARG(chan->global_identifier), chan);
+        /* Put it back to WAITING_TO_WRITE */
+        chan->scheduler_state = SCHED_CHAN_WAITING_TO_WRITE;
+      }
+    }
+
+    /* Readd any channels we need to */
+    if (to_readd) {
+      SMARTLIST_FOREACH_BEGIN(to_readd, channel_t *, chan) {
+        chan->scheduler_state = SCHED_CHAN_PENDING;
+        smartlist_pqueue_add(channels_pending,
+                             scheduler_compare_channels,
+                             STRUCT_OFFSET(channel_t, sched_heap_idx),
+                             chan);
+      } SMARTLIST_FOREACH_END(chan);
+      smartlist_free(to_readd);
+    }
+
+    n_chans_after = smartlist_len(channels_pending);
+    q_len_after = channel_get_global_queue_estimate();
+    q_heur_after = scheduler_get_queue_heuristic();
+    log_debug(LD_SCHED,
+              "Scheduler handled %d of %d pending channels, queue size from "
+              U64_FORMAT " to " U64_FORMAT ", queue heuristic from "
+              U64_FORMAT " to " U64_FORMAT,
+              n_chans_before - n_chans_after, n_chans_before,
+              U64_PRINTF_ARG(q_len_before), U64_PRINTF_ARG(q_len_after),
+              U64_PRINTF_ARG(q_heur_before), U64_PRINTF_ARG(q_heur_after));
+  }
+}
+
+/** Trigger the scheduling event so we run the scheduler later */
+
+#if 0
+static void
+scheduler_trigger(void)
+{
+  log_debug(LD_SCHED, "Triggering scheduler event");
+
+  tor_assert(run_sched_ev);
+
+  event_add(run_sched_ev, EV_TIMEOUT, 1);
+}
+#endif
+
+/** Mark a channel as ready to accept writes */
+
+void
+scheduler_channel_wants_writes(channel_t *chan)
+{
+  int became_pending = 0;
+
+  tor_assert(chan);
+  tor_assert(channels_pending);
+
+  /* If it's already in waiting_to_write, we can put it in pending */
+  if (chan->scheduler_state == SCHED_CHAN_WAITING_TO_WRITE) {
+    /*
+     * It can write now, so it goes to channels_pending.
+     */
+    smartlist_pqueue_add(channels_pending,
+                         scheduler_compare_channels,
+                         STRUCT_OFFSET(channel_t, sched_heap_idx),
+                         chan);
+    chan->scheduler_state = SCHED_CHAN_PENDING;
+    log_debug(LD_SCHED,
+              "Channel " U64_FORMAT " at %p went from waiting_to_write "
+              "to pending",
+              U64_PRINTF_ARG(chan->global_identifier), chan);
+    became_pending = 1;
+  } else {
+    /*
+     * It's not in SCHED_CHAN_WAITING_TO_WRITE, so it can't become pending;
+     * it's either idle and goes to WAITING_FOR_CELLS, or it's a no-op.
+     */
+    if (!(chan->scheduler_state == SCHED_CHAN_WAITING_FOR_CELLS ||
+          chan->scheduler_state == SCHED_CHAN_PENDING)) {
+      chan->scheduler_state = SCHED_CHAN_WAITING_FOR_CELLS;
+      log_debug(LD_SCHED,
+                "Channel " U64_FORMAT " at %p entered waiting_for_cells",
+                U64_PRINTF_ARG(chan->global_identifier), chan);
+    }
+  }
+
+  /*
+   * If we made a channel pending, we potentially have scheduling work
+   * to do.
+   */
+  if (became_pending) scheduler_retrigger();
+}
+
+/**
+ * Notify the scheduler that a channel's position in the pqueue may have
+ * changed
+ */
+
+void
+scheduler_touch_channel(channel_t *chan)
+{
+  tor_assert(chan);
+
+  if (chan->scheduler_state == SCHED_CHAN_PENDING) {
+    /* Remove and re-add it */
+    smartlist_pqueue_remove(channels_pending,
+                            scheduler_compare_channels,
+                            STRUCT_OFFSET(channel_t, sched_heap_idx),
+                            chan);
+    smartlist_pqueue_add(channels_pending,
+                         scheduler_compare_channels,
+                         STRUCT_OFFSET(channel_t, sched_heap_idx),
+                         chan);
+  }
+  /* else no-op, since it isn't in the queue */
+}
+
+/**
+ * Notify the scheduler of a queue size adjustment, to recalculate the
+ * queue heuristic.
+ */
+
+void
+scheduler_adjust_queue_size(channel_t *chan, int dir, uint64_t adj)
+{
+  time_t now = approx_time();
+
+  log_debug(LD_SCHED,
+            "Queue size adjustment by %s" U64_FORMAT " for channel "
+            U64_FORMAT,
+            (dir >= 0) ? "+" : "-",
+            U64_PRINTF_ARG(adj),
+            U64_PRINTF_ARG(chan->global_identifier));
+
+  /* Get the queue heuristic up to date */
+  scheduler_update_queue_heuristic(now);
+
+  /* Adjust as appropriate */
+  if (dir >= 0) {
+    /* Increasing it */
+    queue_heuristic += adj;
+  } else {
+    /* Decreasing it */
+    if (queue_heuristic > adj) queue_heuristic -= adj;
+    else queue_heuristic = 0;
+  }
+
+  log_debug(LD_SCHED,
+            "Queue heuristic is now " U64_FORMAT,
+            U64_PRINTF_ARG(queue_heuristic));
+}
+
+/**
+ * Query the current value of the queue heuristic
+ */
+
+STATIC uint64_t
+scheduler_get_queue_heuristic(void)
+{
+  time_t now = approx_time();
+
+  scheduler_update_queue_heuristic(now);
+
+  return queue_heuristic;
+}
+
+/**
+ * Adjust the queue heuristic value to the present time
+ */
+
+STATIC void
+scheduler_update_queue_heuristic(time_t now)
+{
+  time_t diff;
+
+  if (queue_heuristic_timestamp == 0) {
+    /*
+     * Nothing we can sensibly do; must not have been initted properly.
+     * Oh well.
+     */
+    queue_heuristic_timestamp = now;
+  } else if (queue_heuristic_timestamp < now) {
+    diff = now - queue_heuristic_timestamp;
+    /*
+     * This is a simple exponential age-out; the other proposed alternative
+     * was a linear age-out using the bandwidth history in rephist.c; I'm
+     * going with this out of concern that if an adversary can jam the
+     * scheduler long enough, it would cause the bandwidth to drop to
+     * zero and render the aging mechanism ineffective thereafter.
+     */
+    if (0 <= diff && diff < 64) queue_heuristic >>= diff;
+    else queue_heuristic = 0;
+
+    queue_heuristic_timestamp = now;
+
+    log_debug(LD_SCHED,
+              "Queue heuristic is now " U64_FORMAT,
+              U64_PRINTF_ARG(queue_heuristic));
+  }
+  /* else no update needed, or time went backward */
+}
+
+/**
+ * Set scheduler watermarks and flush size
+ */
+
+void
+scheduler_set_watermarks(uint32_t lo, uint32_t hi, uint32_t max_flush)
+{
+  /* Sanity assertions - caller should ensure these are true */
+  tor_assert(lo > 0);
+  tor_assert(hi > lo);
+  tor_assert(max_flush > 0);
+
+  sched_q_low_water = lo;
+  sched_q_high_water = hi;
+  sched_max_flush_cells = max_flush;
+}
+
diff --git a/src/or/scheduler.h b/src/or/scheduler.h
new file mode 100644
index 0000000000..94a44a0aa3
--- /dev/null
+++ b/src/or/scheduler.h
@@ -0,0 +1,50 @@
+/* * Copyright (c) 2013-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file scheduler.h
+ * \brief Header file for scheduler.c
+ **/
+
+#ifndef TOR_SCHEDULER_H
+#define TOR_SCHEDULER_H
+
+#include "or.h"
+#include "channel.h"
+#include "testsupport.h"
+
+/* Global-visibility scheduler functions */
+
+/* Set up and shut down the scheduler from main.c */
+void scheduler_free_all(void);
+void scheduler_init(void);
+MOCK_DECL(void, scheduler_run, (void));
+
+/* Mark channels as having cells or wanting/not wanting writes */
+MOCK_DECL(void,scheduler_channel_doesnt_want_writes,(channel_t *chan));
+MOCK_DECL(void,scheduler_channel_has_waiting_cells,(channel_t *chan));
+void scheduler_channel_wants_writes(channel_t *chan);
+
+/* Notify the scheduler of a channel being closed */
+MOCK_DECL(void,scheduler_release_channel,(channel_t *chan));
+
+/* Notify scheduler of queue size adjustments */
+void scheduler_adjust_queue_size(channel_t *chan, int dir, uint64_t adj);
+
+/* Notify scheduler that a channel's queue position may have changed */
+void scheduler_touch_channel(channel_t *chan);
+
+/* Adjust the watermarks from config file*/
+void scheduler_set_watermarks(uint32_t lo, uint32_t hi, uint32_t max_flush);
+
+/* Things only scheduler.c and its test suite should see */
+
+#ifdef SCHEDULER_PRIVATE_
+MOCK_DECL(STATIC int, scheduler_compare_channels,
+          (const void *c1_v, const void *c2_v));
+STATIC uint64_t scheduler_get_queue_heuristic(void);
+STATIC void scheduler_update_queue_heuristic(time_t now);
+#endif
+
+#endif /* !defined(TOR_SCHEDULER_H) */
+
diff --git a/src/or/statefile.c b/src/or/statefile.c
index 7b9998fc1a..9594d9cec3 100644
--- a/src/or/statefile.c
+++ b/src/or/statefile.c
@@ -1,14 +1,22 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
+/**
+ * \file statefile.c
+ *
+ * \brief Handles parsing and encoding the persistent 'state' file that carries
+ *  miscellaneous persistent state between Tor invocations.
+ */
+
 #define STATEFILE_PRIVATE
 #include "or.h"
 #include "circuitstats.h"
 #include "config.h"
 #include "confparse.h"
+#include "connection.h"
 #include "entrynodes.h"
 #include "hibernate.h"
 #include "rephist.h"
@@ -323,7 +331,10 @@ or_state_load(void)
         goto done;
       }
       break;
+    /* treat empty state files as if the file doesn't exist, and generate
+     * a new state file, overwriting the empty file in or_state_save() */
     case FN_NOENT:
+    case FN_EMPTY:
       break;
     case FN_ERROR:
     case FN_DIR:
@@ -369,6 +380,12 @@ or_state_load(void)
     new_state = or_state_new();
   } else if (contents) {
     log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
+    /* Warn the user if their clock has been set backwards,
+     * they could be tricked into using old consensuses */
+    time_t apparent_skew = new_state->LastWritten - time(NULL);
+    if (apparent_skew > 0)
+      clock_skew_warning(NULL, (long)apparent_skew, 1, LD_GENERAL,
+                         "local state file", fname);
   } else {
     log_info(LD_GENERAL, "Initialized state");
   }
diff --git a/src/or/statefile.h b/src/or/statefile.h
index 15bb0b4aae..b13743481d 100644
--- a/src/or/statefile.h
+++ b/src/or/statefile.h
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_STATEFILE_H
diff --git a/src/or/status.c b/src/or/status.c
index afaa9de840..749cee4edf 100644
--- a/src/or/status.c
+++ b/src/or/status.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2013, The Tor Project, Inc. */
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -23,18 +23,13 @@
 #include "statefile.h"
 
 static void log_accounting(const time_t now, const or_options_t *options);
+#include "geoip.h"
 
 /** Return the total number of circuits. */
 STATIC int
 count_circuits(void)
 {
-  circuit_t *circ;
-  int nr=0;
-
-  TOR_LIST_FOREACH(circ, circuit_get_global_list(), head)
-    nr++;
-
-  return nr;
+  return smartlist_len(circuit_get_global_list());
 }
 
 /** Take seconds <b>secs</b> and return a newly allocated human-readable
@@ -98,7 +93,6 @@ log_heartbeat(time_t now)
   const int hibernating = we_are_hibernating();
 
   const or_options_t *options = get_options();
-  (void)now;
 
   if (public_server_mode(options) && !hibernating) {
     /* Let's check if we are in the current cached consensus. */
@@ -116,28 +110,47 @@ log_heartbeat(time_t now)
 
   log_fn(LOG_NOTICE, LD_HEARTBEAT, "Heartbeat: Tor's uptime is %s, with %d "
          "circuits open. I've sent %s and received %s.%s",
-         uptime, count_circuits(),bw_sent,bw_rcvd,
+         uptime, count_circuits(), bw_sent, bw_rcvd,
          hibernating?" We are currently hibernating.":"");
 
   if (server_mode(options) && accounting_is_enabled(options) && !hibernating) {
     log_accounting(now, options);
   }
 
-  if (stats_n_data_cells_packaged && !hibernating)
-    log_notice(LD_HEARTBEAT, "Average packaged cell fullness: %2.3f%%",
-        100*(U64_TO_DBL(stats_n_data_bytes_packaged) /
-             U64_TO_DBL(stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE)) );
-
-  if (r > 1.0) {
-    double overhead = ( r - 1.0 ) * 100.0;
-    log_notice(LD_HEARTBEAT, "TLS write overhead: %.f%%", overhead);
+  double fullness_pct = 100;
+  if (stats_n_data_cells_packaged && !hibernating) {
+    fullness_pct =
+      100*(U64_TO_DBL(stats_n_data_bytes_packaged) /
+           U64_TO_DBL(stats_n_data_cells_packaged*RELAY_PAYLOAD_SIZE));
   }
+  const double overhead_pct = ( r - 1.0 ) * 100.0;
+
+#define FULLNESS_PCT_THRESHOLD 80
+#define TLS_OVERHEAD_THRESHOLD 15
 
-  if (public_server_mode(options))
+  const int severity = (fullness_pct < FULLNESS_PCT_THRESHOLD ||
+                        overhead_pct > TLS_OVERHEAD_THRESHOLD)
+    ? LOG_NOTICE : LOG_INFO;
+
+  log_fn(severity, LD_HEARTBEAT,
+         "Average packaged cell fullness: %2.3f%%. "
+         "TLS write overhead: %.f%%", fullness_pct, overhead_pct);
+
+  if (public_server_mode(options)) {
     rep_hist_log_circuit_handshake_stats(now);
+    rep_hist_log_link_protocol_counts();
+  }
 
   circuit_log_ancient_one_hop_circuits(1800);
 
+  if (options->BridgeRelay) {
+    char *msg = NULL;
+    msg = format_client_stats_heartbeat(now);
+    if (msg)
+      log_notice(LD_HEARTBEAT, "%s", msg);
+    tor_free(msg);
+  }
+
   tor_free(uptime);
   tor_free(bw_sent);
   tor_free(bw_rcvd);
@@ -151,20 +164,38 @@ log_accounting(const time_t now, const or_options_t *options)
   or_state_t *state = get_or_state();
   char *acc_rcvd = bytes_to_usage(state->AccountingBytesReadInInterval);
   char *acc_sent = bytes_to_usage(state->AccountingBytesWrittenInInterval);
-  char *acc_max = bytes_to_usage(options->AccountingMax);
+  char *acc_used = bytes_to_usage(get_accounting_bytes());
+  uint64_t acc_bytes = options->AccountingMax;
+  char *acc_max;
   time_t interval_end = accounting_get_end_time();
   char end_buf[ISO_TIME_LEN + 1];
   char *remaining = NULL;
+  acc_max = bytes_to_usage(acc_bytes);
   format_local_iso_time(end_buf, interval_end);
   remaining = secs_to_uptime(interval_end - now);
 
+  const char *acc_rule;
+  switch (options->AccountingRule) {
+    case ACCT_MAX: acc_rule = "max";
+    break;
+    case ACCT_SUM: acc_rule = "sum";
+    break;
+    case ACCT_OUT: acc_rule = "out";
+    break;
+    case ACCT_IN: acc_rule = "in";
+    break;
+    default: acc_rule = "max";
+    break;
+  }
+
   log_notice(LD_HEARTBEAT, "Heartbeat: Accounting enabled. "
-      "Sent: %s / %s, Received: %s / %s. The "
+      "Sent: %s, Received: %s, Used: %s / %s, Rule: %s. The "
       "current accounting interval ends on %s, in %s.",
-      acc_sent, acc_max, acc_rcvd, acc_max, end_buf, remaining);
+      acc_sent, acc_rcvd, acc_used, acc_max, acc_rule, end_buf, remaining);
 
   tor_free(acc_rcvd);
   tor_free(acc_sent);
+  tor_free(acc_used);
   tor_free(acc_max);
   tor_free(remaining);
 }
diff --git a/src/or/status.h b/src/or/status.h
index 13458ea476..b97e835037 100644
--- a/src/or/status.h
+++ b/src/or/status.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2013, The Tor Project, Inc. */
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_STATUS_H
diff --git a/src/or/tor_main.c b/src/or/tor_main.c
index 05dc0bf0bf..ac32eef559 100644
--- a/src/or/tor_main.c
+++ b/src/or/tor_main.c
@@ -1,6 +1,6 @@
 /* Copyright 2001-2004 Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /** String describing which Tor Git repository version the source was
@@ -27,6 +27,10 @@ int tor_main(int argc, char *argv[]);
 int
 main(int argc, char *argv[])
 {
-  return tor_main(argc, argv);
+  int r = tor_main(argc, argv);
+  if (r < 0 || r > 255)
+    return 1;
+  else
+    return r;
 }
 
diff --git a/src/or/torcert.c b/src/or/torcert.c
new file mode 100644
index 0000000000..a6a33c675a
--- /dev/null
+++ b/src/or/torcert.c
@@ -0,0 +1,297 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file torcert.c
+ *
+ * \brief Implementation for ed25519-signed certificates as used in the Tor
+ * protocol.
+ */
+
+#include "crypto.h"
+#include "torcert.h"
+#include "ed25519_cert.h"
+#include "torlog.h"
+#include "util.h"
+#include "compat.h"
+#include "link_handshake.h"
+
+/** Helper for tor_cert_create(): signs any 32 bytes, not just an ed25519
+ * key.
+ */
+static tor_cert_t *
+tor_cert_sign_impl(const ed25519_keypair_t *signing_key,
+                      uint8_t cert_type,
+                      uint8_t signed_key_type,
+                      const uint8_t signed_key_info[32],
+                      time_t now, time_t lifetime,
+                      uint32_t flags)
+{
+  tor_cert_t *torcert = NULL;
+
+  ed25519_cert_t *cert = ed25519_cert_new();
+  cert->cert_type = cert_type;
+  cert->exp_field = (uint32_t) CEIL_DIV(now + lifetime, 3600);
+  cert->cert_key_type = signed_key_type;
+  memcpy(cert->certified_key, signed_key_info, 32);
+
+  if (flags & CERT_FLAG_INCLUDE_SIGNING_KEY) {
+    ed25519_cert_extension_t *ext = ed25519_cert_extension_new();
+    ext->ext_type = CERTEXT_SIGNED_WITH_KEY;
+    memcpy(ext->un_signing_key, signing_key->pubkey.pubkey, 32);
+    ed25519_cert_add_ext(cert, ext);
+    ++cert->n_extensions;
+  }
+
+  const ssize_t alloc_len = ed25519_cert_encoded_len(cert);
+  tor_assert(alloc_len > 0);
+  uint8_t *encoded = tor_malloc(alloc_len);
+  const ssize_t real_len = ed25519_cert_encode(encoded, alloc_len, cert);
+  if (real_len < 0)
+    goto err;
+  tor_assert(real_len == alloc_len);
+  tor_assert(real_len > ED25519_SIG_LEN);
+  uint8_t *sig = encoded + (real_len - ED25519_SIG_LEN);
+  tor_assert(tor_mem_is_zero((char*)sig, ED25519_SIG_LEN));
+
+  ed25519_signature_t signature;
+  if (ed25519_sign(&signature, encoded,
+                   real_len-ED25519_SIG_LEN, signing_key)<0) {
+    log_warn(LD_BUG, "Can't sign certificate");
+    goto err;
+  }
+  memcpy(sig, signature.sig, ED25519_SIG_LEN);
+
+  torcert = tor_cert_parse(encoded, real_len);
+  if (! torcert) {
+    log_warn(LD_BUG, "Generated a certificate we cannot parse");
+    goto err;
+  }
+
+  if (tor_cert_checksig(torcert, &signing_key->pubkey, now) < 0) {
+    log_warn(LD_BUG, "Generated a certificate whose signature we can't check");
+    goto err;
+  }
+
+  tor_free(encoded);
+
+  goto done;
+
+ err:
+  tor_cert_free(torcert);
+  torcert = NULL;
+ done:
+  ed25519_cert_free(cert);
+  tor_free(encoded);
+  return torcert;
+}
+
+/**
+ * Create and return a new new certificate of type <b>cert_type</b> to
+ * authenticate <b>signed_key</b> using the key <b>signing_key</b>.  The
+ * certificate should remain valid for at least <b>lifetime</b> seconds after
+ * <b>now</b>.
+ *
+ * If CERT_FLAG_INCLUDE_SIGNING_KEY is set in <b>flags</b>, embed
+ * the public part of <b>signing_key</b> in the certificate.
+ */
+tor_cert_t *
+tor_cert_create(const ed25519_keypair_t *signing_key,
+                uint8_t cert_type,
+                const ed25519_public_key_t *signed_key,
+                time_t now, time_t lifetime,
+                uint32_t flags)
+{
+  return tor_cert_sign_impl(signing_key, cert_type,
+                            SIGNED_KEY_TYPE_ED25519, signed_key->pubkey,
+                            now, lifetime, flags);
+}
+
+/** Release all storage held for <b>cert</b>. */
+void
+tor_cert_free(tor_cert_t *cert)
+{
+  if (! cert)
+    return;
+
+  if (cert->encoded)
+    memwipe(cert->encoded, 0, cert->encoded_len);
+  tor_free(cert->encoded);
+
+  memwipe(cert, 0, sizeof(tor_cert_t));
+  tor_free(cert);
+}
+
+/** Parse a certificate encoded with <b>len</b> bytes in <b>encoded</b>. */
+tor_cert_t *
+tor_cert_parse(const uint8_t *encoded, const size_t len)
+{
+  tor_cert_t *cert = NULL;
+  ed25519_cert_t *parsed = NULL;
+  ssize_t got_len = ed25519_cert_parse(&parsed, encoded, len);
+  if (got_len < 0 || (size_t) got_len != len)
+    goto err;
+
+  cert = tor_malloc_zero(sizeof(tor_cert_t));
+  cert->encoded = tor_memdup(encoded, len);
+  cert->encoded_len = len;
+
+  memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
+  cert->valid_until = parsed->exp_field * 3600;
+  cert->cert_type = parsed->cert_type;
+
+  for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {
+    ed25519_cert_extension_t *ext = ed25519_cert_get_ext(parsed, i);
+    if (ext->ext_type == CERTEXT_SIGNED_WITH_KEY) {
+      if (cert->signing_key_included)
+        goto err;
+
+      cert->signing_key_included = 1;
+      memcpy(cert->signing_key.pubkey, ext->un_signing_key, 32);
+    } else if (ext->ext_flags & CERTEXT_FLAG_AFFECTS_VALIDATION) {
+      /* Unrecognized extension with affects_validation set */
+      goto err;
+    }
+  }
+
+  goto done;
+ err:
+  tor_cert_free(cert);
+  cert = NULL;
+ done:
+  ed25519_cert_free(parsed);
+  return cert;
+}
+
+/** Fill in <b>checkable_out</b> with the information needed to check
+ * the signature on <b>cert</b> with <b>pubkey</b>. */
+int
+tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
+                           const tor_cert_t *cert,
+                           const ed25519_public_key_t *pubkey)
+{
+  if (! pubkey) {
+    if (cert->signing_key_included)
+      pubkey = &cert->signing_key;
+    else
+      return -1;
+  }
+
+  checkable_out->msg = cert->encoded;
+  checkable_out->pubkey = pubkey;
+  tor_assert(cert->encoded_len > ED25519_SIG_LEN);
+  const size_t signed_len = cert->encoded_len - ED25519_SIG_LEN;
+  checkable_out->len = signed_len;
+  memcpy(checkable_out->signature.sig,
+         cert->encoded + signed_len, ED25519_SIG_LEN);
+
+  return 0;
+}
+
+/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to the
+ * current time <b>now</b>.  (If <b>now</b> is 0, do not check the expiration
+ * time.) Return 0 on success, -1 on failure.  Sets flags in <b>cert</b> as
+ * appropriate.
+ */
+int
+tor_cert_checksig(tor_cert_t *cert,
+                  const ed25519_public_key_t *pubkey, time_t now)
+{
+  ed25519_checkable_t checkable;
+  int okay;
+
+  if (now && now > cert->valid_until) {
+    cert->cert_expired = 1;
+    return -1;
+  }
+
+  if (tor_cert_get_checkable_sig(&checkable, cert, pubkey) < 0)
+    return -1;
+
+  if (ed25519_checksig_batch(&okay, &checkable, 1) < 0) {
+    cert->sig_bad = 1;
+    return -1;
+  } else {
+    cert->sig_ok = 1;
+    /* Only copy the checkable public key when it is different from the signing
+     * key of the certificate to avoid undefined behavior. */
+    if (cert->signing_key.pubkey != checkable.pubkey->pubkey) {
+      memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+    }
+    cert->cert_valid = 1;
+    return 0;
+  }
+}
+
+/** Return a new copy of <b>cert</b> */
+tor_cert_t *
+tor_cert_dup(const tor_cert_t *cert)
+{
+  tor_cert_t *newcert = tor_memdup(cert, sizeof(tor_cert_t));
+  if (cert->encoded)
+    newcert->encoded = tor_memdup(cert->encoded, cert->encoded_len);
+  return newcert;
+}
+
+/** Return true iff cert1 and cert2 are the same cert. */
+int
+tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
+{
+  tor_assert(cert1);
+  tor_assert(cert2);
+  return cert1->encoded_len == cert2->encoded_len &&
+    tor_memeq(cert1->encoded, cert2->encoded, cert1->encoded_len);
+}
+
+/** Return true iff cert1 and cert2 are the same cert, or if they are both
+ * NULL. */
+int
+tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
+{
+  if (cert1 == NULL && cert2 == NULL)
+    return 1;
+  if (!cert1 || !cert2)
+    return 0;
+  return tor_cert_eq(cert1, cert2);
+}
+
+/** Create new cross-certification object to certify <b>ed_key</b> as the
+ * master ed25519 identity key for the RSA identity key <b>rsa_key</b>.
+ * Allocates and stores the encoded certificate in *<b>cert</b>, and returns
+ * the number of bytes stored. Returns negative on error.*/
+ssize_t
+tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
+                               const crypto_pk_t *rsa_key,
+                               time_t expires,
+                               uint8_t **cert)
+{
+  uint8_t *res;
+
+  rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new();
+  memcpy(cc->ed_key, ed_key->pubkey, ED25519_PUBKEY_LEN);
+  cc->expiration = (uint32_t) CEIL_DIV(expires, 3600);
+  cc->sig_len = crypto_pk_keysize(rsa_key);
+  rsa_ed_crosscert_setlen_sig(cc, crypto_pk_keysize(rsa_key));
+
+  ssize_t alloc_sz = rsa_ed_crosscert_encoded_len(cc);
+  tor_assert(alloc_sz > 0);
+  res = tor_malloc_zero(alloc_sz);
+  ssize_t sz = rsa_ed_crosscert_encode(res, alloc_sz, cc);
+  tor_assert(sz > 0 && sz <= alloc_sz);
+
+  const int signed_part_len = 32 + 4;
+  int siglen = crypto_pk_private_sign(rsa_key,
+                                      (char*)rsa_ed_crosscert_getarray_sig(cc),
+                                      rsa_ed_crosscert_getlen_sig(cc),
+                                      (char*)res, signed_part_len);
+  tor_assert(siglen > 0 && siglen <= (int)crypto_pk_keysize(rsa_key));
+  tor_assert(siglen <= UINT8_MAX);
+  cc->sig_len = siglen;
+  rsa_ed_crosscert_setlen_sig(cc, siglen);
+
+  sz = rsa_ed_crosscert_encode(res, alloc_sz, cc);
+  rsa_ed_crosscert_free(cc);
+  *cert = res;
+  return sz;
+}
+
diff --git a/src/or/torcert.h b/src/or/torcert.h
new file mode 100644
index 0000000000..9c819c0abb
--- /dev/null
+++ b/src/or/torcert.h
@@ -0,0 +1,76 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TORCERT_H_INCLUDED
+#define TORCERT_H_INCLUDED
+
+#include "crypto_ed25519.h"
+
+#define SIGNED_KEY_TYPE_ED25519 0x01
+
+#define CERT_TYPE_ID_SIGNING    0x04
+#define CERT_TYPE_SIGNING_LINK  0x05
+#define CERT_TYPE_SIGNING_AUTH  0x06
+#define CERT_TYPE_ONION_ID      0x0A
+
+#define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
+
+/** An ed25519-signed certificate as used throughout the Tor protocol.
+ **/
+typedef struct tor_cert_st {
+  /** The key authenticated by this certificate */
+  ed25519_public_key_t signed_key;
+  /** The key that signed this certificate. This value may be unset if the
+   * certificate has never been checked, and didn't include its own key. */
+  ed25519_public_key_t signing_key;
+  /** A time after which this certificate will no longer be valid. */
+  time_t valid_until;
+
+  /** The encoded representation of this certificate */
+  uint8_t *encoded;
+  /** The length of <b>encoded</b> */
+  size_t encoded_len;
+
+  /** One of CERT_TYPE_... */
+  uint8_t cert_type;
+  /** True iff we received a signing key embedded in this certificate */
+  unsigned signing_key_included : 1;
+  /** True iff we checked the signature and found it bad */
+  unsigned sig_bad : 1;
+  /** True iff we checked the signature and found it correct */
+  unsigned sig_ok : 1;
+  /** True iff we checked the signature and first found that the cert
+   * had expired */
+  unsigned cert_expired : 1;
+  /** True iff we checked the signature and found the whole cert valid */
+  unsigned cert_valid : 1;
+} tor_cert_t;
+
+tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
+                            uint8_t cert_type,
+                            const ed25519_public_key_t *signed_key,
+                            time_t now, time_t lifetime,
+                            uint32_t flags);
+
+tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);
+
+void tor_cert_free(tor_cert_t *cert);
+
+int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
+                                 const tor_cert_t *out,
+                                 const ed25519_public_key_t *pubkey);
+
+int tor_cert_checksig(tor_cert_t *cert,
+                      const ed25519_public_key_t *pubkey, time_t now);
+
+tor_cert_t *tor_cert_dup(const tor_cert_t *cert);
+int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
+int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
+
+ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
+                                       const crypto_pk_t *rsa_key,
+                                       time_t expires,
+                                       uint8_t **cert);
+
+#endif
+
diff --git a/src/or/transports.c b/src/or/transports.c
index dc30754162..1b8b1e678c 100644
--- a/src/or/transports.c
+++ b/src/or/transports.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2013, The Tor Project, Inc. */
+/* Copyright (c) 2011-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -105,15 +105,13 @@
 static process_environment_t *
 create_managed_proxy_environment(const managed_proxy_t *mp);
 
-static INLINE int proxy_configuration_finished(const managed_proxy_t *mp);
+static inline int proxy_configuration_finished(const managed_proxy_t *mp);
 
 static void handle_finished_proxy(managed_proxy_t *mp);
 static void parse_method_error(const char *line, int is_server_method);
 #define parse_server_method_error(l) parse_method_error(l, 1)
 #define parse_client_method_error(l) parse_method_error(l, 0)
 
-static INLINE void free_execve_args(char **arg);
-
 /** Managed proxy protocol strings */
 #define PROTO_ENV_ERROR "ENV-ERROR"
 #define PROTO_NEG_SUCCESS "VERSION"
@@ -124,6 +122,8 @@ static INLINE void free_execve_args(char **arg);
 #define PROTO_SMETHOD_ERROR "SMETHOD-ERROR"
 #define PROTO_CMETHODS_DONE "CMETHODS DONE"
 #define PROTO_SMETHODS_DONE "SMETHODS DONE"
+#define PROTO_PROXY_DONE "PROXY DONE"
+#define PROTO_PROXY_ERROR "PROXY-ERROR"
 
 /** The first and only supported - at the moment - configuration
     protocol version. */
@@ -324,9 +324,9 @@ transport_add(transport_t *t)
 /** Remember a new pluggable transport proxy at <b>addr</b>:<b>port</b>.
  *  <b>name</b> is set to the name of the protocol this proxy uses.
  *  <b>socks_ver</b> is set to the SOCKS version of the proxy. */
-int
-transport_add_from_config(const tor_addr_t *addr, uint16_t port,
-                          const char *name, int socks_ver)
+MOCK_IMPL(int,
+transport_add_from_config, (const tor_addr_t *addr, uint16_t port,
+                            const char *name, int socks_ver))
 {
   transport_t *t = transport_new(addr, port, name, socks_ver, NULL);
 
@@ -439,6 +439,17 @@ add_transport_to_proxy(const char *transport, managed_proxy_t *mp)
 static int
 proxy_needs_restart(const managed_proxy_t *mp)
 {
+  int ret = 1;
+  char* proxy_uri;
+
+  /* If the PT proxy config has changed, then all existing pluggable transports
+   * should be restarted.
+   */
+
+  proxy_uri = get_pt_proxy_uri();
+  if (strcmp_opt(proxy_uri, mp->proxy_uri) != 0)
+    goto needs_restart;
+
   /* mp->transport_to_launch is populated with the names of the
      transports that must be launched *after* the SIGHUP.
      mp->transports is populated with the transports that were
@@ -459,10 +470,10 @@ proxy_needs_restart(const managed_proxy_t *mp)
 
   } SMARTLIST_FOREACH_END(t);
 
-  return 0;
-
+  ret = 0;
  needs_restart:
-  return 1;
+  tor_free(proxy_uri);
+  return ret;
 }
 
 /** Managed proxy <b>mp</b> must be restarted. Do all the necessary
@@ -493,6 +504,11 @@ proxy_prepare_for_restart(managed_proxy_t *mp)
   SMARTLIST_FOREACH(mp->transports, transport_t *, t, transport_free(t));
   smartlist_clear(mp->transports);
 
+  /* Reset the proxy's HTTPS/SOCKS proxy */
+  tor_free(mp->proxy_uri);
+  mp->proxy_uri = get_pt_proxy_uri();
+  mp->proxy_supported = 0;
+
   /* flag it as an infant proxy so that it gets launched on next tick */
   mp->conf_state = PT_PROTO_INFANT;
   unconfigured_proxies_n++;
@@ -697,7 +713,7 @@ register_client_proxy(const managed_proxy_t *mp)
 }
 
 /** Register the transports of managed proxy <b>mp</b>. */
-static INLINE void
+static inline void
 register_proxy(const managed_proxy_t *mp)
 {
   if (mp->is_server)
@@ -727,12 +743,54 @@ managed_proxy_destroy(managed_proxy_t *mp,
   /* free the argv */
   free_execve_args(mp->argv);
 
+  /* free the outgoing proxy URI */
+  tor_free(mp->proxy_uri);
+
   tor_process_handle_destroy(mp->process_handle, also_terminate_process);
   mp->process_handle = NULL;
 
   tor_free(mp);
 }
 
+/** Convert the tor proxy options to a URI suitable for TOR_PT_PROXY.
+ * Return a newly allocated string containing the URI, or NULL if no
+ * proxy is set. */
+STATIC char *
+get_pt_proxy_uri(void)
+{
+  const or_options_t *options = get_options();
+  char *uri = NULL;
+
+  if (options->Socks4Proxy || options->Socks5Proxy || options->HTTPSProxy) {
+    char addr[TOR_ADDR_BUF_LEN+1];
+
+    if (options->Socks4Proxy) {
+      tor_addr_to_str(addr, &options->Socks4ProxyAddr, sizeof(addr), 1);
+      tor_asprintf(&uri, "socks4a://%s:%d", addr, options->Socks4ProxyPort);
+    } else if (options->Socks5Proxy) {
+      tor_addr_to_str(addr, &options->Socks5ProxyAddr, sizeof(addr), 1);
+      if (!options->Socks5ProxyUsername && !options->Socks5ProxyPassword) {
+        tor_asprintf(&uri, "socks5://%s:%d", addr, options->Socks5ProxyPort);
+      } else {
+        tor_asprintf(&uri, "socks5://%s:%s@%s:%d",
+                     options->Socks5ProxyUsername,
+                     options->Socks5ProxyPassword,
+                     addr, options->Socks5ProxyPort);
+      }
+    } else if (options->HTTPSProxy) {
+      tor_addr_to_str(addr, &options->HTTPSProxyAddr, sizeof(addr), 1);
+      if (!options->HTTPSProxyAuthenticator) {
+        tor_asprintf(&uri, "http://%s:%d", addr, options->HTTPSProxyPort);
+      } else {
+        tor_asprintf(&uri, "http://%s@%s:%d", options->HTTPSProxyAuthenticator,
+                     addr, options->HTTPSProxyPort);
+      }
+    }
+  }
+
+  return uri;
+}
+
 /** Handle a configured or broken managed proxy <b>mp</b>. */
 static void
 handle_finished_proxy(managed_proxy_t *mp)
@@ -745,6 +803,13 @@ handle_finished_proxy(managed_proxy_t *mp)
     managed_proxy_destroy(mp, 0); /* destroy it but don't terminate */
     break;
   case PT_PROTO_CONFIGURED: /* if configured correctly: */
+    if (mp->proxy_uri && !mp->proxy_supported) {
+      log_warn(LD_CONFIG, "Managed proxy '%s' did not configure the "
+               "specified outgoing proxy and will be terminated.",
+               mp->argv[0]);
+      managed_proxy_destroy(mp, 1); /* annihilate it. */
+      break;
+    }
     register_proxy(mp); /* register its transports */
     mp->conf_state = PT_PROTO_COMPLETED; /* and mark it as completed. */
     break;
@@ -763,7 +828,7 @@ handle_finished_proxy(managed_proxy_t *mp)
 
 /** Return true if the configuration of the managed proxy <b>mp</b> is
     finished. */
-static INLINE int
+static inline int
 proxy_configuration_finished(const managed_proxy_t *mp)
 {
   return (mp->conf_state == PT_PROTO_CONFIGURED ||
@@ -862,6 +927,22 @@ handle_proxy_line(const char *line, managed_proxy_t *mp)
       goto err;
 
     return;
+  } else if (!strcmpstart(line, PROTO_PROXY_DONE)) {
+    if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS)
+      goto err;
+
+    if (mp->proxy_uri) {
+      mp->proxy_supported = 1;
+      return;
+    }
+
+    /* No proxy was configured, this should log */
+  } else if (!strcmpstart(line, PROTO_PROXY_ERROR)) {
+    if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS)
+      goto err;
+
+    parse_proxy_error(line);
+    goto err;
   } else if (!strcmpstart(line, SPAWN_ERROR_MESSAGE)) {
     /* managed proxy launch failed: parse error message to learn why. */
     int retval, child_state, saved_errno;
@@ -1019,7 +1100,7 @@ parse_smethod_line(const char *line, managed_proxy_t *mp)
 
   smartlist_add(mp->transports, transport);
 
-  /* For now, notify the user so that he knows where the server
+  /* For now, notify the user so that they know where the server
      transport is listening. */
   log_info(LD_CONFIG, "Server transport %s at %s:%d.",
            method_name, address, (int)port);
@@ -1128,6 +1209,21 @@ parse_cmethod_line(const char *line, managed_proxy_t *mp)
   return r;
 }
 
+/** Parses an PROXY-ERROR <b>line</b> and warns the user accordingly. */
+STATIC void
+parse_proxy_error(const char *line)
+{
+  /* (Length of the protocol string) plus (a space) and (the first char of
+     the error message) */
+  if (strlen(line) < (strlen(PROTO_PROXY_ERROR) + 2))
+    log_notice(LD_CONFIG, "Managed proxy sent us an %s without an error "
+               "message.", PROTO_PROXY_ERROR);
+
+  log_warn(LD_CONFIG, "Managed proxy failed to configure the "
+           "pluggable transport's outgoing proxy. (%s)",
+           line+strlen(PROTO_PROXY_ERROR)+1);
+}
+
 /** Return a newly allocated string that tor should place in
  * TOR_PT_SERVER_TRANSPORT_OPTIONS while configuring the server
  * manged proxy in <b>mp</b>. Return NULL if no such options are found. */
@@ -1292,6 +1388,19 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
     } else {
       smartlist_add_asprintf(envs, "TOR_PT_EXTENDED_SERVER_PORT=");
     }
+
+    /* All new versions of tor will keep stdin open, so PTs can use it
+     * as a reliable termination detection mechanism.
+     */
+    smartlist_add_asprintf(envs, "TOR_PT_EXIT_ON_STDIN_CLOSE=1");
+  } else {
+    /* If ClientTransportPlugin has a HTTPS/SOCKS proxy configured, set the
+     * TOR_PT_PROXY line.
+     */
+
+    if (mp->proxy_uri) {
+      smartlist_add_asprintf(envs, "TOR_PT_PROXY=%s", mp->proxy_uri);
+    }
   }
 
   SMARTLIST_FOREACH_BEGIN(envs, const char *, env_var) {
@@ -1324,6 +1433,7 @@ managed_proxy_create(const smartlist_t *transport_list,
   mp->is_server = is_server;
   mp->argv = proxy_argv;
   mp->transports = smartlist_new();
+  mp->proxy_uri = get_pt_proxy_uri();
 
   mp->transports_to_launch = smartlist_new();
   SMARTLIST_FOREACH(transport_list, const char *, transport,
@@ -1349,9 +1459,9 @@ managed_proxy_create(const smartlist_t *transport_list,
  * Requires that proxy_argv be a NULL-terminated array of command-line
  * elements, containing at least one element.
  **/
-void
-pt_kickstart_proxy(const smartlist_t *transport_list,
-                   char **proxy_argv, int is_server)
+MOCK_IMPL(void,
+pt_kickstart_proxy, (const smartlist_t *transport_list,
+                     char **proxy_argv, int is_server))
 {
   managed_proxy_t *mp=NULL;
   transport_t *old_transport = NULL;
@@ -1395,7 +1505,7 @@ pt_kickstart_proxy(const smartlist_t *transport_list,
 
 /** Frees the array of pointers in <b>arg</b> used as arguments to
     execve(2). */
-static INLINE void
+STATIC void
 free_execve_args(char **arg)
 {
   char **tmp = arg;
diff --git a/src/or/transports.h b/src/or/transports.h
index 1365ead006..7de90dcbec 100644
--- a/src/or/transports.h
+++ b/src/or/transports.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -32,14 +32,16 @@ typedef struct transport_t {
 
 void mark_transport_list(void);
 void sweep_transport_list(void);
-int transport_add_from_config(const tor_addr_t *addr, uint16_t port,
-                               const char *name, int socks_ver);
+MOCK_DECL(int, transport_add_from_config,
+          (const tor_addr_t *addr, uint16_t port,
+           const char *name, int socks_ver));
 void transport_free(transport_t *transport);
 
 transport_t *transport_get_by_name(const char *name);
 
-void pt_kickstart_proxy(const smartlist_t *transport_list, char **proxy_argv,
-                        int is_server);
+MOCK_DECL(void, pt_kickstart_proxy,
+          (const smartlist_t *transport_list, char **proxy_argv,
+           int is_server));
 
 #define pt_kickstart_client_proxy(tl, pa)  \
   pt_kickstart_proxy(tl, pa, 0)
@@ -81,6 +83,9 @@ typedef struct {
   char **argv; /* the cli arguments of this proxy */
   int conf_protocol; /* the configuration protocol version used */
 
+  char *proxy_uri;  /* the outgoing proxy in TOR_PT_PROXY URI format */
+  unsigned int proxy_supported : 1; /* the proxy honors TOR_PT_PROXY */
+
   int is_server; /* is it a server proxy? */
 
   /* A pointer to the process handle of this managed proxy. */
@@ -112,6 +117,7 @@ STATIC int parse_smethod_line(const char *line, managed_proxy_t *mp);
 
 STATIC int parse_version(const char *line, managed_proxy_t *mp);
 STATIC void parse_env_error(const char *line);
+STATIC void parse_proxy_error(const char *line);
 STATIC void handle_proxy_line(const char *line, managed_proxy_t *mp);
 STATIC char *get_transport_options_for_server_proxy(const managed_proxy_t *mp);
 
@@ -123,6 +129,10 @@ STATIC managed_proxy_t *managed_proxy_create(const smartlist_t *transport_list,
 
 STATIC int configure_proxy(managed_proxy_t *mp);
 
+STATIC char* get_pt_proxy_uri(void);
+
+STATIC void free_execve_args(char **arg);
+
 #endif
 
 #endif
diff --git a/src/test/Makefile.nmake b/src/test/Makefile.nmake
index 822431f3b8..0ba56d7036 100644
--- a/src/test/Makefile.nmake
+++ b/src/test/Makefile.nmake
@@ -11,11 +11,13 @@ LIBS = ..\..\..\build-alpha\lib\libevent.lib \
  ws2_32.lib advapi32.lib shell32.lib \
  crypt32.lib gdi32.lib user32.lib
 
-TEST_OBJECTS = test.obj test_addr.obj test_containers.obj \
-	test_controller_events.ogj test_crypto.obj test_data.obj test_dir.obj \
-	test_microdesc.obj test_pt.obj test_util.obj test_config.obj \
-	test_cell_formats.obj test_replay.obj test_introduce.obj tinytest.obj \
-	test_hs.obj
+TEST_OBJECTS = test.obj test_addr.obj test_channel.obj test_channeltls.obj \
+        test_containers.obj \
+	test_controller_events.obj test_crypto.obj test_data.obj test_dir.obj \
+	test_checkdir.obj test_microdesc.obj test_pt.obj test_util.obj \
+        test_config.obj test_connection.obj \
+	test_cell_formats.obj test_relay.obj test_replay.obj \
+	test_scheduler.obj test_introduce.obj test_hs.obj tinytest.obj
 
 tinytest.obj: ..\ext\tinytest.c
 	$(CC) $(CFLAGS) /D snprintf=_snprintf /c ..\ext\tinytest.c
diff --git a/src/test/bench.c b/src/test/bench.c
index f6c33626f2..5aefda5ff2 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Ordinarily defined in tor_main.c; this bit is just here to provide one
@@ -19,17 +19,14 @@ const char tor_git_revision[] = "";
 #include "relay.h"
 #include <openssl/opensslv.h>
 #include <openssl/evp.h>
-#ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
 #include <openssl/ecdh.h>
 #include <openssl/obj_mac.h>
-#endif
 
 #include "config.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
-#endif
+#include "crypto_ed25519.h"
 
 #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
 static uint64_t nanostart;
@@ -79,6 +76,9 @@ perftime(void)
 #define NANOCOUNT(start,end,iters) \
   ( ((double)((end)-(start))) / (iters) )
 
+#define MICROCOUNT(start,end,iters) \
+  ( NANOCOUNT((start), (end), (iters)) / 1000.0 )
+
 /** Run AES performance benchmarks. */
 static void
 bench_aes(void)
@@ -162,7 +162,8 @@ bench_onion_TAP(void)
     char key_out[CPATH_KEY_MATERIAL_LEN];
     int s;
     dh = crypto_dh_dup(dh_out);
-    s = onion_skin_TAP_client_handshake(dh, or, key_out, sizeof(key_out));
+    s = onion_skin_TAP_client_handshake(dh, or, key_out, sizeof(key_out),
+                                        NULL);
     crypto_dh_free(dh);
     tor_assert(s == 0);
   }
@@ -175,9 +176,8 @@ bench_onion_TAP(void)
   crypto_pk_free(key2);
 }
 
-#ifdef CURVE25519_ENABLED
 static void
-bench_onion_ntor(void)
+bench_onion_ntor_impl(void)
 {
   const int iters = 1<<10;
   int i;
@@ -222,7 +222,8 @@ bench_onion_ntor(void)
   for (i = 0; i < iters; ++i) {
     uint8_t key_out[CPATH_KEY_MATERIAL_LEN];
     int s;
-    s = onion_skin_ntor_client_handshake(state, or, key_out, sizeof(key_out));
+    s = onion_skin_ntor_client_handshake(state, or, key_out, sizeof(key_out),
+                                         NULL);
     tor_assert(s == 0);
   }
   end = perftime();
@@ -232,7 +233,89 @@ bench_onion_ntor(void)
   ntor_handshake_state_free(state);
   dimap_free(keymap, NULL);
 }
-#endif
+
+static void
+bench_onion_ntor(void)
+{
+  int ed;
+
+  for (ed = 0; ed <= 1; ++ed) {
+    printf("Ed25519-based basepoint multiply = %s.\n",
+           (ed == 0) ? "disabled" : "enabled");
+    curve25519_set_impl_params(ed);
+    bench_onion_ntor_impl();
+  }
+}
+
+static void
+bench_ed25519_impl(void)
+{
+  uint64_t start, end;
+  const int iters = 1<<12;
+  int i;
+  const uint8_t msg[] = "but leaving, could not tell what they had heard";
+  ed25519_signature_t sig;
+  ed25519_keypair_t kp;
+  curve25519_keypair_t curve_kp;
+  ed25519_public_key_t pubkey_tmp;
+
+  ed25519_secret_key_generate(&kp.seckey, 0);
+  start = perftime();
+  for (i = 0; i < iters; ++i) {
+    ed25519_public_key_generate(&kp.pubkey, &kp.seckey);
+  }
+  end = perftime();
+  printf("Generate public key: %.2f usec\n",
+         MICROCOUNT(start, end, iters));
+
+  start = perftime();
+  for (i = 0; i < iters; ++i) {
+    ed25519_sign(&sig, msg, sizeof(msg), &kp);
+  }
+  end = perftime();
+  printf("Sign a short message: %.2f usec\n",
+         MICROCOUNT(start, end, iters));
+
+  start = perftime();
+  for (i = 0; i < iters; ++i) {
+    ed25519_checksig(&sig, msg, sizeof(msg), &kp.pubkey);
+  }
+  end = perftime();
+  printf("Verify signature: %.2f usec\n",
+         MICROCOUNT(start, end, iters));
+
+  curve25519_keypair_generate(&curve_kp, 0);
+  start = perftime();
+  for (i = 0; i < iters; ++i) {
+    ed25519_public_key_from_curve25519_public_key(&pubkey_tmp,
+                                                  &curve_kp.pubkey, 1);
+  }
+  end = perftime();
+  printf("Convert public point from curve25519: %.2f usec\n",
+         MICROCOUNT(start, end, iters));
+
+  curve25519_keypair_generate(&curve_kp, 0);
+  start = perftime();
+  for (i = 0; i < iters; ++i) {
+    ed25519_public_blind(&pubkey_tmp, &kp.pubkey, msg);
+  }
+  end = perftime();
+  printf("Blind a public key: %.2f usec\n",
+         MICROCOUNT(start, end, iters));
+}
+
+static void
+bench_ed25519(void)
+{
+  int donna;
+
+  for (donna = 0; donna <= 1; ++donna) {
+    printf("Ed25519-donna = %s.\n",
+           (donna == 0) ? "disabled" : "enabled");
+    ed25519_set_impl_params(donna);
+    bench_ed25519_impl();
+  }
+}
 
 static void
 bench_cell_aes(void)
@@ -360,6 +443,45 @@ bench_siphash(void)
 }
 
 static void
+bench_digest(void)
+{
+  char buf[8192];
+  char out[DIGEST512_LEN];
+  const int lens[] = { 1, 16, 32, 64, 128, 512, 1024, 2048, -1 };
+  const int N = 300000;
+  uint64_t start, end;
+  crypto_rand(buf, sizeof(buf));
+
+  for (int alg = 0; alg < N_DIGEST_ALGORITHMS; alg++) {
+    for (int i = 0; lens[i] > 0; ++i) {
+      reset_perftime();
+      start = perftime();
+      for (int j = 0; j < N; ++j) {
+        switch (alg) {
+          case DIGEST_SHA1:
+            crypto_digest(out, buf, lens[i]);
+            break;
+          case DIGEST_SHA256:
+          case DIGEST_SHA3_256:
+            crypto_digest256(out, buf, lens[i], alg);
+            break;
+          case DIGEST_SHA512:
+          case DIGEST_SHA3_512:
+            crypto_digest512(out, buf, lens[i], alg);
+            break;
+          default:
+            tor_assert(0);
+        }
+      }
+      end = perftime();
+      printf("%s(%d): %.2f ns per call\n",
+             crypto_digest_algorithm_get_name(alg),
+             lens[i], NANOCOUNT(start,end,N));
+    }
+  }
+}
+
+static void
 bench_cell_ops(void)
 {
   const int iters = 1<<16;
@@ -443,9 +565,6 @@ bench_dh(void)
          "      %f millisec each.\n", NANOCOUNT(start, end, iters)/1e6);
 }
 
-#if (!defined(OPENSSL_NO_EC)                    \
-     && OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0))
-#define HAVE_EC_BENCHMARKS
 static void
 bench_ecdh_impl(int nid, const char *name)
 {
@@ -495,7 +614,6 @@ bench_ecdh_p224(void)
 {
   bench_ecdh_impl(NID_secp224r1, "P-224");
 }
-#endif
 
 typedef void (*bench_fn)(void);
 
@@ -510,18 +628,17 @@ typedef struct benchmark_t {
 static struct benchmark_t benchmarks[] = {
   ENT(dmap),
   ENT(siphash),
+  ENT(digest),
   ENT(aes),
   ENT(onion_TAP),
-#ifdef CURVE25519_ENABLED
   ENT(onion_ntor),
-#endif
+  ENT(ed25519),
+
   ENT(cell_aes),
   ENT(cell_ops),
   ENT(dh),
-#ifdef HAVE_EC_BENCHMARKS
   ENT(ecdh_p256),
   ENT(ecdh_p224),
-#endif
   {NULL,NULL,0}
 };
 
@@ -566,10 +683,13 @@ main(int argc, const char **argv)
 
   reset_perftime();
 
-  crypto_seed_rng(1);
+  if (crypto_seed_rng() < 0) {
+    printf("Couldn't seed RNG; exiting.\n");
+    return 1;
+  }
   crypto_init_siphash_key();
   options = options_new();
-  init_logging();
+  init_logging(1);
   options->command = CMD_RUN_UNITTESTS;
   options->DataDirectory = tor_strdup("");
   options_init(options);
diff --git a/src/test/bt_test.py b/src/test/bt_test.py
index 8290509fa7..30591453b9 100755
--- a/src/test/bt_test.py
+++ b/src/test/bt_test.py
@@ -1,4 +1,4 @@
-# Copyright 2013, The Tor Project, Inc
+# Copyright 2013-2015, The Tor Project, Inc
 # See LICENSE for licensing information
 
 """
@@ -15,6 +15,7 @@ OK
 
 """
 
+from __future__ import print_function
 import sys
 
 
@@ -36,7 +37,17 @@ LINES = sys.stdin.readlines()
 for I in range(len(LINES)):
     if matches(LINES[I:], FUNCNAMES):
         print("OK")
-        break
-else:
-    print("BAD")
+        sys.exit(0)
 
+print("BAD")
+
+for l in LINES:
+    print("{}".format(l), end="")
+
+if sys.platform.startswith('freebsd'):
+    # See bug #17808 if you know how to fix this.
+    print("Test failed; but FreeBSD is known to have backtrace problems.\n"
+          "Treating as 'SKIP'.")
+    sys.exit(77)
+
+sys.exit(1)
diff --git a/src/test/ed25519_exts_ref.py b/src/test/ed25519_exts_ref.py
new file mode 100644
index 0000000000..d5a3a79910
--- /dev/null
+++ b/src/test/ed25519_exts_ref.py
@@ -0,0 +1,234 @@
+#!/usr/bin/python
+# Copyright 2014-2015, The Tor Project, Inc
+# See LICENSE for licensing information
+
+"""
+   Reference implementations for the ed25519 tweaks that Tor uses.
+
+   Includes self-tester and test vector generator.
+"""
+
+import slow_ed25519
+from slow_ed25519 import *
+
+import os
+import random
+import slownacl_curve25519
+import unittest
+import binascii
+import textwrap
+
+#define a synonym that doesn't look like 1
+ell = l
+
+# This replaces expmod above and makes it go a lot faster.
+slow_ed25519.expmod = pow
+
+def curve25519ToEd25519(c, sign):
+    u = decodeint(c)
+    y = ((u - 1) * inv(u + 1)) % q
+    x = xrecover(y)
+    if x & 1 != sign: x = q-x
+    return encodepoint([x,y])
+
+def blindESK(esk, param):
+    h = H("Derive temporary signing key" + param)
+    mult = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2))
+    s = decodeint(esk[:32])
+    s_prime = (s * mult) % ell
+    k = esk[32:]
+    assert(len(k) == 32)
+    k_prime = H("Derive temporary signing key hash input" + k)[:32]
+    return encodeint(s_prime) + k_prime
+
+def blindPK(pk, param):
+    h = H("Derive temporary signing key" + param)
+    mult = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2))
+    P = decodepoint(pk)
+    return encodepoint(scalarmult(P, mult))
+
+def expandSK(sk):
+    h = H(sk)
+    a = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2))
+    k = ''.join([h[i] for i in range(b/8,b/4)])
+    assert len(k) == 32
+    return encodeint(a)+k
+
+def publickeyFromESK(h):
+    a = decodeint(h[:32])
+    A = scalarmult(B,a)
+    return encodepoint(A)
+
+def signatureWithESK(m,h,pk):
+    a = decodeint(h[:32])
+    r = Hint(''.join([h[i] for i in range(b/8,b/4)]) + m)
+    R = scalarmult(B,r)
+    S = (r + Hint(encodepoint(R) + pk + m) * a) % l
+    return encodepoint(R) + encodeint(S)
+
+def newSK():
+    return os.urandom(32)
+
+# ------------------------------------------------------------
+
+MSG = "This is extremely silly. But it is also incredibly serious business!"
+
+class SelfTest(unittest.TestCase):
+
+    def _testSignatures(self, esk, pk):
+        sig = signatureWithESK(MSG, esk, pk)
+        checkvalid(sig, MSG, pk)
+        bad = False
+        try:
+            checkvalid(sig, MSG*2, pk)
+            bad = True
+        except Exception:
+            pass
+
+        self.failIf(bad)
+
+    def testExpand(self):
+        sk = newSK()
+        pk = publickey(sk)
+        esk = expandSK(sk)
+        sig1 = signature(MSG, sk, pk)
+        sig2 = signatureWithESK(MSG, esk, pk)
+        self.assertEquals(sig1, sig2)
+
+    def testSignatures(self):
+        sk = newSK()
+        esk = expandSK(sk)
+        pk = publickeyFromESK(esk)
+        pk2 = publickey(sk)
+        self.assertEquals(pk, pk2)
+
+        self._testSignatures(esk, pk)
+
+    def testDerivation(self):
+        priv = slownacl_curve25519.Private()
+        pub = priv.get_public()
+
+        ed_pub0 = publickeyFromESK(priv.private)
+        sign = (ord(ed_pub0[31]) & 255) >> 7
+        ed_pub1 = curve25519ToEd25519(pub.public, sign)
+
+        self.assertEquals(ed_pub0, ed_pub1)
+
+    def testBlinding(self):
+        sk = newSK()
+        esk = expandSK(sk)
+        pk = publickeyFromESK(esk)
+        param = os.urandom(32)
+        besk = blindESK(esk, param)
+        bpk = blindPK(pk, param)
+        bpk2 = publickeyFromESK(besk)
+        self.assertEquals(bpk, bpk2)
+
+        self._testSignatures(besk, bpk)
+
+# ------------------------------------------------------------
+
+# From pprint.pprint([ binascii.b2a_hex(os.urandom(32)) for _ in xrange(8) ])
+RAND_INPUTS = [
+  '26c76712d89d906e6672dafa614c42e5cb1caac8c6568e4d2493087db51f0d36',
+  'fba7a5366b5cb98c2667a18783f5cf8f4f8d1a2ce939ad22a6e685edde85128d',
+  '67e3aa7a14fac8445d15e45e38a523481a69ae35513c9e4143eb1c2196729a0e',
+  'd51385942033a76dc17f089a59e6a5a7fe80d9c526ae8ddd8c3a506b99d3d0a6',
+  '5c8eac469bb3f1b85bc7cd893f52dc42a9ab66f1b02b5ce6a68e9b175d3bb433',
+  'eda433d483059b6d1ff8b7cfbd0fe406bfb23722c8f3c8252629284573b61b86',
+  '4377c40431c30883c5fbd9bc92ae48d1ed8a47b81d13806beac5351739b5533d',
+  'c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b']
+
+# From pprint.pprint([ binascii.b2a_hex(os.urandom(32)) for _ in xrange(8) ])
+BLINDING_PARAMS = [
+  '54a513898b471d1d448a2f3c55c1de2c0ef718c447b04497eeb999ed32027823',
+  '831e9b5325b5d31b7ae6197e9c7a7baf2ec361e08248bce055908971047a2347',
+  'ac78a1d46faf3bfbbdc5af5f053dc6dc9023ed78236bec1760dadfd0b2603760',
+  'f9c84dc0ac31571507993df94da1b3d28684a12ad14e67d0a068aba5c53019fc',
+  'b1fe79d1dec9bc108df69f6612c72812755751f21ecc5af99663b30be8b9081f',
+  '81f1512b63ab5fb5c1711a4ec83d379c420574aedffa8c3368e1c3989a3a0084',
+  '97f45142597c473a4b0e9a12d64561133ad9e1155fe5a9807fe6af8a93557818',
+  '3f44f6a5a92cde816635dfc12ade70539871078d2ff097278be2a555c9859cd0']
+
+PREFIX = "ED25519_"
+
+def writeArray(name, array):
+    print "static const char *{prefix}{name}[] = {{".format(
+        prefix=PREFIX,name=name)
+    for a in array:
+        h = binascii.b2a_hex(a)
+        if len(h) > 70:
+            h1 = h[:70]
+            h2 = h[70:]
+            print '  "{0}"\n      "{1}",'.format(h1,h2)
+        else:
+            print '  "{0}",'.format(h)
+    print "};\n"
+
+def comment(text, initial="/**"):
+    print initial
+    print textwrap.fill(text,initial_indent=" * ",subsequent_indent=" * ")
+    print " */"
+
+def makeTestVectors():
+    comment("""Test vectors for our ed25519 implementation and related
+               functions. These were automatically generated by the
+               ed25519_exts_ref.py script.""", initial="/*")
+
+
+    comment("""Secret key seeds used as inputs for the ed25519 test vectors.
+               Randomly generated. """)
+    secretKeys = [ binascii.a2b_hex(r) for r in RAND_INPUTS ]
+    writeArray("SECRET_KEYS", secretKeys)
+
+    comment("""Secret ed25519 keys after expansion from seeds. This is how Tor
+               represents them internally.""")
+    expandedSecretKeys = [ expandSK(sk) for sk in secretKeys ]
+    writeArray("EXPANDED_SECRET_KEYS", expandedSecretKeys)
+
+    comment("""Public keys derived from the above secret keys""")
+    publicKeys = [ publickey(sk) for sk in secretKeys ]
+    writeArray("PUBLIC_KEYS", publicKeys)
+
+    comment("""The curve25519 public keys from which the ed25519 keys can be
+               derived.  Used to test our 'derive ed25519 from curve25519'
+               code.""")
+    writeArray("CURVE25519_PUBLIC_KEYS",
+               (slownacl_curve25519.smult_curve25519_base(sk[:32])
+                   for sk in expandedSecretKeys))
+
+    comment("""Parameters used for key blinding tests. Randomly generated.""")
+    blindingParams =  [ binascii.a2b_hex(r) for r in BLINDING_PARAMS ]
+    writeArray("BLINDING_PARAMS", blindingParams)
+
+    comment("""Blinded secret keys for testing key blinding.  The nth blinded
+               key corresponds to the nth secret key blidned with the nth
+               blinding parameter.""")
+    writeArray("BLINDED_SECRET_KEYS",
+               (blindESK(expandSK(sk), bp)
+                for sk,bp in zip(secretKeys,blindingParams)))
+
+    comment("""Blinded public keys for testing key blinding.  The nth blinded
+               key corresponds to the nth public key blidned with the nth
+               blinding parameter.""")
+    writeArray("BLINDED_PUBLIC_KEYS",
+               (blindPK(pk, bp) for pk,bp in zip(publicKeys,blindingParams)))
+
+    comment("""Signatures of the public keys, made with their corresponding
+               secret keys.""")
+    writeArray("SELF_SIGNATURES",
+               (signature(pk, sk, pk) for pk,sk in zip(publicKeys,secretKeys)))
+
+
+
+if __name__ == '__main__':
+    import sys
+    if len(sys.argv) == 1 or sys.argv[1] not in ("SelfTest", "MakeVectors"):
+        print "You should specify one of 'SelfTest' or 'MakeVectors'"
+        sys.exit(1)
+    if sys.argv[1] == 'SelfTest':
+        unittest.main()
+    else:
+        makeTestVectors()
+
+
diff --git a/src/test/ed25519_vectors.inc b/src/test/ed25519_vectors.inc
new file mode 100644
index 0000000000..760bafb971
--- /dev/null
+++ b/src/test/ed25519_vectors.inc
@@ -0,0 +1,150 @@
+/*
+ * Test vectors for our ed25519 implementation and related
+ * functions. These were automatically generated by the
+ * ed25519_exts_ref.py script.
+ */
+/**
+ * Secret key seeds used as inputs for the ed25519 test vectors.
+ * Randomly generated.
+ */
+static const char *ED25519_SECRET_KEYS[] = {
+  "26c76712d89d906e6672dafa614c42e5cb1caac8c6568e4d2493087db51f0d36",
+  "fba7a5366b5cb98c2667a18783f5cf8f4f8d1a2ce939ad22a6e685edde85128d",
+  "67e3aa7a14fac8445d15e45e38a523481a69ae35513c9e4143eb1c2196729a0e",
+  "d51385942033a76dc17f089a59e6a5a7fe80d9c526ae8ddd8c3a506b99d3d0a6",
+  "5c8eac469bb3f1b85bc7cd893f52dc42a9ab66f1b02b5ce6a68e9b175d3bb433",
+  "eda433d483059b6d1ff8b7cfbd0fe406bfb23722c8f3c8252629284573b61b86",
+  "4377c40431c30883c5fbd9bc92ae48d1ed8a47b81d13806beac5351739b5533d",
+  "c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b",
+};
+
+/**
+ * Secret ed25519 keys after expansion from seeds. This is how Tor
+ * represents them internally.
+ */
+static const char *ED25519_EXPANDED_SECRET_KEYS[] = {
+  "c0a4de23cc64392d85aa1da82b3defddbea946d13bb053bf8489fa9296281f495022f1"
+      "f7ec0dcf52f07d4c7965c4eaed121d5d88d0a8ff546b06116a20e97755",
+  "18a8a69a06790dac778e882f7e868baacfa12521a5c058f5194f3a729184514a2a656f"
+      "e7799c3e41f43d756da8d9cd47a061316cfe6147e23ea2f90d1ca45f30",
+  "58d84f8862d2ecfa30eb491a81c36d05b574310ea69dae18ecb57e992a896656b98218"
+      "7ee96c15bf4caeeab2d0b0ae4cd0b8d17470fc7efa98bb26428f4ef36d",
+  "50702d20b3550c6e16033db5ad4fba16436f1ecc7485be6af62b0732ceb5d173c47ccd"
+      "9d044b6ea99dd99256adcc9c62191be194e7cb1a5b58ddcec85d876a2b",
+  "7077464c864c2ed5ed21c9916dc3b3ba6256f8b742fec67658d8d233dadc8d5a7a82c3"
+      "71083cc86892c2c8782dda2a09b6baf016aec51b689183ae59ce932ff2",
+  "8883c1387a6c86fc0bd7b9f157b4e4cd83f6885bf55e2706d2235d4527a2f05311a359"
+      "5953282e436df0349e1bb313a19b3ddbf7a7b91ecce8a2c34abadb38b3",
+  "186791ac8d03a3ac8efed6ac360467edd5a3bed2d02b3be713ddd5be53b3287ee37436"
+      "e5fd7ac43794394507ad440ecfdf59c4c255f19b768a273109e06d7d8e",
+  "b003077c1e52a62308eef7950b2d532e1d4a7eea50ad22d8ac11b892851f1c40ffb9c9"
+      "ff8dcd0c6c233f665a2e176324d92416bfcfcd1f787424c0c667452d86",
+};
+
+/**
+ * Public keys derived from the above secret keys
+ */
+static const char *ED25519_PUBLIC_KEYS[] = {
+  "c2247870536a192d142d056abefca68d6193158e7c1a59c1654c954eccaff894",
+  "1519a3b15816a1aafab0b213892026ebf5c0dc232c58b21088d88cb90e9b940d",
+  "081faa81992e360ea22c06af1aba096e7a73f1c665bc8b3e4e531c46455fd1dd",
+  "73cfa1189a723aad7966137cbffa35140bb40d7e16eae4c40b79b5f0360dd65a",
+  "66c1a77104d86461b6f98f73acf3cd229c80624495d2d74d6fda1e940080a96b",
+  "d21c294db0e64cb2d8976625786ede1d9754186ae8197a64d72f68c792eecc19",
+  "c4d58b4cf85a348ff3d410dd936fa460c4f18da962c01b1963792b9dcc8a6ea6",
+  "95126f14d86494020665face03f2d42ee2b312a85bc729903eb17522954a1c4a",
+};
+
+/**
+ * The curve25519 public keys from which the ed25519 keys can be
+ * derived.  Used to test our 'derive ed25519 from curve25519'
+ * code.
+ */
+static const char *ED25519_CURVE25519_PUBLIC_KEYS[] = {
+  "17ba77846e04c7ee5ca17cade774ac1884408f9701f439d4df32cbd8736c6a1f",
+  "022be2124bc1899a78ba2b4167d191af3b59cadf94f0382bc31ce183a117f161",
+  "bf4fd38ef22f718f03c0a12ba5127bd1e3afd494793753f519728b29cc577571",
+  "56c493e490261cef31633efd2461d2b896908e90459e4eecde950a895aef681d",
+  "089675a3e8ff2a7d8b2844a79269c95b7f97a4b8b5ea0cbeec669c6f2dea9b39",
+  "59e20dcb691c4a345fe86c8a79ac817e5b514d84bbf0512a842a08e43f7f087e",
+  "9e43b820b320eda35f66f122c155b2bf8e2192c468617b7115bf067d19e08369",
+  "861f33296cb57f8f01e4a5e8a7e5d5d7043a6247586ab36dea8a1a3c4403ee30",
+};
+
+/**
+ * Parameters used for key blinding tests. Randomly generated.
+ */
+static const char *ED25519_BLINDING_PARAMS[] = {
+  "54a513898b471d1d448a2f3c55c1de2c0ef718c447b04497eeb999ed32027823",
+  "831e9b5325b5d31b7ae6197e9c7a7baf2ec361e08248bce055908971047a2347",
+  "ac78a1d46faf3bfbbdc5af5f053dc6dc9023ed78236bec1760dadfd0b2603760",
+  "f9c84dc0ac31571507993df94da1b3d28684a12ad14e67d0a068aba5c53019fc",
+  "b1fe79d1dec9bc108df69f6612c72812755751f21ecc5af99663b30be8b9081f",
+  "81f1512b63ab5fb5c1711a4ec83d379c420574aedffa8c3368e1c3989a3a0084",
+  "97f45142597c473a4b0e9a12d64561133ad9e1155fe5a9807fe6af8a93557818",
+  "3f44f6a5a92cde816635dfc12ade70539871078d2ff097278be2a555c9859cd0",
+};
+
+/**
+ * Blinded secret keys for testing key blinding.  The nth blinded
+ * key corresponds to the nth secret key blidned with the nth
+ * blinding parameter.
+ */
+static const char *ED25519_BLINDED_SECRET_KEYS[] = {
+  "014e83abadb2ca9a27e0ffe23920333d817729f48700e97656ec2823d694050e171d43"
+      "f24e3f53e70ec7ac280044ac77d4942dee5d6807118a59bdf3ee647e89",
+  "fad8cca0b4335847795288b1452508752b253e64e6c7c78d4a02dbbd7d46aa0eb8ceff"
+      "20dfcf53eb52b891fc078c934efbf0353af7242e7dc51bb32a093afa29",
+  "116eb0ae0a4a91763365bdf86db427b00862db448487808788cc339ac10e5e089217f5"
+      "2e92797462bd890fc274672e05c98f2c82970d640084781334aae0f940",
+  "bd1fbb0ee5acddc4adbcf5f33e95d9445f40326ce579fdd764a24483a9ccb20f509ece"
+      "e77082ce088f7c19d5a00e955eeef8df6fa41686abc1030c2d76807733",
+  "237f5345cefe8573ce9fa7e216381a1172796c9e3f70668ab503b1352952530fb57b95"
+      "a440570659a440a3e4771465022a8e67af86bdf2d0990c54e7bb87ff9a",
+  "ba8ff23bc4ad2b739e1ccffc9fbc7837053ea81cdfdb15073f56411cfbae1d0ec492fc"
+      "87d5ec2a1b185ca5a40541fdef0b1e128fd5c2380c888bfa924711bcab",
+  "0fa68f969de038c7a90a4a74ee6167c77582006f2dedecc1956501ba6b6fb10391b476"
+      "8f8e556d78f4bdcb9a13b6f6066fe81d3134ae965dc48cd0785b3af2b8",
+  "deaa3456d1c21944d5dcd361a646858c6cf9336b0a6851d925717eb1ae186902053d9c"
+      "00c81e1331c06ab50087be8cfc7dc11691b132614474f1aa9c2503cccd",
+};
+
+/**
+ * Blinded public keys for testing key blinding.  The nth blinded
+ * key corresponds to the nth public key blidned with the nth
+ * blinding parameter.
+ */
+static const char *ED25519_BLINDED_PUBLIC_KEYS[] = {
+  "722d6da6348e618967ef782e71061e27163a8b35f21856475d9d2023f65b6495",
+  "1dffa0586da6cbfcff2024eedf4fc6c818242d9a82dbbe635d6da1b975a1160d",
+  "5ed81f98fed5a6acda4ea6da2c34fab0ab359d950c510c256473f1f33ff438b4",
+  "6e6f92a54fb282120c46d9603df41135f025bc1f58f283809d04be96aeb04040",
+  "cda236f28edc4c7e02d18007b8dab49d669265b0f7aefb1824d7cc8e73a2cd63",
+  "367b03b17b67ca7329b89a520bdab91782402a41cd67264e34b5541a4b3f875b",
+  "8d486b03ac4e3b486b7a1d563706c7fdac75aee789a7cf6f22789eedeff61a31",
+  "9f297ff0aa2ceda91c5ab1b6446f12533d145940de6d850dc323417afde0cb78",
+};
+
+/**
+ * Signatures of the public keys, made with their corresponding
+ * secret keys.
+ */
+static const char *ED25519_SELF_SIGNATURES[] = {
+  "d23188eac3773a316d46006fa59c095060be8b1a23582a0dd99002a82a0662bd246d84"
+      "49e172e04c5f46ac0d1404cebe4aabd8a75a1457aa06cae41f3334f104",
+  "3a785ac1201c97ee5f6f0d99323960d5f264c7825e61aa7cc81262f15bef75eb4fa572"
+      "3add9b9d45b12311b6d403eb3ac79ff8e4e631fc3cd51e4ad2185b200b",
+  "cf431fd0416bfbd20c9d95ef9b723e2acddffb33900edc72195dea95965d52d888d30b"
+      "7b8a677c0bd8ae1417b1e1a0ec6700deadd5d8b54b6689275e04a04509",
+  "2375380cd72d1a6c642aeddff862be8a5804b916acb72c02d9ed052c1561881aa658a5"
+      "af856fcd6d43113e42f698cd6687c99efeef7f2ce045824440d26c5d00",
+  "2385a472f599ca965bbe4d610e391cdeabeba9c336694b0d6249e551458280be122c24"
+      "41dd9746a81bbfb9cd619364bab0df37ff4ceb7aefd24469c39d3bc508",
+  "e500cd0b8cfff35442f88008d894f3a2fa26ef7d3a0ca5714ae0d3e2d40caae58ba7cd"
+      "f69dd126994dad6be536fcda846d89dd8138d1683cc144c8853dce7607",
+  "d187b9e334b0050154de10bf69b3e4208a584e1a65015ec28b14bcc252cf84b8baa9c9"
+      "4867daa60f2a82d09ba9652d41e8dde292b624afc8d2c26441b95e3c0e",
+  "815213640a643d198bd056e02bba74e1c8d2d931643e84497adf3347eb485079c9afe0"
+      "afce9284cdc084946b561abbb214f1304ca11228ff82702185cf28f60d",
+};
+
diff --git a/src/test/example_extrainfo.inc b/src/test/example_extrainfo.inc
new file mode 100644
index 0000000000..e096afd6c4
--- /dev/null
+++ b/src/test/example_extrainfo.inc
@@ -0,0 +1,425 @@
+static const char EX_EI_MINIMAL[] =
+  "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n"
+  "V3l9u1uUdGiUPOl8j+hRNw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n"
+  "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_MINIMAL_FP[] = "3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B";
+static const char EX_EI_MINIMAL_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALSppIF3t3wOAm4fzxRvK+q/wh1gGAWwS0JEn8d+c/x+rt1oQabGkqsB\n"
+  "GU6rz1z1AN02W0P2+EcyJQVBjGR3gHQNoDGx0KIdnr3caGAw3XmQXrJLPaViEk28\n"
+  "RJMxx6umpP27YKSyEMHgVTDXblKImT0mE7fVOx8tD0EWRYazmp4NAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static const char EX_EI_MAXIMAL[] =
+  "extra-info bob FF8248FE780A7236D3FA5D62DEA642055135F942\n"
+  "published 2014-10-05 20:07:00\n"
+  "opt foobarbaz\n"
+  "read-history 900 1,2,3\n"
+  "write-history 900 1,2,3\n"
+  "dirreq-v2-ips 1\n"
+  "dirreq-v3-ips 100\n"
+  "dirreq-v3-reqs blahblah\n"
+  "dirreq-v2-share blahblah\n"
+  "dirreq-v3-share blahblah\n"
+  "dirreq-v2-resp djfkdj\n"
+  "dirreq-v3-resp djfkdj\n"
+  "dirreq-v2-direct-dl djfkdj\n"
+  "dirreq-v3-direct-dl djfkdj\n"
+  "dirreq-v2-tunneled-dl djfkdj\n"
+  "dirreq-v3-tunneled-dl djfkdj\n"
+  "dirreq-stats-end foobar\n"
+  "entry-ips jfsdfds\n"
+  "entry-stats-end ksdflkjfdkf\n"
+  "cell-stats-end FOO\n"
+  "cell-processed-cells FOO\n"
+  "cell-queued-cells FOO\n"
+  "cell-time-in-queue FOO\n"
+  "cell-circuits-per-decile FOO\n"
+  "exit-stats-end FOO\n"
+  "exit-kibibytes-written FOO\n"
+  "exit-kibibytes-read FOO\n"
+  "exit-streams-opened FOO\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "ZO79bLlWVNIruCnWW9duDcOKydPWbL5DfrpUv5IRLF4MMFoacMUdJPDUs9e+wY2C\n"
+  "zndHe6i2JK7yKJj+uCOSC8cx61OLG+kVxMLJ/qhA4H5thrYb+GpzMKwbHzQc3PTH\n"
+  "zHRzj041iWXTL7/DMaQlpJOBoac/wTSIKzoV2B00jBw=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_MAXIMAL_FP[] = "FF8248FE780A7236D3FA5D62DEA642055135F942";
+static const char EX_EI_MAXIMAL_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANSpkYhHUW1EqodY4d3JRbvEM1vjjR/vEE8gjONiJ5t2Sten53jzt8bh\n"
+  "8/VJn7pQGs8zR5CIxCw4P68xMtZJJedS3hhjqubheOE/yW1DtpkiCf+zVEaLpeA8\n"
+  "fYQChkRICnR/BZd4W9bbohLVII5ym2PaJt2ihB3FeVZIsGXm4wxhAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static const char EX_EI_BAD_SIG1[] =
+  "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n"
+  "V3l9u1uUdGiUPOl8j+hXXw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n"
+  "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_SIG2[] =
+  "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n"
+  "published 2014-10-06 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n"
+  "V3l9u1uUdGiUPOl8j+hRNw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n"
+  "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2R3EA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_SIG3[] =
+  "extra-info bob 3E1B2DC141F2B7C6A0F3C4ED9A14A9C35762E24B\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "K5GAkVjpUlofL78NIOE1VDxFn8yYbHK50rVuZG2HxqG/727bon+uMprv4MHjfDcP\n"
+  "V3l9u1uUdGiUPOl8j+hRNw4z/ODeCj/24r2+L32MTjyfUhK49Ld2IlK9iZKlgKYi\n"
+  "zyoatxdAjU8Xc5WPX692HO4/R9CGLsUfYcEEFU2=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_FP[] =
+  "extra-info bob C34293303F0F1E42CB14E593717B834E8E53797D8888\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "IDA8ryUYeMx7+Au/xQmX7Y8fXksoHUOXmePND2JYM4rPfishQJ1LpQ15KrolOZDH\n"
+  "FVIk3RmCefNlJeS1/UgWPcU8u2nGw1YQuRBHF4ViTmZ0OevI1pTsSApl4+oIx2dy\n"
+  "DGgCQmKfMbaOixIK8Ioh1Z2NUfMkjbUUE2WWgFTAsac=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_FP_FP[] = "C34293303F0F1E42CB14E593717B834E8E53797D";
+static const char EX_EI_BAD_FP_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKXMSbif4fG+BW/5lIq5V1tMRondIUfKiNizp0E6EcBw5LvYfQV6zrj8\n"
+  "HmMFbB/WGf9XGVMxIBzxzeQBRvCQJh+0QH7+ju5/isIHJZsACMILepr6ywmCcjVU\n"
+  "iYRtC8zGQLqfkf2cNoo7AhcI5i/YzyW2u1zmbPX5J+8sUErfxydbAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static const char EX_EI_BAD_NICKNAME[] =
+  "extra-info bobhasaverylongnameandidontthinkweshouldlethim A4EA2389A52459B3F7C7121A46012F098BDFC2A4\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "e2wLJFThRMGawxKrQPuH2XCLek/LJsg4XOB8waAjE0xdHOrzjur9x1jIxy7DVU6t\n"
+  "z1edbIoL24qucMJvFy2xjSQhFRX4OsyNc0nWr3LfJnTW9aEmxuwXM+mltUD2uFN1\n"
+  "2vYOIQjUmJwS2yfeSKnhXEl2PWVUmgzYL3r4S5kHco4=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_NICKNAME_FP[] = "A4EA2389A52459B3F7C7121A46012F098BDFC2A4";
+static const char EX_EI_BAD_NICKNAME_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKfq7oxD1kMu1+zeG2UVXN4vOu6FDp0V/olA3ttmXpUCgCiBxWTgtwNl\n"
+  "nPf0HcKMaCp/0D9XrbhvIoOsg0OTf1TcJfGsA/zPG7jrWYa4xhD50KYvty9EINK9\n"
+  "/UBWNSyXCFDMqnddb/LZ8+VgttmxfYkpeRzSSmDijN3RbOvYJhhBAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+const char EX_EI_BAD_TOKENS[] =
+  "extra-info bob 6F314FB01A31162BD5E473D4977AC570DC5B86BB\n"
+  "published 2014-10-05 20:07:00\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "lhRIafrkKoQmnUoBLiq4XC8XKXrleGJZ5vefkLcgjOJ5IffsvVdIA7Vqq/ISbPrG\n"
+  "b/Zs0sJNL6naHPxJBglgHJqksSyiYHaeOetXg2Rb+vZ1v2S5BrVgk1nPMDhyIzqc\n"
+  "zU7eCxFf/1sXKtWlEKxGdX4LmVfnIln5aI31Bc4xRrE=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+const char EX_EI_BAD_TOKENS_FP[] = "6F314FB01A31162BD5E473D4977AC570DC5B86BB";
+const char EX_EI_BAD_TOKENS_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL7Z8tz45Tb4tnEFS2sAyjubBV/giSfZdmXRkDV8Jo4xqWqhWFJn7+zN\n"
+  "AXBWBThGeVH2WXrpz5seNJXgZJPxMTMsrnSCGcRXZw0Npti2MkLuQ6+prZa+OPwE\n"
+  "OyC6jivtAaY/o9iYQjDC2avLXD3N4LvoygyF418KnNcjbzuFygffAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static const char EX_EI_BAD_START[] =
+  "published 2014-10-05 20:07:00\n"
+  "extra-info bob 5CCCACE71A9BDB5E8E0C942AB3407452350434C0\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "BOiWgexqCAMZ8uyJ7jwBwRkz7Ox8cT4BImkmkV3bQiZgcWvPiYA3EnCm2ye48Ldg\n"
+  "zBST2p6zJM5o4MEDYGMxfViS86Abj/z7DOY1gtLhjmAaVjIIpXc3koxEZtzCecqy\n"
+  "JQz6xEg9/KoEuoT0DRrfYQ+KtQfzBDWrotfOvEa1rvc=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_START_FP[] = "5CCCACE71A9BDB5E8E0C942AB3407452350434C0";
+static const char EX_EI_BAD_START_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAK2OCIfM6Cin/lq99Z3w9tl6HeyGlkBZu9MQEPHxqGIHTq78lIC1UkrC\n"
+  "6NTqlrHBV9dmfzdwJn4GgMWsCZafL0FPIH3HNyNKUxLgyjixyKljHx2rfErSfOxI\n"
+  "bMoOGBKv7m1EZZ0O5uG9ly9MBiNGdJyLdlnVvH7wSCnYciizpO4lAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static const char EX_EI_BAD_PUBLISHED[] =
+  "extra-info bob E67C477E3536BDE348BD407426D9679E5AE0BC16\n"
+  "published 2014-99-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "l45IziBaXRKIjPAIUogMFNjQgH6k6Vm0+6r5+oByr4sP+B3ufNdUA6+WqBs43F0Z\n"
+  "IqcJiT9nFn0DuNd/liOyOCixppDLx5h5NrhoGqcT3ySADEEXhzjlmc35TI3YBNVO\n"
+  "v98fotmwIEg9YRWVGPg6XuIn2PRyiboFyjUpaYGCV0Q=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_EI_BAD_PUBLISHED_FP[] = "E67C477E3536BDE348BD407426D9679E5AE0BC16";
+static const char EX_EI_BAD_PUBLISHED_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL7q8GEI18iv8Fo0QbNHmFatQ2FNacalPldpmKUdMJYEVZtdOR0nhcrY\n"
+  "BvG6303md3INygg+KP49RvWEJR/cU4RZ9QfHpORxH2OocMyRedw2rLex2E7jNNSi\n"
+  "52yd1sHFYI8ZQ4aff+ZHUjJUGKRyqpbc8okVbq/Rl7vug0dd12eHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static const char EX_EI_GOOD_ED_EI[] =
+  "extra-info emma A692FE045C32B5E3A54B52882EF678A9DAC46A73\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AYgHn/OKR8GHBlscN5VkO73wA9jSci8QgTM30615ZT44AQAgBAC08woT\n"
+  "MBZpKzRcaoEJhEG7+RmuYtnB2+nODk9IRIs8ZoyYPTZ6dLzI+MLMmtzUuo/Wmvw0\n"
+  "PflTyCb2RlWitOEhAErWH3Z9UmYGnzM/COId0Fe3ScSriyvRoFnJY1+GVAQ=\n"
+  "-----END ED25519 CERT-----\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-sig-ed25519 a7K8nwfg+HrdlSGQwr9rnLBq0qozkyZZs6d6aiLEiXGdhV1r9KJncmlQ5SNoY/zMQlyQm8EV5rCyBiVliKQ1Bw\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "GvmCmIGgbC1DeawRyRuChy62VmBOG0EviryG/a2qSZiFy0iPPwqSp5ZyZDQEIEId\n"
+  "kkk1zPzK1+S3fmgOAXyXGH0r4YFkoLGnhMk07BoEwi6HEXzjJsabmcNkOHfaOWgs\n"
+  "/5nvnLfcmxL4c6FstZ7t9VQpE06y3GU0zwBeIy1qjp0=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  ;
+const char EX_EI_GOOD_ED_EI_FP[] = "A692FE045C32B5E3A54B52882EF678A9DAC46A73";
+static const char EX_EI_GOOD_ED_EI_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM3jdYwjwGxDWYj/vyFkQT7RgeCNIn89Ei6D2+L/fdtFnqrMXOreFFHL\n"
+  "C7CK2v2uN3v+uXxfb5lADz3NcalxJrCfGTGtaBk7PwMZraTSh2luFKOvSRBQCmB1\n"
+  "yD5N0QqnIhBJoGr6NITpbWyiTKWvYLjl9PZd9af8e8jQCAa5P1j1AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+
+static const char EX_EI_ED_MISSING_SIG[] =
+  "extra-info rachel 2A7521497B91A8437021515308A47491164EDBA1\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AT2/T71LFYHiI1ppwNiuaewIu2Hq+GWWQ85O8gpWcUxeAQAgBAC2dgYu\n"
+  "moxhtuip7GVlthT9iomZKba1IllVa7uE1u2uO9BUYZQWXciFt7OnNzMH5mlffwxB\n"
+  "1dWCl+G5nbOsV5jYLbfhrF5afZotf+EQTfob4cCH79AV223LPcySbTHTtQ4=\n"
+  "-----END ED25519 CERT-----\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "oypRD2IZQ5EttOE8dvofrW80nnBfijSkvYzBrM6H4KVeayRYvWfmi96dYO6ybMqm\n"
+  "Yp7Gs3ngqeeNdfHtkRPuQVUXUGYZgBTvYItuagnFlFgRqaHy0knwUIVOL35eqWYx\n"
+  "xSbQKA7fglxEDMFs/RK7FRP4dWc731ZMt5wzzfJHZ8E=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  ;
+const char EX_EI_ED_MISSING_SIG_FP[] = "2A7521497B91A8437021515308A47491164EDBA1";
+static const char EX_EI_ED_MISSING_SIG_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOOB8ccxbtk2dB5FuKFhGndDcO6STNjB6KiG0b9X2QwKrOZMfmXSigto\n"
+  "mtC1JfPTxECayRjLSiP/9UD8iTVvlcnc8mMWBGM12Pa/KoCZRn7McHI3JJ7n9lfn\n"
+  "qw9+iZ9b/rBimzOb3W6k3uxzg9r8secdq4jJwTnwSjTObgxZtC8/AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+
+static const char EX_EI_ED_MISSING_CERT[] =
+  "extra-info lynne E88E43E86015345A323D93D825C33E4AD1028F65\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-sig-ed25519 H4gKIKm5K9Pfkriy7SlMUD6BdYVp6B5mXKzR/rTyYlpH0tEZ4Fx2hlHNfNNdWXJieXzKZQZo8e7SOVzvrAC3CQ\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "dIrbQjK5T9t5KM8CpsMF85hh2i060oPIxzYQMgE1q4j99dtb/n7SE8nhj1Sjij4D\n"
+  "7JvTjGdLHi3bFSxXaSmla0wxD9PUYFN7VsBQmwSaDrqrzJFb1SGwZuzW1IEZ7BBi\n"
+  "H0czsxEteg5hcNRwISj5WVthuWmau9v13MijtZGSK40=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  "\n"
+  ;
+const char EX_EI_ED_MISSING_CERT_FP[] = "E88E43E86015345A323D93D825C33E4AD1028F65";
+static const char EX_EI_ED_MISSING_CERT_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALjA/geb0TR9rp/UPvLhABQpB0XUDYuZAnLkrv+i7AAV7FemTDveEGnc\n"
+  "XdXNSusO1mHOquvr0YYKPhwauInxD56S8QOzLYiWWajGq8XHARQ33b4/9K2TUrAx\n"
+  "W9HTHV1U1zrPlCJtrkbjxsYoHpUg5ljzM7FGYGY5xuvyHu18SQvzAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+static const char EX_EI_ED_BAD_CERT1[] =
+  "extra-info marcie F78D8A655607D32281D02144817A4F1D26AE520F\n"
+  "identity-ed25519\n"
+  "-----BEGIN PLAGICAL SPELL-----\n"
+  "aaaa\n"
+  "-----END PLAGICAL SPELL\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-sig-ed25519 KQJ+2AH7EkkjrD0RtDtUAIr+Vc7wndwILYnoUxFLSJiTP+5fMi54eFF/f1OgkG8gYyTh8phMij9WOxK/dsOpBg\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "XWD+P25AH6moi79j20Si3hqKGcJDws+FORL1MTu+GeJLV1mp5CR9N83UH4ffulcL\n"
+  "CpSSBDL/j74HqapzW7QvBx3FilaNT55GvcobZDFK4TKkCEyEmcuWKpEceBS7JTTV\n"
+  "SvwZeOObTjWPafELbsc/gI9Rh5Idwu7mZt3ZVntCGaQ=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+const char EX_EI_ED_BAD_CERT1_FP[] = "F78D8A655607D32281D02144817A4F1D26AE520F";
+static const char EX_EI_ED_BAD_CERT1_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMlR46JhxsCmWYtmIB/JjTV2TUYIhJLmHy+X7FfkK3ZVQvvl9/3GSXFL\n"
+  "3USfyf3j34XLh8An7pJBi9LAHkIXgnRbglCud7dXoexabmC+c2mSbw5RnuxDGEwz\n"
+  "krXUph/r2b+2UY1CgEt28nFigaHrIQbCmF4szFX/2GPYCLi5SrRNAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+static const char EX_EI_ED_BAD_CERT2[] =
+  "extra-info jaeger 7C2B42E783C4E0EB0CC3BDB37385D16737BACFBD\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55Acpw27GZBdwGCgawCj2F/DPadt8F/9DnEWywEew1Yi3qAOtLpCB8KXL7\n"
+  "4w5deFW2RBg8qTondNSUvAmwYLbLjNXMmgA3+nkoJOP3fcmQMHz1jm5xzgs2lCVP\n"
+  "t5txApaBIA4=\n"
+  "-----END ED25519 CERT-----\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-sig-ed25519 DRQ4MLOGosBbW8M+17klNu8uWVkPxErmmEYoSo6OuH2Tzrcs6sUY+8Xi2qLoV1SbOugJ214Htl0I+6ceag+vBA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "DfdA+DbuN9nVJNujuSY5wNCDLk7Hfzkrde/sK0hVmZRvivtpF/Fy/dVQHHGNFY5i\n"
+  "L1cESAgq9HLdbHU+hcc08XXxTIaGwvoklcJClcG3ENVBWkTXbJNT+ifr7chEagIi\n"
+  "cVrtU6RVmzldSbyir8V/Z4S/Cm67gYAgjM5gfoFUqDs=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+const char EX_EI_ED_BAD_CERT2_FP[] = "7C2B42E783C4E0EB0CC3BDB37385D16737BACFBD";
+static const char EX_EI_ED_BAD_CERT2_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALAM1F/0XJEsbxIQqb3+ObX/yGVnq9of8Q9sLsmxffD6hwVpCqnV3lTg\n"
+  "iC6+xZ/bSlTGLPi0k8QLCaTmYxgKwmlMPpbQZ4kpZUrsb9flKdChMN7w8hd48pY9\n"
+  "lu8QiAEgErsl5rCCJIHHjrxxM/Cnd0TnedRnj/Z2YqpNx/ggsmsRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+static const char EX_EI_ED_BAD_SIG1[] =
+  "extra-info vary 5AC3A538FEEFC6F9FCC5FA0CE64704396C30D62A\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AbPp++GrRb6WphSu+PkMaYsqY/beiLBmtiV3YP5i2JkKAQAgBABKXjg1\n"
+  "aiz2JfQpNOG308i2EojnUAZEk0C0x9g2BAAXGL63sv3eO/qrlytsG1x2hkcamxFn\n"
+  "LmfZBb/prqe1Vy4wABuhqWHAUtM29vXR6lpiCJeddt9Pa8XVy/tgWLX6TAw=\n"
+  "-----END ED25519 CERT-----\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-sig-ed25519 a7K8nwfg+HrdlSGQwr9rnLBq0qozkyZZs6d6aiLEiXGdhV1r9KJncmlQ5SNoY/zMQlyQm8EV5rCyBiVliKQ1Bw\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "xhZX8Qmgft51NJ7eMd4vrESzf/VdxDrBz7hgn8K+5bLtZUksG0s6s7IyGRYWQtp4\n"
+  "/7oc9sYe3lcQiUN2K7DkeBDlL8Pcsl8aIlKuujWomCE3j0TIu+8XK6oJeo7eYic+\n"
+  "IA7EwVbdZsKsW5/eJVzbX2eO0a5zyJ5RIYotFNYNCSE=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+const char EX_EI_ED_BAD_SIG1_FP[] = "5AC3A538FEEFC6F9FCC5FA0CE64704396C30D62A";
+static const char EX_EI_ED_BAD_SIG1_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMvb6SuoIkPfBkJgQuo5aQDepAs1kEETZ9VXotMlhB0JJikrqBrAAz+7\n"
+  "rjIJ4JsBaeQuN0Z5ksXk2ebxtef7oMIUs37NfekLQHbNR0VsXkFXPEGmOAqpZjW0\n"
+  "P524eHqybWYZTckvZtUvKI3xYGD6kEEkz4qmV6dcExU1OiAYO9jrAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+static const char EX_EI_ED_BAD_SIG2[] =
+  "extra-info coward 7F1D4DD477E340C6D6B389FAC26EDC746113082F\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf56AZkSDiFZ1QaiLJhcKdFDE5Kei/sPaPEIEoPMGP4BvOVXAQAgBAAlRLzx\n"
+  "U029tgIL9BRe47MVgcPJGy48db6ntzhjil7iOnWKT70z2LorUD5CZoLJs72TjB6r\n"
+  "8+HYNyFLEM6dvytWZf9NA5gLdhogbFcUk/R3gbNepmCF7XoZjbhPIp8zOwg=\n"
+  "-----END ED25519 CERT-----\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-sig-ed25519 yfV+GySMIP1fw1oVa1C1de4XOWBqT4pUtEmSHq1h+WrLBNCh3/HZWvNC/denf2YVntuQrMLCJEv5ZaFKU+AIDQ\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "g+BWq69i9CP19va2cYMAXCQ6jK3IG0VmNYspjjUFgmFpJKGG6bHeOkuy1GXp47fG\n"
+  "LzZ3OPfJLptxU5AOQDUUYf25hu9uSl6gyknCzsszFs5n6ticuNejvcpzw6UfO1LP\n"
+  "5u+mGJlgpcMtmSraImDZrRipmZ3oRWvEULltlvzGQcQ=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+const char EX_EI_ED_BAD_SIG2_FP[] = "7F1D4DD477E340C6D6B389FAC26EDC746113082F";
+static const char EX_EI_ED_BAD_SIG2_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALzOyfCEUZnvCyhlyMctPkdXg/XRE3Cr6QgyzdKf5kQbUiu2n0FgSHOX\n"
+  "iP5gfq8sO9eVeTPZtjE7/+KiR8aQJECy+eoye+lpsfm3tXpLxnpOIgL4DlURxlo/\n"
+  "rfCyv30SYBN9j62qgU9m6U2ydI0tH7/9Ep8yIY/QL8me8VAjLbf/AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+
+static const char EX_EI_ED_MISPLACED_CERT[] =
+  "extra-info msselene 3B788BD0CE348BC5CED48313307C78175EB6D0F3\n"
+  "published 2014-10-05 20:07:00\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AWBcqjzLESDuLNGsqQ/tHn32XueXwj2fDlgEy/kQNVf/AQAgBAAFOegg\n"
+  "XY1LR82xE9ohAYJxYpwJJw0YfXsBhGHqfakEoBtSgFJ3cQAUXZQX4lX6G8IxAlQB\n"
+  "7Rj7dPQuQRUmqD1yyKb/ScBgCa8esxlhNlATz47kRNR38A3TcoJ4c1Zv6AE=\n"
+  "-----END ED25519 CERT-----\n"
+  "router-sig-ed25519 Q52JKH9/iMsr1jIPlWHHxakSBvyqjT1gzL944vad4OhzCZuNuAYGWyWSGzTb1DVmBqqbAUq73TiZKAz77YLNCQ\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "YplvAIwExGf5/L8AoroVQXtGm+26EffrxKBArMKn0zS1NOOie1p0oF/+qJg+rNWU\n"
+  "6cv3Anf188EXGlkUOddavgVH8CQbvve2nHSfIAPxjgEX9QNXbM5CiaMwgpCewXnF\n"
+  "UoNBVo5tydeLHVns15MBg/JNIxUQMd6svMoPp2WqmaE=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+const char EX_EI_ED_MISPLACED_CERT_FP[] = "3B788BD0CE348BC5CED48313307C78175EB6D0F3";
+static const char EX_EI_ED_MISPLACED_CERT_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALTwNqhTprg1oC6bEbDqwIYBoER6prqUXQFbwbFDn+ekXhZj8vltgGwp\n"
+  "aDGl9ceZWDKfi+reR6rZXjAJGctmv0VHkfe7maUX4FC/d2T8N8DvS+3IvJzFMpbT\n"
+  "O0fFrDTrCSnPikqFfQWnlP8yoF5vO7wo0jRRY432fLRXg9WqVzdrAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+static const char EX_EI_ED_MISPLACED_SIG[] =
+  "extra-info grazie 384E40A5DEED4AB1D8A74F1FCBDB18B7C24A8284\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AcGuIBoa6TBqD8Gg5atcwp/+r9ThxIBkULmPv9OSGhv+AQAgBACXH13y\n"
+  "mUvdpcN6oRN1nX6mnH40LyfYR5um8xogJZk3oINse5cRNrfMgVWiBpDlJZAwlDDa\n"
+  "lx99hzuZBong+CiOcnEvLMsBaVJmNTm5mpdetYclZpl0g8QEXznXXeRBMgM=\n"
+  "-----END ED25519 CERT-----\n"
+  "router-sig-ed25519 TxuO86dQ3pUaIY2raQ3hoDBmh4TTPC0OVgY98T5cf6Y+sHyiELCkkKQ3lqqXCjqnbTLr1/4riH980JoWPpR+Dw\n"
+  "published 2014-10-05 20:07:00\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "kV2CtArl1VF1nUSyHL00mO3nEdNxlQU5N7/hZNTd+45lej5Veb+6vb4ujelsFERJ\n"
+  "YoxwIs6SuKAR4orQytCL0e+GgZsrg8zGTveEtMX/+u//OcCwQBYEevR5duBZjVw/\n"
+  "yzpEHwdIdB2PPyDBLkf1VKnP7uDj059tXiQRWl7LXgE=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+const char EX_EI_ED_MISPLACED_SIG_FP[] = "384E40A5DEED4AB1D8A74F1FCBDB18B7C24A8284";
+static const char EX_EI_ED_MISPLACED_SIG_KEY[] =
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAK0HgOCG/6433VCrwz/vhk3cKmyOfenCp0GZ4DIUwPWt4DeyP4nTbN6T\n"
+  "1HJ1H8+hXC9bMuI4m43IWrzgLycQ9UaskUn372ZjHP9InPqHMJU6GQ7vZUe9Tgza\n"
+  "qnBdRPoxnrZzUOzlvatGrePt0hDiOZaMtDAkeEojFp9Wp2ZN7+tZAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  ;
+
diff --git a/src/test/failing_routerdescs.inc b/src/test/failing_routerdescs.inc
new file mode 100644
index 0000000000..e2b72c58a0
--- /dev/null
+++ b/src/test/failing_routerdescs.inc
@@ -0,0 +1,1569 @@
+/* This one actually succeeds */
+static const char EX_RI_MINIMAL[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAObzT4opT9uaThByupbb96tYxVpGxzL9CRPKUcU0beGpHyognD9USHWc\n"
+  "SpSpKfBL5P3xr2i/XTs34M4UTbT9PE7bVyxv7RD/BZmI4gc8R3PMU77xxbpEU5bK\n"
+  "LF3QUPpuB88m/2fXUGgMNVDc5MIq6pod2NRoDpeU7WA8T3ewXzK5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM1QKsQiup9DNMCgNeE2FkAhCWzpMZKCn1nNlZbDGfE3Z22ex6bdWWY6\n"
+  "ocEZ3JZDsZsnaZrdYxrL3Mquq7MbHdfx90EdlOvDRP1SAIbZ55mLR77fZTu4BKd/\n"
+  "h9BC6I26uZE0QavFq3+BhoVVhVn5Mqv05nR9CeUMSSZLxw/RJm4DAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Ft/y3JXowjItgfTHwYcZzuUgXrskluoINW5sr+GQoNYE2F4sT8o0tBBJwqJ6FwKd\n"
+  "fkIprv9UXqkv5iY+pXSYSI12mY1K5GMNkXiObk46NjuoNNP9l8oidhO6eNfcE+k3\n"
+  "CRIYS4FbBaD0fWUSwgMuo0Bp83/Wzp3B9ytEBh0/624=\n"
+  "-----END SIGNATURE-----\n";
+
+/* So does this, and it's bigger. */
+static const char EX_RI_MAXIMAL[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANNI56H+b7SW5LMzvXyY5NJzXszsHZZ4O1CPm4CePhBsAz1r0s1JYJ1F\n"
+  "Anrc0mEcLtmj0c5+HnhPBNrfpjO6G94Wp3NZMVykHDhfNVDBRyFZMroG8/GlysYB\n"
+  "MQPGQYR0xBgiuclNHoyk/vygQhZekumamu2O86EIPcfg9LhGIgEbAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALvuNVSmg6R9USFbQcNbRjMCJAV0Rwdv0DlS6Rl02ibJgb01G7v391xE\n"
+  "d9Njzgf93n8gOrE195bkUbvS6k/DM3HFGgArq6q9AZ2LTbu3KbAYy1YPsSIh07kB\n"
+  "/8kkvRRGx37X9WGZU3j5VUEuzqI//xDE9lbanlnnFXpnb6ymehDJAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject 127.0.0.1:*\n"
+  "accept *:80\n"
+  "reject *:*\n"
+  "ipv6-policy accept 80,100,101\n"
+  "ntor-onion-key s7rSohmz9SXn8WWh1EefTHIsWePthsEntQi0WL+ScVw\n"
+  "uptime 1000\n"
+  "hibernating 0\n"
+  "unrecognized-keywords are just dandy in this format\n"
+  "platform Tor 0.2.4.23 on a Banana PC Jr 6000 Series\n"
+  "contact O.W.Jones\n"
+  "fingerprint CC43 DC8E 8C9E 3E6D 59CD 0399 2491 0C8C E1E4 50D2\n"
+  "read-history 900 1,2,3,4\n"
+  "write-history 900 1,2,3,4\n"
+  "extra-info-digest AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
+  "hidden-service-dir\n"
+  "allow-single-hop-exits\n"
+  "family $AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\n"
+  "caches-extra-info\n"
+  "or-address [::1:2:3:4]:9999\n"
+  "or-address 127.0.0.99:10000\n"
+  "opt fred is a fine router\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "x5cxL2h2UsEKk2OVnCTxOF8a89HAe/HwQnSlrBy8+l0YdVCcePDJhm1WyWU7ToHZ\n"
+  "K8auwreuw+u/n14sQHPYrM9NQE689hP4LC9AYOnrCnMHysfVqKuou+DSKYYRgs0D\n"
+  "ySCmJ9p+xekfmms+JBmS5o5DVo48VGlG0VksegoB264=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+/* I've messed with 12 bits of the signature on this one */
+static const char EX_RI_BAD_SIG1[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAObzT4opT9uaThByupbb96tYxVpGxzL9CRPKUcU0beGpHyognD9USHWc\n"
+  "SpSpKfBL5P3xr2i/XTs34M4UTbT9PE7bVyxv7RD/BZmI4gc8R3PMU77xxbpEU5bK\n"
+  "LF3QUPpuB88m/2fXUGgMNVDc5MIq6pod2NRoDpeU7WA8T3ewXzK5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM1QKsQiup9DNMCgNeE2FkAhCWzpMZKCn1nNlZbDGfE3Z22ex6bdWWY6\n"
+  "ocEZ3JZDsZsnaZrdYxrL3Mquq7MbHdfx90EdlOvDRP1SAIbZ55mLR77fZTu4BKd/\n"
+  "h9BC6I26uZE0QavFq3+BhoVVhVn5Mqv05nR9CeUMSSZLxw/RJm4DAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Ft/y3JXowjItgfTHwYcZzuUgXrskluoINW5sr+GQoNYE2F4sT8o0tBBJwqJ6FwKd\n"
+  "fkIprv9UXqkv5iY+pXSYXX12mY1K5GMNkXiObk46NjuoNNP9l8oidhO6eNfcE+k3\n"
+  "CRIYS4FbBaD0fWUSwgMuo0Bp83/Wzp3B9ytEBh0/624=\n"
+  "-----END SIGNATURE-----\n";
+
+/* This is a good signature of the wrong data: I changed 'published' */
+static const char EX_RI_BAD_SIG2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAObzT4opT9uaThByupbb96tYxVpGxzL9CRPKUcU0beGpHyognD9USHWc\n"
+  "SpSpKfBL5P3xr2i/XTs34M4UTbT9PE7bVyxv7RD/BZmI4gc8R3PMU77xxbpEU5bK\n"
+  "LF3QUPpuB88m/2fXUGgMNVDc5MIq6pod2NRoDpeU7WA8T3ewXzK5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM1QKsQiup9DNMCgNeE2FkAhCWzpMZKCn1nNlZbDGfE3Z22ex6bdWWY6\n"
+  "ocEZ3JZDsZsnaZrdYxrL3Mquq7MbHdfx90EdlOvDRP1SAIbZ55mLR77fZTu4BKd/\n"
+  "h9BC6I26uZE0QavFq3+BhoVVhVn5Mqv05nR9CeUMSSZLxw/RJm4DAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:01\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Ft/y3JXowjItgfTHwYcZzuUgXrskluoINW5sr+GQoNYE2F4sT8o0tBBJwqJ6FwKd\n"
+  "fkIprv9UXqkv5iY+pXSYSI12mY1K5GMNkXiObk46NjuoNNP9l8oidhO6eNfcE+k3\n"
+  "CRIYS4FbBaD0fWUSwgMuo0Bp83/Wzp3B9ytEBh0/624=\n"
+  "-----END SIGNATURE-----\n";
+
+/* This one will fail while tokenizing the first line. */
+static const char EX_RI_BAD_TOKENS[] =
+  "router bob\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANGCgvZc+JRtAzuzk3gBD2rH9SHrXzjJ1wqdU3tLKr7FamKCMI2pLwSA\n"
+  "FZUpTuSqB9wJ/iVcYws+/kA3FjLqgPtzJFI0SVLvQcz5oIC1rEWpuP6t88duMlO9\n"
+  "flOUzmYu29sBffrXkQr8pesYvakyXArOJVeRR7fSvouneV5aDYWrAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAML+pYZoYc+whKLijupd63xn0gzlEQqe7k07x/lWMqWFT37FfG6YeNr5\n"
+  "fpFoo77FDfuFaL+VfPfI8i88g157hcPKBVX6OyRH54+l5By0tN91S0H+abXjXQpv\n"
+  "U/Bvmul+5QpUeVJa1nPg71HRIauoDnBNexUQ7Xf/Bwb2xCt+IJ6DAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "tbxtYYzyVqi6w6jz1k8NPjFvZaSNR0WzixVTTvKKGoMPx/6+Z8QAFK1ILzRUVucB\n"
+  "nRhmZMFaPr3vREMErLRE47ODAzwoBCE9C+vYFvROhgfzuQ3cYXla+4sMaRXYZzjH\n"
+  "PQ82bTwvSbHsR8fTTgePD/Ac082WxXTGpx6HOLBfNsQ=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_BAD_PUBLISHED[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMoipSwZgTG6SpSOm6ENbyALS1Ljqqa1LSGmtHSRfGYgUQGWZXERXKQj\n"
+  "P5ql6o7EbGr1wnispGW/KB8Age09jGDvd/oGhQ9TDFluhLZon3obkZSFw7f9iA7Q\n"
+  "s29rNxoeXXLZVyS7+sux70b8x2Dt4CeG8GA8nQLljy1euwU+qYYJAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPzfzQ+2WFMUvnB3z0xD+zwczWcFyYYNW8Lj7/aRGSNN2DICp5uzSjKq\n"
+  "qkYQ+C8jG21+MR2PE+ZBmq6CL5mvlFKlWKouXUlN7BejwWf2gw0UYag0SYctae1b\n"
+  "bu8NuUEvdeGWg5Odgs+abH7U9S0hEtjKrmE5vvJS5L841IcaPLCFAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 99:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "G92pnwCIXGJ9Q0fI9y4m/fHpWCsD0Hnk81/6T4TmRH3jt77fc0uRdomUOC5id4kz\n"
+  "J2M4vqXwRs5OK+eaPbtxf8Yv6FPmB3OBNCIhwNHIIqzKQStHUhPxD3P6j8uJFwot\n"
+  "/CNGciDN+owZ2DzwrXpszDfzcyp/nmwhApbi3W601vY=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+/* Bandwidth field isn't an integer. */
+static const char EX_RI_BAD_BANDWIDTH[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAN32LAvXQaq0p554FcL4LVwnxyiZvscfuFnfpXwWTDRJJHd2+JCttWIx\n"
+  "v+eW7dNq+rq/tzSzaZwnp8b4V2skLRojSt6UUHD234eZcsPwUNhSr0y1eMuoZbnV\n"
+  "UBBPevpuXea85aSFEXXRlIpQfvFc43y3/UFoRzo5iMPqReo2uQ4BAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMBuF1GvOyVcRDNjzlEmGHJkTA7qkaWgTp33NSY/DPEJoahg0Qswuh2w\n"
+  "1YCBqem6Txp+/Vl9hoUoUGwb7Vwq0+YDMSyr0z3Ih2NcNjOMZPVtjJuv+3wXrQC8\n"
+  "LPpCpfU9m9QvhQ7f9zprEqUHOQTT0v5j2a5bpfd++6LFxrMUNwbfAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth hello world today\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "svABTGDNJOgaiPLqDlkRU6ldYJcoEe2qHlr4O30lVM2hS3Gg6o4QARL7QRt7VepT\n"
+  "SruR6pE83xOr7/5Ijq5PlamS4WtODMJSH3DXT2hM5dYYrEX5jsJNZTQ+cYwPQI3y\n"
+  "ykuvQIutH6ipz5MYc9n0GWAzDjLq1G8wlcEfFXQLD10=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+/* Onion key is actually a signature. */
+static const char EX_RI_BAD_ONIONKEY1[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANByIdFOKA3r2nnWyLjdZE8oGHqJE62T1zjW/nsCzCJQ8/kBMRYeGDu4\n"
+  "SeUJJ2rsh2t3PNzkqJM14f4DKmc2q76STsOW0Zcj70Bjhxb9r/OfyELVsi+x3CsE\n"
+  "Zo/W4JtdlVFjqevhODJdyFNLKOvqwG7sZo/K++Hx01Iu0zXLeg8nAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "svABTGDNJOgaiPLqDlkRU6ldYJcoEe2qHlr4O30lVM2hS3Gg6o4QARL7QRt7VepT\n"
+  "SruR6pE83xOr7/5Ijq5PlamS4WtODMJSH3DXT2hM5dYYrEX5jsJNZTQ+cYwPQI3y\n"
+  "ykuvQIutH6ipz5MYc9n0GWAzDjLq1G8wlcEfFXQLD10=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Cc/Y22KFvxXPXZtjvGIyQdjm4EMhXVXJEBwt8PvK7qlO1AgiVjEBPkUrTQQ/paLQ\n"
+  "lmeCN6jEVcZ8lNiVZgzRQ/2mTO3xLBPj26UNSDuouUwZ01tZ4wPENylNYnLKv5hg\n"
+  "gYARg/nXEJiTVe9LHl99Hr9EWWruRG2wFQjjTILaWzI=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+/* Onion key has exponent 3 */
+static const char EX_RI_BAD_ONIONKEY2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKP1kWHsH/BZhNSZmn0FyzIrAHtMl1IVPzc7ABbx+kK+IIEMD9k1fy2h\n"
+  "AP2JTm2UmJDUwutVxPsxmndI+9QsRDpu33E5Ai4U1Rb6Qu+2BRj43YAyg414caIu\n"
+  "J5LLn6bOzt7gtz0+q69WHbnwgI4zUgUbwYpwoB7k0dRY97xip9fHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGHAoGBANBKlyoqApWzG7UzmXcxhXM4T370FbN1edPbw4WAczBDXJslXCU9Xk1r\n"
+  "fKfoi/+WiTGvH7RcZWPm7wnThq2u2EAO/IPPcLE9cshLBkK28EvDg5K/WsYedbY9\n"
+  "1Gou+7ZSwMEPv2b13c7eWnSW1YvFa64pVDKu2sKnIjX6Bm0HZGbXAgED\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "cYcBOlapA+R4xq3nn5CjpnzNXdDArMlHuXv4MairjleF1n755ecH8A/R8YIc2ioV\n"
+  "n/C1TACzFVQ12Q9P3iikVOjIXNxYzaz4Lm/L/Lq4sEOPRJC38QEXeIHEaeM51lE6\n"
+  "p6kCqXcGu/51p5vAFCSiXI1ciucmx93N+TH1yGKRLV0=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_BAD_PORTS[] =
+  "router fred 127.0.0.1 900001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANVi/MVWhzT5uo3Jxw4ElS7UGmA24dnckdkCLetMhZOcE9e9mg4WcImL\n"
+  "NuBe2L/9YaL4PFVchCGlq73phKG6yFdqJdjDV8Qh9MJdAYWW2ORrjRvCrspPaYPN\n"
+  "BGJrkD2Gd4u3sq7f26TIkzmBx0Acd/FD4PQf8+XOt9YYd36ooS4vAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALtP4cIpAYp9nqo1ak4SxALcndFw4o51U36R4oa+uJS/lYQPHkMMOj6K\n"
+  "+AVnj9sxkDJ1POaU5lsCQ5JPG1t+Tkh7vDlJb6RCUy25vJOuaQCb9GVVY7KQTJqA\n"
+  "E0fU73JdKACNjMlbF36aliQhrG4Fq2Uv+y7yp8qsRxQ8jvzEMES/AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "xzu2T+pMZtdsS5q1cwXM2hMIH2c8mpAV31G2hKIuiQRwtPD1ne4iJsnoVCXhFakd\n"
+  "QTq7eTXM174fGWyIT93wvQx/Uqnp29dGZp/VaNOsxHFdYVB4VIVqkBh757h+PSJ+\n"
+  "VNV5JUm4XQ1QbmniJGdTQp4PLBM++fOXMR3ZNd6rt4o=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_NEG_BANDWIDTH[] =
+  "router fred 100.127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMCG/ZCXNCF02uXRSCP7qWBN75jDMQZ363ubnQWhF9KDDNWWiwj3UiZR\n"
+  "zqsM4zKRgjtarWZvp2qxKABFAODd+j9iq5DvUGRbbXv+aR8TT/ifMtwwxHZQBk1F\n"
+  "1hbsLdwWzGIiyz5k2MVhXnt6JTlklH2hgT++gt9YTHYKxkssaq5TAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM3vk/4kOTB1VXrve29JeHOzNUsPwKruBcjxJf+aatxjf6KO2/RW41bM\n"
+  "gRYq9V7VAYeZTsbS727fy03F5rk3QIBhMJxm9FHatQ6rT/iEDD4Q1UZQsNtm+OLf\n"
+  "/TkZZhgfB3MiDQ4ld/+GKd7qww8HXTE+m/g1rXNyZPKozn8K7YUHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 -1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "bUBBZYZWqCbsH4/7fNXtC/HgIZNGOfDF9v4d9YfKaDs5xDYf2o67hRcwx5imhrgC\n"
+  "IU7n9AI4AGxkFoN6g3Y/t4pqebxdkF678rRDCtrlwwreAiUktgrwnetp9Tpo16xj\n"
+  "V7Uf6LcqQdvu78lRh1dsrY78sf7sb90vusFMPLXGUKM=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_IP[] =
+  "router fred 100.127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMtMrM24AJpJCevxnseIpRlSuAIMksfkfky2+noe7Rok8xn6AMQzMrwx\n"
+  "AiCJ8Jy4DBzIKUiJK4/y1FimyM08qZGR0xeqblCxZ1lbSiXv6OYxoaD2xmWw8zEP\n"
+  "Zgu4jKReHh+gan1D+XpAbFNY0KrANhjRo96ZZ3AQsZQcWBiPKCynAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOPclmBO/amw1RWTSI1y80qY/EPjc0I+sk9HKr0BQOovxqJ0lmy9Gaue\n"
+  "y+MOejQ9H2hNev0nd7z1fPxEogt7SCe22qJHHX3xDf+D9RpKsvVzDYZsk7hVL7T1\n"
+  "mwHzuiV/dtRa7yAMp7+q0vTUGesU2PYFYMOyPvz5skNLSWrXOm05AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "g6besL/zxOp0N6Q5/7QZgai2kmCU5EAWJlvZrf5jyrjKhsv2a4LDkap07m9QRFqW\n"
+  "GGe7g5iiABIqnl0kzv7NLX7ah+d/xxv+IILXyZfVTxSw0e+zFb3uPlQ7f9JsGJ8i\n"
+  "a+w8wyyDBpOAmi8Ny866Cnp9ojVzCyIErUYHFaPvKao=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_BAD_DIRPORT[] =
+  "router fred 127.0.0.1 9001 0 bob\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANKcD6DJ16X3yvdq05jatdwgjO+hyoIpckW9sV/OkdfIZwf+S6Q4pZGC\n"
+  "doMw5XeOM52gjpx42kUp6M2WlTGDFEpaNU0VyeZYG/M1CM1xvfj3+1PoebioAGdf\n"
+  "GuhNBCHZdaYNiOGnh9t2GgUomgpE6njdS/lovSrDeTL469hfcUghAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANWeGHig5wE9UijaNnEW5au3B3hZKSlzCi+T6MYDPbbYhm8qJaVoXUXF\n"
+  "EP1EUgzDcX3dPEo9upUA1+91GkjGQCo9eOYlqGib8kHIwKnHZK+hernBc/DnOeUp\n"
+  "Wyk9SW5s+fi12OQhr3NGjbSn76FMY9XU3Qt7m3EviTwWpI3Jr5eRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "t77wEoLjyfMf9LKgBfjveosgwvJ8Go0nb27Ae3Ng9tGtR4qaJQfmwZ5fOOuVU9QC\n"
+  "3s8ww3aY91KD3NTcN3v3FKngxWtRM8AIfwh4pqT3zW6OSP4+nO3xml7ql0Zf6wfj\n"
+  "TPFV2941O3yplAsmBJ41sRSWizF04wTtZAIgzY7dMLA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_NAME2[] =
+  "router verylongnamethatnevereverendsandgoesontoolong 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL0mcUxg7GJ6oxgciLiBCbo+NuZ/OVKRrERCSM6j6iHERcB9+ciSRgQ5\n"
+  "H6o6FUX2LoRmHYzBk1x7kIjHa9kx9g6CAbBamdZrQbdVnc1y2NrdHB/jvwLj3C48\n"
+  "PgzFIrLg9OlkuoWck/E+YpPllONfF65e0+ualgVjPgpQpXwmz+ktAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOgHvvTAxyjJtHx9W2X7aOI05H9sYDDY+sxhovT/8EpAHrioex54tsMT\n"
+  "ifgtoXTjGIBEOTDi/1ry39nEW5WPbowqvyzRfR2M43pc96WV7e1nhmD/JrnTYgtR\n"
+  "5/15KxcMJxoDhod7WZ/wlXBnHc2VevX8JTaeOe9KYORCj5iNbtVZAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "j/nFT5gyj20cLHWv94O1jmnqy3n6qkO8Av0OdvvfNeXsMK2UHxk84vzFvEwpUF/Y\n"
+  "i+VR3LXY4CjTpuliMtjt7BQGtmJSvB8W0CeIUenIGzfwDxW9dG2o7spDldKDB/OU\n"
+  "C1wyHvKaA6Yss/02RIDa4AxyjsfbgdJ91qK+aAnYAtA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_BANDWIDTH2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALQDCm9VEopiYILmt4X9kP6DQazfgKnLXv+6rHbc4qtmvQQD3TVYbxMP\n"
+  "F4sEUaz+YHAPnomfDVW3a0YFRYXwDzUm1n47YYCyhUzEaD2f69Mcl/gLpKdg+QOy\n"
+  "boGB1oD4CStWL3y05KhxxTNiTrg+veMzXTqNwryCYm+GoihIAM9fAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALYHwdx6bmYy09AW5ElN/DWh0fHh3mBK97ryiIMi8FImYfzbw2BR6xuT\n"
+  "aQT5omqS3PNJJcNWZt5gOyDtA9kLh03cch7t1PenXSYJshbME2bDrZDJKVJMN6vV\n"
+  "B1v/9HjXsVF50jBzZsJo3j26XCPT5s6u9wqUFWW09QR3E/1HInHVAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 -1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "p09ijyuvcW+WKRj4mJA/nkLCvZkRcMzykAWheJi1IHCoqhXFdkFLiIRqjaeDVHRr\n"
+  "zBtD+YCQiGvFcaQJ9IUhh7IleHcyyljmDYlvuBAxWiKvVZstJac0kclCU4W+g8yK\n"
+  "0Qug3PmGKk115x2TllHaCZqMo5OkK4I/WAsKp+DnJ1A=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_UPTIME[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMM0Nubr1VXQ/FcgIQTFxZpZDlAEh2XN8FoJ8d+X5S46VDGijmMoYmyN\n"
+  "oLXqMTGmOaR0RGZOeGLgDzeY8tLrfF821IjfkXeAANZibUjdsHwqHO3wlWD2v+GN\n"
+  "0GBocWXEdAp/os229mQQKgYAATJ0Ib3jKhBdtgm5R444u8VX5XnbAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMpyOr4kEtSTZw4H9eSkH2+WmwIlO4VBpY2HkPS00l6L5fM2REjt50Xi\n"
+  "lsNOz8Q6mAn5cMYmsGlv61kg01mCvYc7Z715jGh+1hhVAxMaNS3ED/nSPnslyjhq\n"
+  "BUm51LhYNHD4ktISIqPMurx6aC8B68UYgKzLgCYNzkathFXSBpjRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "uptime forever-and-a-day\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "NHYeiQOu0nZdrhSy31Xz4F0T6OTU23hPQDzoLax1/zq6iTVrz9xi3HGm7HhOMW1j\n"
+  "YgFGK3+Xm4iJL+DwriunsAIuL5axr3z2hlmFDQHYItP//KyPpOqSrfEOhwcuj/PE\n"
+  "VbWsiVYwz9VJLO8SfHoBeHI6PsjQRQFt2REBKZhYdxA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_BAD_BANDWIDTH3[] =
+  "router lucy 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAO6HrITQTEjV/v/rInQ2REmCFZa4dZg8zIh6+B51U/I6hDiZaKGwpNey\n"
+  "9OfjoRqT2DwyLEe3ORm9A2RAz2twLBixrpt5IvC0sbGustmW964BHW7k9VvRupwl\n"
+  "ovujHpLIj5dkLxD15jGXHoTp1yHUVk9NkMGN+ahg6y+QhTbIrWbRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOEpciJFXauEqs31GMTUTzu6edBj9WtV+sIflhGKvU1KKRfwCgOcuKMx\n"
+  "QiLHHD9AjhMAFGT/qtNbPFkzfYxHKLHw+NLJsxmNtdkYM26FX3ButPiX+69sq9fI\n"
+  "PCHqQy6z/A7hHwtEk6niWgK2PLhAZCg9duAv+mqFVXe2QEBjax/lAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 electric\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Jk0Xk1RMJSjEflNRcp4qznaHKcfe2r0kOc7TdLAnM8zyNDVj6+Bn8HWmyp/oFmf6\n"
+  "xtWKKgkKxriAVIJgqZMchPbr9RuZS+i+cad++FCwpTVkyBP920XWC47jA3ZXSBee\n"
+  "HK6FaoK5LfmUm8XEU9BVhiwISXaUfTdkR8HfzugFbWk=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_NTOR_KEY[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKYDCSr0Jh9d/mJKjnGYAHKNBcxR3EJk6GGLwKUrRpN8z/aHRxdWlZF2\n"
+  "lBml6yQNK/VPftcvOekxrKq3/dISrIFBzFYj6XHNtg31d09UgitVkk0VfRarZiGu\n"
+  "O6Yv55GSJ9a3AZDE4YmIp5eBjVuChyVkeDFYKVn0ed4sj9gg35rjAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALXdUQuq1pYHyYP0qU6Ik+oOmwl0eOsuwiLWf9Vd+dsgEszICX4DRWPx\n"
+  "syDxfxyA/g9FEPvlI7Nglx6cKe2MT0AutSRLbbML4smfuRZNIF35Cnfu5qTGVVzL\n"
+  "GWVSA2Ip7p+9S9xLhLBdc6qmrxEXCPL6anEhCR4f8AeybXAsz2JLAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "ntor-onion-key s7rSohmz9SXn8WWh1EefTHIsWePthsEntQi0WL+ScVfjdklsdfjkf\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Yf9axWyzPudnRvQstNdbtBYo7pGpUEIdECMGcJtFb6v/00pxk4Tt3RiOKa84cOBV\n"
+  "7V9NjOLdqlx88pGz0DNCJKqToIrwjZDeQ8Q1yi9XClLDkC32fQRX4y6vNBZ3LXLe\n"
+  "ayVrdRrb41/DP+E7FP4RNPA5czujTfs8xLBMbGew8AA=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_FINGERPRINT[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM0wDWF2dBLzsmoIDHRugzosCSR9TSvEE0TkvKu6+agfogGtkQJwQ5zO\n"
+  "sGzZbRR+okO7d+QCED2i3rUs1iikoMUT+pwgvOm8Bxg9R64GK7fl9K5WuAiG11Uj\n"
+  "DQAfSx5Fo30+rhOhe16c9CT7xJhj//ZKDbXUW7BrJI8zpuOnvgD5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKACg1nWM/WjpUiGwlLQsY3Tq1h0RTz/HmOMx/6rTRxS5HLz0KnLg5zV\n"
+  "dvmfhxqQVKBkt1N2+y+qO7x71oFzIsFMfHYWSxOCEo8Nkff1BqAPqxxUHvM0HwJo\n"
+  "d7lswJ/UT1j4+WZNZ4sFIujsIW2/zZqKlxG9xaw0GXJ082Cj9XkPAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "fingerprint 5555\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "mlqyJ/ZGBINKwSNEi7GpNBCMqIVbL0pGAOBYHJF1GbRlU28uRyNyeELIxIK5ZIet\n"
+  "ZzKr7KPvlBxlyolScPhTJfP98TFSubrwYz7NnQv0vLI0bD0OyoBf/9/1GYlzgTso\n"
+  "3mKfnV7THUalpxe9EjQ/x61Yqf26Co0+jYpt8/Ck6tg=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_MISMATCHED_FINGERPRINT[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANUAvwbpGbsAyA+mBwjFkvurtRzdw9btDqNKtPImufIE+q+AFTaCnwPr\n"
+  "kA7vm/O6h6OhgfdYEC2GfYJfwPGM7MDuz+NnuKxUb3qb2DQN2laqow6qWs9La/if\n"
+  "oHKUjC5mNeAgHcbWapx9CygwaFeVW6FBPl6Db6GIRAlywPSX+XMJAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANlSGd+Vm9nLiUk6zgu8dPnSFfw4F0R2GYfmzncIGJWtRFTF9ThW/0av\n"
+  "/9vZAWyVBjjtnpAP5R1BzdJYV2RwimC/6tqoHtkSbCBhdq5Cb/EHG7Xgb8KwNWVJ\n"
+  "NV1EESDwvWnRfSPGTreRw9+2LkdXri17FhDo2GjRxAq/N7YkLK5hAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "fingerprint CC43 DC8E 8C9E 3E6D 59CD 0399 2491 0C8C E1E4 50D2\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Y8MwYBeEfMhoAABK/FgpVRYolZ7jQ2BJL+8Lb6i4yAuk+HeVmPKTX7MqQoekUuin\n"
+  "/HdPKP+g/9HPMS5pCiW4FMwnXAF0ZocPXF0ndmsTuh0/7VWVOUGgvBpPbIW6guvt\n"
+  "sLLQ3Cq9a4Kwmd+koatfLB6xSZjhXmOn7nRy7gOdwJ8=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_HAS_ACCEPT6[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAJfPJNA3zZ77v2nlX2j5dXImcB/NhRtkG8XQgF7z+3H17sqoXgBgZ1dq\n"
+  "IbyJmAy2Lrvk/8VkXNFrT5/ErThn1B98V/PsJOOW1x7jGcix6X4zDYn/MvwC+AxA\n"
+  "zNP0ozNcVZ6BzVYq8w4I1V4O3Cd6VJesxRVX6mUeSeNawOb7fBY7AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKBzfB4mDEJjFTnmtqZxDG8G1yAiccVgAtq9ECEREL/BOQyukixUBeBe\n"
+  "j/FgXzbMJ7DZAuopuJZU2ma6h14G63fZs7eNFceDtmdLpuCOsFuvJ5Mlkf3hDZ1u\n"
+  "1KK5q+tiG7MKxgnGrqjPBUO2uubs2Cpx0HmsqBNUalXd/KAkFJbXAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "accept6 *:80\n"
+  "reject6 *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Dp9dLgs9s5beMPxfD0m96as9gNBvlmKhH1RQ/kcOKscia4R8Q42CnUtIqLkCdjOu\n"
+  "zErc2Vj9QzjKOvlqUqHxP+J+l+ZJez6F+E1tcmK/Ydz3exL8cg9f4sAOCSXcpBey\n"
+  "llTFDibz6GkQ2j3/Uc4bN/uLzoyZKunpJbSKZP5nt8Q=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_NO_EXIT_POLICY[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAK4fbjTKYqv2fygfjzY53sVTdtbNMjq293/uffKKxFYnOVvPzrHlP6Go\n"
+  "2S19ZcyDxOuH1unbBChPnV0GpxXX6+bgfDkaFh7+jef0RQ3fpJl84hSvdM8J8SCt\n"
+  "Q/F4Oqk3NeKKs+zAHDjhAU1G4LkF9/SZ9WZVXlH4a4pf7xgQtaShAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKahvyDkmh33ob/bLVO1icgz2ntOZN6ZQUfgpMU4Cd6DQtOEwFUGhbVt\n"
+  "gvtMHv2+VbxM31ZfUsyBqJ1rJBLpOqlPvSoYwSac2+twa+w/qjfGqcJYhBjP9TV9\n"
+  "n9y8DzBX85p6vRcCzcuZ4qUJ2nRzdLHwjdgzeLmmCHuPO2dQxQhXAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "ntgCtMC0VrsY42dKts8igGQ2Nu1BpuzUltisIsJz75dDx2LCqTn7p4VpWbTrj1sH\n"
+  "MRNOvEPFxVMs0Lu50ZUGRzeV6GrHmzIRnOIWanb3I/jyrJLM0jTIjCOLwdMRA298\n"
+  "tw8Y9Hnwj4K7K6VvgU8LP4l7MAJNfR6UT46AJ6vkgL0=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_IPV6_EXIT_POLICY[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKHJKLHqjYoW9M+1q0CGHJRT5u2CnZWb8Qr1DpLkkusQ6ru+cDAG12so\n"
+  "IpDQh7IyB2JosVJi9ogekYxJ3O1p5WlFUi0X19DMoer9FJ9J7/3s4enGJ/yMBeuu\n"
+  "jLVRkjMJhsfhj3Cykon+8Rrf520wSmBg1dpJQCXTwtb7DARgYRpZAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPJH61Ir6XSu9/Q9tXGaINbXO1GWQQUXtwh6TX9lxnaCNDLGnxiY+ZZw\n"
+  "+Vqj3LAQoMrz1PpPsF5e0VIxok10Vc8y4cWC+kIitcecut4vWC5FYTtVVP9wtlyg\n"
+  "YCcVOVhtFQxtLiGqprl84+EVxrR7RQVCMLNDUXIgxAfdnS24eBPDAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "ipv6-policy kfdslfdfj sdjfk sdfjsdf\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "XWorzVT5Owg+QcsBtksiUNtpQQ5+IdvbsN+0O9FbFtGZeaeBAbPJ3Poz+KFCUjZY\n"
+  "DeDAiu1cVgODx2St+99LpwEuIBx78HaD8RYU8tHx8LoA+mGC43ogQQS9lmfxzvP5\n"
+  "eT5WXhkOS5AZ8LZOCOmT+tj/LkSXev2x/NC9+Vc1HPo=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_FAMILY[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM62QoRxSPnm+ZM4fv9p03Qqbz5SzhXYSNjKWqylBruaofTw6oIM8DtX\n"
+  "7QnrEe/ou/WtfB+swV/2rt/r0EzmeWBWuDmuSUrN5TC2AdOi9brSJMgXVW6VW77X\n"
+  "fuIlLd5DVSId2zs3cKLDqp36CUsooA9sS6I5HrvW9QDf3VS3pGBtAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANg1trpnRzkCi4t4Z4qnBKF612H5A3Zrjg7Jo2b3ajUnON/KEuLPTc3t\n"
+  "PPN0W4qqeCMmVQEuxf3DRbTPS20ycy4B/JDWYfxCNwuj5YAx04REf7T0Hlx7Aee/\n"
+  "sHEQBhIBfasA2idhTh3cAm4DMYn+00BqjxF6jmyRA0hyntEABabrAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "family aaaa,bbbb\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "xOgP3liKF/WEvwbbGzUUVRZ5WPrOI7jex8pZU/02UEnHjit7vCf9fsUcvkeo0xjz\n"
+  "n3FQHIO1iAJS7dEaEM4nz6wtPUb2iXSU9QajkGBkJ9/V7NHMFIU3FGfP47PIJJkd\n"
+  "nz5INoS+AsE7PmnDjUMm1H45TCCl8N8y4FO6TtN7p8I=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_BAD_EI_DIGEST[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAJ8Sn8AxBRbeIAHUvaKjqmcYOvXz7YFlpYFiVHp/cn+l+KUkIYTOFQXf\n"
+  "K8AtwjmJ4R2qJIbNlY/6oZGFbizt/B+WPuWsTj+8ACEEDlxx0ibg3EJRB8AZYiWv\n"
+  "0zC/loiUvHm6fXF5ghvDr9BQzEUo9kBk5haoHwROtGawr1+vOEiNAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMzok3ZJtLjXOC8RKltXI8xulwn/ctCvQFHImR0+ccA1uBxaZNYgiIcc\n"
+  "q8XngROfV8xEgDbYPiWiLXJOMSwOd7hfs3YzRWF+LKftYs8PuRyMJcCoBjOPZ4QX\n"
+  "HRfTetEvu2SijZMby+lkqpZg2nuF/ipsXUjrabRZdNiIGhC451vdAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "extra-info-digest not-a-digest\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "c/6zAxO04izQvqdM4bZVGE+ak0nna5pz9XZizFkieZEDWGzWQuVMhXyL5sbsFbsx\n"
+  "6Hn7DvNRYR/2nA0teDeRyIHMoMHi76te5X9OFDgaeUVCbyJ8h/KZYfPnN86IDbsR\n"
+  "dCSmj9kX55keu64ccCAH1CqwcN/UsbplXiJJVG5pTfI=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+static const char EX_RI_ZERO_ORPORT[] =
+  "router fred 127.0.0.1 0 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMc4MOhLG3PKPgc+xYVf4eScWzeOf8wq7Cb/JxZm50G0LuvVbhHtHEZX\n"
+  "VOSHI7mLE1ifakJvCFJRLobMU7lU0yhn18/nKl2Cu5NfFHHeF/NieUBSxBGb2wD6\n"
+  "aM1azheXrRqvDVVfbI0DLc/XfQC/YNiohOsQ/c9C6wuffA4+Sg85AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALBWdl9/Vft+NQKQlg5kgvZo+krnhNTRVQojWtUEzom4TFIT+NNKJyMG\n"
+  "reQXcNdzNptTB0aOBGGwqAesqzsZ2Hje699NsDe7hdl7Sb5yhKDqtdQY6yDXJUFt\n"
+  "zqpAUkmYMLe2p3kPiWefNso56KYXrZrlNAiIS/FhQ5cmuMC2jPydAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "gFg08P9A6QNQjURlebfdhU3DSV0BeM0j2SFza1jF9JcBOWDRmT8FvYFK1B3js6jK\n"
+  "8LNV8JOUssv14z5CnUY9CO1BD0xSl+vGlSS4VOXD7rxui8IoWgnqnZsitq+Qzs95\n"
+  "wgFKhHI/49NHyWHX5IMQpeicg0T7Qa6qwnUvspH62p8=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_MINIMAL_ED[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf5iAa+2yD5ryD5kXaWbpmzaTyuTjRfjMTFleDuFGkHe26wrAQAgBABFTAHm\n"
+  "hdZriC+6BRCCMYu48cYc9tUN1adfEROqSHZN3HHP4k/fYgncoxrS3OYDX1x8Ysm/\n"
+  "sqxAXBY4NhCMswWvuDYgtQpro9YaFohiorJkHjyLQXjUeZikCfDrlxyR8AM=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOsjlHgM/lPQgjJyfrq0y+cR+iipcAeS2HAU8CK9SATETOTZYrxoL5vH\n"
+  "1BNteT+JxAxpjva+j7r7XZV41xPDx7alVr8G3zQsjqkAt5NnleTfUREUbg0+OSMV\n"
+  "10gU+DgcZJTMehfGYJnuJsF4eQHio/ZTdJLaZML7qwq0iWg3sZfBAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAK9NjRY7GtAZnlxrAZlImChXmGzml0uk2KlCugvju+eIsjSA/zW3LuqW\n"
+  "wqp7Kh488Ak5nUFSlCaV9GjAexT134pynst8P0m/ofrejwlzl5DHd6sFbR33Fkzl\n"
+  "H48zic0QDY+8tKXI732dA4GveEwZDlxxy8sPcvUDaVyTsuZLHR4zAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key 71DgscFrk4i58O5GuTerI9g3JL0kz+6QaCstAllz9xw=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf5iAUVMAeaF1muIL7oFEIIxi7jxxhz21Q3Vp18RE6pIdk3cAH5ijeKqa+LM\n"
+  "T5Nb0I42Io4Z7BVjXG7sYVSxrospCOI4dqkl2ln3BKNuEFFT42xJwt+XGz3aMyK2\n"
+  "Cpp8w8I8nwU=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "lAZwD6YVic61NvJ0Iy62cSPuzJl5hJOFYNh9iSG/vn4/lVfnnCik+Gqi2v9pwItC\n"
+  "acwmutCSrMprmmFAW1dgzoU7GzUtdbxaGaOJdg8WwtO4JjFSzScTDB8R6sp0SCAI\n"
+  "PdbzAzJyiMqYcynyyCTiL77iwhUOBPzs2fXlivMtW2E=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 Oyo/eES+/wsgse1f+YSiJDGatBDaiB4fASf7vJ7GxFeD4OfLbB7OYa4hYNEo5NBssNt/PA55AQVSL8hvzBE3Cg\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "wdk26ZtS1H81IxcUThyirANLoszrnYYhOMP57YRAUDEzUr88X6yNDZ5S0tLl+FoT\n"
+  "9XlEVrpN7Z3k4N9WloWb0o/zVVidPMRVwt8YQakSgR8axzMQg6QhQ6zXTiYhiXa4\n"
+  "mawlwYFXsaVDSIIqYA2CudIyF3UBRZuTbw0CFZElMWc=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+
+static const char EX_RI_ED_MISSING_CROSSCERT[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf54AfsyyHhGluzfESzL4LP8AhFEm83+GkFoHbe1KnssVngHAQAgBABNzJRw\n"
+  "BLXT3QMlic0QZ4eG612wkfSRS4yzONIbATKLHIgyzgGiGl4gaSX0JTeHeGfIlu7P\n"
+  "5SKocZVNxm1mp55PG+tgBqHObDRJRSgbOyUbUgfOtcbQGUeVgUlFKWZ9FAY=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMqT7K8cEzWIaPNXbNgvoZ5ejavoszI2OjW9XXetPD/S2f+N7TfQXHBW\n"
+  "bnjpgj87gmk59w0OXTMCv+XofZ0xOy2YR/jG5l1VJIvqgJhhFJ8oSEGVzy+97Ekn\n"
+  "Lb1FEYuVfVxSxnU2jhHW6KPtee/gvuyRI/TvZuwmYWxLRpikVn4pAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM4nITNe8UykgsIuo5czSSSl3Okr1K+UVWTzDGLznDg77MkLy7mydmk9\n"
+  "vf51OB+ogQhozYKIh9uHvecOzY4EhSIuKhui4hNyQklD9juGoW7RVTSpGdYT1ymp\n"
+  "dDYS30JBPwCZ7KjdMtXiU8ch2WgbzYBuI+JfjwOhfcsuNC9QPfbfAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key lx8o212IYw5Ly2KbH2ua1+fr4YvDq5nKd7LHMdPzTGo=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
+  "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
+  "mjQFK4AtRwg=\n"
+  "-----END ED25519 CERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "cv1yL8HhQzQfjzkSosziu2kMecNUQGle4d103h6tVMoZS1ua1xiDpVKeuWPl9Z0+\n"
+  "wpFwRkOmK0HpNeOXCNHJwfJaWBGQXunB3WQ6Oi1BLilwLtWQixGTYG0hZ6xYLTnX\n"
+  "PdSQIbsohSgCzo9HLTAgTnkyBgklIO1PHJBJsaNOwfI=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+
+static const char EX_RI_ED_MISSING_CROSSCERT2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf54AXXgm0CUWQr+rxvgdIslqaFdBiwosT+9PaC8zOxYGIsZAQAgBAA6yeH7\n"
+  "3AfGIGuDpVihVUUo0QwguWDPwk2dBJan7B0qgPWF5Y4YL5XDh2nMatskUrtUGCr1\n"
+  "abLYlJPozmYd6QBSv6eyBfITS/oNOMyZpjDiIjcLQD08tVQ2Jho+WmN64wc=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMdyTK/VPZloLUaLsvj1+NOFs33/E9HmA0VgvZ1nNUrR+PxSR71QF7Tw\n"
+  "DKz+/p2rJE+MPfQ/Na3dH0vH4CDZ+FH2m4A8SB9emF8aKxdc/7KCjQNDQCNlEQYn\n"
+  "O9WvZJhbNPHUmX0z4OotI+Sk3qBzVHu0BGDsPYC9gwszIumDUILxAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL8o6CJiLfW4vdRFvJ2nFt/H/ei0ov83rilOuwSmNORmL9lvnHY++HrD\n"
+  "dmEEvBv74xqWJxGbJ6OQ3VOwRpf2X/cb4gAvsQDqDmNwpJsrPYRQVXp/KY/8z7bJ\n"
+  "dM4CjcsuJHHmj3yc3iCzgqt/Xr6vR24X4bee12/bP7R8IETvWoiHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key qpNEGrLMVn28Odonk/nDtZq1ljy0fBshwgoAm4X1yzQ=\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "i4RKGIeaUrO6nzfdtb6j+ijYJh1Vgc9bsHMpW9cVCOjoJKFW9xljgl9xp6LytviN\n"
+  "ppKYCt9/JflbZUZjny34ESltPGrdquvHe8TtdQazjiZBWQok/kKnx2i+PioRF/xI\n"
+  "P8D0512kbJjXSuuq9tGl94RKPM/ySGjkTJPevN4TaJE=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 pMAOpepn5Q9MxcV9+Yiftu50oBzBsItQcBV9qdZCIt3lvSFqFY9+wJjaShvW3N9ICHkunrC0h/w5VEfx4SQdDA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Du5fJYDzvEeGqKTJwgaQsJJgz39K/J4qEM2TZ3Mh0XuDM1ZWDtjyzP03PaPQqbJ1\n"
+  "FsN5IStjOqN3O1IWuLzGaZGpGVuqcyYOxjs7REkGQn2LfqCjpzjaAdcsL0fI4ain\n"
+  "o/in8GQ6S/qhsx8enKlN0tffTmWmH9bmmVz0+yYmBSo=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_MISSING_CROSSCERT_SIGN[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf54AfoVFYuJnDNBWbjbTqfXACUtXWPipmqEYC++Ok/+4VoFAQAgBADH7JzI\n"
+  "fjSMV158AMiftgNY+KyHYIECuL9SnV3CSO+8+I7+r9n+A3DQQmGLULo/uZnkbteJ\n"
+  "+uy6uRG4kW0fnuBlKhseJQm9hjNGWzC8hmebp1M+bxwG41EGI7BZvnTrRgM=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALEqlijoFIDX1y1i5zfei8DuDIsFtSw56PGgnMRGcybwD1PRQCheCUZM\n"
+  "erQgFCWjgLgvGJERBK/oILW1dFXp4MAR5RgnrPGTfWTinCj32obMLN1gIczpq6a9\n"
+  "P9uv6Cz0ApSxpA/AuvjyAZwQKbUXuMvIY4aTprAKSqqVohk6E+E1AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMZbbBjGV7xPri4XNmejq4add93p+XsWlsfbM930bcC2JZiwg4g4cq6W\n"
+  "idl8VDmCXeaWg5y3kb82Ch/Q9vPG0QYQbXxUA3JxQKKbcEK3QsEvqQh8Nb7krILK\n"
+  "YnSGAnLG2Nc3PnKb7Wpb8M3rAysC5O99Gq1mSfm8ntj3zlIM7NSHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key CYcpfIF4T9PJcfROfVJTUYl0zNd4Ia5u0L9eng/EBSo=\n"
+  "ntor-onion-key-crosscert\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf54AcfsnMh+NIxXXnwAyJ+2A1j4rIdggQK4v1KdXcJI77z4AMRc2LxiKbyr\n"
+  "fqRVynHuB031C4TN/HAlNPBjVoRvQRgzpiyyoyCqMDxLZdM8KtzdLLeqZJOXtWod\n"
+  "UXbYG3L70go=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "BRwRAK2lWxWGS49k8gXFHLEQ/h4k8gOQxM0WgCaN4LjAOilLHFjsjXkmKgttVpHl\n"
+  "f0V9ebSf+HgkpQnDSD8ittnr/0QaohUbD4lzslW4e/tQYEiM46soSoFft85J6U3G\n"
+  "D3D63+GmaOfIaa4nv7CD0Rw/Jz0zTuyEuARsdJIr1IY=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 7XfV5r7FXbXPEvrxlecWmAJxat/6VT+/4tE5cHrQnvLM4zslysstWH6/AfIfcmUuDlQ0watmfg1MvVnjavcfDA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "eigLL3S/oMGL2tJULt9bl3S0iY+YIxdKeGFCcKZci59zD786m+n+BpGM3yPpvrXr\n"
+  "bGvl4IBqCa1I+TqPP1rM9lIEcUWaBT7Zo5uMcL1o+zZl1ZWPWVVKP5hC5ehDueu8\n"
+  "/blzNhTEFAp23ftDK9PnFf+bXxqbgKkEoZsxnd3e9Ns=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+
+static const char EX_RI_ED_BAD_SIG1[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf54AR8QC+SNBpPOTVY198IQBANNwZjy+SBqQNxfzjEmo204AQAgBABjz4FP\n"
+  "zW/G+fu7YirvANvvqJeb7S1YYJnf6IrPaPsPRzDqJcO3/sTzFC5OSb9iJmzQAWnn\n"
+  "ADPOl+nOJC58XJnJ7CUJdPtyoVdMvUiUT/Jtg4RuCN1iDaDYaTh2VavImAY=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKuLC0kzCBTV6+WPZcAOQPKjqbjvMIyaehIQS1o90dYM+Tosrhtk3bw8\n"
+  "QBLMaiWL3kfIWPZuWi2ai40dmqAXMrXH3yBgKRNZ6zZSbUUuJ1IknqmrQ2PKjC/p\n"
+  "sIW2awC6Tq+zrZ7vntDb02zY857vP59j8eolTDg1Vvn6l2ieL+WhAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMnBQPOJBQLZ3NAa70n6lGZGvS3DYZFNOZ2QnHVeVvOSFIFsuvHtnUdX\n"
+  "svDafznYAuRFRVqJS2xtKKGu0cmy6ulEbBF+4uAEMwQY7dGRPMgVF1Z33U0CSd08\n"
+  "ChCJGPTE7tGGuoeSIGN3mfC4z2v9SP3McBdAiLHisPzaUjfRTcwRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key W8fUvBpKBoePmqb70rdJUcRT0NhELDWH7/BSXJtkXS0=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf54AWPPgU/Nb8b5+7tiKu8A2++ol5vtLVhgmd/ois9o+w9HAAPwWqmL0HXa\n"
+  "bYKrKPWQYnpQHQ3Ty0MmCgj3ABF940JURnV161RlN8CRAOJaeQ0Z8wBRLFC1NqLT\n"
+  "+GVdtewGeQA=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "x0vT5Wv7Guc0/Vu2BqomWwenh8oda9+8K/7ILi5GQL/WC29Tj51i0EE7PVSnSMJ7\n"
+  "33I/V+N5neauqWnbg7TxYaLsPfr6SpPTpBL1Xt0OiwT1//PvPYZ1gCcF3ig3KcfI\n"
+  "mreQd5C5Vri6ukWkMtz/zNDaDpDanzaNXTdaUXmFHF4=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Hci/Br1+NNymDZBmQy1QWMlCeLe8Z1vtZ2ZTj42jDhWg1OC/v72ptI072x4x5cmi\n"
+  "X3EONy8wQUvTNowkfG6/V/B768C7FYJYBId1GAFZZymXnON9zUYnE3z1J20eu6l6\n"
+  "QepmmdvRmteIHMQ7HLSrBuDuXZUDJD0yXm6g8bMT+Ek=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_SIG2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf54AW8fyx54c7vQQA/AmShAitFP7XI1CLdifEVPSrFKwYq6AQAgBAChqjVA\n"
+  "/wKKJZ30BIQoXe5+QMiPR6meNxF1lBttQ2t5AhauZbH5XzRhZkdGo114wuyPNEM9\n"
+  "PrBwp5akTtari9doVy6gs3McqdoIbRdWevpaGj5g5oOEOtA9b5UNWQSwUAs=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALp0Croi9zhpGxi9sUj54jr/flZdzxVVS+8VNldJG2c1soSx8kwlwotu\n"
+  "7mGGudJDAzDHGo5F5CCPEfQov2OmDehpefYUz/AaMLly6PrLRJlcUcpLogGf1+KU\n"
+  "1lLwE8kanXUkgvDhVQiFvNjy2Dxxuv3AHH4WdZZfbMbm8FJRGoHzAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMoI9vQT4g2sV2dViGOWOzxckk367T9sMjVwcYfJCmnixGxjWeKScQFB\n"
+  "K9v1uK73cfZR8AxiUGK4/iOX/9en14mJOGF7fftAqypFLAt1TBvb07IgXljOBoHc\n"
+  "Paw4oZoJQzEoazt0Oa181LyNnNIoaZpHVZd1+a1Gs1gKoM4xDBv1AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key KjyvXYkMcpke5ZsUYf2gZAUNeEoz8NAwYoQvvbcDGiw=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf54AaGqNUD/AoolnfQEhChd7n5AyI9HqZ43EXWUG21Da3kCAI6MRHm7GpCF\n"
+  "/3zDGR/6jKe625uFZX9HpLt6FgAdGSJeMQ9W4Np9VkrFXAB3gvh7xxRzSgZ1rXgR\n"
+  "lUomgi7N1gc=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "xJXvCCpP4ExBuT3OTsdn2HJB0HidupmQq5zBh8fx/ox6+047ZBOM7+hVxxWapcMg\n"
+  "PMXbcLD4L/FCBpA/rjnFUE/9kztdq7FH/rOdi0nB6FZWhwDcsZuyfvbnDTxz5iHJ\n"
+  "87gd5nXA5PE649SRCxW5LX0OtSiPFPazu4KyyBgnTIM=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "tk4kBNYqB8utOmX30HrV8YfnwBXYODIiL3M/juRS6nPn0uvbW7pjoZ3ck/ahgW+6\n"
+  "FNQsgTJnEADCWS1r6v7PcvzQjtrOUUpNxGJxYw1r8yZkvmIxSQD6GMzuTxq7o1VA\n"
+  "/wZYDLonLhCWRdPjxnrl12+z92NdyISJCHMLRVqs2QY=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_SIG3[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf54AYYiKZrFWZ/Cj5mZbfK11MZHYbwchllsUl4qPqY9gfi6AQAgBAB4irxT\n"
+  "86FYA0NbZssSTmfyG6Edcf0ge61OwB4QD35kHCrvuZk2HnmL+63Tj4QoFqIVnwVC\n"
+  "3wRGJGcmS7y+vS64GUXbuyTgqgpl/KuoHo5Aqe6IxJlVWYtU6W0M6FV9tAM=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMUEvXTVTl5xkQ2MTEsB4sXQ3MQkz8sQrU63rlqglpi1yUv24fotjzvE\n"
+  "oJpeKJBwwg5WBW/fW0bUDJF2cOHRHkj/R4Is3m+2PR1Kn3UbYfxNkFkTE11l099V\n"
+  "H6xlsi0TJOJKlgrcbSuB7se2QctZVhwsdsJvFRptC9Qd+klAPb7tAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMooTeSUX7GPoyklSd1/6cF1u8e2LbjOLIpZrMon0Xt7c/aNwlrG9rVo\n"
+  "TSokHs3AQ2H2XIceySVRRWR4AdX9KApO4CX0gGTuVUmq6hFJWMnHdAs2mKL0kt1w\n"
+  "I+YWzjUqn4jIVa2nMbyHVQWzIysWwWiO4yduIjAYpBbWd9Biew4BAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key BN0I+pLmFkDQD5iRsdkcped4eZwGIuXnLiX2K0Zoi2I=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf54AXiKvFPzoVgDQ1tmyxJOZ/IboR1x/SB7rU7AHhAPfmQcAOrIvaG/xJqe\n"
+  "adM6mai+FlV8Dbt6QrXTcNHJU1m+CUDthA9TPTAYz9D8W0mTEQ6KEAKGfQrNLy2r\n"
+  "G1B+9wWSpA4=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n"
+  "JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n"
+  "M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 abcdvEzGFYMcJ/Ea7sbessW1qRJmnNNo2Khkkl0rEEgtLX0b4L4MMhK/ktS52Y6jX3PRQWK5PZc6gjV7Jaldh+g0Aw\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Vyj7g3eQ3K4+tm49fJkAtsAYnYHcEiMnlucYCEPeKojzYStNfZwQO2SG5gsoBIif\n"
+  "urgQZ/heaF4uiGFg64UFw08doXqQkd5SHO3B4astslITvmq0jyaqzSXhdB5uUzvp\n"
+  "QCR0fqGLVS1acUiqGbRr4PiZ9G7OJkm230N3rGdet+0=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_SIG4[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AaEnncX/t0cbLm1xrtlUpkXghaA8fVuV7g1VF3YNfCaIAQAgBAC7Ki3S\n"
+  "zzH9Aezz5X4fbwHeF+BQEDfVasfyTxTI4fhRi7t3RxHzBJd60uEMXy2FchD8VO5d\n"
+  "j4Dl7R4btrohPVSVBQZuemBQSW6g3ufNl0txpFWu0R7vBPTFH6oyXYfY9gQ=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALGKwzhOui2/jJPjU1ngW5IZRPcoDk7RAfGDO4xaef4VfAFHCV9CQO1c\n"
+  "/wQ09CcRdggTvUcv9hJTGJhSObUUooCkxw4/35f/A6/NoW1Gi0JqF9EsQWHpuAfr\n"
+  "n/ATlJQ9oGdTCNDq/BXSPWXhoI6UhUe0wiD4P4x4QwaYHcZh+lE5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOKrizVm2h5/jE/HqqLCBLWJZVVoGspasCtDDqHhSqsPzyjpqa52iMKi\n"
+  "q/deJ92le3J2NJRGKxPmPQqWxwhIjnMS5kUMoW182iLpO/G9qyPZ0dh6jXB0NBLF\n"
+  "ySfW6V2s3h4G4D2P+fqnsnzQnAX7YufkvgDau/qTWi2CqD0CjavDAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key A9h8jY9dPbhHTDbIc/NYWXmRP65wwSMrkY1MN8dV3BM=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AbsqLdLPMf0B7PPlfh9vAd4X4FAQN9Vqx/JPFMjh+FGLAN8xr/w3KFVi\n"
+  "yXoP/az6hIbJh0HYCwH8D1rPoQLcdpe8XVwFSrHGarZesdslIwc9dZa/D1dx3OGO\n"
+  "UhJOrdv51QY=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "bLmdO7ME5vq+c9y/Hd8EyBviMBTeo85sHZF/z6Pehc3Wg3i1BJ8DHSd1cK24Pg48\n"
+  "4WUrGTfonewuzJBDd3MLkKe6epXmvUgvuQN5wQszq1+u9ap/mRf6b3nEG0MHxMlO\n"
+  "FLx5MBsScuo+Q+pwXZa8vPuKTtEjqbVZivdKExJuIX0=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  " router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "LqNGEa10zwSPeomBXTfgvBnnWAdWyiR7KYZq9T++jK4ctR6hUaWngH8qSteUrkMx\n"
+  "gyWb6UMmlxdfOG0sdcU463HsqV7zObaKya8/WwQ9elj3FfsToswUCeOaLR/Rg7wC\n"
+  "zcUjI5VsneQoXT2WVZbZBLsLB3+7QfezVHRMB377GAY=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_ED_BAD_CROSSCERT1[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AV1AfOvQWKlWsbzoBdJc5m72ShIJuA8eNV15basjhXYdAQAgBABy+KQK\n"
+  "3oLDGtqL5kwRmjAsls/+C6SAoAALll7U7wNSH7en5RVBal4RUzCf57ea/KG0c9V8\n"
+  "2DmZ3PdOt2aY/M2bWGmmH/tyyapOoV98dhDwFU7zcx/pMfRnJTDRSDwl8QE=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMP6xbqbj+x1mq5XImjeT0rUzqKZTgBd5zvK4Xcy9IifJuFC9+mMzrY4\n"
+  "WhYbdClxKUkDMkit9MVhek+P/w5TSHKl6AuqGaO09ID+hZpoUSdoBUYktynxfGsx\n"
+  "kIDu0XvgtAeSyJaVvoV1SKVChY0IBbzUqbHt4O2Q1BhzFCKEJTEzAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANwWlBh7e/eSLlhto5YUdj1iGYOq+yAmlosDItVfYrSPJuUfM2ocMBAn\n"
+  "udbRbWiADoqsbKn/gwwHCC/f1HX2FkRXxxnOlJKLo+NEi8tGmOlcQXSQol1pCpvK\n"
+  "sA9TxtYr+Ft4LRpxNrexF+pIBxqzwetqQrZbKYr0CFJi8q1qlMynAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key cs1AP+xF5cXTLuKeOeItdoDAzfALTJkwk9lB4mtC4QI=\n"
+  "ntor-onion-key-crosscert 3\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AXL4pAregsMa2ovmTBGaMCyWz/4LpICgAAuWXtTvA1IfAKo6ANUq+hi+\n"
+  "xb3J4aYafnszlj87oi/DR+SDf29wzwNw8gmaqGzJ5GbfISfABuTUCzlilZyVnLxi\n"
+  "BHcCH6PWiAQ=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "qC9Kph/kGtONR2DxZDoIFFgnDFC+/7H07EgCiYQdIFIROc+gGK9qBOgeFEptrkXF\n"
+  "XdE35xxox5xSASQvp7hjFwxUtJRGOtf2O98regqeeaz6O9VPXHkLf51uqX3bVgq8\n"
+  "KvFAsFFS66GxhtbrVjpyRgIwHAYvse1WVESfLuZZTn0=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 3uW8Q1aetIQLOsqSco128ZUaHlhqdYiBvrxV7x75BGNS5RzIMTEwYDNtEX1LNPFJ5N0YOV0HEEOLhrJUV9QCBA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "WuD7S/saTYBxKvItITbHRi8n+e6g/oVbosicfbRbafYPzPp4Prb+RK03UTafzXrV\n"
+  "QEQIzDNhfePcIMH8qX+qrogLMXFqiXx6TVQ0GqNvqirokk8ar3AgtRtewhChAuAj\n"
+  "8pmQTj2JpZn/iB3PCE2l/93O9LHZfp44hc8QOWKs6BE=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CROSSCERT4[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AW5TTGF9jCMl7aALZzqypD9Bj8WYnAPIrKCoIJdgMbY0AQAgBAB7eCn8\n"
+  "rukx7t/egZUdqU7+FYqsnO4wdmOkLZkp0+gpF3jjk6N1Q0037NNVNZBjONB0Nm2F\n"
+  "CpB3nWSJliSSKr5tOYsuBPFy5VVGYeKPakpOoxanQ1UcqevMBAQy0zf9hwA=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALeS5YbeDuKQ5iiuUvh3REoyJ47/YU9lslWmTrVBf9b66pMnYJv/awPu\n"
+  "m2HredUAJ3VzwQ38VJA39w3fQXUhQDnQ0OPpKzeAmIiuG+6WdW/mBSK7uKcezC23\n"
+  "LA1d6Afyl79LjZz/n+ENXqNMlJk4QPcPHuRnAvwBl3t8YVRPJmxhAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPprokY7utWuO/0252dBB5MCxmVD/dROaIBDyFtpdH+YVv04rkOlDzYD\n"
+  "W4mgHVBMxEm/cspTgQmJ4exRHJPpcSe1RYHt1ONZdLYr6D7OOWf0y1IUrVSzF6K4\n"
+  "lqlmNuH1H4+TKGbkvixYc5GU/2ZmAy6gFEuphYnBbsN2Ywc38mnfAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key Cgo6xniGfEiuYoLSPUdE4Vb2D4zj2NQzC1lRjysRRXs=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
+  "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
+  "mjQFK4AtRwg=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "bi4M/AJLZF7/vSNmOj4uhrgKBQA/KfcZy5e58mhGL4owxd9vaWfl3aelvb9jf9zN\n"
+  "Q7FMv8f9aXzeVIoXIpRJxSKIJgBtG2wnMumIc80pqBvTyGInharszb6njfm0bg1u\n"
+  "PfJkbQYyf/dA5l5UwCrjFs06ImDmjFTAdsSWf6DfZ/k=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "io16v+e0pK3sbFzPGnkQrAjrRgIOJHrVZ1RXcxZ1+UNXagWM/MOLhQpkU/cw49Wd\n"
+  "4rQeZD3JQh16330eXbxc97AyDgp0b30He846SI0MfW/DnmGI8ZNeYfLbMv2bmbs9\n"
+  "QULzyIH8C+5mnMI1arcuiAua+Dpa34F79vgqPuvw5fU=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CROSSCERT3[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AVB+j+B2yPgGywvp7nvejyhMh9ejKmw7LCwufV83Zl9eAQAgBAConA3B\n"
+  "jJ3X2tES40jd94rRUFS2/s/Yv7E4LEQ9z0+jz8horNivzK3O/t7IGxJggi+b41/9\n"
+  "Uaqt+wqtVuKj0xJ9jwBlCXFt28G2P9s4ZyXYgGZqo7MlJlboybnOMvmoTQA=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPWuEWckT4aYAVNrZzLA8xVwfXp0wzfXeTWBztLS8VzssN6w/+cwXdeY\n"
+  "N1YNc2DiD3u8f+7kmuZIqL1EFQUwTvRwEzQXm2dqGM7qkm5ZGNMb5FKu+QwO2ImI\n"
+  "FLNiO5zO/LqP3cf/2L8/DuvruLenUrhRtecGFaHmhDYl+2brHIiPAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMtHTfk0gDvp9+PtIG8Ks7rgCiJZ2aihSvr6WaKHYuIprgspFuga98cg\n"
+  "D//J80CrgH5Dw68YnkG+gU40IxP7YzhQ4glFlJGu3s2y7Qazcv5ww1XtHur+GDoA\n"
+  "cY0zCLhltNQFxIsoVUepY97XA6Y2ejYJjyqNXQcAmoPNoVhnTdkhAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key ibZf57LptdOK3WpVFXkYMatEEqPhuVWxsnkwF6638V4=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AaicDcGMndfa0RLjSN33itFQVLb+z9i/sTgsRD3PT6PPAEbkxCdI/bH/\n"
+  "B06DAjRuoDiv1HKsGuW+UN1iGEiWu2ieFzf3m0Z7BL9p2u2zIbHYkP50b3T3sebD\n"
+  "1AksemmMdA0=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n"
+  "JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n"
+  "M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 XS4zVi46Xl3xKhuozPCDlW0QRFD4qUhJmkefonQNsRlMVsrPkALnP2tfnfdfTc69hbNa22pOjJNf6Gm505EnAw\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "Q+R3OpO8VhfvFbXuE5qolhVbgosBHy2A5QS91TMzCbsxa8pBA6Li4QdPR37wvdLq\n"
+  "KayfmmNCMKU5qiZMyXqJZm4fdpxiSi50Z0tYlXM3b2OVfza3+pSOEBl89fN6G4Qc\n"
+  "pAmM14eEo1UzXrqZw76tMS2CwOYF5vR2xFGCYC0b5hM=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CROSSCERT5[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AaCfOaispi7dJhK0c8HXJHIwoBkMgRpmmHu+3Zce/soMAQAgBAB5bAIo\n"
+  "5i4TSY/bV2KQAyziRwvgJm+nEiECClflPbP9Um+zOzOgxtDmNnR5UFQj+VWNG4uf\n"
+  "5lnaryN+PfUXZMTcs8AARof3fFz9tVPINHDrsGvKt8gpzgZEHkVioAXOFwg=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL3Fr/ovZ9SMGYrAM24taKBm/NpemZaXdD/JeBXFYm5Zs3szLwJC4Etm\n"
+  "zjNL6tVy+I21O1g3cs16TkflcidsjPXNx//PHAn7bqWMekjrt3SQdkHW2gDPgT2c\n"
+  "zYJ/hBR96JYG796jP3pkfJz6Iz5uT/ci3A/cdaVbzM1uZbMUgYGzAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMHB+1dWa8BBrKE94vTqfbkSEuysG5LyyZF/WrqHq/3W+ocDLz795k8O\n"
+  "2Zvgr9im/Ib4hD7IyrtRexcuBdwujdG7cBALdCcWiUTGAMkl96HNETSX+lUVIpJ9\n"
+  "pMsc9O7+yz+/0Cl2RpILZCdE/7I96qHpZl3tzlRKSu15WeIm5U77AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key GXi0a2VLcRHQMMYys85zu3IPqOn5ZTsOixYyQvTGnQs=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN BUTTERED CRUMPET-----\n"
+  "AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
+  "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
+  "mjQFK4AtRwg=\n"
+  "-----END BUTTERED CRUMPET-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "T9NHMBhuJo+TlfU3TztNgCc9fK1naNRwPOyoqr5R6lJvJ40jkHnIVOFuvuzvZ35O\n"
+  "QgPbyFcMjv6leV5xcW+/I9tWaBUFXiRGI27qjCFth4Gxq2B6B2dIcQliLXSvW9b+\n"
+  "CMTgDwVa4h2R2PMh18TRx1596ywE09YhCgBF3CwYsiM=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 sRpiP9kyW/DGOphp4V2VCtcKNA8i7zGuv2tnljNIPTB7r7KsTvdUk/Ha9ArRQEivO4nC2HHENtknDl3GtWIPCA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "DtORw3+gO/yUUIp70xDaWSOgQZrJAAoZTNCB7q5WCoZOngeaCiC1Gtc+Fmdn7tER\n"
+  "uPqQC5H/Kh3Mi82PCj0JxvNivnNTNY1AZVaIX5YoioXVOkWF0B2pqMvFuDSdm2oJ\n"
+  "29PqSVcklquu19EjJRTopIHvYn3sFhQL4LarMsYY11c=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  "\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CROSSCERT6[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55ARMMCtQ8pObC5bq02AUE9Lx2bqsZBBkeOsDZVaEq6JavAQAgBABtV0xF\n"
+  "CsWXL/uFIBnoEsnXBeU1MvYRFrj1vR7QHdWXnxywXvBYUAC8lu/uyc8qqLp+aQSJ\n"
+  "5JzpDYlg3hp1fl5k97iv5F9WrR6s554YpmgYy9agFaxZ4LmRgz7n0UJ8mwM=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAO5qd1TndKD2pEs1ZLWsHlvfO/E7cA0H7NKGLSioGpBf4P0rtkueX4ci\n"
+  "kJNa/4Fn/QsLECqEF2lUjkIc8YL+HMS6qteKvN8+nn16DfvnIhPDNZWTJjLl1bOI\n"
+  "sWSSiduhanoWQnhRtl3Rxg3opdNd9ApO0DLUNy4Qy18Ai6SgksfHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAJkMYNpK7eJJyGwD/xG/iNg6gzzbIwrOSvmtoP7Rot42qtBiQ9A9kdsy\n"
+  "sazwkWkM93U1+1OaAADPYxeHoyHnuia95Cnc5y2lFSH3I7gnGGSPKSTwXtdyvDWZ\n"
+  "P1LbmQ4Bnh5leTCNZ/eFC4/GjNVzqHxjbb8a11dQhA8dOk8PrUq9AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key HdSQOqvLr4YnJE1XzzVIddgKgnjaHKJqnq0GqF4wXDg=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AW1XTEUKxZcv+4UgGegSydcF5TUy9hEWuPW9HtAd1ZefACVwif1deQry\n"
+  "K5GeemRa32sGzujVDDe75WRiPKFT3l/EtjTq3oeVq2xwbVJklnG3ASejKTr3YcHt\n"
+  "ov0jOl0jywc=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN NAUGHTY MARMOSET-----\n"
+  "BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n"
+  "JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n"
+  "M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n"
+  "-----END NAUGHTY MARMOSET-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 lNY8TRX/FZdH5eFbsBkFHuRi8bPDsE5P+v7zExyD/IXnKS/ffYlP8qw1XIPdEDOIzGQ14+kyPX0SotaAqHRtBA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "BHamS+epF77iozo5cBt+tbs22m9GhwY55DRXpEWAtvn67jsMnmn7qCOLONigK1RT\n"
+  "adZNezIydcCxXltgHTdKaZw4lcqv3s0KL8kI8frbBmm7PjXtWnrdXBYY+YK54MN/\n"
+  "t4N3162o9hzzKSwye0gPjgzpQ1xtEIkzWhBcmE9Vw5s=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CROSSCERT7[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AfVmH2ReTyatl4VnS5YREtCM2dwikWuAPffq6M5bysZxAQAgBAAXoqE7\n"
+  "taqwLDXLZrZukpF1eBkCwYQK9uzctHTuMdqOHChguvkfX7V4H3O76Ayqvz+Z1ut1\n"
+  "KYRdgiArn3viRaBv3ZKT4Z75suMI3bjqGOSGLAKfOa0uLkOmKblHHhSUkwQ=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOLNugzUezzzw+N1SuQWzILJYkUJyQDoVXSZjT0dzBplHCjlrv0WZCUP\n"
+  "/pbonE7SlCChIovHcdiASaLj7MVaGgYDq3M1Vtgt5vhgGl10/+evBAD1QEt8AVfr\n"
+  "5+PH/sbZvOWucAhNUhOlqFKAn4vdRY39VEEXC5/Jz5fsk1E/DBu5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKxzg1hsYMS+0zAIrgYxSGO0GbKRrL/VhdlMEGu7ACaoqlGnmGQS3B4B\n"
+  "gLk8xDdx9N//8+YTx0hUIxP38w08lubPl1WXMq8s7wAiFd06Nklf65mHs0sXVtS1\n"
+  "EG3f97PQqmBpEJOwYBATNcA9e6F62P8SXNkpSjOzNaE0h9wHNKk7AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key msdr3O4W4bm/xdmZLzj35363ZSFex8yQxLWsV3wRCAQ=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "VQoABx54AU3MlHAEtgPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
+  "Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
+  "mjQFK4AtRwg=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "RJJRiU0vjVtRi3bVZru3aTvV5l56X/WOOp/ii316yPAS3aAMpOm1+piFVR5MNqcB\n"
+  "ZGyrA2Kx0hawdL2buU47iZ12GOCi4f1Es4V4N0TQgJICsKX38DsRdct9c1qMcqpp\n"
+  "1aENSRuaw0szTIr9OgR7/8stqR5c3iF1H5fOhmTi6xM=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "F3ZqvsyL6RRhPEnNFFIZY4WJM7LK082rseWzRkGNXjwoEwOWUK8enQ4Wjit+wozW\n"
+  "4HVIY1F+vP7gm6IiOEAFgEpB4C8FGuyoFw2q0ONA2tqTcvBJDDnqbx08FO7v2Dij\n"
+  "d3ucfc5gf7YNaoFCMMuyAzC56eyNk4U+6cSKy6wnJds=\n"
+  "-----END SIGNATURE-----\n"
+  ;
+
+static const char EX_RI_ED_MISPLACED1[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKT6OIN6TsDB+xcp1uLeE0K3aiHGqa7hdxMBGpvcD0UFSyzpVv1A/fJa\n"
+  "tClDCwTpfTGbyK2L7AO75Ci0c7jf6Pq+V7L6R7o12g6WBTMrgsceC4YqXSKpXNhi\n"
+  "oudJyPfVzBfKcJUSynv89FUQOyul/WRRqWTfv0xUsJ3yjuOESfCNAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AbBV9NVz0Hdl0Uiv87LiXaTAoeSXE+bheNG4Dju1GzQHAQAgBAD16h+T\n"
+  "ygzSgPN4Qat5ITthvm+lvMwMVGbVNWMxNy9i33NGhgp8kqMp2iPAY+LhX8It2b+X\n"
+  "8H9cBmYLO5G7AlMPj7GsuWdCdP/M/ldMvFfznlqeE3pCpRas6W48CFJ+9Ao=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANMO/MepK3uCkKTLRCwIWc/8URVza2gEmDx6mDTJIB/Mw8U8VRDuu4iJ\n"
+  "v+LL3D8/HGLvT9a8OXbl5525Zszt8XueF3uePBF0Qp0fjGBL8GFqmrmFe6plurPJ\n"
+  "TfrS/m3q+KhXAUowmghciVGDY0kMiDG9X/t/zKLMKWVDYRZk+fupAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key I8yDO62Flx5O/QsFvgb2ArIRqwJLWetHMeZdxngRl2A=\n"
+  "ntor-onion-key-crosscert 1\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AfXqH5PKDNKA83hBq3khO2G+b6W8zAxUZtU1YzE3L2LfAGC1uXxN2KwW\n"
+  "w4PqRidM1UPZ5jVOHceZYNQcTzzzArfBpr9OraOO2up4TGte8GVqjJNxrZc1gfjn\n"
+  "CwPW5WxpFg0=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "jLg3D3VO4i0sN8p2qtB6+5C3tai/K4M89mP7z2abQnUTbynOacPoNXIk4o64DjBJ\n"
+  "kaR42yfA7yQZ8Rj8abwgz0Zz6zbd+JjE+s/EklrEEtOl+jZAl3i+92FaHROJojXq\n"
+  "hw+ZEPOb9zgb1UQ7S1Fo+GoqA5bdGm/Wg1kSQielkNE=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 TRKvIl/wIIRD4Xcmd6HYmy7tD0KhVGgoStpWPtX0zmXGZ7+jugItrY0frDu9n82syiruuA45ZOs1Rfi4CbOSCg\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "NYpRfurB1YhFmDAdRc2Sd77S7By2V/0kgEHpJhtySb7efiQsyOA4ZBr1zEFPAXdp\n"
+  "TviKzyS9kN2fnz3hORoqFul33BDZbiLMNLtt5tzp62TYtmIg9IZdjjczbJUgbVLt\n"
+  "KCJL0vM7fdbXkZX61GIBbMYwzwIiHvVxG7F/AS5RbtE=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_MISPLACED2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55AfJo9FIePrxeDNnWT6SWkoz0/L27018XjUNWEHfaR06MAQAgBAAMgolK\n"
+  "nLg3ZnVv0skzHCfmX+ZR9Ttwj7FNXfhXCsyr860S79OW5LD0/m1GcS9JflWhP+FO\n"
+  "ng5cRb+aqNc8Ul+/4sQudZRx8w4U3d5rOuMGCqhQXnktH9AFzQHFq0jpAAU=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPeK/znKLRvSUmCIUiZOgfhiRFt7XGN//C2GFuey4xkKiIr9LWMuVe9m\n"
+  "Wx39Ea2UGEtNGCEVvZdJMDVRl7heFTfJTN4L1YeyWx6iNRWlpAmgQOKII7slHwlq\n"
+  "seEULOLOXc9AsU/v9ba9G54DFbHfe2k44ZOwEmaQZW5VF/I0YMMdAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKFRzlrqPPxEW0nboAJ1qzKFb/vFtvRW0xNVb8RtbOY/NY5FV1hS8yfH\n"
+  "igtugkrOBmWah7cmJhiON2j+TKeBxEoXwJMZeyV+HLbr7nY/mFhad4BQ3Frkl8d6\n"
+  "1kQMhOJswMdwnnVHPNGUob4YAX0SpFA6MpBVj92zmMBeaihqUS9VAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key br8svioLcJCAQxoo3KvlT288p8rb4lQIZNLlplkIKkw=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AQyCiUqcuDdmdW/SyTMcJ+Zf5lH1O3CPsU1d+FcKzKvzAG9XqwmRm0uJ\n"
+  "E49NoHcWr9IzdIwSGo+PJSkVpk95a5p2s065BetCWxEEBJQniajQf2hZ36zmV9rq\n"
+  "a6puqkEAKAM=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "d6QGIVAJL5JjHUyV+aicLIdBYyxHwviKpPcp7uldRF8vfDGFpu0qFgJ5KT+3t36w\n"
+  "QY1r75bvUMG/ZzGKDg95dcK0X2AK6GFlcrYyCoQEVOsuPc1QEUeK9P2s7viNQE4V\n"
+  "tRwG/CvJhPfcnxErzVGfXIeYRL1r/hPNFDZSeSxPPM0=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "router-sig-ed25519 ts9pFk8PnDWtXgQad09XC/ZCbruSx1U1pNOMWF9fyoNG0CodxdDH9Vglg+BOS7Nd9fmsINfPWKCVdVuSSM7zCA\n"
+  "reject *:*\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "YMl6mpQm7UCsPQhZKMm0aZ7fzGevWzRbQO+de20HTn7fVqMWQf2hBDJe9QTN/uDK\n"
+  "/VKYT8SnIBexbrSMy1N5q8kNFKxxUtwA9GRtz620Vvc4m+lz/tnT9qucIKCDL5iJ\n"
+  "eRpnls0JoAMIHKl99zdUioYubmOZuqUaRAdT8ulWy+Y=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CERT1[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n"
+  "Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n"
+  "dZToQTFSzAQ=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM4o2DrTwn3wrvUMm41S/hFL5ZtRHGRDh26o8htn14AKMC65vpygKFY7\n"
+  "fUQVClAiJthAs5fD/8sE5XDtQrLnFv5OegQx8kSPuwyS/+5pI1bdxRJvKMOUl2Tc\n"
+  "fAUhzeNBmPvW3lMi9Fksw5sCSAKQ5VH/+DlYvBGZIO49pTnOAty1AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMzIsJeEWWjN3Lp6qrzaJGn8uhJPJyjy2Wt3sp7z7iD/yBWW6Q7Jku3e\n"
+  "C5QfKmSmNi2pNjS0SqPjqZZNsbcxpq/bEOcZdysZG1lqi/QgxUevk57RWjh3EFsG\n"
+  "TwK3ougKWB5Q6/3m32dNsnnnDqzVapgZo7Zd3V/aCo0BVtL5VXZbAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key W28nwT/5FJ818M78y/5sNOkxhQ7ENBhjVhGG2j6KvFY=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n"
+  "Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n"
+  "dZToQTFSzAQ=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "FWnEjvFob0ObgqohMT7miwGsAuioCT7Urz6tyWaGWph/TP9hbFWj4MPK5mt998mn\n"
+  "xA8zHSF5n/edu7wVX+rtnPrYPBmg+qN8+Pq6XMg64CwtWu+sqigsi6vtz/TfAIDL\n"
+  "mypENmSY32sWPvy/CA8dAZ2ASh57EH9a+WcFModpXkM=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 88YqJdGJS4O6XiUCNrc9xbOHxujvcN/TkCoRuQQeKfZGHM+4IhI6AcXFlPIfDYq0SAavMhVmzsDDw0ROl7vyCQ\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "cU4WDO3w9ZfVRbNUgxOQMbwS2xWXvaL+cZmIV6AAjAZVWkLEpif4g6uYu+jJUZOS\n"
+  "NUT7lNOMwTu4tE4b1YJpnD9T8iW0DlOXxlvRBMQYmKwhQuYk898BDGTSk+0AY0HJ\n"
+  "vv8wRVewDajNhW7tFY907IdHvPXG0u83GANxkYrRyUg=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CERT2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN WOBBLY RUTABAGA-----\n"
+  "helo\n"
+  "-----END WOBBLY RUTABAGA-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANZvqyqFeiekh8ApqIGK4ZtOqjaX87EzDestvAWwamVOXiPoUrzXgM3O\n"
+  "l8uuTnMA4TfnjLyyA2TnaMzJylOI1OMHuW/D9B/liWDstSxWNNIlKgLQ/Dh9xBS7\n"
+  "uQb2PYlI+iMkPKPyJQSTDdGHE7cdFPewUfhRtJU3F5ztm/3FLBFvAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANZl8U/Z8KCPS7EBDzt8i9kNETXS7vnp9gnw3BQNXfjiDtDg9eO7ChxY\n"
+  "NBwuOTXmRxfX3W9kvZ0op9Hno6hixIhHzDql+vZ+hN7yPanVVDglSUXcr31yBm5K\n"
+  "kA+ZnRvH3oVQ97E4rRzpi09dtI13Pzu7JS5jRMtH+JF1kQBoNC0dAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key lUrEL+TVXpjjHQ2BIKk34vblyDmoyMro1a6/9hJ4VRc=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55Abm5E7FBdd3F8N1xuz/vdv03zh2lABrmGjzPQ3AFJtntALNeQTgjv0JL\n"
+  "jON4+SPNi0B2Bva3yKaSsdxiHQ1rIwQqIUVkzXmmX4jmsvJK/9gERAdD7GafTKZQ\n"
+  "BaZbNXBvmQw=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "OxkqFsw1vHUQ9iPYcKC/MHUBtbLPK6JY2i81ccAai2eW118UXcTbeCRccrXyqSkl\n"
+  "RLcooZyli1D6wg9x7O8+2+HXIbUa6WcTOD1Qi7Z9wKZfk4sDUy7QHKENMRfAXwX3\n"
+  "U/gqd4BflMPp4+XrYfPzz+6yQPWp0t9wXbFv5hZ9F3k=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 fW6Bt4R3xVk5KMDyOcYg8n5ANP0OrQq2PQFK2cW0lTAdi+eX+oT/BeWnkrn0uSWOC/t4omCmH4Rdl8M9xtpfBA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "DHxiQXuLxZR0ylqwUGGePgN4KF4ItlOV/DuGmmszCO/Ut0p+5s4FP2v6Mm9M92Wj\n"
+  "75rS9xF/Ts0Kf49dvgc+c5VTvhX5I5SwGQkRk0RNJtNoP0t+qXBHaFV8BlAeaWF6\n"
+  "Lg3O+GUK325fQv9uDPCe37mFQV9jafAzsZUrO/ggb1U=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_ED_BAD_CERT3[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "BVVVnf55AW5TTGF9jCMl7aALZzqypD9Bj8WYnAPIrKCoIJdgMbY0AQAgBAB7eCn8\n"
+  "rukx7t/egZUdqU7+FYqsnO4wdmOkLZkp0+gpF3jjk6N1Q0037NNVNZBjONB0Nm2F\n"
+  "CpB3nWSJliSSKr5tOYsuBPFy5VVGYeKPakpOoxanQ1UcqevMBAQy0zf9hwA=\n"
+  "-----END ED25519 CERT-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPgeQNbKwpnTU+qW/2djh66hptS9rcy1B4vdyWkDTdREao2ECuCv691Y\n"
+  "oIw3MpTWvpC1qHIKorunusR0FKgwXw3xQTikXbDq/1ptsekzoIA1R/hltQV3UuGH\n"
+  "zdzHuQXAMX7Fdll2gyya03c3Yq5s+xSDvGdkEeaIoctKjwxp4SdNAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOzWuH4cPW9rIrfi8MrruMUg4IUVHz4BxfY4/szMIUvzeEAdHn4FYkWy\n"
+  "Vt7MDtUELZsmZeFNmkn72kLxnrdZ5XhxZBriq1Fzq11cSWRBF+SyE1MdcouY4GyG\n"
+  "drw6T8xb8ty19q0eO6C/gw27iqXPAp1clvkroLg6Nv9lGZvsedVDAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key /vYZ+9yLqG7yUnutoI57s96JBl36GTz0IDWE244rbzE=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AZ4zVBWP/fIYEgWmyj0WpO6CkXRJjtrWXtiT02k3IddiAMpYgMemGIpN\n"
+  "xj7TQRULsHHYvo4fLcKrSgndQbUUhfLTUuVhIzbnE2TBLMVOEkpxKU6mTuvTT/3h\n"
+  "MJugrwTWVg4=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "c/Vqu3wtsTsYMdnhTS9Tn1Pq6jDmH4uRD5WmbaCKKrkin2DjuYSMVpypndkdlZDE\n"
+  "He7uF7SUO3QG/UcRIXYOsg9MSLUmvn2kIwef8ykyqlRh95Csjo5DyattUhL2w4QF\n"
+  "tJkJBQAnXWaAVW1O8XimGCAvJ84cxbmZEcpN6WKjrXI=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 Ue7bkPpOoc8ca7cyQj/Vq3BP5X4vwLA5QmpLGw/WfRNVRPojJRxU3RVqWMi3JbsJFRTe6pH6ZHyXER33G5aAAA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "ifKUtbxmqHVs8A0oT5n7Te0c6D/XqWQTc0RxX9OKGspzh6wNX26h0Xa2vpK1Q9Zu\n"
+  "sj61I7vbHuZN6rxiWs9IzJgb//XaNJasX1pd9tbGSXW+yYzc9G9kaa7vp3HcnhIP\n"
+  "XVWzzS8WmOiVNGcF65j6f7yGloTgN7cHMptgJG7pWes=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
+static const char EX_RI_BAD_EI_DIGEST2[] =
+  "router fred 127.0.0.1 9001 0 9002\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf55ATrK8IVBWLO2yXKCqXLXJOTu89W2b+hREPO+tCrxjVqWAQAgBACG/vVx\n"
+  "NK8wKVZvf34d75ZObSR0ge1N2RrAIKNslNXBq/tcllIrNE4S0ZNcMpA+hxXoVFeo\n"
+  "jbxifYX7nTs5N3GrGPmkiuo82v2X6ZwoIXJGFnvWMxCjsYsUVDDxoT6h/w8=\n"
+  "-----END ED25519 CERT-----\n"
+  "extra-info-digest E5FAC29E766D63F96AD175069640E803F2723765 99oo\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAK9wHSdRalxkuAybrSCA3dlEC1ZGc7oHOzXRGLg+z6batuiCdQtus1Rk\n"
+  "LP821eZJtEMAE56aewCIHDcTiCxVa6DMqmxRjm5pfW4G5H5QCPYT6Fu0RoYck3Ef\n"
+  "vkgits5/fNYGPPVC7k8AdGax5dKj5oFVGq+JWolYFRv6tyR9AThvAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKxjxTQ/T/MHpFbk7/zwA7l5b3IW3yVcyVe6eIGFoYun8FI0fbYRmR4M\n"
+  "G5Asu07gP9Bbgt3AFPuEqrjg4u+lIkgqTcCgKWJbAgm7fslwaDTXQ36A7I1M95PD\n"
+  "GJ10Dk5v4dVbrqwoF7MSrQPFtMO91RP11nGPSvDqXZJ4XpwqwdxpAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key LuVmHxpj4F5mPXGNi4MtxbIbLMav6frJRBsRgAvpdzo=\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf55AYb+9XE0rzApVm9/fh3vlk5tJHSB7U3ZGsAgo2yU1cGrAKBcSzwi4lY/\n"
+  "salCELOLdeZzOjDNnBd6cKp2WJg7Yz5zFlbVbyNk0iwfGmucHk8vQZe5BS0Oq/Pz\n"
+  "B1u/BcJv8gk=\n"
+  "-----END ED25519 CERT-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "QsAQVdDVHtasDbhrZG4ZxImdTTMY7fz3vouAiGyZx6/jCCB5v0gHwTn4xo6pgLEW\n"
+  "LQfMhQZIr76Ky67c0hAN2hihuDlfvhfVe9c2c5UOH1BOhq3llE3Hc3xGyEy3rw7r\n"
+  "5y38YGi759CvsP2/L8JfXMuBg89OcgJYFa27Q6e6MdQ=\n"
+  "-----END CROSSCERT-----\n"
+  "published 2014-10-05 12:00:00\n"
+  "bandwidth 1000 1000 1000\n"
+  "reject *:*\n"
+  "router-sig-ed25519 5zoQ0dufeeOJ/tE/BgcWgM8JpfW1ELSXLz4dI+K8YRH/gUtaPmYJgU2QfeUHD0oy1iwv4Qvl8Ferga7aBk1+DA\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "D6KRMwkb6JmVEnpZ825SD3LMB84UmVy0i94xk44OwhoWNKLXhaSTWJgf6AqnPG5o\n"
+  "QrCypSb44bYLn+VaDN5LVUl36jeZqCT4xd+4ZwIRdPOUj7vcVmyUDg3lXcAIk97Q\n"
+  "E5PrQY1mQuLSIjjKInAR2NRBumNJtRw31Y/DTB7tODU=\n"
+  "-----END SIGNATURE-----\n"
+  "\n"
+  ;
diff --git a/src/test/fakechans.h b/src/test/fakechans.h
new file mode 100644
index 0000000000..fa0e37dbe6
--- /dev/null
+++ b/src/test/fakechans.h
@@ -0,0 +1,26 @@
+ /* Copyright (c) 2014-2016, The Tor Project, Inc. */
+ /* See LICENSE for licensing information */
+
+#ifndef TOR_FAKECHANS_H
+#define TOR_FAKECHANS_H
+
+/**
+ * \file fakechans.h
+ * \brief Declarations for fake channels for test suite use
+ */
+
+void make_fake_cell(cell_t *c);
+void make_fake_var_cell(var_cell_t *c);
+channel_t * new_fake_channel(void);
+void free_fake_channel(channel_t *c);
+
+/* Also exposes some a mock used by both test_channel.c and test_relay.c */
+void scheduler_channel_has_waiting_cells_mock(channel_t *ch);
+void scheduler_release_channel_mock(channel_t *ch);
+
+/* Query some counters used by the exposed mocks */
+int get_mock_scheduler_has_waiting_cells_count(void);
+int get_mock_scheduler_release_channel_count(void);
+
+#endif /* !defined(TOR_FAKECHANS_H) */
+
diff --git a/src/test/include.am b/src/test/include.am
index fba439a616..7d80fdf152 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -1,14 +1,54 @@
-TESTS += src/test/test
+# When the day comes that Tor requires Automake >= 1.12 change
+# TESTS_ENVIRONMENT to AM_TESTS_ENVIRONMENT because the former is reserved for
+# users while the later is reserved for developers.
+TESTS_ENVIRONMENT = \
+	export PYTHON="$(PYTHON)"; \
+	export SHELL="$(SHELL)"; \
+	export abs_top_srcdir="$(abs_top_srcdir)"; \
+	export builddir="$(builddir)"; \
+	export TESTING_TOR_BINARY="$(TESTING_TOR_BINARY)";
+
+TESTSCRIPTS = src/test/test_zero_length_keys.sh \
+	src/test/test_switch_id.sh
+
+if USEPYTHON
+TESTSCRIPTS += src/test/test_ntor.sh src/test/test_bt.sh
+endif
+
+TESTS += src/test/test src/test/test-slow src/test/test-memwipe \
+	src/test/test_workqueue src/test/test_keygen.sh \
+	$(TESTSCRIPTS)
+
+# These flavors are run using automake's test-driver and test-network.sh
+TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-min bridges+hs
+# only run if we can ping6 ::1 (localhost)
+TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min
+# only run if we can find a stable (or simply another) version of tor
+TEST_CHUTNEY_FLAVORS_MIXED = mixed
+
+### This is a lovely feature, but it requires automake >= 1.12, and Tor
+###  doesn't require that yet.
+###
+# TEST_EXTENSIONS = .sh
+# SH_LOG_COMPILER = $(SHELL)
 
 noinst_PROGRAMS+= src/test/bench
 if UNITTESTS_ENABLED
-noinst_PROGRAMS+= src/test/test src/test/test-child
+noinst_PROGRAMS+= \
+	src/test/test \
+	src/test/test-slow \
+	src/test/test-memwipe \
+	src/test/test-child \
+	src/test/test_workqueue \
+	src/test/test-switch-id
 endif
 
 src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \
         -DLOCALSTATEDIR="\"$(localstatedir)\"" \
         -DBINDIR="\"$(bindir)\""	       \
 	-I"$(top_srcdir)/src/or" -I"$(top_srcdir)/src/ext" \
+	-I"$(top_srcdir)/src/trunnel" \
+	-I"$(top_srcdir)/src/ext/trunnel" \
 	-DTOR_UNIT_TESTS
 
 # -L flags need to go in LDFLAGS. -l flags need to go in LDADD.
@@ -16,83 +56,163 @@ src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \
 # matters a lot there, and is quite hard to debug if you forget to do it.
 
 src_test_test_SOURCES = \
+	src/test/log_test_helpers.c \
+	src/test/rend_test_helpers.c \
 	src/test/test.c \
+	src/test/test_accounting.c \
 	src/test/test_addr.c \
+	src/test/test_address.c \
 	src/test/test_buffers.c \
 	src/test/test_cell_formats.c \
+	src/test/test_cell_queue.c \
+	src/test/test_channel.c \
+	src/test/test_channeltls.c \
+	src/test/test_checkdir.c \
 	src/test/test_circuitlist.c \
 	src/test/test_circuitmux.c \
+	src/test/test_compat_libevent.c \
+	src/test/test_config.c \
+	src/test/test_connection.c \
 	src/test/test_containers.c \
+	src/test/test_controller.c \
 	src/test/test_controller_events.c \
 	src/test/test_crypto.c \
-	src/test/test_cell_queue.c \
 	src/test/test_data.c \
 	src/test/test_dir.c \
+	src/test/test_dir_common.c \
+	src/test/test_dir_handle_get.c \
+	src/test/test_entryconn.c \
+	src/test/test_entrynodes.c \
+	src/test/test_guardfraction.c \
 	src/test/test_extorport.c \
+	src/test/test_hs.c \
 	src/test/test_introduce.c \
+	src/test/test_keypin.c \
+	src/test/test_link_handshake.c \
 	src/test/test_logging.c \
 	src/test/test_microdesc.c \
+	src/test/test_nodelist.c \
 	src/test/test_oom.c \
 	src/test/test_options.c \
+	src/test/test_policy.c \
+	src/test/test_procmon.c \
 	src/test/test_pt.c \
+	src/test/test_relay.c \
 	src/test/test_relaycell.c \
+	src/test/test_rendcache.c \
 	src/test/test_replay.c \
 	src/test/test_routerkeys.c \
+	src/test/test_routerlist.c \
+	src/test/test_routerset.c \
+	src/test/test_scheduler.c \
 	src/test/test_socks.c \
-	src/test/test_util.c \
-	src/test/test_config.c \
-	src/test/test_hs.c \
-	src/test/test_nodelist.c \
-	src/test/test_policy.c \
 	src/test/test_status.c \
+	src/test/test_threads.c \
+	src/test/test_tortls.c \
+	src/test/test_util.c \
+	src/test/test_util_format.c \
+	src/test/test_util_process.c \
+	src/test/test_helpers.c \
+	src/test/test_dns.c \
+	src/test/testing_common.c \
+	src/ext/tinytest.c
+
+src_test_test_slow_SOURCES = \
+	src/test/test_slow.c \
+	src/test/test_crypto_slow.c \
+	src/test/test_util_slow.c \
+	src/test/testing_common.c \
 	src/ext/tinytest.c
 
+src_test_test_memwipe_SOURCES = \
+	src/test/test-memwipe.c
+
+
 src_test_test_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
 
-src_test_test_CPPFLAGS= $(src_test_AM_CPPFLAGS)
+src_test_test_CPPFLAGS= $(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS)
 
 src_test_bench_SOURCES = \
 	src/test/bench.c
 
+src_test_test_workqueue_SOURCES = \
+	src/test/test_workqueue.c
+src_test_test_workqueue_CPPFLAGS= $(src_test_AM_CPPFLAGS)
+src_test_test_workqueue_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+
+src_test_test_switch_id_SOURCES = \
+	src/test/test_switch_id.c
+src_test_test_switch_id_CPPFLAGS= $(src_test_AM_CPPFLAGS)
+src_test_test_switch_id_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_test_test_switch_id_LDFLAGS = @TOR_LDFLAGS_zlib@
+src_test_test_switch_id_LDADD = \
+	src/common/libor-testing.a \
+	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@
+
 src_test_test_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
         @TOR_LDFLAGS_libevent@
-src_test_test_LDADD = src/or/libtor-testing.a src/common/libor-testing.a \
-	src/common/libor-crypto-testing.a $(LIBDONNA) \
+src_test_test_LDADD = src/or/libtor-testing.a \
+	src/common/libor-crypto-testing.a \
+	$(LIBKECCAK_TINY) \
+	$(LIBDONNA) \
+	src/common/libor-testing.a \
 	src/common/libor-event-testing.a \
+	src/trunnel/libor-trunnel-testing.a \
 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
-	@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+	@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ \
+	@TOR_SYSTEMD_LIBS@
+
+src_test_test_slow_CPPFLAGS = $(src_test_test_CPPFLAGS)
+src_test_test_slow_CFLAGS = $(src_test_test_CFLAGS)
+src_test_test_slow_LDADD = $(src_test_test_LDADD)
+src_test_test_slow_LDFLAGS = $(src_test_test_LDFLAGS)
+
+src_test_test_memwipe_CPPFLAGS = $(src_test_test_CPPFLAGS)
+src_test_test_memwipe_CFLAGS = $(src_test_test_CFLAGS)
+src_test_test_memwipe_LDADD = $(src_test_test_LDADD)
+src_test_test_memwipe_LDFLAGS = $(src_test_test_LDFLAGS)
 
 src_test_bench_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
         @TOR_LDFLAGS_libevent@
 src_test_bench_LDADD = src/or/libtor.a src/common/libor.a \
-	src/common/libor-crypto.a $(LIBDONNA) \
-	src/common/libor-event.a \
+	src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \
+	src/common/libor-event.a src/trunnel/libor-trunnel.a \
+	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
+	@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ \
+	@TOR_SYSTEMD_LIBS@
+
+src_test_test_workqueue_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
+        @TOR_LDFLAGS_libevent@
+src_test_test_workqueue_LDADD = src/or/libtor-testing.a \
+	src/common/libor-testing.a \
+	src/common/libor-crypto-testing.a $(LIBKECCAK_TINY) $(LIBDONNA) \
+	src/common/libor-event-testing.a \
 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
 	@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
 
 noinst_HEADERS+= \
-	src/test/test.h
+	src/test/fakechans.h \
+	src/test/log_test_helpers.h \
+	src/test/rend_test_helpers.h \
+	src/test/test.h \
+	src/test/test_helpers.h \
+	src/test/test_dir_common.h \
+	src/test/test_descriptors.inc \
+	src/test/example_extrainfo.inc \
+	src/test/failing_routerdescs.inc \
+	src/test/ed25519_vectors.inc \
+	src/test/test_descriptors.inc \
+	src/test/vote_descriptors.inc
 
-if CURVE25519_ENABLED
 noinst_PROGRAMS+= src/test/test-ntor-cl
 src_test_test_ntor_cl_SOURCES  = src/test/test_ntor_cl.c
 src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
 src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
-	src/common/libor-crypto.a $(LIBDONNA) \
+	src/common/libor-crypto.a $(LIBKECCAK_TINY) $(LIBDONNA) \
 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
 	@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
 src_test_test_ntor_cl_AM_CPPFLAGS =	       \
 	-I"$(top_srcdir)/src/or"
-NTOR_TEST_DEPS=src/test/test-ntor-cl
-else
-NTOR_TEST_DEPS=
-endif
-
-if COVERAGE_ENABLED
-CMDLINE_TEST_TOR = ./src/or/tor-cov
-else
-CMDLINE_TEST_TOR = ./src/or/tor
-endif
 
 noinst_PROGRAMS += src/test/test-bt-cl
 src_test_test_bt_cl_SOURCES = src/test/test_bt_cl.c
@@ -100,22 +220,15 @@ src_test_test_bt_cl_LDADD = src/common/libor-testing.a \
 	@TOR_LIB_MATH@ \
 	@TOR_LIB_WS32@ @TOR_LIB_GDI@
 src_test_test_bt_cl_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
-src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
-
-
-check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
-if USEPYTHON
-	$(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
-if CURVE25519_ENABLED
-	$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
-	$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
-endif
-	./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
-	./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
-endif
+src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS)
 
 EXTRA_DIST += \
 	src/test/bt_test.py \
 	src/test/ntor_ref.py \
 	src/test/slownacl_curve25519.py \
-	src/test/test_cmdline_args.py
+	src/test/zero_length_keys.sh \
+	src/test/test_keygen.sh \
+        src/test/test_zero_length_keys.sh \
+        src/test/test_ntor.sh src/test/test_bt.sh \
+	src/test/test-network.sh \
+	src/test/test_switch_id.sh
diff --git a/src/test/log_test_helpers.c b/src/test/log_test_helpers.c
new file mode 100644
index 0000000000..3bb36ac36c
--- /dev/null
+++ b/src/test/log_test_helpers.c
@@ -0,0 +1,113 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+#define LOG_PRIVATE
+#include "torlog.h"
+#include "log_test_helpers.h"
+
+static smartlist_t *saved_logs = NULL;
+
+int
+setup_capture_of_logs(int new_level)
+{
+  int previous_log = log_global_min_severity_;
+  log_global_min_severity_ = new_level;
+  mock_clean_saved_logs();
+  MOCK(logv, mock_saving_logv);
+  return previous_log;
+}
+
+void
+teardown_capture_of_logs(int prev)
+{
+  UNMOCK(logv);
+  log_global_min_severity_ = prev;
+  mock_clean_saved_logs();
+}
+
+void
+mock_clean_saved_logs(void)
+{
+  if (!saved_logs)
+    return;
+  SMARTLIST_FOREACH(saved_logs, mock_saved_log_entry_t *, m,
+                    { tor_free(m->generated_msg); tor_free(m); });
+  smartlist_free(saved_logs);
+  saved_logs = NULL;
+}
+
+const smartlist_t *
+mock_saved_logs(void)
+{
+  return saved_logs;
+}
+
+int
+mock_saved_log_has_message(const char *msg)
+{
+  int has_msg = 0;
+  if (saved_logs) {
+    SMARTLIST_FOREACH(saved_logs, mock_saved_log_entry_t *, m,
+                      {
+                        if (msg && m->generated_msg &&
+                            !strcmp(msg, m->generated_msg)) {
+                          has_msg = 1;
+                        }
+                      });
+  }
+
+  return has_msg;
+}
+
+/* Do the saved logs have any messages with severity? */
+int
+mock_saved_log_has_severity(int severity)
+{
+  int has_sev = 0;
+  if (saved_logs) {
+    SMARTLIST_FOREACH(saved_logs, mock_saved_log_entry_t *, m,
+                      {
+                        if (m->severity == severity) {
+                          has_sev = 1;
+                        }
+                      });
+  }
+
+  return has_sev;
+}
+
+/* Do the saved logs have any messages? */
+int
+mock_saved_log_has_entry(void)
+{
+  if (saved_logs) {
+    return smartlist_len(saved_logs) > 0;
+  }
+  return 0;
+}
+
+void
+mock_saving_logv(int severity, log_domain_mask_t domain,
+                 const char *funcname, const char *suffix,
+                 const char *format, va_list ap)
+{
+  (void)domain;
+  char *buf = tor_malloc_zero(10240);
+  int n;
+  n = tor_vsnprintf(buf,10240,format,ap);
+  tor_assert(n < 10240-1);
+  buf[n]='\n';
+  buf[n+1]='\0';
+
+  mock_saved_log_entry_t *e = tor_malloc_zero(sizeof(mock_saved_log_entry_t));
+  e->severity = severity;
+  e->funcname = funcname;
+  e->suffix = suffix;
+  e->format = format;
+  e->generated_msg = tor_strdup(buf);
+  tor_free(buf);
+
+  if (!saved_logs)
+    saved_logs = smartlist_new();
+  smartlist_add(saved_logs, e);
+}
+
diff --git a/src/test/log_test_helpers.h b/src/test/log_test_helpers.h
new file mode 100644
index 0000000000..1966f170fb
--- /dev/null
+++ b/src/test/log_test_helpers.h
@@ -0,0 +1,56 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+
+#ifndef TOR_LOG_TEST_HELPERS_H
+#define TOR_LOG_TEST_HELPERS_H
+
+typedef struct mock_saved_log_entry_t {
+  int severity;
+  const char *funcname;
+  const char *suffix;
+  const char *format;
+  char *generated_msg;
+  struct mock_saved_log_entry_t *next;
+} mock_saved_log_entry_t;
+
+void mock_saving_logv(int severity, log_domain_mask_t domain,
+                      const char *funcname, const char *suffix,
+                      const char *format, va_list ap)
+  CHECK_PRINTF(5, 0);
+void mock_clean_saved_logs(void);
+const smartlist_t *mock_saved_logs(void);
+int setup_capture_of_logs(int new_level);
+void teardown_capture_of_logs(int prev);
+
+int mock_saved_log_has_message(const char *msg);
+int mock_saved_log_has_severity(int severity);
+int mock_saved_log_has_entry(void);
+
+#define expect_log_msg(str) \
+  tt_assert_msg(mock_saved_log_has_message(str), \
+                "expected log to contain " # str);
+
+#define expect_no_log_msg(str) \
+  tt_assert_msg(!mock_saved_log_has_message(str), \
+                "expected log to not contain " # str);
+
+#define expect_log_severity(severity) \
+  tt_assert_msg(mock_saved_log_has_severity(severity), \
+                "expected log to contain severity " # severity);
+
+#define expect_no_log_severity(severity) \
+  tt_assert_msg(!mock_saved_log_has_severity(severity), \
+                "expected log to not contain severity " # severity);
+
+#define expect_log_entry() \
+  tt_assert_msg(mock_saved_log_has_entry(), \
+                "expected log to contain entries");
+
+#define expect_no_log_entry() \
+  tt_assert_msg(!mock_saved_log_has_entry(), \
+                "expected log to not contain entries");
+
+#endif
+
diff --git a/src/test/ntor_ref.py b/src/test/ntor_ref.py
index 7d6e43e716..df065853f3 100755
--- a/src/test/ntor_ref.py
+++ b/src/test/ntor_ref.py
@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright 2012-2013, The Tor Project, Inc
+# Copyright 2012-2015, The Tor Project, Inc
 # See LICENSE for licensing information
 
 """
@@ -283,7 +283,7 @@ def client_part2(seckey_x, msg, node_id, pubkey_B, keyBytes=72):
     my_auth = H_mac(auth_input)
 
     badness = my_auth != their_auth
-    badness = bad_result(yx) + bad_result(bx)
+    badness |= bad_result(yx) + bad_result(bx)
 
     if badness:
         return None
@@ -322,7 +322,7 @@ def kdf_vectors():
     """
     import binascii
     def kdf_vec(inp):
-        k = kdf(inp, T_KEY, M_EXPAND, 100)
+        k = kdf_rfc5869(inp, T_KEY, M_EXPAND, 100)
         print(repr(inp), "\n\""+ binascii.b2a_hex(k)+ "\"")
     kdf_vec("")
     kdf_vec("Tor")
diff --git a/src/test/rend_test_helpers.c b/src/test/rend_test_helpers.c
new file mode 100644
index 0000000000..377337bcb9
--- /dev/null
+++ b/src/test/rend_test_helpers.c
@@ -0,0 +1,73 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+#include "test.h"
+#include "rendcommon.h"
+#include "rend_test_helpers.h"
+
+void
+generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc,
+              char **service_id, int intro_points)
+{
+  rend_service_descriptor_t *generated = NULL;
+  smartlist_t *descs = smartlist_new();
+  time_t now;
+
+  now = time(NULL) + time_diff;
+  create_descriptor(&generated, service_id, intro_points);
+  generated->timestamp = now;
+
+  rend_encode_v2_descriptors(descs, generated, now, 0, REND_NO_AUTH, NULL,
+                             NULL);
+  tor_assert(smartlist_len(descs) > 1);
+  *desc = smartlist_get(descs, 0);
+  smartlist_set(descs, 0, NULL);
+
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  rend_service_descriptor_free(generated);
+}
+
+void
+create_descriptor(rend_service_descriptor_t **generated, char **service_id,
+                  int intro_points)
+{
+  crypto_pk_t *pk1 = NULL;
+  crypto_pk_t *pk2 = NULL;
+  int i;
+
+  *service_id = tor_malloc(REND_SERVICE_ID_LEN_BASE32+1);
+  pk1 = pk_generate(0);
+  pk2 = pk_generate(1);
+
+  *generated = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  (*generated)->pk = crypto_pk_dup_key(pk1);
+  rend_get_service_id((*generated)->pk, *service_id);
+
+  (*generated)->version = 2;
+  (*generated)->protocols = 42;
+  (*generated)->intro_nodes = smartlist_new();
+
+  for (i = 0; i < intro_points; i++) {
+    rend_intro_point_t *intro = tor_malloc_zero(sizeof(rend_intro_point_t));
+    crypto_pk_t *okey = pk_generate(2 + i);
+    intro->extend_info = tor_malloc_zero(sizeof(extend_info_t));
+    intro->extend_info->onion_key = okey;
+    crypto_pk_get_digest(intro->extend_info->onion_key,
+                         intro->extend_info->identity_digest);
+    intro->extend_info->nickname[0] = '$';
+    base16_encode(intro->extend_info->nickname + 1,
+                  sizeof(intro->extend_info->nickname) - 1,
+                  intro->extend_info->identity_digest, DIGEST_LEN);
+    tor_addr_from_ipv4h(&intro->extend_info->addr, crypto_rand_int(65536));
+    intro->extend_info->port = 1 + crypto_rand_int(65535);
+    intro->intro_key = crypto_pk_dup_key(pk2);
+    smartlist_add((*generated)->intro_nodes, intro);
+  }
+
+  crypto_pk_free(pk1);
+  crypto_pk_free(pk2);
+}
+
diff --git a/src/test/rend_test_helpers.h b/src/test/rend_test_helpers.h
new file mode 100644
index 0000000000..180a4e8fde
--- /dev/null
+++ b/src/test/rend_test_helpers.h
@@ -0,0 +1,15 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+
+#ifndef TOR_REND_TEST_HELPERS_H
+#define TOR_REND_TEST_HELPERS_H
+
+void generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc,
+                   char **service_id, int intro_points);
+void create_descriptor(rend_service_descriptor_t **generated,
+                       char **service_id, int intro_points);
+
+#endif
+
diff --git a/src/test/slow_ed25519.py b/src/test/slow_ed25519.py
new file mode 100644
index 0000000000..f44708b200
--- /dev/null
+++ b/src/test/slow_ed25519.py
@@ -0,0 +1,115 @@
+# This is the ed25519 implementation from
+#     http://ed25519.cr.yp.to/python/ed25519.py .
+# It is in the public domain.
+#
+# It isn't constant-time.  Don't use it except for testing.  Also, see
+# warnings about how very slow it is.  Only use this for generating
+# test vectors, I'd suggest.
+#
+# Don't edit this file.  Mess with ed25519_ref.py
+
+import hashlib
+
+b = 256
+q = 2**255 - 19
+l = 2**252 + 27742317777372353535851937790883648493
+
+def H(m):
+  return hashlib.sha512(m).digest()
+
+def expmod(b,e,m):
+  if e == 0: return 1
+  t = expmod(b,e/2,m)**2 % m
+  if e & 1: t = (t*b) % m
+  return t
+
+def inv(x):
+  return expmod(x,q-2,q)
+
+d = -121665 * inv(121666)
+I = expmod(2,(q-1)/4,q)
+
+def xrecover(y):
+  xx = (y*y-1) * inv(d*y*y+1)
+  x = expmod(xx,(q+3)/8,q)
+  if (x*x - xx) % q != 0: x = (x*I) % q
+  if x % 2 != 0: x = q-x
+  return x
+
+By = 4 * inv(5)
+Bx = xrecover(By)
+B = [Bx % q,By % q]
+
+def edwards(P,Q):
+  x1 = P[0]
+  y1 = P[1]
+  x2 = Q[0]
+  y2 = Q[1]
+  x3 = (x1*y2+x2*y1) * inv(1+d*x1*x2*y1*y2)
+  y3 = (y1*y2+x1*x2) * inv(1-d*x1*x2*y1*y2)
+  return [x3 % q,y3 % q]
+
+def scalarmult(P,e):
+  if e == 0: return [0,1]
+  Q = scalarmult(P,e/2)
+  Q = edwards(Q,Q)
+  if e & 1: Q = edwards(Q,P)
+  return Q
+
+def encodeint(y):
+  bits = [(y >> i) & 1 for i in range(b)]
+  return ''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b/8)])
+
+def encodepoint(P):
+  x = P[0]
+  y = P[1]
+  bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1]
+  return ''.join([chr(sum([bits[i * 8 + j] << j for j in range(8)])) for i in range(b/8)])
+
+def bit(h,i):
+  return (ord(h[i/8]) >> (i%8)) & 1
+
+def publickey(sk):
+  h = H(sk)
+  a = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2))
+  A = scalarmult(B,a)
+  return encodepoint(A)
+
+def Hint(m):
+  h = H(m)
+  return sum(2**i * bit(h,i) for i in range(2*b))
+
+def signature(m,sk,pk):
+  h = H(sk)
+  a = 2**(b-2) + sum(2**i * bit(h,i) for i in range(3,b-2))
+  r = Hint(''.join([h[i] for i in range(b/8,b/4)]) + m)
+  R = scalarmult(B,r)
+  S = (r + Hint(encodepoint(R) + pk + m) * a) % l
+  return encodepoint(R) + encodeint(S)
+
+def isoncurve(P):
+  x = P[0]
+  y = P[1]
+  return (-x*x + y*y - 1 - d*x*x*y*y) % q == 0
+
+def decodeint(s):
+  return sum(2**i * bit(s,i) for i in range(0,b))
+
+def decodepoint(s):
+  y = sum(2**i * bit(s,i) for i in range(0,b-1))
+  x = xrecover(y)
+  if x & 1 != bit(s,b-1): x = q-x
+  P = [x,y]
+  if not isoncurve(P): raise Exception("decoding point that is not on curve")
+  return P
+
+def checkvalid(s,m,pk):
+  if len(s) != b/4: raise Exception("signature length is wrong")
+  if len(pk) != b/8: raise Exception("public-key length is wrong")
+  R = decodepoint(s[0:b/8])
+  A = decodepoint(pk)
+  S = decodeint(s[b/8:b/4])
+  h = Hint(encodepoint(R) + pk + m)
+  if scalarmult(B,S) != edwards(R,scalarmult(A,h)):
+    raise Exception("signature does not pass verification")
+
diff --git a/src/test/test-child.c b/src/test/test-child.c
index 756782e70b..e2552a499d 100644
--- a/src/test/test-child.c
+++ b/src/test/test-child.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2013, The Tor Project, Inc. */
+/* Copyright (c) 2011-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include <stdio.h>
diff --git a/src/test/test-memwipe.c b/src/test/test-memwipe.c
new file mode 100644
index 0000000000..5d4fcec664
--- /dev/null
+++ b/src/test/test-memwipe.c
@@ -0,0 +1,209 @@
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdlib.h>
+
+#include "crypto.h"
+#include "compat.h"
+
+#undef MIN
+#define MIN(a,b) ( ((a)<(b)) ? (a) : (b) )
+
+static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
+static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
+static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
+static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
+static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
+static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
+static unsigned check_a_buffer(void) __attribute__((noinline));
+
+const char *s = NULL;
+
+#define BUF_LEN 2048
+
+#define FILL_BUFFER_IMPL()                                              \
+  unsigned int i;                                                       \
+  unsigned sum = 0;                                                     \
+                                                                        \
+  /* Fill up a 1k buffer with a recognizable pattern. */                \
+  for (i = 0; i < BUF_LEN; i += strlen(s)) {                            \
+    memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i));                        \
+  }                                                                     \
+                                                                        \
+  /* Use the buffer as input to a computation so the above can't get */ \
+  /* optimized away. */                                                 \
+  for (i = 0; i < BUF_LEN; ++i) {                                       \
+    sum += (unsigned char)buf[i];                                       \
+  }
+
+static unsigned
+fill_a_buffer_memset(void)
+{
+  char buf[BUF_LEN];
+  FILL_BUFFER_IMPL()
+  memset(buf, 0, sizeof(buf));
+  return sum;
+}
+
+static unsigned
+fill_a_buffer_memwipe(void)
+{
+  char buf[BUF_LEN];
+  FILL_BUFFER_IMPL()
+  memwipe(buf, 0, sizeof(buf));
+  return sum;
+}
+
+static unsigned
+fill_a_buffer_nothing(void)
+{
+  char buf[BUF_LEN];
+  FILL_BUFFER_IMPL()
+  return sum;
+}
+
+static inline int
+vmemeq(volatile char *a, const char *b, size_t n)
+{
+  while (n--) {
+    if (*a++ != *b++)
+      return 0;
+  }
+  return 1;
+}
+
+static unsigned
+check_a_buffer(void)
+{
+  unsigned int i;
+  volatile char buf[1024];
+  unsigned sum = 0;
+
+  /* See if this buffer has the string in it.
+
+     YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
+     BUFFER.
+
+     If you know a better way to figure out whether the compiler eliminated
+     the memset/memwipe calls or not, please let me know.
+   */
+  for (i = 0; i < BUF_LEN - strlen(s); ++i) {
+    if (vmemeq(buf+i, s, strlen(s)))
+      ++sum;
+  }
+
+  return sum;
+}
+
+static char *heap_buf = NULL;
+
+static unsigned
+fill_heap_buffer_memset(void)
+{
+  char *buf = heap_buf = malloc(BUF_LEN);
+  FILL_BUFFER_IMPL()
+  memset(buf, 0, BUF_LEN);
+  free(buf);
+  return sum;
+}
+
+static unsigned
+fill_heap_buffer_memwipe(void)
+{
+  char *buf = heap_buf = malloc(BUF_LEN);
+  FILL_BUFFER_IMPL()
+  memwipe(buf, 0, BUF_LEN);
+  free(buf);
+  return sum;
+}
+
+static unsigned
+fill_heap_buffer_nothing(void)
+{
+  char *buf = heap_buf = malloc(BUF_LEN);
+  FILL_BUFFER_IMPL()
+  free(buf);
+  return sum;
+}
+
+static unsigned
+check_heap_buffer(void)
+{
+  unsigned int i;
+  unsigned sum = 0;
+  volatile char *buf = heap_buf;
+
+  /* See if this buffer has the string in it.
+
+     YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
+
+     If you know a better way to figure out whether the compiler eliminated
+     the memset/memwipe calls or not, please let me know.
+   */
+  for (i = 0; i < BUF_LEN - strlen(s); ++i) {
+    if (vmemeq(buf+i, s, strlen(s)))
+      ++sum;
+  }
+
+  return sum;
+}
+
+static struct testcase {
+  const char *name;
+  /* this spacing satisfies make check-spaces */
+  unsigned
+    (*fill_fn)(void);
+  unsigned
+    (*check_fn)(void);
+} testcases[] = {
+  { "nil", fill_a_buffer_nothing, check_a_buffer },
+  { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
+  { "memset", fill_a_buffer_memset, check_a_buffer },
+  { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
+  { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
+  { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
+  { NULL, NULL, NULL }
+};
+
+int
+main(int argc, char **argv)
+{
+  unsigned x, x2;
+  int i;
+  int working = 1;
+  unsigned found[6];
+  (void) argc; (void) argv;
+
+  s = "squamous haberdasher gallimaufry";
+
+  memset(found, 0, sizeof(found));
+
+  for (i = 0; testcases[i].name; ++i) {
+    x = testcases[i].fill_fn();
+    found[i] = testcases[i].check_fn();
+
+    x2 = fill_a_buffer_nothing();
+
+    if (x != x2) {
+      working = 0;
+    }
+  }
+
+  if (!working || !found[0] || !found[1]) {
+    printf("It appears that this test case may not give you reliable "
+           "information. Sorry.\n");
+  }
+
+  if (!found[2] && !found[3]) {
+    printf("It appears that memset is good enough on this platform. Good.\n");
+  }
+
+  if (found[4] || found[5]) {
+    printf("ERROR: memwipe does not wipe data!\n");
+    return 1;
+  } else {
+    printf("OKAY: memwipe seems to work.\n");
+    return 0;
+  }
+}
+
diff --git a/src/test/test-network.sh b/src/test/test-network.sh
index 7b59864166..05080e0c52 100755
--- a/src/test/test-network.sh
+++ b/src/test/test-network.sh
@@ -1,8 +1,11 @@
 #! /bin/sh
 
-until [ -z $1 ]
+ECHO_N="/bin/echo -n"
+use_coverage_binary=false
+
+until [ -z "$1" ]
 do
-  case $1 in
+  case "$1" in
     --chutney-path)
       export CHUTNEY_PATH="$2"
       shift
@@ -11,10 +14,38 @@ do
       export TOR_DIR="$2"
       shift
     ;;
-    --flavo?r|--network-flavo?r)
+    --flavor|--flavour|--network-flavor|--network-flavour)
       export NETWORK_FLAVOUR="$2"
       shift
     ;;
+    --delay|--sleep|--bootstrap-time|--time)
+      export BOOTSTRAP_TIME="$2"
+      shift
+    ;;
+    # Environmental variables used by chutney verify performance tests
+    # Send this many bytes per client connection (10 KBytes)
+    --data|--data-bytes|--data-byte|--bytes|--byte)
+      export CHUTNEY_DATA_BYTES="$2"
+      shift
+    ;;
+    # Make this many connections per client (1)
+    # Note: If you create 7 or more connections to a hidden service from
+    # a single client, you'll likely get a verification failure due to
+    # https://trac.torproject.org/projects/tor/ticket/15937
+    --connections|--connection|--connection-count|--count)
+      export CHUTNEY_CONNECTIONS="$2"
+      shift
+    ;;
+    # Make each client connect to each HS (0)
+    # 0 means a single client connects to each HS
+    # 1 means every client connects to every HS
+    --hs-multi-client|--hs-multi-clients|--hs-client|--hs-clients)
+      export CHUTNEY_HS_MULTI_CLIENT="$2"
+      shift
+      ;;
+    --coverage)
+      use_coverage_binary=true
+      ;;
     *)
       echo "Sorry, I don't know what to do with '$1'."
       exit 2
@@ -24,24 +55,45 @@ do
 done
 
 TOR_DIR="${TOR_DIR:-$PWD}"
-NETWORK_FLAVOUR=${NETWORK_FLAVOUR:-basic}
+NETWORK_FLAVOUR=${NETWORK_FLAVOUR:-"bridges+hs"}
 CHUTNEY_NETWORK=networks/$NETWORK_FLAVOUR
 myname=$(basename $0)
 
+[ -n "$CHUTNEY_PATH" ] || {
+    echo "$myname: \$CHUTNEY_PATH not set, trying $TOR_DIR/../chutney"
+    CHUTNEY_PATH="$TOR_DIR/../chutney"
+}
+
 [ -d "$CHUTNEY_PATH" ] && [ -x "$CHUTNEY_PATH/chutney" ] || {
     echo "$myname: missing 'chutney' in CHUTNEY_PATH ($CHUTNEY_PATH)"
+    echo "$myname: Get chutney: git clone https://git.torproject.org/\
+chutney.git"
+    echo "$myname: Set \$CHUTNEY_PATH to a non-standard location: export CHUTNEY_PATH=\`pwd\`/chutney"
     exit 1
 }
+
 cd "$CHUTNEY_PATH"
 # For picking up the right tor binaries.
-PATH="$TOR_DIR/src/or:$TOR_DIR/src/tools:$PATH"
+tor_name=tor
+tor_gencert_name=tor-gencert
+if test "$use_coverage_binary" = true; then
+  tor_name=tor-cov
+fi
+export CHUTNEY_TOR="${TOR_DIR}/src/or/${tor_name}"
+export CHUTNEY_TOR_GENCERT="${TOR_DIR}/src/tools/${tor_gencert_name}"
+
 ./tools/bootstrap-network.sh $NETWORK_FLAVOUR || exit 2
 
 # Sleep some, waiting for the network to bootstrap.
 # TODO: Add chutney command 'bootstrap-status' and use that instead.
-BOOTSTRAP_TIME=18
-echo -n "$myname: sleeping for $BOOTSTRAP_TIME seconds"
+BOOTSTRAP_TIME=${BOOTSTRAP_TIME:-35}
+$ECHO_N "$myname: sleeping for $BOOTSTRAP_TIME seconds"
 n=$BOOTSTRAP_TIME; while [ $n -gt 0 ]; do
-    sleep 1; n=$(expr $n - 1); echo -n .
+    sleep 1; n=$(expr $n - 1); $ECHO_N .
 done; echo ""
 ./chutney verify $CHUTNEY_NETWORK
+VERIFY_EXIT_STATUS=$?
+# work around a bug/feature in make -j2 (or more)
+# where make hangs if any child processes are still alive
+./chutney stop $CHUTNEY_NETWORK
+exit $VERIFY_EXIT_STATUS
diff --git a/src/test/test.c b/src/test/test.c
index 8bce9c91f4..ed167a3e67 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1,12 +1,8 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
-/* Ordinarily defined in tor_main.c; this bit is just here to provide one
- * since we're not linking to tor_main.c */
-const char tor_git_revision[] = "";
-
 /**
  * \file test.c
  * \brief Unit tests for many pieces of the lower level Tor modules.
@@ -32,6 +28,7 @@ const char tor_git_revision[] = "";
 #define ROUTER_PRIVATE
 #define CIRCUITSTATS_PRIVATE
 #define CIRCUITLIST_PRIVATE
+#define MAIN_PRIVATE
 #define STATEFILE_PRIVATE
 
 /*
@@ -43,6 +40,7 @@ long int lround(double x);
 double fabs(double x);
 
 #include "or.h"
+#include "backtrace.h"
 #include "buffers.h"
 #include "circuitlist.h"
 #include "circuitstats.h"
@@ -50,11 +48,10 @@ double fabs(double x);
 #include "connection_edge.h"
 #include "geoip.h"
 #include "rendcommon.h"
+#include "rendcache.h"
 #include "test.h"
 #include "torgzip.h"
-#ifdef ENABLE_MEMPOOLS
-#include "mempool.h"
-#endif
+#include "main.h"
 #include "memarea.h"
 #include "onion.h"
 #include "onion_ntor.h"
@@ -63,168 +60,12 @@ double fabs(double x);
 #include "rephist.h"
 #include "routerparse.h"
 #include "statefile.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
-#endif
-
-#ifdef USE_DMALLOC
-#include <dmalloc.h>
-#include <openssl/crypto.h>
-#include "main.h"
-#endif
-
-/** Set to true if any unit test has failed.  Mostly, this is set by the macros
- * in test.h */
-int have_failed = 0;
-
-/** Temporary directory (set up by setup_directory) under which we store all
- * our files during testing. */
-static char temp_dir[256];
-#ifdef _WIN32
-#define pid_t int
-#endif
-static pid_t temp_dir_setup_in_pid = 0;
-
-/** Select and create the temporary directory we'll use to run our unit tests.
- * Store it in <b>temp_dir</b>.  Exit immediately if we can't create it.
- * idempotent. */
-static void
-setup_directory(void)
-{
-  static int is_setup = 0;
-  int r;
-  char rnd[256], rnd32[256];
-  if (is_setup) return;
-
-/* Due to base32 limitation needs to be a multiple of 5. */
-#define RAND_PATH_BYTES 5
-  crypto_rand(rnd, RAND_PATH_BYTES);
-  base32_encode(rnd32, sizeof(rnd32), rnd, RAND_PATH_BYTES);
-
-#ifdef _WIN32
-  {
-    char buf[MAX_PATH];
-    const char *tmp = buf;
-    /* If this fails, we're probably screwed anyway */
-    if (!GetTempPathA(sizeof(buf),buf))
-      tmp = "c:\\windows\\temp";
-    tor_snprintf(temp_dir, sizeof(temp_dir),
-                 "%s\\tor_test_%d_%s", tmp, (int)getpid(), rnd32);
-    r = mkdir(temp_dir);
-  }
-#else
-  tor_snprintf(temp_dir, sizeof(temp_dir), "/tmp/tor_test_%d_%s",
-               (int) getpid(), rnd32);
-  r = mkdir(temp_dir, 0700);
-#endif
-  if (r) {
-    fprintf(stderr, "Can't create directory %s:", temp_dir);
-    perror("");
-    exit(1);
-  }
-  is_setup = 1;
-  temp_dir_setup_in_pid = getpid();
-}
-
-/** Return a filename relative to our testing temporary directory */
-const char *
-get_fname(const char *name)
-{
-  static char buf[1024];
-  setup_directory();
-  if (!name)
-    return temp_dir;
-  tor_snprintf(buf,sizeof(buf),"%s/%s",temp_dir,name);
-  return buf;
-}
-
-/* Remove a directory and all of its subdirectories */
-static void
-rm_rf(const char *dir)
-{
-  struct stat st;
-  smartlist_t *elements;
-
-  elements = tor_listdir(dir);
-  if (elements) {
-    SMARTLIST_FOREACH_BEGIN(elements, const char *, cp) {
-         char *tmp = NULL;
-         tor_asprintf(&tmp, "%s"PATH_SEPARATOR"%s", dir, cp);
-         if (0 == stat(tmp,&st) && (st.st_mode & S_IFDIR)) {
-           rm_rf(tmp);
-         } else {
-           if (unlink(tmp)) {
-             fprintf(stderr, "Error removing %s: %s\n", tmp, strerror(errno));
-           }
-         }
-         tor_free(tmp);
-    } SMARTLIST_FOREACH_END(cp);
-    SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
-    smartlist_free(elements);
-  }
-  if (rmdir(dir))
-    fprintf(stderr, "Error removing directory %s: %s\n", dir, strerror(errno));
-}
-
-/** Remove all files stored under the temporary directory, and the directory
- * itself.  Called by atexit(). */
-static void
-remove_directory(void)
-{
-  if (getpid() != temp_dir_setup_in_pid) {
-    /* Only clean out the tempdir when the main process is exiting. */
-    return;
-  }
-
-  rm_rf(temp_dir);
-}
-
-/** Define this if unit tests spend too much time generating public keys*/
-#undef CACHE_GENERATED_KEYS
-
-static crypto_pk_t *pregen_keys[5] = {NULL, NULL, NULL, NULL, NULL};
-#define N_PREGEN_KEYS ((int)(sizeof(pregen_keys)/sizeof(pregen_keys[0])))
-
-/** Generate and return a new keypair for use in unit tests.  If we're using
- * the key cache optimization, we might reuse keys: we only guarantee that
- * keys made with distinct values for <b>idx</b> are different.  The value of
- * <b>idx</b> must be at least 0, and less than N_PREGEN_KEYS. */
-crypto_pk_t *
-pk_generate(int idx)
-{
-#ifdef CACHE_GENERATED_KEYS
-  tor_assert(idx < N_PREGEN_KEYS);
-  if (! pregen_keys[idx]) {
-    pregen_keys[idx] = crypto_pk_new();
-    tor_assert(!crypto_pk_generate_key(pregen_keys[idx]));
-  }
-  return crypto_pk_dup_key(pregen_keys[idx]);
-#else
-  crypto_pk_t *result;
-  (void) idx;
-  result = crypto_pk_new();
-  tor_assert(!crypto_pk_generate_key(result));
-  return result;
-#endif
-}
-
-/** Free all storage used for the cached key optimization. */
-static void
-free_pregenerated_keys(void)
-{
-  unsigned idx;
-  for (idx = 0; idx < N_PREGEN_KEYS; ++idx) {
-    if (pregen_keys[idx]) {
-      crypto_pk_free(pregen_keys[idx]);
-      pregen_keys[idx] = NULL;
-    }
-  }
-}
 
 /** Run unit tests for the onion handshake code. */
 static void
-test_onion_handshake(void)
+test_onion_handshake(void *arg)
 {
   /* client-side */
   crypto_dh_t *c_dh = NULL;
@@ -237,12 +78,13 @@ test_onion_handshake(void)
   /* shared */
   crypto_pk_t *pk = NULL, *pk2 = NULL;
 
+  (void)arg;
   pk = pk_generate(0);
   pk2 = pk_generate(1);
 
   /* client handshake 1. */
   memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN);
-  test_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf));
+  tt_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf));
 
   for (i = 1; i <= 3; ++i) {
     crypto_pk_t *k1, *k2;
@@ -259,16 +101,17 @@ test_onion_handshake(void)
 
     memset(s_buf, 0, TAP_ONIONSKIN_REPLY_LEN);
     memset(s_keys, 0, 40);
-    test_assert(! onion_skin_TAP_server_handshake(c_buf, k1, k2,
+    tt_assert(! onion_skin_TAP_server_handshake(c_buf, k1, k2,
                                                   s_buf, s_keys, 40));
 
     /* client handshake 2 */
     memset(c_keys, 0, 40);
-    test_assert(! onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40));
+    tt_assert(! onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys,
+                                                40, NULL));
 
-    test_memeq(c_keys, s_keys, 40);
+    tt_mem_op(c_keys,OP_EQ, s_keys, 40);
     memset(s_buf, 0, 40);
-    test_memneq(c_keys, s_buf, 40);
+    tt_mem_op(c_keys,OP_NE, s_buf, 40);
   }
  done:
   crypto_dh_free(c_dh);
@@ -300,7 +143,7 @@ test_bad_onion_handshake(void *arg)
   memset(junk_buf, 0, sizeof(junk_buf));
   crypto_pk_public_hybrid_encrypt(pk, junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
                                junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1);
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
                                             s_buf, s_keys, 40));
 
@@ -309,46 +152,46 @@ test_bad_onion_handshake(void *arg)
   memset(junk_buf2, 0, sizeof(junk_buf2));
   crypto_pk_public_encrypt(pk, junk_buf2, sizeof(junk_buf2),
                                junk_buf, 48, PK_PKCS1_OAEP_PADDING);
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
                                             s_buf, s_keys, 40));
 
   /* client handshake 1: do it straight. */
   memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN);
-  test_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf));
+  tt_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf));
 
   /* Server: Case 3: we just don't have the right key. */
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             onion_skin_TAP_server_handshake(c_buf, pk2, NULL,
                                             s_buf, s_keys, 40));
 
   /* Server: Case 4: The RSA-encrypted portion is corrupt. */
   c_buf[64] ^= 33;
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             onion_skin_TAP_server_handshake(c_buf, pk, NULL,
                                             s_buf, s_keys, 40));
   c_buf[64] ^= 33;
 
   /* (Let the server procede) */
-  tt_int_op(0, ==,
+  tt_int_op(0, OP_EQ,
             onion_skin_TAP_server_handshake(c_buf, pk, NULL,
                                             s_buf, s_keys, 40));
 
   /* Client: Case 1: The server sent back junk. */
   s_buf[64] ^= 33;
-  tt_int_op(-1, ==,
-            onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40));
+  tt_int_op(-1, OP_EQ,
+            onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, NULL));
   s_buf[64] ^= 33;
 
   /* Let the client finish; make sure it can. */
-  tt_int_op(0, ==,
-            onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40));
-  test_memeq(s_keys, c_keys, 40);
+  tt_int_op(0, OP_EQ,
+            onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, NULL));
+  tt_mem_op(s_keys,OP_EQ, c_keys, 40);
 
   /* Client: Case 2: The server sent back a degenerate DH. */
   memset(s_buf, 0, sizeof(s_buf));
-  tt_int_op(-1, ==,
-            onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40));
+  tt_int_op(-1, OP_EQ,
+            onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, NULL));
 
  done:
   crypto_dh_free(c_dh);
@@ -356,7 +199,6 @@ test_bad_onion_handshake(void *arg)
   crypto_pk_free(pk2);
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 test_ntor_handshake(void *arg)
 {
@@ -385,34 +227,33 @@ test_ntor_handshake(void *arg)
 
   /* client handshake 1. */
   memset(c_buf, 0, NTOR_ONIONSKIN_LEN);
-  tt_int_op(0, ==, onion_skin_ntor_create(node_id, server_pubkey,
+  tt_int_op(0, OP_EQ, onion_skin_ntor_create(node_id, server_pubkey,
                                           &c_state, c_buf));
 
   /* server handshake */
   memset(s_buf, 0, NTOR_REPLY_LEN);
   memset(s_keys, 0, 40);
-  tt_int_op(0, ==, onion_skin_ntor_server_handshake(c_buf, s_keymap, NULL,
+  tt_int_op(0, OP_EQ, onion_skin_ntor_server_handshake(c_buf, s_keymap, NULL,
                                                     node_id,
                                                     s_buf, s_keys, 400));
 
   /* client handshake 2 */
   memset(c_keys, 0, 40);
-  tt_int_op(0, ==, onion_skin_ntor_client_handshake(c_state, s_buf,
-                                                    c_keys, 400));
+  tt_int_op(0, OP_EQ, onion_skin_ntor_client_handshake(c_state, s_buf,
+                                                       c_keys, 400, NULL));
 
-  test_memeq(c_keys, s_keys, 400);
+  tt_mem_op(c_keys,OP_EQ, s_keys, 400);
   memset(s_buf, 0, 40);
-  test_memneq(c_keys, s_buf, 40);
+  tt_mem_op(c_keys,OP_NE, s_buf, 40);
 
  done:
   ntor_handshake_state_free(c_state);
   dimap_free(s_keymap, NULL);
 }
-#endif
 
 /** Run unit tests for the onion queues. */
 static void
-test_onion_queues(void)
+test_onion_queues(void *arg)
 {
   uint8_t buf1[TAP_ONIONSKIN_CHALLENGE_LEN] = {0};
   uint8_t buf2[NTOR_ONIONSKIN_LEN] = {0};
@@ -423,6 +264,7 @@ test_onion_queues(void)
   create_cell_t *onionskin = NULL, *create2_ptr;
   create_cell_t *create1 = tor_malloc_zero(sizeof(create_cell_t));
   create_cell_t *create2 = tor_malloc_zero(sizeof(create_cell_t));
+  (void)arg;
   create2_ptr = create2; /* remember, but do not free */
 
   create_cell_init(create1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP,
@@ -430,24 +272,24 @@ test_onion_queues(void)
   create_cell_init(create2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
                    NTOR_ONIONSKIN_LEN, buf2);
 
-  test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
-  test_eq(0, onion_pending_add(circ1, create1));
+  tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+  tt_int_op(0,OP_EQ, onion_pending_add(circ1, create1));
   create1 = NULL;
-  test_eq(1, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+  tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
 
-  test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
-  test_eq(0, onion_pending_add(circ2, create2));
+  tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+  tt_int_op(0,OP_EQ, onion_pending_add(circ2, create2));
   create2 = NULL;
-  test_eq(1, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+  tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
 
-  test_eq_ptr(circ2, onion_next_task(&onionskin));
-  test_eq(1, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
-  test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
-  tt_ptr_op(onionskin, ==, create2_ptr);
+  tt_ptr_op(circ2,OP_EQ, onion_next_task(&onionskin));
+  tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+  tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+  tt_ptr_op(onionskin, OP_EQ, create2_ptr);
 
   clear_pending_onions();
-  test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
-  test_eq(0, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+  tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+  tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
 
  done:
   circuit_free(TO_CIRCUIT(circ1));
@@ -458,7 +300,7 @@ test_onion_queues(void)
 }
 
 static void
-test_circuit_timeout(void)
+test_circuit_timeout(void *arg)
 {
   /* Plan:
    *  1. Generate 1000 samples
@@ -476,6 +318,10 @@ test_circuit_timeout(void)
   or_state_t *state=NULL;
   int i, runs;
   double close_ms;
+  (void)arg;
+
+  initialize_periodic_events();
+
   circuit_build_times_init(&initial);
   circuit_build_times_init(&estimate);
   circuit_build_times_init(&final);
@@ -510,11 +356,11 @@ test_circuit_timeout(void)
   } while (fabs(circuit_build_times_cdf(&initial, timeout0) -
                 circuit_build_times_cdf(&initial, timeout1)) > 0.02);
 
-  test_assert(estimate.total_build_times <= CBT_NCIRCUITS_TO_OBSERVE);
+  tt_assert(estimate.total_build_times <= CBT_NCIRCUITS_TO_OBSERVE);
 
   circuit_build_times_update_state(&estimate, state);
   circuit_build_times_free_timeouts(&final);
-  test_assert(circuit_build_times_parse_state(&final, state) == 0);
+  tt_assert(circuit_build_times_parse_state(&final, state) == 0);
 
   circuit_build_times_update_alpha(&final);
   timeout2 = circuit_build_times_calculate_timeout(&final,
@@ -524,7 +370,7 @@ test_circuit_timeout(void)
   log_notice(LD_CIRC, "Timeout2 is %f, Xm is %d", timeout2, final.Xm);
 
   /* 5% here because some accuracy is lost due to histogram conversion */
-  test_assert(fabs(circuit_build_times_cdf(&initial, timeout0) -
+  tt_assert(fabs(circuit_build_times_cdf(&initial, timeout0) -
                    circuit_build_times_cdf(&initial, timeout2)) < 0.05);
 
   for (runs = 0; runs < 50; runs++) {
@@ -547,8 +393,8 @@ test_circuit_timeout(void)
                 CBT_DEFAULT_QUANTILE_CUTOFF/100.0));
     }
 
-    test_assert(!circuit_build_times_network_check_changed(&estimate));
-    test_assert(!circuit_build_times_network_check_changed(&final));
+    tt_assert(!circuit_build_times_network_check_changed(&estimate));
+    tt_assert(!circuit_build_times_network_check_changed(&final));
 
     /* Reset liveness to be non-live */
     final.liveness.network_last_live = 0;
@@ -557,27 +403,27 @@ test_circuit_timeout(void)
     build_times_idx = estimate.build_times_idx;
     total_build_times = estimate.total_build_times;
 
-    test_assert(circuit_build_times_network_check_live(&estimate));
-    test_assert(circuit_build_times_network_check_live(&final));
+    tt_assert(circuit_build_times_network_check_live(&estimate));
+    tt_assert(circuit_build_times_network_check_live(&final));
 
     circuit_build_times_count_close(&estimate, 0,
             (time_t)(approx_time()-estimate.close_ms/1000.0-1));
     circuit_build_times_count_close(&final, 0,
             (time_t)(approx_time()-final.close_ms/1000.0-1));
 
-    test_assert(!circuit_build_times_network_check_live(&estimate));
-    test_assert(!circuit_build_times_network_check_live(&final));
+    tt_assert(!circuit_build_times_network_check_live(&estimate));
+    tt_assert(!circuit_build_times_network_check_live(&final));
 
     log_info(LD_CIRC, "idx: %d %d, tot: %d %d",
              build_times_idx, estimate.build_times_idx,
              total_build_times, estimate.total_build_times);
 
     /* Check rollback index. Should match top of loop. */
-    test_assert(build_times_idx == estimate.build_times_idx);
+    tt_assert(build_times_idx == estimate.build_times_idx);
     // This can fail if estimate.total_build_times == 1000, because
     // in that case, rewind actually causes us to lose timeouts
     if (total_build_times != CBT_NCIRCUITS_TO_OBSERVE)
-      test_assert(total_build_times == estimate.total_build_times);
+      tt_assert(total_build_times == estimate.total_build_times);
 
     /* Now simulate that the network has become live and we need
      * a change */
@@ -592,14 +438,22 @@ test_circuit_timeout(void)
       }
     }
 
-    test_assert(estimate.liveness.after_firsthop_idx == 0);
-    test_assert(final.liveness.after_firsthop_idx ==
+    tt_assert(estimate.liveness.after_firsthop_idx == 0);
+    tt_assert(final.liveness.after_firsthop_idx ==
                 CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT-1);
 
-    test_assert(circuit_build_times_network_check_live(&estimate));
-    test_assert(circuit_build_times_network_check_live(&final));
+    tt_assert(circuit_build_times_network_check_live(&estimate));
+    tt_assert(circuit_build_times_network_check_live(&final));
 
     circuit_build_times_count_timeout(&final, 1);
+
+    /* Ensure return value for degenerate cases are clamped correctly */
+    initial.alpha = INT32_MAX;
+    tt_assert(circuit_build_times_calculate_timeout(&initial, .99999999) <=
+              INT32_MAX);
+    initial.alpha = 0;
+    tt_assert(circuit_build_times_calculate_timeout(&initial, .5) <=
+              INT32_MAX);
   }
 
  done:
@@ -607,11 +461,12 @@ test_circuit_timeout(void)
   circuit_build_times_free_timeouts(&estimate);
   circuit_build_times_free_timeouts(&final);
   or_state_free(state);
+  teardown_periodic_events();
 }
 
 /** Test encoding and parsing of rendezvous service descriptors. */
 static void
-test_rend_fns(void)
+test_rend_fns(void *arg)
 {
   rend_service_descriptor_t *generated = NULL, *parsed = NULL;
   char service_id[DIGEST_LEN];
@@ -634,16 +489,20 @@ test_rend_fns(void)
   char address6[] = "foo.bar.abcdefghijklmnop.onion";
   char address7[] = ".abcdefghijklmnop.onion";
 
-  test_assert(BAD_HOSTNAME == parse_extended_hostname(address1));
-  test_assert(ONION_HOSTNAME == parse_extended_hostname(address2));
-  test_streq(address2, "aaaaaaaaaaaaaaaa");
-  test_assert(EXIT_HOSTNAME == parse_extended_hostname(address3));
-  test_assert(NORMAL_HOSTNAME == parse_extended_hostname(address4));
-  test_assert(ONION_HOSTNAME == parse_extended_hostname(address5));
-  test_streq(address5, "abcdefghijklmnop");
-  test_assert(ONION_HOSTNAME == parse_extended_hostname(address6));
-  test_streq(address6, "abcdefghijklmnop");
-  test_assert(BAD_HOSTNAME == parse_extended_hostname(address7));
+  (void)arg;
+  tt_assert(BAD_HOSTNAME == parse_extended_hostname(address1));
+  tt_assert(ONION_HOSTNAME == parse_extended_hostname(address2));
+  tt_str_op(address2,OP_EQ, "aaaaaaaaaaaaaaaa");
+  tt_assert(EXIT_HOSTNAME == parse_extended_hostname(address3));
+  tt_assert(NORMAL_HOSTNAME == parse_extended_hostname(address4));
+  tt_assert(ONION_HOSTNAME == parse_extended_hostname(address5));
+  tt_str_op(address5,OP_EQ, "abcdefghijklmnop");
+  tt_assert(ONION_HOSTNAME == parse_extended_hostname(address6));
+  tt_str_op(address6,OP_EQ, "abcdefghijklmnop");
+  tt_assert(BAD_HOSTNAME == parse_extended_hostname(address7));
+
+  /* Initialize the service cache. */
+  rend_cache_init();
 
   pk1 = pk_generate(0);
   pk2 = pk_generate(1);
@@ -676,40 +535,41 @@ test_rend_fns(void)
     intro->intro_key = crypto_pk_dup_key(pk2);
     smartlist_add(generated->intro_nodes, intro);
   }
-  test_assert(rend_encode_v2_descriptors(descs, generated, now, 0,
+  tt_assert(rend_encode_v2_descriptors(descs, generated, now, 0,
                                          REND_NO_AUTH, NULL, NULL) > 0);
-  test_assert(rend_compute_v2_desc_id(computed_desc_id, service_id_base32,
+  tt_assert(rend_compute_v2_desc_id(computed_desc_id, service_id_base32,
                                       NULL, now, 0) == 0);
-  test_memeq(((rend_encoded_v2_service_descriptor_t *)
-             smartlist_get(descs, 0))->desc_id, computed_desc_id, DIGEST_LEN);
-  test_assert(rend_parse_v2_service_descriptor(&parsed, parsed_desc_id,
-                                               &intro_points_encrypted,
-                                               &intro_points_size,
-                                               &encoded_size,
-                                               &next_desc,
-                                     ((rend_encoded_v2_service_descriptor_t *)
-                                     smartlist_get(descs, 0))->desc_str) == 0);
-  test_assert(parsed);
-  test_memeq(((rend_encoded_v2_service_descriptor_t *)
-             smartlist_get(descs, 0))->desc_id, parsed_desc_id, DIGEST_LEN);
-  test_eq(rend_parse_introduction_points(parsed, intro_points_encrypted,
-                                         intro_points_size), 3);
-  test_assert(!crypto_pk_cmp_keys(generated->pk, parsed->pk));
-  test_eq(parsed->timestamp, now);
-  test_eq(parsed->version, 2);
-  test_eq(parsed->protocols, 42);
-  test_eq(smartlist_len(parsed->intro_nodes), 3);
+  tt_mem_op(((rend_encoded_v2_service_descriptor_t *)
+             smartlist_get(descs, 0))->desc_id, OP_EQ,
+            computed_desc_id, DIGEST_LEN);
+  tt_assert(rend_parse_v2_service_descriptor(&parsed, parsed_desc_id,
+                                             &intro_points_encrypted,
+                                             &intro_points_size,
+                                             &encoded_size,
+                                              &next_desc,
+                             ((rend_encoded_v2_service_descriptor_t *)
+                                 smartlist_get(descs, 0))->desc_str, 1) == 0);
+  tt_assert(parsed);
+  tt_mem_op(((rend_encoded_v2_service_descriptor_t *)
+         smartlist_get(descs, 0))->desc_id,OP_EQ, parsed_desc_id, DIGEST_LEN);
+  tt_int_op(rend_parse_introduction_points(parsed, intro_points_encrypted,
+                                         intro_points_size),OP_EQ, 3);
+  tt_assert(!crypto_pk_cmp_keys(generated->pk, parsed->pk));
+  tt_int_op(parsed->timestamp,OP_EQ, now);
+  tt_int_op(parsed->version,OP_EQ, 2);
+  tt_int_op(parsed->protocols,OP_EQ, 42);
+  tt_int_op(smartlist_len(parsed->intro_nodes),OP_EQ, 3);
   for (i = 0; i < smartlist_len(parsed->intro_nodes); i++) {
     rend_intro_point_t *par_intro = smartlist_get(parsed->intro_nodes, i),
       *gen_intro = smartlist_get(generated->intro_nodes, i);
     extend_info_t *par_info = par_intro->extend_info;
     extend_info_t *gen_info = gen_intro->extend_info;
-    test_assert(!crypto_pk_cmp_keys(gen_info->onion_key, par_info->onion_key));
-    test_memeq(gen_info->identity_digest, par_info->identity_digest,
+    tt_assert(!crypto_pk_cmp_keys(gen_info->onion_key, par_info->onion_key));
+    tt_mem_op(gen_info->identity_digest,OP_EQ, par_info->identity_digest,
                DIGEST_LEN);
-    test_streq(gen_info->nickname, par_info->nickname);
-    test_assert(tor_addr_eq(&gen_info->addr, &par_info->addr));
-    test_eq(gen_info->port, par_info->port);
+    tt_str_op(gen_info->nickname,OP_EQ, par_info->nickname);
+    tt_assert(tor_addr_eq(&gen_info->addr, &par_info->addr));
+    tt_int_op(gen_info->port,OP_EQ, par_info->port);
   }
 
   rend_service_descriptor_free(parsed);
@@ -753,17 +613,17 @@ test_rend_fns(void)
   } while (0)
 #define CHECK_COUNTRY(country, val) do {                                \
     /* test ipv4 country lookup */                                      \
-    test_streq(country,                                                 \
+    tt_str_op(country, OP_EQ,                                              \
                geoip_get_country_name(geoip_get_country_by_ipv4(val))); \
     /* test ipv6 country lookup */                                      \
     SET_TEST_IPV6(val);                                                 \
-    test_streq(country,                                                 \
+    tt_str_op(country, OP_EQ,                                              \
                geoip_get_country_name(geoip_get_country_by_ipv6(&in6))); \
   } while (0)
 
 /** Run unit tests for GeoIP code. */
 static void
-test_geoip(void)
+test_geoip(void *arg)
 {
   int i, j;
   time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
@@ -817,23 +677,24 @@ test_geoip(void)
   /* Populate the DB a bit.  Add these in order, since we can't do the final
    * 'sort' step.  These aren't very good IP addresses, but they're perfectly
    * fine uint32_t values. */
-  test_eq(0, geoip_parse_entry("10,50,AB", AF_INET));
-  test_eq(0, geoip_parse_entry("52,90,XY", AF_INET));
-  test_eq(0, geoip_parse_entry("95,100,AB", AF_INET));
-  test_eq(0, geoip_parse_entry("\"105\",\"140\",\"ZZ\"", AF_INET));
-  test_eq(0, geoip_parse_entry("\"150\",\"190\",\"XY\"", AF_INET));
-  test_eq(0, geoip_parse_entry("\"200\",\"250\",\"AB\"", AF_INET));
+  (void)arg;
+  tt_int_op(0,OP_EQ, geoip_parse_entry("10,50,AB", AF_INET));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("52,90,XY", AF_INET));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("95,100,AB", AF_INET));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("\"105\",\"140\",\"ZZ\"", AF_INET));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("\"150\",\"190\",\"XY\"", AF_INET));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("\"200\",\"250\",\"AB\"", AF_INET));
 
   /* Populate the IPv6 DB equivalently with fake IPs in the same range */
-  test_eq(0, geoip_parse_entry("::a,::32,AB", AF_INET6));
-  test_eq(0, geoip_parse_entry("::34,::5a,XY", AF_INET6));
-  test_eq(0, geoip_parse_entry("::5f,::64,AB", AF_INET6));
-  test_eq(0, geoip_parse_entry("::69,::8c,ZZ", AF_INET6));
-  test_eq(0, geoip_parse_entry("::96,::be,XY", AF_INET6));
-  test_eq(0, geoip_parse_entry("::c8,::fa,AB", AF_INET6));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("::a,::32,AB", AF_INET6));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("::34,::5a,XY", AF_INET6));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("::5f,::64,AB", AF_INET6));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("::69,::8c,ZZ", AF_INET6));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("::96,::be,XY", AF_INET6));
+  tt_int_op(0,OP_EQ, geoip_parse_entry("::c8,::fa,AB", AF_INET6));
 
   /* We should have 4 countries: ??, ab, xy, zz. */
-  test_eq(4, geoip_get_n_countries());
+  tt_int_op(4,OP_EQ, geoip_get_n_countries());
   memset(&in6, 0, sizeof(in6));
 
   CHECK_COUNTRY("??", 3);
@@ -844,9 +705,9 @@ test_geoip(void)
   CHECK_COUNTRY("xy", 190);
   CHECK_COUNTRY("??", 2000);
 
-  test_eq(0, geoip_get_country_by_ipv4(3));
+  tt_int_op(0,OP_EQ, geoip_get_country_by_ipv4(3));
   SET_TEST_IPV6(3);
-  test_eq(0, geoip_get_country_by_ipv6(&in6));
+  tt_int_op(0,OP_EQ, geoip_get_country_by_ipv6(&in6));
 
   get_options_mutable()->BridgeRelay = 1;
   get_options_mutable()->BridgeRecordUsageByCountry = 1;
@@ -869,41 +730,41 @@ test_geoip(void)
     geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now);
   }
   geoip_get_client_history(GEOIP_CLIENT_CONNECT, &s, &v);
-  test_assert(s);
-  test_assert(v);
-  test_streq("zz=24,ab=16,xy=8", s);
-  test_streq("v4=16,v6=16", v);
+  tt_assert(s);
+  tt_assert(v);
+  tt_str_op("zz=24,ab=16,xy=8",OP_EQ, s);
+  tt_str_op("v4=16,v6=16",OP_EQ, v);
   tor_free(s);
   tor_free(v);
 
   /* Now clear out all the AB observations. */
   geoip_remove_old_clients(now-6000);
   geoip_get_client_history(GEOIP_CLIENT_CONNECT, &s, &v);
-  test_assert(s);
-  test_assert(v);
-  test_streq("zz=24,xy=8", s);
-  test_streq("v4=16,v6=16", v);
+  tt_assert(s);
+  tt_assert(v);
+  tt_str_op("zz=24,xy=8",OP_EQ, s);
+  tt_str_op("v4=16,v6=16",OP_EQ, v);
   tor_free(s);
   tor_free(v);
 
   /* Start testing bridge statistics by making sure that we don't output
    * bridge stats without initializing them. */
   s = geoip_format_bridge_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Initialize stats and generate the bridge-stats history string out of
    * the connecting clients added above. */
   geoip_bridge_stats_init(now);
   s = geoip_format_bridge_stats(now + 86400);
-  test_assert(s);
-  test_streq(bridge_stats_1, s);
+  tt_assert(s);
+  tt_str_op(bridge_stats_1,OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting bridge stats and make sure we don't write a history
    * string anymore. */
   geoip_bridge_stats_term();
   s = geoip_format_bridge_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Stop being a bridge and start being a directory mirror that gathers
    * directory request statistics. */
@@ -917,7 +778,7 @@ test_geoip(void)
   SET_TEST_ADDRESS(100);
   geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now);
   s = geoip_format_dirreq_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Initialize stats, note one connecting client, and generate the
    * dirreq-stats history string. */
@@ -925,7 +786,7 @@ test_geoip(void)
   SET_TEST_ADDRESS(100);
   geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now);
   s = geoip_format_dirreq_stats(now + 86400);
-  test_streq(dirreq_stats_1, s);
+  tt_str_op(dirreq_stats_1,OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting stats, add another connecting client, and ensure we
@@ -934,7 +795,7 @@ test_geoip(void)
   SET_TEST_ADDRESS(101);
   geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now);
   s = geoip_format_dirreq_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Re-start stats, add a connecting client, reset stats, and make sure
    * that we get an all empty history string. */
@@ -943,20 +804,20 @@ test_geoip(void)
   geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, &addr, NULL, now);
   geoip_reset_dirreq_stats(now);
   s = geoip_format_dirreq_stats(now + 86400);
-  test_streq(dirreq_stats_2, s);
+  tt_str_op(dirreq_stats_2,OP_EQ, s);
   tor_free(s);
 
   /* Note a successful network status response and make sure that it
    * appears in the history string. */
   geoip_note_ns_response(GEOIP_SUCCESS);
   s = geoip_format_dirreq_stats(now + 86400);
-  test_streq(dirreq_stats_3, s);
+  tt_str_op(dirreq_stats_3,OP_EQ, s);
   tor_free(s);
 
   /* Start a tunneled directory request. */
   geoip_start_dirreq((uint64_t) 1, 1024, DIRREQ_TUNNELED);
   s = geoip_format_dirreq_stats(now + 86400);
-  test_streq(dirreq_stats_4, s);
+  tt_str_op(dirreq_stats_4,OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting directory request statistics and start gathering
@@ -970,7 +831,7 @@ test_geoip(void)
   SET_TEST_ADDRESS(100);
   geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now);
   s = geoip_format_entry_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Initialize stats, note one connecting client, and generate the
    * entry-stats history string. */
@@ -978,7 +839,7 @@ test_geoip(void)
   SET_TEST_ADDRESS(100);
   geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now);
   s = geoip_format_entry_stats(now + 86400);
-  test_streq(entry_stats_1, s);
+  tt_str_op(entry_stats_1,OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting stats, add another connecting client, and ensure we
@@ -987,7 +848,7 @@ test_geoip(void)
   SET_TEST_ADDRESS(101);
   geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now);
   s = geoip_format_entry_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Re-start stats, add a connecting client, reset stats, and make sure
    * that we get an all empty history string. */
@@ -996,7 +857,7 @@ test_geoip(void)
   geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &addr, NULL, now);
   geoip_reset_entry_stats(now);
   s = geoip_format_entry_stats(now + 86400);
-  test_streq(entry_stats_2, s);
+  tt_str_op(entry_stats_2,OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting entry statistics. */
@@ -1009,7 +870,7 @@ test_geoip(void)
 }
 
 static void
-test_geoip_with_pt(void)
+test_geoip_with_pt(void *arg)
 {
   time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
   char *s = NULL;
@@ -1017,6 +878,7 @@ test_geoip_with_pt(void)
   tor_addr_t addr;
   struct in6_addr in6;
 
+  (void)arg;
   get_options_mutable()->BridgeRelay = 1;
   get_options_mutable()->BridgeRecordUsageByCountry = 1;
 
@@ -1068,7 +930,7 @@ test_geoip_with_pt(void)
   /* Test the transport history string. */
   s = geoip_get_transport_history();
   tor_assert(s);
-  test_streq(s, "<OR>=8,alpha=16,beta=8,charlie=16,ddr=136,"
+  tt_str_op(s,OP_EQ, "<OR>=8,alpha=16,beta=8,charlie=16,ddr=136,"
              "entropy=8,fire=8,google=8");
 
   /* Stop collecting entry statistics. */
@@ -1085,7 +947,7 @@ test_geoip_with_pt(void)
 
 /** Run unit tests for stats code. */
 static void
-test_stats(void)
+test_stats(void *arg)
 {
   time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
   char *s = NULL;
@@ -1093,10 +955,11 @@ test_stats(void)
 
   /* Start with testing exit port statistics; we shouldn't collect exit
    * stats without initializing them. */
+  (void)arg;
   rep_hist_note_exit_stream_opened(80);
   rep_hist_note_exit_bytes(80, 100, 10000);
   s = rep_hist_format_exit_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Initialize stats, note some streams and bytes, and generate history
    * string. */
@@ -1107,10 +970,10 @@ test_stats(void)
   rep_hist_note_exit_bytes(443, 100, 10000);
   rep_hist_note_exit_bytes(443, 100, 10000);
   s = rep_hist_format_exit_stats(now + 86400);
-  test_streq("exit-stats-end 2010-08-12 13:27:30 (86400 s)\n"
+  tt_str_op("exit-stats-end 2010-08-12 13:27:30 (86400 s)\n"
              "exit-kibibytes-written 80=1,443=1,other=0\n"
              "exit-kibibytes-read 80=10,443=20,other=0\n"
-             "exit-streams-opened 80=4,443=4,other=0\n", s);
+             "exit-streams-opened 80=4,443=4,other=0\n",OP_EQ, s);
   tor_free(s);
 
   /* Add a few bytes on 10 more ports and ensure that only the top 10
@@ -1120,13 +983,13 @@ test_stats(void)
     rep_hist_note_exit_stream_opened(i);
   }
   s = rep_hist_format_exit_stats(now + 86400);
-  test_streq("exit-stats-end 2010-08-12 13:27:30 (86400 s)\n"
+  tt_str_op("exit-stats-end 2010-08-12 13:27:30 (86400 s)\n"
              "exit-kibibytes-written 52=1,53=1,54=1,55=1,56=1,57=1,58=1,"
              "59=1,80=1,443=1,other=1\n"
              "exit-kibibytes-read 52=1,53=1,54=1,55=1,56=1,57=1,58=1,"
              "59=1,80=10,443=20,other=1\n"
              "exit-streams-opened 52=4,53=4,54=4,55=4,56=4,57=4,58=4,"
-             "59=4,80=4,443=4,other=4\n", s);
+             "59=4,80=4,443=4,other=4\n",OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting stats, add some bytes, and ensure we don't generate
@@ -1134,7 +997,7 @@ test_stats(void)
   rep_hist_exit_stats_term();
   rep_hist_note_exit_bytes(80, 100, 10000);
   s = rep_hist_format_exit_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Re-start stats, add some bytes, reset stats, and see what history we
    * get when observing no streams or bytes at all. */
@@ -1143,17 +1006,17 @@ test_stats(void)
   rep_hist_note_exit_bytes(80, 100, 10000);
   rep_hist_reset_exit_stats(now);
   s = rep_hist_format_exit_stats(now + 86400);
-  test_streq("exit-stats-end 2010-08-12 13:27:30 (86400 s)\n"
+  tt_str_op("exit-stats-end 2010-08-12 13:27:30 (86400 s)\n"
              "exit-kibibytes-written other=0\n"
              "exit-kibibytes-read other=0\n"
-             "exit-streams-opened other=0\n", s);
+             "exit-streams-opened other=0\n",OP_EQ, s);
   tor_free(s);
 
   /* Continue with testing connection statistics; we shouldn't collect
    * conn stats without initializing them. */
   rep_hist_note_or_conn_bytes(1, 20, 400, now);
   s = rep_hist_format_conn_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Initialize stats, note bytes, and generate history string. */
   rep_hist_conn_stats_init(now);
@@ -1162,7 +1025,7 @@ test_stats(void)
   rep_hist_note_or_conn_bytes(2, 400000, 30000, now + 10);
   rep_hist_note_or_conn_bytes(2, 400000, 30000, now + 15);
   s = rep_hist_format_conn_stats(now + 86400);
-  test_streq("conn-bi-direct 2010-08-12 13:27:30 (86400 s) 0,0,1,0\n", s);
+  tt_str_op("conn-bi-direct 2010-08-12 13:27:30 (86400 s) 0,0,1,0\n",OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting stats, add some bytes, and ensure we don't generate
@@ -1170,7 +1033,7 @@ test_stats(void)
   rep_hist_conn_stats_term();
   rep_hist_note_or_conn_bytes(2, 400000, 30000, now + 15);
   s = rep_hist_format_conn_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Re-start stats, add some bytes, reset stats, and see what history we
    * get when observing no bytes at all. */
@@ -1181,26 +1044,26 @@ test_stats(void)
   rep_hist_note_or_conn_bytes(2, 400000, 30000, now + 15);
   rep_hist_reset_conn_stats(now);
   s = rep_hist_format_conn_stats(now + 86400);
-  test_streq("conn-bi-direct 2010-08-12 13:27:30 (86400 s) 0,0,0,0\n", s);
+  tt_str_op("conn-bi-direct 2010-08-12 13:27:30 (86400 s) 0,0,0,0\n",OP_EQ, s);
   tor_free(s);
 
   /* Continue with testing buffer statistics; we shouldn't collect buffer
    * stats without initializing them. */
   rep_hist_add_buffer_stats(2.0, 2.0, 20);
   s = rep_hist_format_buffer_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Initialize stats, add statistics for a single circuit, and generate
    * the history string. */
   rep_hist_buffer_stats_init(now);
   rep_hist_add_buffer_stats(2.0, 2.0, 20);
   s = rep_hist_format_buffer_stats(now + 86400);
-  test_streq("cell-stats-end 2010-08-12 13:27:30 (86400 s)\n"
+  tt_str_op("cell-stats-end 2010-08-12 13:27:30 (86400 s)\n"
              "cell-processed-cells 20,0,0,0,0,0,0,0,0,0\n"
              "cell-queued-cells 2.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,"
                                "0.00,0.00\n"
              "cell-time-in-queue 2,0,0,0,0,0,0,0,0,0\n"
-             "cell-circuits-per-decile 1\n", s);
+             "cell-circuits-per-decile 1\n",OP_EQ, s);
   tor_free(s);
 
   /* Add nineteen more circuit statistics to the one that's already in the
@@ -1210,12 +1073,12 @@ test_stats(void)
   for (i = 20; i < 30; i++)
     rep_hist_add_buffer_stats(3.5, 3.5, i);
   s = rep_hist_format_buffer_stats(now + 86400);
-  test_streq("cell-stats-end 2010-08-12 13:27:30 (86400 s)\n"
+  tt_str_op("cell-stats-end 2010-08-12 13:27:30 (86400 s)\n"
              "cell-processed-cells 29,28,27,26,25,24,23,22,21,20\n"
              "cell-queued-cells 2.75,2.75,2.75,2.75,2.75,2.75,2.75,2.75,"
                                "2.75,2.75\n"
              "cell-time-in-queue 3,3,3,3,3,3,3,3,3,3\n"
-             "cell-circuits-per-decile 2\n", s);
+             "cell-circuits-per-decile 2\n",OP_EQ, s);
   tor_free(s);
 
   /* Stop collecting stats, add statistics for one circuit, and ensure we
@@ -1223,7 +1086,7 @@ test_stats(void)
   rep_hist_buffer_stats_term();
   rep_hist_add_buffer_stats(2.0, 2.0, 20);
   s = rep_hist_format_buffer_stats(now + 86400);
-  test_assert(!s);
+  tt_assert(!s);
 
   /* Re-start stats, add statistics for one circuit, reset stats, and make
    * sure that the history has all zeros. */
@@ -1231,56 +1094,29 @@ test_stats(void)
   rep_hist_add_buffer_stats(2.0, 2.0, 20);
   rep_hist_reset_buffer_stats(now);
   s = rep_hist_format_buffer_stats(now + 86400);
-  test_streq("cell-stats-end 2010-08-12 13:27:30 (86400 s)\n"
+  tt_str_op("cell-stats-end 2010-08-12 13:27:30 (86400 s)\n"
              "cell-processed-cells 0,0,0,0,0,0,0,0,0,0\n"
              "cell-queued-cells 0.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,"
                                "0.00,0.00\n"
              "cell-time-in-queue 0,0,0,0,0,0,0,0,0,0\n"
-             "cell-circuits-per-decile 0\n", s);
+             "cell-circuits-per-decile 0\n",OP_EQ, s);
 
  done:
   tor_free(s);
 }
 
-static void *
-legacy_test_setup(const struct testcase_t *testcase)
-{
-  return testcase->setup_data;
-}
-
-void
-legacy_test_helper(void *data)
-{
-  void (*fn)(void) = data;
-  fn();
-}
-
-static int
-legacy_test_cleanup(const struct testcase_t *testcase, void *ptr)
-{
-  (void)ptr;
-  (void)testcase;
-  return 1;
-}
-
-const struct testcase_setup_t legacy_setup = {
-  legacy_test_setup, legacy_test_cleanup
-};
-
 #define ENT(name)                                                       \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_ ## name }
+  { #name, test_ ## name , 0, NULL, NULL }
 #define FORK(name)                                                      \
-  { #name, legacy_test_helper, TT_FORK, &legacy_setup, test_ ## name }
+  { #name, test_ ## name , TT_FORK, NULL, NULL }
 
 static struct testcase_t test_array[] = {
   ENT(onion_handshake),
   { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
   ENT(onion_queues),
-#ifdef CURVE25519_ENABLED
   { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
-#endif
-  ENT(circuit_timeout),
-  ENT(rend_fns),
+  FORK(circuit_timeout),
+  FORK(rend_fns),
   ENT(geoip),
   FORK(geoip_with_pt),
   FORK(stats),
@@ -1288,145 +1124,114 @@ static struct testcase_t test_array[] = {
   END_OF_TESTCASES
 };
 
+extern struct testcase_t accounting_tests[];
 extern struct testcase_t addr_tests[];
+extern struct testcase_t address_tests[];
 extern struct testcase_t buffer_tests[];
-extern struct testcase_t crypto_tests[];
-extern struct testcase_t container_tests[];
-extern struct testcase_t util_tests[];
-extern struct testcase_t dir_tests[];
-extern struct testcase_t microdesc_tests[];
-extern struct testcase_t pt_tests[];
-extern struct testcase_t config_tests[];
-extern struct testcase_t introduce_tests[];
-extern struct testcase_t replaycache_tests[];
-extern struct testcase_t relaycell_tests[];
 extern struct testcase_t cell_format_tests[];
+extern struct testcase_t cell_queue_tests[];
+extern struct testcase_t channel_tests[];
+extern struct testcase_t channeltls_tests[];
+extern struct testcase_t checkdir_tests[];
 extern struct testcase_t circuitlist_tests[];
 extern struct testcase_t circuitmux_tests[];
-extern struct testcase_t cell_queue_tests[];
-extern struct testcase_t options_tests[];
-extern struct testcase_t socks_tests[];
-extern struct testcase_t extorport_tests[];
+extern struct testcase_t compat_libevent_tests[];
+extern struct testcase_t config_tests[];
+extern struct testcase_t connection_tests[];
+extern struct testcase_t container_tests[];
+extern struct testcase_t controller_tests[];
 extern struct testcase_t controller_event_tests[];
-extern struct testcase_t logging_tests[];
+extern struct testcase_t crypto_tests[];
+extern struct testcase_t dir_tests[];
+extern struct testcase_t dir_handle_get_tests[];
+extern struct testcase_t entryconn_tests[];
+extern struct testcase_t entrynodes_tests[];
+extern struct testcase_t guardfraction_tests[];
+extern struct testcase_t extorport_tests[];
 extern struct testcase_t hs_tests[];
+extern struct testcase_t introduce_tests[];
+extern struct testcase_t keypin_tests[];
+extern struct testcase_t link_handshake_tests[];
+extern struct testcase_t logging_tests[];
+extern struct testcase_t microdesc_tests[];
 extern struct testcase_t nodelist_tests[];
-extern struct testcase_t routerkeys_tests[];
 extern struct testcase_t oom_tests[];
+extern struct testcase_t options_tests[];
 extern struct testcase_t policy_tests[];
+extern struct testcase_t procmon_tests[];
+extern struct testcase_t pt_tests[];
+extern struct testcase_t relay_tests[];
+extern struct testcase_t relaycell_tests[];
+extern struct testcase_t rend_cache_tests[];
+extern struct testcase_t replaycache_tests[];
+extern struct testcase_t router_tests[];
+extern struct testcase_t routerkeys_tests[];
+extern struct testcase_t routerlist_tests[];
+extern struct testcase_t routerset_tests[];
+extern struct testcase_t scheduler_tests[];
+extern struct testcase_t socks_tests[];
 extern struct testcase_t status_tests[];
+extern struct testcase_t thread_tests[];
+extern struct testcase_t tortls_tests[];
+extern struct testcase_t util_tests[];
+extern struct testcase_t util_format_tests[];
+extern struct testcase_t util_process_tests[];
+extern struct testcase_t dns_tests[];
 
-static struct testgroup_t testgroups[] = {
+struct testgroup_t testgroups[] = {
   { "", test_array },
-  { "buffer/", buffer_tests },
-  { "socks/", socks_tests },
+  { "accounting/", accounting_tests },
   { "addr/", addr_tests },
-  { "crypto/", crypto_tests },
-  { "container/", container_tests },
-  { "util/", util_tests },
-  { "util/logging/", logging_tests },
+  { "address/", address_tests },
+  { "buffer/", buffer_tests },
   { "cellfmt/", cell_format_tests },
   { "cellqueue/", cell_queue_tests },
-  { "dir/", dir_tests },
-  { "dir/md/", microdesc_tests },
-  { "pt/", pt_tests },
-  { "config/", config_tests },
-  { "replaycache/", replaycache_tests },
-  { "relaycell/", relaycell_tests },
-  { "introduce/", introduce_tests },
+  { "channel/", channel_tests },
+  { "channeltls/", channeltls_tests },
+  { "checkdir/", checkdir_tests },
   { "circuitlist/", circuitlist_tests },
   { "circuitmux/", circuitmux_tests },
-  { "options/", options_tests },
+  { "compat/libevent/", compat_libevent_tests },
+  { "config/", config_tests },
+  { "connection/", connection_tests },
+  { "container/", container_tests },
+  { "control/", controller_tests },
+  { "control/event/", controller_event_tests },
+  { "crypto/", crypto_tests },
+  { "dir/", dir_tests },
+  { "dir_handle_get/", dir_handle_get_tests },
+  { "dir/md/", microdesc_tests },
+  { "entryconn/", entryconn_tests },
+  { "entrynodes/", entrynodes_tests },
+  { "guardfraction/", guardfraction_tests },
   { "extorport/", extorport_tests },
-  { "control/", controller_event_tests },
   { "hs/", hs_tests },
+  { "introduce/", introduce_tests },
+  { "keypin/", keypin_tests },
+  { "link-handshake/", link_handshake_tests },
   { "nodelist/", nodelist_tests },
-  { "routerkeys/", routerkeys_tests },
   { "oom/", oom_tests },
+  { "options/", options_tests },
   { "policy/" , policy_tests },
+  { "procmon/", procmon_tests },
+  { "pt/", pt_tests },
+  { "relay/" , relay_tests },
+  { "relaycell/", relaycell_tests },
+  { "rend_cache/", rend_cache_tests },
+  { "replaycache/", replaycache_tests },
+  { "routerkeys/", routerkeys_tests },
+  { "routerlist/", routerlist_tests },
+  { "routerset/" , routerset_tests },
+  { "scheduler/", scheduler_tests },
+  { "socks/", socks_tests },
   { "status/" , status_tests },
+  { "tortls/", tortls_tests },
+  { "util/", util_tests },
+  { "util/format/", util_format_tests },
+  { "util/logging/", logging_tests },
+  { "util/process/", util_process_tests },
+  { "util/thread/", thread_tests },
+  { "dns/", dns_tests },
   END_OF_GROUPS
 };
 
-/** Main entry point for unit test code: parse the command line, and run
- * some unit tests. */
-int
-main(int c, const char **v)
-{
-  or_options_t *options;
-  char *errmsg = NULL;
-  int i, i_out;
-  int loglevel = LOG_ERR;
-  int accel_crypto = 0;
-
-#ifdef USE_DMALLOC
-  {
-    int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
-    tor_assert(r);
-  }
-#endif
-
-  update_approx_time(time(NULL));
-  options = options_new();
-  tor_threads_init();
-  init_logging();
-
-  for (i_out = i = 1; i < c; ++i) {
-    if (!strcmp(v[i], "--warn")) {
-      loglevel = LOG_WARN;
-    } else if (!strcmp(v[i], "--notice")) {
-      loglevel = LOG_NOTICE;
-    } else if (!strcmp(v[i], "--info")) {
-      loglevel = LOG_INFO;
-    } else if (!strcmp(v[i], "--debug")) {
-      loglevel = LOG_DEBUG;
-    } else if (!strcmp(v[i], "--accel")) {
-      accel_crypto = 1;
-    } else {
-      v[i_out++] = v[i];
-    }
-  }
-  c = i_out;
-
-  {
-    log_severity_list_t s;
-    memset(&s, 0, sizeof(s));
-    set_log_severity_config(loglevel, LOG_ERR, &s);
-    add_stream_log(&s, "", fileno(stdout));
-  }
-
-  options->command = CMD_RUN_UNITTESTS;
-  if (crypto_global_init(accel_crypto, NULL, NULL)) {
-    printf("Can't initialize crypto subsystem; exiting.\n");
-    return 1;
-  }
-  crypto_set_tls_dh_prime(NULL);
-  crypto_seed_rng(1);
-  rep_hist_init();
-  network_init();
-  setup_directory();
-  options_init(options);
-  options->DataDirectory = tor_strdup(temp_dir);
-  options->EntryStatistics = 1;
-  if (set_options(options, &errmsg) < 0) {
-    printf("Failed to set initial options: %s\n", errmsg);
-    tor_free(errmsg);
-    return 1;
-  }
-
-  atexit(remove_directory);
-
-  have_failed = (tinytest_main(c, v, testgroups) != 0);
-
-  free_pregenerated_keys();
-#ifdef USE_DMALLOC
-  tor_free_all(0);
-  dmalloc_log_unfreed();
-#endif
-
-  if (have_failed)
-    return 1;
-  else
-    return 0;
-}
-
diff --git a/src/test/test.h b/src/test/test.h
index b9e4d5bdb4..e618ce1224 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2003, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_TEST_H
@@ -22,25 +22,6 @@
 #define PRETTY_FUNCTION ""
 #endif
 
-#define test_fail_msg(msg) TT_DIE((msg))
-
-#define test_fail() test_fail_msg("Assertion failed.")
-
-#define test_assert(expr) tt_assert(expr)
-
-#define test_eq(expr1, expr2) tt_int_op((expr1), ==, (expr2))
-#define test_eq_ptr(expr1, expr2) tt_ptr_op((expr1), ==, (expr2))
-#define test_neq(expr1, expr2) tt_int_op((expr1), !=, (expr2))
-#define test_neq_ptr(expr1, expr2) tt_ptr_op((expr1), !=, (expr2))
-#define test_streq(expr1, expr2) tt_str_op((expr1), ==, (expr2))
-#define test_strneq(expr1, expr2) tt_str_op((expr1), !=, (expr2))
-
-#define test_mem_op(expr1, op, expr2, len)                              \
-  tt_mem_op((expr1), op, (expr2), (len))
-
-#define test_memeq(expr1, expr2, len) test_mem_op((expr1), ==, (expr2), len)
-#define test_memneq(expr1, expr2, len) test_mem_op((expr1), !=, (expr2), len)
-
 /* As test_mem_op, but decodes 'hex' before comparing.  There must be a
  * local char* variable called mem_op_hex_tmp for this to work. */
 #define test_mem_op_hex(expr1, op, hex)                                 \
@@ -50,15 +31,24 @@
   mem_op_hex_tmp = tor_malloc(length/2);                                \
   tor_assert((length&1)==0);                                            \
   base16_decode(mem_op_hex_tmp, length/2, hex, length);                 \
-  test_mem_op(expr1, op, mem_op_hex_tmp, length/2);                     \
+  tt_mem_op(expr1, op, mem_op_hex_tmp, length/2);                       \
   STMT_END
 
-#define test_memeq_hex(expr1, hex) test_mem_op_hex(expr1, ==, hex)
+#define test_memeq_hex(expr1, hex) test_mem_op_hex(expr1, OP_EQ, hex)
 
 #define tt_double_op(a,op,b)                                            \
-  tt_assert_test_type(a,b,#a" "#op" "#b,double,(val1_ op val2_),"%f",   \
+  tt_assert_test_type(a,b,#a" "#op" "#b,double,(val1_ op val2_),"%g",   \
                       TT_EXIT_TEST_FUNCTION)
 
+/* Declare "double equal" in a sneaky way, so compiler won't complain about
+ * comparing floats with == or !=.  Of course, only do this if you know what
+ * you're doing. */
+#define tt_double_eq(a,b)     \
+  STMT_BEGIN                  \
+  tt_double_op((a), >=, (b)); \
+  tt_double_op((a), <=, (b)); \
+  STMT_END
+
 #ifdef _MSC_VER
 #define U64_PRINTF_TYPE uint64_t
 #define I64_PRINTF_TYPE int64_t
@@ -85,9 +75,6 @@
 const char *get_fname(const char *name);
 crypto_pk_t *pk_generate(int idx);
 
-void legacy_test_helper(void *data);
-extern const struct testcase_setup_t legacy_setup;
-
 #define US2_CONCAT_2__(a, b) a ## __ ## b
 #define US_CONCAT_2__(a, b) a ## _ ## b
 #define US_CONCAT_3__(a, b, c) a ## _ ## b ## _ ## c
@@ -180,5 +167,7 @@ extern const struct testcase_setup_t legacy_setup;
 #define NS_MOCK(name) MOCK(name, NS(name))
 #define NS_UNMOCK(name) UNMOCK(name)
 
+extern const struct testcase_setup_t passthrough_setup;
+
 #endif
 
diff --git a/src/test/test_accounting.c b/src/test/test_accounting.c
new file mode 100644
index 0000000000..7edba988a6
--- /dev/null
+++ b/src/test/test_accounting.c
@@ -0,0 +1,102 @@
+#include "or.h"
+#include "test.h"
+#define HIBERNATE_PRIVATE
+#include "hibernate.h"
+#include "config.h"
+#define STATEFILE_PRIVATE
+#include "statefile.h"
+
+#define NS_MODULE accounting
+
+#define NS_SUBMODULE limits
+
+/*
+ * Test to make sure accounting triggers hibernation
+ * correctly with both sum or max rules set
+ */
+
+static or_state_t *or_state;
+NS_DECL(or_state_t *, get_or_state, (void));
+static or_state_t *
+NS(get_or_state)(void)
+{
+  return or_state;
+}
+
+static void
+test_accounting_limits(void *arg)
+{
+  or_options_t *options = get_options_mutable();
+  time_t fake_time = time(NULL);
+  (void) arg;
+
+  NS_MOCK(get_or_state);
+  or_state = or_state_new();
+
+  options->AccountingMax = 100;
+  options->AccountingRule = ACCT_MAX;
+
+  tor_assert(accounting_is_enabled(options));
+  configure_accounting(fake_time);
+
+  accounting_add_bytes(10, 0, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 0);
+
+  accounting_add_bytes(90, 0, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 1);
+
+  options->AccountingMax = 200;
+  options->AccountingRule = ACCT_SUM;
+
+  accounting_add_bytes(0, 10, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 0);
+
+  accounting_add_bytes(0, 90, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 1);
+
+  options->AccountingRule = ACCT_OUT;
+
+  accounting_add_bytes(100, 10, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 0);
+
+  accounting_add_bytes(0, 90, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 1);
+
+  options->AccountingMax = 300;
+  options->AccountingRule = ACCT_IN;
+
+  accounting_add_bytes(10, 100, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 0);
+
+  accounting_add_bytes(90, 0, 1);
+  fake_time += 1;
+  consider_hibernation(fake_time);
+  tor_assert(we_are_hibernating() == 1);
+
+  goto done;
+ done:
+  NS_UNMOCK(get_or_state);
+  or_state_free(or_state);
+}
+
+#undef NS_SUBMODULE
+
+struct testcase_t accounting_tests[] = {
+  { "bwlimits", test_accounting_limits, TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index 2c126e6d14..56e79d707a 100644
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define ADDRESSMAP_PRIVATE
@@ -10,49 +10,50 @@
 #include "addressmap.h"
 
 static void
-test_addr_basic(void)
+test_addr_basic(void *arg)
 {
   uint32_t u32;
   uint16_t u16;
   char *cp;
 
   /* Test addr_port_lookup */
+  (void)arg;
   cp = NULL; u32 = 3; u16 = 3;
-  test_assert(!addr_port_lookup(LOG_WARN, "1.2.3.4", &cp, &u32, &u16));
-  test_streq(cp, "1.2.3.4");
-  test_eq(u32, 0x01020304u);
-  test_eq(u16, 0);
+  tt_assert(!addr_port_lookup(LOG_WARN, "1.2.3.4", &cp, &u32, &u16));
+  tt_str_op(cp,OP_EQ, "1.2.3.4");
+  tt_int_op(u32,OP_EQ, 0x01020304u);
+  tt_int_op(u16,OP_EQ, 0);
   tor_free(cp);
-  test_assert(!addr_port_lookup(LOG_WARN, "4.3.2.1:99", &cp, &u32, &u16));
-  test_streq(cp, "4.3.2.1");
-  test_eq(u32, 0x04030201u);
-  test_eq(u16, 99);
+  tt_assert(!addr_port_lookup(LOG_WARN, "4.3.2.1:99", &cp, &u32, &u16));
+  tt_str_op(cp,OP_EQ, "4.3.2.1");
+  tt_int_op(u32,OP_EQ, 0x04030201u);
+  tt_int_op(u16,OP_EQ, 99);
   tor_free(cp);
-  test_assert(!addr_port_lookup(LOG_WARN, "nonexistent.address:4040",
+  tt_assert(!addr_port_lookup(LOG_WARN, "nonexistent.address:4040",
                                &cp, NULL, &u16));
-  test_streq(cp, "nonexistent.address");
-  test_eq(u16, 4040);
+  tt_str_op(cp,OP_EQ, "nonexistent.address");
+  tt_int_op(u16,OP_EQ, 4040);
   tor_free(cp);
-  test_assert(!addr_port_lookup(LOG_WARN, "localhost:9999", &cp, &u32, &u16));
-  test_streq(cp, "localhost");
-  test_eq(u32, 0x7f000001u);
-  test_eq(u16, 9999);
+  tt_assert(!addr_port_lookup(LOG_WARN, "localhost:9999", &cp, &u32, &u16));
+  tt_str_op(cp,OP_EQ, "localhost");
+  tt_int_op(u32,OP_EQ, 0x7f000001u);
+  tt_int_op(u16,OP_EQ, 9999);
   tor_free(cp);
   u32 = 3;
-  test_assert(!addr_port_lookup(LOG_WARN, "localhost", NULL, &u32, &u16));
-  test_eq_ptr(cp, NULL);
-  test_eq(u32, 0x7f000001u);
-  test_eq(u16, 0);
+  tt_assert(!addr_port_lookup(LOG_WARN, "localhost", NULL, &u32, &u16));
+  tt_ptr_op(cp,OP_EQ, NULL);
+  tt_int_op(u32,OP_EQ, 0x7f000001u);
+  tt_int_op(u16,OP_EQ, 0);
   tor_free(cp);
 
-  test_assert(addr_port_lookup(LOG_WARN, "localhost:3", &cp, &u32, NULL));
+  tt_assert(addr_port_lookup(LOG_WARN, "localhost:3", &cp, &u32, NULL));
   tor_free(cp);
 
-  test_eq(0, addr_mask_get_bits(0x0u));
-  test_eq(32, addr_mask_get_bits(0xFFFFFFFFu));
-  test_eq(16, addr_mask_get_bits(0xFFFF0000u));
-  test_eq(31, addr_mask_get_bits(0xFFFFFFFEu));
-  test_eq(1, addr_mask_get_bits(0x80000000u));
+  tt_int_op(0,OP_EQ, addr_mask_get_bits(0x0u));
+  tt_int_op(32,OP_EQ, addr_mask_get_bits(0xFFFFFFFFu));
+  tt_int_op(16,OP_EQ, addr_mask_get_bits(0xFFFF0000u));
+  tt_int_op(31,OP_EQ, addr_mask_get_bits(0xFFFFFFFEu));
+  tt_int_op(1,OP_EQ, addr_mask_get_bits(0x80000000u));
 
   /* Test inet_ntop */
   {
@@ -61,15 +62,16 @@ test_addr_basic(void)
     struct in_addr in;
 
     /* good round trip */
-    test_eq(tor_inet_pton(AF_INET, ip, &in), 1);
-    test_eq_ptr(tor_inet_ntop(AF_INET, &in, tmpbuf, sizeof(tmpbuf)), &tmpbuf);
-    test_streq(tmpbuf, ip);
+    tt_int_op(tor_inet_pton(AF_INET, ip, &in), OP_EQ, 1);
+    tt_ptr_op(tor_inet_ntop(AF_INET, &in, tmpbuf, sizeof(tmpbuf)),
+              OP_EQ, &tmpbuf);
+    tt_str_op(tmpbuf,OP_EQ, ip);
 
     /* just enough buffer length */
-    test_streq(tor_inet_ntop(AF_INET, &in, tmpbuf, strlen(ip) + 1), ip);
+    tt_str_op(tor_inet_ntop(AF_INET, &in, tmpbuf, strlen(ip) + 1), OP_EQ, ip);
 
     /* too short buffer */
-    test_eq_ptr(tor_inet_ntop(AF_INET, &in, tmpbuf, strlen(ip)), NULL);
+    tt_ptr_op(tor_inet_ntop(AF_INET, &in, tmpbuf, strlen(ip)),OP_EQ, NULL);
   }
 
  done:
@@ -96,67 +98,68 @@ test_addr_basic(void)
 
 /** Helper: Assert that two strings both decode as IPv6 addresses with
  * tor_inet_pton(), and both decode to the same address. */
-#define test_pton6_same(a,b) STMT_BEGIN                \
-     test_eq(tor_inet_pton(AF_INET6, a, &a1), 1);      \
-     test_eq(tor_inet_pton(AF_INET6, b, &a2), 1);      \
-     test_op_ip6_(&a1,==,&a2,#a,#b);                   \
+#define test_pton6_same(a,b) STMT_BEGIN                 \
+     tt_int_op(tor_inet_pton(AF_INET6, a, &a1), OP_EQ, 1); \
+     tt_int_op(tor_inet_pton(AF_INET6, b, &a2), OP_EQ, 1); \
+     test_op_ip6_(&a1,OP_EQ,&a2,#a,#b);                    \
   STMT_END
 
 /** Helper: Assert that <b>a</b> is recognized as a bad IPv6 address by
  * tor_inet_pton(). */
 #define test_pton6_bad(a)                       \
-  test_eq(0, tor_inet_pton(AF_INET6, a, &a1))
+  tt_int_op(0, OP_EQ, tor_inet_pton(AF_INET6, a, &a1))
 
 /** Helper: assert that <b>a</b>, when parsed by tor_inet_pton() and displayed
  * with tor_inet_ntop(), yields <b>b</b>. Also assert that <b>b</b> parses to
  * the same value as <b>a</b>. */
-#define test_ntop6_reduces(a,b) STMT_BEGIN                              \
-    test_eq(tor_inet_pton(AF_INET6, a, &a1), 1);                        \
-    test_streq(tor_inet_ntop(AF_INET6, &a1, buf, sizeof(buf)), b);      \
-    test_eq(tor_inet_pton(AF_INET6, b, &a2), 1);                        \
-    test_op_ip6_(&a1, ==, &a2, a, b);                                   \
+#define test_ntop6_reduces(a,b) STMT_BEGIN                          \
+  tt_int_op(tor_inet_pton(AF_INET6, a, &a1), OP_EQ, 1);                \
+  tt_str_op(tor_inet_ntop(AF_INET6, &a1, buf, sizeof(buf)), OP_EQ, b); \
+  tt_int_op(tor_inet_pton(AF_INET6, b, &a2), OP_EQ, 1);     \
+  test_op_ip6_(&a1, OP_EQ, &a2, a, b);                      \
   STMT_END
 
 /** Helper: assert that <b>a</b> parses by tor_inet_pton() into a address that
  * passes tor_addr_is_internal() with <b>for_listening</b>. */
 #define test_internal_ip(a,for_listening) STMT_BEGIN           \
-    test_eq(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), 1); \
+    tt_int_op(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), OP_EQ, 1); \
     t1.family = AF_INET6;                                      \
     if (!tor_addr_is_internal(&t1, for_listening))             \
-      test_fail_msg( a "was not internal.");                   \
+      TT_DIE(("%s was not internal", a));                      \
   STMT_END
 
 /** Helper: assert that <b>a</b> parses by tor_inet_pton() into a address that
  * does not pass tor_addr_is_internal() with <b>for_listening</b>. */
 #define test_external_ip(a,for_listening) STMT_BEGIN           \
-    test_eq(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), 1); \
+    tt_int_op(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), OP_EQ, 1); \
     t1.family = AF_INET6;                                      \
     if (tor_addr_is_internal(&t1, for_listening))              \
-      test_fail_msg(a  "was not external.");                   \
+      TT_DIE(("%s was not internal", a));                      \
   STMT_END
 
 /** Helper: Assert that <b>a</b> and <b>b</b>, when parsed by
  * tor_inet_pton(), give addresses that compare in the order defined by
  * <b>op</b> with tor_addr_compare(). */
 #define test_addr_compare(a, op, b) STMT_BEGIN                    \
-    test_eq(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), 1);    \
-    test_eq(tor_inet_pton(AF_INET6, b, &t2.addr.in6_addr), 1);    \
+    tt_int_op(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), OP_EQ, 1); \
+    tt_int_op(tor_inet_pton(AF_INET6, b, &t2.addr.in6_addr), OP_EQ, 1); \
     t1.family = t2.family = AF_INET6;                             \
     r = tor_addr_compare(&t1,&t2,CMP_SEMANTIC);                   \
     if (!(r op 0))                                                \
-      test_fail_msg("failed: tor_addr_compare("a","b") "#op" 0"); \
+      TT_DIE(("Failed: tor_addr_compare(%s,%s) %s 0", a, b, #op));\
   STMT_END
 
 /** Helper: Assert that <b>a</b> and <b>b</b>, when parsed by
  * tor_inet_pton(), give addresses that compare in the order defined by
  * <b>op</b> with tor_addr_compare_masked() with <b>m</b> masked. */
 #define test_addr_compare_masked(a, op, b, m) STMT_BEGIN          \
-    test_eq(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), 1);    \
-    test_eq(tor_inet_pton(AF_INET6, b, &t2.addr.in6_addr), 1);    \
+    tt_int_op(tor_inet_pton(AF_INET6, a, &t1.addr.in6_addr), OP_EQ, 1);    \
+    tt_int_op(tor_inet_pton(AF_INET6, b, &t2.addr.in6_addr), OP_EQ, 1);    \
     t1.family = t2.family = AF_INET6;                             \
     r = tor_addr_compare_masked(&t1,&t2,m,CMP_SEMANTIC);          \
     if (!(r op 0))                                                \
-      test_fail_msg("failed: tor_addr_compare_masked("a","b","#m") "#op" 0"); \
+      TT_DIE(("Failed: tor_addr_compare_masked(%s,%s,%d) %s 0", \
+              a, b, m, #op));                                   \
   STMT_END
 
 /** Helper: assert that <b>xx</b> is parseable as a masked IPv6 address with
@@ -165,21 +168,21 @@ test_addr_basic(void)
  * as <b>pt1..pt2</b>. */
 #define test_addr_mask_ports_parse(xx, f, ip1, ip2, ip3, ip4, mm, pt1, pt2) \
   STMT_BEGIN                                                                \
-    test_eq(tor_addr_parse_mask_ports(xx, 0, &t1, &mask, &port1, &port2),   \
-            f);                                                             \
+    tt_int_op(tor_addr_parse_mask_ports(xx, 0, &t1, &mask, &port1, &port2),   \
+              OP_EQ, f);                                                   \
     p1=tor_inet_ntop(AF_INET6, &t1.addr.in6_addr, bug, sizeof(bug));        \
-    test_eq(htonl(ip1), tor_addr_to_in6_addr32(&t1)[0]);            \
-    test_eq(htonl(ip2), tor_addr_to_in6_addr32(&t1)[1]);            \
-    test_eq(htonl(ip3), tor_addr_to_in6_addr32(&t1)[2]);            \
-    test_eq(htonl(ip4), tor_addr_to_in6_addr32(&t1)[3]);            \
-    test_eq(mask, mm);                                     \
-    test_eq(port1, pt1);                                   \
-    test_eq(port2, pt2);                                   \
+    tt_int_op(htonl(ip1), OP_EQ, tor_addr_to_in6_addr32(&t1)[0]);            \
+    tt_int_op(htonl(ip2), OP_EQ, tor_addr_to_in6_addr32(&t1)[1]);            \
+    tt_int_op(htonl(ip3), OP_EQ, tor_addr_to_in6_addr32(&t1)[2]);            \
+    tt_int_op(htonl(ip4), OP_EQ, tor_addr_to_in6_addr32(&t1)[3]);            \
+    tt_int_op(mask, OP_EQ, mm);                     \
+    tt_uint_op(port1, OP_EQ, pt1);                  \
+    tt_uint_op(port2, OP_EQ, pt2);                  \
   STMT_END
 
 /** Run unit tests for IPv6 encoding/decoding/manipulation functions. */
 static void
-test_addr_ip6_helpers(void)
+test_addr_ip6_helpers(void *arg)
 {
   char buf[TOR_ADDR_BUF_LEN], bug[TOR_ADDR_BUF_LEN];
   char rbuf[REVERSE_LOOKUP_NAME_BUF_LEN];
@@ -194,28 +197,29 @@ test_addr_ip6_helpers(void)
   struct sockaddr_in6 *sin6;
 
   /* Test tor_inet_ntop and tor_inet_pton: IPv6 */
+  (void)arg;
   {
     const char *ip = "2001::1234";
     const char *ip_ffff = "::ffff:192.168.1.2";
 
     /* good round trip */
-    test_eq(tor_inet_pton(AF_INET6, ip, &a1), 1);
-    test_eq_ptr(tor_inet_ntop(AF_INET6, &a1, buf, sizeof(buf)), &buf);
-    test_streq(buf, ip);
+    tt_int_op(tor_inet_pton(AF_INET6, ip, &a1),OP_EQ, 1);
+    tt_ptr_op(tor_inet_ntop(AF_INET6, &a1, buf, sizeof(buf)),OP_EQ, &buf);
+    tt_str_op(buf,OP_EQ, ip);
 
     /* good round trip - ::ffff:0:0 style */
-    test_eq(tor_inet_pton(AF_INET6, ip_ffff, &a2), 1);
-    test_eq_ptr(tor_inet_ntop(AF_INET6, &a2, buf, sizeof(buf)), &buf);
-    test_streq(buf, ip_ffff);
+    tt_int_op(tor_inet_pton(AF_INET6, ip_ffff, &a2),OP_EQ, 1);
+    tt_ptr_op(tor_inet_ntop(AF_INET6, &a2, buf, sizeof(buf)),OP_EQ, &buf);
+    tt_str_op(buf,OP_EQ, ip_ffff);
 
     /* just long enough buffer (remember \0) */
-    test_streq(tor_inet_ntop(AF_INET6, &a1, buf, strlen(ip)+1), ip);
-    test_streq(tor_inet_ntop(AF_INET6, &a2, buf, strlen(ip_ffff)+1),
+    tt_str_op(tor_inet_ntop(AF_INET6, &a1, buf, strlen(ip)+1),OP_EQ, ip);
+    tt_str_op(tor_inet_ntop(AF_INET6, &a2, buf, strlen(ip_ffff)+1),OP_EQ,
                ip_ffff);
 
     /* too short buffer (remember \0) */
-    test_eq_ptr(tor_inet_ntop(AF_INET6, &a1, buf, strlen(ip)), NULL);
-    test_eq_ptr(tor_inet_ntop(AF_INET6, &a2, buf, strlen(ip_ffff)), NULL);
+    tt_ptr_op(tor_inet_ntop(AF_INET6, &a1, buf, strlen(ip)),OP_EQ, NULL);
+    tt_ptr_op(tor_inet_ntop(AF_INET6, &a2, buf, strlen(ip_ffff)),OP_EQ, NULL);
   }
 
   /* ==== Converting to and from sockaddr_t. */
@@ -224,16 +228,16 @@ test_addr_ip6_helpers(void)
   sin->sin_port = htons(9090);
   sin->sin_addr.s_addr = htonl(0x7f7f0102); /*127.127.1.2*/
   tor_addr_from_sockaddr(&t1, (struct sockaddr *)sin, &port1);
-  test_eq(tor_addr_family(&t1), AF_INET);
-  test_eq(tor_addr_to_ipv4h(&t1), 0x7f7f0102);
-  tt_int_op(port1, ==, 9090);
+  tt_int_op(tor_addr_family(&t1),OP_EQ, AF_INET);
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ, 0x7f7f0102);
+  tt_int_op(port1, OP_EQ, 9090);
 
   memset(&sa_storage, 0, sizeof(sa_storage));
-  test_eq(sizeof(struct sockaddr_in),
+  tt_int_op(sizeof(struct sockaddr_in),OP_EQ,
           tor_addr_to_sockaddr(&t1, 1234, (struct sockaddr *)&sa_storage,
                                sizeof(sa_storage)));
-  test_eq(1234, ntohs(sin->sin_port));
-  test_eq(0x7f7f0102, ntohl(sin->sin_addr.s_addr));
+  tt_int_op(1234,OP_EQ, ntohs(sin->sin_port));
+  tt_int_op(0x7f7f0102,OP_EQ, ntohl(sin->sin_addr.s_addr));
 
   memset(&sa_storage, 0, sizeof(sa_storage));
   sin6 = (struct sockaddr_in6 *)&sa_storage;
@@ -241,37 +245,37 @@ test_addr_ip6_helpers(void)
   sin6->sin6_port = htons(7070);
   sin6->sin6_addr.s6_addr[0] = 128;
   tor_addr_from_sockaddr(&t1, (struct sockaddr *)sin6, &port1);
-  test_eq(tor_addr_family(&t1), AF_INET6);
-  tt_int_op(port1, ==, 7070);
+  tt_int_op(tor_addr_family(&t1),OP_EQ, AF_INET6);
+  tt_int_op(port1, OP_EQ, 7070);
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 0);
-  test_streq(p1, "8000::");
+  tt_str_op(p1,OP_EQ, "8000::");
 
   memset(&sa_storage, 0, sizeof(sa_storage));
-  test_eq(sizeof(struct sockaddr_in6),
+  tt_int_op(sizeof(struct sockaddr_in6),OP_EQ,
           tor_addr_to_sockaddr(&t1, 9999, (struct sockaddr *)&sa_storage,
                                sizeof(sa_storage)));
-  test_eq(AF_INET6, sin6->sin6_family);
-  test_eq(9999, ntohs(sin6->sin6_port));
-  test_eq(0x80000000, ntohl(S6_ADDR32(sin6->sin6_addr)[0]));
+  tt_int_op(AF_INET6,OP_EQ, sin6->sin6_family);
+  tt_int_op(9999,OP_EQ, ntohs(sin6->sin6_port));
+  tt_int_op(0x80000000,OP_EQ, ntohl(S6_ADDR32(sin6->sin6_addr)[0]));
 
   /* ==== tor_addr_lookup: static cases.  (Can't test dns without knowing we
    * have a good resolver. */
-  test_eq(0, tor_addr_lookup("127.128.129.130", AF_UNSPEC, &t1));
-  test_eq(AF_INET, tor_addr_family(&t1));
-  test_eq(tor_addr_to_ipv4h(&t1), 0x7f808182);
+  tt_int_op(0,OP_EQ, tor_addr_lookup("127.128.129.130", AF_UNSPEC, &t1));
+  tt_int_op(AF_INET,OP_EQ, tor_addr_family(&t1));
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ, 0x7f808182);
 
-  test_eq(0, tor_addr_lookup("9000::5", AF_UNSPEC, &t1));
-  test_eq(AF_INET6, tor_addr_family(&t1));
-  test_eq(0x90, tor_addr_to_in6_addr8(&t1)[0]);
-  test_assert(tor_mem_is_zero((char*)tor_addr_to_in6_addr8(&t1)+1, 14));
-  test_eq(0x05, tor_addr_to_in6_addr8(&t1)[15]);
+  tt_int_op(0,OP_EQ, tor_addr_lookup("9000::5", AF_UNSPEC, &t1));
+  tt_int_op(AF_INET6,OP_EQ, tor_addr_family(&t1));
+  tt_int_op(0x90,OP_EQ, tor_addr_to_in6_addr8(&t1)[0]);
+  tt_assert(tor_mem_is_zero((char*)tor_addr_to_in6_addr8(&t1)+1, 14));
+  tt_int_op(0x05,OP_EQ, tor_addr_to_in6_addr8(&t1)[15]);
 
   /* === Test pton: valid af_inet6 */
   /* Simple, valid parsing. */
   r = tor_inet_pton(AF_INET6,
                     "0102:0304:0506:0708:090A:0B0C:0D0E:0F10", &a1);
-  test_assert(r==1);
-  for (i=0;i<16;++i) { test_eq(i+1, (int)a1.s6_addr[i]); }
+  tt_int_op(r, OP_EQ, 1);
+  for (i=0;i<16;++i) { tt_int_op(i+1,OP_EQ, (int)a1.s6_addr[i]); }
   /* ipv4 ending. */
   test_pton6_same("0102:0304:0506:0708:090A:0B0C:0D0E:0F10",
                   "0102:0304:0506:0708:090A:0B0C:13.14.15.16");
@@ -298,6 +302,7 @@ test_addr_ip6_helpers(void)
 
   //test_ntop6_reduces("0:0:0:0:0:0:c0a8:0101", "::192.168.1.1");
   test_ntop6_reduces("0:0:0:0:0:ffff:c0a8:0101", "::ffff:192.168.1.1");
+  test_ntop6_reduces("0:0:0:0:0:0:c0a8:0101", "::192.168.1.1");
   test_ntop6_reduces("002:0:0000:0:3::4", "2::3:0:0:4");
   test_ntop6_reduces("0:0::1:0:3", "::1:0:3");
   test_ntop6_reduces("008:0::0", "8::");
@@ -311,7 +316,7 @@ test_addr_ip6_helpers(void)
                      "1000:1:0:7::");
 
   /* Bad af param */
-  test_eq(tor_inet_pton(AF_UNSPEC, 0, 0), -1);
+  tt_int_op(tor_inet_pton(AF_UNSPEC, 0, 0),OP_EQ, -1);
 
   /* === Test pton: invalid in6. */
   test_pton6_bad("foobar.");
@@ -416,132 +421,134 @@ test_addr_ip6_helpers(void)
   test_external_ip("::ffff:169.255.0.0", 0);
 
   /* tor_addr_compare(tor_addr_t x2) */
-  test_addr_compare("ffff::", ==, "ffff::0");
-  test_addr_compare("0::3:2:1", <, "0::ffff:0.3.2.1");
-  test_addr_compare("0::2:2:1", <, "0::ffff:0.3.2.1");
-  test_addr_compare("0::ffff:0.3.2.1", >, "0::0:0:0");
-  test_addr_compare("0::ffff:5.2.2.1", <, "::ffff:6.0.0.0"); /* XXXX wrong. */
+  test_addr_compare("ffff::", OP_EQ, "ffff::0");
+  test_addr_compare("0::3:2:1", OP_LT, "0::ffff:0.3.2.1");
+  test_addr_compare("0::2:2:1", OP_LT, "0::ffff:0.3.2.1");
+  test_addr_compare("0::ffff:0.3.2.1", OP_GT, "0::0:0:0");
+  test_addr_compare("0::ffff:5.2.2.1", OP_LT,
+                    "::ffff:6.0.0.0"); /* XXXX wrong. */
   tor_addr_parse_mask_ports("[::ffff:2.3.4.5]", 0, &t1, NULL, NULL, NULL);
   tor_addr_parse_mask_ports("2.3.4.5", 0, &t2, NULL, NULL, NULL);
-  test_assert(tor_addr_compare(&t1, &t2, CMP_SEMANTIC) == 0);
+  tt_assert(tor_addr_compare(&t1, &t2, CMP_SEMANTIC) == 0);
   tor_addr_parse_mask_ports("[::ffff:2.3.4.4]", 0, &t1, NULL, NULL, NULL);
   tor_addr_parse_mask_ports("2.3.4.5", 0, &t2, NULL, NULL, NULL);
-  test_assert(tor_addr_compare(&t1, &t2, CMP_SEMANTIC) < 0);
+  tt_assert(tor_addr_compare(&t1, &t2, CMP_SEMANTIC) < 0);
 
   /* test compare_masked */
-  test_addr_compare_masked("ffff::", ==, "ffff::0", 128);
-  test_addr_compare_masked("ffff::", ==, "ffff::0", 64);
-  test_addr_compare_masked("0::2:2:1", <, "0::8000:2:1", 81);
-  test_addr_compare_masked("0::2:2:1", ==, "0::8000:2:1", 80);
+  test_addr_compare_masked("ffff::", OP_EQ, "ffff::0", 128);
+  test_addr_compare_masked("ffff::", OP_EQ, "ffff::0", 64);
+  test_addr_compare_masked("0::2:2:1", OP_LT, "0::8000:2:1", 81);
+  test_addr_compare_masked("0::2:2:1", OP_EQ, "0::8000:2:1", 80);
 
   /* Test undecorated tor_addr_to_str */
-  test_eq(AF_INET6, tor_addr_parse(&t1, "[123:45:6789::5005:11]"));
+  tt_int_op(AF_INET6,OP_EQ, tor_addr_parse(&t1, "[123:45:6789::5005:11]"));
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 0);
-  test_streq(p1, "123:45:6789::5005:11");
-  test_eq(AF_INET, tor_addr_parse(&t1, "18.0.0.1"));
+  tt_str_op(p1,OP_EQ, "123:45:6789::5005:11");
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&t1, "18.0.0.1"));
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 0);
-  test_streq(p1, "18.0.0.1");
+  tt_str_op(p1,OP_EQ, "18.0.0.1");
 
   /* Test decorated tor_addr_to_str */
-  test_eq(AF_INET6, tor_addr_parse(&t1, "[123:45:6789::5005:11]"));
+  tt_int_op(AF_INET6,OP_EQ, tor_addr_parse(&t1, "[123:45:6789::5005:11]"));
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 1);
-  test_streq(p1, "[123:45:6789::5005:11]");
-  test_eq(AF_INET, tor_addr_parse(&t1, "18.0.0.1"));
+  tt_str_op(p1,OP_EQ, "[123:45:6789::5005:11]");
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&t1, "18.0.0.1"));
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 1);
-  test_streq(p1, "18.0.0.1");
+  tt_str_op(p1,OP_EQ, "18.0.0.1");
 
   /* Test buffer bounds checking of tor_addr_to_str */
-  test_eq(AF_INET6, tor_addr_parse(&t1, "::")); /* 2 + \0 */
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 2, 0), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 3, 0), "::");
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 4, 1), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 5, 1), "[::]");
-
-  test_eq(AF_INET6, tor_addr_parse(&t1, "2000::1337")); /* 10 + \0 */
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 10, 0), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 11, 0), "2000::1337");
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 12, 1), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 13, 1), "[2000::1337]");
-
-  test_eq(AF_INET, tor_addr_parse(&t1, "1.2.3.4")); /* 7 + \0 */
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 7, 0), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 8, 0), "1.2.3.4");
-
-  test_eq(AF_INET, tor_addr_parse(&t1, "255.255.255.255")); /* 15 + \0 */
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 15, 0), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 16, 0), "255.255.255.255");
-  test_eq_ptr(tor_addr_to_str(buf, &t1, 15, 1), NULL); /* too short buf */
-  test_streq(tor_addr_to_str(buf, &t1, 16, 1), "255.255.255.255");
+  tt_int_op(AF_INET6,OP_EQ, tor_addr_parse(&t1, "::")); /* 2 + \0 */
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 2, 0),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 3, 0),OP_EQ, "::");
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 4, 1),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 5, 1),OP_EQ, "[::]");
+
+  tt_int_op(AF_INET6,OP_EQ, tor_addr_parse(&t1, "2000::1337")); /* 10 + \0 */
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 10, 0),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 11, 0),OP_EQ, "2000::1337");
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 12, 1),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 13, 1),OP_EQ, "[2000::1337]");
+
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&t1, "1.2.3.4")); /* 7 + \0 */
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 7, 0),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 8, 0),OP_EQ, "1.2.3.4");
+
+  tt_int_op(AF_INET, OP_EQ,
+            tor_addr_parse(&t1, "255.255.255.255")); /* 15 + \0 */
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 15, 0),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 16, 0),OP_EQ, "255.255.255.255");
+  tt_ptr_op(tor_addr_to_str(buf, &t1, 15, 1),OP_EQ, NULL); /* too short buf */
+  tt_str_op(tor_addr_to_str(buf, &t1, 16, 1),OP_EQ, "255.255.255.255");
 
   t1.family = AF_UNSPEC;
-  test_eq_ptr(tor_addr_to_str(buf, &t1, sizeof(buf), 0), NULL);
+  tt_ptr_op(tor_addr_to_str(buf, &t1, sizeof(buf), 0),OP_EQ, NULL);
 
   /* Test tor_addr_parse_PTR_name */
   i = tor_addr_parse_PTR_name(&t1, "Foobar.baz", AF_UNSPEC, 0);
-  test_eq(0, i);
+  tt_int_op(0,OP_EQ, i);
   i = tor_addr_parse_PTR_name(&t1, "Foobar.baz", AF_UNSPEC, 1);
-  test_eq(0, i);
+  tt_int_op(0,OP_EQ, i);
   i = tor_addr_parse_PTR_name(&t1, "9999999999999999999999999999.in-addr.arpa",
                               AF_UNSPEC, 1);
-  test_eq(-1, i);
+  tt_int_op(-1,OP_EQ, i);
   i = tor_addr_parse_PTR_name(&t1, "1.0.168.192.in-addr.arpa",
                                          AF_UNSPEC, 1);
-  test_eq(1, i);
-  test_eq(tor_addr_family(&t1), AF_INET);
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(tor_addr_family(&t1),OP_EQ, AF_INET);
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 1);
-  test_streq(p1, "192.168.0.1");
+  tt_str_op(p1,OP_EQ, "192.168.0.1");
   i = tor_addr_parse_PTR_name(&t1, "192.168.0.99", AF_UNSPEC, 0);
-  test_eq(0, i);
+  tt_int_op(0,OP_EQ, i);
   i = tor_addr_parse_PTR_name(&t1, "192.168.0.99", AF_UNSPEC, 1);
-  test_eq(1, i);
+  tt_int_op(1,OP_EQ, i);
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 1);
-  test_streq(p1, "192.168.0.99");
+  tt_str_op(p1,OP_EQ, "192.168.0.99");
   memset(&t1, 0, sizeof(t1));
   i = tor_addr_parse_PTR_name(&t1,
                                          "0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f."
                                          "f.e.e.b.1.e.b.e.e.f.f.e.e.e.d.9."
                                          "ip6.ARPA",
                                          AF_UNSPEC, 0);
-  test_eq(1, i);
+  tt_int_op(1,OP_EQ, i);
   p1 = tor_addr_to_str(buf, &t1, sizeof(buf), 1);
-  test_streq(p1, "[9dee:effe:ebe1:beef:fedc:ba98:7654:3210]");
+  tt_str_op(p1,OP_EQ, "[9dee:effe:ebe1:beef:fedc:ba98:7654:3210]");
   /* Failing cases. */
   i = tor_addr_parse_PTR_name(&t1,
                                          "6.7.8.9.a.b.c.d.e.f."
                                          "f.e.e.b.1.e.b.e.e.f.f.e.e.e.d.9."
                                          "ip6.ARPA",
                                          AF_UNSPEC, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1,
                                          "6.7.8.9.a.b.c.d.e.f.a.b.c.d.e.f.0."
                                          "f.e.e.b.1.e.b.e.e.f.f.e.e.e.d.9."
                                          "ip6.ARPA",
                                          AF_UNSPEC, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1,
                                          "6.7.8.9.a.b.c.d.e.f.X.0.0.0.0.9."
                                          "f.e.e.b.1.e.b.e.e.f.f.e.e.e.d.9."
                                          "ip6.ARPA",
                                          AF_UNSPEC, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1, "32.1.1.in-addr.arpa",
                                          AF_UNSPEC, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1, ".in-addr.arpa",
                                          AF_UNSPEC, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1, "1.2.3.4.5.in-addr.arpa",
                                          AF_UNSPEC, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1, "1.2.3.4.5.in-addr.arpa",
                                          AF_INET6, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
   i = tor_addr_parse_PTR_name(&t1,
                                          "6.7.8.9.a.b.c.d.e.f.a.b.c.d.e.0."
                                          "f.e.e.b.1.e.b.e.e.f.f.e.e.e.d.9."
                                          "ip6.ARPA",
                                          AF_INET, 0);
-  test_eq(i, -1);
+  tt_int_op(i,OP_EQ, -1);
 
   /* === Test tor_addr_to_PTR_name */
 
@@ -553,19 +560,19 @@ test_addr_ip6_helpers(void)
   tor_addr_from_sockaddr(&t1, (struct sockaddr *)sin, NULL);
 
   /* Check IPv4 PTR - too short buffer */
-  test_eq(tor_addr_to_PTR_name(rbuf, 1, &t1), -1);
-  test_eq(tor_addr_to_PTR_name(rbuf,
+  tt_int_op(tor_addr_to_PTR_name(rbuf, 1, &t1),OP_EQ, -1);
+  tt_int_op(tor_addr_to_PTR_name(rbuf,
                                strlen("3.2.1.127.in-addr.arpa") - 1,
-                               &t1), -1);
+                               &t1),OP_EQ, -1);
 
   /* Check IPv4 PTR - valid addr */
-  test_eq(tor_addr_to_PTR_name(rbuf, sizeof(rbuf), &t1),
+  tt_int_op(tor_addr_to_PTR_name(rbuf, sizeof(rbuf), &t1),OP_EQ,
           strlen("3.2.1.127.in-addr.arpa"));
-  test_streq(rbuf, "3.2.1.127.in-addr.arpa");
+  tt_str_op(rbuf,OP_EQ, "3.2.1.127.in-addr.arpa");
 
   /* Invalid addr family */
   t1.family = AF_UNSPEC;
-  test_eq(tor_addr_to_PTR_name(rbuf, sizeof(rbuf), &t1), -1);
+  tt_int_op(tor_addr_to_PTR_name(rbuf, sizeof(rbuf), &t1),OP_EQ, -1);
 
   /* Stage IPv6 addr */
   memset(&sa_storage, 0, sizeof(sa_storage));
@@ -582,153 +589,152 @@ test_addr_ip6_helpers(void)
       "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.ip6.arpa";
 
     /* Check IPv6 PTR - too short buffer */
-    test_eq(tor_addr_to_PTR_name(rbuf, 0, &t1), -1);
-    test_eq(tor_addr_to_PTR_name(rbuf, strlen(addr_PTR) - 1, &t1), -1);
+    tt_int_op(tor_addr_to_PTR_name(rbuf, 0, &t1),OP_EQ, -1);
+    tt_int_op(tor_addr_to_PTR_name(rbuf, strlen(addr_PTR) - 1, &t1),OP_EQ, -1);
 
     /* Check IPv6 PTR - valid addr */
-    test_eq(tor_addr_to_PTR_name(rbuf, sizeof(rbuf), &t1),
+    tt_int_op(tor_addr_to_PTR_name(rbuf, sizeof(rbuf), &t1),OP_EQ,
             strlen(addr_PTR));
-    test_streq(rbuf, addr_PTR);
+    tt_str_op(rbuf,OP_EQ, addr_PTR);
   }
 
   /* XXXX turn this into a separate function; it's not all IPv6. */
   /* test tor_addr_parse_mask_ports */
   test_addr_mask_ports_parse("[::f]/17:47-95", AF_INET6,
                              0, 0, 0, 0x0000000f, 17, 47, 95);
-  test_streq(p1, "::f");
+  tt_str_op(p1,OP_EQ, "::f");
   //test_addr_parse("[::fefe:4.1.1.7/120]:999-1000");
   //test_addr_parse_check("::fefe:401:107", 120, 999, 1000);
   test_addr_mask_ports_parse("[::ffff:4.1.1.7]/120:443", AF_INET6,
                              0, 0, 0x0000ffff, 0x04010107, 120, 443, 443);
-  test_streq(p1, "::ffff:4.1.1.7");
+  tt_str_op(p1,OP_EQ, "::ffff:4.1.1.7");
   test_addr_mask_ports_parse("[abcd:2::44a:0]:2-65000", AF_INET6,
                              0xabcd0002, 0, 0, 0x044a0000, 128, 2, 65000);
 
-  test_streq(p1, "abcd:2::44a:0");
+  tt_str_op(p1,OP_EQ, "abcd:2::44a:0");
   /* Try some long addresses. */
   r=tor_addr_parse_mask_ports("[ffff:1111:1111:1111:1111:1111:1111:1111]",
                               0, &t1, NULL, NULL, NULL);
-  test_assert(r == AF_INET6);
+  tt_assert(r == AF_INET6);
   r=tor_addr_parse_mask_ports("[ffff:1111:1111:1111:1111:1111:1111:11111]",
                               0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[ffff:1111:1111:1111:1111:1111:1111:1111:1]",
                               0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports(
          "[ffff:1111:1111:1111:1111:1111:1111:ffff:"
          "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:"
          "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:"
          "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]",
          0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   /* Try some failing cases. */
   r=tor_addr_parse_mask_ports("[fefef::]/112", 0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[fefe::/112", 0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[fefe::", 0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[fefe::X]", 0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("efef::/112", 0, &t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[f:f:f:f:f:f:f:f::]",0,&t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[::f:f:f:f:f:f:f:f]",0,&t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[f:f:f:f:f:f:f:f:f]",0,&t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[f:f:f:f:f::]/fred",0,&t1,&mask, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("[f:f:f:f:f::]/255.255.0.0",
                               0,&t1, NULL, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   /* This one will get rejected because it isn't a pure prefix. */
   r=tor_addr_parse_mask_ports("1.1.2.3/255.255.64.0",0,&t1, &mask,NULL,NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   /* Test for V4-mapped address with mask < 96.  (arguably not valid) */
   r=tor_addr_parse_mask_ports("[::ffff:1.1.2.2/33]",0,&t1, &mask, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("1.1.2.2/33",0,&t1, &mask, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   /* Try extended wildcard addresses with out TAPMP_EXTENDED_STAR*/
   r=tor_addr_parse_mask_ports("*4",0,&t1, &mask, NULL, NULL);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r=tor_addr_parse_mask_ports("*6",0,&t1, &mask, NULL, NULL);
-  test_assert(r == -1);
-#if 0
+  tt_int_op(r, OP_EQ, -1);
+  tt_assert(r == -1);
   /* Try a mask with a wildcard. */
   r=tor_addr_parse_mask_ports("*/16",0,&t1, &mask, NULL, NULL);
-  test_assert(r == -1);
+  tt_assert(r == -1);
   r=tor_addr_parse_mask_ports("*4/16",TAPMP_EXTENDED_STAR,
                               &t1, &mask, NULL, NULL);
-  test_assert(r == -1);
+  tt_assert(r == -1);
   r=tor_addr_parse_mask_ports("*6/30",TAPMP_EXTENDED_STAR,
                               &t1, &mask, NULL, NULL);
-  test_assert(r == -1);
-#endif
+  tt_assert(r == -1);
   /* Basic mask tests*/
   r=tor_addr_parse_mask_ports("1.1.2.2/31",0,&t1, &mask, NULL, NULL);
-  test_assert(r == AF_INET);
-  tt_int_op(mask,==,31);
-  tt_int_op(tor_addr_family(&t1),==,AF_INET);
-  tt_int_op(tor_addr_to_ipv4h(&t1),==,0x01010202);
+  tt_assert(r == AF_INET);
+  tt_int_op(mask,OP_EQ,31);
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET);
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ,0x01010202);
   r=tor_addr_parse_mask_ports("3.4.16.032:1-2",0,&t1, &mask, &port1, &port2);
-  test_assert(r == AF_INET);
-  tt_int_op(mask,==,32);
-  tt_int_op(tor_addr_family(&t1),==,AF_INET);
-  tt_int_op(tor_addr_to_ipv4h(&t1),==,0x03041020);
-  test_assert(port1 == 1);
-  test_assert(port2 == 2);
+  tt_assert(r == AF_INET);
+  tt_int_op(mask,OP_EQ,32);
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET);
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ,0x03041020);
+  tt_assert(port1 == 1);
+  tt_assert(port2 == 2);
   r=tor_addr_parse_mask_ports("1.1.2.3/255.255.128.0",0,&t1, &mask,NULL,NULL);
-  test_assert(r == AF_INET);
-  tt_int_op(mask,==,17);
-  tt_int_op(tor_addr_family(&t1),==,AF_INET);
-  tt_int_op(tor_addr_to_ipv4h(&t1),==,0x01010203);
+  tt_assert(r == AF_INET);
+  tt_int_op(mask,OP_EQ,17);
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET);
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ,0x01010203);
   r=tor_addr_parse_mask_ports("[efef::]/112",0,&t1, &mask, &port1, &port2);
-  test_assert(r == AF_INET6);
-  test_assert(port1 == 1);
-  test_assert(port2 == 65535);
+  tt_assert(r == AF_INET6);
+  tt_assert(port1 == 1);
+  tt_assert(port2 == 65535);
   /* Try regular wildcard behavior without TAPMP_EXTENDED_STAR */
   r=tor_addr_parse_mask_ports("*:80-443",0,&t1,&mask,&port1,&port2);
-  tt_int_op(r,==,AF_INET); /* Old users of this always get inet */
-  tt_int_op(tor_addr_family(&t1),==,AF_INET);
-  tt_int_op(tor_addr_to_ipv4h(&t1),==,0);
-  tt_int_op(mask,==,0);
-  tt_int_op(port1,==,80);
-  tt_int_op(port2,==,443);
+  tt_int_op(r,OP_EQ,AF_INET); /* Old users of this always get inet */
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET);
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ,0);
+  tt_int_op(mask,OP_EQ,0);
+  tt_int_op(port1,OP_EQ,80);
+  tt_int_op(port2,OP_EQ,443);
   /* Now try wildcards *with* TAPMP_EXTENDED_STAR */
   r=tor_addr_parse_mask_ports("*:8000-9000",TAPMP_EXTENDED_STAR,
                               &t1,&mask,&port1,&port2);
-  tt_int_op(r,==,AF_UNSPEC);
-  tt_int_op(tor_addr_family(&t1),==,AF_UNSPEC);
-  tt_int_op(mask,==,0);
-  tt_int_op(port1,==,8000);
-  tt_int_op(port2,==,9000);
+  tt_int_op(r,OP_EQ,AF_UNSPEC);
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_UNSPEC);
+  tt_int_op(mask,OP_EQ,0);
+  tt_int_op(port1,OP_EQ,8000);
+  tt_int_op(port2,OP_EQ,9000);
   r=tor_addr_parse_mask_ports("*4:6667",TAPMP_EXTENDED_STAR,
                               &t1,&mask,&port1,&port2);
-  tt_int_op(r,==,AF_INET);
-  tt_int_op(tor_addr_family(&t1),==,AF_INET);
-  tt_int_op(tor_addr_to_ipv4h(&t1),==,0);
-  tt_int_op(mask,==,0);
-  tt_int_op(port1,==,6667);
-  tt_int_op(port2,==,6667);
+  tt_int_op(r,OP_EQ,AF_INET);
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET);
+  tt_int_op(tor_addr_to_ipv4h(&t1),OP_EQ,0);
+  tt_int_op(mask,OP_EQ,0);
+  tt_int_op(port1,OP_EQ,6667);
+  tt_int_op(port2,OP_EQ,6667);
   r=tor_addr_parse_mask_ports("*6",TAPMP_EXTENDED_STAR,
                               &t1,&mask,&port1,&port2);
-  tt_int_op(r,==,AF_INET6);
-  tt_int_op(tor_addr_family(&t1),==,AF_INET6);
+  tt_int_op(r,OP_EQ,AF_INET6);
+  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET6);
   tt_assert(tor_mem_is_zero((const char*)tor_addr_to_in6_addr32(&t1), 16));
-  tt_int_op(mask,==,0);
-  tt_int_op(port1,==,1);
-  tt_int_op(port2,==,65535);
+  tt_int_op(mask,OP_EQ,0);
+  tt_int_op(port1,OP_EQ,1);
+  tt_int_op(port2,OP_EQ,65535);
 
   /* make sure inet address lengths >= max */
-  test_assert(INET_NTOA_BUF_LEN >= sizeof("255.255.255.255"));
-  test_assert(TOR_ADDR_BUF_LEN >=
+  tt_assert(INET_NTOA_BUF_LEN >= sizeof("255.255.255.255"));
+  tt_assert(TOR_ADDR_BUF_LEN >=
               sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"));
 
-  test_assert(sizeof(tor_addr_t) >= sizeof(struct in6_addr));
+  tt_assert(sizeof(tor_addr_t) >= sizeof(struct in6_addr));
 
   /* get interface addresses */
   r = get_interface_address6(LOG_DEBUG, AF_INET, &t1);
@@ -745,7 +751,7 @@ test_addr_ip6_helpers(void)
 
 /** Test tor_addr_port_parse(). */
 static void
-test_addr_parse(void)
+test_addr_parse(void *arg)
 {
   int r;
   tor_addr_t addr;
@@ -753,90 +759,91 @@ test_addr_parse(void)
   uint16_t port = 0;
 
   /* Correct call. */
+  (void)arg;
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.1:1234",
                          &addr, &port, -1);
-  test_assert(r == 0);
+  tt_int_op(r, OP_EQ, 0);
   tor_addr_to_str(buf, &addr, sizeof(buf), 0);
-  test_streq(buf, "192.0.2.1");
-  test_eq(port, 1234);
+  tt_str_op(buf,OP_EQ, "192.0.2.1");
+  tt_int_op(port,OP_EQ, 1234);
 
   r= tor_addr_port_parse(LOG_DEBUG,
                          "[::1]:1234",
                          &addr, &port, -1);
-  test_assert(r == 0);
+  tt_int_op(r, OP_EQ, 0);
   tor_addr_to_str(buf, &addr, sizeof(buf), 0);
-  test_streq(buf, "::1");
-  test_eq(port, 1234);
+  tt_str_op(buf,OP_EQ, "::1");
+  tt_int_op(port,OP_EQ, 1234);
 
   /* Domain name. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org:1234",
                          &addr, &port, -1);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Only IP. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2",
                          &addr, &port, -1);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
 
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2",
                          &addr, &port, 200);
-  test_assert(r == 0);
-  tt_int_op(port,==,200);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(port,OP_EQ,200);
 
   r= tor_addr_port_parse(LOG_DEBUG,
                          "[::1]",
                          &addr, &port, -1);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
 
   r= tor_addr_port_parse(LOG_DEBUG,
                          "[::1]",
                          &addr, &port, 400);
-  test_assert(r == 0);
-  tt_int_op(port,==,400);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(port,OP_EQ,400);
 
   /* Bad port. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2:66666",
                          &addr, &port, -1);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2:66666",
                          &addr, &port, 200);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Only domain name */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org",
                          &addr, &port, -1);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org",
                          &addr, &port, 200);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Bad IP address */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2:1234",
                          &addr, &port, -1);
-  test_assert(r == -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Make sure that the default port has lower priority than the real
      one */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2:1337",
                          &addr, &port, 200);
-  test_assert(r == 0);
-  tt_int_op(port,==,1337);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(port,OP_EQ,1337);
 
   r= tor_addr_port_parse(LOG_DEBUG,
                          "[::1]:1369",
                          &addr, &port, 200);
-  test_assert(r == 0);
-  tt_int_op(port,==,1369);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(port,OP_EQ,1369);
 
  done:
   ;
@@ -891,7 +898,7 @@ test_virtaddrmap(void *data)
         get_random_virtual_addr(&cfg[ipv6], &a);
         //printf("%s\n", fmt_addr(&a));
         /* Make sure that the first b bits match the configured network */
-        tt_int_op(0, ==, tor_addr_compare_masked(&a, &cfg[ipv6].addr,
+        tt_int_op(0, OP_EQ, tor_addr_compare_masked(&a, &cfg[ipv6].addr,
                                                  bits, CMP_EXACT));
 
         /* And track which bits have been different between pairs of
@@ -935,7 +942,7 @@ test_addr_dup_ip(void *arg)
   (void)arg;
 #define CHECK(ip, s) do {                         \
     v = tor_dup_ip(ip);                           \
-    tt_str_op(v,==,(s));                          \
+    tt_str_op(v,OP_EQ,(s));                          \
     tor_free(v);                                  \
   } while (0)
 
@@ -961,7 +968,7 @@ test_addr_sockaddr_to_str(void *arg)
 #endif
 #define CHECK(sa, s) do {                                       \
     v = tor_sockaddr_to_str((const struct sockaddr*) &(sa));    \
-    tt_str_op(v,==,(s));                                        \
+    tt_str_op(v,OP_EQ,(s));                                        \
     tor_free(v);                                                \
   } while (0)
   (void)arg;
@@ -1018,12 +1025,13 @@ test_addr_is_loopback(void *data)
   (void)data;
 
   for (i=0; loopback_items[i].name; ++i) {
-    tt_int_op(tor_addr_parse(&addr, loopback_items[i].name), >=, 0);
-    tt_int_op(tor_addr_is_loopback(&addr), ==, loopback_items[i].is_loopback);
+    tt_int_op(tor_addr_parse(&addr, loopback_items[i].name), OP_GE, 0);
+    tt_int_op(tor_addr_is_loopback(&addr), OP_EQ,
+              loopback_items[i].is_loopback);
   }
 
   tor_addr_make_unspec(&addr);
-  tt_int_op(tor_addr_is_loopback(&addr), ==, 0);
+  tt_int_op(tor_addr_is_loopback(&addr), OP_EQ, 0);
 
  done:
   ;
@@ -1038,25 +1046,25 @@ test_addr_make_null(void *data)
   (void) data;
   /* Ensure that before tor_addr_make_null, addr != 0's */
   memset(addr, 1, sizeof(*addr));
-  tt_int_op(memcmp(addr, zeros, sizeof(*addr)), !=, 0);
+  tt_int_op(memcmp(addr, zeros, sizeof(*addr)), OP_NE, 0);
   /* Test with AF == AF_INET */
   zeros->family = AF_INET;
   tor_addr_make_null(addr, AF_INET);
-  tt_int_op(memcmp(addr, zeros, sizeof(*addr)), ==, 0);
-  tt_str_op(tor_addr_to_str(buf, addr, sizeof(buf), 0), ==, "0.0.0.0");
+  tt_int_op(memcmp(addr, zeros, sizeof(*addr)), OP_EQ, 0);
+  tt_str_op(tor_addr_to_str(buf, addr, sizeof(buf), 0), OP_EQ, "0.0.0.0");
   /* Test with AF == AF_INET6 */
   memset(addr, 1, sizeof(*addr));
   zeros->family = AF_INET6;
   tor_addr_make_null(addr, AF_INET6);
-  tt_int_op(memcmp(addr, zeros, sizeof(*addr)), ==, 0);
-  tt_str_op(tor_addr_to_str(buf, addr, sizeof(buf), 0), ==, "::");
+  tt_int_op(memcmp(addr, zeros, sizeof(*addr)), OP_EQ, 0);
+  tt_str_op(tor_addr_to_str(buf, addr, sizeof(buf), 0), OP_EQ, "::");
  done:
   tor_free(addr);
   tor_free(zeros);
 }
 
 #define ADDR_LEGACY(name)                                               \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_addr_ ## name }
+  { #name, test_addr_ ## name , 0, NULL, NULL }
 
 struct testcase_t addr_tests[] = {
   ADDR_LEGACY(basic),
diff --git a/src/test/test_address.c b/src/test/test_address.c
new file mode 100644
index 0000000000..3e5af56c52
--- /dev/null
+++ b/src/test/test_address.c
@@ -0,0 +1,1137 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define ADDRESS_PRIVATE
+
+#include "orconfig.h"
+
+#ifdef _WIN32
+#include <winsock2.h>
+/* For access to structs needed by GetAdaptersAddresses */
+#include <iphlpapi.h>
+#endif
+
+#ifdef HAVE_IFADDRS_TO_SMARTLIST
+#include <net/if.h>
+#include <ifaddrs.h>
+#endif
+
+#ifdef HAVE_IFCONF_TO_SMARTLIST
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+#include <net/if.h>
+#endif
+
+#include "or.h"
+#include "address.h"
+#include "test.h"
+
+/** Return 1 iff <b>sockaddr1</b> and <b>sockaddr2</b> represent
+ * the same IP address and port combination. Otherwise, return 0.
+ */
+static uint8_t
+sockaddr_in_are_equal(struct sockaddr_in *sockaddr1,
+                      struct sockaddr_in *sockaddr2)
+{
+   return ((sockaddr1->sin_family == sockaddr2->sin_family) &&
+           (sockaddr1->sin_port == sockaddr2->sin_port) &&
+           (sockaddr1->sin_addr.s_addr == sockaddr2->sin_addr.s_addr));
+}
+
+/** Return 1 iff <b>sockaddr1</b> and <b>sockaddr2</b> represent
+ * the same IP address and port combination. Otherwise, return 0.
+ */
+static uint8_t
+sockaddr_in6_are_equal(struct sockaddr_in6 *sockaddr1,
+                       struct sockaddr_in6 *sockaddr2)
+{
+   return ((sockaddr1->sin6_family == sockaddr2->sin6_family) &&
+           (sockaddr1->sin6_port == sockaddr2->sin6_port) &&
+           (tor_memeq(sockaddr1->sin6_addr.s6_addr,
+                      sockaddr2->sin6_addr.s6_addr,16)));
+}
+
+/** Create a sockaddr_in structure from IP address string <b>ip_str</b>.
+ *
+ * If <b>out</b> is not NULL, write the result
+ * to the memory address in <b>out</b>. Otherwise, allocate the memory
+ * for result. On success, return pointer to result. Otherwise, return
+ * NULL.
+ */
+static struct sockaddr_in *
+sockaddr_in_from_string(const char *ip_str, struct sockaddr_in *out)
+{
+  // [FIXME: add some error checking?]
+  if (!out)
+    out = tor_malloc_zero(sizeof(struct sockaddr_in));
+
+  out->sin_family = AF_INET;
+  out->sin_port = 0;
+  tor_inet_pton(AF_INET,ip_str,&(out->sin_addr));
+
+  return out;
+}
+
+/** Return 1 iff <b>smartlist</b> contains a tor_addr_t structure
+ * that is an IPv4 or IPv6 localhost address. Otherwise, return 0.
+ */
+static int
+smartlist_contains_localhost_tor_addr(smartlist_t *smartlist)
+{
+  SMARTLIST_FOREACH_BEGIN(smartlist, tor_addr_t *, tor_addr) {
+    if (tor_addr_is_loopback(tor_addr)) {
+      return 1;
+    }
+  } SMARTLIST_FOREACH_END(tor_addr);
+
+  return 0;
+}
+
+/** Return 1 iff <b>smartlist</b> contains a tor_addr_t structure
+ * that is an IPv4 or IPv6 multicast address. Otherwise, return 0.
+ */
+static int
+smartlist_contains_multicast_tor_addr(smartlist_t *smartlist)
+{
+  SMARTLIST_FOREACH_BEGIN(smartlist, tor_addr_t *, tor_addr) {
+    if (tor_addr_is_multicast(tor_addr)) {
+      return 1;
+    }
+  } SMARTLIST_FOREACH_END(tor_addr);
+
+  return 0;
+}
+
+/** Return 1 iff <b>smartlist</b> contains a tor_addr_t structure
+ * that is an IPv4 or IPv6 internal address. Otherwise, return 0.
+ */
+static int
+smartlist_contains_internal_tor_addr(smartlist_t *smartlist)
+{
+  SMARTLIST_FOREACH_BEGIN(smartlist, tor_addr_t *, tor_addr) {
+    if (tor_addr_is_internal(tor_addr, 0)) {
+      return 1;
+    }
+  } SMARTLIST_FOREACH_END(tor_addr);
+
+  return 0;
+}
+
+/** Return 1 iff <b>smartlist</b> contains a tor_addr_t structure
+ * that is NULL or the null tor_addr_t. Otherwise, return 0.
+ */
+static int
+smartlist_contains_null_tor_addr(smartlist_t *smartlist)
+{
+  SMARTLIST_FOREACH_BEGIN(smartlist, tor_addr_t *, tor_addr) {
+    if (tor_addr == NULL || tor_addr_is_null(tor_addr)) {
+      return 1;
+    }
+  } SMARTLIST_FOREACH_END(tor_addr);
+
+  return 0;
+}
+
+/** Return 1 iff <b>smartlist</b> contains a tor_addr_t structure
+ * that is an IPv4 address. Otherwise, return 0.
+ */
+static int
+smartlist_contains_ipv4_tor_addr(smartlist_t *smartlist)
+{
+  SMARTLIST_FOREACH_BEGIN(smartlist, tor_addr_t *, tor_addr) {
+    if (tor_addr_is_v4(tor_addr)) {
+      return 1;
+    }
+  } SMARTLIST_FOREACH_END(tor_addr);
+
+  return 0;
+}
+
+/** Return 1 iff <b>smartlist</b> contains a tor_addr_t structure
+ * that is an IPv6 address. Otherwise, return 0.
+ */
+static int
+smartlist_contains_ipv6_tor_addr(smartlist_t *smartlist)
+{
+  SMARTLIST_FOREACH_BEGIN(smartlist, tor_addr_t *, tor_addr) {
+    /* Since there's no tor_addr_is_v6, assume all non-v4s are v6 */
+    if (!tor_addr_is_v4(tor_addr)) {
+      return 1;
+    }
+  } SMARTLIST_FOREACH_END(tor_addr);
+
+  return 0;
+}
+
+#ifdef HAVE_IFADDRS_TO_SMARTLIST
+static void
+test_address_ifaddrs_to_smartlist(void *arg)
+{
+   struct ifaddrs *ifa = NULL;
+   struct ifaddrs *ifa_ipv4 = NULL;
+   struct ifaddrs *ifa_ipv6 = NULL;
+   struct sockaddr_in *ipv4_sockaddr_local = NULL;
+   struct sockaddr_in *netmask_slash8 = NULL;
+   struct sockaddr_in *ipv4_sockaddr_remote = NULL;
+   struct sockaddr_in6 *ipv6_sockaddr = NULL;
+   smartlist_t *smartlist = NULL;
+   tor_addr_t *tor_addr = NULL;
+   struct sockaddr *sockaddr_to_check = NULL;
+   socklen_t addr_len;
+
+   (void)arg;
+
+   netmask_slash8 = sockaddr_in_from_string("255.0.0.0",NULL);
+   ipv4_sockaddr_local = sockaddr_in_from_string("127.0.0.1",NULL);
+   ipv4_sockaddr_remote = sockaddr_in_from_string("128.52.160.20",NULL);
+
+   ipv6_sockaddr = tor_malloc(sizeof(struct sockaddr_in6));
+   ipv6_sockaddr->sin6_family = AF_INET6;
+   ipv6_sockaddr->sin6_port = 0;
+   tor_inet_pton(AF_INET6, "2001:db8:8714:3a90::12",
+                 &(ipv6_sockaddr->sin6_addr));
+
+   ifa = tor_malloc(sizeof(struct ifaddrs));
+   ifa_ipv4 = tor_malloc(sizeof(struct ifaddrs));
+   ifa_ipv6 = tor_malloc(sizeof(struct ifaddrs));
+
+   ifa->ifa_next = ifa_ipv4;
+   ifa->ifa_name = tor_strdup("eth0");
+   ifa->ifa_flags = IFF_UP | IFF_RUNNING;
+   ifa->ifa_addr = (struct sockaddr *)ipv4_sockaddr_local;
+   ifa->ifa_netmask = (struct sockaddr *)netmask_slash8;
+   ifa->ifa_dstaddr = NULL;
+   ifa->ifa_data = NULL;
+
+   ifa_ipv4->ifa_next = ifa_ipv6;
+   ifa_ipv4->ifa_name = tor_strdup("eth1");
+   ifa_ipv4->ifa_flags = IFF_UP | IFF_RUNNING;
+   ifa_ipv4->ifa_addr = (struct sockaddr *)ipv4_sockaddr_remote;
+   ifa_ipv4->ifa_netmask = (struct sockaddr *)netmask_slash8;
+   ifa_ipv4->ifa_dstaddr = NULL;
+   ifa_ipv4->ifa_data = NULL;
+
+   ifa_ipv6->ifa_next = NULL;
+   ifa_ipv6->ifa_name = tor_strdup("eth2");
+   ifa_ipv6->ifa_flags = IFF_UP | IFF_RUNNING;
+   ifa_ipv6->ifa_addr = (struct sockaddr *)ipv6_sockaddr;
+   ifa_ipv6->ifa_netmask = NULL;
+   ifa_ipv6->ifa_dstaddr = NULL;
+   ifa_ipv6->ifa_data = NULL;
+
+   smartlist = ifaddrs_to_smartlist(ifa, AF_UNSPEC);
+
+   tt_assert(smartlist);
+   tt_assert(smartlist_len(smartlist) == 3);
+
+   sockaddr_to_check = tor_malloc(sizeof(struct sockaddr_in6));
+
+   tor_addr = smartlist_get(smartlist,0);
+   addr_len =
+   tor_addr_to_sockaddr(tor_addr,0,sockaddr_to_check,
+                        sizeof(struct sockaddr_in));
+
+   tt_int_op(addr_len,==,sizeof(struct sockaddr_in));
+   tt_assert(sockaddr_in_are_equal((struct sockaddr_in *)sockaddr_to_check,
+                                   ipv4_sockaddr_local));
+
+   tor_addr = smartlist_get(smartlist,1);
+   addr_len =
+   tor_addr_to_sockaddr(tor_addr,0,sockaddr_to_check,
+                        sizeof(struct sockaddr_in));
+
+   tt_int_op(addr_len,==,sizeof(struct sockaddr_in));
+   tt_assert(sockaddr_in_are_equal((struct sockaddr_in *)sockaddr_to_check,
+                                   ipv4_sockaddr_remote));
+
+   tor_addr = smartlist_get(smartlist,2);
+   addr_len =
+   tor_addr_to_sockaddr(tor_addr,0,sockaddr_to_check,
+                        sizeof(struct sockaddr_in6));
+
+   tt_int_op(addr_len,==,sizeof(struct sockaddr_in6));
+   tt_assert(sockaddr_in6_are_equal((struct sockaddr_in6*)sockaddr_to_check,
+                                    ipv6_sockaddr));
+
+   done:
+   tor_free(netmask_slash8);
+   tor_free(ipv4_sockaddr_local);
+   tor_free(ipv4_sockaddr_remote);
+   tor_free(ipv6_sockaddr);
+   tor_free(ifa->ifa_name);
+   tor_free(ifa_ipv4->ifa_name);
+   tor_free(ifa_ipv6->ifa_name);
+   tor_free(ifa);
+   tor_free(ifa_ipv4);
+   tor_free(ifa_ipv6);
+   tor_free(sockaddr_to_check);
+   if (smartlist) {
+     SMARTLIST_FOREACH(smartlist, tor_addr_t *, t, tor_free(t));
+     smartlist_free(smartlist);
+   }
+   return;
+}
+
+static void
+test_address_get_if_addrs_ifaddrs(void *arg)
+{
+
+  smartlist_t *results = NULL;
+
+  (void)arg;
+
+  results = get_interface_addresses_ifaddrs(LOG_ERR, AF_UNSPEC);
+
+  tt_assert(results);
+  /* Some FreeBSD jails don't have localhost IP address. Instead, they only
+   * have the address assigned to the jail (whatever that may be).
+   * And a jail without a network connection might not have any addresses at
+   * all. */
+  tt_assert(!smartlist_contains_null_tor_addr(results));
+
+  /* If there are addresses, they must be IPv4 or IPv6 */
+  if (smartlist_len(results) > 0) {
+    tt_assert(smartlist_contains_ipv4_tor_addr(results)
+              || smartlist_contains_ipv6_tor_addr(results));
+  }
+
+  done:
+  if (results) {
+    SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t));
+  }
+  smartlist_free(results);
+  return;
+}
+
+#endif
+
+#ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
+
+static void
+test_address_get_if_addrs_win32(void *arg)
+{
+
+  smartlist_t *results = NULL;
+
+  (void)arg;
+
+  results = get_interface_addresses_win32(LOG_ERR, AF_UNSPEC);
+
+  tt_int_op(smartlist_len(results),>=,1);
+  tt_assert(smartlist_contains_localhost_tor_addr(results));
+  tt_assert(!smartlist_contains_null_tor_addr(results));
+
+  /* If there are addresses, they must be IPv4 or IPv6 */
+  if (smartlist_len(results) > 0) {
+    tt_assert(smartlist_contains_ipv4_tor_addr(results)
+              || smartlist_contains_ipv6_tor_addr(results));
+  }
+
+  done:
+  SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t));
+  tor_free(results);
+  return;
+}
+
+static void
+test_address_ip_adapter_addresses_to_smartlist(void *arg)
+{
+
+  IP_ADAPTER_ADDRESSES *addrs1;
+  IP_ADAPTER_ADDRESSES *addrs2;
+
+  IP_ADAPTER_UNICAST_ADDRESS *unicast11;
+  IP_ADAPTER_UNICAST_ADDRESS *unicast12;
+  IP_ADAPTER_UNICAST_ADDRESS *unicast21;
+
+  smartlist_t *result = NULL;
+
+  struct sockaddr_in *sockaddr_test1;
+  struct sockaddr_in *sockaddr_test2;
+  struct sockaddr_in *sockaddr_localhost;
+  struct sockaddr_in *sockaddr_to_check;
+
+  tor_addr_t *tor_addr;
+
+  (void)arg;
+  (void)sockaddr_in6_are_equal;
+
+  sockaddr_to_check = tor_malloc_zero(sizeof(struct sockaddr_in));
+
+  addrs1 =
+  tor_malloc_zero(sizeof(IP_ADAPTER_ADDRESSES));
+
+  addrs1->FirstUnicastAddress =
+  unicast11 = tor_malloc_zero(sizeof(IP_ADAPTER_UNICAST_ADDRESS));
+  sockaddr_test1 = sockaddr_in_from_string("86.59.30.40",NULL);
+  unicast11->Address.lpSockaddr = (LPSOCKADDR)sockaddr_test1;
+
+  unicast11->Next = unicast12 =
+  tor_malloc_zero(sizeof(IP_ADAPTER_UNICAST_ADDRESS));
+  sockaddr_test2 = sockaddr_in_from_string("93.95.227.222", NULL);
+  unicast12->Address.lpSockaddr = (LPSOCKADDR)sockaddr_test2;
+
+  addrs1->Next = addrs2 =
+  tor_malloc_zero(sizeof(IP_ADAPTER_ADDRESSES));
+
+  addrs2->FirstUnicastAddress =
+  unicast21 = tor_malloc_zero(sizeof(IP_ADAPTER_UNICAST_ADDRESS));
+  sockaddr_localhost = sockaddr_in_from_string("127.0.0.1", NULL);
+  unicast21->Address.lpSockaddr = (LPSOCKADDR)sockaddr_localhost;
+
+  result = ip_adapter_addresses_to_smartlist(addrs1);
+
+  tt_assert(result);
+  tt_assert(smartlist_len(result) == 3);
+
+  tor_addr = smartlist_get(result,0);
+
+  tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check,
+                       sizeof(struct sockaddr_in));
+
+  tt_assert(sockaddr_in_are_equal(sockaddr_test1,sockaddr_to_check));
+
+  tor_addr = smartlist_get(result,1);
+
+  tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check,
+                       sizeof(struct sockaddr_in));
+
+  tt_assert(sockaddr_in_are_equal(sockaddr_test2,sockaddr_to_check));
+
+  tor_addr = smartlist_get(result,2);
+
+  tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check,
+                       sizeof(struct sockaddr_in));
+
+  tt_assert(sockaddr_in_are_equal(sockaddr_localhost,sockaddr_to_check));
+
+  done:
+  SMARTLIST_FOREACH(result, tor_addr_t *, t, tor_free(t));
+  smartlist_free(result);
+  tor_free(addrs1);
+  tor_free(addrs2);
+  tor_free(unicast11->Address.lpSockaddr);
+  tor_free(unicast11);
+  tor_free(unicast12->Address.lpSockaddr);
+  tor_free(unicast12);
+  tor_free(unicast21->Address.lpSockaddr);
+  tor_free(unicast21);
+  tor_free(sockaddr_to_check);
+  return;
+}
+#endif
+
+#ifdef HAVE_IFCONF_TO_SMARTLIST
+
+static void
+test_address_ifreq_to_smartlist(void *arg)
+{
+  smartlist_t *results = NULL;
+  const tor_addr_t *tor_addr = NULL;
+  struct sockaddr_in *sockaddr = NULL;
+  struct sockaddr_in *sockaddr_eth1 = NULL;
+  struct sockaddr_in *sockaddr_to_check = NULL;
+
+  struct ifconf *ifc;
+  struct ifreq *ifr;
+  struct ifreq *ifr_next;
+
+  socklen_t addr_len;
+
+  (void)arg;
+
+  sockaddr_to_check = tor_malloc(sizeof(struct sockaddr_in));
+
+  ifr = tor_malloc(sizeof(struct ifreq));
+  memset(ifr,0,sizeof(struct ifreq));
+  strlcpy(ifr->ifr_name,"lo",3);
+  sockaddr = (struct sockaddr_in *) &(ifr->ifr_ifru.ifru_addr);
+  sockaddr_in_from_string("127.0.0.1",sockaddr);
+
+  ifc = tor_malloc(sizeof(struct ifconf));
+  memset(ifc,0,sizeof(struct ifconf));
+  ifc->ifc_len = sizeof(struct ifreq);
+  ifc->ifc_ifcu.ifcu_req = ifr;
+
+  results = ifreq_to_smartlist(ifc->ifc_buf,ifc->ifc_len);
+  tt_int_op(smartlist_len(results),==,1);
+
+  tor_addr = smartlist_get(results, 0);
+  addr_len =
+  tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check,
+                       sizeof(struct sockaddr_in));
+
+  tt_int_op(addr_len,==,sizeof(struct sockaddr_in));
+  tt_assert(sockaddr_in_are_equal(sockaddr,sockaddr_to_check));
+
+  ifr = tor_realloc(ifr,2*sizeof(struct ifreq));
+  ifr_next = ifr+1;
+  strlcpy(ifr_next->ifr_name,"eth1",5);
+  ifc->ifc_len = 2*sizeof(struct ifreq);
+  ifc->ifc_ifcu.ifcu_req = ifr;
+  sockaddr = (struct sockaddr_in *) &(ifr->ifr_ifru.ifru_addr);
+
+  sockaddr_eth1 = (struct sockaddr_in *) &(ifr_next->ifr_ifru.ifru_addr);
+  sockaddr_in_from_string("192.168.10.55",sockaddr_eth1);
+  SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t));
+  smartlist_free(results);
+
+  results = ifreq_to_smartlist(ifc->ifc_buf,ifc->ifc_len);
+  tt_int_op(smartlist_len(results),==,2);
+
+  tor_addr = smartlist_get(results, 0);
+  addr_len =
+  tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check,
+                       sizeof(struct sockaddr_in));
+
+  tt_int_op(addr_len,==,sizeof(struct sockaddr_in));
+  tt_assert(sockaddr_in_are_equal(sockaddr,sockaddr_to_check));
+
+  tor_addr = smartlist_get(results, 1);
+  addr_len =
+  tor_addr_to_sockaddr(tor_addr,0,(struct sockaddr *)sockaddr_to_check,
+                       sizeof(struct sockaddr_in));
+
+  tt_int_op(addr_len,==,sizeof(struct sockaddr_in));
+  tt_assert(sockaddr_in_are_equal(sockaddr_eth1,sockaddr_to_check));
+
+  done:
+  tor_free(sockaddr_to_check);
+  SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t));
+  smartlist_free(results);
+  tor_free(ifc);
+  tor_free(ifr);
+  return;
+}
+
+static void
+test_address_get_if_addrs_ioctl(void *arg)
+{
+
+  smartlist_t *result = NULL;
+
+  (void)arg;
+
+  result = get_interface_addresses_ioctl(LOG_ERR, AF_INET);
+
+  /* On an IPv6-only system, this will fail and return NULL
+  tt_assert(result);
+  */
+
+  /* Some FreeBSD jails don't have localhost IP address. Instead, they only
+   * have the address assigned to the jail (whatever that may be).
+   * And a jail without a network connection might not have any addresses at
+   * all. */
+  if (result) {
+    tt_assert(!smartlist_contains_null_tor_addr(result));
+
+    /* If there are addresses, they must be IPv4 or IPv6.
+     * (AIX supports IPv6 from SIOCGIFCONF.) */
+    if (smartlist_len(result) > 0) {
+      tt_assert(smartlist_contains_ipv4_tor_addr(result)
+                || smartlist_contains_ipv6_tor_addr(result));
+    }
+  }
+
+ done:
+  if (result) {
+    SMARTLIST_FOREACH(result, tor_addr_t *, t, tor_free(t));
+    smartlist_free(result);
+  }
+  return;
+}
+
+#endif
+
+#define FAKE_SOCKET_FD (42)
+
+static tor_socket_t
+fake_open_socket(int domain, int type, int protocol)
+{
+  (void)domain;
+  (void)type;
+  (void)protocol;
+
+  return FAKE_SOCKET_FD;
+}
+
+static int last_connected_socket_fd = 0;
+
+static int connect_retval = 0;
+
+static tor_socket_t
+pretend_to_connect(tor_socket_t socket, const struct sockaddr *address,
+                   socklen_t address_len)
+{
+  (void)address;
+  (void)address_len;
+
+  last_connected_socket_fd = socket;
+
+  return connect_retval;
+}
+
+static struct sockaddr *mock_addr = NULL;
+
+static int
+fake_getsockname(tor_socket_t socket, struct sockaddr *address,
+                 socklen_t *address_len)
+{
+  socklen_t bytes_to_copy = 0;
+  (void) socket;
+
+  if (!mock_addr)
+    return -1;
+
+  if (mock_addr->sa_family == AF_INET) {
+    bytes_to_copy = sizeof(struct sockaddr_in);
+  } else if (mock_addr->sa_family == AF_INET6) {
+    bytes_to_copy = sizeof(struct sockaddr_in6);
+  } else {
+    return -1;
+  }
+
+  if (*address_len < bytes_to_copy) {
+    return -1;
+  }
+
+  memcpy(address,mock_addr,bytes_to_copy);
+  *address_len = bytes_to_copy;
+
+  return 0;
+}
+
+static void
+test_address_udp_socket_trick_whitebox(void *arg)
+{
+  int hack_retval;
+  tor_addr_t *addr_from_hack = tor_malloc_zero(sizeof(tor_addr_t));
+  struct sockaddr_in6 *mock_addr6;
+  struct sockaddr_in6 *ipv6_to_check =
+  tor_malloc_zero(sizeof(struct sockaddr_in6));
+
+  (void)arg;
+
+  MOCK(tor_open_socket,fake_open_socket);
+  MOCK(tor_connect_socket,pretend_to_connect);
+  MOCK(tor_getsockname,fake_getsockname);
+
+  mock_addr = tor_malloc_zero(sizeof(struct sockaddr_storage));
+  sockaddr_in_from_string("23.32.246.118",(struct sockaddr_in *)mock_addr);
+
+  hack_retval =
+  get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+                                             AF_INET, addr_from_hack);
+
+  tt_int_op(hack_retval,==,0);
+  tt_assert(tor_addr_eq_ipv4h(addr_from_hack, 0x1720f676));
+
+  /* Now, lets do an IPv6 case. */
+  memset(mock_addr,0,sizeof(struct sockaddr_storage));
+
+  mock_addr6 = (struct sockaddr_in6 *)mock_addr;
+  mock_addr6->sin6_family = AF_INET6;
+  mock_addr6->sin6_port = 0;
+  tor_inet_pton(AF_INET6,"2001:cdba::3257:9652",&(mock_addr6->sin6_addr));
+
+  hack_retval =
+  get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+                                             AF_INET6, addr_from_hack);
+
+  tt_int_op(hack_retval,==,0);
+
+  tor_addr_to_sockaddr(addr_from_hack,0,(struct sockaddr *)ipv6_to_check,
+                       sizeof(struct sockaddr_in6));
+
+  tt_assert(sockaddr_in6_are_equal(mock_addr6,ipv6_to_check));
+
+  UNMOCK(tor_open_socket);
+  UNMOCK(tor_connect_socket);
+  UNMOCK(tor_getsockname);
+
+  done:
+  tor_free(ipv6_to_check);
+  tor_free(mock_addr);
+  tor_free(addr_from_hack);
+  return;
+}
+
+static void
+test_address_udp_socket_trick_blackbox(void *arg)
+{
+  /* We want get_interface_address6_via_udp_socket_hack() to yield
+   * the same valid address that get_interface_address6() returns.
+   * If the latter is unable to find a valid address, we want
+   * _hack() to fail and return-1.
+   *
+   * Furthermore, we want _hack() never to crash, even if
+   * get_interface_addresses_raw() is returning NULL.
+   */
+
+  tor_addr_t addr4;
+  tor_addr_t addr4_to_check;
+  tor_addr_t addr6;
+  tor_addr_t addr6_to_check;
+  int retval, retval_reference;
+
+  (void)arg;
+
+#if 0
+  retval_reference = get_interface_address6(LOG_DEBUG,AF_INET,&addr4);
+  retval = get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+                                                      AF_INET,
+                                                      &addr4_to_check);
+
+  tt_int_op(retval,==,retval_reference);
+  tt_assert( (retval == -1 && retval_reference == -1) ||
+             (tor_addr_compare(&addr4,&addr4_to_check,CMP_EXACT) == 0) );
+
+  retval_reference = get_interface_address6(LOG_DEBUG,AF_INET6,&addr6);
+  retval = get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+                                                      AF_INET6,
+                                                      &addr6_to_check);
+
+  tt_int_op(retval,==,retval_reference);
+  tt_assert( (retval == -1 && retval_reference == -1) ||
+             (tor_addr_compare(&addr6,&addr6_to_check,CMP_EXACT) == 0) );
+
+#else
+  /* Both of the blackbox test cases fail horribly if:
+   *  * The host has no external addreses.
+   *  * There are multiple interfaces with either AF_INET or AF_INET6.
+   *  * The last address isn't the one associated with the default route.
+   *
+   * The tests SHOULD be re-enabled when #12377 is fixed correctly, but till
+   * then this fails a lot, in situations we expect failures due to knowing
+   * about the code being broken.
+   */
+
+  (void)addr4_to_check;
+  (void)addr6_to_check;
+  (void)addr6;
+  (void) retval_reference;
+#endif
+
+  /* When family is neither AF_INET nor AF_INET6, we want _hack to
+   * fail and return -1.
+   */
+
+  retval = get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+                                                      AF_INET+AF_INET6,&addr4);
+
+  tt_assert(retval == -1);
+
+  done:
+  return;
+}
+
+static void
+test_address_get_if_addrs_list_internal(void *arg)
+{
+  smartlist_t *results = NULL;
+
+  (void)arg;
+
+  results = get_interface_address_list(LOG_ERR, 1);
+
+  tt_assert(results != NULL);
+  /* When the network is down, a system might not have any non-local
+   * non-multicast addresseses, not even internal ones.
+   * Unit tests shouldn't fail because of this. */
+  tt_int_op(smartlist_len(results),>=,0);
+
+  tt_assert(!smartlist_contains_localhost_tor_addr(results));
+  tt_assert(!smartlist_contains_multicast_tor_addr(results));
+  /* The list may or may not contain internal addresses */
+  tt_assert(!smartlist_contains_null_tor_addr(results));
+
+  /* if there are any addresses, they must be IPv4 */
+  if (smartlist_len(results) > 0) {
+    tt_assert(smartlist_contains_ipv4_tor_addr(results));
+  }
+  tt_assert(!smartlist_contains_ipv6_tor_addr(results));
+
+ done:
+  free_interface_address_list(results);
+  return;
+}
+
+static void
+test_address_get_if_addrs_list_no_internal(void *arg)
+{
+  smartlist_t *results = NULL;
+
+  (void)arg;
+
+  results = get_interface_address_list(LOG_ERR, 0);
+
+  tt_assert(results != NULL);
+  /* Work even on systems with only internal IPv4 addresses */
+  tt_int_op(smartlist_len(results),>=,0);
+
+  tt_assert(!smartlist_contains_localhost_tor_addr(results));
+  tt_assert(!smartlist_contains_multicast_tor_addr(results));
+  tt_assert(!smartlist_contains_internal_tor_addr(results));
+  tt_assert(!smartlist_contains_null_tor_addr(results));
+
+  /* if there are any addresses, they must be IPv4 */
+  if (smartlist_len(results) > 0) {
+    tt_assert(smartlist_contains_ipv4_tor_addr(results));
+  }
+  tt_assert(!smartlist_contains_ipv6_tor_addr(results));
+
+ done:
+  free_interface_address_list(results);
+  return;
+}
+
+static void
+test_address_get_if_addrs6_list_internal(void *arg)
+{
+  smartlist_t *results = NULL;
+
+  (void)arg;
+
+  results = get_interface_address6_list(LOG_ERR, AF_INET6, 1);
+
+  tt_assert(results != NULL);
+  /* Work even on systems without IPv6 interfaces */
+  tt_int_op(smartlist_len(results),>=,0);
+
+  tt_assert(!smartlist_contains_localhost_tor_addr(results));
+  tt_assert(!smartlist_contains_multicast_tor_addr(results));
+  /* The list may or may not contain internal addresses */
+  tt_assert(!smartlist_contains_null_tor_addr(results));
+
+  /* if there are any addresses, they must be IPv6 */
+  tt_assert(!smartlist_contains_ipv4_tor_addr(results));
+  if (smartlist_len(results) > 0) {
+    tt_assert(smartlist_contains_ipv6_tor_addr(results));
+  }
+
+ done:
+  free_interface_address6_list(results);
+  return;
+}
+
+static void
+test_address_get_if_addrs6_list_no_internal(void *arg)
+{
+  smartlist_t *results = NULL;
+
+  (void)arg;
+
+  results = get_interface_address6_list(LOG_ERR, AF_INET6, 0);
+
+  tt_assert(results != NULL);
+  /* Work even on systems without IPv6 interfaces */
+  tt_int_op(smartlist_len(results),>=,0);
+
+  tt_assert(!smartlist_contains_localhost_tor_addr(results));
+  tt_assert(!smartlist_contains_multicast_tor_addr(results));
+  tt_assert(!smartlist_contains_internal_tor_addr(results));
+  tt_assert(!smartlist_contains_null_tor_addr(results));
+
+  /* if there are any addresses, they must be IPv6 */
+  tt_assert(!smartlist_contains_ipv4_tor_addr(results));
+  if (smartlist_len(results) > 0) {
+    tt_assert(smartlist_contains_ipv6_tor_addr(results));
+  }
+
+ done:
+  free_interface_address6_list(results);
+  return;
+}
+
+static int called_get_interface_addresses_raw = 0;
+
+static smartlist_t *
+mock_get_interface_addresses_raw_fail(int severity, sa_family_t family)
+{
+  (void)severity;
+  (void)family;
+
+  called_get_interface_addresses_raw++;
+  return smartlist_new();
+}
+
+static int called_get_interface_address6_via_udp_socket_hack = 0;
+
+static int
+mock_get_interface_address6_via_udp_socket_hack_fail(int severity,
+                                                     sa_family_t family,
+                                                     tor_addr_t *addr)
+{
+  (void)severity;
+  (void)family;
+  (void)addr;
+
+  called_get_interface_address6_via_udp_socket_hack++;
+  return -1;
+}
+
+static void
+test_address_get_if_addrs_internal_fail(void *arg)
+{
+  smartlist_t *results1 = NULL, *results2 = NULL;
+  int rv = 0;
+  uint32_t ipv4h_addr = 0;
+  tor_addr_t ipv6_addr;
+
+  memset(&ipv6_addr, 0, sizeof(tor_addr_t));
+
+  (void)arg;
+
+  MOCK(get_interface_addresses_raw,
+       mock_get_interface_addresses_raw_fail);
+  MOCK(get_interface_address6_via_udp_socket_hack,
+       mock_get_interface_address6_via_udp_socket_hack_fail);
+
+  results1 = get_interface_address6_list(LOG_ERR, AF_INET6, 1);
+  tt_assert(results1 != NULL);
+  tt_int_op(smartlist_len(results1),==,0);
+
+  results2 = get_interface_address_list(LOG_ERR, 1);
+  tt_assert(results2 != NULL);
+  tt_int_op(smartlist_len(results2),==,0);
+
+  rv = get_interface_address6(LOG_ERR, AF_INET6, &ipv6_addr);
+  tt_assert(rv == -1);
+
+  rv = get_interface_address(LOG_ERR, &ipv4h_addr);
+  tt_assert(rv == -1);
+
+ done:
+  UNMOCK(get_interface_addresses_raw);
+  UNMOCK(get_interface_address6_via_udp_socket_hack);
+  free_interface_address6_list(results1);
+  free_interface_address6_list(results2);
+  return;
+}
+
+static void
+test_address_get_if_addrs_no_internal_fail(void *arg)
+{
+  smartlist_t *results1 = NULL, *results2 = NULL;
+
+  (void)arg;
+
+  MOCK(get_interface_addresses_raw,
+       mock_get_interface_addresses_raw_fail);
+  MOCK(get_interface_address6_via_udp_socket_hack,
+       mock_get_interface_address6_via_udp_socket_hack_fail);
+
+  results1 = get_interface_address6_list(LOG_ERR, AF_INET6, 0);
+  tt_assert(results1 != NULL);
+  tt_int_op(smartlist_len(results1),==,0);
+
+  results2 = get_interface_address_list(LOG_ERR, 0);
+  tt_assert(results2 != NULL);
+  tt_int_op(smartlist_len(results2),==,0);
+
+ done:
+  UNMOCK(get_interface_addresses_raw);
+  UNMOCK(get_interface_address6_via_udp_socket_hack);
+  free_interface_address6_list(results1);
+  free_interface_address6_list(results2);
+  return;
+}
+
+static void
+test_address_get_if_addrs(void *arg)
+{
+  int rv;
+  uint32_t addr_h = 0;
+  tor_addr_t tor_addr;
+
+  (void)arg;
+
+  rv = get_interface_address(LOG_ERR, &addr_h);
+
+  /* When the network is down, a system might not have any non-local
+   * non-multicast IPv4 addresses, not even internal ones.
+   * Unit tests shouldn't fail because of this. */
+  if (rv == 0) {
+    tor_addr_from_ipv4h(&tor_addr, addr_h);
+
+    tt_assert(!tor_addr_is_loopback(&tor_addr));
+    tt_assert(!tor_addr_is_multicast(&tor_addr));
+    /* The address may or may not be an internal address */
+
+    tt_assert(tor_addr_is_v4(&tor_addr));
+  }
+
+ done:
+  return;
+}
+
+static void
+test_address_get_if_addrs6(void *arg)
+{
+  int rv;
+  tor_addr_t tor_addr;
+
+  (void)arg;
+
+  rv = get_interface_address6(LOG_ERR, AF_INET6, &tor_addr);
+
+  /* Work even on systems without IPv6 interfaces */
+  if (rv == 0) {
+    tt_assert(!tor_addr_is_loopback(&tor_addr));
+    tt_assert(!tor_addr_is_multicast(&tor_addr));
+    /* The address may or may not be an internal address */
+
+    tt_assert(!tor_addr_is_v4(&tor_addr));
+  }
+
+ done:
+  return;
+}
+
+static void
+test_address_tor_addr_to_in6(void *ignored)
+{
+  (void)ignored;
+  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
+  const struct in6_addr *res;
+  uint8_t expected[16] = {42, 1, 2, 3, 4, 5, 6, 7, 8, 9,
+                          10, 11, 12, 13, 14, 15};
+
+  a->family = AF_INET;
+  res = tor_addr_to_in6(a);
+  tt_assert(!res);
+
+  a->family = AF_INET6;
+  memcpy(a->addr.in6_addr.s6_addr, expected, 16);
+  res = tor_addr_to_in6(a);
+  tt_assert(res);
+  tt_mem_op(res->s6_addr, OP_EQ, expected, 16);
+
+ done:
+  tor_free(a);
+}
+
+static void
+test_address_tor_addr_to_in(void *ignored)
+{
+  (void)ignored;
+  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
+  const struct in_addr *res;
+
+  a->family = AF_INET6;
+  res = tor_addr_to_in(a);
+  tt_assert(!res);
+
+  a->family = AF_INET;
+  a->addr.in_addr.s_addr = 44;
+  res = tor_addr_to_in(a);
+  tt_assert(res);
+  tt_int_op(res->s_addr, OP_EQ, 44);
+
+ done:
+  tor_free(a);
+}
+
+static void
+test_address_tor_addr_to_ipv4n(void *ignored)
+{
+  (void)ignored;
+  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
+  uint32_t res;
+
+  a->family = AF_INET6;
+  res = tor_addr_to_ipv4n(a);
+  tt_assert(!res);
+
+  a->family = AF_INET;
+  a->addr.in_addr.s_addr = 43;
+  res = tor_addr_to_ipv4n(a);
+  tt_assert(res);
+  tt_int_op(res, OP_EQ, 43);
+
+ done:
+  tor_free(a);
+}
+
+static void
+test_address_tor_addr_to_mapped_ipv4h(void *ignored)
+{
+  (void)ignored;
+  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
+  uint32_t res;
+  uint8_t toset[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 0, 0, 0, 42};
+
+  a->family = AF_INET;
+  res = tor_addr_to_mapped_ipv4h(a);
+  tt_assert(!res);
+
+  a->family = AF_INET6;
+
+  memcpy(a->addr.in6_addr.s6_addr, toset, 16);
+  res = tor_addr_to_mapped_ipv4h(a);
+  tt_assert(res);
+  tt_int_op(res, OP_EQ, 42);
+
+ done:
+  tor_free(a);
+}
+
+static void
+test_address_tor_addr_eq_ipv4h(void *ignored)
+{
+  (void)ignored;
+  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
+  int res;
+
+  a->family = AF_INET6;
+  res = tor_addr_eq_ipv4h(a, 42);
+  tt_assert(!res);
+
+  a->family = AF_INET;
+  a->addr.in_addr.s_addr = 52;
+  res = tor_addr_eq_ipv4h(a, 42);
+  tt_assert(!res);
+
+  a->addr.in_addr.s_addr = 52;
+  res = tor_addr_eq_ipv4h(a, ntohl(52));
+  tt_assert(res);
+
+ done:
+  tor_free(a);
+}
+
+#define ADDRESS_TEST(name, flags) \
+  { #name, test_address_ ## name, flags, NULL, NULL }
+
+struct testcase_t address_tests[] = {
+  ADDRESS_TEST(udp_socket_trick_whitebox, TT_FORK),
+  ADDRESS_TEST(udp_socket_trick_blackbox, TT_FORK),
+  ADDRESS_TEST(get_if_addrs_list_internal, 0),
+  ADDRESS_TEST(get_if_addrs_list_no_internal, 0),
+  ADDRESS_TEST(get_if_addrs6_list_internal, 0),
+  ADDRESS_TEST(get_if_addrs6_list_no_internal, 0),
+  ADDRESS_TEST(get_if_addrs_internal_fail, 0),
+  ADDRESS_TEST(get_if_addrs_no_internal_fail, 0),
+  ADDRESS_TEST(get_if_addrs, 0),
+  ADDRESS_TEST(get_if_addrs6, 0),
+#ifdef HAVE_IFADDRS_TO_SMARTLIST
+  ADDRESS_TEST(get_if_addrs_ifaddrs, TT_FORK),
+  ADDRESS_TEST(ifaddrs_to_smartlist, 0),
+#endif
+#ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
+  ADDRESS_TEST(get_if_addrs_win32, TT_FORK),
+  ADDRESS_TEST(ip_adapter_addresses_to_smartlist, 0),
+#endif
+#ifdef HAVE_IFCONF_TO_SMARTLIST
+  ADDRESS_TEST(get_if_addrs_ioctl, TT_FORK),
+  ADDRESS_TEST(ifreq_to_smartlist, 0),
+#endif
+  ADDRESS_TEST(tor_addr_to_in6, 0),
+  ADDRESS_TEST(tor_addr_to_in, 0),
+  ADDRESS_TEST(tor_addr_to_ipv4n, 0),
+  ADDRESS_TEST(tor_addr_to_mapped_ipv4h, 0),
+  ADDRESS_TEST(tor_addr_eq_ipv4h, 0),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_bt.sh b/src/test/test_bt.sh
new file mode 100755
index 0000000000..033acac955
--- /dev/null
+++ b/src/test/test_bt.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Test backtrace functionality.
+
+exitcode=0
+
+"${builddir:-.}/src/test/test-bt-cl" backtraces || exit $?
+"${builddir:-.}/src/test/test-bt-cl" assert | "${PYTHON:-python}" "${abs_top_srcdir:-.}/src/test/bt_test.py" || exitcode="$?"
+"${builddir:-.}/src/test/test-bt-cl" crash  | "${PYTHON:-python}" "${abs_top_srcdir:-.}/src/test/bt_test.py" || exitcode="$?"
+
+exit ${exitcode}
diff --git a/src/test/test_bt_cl.c b/src/test/test_bt_cl.c
index 45ae82fb85..2f5e50fbf5 100644
--- a/src/test/test_bt_cl.c
+++ b/src/test/test_bt_cl.c
@@ -1,10 +1,12 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
 #include <stdio.h>
 #include <stdlib.h>
 
+/* To prevent 'assert' from going away. */
+#undef TOR_COVERAGE
 #include "or.h"
 #include "util.h"
 #include "backtrace.h"
@@ -30,7 +32,12 @@ int
 crash(int x)
 {
   if (crashtype == 0) {
+#if defined(__clang_analyzer__) || defined(__COVERITY__)
+    tor_assert(1 == 0); /* Avert your eyes, clangalyzer and coverity!  You
+                         * don't need to see us dereference NULL. */
+#else
     *(volatile int *)0 = 0;
+#endif
   } else if (crashtype == 1) {
     tor_assert(1 == 0);
   } else if (crashtype == -1) {
@@ -77,21 +84,30 @@ main(int argc, char **argv)
 
   if (argc < 2) {
     puts("I take an argument. It should be \"assert\" or \"crash\" or "
-         "\"none\"");
+         "\"backtraces\" or \"none\"");
     return 1;
   }
+
+#if !(defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
+   defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION))
+    puts("Backtrace reporting is not supported on this platform");
+    return 77;
+#endif
+
   if (!strcmp(argv[1], "assert")) {
     crashtype = 1;
   } else if (!strcmp(argv[1], "crash")) {
     crashtype = 0;
   } else if (!strcmp(argv[1], "none")) {
     crashtype = -1;
+  } else if (!strcmp(argv[1], "backtraces")) {
+    return 0;
   } else {
     puts("Argument should be \"assert\" or \"crash\" or \"none\"");
     return 1;
   }
 
-  init_logging();
+  init_logging(1);
   set_log_severity_config(LOG_WARN, LOG_ERR, &severity);
   add_stream_log(&severity, "stdout", STDOUT_FILENO);
   tor_log_update_sigsafe_err_fds();
@@ -103,6 +119,7 @@ main(int argc, char **argv)
   printf("%d\n", we_weave(2));
 
   clean_up_backtrace_handler();
+  logs_free_all();
 
   return 0;
 }
diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c
index f24b80f0b0..e5e56edf75 100644
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define BUFFERS_PRIVATE
@@ -27,10 +27,10 @@ test_buffers_basic(void *arg)
    * buf_new
    ****/
   if (!(buf = buf_new()))
-    test_fail();
+    TT_DIE(("Assertion failed."));
 
   //test_eq(buf_capacity(buf), 4096);
-  test_eq(buf_datalen(buf), 0);
+  tt_int_op(buf_datalen(buf),OP_EQ, 0);
 
   /****
    * General pointer frobbing
@@ -40,16 +40,16 @@ test_buffers_basic(void *arg)
   }
   write_to_buf(str, 256, buf);
   write_to_buf(str, 256, buf);
-  test_eq(buf_datalen(buf), 512);
+  tt_int_op(buf_datalen(buf),OP_EQ, 512);
   fetch_from_buf(str2, 200, buf);
-  test_memeq(str, str2, 200);
-  test_eq(buf_datalen(buf), 312);
+  tt_mem_op(str,OP_EQ, str2, 200);
+  tt_int_op(buf_datalen(buf),OP_EQ, 312);
   memset(str2, 0, sizeof(str2));
 
   fetch_from_buf(str2, 256, buf);
-  test_memeq(str+200, str2, 56);
-  test_memeq(str, str2+56, 200);
-  test_eq(buf_datalen(buf), 56);
+  tt_mem_op(str+200,OP_EQ, str2, 56);
+  tt_mem_op(str,OP_EQ, str2+56, 200);
+  tt_int_op(buf_datalen(buf),OP_EQ, 56);
   memset(str2, 0, sizeof(str2));
   /* Okay, now we should be 512 bytes into the 4096-byte buffer.  If we add
    * another 3584 bytes, we hit the end. */
@@ -57,16 +57,16 @@ test_buffers_basic(void *arg)
     write_to_buf(str, 256, buf);
   }
   assert_buf_ok(buf);
-  test_eq(buf_datalen(buf), 3896);
+  tt_int_op(buf_datalen(buf),OP_EQ, 3896);
   fetch_from_buf(str2, 56, buf);
-  test_eq(buf_datalen(buf), 3840);
-  test_memeq(str+200, str2, 56);
+  tt_int_op(buf_datalen(buf),OP_EQ, 3840);
+  tt_mem_op(str+200,OP_EQ, str2, 56);
   for (j=0;j<15;++j) {
     memset(str2, 0, sizeof(str2));
     fetch_from_buf(str2, 256, buf);
-    test_memeq(str, str2, 256);
+    tt_mem_op(str,OP_EQ, str2, 256);
   }
-  test_eq(buf_datalen(buf), 0);
+  tt_int_op(buf_datalen(buf),OP_EQ, 0);
   buf_free(buf);
   buf = NULL;
 
@@ -76,7 +76,7 @@ test_buffers_basic(void *arg)
   write_to_buf(str+1, 255, buf);
   //test_eq(buf_capacity(buf), 256);
   fetch_from_buf(str2, 254, buf);
-  test_memeq(str+1, str2, 254);
+  tt_mem_op(str+1,OP_EQ, str2, 254);
   //test_eq(buf_capacity(buf), 256);
   assert_buf_ok(buf);
   write_to_buf(str, 32, buf);
@@ -85,15 +85,15 @@ test_buffers_basic(void *arg)
   write_to_buf(str, 256, buf);
   assert_buf_ok(buf);
   //test_eq(buf_capacity(buf), 512);
-  test_eq(buf_datalen(buf), 33+256);
+  tt_int_op(buf_datalen(buf),OP_EQ, 33+256);
   fetch_from_buf(str2, 33, buf);
-  test_eq(*str2, str[255]);
+  tt_int_op(*str2,OP_EQ, str[255]);
 
-  test_memeq(str2+1, str, 32);
+  tt_mem_op(str2+1,OP_EQ, str, 32);
   //test_eq(buf_capacity(buf), 512);
-  test_eq(buf_datalen(buf), 256);
+  tt_int_op(buf_datalen(buf),OP_EQ, 256);
   fetch_from_buf(str2, 256, buf);
-  test_memeq(str, str2, 256);
+  tt_mem_op(str,OP_EQ, str2, 256);
 
   /* now try shrinking: case 1. */
   buf_free(buf);
@@ -102,10 +102,10 @@ test_buffers_basic(void *arg)
     write_to_buf(str,255, buf);
   }
   //test_eq(buf_capacity(buf), 33668);
-  test_eq(buf_datalen(buf), 17085);
+  tt_int_op(buf_datalen(buf),OP_EQ, 17085);
   for (j=0; j < 40; ++j) {
     fetch_from_buf(str2, 255,buf);
-    test_memeq(str2, str, 255);
+    tt_mem_op(str2,OP_EQ, str, 255);
   }
 
   /* now try shrinking: case 2. */
@@ -116,7 +116,7 @@ test_buffers_basic(void *arg)
   }
   for (j=0; j < 20; ++j) {
     fetch_from_buf(str2, 255,buf);
-    test_memeq(str2, str, 255);
+    tt_mem_op(str2,OP_EQ, str, 255);
   }
   for (j=0;j<80;++j) {
     write_to_buf(str,255, buf);
@@ -124,7 +124,7 @@ test_buffers_basic(void *arg)
   //test_eq(buf_capacity(buf),33668);
   for (j=0; j < 120; ++j) {
     fetch_from_buf(str2, 255,buf);
-    test_memeq(str2, str, 255);
+    tt_mem_op(str2,OP_EQ, str, 255);
   }
 
   /* Move from buf to buf. */
@@ -133,27 +133,27 @@ test_buffers_basic(void *arg)
   buf2 = buf_new_with_capacity(4096);
   for (j=0;j<100;++j)
     write_to_buf(str, 255, buf);
-  test_eq(buf_datalen(buf), 25500);
+  tt_int_op(buf_datalen(buf),OP_EQ, 25500);
   for (j=0;j<100;++j) {
     r = 10;
     move_buf_to_buf(buf2, buf, &r);
-    test_eq(r, 0);
+    tt_int_op(r,OP_EQ, 0);
   }
-  test_eq(buf_datalen(buf), 24500);
-  test_eq(buf_datalen(buf2), 1000);
+  tt_int_op(buf_datalen(buf),OP_EQ, 24500);
+  tt_int_op(buf_datalen(buf2),OP_EQ, 1000);
   for (j=0;j<3;++j) {
     fetch_from_buf(str2, 255, buf2);
-    test_memeq(str2, str, 255);
+    tt_mem_op(str2,OP_EQ, str, 255);
   }
   r = 8192; /*big move*/
   move_buf_to_buf(buf2, buf, &r);
-  test_eq(r, 0);
+  tt_int_op(r,OP_EQ, 0);
   r = 30000; /* incomplete move */
   move_buf_to_buf(buf2, buf, &r);
-  test_eq(r, 13692);
+  tt_int_op(r,OP_EQ, 13692);
   for (j=0;j<97;++j) {
     fetch_from_buf(str2, 255, buf2);
-    test_memeq(str2, str, 255);
+    tt_mem_op(str2,OP_EQ, str, 255);
   }
   buf_free(buf);
   buf_free(buf2);
@@ -163,16 +163,16 @@ test_buffers_basic(void *arg)
   cp = "Testing. This is a moderately long Testing string.";
   for (j = 0; cp[j]; j++)
     write_to_buf(cp+j, 1, buf);
-  test_eq(0, buf_find_string_offset(buf, "Testing", 7));
-  test_eq(1, buf_find_string_offset(buf, "esting", 6));
-  test_eq(1, buf_find_string_offset(buf, "est", 3));
-  test_eq(39, buf_find_string_offset(buf, "ing str", 7));
-  test_eq(35, buf_find_string_offset(buf, "Testing str", 11));
-  test_eq(32, buf_find_string_offset(buf, "ng ", 3));
-  test_eq(43, buf_find_string_offset(buf, "string.", 7));
-  test_eq(-1, buf_find_string_offset(buf, "shrdlu", 6));
-  test_eq(-1, buf_find_string_offset(buf, "Testing thing", 13));
-  test_eq(-1, buf_find_string_offset(buf, "ngx", 3));
+  tt_int_op(0,OP_EQ, buf_find_string_offset(buf, "Testing", 7));
+  tt_int_op(1,OP_EQ, buf_find_string_offset(buf, "esting", 6));
+  tt_int_op(1,OP_EQ, buf_find_string_offset(buf, "est", 3));
+  tt_int_op(39,OP_EQ, buf_find_string_offset(buf, "ing str", 7));
+  tt_int_op(35,OP_EQ, buf_find_string_offset(buf, "Testing str", 11));
+  tt_int_op(32,OP_EQ, buf_find_string_offset(buf, "ng ", 3));
+  tt_int_op(43,OP_EQ, buf_find_string_offset(buf, "string.", 7));
+  tt_int_op(-1,OP_EQ, buf_find_string_offset(buf, "shrdlu", 6));
+  tt_int_op(-1,OP_EQ, buf_find_string_offset(buf, "Testing thing", 13));
+  tt_int_op(-1,OP_EQ, buf_find_string_offset(buf, "ngx", 3));
   buf_free(buf);
   buf = NULL;
 
@@ -183,7 +183,7 @@ test_buffers_basic(void *arg)
     write_to_buf(cp, 65536, buf);
     tor_free(cp);
 
-    tt_int_op(buf_datalen(buf), ==, 65536);
+    tt_int_op(buf_datalen(buf), OP_EQ, 65536);
     buf_free(buf);
     buf = NULL;
   }
@@ -193,7 +193,6 @@ test_buffers_basic(void *arg)
     buf_free(buf);
   if (buf2)
     buf_free(buf2);
-  buf_shrink_freelists(1);
 }
 
 static void
@@ -207,25 +206,22 @@ test_buffer_pullup(void *arg)
   stuff = tor_malloc(16384);
   tmp = tor_malloc(16384);
 
-  /* Note: this test doesn't check the nulterminate argument to buf_pullup,
-     since nothing actually uses it.  We should remove it some time. */
-
   buf = buf_new_with_capacity(3000); /* rounds up to next power of 2. */
 
   tt_assert(buf);
-  tt_int_op(buf_get_default_chunk_size(buf), ==, 4096);
+  tt_int_op(buf_get_default_chunk_size(buf), OP_EQ, 4096);
 
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
   /* There are a bunch of cases for pullup.  One is the trivial case. Let's
      mess around with an empty buffer. */
-  buf_pullup(buf, 16, 1);
+  buf_pullup(buf, 16);
   buf_get_first_chunk_data(buf, &cp, &sz);
-  tt_ptr_op(cp, ==, NULL);
-  tt_uint_op(sz, ==, 0);
+  tt_ptr_op(cp, OP_EQ, NULL);
+  tt_uint_op(sz, OP_EQ, 0);
 
   /* Let's make sure nothing got allocated */
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
   /* Case 1: everything puts into the first chunk with some moving. */
 
@@ -234,22 +230,22 @@ test_buffer_pullup(void *arg)
   write_to_buf(stuff, 3000, buf);
   write_to_buf(stuff+3000, 3000, buf);
   buf_get_first_chunk_data(buf, &cp, &sz);
-  tt_ptr_op(cp, !=, NULL);
-  tt_int_op(sz, <=, 4096);
+  tt_ptr_op(cp, OP_NE, NULL);
+  tt_int_op(sz, OP_LE, 4096);
 
   /* Make room for 3000 bytes in the first chunk, so that the pullup-move code
    * can get tested. */
-  tt_int_op(fetch_from_buf(tmp, 3000, buf), ==, 3000);
-  test_memeq(tmp, stuff, 3000);
-  buf_pullup(buf, 2048, 0);
+  tt_int_op(fetch_from_buf(tmp, 3000, buf), OP_EQ, 3000);
+  tt_mem_op(tmp,OP_EQ, stuff, 3000);
+  buf_pullup(buf, 2048);
   assert_buf_ok(buf);
   buf_get_first_chunk_data(buf, &cp, &sz);
-  tt_ptr_op(cp, !=, NULL);
-  tt_int_op(sz, >=, 2048);
-  test_memeq(cp, stuff+3000, 2048);
-  tt_int_op(3000, ==, buf_datalen(buf));
-  tt_int_op(fetch_from_buf(tmp, 3000, buf), ==, 0);
-  test_memeq(tmp, stuff+3000, 2048);
+  tt_ptr_op(cp, OP_NE, NULL);
+  tt_int_op(sz, OP_GE, 2048);
+  tt_mem_op(cp,OP_EQ, stuff+3000, 2048);
+  tt_int_op(3000, OP_EQ, buf_datalen(buf));
+  tt_int_op(fetch_from_buf(tmp, 3000, buf), OP_EQ, 0);
+  tt_mem_op(tmp,OP_EQ, stuff+3000, 2048);
 
   buf_free(buf);
 
@@ -259,26 +255,26 @@ test_buffer_pullup(void *arg)
   write_to_buf(stuff+4000, 4000, buf);
   write_to_buf(stuff+8000, 4000, buf);
   write_to_buf(stuff+12000, 4000, buf);
-  tt_int_op(buf_datalen(buf), ==, 16000);
+  tt_int_op(buf_datalen(buf), OP_EQ, 16000);
   buf_get_first_chunk_data(buf, &cp, &sz);
-  tt_ptr_op(cp, !=, NULL);
-  tt_int_op(sz, <=, 4096);
+  tt_ptr_op(cp, OP_NE, NULL);
+  tt_int_op(sz, OP_LE, 4096);
 
-  buf_pullup(buf, 12500, 0);
+  buf_pullup(buf, 12500);
   assert_buf_ok(buf);
   buf_get_first_chunk_data(buf, &cp, &sz);
-  tt_ptr_op(cp, !=, NULL);
-  tt_int_op(sz, >=, 12500);
-  test_memeq(cp, stuff, 12500);
-  tt_int_op(buf_datalen(buf), ==, 16000);
+  tt_ptr_op(cp, OP_NE, NULL);
+  tt_int_op(sz, OP_GE, 12500);
+  tt_mem_op(cp,OP_EQ, stuff, 12500);
+  tt_int_op(buf_datalen(buf), OP_EQ, 16000);
 
   fetch_from_buf(tmp, 12400, buf);
-  test_memeq(tmp, stuff, 12400);
-  tt_int_op(buf_datalen(buf), ==, 3600);
+  tt_mem_op(tmp,OP_EQ, stuff, 12400);
+  tt_int_op(buf_datalen(buf), OP_EQ, 3600);
   fetch_from_buf(tmp, 3500, buf);
-  test_memeq(tmp, stuff+12400, 3500);
+  tt_mem_op(tmp,OP_EQ, stuff+12400, 3500);
   fetch_from_buf(tmp, 100, buf);
-  test_memeq(tmp, stuff+15900, 10);
+  tt_mem_op(tmp,OP_EQ, stuff+15900, 10);
 
   buf_free(buf);
 
@@ -287,22 +283,19 @@ test_buffer_pullup(void *arg)
   write_to_buf(stuff, 4000, buf);
   write_to_buf(stuff+4000, 4000, buf);
   fetch_from_buf(tmp, 100, buf); /* dump 100 bytes from first chunk */
-  buf_pullup(buf, 16000, 0); /* Way too much. */
+  buf_pullup(buf, 16000); /* Way too much. */
   assert_buf_ok(buf);
   buf_get_first_chunk_data(buf, &cp, &sz);
-  tt_ptr_op(cp, !=, NULL);
-  tt_int_op(sz, ==, 7900);
-  test_memeq(cp, stuff+100, 7900);
+  tt_ptr_op(cp, OP_NE, NULL);
+  tt_int_op(sz, OP_EQ, 7900);
+  tt_mem_op(cp,OP_EQ, stuff+100, 7900);
 
   buf_free(buf);
   buf = NULL;
 
-  buf_shrink_freelists(1);
-
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
  done:
   buf_free(buf);
-  buf_shrink_freelists(1);
   tor_free(stuff);
   tor_free(tmp);
 }
@@ -321,31 +314,31 @@ test_buffer_copy(void *arg)
   tt_assert(buf);
 
   /* Copy an empty buffer. */
-  tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf));
+  tt_int_op(0, OP_EQ, generic_buffer_set_to_copy(&buf2, buf));
   tt_assert(buf2);
-  tt_int_op(0, ==, generic_buffer_len(buf2));
+  tt_int_op(0, OP_EQ, generic_buffer_len(buf2));
 
   /* Now try with a short buffer. */
   s = "And now comes an act of enormous enormance!";
   len = strlen(s);
   generic_buffer_add(buf, s, len);
-  tt_int_op(len, ==, generic_buffer_len(buf));
+  tt_int_op(len, OP_EQ, generic_buffer_len(buf));
   /* Add junk to buf2 so we can test replacing.*/
   generic_buffer_add(buf2, "BLARG", 5);
-  tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf));
-  tt_int_op(len, ==, generic_buffer_len(buf2));
+  tt_int_op(0, OP_EQ, generic_buffer_set_to_copy(&buf2, buf));
+  tt_int_op(len, OP_EQ, generic_buffer_len(buf2));
   generic_buffer_get(buf2, b, len);
-  test_mem_op(b, ==, s, len);
+  tt_mem_op(b, OP_EQ, s, len);
   /* Now free buf2 and retry so we can test allocating */
   generic_buffer_free(buf2);
   buf2 = NULL;
-  tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf));
-  tt_int_op(len, ==, generic_buffer_len(buf2));
+  tt_int_op(0, OP_EQ, generic_buffer_set_to_copy(&buf2, buf));
+  tt_int_op(len, OP_EQ, generic_buffer_len(buf2));
   generic_buffer_get(buf2, b, len);
-  test_mem_op(b, ==, s, len);
+  tt_mem_op(b, OP_EQ, s, len);
   /* Clear buf for next test */
   generic_buffer_get(buf, b, len);
-  tt_int_op(generic_buffer_len(buf),==,0);
+  tt_int_op(generic_buffer_len(buf),OP_EQ,0);
 
   /* Okay, now let's try a bigger buffer. */
   s = "Quis autem vel eum iure reprehenderit qui in ea voluptate velit "
@@ -357,12 +350,12 @@ test_buffer_copy(void *arg)
     generic_buffer_add(buf, b, 1);
     generic_buffer_add(buf, s, len);
   }
-  tt_int_op(0, ==, generic_buffer_set_to_copy(&buf2, buf));
-  tt_int_op(generic_buffer_len(buf2), ==, generic_buffer_len(buf));
+  tt_int_op(0, OP_EQ, generic_buffer_set_to_copy(&buf2, buf));
+  tt_int_op(generic_buffer_len(buf2), OP_EQ, generic_buffer_len(buf));
   for (i = 0; i < 256; ++i) {
     generic_buffer_get(buf2, b, len+1);
-    tt_int_op((unsigned char)b[0],==,i);
-    test_mem_op(b+1, ==, s, len);
+    tt_int_op((unsigned char)b[0],OP_EQ,i);
+    tt_mem_op(b+1, OP_EQ, s, len);
   }
 
  done:
@@ -370,7 +363,6 @@ test_buffer_copy(void *arg)
     generic_buffer_free(buf);
   if (buf2)
     generic_buffer_free(buf2);
-  buf_shrink_freelists(1);
 }
 
 static void
@@ -382,62 +374,62 @@ test_buffer_ext_or_cmd(void *arg)
   (void) arg;
 
   /* Empty -- should give "not there. */
-  tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, ==, cmd);
+  tt_int_op(0, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_EQ, cmd);
 
   /* Three bytes: shouldn't work. */
   generic_buffer_add(buf, "\x00\x20\x00", 3);
-  tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, ==, cmd);
-  tt_int_op(3, ==, generic_buffer_len(buf));
+  tt_int_op(0, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_EQ, cmd);
+  tt_int_op(3, OP_EQ, generic_buffer_len(buf));
 
   /* 0020 0000: That's a nil command. It should work. */
   generic_buffer_add(buf, "\x00", 1);
-  tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, !=, cmd);
-  tt_int_op(0x20, ==, cmd->cmd);
-  tt_int_op(0, ==, cmd->len);
-  tt_int_op(0, ==, generic_buffer_len(buf));
+  tt_int_op(1, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_NE, cmd);
+  tt_int_op(0x20, OP_EQ, cmd->cmd);
+  tt_int_op(0, OP_EQ, cmd->len);
+  tt_int_op(0, OP_EQ, generic_buffer_len(buf));
   ext_or_cmd_free(cmd);
   cmd = NULL;
 
   /* Now try a length-6 command with one byte missing. */
   generic_buffer_add(buf, "\x10\x21\x00\x06""abcde", 9);
-  tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, ==, cmd);
+  tt_int_op(0, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_EQ, cmd);
   generic_buffer_add(buf, "f", 1);
-  tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, !=, cmd);
-  tt_int_op(0x1021, ==, cmd->cmd);
-  tt_int_op(6, ==, cmd->len);
-  test_mem_op("abcdef", ==, cmd->body, 6);
-  tt_int_op(0, ==, generic_buffer_len(buf));
+  tt_int_op(1, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_NE, cmd);
+  tt_int_op(0x1021, OP_EQ, cmd->cmd);
+  tt_int_op(6, OP_EQ, cmd->len);
+  tt_mem_op("abcdef", OP_EQ, cmd->body, 6);
+  tt_int_op(0, OP_EQ, generic_buffer_len(buf));
   ext_or_cmd_free(cmd);
   cmd = NULL;
 
   /* Now try a length-10 command with 4 extra bytes. */
   generic_buffer_add(buf, "\xff\xff\x00\x0a"
                      "loremipsum\x10\x00\xff\xff", 18);
-  tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, !=, cmd);
-  tt_int_op(0xffff, ==, cmd->cmd);
-  tt_int_op(10, ==, cmd->len);
-  test_mem_op("loremipsum", ==, cmd->body, 10);
-  tt_int_op(4, ==, generic_buffer_len(buf));
+  tt_int_op(1, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_NE, cmd);
+  tt_int_op(0xffff, OP_EQ, cmd->cmd);
+  tt_int_op(10, OP_EQ, cmd->len);
+  tt_mem_op("loremipsum", OP_EQ, cmd->body, 10);
+  tt_int_op(4, OP_EQ, generic_buffer_len(buf));
   ext_or_cmd_free(cmd);
   cmd = NULL;
 
   /* Finally, let's try a maximum-length command. We already have the header
    * waiting. */
-  tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_int_op(0, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
   tmp = tor_malloc_zero(65535);
   generic_buffer_add(buf, tmp, 65535);
-  tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
-  tt_ptr_op(NULL, !=, cmd);
-  tt_int_op(0x1000, ==, cmd->cmd);
-  tt_int_op(0xffff, ==, cmd->len);
-  test_mem_op(tmp, ==, cmd->body, 65535);
-  tt_int_op(0, ==, generic_buffer_len(buf));
+  tt_int_op(1, OP_EQ, generic_buffer_fetch_ext_or_cmd(buf, &cmd));
+  tt_ptr_op(NULL, OP_NE, cmd);
+  tt_int_op(0x1000, OP_EQ, cmd->cmd);
+  tt_int_op(0xffff, OP_EQ, cmd->len);
+  tt_mem_op(tmp, OP_EQ, cmd->body, 65535);
+  tt_int_op(0, OP_EQ, generic_buffer_len(buf));
   ext_or_cmd_free(cmd);
   cmd = NULL;
 
@@ -445,7 +437,6 @@ test_buffer_ext_or_cmd(void *arg)
   ext_or_cmd_free(cmd);
   generic_buffer_free(buf);
   tor_free(tmp);
-  buf_shrink_freelists(1);
 }
 
 static void
@@ -458,70 +449,61 @@ test_buffer_allocation_tracking(void *arg)
   (void)arg;
 
   crypto_rand(junk, 16384);
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
   buf1 = buf_new();
   tt_assert(buf1);
   buf2 = buf_new();
   tt_assert(buf2);
 
-  tt_int_op(buf_allocation(buf1), ==, 0);
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(buf_allocation(buf1), OP_EQ, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
   write_to_buf(junk, 4000, buf1);
   write_to_buf(junk, 4000, buf1);
   write_to_buf(junk, 4000, buf1);
   write_to_buf(junk, 4000, buf1);
-  tt_int_op(buf_allocation(buf1), ==, 16384);
+  tt_int_op(buf_allocation(buf1), OP_EQ, 16384);
   fetch_from_buf(junk, 100, buf1);
-  tt_int_op(buf_allocation(buf1), ==, 16384); /* still 4 4k chunks */
+  tt_int_op(buf_allocation(buf1), OP_EQ, 16384); /* still 4 4k chunks */
 
-  tt_int_op(buf_get_total_allocation(), ==, 16384);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 16384);
 
   fetch_from_buf(junk, 4096, buf1); /* drop a 1k chunk... */
-  tt_int_op(buf_allocation(buf1), ==, 3*4096); /* now 3 4k chunks */
+  tt_int_op(buf_allocation(buf1), OP_EQ, 3*4096); /* now 3 4k chunks */
 
-#ifdef ENABLE_BUF_FREELISTS
-  tt_int_op(buf_get_total_allocation(), ==, 16384); /* that chunk went onto
-                                                       the freelist. */
-#else
-  tt_int_op(buf_get_total_allocation(), ==, 12288); /* that chunk was really
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 12288); /* that chunk was really
                                                        freed. */
-#endif
 
   write_to_buf(junk, 4000, buf2);
-  tt_int_op(buf_allocation(buf2), ==, 4096); /* another 4k chunk. */
+  tt_int_op(buf_allocation(buf2), OP_EQ, 4096); /* another 4k chunk. */
   /*
-   * If we're using freelists, size stays at 16384 because we just pulled a
-   * chunk from the freelist.  If we aren't, we bounce back up to 16384 by
-   * allocating a new chunk.
+   * We bounce back up to 16384 by allocating a new chunk.
    */
-  tt_int_op(buf_get_total_allocation(), ==, 16384);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 16384);
   write_to_buf(junk, 4000, buf2);
-  tt_int_op(buf_allocation(buf2), ==, 8192); /* another 4k chunk. */
-  tt_int_op(buf_get_total_allocation(), ==, 5*4096); /* that chunk was new. */
+  tt_int_op(buf_allocation(buf2), OP_EQ, 8192); /* another 4k chunk. */
+  tt_int_op(buf_get_total_allocation(),
+            OP_EQ, 5*4096); /* that chunk was new. */
 
   /* Make a really huge buffer */
   for (i = 0; i < 1000; ++i) {
     write_to_buf(junk, 4000, buf2);
   }
-  tt_int_op(buf_allocation(buf2), >=, 4008000);
-  tt_int_op(buf_get_total_allocation(), >=, 4008000);
+  tt_int_op(buf_allocation(buf2), OP_GE, 4008000);
+  tt_int_op(buf_get_total_allocation(), OP_GE, 4008000);
   buf_free(buf2);
   buf2 = NULL;
 
-  tt_int_op(buf_get_total_allocation(), <, 4008000);
-  buf_shrink_freelists(1);
-  tt_int_op(buf_get_total_allocation(), ==, buf_allocation(buf1));
+  tt_int_op(buf_get_total_allocation(), OP_LT, 4008000);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, buf_allocation(buf1));
   buf_free(buf1);
   buf1 = NULL;
-  buf_shrink_freelists(1);
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
  done:
   buf_free(buf1);
   buf_free(buf2);
-  buf_shrink_freelists(1);
   tor_free(junk);
 }
 
@@ -545,37 +527,38 @@ test_buffer_time_tracking(void *arg)
   tt_assert(buf);
 
   /* Empty buffer means the timestamp is 0. */
-  tt_int_op(0, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC));
-  tt_int_op(0, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+1000));
+  tt_int_op(0, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC));
+  tt_int_op(0, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+1000));
 
   tor_gettimeofday_cache_set(&tv0);
   write_to_buf("ABCDEFG", 7, buf);
-  tt_int_op(1000, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+1000));
+  tt_int_op(1000, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+1000));
 
   buf2 = buf_copy(buf);
   tt_assert(buf2);
-  tt_int_op(1234, ==, buf_get_oldest_chunk_timestamp(buf2, START_MSEC+1234));
+  tt_int_op(1234, OP_EQ,
+            buf_get_oldest_chunk_timestamp(buf2, START_MSEC+1234));
 
   /* Now add more bytes; enough to overflow the first chunk. */
   tv0.tv_usec += 123 * 1000;
   tor_gettimeofday_cache_set(&tv0);
   for (i = 0; i < 600; ++i)
     write_to_buf("ABCDEFG", 7, buf);
-  tt_int_op(4207, ==, buf_datalen(buf));
+  tt_int_op(4207, OP_EQ, buf_datalen(buf));
 
   /* The oldest bytes are still in the front. */
-  tt_int_op(2000, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2000));
+  tt_int_op(2000, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2000));
 
   /* Once those bytes are dropped, the chunk is still on the first
    * timestamp. */
   fetch_from_buf(tmp, 100, buf);
-  tt_int_op(2000, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2000));
+  tt_int_op(2000, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2000));
 
   /* But once we discard the whole first chunk, we get the data in the second
    * chunk. */
   fetch_from_buf(tmp, 4000, buf);
-  tt_int_op(107, ==, buf_datalen(buf));
-  tt_int_op(2000, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2123));
+  tt_int_op(107, OP_EQ, buf_datalen(buf));
+  tt_int_op(2000, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2123));
 
   /* This time we'll be grabbing a chunk from the freelist, and making sure
      its time gets updated */
@@ -584,13 +567,13 @@ test_buffer_time_tracking(void *arg)
   tor_gettimeofday_cache_set(&tv0);
   for (i = 0; i < 600; ++i)
     write_to_buf("ABCDEFG", 7, buf);
-  tt_int_op(4307, ==, buf_datalen(buf));
+  tt_int_op(4307, OP_EQ, buf_datalen(buf));
 
-  tt_int_op(2000, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2123));
+  tt_int_op(2000, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+2123));
   fetch_from_buf(tmp, 4000, buf);
   fetch_from_buf(tmp, 306, buf);
-  tt_int_op(0, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+5617));
-  tt_int_op(383, ==, buf_get_oldest_chunk_timestamp(buf, START_MSEC+6000));
+  tt_int_op(0, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+5617));
+  tt_int_op(383, OP_EQ, buf_get_oldest_chunk_timestamp(buf, START_MSEC+6000));
 
  done:
   buf_free(buf);
@@ -609,35 +592,35 @@ test_buffers_zlib_impl(int finalize_with_nil)
   int done;
 
   buf = buf_new_with_capacity(128); /* will round up */
-  zlib_state = tor_zlib_new(1, ZLIB_METHOD);
+  zlib_state = tor_zlib_new(1, ZLIB_METHOD, HIGH_COMPRESSION);
 
   msg = tor_malloc(512);
   crypto_rand(msg, 512);
-  tt_int_op(write_to_buf_zlib(buf, zlib_state, msg, 128, 0), ==, 0);
-  tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+128, 128, 0), ==, 0);
-  tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+256, 256, 0), ==, 0);
+  tt_int_op(write_to_buf_zlib(buf, zlib_state, msg, 128, 0), OP_EQ, 0);
+  tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+128, 128, 0), OP_EQ, 0);
+  tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+256, 256, 0), OP_EQ, 0);
   done = !finalize_with_nil;
-  tt_int_op(write_to_buf_zlib(buf, zlib_state, "all done", 9, done), ==, 0);
+  tt_int_op(write_to_buf_zlib(buf, zlib_state, "all done", 9, done), OP_EQ, 0);
   if (finalize_with_nil) {
-    tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), ==, 0);
+    tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), OP_EQ, 0);
   }
 
   in_len = buf_datalen(buf);
   contents = tor_malloc(in_len);
 
-  tt_int_op(fetch_from_buf(contents, in_len, buf), ==, 0);
+  tt_int_op(fetch_from_buf(contents, in_len, buf), OP_EQ, 0);
 
-  tt_int_op(0, ==, tor_gzip_uncompress(&expanded, &out_len,
+  tt_int_op(0, OP_EQ, tor_gzip_uncompress(&expanded, &out_len,
                                        contents, in_len,
                                        ZLIB_METHOD, 1,
                                        LOG_WARN));
 
-  tt_int_op(out_len, >=, 128);
-  tt_mem_op(msg, ==, expanded, 128);
-  tt_int_op(out_len, >=, 512);
-  tt_mem_op(msg, ==, expanded, 512);
-  tt_int_op(out_len, ==, 512+9);
-  tt_mem_op("all done", ==, expanded+512, 9);
+  tt_int_op(out_len, OP_GE, 128);
+  tt_mem_op(msg, OP_EQ, expanded, 128);
+  tt_int_op(out_len, OP_GE, 512);
+  tt_mem_op(msg, OP_EQ, expanded, 512);
+  tt_int_op(out_len, OP_EQ, 512+9);
+  tt_mem_op("all done", OP_EQ, expanded+512, 9);
 
  done:
   buf_free(buf);
@@ -680,28 +663,28 @@ test_buffers_zlib_fin_at_chunk_end(void *arg)
   tt_assert(buf->head);
 
   /* Fill up the chunk so the zlib stuff won't fit in one chunk. */
-  tt_uint_op(buf->head->memlen, <, sz);
+  tt_uint_op(buf->head->memlen, OP_LT, sz);
   headerjunk = buf->head->memlen - 7;
   write_to_buf(msg, headerjunk-1, buf);
-  tt_uint_op(buf->head->datalen, ==, headerjunk);
-  tt_uint_op(buf_datalen(buf), ==, headerjunk);
+  tt_uint_op(buf->head->datalen, OP_EQ, headerjunk);
+  tt_uint_op(buf_datalen(buf), OP_EQ, headerjunk);
   /* Write an empty string, with finalization on. */
-  zlib_state = tor_zlib_new(1, ZLIB_METHOD);
-  tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), ==, 0);
+  zlib_state = tor_zlib_new(1, ZLIB_METHOD, HIGH_COMPRESSION);
+  tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), OP_EQ, 0);
 
   in_len = buf_datalen(buf);
   contents = tor_malloc(in_len);
 
-  tt_int_op(fetch_from_buf(contents, in_len, buf), ==, 0);
+  tt_int_op(fetch_from_buf(contents, in_len, buf), OP_EQ, 0);
 
-  tt_uint_op(in_len, >, headerjunk);
+  tt_uint_op(in_len, OP_GT, headerjunk);
 
-  tt_int_op(0, ==, tor_gzip_uncompress(&expanded, &out_len,
+  tt_int_op(0, OP_EQ, tor_gzip_uncompress(&expanded, &out_len,
                                   contents + headerjunk, in_len - headerjunk,
                                   ZLIB_METHOD, 1,
                                   LOG_WARN));
 
-  tt_int_op(out_len, ==, 0);
+  tt_int_op(out_len, OP_EQ, 0);
   tt_assert(expanded);
 
  done:
@@ -712,6 +695,58 @@ test_buffers_zlib_fin_at_chunk_end(void *arg)
   tor_free(msg);
 }
 
+const uint8_t *tls_read_ptr;
+int n_remaining;
+int next_reply_val[16];
+
+static int
+mock_tls_read(tor_tls_t *tls, char *cp, size_t len)
+{
+  (void)tls;
+  int rv = next_reply_val[0];
+  if (rv > 0) {
+    int max = rv > (int)len ? (int)len : rv;
+    if (max > n_remaining)
+      max = n_remaining;
+    memcpy(cp, tls_read_ptr, max);
+    rv = max;
+    n_remaining -= max;
+    tls_read_ptr += max;
+  }
+
+  memmove(next_reply_val, next_reply_val + 1, 15*sizeof(int));
+  return rv;
+}
+
+static void
+test_buffers_tls_read_mocked(void *arg)
+{
+  uint8_t *mem;
+  buf_t *buf;
+  (void)arg;
+
+  mem = tor_malloc(64*1024);
+  crypto_rand((char*)mem, 64*1024);
+  tls_read_ptr = mem;
+  n_remaining = 64*1024;
+
+  MOCK(tor_tls_read, mock_tls_read);
+
+  buf = buf_new();
+
+  next_reply_val[0] = 1024;
+  tt_int_op(128, ==, read_to_buf_tls(NULL, 128, buf));
+
+  next_reply_val[0] = 5000;
+  next_reply_val[1] = 5000;
+  tt_int_op(6000, ==, read_to_buf_tls(NULL, 6000, buf));
+
+ done:
+  UNMOCK(tor_tls_read);
+  tor_free(mem);
+  buf_free(buf);
+}
+
 struct testcase_t buffer_tests[] = {
   { "basic", test_buffers_basic, TT_FORK, NULL, NULL },
   { "copy", test_buffer_copy, TT_FORK, NULL, NULL },
@@ -724,6 +759,8 @@ struct testcase_t buffer_tests[] = {
   { "zlib_fin_with_nil", test_buffers_zlib_fin_with_nil, TT_FORK, NULL, NULL },
   { "zlib_fin_at_chunk_end", test_buffers_zlib_fin_at_chunk_end, TT_FORK,
     NULL, NULL},
+  { "tls_read_mocked", test_buffers_tls_read_mocked, 0,
+    NULL, NULL },
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c
index d7f60680c2..499a637959 100644
--- a/src/test/test_cell_formats.c
+++ b/src/test/test_cell_formats.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -30,16 +30,16 @@ test_cfmt_relay_header(void *arg)
   uint8_t hdr_out[RELAY_HEADER_SIZE];
   (void)arg;
 
-  tt_int_op(sizeof(hdr_1), ==, RELAY_HEADER_SIZE);
+  tt_int_op(sizeof(hdr_1), OP_EQ, RELAY_HEADER_SIZE);
   relay_header_unpack(&rh, hdr_1);
-  tt_int_op(rh.command, ==, 3);
-  tt_int_op(rh.recognized, ==, 0);
-  tt_int_op(rh.stream_id, ==, 0x2122);
-  test_mem_op(rh.integrity, ==, "ABCD", 4);
-  tt_int_op(rh.length, ==, 0x103);
+  tt_int_op(rh.command, OP_EQ, 3);
+  tt_int_op(rh.recognized, OP_EQ, 0);
+  tt_int_op(rh.stream_id, OP_EQ, 0x2122);
+  tt_mem_op(rh.integrity, OP_EQ, "ABCD", 4);
+  tt_int_op(rh.length, OP_EQ, 0x103);
 
   relay_header_pack(hdr_out, &rh);
-  test_mem_op(hdr_out, ==, hdr_1, RELAY_HEADER_SIZE);
+  tt_mem_op(hdr_out, OP_EQ, hdr_1, RELAY_HEADER_SIZE);
 
  done:
   ;
@@ -74,32 +74,32 @@ test_cfmt_begin_cells(void *arg)
   /* Try begindir. */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN_DIR, "", 0);
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_ptr_op(NULL, ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(0, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(1, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_ptr_op(NULL, OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(0, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(1, OP_EQ, bcell.is_begindir);
 
   /* A Begindir with extra stuff. */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN_DIR, "12345", 5);
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_ptr_op(NULL, ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(0, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(1, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_ptr_op(NULL, OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(0, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(1, OP_EQ, bcell.is_begindir);
 
   /* A short but valid begin cell */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "a.b:9", 6);
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("a.b", ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(9, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("a.b", OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(9, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* A significantly loner begin cell */
@@ -108,35 +108,35 @@ test_cfmt_begin_cells(void *arg)
     const char c[] = "here-is-a-nice-long.hostname.com:65535";
     make_relay_cell(&cell, RELAY_COMMAND_BEGIN, c, strlen(c)+1);
   }
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("here-is-a-nice-long.hostname.com", ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(65535, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("here-is-a-nice-long.hostname.com", OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(65535, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* An IPv4 begin cell. */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "18.9.22.169:80", 15);
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("18.9.22.169", ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(80, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("18.9.22.169", OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(80, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* An IPv6 begin cell. Let's make sure we handle colons*/
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN,
                   "[2620::6b0:b:1a1a:0:26e5:480e]:80", 34);
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("[2620::6b0:b:1a1a:0:26e5:480e]", ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(80, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("[2620::6b0:b:1a1a:0:26e5:480e]", OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(80, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* a begin cell with extra junk but not enough for flags. */
@@ -145,12 +145,12 @@ test_cfmt_begin_cells(void *arg)
     const char c[] = "another.example.com:80\x00\x01\x02";
     make_relay_cell(&cell, RELAY_COMMAND_BEGIN, c, sizeof(c)-1);
   }
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("another.example.com", ==, bcell.address);
-  tt_int_op(0, ==, bcell.flags);
-  tt_int_op(80, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("another.example.com", OP_EQ, bcell.address);
+  tt_int_op(0, OP_EQ, bcell.flags);
+  tt_int_op(80, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* a begin cell with flags. */
@@ -159,12 +159,12 @@ test_cfmt_begin_cells(void *arg)
     const char c[] = "another.example.com:443\x00\x01\x02\x03\x04";
     make_relay_cell(&cell, RELAY_COMMAND_BEGIN, c, sizeof(c)-1);
   }
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("another.example.com", ==, bcell.address);
-  tt_int_op(0x1020304, ==, bcell.flags);
-  tt_int_op(443, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("another.example.com", OP_EQ, bcell.address);
+  tt_int_op(0x1020304, OP_EQ, bcell.flags);
+  tt_int_op(443, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* a begin cell with flags and even more cruft after that. */
@@ -173,12 +173,12 @@ test_cfmt_begin_cells(void *arg)
     const char c[] = "a-further.example.com:22\x00\xee\xaa\x00\xffHi mom";
     make_relay_cell(&cell, RELAY_COMMAND_BEGIN, c, sizeof(c)-1);
   }
-  tt_int_op(0, ==, begin_cell_parse(&cell, &bcell, &end_reason));
-  tt_str_op("a-further.example.com", ==, bcell.address);
-  tt_int_op(0xeeaa00ff, ==, bcell.flags);
-  tt_int_op(22, ==, bcell.port);
-  tt_int_op(5, ==, bcell.stream_id);
-  tt_int_op(0, ==, bcell.is_begindir);
+  tt_int_op(0, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_str_op("a-further.example.com", OP_EQ, bcell.address);
+  tt_int_op(0xeeaa00ff, OP_EQ, bcell.flags);
+  tt_int_op(22, OP_EQ, bcell.port);
+  tt_int_op(5, OP_EQ, bcell.stream_id);
+  tt_int_op(0, OP_EQ, bcell.is_begindir);
   tor_free(bcell.address);
 
   /* bad begin cell: impossible length. */
@@ -189,42 +189,42 @@ test_cfmt_begin_cells(void *arg)
   {
     relay_header_t rh;
     relay_header_unpack(&rh, cell.payload);
-    tt_int_op(rh.length, ==, 510);
+    tt_int_op(rh.length, OP_EQ, 510);
   }
-  tt_int_op(-2, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-2, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
   /* Bad begin cell: no body. */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "", 0);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
   /* bad begin cell: no body. */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "", 0);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
   /* bad begin cell: no colon */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "a.b", 4);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
   /* bad begin cell: no ports */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "a.b:", 5);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
   /* bad begin cell: bad port */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "a.b:xyz", 8);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "a.b:100000", 11);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
   /* bad begin cell: no nul */
   memset(&bcell, 0x7f, sizeof(bcell));
   make_relay_cell(&cell, RELAY_COMMAND_BEGIN, "a.b:80", 6);
-  tt_int_op(-1, ==, begin_cell_parse(&cell, &bcell, &end_reason));
+  tt_int_op(-1, OP_EQ, begin_cell_parse(&cell, &bcell, &end_reason));
 
  done:
   tor_free(bcell.address);
@@ -244,47 +244,47 @@ test_cfmt_connected_cells(void *arg)
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "", 0);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_UNSPEC);
-  tt_int_op(ttl, ==, -1);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_UNSPEC);
+  tt_int_op(ttl, OP_EQ, -1);
 
   /* A slightly less oldschool one: only an IPv4 address */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "\x20\x30\x40\x50", 4);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET);
-  tt_str_op(fmt_addr(&addr), ==, "32.48.64.80");
-  tt_int_op(ttl, ==, -1);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "32.48.64.80");
+  tt_int_op(ttl, OP_EQ, -1);
 
   /* Bogus but understandable: truncated TTL */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED, "\x11\x12\x13\x14\x15", 5);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET);
-  tt_str_op(fmt_addr(&addr), ==, "17.18.19.20");
-  tt_int_op(ttl, ==, -1);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "17.18.19.20");
+  tt_int_op(ttl, OP_EQ, -1);
 
   /* Regular IPv4 one: address and TTL */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
                   "\x02\x03\x04\x05\x00\x00\x0e\x10", 8);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET);
-  tt_str_op(fmt_addr(&addr), ==, "2.3.4.5");
-  tt_int_op(ttl, ==, 3600);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "2.3.4.5");
+  tt_int_op(ttl, OP_EQ, 3600);
 
   /* IPv4 with too-big TTL */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
                   "\x02\x03\x04\x05\xf0\x00\x00\x00", 8);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET);
-  tt_str_op(fmt_addr(&addr), ==, "2.3.4.5");
-  tt_int_op(ttl, ==, -1);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "2.3.4.5");
+  tt_int_op(ttl, OP_EQ, -1);
 
   /* IPv6 (ttl is mandatory) */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
@@ -294,10 +294,10 @@ test_cfmt_connected_cells(void *arg)
                   "\x00\x00\x02\x58", 25);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
-  tt_str_op(fmt_addr(&addr), ==, "2607:f8b0:400c:c02::68");
-  tt_int_op(ttl, ==, 600);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET6);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "2607:f8b0:400c:c02::68");
+  tt_int_op(ttl, OP_EQ, 600);
 
   /* IPv6 (ttl too big) */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
@@ -307,17 +307,17 @@ test_cfmt_connected_cells(void *arg)
                   "\x90\x00\x02\x58", 25);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
-  tt_str_op(fmt_addr(&addr), ==, "2607:f8b0:400c:c02::68");
-  tt_int_op(ttl, ==, -1);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET6);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "2607:f8b0:400c:c02::68");
+  tt_int_op(ttl, OP_EQ, -1);
 
   /* Bogus size: 3. */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
                   "\x00\x01\x02", 3);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Bogus family: 7. */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
@@ -327,7 +327,7 @@ test_cfmt_connected_cells(void *arg)
                   "\x90\x00\x02\x58", 25);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Truncated IPv6. */
   make_relay_cell(&cell, RELAY_COMMAND_CONNECTED,
@@ -337,7 +337,7 @@ test_cfmt_connected_cells(void *arg)
                   "\x00\x00\x02", 24);
   relay_header_unpack(&rh, cell.payload);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, -1);
+  tt_int_op(r, OP_EQ, -1);
 
   /* Now make sure we can generate connected cells correctly. */
   /* Try an IPv4 address */
@@ -346,16 +346,16 @@ test_cfmt_connected_cells(void *arg)
   tor_addr_parse(&addr, "30.40.50.60");
   rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE,
                                             &addr, 128);
-  tt_int_op(rh.length, ==, 8);
+  tt_int_op(rh.length, OP_EQ, 8);
   test_memeq_hex(cell.payload+RELAY_HEADER_SIZE, "1e28323c" "00000080");
 
   /* Try parsing it. */
   tor_addr_make_unspec(&addr);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET);
-  tt_str_op(fmt_addr(&addr), ==, "30.40.50.60");
-  tt_int_op(ttl, ==, 128);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "30.40.50.60");
+  tt_int_op(ttl, OP_EQ, 128);
 
   /* Try an IPv6 address */
   memset(&rh, 0, sizeof(rh));
@@ -363,7 +363,7 @@ test_cfmt_connected_cells(void *arg)
   tor_addr_parse(&addr, "2620::6b0:b:1a1a:0:26e5:480e");
   rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE,
                                             &addr, 3600);
-  tt_int_op(rh.length, ==, 25);
+  tt_int_op(rh.length, OP_EQ, 25);
   test_memeq_hex(cell.payload + RELAY_HEADER_SIZE,
                  "00000000" "06"
                  "2620000006b0000b1a1a000026e5480e" "00000e10");
@@ -371,10 +371,10 @@ test_cfmt_connected_cells(void *arg)
   /* Try parsing it. */
   tor_addr_make_unspec(&addr);
   r = connected_cell_parse(&rh, &cell, &addr, &ttl);
-  tt_int_op(r, ==, 0);
-  tt_int_op(tor_addr_family(&addr), ==, AF_INET6);
-  tt_str_op(fmt_addr(&addr), ==, "2620:0:6b0:b:1a1a:0:26e5:480e");
-  tt_int_op(ttl, ==, 3600);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET6);
+  tt_str_op(fmt_addr(&addr), OP_EQ, "2620:0:6b0:b:1a1a:0:26e5:480e");
+  tt_int_op(ttl, OP_EQ, 3600);
 
  done:
   tor_free(mem_op_hex_tmp);
@@ -398,14 +398,14 @@ test_cfmt_create_cells(void *arg)
   crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN);
   cell.command = CELL_CREATE;
   memcpy(cell.payload, b, TAP_ONIONSKIN_CHALLENGE_LEN);
-  tt_int_op(0, ==, create_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATE, ==, cc.cell_type);
-  tt_int_op(ONION_HANDSHAKE_TYPE_TAP, ==, cc.handshake_type);
-  tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, ==, cc.handshake_len);
-  test_memeq(cc.onionskin, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10);
-  tt_int_op(0, ==, create_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATE, OP_EQ, cc.cell_type);
+  tt_int_op(ONION_HANDSHAKE_TYPE_TAP, OP_EQ, cc.handshake_type);
+  tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10);
+  tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A valid create_fast cell. */
   memset(&cell, 0, sizeof(cell));
@@ -413,14 +413,14 @@ test_cfmt_create_cells(void *arg)
   crypto_rand((char*)b, CREATE_FAST_LEN);
   cell.command = CELL_CREATE_FAST;
   memcpy(cell.payload, b, CREATE_FAST_LEN);
-  tt_int_op(0, ==, create_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATE_FAST, ==, cc.cell_type);
-  tt_int_op(ONION_HANDSHAKE_TYPE_FAST, ==, cc.handshake_type);
-  tt_int_op(CREATE_FAST_LEN, ==, cc.handshake_len);
-  test_memeq(cc.onionskin, b, CREATE_FAST_LEN + 10);
-  tt_int_op(0, ==, create_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATE_FAST, OP_EQ, cc.cell_type);
+  tt_int_op(ONION_HANDSHAKE_TYPE_FAST, OP_EQ, cc.handshake_type);
+  tt_int_op(CREATE_FAST_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.onionskin,OP_EQ, b, CREATE_FAST_LEN + 10);
+  tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A valid create2 cell with a TAP payload */
   memset(&cell, 0, sizeof(cell));
@@ -429,14 +429,14 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE2;
   memcpy(cell.payload, "\x00\x00\x00\xBA", 4); /* TAP, 186 bytes long */
   memcpy(cell.payload+4, b, TAP_ONIONSKIN_CHALLENGE_LEN);
-  tt_int_op(0, ==, create_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATE2, ==, cc.cell_type);
-  tt_int_op(ONION_HANDSHAKE_TYPE_TAP, ==, cc.handshake_type);
-  tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, ==, cc.handshake_len);
-  test_memeq(cc.onionskin, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10);
-  tt_int_op(0, ==, create_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATE2, OP_EQ, cc.cell_type);
+  tt_int_op(ONION_HANDSHAKE_TYPE_TAP, OP_EQ, cc.handshake_type);
+  tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10);
+  tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A valid create2 cell with an ntor payload */
   memset(&cell, 0, sizeof(cell));
@@ -445,18 +445,14 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE2;
   memcpy(cell.payload, "\x00\x02\x00\x54", 4); /* ntor, 84 bytes long */
   memcpy(cell.payload+4, b, NTOR_ONIONSKIN_LEN);
-#ifdef CURVE25519_ENABLED
-  tt_int_op(0, ==, create_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATE2, ==, cc.cell_type);
-  tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
-  tt_int_op(NTOR_ONIONSKIN_LEN, ==, cc.handshake_len);
-  test_memeq(cc.onionskin, b, NTOR_ONIONSKIN_LEN + 10);
-  tt_int_op(0, ==, create_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
-#else
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
-#endif
+  tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATE2, OP_EQ, cc.cell_type);
+  tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, OP_EQ, cc.handshake_type);
+  tt_int_op(NTOR_ONIONSKIN_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN + 10);
+  tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A valid create cell with an ntor payload, in legacy format. */
   memset(&cell, 0, sizeof(cell));
@@ -465,42 +461,38 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE;
   memcpy(cell.payload, "ntorNTORntorNTOR", 16);
   memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN);
-#ifdef CURVE25519_ENABLED
-  tt_int_op(0, ==, create_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATE, ==, cc.cell_type);
-  tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
-  tt_int_op(NTOR_ONIONSKIN_LEN, ==, cc.handshake_len);
-  test_memeq(cc.onionskin, b, NTOR_ONIONSKIN_LEN + 10);
-  tt_int_op(0, ==, create_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
-#else
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
-#endif
+  tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATE, OP_EQ, cc.cell_type);
+  tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, OP_EQ, cc.handshake_type);
+  tt_int_op(NTOR_ONIONSKIN_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN + 10);
+  tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* == Okay, now let's try to parse some impossible stuff. */
 
   /* It has to be some kind of a create cell! */
   cell.command = CELL_CREATED;
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
+  tt_int_op(-1, OP_EQ, create_cell_parse(&cc, &cell));
 
   /* You can't acutally make an unparseable CREATE or CREATE_FAST cell. */
 
   /* Try some CREATE2 cells.  First with a bad type. */
   cell.command = CELL_CREATE2;
   memcpy(cell.payload, "\x00\x50\x00\x99", 4); /* Type 0x50???? */
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
+  tt_int_op(-1, OP_EQ, create_cell_parse(&cc, &cell));
   /* Now a good type with an incorrect length. */
   memcpy(cell.payload, "\x00\x00\x00\xBC", 4); /* TAP, 187 bytes.*/
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
+  tt_int_op(-1, OP_EQ, create_cell_parse(&cc, &cell));
   /* Now a good type with a ridiculous length. */
   memcpy(cell.payload, "\x00\x00\x02\x00", 4); /* TAP, 512 bytes.*/
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
+  tt_int_op(-1, OP_EQ, create_cell_parse(&cc, &cell));
 
   /* == Time to try formatting bad cells.  The important thing is that
      we reject big lengths, so just check that for now. */
   cc.handshake_len = 512;
-  tt_int_op(-1, ==, create_cell_format(&cell2, &cc));
+  tt_int_op(-1, OP_EQ, create_cell_format(&cell2, &cc));
 
   /* == Try formatting a create2 cell we don't understand. XXXX */
 
@@ -524,13 +516,13 @@ test_cfmt_created_cells(void *arg)
   crypto_rand((char*)b, TAP_ONIONSKIN_REPLY_LEN);
   cell.command = CELL_CREATED;
   memcpy(cell.payload, b, TAP_ONIONSKIN_REPLY_LEN);
-  tt_int_op(0, ==, created_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATED, ==, cc.cell_type);
-  tt_int_op(TAP_ONIONSKIN_REPLY_LEN, ==, cc.handshake_len);
-  test_memeq(cc.reply, b, TAP_ONIONSKIN_REPLY_LEN + 10);
-  tt_int_op(0, ==, created_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, created_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATED, OP_EQ, cc.cell_type);
+  tt_int_op(TAP_ONIONSKIN_REPLY_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.reply,OP_EQ, b, TAP_ONIONSKIN_REPLY_LEN + 10);
+  tt_int_op(0, OP_EQ, created_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A good CREATED_FAST cell */
   memset(&cell, 0, sizeof(cell));
@@ -538,13 +530,13 @@ test_cfmt_created_cells(void *arg)
   crypto_rand((char*)b, CREATED_FAST_LEN);
   cell.command = CELL_CREATED_FAST;
   memcpy(cell.payload, b, CREATED_FAST_LEN);
-  tt_int_op(0, ==, created_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATED_FAST, ==, cc.cell_type);
-  tt_int_op(CREATED_FAST_LEN, ==, cc.handshake_len);
-  test_memeq(cc.reply, b, CREATED_FAST_LEN + 10);
-  tt_int_op(0, ==, created_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, created_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATED_FAST, OP_EQ, cc.cell_type);
+  tt_int_op(CREATED_FAST_LEN, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.reply,OP_EQ, b, CREATED_FAST_LEN + 10);
+  tt_int_op(0, OP_EQ, created_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A good CREATED2 cell with short reply */
   memset(&cell, 0, sizeof(cell));
@@ -553,13 +545,13 @@ test_cfmt_created_cells(void *arg)
   cell.command = CELL_CREATED2;
   memcpy(cell.payload, "\x00\x40", 2);
   memcpy(cell.payload+2, b, 64);
-  tt_int_op(0, ==, created_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATED2, ==, cc.cell_type);
-  tt_int_op(64, ==, cc.handshake_len);
-  test_memeq(cc.reply, b, 80);
-  tt_int_op(0, ==, created_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, created_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATED2, OP_EQ, cc.cell_type);
+  tt_int_op(64, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.reply,OP_EQ, b, 80);
+  tt_int_op(0, OP_EQ, created_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* A good CREATED2 cell with maximal reply */
   memset(&cell, 0, sizeof(cell));
@@ -568,13 +560,13 @@ test_cfmt_created_cells(void *arg)
   cell.command = CELL_CREATED2;
   memcpy(cell.payload, "\x01\xF0", 2);
   memcpy(cell.payload+2, b, 496);
-  tt_int_op(0, ==, created_cell_parse(&cc, &cell));
-  tt_int_op(CELL_CREATED2, ==, cc.cell_type);
-  tt_int_op(496, ==, cc.handshake_len);
-  test_memeq(cc.reply, b, 496);
-  tt_int_op(0, ==, created_cell_format(&cell2, &cc));
-  tt_int_op(cell.command, ==, cell2.command);
-  test_memeq(cell.payload, cell2.payload, CELL_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, created_cell_parse(&cc, &cell));
+  tt_int_op(CELL_CREATED2, OP_EQ, cc.cell_type);
+  tt_int_op(496, OP_EQ, cc.handshake_len);
+  tt_mem_op(cc.reply,OP_EQ, b, 496);
+  tt_int_op(0, OP_EQ, created_cell_format(&cell2, &cc));
+  tt_int_op(cell.command, OP_EQ, cell2.command);
+  tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
 
   /* Bogus CREATED2 cell: too long! */
   memset(&cell, 0, sizeof(cell));
@@ -582,11 +574,11 @@ test_cfmt_created_cells(void *arg)
   crypto_rand((char*)b, 496);
   cell.command = CELL_CREATED2;
   memcpy(cell.payload, "\x01\xF1", 2);
-  tt_int_op(-1, ==, created_cell_parse(&cc, &cell));
+  tt_int_op(-1, OP_EQ, created_cell_parse(&cc, &cell));
 
   /* Unformattable CREATED2 cell: too long! */
   cc.handshake_len = 497;
-  tt_int_op(-1, ==, created_cell_format(&cell2, &cc));
+  tt_int_op(-1, OP_EQ, created_cell_format(&cell2, &cc));
 
  done:
   ;
@@ -614,21 +606,21 @@ test_cfmt_extend_cells(void *arg)
   memcpy(p, "\x12\xf4\x00\x01\x01\x02", 6); /* 18 244 0 1 : 258 */
   memcpy(p+6,b,TAP_ONIONSKIN_CHALLENGE_LEN);
   memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, "electroencephalogram", 20);
-  tt_int_op(0, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND,
+  tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND,
                                      p, 26+TAP_ONIONSKIN_CHALLENGE_LEN));
-  tt_int_op(RELAY_COMMAND_EXTEND, ==, ec.cell_type);
-  tt_str_op("18.244.0.1", ==, fmt_addr(&ec.orport_ipv4.addr));
-  tt_int_op(258, ==, ec.orport_ipv4.port);
-  tt_int_op(AF_UNSPEC, ==, tor_addr_family(&ec.orport_ipv6.addr));
-  test_memeq(ec.node_id, "electroencephalogram", 20);
-  tt_int_op(cc->cell_type, ==, CELL_CREATE);
-  tt_int_op(cc->handshake_type, ==, ONION_HANDSHAKE_TYPE_TAP);
-  tt_int_op(cc->handshake_len, ==, TAP_ONIONSKIN_CHALLENGE_LEN);
-  test_memeq(cc->onionskin, b, TAP_ONIONSKIN_CHALLENGE_LEN+20);
-  tt_int_op(0, ==, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
-  tt_int_op(p2_cmd, ==, RELAY_COMMAND_EXTEND);
-  tt_int_op(p2_len, ==, 26+TAP_ONIONSKIN_CHALLENGE_LEN);
-  test_memeq(p2, p, RELAY_PAYLOAD_SIZE);
+  tt_int_op(RELAY_COMMAND_EXTEND, OP_EQ, ec.cell_type);
+  tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr));
+  tt_int_op(258, OP_EQ, ec.orport_ipv4.port);
+  tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr));
+  tt_mem_op(ec.node_id,OP_EQ, "electroencephalogram", 20);
+  tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE);
+  tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_TAP);
+  tt_int_op(cc->handshake_len, OP_EQ, TAP_ONIONSKIN_CHALLENGE_LEN);
+  tt_mem_op(cc->onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN+20);
+  tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
+  tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND);
+  tt_int_op(p2_len, OP_EQ, 26+TAP_ONIONSKIN_CHALLENGE_LEN);
+  tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE);
 
   /* Let's do an ntor stuffed in a legacy EXTEND cell */
   memset(p, 0, sizeof(p));
@@ -638,22 +630,22 @@ test_cfmt_extend_cells(void *arg)
   memcpy(p+6,"ntorNTORntorNTOR", 16);
   memcpy(p+22, b, NTOR_ONIONSKIN_LEN);
   memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, "electroencephalogram", 20);
-  tt_int_op(0, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND,
+  tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND,
                                      p, 26+TAP_ONIONSKIN_CHALLENGE_LEN));
-  tt_int_op(RELAY_COMMAND_EXTEND, ==, ec.cell_type);
-  tt_str_op("18.244.0.1", ==, fmt_addr(&ec.orport_ipv4.addr));
-  tt_int_op(258, ==, ec.orport_ipv4.port);
-  tt_int_op(AF_UNSPEC, ==, tor_addr_family(&ec.orport_ipv6.addr));
-  test_memeq(ec.node_id, "electroencephalogram", 20);
-  tt_int_op(cc->cell_type, ==, CELL_CREATE2);
-  tt_int_op(cc->handshake_type, ==, ONION_HANDSHAKE_TYPE_NTOR);
-  tt_int_op(cc->handshake_len, ==, NTOR_ONIONSKIN_LEN);
-  test_memeq(cc->onionskin, b, NTOR_ONIONSKIN_LEN+20);
-  tt_int_op(0, ==, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
-  tt_int_op(p2_cmd, ==, RELAY_COMMAND_EXTEND);
-  tt_int_op(p2_len, ==, 26+TAP_ONIONSKIN_CHALLENGE_LEN);
-  test_memeq(p2, p, RELAY_PAYLOAD_SIZE);
-  tt_int_op(0, ==, create_cell_format_relayed(&cell, cc));
+  tt_int_op(RELAY_COMMAND_EXTEND, OP_EQ, ec.cell_type);
+  tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr));
+  tt_int_op(258, OP_EQ, ec.orport_ipv4.port);
+  tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr));
+  tt_mem_op(ec.node_id,OP_EQ, "electroencephalogram", 20);
+  tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE2);
+  tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_NTOR);
+  tt_int_op(cc->handshake_len, OP_EQ, NTOR_ONIONSKIN_LEN);
+  tt_mem_op(cc->onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN+20);
+  tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
+  tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND);
+  tt_int_op(p2_len, OP_EQ, 26+TAP_ONIONSKIN_CHALLENGE_LEN);
+  tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE);
+  tt_int_op(0, OP_EQ, create_cell_format_relayed(&cell, cc));
 
   /* Now let's do a minimal ntor EXTEND2 cell. */
   memset(&ec, 0xff, sizeof(ec));
@@ -667,21 +659,21 @@ test_cfmt_extend_cells(void *arg)
   /* Prep for the handshake: type and length */
   memcpy(p+31, "\x00\x02\x00\x54", 4);
   memcpy(p+35, b, NTOR_ONIONSKIN_LEN);
-  tt_int_op(0, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                      p, 35+NTOR_ONIONSKIN_LEN));
-  tt_int_op(RELAY_COMMAND_EXTEND2, ==, ec.cell_type);
-  tt_str_op("18.244.0.1", ==, fmt_addr(&ec.orport_ipv4.addr));
-  tt_int_op(61681, ==, ec.orport_ipv4.port);
-  tt_int_op(AF_UNSPEC, ==, tor_addr_family(&ec.orport_ipv6.addr));
-  test_memeq(ec.node_id, "anarchoindividualist", 20);
-  tt_int_op(cc->cell_type, ==, CELL_CREATE2);
-  tt_int_op(cc->handshake_type, ==, ONION_HANDSHAKE_TYPE_NTOR);
-  tt_int_op(cc->handshake_len, ==, NTOR_ONIONSKIN_LEN);
-  test_memeq(cc->onionskin, b, NTOR_ONIONSKIN_LEN+20);
-  tt_int_op(0, ==, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
-  tt_int_op(p2_cmd, ==, RELAY_COMMAND_EXTEND2);
-  tt_int_op(p2_len, ==, 35+NTOR_ONIONSKIN_LEN);
-  test_memeq(p2, p, RELAY_PAYLOAD_SIZE);
+  tt_int_op(RELAY_COMMAND_EXTEND2, OP_EQ, ec.cell_type);
+  tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr));
+  tt_int_op(61681, OP_EQ, ec.orport_ipv4.port);
+  tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr));
+  tt_mem_op(ec.node_id,OP_EQ, "anarchoindividualist", 20);
+  tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE2);
+  tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_NTOR);
+  tt_int_op(cc->handshake_len, OP_EQ, NTOR_ONIONSKIN_LEN);
+  tt_mem_op(cc->onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN+20);
+  tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
+  tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND2);
+  tt_int_op(p2_len, OP_EQ, 35+NTOR_ONIONSKIN_LEN);
+  tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE);
 
   /* Now let's do a fanciful EXTEND2 cell. */
   memset(&ec, 0xff, sizeof(ec));
@@ -700,21 +692,21 @@ test_cfmt_extend_cells(void *arg)
   /* Prep for the handshake: weird type and length */
   memcpy(p+85, "\x01\x05\x00\x63", 4);
   memcpy(p+89, b, 99);
-  tt_int_op(0, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2, p, 89+99));
-  tt_int_op(RELAY_COMMAND_EXTEND2, ==, ec.cell_type);
-  tt_str_op("18.244.0.1", ==, fmt_addr(&ec.orport_ipv4.addr));
-  tt_int_op(61681, ==, ec.orport_ipv4.port);
-  tt_str_op("2002::f0:c51e", ==, fmt_addr(&ec.orport_ipv6.addr));
-  tt_int_op(4370, ==, ec.orport_ipv6.port);
-  test_memeq(ec.node_id, "anthropomorphization", 20);
-  tt_int_op(cc->cell_type, ==, CELL_CREATE2);
-  tt_int_op(cc->handshake_type, ==, 0x105);
-  tt_int_op(cc->handshake_len, ==, 99);
-  test_memeq(cc->onionskin, b, 99+20);
-  tt_int_op(0, ==, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
-  tt_int_op(p2_cmd, ==, RELAY_COMMAND_EXTEND2);
+  tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2, p, 89+99));
+  tt_int_op(RELAY_COMMAND_EXTEND2, OP_EQ, ec.cell_type);
+  tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr));
+  tt_int_op(61681, OP_EQ, ec.orport_ipv4.port);
+  tt_str_op("2002::f0:c51e", OP_EQ, fmt_addr(&ec.orport_ipv6.addr));
+  tt_int_op(4370, OP_EQ, ec.orport_ipv6.port);
+  tt_mem_op(ec.node_id,OP_EQ, "anthropomorphization", 20);
+  tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE2);
+  tt_int_op(cc->handshake_type, OP_EQ, 0x105);
+  tt_int_op(cc->handshake_len, OP_EQ, 99);
+  tt_mem_op(cc->onionskin,OP_EQ, b, 99+20);
+  tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
+  tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND2);
   /* We'll generate it minus the IPv6 address and minus the konami code */
-  tt_int_op(p2_len, ==, 89+99-34-20);
+  tt_int_op(p2_len, OP_EQ, 89+99-34-20);
   test_memeq_hex(p2,
                  /* Two items: one that same darn IP address. */
                  "02000612F40001F0F1"
@@ -722,8 +714,8 @@ test_cfmt_extend_cells(void *arg)
                  "0214616e7468726f706f6d6f727068697a6174696f6e"
                  /* Now the handshake prologue */
                  "01050063");
-  test_memeq(p2+1+8+22+4, b, 99+20);
-  tt_int_op(0, ==, create_cell_format_relayed(&cell, cc));
+  tt_mem_op(p2+1+8+22+4,OP_EQ, b, 99+20);
+  tt_int_op(0, OP_EQ, create_cell_format_relayed(&cell, cc));
 
   /* == Now try parsing some junk */
 
@@ -732,7 +724,7 @@ test_cfmt_extend_cells(void *arg)
   memcpy(p, "\x02\x00\x06\x12\xf4\x00\x01\xf0\xf1", 9);
   memcpy(p+9, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+31, "\xff\xff\x01\xd0", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
 
   /* Try two identities. */
@@ -741,14 +733,14 @@ test_cfmt_extend_cells(void *arg)
   memcpy(p+9, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+31, "\x02\x14" "autodepolymerization", 22);
   memcpy(p+53, "\xff\xff\x00\x10", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
 
   /* No identities. */
   memset(p, 0, sizeof(p));
   memcpy(p, "\x01\x00\x06\x12\xf4\x00\x01\xf0\xf1", 9);
   memcpy(p+53, "\xff\xff\x00\x10", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
 
   /* Try a bad IPv4 address (too long, too short)*/
@@ -756,13 +748,13 @@ test_cfmt_extend_cells(void *arg)
   memcpy(p, "\x02\x00\x07\x12\xf4\x00\x01\xf0\xf1\xff", 10);
   memcpy(p+10, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+32, "\xff\xff\x00\x10", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
   memset(p, 0, sizeof(p));
   memcpy(p, "\x02\x00\x05\x12\xf4\x00\x01\xf0", 8);
   memcpy(p+8, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+30, "\xff\xff\x00\x10", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
 
   /* IPv6 address (too long, too short, no IPv4)*/
@@ -771,28 +763,28 @@ test_cfmt_extend_cells(void *arg)
   memcpy(p+9, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+31, "\x01\x13" "xxxxxxxxxxxxxxxxYYZ", 19);
   memcpy(p+50, "\xff\xff\x00\x20", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
   memset(p, 0, sizeof(p));
   memcpy(p, "\x03\x00\x06\x12\xf4\x00\x01\xf0\xf1", 9);
   memcpy(p+9, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+31, "\x01\x11" "xxxxxxxxxxxxxxxxY", 17);
   memcpy(p+48, "\xff\xff\x00\x20", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
   memset(p, 0, sizeof(p));
   memcpy(p, "\x02", 1);
   memcpy(p+1, "\x02\x14" "anarchoindividualist", 22);
   memcpy(p+23, "\x01\x12" "xxxxxxxxxxxxxxxxYY", 18);
   memcpy(p+41, "\xff\xff\x00\x20", 4);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
 
   /* Running out of space in specifiers  */
   memset(p,0,sizeof(p));
   memcpy(p, "\x05\x0a\xff", 3);
   memcpy(p+3+255, "\x0a\xff", 2);
-  tt_int_op(-1, ==, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
+  tt_int_op(-1, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND2,
                                       p, sizeof(p)));
 
   /* Fuzz, because why not. */
@@ -831,16 +823,16 @@ test_cfmt_extended_cells(void *arg)
   memset(b, 0, sizeof(b));
   crypto_rand((char*)b, TAP_ONIONSKIN_REPLY_LEN);
   memcpy(p,b,TAP_ONIONSKIN_REPLY_LEN);
-  tt_int_op(0, ==, extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED, p,
+  tt_int_op(0, OP_EQ, extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED, p,
                                        TAP_ONIONSKIN_REPLY_LEN));
-  tt_int_op(RELAY_COMMAND_EXTENDED, ==, ec.cell_type);
-  tt_int_op(cc->cell_type, ==, CELL_CREATED);
-  tt_int_op(cc->handshake_len, ==, TAP_ONIONSKIN_REPLY_LEN);
-  test_memeq(cc->reply, b, TAP_ONIONSKIN_REPLY_LEN);
-  tt_int_op(0, ==, extended_cell_format(&p2_cmd, &p2_len, p2, &ec));
-  tt_int_op(RELAY_COMMAND_EXTENDED, ==, p2_cmd);
-  tt_int_op(TAP_ONIONSKIN_REPLY_LEN, ==, p2_len);
-  test_memeq(p2, p, sizeof(p2));
+  tt_int_op(RELAY_COMMAND_EXTENDED, OP_EQ, ec.cell_type);
+  tt_int_op(cc->cell_type, OP_EQ, CELL_CREATED);
+  tt_int_op(cc->handshake_len, OP_EQ, TAP_ONIONSKIN_REPLY_LEN);
+  tt_mem_op(cc->reply,OP_EQ, b, TAP_ONIONSKIN_REPLY_LEN);
+  tt_int_op(0, OP_EQ, extended_cell_format(&p2_cmd, &p2_len, p2, &ec));
+  tt_int_op(RELAY_COMMAND_EXTENDED, OP_EQ, p2_cmd);
+  tt_int_op(TAP_ONIONSKIN_REPLY_LEN, OP_EQ, p2_len);
+  tt_mem_op(p2,OP_EQ, p, sizeof(p2));
 
   /* Try an EXTENDED2 cell */
   memset(&ec, 0xff, sizeof(ec));
@@ -849,25 +841,26 @@ test_cfmt_extended_cells(void *arg)
   crypto_rand((char*)b, 42);
   memcpy(p,"\x00\x2a",2);
   memcpy(p+2,b,42);
-  tt_int_op(0, ==, extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED2, p, 2+42));
-  tt_int_op(RELAY_COMMAND_EXTENDED2, ==, ec.cell_type);
-  tt_int_op(cc->cell_type, ==, CELL_CREATED2);
-  tt_int_op(cc->handshake_len, ==, 42);
-  test_memeq(cc->reply, b, 42+10);
-  tt_int_op(0, ==, extended_cell_format(&p2_cmd, &p2_len, p2, &ec));
-  tt_int_op(RELAY_COMMAND_EXTENDED2, ==, p2_cmd);
-  tt_int_op(2+42, ==, p2_len);
-  test_memeq(p2, p, sizeof(p2));
+  tt_int_op(0, OP_EQ,
+            extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED2, p, 2+42));
+  tt_int_op(RELAY_COMMAND_EXTENDED2, OP_EQ, ec.cell_type);
+  tt_int_op(cc->cell_type, OP_EQ, CELL_CREATED2);
+  tt_int_op(cc->handshake_len, OP_EQ, 42);
+  tt_mem_op(cc->reply,OP_EQ, b, 42+10);
+  tt_int_op(0, OP_EQ, extended_cell_format(&p2_cmd, &p2_len, p2, &ec));
+  tt_int_op(RELAY_COMMAND_EXTENDED2, OP_EQ, p2_cmd);
+  tt_int_op(2+42, OP_EQ, p2_len);
+  tt_mem_op(p2,OP_EQ, p, sizeof(p2));
 
   /* Try an almost-too-long EXTENDED2 cell */
   memcpy(p, "\x01\xf0", 2);
-  tt_int_op(0, ==,
+  tt_int_op(0, OP_EQ,
             extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED2, p, sizeof(p)));
 
   /* Now try a too-long extended2 cell. That's the only misparse I can think
    * of. */
   memcpy(p, "\x01\xf1", 2);
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED2, p, sizeof(p)));
 
  done:
@@ -911,22 +904,22 @@ test_cfmt_resolved_cells(void *arg)
   /* Let's try an empty cell */
   SET_CELL("");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   CLEAR_ADDRS(); /* redundant but let's be consistent */
 
   /* Cell with one ipv4 addr */
   SET_CELL("\x04\x04" "\x7f\x00\x02\x0a" "\x00\00\x01\x00");
-  tt_int_op(rh.length, ==, 10);
+  tt_int_op(rh.length, OP_EQ, 10);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 1);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 1);
   a = smartlist_get(addrs, 0);
-  tt_str_op(fmt_addr(&a->addr), ==, "127.0.2.10");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 256);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "127.0.2.10");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 256);
   CLEAR_ADDRS();
 
   /* Cell with one ipv6 addr */
@@ -934,30 +927,30 @@ test_cfmt_resolved_cells(void *arg)
            "\x20\x02\x90\x90\x00\x00\x00\x00"
            "\x00\x00\x00\x00\xf0\xf0\xab\xcd"
            "\x02\00\x00\x01");
-  tt_int_op(rh.length, ==, 22);
+  tt_int_op(rh.length, OP_EQ, 22);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 1);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 1);
   a = smartlist_get(addrs, 0);
-  tt_str_op(fmt_addr(&a->addr), ==, "2002:9090::f0f0:abcd");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 0x2000001);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "2002:9090::f0f0:abcd");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 0x2000001);
   CLEAR_ADDRS();
 
   /* Cell with one hostname */
   SET_CELL("\x00\x11"
            "motherbrain.zebes"
            "\x00\00\x00\x00");
-  tt_int_op(rh.length, ==, 23);
+  tt_int_op(rh.length, OP_EQ, 23);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 1);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 1);
   a = smartlist_get(addrs, 0);
   tt_assert(tor_addr_is_null(&a->addr));
-  tt_str_op(a->hostname, ==, "motherbrain.zebes");
-  tt_int_op(a->ttl, ==, 0);
+  tt_str_op(a->hostname, OP_EQ, "motherbrain.zebes");
+  tt_int_op(a->ttl, OP_EQ, 0);
   CLEAR_ADDRS();
 
 #define LONG_NAME \
@@ -966,51 +959,51 @@ test_cfmt_resolved_cells(void *arg)
   "function-is-already-very-full.of-copy-and-pasted-stuff.having-this-app" \
   "ear-more-than-once-would-bother-me-somehow.is"
 
-  tt_int_op(strlen(LONG_NAME), ==, 255);
+  tt_int_op(strlen(LONG_NAME), OP_EQ, 255);
   SET_CELL("\x00\xff"
            LONG_NAME
            "\x00\01\x00\x00");
-  tt_int_op(rh.length, ==, 261);
+  tt_int_op(rh.length, OP_EQ, 261);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 1);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 1);
   a = smartlist_get(addrs, 0);
   tt_assert(tor_addr_is_null(&a->addr));
-  tt_str_op(a->hostname, ==, LONG_NAME);
-  tt_int_op(a->ttl, ==, 65536);
+  tt_str_op(a->hostname, OP_EQ, LONG_NAME);
+  tt_int_op(a->ttl, OP_EQ, 65536);
   CLEAR_ADDRS();
 
   /* Cells with an error */
   SET_CELL("\xf0\x2b"
            "I'm sorry, Dave. I'm afraid I can't do that"
            "\x00\x11\x22\x33");
-  tt_int_op(rh.length, ==, 49);
+  tt_int_op(rh.length, OP_EQ, 49);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, RESOLVED_TYPE_ERROR_TRANSIENT);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, RESOLVED_TYPE_ERROR_TRANSIENT);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   CLEAR_ADDRS();
 
   SET_CELL("\xf1\x40"
            "This hostname is too important for me to allow you to resolve it"
            "\x00\x00\x00\x00");
-  tt_int_op(rh.length, ==, 70);
+  tt_int_op(rh.length, OP_EQ, 70);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, RESOLVED_TYPE_ERROR);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, RESOLVED_TYPE_ERROR);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   CLEAR_ADDRS();
 
   /* Cell with an unrecognized type */
   SET_CELL("\xee\x16"
            "fault in the AE35 unit"
            "\x09\x09\x01\x01");
-  tt_int_op(rh.length, ==, 28);
+  tt_int_op(rh.length, OP_EQ, 28);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   CLEAR_ADDRS();
 
   /* Cell with one of each */
@@ -1035,21 +1028,21 @@ test_cfmt_resolved_cells(void *arg)
            "\x00\00\x00\x00"
            );
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0); /* no error reported; we got answers */
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 3);
+  tt_int_op(errcode, OP_EQ, 0); /* no error reported; we got answers */
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 3);
   a = smartlist_get(addrs, 0);
-  tt_str_op(fmt_addr(&a->addr), ==, "2002:9090::f0f0:abcd");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 0x2000001);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "2002:9090::f0f0:abcd");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 0x2000001);
   a = smartlist_get(addrs, 1);
-  tt_str_op(fmt_addr(&a->addr), ==, "127.0.2.10");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 256);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "127.0.2.10");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 256);
   a = smartlist_get(addrs, 2);
   tt_assert(tor_addr_is_null(&a->addr));
-  tt_str_op(a->hostname, ==, "motherbrain.zebes");
-  tt_int_op(a->ttl, ==, 0);
+  tt_str_op(a->hostname, OP_EQ, "motherbrain.zebes");
+  tt_int_op(a->ttl, OP_EQ, 0);
   CLEAR_ADDRS();
 
   /* Cell with several of similar type */
@@ -1067,29 +1060,29 @@ test_cfmt_resolved_cells(void *arg)
            "\x00\x00\x00\x00\x00\xfa\xca\xde"
            "\x00\00\x00\x03");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 5);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 5);
   a = smartlist_get(addrs, 0);
-  tt_str_op(fmt_addr(&a->addr), ==, "127.0.2.10");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 256);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "127.0.2.10");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 256);
   a = smartlist_get(addrs, 1);
-  tt_str_op(fmt_addr(&a->addr), ==, "8.8.8.8");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 261);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "8.8.8.8");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 261);
   a = smartlist_get(addrs, 2);
-  tt_str_op(fmt_addr(&a->addr), ==, "127.176.2.176");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 131071);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "127.176.2.176");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 131071);
   a = smartlist_get(addrs, 3);
-  tt_str_op(fmt_addr(&a->addr), ==, "2002:9000::cafe:f00d");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 1);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "2002:9000::cafe:f00d");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 1);
   a = smartlist_get(addrs, 4);
-  tt_str_op(fmt_addr(&a->addr), ==, "2002:9001::fa:cade");
-  tt_ptr_op(a->hostname, ==, NULL);
-  tt_int_op(a->ttl, ==, 3);
+  tt_str_op(fmt_addr(&a->addr), OP_EQ, "2002:9001::fa:cade");
+  tt_ptr_op(a->hostname, OP_EQ, NULL);
+  tt_int_op(a->ttl, OP_EQ, 3);
   CLEAR_ADDRS();
 
   /* Full cell */
@@ -1099,22 +1092,22 @@ test_cfmt_resolved_cells(void *arg)
   "g-case.to-avoid-off-by-one-errors.where-full-things-are-misreported-as" \
   ".overflowing-by-one.z"
 
-  tt_int_op(strlen(LONG_NAME2), ==, 231);
+  tt_int_op(strlen(LONG_NAME2), OP_EQ, 231);
   SET_CELL("\x00\xff"
            LONG_NAME
            "\x00\01\x00\x00"
            "\x00\xe7"
            LONG_NAME2
            "\x00\01\x00\x00");
-  tt_int_op(rh.length, ==, RELAY_PAYLOAD_SIZE);
+  tt_int_op(rh.length, OP_EQ, RELAY_PAYLOAD_SIZE);
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, 0);
-  tt_int_op(smartlist_len(addrs), ==, 2);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 2);
   a = smartlist_get(addrs, 0);
-  tt_str_op(a->hostname, ==, LONG_NAME);
+  tt_str_op(a->hostname, OP_EQ, LONG_NAME);
   a = smartlist_get(addrs, 1);
-  tt_str_op(a->hostname, ==, LONG_NAME2);
+  tt_str_op(a->hostname, OP_EQ, LONG_NAME2);
   CLEAR_ADDRS();
 
   /* BAD CELLS */
@@ -1122,49 +1115,49 @@ test_cfmt_resolved_cells(void *arg)
   /* Invalid length on an IPv4 */
   SET_CELL("\x04\x03zzz1234");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   SET_CELL("\x04\x04" "\x7f\x00\x02\x0a" "\x00\00\x01\x00"
            "\x04\x05zzzzz1234");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   /* Invalid length on an IPv6 */
   SET_CELL("\x06\x03zzz1234");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   SET_CELL("\x04\x04" "\x7f\x00\x02\x0a" "\x00\00\x01\x00"
            "\x06\x17wwwwwwwwwwwwwwwww1234");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   SET_CELL("\x04\x04" "\x7f\x00\x02\x0a" "\x00\00\x01\x00"
            "\x06\x10xxxx");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   /* Empty hostname */
   SET_CELL("\x00\x00xxxx");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   /* rh.length out of range */
   CLEAR_CELL();
   rh.length = 499;
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(errcode, ==, 0);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(errcode, OP_EQ, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   /* Item length extends beyond rh.length */
   CLEAR_CELL();
@@ -1173,18 +1166,18 @@ test_cfmt_resolved_cells(void *arg)
            "\x00\01\x00\x00");
   rh.length -= 1;
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
   rh.length -= 5;
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   SET_CELL("\x04\x04" "\x7f\x00\x02\x0a" "\x00\00\x01\x00");
   rh.length -= 1;
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   SET_CELL("\xee\x10"
            "\x20\x02\x90\x01\x00\x00\x00\x00"
@@ -1192,19 +1185,19 @@ test_cfmt_resolved_cells(void *arg)
            "\x00\00\x00\x03");
   rh.length -= 1;
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   /* Truncated item after first character */
   SET_CELL("\x04");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
   SET_CELL("\xee");
   r = resolved_cell_parse(&cell, &rh, addrs, &errcode);
-  tt_int_op(r, ==, -1);
-  tt_int_op(smartlist_len(addrs), ==, 0);
+  tt_int_op(r, OP_EQ, -1);
+  tt_int_op(smartlist_len(addrs), OP_EQ, 0);
 
  done:
   CLEAR_ADDRS();
@@ -1232,19 +1225,19 @@ test_cfmt_is_destroy(void *arg)
   cell_pack(&packed, &cell, 0);
   chan->wide_circ_ids = 0;
   tt_assert(! packed_cell_is_destroy(chan, &packed, &circid));
-  tt_int_op(circid, ==, 0);
+  tt_int_op(circid, OP_EQ, 0);
 
   cell_pack(&packed, &cell, 1);
   chan->wide_circ_ids = 1;
   tt_assert(! packed_cell_is_destroy(chan, &packed, &circid));
-  tt_int_op(circid, ==, 0);
+  tt_int_op(circid, OP_EQ, 0);
 
   cell.command = CELL_DESTROY;
 
   cell_pack(&packed, &cell, 0);
   chan->wide_circ_ids = 0;
   tt_assert(packed_cell_is_destroy(chan, &packed, &circid));
-  tt_int_op(circid, ==, 3003);
+  tt_int_op(circid, OP_EQ, 3003);
 
   circid = 0;
   cell_pack(&packed, &cell, 1);
diff --git a/src/test/test_cell_queue.c b/src/test/test_cell_queue.c
index 92629823ec..93ac9854d8 100644
--- a/src/test/test_cell_queue.c
+++ b/src/test/test_cell_queue.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define CIRCUITLIST_PRIVATE
@@ -16,12 +16,8 @@ test_cq_manip(void *arg)
   cell_t cell;
   (void) arg;
 
-#ifdef ENABLE_MEMPOOLS
-  init_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
-
   cell_queue_init(&cq);
-  tt_int_op(cq.n, ==, 0);
+  tt_int_op(cq.n, OP_EQ, 0);
 
   pc1 = packed_cell_new();
   pc2 = packed_cell_new();
@@ -29,26 +25,26 @@ test_cq_manip(void *arg)
   pc4 = packed_cell_new();
   tt_assert(pc1 && pc2 && pc3 && pc4);
 
-  tt_ptr_op(NULL, ==, cell_queue_pop(&cq));
+  tt_ptr_op(NULL, OP_EQ, cell_queue_pop(&cq));
 
   /* Add and remove a singleton. */
   cell_queue_append(&cq, pc1);
-  tt_int_op(cq.n, ==, 1);
-  tt_ptr_op(pc1, ==, cell_queue_pop(&cq));
-  tt_int_op(cq.n, ==, 0);
+  tt_int_op(cq.n, OP_EQ, 1);
+  tt_ptr_op(pc1, OP_EQ, cell_queue_pop(&cq));
+  tt_int_op(cq.n, OP_EQ, 0);
 
   /* Add and remove four items */
   cell_queue_append(&cq, pc4);
   cell_queue_append(&cq, pc3);
   cell_queue_append(&cq, pc2);
   cell_queue_append(&cq, pc1);
-  tt_int_op(cq.n, ==, 4);
-  tt_ptr_op(pc4, ==, cell_queue_pop(&cq));
-  tt_ptr_op(pc3, ==, cell_queue_pop(&cq));
-  tt_ptr_op(pc2, ==, cell_queue_pop(&cq));
-  tt_ptr_op(pc1, ==, cell_queue_pop(&cq));
-  tt_int_op(cq.n, ==, 0);
-  tt_ptr_op(NULL, ==, cell_queue_pop(&cq));
+  tt_int_op(cq.n, OP_EQ, 4);
+  tt_ptr_op(pc4, OP_EQ, cell_queue_pop(&cq));
+  tt_ptr_op(pc3, OP_EQ, cell_queue_pop(&cq));
+  tt_ptr_op(pc2, OP_EQ, cell_queue_pop(&cq));
+  tt_ptr_op(pc1, OP_EQ, cell_queue_pop(&cq));
+  tt_int_op(cq.n, OP_EQ, 0);
+  tt_ptr_op(NULL, OP_EQ, cell_queue_pop(&cq));
 
   /* Try a packed copy (wide, then narrow, which is a bit of a cheat, since a
    * real cell queue has only one type.) */
@@ -64,32 +60,32 @@ test_cq_manip(void *arg)
   cell.circ_id = 0x2013;
   cell_queue_append_packed_copy(NULL /*circ*/, &cq, 0 /*exitward*/, &cell,
                                 0 /*wide*/, 0 /*stats*/);
-  tt_int_op(cq.n, ==, 2);
+  tt_int_op(cq.n, OP_EQ, 2);
 
   pc_tmp = cell_queue_pop(&cq);
-  tt_int_op(cq.n, ==, 1);
-  tt_ptr_op(pc_tmp, !=, NULL);
-  test_mem_op(pc_tmp->body, ==, "\x12\x34\x56\x78\x0a", 5);
-  test_mem_op(pc_tmp->body+5, ==, cell.payload, sizeof(cell.payload));
+  tt_int_op(cq.n, OP_EQ, 1);
+  tt_ptr_op(pc_tmp, OP_NE, NULL);
+  tt_mem_op(pc_tmp->body, OP_EQ, "\x12\x34\x56\x78\x0a", 5);
+  tt_mem_op(pc_tmp->body+5, OP_EQ, cell.payload, sizeof(cell.payload));
   packed_cell_free(pc_tmp);
 
   pc_tmp = cell_queue_pop(&cq);
-  tt_int_op(cq.n, ==, 0);
-  tt_ptr_op(pc_tmp, !=, NULL);
-  test_mem_op(pc_tmp->body, ==, "\x20\x13\x0a", 3);
-  test_mem_op(pc_tmp->body+3, ==, cell.payload, sizeof(cell.payload));
+  tt_int_op(cq.n, OP_EQ, 0);
+  tt_ptr_op(pc_tmp, OP_NE, NULL);
+  tt_mem_op(pc_tmp->body, OP_EQ, "\x20\x13\x0a", 3);
+  tt_mem_op(pc_tmp->body+3, OP_EQ, cell.payload, sizeof(cell.payload));
   packed_cell_free(pc_tmp);
   pc_tmp = NULL;
 
-  tt_ptr_op(NULL, ==, cell_queue_pop(&cq));
+  tt_ptr_op(NULL, OP_EQ, cell_queue_pop(&cq));
 
   /* Now make sure cell_queue_clear works. */
   cell_queue_append(&cq, pc2);
   cell_queue_append(&cq, pc1);
-  tt_int_op(cq.n, ==, 2);
+  tt_int_op(cq.n, OP_EQ, 2);
   cell_queue_clear(&cq);
   pc2 = pc1 = NULL; /* prevent double-free */
-  tt_int_op(cq.n, ==, 0);
+  tt_int_op(cq.n, OP_EQ, 0);
 
  done:
   packed_cell_free(pc1);
@@ -99,10 +95,6 @@ test_cq_manip(void *arg)
   packed_cell_free(pc_tmp);
 
   cell_queue_clear(&cq);
-
-#ifdef ENABLE_MEMPOOLS
-  free_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
 }
 
 static void
@@ -114,10 +106,6 @@ test_circuit_n_cells(void *arg)
 
   (void)arg;
 
-#ifdef ENABLE_MEMPOOLS
-  init_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
-
   pc1 = packed_cell_new();
   pc2 = packed_cell_new();
   pc3 = packed_cell_new();
@@ -129,25 +117,21 @@ test_circuit_n_cells(void *arg)
   origin_c = origin_circuit_new();
   origin_c->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL;
 
-  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(or_c)), ==, 0);
+  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(or_c)), OP_EQ, 0);
   cell_queue_append(&or_c->p_chan_cells, pc1);
-  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(or_c)), ==, 1);
+  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(or_c)), OP_EQ, 1);
   cell_queue_append(&or_c->base_.n_chan_cells, pc2);
   cell_queue_append(&or_c->base_.n_chan_cells, pc3);
-  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(or_c)), ==, 3);
+  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(or_c)), OP_EQ, 3);
 
-  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(origin_c)), ==, 0);
+  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(origin_c)), OP_EQ, 0);
   cell_queue_append(&origin_c->base_.n_chan_cells, pc4);
   cell_queue_append(&origin_c->base_.n_chan_cells, pc5);
-  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(origin_c)), ==, 2);
+  tt_int_op(n_cells_in_circ_queues(TO_CIRCUIT(origin_c)), OP_EQ, 2);
 
  done:
   circuit_free(TO_CIRCUIT(or_c));
   circuit_free(TO_CIRCUIT(origin_c));
-
-#ifdef ENABLE_MEMPOOLS
-  free_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
 }
 
 struct testcase_t cell_queue_tests[] = {
diff --git a/src/test/test_channel.c b/src/test/test_channel.c
new file mode 100644
index 0000000000..846e419fea
--- /dev/null
+++ b/src/test/test_channel.c
@@ -0,0 +1,1784 @@
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define TOR_CHANNEL_INTERNAL_
+#define CHANNEL_PRIVATE_
+#include "or.h"
+#include "channel.h"
+/* For channel_note_destroy_not_pending */
+#include "circuitlist.h"
+#include "circuitmux.h"
+/* For var_cell_free */
+#include "connection_or.h"
+/* For packed_cell stuff */
+#define RELAY_PRIVATE
+#include "relay.h"
+/* For init/free stuff */
+#include "scheduler.h"
+
+/* Test suite stuff */
+#include "test.h"
+#include "fakechans.h"
+
+/* This comes from channel.c */
+extern uint64_t estimated_total_queue_size;
+
+static int test_chan_accept_cells = 0;
+static int test_chan_fixed_cells_recved = 0;
+static cell_t * test_chan_last_seen_fixed_cell_ptr = NULL;
+static int test_chan_var_cells_recved = 0;
+static var_cell_t * test_chan_last_seen_var_cell_ptr = NULL;
+static int test_cells_written = 0;
+static int test_destroy_not_pending_calls = 0;
+static int test_doesnt_want_writes_count = 0;
+static int test_dumpstats_calls = 0;
+static int test_has_waiting_cells_count = 0;
+static double test_overhead_estimate = 1.0f;
+static int test_releases_count = 0;
+static circuitmux_t *test_target_cmux = NULL;
+static unsigned int test_cmux_cells = 0;
+static channel_t *dump_statistics_mock_target = NULL;
+static int dump_statistics_mock_matches = 0;
+
+static void chan_test_channel_dump_statistics_mock(
+    channel_t *chan, int severity);
+static int chan_test_channel_flush_from_first_active_circuit_mock(
+    channel_t *chan, int max);
+static unsigned int chan_test_circuitmux_num_cells_mock(circuitmux_t *cmux);
+static void channel_note_destroy_not_pending_mock(channel_t *ch,
+                                                  circid_t circid);
+static void chan_test_cell_handler(channel_t *ch,
+                                   cell_t *cell);
+static const char * chan_test_describe_transport(channel_t *ch);
+static void chan_test_dumpstats(channel_t *ch, int severity);
+static void chan_test_var_cell_handler(channel_t *ch,
+                                       var_cell_t *var_cell);
+static void chan_test_close(channel_t *ch);
+static void chan_test_error(channel_t *ch);
+static void chan_test_finish_close(channel_t *ch);
+static const char * chan_test_get_remote_descr(channel_t *ch, int flags);
+static int chan_test_is_canonical(channel_t *ch, int req);
+static size_t chan_test_num_bytes_queued(channel_t *ch);
+static int chan_test_num_cells_writeable(channel_t *ch);
+static int chan_test_write_cell(channel_t *ch, cell_t *cell);
+static int chan_test_write_packed_cell(channel_t *ch,
+                                       packed_cell_t *packed_cell);
+static int chan_test_write_var_cell(channel_t *ch, var_cell_t *var_cell);
+static void scheduler_channel_doesnt_want_writes_mock(channel_t *ch);
+
+static void test_channel_dumpstats(void *arg);
+static void test_channel_flush(void *arg);
+static void test_channel_flushmux(void *arg);
+static void test_channel_incoming(void *arg);
+static void test_channel_lifecycle(void *arg);
+static void test_channel_multi(void *arg);
+static void test_channel_queue_incoming(void *arg);
+static void test_channel_queue_size(void *arg);
+static void test_channel_write(void *arg);
+
+static void
+channel_note_destroy_not_pending_mock(channel_t *ch,
+                                      circid_t circid)
+{
+  (void)ch;
+  (void)circid;
+
+  ++test_destroy_not_pending_calls;
+}
+
+static const char *
+chan_test_describe_transport(channel_t *ch)
+{
+  tt_assert(ch != NULL);
+
+ done:
+  return "Fake channel for unit tests";
+}
+
+/**
+ * Mock for channel_dump_statistics(); if the channel matches the
+ * target, bump a counter - otherwise ignore.
+ */
+
+static void
+chan_test_channel_dump_statistics_mock(channel_t *chan, int severity)
+{
+  tt_assert(chan != NULL);
+
+  (void)severity;
+
+  if (chan != NULL && chan == dump_statistics_mock_target) {
+    ++dump_statistics_mock_matches;
+  }
+
+ done:
+  return;
+}
+
+/**
+ * If the target cmux is the cmux for chan, make fake cells up to the
+ * target number of cells and write them to chan.  Otherwise, invoke
+ * the real channel_flush_from_first_active_circuit().
+ */
+
+static int
+chan_test_channel_flush_from_first_active_circuit_mock(channel_t *chan,
+                                                       int max)
+{
+  int result = 0, c = 0;
+  packed_cell_t *cell = NULL;
+
+  tt_assert(chan != NULL);
+  if (test_target_cmux != NULL &&
+      test_target_cmux == chan->cmux) {
+    while (c <= max && test_cmux_cells > 0) {
+      cell = packed_cell_new();
+      channel_write_packed_cell(chan, cell);
+      ++c;
+      --test_cmux_cells;
+    }
+    result = c;
+  } else {
+    result = channel_flush_from_first_active_circuit__real(chan, max);
+  }
+
+ done:
+  return result;
+}
+
+/**
+ * If we have a target cmux set and this matches it, lie about how
+ * many cells we have according to the number indicated; otherwise
+ * pass to the real circuitmux_num_cells().
+ */
+
+static unsigned int
+chan_test_circuitmux_num_cells_mock(circuitmux_t *cmux)
+{
+  unsigned int result = 0;
+
+  tt_assert(cmux != NULL);
+  if (cmux != NULL) {
+    if (cmux == test_target_cmux) {
+      result = test_cmux_cells;
+    } else {
+      result = circuitmux_num_cells__real(cmux);
+    }
+  }
+
+ done:
+
+  return result;
+}
+
+/*
+ * Handle an incoming fixed-size cell for unit tests
+ */
+
+static void
+chan_test_cell_handler(channel_t *ch,
+                       cell_t *cell)
+{
+  tt_assert(ch);
+  tt_assert(cell);
+
+  test_chan_last_seen_fixed_cell_ptr = cell;
+  ++test_chan_fixed_cells_recved;
+
+ done:
+  return;
+}
+
+/*
+ * Fake transport-specific stats call
+ */
+
+static void
+chan_test_dumpstats(channel_t *ch, int severity)
+{
+  tt_assert(ch != NULL);
+
+  (void)severity;
+
+  ++test_dumpstats_calls;
+
+ done:
+  return;
+}
+
+/*
+ * Handle an incoming variable-size cell for unit tests
+ */
+
+static void
+chan_test_var_cell_handler(channel_t *ch,
+                           var_cell_t *var_cell)
+{
+  tt_assert(ch);
+  tt_assert(var_cell);
+
+  test_chan_last_seen_var_cell_ptr = var_cell;
+  ++test_chan_var_cells_recved;
+
+ done:
+  return;
+}
+
+static void
+chan_test_close(channel_t *ch)
+{
+  tt_assert(ch);
+
+ done:
+  return;
+}
+
+/*
+ * Close a channel through the error path
+ */
+
+static void
+chan_test_error(channel_t *ch)
+{
+  tt_assert(ch);
+  tt_assert(!(ch->state == CHANNEL_STATE_CLOSING ||
+                ch->state == CHANNEL_STATE_ERROR ||
+                ch->state == CHANNEL_STATE_CLOSED));
+
+  channel_close_for_error(ch);
+
+ done:
+  return;
+}
+
+/*
+ * Finish closing a channel from CHANNEL_STATE_CLOSING
+ */
+
+static void
+chan_test_finish_close(channel_t *ch)
+{
+  tt_assert(ch);
+  tt_assert(ch->state == CHANNEL_STATE_CLOSING);
+
+  channel_closed(ch);
+
+ done:
+  return;
+}
+
+static const char *
+chan_test_get_remote_descr(channel_t *ch, int flags)
+{
+  tt_assert(ch);
+  tt_int_op(flags & ~(GRD_FLAG_ORIGINAL | GRD_FLAG_ADDR_ONLY), ==, 0);
+
+ done:
+  return "Fake channel for unit tests; no real endpoint";
+}
+
+static double
+chan_test_get_overhead_estimate(channel_t *ch)
+{
+  tt_assert(ch);
+
+ done:
+  return test_overhead_estimate;
+}
+
+static int
+chan_test_is_canonical(channel_t *ch, int req)
+{
+  tt_assert(ch != NULL);
+  tt_assert(req == 0 || req == 1);
+
+ done:
+  /* Fake channels are always canonical */
+  return 1;
+}
+
+static size_t
+chan_test_num_bytes_queued(channel_t *ch)
+{
+  tt_assert(ch);
+
+ done:
+  return 0;
+}
+
+static int
+chan_test_num_cells_writeable(channel_t *ch)
+{
+  tt_assert(ch);
+
+ done:
+  return 32;
+}
+
+static int
+chan_test_write_cell(channel_t *ch, cell_t *cell)
+{
+  int rv = 0;
+
+  tt_assert(ch);
+  tt_assert(cell);
+
+  if (test_chan_accept_cells) {
+    /* Free the cell and bump the counter */
+    tor_free(cell);
+    ++test_cells_written;
+    rv = 1;
+  }
+  /* else return 0, we didn't accept it */
+
+ done:
+  return rv;
+}
+
+static int
+chan_test_write_packed_cell(channel_t *ch,
+                            packed_cell_t *packed_cell)
+{
+  int rv = 0;
+
+  tt_assert(ch);
+  tt_assert(packed_cell);
+
+  if (test_chan_accept_cells) {
+    /* Free the cell and bump the counter */
+    packed_cell_free(packed_cell);
+    ++test_cells_written;
+    rv = 1;
+  }
+  /* else return 0, we didn't accept it */
+
+ done:
+  return rv;
+}
+
+static int
+chan_test_write_var_cell(channel_t *ch, var_cell_t *var_cell)
+{
+  int rv = 0;
+
+  tt_assert(ch);
+  tt_assert(var_cell);
+
+  if (test_chan_accept_cells) {
+    /* Free the cell and bump the counter */
+    var_cell_free(var_cell);
+    ++test_cells_written;
+    rv = 1;
+  }
+  /* else return 0, we didn't accept it */
+
+ done:
+  return rv;
+}
+
+/**
+ * Fill out c with a new fake cell for test suite use
+ */
+
+void
+make_fake_cell(cell_t *c)
+{
+  tt_assert(c != NULL);
+
+  c->circ_id = 1;
+  c->command = CELL_RELAY;
+  memset(c->payload, 0, CELL_PAYLOAD_SIZE);
+
+ done:
+  return;
+}
+
+/**
+ * Fill out c with a new fake var_cell for test suite use
+ */
+
+void
+make_fake_var_cell(var_cell_t *c)
+{
+  tt_assert(c != NULL);
+
+  c->circ_id = 1;
+  c->command = CELL_VERSIONS;
+  c->payload_len = CELL_PAYLOAD_SIZE / 2;
+  memset(c->payload, 0, c->payload_len);
+
+ done:
+  return;
+}
+
+/**
+ * Set up a new fake channel for the test suite
+ */
+
+channel_t *
+new_fake_channel(void)
+{
+  channel_t *chan = tor_malloc_zero(sizeof(channel_t));
+  channel_init(chan);
+
+  chan->close = chan_test_close;
+  chan->get_overhead_estimate = chan_test_get_overhead_estimate;
+  chan->get_remote_descr = chan_test_get_remote_descr;
+  chan->num_bytes_queued = chan_test_num_bytes_queued;
+  chan->num_cells_writeable = chan_test_num_cells_writeable;
+  chan->write_cell = chan_test_write_cell;
+  chan->write_packed_cell = chan_test_write_packed_cell;
+  chan->write_var_cell = chan_test_write_var_cell;
+  chan->state = CHANNEL_STATE_OPEN;
+
+  return chan;
+}
+
+void
+free_fake_channel(channel_t *chan)
+{
+  cell_queue_entry_t *cell, *cell_tmp;
+
+  if (! chan)
+    return;
+
+  if (chan->cmux)
+    circuitmux_free(chan->cmux);
+
+  TOR_SIMPLEQ_FOREACH_SAFE(cell, &chan->incoming_queue, next, cell_tmp) {
+      cell_queue_entry_free(cell, 0);
+  }
+  TOR_SIMPLEQ_FOREACH_SAFE(cell, &chan->outgoing_queue, next, cell_tmp) {
+      cell_queue_entry_free(cell, 0);
+  }
+
+  tor_free(chan);
+}
+
+/**
+ * Counter query for scheduler_channel_has_waiting_cells_mock()
+ */
+
+int
+get_mock_scheduler_has_waiting_cells_count(void)
+{
+  return test_has_waiting_cells_count;
+}
+
+/**
+ * Mock for scheduler_channel_has_waiting_cells()
+ */
+
+void
+scheduler_channel_has_waiting_cells_mock(channel_t *ch)
+{
+  (void)ch;
+
+  /* Increment counter */
+  ++test_has_waiting_cells_count;
+
+  return;
+}
+
+static void
+scheduler_channel_doesnt_want_writes_mock(channel_t *ch)
+{
+  (void)ch;
+
+  /* Increment counter */
+  ++test_doesnt_want_writes_count;
+
+  return;
+}
+
+/**
+ * Counter query for scheduler_release_channel_mock()
+ */
+
+int
+get_mock_scheduler_release_channel_count(void)
+{
+  return test_releases_count;
+}
+
+/**
+ * Mock for scheduler_release_channel()
+ */
+
+void
+scheduler_release_channel_mock(channel_t *ch)
+{
+  (void)ch;
+
+  /* Increment counter */
+  ++test_releases_count;
+
+  return;
+}
+
+/**
+ * Test for channel_dumpstats() and limited test for
+ * channel_dump_statistics()
+ */
+
+static void
+test_channel_dumpstats(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = NULL;
+  int old_count;
+
+  (void)arg;
+
+  /* Mock these for duration of the test */
+  MOCK(scheduler_channel_doesnt_want_writes,
+       scheduler_channel_doesnt_want_writes_mock);
+  MOCK(scheduler_release_channel,
+       scheduler_release_channel_mock);
+
+  /* Set up a new fake channel */
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->cmux = circuitmux_alloc();
+
+  /* Try to register it */
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Set up mock */
+  dump_statistics_mock_target = ch;
+  dump_statistics_mock_matches = 0;
+  MOCK(channel_dump_statistics,
+       chan_test_channel_dump_statistics_mock);
+
+  /* Call channel_dumpstats() */
+  channel_dumpstats(LOG_DEBUG);
+
+  /* Assert that we hit the mock */
+  tt_int_op(dump_statistics_mock_matches, ==, 1);
+
+  /* Close the channel */
+  channel_mark_for_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+
+  /* Try again and hit the finished channel */
+  channel_dumpstats(LOG_DEBUG);
+  tt_int_op(dump_statistics_mock_matches, ==, 2);
+
+  channel_run_cleanup();
+  ch = NULL;
+
+  /* Now we should hit nothing */
+  channel_dumpstats(LOG_DEBUG);
+  tt_int_op(dump_statistics_mock_matches, ==, 2);
+
+  /* Unmock */
+  UNMOCK(channel_dump_statistics);
+  dump_statistics_mock_target = NULL;
+  dump_statistics_mock_matches = 0;
+
+  /* Now make another channel */
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->cmux = circuitmux_alloc();
+  channel_register(ch);
+  tt_assert(ch->registered);
+  /* Lie about its age so dumpstats gets coverage for rate calculations */
+  ch->timestamp_created = time(NULL) - 30;
+  tt_assert(ch->timestamp_created > 0);
+  tt_assert(time(NULL) > ch->timestamp_created);
+
+  /* Put cells through it both ways to make the counters non-zero */
+  cell = tor_malloc_zero(sizeof(*cell));
+  make_fake_cell(cell);
+  test_chan_accept_cells = 1;
+  old_count = test_cells_written;
+  channel_write_cell(ch, cell);
+  cell = NULL;
+  tt_int_op(test_cells_written, ==, old_count + 1);
+  tt_assert(ch->n_bytes_xmitted > 0);
+  tt_assert(ch->n_cells_xmitted > 0);
+
+  /* Receive path */
+  channel_set_cell_handlers(ch,
+                            chan_test_cell_handler,
+                            chan_test_var_cell_handler);
+  tt_ptr_op(channel_get_cell_handler(ch), ==, chan_test_cell_handler);
+  tt_ptr_op(channel_get_var_cell_handler(ch), ==, chan_test_var_cell_handler);
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  old_count = test_chan_fixed_cells_recved;
+  channel_queue_cell(ch, cell);
+  tor_free(cell);
+  tt_int_op(test_chan_fixed_cells_recved, ==, old_count + 1);
+  tt_assert(ch->n_bytes_recved > 0);
+  tt_assert(ch->n_cells_recved > 0);
+
+  /* Test channel_dump_statistics */
+  ch->describe_transport = chan_test_describe_transport;
+  ch->dumpstats = chan_test_dumpstats;
+  ch->is_canonical = chan_test_is_canonical;
+  old_count = test_dumpstats_calls;
+  channel_dump_statistics(ch, LOG_DEBUG);
+  tt_int_op(test_dumpstats_calls, ==, old_count + 1);
+
+  /* Close the channel */
+  channel_mark_for_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+  channel_run_cleanup();
+  ch = NULL;
+
+ done:
+  tor_free(cell);
+  free_fake_channel(ch);
+
+  UNMOCK(scheduler_channel_doesnt_want_writes);
+  UNMOCK(scheduler_release_channel);
+
+  return;
+}
+
+static void
+test_channel_flush(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = NULL;
+  packed_cell_t *p_cell = NULL;
+  var_cell_t *v_cell = NULL;
+  int init_count;
+
+  (void)arg;
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+
+  /* Cache the original count */
+  init_count = test_cells_written;
+
+  /* Stop accepting so we can queue some */
+  test_chan_accept_cells = 0;
+
+  /* Queue a regular cell */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch, cell);
+  /* It should be queued, so assert that we didn't write it */
+  tt_int_op(test_cells_written, ==, init_count);
+
+  /* Queue a var cell */
+  v_cell = tor_malloc_zero(sizeof(var_cell_t) + CELL_PAYLOAD_SIZE);
+  make_fake_var_cell(v_cell);
+  channel_write_var_cell(ch, v_cell);
+  /* It should be queued, so assert that we didn't write it */
+  tt_int_op(test_cells_written, ==, init_count);
+
+  /* Try a packed cell now */
+  p_cell = packed_cell_new();
+  tt_assert(p_cell);
+  channel_write_packed_cell(ch, p_cell);
+  /* It should be queued, so assert that we didn't write it */
+  tt_int_op(test_cells_written, ==, init_count);
+
+  /* Now allow writes through again */
+  test_chan_accept_cells = 1;
+
+  /* ...and flush */
+  channel_flush_cells(ch);
+
+  /* All three should have gone through */
+  tt_int_op(test_cells_written, ==, init_count + 3);
+
+ done:
+  tor_free(ch);
+
+  return;
+}
+
+/**
+ * Channel flush tests that require cmux mocking
+ */
+
+static void
+test_channel_flushmux(void *arg)
+{
+  channel_t *ch = NULL;
+  int old_count, q_len_before, q_len_after;
+  ssize_t result;
+
+  (void)arg;
+
+  /* Install mocks we need for this test */
+  MOCK(channel_flush_from_first_active_circuit,
+       chan_test_channel_flush_from_first_active_circuit_mock);
+  MOCK(circuitmux_num_cells,
+       chan_test_circuitmux_num_cells_mock);
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->cmux = circuitmux_alloc();
+
+  old_count = test_cells_written;
+
+  test_target_cmux = ch->cmux;
+  test_cmux_cells = 1;
+
+  /* Enable cell acceptance */
+  test_chan_accept_cells = 1;
+
+  result = channel_flush_some_cells(ch, 1);
+
+  tt_int_op(result, ==, 1);
+  tt_int_op(test_cells_written, ==, old_count + 1);
+  tt_int_op(test_cmux_cells, ==, 0);
+
+  /* Now try it without accepting to force them into the queue */
+  test_chan_accept_cells = 0;
+  test_cmux_cells = 1;
+  q_len_before = chan_cell_queue_len(&(ch->outgoing_queue));
+
+  result = channel_flush_some_cells(ch, 1);
+
+  /* We should not have actually flushed any */
+  tt_int_op(result, ==, 0);
+  tt_int_op(test_cells_written, ==, old_count + 1);
+  /* But we should have gotten to the fake cellgen loop */
+  tt_int_op(test_cmux_cells, ==, 0);
+  /* ...and we should have a queued cell */
+  q_len_after = chan_cell_queue_len(&(ch->outgoing_queue));
+  tt_int_op(q_len_after, ==, q_len_before + 1);
+
+  /* Now accept cells again and drain the queue */
+  test_chan_accept_cells = 1;
+  channel_flush_cells(ch);
+  tt_int_op(test_cells_written, ==, old_count + 2);
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 0);
+
+  test_target_cmux = NULL;
+  test_cmux_cells = 0;
+
+ done:
+  if (ch)
+    circuitmux_free(ch->cmux);
+  tor_free(ch);
+
+  UNMOCK(channel_flush_from_first_active_circuit);
+  UNMOCK(circuitmux_num_cells);
+
+  test_chan_accept_cells = 0;
+
+  return;
+}
+
+static void
+test_channel_incoming(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = NULL;
+  var_cell_t *var_cell = NULL;
+  int old_count;
+
+  (void)arg;
+
+  /* Mock these for duration of the test */
+  MOCK(scheduler_channel_doesnt_want_writes,
+       scheduler_channel_doesnt_want_writes_mock);
+  MOCK(scheduler_release_channel,
+       scheduler_release_channel_mock);
+
+  /* Accept cells to lower layer */
+  test_chan_accept_cells = 1;
+  /* Use default overhead factor */
+  test_overhead_estimate = 1.0f;
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+  /* Start it off in OPENING */
+  ch->state = CHANNEL_STATE_OPENING;
+  /* We'll need a cmux */
+  ch->cmux = circuitmux_alloc();
+
+  /* Install incoming cell handlers */
+  channel_set_cell_handlers(ch,
+                            chan_test_cell_handler,
+                            chan_test_var_cell_handler);
+  /* Test cell handler getters */
+  tt_ptr_op(channel_get_cell_handler(ch), ==, chan_test_cell_handler);
+  tt_ptr_op(channel_get_var_cell_handler(ch), ==, chan_test_var_cell_handler);
+
+  /* Try to register it */
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Open it */
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_OPEN);
+
+  /* Receive a fixed cell */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  old_count = test_chan_fixed_cells_recved;
+  channel_queue_cell(ch, cell);
+  tor_free(cell);
+  tt_int_op(test_chan_fixed_cells_recved, ==, old_count + 1);
+
+  /* Receive a variable-size cell */
+  var_cell = tor_malloc_zero(sizeof(var_cell_t) + CELL_PAYLOAD_SIZE);
+  make_fake_var_cell(var_cell);
+  old_count = test_chan_var_cells_recved;
+  channel_queue_var_cell(ch, var_cell);
+  tor_free(cell);
+  tt_int_op(test_chan_var_cells_recved, ==, old_count + 1);
+
+  /* Close it */
+  channel_mark_for_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+  channel_run_cleanup();
+  ch = NULL;
+
+ done:
+  free_fake_channel(ch);
+  tor_free(cell);
+  tor_free(var_cell);
+
+  UNMOCK(scheduler_channel_doesnt_want_writes);
+  UNMOCK(scheduler_release_channel);
+
+  return;
+}
+
+/**
+ * Normal channel lifecycle test:
+ *
+ * OPENING->OPEN->MAINT->OPEN->CLOSING->CLOSED
+ */
+
+static void
+test_channel_lifecycle(void *arg)
+{
+  channel_t *ch1 = NULL, *ch2 = NULL;
+  cell_t *cell = NULL;
+  int old_count, init_doesnt_want_writes_count;
+  int init_releases_count;
+
+  (void)arg;
+
+  /* Mock these for the whole lifecycle test */
+  MOCK(scheduler_channel_doesnt_want_writes,
+       scheduler_channel_doesnt_want_writes_mock);
+  MOCK(scheduler_release_channel,
+       scheduler_release_channel_mock);
+
+  /* Cache some initial counter values */
+  init_doesnt_want_writes_count = test_doesnt_want_writes_count;
+  init_releases_count = test_releases_count;
+
+  /* Accept cells to lower layer */
+  test_chan_accept_cells = 1;
+  /* Use default overhead factor */
+  test_overhead_estimate = 1.0f;
+
+  ch1 = new_fake_channel();
+  tt_assert(ch1);
+  /* Start it off in OPENING */
+  ch1->state = CHANNEL_STATE_OPENING;
+  /* We'll need a cmux */
+  ch1->cmux = circuitmux_alloc();
+
+  /* Try to register it */
+  channel_register(ch1);
+  tt_assert(ch1->registered);
+
+  /* Try to write a cell through (should queue) */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  old_count = test_cells_written;
+  channel_write_cell(ch1, cell);
+  tt_int_op(old_count, ==, test_cells_written);
+
+  /* Move it to OPEN and flush */
+  channel_change_state(ch1, CHANNEL_STATE_OPEN);
+
+  /* Queue should drain */
+  tt_int_op(old_count + 1, ==, test_cells_written);
+
+  /* Get another one */
+  ch2 = new_fake_channel();
+  tt_assert(ch2);
+  ch2->state = CHANNEL_STATE_OPENING;
+  ch2->cmux = circuitmux_alloc();
+
+  /* Register */
+  channel_register(ch2);
+  tt_assert(ch2->registered);
+
+  /* Check counters */
+  tt_int_op(test_doesnt_want_writes_count, ==, init_doesnt_want_writes_count);
+  tt_int_op(test_releases_count, ==, init_releases_count);
+
+  /* Move ch1 to MAINT */
+  channel_change_state(ch1, CHANNEL_STATE_MAINT);
+  tt_int_op(test_doesnt_want_writes_count, ==,
+            init_doesnt_want_writes_count + 1);
+  tt_int_op(test_releases_count, ==, init_releases_count);
+
+  /* Move ch2 to OPEN */
+  channel_change_state(ch2, CHANNEL_STATE_OPEN);
+  tt_int_op(test_doesnt_want_writes_count, ==,
+            init_doesnt_want_writes_count + 1);
+  tt_int_op(test_releases_count, ==, init_releases_count);
+
+  /* Move ch1 back to OPEN */
+  channel_change_state(ch1, CHANNEL_STATE_OPEN);
+  tt_int_op(test_doesnt_want_writes_count, ==,
+            init_doesnt_want_writes_count + 1);
+  tt_int_op(test_releases_count, ==, init_releases_count);
+
+  /* Mark ch2 for close */
+  channel_mark_for_close(ch2);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_CLOSING);
+  tt_int_op(test_doesnt_want_writes_count, ==,
+            init_doesnt_want_writes_count + 1);
+  tt_int_op(test_releases_count, ==, init_releases_count + 1);
+
+  /* Shut down channels */
+  channel_free_all();
+  ch1 = ch2 = NULL;
+  tt_int_op(test_doesnt_want_writes_count, ==,
+            init_doesnt_want_writes_count + 1);
+  /* channel_free() calls scheduler_release_channel() */
+  tt_int_op(test_releases_count, ==, init_releases_count + 4);
+
+ done:
+  free_fake_channel(ch1);
+  free_fake_channel(ch2);
+
+  UNMOCK(scheduler_channel_doesnt_want_writes);
+  UNMOCK(scheduler_release_channel);
+
+  return;
+}
+
+/**
+ * Weird channel lifecycle test:
+ *
+ * OPENING->CLOSING->CLOSED
+ * OPENING->OPEN->CLOSING->ERROR
+ * OPENING->OPEN->MAINT->CLOSING->CLOSED
+ * OPENING->OPEN->MAINT->CLOSING->ERROR
+ */
+
+static void
+test_channel_lifecycle_2(void *arg)
+{
+  channel_t *ch = NULL;
+
+  (void)arg;
+
+  /* Mock these for the whole lifecycle test */
+  MOCK(scheduler_channel_doesnt_want_writes,
+       scheduler_channel_doesnt_want_writes_mock);
+  MOCK(scheduler_release_channel,
+       scheduler_release_channel_mock);
+
+  /* Accept cells to lower layer */
+  test_chan_accept_cells = 1;
+  /* Use default overhead factor */
+  test_overhead_estimate = 1.0f;
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+  /* Start it off in OPENING */
+  ch->state = CHANNEL_STATE_OPENING;
+  /* The full lifecycle test needs a cmux */
+  ch->cmux = circuitmux_alloc();
+
+  /* Try to register it */
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Try to close it */
+  channel_mark_for_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+
+  /* Finish closing it */
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+  channel_run_cleanup();
+  ch = NULL;
+
+  /* Now try OPENING->OPEN->CLOSING->ERROR */
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->state = CHANNEL_STATE_OPENING;
+  ch->cmux = circuitmux_alloc();
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Finish opening it */
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+
+  /* Error exit from lower layer */
+  chan_test_error(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_ERROR);
+  channel_run_cleanup();
+  ch = NULL;
+
+  /* OPENING->OPEN->MAINT->CLOSING->CLOSED close from maintenance state */
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->state = CHANNEL_STATE_OPENING;
+  ch->cmux = circuitmux_alloc();
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Finish opening it */
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_OPEN);
+
+  /* Go to maintenance state */
+  channel_change_state(ch, CHANNEL_STATE_MAINT);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_MAINT);
+
+  /* Lower layer close */
+  channel_mark_for_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+
+  /* Finish */
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+  channel_run_cleanup();
+  ch = NULL;
+
+  /*
+   * OPENING->OPEN->MAINT->CLOSING->CLOSED lower-layer close during
+   * maintenance state
+   */
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->state = CHANNEL_STATE_OPENING;
+  ch->cmux = circuitmux_alloc();
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Finish opening it */
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_OPEN);
+
+  /* Go to maintenance state */
+  channel_change_state(ch, CHANNEL_STATE_MAINT);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_MAINT);
+
+  /* Lower layer close */
+  channel_close_from_lower_layer(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+
+  /* Finish */
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+  channel_run_cleanup();
+  ch = NULL;
+
+  /* OPENING->OPEN->MAINT->CLOSING->ERROR */
+  ch = new_fake_channel();
+  tt_assert(ch);
+  ch->state = CHANNEL_STATE_OPENING;
+  ch->cmux = circuitmux_alloc();
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Finish opening it */
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_OPEN);
+
+  /* Go to maintenance state */
+  channel_change_state(ch, CHANNEL_STATE_MAINT);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_MAINT);
+
+  /* Lower layer close */
+  chan_test_error(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+
+  /* Finish */
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_ERROR);
+  channel_run_cleanup();
+  ch = NULL;
+
+  /* Shut down channels */
+  channel_free_all();
+
+ done:
+  tor_free(ch);
+
+  UNMOCK(scheduler_channel_doesnt_want_writes);
+  UNMOCK(scheduler_release_channel);
+
+  return;
+}
+
+static void
+test_channel_multi(void *arg)
+{
+  channel_t *ch1 = NULL, *ch2 = NULL;
+  uint64_t global_queue_estimate;
+  cell_t *cell = NULL;
+
+  (void)arg;
+
+  /* Accept cells to lower layer */
+  test_chan_accept_cells = 1;
+  /* Use default overhead factor */
+  test_overhead_estimate = 1.0f;
+
+  ch1 = new_fake_channel();
+  tt_assert(ch1);
+  ch2 = new_fake_channel();
+  tt_assert(ch2);
+
+  /* Initial queue size update */
+  channel_update_xmit_queue_size(ch1);
+  tt_u64_op(ch1->bytes_queued_for_xmit, ==, 0);
+  channel_update_xmit_queue_size(ch2);
+  tt_u64_op(ch2->bytes_queued_for_xmit, ==, 0);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 0);
+
+  /* Queue some cells, check queue estimates */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch1, cell);
+
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch2, cell);
+
+  channel_update_xmit_queue_size(ch1);
+  channel_update_xmit_queue_size(ch2);
+  tt_u64_op(ch1->bytes_queued_for_xmit, ==, 0);
+  tt_u64_op(ch2->bytes_queued_for_xmit, ==, 0);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 0);
+
+  /* Stop accepting cells at lower layer */
+  test_chan_accept_cells = 0;
+
+  /* Queue some cells and check queue estimates */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch1, cell);
+
+  channel_update_xmit_queue_size(ch1);
+  tt_u64_op(ch1->bytes_queued_for_xmit, ==, 512);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 512);
+
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch2, cell);
+
+  channel_update_xmit_queue_size(ch2);
+  tt_u64_op(ch2->bytes_queued_for_xmit, ==, 512);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 1024);
+
+  /* Allow cells through again */
+  test_chan_accept_cells = 1;
+
+  /* Flush chan 2 */
+  channel_flush_cells(ch2);
+
+  /* Update and check queue sizes */
+  channel_update_xmit_queue_size(ch1);
+  channel_update_xmit_queue_size(ch2);
+  tt_u64_op(ch1->bytes_queued_for_xmit, ==, 512);
+  tt_u64_op(ch2->bytes_queued_for_xmit, ==, 0);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 512);
+
+  /* Flush chan 1 */
+  channel_flush_cells(ch1);
+
+  /* Update and check queue sizes */
+  channel_update_xmit_queue_size(ch1);
+  channel_update_xmit_queue_size(ch2);
+  tt_u64_op(ch1->bytes_queued_for_xmit, ==, 0);
+  tt_u64_op(ch2->bytes_queued_for_xmit, ==, 0);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 0);
+
+  /* Now block again */
+  test_chan_accept_cells = 0;
+
+  /* Queue some cells */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch1, cell);
+
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch2, cell);
+  cell = NULL;
+
+  /* Check the estimates */
+  channel_update_xmit_queue_size(ch1);
+  channel_update_xmit_queue_size(ch2);
+  tt_u64_op(ch1->bytes_queued_for_xmit, ==, 512);
+  tt_u64_op(ch2->bytes_queued_for_xmit, ==, 512);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 1024);
+
+  /* Now close channel 2; it should be subtracted from the global queue */
+  MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+  channel_mark_for_close(ch2);
+  UNMOCK(scheduler_release_channel);
+
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 512);
+
+  /*
+   * Since the fake channels aren't registered, channel_free_all() can't
+   * see them properly.
+   */
+  MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+  channel_mark_for_close(ch1);
+  UNMOCK(scheduler_release_channel);
+
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 0);
+
+  /* Now free everything */
+  MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+  channel_free_all();
+  UNMOCK(scheduler_release_channel);
+
+ done:
+  free_fake_channel(ch1);
+  free_fake_channel(ch2);
+
+  return;
+}
+
+/**
+ * Check some hopefully-impossible edge cases in the channel queue we
+ * can only trigger by doing evil things to the queue directly.
+ */
+
+static void
+test_channel_queue_impossible(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = NULL;
+  packed_cell_t *packed_cell = NULL;
+  var_cell_t *var_cell = NULL;
+  int old_count;
+  cell_queue_entry_t *q = NULL;
+  uint64_t global_queue_estimate;
+  uintptr_t cellintptr;
+
+  /* Cache the global queue size (see below) */
+  global_queue_estimate = channel_get_global_queue_estimate();
+
+  (void)arg;
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+
+  /* We test queueing here; tell it not to accept cells */
+  test_chan_accept_cells = 0;
+  /* ...and keep it from trying to flush the queue */
+  ch->state = CHANNEL_STATE_MAINT;
+
+  /* Cache the cell written count */
+  old_count = test_cells_written;
+
+  /* Assert that the queue is initially empty */
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 0);
+
+  /* Get a fresh cell and write it to the channel*/
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  cellintptr = (uintptr_t)(void*)cell;
+  channel_write_cell(ch, cell);
+
+  /* Now it should be queued */
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 1);
+  q = TOR_SIMPLEQ_FIRST(&(ch->outgoing_queue));
+  tt_assert(q);
+  if (q) {
+    tt_int_op(q->type, ==, CELL_QUEUE_FIXED);
+    tt_assert((uintptr_t)q->u.fixed.cell == cellintptr);
+  }
+  /* Do perverse things to it */
+  tor_free(q->u.fixed.cell);
+  q->u.fixed.cell = NULL;
+
+  /*
+   * Now change back to open with channel_change_state() and assert that it
+   * gets thrown away properly.
+   */
+  test_chan_accept_cells = 1;
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_assert(test_cells_written == old_count);
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 0);
+
+  /* Same thing but for a var_cell */
+
+  test_chan_accept_cells = 0;
+  ch->state = CHANNEL_STATE_MAINT;
+  var_cell = tor_malloc_zero(sizeof(var_cell_t) + CELL_PAYLOAD_SIZE);
+  make_fake_var_cell(var_cell);
+  cellintptr = (uintptr_t)(void*)var_cell;
+  channel_write_var_cell(ch, var_cell);
+
+  /* Check that it's queued */
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 1);
+  q = TOR_SIMPLEQ_FIRST(&(ch->outgoing_queue));
+  tt_assert(q);
+  if (q) {
+    tt_int_op(q->type, ==, CELL_QUEUE_VAR);
+    tt_assert((uintptr_t)q->u.var.var_cell == cellintptr);
+  }
+
+  /* Remove the cell from the queue entry */
+  tor_free(q->u.var.var_cell);
+  q->u.var.var_cell = NULL;
+
+  /* Let it drain and check that the bad entry is discarded */
+  test_chan_accept_cells = 1;
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_assert(test_cells_written == old_count);
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 0);
+
+  /* Same thing with a packed_cell */
+
+  test_chan_accept_cells = 0;
+  ch->state = CHANNEL_STATE_MAINT;
+  packed_cell = packed_cell_new();
+  tt_assert(packed_cell);
+  cellintptr = (uintptr_t)(void*)packed_cell;
+  channel_write_packed_cell(ch, packed_cell);
+
+  /* Check that it's queued */
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 1);
+  q = TOR_SIMPLEQ_FIRST(&(ch->outgoing_queue));
+  tt_assert(q);
+  if (q) {
+    tt_int_op(q->type, ==, CELL_QUEUE_PACKED);
+    tt_assert((uintptr_t)q->u.packed.packed_cell == cellintptr);
+  }
+
+  /* Remove the cell from the queue entry */
+  packed_cell_free(q->u.packed.packed_cell);
+  q->u.packed.packed_cell = NULL;
+
+  /* Let it drain and check that the bad entry is discarded */
+  test_chan_accept_cells = 1;
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_assert(test_cells_written == old_count);
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 0);
+
+  /* Unknown cell type case */
+  test_chan_accept_cells = 0;
+  ch->state = CHANNEL_STATE_MAINT;
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  cellintptr = (uintptr_t)(void*)cell;
+  channel_write_cell(ch, cell);
+
+  /* Check that it's queued */
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 1);
+  q = TOR_SIMPLEQ_FIRST(&(ch->outgoing_queue));
+  tt_assert(q);
+  if (q) {
+    tt_int_op(q->type, ==, CELL_QUEUE_FIXED);
+    tt_assert((uintptr_t)q->u.fixed.cell == cellintptr);
+  }
+  /* Clobber it, including the queue entry type */
+  tor_free(q->u.fixed.cell);
+  q->u.fixed.cell = NULL;
+  q->type = CELL_QUEUE_PACKED + 1;
+
+  /* Let it drain and check that the bad entry is discarded */
+  test_chan_accept_cells = 1;
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_assert(test_cells_written == old_count);
+  tt_int_op(chan_cell_queue_len(&(ch->outgoing_queue)), ==, 0);
+
+ done:
+  free_fake_channel(ch);
+
+  /*
+   * Doing that meant that we couldn't correctly adjust the queue size
+   * for the var cell, so manually reset the global queue size estimate
+   * so the next test doesn't break if we run with --no-fork.
+   */
+  estimated_total_queue_size = global_queue_estimate;
+
+  return;
+}
+
+static void
+test_channel_queue_incoming(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = NULL;
+  var_cell_t *var_cell = NULL;
+  int old_fixed_count, old_var_count;
+
+  (void)arg;
+
+  /* Mock these for duration of the test */
+  MOCK(scheduler_channel_doesnt_want_writes,
+       scheduler_channel_doesnt_want_writes_mock);
+  MOCK(scheduler_release_channel,
+       scheduler_release_channel_mock);
+
+  /* Accept cells to lower layer */
+  test_chan_accept_cells = 1;
+  /* Use default overhead factor */
+  test_overhead_estimate = 1.0f;
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+  /* Start it off in OPENING */
+  ch->state = CHANNEL_STATE_OPENING;
+  /* We'll need a cmux */
+  ch->cmux = circuitmux_alloc();
+
+  /* Test cell handler getters */
+  tt_ptr_op(channel_get_cell_handler(ch), ==, NULL);
+  tt_ptr_op(channel_get_var_cell_handler(ch), ==, NULL);
+
+  /* Try to register it */
+  channel_register(ch);
+  tt_assert(ch->registered);
+
+  /* Open it */
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_OPEN);
+
+  /* Assert that the incoming queue is empty */
+  tt_assert(TOR_SIMPLEQ_EMPTY(&(ch->incoming_queue)));
+
+  /* Queue an incoming fixed-length cell */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_queue_cell(ch, cell);
+
+  /* Assert that the incoming queue has one entry */
+  tt_int_op(chan_cell_queue_len(&(ch->incoming_queue)), ==, 1);
+
+  /* Queue an incoming var cell */
+  var_cell = tor_malloc_zero(sizeof(var_cell_t) + CELL_PAYLOAD_SIZE);
+  make_fake_var_cell(var_cell);
+  channel_queue_var_cell(ch, var_cell);
+
+  /* Assert that the incoming queue has two entries */
+  tt_int_op(chan_cell_queue_len(&(ch->incoming_queue)), ==, 2);
+
+  /*
+   * Install cell handlers; this will drain the queue, so save the old
+   * cell counters first
+   */
+  old_fixed_count = test_chan_fixed_cells_recved;
+  old_var_count = test_chan_var_cells_recved;
+  channel_set_cell_handlers(ch,
+                            chan_test_cell_handler,
+                            chan_test_var_cell_handler);
+  tt_ptr_op(channel_get_cell_handler(ch), ==, chan_test_cell_handler);
+  tt_ptr_op(channel_get_var_cell_handler(ch), ==, chan_test_var_cell_handler);
+
+  /* Assert cells were received */
+  tt_int_op(test_chan_fixed_cells_recved, ==, old_fixed_count + 1);
+  tt_int_op(test_chan_var_cells_recved, ==, old_var_count + 1);
+
+  /*
+   * Assert that the pointers are different from the cells we allocated;
+   * when queueing cells with no incoming cell handlers installed, the
+   * channel layer should copy them to a new buffer, and free them after
+   * delivery.  These pointers will have already been freed by the time
+   * we get here, so don't dereference them.
+   */
+  tt_ptr_op(test_chan_last_seen_fixed_cell_ptr, !=, cell);
+  tt_ptr_op(test_chan_last_seen_var_cell_ptr, !=, var_cell);
+
+  /* Assert queue is now empty */
+  tt_assert(TOR_SIMPLEQ_EMPTY(&(ch->incoming_queue)));
+
+  /* Close it; this contains an assertion that the incoming queue is empty */
+  channel_mark_for_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSING);
+  chan_test_finish_close(ch);
+  tt_int_op(ch->state, ==, CHANNEL_STATE_CLOSED);
+  channel_run_cleanup();
+  ch = NULL;
+
+ done:
+  free_fake_channel(ch);
+  tor_free(cell);
+  tor_free(var_cell);
+
+  UNMOCK(scheduler_channel_doesnt_want_writes);
+  UNMOCK(scheduler_release_channel);
+
+  return;
+}
+
+static void
+test_channel_queue_size(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = NULL;
+  int n, old_count;
+  uint64_t global_queue_estimate;
+
+  (void)arg;
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+
+  /* Initial queue size update */
+  channel_update_xmit_queue_size(ch);
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 0);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 0);
+
+  /* Test the call-through to our fake lower layer */
+  n = channel_num_cells_writeable(ch);
+  /* chan_test_num_cells_writeable() always returns 32 */
+  tt_int_op(n, ==, 32);
+
+  /*
+   * Now we queue some cells and check that channel_num_cells_writeable()
+   * adjusts properly
+   */
+
+  /* tell it not to accept cells */
+  test_chan_accept_cells = 0;
+  /* ...and keep it from trying to flush the queue */
+  ch->state = CHANNEL_STATE_MAINT;
+
+  /* Get a fresh cell */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+
+  old_count = test_cells_written;
+  channel_write_cell(ch, cell);
+  /* Assert that it got queued, not written through, correctly */
+  tt_int_op(test_cells_written, ==, old_count);
+
+  /* Now check chan_test_num_cells_writeable() again */
+  n = channel_num_cells_writeable(ch);
+  tt_int_op(n, ==, 0); /* Should return 0 since we're in CHANNEL_STATE_MAINT */
+
+  /* Update queue size estimates */
+  channel_update_xmit_queue_size(ch);
+  /* One cell, times an overhead factor of 1.0 */
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 512);
+  /* Try a different overhead factor */
+  test_overhead_estimate = 0.5f;
+  /* This one should be ignored since it's below 1.0 */
+  channel_update_xmit_queue_size(ch);
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 512);
+  /* Now try a larger one */
+  test_overhead_estimate = 2.0f;
+  channel_update_xmit_queue_size(ch);
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 1024);
+  /* Go back to 1.0 */
+  test_overhead_estimate = 1.0f;
+  channel_update_xmit_queue_size(ch);
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 512);
+  /* Check the global estimate too */
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 512);
+
+  /* Go to open */
+  old_count = test_cells_written;
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+
+  /*
+   * It should try to write, but we aren't accepting cells right now, so
+   * it'll requeue
+   */
+  tt_int_op(test_cells_written, ==, old_count);
+
+  /* Check the queue size again */
+  channel_update_xmit_queue_size(ch);
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 512);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 512);
+
+  /*
+   * Now the cell is in the queue, and we're open, so we should get 31
+   * writeable cells.
+   */
+  n = channel_num_cells_writeable(ch);
+  tt_int_op(n, ==, 31);
+
+  /* Accept cells again */
+  test_chan_accept_cells = 1;
+  /* ...and re-process the queue */
+  old_count = test_cells_written;
+  channel_flush_cells(ch);
+  tt_int_op(test_cells_written, ==, old_count + 1);
+
+  /* Should have 32 writeable now */
+  n = channel_num_cells_writeable(ch);
+  tt_int_op(n, ==, 32);
+
+  /* Should have queue size estimate of zero */
+  channel_update_xmit_queue_size(ch);
+  tt_u64_op(ch->bytes_queued_for_xmit, ==, 0);
+  global_queue_estimate = channel_get_global_queue_estimate();
+  tt_u64_op(global_queue_estimate, ==, 0);
+
+  /* Okay, now we're done with this one */
+  MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+  channel_mark_for_close(ch);
+  UNMOCK(scheduler_release_channel);
+
+ done:
+  free_fake_channel(ch);
+
+  return;
+}
+
+static void
+test_channel_write(void *arg)
+{
+  channel_t *ch = NULL;
+  cell_t *cell = tor_malloc_zero(sizeof(cell_t));
+  packed_cell_t *packed_cell = NULL;
+  var_cell_t *var_cell =
+    tor_malloc_zero(sizeof(var_cell_t) + CELL_PAYLOAD_SIZE);
+  int old_count;
+
+  (void)arg;
+
+  packed_cell = packed_cell_new();
+  tt_assert(packed_cell);
+
+  ch = new_fake_channel();
+  tt_assert(ch);
+  make_fake_cell(cell);
+  make_fake_var_cell(var_cell);
+
+  /* Tell it to accept cells */
+  test_chan_accept_cells = 1;
+
+  old_count = test_cells_written;
+  channel_write_cell(ch, cell);
+  cell = NULL;
+  tt_assert(test_cells_written == old_count + 1);
+
+  channel_write_var_cell(ch, var_cell);
+  var_cell = NULL;
+  tt_assert(test_cells_written == old_count + 2);
+
+  channel_write_packed_cell(ch, packed_cell);
+  packed_cell = NULL;
+  tt_assert(test_cells_written == old_count + 3);
+
+  /* Now we test queueing; tell it not to accept cells */
+  test_chan_accept_cells = 0;
+  /* ...and keep it from trying to flush the queue */
+  ch->state = CHANNEL_STATE_MAINT;
+
+  /* Get a fresh cell */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+
+  old_count = test_cells_written;
+  channel_write_cell(ch, cell);
+  tt_assert(test_cells_written == old_count);
+
+  /*
+   * Now change back to open with channel_change_state() and assert that it
+   * gets drained from the queue.
+   */
+  test_chan_accept_cells = 1;
+  channel_change_state(ch, CHANNEL_STATE_OPEN);
+  tt_assert(test_cells_written == old_count + 1);
+
+  /*
+   * Check the note destroy case
+   */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  cell->command = CELL_DESTROY;
+
+  /* Set up the mock */
+  MOCK(channel_note_destroy_not_pending,
+       channel_note_destroy_not_pending_mock);
+
+  old_count = test_destroy_not_pending_calls;
+  channel_write_cell(ch, cell);
+  tt_assert(test_destroy_not_pending_calls == old_count + 1);
+
+  /* Now send a non-destroy and check we don't call it */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch, cell);
+  tt_assert(test_destroy_not_pending_calls == old_count + 1);
+
+  UNMOCK(channel_note_destroy_not_pending);
+
+  /*
+   * Now switch it to CLOSING so we can test the discard-cells case
+   * in the channel_write_*() functions.
+   */
+  MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+  channel_mark_for_close(ch);
+  UNMOCK(scheduler_release_channel);
+
+  /* Send cells that will drop in the closing state */
+  old_count = test_cells_written;
+
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+  channel_write_cell(ch, cell);
+  cell = NULL;
+  tt_assert(test_cells_written == old_count);
+
+  var_cell = tor_malloc_zero(sizeof(var_cell_t) + CELL_PAYLOAD_SIZE);
+  make_fake_var_cell(var_cell);
+  channel_write_var_cell(ch, var_cell);
+  var_cell = NULL;
+  tt_assert(test_cells_written == old_count);
+
+  packed_cell = packed_cell_new();
+  channel_write_packed_cell(ch, packed_cell);
+  packed_cell = NULL;
+  tt_assert(test_cells_written == old_count);
+
+ done:
+  free_fake_channel(ch);
+  tor_free(var_cell);
+  tor_free(cell);
+  packed_cell_free(packed_cell);
+  return;
+}
+
+struct testcase_t channel_tests[] = {
+  { "dumpstats", test_channel_dumpstats, TT_FORK, NULL, NULL },
+  { "flush", test_channel_flush, TT_FORK, NULL, NULL },
+  { "flushmux", test_channel_flushmux, TT_FORK, NULL, NULL },
+  { "incoming", test_channel_incoming, TT_FORK, NULL, NULL },
+  { "lifecycle", test_channel_lifecycle, TT_FORK, NULL, NULL },
+  { "lifecycle_2", test_channel_lifecycle_2, TT_FORK, NULL, NULL },
+  { "multi", test_channel_multi, TT_FORK, NULL, NULL },
+  { "queue_impossible", test_channel_queue_impossible, TT_FORK, NULL, NULL },
+  { "queue_incoming", test_channel_queue_incoming, TT_FORK, NULL, NULL },
+  { "queue_size", test_channel_queue_size, TT_FORK, NULL, NULL },
+  { "write", test_channel_write, TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c
new file mode 100644
index 0000000000..04ae9a6da7
--- /dev/null
+++ b/src/test/test_channeltls.c
@@ -0,0 +1,333 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include <math.h>
+
+#define TOR_CHANNEL_INTERNAL_
+#include "or.h"
+#include "address.h"
+#include "buffers.h"
+#include "channel.h"
+#include "channeltls.h"
+#include "connection_or.h"
+#include "config.h"
+/* For init/free stuff */
+#include "scheduler.h"
+#include "tortls.h"
+
+/* Test suite stuff */
+#include "test.h"
+#include "fakechans.h"
+
+/* The channeltls unit tests */
+static void test_channeltls_create(void *arg);
+static void test_channeltls_num_bytes_queued(void *arg);
+static void test_channeltls_overhead_estimate(void *arg);
+
+/* Mocks used by channeltls unit tests */
+static size_t tlschan_buf_datalen_mock(const buf_t *buf);
+static or_connection_t * tlschan_connection_or_connect_mock(
+    const tor_addr_t *addr,
+    uint16_t port,
+    const char *digest,
+    channel_tls_t *tlschan);
+static int tlschan_is_local_addr_mock(const tor_addr_t *addr);
+
+/* Fake close method */
+static void tlschan_fake_close_method(channel_t *chan);
+
+/* Flags controlling behavior of channeltls unit test mocks */
+static int tlschan_local = 0;
+static const buf_t * tlschan_buf_datalen_mock_target = NULL;
+static size_t tlschan_buf_datalen_mock_size = 0;
+
+/* Thing to cast to fake tor_tls_t * to appease assert_connection_ok() */
+static int fake_tortls = 0; /* Bleh... */
+
+static void
+test_channeltls_create(void *arg)
+{
+  tor_addr_t test_addr;
+  channel_t *ch = NULL;
+  const char test_digest[DIGEST_LEN] = {
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+    0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14 };
+
+  (void)arg;
+
+  /* Set up a fake address to fake-connect to */
+  test_addr.family = AF_INET;
+  test_addr.addr.in_addr.s_addr = htonl(0x01020304);
+
+  /* For this test we always want the address to be treated as non-local */
+  tlschan_local = 0;
+  /* Install is_local_addr() mock */
+  MOCK(is_local_addr, tlschan_is_local_addr_mock);
+
+  /* Install mock for connection_or_connect() */
+  MOCK(connection_or_connect, tlschan_connection_or_connect_mock);
+
+  /* Try connecting */
+  ch = channel_tls_connect(&test_addr, 567, test_digest);
+  tt_assert(ch != NULL);
+
+ done:
+  if (ch) {
+    MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+    /*
+     * Use fake close method that doesn't try to do too much to fake
+     * orconn
+     */
+    ch->close = tlschan_fake_close_method;
+    channel_mark_for_close(ch);
+    free_fake_channel(ch);
+    UNMOCK(scheduler_release_channel);
+  }
+
+  UNMOCK(connection_or_connect);
+  UNMOCK(is_local_addr);
+
+  return;
+}
+
+static void
+test_channeltls_num_bytes_queued(void *arg)
+{
+  tor_addr_t test_addr;
+  channel_t *ch = NULL;
+  const char test_digest[DIGEST_LEN] = {
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+    0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14 };
+  channel_tls_t *tlschan = NULL;
+  size_t len;
+  int fake_outbuf = 0, n;
+
+  (void)arg;
+
+  /* Set up a fake address to fake-connect to */
+  test_addr.family = AF_INET;
+  test_addr.addr.in_addr.s_addr = htonl(0x01020304);
+
+  /* For this test we always want the address to be treated as non-local */
+  tlschan_local = 0;
+  /* Install is_local_addr() mock */
+  MOCK(is_local_addr, tlschan_is_local_addr_mock);
+
+  /* Install mock for connection_or_connect() */
+  MOCK(connection_or_connect, tlschan_connection_or_connect_mock);
+
+  /* Try connecting */
+  ch = channel_tls_connect(&test_addr, 567, test_digest);
+  tt_assert(ch != NULL);
+
+  /*
+   * Next, we have to test ch->num_bytes_queued, which is
+   * channel_tls_num_bytes_queued_method.  We can't mock
+   * connection_get_outbuf_len() directly because it's static inline
+   * in connection.h, but we can mock buf_datalen().  Note that
+   * if bufferevents ever work, this will break with them enabled.
+   */
+
+  tt_assert(ch->num_bytes_queued != NULL);
+  tlschan = BASE_CHAN_TO_TLS(ch);
+  tt_assert(tlschan != NULL);
+  if (TO_CONN(tlschan->conn)->outbuf == NULL) {
+    /* We need an outbuf to make sure buf_datalen() gets called */
+    fake_outbuf = 1;
+    TO_CONN(tlschan->conn)->outbuf = buf_new();
+  }
+  tlschan_buf_datalen_mock_target = TO_CONN(tlschan->conn)->outbuf;
+  tlschan_buf_datalen_mock_size = 1024;
+  MOCK(buf_datalen, tlschan_buf_datalen_mock);
+  len = ch->num_bytes_queued(ch);
+  tt_int_op(len, ==, tlschan_buf_datalen_mock_size);
+  /*
+   * We also cover num_cells_writeable here; since wide_circ_ids = 0 on
+   * the fake tlschans, cell_network_size returns 512, and so with
+   * tlschan_buf_datalen_mock_size == 1024, we should be able to write
+   * ceil((OR_CONN_HIGHWATER - 1024) / 512) = ceil(OR_CONN_HIGHWATER / 512)
+   * - 2 cells.
+   */
+  n = ch->num_cells_writeable(ch);
+  tt_int_op(n, ==, CEIL_DIV(OR_CONN_HIGHWATER, 512) - 2);
+  UNMOCK(buf_datalen);
+  tlschan_buf_datalen_mock_target = NULL;
+  tlschan_buf_datalen_mock_size = 0;
+  if (fake_outbuf) {
+    buf_free(TO_CONN(tlschan->conn)->outbuf);
+    TO_CONN(tlschan->conn)->outbuf = NULL;
+  }
+
+ done:
+  if (ch) {
+    MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+    /*
+     * Use fake close method that doesn't try to do too much to fake
+     * orconn
+     */
+    ch->close = tlschan_fake_close_method;
+    channel_mark_for_close(ch);
+    free_fake_channel(ch);
+    UNMOCK(scheduler_release_channel);
+  }
+
+  UNMOCK(connection_or_connect);
+  UNMOCK(is_local_addr);
+
+  return;
+}
+
+static void
+test_channeltls_overhead_estimate(void *arg)
+{
+  tor_addr_t test_addr;
+  channel_t *ch = NULL;
+  const char test_digest[DIGEST_LEN] = {
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+    0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14 };
+  float r;
+  channel_tls_t *tlschan = NULL;
+
+  (void)arg;
+
+  /* Set up a fake address to fake-connect to */
+  test_addr.family = AF_INET;
+  test_addr.addr.in_addr.s_addr = htonl(0x01020304);
+
+  /* For this test we always want the address to be treated as non-local */
+  tlschan_local = 0;
+  /* Install is_local_addr() mock */
+  MOCK(is_local_addr, tlschan_is_local_addr_mock);
+
+  /* Install mock for connection_or_connect() */
+  MOCK(connection_or_connect, tlschan_connection_or_connect_mock);
+
+  /* Try connecting */
+  ch = channel_tls_connect(&test_addr, 567, test_digest);
+  tt_assert(ch != NULL);
+
+  /* First case: silly low ratios should get clamped to 1.0f */
+  tlschan = BASE_CHAN_TO_TLS(ch);
+  tt_assert(tlschan != NULL);
+  tlschan->conn->bytes_xmitted = 128;
+  tlschan->conn->bytes_xmitted_by_tls = 64;
+  r = ch->get_overhead_estimate(ch);
+  tt_assert(fabsf(r - 1.0f) < 1E-12);
+
+  tlschan->conn->bytes_xmitted_by_tls = 127;
+  r = ch->get_overhead_estimate(ch);
+  tt_assert(fabsf(r - 1.0f) < 1E-12);
+
+  /* Now middle of the range */
+  tlschan->conn->bytes_xmitted_by_tls = 192;
+  r = ch->get_overhead_estimate(ch);
+  tt_assert(fabsf(r - 1.5f) < 1E-12);
+
+  /* Now above the 2.0f clamp */
+  tlschan->conn->bytes_xmitted_by_tls = 257;
+  r = ch->get_overhead_estimate(ch);
+  tt_assert(fabsf(r - 2.0f) < 1E-12);
+
+  tlschan->conn->bytes_xmitted_by_tls = 512;
+  r = ch->get_overhead_estimate(ch);
+  tt_assert(fabsf(r - 2.0f) < 1E-12);
+
+ done:
+  if (ch) {
+    MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+    /*
+     * Use fake close method that doesn't try to do too much to fake
+     * orconn
+     */
+    ch->close = tlschan_fake_close_method;
+    channel_mark_for_close(ch);
+    free_fake_channel(ch);
+    UNMOCK(scheduler_release_channel);
+  }
+
+  UNMOCK(connection_or_connect);
+  UNMOCK(is_local_addr);
+
+  return;
+}
+
+static size_t
+tlschan_buf_datalen_mock(const buf_t *buf)
+{
+  if (buf != NULL && buf == tlschan_buf_datalen_mock_target) {
+    return tlschan_buf_datalen_mock_size;
+  } else {
+    return buf_datalen__real(buf);
+  }
+}
+
+static or_connection_t *
+tlschan_connection_or_connect_mock(const tor_addr_t *addr,
+                                   uint16_t port,
+                                   const char *digest,
+                                   channel_tls_t *tlschan)
+{
+  or_connection_t *result = NULL;
+
+  tt_assert(addr != NULL);
+  tt_assert(port != 0);
+  tt_assert(digest != NULL);
+  tt_assert(tlschan != NULL);
+
+  /* Make a fake orconn */
+  result = tor_malloc_zero(sizeof(*result));
+  result->base_.magic = OR_CONNECTION_MAGIC;
+  result->base_.state = OR_CONN_STATE_OPEN;
+  result->base_.type = CONN_TYPE_OR;
+  result->base_.socket_family = addr->family;
+  result->base_.address = tor_strdup("<fake>");
+  memcpy(&(result->base_.addr), addr, sizeof(tor_addr_t));
+  result->base_.port = port;
+  memcpy(result->identity_digest, digest, DIGEST_LEN);
+  result->chan = tlschan;
+  memcpy(&(result->real_addr), addr, sizeof(tor_addr_t));
+  result->tls = (tor_tls_t *)((void *)(&fake_tortls));
+
+ done:
+  return result;
+}
+
+static void
+tlschan_fake_close_method(channel_t *chan)
+{
+  channel_tls_t *tlschan = NULL;
+
+  tt_assert(chan != NULL);
+  tt_int_op(chan->magic, ==, TLS_CHAN_MAGIC);
+
+  tlschan = BASE_CHAN_TO_TLS(chan);
+  tt_assert(tlschan != NULL);
+
+  /* Just free the fake orconn */
+  tor_free(tlschan->conn->base_.address);
+  tor_free(tlschan->conn);
+
+  channel_closed(chan);
+
+ done:
+  return;
+}
+
+static int
+tlschan_is_local_addr_mock(const tor_addr_t *addr)
+{
+  tt_assert(addr != NULL);
+
+ done:
+  return tlschan_local;
+}
+
+struct testcase_t channeltls_tests[] = {
+  { "create", test_channeltls_create, TT_FORK, NULL, NULL },
+  { "num_bytes_queued", test_channeltls_num_bytes_queued,
+    TT_FORK, NULL, NULL },
+  { "overhead_estimate", test_channeltls_overhead_estimate,
+    TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c
new file mode 100644
index 0000000000..fbb33f87f6
--- /dev/null
+++ b/src/test/test_checkdir.c
@@ -0,0 +1,149 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#include "or.h"
+
+#ifdef _WIN32
+#include <direct.h>
+#else
+#include <dirent.h>
+#endif
+
+#include "config.h"
+#include "test.h"
+#include "util.h"
+
+#ifdef _WIN32
+#define mkdir(a,b) mkdir(a)
+#define tt_int_op_nowin(a,op,b) do { (void)(a); (void)(b); } while (0)
+#define umask(mask) ((void)0)
+#else
+#define tt_int_op_nowin(a,op,b) tt_int_op((a),op,(b))
+#endif
+
+/** Run unit tests for private dir permission enforcement logic. */
+static void
+test_checkdir_perms(void *testdata)
+{
+  (void)testdata;
+  or_options_t *options = get_options_mutable();
+  const char *subdir = "test_checkdir";
+  char *testdir = NULL;
+  cpd_check_t  cpd_chkopts;
+  cpd_check_t  unix_create_opts;
+  cpd_check_t  unix_verify_optsmask;
+  struct stat st;
+
+  umask(022);
+
+  /* setup data directory before tests. */
+  tor_free(options->DataDirectory);
+  options->DataDirectory = tor_strdup(get_fname(subdir));
+  tt_int_op(mkdir(options->DataDirectory, 0750), OP_EQ, 0);
+
+  /* test: create new dir, no flags. */
+  testdir = get_datadir_fname("checkdir_new_none");
+  cpd_chkopts = CPD_CREATE;
+  unix_verify_optsmask = 0077;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: create new dir, CPD_GROUP_OK option set. */
+  testdir = get_datadir_fname("checkdir_new_groupok");
+  cpd_chkopts = CPD_CREATE|CPD_GROUP_OK;
+  unix_verify_optsmask = 0077;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: should get an error on existing dir with
+           wrong perms */
+  testdir = get_datadir_fname("checkdir_new_groupok_err");
+  tt_int_op(0, OP_EQ, mkdir(testdir, 027));
+  cpd_chkopts = CPD_CHECK_MODE_ONLY|CPD_CREATE|CPD_GROUP_OK;
+  tt_int_op_nowin(-1, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tor_free(testdir);
+
+  /* test: create new dir, CPD_GROUP_READ option set. */
+  testdir = get_datadir_fname("checkdir_new_groupread");
+  cpd_chkopts = CPD_CREATE|CPD_GROUP_READ;
+  unix_verify_optsmask = 0027;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: check existing dir created with defaults,
+            and verify with CPD_CREATE only. */
+  testdir = get_datadir_fname("checkdir_exists_none");
+  cpd_chkopts = CPD_CREATE;
+  unix_create_opts = 0700;
+  (void)unix_create_opts;
+  unix_verify_optsmask = 0077;
+  tt_int_op(0, OP_EQ, mkdir(testdir, unix_create_opts));
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: check existing dir created with defaults,
+            and verify with CPD_GROUP_OK option set. */
+  testdir = get_datadir_fname("checkdir_exists_groupok");
+  cpd_chkopts = CPD_CREATE;
+  unix_verify_optsmask = 0077;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  cpd_chkopts = CPD_GROUP_OK;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: check existing dir created with defaults,
+            and verify with CPD_GROUP_READ option set. */
+  testdir = get_datadir_fname("checkdir_exists_groupread");
+  cpd_chkopts = CPD_CREATE;
+  unix_verify_optsmask = 0027;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  cpd_chkopts = CPD_GROUP_READ;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: check existing dir created with CPD_GROUP_READ,
+            and verify with CPD_GROUP_OK option set. */
+  testdir = get_datadir_fname("checkdir_existsread_groupok");
+  cpd_chkopts = CPD_CREATE|CPD_GROUP_READ;
+  unix_verify_optsmask = 0027;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  cpd_chkopts = CPD_GROUP_OK;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+  tor_free(testdir);
+
+  /* test: check existing dir created with CPD_GROUP_READ,
+            and verify with CPD_GROUP_READ option set. */
+  testdir = get_datadir_fname("checkdir_existsread_groupread");
+  cpd_chkopts = CPD_CREATE|CPD_GROUP_READ;
+  unix_verify_optsmask = 0027;
+  tt_int_op(0, OP_EQ, check_private_dir(testdir, cpd_chkopts, NULL));
+  tt_int_op(0, OP_EQ, stat(testdir, &st));
+  tt_int_op_nowin(0, OP_EQ, (st.st_mode & unix_verify_optsmask));
+
+ done:
+  tor_free(testdir);
+}
+
+#define CHECKDIR(name,flags)                              \
+  { #name, test_checkdir_##name, (flags), NULL, NULL }
+
+struct testcase_t checkdir_tests[] = {
+  CHECKDIR(perms, TT_FORK),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_circuitlist.c b/src/test/test_circuitlist.c
index b19edd1fd4..1e640b5709 100644
--- a/src/test/test_circuitlist.c
+++ b/src/test/test_circuitlist.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define TOR_CHANNEL_INTERNAL_
@@ -50,17 +50,17 @@ circuitmux_detach_mock(circuitmux_t *cmux, circuit_t *circ)
 }
 
 #define GOT_CMUX_ATTACH(mux_, circ_, dir_) do {  \
-    tt_int_op(cam.ncalls, ==, 1);                \
-    tt_ptr_op(cam.cmux, ==, (mux_));             \
-    tt_ptr_op(cam.circ, ==, (circ_));            \
-    tt_int_op(cam.dir, ==, (dir_));              \
+    tt_int_op(cam.ncalls, OP_EQ, 1);                \
+    tt_ptr_op(cam.cmux, OP_EQ, (mux_));             \
+    tt_ptr_op(cam.circ, OP_EQ, (circ_));            \
+    tt_int_op(cam.dir, OP_EQ, (dir_));              \
     memset(&cam, 0, sizeof(cam));                \
   } while (0)
 
 #define GOT_CMUX_DETACH(mux_, circ_) do {        \
-    tt_int_op(cdm.ncalls, ==, 1);                \
-    tt_ptr_op(cdm.cmux, ==, (mux_));             \
-    tt_ptr_op(cdm.circ, ==, (circ_));            \
+    tt_int_op(cdm.ncalls, OP_EQ, 1);                \
+    tt_ptr_op(cdm.cmux, OP_EQ, (mux_));             \
+    tt_ptr_op(cdm.circ, OP_EQ, (circ_));            \
     memset(&cdm, 0, sizeof(cdm));                \
   } while (0)
 
@@ -79,21 +79,25 @@ test_clist_maps(void *arg)
   memset(&cam, 0, sizeof(cam));
   memset(&cdm, 0, sizeof(cdm));
 
-  ch1->cmux = (void*)0x1001;
-  ch2->cmux = (void*)0x1002;
-  ch3->cmux = (void*)0x1003;
+  tt_assert(ch1);
+  tt_assert(ch2);
+  tt_assert(ch3);
+
+  ch1->cmux = tor_malloc(1);
+  ch2->cmux = tor_malloc(1);
+  ch3->cmux = tor_malloc(1);
 
   or_c1 = or_circuit_new(100, ch2);
   tt_assert(or_c1);
   GOT_CMUX_ATTACH(ch2->cmux, or_c1, CELL_DIRECTION_IN);
-  tt_int_op(or_c1->p_circ_id, ==, 100);
-  tt_ptr_op(or_c1->p_chan, ==, ch2);
+  tt_int_op(or_c1->p_circ_id, OP_EQ, 100);
+  tt_ptr_op(or_c1->p_chan, OP_EQ, ch2);
 
   or_c2 = or_circuit_new(100, ch1);
   tt_assert(or_c2);
   GOT_CMUX_ATTACH(ch1->cmux, or_c2, CELL_DIRECTION_IN);
-  tt_int_op(or_c2->p_circ_id, ==, 100);
-  tt_ptr_op(or_c2->p_chan, ==, ch1);
+  tt_int_op(or_c2->p_circ_id, OP_EQ, 100);
+  tt_ptr_op(or_c2->p_chan, OP_EQ, ch1);
 
   circuit_set_n_circid_chan(TO_CIRCUIT(or_c1), 200, ch1);
   GOT_CMUX_ATTACH(ch1->cmux, or_c1, CELL_DIRECTION_OUT);
@@ -101,11 +105,11 @@ test_clist_maps(void *arg)
   circuit_set_n_circid_chan(TO_CIRCUIT(or_c2), 200, ch2);
   GOT_CMUX_ATTACH(ch2->cmux, or_c2, CELL_DIRECTION_OUT);
 
-  tt_ptr_op(circuit_get_by_circid_channel(200, ch1), ==, TO_CIRCUIT(or_c1));
-  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), ==, TO_CIRCUIT(or_c2));
-  tt_ptr_op(circuit_get_by_circid_channel(100, ch2), ==, TO_CIRCUIT(or_c1));
+  tt_ptr_op(circuit_get_by_circid_channel(200, ch1), OP_EQ, TO_CIRCUIT(or_c1));
+  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), OP_EQ, TO_CIRCUIT(or_c2));
+  tt_ptr_op(circuit_get_by_circid_channel(100, ch2), OP_EQ, TO_CIRCUIT(or_c1));
   /* Try the same thing again, to test the "fast" path. */
-  tt_ptr_op(circuit_get_by_circid_channel(100, ch2), ==, TO_CIRCUIT(or_c1));
+  tt_ptr_op(circuit_get_by_circid_channel(100, ch2), OP_EQ, TO_CIRCUIT(or_c1));
   tt_assert(circuit_id_in_use_on_channel(100, ch2));
   tt_assert(! circuit_id_in_use_on_channel(101, ch2));
 
@@ -113,9 +117,9 @@ test_clist_maps(void *arg)
   circuit_set_p_circid_chan(or_c1, 500, ch3);
   GOT_CMUX_DETACH(ch2->cmux, TO_CIRCUIT(or_c1));
   GOT_CMUX_ATTACH(ch3->cmux, TO_CIRCUIT(or_c1), CELL_DIRECTION_IN);
-  tt_ptr_op(circuit_get_by_circid_channel(100, ch2), ==, NULL);
+  tt_ptr_op(circuit_get_by_circid_channel(100, ch2), OP_EQ, NULL);
   tt_assert(! circuit_id_in_use_on_channel(100, ch2));
-  tt_ptr_op(circuit_get_by_circid_channel(500, ch3), ==, TO_CIRCUIT(or_c1));
+  tt_ptr_op(circuit_get_by_circid_channel(500, ch3), OP_EQ, TO_CIRCUIT(or_c1));
 
   /* Now let's see about destroy handling. */
   tt_assert(! circuit_id_in_use_on_channel(205, ch2));
@@ -128,26 +132,26 @@ test_clist_maps(void *arg)
   tt_assert(circuit_id_in_use_on_channel(100, ch1));
 
   tt_assert(TO_CIRCUIT(or_c2)->n_delete_pending != 0);
-  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), ==, TO_CIRCUIT(or_c2));
-  tt_ptr_op(circuit_get_by_circid_channel(100, ch1), ==, TO_CIRCUIT(or_c2));
+  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), OP_EQ, TO_CIRCUIT(or_c2));
+  tt_ptr_op(circuit_get_by_circid_channel(100, ch1), OP_EQ, TO_CIRCUIT(or_c2));
 
   /* Okay, now free ch2 and make sure that the circuit ID is STILL not
    * usable, because we haven't declared the destroy to be nonpending */
-  tt_int_op(cdm.ncalls, ==, 0);
+  tt_int_op(cdm.ncalls, OP_EQ, 0);
   circuit_free(TO_CIRCUIT(or_c2));
   or_c2 = NULL; /* prevent free */
-  tt_int_op(cdm.ncalls, ==, 2);
+  tt_int_op(cdm.ncalls, OP_EQ, 2);
   memset(&cdm, 0, sizeof(cdm));
   tt_assert(circuit_id_in_use_on_channel(200, ch2));
   tt_assert(circuit_id_in_use_on_channel(100, ch1));
-  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), ==, NULL);
-  tt_ptr_op(circuit_get_by_circid_channel(100, ch1), ==, NULL);
+  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), OP_EQ, NULL);
+  tt_ptr_op(circuit_get_by_circid_channel(100, ch1), OP_EQ, NULL);
 
   /* Now say that the destroy is nonpending */
   channel_note_destroy_not_pending(ch2, 200);
-  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), ==, NULL);
+  tt_ptr_op(circuit_get_by_circid_channel(200, ch2), OP_EQ, NULL);
   channel_note_destroy_not_pending(ch1, 100);
-  tt_ptr_op(circuit_get_by_circid_channel(100, ch1), ==, NULL);
+  tt_ptr_op(circuit_get_by_circid_channel(100, ch1), OP_EQ, NULL);
   tt_assert(! circuit_id_in_use_on_channel(200, ch2));
   tt_assert(! circuit_id_in_use_on_channel(100, ch1));
 
@@ -156,6 +160,12 @@ test_clist_maps(void *arg)
     circuit_free(TO_CIRCUIT(or_c1));
   if (or_c2)
     circuit_free(TO_CIRCUIT(or_c2));
+  if (ch1)
+    tor_free(ch1->cmux);
+  if (ch2)
+    tor_free(ch2->cmux);
+  if (ch3)
+    tor_free(ch3->cmux);
   tor_free(ch1);
   tor_free(ch2);
   tor_free(ch3);
@@ -180,73 +190,73 @@ test_rend_token_maps(void *arg)
   c4 = or_circuit_new(0, NULL);
 
   /* Make sure we really filled up the tok* variables */
-  tt_int_op(tok1[REND_TOKEN_LEN-1], ==, 'y');
-  tt_int_op(tok2[REND_TOKEN_LEN-1], ==, ' ');
-  tt_int_op(tok3[REND_TOKEN_LEN-1], ==, '.');
+  tt_int_op(tok1[REND_TOKEN_LEN-1], OP_EQ, 'y');
+  tt_int_op(tok2[REND_TOKEN_LEN-1], OP_EQ, ' ');
+  tt_int_op(tok3[REND_TOKEN_LEN-1], OP_EQ, '.');
 
   /* No maps; nothing there. */
-  tt_ptr_op(NULL, ==, circuit_get_rendezvous(tok1));
-  tt_ptr_op(NULL, ==, circuit_get_intro_point(tok1));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_rendezvous(tok1));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_intro_point(tok1));
 
   circuit_set_rendezvous_cookie(c1, tok1);
   circuit_set_intro_point_digest(c2, tok2);
 
-  tt_ptr_op(NULL, ==, circuit_get_rendezvous(tok3));
-  tt_ptr_op(NULL, ==, circuit_get_intro_point(tok3));
-  tt_ptr_op(NULL, ==, circuit_get_rendezvous(tok2));
-  tt_ptr_op(NULL, ==, circuit_get_intro_point(tok1));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_rendezvous(tok3));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_intro_point(tok3));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_rendezvous(tok2));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_intro_point(tok1));
 
   /* Without purpose set, we don't get the circuits */
-  tt_ptr_op(NULL, ==, circuit_get_rendezvous(tok1));
-  tt_ptr_op(NULL, ==, circuit_get_intro_point(tok2));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_rendezvous(tok1));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_intro_point(tok2));
 
   c1->base_.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING;
   c2->base_.purpose = CIRCUIT_PURPOSE_INTRO_POINT;
 
   /* Okay, make sure they show up now. */
-  tt_ptr_op(c1, ==, circuit_get_rendezvous(tok1));
-  tt_ptr_op(c2, ==, circuit_get_intro_point(tok2));
+  tt_ptr_op(c1, OP_EQ, circuit_get_rendezvous(tok1));
+  tt_ptr_op(c2, OP_EQ, circuit_get_intro_point(tok2));
 
   /* Two items at the same place with the same token. */
   c3->base_.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING;
   circuit_set_rendezvous_cookie(c3, tok2);
-  tt_ptr_op(c2, ==, circuit_get_intro_point(tok2));
-  tt_ptr_op(c3, ==, circuit_get_rendezvous(tok2));
+  tt_ptr_op(c2, OP_EQ, circuit_get_intro_point(tok2));
+  tt_ptr_op(c3, OP_EQ, circuit_get_rendezvous(tok2));
 
   /* Marking a circuit makes it not get returned any more */
   circuit_mark_for_close(TO_CIRCUIT(c1), END_CIRC_REASON_FINISHED);
-  tt_ptr_op(NULL, ==, circuit_get_rendezvous(tok1));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_rendezvous(tok1));
   circuit_free(TO_CIRCUIT(c1));
   c1 = NULL;
 
   /* Freeing a circuit makes it not get returned any more. */
   circuit_free(TO_CIRCUIT(c2));
   c2 = NULL;
-  tt_ptr_op(NULL, ==, circuit_get_intro_point(tok2));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_intro_point(tok2));
 
   /* c3 -- are you still there? */
-  tt_ptr_op(c3, ==, circuit_get_rendezvous(tok2));
+  tt_ptr_op(c3, OP_EQ, circuit_get_rendezvous(tok2));
   /* Change its cookie.  This never happens in Tor per se, but hey. */
   c3->base_.purpose = CIRCUIT_PURPOSE_INTRO_POINT;
   circuit_set_intro_point_digest(c3, tok3);
 
-  tt_ptr_op(NULL, ==, circuit_get_rendezvous(tok2));
-  tt_ptr_op(c3, ==, circuit_get_intro_point(tok3));
+  tt_ptr_op(NULL, OP_EQ, circuit_get_rendezvous(tok2));
+  tt_ptr_op(c3, OP_EQ, circuit_get_intro_point(tok3));
 
   /* Now replace c3 with c4. */
   c4->base_.purpose = CIRCUIT_PURPOSE_INTRO_POINT;
   circuit_set_intro_point_digest(c4, tok3);
 
-  tt_ptr_op(c4, ==, circuit_get_intro_point(tok3));
+  tt_ptr_op(c4, OP_EQ, circuit_get_intro_point(tok3));
 
-  tt_ptr_op(c3->rendinfo, ==, NULL);
-  tt_ptr_op(c4->rendinfo, !=, NULL);
-  test_mem_op(c4->rendinfo, ==, tok3, REND_TOKEN_LEN);
+  tt_ptr_op(c3->rendinfo, OP_EQ, NULL);
+  tt_ptr_op(c4->rendinfo, OP_NE, NULL);
+  tt_mem_op(c4->rendinfo, OP_EQ, tok3, REND_TOKEN_LEN);
 
   /* Now clear c4's cookie. */
   circuit_set_intro_point_digest(c4, NULL);
-  tt_ptr_op(c4->rendinfo, ==, NULL);
-  tt_ptr_op(NULL, ==, circuit_get_intro_point(tok3));
+  tt_ptr_op(c4->rendinfo, OP_EQ, NULL);
+  tt_ptr_op(NULL, OP_EQ, circuit_get_intro_point(tok3));
 
  done:
   if (c1)
@@ -273,32 +283,32 @@ test_pick_circid(void *arg)
   chan2->wide_circ_ids = 1;
 
   chan1->circ_id_type = CIRC_ID_TYPE_NEITHER;
-  tt_int_op(0, ==, get_unique_circ_id_by_chan(chan1));
+  tt_int_op(0, OP_EQ, get_unique_circ_id_by_chan(chan1));
 
   /* Basic tests, with no collisions */
   chan1->circ_id_type = CIRC_ID_TYPE_LOWER;
   for (i = 0; i < 50; ++i) {
     circid = get_unique_circ_id_by_chan(chan1);
-    tt_uint_op(0, <, circid);
-    tt_uint_op(circid, <, (1<<15));
+    tt_uint_op(0, OP_LT, circid);
+    tt_uint_op(circid, OP_LT, (1<<15));
   }
   chan1->circ_id_type = CIRC_ID_TYPE_HIGHER;
   for (i = 0; i < 50; ++i) {
     circid = get_unique_circ_id_by_chan(chan1);
-    tt_uint_op((1<<15), <, circid);
-    tt_uint_op(circid, <, (1<<16));
+    tt_uint_op((1<<15), OP_LT, circid);
+    tt_uint_op(circid, OP_LT, (1<<16));
   }
 
   chan2->circ_id_type = CIRC_ID_TYPE_LOWER;
   for (i = 0; i < 50; ++i) {
     circid = get_unique_circ_id_by_chan(chan2);
-    tt_uint_op(0, <, circid);
-    tt_uint_op(circid, <, (1u<<31));
+    tt_uint_op(0, OP_LT, circid);
+    tt_uint_op(circid, OP_LT, (1u<<31));
   }
   chan2->circ_id_type = CIRC_ID_TYPE_HIGHER;
   for (i = 0; i < 50; ++i) {
     circid = get_unique_circ_id_by_chan(chan2);
-    tt_uint_op((1u<<31), <, circid);
+    tt_uint_op((1u<<31), OP_LT, circid);
   }
 
   /* Now make sure that we can behave well when we are full up on circuits */
@@ -309,20 +319,20 @@ test_pick_circid(void *arg)
   for (i = 0; i < (1<<15); ++i) {
     circid = get_unique_circ_id_by_chan(chan1);
     if (circid == 0) {
-      tt_int_op(i, >, (1<<14));
+      tt_int_op(i, OP_GT, (1<<14));
       break;
     }
-    tt_uint_op(circid, <, (1<<15));
+    tt_uint_op(circid, OP_LT, (1<<15));
     tt_assert(! bitarray_is_set(ba, circid));
     bitarray_set(ba, circid);
     channel_mark_circid_unusable(chan1, circid);
   }
-  tt_int_op(i, <, (1<<15));
+  tt_int_op(i, OP_LT, (1<<15));
   /* Make sure that being full on chan1 does not interfere with chan2 */
   for (i = 0; i < 100; ++i) {
     circid = get_unique_circ_id_by_chan(chan2);
-    tt_uint_op(circid, >, 0);
-    tt_uint_op(circid, <, (1<<15));
+    tt_uint_op(circid, OP_GT, 0);
+    tt_uint_op(circid, OP_LT, (1<<15));
     channel_mark_circid_unusable(chan2, circid);
   }
 
diff --git a/src/test/test_circuitmux.c b/src/test/test_circuitmux.c
index b9c0436ebf..9e8fb54964 100644
--- a/src/test/test_circuitmux.c
+++ b/src/test/test_circuitmux.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define TOR_CHANNEL_INTERNAL_
@@ -8,6 +8,7 @@
 #include "channel.h"
 #include "circuitmux.h"
 #include "relay.h"
+#include "scheduler.h"
 #include "test.h"
 
 /* XXXX duplicated function from test_circuitlist.c */
@@ -36,9 +37,8 @@ test_cmux_destroy_cell_queue(void *arg)
   cell_queue_t *cq = NULL;
   packed_cell_t *pc = NULL;
 
-#ifdef ENABLE_MEMPOOLS
-  init_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
+  scheduler_init();
+
   (void) arg;
 
   cmux = circuitmux_alloc();
@@ -55,30 +55,26 @@ test_cmux_destroy_cell_queue(void *arg)
   circuitmux_append_destroy_cell(ch, cmux, 190, 6);
   circuitmux_append_destroy_cell(ch, cmux, 30, 1);
 
-  tt_int_op(circuitmux_num_cells(cmux), ==, 3);
+  tt_int_op(circuitmux_num_cells(cmux), OP_EQ, 3);
 
   circ = circuitmux_get_first_active_circuit(cmux, &cq);
   tt_assert(!circ);
   tt_assert(cq);
 
-  tt_int_op(cq->n, ==, 3);
+  tt_int_op(cq->n, OP_EQ, 3);
 
   pc = cell_queue_pop(cq);
   tt_assert(pc);
-  test_mem_op(pc->body, ==, "\x00\x00\x00\x64\x04\x0a\x00\x00\x00", 9);
+  tt_mem_op(pc->body, OP_EQ, "\x00\x00\x00\x64\x04\x0a\x00\x00\x00", 9);
   packed_cell_free(pc);
   pc = NULL;
 
-  tt_int_op(circuitmux_num_cells(cmux), ==, 2);
+  tt_int_op(circuitmux_num_cells(cmux), OP_EQ, 2);
 
  done:
   circuitmux_free(cmux);
   channel_free(ch);
   packed_cell_free(pc);
-
-#ifdef ENABLE_MEMPOOLS
-  free_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
 }
 
 struct testcase_t circuitmux_tests[] = {
diff --git a/src/test/test_cmdline_args.py b/src/test/test_cmdline_args.py
deleted file mode 100755
index 55d1cdb805..0000000000
--- a/src/test/test_cmdline_args.py
+++ /dev/null
@@ -1,292 +0,0 @@
-#!/usr/bin/python
-
-import binascii
-import hashlib
-import os
-import re
-import shutil
-import subprocess
-import sys
-import tempfile
-import unittest
-
-TOR = "./src/or/tor"
-TOP_SRCDIR = "."
-
-if len(sys.argv) > 1:
-    TOR = sys.argv[1]
-    del sys.argv[1]
-
-if len(sys.argv) > 1:
-    TOP_SRCDIR = sys.argv[1]
-    del sys.argv[1]
-
-class UnexpectedSuccess(Exception):
-    pass
-
-class UnexpectedFailure(Exception):
-    pass
-
-if sys.version < '3':
-    def b2s(b):
-       return b
-    def s2b(s):
-       return s
-    def NamedTemporaryFile():
-       return tempfile.NamedTemporaryFile(delete=False)
-else:
-    def b2s(b):
-       return str(b, 'ascii')
-    def s2b(s):
-       return s.encode('ascii')
-    def NamedTemporaryFile():
-       return tempfile.NamedTemporaryFile(mode="w",delete=False,encoding="ascii")
-
-def contents(fn):
-    f = open(fn)
-    try:
-        return f.read()
-    finally:
-        f.close()
-
-def run_tor(args, failure=False):
-    p = subprocess.Popen([TOR] + args, stdout=subprocess.PIPE)
-    output, _ = p.communicate()
-    result = p.poll()
-    if result and not failure:
-        raise UnexpectedFailure()
-    elif not result and failure:
-        raise UnexpectedSuccess()
-    return b2s(output)
-
-def spaceify_fp(fp):
-    for i in range(0, len(fp), 4):
-        yield fp[i:i+4]
-
-def lines(s):
-    out = s.split("\n")
-    if out and out[-1] == '':
-        del out[-1]
-    return out
-
-def strip_log_junk(line):
-    m = re.match(r'([^\[]+\[[a-z]*\] *)(.*)', line)
-    if not m:
-        return ""+line
-    return m.group(2).strip()
-
-def randstring(entropy_bytes):
-    s = os.urandom(entropy_bytes)
-    return b2s(binascii.b2a_hex(s))
-
-def findLineContaining(lines, s):
-    for ln in lines:
-        if s in ln:
-            return True
-    return False
-
-class CmdlineTests(unittest.TestCase):
-
-    def test_version(self):
-        out = run_tor(["--version"])
-        self.assertTrue(out.startswith("Tor version "))
-        self.assertEqual(len(lines(out)), 1)
-
-    def test_quiet(self):
-        out = run_tor(["--quiet", "--quumblebluffin", "1"], failure=True)
-        self.assertEqual(out, "")
-
-    def test_help(self):
-        out = run_tor(["--help"], failure=False)
-        out2 = run_tor(["-h"], failure=False)
-        self.assertTrue(out.startswith("Copyright (c) 2001"))
-        self.assertTrue(out.endswith(
-            "tor -f <torrc> [args]\n"
-            "See man page for options, or https://www.torproject.org/ for documentation.\n"))
-        self.assertTrue(out == out2)
-
-    def test_hush(self):
-        torrc = NamedTemporaryFile()
-        torrc.close()
-        try:
-            out = run_tor(["--hush", "-f", torrc.name,
-                           "--quumblebluffin", "1"], failure=True)
-        finally:
-            os.unlink(torrc.name)
-        self.assertEqual(len(lines(out)), 2)
-        ln = [ strip_log_junk(l) for l in lines(out) ]
-        self.assertEqual(ln[0], "Failed to parse/validate config: Unknown option 'quumblebluffin'.  Failing.")
-        self.assertEqual(ln[1], "Reading config failed--see warnings above.")
-
-    def test_missing_argument(self):
-        out = run_tor(["--hush", "--hash-password"], failure=True)
-        self.assertEqual(len(lines(out)), 2)
-        ln = [ strip_log_junk(l) for l in lines(out) ]
-        self.assertEqual(ln[0], "Command-line option '--hash-password' with no value. Failing.")
-
-    def test_hash_password(self):
-        out = run_tor(["--hash-password", "woodwose"])
-        result = lines(out)[-1]
-        self.assertEqual(result[:3], "16:")
-        self.assertEqual(len(result), 61)
-        r = binascii.a2b_hex(result[3:])
-        self.assertEqual(len(r), 29)
-
-        salt, how, hashed = r[:8], r[8], r[9:]
-        self.assertEqual(len(hashed), 20)
-        if type(how) == type("A"):
-          how = ord(how)
-
-        count = (16 + (how & 15)) << ((how >> 4) + 6)
-        stuff = salt + s2b("woodwose")
-        repetitions = count // len(stuff) + 1
-        inp = stuff * repetitions
-        inp = inp[:count]
-
-        self.assertEqual(hashlib.sha1(inp).digest(), hashed)
-
-    def test_digests(self):
-        main_c = os.path.join(TOP_SRCDIR, "src", "or", "main.c")
-
-        if os.stat(TOR).st_mtime < os.stat(main_c).st_mtime:
-            self.skipTest(TOR+" not up to date")
-        out = run_tor(["--digests"])
-        main_line = [ l for l in lines(out) if l.endswith("/main.c") ]
-        digest, name = main_line[0].split()
-        f = open(main_c, 'rb')
-        actual = hashlib.sha1(f.read()).hexdigest()
-        f.close()
-        self.assertEqual(digest, actual)
-
-    def test_dump_options(self):
-        default_torrc = NamedTemporaryFile()
-        torrc = NamedTemporaryFile()
-        torrc.write("SocksPort 9999")
-        torrc.close()
-        default_torrc.write("SafeLogging 0")
-        default_torrc.close()
-        out_sh = out_nb = out_fl = None
-        opts = [ "-f", torrc.name,
-                 "--defaults-torrc", default_torrc.name ]
-        try:
-            out_sh = run_tor(["--dump-config", "short"]+opts)
-            out_nb = run_tor(["--dump-config", "non-builtin"]+opts)
-            out_fl = run_tor(["--dump-config", "full"]+opts)
-            out_nr = run_tor(["--dump-config", "bliznert"]+opts,
-                             failure=True)
-
-            out_verif = run_tor(["--verify-config"]+opts)
-        finally:
-            os.unlink(torrc.name)
-            os.unlink(default_torrc.name)
-
-        self.assertEqual(len(lines(out_sh)), 2)
-        self.assertTrue(lines(out_sh)[0].startswith("DataDirectory "))
-        self.assertEqual(lines(out_sh)[1:],
-            [ "SocksPort 9999" ])
-
-        self.assertEqual(len(lines(out_nb)), 2)
-        self.assertEqual(lines(out_nb),
-            [ "SafeLogging 0",
-              "SocksPort 9999" ])
-
-        out_fl = lines(out_fl)
-        self.assertTrue(len(out_fl) > 100)
-        self.assertTrue("SocksPort 9999" in out_fl)
-        self.assertTrue("SafeLogging 0" in out_fl)
-        self.assertTrue("ClientOnly 0" in out_fl)
-
-        self.assertTrue(out_verif.endswith("Configuration was valid\n"))
-
-    def test_list_fingerprint(self):
-        tmpdir = tempfile.mkdtemp(prefix='ttca_')
-        torrc = NamedTemporaryFile()
-        torrc.write("ORPort 9999\n")
-        torrc.write("DataDirectory %s\n"%tmpdir)
-        torrc.write("Nickname tippi")
-        torrc.close()
-        opts = ["-f", torrc.name]
-        try:
-            out = run_tor(["--list-fingerprint"]+opts)
-            fp = contents(os.path.join(tmpdir, "fingerprint"))
-        finally:
-            os.unlink(torrc.name)
-            shutil.rmtree(tmpdir)
-
-        out = lines(out)
-        lastlog = strip_log_junk(out[-2])
-        lastline = out[-1]
-        fp = fp.strip()
-        nn_fp = fp.split()[0]
-        space_fp = " ".join(spaceify_fp(fp.split()[1]))
-        self.assertEqual(lastlog,
-              "Your Tor server's identity key fingerprint is '%s'"%fp)
-        self.assertEqual(lastline, "tippi %s"%space_fp)
-        self.assertEqual(nn_fp, "tippi")
-
-    def test_list_options(self):
-        out = lines(run_tor(["--list-torrc-options"]))
-        self.assertTrue(len(out)>100)
-        self.assertTrue(out[0] <= 'AccountingMax')
-        self.assertTrue("UseBridges" in out)
-        self.assertTrue("SocksPort" in out)
-
-    def test_cmdline_args(self):
-        default_torrc = NamedTemporaryFile()
-        torrc = NamedTemporaryFile()
-        torrc.write("SocksPort 9999\n")
-        torrc.write("SocksPort 9998\n")
-        torrc.write("ORPort 9000\n")
-        torrc.write("ORPort 9001\n")
-        torrc.write("Nickname eleventeen\n")
-        torrc.write("ControlPort 9500\n")
-        torrc.close()
-        default_torrc.write("")
-        default_torrc.close()
-        out_sh = out_nb = out_fl = None
-        opts = [ "-f", torrc.name,
-                 "--defaults-torrc", default_torrc.name,
-                 "--dump-config", "short" ]
-        try:
-            out_1 = run_tor(opts)
-            out_2 = run_tor(opts+["+ORPort", "9003",
-                                  "SocksPort", "9090",
-                                  "/ControlPort",
-                                  "/TransPort",
-                                  "+ExtORPort", "9005"])
-        finally:
-            os.unlink(torrc.name)
-            os.unlink(default_torrc.name)
-
-        out_1 = [ l for l in lines(out_1) if not l.startswith("DataDir") ]
-        out_2 = [ l for l in lines(out_2) if not l.startswith("DataDir") ]
-
-        self.assertEqual(out_1,
-                          ["ControlPort 9500",
-                           "Nickname eleventeen",
-                           "ORPort 9000",
-                           "ORPort 9001",
-                           "SocksPort 9999",
-                           "SocksPort 9998"])
-        self.assertEqual(out_2,
-                          ["ExtORPort 9005",
-                           "Nickname eleventeen",
-                           "ORPort 9000",
-                           "ORPort 9001",
-                           "ORPort 9003",
-                           "SocksPort 9090"])
-
-    def test_missing_torrc(self):
-        fname = "nonexistent_file_"+randstring(8)
-        out = run_tor(["-f", fname, "--verify-config"], failure=True)
-        ln = [ strip_log_junk(l) for l in lines(out) ]
-        self.assertTrue("Unable to open configuration file" in ln[-2])
-        self.assertTrue("Reading config failed" in ln[-1])
-
-        out = run_tor(["-f", fname, "--verify-config", "--ignore-missing-torrc"])
-        ln = [ strip_log_junk(l) for l in lines(out) ]
-        self.assertTrue(findLineContaining(ln, ", using reasonable defaults"))
-        self.assertTrue("Configuration was valid" in ln[-1])
-
-if __name__ == '__main__':
-    unittest.main()
diff --git a/src/test/test_compat_libevent.c b/src/test/test_compat_libevent.c
new file mode 100644
index 0000000000..266ebbcf3b
--- /dev/null
+++ b/src/test/test_compat_libevent.c
@@ -0,0 +1,224 @@
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define COMPAT_LIBEVENT_PRIVATE
+#include "orconfig.h"
+#include "or.h"
+
+#include "test.h"
+
+#include "compat_libevent.h"
+
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#include <event2/thread.h>
+#ifdef USE_BUFFEREVENTS
+#include <event2/bufferevent.h>
+#endif
+#else
+#include <event.h>
+#endif
+
+#include "log_test_helpers.h"
+
+#define NS_MODULE compat_libevent
+
+static void
+test_compat_libevent_logging_callback(void *ignored)
+{
+  (void)ignored;
+  int previous_log = setup_capture_of_logs(LOG_DEBUG);
+
+  libevent_logging_callback(_EVENT_LOG_DEBUG, "hello world");
+  expect_log_msg("Message from libevent: hello world\n");
+  expect_log_severity(LOG_DEBUG);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(_EVENT_LOG_MSG, "hello world another time");
+  expect_log_msg("Message from libevent: hello world another time\n");
+  expect_log_severity(LOG_INFO);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(_EVENT_LOG_WARN, "hello world a third time");
+  expect_log_msg("Warning from libevent: hello world a third time\n");
+  expect_log_severity(LOG_WARN);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(_EVENT_LOG_ERR, "hello world a fourth time");
+  expect_log_msg("Error from libevent: hello world a fourth time\n");
+  expect_log_severity(LOG_ERR);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(42, "hello world a fifth time");
+  expect_log_msg("Message [42] from libevent: hello world a fifth time\n");
+  expect_log_severity(LOG_WARN);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(_EVENT_LOG_DEBUG,
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            );
+  expect_log_msg("Message from libevent: "
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+                            "012345678901234567890123456789"
+            "012345678901234567890123456789\n");
+  expect_log_severity(LOG_DEBUG);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(42, "xxx\n");
+  expect_log_msg("Message [42] from libevent: xxx\n");
+  expect_log_severity(LOG_WARN);
+
+  suppress_libevent_log_msg("something");
+  mock_clean_saved_logs();
+  libevent_logging_callback(_EVENT_LOG_MSG, "hello there");
+  expect_log_msg("Message from libevent: hello there\n");
+  expect_log_severity(LOG_INFO);
+
+  mock_clean_saved_logs();
+  libevent_logging_callback(_EVENT_LOG_MSG, "hello there something else");
+  expect_no_log_msg("hello there something else");
+
+  // No way of verifying the result of this, it seems =/
+  configure_libevent_logging();
+
+ done:
+  suppress_libevent_log_msg(NULL);
+  teardown_capture_of_logs(previous_log);
+}
+
+static void
+test_compat_libevent_le_versions_compatibility(void *ignored)
+{
+  (void)ignored;
+  int res;
+
+  res = le_versions_compatibility(LE_OTHER);
+  tt_int_op(res, OP_EQ, 0);
+
+  res = le_versions_compatibility(V_OLD(0,9,'c'));
+  tt_int_op(res, OP_EQ, 1);
+
+  res = le_versions_compatibility(V(1,3,98));
+  tt_int_op(res, OP_EQ, 2);
+
+  res = le_versions_compatibility(V(1,4,98));
+  tt_int_op(res, OP_EQ, 3);
+
+  res = le_versions_compatibility(V(1,5,0));
+  tt_int_op(res, OP_EQ, 4);
+
+  res = le_versions_compatibility(V(2,0,0));
+  tt_int_op(res, OP_EQ, 4);
+
+  res = le_versions_compatibility(V(2,0,2));
+  tt_int_op(res, OP_EQ, 5);
+
+ done:
+  (void)0;
+}
+
+static void
+test_compat_libevent_tor_decode_libevent_version(void *ignored)
+{
+  (void)ignored;
+  le_version_t res;
+
+  res = tor_decode_libevent_version("SOMETHING WRONG");
+  tt_int_op(res, OP_EQ, LE_OTHER);
+
+  res = tor_decode_libevent_version("1.4.11");
+  tt_int_op(res, OP_EQ, V(1,4,11));
+
+  res = tor_decode_libevent_version("1.4.12b-stable");
+  tt_int_op(res, OP_EQ, V(1,4,12));
+
+  res = tor_decode_libevent_version("1.4.17b_stable");
+  tt_int_op(res, OP_EQ, V(1,4,17));
+
+  res = tor_decode_libevent_version("1.4.12!stable");
+  tt_int_op(res, OP_EQ, LE_OTHER);
+
+  res = tor_decode_libevent_version("1.4.12b!stable");
+  tt_int_op(res, OP_EQ, LE_OTHER);
+
+  res = tor_decode_libevent_version("1.4.13-");
+  tt_int_op(res, OP_EQ, V(1,4,13));
+
+  res = tor_decode_libevent_version("1.4.14_");
+  tt_int_op(res, OP_EQ, V(1,4,14));
+
+  res = tor_decode_libevent_version("1.4.15c-");
+  tt_int_op(res, OP_EQ, V(1,4,15));
+
+  res = tor_decode_libevent_version("1.4.16c_");
+  tt_int_op(res, OP_EQ, V(1,4,16));
+
+  res = tor_decode_libevent_version("1.4.17-s");
+  tt_int_op(res, OP_EQ, V(1,4,17));
+
+  res = tor_decode_libevent_version("1.5");
+  tt_int_op(res, OP_EQ, V(1,5,0));
+
+  res = tor_decode_libevent_version("1.2");
+  tt_int_op(res, OP_EQ, V(1,2,0));
+
+  res = tor_decode_libevent_version("1.2-");
+  tt_int_op(res, OP_EQ, LE_OTHER);
+
+  res = tor_decode_libevent_version("1.6e");
+  tt_int_op(res, OP_EQ, V_OLD(1,6,'e'));
+
+ done:
+  (void)0;
+}
+
+#if defined(LIBEVENT_VERSION)
+#define HEADER_VERSION LIBEVENT_VERSION
+#elif defined(_EVENT_VERSION)
+#define HEADER_VERSION _EVENT_VERSION
+#endif
+
+static void
+test_compat_libevent_header_version(void *ignored)
+{
+  (void)ignored;
+  const char *res;
+
+  res = tor_libevent_get_header_version_str();
+  tt_str_op(res, OP_EQ, HEADER_VERSION);
+
+ done:
+  (void)0;
+}
+
+struct testcase_t compat_libevent_tests[] = {
+  { "logging_callback", test_compat_libevent_logging_callback,
+    TT_FORK, NULL, NULL },
+  { "le_versions_compatibility",
+    test_compat_libevent_le_versions_compatibility, 0, NULL, NULL },
+  { "tor_decode_libevent_version",
+    test_compat_libevent_tor_decode_libevent_version, 0, NULL, NULL },
+  { "header_version", test_compat_libevent_header_version, 0, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_config.c b/src/test/test_config.c
index 94ac4dca13..b48d5e8d29 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -1,19 +1,49 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
 
 #define CONFIG_PRIVATE
+#define PT_PRIVATE
+#define ROUTERSET_PRIVATE
 #include "or.h"
+#include "address.h"
 #include "addressmap.h"
+#include "circuitmux_ewma.h"
+#include "circuitbuild.h"
 #include "config.h"
 #include "confparse.h"
+#include "connection.h"
 #include "connection_edge.h"
 #include "test.h"
 #include "util.h"
 #include "address.h"
+#include "connection_or.h"
+#include "control.h"
+#include "cpuworker.h"
+#include "dirserv.h"
+#include "dirvote.h"
+#include "dns.h"
+#include "entrynodes.h"
+#include "transports.h"
+#include "ext_orport.h"
+#include "geoip.h"
+#include "hibernate.h"
+#include "main.h"
+#include "networkstatus.h"
+#include "nodelist.h"
+#include "policies.h"
+#include "rendclient.h"
+#include "rendservice.h"
+#include "router.h"
+#include "routerlist.h"
+#include "routerset.h"
+#include "statefile.h"
+#include "test.h"
+#include "transports.h"
+#include "util.h"
 
 static void
 test_config_addressmap(void *arg)
@@ -48,62 +78,61 @@ test_config_addressmap(void *arg)
 
 /* Use old interface for now, so we don't need to rewrite the unit tests */
 #define addressmap_rewrite(a,s,eo,ao)                                   \
-  addressmap_rewrite((a),(s),AMR_FLAG_USE_IPV4_DNS|AMR_FLAG_USE_IPV6_DNS, \
-                     (eo),(ao))
+  addressmap_rewrite((a),(s), ~0, (eo),(ao))
 
   /* MapAddress .invalidwildcard.com .torserver.exit  - no match */
   strlcpy(address, "www.invalidwildcard.com", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   /* MapAddress *invalidasterisk.com .torserver.exit  - no match */
   strlcpy(address, "www.invalidasterisk.com", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   /* Where no mapping for FQDN match on top-level domain */
   /* MapAddress .google.com .torserver.exit */
   strlcpy(address, "reader.google.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "reader.torserver.exit");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "reader.torserver.exit");
 
   /* MapAddress *.yahoo.com *.google.com.torserver.exit */
   strlcpy(address, "reader.yahoo.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "reader.google.com.torserver.exit");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "reader.google.com.torserver.exit");
 
   /*MapAddress *.cnn.com www.cnn.com */
   strlcpy(address, "cnn.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "www.cnn.com");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "www.cnn.com");
 
   /* MapAddress .cn.com www.cnn.com */
   strlcpy(address, "www.cn.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "www.cnn.com");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "www.cnn.com");
 
   /* MapAddress ex.com www.cnn.com  - no match */
   strlcpy(address, "www.ex.com", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   /* MapAddress ey.com *.cnn.com - invalid expression */
   strlcpy(address, "ey.com", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   /* Where mapping for FQDN match on FQDN */
   strlcpy(address, "www.google.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "3.3.3.3");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "3.3.3.3");
 
   strlcpy(address, "www.torproject.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "1.1.1.1");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "1.1.1.1");
 
   strlcpy(address, "other.torproject.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "this.torproject.org.otherserver.exit");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "this.torproject.org.otherserver.exit");
 
   strlcpy(address, "test.torproject.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "2.2.2.2");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "2.2.2.2");
 
   /* Test a chain of address mappings and the order in which they were added:
           "MapAddress www.example.org 4.4.4.4"
@@ -111,17 +140,17 @@ test_config_addressmap(void *arg)
           "MapAddress 4.4.4.4 5.5.5.5"
   */
   strlcpy(address, "www.example.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "5.5.5.5");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "5.5.5.5");
 
   /* Test infinite address mapping results in no change */
   strlcpy(address, "www.infiniteloop.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "www.infiniteloop.org");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "www.infiniteloop.org");
 
   /* Test we don't find false positives */
   strlcpy(address, "www.example.com", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   /* Test top-level-domain matching a bit harder */
   config_free_lines(get_options_mutable()->AddressMap);
@@ -134,24 +163,24 @@ test_config_addressmap(void *arg)
   config_register_addressmaps(get_options());
 
   strlcpy(address, "www.abc.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "www.abc.torserver.exit");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "www.abc.torserver.exit");
 
   strlcpy(address, "www.def.com", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "www.def.torserver.exit");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "www.def.torserver.exit");
 
   strlcpy(address, "www.torproject.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "1.1.1.1");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "1.1.1.1");
 
   strlcpy(address, "test.torproject.org", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "1.1.1.1");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "1.1.1.1");
 
   strlcpy(address, "torproject.net", sizeof(address));
-  test_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
-  test_streq(address, "2.2.2.2");
+  tt_assert(addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_str_op(address,OP_EQ, "2.2.2.2");
 
   /* We don't support '*' as a mapping directive */
   config_free_lines(get_options_mutable()->AddressMap);
@@ -161,19 +190,20 @@ test_config_addressmap(void *arg)
   config_register_addressmaps(get_options());
 
   strlcpy(address, "www.abc.com", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   strlcpy(address, "www.def.net", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
   strlcpy(address, "www.torproject.org", sizeof(address));
-  test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+  tt_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
 
 #undef addressmap_rewrite
 
  done:
   config_free_lines(get_options_mutable()->AddressMap);
   get_options_mutable()->AddressMap = NULL;
+  addressmap_free_all();
 }
 
 static int
@@ -184,7 +214,7 @@ is_private_dir(const char* path)
   if (r) {
     return 0;
   }
-#if !defined (_WIN32) || defined (WINCE)
+#if !defined (_WIN32)
   if ((st.st_mode & (S_IFDIR | 0777)) != (S_IFDIR | 0700)) {
     return 0;
   }
@@ -201,7 +231,7 @@ test_config_check_or_create_data_subdir(void *arg)
   char *subpath;
   struct stat st;
   int r;
-#if !defined (_WIN32) || defined (WINCE)
+#if !defined (_WIN32)
   unsigned group_permission;
 #endif
   (void)arg;
@@ -210,30 +240,30 @@ test_config_check_or_create_data_subdir(void *arg)
   datadir = options->DataDirectory = tor_strdup(get_fname("datadir-0"));
   subpath = get_datadir_fname(subdir);
 
-#if defined (_WIN32) && !defined (WINCE)
-  tt_int_op(mkdir(options->DataDirectory), ==, 0);
+#if defined (_WIN32)
+  tt_int_op(mkdir(options->DataDirectory), OP_EQ, 0);
 #else
-  tt_int_op(mkdir(options->DataDirectory, 0700), ==, 0);
+  tt_int_op(mkdir(options->DataDirectory, 0700), OP_EQ, 0);
 #endif
 
   r = stat(subpath, &st);
 
   // The subdirectory shouldn't exist yet,
   // but should be created by the call to check_or_create_data_subdir.
-  test_assert(r && (errno == ENOENT));
-  test_assert(!check_or_create_data_subdir(subdir));
-  test_assert(is_private_dir(subpath));
+  tt_assert(r && (errno == ENOENT));
+  tt_assert(!check_or_create_data_subdir(subdir));
+  tt_assert(is_private_dir(subpath));
 
   // The check should return 0, if the directory already exists
   // and is private to the user.
-  test_assert(!check_or_create_data_subdir(subdir));
+  tt_assert(!check_or_create_data_subdir(subdir));
 
   r = stat(subpath, &st);
   if (r) {
     tt_abort_perror("stat");
   }
 
-#if !defined (_WIN32) || defined (WINCE)
+#if !defined (_WIN32)
   group_permission = st.st_mode | 0070;
   r = chmod(subpath, group_permission);
 
@@ -243,9 +273,9 @@ test_config_check_or_create_data_subdir(void *arg)
 
   // If the directory exists, but its mode is too permissive
   // a call to check_or_create_data_subdir should reset the mode.
-  test_assert(!is_private_dir(subpath));
-  test_assert(!check_or_create_data_subdir(subdir));
-  test_assert(is_private_dir(subpath));
+  tt_assert(!is_private_dir(subpath));
+  tt_assert(!check_or_create_data_subdir(subdir));
+  tt_assert(is_private_dir(subpath));
 #endif
 
  done:
@@ -284,27 +314,27 @@ test_config_write_to_data_subdir(void *arg)
   datadir = options->DataDirectory = tor_strdup(get_fname("datadir-1"));
   filepath = get_datadir_fname2(subdir, fname);
 
-#if defined (_WIN32) && !defined (WINCE)
-  tt_int_op(mkdir(options->DataDirectory), ==, 0);
+#if defined (_WIN32)
+  tt_int_op(mkdir(options->DataDirectory), OP_EQ, 0);
 #else
-  tt_int_op(mkdir(options->DataDirectory, 0700), ==, 0);
+  tt_int_op(mkdir(options->DataDirectory, 0700), OP_EQ, 0);
 #endif
 
   // Write attempt shoudl fail, if subdirectory doesn't exist.
-  test_assert(write_to_data_subdir(subdir, fname, str, NULL));
-  test_assert(! check_or_create_data_subdir(subdir));
+  tt_assert(write_to_data_subdir(subdir, fname, str, NULL));
+  tt_assert(! check_or_create_data_subdir(subdir));
 
   // Content of file after write attempt should be
   // equal to the original string.
-  test_assert(!write_to_data_subdir(subdir, fname, str, NULL));
+  tt_assert(!write_to_data_subdir(subdir, fname, str, NULL));
   cp = read_file_to_str(filepath, 0, NULL);
-  test_streq(cp, str);
+  tt_str_op(cp,OP_EQ, str);
   tor_free(cp);
 
   // A second write operation should overwrite the old content.
-  test_assert(!write_to_data_subdir(subdir, fname, str, NULL));
+  tt_assert(!write_to_data_subdir(subdir, fname, str, NULL));
   cp = read_file_to_str(filepath, 0, NULL);
-  test_streq(cp, str);
+  tt_str_op(cp,OP_EQ, str);
   tor_free(cp);
 
  done:
@@ -325,48 +355,48 @@ good_bridge_line_test(const char *string, const char *test_addrport,
 {
   char *tmp = NULL;
   bridge_line_t *bridge_line = parse_bridge_line(string);
-  test_assert(bridge_line);
+  tt_assert(bridge_line);
 
   /* test addrport */
   tmp = tor_strdup(fmt_addrport(&bridge_line->addr, bridge_line->port));
-  test_streq(test_addrport, tmp);
+  tt_str_op(test_addrport,OP_EQ, tmp);
   tor_free(tmp);
 
   /* If we were asked to validate a digest, but we did not get a
      digest after parsing, we failed. */
   if (test_digest && tor_digest_is_zero(bridge_line->digest))
-    test_assert(0);
+    tt_assert(0);
 
   /* If we were not asked to validate a digest, and we got a digest
      after parsing, we failed again. */
   if (!test_digest && !tor_digest_is_zero(bridge_line->digest))
-    test_assert(0);
+    tt_assert(0);
 
   /* If we were asked to validate a digest, and we got a digest after
      parsing, make sure it's correct. */
   if (test_digest) {
     tmp = tor_strdup(hex_str(bridge_line->digest, DIGEST_LEN));
     tor_strlower(tmp);
-    test_streq(test_digest, tmp);
+    tt_str_op(test_digest,OP_EQ, tmp);
     tor_free(tmp);
   }
 
   /* If we were asked to validate a transport name, make sure tha it
      matches with the transport name that was parsed. */
   if (test_transport && !bridge_line->transport_name)
-    test_assert(0);
+    tt_assert(0);
   if (!test_transport && bridge_line->transport_name)
-    test_assert(0);
+    tt_assert(0);
   if (test_transport)
-    test_streq(test_transport, bridge_line->transport_name);
+    tt_str_op(test_transport,OP_EQ, bridge_line->transport_name);
 
   /* Validate the SOCKS argument smartlist. */
   if (test_socks_args && !bridge_line->socks_args)
-    test_assert(0);
+    tt_assert(0);
   if (!test_socks_args && bridge_line->socks_args)
-    test_assert(0);
+    tt_assert(0);
   if (test_socks_args)
-    test_assert(smartlist_strings_eq(test_socks_args,
+    tt_assert(smartlist_strings_eq(test_socks_args,
                                      bridge_line->socks_args));
 
  done:
@@ -382,7 +412,7 @@ bad_bridge_line_test(const char *string)
   bridge_line_t *bridge_line = parse_bridge_line(string);
   if (bridge_line)
     TT_FAIL(("%s was supposed to fail, but it didn't.", string));
-  test_assert(!bridge_line);
+  tt_assert(!bridge_line);
 
  done:
   bridge_line_free(bridge_line);
@@ -490,18 +520,18 @@ test_config_parse_transport_options_line(void *arg)
 
   { /* too small line */
     options_sl = get_options_from_transport_options_line("valley", NULL);
-    test_assert(!options_sl);
+    tt_assert(!options_sl);
   }
 
   { /* no k=v values */
     options_sl = get_options_from_transport_options_line("hit it!", NULL);
-    test_assert(!options_sl);
+    tt_assert(!options_sl);
   }
 
   { /* correct line, but wrong transport specified */
     options_sl =
       get_options_from_transport_options_line("trebuchet k=v", "rook");
-    test_assert(!options_sl);
+    tt_assert(!options_sl);
   }
 
   { /* correct -- no transport specified */
@@ -512,8 +542,8 @@ test_config_parse_transport_options_line(void *arg)
     options_sl =
       get_options_from_transport_options_line("rook ladi=dadi weliketo=party",
                                               NULL);
-    test_assert(options_sl);
-    test_assert(smartlist_strings_eq(options_sl, sl_tmp));
+    tt_assert(options_sl);
+    tt_assert(smartlist_strings_eq(options_sl, sl_tmp));
 
     SMARTLIST_FOREACH(sl_tmp, char *, s, tor_free(s));
     smartlist_free(sl_tmp);
@@ -531,8 +561,8 @@ test_config_parse_transport_options_line(void *arg)
     options_sl =
       get_options_from_transport_options_line("rook ladi=dadi weliketo=party",
                                               "rook");
-    test_assert(options_sl);
-    test_assert(smartlist_strings_eq(options_sl, sl_tmp));
+    tt_assert(options_sl);
+    tt_assert(smartlist_strings_eq(options_sl, sl_tmp));
     SMARTLIST_FOREACH(sl_tmp, char *, s, tor_free(s));
     smartlist_free(sl_tmp);
     sl_tmp = NULL;
@@ -552,6 +582,269 @@ test_config_parse_transport_options_line(void *arg)
   }
 }
 
+/* Mocks needed for the transport plugin line test */
+
+static void pt_kickstart_proxy_mock(const smartlist_t *transport_list,
+                                    char **proxy_argv, int is_server);
+static int transport_add_from_config_mock(const tor_addr_t *addr,
+                                          uint16_t port, const char *name,
+                                          int socks_ver);
+static int transport_is_needed_mock(const char *transport_name);
+
+static int pt_kickstart_proxy_mock_call_count = 0;
+static int transport_add_from_config_mock_call_count = 0;
+static int transport_is_needed_mock_call_count = 0;
+static int transport_is_needed_mock_return = 0;
+
+static void
+pt_kickstart_proxy_mock(const smartlist_t *transport_list,
+                        char **proxy_argv, int is_server)
+{
+  (void) transport_list;
+  (void) proxy_argv;
+  (void) is_server;
+  /* XXXX check that args are as expected. */
+
+  ++pt_kickstart_proxy_mock_call_count;
+
+  free_execve_args(proxy_argv);
+}
+
+static int
+transport_add_from_config_mock(const tor_addr_t *addr,
+                               uint16_t port, const char *name,
+                               int socks_ver)
+{
+  (void) addr;
+  (void) port;
+  (void) name;
+  (void) socks_ver;
+  /* XXXX check that args are as expected. */
+
+  ++transport_add_from_config_mock_call_count;
+
+  return 0;
+}
+
+static int
+transport_is_needed_mock(const char *transport_name)
+{
+  (void) transport_name;
+  /* XXXX check that arg is as expected. */
+
+  ++transport_is_needed_mock_call_count;
+
+  return transport_is_needed_mock_return;
+}
+
+/**
+ * Test parsing for the ClientTransportPlugin and ServerTransportPlugin config
+ * options.
+ */
+
+static void
+test_config_parse_transport_plugin_line(void *arg)
+{
+  (void)arg;
+
+  or_options_t *options = get_options_mutable();
+  int r, tmp;
+  int old_pt_kickstart_proxy_mock_call_count;
+  int old_transport_add_from_config_mock_call_count;
+  int old_transport_is_needed_mock_call_count;
+
+  /* Bad transport lines - too short */
+  r = parse_transport_line(options, "bad", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options, "bad", 1, 1);
+  tt_assert(r < 0);
+  r = parse_transport_line(options, "bad bad", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options, "bad bad", 1, 1);
+  tt_assert(r < 0);
+
+  /* Test transport list parsing */
+  r = parse_transport_line(options,
+      "transport_1 exec /usr/bin/fake-transport", 1, 0);
+  tt_assert(r == 0);
+  r = parse_transport_line(options,
+   "transport_1 exec /usr/bin/fake-transport", 1, 1);
+  tt_assert(r == 0);
+  r = parse_transport_line(options,
+      "transport_1,transport_2 exec /usr/bin/fake-transport", 1, 0);
+  tt_assert(r == 0);
+  r = parse_transport_line(options,
+      "transport_1,transport_2 exec /usr/bin/fake-transport", 1, 1);
+  tt_assert(r == 0);
+  /* Bad transport identifiers */
+  r = parse_transport_line(options,
+      "transport_* exec /usr/bin/fake-transport", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options,
+      "transport_* exec /usr/bin/fake-transport", 1, 1);
+  tt_assert(r < 0);
+
+  /* Check SOCKS cases for client transport */
+  r = parse_transport_line(options,
+      "transport_1 socks4 1.2.3.4:567", 1, 0);
+  tt_assert(r == 0);
+  r = parse_transport_line(options,
+      "transport_1 socks5 1.2.3.4:567", 1, 0);
+  tt_assert(r == 0);
+  /* Proxy case for server transport */
+  r = parse_transport_line(options,
+      "transport_1 proxy 1.2.3.4:567", 1, 1);
+  tt_assert(r == 0);
+  /* Multiple-transport error exit */
+  r = parse_transport_line(options,
+      "transport_1,transport_2 socks5 1.2.3.4:567", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options,
+      "transport_1,transport_2 proxy 1.2.3.4:567", 1, 1);
+  /* No port error exit */
+  r = parse_transport_line(options,
+      "transport_1 socks5 1.2.3.4", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options,
+     "transport_1 proxy 1.2.3.4", 1, 1);
+  tt_assert(r < 0);
+  /* Unparsable address error exit */
+  r = parse_transport_line(options,
+      "transport_1 socks5 1.2.3:6x7", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options,
+      "transport_1 proxy 1.2.3:6x7", 1, 1);
+  tt_assert(r < 0);
+
+  /* "Strange {Client|Server}TransportPlugin field" error exit */
+  r = parse_transport_line(options,
+      "transport_1 foo bar", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options,
+      "transport_1 foo bar", 1, 1);
+  tt_assert(r < 0);
+
+  /* No sandbox mode error exit */
+  tmp = options->Sandbox;
+  options->Sandbox = 1;
+  r = parse_transport_line(options,
+      "transport_1 exec /usr/bin/fake-transport", 1, 0);
+  tt_assert(r < 0);
+  r = parse_transport_line(options,
+      "transport_1 exec /usr/bin/fake-transport", 1, 1);
+  tt_assert(r < 0);
+  options->Sandbox = tmp;
+
+  /*
+   * These final test cases cover code paths that only activate without
+   * validate_only, so they need mocks in place.
+   */
+  MOCK(pt_kickstart_proxy, pt_kickstart_proxy_mock);
+  old_pt_kickstart_proxy_mock_call_count =
+    pt_kickstart_proxy_mock_call_count;
+  r = parse_transport_line(options,
+      "transport_1 exec /usr/bin/fake-transport", 0, 1);
+  tt_assert(r == 0);
+  tt_assert(pt_kickstart_proxy_mock_call_count ==
+      old_pt_kickstart_proxy_mock_call_count + 1);
+  UNMOCK(pt_kickstart_proxy);
+
+  /* This one hits a log line in the !validate_only case only */
+  r = parse_transport_line(options,
+      "transport_1 proxy 1.2.3.4:567", 0, 1);
+  tt_assert(r == 0);
+
+  /* Check mocked client transport cases */
+  MOCK(pt_kickstart_proxy, pt_kickstart_proxy_mock);
+  MOCK(transport_add_from_config, transport_add_from_config_mock);
+  MOCK(transport_is_needed, transport_is_needed_mock);
+
+  /* Unnecessary transport case */
+  transport_is_needed_mock_return = 0;
+  old_pt_kickstart_proxy_mock_call_count =
+    pt_kickstart_proxy_mock_call_count;
+  old_transport_add_from_config_mock_call_count =
+    transport_add_from_config_mock_call_count;
+  old_transport_is_needed_mock_call_count =
+    transport_is_needed_mock_call_count;
+  r = parse_transport_line(options,
+      "transport_1 exec /usr/bin/fake-transport", 0, 0);
+  /* Should have succeeded */
+  tt_assert(r == 0);
+  /* transport_is_needed() should have been called */
+  tt_assert(transport_is_needed_mock_call_count ==
+      old_transport_is_needed_mock_call_count + 1);
+  /*
+   * pt_kickstart_proxy() and transport_add_from_config() should
+   * not have been called.
+   */
+  tt_assert(pt_kickstart_proxy_mock_call_count ==
+      old_pt_kickstart_proxy_mock_call_count);
+  tt_assert(transport_add_from_config_mock_call_count ==
+      old_transport_add_from_config_mock_call_count);
+
+  /* Necessary transport case */
+  transport_is_needed_mock_return = 1;
+  old_pt_kickstart_proxy_mock_call_count =
+    pt_kickstart_proxy_mock_call_count;
+  old_transport_add_from_config_mock_call_count =
+    transport_add_from_config_mock_call_count;
+  old_transport_is_needed_mock_call_count =
+    transport_is_needed_mock_call_count;
+  r = parse_transport_line(options,
+      "transport_1 exec /usr/bin/fake-transport", 0, 0);
+  /* Should have succeeded */
+  tt_assert(r == 0);
+  /*
+   * transport_is_needed() and pt_kickstart_proxy() should have been
+   * called.
+   */
+  tt_assert(pt_kickstart_proxy_mock_call_count ==
+      old_pt_kickstart_proxy_mock_call_count + 1);
+  tt_assert(transport_is_needed_mock_call_count ==
+      old_transport_is_needed_mock_call_count + 1);
+  /* transport_add_from_config() should not have been called. */
+  tt_assert(transport_add_from_config_mock_call_count ==
+      old_transport_add_from_config_mock_call_count);
+
+  /* proxy case */
+  transport_is_needed_mock_return = 1;
+  old_pt_kickstart_proxy_mock_call_count =
+    pt_kickstart_proxy_mock_call_count;
+  old_transport_add_from_config_mock_call_count =
+    transport_add_from_config_mock_call_count;
+  old_transport_is_needed_mock_call_count =
+    transport_is_needed_mock_call_count;
+  r = parse_transport_line(options,
+      "transport_1 socks5 1.2.3.4:567", 0, 0);
+  /* Should have succeeded */
+  tt_assert(r == 0);
+  /*
+   * transport_is_needed() and transport_add_from_config() should have
+   * been called.
+   */
+  tt_assert(transport_add_from_config_mock_call_count ==
+      old_transport_add_from_config_mock_call_count + 1);
+  tt_assert(transport_is_needed_mock_call_count ==
+      old_transport_is_needed_mock_call_count + 1);
+  /* pt_kickstart_proxy() should not have been called. */
+  tt_assert(pt_kickstart_proxy_mock_call_count ==
+      old_pt_kickstart_proxy_mock_call_count);
+
+  /* Done with mocked client transport cases */
+  UNMOCK(transport_is_needed);
+  UNMOCK(transport_add_from_config);
+  UNMOCK(pt_kickstart_proxy);
+
+ done:
+  /* Make sure we undo all mocks */
+  UNMOCK(pt_kickstart_proxy);
+  UNMOCK(transport_add_from_config);
+  UNMOCK(transport_is_needed);
+
+  return;
+}
+
 // Tests if an options with MyFamily fingerprints missing '$' normalises
 // them correctly and also ensure it also works with multiple fingerprints
 static void
@@ -576,7 +869,8 @@ test_config_fix_my_family(void *arg)
     TT_FAIL(("options_validate failed: %s", err));
   }
 
-  test_streq(options->MyFamily, "$1111111111111111111111111111111111111111, "
+  tt_str_op(options->MyFamily,OP_EQ,
+                                "$1111111111111111111111111111111111111111, "
                                 "$1111111111111111111111111111111111111112, "
                                 "$1111111111111111111111111111111111111113");
 
@@ -589,16 +883,3760 @@ test_config_fix_my_family(void *arg)
     or_options_free(defaults);
 }
 
+static int n_hostname_01010101 = 0;
+
+/** This mock function is meant to replace tor_lookup_hostname().
+ * It answers with 1.1.1.1 as IP adddress that resulted from lookup.
+ * This function increments <b>n_hostname_01010101</b> counter by one
+ * every time it is called.
+ */
+static int
+tor_lookup_hostname_01010101(const char *name, uint32_t *addr)
+{
+  n_hostname_01010101++;
+
+  if (name && addr) {
+    *addr = ntohl(0x01010101);
+  }
+
+  return 0;
+}
+
+static int n_hostname_localhost = 0;
+
+/** This mock function is meant to replace tor_lookup_hostname().
+ * It answers with 127.0.0.1 as IP adddress that resulted from lookup.
+ * This function increments <b>n_hostname_localhost</b> counter by one
+ * every time it is called.
+ */
+static int
+tor_lookup_hostname_localhost(const char *name, uint32_t *addr)
+{
+  n_hostname_localhost++;
+
+  if (name && addr) {
+    *addr = 0x7f000001;
+  }
+
+  return 0;
+}
+
+static int n_hostname_failure = 0;
+
+/** This mock function is meant to replace tor_lookup_hostname().
+ * It pretends to fail by returning -1 to caller. Also, this function
+ * increments <b>n_hostname_failure</b> every time it is called.
+ */
+static int
+tor_lookup_hostname_failure(const char *name, uint32_t *addr)
+{
+  (void)name;
+  (void)addr;
+
+  n_hostname_failure++;
+
+  return -1;
+}
+
+static int n_gethostname_replacement = 0;
+
+/** This mock function is meant to replace tor_gethostname(). It
+ * responds with string "onionrouter!" as hostname. This function
+ * increments <b>n_gethostname_replacement</b> by one every time
+ * it is called.
+ */
+static int
+tor_gethostname_replacement(char *name, size_t namelen)
+{
+  n_gethostname_replacement++;
+
+  if (name && namelen) {
+    strlcpy(name,"onionrouter!",namelen);
+  }
+
+  return 0;
+}
+
+static int n_gethostname_localhost = 0;
+
+/** This mock function is meant to replace tor_gethostname(). It
+ * responds with string "127.0.0.1" as hostname. This function
+ * increments <b>n_gethostname_localhost</b> by one every time
+ * it is called.
+ */
+static int
+tor_gethostname_localhost(char *name, size_t namelen)
+{
+  n_gethostname_localhost++;
+
+  if (name && namelen) {
+    strlcpy(name,"127.0.0.1",namelen);
+  }
+
+  return 0;
+}
+
+static int n_gethostname_failure = 0;
+
+/** This mock function is meant to replace tor_gethostname.
+ * It pretends to fail by returning -1. This function increments
+ * <b>n_gethostname_failure</b> by one every time it is called.
+ */
+static int
+tor_gethostname_failure(char *name, size_t namelen)
+{
+  (void)name;
+  (void)namelen;
+  n_gethostname_failure++;
+
+  return -1;
+}
+
+static int n_get_interface_address = 0;
+
+/** This mock function is meant to replace get_interface_address().
+ * It answers with address 8.8.8.8. This function increments
+ * <b>n_get_interface_address</b> by one every time it is called.
+ */
+static int
+get_interface_address_08080808(int severity, uint32_t *addr)
+{
+  (void)severity;
+
+  n_get_interface_address++;
+
+  if (addr) {
+    *addr = ntohl(0x08080808);
+  }
+
+  return 0;
+}
+
+static int n_get_interface_address6 = 0;
+static sa_family_t last_address6_family;
+
+/** This mock function is meant to replace get_interface_address6().
+ * It answers with IP address 9.9.9.9 iff both of the following are true:
+ *  - <b>family</b> is AF_INET
+ *  - <b>addr</b> pointer is not NULL.
+ * This function increments <b>n_get_interface_address6</b> by one every
+ * time it is called.
+ */
+static int
+get_interface_address6_replacement(int severity, sa_family_t family,
+                                   tor_addr_t *addr)
+{
+  (void)severity;
+
+  last_address6_family = family;
+  n_get_interface_address6++;
+
+  if ((family != AF_INET) || !addr) {
+    return -1;
+  }
+
+  tor_addr_from_ipv4h(addr,0x09090909);
+
+  return 0;
+}
+
+static int n_get_interface_address_failure = 0;
+
+/**
+ * This mock function is meant to replace get_interface_address().
+ * It pretends to fail getting interface address by returning -1.
+ * <b>n_get_interface_address_failure</b> is incremented by one
+ * every time this function is called.
+ */
+static int
+get_interface_address_failure(int severity, uint32_t *addr)
+{
+  (void)severity;
+  (void)addr;
+
+  n_get_interface_address_failure++;
+
+  return -1;
+}
+
+static int n_get_interface_address6_failure = 0;
+
+/**
+ * This mock function is meant to replace get_interface_addres6().
+ * It will pretend to fail by return -1.
+ * <b>n_get_interface_address6_failure</b> is incremented by one
+ * every time this function is called and <b>last_address6_family</b>
+ * is assigned the value of <b>family</b> argument.
+ */
+static int
+get_interface_address6_failure(int severity, sa_family_t family,
+                               tor_addr_t *addr)
+{
+  (void)severity;
+  (void)addr;
+   n_get_interface_address6_failure++;
+   last_address6_family = family;
+
+   return -1;
+}
+
+static void
+test_config_resolve_my_address(void *arg)
+{
+  or_options_t *options;
+  uint32_t resolved_addr;
+  const char *method_used;
+  char *hostname_out = NULL;
+  int retval;
+  int prev_n_hostname_01010101;
+  int prev_n_hostname_localhost;
+  int prev_n_hostname_failure;
+  int prev_n_gethostname_replacement;
+  int prev_n_gethostname_failure;
+  int prev_n_gethostname_localhost;
+  int prev_n_get_interface_address;
+  int prev_n_get_interface_address_failure;
+  int prev_n_get_interface_address6;
+  int prev_n_get_interface_address6_failure;
+
+  (void)arg;
+
+  options = options_new();
+
+  options_init(options);
+
+ /*
+  * CASE 1:
+  * If options->Address is a valid IPv4 address string, we want
+  * the corresponding address to be parsed and returned.
+  */
+
+  options->Address = tor_strdup("128.52.128.105");
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(retval == 0);
+  tt_want_str_op(method_used,==,"CONFIGURED");
+  tt_want(hostname_out == NULL);
+  tt_assert(resolved_addr == 0x80348069);
+
+  tor_free(options->Address);
+
+/*
+ * CASE 2:
+ * If options->Address is a valid DNS address, we want resolve_my_address()
+ * function to ask tor_lookup_hostname() for help with resolving it
+ * and return the address that was resolved (in host order).
+ */
+
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_01010101);
+
+  tor_free(options->Address);
+  options->Address = tor_strdup("www.torproject.org");
+
+  prev_n_hostname_01010101 = n_hostname_01010101;
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(retval == 0);
+  tt_want(n_hostname_01010101 == prev_n_hostname_01010101 + 1);
+  tt_want_str_op(method_used,==,"RESOLVED");
+  tt_want_str_op(hostname_out,==,"www.torproject.org");
+  tt_assert(resolved_addr == 0x01010101);
+
+  UNMOCK(tor_lookup_hostname);
+
+  tor_free(options->Address);
+  tor_free(hostname_out);
+
+/*
+ * CASE 3:
+ * Given that options->Address is NULL, we want resolve_my_address()
+ * to try and use tor_gethostname() to get hostname AND use
+ * tor_lookup_hostname() to get IP address.
+ */
+
+  resolved_addr = 0;
+  tor_free(options->Address);
+  options->Address = NULL;
+
+  MOCK(tor_gethostname,tor_gethostname_replacement);
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_01010101);
+
+  prev_n_gethostname_replacement = n_gethostname_replacement;
+  prev_n_hostname_01010101 = n_hostname_01010101;
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(retval == 0);
+  tt_want(n_gethostname_replacement == prev_n_gethostname_replacement + 1);
+  tt_want(n_hostname_01010101 == prev_n_hostname_01010101 + 1);
+  tt_want_str_op(method_used,==,"GETHOSTNAME");
+  tt_want_str_op(hostname_out,==,"onionrouter!");
+  tt_assert(resolved_addr == 0x01010101);
+
+  UNMOCK(tor_gethostname);
+  UNMOCK(tor_lookup_hostname);
+
+  tor_free(hostname_out);
+
+/*
+ * CASE 4:
+ * Given that options->Address is a local host address, we want
+ * resolve_my_address() function to fail.
+ */
+
+  resolved_addr = 0;
+  tor_free(options->Address);
+  options->Address = tor_strdup("127.0.0.1");
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(resolved_addr == 0);
+  tt_assert(retval == -1);
+
+  tor_free(options->Address);
+  tor_free(hostname_out);
+
+/*
+ * CASE 5:
+ * We want resolve_my_address() to fail if DNS address in options->Address
+ * cannot be resolved.
+ */
+
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_failure);
+
+  prev_n_hostname_failure = n_hostname_failure;
+
+  tor_free(options->Address);
+  options->Address = tor_strdup("www.tor-project.org");
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_hostname_failure == prev_n_hostname_failure + 1);
+  tt_assert(retval == -1);
+
+  UNMOCK(tor_lookup_hostname);
+
+  tor_free(options->Address);
+  tor_free(hostname_out);
+
+/*
+ * CASE 6:
+ * If options->Address is NULL AND gettting local hostname fails, we want
+ * resolve_my_address() to fail as well.
+ */
+
+  MOCK(tor_gethostname,tor_gethostname_failure);
+
+  prev_n_gethostname_failure = n_gethostname_failure;
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_gethostname_failure == prev_n_gethostname_failure + 1);
+  tt_assert(retval == -1);
+
+  UNMOCK(tor_gethostname);
+  tor_free(hostname_out);
+
+/*
+ * CASE 7:
+ * We want resolve_my_address() to try and get network interface address via
+ * get_interface_address() if hostname returned by tor_gethostname() cannot be
+ * resolved into IP address.
+ */
+
+  MOCK(tor_gethostname,tor_gethostname_replacement);
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_failure);
+  MOCK(get_interface_address,get_interface_address_08080808);
+
+  prev_n_gethostname_replacement = n_gethostname_replacement;
+  prev_n_get_interface_address = n_get_interface_address;
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(retval == 0);
+  tt_want_int_op(n_gethostname_replacement, ==,
+                 prev_n_gethostname_replacement + 1);
+  tt_want_int_op(n_get_interface_address, ==,
+                 prev_n_get_interface_address + 1);
+  tt_want_str_op(method_used,==,"INTERFACE");
+  tt_want(hostname_out == NULL);
+  tt_assert(resolved_addr == 0x08080808);
+
+  UNMOCK(get_interface_address);
+  tor_free(hostname_out);
+
+/*
+ * CASE 8:
+ * Suppose options->Address is NULL AND hostname returned by tor_gethostname()
+ * is unresolvable. We want resolve_my_address to fail if
+ * get_interface_address() fails.
+ */
+
+  MOCK(get_interface_address,get_interface_address_failure);
+
+  prev_n_get_interface_address_failure = n_get_interface_address_failure;
+  prev_n_gethostname_replacement = n_gethostname_replacement;
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_get_interface_address_failure ==
+          prev_n_get_interface_address_failure + 1);
+  tt_want(n_gethostname_replacement ==
+          prev_n_gethostname_replacement + 1);
+  tt_assert(retval == -1);
+
+  UNMOCK(get_interface_address);
+  tor_free(hostname_out);
+
+/*
+ * CASE 9:
+ * Given that options->Address is NULL AND tor_lookup_hostname()
+ * fails AND hostname returned by gethostname() resolves
+ * to local IP address, we want resolve_my_address() function to
+ * call get_interface_address6(.,AF_INET,.) and return IP address
+ * the latter function has found.
+ */
+
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_failure);
+  MOCK(tor_gethostname,tor_gethostname_replacement);
+  MOCK(get_interface_address6,get_interface_address6_replacement);
+
+  prev_n_gethostname_replacement = n_gethostname_replacement;
+  prev_n_hostname_failure = n_hostname_failure;
+  prev_n_get_interface_address6 = n_get_interface_address6;
+
+  retval = resolve_my_address(LOG_NOTICE,options,&resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(last_address6_family == AF_INET);
+  tt_want(n_get_interface_address6 == prev_n_get_interface_address6 + 1);
+  tt_want(n_hostname_failure == prev_n_hostname_failure + 1);
+  tt_want(n_gethostname_replacement == prev_n_gethostname_replacement + 1);
+  tt_want(retval == 0);
+  tt_want_str_op(method_used,==,"INTERFACE");
+  tt_assert(resolved_addr == 0x09090909);
+
+  UNMOCK(tor_lookup_hostname);
+  UNMOCK(tor_gethostname);
+  UNMOCK(get_interface_address6);
+
+  tor_free(hostname_out);
+
+  /*
+   * CASE 10: We want resolve_my_address() to fail if all of the following
+   * are true:
+   *   1. options->Address is not NULL
+   *   2. ... but it cannot be converted to struct in_addr by
+   *      tor_inet_aton()
+   *   3. ... and tor_lookup_hostname() fails to resolve the
+   *      options->Address
+   */
+
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_failure);
+
+  prev_n_hostname_failure = n_hostname_failure;
+
+  tor_free(options->Address);
+  options->Address = tor_strdup("some_hostname");
+
+  retval = resolve_my_address(LOG_NOTICE, options, &resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_hostname_failure == prev_n_hostname_failure + 1);
+  tt_assert(retval == -1);
+
+  UNMOCK(tor_gethostname);
+  UNMOCK(tor_lookup_hostname);
+
+  tor_free(hostname_out);
+
+  /*
+   * CASE 11:
+   * Suppose the following sequence of events:
+   *   1. options->Address is NULL
+   *   2. tor_gethostname() succeeds to get hostname of machine Tor
+   *      if running on.
+   *   3. Hostname from previous step cannot be converted to
+   *      address by using tor_inet_aton() function.
+   *   4. However, tor_lookup_hostname() succeds in resolving the
+   *      hostname from step 2.
+   *   5. Unfortunately, tor_addr_is_internal() deems this address
+   *      to be internal.
+   *   6. get_interface_address6(.,AF_INET,.) returns non-internal
+   *      IPv4
+   *
+   *   We want resolve_my_addr() to succeed with method "INTERFACE"
+   *   and address from step 6.
+   */
+
+  tor_free(options->Address);
+  options->Address = NULL;
+
+  MOCK(tor_gethostname,tor_gethostname_replacement);
+  MOCK(tor_lookup_hostname,tor_lookup_hostname_localhost);
+  MOCK(get_interface_address6,get_interface_address6_replacement);
+
+  prev_n_gethostname_replacement = n_gethostname_replacement;
+  prev_n_hostname_localhost = n_hostname_localhost;
+  prev_n_get_interface_address6 = n_get_interface_address6;
+
+  retval = resolve_my_address(LOG_DEBUG, options, &resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_gethostname_replacement == prev_n_gethostname_replacement + 1);
+  tt_want(n_hostname_localhost == prev_n_hostname_localhost + 1);
+  tt_want(n_get_interface_address6 == prev_n_get_interface_address6 + 1);
+
+  tt_str_op(method_used,==,"INTERFACE");
+  tt_assert(!hostname_out);
+  tt_assert(retval == 0);
+
+  /*
+   * CASE 11b:
+   *   1-5 as above.
+   *   6. get_interface_address6() fails.
+   *
+   *   In this subcase, we want resolve_my_address() to fail.
+   */
+
+  UNMOCK(get_interface_address6);
+  MOCK(get_interface_address6,get_interface_address6_failure);
+
+  prev_n_gethostname_replacement = n_gethostname_replacement;
+  prev_n_hostname_localhost = n_hostname_localhost;
+  prev_n_get_interface_address6_failure = n_get_interface_address6_failure;
+
+  retval = resolve_my_address(LOG_DEBUG, options, &resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_gethostname_replacement == prev_n_gethostname_replacement + 1);
+  tt_want(n_hostname_localhost == prev_n_hostname_localhost + 1);
+  tt_want(n_get_interface_address6_failure ==
+          prev_n_get_interface_address6_failure + 1);
+
+  tt_assert(retval == -1);
+
+  UNMOCK(tor_gethostname);
+  UNMOCK(tor_lookup_hostname);
+  UNMOCK(get_interface_address6);
+
+  /* CASE 12:
+   * Suppose the following happens:
+   *   1. options->Address is NULL AND options->DirAuthorities is non-NULL
+   *   2. tor_gethostname() succeeds in getting hostname of a machine ...
+   *   3. ... which is successfully parsed by tor_inet_aton() ...
+   *   4. into IPv4 address that tor_addr_is_inernal() considers to be
+   *      internal.
+   *
+   *  In this case, we want resolve_my_address() to fail.
+   */
+
+  tor_free(options->Address);
+  options->Address = NULL;
+  options->DirAuthorities = tor_malloc_zero(sizeof(config_line_t));
+
+  MOCK(tor_gethostname,tor_gethostname_localhost);
+
+  prev_n_gethostname_localhost = n_gethostname_localhost;
+
+  retval = resolve_my_address(LOG_DEBUG, options, &resolved_addr,
+                              &method_used,&hostname_out);
+
+  tt_want(n_gethostname_localhost == prev_n_gethostname_localhost + 1);
+  tt_assert(retval == -1);
+
+  UNMOCK(tor_gethostname);
+
+ done:
+  tor_free(options->Address);
+  tor_free(options->DirAuthorities);
+  or_options_free(options);
+  tor_free(hostname_out);
+
+  UNMOCK(tor_gethostname);
+  UNMOCK(tor_lookup_hostname);
+  UNMOCK(get_interface_address);
+  UNMOCK(get_interface_address6);
+  UNMOCK(tor_gethostname);
+}
+
+static void
+test_config_adding_trusted_dir_server(void *arg)
+{
+  (void)arg;
+
+  const char digest[DIGEST_LEN] = "";
+  dir_server_t *ds = NULL;
+  tor_addr_port_t ipv6;
+  int rv = -1;
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  /* create a trusted ds without an IPv6 address and port */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+  tt_assert(get_n_authorities(V3_DIRINFO) == 1);
+  tt_assert(smartlist_len(router_get_fallback_dir_servers()) == 1);
+
+  /* create a trusted ds with an IPv6 address and port */
+  rv = tor_addr_port_parse(LOG_WARN, "[::1]:9061", &ipv6.addr, &ipv6.port, -1);
+  tt_assert(rv == 0);
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, &ipv6, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+  tt_assert(get_n_authorities(V3_DIRINFO) == 2);
+  tt_assert(smartlist_len(router_get_fallback_dir_servers()) == 2);
+
+ done:
+  clear_dir_servers();
+  routerlist_free_all();
+}
+
+static void
+test_config_adding_fallback_dir_server(void *arg)
+{
+  (void)arg;
+
+  const char digest[DIGEST_LEN] = "";
+  dir_server_t *ds = NULL;
+  tor_addr_t ipv4;
+  tor_addr_port_t ipv6;
+  int rv = -1;
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  rv = tor_addr_parse(&ipv4, "127.0.0.1");
+  tt_assert(rv == AF_INET);
+
+  /* create a trusted ds without an IPv6 address and port */
+  ds = fallback_dir_server_new(&ipv4, 9059, 9060, NULL, digest, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+  tt_assert(smartlist_len(router_get_fallback_dir_servers()) == 1);
+
+  /* create a trusted ds with an IPv6 address and port */
+  rv = tor_addr_port_parse(LOG_WARN, "[::1]:9061", &ipv6.addr, &ipv6.port, -1);
+  tt_assert(rv == 0);
+  ds = fallback_dir_server_new(&ipv4, 9059, 9060, &ipv6, digest, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+  tt_assert(smartlist_len(router_get_fallback_dir_servers()) == 2);
+
+ done:
+  clear_dir_servers();
+  routerlist_free_all();
+}
+
+/* No secrets here:
+ * v3ident is `echo "onion" | shasum | cut -d" " -f1 | tr "a-f" "A-F"`
+ * fingerprint is `echo "unionem" | shasum | cut -d" " -f1 | tr "a-f" "A-F"`
+ * with added spaces
+ */
+#define TEST_DIR_AUTH_LINE_START                                        \
+                    "foobar orport=12345 "                              \
+                    "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
+#define TEST_DIR_AUTH_LINE_END                                          \
+                    "1.2.3.4:54321 "                                    \
+                    "FDB2 FBD2 AAA5 25FA 2999 E617 5091 5A32 C777 3B17"
+#define TEST_DIR_AUTH_IPV6_FLAG                                         \
+                    "ipv6=[feed::beef]:9 "
+
+static void
+test_config_parsing_trusted_dir_server(void *arg)
+{
+  (void)arg;
+  int rv = -1;
+
+  /* parse a trusted dir server without an IPv6 address and port */
+  rv = parse_dir_authority_line(TEST_DIR_AUTH_LINE_START
+                                TEST_DIR_AUTH_LINE_END,
+                                V3_DIRINFO, 1);
+  tt_assert(rv == 0);
+
+  /* parse a trusted dir server with an IPv6 address and port */
+  rv = parse_dir_authority_line(TEST_DIR_AUTH_LINE_START
+                                TEST_DIR_AUTH_IPV6_FLAG
+                                TEST_DIR_AUTH_LINE_END,
+                                V3_DIRINFO, 1);
+  tt_assert(rv == 0);
+
+  /* Since we are only validating, there is no cleanup. */
+ done:
+  ;
+}
+
+#undef TEST_DIR_AUTH_LINE_START
+#undef TEST_DIR_AUTH_LINE_END
+#undef TEST_DIR_AUTH_IPV6_FLAG
+
+/* No secrets here:
+ * id is `echo "syn-propanethial-S-oxide" | shasum | cut -d" " -f1`
+ */
+#define TEST_DIR_FALLBACK_LINE                                     \
+                    "1.2.3.4:54321 orport=12345 "                  \
+                    "id=50e643986f31ea1235bcc1af17a1c5c5cfc0ee54 "
+#define TEST_DIR_FALLBACK_IPV6_FLAG                                \
+                    "ipv6=[2015:c0de::deed]:9"
+
+static void
+test_config_parsing_fallback_dir_server(void *arg)
+{
+  (void)arg;
+  int rv = -1;
+
+  /* parse a trusted dir server without an IPv6 address and port */
+  rv = parse_dir_fallback_line(TEST_DIR_FALLBACK_LINE, 1);
+  tt_assert(rv == 0);
+
+  /* parse a trusted dir server with an IPv6 address and port */
+  rv = parse_dir_fallback_line(TEST_DIR_FALLBACK_LINE
+                               TEST_DIR_FALLBACK_IPV6_FLAG,
+                               1);
+  tt_assert(rv == 0);
+
+  /* Since we are only validating, there is no cleanup. */
+ done:
+  ;
+}
+
+#undef TEST_DIR_FALLBACK_LINE
+#undef TEST_DIR_FALLBACK_IPV6_FLAG
+
+static void
+test_config_adding_default_trusted_dir_servers(void *arg)
+{
+  (void)arg;
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  /* Assume we only have one bridge authority */
+  add_default_trusted_dir_authorities(BRIDGE_DIRINFO);
+  tt_assert(get_n_authorities(BRIDGE_DIRINFO) == 1);
+  tt_assert(smartlist_len(router_get_fallback_dir_servers()) == 1);
+
+  /* Assume we have eight V3 authorities */
+  add_default_trusted_dir_authorities(V3_DIRINFO);
+  tt_int_op(get_n_authorities(V3_DIRINFO), OP_EQ, 9);
+  tt_int_op(smartlist_len(router_get_fallback_dir_servers()), OP_EQ, 10);
+
+ done:
+  clear_dir_servers();
+  routerlist_free_all();
+}
+
+static int n_add_default_fallback_dir_servers_known_default = 0;
+
+/**
+ * This mock function is meant to replace add_default_fallback_dir_servers().
+ * It will parse and add one known default fallback dir server,
+ * which has a dir_port of 99.
+ * <b>n_add_default_fallback_dir_servers_known_default</b> is incremented by
+ * one every time this function is called.
+ */
+static void
+add_default_fallback_dir_servers_known_default(void)
+{
+  int i;
+  const char *fallback[] = {
+    "127.0.0.1:60099 orport=9009 "
+    "id=0923456789012345678901234567890123456789",
+    NULL
+  };
+  for (i=0; fallback[i]; i++) {
+    if (parse_dir_fallback_line(fallback[i], 0)<0) {
+      log_err(LD_BUG, "Couldn't parse internal FallbackDir line %s",
+              fallback[i]);
+    }
+  }
+  n_add_default_fallback_dir_servers_known_default++;
+}
+
+/* Test all the different combinations of adding dir servers */
+static void
+test_config_adding_dir_servers(void *arg)
+{
+  (void)arg;
+
+  /* allocate options */
+  or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
+
+  /* Allocate and populate configuration lines:
+   *
+   * Use the same format as the hard-coded directories in
+   * add_default_trusted_dir_authorities().
+   * Zeroing the structure has the same effect as initialising to:
+   * { NULL, NULL, NULL, CONFIG_LINE_NORMAL, 0};
+   */
+  config_line_t *test_dir_authority = tor_malloc_zero(sizeof(config_line_t));
+  test_dir_authority->key = tor_strdup("DirAuthority");
+  test_dir_authority->value = tor_strdup(
+    "D0 orport=9000 "
+    "v3ident=0023456789012345678901234567890123456789 "
+    "127.0.0.1:60090 0123 4567 8901 2345 6789 0123 4567 8901 2345 6789"
+    );
+
+  config_line_t *test_alt_bridge_authority = tor_malloc_zero(
+                                                      sizeof(config_line_t));
+  test_alt_bridge_authority->key = tor_strdup("AlternateBridgeAuthority");
+  test_alt_bridge_authority->value = tor_strdup(
+    "B1 orport=9001 bridge "
+    "127.0.0.1:60091 1123 4567 8901 2345 6789 0123 4567 8901 2345 6789"
+    );
+
+  config_line_t *test_alt_dir_authority = tor_malloc_zero(
+                                                      sizeof(config_line_t));
+  test_alt_dir_authority->key = tor_strdup("AlternateDirAuthority");
+  test_alt_dir_authority->value = tor_strdup(
+    "A2 orport=9002 "
+    "v3ident=0223456789012345678901234567890123456789 "
+    "127.0.0.1:60092 2123 4567 8901 2345 6789 0123 4567 8901 2345 6789"
+    );
+
+  /* Use the format specified in the manual page */
+  config_line_t *test_fallback_directory = tor_malloc_zero(
+                                                      sizeof(config_line_t));
+  test_fallback_directory->key = tor_strdup("FallbackDir");
+  test_fallback_directory->value = tor_strdup(
+    "127.0.0.1:60093 orport=9003 id=0323456789012345678901234567890123456789"
+    );
+
+  /* We need to know if add_default_fallback_dir_servers is called,
+   * whatever the size of the list in fallback_dirs.inc,
+   * so we use a version of add_default_fallback_dir_servers that adds
+   * one known default fallback directory. */
+  MOCK(add_default_fallback_dir_servers,
+       add_default_fallback_dir_servers_known_default);
+
+  /* There are 16 different cases, covering each combination of set/NULL for:
+   * DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority &
+   * FallbackDir. (We always set UseDefaultFallbackDirs to 1.)
+   * But validate_dir_servers() ensures that:
+   *   "You cannot set both DirAuthority and Alternate*Authority."
+   * This reduces the number of cases to 10.
+   *
+   * Let's count these cases using binary, with 1 meaning set & 0 meaning NULL
+   * So 1001 or case 9 is:
+   *   DirAuthorities set,
+   *   AlternateBridgeAuthority NULL,
+   *   AlternateDirAuthority NULL
+   *   FallbackDir set
+   * The valid cases are cases 0-9 counting using this method, as every case
+   * greater than or equal to 10 = 1010 is invalid.
+   *
+   * 1. Outcome: Use Set Directory Authorities
+   *   - No Default Authorities
+   *   - Use AlternateBridgeAuthority, AlternateDirAuthority, and FallbackDir
+   *     if they are set
+   *   Cases expected to yield this outcome:
+   *     8 & 9 (the 2 valid cases where DirAuthorities is set)
+   *     6 & 7 (the 2 cases where DirAuthorities is NULL, and
+   *           AlternateBridgeAuthority and AlternateDirAuthority are both set)
+   *
+   * 2. Outcome: Use Set Bridge Authority
+   *  - Use Default Non-Bridge Directory Authorities
+   *  - Use FallbackDir if it is set, otherwise use default FallbackDir
+   *  Cases expected to yield this outcome:
+   *    4 & 5 (the 2 cases where DirAuthorities is NULL,
+   *           AlternateBridgeAuthority is set, and
+   *           AlternateDirAuthority is NULL)
+   *
+   * 3. Outcome: Use Set Alternate Directory Authority
+   *  - Use Default Bridge Authorities
+   *  - Use FallbackDir if it is set, otherwise No Default Fallback Directories
+   *  Cases expected to yield this outcome:
+   *    2 & 3 (the 2 cases where DirAuthorities and AlternateBridgeAuthority
+   *           are both NULL, but AlternateDirAuthority is set)
+   *
+   * 4. Outcome: Use Set Custom Fallback Directory
+   *  - Use Default Bridge & Directory Authorities
+   *  Cases expected to yield this outcome:
+   *    1 (DirAuthorities, AlternateBridgeAuthority and AlternateDirAuthority
+   *       are all NULL, but FallbackDir is set)
+   *
+   * 5. Outcome: Use All Defaults
+   *  - Use Default Bridge & Directory Authorities, and
+   *    Default Fallback Directories
+   *  Cases expected to yield this outcome:
+   *    0 (DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority
+   *       and FallbackDir are all NULL)
+   */
+
+  /*
+   * Find out how many default Bridge, Non-Bridge and Fallback Directories
+   * are hard-coded into this build.
+   * This code makes some assumptions about the implementation.
+   * If they are wrong, one or more of cases 0-5 could fail.
+   */
+  int n_default_alt_bridge_authority = 0;
+  int n_default_alt_dir_authority = 0;
+  int n_default_fallback_dir = 0;
+#define n_default_authorities ((n_default_alt_bridge_authority) \
+                               + (n_default_alt_dir_authority))
+
+  /* Pre-Count Number of Authorities of Each Type
+   * Use 0000: No Directory Authorities or Fallback Directories Set
+   */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0000 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = NULL;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 1);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+
+      /* Count Bridge Authorities */
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if it's a bridge auth */
+                        n_default_alt_bridge_authority +=
+                        ((ds->is_authority && (ds->type & BRIDGE_DIRINFO)) ?
+                         1 : 0)
+                        );
+      /* If we have no default bridge authority, something has gone wrong */
+      tt_assert(n_default_alt_bridge_authority >= 1);
+
+      /* Count v3 Authorities */
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment found counter if it's a v3 auth */
+                        n_default_alt_dir_authority +=
+                        ((ds->is_authority && (ds->type & V3_DIRINFO)) ?
+                         1 : 0)
+                        );
+      /* If we have no default authorities, something has gone really wrong */
+      tt_assert(n_default_alt_dir_authority >= 1);
+
+      /* Calculate Fallback Directory Count */
+      n_default_fallback_dir = (smartlist_len(fallback_servers) -
+                                n_default_alt_bridge_authority -
+                                n_default_alt_dir_authority);
+      /* If we have a negative count, something has gone really wrong,
+       * or some authorities aren't being added as fallback directories.
+       * (networkstatus_consensus_can_use_extra_fallbacks depends on all
+       * authorities being fallback directories.) */
+      tt_assert(n_default_fallback_dir >= 0);
+    }
+  }
+
+  /*
+   * 1. Outcome: Use Set Directory Authorities
+   *   - No Default Authorities
+   *   - Use AlternateBridgeAuthority, AlternateDirAuthority, and FallbackDir
+   *     if they are set
+   *   Cases expected to yield this outcome:
+   *     8 & 9 (the 2 valid cases where DirAuthorities is set)
+   *     6 & 7 (the 2 cases where DirAuthorities is NULL, and
+   *           AlternateBridgeAuthority and AlternateDirAuthority are both set)
+   */
+
+  /* Case 9: 1001 - DirAuthorities Set, AlternateBridgeAuthority Not Set,
+     AlternateDirAuthority Not Set, FallbackDir Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 1001 */
+    options->DirAuthorities = test_dir_authority;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = test_fallback_directory;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* D0, (No B1), (No A2) */
+      tt_assert(smartlist_len(dir_servers) == 1);
+
+      /* DirAuthority - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 1);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* D0, (No B1), (No A2), Custom Fallback */
+      tt_assert(smartlist_len(fallback_servers) == 2);
+
+      /* DirAuthority - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 1);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* Custom FallbackDir - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 1);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+    }
+  }
+
+  /* Case 8: 1000 - DirAuthorities Set, Others Not Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 1000 */
+    options->DirAuthorities = test_dir_authority;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = NULL;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we just have the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 0);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* D0, (No B1), (No A2) */
+      tt_assert(smartlist_len(dir_servers) == 1);
+
+      /* DirAuthority - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 1);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* D0, (No B1), (No A2), (No Fallback) */
+      tt_assert(smartlist_len(fallback_servers) == 1);
+
+      /* DirAuthority - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 1);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* (No Custom FallbackDir) - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 0);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+    }
+  }
+
+  /* Case 7: 0111 - DirAuthorities Not Set, Others Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0111 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = test_alt_bridge_authority;
+    options->AlternateDirAuthority = test_alt_dir_authority;
+    options->FallbackDir = test_fallback_directory;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), B1, A2 */
+      tt_assert(smartlist_len(dir_servers) == 2);
+
+      /* (No DirAuthority) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), B1, A2, Custom Fallback */
+      tt_assert(smartlist_len(fallback_servers) == 3);
+
+      /* (No DirAuthority) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+
+      /* Custom FallbackDir - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 1);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+    }
+  }
+
+  /* Case 6: 0110 - DirAuthorities Not Set, AlternateBridgeAuthority &
+     AlternateDirAuthority Set, FallbackDir Not Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0110 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = test_alt_bridge_authority;
+    options->AlternateDirAuthority = test_alt_dir_authority;
+    options->FallbackDir = NULL;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 0);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), B1, A2 */
+      tt_assert(smartlist_len(dir_servers) == 2);
+
+      /* (No DirAuthority) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), B1, A2, (No Fallback) */
+      tt_assert(smartlist_len(fallback_servers) == 2);
+
+      /* (No DirAuthority) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+
+      /* (No Custom FallbackDir) - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 0);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+    }
+  }
+
+  /*
+   2. Outcome: Use Set Bridge Authority
+     - Use Default Non-Bridge Directory Authorities
+     - Use FallbackDir if it is set, otherwise use default FallbackDir
+     Cases expected to yield this outcome:
+       4 & 5 (the 2 cases where DirAuthorities is NULL,
+              AlternateBridgeAuthority is set, and
+              AlternateDirAuthority is NULL)
+  */
+
+  /* Case 5: 0101 - DirAuthorities Not Set, AlternateBridgeAuthority Set,
+     AlternateDirAuthority Not Set, FallbackDir Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0101 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = test_alt_bridge_authority;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = test_fallback_directory;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), B1, (No A2), Default v3 Non-Bridge Authorities */
+      tt_assert(smartlist_len(dir_servers) == 1 + n_default_alt_dir_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default v3 non-Bridge directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), B1, (No A2), Default v3 Non-Bridge Authorities,
+       * Custom Fallback */
+      tt_assert(smartlist_len(fallback_servers) ==
+                2 + n_default_alt_dir_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* Custom FallbackDir - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 1);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default v3 non-Bridge directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+  }
+
+  /* Case 4: 0100 - DirAuthorities Not Set, AlternateBridgeAuthority Set,
+   AlternateDirAuthority & FallbackDir Not Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0100 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = test_alt_bridge_authority;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = NULL;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 1);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), B1, (No A2), Default v3 Non-Bridge Authorities */
+      tt_assert(smartlist_len(dir_servers) == 1 + n_default_alt_dir_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default v3 non-Bridge directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), B1, (No A2), Default v3 Non-Bridge Authorities,
+       * Default Fallback */
+      tt_assert(smartlist_len(fallback_servers) ==
+                2 + n_default_alt_dir_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* AlternateBridgeAuthority - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 1);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* (No Custom FallbackDir) - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 0);
+
+      /* Default FallbackDir - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 1);
+
+      /* There's no easy way of checking that we have included all the
+       * default v3 non-Bridge directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+  }
+
+  /*
+   3. Outcome: Use Set Alternate Directory Authority
+     - Use Default Bridge Authorities
+     - Use FallbackDir if it is set, otherwise No Default Fallback Directories
+     Cases expected to yield this outcome:
+       2 & 3 (the 2 cases where DirAuthorities and AlternateBridgeAuthority
+              are both NULL, but AlternateDirAuthority is set)
+  */
+
+  /* Case 3: 0011 - DirAuthorities & AlternateBridgeAuthority Not Set,
+     AlternateDirAuthority & FallbackDir Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0011 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = test_alt_dir_authority;
+    options->FallbackDir = test_fallback_directory;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities, A2 */
+      tt_assert(smartlist_len(dir_servers) ==
+                1 + n_default_alt_bridge_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge authorities (except for hard-coding tonga's details),
+       * so let's assume that if the total count above is correct,
+       * we have the right ones.
+       */
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities, A2,
+       * Custom Fallback Directory, (No Default Fallback Directories) */
+      tt_assert(smartlist_len(fallback_servers) ==
+                2 + n_default_alt_bridge_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+
+      /* Custom FallbackDir - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 1);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge authorities (except for hard-coding tonga's details),
+       * so let's assume that if the total count above is correct,
+       * we have the right ones.
+       */
+    }
+  }
+
+  /* Case 2: 0010 - DirAuthorities & AlternateBridgeAuthority Not Set,
+   AlternateDirAuthority Set, FallbackDir Not Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0010 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = test_alt_dir_authority;
+    options->FallbackDir = NULL;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we just have the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 0);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities, A2,
+       * No Default or Custom Fallback Directories */
+      tt_assert(smartlist_len(dir_servers) ==
+                1 + n_default_alt_bridge_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge authorities (except for hard-coding tonga's details),
+       * so let's assume that if the total count above is correct,
+       * we have the right ones.
+       */
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities, A2,
+       * No Custom or Default Fallback Directories */
+      tt_assert(smartlist_len(fallback_servers) ==
+                1 + n_default_alt_bridge_authority);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* AlternateDirAuthority - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 1);
+
+      /* (No Custom FallbackDir) - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 0);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge authorities (except for hard-coding tonga's details),
+       * so let's assume that if the total count above is correct,
+       * we have the right ones.
+       */
+    }
+  }
+
+  /*
+   4. Outcome: Use Set Custom Fallback Directory
+     - Use Default Bridge & Directory Authorities
+     Cases expected to yield this outcome:
+       1 (DirAuthorities, AlternateBridgeAuthority and AlternateDirAuthority
+          are all NULL, but FallbackDir is set)
+  */
+
+  /* Case 1: 0001 - DirAuthorities, AlternateBridgeAuthority
+    & AlternateDirAuthority Not Set, FallbackDir Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0001 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = test_fallback_directory;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must not have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 0);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities,
+       * (No A2), Default v3 Directory Authorities */
+      tt_assert(smartlist_len(dir_servers) == n_default_authorities);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge & V3 Directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities,
+       * (No A2), Default v3 Directory Authorities,
+       * Custom Fallback Directory, (No Default Fallback Directories) */
+      tt_assert(smartlist_len(fallback_servers) ==
+                1 + n_default_authorities);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* Custom FallbackDir - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 1);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge & V3 Directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+  }
+
+  /*
+   5. Outcome: Use All Defaults
+     - Use Default Bridge & Directory Authorities, Default Fallback Directories
+     Cases expected to yield this outcome:
+       0 (DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority
+          and FallbackDir are all NULL)
+  */
+
+  /* Case 0: 0000 - All Not Set */
+  {
+    /* clear fallback dirs counter */
+    n_add_default_fallback_dir_servers_known_default = 0;
+
+    /* clear options*/
+    memset(options, 0, sizeof(or_options_t));
+
+    /* clear any previous dir servers:
+     consider_adding_dir_servers() should do this anyway */
+    clear_dir_servers();
+
+    /* assign options: 0001 */
+    options->DirAuthorities = NULL;
+    options->AlternateBridgeAuthority = NULL;
+    options->AlternateDirAuthority = NULL;
+    options->FallbackDir = NULL;
+    options->UseDefaultFallbackDirs = 1;
+
+    /* parse options - ensure we always update by passing NULL old_options */
+    consider_adding_dir_servers(options, NULL);
+
+    /* check outcome */
+
+    /* we must have added the default fallback dirs */
+    tt_assert(n_add_default_fallback_dir_servers_known_default == 1);
+
+    /* we have more fallbacks than just the authorities */
+    tt_assert(networkstatus_consensus_can_use_extra_fallbacks(options) == 1);
+
+    {
+      /* trusted_dir_servers */
+      const smartlist_t *dir_servers = router_get_trusted_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities,
+       * (No A2), Default v3 Directory Authorities */
+      tt_assert(smartlist_len(dir_servers) == n_default_authorities);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(dir_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge & V3 Directory authorities, so let's assume that
+       * if the total count above is correct, we have the right ones.
+       */
+    }
+
+    {
+      /* fallback_dir_servers */
+      const smartlist_t *fallback_servers = router_get_fallback_dir_servers();
+      /* (No D0), (No B1), Default Bridge Authorities,
+       * (No A2), Default v3 Directory Authorities,
+       * (No Custom Fallback Directory), Default Fallback Directories */
+      tt_assert(smartlist_len(fallback_servers) ==
+                n_default_authorities + n_default_fallback_dir);
+
+      /* (No DirAuthorities) - D0 - dir_port: 60090 */
+      int found_D0 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_D0 +=
+                        (ds->dir_port == 60090 ?
+                         1 : 0)
+                        );
+      tt_assert(found_D0 == 0);
+
+      /* (No AlternateBridgeAuthority) - B1 - dir_port: 60091 */
+      int found_B1 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_B1 +=
+                        (ds->dir_port == 60091 ?
+                         1 : 0)
+                        );
+      tt_assert(found_B1 == 0);
+
+      /* (No AlternateDirAuthority) - A2 - dir_port: 60092 */
+      int found_A2 = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_A2 +=
+                        (ds->dir_port == 60092 ?
+                         1 : 0)
+                        );
+      tt_assert(found_A2 == 0);
+
+      /* Custom FallbackDir - No Nickname - dir_port: 60093 */
+      int found_non_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_non_default_fallback +=
+                        (ds->dir_port == 60093 ?
+                         1 : 0)
+                        );
+      tt_assert(found_non_default_fallback == 0);
+
+      /* (No Default FallbackDir) - No Nickname - dir_port: 60099 */
+      int found_default_fallback = 0;
+      SMARTLIST_FOREACH(fallback_servers,
+                        dir_server_t *,
+                        ds,
+                        /* increment the found counter if dir_port matches */
+                        found_default_fallback +=
+                        (ds->dir_port == 60099 ?
+                         1 : 0)
+                        );
+      tt_assert(found_default_fallback == 1);
+
+      /* There's no easy way of checking that we have included all the
+       * default Bridge & V3 Directory authorities, and the default
+       * Fallback Directories, so let's assume that if the total count
+       * above is correct, we have the right ones.
+       */
+    }
+  }
+
+  done:
+  clear_dir_servers();
+
+  tor_free(test_dir_authority->key);
+  tor_free(test_dir_authority->value);
+  tor_free(test_dir_authority);
+
+  tor_free(test_alt_dir_authority->key);
+  tor_free(test_alt_dir_authority->value);
+  tor_free(test_alt_dir_authority);
+
+  tor_free(test_alt_bridge_authority->key);
+  tor_free(test_alt_bridge_authority->value);
+  tor_free(test_alt_bridge_authority);
+
+  tor_free(test_fallback_directory->key);
+  tor_free(test_fallback_directory->value);
+  tor_free(test_fallback_directory);
+
+  options->DirAuthorities = NULL;
+  options->AlternateBridgeAuthority = NULL;
+  options->AlternateDirAuthority = NULL;
+  options->FallbackDir = NULL;
+  or_options_free(options);
+
+  UNMOCK(add_default_fallback_dir_servers);
+}
+
+static void
+test_config_default_dir_servers(void *arg)
+{
+  or_options_t *opts = NULL;
+  (void)arg;
+  int trusted_count = 0;
+  int fallback_count = 0;
+
+  /* new set of options should stop fallback parsing */
+  opts = tor_malloc_zero(sizeof(or_options_t));
+  opts->UseDefaultFallbackDirs = 0;
+  /* set old_options to NULL to force dir update */
+  consider_adding_dir_servers(opts, NULL);
+  trusted_count = smartlist_len(router_get_trusted_dir_servers());
+  fallback_count = smartlist_len(router_get_fallback_dir_servers());
+  or_options_free(opts);
+  opts = NULL;
+
+  /* assume a release will never go out with less than 7 authorities */
+  tt_assert(trusted_count >= 7);
+  /* if we disable the default fallbacks, there must not be any extra */
+  tt_assert(fallback_count == trusted_count);
+
+  opts = tor_malloc_zero(sizeof(or_options_t));
+  opts->UseDefaultFallbackDirs = 1;
+  consider_adding_dir_servers(opts, opts);
+  trusted_count = smartlist_len(router_get_trusted_dir_servers());
+  fallback_count = smartlist_len(router_get_fallback_dir_servers());
+  or_options_free(opts);
+  opts = NULL;
+
+  /* assume a release will never go out with less than 7 authorities */
+  tt_assert(trusted_count >= 7);
+  /* XX/teor - allow for default fallbacks to be added without breaking
+   * the unit tests. Set a minimum fallback count once the list is stable. */
+  tt_assert(fallback_count >= trusted_count);
+
+ done:
+  or_options_free(opts);
+}
+
+static int mock_router_pick_published_address_result = 0;
+
+static int
+mock_router_pick_published_address(const or_options_t *options, uint32_t *addr)
+{
+  (void)options;
+  (void)addr;
+  return mock_router_pick_published_address_result;
+}
+
+static int mock_router_my_exit_policy_is_reject_star_result = 0;
+
+static int
+mock_router_my_exit_policy_is_reject_star(void)
+{
+  return mock_router_my_exit_policy_is_reject_star_result;
+}
+
+static int mock_advertised_server_mode_result = 0;
+
+static int
+mock_advertised_server_mode(void)
+{
+  return mock_advertised_server_mode_result;
+}
+
+static routerinfo_t *mock_router_get_my_routerinfo_result = NULL;
+
+static const routerinfo_t *
+mock_router_get_my_routerinfo(void)
+{
+  return mock_router_get_my_routerinfo_result;
+}
+
+static void
+test_config_directory_fetch(void *arg)
+{
+  (void)arg;
+
+  /* Test Setup */
+  or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
+  routerinfo_t routerinfo;
+  memset(&routerinfo, 0, sizeof(routerinfo));
+  mock_router_pick_published_address_result = -1;
+  mock_router_my_exit_policy_is_reject_star_result = 1;
+  mock_advertised_server_mode_result = 0;
+  mock_router_get_my_routerinfo_result = NULL;
+  MOCK(router_pick_published_address, mock_router_pick_published_address);
+  MOCK(router_my_exit_policy_is_reject_star,
+       mock_router_my_exit_policy_is_reject_star);
+  MOCK(advertised_server_mode, mock_advertised_server_mode);
+  MOCK(router_get_my_routerinfo, mock_router_get_my_routerinfo);
+
+  /* Clients can use multiple directory mirrors for bootstrap */
+  memset(options, 0, sizeof(or_options_t));
+  options->ClientOnly = 1;
+  tt_assert(server_mode(options) == 0);
+  tt_assert(public_server_mode(options) == 0);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 1);
+
+  /* Bridge Clients can use multiple directory mirrors for bootstrap */
+  memset(options, 0, sizeof(or_options_t));
+  options->UseBridges = 1;
+  tt_assert(server_mode(options) == 0);
+  tt_assert(public_server_mode(options) == 0);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 1);
+
+  /* Bridge Relays (Bridges) must act like clients, and use multiple
+   * directory mirrors for bootstrap */
+  memset(options, 0, sizeof(or_options_t));
+  options->BridgeRelay = 1;
+  options->ORPort_set = 1;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 0);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 1);
+
+  /* Clients set to FetchDirInfoEarly must fetch it from the authorities,
+   * but can use multiple authorities for bootstrap */
+  memset(options, 0, sizeof(or_options_t));
+  options->FetchDirInfoEarly = 1;
+  tt_assert(server_mode(options) == 0);
+  tt_assert(public_server_mode(options) == 0);
+  tt_assert(directory_fetches_from_authorities(options) == 1);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 1);
+
+  /* OR servers only fetch the consensus from the authorities when they don't
+   * know their own address, but never use multiple directories for bootstrap
+   */
+  memset(options, 0, sizeof(or_options_t));
+  options->ORPort_set = 1;
+
+  mock_router_pick_published_address_result = -1;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 1);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  mock_router_pick_published_address_result = 0;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  /* Exit OR servers only fetch the consensus from the authorities when they
+   * refuse unknown exits, but never use multiple directories for bootstrap
+   */
+  memset(options, 0, sizeof(or_options_t));
+  options->ORPort_set = 1;
+  options->ExitRelay = 1;
+  mock_router_pick_published_address_result = 0;
+  mock_router_my_exit_policy_is_reject_star_result = 0;
+  mock_advertised_server_mode_result = 1;
+  mock_router_get_my_routerinfo_result = &routerinfo;
+
+  routerinfo.supports_tunnelled_dir_requests = 1;
+
+  options->RefuseUnknownExits = 1;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 1);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  options->RefuseUnknownExits = 0;
+  mock_router_pick_published_address_result = 0;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  /* Dir servers fetch the consensus from the authorities, unless they are not
+   * advertising themselves (hibernating) or have no routerinfo or are not
+   * advertising their dirport, and never use multiple directories for
+   * bootstrap. This only applies if they are also OR servers.
+   * (We don't care much about the behaviour of non-OR directory servers.) */
+  memset(options, 0, sizeof(or_options_t));
+  options->DirPort_set = 1;
+  options->ORPort_set = 1;
+  options->DirCache = 1;
+  mock_router_pick_published_address_result = 0;
+  mock_router_my_exit_policy_is_reject_star_result = 1;
+
+  mock_advertised_server_mode_result = 1;
+  routerinfo.dir_port = 1;
+  mock_router_get_my_routerinfo_result = &routerinfo;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 1);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  mock_advertised_server_mode_result = 0;
+  routerinfo.dir_port = 1;
+  mock_router_get_my_routerinfo_result = &routerinfo;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  mock_advertised_server_mode_result = 1;
+  mock_router_get_my_routerinfo_result = NULL;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  mock_advertised_server_mode_result = 1;
+  routerinfo.dir_port = 0;
+  routerinfo.supports_tunnelled_dir_requests = 0;
+  mock_router_get_my_routerinfo_result = &routerinfo;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 0);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+  mock_advertised_server_mode_result = 1;
+  routerinfo.dir_port = 1;
+  routerinfo.supports_tunnelled_dir_requests = 1;
+  mock_router_get_my_routerinfo_result = &routerinfo;
+  tt_assert(server_mode(options) == 1);
+  tt_assert(public_server_mode(options) == 1);
+  tt_assert(directory_fetches_from_authorities(options) == 1);
+  tt_assert(networkstatus_consensus_can_use_multiple_directories(options)
+            == 0);
+
+ done:
+  tor_free(options);
+  UNMOCK(router_pick_published_address);
+  UNMOCK(router_get_my_routerinfo);
+  UNMOCK(advertised_server_mode);
+  UNMOCK(router_my_exit_policy_is_reject_star);
+}
+
+static void
+test_config_default_fallback_dirs(void *arg)
+{
+  const char *fallback[] = {
+#include "../or/fallback_dirs.inc"
+    NULL
+  };
+
+  int n_included_fallback_dirs = 0;
+  int n_added_fallback_dirs = 0;
+
+  (void)arg;
+  clear_dir_servers();
+
+  while (fallback[n_included_fallback_dirs])
+    n_included_fallback_dirs++;
+
+  add_default_fallback_dir_servers();
+
+  n_added_fallback_dirs = smartlist_len(router_get_fallback_dir_servers());
+
+  tt_assert(n_included_fallback_dirs == n_added_fallback_dirs);
+
+  done:
+  clear_dir_servers();
+}
+
+static config_line_t *
+mock_config_line(const char *key, const char *val)
+{
+  config_line_t *config_line = tor_malloc(sizeof(config_line_t));
+  memset(config_line, 0, sizeof(config_line_t));
+  config_line->key = tor_strdup(key);
+  config_line->value = tor_strdup(val);
+  return config_line;
+}
+
+static void
+test_config_parse_port_config__listenaddress(void *data)
+{
+  (void)data;
+  int ret;
+  config_line_t *config_listen_address = NULL, *config_listen_address2 = NULL,
+    *config_listen_address3 = NULL;
+  config_line_t *config_port1 = NULL, *config_port2 = NULL,
+    *config_port3 = NULL, *config_port4 = NULL, *config_port5 = NULL;
+  smartlist_t *slout = NULL;
+  port_cfg_t *port_cfg = NULL;
+
+  // Test basic invocation with no arguments
+  ret = parse_port_config(NULL, NULL, NULL, NULL, 0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Setup some test data
+  config_listen_address = mock_config_line("DNSListenAddress", "127.0.0.1");
+  config_listen_address2 = mock_config_line("DNSListenAddress", "x$$$:::345");
+  config_listen_address3 = mock_config_line("DNSListenAddress",
+                                            "127.0.0.1:1442");
+  config_port1 = mock_config_line("DNSPort", "42");
+  config_port2 = mock_config_line("DNSPort", "43");
+  config_port1->next = config_port2;
+  config_port3 = mock_config_line("DNSPort", "auto");
+  config_port4 = mock_config_line("DNSPort", "55542");
+  config_port5 = mock_config_line("DNSPort", "666777");
+
+  // Test failure when we have a ListenAddress line and several
+  // Port lines for the same portname
+  ret = parse_port_config(NULL, config_port1, config_listen_address, "DNS", 0,
+                          NULL, 0, 0);
+
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test case when we have a listen address, no default port and allow
+  // spurious listen address lines
+  ret = parse_port_config(NULL, NULL, config_listen_address, "DNS", 0, NULL,
+                          0, CL_PORT_ALLOW_EXTRA_LISTENADDR);
+  tt_int_op(ret, OP_EQ, 1);
+
+  // Test case when we have a listen address, no default port but doesn't
+  // allow spurious listen address lines
+  ret = parse_port_config(NULL, NULL, config_listen_address, "DNS", 0, NULL,
+                          0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test case when we have a listen address, and a port that points to auto,
+  // should use the AUTO port
+  slout = smartlist_new();
+  ret = parse_port_config(slout, config_port3, config_listen_address, "DNS",
+                          0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, CFG_AUTO_PORT);
+
+  // Test when we have a listen address and a custom port
+  ret = parse_port_config(slout, config_port4, config_listen_address, "DNS",
+                          0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 2);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 1);
+  tt_int_op(port_cfg->port, OP_EQ, 55542);
+
+  // Test when we have a listen address and an invalid custom port
+  ret = parse_port_config(slout, config_port5, config_listen_address, "DNS",
+                          0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test we get a server port configuration when asked for it
+  ret = parse_port_config(slout, NULL, config_listen_address, "DNS", 0, NULL,
+                          123, CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 4);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 2);
+  tt_int_op(port_cfg->port, OP_EQ, 123);
+  tt_int_op(port_cfg->server_cfg.no_listen, OP_EQ, 1);
+  tt_int_op(port_cfg->server_cfg.bind_ipv4_only, OP_EQ, 1);
+
+  // Test an invalid ListenAddress configuration
+  ret = parse_port_config(NULL, NULL, config_listen_address2, "DNS", 0, NULL,
+                          222, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test default to the port in the listen address if available
+  ret = parse_port_config(slout, config_port2, config_listen_address3, "DNS",
+                          0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 5);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 4);
+  tt_int_op(port_cfg->port, OP_EQ, 1442);
+
+  // Test we work correctly without an out, but with a listen address
+  // and a port
+  ret = parse_port_config(NULL, config_port2, config_listen_address, "DNS",
+                          0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test warning nonlocal control
+  ret = parse_port_config(slout, config_port2, config_listen_address, "DNS",
+                          CONN_TYPE_CONTROL_LISTENER, NULL, 0,
+                          CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test warning nonlocal ext or listener
+  ret = parse_port_config(slout, config_port2, config_listen_address, "DNS",
+                          CONN_TYPE_EXT_OR_LISTENER, NULL, 0,
+                          CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test warning nonlocal other
+  ret = parse_port_config(slout, config_port2, config_listen_address, "DNS",
+                          0, NULL, 0, CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test warning nonlocal control without an out
+  ret = parse_port_config(NULL, config_port2, config_listen_address, "DNS",
+                          CONN_TYPE_CONTROL_LISTENER, NULL, 0,
+                          CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  config_free_lines(config_listen_address);
+  config_free_lines(config_listen_address2);
+  config_free_lines(config_listen_address3);
+  config_free_lines(config_port1);
+  /* 2 was linked from 1. */
+  config_free_lines(config_port3);
+  config_free_lines(config_port4);
+  config_free_lines(config_port5);
+  if (slout)
+    SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_free(slout);
+}
+
+static void
+test_config_parse_port_config__ports__no_ports_given(void *data)
+{
+  (void)data;
+  int ret;
+  smartlist_t *slout = NULL;
+  port_cfg_t *port_cfg = NULL;
+
+  slout = smartlist_new();
+
+  // Test no defaultport, no defaultaddress and no out
+  ret = parse_port_config(NULL, NULL, NULL, "DNS", 0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test with defaultport, no defaultaddress and no out
+  ret = parse_port_config(NULL, NULL, NULL, "DNS", 0, NULL, 42, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test no defaultport, with defaultaddress and no out
+  ret = parse_port_config(NULL, NULL, NULL, "DNS", 0, "127.0.0.2", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test with defaultport, with defaultaddress and no out
+  ret = parse_port_config(NULL, NULL, NULL, "DNS", 0, "127.0.0.2", 42, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test no defaultport, no defaultaddress and with out
+  ret = parse_port_config(slout, NULL, NULL, "DNS", 0, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 0);
+
+  // Test with defaultport, no defaultaddress and with out
+  ret = parse_port_config(slout, NULL, NULL, "DNS", 0, NULL, 42, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 0);
+
+  // Test no defaultport, with defaultaddress and with out
+  ret = parse_port_config(slout, NULL, NULL, "DNS", 0, "127.0.0.2", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 0);
+
+  // Test with defaultport, with defaultaddress and out, adds a new port cfg
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  ret = parse_port_config(slout, NULL, NULL, "DNS", 0, "127.0.0.2", 42, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, 42);
+  tt_int_op(port_cfg->is_unix_addr, OP_EQ, 0);
+
+  // Test with defaultport, with defaultaddress and out, adds a new port cfg
+  // for a unix address
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  ret = parse_port_config(slout, NULL, NULL, "DNS", 0, "/foo/bar/unixdomain",
+                          42, CL_PORT_IS_UNIXSOCKET);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, 0);
+  tt_int_op(port_cfg->is_unix_addr, OP_EQ, 1);
+  tt_str_op(port_cfg->unix_addr, OP_EQ, "/foo/bar/unixdomain");
+
+ done:
+  if (slout)
+    SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_free(slout);
+}
+
+static void
+test_config_parse_port_config__ports__ports_given(void *data)
+{
+  (void)data;
+  int ret;
+  smartlist_t *slout = NULL;
+  port_cfg_t *port_cfg = NULL;
+  config_line_t *config_port_invalid = NULL, *config_port_valid = NULL;
+  tor_addr_t addr;
+
+  slout = smartlist_new();
+
+  // Test error when encounters an invalid Port specification
+  config_port_invalid = mock_config_line("DNSPort", "");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0, NULL,
+                          0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test error when encounters an empty unix domain specification
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_invalid = mock_config_line("DNSPort", "unix:");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0, NULL,
+                          0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test error when encounters a unix domain specification but the listener
+  // doesnt support domain sockets
+  config_port_valid = mock_config_line("DNSPort", "unix:/tmp/foo/bar");
+  ret = parse_port_config(NULL, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_AP_DNS_LISTENER, NULL, 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test valid unix domain
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_AP_LISTENER, NULL, 0, 0);
+#ifdef _WIN32
+  tt_int_op(ret, OP_EQ, -1);
+#else
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, 0);
+  tt_int_op(port_cfg->is_unix_addr, OP_EQ, 1);
+  tt_str_op(port_cfg->unix_addr, OP_EQ, "/tmp/foo/bar");
+#endif
+
+  // Test failure if we have no ipv4 and no ipv6 (for unix domain sockets,
+  // this makes no sense - it should be fixed)
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_invalid = mock_config_line("DNSPort",
+                                         "unix:/tmp/foo/bar NoIPv4Traffic");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS",
+                          CONN_TYPE_AP_LISTENER, NULL, 0,
+                          CL_PORT_TAKES_HOSTNAMES);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with no ipv4 but take ipv6 (for unix domain sockets, this
+  // makes no sense - it should be fixed)
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "unix:/tmp/foo/bar "
+                                       "NoIPv4Traffic IPv6Traffic");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_AP_LISTENER, NULL, 0,
+                          CL_PORT_TAKES_HOSTNAMES);
+#ifdef _WIN32
+  tt_int_op(ret, OP_EQ, -1);
+#else
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 0);
+  tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1);
+#endif
+
+  // Test success with both ipv4 and ipv6 (for unix domain sockets,
+  // this makes no sense - it should be fixed)
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "unix:/tmp/foo/bar "
+                                       "IPv4Traffic IPv6Traffic");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_AP_LISTENER, NULL, 0,
+                          CL_PORT_TAKES_HOSTNAMES);
+#ifdef _WIN32
+  tt_int_op(ret, OP_EQ, -1);
+#else
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1);
+#endif
+
+  // Test failure if we specify world writable for an IP Port
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_invalid = mock_config_line("DNSPort", "42 WorldWritable");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test failure if we specify group writable for an IP Port
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_invalid = mock_config_line("DNSPort", "42 GroupWritable");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test failure if we specify group writable for an IP Port
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_invalid = mock_config_line("DNSPort", "42 RelaxDirModeCheck");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with only a port (this will fail without a default address)
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  config_port_valid = mock_config_line("DNSPort", "42");
+  ret = parse_port_config(NULL, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test success with only a port and isolate destination port
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IsolateDestPort");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.isolation_flags, OP_EQ,
+            ISO_DEFAULT | ISO_DESTPORT);
+
+  // Test success with a negative isolate destination port, and plural
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 NoIsolateDestPorts");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.isolation_flags, OP_EQ,
+            ISO_DEFAULT & ~ISO_DESTPORT);
+
+  // Test success with isolate destination address
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IsolateDestAddr");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.isolation_flags, OP_EQ,
+            ISO_DEFAULT | ISO_DESTADDR);
+
+  // Test success with isolate socks AUTH
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IsolateSOCKSAuth");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.isolation_flags, OP_EQ,
+            ISO_DEFAULT | ISO_SOCKSAUTH);
+
+  // Test success with isolate client protocol
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IsolateClientProtocol");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.isolation_flags, OP_EQ,
+            ISO_DEFAULT | ISO_CLIENTPROTO);
+
+  // Test success with isolate client address
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IsolateClientAddr");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.isolation_flags, OP_EQ,
+            ISO_DEFAULT | ISO_CLIENTADDR);
+
+  // Test success with ignored unknown options
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  config_port_valid = mock_config_line("DNSPort", "42 ThisOptionDoesntExist");
+  ret = parse_port_config(NULL, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test success with no isolate socks AUTH
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 NoIsolateSOCKSAuth");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.3", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.socks_prefer_no_auth, OP_EQ, 1);
+
+  // Test success with prefer ipv6
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IPv6Traffic PreferIPv6");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_AP_LISTENER, "127.0.0.42", 0,
+                          CL_PORT_TAKES_HOSTNAMES);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 1);
+
+  // Test success with cache ipv4 DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 CacheIPv4DNS");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv4_answers, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv6_answers, OP_EQ, 0);
+
+  // Test success with cache ipv6 DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 CacheIPv6DNS");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv4_answers, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv6_answers, OP_EQ, 1);
+
+  // Test success with no cache ipv4 DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 NoCacheIPv4DNS");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv4_answers, OP_EQ, 0);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv6_answers, OP_EQ, 0);
+
+  // Test success with cache DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 CacheDNS");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, CL_PORT_TAKES_HOSTNAMES);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv4_answers, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.cache_ipv6_answers, OP_EQ, 1);
+
+  // Test success with use cached ipv4 DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 UseIPv4Cache");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.use_cached_ipv4_answers, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.use_cached_ipv6_answers, OP_EQ, 0);
+
+  // Test success with use cached ipv6 DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 UseIPv6Cache");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.use_cached_ipv4_answers, OP_EQ, 0);
+  tt_int_op(port_cfg->entry_cfg.use_cached_ipv6_answers, OP_EQ, 1);
+
+  // Test success with use cached DNS
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 UseDNSCache");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.use_cached_ipv4_answers, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.use_cached_ipv6_answers, OP_EQ, 1);
+
+  // Test success with not preferring ipv6 automap
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 NoPreferIPv6Automap");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.prefer_ipv6_virtaddr, OP_EQ, 0);
+
+  // Test success with prefer SOCKS no auth
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 PreferSOCKSNoAuth");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.socks_prefer_no_auth, OP_EQ, 1);
+
+  // Test failure with both a zero port and a non-zero port
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "0");
+  config_port_valid = mock_config_line("DNSPort", "42");
+  config_port_invalid->next = config_port_valid;
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with warn non-local control
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_CONTROL_LISTENER, "127.0.0.42", 0,
+                          CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test success with warn non-local listener
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_EXT_OR_LISTENER, "127.0.0.42", 0,
+                          CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test success with warn non-local other
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test success with warn non-local other without out
+  ret = parse_port_config(NULL, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.42", 0, CL_PORT_WARN_NONLOCAL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test success with both ipv4 and ipv6 but without stream options
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 IPv4Traffic "
+                                       "IPv6Traffic");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.44", 0,
+                          CL_PORT_TAKES_HOSTNAMES |
+                          CL_PORT_NO_STREAM_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1);
+  tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 0);
+
+  // Test failure for a SessionGroup argument with invalid value
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=invalid");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // TODO: this seems wrong. Shouldn't it be the other way around?
+  // Potential bug.
+  // Test failure for a SessionGroup argument with valid value but with stream
+  // options allowed
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=123");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.44", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test failure for more than one SessionGroup argument
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=123 "
+                                         "SessionGroup=321");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with a sessiongroup options
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "42 SessionGroup=1111122");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->entry_cfg.session_group, OP_EQ, 1111122);
+
+  // Test success with a zero unix domain socket, and doesnt add it to out
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "0");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.45", 0, CL_PORT_IS_UNIXSOCKET);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 0);
+
+  // Test success with a one unix domain socket, and doesnt add it to out
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "something");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.45", 0, CL_PORT_IS_UNIXSOCKET);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->is_unix_addr, OP_EQ, 1);
+  tt_str_op(port_cfg->unix_addr, OP_EQ, "something");
+
+  // Test success with a port of auto - it uses the default address
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "auto");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.46", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, CFG_AUTO_PORT);
+  tor_addr_parse(&addr, "127.0.0.46");
+  tt_assert(tor_addr_eq(&port_cfg->addr, &addr))
+
+  // Test success with parsing both an address and an auto port
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "127.0.0.122:auto");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.46", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, CFG_AUTO_PORT);
+  tor_addr_parse(&addr, "127.0.0.122");
+  tt_assert(tor_addr_eq(&port_cfg->addr, &addr))
+
+  // Test failure when asked to parse an invalid address followed by auto
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_port_invalid = mock_config_line("DNSPort", "invalidstuff!!:auto");
+  ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.46", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with parsing both an address and a real port
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "127.0.0.123:656");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0,
+                          "127.0.0.46", 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->port, OP_EQ, 656);
+  tor_addr_parse(&addr, "127.0.0.123");
+  tt_assert(tor_addr_eq(&port_cfg->addr, &addr))
+
+  // Test failure if we can't parse anything at all
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "something wrong");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.46", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test failure if we find both an address, a port and an auto
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "127.0.1.0:123:auto");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0,
+                          "127.0.0.46", 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test that default to group writeable default sets group writeable for
+  // domain socket
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "unix:/tmp/somewhere");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS",
+                          CONN_TYPE_AP_LISTENER, "127.0.0.46", 0,
+                          CL_PORT_DFLT_GROUP_WRITABLE);
+#ifdef _WIN32
+  tt_int_op(ret, OP_EQ, -1);
+#else
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->is_group_writable, OP_EQ, 1);
+#endif
+
+ done:
+  if (slout)
+    SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_free(slout);
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+}
+
+static void
+test_config_parse_port_config__ports__server_options(void *data)
+{
+  (void)data;
+  int ret;
+  smartlist_t *slout = NULL;
+  port_cfg_t *port_cfg = NULL;
+  config_line_t *config_port_invalid = NULL, *config_port_valid = NULL;
+
+  slout = smartlist_new();
+
+  // Test success with NoAdvertise option
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  config_port_valid = mock_config_line("DNSPort",
+                                       "127.0.0.124:656 NoAdvertise");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0, NULL, 0,
+                          CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->server_cfg.no_advertise, OP_EQ, 1);
+  tt_int_op(port_cfg->server_cfg.no_listen, OP_EQ, 0);
+
+  // Test success with NoListen option
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "127.0.0.124:656 NoListen");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0, NULL, 0,
+                          CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->server_cfg.no_advertise, OP_EQ, 0);
+  tt_int_op(port_cfg->server_cfg.no_listen, OP_EQ, 1);
+
+  // Test failure with both NoAdvertise and NoListen option
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "127.0.0.124:656 NoListen "
+                                         "NoAdvertise");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0, NULL,
+                          0, CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with IPv4Only
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "127.0.0.124:656 IPv4Only");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0, NULL, 0,
+                          CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->server_cfg.bind_ipv4_only, OP_EQ, 1);
+  tt_int_op(port_cfg->server_cfg.bind_ipv6_only, OP_EQ, 0);
+
+  // Test success with IPv6Only
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "[::1]:656 IPv6Only");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0, NULL, 0,
+                          CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+  port_cfg = (port_cfg_t *)smartlist_get(slout, 0);
+  tt_int_op(port_cfg->server_cfg.bind_ipv4_only, OP_EQ, 0);
+  tt_int_op(port_cfg->server_cfg.bind_ipv6_only, OP_EQ, 1);
+
+  // Test failure with both IPv4Only and IPv6Only
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "127.0.0.124:656 IPv6Only "
+                                         "IPv4Only");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0, NULL,
+                          0, CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test success with invalid parameter
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_valid = mock_config_line("DNSPort", "127.0.0.124:656 unknown");
+  ret = parse_port_config(slout, config_port_valid, NULL, "DNS", 0, NULL, 0,
+                          CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(smartlist_len(slout), OP_EQ, 1);
+
+  // Test failure when asked to bind only to ipv6 but gets an ipv4 address
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort",
+                                         "127.0.0.124:656 IPv6Only");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0, NULL,
+                          0, CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test failure when asked to bind only to ipv4 but gets an ipv6 address
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_clear(slout);
+  config_port_invalid = mock_config_line("DNSPort", "[::1]:656 IPv4Only");
+  ret = parse_port_config(slout, config_port_invalid, NULL, "DNS", 0, NULL,
+                          0, CL_PORT_SERVER_OPTIONS);
+  tt_int_op(ret, OP_EQ, -1);
+
+ done:
+  if (slout)
+    SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf));
+  smartlist_free(slout);
+  config_free_lines(config_port_invalid); config_port_invalid = NULL;
+  config_free_lines(config_port_valid); config_port_valid = NULL;
+}
+
 #define CONFIG_TEST(name, flags)                          \
   { #name, test_config_ ## name, flags, NULL, NULL }
 
 struct testcase_t config_tests[] = {
+  CONFIG_TEST(adding_trusted_dir_server, TT_FORK),
+  CONFIG_TEST(adding_fallback_dir_server, TT_FORK),
+  CONFIG_TEST(parsing_trusted_dir_server, 0),
+  CONFIG_TEST(parsing_fallback_dir_server, 0),
+  CONFIG_TEST(adding_default_trusted_dir_servers, TT_FORK),
+  CONFIG_TEST(adding_dir_servers, TT_FORK),
+  CONFIG_TEST(default_dir_servers, TT_FORK),
+  CONFIG_TEST(default_fallback_dirs, 0),
+  CONFIG_TEST(resolve_my_address, TT_FORK),
   CONFIG_TEST(addressmap, 0),
   CONFIG_TEST(parse_bridge_line, 0),
   CONFIG_TEST(parse_transport_options_line, 0),
+  CONFIG_TEST(parse_transport_plugin_line, TT_FORK),
   CONFIG_TEST(check_or_create_data_subdir, TT_FORK),
   CONFIG_TEST(write_to_data_subdir, TT_FORK),
   CONFIG_TEST(fix_my_family, 0),
+  CONFIG_TEST(directory_fetch, 0),
+  CONFIG_TEST(parse_port_config__listenaddress, 0),
+  CONFIG_TEST(parse_port_config__ports__no_ports_given, 0),
+  CONFIG_TEST(parse_port_config__ports__server_options, 0),
+  CONFIG_TEST(parse_port_config__ports__ports_given, 0),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
new file mode 100644
index 0000000000..bf95b0b59f
--- /dev/null
+++ b/src/test/test_connection.c
@@ -0,0 +1,858 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define CONNECTION_PRIVATE
+#define MAIN_PRIVATE
+
+#include "or.h"
+#include "test.h"
+
+#include "connection.h"
+#include "main.h"
+#include "microdesc.h"
+#include "networkstatus.h"
+#include "rendcache.h"
+#include "directory.h"
+
+static void test_conn_lookup_addr_helper(const char *address,
+                                         int family,
+                                         tor_addr_t *addr);
+
+static void * test_conn_get_basic_setup(const struct testcase_t *tc);
+static int test_conn_get_basic_teardown(const struct testcase_t *tc,
+                                        void *arg);
+
+static void * test_conn_get_rend_setup(const struct testcase_t *tc);
+static int test_conn_get_rend_teardown(const struct testcase_t *tc,
+                                        void *arg);
+
+static void * test_conn_get_rsrc_setup(const struct testcase_t *tc);
+static int test_conn_get_rsrc_teardown(const struct testcase_t *tc,
+                                        void *arg);
+
+/* Arbitrary choice - IPv4 Directory Connection to localhost */
+#define TEST_CONN_TYPE          (CONN_TYPE_DIR)
+/* We assume every machine has IPv4 localhost, is that ok? */
+#define TEST_CONN_ADDRESS       "127.0.0.1"
+#define TEST_CONN_PORT          (12345)
+#define TEST_CONN_ADDRESS_PORT  "127.0.0.1:12345"
+#define TEST_CONN_FAMILY        (AF_INET)
+#define TEST_CONN_STATE         (DIR_CONN_STATE_MIN_)
+#define TEST_CONN_ADDRESS_2     "127.0.0.2"
+
+#define TEST_CONN_BASIC_PURPOSE (DIR_PURPOSE_MIN_)
+
+#define TEST_CONN_REND_ADDR     "cfs3rltphxxvabci"
+#define TEST_CONN_REND_PURPOSE  (DIR_PURPOSE_FETCH_RENDDESC_V2)
+#define TEST_CONN_REND_PURPOSE_SUCCESSFUL (DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2)
+#define TEST_CONN_REND_TYPE_2   (CONN_TYPE_AP)
+#define TEST_CONN_REND_ADDR_2   "icbavxxhptlr3sfc"
+
+#define TEST_CONN_RSRC          (networkstatus_get_flavor_name(FLAV_MICRODESC))
+#define TEST_CONN_RSRC_PURPOSE  (DIR_PURPOSE_FETCH_CONSENSUS)
+#define TEST_CONN_RSRC_STATE_SUCCESSFUL (DIR_CONN_STATE_CLIENT_FINISHED)
+#define TEST_CONN_RSRC_2        (networkstatus_get_flavor_name(FLAV_NS))
+
+#define TEST_CONN_DL_STATE      (DIR_CONN_STATE_CLIENT_READING)
+
+/* see AP_CONN_STATE_IS_UNATTACHED() */
+#define TEST_CONN_UNATTACHED_STATE (AP_CONN_STATE_CIRCUIT_WAIT)
+#define TEST_CONN_ATTACHED_STATE   (AP_CONN_STATE_CONNECT_WAIT)
+
+#define TEST_CONN_FD_INIT 50
+static int mock_connection_connect_sockaddr_called = 0;
+static int fake_socket_number = TEST_CONN_FD_INIT;
+
+static int
+mock_connection_connect_sockaddr(connection_t *conn,
+                                 const struct sockaddr *sa,
+                                 socklen_t sa_len,
+                                 const struct sockaddr *bindaddr,
+                                 socklen_t bindaddr_len,
+                                 int *socket_error)
+{
+  (void)sa_len;
+  (void)bindaddr;
+  (void)bindaddr_len;
+
+  tor_assert(conn);
+  tor_assert(sa);
+  tor_assert(socket_error);
+
+  mock_connection_connect_sockaddr_called++;
+
+  conn->s = fake_socket_number++;
+  tt_assert(SOCKET_OK(conn->s));
+  /* We really should call tor_libevent_initialize() here. Because we don't,
+   * we are relying on other parts of the code not checking if the_event_base
+   * (and therefore event->ev_base) is NULL.  */
+  tt_assert(connection_add_connecting(conn) == 0);
+
+ done:
+  /* Fake "connected" status */
+  return 1;
+}
+
+static void
+test_conn_lookup_addr_helper(const char *address, int family, tor_addr_t *addr)
+{
+  int rv = 0;
+
+  tt_assert(addr);
+
+  rv = tor_addr_lookup(address, family, addr);
+  /* XXXX - should we retry on transient failure? */
+  tt_assert(rv == 0);
+  tt_assert(tor_addr_is_loopback(addr));
+  tt_assert(tor_addr_is_v4(addr));
+
+  return;
+
+ done:
+  tor_addr_make_null(addr, TEST_CONN_FAMILY);
+}
+
+static connection_t *
+test_conn_get_connection(uint8_t state, uint8_t type, uint8_t purpose)
+{
+  connection_t *conn = NULL;
+  tor_addr_t addr;
+  int socket_err = 0;
+  int in_progress = 0;
+
+  MOCK(connection_connect_sockaddr,
+       mock_connection_connect_sockaddr);
+
+  init_connection_lists();
+
+  conn = connection_new(type, TEST_CONN_FAMILY);
+  tt_assert(conn);
+
+  test_conn_lookup_addr_helper(TEST_CONN_ADDRESS, TEST_CONN_FAMILY, &addr);
+  tt_assert(!tor_addr_is_null(&addr));
+
+  tor_addr_copy_tight(&conn->addr, &addr);
+  conn->port = TEST_CONN_PORT;
+  mock_connection_connect_sockaddr_called = 0;
+  in_progress = connection_connect(conn, TEST_CONN_ADDRESS_PORT, &addr,
+                                   TEST_CONN_PORT, &socket_err);
+  tt_assert(mock_connection_connect_sockaddr_called == 1);
+  tt_assert(!socket_err);
+  tt_assert(in_progress == 0 || in_progress == 1);
+
+  /* fake some of the attributes so the connection looks OK */
+  conn->state = state;
+  conn->purpose = purpose;
+  assert_connection_ok(conn, time(NULL));
+
+  UNMOCK(connection_connect_sockaddr);
+
+  return conn;
+
+  /* On failure */
+ done:
+  UNMOCK(connection_connect_sockaddr);
+  return NULL;
+}
+
+static void *
+test_conn_get_basic_setup(const struct testcase_t *tc)
+{
+  (void)tc;
+  return test_conn_get_connection(TEST_CONN_STATE, TEST_CONN_TYPE,
+                                  TEST_CONN_BASIC_PURPOSE);
+}
+
+static int
+test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg)
+{
+  (void)tc;
+  connection_t *conn = arg;
+
+  tt_assert(conn);
+  assert_connection_ok(conn, time(NULL));
+
+  /* teardown the connection as fast as possible */
+  if (conn->linked_conn) {
+    assert_connection_ok(conn->linked_conn, time(NULL));
+
+    /* We didn't call tor_libevent_initialize(), so event_base was NULL,
+     * so we can't rely on connection_unregister_events() use of event_del().
+     */
+    if (conn->linked_conn->read_event) {
+      tor_free(conn->linked_conn->read_event);
+      conn->linked_conn->read_event = NULL;
+    }
+    if (conn->linked_conn->write_event) {
+      tor_free(conn->linked_conn->write_event);
+      conn->linked_conn->write_event = NULL;
+    }
+
+    if (!conn->linked_conn->marked_for_close) {
+      connection_close_immediate(conn->linked_conn);
+      connection_mark_for_close(conn->linked_conn);
+    }
+
+    close_closeable_connections();
+  }
+
+  /* We didn't set the events up properly, so we can't use event_del() in
+   * close_closeable_connections() > connection_free()
+   * > connection_unregister_events() */
+  if (conn->read_event) {
+    tor_free(conn->read_event);
+    conn->read_event = NULL;
+  }
+  if (conn->write_event) {
+    tor_free(conn->write_event);
+    conn->write_event = NULL;
+  }
+
+  if (!conn->marked_for_close) {
+    connection_close_immediate(conn);
+    connection_mark_for_close(conn);
+  }
+
+  close_closeable_connections();
+
+  /* The unit test will fail if we return 0 */
+  return 1;
+
+  /* When conn == NULL, we can't cleanup anything */
+ done:
+  return 0;
+}
+
+static void *
+test_conn_get_rend_setup(const struct testcase_t *tc)
+{
+  dir_connection_t *conn = DOWNCAST(dir_connection_t,
+                                    test_conn_get_connection(
+                                                    TEST_CONN_STATE,
+                                                    TEST_CONN_TYPE,
+                                                    TEST_CONN_REND_PURPOSE));
+  tt_assert(conn);
+  assert_connection_ok(&conn->base_, time(NULL));
+
+  rend_cache_init();
+
+  /* TODO: use directory_initiate_command_rend() to do this - maybe? */
+  conn->rend_data = tor_malloc_zero(sizeof(rend_data_t));
+  tor_assert(strlen(TEST_CONN_REND_ADDR) == REND_SERVICE_ID_LEN_BASE32);
+  memcpy(conn->rend_data->onion_address,
+         TEST_CONN_REND_ADDR,
+         REND_SERVICE_ID_LEN_BASE32+1);
+  conn->rend_data->hsdirs_fp = smartlist_new();
+
+  assert_connection_ok(&conn->base_, time(NULL));
+  return conn;
+
+  /* On failure */
+ done:
+  test_conn_get_rend_teardown(tc, conn);
+  /* Returning NULL causes the unit test to fail */
+  return NULL;
+}
+
+static int
+test_conn_get_rend_teardown(const struct testcase_t *tc, void *arg)
+{
+  dir_connection_t *conn = DOWNCAST(dir_connection_t, arg);
+  int rv = 0;
+
+  tt_assert(conn);
+  assert_connection_ok(&conn->base_, time(NULL));
+
+  /* avoid a last-ditch attempt to refetch the descriptor */
+  conn->base_.purpose = TEST_CONN_REND_PURPOSE_SUCCESSFUL;
+
+  /* connection_free_() cleans up rend_data */
+  rv = test_conn_get_basic_teardown(tc, arg);
+ done:
+  rend_cache_free_all();
+  return rv;
+}
+
+static dir_connection_t *
+test_conn_download_status_add_a_connection(const char *resource)
+{
+  dir_connection_t *conn = DOWNCAST(dir_connection_t,
+                                    test_conn_get_connection(
+                                                      TEST_CONN_STATE,
+                                                      TEST_CONN_TYPE,
+                                                      TEST_CONN_RSRC_PURPOSE));
+
+  tt_assert(conn);
+  assert_connection_ok(&conn->base_, time(NULL));
+
+  /* Replace the existing resource with the one we want */
+  if (resource) {
+    if (conn->requested_resource) {
+      tor_free(conn->requested_resource);
+    }
+    conn->requested_resource = tor_strdup(resource);
+    assert_connection_ok(&conn->base_, time(NULL));
+  }
+
+  return conn;
+
+ done:
+  test_conn_get_rsrc_teardown(NULL, conn);
+  return NULL;
+}
+
+static void *
+test_conn_get_rsrc_setup(const struct testcase_t *tc)
+{
+  (void)tc;
+  return test_conn_download_status_add_a_connection(TEST_CONN_RSRC);
+}
+
+static int
+test_conn_get_rsrc_teardown(const struct testcase_t *tc, void *arg)
+{
+  int rv = 0;
+
+  connection_t *conn = (connection_t *)arg;
+  tt_assert(conn);
+  assert_connection_ok(conn, time(NULL));
+
+  if (conn->type == CONN_TYPE_DIR) {
+    dir_connection_t *dir_conn = DOWNCAST(dir_connection_t, arg);
+
+    tt_assert(dir_conn);
+    assert_connection_ok(&dir_conn->base_, time(NULL));
+
+    /* avoid a last-ditch attempt to refetch the consensus */
+    dir_conn->base_.state = TEST_CONN_RSRC_STATE_SUCCESSFUL;
+    assert_connection_ok(&dir_conn->base_, time(NULL));
+  }
+
+  /* connection_free_() cleans up requested_resource */
+  rv = test_conn_get_basic_teardown(tc, conn);
+
+ done:
+  return rv;
+}
+
+static void *
+test_conn_download_status_setup(const struct testcase_t *tc)
+{
+  (void)tc;
+
+  /* Don't return NULL, that causes the test to fail */
+  return (void*)"ok";
+}
+
+static int
+test_conn_download_status_teardown(const struct testcase_t *tc, void *arg)
+{
+  (void)arg;
+  int rv = 0;
+
+  /* Ignore arg, and just loop through the connection array */
+  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
+    if (conn) {
+      assert_connection_ok(conn, time(NULL));
+
+      /* connection_free_() cleans up requested_resource */
+      rv = test_conn_get_rsrc_teardown(tc, conn);
+      tt_assert(rv == 1);
+    }
+  } SMARTLIST_FOREACH_END(conn);
+
+ done:
+  return rv;
+}
+
+/* Like connection_ap_make_link(), but does much less */
+static connection_t *
+test_conn_get_linked_connection(connection_t *l_conn, uint8_t state)
+{
+  tt_assert(l_conn);
+  assert_connection_ok(l_conn, time(NULL));
+
+  /* AP connections don't seem to have purposes */
+  connection_t *conn = test_conn_get_connection(state, CONN_TYPE_AP,
+                                                       0);
+
+  tt_assert(conn);
+  assert_connection_ok(conn, time(NULL));
+
+  conn->linked = 1;
+  l_conn->linked = 1;
+  conn->linked_conn = l_conn;
+  l_conn->linked_conn = conn;
+  /* we never opened a real socket, so we can just overwrite it */
+  conn->s = TOR_INVALID_SOCKET;
+  l_conn->s = TOR_INVALID_SOCKET;
+
+  assert_connection_ok(conn, time(NULL));
+  assert_connection_ok(l_conn, time(NULL));
+
+  return conn;
+
+ done:
+  test_conn_download_status_teardown(NULL, NULL);
+  return NULL;
+}
+
+static struct testcase_setup_t test_conn_get_basic_st = {
+  test_conn_get_basic_setup, test_conn_get_basic_teardown
+};
+
+static struct testcase_setup_t test_conn_get_rend_st = {
+  test_conn_get_rend_setup, test_conn_get_rend_teardown
+};
+
+static struct testcase_setup_t test_conn_get_rsrc_st = {
+  test_conn_get_rsrc_setup, test_conn_get_rsrc_teardown
+};
+
+static struct testcase_setup_t test_conn_download_status_st = {
+  test_conn_download_status_setup, test_conn_download_status_teardown
+};
+
+static void
+test_conn_get_basic(void *arg)
+{
+  connection_t *conn = (connection_t*)arg;
+  tor_addr_t addr, addr2;
+
+  tt_assert(conn);
+  assert_connection_ok(conn, time(NULL));
+
+  test_conn_lookup_addr_helper(TEST_CONN_ADDRESS, TEST_CONN_FAMILY, &addr);
+  tt_assert(!tor_addr_is_null(&addr));
+  test_conn_lookup_addr_helper(TEST_CONN_ADDRESS_2, TEST_CONN_FAMILY, &addr2);
+  tt_assert(!tor_addr_is_null(&addr2));
+
+  /* Check that we get this connection back when we search for it by
+   * its attributes, but get NULL when we supply a different value. */
+
+  tt_assert(connection_get_by_global_id(conn->global_identifier) == conn);
+  tt_assert(connection_get_by_global_id(!conn->global_identifier) == NULL);
+
+  tt_assert(connection_get_by_type(conn->type) == conn);
+  tt_assert(connection_get_by_type(TEST_CONN_TYPE) == conn);
+  tt_assert(connection_get_by_type(!conn->type) == NULL);
+  tt_assert(connection_get_by_type(!TEST_CONN_TYPE) == NULL);
+
+  tt_assert(connection_get_by_type_state(conn->type, conn->state)
+            == conn);
+  tt_assert(connection_get_by_type_state(TEST_CONN_TYPE, TEST_CONN_STATE)
+            == conn);
+  tt_assert(connection_get_by_type_state(!conn->type, !conn->state)
+            == NULL);
+  tt_assert(connection_get_by_type_state(!TEST_CONN_TYPE, !TEST_CONN_STATE)
+            == NULL);
+
+  /* Match on the connection fields themselves */
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &conn->addr,
+                                                     conn->port,
+                                                     conn->purpose)
+            == conn);
+  /* Match on the original inputs to the connection */
+  tt_assert(connection_get_by_type_addr_port_purpose(TEST_CONN_TYPE,
+                                                     &conn->addr,
+                                                     conn->port,
+                                                     conn->purpose)
+            == conn);
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &addr,
+                                                     conn->port,
+                                                     conn->purpose)
+            == conn);
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &conn->addr,
+                                                     TEST_CONN_PORT,
+                                                     conn->purpose)
+            == conn);
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &conn->addr,
+                                                     conn->port,
+                                                     TEST_CONN_BASIC_PURPOSE)
+            == conn);
+  tt_assert(connection_get_by_type_addr_port_purpose(TEST_CONN_TYPE,
+                                                     &addr,
+                                                     TEST_CONN_PORT,
+                                                     TEST_CONN_BASIC_PURPOSE)
+            == conn);
+  /* Then try each of the not-matching combinations */
+  tt_assert(connection_get_by_type_addr_port_purpose(!conn->type,
+                                                     &conn->addr,
+                                                     conn->port,
+                                                     conn->purpose)
+            == NULL);
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &addr2,
+                                                     conn->port,
+                                                     conn->purpose)
+            == NULL);
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &conn->addr,
+                                                     !conn->port,
+                                                     conn->purpose)
+            == NULL);
+  tt_assert(connection_get_by_type_addr_port_purpose(conn->type,
+                                                     &conn->addr,
+                                                     conn->port,
+                                                     !conn->purpose)
+            == NULL);
+  /* Then try everything not-matching */
+  tt_assert(connection_get_by_type_addr_port_purpose(!conn->type,
+                                                     &addr2,
+                                                     !conn->port,
+                                                     !conn->purpose)
+            == NULL);
+  tt_assert(connection_get_by_type_addr_port_purpose(!TEST_CONN_TYPE,
+                                                     &addr2,
+                                                     !TEST_CONN_PORT,
+                                                     !TEST_CONN_BASIC_PURPOSE)
+            == NULL);
+
+ done:
+  ;
+}
+
+static void
+test_conn_get_rend(void *arg)
+{
+  dir_connection_t *conn = DOWNCAST(dir_connection_t, arg);
+  tt_assert(conn);
+  assert_connection_ok(&conn->base_, time(NULL));
+
+  tt_assert(connection_get_by_type_state_rendquery(
+                                            conn->base_.type,
+                                            conn->base_.state,
+                                            conn->rend_data->onion_address)
+            == TO_CONN(conn));
+  tt_assert(connection_get_by_type_state_rendquery(
+                                            TEST_CONN_TYPE,
+                                            TEST_CONN_STATE,
+                                            TEST_CONN_REND_ADDR)
+            == TO_CONN(conn));
+  tt_assert(connection_get_by_type_state_rendquery(TEST_CONN_REND_TYPE_2,
+                                                   !conn->base_.state,
+                                                   "")
+            == NULL);
+  tt_assert(connection_get_by_type_state_rendquery(TEST_CONN_REND_TYPE_2,
+                                                   !TEST_CONN_STATE,
+                                                   TEST_CONN_REND_ADDR_2)
+            == NULL);
+
+ done:
+  ;
+}
+
+#define sl_is_conn_assert(sl_input, conn) \
+  do {                                               \
+    the_sl = (sl_input);                             \
+    tt_assert(smartlist_len((the_sl)) == 1);         \
+    tt_assert(smartlist_get((the_sl), 0) == (conn)); \
+    smartlist_free(the_sl); the_sl = NULL;           \
+  } while (0)
+
+#define sl_no_conn_assert(sl_input)          \
+  do {                                       \
+    the_sl = (sl_input);                     \
+    tt_assert(smartlist_len((the_sl)) == 0); \
+    smartlist_free(the_sl); the_sl = NULL;   \
+  } while (0)
+
+static void
+test_conn_get_rsrc(void *arg)
+{
+  dir_connection_t *conn = DOWNCAST(dir_connection_t, arg);
+  smartlist_t *the_sl = NULL;
+  tt_assert(conn);
+  assert_connection_ok(&conn->base_, time(NULL));
+
+  sl_is_conn_assert(connection_dir_list_by_purpose_and_resource(
+                                                    conn->base_.purpose,
+                                                    conn->requested_resource),
+                    conn);
+  sl_is_conn_assert(connection_dir_list_by_purpose_and_resource(
+                                                    TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC),
+                    conn);
+  sl_no_conn_assert(connection_dir_list_by_purpose_and_resource(
+                                                    !conn->base_.purpose,
+                                                    ""));
+  sl_no_conn_assert(connection_dir_list_by_purpose_and_resource(
+                                                    !TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC_2));
+
+  sl_is_conn_assert(connection_dir_list_by_purpose_resource_and_state(
+                                                    conn->base_.purpose,
+                                                    conn->requested_resource,
+                                                    conn->base_.state),
+                    conn);
+  sl_is_conn_assert(connection_dir_list_by_purpose_resource_and_state(
+                                                    TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC,
+                                                    TEST_CONN_STATE),
+                    conn);
+  sl_no_conn_assert(connection_dir_list_by_purpose_resource_and_state(
+                                                    !conn->base_.purpose,
+                                                    "",
+                                                    !conn->base_.state));
+  sl_no_conn_assert(connection_dir_list_by_purpose_resource_and_state(
+                                                    !TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC_2,
+                                                    !TEST_CONN_STATE));
+
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                    conn->base_.purpose,
+                                                    conn->requested_resource)
+            == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                    TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC)
+            == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                    !conn->base_.purpose,
+                                                    "")
+            == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                    !TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC_2)
+            == 0);
+
+  tt_assert(connection_dir_count_by_purpose_resource_and_state(
+                                                    conn->base_.purpose,
+                                                    conn->requested_resource,
+                                                    conn->base_.state)
+            == 1);
+  tt_assert(connection_dir_count_by_purpose_resource_and_state(
+                                                    TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC,
+                                                    TEST_CONN_STATE)
+            == 1);
+  tt_assert(connection_dir_count_by_purpose_resource_and_state(
+                                                    !conn->base_.purpose,
+                                                    "",
+                                                    !conn->base_.state)
+            == 0);
+  tt_assert(connection_dir_count_by_purpose_resource_and_state(
+                                                    !TEST_CONN_RSRC_PURPOSE,
+                                                    TEST_CONN_RSRC_2,
+                                                    !TEST_CONN_STATE)
+            == 0);
+
+ done:
+  smartlist_free(the_sl);
+}
+
+static void
+test_conn_download_status(void *arg)
+{
+  dir_connection_t *conn = NULL;
+  dir_connection_t *conn2 = NULL;
+  dir_connection_t *conn4 = NULL;
+  connection_t *ap_conn = NULL;
+
+  consensus_flavor_t usable_flavor = (consensus_flavor_t)arg;
+
+  /* The "other flavor" trick only works if there are two flavors */
+  tor_assert(N_CONSENSUS_FLAVORS == 2);
+  consensus_flavor_t other_flavor = ((usable_flavor == FLAV_NS)
+                                     ? FLAV_MICRODESC
+                                     : FLAV_NS);
+  const char *res = networkstatus_get_flavor_name(usable_flavor);
+  const char *other_res = networkstatus_get_flavor_name(other_flavor);
+
+  /* no connections */
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* one connection, not downloading */
+  conn = test_conn_download_status_add_a_connection(res);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* one connection, downloading but not linked (not possible on a client,
+   * but possible on a relay) */
+  conn->base_.state = TEST_CONN_DL_STATE;
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* one connection, downloading and linked, but not yet attached */
+  ap_conn = test_conn_get_linked_connection(TO_CONN(conn),
+                                            TEST_CONN_UNATTACHED_STATE);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+    /* one connection, downloading and linked and attached */
+  ap_conn->state = TEST_CONN_ATTACHED_STATE;
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* one connection, linked and attached but not downloading */
+  conn->base_.state = TEST_CONN_STATE;
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* two connections, both not downloading */
+  conn2 = test_conn_download_status_add_a_connection(res);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 2);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* two connections, one downloading */
+  conn->base_.state = TEST_CONN_DL_STATE;
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 2);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+  conn->base_.state = TEST_CONN_STATE;
+
+  /* more connections, all not downloading */
+  /* ignore the return value, it's free'd using the connection list */
+  (void)test_conn_download_status_add_a_connection(res);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 0);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 3);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* more connections, one downloading */
+  conn->base_.state = TEST_CONN_DL_STATE;
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 3);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* more connections, two downloading (should never happen, but needs
+   * to be tested for completeness) */
+  conn2->base_.state = TEST_CONN_DL_STATE;
+  /* ignore the return value, it's free'd using the connection list */
+  (void)test_conn_get_linked_connection(TO_CONN(conn2),
+                                        TEST_CONN_ATTACHED_STATE);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 3);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+  conn->base_.state = TEST_CONN_STATE;
+
+  /* more connections, a different one downloading */
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 3);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                         other_res) == 0);
+
+  /* a connection for the other flavor (could happen if a client is set to
+   * cache directory documents), one preferred flavor downloading
+   */
+  conn4 = test_conn_download_status_add_a_connection(other_res);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 0);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 3);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        other_res) == 1);
+
+  /* a connection for the other flavor (could happen if a client is set to
+   * cache directory documents), both flavors downloading
+   */
+  conn4->base_.state = TEST_CONN_DL_STATE;
+  /* ignore the return value, it's free'd using the connection list */
+  (void)test_conn_get_linked_connection(TO_CONN(conn4),
+                                        TEST_CONN_ATTACHED_STATE);
+  tt_assert(networkstatus_consensus_is_already_downloading(res) == 1);
+  tt_assert(networkstatus_consensus_is_already_downloading(other_res) == 1);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        res) == 3);
+  tt_assert(connection_dir_count_by_purpose_and_resource(
+                                                        TEST_CONN_RSRC_PURPOSE,
+                                                        other_res) == 1);
+
+ done:
+  /* the teardown function removes all the connections in the global list*/;
+}
+
+#define CONNECTION_TESTCASE(name, fork, setup)                           \
+  { #name, test_conn_##name, fork, &setup, NULL }
+
+/* where arg is an expression (constant, varaible, compound expression) */
+#define CONNECTION_TESTCASE_ARG(name, fork, setup, arg)                  \
+  { #name "_" #arg, test_conn_##name, fork, &setup, (void *)arg }
+
+struct testcase_t connection_tests[] = {
+  CONNECTION_TESTCASE(get_basic, TT_FORK, test_conn_get_basic_st),
+  CONNECTION_TESTCASE(get_rend,  TT_FORK, test_conn_get_rend_st),
+  CONNECTION_TESTCASE(get_rsrc,  TT_FORK, test_conn_get_rsrc_st),
+  CONNECTION_TESTCASE_ARG(download_status,  TT_FORK,
+                          test_conn_download_status_st, FLAV_MICRODESC),
+  CONNECTION_TESTCASE_ARG(download_status,  TT_FORK,
+                          test_conn_download_status_st, FLAV_NS),
+//CONNECTION_TESTCASE(func_suffix, TT_FORK, setup_func_pair),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_containers.c b/src/test/test_containers.c
index 067c4c1907..fd896760c0 100644
--- a/src/test/test_containers.c
+++ b/src/test/test_containers.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -29,7 +29,7 @@ compare_strs_for_bsearch_(const void *a, const void **b)
 /** Helper: return a tristate based on comparing the strings in *<b>a</b> and
  * *<b>b</b>, excluding a's first character, and ignoring case. */
 static int
-compare_without_first_ch_(const void *a, const void **b)
+cmp_without_first_(const void *a, const void **b)
 {
   const char *s1 = a, *s2 = *b;
   return strcasecmp(s1+1, s2);
@@ -37,237 +37,259 @@ compare_without_first_ch_(const void *a, const void **b)
 
 /** Run unit tests for basic dynamic-sized array functionality. */
 static void
-test_container_smartlist_basic(void)
+test_container_smartlist_basic(void *arg)
 {
   smartlist_t *sl;
+  char *v0 = tor_strdup("v0");
+  char *v1 = tor_strdup("v1");
+  char *v2 = tor_strdup("v2");
+  char *v3 = tor_strdup("v3");
+  char *v4 = tor_strdup("v4");
+  char *v22 = tor_strdup("v22");
+  char *v99 = tor_strdup("v99");
+  char *v555 = tor_strdup("v555");
 
   /* XXXX test sort_digests, uniq_strings, uniq_digests */
 
   /* Test smartlist add, del_keeporder, insert, get. */
+  (void)arg;
   sl = smartlist_new();
-  smartlist_add(sl, (void*)1);
-  smartlist_add(sl, (void*)2);
-  smartlist_add(sl, (void*)3);
-  smartlist_add(sl, (void*)4);
+  smartlist_add(sl, v1);
+  smartlist_add(sl, v2);
+  smartlist_add(sl, v3);
+  smartlist_add(sl, v4);
   smartlist_del_keeporder(sl, 1);
-  smartlist_insert(sl, 1, (void*)22);
-  smartlist_insert(sl, 0, (void*)0);
-  smartlist_insert(sl, 5, (void*)555);
-  test_eq_ptr((void*)0,   smartlist_get(sl,0));
-  test_eq_ptr((void*)1,   smartlist_get(sl,1));
-  test_eq_ptr((void*)22,  smartlist_get(sl,2));
-  test_eq_ptr((void*)3,   smartlist_get(sl,3));
-  test_eq_ptr((void*)4,   smartlist_get(sl,4));
-  test_eq_ptr((void*)555, smartlist_get(sl,5));
+  smartlist_insert(sl, 1, v22);
+  smartlist_insert(sl, 0, v0);
+  smartlist_insert(sl, 5, v555);
+  tt_ptr_op(v0,OP_EQ,   smartlist_get(sl,0));
+  tt_ptr_op(v1,OP_EQ,   smartlist_get(sl,1));
+  tt_ptr_op(v22,OP_EQ,  smartlist_get(sl,2));
+  tt_ptr_op(v3,OP_EQ,   smartlist_get(sl,3));
+  tt_ptr_op(v4,OP_EQ,   smartlist_get(sl,4));
+  tt_ptr_op(v555,OP_EQ, smartlist_get(sl,5));
   /* Try deleting in the middle. */
   smartlist_del(sl, 1);
-  test_eq_ptr((void*)555, smartlist_get(sl, 1));
+  tt_ptr_op(v555,OP_EQ, smartlist_get(sl, 1));
   /* Try deleting at the end. */
   smartlist_del(sl, 4);
-  test_eq(4, smartlist_len(sl));
+  tt_int_op(4,OP_EQ, smartlist_len(sl));
 
   /* test isin. */
-  test_assert(smartlist_contains(sl, (void*)3));
-  test_assert(!smartlist_contains(sl, (void*)99));
+  tt_assert(smartlist_contains(sl, v3));
+  tt_assert(!smartlist_contains(sl, v99));
 
  done:
   smartlist_free(sl);
+  tor_free(v0);
+  tor_free(v1);
+  tor_free(v2);
+  tor_free(v3);
+  tor_free(v4);
+  tor_free(v22);
+  tor_free(v99);
+  tor_free(v555);
 }
 
 /** Run unit tests for smartlist-of-strings functionality. */
 static void
-test_container_smartlist_strings(void)
+test_container_smartlist_strings(void *arg)
 {
   smartlist_t *sl = smartlist_new();
   char *cp=NULL, *cp_alloc=NULL;
   size_t sz;
 
   /* Test split and join */
-  test_eq(0, smartlist_len(sl));
+  (void)arg;
+  tt_int_op(0,OP_EQ, smartlist_len(sl));
   smartlist_split_string(sl, "abc", ":", 0, 0);
-  test_eq(1, smartlist_len(sl));
-  test_streq("abc", smartlist_get(sl, 0));
+  tt_int_op(1,OP_EQ, smartlist_len(sl));
+  tt_str_op("abc",OP_EQ, smartlist_get(sl, 0));
   smartlist_split_string(sl, "a::bc::", "::", 0, 0);
-  test_eq(4, smartlist_len(sl));
-  test_streq("a", smartlist_get(sl, 1));
-  test_streq("bc", smartlist_get(sl, 2));
-  test_streq("", smartlist_get(sl, 3));
+  tt_int_op(4,OP_EQ, smartlist_len(sl));
+  tt_str_op("a",OP_EQ, smartlist_get(sl, 1));
+  tt_str_op("bc",OP_EQ, smartlist_get(sl, 2));
+  tt_str_op("",OP_EQ, smartlist_get(sl, 3));
   cp_alloc = smartlist_join_strings(sl, "", 0, NULL);
-  test_streq(cp_alloc, "abcabc");
+  tt_str_op(cp_alloc,OP_EQ, "abcabc");
   tor_free(cp_alloc);
   cp_alloc = smartlist_join_strings(sl, "!", 0, NULL);
-  test_streq(cp_alloc, "abc!a!bc!");
+  tt_str_op(cp_alloc,OP_EQ, "abc!a!bc!");
   tor_free(cp_alloc);
   cp_alloc = smartlist_join_strings(sl, "XY", 0, NULL);
-  test_streq(cp_alloc, "abcXYaXYbcXY");
+  tt_str_op(cp_alloc,OP_EQ, "abcXYaXYbcXY");
   tor_free(cp_alloc);
   cp_alloc = smartlist_join_strings(sl, "XY", 1, NULL);
-  test_streq(cp_alloc, "abcXYaXYbcXYXY");
+  tt_str_op(cp_alloc,OP_EQ, "abcXYaXYbcXYXY");
   tor_free(cp_alloc);
   cp_alloc = smartlist_join_strings(sl, "", 1, NULL);
-  test_streq(cp_alloc, "abcabc");
+  tt_str_op(cp_alloc,OP_EQ, "abcabc");
   tor_free(cp_alloc);
 
   smartlist_split_string(sl, "/def/  /ghijk", "/", 0, 0);
-  test_eq(8, smartlist_len(sl));
-  test_streq("", smartlist_get(sl, 4));
-  test_streq("def", smartlist_get(sl, 5));
-  test_streq("  ", smartlist_get(sl, 6));
-  test_streq("ghijk", smartlist_get(sl, 7));
+  tt_int_op(8,OP_EQ, smartlist_len(sl));
+  tt_str_op("",OP_EQ, smartlist_get(sl, 4));
+  tt_str_op("def",OP_EQ, smartlist_get(sl, 5));
+  tt_str_op("  ",OP_EQ, smartlist_get(sl, 6));
+  tt_str_op("ghijk",OP_EQ, smartlist_get(sl, 7));
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   smartlist_split_string(sl, "a,bbd,cdef", ",", SPLIT_SKIP_SPACE, 0);
-  test_eq(3, smartlist_len(sl));
-  test_streq("a", smartlist_get(sl,0));
-  test_streq("bbd", smartlist_get(sl,1));
-  test_streq("cdef", smartlist_get(sl,2));
+  tt_int_op(3,OP_EQ, smartlist_len(sl));
+  tt_str_op("a",OP_EQ, smartlist_get(sl,0));
+  tt_str_op("bbd",OP_EQ, smartlist_get(sl,1));
+  tt_str_op("cdef",OP_EQ, smartlist_get(sl,2));
   smartlist_split_string(sl, " z <> zhasd <>  <> bnud<>   ", "<>",
                          SPLIT_SKIP_SPACE, 0);
-  test_eq(8, smartlist_len(sl));
-  test_streq("z", smartlist_get(sl,3));
-  test_streq("zhasd", smartlist_get(sl,4));
-  test_streq("", smartlist_get(sl,5));
-  test_streq("bnud", smartlist_get(sl,6));
-  test_streq("", smartlist_get(sl,7));
+  tt_int_op(8,OP_EQ, smartlist_len(sl));
+  tt_str_op("z",OP_EQ, smartlist_get(sl,3));
+  tt_str_op("zhasd",OP_EQ, smartlist_get(sl,4));
+  tt_str_op("",OP_EQ, smartlist_get(sl,5));
+  tt_str_op("bnud",OP_EQ, smartlist_get(sl,6));
+  tt_str_op("",OP_EQ, smartlist_get(sl,7));
 
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   smartlist_split_string(sl, " ab\tc \td ef  ", NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  test_eq(4, smartlist_len(sl));
-  test_streq("ab", smartlist_get(sl,0));
-  test_streq("c", smartlist_get(sl,1));
-  test_streq("d", smartlist_get(sl,2));
-  test_streq("ef", smartlist_get(sl,3));
+  tt_int_op(4,OP_EQ, smartlist_len(sl));
+  tt_str_op("ab",OP_EQ, smartlist_get(sl,0));
+  tt_str_op("c",OP_EQ, smartlist_get(sl,1));
+  tt_str_op("d",OP_EQ, smartlist_get(sl,2));
+  tt_str_op("ef",OP_EQ, smartlist_get(sl,3));
   smartlist_split_string(sl, "ghi\tj", NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  test_eq(6, smartlist_len(sl));
-  test_streq("ghi", smartlist_get(sl,4));
-  test_streq("j", smartlist_get(sl,5));
+  tt_int_op(6,OP_EQ, smartlist_len(sl));
+  tt_str_op("ghi",OP_EQ, smartlist_get(sl,4));
+  tt_str_op("j",OP_EQ, smartlist_get(sl,5));
 
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   cp_alloc = smartlist_join_strings(sl, "XY", 0, NULL);
-  test_streq(cp_alloc, "");
+  tt_str_op(cp_alloc,OP_EQ, "");
   tor_free(cp_alloc);
   cp_alloc = smartlist_join_strings(sl, "XY", 1, NULL);
-  test_streq(cp_alloc, "XY");
+  tt_str_op(cp_alloc,OP_EQ, "XY");
   tor_free(cp_alloc);
 
   smartlist_split_string(sl, " z <> zhasd <>  <> bnud<>   ", "<>",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  test_eq(3, smartlist_len(sl));
-  test_streq("z", smartlist_get(sl, 0));
-  test_streq("zhasd", smartlist_get(sl, 1));
-  test_streq("bnud", smartlist_get(sl, 2));
+  tt_int_op(3,OP_EQ, smartlist_len(sl));
+  tt_str_op("z",OP_EQ, smartlist_get(sl, 0));
+  tt_str_op("zhasd",OP_EQ, smartlist_get(sl, 1));
+  tt_str_op("bnud",OP_EQ, smartlist_get(sl, 2));
   smartlist_split_string(sl, " z <> zhasd <>  <> bnud<>   ", "<>",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
-  test_eq(5, smartlist_len(sl));
-  test_streq("z", smartlist_get(sl, 3));
-  test_streq("zhasd <>  <> bnud<>", smartlist_get(sl, 4));
+  tt_int_op(5,OP_EQ, smartlist_len(sl));
+  tt_str_op("z",OP_EQ, smartlist_get(sl, 3));
+  tt_str_op("zhasd <>  <> bnud<>",OP_EQ, smartlist_get(sl, 4));
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   smartlist_split_string(sl, "abcd\n", "\n",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  test_eq(1, smartlist_len(sl));
-  test_streq("abcd", smartlist_get(sl, 0));
+  tt_int_op(1,OP_EQ, smartlist_len(sl));
+  tt_str_op("abcd",OP_EQ, smartlist_get(sl, 0));
   smartlist_split_string(sl, "efgh", "\n",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  test_eq(2, smartlist_len(sl));
-  test_streq("efgh", smartlist_get(sl, 1));
+  tt_int_op(2,OP_EQ, smartlist_len(sl));
+  tt_str_op("efgh",OP_EQ, smartlist_get(sl, 1));
 
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* Test swapping, shuffling, and sorting. */
   smartlist_split_string(sl, "the,onion,router,by,arma,and,nickm", ",", 0, 0);
-  test_eq(7, smartlist_len(sl));
+  tt_int_op(7,OP_EQ, smartlist_len(sl));
   smartlist_sort(sl, compare_strs_);
   cp_alloc = smartlist_join_strings(sl, ",", 0, NULL);
-  test_streq(cp_alloc,"and,arma,by,nickm,onion,router,the");
+  tt_str_op(cp_alloc,OP_EQ, "and,arma,by,nickm,onion,router,the");
   tor_free(cp_alloc);
   smartlist_swap(sl, 1, 5);
   cp_alloc = smartlist_join_strings(sl, ",", 0, NULL);
-  test_streq(cp_alloc,"and,router,by,nickm,onion,arma,the");
+  tt_str_op(cp_alloc,OP_EQ, "and,router,by,nickm,onion,arma,the");
   tor_free(cp_alloc);
   smartlist_shuffle(sl);
-  test_eq(7, smartlist_len(sl));
-  test_assert(smartlist_contains_string(sl, "and"));
-  test_assert(smartlist_contains_string(sl, "router"));
-  test_assert(smartlist_contains_string(sl, "by"));
-  test_assert(smartlist_contains_string(sl, "nickm"));
-  test_assert(smartlist_contains_string(sl, "onion"));
-  test_assert(smartlist_contains_string(sl, "arma"));
-  test_assert(smartlist_contains_string(sl, "the"));
+  tt_int_op(7,OP_EQ, smartlist_len(sl));
+  tt_assert(smartlist_contains_string(sl, "and"));
+  tt_assert(smartlist_contains_string(sl, "router"));
+  tt_assert(smartlist_contains_string(sl, "by"));
+  tt_assert(smartlist_contains_string(sl, "nickm"));
+  tt_assert(smartlist_contains_string(sl, "onion"));
+  tt_assert(smartlist_contains_string(sl, "arma"));
+  tt_assert(smartlist_contains_string(sl, "the"));
 
   /* Test bsearch. */
   smartlist_sort(sl, compare_strs_);
-  test_streq("nickm", smartlist_bsearch(sl, "zNicKM",
-                                        compare_without_first_ch_));
-  test_streq("and", smartlist_bsearch(sl, " AND", compare_without_first_ch_));
-  test_eq_ptr(NULL, smartlist_bsearch(sl, " ANz", compare_without_first_ch_));
+  tt_str_op("nickm",OP_EQ, smartlist_bsearch(sl, "zNicKM",
+                                        cmp_without_first_));
+  tt_str_op("and",OP_EQ,
+            smartlist_bsearch(sl, " AND", cmp_without_first_));
+  tt_ptr_op(NULL,OP_EQ, smartlist_bsearch(sl, " ANz", cmp_without_first_));
 
   /* Test bsearch_idx */
   {
     int f;
     smartlist_t *tmp = NULL;
 
-    test_eq(0, smartlist_bsearch_idx(sl," aaa",compare_without_first_ch_,&f));
-    test_eq(f, 0);
-    test_eq(0, smartlist_bsearch_idx(sl," and",compare_without_first_ch_,&f));
-    test_eq(f, 1);
-    test_eq(1, smartlist_bsearch_idx(sl," arm",compare_without_first_ch_,&f));
-    test_eq(f, 0);
-    test_eq(1, smartlist_bsearch_idx(sl," arma",compare_without_first_ch_,&f));
-    test_eq(f, 1);
-    test_eq(2, smartlist_bsearch_idx(sl," armb",compare_without_first_ch_,&f));
-    test_eq(f, 0);
-    test_eq(7, smartlist_bsearch_idx(sl," zzzz",compare_without_first_ch_,&f));
-    test_eq(f, 0);
+    tt_int_op(0,OP_EQ,smartlist_bsearch_idx(sl," aaa",cmp_without_first_,&f));
+    tt_int_op(f,OP_EQ, 0);
+    tt_int_op(0,OP_EQ, smartlist_bsearch_idx(sl," and",cmp_without_first_,&f));
+    tt_int_op(f,OP_EQ, 1);
+    tt_int_op(1,OP_EQ, smartlist_bsearch_idx(sl," arm",cmp_without_first_,&f));
+    tt_int_op(f,OP_EQ, 0);
+    tt_int_op(1,OP_EQ,
+              smartlist_bsearch_idx(sl," arma",cmp_without_first_,&f));
+    tt_int_op(f,OP_EQ, 1);
+    tt_int_op(2,OP_EQ,
+              smartlist_bsearch_idx(sl," armb",cmp_without_first_,&f));
+    tt_int_op(f,OP_EQ, 0);
+    tt_int_op(7,OP_EQ,
+              smartlist_bsearch_idx(sl," zzzz",cmp_without_first_,&f));
+    tt_int_op(f,OP_EQ, 0);
 
     /* Test trivial cases for list of length 0 or 1 */
     tmp = smartlist_new();
-    test_eq(0, smartlist_bsearch_idx(tmp, "foo",
+    tt_int_op(0,OP_EQ, smartlist_bsearch_idx(tmp, "foo",
                                      compare_strs_for_bsearch_, &f));
-    test_eq(f, 0);
+    tt_int_op(f,OP_EQ, 0);
     smartlist_insert(tmp, 0, (void *)("bar"));
-    test_eq(1, smartlist_bsearch_idx(tmp, "foo",
+    tt_int_op(1,OP_EQ, smartlist_bsearch_idx(tmp, "foo",
                                      compare_strs_for_bsearch_, &f));
-    test_eq(f, 0);
-    test_eq(0, smartlist_bsearch_idx(tmp, "aaa",
+    tt_int_op(f,OP_EQ, 0);
+    tt_int_op(0,OP_EQ, smartlist_bsearch_idx(tmp, "aaa",
                                      compare_strs_for_bsearch_, &f));
-    test_eq(f, 0);
-    test_eq(0, smartlist_bsearch_idx(tmp, "bar",
+    tt_int_op(f,OP_EQ, 0);
+    tt_int_op(0,OP_EQ, smartlist_bsearch_idx(tmp, "bar",
                                      compare_strs_for_bsearch_, &f));
-    test_eq(f, 1);
+    tt_int_op(f,OP_EQ, 1);
     /* ... and one for length 2 */
     smartlist_insert(tmp, 1, (void *)("foo"));
-    test_eq(1, smartlist_bsearch_idx(tmp, "foo",
+    tt_int_op(1,OP_EQ, smartlist_bsearch_idx(tmp, "foo",
                                      compare_strs_for_bsearch_, &f));
-    test_eq(f, 1);
-    test_eq(2, smartlist_bsearch_idx(tmp, "goo",
+    tt_int_op(f,OP_EQ, 1);
+    tt_int_op(2,OP_EQ, smartlist_bsearch_idx(tmp, "goo",
                                      compare_strs_for_bsearch_, &f));
-    test_eq(f, 0);
+    tt_int_op(f,OP_EQ, 0);
     smartlist_free(tmp);
   }
 
   /* Test reverse() and pop_last() */
   smartlist_reverse(sl);
   cp_alloc = smartlist_join_strings(sl, ",", 0, NULL);
-  test_streq(cp_alloc,"the,router,onion,nickm,by,arma,and");
+  tt_str_op(cp_alloc,OP_EQ, "the,router,onion,nickm,by,arma,and");
   tor_free(cp_alloc);
   cp_alloc = smartlist_pop_last(sl);
-  test_streq(cp_alloc, "and");
+  tt_str_op(cp_alloc,OP_EQ, "and");
   tor_free(cp_alloc);
-  test_eq(smartlist_len(sl), 6);
+  tt_int_op(smartlist_len(sl),OP_EQ, 6);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
   cp_alloc = smartlist_pop_last(sl);
-  test_eq_ptr(cp_alloc, NULL);
+  tt_ptr_op(cp_alloc,OP_EQ, NULL);
 
   /* Test uniq() */
   smartlist_split_string(sl,
@@ -276,16 +298,16 @@ test_container_smartlist_strings(void)
   smartlist_sort(sl, compare_strs_);
   smartlist_uniq(sl, compare_strs_, tor_free_);
   cp_alloc = smartlist_join_strings(sl, ",", 0, NULL);
-  test_streq(cp_alloc, "50,a,canal,man,noon,panama,plan,radar");
+  tt_str_op(cp_alloc,OP_EQ, "50,a,canal,man,noon,panama,plan,radar");
   tor_free(cp_alloc);
 
   /* Test contains_string, contains_string_case and contains_int_as_string */
-  test_assert(smartlist_contains_string(sl, "noon"));
-  test_assert(!smartlist_contains_string(sl, "noonoon"));
-  test_assert(smartlist_contains_string_case(sl, "nOOn"));
-  test_assert(!smartlist_contains_string_case(sl, "nooNooN"));
-  test_assert(smartlist_contains_int_as_string(sl, 50));
-  test_assert(!smartlist_contains_int_as_string(sl, 60));
+  tt_assert(smartlist_contains_string(sl, "noon"));
+  tt_assert(!smartlist_contains_string(sl, "noonoon"));
+  tt_assert(smartlist_contains_string_case(sl, "nOOn"));
+  tt_assert(!smartlist_contains_string_case(sl, "nooNooN"));
+  tt_assert(smartlist_contains_int_as_string(sl, 50));
+  tt_assert(!smartlist_contains_int_as_string(sl, 60));
 
   /* Test smartlist_choose */
   {
@@ -293,7 +315,7 @@ test_container_smartlist_strings(void)
     int allsame = 1;
     int allin = 1;
     void *first = smartlist_choose(sl);
-    test_assert(smartlist_contains(sl, first));
+    tt_assert(smartlist_contains(sl, first));
     for (i = 0; i < 100; ++i) {
       void *second = smartlist_choose(sl);
       if (second != first)
@@ -301,8 +323,8 @@ test_container_smartlist_strings(void)
       if (!smartlist_contains(sl, second))
         allin = 0;
     }
-    test_assert(!allsame);
-    test_assert(allin);
+    tt_assert(!allsame);
+    tt_assert(allin);
   }
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
@@ -312,17 +334,17 @@ test_container_smartlist_strings(void)
                     "Some say the Earth will end in ice and some in fire",
                     " ", 0, 0);
   cp = smartlist_get(sl, 4);
-  test_streq(cp, "will");
+  tt_str_op(cp,OP_EQ, "will");
   smartlist_add(sl, cp);
   smartlist_remove(sl, cp);
   tor_free(cp);
   cp_alloc = smartlist_join_strings(sl, ",", 0, NULL);
-  test_streq(cp_alloc, "Some,say,the,Earth,fire,end,in,ice,and,some,in");
+  tt_str_op(cp_alloc,OP_EQ, "Some,say,the,Earth,fire,end,in,ice,and,some,in");
   tor_free(cp_alloc);
   smartlist_string_remove(sl, "in");
   cp_alloc = smartlist_join_strings2(sl, "+XX", 1, 0, &sz);
-  test_streq(cp_alloc, "Some+say+the+Earth+fire+end+some+ice+and");
-  test_eq((int)sz, 40);
+  tt_str_op(cp_alloc,OP_EQ, "Some+say+the+Earth+fire+end+some+ice+and");
+  tt_int_op((int)sz,OP_EQ, 40);
 
  done:
 
@@ -333,7 +355,7 @@ test_container_smartlist_strings(void)
 
 /** Run unit tests for smartlist set manipulation functions. */
 static void
-test_container_smartlist_overlap(void)
+test_container_smartlist_overlap(void *arg)
 {
   smartlist_t *sl = smartlist_new();
   smartlist_t *ints = smartlist_new();
@@ -341,6 +363,7 @@ test_container_smartlist_overlap(void)
   smartlist_t *evens = smartlist_new();
   smartlist_t *primes = smartlist_new();
   int i;
+  (void)arg;
   for (i=1; i < 10; i += 2)
     smartlist_add(odds, (void*)(uintptr_t)i);
   for (i=0; i < 10; i += 2)
@@ -349,7 +372,7 @@ test_container_smartlist_overlap(void)
   /* add_all */
   smartlist_add_all(ints, odds);
   smartlist_add_all(ints, evens);
-  test_eq(smartlist_len(ints), 10);
+  tt_int_op(smartlist_len(ints),OP_EQ, 10);
 
   smartlist_add(primes, (void*)2);
   smartlist_add(primes, (void*)3);
@@ -357,24 +380,24 @@ test_container_smartlist_overlap(void)
   smartlist_add(primes, (void*)7);
 
   /* overlap */
-  test_assert(smartlist_overlap(ints, odds));
-  test_assert(smartlist_overlap(odds, primes));
-  test_assert(smartlist_overlap(evens, primes));
-  test_assert(!smartlist_overlap(odds, evens));
+  tt_assert(smartlist_overlap(ints, odds));
+  tt_assert(smartlist_overlap(odds, primes));
+  tt_assert(smartlist_overlap(evens, primes));
+  tt_assert(!smartlist_overlap(odds, evens));
 
   /* intersect */
   smartlist_add_all(sl, odds);
   smartlist_intersect(sl, primes);
-  test_eq(smartlist_len(sl), 3);
-  test_assert(smartlist_contains(sl, (void*)3));
-  test_assert(smartlist_contains(sl, (void*)5));
-  test_assert(smartlist_contains(sl, (void*)7));
+  tt_int_op(smartlist_len(sl),OP_EQ, 3);
+  tt_assert(smartlist_contains(sl, (void*)3));
+  tt_assert(smartlist_contains(sl, (void*)5));
+  tt_assert(smartlist_contains(sl, (void*)7));
 
   /* subtract */
   smartlist_add_all(sl, primes);
   smartlist_subtract(sl, odds);
-  test_eq(smartlist_len(sl), 1);
-  test_assert(smartlist_contains(sl, (void*)2));
+  tt_int_op(smartlist_len(sl),OP_EQ, 1);
+  tt_assert(smartlist_contains(sl, (void*)2));
 
  done:
   smartlist_free(odds);
@@ -386,31 +409,32 @@ test_container_smartlist_overlap(void)
 
 /** Run unit tests for smartlist-of-digests functions. */
 static void
-test_container_smartlist_digests(void)
+test_container_smartlist_digests(void *arg)
 {
   smartlist_t *sl = smartlist_new();
 
   /* contains_digest */
+  (void)arg;
   smartlist_add(sl, tor_memdup("AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN));
   smartlist_add(sl, tor_memdup("\00090AAB2AAAAaasdAAAAA", DIGEST_LEN));
   smartlist_add(sl, tor_memdup("\00090AAB2AAAAaasdAAAAA", DIGEST_LEN));
-  test_eq(0, smartlist_contains_digest(NULL, "AAAAAAAAAAAAAAAAAAAA"));
-  test_assert(smartlist_contains_digest(sl, "AAAAAAAAAAAAAAAAAAAA"));
-  test_assert(smartlist_contains_digest(sl, "\00090AAB2AAAAaasdAAAAA"));
-  test_eq(0, smartlist_contains_digest(sl, "\00090AAB2AAABaasdAAAAA"));
+  tt_int_op(0,OP_EQ, smartlist_contains_digest(NULL, "AAAAAAAAAAAAAAAAAAAA"));
+  tt_assert(smartlist_contains_digest(sl, "AAAAAAAAAAAAAAAAAAAA"));
+  tt_assert(smartlist_contains_digest(sl, "\00090AAB2AAAAaasdAAAAA"));
+  tt_int_op(0,OP_EQ, smartlist_contains_digest(sl, "\00090AAB2AAABaasdAAAAA"));
 
   /* sort digests */
   smartlist_sort_digests(sl);
-  test_memeq(smartlist_get(sl, 0), "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
-  test_memeq(smartlist_get(sl, 1), "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
-  test_memeq(smartlist_get(sl, 2), "AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN);
-  test_eq(3, smartlist_len(sl));
+  tt_mem_op(smartlist_get(sl, 0),OP_EQ, "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
+  tt_mem_op(smartlist_get(sl, 1),OP_EQ, "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
+  tt_mem_op(smartlist_get(sl, 2),OP_EQ, "AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN);
+  tt_int_op(3,OP_EQ, smartlist_len(sl));
 
   /* uniq_digests */
   smartlist_uniq_digests(sl);
-  test_eq(2, smartlist_len(sl));
-  test_memeq(smartlist_get(sl, 0), "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
-  test_memeq(smartlist_get(sl, 1), "AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN);
+  tt_int_op(2,OP_EQ, smartlist_len(sl));
+  tt_mem_op(smartlist_get(sl, 0),OP_EQ, "\00090AAB2AAAAaasdAAAAA", DIGEST_LEN);
+  tt_mem_op(smartlist_get(sl, 1),OP_EQ, "AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN);
 
  done:
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
@@ -419,13 +443,14 @@ test_container_smartlist_digests(void)
 
 /** Run unit tests for concatenate-a-smartlist-of-strings functions. */
 static void
-test_container_smartlist_join(void)
+test_container_smartlist_join(void *arg)
 {
   smartlist_t *sl = smartlist_new();
   smartlist_t *sl2 = smartlist_new(), *sl3 = smartlist_new(),
     *sl4 = smartlist_new();
   char *joined=NULL;
   /* unique, sorted. */
+  (void)arg;
   smartlist_split_string(sl,
                          "Abashments Ambush Anchorman Bacon Banks Borscht "
                          "Bunks Inhumane Insurance Knish Know Manners "
@@ -441,21 +466,22 @@ test_container_smartlist_join(void)
                          sl2, char *, cp2,
                          strcmp(cp1,cp2),
                          smartlist_add(sl3, cp2)) {
-    test_streq(cp1, cp2);
+    tt_str_op(cp1,OP_EQ, cp2);
     smartlist_add(sl4, cp1);
   } SMARTLIST_FOREACH_JOIN_END(cp1, cp2);
 
   SMARTLIST_FOREACH(sl3, const char *, cp,
-                    test_assert(smartlist_contains(sl2, cp) &&
+                    tt_assert(smartlist_contains(sl2, cp) &&
                                 !smartlist_contains_string(sl, cp)));
   SMARTLIST_FOREACH(sl4, const char *, cp,
-                    test_assert(smartlist_contains(sl, cp) &&
+                    tt_assert(smartlist_contains(sl, cp) &&
                                 smartlist_contains_string(sl2, cp)));
   joined = smartlist_join_strings(sl3, ",", 0, NULL);
-  test_streq(joined, "Anemias,Anemias,Crossbowmen,Work");
+  tt_str_op(joined,OP_EQ, "Anemias,Anemias,Crossbowmen,Work");
   tor_free(joined);
   joined = smartlist_join_strings(sl4, ",", 0, NULL);
-  test_streq(joined, "Ambush,Anchorman,Anchorman,Bacon,Inhumane,Insurance,"
+  tt_str_op(joined,OP_EQ,
+            "Ambush,Anchorman,Anchorman,Bacon,Inhumane,Insurance,"
              "Knish,Know,Manners,Manners,Maraschinos,Wombats,Wombats");
   tor_free(joined);
 
@@ -470,6 +496,43 @@ test_container_smartlist_join(void)
 }
 
 static void
+test_container_smartlist_pos(void *arg)
+{
+  (void) arg;
+  smartlist_t *sl = smartlist_new();
+
+  smartlist_add(sl, tor_strdup("This"));
+  smartlist_add(sl, tor_strdup("is"));
+  smartlist_add(sl, tor_strdup("a"));
+  smartlist_add(sl, tor_strdup("test"));
+  smartlist_add(sl, tor_strdup("for"));
+  smartlist_add(sl, tor_strdup("a"));
+  smartlist_add(sl, tor_strdup("function"));
+
+  /* Test string_pos */
+  tt_int_op(smartlist_string_pos(NULL, "Fred"), ==, -1);
+  tt_int_op(smartlist_string_pos(sl, "Fred"), ==, -1);
+  tt_int_op(smartlist_string_pos(sl, "This"), ==, 0);
+  tt_int_op(smartlist_string_pos(sl, "a"), ==, 2);
+  tt_int_op(smartlist_string_pos(sl, "function"), ==, 6);
+
+  /* Test pos */
+  tt_int_op(smartlist_pos(NULL, "Fred"), ==, -1);
+  tt_int_op(smartlist_pos(sl, "Fred"), ==, -1);
+  tt_int_op(smartlist_pos(sl, "This"), ==, -1);
+  tt_int_op(smartlist_pos(sl, "a"), ==, -1);
+  tt_int_op(smartlist_pos(sl, "function"), ==, -1);
+  tt_int_op(smartlist_pos(sl, smartlist_get(sl,0)), ==, 0);
+  tt_int_op(smartlist_pos(sl, smartlist_get(sl,2)), ==, 2);
+  tt_int_op(smartlist_pos(sl, smartlist_get(sl,5)), ==, 5);
+  tt_int_op(smartlist_pos(sl, smartlist_get(sl,6)), ==, 6);
+
+ done:
+  SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
+  smartlist_free(sl);
+}
+
+static void
 test_container_smartlist_ints_eq(void *arg)
 {
   smartlist_t *sl1 = NULL, *sl2 = NULL;
@@ -516,18 +579,19 @@ test_container_smartlist_ints_eq(void *arg)
 
 /** Run unit tests for bitarray code */
 static void
-test_container_bitarray(void)
+test_container_bitarray(void *arg)
 {
   bitarray_t *ba = NULL;
   int i, j, ok=1;
 
+  (void)arg;
   ba = bitarray_init_zero(1);
-  test_assert(ba);
-  test_assert(! bitarray_is_set(ba, 0));
+  tt_assert(ba);
+  tt_assert(! bitarray_is_set(ba, 0));
   bitarray_set(ba, 0);
-  test_assert(bitarray_is_set(ba, 0));
+  tt_assert(bitarray_is_set(ba, 0));
   bitarray_clear(ba, 0);
-  test_assert(! bitarray_is_set(ba, 0));
+  tt_assert(! bitarray_is_set(ba, 0));
   bitarray_free(ba);
 
   ba = bitarray_init_zero(1023);
@@ -542,7 +606,7 @@ test_container_bitarray(void)
       if (!bool_eq(bitarray_is_set(ba, j), j%i))
         ok = 0;
     }
-    test_assert(ok);
+    tt_assert(ok);
     if (i < 7)
       ++i;
     else if (i == 28)
@@ -559,7 +623,7 @@ test_container_bitarray(void)
 /** Run unit tests for digest set code (implemented as a hashtable or as a
  * bloom filter) */
 static void
-test_container_digestset(void)
+test_container_digestset(void *arg)
 {
   smartlist_t *included = smartlist_new();
   char d[DIGEST_LEN];
@@ -568,6 +632,7 @@ test_container_digestset(void)
   int false_positives = 0;
   digestset_t *set = NULL;
 
+  (void)arg;
   for (i = 0; i < 1000; ++i) {
     crypto_rand(d, DIGEST_LEN);
     smartlist_add(included, tor_memdup(d, DIGEST_LEN));
@@ -576,19 +641,19 @@ test_container_digestset(void)
   SMARTLIST_FOREACH(included, const char *, cp,
                     if (digestset_contains(set, cp))
                       ok = 0);
-  test_assert(ok);
+  tt_assert(ok);
   SMARTLIST_FOREACH(included, const char *, cp,
                     digestset_add(set, cp));
   SMARTLIST_FOREACH(included, const char *, cp,
                     if (!digestset_contains(set, cp))
                       ok = 0);
-  test_assert(ok);
+  tt_assert(ok);
   for (i = 0; i < 1000; ++i) {
     crypto_rand(d, DIGEST_LEN);
     if (digestset_contains(set, d))
       ++false_positives;
   }
-  test_assert(false_positives < 50); /* Should be far lower. */
+  tt_int_op(50, OP_GT, false_positives); /* Should be far lower. */
 
  done:
   if (set)
@@ -612,7 +677,7 @@ compare_strings_for_pqueue_(const void *p1, const void *p2)
 
 /** Run unit tests for heap-based priority queue functions. */
 static void
-test_container_pqueue(void)
+test_container_pqueue(void *arg)
 {
   smartlist_t *sl = smartlist_new();
   int (*cmp)(const void *, const void*);
@@ -634,6 +699,8 @@ test_container_pqueue(void)
 
 #define OK() smartlist_pqueue_assert_ok(sl, cmp, offset)
 
+  (void)arg;
+
   cmp = compare_strings_for_pqueue_;
   smartlist_pqueue_add(sl, cmp, offset, &cows);
   smartlist_pqueue_add(sl, cmp, offset, &zebras);
@@ -649,31 +716,31 @@ test_container_pqueue(void)
 
   OK();
 
-  test_eq(smartlist_len(sl), 11);
-  test_eq_ptr(smartlist_get(sl, 0), &apples);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &apples);
-  test_eq(smartlist_len(sl), 10);
+  tt_int_op(smartlist_len(sl),OP_EQ, 11);
+  tt_ptr_op(smartlist_get(sl, 0),OP_EQ, &apples);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &apples);
+  tt_int_op(smartlist_len(sl),OP_EQ, 10);
   OK();
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &cows);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &daschunds);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &cows);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &daschunds);
   smartlist_pqueue_add(sl, cmp, offset, &chinchillas);
   OK();
   smartlist_pqueue_add(sl, cmp, offset, &fireflies);
   OK();
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &chinchillas);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &eggplants);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &fireflies);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &chinchillas);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &eggplants);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &fireflies);
   OK();
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &fish);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &frogs);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &lobsters);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &roquefort);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &fish);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &frogs);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &lobsters);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &roquefort);
   OK();
-  test_eq(smartlist_len(sl), 3);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &squid);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &weissbier);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &zebras);
-  test_eq(smartlist_len(sl), 0);
+  tt_int_op(smartlist_len(sl),OP_EQ, 3);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &squid);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &weissbier);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &zebras);
+  tt_int_op(smartlist_len(sl),OP_EQ, 0);
   OK();
 
   /* Now test remove. */
@@ -683,21 +750,21 @@ test_container_pqueue(void)
   smartlist_pqueue_add(sl, cmp, offset, &apples);
   smartlist_pqueue_add(sl, cmp, offset, &squid);
   smartlist_pqueue_add(sl, cmp, offset, &zebras);
-  test_eq(smartlist_len(sl), 6);
+  tt_int_op(smartlist_len(sl),OP_EQ, 6);
   OK();
   smartlist_pqueue_remove(sl, cmp, offset, &zebras);
-  test_eq(smartlist_len(sl), 5);
+  tt_int_op(smartlist_len(sl),OP_EQ, 5);
   OK();
   smartlist_pqueue_remove(sl, cmp, offset, &cows);
-  test_eq(smartlist_len(sl), 4);
+  tt_int_op(smartlist_len(sl),OP_EQ, 4);
   OK();
   smartlist_pqueue_remove(sl, cmp, offset, &apples);
-  test_eq(smartlist_len(sl), 3);
+  tt_int_op(smartlist_len(sl),OP_EQ, 3);
   OK();
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &fish);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &frogs);
-  test_eq_ptr(smartlist_pqueue_pop(sl, cmp, offset), &squid);
-  test_eq(smartlist_len(sl), 0);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &fish);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &frogs);
+  tt_ptr_op(smartlist_pqueue_pop(sl, cmp, offset),OP_EQ, &squid);
+  tt_int_op(smartlist_len(sl),OP_EQ, 0);
   OK();
 
 #undef OK
@@ -709,7 +776,7 @@ test_container_pqueue(void)
 
 /** Run unit tests for string-to-void* map functions */
 static void
-test_container_strmap(void)
+test_container_strmap(void *arg)
 {
   strmap_t *map;
   strmap_iter_t *iter;
@@ -717,36 +784,45 @@ test_container_strmap(void)
   void *v;
   char *visited = NULL;
   smartlist_t *found_keys = NULL;
+  char *v1 = tor_strdup("v1");
+  char *v99 = tor_strdup("v99");
+  char *v100 = tor_strdup("v100");
+  char *v101 = tor_strdup("v101");
+  char *v102 = tor_strdup("v102");
+  char *v103 = tor_strdup("v103");
+  char *v104 = tor_strdup("v104");
+  char *v105 = tor_strdup("v105");
 
+  (void)arg;
   map = strmap_new();
-  test_assert(map);
-  test_eq(strmap_size(map), 0);
-  test_assert(strmap_isempty(map));
-  v = strmap_set(map, "K1", (void*)99);
-  test_eq_ptr(v, NULL);
-  test_assert(!strmap_isempty(map));
-  v = strmap_set(map, "K2", (void*)101);
-  test_eq_ptr(v, NULL);
-  v = strmap_set(map, "K1", (void*)100);
-  test_eq_ptr(v, (void*)99);
-  test_eq_ptr(strmap_get(map,"K1"), (void*)100);
-  test_eq_ptr(strmap_get(map,"K2"), (void*)101);
-  test_eq_ptr(strmap_get(map,"K-not-there"), NULL);
+  tt_assert(map);
+  tt_int_op(strmap_size(map),OP_EQ, 0);
+  tt_assert(strmap_isempty(map));
+  v = strmap_set(map, "K1", v99);
+  tt_ptr_op(v,OP_EQ, NULL);
+  tt_assert(!strmap_isempty(map));
+  v = strmap_set(map, "K2", v101);
+  tt_ptr_op(v,OP_EQ, NULL);
+  v = strmap_set(map, "K1", v100);
+  tt_ptr_op(v,OP_EQ, v99);
+  tt_ptr_op(strmap_get(map,"K1"),OP_EQ, v100);
+  tt_ptr_op(strmap_get(map,"K2"),OP_EQ, v101);
+  tt_ptr_op(strmap_get(map,"K-not-there"),OP_EQ, NULL);
   strmap_assert_ok(map);
 
   v = strmap_remove(map,"K2");
   strmap_assert_ok(map);
-  test_eq_ptr(v, (void*)101);
-  test_eq_ptr(strmap_get(map,"K2"), NULL);
-  test_eq_ptr(strmap_remove(map,"K2"), NULL);
-
-  strmap_set(map, "K2", (void*)101);
-  strmap_set(map, "K3", (void*)102);
-  strmap_set(map, "K4", (void*)103);
-  test_eq(strmap_size(map), 4);
+  tt_ptr_op(v,OP_EQ, v101);
+  tt_ptr_op(strmap_get(map,"K2"),OP_EQ, NULL);
+  tt_ptr_op(strmap_remove(map,"K2"),OP_EQ, NULL);
+
+  strmap_set(map, "K2", v101);
+  strmap_set(map, "K3", v102);
+  strmap_set(map, "K4", v103);
+  tt_int_op(strmap_size(map),OP_EQ, 4);
   strmap_assert_ok(map);
-  strmap_set(map, "K5", (void*)104);
-  strmap_set(map, "K6", (void*)105);
+  strmap_set(map, "K5", v104);
+  strmap_set(map, "K6", v105);
   strmap_assert_ok(map);
 
   /* Test iterator. */
@@ -755,7 +831,7 @@ test_container_strmap(void)
   while (!strmap_iter_done(iter)) {
     strmap_iter_get(iter,&k,&v);
     smartlist_add(found_keys, tor_strdup(k));
-    test_eq_ptr(v, strmap_get(map, k));
+    tt_ptr_op(v,OP_EQ, strmap_get(map, k));
 
     if (!strcmp(k, "K2")) {
       iter = strmap_iter_next_rmv(map,iter);
@@ -765,12 +841,12 @@ test_container_strmap(void)
   }
 
   /* Make sure we removed K2, but not the others. */
-  test_eq_ptr(strmap_get(map, "K2"), NULL);
-  test_eq_ptr(strmap_get(map, "K5"), (void*)104);
+  tt_ptr_op(strmap_get(map, "K2"),OP_EQ, NULL);
+  tt_ptr_op(strmap_get(map, "K5"),OP_EQ, v104);
   /* Make sure we visited everyone once */
   smartlist_sort_strings(found_keys);
   visited = smartlist_join_strings(found_keys, ":", 0, NULL);
-  test_streq(visited, "K1:K2:K3:K4:K5:K6");
+  tt_str_op(visited,OP_EQ, "K1:K2:K3:K4:K5:K6");
 
   strmap_assert_ok(map);
   /* Clean up after ourselves. */
@@ -779,14 +855,14 @@ test_container_strmap(void)
 
   /* Now try some lc functions. */
   map = strmap_new();
-  strmap_set_lc(map,"Ab.C", (void*)1);
-  test_eq_ptr(strmap_get(map,"ab.c"), (void*)1);
+  strmap_set_lc(map,"Ab.C", v1);
+  tt_ptr_op(strmap_get(map,"ab.c"),OP_EQ, v1);
   strmap_assert_ok(map);
-  test_eq_ptr(strmap_get_lc(map,"AB.C"), (void*)1);
-  test_eq_ptr(strmap_get(map,"AB.C"), NULL);
-  test_eq_ptr(strmap_remove_lc(map,"aB.C"), (void*)1);
+  tt_ptr_op(strmap_get_lc(map,"AB.C"),OP_EQ, v1);
+  tt_ptr_op(strmap_get(map,"AB.C"),OP_EQ, NULL);
+  tt_ptr_op(strmap_remove_lc(map,"aB.C"),OP_EQ, v1);
   strmap_assert_ok(map);
-  test_eq_ptr(strmap_get_lc(map,"AB.C"), NULL);
+  tt_ptr_op(strmap_get_lc(map,"AB.C"),OP_EQ, NULL);
 
  done:
   if (map)
@@ -796,34 +872,92 @@ test_container_strmap(void)
     smartlist_free(found_keys);
   }
   tor_free(visited);
+  tor_free(v1);
+  tor_free(v99);
+  tor_free(v100);
+  tor_free(v101);
+  tor_free(v102);
+  tor_free(v103);
+  tor_free(v104);
+  tor_free(v105);
 }
 
 /** Run unit tests for getting the median of a list. */
 static void
-test_container_order_functions(void)
+test_container_order_functions(void *arg)
 {
   int lst[25], n = 0;
+  uint32_t lst_2[25];
   //  int a=12,b=24,c=25,d=60,e=77;
 
 #define median() median_int(lst, n)
 
+  (void)arg;
   lst[n++] = 12;
-  test_eq(12, median()); /* 12 */
+  tt_int_op(12,OP_EQ, median()); /* 12 */
   lst[n++] = 77;
   //smartlist_shuffle(sl);
-  test_eq(12, median()); /* 12, 77 */
+  tt_int_op(12,OP_EQ, median()); /* 12, 77 */
   lst[n++] = 77;
   //smartlist_shuffle(sl);
-  test_eq(77, median()); /* 12, 77, 77 */
+  tt_int_op(77,OP_EQ, median()); /* 12, 77, 77 */
   lst[n++] = 24;
-  test_eq(24, median()); /* 12,24,77,77 */
+  tt_int_op(24,OP_EQ, median()); /* 12,24,77,77 */
   lst[n++] = 60;
   lst[n++] = 12;
   lst[n++] = 25;
   //smartlist_shuffle(sl);
-  test_eq(25, median()); /* 12,12,24,25,60,77,77 */
+  tt_int_op(25,OP_EQ, median()); /* 12,12,24,25,60,77,77 */
 #undef median
 
+#define third_quartile() third_quartile_uint32(lst_2, n)
+
+  n = 0;
+  lst_2[n++] = 1;
+  tt_int_op(1,OP_EQ, third_quartile()); /* ~1~ */
+  lst_2[n++] = 2;
+  tt_int_op(2,OP_EQ, third_quartile()); /* 1, ~2~ */
+  lst_2[n++] = 3;
+  lst_2[n++] = 4;
+  lst_2[n++] = 5;
+  tt_int_op(4,OP_EQ, third_quartile()); /* 1, 2, 3, ~4~, 5 */
+  lst_2[n++] = 6;
+  lst_2[n++] = 7;
+  lst_2[n++] = 8;
+  lst_2[n++] = 9;
+  tt_int_op(7,OP_EQ, third_quartile()); /* 1, 2, 3, 4, 5, 6, ~7~, 8, 9 */
+  lst_2[n++] = 10;
+  lst_2[n++] = 11;
+  /* 1, 2, 3, 4, 5, 6, 7, 8, ~9~, 10, 11 */
+  tt_int_op(9,OP_EQ, third_quartile());
+
+#undef third_quartile
+
+  double dbls[] = { 1.0, 10.0, 100.0, 1e4, 1e5, 1e6 };
+  tt_double_eq(1.0, median_double(dbls, 1));
+  tt_double_eq(1.0, median_double(dbls, 2));
+  tt_double_eq(10.0, median_double(dbls, 3));
+  tt_double_eq(10.0, median_double(dbls, 4));
+  tt_double_eq(100.0, median_double(dbls, 5));
+  tt_double_eq(100.0, median_double(dbls, 6));
+
+  time_t times[] = { 5, 10, 20, 25, 15 };
+
+  tt_assert(5 == median_time(times, 1));
+  tt_assert(5 == median_time(times, 2));
+  tt_assert(10 == median_time(times, 3));
+  tt_assert(10 == median_time(times, 4));
+  tt_assert(15 == median_time(times, 5));
+
+  int32_t int32s[] = { -5, -10, -50, 100 };
+  tt_int_op(-5, ==, median_int32(int32s, 1));
+  tt_int_op(-10, ==, median_int32(int32s, 2));
+  tt_int_op(-10, ==, median_int32(int32s, 3));
+  tt_int_op(-10, ==, median_int32(int32s, 4));
+
+  long longs[] = { -30, 30, 100, -100, 7 };
+  tt_int_op(7, ==, find_nth_long(longs, 5, 2));
+
  done:
   ;
 }
@@ -844,26 +978,26 @@ test_container_di_map(void *arg)
   (void)arg;
 
   /* Try searching on an empty map. */
-  tt_ptr_op(NULL, ==, dimap_search(map, key1, NULL));
-  tt_ptr_op(NULL, ==, dimap_search(map, key2, NULL));
-  tt_ptr_op(v3, ==, dimap_search(map, key2, v3));
+  tt_ptr_op(NULL, OP_EQ, dimap_search(map, key1, NULL));
+  tt_ptr_op(NULL, OP_EQ, dimap_search(map, key2, NULL));
+  tt_ptr_op(v3, OP_EQ, dimap_search(map, key2, v3));
   dimap_free(map, NULL);
   map = NULL;
 
   /* Add a single entry. */
   dimap_add_entry(&map, key1, v1);
-  tt_ptr_op(NULL, ==, dimap_search(map, key2, NULL));
-  tt_ptr_op(v3, ==, dimap_search(map, key2, v3));
-  tt_ptr_op(v1, ==, dimap_search(map, key1, NULL));
+  tt_ptr_op(NULL, OP_EQ, dimap_search(map, key2, NULL));
+  tt_ptr_op(v3, OP_EQ, dimap_search(map, key2, v3));
+  tt_ptr_op(v1, OP_EQ, dimap_search(map, key1, NULL));
 
   /* Now try it with three entries in the map. */
   dimap_add_entry(&map, key2, v2);
   dimap_add_entry(&map, key3, v3);
-  tt_ptr_op(v1, ==, dimap_search(map, key1, NULL));
-  tt_ptr_op(v2, ==, dimap_search(map, key2, NULL));
-  tt_ptr_op(v3, ==, dimap_search(map, key3, NULL));
-  tt_ptr_op(NULL, ==, dimap_search(map, key4, NULL));
-  tt_ptr_op(v1, ==, dimap_search(map, key4, v1));
+  tt_ptr_op(v1, OP_EQ, dimap_search(map, key1, NULL));
+  tt_ptr_op(v2, OP_EQ, dimap_search(map, key2, NULL));
+  tt_ptr_op(v3, OP_EQ, dimap_search(map, key3, NULL));
+  tt_ptr_op(NULL, OP_EQ, dimap_search(map, key4, NULL));
+  tt_ptr_op(v1, OP_EQ, dimap_search(map, key4, v1));
 
  done:
   tor_free(v1);
@@ -874,18 +1008,26 @@ test_container_di_map(void *arg)
 
 /** Run unit tests for fp_pair-to-void* map functions */
 static void
-test_container_fp_pair_map(void)
+test_container_fp_pair_map(void *arg)
 {
   fp_pair_map_t *map;
   fp_pair_t fp1, fp2, fp3, fp4, fp5, fp6;
   void *v;
   fp_pair_map_iter_t *iter;
   fp_pair_t k;
+  char *v99 = tor_strdup("99");
+  char *v100 = tor_strdup("v100");
+  char *v101 = tor_strdup("v101");
+  char *v102 = tor_strdup("v102");
+  char *v103 = tor_strdup("v103");
+  char *v104 = tor_strdup("v104");
+  char *v105 = tor_strdup("v105");
 
+  (void)arg;
   map = fp_pair_map_new();
-  test_assert(map);
-  test_eq(fp_pair_map_size(map), 0);
-  test_assert(fp_pair_map_isempty(map));
+  tt_assert(map);
+  tt_int_op(fp_pair_map_size(map),OP_EQ, 0);
+  tt_assert(fp_pair_map_isempty(map));
 
   memset(fp1.first, 0x11, DIGEST_LEN);
   memset(fp1.second, 0x12, DIGEST_LEN);
@@ -900,38 +1042,38 @@ test_container_fp_pair_map(void)
   memset(fp6.first, 0x61, DIGEST_LEN);
   memset(fp6.second, 0x62, DIGEST_LEN);
 
-  v = fp_pair_map_set(map, &fp1, (void*)99);
-  tt_ptr_op(v, ==, NULL);
-  test_assert(!fp_pair_map_isempty(map));
-  v = fp_pair_map_set(map, &fp2, (void*)101);
-  tt_ptr_op(v, ==, NULL);
-  v = fp_pair_map_set(map, &fp1, (void*)100);
-  tt_ptr_op(v, ==, (void*)99);
-  test_eq_ptr(fp_pair_map_get(map, &fp1), (void*)100);
-  test_eq_ptr(fp_pair_map_get(map, &fp2), (void*)101);
-  test_eq_ptr(fp_pair_map_get(map, &fp3), NULL);
+  v = fp_pair_map_set(map, &fp1, v99);
+  tt_ptr_op(v, OP_EQ, NULL);
+  tt_assert(!fp_pair_map_isempty(map));
+  v = fp_pair_map_set(map, &fp2, v101);
+  tt_ptr_op(v, OP_EQ, NULL);
+  v = fp_pair_map_set(map, &fp1, v100);
+  tt_ptr_op(v, OP_EQ, v99);
+  tt_ptr_op(fp_pair_map_get(map, &fp1),OP_EQ, v100);
+  tt_ptr_op(fp_pair_map_get(map, &fp2),OP_EQ, v101);
+  tt_ptr_op(fp_pair_map_get(map, &fp3),OP_EQ, NULL);
   fp_pair_map_assert_ok(map);
 
   v = fp_pair_map_remove(map, &fp2);
   fp_pair_map_assert_ok(map);
-  test_eq_ptr(v, (void*)101);
-  test_eq_ptr(fp_pair_map_get(map, &fp2), NULL);
-  test_eq_ptr(fp_pair_map_remove(map, &fp2), NULL);
-
-  fp_pair_map_set(map, &fp2, (void*)101);
-  fp_pair_map_set(map, &fp3, (void*)102);
-  fp_pair_map_set(map, &fp4, (void*)103);
-  test_eq(fp_pair_map_size(map), 4);
+  tt_ptr_op(v,OP_EQ, v101);
+  tt_ptr_op(fp_pair_map_get(map, &fp2),OP_EQ, NULL);
+  tt_ptr_op(fp_pair_map_remove(map, &fp2),OP_EQ, NULL);
+
+  fp_pair_map_set(map, &fp2, v101);
+  fp_pair_map_set(map, &fp3, v102);
+  fp_pair_map_set(map, &fp4, v103);
+  tt_int_op(fp_pair_map_size(map),OP_EQ, 4);
   fp_pair_map_assert_ok(map);
-  fp_pair_map_set(map, &fp5, (void*)104);
-  fp_pair_map_set(map, &fp6, (void*)105);
+  fp_pair_map_set(map, &fp5, v104);
+  fp_pair_map_set(map, &fp6, v105);
   fp_pair_map_assert_ok(map);
 
   /* Test iterator. */
   iter = fp_pair_map_iter_init(map);
   while (!fp_pair_map_iter_done(iter)) {
     fp_pair_map_iter_get(iter, &k, &v);
-    test_eq_ptr(v, fp_pair_map_get(map, &k));
+    tt_ptr_op(v,OP_EQ, fp_pair_map_get(map, &k));
 
     if (tor_memeq(&fp2, &k, sizeof(fp2))) {
       iter = fp_pair_map_iter_next_rmv(map, iter);
@@ -941,8 +1083,8 @@ test_container_fp_pair_map(void)
   }
 
   /* Make sure we removed fp2, but not the others. */
-  test_eq_ptr(fp_pair_map_get(map, &fp2), NULL);
-  test_eq_ptr(fp_pair_map_get(map, &fp5), (void*)104);
+  tt_ptr_op(fp_pair_map_get(map, &fp2),OP_EQ, NULL);
+  tt_ptr_op(fp_pair_map_get(map, &fp5),OP_EQ, v104);
 
   fp_pair_map_assert_ok(map);
   /* Clean up after ourselves. */
@@ -952,10 +1094,140 @@ test_container_fp_pair_map(void)
  done:
   if (map)
     fp_pair_map_free(map, NULL);
+  tor_free(v99);
+  tor_free(v100);
+  tor_free(v101);
+  tor_free(v102);
+  tor_free(v103);
+  tor_free(v104);
+  tor_free(v105);
+}
+
+static void
+test_container_smartlist_most_frequent(void *arg)
+{
+  (void) arg;
+  smartlist_t *sl = smartlist_new();
+
+  int count = -1;
+  const char *cp;
+
+  cp = smartlist_get_most_frequent_string_(sl, &count);
+  tt_int_op(count, ==, 0);
+  tt_ptr_op(cp, ==, NULL);
+
+  /* String must be sorted before we call get_most_frequent */
+  smartlist_split_string(sl, "abc:def:ghi", ":", 0, 0);
+
+  cp = smartlist_get_most_frequent_string_(sl, &count);
+  tt_int_op(count, ==, 1);
+  tt_str_op(cp, ==, "ghi"); /* Ties broken in favor of later element */
+
+  smartlist_split_string(sl, "def:ghi", ":", 0, 0);
+  smartlist_sort_strings(sl);
+
+  cp = smartlist_get_most_frequent_string_(sl, &count);
+  tt_int_op(count, ==, 2);
+  tt_ptr_op(cp, !=, NULL);
+  tt_str_op(cp, ==, "ghi"); /* Ties broken in favor of later element */
+
+  smartlist_split_string(sl, "def:abc:qwop", ":", 0, 0);
+  smartlist_sort_strings(sl);
+
+  cp = smartlist_get_most_frequent_string_(sl, &count);
+  tt_int_op(count, ==, 3);
+  tt_ptr_op(cp, !=, NULL);
+  tt_str_op(cp, ==, "def"); /* No tie */
+
+ done:
+  SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
+  smartlist_free(sl);
+}
+
+static void
+test_container_smartlist_sort_ptrs(void *arg)
+{
+  (void)arg;
+  int array[10];
+  int *arrayptrs[11];
+  smartlist_t *sl = smartlist_new();
+  unsigned i=0, j;
+
+  for (j = 0; j < ARRAY_LENGTH(array); ++j) {
+    smartlist_add(sl, &array[j]);
+    arrayptrs[i++] = &array[j];
+    if (j == 5) {
+      smartlist_add(sl, &array[j]);
+      arrayptrs[i++] = &array[j];
+    }
+  }
+
+  for (i = 0; i < 10; ++i) {
+    smartlist_shuffle(sl);
+    smartlist_sort_pointers(sl);
+    for (j = 0; j < ARRAY_LENGTH(arrayptrs); ++j) {
+      tt_ptr_op(smartlist_get(sl, j), ==, arrayptrs[j]);
+    }
+  }
+
+ done:
+  smartlist_free(sl);
+}
+
+static void
+test_container_smartlist_strings_eq(void *arg)
+{
+  (void)arg;
+  smartlist_t *sl1 = smartlist_new();
+  smartlist_t *sl2 = smartlist_new();
+#define EQ_SHOULD_SAY(s1,s2,val)                                \
+  do {                                                          \
+    SMARTLIST_FOREACH(sl1, char *, cp, tor_free(cp));           \
+    SMARTLIST_FOREACH(sl2, char *, cp, tor_free(cp));           \
+    smartlist_clear(sl1);                                       \
+    smartlist_clear(sl2);                                       \
+    smartlist_split_string(sl1, (s1), ":", 0, 0);               \
+    smartlist_split_string(sl2, (s2), ":", 0, 0);               \
+    tt_int_op((val), OP_EQ, smartlist_strings_eq(sl1, sl2));    \
+  } while (0)
+
+  /* Both NULL, so equal */
+  tt_int_op(1, ==, smartlist_strings_eq(NULL, NULL));
+
+  /* One NULL, not equal. */
+  tt_int_op(0, ==, smartlist_strings_eq(NULL, sl1));
+  tt_int_op(0, ==, smartlist_strings_eq(sl1, NULL));
+
+  /* Both empty, both equal. */
+  EQ_SHOULD_SAY("", "", 1);
+
+  /* One empty, not equal */
+  EQ_SHOULD_SAY("", "ab", 0);
+  EQ_SHOULD_SAY("", "xy:z", 0);
+  EQ_SHOULD_SAY("abc", "", 0);
+  EQ_SHOULD_SAY("abc:cd", "", 0);
+
+  /* Different lengths, not equal. */
+  EQ_SHOULD_SAY("hello:world", "hello", 0);
+  EQ_SHOULD_SAY("hello", "hello:friends", 0);
+
+  /* Same lengths, not equal */
+  EQ_SHOULD_SAY("Hello:world", "goodbye:world", 0);
+  EQ_SHOULD_SAY("Hello:world", "Hello:stars", 0);
+
+  /* Actually equal */
+  EQ_SHOULD_SAY("ABC", "ABC", 1);
+  EQ_SHOULD_SAY(" ab : cd : e", " ab : cd : e", 1);
+
+ done:
+  SMARTLIST_FOREACH(sl1, char *, cp, tor_free(cp));
+  SMARTLIST_FOREACH(sl2, char *, cp, tor_free(cp));
+  smartlist_free(sl1);
+  smartlist_free(sl2);
 }
 
 #define CONTAINER_LEGACY(name)                                          \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_container_ ## name }
+  { #name, test_container_ ## name , 0, NULL, NULL }
 
 #define CONTAINER(name, flags)                                          \
   { #name, test_container_ ## name, (flags), NULL, NULL }
@@ -966,6 +1238,7 @@ struct testcase_t container_tests[] = {
   CONTAINER_LEGACY(smartlist_overlap),
   CONTAINER_LEGACY(smartlist_digests),
   CONTAINER_LEGACY(smartlist_join),
+  CONTAINER_LEGACY(smartlist_pos),
   CONTAINER(smartlist_ints_eq, 0),
   CONTAINER_LEGACY(bitarray),
   CONTAINER_LEGACY(digestset),
@@ -974,6 +1247,9 @@ struct testcase_t container_tests[] = {
   CONTAINER_LEGACY(order_functions),
   CONTAINER(di_map, 0),
   CONTAINER_LEGACY(fp_pair_map),
+  CONTAINER(smartlist_most_frequent, 0),
+  CONTAINER(smartlist_sort_ptrs, 0),
+  CONTAINER(smartlist_strings_eq, 0),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
new file mode 100644
index 0000000000..7f9db4312f
--- /dev/null
+++ b/src/test/test_controller.c
@@ -0,0 +1,163 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define CONTROL_PRIVATE
+#include "or.h"
+#include "control.h"
+#include "rendservice.h"
+#include "test.h"
+
+static void
+test_add_onion_helper_keyarg(void *arg)
+{
+  crypto_pk_t *pk = NULL;
+  crypto_pk_t *pk2 = NULL;
+  const char *key_new_alg = NULL;
+  char *key_new_blob = NULL;
+  char *err_msg = NULL;
+  char *encoded = NULL;
+  char *arg_str = NULL;
+
+  (void) arg;
+
+  /* Test explicit RSA1024 key generation. */
+  pk = add_onion_helper_keyarg("NEW:RSA1024", 0, &key_new_alg, &key_new_blob,
+                               &err_msg);
+  tt_assert(pk);
+  tt_str_op(key_new_alg, OP_EQ, "RSA1024");
+  tt_assert(key_new_blob);
+  tt_assert(!err_msg);
+
+  /* Test "BEST" key generation (Assumes BEST = RSA1024). */
+  crypto_pk_free(pk);
+  tor_free(key_new_blob);
+  pk = add_onion_helper_keyarg("NEW:BEST", 0, &key_new_alg, &key_new_blob,
+                               &err_msg);
+  tt_assert(pk);
+  tt_str_op(key_new_alg, OP_EQ, "RSA1024");
+  tt_assert(key_new_blob);
+  tt_assert(!err_msg);
+
+  /* Test discarding the private key. */
+  crypto_pk_free(pk);
+  tor_free(key_new_blob);
+  pk = add_onion_helper_keyarg("NEW:BEST", 1, &key_new_alg, &key_new_blob,
+                               &err_msg);
+  tt_assert(pk);
+  tt_assert(!key_new_alg);
+  tt_assert(!key_new_blob);
+  tt_assert(!err_msg);
+
+  /* Test generating a invalid key type. */
+  crypto_pk_free(pk);
+  pk = add_onion_helper_keyarg("NEW:RSA512", 0, &key_new_alg, &key_new_blob,
+                               &err_msg);
+  tt_assert(!pk);
+  tt_assert(!key_new_alg);
+  tt_assert(!key_new_blob);
+  tt_assert(err_msg);
+
+  /* Test loading a RSA1024 key. */
+  tor_free(err_msg);
+  pk = pk_generate(0);
+  tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk, &encoded));
+  tor_asprintf(&arg_str, "RSA1024:%s", encoded);
+  pk2 = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
+                                &err_msg);
+  tt_assert(pk2);
+  tt_assert(!key_new_alg);
+  tt_assert(!key_new_blob);
+  tt_assert(!err_msg);
+  tt_assert(crypto_pk_cmp_keys(pk, pk2) == 0);
+
+  /* Test loading a invalid key type. */
+  tor_free(arg_str);
+  crypto_pk_free(pk); pk = NULL;
+  tor_asprintf(&arg_str, "RSA512:%s", encoded);
+  pk = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
+                               &err_msg);
+  tt_assert(!pk);
+  tt_assert(!key_new_alg);
+  tt_assert(!key_new_blob);
+  tt_assert(err_msg);
+
+  /* Test loading a invalid key. */
+  tor_free(arg_str);
+  crypto_pk_free(pk); pk = NULL;
+  tor_free(err_msg);
+  encoded[strlen(encoded)/2] = '\0';
+  tor_asprintf(&arg_str, "RSA1024:%s", encoded);
+  pk = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
+                               &err_msg);
+  tt_assert(!pk);
+  tt_assert(!key_new_alg);
+  tt_assert(!key_new_blob);
+  tt_assert(err_msg);
+
+ done:
+  crypto_pk_free(pk);
+  crypto_pk_free(pk2);
+  tor_free(key_new_blob);
+  tor_free(err_msg);
+  tor_free(encoded);
+  tor_free(arg_str);
+}
+
+static void
+test_rend_service_parse_port_config(void *arg)
+{
+  const char *sep = ",";
+  rend_service_port_config_t *cfg = NULL;
+  char *err_msg = NULL;
+
+  (void)arg;
+
+  /* Test "VIRTPORT" only. */
+  cfg = rend_service_parse_port_config("80", sep, &err_msg);
+  tt_assert(cfg);
+  tt_assert(!err_msg);
+
+  /* Test "VIRTPORT,TARGET" (Target is port). */
+  rend_service_port_config_free(cfg);
+  cfg = rend_service_parse_port_config("80,8080", sep, &err_msg);
+  tt_assert(cfg);
+  tt_assert(!err_msg);
+
+  /* Test "VIRTPORT,TARGET" (Target is IPv4:port). */
+  rend_service_port_config_free(cfg);
+  cfg = rend_service_parse_port_config("80,192.0.2.1:8080", sep, &err_msg);
+  tt_assert(cfg);
+  tt_assert(!err_msg);
+
+  /* Test "VIRTPORT,TARGET" (Target is IPv6:port). */
+  rend_service_port_config_free(cfg);
+  cfg = rend_service_parse_port_config("80,[2001:db8::1]:8080", sep, &err_msg);
+  tt_assert(cfg);
+  tt_assert(!err_msg);
+
+  /* XXX: Someone should add tests for AF_UNIX targets if supported. */
+
+  /* Test empty config. */
+  rend_service_port_config_free(cfg);
+  cfg = rend_service_parse_port_config("", sep, &err_msg);
+  tt_assert(!cfg);
+  tt_assert(err_msg);
+
+  /* Test invalid port. */
+  tor_free(err_msg);
+  cfg = rend_service_parse_port_config("90001", sep, &err_msg);
+  tt_assert(!cfg);
+  tt_assert(err_msg);
+
+ done:
+  rend_service_port_config_free(cfg);
+  tor_free(err_msg);
+}
+
+struct testcase_t controller_tests[] = {
+  { "add_onion_helper_keyarg", test_add_onion_helper_keyarg, 0, NULL, NULL },
+  { "rend_service_parse_port_config", test_rend_service_parse_port_config, 0,
+    NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c
index b45e97a417..11e1e3dc8f 100644
--- a/src/test/test_controller_events.c
+++ b/src/test/test_controller_events.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define CONNECTION_PRIVATE
@@ -22,7 +22,7 @@ help_test_bucket_note_empty(uint32_t expected_msec_since_midnight,
   tvnow.tv_usec = (msec_since_epoch % 1000) * 1000;
   connection_buckets_note_empty_ts(&timestamp_var, tokens_before,
                                    tokens_removed, &tvnow);
-  tt_int_op(expected_msec_since_midnight, ==, timestamp_var);
+  tt_int_op(expected_msec_since_midnight, OP_EQ, timestamp_var);
 
  done:
   ;
@@ -57,20 +57,20 @@ test_cntev_bucket_millis_empty(void *arg)
   tvnow.tv_usec = 200000;
 
   /* Bucket has not been refilled. */
-  tt_int_op(0, ==, bucket_millis_empty(0, 42120, 0, 100, &tvnow));
-  tt_int_op(0, ==, bucket_millis_empty(-10, 42120, -10, 100, &tvnow));
+  tt_int_op(0, OP_EQ, bucket_millis_empty(0, 42120, 0, 100, &tvnow));
+  tt_int_op(0, OP_EQ, bucket_millis_empty(-10, 42120, -10, 100, &tvnow));
 
   /* Bucket was not empty. */
-  tt_int_op(0, ==, bucket_millis_empty(10, 42120, 20, 100, &tvnow));
+  tt_int_op(0, OP_EQ, bucket_millis_empty(10, 42120, 20, 100, &tvnow));
 
   /* Bucket has been emptied 80 msec ago and has just been refilled. */
-  tt_int_op(80, ==, bucket_millis_empty(-20, 42120, -10, 100, &tvnow));
-  tt_int_op(80, ==, bucket_millis_empty(-10, 42120, 0, 100, &tvnow));
-  tt_int_op(80, ==, bucket_millis_empty(0, 42120, 10, 100, &tvnow));
+  tt_int_op(80, OP_EQ, bucket_millis_empty(-20, 42120, -10, 100, &tvnow));
+  tt_int_op(80, OP_EQ, bucket_millis_empty(-10, 42120, 0, 100, &tvnow));
+  tt_int_op(80, OP_EQ, bucket_millis_empty(0, 42120, 10, 100, &tvnow));
 
   /* Bucket has been emptied 180 msec ago, last refill was 100 msec ago
    * which was insufficient to make it positive, so cap msec at 100. */
-  tt_int_op(100, ==, bucket_millis_empty(0, 42020, 1, 100, &tvnow));
+  tt_int_op(100, OP_EQ, bucket_millis_empty(0, 42020, 1, 100, &tvnow));
 
   /* 1970-01-02 00:00:00:050000 */
   tvnow.tv_sec = 86400;
@@ -78,7 +78,7 @@ test_cntev_bucket_millis_empty(void *arg)
 
   /* Last emptied 30 msec before midnight, tvnow is 50 msec after
    * midnight, that's 80 msec in total. */
-  tt_int_op(80, ==, bucket_millis_empty(0, 86400000 - 30, 1, 100, &tvnow));
+  tt_int_op(80, OP_EQ, bucket_millis_empty(0, 86400000 - 30, 1, 100, &tvnow));
 
  done:
   ;
@@ -118,26 +118,26 @@ test_cntev_sum_up_cell_stats(void *arg)
   cell_stats = tor_malloc_zero(sizeof(cell_stats_t));
   add_testing_cell_stats_entry(circ, CELL_RELAY, 0, 0, 0);
   sum_up_cell_stats_by_command(circ, cell_stats);
-  tt_u64_op(1, ==, cell_stats->added_cells_appward[CELL_RELAY]);
+  tt_u64_op(1, OP_EQ, cell_stats->added_cells_appward[CELL_RELAY]);
 
   /* A single RELAY cell was added to the exitward queue. */
   add_testing_cell_stats_entry(circ, CELL_RELAY, 0, 0, 1);
   sum_up_cell_stats_by_command(circ, cell_stats);
-  tt_u64_op(1, ==, cell_stats->added_cells_exitward[CELL_RELAY]);
+  tt_u64_op(1, OP_EQ, cell_stats->added_cells_exitward[CELL_RELAY]);
 
   /* A single RELAY cell was removed from the appward queue where it spent
    * 20 msec. */
   add_testing_cell_stats_entry(circ, CELL_RELAY, 2, 1, 0);
   sum_up_cell_stats_by_command(circ, cell_stats);
-  tt_u64_op(20, ==, cell_stats->total_time_appward[CELL_RELAY]);
-  tt_u64_op(1, ==, cell_stats->removed_cells_appward[CELL_RELAY]);
+  tt_u64_op(20, OP_EQ, cell_stats->total_time_appward[CELL_RELAY]);
+  tt_u64_op(1, OP_EQ, cell_stats->removed_cells_appward[CELL_RELAY]);
 
   /* A single RELAY cell was removed from the exitward queue where it
    * spent 30 msec. */
   add_testing_cell_stats_entry(circ, CELL_RELAY, 3, 1, 1);
   sum_up_cell_stats_by_command(circ, cell_stats);
-  tt_u64_op(30, ==, cell_stats->total_time_exitward[CELL_RELAY]);
-  tt_u64_op(1, ==, cell_stats->removed_cells_exitward[CELL_RELAY]);
+  tt_u64_op(30, OP_EQ, cell_stats->total_time_exitward[CELL_RELAY]);
+  tt_u64_op(1, OP_EQ, cell_stats->removed_cells_exitward[CELL_RELAY]);
 
  done:
   tor_free(cell_stats);
@@ -164,7 +164,7 @@ test_cntev_append_cell_stats(void *arg)
   append_cell_stats_by_command(event_parts, key,
                                include_if_non_zero,
                                number_to_include);
-  tt_int_op(0, ==, smartlist_len(event_parts));
+  tt_int_op(0, OP_EQ, smartlist_len(event_parts));
 
   /* There's a RELAY cell to include, but the corresponding field in
    * include_if_non_zero is still zero. */
@@ -172,7 +172,7 @@ test_cntev_append_cell_stats(void *arg)
   append_cell_stats_by_command(event_parts, key,
                                include_if_non_zero,
                                number_to_include);
-  tt_int_op(0, ==, smartlist_len(event_parts));
+  tt_int_op(0, OP_EQ, smartlist_len(event_parts));
 
   /* Now include single RELAY cell. */
   include_if_non_zero[CELL_RELAY] = 2;
@@ -180,7 +180,7 @@ test_cntev_append_cell_stats(void *arg)
                                include_if_non_zero,
                                number_to_include);
   cp = smartlist_pop_last(event_parts);
-  tt_str_op("Z=relay:1", ==, cp);
+  tt_str_op("Z=relay:1", OP_EQ, cp);
   tor_free(cp);
 
   /* Add four CREATE cells. */
@@ -190,7 +190,7 @@ test_cntev_append_cell_stats(void *arg)
                                include_if_non_zero,
                                number_to_include);
   cp = smartlist_pop_last(event_parts);
-  tt_str_op("Z=create:4,relay:1", ==, cp);
+  tt_str_op("Z=create:4,relay:1", OP_EQ, cp);
 
  done:
   tor_free(cp);
@@ -220,14 +220,14 @@ test_cntev_format_cell_stats(void *arg)
   /* Origin circuit was completely idle. */
   cell_stats = tor_malloc_zero(sizeof(cell_stats_t));
   format_cell_stats(&event_string, TO_CIRCUIT(ocirc), cell_stats);
-  tt_str_op("ID=2 OutboundQueue=3 OutboundConn=1", ==, event_string);
+  tt_str_op("ID=2 OutboundQueue=3 OutboundConn=1", OP_EQ, event_string);
   tor_free(event_string);
 
   /* Origin circuit had 4 RELAY cells added to its exitward queue. */
   cell_stats->added_cells_exitward[CELL_RELAY] = 4;
   format_cell_stats(&event_string, TO_CIRCUIT(ocirc), cell_stats);
   tt_str_op("ID=2 OutboundQueue=3 OutboundConn=1 OutboundAdded=relay:4",
-            ==, event_string);
+            OP_EQ, event_string);
   tor_free(event_string);
 
   /* Origin circuit also had 5 CREATE2 cells added to its exitward
@@ -235,7 +235,7 @@ test_cntev_format_cell_stats(void *arg)
   cell_stats->added_cells_exitward[CELL_CREATE2] = 5;
   format_cell_stats(&event_string, TO_CIRCUIT(ocirc), cell_stats);
   tt_str_op("ID=2 OutboundQueue=3 OutboundConn=1 OutboundAdded=relay:4,"
-            "create2:5", ==, event_string);
+            "create2:5", OP_EQ, event_string);
   tor_free(event_string);
 
   /* Origin circuit also had 7 RELAY cells removed from its exitward queue
@@ -245,7 +245,7 @@ test_cntev_format_cell_stats(void *arg)
   format_cell_stats(&event_string, TO_CIRCUIT(ocirc), cell_stats);
   tt_str_op("ID=2 OutboundQueue=3 OutboundConn=1 OutboundAdded=relay:4,"
             "create2:5 OutboundRemoved=relay:7 OutboundTime=relay:6",
-            ==, event_string);
+            OP_EQ, event_string);
   tor_free(event_string);
 
   p_chan = tor_malloc_zero(sizeof(channel_tls_t));
@@ -265,14 +265,14 @@ test_cntev_format_cell_stats(void *arg)
   cell_stats = tor_malloc_zero(sizeof(cell_stats_t));
   format_cell_stats(&event_string, TO_CIRCUIT(or_circ), cell_stats);
   tt_str_op("InboundQueue=8 InboundConn=2 OutboundQueue=9 OutboundConn=1",
-            ==, event_string);
+            OP_EQ, event_string);
   tor_free(event_string);
 
   /* OR circuit had 3 RELAY cells added to its appward queue. */
   cell_stats->added_cells_appward[CELL_RELAY] = 3;
   format_cell_stats(&event_string, TO_CIRCUIT(or_circ), cell_stats);
   tt_str_op("InboundQueue=8 InboundConn=2 InboundAdded=relay:3 "
-            "OutboundQueue=9 OutboundConn=1", ==, event_string);
+            "OutboundQueue=9 OutboundConn=1", OP_EQ, event_string);
   tor_free(event_string);
 
   /* OR circuit had 7 RELAY cells removed from its appward queue which
@@ -282,7 +282,7 @@ test_cntev_format_cell_stats(void *arg)
   format_cell_stats(&event_string, TO_CIRCUIT(or_circ), cell_stats);
   tt_str_op("InboundQueue=8 InboundConn=2 InboundAdded=relay:3 "
             "InboundRemoved=relay:7 InboundTime=relay:6 "
-            "OutboundQueue=9 OutboundConn=1", ==, event_string);
+            "OutboundQueue=9 OutboundConn=1", OP_EQ, event_string);
 
  done:
   tor_free(cell_stats);
@@ -293,15 +293,114 @@ test_cntev_format_cell_stats(void *arg)
   tor_free(n_chan);
 }
 
+static void
+test_cntev_event_mask(void *arg)
+{
+  unsigned int test_event, selected_event;
+  (void)arg;
+
+  /* Check that nothing is interesting when no events are set */
+  control_testing_set_global_event_mask(EVENT_MASK_NONE_);
+
+  /* Check that nothing is interesting between EVENT_MIN_ and EVENT_MAX_ */
+  for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++)
+    tt_assert(!control_event_is_interesting(test_event));
+
+  /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+   * This will break if control_event_is_interesting() checks its arguments */
+  for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+    tt_assert(!control_event_is_interesting(test_event));
+  for (test_event = EVENT_MAX_ + 1;
+       test_event < EVENT_CAPACITY_;
+       test_event++)
+    tt_assert(!control_event_is_interesting(test_event));
+
+  /* Check that all valid events are interesting when all events are set */
+  control_testing_set_global_event_mask(EVENT_MASK_ALL_);
+
+  /* Check that everything is interesting between EVENT_MIN_ and EVENT_MAX_ */
+  for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++)
+    tt_assert(control_event_is_interesting(test_event));
+
+  /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+   * This will break if control_event_is_interesting() checks its arguments */
+  for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+    tt_assert(!control_event_is_interesting(test_event));
+  for (test_event = EVENT_MAX_ + 1;
+       test_event < EVENT_CAPACITY_;
+       test_event++)
+    tt_assert(!control_event_is_interesting(test_event));
+
+  /* Check that only that event is interesting when a single event is set */
+  for (selected_event = EVENT_MIN_;
+       selected_event <= EVENT_MAX_;
+       selected_event++) {
+    control_testing_set_global_event_mask(EVENT_MASK_(selected_event));
+
+    /* Check that only this event is interesting
+     * between EVENT_MIN_ and EVENT_MAX_ */
+    for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++) {
+      if (test_event == selected_event) {
+        tt_assert(control_event_is_interesting(test_event));
+      } else {
+        tt_assert(!control_event_is_interesting(test_event));
+      }
+    }
+
+    /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+     * This will break if control_event_is_interesting checks its arguments */
+    for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+      tt_assert(!control_event_is_interesting(test_event));
+    for (test_event = EVENT_MAX_ + 1;
+         test_event < EVENT_CAPACITY_;
+         test_event++)
+      tt_assert(!control_event_is_interesting(test_event));
+  }
+
+  /* Check that only that event is not-interesting
+   * when a single event is un-set */
+  for (selected_event = EVENT_MIN_;
+       selected_event <= EVENT_MAX_;
+       selected_event++) {
+    control_testing_set_global_event_mask(
+                                          EVENT_MASK_ALL_
+                                          & ~(EVENT_MASK_(selected_event))
+                                          );
+
+    /* Check that only this event is not-interesting
+     * between EVENT_MIN_ and EVENT_MAX_ */
+    for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++) {
+      if (test_event == selected_event) {
+        tt_assert(!control_event_is_interesting(test_event));
+      } else {
+        tt_assert(control_event_is_interesting(test_event));
+      }
+    }
+
+    /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+     * This will break if control_event_is_interesting checks its arguments */
+    for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+      tt_assert(!control_event_is_interesting(test_event));
+    for (test_event = EVENT_MAX_ + 1;
+         test_event < EVENT_CAPACITY_;
+         test_event++)
+      tt_assert(!control_event_is_interesting(test_event));
+  }
+
+ done:
+  ;
+}
+
 #define TEST(name, flags)                                               \
   { #name, test_cntev_ ## name, flags, 0, NULL }
 
 struct testcase_t controller_event_tests[] = {
-  TEST(bucket_note_empty, 0),
-  TEST(bucket_millis_empty, 0),
-  TEST(sum_up_cell_stats, 0),
-  TEST(append_cell_stats, 0),
-  TEST(format_cell_stats, 0),
+  TEST(bucket_note_empty, TT_FORK),
+  TEST(bucket_millis_empty, TT_FORK),
+  TEST(sum_up_cell_stats, TT_FORK),
+  TEST(append_cell_stats, TT_FORK),
+  TEST(format_cell_stats, TT_FORK),
+  TEST(event_mask, TT_FORK),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 5d8edb6550..6a95e92733 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -1,18 +1,22 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
 #define CRYPTO_CURVE25519_PRIVATE
+#define CRYPTO_PRIVATE
 #include "or.h"
 #include "test.h"
 #include "aes.h"
 #include "util.h"
 #include "siphash.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
-#endif
+#include "crypto_ed25519.h"
+#include "ed25519_vectors.inc"
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
 
 extern const char AUTHORITY_SIGNKEY_3[];
 extern const char AUTHORITY_SIGNKEY_A_DIGEST[];
@@ -20,7 +24,7 @@ extern const char AUTHORITY_SIGNKEY_A_DIGEST256[];
 
 /** Run unit tests for Diffie-Hellman functionality. */
 static void
-test_crypto_dh(void)
+test_crypto_dh(void *arg)
 {
   crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
   crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
@@ -30,24 +34,25 @@ test_crypto_dh(void)
   char s2[DH_BYTES];
   ssize_t s1len, s2len;
 
-  test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
-  test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
+  (void)arg;
+  tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH_BYTES);
+  tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH_BYTES);
 
   memset(p1, 0, DH_BYTES);
   memset(p2, 0, DH_BYTES);
-  test_memeq(p1, p2, DH_BYTES);
-  test_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
-  test_memneq(p1, p2, DH_BYTES);
-  test_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
-  test_memneq(p1, p2, DH_BYTES);
+  tt_mem_op(p1,OP_EQ, p2, DH_BYTES);
+  tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
+  tt_mem_op(p1,OP_NE, p2, DH_BYTES);
+  tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
+  tt_mem_op(p1,OP_NE, p2, DH_BYTES);
 
   memset(s1, 0, DH_BYTES);
   memset(s2, 0xFF, DH_BYTES);
   s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
   s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
-  test_assert(s1len > 0);
-  test_eq(s1len, s2len);
-  test_memeq(s1, s2, s1len);
+  tt_assert(s1len > 0);
+  tt_int_op(s1len,OP_EQ, s2len);
+  tt_mem_op(s1,OP_EQ, s2, s1len);
 
   {
     /* XXXX Now fabricate some bad values and make sure they get caught,
@@ -63,17 +68,18 @@ test_crypto_dh(void)
 /** Run unit tests for our random number generation function and its wrappers.
  */
 static void
-test_crypto_rng(void)
+test_crypto_rng(void *arg)
 {
   int i, j, allok;
   char data1[100], data2[100];
   double d;
 
   /* Try out RNG. */
-  test_assert(! crypto_seed_rng(0));
+  (void)arg;
+  tt_assert(! crypto_seed_rng());
   crypto_rand(data1, 100);
   crypto_rand(data2, 100);
-  test_memneq(data1,data2,100);
+  tt_mem_op(data1,OP_NE, data2,100);
   allok = 1;
   for (i = 0; i < 100; ++i) {
     uint64_t big;
@@ -88,8 +94,8 @@ test_crypto_rng(void)
     if (big >= 5)
       allok = 0;
     d = crypto_rand_double();
-    test_assert(d >= 0);
-    test_assert(d < 1.0);
+    tt_assert(d >= 0);
+    tt_assert(d < 1.0);
     host = crypto_random_hostname(3,8,"www.",".onion");
     if (strcmpstart(host,"www.") ||
         strcmpend(host,".onion") ||
@@ -98,7 +104,63 @@ test_crypto_rng(void)
       allok = 0;
     tor_free(host);
   }
-  test_assert(allok);
+  tt_assert(allok);
+ done:
+  ;
+}
+
+static void
+test_crypto_rng_range(void *arg)
+{
+  int got_smallest = 0, got_largest = 0;
+  int i;
+
+  (void)arg;
+  for (i = 0; i < 1000; ++i) {
+    int x = crypto_rand_int_range(5,9);
+    tt_int_op(x, OP_GE, 5);
+    tt_int_op(x, OP_LT, 9);
+    if (x == 5)
+      got_smallest = 1;
+    if (x == 8)
+      got_largest = 1;
+  }
+
+  /* These fail with probability 1/10^603. */
+  tt_assert(got_smallest);
+  tt_assert(got_largest);
+ done:
+  ;
+}
+
+/* Test for rectifying openssl RAND engine. */
+static void
+test_crypto_rng_engine(void *arg)
+{
+  (void)arg;
+  RAND_METHOD dummy_method;
+  memset(&dummy_method, 0, sizeof(dummy_method));
+
+  /* We should be a no-op if we're already on RAND_OpenSSL */
+  tt_int_op(0, ==, crypto_force_rand_ssleay());
+  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
+
+  /* We should correct the method if it's a dummy. */
+  RAND_set_rand_method(&dummy_method);
+#ifdef LIBRESSL_VERSION_NUMBER
+  /* On libressl, you can't override the RNG. */
+  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
+  tt_int_op(0, ==, crypto_force_rand_ssleay());
+#else
+  tt_assert(RAND_get_rand_method() == &dummy_method);
+  tt_int_op(1, ==, crypto_force_rand_ssleay());
+#endif
+  tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
+
+  /* Make sure we aren't calling dummy_method */
+  crypto_rand((void *) &dummy_method, sizeof(dummy_method));
+  crypto_rand((void *) &dummy_method, sizeof(dummy_method));
+
  done:
   ;
 }
@@ -128,15 +190,15 @@ test_crypto_aes(void *arg)
   memset(data2, 0, 1024);
   memset(data3, 0, 1024);
   env1 = crypto_cipher_new(NULL);
-  test_neq_ptr(env1, 0);
+  tt_ptr_op(env1, OP_NE, NULL);
   env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
-  test_neq_ptr(env2, 0);
+  tt_ptr_op(env2, OP_NE, NULL);
 
   /* Try encrypting 512 chars. */
   crypto_cipher_encrypt(env1, data2, data1, 512);
   crypto_cipher_decrypt(env2, data3, data2, 512);
-  test_memeq(data1, data3, 512);
-  test_memneq(data1, data2, 512);
+  tt_mem_op(data1,OP_EQ, data3, 512);
+  tt_mem_op(data1,OP_NE, data2, 512);
 
   /* Now encrypt 1 at a time, and get 1 at a time. */
   for (j = 512; j < 560; ++j) {
@@ -145,7 +207,7 @@ test_crypto_aes(void *arg)
   for (j = 512; j < 560; ++j) {
     crypto_cipher_decrypt(env2, data3+j, data2+j, 1);
   }
-  test_memeq(data1, data3, 560);
+  tt_mem_op(data1,OP_EQ, data3, 560);
   /* Now encrypt 3 at a time, and get 5 at a time. */
   for (j = 560; j < 1024-5; j += 3) {
     crypto_cipher_encrypt(env1, data2+j, data1+j, 3);
@@ -153,7 +215,7 @@ test_crypto_aes(void *arg)
   for (j = 560; j < 1024-5; j += 5) {
     crypto_cipher_decrypt(env2, data3+j, data2+j, 5);
   }
-  test_memeq(data1, data3, 1024-5);
+  tt_mem_op(data1,OP_EQ, data3, 1024-5);
   /* Now make sure that when we encrypt with different chunk sizes, we get
      the same results. */
   crypto_cipher_free(env2);
@@ -161,7 +223,7 @@ test_crypto_aes(void *arg)
 
   memset(data3, 0, 1024);
   env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
-  test_neq_ptr(env2, NULL);
+  tt_ptr_op(env2, OP_NE, NULL);
   for (j = 0; j < 1024-16; j += 17) {
     crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
   }
@@ -170,7 +232,7 @@ test_crypto_aes(void *arg)
       printf("%d:  %d\t%d\n", j, (int) data2[j], (int) data3[j]);
     }
   }
-  test_memeq(data2, data3, 1024-16);
+  tt_mem_op(data2,OP_EQ, data3, 1024-16);
   crypto_cipher_free(env1);
   env1 = NULL;
   crypto_cipher_free(env2);
@@ -237,7 +299,7 @@ test_crypto_aes(void *arg)
                                    "\xff\xff\xff\xff\xff\xff\xff\xff"
                                    "\xff\xff\xff\xff\xff\xff\xff\xff");
   crypto_cipher_crypt_inplace(env1, data2, 64);
-  test_assert(tor_mem_is_zero(data2, 64));
+  tt_assert(tor_mem_is_zero(data2, 64));
 
  done:
   tor_free(mem_op_hex_tmp);
@@ -252,38 +314,47 @@ test_crypto_aes(void *arg)
 
 /** Run unit tests for our SHA-1 functionality */
 static void
-test_crypto_sha(void)
+test_crypto_sha(void *arg)
 {
   crypto_digest_t *d1 = NULL, *d2 = NULL;
   int i;
-  char key[160];
-  char digest[32];
-  char data[50];
-  char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
+#define RFC_4231_MAX_KEY_SIZE 131
+  char key[RFC_4231_MAX_KEY_SIZE];
+  char digest[DIGEST256_LEN];
+  char data[DIGEST512_LEN];
+  char d_out1[DIGEST512_LEN], d_out2[DIGEST512_LEN];
   char *mem_op_hex_tmp=NULL;
 
   /* Test SHA-1 with a test vector from the specification. */
+  (void)arg;
   i = crypto_digest(data, "abc", 3);
   test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
-  tt_int_op(i, ==, 0);
+  tt_int_op(i, OP_EQ, 0);
 
   /* Test SHA-256 with a test vector from the specification. */
   i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
   test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
                        "96177A9CB410FF61F20015AD");
-  tt_int_op(i, ==, 0);
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Test SHA-512 with a test vector from the specification. */
+  i = crypto_digest512(data, "abc", 3, DIGEST_SHA512);
+  test_memeq_hex(data, "ddaf35a193617abacc417349ae20413112e6fa4e89a97"
+                       "ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3"
+                       "feebbd454d4423643ce80e2a9ac94fa54ca49f");
+  tt_int_op(i, OP_EQ, 0);
 
   /* Test HMAC-SHA256 with test cases from wikipedia and RFC 4231 */
 
   /* Case empty (wikipedia) */
   crypto_hmac_sha256(digest, "", 0, "", 0);
-  test_streq(hex_str(digest, 32),
+  tt_str_op(hex_str(digest, 32),OP_EQ,
            "B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD");
 
   /* Case quick-brown (wikipedia) */
   crypto_hmac_sha256(digest, "key", 3,
                      "The quick brown fox jumps over the lazy dog", 43);
-  test_streq(hex_str(digest, 32),
+  tt_str_op(hex_str(digest, 32),OP_EQ,
            "F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8");
 
   /* "Test Case 1" from RFC 4231 */
@@ -344,43 +415,64 @@ test_crypto_sha(void)
 
   /* Incremental digest code. */
   d1 = crypto_digest_new();
-  test_assert(d1);
+  tt_assert(d1);
   crypto_digest_add_bytes(d1, "abcdef", 6);
   d2 = crypto_digest_dup(d1);
-  test_assert(d2);
+  tt_assert(d2);
   crypto_digest_add_bytes(d2, "ghijkl", 6);
-  crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
+  crypto_digest_get_digest(d2, d_out1, DIGEST_LEN);
   crypto_digest(d_out2, "abcdefghijkl", 12);
-  test_memeq(d_out1, d_out2, DIGEST_LEN);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST_LEN);
   crypto_digest_assign(d2, d1);
   crypto_digest_add_bytes(d2, "mno", 3);
-  crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
+  crypto_digest_get_digest(d2, d_out1, DIGEST_LEN);
   crypto_digest(d_out2, "abcdefmno", 9);
-  test_memeq(d_out1, d_out2, DIGEST_LEN);
-  crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST_LEN);
+  crypto_digest_get_digest(d1, d_out1, DIGEST_LEN);
   crypto_digest(d_out2, "abcdef", 6);
-  test_memeq(d_out1, d_out2, DIGEST_LEN);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST_LEN);
   crypto_digest_free(d1);
   crypto_digest_free(d2);
 
   /* Incremental digest code with sha256 */
   d1 = crypto_digest256_new(DIGEST_SHA256);
-  test_assert(d1);
+  tt_assert(d1);
   crypto_digest_add_bytes(d1, "abcdef", 6);
   d2 = crypto_digest_dup(d1);
-  test_assert(d2);
+  tt_assert(d2);
   crypto_digest_add_bytes(d2, "ghijkl", 6);
-  crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
+  crypto_digest_get_digest(d2, d_out1, DIGEST256_LEN);
   crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
-  test_memeq(d_out1, d_out2, DIGEST_LEN);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST256_LEN);
   crypto_digest_assign(d2, d1);
   crypto_digest_add_bytes(d2, "mno", 3);
-  crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
+  crypto_digest_get_digest(d2, d_out1, DIGEST256_LEN);
   crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
-  test_memeq(d_out1, d_out2, DIGEST_LEN);
-  crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST256_LEN);
+  crypto_digest_get_digest(d1, d_out1, DIGEST256_LEN);
   crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
-  test_memeq(d_out1, d_out2, DIGEST_LEN);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST256_LEN);
+  crypto_digest_free(d1);
+  crypto_digest_free(d2);
+
+  /* Incremental digest code with sha512 */
+  d1 = crypto_digest512_new(DIGEST_SHA512);
+  tt_assert(d1);
+  crypto_digest_add_bytes(d1, "abcdef", 6);
+  d2 = crypto_digest_dup(d1);
+  tt_assert(d2);
+  crypto_digest_add_bytes(d2, "ghijkl", 6);
+  crypto_digest_get_digest(d2, d_out1, DIGEST512_LEN);
+  crypto_digest512(d_out2, "abcdefghijkl", 12, DIGEST_SHA512);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST512_LEN);
+  crypto_digest_assign(d2, d1);
+  crypto_digest_add_bytes(d2, "mno", 3);
+  crypto_digest_get_digest(d2, d_out1, DIGEST512_LEN);
+  crypto_digest512(d_out2, "abcdefmno", 9, DIGEST_SHA512);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST512_LEN);
+  crypto_digest_get_digest(d1, d_out1, DIGEST512_LEN);
+  crypto_digest512(d_out2, "abcdef", 6, DIGEST_SHA512);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST512_LEN);
 
  done:
   if (d1)
@@ -390,9 +482,397 @@ test_crypto_sha(void)
   tor_free(mem_op_hex_tmp);
 }
 
+static void
+test_crypto_sha3(void *arg)
+{
+  crypto_digest_t *d1 = NULL, *d2 = NULL;
+  int i;
+  char data[DIGEST512_LEN];
+  char d_out1[DIGEST512_LEN], d_out2[DIGEST512_LEN];
+  char *mem_op_hex_tmp=NULL;
+  char *large = NULL;
+
+  (void)arg;
+
+  /* Test SHA3-[256,512] with a test vectors from the Keccak Code Package.
+   *
+   * NB: The code package's test vectors have length expressed in bits.
+   */
+
+  /* Len = 8, Msg = CC */
+  const uint8_t keccak_kat_msg8[] = { 0xcc };
+  i = crypto_digest256(data, (const char*)keccak_kat_msg8, 1, DIGEST_SHA3_256);
+  test_memeq_hex(data, "677035391CD3701293D385F037BA3279"
+                       "6252BB7CE180B00B582DD9B20AAAD7F0");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest512(data, (const char*)keccak_kat_msg8, 1, DIGEST_SHA3_512);
+  test_memeq_hex(data, "3939FCC8B57B63612542DA31A834E5DC"
+                       "C36E2EE0F652AC72E02624FA2E5ADEEC"
+                       "C7DD6BB3580224B4D6138706FC6E8059"
+                       "7B528051230B00621CC2B22999EAA205");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 24, Msg = 1F877C */
+  const uint8_t keccak_kat_msg24[] = { 0x1f, 0x87, 0x7c };
+  i = crypto_digest256(data, (const char*)keccak_kat_msg24, 3,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "BC22345E4BD3F792A341CF18AC0789F1"
+                       "C9C966712A501B19D1B6632CCD408EC5");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest512(data, (const char*)keccak_kat_msg24, 3,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "CB20DCF54955F8091111688BECCEF48C"
+                       "1A2F0D0608C3A575163751F002DB30F4"
+                       "0F2F671834B22D208591CFAF1F5ECFE4"
+                       "3C49863A53B3225BDFD7C6591BA7658B");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 1080, Msg = B771D5CEF... ...C35AC81B5 (SHA3-256 rate - 1) */
+  const uint8_t keccak_kat_msg1080[] = {
+    0xB7, 0x71, 0xD5, 0xCE, 0xF5, 0xD1, 0xA4, 0x1A, 0x93, 0xD1,
+    0x56, 0x43, 0xD7, 0x18, 0x1D, 0x2A, 0x2E, 0xF0, 0xA8, 0xE8,
+    0x4D, 0x91, 0x81, 0x2F, 0x20, 0xED, 0x21, 0xF1, 0x47, 0xBE,
+    0xF7, 0x32, 0xBF, 0x3A, 0x60, 0xEF, 0x40, 0x67, 0xC3, 0x73,
+    0x4B, 0x85, 0xBC, 0x8C, 0xD4, 0x71, 0x78, 0x0F, 0x10, 0xDC,
+    0x9E, 0x82, 0x91, 0xB5, 0x83, 0x39, 0xA6, 0x77, 0xB9, 0x60,
+    0x21, 0x8F, 0x71, 0xE7, 0x93, 0xF2, 0x79, 0x7A, 0xEA, 0x34,
+    0x94, 0x06, 0x51, 0x28, 0x29, 0x06, 0x5D, 0x37, 0xBB, 0x55,
+    0xEA, 0x79, 0x6F, 0xA4, 0xF5, 0x6F, 0xD8, 0x89, 0x6B, 0x49,
+    0xB2, 0xCD, 0x19, 0xB4, 0x32, 0x15, 0xAD, 0x96, 0x7C, 0x71,
+    0x2B, 0x24, 0xE5, 0x03, 0x2D, 0x06, 0x52, 0x32, 0xE0, 0x2C,
+    0x12, 0x74, 0x09, 0xD2, 0xED, 0x41, 0x46, 0xB9, 0xD7, 0x5D,
+    0x76, 0x3D, 0x52, 0xDB, 0x98, 0xD9, 0x49, 0xD3, 0xB0, 0xFE,
+    0xD6, 0xA8, 0x05, 0x2F, 0xBB,
+  };
+  i = crypto_digest256(data, (const char*)keccak_kat_msg1080, 135,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "A19EEE92BB2097B64E823D597798AA18"
+                       "BE9B7C736B8059ABFD6779AC35AC81B5");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest512(data, (const char*)keccak_kat_msg1080, 135,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "7575A1FB4FC9A8F9C0466BD5FCA496D1"
+                       "CB78696773A212A5F62D02D14E3259D1"
+                       "92A87EBA4407DD83893527331407B6DA"
+                       "DAAD920DBC46489B677493CE5F20B595");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 1088, Msg = B32D95B0... ...8E380C04 (SHA3-256 rate) */
+  const uint8_t keccak_kat_msg1088[] = {
+    0xB3, 0x2D, 0x95, 0xB0, 0xB9, 0xAA, 0xD2, 0xA8, 0x81, 0x6D,
+    0xE6, 0xD0, 0x6D, 0x1F, 0x86, 0x00, 0x85, 0x05, 0xBD, 0x8C,
+    0x14, 0x12, 0x4F, 0x6E, 0x9A, 0x16, 0x3B, 0x5A, 0x2A, 0xDE,
+    0x55, 0xF8, 0x35, 0xD0, 0xEC, 0x38, 0x80, 0xEF, 0x50, 0x70,
+    0x0D, 0x3B, 0x25, 0xE4, 0x2C, 0xC0, 0xAF, 0x05, 0x0C, 0xCD,
+    0x1B, 0xE5, 0xE5, 0x55, 0xB2, 0x30, 0x87, 0xE0, 0x4D, 0x7B,
+    0xF9, 0x81, 0x36, 0x22, 0x78, 0x0C, 0x73, 0x13, 0xA1, 0x95,
+    0x4F, 0x87, 0x40, 0xB6, 0xEE, 0x2D, 0x3F, 0x71, 0xF7, 0x68,
+    0xDD, 0x41, 0x7F, 0x52, 0x04, 0x82, 0xBD, 0x3A, 0x08, 0xD4,
+    0xF2, 0x22, 0xB4, 0xEE, 0x9D, 0xBD, 0x01, 0x54, 0x47, 0xB3,
+    0x35, 0x07, 0xDD, 0x50, 0xF3, 0xAB, 0x42, 0x47, 0xC5, 0xDE,
+    0x9A, 0x8A, 0xBD, 0x62, 0xA8, 0xDE, 0xCE, 0xA0, 0x1E, 0x3B,
+    0x87, 0xC8, 0xB9, 0x27, 0xF5, 0xB0, 0x8B, 0xEB, 0x37, 0x67,
+    0x4C, 0x6F, 0x8E, 0x38, 0x0C, 0x04,
+  };
+  i = crypto_digest256(data, (const char*)keccak_kat_msg1088, 136,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "DF673F4105379FF6B755EEAB20CEB0DC"
+                       "77B5286364FE16C59CC8A907AFF07732");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest512(data, (const char*)keccak_kat_msg1088, 136,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "2E293765022D48996CE8EFF0BE54E87E"
+                       "FB94A14C72DE5ACD10D0EB5ECE029CAD"
+                       "FA3BA17A40B2FFA2163991B17786E51C"
+                       "ABA79E5E0FFD34CF085E2A098BE8BACB");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 1096, Msg = 04410E310... ...601016A0D (SHA3-256 rate + 1) */
+  const uint8_t keccak_kat_msg1096[] = {
+    0x04, 0x41, 0x0E, 0x31, 0x08, 0x2A, 0x47, 0x58, 0x4B, 0x40,
+    0x6F, 0x05, 0x13, 0x98, 0xA6, 0xAB, 0xE7, 0x4E, 0x4D, 0xA5,
+    0x9B, 0xB6, 0xF8, 0x5E, 0x6B, 0x49, 0xE8, 0xA1, 0xF7, 0xF2,
+    0xCA, 0x00, 0xDF, 0xBA, 0x54, 0x62, 0xC2, 0xCD, 0x2B, 0xFD,
+    0xE8, 0xB6, 0x4F, 0xB2, 0x1D, 0x70, 0xC0, 0x83, 0xF1, 0x13,
+    0x18, 0xB5, 0x6A, 0x52, 0xD0, 0x3B, 0x81, 0xCA, 0xC5, 0xEE,
+    0xC2, 0x9E, 0xB3, 0x1B, 0xD0, 0x07, 0x8B, 0x61, 0x56, 0x78,
+    0x6D, 0xA3, 0xD6, 0xD8, 0xC3, 0x30, 0x98, 0xC5, 0xC4, 0x7B,
+    0xB6, 0x7A, 0xC6, 0x4D, 0xB1, 0x41, 0x65, 0xAF, 0x65, 0xB4,
+    0x45, 0x44, 0xD8, 0x06, 0xDD, 0xE5, 0xF4, 0x87, 0xD5, 0x37,
+    0x3C, 0x7F, 0x97, 0x92, 0xC2, 0x99, 0xE9, 0x68, 0x6B, 0x7E,
+    0x58, 0x21, 0xE7, 0xC8, 0xE2, 0x45, 0x83, 0x15, 0xB9, 0x96,
+    0xB5, 0x67, 0x7D, 0x92, 0x6D, 0xAC, 0x57, 0xB3, 0xF2, 0x2D,
+    0xA8, 0x73, 0xC6, 0x01, 0x01, 0x6A, 0x0D,
+  };
+  i = crypto_digest256(data, (const char*)keccak_kat_msg1096, 137,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "D52432CF3B6B4B949AA848E058DCD62D"
+                       "735E0177279222E7AC0AF8504762FAA0");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest512(data, (const char*)keccak_kat_msg1096, 137,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "BE8E14B6757FFE53C9B75F6DDE9A7B6C"
+                       "40474041DE83D4A60645A826D7AF1ABE"
+                       "1EEFCB7B74B62CA6A514E5F2697D585B"
+                       "FECECE12931BBE1D4ED7EBF7B0BE660E");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 1144, Msg = EA40E83C...  ...66DFAFEC (SHA3-512 rate *2 - 1) */
+  const uint8_t keccak_kat_msg1144[] = {
+    0xEA, 0x40, 0xE8, 0x3C, 0xB1, 0x8B, 0x3A, 0x24, 0x2C, 0x1E,
+    0xCC, 0x6C, 0xCD, 0x0B, 0x78, 0x53, 0xA4, 0x39, 0xDA, 0xB2,
+    0xC5, 0x69, 0xCF, 0xC6, 0xDC, 0x38, 0xA1, 0x9F, 0x5C, 0x90,
+    0xAC, 0xBF, 0x76, 0xAE, 0xF9, 0xEA, 0x37, 0x42, 0xFF, 0x3B,
+    0x54, 0xEF, 0x7D, 0x36, 0xEB, 0x7C, 0xE4, 0xFF, 0x1C, 0x9A,
+    0xB3, 0xBC, 0x11, 0x9C, 0xFF, 0x6B, 0xE9, 0x3C, 0x03, 0xE2,
+    0x08, 0x78, 0x33, 0x35, 0xC0, 0xAB, 0x81, 0x37, 0xBE, 0x5B,
+    0x10, 0xCD, 0xC6, 0x6F, 0xF3, 0xF8, 0x9A, 0x1B, 0xDD, 0xC6,
+    0xA1, 0xEE, 0xD7, 0x4F, 0x50, 0x4C, 0xBE, 0x72, 0x90, 0x69,
+    0x0B, 0xB2, 0x95, 0xA8, 0x72, 0xB9, 0xE3, 0xFE, 0x2C, 0xEE,
+    0x9E, 0x6C, 0x67, 0xC4, 0x1D, 0xB8, 0xEF, 0xD7, 0xD8, 0x63,
+    0xCF, 0x10, 0xF8, 0x40, 0xFE, 0x61, 0x8E, 0x79, 0x36, 0xDA,
+    0x3D, 0xCA, 0x5C, 0xA6, 0xDF, 0x93, 0x3F, 0x24, 0xF6, 0x95,
+    0x4B, 0xA0, 0x80, 0x1A, 0x12, 0x94, 0xCD, 0x8D, 0x7E, 0x66,
+    0xDF, 0xAF, 0xEC,
+  };
+  i = crypto_digest512(data, (const char*)keccak_kat_msg1144, 143,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "3A8E938C45F3F177991296B24565D9A6"
+                       "605516615D96A062C8BE53A0D6C5A648"
+                       "7BE35D2A8F3CF6620D0C2DBA2C560D68"
+                       "295F284BE7F82F3B92919033C9CE5D80");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest256(data, (const char*)keccak_kat_msg1144, 143,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "E58A947E98D6DD7E932D2FE02D9992E6"
+                       "118C0C2C606BDCDA06E7943D2C95E0E5");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 1152, Msg = 157D5B7E... ...79EE00C63 (SHA3-512 rate * 2) */
+  const uint8_t keccak_kat_msg1152[] = {
+    0x15, 0x7D, 0x5B, 0x7E, 0x45, 0x07, 0xF6, 0x6D, 0x9A, 0x26,
+    0x74, 0x76, 0xD3, 0x38, 0x31, 0xE7, 0xBB, 0x76, 0x8D, 0x4D,
+    0x04, 0xCC, 0x34, 0x38, 0xDA, 0x12, 0xF9, 0x01, 0x02, 0x63,
+    0xEA, 0x5F, 0xCA, 0xFB, 0xDE, 0x25, 0x79, 0xDB, 0x2F, 0x6B,
+    0x58, 0xF9, 0x11, 0xD5, 0x93, 0xD5, 0xF7, 0x9F, 0xB0, 0x5F,
+    0xE3, 0x59, 0x6E, 0x3F, 0xA8, 0x0F, 0xF2, 0xF7, 0x61, 0xD1,
+    0xB0, 0xE5, 0x70, 0x80, 0x05, 0x5C, 0x11, 0x8C, 0x53, 0xE5,
+    0x3C, 0xDB, 0x63, 0x05, 0x52, 0x61, 0xD7, 0xC9, 0xB2, 0xB3,
+    0x9B, 0xD9, 0x0A, 0xCC, 0x32, 0x52, 0x0C, 0xBB, 0xDB, 0xDA,
+    0x2C, 0x4F, 0xD8, 0x85, 0x6D, 0xBC, 0xEE, 0x17, 0x31, 0x32,
+    0xA2, 0x67, 0x91, 0x98, 0xDA, 0xF8, 0x30, 0x07, 0xA9, 0xB5,
+    0xC5, 0x15, 0x11, 0xAE, 0x49, 0x76, 0x6C, 0x79, 0x2A, 0x29,
+    0x52, 0x03, 0x88, 0x44, 0x4E, 0xBE, 0xFE, 0x28, 0x25, 0x6F,
+    0xB3, 0x3D, 0x42, 0x60, 0x43, 0x9C, 0xBA, 0x73, 0xA9, 0x47,
+    0x9E, 0xE0, 0x0C, 0x63,
+  };
+  i = crypto_digest512(data, (const char*)keccak_kat_msg1152, 144,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "FE45289874879720CE2A844AE34BB735"
+                       "22775DCB6019DCD22B8885994672A088"
+                       "9C69E8115C641DC8B83E39F7311815A1"
+                       "64DC46E0BA2FCA344D86D4BC2EF2532C");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest256(data, (const char*)keccak_kat_msg1152, 144,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "A936FB9AF87FB67857B3EAD5C76226AD"
+                       "84DA47678F3C2FFE5A39FDB5F7E63FFB");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Len = 1160, Msg = 836B34B5... ...11044C53 (SHA3-512 rate * 2 + 1) */
+  const uint8_t keccak_kat_msg1160[] = {
+    0x83, 0x6B, 0x34, 0xB5, 0x15, 0x47, 0x6F, 0x61, 0x3F, 0xE4,
+    0x47, 0xA4, 0xE0, 0xC3, 0xF3, 0xB8, 0xF2, 0x09, 0x10, 0xAC,
+    0x89, 0xA3, 0x97, 0x70, 0x55, 0xC9, 0x60, 0xD2, 0xD5, 0xD2,
+    0xB7, 0x2B, 0xD8, 0xAC, 0xC7, 0x15, 0xA9, 0x03, 0x53, 0x21,
+    0xB8, 0x67, 0x03, 0xA4, 0x11, 0xDD, 0xE0, 0x46, 0x6D, 0x58,
+    0xA5, 0x97, 0x69, 0x67, 0x2A, 0xA6, 0x0A, 0xD5, 0x87, 0xB8,
+    0x48, 0x1D, 0xE4, 0xBB, 0xA5, 0x52, 0xA1, 0x64, 0x57, 0x79,
+    0x78, 0x95, 0x01, 0xEC, 0x53, 0xD5, 0x40, 0xB9, 0x04, 0x82,
+    0x1F, 0x32, 0xB0, 0xBD, 0x18, 0x55, 0xB0, 0x4E, 0x48, 0x48,
+    0xF9, 0xF8, 0xCF, 0xE9, 0xEB, 0xD8, 0x91, 0x1B, 0xE9, 0x57,
+    0x81, 0xA7, 0x59, 0xD7, 0xAD, 0x97, 0x24, 0xA7, 0x10, 0x2D,
+    0xBE, 0x57, 0x67, 0x76, 0xB7, 0xC6, 0x32, 0xBC, 0x39, 0xB9,
+    0xB5, 0xE1, 0x90, 0x57, 0xE2, 0x26, 0x55, 0x2A, 0x59, 0x94,
+    0xC1, 0xDB, 0xB3, 0xB5, 0xC7, 0x87, 0x1A, 0x11, 0xF5, 0x53,
+    0x70, 0x11, 0x04, 0x4C, 0x53,
+  };
+  i = crypto_digest512(data, (const char*)keccak_kat_msg1160, 145,
+                       DIGEST_SHA3_512);
+  test_memeq_hex(data, "AFF61C6E11B98E55AC213B1A0BC7DE04"
+                       "05221AC5EFB1229842E4614F4A029C9B"
+                       "D14A0ED7FD99AF3681429F3F309FDB53"
+                       "166AA9A3CD9F1F1223D04B4A9015E94A");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest256(data, (const char*)keccak_kat_msg1160, 145,
+                       DIGEST_SHA3_256);
+  test_memeq_hex(data, "3A654B88F88086C2751EDAE6D3924814"
+                       "3CF6235C6B0B7969342C45A35194B67E");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* SHA3-[256,512] Empty case (wikipedia) */
+  i = crypto_digest256(data, "", 0, DIGEST_SHA3_256);
+  test_memeq_hex(data, "a7ffc6f8bf1ed76651c14756a061d662"
+                       "f580ff4de43b49fa82d80a4b80f8434a");
+  tt_int_op(i, OP_EQ, 0);
+  i = crypto_digest512(data, "", 0, DIGEST_SHA3_512);
+  test_memeq_hex(data, "a69f73cca23a9ac5c8b567dc185a756e"
+                       "97c982164fe25859e0d1dcc1475c80a6"
+                       "15b2123af1f5f94c11e3e9402c3ac558"
+                       "f500199d95b6d3e301758586281dcd26");
+  tt_int_op(i, OP_EQ, 0);
+
+  /* Incremental digest code with SHA3-256 */
+  d1 = crypto_digest256_new(DIGEST_SHA3_256);
+  tt_assert(d1);
+  crypto_digest_add_bytes(d1, "abcdef", 6);
+  d2 = crypto_digest_dup(d1);
+  tt_assert(d2);
+  crypto_digest_add_bytes(d2, "ghijkl", 6);
+  crypto_digest_get_digest(d2, d_out1, DIGEST256_LEN);
+  crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA3_256);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST256_LEN);
+  crypto_digest_assign(d2, d1);
+  crypto_digest_add_bytes(d2, "mno", 3);
+  crypto_digest_get_digest(d2, d_out1, DIGEST256_LEN);
+  crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA3_256);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST256_LEN);
+  crypto_digest_get_digest(d1, d_out1, DIGEST256_LEN);
+  crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA3_256);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST256_LEN);
+  crypto_digest_free(d1);
+  crypto_digest_free(d2);
+
+  /* Incremental digest code with SHA3-512 */
+  d1 = crypto_digest512_new(DIGEST_SHA3_512);
+  tt_assert(d1);
+  crypto_digest_add_bytes(d1, "abcdef", 6);
+  d2 = crypto_digest_dup(d1);
+  tt_assert(d2);
+  crypto_digest_add_bytes(d2, "ghijkl", 6);
+  crypto_digest_get_digest(d2, d_out1, DIGEST512_LEN);
+  crypto_digest512(d_out2, "abcdefghijkl", 12, DIGEST_SHA3_512);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST512_LEN);
+  crypto_digest_assign(d2, d1);
+  crypto_digest_add_bytes(d2, "mno", 3);
+  crypto_digest_get_digest(d2, d_out1, DIGEST512_LEN);
+  crypto_digest512(d_out2, "abcdefmno", 9, DIGEST_SHA3_512);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST512_LEN);
+  crypto_digest_get_digest(d1, d_out1, DIGEST512_LEN);
+  crypto_digest512(d_out2, "abcdef", 6, DIGEST_SHA3_512);
+  tt_mem_op(d_out1,OP_EQ, d_out2, DIGEST512_LEN);
+  crypto_digest_free(d1);
+
+  /* Attempt to exercise the incremental hashing code by creating a randomized
+   * 100 KiB buffer, and hashing rand[1, 5 * Rate] bytes at a time.  SHA3-512
+   * is used because it has a lowest rate of the family (the code is common,
+   * but the slower rate exercises more of it).
+   */
+  const size_t bufsz = 100 * 1024;
+  size_t j = 0;
+  large = tor_malloc(bufsz);
+  crypto_rand(large, bufsz);
+  d1 = crypto_digest512_new(DIGEST_SHA3_512); /* Running digest. */
+  while (j < bufsz) {
+    /* Pick how much data to add to the running digest. */
+    size_t incr = (size_t)crypto_rand_int_range(1, 72 * 5);
+    incr = MIN(bufsz - j, incr);
+
+    /* Add the data, and calculate the hash. */
+    crypto_digest_add_bytes(d1, large + j, incr);
+    crypto_digest_get_digest(d1, d_out1, DIGEST512_LEN);
+
+    /* One-shot hash the buffer up to the data that was just added,
+     * and ensure that the values match up.
+     *
+     * XXX/yawning: If this actually fails, it'll be rather difficult to
+     * reproduce.  Improvements welcome.
+     */
+    i = crypto_digest512(d_out2, large, j + incr, DIGEST_SHA3_512);
+    tt_int_op(i, OP_EQ, 0);
+    tt_mem_op(d_out1, OP_EQ, d_out2, DIGEST512_LEN);
+
+    j += incr;
+  }
+
+ done:
+  if (d1)
+    crypto_digest_free(d1);
+  if (d2)
+    crypto_digest_free(d2);
+  tor_free(large);
+  tor_free(mem_op_hex_tmp);
+}
+
+/** Run unit tests for our XOF. */
+static void
+test_crypto_sha3_xof(void *arg)
+{
+  uint8_t msg[255];
+  uint8_t out[512];
+  crypto_xof_t *xof;
+  char *mem_op_hex_tmp=NULL;
+
+  (void)arg;
+
+  /* SHAKE256 test vector (Len = 2040) from the Keccak Code Package. */
+  base16_decode((char *)msg, 255,
+                "3A3A819C48EFDE2AD914FBF00E18AB6BC4F14513AB27D0C178A188B61431"
+                "E7F5623CB66B23346775D386B50E982C493ADBBFC54B9A3CD383382336A1"
+                "A0B2150A15358F336D03AE18F666C7573D55C4FD181C29E6CCFDE63EA35F"
+                "0ADF5885CFC0A3D84A2B2E4DD24496DB789E663170CEF74798AA1BBCD457"
+                "4EA0BBA40489D764B2F83AADC66B148B4A0CD95246C127D5871C4F114186"
+                "90A5DDF01246A0C80A43C70088B6183639DCFDA4125BD113A8F49EE23ED3"
+                "06FAAC576C3FB0C1E256671D817FC2534A52F5B439F72E424DE376F4C565"
+                "CCA82307DD9EF76DA5B7C4EB7E085172E328807C02D011FFBF33785378D7"
+                "9DC266F6A5BE6BB0E4A92ECEEBAEB1", 510);
+  const char *squeezed_hex =
+                "8A5199B4A7E133E264A86202720655894D48CFF344A928CF8347F48379CE"
+                "F347DFC5BCFFAB99B27B1F89AA2735E23D30088FFA03B9EDB02B9635470A"
+                "B9F1038985D55F9CA774572DD006470EA65145469609F9FA0831BF1FFD84"
+                "2DC24ACADE27BD9816E3B5BF2876CB112232A0EB4475F1DFF9F5C713D9FF"
+                "D4CCB89AE5607FE35731DF06317949EEF646E9591CF3BE53ADD6B7DD2B60"
+                "96E2B3FB06E662EC8B2D77422DAAD9463CD155204ACDBD38E319613F39F9"
+                "9B6DFB35CA9365160066DB19835888C2241FF9A731A4ACBB5663727AAC34"
+                "A401247FBAA7499E7D5EE5B69D31025E63D04C35C798BCA1262D5673A9CF"
+                "0930B5AD89BD485599DC184528DA4790F088EBD170B635D9581632D2FF90"
+                "DB79665CED430089AF13C9F21F6D443A818064F17AEC9E9C5457001FA8DC"
+                "6AFBADBE3138F388D89D0E6F22F66671255B210754ED63D81DCE75CE8F18"
+                "9B534E6D6B3539AA51E837C42DF9DF59C71E6171CD4902FE1BDC73FB1775"
+                "B5C754A1ED4EA7F3105FC543EE0418DAD256F3F6118EA77114A16C15355B"
+                "42877A1DB2A7DF0E155AE1D8670ABCEC3450F4E2EEC9838F895423EF63D2"
+                "61138BAAF5D9F104CB5A957AEA06C0B9B8C78B0D441796DC0350DDEABB78"
+                "A33B6F1F9E68EDE3D1805C7B7E2CFD54E0FAD62F0D8CA67A775DC4546AF9"
+                "096F2EDB221DB42843D65327861282DC946A0BA01A11863AB2D1DFD16E39"
+                "73D4";
+
+  /* Test oneshot absorb/squeeze. */
+  xof = crypto_xof_new();
+  tt_assert(xof);
+  crypto_xof_add_bytes(xof, msg, sizeof(msg));
+  crypto_xof_squeeze_bytes(xof, out, sizeof(out));
+  test_memeq_hex(out, squeezed_hex);
+  crypto_xof_free(xof);
+  memset(out, 0, sizeof(out));
+
+  /* Test incremental absorb/squeeze. */
+  xof = crypto_xof_new();
+  tt_assert(xof);
+  for (size_t i = 0; i < sizeof(msg); i++)
+    crypto_xof_add_bytes(xof, msg + i, 1);
+  for (size_t i = 0; i < sizeof(out); i++)
+    crypto_xof_squeeze_bytes(xof, out + i, 1);
+  test_memeq_hex(out, squeezed_hex);
+
+ done:
+  if (xof)
+    crypto_xof_free(xof);
+  tor_free(mem_op_hex_tmp);
+}
+
 /** Run unit tests for our public key crypto functions */
 static void
-test_crypto_pk(void)
+test_crypto_pk(void *arg)
 {
   crypto_pk_t *pk1 = NULL, *pk2 = NULL;
   char *encoded = NULL;
@@ -401,74 +881,83 @@ test_crypto_pk(void)
   int i, len;
 
   /* Public-key ciphers */
+  (void)arg;
   pk1 = pk_generate(0);
   pk2 = crypto_pk_new();
-  test_assert(pk1 && pk2);
-  test_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
-  test_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
-  test_eq(0, crypto_pk_cmp_keys(pk1, pk2));
+  tt_assert(pk1 && pk2);
+  tt_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
+  tt_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
+  tt_int_op(0,OP_EQ, crypto_pk_cmp_keys(pk1, pk2));
 
   /* comparison between keys and NULL */
-  tt_int_op(crypto_pk_cmp_keys(NULL, pk1), <, 0);
-  tt_int_op(crypto_pk_cmp_keys(NULL, NULL), ==, 0);
-  tt_int_op(crypto_pk_cmp_keys(pk1, NULL), >, 0);
+  tt_int_op(crypto_pk_cmp_keys(NULL, pk1), OP_LT, 0);
+  tt_int_op(crypto_pk_cmp_keys(NULL, NULL), OP_EQ, 0);
+  tt_int_op(crypto_pk_cmp_keys(pk1, NULL), OP_GT, 0);
 
-  test_eq(128, crypto_pk_keysize(pk1));
-  test_eq(1024, crypto_pk_num_bits(pk1));
-  test_eq(128, crypto_pk_keysize(pk2));
-  test_eq(1024, crypto_pk_num_bits(pk2));
+  tt_int_op(128,OP_EQ, crypto_pk_keysize(pk1));
+  tt_int_op(1024,OP_EQ, crypto_pk_num_bits(pk1));
+  tt_int_op(128,OP_EQ, crypto_pk_keysize(pk2));
+  tt_int_op(1024,OP_EQ, crypto_pk_num_bits(pk2));
 
-  test_eq(128, crypto_pk_public_encrypt(pk2, data1, sizeof(data1),
+  tt_int_op(128,OP_EQ, crypto_pk_public_encrypt(pk2, data1, sizeof(data1),
                                         "Hello whirled.", 15,
                                         PK_PKCS1_OAEP_PADDING));
-  test_eq(128, crypto_pk_public_encrypt(pk1, data2, sizeof(data1),
+  tt_int_op(128,OP_EQ, crypto_pk_public_encrypt(pk1, data2, sizeof(data1),
                                         "Hello whirled.", 15,
                                         PK_PKCS1_OAEP_PADDING));
   /* oaep padding should make encryption not match */
-  test_memneq(data1, data2, 128);
-  test_eq(15, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data1, 128,
+  tt_mem_op(data1,OP_NE, data2, 128);
+  tt_int_op(15,OP_EQ,
+            crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data1, 128,
                                         PK_PKCS1_OAEP_PADDING,1));
-  test_streq(data3, "Hello whirled.");
+  tt_str_op(data3,OP_EQ, "Hello whirled.");
   memset(data3, 0, 1024);
-  test_eq(15, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
+  tt_int_op(15,OP_EQ,
+            crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
                                         PK_PKCS1_OAEP_PADDING,1));
-  test_streq(data3, "Hello whirled.");
+  tt_str_op(data3,OP_EQ, "Hello whirled.");
   /* Can't decrypt with public key. */
-  test_eq(-1, crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data2, 128,
+  tt_int_op(-1,OP_EQ,
+            crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data2, 128,
                                         PK_PKCS1_OAEP_PADDING,1));
   /* Try again with bad padding */
   memcpy(data2+1, "XYZZY", 5);  /* This has fails ~ once-in-2^40 */
-  test_eq(-1, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
+  tt_int_op(-1,OP_EQ,
+            crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
                                         PK_PKCS1_OAEP_PADDING,1));
 
   /* File operations: save and load private key */
-  test_assert(! crypto_pk_write_private_key_to_filename(pk1,
+  tt_assert(! crypto_pk_write_private_key_to_filename(pk1,
                                                         get_fname("pkey1")));
   /* failing case for read: can't read. */
-  test_assert(crypto_pk_read_private_key_from_filename(pk2,
+  tt_assert(crypto_pk_read_private_key_from_filename(pk2,
                                                    get_fname("xyzzy")) < 0);
   write_str_to_file(get_fname("xyzzy"), "foobar", 6);
   /* Failing case for read: no key. */
-  test_assert(crypto_pk_read_private_key_from_filename(pk2,
+  tt_assert(crypto_pk_read_private_key_from_filename(pk2,
                                                    get_fname("xyzzy")) < 0);
-  test_assert(! crypto_pk_read_private_key_from_filename(pk2,
+  tt_assert(! crypto_pk_read_private_key_from_filename(pk2,
                                                          get_fname("pkey1")));
-  test_eq(15, crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data1, 128,
+  tt_int_op(15,OP_EQ,
+            crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data1, 128,
                                         PK_PKCS1_OAEP_PADDING,1));
 
   /* Now try signing. */
   strlcpy(data1, "Ossifrage", 1024);
-  test_eq(128, crypto_pk_private_sign(pk1, data2, sizeof(data2), data1, 10));
-  test_eq(10,
+  tt_int_op(128,OP_EQ,
+            crypto_pk_private_sign(pk1, data2, sizeof(data2), data1, 10));
+  tt_int_op(10,OP_EQ,
           crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
-  test_streq(data3, "Ossifrage");
+  tt_str_op(data3,OP_EQ, "Ossifrage");
   /* Try signing digests. */
-  test_eq(128, crypto_pk_private_sign_digest(pk1, data2, sizeof(data2),
+  tt_int_op(128,OP_EQ, crypto_pk_private_sign_digest(pk1, data2, sizeof(data2),
                                              data1, 10));
-  test_eq(20,
+  tt_int_op(20,OP_EQ,
           crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
-  test_eq(0, crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128));
-  test_eq(-1, crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128));
+  tt_int_op(0,OP_EQ,
+            crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128));
+  tt_int_op(-1,OP_EQ,
+            crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128));
 
   /*XXXX test failed signing*/
 
@@ -476,9 +965,9 @@ test_crypto_pk(void)
   crypto_pk_free(pk2);
   pk2 = NULL;
   i = crypto_pk_asn1_encode(pk1, data1, 1024);
-  test_assert(i>0);
+  tt_int_op(i, OP_GT, 0);
   pk2 = crypto_pk_asn1_decode(data1, i);
-  test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
+  tt_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
 
   /* Try with hybrid encryption wrappers. */
   crypto_rand(data1, 1024);
@@ -487,19 +976,19 @@ test_crypto_pk(void)
     memset(data3,0,1024);
     len = crypto_pk_public_hybrid_encrypt(pk1,data2,sizeof(data2),
                                           data1,i,PK_PKCS1_OAEP_PADDING,0);
-    test_assert(len>=0);
+    tt_int_op(len, OP_GE, 0);
     len = crypto_pk_private_hybrid_decrypt(pk1,data3,sizeof(data3),
                                            data2,len,PK_PKCS1_OAEP_PADDING,1);
-    test_eq(len,i);
-    test_memeq(data1,data3,i);
+    tt_int_op(len,OP_EQ, i);
+    tt_mem_op(data1,OP_EQ, data3,i);
   }
 
   /* Try copy_full */
   crypto_pk_free(pk2);
   pk2 = crypto_pk_copy_full(pk1);
-  test_assert(pk2 != NULL);
-  test_neq_ptr(pk1, pk2);
-  test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
+  tt_assert(pk2 != NULL);
+  tt_ptr_op(pk1, OP_NE, pk2);
+  tt_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
 
  done:
   if (pk1)
@@ -525,33 +1014,33 @@ test_crypto_pk_fingerprints(void *arg)
   pk = pk_generate(1);
   tt_assert(pk);
   n = crypto_pk_asn1_encode(pk, encoded, sizeof(encoded));
-  tt_int_op(n, >, 0);
-  tt_int_op(n, >, 128);
-  tt_int_op(n, <, 256);
+  tt_int_op(n, OP_GT, 0);
+  tt_int_op(n, OP_GT, 128);
+  tt_int_op(n, OP_LT, 256);
 
   /* Is digest as expected? */
   crypto_digest(d, encoded, n);
-  tt_int_op(0, ==, crypto_pk_get_digest(pk, d2));
-  test_memeq(d, d2, DIGEST_LEN);
+  tt_int_op(0, OP_EQ, crypto_pk_get_digest(pk, d2));
+  tt_mem_op(d,OP_EQ, d2, DIGEST_LEN);
 
   /* Is fingerprint right? */
-  tt_int_op(0, ==, crypto_pk_get_fingerprint(pk, fingerprint, 0));
-  tt_int_op(strlen(fingerprint), ==, DIGEST_LEN * 2);
+  tt_int_op(0, OP_EQ, crypto_pk_get_fingerprint(pk, fingerprint, 0));
+  tt_int_op(strlen(fingerprint), OP_EQ, DIGEST_LEN * 2);
   test_memeq_hex(d, fingerprint);
 
   /* Are spaces right? */
-  tt_int_op(0, ==, crypto_pk_get_fingerprint(pk, fingerprint, 1));
+  tt_int_op(0, OP_EQ, crypto_pk_get_fingerprint(pk, fingerprint, 1));
   for (i = 4; i < strlen(fingerprint); i += 5) {
-    tt_int_op(fingerprint[i], ==, ' ');
+    tt_int_op(fingerprint[i], OP_EQ, ' ');
   }
   tor_strstrip(fingerprint, " ");
-  tt_int_op(strlen(fingerprint), ==, DIGEST_LEN * 2);
+  tt_int_op(strlen(fingerprint), OP_EQ, DIGEST_LEN * 2);
   test_memeq_hex(d, fingerprint);
 
   /* Now hash again and check crypto_pk_get_hashed_fingerprint. */
   crypto_digest(d2, d, sizeof(d));
-  tt_int_op(0, ==, crypto_pk_get_hashed_fingerprint(pk, fingerprint));
-  tt_int_op(strlen(fingerprint), ==, DIGEST_LEN * 2);
+  tt_int_op(0, OP_EQ, crypto_pk_get_hashed_fingerprint(pk, fingerprint));
+  tt_int_op(strlen(fingerprint), OP_EQ, DIGEST_LEN * 2);
   test_memeq_hex(d2, fingerprint);
 
  done:
@@ -559,90 +1048,173 @@ test_crypto_pk_fingerprints(void *arg)
   tor_free(mem_op_hex_tmp);
 }
 
+static void
+test_crypto_pk_base64(void *arg)
+{
+  crypto_pk_t *pk1 = NULL;
+  crypto_pk_t *pk2 = NULL;
+  char *encoded = NULL;
+
+  (void)arg;
+
+  /* Test Base64 encoding a key. */
+  pk1 = pk_generate(0);
+  tt_assert(pk1);
+  tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
+  tt_assert(encoded);
+
+  /* Test decoding a valid key. */
+  pk2 = crypto_pk_base64_decode(encoded, strlen(encoded));
+  tt_assert(pk2);
+  tt_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
+  crypto_pk_free(pk2);
+
+  /* Test decoding a invalid key (not Base64). */
+  static const char *invalid_b64 = "The key is in another castle!";
+  pk2 = crypto_pk_base64_decode(invalid_b64, strlen(invalid_b64));
+  tt_assert(!pk2);
+
+  /* Test decoding a truncated Base64 blob. */
+  pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)/2);
+  tt_assert(!pk2);
+
+ done:
+  crypto_pk_free(pk1);
+  crypto_pk_free(pk2);
+  tor_free(encoded);
+}
+
 /** Sanity check for crypto pk digests  */
 static void
-test_crypto_digests(void)
+test_crypto_digests(void *arg)
 {
   crypto_pk_t *k = NULL;
   ssize_t r;
-  digests_t pkey_digests;
+  common_digests_t pkey_digests;
   char digest[DIGEST_LEN];
 
+  (void)arg;
   k = crypto_pk_new();
-  test_assert(k);
+  tt_assert(k);
   r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_3, -1);
-  test_assert(!r);
+  tt_assert(!r);
 
   r = crypto_pk_get_digest(k, digest);
-  test_assert(r == 0);
-  test_memeq(hex_str(digest, DIGEST_LEN),
+  tt_assert(r == 0);
+  tt_mem_op(hex_str(digest, DIGEST_LEN),OP_EQ,
              AUTHORITY_SIGNKEY_A_DIGEST, HEX_DIGEST_LEN);
 
-  r = crypto_pk_get_all_digests(k, &pkey_digests);
+  r = crypto_pk_get_common_digests(k, &pkey_digests);
 
-  test_memeq(hex_str(pkey_digests.d[DIGEST_SHA1], DIGEST_LEN),
+  tt_mem_op(hex_str(pkey_digests.d[DIGEST_SHA1], DIGEST_LEN),OP_EQ,
              AUTHORITY_SIGNKEY_A_DIGEST, HEX_DIGEST_LEN);
-  test_memeq(hex_str(pkey_digests.d[DIGEST_SHA256], DIGEST256_LEN),
+  tt_mem_op(hex_str(pkey_digests.d[DIGEST_SHA256], DIGEST256_LEN),OP_EQ,
              AUTHORITY_SIGNKEY_A_DIGEST256, HEX_DIGEST256_LEN);
  done:
   crypto_pk_free(k);
 }
 
+#ifndef OPENSSL_1_1_API
+#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
+#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
+#endif
+
+/** Encode src into dest with OpenSSL's EVP Encode interface, returning the
+ * length of the encoded data in bytes.
+ */
+static int
+base64_encode_evp(char *dest, char *src, size_t srclen)
+{
+  const unsigned char *s = (unsigned char*)src;
+  EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+  int len, ret;
+
+  EVP_EncodeInit(ctx);
+  EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen);
+  EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret);
+  EVP_ENCODE_CTX_free(ctx);
+  return ret+ len;
+}
+
 /** Run unit tests for misc crypto formatting functionality (base64, base32,
  * fingerprints, etc) */
 static void
-test_crypto_formats(void)
+test_crypto_formats(void *arg)
 {
   char *data1 = NULL, *data2 = NULL, *data3 = NULL;
   int i, j, idx;
 
+  (void)arg;
   data1 = tor_malloc(1024);
   data2 = tor_malloc(1024);
   data3 = tor_malloc(1024);
-  test_assert(data1 && data2 && data3);
+  tt_assert(data1 && data2 && data3);
 
   /* Base64 tests */
   memset(data1, 6, 1024);
   for (idx = 0; idx < 10; ++idx) {
-    i = base64_encode(data2, 1024, data1, idx);
-    test_assert(i >= 0);
+    i = base64_encode(data2, 1024, data1, idx, 0);
+    tt_int_op(i, OP_GE, 0);
+    tt_int_op(i, OP_EQ, strlen(data2));
     j = base64_decode(data3, 1024, data2, i);
-    test_eq(j,idx);
-    test_memeq(data3, data1, idx);
+    tt_int_op(j,OP_EQ, idx);
+    tt_mem_op(data3,OP_EQ, data1, idx);
+
+    i = base64_encode_nopad(data2, 1024, (uint8_t*)data1, idx);
+    tt_int_op(i, OP_GE, 0);
+    tt_int_op(i, OP_EQ, strlen(data2));
+    tt_assert(! strchr(data2, '='));
+    j = base64_decode_nopad((uint8_t*)data3, 1024, data2, i);
+    tt_int_op(j, OP_EQ, idx);
+    tt_mem_op(data3,OP_EQ, data1, idx);
   }
 
   strlcpy(data1, "Test string that contains 35 chars.", 1024);
   strlcat(data1, " 2nd string that contains 35 chars.", 1024);
 
-  i = base64_encode(data2, 1024, data1, 71);
-  test_assert(i >= 0);
+  i = base64_encode(data2, 1024, data1, 71, 0);
+  tt_int_op(i, OP_GE, 0);
   j = base64_decode(data3, 1024, data2, i);
-  test_eq(j, 71);
-  test_streq(data3, data1);
-  test_assert(data2[i] == '\0');
+  tt_int_op(j,OP_EQ, 71);
+  tt_str_op(data3,OP_EQ, data1);
+  tt_int_op(data2[i], OP_EQ, '\0');
 
   crypto_rand(data1, DIGEST_LEN);
   memset(data2, 100, 1024);
   digest_to_base64(data2, data1);
-  test_eq(BASE64_DIGEST_LEN, strlen(data2));
-  test_eq(100, data2[BASE64_DIGEST_LEN+2]);
+  tt_int_op(BASE64_DIGEST_LEN,OP_EQ, strlen(data2));
+  tt_int_op(100,OP_EQ, data2[BASE64_DIGEST_LEN+2]);
   memset(data3, 99, 1024);
-  test_eq(digest_from_base64(data3, data2), 0);
-  test_memeq(data1, data3, DIGEST_LEN);
-  test_eq(99, data3[DIGEST_LEN+1]);
+  tt_int_op(digest_from_base64(data3, data2),OP_EQ, 0);
+  tt_mem_op(data1,OP_EQ, data3, DIGEST_LEN);
+  tt_int_op(99,OP_EQ, data3[DIGEST_LEN+1]);
+
+  tt_assert(digest_from_base64(data3, "###") < 0);
 
-  test_assert(digest_from_base64(data3, "###") < 0);
+  for (i = 0; i < 256; i++) {
+    /* Test the multiline format Base64 encoder with 0 .. 256 bytes of
+     * output against OpenSSL.
+     */
+    const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE);
+    data1[i] = i;
+    j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE);
+    tt_int_op(j, OP_EQ, enclen);
+    j = base64_encode_evp(data3, data1, i);
+    tt_int_op(j, OP_EQ, enclen);
+    tt_mem_op(data2, OP_EQ, data3, enclen);
+    tt_int_op(j, OP_EQ, strlen(data2));
+  }
 
   /* Encoding SHA256 */
   crypto_rand(data2, DIGEST256_LEN);
   memset(data2, 100, 1024);
   digest256_to_base64(data2, data1);
-  test_eq(BASE64_DIGEST256_LEN, strlen(data2));
-  test_eq(100, data2[BASE64_DIGEST256_LEN+2]);
+  tt_int_op(BASE64_DIGEST256_LEN,OP_EQ, strlen(data2));
+  tt_int_op(100,OP_EQ, data2[BASE64_DIGEST256_LEN+2]);
   memset(data3, 99, 1024);
-  test_eq(digest256_from_base64(data3, data2), 0);
-  test_memeq(data1, data3, DIGEST256_LEN);
-  test_eq(99, data3[DIGEST256_LEN+1]);
+  tt_int_op(digest256_from_base64(data3, data2),OP_EQ, 0);
+  tt_mem_op(data1,OP_EQ, data3, DIGEST256_LEN);
+  tt_int_op(99,OP_EQ, data3[DIGEST256_LEN+1]);
 
   /* Base32 tests */
   strlcpy(data1, "5chrs", 1024);
@@ -651,27 +1223,27 @@ test_crypto_formats(void)
    * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
    */
   base32_encode(data2, 9, data1, 5);
-  test_streq(data2, "gvrwq4tt");
+  tt_str_op(data2,OP_EQ, "gvrwq4tt");
 
   strlcpy(data1, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
   base32_encode(data2, 30, data1, 10);
-  test_streq(data2, "772w2rfobvomsywe");
+  tt_str_op(data2,OP_EQ, "772w2rfobvomsywe");
 
   /* Base16 tests */
   strlcpy(data1, "6chrs\xff", 1024);
   base16_encode(data2, 13, data1, 6);
-  test_streq(data2, "3663687273FF");
+  tt_str_op(data2,OP_EQ, "3663687273FF");
 
   strlcpy(data1, "f0d678affc000100", 1024);
   i = base16_decode(data2, 8, data1, 16);
-  test_eq(i,0);
-  test_memeq(data2, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
+  tt_int_op(i,OP_EQ, 0);
+  tt_mem_op(data2,OP_EQ, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
 
   /* now try some failing base16 decodes */
-  test_eq(-1, base16_decode(data2, 8, data1, 15)); /* odd input len */
-  test_eq(-1, base16_decode(data2, 7, data1, 16)); /* dest too short */
+  tt_int_op(-1,OP_EQ, base16_decode(data2, 8, data1, 15)); /* odd input len */
+  tt_int_op(-1,OP_EQ, base16_decode(data2, 7, data1, 16)); /* dest too short */
   strlcpy(data1, "f0dz!8affc000100", 1024);
-  test_eq(-1, base16_decode(data2, 8, data1, 16));
+  tt_int_op(-1,OP_EQ, base16_decode(data2, 8, data1, 16));
 
   tor_free(data1);
   tor_free(data2);
@@ -680,10 +1252,11 @@ test_crypto_formats(void)
   /* Add spaces to fingerprint */
   {
     data1 = tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
-    test_eq(strlen(data1), 40);
+    tt_int_op(strlen(data1),OP_EQ, 40);
     data2 = tor_malloc(FINGERPRINT_LEN+1);
     crypto_add_spaces_to_fp(data2, FINGERPRINT_LEN+1, data1);
-    test_streq(data2, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
+    tt_str_op(data2, OP_EQ,
+              "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
     tor_free(data1);
     tor_free(data2);
   }
@@ -694,39 +1267,6 @@ test_crypto_formats(void)
   tor_free(data3);
 }
 
-/** Run unit tests for our secret-to-key passphrase hashing functionality. */
-static void
-test_crypto_s2k(void)
-{
-  char buf[29];
-  char buf2[29];
-  char *buf3 = NULL;
-  int i;
-
-  memset(buf, 0, sizeof(buf));
-  memset(buf2, 0, sizeof(buf2));
-  buf3 = tor_malloc(65536);
-  memset(buf3, 0, 65536);
-
-  secret_to_key(buf+9, 20, "", 0, buf);
-  crypto_digest(buf2+9, buf3, 1024);
-  test_memeq(buf, buf2, 29);
-
-  memcpy(buf,"vrbacrda",8);
-  memcpy(buf2,"vrbacrda",8);
-  buf[8] = 96;
-  buf2[8] = 96;
-  secret_to_key(buf+9, 20, "12345678", 8, buf);
-  for (i = 0; i < 65536; i += 16) {
-    memcpy(buf3+i, "vrbacrda12345678", 16);
-  }
-  crypto_digest(buf2+9, buf3, 65536);
-  test_memeq(buf, buf2, 29);
-
- done:
-  tor_free(buf3);
-}
-
 /** Test AES-CTR encryption and decryption with IV. */
 static void
 test_crypto_aes_iv(void *arg)
@@ -757,79 +1297,79 @@ test_crypto_aes_iv(void *arg)
   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 4095,
                                                  plain, 4095);
 
-  test_eq(encrypted_size, 16 + 4095);
+  tt_int_op(encrypted_size,OP_EQ, 16 + 4095);
   tt_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
                                    * greater than 0, but its truth is not
                                    * obvious to all analysis tools. */
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
                                              encrypted1, encrypted_size);
 
-  test_eq(decrypted_size, 4095);
+  tt_int_op(decrypted_size,OP_EQ, 4095);
   tt_assert(decrypted_size > 0);
-  test_memeq(plain, decrypted1, 4095);
+  tt_mem_op(plain,OP_EQ, decrypted1, 4095);
   /* Encrypt a second time (with a new random initialization vector). */
   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted2, 16 + 4095,
                                              plain, 4095);
 
-  test_eq(encrypted_size, 16 + 4095);
+  tt_int_op(encrypted_size,OP_EQ, 16 + 4095);
   tt_assert(encrypted_size > 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted2, 4095,
                                              encrypted2, encrypted_size);
-  test_eq(decrypted_size, 4095);
+  tt_int_op(decrypted_size,OP_EQ, 4095);
   tt_assert(decrypted_size > 0);
-  test_memeq(plain, decrypted2, 4095);
-  test_memneq(encrypted1, encrypted2, encrypted_size);
+  tt_mem_op(plain,OP_EQ, decrypted2, 4095);
+  tt_mem_op(encrypted1,OP_NE, encrypted2, encrypted_size);
   /* Decrypt with the wrong key. */
   decrypted_size = crypto_cipher_decrypt_with_iv(key2, decrypted2, 4095,
                                              encrypted1, encrypted_size);
-  test_eq(decrypted_size, 4095);
-  test_memneq(plain, decrypted2, decrypted_size);
+  tt_int_op(decrypted_size,OP_EQ, 4095);
+  tt_mem_op(plain,OP_NE, decrypted2, decrypted_size);
   /* Alter the initialization vector. */
   encrypted1[0] += 42;
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
                                              encrypted1, encrypted_size);
-  test_eq(decrypted_size, 4095);
-  test_memneq(plain, decrypted2, 4095);
+  tt_int_op(decrypted_size,OP_EQ, 4095);
+  tt_mem_op(plain,OP_NE, decrypted2, 4095);
   /* Special length case: 1. */
   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 1,
                                              plain_1, 1);
-  test_eq(encrypted_size, 16 + 1);
+  tt_int_op(encrypted_size,OP_EQ, 16 + 1);
   tt_assert(encrypted_size > 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 1,
                                              encrypted1, encrypted_size);
-  test_eq(decrypted_size, 1);
+  tt_int_op(decrypted_size,OP_EQ, 1);
   tt_assert(decrypted_size > 0);
-  test_memeq(plain_1, decrypted1, 1);
+  tt_mem_op(plain_1,OP_EQ, decrypted1, 1);
   /* Special length case: 15. */
   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 15,
                                              plain_15, 15);
-  test_eq(encrypted_size, 16 + 15);
+  tt_int_op(encrypted_size,OP_EQ, 16 + 15);
   tt_assert(encrypted_size > 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 15,
                                              encrypted1, encrypted_size);
-  test_eq(decrypted_size, 15);
+  tt_int_op(decrypted_size,OP_EQ, 15);
   tt_assert(decrypted_size > 0);
-  test_memeq(plain_15, decrypted1, 15);
+  tt_mem_op(plain_15,OP_EQ, decrypted1, 15);
   /* Special length case: 16. */
   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 16,
                                              plain_16, 16);
-  test_eq(encrypted_size, 16 + 16);
+  tt_int_op(encrypted_size,OP_EQ, 16 + 16);
   tt_assert(encrypted_size > 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 16,
                                              encrypted1, encrypted_size);
-  test_eq(decrypted_size, 16);
+  tt_int_op(decrypted_size,OP_EQ, 16);
   tt_assert(decrypted_size > 0);
-  test_memeq(plain_16, decrypted1, 16);
+  tt_mem_op(plain_16,OP_EQ, decrypted1, 16);
   /* Special length case: 17. */
   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 17,
                                              plain_17, 17);
-  test_eq(encrypted_size, 16 + 17);
+  tt_int_op(encrypted_size,OP_EQ, 16 + 17);
   tt_assert(encrypted_size > 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 17,
                                              encrypted1, encrypted_size);
-  test_eq(decrypted_size, 17);
+  tt_int_op(decrypted_size,OP_EQ, 17);
   tt_assert(decrypted_size > 0);
-  test_memeq(plain_17, decrypted1, 17);
+  tt_mem_op(plain_17,OP_EQ, decrypted1, 17);
 
  done:
   /* Free memory. */
@@ -842,34 +1382,35 @@ test_crypto_aes_iv(void *arg)
 
 /** Test base32 decoding. */
 static void
-test_crypto_base32_decode(void)
+test_crypto_base32_decode(void *arg)
 {
   char plain[60], encoded[96 + 1], decoded[60];
   int res;
+  (void)arg;
   crypto_rand(plain, 60);
   /* Encode and decode a random string. */
   base32_encode(encoded, 96 + 1, plain, 60);
   res = base32_decode(decoded, 60, encoded, 96);
-  test_eq(res, 0);
-  test_memeq(plain, decoded, 60);
+  tt_int_op(res,OP_EQ, 0);
+  tt_mem_op(plain,OP_EQ, decoded, 60);
   /* Encode, uppercase, and decode a random string. */
   base32_encode(encoded, 96 + 1, plain, 60);
   tor_strupper(encoded);
   res = base32_decode(decoded, 60, encoded, 96);
-  test_eq(res, 0);
-  test_memeq(plain, decoded, 60);
+  tt_int_op(res,OP_EQ, 0);
+  tt_mem_op(plain,OP_EQ, decoded, 60);
   /* Change encoded string and decode. */
   if (encoded[0] == 'A' || encoded[0] == 'a')
     encoded[0] = 'B';
   else
     encoded[0] = 'A';
   res = base32_decode(decoded, 60, encoded, 96);
-  test_eq(res, 0);
-  test_memneq(plain, decoded, 60);
+  tt_int_op(res,OP_EQ, 0);
+  tt_mem_op(plain,OP_NE, decoded, 60);
   /* Bad encodings. */
   encoded[0] = '!';
   res = base32_decode(decoded, 60, encoded, 96);
-  test_assert(res < 0);
+  tt_int_op(0, OP_GT, res);
 
  done:
   ;
@@ -892,7 +1433,7 @@ test_crypto_kdf_TAP(void *arg)
    * your own. */
   memset(key_material, 0, sizeof(key_material));
   EXPAND("");
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   test_memeq_hex(key_material,
                  "5ba93c9db0cff93f52b521d7420e43f6eda2784fbf8b4530d8"
                  "d246dd74ac53a13471bba17941dff7c4ea21bb365bbeeaf5f2"
@@ -900,7 +1441,7 @@ test_crypto_kdf_TAP(void *arg)
                  "f07b01e13da42c6cf1de3abfdea9b95f34687cbbe92b9a7383");
 
   EXPAND("Tor");
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   test_memeq_hex(key_material,
                  "776c6214fc647aaa5f683c737ee66ec44f03d0372e1cce6922"
                  "7950f236ddf1e329a7ce7c227903303f525a8c6662426e8034"
@@ -908,7 +1449,7 @@ test_crypto_kdf_TAP(void *arg)
                  "3f45dfda1a80bdc8b80de01b23e3e0ffae099b3e4ccf28dc28");
 
   EXPAND("AN ALARMING ITEM TO FIND ON A MONTHLY AUTO-DEBIT NOTICE");
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   test_memeq_hex(key_material,
                  "a340b5d126086c3ab29c2af4179196dbf95e1c72431419d331"
                  "4844bf8f6afb6098db952b95581fb6c33625709d6f4400b8e7"
@@ -944,7 +1485,7 @@ test_crypto_hkdf_sha256(void *arg)
   /* Test vectors generated with ntor_ref.py */
   memset(key_material, 0, sizeof(key_material));
   EXPAND("");
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   test_memeq_hex(key_material,
                  "d3490ed48b12a48f9547861583573fe3f19aafe3f81dc7fc75"
                  "eeed96d741b3290f941576c1f9f0b2d463d1ec7ab2c6bf71cd"
@@ -952,7 +1493,7 @@ test_crypto_hkdf_sha256(void *arg)
                  "dcf6abe0d20c77cf363e8ffe358927817a3d3e73712cee28d8");
 
   EXPAND("Tor");
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   test_memeq_hex(key_material,
                  "5521492a85139a8d9107a2d5c0d9c91610d0f95989975ebee6"
                  "c02a4f8d622a6cfdf9b7c7edd3832e2760ded1eac309b76f8d"
@@ -960,7 +1501,7 @@ test_crypto_hkdf_sha256(void *arg)
                  "961be9fdb9f93197ea8e5977180801926d3321fa21513e59ac");
 
   EXPAND("AN ALARMING ITEM TO FIND ON YOUR CREDIT-RATING STATEMENT");
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   test_memeq_hex(key_material,
                  "a2aa9b50da7e481d30463adb8f233ff06e9571a0ca6ab6df0f"
                  "b206fa34e5bc78d063fc291501beec53b36e5a0e434561200c"
@@ -972,7 +1513,6 @@ test_crypto_hkdf_sha256(void *arg)
 #undef EXPAND
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 test_crypto_curve25519_impl(void *arg)
 {
@@ -1024,7 +1564,7 @@ test_crypto_curve25519_impl(void *arg)
       e2k[31] |= (byte & 0x80);
     }
     curve25519_impl(e1e2k,e1,e2k);
-    test_memeq(e1e2k, e2e1k, 32);
+    tt_mem_op(e1e2k,OP_EQ, e2e1k, 32);
     if (loop == loop_max-1) {
       break;
     }
@@ -1042,6 +1582,29 @@ test_crypto_curve25519_impl(void *arg)
 }
 
 static void
+test_crypto_curve25519_basepoint(void *arg)
+{
+  uint8_t secret[32];
+  uint8_t public1[32];
+  uint8_t public2[32];
+  const int iters = 2048;
+  int i;
+  (void) arg;
+
+  for (i = 0; i < iters; ++i) {
+    crypto_rand((char*)secret, 32);
+    curve25519_set_impl_params(1); /* Use optimization */
+    curve25519_basepoint_impl(public1, secret);
+    curve25519_set_impl_params(0); /* Disable optimization */
+    curve25519_basepoint_impl(public2, secret);
+    tt_mem_op(public1, OP_EQ, public2, 32);
+  }
+
+ done:
+  ;
+}
+
+static void
 test_crypto_curve25519_wrappers(void *arg)
 {
   curve25519_public_key_t pubkey1, pubkey2;
@@ -1056,11 +1619,11 @@ test_crypto_curve25519_wrappers(void *arg)
   curve25519_secret_key_generate(&seckey2, 1);
   curve25519_public_key_generate(&pubkey1, &seckey1);
   curve25519_public_key_generate(&pubkey2, &seckey2);
-  test_assert(curve25519_public_key_is_ok(&pubkey1));
-  test_assert(curve25519_public_key_is_ok(&pubkey2));
+  tt_assert(curve25519_public_key_is_ok(&pubkey1));
+  tt_assert(curve25519_public_key_is_ok(&pubkey2));
   curve25519_handshake(output1, &seckey1, &pubkey2);
   curve25519_handshake(output2, &seckey2, &pubkey1);
-  test_memeq(output1, output2, sizeof(output1));
+  tt_mem_op(output1,OP_EQ, output2, sizeof(output1));
 
  done:
   ;
@@ -1077,26 +1640,26 @@ test_crypto_curve25519_encode(void *arg)
 
   curve25519_secret_key_generate(&seckey, 0);
   curve25519_public_key_generate(&key1, &seckey);
-  tt_int_op(0, ==, curve25519_public_to_base64(buf, &key1));
-  tt_int_op(CURVE25519_BASE64_PADDED_LEN, ==, strlen(buf));
+  tt_int_op(0, OP_EQ, curve25519_public_to_base64(buf, &key1));
+  tt_int_op(CURVE25519_BASE64_PADDED_LEN, OP_EQ, strlen(buf));
 
-  tt_int_op(0, ==, curve25519_public_from_base64(&key2, buf));
-  test_memeq(key1.public_key, key2.public_key, CURVE25519_PUBKEY_LEN);
+  tt_int_op(0, OP_EQ, curve25519_public_from_base64(&key2, buf));
+  tt_mem_op(key1.public_key,OP_EQ, key2.public_key, CURVE25519_PUBKEY_LEN);
 
   buf[CURVE25519_BASE64_PADDED_LEN - 1] = '\0';
-  tt_int_op(CURVE25519_BASE64_PADDED_LEN-1, ==, strlen(buf));
-  tt_int_op(0, ==, curve25519_public_from_base64(&key3, buf));
-  test_memeq(key1.public_key, key3.public_key, CURVE25519_PUBKEY_LEN);
+  tt_int_op(CURVE25519_BASE64_PADDED_LEN-1, OP_EQ, strlen(buf));
+  tt_int_op(0, OP_EQ, curve25519_public_from_base64(&key3, buf));
+  tt_mem_op(key1.public_key,OP_EQ, key3.public_key, CURVE25519_PUBKEY_LEN);
 
   /* Now try bogus parses. */
   strlcpy(buf, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$=", sizeof(buf));
-  tt_int_op(-1, ==, curve25519_public_from_base64(&key3, buf));
+  tt_int_op(-1, OP_EQ, curve25519_public_from_base64(&key3, buf));
 
   strlcpy(buf, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$", sizeof(buf));
-  tt_int_op(-1, ==, curve25519_public_from_base64(&key3, buf));
+  tt_int_op(-1, OP_EQ, curve25519_public_from_base64(&key3, buf));
 
   strlcpy(buf, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", sizeof(buf));
-  tt_int_op(-1, ==, curve25519_public_from_base64(&key3, buf));
+  tt_int_op(-1, OP_EQ, curve25519_public_from_base64(&key3, buf));
 
  done:
   ;
@@ -1115,45 +1678,49 @@ test_crypto_curve25519_persist(void *arg)
 
   (void)arg;
 
-  tt_int_op(0,==,curve25519_keypair_generate(&keypair, 0));
+  tt_int_op(0,OP_EQ,curve25519_keypair_generate(&keypair, 0));
 
-  tt_int_op(0,==,curve25519_keypair_write_to_file(&keypair, fname, "testing"));
-  tt_int_op(0,==,curve25519_keypair_read_from_file(&keypair2, &tag, fname));
-  tt_str_op(tag,==,"testing");
+  tt_int_op(0,OP_EQ,
+            curve25519_keypair_write_to_file(&keypair, fname, "testing"));
+  tt_int_op(0,OP_EQ,curve25519_keypair_read_from_file(&keypair2, &tag, fname));
+  tt_str_op(tag,OP_EQ,"testing");
   tor_free(tag);
 
-  test_memeq(keypair.pubkey.public_key,
+  tt_mem_op(keypair.pubkey.public_key,OP_EQ,
              keypair2.pubkey.public_key,
              CURVE25519_PUBKEY_LEN);
-  test_memeq(keypair.seckey.secret_key,
+  tt_mem_op(keypair.seckey.secret_key,OP_EQ,
              keypair2.seckey.secret_key,
              CURVE25519_SECKEY_LEN);
 
   content = read_file_to_str(fname, RFTS_BIN, &st);
   tt_assert(content);
   taglen = strlen("== c25519v1: testing ==");
-  tt_u64_op((uint64_t)st.st_size, ==,
+  tt_u64_op((uint64_t)st.st_size, OP_EQ,
             32+CURVE25519_PUBKEY_LEN+CURVE25519_SECKEY_LEN);
   tt_assert(fast_memeq(content, "== c25519v1: testing ==", taglen));
   tt_assert(tor_mem_is_zero(content+taglen, 32-taglen));
   cp = content + 32;
-  test_memeq(keypair.seckey.secret_key,
+  tt_mem_op(keypair.seckey.secret_key,OP_EQ,
              cp,
              CURVE25519_SECKEY_LEN);
   cp += CURVE25519_SECKEY_LEN;
-  test_memeq(keypair.pubkey.public_key,
+  tt_mem_op(keypair.pubkey.public_key,OP_EQ,
              cp,
              CURVE25519_SECKEY_LEN);
 
   tor_free(fname);
   fname = tor_strdup(get_fname("bogus_keypair"));
 
-  tt_int_op(-1, ==, curve25519_keypair_read_from_file(&keypair2, &tag, fname));
+  tt_int_op(-1, OP_EQ,
+            curve25519_keypair_read_from_file(&keypair2, &tag, fname));
   tor_free(tag);
 
   content[69] ^= 0xff;
-  tt_int_op(0, ==, write_bytes_to_file(fname, content, (size_t)st.st_size, 1));
-  tt_int_op(-1, ==, curve25519_keypair_read_from_file(&keypair2, &tag, fname));
+  tt_int_op(0, OP_EQ,
+            write_bytes_to_file(fname, content, (size_t)st.st_size, 1));
+  tt_int_op(-1, OP_EQ,
+            curve25519_keypair_read_from_file(&keypair2, &tag, fname));
 
  done:
   tor_free(fname);
@@ -1161,7 +1728,459 @@ test_crypto_curve25519_persist(void *arg)
   tor_free(tag);
 }
 
-#endif
+static void *
+ed25519_testcase_setup(const struct testcase_t *testcase)
+{
+  crypto_ed25519_testing_force_impl(testcase->setup_data);
+  return testcase->setup_data;
+}
+static int
+ed25519_testcase_cleanup(const struct testcase_t *testcase, void *ptr)
+{
+  (void)testcase;
+  (void)ptr;
+  crypto_ed25519_testing_restore_impl();
+  return 1;
+}
+static const struct testcase_setup_t ed25519_test_setup = {
+  ed25519_testcase_setup, ed25519_testcase_cleanup
+};
+
+static void
+test_crypto_ed25519_simple(void *arg)
+{
+  ed25519_keypair_t kp1, kp2;
+  ed25519_public_key_t pub1, pub2;
+  ed25519_secret_key_t sec1, sec2;
+  ed25519_signature_t sig1, sig2;
+  const uint8_t msg[] =
+    "GNU will be able to run Unix programs, "
+    "but will not be identical to Unix.";
+  const uint8_t msg2[] =
+    "Microsoft Windows extends the features of the DOS operating system, "
+    "yet is compatible with most existing applications that run under DOS.";
+  size_t msg_len = strlen((const char*)msg);
+  size_t msg2_len = strlen((const char*)msg2);
+
+  (void)arg;
+
+  tt_int_op(0, OP_EQ, ed25519_secret_key_generate(&sec1, 0));
+  tt_int_op(0, OP_EQ, ed25519_secret_key_generate(&sec2, 1));
+
+  tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pub1, &sec1));
+  tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pub2, &sec1));
+
+  tt_mem_op(pub1.pubkey, OP_EQ, pub2.pubkey, sizeof(pub1.pubkey));
+  tt_assert(ed25519_pubkey_eq(&pub1, &pub2));
+  tt_assert(ed25519_pubkey_eq(&pub1, &pub1));
+
+  memcpy(&kp1.pubkey, &pub1, sizeof(pub1));
+  memcpy(&kp1.seckey, &sec1, sizeof(sec1));
+  tt_int_op(0, OP_EQ, ed25519_sign(&sig1, msg, msg_len, &kp1));
+  tt_int_op(0, OP_EQ, ed25519_sign(&sig2, msg, msg_len, &kp1));
+
+  /* Ed25519 signatures are deterministic */
+  tt_mem_op(sig1.sig, OP_EQ, sig2.sig, sizeof(sig1.sig));
+
+  /* Basic signature is valid. */
+  tt_int_op(0, OP_EQ, ed25519_checksig(&sig1, msg, msg_len, &pub1));
+
+  /* Altered signature doesn't work. */
+  sig1.sig[0] ^= 3;
+  tt_int_op(-1, OP_EQ, ed25519_checksig(&sig1, msg, msg_len, &pub1));
+
+  /* Wrong public key doesn't work. */
+  tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pub2, &sec2));
+  tt_int_op(-1, OP_EQ, ed25519_checksig(&sig2, msg, msg_len, &pub2));
+  tt_assert(! ed25519_pubkey_eq(&pub1, &pub2));
+
+  /* Wrong message doesn't work. */
+  tt_int_op(0, OP_EQ, ed25519_checksig(&sig2, msg, msg_len, &pub1));
+  tt_int_op(-1, OP_EQ, ed25519_checksig(&sig2, msg, msg_len-1, &pub1));
+  tt_int_op(-1, OP_EQ, ed25519_checksig(&sig2, msg2, msg2_len, &pub1));
+
+  /* Batch signature checking works with some bad. */
+  tt_int_op(0, OP_EQ, ed25519_keypair_generate(&kp2, 0));
+  tt_int_op(0, OP_EQ, ed25519_sign(&sig1, msg, msg_len, &kp2));
+  {
+    ed25519_checkable_t ch[] = {
+      { &pub1, sig2, msg, msg_len }, /*ok*/
+      { &pub1, sig2, msg, msg_len-1 }, /*bad*/
+      { &kp2.pubkey, sig2, msg2, msg2_len }, /*bad*/
+      { &kp2.pubkey, sig1, msg, msg_len }, /*ok*/
+    };
+    int okay[4];
+    tt_int_op(-2, OP_EQ, ed25519_checksig_batch(okay, ch, 4));
+    tt_int_op(okay[0], OP_EQ, 1);
+    tt_int_op(okay[1], OP_EQ, 0);
+    tt_int_op(okay[2], OP_EQ, 0);
+    tt_int_op(okay[3], OP_EQ, 1);
+    tt_int_op(-2, OP_EQ, ed25519_checksig_batch(NULL, ch, 4));
+  }
+
+  /* Batch signature checking works with all good. */
+  {
+    ed25519_checkable_t ch[] = {
+      { &pub1, sig2, msg, msg_len }, /*ok*/
+      { &kp2.pubkey, sig1, msg, msg_len }, /*ok*/
+    };
+    int okay[2];
+    tt_int_op(0, OP_EQ, ed25519_checksig_batch(okay, ch, 2));
+    tt_int_op(okay[0], OP_EQ, 1);
+    tt_int_op(okay[1], OP_EQ, 1);
+    tt_int_op(0, OP_EQ, ed25519_checksig_batch(NULL, ch, 2));
+  }
+
+ done:
+  ;
+}
+
+static void
+test_crypto_ed25519_test_vectors(void *arg)
+{
+  char *mem_op_hex_tmp=NULL;
+  int i;
+  struct {
+    const char *sk;
+    const char *pk;
+    const char *sig;
+    const char *msg;
+  } items[] = {
+    /* These test vectors were generated with the "ref" implementation of
+     * ed25519 from SUPERCOP-20130419 */
+    { "4c6574277320686f706520746865726520617265206e6f206275677320696e20",
+      "f3e0e493b30f56e501aeb868fc912fe0c8b76621efca47a78f6d75875193dd87",
+      "b5d7fd6fd3adf643647ce1fe87a2931dedd1a4e38e6c662bedd35cdd80bfac51"
+        "1b2c7d1ee6bd929ac213014e1a8dc5373854c7b25dbe15ec96bf6c94196fae06",
+      "506c6561736520657863757365206d7920667269656e642e2048652069736e2774"
+      "204e554c2d7465726d696e617465642e"
+    },
+
+    { "74686520696d706c656d656e746174696f6e20776869636820617265206e6f74",
+      "407f0025a1e1351a4cb68e92f5c0ebaf66e7aaf93a4006a4d1a66e3ede1cfeac",
+      "02884fde1c3c5944d0ecf2d133726fc820c303aae695adceabf3a1e01e95bf28"
+        "da88c0966f5265e9c6f8edc77b3b96b5c91baec3ca993ccd21a3f64203600601",
+      "506c6561736520657863757365206d7920667269656e642e2048652069736e2774"
+      "204e554c2d7465726d696e617465642e"
+    },
+    { "6578706f73656420627920456e676c697368207465787420617320696e707574",
+      "61681cb5fbd69f9bc5a462a21a7ab319011237b940bc781cdc47fcbe327e7706",
+      "6a127d0414de7510125d4bc214994ffb9b8857a46330832d05d1355e882344ad"
+        "f4137e3ca1f13eb9cc75c887ef2309b98c57528b4acd9f6376c6898889603209",
+      "506c6561736520657863757365206d7920667269656e642e2048652069736e2774"
+      "204e554c2d7465726d696e617465642e"
+    },
+
+    /* These come from "sign.input" in ed25519's page */
+    { "5b5a619f8ce1c66d7ce26e5a2ae7b0c04febcd346d286c929e19d0d5973bfef9",
+      "6fe83693d011d111131c4f3fbaaa40a9d3d76b30012ff73bb0e39ec27ab18257",
+      "0f9ad9793033a2fa06614b277d37381e6d94f65ac2a5a94558d09ed6ce922258"
+        "c1a567952e863ac94297aec3c0d0c8ddf71084e504860bb6ba27449b55adc40e",
+      "5a8d9d0a22357e6655f9c785"
+    },
+    { "940c89fe40a81dafbdb2416d14ae469119869744410c3303bfaa0241dac57800",
+      "a2eb8c0501e30bae0cf842d2bde8dec7386f6b7fc3981b8c57c9792bb94cf2dd",
+      "d8bb64aad8c9955a115a793addd24f7f2b077648714f49c4694ec995b330d09d"
+        "640df310f447fd7b6cb5c14f9fe9f490bcf8cfadbfd2169c8ac20d3b8af49a0c",
+      "b87d3813e03f58cf19fd0b6395"
+    },
+    { "9acad959d216212d789a119252ebfe0c96512a23c73bd9f3b202292d6916a738",
+      "cf3af898467a5b7a52d33d53bc037e2642a8da996903fc252217e9c033e2f291",
+      "6ee3fe81e23c60eb2312b2006b3b25e6838e02106623f844c44edb8dafd66ab0"
+        "671087fd195df5b8f58a1d6e52af42908053d55c7321010092748795ef94cf06",
+      "55c7fa434f5ed8cdec2b7aeac173",
+    },
+    { "d5aeee41eeb0e9d1bf8337f939587ebe296161e6bf5209f591ec939e1440c300",
+      "fd2a565723163e29f53c9de3d5e8fbe36a7ab66e1439ec4eae9c0a604af291a5",
+      "f68d04847e5b249737899c014d31c805c5007a62c0a10d50bb1538c5f3550395"
+        "1fbc1e08682f2cc0c92efe8f4985dec61dcbd54d4b94a22547d24451271c8b00",
+      "0a688e79be24f866286d4646b5d81c"
+    },
+
+    { NULL, NULL, NULL, NULL}
+  };
+
+  (void)arg;
+
+  for (i = 0; items[i].pk; ++i) {
+    ed25519_keypair_t kp;
+    ed25519_signature_t sig;
+    uint8_t sk_seed[32];
+    uint8_t *msg;
+    size_t msg_len;
+    base16_decode((char*)sk_seed, sizeof(sk_seed),
+                  items[i].sk, 64);
+    ed25519_secret_key_from_seed(&kp.seckey, sk_seed);
+    tt_int_op(0, OP_EQ, ed25519_public_key_generate(&kp.pubkey, &kp.seckey));
+    test_memeq_hex(kp.pubkey.pubkey, items[i].pk);
+
+    msg_len = strlen(items[i].msg) / 2;
+    msg = tor_malloc(msg_len);
+    base16_decode((char*)msg, msg_len, items[i].msg, strlen(items[i].msg));
+
+    tt_int_op(0, OP_EQ, ed25519_sign(&sig, msg, msg_len, &kp));
+    test_memeq_hex(sig.sig, items[i].sig);
+
+    tor_free(msg);
+  }
+
+ done:
+  tor_free(mem_op_hex_tmp);
+}
+
+static void
+test_crypto_ed25519_encode(void *arg)
+{
+  char buf[ED25519_SIG_BASE64_LEN+1];
+  ed25519_keypair_t kp;
+  ed25519_public_key_t pk;
+  ed25519_signature_t sig1, sig2;
+  char *mem_op_hex_tmp = NULL;
+  (void) arg;
+
+  /* Test roundtrip. */
+  tt_int_op(0, OP_EQ, ed25519_keypair_generate(&kp, 0));
+  tt_int_op(0, OP_EQ, ed25519_public_to_base64(buf, &kp.pubkey));
+  tt_int_op(ED25519_BASE64_LEN, OP_EQ, strlen(buf));
+  tt_int_op(0, OP_EQ, ed25519_public_from_base64(&pk, buf));
+  tt_mem_op(kp.pubkey.pubkey, OP_EQ, pk.pubkey, ED25519_PUBKEY_LEN);
+
+  tt_int_op(0, OP_EQ, ed25519_sign(&sig1, (const uint8_t*)"ABC", 3, &kp));
+  tt_int_op(0, OP_EQ, ed25519_signature_to_base64(buf, &sig1));
+  tt_int_op(0, OP_EQ, ed25519_signature_from_base64(&sig2, buf));
+  tt_mem_op(sig1.sig, OP_EQ, sig2.sig, ED25519_SIG_LEN);
+
+  /* Test known value. */
+  tt_int_op(0, OP_EQ, ed25519_public_from_base64(&pk,
+                             "lVIuIctLjbGZGU5wKMNXxXlSE3cW4kaqkqm04u6pxvM"));
+  test_memeq_hex(pk.pubkey,
+         "95522e21cb4b8db199194e7028c357c57952137716e246aa92a9b4e2eea9c6f3");
+
+ done:
+  tor_free(mem_op_hex_tmp);
+}
+
+static void
+test_crypto_ed25519_convert(void *arg)
+{
+  const uint8_t msg[] =
+    "The eyes are not here / There are no eyes here.";
+  const int N = 30;
+  int i;
+  (void)arg;
+
+  for (i = 0; i < N; ++i) {
+    curve25519_keypair_t curve25519_keypair;
+    ed25519_keypair_t ed25519_keypair;
+    ed25519_public_key_t ed25519_pubkey;
+
+    int bit=0;
+    ed25519_signature_t sig;
+
+    tt_int_op(0,OP_EQ,curve25519_keypair_generate(&curve25519_keypair, i&1));
+    tt_int_op(0,OP_EQ,ed25519_keypair_from_curve25519_keypair(
+                              &ed25519_keypair, &bit, &curve25519_keypair));
+    tt_int_op(0,OP_EQ,ed25519_public_key_from_curve25519_public_key(
+                        &ed25519_pubkey, &curve25519_keypair.pubkey, bit));
+    tt_mem_op(ed25519_pubkey.pubkey, OP_EQ, ed25519_keypair.pubkey.pubkey, 32);
+
+    tt_int_op(0,OP_EQ,ed25519_sign(&sig, msg, sizeof(msg), &ed25519_keypair));
+    tt_int_op(0,OP_EQ,ed25519_checksig(&sig, msg, sizeof(msg),
+                                    &ed25519_pubkey));
+
+    tt_int_op(-1,OP_EQ,ed25519_checksig(&sig, msg, sizeof(msg)-1,
+                                     &ed25519_pubkey));
+    sig.sig[0] ^= 15;
+    tt_int_op(-1,OP_EQ,ed25519_checksig(&sig, msg, sizeof(msg),
+                                     &ed25519_pubkey));
+  }
+
+ done:
+  ;
+}
+
+static void
+test_crypto_ed25519_blinding(void *arg)
+{
+  const uint8_t msg[] =
+    "Eyes I dare not meet in dreams / In death's dream kingdom";
+
+  const int N = 30;
+  int i;
+  (void)arg;
+
+  for (i = 0; i < N; ++i) {
+    uint8_t blinding[32];
+    ed25519_keypair_t ed25519_keypair;
+    ed25519_keypair_t ed25519_keypair_blinded;
+    ed25519_public_key_t ed25519_pubkey_blinded;
+
+    ed25519_signature_t sig;
+
+    crypto_rand((char*) blinding, sizeof(blinding));
+
+    tt_int_op(0,OP_EQ,ed25519_keypair_generate(&ed25519_keypair, 0));
+    tt_int_op(0,OP_EQ,ed25519_keypair_blind(&ed25519_keypair_blinded,
+                                         &ed25519_keypair, blinding));
+
+    tt_int_op(0,OP_EQ,ed25519_public_blind(&ed25519_pubkey_blinded,
+                                        &ed25519_keypair.pubkey, blinding));
+
+    tt_mem_op(ed25519_pubkey_blinded.pubkey, OP_EQ,
+              ed25519_keypair_blinded.pubkey.pubkey, 32);
+
+    tt_int_op(0,OP_EQ,ed25519_sign(&sig, msg, sizeof(msg),
+                                &ed25519_keypair_blinded));
+
+    tt_int_op(0,OP_EQ,ed25519_checksig(&sig, msg, sizeof(msg),
+                                    &ed25519_pubkey_blinded));
+
+    tt_int_op(-1,OP_EQ,ed25519_checksig(&sig, msg, sizeof(msg)-1,
+                                     &ed25519_pubkey_blinded));
+    sig.sig[0] ^= 15;
+    tt_int_op(-1,OP_EQ,ed25519_checksig(&sig, msg, sizeof(msg),
+                                     &ed25519_pubkey_blinded));
+  }
+
+ done:
+  ;
+}
+
+static void
+test_crypto_ed25519_testvectors(void *arg)
+{
+  unsigned i;
+  char *mem_op_hex_tmp = NULL;
+  (void)arg;
+
+  for (i = 0; i < ARRAY_LENGTH(ED25519_SECRET_KEYS); ++i) {
+    uint8_t sk[32];
+    ed25519_secret_key_t esk;
+    ed25519_public_key_t pk, blind_pk, pkfromcurve;
+    ed25519_keypair_t keypair, blind_keypair;
+    curve25519_keypair_t curvekp;
+    uint8_t blinding_param[32];
+    ed25519_signature_t sig;
+    int sign;
+
+#define DECODE(p,s) base16_decode((char*)(p),sizeof(p),(s),strlen(s))
+#define EQ(a,h) test_memeq_hex((const char*)(a), (h))
+
+    tt_int_op(0, OP_EQ, DECODE(sk, ED25519_SECRET_KEYS[i]));
+    tt_int_op(0, OP_EQ, DECODE(blinding_param, ED25519_BLINDING_PARAMS[i]));
+
+    tt_int_op(0, OP_EQ, ed25519_secret_key_from_seed(&esk, sk));
+    EQ(esk.seckey, ED25519_EXPANDED_SECRET_KEYS[i]);
+
+    tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pk, &esk));
+    EQ(pk.pubkey, ED25519_PUBLIC_KEYS[i]);
+
+    memcpy(&curvekp.seckey.secret_key, esk.seckey, 32);
+    curve25519_public_key_generate(&curvekp.pubkey, &curvekp.seckey);
+
+    tt_int_op(0, OP_EQ,
+          ed25519_keypair_from_curve25519_keypair(&keypair, &sign, &curvekp));
+    tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
+                                        &pkfromcurve, &curvekp.pubkey, sign));
+    tt_mem_op(keypair.pubkey.pubkey, OP_EQ, pkfromcurve.pubkey, 32);
+    EQ(curvekp.pubkey.public_key, ED25519_CURVE25519_PUBLIC_KEYS[i]);
+
+    /* Self-signing */
+    memcpy(&keypair.seckey, &esk, sizeof(esk));
+    memcpy(&keypair.pubkey, &pk, sizeof(pk));
+
+    tt_int_op(0, OP_EQ, ed25519_sign(&sig, pk.pubkey, 32, &keypair));
+
+    EQ(sig.sig, ED25519_SELF_SIGNATURES[i]);
+
+    /* Blinding */
+    tt_int_op(0, OP_EQ,
+            ed25519_keypair_blind(&blind_keypair, &keypair, blinding_param));
+    tt_int_op(0, OP_EQ,
+            ed25519_public_blind(&blind_pk, &pk, blinding_param));
+
+    EQ(blind_keypair.seckey.seckey, ED25519_BLINDED_SECRET_KEYS[i]);
+    EQ(blind_pk.pubkey, ED25519_BLINDED_PUBLIC_KEYS[i]);
+
+    tt_mem_op(blind_pk.pubkey, OP_EQ, blind_keypair.pubkey.pubkey, 32);
+
+#undef DECODE
+#undef EQ
+  }
+ done:
+  tor_free(mem_op_hex_tmp);
+}
+
+static void
+test_crypto_ed25519_fuzz_donna(void *arg)
+{
+  const unsigned iters = 1024;
+  uint8_t msg[1024];
+  unsigned i;
+  (void)arg;
+
+  tt_assert(sizeof(msg) == iters);
+  crypto_rand((char*) msg, sizeof(msg));
+
+  /* Fuzz Ed25519-donna vs ref10, alternating the implementation used to
+   * generate keys/sign per iteration.
+   */
+  for (i = 0; i < iters; ++i) {
+    const int use_donna = i & 1;
+    uint8_t blinding[32];
+    curve25519_keypair_t ckp;
+    ed25519_keypair_t kp, kp_blind, kp_curve25519;
+    ed25519_public_key_t pk, pk_blind, pk_curve25519;
+    ed25519_signature_t sig, sig_blind;
+    int bit = 0;
+
+    crypto_rand((char*) blinding, sizeof(blinding));
+
+    /* Impl. A:
+     *  1. Generate a keypair.
+     *  2. Blinded the keypair.
+     *  3. Sign a message (unblinded).
+     *  4. Sign a message (blinded).
+     *  5. Generate a curve25519 keypair, and convert it to Ed25519.
+     */
+    ed25519_set_impl_params(use_donna);
+    tt_int_op(0, OP_EQ, ed25519_keypair_generate(&kp, i&1));
+    tt_int_op(0, OP_EQ, ed25519_keypair_blind(&kp_blind, &kp, blinding));
+    tt_int_op(0, OP_EQ, ed25519_sign(&sig, msg, i, &kp));
+    tt_int_op(0, OP_EQ, ed25519_sign(&sig_blind, msg, i, &kp_blind));
+
+    tt_int_op(0, OP_EQ, curve25519_keypair_generate(&ckp, i&1));
+    tt_int_op(0, OP_EQ, ed25519_keypair_from_curve25519_keypair(
+            &kp_curve25519, &bit, &ckp));
+
+    /* Impl. B:
+     *  1. Validate the public key by rederiving it.
+     *  2. Validate the blinded public key by rederiving it.
+     *  3. Validate the unblinded signature (and test a invalid signature).
+     *  4. Validate the blinded signature.
+     *  5. Validate the public key (from Curve25519) by rederiving it.
+     */
+    ed25519_set_impl_params(!use_donna);
+    tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pk, &kp.seckey));
+    tt_mem_op(pk.pubkey, OP_EQ, kp.pubkey.pubkey, 32);
+
+    tt_int_op(0, OP_EQ, ed25519_public_blind(&pk_blind, &kp.pubkey, blinding));
+    tt_mem_op(pk_blind.pubkey, OP_EQ, kp_blind.pubkey.pubkey, 32);
+
+    tt_int_op(0, OP_EQ, ed25519_checksig(&sig, msg, i, &pk));
+    sig.sig[0] ^= 15;
+    tt_int_op(-1, OP_EQ, ed25519_checksig(&sig, msg, sizeof(msg), &pk));
+
+    tt_int_op(0, OP_EQ, ed25519_checksig(&sig_blind, msg, i, &pk_blind));
+
+    tt_int_op(0, OP_EQ, ed25519_public_key_from_curve25519_public_key(
+            &pk_curve25519, &ckp.pubkey, bit));
+    tt_mem_op(pk_curve25519.pubkey, OP_EQ, kp_curve25519.pubkey.pubkey, 32);
+  }
+
+ done:
+  ;
+}
 
 static void
 test_crypto_siphash(void *arg)
@@ -1251,7 +2270,7 @@ test_crypto_siphash(void *arg)
   for (i = 0; i < 64; ++i) {
     uint64_t r = siphash24(input, i, &K);
     for (j = 0; j < 8; ++j) {
-      tt_int_op( (r >> (j*8)) & 0xff, ==, VECTORS[i][j]);
+      tt_int_op( (r >> (j*8)) & 0xff, OP_EQ, VECTORS[i][j]);
     }
   }
 
@@ -1259,49 +2278,159 @@ test_crypto_siphash(void *arg)
   ;
 }
 
-static void *
-pass_data_setup_fn(const struct testcase_t *testcase)
+/* We want the likelihood that the random buffer exhibits any regular pattern
+ * to be far less than the memory bit error rate in the int return value.
+ * Using 2048 bits provides a failure rate of 1/(3 * 10^616), and we call
+ * 3 functions, leading to an overall error rate of 1/10^616.
+ * This is comparable with the 1/10^603 failure rate of test_crypto_rng_range.
+ */
+#define FAILURE_MODE_BUFFER_SIZE (2048/8)
+
+/** Check crypto_rand for a failure mode where it does nothing to the buffer,
+ * or it sets the buffer to all zeroes. Return 0 when the check passes,
+ * or -1 when it fails. */
+static int
+crypto_rand_check_failure_mode_zero(void)
 {
-  return testcase->setup_data;
+  char buf[FAILURE_MODE_BUFFER_SIZE];
+
+  memset(buf, 0, FAILURE_MODE_BUFFER_SIZE);
+  crypto_rand(buf, FAILURE_MODE_BUFFER_SIZE);
+
+  for (size_t i = 0; i < FAILURE_MODE_BUFFER_SIZE; i++) {
+    if (buf[i] != 0) {
+      return 0;
+    }
+  }
+
+  return -1;
 }
+
+/** Check crypto_rand for a failure mode where every int64_t in the buffer is
+ * the same. Return 0 when the check passes, or -1 when it fails. */
 static int
-pass_data_cleanup_fn(const struct testcase_t *testcase, void *ptr)
+crypto_rand_check_failure_mode_identical(void)
 {
-  (void)ptr;
-  (void)testcase;
-  return 1;
+  /* just in case the buffer size isn't a multiple of sizeof(int64_t) */
+#define FAILURE_MODE_BUFFER_SIZE_I64 \
+  (FAILURE_MODE_BUFFER_SIZE/SIZEOF_INT64_T)
+#define FAILURE_MODE_BUFFER_SIZE_I64_BYTES \
+  (FAILURE_MODE_BUFFER_SIZE_I64*SIZEOF_INT64_T)
+
+#if FAILURE_MODE_BUFFER_SIZE_I64 < 2
+#error FAILURE_MODE_BUFFER_SIZE needs to be at least 2*SIZEOF_INT64_T
+#endif
+
+  int64_t buf[FAILURE_MODE_BUFFER_SIZE_I64];
+
+  memset(buf, 0, FAILURE_MODE_BUFFER_SIZE_I64_BYTES);
+  crypto_rand((char *)buf, FAILURE_MODE_BUFFER_SIZE_I64_BYTES);
+
+  for (size_t i = 1; i < FAILURE_MODE_BUFFER_SIZE_I64; i++) {
+    if (buf[i] != buf[i-1]) {
+      return 0;
+    }
+  }
+
+  return -1;
+}
+
+/** Check crypto_rand for a failure mode where it increments the "random"
+ * value by 1 for every byte in the buffer. (This is OpenSSL's PREDICT mode.)
+ * Return 0 when the check passes, or -1 when it fails. */
+static int
+crypto_rand_check_failure_mode_predict(void)
+{
+  unsigned char buf[FAILURE_MODE_BUFFER_SIZE];
+
+  memset(buf, 0, FAILURE_MODE_BUFFER_SIZE);
+  crypto_rand((char *)buf, FAILURE_MODE_BUFFER_SIZE);
+
+  for (size_t i = 1; i < FAILURE_MODE_BUFFER_SIZE; i++) {
+    /* check if the last byte was incremented by 1, including integer
+     * wrapping */
+    if (buf[i] - buf[i-1] != 1 && buf[i-1] - buf[i] != 255) {
+      return 0;
+    }
+  }
+
+  return -1;
+}
+
+#undef FAILURE_MODE_BUFFER_SIZE
+
+static void
+test_crypto_failure_modes(void *arg)
+{
+  int rv = 0;
+  (void)arg;
+
+  rv = crypto_early_init();
+  tt_assert(rv == 0);
+
+  /* Check random works */
+  rv = crypto_rand_check_failure_mode_zero();
+  tt_assert(rv == 0);
+
+  rv = crypto_rand_check_failure_mode_identical();
+  tt_assert(rv == 0);
+
+  rv = crypto_rand_check_failure_mode_predict();
+  tt_assert(rv == 0);
+
+ done:
+  ;
 }
-static const struct testcase_setup_t pass_data = {
-  pass_data_setup_fn, pass_data_cleanup_fn
-};
 
 #define CRYPTO_LEGACY(name)                                            \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_crypto_ ## name }
+  { #name, test_crypto_ ## name , 0, NULL, NULL }
+
+#define ED25519_TEST_ONE(name, fl, which)                               \
+  { #name "/ed25519_" which, test_crypto_ed25519_ ## name, (fl),        \
+    &ed25519_test_setup, (void*)which }
+
+#define ED25519_TEST(name, fl)                  \
+  ED25519_TEST_ONE(name, (fl), "donna"),        \
+  ED25519_TEST_ONE(name, (fl), "ref10")
 
 struct testcase_t crypto_tests[] = {
   CRYPTO_LEGACY(formats),
   CRYPTO_LEGACY(rng),
-  { "aes_AES", test_crypto_aes, TT_FORK, &pass_data, (void*)"aes" },
-  { "aes_EVP", test_crypto_aes, TT_FORK, &pass_data, (void*)"evp" },
+  { "rng_range", test_crypto_rng_range, 0, NULL, NULL },
+  { "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL },
+  { "aes_AES", test_crypto_aes, TT_FORK, &passthrough_setup, (void*)"aes" },
+  { "aes_EVP", test_crypto_aes, TT_FORK, &passthrough_setup, (void*)"evp" },
   CRYPTO_LEGACY(sha),
   CRYPTO_LEGACY(pk),
   { "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
+  { "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL },
   CRYPTO_LEGACY(digests),
+  { "sha3", test_crypto_sha3, TT_FORK, NULL, NULL},
+  { "sha3_xof", test_crypto_sha3_xof, TT_FORK, NULL, NULL},
   CRYPTO_LEGACY(dh),
-  CRYPTO_LEGACY(s2k),
-  { "aes_iv_AES", test_crypto_aes_iv, TT_FORK, &pass_data, (void*)"aes" },
-  { "aes_iv_EVP", test_crypto_aes_iv, TT_FORK, &pass_data, (void*)"evp" },
+  { "aes_iv_AES", test_crypto_aes_iv, TT_FORK, &passthrough_setup,
+    (void*)"aes" },
+  { "aes_iv_EVP", test_crypto_aes_iv, TT_FORK, &passthrough_setup,
+    (void*)"evp" },
   CRYPTO_LEGACY(base32_decode),
   { "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
   { "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
-#ifdef CURVE25519_ENABLED
   { "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
   { "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
+  { "curve25519_basepoint",
+    test_crypto_curve25519_basepoint, TT_FORK, NULL, NULL },
   { "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
   { "curve25519_encode", test_crypto_curve25519_encode, 0, NULL, NULL },
   { "curve25519_persist", test_crypto_curve25519_persist, 0, NULL, NULL },
-#endif
+  ED25519_TEST(simple, 0),
+  ED25519_TEST(test_vectors, 0),
+  ED25519_TEST(encode, 0),
+  ED25519_TEST(convert, 0),
+  ED25519_TEST(blinding, 0),
+  ED25519_TEST(testvectors, 0),
+  ED25519_TEST(fuzz_donna, TT_FORK),
   { "siphash", test_crypto_siphash, 0, NULL, NULL },
+  { "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c
new file mode 100644
index 0000000000..6f3e40e0ab
--- /dev/null
+++ b/src/test/test_crypto_slow.c
@@ -0,0 +1,532 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#define CRYPTO_S2K_PRIVATE
+#include "or.h"
+#include "test.h"
+#include "crypto_s2k.h"
+#include "crypto_pwbox.h"
+
+#if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
+#define HAVE_LIBSCRYPT
+#include <libscrypt.h>
+#endif
+
+#include <openssl/evp.h>
+
+/** Run unit tests for our secret-to-key passphrase hashing functionality. */
+static void
+test_crypto_s2k_rfc2440(void *arg)
+{
+  char buf[29];
+  char buf2[29];
+  char *buf3 = NULL;
+  int i;
+
+  (void)arg;
+  memset(buf, 0, sizeof(buf));
+  memset(buf2, 0, sizeof(buf2));
+  buf3 = tor_malloc(65536);
+  memset(buf3, 0, 65536);
+
+  secret_to_key_rfc2440(buf+9, 20, "", 0, buf);
+  crypto_digest(buf2+9, buf3, 1024);
+  tt_mem_op(buf,OP_EQ, buf2, 29);
+
+  memcpy(buf,"vrbacrda",8);
+  memcpy(buf2,"vrbacrda",8);
+  buf[8] = 96;
+  buf2[8] = 96;
+  secret_to_key_rfc2440(buf+9, 20, "12345678", 8, buf);
+  for (i = 0; i < 65536; i += 16) {
+    memcpy(buf3+i, "vrbacrda12345678", 16);
+  }
+  crypto_digest(buf2+9, buf3, 65536);
+  tt_mem_op(buf,OP_EQ, buf2, 29);
+
+ done:
+  tor_free(buf3);
+}
+
+static void
+run_s2k_tests(const unsigned flags, const unsigned type,
+              int speclen, const int keylen, int legacy)
+{
+  uint8_t buf[S2K_MAXLEN], buf2[S2K_MAXLEN], buf3[S2K_MAXLEN];
+  int r;
+  size_t sz;
+  const char pw1[] = "You can't come in here unless you say swordfish!";
+  const char pw2[] = "Now, I give you one more guess.";
+
+  r = secret_to_key_new(buf, sizeof(buf), &sz,
+                        pw1, strlen(pw1), flags);
+  tt_int_op(r, OP_EQ, S2K_OKAY);
+  tt_int_op(buf[0], OP_EQ, type);
+
+  tt_int_op(sz, OP_EQ, keylen + speclen);
+
+  if (legacy) {
+    memmove(buf, buf+1, sz-1);
+    --sz;
+    --speclen;
+  }
+
+  tt_int_op(S2K_OKAY, OP_EQ,
+            secret_to_key_check(buf, sz, pw1, strlen(pw1)));
+
+  tt_int_op(S2K_BAD_SECRET, OP_EQ,
+            secret_to_key_check(buf, sz, pw2, strlen(pw2)));
+
+  /* Move key to buf2, and clear it. */
+  memset(buf3, 0, sizeof(buf3));
+  memcpy(buf2, buf+speclen, keylen);
+  memset(buf+speclen, 0, sz - speclen);
+
+  /* Derivekey should produce the same results. */
+  tt_int_op(S2K_OKAY, OP_EQ,
+      secret_to_key_derivekey(buf3, keylen, buf, speclen, pw1, strlen(pw1)));
+
+  tt_mem_op(buf2, OP_EQ, buf3, keylen);
+
+  /* Derivekey with a longer output should fill the output. */
+  memset(buf2, 0, sizeof(buf2));
+  tt_int_op(S2K_OKAY, OP_EQ,
+   secret_to_key_derivekey(buf2, sizeof(buf2), buf, speclen,
+                           pw1, strlen(pw1)));
+
+  tt_mem_op(buf2, OP_NE, buf3, sizeof(buf2));
+
+  memset(buf3, 0, sizeof(buf3));
+  tt_int_op(S2K_OKAY, OP_EQ,
+            secret_to_key_derivekey(buf3, sizeof(buf3), buf, speclen,
+                                    pw1, strlen(pw1)));
+  tt_mem_op(buf2, OP_EQ, buf3, sizeof(buf3));
+  tt_assert(!tor_mem_is_zero((char*)buf2+keylen, sizeof(buf2)-keylen));
+
+ done:
+  ;
+}
+
+static void
+test_crypto_s2k_general(void *arg)
+{
+  const char *which = arg;
+
+  if (!strcmp(which, "scrypt")) {
+    run_s2k_tests(0, 2, 19, 32, 0);
+  } else if (!strcmp(which, "scrypt-low")) {
+    run_s2k_tests(S2K_FLAG_LOW_MEM, 2, 19, 32, 0);
+  } else if (!strcmp(which, "pbkdf2")) {
+    run_s2k_tests(S2K_FLAG_USE_PBKDF2, 1, 18, 20, 0);
+  } else if (!strcmp(which, "rfc2440")) {
+    run_s2k_tests(S2K_FLAG_NO_SCRYPT, 0, 10, 20, 0);
+  } else if (!strcmp(which, "rfc2440-legacy")) {
+    run_s2k_tests(S2K_FLAG_NO_SCRYPT, 0, 10, 20, 1);
+  } else {
+    tt_fail();
+  }
+}
+
+#if defined(HAVE_LIBSCRYPT) && defined(HAVE_EVP_PBE_SCRYPT)
+static void
+test_libscrypt_eq_openssl(void *arg)
+{
+  uint8_t buf1[64];
+  uint8_t buf2[64];
+
+  uint64_t N, r, p;
+  uint64_t maxmem = 0; // --> SCRYPT_MAX_MEM in OpenSSL.
+
+  int libscrypt_retval, openssl_retval;
+
+  size_t dk_len = 64;
+
+  (void)arg;
+
+  memset(buf1,0,64);
+  memset(buf2,0,64);
+
+  /* NOTE: we're using N,r the way OpenSSL and libscrypt define them,
+   * not the way draft-josefsson-scrypt-kdf-00.txt define them.
+   */
+  N = 16;
+  r = 1;
+  p = 1;
+
+  libscrypt_retval =
+  libscrypt_scrypt((const uint8_t *)"", 0, (const uint8_t *)"", 0,
+                   N, r, p, buf1, dk_len);
+  openssl_retval =
+  EVP_PBE_scrypt((const char *)"", 0, (const unsigned char *)"", 0,
+                  N, r, p, maxmem, buf2, dk_len);
+
+  tt_int_op(libscrypt_retval, ==, 0);
+  tt_int_op(openssl_retval, ==, 1);
+
+  tt_mem_op(buf1, ==, buf2, 64);
+
+  memset(buf1,0,64);
+  memset(buf2,0,64);
+
+  N = 1024;
+  r = 8;
+  p = 16;
+
+  libscrypt_retval =
+  libscrypt_scrypt((const uint8_t *)"password", strlen("password"),
+                   (const uint8_t *)"NaCl", strlen("NaCl"),
+                   N, r, p, buf1, dk_len);
+  openssl_retval =
+  EVP_PBE_scrypt((const char *)"password", strlen("password"),
+                 (const unsigned char *)"NaCl", strlen("NaCl"),
+                 N, r, p, maxmem, buf2, dk_len);
+
+  tt_int_op(libscrypt_retval, ==, 0);
+  tt_int_op(openssl_retval, ==, 1);
+
+  tt_mem_op(buf1, ==, buf2, 64);
+
+  memset(buf1,0,64);
+  memset(buf2,0,64);
+
+  N = 16384;
+  r = 8;
+  p = 1;
+
+  libscrypt_retval =
+  libscrypt_scrypt((const uint8_t *)"pleaseletmein",
+                   strlen("pleaseletmein"),
+                   (const uint8_t *)"SodiumChloride",
+                   strlen("SodiumChloride"),
+                   N, r, p, buf1, dk_len);
+  openssl_retval =
+  EVP_PBE_scrypt((const char *)"pleaseletmein",
+                 strlen("pleaseletmein"),
+                 (const unsigned char *)"SodiumChloride",
+                 strlen("SodiumChloride"),
+                 N, r, p, maxmem, buf2, dk_len);
+
+  tt_int_op(libscrypt_retval, ==, 0);
+  tt_int_op(openssl_retval, ==, 1);
+
+  tt_mem_op(buf1, ==, buf2, 64);
+
+  memset(buf1,0,64);
+  memset(buf2,0,64);
+
+  N = 1048576;
+  maxmem = 2 * 1024 * 1024 * (uint64_t)1024; // 2 GB
+
+  libscrypt_retval =
+  libscrypt_scrypt((const uint8_t *)"pleaseletmein",
+                   strlen("pleaseletmein"),
+                   (const uint8_t *)"SodiumChloride",
+                   strlen("SodiumChloride"),
+                   N, r, p, buf1, dk_len);
+  openssl_retval =
+  EVP_PBE_scrypt((const char *)"pleaseletmein",
+                 strlen("pleaseletmein"),
+                 (const unsigned char *)"SodiumChloride",
+                 strlen("SodiumChloride"),
+                 N, r, p, maxmem, buf2, dk_len);
+
+  tt_int_op(libscrypt_retval, ==, 0);
+  tt_int_op(openssl_retval, ==, 1);
+
+  tt_mem_op(buf1, ==, buf2, 64);
+
+  done:
+  return;
+}
+#endif
+
+static void
+test_crypto_s2k_errors(void *arg)
+{
+  uint8_t buf[S2K_MAXLEN], buf2[S2K_MAXLEN];
+  size_t sz;
+
+  (void)arg;
+
+  /* Bogus specifiers: simple */
+  tt_int_op(S2K_BAD_LEN, OP_EQ,
+            secret_to_key_derivekey(buf, sizeof(buf),
+                                    (const uint8_t*)"", 0, "ABC", 3));
+  tt_int_op(S2K_BAD_ALGORITHM, OP_EQ,
+            secret_to_key_derivekey(buf, sizeof(buf),
+                                    (const uint8_t*)"\x10", 1, "ABC", 3));
+  tt_int_op(S2K_BAD_LEN, OP_EQ,
+            secret_to_key_derivekey(buf, sizeof(buf),
+                                    (const uint8_t*)"\x01\x02", 2, "ABC", 3));
+
+  tt_int_op(S2K_BAD_LEN, OP_EQ,
+            secret_to_key_check((const uint8_t*)"", 0, "ABC", 3));
+  tt_int_op(S2K_BAD_ALGORITHM, OP_EQ,
+            secret_to_key_check((const uint8_t*)"\x10", 1, "ABC", 3));
+  tt_int_op(S2K_BAD_LEN, OP_EQ,
+            secret_to_key_check((const uint8_t*)"\x01\x02", 2, "ABC", 3));
+
+  /* too long gets "BAD_LEN" too */
+  memset(buf, 0, sizeof(buf));
+  buf[0] = 2;
+  tt_int_op(S2K_BAD_LEN, OP_EQ,
+            secret_to_key_derivekey(buf2, sizeof(buf2),
+                                    buf, sizeof(buf), "ABC", 3));
+
+  /* Truncated output */
+#ifdef HAVE_LIBSCRYPT
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_new(buf, 50, &sz,
+                                                 "ABC", 3, 0));
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_new(buf, 50, &sz,
+                                                 "ABC", 3, S2K_FLAG_LOW_MEM));
+#endif
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_new(buf, 37, &sz,
+                                              "ABC", 3, S2K_FLAG_USE_PBKDF2));
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_new(buf, 29, &sz,
+                                              "ABC", 3, S2K_FLAG_NO_SCRYPT));
+
+#ifdef HAVE_LIBSCRYPT
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_make_specifier(buf, 18, 0));
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_make_specifier(buf, 18,
+                                                 S2K_FLAG_LOW_MEM));
+#endif
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_make_specifier(buf, 17,
+                                                 S2K_FLAG_USE_PBKDF2));
+  tt_int_op(S2K_TRUNCATED, OP_EQ, secret_to_key_make_specifier(buf, 9,
+                                                 S2K_FLAG_NO_SCRYPT));
+
+  /* Now try using type-specific bogus specifiers. */
+
+  /* It's a bad pbkdf2 buffer if it has an iteration count that would overflow
+   * int32_t. */
+  memset(buf, 0, sizeof(buf));
+  buf[0] = 1; /* pbkdf2 */
+  buf[17] = 100; /* 1<<100 is much bigger than INT32_MAX */
+  tt_int_op(S2K_BAD_PARAMS, OP_EQ,
+            secret_to_key_derivekey(buf2, sizeof(buf2),
+                                    buf, 18, "ABC", 3));
+
+#ifdef HAVE_LIBSCRYPT
+  /* It's a bad scrypt buffer if N would overflow uint64 */
+  memset(buf, 0, sizeof(buf));
+  buf[0] = 2; /* scrypt */
+  buf[17] = 100; /* 1<<100 is much bigger than UINT64_MAX */
+  tt_int_op(S2K_BAD_PARAMS, OP_EQ,
+            secret_to_key_derivekey(buf2, sizeof(buf2),
+                                    buf, 19, "ABC", 3));
+#endif
+
+ done:
+  ;
+}
+
+static void
+test_crypto_scrypt_vectors(void *arg)
+{
+  char *mem_op_hex_tmp = NULL;
+  uint8_t spec[64], out[64];
+
+  (void)arg;
+#ifndef HAVE_LIBSCRYPT
+  if (1)
+    tt_skip();
+#endif
+
+  /* Test vectors from
+     http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00 section 11.
+
+     Note that the names of 'r' and 'N' are switched in that section. Or
+     possibly in libscrypt.
+  */
+
+  base16_decode((char*)spec, sizeof(spec),
+                "0400", 4);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(64, OP_EQ,
+            secret_to_key_compute_key(out, 64, spec, 2, "", 0, 2));
+  test_memeq_hex(out,
+                 "77d6576238657b203b19ca42c18a0497"
+                 "f16b4844e3074ae8dfdffa3fede21442"
+                 "fcd0069ded0948f8326a753a0fc81f17"
+                 "e8d3e0fb2e0d3628cf35e20c38d18906");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "4e61436c" "0A34", 12);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(64, OP_EQ,
+            secret_to_key_compute_key(out, 64, spec, 6, "password", 8, 2));
+  test_memeq_hex(out,
+                 "fdbabe1c9d3472007856e7190d01e9fe"
+                 "7c6ad7cbc8237830e77376634b373162"
+                 "2eaf30d92e22a3886ff109279d9830da"
+                 "c727afb94a83ee6d8360cbdfa2cc0640");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "536f6469756d43686c6f72696465" "0e30", 32);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(64, OP_EQ,
+            secret_to_key_compute_key(out, 64, spec, 16,
+                                      "pleaseletmein", 13, 2));
+  test_memeq_hex(out,
+                 "7023bdcb3afd7348461c06cd81fd38eb"
+                 "fda8fbba904f8e3ea9b543f6545da1f2"
+                 "d5432955613f0fcf62d49705242a9af9"
+                 "e61e85dc0d651e40dfcf017b45575887");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "536f6469756d43686c6f72696465" "1430", 32);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(64, OP_EQ,
+            secret_to_key_compute_key(out, 64, spec, 16,
+                                      "pleaseletmein", 13, 2));
+  test_memeq_hex(out,
+                 "2101cb9b6a511aaeaddbbe09cf70f881"
+                 "ec568d574a2ffd4dabe5ee9820adaa47"
+                 "8e56fd8f4ba5d09ffa1c6d927c40f4c3"
+                 "37304049e8a952fbcbf45c6fa77a41a4");
+
+ done:
+  tor_free(mem_op_hex_tmp);
+}
+
+static void
+test_crypto_pbkdf2_vectors(void *arg)
+{
+  char *mem_op_hex_tmp = NULL;
+  uint8_t spec[64], out[64];
+  (void)arg;
+
+  /* Test vectors from RFC6070, section 2 */
+  base16_decode((char*)spec, sizeof(spec),
+                "73616c74" "00" , 10);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(20, OP_EQ,
+            secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
+  test_memeq_hex(out, "0c60c80f961f0e71f3a9b524af6012062fe037a6");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "73616c74" "01" , 10);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(20, OP_EQ,
+            secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
+  test_memeq_hex(out, "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "73616c74" "0C" , 10);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(20, OP_EQ,
+            secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
+  test_memeq_hex(out, "4b007901b765489abead49d926f721d065a429c1");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "73616c74" "18" , 10);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(20, OP_EQ,
+            secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
+  test_memeq_hex(out, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "73616c7453414c5473616c7453414c5473616c745"
+                "3414c5473616c7453414c5473616c74" "0C" , 74);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(25, OP_EQ,
+            secret_to_key_compute_key(out, 25, spec, 37,
+                                      "passwordPASSWORDpassword", 24, 1));
+  test_memeq_hex(out, "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038");
+
+  base16_decode((char*)spec, sizeof(spec),
+                "7361006c74" "0c" , 12);
+  memset(out, 0x00, sizeof(out));
+  tt_int_op(16, OP_EQ,
+            secret_to_key_compute_key(out, 16, spec, 6, "pass\0word", 9, 1));
+  test_memeq_hex(out, "56fa6aa75548099dcc37d7f03425e0c3");
+
+ done:
+  tor_free(mem_op_hex_tmp);
+}
+
+static void
+test_crypto_pwbox(void *arg)
+{
+  uint8_t *boxed=NULL, *decoded=NULL;
+  size_t len, dlen;
+  unsigned i;
+  const char msg[] = "This bunny reminds you that you still have a "
+    "salamander in your sylladex. She is holding the bunny Dave got you. "
+    "It’s sort of uncanny how similar they are, aside from the knitted "
+    "enhancements. Seriously, what are the odds?? So weird.";
+  const char pw[] = "I'm a night owl and a wise bird too";
+
+  const unsigned flags[] = { 0,
+                             S2K_FLAG_NO_SCRYPT,
+                             S2K_FLAG_LOW_MEM,
+                             S2K_FLAG_NO_SCRYPT|S2K_FLAG_LOW_MEM,
+                             S2K_FLAG_USE_PBKDF2 };
+  (void)arg;
+
+  for (i = 0; i < ARRAY_LENGTH(flags); ++i) {
+    tt_int_op(0, OP_EQ, crypto_pwbox(&boxed, &len,
+                                  (const uint8_t*)msg, strlen(msg),
+                                  pw, strlen(pw), flags[i]));
+    tt_assert(boxed);
+    tt_assert(len > 128+32);
+
+    tt_int_op(0, OP_EQ, crypto_unpwbox(&decoded, &dlen, boxed, len,
+                                    pw, strlen(pw)));
+
+    tt_assert(decoded);
+    tt_uint_op(dlen, OP_EQ, strlen(msg));
+    tt_mem_op(decoded, OP_EQ, msg, dlen);
+
+    tor_free(decoded);
+
+    tt_int_op(UNPWBOX_BAD_SECRET, OP_EQ, crypto_unpwbox(&decoded, &dlen,
+                                                     boxed, len,
+                                                     pw, strlen(pw)-1));
+    boxed[len-1] ^= 1;
+    tt_int_op(UNPWBOX_BAD_SECRET, OP_EQ, crypto_unpwbox(&decoded, &dlen,
+                                                     boxed, len,
+                                                     pw, strlen(pw)));
+    boxed[0] = 255;
+    tt_int_op(UNPWBOX_CORRUPTED, OP_EQ, crypto_unpwbox(&decoded, &dlen,
+                                                    boxed, len,
+                                                    pw, strlen(pw)));
+
+    tor_free(boxed);
+  }
+
+ done:
+  tor_free(boxed);
+  tor_free(decoded);
+}
+
+#define CRYPTO_LEGACY(name)                                            \
+  { #name, test_crypto_ ## name , 0, NULL, NULL }
+
+struct testcase_t slow_crypto_tests[] = {
+  CRYPTO_LEGACY(s2k_rfc2440),
+#ifdef HAVE_LIBSCRYPT
+  { "s2k_scrypt", test_crypto_s2k_general, 0, &passthrough_setup,
+    (void*)"scrypt" },
+  { "s2k_scrypt_low", test_crypto_s2k_general, 0, &passthrough_setup,
+    (void*)"scrypt-low" },
+#ifdef HAVE_EVP_PBE_SCRYPT
+  { "libscrypt_eq_openssl", test_libscrypt_eq_openssl, 0, NULL, NULL },
+#endif
+#endif
+  { "s2k_pbkdf2", test_crypto_s2k_general, 0, &passthrough_setup,
+    (void*)"pbkdf2" },
+  { "s2k_rfc2440_general", test_crypto_s2k_general, 0, &passthrough_setup,
+    (void*)"rfc2440" },
+  { "s2k_rfc2440_legacy", test_crypto_s2k_general, 0, &passthrough_setup,
+    (void*)"rfc2440-legacy" },
+  { "s2k_errors", test_crypto_s2k_errors, 0, NULL, NULL },
+  { "scrypt_vectors", test_crypto_scrypt_vectors, 0, NULL, NULL },
+  { "pbkdf2_vectors", test_crypto_pbkdf2_vectors, 0, NULL, NULL },
+  { "pwbox", test_crypto_pwbox, 0, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_data.c b/src/test/test_data.c
index 0c51c98f1e..32de54bc84 100644
--- a/src/test/test_data.c
+++ b/src/test/test_data.c
@@ -1,6 +1,6 @@
 /* Copyright 2001-2004 Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Our unit test expect that the AUTHORITY_CERT_* public keys will sort
diff --git a/src/test/test_descriptors.inc b/src/test/test_descriptors.inc
new file mode 100644
index 0000000000..ecbccbd43a
--- /dev/null
+++ b/src/test/test_descriptors.inc
@@ -0,0 +1,305 @@
+const char TEST_DESCRIPTORS[] =
+"@uploaded-at 2014-06-08 19:20:11\n"
+"@source \"127.0.0.1\"\n"
+"router test000a 127.0.0.1 5000 0 7000\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint C7E7 CCB8 179F 8CC3 7F5C 8A04 2B3A 180B 934B 14BA\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest 67A152A4C7686FB07664F872620635F194D76D95\n"
+"caches-extra-info\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAOuBUIEBARMkkka/TGyaQNgUEDLP0KG7sy6KNQTNOlZHUresPr/vlVjo\n"
+"HPpLMfu9M2z18c51YX/muWwY9x4MyQooD56wI4+AqXQcJRwQfQlPn3Ay82uZViA9\n"
+"DpBajRieLlKKkl145KjArpD7F5BVsqccvjErgFYXvhhjSrx7BVLnAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAN6NLnSxWQnFXxqZi5D3b0BMgV6y9NJLGjYQVP+eWtPZWgqyv4zeYsqv\n"
+"O9y6c5lvxyUxmNHfoAbe/s8f2Vf3/YaC17asAVSln4ktrr3e9iY74a9RMWHv1Gzk\n"
+"3042nMcqj3PEhRN0PoLkcOZNjjmNbaqki6qy9bWWZDNTdo+uI44dAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"contact auth0@test.test\n"
+"ntor-onion-key pK4bs08ERYN591jj7ca17Rn9Q02TIEfhnjR6hSq+fhU=\n"
+"reject *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"rx88DuM3Y7tODlHNDDEVzKpwh3csaG1or+T4l2Xs1oq3iHHyPEtB6QTLYrC60trG\n"
+"aAPsj3DEowGfjga1b248g2dtic8Ab+0exfjMm1RHXfDam5TXXZU3A0wMyoHjqHuf\n"
+"eChGPgFNUvEc+5YtD27qEDcUjcinYztTs7/dzxBT4PE=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:11\n"
+"@source \"127.0.0.1\"\n"
+"router test001a 127.0.0.1 5001 0 7001\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint 35DA 711C FC62 F88B C243 DE32 DC0B C28A 3F62 2610\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest 9E12278D6CF7608071FE98CE9DCEE48FA264518A\n"
+"caches-extra-info\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAPbyUrorqoXMW4oezqd307ZGxgobqvQs2nb3TdQyWrwsHtJmS3utdrJS\n"
+"xJUZPNHOQ2hrDWW1VvevYqRTGeXGZr9TDZ3+t/gVUttqYRhuzzgEKVAZSsTo5ctO\n"
+"QNHnzJ6Xx/w/trhWqPTeJ7R0TCyAbWW7aE3KaKdwvZilRZp/oRUnAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBALwOJ7XZHBnjJEuwF3Os6eashNbTH9YnH8TBZBdKgu3iFJYqDslcMIPX\n"
+"gWCJ9apPHyh1+/8OLRWeEYlwoZzgGi0rjm/+BNeOOmJbjfyjk97DuB9/2O5zr1BM\n"
+"CvOHqQSzMD+vz1ebvfM039a2mO8lXruUFPZQaFVxk8371XP2khqhAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"contact auth1@test.test\n"
+"ntor-onion-key t5bI1ksTdigOksMKRHUDwx/34ajEvDN1IpArOxIEWgk=\n"
+"reject *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"KtMW7A/pzu+np6aKJSy6d7drIb4yjz8SPCo+oQNxj2IqNHJir2O2nWu69xy+K0c1\n"
+"RL05KkcDaYzr5hC80FD1H+sTpGYD28SPkQkzPw+0pReSDl93pVXh0rU6Cdcm75FC\n"
+"t0UZzDt4TsMuFB0ZYpM3phKcQPpiDG6aR0LskL/YUvY=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:11\n"
+"@source \"127.0.0.1\"\n"
+"router test004r 127.0.0.1 5004 0 7004\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:10\n"
+"fingerprint CC6A 48BD 52BD 9A2C 6670 5863 AC31 AE17 6E63 8B02\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest B5CC249CEF394B5AFCA0C77FA7D5605615FA487C\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAMze36Hupy7HACcF3TMv5mJuZbx3d3cS0WYLl6vTeChBgpS5CEXq6zIu\n"
+"d31YmtUcxH6fOjDOudhbnXuoh1nH4CP+LocVHAdlGG1giAm7u8yZudVvVJiIqFgQ\n"
+"wVDcWx8LbGCi5P9J/ZPKAIVsSyS7xkOqHjz3VMo/uYLbQCFAwfkdAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAM/qGP365x6bH+ug7rKVy7V5lC9Ff2Jfk0wlTFIzzwn+DMSG6xDvulKe\n"
+"wcIzgGNdQu7qlKlQUif3GPMr0KSS32cRsmoRQJcsm9+lGUK871NyZ8AyrHT+LhyF\n"
+"cs718P0iN5yKF2FikNr727kEANCzvC1l9eP4qF5GGzsNtglbJ7bTAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"ntor-onion-key a9Pavqnx7DFhMWUO0d17qF9Py8+iie4FnxTHaTgfIXY=\n"
+"reject *:25\n"
+"reject *:119\n"
+"reject *:135-139\n"
+"reject *:445\n"
+"reject *:563\n"
+"reject *:1214\n"
+"reject *:4661-4666\n"
+"reject *:6346-6429\n"
+"reject *:6699\n"
+"reject *:6881-6999\n"
+"accept *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"HVW7kjBgEt+Qdvcrq+NQE1F9B8uV9D38KA2Bp6cYHLWCxL6N4GS8JQqbOEtnqaj7\n"
+"Vxrv7uy1Fzb15Zr+1sUVMxNv+LLRfr+JzfETMNYVkYDrNgr1cAAVEQzFWbIziond\n"
+"xMFp64yjEW9/I+82lb5GBZEiKdEd4QqWMmQosoYMTM8=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:12\n"
+"@source \"127.0.0.1\"\n"
+"router test002a 127.0.0.1 5002 0 7002\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint 29C7 BBB6 C437 32D5 BDF1 5671 F5C5 F1FB 6E36 4B47\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest 9BB181EA86E0130680C3CC04AD7DE4C341ADC2C7\n"
+"caches-extra-info\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBALNH19oF8Ajf+djlH/g7L+enFBf5Wwjmf3bPwNKWZ9G+B+Lg8SpfhZiw\n"
+"rUqi7h21f45BV/dN05dK6leWD8rj1T9kuM9TKBOEZxIWeq7zbXihyu4XPxP4FNTS\n"
+"+0G7BhdP4biALENmeyLhUCZaw5Ic/jFkHT4gV9S0iVZiEDwC9twXAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBALeyQGMQBHgTxpO/i30uHjflTm9MNi3ZBNcOKpvBXWYgY42qTqOZ7Uam\n"
+"c5pmZhTLrQ1W8XlGDw8Cl8ktZ0ylodLZyUNajBtJvSFWTb8iwdZsshW6Ahb8TyfI\n"
+"Y7MwTlQ/7xw4mj1NEaui6bwGgEZUs18RTqhDrUc2Mcj1Yf61Rq+7AgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"contact auth2@test.test\n"
+"ntor-onion-key ukR41RjtiZ69KO0SrFTvL0LoZK/ZTT01FQWmCXTCUlE=\n"
+"reject *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"IY2s/RY4tdahrgfGG+vW7lOvpfofoxxSo7guGpSKGxVApiroCQtumoYifnnJ88G2\n"
+"K4IbxwEO8pgO8fnz1mibblUWw2vdDNjCifc1wtXJUE+ONA0UcLRlfQ94GbL8h2PG\n"
+"72z6i1+NN0QahXMk7MUbzI7bOXTJOiO8e2Zjk9vRnxI=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:12\n"
+"@source \"127.0.0.1\"\n"
+"router test006r 127.0.0.1 5006 0 7006\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint 829B 3FAA A42B 605A EB0B F380 8F32 8ED1 73E7 0D25\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest 7ECB757002EB9B5838B13AE6F2357A5E585131B8\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBALsNBChcLVndlS4HNXL3hxBJVgXctATz6yXcJt3bkDB5cjv7Q9fqN3Ue\n"
+"j3SI1OUBx4YrLcSLD/hELHVilLrrfbaraAFfAsydlRLjTVcMRx5FFlDd0E7TAadc\n"
+"71CkTipNnjwqz1mTRKkEFeepnh/JaFDidY9ER1rMBA5JRyBvqrD9AgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAPgipA8yLj1kqrMlAH7cK7IQEdmqmfNHGXdkYQ+TKtfLh0zeEIvvh9yh\n"
+"k+vKHS+HVoHo3tecB9QjJyDyyJTiETXCupSOY+ebG648JADAvv8v1WiE+KBXtjpl\n"
+"qgDTrDj5CwGuY6cvQdej5yg1UAVlMMZSg3thL3tCYtQbOq66lAlnAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"ntor-onion-key q02F3AQsCX7+zXNpfTqBF8O8lusPhRJpQVxOnBvbOwc=\n"
+"reject *:25\n"
+"reject *:119\n"
+"reject *:135-139\n"
+"reject *:445\n"
+"reject *:563\n"
+"reject *:1214\n"
+"reject *:4661-4666\n"
+"reject *:6346-6429\n"
+"reject *:6699\n"
+"reject *:6881-6999\n"
+"accept *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"L1fdgoN/eXgdzIIXO63W4yGoC9lRozMU+T0Fimhd/XFV8qxeUT83Vgf63vxLUHIb\n"
+"D4a80Wj7Pm4y5a766qLGXxlz2FYjCdkp070UpgZneB+VifUlFd/bNAjsiYTstBKM\n"
+"EI2L0mhl9d/7KK8vgtadHdX1z1u7QjyF6ccnzhfqeiY=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:12\n"
+"@source \"127.0.0.1\"\n"
+"router test003r 127.0.0.1 5003 0 7003\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint 71FD 3A35 F705 8020 D595 B711 D52A 9A0A 99BB B467\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest 3796BE0A95B699595445DFD3453CA2074E75BCE8\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAL44ctIioIfCYFzMTYNfK5qFAPGGUpsAFmS8pThQEY/tJU14+frJDBrC\n"
+"BkLvBs05Bw7xOUb0f2geiYGowBA6028smiq5HzTO7Kaga8vfV7AnANPX+n9cfHCr\n"
+"/2cMnKkT/GZzpdk0WbUw5Kc/G1ATIPFQHA8gZAi1fsSIDDn3GRV5AgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBALlPo5AI1mVTi+194yOSf40caoFlxSTfXt8KjGVa1dO/bpX7L3noOjYg\n"
+"goU4Aqim7BHmBWQDE/tZNTrchFoLQFHi9N4pv/0ND3sY904pzqGpe3FeTuU8P9Jg\n"
+"q2w3MeO3GwG8CJf4FOdSkgi8UKkJhOld4g4kViQbrFLXfdFvnT/zAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"ntor-onion-key qluYCRrsesOTkavCLnNK6H1ToywyDquCyYeP0h/qol4=\n"
+"reject *:25\n"
+"reject *:119\n"
+"reject *:135-139\n"
+"reject *:445\n"
+"reject *:563\n"
+"reject *:1214\n"
+"reject *:4661-4666\n"
+"reject *:6346-6429\n"
+"reject *:6699\n"
+"reject *:6881-6999\n"
+"accept *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"d09K7rW/OpVzoUpfZXJuJW7a+P4pROCOZTgvDUIy/Nv+EAjcYqv95PlJ8cAMqnn3\n"
+"1oQibRmmQwn0OmG5cB8NaZiueaVIRheGzHEM8rndpHn5oFXdFvV7KKjScvfuBbTk\n"
+"RYME8XyawRaqsEZnwirDDlZuiZOjdQs8bbGsko3grJE=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:12\n"
+"@source \"127.0.0.1\"\n"
+"router test005r 127.0.0.1 5005 0 7005\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint EB6E 42ED E6BF 5EE0 19F5 EFC1 53AD 094C 1327 7B76\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest C031EE4E1AE826C1E3C4E21D81C961869E63F5D2\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAMd9Fm4KTSjFDzEABPZ1fwBCC2DNgee6nAmlde8FRbCVfcIHRiJyv9YG\n"
+"h530yUJal3hBfiWwy/SBA4LDz1flNCEwJm81s3waj4T9c676dAOLPcnOcJM5SbaQ\n"
+"hYPDrIZLEZHAk+IoM+avKYYocwCJXwx6WTtsedF0wJBZ9mQAJERJAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAKT7ldhV43S1CgoER/pU0Rigf0NzcSy25DQJrMRQnNmXnL03Dwuv/Iu7\n"
+"dCjgg64odnvSkXHFhkbjGcg8aXikvfbMyZTbsD8NrrP6FS6pfgPgZD9W2TK7QdHI\n"
+"QXwx1IYaaJK4nDUNfJhjrclydEdxmHbO1nLG1aS0ypn/G0EBpOSnAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"ntor-onion-key umFmyRPA0dIsi0CFYCbGIPe2+OUkyslTkKKDEohjQQg=\n"
+"reject *:25\n"
+"reject *:119\n"
+"reject *:135-139\n"
+"reject *:445\n"
+"reject *:563\n"
+"reject *:1214\n"
+"reject *:4661-4666\n"
+"reject *:6346-6429\n"
+"reject *:6699\n"
+"reject *:6881-6999\n"
+"accept *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"JiXEbqPgDPWEb9DzCYINRXfmvMIc/IRtvshS8Vmmn7DW67TrTLKCEAnisGo92gMA\n"
+"bhxGb9G5Mxq/8YqGoqdI2Vp6tfKlz/9AmjHzFAo01y42gafXIdr1oUS2RimA8jfF\n"
+"hwfQkbG0FYEsJrH3EUa8sMhcjsEaohK/kgklMR7OgQY=\n"
+"-----END SIGNATURE-----\n"
+"@uploaded-at 2014-06-08 19:20:12\n"
+"@source \"127.0.0.1\"\n"
+"router test007r 127.0.0.1 5007 0 7007\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint DABD 2AAF 8C9F 3B71 7839 9C08 DCD8 CD9D 341D 0002\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest F80104A0DFFB4EB429325D41D1F71E5BF8C6C726\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAL42fYAriR/JeB/9NpVq5Y5EEHca+ugIpaSdRfbopWDtFjXLEk2jmO5A\n"
+"KoAGIkTKDr7e9101x63H+0Nh/7w3uYs/WqTXEH8/1sHwe+0PY2HL0S6qhlOo6X54\n"
+"EfK0nDDBAWFOpyiAMHRk8JVikKb56+FVIhCJgi1RIbLIiUQK2/kxAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAKQj2U5hmB68V6NQBqD8DfIkJjovvM8t6nGfYpkT8ORsROnmgI5mjM38\n"
+"cmh5GIjY9RgoOWolLmsWQ4SXtS0FvrPft1M61UMTSHzlrEeuod5KenV7vGlX2TxT\n"
+"0DoA5TL9yY7CmxCk8CNRCtN/g7WocgIiP4KCIiEZ4VE6LIb6sxUnAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"ntor-onion-key 1UBS8rTlL39u9YxRJWhz+GTG1dS15VRi4au1i5qZOyI=\n"
+"reject *:25\n"
+"reject *:119\n"
+"reject *:135-139\n"
+"reject *:445\n"
+"reject *:563\n"
+"reject *:1214\n"
+"reject *:4661-4666\n"
+"reject *:6346-6429\n"
+"reject *:6699\n"
+"reject *:6881-6999\n"
+"accept *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"m7xHh+XPdLN+qcMLz1dBAEAmcdCFrtdseMHCc0FyAP2kXdayxqe3o2IOOHN++bTH\n"
+"Y5iHsZembsIJJ+D/d0YEKWKh42TUWCXBu0Gbfc4OcNuR6PFlTWO2wk7rDT3HOiFr\n"
+"pe3wJqZYkLxlBDamROAlMMRe71iag89H/4EulC18opw=\n"
+"-----END SIGNATURE-----\n";
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index c03b63be27..26b0e72a9a 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -1,79 +1,102 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
 #include <math.h>
 
+#define CONFIG_PRIVATE
 #define DIRSERV_PRIVATE
 #define DIRVOTE_PRIVATE
 #define ROUTER_PRIVATE
 #define ROUTERLIST_PRIVATE
 #define HIBERNATE_PRIVATE
 #define NETWORKSTATUS_PRIVATE
+#define RELAY_PRIVATE
+
 #include "or.h"
+#include "confparse.h"
 #include "config.h"
+#include "crypto_ed25519.h"
 #include "directory.h"
 #include "dirserv.h"
 #include "dirvote.h"
 #include "hibernate.h"
+#include "memarea.h"
 #include "networkstatus.h"
 #include "router.h"
+#include "routerkeys.h"
 #include "routerlist.h"
 #include "routerparse.h"
+#include "routerset.h"
 #include "test.h"
+#include "test_dir_common.h"
+#include "torcert.h"
+#include "relay.h"
+
+#define NS_MODULE dir
 
 static void
-test_dir_nicknames(void)
+test_dir_nicknames(void *arg)
 {
-  test_assert( is_legal_nickname("a"));
-  test_assert(!is_legal_nickname(""));
-  test_assert(!is_legal_nickname("abcdefghijklmnopqrst")); /* 20 chars */
-  test_assert(!is_legal_nickname("hyphen-")); /* bad char */
-  test_assert( is_legal_nickname("abcdefghijklmnopqrs")); /* 19 chars */
-  test_assert(!is_legal_nickname("$AAAAAAAA01234AAAAAAAAAAAAAAAAAAAAAAAAAAA"));
+  (void)arg;
+  tt_assert( is_legal_nickname("a"));
+  tt_assert(!is_legal_nickname(""));
+  tt_assert(!is_legal_nickname("abcdefghijklmnopqrst")); /* 20 chars */
+  tt_assert(!is_legal_nickname("hyphen-")); /* bad char */
+  tt_assert( is_legal_nickname("abcdefghijklmnopqrs")); /* 19 chars */
+  tt_assert(!is_legal_nickname("$AAAAAAAA01234AAAAAAAAAAAAAAAAAAAAAAAAAAA"));
   /* valid */
-  test_assert( is_legal_nickname_or_hexdigest(
+  tt_assert( is_legal_nickname_or_hexdigest(
                                  "$AAAAAAAA01234AAAAAAAAAAAAAAAAAAAAAAAAAAA"));
-  test_assert( is_legal_nickname_or_hexdigest(
+  tt_assert( is_legal_nickname_or_hexdigest(
                          "$AAAAAAAA01234AAAAAAAAAAAAAAAAAAAAAAAAAAA=fred"));
-  test_assert( is_legal_nickname_or_hexdigest(
+  tt_assert( is_legal_nickname_or_hexdigest(
                          "$AAAAAAAA01234AAAAAAAAAAAAAAAAAAAAAAAAAAA~fred"));
   /* too short */
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                                  "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"));
   /* illegal char */
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                                  "$AAAAAAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"));
   /* hex part too long */
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                          "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"));
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                          "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=fred"));
   /* Bad nickname */
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                          "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="));
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                          "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~"));
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                        "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~hyphen-"));
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                        "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~"
                        "abcdefghijklmnoppqrst"));
   /* Bad extra char. */
-  test_assert(!is_legal_nickname_or_hexdigest(
+  tt_assert(!is_legal_nickname_or_hexdigest(
                          "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!"));
-  test_assert(is_legal_nickname_or_hexdigest("xyzzy"));
-  test_assert(is_legal_nickname_or_hexdigest("abcdefghijklmnopqrs"));
-  test_assert(!is_legal_nickname_or_hexdigest("abcdefghijklmnopqrst"));
+  tt_assert(is_legal_nickname_or_hexdigest("xyzzy"));
+  tt_assert(is_legal_nickname_or_hexdigest("abcdefghijklmnopqrs"));
+  tt_assert(!is_legal_nickname_or_hexdigest("abcdefghijklmnopqrst"));
  done:
   ;
 }
 
+static smartlist_t *mocked_configured_ports = NULL;
+
+/** Returns mocked_configured_ports */
+static const smartlist_t *
+mock_get_configured_ports(void)
+{
+  return mocked_configured_ports;
+}
+
 /** Run unit tests for router descriptor generation logic. */
 static void
-test_dir_formats(void)
+test_dir_formats(void *arg)
 {
   char *buf = NULL;
   char buf2[8192];
@@ -86,13 +109,17 @@ test_dir_formats(void)
   routerinfo_t *rp1 = NULL, *rp2 = NULL;
   addr_policy_t *ex1, *ex2;
   routerlist_t *dir1 = NULL, *dir2 = NULL;
+  uint8_t *rsa_cc = NULL;
   or_options_t *options = get_options_mutable();
   const addr_policy_t *p;
+  time_t now = time(NULL);
+  port_cfg_t orport, dirport;
 
+  (void)arg;
   pk1 = pk_generate(0);
   pk2 = pk_generate(1);
 
-  test_assert(pk1 && pk2);
+  tt_assert(pk1 && pk2);
 
   hibernate_set_state_for_testing_(HIBERNATE_STATE_LIVE);
 
@@ -102,6 +129,7 @@ test_dir_formats(void)
   r1->cache_info.published_on = 0;
   r1->or_port = 9000;
   r1->dir_port = 9003;
+  r1->supports_tunnelled_dir_requests = 1;
   tor_addr_parse(&r1->ipv6_addr, "1:2:3:4::");
   r1->ipv6_orport = 9999;
   r1->onion_pkey = crypto_pk_dup_key(pk1);
@@ -125,14 +153,33 @@ test_dir_formats(void)
   ex2->prt_min = ex2->prt_max = 24;
   r2 = tor_malloc_zero(sizeof(routerinfo_t));
   r2->addr = 0x0a030201u; /* 10.3.2.1 */
+  ed25519_keypair_t kp1, kp2;
+  ed25519_secret_key_from_seed(&kp1.seckey,
+                          (const uint8_t*)"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY");
+  ed25519_public_key_generate(&kp1.pubkey, &kp1.seckey);
+  ed25519_secret_key_from_seed(&kp2.seckey,
+                          (const uint8_t*)"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+  ed25519_public_key_generate(&kp2.pubkey, &kp2.seckey);
+  r2->cache_info.signing_key_cert = tor_cert_create(&kp1,
+                                         CERT_TYPE_ID_SIGNING,
+                                         &kp2.pubkey,
+                                         now, 86400,
+                                         CERT_FLAG_INCLUDE_SIGNING_KEY);
+  char cert_buf[256];
+  base64_encode(cert_buf, sizeof(cert_buf),
+                (const char*)r2->cache_info.signing_key_cert->encoded,
+                r2->cache_info.signing_key_cert->encoded_len,
+                BASE64_ENCODE_MULTILINE);
   r2->platform = tor_strdup(platform);
   r2->cache_info.published_on = 5;
   r2->or_port = 9005;
   r2->dir_port = 0;
+  r2->supports_tunnelled_dir_requests = 1;
   r2->onion_pkey = crypto_pk_dup_key(pk2);
-  r2->onion_curve25519_pkey = tor_malloc_zero(sizeof(curve25519_public_key_t));
-  curve25519_public_from_base64(r2->onion_curve25519_pkey,
-                                "skyinAnvardNostarsNomoonNowindormistsorsnow");
+  curve25519_keypair_t r2_onion_keypair;
+  curve25519_keypair_generate(&r2_onion_keypair, 0);
+  r2->onion_curve25519_pkey = tor_memdup(&r2_onion_keypair.pubkey,
+                                         sizeof(curve25519_public_key_t));
   r2->identity_pkey = crypto_pk_dup_key(pk1);
   r2->bandwidthrate = r2->bandwidthburst = r2->bandwidthcapacity = 3000;
   r2->exit_policy = smartlist_new();
@@ -140,17 +187,41 @@ test_dir_formats(void)
   smartlist_add(r2->exit_policy, ex2);
   r2->nickname = tor_strdup("Fred");
 
-  test_assert(!crypto_pk_write_public_key_to_string(pk1, &pk1_str,
+  tt_assert(!crypto_pk_write_public_key_to_string(pk1, &pk1_str,
                                                     &pk1_str_len));
-  test_assert(!crypto_pk_write_public_key_to_string(pk2 , &pk2_str,
+  tt_assert(!crypto_pk_write_public_key_to_string(pk2 , &pk2_str,
                                                     &pk2_str_len));
 
   /* XXXX025 router_dump_to_string should really take this from ri.*/
   options->ContactInfo = tor_strdup("Magri White "
                                     "<magri@elsewhere.example.com>");
-  buf = router_dump_router_to_string(r1, pk2);
+  /* Skip reachability checks for DirPort and tunnelled-dir-server */
+  options->AssumeReachable = 1;
+
+  /* Fake just enough of an ORPort and DirPort to get by */
+  MOCK(get_configured_ports, mock_get_configured_ports);
+  mocked_configured_ports = smartlist_new();
+
+  memset(&orport, 0, sizeof(orport));
+  orport.type = CONN_TYPE_OR_LISTENER;
+  orport.addr.family = AF_INET;
+  orport.port = 9000;
+  smartlist_add(mocked_configured_ports, &orport);
+
+  memset(&dirport, 0, sizeof(dirport));
+  dirport.type = CONN_TYPE_DIR_LISTENER;
+  dirport.addr.family = AF_INET;
+  dirport.port = 9003;
+  smartlist_add(mocked_configured_ports, &dirport);
+
+  buf = router_dump_router_to_string(r1, pk2, NULL, NULL, NULL);
+
+  UNMOCK(get_configured_ports);
+  smartlist_free(mocked_configured_ports);
+  mocked_configured_ports = NULL;
+
   tor_free(options->ContactInfo);
-  test_assert(buf);
+  tt_assert(buf);
 
   strlcpy(buf2, "router Magri 192.168.0.1 9000 0 9003\n"
           "or-address [1:2:3:4::]:9999\n"
@@ -160,7 +231,7 @@ test_dir_formats(void)
           "protocols Link 1 2 Circuit 1\n"
           "published 1970-01-01 00:00:00\n"
           "fingerprint ", sizeof(buf2));
-  test_assert(!crypto_pk_get_fingerprint(pk2, fingerprint, 1));
+  tt_assert(!crypto_pk_get_fingerprint(pk2, fingerprint, 1));
   strlcat(buf2, fingerprint, sizeof(buf2));
   strlcat(buf2, "\nuptime 0\n"
   /* XXX the "0" above is hard-coded, but even if we made it reflect
@@ -174,38 +245,53 @@ test_dir_formats(void)
   strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
   strlcat(buf2, "contact Magri White <magri@elsewhere.example.com>\n",
           sizeof(buf2));
-  strlcat(buf2, "reject *:*\nrouter-signature\n", sizeof(buf2));
+  strlcat(buf2, "reject *:*\n", sizeof(buf2));
+  strlcat(buf2, "tunnelled-dir-server\nrouter-signature\n", sizeof(buf2));
   buf[strlen(buf2)] = '\0'; /* Don't compare the sig; it's never the same
                              * twice */
 
-  test_streq(buf, buf2);
+  tt_str_op(buf,OP_EQ, buf2);
   tor_free(buf);
 
-  buf = router_dump_router_to_string(r1, pk2);
-  test_assert(buf);
+  buf = router_dump_router_to_string(r1, pk2, NULL, NULL, NULL);
+  tt_assert(buf);
   cp = buf;
-  rp1 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL);
-  test_assert(rp1);
-  test_eq(rp1->addr, r1->addr);
-  test_eq(rp1->or_port, r1->or_port);
-  //test_eq(rp1->dir_port, r1->dir_port);
-  test_eq(rp1->bandwidthrate, r1->bandwidthrate);
-  test_eq(rp1->bandwidthburst, r1->bandwidthburst);
-  test_eq(rp1->bandwidthcapacity, r1->bandwidthcapacity);
-  test_assert(crypto_pk_cmp_keys(rp1->onion_pkey, pk1) == 0);
-  test_assert(crypto_pk_cmp_keys(rp1->identity_pkey, pk2) == 0);
-  //test_assert(rp1->exit_policy == NULL);
+  rp1 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL,NULL);
+  tt_assert(rp1);
+  tt_int_op(rp1->addr,OP_EQ, r1->addr);
+  tt_int_op(rp1->or_port,OP_EQ, r1->or_port);
+  tt_int_op(rp1->dir_port,OP_EQ, r1->dir_port);
+  tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate);
+  tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst);
+  tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity);
+  tt_assert(crypto_pk_cmp_keys(rp1->onion_pkey, pk1) == 0);
+  tt_assert(crypto_pk_cmp_keys(rp1->identity_pkey, pk2) == 0);
+  tt_assert(rp1->supports_tunnelled_dir_requests);
+  //tt_assert(rp1->exit_policy == NULL);
   tor_free(buf);
 
   strlcpy(buf2,
           "router Fred 10.3.2.1 9005 0 0\n"
-          "platform Tor "VERSION" on ", sizeof(buf2));
+          "identity-ed25519\n"
+          "-----BEGIN ED25519 CERT-----\n", sizeof(buf2));
+  strlcat(buf2, cert_buf, sizeof(buf2));
+  strlcat(buf2, "-----END ED25519 CERT-----\n", sizeof(buf2));
+  strlcat(buf2, "master-key-ed25519 ", sizeof(buf2));
+  {
+    char k[ED25519_BASE64_LEN+1];
+    tt_assert(ed25519_public_to_base64(k,
+                                &r2->cache_info.signing_key_cert->signing_key)
+              >= 0);
+    strlcat(buf2, k, sizeof(buf2));
+    strlcat(buf2, "\n", sizeof(buf2));
+  }
+  strlcat(buf2, "platform Tor "VERSION" on ", sizeof(buf2));
   strlcat(buf2, get_uname(), sizeof(buf2));
   strlcat(buf2, "\n"
           "protocols Link 1 2 Circuit 1\n"
           "published 1970-01-01 00:00:05\n"
           "fingerprint ", sizeof(buf2));
-  test_assert(!crypto_pk_get_fingerprint(pk1, fingerprint, 1));
+  tt_assert(!crypto_pk_get_fingerprint(pk1, fingerprint, 1));
   strlcat(buf2, fingerprint, sizeof(buf2));
   strlcat(buf2, "\nuptime 0\n"
           "bandwidth 3000 3000 3000\n", sizeof(buf2));
@@ -213,62 +299,113 @@ test_dir_formats(void)
   strlcat(buf2, pk2_str, sizeof(buf2));
   strlcat(buf2, "signing-key\n", sizeof(buf2));
   strlcat(buf2, pk1_str, sizeof(buf2));
+  int rsa_cc_len;
+  rsa_cc = make_tap_onion_key_crosscert(pk2,
+                                        &kp1.pubkey,
+                                        pk1,
+                                        &rsa_cc_len);
+  tt_assert(rsa_cc);
+  base64_encode(cert_buf, sizeof(cert_buf), (char*)rsa_cc, rsa_cc_len,
+                BASE64_ENCODE_MULTILINE);
+  strlcat(buf2, "onion-key-crosscert\n"
+          "-----BEGIN CROSSCERT-----\n", sizeof(buf2));
+  strlcat(buf2, cert_buf, sizeof(buf2));
+  strlcat(buf2, "-----END CROSSCERT-----\n", sizeof(buf2));
+  int ntor_cc_sign;
+  {
+    tor_cert_t *ntor_cc = NULL;
+    ntor_cc = make_ntor_onion_key_crosscert(&r2_onion_keypair,
+                                          &kp1.pubkey,
+                                          r2->cache_info.published_on,
+                                          MIN_ONION_KEY_LIFETIME,
+                                          &ntor_cc_sign);
+    tt_assert(ntor_cc);
+    base64_encode(cert_buf, sizeof(cert_buf),
+                (char*)ntor_cc->encoded, ntor_cc->encoded_len,
+                BASE64_ENCODE_MULTILINE);
+    tor_cert_free(ntor_cc);
+  }
+  tor_snprintf(buf2+strlen(buf2), sizeof(buf2)-strlen(buf2),
+               "ntor-onion-key-crosscert %d\n"
+               "-----BEGIN ED25519 CERT-----\n"
+               "%s"
+               "-----END ED25519 CERT-----\n", ntor_cc_sign, cert_buf);
+
   strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
-#ifdef CURVE25519_ENABLED
-  strlcat(buf2, "ntor-onion-key "
-          "skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2));
-#endif
+  strlcat(buf2, "ntor-onion-key ", sizeof(buf2));
+  base64_encode(cert_buf, sizeof(cert_buf),
+                (const char*)r2_onion_keypair.pubkey.public_key, 32,
+                BASE64_ENCODE_MULTILINE);
+  strlcat(buf2, cert_buf, sizeof(buf2));
   strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
-  strlcat(buf2, "router-signature\n", sizeof(buf2));
+  strlcat(buf2, "tunnelled-dir-server\n", sizeof(buf2));
+  strlcat(buf2, "router-sig-ed25519 ", sizeof(buf2));
 
-  buf = router_dump_router_to_string(r2, pk1);
+  /* Fake just enough of an ORPort to get by */
+  MOCK(get_configured_ports, mock_get_configured_ports);
+  mocked_configured_ports = smartlist_new();
+
+  memset(&orport, 0, sizeof(orport));
+  orport.type = CONN_TYPE_OR_LISTENER;
+  orport.addr.family = AF_INET;
+  orport.port = 9005;
+  smartlist_add(mocked_configured_ports, &orport);
+
+  buf = router_dump_router_to_string(r2, pk1, pk2, &r2_onion_keypair, &kp2);
+  tt_assert(buf);
   buf[strlen(buf2)] = '\0'; /* Don't compare the sig; it's never the same
                              * twice */
-  test_streq(buf, buf2);
+
+  tt_str_op(buf, OP_EQ, buf2);
   tor_free(buf);
 
-  buf = router_dump_router_to_string(r2, pk1);
+  buf = router_dump_router_to_string(r2, pk1, NULL, NULL, NULL);
+
+  UNMOCK(get_configured_ports);
+  smartlist_free(mocked_configured_ports);
+  mocked_configured_ports = NULL;
+
+  /* Reset for later */
   cp = buf;
-  rp2 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL);
-  test_assert(rp2);
-  test_eq(rp2->addr, r2->addr);
-  test_eq(rp2->or_port, r2->or_port);
-  test_eq(rp2->dir_port, r2->dir_port);
-  test_eq(rp2->bandwidthrate, r2->bandwidthrate);
-  test_eq(rp2->bandwidthburst, r2->bandwidthburst);
-  test_eq(rp2->bandwidthcapacity, r2->bandwidthcapacity);
-#ifdef CURVE25519_ENABLED
-  test_memeq(rp2->onion_curve25519_pkey->public_key,
+  rp2 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL,NULL);
+  tt_assert(rp2);
+  tt_int_op(rp2->addr,OP_EQ, r2->addr);
+  tt_int_op(rp2->or_port,OP_EQ, r2->or_port);
+  tt_int_op(rp2->dir_port,OP_EQ, r2->dir_port);
+  tt_int_op(rp2->bandwidthrate,OP_EQ, r2->bandwidthrate);
+  tt_int_op(rp2->bandwidthburst,OP_EQ, r2->bandwidthburst);
+  tt_int_op(rp2->bandwidthcapacity,OP_EQ, r2->bandwidthcapacity);
+  tt_mem_op(rp2->onion_curve25519_pkey->public_key,OP_EQ,
              r2->onion_curve25519_pkey->public_key,
              CURVE25519_PUBKEY_LEN);
-#endif
-  test_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0);
-  test_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0);
+  tt_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0);
+  tt_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0);
+  tt_assert(rp2->supports_tunnelled_dir_requests);
 
-  test_eq(smartlist_len(rp2->exit_policy), 2);
+  tt_int_op(smartlist_len(rp2->exit_policy),OP_EQ, 2);
 
   p = smartlist_get(rp2->exit_policy, 0);
-  test_eq(p->policy_type, ADDR_POLICY_ACCEPT);
-  test_assert(tor_addr_is_null(&p->addr));
-  test_eq(p->maskbits, 0);
-  test_eq(p->prt_min, 80);
-  test_eq(p->prt_max, 80);
+  tt_int_op(p->policy_type,OP_EQ, ADDR_POLICY_ACCEPT);
+  tt_assert(tor_addr_is_null(&p->addr));
+  tt_int_op(p->maskbits,OP_EQ, 0);
+  tt_int_op(p->prt_min,OP_EQ, 80);
+  tt_int_op(p->prt_max,OP_EQ, 80);
 
   p = smartlist_get(rp2->exit_policy, 1);
-  test_eq(p->policy_type, ADDR_POLICY_REJECT);
-  test_assert(tor_addr_eq(&p->addr, &ex2->addr));
-  test_eq(p->maskbits, 8);
-  test_eq(p->prt_min, 24);
-  test_eq(p->prt_max, 24);
+  tt_int_op(p->policy_type,OP_EQ, ADDR_POLICY_REJECT);
+  tt_assert(tor_addr_eq(&p->addr, &ex2->addr));
+  tt_int_op(p->maskbits,OP_EQ, 8);
+  tt_int_op(p->prt_min,OP_EQ, 24);
+  tt_int_op(p->prt_max,OP_EQ, 24);
 
 #if 0
   /* Okay, now for the directories. */
   {
     fingerprint_list = smartlist_new();
     crypto_pk_get_fingerprint(pk2, buf, 1);
-    add_fingerprint_to_dir("Magri", buf, fingerprint_list);
+    add_fingerprint_to_dir(buf, fingerprint_list, 0);
     crypto_pk_get_fingerprint(pk1, buf, 1);
-    add_fingerprint_to_dir("Fred", buf, fingerprint_list);
+    add_fingerprint_to_dir(buf, fingerprint_list, 0);
   }
 
 #endif
@@ -282,6 +419,7 @@ test_dir_formats(void)
   if (rp2)
     routerinfo_free(rp2);
 
+  tor_free(rsa_cc);
   tor_free(buf);
   tor_free(pk1_str);
   tor_free(pk2_str);
@@ -292,56 +430,649 @@ test_dir_formats(void)
   tor_free(dir2); /* And more !*/
 }
 
+#include "failing_routerdescs.inc"
+
+static void
+test_dir_routerinfo_parsing(void *arg)
+{
+  (void) arg;
+
+  int again;
+  routerinfo_t *ri = NULL;
+
+#define CHECK_OK(s)                                                     \
+  do {                                                                  \
+    routerinfo_free(ri);                                                \
+    ri = router_parse_entry_from_string((s), NULL, 0, 0, NULL, NULL);   \
+    tt_assert(ri);                                                      \
+  } while (0)
+#define CHECK_FAIL(s, againval)                                         \
+  do {                                                                  \
+    routerinfo_free(ri);                                                \
+    again = 999;                                                        \
+    ri = router_parse_entry_from_string((s), NULL, 0, 0, NULL, &again); \
+    tt_assert(ri == NULL);                                              \
+    tt_int_op(again, OP_EQ, (againval));                                   \
+  } while (0)
+
+  CHECK_OK(EX_RI_MINIMAL);
+  CHECK_OK(EX_RI_MAXIMAL);
+
+  CHECK_OK(EX_RI_MINIMAL_ED);
+
+  /* good annotations prepended */
+  routerinfo_free(ri);
+  ri = router_parse_entry_from_string(EX_RI_MINIMAL, NULL, 0, 0,
+                                      "@purpose bridge\n", NULL);
+  tt_assert(ri != NULL);
+  tt_assert(ri->purpose == ROUTER_PURPOSE_BRIDGE);
+  routerinfo_free(ri);
+
+  /* bad annotations prepended. */
+  ri = router_parse_entry_from_string(EX_RI_MINIMAL,
+                                      NULL, 0, 0, "@purpose\n", NULL);
+  tt_assert(ri == NULL);
+
+  /* bad annotations on router. */
+  ri = router_parse_entry_from_string("@purpose\nrouter x\n", NULL, 0, 1,
+                                      NULL, NULL);
+  tt_assert(ri == NULL);
+
+  /* unwanted annotations on router. */
+  ri = router_parse_entry_from_string("@purpose foo\nrouter x\n", NULL, 0, 0,
+                                      NULL, NULL);
+  tt_assert(ri == NULL);
+
+  /* No signature. */
+  ri = router_parse_entry_from_string("router x\n", NULL, 0, 0,
+                                      NULL, NULL);
+  tt_assert(ri == NULL);
+
+  /* Not a router */
+  routerinfo_free(ri);
+  ri = router_parse_entry_from_string("hello\n", NULL, 0, 0, NULL, NULL);
+  tt_assert(ri == NULL);
+
+  CHECK_FAIL(EX_RI_BAD_SIG1, 1);
+  CHECK_FAIL(EX_RI_BAD_SIG2, 1);
+  CHECK_FAIL(EX_RI_BAD_TOKENS, 0);
+  CHECK_FAIL(EX_RI_BAD_PUBLISHED, 0);
+  CHECK_FAIL(EX_RI_NEG_BANDWIDTH, 0);
+  CHECK_FAIL(EX_RI_BAD_BANDWIDTH, 0);
+  CHECK_FAIL(EX_RI_BAD_BANDWIDTH2, 0);
+  CHECK_FAIL(EX_RI_BAD_ONIONKEY1, 0);
+  CHECK_FAIL(EX_RI_BAD_ONIONKEY2, 0);
+  CHECK_FAIL(EX_RI_BAD_PORTS, 0);
+  CHECK_FAIL(EX_RI_BAD_IP, 0);
+  CHECK_FAIL(EX_RI_BAD_DIRPORT, 0);
+  CHECK_FAIL(EX_RI_BAD_NAME2, 0);
+  CHECK_FAIL(EX_RI_BAD_UPTIME, 0);
+
+  CHECK_FAIL(EX_RI_BAD_BANDWIDTH3, 0);
+  CHECK_FAIL(EX_RI_BAD_NTOR_KEY, 0);
+  CHECK_FAIL(EX_RI_BAD_FINGERPRINT, 0);
+  CHECK_FAIL(EX_RI_MISMATCHED_FINGERPRINT, 0);
+  CHECK_FAIL(EX_RI_BAD_HAS_ACCEPT6, 0);
+  CHECK_FAIL(EX_RI_BAD_NO_EXIT_POLICY, 0);
+  CHECK_FAIL(EX_RI_BAD_IPV6_EXIT_POLICY, 0);
+  CHECK_FAIL(EX_RI_BAD_FAMILY, 0);
+  CHECK_FAIL(EX_RI_ZERO_ORPORT, 0);
+
+  CHECK_FAIL(EX_RI_ED_MISSING_CROSSCERT, 0);
+  CHECK_FAIL(EX_RI_ED_MISSING_CROSSCERT2, 0);
+  CHECK_FAIL(EX_RI_ED_MISSING_CROSSCERT_SIGN, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_SIG1, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_SIG2, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_SIG3, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_SIG4, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT1, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT3, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT4, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT5, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT6, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT7, 0);
+  CHECK_FAIL(EX_RI_ED_MISPLACED1, 0);
+  CHECK_FAIL(EX_RI_ED_MISPLACED2, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CERT1, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CERT2, 0);
+  CHECK_FAIL(EX_RI_ED_BAD_CERT3, 0);
+
+  /* This is allowed; we just ignore it. */
+  CHECK_OK(EX_RI_BAD_EI_DIGEST);
+  CHECK_OK(EX_RI_BAD_EI_DIGEST2);
+
+#undef CHECK_FAIL
+#undef CHECK_OK
+ done:
+  routerinfo_free(ri);
+}
+
+#include "example_extrainfo.inc"
+
+static void
+routerinfo_free_wrapper_(void *arg)
+{
+  routerinfo_free(arg);
+}
+
+static void
+test_dir_extrainfo_parsing(void *arg)
+{
+  (void) arg;
+
+#define CHECK_OK(s)                                                     \
+  do {                                                                  \
+    extrainfo_free(ei);                                                 \
+    ei = extrainfo_parse_entry_from_string((s), NULL, 0, map, NULL);    \
+    tt_assert(ei);                                                      \
+  } while (0)
+#define CHECK_FAIL(s, againval)                                         \
+  do {                                                                  \
+    extrainfo_free(ei);                                                 \
+    again = 999;                                                        \
+    ei = extrainfo_parse_entry_from_string((s), NULL, 0, map, &again);  \
+    tt_assert(ei == NULL);                                              \
+    tt_int_op(again, OP_EQ, (againval));                                   \
+  } while (0)
+#define ADD(name)                                                       \
+  do {                                                                  \
+    ri = tor_malloc_zero(sizeof(routerinfo_t));                         \
+    crypto_pk_t *pk = ri->identity_pkey = crypto_pk_new();              \
+    tt_assert(! crypto_pk_read_public_key_from_string(pk,               \
+                                      name##_KEY, strlen(name##_KEY))); \
+    tt_int_op(0,OP_EQ,base16_decode(d, 20, name##_FP, strlen(name##_FP))); \
+    digestmap_set((digestmap_t*)map, d, ri);                            \
+    ri = NULL;                                                          \
+  } while (0)
+
+  routerinfo_t *ri = NULL;
+  char d[20];
+  struct digest_ri_map_t *map = NULL;
+  extrainfo_t *ei = NULL;
+  int again;
+
+  CHECK_OK(EX_EI_MINIMAL);
+  tt_assert(ei->pending_sig);
+  CHECK_OK(EX_EI_MAXIMAL);
+  tt_assert(ei->pending_sig);
+  CHECK_OK(EX_EI_GOOD_ED_EI);
+  tt_assert(ei->pending_sig);
+
+  map = (struct digest_ri_map_t *)digestmap_new();
+  ADD(EX_EI_MINIMAL);
+  ADD(EX_EI_MAXIMAL);
+  ADD(EX_EI_GOOD_ED_EI);
+  ADD(EX_EI_BAD_FP);
+  ADD(EX_EI_BAD_NICKNAME);
+  ADD(EX_EI_BAD_TOKENS);
+  ADD(EX_EI_BAD_START);
+  ADD(EX_EI_BAD_PUBLISHED);
+
+  ADD(EX_EI_ED_MISSING_SIG);
+  ADD(EX_EI_ED_MISSING_CERT);
+  ADD(EX_EI_ED_BAD_CERT1);
+  ADD(EX_EI_ED_BAD_CERT2);
+  ADD(EX_EI_ED_BAD_SIG1);
+  ADD(EX_EI_ED_BAD_SIG2);
+  ADD(EX_EI_ED_MISPLACED_CERT);
+  ADD(EX_EI_ED_MISPLACED_SIG);
+
+  CHECK_OK(EX_EI_MINIMAL);
+  tt_assert(!ei->pending_sig);
+  CHECK_OK(EX_EI_MAXIMAL);
+  tt_assert(!ei->pending_sig);
+  CHECK_OK(EX_EI_GOOD_ED_EI);
+  tt_assert(!ei->pending_sig);
+
+  CHECK_FAIL(EX_EI_BAD_SIG1,1);
+  CHECK_FAIL(EX_EI_BAD_SIG2,1);
+  CHECK_FAIL(EX_EI_BAD_SIG3,1);
+  CHECK_FAIL(EX_EI_BAD_FP,0);
+  CHECK_FAIL(EX_EI_BAD_NICKNAME,0);
+  CHECK_FAIL(EX_EI_BAD_TOKENS,0);
+  CHECK_FAIL(EX_EI_BAD_START,0);
+  CHECK_FAIL(EX_EI_BAD_PUBLISHED,0);
+
+  CHECK_FAIL(EX_EI_ED_MISSING_SIG,0);
+  CHECK_FAIL(EX_EI_ED_MISSING_CERT,0);
+  CHECK_FAIL(EX_EI_ED_BAD_CERT1,0);
+  CHECK_FAIL(EX_EI_ED_BAD_CERT2,0);
+  CHECK_FAIL(EX_EI_ED_BAD_SIG1,0);
+  CHECK_FAIL(EX_EI_ED_BAD_SIG2,0);
+  CHECK_FAIL(EX_EI_ED_MISPLACED_CERT,0);
+  CHECK_FAIL(EX_EI_ED_MISPLACED_SIG,0);
+
+#undef CHECK_OK
+#undef CHECK_FAIL
+
+ done:
+  escaped(NULL);
+  extrainfo_free(ei);
+  routerinfo_free(ri);
+  digestmap_free((digestmap_t*)map, routerinfo_free_wrapper_);
+}
+
 static void
-test_dir_versions(void)
+test_dir_parse_router_list(void *arg)
+{
+  (void) arg;
+  smartlist_t *invalid = smartlist_new();
+  smartlist_t *dest = smartlist_new();
+  smartlist_t *chunks = smartlist_new();
+  int dest_has_ri = 1;
+  char *list = NULL;
+  const char *cp;
+  digestmap_t *map = NULL;
+  char *mem_op_hex_tmp = NULL;
+  routerinfo_t *ri = NULL;
+  char d[DIGEST_LEN];
+
+  smartlist_add(chunks, tor_strdup(EX_RI_MINIMAL));     // ri 0
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_PORTS));   // bad ri 0
+  smartlist_add(chunks, tor_strdup(EX_EI_MAXIMAL));     // ei 0
+  smartlist_add(chunks, tor_strdup(EX_EI_BAD_SIG2));    // bad ei --
+  smartlist_add(chunks, tor_strdup(EX_EI_BAD_NICKNAME));// bad ei 0
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_SIG1));    // bad ri --
+  smartlist_add(chunks, tor_strdup(EX_EI_BAD_PUBLISHED));  // bad ei 1
+  smartlist_add(chunks, tor_strdup(EX_RI_MAXIMAL));     // ri 1
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_FAMILY));  // bad ri 1
+  smartlist_add(chunks, tor_strdup(EX_EI_MINIMAL));     // ei 1
+
+  list = smartlist_join_strings(chunks, "", 0, NULL);
+
+  /* First, parse the routers. */
+  cp = list;
+  tt_int_op(0,OP_EQ,
+            router_parse_list_from_string(&cp, NULL, dest, SAVED_NOWHERE,
+                                          0, 0, NULL, invalid));
+  tt_int_op(2, OP_EQ, smartlist_len(dest));
+  tt_ptr_op(cp, OP_EQ, list + strlen(list));
+
+  routerinfo_t *r = smartlist_get(dest, 0);
+  tt_mem_op(r->cache_info.signed_descriptor_body, OP_EQ,
+            EX_RI_MINIMAL, strlen(EX_RI_MINIMAL));
+  r = smartlist_get(dest, 1);
+  tt_mem_op(r->cache_info.signed_descriptor_body, OP_EQ,
+            EX_RI_MAXIMAL, strlen(EX_RI_MAXIMAL));
+
+  tt_int_op(2, OP_EQ, smartlist_len(invalid));
+  test_memeq_hex(smartlist_get(invalid, 0),
+                 "ab9eeaa95e7d45740185b4e519c76ead756277a9");
+  test_memeq_hex(smartlist_get(invalid, 1),
+                 "9a651ee03b64325959e8f1b46f2b689b30750b4c");
+
+  /* Now tidy up */
+  SMARTLIST_FOREACH(dest, routerinfo_t *, ri, routerinfo_free(ri));
+  SMARTLIST_FOREACH(invalid, uint8_t *, d, tor_free(d));
+  smartlist_clear(dest);
+  smartlist_clear(invalid);
+
+  /* And check extrainfos. */
+  dest_has_ri = 0;
+  map = (digestmap_t*)router_get_routerlist()->identity_map;
+  ADD(EX_EI_MINIMAL);
+  ADD(EX_EI_MAXIMAL);
+  ADD(EX_EI_BAD_NICKNAME);
+  ADD(EX_EI_BAD_PUBLISHED);
+  cp = list;
+  tt_int_op(0,OP_EQ,
+            router_parse_list_from_string(&cp, NULL, dest, SAVED_NOWHERE,
+                                          1, 0, NULL, invalid));
+  tt_int_op(2, OP_EQ, smartlist_len(dest));
+  extrainfo_t *e = smartlist_get(dest, 0);
+  tt_mem_op(e->cache_info.signed_descriptor_body, OP_EQ,
+            EX_EI_MAXIMAL, strlen(EX_EI_MAXIMAL));
+  e = smartlist_get(dest, 1);
+  tt_mem_op(e->cache_info.signed_descriptor_body, OP_EQ,
+            EX_EI_MINIMAL, strlen(EX_EI_MINIMAL));
+
+  tt_int_op(2, OP_EQ, smartlist_len(invalid));
+  test_memeq_hex(smartlist_get(invalid, 0),
+                 "d5df4aa62ee9ffc9543d41150c9864908e0390af");
+  test_memeq_hex(smartlist_get(invalid, 1),
+                 "f61efd2a7f4531f3687a9043e0de90a862ec64ba");
+
+ done:
+  tor_free(list);
+  if (dest_has_ri)
+    SMARTLIST_FOREACH(dest, routerinfo_t *, rt, routerinfo_free(rt));
+  else
+    SMARTLIST_FOREACH(dest, extrainfo_t *, ei, extrainfo_free(ei));
+  smartlist_free(dest);
+  SMARTLIST_FOREACH(invalid, uint8_t *, d, tor_free(d));
+  smartlist_free(invalid);
+  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
+  smartlist_free(chunks);
+  routerinfo_free(ri);
+  if (map) {
+    digestmap_free((digestmap_t*)map, routerinfo_free_wrapper_);
+    router_get_routerlist()->identity_map =
+      (struct digest_ri_map_t*)digestmap_new();
+  }
+  tor_free(mem_op_hex_tmp);
+
+#undef ADD
+}
+
+static download_status_t dls_minimal;
+static download_status_t dls_maximal;
+static download_status_t dls_bad_fingerprint;
+static download_status_t dls_bad_sig2;
+static download_status_t dls_bad_ports;
+static download_status_t dls_bad_tokens;
+
+static int mock_router_get_dl_status_unrecognized = 0;
+static int mock_router_get_dl_status_calls = 0;
+
+static download_status_t *
+mock_router_get_dl_status(const char *d)
+{
+  ++mock_router_get_dl_status_calls;
+  char hex[HEX_DIGEST_LEN+1];
+  base16_encode(hex, sizeof(hex), d, DIGEST_LEN);
+  if (!strcmp(hex, "3E31D19A69EB719C00B02EC60D13356E3F7A3452")) {
+    return &dls_minimal;
+  } else if (!strcmp(hex, "581D8A368A0FA854ECDBFAB841D88B3F1B004038")) {
+    return &dls_maximal;
+  } else if (!strcmp(hex, "2578AE227C6116CDE29B3F0E95709B9872DEE5F1")) {
+    return &dls_bad_fingerprint;
+  } else if (!strcmp(hex, "16D387D3A58F7DB3CF46638F8D0B90C45C7D769C")) {
+    return &dls_bad_sig2;
+  } else if (!strcmp(hex, "AB9EEAA95E7D45740185B4E519C76EAD756277A9")) {
+    return &dls_bad_ports;
+  } else if (!strcmp(hex, "A0CC2CEFAD59DBF19F468BFEE60E0868C804B422")) {
+    return &dls_bad_tokens;
+  } else {
+    ++mock_router_get_dl_status_unrecognized;
+    return NULL;
+  }
+}
+
+static void
+test_dir_load_routers(void *arg)
+{
+  (void) arg;
+  smartlist_t *chunks = smartlist_new();
+  smartlist_t *wanted = smartlist_new();
+  char buf[DIGEST_LEN];
+  char *mem_op_hex_tmp = NULL;
+  char *list = NULL;
+
+#define ADD(str)                                                        \
+  do {                                                                  \
+    tt_int_op(0,OP_EQ,router_get_router_hash(str, strlen(str), buf));      \
+    smartlist_add(wanted, tor_strdup(hex_str(buf, DIGEST_LEN)));        \
+  } while (0)
+
+  MOCK(router_get_dl_status_by_descriptor_digest, mock_router_get_dl_status);
+
+  update_approx_time(1412510400);
+
+  smartlist_add(chunks, tor_strdup(EX_RI_MINIMAL));
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_FINGERPRINT));
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_SIG2));
+  smartlist_add(chunks, tor_strdup(EX_RI_MAXIMAL));
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_PORTS));
+  smartlist_add(chunks, tor_strdup(EX_RI_BAD_TOKENS));
+
+  /* not ADDing MINIMIAL */
+  ADD(EX_RI_MAXIMAL);
+  ADD(EX_RI_BAD_FINGERPRINT);
+  ADD(EX_RI_BAD_SIG2);
+  /* Not ADDing BAD_PORTS */
+  ADD(EX_RI_BAD_TOKENS);
+
+  list = smartlist_join_strings(chunks, "", 0, NULL);
+  tt_int_op(1, OP_EQ,
+            router_load_routers_from_string(list, NULL, SAVED_IN_JOURNAL,
+                                            wanted, 1, NULL));
+
+  /* The "maximal" router was added. */
+  /* "minimal" was not. */
+  tt_int_op(smartlist_len(router_get_routerlist()->routers),OP_EQ,1);
+  routerinfo_t *r = smartlist_get(router_get_routerlist()->routers, 0);
+  test_memeq_hex(r->cache_info.signed_descriptor_digest,
+                 "581D8A368A0FA854ECDBFAB841D88B3F1B004038");
+  tt_int_op(dls_minimal.n_download_failures, OP_EQ, 0);
+  tt_int_op(dls_maximal.n_download_failures, OP_EQ, 0);
+
+  /* "Bad fingerprint" and "Bad tokens" should have gotten marked
+   * non-retriable. */
+  tt_want_int_op(mock_router_get_dl_status_calls, OP_EQ, 2);
+  tt_want_int_op(mock_router_get_dl_status_unrecognized, OP_EQ, 0);
+  tt_int_op(dls_bad_fingerprint.n_download_failures, OP_EQ, 255);
+  tt_int_op(dls_bad_tokens.n_download_failures, OP_EQ, 255);
+
+  /* bad_sig2 and bad ports" are retriable -- one since only the signature
+   * was bad, and one because we didn't ask for it. */
+  tt_int_op(dls_bad_sig2.n_download_failures, OP_EQ, 0);
+  tt_int_op(dls_bad_ports.n_download_failures, OP_EQ, 0);
+
+  /* Wanted still contains "BAD_SIG2" */
+  tt_int_op(smartlist_len(wanted), OP_EQ, 1);
+  tt_str_op(smartlist_get(wanted, 0), OP_EQ,
+            "E0A3753CEFD54128EAB239F294954121DB23D2EF");
+
+#undef ADD
+
+ done:
+  tor_free(mem_op_hex_tmp);
+  UNMOCK(router_get_dl_status_by_descriptor_digest);
+  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
+  smartlist_free(chunks);
+  SMARTLIST_FOREACH(wanted, char *, cp, tor_free(cp));
+  smartlist_free(wanted);
+  tor_free(list);
+}
+
+static int mock_get_by_ei_dd_calls = 0;
+static int mock_get_by_ei_dd_unrecognized = 0;
+
+static signed_descriptor_t sd_ei_minimal;
+static signed_descriptor_t sd_ei_bad_nickname;
+static signed_descriptor_t sd_ei_maximal;
+static signed_descriptor_t sd_ei_bad_tokens;
+static signed_descriptor_t sd_ei_bad_sig2;
+
+static signed_descriptor_t *
+mock_get_by_ei_desc_digest(const char *d)
+{
+
+  ++mock_get_by_ei_dd_calls;
+  char hex[HEX_DIGEST_LEN+1];
+  base16_encode(hex, sizeof(hex), d, DIGEST_LEN);
+
+  if (!strcmp(hex, "11E0EDF526950739F7769810FCACAB8C882FAEEE")) {
+    return &sd_ei_minimal;
+  } else if (!strcmp(hex, "47803B02A0E70E9E8BDA226CB1D74DE354D67DFF")) {
+    return &sd_ei_maximal;
+  } else if (!strcmp(hex, "D5DF4AA62EE9FFC9543D41150C9864908E0390AF")) {
+    return &sd_ei_bad_nickname;
+  } else if (!strcmp(hex, "16D387D3A58F7DB3CF46638F8D0B90C45C7D769C")) {
+    return &sd_ei_bad_sig2;
+  } else if (!strcmp(hex, "9D90F8C42955BBC57D54FB05E54A3F083AF42E8B")) {
+    return &sd_ei_bad_tokens;
+  } else {
+    ++mock_get_by_ei_dd_unrecognized;
+    return NULL;
+  }
+}
+
+static smartlist_t *mock_ei_insert_list = NULL;
+static was_router_added_t
+mock_ei_insert(routerlist_t *rl, extrainfo_t *ei, int warn_if_incompatible)
+{
+  (void) rl;
+  (void) warn_if_incompatible;
+  smartlist_add(mock_ei_insert_list, ei);
+  return ROUTER_ADDED_SUCCESSFULLY;
+}
+
+static void
+test_dir_load_extrainfo(void *arg)
+{
+  (void) arg;
+  smartlist_t *chunks = smartlist_new();
+  smartlist_t *wanted = smartlist_new();
+  char buf[DIGEST_LEN];
+  char *mem_op_hex_tmp = NULL;
+  char *list = NULL;
+
+#define ADD(str)                                                        \
+  do {                                                                  \
+    tt_int_op(0,OP_EQ,router_get_extrainfo_hash(str, strlen(str), buf));   \
+    smartlist_add(wanted, tor_strdup(hex_str(buf, DIGEST_LEN)));        \
+  } while (0)
+
+  mock_ei_insert_list = smartlist_new();
+  MOCK(router_get_by_extrainfo_digest, mock_get_by_ei_desc_digest);
+  MOCK(extrainfo_insert, mock_ei_insert);
+
+  smartlist_add(chunks, tor_strdup(EX_EI_MINIMAL));
+  smartlist_add(chunks, tor_strdup(EX_EI_BAD_NICKNAME));
+  smartlist_add(chunks, tor_strdup(EX_EI_MAXIMAL));
+  smartlist_add(chunks, tor_strdup(EX_EI_BAD_PUBLISHED));
+  smartlist_add(chunks, tor_strdup(EX_EI_BAD_TOKENS));
+
+  /* not ADDing MINIMIAL */
+  ADD(EX_EI_MAXIMAL);
+  ADD(EX_EI_BAD_NICKNAME);
+  /* Not ADDing BAD_PUBLISHED */
+  ADD(EX_EI_BAD_TOKENS);
+  ADD(EX_EI_BAD_SIG2);
+
+  list = smartlist_join_strings(chunks, "", 0, NULL);
+  router_load_extrainfo_from_string(list, NULL, SAVED_IN_JOURNAL, wanted, 1);
+
+  /* The "maximal" router was added. */
+  /* "minimal" was also added, even though we didn't ask for it, since
+   * that's what we do with extrainfos. */
+  tt_int_op(smartlist_len(mock_ei_insert_list),OP_EQ,2);
+
+  extrainfo_t *e = smartlist_get(mock_ei_insert_list, 0);
+  test_memeq_hex(e->cache_info.signed_descriptor_digest,
+                 "11E0EDF526950739F7769810FCACAB8C882FAEEE");
+
+  e = smartlist_get(mock_ei_insert_list, 1);
+  test_memeq_hex(e->cache_info.signed_descriptor_digest,
+                 "47803B02A0E70E9E8BDA226CB1D74DE354D67DFF");
+  tt_int_op(dls_minimal.n_download_failures, OP_EQ, 0);
+  tt_int_op(dls_maximal.n_download_failures, OP_EQ, 0);
+
+  /* "Bad nickname" and "Bad tokens" should have gotten marked
+   * non-retriable. */
+  tt_want_int_op(mock_get_by_ei_dd_calls, OP_EQ, 2);
+  tt_want_int_op(mock_get_by_ei_dd_unrecognized, OP_EQ, 0);
+  tt_int_op(sd_ei_bad_nickname.ei_dl_status.n_download_failures, OP_EQ, 255);
+  tt_int_op(sd_ei_bad_tokens.ei_dl_status.n_download_failures, OP_EQ, 255);
+
+  /* bad_ports is retriable -- because we didn't ask for it. */
+  tt_int_op(dls_bad_ports.n_download_failures, OP_EQ, 0);
+
+  /* Wanted still contains "BAD_SIG2" */
+  tt_int_op(smartlist_len(wanted), OP_EQ, 1);
+  tt_str_op(smartlist_get(wanted, 0), OP_EQ,
+            "16D387D3A58F7DB3CF46638F8D0B90C45C7D769C");
+
+#undef ADD
+
+ done:
+  tor_free(mem_op_hex_tmp);
+  UNMOCK(router_get_by_extrainfo_digest);
+  SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
+  smartlist_free(chunks);
+  SMARTLIST_FOREACH(wanted, char *, cp, tor_free(cp));
+  smartlist_free(wanted);
+  tor_free(list);
+}
+
+static void
+test_dir_versions(void *arg)
 {
   tor_version_t ver1;
 
   /* Try out version parsing functionality */
-  test_eq(0, tor_version_parse("0.3.4pre2-cvs", &ver1));
-  test_eq(0, ver1.major);
-  test_eq(3, ver1.minor);
-  test_eq(4, ver1.micro);
-  test_eq(VER_PRE, ver1.status);
-  test_eq(2, ver1.patchlevel);
-  test_eq(0, tor_version_parse("0.3.4rc1", &ver1));
-  test_eq(0, ver1.major);
-  test_eq(3, ver1.minor);
-  test_eq(4, ver1.micro);
-  test_eq(VER_RC, ver1.status);
-  test_eq(1, ver1.patchlevel);
-  test_eq(0, tor_version_parse("1.3.4", &ver1));
-  test_eq(1, ver1.major);
-  test_eq(3, ver1.minor);
-  test_eq(4, ver1.micro);
-  test_eq(VER_RELEASE, ver1.status);
-  test_eq(0, ver1.patchlevel);
-  test_eq(0, tor_version_parse("1.3.4.999", &ver1));
-  test_eq(1, ver1.major);
-  test_eq(3, ver1.minor);
-  test_eq(4, ver1.micro);
-  test_eq(VER_RELEASE, ver1.status);
-  test_eq(999, ver1.patchlevel);
-  test_eq(0, tor_version_parse("0.1.2.4-alpha", &ver1));
-  test_eq(0, ver1.major);
-  test_eq(1, ver1.minor);
-  test_eq(2, ver1.micro);
-  test_eq(4, ver1.patchlevel);
-  test_eq(VER_RELEASE, ver1.status);
-  test_streq("alpha", ver1.status_tag);
-  test_eq(0, tor_version_parse("0.1.2.4", &ver1));
-  test_eq(0, ver1.major);
-  test_eq(1, ver1.minor);
-  test_eq(2, ver1.micro);
-  test_eq(4, ver1.patchlevel);
-  test_eq(VER_RELEASE, ver1.status);
-  test_streq("", ver1.status_tag);
+  (void)arg;
+  tt_int_op(0,OP_EQ, tor_version_parse("0.3.4pre2-cvs", &ver1));
+  tt_int_op(0,OP_EQ, ver1.major);
+  tt_int_op(3,OP_EQ, ver1.minor);
+  tt_int_op(4,OP_EQ, ver1.micro);
+  tt_int_op(VER_PRE,OP_EQ, ver1.status);
+  tt_int_op(2,OP_EQ, ver1.patchlevel);
+  tt_int_op(0,OP_EQ, tor_version_parse("0.3.4rc1", &ver1));
+  tt_int_op(0,OP_EQ, ver1.major);
+  tt_int_op(3,OP_EQ, ver1.minor);
+  tt_int_op(4,OP_EQ, ver1.micro);
+  tt_int_op(VER_RC,OP_EQ, ver1.status);
+  tt_int_op(1,OP_EQ, ver1.patchlevel);
+  tt_int_op(0,OP_EQ, tor_version_parse("1.3.4", &ver1));
+  tt_int_op(1,OP_EQ, ver1.major);
+  tt_int_op(3,OP_EQ, ver1.minor);
+  tt_int_op(4,OP_EQ, ver1.micro);
+  tt_int_op(VER_RELEASE,OP_EQ, ver1.status);
+  tt_int_op(0,OP_EQ, ver1.patchlevel);
+  tt_int_op(0,OP_EQ, tor_version_parse("1.3.4.999", &ver1));
+  tt_int_op(1,OP_EQ, ver1.major);
+  tt_int_op(3,OP_EQ, ver1.minor);
+  tt_int_op(4,OP_EQ, ver1.micro);
+  tt_int_op(VER_RELEASE,OP_EQ, ver1.status);
+  tt_int_op(999,OP_EQ, ver1.patchlevel);
+  tt_int_op(0,OP_EQ, tor_version_parse("0.1.2.4-alpha", &ver1));
+  tt_int_op(0,OP_EQ, ver1.major);
+  tt_int_op(1,OP_EQ, ver1.minor);
+  tt_int_op(2,OP_EQ, ver1.micro);
+  tt_int_op(4,OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE,OP_EQ, ver1.status);
+  tt_str_op("alpha",OP_EQ, ver1.status_tag);
+  tt_int_op(0,OP_EQ, tor_version_parse("0.1.2.4", &ver1));
+  tt_int_op(0,OP_EQ, ver1.major);
+  tt_int_op(1,OP_EQ, ver1.minor);
+  tt_int_op(2,OP_EQ, ver1.micro);
+  tt_int_op(4,OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE,OP_EQ, ver1.status);
+  tt_str_op("",OP_EQ, ver1.status_tag);
+
+  tt_int_op(0, OP_EQ, tor_version_parse("10.1", &ver1));
+  tt_int_op(10, OP_EQ, ver1.major);
+  tt_int_op(1, OP_EQ, ver1.minor);
+  tt_int_op(0, OP_EQ, ver1.micro);
+  tt_int_op(0, OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE, OP_EQ, ver1.status);
+  tt_str_op("", OP_EQ, ver1.status_tag);
+  tt_int_op(0, OP_EQ, tor_version_parse("5.99.999", &ver1));
+  tt_int_op(5, OP_EQ, ver1.major);
+  tt_int_op(99, OP_EQ, ver1.minor);
+  tt_int_op(999, OP_EQ, ver1.micro);
+  tt_int_op(0, OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE, OP_EQ, ver1.status);
+  tt_str_op("", OP_EQ, ver1.status_tag);
+  tt_int_op(0, OP_EQ, tor_version_parse("10.1-alpha", &ver1));
+  tt_int_op(10, OP_EQ, ver1.major);
+  tt_int_op(1, OP_EQ, ver1.minor);
+  tt_int_op(0, OP_EQ, ver1.micro);
+  tt_int_op(0, OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE, OP_EQ, ver1.status);
+  tt_str_op("alpha", OP_EQ, ver1.status_tag);
+  tt_int_op(0, OP_EQ, tor_version_parse("2.1.700-alpha", &ver1));
+  tt_int_op(2, OP_EQ, ver1.major);
+  tt_int_op(1, OP_EQ, ver1.minor);
+  tt_int_op(700, OP_EQ, ver1.micro);
+  tt_int_op(0, OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE, OP_EQ, ver1.status);
+  tt_str_op("alpha", OP_EQ, ver1.status_tag);
+  tt_int_op(0, OP_EQ, tor_version_parse("1.6.8-alpha-dev", &ver1));
+  tt_int_op(1, OP_EQ, ver1.major);
+  tt_int_op(6, OP_EQ, ver1.minor);
+  tt_int_op(8, OP_EQ, ver1.micro);
+  tt_int_op(0, OP_EQ, ver1.patchlevel);
+  tt_int_op(VER_RELEASE, OP_EQ, ver1.status);
+  tt_str_op("alpha-dev", OP_EQ, ver1.status_tag);
 
 #define tt_versionstatus_op(vs1, op, vs2)                               \
   tt_assert_test_type(vs1,vs2,#vs1" "#op" "#vs2,version_status_t,       \
                       (val1_ op val2_),"%d",TT_EXIT_TEST_FUNCTION)
 #define test_v_i_o(val, ver, lst)                                       \
-  tt_versionstatus_op(val, ==, tor_version_is_obsolete(ver, lst))
+  tt_versionstatus_op(val, OP_EQ, tor_version_is_obsolete(ver, lst))
 
   /* make sure tor_version_is_obsolete() works */
   test_v_i_o(VS_OLD, "0.0.1", "Tor 0.0.2");
@@ -368,53 +1099,55 @@ test_dir_versions(void)
   /* On list, not newer than any on same series. */
   test_v_i_o(VS_UNRECOMMENDED,
              "0.1.0.1", "Tor 0.1.0.2,Tor 0.0.9.5,Tor 0.1.1.0");
-  test_eq(0, tor_version_as_new_as("Tor 0.0.5", "0.0.9pre1-cvs"));
-  test_eq(1, tor_version_as_new_as(
+  tt_int_op(0,OP_EQ, tor_version_as_new_as("Tor 0.0.5", "0.0.9pre1-cvs"));
+  tt_int_op(1,OP_EQ, tor_version_as_new_as(
           "Tor 0.0.8 on Darwin 64-121-192-100.c3-0."
           "sfpo-ubr1.sfrn-sfpo.ca.cable.rcn.com Power Macintosh",
           "0.0.8rc2"));
-  test_eq(0, tor_version_as_new_as(
+  tt_int_op(0,OP_EQ, tor_version_as_new_as(
           "Tor 0.0.8 on Darwin 64-121-192-100.c3-0."
           "sfpo-ubr1.sfrn-sfpo.ca.cable.rcn.com Power Macintosh", "0.0.8.2"));
 
   /* Now try svn revisions. */
-  test_eq(1, tor_version_as_new_as("Tor 0.2.1.0-dev (r100)",
+  tt_int_op(1,OP_EQ, tor_version_as_new_as("Tor 0.2.1.0-dev (r100)",
                                    "Tor 0.2.1.0-dev (r99)"));
-  test_eq(1, tor_version_as_new_as("Tor 0.2.1.0-dev (r100) on Banana Jr",
+  tt_int_op(1,OP_EQ, tor_version_as_new_as(
+                                   "Tor 0.2.1.0-dev (r100) on Banana Jr",
                                    "Tor 0.2.1.0-dev (r99) on Hal 9000"));
-  test_eq(1, tor_version_as_new_as("Tor 0.2.1.0-dev (r100)",
+  tt_int_op(1,OP_EQ, tor_version_as_new_as("Tor 0.2.1.0-dev (r100)",
                                    "Tor 0.2.1.0-dev on Colossus"));
-  test_eq(0, tor_version_as_new_as("Tor 0.2.1.0-dev (r99)",
+  tt_int_op(0,OP_EQ, tor_version_as_new_as("Tor 0.2.1.0-dev (r99)",
                                    "Tor 0.2.1.0-dev (r100)"));
-  test_eq(0, tor_version_as_new_as("Tor 0.2.1.0-dev (r99) on MCP",
+  tt_int_op(0,OP_EQ, tor_version_as_new_as("Tor 0.2.1.0-dev (r99) on MCP",
                                    "Tor 0.2.1.0-dev (r100) on AM"));
-  test_eq(0, tor_version_as_new_as("Tor 0.2.1.0-dev",
+  tt_int_op(0,OP_EQ, tor_version_as_new_as("Tor 0.2.1.0-dev",
                                    "Tor 0.2.1.0-dev (r99)"));
-  test_eq(1, tor_version_as_new_as("Tor 0.2.1.1",
+  tt_int_op(1,OP_EQ, tor_version_as_new_as("Tor 0.2.1.1",
                                    "Tor 0.2.1.0-dev (r99)"));
 
   /* Now try git revisions */
-  test_eq(0, tor_version_parse("0.5.6.7 (git-ff00ff)", &ver1));
-  test_eq(0, ver1.major);
-  test_eq(5, ver1.minor);
-  test_eq(6, ver1.micro);
-  test_eq(7, ver1.patchlevel);
-  test_eq(3, ver1.git_tag_len);
-  test_memeq(ver1.git_tag, "\xff\x00\xff", 3);
-  test_eq(-1, tor_version_parse("0.5.6.7 (git-ff00xx)", &ver1));
-  test_eq(-1, tor_version_parse("0.5.6.7 (git-ff00fff)", &ver1));
-  test_eq(0, tor_version_parse("0.5.6.7 (git ff00fff)", &ver1));
+  tt_int_op(0,OP_EQ, tor_version_parse("0.5.6.7 (git-ff00ff)", &ver1));
+  tt_int_op(0,OP_EQ, ver1.major);
+  tt_int_op(5,OP_EQ, ver1.minor);
+  tt_int_op(6,OP_EQ, ver1.micro);
+  tt_int_op(7,OP_EQ, ver1.patchlevel);
+  tt_int_op(3,OP_EQ, ver1.git_tag_len);
+  tt_mem_op(ver1.git_tag,OP_EQ, "\xff\x00\xff", 3);
+  tt_int_op(-1,OP_EQ, tor_version_parse("0.5.6.7 (git-ff00xx)", &ver1));
+  tt_int_op(-1,OP_EQ, tor_version_parse("0.5.6.7 (git-ff00fff)", &ver1));
+  tt_int_op(0,OP_EQ, tor_version_parse("0.5.6.7 (git ff00fff)", &ver1));
  done:
   ;
 }
 
 /** Run unit tests for directory fp_pair functions. */
 static void
-test_dir_fp_pairs(void)
+test_dir_fp_pairs(void *arg)
 {
   smartlist_t *sl = smartlist_new();
   fp_pair_t *pair;
 
+  (void)arg;
   dir_split_resource_into_fingerprint_pairs(
        /* Two pairs, out of order, with one duplicate. */
        "73656372657420646174612E0000000000FFFFFF-"
@@ -424,13 +1157,14 @@ test_dir_fp_pairs(void)
        "48657861646563696d616c2069736e277420736f-"
        "676f6f6420666f7220686964696e6720796f7572.z", sl);
 
-  test_eq(smartlist_len(sl), 2);
+  tt_int_op(smartlist_len(sl),OP_EQ, 2);
   pair = smartlist_get(sl, 0);
-  test_memeq(pair->first,  "Hexadecimal isn't so", DIGEST_LEN);
-  test_memeq(pair->second, "good for hiding your", DIGEST_LEN);
+  tt_mem_op(pair->first,OP_EQ,  "Hexadecimal isn't so", DIGEST_LEN);
+  tt_mem_op(pair->second,OP_EQ, "good for hiding your", DIGEST_LEN);
   pair = smartlist_get(sl, 1);
-  test_memeq(pair->first,  "secret data.\0\0\0\0\0\xff\xff\xff", DIGEST_LEN);
-  test_memeq(pair->second, "Use AES-256 instead.", DIGEST_LEN);
+  tt_mem_op(pair->first,OP_EQ,  "secret data.\0\0\0\0\0\xff\xff\xff",
+            DIGEST_LEN);
+  tt_mem_op(pair->second,OP_EQ, "Use AES-256 instead.", DIGEST_LEN);
 
  done:
   SMARTLIST_FOREACH(sl, fp_pair_t *, pair, tor_free(pair));
@@ -461,56 +1195,56 @@ test_dir_split_fps(void *testdata)
 
   /* no flags set */
   dir_split_resource_into_fingerprints("A+C+B", sl, NULL, 0);
-  tt_int_op(smartlist_len(sl), ==, 3);
-  tt_str_op(smartlist_get(sl, 0), ==, "A");
-  tt_str_op(smartlist_get(sl, 1), ==, "C");
-  tt_str_op(smartlist_get(sl, 2), ==, "B");
+  tt_int_op(smartlist_len(sl), OP_EQ, 3);
+  tt_str_op(smartlist_get(sl, 0), OP_EQ, "A");
+  tt_str_op(smartlist_get(sl, 1), OP_EQ, "C");
+  tt_str_op(smartlist_get(sl, 2), OP_EQ, "B");
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* uniq strings. */
   dir_split_resource_into_fingerprints("A+C+B+A+B+B", sl, NULL, DSR_SORT_UNIQ);
-  tt_int_op(smartlist_len(sl), ==, 3);
-  tt_str_op(smartlist_get(sl, 0), ==, "A");
-  tt_str_op(smartlist_get(sl, 1), ==, "B");
-  tt_str_op(smartlist_get(sl, 2), ==, "C");
+  tt_int_op(smartlist_len(sl), OP_EQ, 3);
+  tt_str_op(smartlist_get(sl, 0), OP_EQ, "A");
+  tt_str_op(smartlist_get(sl, 1), OP_EQ, "B");
+  tt_str_op(smartlist_get(sl, 2), OP_EQ, "C");
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* Decode hex. */
   dir_split_resource_into_fingerprints(HEX1"+"HEX2, sl, NULL, DSR_HEX);
-  tt_int_op(smartlist_len(sl), ==, 2);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX1);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX2);
+  tt_int_op(smartlist_len(sl), OP_EQ, 2);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX1);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX2);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* decode hex and drop weirdness. */
   dir_split_resource_into_fingerprints(HEX1"+bogus+"HEX2"+"HEX256_1,
                                        sl, NULL, DSR_HEX);
-  tt_int_op(smartlist_len(sl), ==, 2);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX1);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX2);
+  tt_int_op(smartlist_len(sl), OP_EQ, 2);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX1);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX2);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* Decode long hex */
   dir_split_resource_into_fingerprints(HEX256_1"+"HEX256_2"+"HEX2"+"HEX256_3,
                                        sl, NULL, DSR_HEX|DSR_DIGEST256);
-  tt_int_op(smartlist_len(sl), ==, 3);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX256_1);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX256_2);
-  test_mem_op_hex(smartlist_get(sl, 2), ==, HEX256_3);
+  tt_int_op(smartlist_len(sl), OP_EQ, 3);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX256_1);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX256_2);
+  test_mem_op_hex(smartlist_get(sl, 2), OP_EQ, HEX256_3);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* Decode hex and sort. */
   dir_split_resource_into_fingerprints(HEX1"+"HEX2"+"HEX3"+"HEX2,
                                        sl, NULL, DSR_HEX|DSR_SORT_UNIQ);
-  tt_int_op(smartlist_len(sl), ==, 3);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX3);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX2);
-  test_mem_op_hex(smartlist_get(sl, 2), ==, HEX1);
+  tt_int_op(smartlist_len(sl), OP_EQ, 3);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX3);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX2);
+  test_mem_op_hex(smartlist_get(sl, 2), OP_EQ, HEX1);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
@@ -519,34 +1253,34 @@ test_dir_split_fps(void *testdata)
                                        "+"HEX256_1,
                                        sl, NULL,
                                        DSR_HEX|DSR_DIGEST256|DSR_SORT_UNIQ);
-  tt_int_op(smartlist_len(sl), ==, 3);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX256_3);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX256_2);
-  test_mem_op_hex(smartlist_get(sl, 2), ==, HEX256_1);
+  tt_int_op(smartlist_len(sl), OP_EQ, 3);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX256_3);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX256_2);
+  test_mem_op_hex(smartlist_get(sl, 2), OP_EQ, HEX256_1);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* Decode base64 */
   dir_split_resource_into_fingerprints(B64_1"-"B64_2, sl, NULL, DSR_BASE64);
-  tt_int_op(smartlist_len(sl), ==, 2);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX1);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX2);
+  tt_int_op(smartlist_len(sl), OP_EQ, 2);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX1);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX2);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   /* Decode long base64 */
   dir_split_resource_into_fingerprints(B64_256_1"-"B64_256_2,
                                        sl, NULL, DSR_BASE64|DSR_DIGEST256);
-  tt_int_op(smartlist_len(sl), ==, 2);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX256_1);
-  test_mem_op_hex(smartlist_get(sl, 1), ==, HEX256_2);
+  tt_int_op(smartlist_len(sl), OP_EQ, 2);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX256_1);
+  test_mem_op_hex(smartlist_get(sl, 1), OP_EQ, HEX256_2);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
   dir_split_resource_into_fingerprints(B64_256_1,
                                        sl, NULL, DSR_BASE64|DSR_DIGEST256);
-  tt_int_op(smartlist_len(sl), ==, 1);
-  test_mem_op_hex(smartlist_get(sl, 0), ==, HEX256_1);
+  tt_int_op(smartlist_len(sl), OP_EQ, 1);
+  test_mem_op_hex(smartlist_get(sl, 0), OP_EQ, HEX256_1);
   SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
   smartlist_clear(sl);
 
@@ -557,7 +1291,7 @@ test_dir_split_fps(void *testdata)
 }
 
 static void
-test_dir_measured_bw_kb(void)
+test_dir_measured_bw_kb(void *arg)
 {
   measured_bw_line_t mbwl;
   int i;
@@ -605,16 +1339,17 @@ test_dir_measured_bw_kb(void)
     "end"
   };
 
+  (void)arg;
   for (i = 0; strcmp(lines_fail[i], "end"); i++) {
     //fprintf(stderr, "Testing: %s\n", lines_fail[i]);
-    test_assert(measured_bw_line_parse(&mbwl, lines_fail[i]) == -1);
+    tt_assert(measured_bw_line_parse(&mbwl, lines_fail[i]) == -1);
   }
 
   for (i = 0; strcmp(lines_pass[i], "end"); i++) {
     //fprintf(stderr, "Testing: %s %d\n", lines_pass[i], TOR_ISSPACE('\n'));
-    test_assert(measured_bw_line_parse(&mbwl, lines_pass[i]) == 0);
-    test_assert(mbwl.bw_kb == 1024);
-    test_assert(strcmp(mbwl.node_hex,
+    tt_assert(measured_bw_line_parse(&mbwl, lines_pass[i]) == 0);
+    tt_assert(mbwl.bw_kb == 1024);
+    tt_assert(strcmp(mbwl.node_hex,
                 "557365204145532d32353620696e73746561642e") == 0);
   }
 
@@ -626,7 +1361,7 @@ test_dir_measured_bw_kb(void)
 
 /** Do the measured bandwidth cache unit test */
 static void
-test_dir_measured_bw_kb_cache(void)
+test_dir_measured_bw_kb_cache(void *arg)
 {
   /* Initial fake time_t for testing */
   time_t curr = MBWC_INIT_TIME;
@@ -637,8 +1372,9 @@ test_dir_measured_bw_kb_cache(void)
   time_t as_of;
 
   /* First, clear the cache and assert that it's empty */
+  (void)arg;
   dirserv_clear_measured_bw_cache();
-  test_eq(dirserv_get_measured_bw_cache_size(), 0);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 0);
   /*
    * Set up test mbwls; none of the dirserv_cache_*() functions care about
    * the node_hex field.
@@ -651,56 +1387,56 @@ test_dir_measured_bw_kb_cache(void)
   mbwl[2].bw_kb = 80;
   /* Try caching something */
   dirserv_cache_measured_bw(&(mbwl[0]), curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 1);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 1);
   /* Okay, let's see if we can retrieve it */
-  test_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,&bw, &as_of));
-  test_eq(bw, 20);
-  test_eq(as_of, MBWC_INIT_TIME);
+  tt_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,&bw, &as_of));
+  tt_int_op(bw,OP_EQ, 20);
+  tt_int_op(as_of,OP_EQ, MBWC_INIT_TIME);
   /* Try retrieving it without some outputs */
-  test_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,NULL, NULL));
-  test_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,&bw, NULL));
-  test_eq(bw, 20);
-  test_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,NULL,&as_of));
-  test_eq(as_of, MBWC_INIT_TIME);
+  tt_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,NULL, NULL));
+  tt_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,&bw, NULL));
+  tt_int_op(bw,OP_EQ, 20);
+  tt_assert(dirserv_query_measured_bw_cache_kb(mbwl[0].node_id,NULL,&as_of));
+  tt_int_op(as_of,OP_EQ, MBWC_INIT_TIME);
   /* Now expire it */
   curr += MAX_MEASUREMENT_AGE + 1;
   dirserv_expire_measured_bw_cache(curr);
   /* Check that the cache is empty */
-  test_eq(dirserv_get_measured_bw_cache_size(), 0);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 0);
   /* Check that we can't retrieve it */
-  test_assert(!dirserv_query_measured_bw_cache_kb(mbwl[0].node_id, NULL,NULL));
+  tt_assert(!dirserv_query_measured_bw_cache_kb(mbwl[0].node_id, NULL,NULL));
   /* Try caching a few things now */
   dirserv_cache_measured_bw(&(mbwl[0]), curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 1);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 1);
   curr += MAX_MEASUREMENT_AGE / 4;
   dirserv_cache_measured_bw(&(mbwl[1]), curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 2);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 2);
   curr += MAX_MEASUREMENT_AGE / 4;
   dirserv_cache_measured_bw(&(mbwl[2]), curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 3);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 3);
   curr += MAX_MEASUREMENT_AGE / 4 + 1;
   /* Do an expire that's too soon to get any of them */
   dirserv_expire_measured_bw_cache(curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 3);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 3);
   /* Push the oldest one off the cliff */
   curr += MAX_MEASUREMENT_AGE / 4;
   dirserv_expire_measured_bw_cache(curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 2);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 2);
   /* And another... */
   curr += MAX_MEASUREMENT_AGE / 4;
   dirserv_expire_measured_bw_cache(curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 1);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 1);
   /* This should empty it out again */
   curr += MAX_MEASUREMENT_AGE / 4;
   dirserv_expire_measured_bw_cache(curr);
-  test_eq(dirserv_get_measured_bw_cache_size(), 0);
+  tt_int_op(dirserv_get_measured_bw_cache_size(),OP_EQ, 0);
 
  done:
   return;
 }
 
 static void
-test_dir_param_voting(void)
+test_dir_param_voting(void *arg)
 {
   networkstatus_t vote1, vote2, vote3, vote4;
   smartlist_t *votes = smartlist_new();
@@ -709,6 +1445,7 @@ test_dir_param_voting(void)
   /* dirvote_compute_params only looks at the net_params field of the votes,
      so that's all we need to set.
    */
+  (void)arg;
   memset(&vote1, 0, sizeof(vote1));
   memset(&vote2, 0, sizeof(vote2));
   memset(&vote3, 0, sizeof(vote3));
@@ -725,87 +1462,71 @@ test_dir_param_voting(void)
                          "abcd=20 c=60 cw=500 x-yz=-9 zzzzz=101", NULL, 0, 0);
   smartlist_split_string(vote4.net_params,
                          "ab=900 abcd=200 c=1 cw=51 x-yz=100", NULL, 0, 0);
-  test_eq(100, networkstatus_get_param(&vote4, "x-yz", 50, 0, 300));
-  test_eq(222, networkstatus_get_param(&vote4, "foobar", 222, 0, 300));
-  test_eq(80, networkstatus_get_param(&vote4, "ab", 12, 0, 80));
-  test_eq(-8, networkstatus_get_param(&vote4, "ab", -12, -100, -8));
-  test_eq(0, networkstatus_get_param(&vote4, "foobar", 0, -100, 8));
+  tt_int_op(100,OP_EQ, networkstatus_get_param(&vote4, "x-yz", 50, 0, 300));
+  tt_int_op(222,OP_EQ, networkstatus_get_param(&vote4, "foobar", 222, 0, 300));
+  tt_int_op(80,OP_EQ, networkstatus_get_param(&vote4, "ab", 12, 0, 80));
+  tt_int_op(-8,OP_EQ, networkstatus_get_param(&vote4, "ab", -12, -100, -8));
+  tt_int_op(0,OP_EQ, networkstatus_get_param(&vote4, "foobar", 0, -100, 8));
 
   smartlist_add(votes, &vote1);
 
   /* Do the first tests without adding all the other votes, for
    * networks without many dirauths. */
 
-  res = dirvote_compute_params(votes, 11, 6);
-  test_streq(res, "ab=90 abcd=20 cw=50 x-yz=-99");
-  tor_free(res);
-
   res = dirvote_compute_params(votes, 12, 2);
-  test_streq(res, "");
+  tt_str_op(res,OP_EQ, "");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 1);
-  test_streq(res, "ab=90 abcd=20 cw=50 x-yz=-99");
+  tt_str_op(res,OP_EQ, "ab=90 abcd=20 cw=50 x-yz=-99");
   tor_free(res);
 
   smartlist_add(votes, &vote2);
 
-  res = dirvote_compute_params(votes, 11, 2);
-  test_streq(res, "ab=27 abcd=20 cw=5 x-yz=-99");
-  tor_free(res);
-
   res = dirvote_compute_params(votes, 12, 2);
-  test_streq(res, "ab=27 cw=5 x-yz=-99");
+  tt_str_op(res,OP_EQ, "ab=27 cw=5 x-yz=-99");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 3);
-  test_streq(res, "ab=27 cw=5 x-yz=-99");
+  tt_str_op(res,OP_EQ, "ab=27 cw=5 x-yz=-99");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 6);
-  test_streq(res, "");
+  tt_str_op(res,OP_EQ, "");
   tor_free(res);
 
   smartlist_add(votes, &vote3);
 
-  res = dirvote_compute_params(votes, 11, 3);
-  test_streq(res, "ab=27 abcd=20 c=60 cw=50 x-yz=-9 zzzzz=101");
-  tor_free(res);
-
   res = dirvote_compute_params(votes, 12, 3);
-  test_streq(res, "ab=27 abcd=20 cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "ab=27 abcd=20 cw=50 x-yz=-9");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 5);
-  test_streq(res, "cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "cw=50 x-yz=-9");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 9);
-  test_streq(res, "cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "cw=50 x-yz=-9");
   tor_free(res);
 
   smartlist_add(votes, &vote4);
 
-  res = dirvote_compute_params(votes, 11, 4);
-  test_streq(res, "ab=90 abcd=20 c=1 cw=50 x-yz=-9 zzzzz=101");
-  tor_free(res);
-
   res = dirvote_compute_params(votes, 12, 4);
-  test_streq(res, "ab=90 abcd=20 cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "ab=90 abcd=20 cw=50 x-yz=-9");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 5);
-  test_streq(res, "ab=90 abcd=20 cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "ab=90 abcd=20 cw=50 x-yz=-9");
   tor_free(res);
 
   /* Test that the special-cased "at least three dirauths voted for
    * this param" logic works as expected. */
   res = dirvote_compute_params(votes, 12, 6);
-  test_streq(res, "ab=90 abcd=20 cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "ab=90 abcd=20 cw=50 x-yz=-9");
   tor_free(res);
 
   res = dirvote_compute_params(votes, 12, 10);
-  test_streq(res, "ab=90 abcd=20 cw=50 x-yz=-9");
+  tt_str_op(res,OP_EQ, "ab=90 abcd=20 cw=50 x-yz=-9");
   tor_free(res);
 
  done:
@@ -823,13 +1544,6 @@ test_dir_param_voting(void)
   return;
 }
 
-extern const char AUTHORITY_CERT_1[];
-extern const char AUTHORITY_SIGNKEY_1[];
-extern const char AUTHORITY_CERT_2[];
-extern const char AUTHORITY_SIGNKEY_2[];
-extern const char AUTHORITY_CERT_3[];
-extern const char AUTHORITY_SIGNKEY_3[];
-
 /** Helper: Test that two networkstatus_voter_info_t do in fact represent the
  * same voting authority, and that they do in fact have all the same
  * information. */
@@ -837,53 +1551,18 @@ static void
 test_same_voter(networkstatus_voter_info_t *v1,
                 networkstatus_voter_info_t *v2)
 {
-  test_streq(v1->nickname, v2->nickname);
-  test_memeq(v1->identity_digest, v2->identity_digest, DIGEST_LEN);
-  test_streq(v1->address, v2->address);
-  test_eq(v1->addr, v2->addr);
-  test_eq(v1->dir_port, v2->dir_port);
-  test_eq(v1->or_port, v2->or_port);
-  test_streq(v1->contact, v2->contact);
-  test_memeq(v1->vote_digest, v2->vote_digest, DIGEST_LEN);
+  tt_str_op(v1->nickname,OP_EQ, v2->nickname);
+  tt_mem_op(v1->identity_digest,OP_EQ, v2->identity_digest, DIGEST_LEN);
+  tt_str_op(v1->address,OP_EQ, v2->address);
+  tt_int_op(v1->addr,OP_EQ, v2->addr);
+  tt_int_op(v1->dir_port,OP_EQ, v2->dir_port);
+  tt_int_op(v1->or_port,OP_EQ, v2->or_port);
+  tt_str_op(v1->contact,OP_EQ, v2->contact);
+  tt_mem_op(v1->vote_digest,OP_EQ, v2->vote_digest, DIGEST_LEN);
  done:
   ;
 }
 
-/** Helper: Make a new routerinfo containing the right information for a
- * given vote_routerstatus_t. */
-static routerinfo_t *
-generate_ri_from_rs(const vote_routerstatus_t *vrs)
-{
-  routerinfo_t *r;
-  const routerstatus_t *rs = &vrs->status;
-  static time_t published = 0;
-
-  r = tor_malloc_zero(sizeof(routerinfo_t));
-  memcpy(r->cache_info.identity_digest, rs->identity_digest, DIGEST_LEN);
-  memcpy(r->cache_info.signed_descriptor_digest, rs->descriptor_digest,
-         DIGEST_LEN);
-  r->cache_info.do_not_cache = 1;
-  r->cache_info.routerlist_index = -1;
-  r->cache_info.signed_descriptor_body =
-    tor_strdup("123456789012345678901234567890123");
-  r->cache_info.signed_descriptor_len =
-    strlen(r->cache_info.signed_descriptor_body);
-  r->exit_policy = smartlist_new();
-  r->cache_info.published_on = ++published + time(NULL);
-  if (rs->has_bandwidth) {
-    /*
-     * Multiply by 1000 because the routerinfo_t and the routerstatus_t
-     * seem to use different units (*sigh*) and because we seem stuck on
-     * icky and perverse decimal kilobytes (*double sigh*) - see
-     * router_get_advertised_bandwidth_capped() of routerlist.c and
-     * routerstatus_format_entry() of dirserv.c.
-     */
-    r->bandwidthrate = rs->bandwidth_kb * 1000;
-    r->bandwidthcapacity = rs->bandwidth_kb * 1000;
-  }
-  return r;
-}
-
 /** Helper: get a detached signatures document for one or two
  * consensuses. */
 static char *
@@ -901,100 +1580,6 @@ get_detached_sigs(networkstatus_t *ns, networkstatus_t *ns2)
   return r;
 }
 
-/**
- * Generate a routerstatus for v3_networkstatus test
- */
-static vote_routerstatus_t *
-gen_routerstatus_for_v3ns(int idx, time_t now)
-{
-  vote_routerstatus_t *vrs=NULL;
-  routerstatus_t *rs;
-  tor_addr_t addr_ipv6;
-
-  switch (idx) {
-    case 0:
-      /* Generate the first routerstatus. */
-      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
-      rs = &vrs->status;
-      vrs->version = tor_strdup("0.1.2.14");
-      rs->published_on = now-1500;
-      strlcpy(rs->nickname, "router2", sizeof(rs->nickname));
-      memset(rs->identity_digest, 3, DIGEST_LEN);
-      memset(rs->descriptor_digest, 78, DIGEST_LEN);
-      rs->addr = 0x99008801;
-      rs->or_port = 443;
-      rs->dir_port = 8000;
-      /* all flags but running cleared */
-      rs->is_flagged_running = 1;
-      break;
-    case 1:
-      /* Generate the second routerstatus. */
-      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
-      rs = &vrs->status;
-      vrs->version = tor_strdup("0.2.0.5");
-      rs->published_on = now-1000;
-      strlcpy(rs->nickname, "router1", sizeof(rs->nickname));
-      memset(rs->identity_digest, 5, DIGEST_LEN);
-      memset(rs->descriptor_digest, 77, DIGEST_LEN);
-      rs->addr = 0x99009901;
-      rs->or_port = 443;
-      rs->dir_port = 0;
-      tor_addr_parse(&addr_ipv6, "[1:2:3::4]");
-      tor_addr_copy(&rs->ipv6_addr, &addr_ipv6);
-      rs->ipv6_orport = 4711;
-      rs->is_exit = rs->is_stable = rs->is_fast = rs->is_flagged_running =
-        rs->is_valid = rs->is_possible_guard = 1;
-      break;
-    case 2:
-      /* Generate the third routerstatus. */
-      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
-      rs = &vrs->status;
-      vrs->version = tor_strdup("0.1.0.3");
-      rs->published_on = now-1000;
-      strlcpy(rs->nickname, "router3", sizeof(rs->nickname));
-      memset(rs->identity_digest, 33, DIGEST_LEN);
-      memset(rs->descriptor_digest, 79, DIGEST_LEN);
-      rs->addr = 0xAA009901;
-      rs->or_port = 400;
-      rs->dir_port = 9999;
-      rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
-        rs->is_flagged_running = rs->is_valid =
-        rs->is_possible_guard = 1;
-      break;
-    case 3:
-      /* Generate a fourth routerstatus that is not running. */
-      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
-      rs = &vrs->status;
-      vrs->version = tor_strdup("0.1.6.3");
-      rs->published_on = now-1000;
-      strlcpy(rs->nickname, "router4", sizeof(rs->nickname));
-      memset(rs->identity_digest, 34, DIGEST_LEN);
-      memset(rs->descriptor_digest, 47, DIGEST_LEN);
-      rs->addr = 0xC0000203;
-      rs->or_port = 500;
-      rs->dir_port = 1999;
-      /* Running flag (and others) cleared */
-      break;
-    case 4:
-      /* No more for this test; return NULL */
-      vrs = NULL;
-      break;
-    default:
-      /* Shouldn't happen */
-      test_assert(0);
-  }
-  if (vrs) {
-    vrs->microdesc = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
-    tor_asprintf(&vrs->microdesc->microdesc_hash_line,
-                 "m 9,10,11,12,13,14,15,16,17 "
-                 "sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa%d\n",
-                 idx);
-  }
-
- done:
-  return vrs;
-}
-
 /** Apply tweaks to the vote list for each voter */
 static int
 vote_tweaks_for_v3ns(networkstatus_t *v, int voter, time_t now)
@@ -1002,14 +1587,14 @@ vote_tweaks_for_v3ns(networkstatus_t *v, int voter, time_t now)
   vote_routerstatus_t *vrs;
   const char *msg = NULL;
 
-  test_assert(v);
+  tt_assert(v);
   (void)now;
 
   if (voter == 1) {
     measured_bw_line_t mbw;
     memset(mbw.node_id, 33, sizeof(mbw.node_id));
     mbw.bw_kb = 1024;
-    test_assert(measured_bw_line_apply(&mbw,
+    tt_assert(measured_bw_line_apply(&mbw,
                 v->routerstatus_list) == 1);
   } else if (voter == 2 || voter == 3) {
     /* Monkey around with the list a bit */
@@ -1025,8 +1610,8 @@ vote_tweaks_for_v3ns(networkstatus_t *v, int voter, time_t now)
       vote_routerstatus_free(vrs);
       vrs = smartlist_get(v->routerstatus_list, 0);
       memset(vrs->status.descriptor_digest, (int)'Z', DIGEST_LEN);
-      test_assert(router_add_to_routerlist(
-                  generate_ri_from_rs(vrs), &msg,0,0) >= 0);
+      tt_assert(router_add_to_routerlist(
+                  dir_common_generate_ri_from_rs(vrs), &msg,0,0) >= 0);
     }
   }
 
@@ -1043,9 +1628,9 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
   routerstatus_t *rs;
   tor_addr_t addr_ipv6;
 
-  test_assert(vrs);
+  tt_assert(vrs);
   rs = &(vrs->status);
-  test_assert(rs);
+  tt_assert(rs);
 
   /* Split out by digests to test */
   if (tor_memeq(rs->identity_digest,
@@ -1054,48 +1639,48 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
                 DIGEST_LEN) &&
                 (voter == 1)) {
     /* Check the first routerstatus. */
-    test_streq(vrs->version, "0.1.2.14");
-    test_eq(rs->published_on, now-1500);
-    test_streq(rs->nickname, "router2");
-    test_memeq(rs->identity_digest,
+    tt_str_op(vrs->version,OP_EQ, "0.1.2.14");
+    tt_int_op(rs->published_on,OP_EQ, now-1500);
+    tt_str_op(rs->nickname,OP_EQ, "router2");
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
                "\x3\x3\x3\x3",
                DIGEST_LEN);
-    test_memeq(rs->descriptor_digest, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
-    test_eq(rs->addr, 0x99008801);
-    test_eq(rs->or_port, 443);
-    test_eq(rs->dir_port, 8000);
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
+    tt_int_op(rs->addr,OP_EQ, 0x99008801);
+    tt_int_op(rs->or_port,OP_EQ, 443);
+    tt_int_op(rs->dir_port,OP_EQ, 8000);
     /* no flags except "running" (16) and "v2dir" (64) */
-    tt_u64_op(vrs->flags, ==, U64_LITERAL(80));
+    tt_u64_op(vrs->flags, OP_EQ, U64_LITERAL(80));
   } else if (tor_memeq(rs->identity_digest,
                        "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                        "\x5\x5\x5\x5",
                        DIGEST_LEN) &&
                        (voter == 1 || voter == 2)) {
-    test_memeq(rs->identity_digest,
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                "\x5\x5\x5\x5",
                DIGEST_LEN);
 
     if (voter == 1) {
       /* Check the second routerstatus. */
-      test_streq(vrs->version, "0.2.0.5");
-      test_eq(rs->published_on, now-1000);
-      test_streq(rs->nickname, "router1");
+      tt_str_op(vrs->version,OP_EQ, "0.2.0.5");
+      tt_int_op(rs->published_on,OP_EQ, now-1000);
+      tt_str_op(rs->nickname,OP_EQ, "router1");
     }
-    test_memeq(rs->descriptor_digest, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
-    test_eq(rs->addr, 0x99009901);
-    test_eq(rs->or_port, 443);
-    test_eq(rs->dir_port, 0);
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
+    tt_int_op(rs->addr,OP_EQ, 0x99009901);
+    tt_int_op(rs->or_port,OP_EQ, 443);
+    tt_int_op(rs->dir_port,OP_EQ, 0);
     tor_addr_parse(&addr_ipv6, "[1:2:3::4]");
-    test_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
-    test_eq(rs->ipv6_orport, 4711);
+    tt_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
+    tt_int_op(rs->ipv6_orport,OP_EQ, 4711);
     if (voter == 1) {
-      /* all except "authority" (1) and "v2dir" (64) */
-      tt_u64_op(vrs->flags, ==, U64_LITERAL(190));
+      /* all except "authority" (1) */
+      tt_u64_op(vrs->flags, OP_EQ, U64_LITERAL(254));
     } else {
-      /* 1023 - authority(1) - madeofcheese(16) - madeoftin(32) - v2dir(256) */
-      tt_u64_op(vrs->flags, ==, U64_LITERAL(718));
+      /* 1023 - authority(1) - madeofcheese(16) - madeoftin(32) */
+      tt_u64_op(vrs->flags, OP_EQ, U64_LITERAL(974));
     }
   } else if (tor_memeq(rs->identity_digest,
                        "\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33"
@@ -1103,14 +1688,14 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
                        DIGEST_LEN) &&
                        (voter == 1 || voter == 2)) {
     /* Check the measured bandwidth bits */
-    test_assert(vrs->has_measured_bw &&
+    tt_assert(vrs->has_measured_bw &&
                 vrs->measured_bw_kb == 1024);
   } else {
     /*
      * Didn't expect this, but the old unit test only checked some of them,
      * so don't assert.
      */
-    /* test_assert(0); */
+    /* tt_assert(0); */
   }
 
  done:
@@ -1125,9 +1710,9 @@ test_consensus_for_v3ns(networkstatus_t *con, time_t now)
 {
   (void)now;
 
-  test_assert(con);
-  test_assert(!con->cert);
-  test_eq(2, smartlist_len(con->routerstatus_list));
+  tt_assert(con);
+  tt_assert(!con->cert);
+  tt_int_op(2,OP_EQ, smartlist_len(con->routerstatus_list));
   /* There should be two listed routers: one with identity 3, one with
    * identity 5. */
 
@@ -1143,7 +1728,7 @@ test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now)
 {
   tor_addr_t addr_ipv6;
 
-  test_assert(rs);
+  tt_assert(rs);
 
   /* There should be two listed routers: one with identity 3, one with
    * identity 5. */
@@ -1152,49 +1737,51 @@ test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now)
                 "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
                 "\x3\x3",
                 DIGEST_LEN)) {
-    test_memeq(rs->identity_digest,
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3",
                DIGEST_LEN);
-    test_memeq(rs->descriptor_digest, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
-    test_assert(!rs->is_authority);
-    test_assert(!rs->is_exit);
-    test_assert(!rs->is_fast);
-    test_assert(!rs->is_possible_guard);
-    test_assert(!rs->is_stable);
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
+    tt_assert(!rs->is_authority);
+    tt_assert(!rs->is_exit);
+    tt_assert(!rs->is_fast);
+    tt_assert(!rs->is_possible_guard);
+    tt_assert(!rs->is_stable);
     /* (If it wasn't running it wouldn't be here) */
-    test_assert(rs->is_flagged_running);
-    test_assert(!rs->is_valid);
-    test_assert(!rs->is_named);
+    tt_assert(rs->is_flagged_running);
+    tt_assert(!rs->is_valid);
+    tt_assert(!rs->is_named);
+    tt_assert(rs->is_v2_dir);
     /* XXXX check version */
   } else if (tor_memeq(rs->identity_digest,
                        "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                        "\x5\x5\x5\x5",
                        DIGEST_LEN)) {
     /* This one showed up in 3 digests. Twice with ID 'M', once with 'Z'.  */
-    test_memeq(rs->identity_digest,
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5",
                DIGEST_LEN);
-    test_streq(rs->nickname, "router1");
-    test_memeq(rs->descriptor_digest, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
-    test_eq(rs->published_on, now-1000);
-    test_eq(rs->addr, 0x99009901);
-    test_eq(rs->or_port, 443);
-    test_eq(rs->dir_port, 0);
+    tt_str_op(rs->nickname,OP_EQ, "router1");
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
+    tt_int_op(rs->published_on,OP_EQ, now-1000);
+    tt_int_op(rs->addr,OP_EQ, 0x99009901);
+    tt_int_op(rs->or_port,OP_EQ, 443);
+    tt_int_op(rs->dir_port,OP_EQ, 0);
     tor_addr_parse(&addr_ipv6, "[1:2:3::4]");
-    test_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
-    test_eq(rs->ipv6_orport, 4711);
-    test_assert(!rs->is_authority);
-    test_assert(rs->is_exit);
-    test_assert(rs->is_fast);
-    test_assert(rs->is_possible_guard);
-    test_assert(rs->is_stable);
-    test_assert(rs->is_flagged_running);
-    test_assert(rs->is_valid);
-    test_assert(!rs->is_named);
+    tt_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
+    tt_int_op(rs->ipv6_orport,OP_EQ, 4711);
+    tt_assert(!rs->is_authority);
+    tt_assert(rs->is_exit);
+    tt_assert(rs->is_fast);
+    tt_assert(rs->is_possible_guard);
+    tt_assert(rs->is_stable);
+    tt_assert(rs->is_flagged_running);
+    tt_assert(rs->is_valid);
+    tt_assert(rs->is_v2_dir);
+    tt_assert(!rs->is_named);
     /* XXXX check version */
   } else {
     /* Weren't expecting this... */
-    test_assert(0);
+    tt_assert(0);
   }
 
  done:
@@ -1214,7 +1801,6 @@ test_a_networkstatus(
   authority_cert_t *cert1=NULL, *cert2=NULL, *cert3=NULL;
   crypto_pk_t *sign_skey_1=NULL, *sign_skey_2=NULL, *sign_skey_3=NULL;
   crypto_pk_t *sign_skey_leg1=NULL;
-  const char *msg=NULL;
   /*
    * Sum the non-zero returns from vote_tweaks() we've seen; if vote_tweaks()
    * returns non-zero, it changed net_params and we should skip the tests for
@@ -1230,8 +1816,7 @@ test_a_networkstatus(
   vote_routerstatus_t *vrs;
   routerstatus_t *rs;
   int idx, n_rs, n_vrs;
-  char *v1_text=NULL, *v2_text=NULL, *v3_text=NULL, *consensus_text=NULL,
-    *cp=NULL;
+  char *consensus_text=NULL, *cp=NULL;
   smartlist_t *votes = smartlist_new();
 
   /* For generating the two other consensuses. */
@@ -1242,154 +1827,67 @@ test_a_networkstatus(
   networkstatus_t *con2=NULL, *con_md2=NULL, *con3=NULL, *con_md3=NULL;
   ns_detached_signatures_t *dsig1=NULL, *dsig2=NULL;
 
-  test_assert(vrs_gen);
-  test_assert(rs_test);
-  test_assert(vrs_test);
-
-  /* Parse certificates and keys. */
-  cert1 = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
-  test_assert(cert1);
-  cert2 = authority_cert_parse_from_string(AUTHORITY_CERT_2, NULL);
-  test_assert(cert2);
-  cert3 = authority_cert_parse_from_string(AUTHORITY_CERT_3, NULL);
-  test_assert(cert3);
-  sign_skey_1 = crypto_pk_new();
-  sign_skey_2 = crypto_pk_new();
-  sign_skey_3 = crypto_pk_new();
-  sign_skey_leg1 = pk_generate(4);
+  tt_assert(vrs_gen);
+  tt_assert(rs_test);
+  tt_assert(vrs_test);
 
-  test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1,
-                                                   AUTHORITY_SIGNKEY_1, -1));
-  test_assert(!crypto_pk_read_private_key_from_string(sign_skey_2,
-                                                   AUTHORITY_SIGNKEY_2, -1));
-  test_assert(!crypto_pk_read_private_key_from_string(sign_skey_3,
-                                                   AUTHORITY_SIGNKEY_3, -1));
-
-  test_assert(!crypto_pk_cmp_keys(sign_skey_1, cert1->signing_key));
-  test_assert(!crypto_pk_cmp_keys(sign_skey_2, cert2->signing_key));
-
-  /*
-   * Set up a vote; generate it; try to parse it.
-   */
-  vote = tor_malloc_zero(sizeof(networkstatus_t));
-  vote->type = NS_TYPE_VOTE;
-  vote->published = now;
-  vote->valid_after = now+1000;
-  vote->fresh_until = now+2000;
-  vote->valid_until = now+3000;
-  vote->vote_seconds = 100;
-  vote->dist_seconds = 200;
-  vote->supported_methods = smartlist_new();
-  smartlist_split_string(vote->supported_methods, "1 2 3", NULL, 0, -1);
-  vote->client_versions = tor_strdup("0.1.2.14,0.1.2.15");
-  vote->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16");
-  vote->known_flags = smartlist_new();
-  smartlist_split_string(vote->known_flags,
-                     "Authority Exit Fast Guard Running Stable V2Dir Valid",
-                     0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  vote->voters = smartlist_new();
-  voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
-  voter->nickname = tor_strdup("Voter1");
-  voter->address = tor_strdup("1.2.3.4");
-  voter->addr = 0x01020304;
-  voter->dir_port = 80;
-  voter->or_port = 9000;
-  voter->contact = tor_strdup("voter@example.com");
-  crypto_pk_get_digest(cert1->identity_key, voter->identity_digest);
-  smartlist_add(vote->voters, voter);
-  vote->cert = authority_cert_dup(cert1);
-  vote->net_params = smartlist_new();
-  smartlist_split_string(vote->net_params, "circuitwindow=101 foo=990",
-                         NULL, 0, 0);
-  vote->routerstatus_list = smartlist_new();
-  /* add routerstatuses */
-  idx = 0;
-  do {
-    vrs = vrs_gen(idx, now);
-    if (vrs) {
-      smartlist_add(vote->routerstatus_list, vrs);
-      test_assert(router_add_to_routerlist(generate_ri_from_rs(vrs),
-                                           &msg,0,0)>=0);
-      ++idx;
-    }
-  } while (vrs);
-  n_vrs = idx;
+  tt_assert(!dir_common_authority_pk_init(&cert1, &cert2, &cert3,
+                                          &sign_skey_1, &sign_skey_2,
+                                          &sign_skey_3));
+  sign_skey_leg1 = pk_generate(4);
 
-  /* dump the vote and try to parse it. */
-  v1_text = format_networkstatus_vote(sign_skey_1, vote);
-  test_assert(v1_text);
-  v1 = networkstatus_parse_vote_from_string(v1_text, NULL, NS_TYPE_VOTE);
-  test_assert(v1);
+  tt_assert(!dir_common_construct_vote_1(&vote, cert1, sign_skey_1, vrs_gen,
+                                         &v1, &n_vrs, now, 1));
+  tt_assert(v1);
 
   /* Make sure the parsed thing was right. */
-  test_eq(v1->type, NS_TYPE_VOTE);
-  test_eq(v1->published, vote->published);
-  test_eq(v1->valid_after, vote->valid_after);
-  test_eq(v1->fresh_until, vote->fresh_until);
-  test_eq(v1->valid_until, vote->valid_until);
-  test_eq(v1->vote_seconds, vote->vote_seconds);
-  test_eq(v1->dist_seconds, vote->dist_seconds);
-  test_streq(v1->client_versions, vote->client_versions);
-  test_streq(v1->server_versions, vote->server_versions);
-  test_assert(v1->voters && smartlist_len(v1->voters));
+  tt_int_op(v1->type,OP_EQ, NS_TYPE_VOTE);
+  tt_int_op(v1->published,OP_EQ, vote->published);
+  tt_int_op(v1->valid_after,OP_EQ, vote->valid_after);
+  tt_int_op(v1->fresh_until,OP_EQ, vote->fresh_until);
+  tt_int_op(v1->valid_until,OP_EQ, vote->valid_until);
+  tt_int_op(v1->vote_seconds,OP_EQ, vote->vote_seconds);
+  tt_int_op(v1->dist_seconds,OP_EQ, vote->dist_seconds);
+  tt_str_op(v1->client_versions,OP_EQ, vote->client_versions);
+  tt_str_op(v1->server_versions,OP_EQ, vote->server_versions);
+  tt_assert(v1->voters && smartlist_len(v1->voters));
   voter = smartlist_get(v1->voters, 0);
-  test_streq(voter->nickname, "Voter1");
-  test_streq(voter->address, "1.2.3.4");
-  test_eq(voter->addr, 0x01020304);
-  test_eq(voter->dir_port, 80);
-  test_eq(voter->or_port, 9000);
-  test_streq(voter->contact, "voter@example.com");
-  test_assert(v1->cert);
-  test_assert(!crypto_pk_cmp_keys(sign_skey_1, v1->cert->signing_key));
+  tt_str_op(voter->nickname,OP_EQ, "Voter1");
+  tt_str_op(voter->address,OP_EQ, "1.2.3.4");
+  tt_int_op(voter->addr,OP_EQ, 0x01020304);
+  tt_int_op(voter->dir_port,OP_EQ, 80);
+  tt_int_op(voter->or_port,OP_EQ, 9000);
+  tt_str_op(voter->contact,OP_EQ, "voter@example.com");
+  tt_assert(v1->cert);
+  tt_assert(!crypto_pk_cmp_keys(sign_skey_1, v1->cert->signing_key));
   cp = smartlist_join_strings(v1->known_flags, ":", 0, NULL);
-  test_streq(cp, "Authority:Exit:Fast:Guard:Running:Stable:V2Dir:Valid");
+  tt_str_op(cp,OP_EQ, "Authority:Exit:Fast:Guard:Running:Stable:V2Dir:Valid");
   tor_free(cp);
-  test_eq(smartlist_len(v1->routerstatus_list), n_vrs);
+  tt_int_op(smartlist_len(v1->routerstatus_list),OP_EQ, n_vrs);
+  networkstatus_vote_free(vote);
+  vote = NULL;
 
   if (vote_tweaks) params_tweaked += vote_tweaks(v1, 1, now);
 
   /* Check the routerstatuses. */
   for (idx = 0; idx < n_vrs; ++idx) {
     vrs = smartlist_get(v1->routerstatus_list, idx);
-    test_assert(vrs);
+    tt_assert(vrs);
     vrs_test(vrs, 1, now);
   }
 
   /* Generate second vote. It disagrees on some of the times,
-   * and doesn't list versions, and knows some crazy flags */
-  vote->published = now+1;
-  vote->fresh_until = now+3005;
-  vote->dist_seconds = 300;
-  authority_cert_free(vote->cert);
-  vote->cert = authority_cert_dup(cert2);
-  SMARTLIST_FOREACH(vote->net_params, char *, c, tor_free(c));
-  smartlist_clear(vote->net_params);
-  smartlist_split_string(vote->net_params, "bar=2000000000 circuitwindow=20",
-                         NULL, 0, 0);
-  tor_free(vote->client_versions);
-  tor_free(vote->server_versions);
-  voter = smartlist_get(vote->voters, 0);
-  tor_free(voter->nickname);
-  tor_free(voter->address);
-  voter->nickname = tor_strdup("Voter2");
-  voter->address = tor_strdup("2.3.4.5");
-  voter->addr = 0x02030405;
-  crypto_pk_get_digest(cert2->identity_key, voter->identity_digest);
-  smartlist_add(vote->known_flags, tor_strdup("MadeOfCheese"));
-  smartlist_add(vote->known_flags, tor_strdup("MadeOfTin"));
-  smartlist_sort_strings(vote->known_flags);
-
-  /* generate and parse v2. */
-  v2_text = format_networkstatus_vote(sign_skey_2, vote);
-  test_assert(v2_text);
-  v2 = networkstatus_parse_vote_from_string(v2_text, NULL, NS_TYPE_VOTE);
-  test_assert(v2);
+   * and doesn't list versions, and knows some crazy flags.
+   * Generate and parse v2. */
+  tt_assert(!dir_common_construct_vote_2(&vote, cert2, sign_skey_2, vrs_gen,
+                                         &v2, &n_vrs, now, 1));
+  tt_assert(v2);
 
   if (vote_tweaks) params_tweaked += vote_tweaks(v2, 2, now);
 
   /* Check that flags come out right.*/
   cp = smartlist_join_strings(v2->known_flags, ":", 0, NULL);
-  test_streq(cp, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
+  tt_str_op(cp,OP_EQ, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
              "Running:Stable:V2Dir:Valid");
   tor_free(cp);
 
@@ -1397,38 +1895,16 @@ test_a_networkstatus(
   n_vrs = smartlist_len(v2->routerstatus_list);
   for (idx = 0; idx < n_vrs; ++idx) {
     vrs = smartlist_get(v2->routerstatus_list, idx);
-    test_assert(vrs);
+    tt_assert(vrs);
     vrs_test(vrs, 2, now);
   }
+  networkstatus_vote_free(vote);
+  vote = NULL;
 
-  /* Generate the third vote. */
-  vote->published = now;
-  vote->fresh_until = now+2003;
-  vote->dist_seconds = 250;
-  authority_cert_free(vote->cert);
-  vote->cert = authority_cert_dup(cert3);
-  SMARTLIST_FOREACH(vote->net_params, char *, c, tor_free(c));
-  smartlist_clear(vote->net_params);
-  smartlist_split_string(vote->net_params, "circuitwindow=80 foo=660",
-                         NULL, 0, 0);
-  smartlist_add(vote->supported_methods, tor_strdup("4"));
-  vote->client_versions = tor_strdup("0.1.2.14,0.1.2.17");
-  vote->server_versions = tor_strdup("0.1.2.10,0.1.2.15,0.1.2.16");
-  voter = smartlist_get(vote->voters, 0);
-  tor_free(voter->nickname);
-  tor_free(voter->address);
-  voter->nickname = tor_strdup("Voter3");
-  voter->address = tor_strdup("3.4.5.6");
-  voter->addr = 0x03040506;
-  crypto_pk_get_digest(cert3->identity_key, voter->identity_digest);
-  /* This one has a legacy id. */
-  memset(voter->legacy_id_digest, (int)'A', DIGEST_LEN);
-
-  v3_text = format_networkstatus_vote(sign_skey_3, vote);
-  test_assert(v3_text);
-
-  v3 = networkstatus_parse_vote_from_string(v3_text, NULL, NS_TYPE_VOTE);
-  test_assert(v3);
+  /* Generate the third vote with a legacy id. */
+  tt_assert(!dir_common_construct_vote_3(&vote, cert3, sign_skey_3, vrs_gen,
+                                         &v3, &n_vrs, now, 1));
+  tt_assert(v3);
 
   if (vote_tweaks) params_tweaked += vote_tweaks(v3, 3, now);
 
@@ -1442,10 +1918,10 @@ test_a_networkstatus(
                                                    "AAAAAAAAAAAAAAAAAAAA",
                                                    sign_skey_leg1,
                                                    FLAV_NS);
-  test_assert(consensus_text);
+  tt_assert(consensus_text);
   con = networkstatus_parse_vote_from_string(consensus_text, NULL,
                                              NS_TYPE_CONSENSUS);
-  test_assert(con);
+  tt_assert(con);
   //log_notice(LD_GENERAL, "<<%s>>\n<<%s>>\n<<%s>>\n",
   //           v1_text, v2_text, v3_text);
   consensus_text_md = networkstatus_compute_consensus(votes, 3,
@@ -1454,38 +1930,38 @@ test_a_networkstatus(
                                                    "AAAAAAAAAAAAAAAAAAAA",
                                                    sign_skey_leg1,
                                                    FLAV_MICRODESC);
-  test_assert(consensus_text_md);
+  tt_assert(consensus_text_md);
   con_md = networkstatus_parse_vote_from_string(consensus_text_md, NULL,
                                                 NS_TYPE_CONSENSUS);
-  test_assert(con_md);
-  test_eq(con_md->flavor, FLAV_MICRODESC);
+  tt_assert(con_md);
+  tt_int_op(con_md->flavor,OP_EQ, FLAV_MICRODESC);
 
   /* Check consensus contents. */
-  test_assert(con->type == NS_TYPE_CONSENSUS);
-  test_eq(con->published, 0); /* this field only appears in votes. */
-  test_eq(con->valid_after, now+1000);
-  test_eq(con->fresh_until, now+2003); /* median */
-  test_eq(con->valid_until, now+3000);
-  test_eq(con->vote_seconds, 100);
-  test_eq(con->dist_seconds, 250); /* median */
-  test_streq(con->client_versions, "0.1.2.14");
-  test_streq(con->server_versions, "0.1.2.15,0.1.2.16");
+  tt_assert(con->type == NS_TYPE_CONSENSUS);
+  tt_int_op(con->published,OP_EQ, 0); /* this field only appears in votes. */
+  tt_int_op(con->valid_after,OP_EQ, now+1000);
+  tt_int_op(con->fresh_until,OP_EQ, now+2003); /* median */
+  tt_int_op(con->valid_until,OP_EQ, now+3000);
+  tt_int_op(con->vote_seconds,OP_EQ, 100);
+  tt_int_op(con->dist_seconds,OP_EQ, 250); /* median */
+  tt_str_op(con->client_versions,OP_EQ, "0.1.2.14");
+  tt_str_op(con->server_versions,OP_EQ, "0.1.2.15,0.1.2.16");
   cp = smartlist_join_strings(v2->known_flags, ":", 0, NULL);
-  test_streq(cp, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
+  tt_str_op(cp,OP_EQ, "Authority:Exit:Fast:Guard:MadeOfCheese:MadeOfTin:"
              "Running:Stable:V2Dir:Valid");
   tor_free(cp);
   if (!params_tweaked) {
     /* Skip this one if vote_tweaks() messed with the param lists */
     cp = smartlist_join_strings(con->net_params, ":", 0, NULL);
-    test_streq(cp, "circuitwindow=80:foo=660");
+    tt_str_op(cp,OP_EQ, "circuitwindow=80:foo=660");
     tor_free(cp);
   }
 
-  test_eq(4, smartlist_len(con->voters)); /*3 voters, 1 legacy key.*/
+  tt_int_op(4,OP_EQ, smartlist_len(con->voters)); /*3 voters, 1 legacy key.*/
   /* The voter id digests should be in this order. */
-  test_assert(memcmp(cert2->cache_info.identity_digest,
+  tt_assert(memcmp(cert2->cache_info.identity_digest,
                      cert1->cache_info.identity_digest,DIGEST_LEN)<0);
-  test_assert(memcmp(cert1->cache_info.identity_digest,
+  tt_assert(memcmp(cert1->cache_info.identity_digest,
                      cert3->cache_info.identity_digest,DIGEST_LEN)<0);
   test_same_voter(smartlist_get(con->voters, 1),
                   smartlist_get(v2->voters, 0));
@@ -1498,28 +1974,36 @@ test_a_networkstatus(
 
   /* Check the routerstatuses. */
   n_rs = smartlist_len(con->routerstatus_list);
+  tt_assert(n_rs);
   for (idx = 0; idx < n_rs; ++idx) {
     rs = smartlist_get(con->routerstatus_list, idx);
-    test_assert(rs);
+    tt_assert(rs);
     rs_test(rs, now);
   }
 
+  n_rs = smartlist_len(con_md->routerstatus_list);
+  tt_assert(n_rs);
+  for (idx = 0; idx < n_rs; ++idx) {
+    rs = smartlist_get(con_md->routerstatus_list, idx);
+    tt_assert(rs);
+  }
+
   /* Check signatures.  the first voter is a pseudo-entry with a legacy key.
    * The second one hasn't signed.  The fourth one has signed: validate it. */
   voter = smartlist_get(con->voters, 1);
-  test_eq(smartlist_len(voter->sigs), 0);
+  tt_int_op(smartlist_len(voter->sigs),OP_EQ, 0);
 
   voter = smartlist_get(con->voters, 3);
-  test_eq(smartlist_len(voter->sigs), 1);
+  tt_int_op(smartlist_len(voter->sigs),OP_EQ, 1);
   sig = smartlist_get(voter->sigs, 0);
-  test_assert(sig->signature);
-  test_assert(!sig->good_signature);
-  test_assert(!sig->bad_signature);
+  tt_assert(sig->signature);
+  tt_assert(!sig->good_signature);
+  tt_assert(!sig->bad_signature);
 
-  test_assert(!networkstatus_check_document_signature(con, sig, cert3));
-  test_assert(sig->signature);
-  test_assert(sig->good_signature);
-  test_assert(!sig->bad_signature);
+  tt_assert(!networkstatus_check_document_signature(con, sig, cert3));
+  tt_assert(sig->signature);
+  tt_assert(sig->good_signature);
+  tt_assert(!sig->bad_signature);
 
   {
     const char *msg=NULL;
@@ -1542,10 +2026,10 @@ test_a_networkstatus(
                                                       cert1->identity_key,
                                                       sign_skey_1, NULL,NULL,
                                                       FLAV_MICRODESC);
-    test_assert(consensus_text2);
-    test_assert(consensus_text3);
-    test_assert(consensus_text_md2);
-    test_assert(consensus_text_md3);
+    tt_assert(consensus_text2);
+    tt_assert(consensus_text3);
+    tt_assert(consensus_text_md2);
+    tt_assert(consensus_text_md3);
     con2 = networkstatus_parse_vote_from_string(consensus_text2, NULL,
                                                 NS_TYPE_CONSENSUS);
     con3 = networkstatus_parse_vote_from_string(consensus_text3, NULL,
@@ -1554,17 +2038,19 @@ test_a_networkstatus(
                                                 NS_TYPE_CONSENSUS);
     con_md3 = networkstatus_parse_vote_from_string(consensus_text_md3, NULL,
                                                 NS_TYPE_CONSENSUS);
-    test_assert(con2);
-    test_assert(con3);
-    test_assert(con_md2);
-    test_assert(con_md3);
+    tt_assert(con2);
+    tt_assert(con3);
+    tt_assert(con_md2);
+    tt_assert(con_md3);
 
     /* All three should have the same digest. */
-    test_memeq(&con->digests, &con2->digests, sizeof(digests_t));
-    test_memeq(&con->digests, &con3->digests, sizeof(digests_t));
+    tt_mem_op(&con->digests,OP_EQ, &con2->digests, sizeof(common_digests_t));
+    tt_mem_op(&con->digests,OP_EQ, &con3->digests, sizeof(common_digests_t));
 
-    test_memeq(&con_md->digests, &con_md2->digests, sizeof(digests_t));
-    test_memeq(&con_md->digests, &con_md3->digests, sizeof(digests_t));
+    tt_mem_op(&con_md->digests,OP_EQ, &con_md2->digests,
+              sizeof(common_digests_t));
+    tt_mem_op(&con_md->digests,OP_EQ, &con_md3->digests,
+              sizeof(common_digests_t));
 
     /* Extract a detached signature from con3. */
     detached_text1 = get_detached_sigs(con3, con_md3);
@@ -1574,50 +2060,51 @@ test_a_networkstatus(
     tt_assert(dsig1);
 
     /* Are parsed values as expected? */
-    test_eq(dsig1->valid_after, con3->valid_after);
-    test_eq(dsig1->fresh_until, con3->fresh_until);
-    test_eq(dsig1->valid_until, con3->valid_until);
+    tt_int_op(dsig1->valid_after,OP_EQ, con3->valid_after);
+    tt_int_op(dsig1->fresh_until,OP_EQ, con3->fresh_until);
+    tt_int_op(dsig1->valid_until,OP_EQ, con3->valid_until);
     {
-      digests_t *dsig_digests = strmap_get(dsig1->digests, "ns");
-      test_assert(dsig_digests);
-      test_memeq(dsig_digests->d[DIGEST_SHA1], con3->digests.d[DIGEST_SHA1],
-                 DIGEST_LEN);
+      common_digests_t *dsig_digests = strmap_get(dsig1->digests, "ns");
+      tt_assert(dsig_digests);
+      tt_mem_op(dsig_digests->d[DIGEST_SHA1], OP_EQ,
+                con3->digests.d[DIGEST_SHA1], DIGEST_LEN);
       dsig_digests = strmap_get(dsig1->digests, "microdesc");
-      test_assert(dsig_digests);
-      test_memeq(dsig_digests->d[DIGEST_SHA256],
+      tt_assert(dsig_digests);
+      tt_mem_op(dsig_digests->d[DIGEST_SHA256],OP_EQ,
                  con_md3->digests.d[DIGEST_SHA256],
                  DIGEST256_LEN);
     }
     {
       smartlist_t *dsig_signatures = strmap_get(dsig1->signatures, "ns");
-      test_assert(dsig_signatures);
-      test_eq(1, smartlist_len(dsig_signatures));
+      tt_assert(dsig_signatures);
+      tt_int_op(1,OP_EQ, smartlist_len(dsig_signatures));
       sig = smartlist_get(dsig_signatures, 0);
-      test_memeq(sig->identity_digest, cert1->cache_info.identity_digest,
+      tt_mem_op(sig->identity_digest,OP_EQ, cert1->cache_info.identity_digest,
                  DIGEST_LEN);
-      test_eq(sig->alg, DIGEST_SHA1);
+      tt_int_op(sig->alg,OP_EQ, DIGEST_SHA1);
 
       dsig_signatures = strmap_get(dsig1->signatures, "microdesc");
-      test_assert(dsig_signatures);
-      test_eq(1, smartlist_len(dsig_signatures));
+      tt_assert(dsig_signatures);
+      tt_int_op(1,OP_EQ, smartlist_len(dsig_signatures));
       sig = smartlist_get(dsig_signatures, 0);
-      test_memeq(sig->identity_digest, cert1->cache_info.identity_digest,
+      tt_mem_op(sig->identity_digest,OP_EQ, cert1->cache_info.identity_digest,
                  DIGEST_LEN);
-      test_eq(sig->alg, DIGEST_SHA256);
+      tt_int_op(sig->alg,OP_EQ, DIGEST_SHA256);
     }
 
     /* Try adding it to con2. */
     detached_text2 = get_detached_sigs(con2,con_md2);
-    test_eq(1, networkstatus_add_detached_signatures(con2, dsig1, "test",
-                                                     LOG_INFO, &msg));
+    tt_int_op(1,OP_EQ, networkstatus_add_detached_signatures(con2, dsig1,
+                                                   "test", LOG_INFO, &msg));
     tor_free(detached_text2);
-    test_eq(1, networkstatus_add_detached_signatures(con_md2, dsig1, "test",
+    tt_int_op(1,OP_EQ,
+              networkstatus_add_detached_signatures(con_md2, dsig1, "test",
                                                      LOG_INFO, &msg));
     tor_free(detached_text2);
     detached_text2 = get_detached_sigs(con2,con_md2);
     //printf("\n<%s>\n", detached_text2);
     dsig2 = networkstatus_parse_detached_signatures(detached_text2, NULL);
-    test_assert(dsig2);
+    tt_assert(dsig2);
     /*
     printf("\n");
     SMARTLIST_FOREACH(dsig2->signatures, networkstatus_voter_info_t *, vi, {
@@ -1626,65 +2113,49 @@ test_a_networkstatus(
         printf("%s\n", hd);
       });
     */
-    test_eq(2,
+    tt_int_op(2,OP_EQ,
             smartlist_len((smartlist_t*)strmap_get(dsig2->signatures, "ns")));
-    test_eq(2,
+    tt_int_op(2,OP_EQ,
             smartlist_len((smartlist_t*)strmap_get(dsig2->signatures,
                                                    "microdesc")));
 
     /* Try adding to con2 twice; verify that nothing changes. */
-    test_eq(0, networkstatus_add_detached_signatures(con2, dsig1, "test",
-                                                     LOG_INFO, &msg));
+    tt_int_op(0,OP_EQ, networkstatus_add_detached_signatures(con2, dsig1,
+                                               "test", LOG_INFO, &msg));
 
     /* Add to con. */
-    test_eq(2, networkstatus_add_detached_signatures(con, dsig2, "test",
-                                                     LOG_INFO, &msg));
+    tt_int_op(2,OP_EQ, networkstatus_add_detached_signatures(con, dsig2,
+                                               "test", LOG_INFO, &msg));
     /* Check signatures */
     voter = smartlist_get(con->voters, 1);
     sig = smartlist_get(voter->sigs, 0);
-    test_assert(sig);
-    test_assert(!networkstatus_check_document_signature(con, sig, cert2));
+    tt_assert(sig);
+    tt_assert(!networkstatus_check_document_signature(con, sig, cert2));
     voter = smartlist_get(con->voters, 2);
     sig = smartlist_get(voter->sigs, 0);
-    test_assert(sig);
-    test_assert(!networkstatus_check_document_signature(con, sig, cert1));
+    tt_assert(sig);
+    tt_assert(!networkstatus_check_document_signature(con, sig, cert1));
   }
 
  done:
   tor_free(cp);
   smartlist_free(votes);
-  tor_free(v1_text);
-  tor_free(v2_text);
-  tor_free(v3_text);
   tor_free(consensus_text);
   tor_free(consensus_text_md);
 
-  if (vote)
-    networkstatus_vote_free(vote);
-  if (v1)
-    networkstatus_vote_free(v1);
-  if (v2)
-    networkstatus_vote_free(v2);
-  if (v3)
-    networkstatus_vote_free(v3);
-  if (con)
-    networkstatus_vote_free(con);
-  if (con_md)
-    networkstatus_vote_free(con_md);
-  if (sign_skey_1)
-    crypto_pk_free(sign_skey_1);
-  if (sign_skey_2)
-    crypto_pk_free(sign_skey_2);
-  if (sign_skey_3)
-    crypto_pk_free(sign_skey_3);
-  if (sign_skey_leg1)
-    crypto_pk_free(sign_skey_leg1);
-  if (cert1)
-    authority_cert_free(cert1);
-  if (cert2)
-    authority_cert_free(cert2);
-  if (cert3)
-    authority_cert_free(cert3);
+  networkstatus_vote_free(vote);
+  networkstatus_vote_free(v1);
+  networkstatus_vote_free(v2);
+  networkstatus_vote_free(v3);
+  networkstatus_vote_free(con);
+  networkstatus_vote_free(con_md);
+  crypto_pk_free(sign_skey_1);
+  crypto_pk_free(sign_skey_2);
+  crypto_pk_free(sign_skey_3);
+  crypto_pk_free(sign_skey_leg1);
+  authority_cert_free(cert1);
+  authority_cert_free(cert2);
+  authority_cert_free(cert3);
 
   tor_free(consensus_text2);
   tor_free(consensus_text3);
@@ -1692,26 +2163,22 @@ test_a_networkstatus(
   tor_free(consensus_text_md3);
   tor_free(detached_text1);
   tor_free(detached_text2);
-  if (con2)
-    networkstatus_vote_free(con2);
-  if (con3)
-    networkstatus_vote_free(con3);
-  if (con_md2)
-    networkstatus_vote_free(con_md2);
-  if (con_md3)
-    networkstatus_vote_free(con_md3);
-  if (dsig1)
-    ns_detached_signatures_free(dsig1);
-  if (dsig2)
-    ns_detached_signatures_free(dsig2);
+
+  networkstatus_vote_free(con2);
+  networkstatus_vote_free(con3);
+  networkstatus_vote_free(con_md2);
+  networkstatus_vote_free(con_md3);
+  ns_detached_signatures_free(dsig1);
+  ns_detached_signatures_free(dsig2);
 }
 
 /** Run unit tests for generating and parsing V3 consensus networkstatus
  * documents. */
 static void
-test_dir_v3_networkstatus(void)
+test_dir_v3_networkstatus(void *arg)
 {
-  test_a_networkstatus(gen_routerstatus_for_v3ns,
+  (void)arg;
+  test_a_networkstatus(dir_common_gen_routerstatus_for_v3ns,
                        vote_tweaks_for_v3ns,
                        test_vrs_for_v3ns,
                        test_consensus_for_v3ns,
@@ -1740,7 +2207,7 @@ test_dir_scale_bw(void *testdata)
 
   scale_array_elements_to_u64(vals, 8, &total);
 
-  tt_int_op((int)total, ==, 48);
+  tt_int_op((int)total, OP_EQ, 48);
   total = 0;
   for (i=0; i<8; ++i) {
     total += vals[i].u64;
@@ -1749,10 +2216,37 @@ test_dir_scale_bw(void *testdata)
   tt_assert(total <= (U64_LITERAL(1)<<62));
 
   for (i=0; i<8; ++i) {
+    /* vals[2].u64 is the scaled value of 1.0 */
     double ratio = ((double)vals[i].u64) / vals[2].u64;
-    tt_double_op(fabs(ratio - v[i]), <, .00001);
+    tt_double_op(fabs(ratio - v[i]), OP_LT, .00001);
   }
 
+  /* test handling of no entries */
+  total = 1;
+  scale_array_elements_to_u64(vals, 0, &total);
+  tt_assert(total == 0);
+
+  /* make sure we don't read the array when we have no entries
+   * may require compiler flags to catch NULL dereferences */
+  total = 1;
+  scale_array_elements_to_u64(NULL, 0, &total);
+  tt_assert(total == 0);
+
+  scale_array_elements_to_u64(NULL, 0, NULL);
+
+  /* test handling of zero totals */
+  total = 1;
+  vals[0].dbl = 0.0;
+  scale_array_elements_to_u64(vals, 1, &total);
+  tt_assert(total == 0);
+  tt_assert(vals[0].u64 == 0);
+
+  vals[0].dbl = 0.0;
+  vals[1].dbl = 0.0;
+  scale_array_elements_to_u64(vals, 2, NULL);
+  tt_assert(vals[0].u64 == 0);
+  tt_assert(vals[1].u64 == 0);
+
  done:
   ;
 }
@@ -1775,11 +2269,11 @@ test_dir_random_weighted(void *testdata)
     inp[i].u64 = vals[i];
     total += vals[i];
   }
-  tt_u64_op(total, ==, 45);
+  tt_u64_op(total, OP_EQ, 45);
   for (i=0; i<n; ++i) {
     choice = choose_array_element_by_weight(inp, 10);
-    tt_int_op(choice, >=, 0);
-    tt_int_op(choice, <, 10);
+    tt_int_op(choice, OP_GE, 0);
+    tt_int_op(choice, OP_LT, 10);
     histogram[choice]++;
   }
 
@@ -1792,7 +2286,7 @@ test_dir_random_weighted(void *testdata)
     if (expected)
       frac_diff = (histogram[i] - expected) / ((double)expected);
     else
-      tt_int_op(histogram[i], ==, 0);
+      tt_int_op(histogram[i], OP_EQ, 0);
 
     sq = frac_diff * frac_diff;
     if (sq > max_sq_error)
@@ -1800,12 +2294,12 @@ test_dir_random_weighted(void *testdata)
   }
   /* It should almost always be much much less than this.  If you want to
    * figure out the odds, please feel free. */
-  tt_double_op(max_sq_error, <, .05);
+  tt_double_op(max_sq_error, OP_LT, .05);
 
   /* Now try a singleton; do we choose it? */
   for (i = 0; i < 100; ++i) {
     choice = choose_array_element_by_weight(inp, 1);
-    tt_int_op(choice, ==, 0);
+    tt_int_op(choice, OP_EQ, 0);
   }
 
   /* Now try an array of zeros.  We should choose randomly. */
@@ -1814,8 +2308,8 @@ test_dir_random_weighted(void *testdata)
     inp[i].u64 = 0;
   for (i = 0; i < n; ++i) {
     choice = choose_array_element_by_weight(inp, 5);
-    tt_int_op(choice, >=, 0);
-    tt_int_op(choice, <, 5);
+    tt_int_op(choice, OP_GE, 0);
+    tt_int_op(choice, OP_LT, 5);
     histogram[choice]++;
   }
   /* Now see if we chose things about frequently enough. */
@@ -1831,7 +2325,7 @@ test_dir_random_weighted(void *testdata)
   }
   /* It should almost always be much much less than this.  If you want to
    * figure out the odds, please feel free. */
-  tt_double_op(max_sq_error, <, .05);
+  tt_double_op(max_sq_error, OP_LT, .05);
  done:
   ;
 }
@@ -1958,7 +2452,7 @@ gen_routerstatus_for_umbw(int idx, time_t now)
       break;
     default:
       /* Shouldn't happen */
-      test_assert(0);
+      tt_assert(0);
   }
   if (vrs) {
     vrs->microdesc = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
@@ -1980,11 +2474,11 @@ vote_tweaks_for_umbw(networkstatus_t *v, int voter, time_t now)
   char *maxbw_param = NULL;
   int rv = 0;
 
-  test_assert(v);
+  tt_assert(v);
   (void)voter;
   (void)now;
 
-  test_assert(v->supported_methods);
+  tt_assert(v->supported_methods);
   SMARTLIST_FOREACH(v->supported_methods, char *, c, tor_free(c));
   smartlist_clear(v->supported_methods);
   /* Method 17 is MIN_METHOD_TO_CLIP_UNMEASURED_BW_KB */
@@ -1994,7 +2488,7 @@ vote_tweaks_for_umbw(networkstatus_t *v, int voter, time_t now)
   /* If we're using a non-default clip bandwidth, add it to net_params */
   if (alternate_clip_bw > 0) {
     tor_asprintf(&maxbw_param, "maxunmeasuredbw=%u", alternate_clip_bw);
-    test_assert(maxbw_param);
+    tt_assert(maxbw_param);
     if (maxbw_param) {
       smartlist_add(v->net_params, maxbw_param);
       rv = 1;
@@ -2017,9 +2511,9 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
     alternate_clip_bw : DEFAULT_MAX_UNMEASURED_BW_KB;
 
   (void)voter;
-  test_assert(vrs);
+  tt_assert(vrs);
   rs = &(vrs->status);
-  test_assert(rs);
+  tt_assert(rs);
 
   /* Split out by digests to test */
   if (tor_memeq(rs->identity_digest,
@@ -2030,21 +2524,21 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
      * Check the first routerstatus - measured bandwidth below the clip
      * cutoff.
      */
-    test_streq(vrs->version, "0.1.2.14");
-    test_eq(rs->published_on, now-1500);
-    test_streq(rs->nickname, "router2");
-    test_memeq(rs->identity_digest,
+    tt_str_op(vrs->version,OP_EQ, "0.1.2.14");
+    tt_int_op(rs->published_on,OP_EQ, now-1500);
+    tt_str_op(rs->nickname,OP_EQ, "router2");
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3",
                DIGEST_LEN);
-    test_memeq(rs->descriptor_digest, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
-    test_eq(rs->addr, 0x99008801);
-    test_eq(rs->or_port, 443);
-    test_eq(rs->dir_port, 8000);
-    test_assert(rs->has_bandwidth);
-    test_assert(vrs->has_measured_bw);
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb / 2);
-    test_eq(vrs->measured_bw_kb, max_unmeasured_bw_kb / 2);
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
+    tt_int_op(rs->addr,OP_EQ, 0x99008801);
+    tt_int_op(rs->or_port,OP_EQ, 443);
+    tt_int_op(rs->dir_port,OP_EQ, 8000);
+    tt_assert(rs->has_bandwidth);
+    tt_assert(vrs->has_measured_bw);
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb / 2);
+    tt_int_op(vrs->measured_bw_kb,OP_EQ, max_unmeasured_bw_kb / 2);
   } else if (tor_memeq(rs->identity_digest,
                        "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                        "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5",
@@ -2054,24 +2548,24 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
      * Check the second routerstatus - measured bandwidth above the clip
      * cutoff.
      */
-    test_streq(vrs->version, "0.2.0.5");
-    test_eq(rs->published_on, now-1000);
-    test_streq(rs->nickname, "router1");
-    test_memeq(rs->identity_digest,
+    tt_str_op(vrs->version,OP_EQ, "0.2.0.5");
+    tt_int_op(rs->published_on,OP_EQ, now-1000);
+    tt_str_op(rs->nickname,OP_EQ, "router1");
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5",
                DIGEST_LEN);
-    test_memeq(rs->descriptor_digest, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
-    test_eq(rs->addr, 0x99009901);
-    test_eq(rs->or_port, 443);
-    test_eq(rs->dir_port, 0);
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
+    tt_int_op(rs->addr,OP_EQ, 0x99009901);
+    tt_int_op(rs->or_port,OP_EQ, 443);
+    tt_int_op(rs->dir_port,OP_EQ, 0);
     tor_addr_parse(&addr_ipv6, "[1:2:3::4]");
-    test_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
-    test_eq(rs->ipv6_orport, 4711);
-    test_assert(rs->has_bandwidth);
-    test_assert(vrs->has_measured_bw);
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb * 2);
-    test_eq(vrs->measured_bw_kb, max_unmeasured_bw_kb * 2);
+    tt_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
+    tt_int_op(rs->ipv6_orport,OP_EQ, 4711);
+    tt_assert(rs->has_bandwidth);
+    tt_assert(vrs->has_measured_bw);
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb * 2);
+    tt_int_op(vrs->measured_bw_kb,OP_EQ, max_unmeasured_bw_kb * 2);
   } else if (tor_memeq(rs->identity_digest,
                        "\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33"
                        "\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33",
@@ -2081,10 +2575,10 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
      * cutoff; this one should be clipped later on in the consensus, but
      * appears unclipped in the vote.
      */
-    test_assert(rs->has_bandwidth);
-    test_assert(!(vrs->has_measured_bw));
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb * 2);
-    test_eq(vrs->measured_bw_kb, 0);
+    tt_assert(rs->has_bandwidth);
+    tt_assert(!(vrs->has_measured_bw));
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb * 2);
+    tt_int_op(vrs->measured_bw_kb,OP_EQ, 0);
   } else if (tor_memeq(rs->identity_digest,
                        "\x34\x34\x34\x34\x34\x34\x34\x34\x34\x34"
                        "\x34\x34\x34\x34\x34\x34\x34\x34\x34\x34",
@@ -2093,12 +2587,12 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
      * Check the fourth routerstatus - unmeasured bandwidth below the clip
      * cutoff; this one should not be clipped.
      */
-    test_assert(rs->has_bandwidth);
-    test_assert(!(vrs->has_measured_bw));
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb / 2);
-    test_eq(vrs->measured_bw_kb, 0);
+    tt_assert(rs->has_bandwidth);
+    tt_assert(!(vrs->has_measured_bw));
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb / 2);
+    tt_int_op(vrs->measured_bw_kb,OP_EQ, 0);
   } else {
-    test_assert(0);
+    tt_assert(0);
   }
 
  done:
@@ -2113,11 +2607,11 @@ test_consensus_for_umbw(networkstatus_t *con, time_t now)
 {
   (void)now;
 
-  test_assert(con);
-  test_assert(!con->cert);
-  // test_assert(con->consensus_method >= MIN_METHOD_TO_CLIP_UNMEASURED_BW_KB);
-  test_assert(con->consensus_method >= 16);
-  test_eq(4, smartlist_len(con->routerstatus_list));
+  tt_assert(con);
+  tt_assert(!con->cert);
+  // tt_assert(con->consensus_method >= MIN_METHOD_TO_CLIP_UNMEASURED_BW_KB);
+  tt_assert(con->consensus_method >= 16);
+  tt_int_op(4,OP_EQ, smartlist_len(con->routerstatus_list));
   /* There should be four listed routers; all voters saw the same in this */
 
  done:
@@ -2134,61 +2628,61 @@ test_routerstatus_for_umbw(routerstatus_t *rs, time_t now)
   uint32_t max_unmeasured_bw_kb = (alternate_clip_bw > 0) ?
     alternate_clip_bw : DEFAULT_MAX_UNMEASURED_BW_KB;
 
-  test_assert(rs);
+  tt_assert(rs);
 
   /* There should be four listed routers, as constructed above */
   if (tor_memeq(rs->identity_digest,
                 "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
                 "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3",
                 DIGEST_LEN)) {
-    test_memeq(rs->identity_digest,
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3",
                DIGEST_LEN);
-    test_memeq(rs->descriptor_digest, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
-    test_assert(!rs->is_authority);
-    test_assert(!rs->is_exit);
-    test_assert(!rs->is_fast);
-    test_assert(!rs->is_possible_guard);
-    test_assert(!rs->is_stable);
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "NNNNNNNNNNNNNNNNNNNN", DIGEST_LEN);
+    tt_assert(!rs->is_authority);
+    tt_assert(!rs->is_exit);
+    tt_assert(!rs->is_fast);
+    tt_assert(!rs->is_possible_guard);
+    tt_assert(!rs->is_stable);
     /* (If it wasn't running it wouldn't be here) */
-    test_assert(rs->is_flagged_running);
-    test_assert(!rs->is_valid);
-    test_assert(!rs->is_named);
+    tt_assert(rs->is_flagged_running);
+    tt_assert(!rs->is_valid);
+    tt_assert(!rs->is_named);
     /* This one should have measured bandwidth below the clip cutoff */
-    test_assert(rs->has_bandwidth);
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb / 2);
-    test_assert(!(rs->bw_is_unmeasured));
+    tt_assert(rs->has_bandwidth);
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb / 2);
+    tt_assert(!(rs->bw_is_unmeasured));
   } else if (tor_memeq(rs->identity_digest,
                        "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                        "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5",
                        DIGEST_LEN)) {
     /* This one showed up in 3 digests. Twice with ID 'M', once with 'Z'.  */
-    test_memeq(rs->identity_digest,
+    tt_mem_op(rs->identity_digest,OP_EQ,
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5",
                DIGEST_LEN);
-    test_streq(rs->nickname, "router1");
-    test_memeq(rs->descriptor_digest, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
-    test_eq(rs->published_on, now-1000);
-    test_eq(rs->addr, 0x99009901);
-    test_eq(rs->or_port, 443);
-    test_eq(rs->dir_port, 0);
+    tt_str_op(rs->nickname,OP_EQ, "router1");
+    tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
+    tt_int_op(rs->published_on,OP_EQ, now-1000);
+    tt_int_op(rs->addr,OP_EQ, 0x99009901);
+    tt_int_op(rs->or_port,OP_EQ, 443);
+    tt_int_op(rs->dir_port,OP_EQ, 0);
     tor_addr_parse(&addr_ipv6, "[1:2:3::4]");
-    test_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
-    test_eq(rs->ipv6_orport, 4711);
-    test_assert(!rs->is_authority);
-    test_assert(rs->is_exit);
-    test_assert(rs->is_fast);
-    test_assert(rs->is_possible_guard);
-    test_assert(rs->is_stable);
-    test_assert(rs->is_flagged_running);
-    test_assert(rs->is_valid);
-    test_assert(!rs->is_named);
+    tt_assert(tor_addr_eq(&rs->ipv6_addr, &addr_ipv6));
+    tt_int_op(rs->ipv6_orport,OP_EQ, 4711);
+    tt_assert(!rs->is_authority);
+    tt_assert(rs->is_exit);
+    tt_assert(rs->is_fast);
+    tt_assert(rs->is_possible_guard);
+    tt_assert(rs->is_stable);
+    tt_assert(rs->is_flagged_running);
+    tt_assert(rs->is_valid);
+    tt_assert(!rs->is_named);
     /* This one should have measured bandwidth above the clip cutoff */
-    test_assert(rs->has_bandwidth);
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb * 2);
-    test_assert(!(rs->bw_is_unmeasured));
+    tt_assert(rs->has_bandwidth);
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb * 2);
+    tt_assert(!(rs->bw_is_unmeasured));
   } else if (tor_memeq(rs->identity_digest,
                 "\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33"
                 "\x33\x33\x33\x33\x33\x33\x33\x33\x33\x33",
@@ -2197,9 +2691,9 @@ test_routerstatus_for_umbw(routerstatus_t *rs, time_t now)
      * This one should have unmeasured bandwidth above the clip cutoff,
      * and so should be clipped
      */
-    test_assert(rs->has_bandwidth);
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb);
-    test_assert(rs->bw_is_unmeasured);
+    tt_assert(rs->has_bandwidth);
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb);
+    tt_assert(rs->bw_is_unmeasured);
   } else if (tor_memeq(rs->identity_digest,
                 "\x34\x34\x34\x34\x34\x34\x34\x34\x34\x34"
                 "\x34\x34\x34\x34\x34\x34\x34\x34\x34\x34",
@@ -2208,12 +2702,12 @@ test_routerstatus_for_umbw(routerstatus_t *rs, time_t now)
      * This one should have unmeasured bandwidth below the clip cutoff,
      * and so should not be clipped
      */
-    test_assert(rs->has_bandwidth);
-    test_eq(rs->bandwidth_kb, max_unmeasured_bw_kb / 2);
-    test_assert(rs->bw_is_unmeasured);
+    tt_assert(rs->has_bandwidth);
+    tt_int_op(rs->bandwidth_kb,OP_EQ, max_unmeasured_bw_kb / 2);
+    tt_assert(rs->bw_is_unmeasured);
   } else {
     /* Weren't expecting this... */
-    test_assert(0);
+    tt_assert(0);
   }
 
  done:
@@ -2227,9 +2721,10 @@ test_routerstatus_for_umbw(routerstatus_t *rs, time_t now)
  */
 
 static void
-test_dir_clip_unmeasured_bw_kb(void)
+test_dir_clip_unmeasured_bw_kb(void *arg)
 {
   /* Run the test with the default clip bandwidth */
+  (void)arg;
   alternate_clip_bw = 0;
   test_a_networkstatus(gen_routerstatus_for_umbw,
                        vote_tweaks_for_umbw,
@@ -2244,7 +2739,7 @@ test_dir_clip_unmeasured_bw_kb(void)
  */
 
 static void
-test_dir_clip_unmeasured_bw_kb_alt(void)
+test_dir_clip_unmeasured_bw_kb_alt(void *arg)
 {
   /*
    * Try a different one; this value is chosen so that the below-the-cutoff
@@ -2252,6 +2747,7 @@ test_dir_clip_unmeasured_bw_kb_alt(void)
    * DEFAULT_MAX_UNMEASURED_BW_KB and if the consensus incorrectly uses that
    * cutoff it will fail the test.
    */
+  (void)arg;
   alternate_clip_bw = 3 * DEFAULT_MAX_UNMEASURED_BW_KB;
   test_a_networkstatus(gen_routerstatus_for_umbw,
                        vote_tweaks_for_umbw,
@@ -2279,11 +2775,12 @@ test_dir_fmt_control_ns(void *arg)
   rs.is_fast = 1;
   rs.is_flagged_running = 1;
   rs.has_bandwidth = 1;
+  rs.is_v2_dir = 1;
   rs.bandwidth_kb = 1000;
 
   s = networkstatus_getinfo_helper_single(&rs);
   tt_assert(s);
-  tt_str_op(s, ==,
+  tt_str_op(s, OP_EQ,
             "r TetsuoMilk U3RhdGVseSwgcGx1bXAgQnVjayA "
                "TXVsbGlnYW4gY2FtZSB1cCBmcm8 2013-04-02 17:53:18 "
                "32.48.64.80 9001 9002\n"
@@ -2294,6 +2791,281 @@ test_dir_fmt_control_ns(void *arg)
   tor_free(s);
 }
 
+static int mock_get_options_calls = 0;
+static or_options_t *mock_options = NULL;
+
+static void
+reset_options(or_options_t *options, int *get_options_calls)
+{
+  memset(options, 0, sizeof(or_options_t));
+  options->TestingTorNetwork = 1;
+
+  *get_options_calls = 0;
+}
+
+static const or_options_t *
+mock_get_options(void)
+{
+  ++mock_get_options_calls;
+  tor_assert(mock_options);
+  return mock_options;
+}
+
+static void
+reset_routerstatus(routerstatus_t *rs,
+                   const char *hex_identity_digest,
+                   int32_t ipv4_addr)
+{
+  memset(rs, 0, sizeof(routerstatus_t));
+  base16_decode(rs->identity_digest, sizeof(rs->identity_digest),
+                hex_identity_digest, HEX_DIGEST_LEN);
+  /* A zero address matches everything, so the address needs to be set.
+   * But the specific value is irrelevant. */
+  rs->addr = ipv4_addr;
+}
+
+#define ROUTER_A_ID_STR    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+#define ROUTER_A_IPV4      0xAA008801
+#define ROUTER_B_ID_STR    "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
+#define ROUTER_B_IPV4      0xBB008801
+
+#define ROUTERSET_ALL_STR  "*"
+#define ROUTERSET_A_STR    ROUTER_A_ID_STR
+#define ROUTERSET_NONE_STR ""
+
+/*
+ * Test that dirserv_set_routerstatus_testing sets router flags correctly
+ * Using "*"  sets flags on A and B
+ * Using "A"  sets flags on A
+ * Using ""   sets flags on Neither
+ * If the router is not included:
+ *   - if *Strict is set, the flag is set to 0,
+ *   - otherwise, the flag is not modified. */
+static void
+test_dir_dirserv_set_routerstatus_testing(void *arg)
+{
+  (void)arg;
+
+  /* Init options */
+  mock_options = malloc(sizeof(or_options_t));
+  reset_options(mock_options, &mock_get_options_calls);
+
+  MOCK(get_options, mock_get_options);
+
+  /* Init routersets */
+  routerset_t *routerset_all  = routerset_new();
+  routerset_parse(routerset_all,  ROUTERSET_ALL_STR,  "All routers");
+
+  routerset_t *routerset_a    = routerset_new();
+  routerset_parse(routerset_a,    ROUTERSET_A_STR,    "Router A only");
+
+  routerset_t *routerset_none = routerset_new();
+  /* Routersets are empty when provided by routerset_new(),
+   * so this is not strictly necessary */
+  routerset_parse(routerset_none, ROUTERSET_NONE_STR, "No routers");
+
+  /* Init routerstatuses */
+  routerstatus_t *rs_a = malloc(sizeof(routerstatus_t));
+  reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4);
+
+  routerstatus_t *rs_b = malloc(sizeof(routerstatus_t));
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  /* Sanity check that routersets correspond to routerstatuses.
+   * Return values are {2, 3, 4} */
+
+  /* We want 3 ("*" means match all addresses) */
+  tt_assert(routerset_contains_routerstatus(routerset_all,  rs_a, 0) == 3);
+  tt_assert(routerset_contains_routerstatus(routerset_all,  rs_b, 0) == 3);
+
+  /* We want 4 (match id_digest [or nickname]) */
+  tt_assert(routerset_contains_routerstatus(routerset_a,    rs_a, 0) == 4);
+  tt_assert(routerset_contains_routerstatus(routerset_a,    rs_b, 0) == 0);
+
+  tt_assert(routerset_contains_routerstatus(routerset_none, rs_a, 0) == 0);
+  tt_assert(routerset_contains_routerstatus(routerset_none, rs_b, 0) == 0);
+
+  /* Check that "*" sets flags on all routers: Exit
+   * Check the flags aren't being confused with each other */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteExit = routerset_all;
+  mock_options->TestingDirAuthVoteExitIsStrict = 0;
+
+  dirserv_set_routerstatus_testing(rs_a);
+  tt_assert(mock_get_options_calls == 1);
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 2);
+
+  tt_assert(rs_a->is_exit == 1);
+  tt_assert(rs_b->is_exit == 1);
+  /* Be paranoid - check no other flags are set */
+  tt_assert(rs_a->is_possible_guard == 0);
+  tt_assert(rs_b->is_possible_guard == 0);
+  tt_assert(rs_a->is_hs_dir == 0);
+  tt_assert(rs_b->is_hs_dir == 0);
+
+  /* Check that "*" sets flags on all routers: Guard & HSDir
+   * Cover the remaining flags in one test */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteGuard = routerset_all;
+  mock_options->TestingDirAuthVoteGuardIsStrict = 0;
+  mock_options->TestingDirAuthVoteHSDir = routerset_all;
+  mock_options->TestingDirAuthVoteHSDirIsStrict = 0;
+
+  dirserv_set_routerstatus_testing(rs_a);
+  tt_assert(mock_get_options_calls == 1);
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 2);
+
+  tt_assert(rs_a->is_possible_guard == 1);
+  tt_assert(rs_b->is_possible_guard == 1);
+  tt_assert(rs_a->is_hs_dir == 1);
+  tt_assert(rs_b->is_hs_dir == 1);
+  /* Be paranoid - check exit isn't set */
+  tt_assert(rs_a->is_exit == 0);
+  tt_assert(rs_b->is_exit == 0);
+
+  /* Check routerset A sets all flags on router A,
+   * but leaves router B unmodified */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteExit = routerset_a;
+  mock_options->TestingDirAuthVoteExitIsStrict = 0;
+  mock_options->TestingDirAuthVoteGuard = routerset_a;
+  mock_options->TestingDirAuthVoteGuardIsStrict = 0;
+  mock_options->TestingDirAuthVoteHSDir = routerset_a;
+  mock_options->TestingDirAuthVoteHSDirIsStrict = 0;
+
+  dirserv_set_routerstatus_testing(rs_a);
+  tt_assert(mock_get_options_calls == 1);
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 2);
+
+  tt_assert(rs_a->is_exit == 1);
+  tt_assert(rs_b->is_exit == 0);
+  tt_assert(rs_a->is_possible_guard == 1);
+  tt_assert(rs_b->is_possible_guard == 0);
+  tt_assert(rs_a->is_hs_dir == 1);
+  tt_assert(rs_b->is_hs_dir == 0);
+
+  /* Check routerset A unsets all flags on router B when Strict is set */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteExit = routerset_a;
+  mock_options->TestingDirAuthVoteExitIsStrict = 1;
+  mock_options->TestingDirAuthVoteGuard = routerset_a;
+  mock_options->TestingDirAuthVoteGuardIsStrict = 1;
+  mock_options->TestingDirAuthVoteHSDir = routerset_a;
+  mock_options->TestingDirAuthVoteHSDirIsStrict = 1;
+
+  rs_b->is_exit = 1;
+  rs_b->is_possible_guard = 1;
+  rs_b->is_hs_dir = 1;
+
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 1);
+
+  tt_assert(rs_b->is_exit == 0);
+  tt_assert(rs_b->is_possible_guard == 0);
+  tt_assert(rs_b->is_hs_dir == 0);
+
+  /* Check routerset A doesn't modify flags on router B without Strict set */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteExit = routerset_a;
+  mock_options->TestingDirAuthVoteExitIsStrict = 0;
+  mock_options->TestingDirAuthVoteGuard = routerset_a;
+  mock_options->TestingDirAuthVoteGuardIsStrict = 0;
+  mock_options->TestingDirAuthVoteHSDir = routerset_a;
+  mock_options->TestingDirAuthVoteHSDirIsStrict = 0;
+
+  rs_b->is_exit = 1;
+  rs_b->is_possible_guard = 1;
+  rs_b->is_hs_dir = 1;
+
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 1);
+
+  tt_assert(rs_b->is_exit == 1);
+  tt_assert(rs_b->is_possible_guard == 1);
+  tt_assert(rs_b->is_hs_dir == 1);
+
+  /* Check the empty routerset zeroes all flags
+   * on routers A & B with Strict set */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteExit = routerset_none;
+  mock_options->TestingDirAuthVoteExitIsStrict = 1;
+  mock_options->TestingDirAuthVoteGuard = routerset_none;
+  mock_options->TestingDirAuthVoteGuardIsStrict = 1;
+  mock_options->TestingDirAuthVoteHSDir = routerset_none;
+  mock_options->TestingDirAuthVoteHSDirIsStrict = 1;
+
+  rs_b->is_exit = 1;
+  rs_b->is_possible_guard = 1;
+  rs_b->is_hs_dir = 1;
+
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 1);
+
+  tt_assert(rs_b->is_exit == 0);
+  tt_assert(rs_b->is_possible_guard == 0);
+  tt_assert(rs_b->is_hs_dir == 0);
+
+  /* Check the empty routerset doesn't modify any flags
+   * on A or B without Strict set */
+  reset_options(mock_options, &mock_get_options_calls);
+  reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4);
+  reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4);
+
+  mock_options->TestingDirAuthVoteExit = routerset_none;
+  mock_options->TestingDirAuthVoteExitIsStrict = 0;
+  mock_options->TestingDirAuthVoteGuard = routerset_none;
+  mock_options->TestingDirAuthVoteGuardIsStrict = 0;
+  mock_options->TestingDirAuthVoteHSDir = routerset_none;
+  mock_options->TestingDirAuthVoteHSDirIsStrict = 0;
+
+  rs_b->is_exit = 1;
+  rs_b->is_possible_guard = 1;
+  rs_b->is_hs_dir = 1;
+
+  dirserv_set_routerstatus_testing(rs_a);
+  tt_assert(mock_get_options_calls == 1);
+  dirserv_set_routerstatus_testing(rs_b);
+  tt_assert(mock_get_options_calls == 2);
+
+  tt_assert(rs_a->is_exit == 0);
+  tt_assert(rs_a->is_possible_guard == 0);
+  tt_assert(rs_a->is_hs_dir == 0);
+  tt_assert(rs_b->is_exit == 1);
+  tt_assert(rs_b->is_possible_guard == 1);
+  tt_assert(rs_b->is_hs_dir == 1);
+
+ done:
+  free(mock_options);
+  mock_options = NULL;
+
+  UNMOCK(get_options);
+
+  routerset_free(routerset_all);
+  routerset_free(routerset_a);
+  routerset_free(routerset_none);
+
+  free(rs_a);
+  free(rs_b);
+}
+
 static void
 test_dir_http_handling(void *args)
 {
@@ -2302,75 +3074,1156 @@ test_dir_http_handling(void *args)
 
   /* Parse http url tests: */
   /* Good headers */
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.1\r\n"
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.1\r\n"
                            "Host: example.com\r\n"
                            "User-Agent: Mozilla/5.0 (Windows;"
                            " U; Windows NT 6.1; en-US; rv:1.9.1.5)\r\n",
-                           &url), 0);
-  test_streq(url, "/tor/a/b/c.txt");
+                           &url),OP_EQ, 0);
+  tt_str_op(url,OP_EQ, "/tor/a/b/c.txt");
   tor_free(url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.0\r\n", &url), 0);
-  test_streq(url, "/tor/a/b/c.txt");
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.0\r\n", &url),OP_EQ, 0);
+  tt_str_op(url,OP_EQ, "/tor/a/b/c.txt");
   tor_free(url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.600\r\n", &url), 0);
-  test_streq(url, "/tor/a/b/c.txt");
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.600\r\n", &url),
+            OP_EQ, 0);
+  tt_str_op(url,OP_EQ, "/tor/a/b/c.txt");
   tor_free(url);
 
   /* Should prepend '/tor/' to url if required */
-  test_eq(parse_http_url("GET /a/b/c.txt HTTP/1.1\r\n"
+  tt_int_op(parse_http_url("GET /a/b/c.txt HTTP/1.1\r\n"
                            "Host: example.com\r\n"
                            "User-Agent: Mozilla/5.0 (Windows;"
                            " U; Windows NT 6.1; en-US; rv:1.9.1.5)\r\n",
-                           &url), 0);
-  test_streq(url, "/tor/a/b/c.txt");
+                           &url),OP_EQ, 0);
+  tt_str_op(url,OP_EQ, "/tor/a/b/c.txt");
   tor_free(url);
 
   /* Bad headers -- no HTTP/1.x*/
-  test_eq(parse_http_url("GET /a/b/c.txt\r\n"
+  tt_int_op(parse_http_url("GET /a/b/c.txt\r\n"
                            "Host: example.com\r\n"
                            "User-Agent: Mozilla/5.0 (Windows;"
                            " U; Windows NT 6.1; en-US; rv:1.9.1.5)\r\n",
-                           &url), -1);
+                           &url),OP_EQ, -1);
   tt_assert(!url);
 
   /* Bad headers */
-  test_eq(parse_http_url("GET /a/b/c.txt\r\n"
+  tt_int_op(parse_http_url("GET /a/b/c.txt\r\n"
                            "Host: example.com\r\n"
                            "User-Agent: Mozilla/5.0 (Windows;"
                            " U; Windows NT 6.1; en-US; rv:1.9.1.5)\r\n",
-                           &url), -1);
+                           &url),OP_EQ, -1);
   tt_assert(!url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt", &url), -1);
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt", &url),OP_EQ, -1);
   tt_assert(!url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.1", &url), -1);
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.1", &url),OP_EQ, -1);
   tt_assert(!url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.1x\r\n", &url), -1);
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.1x\r\n", &url),
+            OP_EQ, -1);
   tt_assert(!url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.", &url), -1);
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.", &url),OP_EQ, -1);
   tt_assert(!url);
 
-  test_eq(parse_http_url("GET /tor/a/b/c.txt HTTP/1.\r", &url), -1);
+  tt_int_op(parse_http_url("GET /tor/a/b/c.txt HTTP/1.\r", &url),OP_EQ, -1);
   tt_assert(!url);
 
  done:
   tor_free(url);
 }
 
-#define DIR_LEGACY(name)                                                   \
-  { #name, legacy_test_helper, TT_FORK, &legacy_setup, test_dir_ ## name }
+static void
+test_dir_purpose_needs_anonymity(void *arg)
+{
+  (void)arg;
+  tt_int_op(1, ==, purpose_needs_anonymity(0, ROUTER_PURPOSE_BRIDGE));
+  tt_int_op(1, ==, purpose_needs_anonymity(0, ROUTER_PURPOSE_GENERAL));
+  tt_int_op(0, ==, purpose_needs_anonymity(DIR_PURPOSE_FETCH_MICRODESC,
+                                            ROUTER_PURPOSE_GENERAL));
+ done: ;
+}
+
+static void
+test_dir_fetch_type(void *arg)
+{
+  (void)arg;
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_EXTRAINFO, ROUTER_PURPOSE_BRIDGE,
+                           NULL), OP_EQ, EXTRAINFO_DIRINFO | BRIDGE_DIRINFO);
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_EXTRAINFO, ROUTER_PURPOSE_GENERAL,
+                           NULL), OP_EQ, EXTRAINFO_DIRINFO | V3_DIRINFO);
+
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_SERVERDESC, ROUTER_PURPOSE_BRIDGE,
+                           NULL), OP_EQ, BRIDGE_DIRINFO);
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_SERVERDESC,
+                           ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, V3_DIRINFO);
+
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_STATUS_VOTE,
+                           ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, V3_DIRINFO);
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES,
+                           ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, V3_DIRINFO);
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_CERTIFICATE,
+                           ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, V3_DIRINFO);
+
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_CONSENSUS, ROUTER_PURPOSE_GENERAL,
+                           "microdesc"), OP_EQ, V3_DIRINFO|MICRODESC_DIRINFO);
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_CONSENSUS, ROUTER_PURPOSE_GENERAL,
+                           NULL), OP_EQ, V3_DIRINFO);
+
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_MICRODESC, ROUTER_PURPOSE_GENERAL,
+                           NULL), OP_EQ, MICRODESC_DIRINFO);
+
+  tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_RENDDESC_V2,
+                           ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, NO_DIRINFO);
+ done: ;
+}
+
+static void
+test_dir_packages(void *arg)
+{
+  smartlist_t *votes = smartlist_new();
+  char *res = NULL;
+  (void)arg;
+
+#define BAD(s) \
+  tt_int_op(0, ==, validate_recommended_package_line(s));
+#define GOOD(s) \
+  tt_int_op(1, ==, validate_recommended_package_line(s));
+  GOOD("tor 0.2.6.3-alpha "
+       "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+       "sha256=sssdlkfjdsklfjdskfljasdklfj");
+  GOOD("tor 0.2.6.3-alpha "
+       "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+       "sha256=sssdlkfjdsklfjdskfljasdklfj blake2b=fred");
+  BAD("tor 0.2.6.3-alpha "
+       "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+       "sha256=sssdlkfjdsklfjdskfljasdklfj=");
+  BAD("tor 0.2.6.3-alpha "
+       "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+       "sha256=sssdlkfjdsklfjdskfljasdklfj blake2b");
+  BAD("tor 0.2.6.3-alpha "
+       "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz ");
+  BAD("tor 0.2.6.3-alpha "
+       "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz");
+  BAD("tor 0.2.6.3-alpha ");
+  BAD("tor 0.2.6.3-alpha");
+  BAD("tor ");
+  BAD("tor");
+  BAD("");
+  BAD("=foobar sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+  BAD("= = sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+  BAD("sha512= sha256="
+      "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+  smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+  smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+  smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+  smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+  smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+  smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+  SMARTLIST_FOREACH(votes, networkstatus_t *, ns,
+                    ns->package_lines = smartlist_new());
+
+#define ADD(i, s)                                                       \
+  smartlist_add(((networkstatus_t*)smartlist_get(votes, (i)))->package_lines, \
+                (void*)(s));
+
+  /* Only one vote for this one. */
+  ADD(4, "cisco 99z http://foobar.example.com/ sha256=blahblah");
+
+  /* Only two matching entries for this one, but 3 voters */
+  ADD(1, "mystic 99y http://barfoo.example.com/ sha256=blahblah");
+  ADD(3, "mystic 99y http://foobar.example.com/ sha256=blahblah");
+  ADD(4, "mystic 99y http://foobar.example.com/ sha256=blahblah");
+
+  /* Only two matching entries for this one, but at least 4 voters */
+  ADD(1, "mystic 99p http://barfoo.example.com/ sha256=ggggggg");
+  ADD(3, "mystic 99p http://foobar.example.com/ sha256=blahblah");
+  ADD(4, "mystic 99p http://foobar.example.com/ sha256=blahblah");
+  ADD(5, "mystic 99p http://foobar.example.com/ sha256=ggggggg");
+
+  /* This one has only invalid votes. */
+  ADD(0, "haffenreffer 1.2 http://foobar.example.com/ sha256");
+  ADD(1, "haffenreffer 1.2 http://foobar.example.com/ ");
+  ADD(2, "haffenreffer 1.2 ");
+  ADD(3, "haffenreffer ");
+  ADD(4, "haffenreffer");
+
+  /* Three matching votes for this; it should actually go in! */
+  ADD(2, "element 0.66.1 http://quux.example.com/ sha256=abcdef");
+  ADD(3, "element 0.66.1 http://quux.example.com/ sha256=abcdef");
+  ADD(4, "element 0.66.1 http://quux.example.com/ sha256=abcdef");
+  ADD(1, "element 0.66.1 http://quum.example.com/ sha256=abcdef");
+  ADD(0, "element 0.66.1 http://quux.example.com/ sha256=abcde");
+
+  /* Three votes for A, three votes for B */
+  ADD(0, "clownshoes 22alpha1 http://quumble.example.com/ blake2=foob");
+  ADD(1, "clownshoes 22alpha1 http://quumble.example.com/ blake2=foob");
+  ADD(2, "clownshoes 22alpha1 http://quumble.example.com/ blake2=foob");
+  ADD(3, "clownshoes 22alpha1 http://quumble.example.com/ blake2=fooz");
+  ADD(4, "clownshoes 22alpha1 http://quumble.example.com/ blake2=fooz");
+  ADD(5, "clownshoes 22alpha1 http://quumble.example.com/ blake2=fooz");
+
+  /* Three votes for A, two votes for B */
+  ADD(1, "clownshoes 22alpha3 http://quumble.example.com/ blake2=foob");
+  ADD(2, "clownshoes 22alpha3 http://quumble.example.com/ blake2=foob");
+  ADD(3, "clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz");
+  ADD(4, "clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz");
+  ADD(5, "clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz");
+
+  /* Four votes for A, two for B. */
+  ADD(0, "clownshoes 22alpha4 http://quumble.example.com/ blake2=foob");
+  ADD(1, "clownshoes 22alpha4 http://quumble.example.com/ blake2=foob");
+  ADD(2, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+  ADD(3, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+  ADD(4, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+  ADD(5, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+
+  /* Five votes for A ... all from the same authority.  Three for B. */
+  ADD(0, "cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m");
+  ADD(1, "cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m");
+  ADD(3, "cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m");
+  ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+
+  /* As above but new replaces old: no two match. */
+  ADD(0, "cbc 99.1.11.1.2 http://example.com/cbc/ cubehash=ahooy sha512=m");
+  ADD(1, "cbc 99.1.11.1.2 http://example.com/cbc/ cubehash=ahooy sha512=m");
+  ADD(1, "cbc 99.1.11.1.2 http://example.com/cbc/x cubehash=ahooy sha512=m");
+  ADD(2, "cbc 99.1.11.1.2 http://example.com/cbc/ cubehash=ahooy sha512=m");
+  ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+  ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+
+  res = compute_consensus_package_lines(votes);
+  tt_assert(res);
+  tt_str_op(res, ==,
+    "package cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m\n"
+    "package clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz\n"
+    "package clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa\n"
+    "package element 0.66.1 http://quux.example.com/ sha256=abcdef\n"
+    "package mystic 99y http://foobar.example.com/ sha256=blahblah\n"
+            );
+
+#undef ADD
+#undef BAD
+#undef GOOD
+ done:
+  SMARTLIST_FOREACH(votes, networkstatus_t *, ns,
+                    { smartlist_free(ns->package_lines); tor_free(ns); });
+  smartlist_free(votes);
+  tor_free(res);
+}
+
+static void
+test_dir_download_status_schedule(void *arg)
+{
+  (void)arg;
+  download_status_t dls_failure = { 0, 0, 0, DL_SCHED_GENERIC,
+                                             DL_WANT_AUTHORITY,
+                                             DL_SCHED_INCREMENT_FAILURE };
+  download_status_t dls_attempt = { 0, 0, 0, DL_SCHED_CONSENSUS,
+                                             DL_WANT_ANY_DIRSERVER,
+                                             DL_SCHED_INCREMENT_ATTEMPT};
+  download_status_t dls_bridge  = { 0, 0, 0, DL_SCHED_BRIDGE,
+                                             DL_WANT_AUTHORITY,
+                                             DL_SCHED_INCREMENT_FAILURE};
+  int increment = -1;
+  int expected_increment = -1;
+  time_t current_time = time(NULL);
+  int delay1 = -1;
+  int delay2 = -1;
+  smartlist_t *schedule = smartlist_new();
+
+  /* Make a dummy schedule */
+  smartlist_add(schedule, (void *)&delay1);
+  smartlist_add(schedule, (void *)&delay2);
+
+  /* check a range of values */
+  delay1 = 1000;
+  increment = download_status_schedule_get_delay(&dls_failure,
+                                                 schedule,
+                                                 TIME_MIN);
+  expected_increment = delay1;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_failure.next_attempt_at == TIME_MIN + expected_increment);
+
+  delay1 = INT_MAX;
+  increment =  download_status_schedule_get_delay(&dls_failure,
+                                                  schedule,
+                                                  -1);
+  expected_increment = delay1;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_failure.next_attempt_at == TIME_MAX);
+
+  delay1 = 0;
+  increment = download_status_schedule_get_delay(&dls_attempt,
+                                                 schedule,
+                                                 0);
+  expected_increment = delay1;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_attempt.next_attempt_at == 0 + expected_increment);
+
+  delay1 = 1000;
+  increment = download_status_schedule_get_delay(&dls_attempt,
+                                                 schedule,
+                                                 1);
+  expected_increment = delay1;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_attempt.next_attempt_at == 1 + expected_increment);
+
+  delay1 = INT_MAX;
+  increment = download_status_schedule_get_delay(&dls_bridge,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = delay1;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_bridge.next_attempt_at == TIME_MAX);
+
+  delay1 = 1;
+  increment = download_status_schedule_get_delay(&dls_bridge,
+                                                 schedule,
+                                                 TIME_MAX);
+  expected_increment = delay1;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_bridge.next_attempt_at == TIME_MAX);
+
+  /* see what happens when we reach the end */
+  dls_attempt.n_download_attempts++;
+  dls_bridge.n_download_failures++;
+
+  delay2 = 100;
+  increment = download_status_schedule_get_delay(&dls_attempt,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = delay2;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_attempt.next_attempt_at == current_time + delay2);
+
+  delay2 = 1;
+  increment = download_status_schedule_get_delay(&dls_bridge,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = delay2;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_bridge.next_attempt_at == current_time + delay2);
+
+  /* see what happens when we try to go off the end */
+  dls_attempt.n_download_attempts++;
+  dls_bridge.n_download_failures++;
+
+  delay2 = 5;
+  increment = download_status_schedule_get_delay(&dls_attempt,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = delay2;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_attempt.next_attempt_at == current_time + delay2);
+
+  delay2 = 17;
+  increment = download_status_schedule_get_delay(&dls_bridge,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = delay2;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_bridge.next_attempt_at == current_time + delay2);
+
+  /* see what happens when we reach IMPOSSIBLE_TO_DOWNLOAD */
+  dls_attempt.n_download_attempts = IMPOSSIBLE_TO_DOWNLOAD;
+  dls_bridge.n_download_failures = IMPOSSIBLE_TO_DOWNLOAD;
+
+  delay2 = 35;
+  increment = download_status_schedule_get_delay(&dls_attempt,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = INT_MAX;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_attempt.next_attempt_at == TIME_MAX);
+
+  delay2 = 99;
+  increment = download_status_schedule_get_delay(&dls_bridge,
+                                                 schedule,
+                                                 current_time);
+  expected_increment = INT_MAX;
+  tt_assert(increment == expected_increment);
+  tt_assert(dls_bridge.next_attempt_at == TIME_MAX);
+
+ done:
+  /* the pointers in schedule are allocated on the stack */
+  smartlist_free(schedule);
+}
+
+static void
+test_dir_download_status_increment(void *arg)
+{
+  (void)arg;
+  download_status_t dls_failure = { 0, 0, 0, DL_SCHED_GENERIC,
+    DL_WANT_AUTHORITY,
+    DL_SCHED_INCREMENT_FAILURE };
+  download_status_t dls_attempt = { 0, 0, 0, DL_SCHED_BRIDGE,
+    DL_WANT_ANY_DIRSERVER,
+    DL_SCHED_INCREMENT_ATTEMPT};
+  int delay0 = -1;
+  int delay1 = -1;
+  int delay2 = -1;
+  smartlist_t *schedule = smartlist_new();
+  or_options_t test_options;
+  time_t next_at = TIME_MAX;
+  time_t current_time = time(NULL);
+
+  /* Provide some values for the schedule */
+  delay0 = 10;
+  delay1 = 99;
+  delay2 = 20;
+
+  /* Make the schedule */
+  smartlist_add(schedule, (void *)&delay0);
+  smartlist_add(schedule, (void *)&delay1);
+  smartlist_add(schedule, (void *)&delay2);
+
+  /* Put it in the options */
+  mock_options = &test_options;
+  reset_options(mock_options, &mock_get_options_calls);
+  mock_options->TestingClientDownloadSchedule = schedule;
+  mock_options->TestingBridgeDownloadSchedule = schedule;
+
+  MOCK(get_options, mock_get_options);
+
+  /* Check that a failure reset works */
+  mock_get_options_calls = 0;
+  download_status_reset(&dls_failure);
+  /* we really want to test that it's equal to time(NULL) + delay0, but that's
+   * an unrealiable test, because time(NULL) might change. */
+  tt_assert(download_status_get_next_attempt_at(&dls_failure)
+            >= current_time + delay0);
+  tt_assert(download_status_get_next_attempt_at(&dls_failure)
+            != TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 0);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* avoid timing inconsistencies */
+  dls_failure.next_attempt_at = current_time + delay0;
+
+  /* check that a reset schedule becomes ready at the right time */
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay0 - 1,
+                                     1) == 0);
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay0,
+                                     1) == 1);
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay0 + 1,
+                                     1) == 1);
+
+  /* Check that a failure increment works */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_failure(&dls_failure, 404, "test", 0,
+                                              current_time);
+  tt_assert(next_at == current_time + delay1);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 1);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 1);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* check that an incremented schedule becomes ready at the right time */
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay1 - 1,
+                                     1) == 0);
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay1,
+                                     1) == 1);
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay1 + 1,
+                                     1) == 1);
+
+  /* check that a schedule isn't ready if it's had too many failures */
+  tt_assert(download_status_is_ready(&dls_failure,
+                                     current_time + delay1 + 10,
+                                     0) == 0);
+
+  /* Check that failure increments don't happen on 503 for clients, but that
+   * attempt increments do. */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_failure(&dls_failure, 503, "test", 0,
+                                              current_time);
+  tt_assert(next_at == current_time + delay1);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 1);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 2);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check that failure increments do happen on 503 for servers */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_failure(&dls_failure, 503, "test", 1,
+                                              current_time);
+  tt_assert(next_at == current_time + delay2);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 2);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 3);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check what happens when we run off the end of the schedule */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_failure(&dls_failure, 404, "test", 0,
+                                              current_time);
+  tt_assert(next_at == current_time + delay2);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 3);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 4);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check what happens when we hit the failure limit */
+  mock_get_options_calls = 0;
+  download_status_mark_impossible(&dls_failure);
+  next_at = download_status_increment_failure(&dls_failure, 404, "test", 0,
+                                              current_time);
+  tt_assert(next_at == TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_failure)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(download_status_get_n_attempts(&dls_failure)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check that a failure reset doesn't reset at the limit */
+  mock_get_options_calls = 0;
+  download_status_reset(&dls_failure);
+  tt_assert(download_status_get_next_attempt_at(&dls_failure)
+            == TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_failure)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(download_status_get_n_attempts(&dls_failure)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(mock_get_options_calls == 0);
+
+  /* Check that a failure reset resets just before the limit */
+  mock_get_options_calls = 0;
+  dls_failure.n_download_failures = IMPOSSIBLE_TO_DOWNLOAD - 1;
+  dls_failure.n_download_attempts = IMPOSSIBLE_TO_DOWNLOAD - 1;
+  download_status_reset(&dls_failure);
+  /* we really want to test that it's equal to time(NULL) + delay0, but that's
+   * an unrealiable test, because time(NULL) might change. */
+  tt_assert(download_status_get_next_attempt_at(&dls_failure)
+            >= current_time + delay0);
+  tt_assert(download_status_get_next_attempt_at(&dls_failure)
+            != TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 0);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check that failure increments do happen on attempt-based schedules,
+   * but that the retry is set at the end of time */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_failure(&dls_attempt, 404, "test", 0,
+                                              current_time);
+  tt_assert(next_at == TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_attempt) == 1);
+  tt_assert(download_status_get_n_attempts(&dls_attempt) == 0);
+  tt_assert(mock_get_options_calls == 0);
+
+  /* Check that an attempt reset works */
+  mock_get_options_calls = 0;
+  download_status_reset(&dls_attempt);
+  /* we really want to test that it's equal to time(NULL) + delay0, but that's
+   * an unrealiable test, because time(NULL) might change. */
+  tt_assert(download_status_get_next_attempt_at(&dls_attempt)
+            >= current_time + delay0);
+  tt_assert(download_status_get_next_attempt_at(&dls_attempt)
+            != TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_attempt) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_attempt) == 0);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* avoid timing inconsistencies */
+  dls_attempt.next_attempt_at = current_time + delay0;
+
+  /* check that a reset schedule becomes ready at the right time */
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay0 - 1,
+                                     1) == 0);
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay0,
+                                     1) == 1);
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay0 + 1,
+                                     1) == 1);
+
+  /* Check that an attempt increment works */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_attempt(&dls_attempt, "test",
+                                              current_time);
+  tt_assert(next_at == current_time + delay1);
+  tt_assert(download_status_get_n_failures(&dls_attempt) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_attempt) == 1);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* check that an incremented schedule becomes ready at the right time */
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay1 - 1,
+                                     1) == 0);
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay1,
+                                     1) == 1);
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay1 + 1,
+                                     1) == 1);
+
+  /* check that a schedule isn't ready if it's had too many attempts */
+  tt_assert(download_status_is_ready(&dls_attempt,
+                                     current_time + delay1 + 10,
+                                     0) == 0);
+
+  /* Check what happens when we reach then run off the end of the schedule */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_attempt(&dls_attempt, "test",
+                                              current_time);
+  tt_assert(next_at == current_time + delay2);
+  tt_assert(download_status_get_n_failures(&dls_attempt) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_attempt) == 2);
+  tt_assert(mock_get_options_calls >= 1);
+
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_attempt(&dls_attempt, "test",
+                                              current_time);
+  tt_assert(next_at == current_time + delay2);
+  tt_assert(download_status_get_n_failures(&dls_attempt) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_attempt) == 3);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check what happens when we hit the attempt limit */
+  mock_get_options_calls = 0;
+  download_status_mark_impossible(&dls_attempt);
+  next_at = download_status_increment_attempt(&dls_attempt, "test",
+                                              current_time);
+  tt_assert(next_at == TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_attempt)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(download_status_get_n_attempts(&dls_attempt)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check that an attempt reset doesn't reset at the limit */
+  mock_get_options_calls = 0;
+  download_status_reset(&dls_attempt);
+  tt_assert(download_status_get_next_attempt_at(&dls_attempt)
+            == TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_attempt)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(download_status_get_n_attempts(&dls_attempt)
+            == IMPOSSIBLE_TO_DOWNLOAD);
+  tt_assert(mock_get_options_calls == 0);
+
+  /* Check that an attempt reset resets just before the limit */
+  mock_get_options_calls = 0;
+  dls_attempt.n_download_failures = IMPOSSIBLE_TO_DOWNLOAD - 1;
+  dls_attempt.n_download_attempts = IMPOSSIBLE_TO_DOWNLOAD - 1;
+  download_status_reset(&dls_attempt);
+  /* we really want to test that it's equal to time(NULL) + delay0, but that's
+   * an unrealiable test, because time(NULL) might change. */
+  tt_assert(download_status_get_next_attempt_at(&dls_attempt)
+            >= current_time + delay0);
+  tt_assert(download_status_get_next_attempt_at(&dls_attempt)
+            != TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_attempt) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_attempt) == 0);
+  tt_assert(mock_get_options_calls >= 1);
+
+  /* Check that attempt increments don't happen on failure-based schedules,
+   * and that the attempt is set at the end of time */
+  mock_get_options_calls = 0;
+  next_at = download_status_increment_attempt(&dls_failure, "test",
+                                              current_time);
+  tt_assert(next_at == TIME_MAX);
+  tt_assert(download_status_get_n_failures(&dls_failure) == 0);
+  tt_assert(download_status_get_n_attempts(&dls_failure) == 0);
+  tt_assert(mock_get_options_calls == 0);
+
+ done:
+  /* the pointers in schedule are allocated on the stack */
+  smartlist_free(schedule);
+  UNMOCK(get_options);
+  mock_options = NULL;
+  mock_get_options_calls = 0;
+}
+
+static void
+test_dir_authdir_type_to_string(void *data)
+{
+  (void)data;
+  char *res;
+
+  tt_str_op(res = authdir_type_to_string(NO_DIRINFO), OP_EQ,
+            "[Not an authority]");
+  tor_free(res);
+
+  tt_str_op(res = authdir_type_to_string(EXTRAINFO_DIRINFO), OP_EQ,
+            "[Not an authority]");
+  tor_free(res);
+
+  tt_str_op(res = authdir_type_to_string(MICRODESC_DIRINFO), OP_EQ,
+            "[Not an authority]");
+  tor_free(res);
+
+  tt_str_op(res = authdir_type_to_string(V3_DIRINFO), OP_EQ, "V3");
+  tor_free(res);
+
+  tt_str_op(res = authdir_type_to_string(BRIDGE_DIRINFO), OP_EQ, "Bridge");
+  tor_free(res);
+
+  tt_str_op(res = authdir_type_to_string(
+            V3_DIRINFO | BRIDGE_DIRINFO | EXTRAINFO_DIRINFO), OP_EQ,
+            "V3, Bridge");
+  done:
+  tor_free(res);
+}
+
+static void
+test_dir_conn_purpose_to_string(void *data)
+{
+  (void)data;
+
+#define EXPECT_CONN_PURPOSE(purpose, expected) \
+  tt_str_op(dir_conn_purpose_to_string(purpose), OP_EQ, expected);
+
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_UPLOAD_DIR, "server descriptor upload");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_UPLOAD_VOTE, "server vote upload");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_UPLOAD_SIGNATURES,
+                      "consensus signature upload");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_SERVERDESC, "server descriptor fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_EXTRAINFO, "extra-info fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_CONSENSUS,
+                      "consensus network-status fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_CERTIFICATE, "authority cert fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_STATUS_VOTE, "status vote fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES,
+                      "consensus signature fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_RENDDESC_V2,
+                      "hidden-service v2 descriptor fetch");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_UPLOAD_RENDDESC_V2,
+                      "hidden-service v2 descriptor upload");
+  EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_MICRODESC, "microdescriptor fetch");
+  EXPECT_CONN_PURPOSE(1024, "(unknown)");
+
+  done: ;
+}
+
+NS_DECL(int,
+public_server_mode, (const or_options_t *options));
+
+static int
+NS(public_server_mode)(const or_options_t *options)
+{
+  (void)options;
+
+  if (CALLED(public_server_mode)++ == 0) {
+    return 1;
+  }
+
+  return 0;
+}
+
+static void
+test_dir_should_use_directory_guards(void *data)
+{
+  or_options_t *options;
+  char *errmsg = NULL;
+  (void)data;
+
+  NS_MOCK(public_server_mode);
+
+  options = options_new();
+  options_init(options);
+
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 1);
+
+  options->UseEntryGuardsAsDirGuards = 1;
+  options->UseEntryGuards = 1;
+  options->DownloadExtraInfo = 0;
+  options->FetchDirInfoEarly = 0;
+  options->FetchDirInfoExtraEarly = 0;
+  options->FetchUselessDescriptors = 0;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 1);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 2);
+
+  options->UseEntryGuards = 0;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 3);
+  options->UseEntryGuards = 1;
+
+  options->UseEntryGuardsAsDirGuards = 0;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 4);
+  options->UseEntryGuardsAsDirGuards = 1;
+
+  options->DownloadExtraInfo = 1;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 5);
+  options->DownloadExtraInfo = 0;
+
+  options->FetchDirInfoEarly = 1;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 6);
+  options->FetchDirInfoEarly = 0;
+
+  options->FetchDirInfoExtraEarly = 1;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 7);
+  options->FetchDirInfoExtraEarly = 0;
+
+  options->FetchUselessDescriptors = 1;
+  tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
+  tt_int_op(CALLED(public_server_mode), OP_EQ, 8);
+  options->FetchUselessDescriptors = 0;
+
+  done:
+    NS_UNMOCK(public_server_mode);
+    or_options_free(options);
+    tor_free(errmsg);
+}
+
+NS_DECL(void,
+directory_initiate_command_routerstatus, (const routerstatus_t *status,
+                                          uint8_t dir_purpose,
+                                          uint8_t router_purpose,
+                                          dir_indirection_t indirection,
+                                          const char *resource,
+                                          const char *payload,
+                                          size_t payload_len,
+                                          time_t if_modified_since));
+
+static void
+test_dir_should_not_init_request_to_ourselves(void *data)
+{
+  char digest[DIGEST_LEN];
+  dir_server_t *ourself = NULL;
+  crypto_pk_t *key = pk_generate(2);
+  (void) data;
+
+  NS_MOCK(directory_initiate_command_routerstatus);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  set_server_identity_key(key);
+  crypto_pk_get_digest(key, (char*) &digest);
+  ourself = trusted_dir_server_new("ourself", "127.0.0.1", 9059, 9060,
+                                   NULL, digest,
+                                   NULL, V3_DIRINFO, 1.0);
+
+  tt_assert(ourself);
+  dir_server_add(ourself);
+
+  directory_get_from_all_authorities(DIR_PURPOSE_FETCH_STATUS_VOTE, 0, NULL);
+  tt_int_op(CALLED(directory_initiate_command_routerstatus), OP_EQ, 0);
+
+  directory_get_from_all_authorities(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES, 0,
+                                     NULL);
+
+  tt_int_op(CALLED(directory_initiate_command_routerstatus), OP_EQ, 0);
+
+  done:
+    NS_UNMOCK(directory_initiate_command_routerstatus);
+    clear_dir_servers();
+    routerlist_free_all();
+    crypto_pk_free(key);
+}
+
+static void
+test_dir_should_not_init_request_to_dir_auths_without_v3_info(void *data)
+{
+  dir_server_t *ds = NULL;
+  dirinfo_type_t dirinfo_type = BRIDGE_DIRINFO | EXTRAINFO_DIRINFO \
+                                | MICRODESC_DIRINFO;
+  (void) data;
+
+  NS_MOCK(directory_initiate_command_routerstatus);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  ds = trusted_dir_server_new("ds", "10.0.0.1", 9059, 9060, NULL,
+                              "12345678901234567890", NULL, dirinfo_type, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  directory_get_from_all_authorities(DIR_PURPOSE_FETCH_STATUS_VOTE, 0, NULL);
+  tt_int_op(CALLED(directory_initiate_command_routerstatus), OP_EQ, 0);
+
+  directory_get_from_all_authorities(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES, 0,
+                                     NULL);
+  tt_int_op(CALLED(directory_initiate_command_routerstatus), OP_EQ, 0);
+
+  done:
+    NS_UNMOCK(directory_initiate_command_routerstatus);
+    clear_dir_servers();
+    routerlist_free_all();
+}
+
+static void
+test_dir_should_init_request_to_dir_auths(void *data)
+{
+  dir_server_t *ds = NULL;
+  (void) data;
+
+  NS_MOCK(directory_initiate_command_routerstatus);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  ds = trusted_dir_server_new("ds", "10.0.0.1", 9059, 9060, NULL,
+                              "12345678901234567890", NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  directory_get_from_all_authorities(DIR_PURPOSE_FETCH_STATUS_VOTE, 0, NULL);
+  tt_int_op(CALLED(directory_initiate_command_routerstatus), OP_EQ, 1);
+
+  directory_get_from_all_authorities(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES, 0,
+                                     NULL);
+  tt_int_op(CALLED(directory_initiate_command_routerstatus), OP_EQ, 2);
+
+  done:
+    NS_UNMOCK(directory_initiate_command_routerstatus);
+    clear_dir_servers();
+    routerlist_free_all();
+}
+
+void
+NS(directory_initiate_command_routerstatus)(const routerstatus_t *status,
+                                            uint8_t dir_purpose,
+                                            uint8_t router_purpose,
+                                            dir_indirection_t indirection,
+                                            const char *resource,
+                                            const char *payload,
+                                            size_t payload_len,
+                                            time_t if_modified_since)
+{
+  (void)status;
+  (void)dir_purpose;
+  (void)router_purpose;
+  (void)indirection;
+  (void)resource;
+  (void)payload;
+  (void)payload_len;
+  (void)if_modified_since;
+  CALLED(directory_initiate_command_routerstatus)++;
+}
+
+static void
+test_dir_choose_compression_level(void* data)
+{
+  (void)data;
+
+  /* It starts under_memory_pressure */
+  tt_int_op(have_been_under_memory_pressure(), OP_EQ, 1);
+
+  tt_assert(HIGH_COMPRESSION == choose_compression_level(-1));
+  tt_assert(LOW_COMPRESSION == choose_compression_level(1024-1));
+  tt_assert(MEDIUM_COMPRESSION == choose_compression_level(2048-1));
+  tt_assert(HIGH_COMPRESSION == choose_compression_level(2048));
+
+  /* Reset under_memory_pressure timer */
+  cell_queues_check_size();
+  tt_int_op(have_been_under_memory_pressure(), OP_EQ, 0);
+
+  tt_assert(HIGH_COMPRESSION == choose_compression_level(-1));
+  tt_assert(HIGH_COMPRESSION == choose_compression_level(1024-1));
+  tt_assert(HIGH_COMPRESSION == choose_compression_level(2048-1));
+  tt_assert(HIGH_COMPRESSION == choose_compression_level(2048));
+
+  done: ;
+}
+
+static int mock_networkstatus_consensus_is_bootstrapping_value = 0;
+static int
+mock_networkstatus_consensus_is_bootstrapping(time_t now)
+{
+  (void)now;
+  return mock_networkstatus_consensus_is_bootstrapping_value;
+}
+
+static int mock_networkstatus_consensus_can_use_extra_fallbacks_value = 0;
+static int
+mock_networkstatus_consensus_can_use_extra_fallbacks(
+                                                  const or_options_t *options)
+{
+  (void)options;
+  return mock_networkstatus_consensus_can_use_extra_fallbacks_value;
+}
+
+/* data is a 2 character nul-terminated string.
+ * If data[0] is 'b', set bootstrapping, anything else means not bootstrapping
+ * If data[1] is 'f', set extra fallbacks, anything else means no extra
+ * fallbacks.
+ */
+static void
+test_dir_find_dl_schedule(void* data)
+{
+  const char *str = (const char *)data;
+
+  tt_assert(strlen(data) == 2);
+
+  if (str[0] == 'b') {
+    mock_networkstatus_consensus_is_bootstrapping_value = 1;
+  } else {
+    mock_networkstatus_consensus_is_bootstrapping_value = 0;
+  }
+
+  if (str[1] == 'f') {
+    mock_networkstatus_consensus_can_use_extra_fallbacks_value = 1;
+  } else {
+    mock_networkstatus_consensus_can_use_extra_fallbacks_value = 0;
+  }
+
+  MOCK(networkstatus_consensus_is_bootstrapping,
+       mock_networkstatus_consensus_is_bootstrapping);
+  MOCK(networkstatus_consensus_can_use_extra_fallbacks,
+       mock_networkstatus_consensus_can_use_extra_fallbacks);
+
+  download_status_t dls;
+  smartlist_t server, client, server_cons, client_cons;
+  smartlist_t client_boot_auth_only_cons, client_boot_auth_cons;
+  smartlist_t client_boot_fallback_cons, bridge;
+
+  mock_options = malloc(sizeof(or_options_t));
+  reset_options(mock_options, &mock_get_options_calls);
+  MOCK(get_options, mock_get_options);
+
+  mock_options->TestingServerDownloadSchedule = &server;
+  mock_options->TestingClientDownloadSchedule = &client;
+  mock_options->TestingServerConsensusDownloadSchedule = &server_cons;
+  mock_options->TestingClientConsensusDownloadSchedule = &client_cons;
+  mock_options->ClientBootstrapConsensusAuthorityOnlyDownloadSchedule =
+    &client_boot_auth_only_cons;
+  mock_options->ClientBootstrapConsensusAuthorityDownloadSchedule =
+    &client_boot_auth_cons;
+  mock_options->ClientBootstrapConsensusFallbackDownloadSchedule =
+    &client_boot_fallback_cons;
+  mock_options->TestingBridgeDownloadSchedule = &bridge;
+
+  dls.schedule = DL_SCHED_GENERIC;
+  /* client */
+  mock_options->ClientOnly = 1;
+  tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &client);
+  mock_options->ClientOnly = 0;
+
+  /* dir mode */
+  mock_options->DirPort_set = 1;
+  mock_options->DirCache = 1;
+  tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &server);
+  mock_options->DirPort_set = 0;
+  mock_options->DirCache = 0;
+
+  dls.schedule = DL_SCHED_CONSENSUS;
+  /* public server mode */
+  mock_options->ORPort_set = 1;
+  tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &server_cons);
+  mock_options->ORPort_set = 0;
+
+  /* client and bridge modes */
+  if (networkstatus_consensus_is_bootstrapping(time(NULL))) {
+    if (networkstatus_consensus_can_use_extra_fallbacks(mock_options)) {
+      dls.want_authority = 1;
+      /* client */
+      mock_options->ClientOnly = 1;
+      tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+                &client_boot_auth_cons);
+      mock_options->ClientOnly = 0;
+
+      /* bridge relay */
+      mock_options->ORPort_set = 1;
+      mock_options->BridgeRelay = 1;
+      tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+                &client_boot_auth_cons);
+      mock_options->ORPort_set = 0;
+      mock_options->BridgeRelay = 0;
+
+      dls.want_authority = 0;
+      /* client */
+      mock_options->ClientOnly = 1;
+      tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+                &client_boot_fallback_cons);
+      mock_options->ClientOnly = 0;
+
+      /* bridge relay */
+      mock_options->ORPort_set = 1;
+      mock_options->BridgeRelay = 1;
+      tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+                &client_boot_fallback_cons);
+      mock_options->ORPort_set = 0;
+      mock_options->BridgeRelay = 0;
+
+    } else {
+      /* dls.want_authority is ignored */
+      /* client */
+      mock_options->ClientOnly = 1;
+      tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+                &client_boot_auth_only_cons);
+      mock_options->ClientOnly = 0;
+
+      /* bridge relay */
+      mock_options->ORPort_set = 1;
+      mock_options->BridgeRelay = 1;
+      tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+                &client_boot_auth_only_cons);
+      mock_options->ORPort_set = 0;
+      mock_options->BridgeRelay = 0;
+    }
+  } else {
+    /* client */
+    mock_options->ClientOnly = 1;
+    tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+              &client_cons);
+    mock_options->ClientOnly = 0;
+
+    /* bridge relay */
+    mock_options->ORPort_set = 1;
+    mock_options->BridgeRelay = 1;
+    tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ,
+              &client_cons);
+    mock_options->ORPort_set = 0;
+    mock_options->BridgeRelay = 0;
+  }
+
+  dls.schedule = DL_SCHED_BRIDGE;
+  /* client */
+  mock_options->ClientOnly = 1;
+  tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge);
+
+ done:
+  UNMOCK(networkstatus_consensus_is_bootstrapping);
+  UNMOCK(networkstatus_consensus_can_use_extra_fallbacks);
+  UNMOCK(get_options);
+  free(mock_options);
+  mock_options = NULL;
+}
+
+#define DIR_LEGACY(name)                             \
+  { #name, test_dir_ ## name , TT_FORK, NULL, NULL }
 
 #define DIR(name,flags)                              \
   { #name, test_dir_##name, (flags), NULL, NULL }
 
+/* where arg is a string constant */
+#define DIR_ARG(name,flags,arg)                      \
+  { #name "_" arg, test_dir_##name, (flags), &passthrough_setup, (void*) arg }
+
 struct testcase_t dir_tests[] = {
   DIR_LEGACY(nicknames),
   DIR_LEGACY(formats),
+  DIR(routerinfo_parsing, 0),
+  DIR(extrainfo_parsing, 0),
+  DIR(parse_router_list, TT_FORK),
+  DIR(load_routers, TT_FORK),
+  DIR(load_extrainfo, TT_FORK),
   DIR_LEGACY(versions),
   DIR_LEGACY(fp_pairs),
   DIR(split_fps, 0),
@@ -2383,7 +4236,24 @@ struct testcase_t dir_tests[] = {
   DIR_LEGACY(clip_unmeasured_bw_kb),
   DIR_LEGACY(clip_unmeasured_bw_kb_alt),
   DIR(fmt_control_ns, 0),
+  DIR(dirserv_set_routerstatus_testing, 0),
   DIR(http_handling, 0),
+  DIR(purpose_needs_anonymity, 0),
+  DIR(fetch_type, 0),
+  DIR(packages, 0),
+  DIR(download_status_schedule, 0),
+  DIR(download_status_increment, 0),
+  DIR(authdir_type_to_string, 0),
+  DIR(conn_purpose_to_string, 0),
+  DIR(should_use_directory_guards, 0),
+  DIR(should_not_init_request_to_ourselves, TT_FORK),
+  DIR(should_not_init_request_to_dir_auths_without_v3_info, 0),
+  DIR(should_init_request_to_dir_auths, 0),
+  DIR(choose_compression_level, 0),
+  DIR_ARG(find_dl_schedule, TT_FORK, "bf"),
+  DIR_ARG(find_dl_schedule, TT_FORK, "ba"),
+  DIR_ARG(find_dl_schedule, TT_FORK, "cf"),
+  DIR_ARG(find_dl_schedule, TT_FORK, "ca"),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c
new file mode 100644
index 0000000000..0b446c2dfd
--- /dev/null
+++ b/src/test/test_dir_common.c
@@ -0,0 +1,425 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#define DIRVOTE_PRIVATE
+#include "crypto.h"
+#include "test.h"
+#include "container.h"
+#include "or.h"
+#include "dirvote.h"
+#include "nodelist.h"
+#include "routerlist.h"
+#include "test_dir_common.h"
+
+void dir_common_setup_vote(networkstatus_t **vote, time_t now);
+networkstatus_t * dir_common_add_rs_and_parse(networkstatus_t *vote,
+                            networkstatus_t **vote_out,
+               vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                            crypto_pk_t *sign_skey, int *n_vrs,
+                            time_t now, int clear_rl);
+
+extern const char AUTHORITY_CERT_1[];
+extern const char AUTHORITY_SIGNKEY_1[];
+extern const char AUTHORITY_CERT_2[];
+extern const char AUTHORITY_SIGNKEY_2[];
+extern const char AUTHORITY_CERT_3[];
+extern const char AUTHORITY_SIGNKEY_3[];
+
+/** Initialize and set auth certs and keys
+ * Returns 0 on success, -1 on failure. Clean up handled by caller.
+ */
+int
+dir_common_authority_pk_init(authority_cert_t **cert1,
+                             authority_cert_t **cert2,
+                             authority_cert_t **cert3,
+                             crypto_pk_t **sign_skey_1,
+                             crypto_pk_t **sign_skey_2,
+                             crypto_pk_t **sign_skey_3)
+{
+  /* Parse certificates and keys. */
+  authority_cert_t *cert;
+  cert = authority_cert_parse_from_string(AUTHORITY_CERT_1, NULL);
+  tt_assert(cert);
+  tt_assert(cert->identity_key);
+  *cert1 = cert;
+  tt_assert(*cert1);
+  *cert2 = authority_cert_parse_from_string(AUTHORITY_CERT_2, NULL);
+  tt_assert(*cert2);
+  *cert3 = authority_cert_parse_from_string(AUTHORITY_CERT_3, NULL);
+  tt_assert(*cert3);
+  *sign_skey_1 = crypto_pk_new();
+  *sign_skey_2 = crypto_pk_new();
+  *sign_skey_3 = crypto_pk_new();
+
+  tt_assert(!crypto_pk_read_private_key_from_string(*sign_skey_1,
+                                                   AUTHORITY_SIGNKEY_1, -1));
+  tt_assert(!crypto_pk_read_private_key_from_string(*sign_skey_2,
+                                                   AUTHORITY_SIGNKEY_2, -1));
+  tt_assert(!crypto_pk_read_private_key_from_string(*sign_skey_3,
+                                                   AUTHORITY_SIGNKEY_3, -1));
+
+  tt_assert(!crypto_pk_cmp_keys(*sign_skey_1, (*cert1)->signing_key));
+  tt_assert(!crypto_pk_cmp_keys(*sign_skey_2, (*cert2)->signing_key));
+
+  return 0;
+ done:
+  return -1;
+}
+
+/**
+ * Generate a routerstatus for v3_networkstatus test.
+ */
+vote_routerstatus_t *
+dir_common_gen_routerstatus_for_v3ns(int idx, time_t now)
+{
+  vote_routerstatus_t *vrs=NULL;
+  routerstatus_t *rs = NULL;
+  tor_addr_t addr_ipv6;
+  char *method_list = NULL;
+
+  switch (idx) {
+    case 0:
+      /* Generate the first routerstatus. */
+      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
+      rs = &vrs->status;
+      vrs->version = tor_strdup("0.1.2.14");
+      rs->published_on = now-1500;
+      strlcpy(rs->nickname, "router2", sizeof(rs->nickname));
+      memset(rs->identity_digest, TEST_DIR_ROUTER_ID_1, DIGEST_LEN);
+      memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_1, DIGEST_LEN);
+      rs->addr = 0x99008801;
+      rs->or_port = 443;
+      rs->dir_port = 8000;
+      /* all flags but running and v2dir cleared */
+      rs->is_flagged_running = 1;
+      rs->is_v2_dir = 1;
+      break;
+    case 1:
+      /* Generate the second routerstatus. */
+      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
+      rs = &vrs->status;
+      vrs->version = tor_strdup("0.2.0.5");
+      rs->published_on = now-1000;
+      strlcpy(rs->nickname, "router1", sizeof(rs->nickname));
+      memset(rs->identity_digest, TEST_DIR_ROUTER_ID_2, DIGEST_LEN);
+      memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_2, DIGEST_LEN);
+      rs->addr = 0x99009901;
+      rs->or_port = 443;
+      rs->dir_port = 0;
+      tor_addr_parse(&addr_ipv6, "[1:2:3::4]");
+      tor_addr_copy(&rs->ipv6_addr, &addr_ipv6);
+      rs->ipv6_orport = 4711;
+      rs->is_exit = rs->is_stable = rs->is_fast = rs->is_flagged_running =
+        rs->is_valid = rs->is_possible_guard = rs->is_v2_dir = 1;
+      break;
+    case 2:
+      /* Generate the third routerstatus. */
+      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
+      rs = &vrs->status;
+      vrs->version = tor_strdup("0.1.0.3");
+      rs->published_on = now-1000;
+      strlcpy(rs->nickname, "router3", sizeof(rs->nickname));
+      memset(rs->identity_digest, TEST_DIR_ROUTER_ID_3, DIGEST_LEN);
+      memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_3, DIGEST_LEN);
+      rs->addr = 0xAA009901;
+      rs->or_port = 400;
+      rs->dir_port = 9999;
+      rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast =
+        rs->is_flagged_running = rs->is_valid = rs->is_v2_dir =
+        rs->is_possible_guard = 1;
+      break;
+    case 3:
+      /* Generate a fourth routerstatus that is not running. */
+      vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
+      rs = &vrs->status;
+      vrs->version = tor_strdup("0.1.6.3");
+      rs->published_on = now-1000;
+      strlcpy(rs->nickname, "router4", sizeof(rs->nickname));
+      memset(rs->identity_digest, TEST_DIR_ROUTER_ID_4, DIGEST_LEN);
+      memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_4, DIGEST_LEN);
+      rs->addr = 0xC0000203;
+      rs->or_port = 500;
+      rs->dir_port = 1999;
+      rs->is_v2_dir = 1;
+      /* Running flag (and others) cleared */
+      break;
+    case 4:
+      /* No more for this test; return NULL */
+      vrs = NULL;
+      break;
+    default:
+      /* Shouldn't happen */
+      tt_assert(0);
+  }
+  if (vrs) {
+    vrs->microdesc = tor_malloc_zero(sizeof(vote_microdesc_hash_t));
+    method_list = make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD,
+                                             MAX_SUPPORTED_CONSENSUS_METHOD,
+                                             ",");
+    tor_asprintf(&vrs->microdesc->microdesc_hash_line,
+                 "m %s "
+                 "sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa%d\n",
+                 method_list, idx);
+  }
+
+ done:
+  tor_free(method_list);
+  return vrs;
+}
+
+/** Initialize networkstatus vote object attributes. */
+void
+dir_common_setup_vote(networkstatus_t **vote, time_t now)
+{
+  *vote = tor_malloc_zero(sizeof(networkstatus_t));
+  (*vote)->type = NS_TYPE_VOTE;
+  (*vote)->published = now;
+  (*vote)->supported_methods = smartlist_new();
+  (*vote)->known_flags = smartlist_new();
+  (*vote)->net_params = smartlist_new();
+  (*vote)->routerstatus_list = smartlist_new();
+  (*vote)->voters = smartlist_new();
+}
+
+/** Helper: Make a new routerinfo containing the right information for a
+ * given vote_routerstatus_t. */
+routerinfo_t *
+dir_common_generate_ri_from_rs(const vote_routerstatus_t *vrs)
+{
+  routerinfo_t *r;
+  const routerstatus_t *rs = &vrs->status;
+  static time_t published = 0;
+
+  r = tor_malloc_zero(sizeof(routerinfo_t));
+  r->cert_expiration_time = TIME_MAX;
+  memcpy(r->cache_info.identity_digest, rs->identity_digest, DIGEST_LEN);
+  memcpy(r->cache_info.signed_descriptor_digest, rs->descriptor_digest,
+         DIGEST_LEN);
+  r->cache_info.do_not_cache = 1;
+  r->cache_info.routerlist_index = -1;
+  r->cache_info.signed_descriptor_body =
+    tor_strdup("123456789012345678901234567890123");
+  r->cache_info.signed_descriptor_len =
+    strlen(r->cache_info.signed_descriptor_body);
+  r->exit_policy = smartlist_new();
+  r->cache_info.published_on = ++published + time(NULL);
+  if (rs->has_bandwidth) {
+    /*
+     * Multiply by 1000 because the routerinfo_t and the routerstatus_t
+     * seem to use different units (*sigh*) and because we seem stuck on
+     * icky and perverse decimal kilobytes (*double sigh*) - see
+     * router_get_advertised_bandwidth_capped() of routerlist.c and
+     * routerstatus_format_entry() of dirserv.c.
+     */
+    r->bandwidthrate = rs->bandwidth_kb * 1000;
+    r->bandwidthcapacity = rs->bandwidth_kb * 1000;
+  }
+  return r;
+}
+
+/** Create routerstatuses and signed vote.
+ * Create routerstatuses using *vrs_gen* and add them to global routerlist.
+ * Next, create signed vote using *sign_skey* and *vote*, which should have
+ * predefined header fields.
+ * Setting *clear_rl* clears the global routerlist before adding the new
+ * routers.
+ * Return the signed vote, same as *vote_out*. Save the number of routers added
+ * in *n_vrs*.
+ */
+networkstatus_t *
+dir_common_add_rs_and_parse(networkstatus_t *vote, networkstatus_t **vote_out,
+                       vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                       crypto_pk_t *sign_skey, int *n_vrs, time_t now,
+                       int clear_rl)
+{
+  vote_routerstatus_t *vrs;
+  char *v_text=NULL;
+  const char *msg=NULL;
+  int idx;
+  was_router_added_t router_added = -1;
+  *vote_out = NULL;
+
+  if (clear_rl) {
+    nodelist_free_all();
+    routerlist_free_all();
+  }
+
+  idx = 0;
+  do {
+    vrs = vrs_gen(idx, now);
+    if (vrs) {
+      smartlist_add(vote->routerstatus_list, vrs);
+      router_added =
+        router_add_to_routerlist(dir_common_generate_ri_from_rs(vrs),
+                                 &msg,0,0);
+      tt_assert(router_added >= 0);
+      ++idx;
+    }
+  } while (vrs);
+  *n_vrs = idx;
+
+  /* dump the vote and try to parse it. */
+  v_text = format_networkstatus_vote(sign_skey, vote);
+  tt_assert(v_text);
+  *vote_out = networkstatus_parse_vote_from_string(v_text, NULL, NS_TYPE_VOTE);
+
+ done:
+  if (v_text)
+    tor_free(v_text);
+
+  return *vote_out;
+}
+
+/** Create a fake *vote* where *cert* describes the signer, *sign_skey*
+ * is the signing key, and *vrs_gen* is the function we'll use to create the
+ * routers on which we're voting.
+ * We pass *vote_out*, *n_vrs*, and *clear_rl* directly to vrs_gen().
+ * Return 0 on success, return -1 on failure.
+ */
+int
+dir_common_construct_vote_1(networkstatus_t **vote, authority_cert_t *cert,
+                        crypto_pk_t *sign_skey,
+                        vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                        networkstatus_t **vote_out, int *n_vrs,
+                        time_t now, int clear_rl)
+{
+  networkstatus_voter_info_t *voter;
+
+  dir_common_setup_vote(vote, now);
+  (*vote)->valid_after = now+1000;
+  (*vote)->fresh_until = now+2000;
+  (*vote)->valid_until = now+3000;
+  (*vote)->vote_seconds = 100;
+  (*vote)->dist_seconds = 200;
+  smartlist_split_string((*vote)->supported_methods, "1 2 3", NULL, 0, -1);
+  (*vote)->client_versions = tor_strdup("0.1.2.14,0.1.2.15");
+  (*vote)->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16");
+  smartlist_split_string((*vote)->known_flags,
+                     "Authority Exit Fast Guard Running Stable V2Dir Valid",
+                     0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+  voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
+  voter->nickname = tor_strdup("Voter1");
+  voter->address = tor_strdup("1.2.3.4");
+  voter->addr = 0x01020304;
+  voter->dir_port = 80;
+  voter->or_port = 9000;
+  voter->contact = tor_strdup("voter@example.com");
+  crypto_pk_get_digest(cert->identity_key, voter->identity_digest);
+  /*
+   * Set up a vote; generate it; try to parse it.
+   */
+  smartlist_add((*vote)->voters, voter);
+  (*vote)->cert = authority_cert_dup(cert);
+  smartlist_split_string((*vote)->net_params, "circuitwindow=101 foo=990",
+                         NULL, 0, 0);
+  *n_vrs = 0;
+  /* add routerstatuses */
+  if (!dir_common_add_rs_and_parse(*vote, vote_out, vrs_gen, sign_skey,
+                                  n_vrs, now, clear_rl))
+    return -1;
+
+  return 0;
+}
+
+/** See dir_common_construct_vote_1.
+ * Produces a vote with slightly different values.
+ */
+int
+dir_common_construct_vote_2(networkstatus_t **vote, authority_cert_t *cert,
+                        crypto_pk_t *sign_skey,
+                        vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                        networkstatus_t **vote_out, int *n_vrs,
+                        time_t now, int clear_rl)
+{
+  networkstatus_voter_info_t *voter;
+
+  dir_common_setup_vote(vote, now);
+  (*vote)->type = NS_TYPE_VOTE;
+  (*vote)->published += 1;
+  (*vote)->valid_after = now+1000;
+  (*vote)->fresh_until = now+3005;
+  (*vote)->valid_until = now+3000;
+  (*vote)->vote_seconds = 100;
+  (*vote)->dist_seconds = 300;
+  smartlist_split_string((*vote)->supported_methods, "1 2 3", NULL, 0, -1);
+  smartlist_split_string((*vote)->known_flags,
+                         "Authority Exit Fast Guard MadeOfCheese MadeOfTin "
+                         "Running Stable V2Dir Valid", 0,
+                         SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+  voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
+  voter->nickname = tor_strdup("Voter2");
+  voter->address = tor_strdup("2.3.4.5");
+  voter->addr = 0x02030405;
+  voter->dir_port = 80;
+  voter->or_port = 9000;
+  voter->contact = tor_strdup("voter@example.com");
+  crypto_pk_get_digest(cert->identity_key, voter->identity_digest);
+  /*
+   * Set up a vote; generate it; try to parse it.
+   */
+  smartlist_add((*vote)->voters, voter);
+  (*vote)->cert = authority_cert_dup(cert);
+  if (! (*vote)->net_params)
+    (*vote)->net_params = smartlist_new();
+  smartlist_split_string((*vote)->net_params,
+                         "bar=2000000000 circuitwindow=20",
+                         NULL, 0, 0);
+  /* add routerstatuses */
+  /* dump the vote and try to parse it. */
+  dir_common_add_rs_and_parse(*vote, vote_out, vrs_gen, sign_skey,
+                              n_vrs, now, clear_rl);
+
+  return 0;
+}
+
+/** See dir_common_construct_vote_1.
+ * Produces a vote with slightly different values. Adds a legacy key.
+ */
+int
+dir_common_construct_vote_3(networkstatus_t **vote, authority_cert_t *cert,
+                        crypto_pk_t *sign_skey,
+                        vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                        networkstatus_t **vote_out, int *n_vrs,
+                        time_t now, int clear_rl)
+{
+  networkstatus_voter_info_t *voter;
+
+  dir_common_setup_vote(vote, now);
+  (*vote)->valid_after = now+1000;
+  (*vote)->fresh_until = now+2003;
+  (*vote)->valid_until = now+3000;
+  (*vote)->vote_seconds = 100;
+  (*vote)->dist_seconds = 250;
+  smartlist_split_string((*vote)->supported_methods, "1 2 3 4", NULL, 0, -1);
+  (*vote)->client_versions = tor_strdup("0.1.2.14,0.1.2.17");
+  (*vote)->server_versions = tor_strdup("0.1.2.10,0.1.2.15,0.1.2.16");
+  smartlist_split_string((*vote)->known_flags,
+                     "Authority Exit Fast Guard Running Stable V2Dir Valid",
+                     0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+  voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
+  voter->nickname = tor_strdup("Voter2");
+  voter->address = tor_strdup("3.4.5.6");
+  voter->addr = 0x03040506;
+  voter->dir_port = 80;
+  voter->or_port = 9000;
+  voter->contact = tor_strdup("voter@example.com");
+  crypto_pk_get_digest(cert->identity_key, voter->identity_digest);
+  memset(voter->legacy_id_digest, (int)'A', DIGEST_LEN);
+  /*
+   * Set up a vote; generate it; try to parse it.
+   */
+  smartlist_add((*vote)->voters, voter);
+  (*vote)->cert = authority_cert_dup(cert);
+  smartlist_split_string((*vote)->net_params, "circuitwindow=80 foo=660",
+                         NULL, 0, 0);
+  /* add routerstatuses */
+  /* dump the vote and try to parse it. */
+  dir_common_add_rs_and_parse(*vote, vote_out, vrs_gen, sign_skey,
+                              n_vrs, now, clear_rl);
+
+  return 0;
+}
+
diff --git a/src/test/test_dir_common.h b/src/test/test_dir_common.h
new file mode 100644
index 0000000000..9682b0db49
--- /dev/null
+++ b/src/test/test_dir_common.h
@@ -0,0 +1,52 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+#include "networkstatus.h"
+#include "routerparse.h"
+
+#define TEST_DIR_ROUTER_ID_1 3
+#define TEST_DIR_ROUTER_ID_2 5
+#define TEST_DIR_ROUTER_ID_3 33
+#define TEST_DIR_ROUTER_ID_4 34
+
+#define TEST_DIR_ROUTER_DD_1 78
+#define TEST_DIR_ROUTER_DD_2 77
+#define TEST_DIR_ROUTER_DD_3 79
+#define TEST_DIR_ROUTER_DD_4 44
+
+int dir_common_authority_pk_init(authority_cert_t **cert1,
+                       authority_cert_t **cert2,
+                       authority_cert_t **cert3,
+                       crypto_pk_t **sign_skey_1,
+                       crypto_pk_t **sign_skey_2,
+                       crypto_pk_t **sign_skey_3);
+
+routerinfo_t * dir_common_generate_ri_from_rs(const vote_routerstatus_t *vrs);
+
+vote_routerstatus_t * dir_common_gen_routerstatus_for_v3ns(int idx,
+                                                           time_t now);
+
+int dir_common_construct_vote_1(networkstatus_t **vote,
+                        authority_cert_t *cert1,
+                        crypto_pk_t *sign_skey,
+                        vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                        networkstatus_t **vote_out, int *n_vrs, time_t now,
+                        int clear_rl);
+
+int dir_common_construct_vote_2(networkstatus_t **vote,
+                        authority_cert_t *cert2,
+                        crypto_pk_t *sign_skey,
+                        vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                        networkstatus_t **vote_out, int *n_vrs, time_t now,
+                        int clear_rl);
+
+int dir_common_construct_vote_3(networkstatus_t **vote,
+                        authority_cert_t *cert3,
+                        crypto_pk_t *sign_skey,
+                        vote_routerstatus_t * (*vrs_gen)(int idx, time_t now),
+                        networkstatus_t **vote_out, int *n_vrs, time_t now,
+                        int clear_rl);
+
diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c
new file mode 100644
index 0000000000..05657ca452
--- /dev/null
+++ b/src/test/test_dir_handle_get.c
@@ -0,0 +1,2538 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define RENDCOMMON_PRIVATE
+#define GEOIP_PRIVATE
+#define CONNECTION_PRIVATE
+#define CONFIG_PRIVATE
+#define RENDCACHE_PRIVATE
+
+#include "or.h"
+#include "config.h"
+#include "connection.h"
+#include "directory.h"
+#include "test.h"
+#include "connection.h"
+#include "rendcommon.h"
+#include "rendcache.h"
+#include "router.h"
+#include "routerlist.h"
+#include "rend_test_helpers.h"
+#include "microdesc.h"
+#include "test_helpers.h"
+#include "nodelist.h"
+#include "entrynodes.h"
+#include "routerparse.h"
+#include "networkstatus.h"
+#include "geoip.h"
+#include "dirserv.h"
+#include "torgzip.h"
+#include "dirvote.h"
+
+#ifdef _WIN32
+/* For mkdir() */
+#include <direct.h>
+#else
+#include <dirent.h>
+#endif
+
+#include "vote_descriptors.inc"
+
+#define NS_MODULE dir_handle_get
+
+static void
+connection_write_to_buf_mock(const char *string, size_t len,
+                             connection_t *conn, int zlib)
+{
+  (void) zlib;
+
+  tor_assert(string);
+  tor_assert(conn);
+
+  write_to_buf(string, len, conn->outbuf);
+}
+
+#define GET(path) "GET " path " HTTP/1.0\r\n\r\n"
+#define NOT_FOUND "HTTP/1.0 404 Not found\r\n\r\n"
+#define BAD_REQUEST "HTTP/1.0 400 Bad request\r\n\r\n"
+#define SERVER_BUSY "HTTP/1.0 503 Directory busy, try again later\r\n\r\n"
+#define NOT_ENOUGH_CONSENSUS_SIGNATURES "HTTP/1.0 404 " \
+  "Consensus not signed by sufficient number of requested authorities\r\n\r\n"
+
+static tor_addr_t MOCK_TOR_ADDR;
+
+static void
+test_dir_handle_get_bad_request(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(directory_handle_command_get(conn, "", NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(header, OP_EQ, BAD_REQUEST);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_v1_command_not_found(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  // no frontpage configured
+  tt_ptr_op(get_dirportfrontpage(), OP_EQ, NULL);
+
+  /* V1 path */
+  tt_int_op(directory_handle_command_get(conn, GET("/tor/"), NULL, 0),
+            OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static const char*
+mock_get_dirportfrontpage(void)
+{
+  return "HELLO FROM FRONTPAGE";
+}
+
+static void
+test_dir_handle_get_v1_command(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0, body_len = 0;
+  const char *exp_body = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+  MOCK(get_dirportfrontpage, mock_get_dirportfrontpage);
+
+  exp_body = get_dirportfrontpage();
+  body_len = strlen(exp_body);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(directory_handle_command_get(conn, GET("/tor/"), NULL, 0),
+            OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, body_len+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/html\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 20\r\n"));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_str_op(body, OP_EQ, exp_body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    UNMOCK(get_dirportfrontpage);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+}
+
+static void
+test_dir_handle_get_not_found(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  /* Unrecognized path */
+  tt_int_op(directory_handle_command_get(conn, GET("/anything"), NULL, 0),
+            OP_EQ, 0);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_robots_txt(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  tt_int_op(directory_handle_command_get(conn, GET("/tor/robots.txt"),
+                                         NULL, 0), OP_EQ, 0);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, 29, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 28\r\n"));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_str_op(body, OP_EQ, "User-agent: *\r\nDisallow: /\r\n");
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+}
+
+static void
+test_dir_handle_get_bytes_txt(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0, body_len = 0;
+  char buff[30];
+  char *exp_body = NULL;
+  (void) data;
+
+  exp_body = directory_dump_request_log();
+  body_len = strlen(exp_body);
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  tt_int_op(directory_handle_command_get(conn, GET("/tor/bytes.txt"), NULL, 0),
+            OP_EQ, 0);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, body_len+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Pragma: no-cache\r\n"));
+
+  tor_snprintf(buff, sizeof(buff), "Content-Length: %ld\r\n", (long) body_len);
+  tt_assert(strstr(header, buff));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_str_op(body, OP_EQ, exp_body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    tor_free(exp_body);
+}
+
+#define RENDEZVOUS2_GET(descid) GET("/tor/rendezvous2/" descid)
+static void
+test_dir_handle_get_rendezvous2_not_found_if_not_encrypted(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  // connection is not encrypted
+  tt_assert(!connection_dir_is_encrypted(conn))
+
+  tt_int_op(directory_handle_command_get(conn, RENDEZVOUS2_GET(), NULL, 0),
+            OP_EQ, 0);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id(
+  void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  // connection is encrypted
+  TO_CONN(conn)->linked = 1;
+  tt_assert(connection_dir_is_encrypted(conn));
+
+  tt_int_op(directory_handle_command_get(conn,
+            RENDEZVOUS2_GET("invalid-desc-id"), NULL, 0), OP_EQ, 0);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(header, OP_EQ, BAD_REQUEST);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_rendezvous2_on_encrypted_conn_not_well_formed(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  // connection is encrypted
+  TO_CONN(conn)->linked = 1;
+  tt_assert(connection_dir_is_encrypted(conn));
+
+  //TODO: this cant be reached because rend_valid_descriptor_id() prevents this
+  //case to happen. This test is the same as
+  //test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id
+  //We should refactor to remove the case from the switch.
+
+  const char *req = RENDEZVOUS2_GET("1bababababababababababababababab");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(header, OP_EQ, BAD_REQUEST);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_rendezvous2_not_found(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  rend_cache_init();
+
+  // connection is encrypted
+  TO_CONN(conn)->linked = 1;
+  tt_assert(connection_dir_is_encrypted(conn));
+
+  const char *req = RENDEZVOUS2_GET("3xqunszqnaolrrfmtzgaki7mxelgvkje");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    rend_cache_free_all();
+}
+
+NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
+
+static routerinfo_t *mock_routerinfo;
+
+static const routerinfo_t *
+NS(router_get_my_routerinfo)(void)
+{
+  if (!mock_routerinfo) {
+    mock_routerinfo = tor_malloc_zero(sizeof(routerinfo_t));
+  }
+
+  return mock_routerinfo;
+}
+
+static void
+test_dir_handle_get_rendezvous2_on_encrypted_conn_success(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  char buff[30];
+  char req[70];
+  rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
+  char *service_id = NULL;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  size_t body_len = 0;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+  NS_MOCK(router_get_my_routerinfo);
+
+  rend_cache_init();
+
+  /* create a valid rend service descriptor */
+  #define RECENT_TIME -10
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+
+  tt_int_op(rend_cache_store_v2_desc_as_dir(desc_holder->desc_str),
+            OP_EQ, 0);
+
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  // connection is encrypted
+  TO_CONN(conn)->linked = 1;
+  tt_assert(connection_dir_is_encrypted(conn));
+
+  sprintf(req, RENDEZVOUS2_GET("%s"), desc_id_base32);
+
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  body_len = strlen(desc_holder->desc_str);
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, body_len+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Pragma: no-cache\r\n"));
+  sprintf(buff, "Content-Length: %ld\r\n", (long) body_len);
+  tt_assert(strstr(header, buff));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_str_op(body, OP_EQ, desc_holder->desc_str);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    NS_UNMOCK(router_get_my_routerinfo);
+
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    rend_encoded_v2_service_descriptor_free(desc_holder);
+    tor_free(service_id);
+    rend_cache_free_all();
+}
+
+#define MICRODESC_GET(digest) GET("/tor/micro/d/" digest)
+static void
+test_dir_handle_get_micro_d_not_found(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  #define B64_256_1 "8/Pz8/u7vz8/Pz+7vz8/Pz+7u/Pz8/P7u/Pz8/P7u78"
+  #define B64_256_2 "zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMw"
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = MICRODESC_GET(B64_256_1 "-" B64_256_2);
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static or_options_t *mock_options = NULL;
+static void
+init_mock_options(void)
+{
+  mock_options = malloc(sizeof(or_options_t));
+  memset(mock_options, 0, sizeof(or_options_t));
+  mock_options->TestingTorNetwork = 1;
+}
+
+static const or_options_t *
+mock_get_options(void)
+{
+  tor_assert(mock_options);
+  return mock_options;
+}
+
+static const char microdesc[] =
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMjlHH/daN43cSVRaHBwgUfnszzAhg98EvivJ9Qxfv51mvQUxPjQ07es\n"
+  "gV/3n8fyh3Kqr/ehi9jxkdgSRfSnmF7giaHL1SLZ29kA7KtST+pBvmTpDtHa3ykX\n"
+  "Xorc7hJvIyTZoc1HU+5XSynj3gsBE5IGK1ZRzrNS688LnuZMVp1tAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n";
+
+static void
+test_dir_handle_get_micro_d(void *data)
+{
+  dir_connection_t *conn = NULL;
+  microdesc_cache_t *mc = NULL ;
+  smartlist_t *list = NULL;
+  char digest[DIGEST256_LEN];
+  char digest_base64[128];
+  char path[80];
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* SETUP */
+  init_mock_options();
+  const char *fn = get_fname("dir_handle_datadir_test1");
+  mock_options->DataDirectory = tor_strdup(fn);
+
+#ifdef _WIN32
+  tt_int_op(0, OP_EQ, mkdir(mock_options->DataDirectory));
+#else
+  tt_int_op(0, OP_EQ, mkdir(mock_options->DataDirectory, 0700));
+#endif
+
+  /* Add microdesc to cache */
+  crypto_digest256(digest, microdesc, strlen(microdesc), DIGEST_SHA256);
+  base64_encode_nopad(digest_base64, sizeof(digest_base64),
+                      (uint8_t *) digest, DIGEST256_LEN);
+
+  mc = get_microdesc_cache();
+  list = microdescs_add_to_cache(mc, microdesc, NULL, SAVED_NOWHERE, 0,
+                                  time(NULL), NULL);
+  tt_int_op(1, OP_EQ, smartlist_len(list));
+
+  /* Make the request */
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  sprintf(path, MICRODESC_GET("%s"), digest_base64);
+  tt_int_op(directory_handle_command_get(conn, path, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(microdesc)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_str_op(body, OP_EQ, microdesc);
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+
+    or_options_free(mock_options); mock_options = NULL;
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    smartlist_free(list);
+    microdesc_free_all();
+}
+
+static void
+test_dir_handle_get_micro_d_server_busy(void *data)
+{
+  dir_connection_t *conn = NULL;
+  microdesc_cache_t *mc = NULL ;
+  smartlist_t *list = NULL;
+  char digest[DIGEST256_LEN];
+  char digest_base64[128];
+  char path[80];
+  char *header = NULL;
+  (void) data;
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* SETUP */
+  init_mock_options();
+  const char *fn = get_fname("dir_handle_datadir_test2");
+  mock_options->DataDirectory = tor_strdup(fn);
+
+#ifdef _WIN32
+  tt_int_op(0, OP_EQ, mkdir(mock_options->DataDirectory));
+#else
+  tt_int_op(0, OP_EQ, mkdir(mock_options->DataDirectory, 0700));
+#endif
+
+  /* Add microdesc to cache */
+  crypto_digest256(digest, microdesc, strlen(microdesc), DIGEST_SHA256);
+  base64_encode_nopad(digest_base64, sizeof(digest_base64),
+                      (uint8_t *) digest, DIGEST256_LEN);
+
+  mc = get_microdesc_cache();
+  list = microdescs_add_to_cache(mc, microdesc, NULL, SAVED_NOWHERE, 0,
+                                  time(NULL), NULL);
+  tt_int_op(1, OP_EQ, smartlist_len(list));
+
+  //Make it busy
+  mock_options->CountPrivateBandwidth = 1;
+
+  /* Make the request */
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  sprintf(path, MICRODESC_GET("%s"), digest_base64);
+  tt_int_op(directory_handle_command_get(conn, path, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(SERVER_BUSY, OP_EQ, header);
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+
+    or_options_free(mock_options); mock_options = NULL;
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    smartlist_free(list);
+    microdesc_free_all();
+}
+
+#define BRIDGES_PATH "/tor/networkstatus-bridges"
+static void
+test_dir_handle_get_networkstatus_bridges_not_found_without_auth(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* SETUP */
+  init_mock_options();
+  mock_options->BridgeAuthoritativeDir = 1;
+  mock_options->BridgePassword_AuthDigest_ = tor_strdup("digest");
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  TO_CONN(conn)->linked = 1;
+
+  const char *req = GET(BRIDGES_PATH);
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+    or_options_free(mock_options); mock_options = NULL;
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_networkstatus_bridges(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* SETUP */
+  init_mock_options();
+  mock_options->BridgeAuthoritativeDir = 1;
+  mock_options->BridgePassword_AuthDigest_ = tor_malloc(DIGEST256_LEN);
+  crypto_digest256(mock_options->BridgePassword_AuthDigest_,
+                     "abcdefghijklm12345", 18, DIGEST_SHA256);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  TO_CONN(conn)->linked = 1;
+
+  const char *req = "GET " BRIDGES_PATH " HTTP/1.0\r\n"
+                    "Authorization: Basic abcdefghijklm12345\r\n\r\n";
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 0\r\n"));
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+    or_options_free(mock_options); mock_options = NULL;
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_networkstatus_bridges_not_found_wrong_auth(void *data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* SETUP */
+  init_mock_options();
+  mock_options->BridgeAuthoritativeDir = 1;
+  mock_options->BridgePassword_AuthDigest_ = tor_malloc(DIGEST256_LEN);
+  crypto_digest256(mock_options->BridgePassword_AuthDigest_,
+                     "abcdefghijklm12345", 18, DIGEST_SHA256);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  TO_CONN(conn)->linked = 1;
+
+  const char *req = "GET " BRIDGES_PATH " HTTP/1.0\r\n"
+                           "Authorization: Basic NOTSAMEDIGEST\r\n\r\n";
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+    or_options_free(mock_options); mock_options = NULL;
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+#define SERVER_DESC_GET(id) GET("/tor/server/" id)
+static void
+test_dir_handle_get_server_descriptors_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = SERVER_DESC_GET("invalid");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+  tt_int_op(conn->dir_spool_src, OP_EQ, DIR_SPOOL_SERVER_BY_FP);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    or_options_free(mock_options); mock_options = NULL;
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_server_descriptors_all(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  /* Setup fake routerlist. */
+  helper_setup_fake_routerlist();
+
+  //TODO: change to router_get_my_extrainfo when testing "extra" path
+  NS_MOCK(router_get_my_routerinfo);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  // We are one of the routers
+  routerlist_t *our_routerlist = router_get_routerlist();
+  tt_int_op(smartlist_len(our_routerlist->routers), OP_GE, 1);
+  mock_routerinfo = smartlist_get(our_routerlist->routers, 0);
+  set_server_identity_key(mock_routerinfo->identity_pkey);
+
+  /* Treat "all" requests as if they were unencrypted */
+  mock_routerinfo->cache_info.send_unencrypted = 1;
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = SERVER_DESC_GET("all");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  //TODO: Is this a BUG?
+  //It requires strlen(signed_descriptor_len)+1 as body_len but returns a body
+  //which is smaller than that by annotation_len bytes
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used,
+                      mock_routerinfo->cache_info.signed_descriptor_len+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+
+  //TODO: Is this a BUG?
+  //This is what should be expected: tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_int_op(body_used, OP_EQ,
+            mock_routerinfo->cache_info.signed_descriptor_len);
+
+  tt_str_op(body, OP_EQ, mock_routerinfo->cache_info.signed_descriptor_body +
+                         mock_routerinfo->cache_info.annotations_len);
+  tt_int_op(conn->dir_spool_src, OP_EQ, DIR_SPOOL_NONE);
+
+  done:
+    NS_UNMOCK(router_get_my_routerinfo);
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+
+    routerlist_free_all();
+    nodelist_free_all();
+    entry_guards_free_all();
+}
+
+static char
+TEST_DESCRIPTOR[] =
+"@uploaded-at 2014-06-08 19:20:11\n"
+"@source \"127.0.0.1\"\n"
+"router test000a 127.0.0.1 5000 0 7000\n"
+"platform Tor 0.2.5.3-alpha-dev on Linux\n"
+"protocols Link 1 2 Circuit 1\n"
+"published 2014-06-08 19:20:11\n"
+"fingerprint C7E7 CCB8 179F 8CC3 7F5C 8A04 2B3A 180B 934B 14BA\n"
+"uptime 0\n"
+"bandwidth 1073741824 1073741824 0\n"
+"extra-info-digest 67A152A4C7686FB07664F872620635F194D76D95\n"
+"caches-extra-info\n"
+"onion-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAOuBUIEBARMkkka/TGyaQNgUEDLP0KG7sy6KNQTNOlZHUresPr/vlVjo\n"
+"HPpLMfu9M2z18c51YX/muWwY9x4MyQooD56wI4+AqXQcJRwQfQlPn3Ay82uZViA9\n"
+"DpBajRieLlKKkl145KjArpD7F5BVsqccvjErgFYXvhhjSrx7BVLnAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBAN6NLnSxWQnFXxqZi5D3b0BMgV6y9NJLGjYQVP+eWtPZWgqyv4zeYsqv\n"
+"O9y6c5lvxyUxmNHfoAbe/s8f2Vf3/YaC17asAVSln4ktrr3e9iY74a9RMWHv1Gzk\n"
+"3042nMcqj3PEhRN0PoLkcOZNjjmNbaqki6qy9bWWZDNTdo+uI44dAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"hidden-service-dir\n"
+"contact auth0@test.test\n"
+"ntor-onion-key pK4bs08ERYN591jj7ca17Rn9Q02TIEfhnjR6hSq+fhU=\n"
+"reject *:*\n"
+"router-signature\n"
+"-----BEGIN SIGNATURE-----\n"
+"rx88DuM3Y7tODlHNDDEVzKpwh3csaG1or+T4l2Xs1oq3iHHyPEtB6QTLYrC60trG\n"
+"aAPsj3DEowGfjga1b248g2dtic8Ab+0exfjMm1RHXfDam5TXXZU3A0wMyoHjqHuf\n"
+"eChGPgFNUvEc+5YtD27qEDcUjcinYztTs7/dzxBT4PE=\n"
+"-----END SIGNATURE-----\n";
+
+static void
+test_dir_handle_get_server_descriptors_authority(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  crypto_pk_t *identity_pkey = pk_generate(0);
+  (void) data;
+
+  NS_MOCK(router_get_my_routerinfo);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* init mock */
+  router_get_my_routerinfo();
+  crypto_pk_get_digest(identity_pkey,
+                       mock_routerinfo->cache_info.identity_digest);
+
+  // the digest is mine (the channel is unnecrypted, so we must allow sending)
+  set_server_identity_key(identity_pkey);
+  mock_routerinfo->cache_info.send_unencrypted = 1;
+
+  /* Setup descriptor */
+  long annotation_len = strstr(TEST_DESCRIPTOR, "router ") - TEST_DESCRIPTOR;
+  mock_routerinfo->cache_info.signed_descriptor_body =
+    tor_strdup(TEST_DESCRIPTOR);
+  mock_routerinfo->cache_info.signed_descriptor_len =
+    strlen(TEST_DESCRIPTOR) - annotation_len;;
+  mock_routerinfo->cache_info.annotations_len = annotation_len;
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = SERVER_DESC_GET("authority");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  //TODO: Is this a BUG?
+  //It requires strlen(TEST_DESCRIPTOR)+1 as body_len but returns a body which
+  //is smaller than that by annotation_len bytes
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_DESCRIPTOR)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+
+  tt_str_op(body, OP_EQ, TEST_DESCRIPTOR + annotation_len);
+  tt_int_op(conn->dir_spool_src, OP_EQ, DIR_SPOOL_NONE);
+
+  done:
+    NS_UNMOCK(router_get_my_routerinfo);
+    UNMOCK(connection_write_to_buf_impl_);
+    tor_free(mock_routerinfo->cache_info.signed_descriptor_body);
+    tor_free(mock_routerinfo);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    crypto_pk_free(identity_pkey);
+}
+
+static void
+test_dir_handle_get_server_descriptors_fp(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  crypto_pk_t *identity_pkey = pk_generate(0);
+  (void) data;
+
+  NS_MOCK(router_get_my_routerinfo);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* init mock */
+  router_get_my_routerinfo();
+  crypto_pk_get_digest(identity_pkey,
+                       mock_routerinfo->cache_info.identity_digest);
+
+  // the digest is mine (the channel is unnecrypted, so we must allow sending)
+  set_server_identity_key(identity_pkey);
+  mock_routerinfo->cache_info.send_unencrypted = 1;
+
+  /* Setup descriptor */
+  long annotation_len = strstr(TEST_DESCRIPTOR, "router ") - TEST_DESCRIPTOR;
+  mock_routerinfo->cache_info.signed_descriptor_body =
+    tor_strdup(TEST_DESCRIPTOR);
+  mock_routerinfo->cache_info.signed_descriptor_len =
+    strlen(TEST_DESCRIPTOR) - annotation_len;
+  mock_routerinfo->cache_info.annotations_len = annotation_len;
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  #define HEX1 "Fe0daff89127389bc67558691231234551193EEE"
+  #define HEX2 "Deadbeef99999991111119999911111111f00ba4"
+  const char *hex_digest = hex_str(mock_routerinfo->cache_info.identity_digest,
+                                   DIGEST_LEN);
+
+  char req[155];
+  sprintf(req, SERVER_DESC_GET("fp/%s+" HEX1 "+" HEX2), hex_digest);
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  //TODO: Is this a BUG?
+  //It requires strlen(TEST_DESCRIPTOR)+1 as body_len but returns a body which
+  //is smaller than that by annotation_len bytes
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_DESCRIPTOR)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+
+  tt_int_op(body_used, OP_EQ, strlen(body));
+
+  tt_str_op(body, OP_EQ, TEST_DESCRIPTOR + annotation_len);
+  tt_int_op(conn->dir_spool_src, OP_EQ, DIR_SPOOL_NONE);
+
+  done:
+    NS_UNMOCK(router_get_my_routerinfo);
+    UNMOCK(connection_write_to_buf_impl_);
+    tor_free(mock_routerinfo->cache_info.signed_descriptor_body);
+    tor_free(mock_routerinfo);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    crypto_pk_free(identity_pkey);
+}
+
+#define HEX1 "Fe0daff89127389bc67558691231234551193EEE"
+#define HEX2 "Deadbeef99999991111119999911111111f00ba4"
+
+static void
+test_dir_handle_get_server_descriptors_d(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  crypto_pk_t *identity_pkey = pk_generate(0);
+  (void) data;
+
+  /* Setup fake routerlist. */
+  helper_setup_fake_routerlist();
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* Get one router's signed_descriptor_digest */
+  routerlist_t *our_routerlist = router_get_routerlist();
+  tt_int_op(smartlist_len(our_routerlist->routers), OP_GE, 1);
+  routerinfo_t *router = smartlist_get(our_routerlist->routers, 0);
+  const char *hex_digest = hex_str(router->cache_info.signed_descriptor_digest,
+                                   DIGEST_LEN);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  char req_header[155];
+  sprintf(req_header, SERVER_DESC_GET("d/%s+" HEX1 "+" HEX2), hex_digest);
+  tt_int_op(directory_handle_command_get(conn, req_header, NULL, 0), OP_EQ, 0);
+
+  //TODO: Is this a BUG?
+  //It requires strlen(signed_descriptor_len)+1 as body_len but returns a body
+  //which is smaller than that by annotation_len bytes
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used,
+                      router->cache_info.signed_descriptor_len+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+
+  //TODO: Is this a BUG?
+  //This is what should be expected:
+  //tt_int_op(body_used, OP_EQ, strlen(body));
+  tt_int_op(body_used, OP_EQ, router->cache_info.signed_descriptor_len);
+
+  tt_str_op(body, OP_EQ, router->cache_info.signed_descriptor_body +
+                         router->cache_info.annotations_len);
+  tt_int_op(conn->dir_spool_src, OP_EQ, DIR_SPOOL_NONE);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    tor_free(mock_routerinfo);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    crypto_pk_free(identity_pkey);
+
+    routerlist_free_all();
+    nodelist_free_all();
+    entry_guards_free_all();
+}
+
+static void
+test_dir_handle_get_server_descriptors_busy(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  crypto_pk_t *identity_pkey = pk_generate(0);
+  (void) data;
+
+  /* Setup fake routerlist. */
+  helper_setup_fake_routerlist();
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  //Make it busy
+  MOCK(get_options, mock_get_options);
+  init_mock_options();
+  mock_options->CountPrivateBandwidth = 1;
+
+  /* Get one router's signed_descriptor_digest */
+  routerlist_t *our_routerlist = router_get_routerlist();
+  tt_int_op(smartlist_len(our_routerlist->routers), OP_GE, 1);
+  routerinfo_t *router = smartlist_get(our_routerlist->routers, 0);
+  const char *hex_digest = hex_str(router->cache_info.signed_descriptor_digest,
+                                   DIGEST_LEN);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  #define HEX1 "Fe0daff89127389bc67558691231234551193EEE"
+  #define HEX2 "Deadbeef99999991111119999911111111f00ba4"
+  char req_header[155];
+  sprintf(req_header, SERVER_DESC_GET("d/%s+" HEX1 "+" HEX2), hex_digest);
+  tt_int_op(directory_handle_command_get(conn, req_header, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(SERVER_BUSY, OP_EQ, header);
+
+  tt_int_op(conn->dir_spool_src, OP_EQ, DIR_SPOOL_NONE);
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+    tor_free(mock_routerinfo);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    crypto_pk_free(identity_pkey);
+
+    routerlist_free_all();
+    nodelist_free_all();
+    entry_guards_free_all();
+}
+
+static void
+test_dir_handle_get_server_keys_bad_req(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(BAD_REQUEST, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_server_keys_all_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/all");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+#define TEST_CERTIFICATE AUTHORITY_CERT_3
+#define TEST_SIGNING_KEY AUTHORITY_SIGNKEY_A_DIGEST
+extern const char AUTHORITY_CERT_3[];
+extern const char AUTHORITY_SIGNKEY_A_DIGEST[];
+
+static const char TEST_CERT_IDENT_KEY[] =
+  "D867ACF56A9D229B35C25F0090BC9867E906BE69";
+
+static void
+test_dir_handle_get_server_keys_all(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  const char digest[DIGEST_LEN] = "";
+
+  dir_server_t *ds = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/all");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_CERTIFICATE)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 1883\r\n"));
+
+  tt_str_op(TEST_CERTIFICATE, OP_EQ, body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+
+    clear_dir_servers();
+    routerlist_free_all();
+}
+
+static void
+test_dir_handle_get_server_keys_authority_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/authority");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static authority_cert_t * mock_cert = NULL;
+
+static authority_cert_t *
+get_my_v3_authority_cert_m(void)
+{
+  tor_assert(mock_cert);
+  return mock_cert;
+}
+
+static void
+test_dir_handle_get_server_keys_authority(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  mock_cert = authority_cert_parse_from_string(TEST_CERTIFICATE, NULL);
+
+  MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/authority");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_CERTIFICATE)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 1883\r\n"));
+
+  tt_str_op(TEST_CERTIFICATE, OP_EQ, body);
+
+  done:
+    UNMOCK(get_my_v3_authority_cert);
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    authority_cert_free(mock_cert); mock_cert = NULL;
+}
+
+static void
+test_dir_handle_get_server_keys_fp_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/fp/somehex");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_server_keys_fp(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  dir_server_t *ds = NULL;
+  const char digest[DIGEST_LEN] = "";
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  char req[71];
+  sprintf(req, GET("/tor/keys/fp/%s"), TEST_CERT_IDENT_KEY);
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_CERTIFICATE)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 1883\r\n"));
+
+  tt_str_op(TEST_CERTIFICATE, OP_EQ, body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    clear_dir_servers();
+    routerlist_free_all();
+}
+
+static void
+test_dir_handle_get_server_keys_sk_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/sk/somehex");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_server_keys_sk(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  mock_cert = authority_cert_parse_from_string(TEST_CERTIFICATE, NULL);
+  MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  char req[71];
+  sprintf(req, GET("/tor/keys/sk/%s"), TEST_SIGNING_KEY);
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_CERTIFICATE)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 1883\r\n"));
+
+  tt_str_op(TEST_CERTIFICATE, OP_EQ, body);
+
+  done:
+    UNMOCK(get_my_v3_authority_cert);
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    authority_cert_free(mock_cert); mock_cert = NULL;
+    tor_free(header);
+    tor_free(body);
+}
+
+static void
+test_dir_handle_get_server_keys_fpsk_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  const char *req = GET("/tor/keys/fp-sk/somehex");
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_server_keys_fpsk(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  dir_server_t *ds = NULL;
+  const char digest[DIGEST_LEN] = "";
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+  dir_server_add(ds);
+
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  char req[115];
+  sprintf(req, GET("/tor/keys/fp-sk/%s-%s"),
+          TEST_CERT_IDENT_KEY, TEST_SIGNING_KEY);
+
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(TEST_CERTIFICATE)+1, 0);
+
+  tt_assert(header);
+  tt_assert(body);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 1883\r\n"));
+
+  tt_str_op(TEST_CERTIFICATE, OP_EQ, body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+
+    clear_dir_servers();
+    routerlist_free_all();
+}
+
+static void
+test_dir_handle_get_server_keys_busy(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  dir_server_t *ds = NULL;
+  const char digest[DIGEST_LEN] = "";
+  (void) data;
+
+  clear_dir_servers();
+  routerlist_free_all();
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+  dir_server_add(ds);
+
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* setup busy server */
+  init_mock_options();
+  mock_options->CountPrivateBandwidth = 1;
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  char req[71];
+  sprintf(req, GET("/tor/keys/fp/%s"), TEST_CERT_IDENT_KEY);
+  tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0);
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(SERVER_BUSY, OP_EQ, header);
+
+  done:
+    UNMOCK(get_options);
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    or_options_free(mock_options); mock_options = NULL;
+
+    clear_dir_servers();
+    routerlist_free_all();
+}
+
+static networkstatus_t *mock_ns_val = NULL;
+static networkstatus_t *
+mock_ns_get_by_flavor(consensus_flavor_t f)
+{
+  (void)f;
+  return mock_ns_val;
+}
+
+static void
+test_dir_handle_get_status_vote_current_consensus_ns_not_enough_sigs(void* d)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *stats = NULL;
+  (void) d;
+
+  /* init mock */
+  mock_ns_val = tor_malloc_zero(sizeof(networkstatus_t));
+  mock_ns_val->flavor = FLAV_NS;
+  mock_ns_val->voters = smartlist_new();
+
+  /* init mock */
+  init_mock_options();
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+  MOCK(networkstatus_get_latest_consensus_by_flavor, mock_ns_get_by_flavor);
+
+  /* start gathering stats */
+  mock_options->DirReqStatistics = 1;
+  geoip_dirreq_stats_init(time(NULL));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/consensus-ns/" HEX1 "+" HEX2), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+
+  tt_assert(header);
+  tt_str_op(NOT_ENOUGH_CONSENSUS_SIGNATURES, OP_EQ, header);
+
+  stats = geoip_format_dirreq_stats(time(NULL));
+  tt_assert(stats);
+  tt_assert(strstr(stats, "not-enough-sigs=8"));
+
+  done:
+    UNMOCK(networkstatus_get_latest_consensus_by_flavor);
+    UNMOCK(connection_write_to_buf_impl_);
+    UNMOCK(get_options);
+
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(stats);
+    smartlist_free(mock_ns_val->voters);
+    tor_free(mock_ns_val);
+    or_options_free(mock_options); mock_options = NULL;
+}
+
+static void
+test_dir_handle_get_status_vote_current_consensus_ns_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  char *stats = NULL;
+  (void) data;
+
+  init_mock_options();
+
+  MOCK(get_options, mock_get_options);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  /* start gathering stats */
+  mock_options->DirReqStatistics = 1;
+  geoip_dirreq_stats_init(time(NULL));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/consensus-ns"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  stats = geoip_format_dirreq_stats(time(NULL));
+  tt_assert(stats);
+  tt_assert(strstr(stats, "not-found=8"));
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    UNMOCK(get_options);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(stats);
+    or_options_free(mock_options); mock_options = NULL;
+}
+
+NS_DECL(int, geoip_get_country_by_addr, (const tor_addr_t *addr));
+
+int
+NS(geoip_get_country_by_addr)(const tor_addr_t *addr)
+{
+  (void)addr;
+  CALLED(geoip_get_country_by_addr)++;
+  return 1;
+}
+
+static void
+status_vote_current_consensus_ns_test(char **header, char **body,
+                                      size_t *body_len)
+{
+  common_digests_t digests;
+  dir_connection_t *conn = NULL;
+
+  #define NETWORK_STATUS "some network status string"
+  dirserv_set_cached_consensus_networkstatus(NETWORK_STATUS, "ns", &digests,
+                                             time(NULL));
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  tt_assert(mock_options);
+  mock_options->DirReqStatistics = 1;
+  geoip_dirreq_stats_init(time(NULL));
+
+  /* init geoip database */
+  geoip_parse_entry("10,50,AB", AF_INET);
+  tt_str_op("ab", OP_EQ, geoip_get_country_name(1));
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  TO_CONN(conn)->address = tor_strdup("127.0.0.1");
+
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/consensus-ns"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, header, MAX_HEADERS_SIZE,
+                      body, body_len, strlen(NETWORK_STATUS)+7, 0);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+}
+
+static void
+test_dir_handle_get_status_vote_current_consensus_ns(void* data)
+{
+  char *header = NULL;
+  char *body = NULL, *comp_body = NULL;
+  size_t body_used = 0, comp_body_used = 0;
+  char *stats = NULL, *hist = NULL;
+  (void) data;
+
+  dirserv_free_all();
+  clear_geoip_db();
+
+  NS_MOCK(geoip_get_country_by_addr);
+  MOCK(get_options, mock_get_options);
+
+  init_mock_options();
+
+  status_vote_current_consensus_ns_test(&header, &comp_body, &comp_body_used);
+  tt_assert(header);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Pragma: no-cache\r\n"));
+
+  compress_method_t compression = detect_compression_method(comp_body,
+                                                            comp_body_used);
+  tt_int_op(ZLIB_METHOD, OP_EQ, compression);
+
+  tor_gzip_uncompress(&body, &body_used, comp_body, comp_body_used,
+                      compression, 0, LOG_PROTOCOL_WARN);
+
+  tt_str_op(NETWORK_STATUS, OP_EQ, body);
+  tt_int_op(strlen(NETWORK_STATUS), OP_EQ, body_used);
+
+  stats = geoip_format_dirreq_stats(time(NULL));
+  tt_assert(stats);
+
+  tt_assert(strstr(stats, "ok=8"));
+  tt_assert(strstr(stats, "dirreq-v3-ips ab=8"));
+  tt_assert(strstr(stats, "dirreq-v3-reqs ab=8"));
+  tt_assert(strstr(stats, "dirreq-v3-direct-dl"
+                          " complete=0,timeout=0,running=4"));
+
+  hist = geoip_get_request_history();
+  tt_assert(hist);
+  tt_str_op("ab=8", OP_EQ, hist);
+
+  done:
+    NS_UNMOCK(geoip_get_country_by_addr);
+    UNMOCK(get_options);
+    tor_free(header);
+    tor_free(comp_body);
+    tor_free(body);
+    tor_free(stats);
+    tor_free(hist);
+    or_options_free(mock_options); mock_options = NULL;
+
+    dirserv_free_all();
+    clear_geoip_db();
+}
+
+static void
+test_dir_handle_get_status_vote_current_consensus_ns_busy(void* data)
+{
+  char *header = NULL;
+  char *body = NULL;
+  size_t body_used = 0;
+  char *stats = NULL;
+  (void) data;
+
+  dirserv_free_all();
+  clear_geoip_db();
+
+  MOCK(get_options, mock_get_options);
+
+  // Make it busy
+  init_mock_options();
+  mock_options->CountPrivateBandwidth = 1;
+
+  status_vote_current_consensus_ns_test(&header, &body, &body_used);
+  tt_assert(header);
+
+  tt_str_op(SERVER_BUSY, OP_EQ, header);
+
+  stats = geoip_format_dirreq_stats(time(NULL));
+  tt_assert(stats);
+  tt_assert(strstr(stats, "busy=8"));
+
+  done:
+    UNMOCK(get_options);
+    tor_free(header);
+    tor_free(body);
+    or_options_free(mock_options); mock_options = NULL;
+
+    tor_free(stats);
+    dirserv_free_all();
+    clear_geoip_db();
+}
+
+static void
+test_dir_handle_get_status_vote_current_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/" HEX1), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+#define VOTE_DIGEST "312A4890D4D832597ABBD3089C782DBBFB81E48D"
+
+static void
+status_vote_current_d_test(char **header, char **body, size_t *body_l)
+{
+  dir_connection_t *conn = NULL;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/d/" VOTE_DIGEST), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, header, MAX_HEADERS_SIZE,
+                      body, body_l, strlen(VOTE_BODY_V3)+1, 0);
+  tt_assert(header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+}
+
+static void
+status_vote_next_d_test(char **header, char **body, size_t *body_l)
+{
+  dir_connection_t *conn = NULL;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/next/d/" VOTE_DIGEST), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, header, MAX_HEADERS_SIZE,
+                      body, body_l, strlen(VOTE_BODY_V3)+1, 0);
+  tt_assert(header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+}
+
+static void
+test_dir_handle_get_status_vote_current_d_not_found(void* data)
+{
+  char *header = NULL;
+  (void) data;
+
+  status_vote_current_d_test(&header, NULL, NULL);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_status_vote_next_d_not_found(void* data)
+{
+  char *header = NULL;
+  (void) data;
+
+  status_vote_next_d_test(&header, NULL, NULL);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_status_vote_d(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used = 0;
+  dir_server_t *ds = NULL;
+  const char digest[DIGEST_LEN] = "";
+  (void) data;
+
+  clear_dir_servers();
+  dirvote_free_all();
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+
+  init_mock_options();
+  mock_options->AuthoritativeDir = 1;
+  mock_options->V3AuthoritativeDir = 1;
+  mock_options->TestingV3AuthVotingStartOffset = 0;
+  mock_options->TestingV3AuthInitialVotingInterval = 1;
+  mock_options->TestingV3AuthInitialVoteDelay = 1;
+  mock_options->TestingV3AuthInitialDistDelay = 1;
+
+  time_t now = 1441223455 -1;
+  dirvote_recalculate_timing(mock_options, now);
+
+  const char *msg_out = NULL;
+  int status_out = 0;
+  struct pending_vote_t *pv = dirvote_add_vote(VOTE_BODY_V3, &msg_out,
+                                               &status_out);
+  tt_assert(pv);
+
+  status_vote_current_d_test(&header, &body, &body_used);
+
+  tt_assert(header);
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 4135\r\n"));
+
+  tt_str_op(VOTE_BODY_V3, OP_EQ, body);
+
+  tor_free(header);
+  tor_free(body);
+
+  status_vote_next_d_test(&header, &body, &body_used);
+
+  tt_assert(header);
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 4135\r\n"));
+
+  tt_str_op(VOTE_BODY_V3, OP_EQ, body);
+
+  done:
+    tor_free(header);
+    tor_free(body);
+    or_options_free(mock_options); mock_options = NULL;
+
+    clear_dir_servers();
+    dirvote_free_all();
+}
+
+static void
+test_dir_handle_get_status_vote_next_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/next/" HEX1), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+status_vote_next_consensus_test(char **header, char **body, size_t *body_used)
+{
+  dir_connection_t *conn = NULL;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/next/consensus"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, header, MAX_HEADERS_SIZE,
+                      body, body_used, 18, 0);
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+}
+
+static void
+test_dir_handle_get_status_vote_next_consensus_not_found(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used;
+  (void) data;
+
+  status_vote_next_consensus_test(&header, &body, &body_used);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    tor_free(header);
+    tor_free(body);
+}
+
+static void
+test_dir_handle_get_status_vote_current_authority_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/authority"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+static void
+test_dir_handle_get_status_vote_next_authority_not_found(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL;
+  (void) data;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/next/authority"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      NULL, NULL, 1, 0);
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+}
+
+NS_DECL(const char*,
+dirvote_get_pending_consensus, (consensus_flavor_t flav));
+
+const char*
+NS(dirvote_get_pending_consensus)(consensus_flavor_t flav)
+{
+  (void)flav;
+  return "pending consensus";
+}
+
+static void
+test_dir_handle_get_status_vote_next_consensus(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  NS_MOCK(dirvote_get_pending_consensus);
+
+  status_vote_next_consensus_test(&header, &body, &body_used);
+  tt_assert(header);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 17\r\n"));
+
+  tt_str_op("pending consensus", OP_EQ, body);
+
+  done:
+    NS_UNMOCK(dirvote_get_pending_consensus);
+    tor_free(header);
+    tor_free(body);
+}
+
+static void
+test_dir_handle_get_status_vote_next_consensus_busy(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  MOCK(get_options, mock_get_options);
+  NS_MOCK(dirvote_get_pending_consensus);
+
+  //Make it busy
+  init_mock_options();
+  mock_options->CountPrivateBandwidth = 1;
+
+  status_vote_next_consensus_test(&header, &body, &body_used);
+
+  tt_assert(header);
+  tt_str_op(SERVER_BUSY, OP_EQ, header);
+
+  done:
+    NS_UNMOCK(dirvote_get_pending_consensus);
+    UNMOCK(get_options);
+    tor_free(header);
+    tor_free(body);
+    or_options_free(mock_options); mock_options = NULL;
+}
+
+static void
+status_vote_next_consensus_signatures_test(char **header, char **body,
+                                           size_t *body_used)
+{
+  dir_connection_t *conn = NULL;
+
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/next/consensus-signatures"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, header, MAX_HEADERS_SIZE,
+                      body, body_used, 22, 0);
+
+  done:
+    connection_free_(TO_CONN(conn));
+    UNMOCK(connection_write_to_buf_impl_);
+}
+
+static void
+test_dir_handle_get_status_vote_next_consensus_signatures_not_found(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used;
+  (void) data;
+
+  status_vote_next_consensus_signatures_test(&header, &body, &body_used);
+
+  tt_assert(header);
+  tt_str_op(NOT_FOUND, OP_EQ, header);
+
+  done:
+    tor_free(header);
+    tor_free(body);
+}
+
+NS_DECL(const char*,
+dirvote_get_pending_detached_signatures, (void));
+
+const char*
+NS(dirvote_get_pending_detached_signatures)(void)
+{
+  return "pending detached sigs";
+}
+
+static void
+test_dir_handle_get_status_vote_next_consensus_signatures(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used = 0;
+  (void) data;
+
+  NS_MOCK(dirvote_get_pending_detached_signatures);
+
+  status_vote_next_consensus_signatures_test(&header, &body, &body_used);
+  tt_assert(header);
+
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 21\r\n"));
+
+  tt_str_op("pending detached sigs", OP_EQ, body);
+
+  done:
+    NS_UNMOCK(dirvote_get_pending_detached_signatures);
+    tor_free(header);
+    tor_free(body);
+}
+
+static void
+test_dir_handle_get_status_vote_next_consensus_signatures_busy(void* data)
+{
+  char *header = NULL, *body = NULL;
+  size_t body_used;
+  (void) data;
+
+  NS_MOCK(dirvote_get_pending_detached_signatures);
+  MOCK(get_options, mock_get_options);
+
+  //Make it busy
+  init_mock_options();
+  mock_options->CountPrivateBandwidth = 1;
+
+  status_vote_next_consensus_signatures_test(&header, &body, &body_used);
+
+  tt_assert(header);
+  tt_str_op(SERVER_BUSY, OP_EQ, header);
+
+  done:
+    UNMOCK(get_options);
+    NS_UNMOCK(dirvote_get_pending_detached_signatures);
+    tor_free(header);
+    tor_free(body);
+    or_options_free(mock_options); mock_options = NULL;
+}
+
+static void
+test_dir_handle_get_status_vote_next_authority(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL, *body = NULL;
+  const char *msg_out = NULL;
+  int status_out = 0;
+  size_t body_used = 0;
+  dir_server_t *ds = NULL;
+  const char digest[DIGEST_LEN] = "";
+  (void) data;
+
+  clear_dir_servers();
+  routerlist_free_all();
+  dirvote_free_all();
+
+  mock_cert = authority_cert_parse_from_string(TEST_CERTIFICATE, NULL);
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  init_mock_options();
+  mock_options->AuthoritativeDir = 1;
+  mock_options->V3AuthoritativeDir = 1;
+  mock_options->TestingV3AuthVotingStartOffset = 0;
+  mock_options->TestingV3AuthInitialVotingInterval = 1;
+  mock_options->TestingV3AuthInitialVoteDelay = 1;
+  mock_options->TestingV3AuthInitialDistDelay = 1;
+
+  time_t now = 1441223455 -1;
+  dirvote_recalculate_timing(mock_options, now);
+
+  struct pending_vote_t *vote = dirvote_add_vote(VOTE_BODY_V3, &msg_out,
+                                                 &status_out);
+  tt_assert(vote);
+
+  MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/next/authority"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(VOTE_BODY_V3)+1, 0);
+
+  tt_assert(header);
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 4135\r\n"));
+
+  tt_str_op(VOTE_BODY_V3, OP_EQ, body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    UNMOCK(get_my_v3_authority_cert);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    authority_cert_free(mock_cert); mock_cert = NULL;
+    or_options_free(mock_options); mock_options = NULL;
+
+    clear_dir_servers();
+    routerlist_free_all();
+    dirvote_free_all();
+}
+
+static void
+test_dir_handle_get_status_vote_current_authority(void* data)
+{
+  dir_connection_t *conn = NULL;
+  char *header = NULL, *body = NULL;
+  const char *msg_out = NULL;
+  int status_out = 0;
+  size_t body_used = 0;
+  const char digest[DIGEST_LEN] = "";
+
+  dir_server_t *ds = NULL;
+  (void) data;
+
+  clear_dir_servers();
+  routerlist_free_all();
+  dirvote_free_all();
+
+  mock_cert = authority_cert_parse_from_string(TEST_CERTIFICATE, NULL);
+
+  /* create a trusted ds */
+  ds = trusted_dir_server_new("ds", "127.0.0.1", 9059, 9060, NULL, digest,
+                              NULL, V3_DIRINFO, 1.0);
+  tt_assert(ds);
+  dir_server_add(ds);
+
+  /* ds v3_identity_digest is the certificate's identity_key */
+  base16_decode(ds->v3_identity_digest, DIGEST_LEN,
+                TEST_CERT_IDENT_KEY, HEX_DIGEST_LEN);
+
+  tt_int_op(0, OP_EQ, trusted_dirs_load_certs_from_string(TEST_CERTIFICATE,
+    TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST, 1));
+
+  init_mock_options();
+  mock_options->AuthoritativeDir = 1;
+  mock_options->V3AuthoritativeDir = 1;
+  mock_options->TestingV3AuthVotingStartOffset = 0;
+  mock_options->TestingV3AuthInitialVotingInterval = 1;
+  mock_options->TestingV3AuthInitialVoteDelay = 1;
+  mock_options->TestingV3AuthInitialDistDelay = 1;
+
+  time_t now = 1441223455;
+  dirvote_recalculate_timing(mock_options, now-1);
+
+  struct pending_vote_t *vote = dirvote_add_vote(VOTE_BODY_V3, &msg_out,
+                                                 &status_out);
+  tt_assert(vote);
+
+  // move the pending vote to previous vote
+  dirvote_act(mock_options, now+1);
+
+  MOCK(get_my_v3_authority_cert, get_my_v3_authority_cert_m);
+  MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock);
+
+  conn = dir_connection_new(tor_addr_family(&MOCK_TOR_ADDR));
+  tt_int_op(0, OP_EQ, directory_handle_command_get(conn,
+    GET("/tor/status-vote/current/authority"), NULL, 0));
+
+  fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE,
+                      &body, &body_used, strlen(VOTE_BODY_V3)+1, 0);
+
+  tt_assert(header);
+  tt_ptr_op(strstr(header, "HTTP/1.0 200 OK\r\n"), OP_EQ, header);
+  tt_assert(strstr(header, "Content-Type: text/plain\r\n"));
+  tt_assert(strstr(header, "Content-Encoding: identity\r\n"));
+  tt_assert(strstr(header, "Content-Length: 4135\r\n"));
+
+  tt_str_op(VOTE_BODY_V3, OP_EQ, body);
+
+  done:
+    UNMOCK(connection_write_to_buf_impl_);
+    UNMOCK(get_my_v3_authority_cert);
+    connection_free_(TO_CONN(conn));
+    tor_free(header);
+    tor_free(body);
+    authority_cert_free(mock_cert); mock_cert = NULL;
+    or_options_free(mock_options); mock_options = NULL;
+
+    clear_dir_servers();
+    routerlist_free_all();
+    dirvote_free_all();
+}
+
+#define DIR_HANDLE_CMD(name,flags) \
+  { #name, test_dir_handle_get_##name, (flags), NULL, NULL }
+
+struct testcase_t dir_handle_get_tests[] = {
+  DIR_HANDLE_CMD(not_found, 0),
+  DIR_HANDLE_CMD(bad_request, 0),
+  DIR_HANDLE_CMD(v1_command_not_found, 0),
+  DIR_HANDLE_CMD(v1_command, 0),
+  DIR_HANDLE_CMD(robots_txt, 0),
+  DIR_HANDLE_CMD(bytes_txt, 0),
+  DIR_HANDLE_CMD(rendezvous2_not_found_if_not_encrypted, 0),
+  DIR_HANDLE_CMD(rendezvous2_not_found, 0),
+  DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_with_invalid_desc_id, 0),
+  DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_not_well_formed, 0),
+  DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_success, 0),
+  DIR_HANDLE_CMD(micro_d_not_found, 0),
+  DIR_HANDLE_CMD(micro_d_server_busy, 0),
+  DIR_HANDLE_CMD(micro_d, 0),
+  DIR_HANDLE_CMD(networkstatus_bridges_not_found_without_auth, 0),
+  DIR_HANDLE_CMD(networkstatus_bridges_not_found_wrong_auth, 0),
+  DIR_HANDLE_CMD(networkstatus_bridges, 0),
+  DIR_HANDLE_CMD(server_descriptors_not_found, 0),
+  DIR_HANDLE_CMD(server_descriptors_busy, TT_FORK),
+  DIR_HANDLE_CMD(server_descriptors_all, TT_FORK),
+  DIR_HANDLE_CMD(server_descriptors_authority, TT_FORK),
+  DIR_HANDLE_CMD(server_descriptors_fp, TT_FORK),
+  DIR_HANDLE_CMD(server_descriptors_d, TT_FORK),
+  DIR_HANDLE_CMD(server_keys_bad_req, 0),
+  DIR_HANDLE_CMD(server_keys_busy, 0),
+  DIR_HANDLE_CMD(server_keys_all_not_found, 0),
+  DIR_HANDLE_CMD(server_keys_all, 0),
+  DIR_HANDLE_CMD(server_keys_authority_not_found, 0),
+  DIR_HANDLE_CMD(server_keys_authority, 0),
+  DIR_HANDLE_CMD(server_keys_fp_not_found, 0),
+  DIR_HANDLE_CMD(server_keys_fp, 0),
+  DIR_HANDLE_CMD(server_keys_sk_not_found, 0),
+  DIR_HANDLE_CMD(server_keys_sk, 0),
+  DIR_HANDLE_CMD(server_keys_fpsk_not_found, 0),
+  DIR_HANDLE_CMD(server_keys_fpsk, 0),
+  DIR_HANDLE_CMD(status_vote_current_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_next_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_current_authority_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_current_authority, 0),
+  DIR_HANDLE_CMD(status_vote_next_authority_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_next_authority, 0),
+  DIR_HANDLE_CMD(status_vote_current_consensus_ns_not_enough_sigs, 0),
+  DIR_HANDLE_CMD(status_vote_current_consensus_ns_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_current_consensus_ns_busy, 0),
+  DIR_HANDLE_CMD(status_vote_current_consensus_ns, 0),
+  DIR_HANDLE_CMD(status_vote_current_d_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_next_d_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_d, 0),
+  DIR_HANDLE_CMD(status_vote_next_consensus_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_next_consensus_busy, 0),
+  DIR_HANDLE_CMD(status_vote_next_consensus, 0),
+  DIR_HANDLE_CMD(status_vote_next_consensus_signatures_not_found, 0),
+  DIR_HANDLE_CMD(status_vote_next_consensus_signatures_busy, 0),
+  DIR_HANDLE_CMD(status_vote_next_consensus_signatures, 0),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_dns.c b/src/test/test_dns.c
new file mode 100644
index 0000000000..5289ca58ff
--- /dev/null
+++ b/src/test/test_dns.c
@@ -0,0 +1,765 @@
+#include "or.h"
+#include "test.h"
+
+#define DNS_PRIVATE
+
+#include "dns.h"
+#include "connection.h"
+#include "router.h"
+
+#define NS_MODULE dns
+
+#define NS_SUBMODULE clip_ttl
+
+static void
+NS(test_main)(void *arg)
+{
+  (void)arg;
+
+  uint32_t ttl_mid = MIN_DNS_TTL / 2 + MAX_DNS_TTL / 2;
+
+  tt_int_op(dns_clip_ttl(MIN_DNS_TTL - 1),==,MIN_DNS_TTL);
+  tt_int_op(dns_clip_ttl(ttl_mid),==,ttl_mid);
+  tt_int_op(dns_clip_ttl(MAX_DNS_TTL + 1),==,MAX_DNS_TTL);
+
+  done:
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE expiry_ttl
+
+static void
+NS(test_main)(void *arg)
+{
+  (void)arg;
+
+  uint32_t ttl_mid = MIN_DNS_TTL / 2 + MAX_DNS_ENTRY_AGE / 2;
+
+  tt_int_op(dns_get_expiry_ttl(MIN_DNS_TTL - 1),==,MIN_DNS_TTL);
+  tt_int_op(dns_get_expiry_ttl(ttl_mid),==,ttl_mid);
+  tt_int_op(dns_get_expiry_ttl(MAX_DNS_ENTRY_AGE + 1),==,MAX_DNS_ENTRY_AGE);
+
+  done:
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE resolve
+
+static int resolve_retval = 0;
+static int resolve_made_conn_pending = 0;
+static char *resolved_name = NULL;
+static cached_resolve_t *cache_entry = NULL;
+
+static int n_fake_impl = 0;
+
+NS_DECL(int, dns_resolve_impl, (edge_connection_t *exitconn, int is_resolve,
+                                or_circuit_t *oncirc, char **hostname_out,
+                                int *made_connection_pending_out,
+                                cached_resolve_t **resolve_out));
+
+/** This will be our configurable substitute for <b>dns_resolve_impl</b> in
+ * dns.c. It will return <b>resolve_retval</b>,
+ * and set <b>resolve_made_conn_pending</b> to
+ * <b>made_connection_pending_out</b>. It will set <b>hostname_out</b>
+ * to a duplicate of <b>resolved_name</b> and it will set <b>resolve_out</b>
+ * to <b>cache_entry</b>. Lastly, it will increment <b>n_fake_impl</b< by
+ * 1.
+ */
+static int
+NS(dns_resolve_impl)(edge_connection_t *exitconn, int is_resolve,
+                     or_circuit_t *oncirc, char **hostname_out,
+                     int *made_connection_pending_out,
+                     cached_resolve_t **resolve_out)
+{
+  (void)oncirc;
+  (void)exitconn;
+  (void)is_resolve;
+
+  if (made_connection_pending_out)
+    *made_connection_pending_out = resolve_made_conn_pending;
+
+  if (hostname_out && resolved_name)
+    *hostname_out = tor_strdup(resolved_name);
+
+  if (resolve_out && cache_entry)
+    *resolve_out = cache_entry;
+
+  n_fake_impl++;
+
+  return resolve_retval;
+}
+
+static edge_connection_t *conn_for_resolved_cell = NULL;
+
+static int n_send_resolved_cell_replacement = 0;
+static uint8_t last_answer_type = 0;
+static cached_resolve_t *last_resolved;
+
+static void
+NS(send_resolved_cell)(edge_connection_t *conn, uint8_t answer_type,
+                       const cached_resolve_t *resolved)
+{
+  conn_for_resolved_cell = conn;
+
+  last_answer_type = answer_type;
+  last_resolved = (cached_resolve_t *)resolved;
+
+  n_send_resolved_cell_replacement++;
+}
+
+static int n_send_resolved_hostname_cell_replacement = 0;
+
+static char *last_resolved_hostname = NULL;
+
+static void
+NS(send_resolved_hostname_cell)(edge_connection_t *conn,
+                                const char *hostname)
+{
+  conn_for_resolved_cell = conn;
+
+  tor_free(last_resolved_hostname);
+  last_resolved_hostname = tor_strdup(hostname);
+
+  n_send_resolved_hostname_cell_replacement++;
+}
+
+static int n_dns_cancel_pending_resolve_replacement = 0;
+
+static void
+NS(dns_cancel_pending_resolve)(const char *address)
+{
+  (void) address;
+  n_dns_cancel_pending_resolve_replacement++;
+}
+
+static int n_connection_free = 0;
+static connection_t *last_freed_conn = NULL;
+
+static void
+NS(connection_free)(connection_t *conn)
+{
+   n_connection_free++;
+
+   last_freed_conn = conn;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  (void) arg;
+  int retval;
+  int prev_n_send_resolved_hostname_cell_replacement;
+  int prev_n_send_resolved_cell_replacement;
+  int prev_n_connection_free;
+  cached_resolve_t *fake_resolved = tor_malloc(sizeof(cached_resolve_t));
+  edge_connection_t *exitconn = tor_malloc(sizeof(edge_connection_t));
+  edge_connection_t *nextconn = tor_malloc(sizeof(edge_connection_t));
+
+  or_circuit_t *on_circuit = tor_malloc(sizeof(or_circuit_t));
+  memset(on_circuit,0,sizeof(or_circuit_t));
+  on_circuit->base_.magic = OR_CIRCUIT_MAGIC;
+
+  memset(fake_resolved,0,sizeof(cached_resolve_t));
+  memset(exitconn,0,sizeof(edge_connection_t));
+  memset(nextconn,0,sizeof(edge_connection_t));
+
+  NS_MOCK(dns_resolve_impl);
+  NS_MOCK(send_resolved_cell);
+  NS_MOCK(send_resolved_hostname_cell);
+
+  /*
+   * CASE 1: dns_resolve_impl returns 1 and sets a hostname. purpose is
+   * EXIT_PURPOSE_RESOLVE.
+   *
+   * We want dns_resolve() to call send_resolved_hostname_cell() for a
+   * given exit connection (represented by edge_connection_t object)
+   * with a hostname it received from _impl.
+   */
+
+  prev_n_send_resolved_hostname_cell_replacement =
+  n_send_resolved_hostname_cell_replacement;
+
+  exitconn->base_.purpose = EXIT_PURPOSE_RESOLVE;
+  exitconn->on_circuit = &(on_circuit->base_);
+
+  resolve_retval = 1;
+  resolved_name = tor_strdup("www.torproject.org");
+
+  retval = dns_resolve(exitconn);
+
+  tt_int_op(retval,==,1);
+  tt_str_op(resolved_name,==,last_resolved_hostname);
+  tt_assert(conn_for_resolved_cell == exitconn);
+  tt_int_op(n_send_resolved_hostname_cell_replacement,==,
+            prev_n_send_resolved_hostname_cell_replacement + 1);
+  tt_assert(exitconn->on_circuit == NULL);
+
+  tor_free(last_resolved_hostname);
+  // implies last_resolved_hostname = NULL;
+
+  /* CASE 2: dns_resolve_impl returns 1, but does not set hostname.
+   * Instead, it yields cached_resolve_t object.
+   *
+   * We want dns_resolve to call send_resolved_cell on exitconn with
+   * RESOLVED_TYPE_AUTO and the cached_resolve_t object from _impl.
+   */
+
+  tor_free(resolved_name);
+  resolved_name = NULL;
+
+  exitconn->on_circuit = &(on_circuit->base_);
+
+  cache_entry = fake_resolved;
+
+  prev_n_send_resolved_cell_replacement =
+  n_send_resolved_cell_replacement;
+
+  retval = dns_resolve(exitconn);
+
+  tt_int_op(retval,==,1);
+  tt_assert(conn_for_resolved_cell == exitconn);
+  tt_int_op(n_send_resolved_cell_replacement,==,
+            prev_n_send_resolved_cell_replacement + 1);
+  tt_assert(last_resolved == fake_resolved);
+  tt_int_op(last_answer_type,==,0xff);
+  tt_assert(exitconn->on_circuit == NULL);
+
+  /* CASE 3: The purpose of exit connection is not EXIT_PURPOSE_RESOLVE
+   * and _impl returns 1.
+   *
+   * We want dns_resolve to prepend exitconn to n_streams linked list.
+   * We don't want it to send any cells about hostname being resolved.
+   */
+
+  exitconn->base_.purpose = EXIT_PURPOSE_CONNECT;
+  exitconn->on_circuit = &(on_circuit->base_);
+
+  on_circuit->n_streams = nextconn;
+
+  prev_n_send_resolved_cell_replacement =
+  n_send_resolved_cell_replacement;
+
+  prev_n_send_resolved_hostname_cell_replacement =
+  n_send_resolved_hostname_cell_replacement;
+
+  retval = dns_resolve(exitconn);
+
+  tt_int_op(retval,==,1);
+  tt_assert(on_circuit->n_streams == exitconn);
+  tt_assert(exitconn->next_stream == nextconn);
+  tt_int_op(prev_n_send_resolved_cell_replacement,==,
+            n_send_resolved_cell_replacement);
+  tt_int_op(prev_n_send_resolved_hostname_cell_replacement,==,
+            n_send_resolved_hostname_cell_replacement);
+
+  /* CASE 4: _impl returns 0.
+   *
+   * We want dns_resolve() to set exitconn state to
+   * EXIT_CONN_STATE_RESOLVING and prepend exitconn to resolving_streams
+   * linked list.
+   */
+
+  exitconn->on_circuit = &(on_circuit->base_);
+
+  resolve_retval = 0;
+
+  exitconn->next_stream = NULL;
+  on_circuit->resolving_streams = nextconn;
+
+  retval = dns_resolve(exitconn);
+
+  tt_int_op(retval,==,0);
+  tt_int_op(exitconn->base_.state,==,EXIT_CONN_STATE_RESOLVING);
+  tt_assert(on_circuit->resolving_streams == exitconn);
+  tt_assert(exitconn->next_stream == nextconn);
+
+  /* CASE 5: _impl returns -1 when purpose of exitconn is
+   * EXIT_PURPOSE_RESOLVE. We want dns_resolve to call send_resolved_cell
+   * on exitconn with type being RESOLVED_TYPE_ERROR.
+   */
+
+  NS_MOCK(dns_cancel_pending_resolve);
+  NS_MOCK(connection_free);
+
+  exitconn->on_circuit = &(on_circuit->base_);
+  exitconn->base_.purpose = EXIT_PURPOSE_RESOLVE;
+
+  resolve_retval = -1;
+
+  prev_n_send_resolved_cell_replacement =
+  n_send_resolved_cell_replacement;
+
+  prev_n_connection_free = n_connection_free;
+
+  retval = dns_resolve(exitconn);
+
+  tt_int_op(retval,==,-1);
+  tt_int_op(n_send_resolved_cell_replacement,==,
+            prev_n_send_resolved_cell_replacement + 1);
+  tt_int_op(last_answer_type,==,RESOLVED_TYPE_ERROR);
+  tt_int_op(n_dns_cancel_pending_resolve_replacement,==,1);
+  tt_int_op(n_connection_free,==,prev_n_connection_free + 1);
+  tt_assert(last_freed_conn == TO_CONN(exitconn));
+
+  done:
+  NS_UNMOCK(dns_resolve_impl);
+  NS_UNMOCK(send_resolved_cell);
+  NS_UNMOCK(send_resolved_hostname_cell);
+  NS_UNMOCK(dns_cancel_pending_resolve);
+  NS_UNMOCK(connection_free);
+  tor_free(on_circuit);
+  tor_free(exitconn);
+  tor_free(nextconn);
+  tor_free(resolved_name);
+  tor_free(fake_resolved);
+  tor_free(last_resolved_hostname);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+/** Create an <b>edge_connection_t</b> instance that is considered a
+ * valid exit connection by asserts in dns_resolve_impl.
+ */
+static edge_connection_t *
+create_valid_exitconn(void)
+{
+  edge_connection_t *exitconn = tor_malloc_zero(sizeof(edge_connection_t));
+  TO_CONN(exitconn)->type = CONN_TYPE_EXIT;
+  TO_CONN(exitconn)->magic = EDGE_CONNECTION_MAGIC;
+  TO_CONN(exitconn)->purpose = EXIT_PURPOSE_RESOLVE;
+  TO_CONN(exitconn)->state = EXIT_CONN_STATE_RESOLVING;
+  exitconn->base_.s = TOR_INVALID_SOCKET;
+
+  return exitconn;
+}
+
+#define NS_SUBMODULE ASPECT(resolve_impl, addr_is_ip_no_need_to_resolve)
+
+/*
+ * Given that <b>exitconn->base_.address</b> is IP address string, we
+ * want dns_resolve_impl() to parse it and store in
+ * <b>exitconn->base_.addr</b>. We expect dns_resolve_impl to return 1.
+ * Lastly, we want it to set the TTL value to default one for DNS queries.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending;
+  const tor_addr_t *resolved_addr;
+  tor_addr_t addr_to_compare;
+
+  (void)arg;
+
+  tor_addr_parse(&addr_to_compare, "8.8.8.8");
+
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+
+  TO_CONN(exitconn)->address = tor_strdup("8.8.8.8");
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  resolved_addr = &(exitconn->base_.addr);
+
+  tt_int_op(retval,==,1);
+  tt_assert(tor_addr_eq(resolved_addr, (const tor_addr_t *)&addr_to_compare));
+  tt_int_op(exitconn->address_ttl,==,DEFAULT_DNS_TTL);
+
+  done:
+  tor_free(on_circ);
+  tor_free(TO_CONN(exitconn)->address);
+  tor_free(exitconn);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE ASPECT(resolve_impl, non_exit)
+
+/** Given that Tor instance is not configured as an exit node, we want
+ * dns_resolve_impl() to fail with return value -1.
+ */
+static int
+NS(router_my_exit_policy_is_reject_star)(void)
+{
+  return 1;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending;
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  (void)arg;
+
+  TO_CONN(exitconn)->address = tor_strdup("torproject.org");
+
+  NS_MOCK(router_my_exit_policy_is_reject_star);
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  tt_int_op(retval,==,-1);
+
+  done:
+  tor_free(TO_CONN(exitconn)->address);
+  tor_free(exitconn);
+  tor_free(on_circ);
+  NS_UNMOCK(router_my_exit_policy_is_reject_star);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE ASPECT(resolve_impl, addr_is_invalid_dest)
+
+/** Given that address is not a valid destination (as judged by
+ * address_is_invalid_destination() function), we want dns_resolve_impl()
+ * function to fail with return value -1.
+ */
+
+static int
+NS(router_my_exit_policy_is_reject_star)(void)
+{
+  return 0;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending;
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  (void)arg;
+
+  NS_MOCK(router_my_exit_policy_is_reject_star);
+
+  TO_CONN(exitconn)->address = tor_strdup("invalid#@!.org");
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  tt_int_op(retval,==,-1);
+
+  done:
+  NS_UNMOCK(router_my_exit_policy_is_reject_star);
+  tor_free(TO_CONN(exitconn)->address);
+  tor_free(exitconn);
+  tor_free(on_circ);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE ASPECT(resolve_impl, malformed_ptr)
+
+/** Given that address is a malformed PTR name, we want dns_resolve_impl to
+ * fail.
+ */
+
+static int
+NS(router_my_exit_policy_is_reject_star)(void)
+{
+  return 0;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending;
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  (void)arg;
+
+  TO_CONN(exitconn)->address = tor_strdup("1.0.0.127.in-addr.arpa");
+
+  NS_MOCK(router_my_exit_policy_is_reject_star);
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  tt_int_op(retval,==,-1);
+
+  tor_free(TO_CONN(exitconn)->address);
+
+  TO_CONN(exitconn)->address =
+  tor_strdup("z01234567890123456789.in-addr.arpa");
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  tt_int_op(retval,==,-1);
+
+  done:
+  NS_UNMOCK(router_my_exit_policy_is_reject_star);
+  tor_free(TO_CONN(exitconn)->address);
+  tor_free(exitconn);
+  tor_free(on_circ);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE ASPECT(resolve_impl, cache_hit_pending)
+
+/* Given that there is already a pending resolve for the given address,
+ * we want dns_resolve_impl to append our exit connection to list
+ * of pending connections for the pending DNS request and return 0.
+ */
+
+static int
+NS(router_my_exit_policy_is_reject_star)(void)
+{
+  return 0;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending = 0;
+
+  pending_connection_t *pending_conn = NULL;
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  cached_resolve_t *cache_entry = tor_malloc_zero(sizeof(cached_resolve_t));
+  cache_entry->magic = CACHED_RESOLVE_MAGIC;
+  cache_entry->state = CACHE_STATE_PENDING;
+  cache_entry->minheap_idx = -1;
+  cache_entry->expire = time(NULL) + 60 * 60;
+
+  (void)arg;
+
+  TO_CONN(exitconn)->address = tor_strdup("torproject.org");
+
+  strlcpy(cache_entry->address, TO_CONN(exitconn)->address,
+          sizeof(cache_entry->address));
+
+  NS_MOCK(router_my_exit_policy_is_reject_star);
+
+  dns_init();
+
+  dns_insert_cache_entry(cache_entry);
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  tt_int_op(retval,==,0);
+  tt_int_op(made_pending,==,1);
+
+  pending_conn = cache_entry->pending_connections;
+
+  tt_assert(pending_conn != NULL);
+  tt_assert(pending_conn->conn == exitconn);
+
+  done:
+  NS_UNMOCK(router_my_exit_policy_is_reject_star);
+  tor_free(on_circ);
+  tor_free(TO_CONN(exitconn)->address);
+  tor_free(cache_entry->pending_connections);
+  tor_free(cache_entry);
+  tor_free(exitconn);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE ASPECT(resolve_impl, cache_hit_cached)
+
+/* Given that a finished DNS resolve is available in our cache, we want
+ * dns_resolve_impl() return it to called via resolve_out and pass the
+ * handling to set_exitconn_info_from_resolve function.
+ */
+static int
+NS(router_my_exit_policy_is_reject_star)(void)
+{
+  return 0;
+}
+
+static edge_connection_t *last_exitconn = NULL;
+static cached_resolve_t *last_resolve = NULL;
+
+static int
+NS(set_exitconn_info_from_resolve)(edge_connection_t *exitconn,
+                                   const cached_resolve_t *resolve,
+                                   char **hostname_out)
+{
+  last_exitconn = exitconn;
+  last_resolve = (cached_resolve_t *)resolve;
+
+  (void)hostname_out;
+
+  return 0;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending = 0;
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  cached_resolve_t *resolve_out = NULL;
+
+  cached_resolve_t *cache_entry = tor_malloc_zero(sizeof(cached_resolve_t));
+  cache_entry->magic = CACHED_RESOLVE_MAGIC;
+  cache_entry->state = CACHE_STATE_CACHED;
+  cache_entry->minheap_idx = -1;
+  cache_entry->expire = time(NULL) + 60 * 60;
+
+  (void)arg;
+
+  TO_CONN(exitconn)->address = tor_strdup("torproject.org");
+
+  strlcpy(cache_entry->address, TO_CONN(exitconn)->address,
+          sizeof(cache_entry->address));
+
+  NS_MOCK(router_my_exit_policy_is_reject_star);
+  NS_MOCK(set_exitconn_info_from_resolve);
+
+  dns_init();
+
+  dns_insert_cache_entry(cache_entry);
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            &resolve_out);
+
+  tt_int_op(retval,==,0);
+  tt_int_op(made_pending,==,0);
+  tt_assert(resolve_out == cache_entry);
+
+  tt_assert(last_exitconn == exitconn);
+  tt_assert(last_resolve == cache_entry);
+
+  done:
+  NS_UNMOCK(router_my_exit_policy_is_reject_star);
+  NS_UNMOCK(set_exitconn_info_from_resolve);
+  tor_free(on_circ);
+  tor_free(TO_CONN(exitconn)->address);
+  tor_free(cache_entry->pending_connections);
+  tor_free(cache_entry);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE ASPECT(resolve_impl, cache_miss)
+
+/* Given that there are neither pending nor pre-cached resolve for a given
+ * address, we want dns_resolve_impl() to create a new cached_resolve_t
+ * object, mark it as pending, insert it into the cache, attach the exit
+ * connection to list of pending connections and call launch_resolve()
+ * with the cached_resolve_t object it created.
+ */
+static int
+NS(router_my_exit_policy_is_reject_star)(void)
+{
+  return 0;
+}
+
+static cached_resolve_t *last_launched_resolve = NULL;
+
+static int
+NS(launch_resolve)(cached_resolve_t *resolve)
+{
+  last_launched_resolve = resolve;
+
+  return 0;
+}
+
+static void
+NS(test_main)(void *arg)
+{
+  int retval;
+  int made_pending = 0;
+
+  pending_connection_t *pending_conn = NULL;
+
+  edge_connection_t *exitconn = create_valid_exitconn();
+  or_circuit_t *on_circ = tor_malloc_zero(sizeof(or_circuit_t));
+
+  cached_resolve_t *cache_entry = NULL;
+  cached_resolve_t query;
+
+  (void)arg;
+
+  TO_CONN(exitconn)->address = tor_strdup("torproject.org");
+
+  strlcpy(query.address, TO_CONN(exitconn)->address, sizeof(query.address));
+
+  NS_MOCK(router_my_exit_policy_is_reject_star);
+  NS_MOCK(launch_resolve);
+
+  dns_init();
+
+  retval = dns_resolve_impl(exitconn, 1, on_circ, NULL, &made_pending,
+                            NULL);
+
+  tt_int_op(retval,==,0);
+  tt_int_op(made_pending,==,1);
+
+  cache_entry = dns_get_cache_entry(&query);
+
+  tt_assert(cache_entry);
+
+  pending_conn = cache_entry->pending_connections;
+
+  tt_assert(pending_conn != NULL);
+  tt_assert(pending_conn->conn == exitconn);
+
+  tt_assert(last_launched_resolve == cache_entry);
+  tt_str_op(cache_entry->address,==,TO_CONN(exitconn)->address);
+
+  done:
+  NS_UNMOCK(router_my_exit_policy_is_reject_star);
+  NS_UNMOCK(launch_resolve);
+  tor_free(on_circ);
+  tor_free(TO_CONN(exitconn)->address);
+  if (cache_entry)
+    tor_free(cache_entry->pending_connections);
+  tor_free(cache_entry);
+  tor_free(exitconn);
+  return;
+}
+
+#undef NS_SUBMODULE
+
+struct testcase_t dns_tests[] = {
+   TEST_CASE(clip_ttl),
+   TEST_CASE(expiry_ttl),
+   TEST_CASE(resolve),
+   TEST_CASE_ASPECT(resolve_impl, addr_is_ip_no_need_to_resolve),
+   TEST_CASE_ASPECT(resolve_impl, non_exit),
+   TEST_CASE_ASPECT(resolve_impl, addr_is_invalid_dest),
+   TEST_CASE_ASPECT(resolve_impl, malformed_ptr),
+   TEST_CASE_ASPECT(resolve_impl, cache_hit_pending),
+   TEST_CASE_ASPECT(resolve_impl, cache_hit_cached),
+   TEST_CASE_ASPECT(resolve_impl, cache_miss),
+   END_OF_TESTCASES
+};
+
+#undef NS_MODULE
+
diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c
new file mode 100644
index 0000000000..9580a1fd3f
--- /dev/null
+++ b/src/test/test_entryconn.c
@@ -0,0 +1,769 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define CONNECTION_PRIVATE
+#define CONNECTION_EDGE_PRIVATE
+
+#include "or.h"
+#include "test.h"
+
+#include "addressmap.h"
+#include "config.h"
+#include "confparse.h"
+#include "connection.h"
+#include "connection_edge.h"
+
+static void *
+entryconn_rewrite_setup(const struct testcase_t *tc)
+{
+  (void)tc;
+  entry_connection_t *ec = entry_connection_new(CONN_TYPE_AP, AF_INET);
+  addressmap_init();
+  return ec;
+}
+
+static int
+entryconn_rewrite_teardown(const struct testcase_t *tc, void *arg)
+{
+  (void)tc;
+  entry_connection_t *ec = arg;
+  if (ec)
+    connection_free_(ENTRY_TO_CONN(ec));
+  addressmap_free_all();
+  return 1;
+}
+
+static struct testcase_setup_t test_rewrite_setup = {
+  entryconn_rewrite_setup, entryconn_rewrite_teardown
+};
+
+/* Simple rewrite: no changes needed */
+static void
+test_entryconn_rewrite_basic(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+
+  tt_assert(ec->socks_request);
+  strlcpy(ec->socks_request->address, "www.TORproject.org",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.torproject.org");
+  tt_str_op(ec->socks_request->address, OP_EQ, "www.torproject.org");
+  tt_str_op(ec->original_dest_address, OP_EQ, "www.torproject.org");
+
+ done:
+  ;
+}
+
+/* Rewrite but reject because of disallowed .exit */
+static void
+test_entryconn_rewrite_bad_dotexit(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+
+  get_options_mutable()->AllowDotExit = 0;
+  tt_assert(ec->socks_request);
+  strlcpy(ec->socks_request->address, "www.TORproject.org.foo.exit",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.should_close, OP_EQ, 1);
+  tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
+
+ done:
+  ;
+}
+
+/* Automap on resolve, connect to automapped address, resolve again and get
+ * same answer. (IPv4) */
+static void
+test_entryconn_rewrite_automap_ipv4(void *arg)
+{
+  entry_connection_t *ec = arg;
+  entry_connection_t *ec2=NULL, *ec3=NULL;
+  rewrite_result_t rr;
+  char *msg = NULL;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+  ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes, tor_strdup("."));
+  parse_virtual_addr_network("127.202.0.0/16", AF_INET, 0, &msg);
+
+  /* Automap this on resolve. */
+  strlcpy(ec->socks_request->address, "WWW.MIT.EDU",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
+  tt_str_op(ec->original_dest_address, OP_EQ, "www.mit.edu");
+
+  tt_assert(!strcmpstart(ec->socks_request->address,"127.202."));
+
+  /* Connect to it and make sure we get the original address back. */
+  strlcpy(ec2->socks_request->address, ec->socks_request->address,
+          sizeof(ec2->socks_request->address));
+
+  ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
+  tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
+  tt_str_op(ec2->socks_request->address, OP_EQ, "www.mit.edu");
+
+  /* Resolve it again, make sure the answer is the same. */
+  strlcpy(ec3->socks_request->address, "www.MIT.EDU",
+          sizeof(ec3->socks_request->address));
+  ec3->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec3, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
+  tt_str_op(ec3->original_dest_address, OP_EQ, "www.mit.edu");
+
+  tt_str_op(ec3->socks_request->address, OP_EQ,
+            ec->socks_request->address);
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+  connection_free_(ENTRY_TO_CONN(ec3));
+}
+
+/* Automap on resolve, connect to automapped address, resolve again and get
+ * same answer. (IPv6) */
+static void
+test_entryconn_rewrite_automap_ipv6(void *arg)
+{
+  (void)arg;
+  entry_connection_t *ec =NULL;
+  entry_connection_t *ec2=NULL, *ec3=NULL;
+  rewrite_result_t rr;
+  char *msg = NULL;
+
+  ec = entry_connection_new(CONN_TYPE_AP, AF_INET6);
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
+  ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
+
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes, tor_strdup("."));
+  parse_virtual_addr_network("FE80::/32", AF_INET6, 0, &msg);
+
+  /* Automap this on resolve. */
+  strlcpy(ec->socks_request->address, "WWW.MIT.EDU",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
+  tt_str_op(ec->original_dest_address, OP_EQ, "www.mit.edu");
+
+  /* Yes, this [ should be here. */
+  tt_assert(!strcmpstart(ec->socks_request->address,"[fe80:"));
+
+  /* Connect to it and make sure we get the original address back. */
+  strlcpy(ec2->socks_request->address, ec->socks_request->address,
+          sizeof(ec2->socks_request->address));
+
+  ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
+  tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
+  tt_str_op(ec2->socks_request->address, OP_EQ, "www.mit.edu");
+
+  /* Resolve it again, make sure the answer is the same. */
+  strlcpy(ec3->socks_request->address, "www.MIT.EDU",
+          sizeof(ec3->socks_request->address));
+  ec3->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec3, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
+  tt_str_op(ec3->original_dest_address, OP_EQ, "www.mit.edu");
+
+  tt_str_op(ec3->socks_request->address, OP_EQ,
+            ec->socks_request->address);
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec));
+  connection_free_(ENTRY_TO_CONN(ec2));
+  connection_free_(ENTRY_TO_CONN(ec3));
+}
+
+#if 0
+/* FFFF not actually supported. */
+/* automap on resolve, reverse lookup. */
+static void
+test_entryconn_rewrite_automap_reverse(void *arg)
+{
+  entry_connection_t *ec = arg;
+  entry_connection_t *ec2=NULL;
+  rewrite_result_t rr;
+  char *msg = NULL;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  get_options_mutable()->SafeLogging_ = SAFELOG_SCRUB_NONE;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
+                tor_strdup(".bloom"));
+  parse_virtual_addr_network("127.80.0.0/16", AF_INET, 0, &msg);
+
+  /* Automap this on resolve. */
+  strlcpy(ec->socks_request->address, "www.poldy.BLOOM",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.poldy.bloom");
+  tt_str_op(ec->original_dest_address, OP_EQ, "www.poldy.bloom");
+
+  tt_assert(!strcmpstart(ec->socks_request->address,"127.80."));
+
+  strlcpy(ec2->socks_request->address, ec->socks_request->address,
+          sizeof(ec2->socks_request->address));
+  ec2->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 1);
+  tt_int_op(rr.end_reason, OP_EQ,
+          END_STREAM_REASON_DONE|END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+}
+#endif
+
+/* Rewrite because of cached DNS entry. */
+static void
+test_entryconn_rewrite_cached_dns_ipv4(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+  time_t expires = time(NULL) + 3600;
+  entry_connection_t *ec2=NULL;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+
+  addressmap_register("www.friendly.example.com",
+                      tor_strdup("240.240.241.241"),
+                      expires,
+                      ADDRMAPSRC_DNS,
+                      0, 0);
+
+  strlcpy(ec->socks_request->address, "www.friendly.example.com",
+          sizeof(ec->socks_request->address));
+  strlcpy(ec2->socks_request->address, "www.friendly.example.com",
+          sizeof(ec2->socks_request->address));
+
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
+
+  ec2->entry_cfg.use_cached_ipv4_answers = 1; /* only ec2 gets this flag */
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
+  tt_str_op(ec->socks_request->address, OP_EQ, "www.friendly.example.com");
+
+  connection_ap_handshake_rewrite(ec2, &rr);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, expires);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
+  tt_str_op(ec2->socks_request->address, OP_EQ, "240.240.241.241");
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+}
+
+/* Rewrite because of cached DNS entry. */
+static void
+test_entryconn_rewrite_cached_dns_ipv6(void *arg)
+{
+  entry_connection_t *ec = NULL;
+  rewrite_result_t rr;
+  time_t expires = time(NULL) + 3600;
+  entry_connection_t *ec2=NULL;
+
+  (void)arg;
+
+  ec  = entry_connection_new(CONN_TYPE_AP, AF_INET6);
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
+
+  addressmap_register("www.friendly.example.com",
+                      tor_strdup("[::f00f]"),
+                      expires,
+                      ADDRMAPSRC_DNS,
+                      0, 0);
+
+  strlcpy(ec->socks_request->address, "www.friendly.example.com",
+          sizeof(ec->socks_request->address));
+  strlcpy(ec2->socks_request->address, "www.friendly.example.com",
+          sizeof(ec2->socks_request->address));
+
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
+
+  ec2->entry_cfg.use_cached_ipv6_answers = 1; /* only ec2 gets this flag */
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
+  tt_str_op(ec->socks_request->address, OP_EQ, "www.friendly.example.com");
+
+  connection_ap_handshake_rewrite(ec2, &rr);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, expires);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
+  tt_str_op(ec2->socks_request->address, OP_EQ, "[::f00f]");
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec));
+  connection_free_(ENTRY_TO_CONN(ec2));
+}
+
+/* Fail to connect to unmapped address in virtual range. */
+static void
+test_entryconn_rewrite_unmapped_virtual(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+  entry_connection_t *ec2 = NULL;
+  char *msg = NULL;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
+
+  parse_virtual_addr_network("18.202.0.0/16", AF_INET, 0, &msg);
+  parse_virtual_addr_network("[ABCD::]/16", AF_INET6, 0, &msg);
+
+  strlcpy(ec->socks_request->address, "18.202.5.5",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.should_close, OP_EQ, 1);
+  tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_INTERNAL);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+
+  strlcpy(ec2->socks_request->address, "[ABCD:9::5314:9543]",
+          sizeof(ec2->socks_request->address));
+  ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.should_close, OP_EQ, 1);
+  tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_INTERNAL);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+}
+
+/* Rewrite because of mapaddress option */
+static void
+test_entryconn_rewrite_mapaddress(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+
+  config_line_append(&get_options_mutable()->AddressMap,
+                     "MapAddress", "meta metaobjects.example");
+  config_register_addressmaps(get_options());
+
+  strlcpy(ec->socks_request->address, "meta",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(ec->socks_request->address, OP_EQ, "metaobjects.example");
+
+ done:
+  ;
+}
+
+/* Reject reverse lookups of internal address. */
+static void
+test_entryconn_rewrite_reject_internal_reverse(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+
+  strlcpy(ec->socks_request->address, "10.0.0.1",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.should_close, OP_EQ, 1);
+  tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_SOCKSPROTOCOL |
+            END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+
+ done:
+  ;
+}
+
+/* Rewrite into .exit because of virtual address mapping */
+static void
+test_entryconn_rewrite_automap_exit(void *arg)
+{
+  entry_connection_t *ec = arg;
+  entry_connection_t *ec2=NULL;
+  rewrite_result_t rr;
+  char *msg = NULL;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  get_options_mutable()->AllowDotExit = 1;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
+                tor_strdup(".EXIT"));
+  parse_virtual_addr_network("127.1.0.0/16", AF_INET, 0, &msg);
+
+  /* Automap this on resolve. */
+  strlcpy(ec->socks_request->address, "website.example.exit",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "website.example.exit");
+  tt_str_op(ec->original_dest_address, OP_EQ, "website.example.exit");
+
+  tt_assert(!strcmpstart(ec->socks_request->address,"127.1."));
+
+  /* Connect to it and make sure we get the original address back. */
+  strlcpy(ec2->socks_request->address, ec->socks_request->address,
+          sizeof(ec2->socks_request->address));
+
+  ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_AUTOMAP);
+  tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
+  tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
+  tt_str_op(ec2->socks_request->address, OP_EQ, "website.example.exit");
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+}
+
+/* Rewrite into .exit because of mapaddress */
+static void
+test_entryconn_rewrite_mapaddress_exit(void *arg)
+{
+  entry_connection_t *ec = arg;
+  rewrite_result_t rr;
+
+  config_line_append(&get_options_mutable()->AddressMap,
+                     "MapAddress", "*.example.com  *.example.com.abc.exit");
+  config_register_addressmaps(get_options());
+
+  /* Automap this on resolve. */
+  strlcpy(ec->socks_request->address, "abc.example.com",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_TORRC);
+  tt_str_op(rr.orig_address, OP_EQ, "abc.example.com");
+  tt_str_op(ec->socks_request->address, OP_EQ, "abc.example.com.abc.exit");
+ done:
+  ;
+}
+
+/* Map foo.onion to longthing.onion, and also automap. */
+static void
+test_entryconn_rewrite_mapaddress_automap_onion(void *arg)
+{
+  entry_connection_t *ec = arg;
+  entry_connection_t *ec2 = NULL;
+  entry_connection_t *ec3 = NULL;
+  entry_connection_t *ec4 = NULL;
+  rewrite_result_t rr;
+  char *msg = NULL;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+  ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+  ec4 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  get_options_mutable()->AllowDotExit = 1;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
+                tor_strdup(".onion"));
+  parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
+  config_line_append(&get_options_mutable()->AddressMap,
+                     "MapAddress", "foo.onion abcdefghijklmnop.onion");
+  config_register_addressmaps(get_options());
+
+  /* Connect to foo.onion. */
+  strlcpy(ec->socks_request->address, "foo.onion",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "foo.onion");
+  tt_str_op(ec->socks_request->address, OP_EQ, "abcdefghijklmnop.onion");
+
+  /* Okay, resolve foo.onion */
+  strlcpy(ec2->socks_request->address, "foo.onion",
+          sizeof(ec2->socks_request->address));
+  ec2->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "foo.onion");
+  tt_assert(!strcmpstart(ec2->socks_request->address, "192.168."));
+
+  /* Now connect */
+  strlcpy(ec3->socks_request->address, ec2->socks_request->address,
+          sizeof(ec3->socks_request->address));
+  ec3->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec3, &rr);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_assert(!strcmpstart(ec3->socks_request->address,
+                         "abcdefghijklmnop.onion"));
+
+  /* Now resolve abcefghijklmnop.onion. */
+  strlcpy(ec4->socks_request->address, "abcdefghijklmnop.onion",
+          sizeof(ec4->socks_request->address));
+  ec4->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec4, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 1);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "abcdefghijklmnop.onion");
+  tt_assert(!strcmpstart(ec4->socks_request->address, "192.168."));
+  /* XXXX doesn't work
+   tt_str_op(ec4->socks_request->address, OP_EQ, ec2->socks_request->address);
+  */
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+  connection_free_(ENTRY_TO_CONN(ec3));
+  connection_free_(ENTRY_TO_CONN(ec4));
+}
+
+static void
+test_entryconn_rewrite_mapaddress_automap_onion_common(entry_connection_t *ec,
+                                                       int map_to_onion,
+                                                       int map_to_address)
+{
+  entry_connection_t *ec2 = NULL;
+  entry_connection_t *ec3 = NULL;
+  rewrite_result_t rr;
+
+  ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+  ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
+
+  /* Connect to irc.example.com */
+  strlcpy(ec->socks_request->address, "irc.example.com",
+          sizeof(ec->socks_request->address));
+  ec->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "irc.example.com");
+  tt_str_op(ec->socks_request->address, OP_EQ,
+            map_to_onion ? "abcdefghijklmnop.onion" : "irc.example.com");
+
+  /* Okay, resolve irc.example.com */
+  strlcpy(ec2->socks_request->address, "irc.example.com",
+          sizeof(ec2->socks_request->address));
+  ec2->socks_request->command = SOCKS_COMMAND_RESOLVE;
+  connection_ap_handshake_rewrite(ec2, &rr);
+
+  tt_int_op(rr.automap, OP_EQ, map_to_onion && map_to_address);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
+  tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
+  tt_str_op(rr.orig_address, OP_EQ, "irc.example.com");
+  if (map_to_onion && map_to_address)
+    tt_assert(!strcmpstart(ec2->socks_request->address, "192.168."));
+
+  /* Now connect */
+  strlcpy(ec3->socks_request->address, ec2->socks_request->address,
+          sizeof(ec3->socks_request->address));
+  ec3->socks_request->command = SOCKS_COMMAND_CONNECT;
+  connection_ap_handshake_rewrite(ec3, &rr);
+  tt_int_op(rr.automap, OP_EQ, 0);
+  tt_int_op(rr.should_close, OP_EQ, 0);
+  tt_int_op(rr.end_reason, OP_EQ, 0);
+  if (map_to_onion)
+    tt_assert(!strcmpstart(ec3->socks_request->address,
+                           "abcdefghijklmnop.onion"));
+
+ done:
+  connection_free_(ENTRY_TO_CONN(ec2));
+  connection_free_(ENTRY_TO_CONN(ec3));
+}
+
+/* This time is the same, but we start with a mapping from a non-onion
+ * address. */
+static void
+test_entryconn_rewrite_mapaddress_automap_onion2(void *arg)
+{
+  char *msg = NULL;
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
+                tor_strdup(".onion"));
+  parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
+  config_line_append(&get_options_mutable()->AddressMap,
+                     "MapAddress", "irc.example.com abcdefghijklmnop.onion");
+  config_register_addressmaps(get_options());
+
+  test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 1, 1);
+}
+
+/* Same as above, with automapped turned off */
+static void
+test_entryconn_rewrite_mapaddress_automap_onion3(void *arg)
+{
+  config_line_append(&get_options_mutable()->AddressMap,
+                     "MapAddress", "irc.example.com abcdefghijklmnop.onion");
+  config_register_addressmaps(get_options());
+
+  test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 1, 0);
+}
+
+/* As above, with no mapping. */
+static void
+test_entryconn_rewrite_mapaddress_automap_onion4(void *arg)
+{
+  char *msg = NULL;
+  get_options_mutable()->AutomapHostsOnResolve = 1;
+  smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
+                tor_strdup(".onion"));
+  parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
+
+  test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 0, 1);
+}
+
+#define REWRITE(name)                           \
+  { #name, test_entryconn_##name, TT_FORK, &test_rewrite_setup, NULL }
+
+struct testcase_t entryconn_tests[] = {
+  REWRITE(rewrite_basic),
+  REWRITE(rewrite_bad_dotexit),
+  REWRITE(rewrite_automap_ipv4),
+  REWRITE(rewrite_automap_ipv6),
+  // REWRITE(rewrite_automap_reverse),
+  REWRITE(rewrite_cached_dns_ipv4),
+  REWRITE(rewrite_cached_dns_ipv6),
+  REWRITE(rewrite_unmapped_virtual),
+  REWRITE(rewrite_mapaddress),
+  REWRITE(rewrite_reject_internal_reverse),
+  REWRITE(rewrite_automap_exit),
+  REWRITE(rewrite_mapaddress_exit),
+  REWRITE(rewrite_mapaddress_automap_onion),
+  REWRITE(rewrite_mapaddress_automap_onion2),
+  REWRITE(rewrite_mapaddress_automap_onion3),
+  REWRITE(rewrite_mapaddress_automap_onion4),
+
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
new file mode 100644
index 0000000000..b1c3accfab
--- /dev/null
+++ b/src/test/test_entrynodes.c
@@ -0,0 +1,875 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define STATEFILE_PRIVATE
+#define ENTRYNODES_PRIVATE
+#define ROUTERLIST_PRIVATE
+
+#include "or.h"
+#include "test.h"
+
+#include "config.h"
+#include "entrynodes.h"
+#include "nodelist.h"
+#include "policies.h"
+#include "routerlist.h"
+#include "routerparse.h"
+#include "routerset.h"
+#include "statefile.h"
+#include "util.h"
+
+#include "test_helpers.h"
+
+/* TODO:
+ * choose_random_entry() test with state set.
+ *
+ * parse_state() tests with more than one guards.
+ *
+ * More tests for set_from_config(): Multiple nodes, use fingerprints,
+ *                                   use country codes.
+ */
+
+/** Dummy Tor state used in unittests. */
+static or_state_t *dummy_state = NULL;
+static or_state_t *
+get_or_state_replacement(void)
+{
+  return dummy_state;
+}
+
+/* Unittest cleanup function: Cleanup the fake network. */
+static int
+fake_network_cleanup(const struct testcase_t *testcase, void *ptr)
+{
+  (void) testcase;
+  (void) ptr;
+
+  routerlist_free_all();
+  nodelist_free_all();
+  entry_guards_free_all();
+  or_state_free(dummy_state);
+
+  return 1; /* NOP */
+}
+
+/* Unittest setup function: Setup a fake network. */
+static void *
+fake_network_setup(const struct testcase_t *testcase)
+{
+  (void) testcase;
+
+  /* Setup fake state */
+  dummy_state = tor_malloc_zero(sizeof(or_state_t));
+  MOCK(get_or_state,
+       get_or_state_replacement);
+
+  /* Setup fake routerlist. */
+  helper_setup_fake_routerlist();
+
+  /* Return anything but NULL (it's interpreted as test fail) */
+  return dummy_state;
+}
+
+static or_options_t mocked_options;
+
+static const or_options_t *
+mock_get_options(void)
+{
+  return &mocked_options;
+}
+
+/** Test choose_random_entry() with none of our routers being guard nodes. */
+static void
+test_choose_random_entry_no_guards(void *arg)
+{
+  const node_t *chosen_entry = NULL;
+
+  (void) arg;
+
+  MOCK(get_options, mock_get_options);
+
+  /* Check that we get a guard if it passes preferred
+   * address settings */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientPreferIPv6ORPort = 0;
+
+  /* Try to pick an entry even though none of our routers are guards. */
+  chosen_entry = choose_random_entry(NULL);
+
+  /* Unintuitively, we actually pick a random node as our entry,
+     because router_choose_random_node() relaxes its constraints if it
+     can't find a proper entry guard. */
+  tt_assert(chosen_entry);
+
+  /* And with the other IP version active */
+  mocked_options.ClientUseIPv6 = 1;
+  chosen_entry = choose_random_entry(NULL);
+  tt_assert(chosen_entry);
+
+  /* And with the preference on auto */
+  mocked_options.ClientPreferIPv6ORPort = -1;
+  chosen_entry = choose_random_entry(NULL);
+  tt_assert(chosen_entry);
+
+  /* Check that we don't get a guard if it doesn't pass mandatory address
+   * settings */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 0;
+  mocked_options.ClientPreferIPv6ORPort = 0;
+
+  chosen_entry = choose_random_entry(NULL);
+
+  /* If we don't allow IPv4 at all, we don't get a guard*/
+  tt_assert(!chosen_entry);
+
+  /* Check that we get a guard if it passes allowed but not preferred address
+   * settings */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientUseIPv6 = 1;
+  mocked_options.ClientPreferIPv6ORPort = 1;
+
+  chosen_entry = choose_random_entry(NULL);
+  tt_assert(chosen_entry);
+
+  /* Check that we get a guard if it passes preferred address settings when
+   * they're auto */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientPreferIPv6ORPort = -1;
+
+  chosen_entry = choose_random_entry(NULL);
+  tt_assert(chosen_entry);
+
+  /* And with IPv6 active */
+  mocked_options.ClientUseIPv6 = 1;
+
+  chosen_entry = choose_random_entry(NULL);
+  tt_assert(chosen_entry);
+
+ done:
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  UNMOCK(get_options);
+}
+
+/** Test choose_random_entry() with only one of our routers being a
+    guard node. */
+static void
+test_choose_random_entry_one_possible_guard(void *arg)
+{
+  const node_t *chosen_entry = NULL;
+  node_t *the_guard = NULL;
+  smartlist_t *our_nodelist = NULL;
+
+  (void) arg;
+
+  MOCK(get_options, mock_get_options);
+
+  /* Set one of the nodes to be a guard. */
+  our_nodelist = nodelist_get_list();
+  the_guard = smartlist_get(our_nodelist, 4); /* chosen by fair dice roll */
+  the_guard->is_possible_guard = 1;
+
+  /* Check that we get the guard if it passes preferred
+   * address settings */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientPreferIPv6ORPort = 0;
+
+  /* Pick an entry. Make sure we pick the node we marked as guard. */
+  chosen_entry = choose_random_entry(NULL);
+  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+
+  /* And with the other IP version active */
+  mocked_options.ClientUseIPv6 = 1;
+  chosen_entry = choose_random_entry(NULL);
+  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+
+  /* And with the preference on auto */
+  mocked_options.ClientPreferIPv6ORPort = -1;
+  chosen_entry = choose_random_entry(NULL);
+  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+
+  /* Check that we don't get a guard if it doesn't pass mandatory address
+   * settings */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 0;
+  mocked_options.ClientPreferIPv6ORPort = 0;
+
+  chosen_entry = choose_random_entry(NULL);
+
+  /* If we don't allow IPv4 at all, we don't get a guard*/
+  tt_assert(!chosen_entry);
+
+  /* Check that we get a node if it passes allowed but not preferred
+   * address settings */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientUseIPv6 = 1;
+  mocked_options.ClientPreferIPv6ORPort = 1;
+
+  chosen_entry = choose_random_entry(NULL);
+
+  /* We disable the guard check and the preferred address check at the same
+   * time, so we can't be sure we get the guard */
+  tt_assert(chosen_entry);
+
+  /* Check that we get a node if it is allowed but not preferred when settings
+   * are auto */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientPreferIPv6ORPort = -1;
+
+  chosen_entry = choose_random_entry(NULL);
+
+  /* We disable the guard check and the preferred address check at the same
+   * time, so we can't be sure we get the guard */
+  tt_assert(chosen_entry);
+
+  /* and with IPv6 active */
+  mocked_options.ClientUseIPv6 = 1;
+
+  chosen_entry = choose_random_entry(NULL);
+  tt_assert(chosen_entry);
+
+ done:
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  UNMOCK(get_options);
+}
+
+/** Helper to conduct tests for populate_live_entry_guards().
+
+   This test adds some entry guards to our list, and then tests
+   populate_live_entry_guards() to mke sure it filters them correctly.
+
+   <b>num_needed</b> is the number of guard nodes we support. It's
+   configurable to make sure we function properly with 1 or 3 guard
+   nodes configured.
+*/
+static void
+populate_live_entry_guards_test_helper(int num_needed)
+{
+  smartlist_t *our_nodelist = NULL;
+  smartlist_t *live_entry_guards = smartlist_new();
+  const smartlist_t *all_entry_guards = get_entry_guards();
+  or_options_t *options = get_options_mutable();
+  int retval;
+
+  /* Set NumEntryGuards to the provided number. */
+  options->NumEntryGuards = num_needed;
+  tt_int_op(num_needed, OP_EQ, decide_num_guards(options, 0));
+
+  /* The global entry guards smartlist should be empty now. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0);
+
+  /* Walk the nodelist and add all nodes as entry guards. */
+  our_nodelist = nodelist_get_list();
+  tt_int_op(smartlist_len(our_nodelist), OP_EQ, HELPER_NUMBER_OF_DESCRIPTORS);
+
+  SMARTLIST_FOREACH_BEGIN(our_nodelist, const node_t *, node) {
+    const node_t *node_tmp;
+    node_tmp = add_an_entry_guard(node, 0, 1, 0, 0);
+    tt_assert(node_tmp);
+  } SMARTLIST_FOREACH_END(node);
+
+  /* Make sure the nodes were added as entry guards. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ,
+            HELPER_NUMBER_OF_DESCRIPTORS);
+
+  /* Ensure that all the possible entry guards are enough to satisfy us. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_GE, num_needed);
+
+  /* Walk the entry guard list for some sanity checking */
+  SMARTLIST_FOREACH_BEGIN(all_entry_guards, const entry_guard_t *, entry) {
+    /* Since we called add_an_entry_guard() with 'for_discovery' being
+       False, all guards should have made_contact enabled. */
+    tt_int_op(entry->made_contact, OP_EQ, 1);
+
+  } SMARTLIST_FOREACH_END(entry);
+
+  /* First, try to get some fast guards. This should fail. */
+  retval = populate_live_entry_guards(live_entry_guards,
+                                      all_entry_guards,
+                                      NULL,
+                                      NO_DIRINFO, /* Don't care about DIRINFO*/
+                                      0, 0,
+                                      1); /* We want fast guard! */
+  tt_int_op(retval, OP_EQ, 0);
+  tt_int_op(smartlist_len(live_entry_guards), OP_EQ, 0);
+
+  /* Now try to get some stable guards. This should fail too. */
+  retval = populate_live_entry_guards(live_entry_guards,
+                                      all_entry_guards,
+                                      NULL,
+                                      NO_DIRINFO,
+                                      0,
+                                      1, /* We want stable guard! */
+                                      0);
+  tt_int_op(retval, OP_EQ, 0);
+  tt_int_op(smartlist_len(live_entry_guards), OP_EQ, 0);
+
+  /* Now try to get any guard we can find. This should succeed. */
+  retval = populate_live_entry_guards(live_entry_guards,
+                                      all_entry_guards,
+                                      NULL,
+                                      NO_DIRINFO,
+                                      0, 0, 0); /* No restrictions! */
+
+  /* Since we had more than enough guards in 'all_entry_guards', we
+     should have added 'num_needed' of them to live_entry_guards.
+     'retval' should be 1 since we now have enough live entry guards
+     to pick one.  */
+  tt_int_op(retval, OP_EQ, 1);
+  tt_int_op(smartlist_len(live_entry_guards), OP_EQ, num_needed);
+
+ done:
+  smartlist_free(live_entry_guards);
+}
+
+/* Test populate_live_entry_guards() for 1 guard node. */
+static void
+test_populate_live_entry_guards_1guard(void *arg)
+{
+  (void) arg;
+
+  populate_live_entry_guards_test_helper(1);
+}
+
+/* Test populate_live_entry_guards() for 3 guard nodes. */
+static void
+test_populate_live_entry_guards_3guards(void *arg)
+{
+  (void) arg;
+
+  populate_live_entry_guards_test_helper(3);
+}
+
+/** Append some EntryGuard lines to the Tor state at <b>state</b>.
+
+   <b>entry_guard_lines</b> is a smartlist containing 2-tuple
+   smartlists that carry the key and values of the statefile.
+   As an example:
+   entry_guard_lines =
+     (("EntryGuard", "name 67E72FF33D7D41BF11C569646A0A7B4B188340DF DirCache"),
+      ("EntryGuardDownSince", "2014-06-07 16:02:46 2014-06-07 16:02:46"))
+*/
+static void
+state_insert_entry_guard_helper(or_state_t *state,
+                                smartlist_t *entry_guard_lines)
+{
+  config_line_t **next, *line;
+
+  next = &state->EntryGuards;
+  *next = NULL;
+
+  /* Loop over all the state lines in the smartlist */
+  SMARTLIST_FOREACH_BEGIN(entry_guard_lines, const smartlist_t *,state_lines) {
+    /* Get key and value for each line */
+    const char *state_key = smartlist_get(state_lines, 0);
+    const char *state_value = smartlist_get(state_lines, 1);
+
+    *next = line = tor_malloc_zero(sizeof(config_line_t));
+    line->key = tor_strdup(state_key);
+    tor_asprintf(&line->value, "%s", state_value);
+    next = &(line->next);
+  } SMARTLIST_FOREACH_END(state_lines);
+}
+
+/** Free memory occupied by <b>entry_guard_lines</b>. */
+static void
+state_lines_free(smartlist_t *entry_guard_lines)
+{
+  SMARTLIST_FOREACH_BEGIN(entry_guard_lines, smartlist_t *, state_lines) {
+    char *state_key = smartlist_get(state_lines, 0);
+    char *state_value = smartlist_get(state_lines, 1);
+
+    tor_free(state_key);
+    tor_free(state_value);
+    smartlist_free(state_lines);
+  } SMARTLIST_FOREACH_END(state_lines);
+
+  smartlist_free(entry_guard_lines);
+}
+
+/* Tests entry_guards_parse_state(). It creates a fake Tor state with
+   a saved entry guard and makes sure that Tor can parse it and
+   creates the right entry node out of it.
+*/
+static void
+test_entry_guards_parse_state_simple(void *arg)
+{
+  or_state_t *state = or_state_new();
+  const smartlist_t *all_entry_guards = get_entry_guards();
+  smartlist_t *entry_state_lines = smartlist_new();
+  char *msg = NULL;
+  int retval;
+
+  /* Details of our fake guard node */
+  const char *nickname = "hagbard";
+  const char *fpr = "B29D536DD1752D542E1FBB3C9CE4449D51298212";
+  const char *tor_version = "0.2.5.3-alpha-dev";
+  const char *added_at = get_yesterday_date_str();
+  const char *unlisted_since = "2014-06-08 16:16:50";
+
+  (void) arg;
+
+  /* The global entry guards smartlist should be empty now. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0);
+
+  { /* Prepare the state entry */
+
+    /* Prepare the smartlist to hold the key/value of each line */
+    smartlist_t *state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuard");
+    smartlist_add_asprintf(state_line, "%s %s %s", nickname, fpr, "DirCache");
+    smartlist_add(entry_state_lines, state_line);
+
+    state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuardAddedBy");
+    smartlist_add_asprintf(state_line, "%s %s %s", fpr, tor_version, added_at);
+    smartlist_add(entry_state_lines, state_line);
+
+    state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuardUnlistedSince");
+    smartlist_add_asprintf(state_line, "%s", unlisted_since);
+    smartlist_add(entry_state_lines, state_line);
+  }
+
+  /* Inject our lines in the state */
+  state_insert_entry_guard_helper(state, entry_state_lines);
+
+  /* Parse state */
+  retval = entry_guards_parse_state(state, 1, &msg);
+  tt_int_op(retval, OP_GE, 0);
+
+  /* Test that the guard was registered.
+     We need to re-get the entry guard list since its pointer was
+     overwritten in entry_guards_parse_state(). */
+  all_entry_guards = get_entry_guards();
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 1);
+
+  { /* Test the entry guard structure */
+    char hex_digest[1024];
+    char str_time[1024];
+
+    const entry_guard_t *e = smartlist_get(all_entry_guards, 0);
+    tt_str_op(e->nickname, OP_EQ, nickname); /* Verify nickname */
+
+    base16_encode(hex_digest, sizeof(hex_digest),
+                  e->identity, DIGEST_LEN);
+    tt_str_op(hex_digest, OP_EQ, fpr); /* Verify fingerprint */
+
+    tt_assert(e->is_dir_cache); /* Verify dirness */
+
+    tt_str_op(e->chosen_by_version, OP_EQ, tor_version); /* Verify version */
+
+    tt_assert(e->made_contact); /* All saved guards have been contacted */
+
+    tt_assert(e->bad_since); /* Verify bad_since timestamp */
+    format_iso_time(str_time, e->bad_since);
+    tt_str_op(str_time, OP_EQ, unlisted_since);
+
+    /* The rest should be unset */
+    tt_assert(!e->unreachable_since);
+    tt_assert(!e->can_retry);
+    tt_assert(!e->path_bias_noticed);
+    tt_assert(!e->path_bias_warned);
+    tt_assert(!e->path_bias_extreme);
+    tt_assert(!e->path_bias_disabled);
+    tt_assert(!e->path_bias_use_noticed);
+    tt_assert(!e->path_bias_use_extreme);
+    tt_assert(!e->last_attempted);
+  }
+
+ done:
+  state_lines_free(entry_state_lines);
+  or_state_free(state);
+  tor_free(msg);
+}
+
+/** Similar to test_entry_guards_parse_state_simple() but aims to test
+    the PathBias-related details of the entry guard. */
+static void
+test_entry_guards_parse_state_pathbias(void *arg)
+{
+  or_state_t *state = or_state_new();
+  const smartlist_t *all_entry_guards = get_entry_guards();
+  char *msg = NULL;
+  int retval;
+  smartlist_t *entry_state_lines = smartlist_new();
+
+  /* Path bias details of the fake guard */
+  const double circ_attempts = 9;
+  const double circ_successes = 8;
+  const double successful_closed = 4;
+  const double collapsed = 2;
+  const double unusable = 0;
+  const double timeouts = 1;
+
+  (void) arg;
+
+  /* The global entry guards smartlist should be empty now. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0);
+
+  { /* Prepare the state entry */
+
+    /* Prepare the smartlist to hold the key/value of each line */
+    smartlist_t *state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuard");
+    smartlist_add_asprintf(state_line,
+             "givethanks B29D536DD1752D542E1FBB3C9CE4449D51298212 NoDirCache");
+    smartlist_add(entry_state_lines, state_line);
+
+    state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuardAddedBy");
+    smartlist_add_asprintf(state_line,
+      "B29D536DD1752D542E1FBB3C9CE4449D51298212 0.2.5.3-alpha-dev "
+                           "%s", get_yesterday_date_str());
+    smartlist_add(entry_state_lines, state_line);
+
+    state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuardUnlistedSince");
+    smartlist_add_asprintf(state_line, "2014-06-08 16:16:50");
+    smartlist_add(entry_state_lines, state_line);
+
+    state_line = smartlist_new();
+    smartlist_add_asprintf(state_line, "EntryGuardPathBias");
+    smartlist_add_asprintf(state_line, "%f %f %f %f %f %f",
+                           circ_attempts, circ_successes, successful_closed,
+                           collapsed, unusable, timeouts);
+    smartlist_add(entry_state_lines, state_line);
+  }
+
+  /* Inject our lines in the state */
+  state_insert_entry_guard_helper(state, entry_state_lines);
+
+  /* Parse state */
+  retval = entry_guards_parse_state(state, 1, &msg);
+  tt_int_op(retval, OP_GE, 0);
+
+  /* Test that the guard was registered */
+  all_entry_guards = get_entry_guards();
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 1);
+
+  { /* Test the path bias of this guard */
+    const entry_guard_t *e = smartlist_get(all_entry_guards, 0);
+
+    tt_assert(!e->is_dir_cache);
+    tt_assert(!e->can_retry);
+
+    /* XXX tt_double_op doesn't support equality. Cast to int for now. */
+    tt_int_op((int)e->circ_attempts, OP_EQ, (int)circ_attempts);
+    tt_int_op((int)e->circ_successes, OP_EQ, (int)circ_successes);
+    tt_int_op((int)e->successful_circuits_closed, OP_EQ,
+              (int)successful_closed);
+    tt_int_op((int)e->timeouts, OP_EQ, (int)timeouts);
+    tt_int_op((int)e->collapsed_circuits, OP_EQ, (int)collapsed);
+    tt_int_op((int)e->unusable_circuits, OP_EQ, (int)unusable);
+  }
+
+ done:
+  or_state_free(state);
+  state_lines_free(entry_state_lines);
+  tor_free(msg);
+}
+
+/* Simple test of entry_guards_set_from_config() by specifying a
+   particular EntryNode and making sure it gets picked. */
+static void
+test_entry_guards_set_from_config(void *arg)
+{
+  or_options_t *options = get_options_mutable();
+  const smartlist_t *all_entry_guards = get_entry_guards();
+  const char *entrynodes_str = "test003r";
+  const node_t *chosen_entry = NULL;
+  int retval;
+
+  (void) arg;
+
+  /* Prase EntryNodes as a routerset. */
+  options->EntryNodes = routerset_new();
+  retval = routerset_parse(options->EntryNodes,
+                           entrynodes_str,
+                           "test_entrynodes");
+  tt_int_op(retval, OP_GE, 0);
+
+  /* Read nodes from EntryNodes */
+  entry_guards_set_from_config(options);
+
+  /* Test that only one guard was added. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 1);
+
+  /* Make sure it was the guard we specified. */
+  chosen_entry = choose_random_entry(NULL);
+  tt_str_op(chosen_entry->ri->nickname, OP_EQ, entrynodes_str);
+
+ done:
+  routerset_free(options->EntryNodes);
+}
+
+static void
+test_entry_is_time_to_retry(void *arg)
+{
+  entry_guard_t *test_guard;
+  time_t now;
+  int retval;
+  (void)arg;
+
+  now = time(NULL);
+
+  test_guard = tor_malloc_zero(sizeof(entry_guard_t));
+
+  test_guard->last_attempted = now - 10;
+  test_guard->unreachable_since = now - 1;
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->unreachable_since = now - (6*60*60 - 1);
+  test_guard->last_attempted = now - (60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->last_attempted = now - (60*60 - 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,0);
+
+  test_guard->unreachable_since = now - (6*60*60 + 1);
+  test_guard->last_attempted = now - (4*60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->unreachable_since = now - (3*24*60*60 - 1);
+  test_guard->last_attempted = now - (4*60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->unreachable_since = now - (3*24*60*60 + 1);
+  test_guard->last_attempted = now - (18*60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->unreachable_since = now - (7*24*60*60 - 1);
+  test_guard->last_attempted = now - (18*60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->last_attempted = now - (18*60*60 - 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,0);
+
+  test_guard->unreachable_since = now - (7*24*60*60 + 1);
+  test_guard->last_attempted = now - (36*60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+  test_guard->unreachable_since = now - (7*24*60*60 + 1);
+  test_guard->last_attempted = now - (36*60*60 + 1);
+
+  retval = entry_is_time_to_retry(test_guard,now);
+  tt_int_op(retval,OP_EQ,1);
+
+ done:
+  tor_free(test_guard);
+}
+
+/** XXX Do some tests that entry_is_live() */
+static void
+test_entry_is_live(void *arg)
+{
+  smartlist_t *our_nodelist = NULL;
+  const smartlist_t *all_entry_guards = get_entry_guards();
+  const node_t *test_node = NULL;
+  const entry_guard_t *test_entry = NULL;
+  const char *msg;
+  int which_node;
+
+  (void) arg;
+
+  /* The global entry guards smartlist should be empty now. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0);
+
+  /* Walk the nodelist and add all nodes as entry guards. */
+  our_nodelist = nodelist_get_list();
+  tt_int_op(smartlist_len(our_nodelist), OP_EQ, HELPER_NUMBER_OF_DESCRIPTORS);
+
+  SMARTLIST_FOREACH_BEGIN(our_nodelist, const node_t *, node) {
+    const node_t *node_tmp;
+    node_tmp = add_an_entry_guard(node, 0, 1, 0, 0);
+    tt_assert(node_tmp);
+
+    tt_int_op(node->is_stable, OP_EQ, 0);
+    tt_int_op(node->is_fast, OP_EQ, 0);
+  } SMARTLIST_FOREACH_END(node);
+
+  /* Make sure the nodes were added as entry guards. */
+  tt_int_op(smartlist_len(all_entry_guards), OP_EQ,
+            HELPER_NUMBER_OF_DESCRIPTORS);
+
+  /* Now get a random test entry that we will use for this unit test. */
+  which_node = 3;  /* (chosen by fair dice roll) */
+  test_entry = smartlist_get(all_entry_guards, which_node);
+
+  /* Let's do some entry_is_live() tests! */
+
+  /* Require the node to be stable, but it's not. Should fail.
+     Also enable 'assume_reachable' because why not. */
+  test_node = entry_is_live(test_entry,
+                            ENTRY_NEED_UPTIME | ENTRY_ASSUME_REACHABLE,
+                            &msg);
+  tt_assert(!test_node);
+
+  /* Require the node to be fast, but it's not. Should fail. */
+  test_node = entry_is_live(test_entry,
+                            ENTRY_NEED_CAPACITY | ENTRY_ASSUME_REACHABLE,
+                            &msg);
+  tt_assert(!test_node);
+
+  /* Don't impose any restrictions on the node. Should succeed. */
+  test_node = entry_is_live(test_entry, 0, &msg);
+  tt_assert(test_node);
+  tt_ptr_op(test_node, OP_EQ, node_get_by_id(test_entry->identity));
+
+  /* Require descriptor for this node. It has one so it should succeed. */
+  test_node = entry_is_live(test_entry, ENTRY_NEED_DESCRIPTOR, &msg);
+  tt_assert(test_node);
+  tt_ptr_op(test_node, OP_EQ, node_get_by_id(test_entry->identity));
+
+ done:
+  ; /* XXX */
+}
+
+#define TEST_IPV4_ADDR "123.45.67.89"
+#define TEST_IPV6_ADDR "[1234:5678:90ab:cdef::]"
+
+static void
+test_node_preferred_orport(void *arg)
+{
+  (void)arg;
+  tor_addr_t ipv4_addr;
+  const uint16_t ipv4_port = 4444;
+  tor_addr_t ipv6_addr;
+  const uint16_t ipv6_port = 6666;
+  routerinfo_t node_ri;
+  node_t node;
+  tor_addr_port_t ap;
+
+  /* Setup options */
+  memset(&mocked_options, 0, sizeof(mocked_options));
+  /* We don't test ClientPreferIPv6ORPort here, because it's used in
+   * nodelist_set_consensus to setup node.ipv6_preferred, which we set
+   * directly. */
+  MOCK(get_options, mock_get_options);
+
+  /* Setup IP addresses */
+  tor_addr_parse(&ipv4_addr, TEST_IPV4_ADDR);
+  tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR);
+
+  /* Setup node_ri */
+  memset(&node_ri, 0, sizeof(node_ri));
+  node_ri.addr = tor_addr_to_ipv4h(&ipv4_addr);
+  node_ri.or_port = ipv4_port;
+  tor_addr_copy(&node_ri.ipv6_addr, &ipv6_addr);
+  node_ri.ipv6_orport = ipv6_port;
+
+  /* Setup node */
+  memset(&node, 0, sizeof(node));
+  node.ri = &node_ri;
+
+  /* Check the preferred address is IPv4 if we're only using IPv4, regardless
+   * of whether we prefer it or not */
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientUseIPv6 = 0;
+  node.ipv6_preferred = 0;
+  node_get_pref_orport(&node, &ap);
+  tt_assert(tor_addr_eq(&ap.addr, &ipv4_addr));
+  tt_assert(ap.port == ipv4_port);
+
+  node.ipv6_preferred = 1;
+  node_get_pref_orport(&node, &ap);
+  tt_assert(tor_addr_eq(&ap.addr, &ipv4_addr));
+  tt_assert(ap.port == ipv4_port);
+
+  /* Check the preferred address is IPv4 if we're using IPv4 and IPv6, but
+   * don't prefer the IPv6 address */
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientUseIPv6 = 1;
+  node.ipv6_preferred = 0;
+  node_get_pref_orport(&node, &ap);
+  tt_assert(tor_addr_eq(&ap.addr, &ipv4_addr));
+  tt_assert(ap.port == ipv4_port);
+
+  /* Check the preferred address is IPv6 if we prefer it and
+   * ClientUseIPv6 is 1, regardless of ClientUseIPv4 */
+  mocked_options.ClientUseIPv4 = 1;
+  mocked_options.ClientUseIPv6 = 1;
+  node.ipv6_preferred = 1;
+  node_get_pref_orport(&node, &ap);
+  tt_assert(tor_addr_eq(&ap.addr, &ipv6_addr));
+  tt_assert(ap.port == ipv6_port);
+
+  mocked_options.ClientUseIPv4 = 0;
+  node_get_pref_orport(&node, &ap);
+  tt_assert(tor_addr_eq(&ap.addr, &ipv6_addr));
+  tt_assert(ap.port == ipv6_port);
+
+  /* Check the preferred address is IPv6 if we don't prefer it, but
+   * ClientUseIPv4 is 0 */
+  mocked_options.ClientUseIPv4 = 0;
+  mocked_options.ClientUseIPv6 = 1;
+  node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(&mocked_options);
+  node_get_pref_orport(&node, &ap);
+  tt_assert(tor_addr_eq(&ap.addr, &ipv6_addr));
+  tt_assert(ap.port == ipv6_port);
+
+ done:
+  UNMOCK(get_options);
+}
+
+static const struct testcase_setup_t fake_network = {
+  fake_network_setup, fake_network_cleanup
+};
+
+struct testcase_t entrynodes_tests[] = {
+  { "entry_is_time_to_retry", test_entry_is_time_to_retry,
+    TT_FORK, NULL, NULL },
+  { "choose_random_entry_no_guards", test_choose_random_entry_no_guards,
+    TT_FORK, &fake_network, NULL },
+  { "choose_random_entry_one_possibleguard",
+    test_choose_random_entry_one_possible_guard,
+    TT_FORK, &fake_network, NULL },
+  { "populate_live_entry_guards_1guard",
+    test_populate_live_entry_guards_1guard,
+    TT_FORK, &fake_network, NULL },
+  { "populate_live_entry_guards_3guards",
+    test_populate_live_entry_guards_3guards,
+    TT_FORK, &fake_network, NULL },
+  { "entry_guards_parse_state_simple",
+    test_entry_guards_parse_state_simple,
+    TT_FORK, &fake_network, NULL },
+  { "entry_guards_parse_state_pathbias",
+    test_entry_guards_parse_state_pathbias,
+    TT_FORK, &fake_network, NULL },
+  { "entry_guards_set_from_config",
+    test_entry_guards_set_from_config,
+    TT_FORK, &fake_network, NULL },
+  { "entry_is_live",
+    test_entry_is_live,
+    TT_FORK, &fake_network, NULL },
+  { "node_preferred_orport",
+    test_node_preferred_orport,
+    0, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index 93c8f77d5b..1f92780177 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define CONNECTION_PRIVATE
@@ -24,35 +24,37 @@ test_ext_or_id_map(void *arg)
   (void)arg;
 
   /* pre-initialization */
-  tt_ptr_op(NULL, ==, connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx"));
+  tt_ptr_op(NULL, OP_EQ,
+            connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx"));
 
   c1 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
   c2 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
   c3 = or_connection_new(CONN_TYPE_OR, AF_INET);
 
-  tt_ptr_op(c1->ext_or_conn_id, !=, NULL);
-  tt_ptr_op(c2->ext_or_conn_id, !=, NULL);
-  tt_ptr_op(c3->ext_or_conn_id, ==, NULL);
+  tt_ptr_op(c1->ext_or_conn_id, OP_NE, NULL);
+  tt_ptr_op(c2->ext_or_conn_id, OP_NE, NULL);
+  tt_ptr_op(c3->ext_or_conn_id, OP_EQ, NULL);
 
-  tt_ptr_op(c1, ==, connection_or_get_by_ext_or_id(c1->ext_or_conn_id));
-  tt_ptr_op(c2, ==, connection_or_get_by_ext_or_id(c2->ext_or_conn_id));
-  tt_ptr_op(NULL, ==, connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx"));
+  tt_ptr_op(c1, OP_EQ, connection_or_get_by_ext_or_id(c1->ext_or_conn_id));
+  tt_ptr_op(c2, OP_EQ, connection_or_get_by_ext_or_id(c2->ext_or_conn_id));
+  tt_ptr_op(NULL, OP_EQ,
+            connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx"));
 
   idp = tor_memdup(c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
 
   /* Give c2 a new ID. */
   connection_or_set_ext_or_identifier(c2);
-  test_mem_op(idp, !=, c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
+  tt_mem_op(idp, OP_NE, c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
   idp2 = tor_memdup(c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN);
   tt_assert(!tor_digest_is_zero(idp2));
 
-  tt_ptr_op(NULL, ==, connection_or_get_by_ext_or_id(idp));
-  tt_ptr_op(c2, ==, connection_or_get_by_ext_or_id(idp2));
+  tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp));
+  tt_ptr_op(c2, OP_EQ, connection_or_get_by_ext_or_id(idp2));
 
   /* Now remove it. */
   connection_or_remove_from_ext_or_id_map(c2);
-  tt_ptr_op(NULL, ==, connection_or_get_by_ext_or_id(idp));
-  tt_ptr_op(NULL, ==, connection_or_get_by_ext_or_id(idp2));
+  tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp));
+  tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp2));
 
  done:
   if (c1)
@@ -112,33 +114,33 @@ test_ext_or_write_command(void *arg)
 
   /* Length too long */
   tt_int_op(connection_write_ext_or_command(TO_CONN(c1), 100, "X", 100000),
-            <, 0);
+            OP_LT, 0);
 
   /* Empty command */
   tt_int_op(connection_write_ext_or_command(TO_CONN(c1), 0x99, NULL, 0),
-            ==, 0);
+            OP_EQ, 0);
   cp = buf_get_contents(TO_CONN(c1)->outbuf, &sz);
-  tt_int_op(sz, ==, 4);
-  test_mem_op(cp, ==, "\x00\x99\x00\x00", 4);
+  tt_int_op(sz, OP_EQ, 4);
+  tt_mem_op(cp, OP_EQ, "\x00\x99\x00\x00", 4);
   tor_free(cp);
 
   /* Medium command. */
   tt_int_op(connection_write_ext_or_command(TO_CONN(c1), 0x99,
-                                            "Wai\0Hello", 9), ==, 0);
+                                            "Wai\0Hello", 9), OP_EQ, 0);
   cp = buf_get_contents(TO_CONN(c1)->outbuf, &sz);
-  tt_int_op(sz, ==, 13);
-  test_mem_op(cp, ==, "\x00\x99\x00\x09Wai\x00Hello", 13);
+  tt_int_op(sz, OP_EQ, 13);
+  tt_mem_op(cp, OP_EQ, "\x00\x99\x00\x09Wai\x00Hello", 13);
   tor_free(cp);
 
   /* Long command */
   buf = tor_malloc(65535);
   memset(buf, 'x', 65535);
   tt_int_op(connection_write_ext_or_command(TO_CONN(c1), 0xf00d,
-                                            buf, 65535), ==, 0);
+                                            buf, 65535), OP_EQ, 0);
   cp = buf_get_contents(TO_CONN(c1)->outbuf, &sz);
-  tt_int_op(sz, ==, 65539);
-  test_mem_op(cp, ==, "\xf0\x0d\xff\xff", 4);
-  test_mem_op(cp+4, ==, buf, 65535);
+  tt_int_op(sz, OP_EQ, 65539);
+  tt_mem_op(cp, OP_EQ, "\xf0\x0d\xff\xff", 4);
+  tt_mem_op(cp+4, OP_EQ, buf, 65535);
   tor_free(cp);
 
  done:
@@ -175,42 +177,42 @@ test_ext_or_init_auth(void *arg)
   tor_free(options->DataDirectory);
   options->DataDirectory = tor_strdup("foo");
   cp = get_ext_or_auth_cookie_file_name();
-  tt_str_op(cp, ==, "foo"PATH_SEPARATOR"extended_orport_auth_cookie");
+  tt_str_op(cp, OP_EQ, "foo"PATH_SEPARATOR"extended_orport_auth_cookie");
   tor_free(cp);
 
   /* Shouldn't be initialized already, or our tests will be a bit
    * meaningless */
   ext_or_auth_cookie = tor_malloc_zero(32);
-  test_assert(tor_mem_is_zero((char*)ext_or_auth_cookie, 32));
+  tt_assert(tor_mem_is_zero((char*)ext_or_auth_cookie, 32));
 
   /* Now make sure we use a temporary file */
   fn = get_fname("ext_cookie_file");
   options->ExtORPortCookieAuthFile = tor_strdup(fn);
   cp = get_ext_or_auth_cookie_file_name();
-  tt_str_op(cp, ==, fn);
+  tt_str_op(cp, OP_EQ, fn);
   tor_free(cp);
 
   /* Test the initialization function with a broken
      write_bytes_to_file(). See if the problem is handled properly. */
   MOCK(write_bytes_to_file, write_bytes_to_file_fail);
-  tt_int_op(-1, ==, init_ext_or_cookie_authentication(1));
-  tt_int_op(ext_or_auth_cookie_is_set, ==, 0);
+  tt_int_op(-1, OP_EQ, init_ext_or_cookie_authentication(1));
+  tt_int_op(ext_or_auth_cookie_is_set, OP_EQ, 0);
   UNMOCK(write_bytes_to_file);
 
   /* Now do the actual initialization. */
-  tt_int_op(0, ==, init_ext_or_cookie_authentication(1));
-  tt_int_op(ext_or_auth_cookie_is_set, ==, 1);
+  tt_int_op(0, OP_EQ, init_ext_or_cookie_authentication(1));
+  tt_int_op(ext_or_auth_cookie_is_set, OP_EQ, 1);
   cp = read_file_to_str(fn, RFTS_BIN, &st);
-  tt_ptr_op(cp, !=, NULL);
-  tt_u64_op((uint64_t)st.st_size, ==, 64);
-  test_memeq(cp, "! Extended ORPort Auth Cookie !\x0a", 32);
-  test_memeq(cp+32, ext_or_auth_cookie, 32);
+  tt_ptr_op(cp, OP_NE, NULL);
+  tt_u64_op((uint64_t)st.st_size, OP_EQ, 64);
+  tt_mem_op(cp,OP_EQ, "! Extended ORPort Auth Cookie !\x0a", 32);
+  tt_mem_op(cp+32,OP_EQ, ext_or_auth_cookie, 32);
   memcpy(cookie0, ext_or_auth_cookie, 32);
-  test_assert(!tor_mem_is_zero((char*)ext_or_auth_cookie, 32));
+  tt_assert(!tor_mem_is_zero((char*)ext_or_auth_cookie, 32));
 
   /* Operation should be idempotent. */
-  tt_int_op(0, ==, init_ext_or_cookie_authentication(1));
-  test_memeq(cookie0, ext_or_auth_cookie, 32);
+  tt_int_op(0, OP_EQ, init_ext_or_cookie_authentication(1));
+  tt_mem_op(cookie0,OP_EQ, ext_or_auth_cookie, 32);
 
  done:
   tor_free(cp);
@@ -237,8 +239,8 @@ test_ext_or_cookie_auth(void *arg)
 
   (void)arg;
 
-  tt_int_op(strlen(client_hash_input), ==, 46+32+32);
-  tt_int_op(strlen(server_hash_input), ==, 46+32+32);
+  tt_int_op(strlen(client_hash_input), OP_EQ, 46+32+32);
+  tt_int_op(strlen(server_hash_input), OP_EQ, 46+32+32);
 
   ext_or_auth_cookie = tor_malloc_zero(32);
   memcpy(ext_or_auth_cookie, "s beside you? When I count, ther", 32);
@@ -258,20 +260,20 @@ test_ext_or_cookie_auth(void *arg)
    */
 
   /* Wrong length */
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             handle_client_auth_nonce(client_nonce, 33, &client_hash, &reply,
                                      &reply_len));
-  tt_int_op(-1, ==,
+  tt_int_op(-1, OP_EQ,
             handle_client_auth_nonce(client_nonce, 31, &client_hash, &reply,
                                      &reply_len));
 
   /* Now let's try this for real! */
-  tt_int_op(0, ==,
+  tt_int_op(0, OP_EQ,
             handle_client_auth_nonce(client_nonce, 32, &client_hash, &reply,
                                      &reply_len));
-  tt_int_op(reply_len, ==, 64);
-  tt_ptr_op(reply, !=, NULL);
-  tt_ptr_op(client_hash, !=, NULL);
+  tt_int_op(reply_len, OP_EQ, 64);
+  tt_ptr_op(reply, OP_NE, NULL);
+  tt_ptr_op(client_hash, OP_NE, NULL);
   /* Fill in the server nonce into the hash inputs... */
   memcpy(server_hash_input+46+32, reply+32, 32);
   memcpy(client_hash_input+46+32, reply+32, 32);
@@ -280,15 +282,15 @@ test_ext_or_cookie_auth(void *arg)
                      46+32+32);
   crypto_hmac_sha256(hmac2, (char*)ext_or_auth_cookie, 32, client_hash_input,
                      46+32+32);
-  test_memeq(hmac1, reply, 32);
-  test_memeq(hmac2, client_hash, 32);
+  tt_mem_op(hmac1,OP_EQ, reply, 32);
+  tt_mem_op(hmac2,OP_EQ, client_hash, 32);
 
   /* Now do it again and make sure that the results are *different* */
-  tt_int_op(0, ==,
+  tt_int_op(0, OP_EQ,
             handle_client_auth_nonce(client_nonce, 32, &client_hash2, &reply2,
                                      &reply_len));
-  test_memneq(reply2, reply, reply_len);
-  test_memneq(client_hash2, client_hash, 32);
+  tt_mem_op(reply2,OP_NE, reply, reply_len);
+  tt_mem_op(client_hash2,OP_NE, client_hash, 32);
   /* But that this one checks out too. */
   memcpy(server_hash_input+46+32, reply2+32, 32);
   memcpy(client_hash_input+46+32, reply2+32, 32);
@@ -297,8 +299,8 @@ test_ext_or_cookie_auth(void *arg)
                      46+32+32);
   crypto_hmac_sha256(hmac2, (char*)ext_or_auth_cookie, 32, client_hash_input,
                      46+32+32);
-  test_memeq(hmac1, reply2, 32);
-  test_memeq(hmac2, client_hash2, 32);
+  tt_mem_op(hmac1,OP_EQ, reply2, 32);
+  tt_mem_op(hmac2,OP_EQ, client_hash2, 32);
 
  done:
   tor_free(reply);
@@ -307,15 +309,14 @@ test_ext_or_cookie_auth(void *arg)
   tor_free(client_hash2);
 }
 
-static int
+static void
 crypto_rand_return_tse_str(char *to, size_t n)
 {
   if (n != 32) {
     TT_FAIL(("Asked for %d bytes, not 32", (int)n));
-    return -1;
+    return;
   }
   memcpy(to, "te road There is always another ", 32);
-  return 0;
 }
 
 static void
@@ -334,12 +335,12 @@ test_ext_or_cookie_auth_testvec(void *arg)
 
   MOCK(crypto_rand, crypto_rand_return_tse_str);
 
-  tt_int_op(0, ==,
+  tt_int_op(0, OP_EQ,
             handle_client_auth_nonce(client_nonce, 32, &client_hash, &reply,
                                      &reply_len));
-  tt_ptr_op(reply, !=, NULL );
-  tt_uint_op(reply_len, ==, 64);
-  test_memeq(reply+32, "te road There is always another ", 32);
+  tt_ptr_op(reply, OP_NE, NULL );
+  tt_uint_op(reply_len, OP_EQ, 64);
+  tt_mem_op(reply+32,OP_EQ, "te road There is always another ", 32);
   /* HMACSHA256("Gliding wrapt in a brown mantle,"
    *     "ExtORPort authentication server-to-client hash"
    *     "But when I look ahead up the write road There is always another ");
@@ -402,11 +403,11 @@ handshake_start(or_connection_t *conn, int receiving)
   } while (0)
 #define CONTAINS(s,n)                                           \
   do {                                                          \
-    tt_int_op((n), <=, sizeof(b));                              \
-    tt_int_op(buf_datalen(TO_CONN(conn)->outbuf), ==, (n));     \
+    tt_int_op((n), OP_LE, sizeof(b));                              \
+    tt_int_op(buf_datalen(TO_CONN(conn)->outbuf), OP_EQ, (n));     \
     if ((n)) {                                                  \
       fetch_from_buf(b, (n), TO_CONN(conn)->outbuf);            \
-      test_memeq(b, (s), (n));                                  \
+      tt_mem_op(b, OP_EQ, (s), (n));                               \
     }                                                           \
   } while (0)
 
@@ -416,14 +417,15 @@ do_ext_or_handshake(or_connection_t *conn)
 {
   char b[256];
 
-  tt_int_op(0, ==, connection_ext_or_start_auth(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_start_auth(conn));
   CONTAINS("\x01\x00", 2);
   WRITE("\x01", 1);
   WRITE("But when I look ahead up the whi", 32);
   MOCK(crypto_rand, crypto_rand_return_tse_str);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   UNMOCK(crypto_rand);
-  tt_int_op(TO_CONN(conn)->state, ==, EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH);
+  tt_int_op(TO_CONN(conn)->state, OP_EQ,
+            EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH);
   CONTAINS("\xec\x80\xed\x6e\x54\x6d\x3b\x36\xfd\xfc\x22\xfe\x13\x15\x41\x6b"
            "\x02\x9f\x1a\xde\x76\x10\xd9\x10\x87\x8b\x62\xee\xb7\x40\x38\x21"
            "te road There is always another ", 64);
@@ -431,10 +433,10 @@ do_ext_or_handshake(or_connection_t *conn)
   WRITE("\xab\x39\x17\x32\xdd\x2e\xd9\x68\xcd\x40\xc0\x87\xd1\xb1\xf2\x5b"
         "\x33\xb3\xcd\x77\xff\x79\xbd\x80\xc2\x07\x4b\xbf\x43\x81\x19\xa2",
         32);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("\x01", 1);
   tt_assert(! TO_CONN(conn)->marked_for_close);
-  tt_int_op(TO_CONN(conn)->state, ==, EXT_OR_CONN_STATE_OPEN);
+  tt_int_op(TO_CONN(conn)->state, OP_EQ, EXT_OR_CONN_STATE_OPEN);
 
  done: ;
 }
@@ -456,14 +458,14 @@ test_ext_or_handshake(void *arg)
   init_connection_lists();
 
   conn = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
-  tt_int_op(0, ==, connection_ext_or_start_auth(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_start_auth(conn));
   /* The server starts by telling us about the one supported authtype. */
   CONTAINS("\x01\x00", 2);
   /* Say the client hasn't responded yet. */
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   /* Let's say the client replies badly. */
   WRITE("\x99", 1);
-  tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(-1, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("", 0);
   tt_assert(TO_CONN(conn)->marked_for_close);
   close_closeable_connections();
@@ -471,23 +473,23 @@ test_ext_or_handshake(void *arg)
 
   /* Okay, try again. */
   conn = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
-  tt_int_op(0, ==, connection_ext_or_start_auth(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_start_auth(conn));
   CONTAINS("\x01\x00", 2);
   /* Let's say the client replies sensibly this time. "Yes, AUTHTYPE_COOKIE
    * sounds delicious. Let's have some of that!" */
   WRITE("\x01", 1);
   /* Let's say that the client also sends part of a nonce. */
   WRITE("But when I look ", 16);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("", 0);
-  tt_int_op(TO_CONN(conn)->state, ==,
+  tt_int_op(TO_CONN(conn)->state, OP_EQ,
             EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE);
   /* Pump it again. Nothing should happen. */
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   /* send the rest of the nonce. */
   WRITE("ahead up the whi", 16);
   MOCK(crypto_rand, crypto_rand_return_tse_str);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   UNMOCK(crypto_rand);
   /* We should get the right reply from the server. */
   CONTAINS("\xec\x80\xed\x6e\x54\x6d\x3b\x36\xfd\xfc\x22\xfe\x13\x15\x41\x6b"
@@ -496,7 +498,7 @@ test_ext_or_handshake(void *arg)
   /* Send the wrong response. */
   WRITE("not with a bang but a whimper...", 32);
   MOCK(control_event_bootstrap_problem, ignore_bootstrap_problem);
-  tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(-1, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("\x00", 1);
   tt_assert(TO_CONN(conn)->marked_for_close);
   /* XXXX Hold-open-until-flushed. */
@@ -515,32 +517,32 @@ test_ext_or_handshake(void *arg)
   /* Now let's run through some messages. */
   /* First let's send some junk and make sure it's ignored. */
   WRITE("\xff\xf0\x00\x03""ABC", 7);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("", 0);
   /* Now let's send a USERADDR command. */
   WRITE("\x00\x01\x00\x0c""1.2.3.4:5678", 16);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
-  tt_int_op(TO_CONN(conn)->port, ==, 5678);
-  tt_int_op(tor_addr_to_ipv4h(&TO_CONN(conn)->addr), ==, 0x01020304);
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
+  tt_int_op(TO_CONN(conn)->port, OP_EQ, 5678);
+  tt_int_op(tor_addr_to_ipv4h(&TO_CONN(conn)->addr), OP_EQ, 0x01020304);
   /* Now let's send a TRANSPORT command. */
   WRITE("\x00\x02\x00\x07""rfc1149", 11);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
-  tt_ptr_op(NULL, !=, conn->ext_or_transport);
-  tt_str_op("rfc1149", ==, conn->ext_or_transport);
-  tt_int_op(is_reading,==,1);
-  tt_int_op(TO_CONN(conn)->state, ==, EXT_OR_CONN_STATE_OPEN);
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
+  tt_ptr_op(NULL, OP_NE, conn->ext_or_transport);
+  tt_str_op("rfc1149", OP_EQ, conn->ext_or_transport);
+  tt_int_op(is_reading,OP_EQ,1);
+  tt_int_op(TO_CONN(conn)->state, OP_EQ, EXT_OR_CONN_STATE_OPEN);
   /* DONE */
   WRITE("\x00\x00\x00\x00", 4);
-  tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
-  tt_int_op(TO_CONN(conn)->state, ==, EXT_OR_CONN_STATE_FLUSHING);
-  tt_int_op(is_reading,==,0);
+  tt_int_op(0, OP_EQ, connection_ext_or_process_inbuf(conn));
+  tt_int_op(TO_CONN(conn)->state, OP_EQ, EXT_OR_CONN_STATE_FLUSHING);
+  tt_int_op(is_reading,OP_EQ,0);
   CONTAINS("\x10\x00\x00\x00", 4);
-  tt_int_op(handshake_start_called,==,0);
-  tt_int_op(0, ==, connection_ext_or_finished_flushing(conn));
-  tt_int_op(is_reading,==,1);
-  tt_int_op(handshake_start_called,==,1);
-  tt_int_op(TO_CONN(conn)->type, ==, CONN_TYPE_OR);
-  tt_int_op(TO_CONN(conn)->state, ==, 0);
+  tt_int_op(handshake_start_called,OP_EQ,0);
+  tt_int_op(0, OP_EQ, connection_ext_or_finished_flushing(conn));
+  tt_int_op(is_reading,OP_EQ,1);
+  tt_int_op(handshake_start_called,OP_EQ,1);
+  tt_int_op(TO_CONN(conn)->type, OP_EQ, CONN_TYPE_OR);
+  tt_int_op(TO_CONN(conn)->state, OP_EQ, 0);
   close_closeable_connections();
   conn = NULL;
 
@@ -551,7 +553,7 @@ test_ext_or_handshake(void *arg)
   /* USERADDR command with an extra NUL byte */
   WRITE("\x00\x01\x00\x0d""1.2.3.4:5678\x00", 17);
   MOCK(control_event_bootstrap_problem, ignore_bootstrap_problem);
-  tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(-1, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("", 0);
   tt_assert(TO_CONN(conn)->marked_for_close);
   close_closeable_connections();
@@ -564,7 +566,7 @@ test_ext_or_handshake(void *arg)
   /* TRANSPORT command with an extra NUL byte */
   WRITE("\x00\x02\x00\x08""rfc1149\x00", 12);
   MOCK(control_event_bootstrap_problem, ignore_bootstrap_problem);
-  tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(-1, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("", 0);
   tt_assert(TO_CONN(conn)->marked_for_close);
   close_closeable_connections();
@@ -578,7 +580,7 @@ test_ext_or_handshake(void *arg)
      C-identifier) */
   WRITE("\x00\x02\x00\x07""rf*1149", 11);
   MOCK(control_event_bootstrap_problem, ignore_bootstrap_problem);
-  tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+  tt_int_op(-1, OP_EQ, connection_ext_or_process_inbuf(conn));
   CONTAINS("", 0);
   tt_assert(TO_CONN(conn)->marked_for_close);
   close_closeable_connections();
diff --git a/src/test/test_guardfraction.c b/src/test/test_guardfraction.c
new file mode 100644
index 0000000000..300590a3d9
--- /dev/null
+++ b/src/test/test_guardfraction.c
@@ -0,0 +1,418 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define DIRSERV_PRIVATE
+#define ROUTERPARSE_PRIVATE
+#define NETWORKSTATUS_PRIVATE
+
+#include "orconfig.h"
+#include "or.h"
+#include "config.h"
+#include "dirserv.h"
+#include "container.h"
+#include "entrynodes.h"
+#include "util.h"
+#include "routerparse.h"
+#include "networkstatus.h"
+
+#include "test.h"
+#include "test_helpers.h"
+
+/** Generate a vote_routerstatus_t for a router with identity digest
+ * <b>digest_in_hex</b>. */
+static vote_routerstatus_t *
+gen_vote_routerstatus_for_tests(const char *digest_in_hex, int is_guard)
+{
+  int retval;
+  vote_routerstatus_t *vrs = NULL;
+  routerstatus_t *rs;
+
+  vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
+  rs = &vrs->status;
+
+  { /* Useful information for tests */
+    char digest_tmp[DIGEST_LEN];
+
+    /* Guard or not? */
+    rs->is_possible_guard = is_guard;
+
+    /* Fill in the fpr */
+    tt_int_op(strlen(digest_in_hex), ==, HEX_DIGEST_LEN);
+    retval = base16_decode(digest_tmp, sizeof(digest_tmp),
+                           digest_in_hex, HEX_DIGEST_LEN);
+    tt_int_op(retval, ==, 0);
+    memcpy(rs->identity_digest, digest_tmp, DIGEST_LEN);
+  }
+
+  { /* Misc info (maybe not used in tests) */
+    vrs->version = tor_strdup("0.1.2.14");
+    strlcpy(rs->nickname, "router2", sizeof(rs->nickname));
+    memset(rs->descriptor_digest, 78, DIGEST_LEN);
+    rs->addr = 0x99008801;
+    rs->or_port = 443;
+    rs->dir_port = 8000;
+    /* all flags but running cleared */
+    rs->is_flagged_running = 1;
+    vrs->has_measured_bw = 1;
+    rs->has_bandwidth = 1;
+  }
+
+  return vrs;
+
+ done:
+  vote_routerstatus_free(vrs);
+
+  return NULL;
+}
+
+/** Make sure our parsers reject corrupted guardfraction files. */
+static void
+test_parse_guardfraction_file_bad(void *arg)
+{
+  int retval;
+  char *guardfraction_bad = NULL;
+  const char *yesterday_date_str = get_yesterday_date_str();
+
+  (void) arg;
+
+  /* Start parsing all those corrupted guardfraction files! */
+
+  /* Guardfraction file version is not a number! */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version nan\n"
+               "written-at %s\n"
+               "n-inputs 420 3\n"
+               "guard-seen D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777 100 420\n"
+               "guard-seen 07B5547026DF3E229806E135CFA8552D56AFBABC 5 420\n",
+               yesterday_date_str);
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, -1);
+  tor_free(guardfraction_bad);
+
+  /* This one does not have a date! Parsing should fail. */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version 1\n"
+               "written-at not_date\n"
+               "n-inputs 420 3\n"
+               "guard-seen D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777 100 420\n"
+               "guard-seen 07B5547026DF3E229806E135CFA8552D56AFBABC 5 420\n");
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, -1);
+  tor_free(guardfraction_bad);
+
+  /* This one has an incomplete n-inputs line, but parsing should
+     still continue. */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version 1\n"
+               "written-at %s\n"
+               "n-inputs biggie\n"
+               "guard-seen D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777 100 420\n"
+               "guard-seen 07B5547026DF3E229806E135CFA8552D56AFBABC 5 420\n",
+               yesterday_date_str);
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, 2);
+  tor_free(guardfraction_bad);
+
+  /* This one does not have a fingerprint in the guard line! */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version 1\n"
+               "written-at %s\n"
+               "n-inputs 420 3\n"
+               "guard-seen not_a_fingerprint 100 420\n",
+               yesterday_date_str);
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, 0);
+  tor_free(guardfraction_bad);
+
+  /* This one does not even have an integer guardfraction value. */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version 1\n"
+               "written-at %s\n"
+               "n-inputs 420 3\n"
+               "guard-seen D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777 NaN 420\n"
+               "guard-seen 07B5547026DF3E229806E135CFA8552D56AFBABC 5 420\n",
+               yesterday_date_str);
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, 1);
+  tor_free(guardfraction_bad);
+
+  /* This one is not a percentage (not in [0, 100]) */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version 1\n"
+               "written-at %s\n"
+               "n-inputs 420 3\n"
+               "guard-seen D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777 666 420\n"
+               "guard-seen 07B5547026DF3E229806E135CFA8552D56AFBABC 5 420\n",
+               yesterday_date_str);
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, 1);
+  tor_free(guardfraction_bad);
+
+  /* This one is not a percentage either (not in [0, 100]) */
+  tor_asprintf(&guardfraction_bad,
+               "guardfraction-file-version 1\n"
+               "written-at %s\n"
+               "n-inputs 420 3\n"
+               "guard-seen D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777 -3 420\n",
+               yesterday_date_str);
+
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_bad, NULL);
+  tt_int_op(retval, ==, 0);
+
+ done:
+  tor_free(guardfraction_bad);
+}
+
+/** Make sure that our test guardfraction file gets parsed properly, and
+ * its information are applied properly to our routerstatuses. */
+static void
+test_parse_guardfraction_file_good(void *arg)
+{
+  int retval;
+  vote_routerstatus_t *vrs_guard = NULL;
+  vote_routerstatus_t *vrs_dummy = NULL;
+  char *guardfraction_good = NULL;
+  const char *yesterday_date_str = get_yesterday_date_str();
+  smartlist_t *routerstatuses = smartlist_new();
+
+  /* Some test values that we need to validate later */
+  const char fpr_guard[] = "D0EDB47BEAD32D26D0A837F7D5357EC3AD3B8777";
+  const char fpr_unlisted[] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+  const int guardfraction_value = 42;
+
+  (void) arg;
+
+  {
+    /* Populate the smartlist with some fake routerstatuses, so that
+       after parsing the guardfraction file we can check that their
+       elements got filled properly. */
+
+    /* This one is a guard */
+    vrs_guard = gen_vote_routerstatus_for_tests(fpr_guard, 1);
+    tt_assert(vrs_guard);
+    smartlist_add(routerstatuses, vrs_guard);
+
+    /* This one is a guard but it's not in the guardfraction file */
+    vrs_dummy = gen_vote_routerstatus_for_tests(fpr_unlisted, 1);
+    tt_assert(vrs_dummy);
+    smartlist_add(routerstatuses, vrs_dummy);
+  }
+
+  tor_asprintf(&guardfraction_good,
+               "guardfraction-file-version 1\n"
+               "written-at %s\n"
+               "n-inputs 420 3\n"
+               "guard-seen %s %d 420\n",
+               yesterday_date_str,
+               fpr_guard, guardfraction_value);
+
+  /* Read the guardfraction file */
+  retval = dirserv_read_guardfraction_file_from_str(guardfraction_good,
+                                                    routerstatuses);
+  tt_int_op(retval, ==, 1);
+
+  { /* Test that routerstatus fields got filled properly */
+
+    /* The guardfraction fields of the guard should be filled. */
+    tt_assert(vrs_guard->status.has_guardfraction);
+    tt_int_op(vrs_guard->status.guardfraction_percentage,
+              ==,
+              guardfraction_value);
+
+    /* The guard that was not in the guardfraction file should not have
+       been touched either. */
+    tt_assert(!vrs_dummy->status.has_guardfraction);
+  }
+
+ done:
+  vote_routerstatus_free(vrs_guard);
+  vote_routerstatus_free(vrs_dummy);
+  smartlist_free(routerstatuses);
+  tor_free(guardfraction_good);
+}
+
+/** Make sure that the guardfraction bandwidths get calculated properly. */
+static void
+test_get_guardfraction_bandwidth(void *arg)
+{
+  guardfraction_bandwidth_t gf_bw;
+  const int orig_bw = 1000;
+
+  (void) arg;
+
+  /* A guard with bandwidth 1000 and GuardFraction 0.25, should have
+     bandwidth 250 as a guard and bandwidth 750 as a non-guard.  */
+  guard_get_guardfraction_bandwidth(&gf_bw,
+                                    orig_bw, 25);
+
+  tt_int_op(gf_bw.guard_bw, ==, 250);
+  tt_int_op(gf_bw.non_guard_bw, ==, 750);
+
+  /* Also check the 'guard_bw + non_guard_bw == original_bw'
+   * invariant. */
+  tt_int_op(gf_bw.non_guard_bw + gf_bw.guard_bw, ==, orig_bw);
+
+ done:
+  ;
+}
+
+/** Parse the GuardFraction element of the consensus, and make sure it
+ * gets parsed correctly. */
+static void
+test_parse_guardfraction_consensus(void *arg)
+{
+  int retval;
+  or_options_t *options = get_options_mutable();
+
+  const char *guardfraction_str_good = "GuardFraction=66";
+  routerstatus_t rs_good;
+  routerstatus_t rs_no_guard;
+
+  const char *guardfraction_str_bad1 = "GuardFraction="; /* no value */
+  routerstatus_t rs_bad1;
+
+  const char *guardfraction_str_bad2 = "GuardFraction=166"; /* no percentage */
+  routerstatus_t rs_bad2;
+
+  (void) arg;
+
+  /* GuardFraction use is currently disabled by default. So we need to
+     manually enable it. */
+  options->UseGuardFraction = 1;
+
+  { /* Properly formatted GuardFraction. Check that it gets applied
+       correctly. */
+    memset(&rs_good, 0, sizeof(routerstatus_t));
+    rs_good.is_possible_guard = 1;
+
+    retval = routerstatus_parse_guardfraction(guardfraction_str_good,
+                                              NULL, NULL,
+                                              &rs_good);
+    tt_int_op(retval, ==, 0);
+    tt_assert(rs_good.has_guardfraction);
+    tt_int_op(rs_good.guardfraction_percentage, ==, 66);
+  }
+
+  { /* Properly formatted GuardFraction but router is not a
+       guard. GuardFraction should not get applied. */
+    memset(&rs_no_guard, 0, sizeof(routerstatus_t));
+    tt_assert(!rs_no_guard.is_possible_guard);
+
+    retval = routerstatus_parse_guardfraction(guardfraction_str_good,
+                                              NULL, NULL,
+                                              &rs_no_guard);
+    tt_int_op(retval, ==, 0);
+    tt_assert(!rs_no_guard.has_guardfraction);
+  }
+
+  { /* Bad GuardFraction. Function should fail and not apply. */
+    memset(&rs_bad1, 0, sizeof(routerstatus_t));
+    rs_bad1.is_possible_guard = 1;
+
+    retval = routerstatus_parse_guardfraction(guardfraction_str_bad1,
+                                              NULL, NULL,
+                                              &rs_bad1);
+    tt_int_op(retval, ==, -1);
+    tt_assert(!rs_bad1.has_guardfraction);
+  }
+
+  { /* Bad GuardFraction. Function should fail and not apply. */
+    memset(&rs_bad2, 0, sizeof(routerstatus_t));
+    rs_bad2.is_possible_guard = 1;
+
+    retval = routerstatus_parse_guardfraction(guardfraction_str_bad2,
+                                              NULL, NULL,
+                                              &rs_bad2);
+    tt_int_op(retval, ==, -1);
+    tt_assert(!rs_bad2.has_guardfraction);
+  }
+
+ done:
+  ;
+}
+
+/** Make sure that we use GuardFraction information when we should,
+ * according to the torrc option and consensus parameter. */
+static void
+test_should_apply_guardfraction(void *arg)
+{
+  networkstatus_t vote_enabled, vote_disabled, vote_missing;
+  or_options_t *options = get_options_mutable();
+
+  (void) arg;
+
+  { /* Fill the votes for later */
+    /* This one suggests enabled GuardFraction. */
+    memset(&vote_enabled, 0, sizeof(vote_enabled));
+    vote_enabled.net_params = smartlist_new();
+    smartlist_split_string(vote_enabled.net_params,
+                           "UseGuardFraction=1", NULL, 0, 0);
+
+    /* This one suggests disabled GuardFraction. */
+    memset(&vote_disabled, 0, sizeof(vote_disabled));
+    vote_disabled.net_params = smartlist_new();
+    smartlist_split_string(vote_disabled.net_params,
+                           "UseGuardFraction=0", NULL, 0, 0);
+
+    /* This one doesn't have GuardFraction at all. */
+    memset(&vote_missing, 0, sizeof(vote_missing));
+    vote_missing.net_params = smartlist_new();
+    smartlist_split_string(vote_missing.net_params,
+                           "leon=trout", NULL, 0, 0);
+  }
+
+  /* If torrc option is set to yes, we should always use
+   * guardfraction.*/
+  options->UseGuardFraction = 1;
+  tt_int_op(should_apply_guardfraction(&vote_disabled), ==, 1);
+
+  /* If torrc option is set to no, we should never use
+   * guardfraction.*/
+  options->UseGuardFraction = 0;
+  tt_int_op(should_apply_guardfraction(&vote_enabled), ==, 0);
+
+  /* Now let's test torrc option set to auto. */
+  options->UseGuardFraction = -1;
+
+  /* If torrc option is set to auto, and consensus parameter is set to
+   * yes, we should use guardfraction. */
+  tt_int_op(should_apply_guardfraction(&vote_enabled), ==, 1);
+
+  /* If torrc option is set to auto, and consensus parameter is set to
+   * no, we should use guardfraction. */
+  tt_int_op(should_apply_guardfraction(&vote_disabled), ==, 0);
+
+  /* If torrc option is set to auto, and consensus parameter is not
+   * set, we should fallback to "no". */
+  tt_int_op(should_apply_guardfraction(&vote_missing), ==, 0);
+
+ done:
+  SMARTLIST_FOREACH(vote_enabled.net_params, char *, cp, tor_free(cp));
+  SMARTLIST_FOREACH(vote_disabled.net_params, char *, cp, tor_free(cp));
+  SMARTLIST_FOREACH(vote_missing.net_params, char *, cp, tor_free(cp));
+  smartlist_free(vote_enabled.net_params);
+  smartlist_free(vote_disabled.net_params);
+  smartlist_free(vote_missing.net_params);
+}
+
+struct testcase_t guardfraction_tests[] = {
+  { "parse_guardfraction_file_bad", test_parse_guardfraction_file_bad,
+    TT_FORK, NULL, NULL },
+  { "parse_guardfraction_file_good", test_parse_guardfraction_file_good,
+    TT_FORK, NULL, NULL },
+  { "parse_guardfraction_consensus", test_parse_guardfraction_consensus,
+    TT_FORK, NULL, NULL },
+  { "get_guardfraction_bandwidth", test_get_guardfraction_bandwidth,
+    TT_FORK, NULL, NULL },
+  { "should_apply_guardfraction", test_should_apply_guardfraction,
+    TT_FORK, NULL, NULL },
+
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
new file mode 100644
index 0000000000..c6daaf220a
--- /dev/null
+++ b/src/test/test_helpers.c
@@ -0,0 +1,86 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file test_helpers.c
+ * \brief Some helper functions to avoid code duplication in unit tests.
+ */
+
+#define ROUTERLIST_PRIVATE
+#include "orconfig.h"
+#include "or.h"
+
+#include "routerlist.h"
+#include "nodelist.h"
+
+#include "test.h"
+#include "test_helpers.h"
+
+#include "test_descriptors.inc"
+
+/* Return a statically allocated string representing yesterday's date
+ * in ISO format. We use it so that state file items are not found to
+ * be outdated. */
+const char *
+get_yesterday_date_str(void)
+{
+  static char buf[ISO_TIME_LEN+1];
+
+  time_t yesterday = time(NULL) - 24*60*60;
+  format_iso_time(buf, yesterday);
+  return buf;
+}
+
+/* NOP replacement for router_descriptor_is_older_than() */
+static int
+router_descriptor_is_older_than_replacement(const routerinfo_t *router,
+                                            int seconds)
+{
+  (void) router;
+  (void) seconds;
+  return 0;
+}
+
+/** Parse a file containing router descriptors and load them to our
+    routerlist. This function is used to setup an artificial network
+    so that we can conduct tests on it. */
+void
+helper_setup_fake_routerlist(void)
+{
+  int retval;
+  routerlist_t *our_routerlist = NULL;
+  smartlist_t *our_nodelist = NULL;
+
+  /* Read the file that contains our test descriptors. */
+
+  /* We need to mock this function otherwise the descriptors will not
+     accepted as they are too old. */
+  MOCK(router_descriptor_is_older_than,
+       router_descriptor_is_older_than_replacement);
+
+  /* Load all the test descriptors to the routerlist. */
+  retval = router_load_routers_from_string(TEST_DESCRIPTORS,
+                                           NULL, SAVED_IN_JOURNAL,
+                                           NULL, 0, NULL);
+  tt_int_op(retval, ==, HELPER_NUMBER_OF_DESCRIPTORS);
+
+  /* Sanity checking of routerlist and nodelist. */
+  our_routerlist = router_get_routerlist();
+  tt_int_op(smartlist_len(our_routerlist->routers), ==,
+              HELPER_NUMBER_OF_DESCRIPTORS);
+  routerlist_assert_ok(our_routerlist);
+
+  our_nodelist = nodelist_get_list();
+  tt_int_op(smartlist_len(our_nodelist), ==, HELPER_NUMBER_OF_DESCRIPTORS);
+
+  /* Mark all routers as non-guards but up and running! */
+  SMARTLIST_FOREACH_BEGIN(our_nodelist, node_t *, node) {
+    node->is_running = 1;
+    node->is_valid = 1;
+    node->is_possible_guard = 0;
+  } SMARTLIST_FOREACH_END(node);
+
+ done:
+  UNMOCK(router_descriptor_is_older_than);
+}
+
diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h
new file mode 100644
index 0000000000..684375e1b1
--- /dev/null
+++ b/src/test/test_helpers.h
@@ -0,0 +1,17 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_TEST_HELPERS_H
+#define TOR_TEST_HELPERS_H
+
+const char *get_yesterday_date_str(void);
+
+/* Number of descriptors contained in test_descriptors.txt. */
+#define HELPER_NUMBER_OF_DESCRIPTORS 8
+
+void helper_setup_fake_routerlist(void);
+
+extern const char TEST_DESCRIPTORS[];
+
+#endif
+
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 99ef7dd570..49939a53cf 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -7,9 +7,16 @@
  **/
 
 #define CONTROL_PRIVATE
+#define CIRCUITBUILD_PRIVATE
+
 #include "or.h"
 #include "test.h"
 #include "control.h"
+#include "config.h"
+#include "rendcommon.h"
+#include "routerset.h"
+#include "circuitbuild.h"
+#include "test_helpers.h"
 
 /* mock ID digest and longname for node that's in nodelist */
 #define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \
@@ -22,6 +29,68 @@
 #define STR_HSDIR_NONE_EXIST_LONGNAME \
                        "$BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
 
+/* DuckDuckGo descriptor as an example. */
+static const char *hs_desc_content = "\
+rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\r\n\
+version 2\r\n\
+permanent-key\r\n\
+-----BEGIN RSA PUBLIC KEY-----\r\n\
+MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\r\n\
+aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\r\n\
+I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\r\n\
+-----END RSA PUBLIC KEY-----\r\n\
+secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\r\n\
+publication-time 2015-03-11 19:00:00\r\n\
+protocol-versions 2,3\r\n\
+introduction-points\r\n\
+-----BEGIN MESSAGE-----\r\n\
+aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\r\n\
+cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\r\n\
+bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\r\n\
+QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\r\n\
+NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\r\n\
+UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\r\n\
+S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\r\n\
+UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\r\n\
+VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\r\n\
+VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\r\n\
+K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\r\n\
+CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\r\n\
+NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\r\n\
+ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\r\n\
+cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\r\n\
+ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\r\n\
+WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\r\n\
+OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\r\n\
+ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\r\n\
+MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\r\n\
+QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\r\n\
+S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\r\n\
+QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\r\n\
+N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\r\n\
+N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\r\n\
+Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\r\n\
+bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\r\n\
+ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\r\n\
+R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\r\n\
+dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\r\n\
+MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\r\n\
+eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\r\n\
+b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\r\n\
+LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\r\n\
+SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\r\n\
+RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\r\n\
+SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\r\n\
+MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\r\n\
+LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\r\n\
+-----END MESSAGE-----\r\n\
+signature\r\n\
+-----BEGIN SIGNATURE-----\r\n\
+d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\r\n\
+PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\r\n\
+myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\r\n\
+-----END SIGNATURE-----";
+
 /* Helper global variable for hidden service descriptor event test.
  * It's used as a pointer to dynamically created message buffer in
  * send_control_event_string_replacement function, which mocks
@@ -33,13 +102,11 @@ static char *received_msg = NULL;
 /** Mock function for send_control_event_string
  */
 static void
-send_control_event_string_replacement(uint16_t event, event_format_t which,
-                                      const char *msg)
+queue_control_event_string_replacement(uint16_t event, char *msg)
 {
   (void) event;
-  (void) which;
   tor_free(received_msg);
-  received_msg = tor_strdup(msg);
+  received_msg = msg;
 }
 
 /** Mock function for node_describe_longname_by_id, it returns either
@@ -63,67 +130,321 @@ static void
 test_hs_desc_event(void *arg)
 {
   #define STR_HS_ADDR "ajhb7kljbiru65qo"
-  #define STR_HS_ID "b3oeducbhjmbqmgw2i3jtz4fekkrinwj"
+  #define STR_HS_CONTENT_DESC_ID "g5ojobzupf275beh5ra72uyhb3dkpxwg"
+  #define STR_DESC_ID_BASE32 "hba3gmcgpfivzfhx5rtfqkfdhv65yrj3"
 
+  int ret;
   rend_data_t rend_query;
   const char *expected_msg;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
 
   (void) arg;
-  MOCK(send_control_event_string,
-       send_control_event_string_replacement);
+  MOCK(queue_control_event_string,
+       queue_control_event_string_replacement);
   MOCK(node_describe_longname_by_id,
        node_describe_longname_by_id_replacement);
 
   /* setup rend_query struct */
+  memset(&rend_query, 0, sizeof(rend_query));
   strncpy(rend_query.onion_address, STR_HS_ADDR,
           REND_SERVICE_ID_LEN_BASE32+1);
-  rend_query.auth_type = 0;
+  rend_query.auth_type = REND_NO_AUTH;
+  rend_query.hsdirs_fp = smartlist_new();
+  smartlist_add(rend_query.hsdirs_fp, tor_memdup(HSDIR_EXIST_ID,
+                                                 DIGEST_LEN));
+
+  /* Compute descriptor ID for replica 0, should be STR_DESC_ID_BASE32. */
+  ret = rend_compute_v2_desc_id(rend_query.descriptor_id[0],
+                                rend_query.onion_address,
+                                NULL, 0, 0);
+  tt_int_op(ret, ==, 0);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32),
+                rend_query.descriptor_id[0], DIGEST_LEN);
+  /* Make sure rend_compute_v2_desc_id works properly. */
+  tt_mem_op(desc_id_base32, OP_EQ, STR_DESC_ID_BASE32,
+            sizeof(desc_id_base32));
 
   /* test request event */
   control_event_hs_descriptor_requested(&rend_query, HSDIR_EXIST_ID,
-                                        STR_HS_ID);
+                                        STR_DESC_ID_BASE32);
   expected_msg = "650 HS_DESC REQUESTED "STR_HS_ADDR" NO_AUTH "\
-                  STR_HSDIR_EXIST_LONGNAME" "STR_HS_ID"\r\n";
-  test_assert(received_msg);
-  test_streq(received_msg, expected_msg);
+                  STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32 "\r\n";
+  tt_assert(received_msg);
+  tt_str_op(received_msg,OP_EQ, expected_msg);
   tor_free(received_msg);
 
   /* test received event */
-  rend_query.auth_type = 1;
-  control_event_hs_descriptor_received(&rend_query, HSDIR_EXIST_ID);
+  rend_query.auth_type = REND_BASIC_AUTH;
+  control_event_hs_descriptor_received(rend_query.onion_address,
+                                       &rend_query, HSDIR_EXIST_ID);
   expected_msg = "650 HS_DESC RECEIVED "STR_HS_ADDR" BASIC_AUTH "\
-                  STR_HSDIR_EXIST_LONGNAME"\r\n";
-  test_assert(received_msg);
-  test_streq(received_msg, expected_msg);
+                  STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32"\r\n";
+  tt_assert(received_msg);
+  tt_str_op(received_msg,OP_EQ, expected_msg);
   tor_free(received_msg);
 
   /* test failed event */
-  rend_query.auth_type = 2;
-  control_event_hs_descriptor_failed(&rend_query, HSDIR_NONE_EXIST_ID);
+  rend_query.auth_type = REND_STEALTH_AUTH;
+  control_event_hs_descriptor_failed(&rend_query,
+                                     HSDIR_NONE_EXIST_ID,
+                                     "QUERY_REJECTED");
   expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" STEALTH_AUTH "\
-                  STR_HSDIR_NONE_EXIST_LONGNAME"\r\n";
-  test_assert(received_msg);
-  test_streq(received_msg, expected_msg);
+                  STR_HSDIR_NONE_EXIST_LONGNAME" REASON=QUERY_REJECTED\r\n";
+  tt_assert(received_msg);
+  tt_str_op(received_msg,OP_EQ, expected_msg);
   tor_free(received_msg);
 
   /* test invalid auth type */
   rend_query.auth_type = 999;
-  control_event_hs_descriptor_failed(&rend_query, HSDIR_EXIST_ID);
+  control_event_hs_descriptor_failed(&rend_query,
+                                     HSDIR_EXIST_ID,
+                                     "QUERY_REJECTED");
   expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" UNKNOWN "\
-                  STR_HSDIR_EXIST_LONGNAME"\r\n";
-  test_assert(received_msg);
-  test_streq(received_msg, expected_msg);
+                  STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32\
+                  " REASON=QUERY_REJECTED\r\n";
+  tt_assert(received_msg);
+  tt_str_op(received_msg,OP_EQ, expected_msg);
   tor_free(received_msg);
 
+  /* test valid content. */
+  char *exp_msg;
+  control_event_hs_descriptor_content(rend_query.onion_address,
+                                      STR_HS_CONTENT_DESC_ID, HSDIR_EXIST_ID,
+                                      hs_desc_content);
+  tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\
+               STR_HS_CONTENT_DESC_ID " " STR_HSDIR_EXIST_LONGNAME\
+               "\r\n%s\r\n.\r\n650 OK\r\n", hs_desc_content);
+
+  tt_assert(received_msg);
+  tt_str_op(received_msg, OP_EQ, exp_msg);
+  tor_free(received_msg);
+  tor_free(exp_msg);
+  SMARTLIST_FOREACH(rend_query.hsdirs_fp, char *, d, tor_free(d));
+  smartlist_free(rend_query.hsdirs_fp);
+
  done:
-  UNMOCK(send_control_event_string);
+  UNMOCK(queue_control_event_string);
   UNMOCK(node_describe_longname_by_id);
   tor_free(received_msg);
 }
 
+/* Make sure we always pick the right RP, given a well formatted
+ * Tor2webRendezvousPoints value. */
+static void
+test_pick_tor2web_rendezvous_node(void *arg)
+{
+  or_options_t *options = get_options_mutable();
+  const node_t *chosen_rp = NULL;
+  router_crn_flags_t flags = CRN_NEED_DESC;
+  int retval, i;
+  const char *tor2web_rendezvous_str = "test003r";
+
+  (void) arg;
+
+  /* Setup fake routerlist. */
+  helper_setup_fake_routerlist();
+
+  /* Parse Tor2webRendezvousPoints as a routerset. */
+  options->Tor2webRendezvousPoints = routerset_new();
+  retval = routerset_parse(options->Tor2webRendezvousPoints,
+                           tor2web_rendezvous_str,
+                           "test_tor2web_rp");
+  tt_int_op(retval, >=, 0);
+
+  /* Pick rendezvous point. Make sure the correct one is
+     picked. Repeat many times to make sure it works properly. */
+  for (i = 0; i < 50 ; i++) {
+    chosen_rp = pick_tor2web_rendezvous_node(flags, options);
+    tt_assert(chosen_rp);
+    tt_str_op(chosen_rp->ri->nickname, ==, tor2web_rendezvous_str);
+  }
+
+ done:
+  routerset_free(options->Tor2webRendezvousPoints);
+}
+
+/* Make sure we never pick an RP if Tor2webRendezvousPoints doesn't
+ * correspond to an actual node. */
+static void
+test_pick_bad_tor2web_rendezvous_node(void *arg)
+{
+  or_options_t *options = get_options_mutable();
+  const node_t *chosen_rp = NULL;
+  router_crn_flags_t flags = CRN_NEED_DESC;
+  int retval, i;
+  const char *tor2web_rendezvous_str = "dummy";
+
+  (void) arg;
+
+  /* Setup fake routerlist. */
+  helper_setup_fake_routerlist();
+
+  /* Parse Tor2webRendezvousPoints as a routerset. */
+  options->Tor2webRendezvousPoints = routerset_new();
+  retval = routerset_parse(options->Tor2webRendezvousPoints,
+                           tor2web_rendezvous_str,
+                           "test_tor2web_rp");
+  tt_int_op(retval, >=, 0);
+
+  /* Pick rendezvous point. Since Tor2webRendezvousPoints was set to a
+     dummy value, we shouldn't find any eligible RPs. */
+  for (i = 0; i < 50 ; i++) {
+    chosen_rp = pick_tor2web_rendezvous_node(flags, options);
+    tt_assert(!chosen_rp);
+  }
+
+ done:
+  routerset_free(options->Tor2webRendezvousPoints);
+}
+
+/* Make sure rend_data_t is valid at creation, destruction and when
+ * duplicated. */
+static void
+test_hs_rend_data(void *arg)
+{
+  int rep;
+  rend_data_t *client = NULL, *client_dup = NULL;
+  /* Binary format of a descriptor ID. */
+  char desc_id[DIGEST_LEN];
+  char client_cookie[REND_DESC_COOKIE_LEN];
+  time_t now = time(NULL);
+  rend_data_t *service_dup = NULL;
+  rend_data_t *service = NULL;
+
+  (void)arg;
+
+  base32_decode(desc_id, sizeof(desc_id), STR_DESC_ID_BASE32,
+                REND_DESC_ID_V2_LEN_BASE32);
+  memset(client_cookie, 'e', sizeof(client_cookie));
+
+  client = rend_data_client_create(STR_HS_ADDR, desc_id, client_cookie,
+                                   REND_NO_AUTH);
+  tt_assert(client);
+  tt_int_op(client->auth_type, ==, REND_NO_AUTH);
+  tt_str_op(client->onion_address, OP_EQ, STR_HS_ADDR);
+  tt_mem_op(client->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id));
+  tt_mem_op(client->descriptor_cookie, OP_EQ, client_cookie,
+            sizeof(client_cookie));
+  tt_assert(client->hsdirs_fp);
+  tt_int_op(smartlist_len(client->hsdirs_fp), ==, 0);
+  for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
+    int ret = rend_compute_v2_desc_id(desc_id, client->onion_address,
+                                      client->descriptor_cookie, now, rep);
+    /* That shouldn't never fail. */
+    tt_int_op(ret, ==, 0);
+    tt_mem_op(client->descriptor_id[rep], OP_EQ, desc_id, sizeof(desc_id));
+  }
+  /* The rest should be zeroed because this is a client request. */
+  tt_int_op(tor_digest_is_zero(client->rend_pk_digest), ==, 1);
+  tt_int_op(tor_digest_is_zero(client->rend_cookie), ==, 1);
+
+  /* Test dup(). */
+  client_dup = rend_data_dup(client);
+  tt_assert(client_dup);
+  tt_int_op(client_dup->auth_type, ==, client->auth_type);
+  tt_str_op(client_dup->onion_address, OP_EQ, client->onion_address);
+  tt_mem_op(client_dup->desc_id_fetch, OP_EQ, client->desc_id_fetch,
+            sizeof(client_dup->desc_id_fetch));
+  tt_mem_op(client_dup->descriptor_cookie, OP_EQ, client->descriptor_cookie,
+            sizeof(client_dup->descriptor_cookie));
+
+  tt_assert(client_dup->hsdirs_fp);
+  tt_int_op(smartlist_len(client_dup->hsdirs_fp), ==, 0);
+  for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
+    tt_mem_op(client_dup->descriptor_id[rep], OP_EQ,
+              client->descriptor_id[rep], DIGEST_LEN);
+  }
+  /* The rest should be zeroed because this is a client request. */
+  tt_int_op(tor_digest_is_zero(client_dup->rend_pk_digest), ==, 1);
+  tt_int_op(tor_digest_is_zero(client_dup->rend_cookie), ==, 1);
+  rend_data_free(client);
+  client = NULL;
+  rend_data_free(client_dup);
+  client_dup = NULL;
+
+  /* Reset state. */
+  base32_decode(desc_id, sizeof(desc_id), STR_DESC_ID_BASE32,
+                REND_DESC_ID_V2_LEN_BASE32);
+  memset(client_cookie, 'e', sizeof(client_cookie));
+
+  /* Try with different parameters here for which some content should be
+   * zeroed out. */
+  client = rend_data_client_create(NULL, desc_id, NULL, REND_BASIC_AUTH);
+  tt_assert(client);
+  tt_int_op(client->auth_type, ==, REND_BASIC_AUTH);
+  tt_int_op(strlen(client->onion_address), ==, 0);
+  tt_mem_op(client->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id));
+  tt_int_op(tor_mem_is_zero(client->descriptor_cookie,
+                            sizeof(client->descriptor_cookie)), ==, 1);
+  tt_assert(client->hsdirs_fp);
+  tt_int_op(smartlist_len(client->hsdirs_fp), ==, 0);
+  for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
+    tt_int_op(tor_digest_is_zero(client->descriptor_id[rep]), ==, 1);
+  }
+  /* The rest should be zeroed because this is a client request. */
+  tt_int_op(tor_digest_is_zero(client->rend_pk_digest), ==, 1);
+  tt_int_op(tor_digest_is_zero(client->rend_cookie), ==, 1);
+  rend_data_free(client);
+  client = NULL;
+
+  /* Let's test the service object now. */
+  char rend_pk_digest[DIGEST_LEN];
+  uint8_t rend_cookie[DIGEST_LEN];
+  memset(rend_pk_digest, 'f', sizeof(rend_pk_digest));
+  memset(rend_cookie, 'g', sizeof(rend_cookie));
+
+  service = rend_data_service_create(STR_HS_ADDR, rend_pk_digest,
+                                     rend_cookie, REND_NO_AUTH);
+  tt_assert(service);
+  tt_int_op(service->auth_type, ==, REND_NO_AUTH);
+  tt_str_op(service->onion_address, OP_EQ, STR_HS_ADDR);
+  tt_mem_op(service->rend_pk_digest, OP_EQ, rend_pk_digest,
+            sizeof(rend_pk_digest));
+  tt_mem_op(service->rend_cookie, OP_EQ, rend_cookie, sizeof(rend_cookie));
+  tt_assert(service->hsdirs_fp);
+  tt_int_op(smartlist_len(service->hsdirs_fp), ==, 0);
+  for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
+    tt_int_op(tor_digest_is_zero(service->descriptor_id[rep]), ==, 1);
+  }
+  /* The rest should be zeroed because this is a service request. */
+  tt_int_op(tor_digest_is_zero(service->descriptor_cookie), ==, 1);
+  tt_int_op(tor_digest_is_zero(service->desc_id_fetch), ==, 1);
+
+  /* Test dup(). */
+  service_dup = rend_data_dup(service);
+  tt_assert(service_dup);
+  tt_int_op(service_dup->auth_type, ==, service->auth_type);
+  tt_str_op(service_dup->onion_address, OP_EQ, service->onion_address);
+  tt_mem_op(service_dup->rend_pk_digest, OP_EQ, service->rend_pk_digest,
+            sizeof(service_dup->rend_pk_digest));
+  tt_mem_op(service_dup->rend_cookie, OP_EQ, service->rend_cookie,
+            sizeof(service_dup->rend_cookie));
+  tt_assert(service_dup->hsdirs_fp);
+  tt_int_op(smartlist_len(service_dup->hsdirs_fp), ==, 0);
+  for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) {
+    tt_int_op(tor_digest_is_zero(service_dup->descriptor_id[rep]), ==, 1);
+  }
+  /* The rest should be zeroed because this is a service request. */
+  tt_int_op(tor_digest_is_zero(service_dup->descriptor_cookie), ==, 1);
+  tt_int_op(tor_digest_is_zero(service_dup->desc_id_fetch), ==, 1);
+
+ done:
+  rend_data_free(service);
+  rend_data_free(service_dup);
+  rend_data_free(client);
+  rend_data_free(client_dup);
+}
+
 struct testcase_t hs_tests[] = {
+  { "hs_rend_data", test_hs_rend_data, TT_FORK,
+    NULL, NULL },
   { "hs_desc_event", test_hs_desc_event, TT_FORK,
     NULL, NULL },
+  { "pick_tor2web_rendezvous_node", test_pick_tor2web_rendezvous_node, TT_FORK,
+    NULL, NULL },
+  { "pick_bad_tor2web_rendezvous_node",
+    test_pick_bad_tor2web_rendezvous_node, TT_FORK,
+    NULL, NULL },
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_introduce.c b/src/test/test_introduce.c
index 69c1152229..9c7a86da66 100644
--- a/src/test/test_introduce.c
+++ b/src/test/test_introduce.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -290,48 +290,48 @@ do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase)
 
   /* Get a key */
   k = crypto_pk_new();
-  test_assert(k);
+  tt_assert(k);
   r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_1, -1);
-  test_assert(!r);
+  tt_assert(!r);
 
   /* Get digest for future comparison */
   r = crypto_pk_get_digest(k, digest);
-  test_assert(r >= 0);
+  tt_assert(r >= 0);
 
   /* Make a cell out of it */
   r = make_intro_from_plaintext(
       plaintext, plaintext_len,
       k, (void **)(&cell));
-  test_assert(r > 0);
-  test_assert(cell);
+  tt_assert(r > 0);
+  tt_assert(cell);
   cell_len = r;
 
   /* Do early parsing */
   parsed_req = rend_service_begin_parse_intro(cell, cell_len, 2, &err_msg);
-  test_assert(parsed_req);
-  test_assert(!err_msg);
-  test_memeq(parsed_req->pk, digest, DIGEST_LEN);
-  test_assert(parsed_req->ciphertext);
-  test_assert(parsed_req->ciphertext_len > 0);
+  tt_assert(parsed_req);
+  tt_assert(!err_msg);
+  tt_mem_op(parsed_req->pk,OP_EQ, digest, DIGEST_LEN);
+  tt_assert(parsed_req->ciphertext);
+  tt_assert(parsed_req->ciphertext_len > 0);
 
   if (phase == EARLY_PARSE_ONLY)
     goto done;
 
   /* Do decryption */
   r = rend_service_decrypt_intro(parsed_req, k, &err_msg);
-  test_assert(!r);
-  test_assert(!err_msg);
-  test_assert(parsed_req->plaintext);
-  test_assert(parsed_req->plaintext_len > 0);
+  tt_assert(!r);
+  tt_assert(!err_msg);
+  tt_assert(parsed_req->plaintext);
+  tt_assert(parsed_req->plaintext_len > 0);
 
   if (phase == DECRYPT_ONLY)
     goto done;
 
   /* Do late parsing */
   r = rend_service_parse_intro_plaintext(parsed_req, &err_msg);
-  test_assert(!r);
-  test_assert(!err_msg);
-  test_assert(parsed_req->parsed);
+  tt_assert(!r);
+  tt_assert(!err_msg);
+  tt_assert(parsed_req->parsed);
 
  done:
   tor_free(cell);
@@ -371,14 +371,14 @@ make_intro_from_plaintext(
 
   /* Compute key digest (will be first DIGEST_LEN octets of cell) */
   r = crypto_pk_get_digest(key, cell);
-  test_assert(r >= 0);
+  tt_assert(r >= 0);
 
   /* Do encryption */
   r = crypto_pk_public_hybrid_encrypt(
       key, cell + DIGEST_LEN, ciphertext_size,
       buf, len,
       PK_PKCS1_OAEP_PADDING, 0);
-  test_assert(r >= 0);
+  tt_assert(r >= 0);
 
   /* Figure out cell length */
   cell_len = DIGEST_LEN + r;
@@ -394,8 +394,9 @@ make_intro_from_plaintext(
  */
 
 static void
-test_introduce_decrypt_v0(void)
+test_introduce_decrypt_v0(void *arg)
 {
+  (void)arg;
   do_decrypt_test(v0_test_plaintext, sizeof(v0_test_plaintext));
 }
 
@@ -403,8 +404,9 @@ test_introduce_decrypt_v0(void)
  */
 
 static void
-test_introduce_decrypt_v1(void)
+test_introduce_decrypt_v1(void *arg)
 {
+  (void)arg;
   do_decrypt_test(v1_test_plaintext, sizeof(v1_test_plaintext));
 }
 
@@ -412,8 +414,9 @@ test_introduce_decrypt_v1(void)
  */
 
 static void
-test_introduce_decrypt_v2(void)
+test_introduce_decrypt_v2(void *arg)
 {
+  (void)arg;
   do_decrypt_test(v2_test_plaintext, sizeof(v2_test_plaintext));
 }
 
@@ -421,8 +424,9 @@ test_introduce_decrypt_v2(void)
  */
 
 static void
-test_introduce_decrypt_v3(void)
+test_introduce_decrypt_v3(void *arg)
 {
+  (void)arg;
   do_decrypt_test(
       v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
   do_decrypt_test(
@@ -433,8 +437,9 @@ test_introduce_decrypt_v3(void)
  */
 
 static void
-test_introduce_early_parse_v0(void)
+test_introduce_early_parse_v0(void *arg)
 {
+  (void)arg;
   do_early_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
 }
 
@@ -442,8 +447,9 @@ test_introduce_early_parse_v0(void)
  */
 
 static void
-test_introduce_early_parse_v1(void)
+test_introduce_early_parse_v1(void *arg)
 {
+  (void)arg;
   do_early_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
 }
 
@@ -451,8 +457,9 @@ test_introduce_early_parse_v1(void)
  */
 
 static void
-test_introduce_early_parse_v2(void)
+test_introduce_early_parse_v2(void *arg)
 {
+  (void)arg;
   do_early_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
 }
 
@@ -460,8 +467,9 @@ test_introduce_early_parse_v2(void)
  */
 
 static void
-test_introduce_early_parse_v3(void)
+test_introduce_early_parse_v3(void *arg)
 {
+  (void)arg;
   do_early_parse_test(
       v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
   do_early_parse_test(
@@ -472,8 +480,9 @@ test_introduce_early_parse_v3(void)
  */
 
 static void
-test_introduce_late_parse_v0(void)
+test_introduce_late_parse_v0(void *arg)
 {
+  (void)arg;
   do_late_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext));
 }
 
@@ -481,8 +490,9 @@ test_introduce_late_parse_v0(void)
  */
 
 static void
-test_introduce_late_parse_v1(void)
+test_introduce_late_parse_v1(void *arg)
 {
+  (void)arg;
   do_late_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext));
 }
 
@@ -490,8 +500,9 @@ test_introduce_late_parse_v1(void)
  */
 
 static void
-test_introduce_late_parse_v2(void)
+test_introduce_late_parse_v2(void *arg)
 {
+  (void)arg;
   do_late_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext));
 }
 
@@ -499,8 +510,9 @@ test_introduce_late_parse_v2(void)
  */
 
 static void
-test_introduce_late_parse_v3(void)
+test_introduce_late_parse_v3(void *arg)
 {
+  (void)arg;
   do_late_parse_test(
       v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext));
   do_late_parse_test(
@@ -508,7 +520,7 @@ test_introduce_late_parse_v3(void)
 }
 
 #define INTRODUCE_LEGACY(name) \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_introduce_ ## name }
+  { #name, test_introduce_ ## name , 0, NULL, NULL }
 
 struct testcase_t introduce_tests[] = {
   INTRODUCE_LEGACY(early_parse_v0),
diff --git a/src/test/test_keygen.sh b/src/test/test_keygen.sh
new file mode 100755
index 0000000000..87012cd283
--- /dev/null
+++ b/src/test/test_keygen.sh
@@ -0,0 +1,368 @@
+#!/bin/sh
+
+# Note: some of this code is lifted from zero_length_keys.sh, and could be
+# unified.
+
+umask 077
+set -e
+
+if [ $# -eq 0 ] || [ ! -f ${1} ] || [ ! -x ${1} ]; then
+  if [ "$TESTING_TOR_BINARY" = "" ] ; then
+    echo "Usage: ${0} PATH_TO_TOR [case-number]"
+    exit 1
+  fi
+fi
+
+if [ $# -ge 1 ]; then
+  TOR_BINARY="${1}"
+  shift
+else
+  TOR_BINARY="${TESTING_TOR_BINARY}"
+fi
+
+
+
+  if [ $# -ge 1 ]; then
+      dflt=0
+  else
+      dflt=1
+  fi
+
+  CASE2A=$dflt
+  CASE2B=$dflt
+  CASE3A=$dflt
+  CASE3B=$dflt
+  CASE3C=$dflt
+  CASE4=$dflt
+  CASE5=$dflt
+  CASE6=$dflt
+  CASE7=$dflt
+  CASE8=$dflt
+  CASE9=$dflt
+  CASE10=$dflt
+
+  if [ $# -ge 1 ]; then
+     eval "CASE${1}"=1
+  fi
+
+
+dump() { xxd -p "$1" | tr -d '\n '; }
+die() { echo "$1" >&2 ; exit 5; }
+check_dir() { [ -d "$1" ] || die "$1 did not exist"; }
+check_file() { [ -e "$1" ] || die "$1 did not exist"; }
+check_no_file() { [ -e "$1" ] && die "$1 was not supposed to exist" || true; }
+check_files_eq() { cmp "$1" "$2" || die "$1 and $2 did not match: `dump $1` vs `dump $2`"; }
+check_keys_eq() { check_files_eq "${SRC}/keys/${1}" "${ME}/keys/${1}"; }
+
+DATA_DIR=`mktemp -d -t tor_keygen_tests.XXXXXX`
+if [ -z "$DATA_DIR" ]; then
+  echo "Failure: mktemp invocation returned empty string" >&2
+  exit 3
+fi
+if [ ! -d "$DATA_DIR" ]; then
+  echo "Failure: mktemp invocation result doesn't point to directory" >&2
+  exit 3
+fi
+trap "rm -rf '$DATA_DIR'" 0
+
+# Use an absolute path for this or Tor will complain
+DATA_DIR=`cd "${DATA_DIR}" && pwd`
+
+touch "${DATA_DIR}/empty_torrc"
+
+QUIETLY="--hush"
+SILENTLY="--quiet"
+TOR="${TOR_BINARY} ${QUIETLY} --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 -f ${DATA_DIR}/empty_torrc"
+
+##### SETUP
+#
+# Here we create three sets of keys: one using "tor", one using "tor
+# --keygen", and one using "tor --keygen" and encryption.  We'll be
+# copying them into different keys directories in order to simulate
+# different kinds of configuration problems/issues.
+
+# Step 1: Start Tor with --list-fingerprint --quiet.  Make sure everything is there.
+mkdir "${DATA_DIR}/orig"
+${TOR} --DataDirectory "${DATA_DIR}/orig" --list-fingerprint ${SILENTLY} > /dev/null
+
+check_dir "${DATA_DIR}/orig/keys"
+check_file "${DATA_DIR}/orig/keys/ed25519_master_id_public_key"
+check_file "${DATA_DIR}/orig/keys/ed25519_master_id_secret_key"
+check_file "${DATA_DIR}/orig/keys/ed25519_signing_cert"
+check_file "${DATA_DIR}/orig/keys/ed25519_signing_secret_key"
+
+# Step 2: Start Tor with --keygen.  Make sure everything is there.
+mkdir "${DATA_DIR}/keygen"
+${TOR} --DataDirectory "${DATA_DIR}/keygen" --keygen --no-passphrase 2>"${DATA_DIR}/keygen/stderr"
+grep "Not encrypting the secret key" "${DATA_DIR}/keygen/stderr" >/dev/null || die "Tor didn't declare that there would be no encryption"
+
+check_dir "${DATA_DIR}/keygen/keys"
+check_file "${DATA_DIR}/keygen/keys/ed25519_master_id_public_key"
+check_file "${DATA_DIR}/keygen/keys/ed25519_master_id_secret_key"
+check_file "${DATA_DIR}/keygen/keys/ed25519_signing_cert"
+check_file "${DATA_DIR}/keygen/keys/ed25519_signing_secret_key"
+
+# Step 3: Start Tor with --keygen and a passphrase.
+#         Make sure everything is there.
+mkdir "${DATA_DIR}/encrypted"
+echo "passphrase" | ${TOR} --DataDirectory "${DATA_DIR}/encrypted" --keygen --passphrase-fd 0
+
+check_dir "${DATA_DIR}/encrypted/keys"
+check_file "${DATA_DIR}/encrypted/keys/ed25519_master_id_public_key"
+check_file "${DATA_DIR}/encrypted/keys/ed25519_master_id_secret_key_encrypted"
+check_file "${DATA_DIR}/encrypted/keys/ed25519_signing_cert"
+check_file "${DATA_DIR}/encrypted/keys/ed25519_signing_secret_key"
+
+
+echo "=== Starting keygen tests."
+
+#
+# The "case X" numbers below come from s7r's email on
+#   https://lists.torproject.org/pipermail/tor-dev/2015-August/009204.html
+
+
+# Case 2a: Missing secret key, public key exists, start tor.
+
+if [ "$CASE2A" = 1 ]; then
+
+ME="${DATA_DIR}/case2a"
+SRC="${DATA_DIR}/orig"
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && die "Somehow succeeded when missing secret key, certs: `cat ${ME}/stdout`" || true
+check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
+
+grep "We needed to load a secret key.*but couldn't find it" "${ME}/stdout" >/dev/null || die "Tor didn't declare that it was missing a secret key"
+
+echo "==== Case 2A ok"
+fi
+
+# Case 2b: Encrypted secret key, public key exists, start tor.
+
+if [ "$CASE2B" = 1 ]; then
+
+ME="${DATA_DIR}/case2b"
+SRC="${DATA_DIR}/encrypted"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && dir "Somehow succeeded with encrypted secret key, missing certs"
+
+check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
+check_files_eq "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/ed25519_master_id_secret_key_encrypted"
+
+grep "We needed to load a secret key.*but it was encrypted.*--keygen" "${ME}/stdout" >/dev/null || die "Tor didn't declare that it was missing a secret key and suggest --keygen."
+
+echo "==== Case 2B ok"
+
+fi
+
+# Case 3a: Start Tor with only master key.
+
+if [ "$CASE3A" = 1 ]; then
+
+ME="${DATA_DIR}/case3a"
+SRC="${DATA_DIR}/orig"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_"* "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Tor failed when starting with only master key"
+check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
+check_files_eq "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/ed25519_master_id_secret_key"
+check_file "${ME}/keys/ed25519_signing_cert"
+check_file "${ME}/keys/ed25519_signing_secret_key"
+
+echo "==== Case 3A ok"
+
+fi
+
+# Case 3b: Call keygen with only unencrypted master key.
+
+if [ "$CASE3B" = 1 ]; then
+
+ME="${DATA_DIR}/case3b"
+SRC="${DATA_DIR}/orig"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_"* "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --keygen || die "Keygen failed with only master key"
+check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
+check_files_eq "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/ed25519_master_id_secret_key"
+check_file "${ME}/keys/ed25519_signing_cert"
+check_file "${ME}/keys/ed25519_signing_secret_key"
+
+echo "==== Case 3B ok"
+
+fi
+
+# Case 3c: Call keygen with only encrypted master key.
+
+if [ "$CASE3C" = 1 ]; then
+
+ME="${DATA_DIR}/case3c"
+SRC="${DATA_DIR}/encrypted"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_"* "${ME}/keys/"
+echo "passphrase" | ${TOR} --DataDirectory "${ME}" --keygen --passphrase-fd 0 || die "Keygen failed with only encrypted master key"
+check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key"
+check_files_eq "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/ed25519_master_id_secret_key_encrypted"
+check_file "${ME}/keys/ed25519_signing_cert"
+check_file "${ME}/keys/ed25519_signing_secret_key"
+
+echo "==== Case 3C ok"
+
+fi
+
+# Case 4: Make a new data directory with only an unencrypted secret key.
+#         Then start tor.  The rest should become correct.
+
+if [ "$CASE4" = 1 ]; then
+
+ME="${DATA_DIR}/case4"
+SRC="${DATA_DIR}/orig"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} > "${ME}/fp1" || die "Tor wouldn't start with only unencrypted secret key"
+check_file "${ME}/keys/ed25519_master_id_public_key"
+check_file "${ME}/keys/ed25519_signing_cert"
+check_file "${ME}/keys/ed25519_signing_secret_key"
+${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} > "${ME}/fp2" || die "Tor wouldn't start again after starting once with only unencrypted secret key."
+
+check_files_eq "${ME}/fp1" "${ME}/fp2"
+
+echo "==== Case 4 ok"
+
+fi
+
+# Case 5: Make a new data directory with only an encrypted secret key.
+
+if [ "$CASE5" = 1 ]; then
+
+ME="${DATA_DIR}/case5"
+SRC="${DATA_DIR}/encrypted"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --list-fingerprint >"${ME}/stdout" && die "Tor started with only encrypted secret key!"
+check_no_file "${ME}/keys/ed25519_master_id_public_key"
+check_no_file "${ME}/keys/ed25519_master_id_public_key"
+
+grep "but not public key file" "${ME}/stdout" >/dev/null || die "Tor didn't declare it couldn't find a public key."
+
+echo "==== Case 5 ok"
+
+fi
+
+# Case 6: Make a new data directory with encrypted secret key and public key
+
+if [ "$CASE6" = 1 ]; then
+
+ME="${DATA_DIR}/case6"
+SRC="${DATA_DIR}/encrypted"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_secret_key_encrypted" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
+${TOR} --DataDirectory "${ME}" --list-fingerprint > "${ME}/stdout" && die "Tor started with encrypted secret key and no certs" || true
+check_no_file "${ME}/keys/ed25519_signing_cert"
+check_no_file "${ME}/keys/ed25519_signing_secret_key"
+
+grep "but it was encrypted" "${ME}/stdout" >/dev/null || die "Tor didn't declare that the secret key was encrypted."
+
+echo "==== Case 6 ok"
+
+fi
+
+# Case 7: Make a new data directory with unencrypted secret key and
+# certificates; missing master public.
+
+if [ "$CASE7" = 1 ]; then
+
+ME="${DATA_DIR}/case7"
+SRC="${DATA_DIR}/keygen"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_signing_cert" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_signing_secret_key" "${ME}/keys/"
+
+${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Failed when starting with missing public key"
+check_keys_eq ed25519_master_id_secret_key
+check_keys_eq ed25519_master_id_public_key
+check_keys_eq ed25519_signing_secret_key
+check_keys_eq ed25519_signing_cert
+
+echo "==== Case 7 ok"
+
+fi
+
+# Case 8: offline master secret key.
+
+if [ "$CASE8" = 1 ]; then
+
+ME="${DATA_DIR}/case8"
+SRC="${DATA_DIR}/keygen"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_signing_cert" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_signing_secret_key" "${ME}/keys/"
+
+${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Failed when starting with offline secret key"
+check_no_file "${ME}/keys/ed25519_master_id_secret_key"
+check_keys_eq ed25519_master_id_public_key
+check_keys_eq ed25519_signing_secret_key
+check_keys_eq ed25519_signing_cert
+
+echo "==== Case 8 ok"
+
+fi
+
+# Case 9: signing cert and secret key provided; could infer master key.
+
+if [ "$CASE9" = 1 ]; then
+
+ME="${DATA_DIR}/case9"
+SRC="${DATA_DIR}/keygen"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_signing_cert" "${ME}/keys/"
+cp "${SRC}/keys/ed25519_signing_secret_key" "${ME}/keys/"
+
+${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Failed when starting with only signing material"
+check_no_file "${ME}/keys/ed25519_master_id_secret_key"
+check_file "${ME}/keys/ed25519_master_id_public_key"
+check_keys_eq ed25519_signing_secret_key
+check_keys_eq ed25519_signing_cert
+
+echo "==== Case 9 ok"
+
+fi
+
+
+# Case 10: master key mismatch.
+
+if [ "$CASE10" = 1 ]; then
+
+ME="${DATA_DIR}/case10"
+SRC="${DATA_DIR}/keygen"
+OTHER="${DATA_DIR}/orig"
+
+mkdir -p "${ME}/keys"
+cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/"
+cp "${OTHER}/keys/ed25519_master_id_secret_key" "${ME}/keys/"
+
+${TOR} --DataDirectory "${ME}" --list-fingerprint >"${ME}/stdout" && die "Successfully started with mismatched keys!?" || true
+
+grep "public_key does not match.*secret_key" "${ME}/stdout" >/dev/null || die "Tor didn't declare that there was a key mismatch"
+
+echo "==== Case 10 ok"
+
+fi
+
+
+# Check cert-only.
+
diff --git a/src/test/test_keypin.c b/src/test/test_keypin.c
new file mode 100644
index 0000000000..95657349c6
--- /dev/null
+++ b/src/test/test_keypin.c
@@ -0,0 +1,256 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#define KEYPIN_PRIVATE
+#include "or.h"
+#include "keypin.h"
+#include "util.h"
+
+#include "test.h"
+
+static void
+test_keypin_parse_line(void *arg)
+{
+  (void)arg;
+  keypin_ent_t *ent = NULL;
+
+  /* Good line */
+  ent = keypin_parse_journal_line(
+                "aGVyZSBpcyBhIGdvb2Qgc2hhMSE "
+                "VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4");
+  tt_assert(ent);
+  tt_mem_op(ent->rsa_id, ==, "here is a good sha1!", 20);
+  tt_mem_op(ent->ed25519_key, ==, "This ed25519 scoffs at the sha1.", 32);
+  tor_free(ent); ent = NULL;
+
+  /* Good line with extra stuff we will ignore. */
+  ent = keypin_parse_journal_line(
+                "aGVyZSBpcyBhIGdvb2Qgc2hhMSE "
+                "VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4helloworld");
+  tt_assert(ent);
+  tt_mem_op(ent->rsa_id, ==, "here is a good sha1!", 20);
+  tt_mem_op(ent->ed25519_key, ==, "This ed25519 scoffs at the sha1.", 32);
+  tor_free(ent); ent = NULL;
+
+  /* Bad line: no space in the middle. */
+  ent = keypin_parse_journal_line(
+                "aGVyZSBpcyBhIGdvb2Qgc2hhMSE?"
+                "VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4");
+  tt_assert(! ent);
+
+  /* Bad line: bad base64 in RSA ID */
+  ent = keypin_parse_journal_line(
+                "aGVyZSBpcyBhIGdv!2Qgc2hhMSE "
+                "VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4");
+  tt_assert(! ent);
+
+  /* Bad line: bad base64 in Ed25519 */
+  ent = keypin_parse_journal_line(
+                "aGVyZSBpcyBhIGdvb2Qgc2hhMSE "
+                "VGhpcyBlZDI1NTE5IHNjb2ZmcyB!dCB0aGUgc2hhMS4");
+  tt_assert(! ent);
+
+ done:
+  tor_free(ent);
+}
+
+static smartlist_t *mock_addent_got = NULL;
+static void
+mock_addent(keypin_ent_t *ent)
+{
+  smartlist_add(mock_addent_got, ent);
+  keypin_add_entry_to_map__real(ent);
+}
+
+static void
+test_keypin_parse_file(void *arg)
+{
+  (void)arg;
+
+  mock_addent_got = smartlist_new();
+  MOCK(keypin_add_entry_to_map, mock_addent);
+
+  /* Simple, minimal, correct example. */
+  const char data1[] =
+"PT09PT09PT09PT09PT09PT09PT0 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0\n"
+"TG9yYXggaXBzdW0gZ3J1dnZ1bHU cyB0aG5lZWQgYW1ldCwgc25lcmdlbGx5IG9uY2UtbGU\n"
+"ciBsZXJraW0sIHNlZCBkbyBiYXI YmFsb290IHRlbXBvciBnbHVwcGl0dXMgdXQgbGFib3I\n"
+"ZSBldCB0cnVmZnVsYSBtYWduYSA YWxpcXVhLiBVdCBlbmltIGFkIGdyaWNrbGUtZ3Jhc3M\n"
+"dmVuaWFtLCBxdWlzIG1pZmYtbXU ZmZlcmVkIGdhLXp1bXBjbyBsYWJvcmlzIG5pc2kgdXQ\n"
+"Y3J1ZmZ1bHVzIGV4IGVhIHNjaGw b3BwaXR5IGNvbnNlcXVhdC4gRHVpcyBhdXRlIHNuYXI\n"
+"Z2dsZSBpbiBzd29tZWVzd2FucyA aW4gdm9sdXB0YXRlIGF4ZS1oYWNrZXIgZXNzZSByaXA\n"
+"cHVsdXMgY3J1bW1paSBldSBtb28 ZiBudWxsYSBzbnV2di5QTFVHSFBMT1ZFUlhZWlpZLi4\n";
+
+  tt_int_op(0, ==, keypin_load_journal_impl(data1, strlen(data1)));
+  tt_int_op(8, ==, smartlist_len(mock_addent_got));
+  keypin_ent_t *ent = smartlist_get(mock_addent_got, 2);
+  tt_mem_op(ent->rsa_id, ==, "r lerkim, sed do bar", 20);
+  tt_mem_op(ent->ed25519_key, ==, "baloot tempor gluppitus ut labor", 32);
+
+  /* More complex example: weird lines, bogus lines,
+     duplicate/conflicting lines */
+  const char data2[] =
+    "PT09PT09PT09PT09PT09PT09PT0 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0\n"
+    "# This is a comment.\n"
+    "     \n"
+    "QXQgdGhlIGVuZCBvZiB0aGUgeWU YXIgS3VycmVta2FybWVycnVrIHNhaWQgdG8gaGltLCA\n"
+    "IllvdSBoYXZlIG1hZGUgYSBnb28 ZCBiZWdpbm5pbmcuIiBCdXQgbm8gbW9yZS4gV2l6YXI\n"
+    "\n"
+    "ZHMgc3BlYWsgdHJ1dGgsIGFuZCA aXQgd2FzIHRydWUgdGhhdCBhbGwgdGhlIG1hc3Rlcgo\n"
+    "@reserved for a future extension \n"
+    "eSBvZiBOYW1lcyB0aGF0IEdlZCA aGFkIHRvaWxlZCbyB3aW4gdGhhdCB5ZWFyIHdhcyA\n"
+    "eSBvZiBOYW1lcyB0aGF0IEdlZCA aGFkIHRvaWxlZCbyB3aW4gdGhhdCB5ZWFyIHdhcy"
+              "A line too long\n"
+    "dGhlIG1lcmUgc3RhcnQgb2Ygd2g YXQgaGUgbXVzdCBnbyBvb!BsZWFybmluZy4uLi4uLi4\n"
+    "ZHMgc3BlYWsgdaJ1dGgsIGFuZCA aXQgd2FzIHRydWUgdGhhdCBhbGwgdGhlIG1hc3Rlcgo\n"
+    "ZHMgc3BlYWsgdHJ1dGgsIGFuZCA aXQgd2FzIHRydaUgdGhhdCBhbGwgdGhlIG1hc3Rlcgo\n"
+    ;
+
+  tt_int_op(0, ==, keypin_load_journal_impl(data2, strlen(data2)));
+  tt_int_op(13, ==, smartlist_len(mock_addent_got));
+  ent = smartlist_get(mock_addent_got, 9);
+  tt_mem_op(ent->rsa_id, ==, "\"You have made a goo", 20);
+  tt_mem_op(ent->ed25519_key, ==, "d beginning.\" But no more. Wizar", 32);
+
+  ent = smartlist_get(mock_addent_got, 12);
+  tt_mem_op(ent->rsa_id, ==, "ds speak truth, and ", 20);
+  tt_mem_op(ent->ed25519_key, ==, "it was tru\xa5 that all the master\n", 32);
+
+  /* File truncated before NL */
+  const char data3[] =
+    "Tm8gZHJhZ29uIGNhbiByZXNpc3Q IHRoZSBmYXNjaW5hdGlvbiBvZiByaWRkbGluZyB0YWw";
+  tt_int_op(0, ==, keypin_load_journal_impl(data3, strlen(data3)));
+  tt_int_op(14, ==, smartlist_len(mock_addent_got));
+  ent = smartlist_get(mock_addent_got, 13);
+  tt_mem_op(ent->rsa_id, ==, "No dragon can resist", 20);
+  tt_mem_op(ent->ed25519_key, ==, " the fascination of riddling tal", 32);
+
+ done:
+  keypin_clear();
+  smartlist_free(mock_addent_got);
+}
+
+#define ADD(a,b) keypin_check_and_add((const uint8_t*)(a),\
+                                      (const uint8_t*)(b),0)
+#define LONE_RSA(a) keypin_check_lone_rsa((const uint8_t*)(a))
+
+static void
+test_keypin_add_entry(void *arg)
+{
+  (void)arg;
+  keypin_clear();
+
+  tt_int_op(KEYPIN_ADDED, ==, ADD("ambassadors-at-large",
+                                  "bread-and-butter thing-in-itself"));
+  tt_int_op(KEYPIN_ADDED, ==, ADD("gentleman-adventurer",
+                                  "cloak-and-dagger what's-his-face"));
+
+  tt_int_op(KEYPIN_FOUND, ==, ADD("ambassadors-at-large",
+                                  "bread-and-butter thing-in-itself"));
+  tt_int_op(KEYPIN_FOUND, ==, ADD("ambassadors-at-large",
+                                  "bread-and-butter thing-in-itself"));
+  tt_int_op(KEYPIN_FOUND, ==, ADD("gentleman-adventurer",
+                                  "cloak-and-dagger what's-his-face"));
+
+  tt_int_op(KEYPIN_ADDED, ==, ADD("Johnnies-come-lately",
+                                  "run-of-the-mill root-mean-square"));
+
+  tt_int_op(KEYPIN_MISMATCH, ==, ADD("gentleman-adventurer",
+                                     "hypersentimental closefistedness"));
+
+  tt_int_op(KEYPIN_MISMATCH, ==, ADD("disestablismentarian",
+                                     "cloak-and-dagger what's-his-face"));
+
+  tt_int_op(KEYPIN_FOUND, ==, ADD("gentleman-adventurer",
+                                  "cloak-and-dagger what's-his-face"));
+
+  tt_int_op(KEYPIN_NOT_FOUND, ==, LONE_RSA("Llanfairpwllgwyngyll"));
+  tt_int_op(KEYPIN_MISMATCH, ==, LONE_RSA("Johnnies-come-lately"));
+
+ done:
+  keypin_clear();
+}
+
+static void
+test_keypin_journal(void *arg)
+{
+  (void)arg;
+  char *contents = NULL;
+  const char *fname = get_fname("keypin-journal");
+
+  tt_int_op(0, ==, keypin_load_journal(fname)); /* ENOENT is okay */
+  update_approx_time(1217709000);
+  tt_int_op(0, ==, keypin_open_journal(fname));
+
+  tt_int_op(KEYPIN_ADDED, ==, ADD("king-of-the-herrings",
+                                  "good-for-nothing attorney-at-law"));
+  tt_int_op(KEYPIN_ADDED, ==, ADD("yellowish-red-yellow",
+                                  "salt-and-pepper high-muck-a-muck"));
+  tt_int_op(KEYPIN_FOUND, ==, ADD("yellowish-red-yellow",
+                                  "salt-and-pepper high-muck-a-muck"));
+  keypin_close_journal();
+  keypin_clear();
+
+  tt_int_op(0, ==, keypin_load_journal(fname));
+  update_approx_time(1231041600);
+  tt_int_op(0, ==, keypin_open_journal(fname));
+  tt_int_op(KEYPIN_FOUND, ==, ADD("yellowish-red-yellow",
+                                  "salt-and-pepper high-muck-a-muck"));
+  tt_int_op(KEYPIN_ADDED, ==, ADD("theatre-in-the-round",
+                                  "holier-than-thou jack-in-the-box"));
+  tt_int_op(KEYPIN_ADDED, ==, ADD("no-deposit-no-return",
+                                  "across-the-board will-o-the-wisp"));
+  tt_int_op(KEYPIN_MISMATCH, ==, ADD("intellectualizations",
+                                     "salt-and-pepper high-muck-a-muck"));
+  keypin_close_journal();
+  keypin_clear();
+
+  tt_int_op(0, ==, keypin_load_journal(fname));
+  update_approx_time(1412278354);
+  tt_int_op(0, ==, keypin_open_journal(fname));
+  tt_int_op(KEYPIN_FOUND, ==, ADD("yellowish-red-yellow",
+                                  "salt-and-pepper high-muck-a-muck"));
+  tt_int_op(KEYPIN_MISMATCH, ==, ADD("intellectualizations",
+                                     "salt-and-pepper high-muck-a-muck"));
+  tt_int_op(KEYPIN_FOUND, ==, ADD("theatre-in-the-round",
+                                  "holier-than-thou jack-in-the-box"));
+  tt_int_op(KEYPIN_MISMATCH, ==, ADD("counterrevolutionary",
+                                     "holier-than-thou jack-in-the-box"));
+  tt_int_op(KEYPIN_MISMATCH, ==, ADD("no-deposit-no-return",
+                                     "floccinaucinihilipilificationism"));
+  keypin_close_journal();
+
+  contents = read_file_to_str(fname, RFTS_BIN, NULL);
+  tt_assert(contents);
+  tt_str_op(contents,==,
+    "\n"
+    "@opened-at 2008-08-02 20:30:00\n"
+    "a2luZy1vZi10aGUtaGVycmluZ3M Z29vZC1mb3Itbm90aGluZyBhdHRvcm5leS1hdC1sYXc\n"
+    "eWVsbG93aXNoLXJlZC15ZWxsb3c c2FsdC1hbmQtcGVwcGVyIGhpZ2gtbXVjay1hLW11Y2s\n"
+    "\n"
+    "@opened-at 2009-01-04 04:00:00\n"
+    "dGhlYXRyZS1pbi10aGUtcm91bmQ aG9saWVyLXRoYW4tdGhvdSBqYWNrLWluLXRoZS1ib3g\n"
+    "bm8tZGVwb3NpdC1uby1yZXR1cm4 YWNyb3NzLXRoZS1ib2FyZCB3aWxsLW8tdGhlLXdpc3A\n"
+    "\n"
+    "@opened-at 2014-10-02 19:32:34\n");
+
+ done:
+  tor_free(contents);
+  keypin_clear();
+}
+
+#undef ADD
+#undef LONE_RSA
+
+#define TEST(name, flags)                                       \
+  { #name , test_keypin_ ## name, (flags), NULL, NULL }
+
+struct testcase_t keypin_tests[] = {
+  TEST( parse_line, 0 ),
+  TEST( parse_file, TT_FORK ),
+  TEST( add_entry, TT_FORK ),
+  TEST( journal, TT_FORK ),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
new file mode 100644
index 0000000000..e8856c60de
--- /dev/null
+++ b/src/test/test_link_handshake.c
@@ -0,0 +1,928 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define CHANNELTLS_PRIVATE
+#define CONNECTION_PRIVATE
+#define TOR_CHANNEL_INTERNAL_
+#include "or.h"
+#include "config.h"
+#include "connection.h"
+#include "connection_or.h"
+#include "channeltls.h"
+#include "link_handshake.h"
+#include "scheduler.h"
+
+#include "test.h"
+
+var_cell_t *mock_got_var_cell = NULL;
+
+static void
+mock_write_var_cell(const var_cell_t *vc, or_connection_t *conn)
+{
+  (void)conn;
+
+  var_cell_t *newcell = var_cell_new(vc->payload_len);
+  memcpy(newcell, vc, sizeof(var_cell_t));
+  memcpy(newcell->payload, vc->payload, vc->payload_len);
+
+  mock_got_var_cell = newcell;
+}
+static int
+mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
+{
+  (void) tls;
+  (void) cert; // XXXX look at this.
+  return 1;
+}
+
+static int mock_send_netinfo_called = 0;
+static int
+mock_send_netinfo(or_connection_t *conn)
+{
+  (void) conn;
+  ++mock_send_netinfo_called;// XXX check_this
+  return 0;
+}
+
+static int mock_close_called = 0;
+static void
+mock_close_for_err(or_connection_t *orconn, int flush)
+{
+  (void)orconn;
+  (void)flush;
+  ++mock_close_called;
+}
+
+static int mock_send_authenticate_called = 0;
+static int
+mock_send_authenticate(or_connection_t *conn, int type)
+{
+  (void) conn;
+  (void) type;
+  ++mock_send_authenticate_called;// XXX check_this
+  return 0;
+}
+
+/* Test good certs cells */
+static void
+test_link_handshake_certs_ok(void *arg)
+{
+  (void) arg;
+
+  or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
+  or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
+  var_cell_t *cell1 = NULL, *cell2 = NULL;
+  certs_cell_t *cc1 = NULL, *cc2 = NULL;
+  channel_tls_t *chan1 = NULL, *chan2 = NULL;
+  crypto_pk_t *key1 = NULL, *key2 = NULL;
+
+  scheduler_init();
+
+  MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+  MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
+  MOCK(connection_or_send_netinfo, mock_send_netinfo);
+
+  key1 = pk_generate(2);
+  key2 = pk_generate(3);
+
+  /* We need to make sure that our TLS certificates are set up before we can
+   * actually generate a CERTS cell.
+   */
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 key1, key2, 86400), ==, 0);
+
+  c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  c1->link_proto = 3;
+  tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
+
+  c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  c2->link_proto = 3;
+  tt_int_op(connection_init_or_handshake_state(c2, 0), ==, 0);
+
+  tt_int_op(0, ==, connection_or_send_certs_cell(c1));
+  tt_assert(mock_got_var_cell);
+  cell1 = mock_got_var_cell;
+
+  tt_int_op(0, ==, connection_or_send_certs_cell(c2));
+  tt_assert(mock_got_var_cell);
+  cell2 = mock_got_var_cell;
+
+  tt_int_op(cell1->command, ==, CELL_CERTS);
+  tt_int_op(cell1->payload_len, >, 1);
+
+  tt_int_op(cell2->command, ==, CELL_CERTS);
+  tt_int_op(cell2->payload_len, >, 1);
+
+  tt_int_op(cell1->payload_len, ==,
+            certs_cell_parse(&cc1, cell1->payload, cell1->payload_len));
+  tt_int_op(cell2->payload_len, ==,
+            certs_cell_parse(&cc2, cell2->payload, cell2->payload_len));
+
+  tt_int_op(2, ==, cc1->n_certs);
+  tt_int_op(2, ==, cc2->n_certs);
+
+  tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, ==,
+            CERTTYPE_RSA1024_ID_AUTH);
+  tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, ==,
+            CERTTYPE_RSA1024_ID_ID);
+
+  tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, ==,
+            CERTTYPE_RSA1024_ID_LINK);
+  tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, ==,
+            CERTTYPE_RSA1024_ID_ID);
+
+  chan1 = tor_malloc_zero(sizeof(*chan1));
+  channel_tls_common_init(chan1);
+  c1->chan = chan1;
+  chan1->conn = c1;
+  c1->base_.address = tor_strdup("C1");
+  c1->tls = tor_tls_new(-1, 0);
+  c1->link_proto = 4;
+  c1->base_.conn_array_index = -1;
+  crypto_pk_get_digest(key2, c1->identity_digest);
+
+  channel_tls_process_certs_cell(cell2, chan1);
+
+  tt_assert(c1->handshake_state->received_certs_cell);
+  tt_assert(c1->handshake_state->auth_cert == NULL);
+  tt_assert(c1->handshake_state->id_cert);
+  tt_assert(! tor_mem_is_zero(
+                  (char*)c1->handshake_state->authenticated_peer_id, 20));
+
+  chan2 = tor_malloc_zero(sizeof(*chan2));
+  channel_tls_common_init(chan2);
+  c2->chan = chan2;
+  chan2->conn = c2;
+  c2->base_.address = tor_strdup("C2");
+  c2->tls = tor_tls_new(-1, 1);
+  c2->link_proto = 4;
+  c2->base_.conn_array_index = -1;
+  crypto_pk_get_digest(key1, c2->identity_digest);
+
+  channel_tls_process_certs_cell(cell1, chan2);
+
+  tt_assert(c2->handshake_state->received_certs_cell);
+  tt_assert(c2->handshake_state->auth_cert);
+  tt_assert(c2->handshake_state->id_cert);
+  tt_assert(tor_mem_is_zero(
+                (char*)c2->handshake_state->authenticated_peer_id, 20));
+
+ done:
+  UNMOCK(tor_tls_cert_matches_key);
+  UNMOCK(connection_or_write_var_cell_to_buf);
+  UNMOCK(connection_or_send_netinfo);
+  connection_free_(TO_CONN(c1));
+  connection_free_(TO_CONN(c2));
+  tor_free(cell1);
+  tor_free(cell2);
+  certs_cell_free(cc1);
+  certs_cell_free(cc2);
+  if (chan1)
+    circuitmux_free(chan1->base_.cmux);
+  tor_free(chan1);
+  if (chan2)
+    circuitmux_free(chan2->base_.cmux);
+  tor_free(chan2);
+  crypto_pk_free(key1);
+  crypto_pk_free(key2);
+}
+
+typedef struct certs_data_s {
+  or_connection_t *c;
+  channel_tls_t *chan;
+  certs_cell_t *ccell;
+  var_cell_t *cell;
+  crypto_pk_t *key1, *key2;
+} certs_data_t;
+
+static int
+recv_certs_cleanup(const struct testcase_t *test, void *obj)
+{
+  (void)test;
+  certs_data_t *d = obj;
+  UNMOCK(tor_tls_cert_matches_key);
+  UNMOCK(connection_or_send_netinfo);
+  UNMOCK(connection_or_close_for_error);
+
+  if (d) {
+    tor_free(d->cell);
+    certs_cell_free(d->ccell);
+    connection_free_(TO_CONN(d->c));
+    circuitmux_free(d->chan->base_.cmux);
+    tor_free(d->chan);
+    crypto_pk_free(d->key1);
+    crypto_pk_free(d->key2);
+    tor_free(d);
+  }
+  return 1;
+}
+
+static void *
+recv_certs_setup(const struct testcase_t *test)
+{
+  (void)test;
+  certs_data_t *d = tor_malloc_zero(sizeof(*d));
+  certs_cell_cert_t *ccc1 = NULL;
+  certs_cell_cert_t *ccc2 = NULL;
+  ssize_t n;
+
+  d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
+  d->chan = tor_malloc_zero(sizeof(*d->chan));
+  d->c->chan = d->chan;
+  d->c->base_.address = tor_strdup("HaveAnAddress");
+  d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  d->chan->conn = d->c;
+  tt_int_op(connection_init_or_handshake_state(d->c, 1), ==, 0);
+  d->c->link_proto = 4;
+
+  d->key1 = pk_generate(2);
+  d->key2 = pk_generate(3);
+
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 d->key1, d->key2, 86400), ==, 0);
+  d->ccell = certs_cell_new();
+  ccc1 = certs_cell_cert_new();
+  certs_cell_add_certs(d->ccell, ccc1);
+  ccc2 = certs_cell_cert_new();
+  certs_cell_add_certs(d->ccell, ccc2);
+  d->ccell->n_certs = 2;
+  ccc1->cert_type = 1;
+  ccc2->cert_type = 2;
+
+  const tor_x509_cert_t *a,*b;
+  const uint8_t *enca, *encb;
+  size_t lena, lenb;
+  tor_tls_get_my_certs(1, &a, &b);
+  tor_x509_cert_get_der(a, &enca, &lena);
+  tor_x509_cert_get_der(b, &encb, &lenb);
+  certs_cell_cert_setlen_body(ccc1, lena);
+  ccc1->cert_len = lena;
+  certs_cell_cert_setlen_body(ccc2, lenb);
+  ccc2->cert_len = lenb;
+
+  memcpy(certs_cell_cert_getarray_body(ccc1), enca, lena);
+  memcpy(certs_cell_cert_getarray_body(ccc2), encb, lenb);
+
+  d->cell = var_cell_new(4096);
+  d->cell->command = CELL_CERTS;
+
+  n = certs_cell_encode(d->cell->payload, 4096, d->ccell);
+  tt_int_op(n, >, 0);
+  d->cell->payload_len = n;
+
+  MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+  MOCK(connection_or_send_netinfo, mock_send_netinfo);
+  MOCK(connection_or_close_for_error, mock_close_for_err);
+
+  tt_int_op(0, ==, d->c->handshake_state->received_certs_cell);
+  tt_int_op(0, ==, mock_send_authenticate_called);
+  tt_int_op(0, ==, mock_send_netinfo_called);
+
+  return d;
+ done:
+  recv_certs_cleanup(test, d);
+  return NULL;
+}
+
+static struct testcase_setup_t setup_recv_certs = {
+  .setup_fn = recv_certs_setup,
+  .cleanup_fn = recv_certs_cleanup
+};
+
+static void
+test_link_handshake_recv_certs_ok(void *arg)
+{
+  certs_data_t *d = arg;
+  channel_tls_process_certs_cell(d->cell, d->chan);
+  tt_int_op(0, ==, mock_close_called);
+  tt_int_op(d->c->handshake_state->authenticated, ==, 1);
+  tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
+  tt_assert(d->c->handshake_state->id_cert != NULL);
+  tt_assert(d->c->handshake_state->auth_cert == NULL);
+
+ done:
+  ;
+}
+
+static void
+test_link_handshake_recv_certs_ok_server(void *arg)
+{
+  certs_data_t *d = arg;
+  d->c->handshake_state->started_here = 0;
+  certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
+  certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
+  ssize_t n = certs_cell_encode(d->cell->payload, 2048, d->ccell);
+  tt_int_op(n, >, 0);
+  d->cell->payload_len = n;
+  channel_tls_process_certs_cell(d->cell, d->chan);
+  tt_int_op(0, ==, mock_close_called);
+  tt_int_op(d->c->handshake_state->authenticated, ==, 0);
+  tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
+  tt_assert(d->c->handshake_state->id_cert != NULL);
+  tt_assert(d->c->handshake_state->auth_cert != NULL);
+
+ done:
+  ;
+}
+
+#define CERTS_FAIL(name, code)                          \
+  static void                                                           \
+  test_link_handshake_recv_certs_ ## name(void *arg)                    \
+  {                                                                     \
+    certs_data_t *d = arg;                                              \
+    { code ; }                                                          \
+    channel_tls_process_certs_cell(d->cell, d->chan);                   \
+    tt_int_op(1, ==, mock_close_called);                                \
+    tt_int_op(0, ==, mock_send_authenticate_called);                    \
+    tt_int_op(0, ==, mock_send_netinfo_called);                         \
+  done:                                                                 \
+    ;                                                                   \
+  }
+
+CERTS_FAIL(badstate, d->c->base_.state = OR_CONN_STATE_CONNECTING)
+CERTS_FAIL(badproto, d->c->link_proto = 2)
+CERTS_FAIL(duplicate, d->c->handshake_state->received_certs_cell = 1)
+CERTS_FAIL(already_authenticated,
+           d->c->handshake_state->authenticated = 1)
+CERTS_FAIL(empty, d->cell->payload_len = 0)
+CERTS_FAIL(bad_circid, d->cell->circ_id = 1)
+CERTS_FAIL(truncated_1, d->cell->payload[0] = 5)
+CERTS_FAIL(truncated_2,
+           {
+             d->cell->payload_len = 4;
+             memcpy(d->cell->payload, "\x01\x01\x00\x05", 4);
+           })
+CERTS_FAIL(truncated_3,
+           {
+             d->cell->payload_len = 7;
+             memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);
+           })
+#define REENCODE() do {                                                 \
+    ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell);    \
+    tt_int_op(n, >, 0);                                                 \
+    d->cell->payload_len = n;                                           \
+  } while (0)
+
+CERTS_FAIL(not_x509,
+  {
+    certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 0), 3);
+    certs_cell_get_certs(d->ccell, 0)->cert_len = 3;
+    REENCODE();
+  })
+CERTS_FAIL(both_link,
+  {
+    certs_cell_get_certs(d->ccell, 0)->cert_type = 1;
+    certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
+    REENCODE();
+  })
+CERTS_FAIL(both_id_rsa,
+  {
+    certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+    certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
+    REENCODE();
+  })
+CERTS_FAIL(both_auth,
+  {
+    certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
+    certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
+    REENCODE();
+  })
+CERTS_FAIL(wrong_labels_1,
+  {
+    certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+    certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
+    REENCODE();
+  })
+CERTS_FAIL(wrong_labels_2,
+  {
+    const tor_x509_cert_t *a;
+    const tor_x509_cert_t *b;
+    const uint8_t *enca;
+    size_t lena;
+    tor_tls_get_my_certs(1, &a, &b);
+    tor_x509_cert_get_der(a, &enca, &lena);
+    certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 1), lena);
+    memcpy(certs_cell_cert_getarray_body(certs_cell_get_certs(d->ccell, 1)),
+           enca, lena);
+    certs_cell_get_certs(d->ccell, 1)->cert_len = lena;
+    REENCODE();
+  })
+CERTS_FAIL(wrong_labels_3,
+           {
+             certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+             certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
+             REENCODE();
+           })
+CERTS_FAIL(server_missing_certs,
+           {
+             d->c->handshake_state->started_here = 0;
+           })
+CERTS_FAIL(server_wrong_labels_1,
+           {
+             d->c->handshake_state->started_here = 0;
+             certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+             certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
+             REENCODE();
+           })
+
+static void
+test_link_handshake_send_authchallenge(void *arg)
+{
+  (void)arg;
+
+  or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
+  var_cell_t *cell1=NULL, *cell2=NULL;
+
+  MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
+
+  tt_int_op(connection_init_or_handshake_state(c1, 0), ==, 0);
+  c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  tt_assert(! mock_got_var_cell);
+  tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
+  cell1 = mock_got_var_cell;
+  tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
+  cell2 = mock_got_var_cell;
+  tt_int_op(36, ==, cell1->payload_len);
+  tt_int_op(36, ==, cell2->payload_len);
+  tt_int_op(0, ==, cell1->circ_id);
+  tt_int_op(0, ==, cell2->circ_id);
+  tt_int_op(CELL_AUTH_CHALLENGE, ==, cell1->command);
+  tt_int_op(CELL_AUTH_CHALLENGE, ==, cell2->command);
+
+  tt_mem_op("\x00\x01\x00\x01", ==, cell1->payload + 32, 4);
+  tt_mem_op("\x00\x01\x00\x01", ==, cell2->payload + 32, 4);
+  tt_mem_op(cell1->payload, !=, cell2->payload, 32);
+
+ done:
+  UNMOCK(connection_or_write_var_cell_to_buf);
+  connection_free_(TO_CONN(c1));
+  tor_free(cell1);
+  tor_free(cell2);
+}
+
+typedef struct authchallenge_data_s {
+  or_connection_t *c;
+  channel_tls_t *chan;
+  var_cell_t *cell;
+} authchallenge_data_t;
+
+static int
+recv_authchallenge_cleanup(const struct testcase_t *test, void *obj)
+{
+  (void)test;
+  authchallenge_data_t *d = obj;
+
+  UNMOCK(connection_or_send_netinfo);
+  UNMOCK(connection_or_close_for_error);
+  UNMOCK(connection_or_send_authenticate_cell);
+
+  if (d) {
+    tor_free(d->cell);
+    connection_free_(TO_CONN(d->c));
+    circuitmux_free(d->chan->base_.cmux);
+    tor_free(d->chan);
+    tor_free(d);
+  }
+  return 1;
+}
+
+static void *
+recv_authchallenge_setup(const struct testcase_t *test)
+{
+  (void)test;
+  authchallenge_data_t *d = tor_malloc_zero(sizeof(*d));
+  d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
+  d->chan = tor_malloc_zero(sizeof(*d->chan));
+  d->c->chan = d->chan;
+  d->c->base_.address = tor_strdup("HaveAnAddress");
+  d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  d->chan->conn = d->c;
+  tt_int_op(connection_init_or_handshake_state(d->c, 1), ==, 0);
+  d->c->link_proto = 4;
+  d->c->handshake_state->received_certs_cell = 1;
+  d->cell = var_cell_new(128);
+  d->cell->payload_len = 38;
+  d->cell->payload[33] = 2;
+  d->cell->payload[35] = 7;
+  d->cell->payload[37] = 1;
+  d->cell->command = CELL_AUTH_CHALLENGE;
+
+  get_options_mutable()->ORPort_set = 1;
+
+  MOCK(connection_or_close_for_error, mock_close_for_err);
+  MOCK(connection_or_send_netinfo, mock_send_netinfo);
+  MOCK(connection_or_send_authenticate_cell, mock_send_authenticate);
+
+  tt_int_op(0, ==, d->c->handshake_state->received_auth_challenge);
+  tt_int_op(0, ==, mock_send_authenticate_called);
+  tt_int_op(0, ==, mock_send_netinfo_called);
+
+  return d;
+ done:
+  recv_authchallenge_cleanup(test, d);
+  return NULL;
+}
+
+static struct testcase_setup_t setup_recv_authchallenge = {
+  .setup_fn = recv_authchallenge_setup,
+  .cleanup_fn = recv_authchallenge_cleanup
+};
+
+static void
+test_link_handshake_recv_authchallenge_ok(void *arg)
+{
+  authchallenge_data_t *d = arg;
+
+  channel_tls_process_auth_challenge_cell(d->cell, d->chan);
+  tt_int_op(0, ==, mock_close_called);
+  tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
+  tt_int_op(1, ==, mock_send_authenticate_called);
+  tt_int_op(1, ==, mock_send_netinfo_called);
+ done:
+  ;
+}
+
+static void
+test_link_handshake_recv_authchallenge_ok_noserver(void *arg)
+{
+  authchallenge_data_t *d = arg;
+  get_options_mutable()->ORPort_set = 0;
+
+  channel_tls_process_auth_challenge_cell(d->cell, d->chan);
+  tt_int_op(0, ==, mock_close_called);
+  tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
+  tt_int_op(0, ==, mock_send_authenticate_called);
+  tt_int_op(0, ==, mock_send_netinfo_called);
+ done:
+  ;
+}
+
+static void
+test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg)
+{
+  authchallenge_data_t *d = arg;
+  d->cell->payload[37] = 99;
+
+  channel_tls_process_auth_challenge_cell(d->cell, d->chan);
+  tt_int_op(0, ==, mock_close_called);
+  tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
+  tt_int_op(0, ==, mock_send_authenticate_called);
+  tt_int_op(1, ==, mock_send_netinfo_called);
+ done:
+  ;
+}
+
+#define AUTHCHALLENGE_FAIL(name, code)                          \
+  static void                                                           \
+  test_link_handshake_recv_authchallenge_ ## name(void *arg)            \
+  {                                                                     \
+    authchallenge_data_t *d = arg;                                      \
+    { code ; }                                                          \
+    channel_tls_process_auth_challenge_cell(d->cell, d->chan);          \
+    tt_int_op(1, ==, mock_close_called);                                \
+    tt_int_op(0, ==, mock_send_authenticate_called);                    \
+    tt_int_op(0, ==, mock_send_netinfo_called);                         \
+  done:                                                                 \
+    ;                                                                   \
+  }
+
+AUTHCHALLENGE_FAIL(badstate,
+                   d->c->base_.state = OR_CONN_STATE_CONNECTING)
+AUTHCHALLENGE_FAIL(badproto,
+                   d->c->link_proto = 2)
+AUTHCHALLENGE_FAIL(as_server,
+                   d->c->handshake_state->started_here = 0;)
+AUTHCHALLENGE_FAIL(duplicate,
+                   d->c->handshake_state->received_auth_challenge = 1)
+AUTHCHALLENGE_FAIL(nocerts,
+                   d->c->handshake_state->received_certs_cell = 0)
+AUTHCHALLENGE_FAIL(tooshort,
+                   d->cell->payload_len = 33)
+AUTHCHALLENGE_FAIL(truncated,
+                   d->cell->payload_len = 34)
+AUTHCHALLENGE_FAIL(nonzero_circid,
+                   d->cell->circ_id = 1337)
+
+static tor_x509_cert_t *mock_peer_cert = NULL;
+static tor_x509_cert_t *
+mock_get_peer_cert(tor_tls_t *tls)
+{
+  (void)tls;
+  return mock_peer_cert;
+}
+
+static int
+mock_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
+{
+  (void)tls;
+  memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32);
+  return 0;
+}
+
+static void
+mock_set_circid_type(channel_t *chan,
+                     crypto_pk_t *identity_rcvd,
+                     int consider_identity)
+{
+  (void) chan;
+  (void) identity_rcvd;
+  (void) consider_identity;
+}
+
+typedef struct authenticate_data_s {
+  or_connection_t *c1, *c2;
+  channel_tls_t *chan2;
+  var_cell_t *cell;
+  crypto_pk_t *key1, *key2;
+} authenticate_data_t;
+
+static int
+authenticate_data_cleanup(const struct testcase_t *test, void *arg)
+{
+  (void) test;
+  UNMOCK(connection_or_write_var_cell_to_buf);
+  UNMOCK(tor_tls_get_peer_cert);
+  UNMOCK(tor_tls_get_tlssecrets);
+  UNMOCK(connection_or_close_for_error);
+  UNMOCK(channel_set_circid_type);
+  authenticate_data_t *d = arg;
+  if (d) {
+    tor_free(d->cell);
+    connection_free_(TO_CONN(d->c1));
+    connection_free_(TO_CONN(d->c2));
+    circuitmux_free(d->chan2->base_.cmux);
+    tor_free(d->chan2);
+    crypto_pk_free(d->key1);
+    crypto_pk_free(d->key2);
+    tor_free(d);
+  }
+  mock_peer_cert = NULL;
+
+  return 1;
+}
+
+static void *
+authenticate_data_setup(const struct testcase_t *test)
+{
+  authenticate_data_t *d = tor_malloc_zero(sizeof(*d));
+
+  scheduler_init();
+
+  MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
+  MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
+  MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
+  MOCK(connection_or_close_for_error, mock_close_for_err);
+  MOCK(channel_set_circid_type, mock_set_circid_type);
+  d->c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
+  d->c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
+
+  d->key1 = pk_generate(2);
+  d->key2 = pk_generate(3);
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 d->key1, d->key2, 86400), ==, 0);
+
+  d->c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  d->c1->link_proto = 3;
+  tt_int_op(connection_init_or_handshake_state(d->c1, 1), ==, 0);
+
+  d->c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+  d->c2->link_proto = 3;
+  tt_int_op(connection_init_or_handshake_state(d->c2, 0), ==, 0);
+  var_cell_t *cell = var_cell_new(16);
+  cell->command = CELL_CERTS;
+  or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 1);
+  or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 0);
+  memset(cell->payload, 0xf0, 16);
+  or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 0);
+  or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 1);
+  tor_free(cell);
+
+  d->chan2 = tor_malloc_zero(sizeof(*d->chan2));
+  channel_tls_common_init(d->chan2);
+  d->c2->chan = d->chan2;
+  d->chan2->conn = d->c2;
+  d->c2->base_.address = tor_strdup("C2");
+  d->c2->tls = tor_tls_new(-1, 1);
+  d->c2->handshake_state->received_certs_cell = 1;
+
+  const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL, *auth_cert=NULL;
+  tt_assert(! tor_tls_get_my_certs(1, &link_cert, &id_cert));
+
+  const uint8_t *der;
+  size_t sz;
+  tor_x509_cert_get_der(id_cert, &der, &sz);
+  d->c1->handshake_state->id_cert = tor_x509_cert_decode(der, sz);
+  d->c2->handshake_state->id_cert = tor_x509_cert_decode(der, sz);
+
+  tor_x509_cert_get_der(link_cert, &der, &sz);
+  mock_peer_cert = tor_x509_cert_decode(der, sz);
+  tt_assert(mock_peer_cert);
+  tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert));
+  tor_x509_cert_get_der(auth_cert, &der, &sz);
+  d->c2->handshake_state->auth_cert = tor_x509_cert_decode(der, sz);
+
+  /* Make an authenticate cell ... */
+  tt_int_op(0, ==, connection_or_send_authenticate_cell(d->c1,
+                                             AUTHTYPE_RSA_SHA256_TLSSECRET));
+  tt_assert(mock_got_var_cell);
+  d->cell = mock_got_var_cell;
+  mock_got_var_cell = NULL;
+
+  return d;
+ done:
+  authenticate_data_cleanup(test, d);
+  return NULL;
+}
+
+static struct testcase_setup_t setup_authenticate = {
+  .setup_fn = authenticate_data_setup,
+  .cleanup_fn = authenticate_data_cleanup
+};
+
+static void
+test_link_handshake_auth_cell(void *arg)
+{
+  authenticate_data_t *d = arg;
+  auth1_t *auth1 = NULL;
+  crypto_pk_t *auth_pubkey = NULL;
+
+  /* Is the cell well-formed on the outer layer? */
+  tt_int_op(d->cell->command, ==, CELL_AUTHENTICATE);
+  tt_int_op(d->cell->payload[0], ==, 0);
+  tt_int_op(d->cell->payload[1], ==, 1);
+  tt_int_op(ntohs(get_uint16(d->cell->payload + 2)), ==,
+            d->cell->payload_len - 4);
+
+  /* Check it out for plausibility... */
+  auth_ctx_t ctx;
+  ctx.is_ed = 0;
+  tt_int_op(d->cell->payload_len-4, ==, auth1_parse(&auth1,
+                                             d->cell->payload+4,
+                                             d->cell->payload_len - 4, &ctx));
+  tt_assert(auth1);
+
+  tt_mem_op(auth1->type, ==, "AUTH0001", 8);
+  tt_mem_op(auth1->tlssecrets, ==, "int getRandomNumber(){return 4;}", 32);
+  tt_int_op(auth1_getlen_sig(auth1), >, 120);
+
+  /* Is the signature okay? */
+  uint8_t sig[128];
+  uint8_t digest[32];
+
+  auth_pubkey = tor_tls_cert_get_key(d->c2->handshake_state->auth_cert);
+  int n = crypto_pk_public_checksig(
+              auth_pubkey,
+              (char*)sig, sizeof(sig), (char*)auth1_getarray_sig(auth1),
+              auth1_getlen_sig(auth1));
+  tt_int_op(n, ==, 32);
+  const uint8_t *start = d->cell->payload+4, *end = auth1->end_of_signed;
+  crypto_digest256((char*)digest,
+                   (const char*)start, end-start, DIGEST_SHA256);
+  tt_mem_op(sig, ==, digest, 32);
+
+  /* Then feed it to c2. */
+  tt_int_op(d->c2->handshake_state->authenticated, ==, 0);
+  channel_tls_process_authenticate_cell(d->cell, d->chan2);
+  tt_int_op(mock_close_called, ==, 0);
+  tt_int_op(d->c2->handshake_state->authenticated, ==, 1);
+
+ done:
+  auth1_free(auth1);
+  crypto_pk_free(auth_pubkey);
+}
+
+#define AUTHENTICATE_FAIL(name, code)                           \
+  static void                                                   \
+  test_link_handshake_auth_ ## name(void *arg)                  \
+  {                                                             \
+    authenticate_data_t *d = arg;                               \
+    { code ; }                                                  \
+    tt_int_op(d->c2->handshake_state->authenticated, ==, 0);    \
+    channel_tls_process_authenticate_cell(d->cell, d->chan2);   \
+    tt_int_op(mock_close_called, ==, 1);                        \
+    tt_int_op(d->c2->handshake_state->authenticated, ==, 0);    \
+   done:                                                        \
+   ;                                                            \
+  }
+
+AUTHENTICATE_FAIL(badstate,
+                  d->c2->base_.state = OR_CONN_STATE_CONNECTING)
+AUTHENTICATE_FAIL(badproto,
+                  d->c2->link_proto = 2)
+AUTHENTICATE_FAIL(atclient,
+                  d->c2->handshake_state->started_here = 1)
+AUTHENTICATE_FAIL(duplicate,
+                  d->c2->handshake_state->received_authenticate = 1)
+static void
+test_link_handshake_auth_already_authenticated(void *arg)
+{
+  authenticate_data_t *d = arg;
+  d->c2->handshake_state->authenticated = 1;
+  channel_tls_process_authenticate_cell(d->cell, d->chan2);
+  tt_int_op(mock_close_called, ==, 1);
+  tt_int_op(d->c2->handshake_state->authenticated, ==, 1);
+ done:
+  ;
+}
+AUTHENTICATE_FAIL(nocerts,
+                  d->c2->handshake_state->received_certs_cell = 0)
+AUTHENTICATE_FAIL(noidcert,
+                  tor_x509_cert_free(d->c2->handshake_state->id_cert);
+                  d->c2->handshake_state->id_cert = NULL)
+AUTHENTICATE_FAIL(noauthcert,
+                  tor_x509_cert_free(d->c2->handshake_state->auth_cert);
+                  d->c2->handshake_state->auth_cert = NULL)
+AUTHENTICATE_FAIL(tooshort,
+                  d->cell->payload_len = 3)
+AUTHENTICATE_FAIL(badtype,
+                  d->cell->payload[0] = 0xff)
+AUTHENTICATE_FAIL(truncated_1,
+                  d->cell->payload[2]++)
+AUTHENTICATE_FAIL(truncated_2,
+                  d->cell->payload[3]++)
+AUTHENTICATE_FAIL(tooshort_1,
+                  tt_int_op(d->cell->payload_len, >=, 260);
+                  d->cell->payload[2] -= 1;
+                  d->cell->payload_len -= 256;)
+AUTHENTICATE_FAIL(badcontent,
+                  d->cell->payload[10] ^= 0xff)
+AUTHENTICATE_FAIL(badsig_1,
+                  d->cell->payload[d->cell->payload_len - 5] ^= 0xff)
+
+#define TEST(name, flags)                                       \
+  { #name , test_link_handshake_ ## name, (flags), NULL, NULL }
+
+#define TEST_RCV_AUTHCHALLENGE(name)                            \
+  { "recv_authchallenge/" #name ,                               \
+    test_link_handshake_recv_authchallenge_ ## name, TT_FORK,   \
+      &setup_recv_authchallenge, NULL }
+
+#define TEST_RCV_CERTS(name)                                    \
+  { "recv_certs/" #name ,                                       \
+      test_link_handshake_recv_certs_ ## name, TT_FORK,         \
+      &setup_recv_certs, NULL }
+
+#define TEST_AUTHENTICATE(name)                                         \
+  { "authenticate/" #name , test_link_handshake_auth_ ## name, TT_FORK, \
+      &setup_authenticate, NULL }
+
+struct testcase_t link_handshake_tests[] = {
+  TEST(certs_ok, TT_FORK),
+  //TEST(certs_bad, TT_FORK),
+  TEST_RCV_CERTS(ok),
+  TEST_RCV_CERTS(ok_server),
+  TEST_RCV_CERTS(badstate),
+  TEST_RCV_CERTS(badproto),
+  TEST_RCV_CERTS(duplicate),
+  TEST_RCV_CERTS(already_authenticated),
+  TEST_RCV_CERTS(empty),
+  TEST_RCV_CERTS(bad_circid),
+  TEST_RCV_CERTS(truncated_1),
+  TEST_RCV_CERTS(truncated_2),
+  TEST_RCV_CERTS(truncated_3),
+  TEST_RCV_CERTS(not_x509),
+  TEST_RCV_CERTS(both_link),
+  TEST_RCV_CERTS(both_id_rsa),
+  TEST_RCV_CERTS(both_auth),
+  TEST_RCV_CERTS(wrong_labels_1),
+  TEST_RCV_CERTS(wrong_labels_2),
+  TEST_RCV_CERTS(wrong_labels_3),
+  TEST_RCV_CERTS(server_missing_certs),
+  TEST_RCV_CERTS(server_wrong_labels_1),
+
+  TEST(send_authchallenge, TT_FORK),
+  TEST_RCV_AUTHCHALLENGE(ok),
+  TEST_RCV_AUTHCHALLENGE(ok_noserver),
+  TEST_RCV_AUTHCHALLENGE(ok_unrecognized),
+  TEST_RCV_AUTHCHALLENGE(badstate),
+  TEST_RCV_AUTHCHALLENGE(badproto),
+  TEST_RCV_AUTHCHALLENGE(as_server),
+  TEST_RCV_AUTHCHALLENGE(duplicate),
+  TEST_RCV_AUTHCHALLENGE(nocerts),
+  TEST_RCV_AUTHCHALLENGE(tooshort),
+  TEST_RCV_AUTHCHALLENGE(truncated),
+  TEST_RCV_AUTHCHALLENGE(nonzero_circid),
+
+  TEST_AUTHENTICATE(cell),
+  TEST_AUTHENTICATE(badstate),
+  TEST_AUTHENTICATE(badproto),
+  TEST_AUTHENTICATE(atclient),
+  TEST_AUTHENTICATE(duplicate),
+  TEST_AUTHENTICATE(already_authenticated),
+  TEST_AUTHENTICATE(nocerts),
+  TEST_AUTHENTICATE(noidcert),
+  TEST_AUTHENTICATE(noauthcert),
+  TEST_AUTHENTICATE(tooshort),
+  TEST_AUTHENTICATE(badtype),
+  TEST_AUTHENTICATE(truncated_1),
+  TEST_AUTHENTICATE(truncated_2),
+  TEST_AUTHENTICATE(tooshort_1),
+  TEST_AUTHENTICATE(badcontent),
+  TEST_AUTHENTICATE(badsig_1),
+  //TEST_AUTHENTICATE(),
+
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_logging.c b/src/test/test_logging.c
index 7e558f83b1..eb294fe6f8 100644
--- a/src/test/test_logging.c
+++ b/src/test/test_logging.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -19,11 +19,11 @@ test_get_sigsafe_err_fds(void *arg)
   int n;
   log_severity_list_t include_bug, no_bug, no_bug2;
   (void) arg;
-  init_logging();
+  init_logging(1);
 
   n = tor_log_get_sigsafe_err_fds(&fds);
-  tt_int_op(n, ==, 1);
-  tt_int_op(fds[0], ==, STDERR_FILENO);
+  tt_int_op(n, OP_EQ, 1);
+  tt_int_op(fds[0], OP_EQ, STDERR_FILENO);
 
   set_log_severity_config(LOG_WARN, LOG_ERR, &include_bug);
   set_log_severity_config(LOG_WARN, LOG_ERR, &no_bug);
@@ -40,26 +40,26 @@ test_get_sigsafe_err_fds(void *arg)
   tor_log_update_sigsafe_err_fds();
 
   n = tor_log_get_sigsafe_err_fds(&fds);
-  tt_int_op(n, ==, 2);
-  tt_int_op(fds[0], ==, STDERR_FILENO);
-  tt_int_op(fds[1], ==, 3);
+  tt_int_op(n, OP_EQ, 2);
+  tt_int_op(fds[0], OP_EQ, STDERR_FILENO);
+  tt_int_op(fds[1], OP_EQ, 3);
 
   /* Allow STDOUT to replace STDERR. */
   add_stream_log(&include_bug, "dummy-4", STDOUT_FILENO);
   tor_log_update_sigsafe_err_fds();
   n = tor_log_get_sigsafe_err_fds(&fds);
-  tt_int_op(n, ==, 2);
-  tt_int_op(fds[0], ==, 3);
-  tt_int_op(fds[1], ==, STDOUT_FILENO);
+  tt_int_op(n, OP_EQ, 2);
+  tt_int_op(fds[0], OP_EQ, 3);
+  tt_int_op(fds[1], OP_EQ, STDOUT_FILENO);
 
   /* But don't allow it to replace explicit STDERR. */
   add_stream_log(&include_bug, "dummy-5", STDERR_FILENO);
   tor_log_update_sigsafe_err_fds();
   n = tor_log_get_sigsafe_err_fds(&fds);
-  tt_int_op(n, ==, 3);
-  tt_int_op(fds[0], ==, STDERR_FILENO);
-  tt_int_op(fds[1], ==, STDOUT_FILENO);
-  tt_int_op(fds[2], ==, 3);
+  tt_int_op(n, OP_EQ, 3);
+  tt_int_op(fds[0], OP_EQ, STDERR_FILENO);
+  tt_int_op(fds[1], OP_EQ, STDOUT_FILENO);
+  tt_int_op(fds[2], OP_EQ, 3);
 
   /* Don't overflow the array. */
   {
@@ -70,7 +70,7 @@ test_get_sigsafe_err_fds(void *arg)
   }
   tor_log_update_sigsafe_err_fds();
   n = tor_log_get_sigsafe_err_fds(&fds);
-  tt_int_op(n, ==, 8);
+  tt_int_op(n, OP_EQ, 8);
 
  done:
   ;
@@ -87,9 +87,9 @@ test_sigsafe_err(void *arg)
 
   set_log_severity_config(LOG_WARN, LOG_ERR, &include_bug);
 
-  init_logging();
+  init_logging(1);
   mark_logs_temp();
-  add_file_log(&include_bug, fn);
+  add_file_log(&include_bug, fn, 0);
   tor_log_update_sigsafe_err_fds();
   close_temp_logs();
 
@@ -109,7 +109,7 @@ test_sigsafe_err(void *arg)
 
   tt_assert(content != NULL);
   tor_split_lines(lines, content, (int)strlen(content));
-  tt_int_op(smartlist_len(lines), >=, 5);
+  tt_int_op(smartlist_len(lines), OP_GE, 5);
 
   if (strstr(smartlist_get(lines, 0), "opening new log file"))
     smartlist_del_keeporder(lines, 0);
@@ -119,7 +119,7 @@ test_sigsafe_err(void *arg)
   tt_assert(!strcmpstart(smartlist_get(lines, 2), "Minimal."));
   /* Next line is blank. */
   tt_assert(!strcmpstart(smartlist_get(lines, 3), "=============="));
-  tt_str_op(smartlist_get(lines, 4), ==,
+  tt_str_op(smartlist_get(lines, 4), OP_EQ,
             "Testing any attempt to manually log from a signal.");
 
  done:
diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c
index 78f4823b87..dbd1e5ac48 100644
--- a/src/test/test_microdesc.c
+++ b/src/test/test_microdesc.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2013, The Tor Project, Inc. */
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -7,11 +7,38 @@
 #include "config.h"
 #include "dirvote.h"
 #include "microdesc.h"
+#include "networkstatus.h"
 #include "routerlist.h"
 #include "routerparse.h"
+#include "torcert.h"
 
 #include "test.h"
 
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice.
+ * Suppress the GCC warning so we can build with -Wredundant-decl. */
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/pem.h>
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
+#endif
+
 #ifdef _WIN32
 /* For mkdir() */
 #include <direct.h>
@@ -70,9 +97,9 @@ test_md_cache(void *data)
   tor_free(options->DataDirectory);
   options->DataDirectory = tor_strdup(get_fname("md_datadir_test"));
 #ifdef _WIN32
-  tt_int_op(0, ==, mkdir(options->DataDirectory));
+  tt_int_op(0, OP_EQ, mkdir(options->DataDirectory));
 #else
-  tt_int_op(0, ==, mkdir(options->DataDirectory, 0700));
+  tt_int_op(0, OP_EQ, mkdir(options->DataDirectory, 0700));
 #endif
 
   tt_assert(!strcmpstart(test_md3_noannotation, "onion-key"));
@@ -86,7 +113,7 @@ test_md_cache(void *data)
 
   added = microdescs_add_to_cache(mc, test_md1, NULL, SAVED_NOWHERE, 0,
                                   time1, NULL);
-  tt_int_op(1, ==, smartlist_len(added));
+  tt_int_op(1, OP_EQ, smartlist_len(added));
   md1 = smartlist_get(added, 0);
   smartlist_free(added);
   added = NULL;
@@ -95,7 +122,7 @@ test_md_cache(void *data)
   added = microdescs_add_to_cache(mc, test_md2, NULL, SAVED_NOWHERE, 0,
                                   time2, wanted);
   /* Should fail, since we didn't list test_md2's digest in wanted */
-  tt_int_op(0, ==, smartlist_len(added));
+  tt_int_op(0, OP_EQ, smartlist_len(added));
   smartlist_free(added);
   added = NULL;
 
@@ -104,75 +131,75 @@ test_md_cache(void *data)
   added = microdescs_add_to_cache(mc, test_md2, NULL, SAVED_NOWHERE, 0,
                                   time2, wanted);
   /* Now it can work. md2 should have been added */
-  tt_int_op(1, ==, smartlist_len(added));
+  tt_int_op(1, OP_EQ, smartlist_len(added));
   md2 = smartlist_get(added, 0);
   /* And it should have gotten removed from 'wanted' */
-  tt_int_op(smartlist_len(wanted), ==, 1);
-  test_mem_op(smartlist_get(wanted, 0), ==, d3, DIGEST256_LEN);
+  tt_int_op(smartlist_len(wanted), OP_EQ, 1);
+  tt_mem_op(smartlist_get(wanted, 0), OP_EQ, d3, DIGEST256_LEN);
   smartlist_free(added);
   added = NULL;
 
   added = microdescs_add_to_cache(mc, test_md3, NULL,
                                   SAVED_NOWHERE, 0, -1, NULL);
   /* Must fail, since SAVED_NOWHERE precludes annotations */
-  tt_int_op(0, ==, smartlist_len(added));
+  tt_int_op(0, OP_EQ, smartlist_len(added));
   smartlist_free(added);
   added = NULL;
 
   added = microdescs_add_to_cache(mc, test_md3_noannotation, NULL,
                                   SAVED_NOWHERE, 0, time3, NULL);
   /* Now it can work */
-  tt_int_op(1, ==, smartlist_len(added));
+  tt_int_op(1, OP_EQ, smartlist_len(added));
   md3 = smartlist_get(added, 0);
   smartlist_free(added);
   added = NULL;
 
   /* Okay.  We added 1...3.  Let's poke them to see how they look, and make
    * sure they're really in the journal. */
-  tt_ptr_op(md1, ==, microdesc_cache_lookup_by_digest256(mc, d1));
-  tt_ptr_op(md2, ==, microdesc_cache_lookup_by_digest256(mc, d2));
-  tt_ptr_op(md3, ==, microdesc_cache_lookup_by_digest256(mc, d3));
-
-  tt_int_op(md1->last_listed, ==, time1);
-  tt_int_op(md2->last_listed, ==, time2);
-  tt_int_op(md3->last_listed, ==, time3);
-
-  tt_int_op(md1->saved_location, ==, SAVED_IN_JOURNAL);
-  tt_int_op(md2->saved_location, ==, SAVED_IN_JOURNAL);
-  tt_int_op(md3->saved_location, ==, SAVED_IN_JOURNAL);
-
-  tt_int_op(md1->bodylen, ==, strlen(test_md1));
-  tt_int_op(md2->bodylen, ==, strlen(test_md2));
-  tt_int_op(md3->bodylen, ==, strlen(test_md3_noannotation));
-  test_mem_op(md1->body, ==, test_md1, strlen(test_md1));
-  test_mem_op(md2->body, ==, test_md2, strlen(test_md2));
-  test_mem_op(md3->body, ==, test_md3_noannotation,
+  tt_ptr_op(md1, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d1));
+  tt_ptr_op(md2, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d2));
+  tt_ptr_op(md3, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d3));
+
+  tt_int_op(md1->last_listed, OP_EQ, time1);
+  tt_int_op(md2->last_listed, OP_EQ, time2);
+  tt_int_op(md3->last_listed, OP_EQ, time3);
+
+  tt_int_op(md1->saved_location, OP_EQ, SAVED_IN_JOURNAL);
+  tt_int_op(md2->saved_location, OP_EQ, SAVED_IN_JOURNAL);
+  tt_int_op(md3->saved_location, OP_EQ, SAVED_IN_JOURNAL);
+
+  tt_int_op(md1->bodylen, OP_EQ, strlen(test_md1));
+  tt_int_op(md2->bodylen, OP_EQ, strlen(test_md2));
+  tt_int_op(md3->bodylen, OP_EQ, strlen(test_md3_noannotation));
+  tt_mem_op(md1->body, OP_EQ, test_md1, strlen(test_md1));
+  tt_mem_op(md2->body, OP_EQ, test_md2, strlen(test_md2));
+  tt_mem_op(md3->body, OP_EQ, test_md3_noannotation,
               strlen(test_md3_noannotation));
 
   tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-microdescs.new",
                options->DataDirectory);
   s = read_file_to_str(fn, RFTS_BIN, NULL);
   tt_assert(s);
-  test_mem_op(md1->body, ==, s + md1->off, md1->bodylen);
-  test_mem_op(md2->body, ==, s + md2->off, md2->bodylen);
-  test_mem_op(md3->body, ==, s + md3->off, md3->bodylen);
+  tt_mem_op(md1->body, OP_EQ, s + md1->off, md1->bodylen);
+  tt_mem_op(md2->body, OP_EQ, s + md2->off, md2->bodylen);
+  tt_mem_op(md3->body, OP_EQ, s + md3->off, md3->bodylen);
 
-  tt_ptr_op(md1->family, ==, NULL);
-  tt_ptr_op(md3->family, !=, NULL);
-  tt_int_op(smartlist_len(md3->family), ==, 3);
-  tt_str_op(smartlist_get(md3->family, 0), ==, "nodeX");
+  tt_ptr_op(md1->family, OP_EQ, NULL);
+  tt_ptr_op(md3->family, OP_NE, NULL);
+  tt_int_op(smartlist_len(md3->family), OP_EQ, 3);
+  tt_str_op(smartlist_get(md3->family, 0), OP_EQ, "nodeX");
 
   /* Now rebuild the cache! */
-  tt_int_op(microdesc_cache_rebuild(mc, 1), ==, 0);
+  tt_int_op(microdesc_cache_rebuild(mc, 1), OP_EQ, 0);
 
-  tt_int_op(md1->saved_location, ==, SAVED_IN_CACHE);
-  tt_int_op(md2->saved_location, ==, SAVED_IN_CACHE);
-  tt_int_op(md3->saved_location, ==, SAVED_IN_CACHE);
+  tt_int_op(md1->saved_location, OP_EQ, SAVED_IN_CACHE);
+  tt_int_op(md2->saved_location, OP_EQ, SAVED_IN_CACHE);
+  tt_int_op(md3->saved_location, OP_EQ, SAVED_IN_CACHE);
 
   /* The journal should be empty now */
   tor_free(s);
   s = read_file_to_str(fn, RFTS_BIN, NULL);
-  tt_str_op(s, ==, "");
+  tt_str_op(s, OP_EQ, "");
   tor_free(s);
   tor_free(fn);
 
@@ -180,9 +207,9 @@ test_md_cache(void *data)
   tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-microdescs",
                options->DataDirectory);
   s = read_file_to_str(fn, RFTS_BIN, NULL);
-  test_mem_op(md1->body, ==, s + md1->off, strlen(test_md1));
-  test_mem_op(md2->body, ==, s + md2->off, strlen(test_md2));
-  test_mem_op(md3->body, ==, s + md3->off, strlen(test_md3_noannotation));
+  tt_mem_op(md1->body, OP_EQ, s + md1->off, strlen(test_md1));
+  tt_mem_op(md2->body, OP_EQ, s + md2->off, strlen(test_md2));
+  tt_mem_op(md3->body, OP_EQ, s + md3->off, strlen(test_md3_noannotation));
 
   /* Okay, now we are going to forget about the cache entirely, and reload it
    * from the disk. */
@@ -191,44 +218,44 @@ test_md_cache(void *data)
   md1 = microdesc_cache_lookup_by_digest256(mc, d1);
   md2 = microdesc_cache_lookup_by_digest256(mc, d2);
   md3 = microdesc_cache_lookup_by_digest256(mc, d3);
-  test_assert(md1);
-  test_assert(md2);
-  test_assert(md3);
-  test_mem_op(md1->body, ==, s + md1->off, strlen(test_md1));
-  test_mem_op(md2->body, ==, s + md2->off, strlen(test_md2));
-  test_mem_op(md3->body, ==, s + md3->off, strlen(test_md3_noannotation));
+  tt_assert(md1);
+  tt_assert(md2);
+  tt_assert(md3);
+  tt_mem_op(md1->body, OP_EQ, s + md1->off, strlen(test_md1));
+  tt_mem_op(md2->body, OP_EQ, s + md2->off, strlen(test_md2));
+  tt_mem_op(md3->body, OP_EQ, s + md3->off, strlen(test_md3_noannotation));
 
-  tt_int_op(md1->last_listed, ==, time1);
-  tt_int_op(md2->last_listed, ==, time2);
-  tt_int_op(md3->last_listed, ==, time3);
+  tt_int_op(md1->last_listed, OP_EQ, time1);
+  tt_int_op(md2->last_listed, OP_EQ, time2);
+  tt_int_op(md3->last_listed, OP_EQ, time3);
 
   /* Okay, now we are going to clear out everything older than a week old.
    * In practice, that means md3 */
   microdesc_cache_clean(mc, time(NULL)-7*24*60*60, 1/*force*/);
-  tt_ptr_op(md1, ==, microdesc_cache_lookup_by_digest256(mc, d1));
-  tt_ptr_op(md2, ==, microdesc_cache_lookup_by_digest256(mc, d2));
-  tt_ptr_op(NULL, ==, microdesc_cache_lookup_by_digest256(mc, d3));
+  tt_ptr_op(md1, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d1));
+  tt_ptr_op(md2, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d2));
+  tt_ptr_op(NULL, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d3));
   md3 = NULL; /* it's history now! */
 
   /* rebuild again, make sure it stays gone. */
-  tt_int_op(microdesc_cache_rebuild(mc, 1), ==, 0);
-  tt_ptr_op(md1, ==, microdesc_cache_lookup_by_digest256(mc, d1));
-  tt_ptr_op(md2, ==, microdesc_cache_lookup_by_digest256(mc, d2));
-  tt_ptr_op(NULL, ==, microdesc_cache_lookup_by_digest256(mc, d3));
+  tt_int_op(microdesc_cache_rebuild(mc, 1), OP_EQ, 0);
+  tt_ptr_op(md1, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d1));
+  tt_ptr_op(md2, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d2));
+  tt_ptr_op(NULL, OP_EQ, microdesc_cache_lookup_by_digest256(mc, d3));
 
   /* Re-add md3, and make sure we can rebuild the cache. */
   added = microdescs_add_to_cache(mc, test_md3_noannotation, NULL,
                                   SAVED_NOWHERE, 0, time3, NULL);
-  tt_int_op(1, ==, smartlist_len(added));
+  tt_int_op(1, OP_EQ, smartlist_len(added));
   md3 = smartlist_get(added, 0);
   smartlist_free(added);
   added = NULL;
-  tt_int_op(md1->saved_location, ==, SAVED_IN_CACHE);
-  tt_int_op(md2->saved_location, ==, SAVED_IN_CACHE);
-  tt_int_op(md3->saved_location, ==, SAVED_IN_JOURNAL);
+  tt_int_op(md1->saved_location, OP_EQ, SAVED_IN_CACHE);
+  tt_int_op(md2->saved_location, OP_EQ, SAVED_IN_CACHE);
+  tt_int_op(md3->saved_location, OP_EQ, SAVED_IN_JOURNAL);
 
-  tt_int_op(microdesc_cache_rebuild(mc, 1), ==, 0);
-  tt_int_op(md3->saved_location, ==, SAVED_IN_CACHE);
+  tt_int_op(microdesc_cache_rebuild(mc, 1), OP_EQ, 0);
+  tt_int_op(md3->saved_location, OP_EQ, SAVED_IN_CACHE);
 
  done:
   if (options)
@@ -268,9 +295,9 @@ test_md_cache_broken(void *data)
   options->DataDirectory = tor_strdup(get_fname("md_datadir_test2"));
 
 #ifdef _WIN32
-  tt_int_op(0, ==, mkdir(options->DataDirectory));
+  tt_int_op(0, OP_EQ, mkdir(options->DataDirectory));
 #else
-  tt_int_op(0, ==, mkdir(options->DataDirectory, 0700));
+  tt_int_op(0, OP_EQ, mkdir(options->DataDirectory, 0700));
 #endif
 
   tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-microdescs",
@@ -330,6 +357,59 @@ static const char test_ri[] =
   "t0xkIE39ss/EwmQr7iIgkdVH4oRIMsjYnFFJBG26nYY=\n"
   "-----END SIGNATURE-----\n";
 
+static const char test_ri2[] =
+  "router test001a 127.0.0.1 5001 0 7001\n"
+  "identity-ed25519\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQQABf/FAf5iDuKCZP2VxnAaQWdklilAh6kaEeFX4z8261Yx2T1/AQAgBADCp8vO\n"
+  "B8K1F9g2DzwuwvVCnPFLSK1qknVqPpNucHLH9DY7fuIYogBAdz4zHv1qC7RKaMNG\n"
+  "Jux/tMO2tzPcm62Ky5PjClMQplKUOnZNQ+RIpA3wYCIfUDy/cQnY7XWgNQ0=\n"
+  "-----END ED25519 CERT-----\n"
+  "platform Tor 0.2.6.0-alpha-dev on Darwin\n"
+  "protocols Link 1 2 Circuit 1\n"
+  "published 2014-10-08 12:58:04\n"
+  "fingerprint B7E2 7F10 4213 C36F 13E7 E982 9182 845E 4959 97A0\n"
+  "uptime 0\n"
+  "bandwidth 1073741824 1073741824 0\n"
+  "extra-info-digest 568F27331B6D8C73E7024F1EF5D097B90DFC7CDB\n"
+  "caches-extra-info\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n"
+  "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n"
+  "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "signing-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAN8+78KUVlgHXdMMkYJxcwh1Zv2y+Gb5eWUyltUaQRajhrT9ij2T5JZs\n"
+  "M0g85xTcuM3jNVVpV79+33hiTohdC6UZ+Bk4USQ7WBFzRbVFSXoVKLBJFkCOIexg\n"
+  "SMGNd5WEDtHWrXl58mizmPFu1eG6ZxHzt7RuLSol5cwBvawXPNkFAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "onion-key-crosscert\n"
+  "-----BEGIN CROSSCERT-----\n"
+  "ETFDzU49bvNfoZnKK1j6JeBP2gDirgj6bBCgWpUYs663OO9ypbZRO0JwWANssKl6\n"
+  "oaq9vKTsKGRsaNnqnz/JGMhehymakjjNtqg7crWwsahe8+7Pw9GKmW+YjFtcOkUf\n"
+  "KfOn2bmKBa1FoJb4yW3oXzHcdlLSRuCciKqPn+Hky5o=\n"
+  "-----END CROSSCERT-----\n"
+  "ntor-onion-key-crosscert 0\n"
+  "-----BEGIN ED25519 CERT-----\n"
+  "AQoABf2dAcKny84HwrUX2DYPPC7C9UKc8UtIrWqSdWo+k25wcsf0AFohutG+xI06\n"
+  "Ef21c5Zl1j8Hw6DzHDjYyJevXLFuOneaL3zcH2Ldn4sjrG3kc5UuVvRfTvV120UO\n"
+  "xk4f5s5LGwY=\n"
+  "-----END ED25519 CERT-----\n"
+  "hidden-service-dir\n"
+  "contact auth1@test.test\n"
+  "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n"
+  "reject *:*\n"
+  "router-sig-ed25519 5aQXyTif7PExIuL2di37UvktmJECKnils2OWz2vDi"
+                     "hFxi+5TTAAPxYkS5clhc/Pjvw34itfjGmTKFic/8httAQ\n"
+  "router-signature\n"
+  "-----BEGIN SIGNATURE-----\n"
+  "BaUB+aFPQbb3BwtdzKsKqV3+6cRlSqJF5bI3UTmwRoJk+Z5Pz+W5NWokNI0xArHM\n"
+  "T4T5FZCCP9350jXsUCIvzyIyktU6aVRCGFt76rFlo1OETpN8GWkMnQU0w18cxvgS\n"
+  "cf34GXHv61XReJF3AlzNHFpbrPOYmowmhrTULKyMqow=\n"
+  "-----END SIGNATURE-----\n";
+
 static const char test_md_8[] =
   "onion-key\n"
   "-----BEGIN RSA PUBLIC KEY-----\n"
@@ -360,6 +440,26 @@ static const char test_md_18[] =
   "p reject 25,119,135-139,445,563,1214,4661-4666,6346-6429,6699,6881-6999\n"
   "id rsa1024 Cd47okjCHD83YGzThGBDptXs9Z4\n";
 
+static const char test_md2_18[] =
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n"
+  "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n"
+  "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n"
+  "id rsa1024 t+J/EEITw28T5+mCkYKEXklZl6A\n";
+
+static const char test_md2_21[] =
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n"
+  "+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n"
+  "l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n"
+  "id ed25519 wqfLzgfCtRfYNg88LsL1QpzxS0itapJ1aj6TbnByx/Q\n";
+
 static void
 test_md_generate(void *arg)
 {
@@ -367,10 +467,10 @@ test_md_generate(void *arg)
   microdesc_t *md = NULL;
   (void)arg;
 
-  ri = router_parse_entry_from_string(test_ri, NULL, 0, 0, NULL);
+  ri = router_parse_entry_from_string(test_ri, NULL, 0, 0, NULL, NULL);
   tt_assert(ri);
   md = dirvote_create_microdescriptor(ri, 8);
-  tt_str_op(md->body, ==, test_md_8);
+  tt_str_op(md->body, OP_EQ, test_md_8);
 
   /* XXXX test family lines. */
   /* XXXX test method 14 for A lines. */
@@ -379,22 +479,395 @@ test_md_generate(void *arg)
   microdesc_free(md);
   md = NULL;
   md = dirvote_create_microdescriptor(ri, 16);
-  tt_str_op(md->body, ==, test_md_16);
+  tt_str_op(md->body, OP_EQ, test_md_16);
 
   microdesc_free(md);
   md = NULL;
   md = dirvote_create_microdescriptor(ri, 18);
+  tt_str_op(md->body, OP_EQ, test_md_18);
+
+  microdesc_free(md);
+  md = NULL;
+  md = dirvote_create_microdescriptor(ri, 21);
   tt_str_op(md->body, ==, test_md_18);
 
+  routerinfo_free(ri);
+  ri = router_parse_entry_from_string(test_ri2, NULL, 0, 0, NULL, NULL);
+
+  microdesc_free(md);
+  md = NULL;
+  md = dirvote_create_microdescriptor(ri, 18);
+  tt_str_op(md->body, ==, test_md2_18);
+
+  microdesc_free(md);
+  md = NULL;
+  md = dirvote_create_microdescriptor(ri, 21);
+  tt_str_op(md->body, ==, test_md2_21);
+  tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey,
+                              &ri->cache_info.signing_key_cert->signing_key));
+
  done:
   microdesc_free(md);
   routerinfo_free(ri);
 }
 
+/* Taken at random from my ~/.tor/cached-microdescs file and then
+ * hand-munged */
+static const char MD_PARSE_TEST_DATA[] =
+  /* Good 0 */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANsKd1GRfOuSR1MkcwKqs6SVy4Gi/JXplt/bHDkIGm6Q96TeJ5uyVgUL\n"
+  "DBr/ij6+JqgVFeriuiMzHKREytzjdaTuKsKBFFpLwb+Ppcjr5nMIH/AR6/aHO8hW\n"
+  "T3B9lx5T6Kl7CqZ4yqXxYRHzn50EPTIZuz0y9se4J4gi9mLmL+pHAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "p accept 20-23,43,53,79-81,88,110,143,194,220,443,464,531,543-544\n"
+  "id rsa1024 GEo59/iR1GWSIWZDzXTd5QxtqnU\n"
+  /* Bad 0: I've messed with the onion-key in the second one. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMr4o/pflVwscx11vC1AKEADlKEqnhpvCIjAEzNEenMhvGQHRlA0EXLC\n"
+  "7G7O5bhnCwEHqK8Pvg8cuX/fD8v08TF1EVPhwPa0UI6ab8KnPP2F!!!!!!b92DG7EQIk3q\n"
+  "d68Uxp7E9/t3v1WWZjzDqvEe0par6ul+DKW6HMlTGebFo5Q4e8R1AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key 761Dmm27via7lXygNHM3l+oJLrYU2Nye0Uz4pkpipyY=\n"
+  "p accept 53\n"
+  "id rsa1024 3Y4fwXhtgkdGDZ5ef5mtb6TJRQQ\n"
+  /* Good 1 */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANsMSjVi3EX8ZHfm/dvPF6KdVR66k1tVul7Jp+dDbDajBYNhgKRzVCxy\n"
+  "Yac1CBuQjOqK89tKap9PQBnhF087eDrfaZDqYTLwB2W2sBJncVej15WEPXPRBifo\n"
+  "iFZ8337kgczkaY+IOfSuhtbOUyDOoDpRJheIKBNq0ZiTqtLbbadVAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key ncfiHJjSgdDEW/gc6q6/7idac7j+x7ejQrRm6i75pGA=\n"
+  "p accept 443,6660-6669,6697,7000-7001\n"
+  "id rsa1024 XXuLzw3mfBELEq3veXoNhdehwD4\n"
+  /* Good 2 */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANQfBlrHrh9F/CAOytrNFgi0ikWMW/HZxuoszF9X+AQ+MudR8bcxxOGl\n"
+  "1RFwb74s8E3uuzrCkNFvSw9Ar1L02F2DOX0gLsxEGuYC4Ave9NUteGqSqDyEJQUJ\n"
+  "KlfxCPn2qC9nvNT7wR/Dg2WRvAEKnJmkpb57N3+WSAOPLjKOFEz3AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key AppBt6CSeb1kKid/36ototmFA24ddfW5JpjWPLuoJgs=\n"
+  "id rsa1024 6y60AEI9a1PUUlRPO0YQT9WzrjI\n"
+  /* Bad 1: Here I've messed with the ntor key */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAPjy2HacU3jDNO5nTOFGSwNa0qKCNn4yhtrDVcAJ5alIQeBWZZGJLZ0q\n"
+  "Cqylw1vYqxu8E09g+QXXFbAgBv1U9TICaATxrIJhIJzc8TJPhqJemp1kq0DvHLDx\n"
+  "mxwlkNnCD/P5NS+JYB3EjOlU9EnSKUWNU61+Co344m2JqhEau40vAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key 4i2Fp9JHTUr1uQs0pxD5j5spl4/RG56S2P0gQxU=\n"
+  "id rsa1024 nMRmNEGysA0NmlALVaUmI7D5jLU\n"
+  /* Good 3: I've added a weird token in this one. This shouldn't prevent
+   * it parsing */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKmosxudyNA/yJNz3S890VqV/ebylzoD11Sc0b/d5tyNNaNZjcYy5vRD\n"
+  "kwyxFRMbP2TLZQ1zRfNwY7IDnYjU2SbW0pxuM6M8WRtsmx/YOE3kHMVAFJNrTUqU\n"
+  "6D1zB3IiRDS5q5+NoRxwqo+hYUck60O3WTwEoqb+l3lvXeu7z9rFAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "flux-capacitor 1.21 GW\n"
+  "ntor-onion-key MWBoEkl+RlBiGX44XKIvTSqbznTNZStOmUYtcYRQQyY=\n"
+  "id rsa1024 R+A5O9qRvRac4FT3C4L2QnFyxsc\n"
+  /* Good 4: Here I've made the 'id rsa' token odd.  It should still parse
+   * just fine. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAOh+WMkdNe/Pkjb8UjQyfLOlFgpuVFrxAIGnJsmWWx0yBE97DQxGyh2n\n"
+  "h8G5OJZHRarJQyCIf7vpZQAi0oP0OkGGaCaDQsM+D8TnqhnU++RWGnMqY/cXxPrL\n"
+  "MEq+n6aGiLmzkO7ah8yorZpoREk4GqLUIN89/tHHGOhJL3c4CPGjAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "p reject 25,119,135-139,445,563,1214,4661-4666,6346-6429,6699,6881-6999\n"
+  "id rsa1234 jlqAKFD2E7uMKv+8TmKSeo7NBho\n"
+  /* Good 5: Extra id type. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAMdgPPc5uaw4y/q+SUTN/I8Y+Gvdx9kKgWV4dmDGJ0mxsVZmo1v6+v3F\n"
+  "12M2f9m99G3WB8F8now29C+9XyEv8MBHj1lHRdUFHSQes3YTFvDNlgj+FjLqO5TJ\n"
+  "adOOmfu4DCUUtUEDyQKbNVL4EkMTXY73omTVsjcH3xxFjTx5wixhAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key AAVnWZcnDbxasdZwKqb4fL6O9sZV+XsRNHTpNd1YMz8=\n"
+  "id rsa1024 72EfBL11QuwX2vU8y+p9ExGfGEg\n"
+  "id expolding hedgehog 0+A5O9qRvRac4FT3C4L2QnFyxsc\n"
+  /* Good 6: I've given this a bogus policy. It should parse. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALNuufwhPMF8BooxYMNvhYJMPqUB8hQDt8wGmPKphJcD1sVD1i4gAZM2\n"
+  "HIo+zUBlljDrRWL5NzVzd1yxUJAiQxvXS5dRRFY3B70M7wTVpXw53xe0/BM5t1AX\n"
+  "n0MFk7Jl6XIKMlzRalZvmMvE/odtyWXkP4Nd1MyZ1QcIwrQ2iwyrAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "p condone 1-10\n"
+  "ntor-onion-key 2/nMJ+L4dd/2GpMyTYjz3zC59MvQy4MIzJZhdzKHekg=\n"
+  "id rsa1024 FHyh10glEMA6MCmBb5R9Y+X/MhQ\n"
+  /* Good 7: I've given this one another sort of odd policy. Should parse. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAKcd3FmQ8iAADghyvX8eca0ePqtJ2w1IDdUdTlf5Y/8+OMdp//sD01yC\n"
+  "YmiX45LK5ge1O3AzcakYCO6fb3pyIqvXdvm24OjyYZELQ40cmKSLjdhcSf4Fr/N9\n"
+  "uR/CkknR9cEePu1wZ5WBIGmGdXI6s7t3LB+e7XFyBYAx6wMGlnX7AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "p accept frogs-mice\n"
+  "ntor-onion-key AMxvhaQ1Qg7jBJFoyHuPRgETvLbFmJ194hExV24FuAI=\n"
+  "family $D8CFEA0D996F5D1473D2063C041B7910DB23981E\n"
+  "id rsa1024 d0VVZC/cHh1P3y4MMbfKlQHFycc\n"
+  /* Good 8: This one has the ntor-onion-key without terminating =. That's
+   * allowed. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAL438YfjrJE2SPqkkXeQwICygu8KNO54Juj6sjqk5hgsiazIWMOBgbaX\n"
+  "LIRqPNGaiSq01xSqwjwCBCfwZYT/nSdDBqj1h9aoR8rnjxZjyQ+m3rWpdDqeCDMx\n"
+  "I3NgZ5w4bNX4poRb42lrV6NmQiFdjzpqszVbv5Lpn2CSKu32CwKVAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key UKL6Dnj2KwYsFlkCvOkXVatxvOPB4MaxqwPQQgZMTwI\n"
+  "id rsa1024 FPIXc6k++JnKCtSKWUxaR6oXEKs\n"
+  /* Good 9: Another totally normal one.*/
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBANNGIKRd8PFNXkJ2JPV1ohDMFNbJwKbwybeieaQFjtU9KWedHCbr+QD4\n"
+  "B6zNY5ysguNjHNnlq2f6D09+uhnfDBON8tAz0mPQH/6JqnOXm+EiUn+8bN0E8Nke\n"
+  "/i3GEgDeaxJJMNQcpsJvmmSmKFOlYy9Fy7ejAjTGqtAnqOte7BnTAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key gUsq3e5iYgsQQvyxINtLzBpHxmIt5rtuFlEbKfI4gFk=\n"
+  "id rsa1024 jv+LdatDzsMfEW6pLBeL/5uzwCc\n"
+  /* Bad 2: RSA key has bad exponent of 3. */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGHAoGBAMMTWtvPxYnUNJ5Y7B+XENcpxzPoGstrdiUszCBS+/42xvluLJ+JDSdR\n"
+  "qJaMD6ax8vKAeLS5C6O17MNdG2VldlPRbtgl41MXsOoUqEJ+nY9e3WG9Snjp47xC\n"
+  "zmWIfeduXSavIsb3a43/MLIz/9qO0TkgAAiuQr79JlwKhLdzCqTLAgED\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key NkRB4wTUFogiVp5jYmjGORe2ffb/y5Kk8Itw8jdzMjA=\n"
+  "p reject 25,119,135-139,445,563,1214,4661-4666,6346-6429,6699,6881-6999\n"
+  "id rsa1024 fKvYjP7TAjCC1FzYee5bYAwYkoDg\n"
+  /* Bad 3: Bogus annotation */
+  "@last-listed with strange aeons\n"
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBALcRBFNCZtpd2TFJysU77/fJMFzKisRQEBOtDGtTZ2Bg4aEGosssa0Id\n"
+  "YtUagRLYle08QVGvGB+EHBI5qf6Ah2yPH7k5QiN2a3Sq+nyh85dXKPazBGBBbM+C\n"
+  "DOfDauV02CAnADNMLJEf1voY3oBVvYyIsmHxn5i1R19ZYIiR8NX5AgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "ntor-onion-key m4xcFXMWMjCvZDXq8FT3XmS0EHYseGOeu+fV+6FYDlk=\n"
+  "p accept 20-23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544\n"
+  "id rsa1024 SSbfNE9vmaiwRKH+eqNAkiKQhds\n"
+  /* Good 10: Normal, with added ipv6 address and added other address */
+  "onion-key\n"
+  "-----BEGIN RSA PUBLIC KEY-----\n"
+  "MIGJAoGBAM7uUtq5F6h63QNYIvC+4NcWaD0DjtnrOORZMkdpJhinXUOwce3cD5Dj\n"
+  "sgdN1wJpWpTQMXJ2DssfSgmOVXETP7qJuZyRprxalQhaEATMDNJA/66Ml1jSO9mZ\n"
+  "+8Xb7m/4q778lNtkSbsvMaYD2Dq6k2QQ3kMhr9z8oUtX0XA23+pfAgMBAAE=\n"
+  "-----END RSA PUBLIC KEY-----\n"
+  "a [::1:2:3:4]:9090\n"
+  "a 18.0.0.1:9999\n"
+  "ntor-onion-key k2yFqTU2vzMCQDEiE/j9UcEHxKrXMLpB3IL0or09sik=\n"
+  "id rsa1024 2A8wYpHxnkKJ92orocvIQBzeHlE\n"
+  "p6 allow 80\n"
+  ;
+
+/** More tests for parsing different kinds of microdescriptors, and getting
+ * invalid digests trackd from them. */
+static void
+test_md_parse(void *arg)
+{
+  (void) arg;
+  char *mem_op_hex_tmp = NULL;
+  smartlist_t *invalid = smartlist_new();
+
+  smartlist_t *mds = microdescs_parse_from_string(MD_PARSE_TEST_DATA,
+                                                  NULL, 1, SAVED_NOWHERE,
+                                                  invalid);
+  tt_int_op(smartlist_len(mds), OP_EQ, 11);
+  tt_int_op(smartlist_len(invalid), OP_EQ, 4);
+
+  test_memeq_hex(smartlist_get(invalid,0),
+                 "5d76bf1c6614e885614a1e0ad074e1ab"
+                 "4ea14655ebeefb1736a71b5ed8a15a51");
+  test_memeq_hex(smartlist_get(invalid,1),
+                 "2fde0ee3343669c2444cd9d53cbd39c6"
+                 "a7d1fc0513513e840ca7f6e68864b36c");
+  test_memeq_hex(smartlist_get(invalid,2),
+                 "20d1576c5ab11bbcff0dedb1db4a3cfc"
+                 "c8bc8dd839d8cbfef92d00a1a7d7b294");
+  test_memeq_hex(smartlist_get(invalid,3),
+                 "074770f394c73dbde7b44412e9692add"
+                 "691a478d4727f9804b77646c95420a96");
+
+  /* Spot-check the valid ones. */
+  const microdesc_t *md = smartlist_get(mds, 5);
+  test_memeq_hex(md->digest,
+                 "54bb6d733ddeb375d2456c79ae103961"
+                 "da0cae29620375ac4cf13d54da4d92b3");
+  tt_int_op(md->last_listed, OP_EQ, 0);
+  tt_int_op(md->saved_location, OP_EQ, SAVED_NOWHERE);
+  tt_int_op(md->no_save, OP_EQ, 0);
+  tt_uint_op(md->held_in_map, OP_EQ, 0);
+  tt_uint_op(md->held_by_nodes, OP_EQ, 0);
+  tt_assert(md->onion_curve25519_pkey);
+
+  md = smartlist_get(mds, 6);
+  test_memeq_hex(md->digest,
+                 "53f740bd222ab37f19f604b1d3759aa6"
+                 "5eff1fbce9ac254bd0fa50d4af9b1bae");
+  tt_assert(! md->exit_policy);
+
+  md = smartlist_get(mds, 8);
+  test_memeq_hex(md->digest,
+                 "a0a155562d8093d8fd0feb7b93b7226e"
+                 "17f056c2142aab7a4ea8c5867a0376d5");
+  tt_assert(md->onion_curve25519_pkey);
+
+  md = smartlist_get(mds, 10);
+  test_memeq_hex(md->digest,
+                 "409ebd87d23925a2732bd467a92813c9"
+                 "21ca378fcb9ca193d354c51550b6d5e9");
+  tt_assert(tor_addr_family(&md->ipv6_addr) == AF_INET6);
+  tt_int_op(md->ipv6_orport, OP_EQ, 9090);
+
+ done:
+  SMARTLIST_FOREACH(mds, microdesc_t *, md, microdesc_free(md));
+  smartlist_free(mds);
+  SMARTLIST_FOREACH(invalid, char *, cp, tor_free(cp));
+  smartlist_free(invalid);
+  tor_free(mem_op_hex_tmp);
+}
+
+static int mock_rgsbd_called = 0;
+static routerstatus_t *mock_rgsbd_val_a = NULL;
+static routerstatus_t *mock_rgsbd_val_b = NULL;
+static routerstatus_t *
+mock_router_get_status_by_digest(networkstatus_t *c, const char *d)
+{
+  (void) c;
+  ++mock_rgsbd_called;
+
+  if (fast_memeq(d, "\x5d\x76", 2)) {
+    memcpy(mock_rgsbd_val_a->descriptor_digest, d, 32);
+    return mock_rgsbd_val_a;
+  } else if (fast_memeq(d, "\x20\xd1", 2)) {
+    memcpy(mock_rgsbd_val_b->descriptor_digest, d, 32);
+    return mock_rgsbd_val_b;
+  } else {
+    return NULL;
+  }
+}
+
+static networkstatus_t *mock_ns_val = NULL;
+static networkstatus_t *
+mock_ns_get_by_flavor(consensus_flavor_t f)
+{
+  (void)f;
+  return mock_ns_val;
+}
+
+static void
+test_md_reject_cache(void *arg)
+{
+  (void) arg;
+  microdesc_cache_t *mc = NULL ;
+  smartlist_t *added = NULL, *wanted = smartlist_new();
+  or_options_t *options = get_options_mutable();
+  char buf[DIGEST256_LEN];
+
+  tor_free(options->DataDirectory);
+  options->DataDirectory = tor_strdup(get_fname("md_datadir_test_rej"));
+  mock_rgsbd_val_a = tor_malloc_zero(sizeof(routerstatus_t));
+  mock_rgsbd_val_b = tor_malloc_zero(sizeof(routerstatus_t));
+  mock_ns_val = tor_malloc_zero(sizeof(networkstatus_t));
+
+  mock_ns_val->valid_after = time(NULL) - 86400;
+  mock_ns_val->valid_until = time(NULL) + 86400;
+  mock_ns_val->flavor = FLAV_MICRODESC;
+
+#ifdef _WIN32
+  tt_int_op(0, OP_EQ, mkdir(options->DataDirectory));
+#else
+  tt_int_op(0, OP_EQ, mkdir(options->DataDirectory, 0700));
+#endif
+
+  MOCK(router_get_mutable_consensus_status_by_descriptor_digest,
+       mock_router_get_status_by_digest);
+  MOCK(networkstatus_get_latest_consensus_by_flavor, mock_ns_get_by_flavor);
+
+  mc = get_microdesc_cache();
+#define ADD(hex)                                                        \
+  do {                                                                  \
+    tt_int_op(0,OP_EQ,base16_decode(buf,sizeof(buf),hex,strlen(hex)));     \
+    smartlist_add(wanted, tor_memdup(buf, DIGEST256_LEN));              \
+  } while (0)
+
+  /* invalid,0 */
+  ADD("5d76bf1c6614e885614a1e0ad074e1ab4ea14655ebeefb1736a71b5ed8a15a51");
+  /* invalid,2 */
+  ADD("20d1576c5ab11bbcff0dedb1db4a3cfcc8bc8dd839d8cbfef92d00a1a7d7b294");
+  /* valid, 6 */
+  ADD("53f740bd222ab37f19f604b1d3759aa65eff1fbce9ac254bd0fa50d4af9b1bae");
+  /* valid, 8 */
+  ADD("a0a155562d8093d8fd0feb7b93b7226e17f056c2142aab7a4ea8c5867a0376d5");
+
+  added = microdescs_add_to_cache(mc, MD_PARSE_TEST_DATA, NULL,
+                                  SAVED_NOWHERE, 0, time(NULL), wanted);
+
+  tt_int_op(smartlist_len(added), OP_EQ, 2);
+  tt_int_op(mock_rgsbd_called, OP_EQ, 2);
+  tt_int_op(mock_rgsbd_val_a->dl_status.n_download_failures, OP_EQ, 255);
+  tt_int_op(mock_rgsbd_val_b->dl_status.n_download_failures, OP_EQ, 255);
+
+ done:
+  UNMOCK(networkstatus_get_latest_consensus_by_flavor);
+  UNMOCK(router_get_mutable_consensus_status_by_descriptor_digest);
+  tor_free(options->DataDirectory);
+  microdesc_free_all();
+  smartlist_free(added);
+  SMARTLIST_FOREACH(wanted, char *, cp, tor_free(cp));
+  smartlist_free(wanted);
+  tor_free(mock_rgsbd_val_a);
+  tor_free(mock_rgsbd_val_b);
+  tor_free(mock_ns_val);
+}
+
+static void
+test_md_corrupt_desc(void *arg)
+{
+  char *cp = NULL;
+  smartlist_t *sl = NULL;
+  (void) arg;
+
+  sl = microdescs_add_to_cache(get_microdesc_cache(),
+                               "@last-listed 2015-06-22 10:00:00\n"
+                               "onion-k\n",
+                               NULL, SAVED_IN_JOURNAL, 0, time(NULL), NULL);
+  tt_int_op(smartlist_len(sl), ==, 0);
+  smartlist_free(sl);
+
+  sl = microdescs_add_to_cache(get_microdesc_cache(),
+                               "@last-listed 2015-06-22 10:00:00\n"
+                               "wiggly\n",
+                               NULL, SAVED_IN_JOURNAL, 0, time(NULL), NULL);
+  tt_int_op(smartlist_len(sl), ==, 0);
+  smartlist_free(sl);
+
+  tor_asprintf(&cp, "%s\n%s", test_md1, "@foobar\nonion-wobble\n");
+
+  sl = microdescs_add_to_cache(get_microdesc_cache(),
+                               cp, cp+strlen(cp),
+                               SAVED_IN_JOURNAL, 0, time(NULL), NULL);
+  tt_int_op(smartlist_len(sl), ==, 0);
+
+ done:
+  tor_free(cp);
+  smartlist_free(sl);
+}
+
 struct testcase_t microdesc_tests[] = {
   { "cache", test_md_cache, TT_FORK, NULL, NULL },
   { "broken_cache", test_md_cache_broken, TT_FORK, NULL, NULL },
   { "generate", test_md_generate, 0, NULL, NULL },
+  { "parse", test_md_parse, 0, NULL, NULL },
+  { "reject_cache", test_md_reject_cache, TT_FORK, NULL, NULL },
+  { "corrupt_desc", test_md_corrupt_desc, TT_FORK, NULL, NULL },
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c
index 600e6a89d4..d58f8a7fca 100644
--- a/src/test/test_nodelist.c
+++ b/src/test/test_nodelist.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -10,7 +10,7 @@
 #include "nodelist.h"
 #include "test.h"
 
-/** Tese the case when node_get_by_id() returns NULL,
+/** Test the case when node_get_by_id() returns NULL,
  * node_get_verbose_nickname_by_id should return the base 16 encoding
  * of the id.
  */
@@ -23,9 +23,9 @@ test_nodelist_node_get_verbose_nickname_by_id_null_node(void *arg)
   (void) arg;
 
   /* make sure node_get_by_id returns NULL */
-  test_assert(!node_get_by_id(ID));
+  tt_assert(!node_get_by_id(ID));
   node_get_verbose_nickname_by_id(ID, vname);
-  test_streq(vname, "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
+  tt_str_op(vname,OP_EQ, "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
  done:
   return;
 }
@@ -54,7 +54,47 @@ test_nodelist_node_get_verbose_nickname_not_named(void *arg)
           "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
           DIGEST_LEN);
   node_get_verbose_nickname(&mock_node, vname);
-  test_streq(vname, "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~TestOR");
+  tt_str_op(vname,OP_EQ, "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA~TestOR");
+
+ done:
+  return;
+}
+
+/** A node should be considered a directory server if it has an open dirport
+ * of it accepts tunnelled directory requests.
+ */
+static void
+test_nodelist_node_is_dir(void *arg)
+{
+  (void)arg;
+
+  routerstatus_t rs;
+  routerinfo_t ri;
+  node_t node;
+  memset(&node, 0, sizeof(node_t));
+  memset(&rs, 0, sizeof(routerstatus_t));
+  memset(&ri, 0, sizeof(routerinfo_t));
+
+  tt_assert(!node_is_dir(&node));
+
+  node.rs = &rs;
+  tt_assert(!node_is_dir(&node));
+
+  rs.is_v2_dir = 1;
+  tt_assert(node_is_dir(&node));
+
+  rs.is_v2_dir = 0;
+  rs.dir_port = 1;
+  tt_assert(! node_is_dir(&node));
+
+  node.rs = NULL;
+  tt_assert(!node_is_dir(&node));
+  node.ri = &ri;
+  ri.supports_tunnelled_dir_requests = 1;
+  tt_assert(node_is_dir(&node));
+  ri.supports_tunnelled_dir_requests = 0;
+  ri.dir_port = 1;
+  tt_assert(! node_is_dir(&node));
 
  done:
   return;
@@ -66,6 +106,7 @@ test_nodelist_node_get_verbose_nickname_not_named(void *arg)
 struct testcase_t nodelist_tests[] = {
   NODE(node_get_verbose_nickname_by_id_null_node, TT_FORK),
   NODE(node_get_verbose_nickname_not_named, TT_FORK),
+  NODE(node_is_dir, TT_FORK),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_ntor.sh b/src/test/test_ntor.sh
new file mode 100755
index 0000000000..5081dabc54
--- /dev/null
+++ b/src/test/test_ntor.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Validate Tor's ntor implementation.
+
+exitcode=0
+
+"${PYTHON:-python}" "${abs_top_srcdir:-.}/src/test/ntor_ref.py" test-tor || exitcode=1
+"${PYTHON:-python}" "${abs_top_srcdir:-.}/src/test/ntor_ref.py" self-test || exitcode=1
+
+exit ${exitcode}
diff --git a/src/test/test_ntor_cl.c b/src/test/test_ntor_cl.c
index f2b7a72ad5..6df123162e 100644
--- a/src/test/test_ntor_cl.c
+++ b/src/test/test_ntor_cl.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -13,10 +13,6 @@
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
 
-#ifndef CURVE25519_ENABLED
-#error "This isn't going to work without curve25519."
-#endif
-
 #define N_ARGS(n) STMT_BEGIN {                                  \
     if (argc < (n)) {                                           \
       fprintf(stderr, "%s needs %d arguments.\n",argv[1],n);    \
@@ -110,6 +106,7 @@ server1(int argc, char **argv)
  done:
   tor_free(keys);
   tor_free(hexkeys);
+  dimap_free(keymap, NULL);
   return result;
 }
 
@@ -130,7 +127,7 @@ client2(int argc, char **argv)
 
   keys = tor_malloc(keybytes);
   hexkeys = tor_malloc(keybytes*2+1);
-  if (onion_skin_ntor_client_handshake(&state, msg, keys, keybytes)<0) {
+  if (onion_skin_ntor_client_handshake(&state, msg, keys, keybytes, NULL)<0) {
     fprintf(stderr, "handshake failed");
     result = 2;
     goto done;
diff --git a/src/test/test_oom.c b/src/test/test_oom.c
index 2726056b80..2569b6e00f 100644
--- a/src/test/test_oom.c
+++ b/src/test/test_oom.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014, The Tor Project, Inc. */
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Unit tests for OOM handling logic */
@@ -13,9 +13,6 @@
 #include "compat_libevent.h"
 #include "connection.h"
 #include "config.h"
-#ifdef ENABLE_MEMPOOLS
-#include "mempool.h"
-#endif
 #include "relay.h"
 #include "test.h"
 
@@ -143,17 +140,13 @@ test_oom_circbuf(void *arg)
 
   MOCK(circuit_mark_for_close_, circuit_mark_for_close_dummy_);
 
-#ifdef ENABLE_MEMPOOLS
-  init_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
-
   /* Far too low for real life. */
   options->MaxMemInQueues = 256*packed_cell_mem_cost();
   options->CellStatistics = 0;
 
-  tt_int_op(cell_queues_check_size(), ==, 0); /* We don't start out OOM. */
-  tt_int_op(cell_queues_get_total_allocation(), ==, 0);
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(cell_queues_check_size(), OP_EQ, 0); /* We don't start out OOM. */
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
   /* Now we're going to fake up some circuits and get them added to the global
      circuit list. */
@@ -164,22 +157,17 @@ test_oom_circbuf(void *arg)
   tor_gettimeofday_cache_set(&tv);
   c2 = dummy_or_circuit_new(20, 20);
 
-#ifdef ENABLE_MEMPOOLS
-  tt_int_op(packed_cell_mem_cost(), ==,
-            sizeof(packed_cell_t) + MP_POOL_ITEM_OVERHEAD);
-#else
-  tt_int_op(packed_cell_mem_cost(), ==,
+  tt_int_op(packed_cell_mem_cost(), OP_EQ,
             sizeof(packed_cell_t));
-#endif /* ENABLE_MEMPOOLS */
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 70);
-  tt_int_op(cell_queues_check_size(), ==, 0); /* We are still not OOM */
+  tt_int_op(cell_queues_check_size(), OP_EQ, 0); /* We are still not OOM */
 
   tv.tv_usec = 20*1000;
   tor_gettimeofday_cache_set(&tv);
   c3 = dummy_or_circuit_new(100, 85);
-  tt_int_op(cell_queues_check_size(), ==, 0); /* We are still not OOM */
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_check_size(), OP_EQ, 0); /* We are still not OOM */
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 255);
 
   tv.tv_usec = 30*1000;
@@ -187,17 +175,17 @@ test_oom_circbuf(void *arg)
   /* Adding this cell will trigger our OOM handler. */
   c4 = dummy_or_circuit_new(2, 0);
 
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 257);
 
-  tt_int_op(cell_queues_check_size(), ==, 1); /* We are now OOM */
+  tt_int_op(cell_queues_check_size(), OP_EQ, 1); /* We are now OOM */
 
   tt_assert(c1->marked_for_close);
   tt_assert(! c2->marked_for_close);
   tt_assert(! c3->marked_for_close);
   tt_assert(! c4->marked_for_close);
 
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * (257 - 30));
 
   circuit_free(c1);
@@ -208,14 +196,14 @@ test_oom_circbuf(void *arg)
   tv.tv_usec = 40*1000; /* go back to the future */
   tor_gettimeofday_cache_set(&tv);
 
-  tt_int_op(cell_queues_check_size(), ==, 1); /* We are now OOM */
+  tt_int_op(cell_queues_check_size(), OP_EQ, 1); /* We are now OOM */
 
   tt_assert(c1->marked_for_close);
   tt_assert(! c2->marked_for_close);
   tt_assert(! c3->marked_for_close);
   tt_assert(! c4->marked_for_close);
 
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * (257 - 30));
 
  done:
@@ -242,17 +230,13 @@ test_oom_streambuf(void *arg)
 
   MOCK(circuit_mark_for_close_, circuit_mark_for_close_dummy_);
 
-#ifdef ENABLE_MEMPOOLS
-  init_cell_pool();
-#endif /* ENABLE_MEMPOOLS */
-
   /* Far too low for real life. */
   options->MaxMemInQueues = 81*packed_cell_mem_cost() + 4096 * 34;
   options->CellStatistics = 0;
 
-  tt_int_op(cell_queues_check_size(), ==, 0); /* We don't start out OOM. */
-  tt_int_op(cell_queues_get_total_allocation(), ==, 0);
-  tt_int_op(buf_get_total_allocation(), ==, 0);
+  tt_int_op(cell_queues_check_size(), OP_EQ, 0); /* We don't start out OOM. */
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ, 0);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 0);
 
   /* Start all circuits with a bit of data queued in cells */
   tv.tv_usec = 500*1000; /* go halfway into the second. */
@@ -267,7 +251,7 @@ test_oom_streambuf(void *arg)
   tv.tv_usec = 530*1000;
   tor_gettimeofday_cache_set(&tv);
   c4 = dummy_or_circuit_new(0,0);
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 80);
 
   tv.tv_usec = 600*1000;
@@ -303,24 +287,24 @@ test_oom_streambuf(void *arg)
   tv.tv_usec = 0;
   tvms = (uint32_t) tv_to_msec(&tv);
 
-  tt_int_op(circuit_max_queued_cell_age(c1, tvms), ==, 500);
-  tt_int_op(circuit_max_queued_cell_age(c2, tvms), ==, 490);
-  tt_int_op(circuit_max_queued_cell_age(c3, tvms), ==, 480);
-  tt_int_op(circuit_max_queued_cell_age(c4, tvms), ==, 0);
+  tt_int_op(circuit_max_queued_cell_age(c1, tvms), OP_EQ, 500);
+  tt_int_op(circuit_max_queued_cell_age(c2, tvms), OP_EQ, 490);
+  tt_int_op(circuit_max_queued_cell_age(c3, tvms), OP_EQ, 480);
+  tt_int_op(circuit_max_queued_cell_age(c4, tvms), OP_EQ, 0);
 
-  tt_int_op(circuit_max_queued_data_age(c1, tvms), ==, 390);
-  tt_int_op(circuit_max_queued_data_age(c2, tvms), ==, 380);
-  tt_int_op(circuit_max_queued_data_age(c3, tvms), ==, 0);
-  tt_int_op(circuit_max_queued_data_age(c4, tvms), ==, 370);
+  tt_int_op(circuit_max_queued_data_age(c1, tvms), OP_EQ, 390);
+  tt_int_op(circuit_max_queued_data_age(c2, tvms), OP_EQ, 380);
+  tt_int_op(circuit_max_queued_data_age(c3, tvms), OP_EQ, 0);
+  tt_int_op(circuit_max_queued_data_age(c4, tvms), OP_EQ, 370);
 
-  tt_int_op(circuit_max_queued_item_age(c1, tvms), ==, 500);
-  tt_int_op(circuit_max_queued_item_age(c2, tvms), ==, 490);
-  tt_int_op(circuit_max_queued_item_age(c3, tvms), ==, 480);
-  tt_int_op(circuit_max_queued_item_age(c4, tvms), ==, 370);
+  tt_int_op(circuit_max_queued_item_age(c1, tvms), OP_EQ, 500);
+  tt_int_op(circuit_max_queued_item_age(c2, tvms), OP_EQ, 490);
+  tt_int_op(circuit_max_queued_item_age(c3, tvms), OP_EQ, 480);
+  tt_int_op(circuit_max_queued_item_age(c4, tvms), OP_EQ, 370);
 
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 80);
-  tt_int_op(buf_get_total_allocation(), ==, 4096*16*2);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 4096*16*2);
 
   /* Now give c4 a very old buffer of modest size */
   {
@@ -332,21 +316,21 @@ test_oom_streambuf(void *arg)
     tt_assert(ec);
     smartlist_add(edgeconns, ec);
   }
-  tt_int_op(buf_get_total_allocation(), ==, 4096*17*2);
-  tt_int_op(circuit_max_queued_item_age(c4, tvms), ==, 1000);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 4096*17*2);
+  tt_int_op(circuit_max_queued_item_age(c4, tvms), OP_EQ, 1000);
 
-  tt_int_op(cell_queues_check_size(), ==, 0);
+  tt_int_op(cell_queues_check_size(), OP_EQ, 0);
 
   /* And run over the limit. */
   tv.tv_usec = 800*1000;
   tor_gettimeofday_cache_set(&tv);
   c5 = dummy_or_circuit_new(0,5);
 
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 85);
-  tt_int_op(buf_get_total_allocation(), ==, 4096*17*2);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 4096*17*2);
 
-  tt_int_op(cell_queues_check_size(), ==, 1); /* We are now OOM */
+  tt_int_op(cell_queues_check_size(), OP_EQ, 1); /* We are now OOM */
 
   /* C4 should have died. */
   tt_assert(! c1->marked_for_close);
@@ -355,9 +339,9 @@ test_oom_streambuf(void *arg)
   tt_assert(c4->marked_for_close);
   tt_assert(! c5->marked_for_close);
 
-  tt_int_op(cell_queues_get_total_allocation(), ==,
+  tt_int_op(cell_queues_get_total_allocation(), OP_EQ,
             packed_cell_mem_cost() * 85);
-  tt_int_op(buf_get_total_allocation(), ==, 4096*8*2);
+  tt_int_op(buf_get_total_allocation(), OP_EQ, 4096*8*2);
 
  done:
   circuit_free(c1);
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 737f658e2c..4f24757a85 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define CONFIG_PRIVATE
@@ -8,6 +8,18 @@
 #include "confparse.h"
 #include "config.h"
 #include "test.h"
+#include "geoip.h"
+
+#define ROUTERSET_PRIVATE
+#include "routerset.h"
+
+#include "log_test_helpers.h"
+
+#include "sandbox.h"
+#include "memarea.h"
+#include "policies.h"
+
+#define NS_MODULE test_options
 
 typedef struct {
   int severity;
@@ -38,6 +50,7 @@ setup_log_callback(void)
   lst.masks[LOG_WARN - LOG_ERR] = ~0;
   lst.masks[LOG_NOTICE - LOG_ERR] = ~0;
   add_callback_log(&lst, log_cback);
+  mark_logs_temp();
 }
 
 static char *
@@ -69,28 +82,47 @@ clear_log_messages(void)
   messages = NULL;
 }
 
+#define setup_options(opt,dflt)              \
+  do {                                       \
+    opt = options_new();                     \
+    opt->command = CMD_RUN_TOR;              \
+    options_init(opt);                       \
+                                             \
+    dflt = config_dup(&options_format, opt); \
+    clear_log_messages();                    \
+  } while (0)
+
+#define VALID_DIR_AUTH "DirAuthority dizum orport=443 v3ident=E8A9C45"  \
+  "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
+  " 083C 538F 4403 8BBF A077 587D D755\n"
+#define VALID_ALT_BRIDGE_AUTH \
+  "AlternateBridgeAuthority dizum orport=443 v3ident=E8A9C45"           \
+  "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
+  " 083C 538F 4403 8BBF A077 587D D755\n"
+#define VALID_ALT_DIR_AUTH \
+  "AlternateDirAuthority dizum orport=443 v3ident=E8A9C45"           \
+  "EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83" \
+  " 083C 538F 4403 8BBF A077 587D D755\n"
+
 static void
 test_options_validate_impl(const char *configuration,
                            const char *expect_errmsg,
                            int expect_log_severity,
                            const char *expect_log)
 {
-  or_options_t *opt = options_new();
+  or_options_t *opt=NULL;
   or_options_t *dflt;
   config_line_t *cl=NULL;
   char *msg=NULL;
   int r;
-  opt->command = CMD_RUN_TOR;
-  options_init(opt);
 
-  dflt = config_dup(&options_format, opt);
-  clear_log_messages();
+  setup_options(opt, dflt);
 
   r = config_get_lines(configuration, &cl, 1);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   r = config_assign(&options_format, opt, cl, 0, 0, &msg);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   r = options_validate(NULL, opt, dflt, 0, &msg);
   if (expect_errmsg && !msg) {
@@ -103,7 +135,7 @@ test_options_validate_impl(const char *configuration,
     TT_DIE(("Expected no error message from <%s> but got <%s>.",
             configuration, msg));
   }
-  tt_int_op((r == 0), ==, (msg == NULL));
+  tt_int_op((r == 0), OP_EQ, (msg == NULL));
 
   if (expect_log) {
     int found = 0;
@@ -126,6 +158,8 @@ test_options_validate_impl(const char *configuration,
   }
 
  done:
+  escaped(NULL);
+  policies_free_all();
   config_free_lines(cl);
   or_options_free(opt);
   or_options_free(dflt);
@@ -147,6 +181,7 @@ test_options_validate(void *arg)
 {
   (void)arg;
   setup_log_callback();
+  sandbox_disable_getaddrinfo_cache();
 
   WANT_ERR("ExtORPort 500000", "Invalid ExtORPort");
 
@@ -159,12 +194,4205 @@ test_options_validate(void *arg)
                "ServerTransportOptions did not parse",
                LOG_WARN, "\"slingsnappy\" is not a k=v");
 
+  WANT_ERR("DirPort 8080\nDirCache 0",
+           "DirPort configured but DirCache disabled.");
+  WANT_ERR("BridgeRelay 1\nDirCache 0",
+           "We're a bridge but DirCache is disabled.");
+
+  close_temp_logs();
+  clear_log_messages();
+  return;
+}
+
+#define MEGABYTEIFY(mb) (U64_LITERAL(mb) << 20)
+static void
+test_have_enough_mem_for_dircache(void *arg)
+{
+  (void)arg;
+  or_options_t *opt=NULL;
+  or_options_t *dflt=NULL;
+  config_line_t *cl=NULL;
+  char *msg=NULL;;
+  int r;
+  const char *configuration = "ORPort 8080\nDirCache 1", *expect_errmsg;
+
+  setup_options(opt, dflt);
+  setup_log_callback();
+  (void)dflt;
+
+  r = config_get_lines(configuration, &cl, 1);
+  tt_int_op(r, OP_EQ, 0);
+
+  r = config_assign(&options_format, opt, cl, 0, 0, &msg);
+  tt_int_op(r, OP_EQ, 0);
+
+  /* 300 MB RAM available, DirCache enabled */
+  r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
+  tt_int_op(r, OP_EQ, 0);
+  tt_assert(!msg);
+
+  /* 200 MB RAM available, DirCache enabled */
+  r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
+  tt_int_op(r, OP_EQ, -1);
+  expect_errmsg = "Being a directory cache (default) with less than ";
+  if (!strstr(msg, expect_errmsg)) {
+    TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
+            expect_errmsg, configuration, msg));
+  }
+  tor_free(msg);
+
+  config_free_lines(cl); cl = NULL;
+  configuration = "ORPort 8080\nDirCache 1\nBridgeRelay 1";
+  r = config_get_lines(configuration, &cl, 1);
+  tt_int_op(r, OP_EQ, 0);
+
+  r = config_assign(&options_format, opt, cl, 0, 0, &msg);
+  tt_int_op(r, OP_EQ, 0);
+
+  /* 300 MB RAM available, DirCache enabled, Bridge */
+  r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
+  tt_int_op(r, OP_EQ, 0);
+  tt_assert(!msg);
+
+  /* 200 MB RAM available, DirCache enabled, Bridge */
+  r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
+  tt_int_op(r, OP_EQ, -1);
+  expect_errmsg = "Running a Bridge with less than ";
+  if (!strstr(msg, expect_errmsg)) {
+    TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
+            expect_errmsg, configuration, msg));
+  }
+  tor_free(msg);
+
+  config_free_lines(cl); cl = NULL;
+  configuration = "ORPort 8080\nDirCache 0";
+  r = config_get_lines(configuration, &cl, 1);
+  tt_int_op(r, OP_EQ, 0);
+
+  r = config_assign(&options_format, opt, cl, 0, 0, &msg);
+  tt_int_op(r, OP_EQ, 0);
+
+  /* 200 MB RAM available, DirCache disabled */
+  r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(200), &msg);
+  tt_int_op(r, OP_EQ, 0);
+  tt_assert(!msg);
+
+  /* 300 MB RAM available, DirCache disabled */
+  r = have_enough_mem_for_dircache(opt, MEGABYTEIFY(300), &msg);
+  tt_int_op(r, OP_EQ, -1);
+  expect_errmsg = "DirCache is disabled and we are configured as a ";
+  if (!strstr(msg, expect_errmsg)) {
+    TT_DIE(("Expected error message <%s> from <%s>, but got <%s>.",
+            expect_errmsg, configuration, msg));
+  }
+  tor_free(msg);
+
   clear_log_messages();
+
+ done:
+  if (msg)
+    tor_free(msg);
+  or_options_free(dflt);
+  or_options_free(opt);
+  config_free_lines(cl);
   return;
 }
 
+static const char *fixed_get_uname_result = NULL;
+
+static const char *
+fixed_get_uname(void)
+{
+  return fixed_get_uname_result;
+}
+
+#define TEST_OPTIONS_OLD_VALUES   "TestingV3AuthInitialVotingInterval 1800\n" \
+  "ClientBootstrapConsensusMaxDownloadTries 7\n" \
+  "ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 4\n" \
+  "ClientBootstrapConsensusMaxInProgressTries 3\n" \
+  "TestingV3AuthInitialVoteDelay 300\n"   \
+  "TestingV3AuthInitialDistDelay 300\n" \
+  "TestingClientMaxIntervalWithoutRequest 600\n" \
+  "TestingDirConnectionMaxStall 600\n" \
+  "TestingConsensusMaxDownloadTries 8\n" \
+  "TestingDescriptorMaxDownloadTries 8\n" \
+  "TestingMicrodescMaxDownloadTries 8\n" \
+  "TestingCertMaxDownloadTries 8\n"
+
+#define TEST_OPTIONS_DEFAULT_VALUES TEST_OPTIONS_OLD_VALUES \
+  "MaxClientCircuitsPending 1\n"                                        \
+  "RendPostPeriod 1000\n"                                               \
+  "KeepAlivePeriod 1\n"                                                 \
+  "ConnLimit 1\n"                                                       \
+  "V3AuthVotingInterval 300\n"                                          \
+  "V3AuthVoteDelay 20\n"                                                \
+  "V3AuthDistDelay 20\n"                                                \
+  "V3AuthNIntervalsValid 3\n"                                           \
+  "ClientUseIPv4 1\n"                                                     \
+  "VirtualAddrNetworkIPv4 127.192.0.0/10\n"                             \
+  "VirtualAddrNetworkIPv6 [FE80::]/10\n"                                \
+  "SchedulerHighWaterMark__ 42\n"                                       \
+  "SchedulerLowWaterMark__ 10\n"
+
+typedef struct {
+  or_options_t *old_opt;
+  or_options_t *opt;
+  or_options_t *def_opt;
+} options_test_data_t;
+
+static void free_options_test_data(options_test_data_t *td);
+
+static options_test_data_t *
+get_options_test_data(const char *conf)
+{
+  int rv = -1;
+  char *msg = NULL;
+  config_line_t *cl=NULL;
+  options_test_data_t *result = tor_malloc(sizeof(options_test_data_t));
+  result->opt = options_new();
+  result->old_opt = options_new();
+  result->def_opt = options_new();
+  rv = config_get_lines(conf, &cl, 1);
+  tt_assert(rv == 0);
+  rv = config_assign(&options_format, result->opt, cl, 0, 0, &msg);
+  if (msg) {
+    /* Display the parse error message by comparing it with an empty string */
+    tt_str_op(msg, OP_EQ, "");
+  }
+  tt_assert(rv == 0);
+  config_free_lines(cl);
+  result->opt->LogTimeGranularity = 1;
+  result->opt->TokenBucketRefillInterval = 1;
+  rv = config_get_lines(TEST_OPTIONS_OLD_VALUES, &cl, 1);
+  tt_assert(rv == 0);
+  rv = config_assign(&options_format, result->def_opt, cl, 0, 0, &msg);
+  if (msg) {
+    /* Display the parse error message by comparing it with an empty string */
+    tt_str_op(msg, OP_EQ, "");
+  }
+  tt_assert(rv == 0);
+
+ done:
+  config_free_lines(cl);
+  if (rv != 0) {
+    free_options_test_data(result);
+    result = NULL;
+    /* Callers expect a non-NULL result, so just die if we can't provide one.
+     */
+    tor_assert(0);
+  }
+  return result;
+}
+
+static void
+free_options_test_data(options_test_data_t *td)
+{
+  if (!td) return;
+  or_options_free(td->old_opt);
+  or_options_free(td->opt);
+  or_options_free(td->def_opt);
+  tor_free(td);
+}
+
+#define expect_log_msg(str) \
+  tt_assert_msg(mock_saved_log_has_message(str), \
+                "expected log to contain " # str);
+
+#define expect_no_log_msg(str)                      \
+  tt_assert_msg(!mock_saved_log_has_message(str), \
+                "expected log to not contain " # str);
+
+static void
+test_options_validate__uname_for_server(void *ignored)
+{
+  (void)ignored;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                      "ORListenAddress 127.0.0.1:5555");
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  MOCK(get_uname, fixed_get_uname);
+  fixed_get_uname_result = "Windows 95";
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("Tor is running as a server, but you"
+           " are running Windows 95; this probably won't work. See https://www"
+           ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
+  tor_free(msg);
+
+  fixed_get_uname_result = "Windows 98";
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("Tor is running as a server, but you"
+           " are running Windows 98; this probably won't work. See https://www"
+           ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
+  tor_free(msg);
+
+  fixed_get_uname_result = "Windows Me";
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("Tor is running as a server, but you"
+           " are running Windows Me; this probably won't work. See https://www"
+           ".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
+  tor_free(msg);
+
+  fixed_get_uname_result = "Windows 2000";
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_entry();
+  tor_free(msg);
+
+ done:
+  UNMOCK(get_uname);
+  free_options_test_data(tdata);
+  tor_free(msg);
+  teardown_capture_of_logs(previous_log);
+}
+
+static void
+test_options_validate__outbound_addresses(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                    "OutboundBindAddress xxyy!!!sdfaf");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__data_directory(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                                "DataDirectory longreallyl"
+                                                "ongLONGLONGlongreallylong"
+                                                "LONGLONGlongreallylongLON"
+                                                "GLONGlongreallylongLONGLO"
+                                                "NGlongreallylongLONGLONGl"
+                                                "ongreallylongLONGLONGlong"
+                                                "reallylongLONGLONGlongrea"
+                                                "llylongLONGLONGlongreally"
+                                                "longLONGLONGlongreallylon"
+                                                "gLONGLONGlongreallylongLO"
+                                                "NGLONGlongreallylongLONGL"
+                                                "ONGlongreallylongLONGLONG"
+                                                "longreallylongLONGLONGlon"
+                                                "greallylongLONGLONGlongre"
+                                                "allylongLONGLONGlongreall"
+                                                "ylongLONGLONGlongreallylo"
+                                                "ngLONGLONGlongreallylongL"
+                                                "ONGLONGlongreallylongLONG"
+                                                "LONG"); // 440 characters
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Invalid DataDirectory");
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__nickname(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                        "Nickname ThisNickNameIsABitTooLong");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Nickname 'ThisNickNameIsABitTooLong' is wrong length or"
+            " contains illegal characters.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("Nickname AMoreValidNick");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("DataDirectory /tmp/somewhere");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__contactinfo(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                "ORListenAddress 127.0.0.1:5555\nORPort 955");
+  int previous_log = setup_capture_of_logs(LOG_DEBUG);
+  tdata->opt->ContactInfo = NULL;
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg(
+            "Your ContactInfo config option is not"
+            " set. Please consider setting it, so we can contact you if your"
+            " server is misconfigured or something else goes wrong.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ORListenAddress 127.0.0.1:5555\nORPort 955\n"
+                                "ContactInfo hella@example.org");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_no_log_msg(
+            "Your ContactInfo config option is not"
+            " set. Please consider setting it, so we can contact you if your"
+            " server is misconfigured or something else goes wrong.\n");
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+extern int quiet_level;
+
+static void
+test_options_validate__logs(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  (void)ret;
+  char *msg;
+  int orig_quiet_level = quiet_level;
+  options_test_data_t *tdata = get_options_test_data("");
+  tdata->opt->Logs = NULL;
+  tdata->opt->RunAsDaemon = 0;
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(tdata->opt->Logs->key, OP_EQ, "Log");
+  tt_str_op(tdata->opt->Logs->value, OP_EQ, "notice stdout");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("");
+  tdata->opt->Logs = NULL;
+  tdata->opt->RunAsDaemon = 0;
+  quiet_level = 1;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(tdata->opt->Logs->key, OP_EQ, "Log");
+  tt_str_op(tdata->opt->Logs->value, OP_EQ, "warn stdout");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("");
+  tdata->opt->Logs = NULL;
+  tdata->opt->RunAsDaemon = 0;
+  quiet_level = 2;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_assert(!tdata->opt->Logs);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("");
+  tdata->opt->Logs = NULL;
+  tdata->opt->RunAsDaemon = 0;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 1, &msg);
+  tt_assert(!tdata->opt->Logs);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("");
+  tdata->opt->Logs = NULL;
+  tdata->opt->RunAsDaemon = 1;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_assert(!tdata->opt->Logs);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("");
+  tdata->opt->RunAsDaemon = 0;
+  config_line_t *cl=NULL;
+  config_get_lines("Log foo", &cl, 1);
+  tdata->opt->Logs = cl;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op((intptr_t)tdata->opt->Logs, OP_EQ, (intptr_t)cl);
+
+ done:
+  quiet_level = orig_quiet_level;
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+/* static config_line_t * */
+/* mock_config_line(const char *key, const char *val) */
+/* { */
+/*   config_line_t *config_line = tor_malloc(sizeof(config_line_t)); */
+/*   memset(config_line, 0, sizeof(config_line_t)); */
+/*   config_line->key = tor_strdup(key); */
+/*   config_line->value = tor_strdup(val); */
+/*   return config_line; */
+/* } */
+
+static void
+test_options_validate__authdir(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_INFO);
+  options_test_data_t *tdata = get_options_test_data(
+                                 "AuthoritativeDirectory 1\n"
+                                 "Address this.should.not_exist.example.org");
+
+  sandbox_disable_getaddrinfo_cache();
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
+            " details.");
+  expect_log_msg("Could not resolve local Address "
+            "'this.should.not_exist.example.org'. Failing.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Authoritative directory servers must set ContactInfo");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "TestingTorNetwork 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
+            "AuthoritativeDir is set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
+            "AuthoritativeDir is set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "RecommendedVersions 1.2, 3.14\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14");
+  tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "RecommendedVersions 1.2, 3.14\n"
+                                "RecommendedClientVersions 25\n"
+                                "RecommendedServerVersions 4.18\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "25");
+  tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "4.18");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "VersioningAuthoritativeDirectory 1\n"
+                                "RecommendedVersions 1.2, 3.14\n"
+                                "RecommendedClientVersions 25\n"
+                                "RecommendedServerVersions 4.18\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
+            "AuthoritativeDir is set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "VersioningAuthoritativeDirectory 1\n"
+                                "RecommendedServerVersions 4.18\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
+            "Recommended*Versions.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "VersioningAuthoritativeDirectory 1\n"
+                                "RecommendedClientVersions 4.18\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set "
+            "Recommended*Versions.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "UseEntryGuards 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("Authoritative directory servers "
+            "can't set UseEntryGuards. Disabling.\n");
+  tt_int_op(tdata->opt->UseEntryGuards, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "V3AuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("Authoritative directories always try"
+            " to download extra-info documents. Setting DownloadExtraInfo.\n");
+  tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "DownloadExtraInfo 1\n"
+                                "V3AuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_no_log_msg("Authoritative directories always try"
+            " to download extra-info documents. Setting DownloadExtraInfo.\n");
+  tt_int_op(tdata->opt->DownloadExtraInfo, OP_EQ, 1);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)"
+            "AuthoritativeDir is set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "BridgeAuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "V3BandwidthsFile non-existant-file\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ,
+            "Running as authoritative directory, but no DirPort set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "BridgeAuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "V3BandwidthsFile non-existant-file\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(NULL, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ,
+            "Running as authoritative directory, but no DirPort set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "BridgeAuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "GuardfractionFile non-existant-file\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ,
+            "Running as authoritative directory, but no DirPort set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "BridgeAuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "GuardfractionFile non-existant-file\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  options_validate(NULL, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_str_op(msg, OP_EQ,
+            "Running as authoritative directory, but no DirPort set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "BridgeAuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Running as authoritative directory, but no DirPort set.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AuthoritativeDirectory 1\n"
+                                "Address 100.200.10.1\n"
+                                "DirPort 999\n"
+                                "BridgeAuthoritativeDir 1\n"
+                                "ContactInfo hello@hello.com\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Running as authoritative directory, but no ORPort set.");
+  tor_free(msg);
+
+  // TODO: This case can't be reached, since clientonly is used to
+  // check when parsing port lines as well.
+  /* free_options_test_data(tdata); */
+  /* tdata = get_options_test_data("AuthoritativeDirectory 1\n" */
+  /*                               "Address 100.200.10.1\n" */
+  /*                               "DirPort 999\n" */
+  /*                               "ORPort 888\n" */
+  /*                               "ClientOnly 1\n" */
+  /*                               "BridgeAuthoritativeDir 1\n" */
+  /*                               "ContactInfo hello@hello.com\n" */
+  /*                               "SchedulerHighWaterMark__ 42\n" */
+  /*                               "SchedulerLowWaterMark__ 10\n"); */
+  /* mock_clean_saved_logs(); */
+  /* ret = options_validate(tdata->old_opt, tdata->opt, */
+  /*                        tdata->def_opt, 0, &msg); */
+  /* tt_int_op(ret, OP_EQ, -1); */
+  /* tt_str_op(msg, OP_EQ, "Running as authoritative directory, " */
+  /*           "but ClientOnly also set."); */
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  //  sandbox_free_getaddrinfo_cache();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__relay_with_hidden_services(void *ignored)
+{
+  (void)ignored;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_DEBUG);
+  options_test_data_t *tdata = get_options_test_data(
+                                  "ORListenAddress 127.0.0.1:5555\n"
+                                  "ORPort 955\n"
+                                  "HiddenServiceDir "
+                                  "/Library/Tor/var/lib/tor/hidden_service/\n"
+                                  "HiddenServicePort 80 127.0.0.1:8080\n"
+                                                     );
+
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg(
+            "Tor is currently configured as a relay and a hidden service. "
+            "That's not very secure: you should probably run your hidden servi"
+            "ce in a separate Tor process, at least -- see "
+            "https://trac.torproject.org/8742\n");
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+// TODO: it doesn't seem possible to hit the case of having no port lines at
+// all, since there will be a default created for SocksPort
+/* static void */
+/* test_options_validate__ports(void *ignored) */
+/* { */
+/*   (void)ignored; */
+/*   int ret; */
+/*   char *msg; */
+/*   int previous_log = setup_capture_of_logs(LOG_WARN); */
+/*   options_test_data_t *tdata = get_options_test_data(""); */
+/*   ret = options_validate(tdata->old_opt, tdata->opt, */
+/*                          tdata->def_opt, 0, &msg); */
+/*   expect_log_msg("SocksPort, TransPort, NATDPort, DNSPort, and ORPort " */
+/*           "are all undefined, and there aren't any hidden services " */
+/*           "configured. " */
+/*           " Tor will still run, but probably won't do anything.\n"); */
+/*  done: */
+/*   teardown_capture_of_logs(previous_log); */
+/*   free_options_test_data(tdata); */
+/*   tor_free(msg); */
+/* } */
+
+static void
+test_options_validate__transproxy(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata;
+
+#ifdef USE_TRANSPARENT
+  // Test default trans proxy
+  tdata = get_options_test_data("TransProxyType default\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_DEFAULT);
+  tor_free(msg);
+
+  // Test pf-divert trans proxy
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("TransProxyType pf-divert\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+
+#if !defined(__OpenBSD__) && !defined( DARWIN )
+  tt_str_op(msg, OP_EQ,
+          "pf-divert is a OpenBSD-specific and OS X/Darwin-specific feature.");
+#else
+  tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_PF_DIVERT);
+  tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without "
+            "any valid TransPort or TransListenAddress.");
+#endif
+  tor_free(msg);
+
+  // Test tproxy trans proxy
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("TransProxyType tproxy\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+
+#if !defined(__linux__)
+  tt_str_op(msg, OP_EQ, "TPROXY is a Linux-specific feature.");
+#else
+  tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_TPROXY);
+  tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
+            "TransPort or TransListenAddress.");
+#endif
+  tor_free(msg);
+
+  // Test ipfw trans proxy
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("TransProxyType ipfw\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+
+#ifndef KERNEL_MAY_SUPPORT_IPFW
+  tt_str_op(msg, OP_EQ, "ipfw is a FreeBSD-specificand OS X/Darwin-specific "
+            "feature.");
+#else
+  tt_int_op(tdata->opt->TransProxyType_parsed, OP_EQ, TPT_IPFW);
+  tt_str_op(msg, OP_EQ, "Cannot use TransProxyType without any valid "
+            "TransPort or TransListenAddress.");
+#endif
+  tor_free(msg);
+
+  // Test unknown trans proxy
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("TransProxyType non-existant\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Unrecognized value for TransProxyType");
+  tor_free(msg);
+
+  // Test trans proxy success
+  free_options_test_data(tdata);
+  tdata = NULL;
+
+#if defined(linux)
+  tdata = get_options_test_data("TransProxyType tproxy\n"
+                                "TransPort 127.0.0.1:123\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+#endif
+#if defined(__FreeBSD_kernel__) || defined( DARWIN )
+  tdata = get_options_test_data("TransProxyType ipfw\n"
+                                "TransPort 127.0.0.1:123\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+#endif
+#if defined(__OpenBSD__)
+  tdata = get_options_test_data("TransProxyType pf-divert\n"
+                                "TransPort 127.0.0.1:123\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+#endif
+
+  // Assert that a test has run for some TransProxyType
+  tt_assert(tdata);
+
+#else
+  tdata = get_options_test_data("TransPort 127.0.0.1:555\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TransPort and TransListenAddress are disabled in "
+            "this build.");
+  tor_free(msg);
+#endif
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+NS_DECL(country_t, geoip_get_country, (const char *country));
+
+static country_t
+NS(geoip_get_country)(const char *countrycode)
+{
+  (void)countrycode;
+  CALLED(geoip_get_country)++;
+
+  return 1;
+}
+
+static void
+test_options_validate__exclude_nodes(void *ignored)
+{
+  (void)ignored;
+
+  NS_MOCK(geoip_get_country);
+
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+  options_test_data_t *tdata = get_options_test_data(
+                                                  "ExcludeExitNodes {us}\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
+  tt_str_op((char *)
+            (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
+            OP_EQ, "{us}");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ExcludeNodes {cn}\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 1);
+  tt_str_op((char *)
+            (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
+            OP_EQ, "{cn}");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ExcludeNodes {cn}\n"
+                                "ExcludeExitNodes {us} {cn}\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(smartlist_len(tdata->opt->ExcludeExitNodesUnion_->list), OP_EQ, 2);
+  tt_str_op((char *)
+            (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 0)),
+            OP_EQ, "{us} {cn}");
+  tt_str_op((char *)
+            (smartlist_get(tdata->opt->ExcludeExitNodesUnion_->list, 1)),
+            OP_EQ, "{cn}");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ExcludeNodes {cn}\n"
+                                "StrictNodes 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg(
+            "You have asked to exclude certain relays from all positions "
+            "in your circuits. Expect hidden services and other Tor "
+            "features to be broken in unpredictable ways.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ExcludeNodes {cn}\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_no_log_msg(
+            "You have asked to exclude certain relays from all positions "
+            "in your circuits. Expect hidden services and other Tor "
+            "features to be broken in unpredictable ways.\n");
+  tor_free(msg);
+
+ done:
+  NS_UNMOCK(geoip_get_country);
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__scheduler(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_DEBUG);
+  options_test_data_t *tdata = get_options_test_data(
+                                            "SchedulerLowWaterMark__ 0\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg("Bad SchedulerLowWaterMark__ option\n");
+  tor_free(msg);
+
+  // TODO: this test cannot run on platforms where UINT32_MAX == UINT64_MAX.
+  // I suspect it's unlikely this branch can actually happen
+  /* free_options_test_data(tdata); */
+  /* tdata = get_options_test_data( */
+  /*                      "SchedulerLowWaterMark 10000000000000000000\n"); */
+  /* tdata->opt->SchedulerLowWaterMark__ = (uint64_t)UINT32_MAX; */
+  /* tdata->opt->SchedulerLowWaterMark__++; */
+  /* mock_clean_saved_logs(); */
+  /* ret = options_validate(tdata->old_opt, tdata->opt, */
+  /*                        tdata->def_opt, 0, &msg); */
+  /* tt_int_op(ret, OP_EQ, -1); */
+  /* expect_log_msg("Bad SchedulerLowWaterMark__ option\n"); */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("SchedulerLowWaterMark__ 42\n"
+                                "SchedulerHighWaterMark__ 42\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg("Bad SchedulerHighWaterMark option\n");
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__node_families(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                     "NodeFamily flux, flax\n"
+                                     "NodeFamily somewhere\n"
+                                     "SchedulerHighWaterMark__ 42\n"
+                                     "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(tdata->opt->NodeFamilySets);
+  tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 2);
+  tt_str_op((char *)(smartlist_get(
+    ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 0)),
+            OP_EQ, "flux");
+  tt_str_op((char *)(smartlist_get(
+    ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 0))->list, 1)),
+            OP_EQ, "flax");
+  tt_str_op((char *)(smartlist_get(
+    ((routerset_t *)smartlist_get(tdata->opt->NodeFamilySets, 1))->list, 0)),
+            OP_EQ, "somewhere");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!tdata->opt->NodeFamilySets);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("NodeFamily !flux\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(tdata->opt->NodeFamilySets);
+  tt_int_op(smartlist_len(tdata->opt->NodeFamilySets), OP_EQ, 0);
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__tlsec(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_DEBUG);
+  options_test_data_t *tdata = get_options_test_data(
+                                 "TLSECGroup ed25519\n"
+                                 "SchedulerHighWaterMark__ 42\n"
+                                 "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg("Unrecognized TLSECGroup: Falling back to the default.\n");
+  tt_assert(!tdata->opt->TLSECGroup);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("TLSECGroup P224\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_no_log_msg(
+            "Unrecognized TLSECGroup: Falling back to the default.\n");
+  tt_assert(tdata->opt->TLSECGroup);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("TLSECGroup P256\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_no_log_msg(
+            "Unrecognized TLSECGroup: Falling back to the default.\n");
+  tt_assert(tdata->opt->TLSECGroup);
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__token_bucket(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data("");
+
+  tdata->opt->TokenBucketRefillInterval = 0;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
+  tor_free(msg);
+
+  tdata->opt->TokenBucketRefillInterval = 1001;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__recommended_packages(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+  options_test_data_t *tdata = get_options_test_data(
+            "RecommendedPackages foo 1.2 http://foo.com sha1=123123123123\n"
+            "RecommendedPackages invalid-package-line\n"
+            "SchedulerHighWaterMark__ 42\n"
+            "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_no_log_msg("Invalid RecommendedPackage line "
+            "invalid-package-line will be ignored\n");
+
+ done:
+  escaped(NULL); // This will free the leaking memory from the previous escaped
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__fetch_dir(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                            "FetchDirInfoExtraEarly 1\n"
+                                            "FetchDirInfoEarly 0\n"
+                                            "SchedulerHighWaterMark__ 42\n"
+                                            "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "FetchDirInfoExtraEarly requires that you"
+            " also set FetchDirInfoEarly");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("FetchDirInfoExtraEarly 1\n"
+                                "FetchDirInfoEarly 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_NE, "FetchDirInfoExtraEarly requires that you"
+            " also set FetchDirInfoEarly");
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__conn_limit(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                            "ConnLimit 0\n"
+                                            "SchedulerHighWaterMark__ 42\n"
+                                            "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "ConnLimit must be greater than 0, but was set to 0");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024, "
+            "but was set to 0");
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__paths_needed(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+  options_test_data_t *tdata = get_options_test_data(
+                                      "PathsNeededToBuildCircuits 0.1\n"
+                                      "ConnLimit 1\n"
+                                      "SchedulerHighWaterMark__ 42\n"
+                                      "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.24 &&
+            tdata->opt->PathsNeededToBuildCircuits < 0.26);
+  expect_log_msg("PathsNeededToBuildCircuits is too low. "
+                 "Increasing to 0.25\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data("PathsNeededToBuildCircuits 0.99\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.94 &&
+            tdata->opt->PathsNeededToBuildCircuits < 0.96);
+  expect_log_msg("PathsNeededToBuildCircuits is "
+            "too high. Decreasing to 0.95\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data("PathsNeededToBuildCircuits 0.91\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(tdata->opt->PathsNeededToBuildCircuits > 0.90 &&
+            tdata->opt->PathsNeededToBuildCircuits < 0.92);
+  expect_no_log_entry();
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__max_client_circuits(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                           "MaxClientCircuitsPending 0\n"
+                                           "ConnLimit 1\n"
+                                           "SchedulerHighWaterMark__ 42\n"
+                                           "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
+            " but was set to 0");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("MaxClientCircuitsPending 1025\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "MaxClientCircuitsPending must be between 1 and 1024,"
+            " but was set to 1025");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__ports(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                      "FirewallPorts 65537\n"
+                                      "MaxClientCircuitsPending 1\n"
+                                      "ConnLimit 1\n"
+                                      "SchedulerHighWaterMark__ 42\n"
+                                      "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Port '65537' out of range in FirewallPorts");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("FirewallPorts 1\n"
+                                "LongLivedPorts 124444\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Port '124444' out of range in LongLivedPorts");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("FirewallPorts 1\n"
+                                "LongLivedPorts 2\n"
+                                "RejectPlaintextPorts 112233\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Port '112233' out of range in RejectPlaintextPorts");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("FirewallPorts 1\n"
+                                "LongLivedPorts 2\n"
+                                "RejectPlaintextPorts 3\n"
+                                "WarnPlaintextPorts 65536\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Port '65536' out of range in WarnPlaintextPorts");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("FirewallPorts 1\n"
+                                "LongLivedPorts 2\n"
+                                "RejectPlaintextPorts 3\n"
+                                "WarnPlaintextPorts 4\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__reachable_addresses(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_NOTICE);
+  options_test_data_t *tdata = get_options_test_data(
+                                     "FascistFirewall 1\n"
+                                     "MaxClientCircuitsPending 1\n"
+                                     "ConnLimit 1\n"
+                                     "SchedulerHighWaterMark__ 42\n"
+                                     "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg("Converting FascistFirewall config "
+            "option to new format: \"ReachableDirAddresses *:80\"\n");
+  tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:80");
+  expect_log_msg("Converting FascistFirewall config "
+            "option to new format: \"ReachableORAddresses *:443\"\n");
+  tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:443");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data("FascistFirewall 1\n"
+                                "ReachableDirAddresses *:81\n"
+                                "ReachableORAddresses *:444\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+  tdata->opt->FirewallPorts = smartlist_new();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_entry();
+  tt_str_op(tdata->opt->ReachableDirAddresses->value, OP_EQ, "*:81");
+  tt_str_op(tdata->opt->ReachableORAddresses->value, OP_EQ, "*:444");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data("FascistFirewall 1\n"
+                                "FirewallPort 123\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg("Converting FascistFirewall and "
+            "FirewallPorts config options to new format: "
+            "\"ReachableAddresses *:123\"\n");
+  tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:123");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data("FascistFirewall 1\n"
+                                "ReachableAddresses *:82\n"
+                                "ReachableAddresses *:83\n"
+                                "ReachableAddresses reject *:*\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_entry();
+  tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
+  tor_free(msg);
+
+#define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
+  " the rest of the Internet, so they must not set Reachable*Addresses or" \
+  " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ReachableAddresses *:82\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ReachableORAddresses *:82\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ReachableDirAddresses *:82\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ClientUseIPv4 0\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
+  tor_free(msg);
+
+  /* Test IPv4-only clients setting IPv6 preferences */
+
+#define WARN_PLEASE_USE_IPV6_OR_LOG_MSG \
+        "ClientPreferIPv6ORPort 1 is ignored unless tor is using IPv6. " \
+        "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n"
+
+#define WARN_PLEASE_USE_IPV6_DIR_LOG_MSG \
+        "ClientPreferIPv6DirPort 1 is ignored unless tor is using IPv6. " \
+        "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n"
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientUseIPv4 1\n"
+                                "ClientUseIPv6 0\n"
+                                "UseBridges 0\n"
+                                "ClientPreferIPv6ORPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(WARN_PLEASE_USE_IPV6_OR_LOG_MSG);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientUseIPv4 1\n"
+                                "ClientUseIPv6 0\n"
+                                "UseBridges 0\n"
+                                "ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(WARN_PLEASE_USE_IPV6_DIR_LOG_MSG);
+  tor_free(msg);
+
+  /* Now test an IPv4/IPv6 client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientUseIPv4 1\n"
+                                "ClientUseIPv6 1\n"
+                                "ClientPreferIPv6ORPort 1\n"
+                                "ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+  /* Now test an IPv6 client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientUseIPv6 1\n"
+                                "ClientPreferIPv6ORPort 1\n"
+                                "ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+  /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientUseIPv4 0\n"
+                                "ClientPreferIPv6ORPort 1\n"
+                                "ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+  /* And an implicit (bridge) client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "UseBridges 1\n"
+                                "Bridge 127.0.0.1:12345\n"
+                                "ClientPreferIPv6ORPort 1\n"
+                                "ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__use_bridges(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                   "UseBridges 1\n"
+                                   "ClientUseIPv4 1\n"
+                                   "ORListenAddress 127.0.0.1:5555\n"
+                                   "ORPort 955\n"
+                                   "MaxClientCircuitsPending 1\n"
+                                   "ConnLimit 1\n"
+                                   "SchedulerHighWaterMark__ 42\n"
+                                   "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
+            " the Internet, so they must not set UseBridges.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("UseBridges 1\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_NE, "Servers must be able to freely connect to the rest of"
+            " the Internet, so they must not set UseBridges.");
+  tor_free(msg);
+
+  NS_MOCK(geoip_get_country);
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("UseBridges 1\n"
+                                "EntryNodes {cn}\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "You cannot set both UseBridges and EntryNodes.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "UseBridges 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "If you set UseBridges, you must specify at least one bridge.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "UseBridges 1\n"
+                                "Bridge 10.0.0.1\n"
+                                "Bridge !!!\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Bridge line did not parse. See logs for details.");
+  tor_free(msg);
+
+ done:
+  NS_UNMOCK(geoip_get_country);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__entry_nodes(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  NS_MOCK(geoip_get_country);
+  options_test_data_t *tdata = get_options_test_data(
+                                         "EntryNodes {cn}\n"
+                                         "UseEntryGuards 0\n"
+                                         "MaxClientCircuitsPending 1\n"
+                                         "ConnLimit 1\n"
+                                         "SchedulerHighWaterMark__ 42\n"
+                                         "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "If EntryNodes is set, UseEntryGuards must be enabled.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("EntryNodes {cn}\n"
+                                "UseEntryGuards 1\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "KeepalivePeriod option must be positive.");
+  tor_free(msg);
+
+ done:
+  NS_UNMOCK(geoip_get_country);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__invalid_nodes(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                  "AllowInvalidNodes something_stupid\n"
+                                  "MaxClientCircuitsPending 1\n"
+                                  "ConnLimit 1\n"
+                                  "SchedulerHighWaterMark__ 42\n"
+                                  "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Unrecognized value 'something_stupid' in AllowInvalidNodes");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AllowInvalidNodes entry, middle, exit\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->AllowInvalid_, OP_EQ, ALLOW_INVALID_ENTRY |
+            ALLOW_INVALID_EXIT | ALLOW_INVALID_MIDDLE);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("AllowInvalidNodes introduction, rendezvous\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->AllowInvalid_, OP_EQ, ALLOW_INVALID_INTRODUCTION |
+            ALLOW_INVALID_RENDEZVOUS);
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__safe_logging(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = get_options_test_data(
+                                            "MaxClientCircuitsPending 1\n"
+                                            "ConnLimit 1\n"
+                                            "SchedulerHighWaterMark__ 42\n"
+                                            "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("SafeLogging 0\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_NONE);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("SafeLogging Relay\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_RELAY);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("SafeLogging 1\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_int_op(tdata->opt->SafeLogging_, OP_EQ, SAFELOG_SCRUB_ALL);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("SafeLogging stuffy\n"
+                                "MaxClientCircuitsPending 1\n"
+                                "ConnLimit 1\n"
+                                "SchedulerHighWaterMark__ 42\n"
+                                "SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Unrecognized value '\"stuffy\"' in SafeLogging");
+  tor_free(msg);
+
+ done:
+  escaped(NULL); // This will free the leaking memory from the previous escaped
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__publish_server_descriptor(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+  options_test_data_t *tdata = get_options_test_data(
+             "PublishServerDescriptor bridge\n" TEST_OPTIONS_DEFAULT_VALUES
+                                                     );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("PublishServerDescriptor humma\n"
+                                TEST_OPTIONS_DEFAULT_VALUES);
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Unrecognized value in PublishServerDescriptor");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("PublishServerDescriptor bridge, v3\n"
+                                TEST_OPTIONS_DEFAULT_VALUES);
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
+            "descriptors to the directory authorities. Please correct your "
+            "PublishServerDescriptor line.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("BridgeRelay 1\n"
+                                "PublishServerDescriptor v3\n"
+                                TEST_OPTIONS_DEFAULT_VALUES);
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Bridges are not supposed to publish router "
+            "descriptors to the directory authorities. Please correct your "
+            "PublishServerDescriptor line.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("BridgeRelay 1\n" TEST_OPTIONS_DEFAULT_VALUES);
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_NE, "Bridges are not supposed to publish router "
+            "descriptors to the directory authorities. Please correct your "
+            "PublishServerDescriptor line.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("BridgeRelay 1\n"
+                                "DirPort 999\n" TEST_OPTIONS_DEFAULT_VALUES);
+
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  expect_log_msg("Can't set a DirPort on a bridge "
+            "relay; disabling DirPort\n");
+  tt_assert(!tdata->opt->DirPort_lines);
+  tt_assert(!tdata->opt->DirPort_set);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__testing(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+#define ENSURE_DEFAULT(varname, varval)                     \
+  STMT_BEGIN                                                \
+    free_options_test_data(tdata);                          \
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
+                                #varname " " #varval "\n"); \
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
+  tt_str_op(msg, OP_EQ, \
+            #varname " may only be changed in testing Tor networks!");  \
+  tt_int_op(ret, OP_EQ, -1);                                            \
+  tor_free(msg);                                                        \
+                                                \
+  free_options_test_data(tdata); \
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
+                                #varname " " #varval "\n"               \
+                                VALID_DIR_AUTH                          \
+                                "TestingTorNetwork 1\n");               \
+                                                                        \
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
+  if (msg) { \
+    tt_str_op(msg, OP_NE, \
+              #varname " may only be changed in testing Tor networks!"); \
+    tor_free(msg); \
+  } \
+                                                                        \
+  free_options_test_data(tdata);          \
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES \
+                                #varname " " #varval "\n"           \
+                                "___UsingTestNetworkDefaults 1\n"); \
+                                                                        \
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
+  if (msg) { \
+    tt_str_op(msg, OP_NE, \
+              #varname " may only be changed in testing Tor networks!"); \
+    tor_free(msg); \
+  } \
+    STMT_END
+
+  ENSURE_DEFAULT(TestingV3AuthInitialVotingInterval, 3600);
+  ENSURE_DEFAULT(TestingV3AuthInitialVoteDelay, 3000);
+  ENSURE_DEFAULT(TestingV3AuthInitialDistDelay, 3000);
+  ENSURE_DEFAULT(TestingV3AuthVotingStartOffset, 3000);
+  ENSURE_DEFAULT(TestingAuthDirTimeToLearnReachability, 3000);
+  ENSURE_DEFAULT(TestingEstimatedDescriptorPropagationTime, 3000);
+  ENSURE_DEFAULT(TestingServerDownloadSchedule, 3000);
+  ENSURE_DEFAULT(TestingClientDownloadSchedule, 3000);
+  ENSURE_DEFAULT(TestingServerConsensusDownloadSchedule, 3000);
+  ENSURE_DEFAULT(TestingClientConsensusDownloadSchedule, 3000);
+  ENSURE_DEFAULT(TestingBridgeDownloadSchedule, 3000);
+  ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000);
+  ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000);
+  ENSURE_DEFAULT(TestingConsensusMaxDownloadTries, 3000);
+  ENSURE_DEFAULT(TestingDescriptorMaxDownloadTries, 3000);
+  ENSURE_DEFAULT(TestingMicrodescMaxDownloadTries, 3000);
+  ENSURE_DEFAULT(TestingCertMaxDownloadTries, 3000);
+  ENSURE_DEFAULT(TestingAuthKeyLifetime, 3000);
+  ENSURE_DEFAULT(TestingLinkCertLifetime, 3000);
+  ENSURE_DEFAULT(TestingSigningKeySlop, 3000);
+  ENSURE_DEFAULT(TestingAuthKeySlop, 3000);
+  ENSURE_DEFAULT(TestingLinkKeySlop, 3000);
+
+ done:
+  escaped(NULL); // This will free the leaking memory from the previous escaped
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__hidserv(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  options_test_data_t *tdata = get_options_test_data(
+                                                TEST_OPTIONS_DEFAULT_VALUES);
+  tdata->opt->MinUptimeHidServDirectoryV2 = -1;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("MinUptimeHidServDirectoryV2 "
+            "option must be at least 0 seconds. Changing to 0.\n");
+  tt_int_op(tdata->opt->MinUptimeHidServDirectoryV2, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RendPostPeriod 1\n" );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("RendPostPeriod option is too short;"
+            " raising to 600 seconds.\n");
+  tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RendPostPeriod 302401\n" );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("RendPostPeriod is too large; "
+            "clipping to 302400s.\n");
+  tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400);
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__predicted_ports(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  options_test_data_t *tdata = get_options_test_data(
+                                     "PredictedPortsRelevanceTime 100000000\n"
+                                     TEST_OPTIONS_DEFAULT_VALUES);
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("PredictedPortsRelevanceTime is too "
+            "large; clipping to 3600s.\n");
+  tt_int_op(tdata->opt->PredictedPortsRelevanceTime, OP_EQ, 3600);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__path_bias(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+
+  options_test_data_t *tdata = get_options_test_data(
+                                            TEST_OPTIONS_DEFAULT_VALUES
+                                            "PathBiasNoticeRate 1.1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "PathBiasNoticeRate is too high. It must be between 0 and 1.0");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "PathBiasWarnRate 1.1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "PathBiasWarnRate is too high. It must be between 0 and 1.0");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "PathBiasExtremeRate 1.1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "PathBiasExtremeRate is too high. It must be between 0 and 1.0");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "PathBiasNoticeUseRate 1.1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "PathBiasNoticeUseRate is too high. It must be between 0 and 1.0");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "PathBiasExtremeUseRate 1.1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+           "PathBiasExtremeUseRate is too high. It must be between 0 and 1.0");
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__bandwidth(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+#define ENSURE_BANDWIDTH_PARAM(p) \
+  STMT_BEGIN                                                \
+  free_options_test_data(tdata); \
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES #p " 3Gb\n"); \
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
+  tt_int_op(ret, OP_EQ, -1); \
+  tt_mem_op(msg, OP_EQ, #p " (3221225471) must be at most 2147483647", 40); \
+  tor_free(msg); \
+  STMT_END
+
+  ENSURE_BANDWIDTH_PARAM(BandwidthRate);
+  ENSURE_BANDWIDTH_PARAM(BandwidthBurst);
+  ENSURE_BANDWIDTH_PARAM(MaxAdvertisedBandwidth);
+  ENSURE_BANDWIDTH_PARAM(RelayBandwidthRate);
+  ENSURE_BANDWIDTH_PARAM(RelayBandwidthBurst);
+  ENSURE_BANDWIDTH_PARAM(PerConnBWRate);
+  ENSURE_BANDWIDTH_PARAM(PerConnBWBurst);
+  ENSURE_BANDWIDTH_PARAM(AuthDirFastGuarantee);
+  ENSURE_BANDWIDTH_PARAM(AuthDirGuardBWGuarantee);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RelayBandwidthRate 1000\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_u64_op(tdata->opt->RelayBandwidthBurst, OP_EQ, 1000);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RelayBandwidthBurst 1001\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_u64_op(tdata->opt->RelayBandwidthRate, OP_EQ, 1001);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RelayBandwidthRate 1001\n"
+                                "RelayBandwidthBurst 1000\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "RelayBandwidthBurst must be at least equal to "
+            "RelayBandwidthRate.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "BandwidthRate 1001\n"
+                                "BandwidthBurst 1000\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "BandwidthBurst must be at least equal to BandwidthRate.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RelayBandwidthRate 1001\n"
+                                "BandwidthRate 1000\n"
+                                "BandwidthBurst 1000\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_u64_op(tdata->opt->BandwidthRate, OP_EQ, 1001);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "RelayBandwidthRate 1001\n"
+                                "BandwidthRate 1000\n"
+                                "RelayBandwidthBurst 1001\n"
+                                "BandwidthBurst 1000\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_u64_op(tdata->opt->BandwidthBurst, OP_EQ, 1001);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "BandwidthRate is set to 1 bytes/second. For servers,"
+            " it must be at least 76800.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 76800\n"
+                                "MaxAdvertisedBandwidth 30000\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "MaxAdvertisedBandwidth is set to 30000 bytes/second."
+            " For servers, it must be at least 38400.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 76800\n"
+                                "RelayBandwidthRate 1\n"
+                                "MaxAdvertisedBandwidth 38400\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "RelayBandwidthRate is set to 1 bytes/second. For "
+            "servers, it must be at least 76800.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 76800\n"
+                                "BandwidthBurst 76800\n"
+                                "RelayBandwidthRate 76800\n"
+                                "MaxAdvertisedBandwidth 38400\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__circuits(void *ignored)
+{
+  (void)ignored;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "MaxCircuitDirtiness 2592001\n");
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("MaxCircuitDirtiness option is too "
+            "high; setting to 30 days.\n");
+  tt_int_op(tdata->opt->MaxCircuitDirtiness, OP_EQ, 2592000);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "CircuitStreamTimeout 1\n");
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("CircuitStreamTimeout option is too"
+            " short; raising to 10 seconds.\n");
+  tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 10);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "CircuitStreamTimeout 111\n");
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_no_log_msg("CircuitStreamTimeout option is too"
+            " short; raising to 10 seconds.\n");
+  tt_int_op(tdata->opt->CircuitStreamTimeout, OP_EQ, 111);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HeartbeatPeriod 1\n");
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("HeartbeatPeriod option is too short;"
+            " raising to 1800 seconds.\n");
+  tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1800);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HeartbeatPeriod 1982\n");
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_no_log_msg("HeartbeatPeriod option is too short;"
+            " raising to 1800 seconds.\n");
+  tt_int_op(tdata->opt->HeartbeatPeriod, OP_EQ, 1982);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "CircuitBuildTimeout 1\n"
+                                );
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_log_msg("CircuitBuildTimeout is shorter (1"
+            " seconds) than the recommended minimum (10 seconds), and "
+            "LearnCircuitBuildTimeout is disabled.  If tor isn't working, "
+            "raise this value or enable LearnCircuitBuildTimeout.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  mock_clean_saved_logs();
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "CircuitBuildTimeout 11\n"
+                                );
+  options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  expect_no_log_msg("CircuitBuildTimeout is shorter (1 "
+            "seconds) than the recommended minimum (10 seconds), and "
+            "LearnCircuitBuildTimeout is disabled.  If tor isn't working, "
+            "raise this value or enable LearnCircuitBuildTimeout.\n");
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__port_forwarding(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "PortForwarding 1\nSandbox 1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "PortForwarding is not compatible with Sandbox;"
+            " at most one can be set");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "PortForwarding 1\nSandbox 0\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+ done:
+  free_options_test_data(tdata);
+  policies_free_all();
+  tor_free(msg);
+}
+
+static void
+test_options_validate__tor2web(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Tor2webRendezvousPoints 1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Tor2webRendezvousPoints cannot be set without Tor2webMode.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Tor2webRendezvousPoints 1\nTor2webMode 1\n");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__rend(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                 "UseEntryGuards 0\n"
+                 "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
+                 "HiddenServicePort 80 127.0.0.1:8080\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("UseEntryGuards is disabled, but you"
+            " have configured one or more hidden services on this Tor "
+            "instance.  Your hidden services will be very easy to locate using"
+            " a well-known attack -- see http://freehaven.net/anonbib/#hs-"
+            "attack06 for details.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(
+            TEST_OPTIONS_DEFAULT_VALUES
+            "UseEntryGuards 1\n"
+            "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
+            "HiddenServicePort 80 127.0.0.1:8080\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg("UseEntryGuards is disabled, but you"
+            " have configured one or more hidden services on this Tor "
+            "instance.  Your hidden services will be very easy to locate using"
+            " a well-known attack -- see http://freehaven.net/anonbib/#hs-"
+            "attack06 for details.\n");
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HiddenServicePort 80 127.0.0.1:8080\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Failed to configure rendezvous options. See logs for details.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HidServAuth failed\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Failed to configure client authorization for hidden "
+            "services. See logs for details.");
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__accounting(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccountingRule something_bad\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "AccountingRule must be 'sum', 'max', 'in', or 'out'");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccountingRule sum\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_SUM);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccountingRule max\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->AccountingRule, OP_EQ, ACCT_MAX);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccountingStart fail\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Failed to parse accounting options. See logs for details.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccountingMax 10\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(
+           TEST_OPTIONS_DEFAULT_VALUES
+           "ORListenAddress 127.0.0.1:5555\n"
+           "ORPort 955\n"
+           "BandwidthRate 76800\n"
+           "BandwidthBurst 76800\n"
+           "MaxAdvertisedBandwidth 38400\n"
+           "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
+           "HiddenServicePort 80 127.0.0.1:8080\n"
+           "AccountingMax 10\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("Using accounting with a hidden "
+            "service and an ORPort is risky: your hidden service(s) and "
+            "your public address will all turn off at the same time, "
+            "which may alert observers that they are being run by the "
+            "same party.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(
+                TEST_OPTIONS_DEFAULT_VALUES
+                "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
+                "HiddenServicePort 80 127.0.0.1:8080\n"
+                "AccountingMax 10\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg("Using accounting with a hidden "
+            "service and an ORPort is risky: your hidden service(s) and "
+            "your public address will all turn off at the same time, "
+            "which may alert observers that they are being run by the "
+            "same party.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(
+             TEST_OPTIONS_DEFAULT_VALUES
+             "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
+             "HiddenServicePort 80 127.0.0.1:8080\n"
+             "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service2/\n"
+             "HiddenServicePort 81 127.0.0.1:8081\n"
+             "AccountingMax 10\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("Using accounting with multiple "
+            "hidden services is risky: they will all turn off at the same"
+            " time, which may alert observers that they are being run by "
+            "the same party.\n");
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__proxy(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  sandbox_disable_getaddrinfo_cache();
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy 127.0.42.1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 80);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy 127.0.42.1:444\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->HTTPProxyPort, OP_EQ, 444);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy not_so_valid!\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "HTTPProxy failed to parse or resolve. Please fix.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxyAuthenticator "
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreeonetwothreeonetwothree"
+
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "HTTPProxyAuthenticator is too long (>= 512 chars).");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxyAuthenticator validauth\n"
+
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpsProxy 127.0.42.1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 443);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpsProxy 127.0.42.1:444\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->HTTPSProxyPort, OP_EQ, 444);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpsProxy not_so_valid!\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "HTTPSProxy failed to parse or resolve. Please fix.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpsProxyAuthenticator "
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreonetwothreonetwothreonetwothre"
+                                "onetwothreonetwothreonetwothreonetwothreonetw"
+                                "othreonetwothreeonetwothreeonetwothree"
+
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "HTTPSProxyAuthenticator is too long (>= 512 chars).");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpsProxyAuthenticator validauth\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks4Proxy 127.0.42.1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 1080);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks4Proxy 127.0.42.1:444\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->Socks4ProxyPort, OP_EQ, 444);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks4Proxy not_so_valid!\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Socks4Proxy failed to parse or resolve. Please fix.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5Proxy 127.0.42.1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 1080);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5Proxy 127.0.42.1:444\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->Socks5ProxyPort, OP_EQ, 444);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5Proxy not_so_valid!\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Socks5Proxy failed to parse or resolve. Please fix.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks4Proxy 215.1.1.1\n"
+                                "Socks5Proxy 215.1.1.2\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "You have configured more than one proxy type. "
+            "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy 215.1.1.1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("HTTPProxy configured, but no SOCKS "
+            "proxy or HTTPS proxy configured. Watch out: this configuration "
+            "will proxy unencrypted directory connections only.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy 215.1.1.1\n"
+                                "Socks4Proxy 215.1.1.1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg("HTTPProxy configured, but no SOCKS "
+            "proxy or HTTPS proxy configured. Watch out: this configuration "
+            "will proxy unencrypted directory connections only.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy 215.1.1.1\n"
+                                "Socks5Proxy 215.1.1.1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg("HTTPProxy configured, but no SOCKS "
+            "proxy or HTTPS proxy configured. Watch out: this configuration "
+            "will proxy unencrypted directory connections only.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HttpProxy 215.1.1.1\n"
+                                "HttpsProxy 215.1.1.1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "HTTPProxy configured, but no SOCKS proxy or HTTPS proxy "
+            "configured. Watch out: this configuration will proxy "
+            "unencrypted directory connections only.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                );
+  tdata->opt->Socks5ProxyUsername = tor_strdup("");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Socks5ProxyUsername must be between 1 and 255 characters.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                );
+  tdata->opt->Socks5ProxyUsername =
+    tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
+               "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
+               "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
+               "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
+               "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Socks5ProxyUsername must be between 1 and 255 characters.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5ProxyUsername hello_world\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
+            "Socks5ProxyUsername.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5ProxyUsername hello_world\n"
+                                );
+  tdata->opt->Socks5ProxyPassword = tor_strdup("");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Socks5ProxyPassword must be between 1 and 255 characters.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5ProxyUsername hello_world\n"
+                                );
+  tdata->opt->Socks5ProxyPassword =
+    tor_strdup("ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789AB"
+               "CDEABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCD"
+               "EABCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEA"
+               "BCDE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789ABCDEABC"
+               "DE0123456789ABCDEABCDE0123456789ABCDEABCDE0123456789");
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Socks5ProxyPassword must be between 1 and 255 characters.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5ProxyUsername hello_world\n"
+                                "Socks5ProxyPassword world_hello\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "Socks5ProxyPassword hello_world\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Socks5ProxyPassword must be included with "
+            "Socks5ProxyUsername.");
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  policies_free_all();
+  // sandbox_free_getaddrinfo_cache();
+  tor_free(msg);
+}
+
+static void
+test_options_validate__control(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HashedControlPassword something_incorrect\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Bad HashedControlPassword: wrong length or bad encoding");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "HashedControlPassword 16:872860B76453A77D60CA"
+                                "2BB8C1A7042072093276A3D701AD684053EC4C\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(
+                   TEST_OPTIONS_DEFAULT_VALUES
+                   "__HashedControlSessionPassword something_incorrect\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Bad HashedControlSessionPassword: wrong length or "
+            "bad encoding");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "__HashedControlSessionPassword 16:872860B7645"
+                                "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
+                                "4C\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(
+                           TEST_OPTIONS_DEFAULT_VALUES
+                           "__OwningControllerProcess something_incorrect\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Bad OwningControllerProcess: invalid PID");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "__OwningControllerProcess 123\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlPort 127.0.0.1:1234\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(
+            "ControlPort is open, but no authentication method has been "
+            "configured.  This means that any program on your computer can "
+            "reconfigure your Tor.  That's bad!  You should upgrade your Tor"
+            " controller as soon as possible.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlPort 127.0.0.1:1234\n"
+                                "HashedControlPassword 16:872860B76453A77D60CA"
+                                "2BB8C1A7042072093276A3D701AD684053EC4C\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "ControlPort is open, but no authentication method has been "
+            "configured.  This means that any program on your computer can "
+            "reconfigure your Tor.  That's bad!  You should upgrade your Tor "
+            "controller as soon as possible.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlPort 127.0.0.1:1234\n"
+                                "__HashedControlSessionPassword 16:872860B7645"
+                                "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
+                                "4C\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "ControlPort is open, but no authentication method has been "
+            "configured.  This means that any program on your computer can "
+            "reconfigure your Tor.  That's bad!  You should upgrade your Tor "
+            "controller as soon as possible.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlPort 127.0.0.1:1234\n"
+                                "CookieAuthentication 1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "ControlPort is open, but no authentication method has been "
+            "configured.  This means that any program on your computer can "
+            "reconfigure your Tor.  That's bad!  You should upgrade your Tor "
+            "controller as soon as possible.\n");
+  tor_free(msg);
+
+#ifdef HAVE_SYS_UN_H
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlSocket unix:/tmp WorldWritable\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(
+            "ControlSocket is world writable, but no authentication method has"
+            " been configured.  This means that any program on your computer "
+            "can reconfigure your Tor.  That's bad!  You should upgrade your "
+            "Tor controller as soon as possible.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlSocket unix:/tmp WorldWritable\n"
+                                "HashedControlPassword 16:872860B76453A77D60CA"
+                                "2BB8C1A7042072093276A3D701AD684053EC4C\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "ControlSocket is world writable, but no authentication method has"
+            " been configured.  This means that any program on your computer "
+            "can reconfigure your Tor.  That's bad!  You should upgrade your "
+            "Tor controller as soon as possible.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlSocket unix:/tmp WorldWritable\n"
+                                "__HashedControlSessionPassword 16:872860B7645"
+                                "3A77D60CA2BB8C1A7042072093276A3D701AD684053EC"
+                                "4C\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "ControlSocket is world writable, but no authentication method has"
+            " been configured.  This means that any program on your computer "
+            "can reconfigure your Tor.  That's bad!  You should upgrade your "
+            "Tor controller as soon as possible.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ControlSocket unix:/tmp WorldWritable\n"
+                                "CookieAuthentication 1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "ControlSocket is world writable, but no authentication method has"
+            " been configured.  This means that any program on your computer "
+            "can reconfigure your Tor.  That's bad!  You should upgrade your "
+            "Tor controller as soon as possible.\n");
+  tor_free(msg);
+#endif
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "CookieAuthFileGroupReadable 1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(
+            "CookieAuthFileGroupReadable is set, but will have no effect: you "
+            "must specify an explicit CookieAuthFile to have it "
+            "group-readable.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "CookieAuthFileGroupReadable 1\n"
+                                "CookieAuthFile /tmp/somewhere\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "CookieAuthFileGroupReadable is set, but will have no effect: you "
+            "must specify an explicit CookieAuthFile to have it "
+            "group-readable.\n");
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__families(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "MyFamily home\n"
+                                "BridgeRelay 1\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 51300\n"
+                                "BandwidthBurst 51300\n"
+                                "MaxAdvertisedBandwidth 25700\n"
+                                "DirCache 1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(
+            "Listing a family for a bridge relay is not supported: it can "
+            "reveal bridge fingerprints to censors. You should also make sure "
+            "you aren't listing this bridge's fingerprint in any other "
+            "MyFamily.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "MyFamily home\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "Listing a family for a bridge relay is not supported: it can "
+            "reveal bridge fingerprints to censors. You should also make sure "
+            "you aren't listing this bridge's fingerprint in any other "
+            "MyFamily.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "MyFamily !\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Invalid nickname '!' in MyFamily line");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "NodeFamily foo\n"
+                                "NodeFamily !\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_assert(!msg);
+  tor_free(msg);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__addr_policies(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ExitPolicy !!!\n"
+                                "ExitRelay 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Error in ExitPolicy entry.");
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__dir_auth(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                VALID_DIR_AUTH
+                                VALID_ALT_DIR_AUTH
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Directory authority/fallback line did not parse. See logs for "
+            "details.");
+  expect_log_msg(
+            "You cannot set both DirAuthority and Alternate*Authority.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "TestingTorNetwork may only be configured in combination with a "
+            "non-default set of DirAuthority or both of AlternateDirAuthority "
+            "and AlternateBridgeAuthority configured.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingTorNetwork 1\n"
+                                VALID_ALT_DIR_AUTH
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "TestingTorNetwork may only be configured in combination with a "
+            "non-default set of DirAuthority or both of AlternateDirAuthority "
+            "and AlternateBridgeAuthority configured.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingTorNetwork 1\n"
+                                VALID_ALT_BRIDGE_AUTH
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingTorNetwork may only be configured in "
+            "combination with a non-default set of DirAuthority or both of "
+            "AlternateDirAuthority and AlternateBridgeAuthority configured.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                VALID_ALT_DIR_AUTH
+                                VALID_ALT_BRIDGE_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__transport(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_NOTICE);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientTransportPlugin !!\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Invalid client transport line. See logs for details.");
+  expect_log_msg(
+            "Too few arguments on ClientTransportPlugin line.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ClientTransportPlugin foo exec bar\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ServerTransportPlugin !!\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Invalid server transport line. See logs for details.");
+  expect_log_msg(
+            "Too few arguments on ServerTransportPlugin line.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ServerTransportPlugin foo exec bar\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(
+            "Tor is not configured as a relay but you specified a "
+            "ServerTransportPlugin line (\"foo exec bar\"). The "
+            "ServerTransportPlugin line will be ignored.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ServerTransportPlugin foo exec bar\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 76900\n"
+                                "BandwidthBurst 76900\n"
+                                "MaxAdvertisedBandwidth 38500\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "Tor is not configured as a relay but you specified a "
+            "ServerTransportPlugin line (\"foo exec bar\"). The "
+            "ServerTransportPlugin line will be ignored.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ServerTransportListenAddr foo 127.0.0.42:55\n"
+                                "ServerTransportListenAddr !\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "ServerTransportListenAddr did not parse. See logs for details.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ServerTransportListenAddr foo 127.0.0.42:55\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(
+            "You need at least a single managed-proxy to specify a transport "
+            "listen address. The ServerTransportListenAddr line will be "
+            "ignored.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ServerTransportListenAddr foo 127.0.0.42:55\n"
+                                "ServerTransportPlugin foo exec bar\n"
+                                "ORListenAddress 127.0.0.1:5555\n"
+                                "ORPort 955\n"
+                                "BandwidthRate 76900\n"
+                                "BandwidthBurst 76900\n"
+                                "MaxAdvertisedBandwidth 38500\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "You need at least a single managed-proxy to specify a transport "
+            "listen address. The ServerTransportListenAddr line will be "
+            "ignored.\n");
+
+ done:
+  escaped(NULL); // This will free the leaking memory from the previous escaped
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__constrained_sockets(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ConstrainedSockets 1\n"
+                                "ConstrainedSockSize 0\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid.  Must be a value "
+            "between 2048 and 262144 in 1024 byte increments.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ConstrainedSockets 1\n"
+                                "ConstrainedSockSize 263168\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid.  Must be a value "
+            "between 2048 and 262144 in 1024 byte increments.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ConstrainedSockets 1\n"
+                                "ConstrainedSockSize 2047\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "ConstrainedSockSize is invalid.  Must be a value "
+            "between 2048 and 262144 in 1024 byte increments.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ConstrainedSockets 1\n"
+                                "ConstrainedSockSize 2048\n"
+                                "DirPort 999\n"
+                                "DirCache 1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("You have requested constrained "
+            "socket buffers while also serving directory entries via DirPort."
+            "  It is strongly suggested that you disable serving directory"
+            " requests when system TCP buffer resources are scarce.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "ConstrainedSockets 1\n"
+                                "ConstrainedSockSize 2048\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg(
+            "You have requested constrained socket buffers while also serving"
+            " directory entries via DirPort.  It is strongly suggested that "
+            "you disable serving directory requests when system TCP buffer "
+            "resources are scarce.\n");
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__v3_auth(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 1000\n"
+                                "V3AuthDistDelay 1000\n"
+                                "V3AuthVotingInterval 1000\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
+            "V3AuthVotingInterval");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 1\n"
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthVoteDelay is way too low.");
+  tor_free(msg);
+
+  // TODO: we can't reach the case of v3authvotedelay lower
+  // than MIN_VOTE_SECONDS but not lower than MIN_VOTE_SECONDS_TESTING,
+  // since they are the same
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthDistDelay 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthDistDelay 1\n"
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthDistDelay is way too low.");
+  tor_free(msg);
+
+  // TODO: we can't reach the case of v3authdistdelay lower than
+  // MIN_DIST_SECONDS but not lower than MIN_DIST_SECONDS_TESTING,
+  // since they are the same
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthNIntervalsValid 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthNIntervalsValid must be at least 2.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 49\n"
+                                "V3AuthDistDelay 49\n"
+                                "V3AuthVotingInterval 200\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 49\n"
+                                "V3AuthDistDelay 49\n"
+                                "V3AuthVotingInterval 200000\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely high.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 49\n"
+                                "V3AuthDistDelay 49\n"
+                                "V3AuthVotingInterval 1441\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("V3AuthVotingInterval does not divide"
+            " evenly into 24 hours.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 49\n"
+                                "V3AuthDistDelay 49\n"
+                                "V3AuthVotingInterval 1440\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg("V3AuthVotingInterval does not divide"
+            " evenly into 24 hours.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "V3AuthVoteDelay 49\n"
+                                "V3AuthDistDelay 49\n"
+                                "V3AuthVotingInterval 299\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("V3AuthVotingInterval is very low. "
+            "This may lead to failure to synchronise for a consensus.\n");
+  tor_free(msg);
+
+  // TODO: It is impossible to reach the case of testingtor network, with
+  // v3authvotinginterval too low
+  /* free_options_test_data(tdata); */
+  /* tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES */
+  /*                               "V3AuthVoteDelay 1\n" */
+  /*                               "V3AuthDistDelay 1\n" */
+  /*                               "V3AuthVotingInterval 9\n" */
+                                   /* VALID_DIR_AUTH */
+  /*                               "TestingTorNetwork 1\n" */
+  /*                               ); */
+  /* ret = options_validate(tdata->old_opt, tdata->opt, */
+  /*                        tdata->def_opt, 0, &msg); */
+  /* tt_int_op(ret, OP_EQ, -1); */
+  /* tt_str_op(msg, OP_EQ, "V3AuthVotingInterval is insanely low."); */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingV3AuthInitialVoteDelay 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVoteDelay is way too low.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingV3AuthInitialDistDelay 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingV3AuthInitialDistDelay is way too low.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  tdata->opt->TestingV3AuthVotingStartOffset = 100000;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingV3AuthVotingStartOffset is higher than the "
+            "voting interval.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                );
+  tdata->opt->TestingV3AuthVotingStartOffset = -1;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "TestingV3AuthVotingStartOffset must be non-negative.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                "TestingV3AuthInitialVotingInterval 4\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingV3AuthInitialVotingInterval is insanely low.");
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__virtual_addr(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "VirtualAddrNetworkIPv4 !!"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetwork !!");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "VirtualAddrNetworkIPv6 !!"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "Error parsing VirtualAddressNetworkIPv6 !!");
+  tor_free(msg);
+
+ done:
+  escaped(NULL); // This will free the leaking memory from the previous escaped
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__exits(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AllowSingleHopExits 1"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg("You have set AllowSingleHopExits; "
+            "now your relay will allow others to make one-hop exits. However,"
+            " since by default most clients avoid relays that set this option,"
+            " most clients will ignore you.\n");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AllowSingleHopExits 1\n"
+                                VALID_DIR_AUTH
+                                );
+  mock_clean_saved_logs();
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_msg("You have set AllowSingleHopExits; "
+            "now your relay will allow others to make one-hop exits. However,"
+            " since by default most clients avoid relays that set this option,"
+            " most clients will ignore you.\n");
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__testing_options(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+#define TEST_TESTING_OPTION(name, low_val, high_val, err_low)           \
+  STMT_BEGIN                                                            \
+    free_options_test_data(tdata);                                      \
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES             \
+                                VALID_DIR_AUTH                          \
+                                "TestingTorNetwork 1\n"                 \
+                                );                                      \
+  tdata->opt-> name = low_val;                                       \
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
+  tt_int_op(ret, OP_EQ, -1);                                            \
+  tt_str_op(msg, OP_EQ, #name " " err_low);                \
+  tor_free(msg); \
+                                                                        \
+  free_options_test_data(tdata);                                        \
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES             \
+                                VALID_DIR_AUTH                          \
+                                "TestingTorNetwork 1\n"                 \
+                                );                                      \
+  tdata->opt->  name = high_val;                                      \
+  mock_clean_saved_logs();                                              \
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);\
+  tt_int_op(ret, OP_EQ, 0);                                             \
+  expect_log_msg( #name " is insanely high.\n"); \
+  tor_free(msg); \
+  STMT_END
+
+  TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, -1, 8000,
+                      "must be non-negative.");
+  TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, -1, 3601,
+                      "must be non-negative.");
+  TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, -1, 3601,
+                      "is way too low.");
+  TEST_TESTING_OPTION(TestingDirConnectionMaxStall, 1, 3601,
+                      "is way too low.");
+  // TODO: I think this points to a bug/regression in options_validate
+  TEST_TESTING_OPTION(TestingConsensusMaxDownloadTries, 1, 801,
+                      "must be greater than 2.");
+  TEST_TESTING_OPTION(TestingDescriptorMaxDownloadTries, 1, 801,
+                      "must be greater than 1.");
+  TEST_TESTING_OPTION(TestingMicrodescMaxDownloadTries, 1, 801,
+                      "must be greater than 1.");
+  TEST_TESTING_OPTION(TestingCertMaxDownloadTries, 1, 801,
+                      "must be greater than 1.");
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableConnBwEvent 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingEnableConnBwEvent may only be changed in "
+            "testing Tor networks!");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableConnBwEvent 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                "___UsingTestNetworkDefaults 0\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableConnBwEvent 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 0\n"
+                                "___UsingTestNetworkDefaults 1\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableCellStatsEvent 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingEnableCellStatsEvent may only be changed in "
+            "testing Tor networks!");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableCellStatsEvent 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                "___UsingTestNetworkDefaults 0\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableCellStatsEvent 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 0\n"
+                                "___UsingTestNetworkDefaults 1\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableTbEmptyEvent 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, "TestingEnableTbEmptyEvent may only be changed "
+            "in testing Tor networks!");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableTbEmptyEvent 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 1\n"
+                                "___UsingTestNetworkDefaults 0\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "TestingEnableTbEmptyEvent 1\n"
+                                VALID_DIR_AUTH
+                                "TestingTorNetwork 0\n"
+                                "___UsingTestNetworkDefaults 1\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(!msg);
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  teardown_capture_of_logs(previous_log);
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+static void
+test_options_validate__accel(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  char *msg;
+  options_test_data_t *tdata = NULL;
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccelName foo\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->HardwareAccel, OP_EQ, 1);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccelName foo\n"
+                                );
+  tdata->opt->HardwareAccel = 2;
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tdata->opt->HardwareAccel, OP_EQ, 2);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccelDir 1\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Can't use hardware crypto accelerator dir without engine name.");
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "AccelDir 1\n"
+                                "AccelName something\n"
+                                );
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(msg);
+
+ done:
+  policies_free_all();
+  free_options_test_data(tdata);
+  tor_free(msg);
+}
+
+#define LOCAL_VALIDATE_TEST(name) \
+  { "validate__" #name, test_options_validate__ ## name, TT_FORK, NULL, NULL }
+
 struct testcase_t options_tests[] = {
   { "validate", test_options_validate, TT_FORK, NULL, NULL },
-  END_OF_TESTCASES
+  { "mem_dircache", test_have_enough_mem_for_dircache, TT_FORK, NULL, NULL },
+  LOCAL_VALIDATE_TEST(uname_for_server),
+  LOCAL_VALIDATE_TEST(outbound_addresses),
+  LOCAL_VALIDATE_TEST(data_directory),
+  LOCAL_VALIDATE_TEST(nickname),
+  LOCAL_VALIDATE_TEST(contactinfo),
+  LOCAL_VALIDATE_TEST(logs),
+  LOCAL_VALIDATE_TEST(authdir),
+  LOCAL_VALIDATE_TEST(relay_with_hidden_services),
+  LOCAL_VALIDATE_TEST(transproxy),
+  LOCAL_VALIDATE_TEST(exclude_nodes),
+  LOCAL_VALIDATE_TEST(scheduler),
+  LOCAL_VALIDATE_TEST(node_families),
+  LOCAL_VALIDATE_TEST(tlsec),
+  LOCAL_VALIDATE_TEST(token_bucket),
+  LOCAL_VALIDATE_TEST(recommended_packages),
+  LOCAL_VALIDATE_TEST(fetch_dir),
+  LOCAL_VALIDATE_TEST(conn_limit),
+  LOCAL_VALIDATE_TEST(paths_needed),
+  LOCAL_VALIDATE_TEST(max_client_circuits),
+  LOCAL_VALIDATE_TEST(ports),
+  LOCAL_VALIDATE_TEST(reachable_addresses),
+  LOCAL_VALIDATE_TEST(use_bridges),
+  LOCAL_VALIDATE_TEST(entry_nodes),
+  LOCAL_VALIDATE_TEST(invalid_nodes),
+  LOCAL_VALIDATE_TEST(safe_logging),
+  LOCAL_VALIDATE_TEST(publish_server_descriptor),
+  LOCAL_VALIDATE_TEST(testing),
+  LOCAL_VALIDATE_TEST(hidserv),
+  LOCAL_VALIDATE_TEST(predicted_ports),
+  LOCAL_VALIDATE_TEST(path_bias),
+  LOCAL_VALIDATE_TEST(bandwidth),
+  LOCAL_VALIDATE_TEST(circuits),
+  LOCAL_VALIDATE_TEST(port_forwarding),
+  LOCAL_VALIDATE_TEST(tor2web),
+  LOCAL_VALIDATE_TEST(rend),
+  LOCAL_VALIDATE_TEST(accounting),
+  LOCAL_VALIDATE_TEST(proxy),
+  LOCAL_VALIDATE_TEST(control),
+  LOCAL_VALIDATE_TEST(families),
+  LOCAL_VALIDATE_TEST(addr_policies),
+  LOCAL_VALIDATE_TEST(dir_auth),
+  LOCAL_VALIDATE_TEST(transport),
+  LOCAL_VALIDATE_TEST(constrained_sockets),
+  LOCAL_VALIDATE_TEST(v3_auth),
+  LOCAL_VALIDATE_TEST(virtual_addr),
+  LOCAL_VALIDATE_TEST(exits),
+  LOCAL_VALIDATE_TEST(testing_options),
+  LOCAL_VALIDATE_TEST(accel),
+  END_OF_TESTCASES              /*  */
 };
 
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index 4cdcd034bb..a939ebf54f 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -1,9 +1,12 @@
-/* Copyright (c) 2013, The Tor Project, Inc. */
+/* Copyright (c) 2013-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "or.h"
+#define CONFIG_PRIVATE
+#include "config.h"
 #include "router.h"
 #include "routerparse.h"
+#define POLICIES_PRIVATE
 #include "policies.h"
 #include "test.h"
 
@@ -22,7 +25,7 @@ test_short_policy_parse(const char *input,
   short_policy = parse_short_policy(input);
   tt_assert(short_policy);
   out = write_short_policy(short_policy);
-  tt_str_op(out, ==, expected);
+  tt_str_op(out, OP_EQ, expected);
 
  done:
   tor_free(out);
@@ -47,17 +50,20 @@ test_policy_summary_helper(const char *policy_str,
   line.value = (char *)policy_str;
   line.next = NULL;
 
-  r = policies_parse_exit_policy(&line, &policy, 1, 0, 0, 1);
-  test_eq(r, 0);
+  r = policies_parse_exit_policy(&line, &policy,
+                                 EXIT_POLICY_IPV6_ENABLED |
+                                 EXIT_POLICY_ADD_DEFAULT, NULL);
+  tt_int_op(r,OP_EQ, 0);
+
   summary = policy_summarize(policy, AF_INET);
 
-  test_assert(summary != NULL);
-  test_streq(summary, expected_summary);
+  tt_assert(summary != NULL);
+  tt_str_op(summary,OP_EQ, expected_summary);
 
   short_policy = parse_short_policy(summary);
   tt_assert(short_policy);
   summary_after = write_short_policy(short_policy);
-  test_streq(summary, summary_after);
+  tt_str_op(summary,OP_EQ, summary_after);
 
  done:
   tor_free(summary_after);
@@ -74,130 +80,296 @@ test_policies_general(void *arg)
   int i;
   smartlist_t *policy = NULL, *policy2 = NULL, *policy3 = NULL,
               *policy4 = NULL, *policy5 = NULL, *policy6 = NULL,
-              *policy7 = NULL;
+              *policy7 = NULL, *policy8 = NULL, *policy9 = NULL,
+              *policy10 = NULL, *policy11 = NULL, *policy12 = NULL;
   addr_policy_t *p;
-  tor_addr_t tar;
+  tor_addr_t tar, tar2;
+  smartlist_t *addr_list = NULL;
   config_line_t line;
   smartlist_t *sm = NULL;
   char *policy_str = NULL;
   short_policy_t *short_parsed = NULL;
+  int malformed_list = -1;
   (void)arg;
 
   policy = smartlist_new();
 
-  p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*",-1);
-  test_assert(p != NULL);
-  test_eq(ADDR_POLICY_REJECT, p->policy_type);
+  p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
+  tt_int_op(ADDR_POLICY_REJECT,OP_EQ, p->policy_type);
   tor_addr_from_ipv4h(&tar, 0xc0a80000u);
-  test_eq(0, tor_addr_compare(&p->addr, &tar, CMP_EXACT));
-  test_eq(16, p->maskbits);
-  test_eq(1, p->prt_min);
-  test_eq(65535, p->prt_max);
+  tt_int_op(0,OP_EQ, tor_addr_compare(&p->addr, &tar, CMP_EXACT));
+  tt_int_op(16,OP_EQ, p->maskbits);
+  tt_int_op(1,OP_EQ, p->prt_min);
+  tt_int_op(65535,OP_EQ, p->prt_max);
 
   smartlist_add(policy, p);
 
   tor_addr_from_ipv4h(&tar, 0x01020304u);
-  test_assert(ADDR_POLICY_ACCEPTED ==
+  tt_assert(ADDR_POLICY_ACCEPTED ==
           compare_tor_addr_to_addr_policy(&tar, 2, policy));
   tor_addr_make_unspec(&tar);
-  test_assert(ADDR_POLICY_PROBABLY_ACCEPTED ==
+  tt_assert(ADDR_POLICY_PROBABLY_ACCEPTED ==
           compare_tor_addr_to_addr_policy(&tar, 2, policy));
   tor_addr_from_ipv4h(&tar, 0xc0a80102);
-  test_assert(ADDR_POLICY_REJECTED ==
+  tt_assert(ADDR_POLICY_REJECTED ==
           compare_tor_addr_to_addr_policy(&tar, 2, policy));
 
-  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, 1, 0, 1));
-  test_assert(policy2);
+  tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy2,
+                                              EXIT_POLICY_IPV6_ENABLED |
+                                              EXIT_POLICY_REJECT_PRIVATE |
+                                              EXIT_POLICY_ADD_DEFAULT, NULL));
+
+  tt_assert(policy2);
+
+  tor_addr_from_ipv4h(&tar, 0x0306090cu);
+  tor_addr_parse(&tar2, "[2000::1234]");
+  addr_list = smartlist_new();
+  smartlist_add(addr_list, &tar);
+  smartlist_add(addr_list, &tar2);
+  tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy12,
+                                                 EXIT_POLICY_IPV6_ENABLED |
+                                                 EXIT_POLICY_REJECT_PRIVATE |
+                                                 EXIT_POLICY_ADD_DEFAULT,
+                                                 addr_list));
+  smartlist_free(addr_list);
+  addr_list = NULL;
+
+  tt_assert(policy12);
 
   policy3 = smartlist_new();
-  p = router_parse_addr_policy_item_from_string("reject *:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject *:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy3, p);
-  p = router_parse_addr_policy_item_from_string("accept *:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("accept *:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy3, p);
 
   policy4 = smartlist_new();
-  p = router_parse_addr_policy_item_from_string("accept *:443",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("accept *:443", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy4, p);
-  p = router_parse_addr_policy_item_from_string("accept *:443",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("accept *:443", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy4, p);
 
   policy5 = smartlist_new();
-  p = router_parse_addr_policy_item_from_string("reject 0.0.0.0/8:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 0.0.0.0/8:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject 169.254.0.0/16:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 169.254.0.0/16:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject 127.0.0.0/8:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 127.0.0.0/8:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*",
+                                                -1, &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject 10.0.0.0/8:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 10.0.0.0/8:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject 172.16.0.0/12:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 172.16.0.0/12:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject 80.190.250.90:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject 80.190.250.90:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject *:1-65534",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject *:1-65534", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("reject *:65535",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("reject *:65535", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
-  p = router_parse_addr_policy_item_from_string("accept *:1-65535",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("accept *:1-65535", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy5, p);
 
   policy6 = smartlist_new();
-  p = router_parse_addr_policy_item_from_string("accept 43.3.0.0/9:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("accept 43.3.0.0/9:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy6, p);
 
   policy7 = smartlist_new();
-  p = router_parse_addr_policy_item_from_string("accept 0.0.0.0/8:*",-1);
-  test_assert(p != NULL);
+  p = router_parse_addr_policy_item_from_string("accept 0.0.0.0/8:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
   smartlist_add(policy7, p);
 
-  test_assert(!exit_policy_is_general_exit(policy));
-  test_assert(exit_policy_is_general_exit(policy2));
-  test_assert(!exit_policy_is_general_exit(NULL));
-  test_assert(!exit_policy_is_general_exit(policy3));
-  test_assert(!exit_policy_is_general_exit(policy4));
-  test_assert(!exit_policy_is_general_exit(policy5));
-  test_assert(!exit_policy_is_general_exit(policy6));
-  test_assert(!exit_policy_is_general_exit(policy7));
-
-  test_assert(cmp_addr_policies(policy, policy2));
-  test_assert(cmp_addr_policies(policy, NULL));
-  test_assert(!cmp_addr_policies(policy2, policy2));
-  test_assert(!cmp_addr_policies(NULL, NULL));
-
-  test_assert(!policy_is_reject_star(policy2, AF_INET));
-  test_assert(policy_is_reject_star(policy, AF_INET));
-  test_assert(policy_is_reject_star(NULL, AF_INET));
+  tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy8,
+                                                 EXIT_POLICY_IPV6_ENABLED |
+                                                 EXIT_POLICY_REJECT_PRIVATE |
+                                                 EXIT_POLICY_ADD_DEFAULT,
+                                                 NULL));
+
+  tt_assert(policy8);
+
+  tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy9,
+                                                 EXIT_POLICY_REJECT_PRIVATE |
+                                                 EXIT_POLICY_ADD_DEFAULT,
+                                                 NULL));
+
+  tt_assert(policy9);
+
+  /* accept6 * and reject6 * produce IPv6 wildcards only */
+  policy10 = smartlist_new();
+  p = router_parse_addr_policy_item_from_string("accept6 *:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
+  smartlist_add(policy10, p);
+
+  policy11 = smartlist_new();
+  p = router_parse_addr_policy_item_from_string("reject6 *:*", -1,
+                                                &malformed_list);
+  tt_assert(p != NULL);
+  smartlist_add(policy11, p);
+
+  tt_assert(!exit_policy_is_general_exit(policy));
+  tt_assert(exit_policy_is_general_exit(policy2));
+  tt_assert(!exit_policy_is_general_exit(NULL));
+  tt_assert(!exit_policy_is_general_exit(policy3));
+  tt_assert(!exit_policy_is_general_exit(policy4));
+  tt_assert(!exit_policy_is_general_exit(policy5));
+  tt_assert(!exit_policy_is_general_exit(policy6));
+  tt_assert(!exit_policy_is_general_exit(policy7));
+  tt_assert(exit_policy_is_general_exit(policy8));
+  tt_assert(exit_policy_is_general_exit(policy9));
+  tt_assert(!exit_policy_is_general_exit(policy10));
+  tt_assert(!exit_policy_is_general_exit(policy11));
+
+  tt_assert(cmp_addr_policies(policy, policy2));
+  tt_assert(cmp_addr_policies(policy, NULL));
+  tt_assert(!cmp_addr_policies(policy2, policy2));
+  tt_assert(!cmp_addr_policies(NULL, NULL));
+
+  tt_assert(!policy_is_reject_star(policy2, AF_INET));
+  tt_assert(policy_is_reject_star(policy, AF_INET));
+  tt_assert(policy_is_reject_star(policy10, AF_INET));
+  tt_assert(!policy_is_reject_star(policy10, AF_INET6));
+  tt_assert(policy_is_reject_star(policy11, AF_INET));
+  tt_assert(policy_is_reject_star(policy11, AF_INET6));
+  tt_assert(policy_is_reject_star(NULL, AF_INET));
+  tt_assert(policy_is_reject_star(NULL, AF_INET6));
 
   addr_policy_list_free(policy);
   policy = NULL;
 
+  /* make sure assume_action works */
+  malformed_list = 0;
+  p = router_parse_addr_policy_item_from_string("127.0.0.1",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("127.0.0.1:*",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("[::]",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("[::]:*",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("[face::b]",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("[b::aaaa]",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("*",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("*4",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("*6",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(p);
+  addr_policy_free(p);
+  tt_assert(!malformed_list);
+
+  /* These are all ambiguous IPv6 addresses, it's good that we reject them */
+  p = router_parse_addr_policy_item_from_string("acce::abcd",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(!p);
+  tt_assert(malformed_list);
+  malformed_list = 0;
+
+  p = router_parse_addr_policy_item_from_string("7:1234",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(!p);
+  tt_assert(malformed_list);
+  malformed_list = 0;
+
+  p = router_parse_addr_policy_item_from_string("::",
+                                                ADDR_POLICY_ACCEPT,
+                                                &malformed_list);
+  tt_assert(!p);
+  tt_assert(malformed_list);
+  malformed_list = 0;
+
   /* make sure compacting logic works. */
   policy = NULL;
   line.key = (char*)"foo";
   line.value = (char*)"accept *:80,reject private:*,reject *:*";
   line.next = NULL;
-  test_assert(0 == policies_parse_exit_policy(&line, &policy, 1, 0, 0, 1));
-  test_assert(policy);
+  tt_int_op(0, OP_EQ, policies_parse_exit_policy(&line,&policy,
+                                              EXIT_POLICY_IPV6_ENABLED |
+                                              EXIT_POLICY_ADD_DEFAULT, NULL));
+  tt_assert(policy);
+
   //test_streq(policy->string, "accept *:80");
   //test_streq(policy->next->string, "reject *:*");
-  test_eq(smartlist_len(policy), 4);
+  tt_int_op(smartlist_len(policy),OP_EQ, 4);
 
   /* test policy summaries */
   /* check if we properly ignore private IP addresses */
@@ -271,7 +443,7 @@ test_policies_general(void *arg)
   /* Try parsing various broken short policies */
 #define TT_BAD_SHORT_POLICY(s)                                          \
   do {                                                                  \
-    tt_ptr_op(NULL, ==, (short_parsed = parse_short_policy((s))));      \
+    tt_ptr_op(NULL, OP_EQ, (short_parsed = parse_short_policy((s))));      \
   } while (0)
   TT_BAD_SHORT_POLICY("accept 200-199");
   TT_BAD_SHORT_POLICY("");
@@ -287,6 +459,68 @@ test_policies_general(void *arg)
   TT_BAD_SHORT_POLICY("accept 1-,3");
   TT_BAD_SHORT_POLICY("accept 1-,3");
 
+  /* Make sure that IPv4 addresses are ignored in accept6/reject6 lines. */
+  p = router_parse_addr_policy_item_from_string("accept6 1.2.3.4:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("reject6 2.4.6.0/24:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(!malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("accept6 *4:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(!malformed_list);
+
+  /* Make sure malformed policies are detected as such. */
+  p = router_parse_addr_policy_item_from_string("bad_token *4:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("accept6 **:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("accept */15:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("reject6 */:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("accept 127.0.0.1/33:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("accept6 [::1]/129:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("reject 8.8.8.8/-1:*", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("reject 8.8.4.4:10-5", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
+  p = router_parse_addr_policy_item_from_string("reject 1.2.3.4:-1", -1,
+                                                &malformed_list);
+  tt_assert(p == NULL);
+  tt_assert(malformed_list);
+
   /* Test a too-long policy. */
   {
     int i;
@@ -301,7 +535,7 @@ test_policies_general(void *arg)
     smartlist_free(chunks);
     short_parsed = parse_short_policy(policy);/* shouldn't be accepted */
     tor_free(policy);
-    tt_ptr_op(NULL, ==, short_parsed);
+    tt_ptr_op(NULL, OP_EQ, short_parsed);
   }
 
   /* truncation ports */
@@ -337,6 +571,11 @@ test_policies_general(void *arg)
   addr_policy_list_free(policy5);
   addr_policy_list_free(policy6);
   addr_policy_list_free(policy7);
+  addr_policy_list_free(policy8);
+  addr_policy_list_free(policy9);
+  addr_policy_list_free(policy10);
+  addr_policy_list_free(policy11);
+  addr_policy_list_free(policy12);
   tor_free(policy_str);
   if (sm) {
     SMARTLIST_FOREACH(sm, char *, s, tor_free(s));
@@ -345,11 +584,329 @@ test_policies_general(void *arg)
   short_policy_free(short_parsed);
 }
 
+/** Helper: Check that policy_list contains address */
+static int
+test_policy_has_address_helper(const smartlist_t *policy_list,
+                               const tor_addr_t *addr)
+{
+  int found = 0;
+
+  tt_assert(policy_list);
+  tt_assert(addr);
+
+  SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t*, p) {
+    if (tor_addr_eq(&p->addr, addr)) {
+      found = 1;
+    }
+  } SMARTLIST_FOREACH_END(p);
+
+  return found;
+
+ done:
+  return 0;
+}
+
+#define TEST_IPV4_ADDR (0x01020304)
+#define TEST_IPV6_ADDR ("2002::abcd")
+
+/** Run unit tests for rejecting the configured addresses on this exit relay
+ * using policies_parse_exit_policy_reject_private */
+static void
+test_policies_reject_exit_address(void *arg)
+{
+  smartlist_t *policy = NULL;
+  tor_addr_t ipv4_addr, ipv6_addr;
+  smartlist_t *ipv4_list, *ipv6_list, *both_list, *dupl_list;
+  (void)arg;
+
+  tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR);
+  tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR);
+
+  ipv4_list = smartlist_new();
+  ipv6_list = smartlist_new();
+  both_list = smartlist_new();
+  dupl_list = smartlist_new();
+
+  smartlist_add(ipv4_list, &ipv4_addr);
+  smartlist_add(both_list, &ipv4_addr);
+  smartlist_add(dupl_list, &ipv4_addr);
+  smartlist_add(dupl_list, &ipv4_addr);
+  smartlist_add(dupl_list, &ipv4_addr);
+
+  smartlist_add(ipv6_list, &ipv6_addr);
+  smartlist_add(both_list, &ipv6_addr);
+  smartlist_add(dupl_list, &ipv6_addr);
+  smartlist_add(dupl_list, &ipv6_addr);
+
+  /* IPv4-Only Exits */
+
+  /* test that IPv4 addresses are rejected on an IPv4-only exit */
+  policies_parse_exit_policy_reject_private(&policy, 0, ipv4_list, 0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 1);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv6 addresses are NOT rejected on an IPv4-only exit
+   * (all IPv6 addresses are rejected by policies_parse_exit_policy_internal
+   * on IPv4-only exits, so policies_parse_exit_policy_reject_private doesn't
+   * need to do anything) */
+  policies_parse_exit_policy_reject_private(&policy, 0, ipv6_list, 0, 0);
+  tt_assert(policy == NULL);
+
+  /* test that only IPv4 addresses are rejected on an IPv4-only exit */
+  policies_parse_exit_policy_reject_private(&policy, 0, both_list, 0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 1);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* Test that lists with duplicate entries produce the same results */
+  policies_parse_exit_policy_reject_private(&policy, 0, dupl_list, 0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 1);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* IPv4/IPv6 Exits */
+
+  /* test that IPv4 addresses are rejected on an IPv4/IPv6 exit */
+  policies_parse_exit_policy_reject_private(&policy, 1, ipv4_list, 0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 1);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv6 addresses are rejected on an IPv4/IPv6 exit */
+  policies_parse_exit_policy_reject_private(&policy, 1, ipv6_list,  0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 1);
+  tt_assert(test_policy_has_address_helper(policy, &ipv6_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv4 and IPv6 addresses are rejected on an IPv4/IPv6 exit */
+  policies_parse_exit_policy_reject_private(&policy, 1, both_list,  0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 2);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_addr));
+  tt_assert(test_policy_has_address_helper(policy, &ipv6_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* Test that lists with duplicate entries produce the same results */
+  policies_parse_exit_policy_reject_private(&policy, 1, dupl_list,  0, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 2);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_addr));
+  tt_assert(test_policy_has_address_helper(policy, &ipv6_addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+ done:
+  addr_policy_list_free(policy);
+  smartlist_free(ipv4_list);
+  smartlist_free(ipv6_list);
+  smartlist_free(both_list);
+  smartlist_free(dupl_list);
+}
+
+static smartlist_t *test_configured_ports = NULL;
+
+/** Returns test_configured_ports */
+static const smartlist_t *
+mock_get_configured_ports(void)
+{
+  return test_configured_ports;
+}
+
+/** Run unit tests for rejecting publicly routable configured port addresses
+ * on this exit relay using policies_parse_exit_policy_reject_private */
+static void
+test_policies_reject_port_address(void *arg)
+{
+  smartlist_t *policy = NULL;
+  port_cfg_t *ipv4_port = NULL;
+  port_cfg_t *ipv6_port = NULL;
+  (void)arg;
+
+  test_configured_ports = smartlist_new();
+
+  ipv4_port = port_cfg_new(0);
+  tor_addr_from_ipv4h(&ipv4_port->addr, TEST_IPV4_ADDR);
+  smartlist_add(test_configured_ports, ipv4_port);
+
+  ipv6_port = port_cfg_new(0);
+  tor_addr_parse(&ipv6_port->addr, TEST_IPV6_ADDR);
+  smartlist_add(test_configured_ports, ipv6_port);
+
+  MOCK(get_configured_ports, mock_get_configured_ports);
+
+  /* test that an IPv4 port is rejected on an IPv4-only exit, but an IPv6 port
+   * is NOT rejected (all IPv6 addresses are rejected by
+   * policies_parse_exit_policy_internal on IPv4-only exits, so
+   * policies_parse_exit_policy_reject_private doesn't need to do anything
+   * with IPv6 addresses on IPv4-only exits) */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 0, 1);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 1);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_port->addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv4 and IPv6 ports are rejected on an IPv4/IPv6 exit */
+  policies_parse_exit_policy_reject_private(&policy, 1, NULL, 0, 1);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == 2);
+  tt_assert(test_policy_has_address_helper(policy, &ipv4_port->addr));
+  tt_assert(test_policy_has_address_helper(policy, &ipv6_port->addr));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+ done:
+  addr_policy_list_free(policy);
+  if (test_configured_ports) {
+    SMARTLIST_FOREACH(test_configured_ports,
+                      port_cfg_t *, p, port_cfg_free(p));
+    smartlist_free(test_configured_ports);
+    test_configured_ports = NULL;
+  }
+  UNMOCK(get_configured_ports);
+}
+
+smartlist_t *mock_ipv4_addrs = NULL;
+smartlist_t *mock_ipv6_addrs = NULL;
+
+/* mock get_interface_address6_list, returning a deep copy of the template
+ * address list ipv4_interface_address_list or ipv6_interface_address_list */
+static smartlist_t *
+mock_get_interface_address6_list(int severity,
+                            sa_family_t family,
+                            int include_internal)
+{
+  (void)severity;
+  (void)include_internal;
+  smartlist_t *clone_list = smartlist_new();
+  smartlist_t *template_list = NULL;
+
+  if (family == AF_INET) {
+    template_list = mock_ipv4_addrs;
+  } else if (family == AF_INET6) {
+    template_list = mock_ipv6_addrs;
+  } else {
+    return NULL;
+  }
+
+  tt_assert(template_list);
+
+  SMARTLIST_FOREACH_BEGIN(template_list, tor_addr_t *, src_addr) {
+    tor_addr_t *dest_addr = malloc(sizeof(tor_addr_t));
+    memset(dest_addr, 0, sizeof(*dest_addr));
+    tor_addr_copy_tight(dest_addr, src_addr);
+    smartlist_add(clone_list, dest_addr);
+  } SMARTLIST_FOREACH_END(src_addr);
+
+  return clone_list;
+
+ done:
+  free_interface_address6_list(clone_list);
+  return NULL;
+}
+
+/** Run unit tests for rejecting publicly routable interface addresses on this
+ * exit relay using policies_parse_exit_policy_reject_private */
+static void
+test_policies_reject_interface_address(void *arg)
+{
+  smartlist_t *policy = NULL;
+  smartlist_t *public_ipv4_addrs =
+    get_interface_address6_list(LOG_INFO, AF_INET, 0);
+  smartlist_t *public_ipv6_addrs =
+    get_interface_address6_list(LOG_INFO, AF_INET6, 0);
+  tor_addr_t ipv4_addr, ipv6_addr;
+  (void)arg;
+
+  /* test that no addresses are rejected when none are supplied/requested */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 0, 0);
+  tt_assert(policy == NULL);
+
+  /* test that only IPv4 interface addresses are rejected on an IPv4-only exit
+   * (and allow for duplicates)
+   */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0);
+  if (policy) {
+    tt_assert(smartlist_len(policy) <= smartlist_len(public_ipv4_addrs));
+    addr_policy_list_free(policy);
+    policy = NULL;
+  }
+
+  /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6
+   * exit (and allow for duplicates) */
+  policies_parse_exit_policy_reject_private(&policy, 1, NULL, 1, 0);
+  if (policy) {
+    tt_assert(smartlist_len(policy) <= (smartlist_len(public_ipv4_addrs)
+                                        + smartlist_len(public_ipv6_addrs)));
+    addr_policy_list_free(policy);
+    policy = NULL;
+  }
+
+  /* Now do it all again, but mocked */
+  tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR);
+  mock_ipv4_addrs = smartlist_new();
+  smartlist_add(mock_ipv4_addrs, (void *)&ipv4_addr);
+
+  tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR);
+  mock_ipv6_addrs = smartlist_new();
+  smartlist_add(mock_ipv6_addrs, (void *)&ipv6_addr);
+
+  MOCK(get_interface_address6_list, mock_get_interface_address6_list);
+
+  /* test that no addresses are rejected when none are supplied/requested */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 0, 0);
+  tt_assert(policy == NULL);
+
+  /* test that only IPv4 interface addresses are rejected on an IPv4-only exit
+   */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == smartlist_len(mock_ipv4_addrs));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6
+   * exit */
+  policies_parse_exit_policy_reject_private(&policy, 1, NULL, 1, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == (smartlist_len(mock_ipv4_addrs)
+                                      + smartlist_len(mock_ipv6_addrs)));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+ done:
+  addr_policy_list_free(policy);
+  free_interface_address6_list(public_ipv4_addrs);
+  free_interface_address6_list(public_ipv6_addrs);
+
+  UNMOCK(get_interface_address6_list);
+  /* we don't use free_interface_address6_list on these lists because their
+   * address pointers are stack-based */
+  smartlist_free(mock_ipv4_addrs);
+  smartlist_free(mock_ipv6_addrs);
+}
+
+#undef TEST_IPV4_ADDR
+#undef TEST_IPV6_ADDR
+
 static void
 test_dump_exit_policy_to_string(void *arg)
 {
  char *ep;
  addr_policy_t *policy_entry;
+ int malformed_list = -1;
 
  routerinfo_t *ri = tor_malloc_zero(sizeof(routerinfo_t));
 
@@ -359,63 +916,68 @@ test_dump_exit_policy_to_string(void *arg)
  ri->exit_policy = NULL; // expecting "reject *:*"
  ep = router_dump_exit_policy_to_string(ri,1,1);
 
- test_streq("reject *:*",ep);
+ tt_str_op("reject *:*",OP_EQ, ep);
 
  tor_free(ep);
 
  ri->exit_policy = smartlist_new();
  ri->policy_is_reject_star = 0;
 
- policy_entry = router_parse_addr_policy_item_from_string("accept *:*",-1);
+ policy_entry = router_parse_addr_policy_item_from_string("accept *:*", -1,
+                                                          &malformed_list);
 
  smartlist_add(ri->exit_policy,policy_entry);
 
  ep = router_dump_exit_policy_to_string(ri,1,1);
 
- test_streq("accept *:*",ep);
+ tt_str_op("accept *:*",OP_EQ, ep);
 
  tor_free(ep);
 
- policy_entry = router_parse_addr_policy_item_from_string("reject *:25",-1);
+ policy_entry = router_parse_addr_policy_item_from_string("reject *:25", -1,
+                                                          &malformed_list);
 
  smartlist_add(ri->exit_policy,policy_entry);
 
  ep = router_dump_exit_policy_to_string(ri,1,1);
 
- test_streq("accept *:*\nreject *:25",ep);
+ tt_str_op("accept *:*\nreject *:25",OP_EQ, ep);
 
  tor_free(ep);
 
  policy_entry =
- router_parse_addr_policy_item_from_string("reject 8.8.8.8:*",-1);
+ router_parse_addr_policy_item_from_string("reject 8.8.8.8:*", -1,
+                                           &malformed_list);
 
  smartlist_add(ri->exit_policy,policy_entry);
 
  ep = router_dump_exit_policy_to_string(ri,1,1);
 
- test_streq("accept *:*\nreject *:25\nreject 8.8.8.8:*",ep);
+ tt_str_op("accept *:*\nreject *:25\nreject 8.8.8.8:*",OP_EQ, ep);
  tor_free(ep);
 
  policy_entry =
- router_parse_addr_policy_item_from_string("reject6 [FC00::]/7:*",-1);
+ router_parse_addr_policy_item_from_string("reject6 [FC00::]/7:*", -1,
+                                           &malformed_list);
 
  smartlist_add(ri->exit_policy,policy_entry);
 
  ep = router_dump_exit_policy_to_string(ri,1,1);
 
- test_streq("accept *:*\nreject *:25\nreject 8.8.8.8:*\n"
-            "reject6 [fc00::]/7:*",ep);
+ tt_str_op("accept *:*\nreject *:25\nreject 8.8.8.8:*\n"
+            "reject6 [fc00::]/7:*",OP_EQ, ep);
  tor_free(ep);
 
  policy_entry =
- router_parse_addr_policy_item_from_string("accept6 [c000::]/3:*",-1);
+ router_parse_addr_policy_item_from_string("accept6 [c000::]/3:*", -1,
+                                           &malformed_list);
 
  smartlist_add(ri->exit_policy,policy_entry);
 
  ep = router_dump_exit_policy_to_string(ri,1,1);
 
- test_streq("accept *:*\nreject *:25\nreject 8.8.8.8:*\n"
-            "reject6 [fc00::]/7:*\naccept6 [c000::]/3:*",ep);
+ tt_str_op("accept *:*\nreject *:25\nreject 8.8.8.8:*\n"
+            "reject6 [fc00::]/7:*\naccept6 [c000::]/3:*",OP_EQ, ep);
 
  done:
 
@@ -428,10 +990,861 @@ test_dump_exit_policy_to_string(void *arg)
  tor_free(ep);
 }
 
+static routerinfo_t *mock_desc_routerinfo = NULL;
+static const routerinfo_t *
+mock_router_get_my_routerinfo(void)
+{
+  return mock_desc_routerinfo;
+}
+
+#define DEFAULT_POLICY_STRING "reject *:*"
+#define TEST_IPV4_ADDR (0x02040608)
+#define TEST_IPV6_ADDR ("2003::ef01")
+
+static or_options_t mock_options;
+
+static const or_options_t *
+mock_get_options(void)
+{
+  return &mock_options;
+}
+
+/** Run unit tests for generating summary lines of exit policies */
+static void
+test_policies_getinfo_helper_policies(void *arg)
+{
+  (void)arg;
+  int rv = 0;
+  size_t ipv4_len = 0, ipv6_len = 0;
+  char *answer = NULL;
+  const char *errmsg = NULL;
+  routerinfo_t mock_my_routerinfo;
+
+  memset(&mock_my_routerinfo, 0, sizeof(mock_my_routerinfo));
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/default", &answer, &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  tt_assert(strlen(answer) > 0);
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/default",
+                               &answer, &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  tt_assert(strlen(answer) > 0);
+  tor_free(answer);
+
+  memset(&mock_my_routerinfo, 0, sizeof(routerinfo_t));
+  MOCK(router_get_my_routerinfo, mock_router_get_my_routerinfo);
+  mock_my_routerinfo.exit_policy = smartlist_new();
+  mock_desc_routerinfo = &mock_my_routerinfo;
+
+  memset(&mock_options, 0, sizeof(or_options_t));
+  MOCK(get_options, mock_get_options);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay",
+                               &answer, &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  tt_assert(strlen(answer) == 0);
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/ipv4", &answer,
+                               &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  ipv4_len = strlen(answer);
+  tt_assert(ipv4_len == 0 || ipv4_len == strlen(DEFAULT_POLICY_STRING));
+  tt_assert(ipv4_len == 0 || !strcasecmp(answer, DEFAULT_POLICY_STRING));
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/ipv6", &answer,
+                               &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  ipv6_len = strlen(answer);
+  tt_assert(ipv6_len == 0 || ipv6_len == strlen(DEFAULT_POLICY_STRING));
+  tt_assert(ipv6_len == 0 || !strcasecmp(answer, DEFAULT_POLICY_STRING));
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/full", &answer,
+                               &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  /* It's either empty or it's the default */
+  tt_assert(strlen(answer) == 0 || !strcasecmp(answer, DEFAULT_POLICY_STRING));
+  tor_free(answer);
+
+  mock_my_routerinfo.addr = TEST_IPV4_ADDR;
+  tor_addr_parse(&mock_my_routerinfo.ipv6_addr, TEST_IPV6_ADDR);
+  append_exit_policy_string(&mock_my_routerinfo.exit_policy, "accept *4:*");
+  append_exit_policy_string(&mock_my_routerinfo.exit_policy, "reject *6:*");
+
+  mock_options.IPv6Exit = 1;
+  mock_options.ExitPolicyRejectPrivate = 1;
+  tor_addr_from_ipv4h(&mock_options.OutboundBindAddressIPv4_, TEST_IPV4_ADDR);
+  tor_addr_parse(&mock_options.OutboundBindAddressIPv6_, TEST_IPV6_ADDR);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay",
+                               &answer, &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  tt_assert(strlen(answer) > 0);
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/ipv4", &answer,
+                               &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  ipv4_len = strlen(answer);
+  tt_assert(ipv4_len > 0);
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/ipv6", &answer,
+                               &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  ipv6_len = strlen(answer);
+  tt_assert(ipv6_len > 0);
+  tor_free(answer);
+
+  rv = getinfo_helper_policies(NULL, "exit-policy/full", &answer,
+                               &errmsg);
+  tt_assert(rv == 0);
+  tt_assert(answer != NULL);
+  tt_assert(strlen(answer) > 0);
+  tt_assert(strlen(answer) == ipv4_len + ipv6_len + 1);
+  tor_free(answer);
+
+ done:
+  tor_free(answer);
+  UNMOCK(get_options);
+  UNMOCK(router_get_my_routerinfo);
+  addr_policy_list_free(mock_my_routerinfo.exit_policy);
+}
+
+#undef DEFAULT_POLICY_STRING
+#undef TEST_IPV4_ADDR
+#undef TEST_IPV6_ADDR
+
+#define TEST_IPV4_ADDR_STR "1.2.3.4"
+#define TEST_IPV6_ADDR_STR "[1002::4567]"
+#define REJECT_IPv4_FINAL_STR "reject 0.0.0.0/0:*"
+#define REJECT_IPv6_FINAL_STR "reject [::]/0:*"
+
+#define OTHER_IPV4_ADDR_STR "6.7.8.9"
+#define OTHER_IPV6_ADDR_STR "[afff::]"
+
+/** Run unit tests for fascist_firewall_allows_address */
+static void
+test_policies_fascist_firewall_allows_address(void *arg)
+{
+  (void)arg;
+  tor_addr_t ipv4_addr, ipv6_addr, r_ipv4_addr, r_ipv6_addr;
+  tor_addr_t n_ipv4_addr, n_ipv6_addr;
+  const uint16_t port = 1234;
+  smartlist_t *policy = NULL;
+  smartlist_t *e_policy = NULL;
+  addr_policy_t *item = NULL;
+  int malformed_list = 0;
+
+  /* Setup the options and the items in the policies */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  MOCK(get_options, mock_get_options);
+
+  policy = smartlist_new();
+  item = router_parse_addr_policy_item_from_string("accept "
+                                                   TEST_IPV4_ADDR_STR ":*",
+                                                   ADDR_POLICY_ACCEPT,
+                                                   &malformed_list);
+  tt_assert(item);
+  tt_assert(!malformed_list);
+  smartlist_add(policy, item);
+  item = router_parse_addr_policy_item_from_string("accept "
+                                                   TEST_IPV6_ADDR_STR,
+                                                   ADDR_POLICY_ACCEPT,
+                                                   &malformed_list);
+  tt_assert(item);
+  tt_assert(!malformed_list);
+  smartlist_add(policy, item);
+  /* Normally, policy_expand_unspec would do this for us */
+  item = router_parse_addr_policy_item_from_string(REJECT_IPv4_FINAL_STR,
+                                                   ADDR_POLICY_ACCEPT,
+                                                   &malformed_list);
+  tt_assert(item);
+  tt_assert(!malformed_list);
+  smartlist_add(policy, item);
+  item = router_parse_addr_policy_item_from_string(REJECT_IPv6_FINAL_STR,
+                                                   ADDR_POLICY_ACCEPT,
+                                                   &malformed_list);
+  tt_assert(item);
+  tt_assert(!malformed_list);
+  smartlist_add(policy, item);
+  item = NULL;
+
+  e_policy = smartlist_new();
+
+  /*
+  char *polstr = policy_dump_to_string(policy, 1, 1);
+  printf("%s\n", polstr);
+  tor_free(polstr);
+   */
+
+  /* Parse the addresses */
+  tor_addr_parse(&ipv4_addr, TEST_IPV4_ADDR_STR);
+  tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR_STR);
+  tor_addr_parse(&r_ipv4_addr, OTHER_IPV4_ADDR_STR);
+  tor_addr_parse(&r_ipv6_addr, OTHER_IPV6_ADDR_STR);
+  tor_addr_make_null(&n_ipv4_addr, AF_INET);
+  tor_addr_make_null(&n_ipv6_addr, AF_INET6);
+
+  /* Test the function's address matching with IPv4 and IPv6 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.UseBridges = 0;
+
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* Preferring IPv4 */
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 0)
+            == 0);
+
+  /* Preferring IPv6 */
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 1)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 1)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 1)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 1)
+            == 0);
+
+  /* Test the function's address matching with UseBridges on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.UseBridges = 1;
+
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* Preferring IPv4 */
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 0)
+            == 0);
+
+  /* Preferring IPv6 */
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 1)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 1)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 1)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 1)
+            == 0);
+
+  /* bridge clients always use IPv6, regardless of ClientUseIPv6 */
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 0;
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* Test the function's address matching with IPv4 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 0;
+  mock_options.UseBridges = 0;
+
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* Test the function's address matching with IPv6 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 0;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.UseBridges = 0;
+
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* Test the function's address matching with ClientUseIPv4 0.
+   * This means "use IPv6" regardless of the other settings. */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 0;
+  mock_options.ClientUseIPv6 = 0;
+  mock_options.UseBridges = 0;
+
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* Test the function's address matching for unusual inputs */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.UseBridges = 1;
+
+  /* NULL and tor_addr_is_null addresses are rejected */
+  tt_assert(fascist_firewall_allows_address(NULL, port, policy, 0, 0) == 0);
+  tt_assert(fascist_firewall_allows_address(&n_ipv4_addr, port, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&n_ipv6_addr, port, policy, 0, 0)
+            == 0);
+
+  /* zero ports are rejected */
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, 0, policy, 0, 0)
+            == 0);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, 0, policy, 0, 0)
+            == 0);
+
+  /* NULL and empty policies accept everything */
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, NULL, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, NULL, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, e_policy, 0, 0)
+            == 1);
+  tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, e_policy, 0, 0)
+            == 1);
+
+ done:
+  addr_policy_free(item);
+  addr_policy_list_free(policy);
+  addr_policy_list_free(e_policy);
+  UNMOCK(get_options);
+}
+
+#undef REJECT_IPv4_FINAL_STR
+#undef REJECT_IPv6_FINAL_STR
+#undef OTHER_IPV4_ADDR_STR
+#undef OTHER_IPV6_ADDR_STR
+
+#define TEST_IPV4_OR_PORT  1234
+#define TEST_IPV4_DIR_PORT 2345
+#define TEST_IPV6_OR_PORT  61234
+#define TEST_IPV6_DIR_PORT 62345
+
+/* Check that fascist_firewall_choose_address_rs() returns the expected
+ * results. */
+#define CHECK_CHOSEN_ADDR_RS(fake_rs, fw_connection, pref_only, expect_rv, \
+                             expect_ap) \
+  STMT_BEGIN \
+    tor_addr_port_t chosen_rs_ap; \
+    tor_addr_make_null(&chosen_rs_ap.addr, AF_INET); \
+    chosen_rs_ap.port = 0; \
+    tt_int_op(fascist_firewall_choose_address_rs(&(fake_rs), \
+                                                 (fw_connection), \
+                                                 (pref_only), \
+                                                 &chosen_rs_ap), \
+              OP_EQ, (expect_rv)); \
+    tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_rs_ap.addr)); \
+    tt_int_op((expect_ap).port, OP_EQ, chosen_rs_ap.port); \
+  STMT_END
+
+/* Check that fascist_firewall_choose_address_node() returns the expected
+ * results. */
+#define CHECK_CHOSEN_ADDR_NODE(fake_node, fw_connection, pref_only, \
+                               expect_rv, expect_ap) \
+  STMT_BEGIN \
+    tor_addr_port_t chosen_node_ap; \
+    tor_addr_make_null(&chosen_node_ap.addr, AF_INET); \
+    chosen_node_ap.port = 0; \
+    tt_int_op(fascist_firewall_choose_address_node(&(fake_node), \
+                                                   (fw_connection), \
+                                                   (pref_only), \
+                                                   &chosen_node_ap), \
+              OP_EQ, (expect_rv)); \
+    tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_node_ap.addr)); \
+    tt_int_op((expect_ap).port, OP_EQ, chosen_node_ap.port); \
+  STMT_END
+
+/* Check that fascist_firewall_choose_address_rs and
+ * fascist_firewall_choose_address_node() both return the expected results. */
+#define CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, fw_connection, pref_only, \
+                             expect_rv, expect_ap) \
+  STMT_BEGIN \
+    CHECK_CHOSEN_ADDR_RS(fake_rs, fw_connection, pref_only, expect_rv, \
+                         expect_ap); \
+    CHECK_CHOSEN_ADDR_NODE(fake_node, fw_connection, pref_only, expect_rv, \
+                           expect_ap); \
+  STMT_END
+
+/** Run unit tests for fascist_firewall_choose_address */
+static void
+test_policies_fascist_firewall_choose_address(void *arg)
+{
+  (void)arg;
+  tor_addr_port_t ipv4_or_ap, ipv4_dir_ap, ipv6_or_ap, ipv6_dir_ap;
+  tor_addr_port_t n_ipv4_ap, n_ipv6_ap;
+
+  /* Setup the options */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  MOCK(get_options, mock_get_options);
+
+  /* Parse the addresses */
+  tor_addr_parse(&ipv4_or_ap.addr, TEST_IPV4_ADDR_STR);
+  ipv4_or_ap.port = TEST_IPV4_OR_PORT;
+  tor_addr_parse(&ipv4_dir_ap.addr, TEST_IPV4_ADDR_STR);
+  ipv4_dir_ap.port = TEST_IPV4_DIR_PORT;
+
+  tor_addr_parse(&ipv6_or_ap.addr, TEST_IPV6_ADDR_STR);
+  ipv6_or_ap.port = TEST_IPV6_OR_PORT;
+  tor_addr_parse(&ipv6_dir_ap.addr, TEST_IPV6_ADDR_STR);
+  ipv6_dir_ap.port = TEST_IPV6_DIR_PORT;
+
+  tor_addr_make_null(&n_ipv4_ap.addr, AF_INET);
+  n_ipv4_ap.port = 0;
+  tor_addr_make_null(&n_ipv6_ap.addr, AF_INET6);
+  n_ipv6_ap.port = 0;
+
+  /* Sanity check fascist_firewall_choose_address with IPv4 and IPv6 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.UseBridges = 0;
+
+  /* Prefer IPv4 */
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
+                                            FIREWALL_OR_CONNECTION, 0, 0)
+            == &ipv4_or_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
+                                            FIREWALL_OR_CONNECTION, 1, 0)
+            == &ipv4_or_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 1,
+                                            FIREWALL_DIR_CONNECTION, 0, 0)
+            == &ipv4_dir_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 1,
+                                            FIREWALL_DIR_CONNECTION, 1, 0)
+            == &ipv4_dir_ap);
+
+  /* Prefer IPv6 */
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
+                                            FIREWALL_OR_CONNECTION, 0, 1)
+            == &ipv6_or_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
+                                            FIREWALL_OR_CONNECTION, 1, 1)
+            == &ipv6_or_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0,
+                                            FIREWALL_DIR_CONNECTION, 0, 1)
+            == &ipv6_dir_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0,
+                                            FIREWALL_DIR_CONNECTION, 1, 1)
+            == &ipv6_dir_ap);
+
+  /* Unusual inputs */
+
+  /* null preferred OR addresses */
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &n_ipv6_ap, 0,
+                                            FIREWALL_OR_CONNECTION, 0, 1)
+            == &ipv4_or_ap);
+  tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &ipv6_or_ap, 1,
+                                            FIREWALL_OR_CONNECTION, 0, 0)
+            == &ipv6_or_ap);
+
+  /* null both OR addresses */
+  tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 0,
+                                            FIREWALL_OR_CONNECTION, 0, 1)
+            == NULL);
+  tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 1,
+                                            FIREWALL_OR_CONNECTION, 0, 0)
+            == NULL);
+
+  /* null preferred Dir addresses */
+  tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &n_ipv6_ap, 0,
+                                            FIREWALL_DIR_CONNECTION, 0, 1)
+            == &ipv4_dir_ap);
+  tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &ipv6_dir_ap, 1,
+                                            FIREWALL_DIR_CONNECTION, 0, 0)
+            == &ipv6_dir_ap);
+
+  /* null both Dir addresses */
+  tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 0,
+                                            FIREWALL_DIR_CONNECTION, 0, 1)
+            == NULL);
+  tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 1,
+                                            FIREWALL_DIR_CONNECTION, 0, 0)
+            == NULL);
+
+  /* Prefer IPv4 but want IPv6 (contradictory) */
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
+                                            FIREWALL_OR_CONNECTION, 0, 0)
+            == &ipv4_or_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
+                                            FIREWALL_OR_CONNECTION, 1, 0)
+            == &ipv4_or_ap);
+
+  /* Prefer IPv6 but want IPv4 (contradictory) */
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
+                                            FIREWALL_OR_CONNECTION, 0, 1)
+            == &ipv6_or_ap);
+  tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
+                                            FIREWALL_OR_CONNECTION, 1, 1)
+            == &ipv6_or_ap);
+
+  /* Make a fake rs. There will be no corresponding node.
+   * This is what happens when there's no consensus and we're bootstrapping
+   * from authorities / fallbacks. */
+  routerstatus_t fake_rs;
+  memset(&fake_rs, 0, sizeof(routerstatus_t));
+  /* In a routerstatus, the OR and Dir addresses are the same */
+  fake_rs.addr = tor_addr_to_ipv4h(&ipv4_or_ap.addr);
+  fake_rs.or_port = ipv4_or_ap.port;
+  fake_rs.dir_port = ipv4_dir_ap.port;
+
+  tor_addr_copy(&fake_rs.ipv6_addr, &ipv6_or_ap.addr);
+  fake_rs.ipv6_orport = ipv6_or_ap.port;
+  /* In a routerstatus, the IPv4 and IPv6 DirPorts are the same.*/
+  ipv6_dir_ap.port = TEST_IPV4_DIR_PORT;
+
+  /* Make a fake node. Even though it contains the fake_rs, a lookup won't
+  * find the node from the rs, because they're not in the hash table. */
+  node_t fake_node;
+  memset(&fake_node, 0, sizeof(node_t));
+  fake_node.rs = &fake_rs;
+
+  /* Choose an address with IPv4 and IPv6 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.UseBridges = 0;
+
+  /* Preferring IPv4 */
+  mock_options.ClientPreferIPv6ORPort = 0;
+  mock_options.ClientPreferIPv6DirPort = 0;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv4_dir_ap);
+
+  /* Auto (Preferring IPv4) */
+  mock_options.ClientPreferIPv6ORPort = -1;
+  mock_options.ClientPreferIPv6DirPort = -1;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv4_dir_ap);
+
+  /* Preferring IPv6 */
+  mock_options.ClientPreferIPv6ORPort = 1;
+  mock_options.ClientPreferIPv6DirPort = 1;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv6_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv6_dir_ap);
+
+  /* Preferring IPv4 OR / IPv6 Dir */
+  mock_options.ClientPreferIPv6ORPort = 0;
+  mock_options.ClientPreferIPv6DirPort = 1;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv6_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv6_dir_ap);
+
+  /* Preferring IPv6 OR / IPv4 Dir */
+  mock_options.ClientPreferIPv6ORPort = 1;
+  mock_options.ClientPreferIPv6DirPort = 0;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv4_dir_ap);
+
+  /* Choose an address with UseBridges on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.UseBridges = 1;
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 1;
+
+  /* Preferring IPv4 */
+  mock_options.ClientPreferIPv6ORPort = 0;
+  mock_options.ClientPreferIPv6DirPort = 0;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv4_dir_ap);
+
+  /* Auto:
+   * - bridge clients prefer the configured bridge OR address from the node,
+   *   (the configured address family sets node.ipv6_preferred)
+   * - other clients prefer IPv4 OR by default (see above),
+   * - all clients, including bridge clients, prefer IPv4 Dir by default.
+   */
+  mock_options.ClientPreferIPv6ORPort = -1;
+  mock_options.ClientPreferIPv6DirPort = -1;
+
+  /* Simulate the initialisation of fake_node.ipv6_preferred with a bridge
+   * configured with an IPv4 address */
+  fake_node.ipv6_preferred = 0;
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 0, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 1, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                         ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                         ipv4_dir_ap);
+
+  /* Simulate the initialisation of fake_node.ipv6_preferred with a bridge
+   * configured with an IPv6 address */
+  fake_node.ipv6_preferred = 1;
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 0, 1, ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 1, 1, ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                         ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                         ipv4_dir_ap);
+
+  /* When a rs has no node, it defaults to IPv4 under auto. */
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_OR_CONNECTION, 0, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_OR_CONNECTION, 1, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_DIR_CONNECTION, 0, 1, ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_DIR_CONNECTION, 1, 1, ipv4_dir_ap);
+
+  /* Preferring IPv6 */
+  mock_options.ClientPreferIPv6ORPort = 1;
+  mock_options.ClientPreferIPv6DirPort = 1;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv6_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv6_dir_ap);
+
+  /* In the default configuration (Auto / IPv6 off), bridge clients should
+   * use both IPv4 and IPv6, but only prefer IPv6 for bridges configured with
+   * an IPv6 address, regardless of ClientUseIPv6. (See above.) */
+  mock_options.ClientUseIPv6 = 0;
+  mock_options.ClientPreferIPv6ORPort = -1;
+  mock_options.ClientPreferIPv6DirPort = -1;
+  /* Simulate the initialisation of fake_node.ipv6_preferred with a bridge
+   * configured with an IPv4 address */
+  fake_node.ipv6_preferred = 0;
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 0, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 1, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                         ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                         ipv4_dir_ap);
+
+  /* Simulate the initialisation of fake_node.ipv6_preferred with a bridge
+   * configured with an IPv6 address */
+  fake_node.ipv6_preferred = 1;
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 0, 1, ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_OR_CONNECTION, 1, 1, ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                         ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_NODE(fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                         ipv4_dir_ap);
+
+  /* When a rs has no node, it defaults to IPv4 under auto. */
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_OR_CONNECTION, 0, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_OR_CONNECTION, 1, 1, ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_DIR_CONNECTION, 0, 1, ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RS(fake_rs, FIREWALL_DIR_CONNECTION, 1, 1, ipv4_dir_ap);
+
+  /* Choose an address with IPv4 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 1;
+  mock_options.ClientUseIPv6 = 0;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv4_dir_ap);
+
+  /* Choose an address with IPv6 on */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 0;
+  mock_options.ClientUseIPv6 = 1;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv6_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv6_dir_ap);
+
+  /* Choose an address with ClientUseIPv4 0.
+   * This means "use IPv6" regardless of the other settings. */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ClientUseIPv4 = 0;
+  mock_options.ClientUseIPv6 = 0;
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv6_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv6_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv6_dir_ap);
+
+  /* Choose an address with ORPort_set 1 (server mode).
+   * This means "use IPv4" regardless of the other settings. */
+  memset(&mock_options, 0, sizeof(or_options_t));
+  mock_options.ORPort_set = 1;
+  mock_options.ClientUseIPv4 = 0;
+  mock_options.ClientUseIPv6 = 1;
+  mock_options.ClientPreferIPv6ORPort = 1;
+  mock_options.ClientPreferIPv6DirPort = 1;
+
+  /* Simulate the initialisation of fake_node.ipv6_preferred */
+  fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
+                                                                &mock_options);
+
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 1, 1,
+                       ipv4_or_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 0, 1,
+                       ipv4_dir_ap);
+  CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_DIR_CONNECTION, 1, 1,
+                       ipv4_dir_ap);
+
+ done:
+  UNMOCK(get_options);
+}
+
+#undef TEST_IPV4_ADDR_STR
+#undef TEST_IPV6_ADDR_STR
+#undef TEST_IPV4_OR_PORT
+#undef TEST_IPV4_DIR_PORT
+#undef TEST_IPV6_OR_PORT
+#undef TEST_IPV6_DIR_PORT
+
+#undef CHECK_CHOSEN_ADDR_RS
+#undef CHECK_CHOSEN_ADDR_NODE
+#undef CHECK_CHOSEN_ADDR_RN
+
 struct testcase_t policy_tests[] = {
   { "router_dump_exit_policy_to_string", test_dump_exit_policy_to_string, 0,
     NULL, NULL },
   { "general", test_policies_general, 0, NULL, NULL },
+  { "getinfo_helper_policies", test_policies_getinfo_helper_policies, 0, NULL,
+    NULL },
+  { "reject_exit_address", test_policies_reject_exit_address, 0, NULL, NULL },
+  { "reject_interface_address", test_policies_reject_interface_address, 0,
+    NULL, NULL },
+  { "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL },
+  { "fascist_firewall_allows_address",
+    test_policies_fascist_firewall_allows_address, 0, NULL, NULL },
+  { "fascist_firewall_choose_address",
+    test_policies_fascist_firewall_choose_address, 0, NULL, NULL },
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_procmon.c b/src/test/test_procmon.c
new file mode 100644
index 0000000000..9e63fc006d
--- /dev/null
+++ b/src/test/test_procmon.c
@@ -0,0 +1,58 @@
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define PROCMON_PRIVATE
+#include "orconfig.h"
+#include "or.h"
+#include "test.h"
+
+#include "procmon.h"
+
+#include "log_test_helpers.h"
+
+#define NS_MODULE procmon
+
+struct event_base;
+
+static void
+test_procmon_tor_process_monitor_new(void *ignored)
+{
+  (void)ignored;
+  tor_process_monitor_t *res;
+  const char *msg;
+
+  res = tor_process_monitor_new(NULL, "probably invalid", 0, NULL, NULL, &msg);
+  tt_assert(!res);
+  tt_str_op(msg, OP_EQ, "invalid PID");
+
+  res = tor_process_monitor_new(NULL, "243443535345454", 0, NULL, NULL, &msg);
+  tt_assert(!res);
+  tt_str_op(msg, OP_EQ, "invalid PID");
+
+  res = tor_process_monitor_new(tor_libevent_get_base(), "43", 0,
+                                NULL, NULL, &msg);
+  tt_assert(res);
+  tt_assert(!msg);
+  tor_process_monitor_free(res);
+
+  res = tor_process_monitor_new(tor_libevent_get_base(), "44 hello", 0,
+                                NULL, NULL, &msg);
+  tt_assert(res);
+  tt_assert(!msg);
+  tor_process_monitor_free(res);
+
+  res = tor_process_monitor_new(tor_libevent_get_base(), "45:hello", 0,
+                                NULL, NULL, &msg);
+  tt_assert(res);
+  tt_assert(!msg);
+
+ done:
+  tor_process_monitor_free(res);
+}
+
+struct testcase_t procmon_tests[] = {
+  { "tor_process_monitor_new", test_procmon_tor_process_monitor_new,
+    TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_pt.c b/src/test/test_pt.c
index f71627df1e..ab8447dcd7 100644
--- a/src/test/test_pt.c
+++ b/src/test/test_pt.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -27,75 +27,76 @@ reset_mp(managed_proxy_t *mp)
 }
 
 static void
-test_pt_parsing(void)
+test_pt_parsing(void *arg)
 {
   char line[200];
   transport_t *transport = NULL;
   tor_addr_t test_addr;
 
-  managed_proxy_t *mp = tor_malloc(sizeof(managed_proxy_t));
+  managed_proxy_t *mp = tor_malloc_zero(sizeof(managed_proxy_t));
+  (void)arg;
   mp->conf_state = PT_PROTO_INFANT;
   mp->transports = smartlist_new();
 
   /* incomplete cmethod */
   strlcpy(line,"CMETHOD trebuchet",sizeof(line));
-  test_assert(parse_cmethod_line(line, mp) < 0);
+  tt_assert(parse_cmethod_line(line, mp) < 0);
 
   reset_mp(mp);
 
   /* wrong proxy type */
   strlcpy(line,"CMETHOD trebuchet dog 127.0.0.1:1999",sizeof(line));
-  test_assert(parse_cmethod_line(line, mp) < 0);
+  tt_assert(parse_cmethod_line(line, mp) < 0);
 
   reset_mp(mp);
 
   /* wrong addrport */
   strlcpy(line,"CMETHOD trebuchet socks4 abcd",sizeof(line));
-  test_assert(parse_cmethod_line(line, mp) < 0);
+  tt_assert(parse_cmethod_line(line, mp) < 0);
 
   reset_mp(mp);
 
   /* correct line */
   strlcpy(line,"CMETHOD trebuchet socks5 127.0.0.1:1999",sizeof(line));
-  test_assert(parse_cmethod_line(line, mp) == 0);
-  test_assert(smartlist_len(mp->transports) == 1);
+  tt_assert(parse_cmethod_line(line, mp) == 0);
+  tt_assert(smartlist_len(mp->transports) == 1);
   transport = smartlist_get(mp->transports, 0);
   /* test registered address of transport */
   tor_addr_parse(&test_addr, "127.0.0.1");
-  test_assert(tor_addr_eq(&test_addr, &transport->addr));
+  tt_assert(tor_addr_eq(&test_addr, &transport->addr));
   /* test registered port of transport */
-  test_assert(transport->port == 1999);
+  tt_assert(transport->port == 1999);
   /* test registered SOCKS version of transport */
-  test_assert(transport->socks_version == PROXY_SOCKS5);
+  tt_assert(transport->socks_version == PROXY_SOCKS5);
   /* test registered name of transport */
-  test_streq(transport->name, "trebuchet");
+  tt_str_op(transport->name,OP_EQ, "trebuchet");
 
   reset_mp(mp);
 
   /* incomplete smethod */
   strlcpy(line,"SMETHOD trebuchet",sizeof(line));
-  test_assert(parse_smethod_line(line, mp) < 0);
+  tt_assert(parse_smethod_line(line, mp) < 0);
 
   reset_mp(mp);
 
   /* wrong addr type */
   strlcpy(line,"SMETHOD trebuchet abcd",sizeof(line));
-  test_assert(parse_smethod_line(line, mp) < 0);
+  tt_assert(parse_smethod_line(line, mp) < 0);
 
   reset_mp(mp);
 
   /* cowwect */
   strlcpy(line,"SMETHOD trebuchy 127.0.0.2:2999",sizeof(line));
-  test_assert(parse_smethod_line(line, mp) == 0);
-  test_assert(smartlist_len(mp->transports) == 1);
+  tt_assert(parse_smethod_line(line, mp) == 0);
+  tt_assert(smartlist_len(mp->transports) == 1);
   transport = smartlist_get(mp->transports, 0);
   /* test registered address of transport */
   tor_addr_parse(&test_addr, "127.0.0.2");
-  test_assert(tor_addr_eq(&test_addr, &transport->addr));
+  tt_assert(tor_addr_eq(&test_addr, &transport->addr));
   /* test registered port of transport */
-  test_assert(transport->port == 2999);
+  tt_assert(transport->port == 2999);
   /* test registered name of transport */
-  test_streq(transport->name, "trebuchy");
+  tt_str_op(transport->name,OP_EQ, "trebuchy");
 
   reset_mp(mp);
 
@@ -103,30 +104,30 @@ test_pt_parsing(void)
   strlcpy(line,"SMETHOD trebuchet 127.0.0.1:9999 "
           "ARGS:counterweight=3,sling=snappy",
           sizeof(line));
-  test_assert(parse_smethod_line(line, mp) == 0);
-  tt_int_op(1, ==, smartlist_len(mp->transports));
+  tt_assert(parse_smethod_line(line, mp) == 0);
+  tt_int_op(1, OP_EQ, smartlist_len(mp->transports));
   {
     const transport_t *transport = smartlist_get(mp->transports, 0);
     tt_assert(transport);
-    tt_str_op(transport->name, ==, "trebuchet");
-    tt_int_op(transport->port, ==, 9999);
-    tt_str_op(fmt_addr(&transport->addr), ==, "127.0.0.1");
-    tt_str_op(transport->extra_info_args, ==,
+    tt_str_op(transport->name, OP_EQ, "trebuchet");
+    tt_int_op(transport->port, OP_EQ, 9999);
+    tt_str_op(fmt_addr(&transport->addr), OP_EQ, "127.0.0.1");
+    tt_str_op(transport->extra_info_args, OP_EQ,
               "counterweight=3,sling=snappy");
   }
   reset_mp(mp);
 
   /* unsupported version */
   strlcpy(line,"VERSION 666",sizeof(line));
-  test_assert(parse_version(line, mp) < 0);
+  tt_assert(parse_version(line, mp) < 0);
 
   /* incomplete VERSION */
   strlcpy(line,"VERSION ",sizeof(line));
-  test_assert(parse_version(line, mp) < 0);
+  tt_assert(parse_version(line, mp) < 0);
 
   /* correct VERSION */
   strlcpy(line,"VERSION 1",sizeof(line));
-  test_assert(parse_version(line, mp) == 0);
+  tt_assert(parse_version(line, mp) == 0);
 
  done:
   reset_mp(mp);
@@ -150,9 +151,9 @@ test_pt_get_transport_options(void *arg)
   execve_args[1] = NULL;
 
   mp = managed_proxy_create(transport_list, execve_args, 1);
-  tt_ptr_op(mp, !=, NULL);
+  tt_ptr_op(mp, OP_NE, NULL);
   opt_str = get_transport_options_for_server_proxy(mp);
-  tt_ptr_op(opt_str, ==, NULL);
+  tt_ptr_op(opt_str, OP_EQ, NULL);
 
   smartlist_add(mp->transports_to_launch, tor_strdup("gruyere"));
   smartlist_add(mp->transports_to_launch, tor_strdup("roquefort"));
@@ -175,7 +176,7 @@ test_pt_get_transport_options(void *arg)
   options->ServerTransportOptions = cl;
 
   opt_str = get_transport_options_for_server_proxy(mp);
-  tt_str_op(opt_str, ==,
+  tt_str_op(opt_str, OP_EQ,
             "gruyere:melty=10;gruyere:hardness=se\\;ven;"
             "stnectaire:melty=4;stnectaire:hardness=three");
 
@@ -187,46 +188,47 @@ test_pt_get_transport_options(void *arg)
 }
 
 static void
-test_pt_protocol(void)
+test_pt_protocol(void *arg)
 {
   char line[200];
 
   managed_proxy_t *mp = tor_malloc_zero(sizeof(managed_proxy_t));
+  (void)arg;
   mp->conf_state = PT_PROTO_LAUNCHED;
   mp->transports = smartlist_new();
-  mp->argv = tor_malloc_zero(sizeof(char*)*2);
+  mp->argv = tor_calloc(2, sizeof(char *));
   mp->argv[0] = tor_strdup("<testcase>");
 
   /* various wrong protocol runs: */
 
   strlcpy(line,"VERSION 1",sizeof(line));
   handle_proxy_line(line, mp);
-  test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
+  tt_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
 
   strlcpy(line,"VERSION 1",sizeof(line));
   handle_proxy_line(line, mp);
-  test_assert(mp->conf_state == PT_PROTO_BROKEN);
+  tt_assert(mp->conf_state == PT_PROTO_BROKEN);
 
   reset_mp(mp);
 
   strlcpy(line,"CMETHOD trebuchet socks5 127.0.0.1:1999",sizeof(line));
   handle_proxy_line(line, mp);
-  test_assert(mp->conf_state == PT_PROTO_BROKEN);
+  tt_assert(mp->conf_state == PT_PROTO_BROKEN);
 
   reset_mp(mp);
 
   /* correct protocol run: */
   strlcpy(line,"VERSION 1",sizeof(line));
   handle_proxy_line(line, mp);
-  test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
+  tt_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
 
   strlcpy(line,"CMETHOD trebuchet socks5 127.0.0.1:1999",sizeof(line));
   handle_proxy_line(line, mp);
-  test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
+  tt_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
 
   strlcpy(line,"CMETHODS DONE",sizeof(line));
   handle_proxy_line(line, mp);
-  test_assert(mp->conf_state == PT_PROTO_CONFIGURED);
+  tt_assert(mp->conf_state == PT_PROTO_CONFIGURED);
 
  done:
   reset_mp(mp);
@@ -260,17 +262,17 @@ test_pt_get_extrainfo_string(void *arg)
   mp2 = managed_proxy_create(t2, argv2, 1);
 
   r = parse_smethod_line("SMETHOD hagbard 127.0.0.1:5555", mp1);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   r = parse_smethod_line("SMETHOD celine 127.0.0.1:1723 ARGS:card=no-enemy",
                          mp2);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   /* Force these proxies to look "completed" or they won't generate output. */
   mp1->conf_state = mp2->conf_state = PT_PROTO_COMPLETED;
 
   s = pt_get_extra_info_descriptor_string();
   tt_assert(s);
-  tt_str_op(s, ==,
+  tt_str_op(s, OP_EQ,
             "transport hagbard 127.0.0.1:5555\n"
             "transport celine 127.0.0.1:1723 card=no-enemy\n");
 
@@ -331,15 +333,13 @@ static uint16_t controlevent_event = 0;
 static smartlist_t *controlevent_msgs = NULL;
 
 static void
-send_control_event_string_replacement(uint16_t event, event_format_t which,
-                                      const char *msg)
+queue_control_event_string_replacement(uint16_t event, char *msg)
 {
-  (void) which;
   ++controlevent_n;
   controlevent_event = event;
   if (!controlevent_msgs)
     controlevent_msgs = smartlist_new();
-  smartlist_add(controlevent_msgs, tor_strdup(msg));
+  smartlist_add(controlevent_msgs, msg);
 }
 
 /* Test the configure_proxy() function. */
@@ -358,12 +358,12 @@ test_pt_configure_proxy(void *arg)
        tor_process_handle_destroy_replacement);
   MOCK(get_or_state,
        get_or_state_replacement);
-  MOCK(send_control_event_string,
-       send_control_event_string_replacement);
+  MOCK(queue_control_event_string,
+       queue_control_event_string_replacement);
 
   control_testing_set_global_event_mask(EVENT_TRANSPORT_LAUNCHED);
 
-  mp = tor_malloc(sizeof(managed_proxy_t));
+  mp = tor_malloc_zero(sizeof(managed_proxy_t));
   mp->conf_state = PT_PROTO_ACCEPTING_METHODS;
   mp->transports = smartlist_new();
   mp->transports_to_launch = smartlist_new();
@@ -378,33 +378,33 @@ test_pt_configure_proxy(void *arg)
   for (i = 0 ; i < 5 ; i++) {
     retval = configure_proxy(mp);
     /* retval should be zero because proxy hasn't finished configuring yet */
-    test_assert(retval == 0);
+    tt_int_op(retval, OP_EQ, 0);
     /* check the number of registered transports */
-    test_assert(smartlist_len(mp->transports) == i+1);
+    tt_assert(smartlist_len(mp->transports) == i+1);
     /* check that the mp is still waiting for transports */
-    test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
+    tt_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS);
   }
 
   /* this last configure_proxy() should finalize the proxy configuration. */
   retval = configure_proxy(mp);
   /* retval should be 1 since the proxy finished configuring */
-  test_assert(retval == 1);
+  tt_int_op(retval, OP_EQ, 1);
   /* check the mp state */
-  test_assert(mp->conf_state == PT_PROTO_COMPLETED);
+  tt_assert(mp->conf_state == PT_PROTO_COMPLETED);
 
-  tt_int_op(controlevent_n, ==, 5);
-  tt_int_op(controlevent_event, ==, EVENT_TRANSPORT_LAUNCHED);
-  tt_int_op(smartlist_len(controlevent_msgs), ==, 5);
+  tt_int_op(controlevent_n, OP_EQ, 5);
+  tt_int_op(controlevent_event, OP_EQ, EVENT_TRANSPORT_LAUNCHED);
+  tt_int_op(smartlist_len(controlevent_msgs), OP_EQ, 5);
   smartlist_sort_strings(controlevent_msgs);
-  tt_str_op(smartlist_get(controlevent_msgs, 0), ==,
+  tt_str_op(smartlist_get(controlevent_msgs, 0), OP_EQ,
             "650 TRANSPORT_LAUNCHED server mock1 127.0.0.1 5551\r\n");
-  tt_str_op(smartlist_get(controlevent_msgs, 1), ==,
+  tt_str_op(smartlist_get(controlevent_msgs, 1), OP_EQ,
             "650 TRANSPORT_LAUNCHED server mock2 127.0.0.1 5552\r\n");
-  tt_str_op(smartlist_get(controlevent_msgs, 2), ==,
+  tt_str_op(smartlist_get(controlevent_msgs, 2), OP_EQ,
             "650 TRANSPORT_LAUNCHED server mock3 127.0.0.1 5553\r\n");
-  tt_str_op(smartlist_get(controlevent_msgs, 3), ==,
+  tt_str_op(smartlist_get(controlevent_msgs, 3), OP_EQ,
             "650 TRANSPORT_LAUNCHED server mock4 127.0.0.1 5554\r\n");
-  tt_str_op(smartlist_get(controlevent_msgs, 4), ==,
+  tt_str_op(smartlist_get(controlevent_msgs, 4), OP_EQ,
             "650 TRANSPORT_LAUNCHED server mock5 127.0.0.1 5555\r\n");
 
   { /* check that the transport info were saved properly in the tor state */
@@ -416,13 +416,13 @@ test_pt_configure_proxy(void *arg)
     /* Get the bindaddr for "mock1" and check it against the bindaddr
        that the mocked tor_get_lines_from_handle() generated. */
     transport_in_state = get_transport_in_state_by_name("mock1");
-    test_assert(transport_in_state);
+    tt_assert(transport_in_state);
     smartlist_split_string(transport_info_sl, transport_in_state->value,
                            NULL, 0, 0);
     name_of_transport = smartlist_get(transport_info_sl, 0);
     bindaddr = smartlist_get(transport_info_sl, 1);
-    tt_str_op(name_of_transport, ==, "mock1");
-    tt_str_op(bindaddr, ==, "127.0.0.1:5551");
+    tt_str_op(name_of_transport, OP_EQ, "mock1");
+    tt_str_op(bindaddr, OP_EQ, "127.0.0.1:5551");
 
     SMARTLIST_FOREACH(transport_info_sl, char *, cp, tor_free(cp));
     smartlist_free(transport_info_sl);
@@ -433,7 +433,7 @@ test_pt_configure_proxy(void *arg)
   UNMOCK(tor_get_lines_from_handle);
   UNMOCK(tor_process_handle_destroy);
   UNMOCK(get_or_state);
-  UNMOCK(send_control_event_string);
+  UNMOCK(queue_control_event_string);
   if (controlevent_msgs) {
     SMARTLIST_FOREACH(controlevent_msgs, char *, cp, tor_free(cp));
     smartlist_free(controlevent_msgs);
@@ -450,8 +450,86 @@ test_pt_configure_proxy(void *arg)
   tor_free(mp);
 }
 
+/* Test the get_pt_proxy_uri() function. */
+static void
+test_get_pt_proxy_uri(void *arg)
+{
+  or_options_t *options = get_options_mutable();
+  char *uri = NULL;
+  int ret;
+  (void) arg;
+
+  /* Test with no proxy. */
+  uri = get_pt_proxy_uri();
+  tt_assert(uri == NULL);
+
+  /* Test with a SOCKS4 proxy. */
+  options->Socks4Proxy = tor_strdup("192.0.2.1:1080");
+  ret = tor_addr_port_lookup(options->Socks4Proxy,
+                             &options->Socks4ProxyAddr,
+                             &options->Socks4ProxyPort);
+  tt_int_op(ret, OP_EQ, 0);
+  uri = get_pt_proxy_uri();
+  tt_str_op(uri, OP_EQ, "socks4a://192.0.2.1:1080");
+  tor_free(uri);
+  tor_free(options->Socks4Proxy);
+
+  /* Test with a SOCKS5 proxy, no username/password. */
+  options->Socks5Proxy = tor_strdup("192.0.2.1:1080");
+  ret = tor_addr_port_lookup(options->Socks5Proxy,
+                             &options->Socks5ProxyAddr,
+                             &options->Socks5ProxyPort);
+  tt_int_op(ret, OP_EQ, 0);
+  uri = get_pt_proxy_uri();
+  tt_str_op(uri, OP_EQ, "socks5://192.0.2.1:1080");
+  tor_free(uri);
+
+  /* Test with a SOCKS5 proxy, with username/password. */
+  options->Socks5ProxyUsername = tor_strdup("hwest");
+  options->Socks5ProxyPassword = tor_strdup("r34n1m470r");
+  uri = get_pt_proxy_uri();
+  tt_str_op(uri, OP_EQ, "socks5://hwest:r34n1m470r@192.0.2.1:1080");
+  tor_free(uri);
+  tor_free(options->Socks5Proxy);
+  tor_free(options->Socks5ProxyUsername);
+  tor_free(options->Socks5ProxyPassword);
+
+  /* Test with a HTTPS proxy, no authenticator. */
+  options->HTTPSProxy = tor_strdup("192.0.2.1:80");
+  ret = tor_addr_port_lookup(options->HTTPSProxy,
+                             &options->HTTPSProxyAddr,
+                             &options->HTTPSProxyPort);
+  tt_int_op(ret, OP_EQ, 0);
+  uri = get_pt_proxy_uri();
+  tt_str_op(uri, OP_EQ, "http://192.0.2.1:80");
+  tor_free(uri);
+
+  /* Test with a HTTPS proxy, with authenticator. */
+  options->HTTPSProxyAuthenticator = tor_strdup("hwest:r34n1m470r");
+  uri = get_pt_proxy_uri();
+  tt_str_op(uri, OP_EQ, "http://hwest:r34n1m470r@192.0.2.1:80");
+  tor_free(uri);
+  tor_free(options->HTTPSProxy);
+  tor_free(options->HTTPSProxyAuthenticator);
+
+  /* Token nod to the fact that IPv6 exists. */
+  options->Socks4Proxy = tor_strdup("[2001:db8::1]:1080");
+  ret = tor_addr_port_lookup(options->Socks4Proxy,
+                             &options->Socks4ProxyAddr,
+                             &options->Socks4ProxyPort);
+  tt_int_op(ret, OP_EQ, 0);
+  uri = get_pt_proxy_uri();
+  tt_str_op(uri, OP_EQ, "socks4a://[2001:db8::1]:1080");
+  tor_free(uri);
+  tor_free(options->Socks4Proxy);
+
+ done:
+  if (uri)
+    tor_free(uri);
+}
+
 #define PT_LEGACY(name)                                               \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_pt_ ## name }
+  { #name, test_pt_ ## name , 0, NULL, NULL }
 
 struct testcase_t pt_tests[] = {
   PT_LEGACY(parsing),
@@ -462,6 +540,8 @@ struct testcase_t pt_tests[] = {
     NULL, NULL },
   { "configure_proxy",test_pt_configure_proxy, TT_FORK,
     NULL, NULL },
+  { "get_pt_proxy_uri", test_get_pt_proxy_uri, TT_FORK,
+    NULL, NULL },
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_relay.c b/src/test/test_relay.c
new file mode 100644
index 0000000000..a7fcad5401
--- /dev/null
+++ b/src/test/test_relay.c
@@ -0,0 +1,126 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+#define CIRCUITBUILD_PRIVATE
+#include "circuitbuild.h"
+#define RELAY_PRIVATE
+#include "relay.h"
+/* For init/free stuff */
+#include "scheduler.h"
+
+/* Test suite stuff */
+#include "test.h"
+#include "fakechans.h"
+
+static or_circuit_t * new_fake_orcirc(channel_t *nchan, channel_t *pchan);
+
+static void test_relay_append_cell_to_circuit_queue(void *arg);
+
+static or_circuit_t *
+new_fake_orcirc(channel_t *nchan, channel_t *pchan)
+{
+  or_circuit_t *orcirc = NULL;
+  circuit_t *circ = NULL;
+
+  orcirc = tor_malloc_zero(sizeof(*orcirc));
+  circ = &(orcirc->base_);
+  circ->magic = OR_CIRCUIT_MAGIC;
+
+  circ->n_chan = nchan;
+  circ->n_circ_id = get_unique_circ_id_by_chan(nchan);
+  circ->n_mux = NULL; /* ?? */
+  cell_queue_init(&(circ->n_chan_cells));
+  circ->n_hop = NULL;
+  circ->streams_blocked_on_n_chan = 0;
+  circ->streams_blocked_on_p_chan = 0;
+  circ->n_delete_pending = 0;
+  circ->p_delete_pending = 0;
+  circ->received_destroy = 0;
+  circ->state = CIRCUIT_STATE_OPEN;
+  circ->purpose = CIRCUIT_PURPOSE_OR;
+  circ->package_window = CIRCWINDOW_START_MAX;
+  circ->deliver_window = CIRCWINDOW_START_MAX;
+  circ->n_chan_create_cell = NULL;
+
+  orcirc->p_chan = pchan;
+  orcirc->p_circ_id = get_unique_circ_id_by_chan(pchan);
+  cell_queue_init(&(orcirc->p_chan_cells));
+
+  return orcirc;
+}
+
+static void
+test_relay_append_cell_to_circuit_queue(void *arg)
+{
+  channel_t *nchan = NULL, *pchan = NULL;
+  or_circuit_t *orcirc = NULL;
+  cell_t *cell = NULL;
+  int old_count, new_count;
+
+  (void)arg;
+
+  /* Make fake channels to be nchan and pchan for the circuit */
+  nchan = new_fake_channel();
+  tt_assert(nchan);
+
+  pchan = new_fake_channel();
+  tt_assert(pchan);
+
+  /* We'll need chans with working cmuxes */
+  nchan->cmux = circuitmux_alloc();
+  pchan->cmux = circuitmux_alloc();
+
+  /* Make a fake orcirc */
+  orcirc = new_fake_orcirc(nchan, pchan);
+  tt_assert(orcirc);
+
+  /* Make a cell */
+  cell = tor_malloc_zero(sizeof(cell_t));
+  make_fake_cell(cell);
+
+  MOCK(scheduler_channel_has_waiting_cells,
+       scheduler_channel_has_waiting_cells_mock);
+
+  /* Append it */
+  old_count = get_mock_scheduler_has_waiting_cells_count();
+  append_cell_to_circuit_queue(TO_CIRCUIT(orcirc), nchan, cell,
+                               CELL_DIRECTION_OUT, 0);
+  new_count = get_mock_scheduler_has_waiting_cells_count();
+  tt_int_op(new_count, ==, old_count + 1);
+
+  /* Now try the reverse direction */
+  old_count = get_mock_scheduler_has_waiting_cells_count();
+  append_cell_to_circuit_queue(TO_CIRCUIT(orcirc), pchan, cell,
+                               CELL_DIRECTION_IN, 0);
+  new_count = get_mock_scheduler_has_waiting_cells_count();
+  tt_int_op(new_count, ==, old_count + 1);
+
+  UNMOCK(scheduler_channel_has_waiting_cells);
+
+  /* Get rid of the fake channels */
+  MOCK(scheduler_release_channel, scheduler_release_channel_mock);
+  channel_mark_for_close(nchan);
+  channel_mark_for_close(pchan);
+  UNMOCK(scheduler_release_channel);
+
+  /* Shut down channels */
+  channel_free_all();
+
+ done:
+  tor_free(cell);
+  cell_queue_clear(&orcirc->base_.n_chan_cells);
+  cell_queue_clear(&orcirc->p_chan_cells);
+  tor_free(orcirc);
+  free_fake_channel(nchan);
+  free_fake_channel(pchan);
+
+  return;
+}
+
+struct testcase_t relay_tests[] = {
+  { "append_cell_to_circuit_queue", test_relay_append_cell_to_circuit_queue,
+    TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c
index 9aff6ab49e..1cd9ff064b 100644
--- a/src/test/test_relaycell.c
+++ b/src/test/test_relaycell.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014, The Tor Project, Inc. */
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Unit tests for handling different kinds of relay cell */
@@ -87,24 +87,24 @@ test_relaycell_resolved(void *arg)
     srm_ncalls = mum_ncalls = 0;                \
   } while (0)
 #define ASSERT_MARK_CALLED(reason) do {         \
-    tt_int_op(mum_ncalls, ==, 1);               \
-    tt_ptr_op(mum_conn, ==, entryconn);         \
-    tt_int_op(mum_endreason, ==, (reason));     \
+    tt_int_op(mum_ncalls, OP_EQ, 1);               \
+    tt_ptr_op(mum_conn, OP_EQ, entryconn);         \
+    tt_int_op(mum_endreason, OP_EQ, (reason));     \
   } while (0)
 #define ASSERT_RESOLVED_CALLED(atype, answer, ttl, expires) do {  \
-    tt_int_op(srm_ncalls, ==, 1);                                 \
-    tt_ptr_op(srm_conn, ==, entryconn);                           \
-    tt_int_op(srm_atype, ==, (atype));                            \
+    tt_int_op(srm_ncalls, OP_EQ, 1);                                 \
+    tt_ptr_op(srm_conn, OP_EQ, entryconn);                           \
+    tt_int_op(srm_atype, OP_EQ, (atype));                            \
     if (answer) {                                                 \
-      tt_int_op(srm_alen, ==, sizeof(answer)-1);                  \
-      tt_int_op(srm_alen, <, 512);                                \
-      tt_int_op(srm_answer_is_set, ==, 1);                        \
-      tt_mem_op(srm_answer, ==, answer, sizeof(answer)-1);        \
+      tt_int_op(srm_alen, OP_EQ, sizeof(answer)-1);                  \
+      tt_int_op(srm_alen, OP_LT, 512);                                \
+      tt_int_op(srm_answer_is_set, OP_EQ, 1);                        \
+      tt_mem_op(srm_answer, OP_EQ, answer, sizeof(answer)-1);        \
     } else {                                                      \
-      tt_int_op(srm_answer_is_set, ==, 0);                        \
+      tt_int_op(srm_answer_is_set, OP_EQ, 0);                        \
     }                                                             \
-    tt_int_op(srm_ttl, ==, ttl);                                  \
-    tt_i64_op((int64_t)srm_expires, ==, (int64_t)expires);        \
+    tt_int_op(srm_ttl, OP_EQ, ttl);                                  \
+    tt_i64_op(srm_expires, OP_EQ, expires);                          \
   } while (0)
 
   (void)arg;
@@ -130,21 +130,21 @@ test_relaycell_resolved(void *arg)
   /* Try with connection in non-RESOLVE_WAIT state: cell gets ignored */
   MOCK_RESET();
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
-  tt_int_op(srm_ncalls, ==, 0);
-  tt_int_op(mum_ncalls, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(srm_ncalls, OP_EQ, 0);
+  tt_int_op(mum_ncalls, OP_EQ, 0);
 
   /* Now put it in the right state. */
   ENTRY_TO_CONN(entryconn)->state = AP_CONN_STATE_RESOLVE_WAIT;
   entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE;
-  entryconn->ipv4_traffic_ok = 1;
-  entryconn->ipv6_traffic_ok = 1;
-  entryconn->prefer_ipv6_traffic = 0;
+  entryconn->entry_cfg.ipv4_traffic = 1;
+  entryconn->entry_cfg.ipv6_traffic = 1;
+  entryconn->entry_cfg.prefer_ipv6 = 0;
 
   /* We prefer ipv4, so we should get the first ipv4 answer */
   MOCK_RESET();
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV4, "\x7f\x00\x01\x02", 256, -1);
@@ -153,16 +153,16 @@ test_relaycell_resolved(void *arg)
   MOCK_RESET();
   options->ClientDNSRejectInternalAddresses = 1;
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV4, "\x12\x00\x00\x01", 512, -1);
 
   /* now prefer ipv6, and get the first ipv6 answer */
-  entryconn->prefer_ipv6_traffic = 1;
+  entryconn->entry_cfg.prefer_ipv6 = 1;
   MOCK_RESET();
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV6,
@@ -174,7 +174,7 @@ test_relaycell_resolved(void *arg)
   MOCK_RESET();
   SET_CELL("\x04\x04\x12\x00\x00\x01\x00\x00\x02\x00");
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV4, "\x12\x00\x00\x01", 512, -1);
@@ -182,19 +182,19 @@ test_relaycell_resolved(void *arg)
   /* But if we don't allow IPv4, we report nothing if the cell contains only
    * ipv4 */
   MOCK_RESET();
-  entryconn->ipv4_traffic_ok = 0;
+  entryconn->entry_cfg.ipv4_traffic = 0;
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_ERROR, NULL, -1, -1);
 
   /* If we wanted hostnames, we report nothing, since we only had IPs. */
   MOCK_RESET();
-  entryconn->ipv4_traffic_ok = 1;
+  entryconn->entry_cfg.ipv4_traffic = 1;
   entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_ERROR, NULL, -1, -1);
@@ -203,7 +203,7 @@ test_relaycell_resolved(void *arg)
   MOCK_RESET();
   SET_CELL("\x00\x0fwww.example.com\x00\x01\x00\x00");
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_HOSTNAME, "www.example.com", 65536, -1);
@@ -213,9 +213,9 @@ test_relaycell_resolved(void *arg)
   entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE;
   SET_CELL("\x04\x04\x01\x02\x03\x04"); /* no ttl */
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_TORPROTOCOL);
-  tt_int_op(srm_ncalls, ==, 0);
+  tt_int_op(srm_ncalls, OP_EQ, 0);
 
   /* error on all addresses private */
   MOCK_RESET();
@@ -224,7 +224,7 @@ test_relaycell_resolved(void *arg)
            /* IPv4: 192.168.1.1, ttl 256 */
            "\x04\x04\xc0\xa8\x01\x01\x00\x00\x01\x00");
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_TORPROTOCOL);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_ERROR_TRANSIENT, NULL, 0, TIME_MAX);
 
@@ -232,7 +232,7 @@ test_relaycell_resolved(void *arg)
   MOCK_RESET();
   SET_CELL("\xf0\x15" "quiet and meaningless" "\x00\x00\x0f\xff");
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
                      END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_ERROR_TRANSIENT, NULL, -1, -1);
diff --git a/src/test/test_rendcache.c b/src/test/test_rendcache.c
new file mode 100644
index 0000000000..d1b52649b2
--- /dev/null
+++ b/src/test/test_rendcache.c
@@ -0,0 +1,1269 @@
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#include "or.h"
+
+#include "test.h"
+#define RENDCACHE_PRIVATE
+#include "rendcache.h"
+#include "router.h"
+#include "routerlist.h"
+#include "config.h"
+#include <openssl/rsa.h>
+#include "rend_test_helpers.h"
+
+#define NS_MODULE rend_cache
+
+static const int RECENT_TIME = -10;
+static const int TIME_IN_THE_PAST = -(REND_CACHE_MAX_AGE + \
+                                      REND_CACHE_MAX_SKEW + 10);
+static const int TIME_IN_THE_FUTURE = REND_CACHE_MAX_SKEW + 10;
+
+extern strmap_t *rend_cache;
+extern digestmap_t *rend_cache_v2_dir;
+extern strmap_t *rend_cache_failure;
+extern size_t rend_cache_total_allocation;
+
+static rend_data_t *
+mock_rend_data(const char *onion_address)
+{
+  rend_data_t *rend_query = tor_malloc_zero(sizeof(rend_data_t));
+
+  strlcpy(rend_query->onion_address, onion_address,
+          sizeof(rend_query->onion_address));
+  rend_query->auth_type = REND_NO_AUTH;
+  rend_query->hsdirs_fp = smartlist_new();
+  smartlist_add(rend_query->hsdirs_fp, tor_memdup("aaaaaaaaaaaaaaaaaaaaaaaa",
+                                                 DIGEST_LEN));
+
+  return rend_query;
+}
+
+static void
+test_rend_cache_lookup_entry(void *data)
+{
+  int ret;
+  rend_data_t *mock_rend_query = NULL;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  rend_cache_entry_t *entry = NULL;
+  rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
+  char *service_id = NULL;
+  (void)data;
+
+  rend_cache_init();
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+
+  ret = rend_cache_lookup_entry("abababababababab", 0, NULL);
+  tt_int_op(ret, OP_EQ, -ENOENT);
+
+  ret = rend_cache_lookup_entry("invalid query", 2, NULL);
+  tt_int_op(ret, OP_EQ, -EINVAL);
+
+  ret = rend_cache_lookup_entry("abababababababab", 2, NULL);
+  tt_int_op(ret, OP_EQ, -ENOENT);
+
+  ret = rend_cache_lookup_entry("abababababababab", 4224, NULL);
+  tt_int_op(ret, OP_EQ, -ENOENT);
+
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  rend_cache_store_v2_desc_as_client(desc_holder->desc_str, desc_id_base32,
+                                     mock_rend_query, NULL);
+
+  ret = rend_cache_lookup_entry(service_id, 2, NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  ret = rend_cache_lookup_entry(service_id, 2, &entry);
+  tt_assert(entry);
+  tt_int_op(entry->len, OP_EQ, strlen(desc_holder->desc_str));
+  tt_str_op(entry->desc, OP_EQ, desc_holder->desc_str);
+
+ done:
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_cache_free_all();
+  rend_data_free(mock_rend_query);
+}
+
+static void
+test_rend_cache_store_v2_desc_as_client(void *data)
+{
+  int ret;
+  rend_data_t *mock_rend_query;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  rend_cache_entry_t *entry = NULL;
+  rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
+  char *service_id = NULL;
+  char client_cookie[REND_DESC_COOKIE_LEN];
+  (void)data;
+
+  rend_cache_init();
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+
+  // Test success
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           &entry);
+
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(entry);
+  tt_int_op(entry->len, OP_EQ, strlen(desc_holder->desc_str));
+  tt_str_op(entry->desc, OP_EQ, desc_holder->desc_str);
+
+  // Test various failure modes
+
+  // TODO: a too long desc_id_base32 argument crashes the function
+   /* ret = rend_cache_store_v2_desc_as_client( */
+   /*                   desc_holder->desc_str, */
+   /*                   "3TOOLONG3TOOLONG3TOOLONG3TOOLONG3TOOLONG3TOOLONG", */
+   /*                   &mock_rend_query, NULL); */
+  /* tt_int_op(ret, OP_EQ, -1); */
+
+  // Test bad base32 failure
+  // This causes an assertion failure if we're running with assertions.
+  // But when building without asserts, we can test it.
+#ifdef DISABLE_ASSERTS_IN_UNIT_TESTS
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                   "!xqunszqnaolrrfmtzgaki7mxelgvkj", mock_rend_query, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+#endif
+
+  // Test invalid descriptor
+  ret = rend_cache_store_v2_desc_as_client("invalid descriptor",
+             "3xqunszqnaolrrfmtzgaki7mxelgvkje", mock_rend_query, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // TODO: it doesn't seem to be possible to test invalid service ID condition.
+  // that means it is likely not possible to have that condition without
+  // earlier conditions failing first (such as signature checking of the desc)
+
+  rend_cache_free_all();
+
+  // Test mismatch between service ID and onion address
+  rend_cache_init();
+  strncpy(mock_rend_query->onion_address, "abc", REND_SERVICE_ID_LEN_BASE32+1);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32,
+                                           mock_rend_query, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+  rend_cache_free_all();
+  rend_data_free(mock_rend_query);
+
+  // Test incorrect descriptor ID
+  rend_cache_init();
+  mock_rend_query = mock_rend_data(service_id);
+  desc_id_base32[0]++;
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, -1);
+  desc_id_base32[0]--;
+  rend_cache_free_all();
+
+  // Test too old descriptor
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(TIME_IN_THE_PAST, &desc_holder, &service_id, 3);
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32,
+                                           mock_rend_query, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+  rend_cache_free_all();
+
+  // Test too new descriptor (in the future)
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3);
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, -1);
+  rend_cache_free_all();
+
+  // Test when a descriptor is already in the cache
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+
+  rend_cache_store_v2_desc_as_client(desc_holder->desc_str, desc_id_base32,
+                                     mock_rend_query, NULL);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           &entry);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(entry);
+  rend_cache_free_all();
+
+  // Test unsuccessful decrypting of introduction points
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+  mock_rend_query = mock_rend_data(service_id);
+  mock_rend_query->auth_type = REND_BASIC_AUTH;
+  client_cookie[0] = 'A';
+  memcpy(mock_rend_query->descriptor_cookie, client_cookie,
+         REND_DESC_COOKIE_LEN);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, 0);
+  rend_cache_free_all();
+
+  // Test successful run when we have REND_BASIC_AUTH but not cookie
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+  mock_rend_query = mock_rend_data(service_id);
+  mock_rend_query->auth_type = REND_BASIC_AUTH;
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  rend_cache_free_all();
+
+  // Test when we have no introduction points
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 0);
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, -1);
+  rend_cache_free_all();
+
+  // Test when we have too many intro points
+  rend_cache_init();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_data_free(mock_rend_query);
+
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, MAX_INTRO_POINTS+1);
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, -1);
+
+ done:
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_cache_free_all();
+  rend_data_free(mock_rend_query);
+}
+
+static void
+test_rend_cache_store_v2_desc_as_client_with_different_time(void *data)
+{
+  int ret;
+  rend_data_t *mock_rend_query;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  rend_service_descriptor_t *generated = NULL;
+  smartlist_t *descs = smartlist_new();
+  time_t t;
+  char *service_id = NULL;
+  rend_encoded_v2_service_descriptor_t *desc_holder_newer;
+  rend_encoded_v2_service_descriptor_t *desc_holder_older;
+
+  t = time(NULL);
+  rend_cache_init();
+
+  create_descriptor(&generated, &service_id, 3);
+
+  generated->timestamp = t + RECENT_TIME;
+  rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
+                             REND_NO_AUTH, NULL, NULL);
+  desc_holder_newer = ((rend_encoded_v2_service_descriptor_t *)
+                       smartlist_get(descs, 0));
+  smartlist_set(descs, 0, NULL);
+
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  descs = smartlist_new();
+
+  generated->timestamp = (t + RECENT_TIME) - 20;
+  rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
+                             REND_NO_AUTH, NULL, NULL);
+  desc_holder_older = ((rend_encoded_v2_service_descriptor_t *)
+                       smartlist_get(descs, 0));
+  smartlist_set(descs, 0, NULL);
+  (void)data;
+
+  // Test when a descriptor is already in the cache and it is newer than the
+  // one we submit
+  mock_rend_query = mock_rend_data(service_id);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32),
+                desc_holder_newer->desc_id, DIGEST_LEN);
+  rend_cache_store_v2_desc_as_client(desc_holder_newer->desc_str,
+                                     desc_id_base32, mock_rend_query, NULL);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder_older->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  rend_cache_free_all();
+
+  // Test when an old descriptor is in the cache and we submit a newer one
+  rend_cache_init();
+  rend_cache_store_v2_desc_as_client(desc_holder_older->desc_str,
+                                     desc_id_base32, mock_rend_query, NULL);
+  ret = rend_cache_store_v2_desc_as_client(desc_holder_newer->desc_str,
+                                           desc_id_base32, mock_rend_query,
+                                           NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  rend_encoded_v2_service_descriptor_free(desc_holder_newer);
+  rend_encoded_v2_service_descriptor_free(desc_holder_older);
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  rend_service_descriptor_free(generated);
+  tor_free(service_id);
+  rend_cache_free_all();
+  rend_data_free(mock_rend_query);
+}
+
+#define NS_SUBMODULE lookup_v2_desc_as_dir
+NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
+
+static routerinfo_t *mock_routerinfo;
+
+static const routerinfo_t *
+NS(router_get_my_routerinfo)(void)
+{
+  if (!mock_routerinfo) {
+    mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
+  }
+
+  return mock_routerinfo;
+}
+
+static void
+test_rend_cache_lookup_v2_desc_as_dir(void *data)
+{
+  int ret;
+  char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
+  rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
+  char *service_id = NULL;
+  const char *ret_desc = NULL;
+
+  (void)data;
+
+  NS_MOCK(router_get_my_routerinfo);
+
+  rend_cache_init();
+
+  // Test invalid base32
+  ret = rend_cache_lookup_v2_desc_as_dir("!bababababababab", NULL);
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test non-existent descriptor but well formed
+  ret = rend_cache_lookup_v2_desc_as_dir("3xqunszqnaolrrfmtzgaki7mxelgvkje",
+                                         NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test existing descriptor
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+  rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
+  base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id,
+                DIGEST_LEN);
+  ret = rend_cache_lookup_v2_desc_as_dir(desc_id_base32, &ret_desc);
+  tt_int_op(ret, OP_EQ, 1);
+  tt_assert(ret_desc);
+
+ done:
+  NS_UNMOCK(router_get_my_routerinfo);
+  tor_free(mock_routerinfo);
+  rend_cache_free_all();
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+}
+
+#undef NS_SUBMODULE
+
+#define NS_SUBMODULE store_v2_desc_as_dir
+NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
+
+static const routerinfo_t *
+NS(router_get_my_routerinfo)(void)
+{
+  return mock_routerinfo;
+}
+
+static void
+test_rend_cache_store_v2_desc_as_dir(void *data)
+{
+  (void)data;
+  int ret;
+  rend_encoded_v2_service_descriptor_t *desc_holder = NULL;
+  char *service_id = NULL;
+
+  NS_MOCK(router_get_my_routerinfo);
+
+  rend_cache_init();
+
+  // Test when we can't parse the descriptor
+  mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
+  ret = rend_cache_store_v2_desc_as_dir("unparseable");
+  tt_int_op(ret, OP_EQ, -1);
+
+  // Test when we have an old descriptor
+  generate_desc(TIME_IN_THE_PAST, &desc_holder, &service_id, 3);
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+
+  // Test when we have a descriptor in the future
+  generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3);
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+
+  // Test when two descriptors
+  generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3);
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+
+  // Test when asking for hidden service statistics  HiddenServiceStatistics
+  rend_cache_purge();
+  generate_desc(RECENT_TIME, &desc_holder, &service_id, 3);
+  get_options_mutable()->HiddenServiceStatistics = 1;
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  NS_UNMOCK(router_get_my_routerinfo);
+  rend_encoded_v2_service_descriptor_free(desc_holder);
+  tor_free(service_id);
+  rend_cache_free_all();
+  tor_free(mock_routerinfo);
+}
+
+static void
+test_rend_cache_store_v2_desc_as_dir_with_different_time(void *data)
+{
+  (void)data;
+
+  int ret;
+  rend_service_descriptor_t *generated = NULL;
+  smartlist_t *descs = smartlist_new();
+  time_t t;
+  char *service_id = NULL;
+  rend_encoded_v2_service_descriptor_t *desc_holder_newer;
+  rend_encoded_v2_service_descriptor_t *desc_holder_older;
+
+  NS_MOCK(router_get_my_routerinfo);
+
+  rend_cache_init();
+
+  t = time(NULL);
+
+  create_descriptor(&generated, &service_id, 3);
+  generated->timestamp = t + RECENT_TIME;
+  rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
+                             REND_NO_AUTH, NULL, NULL);
+  desc_holder_newer = ((rend_encoded_v2_service_descriptor_t *)
+                       smartlist_get(descs, 0));
+  smartlist_set(descs, 0, NULL);
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  descs = smartlist_new();
+
+  generated->timestamp = (t + RECENT_TIME) - 20;
+  rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
+                             REND_NO_AUTH, NULL, NULL);
+  desc_holder_older = ((rend_encoded_v2_service_descriptor_t *)
+                       smartlist_get(descs, 0));
+  smartlist_set(descs, 0, NULL);
+
+  // Test when we have a newer descriptor stored
+  mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
+  rend_cache_store_v2_desc_as_dir(desc_holder_newer->desc_str);
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder_older->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test when we have an old descriptor stored
+  rend_cache_purge();
+  rend_cache_store_v2_desc_as_dir(desc_holder_older->desc_str);
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder_newer->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  NS_UNMOCK(router_get_my_routerinfo);
+  rend_cache_free_all();
+  rend_service_descriptor_free(generated);
+  tor_free(service_id);
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  rend_encoded_v2_service_descriptor_free(desc_holder_newer);
+  rend_encoded_v2_service_descriptor_free(desc_holder_older);
+  tor_free(mock_routerinfo);
+}
+
+static void
+test_rend_cache_store_v2_desc_as_dir_with_different_content(void *data)
+{
+  (void)data;
+
+  int ret;
+  rend_service_descriptor_t *generated = NULL;
+  smartlist_t *descs = smartlist_new();
+  time_t t;
+  char *service_id = NULL;
+  rend_encoded_v2_service_descriptor_t *desc_holder_one = NULL;
+  rend_encoded_v2_service_descriptor_t *desc_holder_two = NULL;
+
+  NS_MOCK(router_get_my_routerinfo);
+
+  rend_cache_init();
+
+  t = time(NULL);
+
+  create_descriptor(&generated, &service_id, 3);
+  generated->timestamp = t + RECENT_TIME;
+  rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
+                             REND_NO_AUTH, NULL, NULL);
+  desc_holder_one = ((rend_encoded_v2_service_descriptor_t *)
+                     smartlist_get(descs, 0));
+  smartlist_set(descs, 0, NULL);
+
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  descs = smartlist_new();
+
+  generated->timestamp = t + RECENT_TIME;
+  generated->protocols = 41;
+  rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
+                             REND_NO_AUTH, NULL, NULL);
+  desc_holder_two = ((rend_encoded_v2_service_descriptor_t *)
+                     smartlist_get(descs, 0));
+  smartlist_set(descs, 0, NULL);
+
+  // Test when we have another descriptor stored, with a different descriptor
+  mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
+  rend_cache_store_v2_desc_as_dir(desc_holder_one->desc_str);
+  ret = rend_cache_store_v2_desc_as_dir(desc_holder_two->desc_str);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  NS_UNMOCK(router_get_my_routerinfo);
+  rend_cache_free_all();
+  rend_service_descriptor_free(generated);
+  tor_free(service_id);
+  SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
+                    rend_encoded_v2_service_descriptor_free(d));
+  smartlist_free(descs);
+  rend_encoded_v2_service_descriptor_free(desc_holder_one);
+  rend_encoded_v2_service_descriptor_free(desc_holder_two);
+}
+
+#undef NS_SUBMODULE
+
+static void
+test_rend_cache_init(void *data)
+{
+  (void)data;
+
+  tt_assert_msg(!rend_cache, "rend_cache should be NULL when starting");
+  tt_assert_msg(!rend_cache_v2_dir, "rend_cache_v2_dir should be NULL "
+                "when starting");
+  tt_assert_msg(!rend_cache_failure, "rend_cache_failure should be NULL when "
+                "starting");
+
+  rend_cache_init();
+
+  tt_assert_msg(rend_cache, "rend_cache should not be NULL after initing");
+  tt_assert_msg(rend_cache_v2_dir, "rend_cache_v2_dir should not be NULL "
+                "after initing");
+  tt_assert_msg(rend_cache_failure, "rend_cache_failure should not be NULL "
+                "after initing");
+
+  tt_int_op(strmap_size(rend_cache), OP_EQ, 0);
+  tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_decrement_allocation(void *data)
+{
+  (void)data;
+
+  // Test when the cache has enough allocations
+  rend_cache_total_allocation = 10;
+  rend_cache_decrement_allocation(3);
+  tt_int_op(rend_cache_total_allocation, OP_EQ, 7);
+
+  // Test when there are not enough allocations
+  rend_cache_total_allocation = 1;
+  rend_cache_decrement_allocation(2);
+  tt_int_op(rend_cache_total_allocation, OP_EQ, 0);
+
+  // And again
+  rend_cache_decrement_allocation(2);
+  tt_int_op(rend_cache_total_allocation, OP_EQ, 0);
+
+ done:
+  (void)0;
+}
+
+static void
+test_rend_cache_increment_allocation(void *data)
+{
+  (void)data;
+
+  // Test when the cache is not overflowing
+  rend_cache_total_allocation = 5;
+  rend_cache_increment_allocation(3);
+  tt_int_op(rend_cache_total_allocation, OP_EQ, 8);
+
+  // Test when there are too many allocations
+  rend_cache_total_allocation = SIZE_MAX-1;
+  rend_cache_increment_allocation(2);
+  tt_u64_op(rend_cache_total_allocation, OP_EQ, SIZE_MAX);
+
+  // And again
+  rend_cache_increment_allocation(2);
+  tt_u64_op(rend_cache_total_allocation, OP_EQ, SIZE_MAX);
+
+ done:
+  (void)0;
+}
+
+static void
+test_rend_cache_failure_intro_entry_new(void *data)
+{
+  time_t now;
+  rend_cache_failure_intro_t *entry;
+  rend_intro_point_failure_t failure;
+
+  (void)data;
+
+  failure = INTRO_POINT_FAILURE_TIMEOUT;
+  now = time(NULL);
+  entry = rend_cache_failure_intro_entry_new(failure);
+
+  tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_TIMEOUT);
+  tt_int_op(entry->created_ts, OP_GE, now-5);
+  tt_int_op(entry->created_ts, OP_LE, now+5);
+
+ done:
+  tor_free(entry);
+}
+
+static void
+test_rend_cache_failure_intro_lookup(void *data)
+{
+  (void)data;
+  int ret;
+  rend_cache_failure_t *failure;
+  rend_cache_failure_intro_t *ip;
+  rend_cache_failure_intro_t *entry;
+  const char key_ip_one[DIGEST_LEN] = "ip1";
+  const char key_ip_two[DIGEST_LEN] = "ip2";
+  const char key_foo[DIGEST_LEN] = "foo1";
+
+  rend_cache_init();
+
+  failure = rend_cache_failure_entry_new();
+  ip = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  digestmap_set(failure->intro_failures, key_ip_one, ip);
+  strmap_set_lc(rend_cache_failure, "foo1", failure);
+
+  // Test not found
+  ret = cache_failure_intro_lookup((const uint8_t *) key_foo, "foo2", NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test found with no intro failures in it
+  ret = cache_failure_intro_lookup((const uint8_t *) key_ip_two, "foo1", NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Test found
+  ret = cache_failure_intro_lookup((const uint8_t *) key_ip_one, "foo1", NULL);
+  tt_int_op(ret, OP_EQ, 1);
+
+  // Test found and asking for entry
+  cache_failure_intro_lookup((const uint8_t *) key_ip_one, "foo1", &entry);
+  tt_assert(entry);
+  tt_assert(entry == ip);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_clean(void *data)
+{
+  rend_cache_entry_t *one, *two;
+  rend_service_descriptor_t *desc_one, *desc_two;
+  strmap_iter_t *iter = NULL;
+  const char *key;
+  void *val;
+
+  (void)data;
+
+  rend_cache_init();
+
+  // Test with empty rendcache
+  rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT);
+  tt_int_op(strmap_size(rend_cache), OP_EQ, 0);
+
+  // Test with two old entries
+  one = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  two = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  desc_two = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  one->parsed = desc_one;
+  two->parsed = desc_two;
+
+  desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST;
+  desc_two->timestamp = (time(NULL) + TIME_IN_THE_PAST) - 10;
+  desc_one->pk = pk_generate(0);
+  desc_two->pk = pk_generate(1);
+
+  strmap_set_lc(rend_cache, "foo1", one);
+  strmap_set_lc(rend_cache, "foo2", two);
+
+  rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT);
+  tt_int_op(strmap_size(rend_cache), OP_EQ, 0);
+
+  // Test with one old entry and one newer entry
+  one = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  two = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  desc_two = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  one->parsed = desc_one;
+  two->parsed = desc_two;
+
+  desc_one->timestamp = (time(NULL) + TIME_IN_THE_PAST) - 10;
+  desc_two->timestamp = time(NULL) - 100;
+  desc_one->pk = pk_generate(0);
+  desc_two->pk = pk_generate(1);
+
+  strmap_set_lc(rend_cache, "foo1", one);
+  strmap_set_lc(rend_cache, "foo2", two);
+
+  rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT);
+  tt_int_op(strmap_size(rend_cache), OP_EQ, 1);
+
+  iter = strmap_iter_init(rend_cache);
+  strmap_iter_get(iter, &key, &val);
+  tt_str_op(key, OP_EQ, "foo2");
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_failure_entry_new(void *data)
+{
+  rend_cache_failure_t *failure;
+
+  (void)data;
+
+  failure = rend_cache_failure_entry_new();
+  tt_assert(failure);
+  tt_int_op(digestmap_size(failure->intro_failures), OP_EQ, 0);
+
+ done:
+  rend_cache_failure_entry_free(failure);
+}
+
+static void
+test_rend_cache_failure_entry_free(void *data)
+{
+  (void)data;
+
+  // Test that it can deal with a NULL argument
+  rend_cache_failure_entry_free(NULL);
+
+ /* done: */
+ /*  (void)0; */
+}
+
+static void
+test_rend_cache_failure_clean(void *data)
+{
+  rend_cache_failure_t *failure;
+  rend_cache_failure_intro_t *ip_one, *ip_two;
+
+  const char key_one[DIGEST_LEN] = "ip1";
+  const char key_two[DIGEST_LEN] = "ip2";
+
+  (void)data;
+
+  rend_cache_init();
+
+  // Test with empty failure cache
+  rend_cache_failure_clean(time(NULL));
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
+
+  // Test with one empty failure entry
+  failure = rend_cache_failure_entry_new();
+  strmap_set_lc(rend_cache_failure, "foo1", failure);
+  rend_cache_failure_clean(time(NULL));
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
+
+  // Test with one new intro point
+  failure = rend_cache_failure_entry_new();
+  ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  digestmap_set(failure->intro_failures, key_one, ip_one);
+  strmap_set_lc(rend_cache_failure, "foo1", failure);
+  rend_cache_failure_clean(time(NULL));
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 1);
+
+  // Test with one old intro point
+  rend_cache_failure_purge();
+  failure = rend_cache_failure_entry_new();
+  ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  ip_one->created_ts = time(NULL) - 7*60;
+  digestmap_set(failure->intro_failures, key_one, ip_one);
+  strmap_set_lc(rend_cache_failure, "foo1", failure);
+  rend_cache_failure_clean(time(NULL));
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
+
+  // Test with one old intro point and one new one
+  rend_cache_failure_purge();
+  failure = rend_cache_failure_entry_new();
+  ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  ip_one->created_ts = time(NULL) - 7*60;
+  digestmap_set(failure->intro_failures, key_one, ip_one);
+  ip_two = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  ip_two->created_ts = time(NULL) - 2*60;
+  digestmap_set(failure->intro_failures, key_two, ip_two);
+  strmap_set_lc(rend_cache_failure, "foo1", failure);
+  rend_cache_failure_clean(time(NULL));
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 1);
+  tt_int_op(digestmap_size(failure->intro_failures), OP_EQ, 1);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_failure_remove(void *data)
+{
+  rend_service_descriptor_t *desc;
+  (void)data;
+
+  rend_cache_init();
+
+  // Test that it deals well with a NULL desc
+  rend_cache_failure_remove(NULL);
+
+  // Test a descriptor that isn't in the cache
+  desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  desc->pk = pk_generate(0);
+  rend_cache_failure_remove(desc);
+
+  // There seems to not exist any way of getting rend_cache_failure_remove()
+  // to fail because of a problem with rend_get_service_id from here
+  rend_cache_free_all();
+
+  rend_service_descriptor_free(desc);
+ /* done: */
+ /*  (void)0; */
+}
+
+static void
+test_rend_cache_free_all(void *data)
+{
+  rend_cache_failure_t *failure;
+  rend_cache_entry_t *one;
+  rend_service_descriptor_t *desc_one;
+
+  (void)data;
+
+  rend_cache_init();
+
+  failure = rend_cache_failure_entry_new();
+  strmap_set_lc(rend_cache_failure, "foo1", failure);
+
+  one = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  one->parsed = desc_one;
+  desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST;
+  desc_one->pk = pk_generate(0);
+  strmap_set_lc(rend_cache, "foo1", one);
+
+  rend_cache_free_all();
+
+  tt_assert(!rend_cache);
+  tt_assert(!rend_cache_v2_dir);
+  tt_assert(!rend_cache_failure);
+  tt_assert(!rend_cache_total_allocation);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_entry_free(void *data)
+{
+  (void)data;
+  rend_cache_entry_t *e;
+
+  // Handles NULL correctly
+  rend_cache_entry_free(NULL);
+
+  // Handles NULL descriptor correctly
+  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  rend_cache_entry_free(e);
+
+  // Handles non-NULL descriptor correctly
+  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  e->desc = (char *)malloc(10);
+  rend_cache_entry_free(e);
+
+ /* done: */
+ /*  (void)0; */
+}
+
+static void
+test_rend_cache_purge(void *data)
+{
+  (void)data;
+
+  // Deals with a NULL rend_cache
+  rend_cache_purge();
+  tt_assert(rend_cache);
+  tt_assert(strmap_size(rend_cache) == 0);
+
+  // Deals with existing rend_cache
+  rend_cache_free_all();
+  rend_cache_init();
+  tt_assert(rend_cache);
+  tt_assert(strmap_size(rend_cache) == 0);
+
+  rend_cache_purge();
+  tt_assert(rend_cache);
+  tt_assert(strmap_size(rend_cache) == 0);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_failure_intro_add(void *data)
+{
+  (void)data;
+  rend_cache_failure_t *fail_entry;
+  rend_cache_failure_intro_t *entry;
+  const char identity[DIGEST_LEN] = "foo1";
+
+  rend_cache_init();
+
+  // Adds non-existing entry
+  cache_failure_intro_add((const uint8_t *) identity, "foo2",
+                          INTRO_POINT_FAILURE_TIMEOUT);
+  fail_entry = strmap_get_lc(rend_cache_failure, "foo2");
+  tt_assert(fail_entry);
+  tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1);
+  entry = digestmap_get(fail_entry->intro_failures, identity);
+  tt_assert(entry);
+
+  // Adds existing entry
+  cache_failure_intro_add((const uint8_t *) identity, "foo2",
+                          INTRO_POINT_FAILURE_TIMEOUT);
+  fail_entry = strmap_get_lc(rend_cache_failure, "foo2");
+  tt_assert(fail_entry);
+  tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1);
+  entry = digestmap_get(fail_entry->intro_failures, identity);
+  tt_assert(entry);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_intro_failure_note(void *data)
+{
+  (void)data;
+  rend_cache_failure_t *fail_entry;
+  rend_cache_failure_intro_t *entry;
+  const char key[DIGEST_LEN] = "foo1";
+
+  rend_cache_init();
+
+  // Test not found
+  rend_cache_intro_failure_note(INTRO_POINT_FAILURE_TIMEOUT,
+                                (const uint8_t *) key, "foo2");
+  fail_entry = strmap_get_lc(rend_cache_failure, "foo2");
+  tt_assert(fail_entry);
+  tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1);
+  entry = digestmap_get(fail_entry->intro_failures, key);
+  tt_assert(entry);
+  tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_TIMEOUT);
+
+  // Test found
+  rend_cache_intro_failure_note(INTRO_POINT_FAILURE_UNREACHABLE,
+                                (const uint8_t *) key, "foo2");
+  tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_UNREACHABLE);
+
+ done:
+  rend_cache_free_all();
+}
+
+#define NS_SUBMODULE clean_v2_descs_as_dir
+
+static void
+test_rend_cache_clean_v2_descs_as_dir(void *data)
+{
+  rend_cache_entry_t *e;
+  time_t now;
+  rend_service_descriptor_t *desc;
+  now = time(NULL);
+  const char key[DIGEST_LEN] = "abcde";
+
+  (void)data;
+
+  rend_cache_init();
+
+  // Test running with an empty cache
+  rend_cache_clean_v2_descs_as_dir(now, 0);
+  tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
+
+  // Test with only one new entry
+  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  e->last_served = now;
+  desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  desc->timestamp = now;
+  desc->pk = pk_generate(0);
+  e->parsed = desc;
+  digestmap_set(rend_cache_v2_dir, key, e);
+
+  rend_cache_clean_v2_descs_as_dir(now, 0);
+  tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 1);
+
+  // Test with one old entry
+  desc->timestamp = now - (REND_CACHE_MAX_AGE + REND_CACHE_MAX_SKEW + 1000);
+  rend_cache_clean_v2_descs_as_dir(now, 0);
+  tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
+
+  // Test with one entry that has an old last served
+  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  e->last_served = now - (REND_CACHE_MAX_AGE + REND_CACHE_MAX_SKEW + 1000);
+  desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  desc->timestamp = now;
+  desc->pk = pk_generate(0);
+  e->parsed = desc;
+  digestmap_set(rend_cache_v2_dir, key, e);
+
+  rend_cache_clean_v2_descs_as_dir(now, 0);
+  tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0);
+
+  // Test a run through asking for a large force_remove
+  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  e->last_served = now;
+  desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
+  desc->timestamp = now;
+  desc->pk = pk_generate(0);
+  e->parsed = desc;
+  digestmap_set(rend_cache_v2_dir, key, e);
+
+  rend_cache_clean_v2_descs_as_dir(now, 20000);
+  tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 1);
+
+ done:
+  rend_cache_free_all();
+}
+
+#undef NS_SUBMODULE
+
+static void
+test_rend_cache_entry_allocation(void *data)
+{
+  (void)data;
+
+  size_t ret;
+  rend_cache_entry_t *e = NULL;
+
+  // Handles a null argument
+  ret = rend_cache_entry_allocation(NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  // Handles a non-null argument
+  e = tor_malloc_zero(sizeof(rend_cache_entry_t));
+  ret = rend_cache_entry_allocation(e);
+  tt_int_op(ret, OP_GT, sizeof(rend_cache_entry_t));
+
+ done:
+  tor_free(e);
+}
+
+static void
+test_rend_cache_failure_intro_entry_free(void *data)
+{
+  (void)data;
+  rend_cache_failure_intro_t *entry;
+
+  // Handles a null argument
+  rend_cache_failure_intro_entry_free(NULL);
+
+  // Handles a non-null argument
+  entry = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  rend_cache_failure_intro_entry_free(entry);
+}
+
+static void
+test_rend_cache_failure_purge(void *data)
+{
+  (void)data;
+
+  // Handles a null failure cache
+  strmap_free(rend_cache_failure, rend_cache_failure_entry_free_);
+  rend_cache_failure = NULL;
+
+  rend_cache_failure_purge();
+
+  tt_ptr_op(rend_cache_failure, OP_NE, NULL);
+  tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0);
+
+ done:
+  rend_cache_free_all();
+}
+
+static void
+test_rend_cache_validate_intro_point_failure(void *data)
+{
+  (void)data;
+  rend_service_descriptor_t *desc = NULL;
+  char *service_id = NULL;
+  rend_intro_point_t *intro = NULL;
+  const char *identity = NULL;
+  rend_cache_failure_t *failure;
+  rend_cache_failure_intro_t *ip;
+
+  rend_cache_init();
+
+  create_descriptor(&desc, &service_id, 3);
+  desc->timestamp = time(NULL) + RECENT_TIME;
+
+  intro = (rend_intro_point_t *)smartlist_get(desc->intro_nodes, 0);
+  identity = intro->extend_info->identity_digest;
+
+  failure = rend_cache_failure_entry_new();
+  ip = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT);
+  digestmap_set(failure->intro_failures, identity, ip);
+  strmap_set_lc(rend_cache_failure, service_id, failure);
+
+  // Test when we have an intro point in our cache
+  validate_intro_point_failure(desc, service_id);
+  tt_int_op(smartlist_len(desc->intro_nodes), OP_EQ, 2);
+
+ done:
+  rend_cache_free_all();
+  rend_service_descriptor_free(desc);
+  tor_free(service_id);
+}
+
+struct testcase_t rend_cache_tests[] = {
+  { "init", test_rend_cache_init, 0, NULL, NULL },
+  { "decrement_allocation", test_rend_cache_decrement_allocation, 0,
+    NULL, NULL },
+  { "increment_allocation", test_rend_cache_increment_allocation, 0,
+    NULL, NULL },
+  { "clean", test_rend_cache_clean, TT_FORK, NULL, NULL },
+  { "clean_v2_descs_as_dir", test_rend_cache_clean_v2_descs_as_dir, 0,
+    NULL, NULL },
+  { "entry_allocation", test_rend_cache_entry_allocation, 0, NULL, NULL },
+  { "entry_free", test_rend_cache_entry_free, 0, NULL, NULL },
+  { "failure_intro_entry_free", test_rend_cache_failure_intro_entry_free, 0,
+    NULL, NULL },
+  { "free_all", test_rend_cache_free_all, 0, NULL, NULL },
+  { "purge", test_rend_cache_purge, 0, NULL, NULL },
+  { "failure_clean", test_rend_cache_failure_clean, 0, NULL, NULL },
+  { "failure_entry_new", test_rend_cache_failure_entry_new, 0, NULL, NULL },
+  { "failure_entry_free", test_rend_cache_failure_entry_free, 0, NULL, NULL },
+  { "failure_intro_add", test_rend_cache_failure_intro_add, 0, NULL, NULL },
+  { "failure_intro_entry_new", test_rend_cache_failure_intro_entry_new, 0,
+    NULL, NULL },
+  { "failure_intro_lookup", test_rend_cache_failure_intro_lookup, 0,
+    NULL, NULL },
+  { "failure_purge", test_rend_cache_failure_purge, 0, NULL, NULL },
+  { "failure_remove", test_rend_cache_failure_remove, 0, NULL, NULL },
+  { "intro_failure_note", test_rend_cache_intro_failure_note, 0, NULL, NULL },
+  { "lookup", test_rend_cache_lookup_entry, 0, NULL, NULL },
+  { "lookup_v2_desc_as_dir", test_rend_cache_lookup_v2_desc_as_dir, 0,
+    NULL, NULL },
+  { "store_v2_desc_as_client", test_rend_cache_store_v2_desc_as_client, 0,
+    NULL, NULL },
+  { "store_v2_desc_as_client_with_different_time",
+    test_rend_cache_store_v2_desc_as_client_with_different_time, 0,
+    NULL, NULL },
+  { "store_v2_desc_as_dir", test_rend_cache_store_v2_desc_as_dir, 0,
+    NULL, NULL },
+  { "store_v2_desc_as_dir_with_different_time",
+    test_rend_cache_store_v2_desc_as_dir_with_different_time, 0, NULL, NULL },
+  { "store_v2_desc_as_dir_with_different_content",
+    test_rend_cache_store_v2_desc_as_dir_with_different_content, 0,
+    NULL, NULL },
+  { "validate_intro_point_failure",
+    test_rend_cache_validate_intro_point_failure, 0, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_replay.c b/src/test/test_replay.c
index b48f582f5e..e882bc6164 100644
--- a/src/test/test_replay.c
+++ b/src/test/test_replay.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2013, The Tor Project, Inc. */
+/* Copyright (c) 2012-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define REPLAYCACHE_PRIVATE
@@ -17,13 +17,28 @@ static const char *test_buffer =
   " occaecat cupidatat non proident, sunt in culpa qui officia deserunt"
   " mollit anim id est laborum.";
 
+static const char *test_buffer_2 =
+  "At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis"
+  " praesentium voluptatum deleniti atque corrupti quos dolores et quas"
+  " molestias excepturi sint occaecati cupiditate non provident, similique"
+  " sunt in culpa qui officia deserunt mollitia animi, id est laborum et"
+  " dolorum fuga. Et harum quidem rerum facilis est et expedita distinctio."
+  " Nam libero tempore, cum soluta nobis est eligendi optio cumque nihil"
+  " impedit quo minus id quod maxime placeat facere possimus, omnis voluptas"
+  " assumenda est, omnis dolor repellendus. Temporibus autem quibusdam et aut"
+  " officiis debitis aut rerum necessitatibus saepe eveniet ut et voluptates"
+  " repudiandae sint et molestiae non recusandae. Itaque earum rerum hic"
+  " tenetur a sapiente delectus, ut aut reiciendis voluptatibus maiores alias"
+  " consequatur aut perferendis doloribus asperiores repellat.";
+
 static void
-test_replaycache_alloc(void)
+test_replaycache_alloc(void *arg)
 {
   replaycache_t *r = NULL;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
  done:
   if (r) replaycache_free(r);
@@ -32,21 +47,22 @@ test_replaycache_alloc(void)
 }
 
 static void
-test_replaycache_badalloc(void)
+test_replaycache_badalloc(void *arg)
 {
   replaycache_t *r = NULL;
 
   /* Negative horizon should fail */
+  (void)arg;
   r = replaycache_new(-600, 300);
-  test_assert(r == NULL);
+  tt_assert(r == NULL);
   /* Negative interval should get adjusted to zero */
   r = replaycache_new(600, -300);
-  test_assert(r != NULL);
-  test_eq(r->scrub_interval, 0);
+  tt_assert(r != NULL);
+  tt_int_op(r->scrub_interval,OP_EQ, 0);
   replaycache_free(r);
   /* Negative horizon and negative interval should still fail */
   r = replaycache_new(-600, -300);
-  test_assert(r == NULL);
+  tt_assert(r == NULL);
 
  done:
   if (r) replaycache_free(r);
@@ -55,35 +71,43 @@ test_replaycache_badalloc(void)
 }
 
 static void
-test_replaycache_free_null(void)
+test_replaycache_free_null(void *arg)
 {
+  (void)arg;
   replaycache_free(NULL);
   /* Assert that we're here without horrible death */
-  test_assert(1);
+  tt_assert(1);
 
  done:
   return;
 }
 
 static void
-test_replaycache_miss(void)
+test_replaycache_miss(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   result =
     replaycache_add_and_test_internal(1200, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
+
+  /* make sure a different buffer misses as well */
+  result =
+  replaycache_add_and_test_internal(1200, NULL, test_buffer_2,
+                                    strlen(test_buffer_2), NULL);
+  tt_int_op(result,OP_EQ, 0);
 
   /* poke the bad-parameter error case too */
   result =
     replaycache_add_and_test_internal(1200, NULL, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
  done:
   if (r) replaycache_free(r);
@@ -92,23 +116,36 @@ test_replaycache_miss(void)
 }
 
 static void
-test_replaycache_hit(void)
+test_replaycache_hit(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   result =
     replaycache_add_and_test_internal(1200, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
   result =
     replaycache_add_and_test_internal(1300, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
+
+  /* make sure a different buffer misses then hits as well */
+
+  result =
+  replaycache_add_and_test_internal(1200, r, test_buffer_2,
+                                    strlen(test_buffer_2), NULL);
+  tt_int_op(result,OP_EQ, 0);
+
+  result =
+  replaycache_add_and_test_internal(1300, r, test_buffer_2,
+                                    strlen(test_buffer_2), NULL);
+  tt_int_op(result,OP_EQ, 1);
 
  done:
   if (r) replaycache_free(r);
@@ -117,28 +154,29 @@ test_replaycache_hit(void)
 }
 
 static void
-test_replaycache_age(void)
+test_replaycache_age(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   result =
     replaycache_add_and_test_internal(1200, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
   result =
     replaycache_add_and_test_internal(1300, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
 
   result =
     replaycache_add_and_test_internal(3000, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
  done:
   if (r) replaycache_free(r);
@@ -147,25 +185,26 @@ test_replaycache_age(void)
 }
 
 static void
-test_replaycache_elapsed(void)
+test_replaycache_elapsed(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
   time_t elapsed;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   result =
     replaycache_add_and_test_internal(1200, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
   result =
     replaycache_add_and_test_internal(1300, r, test_buffer,
         strlen(test_buffer), &elapsed);
-  test_eq(result, 1);
-  test_eq(elapsed, 100);
+  tt_int_op(result,OP_EQ, 1);
+  tt_int_op(elapsed,OP_EQ, 100);
 
  done:
   if (r) replaycache_free(r);
@@ -174,28 +213,29 @@ test_replaycache_elapsed(void)
 }
 
 static void
-test_replaycache_noexpire(void)
+test_replaycache_noexpire(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
 
+  (void)arg;
   r = replaycache_new(0, 0);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   result =
     replaycache_add_and_test_internal(1200, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
   result =
     replaycache_add_and_test_internal(1300, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
 
   result =
     replaycache_add_and_test_internal(3000, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
 
  done:
   if (r) replaycache_free(r);
@@ -204,24 +244,25 @@ test_replaycache_noexpire(void)
 }
 
 static void
-test_replaycache_scrub(void)
+test_replaycache_scrub(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   /* Set up like in test_replaycache_hit() */
   result =
     replaycache_add_and_test_internal(100, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
   result =
     replaycache_add_and_test_internal(200, r, test_buffer,
         strlen(test_buffer), NULL);
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
 
   /*
    * Poke a few replaycache_scrub_if_needed_internal() error cases that
@@ -231,12 +272,12 @@ test_replaycache_scrub(void)
   /* Null cache */
   replaycache_scrub_if_needed_internal(300, NULL);
   /* Assert we're still here */
-  test_assert(1);
+  tt_assert(1);
 
   /* Make sure we hit the aging-out case too */
   replaycache_scrub_if_needed_internal(1500, r);
   /* Assert that we aged it */
-  test_eq(digestmap_size(r->digests_seen), 0);
+  tt_int_op(digest256map_size(r->digests_seen),OP_EQ, 0);
 
  done:
   if (r) replaycache_free(r);
@@ -245,29 +286,30 @@ test_replaycache_scrub(void)
 }
 
 static void
-test_replaycache_future(void)
+test_replaycache_future(void *arg)
 {
   replaycache_t *r = NULL;
   int result;
   time_t elapsed = 0;
 
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   /* Set up like in test_replaycache_hit() */
   result =
     replaycache_add_and_test_internal(100, r, test_buffer,
         strlen(test_buffer), &elapsed);
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
   /* elapsed should still be 0, since it wasn't written */
-  test_eq(elapsed, 0);
+  tt_int_op(elapsed,OP_EQ, 0);
 
   result =
     replaycache_add_and_test_internal(200, r, test_buffer,
         strlen(test_buffer), &elapsed);
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
   /* elapsed should be the time since the last hit */
-  test_eq(elapsed, 100);
+  tt_int_op(elapsed,OP_EQ, 100);
 
   /*
    * Now let's turn the clock back to get coverage on the cache entry from the
@@ -277,9 +319,9 @@ test_replaycache_future(void)
     replaycache_add_and_test_internal(150, r, test_buffer,
         strlen(test_buffer), &elapsed);
   /* We should still get a hit */
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
   /* ...but it shouldn't let us see a negative elapsed time */
-  test_eq(elapsed, 0);
+  tt_int_op(elapsed,OP_EQ, 0);
 
  done:
   if (r) replaycache_free(r);
@@ -288,7 +330,7 @@ test_replaycache_future(void)
 }
 
 static void
-test_replaycache_realtime(void)
+test_replaycache_realtime(void *arg)
 {
   replaycache_t *r = NULL;
   /*
@@ -299,26 +341,27 @@ test_replaycache_realtime(void)
   int result;
 
   /* Test the realtime as well as *_internal() entry points */
+  (void)arg;
   r = replaycache_new(600, 300);
-  test_assert(r != NULL);
+  tt_assert(r != NULL);
 
   /* This should miss */
   result =
     replaycache_add_and_test(r, test_buffer, strlen(test_buffer));
-  test_eq(result, 0);
+  tt_int_op(result,OP_EQ, 0);
 
   /* This should hit */
   result =
     replaycache_add_and_test(r, test_buffer, strlen(test_buffer));
-  test_eq(result, 1);
+  tt_int_op(result,OP_EQ, 1);
 
   /* This should hit and return a small elapsed time */
   result =
     replaycache_add_test_and_elapsed(r, test_buffer,
                                      strlen(test_buffer), &elapsed);
-  test_eq(result, 1);
-  test_assert(elapsed >= 0);
-  test_assert(elapsed <= 5);
+  tt_int_op(result,OP_EQ, 1);
+  tt_assert(elapsed >= 0);
+  tt_assert(elapsed <= 5);
 
   /* Scrub it to exercise that entry point too */
   replaycache_scrub_if_needed(r);
@@ -329,7 +372,7 @@ test_replaycache_realtime(void)
 }
 
 #define REPLAYCACHE_LEGACY(name) \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_replaycache_ ## name }
+  { #name, test_replaycache_ ## name , 0, NULL, NULL }
 
 struct testcase_t replaycache_tests[] = {
   REPLAYCACHE_LEGACY(alloc),
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c
index 182e0f6f87..24b0da1c46 100644
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -8,11 +8,17 @@
 #include "or.h"
 #include "config.h"
 #include "router.h"
+#include "routerkeys.h"
 #include "util.h"
 #include "crypto.h"
-
+#include "torcert.h"
 #include "test.h"
 
+#ifdef _WIN32
+/* For mkdir() */
+#include <direct.h>
+#endif
+
 static void
 test_routerkeys_write_fingerprint(void *arg)
 {
@@ -33,38 +39,38 @@ test_routerkeys_write_fingerprint(void *arg)
   set_server_identity_key(key);
   set_client_identity_key(crypto_pk_dup_key(key));
 
-  tt_int_op(0, ==, check_private_dir(ddir, CPD_CREATE, NULL));
-  tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key),==,0);
+  tt_int_op(0, OP_EQ, check_private_dir(ddir, CPD_CREATE, NULL));
+  tt_int_op(crypto_pk_cmp_keys(get_server_identity_key(),key),OP_EQ,0);
 
   /* Write fingerprint file */
-  tt_int_op(0, ==, router_write_fingerprint(0));
+  tt_int_op(0, OP_EQ, router_write_fingerprint(0));
   cp = read_file_to_str(get_fname("write_fingerprint/fingerprint"),
                         0, NULL);
   crypto_pk_get_fingerprint(key, fp, 0);
   tor_asprintf(&cp2, "haflinger %s\n", fp);
-  tt_str_op(cp, ==, cp2);
+  tt_str_op(cp, OP_EQ, cp2);
   tor_free(cp);
   tor_free(cp2);
 
   /* Write hashed-fingerprint file */
-  tt_int_op(0, ==, router_write_fingerprint(1));
+  tt_int_op(0, OP_EQ, router_write_fingerprint(1));
   cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
                         0, NULL);
   crypto_pk_get_hashed_fingerprint(key, fp);
   tor_asprintf(&cp2, "haflinger %s\n", fp);
-  tt_str_op(cp, ==, cp2);
+  tt_str_op(cp, OP_EQ, cp2);
   tor_free(cp);
   tor_free(cp2);
 
   /* Replace outdated file */
   write_str_to_file(get_fname("write_fingerprint/hashed-fingerprint"),
                     "junk goes here", 0);
-  tt_int_op(0, ==, router_write_fingerprint(1));
+  tt_int_op(0, OP_EQ, router_write_fingerprint(1));
   cp = read_file_to_str(get_fname("write_fingerprint/hashed-fingerprint"),
                         0, NULL);
   crypto_pk_get_hashed_fingerprint(key, fp);
   tor_asprintf(&cp2, "haflinger %s\n", fp);
-  tt_str_op(cp, ==, cp2);
+  tt_str_op(cp, OP_EQ, cp2);
   tor_free(cp);
   tor_free(cp2);
 
@@ -75,11 +81,551 @@ test_routerkeys_write_fingerprint(void *arg)
   tor_free(cp2);
 }
 
+static void
+test_routerkeys_ed_certs(void *args)
+{
+  (void)args;
+  ed25519_keypair_t kp1, kp2;
+  tor_cert_t *cert[2] = {NULL, NULL}, *nocert = NULL;
+  tor_cert_t *parsed_cert[2] = {NULL, NULL};
+  time_t now = 1412094534;
+  uint8_t *junk = NULL;
+  char *base64 = NULL;
+
+  tt_int_op(0,==,ed25519_keypair_generate(&kp1, 0));
+  tt_int_op(0,==,ed25519_keypair_generate(&kp2, 0));
+
+  for (int i = 0; i <= 1; ++i) {
+    uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0;
+
+    cert[i] = tor_cert_create(&kp1, 5, &kp2.pubkey, now, 10000, flags);
+    tt_assert(cert[i]);
+
+    tt_assert(cert[i]->sig_bad == 0);
+    tt_assert(cert[i]->sig_ok == 1);
+    tt_assert(cert[i]->cert_expired == 0);
+    tt_assert(cert[i]->cert_valid == 1);
+    tt_int_op(cert[i]->cert_type, ==, 5);
+    tt_mem_op(cert[i]->signed_key.pubkey, ==, &kp2.pubkey.pubkey, 32);
+    tt_mem_op(cert[i]->signing_key.pubkey, ==, &kp1.pubkey.pubkey, 32);
+    tt_int_op(cert[i]->signing_key_included, ==, i);
+
+    tt_assert(cert[i]->encoded);
+    tt_int_op(cert[i]->encoded_len, ==, 104 + 36 * i);
+    tt_int_op(cert[i]->encoded[0], ==, 1);
+    tt_int_op(cert[i]->encoded[1], ==, 5);
+
+    parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len);
+    tt_assert(parsed_cert[i]);
+    tt_int_op(cert[i]->encoded_len, ==, parsed_cert[i]->encoded_len);
+    tt_mem_op(cert[i]->encoded, ==, parsed_cert[i]->encoded,
+              cert[i]->encoded_len);
+    tt_assert(parsed_cert[i]->sig_bad == 0);
+    tt_assert(parsed_cert[i]->sig_ok == 0);
+    tt_assert(parsed_cert[i]->cert_expired == 0);
+    tt_assert(parsed_cert[i]->cert_valid == 0);
+
+    /* Expired */
+    tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000),
+              <, 0);
+    tt_assert(parsed_cert[i]->cert_expired == 1);
+    parsed_cert[i]->cert_expired = 0;
+
+    /* Wrong key */
+    tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), <, 0);
+    tt_assert(parsed_cert[i]->sig_bad== 1);
+    parsed_cert[i]->sig_bad = 0;
+
+    /* Missing key */
+    int ok = tor_cert_checksig(parsed_cert[i], NULL, now);
+    tt_int_op(ok < 0, ==, i == 0);
+    tt_assert(parsed_cert[i]->sig_bad == 0);
+    tt_assert(parsed_cert[i]->sig_ok == (i != 0));
+    tt_assert(parsed_cert[i]->cert_valid == (i != 0));
+    parsed_cert[i]->sig_bad = 0;
+    parsed_cert[i]->sig_ok = 0;
+    parsed_cert[i]->cert_valid = 0;
+
+    /* Right key */
+    tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), ==, 0);
+    tt_assert(parsed_cert[i]->sig_bad == 0);
+    tt_assert(parsed_cert[i]->sig_ok == 1);
+    tt_assert(parsed_cert[i]->cert_expired == 0);
+    tt_assert(parsed_cert[i]->cert_valid == 1);
+  }
+
+  /* Now try some junky certs. */
+  /* - Truncated */
+  nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1);
+  tt_ptr_op(NULL, ==, nocert);
+
+  /* - First byte modified */
+  cert[0]->encoded[0] = 99;
+  nocert = tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len);
+  tt_ptr_op(NULL, ==, nocert);
+  cert[0]->encoded[0] = 1;
+
+  /* - Extra byte at the end*/
+  junk = tor_malloc_zero(cert[0]->encoded_len + 1);
+  memcpy(junk, cert[0]->encoded, cert[0]->encoded_len);
+  nocert = tor_cert_parse(junk, cert[0]->encoded_len+1);
+  tt_ptr_op(NULL, ==, nocert);
+
+  /* - Multiple signing key instances */
+  tor_free(junk);
+  junk = tor_malloc_zero(104 + 36 * 2);
+  junk[0] = 1; /* version */
+  junk[1] = 5; /* cert type */
+  junk[6] = 1; /* key type */
+  junk[39] = 2; /* n_extensions */
+  junk[41] = 32; /* extlen */
+  junk[42] = 4; /* exttype */
+  junk[77] = 32; /* extlen */
+  junk[78] = 4; /* exttype */
+  nocert = tor_cert_parse(junk, 104 + 36 * 2);
+  tt_ptr_op(NULL, ==, nocert);
+
+ done:
+  tor_cert_free(cert[0]);
+  tor_cert_free(cert[1]);
+  tor_cert_free(parsed_cert[0]);
+  tor_cert_free(parsed_cert[1]);
+  tor_cert_free(nocert);
+  tor_free(junk);
+  tor_free(base64);
+}
+
+static void
+test_routerkeys_ed_key_create(void *arg)
+{
+  (void)arg;
+  tor_cert_t *cert = NULL;
+  ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
+  time_t now = time(NULL);
+
+  /* This is a simple alias for 'make a new keypair' */
+  kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert);
+  tt_assert(kp1);
+
+  /* Create a new certificate signed by kp1. */
+  kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert);
+  tt_assert(kp2);
+  tt_assert(cert);
+  tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, sizeof(ed25519_public_key_t));
+  tt_assert(! cert->signing_key_included);
+
+  tt_int_op(cert->valid_until, >=, now);
+  tt_int_op(cert->valid_until, <=, now+7200);
+
+  /* Create a new key-including certificate signed by kp1 */
+  ed25519_keypair_free(kp2);
+  tor_cert_free(cert);
+  cert = NULL; kp2 = NULL;
+  kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT|
+                         INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT),
+                   now, 3600, 4, &cert);
+  tt_assert(kp2);
+  tt_assert(cert);
+  tt_assert(cert->signing_key_included);
+  tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, sizeof(ed25519_public_key_t));
+  tt_mem_op(&cert->signing_key, ==, &kp1->pubkey,sizeof(ed25519_public_key_t));
+
+ done:
+  ed25519_keypair_free(kp1);
+  ed25519_keypair_free(kp2);
+  tor_cert_free(cert);
+}
+
+static void
+test_routerkeys_ed_key_init_basic(void *arg)
+{
+  (void) arg;
+
+  tor_cert_t *cert = NULL, *cert2 = NULL;
+  ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL;
+  time_t now = time(NULL);
+  char *fname1 = tor_strdup(get_fname("test_ed_key_1"));
+  char *fname2 = tor_strdup(get_fname("test_ed_key_2"));
+  struct stat st;
+
+  unlink(fname1);
+  unlink(fname2);
+
+  /* Fail to load a key that isn't there. */
+  kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert);
+  tt_assert(kp1 == NULL);
+  tt_assert(cert == NULL);
+
+  /* Create the key if requested to do so. */
+  kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
+                              NULL, now, 0, 7, &cert);
+  tt_assert(kp1 != NULL);
+  tt_assert(cert == NULL);
+  tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), <, 0);
+  tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), ==, 0);
+
+  /* Fail to load if we say we need a cert */
+  kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
+                              NULL, now, 0, 7, &cert);
+  tt_assert(kp2 == NULL);
+
+  /* Fail to load if we say the wrong key type */
+  kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
+                              NULL, now, 0, 6, &cert);
+  tt_assert(kp2 == NULL);
+
+  /* Load successfully if we're not picky, whether we say "create" or not. */
+  kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
+                              NULL, now, 0, 7, &cert);
+  tt_assert(kp2 != NULL);
+  tt_assert(cert == NULL);
+  tt_mem_op(kp1, ==, kp2, sizeof(*kp1));
+  ed25519_keypair_free(kp2); kp2 = NULL;
+
+  kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
+                              NULL, now, 0, 7, &cert);
+  tt_assert(kp2 != NULL);
+  tt_assert(cert == NULL);
+  tt_mem_op(kp1, ==, kp2, sizeof(*kp1));
+  ed25519_keypair_free(kp2); kp2 = NULL;
+
+  /* Now create a key with a cert. */
+  kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
+                                       INIT_ED_KEY_NEEDCERT),
+                              LOG_INFO, kp1, now, 7200, 7, &cert);
+  tt_assert(kp2 != NULL);
+  tt_assert(cert != NULL);
+  tt_mem_op(kp1, !=, kp2, sizeof(*kp1));
+  tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), ==, 0);
+  tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), ==, 0);
+
+  tt_assert(cert->cert_valid == 1);
+  tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, 32);
+
+  /* Now verify we can load the cert... */
+  kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
+                                       INIT_ED_KEY_NEEDCERT),
+                              LOG_INFO, kp1, now, 7200, 7, &cert2);
+  tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
+  tt_mem_op(cert2->encoded, ==, cert->encoded, cert->encoded_len);
+  ed25519_keypair_free(kp3); kp3 = NULL;
+  tor_cert_free(cert2); cert2 = NULL;
+
+  /* ... even without create... */
+  kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
+                              LOG_INFO, kp1, now, 7200, 7, &cert2);
+  tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
+  tt_mem_op(cert2->encoded, ==, cert->encoded, cert->encoded_len);
+  ed25519_keypair_free(kp3); kp3 = NULL;
+  tor_cert_free(cert2); cert2 = NULL;
+
+  /* ... but that we don't crash or anything if we say we don't want it. */
+  kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
+                              LOG_INFO, kp1, now, 7200, 7, NULL);
+  tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
+  ed25519_keypair_free(kp3); kp3 = NULL;
+
+  /* Fail if we're told the wrong signing key */
+  kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
+                              LOG_INFO, kp2, now, 7200, 7, &cert2);
+  tt_assert(kp3 == NULL);
+  tt_assert(cert2 == NULL);
+
+ done:
+  ed25519_keypair_free(kp1);
+  ed25519_keypair_free(kp2);
+  ed25519_keypair_free(kp3);
+  tor_cert_free(cert);
+  tor_cert_free(cert2);
+  tor_free(fname1);
+  tor_free(fname2);
+}
+
+static void
+test_routerkeys_ed_key_init_split(void *arg)
+{
+  (void) arg;
+
+  tor_cert_t *cert = NULL;
+  ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
+  time_t now = time(NULL);
+  char *fname1 = tor_strdup(get_fname("test_ed_key_3"));
+  char *fname2 = tor_strdup(get_fname("test_ed_key_4"));
+  struct stat st;
+  const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK;
+
+  unlink(fname1);
+  unlink(fname2);
+
+  /* Can't load key that isn't there. */
+  kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert);
+  tt_assert(kp1 == NULL);
+  tt_assert(cert == NULL);
+
+  /* Create a split key */
+  kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
+                              LOG_INFO, NULL, now, 0, 7, &cert);
+  tt_assert(kp1 != NULL);
+  tt_assert(cert == NULL);
+  tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), <, 0);
+  tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), ==, 0);
+  tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), ==, 0);
+
+  /* Load it. */
+  kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
+                              LOG_INFO, NULL, now, 0, 7, &cert);
+  tt_assert(kp2 != NULL);
+  tt_assert(cert == NULL);
+  tt_mem_op(kp1, ==, kp2, sizeof(*kp2));
+  ed25519_keypair_free(kp2); kp2 = NULL;
+
+  /* Okay, try killing the secret key and loading it. */
+  unlink(get_fname("test_ed_key_3_secret_key"));
+  kp2 = ed_key_init_from_file(fname1, flags,
+                              LOG_INFO, NULL, now, 0, 7, &cert);
+  tt_assert(kp2 != NULL);
+  tt_assert(cert == NULL);
+  tt_mem_op(&kp1->pubkey, ==, &kp2->pubkey, sizeof(kp2->pubkey));
+  tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
+                            sizeof(kp2->seckey.seckey)));
+  ed25519_keypair_free(kp2); kp2 = NULL;
+
+  /* Even when we're told to "create", don't create if there's a public key */
+  kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
+                              LOG_INFO, NULL, now, 0, 7, &cert);
+  tt_assert(kp2 != NULL);
+  tt_assert(cert == NULL);
+  tt_mem_op(&kp1->pubkey, ==, &kp2->pubkey, sizeof(kp2->pubkey));
+  tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
+                            sizeof(kp2->seckey.seckey)));
+  ed25519_keypair_free(kp2); kp2 = NULL;
+
+  /* Make sure we fail on a tag mismatch, though */
+  kp2 = ed_key_init_from_file(fname1, flags,
+                              LOG_INFO, NULL, now, 0, 99, &cert);
+  tt_assert(kp2 == NULL);
+
+ done:
+  ed25519_keypair_free(kp1);
+  ed25519_keypair_free(kp2);
+  tor_cert_free(cert);
+  tor_free(fname1);
+  tor_free(fname2);
+}
+
+static void
+test_routerkeys_ed_keys_init_all(void *arg)
+{
+  (void)arg;
+  char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
+  or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
+  time_t now = time(NULL);
+  ed25519_public_key_t id;
+  ed25519_keypair_t sign, auth;
+  tor_cert_t *link_cert = NULL;
+
+  get_options_mutable()->ORPort_set = 1;
+
+  crypto_pk_t *rsa = pk_generate(0);
+
+  set_server_identity_key(rsa);
+  set_client_identity_key(rsa);
+
+  router_initialize_tls_context();
+
+  options->SigningKeyLifetime = 30*86400;
+  options->TestingAuthKeyLifetime = 2*86400;
+  options->TestingLinkCertLifetime = 2*86400;
+  options->TestingSigningKeySlop = 2*86400;
+  options->TestingAuthKeySlop = 2*3600;
+  options->TestingLinkKeySlop = 2*3600;
+
+#ifdef _WIN32
+  mkdir(dir);
+  mkdir(get_fname("test_ed_keys_init_all/keys"));
+#else
+  mkdir(dir, 0700);
+  mkdir(get_fname("test_ed_keys_init_all/keys"), 0700);
+#endif
+
+  options->DataDirectory = dir;
+
+  tt_int_op(0, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_assert(get_master_identity_key());
+  tt_assert(get_master_identity_key());
+  tt_assert(get_master_signing_keypair());
+  tt_assert(get_current_auth_keypair());
+  tt_assert(get_master_signing_key_cert());
+  tt_assert(get_current_link_cert_cert());
+  tt_assert(get_current_auth_key_cert());
+  memcpy(&id, get_master_identity_key(), sizeof(id));
+  memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
+  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
+  link_cert = tor_cert_dup(get_current_link_cert_cert());
+
+  /* Call load_ed_keys again, but nothing has changed. */
+  tt_int_op(0, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
+  tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
+  tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth));
+  tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
+
+  /* Force a reload: we make new link/auth keys. */
+  routerkeys_free_all();
+  tt_int_op(0, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
+  tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
+  tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
+  tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
+  tt_assert(get_master_signing_key_cert());
+  tt_assert(get_current_link_cert_cert());
+  tt_assert(get_current_auth_key_cert());
+  tor_cert_free(link_cert);
+  link_cert = tor_cert_dup(get_current_link_cert_cert());
+  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
+
+  /* Force a link/auth-key regeneration by advancing time. */
+  tt_int_op(0, ==, load_ed_keys(options, now+3*86400));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now+3*86400));
+  tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
+  tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
+  tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
+  tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
+  tt_assert(get_master_signing_key_cert());
+  tt_assert(get_current_link_cert_cert());
+  tt_assert(get_current_auth_key_cert());
+  tor_cert_free(link_cert);
+  link_cert = tor_cert_dup(get_current_link_cert_cert());
+  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
+
+  /* Force a signing-key regeneration by advancing time. */
+  tt_int_op(0, ==, load_ed_keys(options, now+100*86400));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now+100*86400));
+  tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
+  tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign));
+  tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
+  tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
+  tt_assert(get_master_signing_key_cert());
+  tt_assert(get_current_link_cert_cert());
+  tt_assert(get_current_auth_key_cert());
+  memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
+  tor_cert_free(link_cert);
+  link_cert = tor_cert_dup(get_current_link_cert_cert());
+  memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
+
+  /* Demonstrate that we can start up with no secret identity key */
+  routerkeys_free_all();
+  unlink(get_fname("test_ed_keys_init_all/keys/"
+                   "ed25519_master_id_secret_key"));
+  tt_int_op(0, ==, load_ed_keys(options, now));
+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
+  tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
+  tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
+  tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
+  tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
+  tt_assert(get_master_signing_key_cert());
+  tt_assert(get_current_link_cert_cert());
+  tt_assert(get_current_auth_key_cert());
+
+  /* But we're in trouble if we have no id key and our signing key has
+     expired. */
+  log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
+                                       * XXX (better way to do this)? */
+  routerkeys_free_all();
+  tt_int_op(-1, ==, load_ed_keys(options, now+200*86400));
+
+ done:
+  tor_free(dir);
+  tor_free(options);
+  tor_cert_free(link_cert);
+  routerkeys_free_all();
+}
+
+static void
+test_routerkeys_cross_certify_ntor(void *args)
+{
+  (void) args;
+
+  tor_cert_t *cert = NULL;
+  curve25519_keypair_t onion_keys;
+  ed25519_public_key_t master_key;
+  ed25519_public_key_t onion_check_key;
+  time_t now = time(NULL);
+  int sign;
+
+  tt_int_op(0, ==, ed25519_public_from_base64(&master_key,
+                               "IamwritingthesetestsOnARainyAfternoonin2014"));
+  tt_int_op(0, ==, curve25519_keypair_generate(&onion_keys, 0));
+  cert = make_ntor_onion_key_crosscert(&onion_keys,
+                                       &master_key,
+                                       now, 10000,
+                                       &sign);
+  tt_assert(cert);
+  tt_assert(sign == 0 || sign == 1);
+  tt_int_op(cert->cert_type, ==, CERT_TYPE_ONION_ID);
+  tt_int_op(1, ==, ed25519_pubkey_eq(&cert->signed_key, &master_key));
+  tt_int_op(0, ==, ed25519_public_key_from_curve25519_public_key(
+                               &onion_check_key, &onion_keys.pubkey, sign));
+  tt_int_op(0, ==, tor_cert_checksig(cert, &onion_check_key, now));
+
+ done:
+  tor_cert_free(cert);
+}
+
+static void
+test_routerkeys_cross_certify_tap(void *args)
+{
+  (void)args;
+  uint8_t *cc = NULL;
+  int cc_len;
+  ed25519_public_key_t master_key;
+  crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1);
+  char digest[20];
+  char buf[128];
+  int n;
+
+  tt_int_op(0, ==, ed25519_public_from_base64(&master_key,
+                               "IAlreadyWroteTestsForRouterdescsUsingTheseX"));
+
+  cc = make_tap_onion_key_crosscert(onion_key,
+                                    &master_key,
+                                    id_key, &cc_len);
+  tt_assert(cc);
+  tt_assert(cc_len);
+
+  n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf),
+                                (char*)cc, cc_len);
+  tt_int_op(n,>,0);
+  tt_int_op(n,==,52);
+
+  crypto_pk_get_digest(id_key, digest);
+  tt_mem_op(buf,==,digest,20);
+  tt_mem_op(buf+20,==,master_key.pubkey,32);
+
+  tt_int_op(0, ==, check_tap_onion_key_crosscert(cc, cc_len,
+                                    onion_key, &master_key, (uint8_t*)digest));
+
+ done:
+  tor_free(cc);
+  crypto_pk_free(id_key);
+  crypto_pk_free(onion_key);
+}
+
 #define TEST(name, flags)                                       \
   { #name , test_routerkeys_ ## name, (flags), NULL, NULL }
 
 struct testcase_t routerkeys_tests[] = {
   TEST(write_fingerprint, TT_FORK),
+  TEST(ed_certs, TT_FORK),
+  TEST(ed_key_create, TT_FORK),
+  TEST(ed_key_init_basic, TT_FORK),
+  TEST(ed_key_init_split, TT_FORK),
+  TEST(ed_keys_init_all, TT_FORK),
+  TEST(cross_certify_ntor, 0),
+  TEST(cross_certify_tap, 0),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c
new file mode 100644
index 0000000000..2cffa6e801
--- /dev/null
+++ b/src/test/test_routerlist.c
@@ -0,0 +1,511 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#include <math.h>
+#include <time.h>
+
+#define DIRVOTE_PRIVATE
+#define NETWORKSTATUS_PRIVATE
+#define ROUTERLIST_PRIVATE
+#define TOR_UNIT_TESTING
+#include "or.h"
+#include "config.h"
+#include "connection.h"
+#include "container.h"
+#include "directory.h"
+#include "dirvote.h"
+#include "microdesc.h"
+#include "networkstatus.h"
+#include "nodelist.h"
+#include "policies.h"
+#include "routerlist.h"
+#include "routerparse.h"
+#include "test.h"
+#include "test_dir_common.h"
+
+extern const char AUTHORITY_CERT_1[];
+extern const char AUTHORITY_SIGNKEY_1[];
+extern const char AUTHORITY_CERT_2[];
+extern const char AUTHORITY_SIGNKEY_2[];
+extern const char AUTHORITY_CERT_3[];
+extern const char AUTHORITY_SIGNKEY_3[];
+
+void construct_consensus(char **consensus_text_md);
+
+/* 4 digests + 3 sep + pre + post + NULL */
+static char output[4*BASE64_DIGEST256_LEN+3+2+2+1];
+
+static void
+mock_get_from_dirserver(uint8_t dir_purpose, uint8_t router_purpose,
+                        const char *resource, int pds_flags,
+                        download_want_authority_t want_authority)
+{
+  (void)dir_purpose;
+  (void)router_purpose;
+  (void)pds_flags;
+  (void)want_authority;
+  tt_assert(resource);
+  strlcpy(output, resource, sizeof(output));
+ done:
+  ;
+}
+
+static void
+test_routerlist_initiate_descriptor_downloads(void *arg)
+{
+  const char *prose = "unhurried and wise, we perceive.";
+  smartlist_t *digests = smartlist_new();
+  (void)arg;
+
+  for (int i = 0; i < 20; i++) {
+    smartlist_add(digests, (char*)prose);
+  }
+
+  MOCK(directory_get_from_dirserver, mock_get_from_dirserver);
+  initiate_descriptor_downloads(NULL, DIR_PURPOSE_FETCH_MICRODESC,
+                                digests, 3, 7, 0);
+  UNMOCK(directory_get_from_dirserver);
+
+  tt_str_op(output, OP_EQ, "d/"
+            "dW5odXJyaWVkIGFuZCB3aXNlLCB3ZSBwZXJjZWl2ZS4-"
+            "dW5odXJyaWVkIGFuZCB3aXNlLCB3ZSBwZXJjZWl2ZS4-"
+            "dW5odXJyaWVkIGFuZCB3aXNlLCB3ZSBwZXJjZWl2ZS4-"
+            "dW5odXJyaWVkIGFuZCB3aXNlLCB3ZSBwZXJjZWl2ZS4"
+            ".z");
+
+ done:
+  smartlist_free(digests);
+}
+
+static int count = 0;
+
+static void
+mock_initiate_descriptor_downloads(const routerstatus_t *source,
+                                   int purpose, smartlist_t *digests,
+                                   int lo, int hi, int pds_flags)
+{
+  (void)source;
+  (void)purpose;
+  (void)digests;
+  (void)pds_flags;
+  (void)hi;
+  (void)lo;
+  count += 1;
+}
+
+static void
+test_routerlist_launch_descriptor_downloads(void *arg)
+{
+  smartlist_t *downloadable = smartlist_new();
+  time_t now = time(NULL);
+  char *cp;
+  (void)arg;
+
+  for (int i = 0; i < 100; i++) {
+    cp = tor_malloc(DIGEST256_LEN);
+    tt_assert(cp);
+    crypto_rand(cp, DIGEST256_LEN);
+    smartlist_add(downloadable, cp);
+  }
+
+  MOCK(initiate_descriptor_downloads, mock_initiate_descriptor_downloads);
+  launch_descriptor_downloads(DIR_PURPOSE_FETCH_MICRODESC, downloadable,
+                              NULL, now);
+  tt_int_op(3, ==, count);
+  UNMOCK(initiate_descriptor_downloads);
+
+ done:
+  SMARTLIST_FOREACH(downloadable, char *, cp1, tor_free(cp1));
+  smartlist_free(downloadable);
+}
+
+void
+construct_consensus(char **consensus_text_md)
+{
+  networkstatus_t *vote = NULL;
+  networkstatus_t *v1 = NULL, *v2 = NULL, *v3 = NULL;
+  networkstatus_voter_info_t *voter = NULL;
+  authority_cert_t *cert1=NULL, *cert2=NULL, *cert3=NULL;
+  crypto_pk_t *sign_skey_1=NULL, *sign_skey_2=NULL, *sign_skey_3=NULL;
+  crypto_pk_t *sign_skey_leg=NULL;
+  time_t now = time(NULL);
+  smartlist_t *votes = NULL;
+  int n_vrs;
+
+  tt_assert(!dir_common_authority_pk_init(&cert1, &cert2, &cert3,
+                                          &sign_skey_1, &sign_skey_2,
+                                          &sign_skey_3));
+  sign_skey_leg = pk_generate(4);
+
+  dir_common_construct_vote_1(&vote, cert1, sign_skey_1,
+                              &dir_common_gen_routerstatus_for_v3ns,
+                              &v1, &n_vrs, now, 1);
+  networkstatus_vote_free(vote);
+  tt_assert(v1);
+  tt_int_op(n_vrs, ==, 4);
+  tt_int_op(smartlist_len(v1->routerstatus_list), ==, 4);
+
+  dir_common_construct_vote_2(&vote, cert2, sign_skey_2,
+                              &dir_common_gen_routerstatus_for_v3ns,
+                              &v2, &n_vrs, now, 1);
+  networkstatus_vote_free(vote);
+  tt_assert(v2);
+  tt_int_op(n_vrs, ==, 4);
+  tt_int_op(smartlist_len(v2->routerstatus_list), ==, 4);
+
+  dir_common_construct_vote_3(&vote, cert3, sign_skey_3,
+                              &dir_common_gen_routerstatus_for_v3ns,
+                              &v3, &n_vrs, now, 1);
+
+  tt_assert(v3);
+  tt_int_op(n_vrs, ==, 4);
+  tt_int_op(smartlist_len(v3->routerstatus_list), ==, 4);
+  networkstatus_vote_free(vote);
+  votes = smartlist_new();
+  smartlist_add(votes, v1);
+  smartlist_add(votes, v2);
+  smartlist_add(votes, v3);
+
+  *consensus_text_md = networkstatus_compute_consensus(votes, 3,
+                                                   cert1->identity_key,
+                                                   sign_skey_1,
+                                                   "AAAAAAAAAAAAAAAAAAAA",
+                                                   sign_skey_leg,
+                                                   FLAV_MICRODESC);
+
+  tt_assert(*consensus_text_md);
+
+ done:
+  tor_free(voter);
+  networkstatus_vote_free(v1);
+  networkstatus_vote_free(v2);
+  networkstatus_vote_free(v3);
+  smartlist_free(votes);
+  authority_cert_free(cert1);
+  authority_cert_free(cert2);
+  authority_cert_free(cert3);
+  crypto_pk_free(sign_skey_1);
+  crypto_pk_free(sign_skey_2);
+  crypto_pk_free(sign_skey_3);
+  crypto_pk_free(sign_skey_leg);
+}
+
+static int mock_usable_consensus_flavor_value = FLAV_NS;
+
+static int
+mock_usable_consensus_flavor(void)
+{
+  return mock_usable_consensus_flavor_value;
+}
+
+static void
+test_router_pick_directory_server_impl(void *arg)
+{
+  (void)arg;
+
+  networkstatus_t *con_md = NULL;
+  char *consensus_text_md = NULL;
+  int flags = PDS_IGNORE_FASCISTFIREWALL|PDS_RETRY_IF_NO_SERVERS;
+  or_options_t *options = get_options_mutable();
+  const routerstatus_t *rs = NULL;
+  options->UseMicrodescriptors = 1;
+  char *router1_id = NULL, *router2_id = NULL, *router3_id = NULL;
+  node_t *node_router1 = NULL, *node_router2 = NULL, *node_router3 = NULL;
+  config_line_t *policy_line = NULL;
+  time_t now = time(NULL);
+  int tmp_dirport1, tmp_dirport3;
+
+  (void)arg;
+
+  MOCK(usable_consensus_flavor, mock_usable_consensus_flavor);
+
+  /* With no consensus, we must be bootstrapping, regardless of time or flavor
+   */
+  mock_usable_consensus_flavor_value = FLAV_NS;
+  tt_assert(networkstatus_consensus_is_bootstrapping(now));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2000));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2*24*60*60));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now - 2*24*60*60));
+
+  mock_usable_consensus_flavor_value = FLAV_MICRODESC;
+  tt_assert(networkstatus_consensus_is_bootstrapping(now));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2000));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2*24*60*60));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now - 2*24*60*60));
+
+  /* No consensus available, fail early */
+  rs = router_pick_directory_server_impl(V3_DIRINFO, (const int) 0, NULL);
+  tt_assert(rs == NULL);
+
+  construct_consensus(&consensus_text_md);
+  tt_assert(consensus_text_md);
+  con_md = networkstatus_parse_vote_from_string(consensus_text_md, NULL,
+                                                NS_TYPE_CONSENSUS);
+  tt_assert(con_md);
+  tt_int_op(con_md->flavor,==, FLAV_MICRODESC);
+  tt_assert(con_md->routerstatus_list);
+  tt_int_op(smartlist_len(con_md->routerstatus_list), ==, 3);
+  tt_assert(!networkstatus_set_current_consensus_from_ns(con_md,
+                                                 "microdesc"));
+
+  /* If the consensus time or flavor doesn't match, we are still
+   * bootstrapping */
+  mock_usable_consensus_flavor_value = FLAV_NS;
+  tt_assert(networkstatus_consensus_is_bootstrapping(now));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2000));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2*24*60*60));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now - 2*24*60*60));
+
+  /* With a valid consensus for the current time and flavor, we stop
+   * bootstrapping, even if we have no certificates */
+  mock_usable_consensus_flavor_value = FLAV_MICRODESC;
+  tt_assert(!networkstatus_consensus_is_bootstrapping(now + 2000));
+  tt_assert(!networkstatus_consensus_is_bootstrapping(con_md->valid_after));
+  tt_assert(!networkstatus_consensus_is_bootstrapping(con_md->valid_until));
+  tt_assert(!networkstatus_consensus_is_bootstrapping(con_md->valid_until
+                                                      + 24*60*60));
+  /* These times are outside the test validity period */
+  tt_assert(networkstatus_consensus_is_bootstrapping(now));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now + 2*24*60*60));
+  tt_assert(networkstatus_consensus_is_bootstrapping(now - 2*24*60*60));
+
+  nodelist_set_consensus(con_md);
+  nodelist_assert_ok();
+
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  /* We should not fail now we have a consensus and routerstatus_list
+   * and nodelist are populated. */
+  tt_assert(rs != NULL);
+
+  /* Manipulate the nodes so we get the dir server we expect */
+  router1_id = tor_malloc(DIGEST_LEN);
+  memset(router1_id, TEST_DIR_ROUTER_ID_1, DIGEST_LEN);
+  router2_id = tor_malloc(DIGEST_LEN);
+  memset(router2_id, TEST_DIR_ROUTER_ID_2, DIGEST_LEN);
+  router3_id = tor_malloc(DIGEST_LEN);
+  memset(router3_id, TEST_DIR_ROUTER_ID_3, DIGEST_LEN);
+
+  node_router1 = node_get_mutable_by_id(router1_id);
+  node_router2 = node_get_mutable_by_id(router2_id);
+  node_router3 = node_get_mutable_by_id(router3_id);
+
+  node_router1->is_possible_guard = 1;
+
+  node_router1->is_running = 0;
+  node_router3->is_running = 0;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router2_id, DIGEST_LEN));
+  rs = NULL;
+  node_router1->is_running = 1;
+  node_router3->is_running = 1;
+
+  node_router1->rs->is_v2_dir = 0;
+  node_router3->rs->is_v2_dir = 0;
+  tmp_dirport1 = node_router1->rs->dir_port;
+  tmp_dirport3 = node_router3->rs->dir_port;
+  node_router1->rs->dir_port = 0;
+  node_router3->rs->dir_port = 0;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router2_id, DIGEST_LEN));
+  rs = NULL;
+  node_router1->rs->is_v2_dir = 1;
+  node_router3->rs->is_v2_dir = 1;
+  node_router1->rs->dir_port = tmp_dirport1;
+  node_router3->rs->dir_port = tmp_dirport3;
+
+  node_router1->is_valid = 0;
+  node_router3->is_valid = 0;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router2_id, DIGEST_LEN));
+  rs = NULL;
+  node_router1->is_valid = 1;
+  node_router3->is_valid = 1;
+
+  flags |= PDS_FOR_GUARD;
+  node_router1->using_as_guard = 1;
+  node_router2->using_as_guard = 1;
+  node_router3->using_as_guard = 1;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs == NULL);
+  node_router1->using_as_guard = 0;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router1_id, DIGEST_LEN));
+  rs = NULL;
+  node_router2->using_as_guard = 0;
+  node_router3->using_as_guard = 0;
+
+  /* One not valid, one guard. This should leave one remaining */
+  node_router1->is_valid = 0;
+  node_router2->using_as_guard = 1;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router3_id, DIGEST_LEN));
+  rs = NULL;
+  node_router1->is_valid = 1;
+  node_router2->using_as_guard = 0;
+
+  /* Manipulate overloaded */
+
+  node_router2->rs->last_dir_503_at = now;
+  node_router3->rs->last_dir_503_at = now;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router1_id, DIGEST_LEN));
+  node_router2->rs->last_dir_503_at = 0;
+  node_router3->rs->last_dir_503_at = 0;
+
+  /* Set a Fascist firewall */
+  flags &= ~ PDS_IGNORE_FASCISTFIREWALL;
+  policy_line = tor_malloc_zero(sizeof(config_line_t));
+  policy_line->key = tor_strdup("ReachableORAddresses");
+  policy_line->value = tor_strdup("accept *:442, reject *:*");
+  options->ReachableORAddresses = policy_line;
+  policies_parse_from_options(options);
+
+  node_router1->rs->or_port = 444;
+  node_router2->rs->or_port = 443;
+  node_router3->rs->or_port = 442;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router3_id, DIGEST_LEN));
+  node_router1->rs->or_port = 442;
+  node_router2->rs->or_port = 443;
+  node_router3->rs->or_port = 444;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router1_id, DIGEST_LEN));
+
+  /* Fascist firewall and overloaded */
+  node_router1->rs->or_port = 442;
+  node_router2->rs->or_port = 443;
+  node_router3->rs->or_port = 442;
+  node_router3->rs->last_dir_503_at = now;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router1_id, DIGEST_LEN));
+  node_router3->rs->last_dir_503_at = 0;
+
+  /* Fascists against OR and Dir */
+  policy_line = tor_malloc_zero(sizeof(config_line_t));
+  policy_line->key = tor_strdup("ReachableAddresses");
+  policy_line->value = tor_strdup("accept *:80, reject *:*");
+  options->ReachableDirAddresses = policy_line;
+  policies_parse_from_options(options);
+  node_router1->rs->or_port = 442;
+  node_router2->rs->or_port = 441;
+  node_router3->rs->or_port = 443;
+  node_router1->rs->dir_port = 80;
+  node_router2->rs->dir_port = 80;
+  node_router3->rs->dir_port = 81;
+  node_router1->rs->last_dir_503_at = now;
+  rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
+  tt_assert(rs != NULL);
+  tt_assert(tor_memeq(rs->identity_digest, router1_id, DIGEST_LEN));
+  node_router1->rs->last_dir_503_at = 0;
+
+ done:
+  UNMOCK(usable_consensus_flavor);
+  if (router1_id)
+    tor_free(router1_id);
+  if (router2_id)
+    tor_free(router2_id);
+  if (router3_id)
+    tor_free(router3_id);
+  if (options->ReachableORAddresses ||
+      options->ReachableDirAddresses)
+    policies_free_all();
+  tor_free(consensus_text_md);
+  networkstatus_vote_free(con_md);
+}
+
+connection_t *mocked_connection = NULL;
+
+/* Mock connection_get_by_type_addr_port_purpose by returning
+ * mocked_connection. */
+static connection_t *
+mock_connection_get_by_type_addr_port_purpose(int type,
+                                              const tor_addr_t *addr,
+                                              uint16_t port, int purpose)
+{
+  (void)type;
+  (void)addr;
+  (void)port;
+  (void)purpose;
+
+  return mocked_connection;
+}
+
+#define TEST_ADDR_STR "127.0.0.1"
+#define TEST_DIR_PORT 12345
+
+static void
+test_routerlist_router_is_already_dir_fetching(void *arg)
+{
+  (void)arg;
+  tor_addr_port_t test_ap, null_addr_ap, zero_port_ap;
+
+  /* Setup */
+  tor_addr_parse(&test_ap.addr, TEST_ADDR_STR);
+  test_ap.port = TEST_DIR_PORT;
+  tor_addr_make_null(&null_addr_ap.addr, AF_INET6);
+  null_addr_ap.port = TEST_DIR_PORT;
+  tor_addr_parse(&zero_port_ap.addr, TEST_ADDR_STR);
+  zero_port_ap.port = 0;
+  MOCK(connection_get_by_type_addr_port_purpose,
+       mock_connection_get_by_type_addr_port_purpose);
+
+  /* Test that we never get 1 from a NULL connection */
+  mocked_connection = NULL;
+  tt_assert(router_is_already_dir_fetching(&test_ap, 1, 1) == 0);
+  tt_assert(router_is_already_dir_fetching(&test_ap, 1, 0) == 0);
+  tt_assert(router_is_already_dir_fetching(&test_ap, 0, 1) == 0);
+  /* We always expect 0 in these cases */
+  tt_assert(router_is_already_dir_fetching(&test_ap, 0, 0) == 0);
+  tt_assert(router_is_already_dir_fetching(NULL, 1, 1) == 0);
+  tt_assert(router_is_already_dir_fetching(&null_addr_ap, 1, 1) == 0);
+  tt_assert(router_is_already_dir_fetching(&zero_port_ap, 1, 1) == 0);
+
+  /* Test that we get 1 with a connection in the appropriate circumstances */
+  mocked_connection = connection_new(CONN_TYPE_DIR, AF_INET);
+  tt_assert(router_is_already_dir_fetching(&test_ap, 1, 1) == 1);
+  tt_assert(router_is_already_dir_fetching(&test_ap, 1, 0) == 1);
+  tt_assert(router_is_already_dir_fetching(&test_ap, 0, 1) == 1);
+
+  /* Test that we get 0 even with a connection in the appropriate
+   * circumstances */
+  tt_assert(router_is_already_dir_fetching(&test_ap, 0, 0) == 0);
+  tt_assert(router_is_already_dir_fetching(NULL, 1, 1) == 0);
+  tt_assert(router_is_already_dir_fetching(&null_addr_ap, 1, 1) == 0);
+  tt_assert(router_is_already_dir_fetching(&zero_port_ap, 1, 1) == 0);
+
+ done:
+  /* If a connection is never set up, connection_free chokes on it. */
+  if (mocked_connection) {
+    buf_free(mocked_connection->inbuf);
+    buf_free(mocked_connection->outbuf);
+  }
+  tor_free(mocked_connection);
+  UNMOCK(connection_get_by_type_addr_port_purpose);
+}
+
+#undef TEST_ADDR_STR
+#undef TEST_DIR_PORT
+
+#define NODE(name, flags) \
+  { #name, test_routerlist_##name, (flags), NULL, NULL }
+#define ROUTER(name,flags) \
+  { #name, test_router_##name, (flags), NULL, NULL }
+
+struct testcase_t routerlist_tests[] = {
+  NODE(initiate_descriptor_downloads, 0),
+  NODE(launch_descriptor_downloads, 0),
+  NODE(router_is_already_dir_fetching, TT_FORK),
+  ROUTER(pick_directory_server_impl, TT_FORK),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_routerset.c b/src/test/test_routerset.c
new file mode 100644
index 0000000000..74b39c0486
--- /dev/null
+++ b/src/test/test_routerset.c
@@ -0,0 +1,2221 @@
+#define ROUTERSET_PRIVATE
+
+#include "or.h"
+#include "geoip.h"
+#include "routerset.h"
+#include "routerparse.h"
+#include "policies.h"
+#include "nodelist.h"
+#include "test.h"
+
+#define NS_MODULE routerset
+
+#define NS_SUBMODULE routerset_new
+
+/*
+ * Functional (blackbox) test to determine that each member of the routerset
+ * is non-NULL
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *rs;
+  (void)arg;
+
+  rs = routerset_new();
+
+  tt_ptr_op(rs, OP_NE, NULL);
+  tt_ptr_op(rs->list, OP_NE, NULL);
+  tt_ptr_op(rs->names, OP_NE, NULL);
+  tt_ptr_op(rs->digests, OP_NE, NULL);
+  tt_ptr_op(rs->policies, OP_NE, NULL);
+  tt_ptr_op(rs->country_names, OP_NE, NULL);
+
+  done:
+    routerset_free(rs);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_get_countryname
+
+/*
+ * Functional test to strip the braces from a "{xx}" country code string.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  const char *input;
+  char *name;
+  (void)arg;
+
+  /* strlen(c) < 4 */
+  input = "xxx";
+  name = routerset_get_countryname(input);
+  tt_ptr_op(name, OP_EQ, NULL);
+  tor_free(name);
+
+  /* c[0] != '{' */
+  input = "xxx}";
+  name = routerset_get_countryname(input);
+  tt_ptr_op(name, OP_EQ, NULL);
+  tor_free(name);
+
+  /* c[3] != '}' */
+  input = "{xxx";
+  name = routerset_get_countryname(input);
+  tt_ptr_op(name, OP_EQ, NULL);
+  tor_free(name);
+
+  /* tor_strlower */
+  input = "{XX}";
+  name = routerset_get_countryname(input);
+  tt_str_op(name, OP_EQ, "xx");
+  tor_free(name);
+
+  input = "{xx}";
+  name = routerset_get_countryname(input);
+  tt_str_op(name, OP_EQ, "xx");
+  done:
+    tor_free(name);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_refresh_counties, geoip_not_loaded)
+
+/*
+ * Structural (whitebox) test for routerset_refresh_counties, when the GeoIP DB
+ * is not loaded.
+ */
+
+NS_DECL(int, geoip_is_loaded, (sa_family_t family));
+NS_DECL(int, geoip_get_n_countries, (void));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  (void)arg;
+
+  NS_MOCK(geoip_is_loaded);
+  NS_MOCK(geoip_get_n_countries);
+
+  routerset_refresh_countries(set);
+
+  tt_ptr_op(set->countries, OP_EQ, NULL);
+  tt_int_op(set->n_countries, OP_EQ, 0);
+  tt_int_op(CALLED(geoip_is_loaded), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_n_countries), OP_EQ, 0);
+
+  done:
+    NS_UNMOCK(geoip_is_loaded);
+    NS_UNMOCK(geoip_get_n_countries);
+    routerset_free(set);
+}
+
+static int
+NS(geoip_is_loaded)(sa_family_t family)
+{
+  (void)family;
+  CALLED(geoip_is_loaded)++;
+
+  return 0;
+}
+
+static int
+NS(geoip_get_n_countries)(void)
+{
+  CALLED(geoip_get_n_countries)++;
+
+  return 0;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_refresh_counties, no_countries)
+
+/*
+ * Structural test for routerset_refresh_counties, when there are no countries.
+ */
+
+NS_DECL(int, geoip_is_loaded, (sa_family_t family));
+NS_DECL(int, geoip_get_n_countries, (void));
+NS_DECL(country_t, geoip_get_country, (const char *country));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  (void)arg;
+
+  NS_MOCK(geoip_is_loaded);
+  NS_MOCK(geoip_get_n_countries);
+  NS_MOCK(geoip_get_country);
+
+  routerset_refresh_countries(set);
+
+  tt_ptr_op(set->countries, OP_NE, NULL);
+  tt_int_op(set->n_countries, OP_EQ, 1);
+  tt_int_op((unsigned int)(*set->countries), OP_EQ, 0);
+  tt_int_op(CALLED(geoip_is_loaded), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_n_countries), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_country), OP_EQ, 0);
+
+  done:
+    NS_UNMOCK(geoip_is_loaded);
+    NS_UNMOCK(geoip_get_n_countries);
+    NS_UNMOCK(geoip_get_country);
+    routerset_free(set);
+}
+
+static int
+NS(geoip_is_loaded)(sa_family_t family)
+{
+  (void)family;
+  CALLED(geoip_is_loaded)++;
+
+  return 1;
+}
+
+static int
+NS(geoip_get_n_countries)(void)
+{
+  CALLED(geoip_get_n_countries)++;
+
+  return 1;
+}
+
+static country_t
+NS(geoip_get_country)(const char *countrycode)
+{
+  (void)countrycode;
+  CALLED(geoip_get_country)++;
+
+  return 1;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_refresh_counties, one_valid_country)
+
+/*
+ * Structural test for routerset_refresh_counties, with one valid country.
+ */
+
+NS_DECL(int, geoip_is_loaded, (sa_family_t family));
+NS_DECL(int, geoip_get_n_countries, (void));
+NS_DECL(country_t, geoip_get_country, (const char *country));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  (void)arg;
+
+  NS_MOCK(geoip_is_loaded);
+  NS_MOCK(geoip_get_n_countries);
+  NS_MOCK(geoip_get_country);
+  smartlist_add(set->country_names, tor_strndup("foo", 3));
+
+  routerset_refresh_countries(set);
+
+  tt_ptr_op(set->countries, OP_NE, NULL);
+  tt_int_op(set->n_countries, OP_EQ, 2);
+  tt_int_op(CALLED(geoip_is_loaded), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_n_countries), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_country), OP_EQ, 1);
+  tt_int_op((unsigned int)(*set->countries), OP_NE, 0);
+
+  done:
+    NS_UNMOCK(geoip_is_loaded);
+    NS_UNMOCK(geoip_get_n_countries);
+    NS_UNMOCK(geoip_get_country);
+    routerset_free(set);
+}
+
+static int
+NS(geoip_is_loaded)(sa_family_t family)
+{
+  (void)family;
+  CALLED(geoip_is_loaded)++;
+
+  return 1;
+}
+
+static int
+NS(geoip_get_n_countries)(void)
+{
+  CALLED(geoip_get_n_countries)++;
+
+  return 2;
+}
+
+static country_t
+NS(geoip_get_country)(const char *countrycode)
+{
+  (void)countrycode;
+  CALLED(geoip_get_country)++;
+
+  return 1;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_refresh_counties, one_invalid_country)
+
+/*
+ * Structural test for routerset_refresh_counties, with one invalid
+ * country code..
+ */
+
+NS_DECL(int, geoip_is_loaded, (sa_family_t family));
+NS_DECL(int, geoip_get_n_countries, (void));
+NS_DECL(country_t, geoip_get_country, (const char *country));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  (void)arg;
+
+  NS_MOCK(geoip_is_loaded);
+  NS_MOCK(geoip_get_n_countries);
+  NS_MOCK(geoip_get_country);
+  smartlist_add(set->country_names, tor_strndup("foo", 3));
+
+  routerset_refresh_countries(set);
+
+  tt_ptr_op(set->countries, OP_NE, NULL);
+  tt_int_op(set->n_countries, OP_EQ, 2);
+  tt_int_op(CALLED(geoip_is_loaded), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_n_countries), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_country), OP_EQ, 1);
+  tt_int_op((unsigned int)(*set->countries), OP_EQ, 0);
+
+  done:
+    NS_UNMOCK(geoip_is_loaded);
+    NS_UNMOCK(geoip_get_n_countries);
+    NS_UNMOCK(geoip_get_country);
+    routerset_free(set);
+}
+
+static int
+NS(geoip_is_loaded)(sa_family_t family)
+{
+  (void)family;
+  CALLED(geoip_is_loaded)++;
+
+  return 1;
+}
+
+static int
+NS(geoip_get_n_countries)(void)
+{
+  CALLED(geoip_get_n_countries)++;
+
+  return 2;
+}
+
+static country_t
+NS(geoip_get_country)(const char *countrycode)
+{
+  (void)countrycode;
+  CALLED(geoip_get_country)++;
+
+  return -1;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, malformed)
+
+/*
+ * Functional test, with a malformed string to parse.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  const char *s = "_";
+  int r;
+  (void)arg;
+
+  r = routerset_parse(set, s, "");
+
+  tt_int_op(r, OP_EQ, -1);
+
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, valid_hexdigest)
+
+/*
+ * Functional test for routerset_parse, that routerset_parse returns 0
+ * on a valid hexdigest entry.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  const char *s;
+  int r;
+  (void)arg;
+
+  set = routerset_new();
+  s = "$0000000000000000000000000000000000000000";
+  r = routerset_parse(set, s, "");
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(digestmap_isempty(set->digests), OP_NE, 1);
+
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, valid_nickname)
+
+/*
+ * Functional test for routerset_parse, when given a valid nickname as input.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  const char *s;
+  int r;
+  (void)arg;
+
+  set = routerset_new();
+  s = "fred";
+  r = routerset_parse(set, s, "");
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(strmap_isempty(set->names), OP_NE, 1);
+
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, get_countryname)
+
+/*
+ * Functional test for routerset_parse, when given a valid countryname.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  const char *s;
+  int r;
+  (void)arg;
+
+  set = routerset_new();
+  s = "{cc}";
+  r = routerset_parse(set, s, "");
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(set->country_names), OP_NE, 0);
+
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, policy_wildcard)
+
+/*
+ * Structural test for routerset_parse, when given a valid wildcard policy.
+ */
+
+NS_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string,
+    (const char *s, int assume_action, int *malformed_list));
+
+addr_policy_t *NS(mock_addr_policy);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  const char *s;
+  int r;
+  (void)arg;
+
+  NS_MOCK(router_parse_addr_policy_item_from_string);
+  NS(mock_addr_policy) = tor_malloc_zero(sizeof(addr_policy_t));
+
+  set = routerset_new();
+  s = "*";
+  r = routerset_parse(set, s, "");
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(set->policies), OP_NE, 0);
+  tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
+
+  done:
+    routerset_free(set);
+}
+
+addr_policy_t *
+NS(router_parse_addr_policy_item_from_string)(const char *s,
+                                              int assume_action,
+                                              int *malformed_list)
+{
+  (void)s;
+  (void)assume_action;
+  (void)malformed_list;
+  CALLED(router_parse_addr_policy_item_from_string)++;
+
+  return NS(mock_addr_policy);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, policy_ipv4)
+
+/*
+ * Structural test for routerset_parse, when given a valid IPv4 address
+ * literal policy.
+ */
+
+NS_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string,
+        (const char *s, int assume_action, int *bogus));
+
+addr_policy_t *NS(mock_addr_policy);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  const char *s;
+  int r;
+  (void)arg;
+
+  NS_MOCK(router_parse_addr_policy_item_from_string);
+  NS(mock_addr_policy) = tor_malloc_zero(sizeof(addr_policy_t));
+
+  set = routerset_new();
+  s = "127.0.0.1";
+  r = routerset_parse(set, s, "");
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(set->policies), OP_NE, 0);
+  tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
+
+ done:
+  routerset_free(set);
+}
+
+addr_policy_t *
+NS(router_parse_addr_policy_item_from_string)(const char *s, int assume_action,
+                                              int *bogus)
+{
+  (void)s;
+  (void)assume_action;
+  CALLED(router_parse_addr_policy_item_from_string)++;
+  *bogus = 0;
+
+  return NS(mock_addr_policy);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_parse, policy_ipv6)
+
+/*
+ * Structural test for routerset_parse, when given a valid IPv6 address
+ * literal policy.
+ */
+
+NS_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string,
+        (const char *s, int assume_action, int *bad));
+
+addr_policy_t *NS(mock_addr_policy);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  const char *s;
+  int r;
+  (void)arg;
+
+  NS_MOCK(router_parse_addr_policy_item_from_string);
+  NS(mock_addr_policy) = tor_malloc_zero(sizeof(addr_policy_t));
+
+  set = routerset_new();
+  s = "::1";
+  r = routerset_parse(set, s, "");
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(smartlist_len(set->policies), OP_NE, 0);
+  tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
+
+ done:
+  routerset_free(set);
+}
+
+addr_policy_t *
+NS(router_parse_addr_policy_item_from_string)(const char *s,
+                                              int assume_action, int *bad)
+{
+  (void)s;
+  (void)assume_action;
+  CALLED(router_parse_addr_policy_item_from_string)++;
+  *bad = 0;
+
+  return NS(mock_addr_policy);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_union, source_bad)
+
+/*
+ * Structural test for routerset_union, when given a bad source argument.
+ */
+
+NS_DECL(smartlist_t *, smartlist_new, (void));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set, *bad_set;
+  (void)arg;
+
+  set = routerset_new();
+  bad_set = routerset_new();
+  smartlist_free(bad_set->list);
+  bad_set->list = NULL;
+
+  NS_MOCK(smartlist_new);
+
+  routerset_union(set, NULL);
+  tt_int_op(CALLED(smartlist_new), OP_EQ, 0);
+
+  routerset_union(set, bad_set);
+  tt_int_op(CALLED(smartlist_new), OP_EQ, 0);
+
+  done:
+    NS_UNMOCK(smartlist_new);
+    routerset_free(set);
+
+    /* Just recreate list, so we can simply use routerset_free. */
+    bad_set->list = smartlist_new();
+    routerset_free(bad_set);
+}
+
+static smartlist_t *
+NS(smartlist_new)(void)
+{
+  CALLED(smartlist_new)++;
+
+  return NULL;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_union, one)
+
+/*
+ * Functional test for routerset_union.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *src = routerset_new();
+  routerset_t *tgt;
+  (void)arg;
+
+  tgt = routerset_new();
+  smartlist_add(src->list, tor_strdup("{xx}"));
+  routerset_union(tgt, src);
+
+  tt_int_op(smartlist_len(tgt->list), OP_NE, 0);
+
+  done:
+    routerset_free(src);
+    routerset_free(tgt);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_is_list
+
+/*
+ * Functional tests for routerset_is_list.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set;
+  addr_policy_t *policy;
+  int is_list;
+  (void)arg;
+
+  /* len(set->country_names) == 0, len(set->policies) == 0 */
+  set = routerset_new();
+  is_list = routerset_is_list(set);
+  routerset_free(set);
+  set = NULL;
+  tt_int_op(is_list, OP_NE, 0);
+
+  /* len(set->country_names) != 0, len(set->policies) == 0 */
+  set = routerset_new();
+  smartlist_add(set->country_names, tor_strndup("foo", 3));
+  is_list = routerset_is_list(set);
+  routerset_free(set);
+  set = NULL;
+  tt_int_op(is_list, OP_EQ, 0);
+
+  /* len(set->country_names) == 0, len(set->policies) != 0 */
+  set = routerset_new();
+  policy = tor_malloc_zero(sizeof(addr_policy_t));
+  smartlist_add(set->policies, (void *)policy);
+  is_list = routerset_is_list(set);
+  routerset_free(set);
+  set = NULL;
+  tt_int_op(is_list, OP_EQ, 0);
+
+  /* len(set->country_names) != 0, len(set->policies) != 0 */
+  set = routerset_new();
+  smartlist_add(set->country_names, tor_strndup("foo", 3));
+  policy = tor_malloc_zero(sizeof(addr_policy_t));
+  smartlist_add(set->policies, (void *)policy);
+  is_list = routerset_is_list(set);
+  routerset_free(set);
+  set = NULL;
+  tt_int_op(is_list, OP_EQ, 0);
+
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_needs_geoip
+
+/*
+ * Functional tests for routerset_needs_geoip.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  const routerset_t *set;
+  int needs_geoip;
+  (void)arg;
+
+  set = NULL;
+  needs_geoip = routerset_needs_geoip(set);
+  tt_int_op(needs_geoip, OP_EQ, 0);
+
+  set = routerset_new();
+  needs_geoip = routerset_needs_geoip(set);
+  routerset_free((routerset_t *)set);
+  tt_int_op(needs_geoip, OP_EQ, 0);
+  set = NULL;
+
+  set = routerset_new();
+  smartlist_add(set->country_names, tor_strndup("xx", 2));
+  needs_geoip = routerset_needs_geoip(set);
+  routerset_free((routerset_t *)set);
+  set = NULL;
+  tt_int_op(needs_geoip, OP_NE, 0);
+
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_is_empty
+
+/*
+ * Functional tests for routerset_is_empty.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = NULL;
+  int is_empty;
+  (void)arg;
+
+  is_empty = routerset_is_empty(set);
+  tt_int_op(is_empty, OP_NE, 0);
+
+  set = routerset_new();
+  is_empty = routerset_is_empty(set);
+  routerset_free(set);
+  set = NULL;
+  tt_int_op(is_empty, OP_NE, 0);
+
+  set = routerset_new();
+  smartlist_add(set->list, tor_strdup("{xx}"));
+  is_empty = routerset_is_empty(set);
+  routerset_free(set);
+  set = NULL;
+  tt_int_op(is_empty, OP_EQ, 0);
+
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, null_set_or_null_set_list)
+
+/*
+ * Functional test for routerset_contains, when given a NULL set or the
+ * set has a NULL list.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = NULL;
+  int contains;
+  (void)arg;
+
+  contains = routerset_contains(set, NULL, 0, NULL, NULL, 0);
+
+  tt_int_op(contains, OP_EQ, 0);
+
+  set = tor_malloc_zero(sizeof(routerset_t));
+  set->list = NULL;
+  contains = routerset_contains(set, NULL, 0, NULL, NULL, 0);
+  tor_free(set);
+  tt_int_op(contains, OP_EQ, 0);
+
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_null_nickname)
+
+/*
+ * Functional test for routerset_contains, when given a valid routerset but a
+ * NULL nickname.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  char *nickname = NULL;
+  int contains;
+  (void)arg;
+
+  contains = routerset_contains(set, NULL, 0, nickname, NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 0);
+
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_nickname)
+
+/*
+ * Functional test for routerset_contains, when given a valid routerset
+ * and the nickname is in the routerset.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  const char *nickname;
+  int contains;
+  (void)arg;
+
+  nickname = "Foo";  /* This tests the lowercase comparison as well. */
+  strmap_set_lc(set->names, nickname, (void *)1);
+  contains = routerset_contains(set, NULL, 0, nickname, NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 4);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_no_nickname)
+
+/*
+ * Functional test for routerset_contains, when given a valid routerset
+ * and the nickname is not in the routerset.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains;
+  (void)arg;
+
+  strmap_set_lc(set->names, "bar", (void *)1);
+  contains = routerset_contains(set, NULL, 0, "foo", NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 0);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_digest)
+
+/*
+ * Functional test for routerset_contains, when given a valid routerset
+ * and the digest is contained in the routerset.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains;
+  uint8_t foo[20] = { 2, 3, 4 };
+  (void)arg;
+
+  digestmap_set(set->digests, (const char*)foo, (void *)1);
+  contains = routerset_contains(set, NULL, 0, NULL, (const char*)foo, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 4);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_no_digest)
+
+/*
+ * Functional test for routerset_contains, when given a valid routerset
+ * and the digest is not contained in the routerset.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains;
+  uint8_t bar[20] = { 9, 10, 11, 55 };
+  uint8_t foo[20] = { 1, 2, 3, 4};
+  (void)arg;
+
+  digestmap_set(set->digests, (const char*)bar, (void *)1);
+  contains = routerset_contains(set, NULL, 0, NULL, (const char*)foo, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 0);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_null_digest)
+
+/*
+ * Functional test for routerset_contains, when given a valid routerset
+ * and the digest is NULL.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains;
+  uint8_t bar[20] = { 9, 10, 11, 55 };
+  (void)arg;
+
+  digestmap_set(set->digests, (const char*)bar, (void *)1);
+  contains = routerset_contains(set, NULL, 0, NULL, NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 0);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_addr)
+
+/*
+ * Structural test for routerset_contains, when given a valid routerset
+ * and the address is rejected by policy.
+ */
+
+NS_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
+
+static tor_addr_t MOCK_TOR_ADDR;
+#define MOCK_TOR_ADDR_PTR (&MOCK_TOR_ADDR)
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  tor_addr_t *addr = MOCK_TOR_ADDR_PTR;
+  int contains;
+  (void)arg;
+
+  NS_MOCK(compare_tor_addr_to_addr_policy);
+
+  contains = routerset_contains(set, addr, 0, NULL, NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(CALLED(compare_tor_addr_to_addr_policy), OP_EQ, 1);
+  tt_int_op(contains, OP_EQ, 3);
+
+  done:
+    ;
+}
+
+addr_policy_result_t
+NS(compare_tor_addr_to_addr_policy)(const tor_addr_t *addr, uint16_t port,
+    const smartlist_t *policy)
+{
+  (void)port;
+  (void)policy;
+  CALLED(compare_tor_addr_to_addr_policy)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+  return ADDR_POLICY_REJECTED;
+
+  done:
+    return 0;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_no_addr)
+
+/*
+ * Structural test for routerset_contains, when given a valid routerset
+ * and the address is not rejected by policy.
+ */
+
+NS_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  tor_addr_t *addr = MOCK_TOR_ADDR_PTR;
+  int contains;
+  (void)arg;
+
+  NS_MOCK(compare_tor_addr_to_addr_policy);
+
+  contains = routerset_contains(set, addr, 0, NULL, NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(CALLED(compare_tor_addr_to_addr_policy), OP_EQ, 1);
+  tt_int_op(contains, OP_EQ, 0);
+
+  done:
+    ;
+}
+
+addr_policy_result_t
+NS(compare_tor_addr_to_addr_policy)(const tor_addr_t *addr, uint16_t port,
+    const smartlist_t *policy)
+{
+  (void)port;
+  (void)policy;
+  CALLED(compare_tor_addr_to_addr_policy)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+
+  return ADDR_POLICY_ACCEPTED;
+
+  done:
+      return 0;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, set_and_null_addr)
+
+/*
+ * Structural test for routerset_contains, when given a valid routerset
+ * and the address is NULL.
+ */
+
+NS_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains;
+  (void)arg;
+
+  NS_MOCK(compare_tor_addr_to_addr_policy);
+
+  contains = routerset_contains(set, NULL, 0, NULL, NULL, 0);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 0);
+
+  done:
+    ;
+}
+
+addr_policy_result_t
+NS(compare_tor_addr_to_addr_policy)(const tor_addr_t *addr, uint16_t port,
+    const smartlist_t *policy)
+{
+  (void)port;
+  (void)policy;
+  CALLED(compare_tor_addr_to_addr_policy)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+
+  return ADDR_POLICY_ACCEPTED;
+
+  done:
+    return 0;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, countries_no_geoip)
+
+/*
+ * Structural test for routerset_contains, when there is no matching country
+ * for the address.
+ */
+
+NS_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
+NS_DECL(int, geoip_get_country_by_addr, (const tor_addr_t *addr));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains = 1;
+  (void)arg;
+
+  NS_MOCK(compare_tor_addr_to_addr_policy);
+  NS_MOCK(geoip_get_country_by_addr);
+
+  set->countries = bitarray_init_zero(1);
+  bitarray_set(set->countries, 1);
+  contains = routerset_contains(set, MOCK_TOR_ADDR_PTR, 0, NULL, NULL, -1);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 0);
+  tt_int_op(CALLED(compare_tor_addr_to_addr_policy), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_country_by_addr), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+addr_policy_result_t
+NS(compare_tor_addr_to_addr_policy)(const tor_addr_t *addr, uint16_t port,
+    const smartlist_t *policy)
+{
+  (void)port;
+  (void)policy;
+  CALLED(compare_tor_addr_to_addr_policy)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+
+  done:
+    return ADDR_POLICY_ACCEPTED;
+}
+
+int
+NS(geoip_get_country_by_addr)(const tor_addr_t *addr)
+{
+  CALLED(geoip_get_country_by_addr)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+
+  done:
+    return -1;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains, countries_geoip)
+
+/*
+ * Structural test for routerset_contains, when there a matching country
+ * for the address.
+ */
+
+NS_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
+NS_DECL(int, geoip_get_country_by_addr, (const tor_addr_t *addr));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int contains = 1;
+  (void)arg;
+
+  NS_MOCK(compare_tor_addr_to_addr_policy);
+  NS_MOCK(geoip_get_country_by_addr);
+
+  set->n_countries = 2;
+  set->countries = bitarray_init_zero(1);
+  bitarray_set(set->countries, 1);
+  contains = routerset_contains(set, MOCK_TOR_ADDR_PTR, 0, NULL, NULL, -1);
+  routerset_free(set);
+
+  tt_int_op(contains, OP_EQ, 2);
+  tt_int_op(CALLED(compare_tor_addr_to_addr_policy), OP_EQ, 1);
+  tt_int_op(CALLED(geoip_get_country_by_addr), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+addr_policy_result_t
+NS(compare_tor_addr_to_addr_policy)(const tor_addr_t *addr, uint16_t port,
+    const smartlist_t *policy)
+{
+  (void)port;
+  (void)policy;
+  CALLED(compare_tor_addr_to_addr_policy)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+
+  done:
+    return ADDR_POLICY_ACCEPTED;
+}
+
+int
+NS(geoip_get_country_by_addr)(const tor_addr_t *addr)
+{
+  CALLED(geoip_get_country_by_addr)++;
+  tt_ptr_op(addr, OP_EQ, MOCK_TOR_ADDR_PTR);
+
+  done:
+    return 1;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_add_unknown_ccs, only_flag_and_no_ccs)
+
+/*
+ * Functional test for routerset_add_unknown_ccs, where only_if_some_cc_set
+ * is set and there are no country names.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  routerset_t **setp = &set;
+  int r;
+  (void)arg;
+
+  r = routerset_add_unknown_ccs(setp, 1);
+
+  tt_int_op(r, OP_EQ, 0);
+
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_add_unknown_ccs, creates_set)
+
+/*
+ * Functional test for routerset_add_unknown_ccs, where the set argument
+ * is created if passed in as NULL.
+ */
+
+/* The mock is only used to stop the test from asserting erroneously. */
+NS_DECL(country_t, geoip_get_country, (const char *country));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = NULL;
+  routerset_t **setp = &set;
+  int r;
+  (void)arg;
+
+  NS_MOCK(geoip_get_country);
+
+  r = routerset_add_unknown_ccs(setp, 0);
+
+  tt_ptr_op(*setp, OP_NE, NULL);
+  tt_int_op(r, OP_EQ, 0);
+
+  done:
+    if (set != NULL)
+      routerset_free(set);
+}
+
+country_t
+NS(geoip_get_country)(const char *country)
+{
+  (void)country;
+  CALLED(geoip_get_country)++;
+
+  return -1;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_add_unknown_ccs, add_unknown)
+
+/*
+ * Structural test for routerset_add_unknown_ccs, that the "{??}"
+ * country code is added to the list.
+ */
+
+NS_DECL(country_t, geoip_get_country, (const char *country));
+NS_DECL(int, geoip_is_loaded, (sa_family_t family));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  routerset_t **setp = &set;
+  int r;
+  (void)arg;
+
+  NS_MOCK(geoip_get_country);
+  NS_MOCK(geoip_is_loaded);
+
+  r = routerset_add_unknown_ccs(setp, 0);
+
+  tt_int_op(r, OP_EQ, 1);
+  tt_int_op(smartlist_contains_string(set->country_names, "??"), OP_EQ, 1);
+  tt_int_op(smartlist_contains_string(set->list, "{??}"), OP_EQ, 1);
+
+  done:
+    if (set != NULL)
+      routerset_free(set);
+}
+
+country_t
+NS(geoip_get_country)(const char *country)
+{
+  int arg_is_qq, arg_is_a1;
+
+  CALLED(geoip_get_country)++;
+
+  arg_is_qq = !strcmp(country, "??");
+  arg_is_a1 = !strcmp(country, "A1");
+
+  tt_int_op(arg_is_qq || arg_is_a1, OP_EQ, 1);
+
+  if (arg_is_qq)
+    return 1;
+
+  done:
+    return -1;
+}
+
+int
+NS(geoip_is_loaded)(sa_family_t family)
+{
+  CALLED(geoip_is_loaded)++;
+
+  tt_int_op(family, OP_EQ, AF_INET);
+
+  done:
+    return 0;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_add_unknown_ccs, add_a1)
+
+/*
+ * Structural test for routerset_add_unknown_ccs, that the "{a1}"
+ * country code is added to the list.
+ */
+
+NS_DECL(country_t, geoip_get_country, (const char *country));
+NS_DECL(int, geoip_is_loaded, (sa_family_t family));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  routerset_t **setp = &set;
+  int r;
+  (void)arg;
+
+  NS_MOCK(geoip_get_country);
+  NS_MOCK(geoip_is_loaded);
+
+  r = routerset_add_unknown_ccs(setp, 0);
+
+  tt_int_op(r, OP_EQ, 1);
+  tt_int_op(smartlist_contains_string(set->country_names, "a1"), OP_EQ, 1);
+  tt_int_op(smartlist_contains_string(set->list, "{a1}"), OP_EQ, 1);
+
+  done:
+    if (set != NULL)
+      routerset_free(set);
+}
+
+country_t
+NS(geoip_get_country)(const char *country)
+{
+  int arg_is_qq, arg_is_a1;
+
+  CALLED(geoip_get_country)++;
+
+  arg_is_qq = !strcmp(country, "??");
+  arg_is_a1 = !strcmp(country, "A1");
+
+  tt_int_op(arg_is_qq || arg_is_a1, OP_EQ, 1);
+
+  if (arg_is_a1)
+    return 1;
+
+  done:
+    return -1;
+}
+
+int
+NS(geoip_is_loaded)(sa_family_t family)
+{
+  CALLED(geoip_is_loaded)++;
+
+  tt_int_op(family, OP_EQ, AF_INET);
+
+  done:
+    return 0;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_contains_extendinfo
+
+/*
+ * Functional test for routerset_contains_extendinfo.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  extend_info_t ei;
+  int r;
+  const char *nickname = "foo";
+  (void)arg;
+
+  memset(&ei, 0, sizeof(ei));
+  strmap_set_lc(set->names, nickname, (void *)1);
+  strncpy(ei.nickname, nickname, sizeof(ei.nickname) - 1);
+  ei.nickname[sizeof(ei.nickname) - 1] = '\0';
+
+  r = routerset_contains_extendinfo(set, &ei);
+
+  tt_int_op(r, OP_EQ, 4);
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_contains_router
+
+/*
+ * Functional test for routerset_contains_router.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  routerinfo_t ri;
+  country_t country = 1;
+  int r;
+  const char *nickname = "foo";
+  (void)arg;
+
+  memset(&ri, 0, sizeof(ri));
+  strmap_set_lc(set->names, nickname, (void *)1);
+  ri.nickname = (char *)nickname;
+
+  r = routerset_contains_router(set, &ri, country);
+
+  tt_int_op(r, OP_EQ, 4);
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_contains_routerstatus
+
+/*
+ * Functional test for routerset_contains_routerstatus.
+ */
+
+// XXX: This is a bit brief. It only populates and tests the nickname fields
+// ie., enough to make the containment check succeed. Perhaps it should do
+// a bit more or test a bit more.
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  routerstatus_t rs;
+  country_t country = 1;
+  int r;
+  const char *nickname = "foo";
+  (void)arg;
+
+  memset(&rs, 0, sizeof(rs));
+  strmap_set_lc(set->names, nickname, (void *)1);
+  strncpy(rs.nickname, nickname, sizeof(rs.nickname) - 1);
+  rs.nickname[sizeof(rs.nickname) - 1] = '\0';
+
+  r = routerset_contains_routerstatus(set, &rs, country);
+
+  tt_int_op(r, OP_EQ, 4);
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains_node, none)
+
+/*
+ * Functional test for routerset_contains_node, when the node has no
+ * routerset or routerinfo.
+ */
+
+node_t NS(mock_node);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int r;
+  (void)arg;
+
+  NS(mock_node).ri = NULL;
+  NS(mock_node).rs = NULL;
+
+  r = routerset_contains_node(set, &NS(mock_node));
+  tt_int_op(r, OP_EQ, 0);
+
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains_node, routerstatus)
+
+/*
+ * Functional test for routerset_contains_node, when the node has a
+ * routerset and no routerinfo.
+ */
+
+node_t NS(mock_node);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int r;
+  const char *nickname = "foo";
+  routerstatus_t rs;
+  (void)arg;
+
+  strmap_set_lc(set->names, nickname, (void *)1);
+
+  strncpy(rs.nickname, nickname, sizeof(rs.nickname) - 1);
+  rs.nickname[sizeof(rs.nickname) - 1] = '\0';
+  NS(mock_node).ri = NULL;
+  NS(mock_node).rs = &rs;
+
+  r = routerset_contains_node(set, &NS(mock_node));
+
+  tt_int_op(r, OP_EQ, 4);
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_contains_node, routerinfo)
+
+/*
+ * Functional test for routerset_contains_node, when the node has no
+ * routerset and a routerinfo.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  int r;
+  const char *nickname = "foo";
+  routerinfo_t ri;
+  node_t mock_node;
+  (void)arg;
+
+  strmap_set_lc(set->names, nickname, (void *)1);
+
+  ri.nickname = (char *)nickname;
+  mock_node.ri = &ri;
+  mock_node.rs = NULL;
+
+  r = routerset_contains_node(set, &mock_node);
+
+  tt_int_op(r, OP_EQ, 4);
+  done:
+    routerset_free(set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_get_all_nodes, no_routerset)
+
+/*
+ * Functional test for routerset_get_all_nodes, when routerset is NULL or
+ * the routerset list is NULL.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  smartlist_t *out = smartlist_new();
+  routerset_t *set = NULL;
+  (void)arg;
+
+  tt_int_op(smartlist_len(out), OP_EQ, 0);
+  routerset_get_all_nodes(out, NULL, NULL, 0);
+
+  tt_int_op(smartlist_len(out), OP_EQ, 0);
+
+  set = routerset_new();
+  smartlist_free(set->list);
+  routerset_get_all_nodes(out, NULL, NULL, 0);
+  tt_int_op(smartlist_len(out), OP_EQ, 0);
+
+  /* Just recreate list, so we can simply use routerset_free. */
+  set->list = smartlist_new();
+
+ done:
+  routerset_free(set);
+  smartlist_free(out);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_get_all_nodes, list_with_no_nodes)
+
+/*
+ * Structural test for routerset_get_all_nodes, when the routerset list
+ * is empty.
+ */
+
+NS_DECL(const node_t *, node_get_by_nickname,
+    (const char *nickname, int warn_if_unused));
+const char *NS(mock_nickname);
+
+static void
+NS(test_main)(void *arg)
+{
+  smartlist_t *out = smartlist_new();
+  routerset_t *set = routerset_new();
+  int out_len;
+  (void)arg;
+
+  NS_MOCK(node_get_by_nickname);
+
+  NS(mock_nickname) = "foo";
+  smartlist_add(set->list, tor_strdup(NS(mock_nickname)));
+
+  routerset_get_all_nodes(out, set, NULL, 0);
+  out_len = smartlist_len(out);
+
+  smartlist_free(out);
+  routerset_free(set);
+
+  tt_int_op(out_len, OP_EQ, 0);
+  tt_int_op(CALLED(node_get_by_nickname), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+const node_t *
+NS(node_get_by_nickname)(const char *nickname, int warn_if_unused)
+{
+  CALLED(node_get_by_nickname)++;
+  tt_str_op(nickname, OP_EQ, NS(mock_nickname));
+  tt_int_op(warn_if_unused, OP_EQ, 1);
+
+  done:
+    return NULL;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_get_all_nodes, list_flag_not_running)
+
+/*
+ * Structural test for routerset_get_all_nodes, with the running_only flag
+ * is set but the nodes are not running.
+ */
+
+NS_DECL(const node_t *, node_get_by_nickname,
+    (const char *nickname, int warn_if_unused));
+const char *NS(mock_nickname);
+node_t NS(mock_node);
+
+static void
+NS(test_main)(void *arg)
+{
+  smartlist_t *out = smartlist_new();
+  routerset_t *set = routerset_new();
+  int out_len;
+  (void)arg;
+
+  NS_MOCK(node_get_by_nickname);
+
+  NS(mock_node).is_running = 0;
+  NS(mock_nickname) = "foo";
+  smartlist_add(set->list, tor_strdup(NS(mock_nickname)));
+
+  routerset_get_all_nodes(out, set, NULL, 1);
+  out_len = smartlist_len(out);
+
+  smartlist_free(out);
+  routerset_free(set);
+
+  tt_int_op(out_len, OP_EQ, 0);
+  tt_int_op(CALLED(node_get_by_nickname), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+const node_t *
+NS(node_get_by_nickname)(const char *nickname, int warn_if_unused)
+{
+  CALLED(node_get_by_nickname)++;
+  tt_str_op(nickname, OP_EQ, NS(mock_nickname));
+  tt_int_op(warn_if_unused, OP_EQ, 1);
+
+  done:
+    return &NS(mock_node);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_get_all_nodes, list)
+
+/*
+ * Structural test for routerset_get_all_nodes.
+ */
+
+NS_DECL(const node_t *, node_get_by_nickname,
+    (const char *nickname, int warn_if_unused));
+char *NS(mock_nickname);
+node_t NS(mock_node);
+
+static void
+NS(test_main)(void *arg)
+{
+  smartlist_t *out = smartlist_new();
+  routerset_t *set = routerset_new();
+  int out_len;
+  node_t *ent;
+  (void)arg;
+
+  NS_MOCK(node_get_by_nickname);
+
+  NS(mock_nickname) = tor_strdup("foo");
+  smartlist_add(set->list, NS(mock_nickname));
+
+  routerset_get_all_nodes(out, set, NULL, 0);
+  out_len = smartlist_len(out);
+  ent = (node_t *)smartlist_get(out, 0);
+
+  smartlist_free(out);
+  routerset_free(set);
+
+  tt_int_op(out_len, OP_EQ, 1);
+  tt_ptr_op(ent, OP_EQ, &NS(mock_node));
+  tt_int_op(CALLED(node_get_by_nickname), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+const node_t *
+NS(node_get_by_nickname)(const char *nickname, int warn_if_unused)
+{
+  CALLED(node_get_by_nickname)++;
+  tt_str_op(nickname, OP_EQ, NS(mock_nickname));
+  tt_int_op(warn_if_unused, OP_EQ, 1);
+
+  done:
+    return &NS(mock_node);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_get_all_nodes, nodelist_with_no_nodes)
+
+/*
+ * Structural test for routerset_get_all_nodes, when the nodelist has no nodes.
+ */
+
+NS_DECL(smartlist_t *, nodelist_get_list, (void));
+
+smartlist_t *NS(mock_smartlist);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  smartlist_t *out = smartlist_new();
+  int r;
+  (void)arg;
+
+  NS_MOCK(nodelist_get_list);
+
+  smartlist_add(set->country_names, tor_strdup("{xx}"));
+  NS(mock_smartlist) = smartlist_new();
+
+  routerset_get_all_nodes(out, set, NULL, 1);
+  r = smartlist_len(out);
+  routerset_free(set);
+  smartlist_free(out);
+  smartlist_free(NS(mock_smartlist));
+
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(CALLED(nodelist_get_list), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+smartlist_t *
+NS(nodelist_get_list)(void)
+{
+  CALLED(nodelist_get_list)++;
+
+  return NS(mock_smartlist);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_get_all_nodes, nodelist_flag_not_running)
+
+/*
+ * Structural test for routerset_get_all_nodes, with a non-list routerset
+ * the running_only flag is set, but the nodes are not running.
+ */
+
+NS_DECL(smartlist_t *, nodelist_get_list, (void));
+
+smartlist_t *NS(mock_smartlist);
+node_t NS(mock_node);
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  smartlist_t *out = smartlist_new();
+  int r;
+  (void)arg;
+
+  NS_MOCK(nodelist_get_list);
+
+  smartlist_add(set->country_names, tor_strdup("{xx}"));
+  NS(mock_smartlist) = smartlist_new();
+  NS(mock_node).is_running = 0;
+  smartlist_add(NS(mock_smartlist), (void *)&NS(mock_node));
+
+  routerset_get_all_nodes(out, set, NULL, 1);
+  r = smartlist_len(out);
+  routerset_free(set);
+  smartlist_free(out);
+  smartlist_free(NS(mock_smartlist));
+
+  tt_int_op(r, OP_EQ, 0);
+  tt_int_op(CALLED(nodelist_get_list), OP_EQ, 1);
+
+  done:
+    ;
+}
+
+smartlist_t *
+NS(nodelist_get_list)(void)
+{
+  CALLED(nodelist_get_list)++;
+
+  return NS(mock_smartlist);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_subtract_nodes
+
+/*
+ * Functional test for routerset_subtract_nodes.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = routerset_new();
+  smartlist_t *list = smartlist_new();
+  const char *nickname = "foo";
+  routerinfo_t ri;
+  node_t mock_node;
+  (void)arg;
+
+  strmap_set_lc(set->names, nickname, (void *)1);
+
+  ri.nickname = (char *)nickname;
+  mock_node.rs = NULL;
+  mock_node.ri = &ri;
+  smartlist_add(list, (void *)&mock_node);
+
+  tt_int_op(smartlist_len(list), OP_NE, 0);
+  routerset_subtract_nodes(list, set);
+
+  tt_int_op(smartlist_len(list), OP_EQ, 0);
+  done:
+    routerset_free(set);
+    smartlist_free(list);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_subtract_nodes, null_routerset)
+
+/*
+ * Functional test for routerset_subtract_nodes, with a NULL routerset.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = NULL;
+  smartlist_t *list = smartlist_new();
+  const char *nickname = "foo";
+  routerinfo_t ri;
+  node_t mock_node;
+  (void)arg;
+
+  ri.nickname = (char *)nickname;
+  mock_node.ri = &ri;
+  smartlist_add(list, (void *)&mock_node);
+
+  tt_int_op(smartlist_len(list), OP_NE, 0);
+  routerset_subtract_nodes(list, set);
+
+  tt_int_op(smartlist_len(list), OP_NE, 0);
+  done:
+    routerset_free(set);
+    smartlist_free(list);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_to_string
+
+/*
+ * Functional test for routerset_to_string.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *set = NULL;
+  char *s = NULL;
+  (void)arg;
+
+  set = NULL;
+  s = routerset_to_string(set);
+  tt_str_op(s, OP_EQ, "");
+  tor_free(s);
+
+  set = routerset_new();
+  s = routerset_to_string(set);
+  tt_str_op(s, OP_EQ, "");
+  tor_free(s);
+  routerset_free(set); set = NULL;
+
+  set = routerset_new();
+  smartlist_add(set->list, tor_strndup("a", 1));
+  s = routerset_to_string(set);
+  tt_str_op(s, OP_EQ, "a");
+  tor_free(s);
+  routerset_free(set); set = NULL;
+
+  set = routerset_new();
+  smartlist_add(set->list, tor_strndup("a", 1));
+  smartlist_add(set->list, tor_strndup("b", 1));
+  s = routerset_to_string(set);
+  tt_str_op(s, OP_EQ, "a,b");
+  tor_free(s);
+  routerset_free(set); set = NULL;
+
+ done:
+  tor_free(s);
+  routerset_free((routerset_t *)set);
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_equal, empty_empty)
+
+/*
+ * Functional test for routerset_equal, with both routersets empty.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *a = routerset_new(), *b = routerset_new();
+  int r;
+  (void)arg;
+
+  r = routerset_equal(a, b);
+  routerset_free(a);
+  routerset_free(b);
+
+  tt_int_op(r, OP_EQ, 1);
+
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_equal, empty_not_empty)
+
+/*
+ * Functional test for routerset_equal, with one routersets empty.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *a = routerset_new(), *b = routerset_new();
+  int r;
+  (void)arg;
+
+  smartlist_add(b->list, tor_strdup("{xx}"));
+  r = routerset_equal(a, b);
+  routerset_free(a);
+  routerset_free(b);
+
+  tt_int_op(r, OP_EQ, 0);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_equal, differing_lengths)
+
+/*
+ * Functional test for routerset_equal, with the routersets having
+ * differing lengths.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *a = routerset_new(), *b = routerset_new();
+  int r;
+  (void)arg;
+
+  smartlist_add(a->list, tor_strdup("{aa}"));
+  smartlist_add(b->list, tor_strdup("{b1}"));
+  smartlist_add(b->list, tor_strdup("{b2}"));
+  r = routerset_equal(a, b);
+  routerset_free(a);
+  routerset_free(b);
+
+  tt_int_op(r, OP_EQ, 0);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_equal, unequal)
+
+/*
+ * Functional test for routerset_equal, with the routersets being
+ * different.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *a = routerset_new(), *b = routerset_new();
+  int r;
+  (void)arg;
+
+  smartlist_add(a->list, tor_strdup("foo"));
+  smartlist_add(b->list, tor_strdup("bar"));
+  r = routerset_equal(a, b);
+  routerset_free(a);
+  routerset_free(b);
+
+  tt_int_op(r, OP_EQ, 0);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_equal, equal)
+
+/*
+ * Functional test for routerset_equal, with the routersets being
+ * equal.
+ */
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *a = routerset_new(), *b = routerset_new();
+  int r;
+  (void)arg;
+
+  smartlist_add(a->list, tor_strdup("foo"));
+  smartlist_add(b->list, tor_strdup("foo"));
+  r = routerset_equal(a, b);
+  routerset_free(a);
+  routerset_free(b);
+
+  tt_int_op(r, OP_EQ, 1);
+  done:
+    ;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE ASPECT(routerset_free, null_routerset)
+
+/*
+ * Structural test for routerset_free, where the routerset is NULL.
+ */
+
+NS_DECL(void, smartlist_free, (smartlist_t *sl));
+
+static void
+NS(test_main)(void *arg)
+{
+  (void)arg;
+
+  NS_MOCK(smartlist_free);
+
+  routerset_free(NULL);
+
+  tt_int_op(CALLED(smartlist_free), OP_EQ, 0);
+
+  done:
+    ;
+}
+
+void
+NS(smartlist_free)(smartlist_t *s)
+{
+  (void)s;
+  CALLED(smartlist_free)++;
+}
+
+#undef NS_SUBMODULE
+#define NS_SUBMODULE routerset_free
+
+/*
+ * Structural test for routerset_free.
+ */
+
+NS_DECL(void, smartlist_free, (smartlist_t *sl));
+NS_DECL(void, strmap_free,(strmap_t *map, void (*free_val)(void*)));
+NS_DECL(void, digestmap_free, (digestmap_t *map, void (*free_val)(void*)));
+
+static void
+NS(test_main)(void *arg)
+{
+  routerset_t *routerset = routerset_new();
+  (void)arg;
+
+  NS_MOCK(smartlist_free);
+  NS_MOCK(strmap_free);
+  NS_MOCK(digestmap_free);
+
+  routerset_free(routerset);
+
+  tt_int_op(CALLED(smartlist_free), OP_NE, 0);
+  tt_int_op(CALLED(strmap_free), OP_NE, 0);
+  tt_int_op(CALLED(digestmap_free), OP_NE, 0);
+
+  done:
+    ;
+}
+
+void
+NS(smartlist_free)(smartlist_t *s)
+{
+  CALLED(smartlist_free)++;
+  smartlist_free__real(s);
+}
+
+void
+NS(strmap_free)(strmap_t *map, void (*free_val)(void*))
+{
+  CALLED(strmap_free)++;
+  strmap_free__real(map, free_val);
+}
+
+void
+NS(digestmap_free)(digestmap_t *map, void (*free_val)(void*))
+{
+  CALLED(digestmap_free)++;
+  digestmap_free__real(map, free_val);
+}
+
+#undef NS_SUBMODULE
+
+struct testcase_t routerset_tests[] = {
+  TEST_CASE(routerset_new),
+  TEST_CASE(routerset_get_countryname),
+  TEST_CASE(routerset_is_list),
+  TEST_CASE(routerset_needs_geoip),
+  TEST_CASE(routerset_is_empty),
+  TEST_CASE_ASPECT(routerset_contains, null_set_or_null_set_list),
+  TEST_CASE_ASPECT(routerset_contains, set_and_nickname),
+  TEST_CASE_ASPECT(routerset_contains, set_and_null_nickname),
+  TEST_CASE_ASPECT(routerset_contains, set_and_no_nickname),
+  TEST_CASE_ASPECT(routerset_contains, set_and_digest),
+  TEST_CASE_ASPECT(routerset_contains, set_and_no_digest),
+  TEST_CASE_ASPECT(routerset_contains, set_and_null_digest),
+  TEST_CASE_ASPECT(routerset_contains, set_and_addr),
+  TEST_CASE_ASPECT(routerset_contains, set_and_no_addr),
+  TEST_CASE_ASPECT(routerset_contains, set_and_null_addr),
+  TEST_CASE_ASPECT(routerset_contains, countries_no_geoip),
+  TEST_CASE_ASPECT(routerset_contains, countries_geoip),
+  TEST_CASE_ASPECT(routerset_add_unknown_ccs, only_flag_and_no_ccs),
+  TEST_CASE_ASPECT(routerset_add_unknown_ccs, creates_set),
+  TEST_CASE_ASPECT(routerset_add_unknown_ccs, add_unknown),
+  TEST_CASE_ASPECT(routerset_add_unknown_ccs, add_a1),
+  TEST_CASE(routerset_contains_extendinfo),
+  TEST_CASE(routerset_contains_router),
+  TEST_CASE(routerset_contains_routerstatus),
+  TEST_CASE_ASPECT(routerset_contains_node, none),
+  TEST_CASE_ASPECT(routerset_contains_node, routerinfo),
+  TEST_CASE_ASPECT(routerset_contains_node, routerstatus),
+  TEST_CASE_ASPECT(routerset_get_all_nodes, no_routerset),
+  TEST_CASE_ASPECT(routerset_get_all_nodes, list_with_no_nodes),
+  TEST_CASE_ASPECT(routerset_get_all_nodes, list_flag_not_running),
+  TEST_CASE_ASPECT(routerset_get_all_nodes, list),
+  TEST_CASE_ASPECT(routerset_get_all_nodes, nodelist_with_no_nodes),
+  TEST_CASE_ASPECT(routerset_get_all_nodes, nodelist_flag_not_running),
+  TEST_CASE_ASPECT(routerset_refresh_counties, geoip_not_loaded),
+  TEST_CASE_ASPECT(routerset_refresh_counties, no_countries),
+  TEST_CASE_ASPECT(routerset_refresh_counties, one_valid_country),
+  TEST_CASE_ASPECT(routerset_refresh_counties, one_invalid_country),
+  TEST_CASE_ASPECT(routerset_union, source_bad),
+  TEST_CASE_ASPECT(routerset_union, one),
+  TEST_CASE_ASPECT(routerset_parse, malformed),
+  TEST_CASE_ASPECT(routerset_parse, valid_hexdigest),
+  TEST_CASE_ASPECT(routerset_parse, valid_nickname),
+  TEST_CASE_ASPECT(routerset_parse, get_countryname),
+  TEST_CASE_ASPECT(routerset_parse, policy_wildcard),
+  TEST_CASE_ASPECT(routerset_parse, policy_ipv4),
+  TEST_CASE_ASPECT(routerset_parse, policy_ipv6),
+  TEST_CASE(routerset_subtract_nodes),
+  TEST_CASE_ASPECT(routerset_subtract_nodes, null_routerset),
+  TEST_CASE(routerset_to_string),
+  TEST_CASE_ASPECT(routerset_equal, empty_empty),
+  TEST_CASE_ASPECT(routerset_equal, empty_not_empty),
+  TEST_CASE_ASPECT(routerset_equal, differing_lengths),
+  TEST_CASE_ASPECT(routerset_equal, unequal),
+  TEST_CASE_ASPECT(routerset_equal, equal),
+  TEST_CASE_ASPECT(routerset_free, null_routerset),
+  TEST_CASE(routerset_free),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_scheduler.c b/src/test/test_scheduler.c
new file mode 100644
index 0000000000..6e9889b48b
--- /dev/null
+++ b/src/test/test_scheduler.c
@@ -0,0 +1,774 @@
+/* Copyright (c) 2014-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include <math.h>
+
+#include "orconfig.h"
+
+/* Libevent stuff */
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#else
+#include <event.h>
+#endif
+
+#define TOR_CHANNEL_INTERNAL_
+#define CHANNEL_PRIVATE_
+#include "or.h"
+#include "compat_libevent.h"
+#include "channel.h"
+#define SCHEDULER_PRIVATE_
+#include "scheduler.h"
+
+/* Test suite stuff */
+#include "test.h"
+#include "fakechans.h"
+
+/* Statics in scheduler.c exposed to the test suite */
+extern smartlist_t *channels_pending;
+extern struct event *run_sched_ev;
+extern uint64_t queue_heuristic;
+extern time_t queue_heuristic_timestamp;
+
+/* Event base for scheduelr tests */
+static struct event_base *mock_event_base = NULL;
+
+/* Statics controlling mocks */
+static circuitmux_t *mock_ccm_tgt_1 = NULL;
+static circuitmux_t *mock_ccm_tgt_2 = NULL;
+
+static circuitmux_t *mock_cgp_tgt_1 = NULL;
+static circuitmux_policy_t *mock_cgp_val_1 = NULL;
+static circuitmux_t *mock_cgp_tgt_2 = NULL;
+static circuitmux_policy_t *mock_cgp_val_2 = NULL;
+static int scheduler_compare_channels_mock_ctr = 0;
+static int scheduler_run_mock_ctr = 0;
+
+static void channel_flush_some_cells_mock_free_all(void);
+static void channel_flush_some_cells_mock_set(channel_t *chan,
+                                              ssize_t num_cells);
+
+/* Setup for mock event stuff */
+static void mock_event_free_all(void);
+static void mock_event_init(void);
+
+/* Mocks used by scheduler tests */
+static ssize_t channel_flush_some_cells_mock(channel_t *chan,
+                                             ssize_t num_cells);
+static int circuitmux_compare_muxes_mock(circuitmux_t *cmux_1,
+                                         circuitmux_t *cmux_2);
+static const circuitmux_policy_t * circuitmux_get_policy_mock(
+    circuitmux_t *cmux);
+static int scheduler_compare_channels_mock(const void *c1_v,
+                                           const void *c2_v);
+static void scheduler_run_noop_mock(void);
+static struct event_base * tor_libevent_get_base_mock(void);
+
+/* Scheduler test cases */
+static void test_scheduler_channel_states(void *arg);
+static void test_scheduler_compare_channels(void *arg);
+static void test_scheduler_initfree(void *arg);
+static void test_scheduler_loop(void *arg);
+static void test_scheduler_queue_heuristic(void *arg);
+
+/* Mock event init/free */
+
+/* Shamelessly stolen from compat_libevent.c */
+#define V(major, minor, patch) \
+  (((major) << 24) | ((minor) << 16) | ((patch) << 8))
+
+static void
+mock_event_free_all(void)
+{
+  tt_assert(mock_event_base != NULL);
+
+  if (mock_event_base) {
+    event_base_free(mock_event_base);
+    mock_event_base = NULL;
+  }
+
+  tt_ptr_op(mock_event_base, ==, NULL);
+
+ done:
+  return;
+}
+
+static void
+mock_event_init(void)
+{
+#ifdef HAVE_EVENT2_EVENT_H
+  struct event_config *cfg = NULL;
+#endif
+
+  tt_ptr_op(mock_event_base, ==, NULL);
+
+  /*
+   * Really cut down from tor_libevent_initialize of
+   * src/common/compat_libevent.c to kill config dependencies
+   */
+
+  if (!mock_event_base) {
+#ifdef HAVE_EVENT2_EVENT_H
+    cfg = event_config_new();
+#if LIBEVENT_VERSION_NUMBER >= V(2,0,9)
+    /* We can enable changelist support with epoll, since we don't give
+     * Libevent any dup'd fds.  This lets us avoid some syscalls. */
+    event_config_set_flag(cfg, EVENT_BASE_FLAG_EPOLL_USE_CHANGELIST);
+#endif
+    mock_event_base = event_base_new_with_config(cfg);
+    event_config_free(cfg);
+#else
+    mock_event_base = event_init();
+#endif
+  }
+
+  tt_assert(mock_event_base != NULL);
+
+ done:
+  return;
+}
+
+/* Mocks */
+
+typedef struct {
+  const channel_t *chan;
+  ssize_t cells;
+} flush_mock_channel_t;
+
+static smartlist_t *chans_for_flush_mock = NULL;
+
+static void
+channel_flush_some_cells_mock_free_all(void)
+{
+  if (chans_for_flush_mock) {
+    SMARTLIST_FOREACH_BEGIN(chans_for_flush_mock,
+                            flush_mock_channel_t *,
+                            flush_mock_ch) {
+      SMARTLIST_DEL_CURRENT(chans_for_flush_mock, flush_mock_ch);
+      tor_free(flush_mock_ch);
+    } SMARTLIST_FOREACH_END(flush_mock_ch);
+
+    smartlist_free(chans_for_flush_mock);
+    chans_for_flush_mock = NULL;
+  }
+}
+
+static void
+channel_flush_some_cells_mock_set(channel_t *chan, ssize_t num_cells)
+{
+  flush_mock_channel_t *flush_mock_ch = NULL;
+
+  if (!chan) return;
+  if (num_cells <= 0) return;
+
+  if (!chans_for_flush_mock) {
+    chans_for_flush_mock = smartlist_new();
+  }
+
+  SMARTLIST_FOREACH_BEGIN(chans_for_flush_mock,
+                          flush_mock_channel_t *,
+                          flush_mock_ch) {
+    if (flush_mock_ch != NULL && flush_mock_ch->chan != NULL) {
+      if (flush_mock_ch->chan == chan) {
+        /* Found it */
+        flush_mock_ch->cells = num_cells;
+        break;
+      }
+    } else {
+      /* That shouldn't be there... */
+      SMARTLIST_DEL_CURRENT(chans_for_flush_mock, flush_mock_ch);
+      tor_free(flush_mock_ch);
+    }
+  } SMARTLIST_FOREACH_END(flush_mock_ch);
+
+  if (!flush_mock_ch) {
+    /* The loop didn't find it */
+    flush_mock_ch = tor_malloc_zero(sizeof(*flush_mock_ch));
+    flush_mock_ch->chan = chan;
+    flush_mock_ch->cells = num_cells;
+    smartlist_add(chans_for_flush_mock, flush_mock_ch);
+  }
+}
+
+static ssize_t
+channel_flush_some_cells_mock(channel_t *chan, ssize_t num_cells)
+{
+  ssize_t flushed = 0, max;
+  char unlimited = 0;
+  flush_mock_channel_t *found = NULL;
+
+  tt_assert(chan != NULL);
+  if (chan) {
+    if (num_cells < 0) {
+      num_cells = 0;
+      unlimited = 1;
+    }
+
+    /* Check if we have it */
+    if (chans_for_flush_mock != NULL) {
+      SMARTLIST_FOREACH_BEGIN(chans_for_flush_mock,
+                              flush_mock_channel_t *,
+                              flush_mock_ch) {
+        if (flush_mock_ch != NULL && flush_mock_ch->chan != NULL) {
+          if (flush_mock_ch->chan == chan) {
+            /* Found it */
+            found = flush_mock_ch;
+            break;
+          }
+        } else {
+          /* That shouldn't be there... */
+          SMARTLIST_DEL_CURRENT(chans_for_flush_mock, flush_mock_ch);
+          tor_free(flush_mock_ch);
+        }
+      } SMARTLIST_FOREACH_END(flush_mock_ch);
+
+      if (found) {
+        /* We found one */
+        if (found->cells < 0) found->cells = 0;
+
+        if (unlimited) max = found->cells;
+        else max = MIN(found->cells, num_cells);
+
+        flushed += max;
+        found->cells -= max;
+
+        if (found->cells <= 0) {
+          smartlist_remove(chans_for_flush_mock, found);
+          tor_free(found);
+        }
+      }
+    }
+  }
+
+ done:
+  return flushed;
+}
+
+static int
+circuitmux_compare_muxes_mock(circuitmux_t *cmux_1,
+                              circuitmux_t *cmux_2)
+{
+  int result = 0;
+
+  tt_assert(cmux_1 != NULL);
+  tt_assert(cmux_2 != NULL);
+
+  if (cmux_1 != cmux_2) {
+    if (cmux_1 == mock_ccm_tgt_1 && cmux_2 == mock_ccm_tgt_2) result = -1;
+    else if (cmux_1 == mock_ccm_tgt_2 && cmux_2 == mock_ccm_tgt_1) {
+      result = 1;
+    } else {
+      if (cmux_1 == mock_ccm_tgt_1 || cmux_1 == mock_ccm_tgt_2) result = -1;
+      else if (cmux_2 == mock_ccm_tgt_1 || cmux_2 == mock_ccm_tgt_2) {
+        result = 1;
+      } else {
+        result = circuitmux_compare_muxes__real(cmux_1, cmux_2);
+      }
+    }
+  }
+  /* else result = 0 always */
+
+ done:
+  return result;
+}
+
+static const circuitmux_policy_t *
+circuitmux_get_policy_mock(circuitmux_t *cmux)
+{
+  const circuitmux_policy_t *result = NULL;
+
+  tt_assert(cmux != NULL);
+  if (cmux) {
+    if (cmux == mock_cgp_tgt_1) result = mock_cgp_val_1;
+    else if (cmux == mock_cgp_tgt_2) result = mock_cgp_val_2;
+    else result = circuitmux_get_policy__real(cmux);
+  }
+
+ done:
+  return result;
+}
+
+static int
+scheduler_compare_channels_mock(const void *c1_v,
+                                const void *c2_v)
+{
+  uintptr_t p1, p2;
+
+  p1 = (uintptr_t)(c1_v);
+  p2 = (uintptr_t)(c2_v);
+
+  ++scheduler_compare_channels_mock_ctr;
+
+  if (p1 == p2) return 0;
+  else if (p1 < p2) return 1;
+  else return -1;
+}
+
+static void
+scheduler_run_noop_mock(void)
+{
+  ++scheduler_run_mock_ctr;
+}
+
+static struct event_base *
+tor_libevent_get_base_mock(void)
+{
+  return mock_event_base;
+}
+
+/* Test cases */
+
+static void
+test_scheduler_channel_states(void *arg)
+{
+  channel_t *ch1 = NULL, *ch2 = NULL;
+  int old_count;
+
+  (void)arg;
+
+  /* Set up libevent and scheduler */
+
+  mock_event_init();
+  MOCK(tor_libevent_get_base, tor_libevent_get_base_mock);
+  scheduler_init();
+  /*
+   * Install the compare channels mock so we can test
+   * scheduler_touch_channel().
+   */
+  MOCK(scheduler_compare_channels, scheduler_compare_channels_mock);
+  /*
+   * Disable scheduler_run so we can just check the state transitions
+   * without having to make everything it might call work too.
+   */
+  MOCK(scheduler_run, scheduler_run_noop_mock);
+
+  tt_int_op(smartlist_len(channels_pending), ==, 0);
+
+  /* Set up a fake channel */
+  ch1 = new_fake_channel();
+  tt_assert(ch1);
+
+  /* Start it off in OPENING */
+  ch1->state = CHANNEL_STATE_OPENING;
+  /* We'll need a cmux */
+  ch1->cmux = circuitmux_alloc();
+  /* Try to register it */
+  channel_register(ch1);
+  tt_assert(ch1->registered);
+
+  /* It should start off in SCHED_CHAN_IDLE */
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_IDLE);
+
+  /* Now get another one */
+  ch2 = new_fake_channel();
+  tt_assert(ch2);
+  ch2->state = CHANNEL_STATE_OPENING;
+  ch2->cmux = circuitmux_alloc();
+  channel_register(ch2);
+  tt_assert(ch2->registered);
+
+  /* Send it to SCHED_CHAN_WAITING_TO_WRITE */
+  scheduler_channel_has_waiting_cells(ch1);
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_WAITING_TO_WRITE);
+
+  /* This should send it to SCHED_CHAN_PENDING */
+  scheduler_channel_wants_writes(ch1);
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 1);
+
+  /* Now send ch2 to SCHED_CHAN_WAITING_FOR_CELLS */
+  scheduler_channel_wants_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_WAITING_FOR_CELLS);
+
+  /* Drop ch2 back to idle */
+  scheduler_channel_doesnt_want_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_IDLE);
+
+  /* ...and back to SCHED_CHAN_WAITING_FOR_CELLS */
+  scheduler_channel_wants_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_WAITING_FOR_CELLS);
+
+  /* ...and this should kick ch2 into SCHED_CHAN_PENDING */
+  scheduler_channel_has_waiting_cells(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 2);
+
+  /* This should send ch2 to SCHED_CHAN_WAITING_TO_WRITE */
+  scheduler_channel_doesnt_want_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_WAITING_TO_WRITE);
+  tt_int_op(smartlist_len(channels_pending), ==, 1);
+
+  /* ...and back to SCHED_CHAN_PENDING */
+  scheduler_channel_wants_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 2);
+
+  /* Now we exercise scheduler_touch_channel */
+  old_count = scheduler_compare_channels_mock_ctr;
+  scheduler_touch_channel(ch1);
+  tt_assert(scheduler_compare_channels_mock_ctr > old_count);
+
+  /* Close */
+  channel_mark_for_close(ch1);
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_CLOSING);
+  channel_mark_for_close(ch2);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_CLOSING);
+  channel_closed(ch1);
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_CLOSED);
+  ch1 = NULL;
+  channel_closed(ch2);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_CLOSED);
+  ch2 = NULL;
+
+  /* Shut things down */
+
+  channel_free_all();
+  scheduler_free_all();
+  mock_event_free_all();
+
+ done:
+  tor_free(ch1);
+  tor_free(ch2);
+
+  UNMOCK(scheduler_compare_channels);
+  UNMOCK(scheduler_run);
+  UNMOCK(tor_libevent_get_base);
+
+  return;
+}
+
+static void
+test_scheduler_compare_channels(void *arg)
+{
+  /* We don't actually need whole fake channels... */
+  channel_t c1, c2;
+  /* ...and some dummy circuitmuxes too */
+  circuitmux_t *cm1 = NULL, *cm2 = NULL;
+  int result;
+
+  (void)arg;
+
+  /* We can't actually see sizeof(circuitmux_t) from here */
+  cm1 = tor_malloc_zero(sizeof(void *));
+  cm2 = tor_malloc_zero(sizeof(void *));
+
+  c1.cmux = cm1;
+  c2.cmux = cm2;
+
+  /* Configure circuitmux_get_policy() mock */
+  mock_cgp_tgt_1 = cm1;
+  mock_cgp_tgt_2 = cm2;
+
+  /*
+   * This is to test the different-policies case, which uses the policy
+   * cast to an uintptr_t as an arbitrary but definite thing to compare.
+   */
+  mock_cgp_val_1 = tor_malloc_zero(16);
+  mock_cgp_val_2 = tor_malloc_zero(16);
+  if ( ((uintptr_t) mock_cgp_val_1) > ((uintptr_t) mock_cgp_val_2) ) {
+    void *tmp = mock_cgp_val_1;
+    mock_cgp_val_1 = mock_cgp_val_2;
+    mock_cgp_val_2 = tmp;
+  }
+
+  MOCK(circuitmux_get_policy, circuitmux_get_policy_mock);
+
+  /* Now set up circuitmux_compare_muxes() mock using cm1/cm2 */
+  mock_ccm_tgt_1 = cm1;
+  mock_ccm_tgt_2 = cm2;
+  MOCK(circuitmux_compare_muxes, circuitmux_compare_muxes_mock);
+
+  /* Equal-channel case */
+  result = scheduler_compare_channels(&c1, &c1);
+  tt_int_op(result, ==, 0);
+
+  /* Distinct channels, distinct policies */
+  result = scheduler_compare_channels(&c1, &c2);
+  tt_int_op(result, ==, -1);
+  result = scheduler_compare_channels(&c2, &c1);
+  tt_int_op(result, ==, 1);
+
+  /* Distinct channels, same policy */
+  tor_free(mock_cgp_val_2);
+  mock_cgp_val_2 = mock_cgp_val_1;
+  result = scheduler_compare_channels(&c1, &c2);
+  tt_int_op(result, ==, -1);
+  result = scheduler_compare_channels(&c2, &c1);
+  tt_int_op(result, ==, 1);
+
+ done:
+
+  UNMOCK(circuitmux_compare_muxes);
+  mock_ccm_tgt_1 = NULL;
+  mock_ccm_tgt_2 = NULL;
+
+  UNMOCK(circuitmux_get_policy);
+  mock_cgp_tgt_1 = NULL;
+  mock_cgp_tgt_2 = NULL;
+
+  tor_free(cm1);
+  tor_free(cm2);
+
+  if (mock_cgp_val_1 != mock_cgp_val_2)
+    tor_free(mock_cgp_val_1);
+  tor_free(mock_cgp_val_2);
+  mock_cgp_val_1 = NULL;
+  mock_cgp_val_2 = NULL;
+
+  return;
+}
+
+static void
+test_scheduler_initfree(void *arg)
+{
+  (void)arg;
+
+  tt_ptr_op(channels_pending, ==, NULL);
+  tt_ptr_op(run_sched_ev, ==, NULL);
+
+  mock_event_init();
+  MOCK(tor_libevent_get_base, tor_libevent_get_base_mock);
+
+  scheduler_init();
+
+  tt_assert(channels_pending != NULL);
+  tt_assert(run_sched_ev != NULL);
+
+  scheduler_free_all();
+
+  UNMOCK(tor_libevent_get_base);
+  mock_event_free_all();
+
+  tt_ptr_op(channels_pending, ==, NULL);
+  tt_ptr_op(run_sched_ev, ==, NULL);
+
+ done:
+  return;
+}
+
+static void
+test_scheduler_loop(void *arg)
+{
+  channel_t *ch1 = NULL, *ch2 = NULL;
+
+  (void)arg;
+
+  /* Set up libevent and scheduler */
+
+  mock_event_init();
+  MOCK(tor_libevent_get_base, tor_libevent_get_base_mock);
+  scheduler_init();
+  /*
+   * Install the compare channels mock so we can test
+   * scheduler_touch_channel().
+   */
+  MOCK(scheduler_compare_channels, scheduler_compare_channels_mock);
+  /*
+   * Disable scheduler_run so we can just check the state transitions
+   * without having to make everything it might call work too.
+   */
+  MOCK(scheduler_run, scheduler_run_noop_mock);
+
+  tt_int_op(smartlist_len(channels_pending), ==, 0);
+
+  /* Set up a fake channel */
+  ch1 = new_fake_channel();
+  tt_assert(ch1);
+
+  /* Start it off in OPENING */
+  ch1->state = CHANNEL_STATE_OPENING;
+  /* We'll need a cmux */
+  ch1->cmux = circuitmux_alloc();
+  /* Try to register it */
+  channel_register(ch1);
+  tt_assert(ch1->registered);
+  /* Finish opening it */
+  channel_change_state(ch1, CHANNEL_STATE_OPEN);
+
+  /* It should start off in SCHED_CHAN_IDLE */
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_IDLE);
+
+  /* Now get another one */
+  ch2 = new_fake_channel();
+  tt_assert(ch2);
+  ch2->state = CHANNEL_STATE_OPENING;
+  ch2->cmux = circuitmux_alloc();
+  channel_register(ch2);
+  tt_assert(ch2->registered);
+  /*
+   * Don't open ch2; then channel_num_cells_writeable() will return
+   * zero and we'll get coverage of that exception case in scheduler_run()
+   */
+
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_OPEN);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_OPENING);
+
+  /* Send it to SCHED_CHAN_WAITING_TO_WRITE */
+  scheduler_channel_has_waiting_cells(ch1);
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_WAITING_TO_WRITE);
+
+  /* This should send it to SCHED_CHAN_PENDING */
+  scheduler_channel_wants_writes(ch1);
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 1);
+
+  /* Now send ch2 to SCHED_CHAN_WAITING_FOR_CELLS */
+  scheduler_channel_wants_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_WAITING_FOR_CELLS);
+
+  /* Drop ch2 back to idle */
+  scheduler_channel_doesnt_want_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_IDLE);
+
+  /* ...and back to SCHED_CHAN_WAITING_FOR_CELLS */
+  scheduler_channel_wants_writes(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_WAITING_FOR_CELLS);
+
+  /* ...and this should kick ch2 into SCHED_CHAN_PENDING */
+  scheduler_channel_has_waiting_cells(ch2);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 2);
+
+  /*
+   * Now we've got two pending channels and need to fire off
+   * scheduler_run(); first, unmock it.
+   */
+
+  UNMOCK(scheduler_run);
+
+  scheduler_run();
+
+  /* Now re-mock it */
+  MOCK(scheduler_run, scheduler_run_noop_mock);
+
+  /*
+   * Assert that they're still in the states we left and aren't still
+   * pending
+   */
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_OPEN);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_OPENING);
+  tt_assert(ch1->scheduler_state != SCHED_CHAN_PENDING);
+  tt_assert(ch2->scheduler_state != SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 0);
+
+  /* Now, finish opening ch2, and get both back to pending */
+  channel_change_state(ch2, CHANNEL_STATE_OPEN);
+  scheduler_channel_wants_writes(ch1);
+  scheduler_channel_wants_writes(ch2);
+  scheduler_channel_has_waiting_cells(ch1);
+  scheduler_channel_has_waiting_cells(ch2);
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_OPEN);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_OPEN);
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_PENDING);
+  tt_int_op(smartlist_len(channels_pending), ==, 2);
+
+  /* Now, set up the channel_flush_some_cells() mock */
+  MOCK(channel_flush_some_cells, channel_flush_some_cells_mock);
+  /*
+   * 16 cells on ch1 means it'll completely drain into the 32 cells
+   * fakechan's num_cells_writeable() returns.
+   */
+  channel_flush_some_cells_mock_set(ch1, 16);
+  /*
+   * This one should get sent back to pending, since num_cells_writeable()
+   * will still return non-zero.
+   */
+  channel_flush_some_cells_mock_set(ch2, 48);
+
+  /*
+   * And re-run the scheduler_run() loop with non-zero returns from
+   * channel_flush_some_cells() this time.
+   */
+  UNMOCK(scheduler_run);
+
+  scheduler_run();
+
+  /* Now re-mock it */
+  MOCK(scheduler_run, scheduler_run_noop_mock);
+
+  /*
+   * ch1 should have gone to SCHED_CHAN_WAITING_FOR_CELLS, with 16 flushed
+   * and 32 writeable.
+   */
+  tt_int_op(ch1->scheduler_state, ==, SCHED_CHAN_WAITING_FOR_CELLS);
+  /*
+   * ...ch2 should also have gone to SCHED_CHAN_WAITING_FOR_CELLS, with
+   * channel_more_to_flush() returning false and channel_num_cells_writeable()
+   * > 0/
+   */
+  tt_int_op(ch2->scheduler_state, ==, SCHED_CHAN_WAITING_FOR_CELLS);
+
+  /* Close */
+  channel_mark_for_close(ch1);
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_CLOSING);
+  channel_mark_for_close(ch2);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_CLOSING);
+  channel_closed(ch1);
+  tt_int_op(ch1->state, ==, CHANNEL_STATE_CLOSED);
+  ch1 = NULL;
+  channel_closed(ch2);
+  tt_int_op(ch2->state, ==, CHANNEL_STATE_CLOSED);
+  ch2 = NULL;
+
+  /* Shut things down */
+  channel_flush_some_cells_mock_free_all();
+  channel_free_all();
+  scheduler_free_all();
+  mock_event_free_all();
+
+ done:
+  tor_free(ch1);
+  tor_free(ch2);
+
+  UNMOCK(channel_flush_some_cells);
+  UNMOCK(scheduler_compare_channels);
+  UNMOCK(scheduler_run);
+  UNMOCK(tor_libevent_get_base);
+}
+
+static void
+test_scheduler_queue_heuristic(void *arg)
+{
+  time_t now = approx_time();
+  uint64_t qh;
+
+  (void)arg;
+
+  queue_heuristic = 0;
+  queue_heuristic_timestamp = 0;
+
+  /* Not yet inited case */
+  scheduler_update_queue_heuristic(now - 180);
+  tt_u64_op(queue_heuristic, ==, 0);
+  tt_int_op(queue_heuristic_timestamp, ==, now - 180);
+
+  queue_heuristic = 1000000000L;
+  queue_heuristic_timestamp = now - 120;
+
+  scheduler_update_queue_heuristic(now - 119);
+  tt_u64_op(queue_heuristic, ==, 500000000L);
+  tt_int_op(queue_heuristic_timestamp, ==, now - 119);
+
+  scheduler_update_queue_heuristic(now - 116);
+  tt_u64_op(queue_heuristic, ==, 62500000L);
+  tt_int_op(queue_heuristic_timestamp, ==, now - 116);
+
+  qh = scheduler_get_queue_heuristic();
+  tt_u64_op(qh, ==, 0);
+
+ done:
+  return;
+}
+
+struct testcase_t scheduler_tests[] = {
+  { "channel_states", test_scheduler_channel_states, TT_FORK, NULL, NULL },
+  { "compare_channels", test_scheduler_compare_channels,
+    TT_FORK, NULL, NULL },
+  { "initfree", test_scheduler_initfree, TT_FORK, NULL, NULL },
+  { "loop", test_scheduler_loop, TT_FORK, NULL, NULL },
+  { "queue_heuristic", test_scheduler_queue_heuristic,
+    TT_FORK, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_slow.c b/src/test/test_slow.c
new file mode 100644
index 0000000000..c1d2e81914
--- /dev/null
+++ b/src/test/test_slow.c
@@ -0,0 +1,29 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file test_slow.c
+ * \brief Slower unit tests for many pieces of the lower level Tor modules.
+ **/
+
+#include "orconfig.h"
+
+#include <stdio.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include "or.h"
+#include "test.h"
+
+extern struct testcase_t slow_crypto_tests[];
+extern struct testcase_t slow_util_tests[];
+
+struct testgroup_t testgroups[] = {
+  { "slow/crypto/", slow_crypto_tests },
+  { "slow/util/", slow_util_tests },
+  END_OF_GROUPS
+};
+
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 4ce61e068b..6da09fd653 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -1,6 +1,6 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "or.h"
@@ -61,10 +61,10 @@ test_socks_4_unsupported_commands(void *ptr)
 
   /* SOCKS 4 Send BIND [02] to IP address 2.2.2.2:4369 */
   ADD_DATA(buf, "\x04\x02\x11\x11\x02\x02\x02\x02\x00");
-  test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+  tt_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
                                    get_options()->SafeSocks) == -1);
-  test_eq(4, socks->socks_version);
-  test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */
+  tt_int_op(4,OP_EQ, socks->socks_version);
+  tt_int_op(0,OP_EQ, socks->replylen); /* XXX: shouldn't tor reply? */
 
  done:
   ;
@@ -76,49 +76,49 @@ test_socks_4_supported_commands(void *ptr)
 {
   SOCKS_TEST_INIT();
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
 
   /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */
   ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00");
-  test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+  tt_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
                                    get_options()->SafeSocks) == 1);
-  test_eq(4, socks->socks_version);
-  test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */
-  test_eq(SOCKS_COMMAND_CONNECT, socks->command);
-  test_streq("2.2.2.3", socks->address);
-  test_eq(4370, socks->port);
-  test_assert(socks->got_auth == 0);
-  test_assert(! socks->username);
-
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(4,OP_EQ, socks->socks_version);
+  tt_int_op(0,OP_EQ, socks->replylen); /* XXX: shouldn't tor reply? */
+  tt_int_op(SOCKS_COMMAND_CONNECT,OP_EQ, socks->command);
+  tt_str_op("2.2.2.3",OP_EQ, socks->address);
+  tt_int_op(4370,OP_EQ, socks->port);
+  tt_assert(socks->got_auth == 0);
+  tt_assert(! socks->username);
+
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
   socks_request_clear(socks);
 
   /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/
   ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00");
-  test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+  tt_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
                                    get_options()->SafeSocks) == 1);
-  test_eq(4, socks->socks_version);
-  test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */
-  test_eq(SOCKS_COMMAND_CONNECT, socks->command);
-  test_streq("2.2.2.4", socks->address);
-  test_eq(4370, socks->port);
-  test_assert(socks->got_auth == 1);
-  test_assert(socks->username);
-  test_eq(2, socks->usernamelen);
-  test_memeq("me", socks->username, 2);
-
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(4,OP_EQ, socks->socks_version);
+  tt_int_op(0,OP_EQ, socks->replylen); /* XXX: shouldn't tor reply? */
+  tt_int_op(SOCKS_COMMAND_CONNECT,OP_EQ, socks->command);
+  tt_str_op("2.2.2.4",OP_EQ, socks->address);
+  tt_int_op(4370,OP_EQ, socks->port);
+  tt_assert(socks->got_auth == 1);
+  tt_assert(socks->username);
+  tt_int_op(2,OP_EQ, socks->usernamelen);
+  tt_mem_op("me",OP_EQ, socks->username, 2);
+
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
   socks_request_clear(socks);
 
   /* SOCKS 4a Send RESOLVE [F0] request for torproject.org */
   ADD_DATA(buf, "\x04\xF0\x01\x01\x00\x00\x00\x02me\x00torproject.org\x00");
-  test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+  tt_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
                                    get_options()->SafeSocks) == 1);
-  test_eq(4, socks->socks_version);
-  test_eq(0, socks->replylen); /* XXX: shouldn't tor reply? */
-  test_streq("torproject.org", socks->address);
+  tt_int_op(4,OP_EQ, socks->socks_version);
+  tt_int_op(0,OP_EQ, socks->replylen); /* XXX: shouldn't tor reply? */
+  tt_str_op("torproject.org",OP_EQ, socks->address);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
 
  done:
   ;
@@ -133,33 +133,43 @@ test_socks_5_unsupported_commands(void *ptr)
   /* SOCKS 5 Send unsupported BIND [02] command */
   ADD_DATA(buf, "\x05\x02\x00\x01");
 
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                               get_options()->SafeSocks), 0);
-  test_eq(0, buf_datalen(buf));
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                               get_options()->SafeSocks),OP_EQ, 0);
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
   ADD_DATA(buf, "\x05\x02\x00\x01\x02\x02\x02\x01\x01\x01");
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                               get_options()->SafeSocks), -1);
-  /* XXX: shouldn't tor reply 'command not supported' [07]? */
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                               get_options()->SafeSocks),OP_EQ, -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_COMMAND_NOT_SUPPORTED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
 
   buf_clear(buf);
   socks_request_clear(socks);
 
   /* SOCKS 5 Send unsupported UDP_ASSOCIATE [03] command */
-  ADD_DATA(buf, "\x05\x03\x00\x01\x02");
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                               get_options()->SafeSocks), 0);
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(2, socks->reply[1]);
+  ADD_DATA(buf, "\x05\x02\x00\x01");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                               get_options()->SafeSocks),OP_EQ, 0);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
   ADD_DATA(buf, "\x05\x03\x00\x01\x02\x02\x02\x01\x01\x01");
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                               get_options()->SafeSocks), -1);
-  /* XXX: shouldn't tor reply 'command not supported' [07]? */
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                               get_options()->SafeSocks),OP_EQ, -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_COMMAND_NOT_SUPPORTED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
 
  done:
   ;
@@ -173,64 +183,100 @@ test_socks_5_supported_commands(void *ptr)
 
   /* SOCKS 5 Send CONNECT [01] to IP address 2.2.2.2:4369 */
   ADD_DATA(buf, "\x05\x01\x00");
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                                   get_options()->SafeSocks), 0);
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                                   get_options()->SafeSocks),OP_EQ, 0);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
 
   ADD_DATA(buf, "\x05\x01\x00\x01\x02\x02\x02\x02\x11\x11");
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                                   get_options()->SafeSocks), 1);
-  test_streq("2.2.2.2", socks->address);
-  test_eq(4369, socks->port);
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                                   get_options()->SafeSocks),OP_EQ, 1);
+  tt_str_op("2.2.2.2",OP_EQ, socks->address);
+  tt_int_op(4369,OP_EQ, socks->port);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
   socks_request_clear(socks);
 
   /* SOCKS 5 Send CONNECT [01] to FQDN torproject.org:4369 */
   ADD_DATA(buf, "\x05\x01\x00");
   ADD_DATA(buf, "\x05\x01\x00\x03\x0Etorproject.org\x11\x11");
-  test_eq(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
-                                   get_options()->SafeSocks), 1);
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                                   get_options()->SafeSocks),OP_EQ, 1);
 
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
-  test_streq("torproject.org", socks->address);
-  test_eq(4369, socks->port);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
+  tt_str_op("torproject.org",OP_EQ, socks->address);
+  tt_int_op(4369,OP_EQ, socks->port);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
   socks_request_clear(socks);
 
   /* SOCKS 5 Send RESOLVE [F0] request for torproject.org:4369 */
   ADD_DATA(buf, "\x05\x01\x00");
   ADD_DATA(buf, "\x05\xF0\x00\x03\x0Etorproject.org\x01\x02");
-  test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+  tt_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
                                    get_options()->SafeSocks) == 1);
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
-  test_streq("torproject.org", socks->address);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
+  tt_str_op("torproject.org",OP_EQ, socks->address);
+
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
+  socks_request_clear(socks);
+
+  /* SOCKS 5 Should reject RESOLVE [F0] request for IPv4 address
+   * string if SafeSocks is enabled. */
+
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x07");
+  ADD_DATA(buf, "8.8.8.8");
+  ADD_DATA(buf, "\x01\x02");
+  tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1)
+            == -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_NOT_ALLOWED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
+
+  socks_request_clear(socks);
+
+  /* SOCKS 5 should reject RESOLVE [F0] reject for IPv6 address
+   * string if SafeSocks is enabled. */
+
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\xF0\x00\x03\x27");
+  ADD_DATA(buf, "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+  ADD_DATA(buf, "\x01\x02");
+  tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1)
+            == -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_NOT_ALLOWED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
 
-  test_eq(0, buf_datalen(buf));
   socks_request_clear(socks);
 
   /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */
   ADD_DATA(buf, "\x05\x01\x00");
   ADD_DATA(buf, "\x05\xF1\x00\x01\x02\x02\x02\x05\x01\x03");
-  test_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+  tt_assert(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
                                    get_options()->SafeSocks) == 1);
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
-  test_streq("2.2.2.5", socks->address);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
+  tt_str_op("2.2.2.5",OP_EQ, socks->address);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
 
  done:
   ;
@@ -244,30 +290,30 @@ test_socks_5_no_authenticate(void *ptr)
 
   /*SOCKS 5 No Authentication */
   ADD_DATA(buf,"\x05\x01\x00");
-  test_assert(!fetch_from_buf_socks(buf, socks,
+  tt_assert(!fetch_from_buf_socks(buf, socks,
                                     get_options()->TestSocks,
                                     get_options()->SafeSocks));
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(SOCKS_NO_AUTH, socks->reply[1]);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(SOCKS_NO_AUTH,OP_EQ, socks->reply[1]);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
 
   /*SOCKS 5 Send username/password anyway - pretend to be broken */
   ADD_DATA(buf,"\x01\x02\x01\x01\x02\x01\x01");
-  test_assert(!fetch_from_buf_socks(buf, socks,
+  tt_assert(!fetch_from_buf_socks(buf, socks,
                                     get_options()->TestSocks,
                                     get_options()->SafeSocks));
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(1, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(1,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
 
-  test_eq(2, socks->usernamelen);
-  test_eq(2, socks->passwordlen);
+  tt_int_op(2,OP_EQ, socks->usernamelen);
+  tt_int_op(2,OP_EQ, socks->passwordlen);
 
-  test_memeq("\x01\x01", socks->username, 2);
-  test_memeq("\x01\x01", socks->password, 2);
+  tt_mem_op("\x01\x01",OP_EQ, socks->username, 2);
+  tt_mem_op("\x01\x01",OP_EQ, socks->password, 2);
 
  done:
   ;
@@ -282,31 +328,31 @@ test_socks_5_authenticate(void *ptr)
   /* SOCKS 5 Negotiate username/password authentication */
   ADD_DATA(buf, "\x05\x01\x02");
 
-  test_assert(!fetch_from_buf_socks(buf, socks,
+  tt_assert(!fetch_from_buf_socks(buf, socks,
                                    get_options()->TestSocks,
                                    get_options()->SafeSocks));
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(SOCKS_USER_PASS, socks->reply[1]);
-  test_eq(5, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(SOCKS_USER_PASS,OP_EQ, socks->reply[1]);
+  tt_int_op(5,OP_EQ, socks->socks_version);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
 
   /* SOCKS 5 Send username/password */
   ADD_DATA(buf, "\x01\x02me\x08mypasswd");
-  test_assert(!fetch_from_buf_socks(buf, socks,
+  tt_assert(!fetch_from_buf_socks(buf, socks,
                                    get_options()->TestSocks,
                                    get_options()->SafeSocks));
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(1, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(1,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
 
-  test_eq(2, socks->usernamelen);
-  test_eq(8, socks->passwordlen);
+  tt_int_op(2,OP_EQ, socks->usernamelen);
+  tt_int_op(8,OP_EQ, socks->passwordlen);
 
-  test_memeq("me", socks->username, 2);
-  test_memeq("mypasswd", socks->password, 8);
+  tt_mem_op("me",OP_EQ, socks->username, 2);
+  tt_mem_op("mypasswd",OP_EQ, socks->password, 8);
 
  done:
   ;
@@ -321,34 +367,34 @@ test_socks_5_authenticate_with_data(void *ptr)
   /* SOCKS 5 Negotiate username/password authentication */
   ADD_DATA(buf, "\x05\x01\x02");
 
-  test_assert(!fetch_from_buf_socks(buf, socks,
+  tt_assert(!fetch_from_buf_socks(buf, socks,
                                    get_options()->TestSocks,
                                    get_options()->SafeSocks));
-  test_eq(2, socks->replylen);
-  test_eq(5, socks->reply[0]);
-  test_eq(SOCKS_USER_PASS, socks->reply[1]);
-  test_eq(5, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(5,OP_EQ, socks->reply[0]);
+  tt_int_op(SOCKS_USER_PASS,OP_EQ, socks->reply[1]);
+  tt_int_op(5,OP_EQ, socks->socks_version);
 
-  test_eq(0, buf_datalen(buf));
+  tt_int_op(0,OP_EQ, buf_datalen(buf));
 
   /* SOCKS 5 Send username/password */
   /* SOCKS 5 Send CONNECT [01] to IP address 2.2.2.2:4369 */
   ADD_DATA(buf, "\x01\x02me\x03you\x05\x01\x00\x01\x02\x02\x02\x02\x11\x11");
-  test_assert(fetch_from_buf_socks(buf, socks,
+  tt_assert(fetch_from_buf_socks(buf, socks,
                                    get_options()->TestSocks,
                                    get_options()->SafeSocks) == 1);
-  test_eq(5, socks->socks_version);
-  test_eq(2, socks->replylen);
-  test_eq(1, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
+  tt_int_op(5,OP_EQ, socks->socks_version);
+  tt_int_op(2,OP_EQ, socks->replylen);
+  tt_int_op(1,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
 
-  test_streq("2.2.2.2", socks->address);
-  test_eq(4369, socks->port);
+  tt_str_op("2.2.2.2",OP_EQ, socks->address);
+  tt_int_op(4369,OP_EQ, socks->port);
 
-  test_eq(2, socks->usernamelen);
-  test_eq(3, socks->passwordlen);
-  test_memeq("me", socks->username, 2);
-  test_memeq("you", socks->password, 3);
+  tt_int_op(2,OP_EQ, socks->usernamelen);
+  tt_int_op(3,OP_EQ, socks->passwordlen);
+  tt_mem_op("me",OP_EQ, socks->username, 2);
+  tt_mem_op("you",OP_EQ, socks->password, 3);
 
  done:
   ;
@@ -362,13 +408,85 @@ test_socks_5_auth_before_negotiation(void *ptr)
 
   /* SOCKS 5 Send username/password */
   ADD_DATA(buf, "\x01\x02me\x02me");
-  test_assert(fetch_from_buf_socks(buf, socks,
+  tt_assert(fetch_from_buf_socks(buf, socks,
                                    get_options()->TestSocks,
                                    get_options()->SafeSocks) == -1);
-  test_eq(0, socks->socks_version);
-  test_eq(0, socks->replylen);
-  test_eq(0, socks->reply[0]);
-  test_eq(0, socks->reply[1]);
+  tt_int_op(0,OP_EQ, socks->socks_version);
+  tt_int_op(0,OP_EQ, socks->replylen);
+  tt_int_op(0,OP_EQ, socks->reply[0]);
+  tt_int_op(0,OP_EQ, socks->reply[1]);
+
+ done:
+  ;
+}
+
+/** Perform malformed SOCKS 5 commands */
+static void
+test_socks_5_malformed_commands(void *ptr)
+{
+  SOCKS_TEST_INIT();
+
+  /* XXX: Stringified address length > MAX_SOCKS_ADDR_LEN will never happen */
+
+  /** SOCKS 5 Send CONNECT [01] to IP address 2.2.2.2:4369, with SafeSocks set
+   */
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\x01\x00\x01\x02\x02\x02\x02\x11\x11");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
+            OP_EQ, -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_NOT_ALLOWED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
+
+  buf_clear(buf);
+  socks_request_clear(socks);
+
+  /* SOCKS 5 Send RESOLVE_PTR [F1] for FQDN torproject.org */
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\xF1\x00\x03\x0Etorproject.org\x11\x11");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                                   get_options()->SafeSocks),OP_EQ, -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
+
+  buf_clear(buf);
+  socks_request_clear(socks);
+
+  /* XXX: len + 1 > MAX_SOCKS_ADDR_LEN (FQDN request) will never happen */
+
+  /* SOCKS 5 Send CONNECT [01] to FQDN """"".com */
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\x01\x00\x03\x09\"\"\"\"\".com\x11\x11");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                                   get_options()->SafeSocks),OP_EQ, -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_GENERAL_ERROR,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
+
+  buf_clear(buf);
+  socks_request_clear(socks);
+
+  /* SOCKS 5 Send CONNECT [01] to address type 0x23 */
+  ADD_DATA(buf, "\x05\x01\x00");
+  ADD_DATA(buf, "\x05\x01\x00\x23\x02\x02\x02\x02\x11\x11");
+  tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
+                                   get_options()->SafeSocks),OP_EQ, -1);
+
+  tt_int_op(5,OP_EQ,socks->socks_version);
+  tt_int_op(10,OP_EQ,socks->replylen);
+  tt_int_op(5,OP_EQ,socks->reply[0]);
+  tt_int_op(SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED,OP_EQ,socks->reply[1]);
+  tt_int_op(1,OP_EQ,socks->reply[3]);
 
  done:
   ;
@@ -387,6 +505,7 @@ struct testcase_t socks_tests[] = {
   SOCKSENT(5_auth_before_negotiation),
   SOCKSENT(5_authenticate),
   SOCKSENT(5_authenticate_with_data),
+  SOCKSENT(5_malformed_commands),
 
   END_OF_TESTCASES
 };
diff --git a/src/test/test_status.c b/src/test/test_status.c
index 46dd473132..84a0f6c024 100644
--- a/src/test/test_status.c
+++ b/src/test/test_status.c
@@ -30,27 +30,24 @@
  * global circuits.
  */
 
-struct global_circuitlist_s mock_global_circuitlist =
-  TOR_LIST_HEAD_INITIALIZER(global_circuitlist);
+static smartlist_t * mock_global_circuitlist = NULL;
 
-NS_DECL(struct global_circuitlist_s *, circuit_get_global_list, (void));
+NS_DECL(smartlist_t *, circuit_get_global_list, (void));
 
 static void
 NS(test_main)(void *arg)
 {
   /* Choose origin_circuit_t wlog. */
   origin_circuit_t *mock_circuit1, *mock_circuit2;
-  circuit_t *circ, *tmp;
   int expected_circuits = 2, actual_circuits;
 
   (void)arg;
 
   mock_circuit1 = tor_malloc_zero(sizeof(origin_circuit_t));
   mock_circuit2 = tor_malloc_zero(sizeof(origin_circuit_t));
-  TOR_LIST_INSERT_HEAD(
-    &mock_global_circuitlist, TO_CIRCUIT(mock_circuit1), head);
-  TOR_LIST_INSERT_HEAD(
-    &mock_global_circuitlist, TO_CIRCUIT(mock_circuit2), head);
+  mock_global_circuitlist = smartlist_new();
+  smartlist_add(mock_global_circuitlist, TO_CIRCUIT(mock_circuit1));
+  smartlist_add(mock_global_circuitlist, TO_CIRCUIT(mock_circuit2));
 
   NS_MOCK(circuit_get_global_list);
 
@@ -58,17 +55,18 @@ NS(test_main)(void *arg)
 
   tt_assert(expected_circuits == actual_circuits);
 
-  done:
-    TOR_LIST_FOREACH_SAFE(
-        circ, NS(circuit_get_global_list)(), head, tmp);
-      tor_free(circ);
-    NS_UNMOCK(circuit_get_global_list);
+ done:
+  tor_free(mock_circuit1);
+  tor_free(mock_circuit2);
+  smartlist_free(mock_global_circuitlist);
+  mock_global_circuitlist = NULL;
+  NS_UNMOCK(circuit_get_global_list);
 }
 
-static struct global_circuitlist_s *
+static smartlist_t *
 NS(circuit_get_global_list)(void)
 {
-  return &mock_global_circuitlist;
+  return mock_global_circuitlist;
 }
 
 #undef NS_SUBMODULE
@@ -88,62 +86,62 @@ NS(test_main)(void *arg)
 
   expected = "0:00 hours";
   actual = secs_to_uptime(0);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "0:00 hours";
   actual = secs_to_uptime(1);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "0:01 hours";
   actual = secs_to_uptime(60);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "0:59 hours";
   actual = secs_to_uptime(60 * 59);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1:00 hours";
   actual = secs_to_uptime(60 * 60);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "23:59 hours";
   actual = secs_to_uptime(60 * 60 * 23 + 60 * 59);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1 day 0:00 hours";
   actual = secs_to_uptime(60 * 60 * 23 + 60 * 60);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1 day 0:00 hours";
   actual = secs_to_uptime(86400 + 1);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1 day 0:01 hours";
   actual = secs_to_uptime(86400 + 60);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "10 days 0:00 hours";
   actual = secs_to_uptime(86400 * 10);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "10 days 0:00 hours";
   actual = secs_to_uptime(864000 + 1);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "10 days 0:01 hours";
   actual = secs_to_uptime(864000 + 60);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   done:
@@ -169,62 +167,62 @@ NS(test_main)(void *arg)
 
   expected = "0 kB";
   actual = bytes_to_usage(0);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "0 kB";
   actual = bytes_to_usage(1);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1 kB";
   actual = bytes_to_usage(1024);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1023 kB";
   actual = bytes_to_usage((1 << 20) - 1);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1.00 MB";
   actual = bytes_to_usage((1 << 20));
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1.00 MB";
   actual = bytes_to_usage((1 << 20) + 5242);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1.01 MB";
   actual = bytes_to_usage((1 << 20) + 5243);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1024.00 MB";
   actual = bytes_to_usage((1 << 30) - 1);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1.00 GB";
   actual = bytes_to_usage((1 << 30));
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1.00 GB";
   actual = bytes_to_usage((1 << 30) + 5368709);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "1.01 GB";
   actual = bytes_to_usage((1 << 30) + 5368710);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   expected = "10.00 GB";
   actual = bytes_to_usage((U64_LITERAL(1) << 30) * 10L);
-  tt_str_op(actual, ==, expected);
+  tt_str_op(actual, OP_EQ, expected);
   tor_free(actual);
 
   done:
@@ -242,7 +240,6 @@ NS(test_main)(void *arg)
 
 NS_DECL(double, tls_get_write_overhead_ratio, (void));
 NS_DECL(int, we_are_hibernating, (void));
-NS_DECL(const or_options_t *, get_options, (void));
 NS_DECL(int, public_server_mode, (const or_options_t *options));
 NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
 
@@ -254,19 +251,17 @@ NS(test_main)(void *arg)
 
   NS_MOCK(tls_get_write_overhead_ratio);
   NS_MOCK(we_are_hibernating);
-  NS_MOCK(get_options);
   NS_MOCK(public_server_mode);
   NS_MOCK(router_get_my_routerinfo);
 
   expected = -1;
   actual = log_heartbeat(0);
 
-  tt_int_op(actual, ==, expected);
+  tt_int_op(actual, OP_EQ, expected);
 
   done:
     NS_UNMOCK(tls_get_write_overhead_ratio);
     NS_UNMOCK(we_are_hibernating);
-    NS_UNMOCK(get_options);
     NS_UNMOCK(public_server_mode);
     NS_UNMOCK(router_get_my_routerinfo);
 }
@@ -283,12 +278,6 @@ NS(we_are_hibernating)(void)
   return 0;
 }
 
-static const or_options_t *
-NS(get_options)(void)
-{
-  return NULL;
-}
-
 static int
 NS(public_server_mode)(const or_options_t *options)
 {
@@ -313,7 +302,6 @@ NS(router_get_my_routerinfo)(void)
 
 NS_DECL(double, tls_get_write_overhead_ratio, (void));
 NS_DECL(int, we_are_hibernating, (void));
-NS_DECL(const or_options_t *, get_options, (void));
 NS_DECL(int, public_server_mode, (const or_options_t *options));
 NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
 NS_DECL(const node_t *, node_get_by_id, (const char *identity_digest));
@@ -333,7 +321,6 @@ NS(test_main)(void *arg)
 
   NS_MOCK(tls_get_write_overhead_ratio);
   NS_MOCK(we_are_hibernating);
-  NS_MOCK(get_options);
   NS_MOCK(public_server_mode);
   NS_MOCK(router_get_my_routerinfo);
   NS_MOCK(node_get_by_id);
@@ -349,13 +336,12 @@ NS(test_main)(void *arg)
   expected = 0;
   actual = log_heartbeat(0);
 
-  tt_int_op(actual, ==, expected);
-  tt_int_op(CALLED(logv), ==, 3);
+  tt_int_op(actual, OP_EQ, expected);
+  tt_int_op(CALLED(logv), OP_EQ, 5);
 
   done:
     NS_UNMOCK(tls_get_write_overhead_ratio);
     NS_UNMOCK(we_are_hibernating);
-    NS_UNMOCK(get_options);
     NS_UNMOCK(public_server_mode);
     NS_UNMOCK(router_get_my_routerinfo);
     NS_UNMOCK(node_get_by_id);
@@ -376,12 +362,6 @@ NS(we_are_hibernating)(void)
   return 0;
 }
 
-static const or_options_t *
-NS(get_options)(void)
-{
-  return NULL;
-}
-
 static int
 NS(public_server_mode)(const or_options_t *options)
 {
@@ -413,39 +393,48 @@ NS(logv)(int severity, log_domain_mask_t domain,
   switch (CALLED(logv))
   {
     case 0:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
           "Heartbeat: It seems like we are not in the cached consensus.");
       break;
     case 1:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
           "Heartbeat: Tor's uptime is %s, with %d circuits open. "
           "I've sent %s and received %s.%s");
-      tt_str_op(va_arg(ap, char *), ==, "0:00 hours");  /* uptime */
-      tt_int_op(va_arg(ap, int), ==, 0);  /* count_circuits() */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_sent */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_rcvd */
-      tt_str_op(va_arg(ap, char *), ==, "");  /* hibernating */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0:00 hours");  /* uptime */
+      tt_int_op(va_arg(ap, int), OP_EQ, 0);  /* count_circuits() */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_sent */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_rcvd */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "");  /* hibernating */
       break;
     case 2:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(
-          strstr(funcname, "rep_hist_log_circuit_handshake_stats"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
+      tt_int_op(severity, OP_EQ, LOG_INFO);
+      break;
+    case 3:
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "rep_hist_log_circuit_handshake_stats"),
+                OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
         "Circuit handshake stats since last time: %d/%d TAP, %d/%d NTor.");
-      tt_int_op(va_arg(ap, int), ==, 1);  /* handshakes assigned (TAP) */
-      tt_int_op(va_arg(ap, int), ==, 1);  /* handshakes requested (TAP) */
-      tt_int_op(va_arg(ap, int), ==, 1);  /* handshakes assigned (NTOR) */
-      tt_int_op(va_arg(ap, int), ==, 1);  /* handshakes requested (NTOR) */
+      tt_int_op(va_arg(ap, int), OP_EQ, 1);  /* handshakes assigned (TAP) */
+      tt_int_op(va_arg(ap, int), OP_EQ, 1);  /* handshakes requested (TAP) */
+      tt_int_op(va_arg(ap, int), OP_EQ, 1);  /* handshakes assigned (NTOR) */
+      tt_int_op(va_arg(ap, int), OP_EQ, 1);  /* handshakes requested (NTOR) */
+      break;
+    case 4:
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "rep_hist_log_link_protocol_counts"),
+                OP_NE, NULL);
       break;
     default:
       tt_abort_msg("unexpected call to logv()");  // TODO: prettyprint args
@@ -474,7 +463,6 @@ NS(server_mode)(const or_options_t *options)
 
 NS_DECL(double, tls_get_write_overhead_ratio, (void));
 NS_DECL(int, we_are_hibernating, (void));
-NS_DECL(const or_options_t *, get_options, (void));
 NS_DECL(int, public_server_mode, (const or_options_t *options));
 NS_DECL(long, get_uptime, (void));
 NS_DECL(uint64_t, get_bytes_read, (void));
@@ -483,6 +471,8 @@ NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
     const char *funcname, const char *suffix, const char *format, va_list ap));
 NS_DECL(int, server_mode, (const or_options_t *options));
 
+static int NS(n_msgs) = 0;
+
 static void
 NS(test_main)(void *arg)
 {
@@ -491,7 +481,6 @@ NS(test_main)(void *arg)
 
   NS_MOCK(tls_get_write_overhead_ratio);
   NS_MOCK(we_are_hibernating);
-  NS_MOCK(get_options);
   NS_MOCK(public_server_mode);
   NS_MOCK(get_uptime);
   NS_MOCK(get_bytes_read);
@@ -504,12 +493,12 @@ NS(test_main)(void *arg)
   expected = 0;
   actual = log_heartbeat(0);
 
-  tt_int_op(actual, ==, expected);
+  tt_int_op(actual, OP_EQ, expected);
+  tt_int_op(NS(n_msgs), OP_EQ, 1);
 
   done:
     NS_UNMOCK(tls_get_write_overhead_ratio);
     NS_UNMOCK(we_are_hibernating);
-    NS_UNMOCK(get_options);
     NS_UNMOCK(public_server_mode);
     NS_UNMOCK(get_uptime);
     NS_UNMOCK(get_bytes_read);
@@ -530,12 +519,6 @@ NS(we_are_hibernating)(void)
   return 1;
 }
 
-static const or_options_t *
-NS(get_options)(void)
-{
-  return NULL;
-}
-
 static int
 NS(public_server_mode)(const or_options_t *options)
 {
@@ -566,18 +549,22 @@ static void
 NS(logv)(int severity, log_domain_mask_t domain, const char *funcname,
   const char *suffix, const char *format, va_list ap)
 {
-  tt_int_op(severity, ==, LOG_NOTICE);
-  tt_int_op(domain, ==, LD_HEARTBEAT);
-  tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-  tt_ptr_op(suffix, ==, NULL);
-  tt_str_op(format, ==,
+  if (severity == LOG_INFO)
+    return;
+  ++NS(n_msgs);
+
+  tt_int_op(severity, OP_EQ, LOG_NOTICE);
+  tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+  tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+  tt_ptr_op(suffix, OP_EQ, NULL);
+  tt_str_op(format, OP_EQ,
       "Heartbeat: Tor's uptime is %s, with %d circuits open. "
       "I've sent %s and received %s.%s");
-  tt_str_op(va_arg(ap, char *), ==, "0:00 hours");  /* uptime */
-  tt_int_op(va_arg(ap, int), ==, 0);  /* count_circuits() */
-  tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_sent */
-  tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_rcvd */
-  tt_str_op(va_arg(ap, char *), ==, " We are currently hibernating.");
+  tt_str_op(va_arg(ap, char *), OP_EQ, "0:00 hours");  /* uptime */
+  tt_int_op(va_arg(ap, int), OP_EQ, 0);  /* count_circuits() */
+  tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_sent */
+  tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_rcvd */
+  tt_str_op(va_arg(ap, char *), OP_EQ, " We are currently hibernating.");
 
   done:
     ;
@@ -601,7 +588,6 @@ NS(server_mode)(const or_options_t *options)
 
 NS_DECL(double, tls_get_write_overhead_ratio, (void));
 NS_DECL(int, we_are_hibernating, (void));
-NS_DECL(const or_options_t *, get_options, (void));
 NS_DECL(int, public_server_mode, (const or_options_t *options));
 NS_DECL(long, get_uptime, (void));
 NS_DECL(uint64_t, get_bytes_read, (void));
@@ -624,7 +610,6 @@ NS(test_main)(void *arg)
 
   NS_MOCK(tls_get_write_overhead_ratio);
   NS_MOCK(we_are_hibernating);
-  NS_MOCK(get_options);
   NS_MOCK(public_server_mode);
   NS_MOCK(get_uptime);
   NS_MOCK(get_bytes_read);
@@ -640,13 +625,12 @@ NS(test_main)(void *arg)
   expected = 0;
   actual = log_heartbeat(0);
 
-  tt_int_op(actual, ==, expected);
-  tt_int_op(CALLED(logv), ==, 2);
+  tt_int_op(actual, OP_EQ, expected);
+  tt_int_op(CALLED(logv), OP_EQ, 3);
 
   done:
     NS_UNMOCK(tls_get_write_overhead_ratio);
     NS_UNMOCK(we_are_hibernating);
-    NS_UNMOCK(get_options);
     NS_UNMOCK(public_server_mode);
     NS_UNMOCK(get_uptime);
     NS_UNMOCK(get_bytes_read);
@@ -671,15 +655,6 @@ NS(we_are_hibernating)(void)
   return 0;
 }
 
-static const or_options_t *
-NS(get_options)(void)
-{
-  NS(mock_options) = tor_malloc_zero(sizeof(or_options_t));
-  NS(mock_options)->AccountingMax = 0;
-
-  return NS(mock_options);
-}
-
 static int
 NS(public_server_mode)(const or_options_t *options)
 {
@@ -713,34 +688,41 @@ NS(logv)(int severity, log_domain_mask_t domain,
   switch (CALLED(logv))
   {
     case 0:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
           "Heartbeat: Tor's uptime is %s, with %d circuits open. "
           "I've sent %s and received %s.%s");
-      tt_str_op(va_arg(ap, char *), ==, "0:00 hours");  /* uptime */
-      tt_int_op(va_arg(ap, int), ==, 0);  /* count_circuits() */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_sent */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_rcvd */
-      tt_str_op(va_arg(ap, char *), ==, "");  /* hibernating */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0:00 hours");  /* uptime */
+      tt_int_op(va_arg(ap, int), OP_EQ, 0);  /* count_circuits() */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_sent */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_rcvd */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "");  /* hibernating */
       break;
     case 1:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_accounting"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
-          "Heartbeat: Accounting enabled. Sent: %s / %s, Received: %s / %s. "
-          "The current accounting interval ends on %s, in %s.");
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* acc_sent */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* acc_max */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* acc_rcvd */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* acc_max */
-      /* format_local_iso_time uses local tz, just check mins and secs. */
-      tt_ptr_op(strstr(va_arg(ap, char *), ":01:00"), !=, NULL);  /* end_buf */
-      tt_str_op(va_arg(ap, char *), ==, "0:01 hours");   /* remaining */
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_accounting"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
+          "Heartbeat: Accounting enabled. Sent: %s, Received: %s, Used: %s / "
+          "%s, Rule: %s. The current accounting interval ends on %s, in %s.");
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* acc_sent */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* acc_rcvd */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* acc_used */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* acc_max */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "max");  /* acc_rule */
+      /* format_local_iso_time uses local tz, so we can't just compare
+       * the string against a constant */
+      char datetime[ISO_TIME_LEN+1];
+      format_local_iso_time(datetime, 60);
+      tt_str_op(va_arg(ap, char *), OP_EQ, datetime); /* end_buf */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0:01 hours");   /* remaining */
+      break;
+    case 2:
+      tt_int_op(severity, OP_EQ, LOG_INFO);
       break;
     default:
       tt_abort_msg("unexpected call to logv()");  // TODO: prettyprint args
@@ -793,7 +775,6 @@ NS(get_or_state)(void)
 
 NS_DECL(double, tls_get_write_overhead_ratio, (void));
 NS_DECL(int, we_are_hibernating, (void));
-NS_DECL(const or_options_t *, get_options, (void));
 NS_DECL(int, public_server_mode, (const or_options_t *options));
 NS_DECL(long, get_uptime, (void));
 NS_DECL(uint64_t, get_bytes_read, (void));
@@ -811,7 +792,6 @@ NS(test_main)(void *arg)
 
   NS_MOCK(tls_get_write_overhead_ratio);
   NS_MOCK(we_are_hibernating);
-  NS_MOCK(get_options);
   NS_MOCK(public_server_mode);
   NS_MOCK(get_uptime);
   NS_MOCK(get_bytes_read);
@@ -822,19 +802,18 @@ NS(test_main)(void *arg)
   log_global_min_severity_ = LOG_DEBUG;
 
   stats_n_data_bytes_packaged = RELAY_PAYLOAD_SIZE;
-  stats_n_data_cells_packaged = 1;
+  stats_n_data_cells_packaged = 2;
   expected = 0;
   actual = log_heartbeat(0);
 
-  tt_int_op(actual, ==, expected);
-  tt_int_op(CALLED(logv), ==, 2);
+  tt_int_op(actual, OP_EQ, expected);
+  tt_int_op(CALLED(logv), OP_EQ, 2);
 
   done:
     stats_n_data_bytes_packaged = 0;
     stats_n_data_cells_packaged = 0;
     NS_UNMOCK(tls_get_write_overhead_ratio);
     NS_UNMOCK(we_are_hibernating);
-    NS_UNMOCK(get_options);
     NS_UNMOCK(public_server_mode);
     NS_UNMOCK(get_uptime);
     NS_UNMOCK(get_bytes_read);
@@ -856,12 +835,6 @@ NS(we_are_hibernating)(void)
   return 0;
 }
 
-static const or_options_t *
-NS(get_options)(void)
-{
-  return NULL;
-}
-
 static int
 NS(public_server_mode)(const or_options_t *options)
 {
@@ -895,27 +868,29 @@ NS(logv)(int severity, log_domain_mask_t domain, const char *funcname,
   switch (CALLED(logv))
   {
     case 0:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
           "Heartbeat: Tor's uptime is %s, with %d circuits open. "
           "I've sent %s and received %s.%s");
-      tt_str_op(va_arg(ap, char *), ==, "0:00 hours");  /* uptime */
-      tt_int_op(va_arg(ap, int), ==, 0);  /* count_circuits() */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_sent */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_rcvd */
-      tt_str_op(va_arg(ap, char *), ==, "");  /* hibernating */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0:00 hours");  /* uptime */
+      tt_int_op(va_arg(ap, int), OP_EQ, 0);  /* count_circuits() */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_sent */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_rcvd */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "");  /* hibernating */
       break;
     case 1:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
-          "Average packaged cell fullness: %2.3f%%");
-      tt_int_op(fabs(va_arg(ap, double) - 100.0) <= DBL_EPSILON, ==, 1);
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
+          "Average packaged cell fullness: %2.3f%%. "
+          "TLS write overhead: %.f%%");
+      tt_double_op(fabs(va_arg(ap, double) - 50.0), <=, DBL_EPSILON);
+      tt_double_op(fabs(va_arg(ap, double) - 0.0), <=, DBL_EPSILON);
       break;
     default:
       tt_abort_msg("unexpected call to logv()");  // TODO: prettyprint args
@@ -952,7 +927,6 @@ NS(accounting_is_enabled)(const or_options_t *options)
 
 NS_DECL(double, tls_get_write_overhead_ratio, (void));
 NS_DECL(int, we_are_hibernating, (void));
-NS_DECL(const or_options_t *, get_options, (void));
 NS_DECL(int, public_server_mode, (const or_options_t *options));
 NS_DECL(long, get_uptime, (void));
 NS_DECL(uint64_t, get_bytes_read, (void));
@@ -970,7 +944,6 @@ NS(test_main)(void *arg)
 
   NS_MOCK(tls_get_write_overhead_ratio);
   NS_MOCK(we_are_hibernating);
-  NS_MOCK(get_options);
   NS_MOCK(public_server_mode);
   NS_MOCK(get_uptime);
   NS_MOCK(get_bytes_read);
@@ -984,13 +957,12 @@ NS(test_main)(void *arg)
   expected = 0;
   actual = log_heartbeat(0);
 
-  tt_int_op(actual, ==, expected);
-  tt_int_op(CALLED(logv), ==, 2);
+  tt_int_op(actual, OP_EQ, expected);
+  tt_int_op(CALLED(logv), OP_EQ, 2);
 
   done:
     NS_UNMOCK(tls_get_write_overhead_ratio);
     NS_UNMOCK(we_are_hibernating);
-    NS_UNMOCK(get_options);
     NS_UNMOCK(public_server_mode);
     NS_UNMOCK(get_uptime);
     NS_UNMOCK(get_bytes_read);
@@ -1012,12 +984,6 @@ NS(we_are_hibernating)(void)
   return 0;
 }
 
-static const or_options_t *
-NS(get_options)(void)
-{
-  return NULL;
-}
-
 static int
 NS(public_server_mode)(const or_options_t *options)
 {
@@ -1051,26 +1017,29 @@ NS(logv)(int severity, log_domain_mask_t domain,
   switch (CALLED(logv))
   {
     case 0:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==,
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
           "Heartbeat: Tor's uptime is %s, with %d circuits open. "
           "I've sent %s and received %s.%s");
-      tt_str_op(va_arg(ap, char *), ==, "0:00 hours");  /* uptime */
-      tt_int_op(va_arg(ap, int), ==, 0);  /* count_circuits() */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_sent */
-      tt_str_op(va_arg(ap, char *), ==, "0 kB");  /* bw_rcvd */
-      tt_str_op(va_arg(ap, char *), ==, "");  /* hibernating */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0:00 hours");  /* uptime */
+      tt_int_op(va_arg(ap, int), OP_EQ, 0);  /* count_circuits() */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_sent */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* bw_rcvd */
+      tt_str_op(va_arg(ap, char *), OP_EQ, "");  /* hibernating */
       break;
     case 1:
-      tt_int_op(severity, ==, LOG_NOTICE);
-      tt_int_op(domain, ==, LD_HEARTBEAT);
-      tt_ptr_op(strstr(funcname, "log_heartbeat"), !=, NULL);
-      tt_ptr_op(suffix, ==, NULL);
-      tt_str_op(format, ==, "TLS write overhead: %.f%%");
-      tt_int_op(fabs(va_arg(ap, double) - 100.0) <= DBL_EPSILON, ==, 1);
+      tt_int_op(severity, OP_EQ, LOG_NOTICE);
+      tt_int_op(domain, OP_EQ, LD_HEARTBEAT);
+      tt_ptr_op(strstr(funcname, "log_heartbeat"), OP_NE, NULL);
+      tt_ptr_op(suffix, OP_EQ, NULL);
+      tt_str_op(format, OP_EQ,
+          "Average packaged cell fullness: %2.3f%%. "
+          "TLS write overhead: %.f%%");
+      tt_int_op(fabs(va_arg(ap, double) - 100.0) <= DBL_EPSILON, OP_EQ, 1);
+      tt_double_op(fabs(va_arg(ap, double) - 100.0), <=, DBL_EPSILON);
       break;
     default:
       tt_abort_msg("unexpected call to logv()");  // TODO: prettyprint args
diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c
new file mode 100644
index 0000000000..e12205bb2e
--- /dev/null
+++ b/src/test/test_switch_id.c
@@ -0,0 +1,192 @@
+/* Copyright (c) 2015-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
+#define TEST_BUILT_WITH_CAPS         0
+#define TEST_HAVE_CAPS               1
+#define TEST_ROOT_CAN_BIND_LOW       2
+#define TEST_SETUID                  3
+#define TEST_SETUID_KEEPCAPS         4
+#define TEST_SETUID_STRICT           5
+
+static const struct {
+  const char *name;
+  int test_id;
+} which_test[] = {
+  { "built-with-caps",    TEST_BUILT_WITH_CAPS },
+  { "have-caps",          TEST_HAVE_CAPS },
+  { "root-bind-low",      TEST_ROOT_CAN_BIND_LOW },
+  { "setuid",             TEST_SETUID },
+  { "setuid-keepcaps",    TEST_SETUID_KEEPCAPS },
+  { "setuid-strict",      TEST_SETUID_STRICT },
+  { NULL, 0 }
+};
+
+#if !defined(_WIN32)
+/* 0 on no, 1 on yes, -1 on failure. */
+static int
+check_can_bind_low_ports(void)
+{
+  int port;
+  struct sockaddr_in sin;
+  memset(&sin, 0, sizeof(sin));
+  sin.sin_family = AF_INET;
+
+  for (port = 600; port < 1024; ++port) {
+    sin.sin_port = htons(port);
+    tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (! SOCKET_OK(fd)) {
+      perror("socket");
+      return -1;
+    }
+
+    int one = 1;
+    if (setsockopt(fd, SOL_SOCKET,SO_REUSEADDR, (void*)&one,
+                   (socklen_t)sizeof(one))) {
+      perror("setsockopt");
+      tor_close_socket_simple(fd);
+      return -1;
+    }
+
+    int res = bind(fd, (struct sockaddr *)&sin, sizeof(sin));
+    tor_close_socket_simple(fd);
+
+    if (res == 0) {
+      /* bind was successful */
+      return 1;
+    } else if (errno == EACCES || errno == EPERM) {
+      /* Got a permission-denied error. */
+      return 0;
+    } else if (errno == EADDRINUSE) {
+      /* Huh; somebody is using that port. */
+    } else {
+      perror("bind");
+    }
+  }
+
+  return -1;
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+#if defined(_WIN32)
+  (void) argc;
+  (void) argv;
+  (void) which_test;
+
+  fprintf(stderr, "This test is not supported on your OS.\n");
+  return 77;
+#else
+  const char *username;
+  const char *testname;
+  if (argc != 3) {
+    fprintf(stderr, "I want 2 arguments: a username and a command.\n");
+    return 1;
+  }
+  if (getuid() != 0) {
+    fprintf(stderr, "This test only works when it's run as root.\n");
+    return 1;
+  }
+  username = argv[1];
+  testname = argv[2];
+  int test_id = -1;
+  int i;
+  for (i = 0; which_test[i].name; ++i) {
+    if (!strcmp(which_test[i].name, testname)) {
+      test_id = which_test[i].test_id;
+      break;
+    }
+  }
+  if (test_id == -1) {
+    fprintf(stderr, "Unrecognized test '%s'\n", testname);
+    return 1;
+  }
+
+#ifdef HAVE_LINUX_CAPABILITIES
+  const int have_cap_support = 1;
+#else
+  const int have_cap_support = 0;
+#endif
+
+  int okay;
+
+  init_logging(1);
+  log_severity_list_t sev;
+  memset(&sev, 0, sizeof(sev));
+  set_log_severity_config(LOG_WARN, LOG_ERR, &sev);
+  add_stream_log(&sev, "", fileno(stderr));
+
+  switch (test_id)
+    {
+    case TEST_BUILT_WITH_CAPS:
+      /* Succeed if we were built with capability support. */
+      okay = have_cap_support;
+      break;
+    case TEST_HAVE_CAPS:
+      /* Succeed if "capabilities work" == "we were built with capability
+       * support." */
+      okay = have_cap_support == have_capability_support();
+      break;
+    case TEST_ROOT_CAN_BIND_LOW:
+      /* Succeed if root can bind low ports. */
+      okay = check_can_bind_low_ports() == 1;
+      break;
+    case TEST_SETUID:
+      /* Succeed if we can do a setuid with no capability retention, and doing
+       * so makes us lose the ability to bind low ports */
+    case TEST_SETUID_KEEPCAPS:
+      /* Succeed if we can do a setuid with capability retention, and doing so
+       * does not make us lose the ability to bind low ports */
+    {
+      int keepcaps = (test_id == TEST_SETUID_KEEPCAPS);
+      okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0;
+      if (okay) {
+        okay = check_can_bind_low_ports() == keepcaps;
+      }
+      break;
+    }
+    case TEST_SETUID_STRICT:
+      /* Succeed if, after a setuid, we cannot setuid back, and we cannot
+       * re-grab any capabilities. */
+      okay = switch_id(username, SWITCH_ID_KEEP_BINDLOW) == 0;
+      if (okay) {
+        /* We'd better not be able to setuid back! */
+        if (setuid(0) == 0 || errno != EPERM) {
+          okay = 0;
+        }
+      }
+#ifdef HAVE_LINUX_CAPABILITIES
+      if (okay) {
+        cap_t caps = cap_get_proc();
+        const cap_value_t caplist[] = {
+          CAP_SETUID,
+        };
+        cap_set_flag(caps, CAP_PERMITTED, 1, caplist, CAP_SET);
+        if (cap_set_proc(caps) == 0 || errno != EPERM) {
+          okay = 0;
+        }
+        cap_free(caps);
+      }
+#endif
+      break;
+    default:
+      fprintf(stderr, "Unsupported test '%s'\n", testname);
+      okay = 0;
+      break;
+    }
+
+  if (!okay) {
+    fprintf(stderr, "Test %s failed!\n", testname);
+  }
+
+  return (okay ? 0 : 1);
+#endif
+}
+
diff --git a/src/test/test_switch_id.sh b/src/test/test_switch_id.sh
new file mode 100755
index 0000000000..1b4e0998b5
--- /dev/null
+++ b/src/test/test_switch_id.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+if test "`id -u`" != '0'; then
+    echo "This test only works when run as root. Skipping." >&2
+    exit 77
+fi
+
+if test "`id -u nobody`" = ""; then
+    echo "This test requires that your system have a 'nobody' user. Sorry." >&2
+    exit 1
+fi
+
+"${builddir:-.}/src/test/test-switch-id" nobody setuid          || exit 1
+"${builddir:-.}/src/test/test-switch-id" nobody root-bind-low   || exit 1
+"${builddir:-.}/src/test/test-switch-id" nobody setuid-strict   || exit 1
+"${builddir:-.}/src/test/test-switch-id" nobody built-with-caps || exit 0
+# ... Go beyond this point only if we were built with capability support.
+
+"${builddir:-.}/src/test/test-switch-id" nobody have-caps       || exit 1
+"${builddir:-.}/src/test/test-switch-id" nobody setuid-keepcaps || exit 1
+
+
+echo "All okay"
+
+exit 0
diff --git a/src/test/test_threads.c b/src/test/test_threads.c
new file mode 100644
index 0000000000..1bbe6f5508
--- /dev/null
+++ b/src/test/test_threads.c
@@ -0,0 +1,320 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#include "or.h"
+#include "compat_threads.h"
+#include "test.h"
+
+/** mutex for thread test to stop the threads hitting data at the same time. */
+static tor_mutex_t *thread_test_mutex_ = NULL;
+/** mutexes for the thread test to make sure that the threads have to
+ * interleave somewhat. */
+static tor_mutex_t *thread_test_start1_ = NULL,
+                   *thread_test_start2_ = NULL;
+/** Shared strmap for the thread test. */
+static strmap_t *thread_test_strmap_ = NULL;
+/** The name of thread1 for the thread test */
+static char *thread1_name_ = NULL;
+/** The name of thread2 for the thread test */
+static char *thread2_name_ = NULL;
+
+static int thread_fns_failed = 0;
+
+static unsigned long thread_fn_tid1, thread_fn_tid2;
+
+static void thread_test_func_(void* _s) ATTR_NORETURN;
+
+/** How many iterations have the threads in the unit test run? */
+static tor_threadlocal_t count;
+
+/** Helper function for threading unit tests: This function runs in a
+ * subthread. It grabs its own mutex (start1 or start2) to make sure that it
+ * should start, then it repeatedly alters _test_thread_strmap protected by
+ * thread_test_mutex_. */
+static void
+thread_test_func_(void* _s)
+{
+  char *s = _s;
+  int i;
+  tor_mutex_t *m;
+  char buf[64];
+  char **cp;
+  int *mycount = tor_malloc_zero(sizeof(int));
+  tor_threadlocal_set(&count, mycount);
+  if (!strcmp(s, "thread 1")) {
+    m = thread_test_start1_;
+    cp = &thread1_name_;
+    thread_fn_tid1 = tor_get_thread_id();
+  } else {
+    m = thread_test_start2_;
+    cp = &thread2_name_;
+    thread_fn_tid2 = tor_get_thread_id();
+  }
+
+  tor_snprintf(buf, sizeof(buf), "%lu", tor_get_thread_id());
+  *cp = tor_strdup(buf);
+
+  tor_mutex_acquire(m);
+
+  for (i=0; i<10000; ++i) {
+    tor_mutex_acquire(thread_test_mutex_);
+    strmap_set(thread_test_strmap_, "last to run", *cp);
+    tor_mutex_release(thread_test_mutex_);
+    int *tls_count = tor_threadlocal_get(&count);
+    tor_assert(tls_count == mycount);
+    ++*tls_count;
+  }
+  tor_mutex_acquire(thread_test_mutex_);
+  strmap_set(thread_test_strmap_, s, *cp);
+  if (in_main_thread())
+    ++thread_fns_failed;
+  tor_mutex_release(thread_test_mutex_);
+
+  tor_free(mycount);
+
+  tor_mutex_release(m);
+
+  spawn_exit();
+}
+
+/** Run unit tests for threading logic. */
+static void
+test_threads_basic(void *arg)
+{
+  char *s1 = NULL, *s2 = NULL;
+  int done = 0, timedout = 0;
+  time_t started;
+#ifndef _WIN32
+  struct timeval tv;
+  tv.tv_sec=0;
+  tv.tv_usec=100*1000;
+#endif
+  (void) arg;
+  tt_int_op(tor_threadlocal_init(&count), OP_EQ, 0);
+
+  set_main_thread();
+
+  thread_test_mutex_ = tor_mutex_new();
+  thread_test_start1_ = tor_mutex_new();
+  thread_test_start2_ = tor_mutex_new();
+  thread_test_strmap_ = strmap_new();
+  s1 = tor_strdup("thread 1");
+  s2 = tor_strdup("thread 2");
+  tor_mutex_acquire(thread_test_start1_);
+  tor_mutex_acquire(thread_test_start2_);
+  spawn_func(thread_test_func_, s1);
+  spawn_func(thread_test_func_, s2);
+  tor_mutex_release(thread_test_start2_);
+  tor_mutex_release(thread_test_start1_);
+  started = time(NULL);
+  while (!done) {
+    tor_mutex_acquire(thread_test_mutex_);
+    strmap_assert_ok(thread_test_strmap_);
+    if (strmap_get(thread_test_strmap_, "thread 1") &&
+        strmap_get(thread_test_strmap_, "thread 2")) {
+      done = 1;
+    } else if (time(NULL) > started + 150) {
+      timedout = done = 1;
+    }
+    tor_mutex_release(thread_test_mutex_);
+#ifndef _WIN32
+    /* Prevent the main thread from starving the worker threads. */
+    select(0, NULL, NULL, NULL, &tv);
+#endif
+  }
+  tor_mutex_acquire(thread_test_start1_);
+  tor_mutex_release(thread_test_start1_);
+  tor_mutex_acquire(thread_test_start2_);
+  tor_mutex_release(thread_test_start2_);
+
+  tor_mutex_free(thread_test_mutex_);
+
+  if (timedout) {
+    tt_assert(strmap_get(thread_test_strmap_, "thread 1"));
+    tt_assert(strmap_get(thread_test_strmap_, "thread 2"));
+    tt_assert(!timedout);
+  }
+
+  /* different thread IDs. */
+  tt_assert(strcmp(strmap_get(thread_test_strmap_, "thread 1"),
+                     strmap_get(thread_test_strmap_, "thread 2")));
+  tt_assert(!strcmp(strmap_get(thread_test_strmap_, "thread 1"),
+                      strmap_get(thread_test_strmap_, "last to run")) ||
+              !strcmp(strmap_get(thread_test_strmap_, "thread 2"),
+                      strmap_get(thread_test_strmap_, "last to run")));
+
+  tt_int_op(thread_fns_failed, ==, 0);
+  tt_int_op(thread_fn_tid1, !=, thread_fn_tid2);
+
+ done:
+  tor_free(s1);
+  tor_free(s2);
+  tor_free(thread1_name_);
+  tor_free(thread2_name_);
+  if (thread_test_strmap_)
+    strmap_free(thread_test_strmap_, NULL);
+  if (thread_test_start1_)
+    tor_mutex_free(thread_test_start1_);
+  if (thread_test_start2_)
+    tor_mutex_free(thread_test_start2_);
+}
+
+typedef struct cv_testinfo_s {
+  tor_cond_t *cond;
+  tor_mutex_t *mutex;
+  int value;
+  int addend;
+  int shutdown;
+  int n_shutdown;
+  int n_wakeups;
+  int n_timeouts;
+  int n_threads;
+  const struct timeval *tv;
+} cv_testinfo_t;
+
+static cv_testinfo_t *
+cv_testinfo_new(void)
+{
+  cv_testinfo_t *i = tor_malloc_zero(sizeof(*i));
+  i->cond = tor_cond_new();
+  i->mutex = tor_mutex_new_nonrecursive();
+  return i;
+}
+
+static void
+cv_testinfo_free(cv_testinfo_t *i)
+{
+  if (!i)
+    return;
+  tor_cond_free(i->cond);
+  tor_mutex_free(i->mutex);
+  tor_free(i);
+}
+
+static void cv_test_thr_fn_(void *arg) ATTR_NORETURN;
+
+static void
+cv_test_thr_fn_(void *arg)
+{
+  cv_testinfo_t *i = arg;
+  int tid, r;
+
+  tor_mutex_acquire(i->mutex);
+  tid = i->n_threads++;
+  tor_mutex_release(i->mutex);
+  (void) tid;
+
+  tor_mutex_acquire(i->mutex);
+  while (1) {
+    if (i->addend) {
+      i->value += i->addend;
+      i->addend = 0;
+    }
+
+    if (i->shutdown) {
+      ++i->n_shutdown;
+      i->shutdown = 0;
+      tor_mutex_release(i->mutex);
+      spawn_exit();
+    }
+    r = tor_cond_wait(i->cond, i->mutex, i->tv);
+    ++i->n_wakeups;
+    if (r == 1) {
+      ++i->n_timeouts;
+      tor_mutex_release(i->mutex);
+      spawn_exit();
+    }
+  }
+}
+
+static void
+test_threads_conditionvar(void *arg)
+{
+  cv_testinfo_t *ti=NULL;
+  const struct timeval msec100 = { 0, 100*1000 };
+  const int timeout = !strcmp(arg, "tv");
+
+  ti = cv_testinfo_new();
+  if (timeout) {
+    ti->tv = &msec100;
+  }
+  spawn_func(cv_test_thr_fn_, ti);
+  spawn_func(cv_test_thr_fn_, ti);
+  spawn_func(cv_test_thr_fn_, ti);
+  spawn_func(cv_test_thr_fn_, ti);
+
+  tor_mutex_acquire(ti->mutex);
+  ti->addend = 7;
+  ti->shutdown = 1;
+  tor_cond_signal_one(ti->cond);
+  tor_mutex_release(ti->mutex);
+
+#define SPIN()                                  \
+  while (1) {                                   \
+    tor_mutex_acquire(ti->mutex);               \
+    if (ti->addend == 0) {                      \
+      break;                                    \
+    }                                           \
+    tor_mutex_release(ti->mutex);               \
+  }
+
+  SPIN();
+
+  ti->addend = 30;
+  ti->shutdown = 1;
+  tor_cond_signal_all(ti->cond);
+  tor_mutex_release(ti->mutex);
+  SPIN();
+
+  ti->addend = 1000;
+  if (! timeout) ti->shutdown = 1;
+  tor_cond_signal_one(ti->cond);
+  tor_mutex_release(ti->mutex);
+  SPIN();
+  ti->addend = 300;
+  if (! timeout) ti->shutdown = 1;
+  tor_cond_signal_all(ti->cond);
+  tor_mutex_release(ti->mutex);
+
+  SPIN();
+  tor_mutex_release(ti->mutex);
+
+  tt_int_op(ti->value, ==, 1337);
+  if (!timeout) {
+    tt_int_op(ti->n_shutdown, ==, 4);
+  } else {
+#ifdef _WIN32
+    Sleep(500); /* msec */
+#elif defined(HAVE_USLEEP)
+    usleep(500*1000); /* usec */
+#else
+    {
+      struct tv = { 0, 500*1000 };
+      select(0, NULL, NULL, NULL, &tv);
+    }
+#endif
+    tor_mutex_acquire(ti->mutex);
+    tt_int_op(ti->n_shutdown, ==, 2);
+    tt_int_op(ti->n_timeouts, ==, 2);
+    tor_mutex_release(ti->mutex);
+  }
+
+ done:
+  cv_testinfo_free(ti);
+}
+
+#define THREAD_TEST(name)                                               \
+  { #name, test_threads_##name, TT_FORK, NULL, NULL }
+
+struct testcase_t thread_tests[] = {
+  THREAD_TEST(basic),
+  { "conditionvar", test_threads_conditionvar, TT_FORK,
+    &passthrough_setup, (void*)"no-tv" },
+  { "conditionvar_timeout", test_threads_conditionvar, TT_FORK,
+    &passthrough_setup, (void*)"tv" },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c
new file mode 100644
index 0000000000..b9b74a1e96
--- /dev/null
+++ b/src/test/test_tortls.c
@@ -0,0 +1,2836 @@
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define TORTLS_PRIVATE
+#define LOG_PRIVATE
+#include "orconfig.h"
+
+#ifdef _WIN32
+#include <winsock2.h>
+#endif
+
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
+ * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
+#include <openssl/opensslv.h>
+
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
+#endif
+
+#include "or.h"
+#include "torlog.h"
+#include "config.h"
+#include "tortls.h"
+
+#include "test.h"
+#include "log_test_helpers.h"
+#define NS_MODULE tortls
+
+extern tor_tls_context_t *server_tls_context;
+extern tor_tls_context_t *client_tls_context;
+
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) \
+    && !defined(LIBRESSL_VERSION_NUMBER)
+#define OPENSSL_OPAQUE
+#define SSL_STATE_STR "before SSL initialization"
+#else
+#define SSL_STATE_STR "before/accept initialization"
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static SSL_METHOD *
+give_me_a_test_method(void)
+{
+  SSL_METHOD *method = tor_malloc_zero(sizeof(SSL_METHOD));
+  memcpy(method, TLSv1_method(), sizeof(SSL_METHOD));
+  return method;
+}
+
+static int
+fake_num_ciphers(void)
+{
+  return 0;
+}
+#endif
+
+static void
+test_tortls_errno_to_tls_error(void *data)
+{
+  (void) data;
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,
+            TOR_TLS_ERROR_CONNRESET);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,
+            TOR_TLS_ERROR_TIMEOUT);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,
+            TOR_TLS_ERROR_NO_ROUTE);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,
+            TOR_TLS_ERROR_NO_ROUTE);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,
+            TOR_TLS_ERROR_CONNREFUSED);
+  tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
+ done:
+  (void)1;
+}
+
+static void
+test_tortls_err_to_string(void *data)
+{
+  (void) data;
+  tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,
+            "connection refused");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,
+            "connection reset");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,
+            "host unreachable");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,
+            "connection timed out");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
+  tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
+ done:
+  (void)1;
+}
+
+static int
+mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
+{
+  (void) tls;
+  (void) cert; // XXXX look at this.
+  return 1;
+}
+
+static void
+test_tortls_tor_tls_new(void *data)
+{
+  (void) data;
+  MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+  crypto_pk_t *key1 = NULL, *key2 = NULL;
+  SSL_METHOD *method = NULL;
+
+  key1 = pk_generate(2);
+  key2 = pk_generate(3);
+
+  tor_tls_t *tls = NULL;
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 key1, key2, 86400), OP_EQ, 0);
+  tls = tor_tls_new(-1, 0);
+  tt_want(tls);
+  tor_tls_free(tls); tls = NULL;
+
+  SSL_CTX_free(client_tls_context->ctx);
+  client_tls_context->ctx = NULL;
+  tls = tor_tls_new(-1, 0);
+  tt_assert(!tls);
+
+#ifndef OPENSSL_OPAQUE
+  method = give_me_a_test_method();
+  SSL_CTX *ctx = SSL_CTX_new(method);
+  method->num_ciphers = fake_num_ciphers;
+  client_tls_context->ctx = ctx;
+  tls = tor_tls_new(-1, 0);
+  tt_assert(!tls);
+#endif
+
+ done:
+  UNMOCK(tor_tls_cert_matches_key);
+  crypto_pk_free(key1);
+  crypto_pk_free(key2);
+  tor_tls_free(tls);
+  tor_free(method);
+  tor_tls_free_all();
+}
+
+#define NS_MODULE tortls
+NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
+                     const char *funcname, const char *suffix,
+                     const char *format, va_list ap));
+
+static void
+NS(logv)(int severity, log_domain_mask_t domain,
+         const char *funcname, const char *suffix, const char *format,
+         va_list ap)
+{
+  (void) severity;
+  (void) domain;
+  (void) funcname;
+  (void) suffix;
+  (void) format;
+  (void) ap; // XXXX look at this.
+  CALLED(logv)++;
+}
+
+static void
+test_tortls_tor_tls_get_error(void *data)
+{
+  (void) data;
+  MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+  crypto_pk_t *key1 = NULL, *key2 = NULL;
+  key1 = pk_generate(2);
+  key2 = pk_generate(3);
+
+  tor_tls_t *tls = NULL;
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 key1, key2, 86400), OP_EQ, 0);
+  tls = tor_tls_new(-1, 0);
+  NS_MOCK(logv);
+  tt_int_op(CALLED(logv), OP_EQ, 0);
+  tor_tls_get_error(tls, 0, 0,
+                    (const char *)"test", 0, 0);
+  tt_int_op(CALLED(logv), OP_EQ, 1);
+
+ done:
+  UNMOCK(tor_tls_cert_matches_key);
+  NS_UNMOCK(logv);
+  crypto_pk_free(key1);
+  crypto_pk_free(key2);
+  tor_tls_free(tls);
+}
+
+static void
+test_tortls_get_state_description(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  char *buf;
+  SSL_CTX *ctx;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(SSLv23_method());
+
+  buf = tor_malloc_zero(1000);
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  tor_tls_get_state_description(NULL, buf, 20);
+  tt_str_op(buf, OP_EQ, "(No SSL object)");
+
+  SSL_free(tls->ssl);
+  tls->ssl = NULL;
+  tor_tls_get_state_description(tls, buf, 20);
+  tt_str_op(buf, OP_EQ, "(No SSL object)");
+
+  tls->ssl = SSL_new(ctx);
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in HANDSHAKE");
+
+  tls->state = TOR_TLS_ST_OPEN;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in OPEN");
+
+  tls->state = TOR_TLS_ST_GOTCLOSE;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in GOTCLOSE");
+
+  tls->state = TOR_TLS_ST_SENTCLOSE;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in SENTCLOSE");
+
+  tls->state = TOR_TLS_ST_CLOSED;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in CLOSED");
+
+  tls->state = TOR_TLS_ST_RENEGOTIATE;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in RENEGOTIATE");
+
+  tls->state = TOR_TLS_ST_BUFFEREVENT;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR);
+
+  tls->state = 7;
+  tor_tls_get_state_description(tls, buf, 200);
+  tt_str_op(buf, OP_EQ, SSL_STATE_STR " in unknown TLS state");
+
+ done:
+  SSL_CTX_free(ctx);
+  SSL_free(tls->ssl);
+  tor_free(buf);
+  tor_free(tls);
+}
+
+extern int tor_tls_object_ex_data_index;
+
+static void
+test_tortls_get_by_ssl(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  tor_tls_t *res;
+  SSL_CTX *ctx;
+  SSL *ssl;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+  tor_tls_allocate_tor_tls_object_ex_data_index();
+
+  ctx = SSL_CTX_new(SSLv23_method());
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->magic = TOR_TLS_MAGIC;
+
+  ssl = SSL_new(ctx);
+
+  res = tor_tls_get_by_ssl(ssl);
+  tt_assert(!res);
+
+  SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
+
+  res = tor_tls_get_by_ssl(ssl);
+  tt_assert(res == tls);
+
+ done:
+  SSL_free(ssl);
+  SSL_CTX_free(ctx);
+  tor_free(tls);
+}
+
+static void
+test_tortls_allocate_tor_tls_object_ex_data_index(void *ignored)
+{
+  (void)ignored;
+  int first;
+
+  tor_tls_allocate_tor_tls_object_ex_data_index();
+
+  first = tor_tls_object_ex_data_index;
+  tor_tls_allocate_tor_tls_object_ex_data_index();
+  tt_int_op(first, OP_EQ, tor_tls_object_ex_data_index);
+
+ done:
+  (void)0;
+}
+
+static void
+test_tortls_log_one_error(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  SSL_CTX *ctx;
+  SSL *ssl = NULL;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(SSLv23_method());
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  int previous_log = setup_capture_of_logs(LOG_INFO);
+
+  tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
+  expect_log_msg("TLS error while something: "
+            "(null) (in (null):(null):---)\n");
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
+  expect_log_msg("TLS error: (null) "
+            "(in (null):(null):---)\n");
+
+  mock_clean_saved_logs();
+  tls->address = tor_strdup("127.hello");
+  tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
+  expect_log_msg("TLS error with 127.hello: "
+            "(null) (in (null):(null):---)\n");
+  tor_free(tls->address);
+
+  mock_clean_saved_logs();
+  tls->address = tor_strdup("127.hello");
+  tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
+  expect_log_msg("TLS error while blarg with "
+            "127.hello: (null) (in (null):(null):---)\n");
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
+  expect_log_msg("TLS error with 127.hello: "
+            "BN lib (in unknown library:(null):---)\n");
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
+                        LOG_WARN, 0, NULL);
+  expect_log_severity(LOG_INFO);
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
+                        LOG_WARN, 0, NULL);
+  expect_log_severity(LOG_INFO);
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
+                        LOG_WARN, 0, NULL);
+  expect_log_severity(LOG_INFO);
+
+#ifndef OPENSSL_1_1_API
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
+                        LOG_WARN, 0, NULL);
+  expect_log_severity(LOG_INFO);
+#endif
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
+                        LOG_WARN, 0, NULL);
+  expect_log_severity(LOG_INFO);
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
+                        LOG_WARN, 0, NULL);
+  expect_log_severity(LOG_INFO);
+
+  tls->ssl = SSL_new(ctx);
+
+  mock_clean_saved_logs();
+  tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
+  expect_log_msg("TLS error with 127.hello: (null)"
+            " (in (null):(null):" SSL_STATE_STR ")\n");
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  SSL_free(ssl);
+  SSL_CTX_free(ctx);
+  if (tls && tls->ssl)
+    SSL_free(tls->ssl);
+  if (tls)
+    tor_free(tls->address);
+  tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_error(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  int ret;
+  SSL_CTX *ctx;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(SSLv23_method());
+  int previous_log = setup_capture_of_logs(LOG_INFO);
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = SSL_new(ctx);
+  SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
+
+  ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
+  expect_log_msg("TLS error: unexpected close while"
+            " something (before/accept initialization)\n");
+
+  mock_clean_saved_logs();
+  ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  expect_no_log_entry();
+
+  mock_clean_saved_logs();
+  ret = tor_tls_get_error(tls, 0, 1, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, -11);
+  expect_no_log_entry();
+
+  mock_clean_saved_logs();
+  ERR_clear_error();
+  ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
+  ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+  expect_log_msg("TLS error while something: (null)"
+            " (in bignum routines:(null):before/accept initialization)\n");
+
+  mock_clean_saved_logs();
+  ERR_clear_error();
+  tls->ssl->rwstate = SSL_READING;
+  SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
+  ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
+  expect_no_log_entry();
+
+  mock_clean_saved_logs();
+  ERR_clear_error();
+  tls->ssl->rwstate = SSL_READING;
+  SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
+  ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
+  expect_no_log_entry();
+
+  mock_clean_saved_logs();
+  ERR_clear_error();
+  tls->ssl->rwstate = 0;
+  tls->ssl->shutdown = SSL_RECEIVED_SHUTDOWN;
+  tls->ssl->s3->warn_alert =SSL_AD_CLOSE_NOTIFY;
+  ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
+  expect_log_entry();
+
+  mock_clean_saved_logs();
+  ret = tor_tls_get_error(tls, 0, 2, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, -10);
+  expect_no_log_entry();
+
+  mock_clean_saved_logs();
+  ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
+  ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
+  tt_int_op(ret, OP_EQ, -9);
+  expect_log_msg("TLS error while something: (null) (in system library:"
+            "connect:before/accept initialization)\n");
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  SSL_free(tls->ssl);
+  tor_free(tls);
+  SSL_CTX_free(ctx);
+}
+#endif
+
+static void
+test_tortls_always_accept_verify_cb(void *ignored)
+{
+  (void)ignored;
+  int ret;
+
+  ret = always_accept_verify_cb(0, NULL);
+  tt_int_op(ret, OP_EQ, 1);
+
+ done:
+  (void)0;
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_x509_cert_free(void *ignored)
+{
+  (void)ignored;
+  tor_x509_cert_t *cert;
+
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  tor_x509_cert_free(cert);
+
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  cert->cert = tor_malloc_zero(sizeof(X509));
+  cert->encoded = tor_malloc_zero(1);
+  tor_x509_cert_free(cert);
+}
+#endif
+
+static void
+test_tortls_x509_cert_get_id_digests(void *ignored)
+{
+  (void)ignored;
+  tor_x509_cert_t *cert;
+  common_digests_t *d;
+  const common_digests_t *res;
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  d = tor_malloc_zero(sizeof(common_digests_t));
+  d->d[0][0] = 42;
+
+  res = tor_x509_cert_get_id_digests(cert);
+  tt_assert(!res);
+
+  cert->pkey_digests_set = 1;
+  cert->pkey_digests = *d;
+  res = tor_x509_cert_get_id_digests(cert);
+  tt_int_op(res->d[0][0], OP_EQ, 42);
+
+ done:
+  tor_free(cert);
+  tor_free(d);
+}
+
+#ifndef OPENSSL_OPAQUE
+static int
+fixed_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+  (void) a; (void) b;
+  return 1;
+}
+
+static void
+fake_x509_free(X509 *cert)
+{
+  if (cert) {
+    if (cert->cert_info) {
+      if (cert->cert_info->key) {
+        if (cert->cert_info->key->pkey) {
+          tor_free(cert->cert_info->key->pkey);
+        }
+        tor_free(cert->cert_info->key);
+      }
+      tor_free(cert->cert_info);
+    }
+    tor_free(cert);
+  }
+}
+
+static void
+test_tortls_cert_matches_key(void *ignored)
+{
+  (void)ignored;
+  int res;
+  tor_tls_t *tls;
+  tor_x509_cert_t *cert;
+  X509 *one = NULL, *two = NULL;
+  EVP_PKEY_ASN1_METHOD *meth = EVP_PKEY_asn1_new(999, 0, NULL, NULL);
+  EVP_PKEY_asn1_set_public(meth, NULL, NULL, fixed_pub_cmp, NULL, NULL, NULL);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  one = tor_malloc_zero(sizeof(X509));
+  one->references = 1;
+  two = tor_malloc_zero(sizeof(X509));
+  two->references = 1;
+
+  res = tor_tls_cert_matches_key(tls, cert);
+  tt_int_op(res, OP_EQ, 0);
+
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+  tls->ssl->session->peer = one;
+  res = tor_tls_cert_matches_key(tls, cert);
+  tt_int_op(res, OP_EQ, 0);
+
+  cert->cert = two;
+  res = tor_tls_cert_matches_key(tls, cert);
+  tt_int_op(res, OP_EQ, 0);
+
+  one->cert_info = tor_malloc_zero(sizeof(X509_CINF));
+  one->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
+  one->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
+  one->cert_info->key->pkey->references = 1;
+  one->cert_info->key->pkey->ameth = meth;
+  one->cert_info->key->pkey->type = 1;
+
+  two->cert_info = tor_malloc_zero(sizeof(X509_CINF));
+  two->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
+  two->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
+  two->cert_info->key->pkey->references = 1;
+  two->cert_info->key->pkey->ameth = meth;
+  two->cert_info->key->pkey->type = 2;
+
+  res = tor_tls_cert_matches_key(tls, cert);
+  tt_int_op(res, OP_EQ, 0);
+
+  one->cert_info->key->pkey->type = 1;
+  two->cert_info->key->pkey->type = 1;
+  res = tor_tls_cert_matches_key(tls, cert);
+  tt_int_op(res, OP_EQ, 1);
+
+ done:
+  EVP_PKEY_asn1_free(meth);
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  tor_free(cert);
+  fake_x509_free(one);
+  fake_x509_free(two);
+}
+
+static void
+test_tortls_cert_get_key(void *ignored)
+{
+  (void)ignored;
+  tor_x509_cert_t *cert = NULL;
+  crypto_pk_t *res = NULL;
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  X509 *key = NULL;
+  key = tor_malloc_zero(sizeof(X509));
+  key->references = 1;
+
+  res = tor_tls_cert_get_key(cert);
+  tt_assert(!res);
+
+  cert->cert = key;
+  key->cert_info = tor_malloc_zero(sizeof(X509_CINF));
+  key->cert_info->key = tor_malloc_zero(sizeof(X509_PUBKEY));
+  key->cert_info->key->pkey = tor_malloc_zero(sizeof(EVP_PKEY));
+  key->cert_info->key->pkey->references = 1;
+  key->cert_info->key->pkey->type = 2;
+  res = tor_tls_cert_get_key(cert);
+  tt_assert(!res);
+
+ done:
+  fake_x509_free(key);
+  tor_free(cert);
+  crypto_pk_free(res);
+}
+#endif
+
+static void
+test_tortls_get_my_client_auth_key(void *ignored)
+{
+  (void)ignored;
+  crypto_pk_t *ret;
+  crypto_pk_t *expected;
+  tor_tls_context_t *ctx;
+  RSA *k = RSA_new();
+
+  ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
+  expected = crypto_new_pk_from_rsa_(k);
+  ctx->auth_key = expected;
+
+  client_tls_context = NULL;
+  ret = tor_tls_get_my_client_auth_key();
+  tt_assert(!ret);
+
+  client_tls_context = ctx;
+  ret = tor_tls_get_my_client_auth_key();
+  tt_assert(ret == expected);
+
+ done:
+  RSA_free(k);
+  tor_free(expected);
+  tor_free(ctx);
+}
+
+static void
+test_tortls_get_my_certs(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_context_t *ctx;
+  const tor_x509_cert_t *link_cert_out = NULL;
+  const tor_x509_cert_t *id_cert_out = NULL;
+
+  ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
+
+  client_tls_context = NULL;
+  ret = tor_tls_get_my_certs(0, NULL, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+
+  server_tls_context = NULL;
+  ret = tor_tls_get_my_certs(1, NULL, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+
+  client_tls_context = ctx;
+  ret = tor_tls_get_my_certs(0, NULL, NULL);
+  tt_int_op(ret, OP_EQ, 0);
+
+  client_tls_context = ctx;
+  ret = tor_tls_get_my_certs(0, &link_cert_out, &id_cert_out);
+  tt_int_op(ret, OP_EQ, 0);
+
+  server_tls_context = ctx;
+  ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  (void)1;
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_ciphersuite_name(void *ignored)
+{
+  (void)ignored;
+  const char *ret;
+  tor_tls_t *ctx;
+  ctx = tor_malloc_zero(sizeof(tor_tls_t));
+  ctx->ssl = tor_malloc_zero(sizeof(SSL));
+
+  ret = tor_tls_get_ciphersuite_name(ctx);
+  tt_str_op(ret, OP_EQ, "(NONE)");
+
+ done:
+  tor_free(ctx->ssl);
+  tor_free(ctx);
+}
+
+static SSL_CIPHER *
+get_cipher_by_name(const char *name)
+{
+  int i;
+  const SSL_METHOD *method = SSLv23_method();
+  int num = method->num_ciphers();
+  for (i = 0; i < num; ++i) {
+    const SSL_CIPHER *cipher = method->get_cipher(i);
+    const char *ciphername = SSL_CIPHER_get_name(cipher);
+    if (!strcmp(ciphername, name)) {
+      return (SSL_CIPHER *)cipher;
+    }
+  }
+
+  return NULL;
+}
+
+static SSL_CIPHER *
+get_cipher_by_id(uint16_t id)
+{
+  int i;
+  const SSL_METHOD *method = SSLv23_method();
+  int num = method->num_ciphers();
+  for (i = 0; i < num; ++i) {
+    const SSL_CIPHER *cipher = method->get_cipher(i);
+    if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
+      return (SSL_CIPHER *)cipher;
+    }
+  }
+
+  return NULL;
+}
+
+extern uint16_t v2_cipher_list[];
+
+static void
+test_tortls_classify_client_ciphers(void *ignored)
+{
+  (void)ignored;
+  int i;
+  int ret;
+  SSL_CTX *ctx;
+  SSL *ssl;
+  tor_tls_t *tls;
+  STACK_OF(SSL_CIPHER) *ciphers;
+  SSL_CIPHER *tmp_cipher;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+  tor_tls_allocate_tor_tls_object_ex_data_index();
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->magic = TOR_TLS_MAGIC;
+
+  ctx = SSL_CTX_new(TLSv1_method());
+  ssl = SSL_new(ctx);
+  tls->ssl = ssl;
+
+  ciphers = sk_SSL_CIPHER_new_null();
+
+  ret = tor_tls_classify_client_ciphers(ssl, NULL);
+  tt_int_op(ret, OP_EQ, -1);
+
+  SSL_set_ex_data(ssl, tor_tls_object_ex_data_index, tls);
+  tls->client_cipher_list_type = 42;
+
+  ret = tor_tls_classify_client_ciphers(ssl, NULL);
+  tt_int_op(ret, OP_EQ, 42);
+
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+  tt_int_op(ret, OP_EQ, 1);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
+
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, SSL_get_ciphers(ssl));
+  tt_int_op(ret, OP_EQ, 3);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+  SSL_CIPHER *one = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA),
+    *two = get_cipher_by_name(TLS1_TXT_DHE_RSA_WITH_AES_256_SHA),
+    *three = get_cipher_by_name(SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA),
+    *four = NULL;
+  sk_SSL_CIPHER_push(ciphers, one);
+  sk_SSL_CIPHER_push(ciphers, two);
+  sk_SSL_CIPHER_push(ciphers, three);
+  sk_SSL_CIPHER_push(ciphers, four);
+
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+  tt_int_op(ret, OP_EQ, 1);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 1);
+
+  sk_SSL_CIPHER_zero(ciphers);
+
+  one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+  one->id = 0x00ff;
+  two = get_cipher_by_name("ECDH-RSA-AES128-GCM-SHA256");
+  two->id = 0x0000;
+  sk_SSL_CIPHER_push(ciphers, one);
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+  tt_int_op(ret, OP_EQ, 3);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+  sk_SSL_CIPHER_push(ciphers, two);
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+  tt_int_op(ret, OP_EQ, 3);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+  one->id = 0xC00A;
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+  tt_int_op(ret, OP_EQ, 3);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
+
+  sk_SSL_CIPHER_zero(ciphers);
+  for (i=0; v2_cipher_list[i]; i++) {
+    tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
+    tt_assert(tmp_cipher);
+    sk_SSL_CIPHER_push(ciphers, tmp_cipher);
+  }
+  tls->client_cipher_list_type = 0;
+  ret = tor_tls_classify_client_ciphers(ssl, ciphers);
+  tt_int_op(ret, OP_EQ, 2);
+  tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
+
+ done:
+  sk_SSL_CIPHER_free(ciphers);
+  SSL_free(tls->ssl);
+  tor_free(tls);
+  SSL_CTX_free(ctx);
+}
+#endif
+
+static void
+test_tortls_client_is_using_v2_ciphers(void *ignored)
+{
+  (void)ignored;
+
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+  tt_skip();
+ done:
+  (void)1;
+#else
+  int ret;
+  SSL_CTX *ctx;
+  SSL *ssl;
+  SSL_SESSION *sess;
+  STACK_OF(SSL_CIPHER) *ciphers;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(TLSv1_method());
+  ssl = SSL_new(ctx);
+  sess = SSL_SESSION_new();
+
+  ret = tor_tls_client_is_using_v2_ciphers(ssl);
+  tt_int_op(ret, OP_EQ, -1);
+
+  ssl->session = sess;
+  ret = tor_tls_client_is_using_v2_ciphers(ssl);
+  tt_int_op(ret, OP_EQ, 0);
+
+  ciphers = sk_SSL_CIPHER_new_null();
+  SSL_CIPHER *one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+  one->id = 0x00ff;
+  sk_SSL_CIPHER_push(ciphers, one);
+  sess->ciphers = ciphers;
+  ret = tor_tls_client_is_using_v2_ciphers(ssl);
+  tt_int_op(ret, OP_EQ, 1);
+ done:
+  SSL_free(ssl);
+  SSL_CTX_free(ctx);
+#endif
+}
+
+#ifndef OPENSSL_OPAQUE
+static X509 *fixed_try_to_extract_certs_from_tls_cert_out_result = NULL;
+static X509 *fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL;
+
+static void
+fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
+                                    X509 **cert_out, X509 **id_cert_out)
+{
+  (void) severity;
+  (void) tls;
+  *cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result;
+  *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static const char* notCompletelyValidCertString =
+  "-----BEGIN CERTIFICATE-----\n"
+  "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
+  "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
+  "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
+  "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n"
+  "ODIyMDUyNzIzWhcNMTcwODIxMDUyNzIzWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n"
+  "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n"
+  "ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYBBrx5PlP0WNI/ZdzD\n"
+  "+6Pktmurn+F2kQYbtc7XQh8/LTBvCo+P6iZoLEmUA9e7EXLRxgU1CVqeAi7QcAn9\n"
+  "MwBlc8ksFJHB0rtf9pmf8Oza9E0Bynlq/4/Kb1x+d+AyhL7oK9tQwB24uHOueHi1\n"
+  "C/iVv8CSWKiYe6hzN1txYe8rAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAASPdjigJ\n"
+  "kXCqKWpnZ/Oc75EUcMi6HztaW8abUMlYXPIgkV2F7YanHOB7K4f7OOLjiz8DTPFf\n"
+  "jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n"
+  "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
+  "-----END CERTIFICATE-----\n";
+#endif
+
+static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
+  "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
+  "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
+  "c3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkwNjEzMzk1OVoXDTQz\n"
+  "MDEyMjEzMzk1OVowVjELMAkGA1UEBhMCVVMxEDAOBgNVBAcMB0NoaWNhZ28xFDAS\n"
+  "BgNVBAoMC1RvciBUZXN0aW5nMR8wHQYDVQQDDBZ0ZXN0aW5nLnRvcnByb2plY3Qu\n"
+  "b3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT6uyVVhWyOF3wkHjjYbd\n"
+  "nKaykyRv4JVtKQdZ4OpEErmX1zw4MmyzpQNV6iR4bQnWiyLfzyVJMZDIC/WILBfX\n"
+  "w2Pza/yuLgUvDc3twMuhOACzOQVO8PrEF/aVv2+hbCCy2udXvKhnYn+CCXl3ozc8\n"
+  "XcKYvujTXDyvGWY3xwAjlQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQCUvnhzQWuQ\n"
+  "MrN+pERkE+zcTI/9dGS90rUMMLgu8VDNqTa0TUQh8uO0EQ6uDvI8Js6e8tgwS0BR\n"
+  "UBahqb7ZHv+rejGCBr5OudqD+x4STiiuPNJVs86JTLN8SpM9CHjIBH5WCCN2KOy3\n"
+  "mevNoRcRRyYJzSFULCunIK6FGulszigMYGscrO4oiTkZiHPh9KvWT40IMiHfL+Lw\n"
+  "EtEWiLex6064LcA2YQ1AMuSZyCexks63lcfaFmQbkYOKqXa1oLkIRuDsOaSVjTfe\n"
+  "vec+X6jvf12cFTKS5WIeqkKF2Irt+dJoiHEGTe5RscUMN/f+gqHPzfFz5dR23sxo\n"
+  "g+HC6MZHlFkLAOx3wW6epPS8A/m1mw3zMPoTnb2U2YYt8T0dJMMlUn/7Y1sEAa+a\n"
+  "dSTMaeUf6VnJ//11m454EZl1to9Z7oJOgqmFffSrdD4BGIWe8f7hhW6L1Enmqe/J\n"
+  "BKL3wbzZh80O1W0bndAwhnEEhlzneFY84cbBo9pmVxpODHkUcStpr5Z7pBDrcL21\n"
+  "Ss/aB/1YrsVXhdvJdOGxl3Mnl9dUY57CympLGlT8f0pPS6GAKOelECOhFMHmJd8L\n"
+  "dj3XQSmKtYHevZ6IvuMXSlB/fJvSjSlkCuLo5+kJoaqPuRu+i/S1qxeRy3CBwmnE\n"
+  "LdSNdcX4N79GQJ996PA8+mUCQG7YRtK+WA==\n"
+  "-----END CERTIFICATE-----\n";
+
+static const char* caCertString = "-----BEGIN CERTIFICATE-----\n"
+  "MIIFjzCCA3egAwIBAgIJAKd5WgyfPMYRMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV\n"
+  "BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIG\n"
+  "A1UECgwLVG9yIFRlc3RpbmcxFDASBgNVBAMMC1RvciBUZXN0aW5nMB4XDTE1MDkw\n"
+  "NjEzMzc0MVoXDTQzMDEyMjEzMzc0MVowXjELMAkGA1UEBhMCVVMxETAPBgNVBAgM\n"
+  "CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRQwEgYDVQQKDAtUb3IgVGVzdGlu\n"
+  "ZzEUMBIGA1UEAwwLVG9yIFRlc3RpbmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\n"
+  "ggIKAoICAQCpLMUEiLW5leUgBZoEJms2V7lZRhIAjnJBhVMHD0e3UubNknmaQoxf\n"
+  "ARz3rvqOaRd0JlV+qM9qE0DjiYcCVP1cAfqAo9d83uS1vwY3YMVJzADlaIiHfyVW\n"
+  "uEgBy0vvkeUBqaua24dYlcwsemOiXYLu41yM1wkcGHW1AhBNHppY6cznb8TyLgNM\n"
+  "2x3SGUdzc5XMyAFx51faKGBA3wjs+Hg1PLY7d30nmCgEOBavpm5I1disM/0k+Mcy\n"
+  "YmAKEo/iHJX/rQzO4b9znP69juLlR8PDBUJEVIG/CYb6+uw8MjjUyiWXYoqfVmN2\n"
+  "hm/lH8b6rXw1a2Aa3VTeD0DxaWeacMYHY/i01fd5n7hCoDTRNdSw5KJ0L3Z0SKTu\n"
+  "0lzffKzDaIfyZGlpW5qdouACkWYzsaitQOePVE01PIdO30vUfzNTFDfy42ccx3Di\n"
+  "59UCu+IXB+eMtrBfsok0Qc63vtF1linJgjHW1z/8ujk8F7/qkOfODhk4l7wngc2A\n"
+  "EmwWFIFoGaiTEZHB9qteXr4unbXZ0AHpM02uGGwZEGohjFyebEb73M+J57WKKAFb\n"
+  "PqbLcGUksL1SHNBNAJcVLttX55sO4nbidOS/kA3m+F1R04MBTyQF9qA6YDDHqdI3\n"
+  "h/3pw0Z4fxVouTYT4/NfRnX4JTP4u+7Mpcoof28VME0qWqD1LnRhFQIDAQABo1Aw\n"
+  "TjAdBgNVHQ4EFgQUMoAgIXH7pZ3QMRwTjT+DM9Yo/v0wHwYDVR0jBBgwFoAUMoAg\n"
+  "IXH7pZ3QMRwTjT+DM9Yo/v0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n"
+  "AgEAUJxacjXR9sT+Xs6ISFiUsyd0T6WVKMnV46xrYJHirGfx+krWHrjxMY+ZtxYD\n"
+  "DBDGlo11Qc4v6QrclNf5QUBfIiGQsP9Cm6hHcQ+Tpg9HHCgSqG1YNPwCPReCR4br\n"
+  "BLvLfrfkcBL2IWM0PdQdCze+59DBfipsULD2mEn9fjYRXQEwb2QWtQ9qRc20Yb/x\n"
+  "Q4b/+CvUodLkaq7B8MHz0BV8HHcBoph6DYaRmO/N+hPauIuSp6XyaGYcEefGKVKj\n"
+  "G2+fcsdyXsoijNdL8vNKwm4j2gVwCBnw16J00yfFoV46YcbfqEdJB2je0XSvwXqt\n"
+  "14AOTngxso2h9k9HLtrfpO1ZG/B5AcCMs1lzbZ2fp5DPHtjvvmvA2RJqgo3yjw4W\n"
+  "4DHAuTglYFlC3mDHNfNtcGP20JvepcQNzNP2UzwcpOc94hfKikOFw+gf9Vf1qd0y\n"
+  "h/Sk6OZHn2+JVUPiWHIQV98Vtoh4RmUZDJD+b55ia3fQGTGzt4z1XFzQYSva5sfs\n"
+  "wocS/papthqWldQU7x+3wofNd5CNU1x6WKXG/yw30IT/4F8ADJD6GeygNT8QJYvt\n"
+  "u/8lAkbOy6B9xGmSvr0Kk1oq9P2NshA6kalxp1Oz/DTNDdL4AeBXV3JmM6WWCjGn\n"
+  "Yy1RT69d0rwYc5u/vnqODz1IjvT90smsrkBumGt791FAFeg=\n"
+  "-----END CERTIFICATE-----\n";
+
+static X509 *
+read_cert_from(const char *str)
+{
+  BIO *bio = BIO_new(BIO_s_mem());
+  BIO_write(bio, str, (int) strlen(str));
+  X509 *res = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+  BIO_free(bio);
+  return res;
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_verify(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  crypto_pk_t *k = NULL;
+  X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
+    *validCert = NULL, *caCert = NULL;
+
+  cert1 = tor_malloc_zero(sizeof(X509));
+  cert1->references = 10;
+
+  cert2 = tor_malloc_zero(sizeof(X509));
+  cert2->references = 10;
+
+  validCert = read_cert_from(validCertString);
+  caCert = read_cert_from(caCertString);
+  invalidCert = read_cert_from(notCompletelyValidCertString);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  ret = tor_tls_verify(LOG_WARN, tls, &k);
+  tt_int_op(ret, OP_EQ, -1);
+
+  MOCK(try_to_extract_certs_from_tls, fixed_try_to_extract_certs_from_tls);
+
+  fixed_try_to_extract_certs_from_tls_cert_out_result = cert1;
+  ret = tor_tls_verify(LOG_WARN, tls, &k);
+  tt_int_op(ret, OP_EQ, -1);
+
+  fixed_try_to_extract_certs_from_tls_id_cert_out_result = cert2;
+  ret = tor_tls_verify(LOG_WARN, tls, &k);
+  tt_int_op(ret, OP_EQ, -1);
+
+  fixed_try_to_extract_certs_from_tls_cert_out_result = invalidCert;
+  fixed_try_to_extract_certs_from_tls_id_cert_out_result = invalidCert;
+
+  ret = tor_tls_verify(LOG_WARN, tls, &k);
+  tt_int_op(ret, OP_EQ, -1);
+
+  fixed_try_to_extract_certs_from_tls_cert_out_result = validCert;
+  fixed_try_to_extract_certs_from_tls_id_cert_out_result = caCert;
+
+  ret = tor_tls_verify(LOG_WARN, tls, &k);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_assert(k);
+
+ done:
+  UNMOCK(try_to_extract_certs_from_tls);
+  tor_free(cert1);
+  tor_free(cert2);
+  tor_free(tls);
+  tor_free(k);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_check_lifetime(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  X509 *validCert = read_cert_from(validCertString);
+  time_t now = time(NULL);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  ret = tor_tls_check_lifetime(LOG_WARN, tls, 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+  tls->ssl->session->peer = validCert;
+  ret = tor_tls_check_lifetime(LOG_WARN, tls, 0, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  ASN1_STRING_free(validCert->cert_info->validity->notBefore);
+  validCert->cert_info->validity->notBefore = ASN1_TIME_set(NULL, now-10);
+  ASN1_STRING_free(validCert->cert_info->validity->notAfter);
+  validCert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, now+60);
+
+  ret = tor_tls_check_lifetime(LOG_WARN, tls, 0, -1000);
+  tt_int_op(ret, OP_EQ, -1);
+
+  ret = tor_tls_check_lifetime(LOG_WARN, tls, -1000, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+ done:
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  X509_free(validCert);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_ssl_pending_result = 0;
+
+static int
+fixed_ssl_pending(const SSL *ignored)
+{
+  (void)ignored;
+  return fixed_ssl_pending_result;
+}
+
+static void
+test_tortls_get_pending_bytes(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  SSL_METHOD *method;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  method = tor_malloc_zero(sizeof(SSL_METHOD));
+  method->ssl_pending = fixed_ssl_pending;
+  tls->ssl->method = method;
+
+  fixed_ssl_pending_result = 42;
+  ret = tor_tls_get_pending_bytes(tls);
+  tt_int_op(ret, OP_EQ, 42);
+
+ done:
+  tor_free(method);
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+#endif
+
+static void
+test_tortls_get_forced_write_size(void *ignored)
+{
+  (void)ignored;
+  long ret;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  tls->wantwrite_n = 43;
+  ret = tor_tls_get_forced_write_size(tls);
+  tt_int_op(ret, OP_EQ, 43);
+
+ done:
+  tor_free(tls);
+}
+
+extern uint64_t total_bytes_written_over_tls;
+extern uint64_t total_bytes_written_by_tls;
+
+static void
+test_tortls_get_write_overhead_ratio(void *ignored)
+{
+  (void)ignored;
+  double ret;
+
+  total_bytes_written_over_tls = 0;
+  ret = tls_get_write_overhead_ratio();
+  tt_int_op(ret, OP_EQ, 1.0);
+
+  total_bytes_written_by_tls = 10;
+  total_bytes_written_over_tls = 1;
+  ret = tls_get_write_overhead_ratio();
+  tt_int_op(ret, OP_EQ, 10.0);
+
+  total_bytes_written_by_tls = 10;
+  total_bytes_written_over_tls = 2;
+  ret = tls_get_write_overhead_ratio();
+  tt_int_op(ret, OP_EQ, 5.0);
+
+ done:
+  (void)0;
+}
+
+static void
+test_tortls_used_v1_handshake(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  // These tests assume both V2 handshake server and client are enabled
+  tls->wasV2Handshake = 0;
+  ret = tor_tls_used_v1_handshake(tls);
+  tt_int_op(ret, OP_EQ, 1);
+
+  tls->wasV2Handshake = 1;
+  ret = tor_tls_used_v1_handshake(tls);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  tor_free(tls);
+}
+
+static void
+test_tortls_get_num_server_handshakes(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  tls->server_handshake_count = 3;
+  ret = tor_tls_get_num_server_handshakes(tls);
+  tt_int_op(ret, OP_EQ, 3);
+
+ done:
+  tor_free(tls);
+}
+
+static void
+test_tortls_server_got_renegotiate(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  tls->got_renegotiate = 1;
+  ret = tor_tls_server_got_renegotiate(tls);
+  tt_int_op(ret, OP_EQ, 1);
+
+ done:
+  tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_SSL_SESSION_get_master_key(void *ignored)
+{
+  (void)ignored;
+  size_t ret;
+  tor_tls_t *tls;
+  uint8_t *out;
+  out = tor_malloc_zero(1);
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+  tls->ssl->session->master_key_length = 1;
+
+#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+  tls->ssl->session->master_key[0] = 43;
+  ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 0);
+  tt_int_op(ret, OP_EQ, 1);
+  tt_int_op(out[0], OP_EQ, 0);
+
+  ret = SSL_SESSION_get_master_key(tls->ssl->session, out, 1);
+  tt_int_op(ret, OP_EQ, 1);
+  tt_int_op(out[0], OP_EQ, 43);
+
+ done:
+#endif
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  tor_free(out);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_tlssecrets(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  uint8_t *secret_out = tor_malloc_zero(DIGEST256_LEN);;
+  tor_tls_t *tls;
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+  tls->ssl->session->master_key_length = 1;
+  tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
+
+  ret = tor_tls_get_tlssecrets(tls, secret_out);
+  tt_int_op(ret, OP_EQ, 0);
+
+ done:
+  tor_free(secret_out);
+  tor_free(tls->ssl->s3);
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_buffer_sizes(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  size_t rbuf_c=-1, rbuf_b=-1, wbuf_c=-1, wbuf_b=-1;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
+
+  tls->ssl->s3->rbuf.buf = NULL;
+  tls->ssl->s3->rbuf.len = 1;
+  tls->ssl->s3->rbuf.offset = 0;
+  tls->ssl->s3->rbuf.left = 42;
+
+  tls->ssl->s3->wbuf.buf = NULL;
+  tls->ssl->s3->wbuf.len = 2;
+  tls->ssl->s3->wbuf.offset = 0;
+  tls->ssl->s3->wbuf.left = 43;
+
+  ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+  tt_int_op(ret, OP_EQ, -1);
+#else
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(rbuf_c, OP_EQ, 0);
+  tt_int_op(wbuf_c, OP_EQ, 0);
+  tt_int_op(rbuf_b, OP_EQ, 42);
+  tt_int_op(wbuf_b, OP_EQ, 43);
+
+  tls->ssl->s3->rbuf.buf = tor_malloc_zero(1);
+  tls->ssl->s3->wbuf.buf = tor_malloc_zero(1);
+  ret = tor_tls_get_buffer_sizes(tls, &rbuf_c, &rbuf_b, &wbuf_c, &wbuf_b);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(rbuf_c, OP_EQ, 1);
+  tt_int_op(wbuf_c, OP_EQ, 2);
+
+#endif
+
+ done:
+  tor_free(tls->ssl->s3->rbuf.buf);
+  tor_free(tls->ssl->s3->wbuf.buf);
+  tor_free(tls->ssl->s3);
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+#endif
+
+static void
+test_tortls_evaluate_ecgroup_for_tls(void *ignored)
+{
+  (void)ignored;
+  int ret;
+
+  ret = evaluate_ecgroup_for_tls(NULL);
+  tt_int_op(ret, OP_EQ, 1);
+
+  ret = evaluate_ecgroup_for_tls("foobar");
+  tt_int_op(ret, OP_EQ, 0);
+
+  ret = evaluate_ecgroup_for_tls("P256");
+  tt_int_op(ret, OP_EQ, 1);
+
+  ret = evaluate_ecgroup_for_tls("P224");
+  //  tt_int_op(ret, OP_EQ, 1); This varies between machines
+
+ done:
+  (void)0;
+}
+
+#ifndef OPENSSL_OPAQUE
+typedef struct cert_pkey_st_local
+{
+  X509 *x509;
+  EVP_PKEY *privatekey;
+  const EVP_MD *digest;
+} CERT_PKEY_local;
+
+typedef struct sess_cert_st_local
+{
+  STACK_OF(X509) *cert_chain;
+  int peer_cert_type;
+  CERT_PKEY_local *peer_key;
+  CERT_PKEY_local peer_pkeys[8];
+  int references;
+} SESS_CERT_local;
+
+static void
+test_tortls_try_to_extract_certs_from_tls(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  X509 *cert = NULL, *id_cert = NULL, *c1 = NULL, *c2 = NULL;
+  SESS_CERT_local *sess = NULL;
+
+  c1 = read_cert_from(validCertString);
+  c2 = read_cert_from(caCertString);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+  sess = tor_malloc_zero(sizeof(SESS_CERT_local));
+  tls->ssl->session->sess_cert = (void *)sess;
+
+  try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+  tt_assert(!cert);
+  tt_assert(!id_cert);
+
+  tls->ssl->session->peer = c1;
+  try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+  tt_assert(cert == c1);
+  tt_assert(!id_cert);
+  X509_free(cert); /* decrease refcnt */
+
+  sess->cert_chain = sk_X509_new_null();
+  try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+  tt_assert(cert == c1);
+  tt_assert(!id_cert);
+  X509_free(cert); /* decrease refcnt */
+
+  sk_X509_push(sess->cert_chain, c1);
+  sk_X509_push(sess->cert_chain, c2);
+
+  try_to_extract_certs_from_tls(LOG_WARN, tls, &cert, &id_cert);
+  tt_assert(cert == c1);
+  tt_assert(id_cert);
+  X509_free(cert); /* decrease refcnt */
+
+ done:
+  sk_X509_free(sess->cert_chain);
+  tor_free(sess);
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  X509_free(c1);
+  X509_free(c2);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_get_peer_cert(void *ignored)
+{
+  (void)ignored;
+  tor_x509_cert_t *ret;
+  tor_tls_t *tls;
+  X509 *cert = NULL;
+
+  cert = read_cert_from(validCertString);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+
+  ret = tor_tls_get_peer_cert(tls);
+  tt_assert(!ret);
+
+  tls->ssl->session->peer = cert;
+  ret = tor_tls_get_peer_cert(tls);
+  tt_assert(ret);
+  tt_assert(ret->cert == cert);
+
+ done:
+  tor_x509_cert_free(ret);
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  X509_free(cert);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_peer_has_cert(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  X509 *cert = NULL;
+
+  cert = read_cert_from(validCertString);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
+
+  ret = tor_tls_peer_has_cert(tls);
+  tt_assert(!ret);
+
+  tls->ssl->session->peer = cert;
+  ret = tor_tls_peer_has_cert(tls);
+  tt_assert(ret);
+
+ done:
+  tor_free(tls->ssl->session);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  X509_free(cert);
+}
+#endif
+
+static void
+test_tortls_is_server(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  int ret;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->isServer = 1;
+  ret = tor_tls_is_server(tls);
+  tt_int_op(ret, OP_EQ, 1);
+
+ done:
+  tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_session_secret_cb(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  SSL_CTX *ctx;
+  STACK_OF(SSL_CIPHER) *ciphers = NULL;
+  SSL_CIPHER *one;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+  tor_tls_allocate_tor_tls_object_ex_data_index();
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  tls->magic = TOR_TLS_MAGIC;
+
+  ctx = SSL_CTX_new(TLSv1_method());
+  tls->ssl = SSL_new(ctx);
+  SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
+
+  SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
+
+  tor_tls_session_secret_cb(tls->ssl, NULL, NULL, NULL, NULL, NULL);
+  tt_assert(!tls->ssl->tls_session_secret_cb);
+
+  one = get_cipher_by_name("ECDH-RSA-AES256-GCM-SHA384");
+  one->id = 0x00ff;
+  ciphers = sk_SSL_CIPHER_new_null();
+  sk_SSL_CIPHER_push(ciphers, one);
+
+  tls->client_cipher_list_type = 0;
+  tor_tls_session_secret_cb(tls->ssl, NULL, NULL, ciphers, NULL, NULL);
+  tt_assert(!tls->ssl->tls_session_secret_cb);
+
+ done:
+  sk_SSL_CIPHER_free(ciphers);
+  SSL_free(tls->ssl);
+  SSL_CTX_free(ctx);
+  tor_free(tls);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+/* TODO: It seems block_renegotiation and unblock_renegotiation and
+ * using different blags. This might not be correct */
+static void
+test_tortls_block_renegotiation(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->s3 = tor_malloc_zero(sizeof(SSL3_STATE));
+#ifndef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
+#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
+#endif
+
+  tls->ssl->s3->flags = SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+
+  tor_tls_block_renegotiation(tls);
+
+#ifndef OPENSSL_1_1_API
+  tt_assert(!(tls->ssl->s3->flags &
+              SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
+#endif
+
+ done:
+  tor_free(tls->ssl->s3);
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+
+static void
+test_tortls_unblock_renegotiation(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tor_tls_unblock_renegotiation(tls);
+
+  tt_uint_op(SSL_get_options(tls->ssl) &
+             SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, OP_EQ,
+             SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+
+ done:
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_assert_renegotiation_unblocked(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tor_tls_unblock_renegotiation(tls);
+  tor_tls_assert_renegotiation_unblocked(tls);
+  /* No assertion here - this test will fail if tor_assert is turned on
+   * and things are bad. */
+
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+#endif
+
+static void
+test_tortls_set_logged_address(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+
+  tor_tls_set_logged_address(tls, "foo bar");
+
+  tt_str_op(tls->address, OP_EQ, "foo bar");
+
+  tor_tls_set_logged_address(tls, "foo bar 2");
+  tt_str_op(tls->address, OP_EQ, "foo bar 2");
+
+ done:
+  tor_free(tls->address);
+  tor_free(tls);
+}
+
+#ifndef OPENSSL_OPAQUE
+static void
+example_cb(tor_tls_t *t, void *arg)
+{
+  (void)t;
+  (void)arg;
+}
+
+static void
+test_tortls_set_renegotiate_callback(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  const char *arg = "hello";
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+
+  tor_tls_set_renegotiate_callback(tls, example_cb, (void*)arg);
+  tt_assert(tls->negotiated_callback == example_cb);
+  tt_assert(tls->callback_arg == arg);
+  tt_assert(!tls->got_renegotiate);
+
+  /* Assumes V2_HANDSHAKE_SERVER */
+  tt_assert(tls->ssl->info_callback == tor_tls_server_info_callback);
+
+  tor_tls_set_renegotiate_callback(tls, NULL, (void*)arg);
+  tt_assert(tls->ssl->info_callback == tor_tls_debug_state_callback);
+
+ done:
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static SSL_CIPHER *fixed_cipher1 = NULL;
+static SSL_CIPHER *fixed_cipher2 = NULL;
+static const SSL_CIPHER *
+fake_get_cipher(unsigned ncipher)
+{
+
+  switch (ncipher) {
+  case 1:
+    return fixed_cipher1;
+  case 2:
+    return fixed_cipher2;
+  default:
+    return NULL;
+  }
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_find_cipher_by_id(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  SSL *ssl;
+  SSL_CTX *ctx;
+  const SSL_METHOD *m = TLSv1_method();
+  SSL_METHOD *empty_method = tor_malloc_zero(sizeof(SSL_METHOD));
+
+  fixed_cipher1 = tor_malloc_zero(sizeof(SSL_CIPHER));
+  fixed_cipher2 = tor_malloc_zero(sizeof(SSL_CIPHER));
+  fixed_cipher2->id = 0xC00A;
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(m);
+  ssl = SSL_new(ctx);
+
+  ret = find_cipher_by_id(ssl, NULL, 0xC00A);
+  tt_int_op(ret, OP_EQ, 1);
+
+  ret = find_cipher_by_id(ssl, m, 0xC00A);
+  tt_int_op(ret, OP_EQ, 1);
+
+  ret = find_cipher_by_id(ssl, m, 0xFFFF);
+  tt_int_op(ret, OP_EQ, 0);
+
+  ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+  tt_int_op(ret, OP_EQ, 1);
+
+  ret = find_cipher_by_id(ssl, empty_method, 0xFFFF);
+#ifdef HAVE_SSL_CIPHER_FIND
+  tt_int_op(ret, OP_EQ, 0);
+#else
+  tt_int_op(ret, OP_EQ, 1);
+#endif
+
+  empty_method->get_cipher = fake_get_cipher;
+  ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+  tt_int_op(ret, OP_EQ, 1);
+
+  empty_method->get_cipher = m->get_cipher;
+  empty_method->num_ciphers = m->num_ciphers;
+  ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+  tt_int_op(ret, OP_EQ, 1);
+
+  empty_method->get_cipher = fake_get_cipher;
+  empty_method->num_ciphers = m->num_ciphers;
+  ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+  tt_int_op(ret, OP_EQ, 1);
+
+  empty_method->num_ciphers = fake_num_ciphers;
+  ret = find_cipher_by_id(ssl, empty_method, 0xC00A);
+#ifdef HAVE_SSL_CIPHER_FIND
+  tt_int_op(ret, OP_EQ, 1);
+#else
+  tt_int_op(ret, OP_EQ, 0);
+#endif
+
+ done:
+  tor_free(empty_method);
+  SSL_free(ssl);
+  SSL_CTX_free(ctx);
+  tor_free(fixed_cipher1);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_debug_state_callback(void *ignored)
+{
+  (void)ignored;
+  SSL *ssl;
+  char *buf = tor_malloc_zero(1000);
+  int n;
+
+  int previous_log = setup_capture_of_logs(LOG_DEBUG);
+
+  ssl = tor_malloc_zero(sizeof(SSL));
+
+  tor_tls_debug_state_callback(ssl, 32, 45);
+
+  n = tor_snprintf(buf, 1000, "SSL %p is now in state unknown"
+               " state [type=32,val=45].\n", ssl);
+  /* tor's snprintf returns -1 on error */
+  tt_int_op(n, OP_NE, -1);
+  expect_log_msg(buf);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  tor_free(buf);
+  tor_free(ssl);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_server_info_callback(void *ignored)
+{
+  (void)ignored;
+  tor_tls_t *tls;
+  SSL_CTX *ctx;
+  SSL *ssl;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(TLSv1_method());
+  ssl = SSL_new(ctx);
+
+  tor_tls_allocate_tor_tls_object_ex_data_index();
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->magic = TOR_TLS_MAGIC;
+  tls->ssl = ssl;
+
+  tor_tls_server_info_callback(NULL, 0, 0);
+
+  SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_A);
+  mock_clean_saved_logs();
+  tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+  expect_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
+
+  SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
+  mock_clean_saved_logs();
+  tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+  expect_log_msg("Couldn't look up the tls for an SSL*. How odd!\n");
+
+  SSL_set_state(ssl, 99);
+  mock_clean_saved_logs();
+  tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+  expect_no_log_entry();
+
+  SSL_set_ex_data(tls->ssl, tor_tls_object_ex_data_index, tls);
+  SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
+  tls->negotiated_callback = 0;
+  tls->server_handshake_count = 120;
+  tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+  tt_int_op(tls->server_handshake_count, OP_EQ, 121);
+
+  tls->server_handshake_count = 127;
+  tls->negotiated_callback = (void *)1;
+  tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+  tt_int_op(tls->server_handshake_count, OP_EQ, 127);
+  tt_int_op(tls->got_renegotiate, OP_EQ, 1);
+
+  tls->ssl->session = SSL_SESSION_new();
+  tls->wasV2Handshake = 0;
+  tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
+  tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  SSL_free(ssl);
+  SSL_CTX_free(ctx);
+  tor_free(tls);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_ssl_read_result_index;
+static int fixed_ssl_read_result[5];
+static int fixed_ssl_shutdown_result;
+
+static int
+fixed_ssl_read(SSL *s, void *buf, int len)
+{
+  (void)s;
+  (void)buf;
+  (void)len;
+  return fixed_ssl_read_result[fixed_ssl_read_result_index++];
+}
+
+static int
+fixed_ssl_shutdown(SSL *s)
+{
+  (void)s;
+  return fixed_ssl_shutdown_result;
+}
+
+#ifndef LIBRESSL_VERSION_NUMBER
+static int fixed_ssl_state_to_set;
+static tor_tls_t *fixed_tls;
+
+static int
+setting_version_ssl_shutdown(SSL *s)
+{
+  s->version = SSL2_VERSION;
+  return fixed_ssl_shutdown_result;
+}
+
+static int
+setting_version_and_state_ssl_shutdown(SSL *s)
+{
+  fixed_tls->state = fixed_ssl_state_to_set;
+  s->version = SSL2_VERSION;
+  return fixed_ssl_shutdown_result;
+}
+#endif
+
+static int
+dummy_handshake_func(SSL *s)
+{
+  (void)s;
+  return 1;
+}
+
+static void
+test_tortls_shutdown(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  SSL_METHOD *method = give_me_a_test_method();
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->ssl->method = method;
+  method->ssl_read = fixed_ssl_read;
+  method->ssl_shutdown = fixed_ssl_shutdown;
+
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, -9);
+
+  tls->state = TOR_TLS_ST_SENTCLOSE;
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 10;
+  fixed_ssl_read_result[1] = -1;
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, -9);
+
+#ifndef LIBRESSL_VERSION_NUMBER
+  tls->ssl->handshake_func = dummy_handshake_func;
+
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 10;
+  fixed_ssl_read_result[1] = 42;
+  fixed_ssl_read_result[2] = 0;
+  fixed_ssl_shutdown_result = 1;
+  ERR_clear_error();
+  tls->ssl->version = SSL2_VERSION;
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
+  tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
+
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 10;
+  fixed_ssl_read_result[1] = 42;
+  fixed_ssl_read_result[2] = 0;
+  fixed_ssl_shutdown_result = 0;
+  ERR_clear_error();
+  tls->ssl->version = 0;
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
+  tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
+
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 10;
+  fixed_ssl_read_result[1] = 42;
+  fixed_ssl_read_result[2] = 0;
+  fixed_ssl_shutdown_result = 0;
+  ERR_clear_error();
+  tls->ssl->version = 0;
+  method->ssl_shutdown = setting_version_ssl_shutdown;
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 10;
+  fixed_ssl_read_result[1] = 42;
+  fixed_ssl_read_result[2] = 0;
+  fixed_ssl_shutdown_result = 0;
+  fixed_tls = tls;
+  fixed_ssl_state_to_set = TOR_TLS_ST_GOTCLOSE;
+  ERR_clear_error();
+  tls->ssl->version = 0;
+  method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 10;
+  fixed_ssl_read_result[1] = 42;
+  fixed_ssl_read_result[2] = 0;
+  fixed_ssl_read_result[3] = -1;
+  fixed_ssl_shutdown_result = 0;
+  fixed_tls = tls;
+  fixed_ssl_state_to_set = 0;
+  ERR_clear_error();
+  tls->ssl->version = 0;
+  method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
+  ret = tor_tls_shutdown(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+#endif
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  tor_free(method);
+  tor_free(tls->ssl);
+  tor_free(tls);
+}
+
+static int negotiated_callback_called;
+
+static void
+negotiated_callback_setter(tor_tls_t *t, void *arg)
+{
+  (void)t;
+  (void)arg;
+  negotiated_callback_called++;
+}
+
+static void
+test_tortls_read(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  char buf[100];
+  SSL_METHOD *method = give_me_a_test_method();
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->state = TOR_TLS_ST_OPEN;
+
+  ret = tor_tls_read(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, -9);
+
+  /* These tests assume that V2_HANDSHAKE_SERVER is set */
+  tls->ssl->handshake_func = dummy_handshake_func;
+  tls->ssl->method = method;
+  method->ssl_read = fixed_ssl_read;
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 42;
+  tls->state = TOR_TLS_ST_OPEN;
+  ERR_clear_error();
+  ret = tor_tls_read(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, 42);
+
+  tls->state = TOR_TLS_ST_OPEN;
+  tls->got_renegotiate = 1;
+  fixed_ssl_read_result_index = 0;
+  ERR_clear_error();
+  ret = tor_tls_read(tls, buf, 10);
+  tt_int_op(tls->got_renegotiate, OP_EQ, 0);
+
+  tls->state = TOR_TLS_ST_OPEN;
+  tls->got_renegotiate = 1;
+  negotiated_callback_called = 0;
+  tls->negotiated_callback = negotiated_callback_setter;
+  fixed_ssl_read_result_index = 0;
+  ERR_clear_error();
+  ret = tor_tls_read(tls, buf, 10);
+  tt_int_op(negotiated_callback_called, OP_EQ, 1);
+
+#ifndef LIBRESSL_VERSION_NUMBER
+  fixed_ssl_read_result_index = 0;
+  fixed_ssl_read_result[0] = 0;
+  tls->ssl->version = SSL2_VERSION;
+  ERR_clear_error();
+  ret = tor_tls_read(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, TOR_TLS_CLOSE);
+  tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
+#endif
+  // TODO: fill up
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  tor_free(method);
+}
+
+static int fixed_ssl_write_result;
+
+static int
+fixed_ssl_write(SSL *s, const void *buf, int len)
+{
+  (void)s;
+  (void)buf;
+  (void)len;
+  return fixed_ssl_write_result;
+}
+
+static void
+test_tortls_write(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  SSL_METHOD *method = give_me_a_test_method();
+  char buf[100];
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = tor_malloc_zero(sizeof(SSL));
+  tls->state = TOR_TLS_ST_OPEN;
+
+  ret = tor_tls_write(tls, buf, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  ret = tor_tls_write(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, -9);
+
+  tls->ssl->method = method;
+  tls->wantwrite_n = 1;
+  ret = tor_tls_write(tls, buf, 10);
+  tt_int_op(tls->wantwrite_n, OP_EQ, 0);
+
+  method->ssl_write = fixed_ssl_write;
+  tls->ssl->handshake_func = dummy_handshake_func;
+  fixed_ssl_write_result = 1;
+  ERR_clear_error();
+  ret = tor_tls_write(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, 1);
+
+  fixed_ssl_write_result = -1;
+  ERR_clear_error();
+  tls->ssl->rwstate = SSL_READING;
+  SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
+  SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_READ;
+  ret = tor_tls_write(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, TOR_TLS_WANTREAD);
+
+  ERR_clear_error();
+  tls->ssl->rwstate = SSL_READING;
+  SSL_set_bio(tls->ssl, BIO_new(BIO_s_mem()), NULL);
+  SSL_get_rbio(tls->ssl)->flags = BIO_FLAGS_WRITE;
+  ret = tor_tls_write(tls, buf, 10);
+  tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  BIO_free(tls->ssl->rbio);
+  tor_free(tls->ssl);
+  tor_free(tls);
+  tor_free(method);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_ssl_accept_result;
+static int fixed_ssl_connect_result;
+
+static int
+setting_error_ssl_accept(SSL *ssl)
+{
+  (void)ssl;
+  ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
+  ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
+  return fixed_ssl_accept_result;
+}
+
+static int
+setting_error_ssl_connect(SSL *ssl)
+{
+  (void)ssl;
+  ERR_put_error(ERR_LIB_BN, 2, -1, "somewhere.c", 99);
+  ERR_put_error(ERR_LIB_SYS, 2, -1, "somewhere.c", 99);
+  return fixed_ssl_connect_result;
+}
+
+static int
+fixed_ssl_accept(SSL *ssl)
+{
+  (void) ssl;
+  return fixed_ssl_accept_result;
+}
+
+static void
+test_tortls_handshake(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  SSL_CTX *ctx;
+  SSL_METHOD *method = give_me_a_test_method();
+  int previous_log = setup_capture_of_logs(LOG_INFO);
+
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  ctx = SSL_CTX_new(TLSv1_method());
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = SSL_new(ctx);
+  tls->state = TOR_TLS_ST_HANDSHAKE;
+
+  ret = tor_tls_handshake(tls);
+  tt_int_op(ret, OP_EQ, -9);
+
+  tls->isServer = 1;
+  tls->state = TOR_TLS_ST_HANDSHAKE;
+  ret = tor_tls_handshake(tls);
+  tt_int_op(ret, OP_EQ, -9);
+
+  tls->ssl->method = method;
+  method->ssl_accept = fixed_ssl_accept;
+  fixed_ssl_accept_result = 2;
+  ERR_clear_error();
+  tls->state = TOR_TLS_ST_HANDSHAKE;
+  ret = tor_tls_handshake(tls);
+  tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_OPEN);
+
+  method->ssl_accept = setting_error_ssl_accept;
+  fixed_ssl_accept_result = 1;
+  ERR_clear_error();
+  mock_clean_saved_logs();
+  tls->state = TOR_TLS_ST_HANDSHAKE;
+  ret = tor_tls_handshake(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+  expect_log_entry();
+  /* This fails on jessie.  Investigate why! */
+#if 0
+  expect_log_msg("TLS error while handshaking: (null) (in bignum routines:"
+            "(null):SSLv3 write client hello B)\n");
+  expect_log_msg("TLS error while handshaking: (null) (in system library:"
+            "connect:SSLv3 write client hello B)\n");
+#endif
+  expect_log_severity(LOG_INFO);
+
+  tls->isServer = 0;
+  method->ssl_connect = setting_error_ssl_connect;
+  fixed_ssl_connect_result = 1;
+  ERR_clear_error();
+  mock_clean_saved_logs();
+  tls->state = TOR_TLS_ST_HANDSHAKE;
+  ret = tor_tls_handshake(tls);
+  tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
+  expect_log_entry();
+#if 0
+  /* See above */
+  expect_log_msg("TLS error while handshaking: "
+            "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
+  expect_log_msg("TLS error while handshaking: "
+            "(null) (in system library:connect:SSLv3 write client hello B)\n");
+#endif
+  expect_log_severity(LOG_WARN);
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  SSL_free(tls->ssl);
+  SSL_CTX_free(ctx);
+  tor_free(tls);
+  tor_free(method);
+}
+#endif
+
+#ifndef OPENSSL_OPAQUE
+static void
+test_tortls_finish_handshake(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_t *tls;
+  SSL_CTX *ctx;
+  SSL_METHOD *method = give_me_a_test_method();
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  X509 *c1 = read_cert_from(validCertString);
+  SESS_CERT_local *sess = NULL;
+
+  ctx = SSL_CTX_new(method);
+
+  tls = tor_malloc_zero(sizeof(tor_tls_t));
+  tls->ssl = SSL_new(ctx);
+  tls->state = TOR_TLS_ST_OPEN;
+
+  ret = tor_tls_finish_handshake(tls);
+  tt_int_op(ret, OP_EQ, 0);
+
+  tls->isServer = 1;
+  tls->wasV2Handshake = 0;
+  ret = tor_tls_finish_handshake(tls);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
+
+  tls->wasV2Handshake = 1;
+  ret = tor_tls_finish_handshake(tls);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
+
+  tls->wasV2Handshake = 1;
+  tls->ssl->session = SSL_SESSION_new();
+  ret = tor_tls_finish_handshake(tls);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
+
+  tls->isServer = 0;
+
+  sess = tor_malloc_zero(sizeof(SESS_CERT_local));
+  tls->ssl->session->sess_cert = (void *)sess;
+  sess->cert_chain = sk_X509_new_null();
+  sk_X509_push(sess->cert_chain, c1);
+  tls->ssl->session->peer = c1;
+  tls->wasV2Handshake = 0;
+  ret = tor_tls_finish_handshake(tls);
+  tt_int_op(ret, OP_EQ, 0);
+  tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
+
+  method->num_ciphers = fake_num_ciphers;
+  ret = tor_tls_finish_handshake(tls);
+  tt_int_op(ret, OP_EQ, -9);
+
+ done:
+  if (sess)
+    sk_X509_free(sess->cert_chain);
+  if (tls->ssl && tls->ssl->session) {
+    tor_free(tls->ssl->session->sess_cert);
+  }
+  SSL_free(tls->ssl);
+  tor_free(tls);
+  SSL_CTX_free(ctx);
+  tor_free(method);
+}
+#endif
+
+static int fixed_crypto_pk_new_result_index;
+static crypto_pk_t *fixed_crypto_pk_new_result[5];
+
+static crypto_pk_t *
+fixed_crypto_pk_new(void)
+{
+  return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++];
+}
+
+#ifndef OPENSSL_OPAQUE
+static int fixed_crypto_pk_generate_key_with_bits_result_index;
+static int fixed_crypto_pk_generate_key_with_bits_result[5];
+static int fixed_tor_tls_create_certificate_result_index;
+static X509 *fixed_tor_tls_create_certificate_result[5];
+static int fixed_tor_x509_cert_new_result_index;
+static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5];
+
+static int
+fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
+{
+  (void)env;
+  (void)bits;
+  return fixed_crypto_pk_generate_key_with_bits_result[
+                    fixed_crypto_pk_generate_key_with_bits_result_index++];
+}
+
+static X509 *
+fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
+                                 crypto_pk_t *rsa_sign,
+                                 const char *cname,
+                                 const char *cname_sign,
+                                 unsigned int cert_lifetime)
+{
+  (void)rsa;
+  (void)rsa_sign;
+  (void)cname;
+  (void)cname_sign;
+  (void)cert_lifetime;
+  return fixed_tor_tls_create_certificate_result[
+                             fixed_tor_tls_create_certificate_result_index++];
+}
+
+static tor_x509_cert_t *
+fixed_tor_x509_cert_new(X509 *x509_cert)
+{
+  (void) x509_cert;
+  return fixed_tor_x509_cert_new_result[
+                                      fixed_tor_x509_cert_new_result_index++];
+}
+
+static void
+test_tortls_context_new(void *ignored)
+{
+  (void)ignored;
+  tor_tls_context_t *ret;
+  crypto_pk_t *pk1, *pk2, *pk3, *pk4, *pk5, *pk6, *pk7, *pk8, *pk9, *pk10,
+    *pk11, *pk12, *pk13, *pk14, *pk15, *pk16, *pk17, *pk18;
+
+  pk1 = crypto_pk_new();
+  pk2 = crypto_pk_new();
+  pk3 = crypto_pk_new();
+  pk4 = crypto_pk_new();
+  pk5 = crypto_pk_new();
+  pk6 = crypto_pk_new();
+  pk7 = crypto_pk_new();
+  pk8 = crypto_pk_new();
+  pk9 = crypto_pk_new();
+  pk10 = crypto_pk_new();
+  pk11 = crypto_pk_new();
+  pk12 = crypto_pk_new();
+  pk13 = crypto_pk_new();
+  pk14 = crypto_pk_new();
+  pk15 = crypto_pk_new();
+  pk16 = crypto_pk_new();
+  pk17 = crypto_pk_new();
+  pk18 = crypto_pk_new();
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = NULL;
+  MOCK(crypto_pk_new, fixed_crypto_pk_new);
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  MOCK(crypto_pk_generate_key_with_bits,
+       fixed_crypto_pk_generate_key_with_bits);
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk1;
+  fixed_crypto_pk_new_result[1] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result[0] = -1;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk2;
+  fixed_crypto_pk_new_result[1] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk3;
+  fixed_crypto_pk_new_result[1] = pk4;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result[0] = 0;
+  fixed_crypto_pk_generate_key_with_bits_result[1] = -1;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  MOCK(tor_tls_create_certificate, fixed_tor_tls_create_certificate);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk5;
+  fixed_crypto_pk_new_result[1] = pk6;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_crypto_pk_generate_key_with_bits_result[1] = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = NULL;
+  fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk7;
+  fixed_crypto_pk_new_result[1] = pk8;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[1] = NULL;
+  fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk9;
+  fixed_crypto_pk_new_result[1] = pk10;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[2] = NULL;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  MOCK(tor_x509_cert_new, fixed_tor_x509_cert_new);
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk11;
+  fixed_crypto_pk_new_result[1] = pk12;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_x509_cert_new_result_index = 0;
+  fixed_tor_x509_cert_new_result[0] = NULL;
+  fixed_tor_x509_cert_new_result[1] = NULL;
+  fixed_tor_x509_cert_new_result[2] = NULL;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk13;
+  fixed_crypto_pk_new_result[1] = pk14;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_x509_cert_new_result_index = 0;
+  fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  fixed_tor_x509_cert_new_result[1] = NULL;
+  fixed_tor_x509_cert_new_result[2] = NULL;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk15;
+  fixed_crypto_pk_new_result[1] = pk16;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_x509_cert_new_result_index = 0;
+  fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  fixed_tor_x509_cert_new_result[2] = NULL;
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = pk17;
+  fixed_crypto_pk_new_result[1] = pk18;
+  fixed_crypto_pk_new_result[2] = NULL;
+  fixed_crypto_pk_generate_key_with_bits_result_index = 0;
+  fixed_tor_tls_create_certificate_result_index = 0;
+  fixed_tor_tls_create_certificate_result[0] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[1] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_tls_create_certificate_result[2] = tor_malloc_zero(sizeof(X509));
+  fixed_tor_x509_cert_new_result_index = 0;
+  fixed_tor_x509_cert_new_result[0] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  fixed_tor_x509_cert_new_result[1] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  fixed_tor_x509_cert_new_result[2] = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  ret = tor_tls_context_new(NULL, 0, 0, 0);
+  tt_assert(!ret);
+
+ done:
+  UNMOCK(tor_x509_cert_new);
+  UNMOCK(tor_tls_create_certificate);
+  UNMOCK(crypto_pk_generate_key_with_bits);
+  UNMOCK(crypto_pk_new);
+}
+#endif
+
+static int fixed_crypto_pk_get_evp_pkey_result_index = 0;
+static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5];
+
+static EVP_PKEY *
+fixed_crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private)
+{
+  (void) env;
+  (void) private;
+  return fixed_crypto_pk_get_evp_pkey_result[
+                               fixed_crypto_pk_get_evp_pkey_result_index++];
+}
+
+static void
+test_tortls_create_certificate(void *ignored)
+{
+  (void)ignored;
+  X509 *ret;
+  crypto_pk_t *pk1, *pk2;
+
+  pk1 = crypto_pk_new();
+  pk2 = crypto_pk_new();
+
+  MOCK(crypto_pk_get_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
+  fixed_crypto_pk_get_evp_pkey_result_index = 0;
+  fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
+  ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_get_evp_pkey_result_index = 0;
+  fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
+  fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
+  ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
+  tt_assert(!ret);
+
+  fixed_crypto_pk_get_evp_pkey_result_index = 0;
+  fixed_crypto_pk_get_evp_pkey_result[0] = EVP_PKEY_new();
+  fixed_crypto_pk_get_evp_pkey_result[1] = EVP_PKEY_new();
+  ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
+  tt_assert(!ret);
+
+ done:
+  UNMOCK(crypto_pk_get_evp_pkey_);
+  crypto_pk_free(pk1);
+  crypto_pk_free(pk2);
+}
+
+static void
+test_tortls_cert_new(void *ignored)
+{
+  (void)ignored;
+  tor_x509_cert_t *ret;
+  X509 *cert = read_cert_from(validCertString);
+
+  ret = tor_x509_cert_new(NULL);
+  tt_assert(!ret);
+
+  ret = tor_x509_cert_new(cert);
+  tt_assert(ret);
+  tor_x509_cert_free(ret);
+  ret = NULL;
+
+#if 0
+  cert = read_cert_from(validCertString);
+  /* XXX this doesn't do what you think: it alters a copy of the pubkey. */
+  X509_get_pubkey(cert)->type = EVP_PKEY_DSA;
+  ret = tor_x509_cert_new(cert);
+  tt_assert(ret);
+#endif
+
+#ifndef OPENSSL_OPAQUE
+  cert = read_cert_from(validCertString);
+  X509_CINF_free(cert->cert_info);
+  cert->cert_info = NULL;
+  ret = tor_x509_cert_new(cert);
+  tt_assert(ret);
+#endif
+
+ done:
+  tor_x509_cert_free(ret);
+}
+
+static void
+test_tortls_cert_is_valid(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_x509_cert_t *cert = NULL, *scert = NULL;
+
+  scert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
+  tt_int_op(ret, OP_EQ, 0);
+  tor_free(scert);
+  tor_free(cert);
+
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
+  tt_int_op(ret, OP_EQ, 1);
+
+#ifndef OPENSSL_OPAQUE
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  ASN1_TIME_free(cert->cert->cert_info->validity->notAfter);
+  cert->cert->cert_info->validity->notAfter =
+    ASN1_TIME_set(NULL, time(NULL)-1000000);
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
+  tt_int_op(ret, OP_EQ, 0);
+
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  X509_PUBKEY_free(cert->cert->cert_info->key);
+  cert->cert->cert_info->key = NULL;
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
+  tt_int_op(ret, OP_EQ, 0);
+#endif
+
+#if 0
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  /* This doesn't actually change the key in the cert. XXXXXX */
+  BN_one(EVP_PKEY_get1_RSA(X509_get_pubkey(cert->cert))->n);
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
+  tt_int_op(ret, OP_EQ, 0);
+
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  /* This doesn't actually change the key in the cert. XXXXXX */
+  X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1);
+  tt_int_op(ret, OP_EQ, 0);
+
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  /* This doesn't actually change the key in the cert. XXXXXX */
+  X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
+  tt_int_op(ret, OP_EQ, 1);
+
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+  cert = tor_x509_cert_new(read_cert_from(validCertString));
+  scert = tor_x509_cert_new(read_cert_from(caCertString));
+  /* This doesn't actually change the key in the cert. XXXXXX */
+  X509_get_pubkey(cert->cert)->type = EVP_PKEY_EC;
+  X509_get_pubkey(cert->cert)->ameth = NULL;
+  ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
+  tt_int_op(ret, OP_EQ, 0);
+#endif
+
+ done:
+  tor_x509_cert_free(cert);
+  tor_x509_cert_free(scert);
+}
+
+static void
+test_tortls_context_init_one(void *ignored)
+{
+  (void)ignored;
+  int ret;
+  tor_tls_context_t *old = NULL;
+
+  MOCK(crypto_pk_new, fixed_crypto_pk_new);
+
+  fixed_crypto_pk_new_result_index = 0;
+  fixed_crypto_pk_new_result[0] = NULL;
+  ret = tor_tls_context_init_one(&old, NULL, 0, 0, 0);
+  tt_int_op(ret, OP_EQ, -1);
+
+ done:
+  UNMOCK(crypto_pk_new);
+}
+
+#define LOCAL_TEST_CASE(name, flags)                    \
+  { #name, test_tortls_##name, (flags|TT_FORK), NULL, NULL }
+
+#ifdef OPENSSL_OPAQUE
+#define INTRUSIVE_TEST_CASE(name, flags)        \
+  { #name, NULL, TT_SKIP, NULL, NULL }
+#else
+#define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags)
+#endif
+
+struct testcase_t tortls_tests[] = {
+  LOCAL_TEST_CASE(errno_to_tls_error, 0),
+  LOCAL_TEST_CASE(err_to_string, 0),
+  LOCAL_TEST_CASE(tor_tls_new, TT_FORK),
+  LOCAL_TEST_CASE(tor_tls_get_error, 0),
+  LOCAL_TEST_CASE(get_state_description, TT_FORK),
+  LOCAL_TEST_CASE(get_by_ssl, TT_FORK),
+  LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK),
+  LOCAL_TEST_CASE(log_one_error, TT_FORK),
+  INTRUSIVE_TEST_CASE(get_error, TT_FORK),
+  LOCAL_TEST_CASE(always_accept_verify_cb, 0),
+  INTRUSIVE_TEST_CASE(x509_cert_free, 0),
+  LOCAL_TEST_CASE(x509_cert_get_id_digests, 0),
+  INTRUSIVE_TEST_CASE(cert_matches_key, 0),
+  INTRUSIVE_TEST_CASE(cert_get_key, 0),
+  LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK),
+  LOCAL_TEST_CASE(get_my_certs, TT_FORK),
+  INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0),
+  INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
+  LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
+  INTRUSIVE_TEST_CASE(verify, 0),
+  INTRUSIVE_TEST_CASE(check_lifetime, 0),
+  INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
+  LOCAL_TEST_CASE(get_forced_write_size, 0),
+  LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
+  LOCAL_TEST_CASE(used_v1_handshake, TT_FORK),
+  LOCAL_TEST_CASE(get_num_server_handshakes, 0),
+  LOCAL_TEST_CASE(server_got_renegotiate, 0),
+  INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
+  INTRUSIVE_TEST_CASE(get_tlssecrets, 0),
+  INTRUSIVE_TEST_CASE(get_buffer_sizes, 0),
+  LOCAL_TEST_CASE(evaluate_ecgroup_for_tls, 0),
+  INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0),
+  INTRUSIVE_TEST_CASE(get_peer_cert, 0),
+  INTRUSIVE_TEST_CASE(peer_has_cert, 0),
+  INTRUSIVE_TEST_CASE(shutdown, 0),
+  INTRUSIVE_TEST_CASE(finish_handshake, 0),
+  INTRUSIVE_TEST_CASE(handshake, 0),
+  INTRUSIVE_TEST_CASE(write, 0),
+  INTRUSIVE_TEST_CASE(read, 0),
+  INTRUSIVE_TEST_CASE(server_info_callback, 0),
+  LOCAL_TEST_CASE(is_server, 0),
+  INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
+  INTRUSIVE_TEST_CASE(block_renegotiation, 0),
+  INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
+  INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),
+  LOCAL_TEST_CASE(set_logged_address, 0),
+  INTRUSIVE_TEST_CASE(find_cipher_by_id, 0),
+  INTRUSIVE_TEST_CASE(session_secret_cb, 0),
+  INTRUSIVE_TEST_CASE(debug_state_callback, 0),
+  INTRUSIVE_TEST_CASE(context_new, 0),
+  LOCAL_TEST_CASE(create_certificate, 0),
+  LOCAL_TEST_CASE(cert_new, 0),
+  LOCAL_TEST_CASE(cert_is_valid, 0),
+  LOCAL_TEST_CASE(context_init_one, 0),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_util.c b/src/test/test_util.c
index 225fb790f9..d534cc0b52 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -1,27 +1,34 @@
 /* Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2013, The Tor Project, Inc. */
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
 #define COMPAT_PRIVATE
 #define CONTROL_PRIVATE
-#define MEMPOOL_PRIVATE
 #define UTIL_PRIVATE
 #include "or.h"
 #include "config.h"
 #include "control.h"
 #include "test.h"
-#ifdef ENABLE_MEMPOOLS
-#include "mempool.h"
-#endif /* ENABLE_MEMPOOLS */
 #include "memarea.h"
 #include "util_process.h"
 
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SYS_UTIME_H
+#include <sys/utime.h>
+#endif
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
 #ifdef _WIN32
 #include <tchar.h>
 #endif
 #include <math.h>
+#include <ctype.h>
+#include <float.h>
 
 /* XXXX this is a minimal wrapper to make the unit tests compile with the
  * changed tor_timegm interface. */
@@ -52,20 +59,20 @@ test_util_read_until_eof_impl(const char *fname, size_t file_len,
   crypto_rand(test_str, file_len);
 
   r = write_bytes_to_file(fifo_name, test_str, file_len, 1);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   fd = open(fifo_name, O_RDONLY|O_BINARY);
-  tt_int_op(fd, >=, 0);
+  tt_int_op(fd, OP_GE, 0);
   str = read_file_to_str_until_eof(fd, read_limit, &sz);
   tt_assert(str != NULL);
 
   if (read_limit < file_len)
-    tt_int_op(sz, ==, read_limit);
+    tt_int_op(sz, OP_EQ, read_limit);
   else
-    tt_int_op(sz, ==, file_len);
+    tt_int_op(sz, OP_EQ, file_len);
 
-  test_mem_op(test_str, ==, str, sz);
-  test_assert(str[sz] == '\0');
+  tt_mem_op(test_str, OP_EQ, str, sz);
+  tt_int_op(str[sz], OP_EQ, '\0');
 
  done:
   unlink(fifo_name);
@@ -87,6 +94,20 @@ test_util_read_file_eof_tiny_limit(void *arg)
 }
 
 static void
+test_util_read_file_eof_one_loop_a(void *arg)
+{
+  (void)arg;
+  test_util_read_until_eof_impl("tor_test_fifo_1ka", 1024, 1023);
+}
+
+static void
+test_util_read_file_eof_one_loop_b(void *arg)
+{
+  (void)arg;
+  test_util_read_until_eof_impl("tor_test_fifo_1kb", 1024, 1024);
+}
+
+static void
 test_util_read_file_eof_two_loops(void *arg)
 {
   (void)arg;
@@ -98,6 +119,14 @@ test_util_read_file_eof_two_loops(void *arg)
 }
 
 static void
+test_util_read_file_eof_two_loops_b(void *arg)
+{
+  (void)arg;
+
+  test_util_read_until_eof_impl("tor_test_fifo_2kb", 2048, 2048);
+}
+
+static void
 test_util_read_file_eof_zero_bytes(void *arg)
 {
   (void)arg;
@@ -145,17 +174,17 @@ test_util_write_chunks_to_file(void *arg)
 
   // write a known string to a file where the tempfile will be
   r = write_bytes_to_file(tempname, temp_str, temp_str_len, 1);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   // call write_chunks_to_file
   r = write_chunks_to_file(fname, chunks, 1, 0);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   // assert the file has been written (expected size)
   str = read_file_to_str(fname, RFTS_BIN, &st);
   tt_assert(str != NULL);
-  tt_u64_op((uint64_t)st.st_size, ==, data_str_len);
-  test_mem_op(data_str, ==, str, data_str_len);
+  tt_u64_op((uint64_t)st.st_size, OP_EQ, data_str_len);
+  tt_mem_op(data_str, OP_EQ, str, data_str_len);
   tor_free(str);
 
   // assert that the tempfile is removed (should not leave artifacts)
@@ -164,7 +193,7 @@ test_util_write_chunks_to_file(void *arg)
 
   // Remove old testfile for second test
   r = unlink(fname);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
   tor_free(fname);
   tor_free(tempname);
 
@@ -176,24 +205,24 @@ test_util_write_chunks_to_file(void *arg)
 
   // write a known string to a file where the tempfile will be
   r = write_bytes_to_file(tempname, temp_str, temp_str_len, 1);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   // call write_chunks_to_file with no_tempfile = true
   r = write_chunks_to_file(fname, chunks, 1, 1);
-  tt_int_op(r, ==, 0);
+  tt_int_op(r, OP_EQ, 0);
 
   // assert the file has been written (expected size)
   str = read_file_to_str(fname, RFTS_BIN, &st);
   tt_assert(str != NULL);
-  tt_u64_op((uint64_t)st.st_size, ==, data_str_len);
-  test_mem_op(data_str, ==, str, data_str_len);
+  tt_u64_op((uint64_t)st.st_size, OP_EQ, data_str_len);
+  tt_mem_op(data_str, OP_EQ, str, data_str_len);
   tor_free(str);
 
   // assert the tempfile still contains the known string
   str = read_file_to_str(tempname, RFTS_BIN, &st);
   tt_assert(str != NULL);
-  tt_u64_op((uint64_t)st.st_size, ==, temp_str_len);
-  test_mem_op(temp_str, ==, str, temp_str_len);
+  tt_u64_op((uint64_t)st.st_size, OP_EQ, temp_str_len);
+  tt_mem_op(temp_str, OP_EQ, str, temp_str_len);
 
  done:
   unlink(fname);
@@ -206,11 +235,24 @@ test_util_write_chunks_to_file(void *arg)
   tor_free(temp_str);
 }
 
+#define _TFE(a, b, f)  tt_int_op((a).f, OP_EQ, (b).f)
+/** test the minimum set of struct tm fields needed for a unique epoch value
+ * this is also the set we use to test tor_timegm */
+#define TM_EQUAL(a, b)           \
+          TT_STMT_BEGIN          \
+            _TFE(a, b, tm_year); \
+            _TFE(a, b, tm_mon ); \
+            _TFE(a, b, tm_mday); \
+            _TFE(a, b, tm_hour); \
+            _TFE(a, b, tm_min ); \
+            _TFE(a, b, tm_sec ); \
+          TT_STMT_END
+
 static void
-test_util_time(void)
+test_util_time(void *arg)
 {
   struct timeval start, end;
-  struct tm a_time;
+  struct tm a_time, b_time;
   char timestr[128];
   time_t t_res;
   int i;
@@ -218,117 +260,423 @@ test_util_time(void)
 
   /* Test tv_udiff */
 
+  (void)arg;
   start.tv_sec = 5;
   start.tv_usec = 5000;
 
   end.tv_sec = 5;
   end.tv_usec = 5000;
 
-  test_eq(0L, tv_udiff(&start, &end));
+  tt_int_op(0L,OP_EQ, tv_udiff(&start, &end));
 
   end.tv_usec = 7000;
 
-  test_eq(2000L, tv_udiff(&start, &end));
+  tt_int_op(2000L,OP_EQ, tv_udiff(&start, &end));
 
   end.tv_sec = 6;
 
-  test_eq(1002000L, tv_udiff(&start, &end));
+  tt_int_op(1002000L,OP_EQ, tv_udiff(&start, &end));
 
   end.tv_usec = 0;
 
-  test_eq(995000L, tv_udiff(&start, &end));
+  tt_int_op(995000L,OP_EQ, tv_udiff(&start, &end));
 
   end.tv_sec = 4;
 
-  test_eq(-1005000L, tv_udiff(&start, &end));
+  tt_int_op(-1005000L,OP_EQ, tv_udiff(&start, &end));
 
-  /* Test tor_timegm */
+  /* Test tor_timegm & tor_gmtime_r */
 
   /* The test values here are confirmed to be correct on a platform
-   * with a working timegm. */
+   * with a working timegm & gmtime_r. */
+
+  /* Start with known-zero a_time and b_time.
+   * This avoids passing uninitialised values to TM_EQUAL in a_time.
+   * Zeroing may not be needed for b_time, as long as tor_gmtime_r
+   * never reads the existing values in the structure.
+   * But we really don't want intermittently failing tests. */
+  memset(&a_time, 0, sizeof(struct tm));
+  memset(&b_time, 0, sizeof(struct tm));
+
   a_time.tm_year = 2003-1900;
   a_time.tm_mon = 7;
   a_time.tm_mday = 30;
   a_time.tm_hour = 6;
   a_time.tm_min = 14;
   a_time.tm_sec = 55;
-  test_eq((time_t) 1062224095UL, tor_timegm(&a_time));
+  t_res = 1062224095UL;
+  tt_int_op(t_res, OP_EQ, tor_timegm(&a_time));
+  tor_gmtime_r(&t_res, &b_time);
+  TM_EQUAL(a_time, b_time);
+
   a_time.tm_year = 2004-1900; /* Try a leap year, after feb. */
-  test_eq((time_t) 1093846495UL, tor_timegm(&a_time));
+  t_res = 1093846495UL;
+  tt_int_op(t_res, OP_EQ, tor_timegm(&a_time));
+  tor_gmtime_r(&t_res, &b_time);
+  TM_EQUAL(a_time, b_time);
+
   a_time.tm_mon = 1;          /* Try a leap year, in feb. */
   a_time.tm_mday = 10;
-  test_eq((time_t) 1076393695UL, tor_timegm(&a_time));
+  t_res = 1076393695UL;
+  tt_int_op(t_res, OP_EQ, tor_timegm(&a_time));
+  tor_gmtime_r(&t_res, &b_time);
+  TM_EQUAL(a_time, b_time);
+
   a_time.tm_mon = 0;
-  a_time.tm_mday = 10;
-  test_eq((time_t) 1073715295UL, tor_timegm(&a_time));
+  t_res = 1073715295UL;
+  tt_int_op(t_res, OP_EQ, tor_timegm(&a_time));
+  tor_gmtime_r(&t_res, &b_time);
+  TM_EQUAL(a_time, b_time);
+
+  /* This value is in range with 32 bit and 64 bit time_t */
+  a_time.tm_year = 2037-1900;
+  t_res = 2115180895UL;
+  tt_int_op(t_res, OP_EQ, tor_timegm(&a_time));
+  tor_gmtime_r(&t_res, &b_time);
+  TM_EQUAL(a_time, b_time);
+
+  /* This value is out of range with 32 bit time_t, but in range for 64 bit
+   * time_t */
+  a_time.tm_year = 2039-1900;
+#if SIZEOF_TIME_T == 4
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+#elif SIZEOF_TIME_T == 8
+  t_res = 2178252895UL;
+  tt_int_op(t_res, OP_EQ, tor_timegm(&a_time));
+  tor_gmtime_r(&t_res, &b_time);
+  TM_EQUAL(a_time, b_time);
+#endif
+
+  /* Test tor_timegm out of range */
+
+  /* year */
+
+  /* Wrong year < 1970 */
+  a_time.tm_year = 1969-1900;
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_year = -1-1900;
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+#if SIZEOF_INT == 4 || SIZEOF_INT == 8
+    a_time.tm_year = -1*(1 << 16);
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    /* one of the smallest tm_year values my 64 bit system supports:
+     * t_res = -9223372036854775LL without clamping */
+    a_time.tm_year = -292275055-1900;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    a_time.tm_year = INT32_MIN;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+#endif
+
+#if SIZEOF_INT == 8
+    a_time.tm_year = -1*(1 << 48);
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    /* while unlikely, the system's gmtime(_r) could return
+     * a "correct" retrospective gregorian negative year value,
+     * which I'm pretty sure is:
+     * -1*(2^63)/60/60/24*2000/730485 + 1970 = -292277022657
+     * 730485 is the number of days in two millenia, including leap days */
+    a_time.tm_year = -292277022657-1900;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    a_time.tm_year = INT64_MIN;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+#endif
+
+  /* Wrong year >= INT32_MAX - 1900 */
+#if SIZEOF_INT == 4 || SIZEOF_INT == 8
+    a_time.tm_year = INT32_MAX-1900;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    a_time.tm_year = INT32_MAX;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+#endif
+
+#if SIZEOF_INT == 8
+    /* one of the largest tm_year values my 64 bit system supports */
+    a_time.tm_year = 292278994-1900;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    /* while unlikely, the system's gmtime(_r) could return
+     * a "correct" proleptic gregorian year value,
+     * which I'm pretty sure is:
+     * (2^63-1)/60/60/24*2000/730485 + 1970 = 292277026596
+     * 730485 is the number of days in two millenia, including leap days */
+    a_time.tm_year = 292277026596-1900;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    a_time.tm_year = INT64_MAX-1900;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+    a_time.tm_year = INT64_MAX;
+    tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+#endif
+
+  /* month */
+  a_time.tm_year = 2007-1900;  /* restore valid year */
+
   a_time.tm_mon = 12;          /* Wrong month, it's 0-based */
-  a_time.tm_mday = 10;
-  test_eq((time_t) -1, tor_timegm(&a_time));
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
   a_time.tm_mon = -1;          /* Wrong month */
-  a_time.tm_mday = 10;
-  test_eq((time_t) -1, tor_timegm(&a_time));
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  /* day */
+  a_time.tm_mon = 6;            /* Try July */
+  a_time.tm_mday = 32;          /* Wrong day */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_mon = 5;            /* Try June */
+  a_time.tm_mday = 31;          /* Wrong day */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_year = 2008-1900;   /* Try a leap year */
+  a_time.tm_mon = 1;            /* in feb. */
+  a_time.tm_mday = 30;          /* Wrong day */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_year = 2011-1900;   /* Try a non-leap year */
+  a_time.tm_mon = 1;            /* in feb. */
+  a_time.tm_mday = 29;          /* Wrong day */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_mday = 0;           /* Wrong day, it's 1-based (to be different) */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  /* hour */
+  a_time.tm_mday = 3;           /* restore valid month day */
+
+  a_time.tm_hour = 24;          /* Wrong hour, it's 0-based */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_hour = -1;          /* Wrong hour */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  /* minute */
+  a_time.tm_hour = 22;          /* restore valid hour */
+
+  a_time.tm_min = 60;           /* Wrong minute, it's 0-based */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_min = -1;           /* Wrong minute */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  /* second */
+  a_time.tm_min = 37;           /* restore valid minute */
+
+  a_time.tm_sec = 61;           /* Wrong second: 0-based with leap seconds */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  a_time.tm_sec = -1;           /* Wrong second */
+  tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time));
+
+  /* Test tor_gmtime_r out of range */
+
+  /* time_t < 0 yields a year clamped to 1 or 1970,
+   * depending on whether the implementation of the system gmtime(_r)
+   * sets struct tm (1) or not (1970) */
+  t_res = -1;
+  tor_gmtime_r(&t_res, &b_time);
+  tt_assert(b_time.tm_year == (1970-1900) ||
+            b_time.tm_year == (1969-1900));
+
+  if (sizeof(time_t) == 4 || sizeof(time_t) == 8) {
+    t_res = -1*(1 << 30);
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (1970-1900) ||
+              b_time.tm_year == (1935-1900));
+
+    t_res = INT32_MIN;
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (1970-1900) ||
+              b_time.tm_year == (1901-1900));
+  }
+
+#if SIZEOF_TIME_T == 8
+  {
+    /* one of the smallest tm_year values my 64 bit system supports:
+     * b_time.tm_year == (-292275055LL-1900LL) without clamping */
+    t_res = -9223372036854775LL;
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (1970-1900) ||
+              b_time.tm_year == (1-1900));
+
+    /* while unlikely, the system's gmtime(_r) could return
+     * a "correct" retrospective gregorian negative year value,
+     * which I'm pretty sure is:
+     * -1*(2^63)/60/60/24*2000/730485 + 1970 = -292277022657
+     * 730485 is the number of days in two millenia, including leap days
+     * (int64_t)b_time.tm_year == (-292277022657LL-1900LL) without clamping */
+    t_res = INT64_MIN;
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (1970-1900) ||
+              b_time.tm_year == (1-1900));
+  }
+#endif
+
+  /* time_t >= INT_MAX yields a year clamped to 2037 or 9999,
+   * depending on whether the implementation of the system gmtime(_r)
+   * sets struct tm (9999) or not (2037) */
+#if SIZEOF_TIME_T == 4 || SIZEOF_TIME_T == 8
+  {
+    t_res = 3*(1 << 29);
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (2021-1900));
+
+    t_res = INT32_MAX;
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (2037-1900) ||
+              b_time.tm_year == (2038-1900));
+  }
+#endif
+
+#if SIZEOF_TIME_T == 8
+  {
+    /* one of the largest tm_year values my 64 bit system supports:
+     * b_time.tm_year == (292278994L-1900L) without clamping */
+    t_res = 9223372036854775LL;
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (2037-1900) ||
+              b_time.tm_year == (9999-1900));
+
+    /* while unlikely, the system's gmtime(_r) could return
+     * a "correct" proleptic gregorian year value,
+     * which I'm pretty sure is:
+     * (2^63-1)/60/60/24*2000/730485 + 1970 = 292277026596
+     * 730485 is the number of days in two millenia, including leap days
+     * (int64_t)b_time.tm_year == (292277026596L-1900L) without clamping */
+    t_res = INT64_MAX;
+    tor_gmtime_r(&t_res, &b_time);
+    tt_assert(b_time.tm_year == (2037-1900) ||
+              b_time.tm_year == (9999-1900));
+  }
+#endif
 
   /* Test {format,parse}_rfc1123_time */
 
   format_rfc1123_time(timestr, 0);
-  test_streq("Thu, 01 Jan 1970 00:00:00 GMT", timestr);
+  tt_str_op("Thu, 01 Jan 1970 00:00:00 GMT",OP_EQ, timestr);
   format_rfc1123_time(timestr, (time_t)1091580502UL);
-  test_streq("Wed, 04 Aug 2004 00:48:22 GMT", timestr);
+  tt_str_op("Wed, 04 Aug 2004 00:48:22 GMT",OP_EQ, timestr);
 
   t_res = 0;
   i = parse_rfc1123_time(timestr, &t_res);
-  test_eq(0,i);
-  test_eq(t_res, (time_t)1091580502UL);
-  /* The timezone doesn't matter */
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)1091580502UL);
+
+  /* This value is in range with 32 bit and 64 bit time_t */
+  format_rfc1123_time(timestr, (time_t)2080000000UL);
+  tt_str_op("Fri, 30 Nov 2035 01:46:40 GMT",OP_EQ, timestr);
+
   t_res = 0;
-  test_eq(0, parse_rfc1123_time("Wed, 04 Aug 2004 00:48:22 ZUL", &t_res));
-  test_eq(t_res, (time_t)1091580502UL);
-  test_eq(-1, parse_rfc1123_time("Wed, zz Aug 2004 99-99x99 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 32 Mar 2011 00:00:00 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Mar 2011 24:00:00 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Mar 2011 23:60:00 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Mar 2011 23:59:62 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Mar 1969 23:59:59 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Ene 2011 23:59:59 GMT", &t_res));
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Mar 2011 23:59:59 GM", &t_res));
+  i = parse_rfc1123_time(timestr, &t_res);
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)2080000000UL);
 
+  /* This value is out of range with 32 bit time_t, but in range for 64 bit
+   * time_t */
+  format_rfc1123_time(timestr, (time_t)2150000000UL);
+#if SIZEOF_TIME_T == 4
 #if 0
-  /* This fails, I imagine it's important and should be fixed? */
-  test_eq(-1, parse_rfc1123_time("Wed, 29 Feb 2011 16:00:00 GMT", &t_res));
-  /* Why is this string valid (ie. the test fails because it doesn't
-     return -1)? */
-  test_eq(-1, parse_rfc1123_time("Wed, 30 Mar 2011 23:59:61 GMT", &t_res));
+  /* Wrapping around will have made it this. */
+  /* On windows, at least, this is clipped to 1 Jan 1970. ??? */
+  tt_str_op("Sat, 11 Jan 1902 23:45:04 GMT",OP_EQ, timestr);
 #endif
+  /* Make sure that the right date doesn't parse. */
+  strlcpy(timestr, "Wed, 17 Feb 2038 06:13:20 GMT", sizeof(timestr));
+
+  t_res = 0;
+  i = parse_rfc1123_time(timestr, &t_res);
+  tt_int_op(-1,OP_EQ, i);
+#elif SIZEOF_TIME_T == 8
+  tt_str_op("Wed, 17 Feb 2038 06:13:20 GMT",OP_EQ, timestr);
+
+  t_res = 0;
+  i = parse_rfc1123_time(timestr, &t_res);
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)2150000000UL);
+#endif
+
+  /* The timezone doesn't matter */
+  t_res = 0;
+  tt_int_op(0,OP_EQ,
+            parse_rfc1123_time("Wed, 04 Aug 2004 00:48:22 ZUL", &t_res));
+  tt_int_op(t_res,OP_EQ, (time_t)1091580502UL);
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, zz Aug 2004 99-99x99 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 32 Mar 2011 00:00:00 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Mar 2011 24:00:00 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Mar 2011 23:60:00 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Mar 2011 23:59:62 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Mar 1969 23:59:59 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Ene 2011 23:59:59 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Mar 2011 23:59:59 GM", &t_res));
+
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 29 Feb 2011 16:00:00 GMT", &t_res));
+  tt_int_op(-1,OP_EQ,
+            parse_rfc1123_time("Wed, 30 Mar 2011 23:59:61 GMT", &t_res));
 
   /* Test parse_iso_time */
 
   t_res = 0;
   i = parse_iso_time("", &t_res);
-  test_eq(-1, i);
+  tt_int_op(-1,OP_EQ, i);
   t_res = 0;
   i = parse_iso_time("2004-08-32 00:48:22", &t_res);
-  test_eq(-1, i);
+  tt_int_op(-1,OP_EQ, i);
   t_res = 0;
   i = parse_iso_time("1969-08-03 00:48:22", &t_res);
-  test_eq(-1, i);
+  tt_int_op(-1,OP_EQ, i);
 
   t_res = 0;
   i = parse_iso_time("2004-08-04 00:48:22", &t_res);
-  test_eq(0,i);
-  test_eq(t_res, (time_t)1091580502UL);
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)1091580502UL);
   t_res = 0;
   i = parse_iso_time("2004-8-4 0:48:22", &t_res);
-  test_eq(0, i);
-  test_eq(t_res, (time_t)1091580502UL);
-  test_eq(-1, parse_iso_time("2004-08-zz 99-99x99 GMT", &t_res));
-  test_eq(-1, parse_iso_time("2011-03-32 00:00:00 GMT", &t_res));
-  test_eq(-1, parse_iso_time("2011-03-30 24:00:00 GMT", &t_res));
-  test_eq(-1, parse_iso_time("2011-03-30 23:60:00 GMT", &t_res));
-  test_eq(-1, parse_iso_time("2011-03-30 23:59:62 GMT", &t_res));
-  test_eq(-1, parse_iso_time("1969-03-30 23:59:59 GMT", &t_res));
-  test_eq(-1, parse_iso_time("2011-00-30 23:59:59 GMT", &t_res));
-  test_eq(-1, parse_iso_time("2147483647-08-29 14:00:00", &t_res));
-  test_eq(-1, parse_iso_time("2011-03-30 23:59", &t_res));
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)1091580502UL);
+
+  /* This value is in range with 32 bit and 64 bit time_t */
+  t_res = 0;
+  i = parse_iso_time("2035-11-30 01:46:40", &t_res);
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)2080000000UL);
+
+  /* This value is out of range with 32 bit time_t, but in range for 64 bit
+   * time_t */
+  t_res = 0;
+  i = parse_iso_time("2038-02-17 06:13:20", &t_res);
+#if SIZEOF_TIME_T == 4
+  tt_int_op(-1,OP_EQ, i);
+#elif SIZEOF_TIME_T == 8
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(t_res,OP_EQ, (time_t)2150000000UL);
+#endif
+
+  tt_int_op(-1,OP_EQ, parse_iso_time("2004-08-zz 99-99x99", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2011-03-32 00:00:00", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2011-03-30 24:00:00", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2011-03-30 23:60:00", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2011-03-30 23:59:62", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("1969-03-30 23:59:59", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2011-00-30 23:59:59", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2147483647-08-29 14:00:00", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2011-03-30 23:59", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2004-08-04 00:48:22.100", &t_res));
+  tt_int_op(-1,OP_EQ, parse_iso_time("2004-08-04 00:48:22XYZ", &t_res));
 
   /* Test tor_gettimeofday */
 
@@ -341,14 +689,14 @@ test_util_time(void)
   /* now make sure time works. */
   tor_gettimeofday(&end);
   /* We might've timewarped a little. */
-  tt_int_op(tv_udiff(&start, &end), >=, -5000);
+  tt_int_op(tv_udiff(&start, &end), OP_GE, -5000);
 
   /* Test format_iso_time */
 
-  tv.tv_sec = (time_t)1326296338;
+  tv.tv_sec = (time_t)1326296338UL;
   tv.tv_usec = 3060;
   format_iso_time(timestr, (time_t)tv.tv_sec);
-  test_streq("2012-01-11 15:38:58", timestr);
+  tt_str_op("2012-01-11 15:38:58",OP_EQ, timestr);
   /* The output of format_local_iso_time will vary by timezone, and setting
      our timezone for testing purposes would be a nontrivial flaky pain.
      Skip this test for now.
@@ -356,11 +704,33 @@ test_util_time(void)
   test_streq("2012-01-11 10:38:58", timestr);
   */
   format_iso_time_nospace(timestr, (time_t)tv.tv_sec);
-  test_streq("2012-01-11T15:38:58", timestr);
-  test_eq(strlen(timestr), ISO_TIME_LEN);
+  tt_str_op("2012-01-11T15:38:58",OP_EQ, timestr);
+  tt_int_op(strlen(timestr),OP_EQ, ISO_TIME_LEN);
   format_iso_time_nospace_usec(timestr, &tv);
-  test_streq("2012-01-11T15:38:58.003060", timestr);
-  test_eq(strlen(timestr), ISO_TIME_USEC_LEN);
+  tt_str_op("2012-01-11T15:38:58.003060",OP_EQ, timestr);
+  tt_int_op(strlen(timestr),OP_EQ, ISO_TIME_USEC_LEN);
+
+  tv.tv_usec = 0;
+  /* This value is in range with 32 bit and 64 bit time_t */
+  tv.tv_sec = (time_t)2080000000UL;
+  format_iso_time(timestr, (time_t)tv.tv_sec);
+  tt_str_op("2035-11-30 01:46:40",OP_EQ, timestr);
+
+  /* This value is out of range with 32 bit time_t, but in range for 64 bit
+   * time_t */
+  tv.tv_sec = (time_t)2150000000UL;
+  format_iso_time(timestr, (time_t)tv.tv_sec);
+#if SIZEOF_TIME_T == 4
+  /* format_iso_time should indicate failure on overflow, but it doesn't yet.
+   * Hopefully #18480 will improve the failure semantics in this case.
+   tt_str_op("2038-02-17 06:13:20",OP_EQ, timestr);
+   */
+#elif SIZEOF_TIME_T == 8
+#ifndef _WIN32
+  /* This SHOULD work on windows too; see bug #18665 */
+  tt_str_op("2038-02-17 06:13:20",OP_EQ, timestr);
+#endif
+#endif
 
  done:
   ;
@@ -375,61 +745,93 @@ test_util_parse_http_time(void *arg)
 
 #define T(s) do {                               \
     format_iso_time(b, tor_timegm(&a_time));    \
-    tt_str_op(b, ==, (s));                      \
+    tt_str_op(b, OP_EQ, (s));                      \
     b[0]='\0';                                  \
   } while (0)
 
   /* Test parse_http_time */
 
-  test_eq(-1, parse_http_time("", &a_time));
-  test_eq(-1, parse_http_time("Sunday, 32 Aug 2004 00:48:22 GMT", &a_time));
-  test_eq(-1, parse_http_time("Sunday, 3 Aug 1869 00:48:22 GMT", &a_time));
-  test_eq(-1, parse_http_time("Sunday, 32-Aug-94 00:48:22 GMT", &a_time));
-  test_eq(-1, parse_http_time("Sunday, 3-Ago-04 00:48:22", &a_time));
-  test_eq(-1, parse_http_time("Sunday, August the third", &a_time));
-  test_eq(-1, parse_http_time("Wednesday,,04 Aug 1994 00:48:22 GMT", &a_time));
-
-  test_eq(0, parse_http_time("Wednesday, 04 Aug 1994 00:48:22 GMT", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("", &a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("Sunday, 32 Aug 2004 00:48:22 GMT", &a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("Sunday, 3 Aug 1869 00:48:22 GMT", &a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("Sunday, 32-Aug-94 00:48:22 GMT", &a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("Sunday, 3-Ago-04 00:48:22", &a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("Sunday, August the third", &a_time));
+  tt_int_op(-1,OP_EQ,
+            parse_http_time("Wednesday,,04 Aug 1994 00:48:22 GMT", &a_time));
+
+  tt_int_op(0,OP_EQ,
+            parse_http_time("Wednesday, 04 Aug 1994 00:48:22 GMT", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Wednesday, 4 Aug 1994 0:48:22 GMT", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,
+            parse_http_time("Wednesday, 4 Aug 1994 0:48:22 GMT", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Miercoles, 4 Aug 1994 0:48:22 GMT", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,
+            parse_http_time("Miercoles, 4 Aug 1994 0:48:22 GMT", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Wednesday, 04-Aug-94 00:48:22 GMT", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,
+            parse_http_time("Wednesday, 04-Aug-94 00:48:22 GMT", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Wednesday, 4-Aug-94 0:48:22 GMT", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,
+            parse_http_time("Wednesday, 4-Aug-94 0:48:22 GMT", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Miercoles, 4-Aug-94 0:48:22 GMT", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,
+            parse_http_time("Miercoles, 4-Aug-94 0:48:22 GMT", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Wed Aug 04 00:48:22 1994", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ, parse_http_time("Wed Aug 04 00:48:22 1994", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Wed Aug 4 0:48:22 1994", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ, parse_http_time("Wed Aug 4 0:48:22 1994", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Mie Aug 4 0:48:22 1994", &a_time));
-  test_eq((time_t)775961302UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ, parse_http_time("Mie Aug 4 0:48:22 1994", &a_time));
+  tt_int_op((time_t)775961302UL,OP_EQ, tor_timegm(&a_time));
   T("1994-08-04 00:48:22");
-  test_eq(0, parse_http_time("Sun, 1 Jan 2012 00:00:00 GMT", &a_time));
-  test_eq((time_t)1325376000UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,parse_http_time("Sun, 1 Jan 2012 00:00:00 GMT", &a_time));
+  tt_int_op((time_t)1325376000UL,OP_EQ, tor_timegm(&a_time));
   T("2012-01-01 00:00:00");
-  test_eq(0, parse_http_time("Mon, 31 Dec 2012 00:00:00 GMT", &a_time));
-  test_eq((time_t)1356912000UL, tor_timegm(&a_time));
+  tt_int_op(0,OP_EQ,parse_http_time("Mon, 31 Dec 2012 00:00:00 GMT", &a_time));
+  tt_int_op((time_t)1356912000UL,OP_EQ, tor_timegm(&a_time));
   T("2012-12-31 00:00:00");
-  test_eq(-1, parse_http_time("2004-08-zz 99-99x99 GMT", &a_time));
-  test_eq(-1, parse_http_time("2011-03-32 00:00:00 GMT", &a_time));
-  test_eq(-1, parse_http_time("2011-03-30 24:00:00 GMT", &a_time));
-  test_eq(-1, parse_http_time("2011-03-30 23:60:00 GMT", &a_time));
-  test_eq(-1, parse_http_time("2011-03-30 23:59:62 GMT", &a_time));
-  test_eq(-1, parse_http_time("1969-03-30 23:59:59 GMT", &a_time));
-  test_eq(-1, parse_http_time("2011-00-30 23:59:59 GMT", &a_time));
-  test_eq(-1, parse_http_time("2011-03-30 23:59", &a_time));
+
+  /* This value is in range with 32 bit and 64 bit time_t */
+  tt_int_op(0,OP_EQ,parse_http_time("Fri, 30 Nov 2035 01:46:40 GMT", &a_time));
+  tt_int_op((time_t)2080000000UL,OP_EQ, tor_timegm(&a_time));
+  T("2035-11-30 01:46:40");
+
+  /* This value is out of range with 32 bit time_t, but in range for 64 bit
+   * time_t */
+#if SIZEOF_TIME_T == 4
+  /* parse_http_time should indicate failure on overflow, but it doesn't yet.
+   * Hopefully #18480 will improve the failure semantics in this case. */
+  tt_int_op(0,OP_EQ,parse_http_time("Wed, 17 Feb 2038 06:13:20 GMT", &a_time));
+  tt_int_op((time_t)-1,OP_EQ, tor_timegm(&a_time));
+#elif SIZEOF_TIME_T == 8
+  tt_int_op(0,OP_EQ,parse_http_time("Wed, 17 Feb 2038 06:13:20 GMT", &a_time));
+  tt_int_op((time_t)2150000000UL,OP_EQ, tor_timegm(&a_time));
+  T("2038-02-17 06:13:20");
+#endif
+
+  tt_int_op(-1,OP_EQ, parse_http_time("2004-08-zz 99-99x99 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("2011-03-32 00:00:00 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("2011-03-30 24:00:00 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("2011-03-30 23:60:00 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("2011-03-30 23:59:62 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("1969-03-30 23:59:59 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("2011-00-30 23:59:59 GMT", &a_time));
+  tt_int_op(-1,OP_EQ, parse_http_time("2011-03-30 23:59", &a_time));
 
 #undef T
  done:
@@ -437,13 +839,14 @@ test_util_parse_http_time(void *arg)
 }
 
 static void
-test_util_config_line(void)
+test_util_config_line(void *arg)
 {
   char buf[1024];
   char *k=NULL, *v=NULL;
   const char *str;
 
   /* Test parse_config_line_from_str */
+  (void)arg;
   strlcpy(buf, "k v\n" " key    value with spaces   \n" "keykey val\n"
           "k2\n"
           "k3 \n" "\n" "   \n" "#comment\n"
@@ -463,110 +866,110 @@ test_util_config_line(void)
   str = buf;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k");
-  test_streq(v, "v");
+  tt_str_op(k,OP_EQ, "k");
+  tt_str_op(v,OP_EQ, "v");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "key    value with"));
+  tt_assert(!strcmpstart(str, "key    value with"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "key");
-  test_streq(v, "value with spaces");
+  tt_str_op(k,OP_EQ, "key");
+  tt_str_op(v,OP_EQ, "value with spaces");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "keykey"));
+  tt_assert(!strcmpstart(str, "keykey"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "keykey");
-  test_streq(v, "val");
+  tt_str_op(k,OP_EQ, "keykey");
+  tt_str_op(v,OP_EQ, "val");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "k2\n"));
+  tt_assert(!strcmpstart(str, "k2\n"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k2");
-  test_streq(v, "");
+  tt_str_op(k,OP_EQ, "k2");
+  tt_str_op(v,OP_EQ, "");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "k3 \n"));
+  tt_assert(!strcmpstart(str, "k3 \n"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k3");
-  test_streq(v, "");
+  tt_str_op(k,OP_EQ, "k3");
+  tt_str_op(v,OP_EQ, "");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "#comment"));
+  tt_assert(!strcmpstart(str, "#comment"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k4");
-  test_streq(v, "");
+  tt_str_op(k,OP_EQ, "k4");
+  tt_str_op(v,OP_EQ, "");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "k5#abc"));
+  tt_assert(!strcmpstart(str, "k5#abc"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k5");
-  test_streq(v, "");
+  tt_str_op(k,OP_EQ, "k5");
+  tt_str_op(v,OP_EQ, "");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "k6"));
+  tt_assert(!strcmpstart(str, "k6"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k6");
-  test_streq(v, "val");
+  tt_str_op(k,OP_EQ, "k6");
+  tt_str_op(v,OP_EQ, "val");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "kseven"));
+  tt_assert(!strcmpstart(str, "kseven"));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "kseven");
-  test_streq(v, "a quoted \'string");
+  tt_str_op(k,OP_EQ, "kseven");
+  tt_str_op(v,OP_EQ, "a quoted \'string");
   tor_free(k); tor_free(v);
-  test_assert(!strcmpstart(str, "k8 "));
+  tt_assert(!strcmpstart(str, "k8 "));
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k8");
-  test_streq(v, "a quoted\n\"str\\ing\t\x01\x01\x01\"");
+  tt_str_op(k,OP_EQ, "k8");
+  tt_str_op(v,OP_EQ, "a quoted\n\"str\\ing\t\x01\x01\x01\"");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k9");
-  test_streq(v, "a line that spans two lines.");
+  tt_str_op(k,OP_EQ, "k9");
+  tt_str_op(v,OP_EQ, "a line that spans two lines.");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k10");
-  test_streq(v, "more than one continuation");
+  tt_str_op(k,OP_EQ, "k10");
+  tt_str_op(v,OP_EQ, "more than one continuation");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k11");
-  test_streq(v, "continuation at the start");
+  tt_str_op(k,OP_EQ, "k11");
+  tt_str_op(v,OP_EQ, "continuation at the start");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k12");
-  test_streq(v, "line with a embedded");
+  tt_str_op(k,OP_EQ, "k12");
+  tt_str_op(v,OP_EQ, "line with a embedded");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k13");
-  test_streq(v, "continuation at the very start");
+  tt_str_op(k,OP_EQ, "k13");
+  tt_str_op(v,OP_EQ, "continuation at the very start");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k14");
-  test_streq(v, "a line that has a comment and" );
+  tt_str_op(k,OP_EQ, "k14");
+  tt_str_op(v,OP_EQ, "a line that has a comment and" );
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k15");
-  test_streq(v, "this should be the next new line");
+  tt_str_op(k,OP_EQ, "k15");
+  tt_str_op(v,OP_EQ, "this should be the next new line");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k16");
-  test_streq(v, "a line that has a comment and" );
+  tt_str_op(k,OP_EQ, "k16");
+  tt_str_op(v,OP_EQ, "a line that has a comment and" );
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k17");
-  test_streq(v, "this should be the next new line");
+  tt_str_op(k,OP_EQ, "k17");
+  tt_str_op(v,OP_EQ, "this should be the next new line");
   tor_free(k); tor_free(v);
 
-  test_streq(str, "");
+  tt_str_op(str,OP_EQ, "");
 
  done:
   tor_free(k);
@@ -574,7 +977,7 @@ test_util_config_line(void)
 }
 
 static void
-test_util_config_line_quotes(void)
+test_util_config_line_quotes(void *arg)
 {
   char buf1[1024];
   char buf2[128];
@@ -584,6 +987,7 @@ test_util_config_line_quotes(void)
   const char *str;
 
   /* Test parse_config_line_from_str */
+  (void)arg;
   strlcpy(buf1, "kTrailingSpace \"quoted value\"   \n"
           "kTrailingGarbage \"quoted value\"trailing garbage\n"
           , sizeof(buf1));
@@ -596,30 +1000,30 @@ test_util_config_line_quotes(void)
   str = buf1;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "kTrailingSpace");
-  test_streq(v, "quoted value");
+  tt_str_op(k,OP_EQ, "kTrailingSpace");
+  tt_str_op(v,OP_EQ, "quoted value");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
   str = buf2;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
   str = buf3;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
   str = buf4;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
  done:
@@ -628,13 +1032,14 @@ test_util_config_line_quotes(void)
 }
 
 static void
-test_util_config_line_comment_character(void)
+test_util_config_line_comment_character(void *arg)
 {
   char buf[1024];
   char *k=NULL, *v=NULL;
   const char *str;
 
   /* Test parse_config_line_from_str */
+  (void)arg;
   strlcpy(buf, "k1 \"# in quotes\"\n"
           "k2 some value    # some comment\n"
           "k3 /home/user/myTorNetwork#2\n"    /* Testcase for #1323 */
@@ -642,16 +1047,16 @@ test_util_config_line_comment_character(void)
   str = buf;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k1");
-  test_streq(v, "# in quotes");
+  tt_str_op(k,OP_EQ, "k1");
+  tt_str_op(v,OP_EQ, "# in quotes");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "k2");
-  test_streq(v, "some value");
+  tt_str_op(k,OP_EQ, "k2");
+  tt_str_op(v,OP_EQ, "some value");
   tor_free(k); tor_free(v);
 
-  test_streq(str, "k3 /home/user/myTorNetwork#2\n");
+  tt_str_op(str,OP_EQ, "k3 /home/user/myTorNetwork#2\n");
 
 #if 0
   str = parse_config_line_from_str(str, &k, &v);
@@ -668,7 +1073,7 @@ test_util_config_line_comment_character(void)
 }
 
 static void
-test_util_config_line_escaped_content(void)
+test_util_config_line_escaped_content(void *arg)
 {
   char buf1[1024];
   char buf2[128];
@@ -680,6 +1085,7 @@ test_util_config_line_escaped_content(void)
   const char *str;
 
   /* Test parse_config_line_from_str */
+  (void)arg;
   strlcpy(buf1, "HexadecimalLower \"\\x2a\"\n"
           "HexadecimalUpper \"\\x2A\"\n"
           "HexadecimalUpperX \"\\X2A\"\n"
@@ -711,91 +1117,91 @@ test_util_config_line_escaped_content(void)
   str = buf1;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "HexadecimalLower");
-  test_streq(v, "*");
+  tt_str_op(k,OP_EQ, "HexadecimalLower");
+  tt_str_op(v,OP_EQ, "*");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "HexadecimalUpper");
-  test_streq(v, "*");
+  tt_str_op(k,OP_EQ, "HexadecimalUpper");
+  tt_str_op(v,OP_EQ, "*");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "HexadecimalUpperX");
-  test_streq(v, "*");
+  tt_str_op(k,OP_EQ, "HexadecimalUpperX");
+  tt_str_op(v,OP_EQ, "*");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "Octal");
-  test_streq(v, "*");
+  tt_str_op(k,OP_EQ, "Octal");
+  tt_str_op(v,OP_EQ, "*");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "Newline");
-  test_streq(v, "\n");
+  tt_str_op(k,OP_EQ, "Newline");
+  tt_str_op(v,OP_EQ, "\n");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "Tab");
-  test_streq(v, "\t");
+  tt_str_op(k,OP_EQ, "Tab");
+  tt_str_op(v,OP_EQ, "\t");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "CarriageReturn");
-  test_streq(v, "\r");
+  tt_str_op(k,OP_EQ, "CarriageReturn");
+  tt_str_op(v,OP_EQ, "\r");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "DoubleQuote");
-  test_streq(v, "\"");
+  tt_str_op(k,OP_EQ, "DoubleQuote");
+  tt_str_op(v,OP_EQ, "\"");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "SimpleQuote");
-  test_streq(v, "'");
+  tt_str_op(k,OP_EQ, "SimpleQuote");
+  tt_str_op(v,OP_EQ, "'");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "Backslash");
-  test_streq(v, "\\");
+  tt_str_op(k,OP_EQ, "Backslash");
+  tt_str_op(v,OP_EQ, "\\");
   tor_free(k); tor_free(v);
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_streq(k, "Mix");
-  test_streq(v, "This is a \"star\":\t'*'\nAnd second line");
+  tt_str_op(k,OP_EQ, "Mix");
+  tt_str_op(v,OP_EQ, "This is a \"star\":\t'*'\nAnd second line");
   tor_free(k); tor_free(v);
-  test_streq(str, "");
+  tt_str_op(str,OP_EQ, "");
 
   str = buf2;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
   str = buf3;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
   str = buf4;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
 #if 0
   str = buf5;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str, OP_EQ, NULL);
   tor_free(k); tor_free(v);
 #endif
 
   str = buf6;
 
   str = parse_config_line_from_str(str, &k, &v);
-  test_eq_ptr(str, NULL);
+  tt_ptr_op(str,OP_EQ, NULL);
   tor_free(k); tor_free(v);
 
  done:
@@ -805,46 +1211,47 @@ test_util_config_line_escaped_content(void)
 
 #ifndef _WIN32
 static void
-test_util_expand_filename(void)
+test_util_expand_filename(void *arg)
 {
   char *str;
 
+  (void)arg;
   setenv("HOME", "/home/itv", 1); /* For "internal test value" */
 
   str = expand_filename("");
-  test_streq("", str);
+  tt_str_op("",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("/normal/path");
-  test_streq("/normal/path", str);
+  tt_str_op("/normal/path",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("/normal/trailing/path/");
-  test_streq("/normal/trailing/path/", str);
+  tt_str_op("/normal/trailing/path/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~");
-  test_streq("/home/itv/", str);
+  tt_str_op("/home/itv/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("$HOME/nodice");
-  test_streq("$HOME/nodice", str);
+  tt_str_op("$HOME/nodice",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/");
-  test_streq("/home/itv/", str);
+  tt_str_op("/home/itv/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/foobarqux");
-  test_streq("/home/itv/foobarqux", str);
+  tt_str_op("/home/itv/foobarqux",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/../../etc/passwd");
-  test_streq("/home/itv/../../etc/passwd", str);
+  tt_str_op("/home/itv/../../etc/passwd",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/trailing/");
-  test_streq("/home/itv/trailing/", str);
+  tt_str_op("/home/itv/trailing/",OP_EQ, str);
   tor_free(str);
   /* Ideally we'd test ~anotheruser, but that's shady to test (we'd
      have to somehow inject/fake the get_user_homedir call) */
@@ -853,15 +1260,15 @@ test_util_expand_filename(void)
   setenv("HOME", "/home/itv/", 1);
 
   str = expand_filename("~");
-  test_streq("/home/itv/", str);
+  tt_str_op("/home/itv/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/");
-  test_streq("/home/itv/", str);
+  tt_str_op("/home/itv/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/foo");
-  test_streq("/home/itv/foo", str);
+  tt_str_op("/home/itv/foo",OP_EQ, str);
   tor_free(str);
 
   /* Try with empty $HOME */
@@ -869,15 +1276,15 @@ test_util_expand_filename(void)
   setenv("HOME", "", 1);
 
   str = expand_filename("~");
-  test_streq("/", str);
+  tt_str_op("/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/");
-  test_streq("/", str);
+  tt_str_op("/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/foobar");
-  test_streq("/foobar", str);
+  tt_str_op("/foobar",OP_EQ, str);
   tor_free(str);
 
   /* Try with $HOME unset */
@@ -885,15 +1292,15 @@ test_util_expand_filename(void)
   unsetenv("HOME");
 
   str = expand_filename("~");
-  test_streq("/", str);
+  tt_str_op("/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/");
-  test_streq("/", str);
+  tt_str_op("/",OP_EQ, str);
   tor_free(str);
 
   str = expand_filename("~/foobar");
-  test_streq("/foobar", str);
+  tt_str_op("/foobar",OP_EQ, str);
   tor_free(str);
 
  done:
@@ -903,37 +1310,38 @@ test_util_expand_filename(void)
 
 /** Test tor_escape_str_for_pt_args(). */
 static void
-test_util_escape_string_socks(void)
+test_util_escape_string_socks(void *arg)
 {
   char *escaped_string = NULL;
 
   /** Simple backslash escape. */
+  (void)arg;
   escaped_string = tor_escape_str_for_pt_args("This is a backslash: \\",";\\");
-  test_assert(escaped_string);
-  test_streq(escaped_string, "This is a backslash: \\\\");
+  tt_assert(escaped_string);
+  tt_str_op(escaped_string,OP_EQ, "This is a backslash: \\\\");
   tor_free(escaped_string);
 
   /** Simple semicolon escape. */
   escaped_string = tor_escape_str_for_pt_args("First rule:Do not use ;",";\\");
-  test_assert(escaped_string);
-  test_streq(escaped_string, "First rule:Do not use \\;");
+  tt_assert(escaped_string);
+  tt_str_op(escaped_string,OP_EQ, "First rule:Do not use \\;");
   tor_free(escaped_string);
 
   /** Empty string. */
   escaped_string = tor_escape_str_for_pt_args("", ";\\");
-  test_assert(escaped_string);
-  test_streq(escaped_string, "");
+  tt_assert(escaped_string);
+  tt_str_op(escaped_string,OP_EQ, "");
   tor_free(escaped_string);
 
   /** Escape all characters. */
   escaped_string = tor_escape_str_for_pt_args(";\\;\\", ";\\");
-  test_assert(escaped_string);
-  test_streq(escaped_string, "\\;\\\\\\;\\\\");
+  tt_assert(escaped_string);
+  tt_str_op(escaped_string,OP_EQ, "\\;\\\\\\;\\\\");
   tor_free(escaped_string);
 
   escaped_string = tor_escape_str_for_pt_args(";", ";\\");
-  test_assert(escaped_string);
-  test_streq(escaped_string, "\\;");
+  tt_assert(escaped_string);
+  tt_str_op(escaped_string,OP_EQ, "\\;");
   tor_free(escaped_string);
 
  done:
@@ -944,288 +1352,291 @@ static void
 test_util_string_is_key_value(void *ptr)
 {
   (void)ptr;
-  test_assert(string_is_key_value(LOG_WARN, "key=value"));
-  test_assert(string_is_key_value(LOG_WARN, "k=v"));
-  test_assert(string_is_key_value(LOG_WARN, "key="));
-  test_assert(string_is_key_value(LOG_WARN, "x="));
-  test_assert(string_is_key_value(LOG_WARN, "xx="));
-  test_assert(!string_is_key_value(LOG_WARN, "=value"));
-  test_assert(!string_is_key_value(LOG_WARN, "=x"));
-  test_assert(!string_is_key_value(LOG_WARN, "="));
+  tt_assert(string_is_key_value(LOG_WARN, "key=value"));
+  tt_assert(string_is_key_value(LOG_WARN, "k=v"));
+  tt_assert(string_is_key_value(LOG_WARN, "key="));
+  tt_assert(string_is_key_value(LOG_WARN, "x="));
+  tt_assert(string_is_key_value(LOG_WARN, "xx="));
+  tt_assert(!string_is_key_value(LOG_WARN, "=value"));
+  tt_assert(!string_is_key_value(LOG_WARN, "=x"));
+  tt_assert(!string_is_key_value(LOG_WARN, "="));
 
   /* ??? */
-  /* test_assert(!string_is_key_value(LOG_WARN, "===")); */
+  /* tt_assert(!string_is_key_value(LOG_WARN, "===")); */
  done:
   ;
 }
 
 /** Test basic string functionality. */
 static void
-test_util_strmisc(void)
+test_util_strmisc(void *arg)
 {
   char buf[1024];
   int i;
   char *cp, *cp_tmp = NULL;
 
   /* Test strl operations */
-  test_eq(5, strlcpy(buf, "Hello", 0));
-  test_eq(5, strlcpy(buf, "Hello", 10));
-  test_streq(buf, "Hello");
-  test_eq(5, strlcpy(buf, "Hello", 6));
-  test_streq(buf, "Hello");
-  test_eq(5, strlcpy(buf, "Hello", 5));
-  test_streq(buf, "Hell");
+  (void)arg;
+  tt_int_op(5,OP_EQ, strlcpy(buf, "Hello", 0));
+  tt_int_op(5,OP_EQ, strlcpy(buf, "Hello", 10));
+  tt_str_op(buf,OP_EQ, "Hello");
+  tt_int_op(5,OP_EQ, strlcpy(buf, "Hello", 6));
+  tt_str_op(buf,OP_EQ, "Hello");
+  tt_int_op(5,OP_EQ, strlcpy(buf, "Hello", 5));
+  tt_str_op(buf,OP_EQ, "Hell");
   strlcpy(buf, "Hello", sizeof(buf));
-  test_eq(10, strlcat(buf, "Hello", 5));
+  tt_int_op(10,OP_EQ, strlcat(buf, "Hello", 5));
 
   /* Test strstrip() */
   strlcpy(buf, "Testing 1 2 3", sizeof(buf));
   tor_strstrip(buf, ",!");
-  test_streq(buf, "Testing 1 2 3");
+  tt_str_op(buf,OP_EQ, "Testing 1 2 3");
   strlcpy(buf, "!Testing 1 2 3?", sizeof(buf));
   tor_strstrip(buf, "!? ");
-  test_streq(buf, "Testing123");
+  tt_str_op(buf,OP_EQ, "Testing123");
   strlcpy(buf, "!!!Testing 1 2 3??", sizeof(buf));
   tor_strstrip(buf, "!? ");
-  test_streq(buf, "Testing123");
+  tt_str_op(buf,OP_EQ, "Testing123");
 
   /* Test parse_long */
   /* Empty/zero input */
-  test_eq(0L, tor_parse_long("",10,0,100,&i,NULL));
-  test_eq(0, i);
-  test_eq(0L, tor_parse_long("0",10,0,100,&i,NULL));
-  test_eq(1, i);
+  tt_int_op(0L,OP_EQ, tor_parse_long("",10,0,100,&i,NULL));
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(0L,OP_EQ, tor_parse_long("0",10,0,100,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
   /* Normal cases */
-  test_eq(10L, tor_parse_long("10",10,0,100,&i,NULL));
-  test_eq(1, i);
-  test_eq(10L, tor_parse_long("10",10,0,10,&i,NULL));
-  test_eq(1, i);
-  test_eq(10L, tor_parse_long("10",10,10,100,&i,NULL));
-  test_eq(1, i);
-  test_eq(-50L, tor_parse_long("-50",10,-100,100,&i,NULL));
-  test_eq(1, i);
-  test_eq(-50L, tor_parse_long("-50",10,-100,0,&i,NULL));
-  test_eq(1, i);
-  test_eq(-50L, tor_parse_long("-50",10,-50,0,&i,NULL));
-  test_eq(1, i);
+  tt_int_op(10L,OP_EQ, tor_parse_long("10",10,0,100,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(10L,OP_EQ, tor_parse_long("10",10,0,10,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(10L,OP_EQ, tor_parse_long("10",10,10,100,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(-50L,OP_EQ, tor_parse_long("-50",10,-100,100,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(-50L,OP_EQ, tor_parse_long("-50",10,-100,0,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(-50L,OP_EQ, tor_parse_long("-50",10,-50,0,&i,NULL));
+  tt_int_op(1,OP_EQ, i);
   /* Extra garbage */
-  test_eq(0L, tor_parse_long("10m",10,0,100,&i,NULL));
-  test_eq(0, i);
-  test_eq(0L, tor_parse_long("-50 plus garbage",10,-100,100,&i,NULL));
-  test_eq(0, i);
-  test_eq(10L, tor_parse_long("10m",10,0,100,&i,&cp));
-  test_eq(1, i);
-  test_streq(cp, "m");
-  test_eq(-50L, tor_parse_long("-50 plus garbage",10,-100,100,&i,&cp));
-  test_eq(1, i);
-  test_streq(cp, " plus garbage");
+  tt_int_op(0L,OP_EQ, tor_parse_long("10m",10,0,100,&i,NULL));
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(0L,OP_EQ, tor_parse_long("-50 plus garbage",10,-100,100,&i,NULL));
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(10L,OP_EQ, tor_parse_long("10m",10,0,100,&i,&cp));
+  tt_int_op(1,OP_EQ, i);
+  tt_str_op(cp,OP_EQ, "m");
+  tt_int_op(-50L,OP_EQ, tor_parse_long("-50 plus garbage",10,-100,100,&i,&cp));
+  tt_int_op(1,OP_EQ, i);
+  tt_str_op(cp,OP_EQ, " plus garbage");
   /* Out of bounds */
-  test_eq(0L,  tor_parse_long("10",10,50,100,&i,NULL));
-  test_eq(0, i);
-  test_eq(0L,   tor_parse_long("-50",10,0,100,&i,NULL));
-  test_eq(0, i);
+  tt_int_op(0L,OP_EQ,  tor_parse_long("10",10,50,100,&i,NULL));
+  tt_int_op(0,OP_EQ, i);
+  tt_int_op(0L,OP_EQ,   tor_parse_long("-50",10,0,100,&i,NULL));
+  tt_int_op(0,OP_EQ, i);
   /* Base different than 10 */
-  test_eq(2L,   tor_parse_long("10",2,0,100,NULL,NULL));
-  test_eq(0L,   tor_parse_long("2",2,0,100,NULL,NULL));
-  test_eq(0L,   tor_parse_long("10",-2,0,100,NULL,NULL));
-  test_eq(68284L, tor_parse_long("10abc",16,0,70000,NULL,NULL));
-  test_eq(68284L, tor_parse_long("10ABC",16,0,70000,NULL,NULL));
-  test_eq(0, tor_parse_long("10ABC",-1,0,70000,&i,NULL));
-  test_eq(i, 0);
+  tt_int_op(2L,OP_EQ,   tor_parse_long("10",2,0,100,NULL,NULL));
+  tt_int_op(0L,OP_EQ,   tor_parse_long("2",2,0,100,NULL,NULL));
+  tt_int_op(0L,OP_EQ,   tor_parse_long("10",-2,0,100,NULL,NULL));
+  tt_int_op(68284L,OP_EQ, tor_parse_long("10abc",16,0,70000,NULL,NULL));
+  tt_int_op(68284L,OP_EQ, tor_parse_long("10ABC",16,0,70000,NULL,NULL));
+  tt_int_op(0,OP_EQ, tor_parse_long("10ABC",-1,0,70000,&i,NULL));
+  tt_int_op(i,OP_EQ, 0);
 
   /* Test parse_ulong */
-  test_eq(0UL, tor_parse_ulong("",10,0,100,NULL,NULL));
-  test_eq(0UL, tor_parse_ulong("0",10,0,100,NULL,NULL));
-  test_eq(10UL, tor_parse_ulong("10",10,0,100,NULL,NULL));
-  test_eq(0UL, tor_parse_ulong("10",10,50,100,NULL,NULL));
-  test_eq(10UL, tor_parse_ulong("10",10,0,10,NULL,NULL));
-  test_eq(10UL, tor_parse_ulong("10",10,10,100,NULL,NULL));
-  test_eq(0UL, tor_parse_ulong("8",8,0,100,NULL,NULL));
-  test_eq(50UL, tor_parse_ulong("50",10,50,100,NULL,NULL));
-  test_eq(0UL, tor_parse_ulong("-50",10,-100,100,NULL,NULL));
-  test_eq(0UL, tor_parse_ulong("50",-1,50,100,&i,NULL));
-  test_eq(0, i);
+  tt_int_op(0UL,OP_EQ, tor_parse_ulong("",10,0,100,NULL,NULL));
+  tt_int_op(0UL,OP_EQ, tor_parse_ulong("0",10,0,100,NULL,NULL));
+  tt_int_op(10UL,OP_EQ, tor_parse_ulong("10",10,0,100,NULL,NULL));
+  tt_int_op(0UL,OP_EQ, tor_parse_ulong("10",10,50,100,NULL,NULL));
+  tt_int_op(10UL,OP_EQ, tor_parse_ulong("10",10,0,10,NULL,NULL));
+  tt_int_op(10UL,OP_EQ, tor_parse_ulong("10",10,10,100,NULL,NULL));
+  tt_int_op(0UL,OP_EQ, tor_parse_ulong("8",8,0,100,NULL,NULL));
+  tt_int_op(50UL,OP_EQ, tor_parse_ulong("50",10,50,100,NULL,NULL));
+  tt_int_op(0UL,OP_EQ, tor_parse_ulong("-50",10,-100,100,NULL,NULL));
+  tt_int_op(0UL,OP_EQ, tor_parse_ulong("50",-1,50,100,&i,NULL));
+  tt_int_op(0,OP_EQ, i);
 
   /* Test parse_uint64 */
-  test_assert(U64_LITERAL(10) == tor_parse_uint64("10 x",10,0,100, &i, &cp));
-  test_eq(1, i);
-  test_streq(cp, " x");
-  test_assert(U64_LITERAL(12345678901) ==
+  tt_assert(U64_LITERAL(10) == tor_parse_uint64("10 x",10,0,100, &i, &cp));
+  tt_int_op(1,OP_EQ, i);
+  tt_str_op(cp,OP_EQ, " x");
+  tt_assert(U64_LITERAL(12345678901) ==
               tor_parse_uint64("12345678901",10,0,UINT64_MAX, &i, &cp));
-  test_eq(1, i);
-  test_streq(cp, "");
-  test_assert(U64_LITERAL(0) ==
+  tt_int_op(1,OP_EQ, i);
+  tt_str_op(cp,OP_EQ, "");
+  tt_assert(U64_LITERAL(0) ==
               tor_parse_uint64("12345678901",10,500,INT32_MAX, &i, &cp));
-  test_eq(0, i);
-  test_assert(U64_LITERAL(0) ==
+  tt_int_op(0,OP_EQ, i);
+  tt_assert(U64_LITERAL(0) ==
               tor_parse_uint64("123",-1,0,INT32_MAX, &i, &cp));
-  test_eq(0, i);
+  tt_int_op(0,OP_EQ, i);
 
   {
   /* Test parse_double */
   double d = tor_parse_double("10", 0, UINT64_MAX,&i,NULL);
-  test_eq(1, i);
-  test_assert(DBL_TO_U64(d) == 10);
+  tt_int_op(1,OP_EQ, i);
+  tt_assert(DBL_TO_U64(d) == 10);
   d = tor_parse_double("0", 0, UINT64_MAX,&i,NULL);
-  test_eq(1, i);
-  test_assert(DBL_TO_U64(d) == 0);
+  tt_int_op(1,OP_EQ, i);
+  tt_assert(DBL_TO_U64(d) == 0);
   d = tor_parse_double(" ", 0, UINT64_MAX,&i,NULL);
-  test_eq(0, i);
+  tt_int_op(0,OP_EQ, i);
   d = tor_parse_double(".0a", 0, UINT64_MAX,&i,NULL);
-  test_eq(0, i);
+  tt_int_op(0,OP_EQ, i);
   d = tor_parse_double(".0a", 0, UINT64_MAX,&i,&cp);
-  test_eq(1, i);
+  tt_int_op(1,OP_EQ, i);
   d = tor_parse_double("-.0", 0, UINT64_MAX,&i,NULL);
-  test_eq(1, i);
-  test_assert(DBL_TO_U64(d) == 0);
+  tt_int_op(1,OP_EQ, i);
+  tt_assert(DBL_TO_U64(d) == 0);
   d = tor_parse_double("-10", -100.0, 100.0,&i,NULL);
-  test_eq(1, i);
-  test_eq(-10.0, d);
+  tt_int_op(1,OP_EQ, i);
+  tt_int_op(-10.0,OP_EQ, d);
   }
 
   {
     /* Test tor_parse_* where we overflow/underflow the underlying type. */
     /* This string should overflow 64-bit ints. */
 #define TOOBIG "100000000000000000000000000"
-    test_eq(0L, tor_parse_long(TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL));
-    test_eq(i, 0);
-    test_eq(0L, tor_parse_long("-"TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL));
-    test_eq(i, 0);
-    test_eq(0UL, tor_parse_ulong(TOOBIG, 10, 0, ULONG_MAX, &i, NULL));
-    test_eq(i, 0);
-    tt_u64_op(U64_LITERAL(0), ==, tor_parse_uint64(TOOBIG, 10,
+    tt_int_op(0L, OP_EQ,
+              tor_parse_long(TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL));
+    tt_int_op(i,OP_EQ, 0);
+    tt_int_op(0L,OP_EQ,
+              tor_parse_long("-"TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL));
+    tt_int_op(i,OP_EQ, 0);
+    tt_int_op(0UL,OP_EQ, tor_parse_ulong(TOOBIG, 10, 0, ULONG_MAX, &i, NULL));
+    tt_int_op(i,OP_EQ, 0);
+    tt_u64_op(U64_LITERAL(0), OP_EQ, tor_parse_uint64(TOOBIG, 10,
                                              0, UINT64_MAX, &i, NULL));
-    test_eq(i, 0);
+    tt_int_op(i,OP_EQ, 0);
   }
 
   /* Test snprintf */
   /* Returning -1 when there's not enough room in the output buffer */
-  test_eq(-1, tor_snprintf(buf, 0, "Foo"));
-  test_eq(-1, tor_snprintf(buf, 2, "Foo"));
-  test_eq(-1, tor_snprintf(buf, 3, "Foo"));
-  test_neq(-1, tor_snprintf(buf, 4, "Foo"));
+  tt_int_op(-1,OP_EQ, tor_snprintf(buf, 0, "Foo"));
+  tt_int_op(-1,OP_EQ, tor_snprintf(buf, 2, "Foo"));
+  tt_int_op(-1,OP_EQ, tor_snprintf(buf, 3, "Foo"));
+  tt_int_op(-1,OP_NE, tor_snprintf(buf, 4, "Foo"));
   /* Always NUL-terminate the output */
   tor_snprintf(buf, 5, "abcdef");
-  test_eq(0, buf[4]);
+  tt_int_op(0,OP_EQ, buf[4]);
   tor_snprintf(buf, 10, "abcdef");
-  test_eq(0, buf[6]);
+  tt_int_op(0,OP_EQ, buf[6]);
   /* uint64 */
   tor_snprintf(buf, sizeof(buf), "x!"U64_FORMAT"!x",
                U64_PRINTF_ARG(U64_LITERAL(12345678901)));
-  test_streq("x!12345678901!x", buf);
+  tt_str_op("x!12345678901!x",OP_EQ, buf);
 
   /* Test str{,case}cmpstart */
-  test_assert(strcmpstart("abcdef", "abcdef")==0);
-  test_assert(strcmpstart("abcdef", "abc")==0);
-  test_assert(strcmpstart("abcdef", "abd")<0);
-  test_assert(strcmpstart("abcdef", "abb")>0);
-  test_assert(strcmpstart("ab", "abb")<0);
-  test_assert(strcmpstart("ab", "")==0);
-  test_assert(strcmpstart("ab", "ab ")<0);
-  test_assert(strcasecmpstart("abcdef", "abCdEF")==0);
-  test_assert(strcasecmpstart("abcDeF", "abc")==0);
-  test_assert(strcasecmpstart("abcdef", "Abd")<0);
-  test_assert(strcasecmpstart("Abcdef", "abb")>0);
-  test_assert(strcasecmpstart("ab", "Abb")<0);
-  test_assert(strcasecmpstart("ab", "")==0);
-  test_assert(strcasecmpstart("ab", "ab ")<0);
+  tt_assert(strcmpstart("abcdef", "abcdef")==0);
+  tt_assert(strcmpstart("abcdef", "abc")==0);
+  tt_assert(strcmpstart("abcdef", "abd")<0);
+  tt_assert(strcmpstart("abcdef", "abb")>0);
+  tt_assert(strcmpstart("ab", "abb")<0);
+  tt_assert(strcmpstart("ab", "")==0);
+  tt_assert(strcmpstart("ab", "ab ")<0);
+  tt_assert(strcasecmpstart("abcdef", "abCdEF")==0);
+  tt_assert(strcasecmpstart("abcDeF", "abc")==0);
+  tt_assert(strcasecmpstart("abcdef", "Abd")<0);
+  tt_assert(strcasecmpstart("Abcdef", "abb")>0);
+  tt_assert(strcasecmpstart("ab", "Abb")<0);
+  tt_assert(strcasecmpstart("ab", "")==0);
+  tt_assert(strcasecmpstart("ab", "ab ")<0);
 
   /* Test str{,case}cmpend */
-  test_assert(strcmpend("abcdef", "abcdef")==0);
-  test_assert(strcmpend("abcdef", "def")==0);
-  test_assert(strcmpend("abcdef", "deg")<0);
-  test_assert(strcmpend("abcdef", "dee")>0);
-  test_assert(strcmpend("ab", "aab")>0);
-  test_assert(strcasecmpend("AbcDEF", "abcdef")==0);
-  test_assert(strcasecmpend("abcdef", "dEF")==0);
-  test_assert(strcasecmpend("abcdef", "Deg")<0);
-  test_assert(strcasecmpend("abcDef", "dee")>0);
-  test_assert(strcasecmpend("AB", "abb")<0);
+  tt_assert(strcmpend("abcdef", "abcdef")==0);
+  tt_assert(strcmpend("abcdef", "def")==0);
+  tt_assert(strcmpend("abcdef", "deg")<0);
+  tt_assert(strcmpend("abcdef", "dee")>0);
+  tt_assert(strcmpend("ab", "aab")>0);
+  tt_assert(strcasecmpend("AbcDEF", "abcdef")==0);
+  tt_assert(strcasecmpend("abcdef", "dEF")==0);
+  tt_assert(strcasecmpend("abcdef", "Deg")<0);
+  tt_assert(strcasecmpend("abcDef", "dee")>0);
+  tt_assert(strcasecmpend("AB", "abb")<0);
 
   /* Test digest_is_zero */
   memset(buf,0,20);
   buf[20] = 'x';
-  test_assert(tor_digest_is_zero(buf));
+  tt_assert(tor_digest_is_zero(buf));
   buf[19] = 'x';
-  test_assert(!tor_digest_is_zero(buf));
+  tt_assert(!tor_digest_is_zero(buf));
 
   /* Test mem_is_zero */
   memset(buf,0,128);
   buf[128] = 'x';
-  test_assert(tor_mem_is_zero(buf, 10));
-  test_assert(tor_mem_is_zero(buf, 20));
-  test_assert(tor_mem_is_zero(buf, 128));
-  test_assert(!tor_mem_is_zero(buf, 129));
+  tt_assert(tor_mem_is_zero(buf, 10));
+  tt_assert(tor_mem_is_zero(buf, 20));
+  tt_assert(tor_mem_is_zero(buf, 128));
+  tt_assert(!tor_mem_is_zero(buf, 129));
   buf[60] = (char)255;
-  test_assert(!tor_mem_is_zero(buf, 128));
+  tt_assert(!tor_mem_is_zero(buf, 128));
   buf[0] = (char)1;
-  test_assert(!tor_mem_is_zero(buf, 10));
+  tt_assert(!tor_mem_is_zero(buf, 10));
 
   /* Test 'escaped' */
-  test_assert(NULL == escaped(NULL));
-  test_streq("\"\"", escaped(""));
-  test_streq("\"abcd\"", escaped("abcd"));
-  test_streq("\"\\\\ \\n\\r\\t\\\"\\'\"", escaped("\\ \n\r\t\"'"));
-  test_streq("\"unnecessary \\'backslashes\\'\"",
+  tt_assert(NULL == escaped(NULL));
+  tt_str_op("\"\"",OP_EQ, escaped(""));
+  tt_str_op("\"abcd\"",OP_EQ, escaped("abcd"));
+  tt_str_op("\"\\\\ \\n\\r\\t\\\"\\'\"",OP_EQ, escaped("\\ \n\r\t\"'"));
+  tt_str_op("\"unnecessary \\'backslashes\\'\"",OP_EQ,
              escaped("unnecessary \'backslashes\'"));
   /* Non-printable characters appear as octal */
-  test_streq("\"z\\001abc\\277d\"",  escaped("z\001abc\277d"));
-  test_streq("\"z\\336\\255 ;foo\"", escaped("z\xde\xad\x20;foo"));
+  tt_str_op("\"z\\001abc\\277d\"",OP_EQ,  escaped("z\001abc\277d"));
+  tt_str_op("\"z\\336\\255 ;foo\"",OP_EQ, escaped("z\xde\xad\x20;foo"));
 
   /* Test strndup and memdup */
   {
     const char *s = "abcdefghijklmnopqrstuvwxyz";
     cp_tmp = tor_strndup(s, 30);
-    test_streq(cp_tmp, s); /* same string, */
-    test_neq_ptr(cp_tmp, s); /* but different pointers. */
+    tt_str_op(cp_tmp,OP_EQ, s); /* same string, */
+    tt_ptr_op(cp_tmp,OP_NE,s); /* but different pointers. */
     tor_free(cp_tmp);
 
     cp_tmp = tor_strndup(s, 5);
-    test_streq(cp_tmp, "abcde");
+    tt_str_op(cp_tmp,OP_EQ, "abcde");
     tor_free(cp_tmp);
 
     s = "a\0b\0c\0d\0e\0";
     cp_tmp = tor_memdup(s,10);
-    test_memeq(cp_tmp, s, 10); /* same ram, */
-    test_neq_ptr(cp_tmp, s); /* but different pointers. */
+    tt_mem_op(cp_tmp,OP_EQ, s, 10); /* same ram, */
+    tt_ptr_op(cp_tmp,OP_NE,s); /* but different pointers. */
     tor_free(cp_tmp);
   }
 
   /* Test str-foo functions */
   cp_tmp = tor_strdup("abcdef");
-  test_assert(tor_strisnonupper(cp_tmp));
+  tt_assert(tor_strisnonupper(cp_tmp));
   cp_tmp[3] = 'D';
-  test_assert(!tor_strisnonupper(cp_tmp));
+  tt_assert(!tor_strisnonupper(cp_tmp));
   tor_strupper(cp_tmp);
-  test_streq(cp_tmp, "ABCDEF");
+  tt_str_op(cp_tmp,OP_EQ, "ABCDEF");
   tor_strlower(cp_tmp);
-  test_streq(cp_tmp, "abcdef");
-  test_assert(tor_strisnonupper(cp_tmp));
-  test_assert(tor_strisprint(cp_tmp));
+  tt_str_op(cp_tmp,OP_EQ, "abcdef");
+  tt_assert(tor_strisnonupper(cp_tmp));
+  tt_assert(tor_strisprint(cp_tmp));
   cp_tmp[3] = 3;
-  test_assert(!tor_strisprint(cp_tmp));
+  tt_assert(!tor_strisprint(cp_tmp));
   tor_free(cp_tmp);
 
   /* Test memmem and memstr */
   {
     const char *haystack = "abcde";
-    test_assert(!tor_memmem(haystack, 5, "ef", 2));
-    test_eq_ptr(tor_memmem(haystack, 5, "cd", 2), haystack + 2);
-    test_eq_ptr(tor_memmem(haystack, 5, "cde", 3), haystack + 2);
-    test_assert(!tor_memmem(haystack, 4, "cde", 3));
+    tt_assert(!tor_memmem(haystack, 5, "ef", 2));
+    tt_ptr_op(tor_memmem(haystack, 5, "cd", 2),OP_EQ, haystack + 2);
+    tt_ptr_op(tor_memmem(haystack, 5, "cde", 3),OP_EQ, haystack + 2);
+    tt_assert(!tor_memmem(haystack, 4, "cde", 3));
     haystack = "ababcad";
-    test_eq_ptr(tor_memmem(haystack, 7, "abc", 3), haystack + 2);
-    test_eq_ptr(tor_memmem(haystack, 7, "ad", 2), haystack + 5);
-    test_eq_ptr(tor_memmem(haystack, 7, "cad", 3), haystack + 4);
-    test_assert(!tor_memmem(haystack, 7, "dadad", 5));
-    test_assert(!tor_memmem(haystack, 7, "abcdefghij", 10));
+    tt_ptr_op(tor_memmem(haystack, 7, "abc", 3),OP_EQ, haystack + 2);
+    tt_ptr_op(tor_memmem(haystack, 7, "ad", 2),OP_EQ, haystack + 5);
+    tt_ptr_op(tor_memmem(haystack, 7, "cad", 3),OP_EQ, haystack + 4);
+    tt_assert(!tor_memmem(haystack, 7, "dadad", 5));
+    tt_assert(!tor_memmem(haystack, 7, "abcdefghij", 10));
     /* memstr */
-    test_eq_ptr(tor_memstr(haystack, 7, "abc"), haystack + 2);
-    test_eq_ptr(tor_memstr(haystack, 7, "cad"), haystack + 4);
-    test_assert(!tor_memstr(haystack, 6, "cad"));
-    test_assert(!tor_memstr(haystack, 7, "cadd"));
-    test_assert(!tor_memstr(haystack, 7, "fe"));
-    test_assert(!tor_memstr(haystack, 7, "ababcade"));
+    tt_ptr_op(tor_memstr(haystack, 7, "abc"),OP_EQ, haystack + 2);
+    tt_ptr_op(tor_memstr(haystack, 7, "cad"),OP_EQ, haystack + 4);
+    tt_assert(!tor_memstr(haystack, 6, "cad"));
+    tt_assert(!tor_memstr(haystack, 7, "cadd"));
+    tt_assert(!tor_memstr(haystack, 7, "fe"));
+    tt_assert(!tor_memstr(haystack, 7, "ababcade"));
   }
 
   /* Test hex_str */
@@ -1234,271 +1645,134 @@ test_util_strmisc(void)
     size_t i;
     for (i = 0; i < sizeof(binary_data); ++i)
       binary_data[i] = i;
-    test_streq(hex_str(binary_data, 0), "");
-    test_streq(hex_str(binary_data, 1), "00");
-    test_streq(hex_str(binary_data, 17), "000102030405060708090A0B0C0D0E0F10");
-    test_streq(hex_str(binary_data, 32),
+    tt_str_op(hex_str(binary_data, 0),OP_EQ, "");
+    tt_str_op(hex_str(binary_data, 1),OP_EQ, "00");
+    tt_str_op(hex_str(binary_data, 17),OP_EQ,
+              "000102030405060708090A0B0C0D0E0F10");
+    tt_str_op(hex_str(binary_data, 32),OP_EQ,
                "000102030405060708090A0B0C0D0E0F"
                "101112131415161718191A1B1C1D1E1F");
-    test_streq(hex_str(binary_data, 34),
+    tt_str_op(hex_str(binary_data, 34),OP_EQ,
                "000102030405060708090A0B0C0D0E0F"
                "101112131415161718191A1B1C1D1E1F");
     /* Repeat these tests for shorter strings after longer strings
        have been tried, to make sure we're correctly terminating strings */
-    test_streq(hex_str(binary_data, 1), "00");
-    test_streq(hex_str(binary_data, 0), "");
+    tt_str_op(hex_str(binary_data, 1),OP_EQ, "00");
+    tt_str_op(hex_str(binary_data, 0),OP_EQ, "");
   }
 
   /* Test strcmp_opt */
-  tt_int_op(strcmp_opt("",   "foo"), <, 0);
-  tt_int_op(strcmp_opt("",    ""),  ==, 0);
-  tt_int_op(strcmp_opt("foo", ""),   >, 0);
+  tt_int_op(strcmp_opt("",   "foo"), OP_LT, 0);
+  tt_int_op(strcmp_opt("",    ""),  OP_EQ, 0);
+  tt_int_op(strcmp_opt("foo", ""),   OP_GT, 0);
 
-  tt_int_op(strcmp_opt(NULL,  ""),    <, 0);
-  tt_int_op(strcmp_opt(NULL,  NULL), ==, 0);
-  tt_int_op(strcmp_opt("",    NULL),  >, 0);
+  tt_int_op(strcmp_opt(NULL,  ""),    OP_LT, 0);
+  tt_int_op(strcmp_opt(NULL,  NULL), OP_EQ, 0);
+  tt_int_op(strcmp_opt("",    NULL),  OP_GT, 0);
 
-  tt_int_op(strcmp_opt(NULL,  "foo"), <, 0);
-  tt_int_op(strcmp_opt("foo", NULL),  >, 0);
+  tt_int_op(strcmp_opt(NULL,  "foo"), OP_LT, 0);
+  tt_int_op(strcmp_opt("foo", NULL),  OP_GT, 0);
 
   /* Test strcmp_len */
-  tt_int_op(strcmp_len("foo", "bar", 3),   >, 0);
-  tt_int_op(strcmp_len("foo", "bar", 2),   <, 0); /* First len, then lexical */
-  tt_int_op(strcmp_len("foo2", "foo1", 4), >, 0);
-  tt_int_op(strcmp_len("foo2", "foo1", 3), <, 0); /* Really stop at len */
-  tt_int_op(strcmp_len("foo2", "foo", 3), ==, 0);   /* Really stop at len */
-  tt_int_op(strcmp_len("blah", "", 4),     >, 0);
-  tt_int_op(strcmp_len("blah", "", 0),    ==, 0);
+  tt_int_op(strcmp_len("foo", "bar", 3),   OP_GT, 0);
+  tt_int_op(strcmp_len("foo", "bar", 2),   OP_LT, 0);
+  tt_int_op(strcmp_len("foo2", "foo1", 4), OP_GT, 0);
+  tt_int_op(strcmp_len("foo2", "foo1", 3), OP_LT, 0); /* Really stop at len */
+  tt_int_op(strcmp_len("foo2", "foo", 3), OP_EQ, 0);  /* Really stop at len */
+  tt_int_op(strcmp_len("blah", "", 4),     OP_GT, 0);
+  tt_int_op(strcmp_len("blah", "", 0),    OP_EQ, 0);
 
  done:
   tor_free(cp_tmp);
 }
 
 static void
-test_util_pow2(void)
+test_util_pow2(void *arg)
 {
   /* Test tor_log2(). */
-  test_eq(tor_log2(64), 6);
-  test_eq(tor_log2(65), 6);
-  test_eq(tor_log2(63), 5);
-  test_eq(tor_log2(0), 0); /* incorrect mathematically, but as specified */
-  test_eq(tor_log2(1), 0);
-  test_eq(tor_log2(2), 1);
-  test_eq(tor_log2(3), 1);
-  test_eq(tor_log2(4), 2);
-  test_eq(tor_log2(5), 2);
-  test_eq(tor_log2(U64_LITERAL(40000000000000000)), 55);
-  test_eq(tor_log2(UINT64_MAX), 63);
+  (void)arg;
+  tt_int_op(tor_log2(64),OP_EQ, 6);
+  tt_int_op(tor_log2(65),OP_EQ, 6);
+  tt_int_op(tor_log2(63),OP_EQ, 5);
+  /* incorrect mathematically, but as specified: */
+  tt_int_op(tor_log2(0),OP_EQ, 0);
+  tt_int_op(tor_log2(1),OP_EQ, 0);
+  tt_int_op(tor_log2(2),OP_EQ, 1);
+  tt_int_op(tor_log2(3),OP_EQ, 1);
+  tt_int_op(tor_log2(4),OP_EQ, 2);
+  tt_int_op(tor_log2(5),OP_EQ, 2);
+  tt_int_op(tor_log2(U64_LITERAL(40000000000000000)),OP_EQ, 55);
+  tt_int_op(tor_log2(UINT64_MAX),OP_EQ, 63);
 
   /* Test round_to_power_of_2 */
-  tt_u64_op(round_to_power_of_2(120), ==, 128);
-  tt_u64_op(round_to_power_of_2(128), ==, 128);
-  tt_u64_op(round_to_power_of_2(130), ==, 128);
-  tt_u64_op(round_to_power_of_2(U64_LITERAL(40000000000000000)), ==,
+  tt_u64_op(round_to_power_of_2(120), OP_EQ, 128);
+  tt_u64_op(round_to_power_of_2(128), OP_EQ, 128);
+  tt_u64_op(round_to_power_of_2(130), OP_EQ, 128);
+  tt_u64_op(round_to_power_of_2(U64_LITERAL(40000000000000000)), OP_EQ,
             U64_LITERAL(1)<<55);
-  tt_u64_op(round_to_power_of_2(U64_LITERAL(0xffffffffffffffff)), ==,
+  tt_u64_op(round_to_power_of_2(U64_LITERAL(0xffffffffffffffff)), OP_EQ,
           U64_LITERAL(1)<<63);
-  tt_u64_op(round_to_power_of_2(0), ==, 1);
-  tt_u64_op(round_to_power_of_2(1), ==, 1);
-  tt_u64_op(round_to_power_of_2(2), ==, 2);
-  tt_u64_op(round_to_power_of_2(3), ==, 2);
-  tt_u64_op(round_to_power_of_2(4), ==, 4);
-  tt_u64_op(round_to_power_of_2(5), ==, 4);
-  tt_u64_op(round_to_power_of_2(6), ==, 4);
-  tt_u64_op(round_to_power_of_2(7), ==, 8);
+  tt_u64_op(round_to_power_of_2(0), OP_EQ, 1);
+  tt_u64_op(round_to_power_of_2(1), OP_EQ, 1);
+  tt_u64_op(round_to_power_of_2(2), OP_EQ, 2);
+  tt_u64_op(round_to_power_of_2(3), OP_EQ, 2);
+  tt_u64_op(round_to_power_of_2(4), OP_EQ, 4);
+  tt_u64_op(round_to_power_of_2(5), OP_EQ, 4);
+  tt_u64_op(round_to_power_of_2(6), OP_EQ, 4);
+  tt_u64_op(round_to_power_of_2(7), OP_EQ, 8);
 
  done:
   ;
 }
 
-/** mutex for thread test to stop the threads hitting data at the same time. */
-static tor_mutex_t *thread_test_mutex_ = NULL;
-/** mutexes for the thread test to make sure that the threads have to
- * interleave somewhat. */
-static tor_mutex_t *thread_test_start1_ = NULL,
-                   *thread_test_start2_ = NULL;
-/** Shared strmap for the thread test. */
-static strmap_t *thread_test_strmap_ = NULL;
-/** The name of thread1 for the thread test */
-static char *thread1_name_ = NULL;
-/** The name of thread2 for the thread test */
-static char *thread2_name_ = NULL;
-
-static void thread_test_func_(void* _s) ATTR_NORETURN;
-
-/** How many iterations have the threads in the unit test run? */
-static int t1_count = 0, t2_count = 0;
-
-/** Helper function for threading unit tests: This function runs in a
- * subthread. It grabs its own mutex (start1 or start2) to make sure that it
- * should start, then it repeatedly alters _test_thread_strmap protected by
- * thread_test_mutex_. */
-static void
-thread_test_func_(void* _s)
-{
-  char *s = _s;
-  int i, *count;
-  tor_mutex_t *m;
-  char buf[64];
-  char **cp;
-  if (!strcmp(s, "thread 1")) {
-    m = thread_test_start1_;
-    cp = &thread1_name_;
-    count = &t1_count;
-  } else {
-    m = thread_test_start2_;
-    cp = &thread2_name_;
-    count = &t2_count;
-  }
-
-  tor_snprintf(buf, sizeof(buf), "%lu", tor_get_thread_id());
-  *cp = tor_strdup(buf);
-
-  tor_mutex_acquire(m);
-
-  for (i=0; i<10000; ++i) {
-    tor_mutex_acquire(thread_test_mutex_);
-    strmap_set(thread_test_strmap_, "last to run", *cp);
-    ++*count;
-    tor_mutex_release(thread_test_mutex_);
-  }
-  tor_mutex_acquire(thread_test_mutex_);
-  strmap_set(thread_test_strmap_, s, *cp);
-  tor_mutex_release(thread_test_mutex_);
-
-  tor_mutex_release(m);
-
-  spawn_exit();
-}
-
-/** Run unit tests for threading logic. */
-static void
-test_util_threads(void)
-{
-  char *s1 = NULL, *s2 = NULL;
-  int done = 0, timedout = 0;
-  time_t started;
-#ifndef _WIN32
-  struct timeval tv;
-  tv.tv_sec=0;
-  tv.tv_usec=100*1000;
-#endif
-#ifndef TOR_IS_MULTITHREADED
-  /* Skip this test if we aren't threading. We should be threading most
-   * everywhere by now. */
-  if (1)
-    return;
-#endif
-  thread_test_mutex_ = tor_mutex_new();
-  thread_test_start1_ = tor_mutex_new();
-  thread_test_start2_ = tor_mutex_new();
-  thread_test_strmap_ = strmap_new();
-  s1 = tor_strdup("thread 1");
-  s2 = tor_strdup("thread 2");
-  tor_mutex_acquire(thread_test_start1_);
-  tor_mutex_acquire(thread_test_start2_);
-  spawn_func(thread_test_func_, s1);
-  spawn_func(thread_test_func_, s2);
-  tor_mutex_release(thread_test_start2_);
-  tor_mutex_release(thread_test_start1_);
-  started = time(NULL);
-  while (!done) {
-    tor_mutex_acquire(thread_test_mutex_);
-    strmap_assert_ok(thread_test_strmap_);
-    if (strmap_get(thread_test_strmap_, "thread 1") &&
-        strmap_get(thread_test_strmap_, "thread 2")) {
-      done = 1;
-    } else if (time(NULL) > started + 150) {
-      timedout = done = 1;
-    }
-    tor_mutex_release(thread_test_mutex_);
-#ifndef _WIN32
-    /* Prevent the main thread from starving the worker threads. */
-    select(0, NULL, NULL, NULL, &tv);
-#endif
-  }
-  tor_mutex_acquire(thread_test_start1_);
-  tor_mutex_release(thread_test_start1_);
-  tor_mutex_acquire(thread_test_start2_);
-  tor_mutex_release(thread_test_start2_);
-
-  tor_mutex_free(thread_test_mutex_);
-
-  if (timedout) {
-    printf("\nTimed out: %d %d", t1_count, t2_count);
-    test_assert(strmap_get(thread_test_strmap_, "thread 1"));
-    test_assert(strmap_get(thread_test_strmap_, "thread 2"));
-    test_assert(!timedout);
-  }
-
-  /* different thread IDs. */
-  test_assert(strcmp(strmap_get(thread_test_strmap_, "thread 1"),
-                     strmap_get(thread_test_strmap_, "thread 2")));
-  test_assert(!strcmp(strmap_get(thread_test_strmap_, "thread 1"),
-                      strmap_get(thread_test_strmap_, "last to run")) ||
-              !strcmp(strmap_get(thread_test_strmap_, "thread 2"),
-                      strmap_get(thread_test_strmap_, "last to run")));
-
- done:
-  tor_free(s1);
-  tor_free(s2);
-  tor_free(thread1_name_);
-  tor_free(thread2_name_);
-  if (thread_test_strmap_)
-    strmap_free(thread_test_strmap_, NULL);
-  if (thread_test_start1_)
-    tor_mutex_free(thread_test_start1_);
-  if (thread_test_start2_)
-    tor_mutex_free(thread_test_start2_);
-}
-
 /** Run unit tests for compression functions */
 static void
-test_util_gzip(void)
+test_util_gzip(void *arg)
 {
   char *buf1=NULL, *buf2=NULL, *buf3=NULL, *cp1, *cp2;
   const char *ccp2;
   size_t len1, len2;
   tor_zlib_state_t *state = NULL;
 
+  (void)arg;
   buf1 = tor_strdup("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ");
-  test_assert(detect_compression_method(buf1, strlen(buf1)) == UNKNOWN_METHOD);
+  tt_assert(detect_compression_method(buf1, strlen(buf1)) == UNKNOWN_METHOD);
   if (is_gzip_supported()) {
-    test_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
+    tt_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
                                    GZIP_METHOD));
-    test_assert(buf2);
-    test_assert(len1 < strlen(buf1));
-    test_assert(detect_compression_method(buf2, len1) == GZIP_METHOD);
+    tt_assert(buf2);
+    tt_assert(len1 < strlen(buf1));
+    tt_assert(detect_compression_method(buf2, len1) == GZIP_METHOD);
 
-    test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1,
+    tt_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1,
                                      GZIP_METHOD, 1, LOG_INFO));
-    test_assert(buf3);
-    test_eq(strlen(buf1) + 1, len2);
-    test_streq(buf1, buf3);
+    tt_assert(buf3);
+    tt_int_op(strlen(buf1) + 1,OP_EQ, len2);
+    tt_str_op(buf1,OP_EQ, buf3);
 
     tor_free(buf2);
     tor_free(buf3);
   }
 
-  test_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
+  tt_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
                                  ZLIB_METHOD));
-  test_assert(buf2);
-  test_assert(detect_compression_method(buf2, len1) == ZLIB_METHOD);
+  tt_assert(buf2);
+  tt_assert(detect_compression_method(buf2, len1) == ZLIB_METHOD);
 
-  test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1,
+  tt_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1,
                                    ZLIB_METHOD, 1, LOG_INFO));
-  test_assert(buf3);
-  test_eq(strlen(buf1) + 1, len2);
-  test_streq(buf1, buf3);
+  tt_assert(buf3);
+  tt_int_op(strlen(buf1) + 1,OP_EQ, len2);
+  tt_str_op(buf1,OP_EQ, buf3);
 
   /* Check whether we can uncompress concatenated, compressed strings. */
   tor_free(buf3);
-  buf2 = tor_realloc(buf2, len1*2);
+  buf2 = tor_reallocarray(buf2, len1, 2);
   memcpy(buf2+len1, buf2, len1);
-  test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1*2,
+  tt_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1*2,
                                    ZLIB_METHOD, 1, LOG_INFO));
-  test_eq((strlen(buf1)+1)*2, len2);
-  test_memeq(buf3,
+  tt_int_op((strlen(buf1)+1)*2,OP_EQ, len2);
+  tt_mem_op(buf3,OP_EQ,
              "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0"
              "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0",
              (strlen(buf1)+1)*2);
@@ -1510,7 +1784,7 @@ test_util_gzip(void)
   /* Check whether we can uncompress partial strings. */
   buf1 =
     tor_strdup("String with low redundancy that won't be compressed much.");
-  test_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
+  tt_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,
                                  ZLIB_METHOD));
   tt_assert(len1>16);
   /* when we allow an incomplete string, we should succeed.*/
@@ -1530,28 +1804,29 @@ test_util_gzip(void)
   tor_free(buf1);
   tor_free(buf2);
   tor_free(buf3);
-  state = tor_zlib_new(1, ZLIB_METHOD);
+  state = tor_zlib_new(1, ZLIB_METHOD, HIGH_COMPRESSION);
   tt_assert(state);
   cp1 = buf1 = tor_malloc(1024);
   len1 = 1024;
   ccp2 = "ABCDEFGHIJABCDEFGHIJ";
   len2 = 21;
-  test_assert(tor_zlib_process(state, &cp1, &len1, &ccp2, &len2, 0)
+  tt_assert(tor_zlib_process(state, &cp1, &len1, &ccp2, &len2, 0)
               == TOR_ZLIB_OK);
-  test_eq(0, len2); /* Make sure we compressed it all. */
-  test_assert(cp1 > buf1);
+  tt_int_op(0,OP_EQ, len2); /* Make sure we compressed it all. */
+  tt_assert(cp1 > buf1);
 
   len2 = 0;
   cp2 = cp1;
-  test_assert(tor_zlib_process(state, &cp1, &len1, &ccp2, &len2, 1)
+  tt_assert(tor_zlib_process(state, &cp1, &len1, &ccp2, &len2, 1)
               == TOR_ZLIB_DONE);
-  test_eq(0, len2);
-  test_assert(cp1 > cp2); /* Make sure we really added something. */
+  tt_int_op(0,OP_EQ, len2);
+  tt_assert(cp1 > cp2); /* Make sure we really added something. */
 
   tt_assert(!tor_gzip_uncompress(&buf3, &len2, buf1, 1024-len1,
                                   ZLIB_METHOD, 1, LOG_WARN));
-  test_streq(buf3, "ABCDEFGHIJABCDEFGHIJ"); /*Make sure it compressed right.*/
-  test_eq(21, len2);
+  /* Make sure it compressed right. */
+  tt_str_op(buf3, OP_EQ, "ABCDEFGHIJABCDEFGHIJ");
+  tt_int_op(21,OP_EQ, len2);
 
  done:
   if (state)
@@ -1563,7 +1838,7 @@ test_util_gzip(void)
 
 /** Run unit tests for mmap() wrapper functionality. */
 static void
-test_util_mmap(void)
+test_util_mmap(void *arg)
 {
   char *fname1 = tor_strdup(get_fname("mapped_1"));
   char *fname2 = tor_strdup(get_fname("mapped_2"));
@@ -1572,56 +1847,57 @@ test_util_mmap(void)
   char *buf = tor_malloc(17000);
   tor_mmap_t *mapping = NULL;
 
+  (void)arg;
   crypto_rand(buf, buflen);
 
   mapping = tor_mmap_file(fname1);
-  test_assert(! mapping);
+  tt_assert(! mapping);
 
   write_str_to_file(fname1, "Short file.", 1);
 
   mapping = tor_mmap_file(fname1);
-  test_assert(mapping);
-  test_eq(mapping->size, strlen("Short file."));
-  test_streq(mapping->data, "Short file.");
+  tt_assert(mapping);
+  tt_int_op(mapping->size,OP_EQ, strlen("Short file."));
+  tt_str_op(mapping->data,OP_EQ, "Short file.");
 #ifdef _WIN32
-  tt_int_op(0, ==, tor_munmap_file(mapping));
+  tt_int_op(0, OP_EQ, tor_munmap_file(mapping));
   mapping = NULL;
-  test_assert(unlink(fname1) == 0);
+  tt_assert(unlink(fname1) == 0);
 #else
   /* make sure we can unlink. */
-  test_assert(unlink(fname1) == 0);
-  test_streq(mapping->data, "Short file.");
-  tt_int_op(0, ==, tor_munmap_file(mapping));
+  tt_assert(unlink(fname1) == 0);
+  tt_str_op(mapping->data,OP_EQ, "Short file.");
+  tt_int_op(0, OP_EQ, tor_munmap_file(mapping));
   mapping = NULL;
 #endif
 
   /* Now a zero-length file. */
   write_str_to_file(fname1, "", 1);
   mapping = tor_mmap_file(fname1);
-  test_eq_ptr(mapping, NULL);
-  test_eq(ERANGE, errno);
+  tt_ptr_op(mapping,OP_EQ, NULL);
+  tt_int_op(ERANGE,OP_EQ, errno);
   unlink(fname1);
 
   /* Make sure that we fail to map a no-longer-existent file. */
   mapping = tor_mmap_file(fname1);
-  test_assert(! mapping);
+  tt_assert(! mapping);
 
   /* Now try a big file that stretches across a few pages and isn't aligned */
   write_bytes_to_file(fname2, buf, buflen, 1);
   mapping = tor_mmap_file(fname2);
-  test_assert(mapping);
-  test_eq(mapping->size, buflen);
-  test_memeq(mapping->data, buf, buflen);
-  tt_int_op(0, ==, tor_munmap_file(mapping));
+  tt_assert(mapping);
+  tt_int_op(mapping->size,OP_EQ, buflen);
+  tt_mem_op(mapping->data,OP_EQ, buf, buflen);
+  tt_int_op(0, OP_EQ, tor_munmap_file(mapping));
   mapping = NULL;
 
   /* Now try a big aligned file. */
   write_bytes_to_file(fname3, buf, 16384, 1);
   mapping = tor_mmap_file(fname3);
-  test_assert(mapping);
-  test_eq(mapping->size, 16384);
-  test_memeq(mapping->data, buf, 16384);
-  tt_int_op(0, ==, tor_munmap_file(mapping));
+  tt_assert(mapping);
+  tt_int_op(mapping->size,OP_EQ, 16384);
+  tt_mem_op(mapping->data,OP_EQ, buf, 16384);
+  tt_int_op(0, OP_EQ, tor_munmap_file(mapping));
   mapping = NULL;
 
  done:
@@ -1639,17 +1915,18 @@ test_util_mmap(void)
 
 /** Run unit tests for escaping/unescaping data for use by controllers. */
 static void
-test_util_control_formats(void)
+test_util_control_formats(void *arg)
 {
   char *out = NULL;
   const char *inp =
     "..This is a test\r\n.of the emergency \n..system.\r\n\rZ.\r\n";
   size_t sz;
 
+  (void)arg;
   sz = read_escaped_data(inp, strlen(inp), &out);
-  test_streq(out,
+  tt_str_op(out,OP_EQ,
              ".This is a test\nof the emergency \n.system.\n\rZ.\n");
-  test_eq(sz, strlen(out));
+  tt_int_op(sz,OP_EQ, strlen(out));
 
  done:
   tor_free(out);
@@ -1669,9 +1946,10 @@ test_util_control_formats(void)
   } while (0)
 
 static void
-test_util_sscanf(void)
+test_util_sscanf(void *arg)
 {
   unsigned u1, u2, u3;
+  unsigned long ulng;
   char s1[20], s2[10], s3[10], ch;
   int r;
   long lng1,lng2;
@@ -1679,186 +1957,336 @@ test_util_sscanf(void)
   double d1,d2,d3,d4;
 
   /* Simple tests (malformed patterns, literal matching, ...) */
-  test_eq(-1, tor_sscanf("123", "%i", &r)); /* %i is not supported */
-  test_eq(-1, tor_sscanf("wrong", "%5c", s1)); /* %c cannot have a number. */
-  test_eq(-1, tor_sscanf("hello", "%s", s1)); /* %s needs a number. */
-  test_eq(-1, tor_sscanf("prettylongstring", "%999999s", s1));
+  (void)arg;
+  tt_int_op(-1,OP_EQ, tor_sscanf("123", "%i", &r)); /* %i is not supported */
+  tt_int_op(-1,OP_EQ,
+            tor_sscanf("wrong", "%5c", s1)); /* %c cannot have a number. */
+  tt_int_op(-1,OP_EQ, tor_sscanf("hello", "%s", s1)); /* %s needs a number. */
+  tt_int_op(-1,OP_EQ, tor_sscanf("prettylongstring", "%999999s", s1));
 #if 0
   /* GCC thinks these two are illegal. */
   test_eq(-1, tor_sscanf("prettylongstring", "%0s", s1));
   test_eq(0, tor_sscanf("prettylongstring", "%10s", NULL));
 #endif
   /* No '%'-strings: always "success" */
-  test_eq(0, tor_sscanf("hello world", "hello world"));
-  test_eq(0, tor_sscanf("hello world", "good bye"));
+  tt_int_op(0,OP_EQ, tor_sscanf("hello world", "hello world"));
+  tt_int_op(0,OP_EQ, tor_sscanf("hello world", "good bye"));
   /* Excess data */
-  test_eq(0, tor_sscanf("hello 3", "%u", &u1));  /* have to match the start */
-  test_eq(0, tor_sscanf(" 3 hello", "%u", &u1));
-  test_eq(0, tor_sscanf(" 3 hello", "%2u", &u1)); /* not even in this case */
-  test_eq(1, tor_sscanf("3 hello", "%u", &u1));  /* but trailing is alright */
+  tt_int_op(0,OP_EQ,
+            tor_sscanf("hello 3", "%u", &u1));  /* have to match the start */
+  tt_int_op(0,OP_EQ, tor_sscanf(" 3 hello", "%u", &u1));
+  tt_int_op(0,OP_EQ,
+            tor_sscanf(" 3 hello", "%2u", &u1)); /* not even in this case */
+  tt_int_op(1,OP_EQ,
+            tor_sscanf("3 hello", "%u", &u1));  /* but trailing is alright */
 
   /* Numbers (ie. %u) */
-  test_eq(0, tor_sscanf("hello world 3", "hello worlb %u", &u1)); /* d vs b */
-  test_eq(1, tor_sscanf("12345", "%u", &u1));
-  test_eq(12345u, u1);
-  test_eq(1, tor_sscanf("12346 ", "%u", &u1));
-  test_eq(12346u, u1);
-  test_eq(0, tor_sscanf(" 12347", "%u", &u1));
-  test_eq(1, tor_sscanf(" 12348", " %u", &u1));
-  test_eq(12348u, u1);
-  test_eq(1, tor_sscanf("0", "%u", &u1));
-  test_eq(0u, u1);
-  test_eq(1, tor_sscanf("0000", "%u", &u2));
-  test_eq(0u, u2);
-  test_eq(0, tor_sscanf("", "%u", &u1)); /* absent number */
-  test_eq(0, tor_sscanf("A", "%u", &u1)); /* bogus number */
-  test_eq(0, tor_sscanf("-1", "%u", &u1)); /* negative number */
-  test_eq(1, tor_sscanf("4294967295", "%u", &u1)); /* UINT32_MAX should work */
-  test_eq(4294967295u, u1);
-  test_eq(0, tor_sscanf("4294967296", "%u", &u1)); /* But not at 32 bits */
-  test_eq(1, tor_sscanf("4294967296", "%9u", &u1)); /* but parsing only 9... */
-  test_eq(429496729u, u1);
+  tt_int_op(0,OP_EQ,
+            tor_sscanf("hello world 3", "hello worlb %u", &u1)); /* d vs b */
+  tt_int_op(1,OP_EQ, tor_sscanf("12345", "%u", &u1));
+  tt_int_op(12345u,OP_EQ, u1);
+  tt_int_op(1,OP_EQ, tor_sscanf("12346 ", "%u", &u1));
+  tt_int_op(12346u,OP_EQ, u1);
+  tt_int_op(0,OP_EQ, tor_sscanf(" 12347", "%u", &u1));
+  tt_int_op(1,OP_EQ, tor_sscanf(" 12348", " %u", &u1));
+  tt_int_op(12348u,OP_EQ, u1);
+  tt_int_op(1,OP_EQ, tor_sscanf("0", "%u", &u1));
+  tt_int_op(0u,OP_EQ, u1);
+  tt_int_op(1,OP_EQ, tor_sscanf("0000", "%u", &u2));
+  tt_int_op(0u,OP_EQ, u2);
+  tt_int_op(0,OP_EQ, tor_sscanf("", "%u", &u1)); /* absent number */
+  tt_int_op(0,OP_EQ, tor_sscanf("A", "%u", &u1)); /* bogus number */
+  tt_int_op(0,OP_EQ, tor_sscanf("-1", "%u", &u1)); /* negative number */
 
   /* Numbers with size (eg. %2u) */
-  test_eq(0, tor_sscanf("-1", "%2u", &u1));
-  test_eq(2, tor_sscanf("123456", "%2u%u", &u1, &u2));
-  test_eq(12u, u1);
-  test_eq(3456u, u2);
-  test_eq(1, tor_sscanf("123456", "%8u", &u1));
-  test_eq(123456u, u1);
-  test_eq(1, tor_sscanf("123457  ", "%8u", &u1));
-  test_eq(123457u, u1);
-  test_eq(0, tor_sscanf("  123456", "%8u", &u1));
-  test_eq(3, tor_sscanf("!12:3:456", "!%2u:%2u:%3u", &u1, &u2, &u3));
-  test_eq(12u, u1);
-  test_eq(3u, u2);
-  test_eq(456u, u3);
-  test_eq(3, tor_sscanf("67:8:099", "%2u:%2u:%3u", &u1, &u2, &u3)); /* 0s */
-  test_eq(67u, u1);
-  test_eq(8u, u2);
-  test_eq(99u, u3);
+  tt_int_op(0,OP_EQ, tor_sscanf("-1", "%2u", &u1));
+  tt_int_op(2,OP_EQ, tor_sscanf("123456", "%2u%u", &u1, &u2));
+  tt_int_op(12u,OP_EQ, u1);
+  tt_int_op(3456u,OP_EQ, u2);
+  tt_int_op(1,OP_EQ, tor_sscanf("123456", "%8u", &u1));
+  tt_int_op(123456u,OP_EQ, u1);
+  tt_int_op(1,OP_EQ, tor_sscanf("123457  ", "%8u", &u1));
+  tt_int_op(123457u,OP_EQ, u1);
+  tt_int_op(0,OP_EQ, tor_sscanf("  123456", "%8u", &u1));
+  tt_int_op(3,OP_EQ, tor_sscanf("!12:3:456", "!%2u:%2u:%3u", &u1, &u2, &u3));
+  tt_int_op(12u,OP_EQ, u1);
+  tt_int_op(3u,OP_EQ, u2);
+  tt_int_op(456u,OP_EQ, u3);
+  tt_int_op(3,OP_EQ,
+            tor_sscanf("67:8:099", "%2u:%2u:%3u", &u1, &u2, &u3)); /* 0s */
+  tt_int_op(67u,OP_EQ, u1);
+  tt_int_op(8u,OP_EQ, u2);
+  tt_int_op(99u,OP_EQ, u3);
   /* %u does not match space.*/
-  test_eq(2, tor_sscanf("12:3: 45", "%2u:%2u:%3u", &u1, &u2, &u3));
-  test_eq(12u, u1);
-  test_eq(3u, u2);
+  tt_int_op(2,OP_EQ, tor_sscanf("12:3: 45", "%2u:%2u:%3u", &u1, &u2, &u3));
+  tt_int_op(12u,OP_EQ, u1);
+  tt_int_op(3u,OP_EQ, u2);
   /* %u does not match negative numbers. */
-  test_eq(2, tor_sscanf("67:8:-9", "%2u:%2u:%3u", &u1, &u2, &u3));
-  test_eq(67u, u1);
-  test_eq(8u, u2);
+  tt_int_op(2,OP_EQ, tor_sscanf("67:8:-9", "%2u:%2u:%3u", &u1, &u2, &u3));
+  tt_int_op(67u,OP_EQ, u1);
+  tt_int_op(8u,OP_EQ, u2);
   /* Arbitrary amounts of 0-padding are okay */
-  test_eq(3, tor_sscanf("12:03:000000000000000099", "%2u:%2u:%u",
+  tt_int_op(3,OP_EQ, tor_sscanf("12:03:000000000000000099", "%2u:%2u:%u",
                         &u1, &u2, &u3));
-  test_eq(12u, u1);
-  test_eq(3u, u2);
-  test_eq(99u, u3);
+  tt_int_op(12u,OP_EQ, u1);
+  tt_int_op(3u,OP_EQ, u2);
+  tt_int_op(99u,OP_EQ, u3);
 
   /* Hex (ie. %x) */
-  test_eq(3, tor_sscanf("1234 02aBcdEf ff", "%x %x %x", &u1, &u2, &u3));
-  test_eq(0x1234, u1);
-  test_eq(0x2ABCDEF, u2);
-  test_eq(0xFF, u3);
+  tt_int_op(3,OP_EQ,
+            tor_sscanf("1234 02aBcdEf ff", "%x %x %x", &u1, &u2, &u3));
+  tt_int_op(0x1234,OP_EQ, u1);
+  tt_int_op(0x2ABCDEF,OP_EQ, u2);
+  tt_int_op(0xFF,OP_EQ, u3);
   /* Width works on %x */
-  test_eq(3, tor_sscanf("f00dcafe444", "%4x%4x%u", &u1, &u2, &u3));
-  test_eq(0xf00d, u1);
-  test_eq(0xcafe, u2);
-  test_eq(444, u3);
+  tt_int_op(3,OP_EQ, tor_sscanf("f00dcafe444", "%4x%4x%u", &u1, &u2, &u3));
+  tt_int_op(0xf00d,OP_EQ, u1);
+  tt_int_op(0xcafe,OP_EQ, u2);
+  tt_int_op(444,OP_EQ, u3);
 
   /* Literal '%' (ie. '%%') */
-  test_eq(1, tor_sscanf("99% fresh", "%3u%% fresh", &u1));
-  test_eq(99, u1);
-  test_eq(0, tor_sscanf("99 fresh", "%% %3u %s", &u1, s1));
-  test_eq(1, tor_sscanf("99 fresh", "%3u%% %s", &u1, s1));
-  test_eq(2, tor_sscanf("99 fresh", "%3u %5s %%", &u1, s1));
-  test_eq(99, u1);
-  test_streq(s1, "fresh");
-  test_eq(1, tor_sscanf("% boo", "%% %3s", s1));
-  test_streq("boo", s1);
+  tt_int_op(1,OP_EQ, tor_sscanf("99% fresh", "%3u%% fresh", &u1));
+  tt_int_op(99,OP_EQ, u1);
+  tt_int_op(0,OP_EQ, tor_sscanf("99 fresh", "%% %3u %s", &u1, s1));
+  tt_int_op(1,OP_EQ, tor_sscanf("99 fresh", "%3u%% %s", &u1, s1));
+  tt_int_op(2,OP_EQ, tor_sscanf("99 fresh", "%3u %5s %%", &u1, s1));
+  tt_int_op(99,OP_EQ, u1);
+  tt_str_op(s1,OP_EQ, "fresh");
+  tt_int_op(1,OP_EQ, tor_sscanf("% boo", "%% %3s", s1));
+  tt_str_op("boo",OP_EQ, s1);
 
   /* Strings (ie. %s) */
-  test_eq(2, tor_sscanf("hello", "%3s%7s", s1, s2));
-  test_streq(s1, "hel");
-  test_streq(s2, "lo");
-  test_eq(2, tor_sscanf("WD40", "%2s%u", s3, &u1)); /* %s%u */
-  test_streq(s3, "WD");
-  test_eq(40, u1);
-  test_eq(2, tor_sscanf("WD40", "%3s%u", s3, &u1)); /* %s%u */
-  test_streq(s3, "WD4");
-  test_eq(0, u1);
-  test_eq(2, tor_sscanf("76trombones", "%6u%9s", &u1, s1)); /* %u%s */
-  test_eq(76, u1);
-  test_streq(s1, "trombones");
-  test_eq(1, tor_sscanf("prettylongstring", "%999s", s1));
-  test_streq(s1, "prettylongstring");
+  tt_int_op(2,OP_EQ, tor_sscanf("hello", "%3s%7s", s1, s2));
+  tt_str_op(s1,OP_EQ, "hel");
+  tt_str_op(s2,OP_EQ, "lo");
+  tt_int_op(2,OP_EQ, tor_sscanf("WD40", "%2s%u", s3, &u1)); /* %s%u */
+  tt_str_op(s3,OP_EQ, "WD");
+  tt_int_op(40,OP_EQ, u1);
+  tt_int_op(2,OP_EQ, tor_sscanf("WD40", "%3s%u", s3, &u1)); /* %s%u */
+  tt_str_op(s3,OP_EQ, "WD4");
+  tt_int_op(0,OP_EQ, u1);
+  tt_int_op(2,OP_EQ, tor_sscanf("76trombones", "%6u%9s", &u1, s1)); /* %u%s */
+  tt_int_op(76,OP_EQ, u1);
+  tt_str_op(s1,OP_EQ, "trombones");
+  tt_int_op(1,OP_EQ, tor_sscanf("prettylongstring", "%999s", s1));
+  tt_str_op(s1,OP_EQ, "prettylongstring");
   /* %s doesn't eat spaces */
-  test_eq(2, tor_sscanf("hello world", "%9s %9s", s1, s2));
-  test_streq(s1, "hello");
-  test_streq(s2, "world");
-  test_eq(2, tor_sscanf("bye   world?", "%9s %9s", s1, s2));
-  test_streq(s1, "bye");
-  test_streq(s2, "");
-  test_eq(3, tor_sscanf("hi", "%9s%9s%3s", s1, s2, s3)); /* %s can be empty. */
-  test_streq(s1, "hi");
-  test_streq(s2, "");
-  test_streq(s3, "");
-
-  test_eq(3, tor_sscanf("1.2.3", "%u.%u.%u%c", &u1, &u2, &u3, &ch));
-  test_eq(4, tor_sscanf("1.2.3 foobar", "%u.%u.%u%c", &u1, &u2, &u3, &ch));
-  test_eq(' ', ch);
+  tt_int_op(2,OP_EQ, tor_sscanf("hello world", "%9s %9s", s1, s2));
+  tt_str_op(s1,OP_EQ, "hello");
+  tt_str_op(s2,OP_EQ, "world");
+  tt_int_op(2,OP_EQ, tor_sscanf("bye   world?", "%9s %9s", s1, s2));
+  tt_str_op(s1,OP_EQ, "bye");
+  tt_str_op(s2,OP_EQ, "");
+  tt_int_op(3,OP_EQ,
+            tor_sscanf("hi", "%9s%9s%3s", s1, s2, s3)); /* %s can be empty. */
+  tt_str_op(s1,OP_EQ, "hi");
+  tt_str_op(s2,OP_EQ, "");
+  tt_str_op(s3,OP_EQ, "");
+
+  tt_int_op(3,OP_EQ, tor_sscanf("1.2.3", "%u.%u.%u%c", &u1, &u2, &u3, &ch));
+  tt_int_op(4,OP_EQ,
+            tor_sscanf("1.2.3 foobar", "%u.%u.%u%c", &u1, &u2, &u3, &ch));
+  tt_int_op(' ',OP_EQ, ch);
 
   r = tor_sscanf("12345 -67890 -1", "%d %ld %d", &int1, &lng1, &int2);
-  test_eq(r,3);
-  test_eq(int1, 12345);
-  test_eq(lng1, -67890);
-  test_eq(int2, -1);
+  tt_int_op(r,OP_EQ, 3);
+  tt_int_op(int1,OP_EQ, 12345);
+  tt_int_op(lng1,OP_EQ, -67890);
+  tt_int_op(int2,OP_EQ, -1);
 
 #if SIZEOF_INT == 4
+  /* %u */
+  /* UINT32_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("4294967295", "%u", &u1));
+  tt_int_op(4294967295U,OP_EQ, u1);
+
+  /* But UINT32_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("4294967296", "%u", &u1));
+  /* but parsing only 9... */
+  tt_int_op(1,OP_EQ, tor_sscanf("4294967296", "%9u", &u1));
+  tt_int_op(429496729U,OP_EQ, u1);
+
+  /* %x */
+  /* UINT32_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("FFFFFFFF", "%x", &u1));
+  tt_int_op(0xFFFFFFFF,OP_EQ, u1);
+
+  /* But UINT32_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("100000000", "%x", &u1));
+
+  /* %d */
+  /* INT32_MIN and INT32_MAX should work */
   r = tor_sscanf("-2147483648. 2147483647.", "%d. %d.", &int1, &int2);
-  test_eq(r,2);
-  test_eq(int1, -2147483647-1);
-  test_eq(int2, 2147483647);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(int1,OP_EQ, -2147483647 - 1);
+  tt_int_op(int2,OP_EQ, 2147483647);
+
+  /* But INT32_MIN - 1 and INT32_MAX + 1 shouldn't work */
+  r = tor_sscanf("-2147483649.", "%d.", &int1);
+  tt_int_op(r,OP_EQ, 0);
 
-  r = tor_sscanf("-2147483679.", "%d.", &int1);
-  test_eq(r,0);
+  r = tor_sscanf("2147483648.", "%d.", &int1);
+  tt_int_op(r,OP_EQ, 0);
+
+  /* and the first failure stops further processing */
+  r = tor_sscanf("-2147483648. 2147483648.",
+                 "%d. %d.", &int1, &int2);
+  tt_int_op(r,OP_EQ, 1);
+
+  r = tor_sscanf("-2147483649. 2147483647.",
+                 "%d. %d.", &int1, &int2);
+  tt_int_op(r,OP_EQ, 0);
 
-  r = tor_sscanf("2147483678.", "%d.", &int1);
-  test_eq(r,0);
+  r = tor_sscanf("2147483648. -2147483649.",
+                 "%d. %d.", &int1, &int2);
+  tt_int_op(r,OP_EQ, 0);
 #elif SIZEOF_INT == 8
+  /* %u */
+  /* UINT64_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("18446744073709551615", "%u", &u1));
+  tt_int_op(18446744073709551615U,OP_EQ, u1);
+
+  /* But UINT64_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("18446744073709551616", "%u", &u1));
+  /* but parsing only 19... */
+  tt_int_op(1,OP_EQ, tor_sscanf("18446744073709551616", "%19u", &u1));
+  tt_int_op(1844674407370955161U,OP_EQ, u1);
+
+  /* %x */
+  /* UINT64_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("FFFFFFFFFFFFFFFF", "%x", &u1));
+  tt_int_op(0xFFFFFFFFFFFFFFFF,OP_EQ, u1);
+
+  /* But UINT64_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("10000000000000000", "%x", &u1));
+
+  /* %d */
+  /* INT64_MIN and INT64_MAX should work */
   r = tor_sscanf("-9223372036854775808. 9223372036854775807.",
                  "%d. %d.", &int1, &int2);
-  test_eq(r,2);
-  test_eq(int1, -9223372036854775807-1);
-  test_eq(int2, 9223372036854775807);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(int1,OP_EQ, -9223372036854775807 - 1);
+  tt_int_op(int2,OP_EQ, 9223372036854775807);
 
+  /* But INT64_MIN - 1 and INT64_MAX + 1 shouldn't work */
   r = tor_sscanf("-9223372036854775809.", "%d.", &int1);
-  test_eq(r,0);
+  tt_int_op(r,OP_EQ, 0);
 
   r = tor_sscanf("9223372036854775808.", "%d.", &int1);
-  test_eq(r,0);
+  tt_int_op(r,OP_EQ, 0);
+
+  /* and the first failure stops further processing */
+  r = tor_sscanf("-9223372036854775808. 9223372036854775808.",
+                 "%d. %d.", &int1, &int2);
+  tt_int_op(r,OP_EQ, 1);
+
+  r = tor_sscanf("-9223372036854775809. 9223372036854775807.",
+                 "%d. %d.", &int1, &int2);
+  tt_int_op(r,OP_EQ, 0);
+
+  r = tor_sscanf("9223372036854775808. -9223372036854775809.",
+                 "%d. %d.", &int1, &int2);
+  tt_int_op(r,OP_EQ, 0);
 #endif
 
 #if SIZEOF_LONG == 4
+  /* %lu */
+  /* UINT32_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("4294967295", "%lu", &ulng));
+  tt_int_op(4294967295UL,OP_EQ, ulng);
+
+  /* But UINT32_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("4294967296", "%lu", &ulng));
+  /* but parsing only 9... */
+  tt_int_op(1,OP_EQ, tor_sscanf("4294967296", "%9lu", &ulng));
+  tt_int_op(429496729UL,OP_EQ, ulng);
+
+  /* %lx */
+  /* UINT32_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("FFFFFFFF", "%lx", &ulng));
+  tt_int_op(0xFFFFFFFFUL,OP_EQ, ulng);
+
+  /* But UINT32_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("100000000", "%lx", &ulng));
+
+  /* %ld */
+  /* INT32_MIN and INT32_MAX should work */
   r = tor_sscanf("-2147483648. 2147483647.", "%ld. %ld.", &lng1, &lng2);
-  test_eq(r,2);
-  test_eq(lng1, -2147483647 - 1);
-  test_eq(lng2, 2147483647);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(lng1,OP_EQ, -2147483647L - 1L);
+  tt_int_op(lng2,OP_EQ, 2147483647L);
+
+  /* But INT32_MIN - 1 and INT32_MAX + 1 shouldn't work */
+  r = tor_sscanf("-2147483649.", "%ld.", &lng1);
+  tt_int_op(r,OP_EQ, 0);
+
+  r = tor_sscanf("2147483648.", "%ld.", &lng1);
+  tt_int_op(r,OP_EQ, 0);
+
+  /* and the first failure stops further processing */
+  r = tor_sscanf("-2147483648. 2147483648.",
+                 "%ld. %ld.", &lng1, &lng2);
+  tt_int_op(r,OP_EQ, 1);
+
+  r = tor_sscanf("-2147483649. 2147483647.",
+                 "%ld. %ld.", &lng1, &lng2);
+  tt_int_op(r,OP_EQ, 0);
+
+  r = tor_sscanf("2147483648. -2147483649.",
+                 "%ld. %ld.", &lng1, &lng2);
+  tt_int_op(r,OP_EQ, 0);
 #elif SIZEOF_LONG == 8
+  /* %lu */
+  /* UINT64_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("18446744073709551615", "%lu", &ulng));
+  tt_int_op(18446744073709551615UL,OP_EQ, ulng);
+
+  /* But UINT64_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("18446744073709551616", "%lu", &ulng));
+  /* but parsing only 19... */
+  tt_int_op(1,OP_EQ, tor_sscanf("18446744073709551616", "%19lu", &ulng));
+  tt_int_op(1844674407370955161UL,OP_EQ, ulng);
+
+  /* %lx */
+  /* UINT64_MAX should work */
+  tt_int_op(1,OP_EQ, tor_sscanf("FFFFFFFFFFFFFFFF", "%lx", &ulng));
+  tt_int_op(0xFFFFFFFFFFFFFFFFUL,OP_EQ, ulng);
+
+  /* But UINT64_MAX + 1 shouldn't work */
+  tt_int_op(0,OP_EQ, tor_sscanf("10000000000000000", "%lx", &ulng));
+
+  /* %ld */
+  /* INT64_MIN and INT64_MAX should work */
   r = tor_sscanf("-9223372036854775808. 9223372036854775807.",
                  "%ld. %ld.", &lng1, &lng2);
-  test_eq(r,2);
-  test_eq(lng1, -9223372036854775807L - 1);
-  test_eq(lng2, 9223372036854775807L);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(lng1,OP_EQ, -9223372036854775807L - 1L);
+  tt_int_op(lng2,OP_EQ, 9223372036854775807L);
 
+  /* But INT64_MIN - 1 and INT64_MAX + 1 shouldn't work */
+  r = tor_sscanf("-9223372036854775809.", "%ld.", &lng1);
+  tt_int_op(r,OP_EQ, 0);
+
+  r = tor_sscanf("9223372036854775808.", "%ld.", &lng1);
+  tt_int_op(r,OP_EQ, 0);
+
+  /* and the first failure stops further processing */
   r = tor_sscanf("-9223372036854775808. 9223372036854775808.",
                  "%ld. %ld.", &lng1, &lng2);
-  test_eq(r,1);
-  r = tor_sscanf("-9223372036854775809. 9223372036854775808.",
+  tt_int_op(r,OP_EQ, 1);
+
+  r = tor_sscanf("-9223372036854775809. 9223372036854775807.",
+                 "%ld. %ld.", &lng1, &lng2);
+  tt_int_op(r,OP_EQ, 0);
+
+  r = tor_sscanf("9223372036854775808. -9223372036854775809.",
                  "%ld. %ld.", &lng1, &lng2);
-  test_eq(r,0);
+  tt_int_op(r,OP_EQ, 0);
 #endif
 
   r = tor_sscanf("123.456 .000007 -900123123.2000787 00003.2",
                  "%lf %lf %lf %lf", &d1,&d2,&d3,&d4);
-  test_eq(r,4);
+  tt_int_op(r,OP_EQ, 4);
   test_feq(d1, 123.456);
   test_feq(d2, .000007);
   test_feq(d3, -900123123.2000787);
@@ -1868,137 +2296,509 @@ test_util_sscanf(void)
   ;
 }
 
+#define tt_char_op(a,op,b) tt_assert_op_type(a,op,b,char,"%c")
+#define tt_ci_char_op(a,op,b) \
+  tt_char_op(TOR_TOLOWER((int)a),op,TOR_TOLOWER((int)b))
+
+#ifndef HAVE_STRNLEN
+static size_t
+strnlen(const char *s, size_t len)
+{
+  const char *p = memchr(s, 0, len);
+  if (!p)
+    return len;
+  return p - s;
+}
+#endif
+
 static void
-test_util_path_is_relative(void)
+test_util_format_time_interval(void *arg)
 {
-  /* OS-independent tests */
-  test_eq(1, path_is_relative(""));
-  test_eq(1, path_is_relative("dir"));
-  test_eq(1, path_is_relative("dir/"));
-  test_eq(1, path_is_relative("./dir"));
-  test_eq(1, path_is_relative("../dir"));
+  /* use the same sized buffer and integers as tor uses */
+#define DBUF_SIZE 64
+  char dbuf[DBUF_SIZE];
+#define T_        "%ld"
+  long sec, min, hour, day;
+
+  /* we don't care about the exact spelling of the
+   * second(s), minute(s), hour(s), day(s) labels */
+#define LABEL_SIZE 21
+#define L_        "%20s"
+  char label_s[LABEL_SIZE];
+  char label_m[LABEL_SIZE];
+  char label_h[LABEL_SIZE];
+  char label_d[LABEL_SIZE];
+
+#define TL_       T_ " " L_
 
-  test_eq(0, path_is_relative("/"));
-  test_eq(0, path_is_relative("/dir"));
-  test_eq(0, path_is_relative("/dir/"));
+  int r;
+
+  (void)arg;
+
+  /* In these tests, we're not picky about
+   * spelling or abbreviations */
+
+  /* seconds: 0, 1, 9, 10, 59 */
+
+  /* ignore exact spelling of "second(s)"*/
+  format_time_interval(dbuf, sizeof(dbuf), 0);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &sec, label_s);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(sec,OP_EQ, 0);
+
+  format_time_interval(dbuf, sizeof(dbuf), 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &sec, label_s);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(sec,OP_EQ, 1);
+
+  format_time_interval(dbuf, sizeof(dbuf), 10);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &sec, label_s);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(sec,OP_EQ, 10);
+
+  format_time_interval(dbuf, sizeof(dbuf), 59);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &sec, label_s);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(sec,OP_EQ, 59);
+
+  /* negative seconds are reported as their absolute value */
+
+  format_time_interval(dbuf, sizeof(dbuf), -4);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &sec, label_s);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(sec,OP_EQ, 4);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+
+  format_time_interval(dbuf, sizeof(dbuf), -32);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &sec, label_s);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(sec,OP_EQ, 32);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+
+  /* minutes: 1:00, 1:01, 1:59, 2:00, 2:01, 59:59 */
+
+  /* ignore trailing "0 second(s)", if present */
+  format_time_interval(dbuf, sizeof(dbuf), 60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &min, label_m);
+  tt_int_op(r,OP_EQ, 2);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(min,OP_EQ, 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+
+  /* ignore exact spelling of "minute(s)," and "second(s)" */
+  format_time_interval(dbuf, sizeof(dbuf), 60 + 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &min, label_m, &sec, label_s);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(min,OP_EQ, 1);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(sec,OP_EQ, 1);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+
+  format_time_interval(dbuf, sizeof(dbuf), 60*2 - 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &min, label_m, &sec, label_s);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(min,OP_EQ, 1);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(sec,OP_EQ, 59);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+
+  /* ignore trailing "0 second(s)", if present */
+  format_time_interval(dbuf, sizeof(dbuf), 60*2);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &min, label_m);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(min,OP_EQ, 2);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* ignore exact spelling of "minute(s)," and "second(s)" */
+  format_time_interval(dbuf, sizeof(dbuf), 60*2 + 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &min, label_m, &sec, label_s);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(min,OP_EQ, 2);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(sec,OP_EQ, 1);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+
+  format_time_interval(dbuf, sizeof(dbuf), 60*60 - 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &min, label_m, &sec, label_s);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(min,OP_EQ, 59);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(sec,OP_EQ, 59);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+
+  /* negative minutes are reported as their absolute value */
+
+  /* ignore trailing "0 second(s)", if present */
+  format_time_interval(dbuf, sizeof(dbuf), -3*60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &min, label_m);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(min,OP_EQ, 3);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* ignore exact spelling of "minute(s)," and "second(s)" */
+  format_time_interval(dbuf, sizeof(dbuf), -96);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &min, label_m, &sec, label_s);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(min,OP_EQ, 1);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(sec,OP_EQ, 36);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+
+  format_time_interval(dbuf, sizeof(dbuf), -2815);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &min, label_m, &sec, label_s);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(min,OP_EQ, 46);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  tt_int_op(sec,OP_EQ, 55);
+  tt_ci_char_op(label_s[0],OP_EQ, 's');
+
+  /* hours: 1:00, 1:00:01, 1:01, 23:59, 23:59:59 */
+  /* always ignore trailing seconds, if present */
+
+  /* ignore trailing "0 minute(s)" etc., if present */
+  format_time_interval(dbuf, sizeof(dbuf), 60*60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &hour, label_h);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(hour,OP_EQ, 1);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+
+  format_time_interval(dbuf, sizeof(dbuf), 60*60 + 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &hour, label_h);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(hour,OP_EQ, 1);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+
+  /* ignore exact spelling of "hour(s)," etc. */
+  format_time_interval(dbuf, sizeof(dbuf), 60*60 + 60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(hour,OP_EQ, 1);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 1);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  format_time_interval(dbuf, sizeof(dbuf), 24*60*60 - 60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(hour,OP_EQ, 23);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 59);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  format_time_interval(dbuf, sizeof(dbuf), 24*60*60 - 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(hour,OP_EQ, 23);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 59);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* negative hours are reported as their absolute value */
+
+  /* ignore exact spelling of "hour(s)," etc., if present */
+  format_time_interval(dbuf, sizeof(dbuf), -2*60*60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &hour, label_h);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(hour,OP_EQ, 2);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+
+  format_time_interval(dbuf, sizeof(dbuf), -75804);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(hour,OP_EQ, 21);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 3);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* days: 1:00, 1:00:00:01, 1:00:01, 1:01 */
+  /* always ignore trailing seconds, if present */
+
+  /* ignore trailing "0 hours(s)" etc., if present */
+  format_time_interval(dbuf, sizeof(dbuf), 24*60*60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &day, label_d);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(day,OP_EQ, 1);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+
+  format_time_interval(dbuf, sizeof(dbuf), 24*60*60 + 1);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_, &day, label_d);
+  tt_int_op(r,OP_EQ, 2);
+  tt_int_op(day,OP_EQ, 1);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+
+  /* ignore exact spelling of "days(s)," etc. */
+  format_time_interval(dbuf, sizeof(dbuf), 24*60*60 + 60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  if (r == -1) {
+    /* ignore 0 hours(s), if present */
+    r = tor_sscanf(dbuf, TL_ " " TL_,
+                   &day, label_d, &min, label_m);
+  }
+  tt_assert(r == 4 || r == 6);
+  tt_int_op(day,OP_EQ, 1);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  if (r == 6) {
+    tt_int_op(hour,OP_EQ, 0);
+    tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  }
+  tt_int_op(min,OP_EQ, 1);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* ignore trailing "0 minutes(s)" etc., if present */
+  format_time_interval(dbuf, sizeof(dbuf), 24*60*60 + 60*60);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_,
+                 &day, label_d, &hour, label_h);
+  tt_int_op(r,OP_EQ, 4);
+  tt_int_op(day,OP_EQ, 1);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 1);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+
+  /* negative days are reported as their absolute value */
+
+  format_time_interval(dbuf, sizeof(dbuf), -21936184);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 253);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 21);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 23);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* periods > 1 year are reported in days (warn?) */
+
+  /* ignore exact spelling of "days(s)," etc., if present */
+  format_time_interval(dbuf, sizeof(dbuf), 758635154);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 8780);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 11);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 59);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+  /* negative periods > 1 year are reported in days (warn?) */
+
+  format_time_interval(dbuf, sizeof(dbuf), -1427014922);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 16516);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 9);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 2);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+
+#if SIZEOF_LONG == 4 || SIZEOF_LONG == 8
+
+  /* We can try INT32_MIN/MAX */
+  /* Always ignore second(s) */
+
+  /* INT32_MAX */
+  format_time_interval(dbuf, sizeof(dbuf), 2147483647);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 24855);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 3);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 14);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  /* and 7 seconds - ignored */
+
+  /* INT32_MIN: check that we get the absolute value of interval,
+   * which doesn't actually fit in int32_t.
+   * We expect INT32_MAX or INT32_MAX + 1 with 64 bit longs */
+  format_time_interval(dbuf, sizeof(dbuf), -2147483647L - 1L);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 24855);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 3);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 14);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  /* and 7 or 8 seconds - ignored */
+
+#endif
+
+#if SIZEOF_LONG == 8
+
+  /* We can try INT64_MIN/MAX */
+  /* Always ignore second(s) */
+
+  /* INT64_MAX */
+  format_time_interval(dbuf, sizeof(dbuf), 9223372036854775807L);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 106751991167300L);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 15);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 30);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  /* and 7 seconds - ignored */
+
+  /* INT64_MIN: check that we get the absolute value of interval,
+   * which doesn't actually fit in int64_t.
+   * We expect INT64_MAX */
+  format_time_interval(dbuf, sizeof(dbuf),
+                       -9223372036854775807L - 1L);
+  tt_int_op(strnlen(dbuf, DBUF_SIZE),OP_LE, DBUF_SIZE - 1);
+  r = tor_sscanf(dbuf, TL_ " " TL_ " " TL_,
+                 &day, label_d, &hour, label_h, &min, label_m);
+  tt_int_op(r,OP_EQ, 6);
+  tt_int_op(day,OP_EQ, 106751991167300L);
+  tt_ci_char_op(label_d[0],OP_EQ, 'd');
+  tt_int_op(hour,OP_EQ, 15);
+  tt_ci_char_op(label_h[0],OP_EQ, 'h');
+  tt_int_op(min,OP_EQ, 30);
+  tt_ci_char_op(label_m[0],OP_EQ, 'm');
+  /* and 7 or 8 seconds - ignored */
 
-  /* Windows */
-#ifdef _WIN32
-  /* I don't have Windows so I can't test this, hence the "#ifdef
-     0". These are tests that look useful, so please try to get them
-     running and uncomment if it all works as it should */
-  test_eq(1, path_is_relative("dir"));
-  test_eq(1, path_is_relative("dir\\"));
-  test_eq(1, path_is_relative("dir\\a:"));
-  test_eq(1, path_is_relative("dir\\a:\\"));
-  test_eq(1, path_is_relative("http:\\dir"));
-
-  test_eq(0, path_is_relative("\\dir"));
-  test_eq(0, path_is_relative("a:\\dir"));
-  test_eq(0, path_is_relative("z:\\dir"));
 #endif
 
  done:
   ;
 }
 
-#ifdef ENABLE_MEMPOOLS
+#undef tt_char_op
+#undef tt_ci_char_op
+#undef DBUF_SIZE
+#undef T_
+#undef LABEL_SIZE
+#undef L_
+#undef TL_
 
-/** Run unittests for memory pool allocator */
 static void
-test_util_mempool(void)
+test_util_path_is_relative(void *arg)
 {
-  mp_pool_t *pool = NULL;
-  smartlist_t *allocated = NULL;
-  int i;
+  /* OS-independent tests */
+  (void)arg;
+  tt_int_op(1,OP_EQ, path_is_relative(""));
+  tt_int_op(1,OP_EQ, path_is_relative("dir"));
+  tt_int_op(1,OP_EQ, path_is_relative("dir/"));
+  tt_int_op(1,OP_EQ, path_is_relative("./dir"));
+  tt_int_op(1,OP_EQ, path_is_relative("../dir"));
 
-  pool = mp_pool_new(1, 100);
-  test_assert(pool);
-  test_assert(pool->new_chunk_capacity >= 100);
-  test_assert(pool->item_alloc_size >= sizeof(void*)+1);
-  mp_pool_destroy(pool);
-  pool = NULL;
-
-  pool = mp_pool_new(241, 2500);
-  test_assert(pool);
-  test_assert(pool->new_chunk_capacity >= 10);
-  test_assert(pool->item_alloc_size >= sizeof(void*)+241);
-  test_eq(pool->item_alloc_size & 0x03, 0);
-  test_assert(pool->new_chunk_capacity < 60);
-
-  allocated = smartlist_new();
-  for (i = 0; i < 20000; ++i) {
-    if (smartlist_len(allocated) < 20 || crypto_rand_int(2)) {
-      void *m = mp_pool_get(pool);
-      memset(m, 0x09, 241);
-      smartlist_add(allocated, m);
-      //printf("%d: %p\n", i, m);
-      //mp_pool_assert_ok(pool);
-    } else {
-      int idx = crypto_rand_int(smartlist_len(allocated));
-      void *m = smartlist_get(allocated, idx);
-      //printf("%d: free %p\n", i, m);
-      smartlist_del(allocated, idx);
-      mp_pool_release(m);
-      //mp_pool_assert_ok(pool);
-    }
-    if (crypto_rand_int(777)==0)
-      mp_pool_clean(pool, 1, 1);
+  tt_int_op(0,OP_EQ, path_is_relative("/"));
+  tt_int_op(0,OP_EQ, path_is_relative("/dir"));
+  tt_int_op(0,OP_EQ, path_is_relative("/dir/"));
 
-    if (i % 777)
-      mp_pool_assert_ok(pool);
-  }
+  /* Windows */
+#ifdef _WIN32
+  /* I don't have Windows so I can't test this, hence the "#ifdef
+     0". These are tests that look useful, so please try to get them
+     running and uncomment if it all works as it should */
+  tt_int_op(1,OP_EQ, path_is_relative("dir"));
+  tt_int_op(1,OP_EQ, path_is_relative("dir\\"));
+  tt_int_op(1,OP_EQ, path_is_relative("dir\\a:"));
+  tt_int_op(1,OP_EQ, path_is_relative("dir\\a:\\"));
+  tt_int_op(1,OP_EQ, path_is_relative("http:\\dir"));
+
+  tt_int_op(0,OP_EQ, path_is_relative("\\dir"));
+  tt_int_op(0,OP_EQ, path_is_relative("a:\\dir"));
+  tt_int_op(0,OP_EQ, path_is_relative("z:\\dir"));
+#endif
 
  done:
-  if (allocated) {
-    SMARTLIST_FOREACH(allocated, void *, m, mp_pool_release(m));
-    mp_pool_assert_ok(pool);
-    mp_pool_clean(pool, 0, 0);
-    mp_pool_assert_ok(pool);
-    smartlist_free(allocated);
-  }
-
-  if (pool)
-    mp_pool_destroy(pool);
+  ;
 }
 
-#endif /* ENABLE_MEMPOOLS */
-
 /** Run unittests for memory area allocator */
 static void
-test_util_memarea(void)
+test_util_memarea(void *arg)
 {
   memarea_t *area = memarea_new();
   char *p1, *p2, *p3, *p1_orig;
   void *malloced_ptr = NULL;
   int i;
 
-  test_assert(area);
+  (void)arg;
+  tt_assert(area);
 
   p1_orig = p1 = memarea_alloc(area,64);
   p2 = memarea_alloc_zero(area,52);
   p3 = memarea_alloc(area,11);
 
-  test_assert(memarea_owns_ptr(area, p1));
-  test_assert(memarea_owns_ptr(area, p2));
-  test_assert(memarea_owns_ptr(area, p3));
+  tt_assert(memarea_owns_ptr(area, p1));
+  tt_assert(memarea_owns_ptr(area, p2));
+  tt_assert(memarea_owns_ptr(area, p3));
   /* Make sure we left enough space. */
-  test_assert(p1+64 <= p2);
-  test_assert(p2+52 <= p3);
+  tt_assert(p1+64 <= p2);
+  tt_assert(p2+52 <= p3);
   /* Make sure we aligned. */
-  test_eq(((uintptr_t)p1) % sizeof(void*), 0);
-  test_eq(((uintptr_t)p2) % sizeof(void*), 0);
-  test_eq(((uintptr_t)p3) % sizeof(void*), 0);
-  test_assert(!memarea_owns_ptr(area, p3+8192));
-  test_assert(!memarea_owns_ptr(area, p3+30));
-  test_assert(tor_mem_is_zero(p2, 52));
+  tt_int_op(((uintptr_t)p1) % sizeof(void*),OP_EQ, 0);
+  tt_int_op(((uintptr_t)p2) % sizeof(void*),OP_EQ, 0);
+  tt_int_op(((uintptr_t)p3) % sizeof(void*),OP_EQ, 0);
+  tt_assert(!memarea_owns_ptr(area, p3+8192));
+  tt_assert(!memarea_owns_ptr(area, p3+30));
+  tt_assert(tor_mem_is_zero(p2, 52));
   /* Make sure we don't overalign. */
   p1 = memarea_alloc(area, 1);
   p2 = memarea_alloc(area, 1);
-  test_eq_ptr(p1+sizeof(void*), p2);
+  tt_ptr_op(p1+sizeof(void*),OP_EQ, p2);
   {
     malloced_ptr = tor_malloc(64);
-    test_assert(!memarea_owns_ptr(area, malloced_ptr));
+    tt_assert(!memarea_owns_ptr(area, malloced_ptr));
     tor_free(malloced_ptr);
   }
 
@@ -2007,18 +2807,18 @@ test_util_memarea(void)
     malloced_ptr = tor_malloc(64);
     crypto_rand((char*)malloced_ptr, 64);
     p1 = memarea_memdup(area, malloced_ptr, 64);
-    test_assert(p1 != malloced_ptr);
-    test_memeq(p1, malloced_ptr, 64);
+    tt_assert(p1 != malloced_ptr);
+    tt_mem_op(p1,OP_EQ, malloced_ptr, 64);
     tor_free(malloced_ptr);
   }
 
   /* memarea_strdup. */
   p1 = memarea_strdup(area,"");
   p2 = memarea_strdup(area, "abcd");
-  test_assert(p1);
-  test_assert(p2);
-  test_streq(p1, "");
-  test_streq(p2, "abcd");
+  tt_assert(p1);
+  tt_assert(p2);
+  tt_str_op(p1,OP_EQ, "");
+  tt_str_op(p2,OP_EQ, "abcd");
 
   /* memarea_strndup. */
   {
@@ -2027,33 +2827,33 @@ test_util_memarea(void)
     size_t len = strlen(s);
     p1 = memarea_strndup(area, s, 1000);
     p2 = memarea_strndup(area, s, 10);
-    test_streq(p1, s);
-    test_assert(p2 >= p1 + len + 1);
-    test_memeq(s, p2, 10);
-    test_eq(p2[10], '\0');
+    tt_str_op(p1,OP_EQ, s);
+    tt_assert(p2 >= p1 + len + 1);
+    tt_mem_op(s,OP_EQ, p2, 10);
+    tt_int_op(p2[10],OP_EQ, '\0');
     p3 = memarea_strndup(area, s, len);
-    test_streq(p3, s);
+    tt_str_op(p3,OP_EQ, s);
     p3 = memarea_strndup(area, s, len-1);
-    test_memeq(s, p3, len-1);
-    test_eq(p3[len-1], '\0');
+    tt_mem_op(s,OP_EQ, p3, len-1);
+    tt_int_op(p3[len-1],OP_EQ, '\0');
   }
 
   memarea_clear(area);
   p1 = memarea_alloc(area, 1);
-  test_eq_ptr(p1, p1_orig);
+  tt_ptr_op(p1,OP_EQ, p1_orig);
   memarea_clear(area);
 
   /* Check for running over an area's size. */
   for (i = 0; i < 512; ++i) {
     p1 = memarea_alloc(area, crypto_rand_int(5)+1);
-    test_assert(memarea_owns_ptr(area, p1));
+    tt_assert(memarea_owns_ptr(area, p1));
   }
   memarea_assert_ok(area);
   /* Make sure we can allocate a too-big object. */
   p1 = memarea_alloc_zero(area, 9000);
   p2 = memarea_alloc_zero(area, 16);
-  test_assert(memarea_owns_ptr(area, p1));
-  test_assert(memarea_owns_ptr(area, p2));
+  tt_assert(memarea_owns_ptr(area, p1));
+  tt_assert(memarea_owns_ptr(area, p2));
 
  done:
   memarea_drop_all(area);
@@ -2063,31 +2863,32 @@ test_util_memarea(void)
 /** Run unit tests for utility functions to get file names relative to
  * the data directory. */
 static void
-test_util_datadir(void)
+test_util_datadir(void *arg)
 {
   char buf[1024];
   char *f = NULL;
   char *temp_dir = NULL;
 
+  (void)arg;
   temp_dir = get_datadir_fname(NULL);
   f = get_datadir_fname("state");
   tor_snprintf(buf, sizeof(buf), "%s"PATH_SEPARATOR"state", temp_dir);
-  test_streq(f, buf);
+  tt_str_op(f,OP_EQ, buf);
   tor_free(f);
   f = get_datadir_fname2("cache", "thingy");
   tor_snprintf(buf, sizeof(buf),
                "%s"PATH_SEPARATOR"cache"PATH_SEPARATOR"thingy", temp_dir);
-  test_streq(f, buf);
+  tt_str_op(f,OP_EQ, buf);
   tor_free(f);
   f = get_datadir_fname2_suffix("cache", "thingy", ".foo");
   tor_snprintf(buf, sizeof(buf),
                "%s"PATH_SEPARATOR"cache"PATH_SEPARATOR"thingy.foo", temp_dir);
-  test_streq(f, buf);
+  tt_str_op(f,OP_EQ, buf);
   tor_free(f);
   f = get_datadir_fname_suffix("cache", ".foo");
   tor_snprintf(buf, sizeof(buf), "%s"PATH_SEPARATOR"cache.foo",
                temp_dir);
-  test_streq(f, buf);
+  tt_str_op(f,OP_EQ, buf);
 
  done:
   tor_free(f);
@@ -2095,13 +2896,14 @@ test_util_datadir(void)
 }
 
 static void
-test_util_strtok(void)
+test_util_strtok(void *arg)
 {
   char buf[128];
   char buf2[128];
   int i;
   char *cp1, *cp2;
 
+  (void)arg;
   for (i = 0; i < 3; i++) {
     const char *pad1="", *pad2="";
     switch (i) {
@@ -2118,8 +2920,8 @@ test_util_strtok(void)
     }
     tor_snprintf(buf, sizeof(buf), "%s", pad1);
     tor_snprintf(buf2, sizeof(buf2), "%s", pad2);
-    test_assert(NULL == tor_strtok_r_impl(buf, " ", &cp1));
-    test_assert(NULL == tor_strtok_r_impl(buf2, ".!..;!", &cp2));
+    tt_assert(NULL == tor_strtok_r_impl(buf, " ", &cp1));
+    tt_assert(NULL == tor_strtok_r_impl(buf2, ".!..;!", &cp2));
 
     tor_snprintf(buf, sizeof(buf),
                  "%sGraved on the dark  in gestures of descent%s", pad1, pad1);
@@ -2127,43 +2929,43 @@ test_util_strtok(void)
                 "%sthey.seemed;;their!.own;most.perfect;monument%s",pad2,pad2);
     /*  -- "Year's End", Richard Wilbur */
 
-    test_streq("Graved", tor_strtok_r_impl(buf, " ", &cp1));
-    test_streq("they", tor_strtok_r_impl(buf2, ".!..;!", &cp2));
+    tt_str_op("Graved",OP_EQ, tor_strtok_r_impl(buf, " ", &cp1));
+    tt_str_op("they",OP_EQ, tor_strtok_r_impl(buf2, ".!..;!", &cp2));
 #define S1() tor_strtok_r_impl(NULL, " ", &cp1)
 #define S2() tor_strtok_r_impl(NULL, ".!..;!", &cp2)
-    test_streq("on", S1());
-    test_streq("the", S1());
-    test_streq("dark", S1());
-    test_streq("seemed", S2());
-    test_streq("their", S2());
-    test_streq("own", S2());
-    test_streq("in", S1());
-    test_streq("gestures", S1());
-    test_streq("of", S1());
-    test_streq("most", S2());
-    test_streq("perfect", S2());
-    test_streq("descent", S1());
-    test_streq("monument", S2());
-    test_eq_ptr(NULL, S1());
-    test_eq_ptr(NULL, S2());
+    tt_str_op("on",OP_EQ, S1());
+    tt_str_op("the",OP_EQ, S1());
+    tt_str_op("dark",OP_EQ, S1());
+    tt_str_op("seemed",OP_EQ, S2());
+    tt_str_op("their",OP_EQ, S2());
+    tt_str_op("own",OP_EQ, S2());
+    tt_str_op("in",OP_EQ, S1());
+    tt_str_op("gestures",OP_EQ, S1());
+    tt_str_op("of",OP_EQ, S1());
+    tt_str_op("most",OP_EQ, S2());
+    tt_str_op("perfect",OP_EQ, S2());
+    tt_str_op("descent",OP_EQ, S1());
+    tt_str_op("monument",OP_EQ, S2());
+    tt_ptr_op(NULL,OP_EQ, S1());
+    tt_ptr_op(NULL,OP_EQ, S2());
   }
 
   buf[0] = 0;
-  test_eq_ptr(NULL, tor_strtok_r_impl(buf, " ", &cp1));
-  test_eq_ptr(NULL, tor_strtok_r_impl(buf, "!", &cp1));
+  tt_ptr_op(NULL,OP_EQ, tor_strtok_r_impl(buf, " ", &cp1));
+  tt_ptr_op(NULL,OP_EQ, tor_strtok_r_impl(buf, "!", &cp1));
 
   strlcpy(buf, "Howdy!", sizeof(buf));
-  test_streq("Howdy", tor_strtok_r_impl(buf, "!", &cp1));
-  test_eq_ptr(NULL, tor_strtok_r_impl(NULL, "!", &cp1));
+  tt_str_op("Howdy",OP_EQ, tor_strtok_r_impl(buf, "!", &cp1));
+  tt_ptr_op(NULL,OP_EQ, tor_strtok_r_impl(NULL, "!", &cp1));
 
   strlcpy(buf, " ", sizeof(buf));
-  test_eq_ptr(NULL, tor_strtok_r_impl(buf, " ", &cp1));
+  tt_ptr_op(NULL,OP_EQ, tor_strtok_r_impl(buf, " ", &cp1));
   strlcpy(buf, "  ", sizeof(buf));
-  test_eq_ptr(NULL, tor_strtok_r_impl(buf, " ", &cp1));
+  tt_ptr_op(NULL,OP_EQ, tor_strtok_r_impl(buf, " ", &cp1));
 
   strlcpy(buf, "something  ", sizeof(buf));
-  test_streq("something", tor_strtok_r_impl(buf, " ", &cp1));
-  test_eq_ptr(NULL, tor_strtok_r_impl(NULL, ";", &cp1));
+  tt_str_op("something",OP_EQ, tor_strtok_r_impl(buf, " ", &cp1));
+  tt_ptr_op(NULL,OP_EQ, tor_strtok_r_impl(NULL, ";", &cp1));
  done:
   ;
 }
@@ -2183,23 +2985,26 @@ test_util_find_str_at_start_of_line(void *ptr)
 
   (void)ptr;
 
-  test_eq_ptr(long_string, find_str_at_start_of_line(long_string, ""));
-  test_eq_ptr(NULL, find_str_at_start_of_line(short_string, "nonsense"));
-  test_eq_ptr(NULL, find_str_at_start_of_line(long_string, "nonsense"));
-  test_eq_ptr(NULL, find_str_at_start_of_line(long_string, "\n"));
-  test_eq_ptr(NULL, find_str_at_start_of_line(long_string, "how "));
-  test_eq_ptr(NULL, find_str_at_start_of_line(long_string, "kitty"));
-  test_eq_ptr(long_string, find_str_at_start_of_line(long_string, "h"));
-  test_eq_ptr(long_string, find_str_at_start_of_line(long_string, "how"));
-  test_eq_ptr(line2, find_str_at_start_of_line(long_string, "he"));
-  test_eq_ptr(line2, find_str_at_start_of_line(long_string, "hell"));
-  test_eq_ptr(line2, find_str_at_start_of_line(long_string, "hello k"));
-  test_eq_ptr(line2, find_str_at_start_of_line(long_string, "hello kitty\n"));
-  test_eq_ptr(line2, find_str_at_start_of_line(long_string, "hello kitty\nt"));
-  test_eq_ptr(line3, find_str_at_start_of_line(long_string, "third"));
-  test_eq_ptr(line3, find_str_at_start_of_line(long_string, "third line"));
-  test_eq_ptr(NULL,  find_str_at_start_of_line(long_string, "third line\n"));
-  test_eq_ptr(short_line2, find_str_at_start_of_line(short_string,
+  tt_ptr_op(long_string,OP_EQ, find_str_at_start_of_line(long_string, ""));
+  tt_ptr_op(NULL,OP_EQ, find_str_at_start_of_line(short_string, "nonsense"));
+  tt_ptr_op(NULL,OP_EQ, find_str_at_start_of_line(long_string, "nonsense"));
+  tt_ptr_op(NULL,OP_EQ, find_str_at_start_of_line(long_string, "\n"));
+  tt_ptr_op(NULL,OP_EQ, find_str_at_start_of_line(long_string, "how "));
+  tt_ptr_op(NULL,OP_EQ, find_str_at_start_of_line(long_string, "kitty"));
+  tt_ptr_op(long_string,OP_EQ, find_str_at_start_of_line(long_string, "h"));
+  tt_ptr_op(long_string,OP_EQ, find_str_at_start_of_line(long_string, "how"));
+  tt_ptr_op(line2,OP_EQ, find_str_at_start_of_line(long_string, "he"));
+  tt_ptr_op(line2,OP_EQ, find_str_at_start_of_line(long_string, "hell"));
+  tt_ptr_op(line2,OP_EQ, find_str_at_start_of_line(long_string, "hello k"));
+  tt_ptr_op(line2,OP_EQ,
+            find_str_at_start_of_line(long_string, "hello kitty\n"));
+  tt_ptr_op(line2,OP_EQ,
+            find_str_at_start_of_line(long_string, "hello kitty\nt"));
+  tt_ptr_op(line3,OP_EQ, find_str_at_start_of_line(long_string, "third"));
+  tt_ptr_op(line3,OP_EQ, find_str_at_start_of_line(long_string, "third line"));
+  tt_ptr_op(NULL, OP_EQ,
+            find_str_at_start_of_line(long_string, "third line\n"));
+  tt_ptr_op(short_line2,OP_EQ, find_str_at_start_of_line(short_string,
                                                      "second line\n"));
  done:
   ;
@@ -2210,25 +3015,25 @@ test_util_string_is_C_identifier(void *ptr)
 {
   (void)ptr;
 
-  test_eq(1, string_is_C_identifier("string_is_C_identifier"));
-  test_eq(1, string_is_C_identifier("_string_is_C_identifier"));
-  test_eq(1, string_is_C_identifier("_"));
-  test_eq(1, string_is_C_identifier("i"));
-  test_eq(1, string_is_C_identifier("_____"));
-  test_eq(1, string_is_C_identifier("__00__"));
-  test_eq(1, string_is_C_identifier("__init__"));
-  test_eq(1, string_is_C_identifier("_0"));
-  test_eq(1, string_is_C_identifier("_0string_is_C_identifier"));
-  test_eq(1, string_is_C_identifier("_0"));
-
-  test_eq(0, string_is_C_identifier("0_string_is_C_identifier"));
-  test_eq(0, string_is_C_identifier("0"));
-  test_eq(0, string_is_C_identifier(""));
-  test_eq(0, string_is_C_identifier(";"));
-  test_eq(0, string_is_C_identifier("i;"));
-  test_eq(0, string_is_C_identifier("_;"));
-  test_eq(0, string_is_C_identifier("í"));
-  test_eq(0, string_is_C_identifier("ñ"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("string_is_C_identifier"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("_string_is_C_identifier"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("_"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("i"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("_____"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("__00__"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("__init__"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("_0"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("_0string_is_C_identifier"));
+  tt_int_op(1,OP_EQ, string_is_C_identifier("_0"));
+
+  tt_int_op(0,OP_EQ, string_is_C_identifier("0_string_is_C_identifier"));
+  tt_int_op(0,OP_EQ, string_is_C_identifier("0"));
+  tt_int_op(0,OP_EQ, string_is_C_identifier(""));
+  tt_int_op(0,OP_EQ, string_is_C_identifier(";"));
+  tt_int_op(0,OP_EQ, string_is_C_identifier("i;"));
+  tt_int_op(0,OP_EQ, string_is_C_identifier("_;"));
+  tt_int_op(0,OP_EQ, string_is_C_identifier("í"));
+  tt_int_op(0,OP_EQ, string_is_C_identifier("ñ"));
 
  done:
   ;
@@ -2245,48 +3050,48 @@ test_util_asprintf(void *ptr)
 
   /* simple string */
   r = tor_asprintf(&cp, "simple string 100%% safe");
-  test_assert(cp);
-  test_streq("simple string 100% safe", cp);
-  test_eq(strlen(cp), r);
+  tt_assert(cp);
+  tt_str_op("simple string 100% safe",OP_EQ, cp);
+  tt_int_op(strlen(cp),OP_EQ, r);
   tor_free(cp);
 
   /* empty string */
   r = tor_asprintf(&cp, "%s", "");
-  test_assert(cp);
-  test_streq("", cp);
-  test_eq(strlen(cp), r);
+  tt_assert(cp);
+  tt_str_op("",OP_EQ, cp);
+  tt_int_op(strlen(cp),OP_EQ, r);
   tor_free(cp);
 
   /* numbers (%i) */
   r = tor_asprintf(&cp, "I like numbers-%2i, %i, etc.", -1, 2);
-  test_assert(cp);
-  test_streq("I like numbers--1, 2, etc.", cp);
-  test_eq(strlen(cp), r);
+  tt_assert(cp);
+  tt_str_op("I like numbers--1, 2, etc.",OP_EQ, cp);
+  tt_int_op(strlen(cp),OP_EQ, r);
   /* don't free cp; next test uses it. */
 
   /* numbers (%d) */
   r = tor_asprintf(&cp2, "First=%d, Second=%d", 101, 202);
-  test_assert(cp2);
-  test_eq(strlen(cp2), r);
-  test_streq("First=101, Second=202", cp2);
-  test_assert(cp != cp2);
+  tt_assert(cp2);
+  tt_int_op(strlen(cp2),OP_EQ, r);
+  tt_str_op("First=101, Second=202",OP_EQ, cp2);
+  tt_assert(cp != cp2);
   tor_free(cp);
   tor_free(cp2);
 
   /* Glass-box test: a string exactly 128 characters long. */
   r = tor_asprintf(&cp, "Lorem1: %sLorem2: %s", LOREMIPSUM, LOREMIPSUM);
-  test_assert(cp);
-  test_eq(128, r);
-  test_assert(cp[128] == '\0');
-  test_streq("Lorem1: "LOREMIPSUM"Lorem2: "LOREMIPSUM, cp);
+  tt_assert(cp);
+  tt_int_op(128,OP_EQ, r);
+  tt_int_op(cp[128], OP_EQ, '\0');
+  tt_str_op("Lorem1: "LOREMIPSUM"Lorem2: "LOREMIPSUM,OP_EQ, cp);
   tor_free(cp);
 
   /* String longer than 128 characters */
   r = tor_asprintf(&cp, "1: %s 2: %s 3: %s",
                    LOREMIPSUM, LOREMIPSUM, LOREMIPSUM);
-  test_assert(cp);
-  test_eq(strlen(cp), r);
-  test_streq("1: "LOREMIPSUM" 2: "LOREMIPSUM" 3: "LOREMIPSUM, cp);
+  tt_assert(cp);
+  tt_int_op(strlen(cp),OP_EQ, r);
+  tt_str_op("1: "LOREMIPSUM" 2: "LOREMIPSUM" 3: "LOREMIPSUM,OP_EQ, cp);
 
  done:
   tor_free(cp);
@@ -2307,9 +3112,9 @@ test_util_listdir(void *ptr)
   dir1   = tor_strdup(get_fname("some-directory"));
   dirname = tor_strdup(get_fname(NULL));
 
-  test_eq(0, write_str_to_file(fname1, "X\n", 0));
-  test_eq(0, write_str_to_file(fname2, "Y\n", 0));
-  test_eq(0, write_str_to_file(fname3, "Z\n", 0));
+  tt_int_op(0,OP_EQ, write_str_to_file(fname1, "X\n", 0));
+  tt_int_op(0,OP_EQ, write_str_to_file(fname2, "Y\n", 0));
+  tt_int_op(0,OP_EQ, write_str_to_file(fname3, "Z\n", 0));
 #ifdef _WIN32
   r = mkdir(dir1);
 #else
@@ -2322,15 +3127,15 @@ test_util_listdir(void *ptr)
   }
 
   dir_contents = tor_listdir(dirname);
-  test_assert(dir_contents);
+  tt_assert(dir_contents);
   /* make sure that each filename is listed. */
-  test_assert(smartlist_contains_string_case(dir_contents, "hopscotch"));
-  test_assert(smartlist_contains_string_case(dir_contents, "mumblety-peg"));
-  test_assert(smartlist_contains_string_case(dir_contents, ".hidden-file"));
-  test_assert(smartlist_contains_string_case(dir_contents, "some-directory"));
+  tt_assert(smartlist_contains_string_case(dir_contents, "hopscotch"));
+  tt_assert(smartlist_contains_string_case(dir_contents, "mumblety-peg"));
+  tt_assert(smartlist_contains_string_case(dir_contents, ".hidden-file"));
+  tt_assert(smartlist_contains_string_case(dir_contents, "some-directory"));
 
-  test_assert(!smartlist_contains_string(dir_contents, "."));
-  test_assert(!smartlist_contains_string(dir_contents, ".."));
+  tt_assert(!smartlist_contains_string(dir_contents, "."));
+  tt_assert(!smartlist_contains_string(dir_contents, ".."));
 
  done:
   tor_free(fname1);
@@ -2355,9 +3160,9 @@ test_util_parent_dir(void *ptr)
     int ok;                                     \
     cp = tor_strdup(input);                     \
     ok = get_parent_directory(cp);              \
-    tt_int_op(expect_ok, ==, ok);               \
+    tt_int_op(expect_ok, OP_EQ, ok);               \
     if (ok==0)                                  \
-      tt_str_op(output, ==, cp);                \
+      tt_str_op(output, OP_EQ, cp);                \
     tor_free(cp);                               \
   } while (0);
 
@@ -2391,6 +3196,54 @@ test_util_parent_dir(void *ptr)
   tor_free(cp);
 }
 
+static void
+test_util_ftruncate(void *ptr)
+{
+  char *buf = NULL;
+  const char *fname;
+  int fd = -1;
+  const char *message = "Hello world";
+  const char *message2 = "Hola mundo";
+  struct stat st;
+
+  (void) ptr;
+
+  fname = get_fname("ftruncate");
+
+  fd = tor_open_cloexec(fname, O_WRONLY|O_CREAT, 0600);
+  tt_int_op(fd, OP_GE, 0);
+
+  /* Make the file be there. */
+  tt_int_op(strlen(message), OP_EQ, write_all(fd, message, strlen(message),0));
+  tt_int_op((int)tor_fd_getpos(fd), OP_EQ, strlen(message));
+  tt_int_op(0, OP_EQ, fstat(fd, &st));
+  tt_int_op((int)st.st_size, OP_EQ, strlen(message));
+
+  /* Truncate and see if it got truncated */
+  tt_int_op(0, OP_EQ, tor_ftruncate(fd));
+  tt_int_op((int)tor_fd_getpos(fd), OP_EQ, 0);
+  tt_int_op(0, OP_EQ, fstat(fd, &st));
+  tt_int_op((int)st.st_size, OP_EQ, 0);
+
+  /* Replace, and see if it got replaced */
+  tt_int_op(strlen(message2), OP_EQ,
+            write_all(fd, message2, strlen(message2), 0));
+  tt_int_op((int)tor_fd_getpos(fd), OP_EQ, strlen(message2));
+  tt_int_op(0, OP_EQ, fstat(fd, &st));
+  tt_int_op((int)st.st_size, OP_EQ, strlen(message2));
+
+  close(fd);
+  fd = -1;
+
+  buf = read_file_to_str(fname, 0, NULL);
+  tt_str_op(message2, OP_EQ, buf);
+
+ done:
+  if (fd >= 0)
+    close(fd);
+  tor_free(buf);
+}
+
 #ifdef _WIN32
 static void
 test_util_load_win_lib(void *ptr)
@@ -2422,30 +3275,53 @@ test_util_exit_status(void *ptr)
   (void)ptr;
 
   clear_hex_errno(hex_errno);
+  tt_str_op("",OP_EQ, hex_errno);
+
+  clear_hex_errno(hex_errno);
   n = format_helper_exit_status(0, 0, hex_errno);
-  test_streq("0/0\n", hex_errno);
-  test_eq(n, strlen(hex_errno));
+  tt_str_op("0/0\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
+
+#if SIZEOF_INT == 4
 
   clear_hex_errno(hex_errno);
   n = format_helper_exit_status(0, 0x7FFFFFFF, hex_errno);
-  test_streq("0/7FFFFFFF\n", hex_errno);
-  test_eq(n, strlen(hex_errno));
+  tt_str_op("0/7FFFFFFF\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
 
   clear_hex_errno(hex_errno);
   n = format_helper_exit_status(0xFF, -0x80000000, hex_errno);
-  test_streq("FF/-80000000\n", hex_errno);
-  test_eq(n, strlen(hex_errno));
-  test_eq(n, HEX_ERRNO_SIZE);
+  tt_str_op("FF/-80000000\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
+  tt_int_op(n,OP_EQ, HEX_ERRNO_SIZE);
+
+#elif SIZEOF_INT == 8
+
+  clear_hex_errno(hex_errno);
+  n = format_helper_exit_status(0, 0x7FFFFFFFFFFFFFFF, hex_errno);
+  tt_str_op("0/7FFFFFFFFFFFFFFF\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
+
+  clear_hex_errno(hex_errno);
+  n = format_helper_exit_status(0xFF, -0x8000000000000000, hex_errno);
+  tt_str_op("FF/-8000000000000000\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
+  tt_int_op(n,OP_EQ, HEX_ERRNO_SIZE);
+
+#endif
 
   clear_hex_errno(hex_errno);
   n = format_helper_exit_status(0x7F, 0, hex_errno);
-  test_streq("7F/0\n", hex_errno);
-  test_eq(n, strlen(hex_errno));
+  tt_str_op("7F/0\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
 
   clear_hex_errno(hex_errno);
   n = format_helper_exit_status(0x08, -0x242, hex_errno);
-  test_streq("8/-242\n", hex_errno);
-  test_eq(n, strlen(hex_errno));
+  tt_str_op("8/-242\n",OP_EQ, hex_errno);
+  tt_int_op(n,OP_EQ, strlen(hex_errno));
+
+  clear_hex_errno(hex_errno);
+  tt_str_op("",OP_EQ, hex_errno);
 
  done:
   ;
@@ -2453,8 +3329,9 @@ test_util_exit_status(void *ptr)
 #endif
 
 #ifndef _WIN32
-/** Check that fgets waits until a full line, and not return a partial line, on
- * a EAGAIN with a non-blocking pipe */
+/* Check that fgets with a non-blocking pipe returns partial lines and sets
+ * EAGAIN, returns full lines and sets no error, and returns NULL on EOF and
+ * sets no error */
 static void
 test_util_fgets_eagain(void *ptr)
 {
@@ -2463,71 +3340,91 @@ test_util_fgets_eagain(void *ptr)
   ssize_t retlen;
   char *retptr;
   FILE *test_stream = NULL;
-  char buf[10];
+  char buf[4] = { 0 };
 
   (void)ptr;
 
+  errno = 0;
+
   /* Set up a pipe to test on */
   retval = pipe(test_pipe);
-  tt_int_op(retval, >=, 0);
+  tt_int_op(retval, OP_EQ, 0);
 
   /* Set up the read-end to be non-blocking */
   retval = fcntl(test_pipe[0], F_SETFL, O_NONBLOCK);
-  tt_int_op(retval, >=, 0);
+  tt_int_op(retval, OP_EQ, 0);
 
   /* Open it as a stdio stream */
   test_stream = fdopen(test_pipe[0], "r");
-  tt_ptr_op(test_stream, !=, NULL);
+  tt_ptr_op(test_stream, OP_NE, NULL);
 
   /* Send in a partial line */
   retlen = write(test_pipe[1], "A", 1);
-  tt_int_op(retlen, ==, 1);
+  tt_int_op(retlen, OP_EQ, 1);
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_want(retptr == NULL);
-  tt_int_op(errno, ==, EAGAIN);
+  tt_int_op(errno, OP_EQ, EAGAIN);
+  tt_ptr_op(retptr, OP_EQ, buf);
+  tt_str_op(buf, OP_EQ, "A");
+  errno = 0;
 
   /* Send in the rest */
   retlen = write(test_pipe[1], "B\n", 2);
-  tt_int_op(retlen, ==, 2);
+  tt_int_op(retlen, OP_EQ, 2);
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_ptr_op(retptr, ==, buf);
-  tt_str_op(buf, ==, "AB\n");
+  tt_int_op(errno, OP_EQ, 0);
+  tt_ptr_op(retptr, OP_EQ, buf);
+  tt_str_op(buf, OP_EQ, "B\n");
+  errno = 0;
 
   /* Send in a full line */
   retlen = write(test_pipe[1], "CD\n", 3);
-  tt_int_op(retlen, ==, 3);
+  tt_int_op(retlen, OP_EQ, 3);
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_ptr_op(retptr, ==, buf);
-  tt_str_op(buf, ==, "CD\n");
+  tt_int_op(errno, OP_EQ, 0);
+  tt_ptr_op(retptr, OP_EQ, buf);
+  tt_str_op(buf, OP_EQ, "CD\n");
+  errno = 0;
 
   /* Send in a partial line */
   retlen = write(test_pipe[1], "E", 1);
-  tt_int_op(retlen, ==, 1);
+  tt_int_op(retlen, OP_EQ, 1);
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_ptr_op(retptr, ==, NULL);
-  tt_int_op(errno, ==, EAGAIN);
+  tt_int_op(errno, OP_EQ, EAGAIN);
+  tt_ptr_op(retptr, OP_EQ, buf);
+  tt_str_op(buf, OP_EQ, "E");
+  errno = 0;
 
   /* Send in the rest */
   retlen = write(test_pipe[1], "F\n", 2);
-  tt_int_op(retlen, ==, 2);
+  tt_int_op(retlen, OP_EQ, 2);
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_ptr_op(retptr, ==, buf);
-  tt_str_op(buf, ==, "EF\n");
+  tt_int_op(errno, OP_EQ, 0);
+  tt_ptr_op(retptr, OP_EQ, buf);
+  tt_str_op(buf, OP_EQ, "F\n");
+  errno = 0;
 
   /* Send in a full line and close */
   retlen = write(test_pipe[1], "GH", 2);
-  tt_int_op(retlen, ==, 2);
+  tt_int_op(retlen, OP_EQ, 2);
   retval = close(test_pipe[1]);
+  tt_int_op(retval, OP_EQ, 0);
   test_pipe[1] = -1;
-  tt_int_op(retval, ==, 0);
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_ptr_op(retptr, ==, buf);
-  tt_str_op(buf, ==, "GH");
+  tt_int_op(errno, OP_EQ, 0);
+  tt_ptr_op(retptr, OP_EQ, buf);
+  tt_str_op(buf, OP_EQ, "GH");
+  errno = 0;
 
   /* Check for EOF */
   retptr = fgets(buf, sizeof(buf), test_stream);
-  tt_ptr_op(retptr, ==, NULL);
-  tt_int_op(feof(test_stream), >, 0);
+  tt_int_op(errno, OP_EQ, 0);
+  tt_ptr_op(retptr, OP_EQ, NULL);
+  retval = feof(test_stream);
+  tt_int_op(retval, OP_NE, 0);
+  errno = 0;
+
+  /* Check that buf is unchanged according to C99 and C11 */
+  tt_str_op(buf, OP_EQ, "GH");
 
  done:
   if (test_stream != NULL)
@@ -2539,315 +3436,6 @@ test_util_fgets_eagain(void *ptr)
 }
 #endif
 
-#ifndef BUILDDIR
-#define BUILDDIR "."
-#endif
-
-#ifdef _WIN32
-#define notify_pending_waitpid_callbacks() STMT_NIL
-#define TEST_CHILD "test-child.exe"
-#define EOL "\r\n"
-#else
-#define TEST_CHILD (BUILDDIR "/src/test/test-child")
-#define EOL "\n"
-#endif
-
-/** Helper function for testing tor_spawn_background */
-static void
-run_util_spawn_background(const char *argv[], const char *expected_out,
-                          const char *expected_err, int expected_exit,
-                          int expected_status)
-{
-  int retval, exit_code;
-  ssize_t pos;
-  process_handle_t *process_handle=NULL;
-  char stdout_buf[100], stderr_buf[100];
-  int status;
-
-  /* Start the program */
-#ifdef _WIN32
-  status = tor_spawn_background(NULL, argv, NULL, &process_handle);
-#else
-  status = tor_spawn_background(argv[0], argv, NULL, &process_handle);
-#endif
-
-  notify_pending_waitpid_callbacks();
-
-  test_eq(expected_status, status);
-  if (status == PROCESS_STATUS_ERROR) {
-    tt_ptr_op(process_handle, ==, NULL);
-    return;
-  }
-
-  test_assert(process_handle != NULL);
-  test_eq(expected_status, process_handle->status);
-
-#ifndef _WIN32
-  notify_pending_waitpid_callbacks();
-  tt_ptr_op(process_handle->waitpid_cb, !=, NULL);
-#endif
-
-#ifdef _WIN32
-  test_assert(process_handle->stdout_pipe != INVALID_HANDLE_VALUE);
-  test_assert(process_handle->stderr_pipe != INVALID_HANDLE_VALUE);
-#else
-  test_assert(process_handle->stdout_pipe >= 0);
-  test_assert(process_handle->stderr_pipe >= 0);
-#endif
-
-  /* Check stdout */
-  pos = tor_read_all_from_process_stdout(process_handle, stdout_buf,
-                                         sizeof(stdout_buf) - 1);
-  tt_assert(pos >= 0);
-  stdout_buf[pos] = '\0';
-  test_eq(strlen(expected_out), pos);
-  test_streq(expected_out, stdout_buf);
-
-  notify_pending_waitpid_callbacks();
-
-  /* Check it terminated correctly */
-  retval = tor_get_exit_code(process_handle, 1, &exit_code);
-  test_eq(PROCESS_EXIT_EXITED, retval);
-  test_eq(expected_exit, exit_code);
-  // TODO: Make test-child exit with something other than 0
-
-#ifndef _WIN32
-  notify_pending_waitpid_callbacks();
-  tt_ptr_op(process_handle->waitpid_cb, ==, NULL);
-#endif
-
-  /* Check stderr */
-  pos = tor_read_all_from_process_stderr(process_handle, stderr_buf,
-                                         sizeof(stderr_buf) - 1);
-  test_assert(pos >= 0);
-  stderr_buf[pos] = '\0';
-  test_streq(expected_err, stderr_buf);
-  test_eq(strlen(expected_err), pos);
-
-  notify_pending_waitpid_callbacks();
-
- done:
-  if (process_handle)
-    tor_process_handle_destroy(process_handle, 1);
-}
-
-/** Check that we can launch a process and read the output */
-static void
-test_util_spawn_background_ok(void *ptr)
-{
-  const char *argv[] = {TEST_CHILD, "--test", NULL};
-  const char *expected_out = "OUT"EOL "--test"EOL "SLEEPING"EOL "DONE" EOL;
-  const char *expected_err = "ERR"EOL;
-
-  (void)ptr;
-
-  run_util_spawn_background(argv, expected_out, expected_err, 0,
-      PROCESS_STATUS_RUNNING);
-}
-
-/** Check that failing to find the executable works as expected */
-static void
-test_util_spawn_background_fail(void *ptr)
-{
-  const char *argv[] = {BUILDDIR "/src/test/no-such-file", "--test", NULL};
-  const char *expected_err = "";
-  char expected_out[1024];
-  char code[32];
-#ifdef _WIN32
-  const int expected_status = PROCESS_STATUS_ERROR;
-#else
-  /* TODO: Once we can signal failure to exec, set this to be
-   * PROCESS_STATUS_ERROR */
-  const int expected_status = PROCESS_STATUS_RUNNING;
-#endif
-
-  (void)ptr;
-
-  tor_snprintf(code, sizeof(code), "%x/%x",
-    9 /* CHILD_STATE_FAILEXEC */ , ENOENT);
-  tor_snprintf(expected_out, sizeof(expected_out),
-    "ERR: Failed to spawn background process - code %s\n", code);
-
-  run_util_spawn_background(argv, expected_out, expected_err, 255,
-      expected_status);
-}
-
-/** Test that reading from a handle returns a partial read rather than
- * blocking */
-static void
-test_util_spawn_background_partial_read_impl(int exit_early)
-{
-  const int expected_exit = 0;
-  const int expected_status = PROCESS_STATUS_RUNNING;
-
-  int retval, exit_code;
-  ssize_t pos = -1;
-  process_handle_t *process_handle=NULL;
-  int status;
-  char stdout_buf[100], stderr_buf[100];
-
-  const char *argv[] = {TEST_CHILD, "--test", NULL};
-  const char *expected_out[] = { "OUT" EOL "--test" EOL "SLEEPING" EOL,
-                                 "DONE" EOL,
-                                 NULL };
-  const char *expected_err = "ERR" EOL;
-
-#ifndef _WIN32
-  int eof = 0;
-#endif
-  int expected_out_ctr;
-
-  if (exit_early) {
-    argv[1] = "--hang";
-    expected_out[0] = "OUT"EOL "--hang"EOL "SLEEPING" EOL;
-  }
-
-  /* Start the program */
-#ifdef _WIN32
-  status = tor_spawn_background(NULL, argv, NULL, &process_handle);
-#else
-  status = tor_spawn_background(argv[0], argv, NULL, &process_handle);
-#endif
-  test_eq(expected_status, status);
-  test_assert(process_handle);
-  test_eq(expected_status, process_handle->status);
-
-  /* Check stdout */
-  for (expected_out_ctr = 0; expected_out[expected_out_ctr] != NULL;) {
-#ifdef _WIN32
-    pos = tor_read_all_handle(process_handle->stdout_pipe, stdout_buf,
-                              sizeof(stdout_buf) - 1, NULL);
-#else
-    /* Check that we didn't read the end of file last time */
-    test_assert(!eof);
-    pos = tor_read_all_handle(process_handle->stdout_handle, stdout_buf,
-                              sizeof(stdout_buf) - 1, NULL, &eof);
-#endif
-    log_info(LD_GENERAL, "tor_read_all_handle() returned %d", (int)pos);
-
-    /* We would have blocked, keep on trying */
-    if (0 == pos)
-      continue;
-
-    test_assert(pos > 0);
-    stdout_buf[pos] = '\0';
-    test_streq(expected_out[expected_out_ctr], stdout_buf);
-    test_eq(strlen(expected_out[expected_out_ctr]), pos);
-    expected_out_ctr++;
-  }
-
-  if (exit_early) {
-    tor_process_handle_destroy(process_handle, 1);
-    process_handle = NULL;
-    goto done;
-  }
-
-  /* The process should have exited without writing more */
-#ifdef _WIN32
-  pos = tor_read_all_handle(process_handle->stdout_pipe, stdout_buf,
-                            sizeof(stdout_buf) - 1,
-                            process_handle);
-  test_eq(0, pos);
-#else
-  if (!eof) {
-    /* We should have got all the data, but maybe not the EOF flag */
-    pos = tor_read_all_handle(process_handle->stdout_handle, stdout_buf,
-                              sizeof(stdout_buf) - 1,
-                              process_handle, &eof);
-    test_eq(0, pos);
-    test_assert(eof);
-  }
-  /* Otherwise, we got the EOF on the last read */
-#endif
-
-  /* Check it terminated correctly */
-  retval = tor_get_exit_code(process_handle, 1, &exit_code);
-  test_eq(PROCESS_EXIT_EXITED, retval);
-  test_eq(expected_exit, exit_code);
-
-  // TODO: Make test-child exit with something other than 0
-
-  /* Check stderr */
-  pos = tor_read_all_from_process_stderr(process_handle, stderr_buf,
-                                         sizeof(stderr_buf) - 1);
-  test_assert(pos >= 0);
-  stderr_buf[pos] = '\0';
-  test_streq(expected_err, stderr_buf);
-  test_eq(strlen(expected_err), pos);
-
- done:
-  tor_process_handle_destroy(process_handle, 1);
-}
-
-static void
-test_util_spawn_background_partial_read(void *arg)
-{
-  (void)arg;
-  test_util_spawn_background_partial_read_impl(0);
-}
-
-static void
-test_util_spawn_background_exit_early(void *arg)
-{
-  (void)arg;
-  test_util_spawn_background_partial_read_impl(1);
-}
-
-static void
-test_util_spawn_background_waitpid_notify(void *arg)
-{
-  int retval, exit_code;
-  process_handle_t *process_handle=NULL;
-  int status;
-  int ms_timer;
-
-  const char *argv[] = {TEST_CHILD, "--fast", NULL};
-
-  (void) arg;
-
-#ifdef _WIN32
-  status = tor_spawn_background(NULL, argv, NULL, &process_handle);
-#else
-  status = tor_spawn_background(argv[0], argv, NULL, &process_handle);
-#endif
-
-  tt_int_op(status, ==, PROCESS_STATUS_RUNNING);
-  tt_ptr_op(process_handle, !=, NULL);
-
-  /* We're not going to look at the stdout/stderr output this time. Instead,
-   * we're testing whether notify_pending_waitpid_calbacks() can report the
-   * process exit (on unix) and/or whether tor_get_exit_code() can notice it
-   * (on windows) */
-
-#ifndef _WIN32
-  ms_timer = 30*1000;
-  tt_ptr_op(process_handle->waitpid_cb, !=, NULL);
-  while (process_handle->waitpid_cb && ms_timer > 0) {
-    tor_sleep_msec(100);
-    ms_timer -= 100;
-    notify_pending_waitpid_callbacks();
-  }
-  tt_int_op(ms_timer, >, 0);
-  tt_ptr_op(process_handle->waitpid_cb, ==, NULL);
-#endif
-
-  ms_timer = 30*1000;
-  while (((retval = tor_get_exit_code(process_handle, 0, &exit_code))
-                == PROCESS_EXIT_RUNNING) && ms_timer > 0) {
-    tor_sleep_msec(100);
-    ms_timer -= 100;
-  }
-  tt_int_op(ms_timer, >, 0);
-
-  tt_int_op(retval, ==, PROCESS_EXIT_EXITED);
-
- done:
-  tor_process_handle_destroy(process_handle, 1);
-}
-
-#undef TEST_CHILD
-#undef EOL
-
 /**
  * Test for format_hex_number_sigsafe()
  */
@@ -2878,15 +3466,15 @@ test_util_format_hex_number(void *ptr)
 
   for (i = 0; test_data[i].str != NULL; ++i) {
     len = format_hex_number_sigsafe(test_data[i].x, buf, sizeof(buf));
-    test_neq(len, 0);
-    test_eq(len, strlen(buf));
-    test_streq(buf, test_data[i].str);
+    tt_int_op(len,OP_NE, 0);
+    tt_int_op(len,OP_EQ, strlen(buf));
+    tt_str_op(buf,OP_EQ, test_data[i].str);
   }
 
-  test_eq(4, format_hex_number_sigsafe(0xffff, buf, 5));
-  test_streq(buf, "FFFF");
-  test_eq(0, format_hex_number_sigsafe(0xffff, buf, 4));
-  test_eq(0, format_hex_number_sigsafe(0, buf, 1));
+  tt_int_op(4,OP_EQ, format_hex_number_sigsafe(0xffff, buf, 5));
+  tt_str_op(buf,OP_EQ, "FFFF");
+  tt_int_op(0,OP_EQ, format_hex_number_sigsafe(0xffff, buf, 4));
+  tt_int_op(0,OP_EQ, format_hex_number_sigsafe(0, buf, 1));
 
  done:
   return;
@@ -2922,21 +3510,21 @@ test_util_format_dec_number(void *ptr)
 
   for (i = 0; test_data[i].str != NULL; ++i) {
     len = format_dec_number_sigsafe(test_data[i].x, buf, sizeof(buf));
-    test_neq(len, 0);
-    test_eq(len, strlen(buf));
-    test_streq(buf, test_data[i].str);
+    tt_int_op(len,OP_NE, 0);
+    tt_int_op(len,OP_EQ, strlen(buf));
+    tt_str_op(buf,OP_EQ, test_data[i].str);
 
     len = format_dec_number_sigsafe(test_data[i].x, buf,
                                     (int)(strlen(test_data[i].str) + 1));
-    test_eq(len, strlen(buf));
-    test_streq(buf, test_data[i].str);
+    tt_int_op(len,OP_EQ, strlen(buf));
+    tt_str_op(buf,OP_EQ, test_data[i].str);
   }
 
-  test_eq(4, format_dec_number_sigsafe(7331, buf, 5));
-  test_streq(buf, "7331");
-  test_eq(0, format_dec_number_sigsafe(7331, buf, 4));
-  test_eq(1, format_dec_number_sigsafe(0, buf, 2));
-  test_eq(0, format_dec_number_sigsafe(0, buf, 1));
+  tt_int_op(4,OP_EQ, format_dec_number_sigsafe(7331, buf, 5));
+  tt_str_op(buf,OP_EQ, "7331");
+  tt_int_op(0,OP_EQ, format_dec_number_sigsafe(7331, buf, 4));
+  tt_int_op(1,OP_EQ, format_dec_number_sigsafe(0, buf, 2));
+  tt_int_op(0,OP_EQ, format_dec_number_sigsafe(0, buf, 1));
 
  done:
   return;
@@ -2985,7 +3573,7 @@ test_util_join_win_cmdline(void *ptr)
   for (i=0; cmdlines[i]!=NULL; i++) {
     log_info(LD_GENERAL, "Joining argvs[%d], expecting <%s>", i, cmdlines[i]);
     joined_argv = tor_join_win_cmdline(argvs[i]);
-    test_streq(cmdlines[i], joined_argv);
+    tt_str_op(cmdlines[i],OP_EQ, joined_argv);
     tor_free(joined_argv);
   }
 
@@ -3040,17 +3628,17 @@ test_util_split_lines(void *ptr)
              i, tests[i].orig_length);
     SMARTLIST_FOREACH_BEGIN(sl, const char *, line) {
       /* Check we have not got too many lines */
-      test_assert(j < MAX_SPLIT_LINE_COUNT);
+      tt_int_op(MAX_SPLIT_LINE_COUNT, OP_GT, j);
       /* Check that there actually should be a line here */
-      test_assert(tests[i].split_line[j] != NULL);
+      tt_assert(tests[i].split_line[j] != NULL);
       log_info(LD_GENERAL, "Line %d of test %d, should be <%s>",
                j, i, tests[i].split_line[j]);
       /* Check that the line is as expected */
-      test_streq(line, tests[i].split_line[j]);
+      tt_str_op(line,OP_EQ, tests[i].split_line[j]);
       j++;
     } SMARTLIST_FOREACH_END(line);
     /* Check that we didn't miss some lines */
-    test_eq_ptr(NULL, tests[i].split_line[j]);
+    tt_ptr_op(NULL,OP_EQ, tests[i].split_line[j]);
     tor_free(orig_line);
     smartlist_free(sl);
     sl = NULL;
@@ -3062,7 +3650,7 @@ test_util_split_lines(void *ptr)
 }
 
 static void
-test_util_di_ops(void)
+test_util_di_ops(void *arg)
 {
 #define LT -1
 #define GT 1
@@ -3082,10 +3670,11 @@ test_util_di_ops(void)
 
   int i;
 
+  (void)arg;
   for (i = 0; examples[i].a; ++i) {
     size_t len = strlen(examples[i].a);
     int eq1, eq2, neq1, neq2, cmp1, cmp2;
-    test_eq(len, strlen(examples[i].b));
+    tt_int_op(len,OP_EQ, strlen(examples[i].b));
     /* We do all of the operations, with operands in both orders. */
     eq1 = tor_memeq(examples[i].a, examples[i].b, len);
     eq2 = tor_memeq(examples[i].b, examples[i].a, len);
@@ -3096,34 +3685,98 @@ test_util_di_ops(void)
 
     /* Check for correctness of cmp1 */
     if (cmp1 < 0 && examples[i].want_sign != LT)
-      test_fail();
+      TT_DIE(("Assertion failed."));
     else if (cmp1 > 0 && examples[i].want_sign != GT)
-      test_fail();
+      TT_DIE(("Assertion failed."));
     else if (cmp1 == 0 && examples[i].want_sign != EQ)
-      test_fail();
+      TT_DIE(("Assertion failed."));
 
     /* Check for consistency of everything else with cmp1 */
-    test_eq(eq1, eq2);
-    test_eq(neq1, neq2);
-    test_eq(cmp1, -cmp2);
-    test_eq(eq1, cmp1 == 0);
-    test_eq(neq1, !eq1);
+    tt_int_op(eq1,OP_EQ, eq2);
+    tt_int_op(neq1,OP_EQ, neq2);
+    tt_int_op(cmp1,OP_EQ, -cmp2);
+    tt_int_op(eq1,OP_EQ, cmp1 == 0);
+    tt_int_op(neq1,OP_EQ, !eq1);
   }
 
-  tt_int_op(1, ==, safe_mem_is_zero("", 0));
-  tt_int_op(1, ==, safe_mem_is_zero("", 1));
-  tt_int_op(0, ==, safe_mem_is_zero("a", 1));
-  tt_int_op(0, ==, safe_mem_is_zero("a", 2));
-  tt_int_op(0, ==, safe_mem_is_zero("\0a", 2));
-  tt_int_op(1, ==, safe_mem_is_zero("\0\0a", 2));
-  tt_int_op(1, ==, safe_mem_is_zero("\0\0\0\0\0\0\0\0", 8));
-  tt_int_op(1, ==, safe_mem_is_zero("\0\0\0\0\0\0\0\0a", 8));
-  tt_int_op(0, ==, safe_mem_is_zero("\0\0\0\0\0\0\0\0a", 9));
+  {
+    uint8_t zz = 0;
+    uint8_t ii = 0;
+    int z;
+
+    /* exhaustively test tor_memeq and tor_memcmp
+     * against each possible single-byte numeric difference
+     * some arithmetic bugs only appear with certain bit patterns */
+    for (z = 0; z < 256; z++) {
+      for (i = 0; i < 256; i++) {
+        ii = (uint8_t)i;
+        zz = (uint8_t)z;
+        tt_int_op(tor_memeq(&zz, &ii, 1),OP_EQ, zz == ii);
+        tt_int_op(tor_memcmp(&zz, &ii, 1) > 0 ? GT : EQ,OP_EQ,
+                  zz > ii ? GT : EQ);
+        tt_int_op(tor_memcmp(&ii, &zz, 1) < 0 ? LT : EQ,OP_EQ,
+                  ii < zz ? LT : EQ);
+      }
+    }
+  }
+
+  tt_int_op(1, OP_EQ, safe_mem_is_zero("", 0));
+  tt_int_op(1, OP_EQ, safe_mem_is_zero("", 1));
+  tt_int_op(0, OP_EQ, safe_mem_is_zero("a", 1));
+  tt_int_op(0, OP_EQ, safe_mem_is_zero("a", 2));
+  tt_int_op(0, OP_EQ, safe_mem_is_zero("\0a", 2));
+  tt_int_op(1, OP_EQ, safe_mem_is_zero("\0\0a", 2));
+  tt_int_op(1, OP_EQ, safe_mem_is_zero("\0\0\0\0\0\0\0\0", 8));
+  tt_int_op(1, OP_EQ, safe_mem_is_zero("\0\0\0\0\0\0\0\0a", 8));
+  tt_int_op(0, OP_EQ, safe_mem_is_zero("\0\0\0\0\0\0\0\0a", 9));
 
  done:
   ;
 }
 
+static void
+test_util_di_map(void *arg)
+{
+  (void)arg;
+  di_digest256_map_t *dimap = NULL;
+  uint8_t key1[] = "Robert Anton Wilson            ";
+  uint8_t key2[] = "Martin Gardner, _Fads&fallacies";
+  uint8_t key3[] = "Tom Lehrer, _Be Prepared_.     ";
+  uint8_t key4[] = "Ursula Le Guin,_A Wizard of... ";
+
+  char dflt_entry[] = "'You have made a good beginning', but no more";
+
+  tt_int_op(32, ==, sizeof(key1));
+  tt_int_op(32, ==, sizeof(key2));
+  tt_int_op(32, ==, sizeof(key3));
+
+  tt_ptr_op(dflt_entry, ==, dimap_search(dimap, key1, dflt_entry));
+
+  char *str1 = tor_strdup("You are precisely as big as what you love"
+                          " and precisely as small as what you allow"
+                          " to annoy you.");
+  char *str2 = tor_strdup("Let us hope that Lysenko's success in Russia will"
+                          " serve for many generations to come as another"
+                          " reminder to the world of how quickly and easily"
+                          " a science can be corrupted when ignorant"
+                          " political leaders deem themselves competent"
+                          " to arbitrate scientific disputes");
+  char *str3 = tor_strdup("Don't write naughty words on walls "
+                          "if you can't spell.");
+
+  dimap_add_entry(&dimap, key1, str1);
+  dimap_add_entry(&dimap, key2, str2);
+  dimap_add_entry(&dimap, key3, str3);
+
+  tt_ptr_op(str1, ==, dimap_search(dimap, key1, dflt_entry));
+  tt_ptr_op(str3, ==, dimap_search(dimap, key3, dflt_entry));
+  tt_ptr_op(str2, ==, dimap_search(dimap, key2, dflt_entry));
+  tt_ptr_op(dflt_entry, ==, dimap_search(dimap, key4, dflt_entry));
+
+ done:
+  dimap_free(dimap, tor_free_);
+}
+
 /**
  * Test counting high bits
  */
@@ -3131,12 +3784,12 @@ static void
 test_util_n_bits_set(void *ptr)
 {
   (void)ptr;
-  test_eq(0, n_bits_set_u8(0));
-  test_eq(1, n_bits_set_u8(1));
-  test_eq(3, n_bits_set_u8(7));
-  test_eq(1, n_bits_set_u8(8));
-  test_eq(2, n_bits_set_u8(129));
-  test_eq(8, n_bits_set_u8(255));
+  tt_int_op(0,OP_EQ, n_bits_set_u8(0));
+  tt_int_op(1,OP_EQ, n_bits_set_u8(1));
+  tt_int_op(3,OP_EQ, n_bits_set_u8(7));
+  tt_int_op(1,OP_EQ, n_bits_set_u8(8));
+  tt_int_op(2,OP_EQ, n_bits_set_u8(129));
+  tt_int_op(8,OP_EQ, n_bits_set_u8(255));
  done:
   ;
 }
@@ -3157,78 +3810,82 @@ test_util_eat_whitespace(void *ptr)
   strlcpy(str, "fuubaar", sizeof(str));
   for (i = 0; i < sizeof(ws); ++i) {
     str[0] = ws[i];
-    test_eq_ptr(str + 1, eat_whitespace(str));
-    test_eq_ptr(str + 1, eat_whitespace_eos(str, str + strlen(str)));
-    test_eq_ptr(str + 1, eat_whitespace_no_nl(str));
-    test_eq_ptr(str + 1, eat_whitespace_eos_no_nl(str, str + strlen(str)));
+    tt_ptr_op(str + 1,OP_EQ, eat_whitespace(str));
+    tt_ptr_op(str + 1,OP_EQ, eat_whitespace_eos(str, str + strlen(str)));
+    tt_ptr_op(str + 1,OP_EQ, eat_whitespace_no_nl(str));
+    tt_ptr_op(str + 1,OP_EQ, eat_whitespace_eos_no_nl(str, str + strlen(str)));
   }
   str[0] = '\n';
-  test_eq_ptr(str + 1, eat_whitespace(str));
-  test_eq_ptr(str + 1, eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str,     eat_whitespace_no_nl(str));
-  test_eq_ptr(str,     eat_whitespace_eos_no_nl(str, str + strlen(str)));
+  tt_ptr_op(str + 1,OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str + 1,OP_EQ, eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str,OP_EQ,     eat_whitespace_no_nl(str));
+  tt_ptr_op(str,OP_EQ,     eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   /* Empty string */
   strlcpy(str, "", sizeof(str));
-  test_eq_ptr(str, eat_whitespace(str));
-  test_eq_ptr(str, eat_whitespace_eos(str, str));
-  test_eq_ptr(str, eat_whitespace_no_nl(str));
-  test_eq_ptr(str, eat_whitespace_eos_no_nl(str, str));
+  tt_ptr_op(str,OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_eos(str, str));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_eos_no_nl(str, str));
 
   /* Only ws */
   strlcpy(str, " \t\r\n", sizeof(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str + strlen(str) - 1,
+  tt_ptr_op(str + strlen(str),OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str + strlen(str),OP_EQ,
+            eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str + strlen(str) - 1,OP_EQ,
               eat_whitespace_no_nl(str));
-  test_eq_ptr(str + strlen(str) - 1,
+  tt_ptr_op(str + strlen(str) - 1,OP_EQ,
               eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   strlcpy(str, " \t\r ", sizeof(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace(str));
-  test_eq_ptr(str + strlen(str),
+  tt_ptr_op(str + strlen(str),OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str + strlen(str),OP_EQ,
               eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str + strlen(str), eat_whitespace_no_nl(str));
-  test_eq_ptr(str + strlen(str),
+  tt_ptr_op(str + strlen(str),OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str + strlen(str),OP_EQ,
               eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   /* Multiple ws */
   strlcpy(str, "fuubaar", sizeof(str));
   for (i = 0; i < sizeof(ws); ++i)
     str[i] = ws[i];
-  test_eq_ptr(str + sizeof(ws), eat_whitespace(str));
-  test_eq_ptr(str + sizeof(ws), eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str + sizeof(ws), eat_whitespace_no_nl(str));
-  test_eq_ptr(str + sizeof(ws),
+  tt_ptr_op(str + sizeof(ws),OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str + sizeof(ws),OP_EQ,
+            eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str + sizeof(ws),OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str + sizeof(ws),OP_EQ,
               eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   /* Eat comment */
   strlcpy(str, "# Comment \n No Comment", sizeof(str));
-  test_streq("No Comment", eat_whitespace(str));
-  test_streq("No Comment", eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str, eat_whitespace_no_nl(str));
-  test_eq_ptr(str, eat_whitespace_eos_no_nl(str, str + strlen(str)));
+  tt_str_op("No Comment",OP_EQ, eat_whitespace(str));
+  tt_str_op("No Comment",OP_EQ, eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   /* Eat comment & ws mix */
   strlcpy(str, " # \t Comment \n\t\nNo Comment", sizeof(str));
-  test_streq("No Comment", eat_whitespace(str));
-  test_streq("No Comment", eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str + 1, eat_whitespace_no_nl(str));
-  test_eq_ptr(str + 1, eat_whitespace_eos_no_nl(str, str + strlen(str)));
+  tt_str_op("No Comment",OP_EQ, eat_whitespace(str));
+  tt_str_op("No Comment",OP_EQ, eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str + 1,OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str + 1,OP_EQ, eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   /* Eat entire comment */
   strlcpy(str, "#Comment", sizeof(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str, eat_whitespace_no_nl(str));
-  test_eq_ptr(str, eat_whitespace_eos_no_nl(str, str + strlen(str)));
+  tt_ptr_op(str + strlen(str),OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str + strlen(str),OP_EQ,
+            eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str,OP_EQ, eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
   /* Blank line, then comment */
   strlcpy(str, " \t\n # Comment", sizeof(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace(str));
-  test_eq_ptr(str + strlen(str), eat_whitespace_eos(str, str + strlen(str)));
-  test_eq_ptr(str + 2, eat_whitespace_no_nl(str));
-  test_eq_ptr(str + 2, eat_whitespace_eos_no_nl(str, str + strlen(str)));
+  tt_ptr_op(str + strlen(str),OP_EQ, eat_whitespace(str));
+  tt_ptr_op(str + strlen(str),OP_EQ,
+            eat_whitespace_eos(str, str + strlen(str)));
+  tt_ptr_op(str + 2,OP_EQ, eat_whitespace_no_nl(str));
+  tt_ptr_op(str + 2,OP_EQ, eat_whitespace_eos_no_nl(str, str + strlen(str)));
 
  done:
   ;
@@ -3267,11 +3924,11 @@ test_util_sl_new_from_text_lines(void *ptr)
     smartlist_t *sl = smartlist_new_from_text_lines("foo\nbar\nbaz\n");
     int sl_len = smartlist_len(sl);
 
-    tt_want_int_op(sl_len, ==, 3);
+    tt_want_int_op(sl_len, OP_EQ, 3);
 
-    if (sl_len > 0) tt_want_str_op(smartlist_get(sl, 0), ==, "foo");
-    if (sl_len > 1) tt_want_str_op(smartlist_get(sl, 1), ==, "bar");
-    if (sl_len > 2) tt_want_str_op(smartlist_get(sl, 2), ==, "baz");
+    if (sl_len > 0) tt_want_str_op(smartlist_get(sl, 0), OP_EQ, "foo");
+    if (sl_len > 1) tt_want_str_op(smartlist_get(sl, 1), OP_EQ, "bar");
+    if (sl_len > 2) tt_want_str_op(smartlist_get(sl, 2), OP_EQ, "baz");
 
     SMARTLIST_FOREACH(sl, void *, x, tor_free(x));
     smartlist_free(sl);
@@ -3281,11 +3938,11 @@ test_util_sl_new_from_text_lines(void *ptr)
     smartlist_t *sl = smartlist_new_from_text_lines("foo\nbar\nbaz");
     int sl_len = smartlist_len(sl);
 
-    tt_want_int_op(sl_len, ==, 3);
+    tt_want_int_op(sl_len, OP_EQ, 3);
 
-    if (sl_len > 0) tt_want_str_op(smartlist_get(sl, 0), ==, "foo");
-    if (sl_len > 1) tt_want_str_op(smartlist_get(sl, 1), ==, "bar");
-    if (sl_len > 2) tt_want_str_op(smartlist_get(sl, 2), ==, "baz");
+    if (sl_len > 0) tt_want_str_op(smartlist_get(sl, 0), OP_EQ, "foo");
+    if (sl_len > 1) tt_want_str_op(smartlist_get(sl, 1), OP_EQ, "bar");
+    if (sl_len > 2) tt_want_str_op(smartlist_get(sl, 2), OP_EQ, "baz");
 
     SMARTLIST_FOREACH(sl, void *, x, tor_free(x));
     smartlist_free(sl);
@@ -3295,9 +3952,9 @@ test_util_sl_new_from_text_lines(void *ptr)
     smartlist_t *sl = smartlist_new_from_text_lines("foo");
     int sl_len = smartlist_len(sl);
 
-    tt_want_int_op(sl_len, ==, 1);
+    tt_want_int_op(sl_len, OP_EQ, 1);
 
-    if (sl_len > 0) tt_want_str_op(smartlist_get(sl, 0), ==, "foo");
+    if (sl_len > 0) tt_want_str_op(smartlist_get(sl, 0), OP_EQ, "foo");
 
     SMARTLIST_FOREACH(sl, void *, x, tor_free(x));
     smartlist_free(sl);
@@ -3307,7 +3964,7 @@ test_util_sl_new_from_text_lines(void *ptr)
     smartlist_t *sl = smartlist_new_from_text_lines("");
     int sl_len = smartlist_len(sl);
 
-    tt_want_int_op(sl_len, ==, 0);
+    tt_want_int_op(sl_len, OP_EQ, 0);
 
     SMARTLIST_FOREACH(sl, void *, x, tor_free(x));
     smartlist_free(sl);
@@ -3390,7 +4047,7 @@ test_util_make_environment(void *ptr)
   smartlist_sort_strings(env_vars_sorted);
   smartlist_sort_strings(env_vars_in_unixoid_env_block_sorted);
 
-  tt_want_int_op(smartlist_len(env_vars_sorted), ==,
+  tt_want_int_op(smartlist_len(env_vars_sorted), OP_EQ,
                  smartlist_len(env_vars_in_unixoid_env_block_sorted));
   {
     int len = smartlist_len(env_vars_sorted);
@@ -3401,7 +4058,7 @@ test_util_make_environment(void *ptr)
     }
 
     for (i = 0; i < len; ++i) {
-      tt_want_str_op(smartlist_get(env_vars_sorted, i), ==,
+      tt_want_str_op(smartlist_get(env_vars_sorted, i), OP_EQ,
                      smartlist_get(env_vars_in_unixoid_env_block_sorted, i));
     }
   }
@@ -3483,7 +4140,7 @@ test_util_set_env_var_in_sl(void *ptr)
   smartlist_sort_strings(merged_env_vars);
   smartlist_sort_strings(expected_resulting_env_vars);
 
-  tt_want_int_op(smartlist_len(merged_env_vars), ==,
+  tt_want_int_op(smartlist_len(merged_env_vars), OP_EQ,
                  smartlist_len(expected_resulting_env_vars));
   {
     int len = smartlist_len(merged_env_vars);
@@ -3494,7 +4151,7 @@ test_util_set_env_var_in_sl(void *ptr)
     }
 
     for (i = 0; i < len; ++i) {
-      tt_want_str_op(smartlist_get(merged_env_vars, i), ==,
+      tt_want_str_op(smartlist_get(merged_env_vars, i), OP_EQ,
                      smartlist_get(expected_resulting_env_vars, i));
     }
   }
@@ -3521,8 +4178,8 @@ test_util_weak_random(void *arg)
   for (i = 1; i <= 256; ++i) {
     for (j=0;j<100;++j) {
       int r = tor_weak_random_range(&rng, i);
-      tt_int_op(0, <=, r);
-      tt_int_op(r, <, i);
+      tt_int_op(0, OP_LE, r);
+      tt_int_op(r, OP_LT, i);
     }
   }
 
@@ -3532,7 +4189,7 @@ test_util_weak_random(void *arg)
   }
 
   for (i=0;i<16;++i)
-    tt_int_op(n[i], >, 0);
+    tt_int_op(n[i], OP_GT, 0);
  done:
   ;
 }
@@ -3544,9 +4201,9 @@ test_util_mathlog(void *arg)
   (void) arg;
 
   d = tor_mathlog(2.718281828);
-  tt_double_op(fabs(d - 1.0), <, .000001);
+  tt_double_op(fabs(d - 1.0), OP_LT, .000001);
   d = tor_mathlog(10);
-  tt_double_op(fabs(d - 2.30258509), <, .000001);
+  tt_double_op(fabs(d - 2.30258509), OP_LT, .000001);
  done:
   ;
 }
@@ -3556,42 +4213,230 @@ test_util_round_to_next_multiple_of(void *arg)
 {
   (void)arg;
 
-  test_assert(round_uint64_to_next_multiple_of(0,1) == 0);
-  test_assert(round_uint64_to_next_multiple_of(0,7) == 0);
+  tt_u64_op(round_uint64_to_next_multiple_of(0,1), ==, 0);
+  tt_u64_op(round_uint64_to_next_multiple_of(0,7), ==, 0);
+
+  tt_u64_op(round_uint64_to_next_multiple_of(99,1), ==, 99);
+  tt_u64_op(round_uint64_to_next_multiple_of(99,7), ==, 105);
+  tt_u64_op(round_uint64_to_next_multiple_of(99,9), ==, 99);
+
+  tt_u64_op(round_uint64_to_next_multiple_of(UINT64_MAX,2), ==,
+            UINT64_MAX);
+
+  tt_i64_op(round_int64_to_next_multiple_of(0,1), ==, 0);
+  tt_i64_op(round_int64_to_next_multiple_of(0,7), ==, 0);
+
+  tt_i64_op(round_int64_to_next_multiple_of(99,1), ==, 99);
+  tt_i64_op(round_int64_to_next_multiple_of(99,7), ==, 105);
+  tt_i64_op(round_int64_to_next_multiple_of(99,9), ==, 99);
+
+  tt_i64_op(round_int64_to_next_multiple_of(-99,1), ==, -99);
+  tt_i64_op(round_int64_to_next_multiple_of(-99,7), ==, -98);
+  tt_i64_op(round_int64_to_next_multiple_of(-99,9), ==, -99);
 
-  test_assert(round_uint64_to_next_multiple_of(99,1) == 99);
-  test_assert(round_uint64_to_next_multiple_of(99,7) == 105);
-  test_assert(round_uint64_to_next_multiple_of(99,9) == 99);
+  tt_i64_op(round_int64_to_next_multiple_of(INT64_MIN,2), ==, INT64_MIN);
+  tt_i64_op(round_int64_to_next_multiple_of(INT64_MAX,2), ==,
+                                            INT64_MAX);
 
+  tt_int_op(round_uint32_to_next_multiple_of(0,1), ==, 0);
+  tt_int_op(round_uint32_to_next_multiple_of(0,7), ==, 0);
+
+  tt_int_op(round_uint32_to_next_multiple_of(99,1), ==, 99);
+  tt_int_op(round_uint32_to_next_multiple_of(99,7), ==, 105);
+  tt_int_op(round_uint32_to_next_multiple_of(99,9), ==, 99);
+
+  tt_int_op(round_uint32_to_next_multiple_of(UINT32_MAX,2), ==,
+            UINT32_MAX);
+
+  tt_uint_op(round_to_next_multiple_of(0,1), ==, 0);
+  tt_uint_op(round_to_next_multiple_of(0,7), ==, 0);
+
+  tt_uint_op(round_to_next_multiple_of(99,1), ==, 99);
+  tt_uint_op(round_to_next_multiple_of(99,7), ==, 105);
+  tt_uint_op(round_to_next_multiple_of(99,9), ==, 99);
+
+  tt_uint_op(round_to_next_multiple_of(UINT_MAX,2), ==,
+            UINT_MAX);
  done:
   ;
 }
 
 static void
-test_util_strclear(void *arg)
+test_util_laplace(void *arg)
 {
-  static const char *vals[] = { "", "a", "abcdef", "abcdefgh", NULL };
-  int i;
-  char *v = NULL;
+  /* Sample values produced using Python's SciPy:
+   *
+   * >>> from scipy.stats import laplace
+   * >>> laplace.ppf([-0.01, 0.0, 0.01, 0.5, 0.51, 0.99, 1.0, 1.01],
+     ...             loc = 24, scale = 24)
+   * array([          nan,          -inf,  -69.88855213,   24.        ,
+   *          24.48486498,  117.88855213,           inf,           nan])
+   */
+  const double mu = 24.0, b = 24.0;
+  const double delta_f = 15.0, epsilon = 0.3; /* b = 15.0 / 0.3 = 50.0 */
   (void)arg;
 
-  for (i = 0; vals[i]; ++i) {
-    size_t n;
-    v = tor_strdup(vals[i]);
-    n = strlen(v);
-    tor_strclear(v);
-    tt_assert(tor_mem_is_zero(v, n+1));
-    tor_free(v);
-  }
+  tt_i64_op(INT64_MIN, ==, sample_laplace_distribution(mu, b, 0.0));
+  tt_i64_op(-69, ==, sample_laplace_distribution(mu, b, 0.01));
+  tt_i64_op(24, ==, sample_laplace_distribution(mu, b, 0.5));
+  tt_i64_op(24, ==, sample_laplace_distribution(mu, b, 0.51));
+  tt_i64_op(117, ==, sample_laplace_distribution(mu, b, 0.99));
+
+  /* >>> laplace.ppf([0.0, 0.1, 0.25, 0.5, 0.75, 0.9, 0.99],
+   * ...             loc = 0, scale = 50)
+   * array([         -inf,  -80.47189562,  -34.65735903,    0.        ,
+   *          34.65735903,   80.47189562,  195.60115027])
+   */
+  tt_i64_op(INT64_MIN + 20, ==,
+            add_laplace_noise(20, 0.0, delta_f, epsilon));
+
+  tt_i64_op(-60, ==, add_laplace_noise(20, 0.1, delta_f, epsilon));
+  tt_i64_op(-14, ==, add_laplace_noise(20, 0.25, delta_f, epsilon));
+  tt_i64_op(20, ==, add_laplace_noise(20, 0.5, delta_f, epsilon));
+  tt_i64_op(54, ==, add_laplace_noise(20, 0.75, delta_f, epsilon));
+  tt_i64_op(100, ==, add_laplace_noise(20, 0.9, delta_f, epsilon));
+  tt_i64_op(215, ==, add_laplace_noise(20, 0.99, delta_f, epsilon));
+
+  /* Test extreme values of signal with maximally negative values of noise
+   * 1.0000000000000002 is the smallest number > 1
+   * 0.0000000000000002 is the double epsilon (error when calculating near 1)
+   * this is approximately 1/(2^52)
+   * per https://en.wikipedia.org/wiki/Double_precision
+   * (let's not descend into the world of subnormals)
+   * >>> laplace.ppf([0, 0.0000000000000002], loc = 0, scale = 1)
+   * array([        -inf, -35.45506713])
+   */
+  const double noscale_df = 1.0, noscale_eps = 1.0;
+
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(0, 0.0, noscale_df, noscale_eps));
+
+  /* is it clipped to INT64_MIN? */
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(-1, 0.0, noscale_df, noscale_eps));
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(INT64_MIN, 0.0,
+                              noscale_df, noscale_eps));
+  /* ... even when scaled? */
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(0, 0.0, delta_f, epsilon));
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(0, 0.0,
+                              DBL_MAX, 1));
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(INT64_MIN, 0.0,
+                              DBL_MAX, 1));
+
+  /* does it play nice with INT64_MAX? */
+  tt_i64_op((INT64_MIN + INT64_MAX), ==,
+            add_laplace_noise(INT64_MAX, 0.0,
+                              noscale_df, noscale_eps));
+
+  /* do near-zero fractional values work? */
+  const double min_dbl_error = 0.0000000000000002;
+
+  tt_i64_op(-35, ==,
+            add_laplace_noise(0, min_dbl_error,
+                              noscale_df, noscale_eps));
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(INT64_MIN, min_dbl_error,
+                              noscale_df, noscale_eps));
+  tt_i64_op((-35 + INT64_MAX), ==,
+            add_laplace_noise(INT64_MAX, min_dbl_error,
+                              noscale_df, noscale_eps));
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(0, min_dbl_error,
+                              DBL_MAX, 1));
+  tt_i64_op((INT64_MAX + INT64_MIN), ==,
+            add_laplace_noise(INT64_MAX, min_dbl_error,
+                              DBL_MAX, 1));
+  tt_i64_op(INT64_MIN, ==,
+            add_laplace_noise(INT64_MIN, min_dbl_error,
+                              DBL_MAX, 1));
+
+  /* does it play nice with INT64_MAX? */
+  tt_i64_op((INT64_MAX - 35), ==,
+            add_laplace_noise(INT64_MAX, min_dbl_error,
+                              noscale_df, noscale_eps));
+
+  /* Test extreme values of signal with maximally positive values of noise
+   * 1.0000000000000002 is the smallest number > 1
+   * 0.9999999999999998 is the greatest number < 1 by calculation
+   * per https://en.wikipedia.org/wiki/Double_precision
+   * >>> laplace.ppf([1.0, 0.9999999999999998], loc = 0, scale = 1)
+   * array([inf,  35.35050621])
+   * but the function rejects p == 1.0, so we just use max_dbl_lt_one
+   */
+  const double max_dbl_lt_one = 0.9999999999999998;
+
+  /* do near-one fractional values work? */
+  tt_i64_op(35, ==,
+            add_laplace_noise(0, max_dbl_lt_one, noscale_df, noscale_eps));
+
+  /* is it clipped to INT64_MAX? */
+  tt_i64_op(INT64_MAX, ==,
+            add_laplace_noise(INT64_MAX - 35, max_dbl_lt_one,
+                              noscale_df, noscale_eps));
+  tt_i64_op(INT64_MAX, ==,
+            add_laplace_noise(INT64_MAX - 34, max_dbl_lt_one,
+                              noscale_df, noscale_eps));
+  tt_i64_op(INT64_MAX, ==,
+            add_laplace_noise(INT64_MAX, max_dbl_lt_one,
+                              noscale_df, noscale_eps));
+  /* ... even when scaled? */
+  tt_i64_op(INT64_MAX, ==,
+            add_laplace_noise(INT64_MAX, max_dbl_lt_one,
+                              delta_f, epsilon));
+  tt_i64_op((INT64_MIN + INT64_MAX), ==,
+            add_laplace_noise(INT64_MIN, max_dbl_lt_one,
+                              DBL_MAX, 1));
+  tt_i64_op(INT64_MAX, ==,
+            add_laplace_noise(INT64_MAX, max_dbl_lt_one,
+                              DBL_MAX, 1));
+  /* does it play nice with INT64_MIN? */
+  tt_i64_op((INT64_MIN + 35), ==,
+            add_laplace_noise(INT64_MIN, max_dbl_lt_one,
+                              noscale_df, noscale_eps));
+
  done:
-  tor_free(v);
+  ;
 }
 
-#define UTIL_LEGACY(name)                                               \
-  { #name, legacy_test_helper, 0, &legacy_setup, test_util_ ## name }
+static void
+test_util_clamp_double_to_int64(void *arg)
+{
+  (void)arg;
 
-#define UTIL_TEST(name, flags)                          \
-  { #name, test_util_ ## name, flags, NULL, NULL }
+  tt_i64_op(INT64_MIN, ==, clamp_double_to_int64(-INFINITY));
+  tt_i64_op(INT64_MIN, ==,
+            clamp_double_to_int64(-1.0 * pow(2.0, 64.0) - 1.0));
+  tt_i64_op(INT64_MIN, ==,
+            clamp_double_to_int64(-1.0 * pow(2.0, 63.0) - 1.0));
+  tt_i64_op(((uint64_t) -1) << 53, ==,
+            clamp_double_to_int64(-1.0 * pow(2.0, 53.0)));
+  tt_i64_op((((uint64_t) -1) << 53) + 1, ==,
+            clamp_double_to_int64(-1.0 * pow(2.0, 53.0) + 1.0));
+  tt_i64_op(-1, ==, clamp_double_to_int64(-1.0));
+  tt_i64_op(0, ==, clamp_double_to_int64(-0.9));
+  tt_i64_op(0, ==, clamp_double_to_int64(-0.1));
+  tt_i64_op(0, ==, clamp_double_to_int64(0.0));
+  tt_i64_op(0, ==, clamp_double_to_int64(NAN));
+  tt_i64_op(0, ==, clamp_double_to_int64(0.1));
+  tt_i64_op(0, ==, clamp_double_to_int64(0.9));
+  tt_i64_op(1, ==, clamp_double_to_int64(1.0));
+  tt_i64_op((((int64_t) 1) << 53) - 1, ==,
+            clamp_double_to_int64(pow(2.0, 53.0) - 1.0));
+  tt_i64_op(((int64_t) 1) << 53, ==,
+            clamp_double_to_int64(pow(2.0, 53.0)));
+  tt_i64_op(INT64_MAX, ==,
+            clamp_double_to_int64(pow(2.0, 63.0)));
+  tt_i64_op(INT64_MAX, ==,
+            clamp_double_to_int64(pow(2.0, 64.0)));
+  tt_i64_op(INT64_MAX, ==, clamp_double_to_int64(INFINITY));
+
+ done:
+  ;
+}
 
 #ifdef FD_CLOEXEC
 #define CAN_CHECK_CLOEXEC
@@ -3613,9 +4458,14 @@ fd_is_nonblocking(tor_socket_t fd)
 }
 #endif
 
+#define ERRNO_IS_EPROTO(e)    (e == SOCK_ERRNO(EPROTONOSUPPORT))
+#define SOCK_ERR_IS_EPROTO(s) ERRNO_IS_EPROTO(tor_socket_errno(s))
+
+/* Test for tor_open_socket*, using IPv4 or IPv6 depending on arg. */
 static void
 test_util_socket(void *arg)
 {
+  const int domain = !strcmp(arg, "4") ? AF_INET : AF_INET6;
   tor_socket_t fd1 = TOR_INVALID_SOCKET;
   tor_socket_t fd2 = TOR_INVALID_SOCKET;
   tor_socket_t fd3 = TOR_INVALID_SOCKET;
@@ -3626,40 +4476,45 @@ test_util_socket(void *arg)
 
   (void)arg;
 
-  fd1 = tor_open_socket_with_extensions(AF_INET, SOCK_STREAM, 0, 0, 0);
-  fd2 = tor_open_socket_with_extensions(AF_INET, SOCK_STREAM, 0, 0, 1);
+  fd1 = tor_open_socket_with_extensions(domain, SOCK_STREAM, 0, 0, 0);
+  int err = tor_socket_errno(fd1);
+  if (fd1 < 0 && err == SOCK_ERRNO(EPROTONOSUPPORT)) {
+    /* Assume we're on an IPv4-only or IPv6-only system, and give up now. */
+    goto done;
+  }
+  fd2 = tor_open_socket_with_extensions(domain, SOCK_STREAM, 0, 0, 1);
   tt_assert(SOCKET_OK(fd1));
   tt_assert(SOCKET_OK(fd2));
-  tt_int_op(get_n_open_sockets(), ==, n + 2);
-  //fd3 = tor_open_socket_with_extensions(AF_INET, SOCK_STREAM, 0, 1, 0);
-  //fd4 = tor_open_socket_with_extensions(AF_INET, SOCK_STREAM, 0, 1, 1);
-  fd3 = tor_open_socket(AF_INET, SOCK_STREAM, 0);
-  fd4 = tor_open_socket_nonblocking(AF_INET, SOCK_STREAM, 0);
+  tt_int_op(get_n_open_sockets(), OP_EQ, n + 2);
+  //fd3 = tor_open_socket_with_extensions(domain, SOCK_STREAM, 0, 1, 0);
+  //fd4 = tor_open_socket_with_extensions(domain, SOCK_STREAM, 0, 1, 1);
+  fd3 = tor_open_socket(domain, SOCK_STREAM, 0);
+  fd4 = tor_open_socket_nonblocking(domain, SOCK_STREAM, 0);
   tt_assert(SOCKET_OK(fd3));
   tt_assert(SOCKET_OK(fd4));
-  tt_int_op(get_n_open_sockets(), ==, n + 4);
+  tt_int_op(get_n_open_sockets(), OP_EQ, n + 4);
 
 #ifdef CAN_CHECK_CLOEXEC
-  tt_int_op(fd_is_cloexec(fd1), ==, 0);
-  tt_int_op(fd_is_cloexec(fd2), ==, 0);
-  tt_int_op(fd_is_cloexec(fd3), ==, 1);
-  tt_int_op(fd_is_cloexec(fd4), ==, 1);
+  tt_int_op(fd_is_cloexec(fd1), OP_EQ, 0);
+  tt_int_op(fd_is_cloexec(fd2), OP_EQ, 0);
+  tt_int_op(fd_is_cloexec(fd3), OP_EQ, 1);
+  tt_int_op(fd_is_cloexec(fd4), OP_EQ, 1);
 #endif
 #ifdef CAN_CHECK_NONBLOCK
-  tt_int_op(fd_is_nonblocking(fd1), ==, 0);
-  tt_int_op(fd_is_nonblocking(fd2), ==, 1);
-  tt_int_op(fd_is_nonblocking(fd3), ==, 0);
-  tt_int_op(fd_is_nonblocking(fd4), ==, 1);
+  tt_int_op(fd_is_nonblocking(fd1), OP_EQ, 0);
+  tt_int_op(fd_is_nonblocking(fd2), OP_EQ, 1);
+  tt_int_op(fd_is_nonblocking(fd3), OP_EQ, 0);
+  tt_int_op(fd_is_nonblocking(fd4), OP_EQ, 1);
 #endif
 
   tor_close_socket(fd1);
   tor_close_socket(fd2);
   fd1 = fd2 = TOR_INVALID_SOCKET;
-  tt_int_op(get_n_open_sockets(), ==, n + 2);
+  tt_int_op(get_n_open_sockets(), OP_EQ, n + 2);
   tor_close_socket(fd3);
   tor_close_socket(fd4);
   fd3 = fd4 = TOR_INVALID_SOCKET;
-  tt_int_op(get_n_open_sockets(), ==, n);
+  tt_int_op(get_n_open_sockets(), OP_EQ, n);
 
  done:
   if (SOCKET_OK(fd1))
@@ -3672,23 +4527,6 @@ test_util_socket(void *arg)
     tor_close_socket(fd4);
 }
 
-static void *
-socketpair_test_setup(const struct testcase_t *testcase)
-{
-  return testcase->setup_data;
-}
-static int
-socketpair_test_cleanup(const struct testcase_t *testcase, void *ptr)
-{
-  (void)testcase;
-  (void)ptr;
-  return 1;
-}
-
-static const struct testcase_setup_t socketpair_setup = {
-  socketpair_test_setup, socketpair_test_cleanup
-};
-
 /* Test for socketpair and ersatz_socketpair().  We test them both, since
  * the latter is a tolerably good way to exersize tor_accept_socket(). */
 static void
@@ -3700,18 +4538,30 @@ test_util_socketpair(void *arg)
   int n = get_n_open_sockets();
   tor_socket_t fds[2] = {TOR_INVALID_SOCKET, TOR_INVALID_SOCKET};
   const int family = AF_UNIX;
+  int socketpair_result = 0;
+
+  socketpair_result = tor_socketpair_fn(family, SOCK_STREAM, 0, fds);
+  /* If there is no 127.0.0.1 or ::1, tor_ersatz_socketpair will and must fail.
+   * Otherwise, we risk exposing a socketpair on a routable IP address. (Some
+   * BSD jails use a routable address for localhost. Fortunately, they have
+   * the real AF_UNIX socketpair.) */
+  if (ersatz && ERRNO_IS_EPROTO(-socketpair_result)) {
+    /* In my testing, an IPv6-only FreeBSD jail without ::1 returned EINVAL.
+     * Assume we're on a machine without 127.0.0.1 or ::1 and give up now. */
+    goto done;
+  }
+  tt_int_op(0, OP_EQ, socketpair_result);
 
-  tt_int_op(0, ==, tor_socketpair_fn(family, SOCK_STREAM, 0, fds));
   tt_assert(SOCKET_OK(fds[0]));
   tt_assert(SOCKET_OK(fds[1]));
-  tt_int_op(get_n_open_sockets(), ==, n + 2);
+  tt_int_op(get_n_open_sockets(), OP_EQ, n + 2);
 #ifdef CAN_CHECK_CLOEXEC
-  tt_int_op(fd_is_cloexec(fds[0]), ==, 1);
-  tt_int_op(fd_is_cloexec(fds[1]), ==, 1);
+  tt_int_op(fd_is_cloexec(fds[0]), OP_EQ, 1);
+  tt_int_op(fd_is_cloexec(fds[1]), OP_EQ, 1);
 #endif
 #ifdef CAN_CHECK_NONBLOCK
-  tt_int_op(fd_is_nonblocking(fds[0]), ==, 0);
-  tt_int_op(fd_is_nonblocking(fds[1]), ==, 0);
+  tt_int_op(fd_is_nonblocking(fds[0]), OP_EQ, 0);
+  tt_int_op(fd_is_nonblocking(fds[1]), OP_EQ, 0);
 #endif
 
  done:
@@ -3721,6 +4571,8 @@ test_util_socketpair(void *arg)
     tor_close_socket(fds[1]);
 }
 
+#undef SOCKET_EPROTO
+
 static void
 test_util_max_mem(void *arg)
 {
@@ -3730,18 +4582,18 @@ test_util_max_mem(void *arg)
 
   r = get_total_system_memory(&memory1);
   r2 = get_total_system_memory(&memory2);
-  tt_int_op(r, ==, r2);
-  tt_uint_op(memory2, ==, memory1);
+  tt_int_op(r, OP_EQ, r2);
+  tt_uint_op(memory2, OP_EQ, memory1);
 
   TT_BLATHER(("System memory: "U64_FORMAT, U64_PRINTF_ARG(memory1)));
 
   if (r==0) {
     /* You have at least a megabyte. */
-    tt_uint_op(memory1, >, (1<<20));
+    tt_uint_op(memory1, OP_GT, (1<<20));
   } else {
     /* You do not have a petabyte. */
 #if SIZEOF_SIZE_T == SIZEOF_UINT64_T
-    tt_u64_op(memory1, <, (U64_LITERAL(1)<<50));
+    tt_u64_op(memory1, OP_LT, (U64_LITERAL(1)<<50));
 #endif
   }
 
@@ -3749,6 +4601,207 @@ test_util_max_mem(void *arg)
   ;
 }
 
+static void
+test_util_hostname_validation(void *arg)
+{
+  (void)arg;
+
+  // Lets try valid hostnames first.
+  tt_assert(string_is_valid_hostname("torproject.org"));
+  tt_assert(string_is_valid_hostname("ocw.mit.edu"));
+  tt_assert(string_is_valid_hostname("i.4cdn.org"));
+  tt_assert(string_is_valid_hostname("stanford.edu"));
+  tt_assert(string_is_valid_hostname("multiple-words-with-hypens.jp"));
+
+  // Subdomain name cannot start with '-' or '_'.
+  tt_assert(!string_is_valid_hostname("-torproject.org"));
+  tt_assert(!string_is_valid_hostname("subdomain.-domain.org"));
+  tt_assert(!string_is_valid_hostname("-subdomain.domain.org"));
+  tt_assert(!string_is_valid_hostname("___abc.org"));
+
+  // Hostnames cannot contain non-alphanumeric characters.
+  tt_assert(!string_is_valid_hostname("%%domain.\\org."));
+  tt_assert(!string_is_valid_hostname("***x.net"));
+  tt_assert(!string_is_valid_hostname("\xff\xffxyz.org"));
+  tt_assert(!string_is_valid_hostname("word1 word2.net"));
+
+  // Test workaround for nytimes.com stupidity, technically invalid,
+  // but we allow it since they are big, even though they are failing to
+  // comply with a ~30 year old standard.
+  tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
+
+  // Firefox passes FQDNs with trailing '.'s  directly to the SOCKS proxy,
+  // which is redundant since the spec states DOMAINNAME addresses are fully
+  // qualified.  While unusual, this should be tollerated.
+  tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com."));
+  tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com"));
+  tt_assert(!string_is_valid_hostname("so.is..ft.com"));
+  tt_assert(!string_is_valid_hostname("..."));
+
+  // XXX: do we allow single-label DNS names?
+  // We shouldn't for SOCKS (spec says "contains a fully-qualified domain name"
+  // but only test pathologically malformed traling '.' cases for now.
+  tt_assert(!string_is_valid_hostname("."));
+  tt_assert(!string_is_valid_hostname(".."));
+
+  done:
+  return;
+}
+
+static void
+test_util_ipv4_validation(void *arg)
+{
+  (void)arg;
+
+  tt_assert(string_is_valid_ipv4_address("192.168.0.1"));
+  tt_assert(string_is_valid_ipv4_address("8.8.8.8"));
+
+  tt_assert(!string_is_valid_ipv4_address("abcd"));
+  tt_assert(!string_is_valid_ipv4_address("300.300.300.300"));
+  tt_assert(!string_is_valid_ipv4_address("8.8."));
+
+  done:
+  return;
+}
+
+static void
+test_util_writepid(void *arg)
+{
+  (void) arg;
+
+  char *contents = NULL;
+  const char *fname = get_fname("tmp_pid");
+  unsigned long pid;
+  char c;
+
+  write_pidfile(fname);
+
+  contents = read_file_to_str(fname, 0, NULL);
+  tt_assert(contents);
+
+  int n = tor_sscanf(contents, "%lu\n%c", &pid, &c);
+  tt_int_op(n, OP_EQ, 1);
+
+#ifdef _WIN32
+  tt_uint_op(pid, OP_EQ, _getpid());
+#else
+  tt_uint_op(pid, OP_EQ, getpid());
+#endif
+
+ done:
+  tor_free(contents);
+}
+
+static void
+test_util_get_avail_disk_space(void *arg)
+{
+  (void) arg;
+  int64_t val;
+
+  /* No answer for nonexistent directory */
+  val = tor_get_avail_disk_space("/akljasdfklsajdklasjkldjsa");
+  tt_i64_op(val, OP_EQ, -1);
+
+  /* Try the current directory */
+  val = tor_get_avail_disk_space(".");
+
+#if !defined(HAVE_STATVFS) && !defined(_WIN32)
+  tt_i64_op(val, OP_EQ, -1); /* You don't have an implementation for this */
+#else
+  tt_i64_op(val, OP_GT, 0); /* You have some space. */
+  tt_i64_op(val, OP_LT, ((int64_t)1)<<56); /* You don't have a zebibyte */
+#endif
+
+ done:
+  ;
+}
+
+static void
+test_util_touch_file(void *arg)
+{
+  (void) arg;
+  const char *fname = get_fname("touch");
+
+  const time_t now = time(NULL);
+  struct stat st;
+  write_bytes_to_file(fname, "abc", 3, 1);
+  tt_int_op(0, OP_EQ, stat(fname, &st));
+  /* A subtle point: the filesystem time is not necessarily equal to the
+   * system clock time, since one can be using a monotonic clock, or coarse
+   * monotonic clock, or whatever.  So we might wind up with an mtime a few
+   * microseconds ago.  Let's just give it a lot of wiggle room. */
+  tt_i64_op(st.st_mtime, OP_GE, now - 1);
+
+  const time_t five_sec_ago = now - 5;
+  struct utimbuf u = { five_sec_ago, five_sec_ago };
+  tt_int_op(0, OP_EQ, utime(fname, &u));
+  tt_int_op(0, OP_EQ, stat(fname, &st));
+  /* Let's hope that utime/stat give the same second as a round-trip? */
+  tt_i64_op(st.st_mtime, OP_EQ, five_sec_ago);
+
+  /* Finally we can touch the file */
+  tt_int_op(0, OP_EQ, touch_file(fname));
+  tt_int_op(0, OP_EQ, stat(fname, &st));
+  tt_i64_op(st.st_mtime, OP_GE, now-1);
+
+ done:
+  ;
+}
+
+#ifndef _WIN32
+static void
+test_util_pwdb(void *arg)
+{
+  (void) arg;
+  const struct passwd *me = NULL, *me2, *me3;
+  char *name = NULL;
+  char *dir = NULL;
+
+  /* Uncached case. */
+  /* Let's assume that we exist. */
+  me = tor_getpwuid(getuid());
+  tt_assert(me != NULL);
+  name = tor_strdup(me->pw_name);
+
+  /* Uncached case */
+  me2 = tor_getpwnam(name);
+  tt_assert(me2 != NULL);
+  tt_int_op(me2->pw_uid, OP_EQ, getuid());
+
+  /* Cached case */
+  me3 = tor_getpwuid(getuid());
+  tt_assert(me3 != NULL);
+  tt_str_op(me3->pw_name, OP_EQ, name);
+
+  me3 = tor_getpwnam(name);
+  tt_assert(me3 != NULL);
+  tt_int_op(me3->pw_uid, OP_EQ, getuid());
+
+  dir = get_user_homedir(name);
+  tt_assert(dir != NULL);
+
+ done:
+  tor_free(name);
+  tor_free(dir);
+}
+#endif
+
+#define UTIL_LEGACY(name)                                               \
+  { #name, test_util_ ## name , 0, NULL, NULL }
+
+#define UTIL_TEST(name, flags)                          \
+  { #name, test_util_ ## name, flags, NULL, NULL }
+
+#ifdef _WIN32
+#define UTIL_TEST_NO_WIN(n, f) { #n, NULL, TT_SKIP, NULL, NULL }
+#define UTIL_TEST_WIN_ONLY(n, f) UTIL_TEST(n, (f))
+#define UTIL_LEGACY_NO_WIN(n) UTIL_TEST_NO_WIN(n, 0)
+#else
+#define UTIL_TEST_NO_WIN(n, f) UTIL_TEST(n, (f))
+#define UTIL_TEST_WIN_ONLY(n, f) { #n, NULL, TT_SKIP, NULL, NULL }
+#define UTIL_LEGACY_NO_WIN(n) UTIL_LEGACY(n)
+#endif
+
 struct testcase_t util_tests[] = {
   UTIL_LEGACY(time),
   UTIL_TEST(parse_http_time, 0),
@@ -3756,45 +4809,34 @@ struct testcase_t util_tests[] = {
   UTIL_LEGACY(config_line_quotes),
   UTIL_LEGACY(config_line_comment_character),
   UTIL_LEGACY(config_line_escaped_content),
-#ifndef _WIN32
-  UTIL_LEGACY(expand_filename),
-#endif
+  UTIL_LEGACY_NO_WIN(expand_filename),
   UTIL_LEGACY(escape_string_socks),
   UTIL_LEGACY(string_is_key_value),
   UTIL_LEGACY(strmisc),
   UTIL_LEGACY(pow2),
   UTIL_LEGACY(gzip),
   UTIL_LEGACY(datadir),
-#ifdef ENABLE_MEMPOOLS
-  UTIL_LEGACY(mempool),
-#endif
   UTIL_LEGACY(memarea),
   UTIL_LEGACY(control_formats),
   UTIL_LEGACY(mmap),
-  UTIL_LEGACY(threads),
   UTIL_LEGACY(sscanf),
+  UTIL_LEGACY(format_time_interval),
   UTIL_LEGACY(path_is_relative),
   UTIL_LEGACY(strtok),
   UTIL_LEGACY(di_ops),
+  UTIL_TEST(di_map, 0),
   UTIL_TEST(round_to_next_multiple_of, 0),
-  UTIL_TEST(strclear, 0),
+  UTIL_TEST(laplace, 0),
+  UTIL_TEST(clamp_double_to_int64, 0),
   UTIL_TEST(find_str_at_start_of_line, 0),
   UTIL_TEST(string_is_C_identifier, 0),
   UTIL_TEST(asprintf, 0),
   UTIL_TEST(listdir, 0),
   UTIL_TEST(parent_dir, 0),
-#ifdef _WIN32
-  UTIL_TEST(load_win_lib, 0),
-#endif
-#ifndef _WIN32
-  UTIL_TEST(exit_status, 0),
-  UTIL_TEST(fgets_eagain, TT_SKIP),
-#endif
-  UTIL_TEST(spawn_background_ok, 0),
-  UTIL_TEST(spawn_background_fail, 0),
-  UTIL_TEST(spawn_background_partial_read, 0),
-  UTIL_TEST(spawn_background_exit_early, 0),
-  UTIL_TEST(spawn_background_waitpid_notify, 0),
+  UTIL_TEST(ftruncate, 0),
+  UTIL_TEST_WIN_ONLY(load_win_lib, 0),
+  UTIL_TEST_NO_WIN(exit_status, 0),
+  UTIL_TEST_NO_WIN(fgets_eagain, 0),
   UTIL_TEST(format_hex_number, 0),
   UTIL_TEST(format_dec_number, 0),
   UTIL_TEST(join_win_cmdline, 0),
@@ -3806,17 +4848,29 @@ struct testcase_t util_tests[] = {
   UTIL_TEST(make_environment, 0),
   UTIL_TEST(set_env_var_in_sl, 0),
   UTIL_TEST(read_file_eof_tiny_limit, 0),
+  UTIL_TEST(read_file_eof_one_loop_a, 0),
+  UTIL_TEST(read_file_eof_one_loop_b, 0),
   UTIL_TEST(read_file_eof_two_loops, 0),
+  UTIL_TEST(read_file_eof_two_loops_b, 0),
   UTIL_TEST(read_file_eof_zero_bytes, 0),
   UTIL_TEST(write_chunks_to_file, 0),
   UTIL_TEST(mathlog, 0),
   UTIL_TEST(weak_random, 0),
-  UTIL_TEST(socket, TT_FORK),
-  { "socketpair", test_util_socketpair, TT_FORK, &socketpair_setup,
+  { "socket_ipv4", test_util_socket, TT_FORK, &passthrough_setup,
+    (void*)"4" },
+  { "socket_ipv6", test_util_socket, TT_FORK,
+    &passthrough_setup, (void*)"6" },
+  { "socketpair", test_util_socketpair, TT_FORK, &passthrough_setup,
     (void*)"0" },
   { "socketpair_ersatz", test_util_socketpair, TT_FORK,
-    &socketpair_setup, (void*)"1" },
+    &passthrough_setup, (void*)"1" },
   UTIL_TEST(max_mem, 0),
+  UTIL_TEST(hostname_validation, 0),
+  UTIL_TEST(ipv4_validation, 0),
+  UTIL_TEST(writepid, 0),
+  UTIL_TEST(get_avail_disk_space, 0),
+  UTIL_TEST(touch_file, 0),
+  UTIL_TEST_NO_WIN(pwdb, TT_FORK),
   END_OF_TESTCASES
 };
 
diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c
new file mode 100644
index 0000000000..3d02930983
--- /dev/null
+++ b/src/test/test_util_format.c
@@ -0,0 +1,302 @@
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#include "or.h"
+
+#include "test.h"
+
+#define UTIL_FORMAT_PRIVATE
+#include "util_format.h"
+
+#define NS_MODULE util_format
+
+#if !defined(HAVE_HTONLL) && !defined(htonll)
+#ifdef WORDS_BIGENDIAN
+#define htonll(x) (x)
+#else
+static uint64_t
+htonll(uint64_t a)
+{
+  return htonl((uint32_t)(a>>32)) | (((uint64_t)htonl((uint32_t)a))<<32);
+}
+#endif
+#endif
+
+static void
+test_util_format_unaligned_accessors(void *ignored)
+{
+  (void)ignored;
+  char buf[9] = "onionsoup"; // 6f6e696f6e736f7570
+
+  tt_u64_op(get_uint64(buf+1), OP_EQ, htonll(U64_LITERAL(0x6e696f6e736f7570)));
+  tt_uint_op(get_uint32(buf+1), OP_EQ, htonl(0x6e696f6e));
+  tt_uint_op(get_uint16(buf+1), OP_EQ, htons(0x6e69));
+  tt_uint_op(get_uint8(buf+1), OP_EQ, 0x6e);
+
+  set_uint8(buf+7, 0x61);
+  tt_mem_op(buf, OP_EQ, "onionsoap", 9);
+
+  set_uint16(buf+6, htons(0x746f));
+  tt_mem_op(buf, OP_EQ, "onionstop", 9);
+
+  set_uint32(buf+1, htonl(0x78696465));
+  tt_mem_op(buf, OP_EQ, "oxidestop", 9);
+
+  set_uint64(buf+1, htonll(U64_LITERAL(0x6266757363617465)));
+  tt_mem_op(buf, OP_EQ, "obfuscate", 9);
+ done:
+  ;
+}
+
+static void
+test_util_format_base64_encode(void *ignored)
+{
+  (void)ignored;
+  int res;
+  int i;
+  char *src;
+  char *dst;
+
+  src = tor_malloc_zero(256);
+  dst = tor_malloc_zero(1000);
+
+  for (i=0;i<256;i++) {
+    src[i] = (char)i;
+  }
+
+  res = base64_encode(NULL, 1, src, 1, 0);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_encode(dst, 1, NULL, 1, 0);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_encode(dst, 1, src, 10, 0);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_encode(dst, SSIZE_MAX-1, src, 1, 0);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_encode(dst, SSIZE_MAX-1, src, 10, 0);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_encode(dst, 1000, src, 256, 0);
+  tt_int_op(res, OP_EQ, 344);
+  tt_str_op(dst, OP_EQ, "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh"
+            "8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZH"
+            "SElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3"
+            "BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeY"
+            "mZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wM"
+            "HCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp"
+            "6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==");
+
+  res = base64_encode(dst, 1000, src, 256, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 350);
+  tt_str_op(dst, OP_EQ,
+          "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
+          "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
+          "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
+          "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
+          "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
+          "8PHy8/T19vf4+fr7/P3+/w==\n");
+
+  res = base64_encode(dst, 1000, src+1, 255, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 346);
+
+  for (i = 0;i<50;i++) {
+    src[i] = 0;
+  }
+  src[50] = (char)255;
+  src[51] = (char)255;
+  src[52] = (char)255;
+  src[53] = (char)255;
+
+  res = base64_encode(dst, 1000, src, 54, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 74);
+
+  res = base64_encode(dst, 1000, src+1, 53, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 74);
+
+  res = base64_encode(dst, 1000, src+2, 52, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 74);
+
+  res = base64_encode(dst, 1000, src+3, 51, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 70);
+
+  res = base64_encode(dst, 1000, src+4, 50, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 70);
+
+  res = base64_encode(dst, 1000, src+5, 49, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 70);
+
+  res = base64_encode(dst, 1000, src+6, 48, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 65);
+
+  res = base64_encode(dst, 1000, src+7, 47, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 65);
+
+  res = base64_encode(dst, 1000, src+8, 46, BASE64_ENCODE_MULTILINE);
+  tt_int_op(res, OP_EQ, 65);
+
+ done:
+  tor_free(src);
+  tor_free(dst);
+}
+
+static void
+test_util_format_base64_decode_nopad(void *ignored)
+{
+  (void)ignored;
+  int res;
+  int i;
+  char *src;
+  uint8_t *dst, *real_dst;
+  uint8_t expected[] = {0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65};
+  char real_src[] = "ZXhhbXBsZQ";
+
+  src = tor_malloc_zero(256);
+  dst = tor_malloc_zero(1000);
+  real_dst = tor_malloc_zero(10);
+
+  for (i=0;i<256;i++) {
+    src[i] = (char)i;
+  }
+
+  res = base64_decode_nopad(dst, 1, src, SIZE_T_CEILING);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_decode_nopad(dst, 1, src, 5);
+  tt_int_op(res, OP_EQ, -1);
+
+  const char *s = "SGVsbG8gd29ybGQ";
+  res = base64_decode_nopad(dst, 1000, s, strlen(s));
+  tt_int_op(res, OP_EQ, 11);
+  tt_mem_op(dst, OP_EQ, "Hello world", 11);
+
+  s = "T3BhIG11bmRv";
+  res = base64_decode_nopad(dst, 9, s, strlen(s));
+  tt_int_op(res, OP_EQ, 9);
+  tt_mem_op(dst, OP_EQ, "Opa mundo", 9);
+
+  res = base64_decode_nopad(real_dst, 10, real_src, 10);
+  tt_int_op(res, OP_EQ, 7);
+  tt_mem_op(real_dst, OP_EQ, expected, 7);
+
+ done:
+  tor_free(src);
+  tor_free(dst);
+  tor_free(real_dst);
+}
+
+static void
+test_util_format_base64_decode(void *ignored)
+{
+  (void)ignored;
+  int res;
+  int i;
+  char *src;
+  char *dst, *real_dst;
+  uint8_t expected[] = {0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65};
+  char real_src[] = "ZXhhbXBsZQ==";
+
+  src = tor_malloc_zero(256);
+  dst = tor_malloc_zero(1000);
+  real_dst = tor_malloc_zero(10);
+
+  for (i=0;i<256;i++) {
+    src[i] = (char)i;
+  }
+
+  res = base64_decode(dst, 1, src, SIZE_T_CEILING);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base64_decode(dst, SIZE_T_CEILING+1, src, 10);
+  tt_int_op(res, OP_EQ, -1);
+
+  const char *s = "T3BhIG11bmRv";
+  res = base64_decode(dst, 9, s, strlen(s));
+  tt_int_op(res, OP_EQ, 9);
+  tt_mem_op(dst, OP_EQ, "Opa mundo", 9);
+
+  memset(dst, 0, 1000);
+  res = base64_decode(dst, 100, s, strlen(s));
+  tt_int_op(res, OP_EQ, 9);
+  tt_mem_op(dst, OP_EQ, "Opa mundo", 9);
+
+  s = "SGVsbG8gd29ybGQ=";
+  res = base64_decode(dst, 100, s, strlen(s));
+  tt_int_op(res, OP_EQ, 11);
+  tt_mem_op(dst, OP_EQ, "Hello world", 11);
+
+  res = base64_decode(real_dst, 10, real_src, 10);
+  tt_int_op(res, OP_EQ, 7);
+  tt_mem_op(real_dst, OP_EQ, expected, 7);
+
+ done:
+  tor_free(src);
+  tor_free(dst);
+  tor_free(real_dst);
+}
+
+static void
+test_util_format_base16_decode(void *ignored)
+{
+  (void)ignored;
+  int res;
+  int i;
+  char *src;
+  char *dst, *real_dst;
+  char expected[] = {0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65};
+  char real_src[] = "6578616D706C65";
+
+  src = tor_malloc_zero(256);
+  dst = tor_malloc_zero(1000);
+  real_dst = tor_malloc_zero(10);
+
+  for (i=0;i<256;i++) {
+    src[i] = (char)i;
+  }
+
+  res = base16_decode(dst, 3, src, 3);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base16_decode(dst, 1, src, 10);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base16_decode(dst, SIZE_T_CEILING+2, src, 10);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base16_decode(dst, 1000, "", 0);
+  tt_int_op(res, OP_EQ, 0);
+
+  res = base16_decode(dst, 1000, "aabc", 4);
+  tt_int_op(res, OP_EQ, 0);
+  tt_mem_op(dst, OP_EQ, "\xaa\xbc", 2);
+
+  res = base16_decode(dst, 1000, "aabcd", 6);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base16_decode(dst, 1000, "axxx", 4);
+  tt_int_op(res, OP_EQ, -1);
+
+  res = base16_decode(real_dst, 10, real_src, 14);
+  tt_int_op(res, OP_EQ, 0);
+  tt_mem_op(real_dst, OP_EQ, expected, 7);
+
+ done:
+  tor_free(src);
+  tor_free(dst);
+  tor_free(real_dst);
+}
+
+struct testcase_t util_format_tests[] = {
+  { "unaligned_accessors", test_util_format_unaligned_accessors, 0,
+    NULL, NULL },
+  { "base64_encode", test_util_format_base64_encode, 0, NULL, NULL },
+  { "base64_decode_nopad", test_util_format_base64_decode_nopad, 0,
+    NULL, NULL },
+  { "base64_decode", test_util_format_base64_decode, 0, NULL, NULL },
+  { "base16_decode", test_util_format_base16_decode, 0, NULL, NULL },
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_util_process.c b/src/test/test_util_process.c
new file mode 100644
index 0000000000..45c22ef47f
--- /dev/null
+++ b/src/test/test_util_process.c
@@ -0,0 +1,82 @@
+/* Copyright (c) 2010-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define UTIL_PROCESS_PRIVATE
+#include "orconfig.h"
+#include "or.h"
+
+#include "test.h"
+
+#include "util_process.h"
+
+#include "log_test_helpers.h"
+
+#ifndef _WIN32
+#define NS_MODULE util_process
+
+static void
+temp_callback(int r, void *s)
+{
+  (void)r;
+  (void)s;
+}
+
+static void
+test_util_process_set_waitpid_callback(void *ignored)
+{
+  (void)ignored;
+  waitpid_callback_t *res1 = NULL, *res2 = NULL;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+  pid_t pid = (pid_t)42;
+
+  res1 = set_waitpid_callback(pid, temp_callback, NULL);
+  tt_assert(res1);
+
+  res2 = set_waitpid_callback(pid, temp_callback, NULL);
+  tt_assert(res2);
+  expect_log_msg("Replaced a waitpid monitor on pid 42. That should be "
+            "impossible.\n");
+
+ done:
+  teardown_capture_of_logs(previous_log);
+  clear_waitpid_callback(res1);
+  clear_waitpid_callback(res2);
+}
+
+static void
+test_util_process_clear_waitpid_callback(void *ignored)
+{
+  (void)ignored;
+  waitpid_callback_t *res;
+  int previous_log = setup_capture_of_logs(LOG_WARN);
+  pid_t pid = (pid_t)43;
+
+  clear_waitpid_callback(NULL);
+
+  res = set_waitpid_callback(pid, temp_callback, NULL);
+  clear_waitpid_callback(res);
+  expect_no_log_entry();
+
+#if 0
+  /* No.  This is use-after-free.  We don't _do_ that. XXXX */
+  clear_waitpid_callback(res);
+  expect_log_msg("Couldn't remove waitpid monitor for pid 43.\n");
+#endif
+
+ done:
+  teardown_capture_of_logs(previous_log);
+}
+#endif /* _WIN32 */
+
+#ifndef _WIN32
+#define TEST(name) { #name, test_util_process_##name, 0, NULL, NULL }
+#else
+#define TEST(name) { #name, NULL, TT_SKIP, NULL, NULL }
+#endif
+
+struct testcase_t util_process_tests[] = {
+  TEST(set_waitpid_callback),
+  TEST(clear_waitpid_callback),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_util_slow.c b/src/test/test_util_slow.c
new file mode 100644
index 0000000000..1e7160598c
--- /dev/null
+++ b/src/test/test_util_slow.c
@@ -0,0 +1,391 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#define UTIL_PRIVATE
+#include "util.h"
+#include "util_process.h"
+#include "crypto.h"
+#include "torlog.h"
+#include "test.h"
+
+#ifndef BUILDDIR
+#define BUILDDIR "."
+#endif
+
+#ifdef _WIN32
+#define notify_pending_waitpid_callbacks() STMT_NIL
+#define TEST_CHILD "test-child.exe"
+#define EOL "\r\n"
+#else
+#define TEST_CHILD (BUILDDIR "/src/test/test-child")
+#define EOL "\n"
+#endif
+
+#ifdef _WIN32
+/* I've assumed Windows doesn't have the gap between fork and exec
+ * that causes the race condition on unix-like platforms */
+#define MATCH_PROCESS_STATUS(s1,s2)         ((s1) == (s2))
+
+#else
+/* work around a race condition of the timing of SIGCHLD handler updates
+ * to the process_handle's fields, and checks of those fields
+ *
+ * TODO: Once we can signal failure to exec, change PROCESS_STATUS_RUNNING to
+ * PROCESS_STATUS_ERROR (and similarly with *_OR_NOTRUNNING) */
+#define PROCESS_STATUS_RUNNING_OR_NOTRUNNING  (PROCESS_STATUS_RUNNING+1)
+#define IS_RUNNING_OR_NOTRUNNING(s)           \
+  ((s) == PROCESS_STATUS_RUNNING || (s) == PROCESS_STATUS_NOTRUNNING)
+/* well, this is ugly */
+#define MATCH_PROCESS_STATUS(s1,s2)           \
+  (  (s1) == (s2)                                         \
+     ||((s1) == PROCESS_STATUS_RUNNING_OR_NOTRUNNING      \
+        && IS_RUNNING_OR_NOTRUNNING(s2))                  \
+     ||((s2) == PROCESS_STATUS_RUNNING_OR_NOTRUNNING      \
+        && IS_RUNNING_OR_NOTRUNNING(s1)))
+
+#endif // _WIN32
+
+/** Helper function for testing tor_spawn_background */
+static void
+run_util_spawn_background(const char *argv[], const char *expected_out,
+                          const char *expected_err, int expected_exit,
+                          int expected_status)
+{
+  int retval, exit_code;
+  ssize_t pos;
+  process_handle_t *process_handle=NULL;
+  char stdout_buf[100], stderr_buf[100];
+  int status;
+
+  /* Start the program */
+#ifdef _WIN32
+  status = tor_spawn_background(NULL, argv, NULL, &process_handle);
+#else
+  status = tor_spawn_background(argv[0], argv, NULL, &process_handle);
+#endif
+
+  notify_pending_waitpid_callbacks();
+
+  /* the race condition doesn't affect status,
+   * because status isn't updated by the SIGCHLD handler,
+   * but we still need to handle PROCESS_STATUS_RUNNING_OR_NOTRUNNING */
+  tt_assert(MATCH_PROCESS_STATUS(expected_status, status));
+  if (status == PROCESS_STATUS_ERROR) {
+    tt_ptr_op(process_handle, OP_EQ, NULL);
+    return;
+  }
+
+  tt_assert(process_handle != NULL);
+
+  /* When a spawned process forks, fails, then exits very quickly,
+   * (this typically occurs when exec fails)
+   * there is a race condition between the SIGCHLD handler
+   * updating the process_handle's fields, and this test
+   * checking the process status in those fields.
+   * The SIGCHLD update can occur before or after the code below executes.
+   * This causes intermittent failures in spawn_background_fail(),
+   * typically when the machine is under load.
+   * We use PROCESS_STATUS_RUNNING_OR_NOTRUNNING to avoid this issue. */
+
+  /* the race condition affects the change in
+   * process_handle->status from RUNNING to NOTRUNNING */
+  tt_assert(MATCH_PROCESS_STATUS(expected_status, process_handle->status));
+
+#ifndef _WIN32
+  notify_pending_waitpid_callbacks();
+  /* the race condition affects the change in
+   * process_handle->waitpid_cb to NULL,
+   * so we skip the check if expected_status is ambiguous,
+   * that is, PROCESS_STATUS_RUNNING_OR_NOTRUNNING */
+  tt_assert(process_handle->waitpid_cb != NULL
+              || expected_status == PROCESS_STATUS_RUNNING_OR_NOTRUNNING);
+#endif
+
+#ifdef _WIN32
+  tt_assert(process_handle->stdout_pipe != INVALID_HANDLE_VALUE);
+  tt_assert(process_handle->stderr_pipe != INVALID_HANDLE_VALUE);
+  tt_assert(process_handle->stdin_pipe != INVALID_HANDLE_VALUE);
+#else
+  tt_assert(process_handle->stdout_pipe >= 0);
+  tt_assert(process_handle->stderr_pipe >= 0);
+  tt_assert(process_handle->stdin_pipe >= 0);
+#endif
+
+  /* Check stdout */
+  pos = tor_read_all_from_process_stdout(process_handle, stdout_buf,
+                                         sizeof(stdout_buf) - 1);
+  tt_assert(pos >= 0);
+  stdout_buf[pos] = '\0';
+  tt_int_op(strlen(expected_out),OP_EQ, pos);
+  tt_str_op(expected_out,OP_EQ, stdout_buf);
+
+  notify_pending_waitpid_callbacks();
+
+  /* Check it terminated correctly */
+  retval = tor_get_exit_code(process_handle, 1, &exit_code);
+  tt_int_op(PROCESS_EXIT_EXITED,OP_EQ, retval);
+  tt_int_op(expected_exit,OP_EQ, exit_code);
+  // TODO: Make test-child exit with something other than 0
+
+#ifndef _WIN32
+  notify_pending_waitpid_callbacks();
+  tt_ptr_op(process_handle->waitpid_cb, OP_EQ, NULL);
+#endif
+
+  /* Check stderr */
+  pos = tor_read_all_from_process_stderr(process_handle, stderr_buf,
+                                         sizeof(stderr_buf) - 1);
+  tt_assert(pos >= 0);
+  stderr_buf[pos] = '\0';
+  tt_str_op(expected_err,OP_EQ, stderr_buf);
+  tt_int_op(strlen(expected_err),OP_EQ, pos);
+
+  notify_pending_waitpid_callbacks();
+
+ done:
+  if (process_handle)
+    tor_process_handle_destroy(process_handle, 1);
+}
+
+/** Check that we can launch a process and read the output */
+static void
+test_util_spawn_background_ok(void *ptr)
+{
+  const char *argv[] = {TEST_CHILD, "--test", NULL};
+  const char *expected_out = "OUT"EOL "--test"EOL "SLEEPING"EOL "DONE" EOL;
+  const char *expected_err = "ERR"EOL;
+
+  (void)ptr;
+
+  run_util_spawn_background(argv, expected_out, expected_err, 0,
+      PROCESS_STATUS_RUNNING);
+}
+
+/** Check that failing to find the executable works as expected */
+static void
+test_util_spawn_background_fail(void *ptr)
+{
+  const char *argv[] = {BUILDDIR "/src/test/no-such-file", "--test", NULL};
+  const char *expected_err = "";
+  char expected_out[1024];
+  char code[32];
+#ifdef _WIN32
+  const int expected_status = PROCESS_STATUS_ERROR;
+#else
+  /* TODO: Once we can signal failure to exec, set this to be
+   * PROCESS_STATUS_RUNNING_OR_ERROR */
+  const int expected_status = PROCESS_STATUS_RUNNING_OR_NOTRUNNING;
+#endif
+
+  memset(expected_out, 0xf0, sizeof(expected_out));
+  memset(code, 0xf0, sizeof(code));
+
+  (void)ptr;
+
+  tor_snprintf(code, sizeof(code), "%x/%x",
+    9 /* CHILD_STATE_FAILEXEC */ , ENOENT);
+  tor_snprintf(expected_out, sizeof(expected_out),
+    "ERR: Failed to spawn background process - code %s\n", code);
+
+  run_util_spawn_background(argv, expected_out, expected_err, 255,
+      expected_status);
+}
+
+/** Test that reading from a handle returns a partial read rather than
+ * blocking */
+static void
+test_util_spawn_background_partial_read_impl(int exit_early)
+{
+  const int expected_exit = 0;
+  const int expected_status = PROCESS_STATUS_RUNNING;
+
+  int retval, exit_code;
+  ssize_t pos = -1;
+  process_handle_t *process_handle=NULL;
+  int status;
+  char stdout_buf[100], stderr_buf[100];
+
+  const char *argv[] = {TEST_CHILD, "--test", NULL};
+  const char *expected_out[] = { "OUT" EOL "--test" EOL "SLEEPING" EOL,
+                                 "DONE" EOL,
+                                 NULL };
+  const char *expected_err = "ERR" EOL;
+
+#ifndef _WIN32
+  int eof = 0;
+#endif
+  int expected_out_ctr;
+
+  if (exit_early) {
+    argv[1] = "--hang";
+    expected_out[0] = "OUT"EOL "--hang"EOL "SLEEPING" EOL;
+  }
+
+  /* Start the program */
+#ifdef _WIN32
+  status = tor_spawn_background(NULL, argv, NULL, &process_handle);
+#else
+  status = tor_spawn_background(argv[0], argv, NULL, &process_handle);
+#endif
+  tt_int_op(expected_status,OP_EQ, status);
+  tt_assert(process_handle);
+  tt_int_op(expected_status,OP_EQ, process_handle->status);
+
+  /* Check stdout */
+  for (expected_out_ctr = 0; expected_out[expected_out_ctr] != NULL;) {
+#ifdef _WIN32
+    pos = tor_read_all_handle(process_handle->stdout_pipe, stdout_buf,
+                              sizeof(stdout_buf) - 1, NULL);
+#else
+    /* Check that we didn't read the end of file last time */
+    tt_assert(!eof);
+    pos = tor_read_all_handle(process_handle->stdout_handle, stdout_buf,
+                              sizeof(stdout_buf) - 1, NULL, &eof);
+#endif
+    log_info(LD_GENERAL, "tor_read_all_handle() returned %d", (int)pos);
+
+    /* We would have blocked, keep on trying */
+    if (0 == pos)
+      continue;
+
+    tt_assert(pos > 0);
+    stdout_buf[pos] = '\0';
+    tt_str_op(expected_out[expected_out_ctr],OP_EQ, stdout_buf);
+    tt_int_op(strlen(expected_out[expected_out_ctr]),OP_EQ, pos);
+    expected_out_ctr++;
+  }
+
+  if (exit_early) {
+    tor_process_handle_destroy(process_handle, 1);
+    process_handle = NULL;
+    goto done;
+  }
+
+  /* The process should have exited without writing more */
+#ifdef _WIN32
+  pos = tor_read_all_handle(process_handle->stdout_pipe, stdout_buf,
+                            sizeof(stdout_buf) - 1,
+                            process_handle);
+  tt_int_op(0,OP_EQ, pos);
+#else
+  if (!eof) {
+    /* We should have got all the data, but maybe not the EOF flag */
+    pos = tor_read_all_handle(process_handle->stdout_handle, stdout_buf,
+                              sizeof(stdout_buf) - 1,
+                              process_handle, &eof);
+    tt_int_op(0,OP_EQ, pos);
+    tt_assert(eof);
+  }
+  /* Otherwise, we got the EOF on the last read */
+#endif
+
+  /* Check it terminated correctly */
+  retval = tor_get_exit_code(process_handle, 1, &exit_code);
+  tt_int_op(PROCESS_EXIT_EXITED,OP_EQ, retval);
+  tt_int_op(expected_exit,OP_EQ, exit_code);
+
+  // TODO: Make test-child exit with something other than 0
+
+  /* Check stderr */
+  pos = tor_read_all_from_process_stderr(process_handle, stderr_buf,
+                                         sizeof(stderr_buf) - 1);
+  tt_assert(pos >= 0);
+  stderr_buf[pos] = '\0';
+  tt_str_op(expected_err,OP_EQ, stderr_buf);
+  tt_int_op(strlen(expected_err),OP_EQ, pos);
+
+ done:
+  tor_process_handle_destroy(process_handle, 1);
+}
+
+static void
+test_util_spawn_background_partial_read(void *arg)
+{
+  (void)arg;
+  test_util_spawn_background_partial_read_impl(0);
+}
+
+static void
+test_util_spawn_background_exit_early(void *arg)
+{
+  (void)arg;
+  test_util_spawn_background_partial_read_impl(1);
+}
+
+static void
+test_util_spawn_background_waitpid_notify(void *arg)
+{
+  int retval, exit_code;
+  process_handle_t *process_handle=NULL;
+  int status;
+  int ms_timer;
+
+  const char *argv[] = {TEST_CHILD, "--fast", NULL};
+
+  (void) arg;
+
+#ifdef _WIN32
+  status = tor_spawn_background(NULL, argv, NULL, &process_handle);
+#else
+  status = tor_spawn_background(argv[0], argv, NULL, &process_handle);
+#endif
+
+  tt_int_op(status, OP_EQ, PROCESS_STATUS_RUNNING);
+  tt_ptr_op(process_handle, OP_NE, NULL);
+
+  /* We're not going to look at the stdout/stderr output this time. Instead,
+   * we're testing whether notify_pending_waitpid_calbacks() can report the
+   * process exit (on unix) and/or whether tor_get_exit_code() can notice it
+   * (on windows) */
+
+#ifndef _WIN32
+  ms_timer = 30*1000;
+  tt_ptr_op(process_handle->waitpid_cb, OP_NE, NULL);
+  while (process_handle->waitpid_cb && ms_timer > 0) {
+    tor_sleep_msec(100);
+    ms_timer -= 100;
+    notify_pending_waitpid_callbacks();
+  }
+  tt_int_op(ms_timer, OP_GT, 0);
+  tt_ptr_op(process_handle->waitpid_cb, OP_EQ, NULL);
+#endif
+
+  ms_timer = 30*1000;
+  while (((retval = tor_get_exit_code(process_handle, 0, &exit_code))
+                == PROCESS_EXIT_RUNNING) && ms_timer > 0) {
+    tor_sleep_msec(100);
+    ms_timer -= 100;
+  }
+  tt_int_op(ms_timer, OP_GT, 0);
+
+  tt_int_op(retval, OP_EQ, PROCESS_EXIT_EXITED);
+
+ done:
+  tor_process_handle_destroy(process_handle, 1);
+}
+
+#undef TEST_CHILD
+#undef EOL
+
+#undef MATCH_PROCESS_STATUS
+
+#ifndef _WIN32
+#undef PROCESS_STATUS_RUNNING_OR_NOTRUNNING
+#undef IS_RUNNING_OR_NOTRUNNING
+#endif
+
+#define UTIL_TEST(name, flags)                          \
+  { #name, test_util_ ## name, flags, NULL, NULL }
+
+struct testcase_t slow_util_tests[] = {
+  UTIL_TEST(spawn_background_ok, 0),
+  UTIL_TEST(spawn_background_fail, 0),
+  UTIL_TEST(spawn_background_partial_read, 0),
+  UTIL_TEST(spawn_background_exit_early, 0),
+  UTIL_TEST(spawn_background_waitpid_notify, 0),
+  END_OF_TESTCASES
+};
+
diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c
new file mode 100644
index 0000000000..cbcf596b22
--- /dev/null
+++ b/src/test/test_workqueue.c
@@ -0,0 +1,453 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+#include "compat_threads.h"
+#include "onion.h"
+#include "workqueue.h"
+#include "crypto.h"
+#include "crypto_curve25519.h"
+#include "compat_libevent.h"
+
+#include <stdio.h>
+#ifdef HAVE_EVENT2_EVENT_H
+#include <event2/event.h>
+#else
+#include <event.h>
+#endif
+
+#define MAX_INFLIGHT (1<<16)
+
+static int opt_verbose = 0;
+static int opt_n_threads = 8;
+static int opt_n_items = 10000;
+static int opt_n_inflight = 1000;
+static int opt_n_lowwater = 250;
+static int opt_n_cancel = 0;
+static int opt_ratio_rsa = 5;
+
+#ifdef TRACK_RESPONSES
+tor_mutex_t bitmap_mutex;
+int handled_len;
+bitarray_t *handled;
+#endif
+
+typedef struct state_s {
+  int magic;
+  int n_handled;
+  crypto_pk_t *rsa;
+  curve25519_secret_key_t ecdh;
+  int is_shutdown;
+} state_t;
+
+typedef struct rsa_work_s {
+  int serial;
+  uint8_t msg[128];
+  uint8_t msglen;
+} rsa_work_t;
+
+typedef struct ecdh_work_s {
+  int serial;
+  union {
+    curve25519_public_key_t pk;
+    uint8_t msg[32];
+  } u;
+} ecdh_work_t;
+
+static void
+mark_handled(int serial)
+{
+#ifdef TRACK_RESPONSES
+  tor_mutex_acquire(&bitmap_mutex);
+  tor_assert(serial < handled_len);
+  tor_assert(! bitarray_is_set(handled, serial));
+  bitarray_set(handled, serial);
+  tor_mutex_release(&bitmap_mutex);
+#else
+  (void)serial;
+#endif
+}
+
+static workqueue_reply_t
+workqueue_do_rsa(void *state, void *work)
+{
+  rsa_work_t *rw = work;
+  state_t *st = state;
+  crypto_pk_t *rsa = st->rsa;
+  uint8_t sig[256];
+  int len;
+
+  tor_assert(st->magic == 13371337);
+
+  len = crypto_pk_private_sign(rsa, (char*)sig, 256,
+                               (char*)rw->msg, rw->msglen);
+  if (len < 0) {
+    rw->msglen = 0;
+    return WQ_RPL_ERROR;
+  }
+
+  memset(rw->msg, 0, sizeof(rw->msg));
+  rw->msglen = len;
+  memcpy(rw->msg, sig, len);
+  ++st->n_handled;
+
+  mark_handled(rw->serial);
+
+  return WQ_RPL_REPLY;
+}
+
+static workqueue_reply_t
+workqueue_do_shutdown(void *state, void *work)
+{
+  (void)state;
+  (void)work;
+  crypto_pk_free(((state_t*)state)->rsa);
+  tor_free(state);
+  return WQ_RPL_SHUTDOWN;
+}
+
+static workqueue_reply_t
+workqueue_do_ecdh(void *state, void *work)
+{
+  ecdh_work_t *ew = work;
+  uint8_t output[CURVE25519_OUTPUT_LEN];
+  state_t *st = state;
+
+  tor_assert(st->magic == 13371337);
+
+  curve25519_handshake(output, &st->ecdh, &ew->u.pk);
+  memcpy(ew->u.msg, output, CURVE25519_OUTPUT_LEN);
+  ++st->n_handled;
+  mark_handled(ew->serial);
+  return WQ_RPL_REPLY;
+}
+
+static workqueue_reply_t
+workqueue_shutdown_error(void *state, void *work)
+{
+  (void)state;
+  (void)work;
+  return WQ_RPL_REPLY;
+}
+
+static void *
+new_state(void *arg)
+{
+  state_t *st;
+  (void)arg;
+
+  st = tor_malloc(sizeof(*st));
+  /* Every thread gets its own keys. not a problem for benchmarking */
+  st->rsa = crypto_pk_new();
+  if (crypto_pk_generate_key_with_bits(st->rsa, 1024) < 0) {
+    crypto_pk_free(st->rsa);
+    tor_free(st);
+    return NULL;
+  }
+  curve25519_secret_key_generate(&st->ecdh, 0);
+  st->magic = 13371337;
+  return st;
+}
+
+static void
+free_state(void *arg)
+{
+  state_t *st = arg;
+  crypto_pk_free(st->rsa);
+  tor_free(st);
+}
+
+static tor_weak_rng_t weak_rng;
+static int n_sent = 0;
+static int rsa_sent = 0;
+static int ecdh_sent = 0;
+static int n_received = 0;
+static int no_shutdown = 0;
+
+#ifdef TRACK_RESPONSES
+bitarray_t *received;
+#endif
+
+static void
+handle_reply(void *arg)
+{
+#ifdef TRACK_RESPONSES
+  rsa_work_t *rw = arg; /* Naughty cast, but only looking at serial. */
+  tor_assert(! bitarray_is_set(received, rw->serial));
+  bitarray_set(received,rw->serial);
+#endif
+
+  tor_free(arg);
+  ++n_received;
+}
+
+/* This should never get called. */
+static void
+handle_reply_shutdown(void *arg)
+{
+  (void)arg;
+  no_shutdown = 1;
+}
+
+static workqueue_entry_t *
+add_work(threadpool_t *tp)
+{
+  int add_rsa =
+    opt_ratio_rsa == 0 ||
+    tor_weak_random_range(&weak_rng, opt_ratio_rsa) == 0;
+
+  if (add_rsa) {
+    rsa_work_t *w = tor_malloc_zero(sizeof(*w));
+    w->serial = n_sent++;
+    crypto_rand((char*)w->msg, 20);
+    w->msglen = 20;
+    ++rsa_sent;
+    return threadpool_queue_work(tp, workqueue_do_rsa, handle_reply, w);
+  } else {
+    ecdh_work_t *w = tor_malloc_zero(sizeof(*w));
+    w->serial = n_sent++;
+    /* Not strictly right, but this is just for benchmarks. */
+    crypto_rand((char*)w->u.pk.public_key, 32);
+    ++ecdh_sent;
+    return threadpool_queue_work(tp, workqueue_do_ecdh, handle_reply, w);
+  }
+}
+
+static int n_failed_cancel = 0;
+static int n_successful_cancel = 0;
+
+static int
+add_n_work_items(threadpool_t *tp, int n)
+{
+  int n_queued = 0;
+  int n_try_cancel = 0, i;
+  workqueue_entry_t **to_cancel;
+  workqueue_entry_t *ent;
+
+  to_cancel = tor_malloc(sizeof(workqueue_entry_t*) * opt_n_cancel);
+
+  while (n_queued++ < n) {
+    ent = add_work(tp);
+    if (! ent) {
+      puts("Z");
+      tor_event_base_loopexit(tor_libevent_get_base(), NULL);
+      return -1;
+    }
+    if (n_try_cancel < opt_n_cancel &&
+        tor_weak_random_range(&weak_rng, n) < opt_n_cancel) {
+      to_cancel[n_try_cancel++] = ent;
+    }
+  }
+
+  for (i = 0; i < n_try_cancel; ++i) {
+    void *work = workqueue_entry_cancel(to_cancel[i]);
+    if (! work) {
+      n_failed_cancel++;
+    } else {
+      n_successful_cancel++;
+      tor_free(work);
+    }
+  }
+
+  tor_free(to_cancel);
+  return 0;
+}
+
+static int shutting_down = 0;
+
+static void
+replysock_readable_cb(tor_socket_t sock, short what, void *arg)
+{
+  threadpool_t *tp = arg;
+  replyqueue_t *rq = threadpool_get_replyqueue(tp);
+
+  int old_r = n_received;
+  (void) sock;
+  (void) what;
+
+  replyqueue_process(rq);
+  if (old_r == n_received)
+    return;
+
+  if (opt_verbose) {
+    printf("%d / %d", n_received, n_sent);
+    if (opt_n_cancel)
+      printf(" (%d cancelled, %d uncancellable)",
+             n_successful_cancel, n_failed_cancel);
+    puts("");
+  }
+#ifdef TRACK_RESPONSES
+  tor_mutex_acquire(&bitmap_mutex);
+  for (i = 0; i < opt_n_items; ++i) {
+    if (bitarray_is_set(received, i))
+      putc('o', stdout);
+    else if (bitarray_is_set(handled, i))
+      putc('!', stdout);
+    else
+      putc('.', stdout);
+  }
+  puts("");
+  tor_mutex_release(&bitmap_mutex);
+#endif
+
+  if (n_sent - (n_received+n_successful_cancel) < opt_n_lowwater) {
+    int n_to_send = n_received + opt_n_inflight - n_sent;
+    if (n_to_send > opt_n_items - n_sent)
+      n_to_send = opt_n_items - n_sent;
+    add_n_work_items(tp, n_to_send);
+  }
+
+  if (shutting_down == 0 &&
+      n_received+n_successful_cancel == n_sent &&
+      n_sent >= opt_n_items) {
+    shutting_down = 1;
+    threadpool_queue_update(tp, NULL,
+                             workqueue_do_shutdown, NULL, NULL);
+    // Anything we add after starting the shutdown must not be executed.
+    threadpool_queue_work(tp, workqueue_shutdown_error,
+                          handle_reply_shutdown, NULL);
+    {
+      struct timeval limit = { 2, 0 };
+      tor_event_base_loopexit(tor_libevent_get_base(), &limit);
+    }
+  }
+}
+
+static void
+help(void)
+{
+  puts(
+     "Options:\n"
+     "  -h            Display this information\n"
+     "  -v            Be verbose\n"
+     "  -N <items>    Run this many items of work\n"
+     "  -T <threads>  Use this many threads\n"
+     "  -I <inflight> Have no more than this many requests queued at once\n"
+     "  -L <lowwater> Add items whenever fewer than this many are pending\n"
+     "  -C <cancel>   Try to cancel N items of every batch that we add\n"
+     "  -R <ratio>    Make one out of this many items be a slow (RSA) one\n"
+     "  --no-{eventfd2,eventfd,pipe2,pipe,socketpair}\n"
+     "                Disable one of the alert_socket backends.");
+}
+
+int
+main(int argc, char **argv)
+{
+  replyqueue_t *rq;
+  threadpool_t *tp;
+  int i;
+  tor_libevent_cfg evcfg;
+  struct event *ev;
+  uint32_t as_flags = 0;
+
+  for (i = 1; i < argc; ++i) {
+    if (!strcmp(argv[i], "-v")) {
+      opt_verbose = 1;
+    } else if (!strcmp(argv[i], "-T") && i+1<argc) {
+      opt_n_threads = atoi(argv[++i]);
+    } else if (!strcmp(argv[i], "-N") && i+1<argc) {
+      opt_n_items = atoi(argv[++i]);
+    } else if (!strcmp(argv[i], "-I") && i+1<argc) {
+      opt_n_inflight = atoi(argv[++i]);
+    } else if (!strcmp(argv[i], "-L") && i+1<argc) {
+      opt_n_lowwater = atoi(argv[++i]);
+    } else if (!strcmp(argv[i], "-R") && i+1<argc) {
+      opt_ratio_rsa = atoi(argv[++i]);
+    } else if (!strcmp(argv[i], "-C") && i+1<argc) {
+      opt_n_cancel = atoi(argv[++i]);
+    } else if (!strcmp(argv[i], "--no-eventfd2")) {
+      as_flags |= ASOCKS_NOEVENTFD2;
+    } else if (!strcmp(argv[i], "--no-eventfd")) {
+      as_flags |= ASOCKS_NOEVENTFD;
+    } else if (!strcmp(argv[i], "--no-pipe2")) {
+      as_flags |= ASOCKS_NOPIPE2;
+    } else if (!strcmp(argv[i], "--no-pipe")) {
+      as_flags |= ASOCKS_NOPIPE;
+    } else if (!strcmp(argv[i], "--no-socketpair")) {
+      as_flags |= ASOCKS_NOSOCKETPAIR;
+    } else if (!strcmp(argv[i], "-h")) {
+      help();
+      return 0;
+    } else {
+      help();
+      return 1;
+    }
+  }
+
+  if (opt_n_threads < 1 ||
+      opt_n_items < 1 || opt_n_inflight < 1 || opt_n_lowwater < 0 ||
+      opt_n_cancel > opt_n_inflight || opt_n_inflight > MAX_INFLIGHT ||
+      opt_ratio_rsa < 0) {
+    help();
+    return 1;
+  }
+
+  if (opt_n_inflight > opt_n_items) {
+      opt_n_inflight = opt_n_items;
+  }
+
+  init_logging(1);
+  network_init();
+  if (crypto_global_init(1, NULL, NULL) < 0) {
+    printf("Couldn't initialize crypto subsystem; exiting.\n");
+    return 1;
+  }
+  if (crypto_seed_rng() < 0) {
+    printf("Couldn't seed RNG; exiting.\n");
+    return 1;
+  }
+
+  rq = replyqueue_new(as_flags);
+  tor_assert(rq);
+  tp = threadpool_new(opt_n_threads,
+                      rq, new_state, free_state, NULL);
+  tor_assert(tp);
+
+  crypto_seed_weak_rng(&weak_rng);
+
+  memset(&evcfg, 0, sizeof(evcfg));
+  tor_libevent_initialize(&evcfg);
+
+  ev = tor_event_new(tor_libevent_get_base(),
+                     replyqueue_get_socket(rq), EV_READ|EV_PERSIST,
+                     replysock_readable_cb, tp);
+
+  event_add(ev, NULL);
+
+#ifdef TRACK_RESPONSES
+  handled = bitarray_init_zero(opt_n_items);
+  received = bitarray_init_zero(opt_n_items);
+  tor_mutex_init(&bitmap_mutex);
+  handled_len = opt_n_items;
+#endif
+
+  for (i = 0; i < opt_n_inflight; ++i) {
+    if (! add_work(tp)) {
+      puts("Couldn't add work.");
+      return 1;
+    }
+  }
+
+  {
+    struct timeval limit = { 180, 0 };
+    tor_event_base_loopexit(tor_libevent_get_base(), &limit);
+  }
+
+  event_base_loop(tor_libevent_get_base(), 0);
+
+  if (n_sent != opt_n_items || n_received+n_successful_cancel != n_sent) {
+    printf("%d vs %d\n", n_sent, opt_n_items);
+    printf("%d+%d vs %d\n", n_received, n_successful_cancel, n_sent);
+    puts("FAIL");
+    return 1;
+  } else if (no_shutdown) {
+    puts("Accepted work after shutdown\n");
+    puts("FAIL");
+  } else {
+    puts("OK");
+    return 0;
+  }
+}
+
diff --git a/src/test/test_zero_length_keys.sh b/src/test/test_zero_length_keys.sh
new file mode 100755
index 0000000000..f85edb68db
--- /dev/null
+++ b/src/test/test_zero_length_keys.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Check that tor regenerates keys when key files are zero-length
+
+exitcode=0
+
+"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/or/tor" -z || exitcode=1
+"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/or/tor" -d || exitcode=1
+"${SHELL:-sh}" "${abs_top_srcdir:-.}/src/test/zero_length_keys.sh" "${builddir:-.}/src/or/tor" -e || exitcode=1
+
+exit ${exitcode}
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
new file mode 100644
index 0000000000..39c3d02ab1
--- /dev/null
+++ b/src/test/testing_common.c
@@ -0,0 +1,315 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/* Ordinarily defined in tor_main.c; this bit is just here to provide one
+ * since we're not linking to tor_main.c */
+const char tor_git_revision[] = "";
+
+/**
+ * \file test_common.c
+ * \brief Common pieces to implement unit tests.
+ **/
+
+#include "orconfig.h"
+#include "or.h"
+#include "control.h"
+#include "config.h"
+#include "rephist.h"
+#include "backtrace.h"
+#include "test.h"
+
+#include <stdio.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef _WIN32
+/* For mkdir() */
+#include <direct.h>
+#else
+#include <dirent.h>
+#endif
+
+#include "or.h"
+
+#ifdef USE_DMALLOC
+#include <dmalloc.h>
+#include <openssl/crypto.h>
+#include "main.h"
+#endif
+
+/** Temporary directory (set up by setup_directory) under which we store all
+ * our files during testing. */
+static char temp_dir[256];
+#ifdef _WIN32
+#define pid_t int
+#endif
+static pid_t temp_dir_setup_in_pid = 0;
+
+/** Select and create the temporary directory we'll use to run our unit tests.
+ * Store it in <b>temp_dir</b>.  Exit immediately if we can't create it.
+ * idempotent. */
+static void
+setup_directory(void)
+{
+  static int is_setup = 0;
+  int r;
+  char rnd[256], rnd32[256];
+  if (is_setup) return;
+
+/* Due to base32 limitation needs to be a multiple of 5. */
+#define RAND_PATH_BYTES 5
+  crypto_rand(rnd, RAND_PATH_BYTES);
+  base32_encode(rnd32, sizeof(rnd32), rnd, RAND_PATH_BYTES);
+
+#ifdef _WIN32
+  {
+    char buf[MAX_PATH];
+    const char *tmp = buf;
+    const char *extra_backslash = "";
+    /* If this fails, we're probably screwed anyway */
+    if (!GetTempPathA(sizeof(buf),buf))
+      tmp = "c:\\windows\\temp\\";
+    if (strcmpend(tmp, "\\")) {
+      /* According to MSDN, it should be impossible for GetTempPath to give us
+       * an answer that doesn't end with \.  But let's make sure. */
+      extra_backslash = "\\";
+    }
+    tor_snprintf(temp_dir, sizeof(temp_dir),
+                 "%s%stor_test_%d_%s", tmp, extra_backslash,
+                 (int)getpid(), rnd32);
+    r = mkdir(temp_dir);
+  }
+#else
+  tor_snprintf(temp_dir, sizeof(temp_dir), "/tmp/tor_test_%d_%s",
+               (int) getpid(), rnd32);
+  r = mkdir(temp_dir, 0700);
+  if (!r) {
+    /* undo sticky bit so tests don't get confused. */
+    r = chown(temp_dir, getuid(), getgid());
+  }
+#endif
+  if (r) {
+    fprintf(stderr, "Can't create directory %s:", temp_dir);
+    perror("");
+    exit(1);
+  }
+  is_setup = 1;
+  temp_dir_setup_in_pid = getpid();
+}
+
+/** Return a filename relative to our testing temporary directory */
+const char *
+get_fname(const char *name)
+{
+  static char buf[1024];
+  setup_directory();
+  if (!name)
+    return temp_dir;
+  tor_snprintf(buf,sizeof(buf),"%s/%s",temp_dir,name);
+  return buf;
+}
+
+/* Remove a directory and all of its subdirectories */
+static void
+rm_rf(const char *dir)
+{
+  struct stat st;
+  smartlist_t *elements;
+
+  elements = tor_listdir(dir);
+  if (elements) {
+    SMARTLIST_FOREACH_BEGIN(elements, const char *, cp) {
+         char *tmp = NULL;
+         tor_asprintf(&tmp, "%s"PATH_SEPARATOR"%s", dir, cp);
+         if (0 == stat(tmp,&st) && (st.st_mode & S_IFDIR)) {
+           rm_rf(tmp);
+         } else {
+           if (unlink(tmp)) {
+             fprintf(stderr, "Error removing %s: %s\n", tmp, strerror(errno));
+           }
+         }
+         tor_free(tmp);
+    } SMARTLIST_FOREACH_END(cp);
+    SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
+    smartlist_free(elements);
+  }
+  if (rmdir(dir))
+    fprintf(stderr, "Error removing directory %s: %s\n", dir, strerror(errno));
+}
+
+/** Remove all files stored under the temporary directory, and the directory
+ * itself.  Called by atexit(). */
+static void
+remove_directory(void)
+{
+  if (getpid() != temp_dir_setup_in_pid) {
+    /* Only clean out the tempdir when the main process is exiting. */
+    return;
+  }
+
+  rm_rf(temp_dir);
+}
+
+/** Define this if unit tests spend too much time generating public keys*/
+#undef CACHE_GENERATED_KEYS
+
+static crypto_pk_t *pregen_keys[5] = {NULL, NULL, NULL, NULL, NULL};
+#define N_PREGEN_KEYS ARRAY_LENGTH(pregen_keys)
+
+/** Generate and return a new keypair for use in unit tests.  If we're using
+ * the key cache optimization, we might reuse keys: we only guarantee that
+ * keys made with distinct values for <b>idx</b> are different.  The value of
+ * <b>idx</b> must be at least 0, and less than N_PREGEN_KEYS. */
+crypto_pk_t *
+pk_generate(int idx)
+{
+  int res;
+#ifdef CACHE_GENERATED_KEYS
+  tor_assert(idx < N_PREGEN_KEYS);
+  if (! pregen_keys[idx]) {
+    pregen_keys[idx] = crypto_pk_new();
+    res = crypto_pk_generate_key(pregen_keys[idx]);
+    tor_assert(!res);
+  }
+  return crypto_pk_dup_key(pregen_keys[idx]);
+#else
+  crypto_pk_t *result;
+  (void) idx;
+  result = crypto_pk_new();
+  res = crypto_pk_generate_key(result);
+  tor_assert(!res);
+  return result;
+#endif
+}
+
+/** Free all storage used for the cached key optimization. */
+static void
+free_pregenerated_keys(void)
+{
+  unsigned idx;
+  for (idx = 0; idx < N_PREGEN_KEYS; ++idx) {
+    if (pregen_keys[idx]) {
+      crypto_pk_free(pregen_keys[idx]);
+      pregen_keys[idx] = NULL;
+    }
+  }
+}
+
+static void *
+passthrough_test_setup(const struct testcase_t *testcase)
+{
+  return testcase->setup_data;
+}
+static int
+passthrough_test_cleanup(const struct testcase_t *testcase, void *ptr)
+{
+  (void)testcase;
+  (void)ptr;
+  return 1;
+}
+
+const struct testcase_setup_t passthrough_setup = {
+  passthrough_test_setup, passthrough_test_cleanup
+};
+
+extern struct testgroup_t testgroups[];
+
+/** Main entry point for unit test code: parse the command line, and run
+ * some unit tests. */
+int
+main(int c, const char **v)
+{
+  or_options_t *options;
+  char *errmsg = NULL;
+  int i, i_out;
+  int loglevel = LOG_ERR;
+  int accel_crypto = 0;
+
+  /* We must initialise logs before we call tor_assert() */
+  init_logging(1);
+
+#ifdef USE_DMALLOC
+  {
+    int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
+    tor_assert(r);
+  }
+#endif
+
+  update_approx_time(time(NULL));
+  options = options_new();
+  tor_threads_init();
+
+  network_init();
+
+  struct tor_libevent_cfg cfg;
+  memset(&cfg, 0, sizeof(cfg));
+  tor_libevent_initialize(&cfg);
+
+  control_initialize_event_queue();
+  configure_backtrace_handler(get_version());
+
+  for (i_out = i = 1; i < c; ++i) {
+    if (!strcmp(v[i], "--warn")) {
+      loglevel = LOG_WARN;
+    } else if (!strcmp(v[i], "--notice")) {
+      loglevel = LOG_NOTICE;
+    } else if (!strcmp(v[i], "--info")) {
+      loglevel = LOG_INFO;
+    } else if (!strcmp(v[i], "--debug")) {
+      loglevel = LOG_DEBUG;
+    } else if (!strcmp(v[i], "--accel")) {
+      accel_crypto = 1;
+    } else {
+      v[i_out++] = v[i];
+    }
+  }
+  c = i_out;
+
+  {
+    log_severity_list_t s;
+    memset(&s, 0, sizeof(s));
+    set_log_severity_config(loglevel, LOG_ERR, &s);
+    add_stream_log(&s, "", fileno(stdout));
+  }
+
+  options->command = CMD_RUN_UNITTESTS;
+  if (crypto_global_init(accel_crypto, NULL, NULL)) {
+    printf("Can't initialize crypto subsystem; exiting.\n");
+    return 1;
+  }
+  crypto_set_tls_dh_prime();
+  if (crypto_seed_rng() < 0) {
+    printf("Couldn't seed RNG; exiting.\n");
+    return 1;
+  }
+  rep_hist_init();
+  setup_directory();
+  options_init(options);
+  options->DataDirectory = tor_strdup(temp_dir);
+  options->EntryStatistics = 1;
+  if (set_options(options, &errmsg) < 0) {
+    printf("Failed to set initial options: %s\n", errmsg);
+    tor_free(errmsg);
+    return 1;
+  }
+
+  atexit(remove_directory);
+
+  int have_failed = (tinytest_main(c, v, testgroups) != 0);
+
+  free_pregenerated_keys();
+#ifdef USE_DMALLOC
+  tor_free_all(0);
+  dmalloc_log_unfreed();
+#endif
+  crypto_global_cleanup();
+
+  if (have_failed)
+    return 1;
+  else
+    return 0;
+}
+
diff --git a/src/test/vote_descriptors.inc b/src/test/vote_descriptors.inc
new file mode 100644
index 0000000000..c5ce21f744
--- /dev/null
+++ b/src/test/vote_descriptors.inc
@@ -0,0 +1,94 @@
+const char* VOTE_BODY_V3 = 
+"network-status-version 3\n"
+"vote-status vote\n"
+"consensus-methods 13 14 15 16 17 18 19 20 21\n"
+"published 2015-09-02 19:34:15\n"
+"valid-after 2015-09-02 19:50:55\n"
+"fresh-until 2015-09-02 20:07:38\n"
+"valid-until 2015-09-02 20:24:15\n"
+"voting-delay 100 250\n"
+"client-versions 0.1.2.14,0.1.2.17\n"
+"server-versions 0.1.2.10,0.1.2.15,0.1.2.16\n"
+"known-flags Authority Exit Fast Guard MadeOfCheese MadeOfTin Running Stable V2Dir Valid\n"
+"flag-thresholds stable-uptime=0 stable-mtbf=0 fast-speed=0 guard-wfu=0.000% guard-tk=0 guard-bw-inc-exits=0 guard-bw-exc-exits=0 enough-mtbf=0 ignoring-advertised-bws=0\n"
+"params circuitwindow=80 foo=660\n"
+"dir-source Voter3 D867ACF56A9D229B35C25F0090BC9867E906BE69 3.4.5.6 3.4.5.6 80 9000\n"
+"contact voter@example.com\n"
+"legacy-dir-key 4141414141414141414141414141414141414141\n"
+"dir-key-certificate-version 3\n"
+"fingerprint D867ACF56A9D229B35C25F0090BC9867E906BE69\n"
+"dir-key-published 2008-12-12 18:07:24\n"
+"dir-key-expires 2009-12-12 18:07:24\n"
+"dir-identity-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIIBigKCAYEAveMpKlw8oD1YqFqpJchuwSR82BDhutbqgHiez3QO9FmzOctJpV+Y\n"
+"mpTYIJLS/qC+4GBKFF1VK0C4SoBrS3zri0qdXdE+vBGcyrxrjMklpxoqSKRY2011\n"
+"4eqYPghKlo5RzuqteBclGCHyNxWjUJeRKDWgvh+U/gr2uYM6fRm5q0fCzg4aECE7\n"
+"VP6fDGZrMbQI8jHpiMSoC9gkUASNEa6chLInlnP8/H5qUEW4TB9CN/q095pefuwL\n"
+"P+F+1Nz5hnM7fa5XmeMB8iM4RriUmOQlLBZgpQBMpEfWMIPcR9F1Gh3MxERqqUcH\n"
+"tmij+IZdeXg9OkCXykcabaYIhZD3meErn9Tax4oA/THduLfgli9zM0ExwzH1OooN\n"
+"L8rIcJ+2eBo3bQiQUbdYW71sl9w7nSPtircbJUa1mUvWYLPWQxFliPiQSetgJLMj\n"
+"VQqtPmV2hvN2Xk3lLfJO50qMTK7w7Gsaw8UtV4YDM1Hcjp/hQaIB1xfwhXgl+eUU\n"
+"btUa4c+cUTjHAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"dir-signing-key\n"
+"-----BEGIN RSA PUBLIC KEY-----\n"
+"MIGJAoGBALPSUInyuEu6NV3NjozplaniIEBzQXEjv1x9/+mqnwZABpYVmuy9A8nx\n"
+"eoyY3sZFsnYwNW/IZjAgG23pEmevu3F+L4myMjjaa6ORl3MgRYQ4gmuFqpefrGdm\n"
+"ywRCleh2JerkQ4VxOuq10dn/abITzLyaZzMw30KXWp5pxKXOLtxFAgMBAAE=\n"
+"-----END RSA PUBLIC KEY-----\n"
+"dir-key-crosscert\n"
+"-----BEGIN ID SIGNATURE-----\n"
+"FTBJNR/Hlt4T53yUMp1r/QCSMCpkHJCbYBT0R0pvYqhqFfYN5qHRSICRXaFFImIF\n"
+"0DGWmwRza6DxPKNzkm5/b7I0de9zJW1jNNdQAQK5xppAtQcAafRdu8cBonnmh9KX\n"
+"k1NrAK/X00FYywju3yl/SxCn1GddVNkHYexEudmJMPM=\n"
+"-----END ID SIGNATURE-----\n"
+"dir-key-certification\n"
+"-----BEGIN SIGNATURE-----\n"
+"pjWguLFBfELZDc6DywL6Do21SCl7LcutfpM92MEn4WYeSNcTXNR6lRX7reOEJk4e\n"
+"NwEaMt+Hl7slgeR5wjnW3OmMmRPZK9bquNWbfD+sAOV9bRFZTpXIdleAQFPlwvMF\n"
+"z/Gzwspzn4i2Yh6hySShrctMmW8YL3OM8LsBXzBhp/rG2uHlsxmIsc13DA6HWt61\n"
+"ffY72uNE6KckDGsQ4wPGP9q69y6g+X+TNio1KPbsILbePv6EjbO+rS8FiS4njPlg\n"
+"SPYry1RaUvxzxTkswIzdE1tjJrUiqpbWlTGxrH9N4OszoLm45Pc784KLULrjKIoi\n"
+"Q+vRsGrcMBAa+kDowWU6H1ryKR7KOhzRTcf2uqLE/W3ezaRwmOG+ETmoVFwbhk2X\n"
+"OlbXEM9fWP+INvFkr6Z93VYL2jGkCjV7e3xXmre/Lb92fUcYi6t5dwzfV8gJnIoG\n"
+"eCHd0K8NrQK0ipVk/7zcPDKOPeo9Y5aj/f6X/pDHtb+Dd5sT+l82G/Tqy4DIYUYR\n"
+"-----END SIGNATURE-----\n"
+"r router2 AwMDAwMDAwMDAwMDAwMDAwMDAwM Tk5OTk5OTk5OTk5OTk5OTk5OTk4 2015-09-02 19:09:15 153.0.136.1 443 8000\n"
+"s Running V2Dir\n"
+"v 0.1.2.14\n"
+"w Bandwidth=30 Measured=30\n"
+"p reject 1-65535\n"
+"id ed25519 none\n"
+"m 9,10,11,12,13,14,15,16,17 sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa0\n"
+"r router1 BQUFBQUFBQUFBQUFBQUFBQUFBQU TU1NTU1NTU1NTU1NTU1NTU1NTU0 2015-09-02 19:17:35 153.0.153.1 443 0\n"
+"a [1:2:3::4]:4711\n"
+"s Exit Fast Guard Running Stable Valid\n"
+"v 0.2.0.5\n"
+"w Bandwidth=120 Measured=120\n"
+"p reject 1-65535\n"
+"id ed25519 none\n"
+"m 9,10,11,12,13,14,15,16,17 sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa1\n"
+"r router3 MzMzMzMzMzMzMzMzMzMzMzMzMzM T09PT09PT09PT09PT09PT09PT08 2015-09-02 19:17:35 170.0.153.1 400 9999\n"
+"s Authority Exit Fast Guard Running Stable V2Dir Valid\n"
+"v 0.1.0.3\n"
+"w Bandwidth=120\n"
+"p reject 1-65535\n"
+"id ed25519 none\n"
+"m 9,10,11,12,13,14,15,16,17 "
+"sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa2\n"
+"r router4 NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ Ly8vLy8vLy8vLy8vLy8vLy8vLy8 2015-09-02 19:17:35 192.0.2.3 500 1999\n"
+"s Running V2Dir\n"
+"v 0.1.6.3\n"
+"w Bandwidth=30\n"
+"p reject 1-65535\n"
+"id ed25519 none\n"
+"m 9,10,11,12,13,14,15,16,17 sha256=xyzajkldsdsajdadlsdjaslsdksdjlsdjsdaskdaaa3\n"
+"directory-footer\n"
+"directory-signature D867ACF56A9D229B35C25F0090BC9867E906BE69 CBF56A83368A5150F1A9AAADAFB4D77F8C4170E2\n"
+"-----BEGIN SIGNATURE-----\n"
+"AHiWcHe+T3XbnlQqvqSAk6RY3XmEy1+hM2u9Xk6BNi7BpQkEQM1f0vzRpgn5Dnf2\n"
+"TXQWGUq9Z7jdSVnzWT3xqPA4zjw6eZkj+DKUtwq+oEDZGlf8eHTFmr0NAWfwZbk9\n"
+"NAjbMTUXUP37N2XAZwkoCWwFCrrfMwXrL7OhZbj7ifo=\n"
+"-----END SIGNATURE-----\n";
+
diff --git a/src/test/zero_length_keys.sh b/src/test/zero_length_keys.sh
new file mode 100755
index 0000000000..3c61f8d465
--- /dev/null
+++ b/src/test/zero_length_keys.sh
@@ -0,0 +1,126 @@
+#!/bin/sh
+# Check that tor regenerates keys when key files are zero-length
+# Test for bug #13111 - Tor fails to start if onion keys are zero length
+#
+# Usage:
+#  ./zero_length_keys.sh PATH_TO_TOR
+#    Run all the tests below
+#  ./zero_length_keys.sh PATH_TO_TOR -z
+#    Check tor will launch and regenerate zero-length keys
+#  ./zero_length_keys.sh PATH_TO_TOR -d
+#    Check tor regenerates deleted keys (existing behaviour)
+#  ./zero_length_keys.sh PATH_TO_TOR -e
+#    Check tor does not overwrite existing keys (existing behaviour)
+#
+# Exit Statuses:
+#   0: test succeeded - tor regenerated/kept the files
+#   1: test failed - tor did not regenerate/keep the files
+#   2: test failed - tor did not generate the key files on first run
+#   3: a command failed - the test could not be completed
+#
+
+if [ $# -eq 0 ] || [ ! -f ${1} ] || [ ! -x ${1} ]; then
+  echo "Usage: ${0} PATH_TO_TOR [-z|-d|-e]"
+  exit 1
+elif [ $# -eq 1 ]; then
+  echo "Testing that tor correctly handles zero-length keys"
+  "$0" "${1}" -z && "$0" "${1}" -d && "$0" "${1}" -e
+  exit $?
+else #[$# -gt 1 ]; then
+  TOR_BINARY="${1}"
+  shift
+fi
+
+DATA_DIR=`mktemp -d -t tor_zero_length_keys.XXXXXX`
+if [ -z "$DATA_DIR" ]; then
+  echo "Failure: mktemp invocation returned empty string" >&2
+  exit 3
+fi
+if [ ! -d "$DATA_DIR" ]; then
+  echo "Failure: mktemp invocation result doesn't point to directory" >&2
+  exit 3
+fi
+trap "rm -rf '$DATA_DIR'" 0
+
+touch "$DATA_DIR"/empty_torrc
+
+# DisableNetwork means that the ORPort won't actually be opened.
+# 'ExitRelay 0' suppresses a warning.
+TOR="${TOR_BINARY} --hush --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 -f $DATA_DIR/empty_torrc"
+
+if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
+   [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then
+  echo "Failure: Previous tor keys present in tor data directory" >&2
+  exit 3
+else
+  echo "Generating initial tor keys"
+  $TOR --DataDirectory "$DATA_DIR"  --list-fingerprint
+
+  # tor must successfully generate non-zero-length key files
+  if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
+     [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then
+    true #echo "tor generated the initial key files"
+  else
+    echo "Failure: tor failed to generate the initial key files"
+    exit 2
+  fi
+fi
+
+#ls -lh  "$DATA_DIR"/keys/ || exit 3
+
+# backup and keep/delete/create zero-length files for the keys
+
+FILE_DESC="keeps existing"
+# make a backup
+cp -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old
+
+# delete keys for -d or -z
+if [ "$1" != "-e" ]; then
+  FILE_DESC="regenerates deleted"
+  rm "$DATA_DIR"/keys/secret_id_key || exit 3
+  rm "$DATA_DIR"/keys/secret_onion_key || exit 3
+  rm "$DATA_DIR"/keys/secret_onion_key_ntor || exit 3
+fi
+
+# create empty files for -z
+if [ "$1" = "-z" ]; then
+  FILE_DESC="regenerates zero-length"
+  touch "$DATA_DIR"/keys/secret_id_key || exit 3
+  touch "$DATA_DIR"/keys/secret_onion_key || exit 3
+  touch "$DATA_DIR"/keys/secret_onion_key_ntor || exit 3
+fi
+
+echo "Running tor again to check if it $FILE_DESC keys"
+$TOR --DataDirectory "$DATA_DIR" --list-fingerprint
+
+#ls -lh "$DATA_DIR"/keys/ || exit 3
+
+# tor must always have non-zero-length key files
+if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
+   [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then
+  # check if the keys are different to the old ones
+  diff -q -r "$DATA_DIR"/keys "$DATA_DIR"/keys.old > /dev/null
+  SAME_KEYS=$?
+  # if we're not testing existing keys,
+  # the current keys should be different to the old ones
+  if [ "$1" != "-e" ]; then
+    if [ $SAME_KEYS -ne 0 ]; then
+      echo "Success: test that tor $FILE_DESC key files: different keys"
+      exit 0
+    else
+      echo "Failure: test that tor $FILE_DESC key files: same keys"
+      exit 1
+    fi
+  else #[ "$1" == "-e" ]; then
+    if [ $SAME_KEYS -eq 0 ]; then
+      echo "Success: test that tor $FILE_DESC key files: same keys"
+      exit 0
+    else
+      echo "Failure: test that tor $FILE_DESC key files: different keys"
+      exit 1
+    fi
+  fi
+else
+  echo "Failure: test that tor $FILE_DESC key files: no key files"
+  exit 1
+fi
diff --git a/src/tools/include.am b/src/tools/include.am
index 54b150a80c..38ed57546f 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
@@ -1,24 +1,49 @@
 bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert
 noinst_PROGRAMS+=  src/tools/tor-checkkey
 
+if COVERAGE_ENABLED
+noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
+endif
+
 src_tools_tor_resolve_SOURCES = src/tools/tor-resolve.c
 src_tools_tor_resolve_LDFLAGS =
 src_tools_tor_resolve_LDADD = src/common/libor.a @TOR_LIB_MATH@ @TOR_LIB_WS32@
 
+if COVERAGE_ENABLED
+src_tools_tor_cov_resolve_SOURCES = src/tools/tor-resolve.c
+src_tools_tor_cov_resolve_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_tools_tor_cov_resolve_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_tools_tor_cov_resolve_LDADD = src/common/libor-testing.a \
+        @TOR_LIB_MATH@ @TOR_LIB_WS32@
+endif
+
 src_tools_tor_gencert_SOURCES = src/tools/tor-gencert.c
 src_tools_tor_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
 src_tools_tor_gencert_LDADD = src/common/libor.a src/common/libor-crypto.a \
-	$(LIBDONNA) \
+    $(LIBKECCAK_TINY) \
+    $(LIBDONNA) \
         @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
         @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
 
+if COVERAGE_ENABLED
+src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c
+src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_tools_tor_cov_gencert_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_tools_tor_cov_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_cov_gencert_LDADD = src/common/libor-testing.a \
+    src/common/libor-crypto-testing.a \
+    $(LIBKECCAK_TINY) \
+    $(LIBDONNA) \
+        @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
+        @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+endif
+
 src_tools_tor_checkkey_SOURCES = src/tools/tor-checkkey.c
 src_tools_tor_checkkey_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
 src_tools_tor_checkkey_LDADD = src/common/libor.a src/common/libor-crypto.a \
-	$(LIBDONNA) \
+    $(LIBKECCAK_TINY) \
+    $(LIBDONNA) \
         @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
         @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
 
-include src/tools/tor-fw-helper/include.am
-
-
+EXTRA_DIST += src/tools/tor-fw-helper/README
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
index d50f12ed2a..3e16fd0336 100644
--- a/src/tools/tor-checkkey.c
+++ b/src/tools/tor-checkkey.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008-2013, The Tor Project, Inc. */
+/* Copyright (c) 2008-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -7,8 +7,9 @@
 #include <stdlib.h>
 #include "crypto.h"
 #include "torlog.h"
-#include "../common/util.h"
+#include "util.h"
 #include "compat.h"
+#include "compat_openssl.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
@@ -21,7 +22,7 @@ main(int c, char **v)
   int wantdigest=0;
   int fname_idx;
   char *fname=NULL;
-  init_logging();
+  init_logging(1);
 
   if (c < 2) {
     fprintf(stderr, "Hi. I'm tor-checkkey.  Tell me a filename that "
@@ -70,7 +71,15 @@ main(int c, char **v)
     printf("%s\n",digest);
   } else {
     rsa = crypto_pk_get_rsa_(env);
-    str = BN_bn2hex(rsa->n);
+
+    const BIGNUM *rsa_n;
+#ifdef OPENSSL_1_1_API
+    const BIGNUM *rsa_e, *rsa_d;
+    RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
+#else
+    rsa_n = rsa->n;
+#endif
+    str = BN_bn2hex(rsa_n);
 
     printf("%s\n", str);
   }
diff --git a/src/tools/tor-fw-helper/README b/src/tools/tor-fw-helper/README
new file mode 100644
index 0000000000..6a1ecaa1e4
--- /dev/null
+++ b/src/tools/tor-fw-helper/README
@@ -0,0 +1,10 @@
+
+We no longer recommend the use of this tool.  Instead, please use the
+pure-Go version of tor-fw-helper available at
+     https://gitweb.torproject.org/tor-fw-helper.git
+
+Why?
+
+The C code here was fine, but frankly: we don't trust the underlying
+libraries. They don't seem to have been written with network security
+in mind, and we have very little faith in their safety.
diff --git a/src/tools/tor-fw-helper/include.am b/src/tools/tor-fw-helper/include.am
deleted file mode 100644
index 1f862e6f06..0000000000
--- a/src/tools/tor-fw-helper/include.am
+++ /dev/null
@@ -1,36 +0,0 @@
-if USE_FW_HELPER
-bin_PROGRAMS+= src/tools/tor-fw-helper/tor-fw-helper
-endif
-
-src_tools_tor_fw_helper_tor_fw_helper_SOURCES = \
-	src/tools/tor-fw-helper/tor-fw-helper.c \
-	src/tools/tor-fw-helper/tor-fw-helper-natpmp.c \
-	src/tools/tor-fw-helper/tor-fw-helper-upnp.c
-noinst_HEADERS+= \
-	src/tools/tor-fw-helper/tor-fw-helper.h \
-	src/tools/tor-fw-helper/tor-fw-helper-natpmp.h \
-	src/tools/tor-fw-helper/tor-fw-helper-upnp.h
-
-if NAT_PMP
-nat_pmp_ldflags = @TOR_LDFLAGS_libnatpmp@
-nat_pmp_ldadd  = -lnatpmp @TOR_LIB_IPHLPAPI@
-nat_pmp_cppflags = @TOR_CPPFLAGS_libnatpmp@
-else
-nat_pmp_ldflags =
-nat_pmp_ldadd  =
-nat_pmp_cppflags =
-endif
-
-if MINIUPNPC
-miniupnpc_ldflags = @TOR_LDFLAGS_libminiupnpc@
-miniupnpc_ldadd = -lminiupnpc @TOR_LIB_IPHLPAPI@
-miniupnpc_cppflags = @TOR_CPPFLAGS_libminiupnpc@
-else
-miniupnpc_ldflags =
-miniupnpc_ldadd =
-miniupnpc_cppflags =
-endif
-
-src_tools_tor_fw_helper_tor_fw_helper_LDFLAGS = $(nat_pmp_ldflags) $(miniupnpc_ldflags)
-src_tools_tor_fw_helper_tor_fw_helper_LDADD = src/common/libor.a $(nat_pmp_ldadd) $(miniupnpc_ldadd) -lm @TOR_LIB_WS32@
-src_tools_tor_fw_helper_tor_fw_helper_CPPFLAGS = $(nat_pmp_cppflags) $(miniupnpc_cppflags) -I"$(top_srcdir)/src/ext"
diff --git a/src/tools/tor-fw-helper/tor-fw-helper-natpmp.c b/src/tools/tor-fw-helper/tor-fw-helper-natpmp.c
deleted file mode 100644
index 41eb9dcb76..0000000000
--- a/src/tools/tor-fw-helper/tor-fw-helper-natpmp.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/* Copyright (c) 2010, Jacob Appelbaum, Steven J. Murdoch.
- * Copyright (c) 2010-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
-  * \file tor-fw-helper-natpmp.c
-  * \brief The implementation of our NAT-PMP firewall helper.
-  **/
-
-#include "orconfig.h"
-#ifdef NAT_PMP
-#ifdef _WIN32
-#define STATICLIB
-#endif
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#ifndef _WIN32
-#include <arpa/inet.h>
-#endif
-
-// debugging stuff
-#include <assert.h>
-
-#include "compat.h"
-
-#include "tor-fw-helper.h"
-#include "tor-fw-helper-natpmp.h"
-
-/** This hooks NAT-PMP into our multi-backend API. */
-static tor_fw_backend_t tor_natpmp_backend = {
-  "natpmp",
-  sizeof(struct natpmp_state_t),
-  tor_natpmp_init,
-  tor_natpmp_cleanup,
-  tor_natpmp_fetch_public_ip,
-  tor_natpmp_add_tcp_mapping
-};
-
-/** Return the backend for NAT-PMP. */
-const tor_fw_backend_t *
-tor_fw_get_natpmp_backend(void)
-{
-  return &tor_natpmp_backend;
-}
-
-/** Initialize the NAT-PMP backend and store the results in
- * <b>backend_state</b>.*/
-int
-tor_natpmp_init(tor_fw_options_t *tor_fw_options, void *backend_state)
-{
-  natpmp_state_t *state = (natpmp_state_t *) backend_state;
-  int r = 0;
-
-  memset(&(state->natpmp), 0, sizeof(natpmp_t));
-  memset(&(state->response), 0, sizeof(natpmpresp_t));
-  state->init = 0;
-  state->protocol = NATPMP_PROTOCOL_TCP;
-  state->lease = NATPMP_DEFAULT_LEASE;
-
-  if (tor_fw_options->verbose)
-    fprintf(stderr, "V: natpmp init...\n");
-
-  r = initnatpmp(&(state->natpmp), 0, 0);
-  if (r == 0) {
-    state->init = 1;
-    fprintf(stderr, "V: natpmp initialized...\n");
-    return r;
-  } else {
-    fprintf(stderr, "V: natpmp failed to initialize...\n");
-    return r;
-  }
-}
-
-/** Tear down the NAT-PMP connection stored in <b>backend_state</b>.*/
-int
-tor_natpmp_cleanup(tor_fw_options_t *tor_fw_options, void *backend_state)
-{
-  natpmp_state_t *state = (natpmp_state_t *) backend_state;
-  int r = 0;
-  if (tor_fw_options->verbose)
-    fprintf(stderr, "V: natpmp cleanup...\n");
-  r = closenatpmp(&(state->natpmp));
-  if (tor_fw_options->verbose)
-    fprintf(stderr, "V: closing natpmp socket: %d\n", r);
-  return r;
-}
-
-/** Use select() to wait until we can read on fd. */
-static int
-wait_until_fd_readable(tor_socket_t fd, struct timeval *timeout)
-{
-  int r;
-  fd_set fds;
-
-#ifndef WIN32
-  if (fd >= FD_SETSIZE) {
-    fprintf(stderr, "E: NAT-PMP FD_SETSIZE error %d\n", fd);
-    return -1;
-  }
-#endif
-
-  FD_ZERO(&fds);
-  FD_SET(fd, &fds);
-  r = select(fd+1, &fds, NULL, NULL, timeout);
-  if (r == -1) {
-    fprintf(stderr, "V: select failed in wait_until_fd_readable: %s\n",
-            tor_socket_strerror(tor_socket_errno(fd)));
-    return -1;
-  }
-  /* XXXX we should really check to see whether fd was readable, or we timed
-     out. */
-  return 0;
-}
-
-int
-tor_natpmp_add_tcp_mapping(uint16_t internal_port, uint16_t external_port,
-                           int is_verbose, void *backend_state)
-{
-  int r = 0;
-  int x = 0;
-  int sav_errno;
-  natpmp_state_t *state = (natpmp_state_t *) backend_state;
-
-  struct timeval timeout;
-
-  if (is_verbose)
-    fprintf(stderr, "V: sending natpmp portmapping request...\n");
-  r = sendnewportmappingrequest(&(state->natpmp), state->protocol,
-                                internal_port,
-                                external_port,
-                                state->lease);
-  if (is_verbose)
-    fprintf(stderr, "tor-fw-helper: NAT-PMP sendnewportmappingrequest "
-            "returned %d (%s)\n", r, r==12?"SUCCESS":"FAILED");
-
-  do {
-    getnatpmprequesttimeout(&(state->natpmp), &timeout);
-    x = wait_until_fd_readable(state->natpmp.s, &timeout);
-    if (x == -1)
-      return -1;
-
-    if (is_verbose)
-      fprintf(stderr, "V: attempting to readnatpmpreponseorretry...\n");
-    r = readnatpmpresponseorretry(&(state->natpmp), &(state->response));
-    sav_errno = tor_socket_errno(state->natpmp.s);
-
-    if (r<0 && r!=NATPMP_TRYAGAIN) {
-      fprintf(stderr, "E: readnatpmpresponseorretry failed %d\n", r);
-      fprintf(stderr, "E: errno=%d '%s'\n", sav_errno,
-              tor_socket_strerror(sav_errno));
-    }
-
-  } while (r == NATPMP_TRYAGAIN);
-
-  if (r != 0) {
-    /* XXX TODO: NATPMP_* should be formatted into useful error strings */
-    fprintf(stderr, "E: NAT-PMP It appears that something went wrong:"
-            " %d\n", r);
-    if (r == -51)
-      fprintf(stderr, "E: NAT-PMP It appears that the request was "
-              "unauthorized\n");
-    return r;
-  }
-
-  if (r == NATPMP_SUCCESS) {
-    fprintf(stderr, "tor-fw-helper: NAT-PMP mapped public port %hu to"
-            " localport %hu liftime %u\n",
-            (state->response).pnu.newportmapping.mappedpublicport,
-            (state->response).pnu.newportmapping.privateport,
-            (state->response).pnu.newportmapping.lifetime);
-  }
-
-  return (r == NATPMP_SUCCESS) ? 0 : -1;
-}
-
-/** Fetch our likely public IP from our upstream NAT-PMP enabled NAT device.
- * Use the connection context stored in <b>backend_state</b>. */
-int
-tor_natpmp_fetch_public_ip(tor_fw_options_t *tor_fw_options,
-                           void *backend_state)
-{
-  int r = 0;
-  int x = 0;
-  int sav_errno;
-  natpmp_state_t *state = (natpmp_state_t *) backend_state;
-
-  struct timeval timeout;
-
-  r = sendpublicaddressrequest(&(state->natpmp));
-  fprintf(stderr, "tor-fw-helper: NAT-PMP sendpublicaddressrequest returned"
-          " %d (%s)\n", r, r==2?"SUCCESS":"FAILED");
-
-  do {
-    getnatpmprequesttimeout(&(state->natpmp), &timeout);
-
-    x = wait_until_fd_readable(state->natpmp.s, &timeout);
-    if (x == -1)
-      return -1;
-
-    if (tor_fw_options->verbose)
-      fprintf(stderr, "V: NAT-PMP attempting to read reponse...\n");
-    r = readnatpmpresponseorretry(&(state->natpmp), &(state->response));
-    sav_errno = tor_socket_errno(state->natpmp.s);
-
-    if (tor_fw_options->verbose)
-      fprintf(stderr, "V: NAT-PMP readnatpmpresponseorretry returned"
-              " %d\n", r);
-
-    if ( r < 0 && r != NATPMP_TRYAGAIN) {
-      fprintf(stderr, "E: NAT-PMP readnatpmpresponseorretry failed %d\n",
-              r);
-      fprintf(stderr, "E: NAT-PMP errno=%d '%s'\n", sav_errno,
-              tor_socket_strerror(sav_errno));
-    }
-
-  } while (r == NATPMP_TRYAGAIN );
-
-  if (r != 0) {
-    fprintf(stderr, "E: NAT-PMP It appears that something went wrong:"
-            " %d\n", r);
-    return r;
-  }
-
-  fprintf(stderr, "tor-fw-helper: ExternalIPAddress = %s\n",
-          inet_ntoa((state->response).pnu.publicaddress.addr));
-  tor_fw_options->public_ip_status = 1;
-
-  if (tor_fw_options->verbose) {
-    fprintf(stderr, "V: result = %u\n", r);
-    fprintf(stderr, "V: type = %u\n", (state->response).type);
-    fprintf(stderr, "V: resultcode = %u\n", (state->response).resultcode);
-    fprintf(stderr, "V: epoch = %u\n", (state->response).epoch);
-  }
-
-  return r;
-}
-#endif
-
diff --git a/src/tools/tor-fw-helper/tor-fw-helper-natpmp.h b/src/tools/tor-fw-helper/tor-fw-helper-natpmp.h
deleted file mode 100644
index 2d924ce750..0000000000
--- a/src/tools/tor-fw-helper/tor-fw-helper-natpmp.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* Copyright (c) 2010, Jacob Appelbaum, Steven J. Murdoch.
- * Copyright (c) 2010-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
-  * \file tor-fw-helper-natpmp.h
-  **/
-
-#ifdef NAT_PMP
-#ifndef TOR_TOR_FW_HELPER_NATPMP_H
-#define TOR_TOR_FW_HELPER_NATPMP_H
-
-#include <natpmp.h>
-
-/** This is the default NAT-PMP lease time in seconds. */
-#define NATPMP_DEFAULT_LEASE 3600
-/** NAT-PMP has many codes for success; this is one of them. */
-#define NATPMP_SUCCESS 0
-
-/** This is our NAT-PMP meta structure - it holds our request data, responses,
- * various NAT-PMP parameters, and of course the status of the motion in the
- * NAT-PMP ocean. */
-typedef struct natpmp_state_t {
-  natpmp_t natpmp;
-  natpmpresp_t response;
-  int fetch_public_ip;
-  int status;
-  int init; /**< Have we been initialized? */
-  int protocol; /**< This will only be TCP. */
-  int lease;
-} natpmp_state_t;
-
-const tor_fw_backend_t *tor_fw_get_natpmp_backend(void);
-
-int tor_natpmp_init(tor_fw_options_t *tor_fw_options, void *backend_state);
-
-int tor_natpmp_cleanup(tor_fw_options_t *tor_fw_options, void *backend_state);
-
-int tor_natpmp_add_tcp_mapping(uint16_t internal_port, uint16_t external_port,
-                               int is_verbose, void *backend_state);
-
-int tor_natpmp_fetch_public_ip(tor_fw_options_t *tor_fw_options,
-                               void *backend_state);
-
-#endif
-#endif
-
diff --git a/src/tools/tor-fw-helper/tor-fw-helper-upnp.c b/src/tools/tor-fw-helper/tor-fw-helper-upnp.c
deleted file mode 100644
index 692186d372..0000000000
--- a/src/tools/tor-fw-helper/tor-fw-helper-upnp.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* Copyright (c) 2010, Jacob Appelbaum, Steven J. Murdoch.
- * Copyright (c) 2010-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
-  * \file tor-fw-helper-upnp.c
-  * \brief The implementation of our UPnP firewall helper.
-  **/
-
-#include "orconfig.h"
-#ifdef MINIUPNPC
-#ifdef _WIN32
-#define STATICLIB
-#endif
-#include <stdint.h>
-#include <string.h>
-#include <stdio.h>
-
-#include <assert.h>
-
-#include "compat.h"
-#include "tor-fw-helper.h"
-#include "tor-fw-helper-upnp.h"
-
-/** UPnP timeout value. */
-#define UPNP_DISCOVER_TIMEOUT 2000
-/** Description of the port mapping in the UPnP table. */
-#define UPNP_DESC "Tor relay"
-
-/* XXX TODO: We should print these as a useful user string when we return the
- * number to a user */
-/** Magic numbers as miniupnpc return codes. */
-#define UPNP_ERR_SUCCESS 0
-#define UPNP_ERR_NODEVICESFOUND 1
-#define UPNP_ERR_NOIGDFOUND 2
-#define UPNP_ERR_ADDPORTMAPPING 3
-#define UPNP_ERR_GETPORTMAPPING 4
-#define UPNP_ERR_DELPORTMAPPING 5
-#define UPNP_ERR_GETEXTERNALIP 6
-#define UPNP_ERR_INVAL 7
-#define UPNP_ERR_OTHER 8
-#define UPNP_SUCCESS 1
-
-/** This hooks miniupnpc into our multi-backend API. */
-static tor_fw_backend_t tor_miniupnp_backend = {
-  "miniupnp",
-  sizeof(struct miniupnpc_state_t),
-  tor_upnp_init,
-  tor_upnp_cleanup,
-  tor_upnp_fetch_public_ip,
-  tor_upnp_add_tcp_mapping
-};
-
-/** Return the backend for miniupnp. */
-const tor_fw_backend_t *
-tor_fw_get_miniupnp_backend(void)
-{
-  return &tor_miniupnp_backend;
-}
-
-/** Initialize the UPnP backend and store the results in
- * <b>backend_state</b>.*/
-int
-tor_upnp_init(tor_fw_options_t *options, void *backend_state)
-{
-  /*
-    This leaks the user agent from the client to the router - perhaps we don't
-    want to do that? eg:
-
-    User-Agent: Ubuntu/10.04, UPnP/1.0, MiniUPnPc/1.4
-
-  */
-  miniupnpc_state_t *state = (miniupnpc_state_t *) backend_state;
-  struct UPNPDev *devlist;
-  int r;
-
-  memset(&(state->urls), 0, sizeof(struct UPNPUrls));
-  memset(&(state->data), 0, sizeof(struct IGDdatas));
-  state->init = 0;
-
-#ifdef MINIUPNPC15
-  devlist = upnpDiscover(UPNP_DISCOVER_TIMEOUT, NULL, NULL, 0);
-#else
-  devlist = upnpDiscover(UPNP_DISCOVER_TIMEOUT, NULL, NULL, 0, 0, NULL);
-#endif
-  if (NULL == devlist) {
-    fprintf(stderr, "E: upnpDiscover returned: NULL\n");
-    return UPNP_ERR_NODEVICESFOUND;
-  }
-
-  assert(options);
-  r = UPNP_GetValidIGD(devlist, &(state->urls), &(state->data),
-                       state->lanaddr, UPNP_LANADDR_SZ);
-  fprintf(stderr, "tor-fw-helper: UPnP GetValidIGD returned: %d (%s)\n", r,
-          r==UPNP_SUCCESS?"SUCCESS":"FAILED");
-
-  freeUPNPDevlist(devlist);
-
-  if (r != 1 && r != 2)
-    return UPNP_ERR_NOIGDFOUND;
-
-  state->init = 1;
-  return UPNP_ERR_SUCCESS;
-}
-
-/** Tear down the UPnP connection stored in <b>backend_state</b>.*/
-int
-tor_upnp_cleanup(tor_fw_options_t *options, void *backend_state)
-{
-
-  miniupnpc_state_t *state = (miniupnpc_state_t *) backend_state;
-  assert(options);
-
-  if (state->init)
-    FreeUPNPUrls(&(state->urls));
-  state->init = 0;
-
-  return UPNP_ERR_SUCCESS;
-}
-
-/** Fetch our likely public IP from our upstream UPnP IGD enabled NAT device.
- * Use the connection context stored in <b>backend_state</b>. */
-int
-tor_upnp_fetch_public_ip(tor_fw_options_t *options, void *backend_state)
-{
-  miniupnpc_state_t *state = (miniupnpc_state_t *) backend_state;
-  int r;
-  char externalIPAddress[16];
-
-  if (!state->init) {
-    r = tor_upnp_init(options, state);
-    if (r != UPNP_ERR_SUCCESS)
-      return r;
-  }
-
-  r = UPNP_GetExternalIPAddress(state->urls.controlURL,
-                                state->data.first.servicetype,
-                                externalIPAddress);
-
-  if (r != UPNPCOMMAND_SUCCESS)
-    goto err;
-
-  if (externalIPAddress[0]) {
-    fprintf(stderr, "tor-fw-helper: ExternalIPAddress = %s\n",
-            externalIPAddress); tor_upnp_cleanup(options, state);
-    options->public_ip_status = 1;
-    return UPNP_ERR_SUCCESS;
-  } else {
-    goto err;
-  }
-
- err:
-  tor_upnp_cleanup(options, state);
-  return UPNP_ERR_GETEXTERNALIP;
-}
-
-int
-tor_upnp_add_tcp_mapping(uint16_t internal_port, uint16_t external_port,
-                         int is_verbose, void *backend_state)
-{
-  int retval;
-  char internal_port_str[6];
-  char external_port_str[6];
-  miniupnpc_state_t *state = (miniupnpc_state_t *) backend_state;
-
-  if (!state->init) {
-    fprintf(stderr, "E: %s but state is not initialized.\n", __func__);
-    return -1;
-  }
-
-  if (is_verbose)
-    fprintf(stderr, "V: UPnP: internal port: %u, external port: %u\n",
-            internal_port, external_port);
-
-  tor_snprintf(internal_port_str, sizeof(internal_port_str),
-               "%u", internal_port);
-  tor_snprintf(external_port_str, sizeof(external_port_str),
-               "%u", external_port);
-
-  retval = UPNP_AddPortMapping(state->urls.controlURL,
-                               state->data.first.servicetype,
-                               external_port_str, internal_port_str,
-#ifdef MINIUPNPC15
-                               state->lanaddr, UPNP_DESC, "TCP", 0);
-#else
-                               state->lanaddr, UPNP_DESC, "TCP", 0, 0);
-#endif
-
-  return (retval == UPNP_ERR_SUCCESS) ? 0 : -1;
-}
-
-#endif
-
diff --git a/src/tools/tor-fw-helper/tor-fw-helper-upnp.h b/src/tools/tor-fw-helper/tor-fw-helper-upnp.h
deleted file mode 100644
index b6c7ed8643..0000000000
--- a/src/tools/tor-fw-helper/tor-fw-helper-upnp.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/* Copyright (c) 2010, Jacob Appelbaum, Steven J. Murdoch.
- * Copyright (c) 2010-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
-  * \file tor-fw-helper-upnp.h
-  * \brief The main header for our firewall helper.
-  **/
-
-#ifdef MINIUPNPC
-#ifndef TOR_TOR_FW_HELPER_UPNP_H
-#define TOR_TOR_FW_HELPER_UPNP_H
-
-#include <miniupnpc/miniwget.h>
-#include <miniupnpc/miniupnpc.h>
-#include <miniupnpc/upnpcommands.h>
-#include <miniupnpc/upnperrors.h>
-
-/** This is a magic number for miniupnpc lan address size. */
-#define UPNP_LANADDR_SZ 64
-
-/** This is our miniupnpc meta structure - it holds our request data,
- * responses, and various miniupnpc parameters. */
-typedef struct miniupnpc_state_t {
-  struct UPNPUrls urls;
-  struct IGDdatas data;
-  char lanaddr[UPNP_LANADDR_SZ];
-  int init;
-} miniupnpc_state_t;
-
-const tor_fw_backend_t *tor_fw_get_miniupnp_backend(void);
-
-int tor_upnp_init(tor_fw_options_t *options, void *backend_state);
-
-int tor_upnp_cleanup(tor_fw_options_t *options, void *backend_state);
-
-int tor_upnp_fetch_public_ip(tor_fw_options_t *options, void *backend_state);
-
-int tor_upnp_add_tcp_mapping(uint16_t internal_port, uint16_t external_port,
-                             int is_verbose, void *backend_state);
-
-#endif
-#endif
-
diff --git a/src/tools/tor-fw-helper/tor-fw-helper.c b/src/tools/tor-fw-helper/tor-fw-helper.c
deleted file mode 100644
index 84cc21e346..0000000000
--- a/src/tools/tor-fw-helper/tor-fw-helper.c
+++ /dev/null
@@ -1,501 +0,0 @@
-/* Copyright (c) 2010, Jacob Appelbaum, Steven J. Murdoch.
- * Copyright (c) 2010-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file tor-fw-helper.c
- * \brief The main wrapper around our firewall helper logic.
- **/
-
-/*
- * tor-fw-helper is a tool for opening firewalls with NAT-PMP and UPnP; this
- * tool is designed to be called by hand or by Tor by way of a exec() at a
- * later date.
- */
-
-#include "orconfig.h"
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <time.h>
-#include <string.h>
-#include <assert.h>
-
-#include "container.h"
-
-#ifdef _WIN32
-#include <winsock2.h>
-#endif
-
-#include "tor-fw-helper.h"
-#ifdef NAT_PMP
-#include "tor-fw-helper-natpmp.h"
-#endif
-#ifdef MINIUPNPC
-#include "tor-fw-helper-upnp.h"
-#endif
-
-/** This is our meta storage type - it holds information about each helper
-  including the total number of helper backends, function pointers, and helper
-  state. */
-typedef struct backends_t {
-  /** The total number of backends */
-  int n_backends;
-  /** The backend functions as an array */
-  tor_fw_backend_t backend_ops[MAX_BACKENDS];
-  /** The internal backend state */
-  void *backend_state[MAX_BACKENDS];
-} backends_t;
-
-/** Initialize each backend helper with the user input stored in <b>options</b>
- * and put the results in the <b>backends</b> struct. */
-static int
-init_backends(tor_fw_options_t *options, backends_t *backends)
-{
-  int n_available = 0;
-  int i, r, n;
-  tor_fw_backend_t *backend_ops_list[MAX_BACKENDS];
-  void *data = NULL;
-  /* First, build a list of the working backends. */
-  n = 0;
-#ifdef MINIUPNPC
-  backend_ops_list[n++] = (tor_fw_backend_t *) tor_fw_get_miniupnp_backend();
-#endif
-#ifdef NAT_PMP
-  backend_ops_list[n++] = (tor_fw_backend_t *) tor_fw_get_natpmp_backend();
-#endif
-  n_available = n;
-
-  /* Now, for each backend that might work, try to initialize it.
-   * That's how we roll, initialized.
-   */
-  n = 0;
-  for (i=0; i<n_available; ++i) {
-    data = calloc(1, backend_ops_list[i]->state_len);
-    if (!data) {
-      perror("calloc");
-      exit(1);
-    }
-    r = backend_ops_list[i]->init(options, data);
-    if (r == 0) {
-      backends->backend_ops[n] = *backend_ops_list[i];
-      backends->backend_state[n] = data;
-      n++;
-    } else {
-      free(data);
-    }
-  }
-  backends->n_backends = n;
-
-  return n;
-}
-
-/** Return the proper commandline switches when the user needs information. */
-static void
-usage(void)
-{
-  fprintf(stderr, "tor-fw-helper usage:\n"
-          " [-h|--help]\n"
-          " [-T|--test-commandline]\n"
-          " [-v|--verbose]\n"
-          " [-g|--fetch-public-ip]\n"
-          " [-p|--forward-port ([<external port>]:<internal port>)]\n");
-}
-
-/** Log commandline options to a hardcoded file <b>tor-fw-helper.log</b> in the
- * current working directory. */
-static int
-log_commandline_options(int argc, char **argv)
-{
-  int i, retval;
-  FILE *logfile;
-  time_t now;
-
-  /* Open the log file */
-  logfile = fopen("tor-fw-helper.log", "a");
-  if (NULL == logfile)
-    return -1;
-
-  /* Send all commandline arguments to the file */
-  now = time(NULL);
-  retval = fprintf(logfile, "START: %s\n", ctime(&now));
-  for (i = 0; i < argc; i++) {
-    retval = fprintf(logfile, "ARG: %d: %s\n", i, argv[i]);
-    if (retval < 0)
-      goto error;
-
-    retval = fprintf(stderr, "ARG: %d: %s\n", i, argv[i]);
-    if (retval < 0)
-      goto error;
-  }
-  now = time(NULL);
-  retval = fprintf(logfile, "END: %s\n", ctime(&now));
-
-  /* Close and clean up */
-  retval = fclose(logfile);
-  return retval;
-
-  /* If there was an error during writing */
- error:
-  fclose(logfile);
-  return -1;
-}
-
-/** Iterate over over each of the supported <b>backends</b> and attempt to
- * fetch the public ip. */
-static void
-tor_fw_fetch_public_ip(tor_fw_options_t *tor_fw_options,
-                       backends_t *backends)
-{
-  int i;
-  int r = 0;
-
-  if (tor_fw_options->verbose)
-    fprintf(stderr, "V: tor_fw_fetch_public_ip\n");
-
-  for (i=0; i<backends->n_backends; ++i) {
-    if (tor_fw_options->verbose) {
-        fprintf(stderr, "V: running backend_state now: %i\n", i);
-        fprintf(stderr, "V: size of backend state: %u\n",
-                (int)(backends->backend_ops)[i].state_len);
-        fprintf(stderr, "V: backend state name: %s\n",
-                (char *)(backends->backend_ops)[i].name);
-      }
-    r = backends->backend_ops[i].fetch_public_ip(tor_fw_options,
-                                                 backends->backend_state[i]);
-    fprintf(stderr, "tor-fw-helper: tor_fw_fetch_public_ip backend %s "
-            " returned: %i\n", (char *)(backends->backend_ops)[i].name, r);
-  }
-}
-
-/** Print a spec-conformant string to stdout describing the results of
- *  the TCP port forwarding operation from <b>external_port</b> to
- *  <b>internal_port</b>. */
-static void
-tor_fw_helper_report_port_fw_results(uint16_t internal_port,
-                                     uint16_t external_port,
-                                     int succeded,
-                                     const char *message)
-{
-  char *report_string = NULL;
-
-  tor_asprintf(&report_string, "%s %s %u %u %s %s\n",
-               "tor-fw-helper",
-               "tcp-forward",
-               external_port, internal_port,
-               succeded ? "SUCCESS" : "FAIL",
-               message);
-  fprintf(stdout, "%s", report_string);
-  fflush(stdout);
-  tor_free(report_string);
-}
-
-#define tor_fw_helper_report_port_fw_fail(i, e, m) \
-  tor_fw_helper_report_port_fw_results((i), (e), 0, (m))
-
-#define tor_fw_helper_report_port_fw_success(i, e, m) \
-  tor_fw_helper_report_port_fw_results((i), (e), 1, (m))
-
-/** Return a heap-allocated string containing the list of our
- *  backends. It can be used in log messages. Be sure to free it
- *  afterwards! */
-static char *
-get_list_of_backends_string(backends_t *backends)
-{
-  char *backend_names = NULL;
-  int i;
-  smartlist_t *backend_names_sl = smartlist_new();
-
-  assert(backends->n_backends);
-
-  for (i=0; i<backends->n_backends; ++i)
-    smartlist_add(backend_names_sl, (char *) backends->backend_ops[i].name);
-
-  backend_names = smartlist_join_strings(backend_names_sl, ", ", 0, NULL);
-  smartlist_free(backend_names_sl);
-
-  return backend_names;
-}
-
-/** Iterate over each of the supported <b>backends</b> and attempt to add a
- *  port forward for the port stored in <b>tor_fw_options</b>. */
-static void
-tor_fw_add_ports(tor_fw_options_t *tor_fw_options,
-                 backends_t *backends)
-{
-  int i;
-  int r = 0;
-  int succeeded = 0;
-
-  if (tor_fw_options->verbose)
-    fprintf(stderr, "V: %s\n", __func__);
-
-  /** Loop all ports that need to be forwarded, and try to use our
-   *  backends for each port. If a backend succeeds, break the loop,
-   *  report success and get to the next port. If all backends fail,
-   *  report failure for that port. */
-  SMARTLIST_FOREACH_BEGIN(tor_fw_options->ports_to_forward,
-                          port_to_forward_t *, port_to_forward) {
-
-    succeeded = 0;
-
-    for (i=0; i<backends->n_backends; ++i) {
-      if (tor_fw_options->verbose) {
-        fprintf(stderr, "V: running backend_state now: %i\n", i);
-        fprintf(stderr, "V: size of backend state: %u\n",
-                (int)(backends->backend_ops)[i].state_len);
-        fprintf(stderr, "V: backend state name: %s\n",
-                (const char *) backends->backend_ops[i].name);
-      }
-
-      r =
-       backends->backend_ops[i].add_tcp_mapping(port_to_forward->internal_port,
-                                                port_to_forward->external_port,
-                                                tor_fw_options->verbose,
-                                                backends->backend_state[i]);
-      if (r == 0) { /* backend success */
-        tor_fw_helper_report_port_fw_success(port_to_forward->internal_port,
-                                             port_to_forward->external_port,
-                                             backends->backend_ops[i].name);
-        succeeded = 1;
-        break;
-      }
-
-      fprintf(stderr, "tor-fw-helper: tor_fw_add_port backend %s "
-              "returned: %i\n",
-              (const char *) backends->backend_ops[i].name, r);
-    }
-
-    if (!succeeded) { /* all backends failed */
-      char *list_of_backends_str = get_list_of_backends_string(backends);
-      char *fail_msg = NULL;
-      tor_asprintf(&fail_msg, "All port forwarding backends (%s) failed.",
-                   list_of_backends_str);
-      tor_fw_helper_report_port_fw_fail(port_to_forward->internal_port,
-                                        port_to_forward->external_port,
-                                        fail_msg);
-      tor_free(list_of_backends_str);
-      tor_free(fail_msg);
-    }
-
-  } SMARTLIST_FOREACH_END(port_to_forward);
-}
-
-/** Called before we make any calls to network-related functions.
- * (Some operating systems require their network libraries to be
- * initialized.) (from common/compat.c) */
-static int
-tor_fw_helper_network_init(void)
-{
-#ifdef _WIN32
-  /* This silly exercise is necessary before windows will allow
-   * gethostbyname to work. */
-  WSADATA WSAData;
-  int r;
-  r = WSAStartup(0x101, &WSAData);
-  if (r) {
-    fprintf(stderr, "E: Error initializing Windows network layer "
-            "- code was %d", r);
-    return -1;
-  }
-  /* WSAData.iMaxSockets might show the max sockets we're allowed to use.
-   * We might use it to complain if we're trying to be a server but have
-   * too few sockets available. */
-#endif
-  return 0;
-}
-
-/** Parse the '-p' argument of tor-fw-helper. Its format is
- *  [<external port>]:<internal port>, and <external port> is optional.
- *  Return NULL if <b>arg</b> was c0rrupted. */
-static port_to_forward_t *
-parse_port(const char *arg)
-{
-  smartlist_t *sl = smartlist_new();
-  port_to_forward_t *port_to_forward = NULL;
-  char *port_str = NULL;
-  int ok;
-  int port;
-
-  smartlist_split_string(sl, arg, ":", 0, 0);
-  if (smartlist_len(sl) != 2)
-    goto err;
-
-  port_to_forward = tor_malloc(sizeof(port_to_forward_t));
-  if (!port_to_forward)
-    goto err;
-
-  port_str = smartlist_get(sl, 0); /* macroify ? */
-  port = (int)tor_parse_long(port_str, 10, 1, 65535, &ok, NULL);
-  if (!ok && strlen(port_str)) /* ":1555" is valid */
-    goto err;
-  port_to_forward->external_port = port;
-
-  port_str = smartlist_get(sl, 1);
-  port = (int)tor_parse_long(port_str, 10, 1, 65535, &ok, NULL);
-  if (!ok)
-    goto err;
-  port_to_forward->internal_port = port;
-
-  goto done;
-
- err:
-  tor_free(port_to_forward);
-
- done:
-  SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
-  smartlist_free(sl);
-
-  return port_to_forward;
-}
-
-/** Report a failure of epic proportions: We didn't manage to
- *  initialize any port forwarding backends. */
-static void
-report_full_fail(const smartlist_t *ports_to_forward)
-{
-  if (!ports_to_forward)
-    return;
-
-  SMARTLIST_FOREACH_BEGIN(ports_to_forward,
-                          const port_to_forward_t *, port_to_forward) {
-    tor_fw_helper_report_port_fw_fail(port_to_forward->internal_port,
-                                      port_to_forward->external_port,
-                                      "All backends (NAT-PMP, UPnP) failed "
-                                      "to initialize!"); /* XXX hardcoded */
-  } SMARTLIST_FOREACH_END(port_to_forward);
-}
-
-int
-main(int argc, char **argv)
-{
-  int r = 0;
-  int c = 0;
-
-  tor_fw_options_t tor_fw_options;
-  backends_t backend_state;
-
-  memset(&tor_fw_options, 0, sizeof(tor_fw_options));
-  memset(&backend_state, 0, sizeof(backend_state));
-
-  // Parse CLI arguments.
-  while (1) {
-    int option_index = 0;
-    static struct option long_options[] =
-      {
-        {"verbose", 0, 0, 'v'},
-        {"help", 0, 0, 'h'},
-        {"port", 1, 0, 'p'},
-        {"fetch-public-ip", 0, 0, 'g'},
-        {"test-commandline", 0, 0, 'T'},
-        {0, 0, 0, 0}
-      };
-
-    c = getopt_long(argc, argv, "vhp:gT",
-                    long_options, &option_index);
-    if (c == -1)
-      break;
-
-    switch (c) {
-      case 'v': tor_fw_options.verbose = 1; break;
-      case 'h': tor_fw_options.help = 1; usage(); exit(1); break;
-      case 'p': {
-        port_to_forward_t *port_to_forward = parse_port(optarg);
-        if (!port_to_forward) {
-          fprintf(stderr, "E: Failed to parse '%s'.\n", optarg);
-          usage();
-          exit(1);
-        }
-
-        /* If no external port was given (it's optional), set it to be
-         * equal with the internal port. */
-        if (!port_to_forward->external_port) {
-          assert(port_to_forward->internal_port);
-          if (tor_fw_options.verbose)
-            fprintf(stderr, "V: No external port was given. Setting to %u.\n",
-                    port_to_forward->internal_port);
-          port_to_forward->external_port = port_to_forward->internal_port;
-        }
-
-        if (!tor_fw_options.ports_to_forward)
-          tor_fw_options.ports_to_forward = smartlist_new();
-
-        smartlist_add(tor_fw_options.ports_to_forward, port_to_forward);
-
-        break;
-      }
-      case 'g': tor_fw_options.fetch_public_ip = 1; break;
-      case 'T': tor_fw_options.test_commandline = 1; break;
-      case '?': break;
-      default : fprintf(stderr, "Unknown option!\n"); usage(); exit(1);
-    }
-  }
-
-  { // Verbose output
-
-    if (tor_fw_options.verbose)
-      fprintf(stderr, "V: tor-fw-helper version %s\n"
-              "V: We were called with the following arguments:\n"
-              "V: verbose = %d, help = %d, fetch_public_ip = %u\n",
-              tor_fw_version, tor_fw_options.verbose, tor_fw_options.help,
-              tor_fw_options.fetch_public_ip);
-
-    if (tor_fw_options.verbose && tor_fw_options.ports_to_forward) {
-      fprintf(stderr, "V: TCP forwarding:\n");
-      SMARTLIST_FOREACH(tor_fw_options.ports_to_forward,
-                        const port_to_forward_t *, port_to_forward,
-                        fprintf(stderr, "V: External: %u, Internal: %u\n",
-                                port_to_forward->external_port,
-                                port_to_forward->internal_port));
-    }
-  }
-
-  if (tor_fw_options.test_commandline) {
-    return log_commandline_options(argc, argv);
-  }
-
-  // See if the user actually wants us to do something.
-  if (!tor_fw_options.fetch_public_ip && !tor_fw_options.ports_to_forward) {
-    fprintf(stderr, "E: We require a port to be forwarded or "
-            "fetch_public_ip request!\n");
-    usage();
-    exit(1);
-  }
-
-  // Initialize networking
-  if (tor_fw_helper_network_init())
-    exit(1);
-
-  // Initalize the various fw-helper backend helpers
-  r = init_backends(&tor_fw_options, &backend_state);
-  if (!r) { // all backends failed:
-    // report our failure
-    report_full_fail(tor_fw_options.ports_to_forward);
-    fprintf(stderr, "tor-fw-helper: All backends failed.\n");
-    exit(1);
-  } else { // some backends succeeded:
-    fprintf(stderr, "tor-fw-helper: %i NAT traversal helper(s) loaded\n", r);
-  }
-
-  // Forward TCP ports.
-  if (tor_fw_options.ports_to_forward) {
-    tor_fw_add_ports(&tor_fw_options, &backend_state);
-  }
-
-  // Fetch our public IP.
-  if (tor_fw_options.fetch_public_ip) {
-    tor_fw_fetch_public_ip(&tor_fw_options, &backend_state);
-  }
-
-  // Cleanup and exit.
-  if (tor_fw_options.ports_to_forward) {
-    SMARTLIST_FOREACH(tor_fw_options.ports_to_forward,
-                      port_to_forward_t *, port,
-                      tor_free(port));
-    smartlist_free(tor_fw_options.ports_to_forward);
-  }
-
-  exit(0);
-}
-
diff --git a/src/tools/tor-fw-helper/tor-fw-helper.h b/src/tools/tor-fw-helper/tor-fw-helper.h
deleted file mode 100644
index 0b0d179935..0000000000
--- a/src/tools/tor-fw-helper/tor-fw-helper.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/* Copyright (c) 2010, Jacob Appelbaum, Steven J. Murdoch.
- * Copyright (c) 2010-2013, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
-  * \file tor-fw-helper.h
-  * \brief The main header for our firewall helper.
-  **/
-
-#ifndef TOR_TOR_FW_HELPER_H
-#define TOR_TOR_FW_HELPER_H
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <time.h>
-
-/** The current version of tor-fw-helper. */
-#define tor_fw_version "0.2"
-
-/** This is an arbitrary hard limit - We currently have two (NAT-PMP and UPnP).
- We're likely going to add the Intel UPnP library but nothing else comes to
- mind at the moment. */
-#define MAX_BACKENDS 23
-
-/** Forward traffic received in port <b>external_port</b> in the
- *  external side of our NAT to <b>internal_port</b> in this host. */
-typedef struct {
-  uint16_t external_port;
-  uint16_t internal_port;
-} port_to_forward_t;
-
-/** This is where we store parsed commandline options. */
-typedef struct {
-  int verbose;
-  int help;
-  int test_commandline;
-  struct smartlist_t *ports_to_forward;
-  int fetch_public_ip;
-  int nat_pmp_status;
-  int upnp_status;
-  int public_ip_status;
-} tor_fw_options_t;
-
-/** This is our main structure that defines our backend helper API; each helper
- * must conform to these public methods if it expects to be handled in a
- * non-special way. */
-typedef struct tor_fw_backend_t {
-  const char *name;
-  size_t state_len;
-  int (*init)(tor_fw_options_t *options, void *backend_state);
-  int (*cleanup)(tor_fw_options_t *options, void *backend_state);
-  int (*fetch_public_ip)(tor_fw_options_t *options, void *backend_state);
-  int (*add_tcp_mapping)(uint16_t internal_port, uint16_t external_port,
-                         int is_verbose, void *backend_state);
-} tor_fw_backend_t;
-#endif
-
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index e799df5cad..ed6c0667a1 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
@@ -13,6 +13,20 @@
 #include <unistd.h>
 #endif
 
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in
+ * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with
+ * -Wredundant-decl. */
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
@@ -20,6 +34,14 @@
 #include <openssl/obj_mac.h>
 #include <openssl/err.h>
 
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
+#endif
+
 #include <errno.h>
 #if 0
 #include <stdlib.h>
@@ -28,10 +50,11 @@
 #endif
 
 #include "compat.h"
-#include "../common/util.h"
-#include "../common/torlog.h"
+#include "util.h"
+#include "torlog.h"
 #include "crypto.h"
 #include "address.h"
+#include "util_format.h"
 
 #define IDENTITY_KEY_BITS 3072
 #define SIGNING_KEY_BITS 2048
@@ -95,14 +118,21 @@ load_passphrase(void)
 {
   char *cp;
   char buf[1024]; /* "Ought to be enough for anybody." */
+  memset(buf, 0, sizeof(buf)); /* should be needless */
   ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0);
   if (n < 0) {
     log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
             strerror(errno));
     return -1;
   }
+  /* We'll take everything from the buffer except for optional terminating
+   * newline. */
   cp = memchr(buf, '\n', n);
-  passphrase_len = cp-buf;
+  if (cp == NULL) {
+    passphrase_len = n;
+  } else {
+    passphrase_len = cp-buf;
+  }
   passphrase = tor_strndup(buf, passphrase_len);
   memwipe(buf, 0, sizeof(buf));
   return 0;
@@ -134,18 +164,30 @@ parse_commandline(int argc, char **argv)
         fprintf(stderr, "No argument to -i\n");
         return 1;
       }
+      if (identity_key_file) {
+        fprintf(stderr, "Duplicate values for -i\n");
+        return -1;
+      }
       identity_key_file = tor_strdup(argv[++i]);
     } else if (!strcmp(argv[i], "-s")) {
       if (i+1>=argc) {
         fprintf(stderr, "No argument to -s\n");
         return 1;
       }
+      if (signing_key_file) {
+        fprintf(stderr, "Duplicate values for -s\n");
+        return -1;
+      }
       signing_key_file = tor_strdup(argv[++i]);
     } else if (!strcmp(argv[i], "-c")) {
       if (i+1>=argc) {
         fprintf(stderr, "No argument to -c\n");
         return 1;
       }
+      if (certificate_file) {
+        fprintf(stderr, "Duplicate values for -c\n");
+        return -1;
+      }
       certificate_file = tor_strdup(argv[++i]);
     } else if (!strcmp(argv[i], "-m")) {
       if (i+1>=argc) {
@@ -174,8 +216,7 @@ parse_commandline(int argc, char **argv)
         return 1;
       in.s_addr = htonl(addr);
       tor_inet_ntoa(&in, b, sizeof(b));
-      address = tor_malloc(INET_NTOA_BUF_LEN+32);
-      tor_snprintf(address, INET_NTOA_BUF_LEN+32, "%s:%d", b, (int)port);
+      tor_asprintf(&address, "%s:%d", b, (int)port);
     } else if (!strcmp(argv[i], "--create-identity-key")) {
       make_new_id = 1;
     } else if (!strcmp(argv[i], "--passphrase-fd")) {
@@ -383,17 +424,18 @@ key_to_string(EVP_PKEY *key)
   b = BIO_new(BIO_s_mem());
   if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
     crypto_log_errors(LOG_WARN, "writing public key to string");
+    RSA_free(rsa);
     return NULL;
   }
 
   BIO_get_mem_ptr(b, &buf);
-  (void) BIO_set_close(b, BIO_NOCLOSE);
-  BIO_free(b);
   result = tor_malloc(buf->length + 1);
   memcpy(result, buf->data, buf->length);
   result[buf->length] = 0;
-  BUF_MEM_free(buf);
 
+  BIO_free(b);
+
+  RSA_free(rsa);
   return result;
 }
 
@@ -469,12 +511,16 @@ generate_certificate(void)
   tor_free(signing);
 
   /* Append a cross-certification */
+  RSA *rsa = EVP_PKEY_get1_RSA(signing_key);
   r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest,
                           (unsigned char*)signature,
-                          EVP_PKEY_get1_RSA(signing_key),
+                          rsa,
                           RSA_PKCS1_PADDING);
+  RSA_free(rsa);
+
   signed_len = strlen(buf);
-  base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r);
+  base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,
+                BASE64_ENCODE_MULTILINE);
 
   strlcat(buf,
           "-----END ID SIGNATURE-----\n"
@@ -483,13 +529,16 @@ generate_certificate(void)
   signed_len = strlen(buf);
   SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest);
 
+  rsa = EVP_PKEY_get1_RSA(identity_key);
   r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest,
                           (unsigned char*)signature,
-                          EVP_PKEY_get1_RSA(identity_key),
+                          rsa,
                           RSA_PKCS1_PADDING);
+  RSA_free(rsa);
   strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf));
   signed_len = strlen(buf);
-  base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r);
+  base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,
+                BASE64_ENCODE_MULTILINE);
   strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
 
   if (!(f = fopen(certificate_file, "w"))) {
@@ -513,14 +562,14 @@ int
 main(int argc, char **argv)
 {
   int r = 1;
-  init_logging();
+  init_logging(1);
 
   /* Don't bother using acceleration. */
   if (crypto_global_init(0, NULL, NULL)) {
     fprintf(stderr, "Couldn't initialize crypto library.\n");
     return 1;
   }
-  if (crypto_seed_rng(1)) {
+  if (crypto_seed_rng()) {
     fprintf(stderr, "Couldn't seed RNG.\n");
     goto done;
   }
@@ -552,6 +601,7 @@ main(int argc, char **argv)
   tor_free(identity_key_file);
   tor_free(signing_key_file);
   tor_free(certificate_file);
+  tor_free(address);
 
   crypto_global_cleanup();
   return r;
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index 480c7e52ca..29f85c4d17 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -1,13 +1,13 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
- * Copyright (c) 2007-2013, The Tor Project, Inc.
+ * Copyright (c) 2007-2015, The Tor Project, Inc.
  */
 /* See LICENSE for licensing information */
 
 #include "orconfig.h"
 #include "compat.h"
-#include "../common/util.h"
+#include "util.h"
 #include "address.h"
-#include "../common/torlog.h"
+#include "torlog.h"
 #include "sandbox.h"
 
 #include <stdio.h>
@@ -33,13 +33,9 @@
 #endif
 
 #ifdef _WIN32
-#if defined(_MSC_VER) && (_MSC_VER <= 1300)
-#include <winsock.h>
-#else
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#endif
 
 #define RESPONSE_LEN_4 8
 #define log_sock_error(act, _s)                                         \
@@ -108,6 +104,18 @@ build_socks_resolve_request(char **out,
   return len;
 }
 
+static void
+onion_warning(const char *hostname)
+{
+  log_warn(LD_NET,
+        "%s is a hidden service; those don't have IP addresses. "
+        "You can use the AutomapHostsOnResolve option to have Tor return a "
+        "fake address for hidden services.  Or you can have your "
+        "application send the address to Tor directly; we recommend an "
+        "application that uses SOCKS 5 with hostnames.",
+           hostname);
+}
+
 /** Given a <b>len</b>-byte SOCKS4a response in <b>response</b>, set
  * *<b>addr_out</b> to the address it contains (in host order).
  * Return 0 on success, -1 on error.
@@ -137,10 +145,7 @@ parse_socks4a_resolve_response(const char *hostname,
   if (status != 90) {
     log_warn(LD_NET,"Got status response '%d': socks request failed.", status);
     if (!strcasecmpend(hostname, ".onion")) {
-      log_warn(LD_NET,
-        "%s is a hidden service; those don't have IP addresses. "
-        "To connect to a hidden service, you need to send the hostname "
-        "to Tor; we suggest an application that uses SOCKS 4a.",hostname);
+      onion_warning(hostname);
       return -1;
     }
     return -1;
@@ -276,11 +281,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
                (unsigned)reply_buf[1],
                socks5_reason_to_string(reply_buf[1]));
       if (reply_buf[1] == 4 && !strcasecmpend(hostname, ".onion")) {
-        log_warn(LD_NET,
-            "%s is a hidden service; those don't have IP addresses. "
-            "To connect to a hidden service, you need to send the hostname "
-            "to Tor; we suggest an application that uses SOCKS 4a.",
-            hostname);
+        onion_warning(hostname);
       }
       goto err;
     }
@@ -326,8 +327,8 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
 static void
 usage(void)
 {
-  puts("Syntax: tor-resolve [-4] [-v] [-x] [-F] [-p port] "
-       "hostname [sockshost:socksport]");
+  puts("Syntax: tor-resolve [-4] [-5] [-v] [-x] [-p port] "
+       "hostname [sockshost[:socksport]]");
   exit(1);
 }
 
@@ -344,7 +345,7 @@ main(int argc, char **argv)
   char *result_hostname = NULL;
   log_severity_list_t *s = tor_malloc_zero(sizeof(log_severity_list_t));
 
-  init_logging();
+  init_logging(1);
   sandbox_disable_getaddrinfo_cache();
 
   arg = &argv[1];
diff --git a/src/trunnel/README b/src/trunnel/README
new file mode 100644
index 0000000000..e24aea0764
--- /dev/null
+++ b/src/trunnel/README
@@ -0,0 +1,21 @@
+This directory contains code for use with, and code made by, the
+automatic code generation tool "Trunnel".
+
+Trunnel generates binary parsers and formatters for simple data
+structures. It aims for human-readable, obviously-correct outputs over
+maximum efficiency or flexibility.
+
+The .trunnel files are the inputs here; the .c and .h files are the outputs.
+
+To add a new structure:
+   - Add a new .trunnel file or expand an existing one to describe the format
+     of the structure.
+   - Regenerate the .c and .h files.  To do this, you run
+     "scripts/codegen/run_trunnel.sh".  You'll need trunnel installed.
+   - Add the .trunnel, .c, and .h files to include.am
+
+For the Trunnel source code, and more documentation about using Trunnel,
+see https://gitweb.torproject.org/trunnel.git , especially
+    https://gitweb.torproject.org/trunnel.git/tree/README
+and https://gitweb.torproject.org/trunnel.git/tree/doc/trunnel.md
+
diff --git a/src/trunnel/ed25519_cert.c b/src/trunnel/ed25519_cert.c
new file mode 100644
index 0000000000..f495743667
--- /dev/null
+++ b/src/trunnel/ed25519_cert.c
@@ -0,0 +1,889 @@
+/* ed25519_cert.c -- generated by Trunnel v1.4.4.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#include <stdlib.h>
+#include "trunnel-impl.h"
+
+#include "ed25519_cert.h"
+
+#define TRUNNEL_SET_ERROR_CODE(obj) \
+  do {                              \
+    (obj)->trunnel_error_code_ = 1; \
+  } while (0)
+
+#if defined(__COVERITY__) || defined(__clang_analyzer__)
+/* If we're runnning a static analysis tool, we don't want it to complain
+ * that some of our remaining-bytes checks are dead-code. */
+int edcert_deadcode_dummy__ = 0;
+#define OR_DEADCODE_DUMMY || edcert_deadcode_dummy__
+#else
+#define OR_DEADCODE_DUMMY
+#endif
+
+#define CHECK_REMAINING(nbytes, label)                           \
+  do {                                                           \
+    if (remaining < (nbytes) OR_DEADCODE_DUMMY) {                \
+      goto label;                                                \
+    }                                                            \
+  } while (0)
+
+ed25519_cert_extension_t *
+ed25519_cert_extension_new(void)
+{
+  ed25519_cert_extension_t *val = trunnel_calloc(1, sizeof(ed25519_cert_extension_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+ed25519_cert_extension_clear(ed25519_cert_extension_t *obj)
+{
+  (void) obj;
+  TRUNNEL_DYNARRAY_WIPE(&obj->un_unparsed);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->un_unparsed);
+}
+
+void
+ed25519_cert_extension_free(ed25519_cert_extension_t *obj)
+{
+  if (obj == NULL)
+    return;
+  ed25519_cert_extension_clear(obj);
+  trunnel_memwipe(obj, sizeof(ed25519_cert_extension_t));
+  trunnel_free_(obj);
+}
+
+uint16_t
+ed25519_cert_extension_get_ext_length(ed25519_cert_extension_t *inp)
+{
+  return inp->ext_length;
+}
+int
+ed25519_cert_extension_set_ext_length(ed25519_cert_extension_t *inp, uint16_t val)
+{
+  inp->ext_length = val;
+  return 0;
+}
+uint8_t
+ed25519_cert_extension_get_ext_type(ed25519_cert_extension_t *inp)
+{
+  return inp->ext_type;
+}
+int
+ed25519_cert_extension_set_ext_type(ed25519_cert_extension_t *inp, uint8_t val)
+{
+  inp->ext_type = val;
+  return 0;
+}
+uint8_t
+ed25519_cert_extension_get_ext_flags(ed25519_cert_extension_t *inp)
+{
+  return inp->ext_flags;
+}
+int
+ed25519_cert_extension_set_ext_flags(ed25519_cert_extension_t *inp, uint8_t val)
+{
+  inp->ext_flags = val;
+  return 0;
+}
+size_t
+ed25519_cert_extension_getlen_un_signing_key(const ed25519_cert_extension_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+ed25519_cert_extension_get_un_signing_key(const ed25519_cert_extension_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->un_signing_key[idx];
+}
+
+int
+ed25519_cert_extension_set_un_signing_key(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->un_signing_key[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+ed25519_cert_extension_getarray_un_signing_key(ed25519_cert_extension_t *inp)
+{
+  return inp->un_signing_key;
+}
+size_t
+ed25519_cert_extension_getlen_un_unparsed(const ed25519_cert_extension_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->un_unparsed);
+}
+
+uint8_t
+ed25519_cert_extension_get_un_unparsed(ed25519_cert_extension_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->un_unparsed, idx);
+}
+
+int
+ed25519_cert_extension_set_un_unparsed(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->un_unparsed, idx, elt);
+  return 0;
+}
+int
+ed25519_cert_extension_add_un_unparsed(ed25519_cert_extension_t *inp, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->un_unparsed, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint8_t *
+ed25519_cert_extension_getarray_un_unparsed(ed25519_cert_extension_t *inp)
+{
+  return inp->un_unparsed.elts_;
+}
+int
+ed25519_cert_extension_setlen_un_unparsed(ed25519_cert_extension_t *inp, size_t newlen)
+{
+  uint8_t *newptr;
+  newptr = trunnel_dynarray_setlen(&inp->un_unparsed.allocated_,
+                 &inp->un_unparsed.n_, inp->un_unparsed.elts_, newlen,
+                 sizeof(inp->un_unparsed.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->un_unparsed.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+const char *
+ed25519_cert_extension_check(const ed25519_cert_extension_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  switch (obj->ext_type) {
+
+    case CERTEXT_SIGNED_WITH_KEY:
+      break;
+
+    default:
+      break;
+  }
+  return NULL;
+}
+
+ssize_t
+ed25519_cert_extension_encoded_len(const ed25519_cert_extension_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != ed25519_cert_extension_check(obj))
+     return -1;
+
+
+  /* Length of u16 ext_length */
+  result += 2;
+
+  /* Length of u8 ext_type */
+  result += 1;
+
+  /* Length of u8 ext_flags */
+  result += 1;
+  switch (obj->ext_type) {
+
+    case CERTEXT_SIGNED_WITH_KEY:
+
+      /* Length of u8 un_signing_key[32] */
+      result += 32;
+      break;
+
+    default:
+
+      /* Length of u8 un_unparsed[] */
+      result += TRUNNEL_DYNARRAY_LEN(&obj->un_unparsed);
+      break;
+  }
+  return result;
+}
+int
+ed25519_cert_extension_clear_errors(ed25519_cert_extension_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+ed25519_cert_extension_encode(uint8_t *output, const size_t avail, const ed25519_cert_extension_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = ed25519_cert_extension_encoded_len(obj);
+#endif
+
+  uint8_t *backptr_ext_length = NULL;
+
+  if (NULL != (msg = ed25519_cert_extension_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u16 ext_length */
+  backptr_ext_length = ptr;
+  trunnel_assert(written <= avail);
+  if (avail - written < 2)
+    goto truncated;
+  trunnel_set_uint16(ptr, trunnel_htons(obj->ext_length));
+  written += 2; ptr += 2;
+
+  /* Encode u8 ext_type */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->ext_type));
+  written += 1; ptr += 1;
+
+  /* Encode u8 ext_flags */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->ext_flags));
+  written += 1; ptr += 1;
+  {
+    size_t written_before_union = written;
+
+    /* Encode union un[ext_type] */
+    trunnel_assert(written <= avail);
+    switch (obj->ext_type) {
+
+      case CERTEXT_SIGNED_WITH_KEY:
+
+        /* Encode u8 un_signing_key[32] */
+        trunnel_assert(written <= avail);
+        if (avail - written < 32)
+          goto truncated;
+        memcpy(ptr, obj->un_signing_key, 32);
+        written += 32; ptr += 32;
+        break;
+
+      default:
+
+        /* Encode u8 un_unparsed[] */
+        {
+          size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->un_unparsed);
+          trunnel_assert(written <= avail);
+          if (avail - written < elt_len)
+            goto truncated;
+          if (elt_len)
+            memcpy(ptr, obj->un_unparsed.elts_, elt_len);
+          written += elt_len; ptr += elt_len;
+        }
+        break;
+    }
+    /* Write the length field back to ext_length */
+    trunnel_assert(written >= written_before_union);
+#if UINT16_MAX < SIZE_MAX
+    if (written - written_before_union > UINT16_MAX)
+      goto check_failed;
+#endif
+    trunnel_set_uint16(backptr_ext_length, trunnel_htons(written - written_before_union));
+  }
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As ed25519_cert_extension_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+ed25519_cert_extension_parse_into(ed25519_cert_extension_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u16 ext_length */
+  CHECK_REMAINING(2, truncated);
+  obj->ext_length = trunnel_ntohs(trunnel_get_uint16(ptr));
+  remaining -= 2; ptr += 2;
+
+  /* Parse u8 ext_type */
+  CHECK_REMAINING(1, truncated);
+  obj->ext_type = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse u8 ext_flags */
+  CHECK_REMAINING(1, truncated);
+  obj->ext_flags = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+  {
+    size_t remaining_after;
+    CHECK_REMAINING(obj->ext_length, truncated);
+    remaining_after = remaining - obj->ext_length;
+    remaining = obj->ext_length;
+
+    /* Parse union un[ext_type] */
+    switch (obj->ext_type) {
+
+      case CERTEXT_SIGNED_WITH_KEY:
+
+        /* Parse u8 un_signing_key[32] */
+        CHECK_REMAINING(32, fail);
+        memcpy(obj->un_signing_key, ptr, 32);
+        remaining -= 32; ptr += 32;
+        break;
+
+      default:
+
+        /* Parse u8 un_unparsed[] */
+        TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->un_unparsed, remaining, {});
+        obj->un_unparsed.n_ = remaining;
+        if (remaining)
+          memcpy(obj->un_unparsed.elts_, ptr, remaining);
+        ptr += remaining; remaining -= remaining;
+        break;
+    }
+    if (remaining != 0)
+      goto fail;
+    remaining = remaining_after;
+  }
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ trunnel_alloc_failed:
+  return -1;
+ fail:
+  result = -1;
+  return result;
+}
+
+ssize_t
+ed25519_cert_extension_parse(ed25519_cert_extension_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = ed25519_cert_extension_new();
+  if (NULL == *output)
+    return -1;
+  result = ed25519_cert_extension_parse_into(*output, input, len_in);
+  if (result < 0) {
+    ed25519_cert_extension_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
+ed25519_cert_t *
+ed25519_cert_new(void)
+{
+  ed25519_cert_t *val = trunnel_calloc(1, sizeof(ed25519_cert_t));
+  if (NULL == val)
+    return NULL;
+  val->version = 1;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+ed25519_cert_clear(ed25519_cert_t *obj)
+{
+  (void) obj;
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
+      ed25519_cert_extension_free(TRUNNEL_DYNARRAY_GET(&obj->ext, idx));
+    }
+  }
+  TRUNNEL_DYNARRAY_WIPE(&obj->ext);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->ext);
+}
+
+void
+ed25519_cert_free(ed25519_cert_t *obj)
+{
+  if (obj == NULL)
+    return;
+  ed25519_cert_clear(obj);
+  trunnel_memwipe(obj, sizeof(ed25519_cert_t));
+  trunnel_free_(obj);
+}
+
+uint8_t
+ed25519_cert_get_version(ed25519_cert_t *inp)
+{
+  return inp->version;
+}
+int
+ed25519_cert_set_version(ed25519_cert_t *inp, uint8_t val)
+{
+  if (! ((val == 1))) {
+     TRUNNEL_SET_ERROR_CODE(inp);
+     return -1;
+  }
+  inp->version = val;
+  return 0;
+}
+uint8_t
+ed25519_cert_get_cert_type(ed25519_cert_t *inp)
+{
+  return inp->cert_type;
+}
+int
+ed25519_cert_set_cert_type(ed25519_cert_t *inp, uint8_t val)
+{
+  inp->cert_type = val;
+  return 0;
+}
+uint32_t
+ed25519_cert_get_exp_field(ed25519_cert_t *inp)
+{
+  return inp->exp_field;
+}
+int
+ed25519_cert_set_exp_field(ed25519_cert_t *inp, uint32_t val)
+{
+  inp->exp_field = val;
+  return 0;
+}
+uint8_t
+ed25519_cert_get_cert_key_type(ed25519_cert_t *inp)
+{
+  return inp->cert_key_type;
+}
+int
+ed25519_cert_set_cert_key_type(ed25519_cert_t *inp, uint8_t val)
+{
+  inp->cert_key_type = val;
+  return 0;
+}
+size_t
+ed25519_cert_getlen_certified_key(const ed25519_cert_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+ed25519_cert_get_certified_key(const ed25519_cert_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->certified_key[idx];
+}
+
+int
+ed25519_cert_set_certified_key(ed25519_cert_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->certified_key[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+ed25519_cert_getarray_certified_key(ed25519_cert_t *inp)
+{
+  return inp->certified_key;
+}
+uint8_t
+ed25519_cert_get_n_extensions(ed25519_cert_t *inp)
+{
+  return inp->n_extensions;
+}
+int
+ed25519_cert_set_n_extensions(ed25519_cert_t *inp, uint8_t val)
+{
+  inp->n_extensions = val;
+  return 0;
+}
+size_t
+ed25519_cert_getlen_ext(const ed25519_cert_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->ext);
+}
+
+struct ed25519_cert_extension_st *
+ed25519_cert_get_ext(ed25519_cert_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->ext, idx);
+}
+
+int
+ed25519_cert_set_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt)
+{
+  ed25519_cert_extension_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->ext, idx);
+  if (oldval && oldval != elt)
+    ed25519_cert_extension_free(oldval);
+  return ed25519_cert_set0_ext(inp, idx, elt);
+}
+int
+ed25519_cert_set0_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->ext, idx, elt);
+  return 0;
+}
+int
+ed25519_cert_add_ext(ed25519_cert_t *inp, struct ed25519_cert_extension_st * elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+  if (inp->ext.n_ == UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  TRUNNEL_DYNARRAY_ADD(struct ed25519_cert_extension_st *, &inp->ext, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+struct ed25519_cert_extension_st * *
+ed25519_cert_getarray_ext(ed25519_cert_t *inp)
+{
+  return inp->ext.elts_;
+}
+int
+ed25519_cert_setlen_ext(ed25519_cert_t *inp, size_t newlen)
+{
+  struct ed25519_cert_extension_st * *newptr;
+#if UINT8_MAX < SIZE_MAX
+  if (newlen > UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  newptr = trunnel_dynarray_setlen(&inp->ext.allocated_,
+                 &inp->ext.n_, inp->ext.elts_, newlen,
+                 sizeof(inp->ext.elts_[0]), (trunnel_free_fn_t) ed25519_cert_extension_free,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->ext.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+size_t
+ed25519_cert_getlen_signature(const ed25519_cert_t *inp)
+{
+  (void)inp;  return 64;
+}
+
+uint8_t
+ed25519_cert_get_signature(const ed25519_cert_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 64);
+  return inp->signature[idx];
+}
+
+int
+ed25519_cert_set_signature(ed25519_cert_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 64);
+  inp->signature[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+ed25519_cert_getarray_signature(ed25519_cert_t *inp)
+{
+  return inp->signature;
+}
+const char *
+ed25519_cert_check(const ed25519_cert_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  if (! (obj->version == 1))
+    return "Integer out of bounds";
+  {
+    const char *msg;
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
+      if (NULL != (msg = ed25519_cert_extension_check(TRUNNEL_DYNARRAY_GET(&obj->ext, idx))))
+        return msg;
+    }
+  }
+  if (TRUNNEL_DYNARRAY_LEN(&obj->ext) != obj->n_extensions)
+    return "Length mismatch for ext";
+  return NULL;
+}
+
+ssize_t
+ed25519_cert_encoded_len(const ed25519_cert_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != ed25519_cert_check(obj))
+     return -1;
+
+
+  /* Length of u8 version IN [1] */
+  result += 1;
+
+  /* Length of u8 cert_type */
+  result += 1;
+
+  /* Length of u32 exp_field */
+  result += 4;
+
+  /* Length of u8 cert_key_type */
+  result += 1;
+
+  /* Length of u8 certified_key[32] */
+  result += 32;
+
+  /* Length of u8 n_extensions */
+  result += 1;
+
+  /* Length of struct ed25519_cert_extension ext[n_extensions] */
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
+      result += ed25519_cert_extension_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->ext, idx));
+    }
+  }
+
+  /* Length of u8 signature[64] */
+  result += 64;
+  return result;
+}
+int
+ed25519_cert_clear_errors(ed25519_cert_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+ed25519_cert_encode(uint8_t *output, const size_t avail, const ed25519_cert_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = ed25519_cert_encoded_len(obj);
+#endif
+
+  if (NULL != (msg = ed25519_cert_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u8 version IN [1] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->version));
+  written += 1; ptr += 1;
+
+  /* Encode u8 cert_type */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->cert_type));
+  written += 1; ptr += 1;
+
+  /* Encode u32 exp_field */
+  trunnel_assert(written <= avail);
+  if (avail - written < 4)
+    goto truncated;
+  trunnel_set_uint32(ptr, trunnel_htonl(obj->exp_field));
+  written += 4; ptr += 4;
+
+  /* Encode u8 cert_key_type */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->cert_key_type));
+  written += 1; ptr += 1;
+
+  /* Encode u8 certified_key[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->certified_key, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u8 n_extensions */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->n_extensions));
+  written += 1; ptr += 1;
+
+  /* Encode struct ed25519_cert_extension ext[n_extensions] */
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
+      trunnel_assert(written <= avail);
+      result = ed25519_cert_extension_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->ext, idx));
+      if (result < 0)
+        goto fail; /* XXXXXXX !*/
+      written += result; ptr += result;
+    }
+  }
+
+  /* Encode u8 signature[64] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 64)
+    goto truncated;
+  memcpy(ptr, obj->signature, 64);
+  written += 64; ptr += 64;
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As ed25519_cert_parse(), but do not allocate the output object.
+ */
+static ssize_t
+ed25519_cert_parse_into(ed25519_cert_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u8 version IN [1] */
+  CHECK_REMAINING(1, truncated);
+  obj->version = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+  if (! (obj->version == 1))
+    goto fail;
+
+  /* Parse u8 cert_type */
+  CHECK_REMAINING(1, truncated);
+  obj->cert_type = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse u32 exp_field */
+  CHECK_REMAINING(4, truncated);
+  obj->exp_field = trunnel_ntohl(trunnel_get_uint32(ptr));
+  remaining -= 4; ptr += 4;
+
+  /* Parse u8 cert_key_type */
+  CHECK_REMAINING(1, truncated);
+  obj->cert_key_type = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse u8 certified_key[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->certified_key, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u8 n_extensions */
+  CHECK_REMAINING(1, truncated);
+  obj->n_extensions = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse struct ed25519_cert_extension ext[n_extensions] */
+  TRUNNEL_DYNARRAY_EXPAND(ed25519_cert_extension_t *, &obj->ext, obj->n_extensions, {});
+  {
+    ed25519_cert_extension_t * elt;
+    unsigned idx;
+    for (idx = 0; idx < obj->n_extensions; ++idx) {
+      result = ed25519_cert_extension_parse(&elt, ptr, remaining);
+      if (result < 0)
+        goto relay_fail;
+      trunnel_assert((size_t)result <= remaining);
+      remaining -= result; ptr += result;
+      TRUNNEL_DYNARRAY_ADD(ed25519_cert_extension_t *, &obj->ext, elt, {ed25519_cert_extension_free(elt);});
+    }
+  }
+
+  /* Parse u8 signature[64] */
+  CHECK_REMAINING(64, truncated);
+  memcpy(obj->signature, ptr, 64);
+  remaining -= 64; ptr += 64;
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ relay_fail:
+  trunnel_assert(result < 0);
+  return result;
+ trunnel_alloc_failed:
+  return -1;
+ fail:
+  result = -1;
+  return result;
+}
+
+ssize_t
+ed25519_cert_parse(ed25519_cert_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = ed25519_cert_new();
+  if (NULL == *output)
+    return -1;
+  result = ed25519_cert_parse_into(*output, input, len_in);
+  if (result < 0) {
+    ed25519_cert_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
diff --git a/src/trunnel/ed25519_cert.h b/src/trunnel/ed25519_cert.h
new file mode 100644
index 0000000000..75a82d8aff
--- /dev/null
+++ b/src/trunnel/ed25519_cert.h
@@ -0,0 +1,288 @@
+/* ed25519_cert.h -- generated by by Trunnel v1.4.4.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#ifndef TRUNNEL_ED25519_CERT_H
+#define TRUNNEL_ED25519_CERT_H
+
+#include <stdint.h>
+#include "trunnel.h"
+
+#define CERTEXT_SIGNED_WITH_KEY 4
+#define CERTEXT_FLAG_AFFECTS_VALIDATION 1
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_ED25519_CERT_EXTENSION)
+struct ed25519_cert_extension_st {
+  uint16_t ext_length;
+  uint8_t ext_type;
+  uint8_t ext_flags;
+  uint8_t un_signing_key[32];
+  TRUNNEL_DYNARRAY_HEAD(, uint8_t) un_unparsed;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct ed25519_cert_extension_st ed25519_cert_extension_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_ED25519_CERT)
+struct ed25519_cert_st {
+  uint8_t version;
+  uint8_t cert_type;
+  uint32_t exp_field;
+  uint8_t cert_key_type;
+  uint8_t certified_key[32];
+  uint8_t n_extensions;
+  TRUNNEL_DYNARRAY_HEAD(, struct ed25519_cert_extension_st *) ext;
+  uint8_t signature[64];
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct ed25519_cert_st ed25519_cert_t;
+/** Return a newly allocated ed25519_cert_extension with all elements
+ * set to zero.
+ */
+ed25519_cert_extension_t *ed25519_cert_extension_new(void);
+/** Release all storage held by the ed25519_cert_extension in
+ * 'victim'. (Do nothing if 'victim' is NULL.)
+ */
+void ed25519_cert_extension_free(ed25519_cert_extension_t *victim);
+/** Try to parse a ed25519_cert_extension from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated ed25519_cert_extension_t. On failure, return -2 if the
+ * input appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t ed25519_cert_extension_parse(ed25519_cert_extension_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * ed25519_cert_extension in 'obj'. On failure, return a negative
+ * value. Note that this value may be an overestimate, and can even be
+ * an underestimate for certain unencodeable objects.
+ */
+ssize_t ed25519_cert_extension_encoded_len(const ed25519_cert_extension_t *obj);
+/** Try to encode the ed25519_cert_extension from 'input' into the
+ * buffer at 'output', using up to 'avail' bytes of the output buffer.
+ * On success, return the number of bytes used. On failure, return -2
+ * if the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t ed25519_cert_extension_encode(uint8_t *output, size_t avail, const ed25519_cert_extension_t *input);
+/** Check whether the internal state of the ed25519_cert_extension in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *ed25519_cert_extension_check(const ed25519_cert_extension_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int ed25519_cert_extension_clear_errors(ed25519_cert_extension_t *obj);
+/** Return the value of the ext_length field of the
+ * ed25519_cert_extension_t in 'inp'
+ */
+uint16_t ed25519_cert_extension_get_ext_length(ed25519_cert_extension_t *inp);
+/** Set the value of the ext_length field of the
+ * ed25519_cert_extension_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int ed25519_cert_extension_set_ext_length(ed25519_cert_extension_t *inp, uint16_t val);
+/** Return the value of the ext_type field of the
+ * ed25519_cert_extension_t in 'inp'
+ */
+uint8_t ed25519_cert_extension_get_ext_type(ed25519_cert_extension_t *inp);
+/** Set the value of the ext_type field of the
+ * ed25519_cert_extension_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int ed25519_cert_extension_set_ext_type(ed25519_cert_extension_t *inp, uint8_t val);
+/** Return the value of the ext_flags field of the
+ * ed25519_cert_extension_t in 'inp'
+ */
+uint8_t ed25519_cert_extension_get_ext_flags(ed25519_cert_extension_t *inp);
+/** Set the value of the ext_flags field of the
+ * ed25519_cert_extension_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int ed25519_cert_extension_set_ext_flags(ed25519_cert_extension_t *inp, uint8_t val);
+/** Return the (constant) length of the array holding the
+ * un_signing_key field of the ed25519_cert_extension_t in 'inp'.
+ */
+size_t ed25519_cert_extension_getlen_un_signing_key(const ed25519_cert_extension_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * un_signing_key of the ed25519_cert_extension_t in 'inp'.
+ */
+uint8_t ed25519_cert_extension_get_un_signing_key(const ed25519_cert_extension_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * un_signing_key of the ed25519_cert_extension_t in 'inp', so that it
+ * will hold the value 'elt'.
+ */
+int ed25519_cert_extension_set_un_signing_key(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field un_signing_key of
+ * 'inp'.
+ */
+uint8_t * ed25519_cert_extension_getarray_un_signing_key(ed25519_cert_extension_t *inp);
+/** Return the length of the dynamic array holding the un_unparsed
+ * field of the ed25519_cert_extension_t in 'inp'.
+ */
+size_t ed25519_cert_extension_getlen_un_unparsed(const ed25519_cert_extension_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * un_unparsed of the ed25519_cert_extension_t in 'inp'.
+ */
+uint8_t ed25519_cert_extension_get_un_unparsed(ed25519_cert_extension_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * un_unparsed of the ed25519_cert_extension_t in 'inp', so that it
+ * will hold the value 'elt'.
+ */
+int ed25519_cert_extension_set_un_unparsed(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field un_unparsed
+ * of the ed25519_cert_extension_t in 'inp'.
+ */
+int ed25519_cert_extension_add_un_unparsed(ed25519_cert_extension_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field un_unparsed of
+ * 'inp'.
+ */
+uint8_t * ed25519_cert_extension_getarray_un_unparsed(ed25519_cert_extension_t *inp);
+/** Change the length of the variable-length array field un_unparsed
+ * of 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int ed25519_cert_extension_setlen_un_unparsed(ed25519_cert_extension_t *inp, size_t newlen);
+/** Return a newly allocated ed25519_cert with all elements set to
+ * zero.
+ */
+ed25519_cert_t *ed25519_cert_new(void);
+/** Release all storage held by the ed25519_cert in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void ed25519_cert_free(ed25519_cert_t *victim);
+/** Try to parse a ed25519_cert from the buffer in 'input', using up
+ * to 'len_in' bytes from the input buffer. On success, return the
+ * number of bytes consumed and set *output to the newly allocated
+ * ed25519_cert_t. On failure, return -2 if the input appears
+ * truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t ed25519_cert_parse(ed25519_cert_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * ed25519_cert in 'obj'. On failure, return a negative value. Note
+ * that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t ed25519_cert_encoded_len(const ed25519_cert_t *obj);
+/** Try to encode the ed25519_cert from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t ed25519_cert_encode(uint8_t *output, size_t avail, const ed25519_cert_t *input);
+/** Check whether the internal state of the ed25519_cert in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *ed25519_cert_check(const ed25519_cert_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int ed25519_cert_clear_errors(ed25519_cert_t *obj);
+/** Return the value of the version field of the ed25519_cert_t in
+ * 'inp'
+ */
+uint8_t ed25519_cert_get_version(ed25519_cert_t *inp);
+/** Set the value of the version field of the ed25519_cert_t in 'inp'
+ * to 'val'. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int ed25519_cert_set_version(ed25519_cert_t *inp, uint8_t val);
+/** Return the value of the cert_type field of the ed25519_cert_t in
+ * 'inp'
+ */
+uint8_t ed25519_cert_get_cert_type(ed25519_cert_t *inp);
+/** Set the value of the cert_type field of the ed25519_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int ed25519_cert_set_cert_type(ed25519_cert_t *inp, uint8_t val);
+/** Return the value of the exp_field field of the ed25519_cert_t in
+ * 'inp'
+ */
+uint32_t ed25519_cert_get_exp_field(ed25519_cert_t *inp);
+/** Set the value of the exp_field field of the ed25519_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int ed25519_cert_set_exp_field(ed25519_cert_t *inp, uint32_t val);
+/** Return the value of the cert_key_type field of the ed25519_cert_t
+ * in 'inp'
+ */
+uint8_t ed25519_cert_get_cert_key_type(ed25519_cert_t *inp);
+/** Set the value of the cert_key_type field of the ed25519_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int ed25519_cert_set_cert_key_type(ed25519_cert_t *inp, uint8_t val);
+/** Return the (constant) length of the array holding the
+ * certified_key field of the ed25519_cert_t in 'inp'.
+ */
+size_t ed25519_cert_getlen_certified_key(const ed25519_cert_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * certified_key of the ed25519_cert_t in 'inp'.
+ */
+uint8_t ed25519_cert_get_certified_key(const ed25519_cert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * certified_key of the ed25519_cert_t in 'inp', so that it will hold
+ * the value 'elt'.
+ */
+int ed25519_cert_set_certified_key(ed25519_cert_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field certified_key of
+ * 'inp'.
+ */
+uint8_t * ed25519_cert_getarray_certified_key(ed25519_cert_t *inp);
+/** Return the value of the n_extensions field of the ed25519_cert_t
+ * in 'inp'
+ */
+uint8_t ed25519_cert_get_n_extensions(ed25519_cert_t *inp);
+/** Set the value of the n_extensions field of the ed25519_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int ed25519_cert_set_n_extensions(ed25519_cert_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the ext field of
+ * the ed25519_cert_t in 'inp'.
+ */
+size_t ed25519_cert_getlen_ext(const ed25519_cert_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * ext of the ed25519_cert_t in 'inp'.
+ */
+struct ed25519_cert_extension_st * ed25519_cert_get_ext(ed25519_cert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * ext of the ed25519_cert_t in 'inp', so that it will hold the value
+ * 'elt'. Free the previous value, if any.
+ */
+int ed25519_cert_set_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt);
+/** As ed25519_cert_set_ext, but does not free the previous value.
+ */
+int ed25519_cert_set0_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt);
+/** Append a new element 'elt' to the dynamic array field ext of the
+ * ed25519_cert_t in 'inp'.
+ */
+int ed25519_cert_add_ext(ed25519_cert_t *inp, struct ed25519_cert_extension_st * elt);
+/** Return a pointer to the variable-length array field ext of 'inp'.
+ */
+struct ed25519_cert_extension_st * * ed25519_cert_getarray_ext(ed25519_cert_t *inp);
+/** Change the length of the variable-length array field ext of 'inp'
+ * to 'newlen'.Fill extra elements with NULL; free removed elements.
+ * Return 0 on success; return -1 and set the error code on 'inp' on
+ * failure.
+ */
+int ed25519_cert_setlen_ext(ed25519_cert_t *inp, size_t newlen);
+/** Return the (constant) length of the array holding the signature
+ * field of the ed25519_cert_t in 'inp'.
+ */
+size_t ed25519_cert_getlen_signature(const ed25519_cert_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * signature of the ed25519_cert_t in 'inp'.
+ */
+uint8_t ed25519_cert_get_signature(const ed25519_cert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * signature of the ed25519_cert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int ed25519_cert_set_signature(ed25519_cert_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 64-element array field signature of 'inp'.
+ */
+uint8_t * ed25519_cert_getarray_signature(ed25519_cert_t *inp);
+
+
+#endif
diff --git a/src/trunnel/ed25519_cert.trunnel b/src/trunnel/ed25519_cert.trunnel
new file mode 100644
index 0000000000..c46f1b6c6b
--- /dev/null
+++ b/src/trunnel/ed25519_cert.trunnel
@@ -0,0 +1,76 @@
+
+struct ed25519_cert {
+  u8 version IN [1];
+  u8 cert_type;
+  u32 exp_field;
+  u8 cert_key_type;
+  u8 certified_key[32];
+  u8 n_extensions;
+  struct ed25519_cert_extension ext[n_extensions];
+  u8 signature[64];
+}
+
+const CERTEXT_SIGNED_WITH_KEY = 4;
+const CERTEXT_FLAG_AFFECTS_VALIDATION = 1;
+
+struct ed25519_cert_extension {
+  u16 ext_length;
+  u8 ext_type;
+  u8 ext_flags;
+  union un[ext_type] with length ext_length {
+    CERTEXT_SIGNED_WITH_KEY : u8 signing_key[32];
+    default: u8 unparsed[];
+  };
+}
+
+/*
+struct cert_revocation {
+  u8 prefix[8];
+  u8 version IN [1];
+  u8 keytype;
+  u8 identity_key[32];
+  u8 revoked_key[32];
+  u64 published;
+  u8 n_extensions;
+  struct cert_extension ext[n_extensions];
+  u8 signature[64];
+}
+
+struct crosscert_ed_rsa {
+  u8 ed_key[32];
+  u32 expiration_date;
+  u8 signature[128];
+}
+
+struct auth02_cell {
+  u8 type[8];
+  u8 cid[32];
+  u8 sid[32];
+  u8 cid_ed[32];
+  u8 sid_ed[32];
+  u8 slog[32];
+  u8 clog[32];
+  u8 scert[32];
+  u8 tlssecrets[32];
+  u8 rand[24];
+  u8 sig[64];
+}
+
+const LS_IPV4 = 0x00;
+const LS_IPV6 = 0x01;
+const LS_LEGACY_ID = 0x02;
+const LS_ED25519_ID = 0x03;
+
+// amended from tor.trunnel
+struct link_specifier {
+  u8 ls_type;
+  u8 ls_len;
+  union un[ls_type] with length ls_len {
+    LS_IPV4: u32 ipv4_addr; u16 ipv4_port;
+    LS_IPV6: u8 ipv6_addr[16]; u16 ipv6_port;
+    LS_LEGACY_ID: u8 legacy_id[20];
+    LS_ED25519_ID: u8 ed25519_id[32];
+    default: u8 unrecognized[];
+  };
+}
+*/
\ No newline at end of file
diff --git a/src/trunnel/include.am b/src/trunnel/include.am
new file mode 100644
index 0000000000..b1448b7cb2
--- /dev/null
+++ b/src/trunnel/include.am
@@ -0,0 +1,42 @@
+
+noinst_LIBRARIES += \
+	src/trunnel/libor-trunnel.a
+
+if UNITTESTS_ENABLED
+noinst_LIBRARIES += \
+	src/trunnel/libor-trunnel-testing.a
+endif
+
+AM_CPPFLAGS += -I$(srcdir)/src/ext/trunnel -I$(srcdir)/src/trunnel
+
+TRUNNELINPUTS = \
+	src/trunnel/ed25519_cert.trunnel \
+	src/trunnel/link_handshake.trunnel \
+	src/trunnel/pwbox.trunnel
+
+TRUNNELSOURCES = \
+	src/ext/trunnel/trunnel.c \
+	src/trunnel/ed25519_cert.c \
+	src/trunnel/link_handshake.c \
+	src/trunnel/pwbox.c
+
+TRUNNELHEADERS = \
+	src/ext/trunnel/trunnel.h		\
+	src/ext/trunnel/trunnel-impl.h		\
+	src/trunnel/trunnel-local.h 		\
+	src/trunnel/ed25519_cert.h		\
+	src/trunnel/link_handshake.h	 	\
+	src/trunnel/pwbox.h
+
+src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES)
+src_trunnel_libor_trunnel_a_CPPFLAGS = -DTRUNNEL_LOCAL_H $(AM_CPPFLAGS)
+
+src_trunnel_libor_trunnel_testing_a_SOURCES = $(TRUNNELSOURCES)
+src_trunnel_libor_trunnel_testing_a_CPPFLAGS = -DTRUNNEL_LOCAL_H $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_trunnel_libor_trunnel_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+
+noinst_HEADERS+= $(TRUNNELHEADERS)
+
+EXTRA_DIST += \
+	src/trunnel/README
+
diff --git a/src/trunnel/link_handshake.c b/src/trunnel/link_handshake.c
new file mode 100644
index 0000000000..3ef7341ae9
--- /dev/null
+++ b/src/trunnel/link_handshake.c
@@ -0,0 +1,1891 @@
+/* link_handshake.c -- generated by Trunnel v1.4.4.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#include <stdlib.h>
+#include "trunnel-impl.h"
+
+#include "link_handshake.h"
+
+#define TRUNNEL_SET_ERROR_CODE(obj) \
+  do {                              \
+    (obj)->trunnel_error_code_ = 1; \
+  } while (0)
+
+#if defined(__COVERITY__) || defined(__clang_analyzer__)
+/* If we're runnning a static analysis tool, we don't want it to complain
+ * that some of our remaining-bytes checks are dead-code. */
+int linkhandshake_deadcode_dummy__ = 0;
+#define OR_DEADCODE_DUMMY || linkhandshake_deadcode_dummy__
+#else
+#define OR_DEADCODE_DUMMY
+#endif
+
+#define CHECK_REMAINING(nbytes, label)                           \
+  do {                                                           \
+    if (remaining < (nbytes) OR_DEADCODE_DUMMY) {                \
+      goto label;                                                \
+    }                                                            \
+  } while (0)
+
+auth_challenge_cell_t *
+auth_challenge_cell_new(void)
+{
+  auth_challenge_cell_t *val = trunnel_calloc(1, sizeof(auth_challenge_cell_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+auth_challenge_cell_clear(auth_challenge_cell_t *obj)
+{
+  (void) obj;
+  TRUNNEL_DYNARRAY_WIPE(&obj->methods);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->methods);
+}
+
+void
+auth_challenge_cell_free(auth_challenge_cell_t *obj)
+{
+  if (obj == NULL)
+    return;
+  auth_challenge_cell_clear(obj);
+  trunnel_memwipe(obj, sizeof(auth_challenge_cell_t));
+  trunnel_free_(obj);
+}
+
+size_t
+auth_challenge_cell_getlen_challenge(const auth_challenge_cell_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth_challenge_cell_get_challenge(const auth_challenge_cell_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->challenge[idx];
+}
+
+int
+auth_challenge_cell_set_challenge(auth_challenge_cell_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->challenge[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth_challenge_cell_getarray_challenge(auth_challenge_cell_t *inp)
+{
+  return inp->challenge;
+}
+uint16_t
+auth_challenge_cell_get_n_methods(auth_challenge_cell_t *inp)
+{
+  return inp->n_methods;
+}
+int
+auth_challenge_cell_set_n_methods(auth_challenge_cell_t *inp, uint16_t val)
+{
+  inp->n_methods = val;
+  return 0;
+}
+size_t
+auth_challenge_cell_getlen_methods(const auth_challenge_cell_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->methods);
+}
+
+uint16_t
+auth_challenge_cell_get_methods(auth_challenge_cell_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->methods, idx);
+}
+
+int
+auth_challenge_cell_set_methods(auth_challenge_cell_t *inp, size_t idx, uint16_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->methods, idx, elt);
+  return 0;
+}
+int
+auth_challenge_cell_add_methods(auth_challenge_cell_t *inp, uint16_t elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+  if (inp->methods.n_ == UINT16_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  TRUNNEL_DYNARRAY_ADD(uint16_t, &inp->methods, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint16_t *
+auth_challenge_cell_getarray_methods(auth_challenge_cell_t *inp)
+{
+  return inp->methods.elts_;
+}
+int
+auth_challenge_cell_setlen_methods(auth_challenge_cell_t *inp, size_t newlen)
+{
+  uint16_t *newptr;
+#if UINT16_MAX < SIZE_MAX
+  if (newlen > UINT16_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  newptr = trunnel_dynarray_setlen(&inp->methods.allocated_,
+                 &inp->methods.n_, inp->methods.elts_, newlen,
+                 sizeof(inp->methods.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->methods.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+const char *
+auth_challenge_cell_check(const auth_challenge_cell_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  if (TRUNNEL_DYNARRAY_LEN(&obj->methods) != obj->n_methods)
+    return "Length mismatch for methods";
+  return NULL;
+}
+
+ssize_t
+auth_challenge_cell_encoded_len(const auth_challenge_cell_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != auth_challenge_cell_check(obj))
+     return -1;
+
+
+  /* Length of u8 challenge[32] */
+  result += 32;
+
+  /* Length of u16 n_methods */
+  result += 2;
+
+  /* Length of u16 methods[n_methods] */
+  result += 2 * TRUNNEL_DYNARRAY_LEN(&obj->methods);
+  return result;
+}
+int
+auth_challenge_cell_clear_errors(auth_challenge_cell_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+auth_challenge_cell_encode(uint8_t *output, const size_t avail, const auth_challenge_cell_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = auth_challenge_cell_encoded_len(obj);
+#endif
+
+  if (NULL != (msg = auth_challenge_cell_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u8 challenge[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->challenge, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u16 n_methods */
+  trunnel_assert(written <= avail);
+  if (avail - written < 2)
+    goto truncated;
+  trunnel_set_uint16(ptr, trunnel_htons(obj->n_methods));
+  written += 2; ptr += 2;
+
+  /* Encode u16 methods[n_methods] */
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->methods); ++idx) {
+      trunnel_assert(written <= avail);
+      if (avail - written < 2)
+        goto truncated;
+      trunnel_set_uint16(ptr, trunnel_htons(TRUNNEL_DYNARRAY_GET(&obj->methods, idx)));
+      written += 2; ptr += 2;
+    }
+  }
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As auth_challenge_cell_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+auth_challenge_cell_parse_into(auth_challenge_cell_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u8 challenge[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->challenge, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u16 n_methods */
+  CHECK_REMAINING(2, truncated);
+  obj->n_methods = trunnel_ntohs(trunnel_get_uint16(ptr));
+  remaining -= 2; ptr += 2;
+
+  /* Parse u16 methods[n_methods] */
+  TRUNNEL_DYNARRAY_EXPAND(uint16_t, &obj->methods, obj->n_methods, {});
+  {
+    uint16_t elt;
+    unsigned idx;
+    for (idx = 0; idx < obj->n_methods; ++idx) {
+      CHECK_REMAINING(2, truncated);
+      elt = trunnel_ntohs(trunnel_get_uint16(ptr));
+      remaining -= 2; ptr += 2;
+      TRUNNEL_DYNARRAY_ADD(uint16_t, &obj->methods, elt, {});
+    }
+  }
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ trunnel_alloc_failed:
+  return -1;
+}
+
+ssize_t
+auth_challenge_cell_parse(auth_challenge_cell_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = auth_challenge_cell_new();
+  if (NULL == *output)
+    return -1;
+  result = auth_challenge_cell_parse_into(*output, input, len_in);
+  if (result < 0) {
+    auth_challenge_cell_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
+auth_ctx_t *
+auth_ctx_new(void)
+{
+  auth_ctx_t *val = trunnel_calloc(1, sizeof(auth_ctx_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+auth_ctx_clear(auth_ctx_t *obj)
+{
+  (void) obj;
+}
+
+void
+auth_ctx_free(auth_ctx_t *obj)
+{
+  if (obj == NULL)
+    return;
+  auth_ctx_clear(obj);
+  trunnel_memwipe(obj, sizeof(auth_ctx_t));
+  trunnel_free_(obj);
+}
+
+uint8_t
+auth_ctx_get_is_ed(auth_ctx_t *inp)
+{
+  return inp->is_ed;
+}
+int
+auth_ctx_set_is_ed(auth_ctx_t *inp, uint8_t val)
+{
+  inp->is_ed = val;
+  return 0;
+}
+certs_cell_cert_t *
+certs_cell_cert_new(void)
+{
+  certs_cell_cert_t *val = trunnel_calloc(1, sizeof(certs_cell_cert_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+certs_cell_cert_clear(certs_cell_cert_t *obj)
+{
+  (void) obj;
+  TRUNNEL_DYNARRAY_WIPE(&obj->body);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->body);
+}
+
+void
+certs_cell_cert_free(certs_cell_cert_t *obj)
+{
+  if (obj == NULL)
+    return;
+  certs_cell_cert_clear(obj);
+  trunnel_memwipe(obj, sizeof(certs_cell_cert_t));
+  trunnel_free_(obj);
+}
+
+uint8_t
+certs_cell_cert_get_cert_type(certs_cell_cert_t *inp)
+{
+  return inp->cert_type;
+}
+int
+certs_cell_cert_set_cert_type(certs_cell_cert_t *inp, uint8_t val)
+{
+  inp->cert_type = val;
+  return 0;
+}
+uint16_t
+certs_cell_cert_get_cert_len(certs_cell_cert_t *inp)
+{
+  return inp->cert_len;
+}
+int
+certs_cell_cert_set_cert_len(certs_cell_cert_t *inp, uint16_t val)
+{
+  inp->cert_len = val;
+  return 0;
+}
+size_t
+certs_cell_cert_getlen_body(const certs_cell_cert_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->body);
+}
+
+uint8_t
+certs_cell_cert_get_body(certs_cell_cert_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->body, idx);
+}
+
+int
+certs_cell_cert_set_body(certs_cell_cert_t *inp, size_t idx, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->body, idx, elt);
+  return 0;
+}
+int
+certs_cell_cert_add_body(certs_cell_cert_t *inp, uint8_t elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+  if (inp->body.n_ == UINT16_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->body, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint8_t *
+certs_cell_cert_getarray_body(certs_cell_cert_t *inp)
+{
+  return inp->body.elts_;
+}
+int
+certs_cell_cert_setlen_body(certs_cell_cert_t *inp, size_t newlen)
+{
+  uint8_t *newptr;
+#if UINT16_MAX < SIZE_MAX
+  if (newlen > UINT16_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  newptr = trunnel_dynarray_setlen(&inp->body.allocated_,
+                 &inp->body.n_, inp->body.elts_, newlen,
+                 sizeof(inp->body.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->body.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+const char *
+certs_cell_cert_check(const certs_cell_cert_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  if (TRUNNEL_DYNARRAY_LEN(&obj->body) != obj->cert_len)
+    return "Length mismatch for body";
+  return NULL;
+}
+
+ssize_t
+certs_cell_cert_encoded_len(const certs_cell_cert_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != certs_cell_cert_check(obj))
+     return -1;
+
+
+  /* Length of u8 cert_type */
+  result += 1;
+
+  /* Length of u16 cert_len */
+  result += 2;
+
+  /* Length of u8 body[cert_len] */
+  result += TRUNNEL_DYNARRAY_LEN(&obj->body);
+  return result;
+}
+int
+certs_cell_cert_clear_errors(certs_cell_cert_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+certs_cell_cert_encode(uint8_t *output, const size_t avail, const certs_cell_cert_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = certs_cell_cert_encoded_len(obj);
+#endif
+
+  if (NULL != (msg = certs_cell_cert_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u8 cert_type */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->cert_type));
+  written += 1; ptr += 1;
+
+  /* Encode u16 cert_len */
+  trunnel_assert(written <= avail);
+  if (avail - written < 2)
+    goto truncated;
+  trunnel_set_uint16(ptr, trunnel_htons(obj->cert_len));
+  written += 2; ptr += 2;
+
+  /* Encode u8 body[cert_len] */
+  {
+    size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->body);
+    trunnel_assert(obj->cert_len == elt_len);
+    trunnel_assert(written <= avail);
+    if (avail - written < elt_len)
+      goto truncated;
+    if (elt_len)
+      memcpy(ptr, obj->body.elts_, elt_len);
+    written += elt_len; ptr += elt_len;
+  }
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As certs_cell_cert_parse(), but do not allocate the output object.
+ */
+static ssize_t
+certs_cell_cert_parse_into(certs_cell_cert_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u8 cert_type */
+  CHECK_REMAINING(1, truncated);
+  obj->cert_type = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse u16 cert_len */
+  CHECK_REMAINING(2, truncated);
+  obj->cert_len = trunnel_ntohs(trunnel_get_uint16(ptr));
+  remaining -= 2; ptr += 2;
+
+  /* Parse u8 body[cert_len] */
+  CHECK_REMAINING(obj->cert_len, truncated);
+  TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->body, obj->cert_len, {});
+  obj->body.n_ = obj->cert_len;
+  if (obj->cert_len)
+    memcpy(obj->body.elts_, ptr, obj->cert_len);
+  ptr += obj->cert_len; remaining -= obj->cert_len;
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ trunnel_alloc_failed:
+  return -1;
+}
+
+ssize_t
+certs_cell_cert_parse(certs_cell_cert_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = certs_cell_cert_new();
+  if (NULL == *output)
+    return -1;
+  result = certs_cell_cert_parse_into(*output, input, len_in);
+  if (result < 0) {
+    certs_cell_cert_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
+rsa_ed_crosscert_t *
+rsa_ed_crosscert_new(void)
+{
+  rsa_ed_crosscert_t *val = trunnel_calloc(1, sizeof(rsa_ed_crosscert_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+rsa_ed_crosscert_clear(rsa_ed_crosscert_t *obj)
+{
+  (void) obj;
+  TRUNNEL_DYNARRAY_WIPE(&obj->sig);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->sig);
+}
+
+void
+rsa_ed_crosscert_free(rsa_ed_crosscert_t *obj)
+{
+  if (obj == NULL)
+    return;
+  rsa_ed_crosscert_clear(obj);
+  trunnel_memwipe(obj, sizeof(rsa_ed_crosscert_t));
+  trunnel_free_(obj);
+}
+
+size_t
+rsa_ed_crosscert_getlen_ed_key(const rsa_ed_crosscert_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+rsa_ed_crosscert_get_ed_key(const rsa_ed_crosscert_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->ed_key[idx];
+}
+
+int
+rsa_ed_crosscert_set_ed_key(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->ed_key[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+rsa_ed_crosscert_getarray_ed_key(rsa_ed_crosscert_t *inp)
+{
+  return inp->ed_key;
+}
+uint32_t
+rsa_ed_crosscert_get_expiration(rsa_ed_crosscert_t *inp)
+{
+  return inp->expiration;
+}
+int
+rsa_ed_crosscert_set_expiration(rsa_ed_crosscert_t *inp, uint32_t val)
+{
+  inp->expiration = val;
+  return 0;
+}
+const uint8_t *
+rsa_ed_crosscert_get_end_of_signed(const rsa_ed_crosscert_t *inp)
+{
+  return inp->end_of_signed;
+}
+uint8_t
+rsa_ed_crosscert_get_sig_len(rsa_ed_crosscert_t *inp)
+{
+  return inp->sig_len;
+}
+int
+rsa_ed_crosscert_set_sig_len(rsa_ed_crosscert_t *inp, uint8_t val)
+{
+  inp->sig_len = val;
+  return 0;
+}
+size_t
+rsa_ed_crosscert_getlen_sig(const rsa_ed_crosscert_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->sig);
+}
+
+uint8_t
+rsa_ed_crosscert_get_sig(rsa_ed_crosscert_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->sig, idx);
+}
+
+int
+rsa_ed_crosscert_set_sig(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->sig, idx, elt);
+  return 0;
+}
+int
+rsa_ed_crosscert_add_sig(rsa_ed_crosscert_t *inp, uint8_t elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+  if (inp->sig.n_ == UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->sig, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint8_t *
+rsa_ed_crosscert_getarray_sig(rsa_ed_crosscert_t *inp)
+{
+  return inp->sig.elts_;
+}
+int
+rsa_ed_crosscert_setlen_sig(rsa_ed_crosscert_t *inp, size_t newlen)
+{
+  uint8_t *newptr;
+#if UINT8_MAX < SIZE_MAX
+  if (newlen > UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  newptr = trunnel_dynarray_setlen(&inp->sig.allocated_,
+                 &inp->sig.n_, inp->sig.elts_, newlen,
+                 sizeof(inp->sig.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->sig.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+const char *
+rsa_ed_crosscert_check(const rsa_ed_crosscert_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  if (TRUNNEL_DYNARRAY_LEN(&obj->sig) != obj->sig_len)
+    return "Length mismatch for sig";
+  return NULL;
+}
+
+ssize_t
+rsa_ed_crosscert_encoded_len(const rsa_ed_crosscert_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != rsa_ed_crosscert_check(obj))
+     return -1;
+
+
+  /* Length of u8 ed_key[32] */
+  result += 32;
+
+  /* Length of u32 expiration */
+  result += 4;
+
+  /* Length of u8 sig_len */
+  result += 1;
+
+  /* Length of u8 sig[sig_len] */
+  result += TRUNNEL_DYNARRAY_LEN(&obj->sig);
+  return result;
+}
+int
+rsa_ed_crosscert_clear_errors(rsa_ed_crosscert_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+rsa_ed_crosscert_encode(uint8_t *output, const size_t avail, const rsa_ed_crosscert_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = rsa_ed_crosscert_encoded_len(obj);
+#endif
+
+  if (NULL != (msg = rsa_ed_crosscert_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u8 ed_key[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->ed_key, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u32 expiration */
+  trunnel_assert(written <= avail);
+  if (avail - written < 4)
+    goto truncated;
+  trunnel_set_uint32(ptr, trunnel_htonl(obj->expiration));
+  written += 4; ptr += 4;
+
+  /* Encode u8 sig_len */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->sig_len));
+  written += 1; ptr += 1;
+
+  /* Encode u8 sig[sig_len] */
+  {
+    size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->sig);
+    trunnel_assert(obj->sig_len == elt_len);
+    trunnel_assert(written <= avail);
+    if (avail - written < elt_len)
+      goto truncated;
+    if (elt_len)
+      memcpy(ptr, obj->sig.elts_, elt_len);
+    written += elt_len; ptr += elt_len;
+  }
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As rsa_ed_crosscert_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+rsa_ed_crosscert_parse_into(rsa_ed_crosscert_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u8 ed_key[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->ed_key, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u32 expiration */
+  CHECK_REMAINING(4, truncated);
+  obj->expiration = trunnel_ntohl(trunnel_get_uint32(ptr));
+  remaining -= 4; ptr += 4;
+  obj->end_of_signed = ptr;
+
+  /* Parse u8 sig_len */
+  CHECK_REMAINING(1, truncated);
+  obj->sig_len = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse u8 sig[sig_len] */
+  CHECK_REMAINING(obj->sig_len, truncated);
+  TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->sig, obj->sig_len, {});
+  obj->sig.n_ = obj->sig_len;
+  if (obj->sig_len)
+    memcpy(obj->sig.elts_, ptr, obj->sig_len);
+  ptr += obj->sig_len; remaining -= obj->sig_len;
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ trunnel_alloc_failed:
+  return -1;
+}
+
+ssize_t
+rsa_ed_crosscert_parse(rsa_ed_crosscert_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = rsa_ed_crosscert_new();
+  if (NULL == *output)
+    return -1;
+  result = rsa_ed_crosscert_parse_into(*output, input, len_in);
+  if (result < 0) {
+    rsa_ed_crosscert_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
+auth1_t *
+auth1_new(void)
+{
+  auth1_t *val = trunnel_calloc(1, sizeof(auth1_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+auth1_clear(auth1_t *obj)
+{
+  (void) obj;
+  TRUNNEL_DYNARRAY_WIPE(&obj->sig);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->sig);
+}
+
+void
+auth1_free(auth1_t *obj)
+{
+  if (obj == NULL)
+    return;
+  auth1_clear(obj);
+  trunnel_memwipe(obj, sizeof(auth1_t));
+  trunnel_free_(obj);
+}
+
+size_t
+auth1_getlen_type(const auth1_t *inp)
+{
+  (void)inp;  return 8;
+}
+
+uint8_t
+auth1_get_type(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 8);
+  return inp->type[idx];
+}
+
+int
+auth1_set_type(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 8);
+  inp->type[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_type(auth1_t *inp)
+{
+  return inp->type;
+}
+size_t
+auth1_getlen_cid(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_cid(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->cid[idx];
+}
+
+int
+auth1_set_cid(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->cid[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_cid(auth1_t *inp)
+{
+  return inp->cid;
+}
+size_t
+auth1_getlen_sid(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_sid(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->sid[idx];
+}
+
+int
+auth1_set_sid(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->sid[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_sid(auth1_t *inp)
+{
+  return inp->sid;
+}
+size_t
+auth1_getlen_u1_cid_ed(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_u1_cid_ed(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->u1_cid_ed[idx];
+}
+
+int
+auth1_set_u1_cid_ed(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->u1_cid_ed[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_u1_cid_ed(auth1_t *inp)
+{
+  return inp->u1_cid_ed;
+}
+size_t
+auth1_getlen_u1_sid_ed(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_u1_sid_ed(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->u1_sid_ed[idx];
+}
+
+int
+auth1_set_u1_sid_ed(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->u1_sid_ed[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_u1_sid_ed(auth1_t *inp)
+{
+  return inp->u1_sid_ed;
+}
+size_t
+auth1_getlen_slog(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_slog(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->slog[idx];
+}
+
+int
+auth1_set_slog(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->slog[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_slog(auth1_t *inp)
+{
+  return inp->slog;
+}
+size_t
+auth1_getlen_clog(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_clog(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->clog[idx];
+}
+
+int
+auth1_set_clog(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->clog[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_clog(auth1_t *inp)
+{
+  return inp->clog;
+}
+size_t
+auth1_getlen_scert(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_scert(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->scert[idx];
+}
+
+int
+auth1_set_scert(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->scert[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_scert(auth1_t *inp)
+{
+  return inp->scert;
+}
+size_t
+auth1_getlen_tlssecrets(const auth1_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+auth1_get_tlssecrets(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->tlssecrets[idx];
+}
+
+int
+auth1_set_tlssecrets(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->tlssecrets[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_tlssecrets(auth1_t *inp)
+{
+  return inp->tlssecrets;
+}
+const uint8_t *
+auth1_get_end_of_fixed_part(const auth1_t *inp)
+{
+  return inp->end_of_fixed_part;
+}
+size_t
+auth1_getlen_rand(const auth1_t *inp)
+{
+  (void)inp;  return 24;
+}
+
+uint8_t
+auth1_get_rand(const auth1_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 24);
+  return inp->rand[idx];
+}
+
+int
+auth1_set_rand(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 24);
+  inp->rand[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+auth1_getarray_rand(auth1_t *inp)
+{
+  return inp->rand;
+}
+const uint8_t *
+auth1_get_end_of_signed(const auth1_t *inp)
+{
+  return inp->end_of_signed;
+}
+size_t
+auth1_getlen_sig(const auth1_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->sig);
+}
+
+uint8_t
+auth1_get_sig(auth1_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->sig, idx);
+}
+
+int
+auth1_set_sig(auth1_t *inp, size_t idx, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->sig, idx, elt);
+  return 0;
+}
+int
+auth1_add_sig(auth1_t *inp, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->sig, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint8_t *
+auth1_getarray_sig(auth1_t *inp)
+{
+  return inp->sig.elts_;
+}
+int
+auth1_setlen_sig(auth1_t *inp, size_t newlen)
+{
+  uint8_t *newptr;
+  newptr = trunnel_dynarray_setlen(&inp->sig.allocated_,
+                 &inp->sig.n_, inp->sig.elts_, newlen,
+                 sizeof(inp->sig.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->sig.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+const char *
+auth1_check(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  if (auth_ctx_ctx == NULL)
+    return "Context was NULL";
+  switch (auth_ctx_ctx->is_ed) {
+
+    case 0:
+      break;
+
+    case 1:
+      break;
+
+    default:
+        return "Bad tag for union";
+      break;
+  }
+  return NULL;
+}
+
+ssize_t
+auth1_encoded_len(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx)
+{
+  ssize_t result = 0;
+
+  if (NULL != auth1_check(obj, auth_ctx_ctx))
+     return -1;
+
+
+  /* Length of u8 type[8] */
+  result += 8;
+
+  /* Length of u8 cid[32] */
+  result += 32;
+
+  /* Length of u8 sid[32] */
+  result += 32;
+  switch (auth_ctx_ctx->is_ed) {
+
+    case 0:
+      break;
+
+    case 1:
+
+      /* Length of u8 u1_cid_ed[32] */
+      result += 32;
+
+      /* Length of u8 u1_sid_ed[32] */
+      result += 32;
+      break;
+
+    default:
+      trunnel_assert(0);
+      break;
+  }
+
+  /* Length of u8 slog[32] */
+  result += 32;
+
+  /* Length of u8 clog[32] */
+  result += 32;
+
+  /* Length of u8 scert[32] */
+  result += 32;
+
+  /* Length of u8 tlssecrets[32] */
+  result += 32;
+
+  /* Length of u8 rand[24] */
+  result += 24;
+
+  /* Length of u8 sig[] */
+  result += TRUNNEL_DYNARRAY_LEN(&obj->sig);
+  return result;
+}
+int
+auth1_clear_errors(auth1_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+auth1_encode(uint8_t *output, const size_t avail, const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = auth1_encoded_len(obj, auth_ctx_ctx);
+#endif
+
+  if (NULL != (msg = auth1_check(obj, auth_ctx_ctx)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u8 type[8] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 8)
+    goto truncated;
+  memcpy(ptr, obj->type, 8);
+  written += 8; ptr += 8;
+
+  /* Encode u8 cid[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->cid, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u8 sid[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->sid, 32);
+  written += 32; ptr += 32;
+
+  /* Encode union u1[auth_ctx.is_ed] */
+  trunnel_assert(written <= avail);
+  switch (auth_ctx_ctx->is_ed) {
+
+    case 0:
+      break;
+
+    case 1:
+
+      /* Encode u8 u1_cid_ed[32] */
+      trunnel_assert(written <= avail);
+      if (avail - written < 32)
+        goto truncated;
+      memcpy(ptr, obj->u1_cid_ed, 32);
+      written += 32; ptr += 32;
+
+      /* Encode u8 u1_sid_ed[32] */
+      trunnel_assert(written <= avail);
+      if (avail - written < 32)
+        goto truncated;
+      memcpy(ptr, obj->u1_sid_ed, 32);
+      written += 32; ptr += 32;
+      break;
+
+    default:
+      trunnel_assert(0);
+      break;
+  }
+
+  /* Encode u8 slog[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->slog, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u8 clog[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->clog, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u8 scert[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->scert, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u8 tlssecrets[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32)
+    goto truncated;
+  memcpy(ptr, obj->tlssecrets, 32);
+  written += 32; ptr += 32;
+
+  /* Encode u8 rand[24] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 24)
+    goto truncated;
+  memcpy(ptr, obj->rand, 24);
+  written += 24; ptr += 24;
+
+  /* Encode u8 sig[] */
+  {
+    size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->sig);
+    trunnel_assert(written <= avail);
+    if (avail - written < elt_len)
+      goto truncated;
+    if (elt_len)
+      memcpy(ptr, obj->sig.elts_, elt_len);
+    written += elt_len; ptr += elt_len;
+  }
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As auth1_parse(), but do not allocate the output object.
+ */
+static ssize_t
+auth1_parse_into(auth1_t *obj, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+  if (auth_ctx_ctx == NULL)
+    return -1;
+
+  /* Parse u8 type[8] */
+  CHECK_REMAINING(8, truncated);
+  memcpy(obj->type, ptr, 8);
+  remaining -= 8; ptr += 8;
+
+  /* Parse u8 cid[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->cid, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u8 sid[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->sid, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse union u1[auth_ctx.is_ed] */
+  switch (auth_ctx_ctx->is_ed) {
+
+    case 0:
+      break;
+
+    case 1:
+
+      /* Parse u8 u1_cid_ed[32] */
+      CHECK_REMAINING(32, truncated);
+      memcpy(obj->u1_cid_ed, ptr, 32);
+      remaining -= 32; ptr += 32;
+
+      /* Parse u8 u1_sid_ed[32] */
+      CHECK_REMAINING(32, truncated);
+      memcpy(obj->u1_sid_ed, ptr, 32);
+      remaining -= 32; ptr += 32;
+      break;
+
+    default:
+      goto fail;
+      break;
+  }
+
+  /* Parse u8 slog[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->slog, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u8 clog[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->clog, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u8 scert[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->scert, ptr, 32);
+  remaining -= 32; ptr += 32;
+
+  /* Parse u8 tlssecrets[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->tlssecrets, ptr, 32);
+  remaining -= 32; ptr += 32;
+  obj->end_of_fixed_part = ptr;
+
+  /* Parse u8 rand[24] */
+  CHECK_REMAINING(24, truncated);
+  memcpy(obj->rand, ptr, 24);
+  remaining -= 24; ptr += 24;
+  obj->end_of_signed = ptr;
+
+  /* Parse u8 sig[] */
+  TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->sig, remaining, {});
+  obj->sig.n_ = remaining;
+  if (remaining)
+    memcpy(obj->sig.elts_, ptr, remaining);
+  ptr += remaining; remaining -= remaining;
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ trunnel_alloc_failed:
+  return -1;
+ fail:
+  result = -1;
+  return result;
+}
+
+ssize_t
+auth1_parse(auth1_t **output, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx)
+{
+  ssize_t result;
+  *output = auth1_new();
+  if (NULL == *output)
+    return -1;
+  result = auth1_parse_into(*output, input, len_in, auth_ctx_ctx);
+  if (result < 0) {
+    auth1_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
+certs_cell_t *
+certs_cell_new(void)
+{
+  certs_cell_t *val = trunnel_calloc(1, sizeof(certs_cell_t));
+  if (NULL == val)
+    return NULL;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+certs_cell_clear(certs_cell_t *obj)
+{
+  (void) obj;
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+      certs_cell_cert_free(TRUNNEL_DYNARRAY_GET(&obj->certs, idx));
+    }
+  }
+  TRUNNEL_DYNARRAY_WIPE(&obj->certs);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->certs);
+}
+
+void
+certs_cell_free(certs_cell_t *obj)
+{
+  if (obj == NULL)
+    return;
+  certs_cell_clear(obj);
+  trunnel_memwipe(obj, sizeof(certs_cell_t));
+  trunnel_free_(obj);
+}
+
+uint8_t
+certs_cell_get_n_certs(certs_cell_t *inp)
+{
+  return inp->n_certs;
+}
+int
+certs_cell_set_n_certs(certs_cell_t *inp, uint8_t val)
+{
+  inp->n_certs = val;
+  return 0;
+}
+size_t
+certs_cell_getlen_certs(const certs_cell_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->certs);
+}
+
+struct certs_cell_cert_st *
+certs_cell_get_certs(certs_cell_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->certs, idx);
+}
+
+int
+certs_cell_set_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt)
+{
+  certs_cell_cert_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->certs, idx);
+  if (oldval && oldval != elt)
+    certs_cell_cert_free(oldval);
+  return certs_cell_set0_certs(inp, idx, elt);
+}
+int
+certs_cell_set0_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->certs, idx, elt);
+  return 0;
+}
+int
+certs_cell_add_certs(certs_cell_t *inp, struct certs_cell_cert_st * elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+  if (inp->certs.n_ == UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  TRUNNEL_DYNARRAY_ADD(struct certs_cell_cert_st *, &inp->certs, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+struct certs_cell_cert_st * *
+certs_cell_getarray_certs(certs_cell_t *inp)
+{
+  return inp->certs.elts_;
+}
+int
+certs_cell_setlen_certs(certs_cell_t *inp, size_t newlen)
+{
+  struct certs_cell_cert_st * *newptr;
+#if UINT8_MAX < SIZE_MAX
+  if (newlen > UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  newptr = trunnel_dynarray_setlen(&inp->certs.allocated_,
+                 &inp->certs.n_, inp->certs.elts_, newlen,
+                 sizeof(inp->certs.elts_[0]), (trunnel_free_fn_t) certs_cell_cert_free,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->certs.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+const char *
+certs_cell_check(const certs_cell_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  {
+    const char *msg;
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+      if (NULL != (msg = certs_cell_cert_check(TRUNNEL_DYNARRAY_GET(&obj->certs, idx))))
+        return msg;
+    }
+  }
+  if (TRUNNEL_DYNARRAY_LEN(&obj->certs) != obj->n_certs)
+    return "Length mismatch for certs";
+  return NULL;
+}
+
+ssize_t
+certs_cell_encoded_len(const certs_cell_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != certs_cell_check(obj))
+     return -1;
+
+
+  /* Length of u8 n_certs */
+  result += 1;
+
+  /* Length of struct certs_cell_cert certs[n_certs] */
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+      result += certs_cell_cert_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->certs, idx));
+    }
+  }
+  return result;
+}
+int
+certs_cell_clear_errors(certs_cell_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+certs_cell_encode(uint8_t *output, const size_t avail, const certs_cell_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = certs_cell_encoded_len(obj);
+#endif
+
+  if (NULL != (msg = certs_cell_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u8 n_certs */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->n_certs));
+  written += 1; ptr += 1;
+
+  /* Encode struct certs_cell_cert certs[n_certs] */
+  {
+
+    unsigned idx;
+    for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+      trunnel_assert(written <= avail);
+      result = certs_cell_cert_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->certs, idx));
+      if (result < 0)
+        goto fail; /* XXXXXXX !*/
+      written += result; ptr += result;
+    }
+  }
+
+
+  trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As certs_cell_parse(), but do not allocate the output object.
+ */
+static ssize_t
+certs_cell_parse_into(certs_cell_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u8 n_certs */
+  CHECK_REMAINING(1, truncated);
+  obj->n_certs = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse struct certs_cell_cert certs[n_certs] */
+  TRUNNEL_DYNARRAY_EXPAND(certs_cell_cert_t *, &obj->certs, obj->n_certs, {});
+  {
+    certs_cell_cert_t * elt;
+    unsigned idx;
+    for (idx = 0; idx < obj->n_certs; ++idx) {
+      result = certs_cell_cert_parse(&elt, ptr, remaining);
+      if (result < 0)
+        goto relay_fail;
+      trunnel_assert((size_t)result <= remaining);
+      remaining -= result; ptr += result;
+      TRUNNEL_DYNARRAY_ADD(certs_cell_cert_t *, &obj->certs, elt, {certs_cell_cert_free(elt);});
+    }
+  }
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ relay_fail:
+  trunnel_assert(result < 0);
+  return result;
+ trunnel_alloc_failed:
+  return -1;
+}
+
+ssize_t
+certs_cell_parse(certs_cell_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = certs_cell_new();
+  if (NULL == *output)
+    return -1;
+  result = certs_cell_parse_into(*output, input, len_in);
+  if (result < 0) {
+    certs_cell_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
diff --git a/src/trunnel/link_handshake.h b/src/trunnel/link_handshake.h
new file mode 100644
index 0000000000..2749ec7dd4
--- /dev/null
+++ b/src/trunnel/link_handshake.h
@@ -0,0 +1,654 @@
+/* link_handshake.h -- generated by by Trunnel v1.4.4.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#ifndef TRUNNEL_LINK_HANDSHAKE_H
+#define TRUNNEL_LINK_HANDSHAKE_H
+
+#include <stdint.h>
+#include "trunnel.h"
+
+#define CERTTYPE_RSA1024_ID_LINK 1
+#define CERTTYPE_RSA1024_ID_ID 2
+#define CERTTYPE_RSA1024_ID_AUTH 3
+#define CERTTYPE_ED_ID_SIGN 4
+#define CERTTYPE_ED_SIGN_LINK 5
+#define CERTTYPE_ED_SIGN_AUTH 6
+#define CERTTYPE_RSA1024_ID_EDID 7
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH_CHALLENGE_CELL)
+struct auth_challenge_cell_st {
+  uint8_t challenge[32];
+  uint16_t n_methods;
+  TRUNNEL_DYNARRAY_HEAD(, uint16_t) methods;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct auth_challenge_cell_st auth_challenge_cell_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH_CTX)
+struct auth_ctx_st {
+  uint8_t is_ed;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct auth_ctx_st auth_ctx_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CERTS_CELL_CERT)
+struct certs_cell_cert_st {
+  uint8_t cert_type;
+  uint16_t cert_len;
+  TRUNNEL_DYNARRAY_HEAD(, uint8_t) body;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct certs_cell_cert_st certs_cell_cert_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_RSA_ED_CROSSCERT)
+struct rsa_ed_crosscert_st {
+  uint8_t ed_key[32];
+  uint32_t expiration;
+  const uint8_t *end_of_signed;
+  uint8_t sig_len;
+  TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct rsa_ed_crosscert_st rsa_ed_crosscert_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH1)
+struct auth1_st {
+  uint8_t type[8];
+  uint8_t cid[32];
+  uint8_t sid[32];
+  uint8_t u1_cid_ed[32];
+  uint8_t u1_sid_ed[32];
+  uint8_t slog[32];
+  uint8_t clog[32];
+  uint8_t scert[32];
+  uint8_t tlssecrets[32];
+  const uint8_t *end_of_fixed_part;
+  uint8_t rand[24];
+  const uint8_t *end_of_signed;
+  TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct auth1_st auth1_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CERTS_CELL)
+struct certs_cell_st {
+  uint8_t n_certs;
+  TRUNNEL_DYNARRAY_HEAD(, struct certs_cell_cert_st *) certs;
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct certs_cell_st certs_cell_t;
+/** Return a newly allocated auth_challenge_cell with all elements set
+ * to zero.
+ */
+auth_challenge_cell_t *auth_challenge_cell_new(void);
+/** Release all storage held by the auth_challenge_cell in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void auth_challenge_cell_free(auth_challenge_cell_t *victim);
+/** Try to parse a auth_challenge_cell from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated auth_challenge_cell_t. On failure, return -2 if the input
+ * appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t auth_challenge_cell_parse(auth_challenge_cell_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * auth_challenge_cell in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t auth_challenge_cell_encoded_len(const auth_challenge_cell_t *obj);
+/** Try to encode the auth_challenge_cell from 'input' into the buffer
+ * at 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t auth_challenge_cell_encode(uint8_t *output, size_t avail, const auth_challenge_cell_t *input);
+/** Check whether the internal state of the auth_challenge_cell in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *auth_challenge_cell_check(const auth_challenge_cell_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int auth_challenge_cell_clear_errors(auth_challenge_cell_t *obj);
+/** Return the (constant) length of the array holding the challenge
+ * field of the auth_challenge_cell_t in 'inp'.
+ */
+size_t auth_challenge_cell_getlen_challenge(const auth_challenge_cell_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * challenge of the auth_challenge_cell_t in 'inp'.
+ */
+uint8_t auth_challenge_cell_get_challenge(const auth_challenge_cell_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * challenge of the auth_challenge_cell_t in 'inp', so that it will
+ * hold the value 'elt'.
+ */
+int auth_challenge_cell_set_challenge(auth_challenge_cell_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field challenge of 'inp'.
+ */
+uint8_t * auth_challenge_cell_getarray_challenge(auth_challenge_cell_t *inp);
+/** Return the value of the n_methods field of the
+ * auth_challenge_cell_t in 'inp'
+ */
+uint16_t auth_challenge_cell_get_n_methods(auth_challenge_cell_t *inp);
+/** Set the value of the n_methods field of the auth_challenge_cell_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int auth_challenge_cell_set_n_methods(auth_challenge_cell_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the methods field
+ * of the auth_challenge_cell_t in 'inp'.
+ */
+size_t auth_challenge_cell_getlen_methods(const auth_challenge_cell_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * methods of the auth_challenge_cell_t in 'inp'.
+ */
+uint16_t auth_challenge_cell_get_methods(auth_challenge_cell_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * methods of the auth_challenge_cell_t in 'inp', so that it will hold
+ * the value 'elt'.
+ */
+int auth_challenge_cell_set_methods(auth_challenge_cell_t *inp, size_t idx, uint16_t elt);
+/** Append a new element 'elt' to the dynamic array field methods of
+ * the auth_challenge_cell_t in 'inp'.
+ */
+int auth_challenge_cell_add_methods(auth_challenge_cell_t *inp, uint16_t elt);
+/** Return a pointer to the variable-length array field methods of
+ * 'inp'.
+ */
+uint16_t * auth_challenge_cell_getarray_methods(auth_challenge_cell_t *inp);
+/** Change the length of the variable-length array field methods of
+ * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int auth_challenge_cell_setlen_methods(auth_challenge_cell_t *inp, size_t newlen);
+/** Return a newly allocated auth_ctx with all elements set to zero.
+ */
+auth_ctx_t *auth_ctx_new(void);
+/** Release all storage held by the auth_ctx in 'victim'. (Do nothing
+ * if 'victim' is NULL.)
+ */
+void auth_ctx_free(auth_ctx_t *victim);
+/** Return the value of the is_ed field of the auth_ctx_t in 'inp'
+ */
+uint8_t auth_ctx_get_is_ed(auth_ctx_t *inp);
+/** Set the value of the is_ed field of the auth_ctx_t in 'inp' to
+ * 'val'. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int auth_ctx_set_is_ed(auth_ctx_t *inp, uint8_t val);
+/** Return a newly allocated certs_cell_cert with all elements set to
+ * zero.
+ */
+certs_cell_cert_t *certs_cell_cert_new(void);
+/** Release all storage held by the certs_cell_cert in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void certs_cell_cert_free(certs_cell_cert_t *victim);
+/** Try to parse a certs_cell_cert from the buffer in 'input', using
+ * up to 'len_in' bytes from the input buffer. On success, return the
+ * number of bytes consumed and set *output to the newly allocated
+ * certs_cell_cert_t. On failure, return -2 if the input appears
+ * truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t certs_cell_cert_parse(certs_cell_cert_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * certs_cell_cert in 'obj'. On failure, return a negative value. Note
+ * that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t certs_cell_cert_encoded_len(const certs_cell_cert_t *obj);
+/** Try to encode the certs_cell_cert from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t certs_cell_cert_encode(uint8_t *output, size_t avail, const certs_cell_cert_t *input);
+/** Check whether the internal state of the certs_cell_cert in 'obj'
+ * is consistent. Return NULL if it is, and a short message if it is
+ * not.
+ */
+const char *certs_cell_cert_check(const certs_cell_cert_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int certs_cell_cert_clear_errors(certs_cell_cert_t *obj);
+/** Return the value of the cert_type field of the certs_cell_cert_t
+ * in 'inp'
+ */
+uint8_t certs_cell_cert_get_cert_type(certs_cell_cert_t *inp);
+/** Set the value of the cert_type field of the certs_cell_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int certs_cell_cert_set_cert_type(certs_cell_cert_t *inp, uint8_t val);
+/** Return the value of the cert_len field of the certs_cell_cert_t in
+ * 'inp'
+ */
+uint16_t certs_cell_cert_get_cert_len(certs_cell_cert_t *inp);
+/** Set the value of the cert_len field of the certs_cell_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int certs_cell_cert_set_cert_len(certs_cell_cert_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the body field of
+ * the certs_cell_cert_t in 'inp'.
+ */
+size_t certs_cell_cert_getlen_body(const certs_cell_cert_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * body of the certs_cell_cert_t in 'inp'.
+ */
+uint8_t certs_cell_cert_get_body(certs_cell_cert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * body of the certs_cell_cert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int certs_cell_cert_set_body(certs_cell_cert_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field body of the
+ * certs_cell_cert_t in 'inp'.
+ */
+int certs_cell_cert_add_body(certs_cell_cert_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field body of 'inp'.
+ */
+uint8_t * certs_cell_cert_getarray_body(certs_cell_cert_t *inp);
+/** Change the length of the variable-length array field body of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int certs_cell_cert_setlen_body(certs_cell_cert_t *inp, size_t newlen);
+/** Return a newly allocated rsa_ed_crosscert with all elements set to
+ * zero.
+ */
+rsa_ed_crosscert_t *rsa_ed_crosscert_new(void);
+/** Release all storage held by the rsa_ed_crosscert in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void rsa_ed_crosscert_free(rsa_ed_crosscert_t *victim);
+/** Try to parse a rsa_ed_crosscert from the buffer in 'input', using
+ * up to 'len_in' bytes from the input buffer. On success, return the
+ * number of bytes consumed and set *output to the newly allocated
+ * rsa_ed_crosscert_t. On failure, return -2 if the input appears
+ * truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t rsa_ed_crosscert_parse(rsa_ed_crosscert_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * rsa_ed_crosscert in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t rsa_ed_crosscert_encoded_len(const rsa_ed_crosscert_t *obj);
+/** Try to encode the rsa_ed_crosscert from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t rsa_ed_crosscert_encode(uint8_t *output, size_t avail, const rsa_ed_crosscert_t *input);
+/** Check whether the internal state of the rsa_ed_crosscert in 'obj'
+ * is consistent. Return NULL if it is, and a short message if it is
+ * not.
+ */
+const char *rsa_ed_crosscert_check(const rsa_ed_crosscert_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int rsa_ed_crosscert_clear_errors(rsa_ed_crosscert_t *obj);
+/** Return the (constant) length of the array holding the ed_key field
+ * of the rsa_ed_crosscert_t in 'inp'.
+ */
+size_t rsa_ed_crosscert_getlen_ed_key(const rsa_ed_crosscert_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * ed_key of the rsa_ed_crosscert_t in 'inp'.
+ */
+uint8_t rsa_ed_crosscert_get_ed_key(const rsa_ed_crosscert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * ed_key of the rsa_ed_crosscert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int rsa_ed_crosscert_set_ed_key(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field ed_key of 'inp'.
+ */
+uint8_t * rsa_ed_crosscert_getarray_ed_key(rsa_ed_crosscert_t *inp);
+/** Return the value of the expiration field of the rsa_ed_crosscert_t
+ * in 'inp'
+ */
+uint32_t rsa_ed_crosscert_get_expiration(rsa_ed_crosscert_t *inp);
+/** Set the value of the expiration field of the rsa_ed_crosscert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int rsa_ed_crosscert_set_expiration(rsa_ed_crosscert_t *inp, uint32_t val);
+/** Return the position for end_of_signed when we parsed this object
+ */
+const uint8_t * rsa_ed_crosscert_get_end_of_signed(const rsa_ed_crosscert_t *inp);
+/** Return the value of the sig_len field of the rsa_ed_crosscert_t in
+ * 'inp'
+ */
+uint8_t rsa_ed_crosscert_get_sig_len(rsa_ed_crosscert_t *inp);
+/** Set the value of the sig_len field of the rsa_ed_crosscert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int rsa_ed_crosscert_set_sig_len(rsa_ed_crosscert_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the sig field of
+ * the rsa_ed_crosscert_t in 'inp'.
+ */
+size_t rsa_ed_crosscert_getlen_sig(const rsa_ed_crosscert_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * sig of the rsa_ed_crosscert_t in 'inp'.
+ */
+uint8_t rsa_ed_crosscert_get_sig(rsa_ed_crosscert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * sig of the rsa_ed_crosscert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int rsa_ed_crosscert_set_sig(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field sig of the
+ * rsa_ed_crosscert_t in 'inp'.
+ */
+int rsa_ed_crosscert_add_sig(rsa_ed_crosscert_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field sig of 'inp'.
+ */
+uint8_t * rsa_ed_crosscert_getarray_sig(rsa_ed_crosscert_t *inp);
+/** Change the length of the variable-length array field sig of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int rsa_ed_crosscert_setlen_sig(rsa_ed_crosscert_t *inp, size_t newlen);
+/** Return a newly allocated auth1 with all elements set to zero.
+ */
+auth1_t *auth1_new(void);
+/** Release all storage held by the auth1 in 'victim'. (Do nothing if
+ * 'victim' is NULL.)
+ */
+void auth1_free(auth1_t *victim);
+/** Try to parse a auth1 from the buffer in 'input', using up to
+ * 'len_in' bytes from the input buffer. On success, return the number
+ * of bytes consumed and set *output to the newly allocated auth1_t.
+ * On failure, return -2 if the input appears truncated, and -1 if the
+ * input is otherwise invalid.
+ */
+ssize_t auth1_parse(auth1_t **output, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx);
+/** Return the number of bytes we expect to need to encode the auth1
+ * in 'obj'. On failure, return a negative value. Note that this value
+ * may be an overestimate, and can even be an underestimate for
+ * certain unencodeable objects.
+ */
+ssize_t auth1_encoded_len(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx);
+/** Try to encode the auth1 from 'input' into the buffer at 'output',
+ * using up to 'avail' bytes of the output buffer. On success, return
+ * the number of bytes used. On failure, return -2 if the buffer was
+ * not long enough, and -1 if the input was invalid.
+ */
+ssize_t auth1_encode(uint8_t *output, size_t avail, const auth1_t *input, const auth_ctx_t *auth_ctx_ctx);
+/** Check whether the internal state of the auth1 in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *auth1_check(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int auth1_clear_errors(auth1_t *obj);
+/** Return the (constant) length of the array holding the type field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_type(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field type
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_type(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field type
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_type(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 8-element array field type of 'inp'.
+ */
+uint8_t * auth1_getarray_type(auth1_t *inp);
+/** Return the (constant) length of the array holding the cid field of
+ * the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_cid(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field cid
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_cid(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field cid
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_cid(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field cid of 'inp'.
+ */
+uint8_t * auth1_getarray_cid(auth1_t *inp);
+/** Return the (constant) length of the array holding the sid field of
+ * the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_sid(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field sid
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_sid(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field sid
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_sid(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field sid of 'inp'.
+ */
+uint8_t * auth1_getarray_sid(auth1_t *inp);
+/** Return the (constant) length of the array holding the u1_cid_ed
+ * field of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_u1_cid_ed(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * u1_cid_ed of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_u1_cid_ed(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * u1_cid_ed of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_u1_cid_ed(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field u1_cid_ed of 'inp'.
+ */
+uint8_t * auth1_getarray_u1_cid_ed(auth1_t *inp);
+/** Return the (constant) length of the array holding the u1_sid_ed
+ * field of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_u1_sid_ed(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * u1_sid_ed of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_u1_sid_ed(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * u1_sid_ed of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_u1_sid_ed(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field u1_sid_ed of 'inp'.
+ */
+uint8_t * auth1_getarray_u1_sid_ed(auth1_t *inp);
+/** Return the (constant) length of the array holding the slog field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_slog(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field slog
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_slog(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field slog
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_slog(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field slog of 'inp'.
+ */
+uint8_t * auth1_getarray_slog(auth1_t *inp);
+/** Return the (constant) length of the array holding the clog field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_clog(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field clog
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_clog(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field clog
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_clog(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field clog of 'inp'.
+ */
+uint8_t * auth1_getarray_clog(auth1_t *inp);
+/** Return the (constant) length of the array holding the scert field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_scert(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * scert of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_scert(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * scert of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_scert(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field scert of 'inp'.
+ */
+uint8_t * auth1_getarray_scert(auth1_t *inp);
+/** Return the (constant) length of the array holding the tlssecrets
+ * field of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_tlssecrets(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * tlssecrets of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_tlssecrets(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * tlssecrets of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_tlssecrets(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field tlssecrets of
+ * 'inp'.
+ */
+uint8_t * auth1_getarray_tlssecrets(auth1_t *inp);
+/** Return the position for end_of_fixed_part when we parsed this
+ * object
+ */
+const uint8_t * auth1_get_end_of_fixed_part(const auth1_t *inp);
+/** Return the (constant) length of the array holding the rand field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_rand(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field rand
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_rand(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field rand
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_rand(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 24-element array field rand of 'inp'.
+ */
+uint8_t * auth1_getarray_rand(auth1_t *inp);
+/** Return the position for end_of_signed when we parsed this object
+ */
+const uint8_t * auth1_get_end_of_signed(const auth1_t *inp);
+/** Return the length of the dynamic array holding the sig field of
+ * the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_sig(const auth1_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * sig of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_sig(auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * sig of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_sig(auth1_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field sig of the
+ * auth1_t in 'inp'.
+ */
+int auth1_add_sig(auth1_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field sig of 'inp'.
+ */
+uint8_t * auth1_getarray_sig(auth1_t *inp);
+/** Change the length of the variable-length array field sig of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int auth1_setlen_sig(auth1_t *inp, size_t newlen);
+/** Return a newly allocated certs_cell with all elements set to zero.
+ */
+certs_cell_t *certs_cell_new(void);
+/** Release all storage held by the certs_cell in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void certs_cell_free(certs_cell_t *victim);
+/** Try to parse a certs_cell from the buffer in 'input', using up to
+ * 'len_in' bytes from the input buffer. On success, return the number
+ * of bytes consumed and set *output to the newly allocated
+ * certs_cell_t. On failure, return -2 if the input appears truncated,
+ * and -1 if the input is otherwise invalid.
+ */
+ssize_t certs_cell_parse(certs_cell_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * certs_cell in 'obj'. On failure, return a negative value. Note that
+ * this value may be an overestimate, and can even be an underestimate
+ * for certain unencodeable objects.
+ */
+ssize_t certs_cell_encoded_len(const certs_cell_t *obj);
+/** Try to encode the certs_cell from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t certs_cell_encode(uint8_t *output, size_t avail, const certs_cell_t *input);
+/** Check whether the internal state of the certs_cell in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *certs_cell_check(const certs_cell_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int certs_cell_clear_errors(certs_cell_t *obj);
+/** Return the value of the n_certs field of the certs_cell_t in 'inp'
+ */
+uint8_t certs_cell_get_n_certs(certs_cell_t *inp);
+/** Set the value of the n_certs field of the certs_cell_t in 'inp' to
+ * 'val'. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int certs_cell_set_n_certs(certs_cell_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the certs field of
+ * the certs_cell_t in 'inp'.
+ */
+size_t certs_cell_getlen_certs(const certs_cell_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * certs of the certs_cell_t in 'inp'.
+ */
+struct certs_cell_cert_st * certs_cell_get_certs(certs_cell_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * certs of the certs_cell_t in 'inp', so that it will hold the value
+ * 'elt'. Free the previous value, if any.
+ */
+int certs_cell_set_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt);
+/** As certs_cell_set_certs, but does not free the previous value.
+ */
+int certs_cell_set0_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt);
+/** Append a new element 'elt' to the dynamic array field certs of the
+ * certs_cell_t in 'inp'.
+ */
+int certs_cell_add_certs(certs_cell_t *inp, struct certs_cell_cert_st * elt);
+/** Return a pointer to the variable-length array field certs of
+ * 'inp'.
+ */
+struct certs_cell_cert_st * * certs_cell_getarray_certs(certs_cell_t *inp);
+/** Change the length of the variable-length array field certs of
+ * 'inp' to 'newlen'.Fill extra elements with NULL; free removed
+ * elements. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int certs_cell_setlen_certs(certs_cell_t *inp, size_t newlen);
+
+
+#endif
diff --git a/src/trunnel/link_handshake.trunnel b/src/trunnel/link_handshake.trunnel
new file mode 100644
index 0000000000..b858e17c60
--- /dev/null
+++ b/src/trunnel/link_handshake.trunnel
@@ -0,0 +1,57 @@
+
+struct certs_cell {
+  u8 n_certs;
+  struct certs_cell_cert certs[n_certs];
+}
+
+const CERTTYPE_RSA1024_ID_LINK = 1;
+const CERTTYPE_RSA1024_ID_ID   = 2;
+const CERTTYPE_RSA1024_ID_AUTH = 3;
+const CERTTYPE_ED_ID_SIGN      = 4;
+const CERTTYPE_ED_SIGN_LINK    = 5;
+const CERTTYPE_ED_SIGN_AUTH    = 6;
+const CERTTYPE_RSA1024_ID_EDID = 7;
+
+struct certs_cell_cert {
+  u8 cert_type;
+  u16 cert_len;
+  u8 body[cert_len];
+}
+
+struct rsa_ed_crosscert {
+  u8 ed_key[32];
+  u32 expiration;
+  @ptr end_of_signed;
+  u8 sig_len;
+  u8 sig[sig_len]; // mismatches spec.
+}
+
+struct auth_challenge_cell {
+  u8 challenge[32];
+  u16 n_methods;
+  u16 methods[n_methods];
+}
+
+context auth_ctx {
+  u8 is_ed;
+}
+
+struct auth1 with context auth_ctx {
+  u8 type[8];
+  u8 cid[32];
+  u8 sid[32];
+  union u1[auth_ctx.is_ed] {
+    0 : ;
+    1 : u8 cid_ed[32];
+        u8 sid_ed[32];
+    default: fail;
+  };
+  u8 slog[32];
+  u8 clog[32];
+  u8 scert[32];
+  u8 tlssecrets[32];
+  @ptr end_of_fixed_part;
+  u8 rand[24];
+  @ptr end_of_signed;
+  u8 sig[];
+}
diff --git a/src/trunnel/pwbox.c b/src/trunnel/pwbox.c
new file mode 100644
index 0000000000..9b348a9b30
--- /dev/null
+++ b/src/trunnel/pwbox.c
@@ -0,0 +1,519 @@
+/* pwbox.c -- generated by Trunnel v1.4.4.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#include <stdlib.h>
+#include "trunnel-impl.h"
+
+#include "pwbox.h"
+
+#define TRUNNEL_SET_ERROR_CODE(obj) \
+  do {                              \
+    (obj)->trunnel_error_code_ = 1; \
+  } while (0)
+
+#if defined(__COVERITY__) || defined(__clang_analyzer__)
+/* If we're runnning a static analysis tool, we don't want it to complain
+ * that some of our remaining-bytes checks are dead-code. */
+int pwbox_deadcode_dummy__ = 0;
+#define OR_DEADCODE_DUMMY || pwbox_deadcode_dummy__
+#else
+#define OR_DEADCODE_DUMMY
+#endif
+
+#define CHECK_REMAINING(nbytes, label)                           \
+  do {                                                           \
+    if (remaining < (nbytes) OR_DEADCODE_DUMMY) {                \
+      goto label;                                                \
+    }                                                            \
+  } while (0)
+
+pwbox_encoded_t *
+pwbox_encoded_new(void)
+{
+  pwbox_encoded_t *val = trunnel_calloc(1, sizeof(pwbox_encoded_t));
+  if (NULL == val)
+    return NULL;
+  val->fixedbytes0 = PWBOX0_CONST0;
+  val->fixedbytes1 = PWBOX0_CONST1;
+  return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+pwbox_encoded_clear(pwbox_encoded_t *obj)
+{
+  (void) obj;
+  TRUNNEL_DYNARRAY_WIPE(&obj->skey_header);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->skey_header);
+  TRUNNEL_DYNARRAY_WIPE(&obj->data);
+  TRUNNEL_DYNARRAY_CLEAR(&obj->data);
+}
+
+void
+pwbox_encoded_free(pwbox_encoded_t *obj)
+{
+  if (obj == NULL)
+    return;
+  pwbox_encoded_clear(obj);
+  trunnel_memwipe(obj, sizeof(pwbox_encoded_t));
+  trunnel_free_(obj);
+}
+
+uint32_t
+pwbox_encoded_get_fixedbytes0(pwbox_encoded_t *inp)
+{
+  return inp->fixedbytes0;
+}
+int
+pwbox_encoded_set_fixedbytes0(pwbox_encoded_t *inp, uint32_t val)
+{
+  if (! ((val == PWBOX0_CONST0))) {
+     TRUNNEL_SET_ERROR_CODE(inp);
+     return -1;
+  }
+  inp->fixedbytes0 = val;
+  return 0;
+}
+uint32_t
+pwbox_encoded_get_fixedbytes1(pwbox_encoded_t *inp)
+{
+  return inp->fixedbytes1;
+}
+int
+pwbox_encoded_set_fixedbytes1(pwbox_encoded_t *inp, uint32_t val)
+{
+  if (! ((val == PWBOX0_CONST1))) {
+     TRUNNEL_SET_ERROR_CODE(inp);
+     return -1;
+  }
+  inp->fixedbytes1 = val;
+  return 0;
+}
+uint8_t
+pwbox_encoded_get_header_len(pwbox_encoded_t *inp)
+{
+  return inp->header_len;
+}
+int
+pwbox_encoded_set_header_len(pwbox_encoded_t *inp, uint8_t val)
+{
+  inp->header_len = val;
+  return 0;
+}
+size_t
+pwbox_encoded_getlen_skey_header(const pwbox_encoded_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->skey_header);
+}
+
+uint8_t
+pwbox_encoded_get_skey_header(pwbox_encoded_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->skey_header, idx);
+}
+
+int
+pwbox_encoded_set_skey_header(pwbox_encoded_t *inp, size_t idx, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->skey_header, idx, elt);
+  return 0;
+}
+int
+pwbox_encoded_add_skey_header(pwbox_encoded_t *inp, uint8_t elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+  if (inp->skey_header.n_ == UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->skey_header, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint8_t *
+pwbox_encoded_getarray_skey_header(pwbox_encoded_t *inp)
+{
+  return inp->skey_header.elts_;
+}
+int
+pwbox_encoded_setlen_skey_header(pwbox_encoded_t *inp, size_t newlen)
+{
+  uint8_t *newptr;
+#if UINT8_MAX < SIZE_MAX
+  if (newlen > UINT8_MAX)
+    goto trunnel_alloc_failed;
+#endif
+  newptr = trunnel_dynarray_setlen(&inp->skey_header.allocated_,
+                 &inp->skey_header.n_, inp->skey_header.elts_, newlen,
+                 sizeof(inp->skey_header.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->skey_header.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+size_t
+pwbox_encoded_getlen_iv(const pwbox_encoded_t *inp)
+{
+  (void)inp;  return 16;
+}
+
+uint8_t
+pwbox_encoded_get_iv(const pwbox_encoded_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 16);
+  return inp->iv[idx];
+}
+
+int
+pwbox_encoded_set_iv(pwbox_encoded_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 16);
+  inp->iv[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+pwbox_encoded_getarray_iv(pwbox_encoded_t *inp)
+{
+  return inp->iv;
+}
+size_t
+pwbox_encoded_getlen_data(const pwbox_encoded_t *inp)
+{
+  return TRUNNEL_DYNARRAY_LEN(&inp->data);
+}
+
+uint8_t
+pwbox_encoded_get_data(pwbox_encoded_t *inp, size_t idx)
+{
+  return TRUNNEL_DYNARRAY_GET(&inp->data, idx);
+}
+
+int
+pwbox_encoded_set_data(pwbox_encoded_t *inp, size_t idx, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_SET(&inp->data, idx, elt);
+  return 0;
+}
+int
+pwbox_encoded_add_data(pwbox_encoded_t *inp, uint8_t elt)
+{
+  TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->data, elt, {});
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+
+uint8_t *
+pwbox_encoded_getarray_data(pwbox_encoded_t *inp)
+{
+  return inp->data.elts_;
+}
+int
+pwbox_encoded_setlen_data(pwbox_encoded_t *inp, size_t newlen)
+{
+  uint8_t *newptr;
+  newptr = trunnel_dynarray_setlen(&inp->data.allocated_,
+                 &inp->data.n_, inp->data.elts_, newlen,
+                 sizeof(inp->data.elts_[0]), (trunnel_free_fn_t) NULL,
+                 &inp->trunnel_error_code_);
+  if (newptr == NULL)
+    goto trunnel_alloc_failed;
+  inp->data.elts_ = newptr;
+  return 0;
+ trunnel_alloc_failed:
+  TRUNNEL_SET_ERROR_CODE(inp);
+  return -1;
+}
+size_t
+pwbox_encoded_getlen_hmac(const pwbox_encoded_t *inp)
+{
+  (void)inp;  return 32;
+}
+
+uint8_t
+pwbox_encoded_get_hmac(const pwbox_encoded_t *inp, size_t idx)
+{
+  trunnel_assert(idx < 32);
+  return inp->hmac[idx];
+}
+
+int
+pwbox_encoded_set_hmac(pwbox_encoded_t *inp, size_t idx, uint8_t elt)
+{
+  trunnel_assert(idx < 32);
+  inp->hmac[idx] = elt;
+  return 0;
+}
+
+uint8_t *
+pwbox_encoded_getarray_hmac(pwbox_encoded_t *inp)
+{
+  return inp->hmac;
+}
+const char *
+pwbox_encoded_check(const pwbox_encoded_t *obj)
+{
+  if (obj == NULL)
+    return "Object was NULL";
+  if (obj->trunnel_error_code_)
+    return "A set function failed on this object";
+  if (! (obj->fixedbytes0 == PWBOX0_CONST0))
+    return "Integer out of bounds";
+  if (! (obj->fixedbytes1 == PWBOX0_CONST1))
+    return "Integer out of bounds";
+  if (TRUNNEL_DYNARRAY_LEN(&obj->skey_header) != obj->header_len)
+    return "Length mismatch for skey_header";
+  return NULL;
+}
+
+ssize_t
+pwbox_encoded_encoded_len(const pwbox_encoded_t *obj)
+{
+  ssize_t result = 0;
+
+  if (NULL != pwbox_encoded_check(obj))
+     return -1;
+
+
+  /* Length of u32 fixedbytes0 IN [PWBOX0_CONST0] */
+  result += 4;
+
+  /* Length of u32 fixedbytes1 IN [PWBOX0_CONST1] */
+  result += 4;
+
+  /* Length of u8 header_len */
+  result += 1;
+
+  /* Length of u8 skey_header[header_len] */
+  result += TRUNNEL_DYNARRAY_LEN(&obj->skey_header);
+
+  /* Length of u8 iv[16] */
+  result += 16;
+
+  /* Length of u8 data[] */
+  result += TRUNNEL_DYNARRAY_LEN(&obj->data);
+
+  /* Length of u8 hmac[32] */
+  result += 32;
+  return result;
+}
+int
+pwbox_encoded_clear_errors(pwbox_encoded_t *obj)
+{
+  int r = obj->trunnel_error_code_;
+  obj->trunnel_error_code_ = 0;
+  return r;
+}
+ssize_t
+pwbox_encoded_encode(uint8_t *output, size_t avail, const pwbox_encoded_t *obj)
+{
+  ssize_t result = 0;
+  size_t written = 0;
+  uint8_t *ptr = output;
+  const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  const ssize_t encoded_len = pwbox_encoded_encoded_len(obj);
+#endif
+  int enforce_avail = 0;
+  const size_t avail_orig = avail;
+
+  if (NULL != (msg = pwbox_encoded_check(obj)))
+    goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  trunnel_assert(encoded_len >= 0);
+#endif
+
+  /* Encode u32 fixedbytes0 IN [PWBOX0_CONST0] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 4)
+    goto truncated;
+  trunnel_set_uint32(ptr, trunnel_htonl(obj->fixedbytes0));
+  written += 4; ptr += 4;
+
+  /* Encode u32 fixedbytes1 IN [PWBOX0_CONST1] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 4)
+    goto truncated;
+  trunnel_set_uint32(ptr, trunnel_htonl(obj->fixedbytes1));
+  written += 4; ptr += 4;
+
+  /* Encode u8 header_len */
+  trunnel_assert(written <= avail);
+  if (avail - written < 1)
+    goto truncated;
+  trunnel_set_uint8(ptr, (obj->header_len));
+  written += 1; ptr += 1;
+
+  /* Encode u8 skey_header[header_len] */
+  {
+    size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->skey_header);
+    trunnel_assert(obj->header_len == elt_len);
+    trunnel_assert(written <= avail);
+    if (avail - written < elt_len)
+      goto truncated;
+    if (elt_len)
+      memcpy(ptr, obj->skey_header.elts_, elt_len);
+    written += elt_len; ptr += elt_len;
+  }
+
+  /* Encode u8 iv[16] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 16)
+    goto truncated;
+  memcpy(ptr, obj->iv, 16);
+  written += 16; ptr += 16;
+  {
+
+    /* Encode u8 data[] */
+    {
+      size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->data);
+      trunnel_assert(written <= avail);
+      if (avail - written < elt_len)
+        goto truncated;
+      if (elt_len)
+        memcpy(ptr, obj->data.elts_, elt_len);
+      written += elt_len; ptr += elt_len;
+    }
+    trunnel_assert(written <= avail);
+    if (avail - written < 32)
+      goto truncated;
+    avail = written + 32;
+    enforce_avail = 1;
+  }
+
+  /* Encode u8 hmac[32] */
+  trunnel_assert(written <= avail);
+  if (avail - written < 32) {
+    if (avail_orig - written < 32)
+      goto truncated;
+    else
+      goto check_failed;
+  }
+  memcpy(ptr, obj->hmac, 32);
+  written += 32; ptr += 32;
+
+
+  trunnel_assert(ptr == output + written);
+  if (enforce_avail && avail != written)
+    goto check_failed;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+  {
+    trunnel_assert(encoded_len >= 0);
+    trunnel_assert((size_t)encoded_len == written);
+  }
+
+#endif
+
+  return written;
+
+ truncated:
+  result = -2;
+  goto fail;
+ check_failed:
+  (void)msg;
+  result = -1;
+  goto fail;
+ fail:
+  trunnel_assert(result < 0);
+  return result;
+}
+
+/** As pwbox_encoded_parse(), but do not allocate the output object.
+ */
+static ssize_t
+pwbox_encoded_parse_into(pwbox_encoded_t *obj, const uint8_t *input, const size_t len_in)
+{
+  const uint8_t *ptr = input;
+  size_t remaining = len_in;
+  ssize_t result = 0;
+  (void)result;
+
+  /* Parse u32 fixedbytes0 IN [PWBOX0_CONST0] */
+  CHECK_REMAINING(4, truncated);
+  obj->fixedbytes0 = trunnel_ntohl(trunnel_get_uint32(ptr));
+  remaining -= 4; ptr += 4;
+  if (! (obj->fixedbytes0 == PWBOX0_CONST0))
+    goto fail;
+
+  /* Parse u32 fixedbytes1 IN [PWBOX0_CONST1] */
+  CHECK_REMAINING(4, truncated);
+  obj->fixedbytes1 = trunnel_ntohl(trunnel_get_uint32(ptr));
+  remaining -= 4; ptr += 4;
+  if (! (obj->fixedbytes1 == PWBOX0_CONST1))
+    goto fail;
+
+  /* Parse u8 header_len */
+  CHECK_REMAINING(1, truncated);
+  obj->header_len = (trunnel_get_uint8(ptr));
+  remaining -= 1; ptr += 1;
+
+  /* Parse u8 skey_header[header_len] */
+  CHECK_REMAINING(obj->header_len, truncated);
+  TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->skey_header, obj->header_len, {});
+  obj->skey_header.n_ = obj->header_len;
+  if (obj->header_len)
+    memcpy(obj->skey_header.elts_, ptr, obj->header_len);
+  ptr += obj->header_len; remaining -= obj->header_len;
+
+  /* Parse u8 iv[16] */
+  CHECK_REMAINING(16, truncated);
+  memcpy(obj->iv, ptr, 16);
+  remaining -= 16; ptr += 16;
+  {
+    size_t remaining_after;
+    CHECK_REMAINING(32, truncated);
+    remaining_after = 32;
+    remaining = remaining - 32;
+
+    /* Parse u8 data[] */
+    TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->data, remaining, {});
+    obj->data.n_ = remaining;
+    if (remaining)
+      memcpy(obj->data.elts_, ptr, remaining);
+    ptr += remaining; remaining -= remaining;
+    if (remaining != 0)
+      goto fail;
+    remaining = remaining_after;
+  }
+
+  /* Parse u8 hmac[32] */
+  CHECK_REMAINING(32, truncated);
+  memcpy(obj->hmac, ptr, 32);
+  remaining -= 32; ptr += 32;
+  trunnel_assert(ptr + remaining == input + len_in);
+  return len_in - remaining;
+
+ truncated:
+  return -2;
+ trunnel_alloc_failed:
+  return -1;
+ fail:
+  result = -1;
+  return result;
+}
+
+ssize_t
+pwbox_encoded_parse(pwbox_encoded_t **output, const uint8_t *input, const size_t len_in)
+{
+  ssize_t result;
+  *output = pwbox_encoded_new();
+  if (NULL == *output)
+    return -1;
+  result = pwbox_encoded_parse_into(*output, input, len_in);
+  if (result < 0) {
+    pwbox_encoded_free(*output);
+    *output = NULL;
+  }
+  return result;
+}
diff --git a/src/trunnel/pwbox.h b/src/trunnel/pwbox.h
new file mode 100644
index 0000000000..e69e2c1a0e
--- /dev/null
+++ b/src/trunnel/pwbox.h
@@ -0,0 +1,173 @@
+/* pwbox.h -- generated by by Trunnel v1.4.4.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#ifndef TRUNNEL_PWBOX_H
+#define TRUNNEL_PWBOX_H
+
+#include <stdint.h>
+#include "trunnel.h"
+
+#define PWBOX0_CONST0 1414484546
+#define PWBOX0_CONST1 1331179568
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_PWBOX_ENCODED)
+struct pwbox_encoded_st {
+  uint32_t fixedbytes0;
+  uint32_t fixedbytes1;
+  uint8_t header_len;
+  TRUNNEL_DYNARRAY_HEAD(, uint8_t) skey_header;
+  uint8_t iv[16];
+  TRUNNEL_DYNARRAY_HEAD(, uint8_t) data;
+  uint8_t hmac[32];
+  uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct pwbox_encoded_st pwbox_encoded_t;
+/** Return a newly allocated pwbox_encoded with all elements set to
+ * zero.
+ */
+pwbox_encoded_t *pwbox_encoded_new(void);
+/** Release all storage held by the pwbox_encoded in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void pwbox_encoded_free(pwbox_encoded_t *victim);
+/** Try to parse a pwbox_encoded from the buffer in 'input', using up
+ * to 'len_in' bytes from the input buffer. On success, return the
+ * number of bytes consumed and set *output to the newly allocated
+ * pwbox_encoded_t. On failure, return -2 if the input appears
+ * truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t pwbox_encoded_parse(pwbox_encoded_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * pwbox_encoded in 'obj'. On failure, return a negative value. Note
+ * that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t pwbox_encoded_encoded_len(const pwbox_encoded_t *obj);
+/** Try to encode the pwbox_encoded from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t pwbox_encoded_encode(uint8_t *output, size_t avail, const pwbox_encoded_t *input);
+/** Check whether the internal state of the pwbox_encoded in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *pwbox_encoded_check(const pwbox_encoded_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int pwbox_encoded_clear_errors(pwbox_encoded_t *obj);
+/** Return the value of the fixedbytes0 field of the pwbox_encoded_t
+ * in 'inp'
+ */
+uint32_t pwbox_encoded_get_fixedbytes0(pwbox_encoded_t *inp);
+/** Set the value of the fixedbytes0 field of the pwbox_encoded_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int pwbox_encoded_set_fixedbytes0(pwbox_encoded_t *inp, uint32_t val);
+/** Return the value of the fixedbytes1 field of the pwbox_encoded_t
+ * in 'inp'
+ */
+uint32_t pwbox_encoded_get_fixedbytes1(pwbox_encoded_t *inp);
+/** Set the value of the fixedbytes1 field of the pwbox_encoded_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int pwbox_encoded_set_fixedbytes1(pwbox_encoded_t *inp, uint32_t val);
+/** Return the value of the header_len field of the pwbox_encoded_t in
+ * 'inp'
+ */
+uint8_t pwbox_encoded_get_header_len(pwbox_encoded_t *inp);
+/** Set the value of the header_len field of the pwbox_encoded_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int pwbox_encoded_set_header_len(pwbox_encoded_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the skey_header
+ * field of the pwbox_encoded_t in 'inp'.
+ */
+size_t pwbox_encoded_getlen_skey_header(const pwbox_encoded_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * skey_header of the pwbox_encoded_t in 'inp'.
+ */
+uint8_t pwbox_encoded_get_skey_header(pwbox_encoded_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * skey_header of the pwbox_encoded_t in 'inp', so that it will hold
+ * the value 'elt'.
+ */
+int pwbox_encoded_set_skey_header(pwbox_encoded_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field skey_header
+ * of the pwbox_encoded_t in 'inp'.
+ */
+int pwbox_encoded_add_skey_header(pwbox_encoded_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field skey_header of
+ * 'inp'.
+ */
+uint8_t * pwbox_encoded_getarray_skey_header(pwbox_encoded_t *inp);
+/** Change the length of the variable-length array field skey_header
+ * of 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int pwbox_encoded_setlen_skey_header(pwbox_encoded_t *inp, size_t newlen);
+/** Return the (constant) length of the array holding the iv field of
+ * the pwbox_encoded_t in 'inp'.
+ */
+size_t pwbox_encoded_getlen_iv(const pwbox_encoded_t *inp);
+/** Return the element at position 'idx' of the fixed array field iv
+ * of the pwbox_encoded_t in 'inp'.
+ */
+uint8_t pwbox_encoded_get_iv(const pwbox_encoded_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field iv
+ * of the pwbox_encoded_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int pwbox_encoded_set_iv(pwbox_encoded_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 16-element array field iv of 'inp'.
+ */
+uint8_t * pwbox_encoded_getarray_iv(pwbox_encoded_t *inp);
+/** Return the length of the dynamic array holding the data field of
+ * the pwbox_encoded_t in 'inp'.
+ */
+size_t pwbox_encoded_getlen_data(const pwbox_encoded_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * data of the pwbox_encoded_t in 'inp'.
+ */
+uint8_t pwbox_encoded_get_data(pwbox_encoded_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * data of the pwbox_encoded_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int pwbox_encoded_set_data(pwbox_encoded_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field data of the
+ * pwbox_encoded_t in 'inp'.
+ */
+int pwbox_encoded_add_data(pwbox_encoded_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field data of 'inp'.
+ */
+uint8_t * pwbox_encoded_getarray_data(pwbox_encoded_t *inp);
+/** Change the length of the variable-length array field data of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int pwbox_encoded_setlen_data(pwbox_encoded_t *inp, size_t newlen);
+/** Return the (constant) length of the array holding the hmac field
+ * of the pwbox_encoded_t in 'inp'.
+ */
+size_t pwbox_encoded_getlen_hmac(const pwbox_encoded_t *inp);
+/** Return the element at position 'idx' of the fixed array field hmac
+ * of the pwbox_encoded_t in 'inp'.
+ */
+uint8_t pwbox_encoded_get_hmac(const pwbox_encoded_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field hmac
+ * of the pwbox_encoded_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int pwbox_encoded_set_hmac(pwbox_encoded_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field hmac of 'inp'.
+ */
+uint8_t * pwbox_encoded_getarray_hmac(pwbox_encoded_t *inp);
+
+
+#endif
diff --git a/src/trunnel/pwbox.trunnel b/src/trunnel/pwbox.trunnel
new file mode 100644
index 0000000000..10db74b4e5
--- /dev/null
+++ b/src/trunnel/pwbox.trunnel
@@ -0,0 +1,14 @@
+
+const PWBOX0_CONST0 = 0x544f5242; // TORB
+const PWBOX0_CONST1 = 0x4f583030; // OX00
+
+struct pwbox_encoded {
+  u32 fixedbytes0 IN [PWBOX0_CONST0];
+  u32 fixedbytes1 IN [PWBOX0_CONST1];
+  u8 header_len;
+  u8 skey_header[header_len];
+  u8 iv[16];
+  u8 data[..-32];
+  u8 hmac[32];
+};
+
diff --git a/src/trunnel/trunnel-local.h b/src/trunnel/trunnel-local.h
new file mode 100644
index 0000000000..b7c2ab98ef
--- /dev/null
+++ b/src/trunnel/trunnel-local.h
@@ -0,0 +1,18 @@
+
+#ifndef TRUNNEL_LOCAL_H_INCLUDED
+#define TRUNNEL_LOCAL_H_INCLUDED
+
+#include "util.h"
+#include "compat.h"
+#include "crypto.h"
+
+#define trunnel_malloc tor_malloc
+#define trunnel_calloc tor_calloc
+#define trunnel_strdup tor_strdup
+#define trunnel_free_ tor_free_
+#define trunnel_realloc tor_realloc
+#define trunnel_reallocarray tor_reallocarray
+#define trunnel_assert tor_assert
+#define trunnel_memwipe(mem, len) memwipe((mem), 0, (len))
+
+#endif
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 5ba3ec1945..211243d1dc 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -14,8 +14,6 @@
 /* Define to 1 if you have the <ctype.h> header file. */
 #define HAVE_CTYPE_H
 
-#define ENABLE_THREADS
-
 /* Define to 1 if you have the <errno.h> header file. */
 #define HAVE_ERRNO_H
 
@@ -86,18 +84,11 @@
 #define HAVE_STRING_H
 
 /* Define to 1 if you have the `strlcat' function. */
-#if defined (WINCE)
-#define HAVE_STRLCAT
-#else
 #undef HAVE_STRLCAT
-#endif
 
 /* Define to 1 if you have the `strlcpy' function. */
-#if defined (WINCE)
-#define HAVE_STRLCPY
-#else
 #undef HAVE_STRLCPY
-#endif
+
 /* Define to 1 if you have the `strptime' function. */
 #undef HAVE_STRPTIME
 
@@ -229,9 +220,6 @@
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS
 
-/* Define to 1 if time_t is signed. */
-#define TIME_T_IS_SIGNED
-
 /* Define to 1 iff unaligned int access is allowed */
 #define UNALIGNED_INT_ACCESS_OK
 
@@ -241,7 +229,7 @@
 #define USING_TWOS_COMPLEMENT
 
 /* Version number of package */
-#define VERSION "0.2.5.15-dev"
+#define VERSION "0.2.8.16-dev"
 
 
 
@@ -253,7 +241,6 @@
 #define SHARE_DATADIR ""
 #define HAVE_EVENT2_DNS_H
 #define HAVE_EVENT_BASE_LOOPEXIT
-#define CURVE25519_ENABLED
 #define USE_CURVE25519_DONNA
 
 #define ENUM_VALS_ARE_SIGNED 1
@@ -265,3 +252,8 @@
 #ifndef STDERR_FILENO
 #define STDERR_FILENO 2
 #endif
+
+#define WINVER 0x0501
+#define _WIN32_WINNT 0x0501
+#define WIN32_LEAN_AND_MEAN 1
+